2 * Copyright (C) 2010-2012 Free Software Foundation, Inc.
4 * Author: Nikos Mavrogiannopoulos
6 * This file is part of GnuTLS.
8 * The GnuTLS is free software; you can redistribute it and/or
9 * modify it under the terms of the GNU Lesser General Public License
10 * as published by the Free Software Foundation; either version 3 of
11 * the License, or (at your option) any later version.
13 * This library is distributed in the hope that it will be useful, but
14 * WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16 * Lesser General Public License for more details.
18 * You should have received a copy of the GNU Lesser General Public License
19 * along with this program. If not, see <http://www.gnu.org/licenses/>
23 #ifndef __GNUTLS_ABSTRACT_H
24 #define __GNUTLS_ABSTRACT_H
26 #include <gnutls/gnutls.h>
27 #include <gnutls/x509.h>
28 #include <gnutls/pkcs11.h>
29 #include <gnutls/openpgp.h>
30 #include <gnutls/tpm.h>
37 /* Public key operations */
39 struct gnutls_pubkey_st
;
40 typedef struct gnutls_pubkey_st
*gnutls_pubkey_t
;
42 struct gnutls_privkey_st
;
43 typedef struct gnutls_privkey_st
*gnutls_privkey_t
;
45 typedef int (*gnutls_privkey_sign_func
) (gnutls_privkey_t key
,
47 const gnutls_datum_t
* raw_data
,
48 gnutls_datum_t
* signature
);
49 typedef int (*gnutls_privkey_decrypt_func
) (gnutls_privkey_t key
,
51 const gnutls_datum_t
* ciphertext
,
52 gnutls_datum_t
* plaintext
);
54 typedef void (*gnutls_privkey_deinit_func
) (gnutls_privkey_t key
,
57 int gnutls_pubkey_init (gnutls_pubkey_t
* key
);
58 void gnutls_pubkey_deinit (gnutls_pubkey_t key
);
60 void gnutls_pubkey_set_pin_function (gnutls_pubkey_t key
,
61 gnutls_pin_callback_t fn
, void *userdata
);
63 int gnutls_pubkey_get_pk_algorithm (gnutls_pubkey_t key
, unsigned int *bits
);
65 int gnutls_pubkey_import_x509 (gnutls_pubkey_t key
, gnutls_x509_crt_t crt
,
67 int gnutls_pubkey_import_pkcs11 (gnutls_pubkey_t key
,
68 gnutls_pkcs11_obj_t obj
, unsigned int flags
);
69 int gnutls_pubkey_import_openpgp (gnutls_pubkey_t key
,
70 gnutls_openpgp_crt_t crt
,
73 int gnutls_pubkey_import_openpgp_raw (gnutls_pubkey_t pkey
,
74 const gnutls_datum_t
* data
,
75 gnutls_openpgp_crt_fmt_t format
,
76 const gnutls_openpgp_keyid_t keyid
,
78 int gnutls_pubkey_import_x509_raw (gnutls_pubkey_t pkey
,
79 const gnutls_datum_t
* data
,
80 gnutls_x509_crt_fmt_t format
,
84 gnutls_pubkey_import_privkey (gnutls_pubkey_t key
, gnutls_privkey_t pkey
,
85 unsigned int usage
, unsigned int flags
);
88 gnutls_pubkey_import_tpm_url (gnutls_pubkey_t pkey
,
90 const char *srk_password
,
94 gnutls_pubkey_import_url (gnutls_pubkey_t key
, const char *url
,
98 gnutls_pubkey_import_tpm_raw (gnutls_pubkey_t pkey
,
99 const gnutls_datum_t
* fdata
,
100 gnutls_tpmkey_fmt_t format
,
101 const char *srk_password
,
104 int gnutls_pubkey_get_preferred_hash_algorithm (gnutls_pubkey_t key
,
105 gnutls_digest_algorithm_t
*
106 hash
, unsigned int *mand
);
108 int gnutls_pubkey_get_pk_rsa_raw (gnutls_pubkey_t key
,
109 gnutls_datum_t
* m
, gnutls_datum_t
* e
);
110 int gnutls_pubkey_get_pk_dsa_raw (gnutls_pubkey_t key
,
111 gnutls_datum_t
* p
, gnutls_datum_t
* q
,
112 gnutls_datum_t
* g
, gnutls_datum_t
* y
);
113 int gnutls_pubkey_get_pk_ecc_raw (gnutls_pubkey_t key
, gnutls_ecc_curve_t
*curve
,
114 gnutls_datum_t
* x
, gnutls_datum_t
* y
);
115 int gnutls_pubkey_get_pk_ecc_x962 (gnutls_pubkey_t key
, gnutls_datum_t
* parameters
,
116 gnutls_datum_t
* ecpoint
);
118 int gnutls_pubkey_export (gnutls_pubkey_t key
,
119 gnutls_x509_crt_fmt_t format
,
120 void *output_data
, size_t * output_data_size
);
122 int gnutls_pubkey_export2 (gnutls_pubkey_t key
,
123 gnutls_x509_crt_fmt_t format
,
124 gnutls_datum_t
* out
);
126 int gnutls_pubkey_get_key_id (gnutls_pubkey_t key
, unsigned int flags
,
127 unsigned char *output_data
,
128 size_t * output_data_size
);
131 gnutls_pubkey_get_openpgp_key_id (gnutls_pubkey_t key
, unsigned int flags
,
132 unsigned char *output_data
,
133 size_t * output_data_size
,
134 unsigned int *subkey
);
136 int gnutls_pubkey_get_key_usage (gnutls_pubkey_t key
, unsigned int *usage
);
137 int gnutls_pubkey_set_key_usage (gnutls_pubkey_t key
, unsigned int usage
);
139 int gnutls_pubkey_import (gnutls_pubkey_t key
,
140 const gnutls_datum_t
* data
,
141 gnutls_x509_crt_fmt_t format
);
144 int gnutls_pubkey_import_pkcs11_url (gnutls_pubkey_t key
, const char *url
,
146 /* GNUTLS_PKCS11_OBJ_FLAG_* */ );
147 int gnutls_pubkey_import_dsa_raw (gnutls_pubkey_t key
,
148 const gnutls_datum_t
* p
,
149 const gnutls_datum_t
* q
,
150 const gnutls_datum_t
* g
,
151 const gnutls_datum_t
* y
);
152 int gnutls_pubkey_import_rsa_raw (gnutls_pubkey_t key
,
153 const gnutls_datum_t
* m
,
154 const gnutls_datum_t
* e
);
157 gnutls_pubkey_import_ecc_x962 (gnutls_pubkey_t key
,
158 const gnutls_datum_t
* parameters
,
159 const gnutls_datum_t
* ecpoint
);
162 gnutls_pubkey_import_ecc_raw (gnutls_pubkey_t key
,
163 gnutls_ecc_curve_t curve
,
164 const gnutls_datum_t
* x
,
165 const gnutls_datum_t
* y
);
168 gnutls_pubkey_encrypt_data (gnutls_pubkey_t key
, unsigned int flags
,
169 const gnutls_datum_t
* plaintext
,
170 gnutls_datum_t
* ciphertext
);
172 int gnutls_x509_crt_set_pubkey (gnutls_x509_crt_t crt
, gnutls_pubkey_t key
);
174 int gnutls_x509_crq_set_pubkey (gnutls_x509_crq_t crq
, gnutls_pubkey_t key
);
176 #define GNUTLS_PUBKEY_VERIFY_FLAG_TLS_RSA 1
177 /* The following flag disables call to PIN callbacks etc.
178 * Only works for TPM keys.
180 #define GNUTLS_PUBKEY_DISABLE_CALLBACKS (1<<2)
182 gnutls_pubkey_verify_hash2 (gnutls_pubkey_t key
,
183 gnutls_sign_algorithm_t algo
,
185 const gnutls_datum_t
* hash
,
186 const gnutls_datum_t
* signature
);
189 gnutls_pubkey_get_verify_algorithm (gnutls_pubkey_t key
,
190 const gnutls_datum_t
* signature
,
191 gnutls_digest_algorithm_t
* hash
);
194 gnutls_pubkey_verify_data2 (gnutls_pubkey_t pubkey
,
195 gnutls_sign_algorithm_t algo
,
197 const gnutls_datum_t
* data
,
198 const gnutls_datum_t
* signature
);
200 /* Private key operations */
202 int gnutls_privkey_init (gnutls_privkey_t
* key
);
203 void gnutls_privkey_deinit (gnutls_privkey_t key
);
205 void gnutls_privkey_set_pin_function (gnutls_privkey_t key
,
206 gnutls_pin_callback_t fn
, void *userdata
);
208 int gnutls_privkey_get_pk_algorithm (gnutls_privkey_t key
,
210 gnutls_privkey_type_t
gnutls_privkey_get_type (gnutls_privkey_t key
);
213 #define GNUTLS_PRIVKEY_IMPORT_AUTO_RELEASE (1<<0)
214 #define GNUTLS_PRIVKEY_IMPORT_COPY (1<<1)
215 /* The following flag disables call to PIN callbacks etc.
216 * Only works for TPM keys.
218 #define GNUTLS_PRIVKEY_DISABLE_CALLBACKS (1<<2)
219 int gnutls_privkey_import_pkcs11 (gnutls_privkey_t pkey
,
220 gnutls_pkcs11_privkey_t key
,
222 int gnutls_privkey_import_x509 (gnutls_privkey_t pkey
,
223 gnutls_x509_privkey_t key
,
225 int gnutls_privkey_import_openpgp (gnutls_privkey_t pkey
,
226 gnutls_openpgp_privkey_t key
,
229 int gnutls_privkey_import_openpgp_raw (gnutls_privkey_t pkey
,
230 const gnutls_datum_t
* data
,
231 gnutls_openpgp_crt_fmt_t format
,
232 const gnutls_openpgp_keyid_t keyid
,
233 const char* password
);
235 int gnutls_privkey_import_x509_raw (gnutls_privkey_t pkey
,
236 const gnutls_datum_t
* data
,
237 gnutls_x509_crt_fmt_t format
,
238 const char* password
, unsigned int flags
);
241 gnutls_privkey_import_tpm_raw (gnutls_privkey_t pkey
,
242 const gnutls_datum_t
* fdata
,
243 gnutls_tpmkey_fmt_t format
,
244 const char *srk_password
,
245 const char *key_password
, unsigned int flags
);
248 gnutls_privkey_import_tpm_url (gnutls_privkey_t pkey
,
249 const char* url
, const char *srk_password
, const char *key_password
,
252 int gnutls_privkey_import_url (gnutls_privkey_t key
, const char *url
, unsigned int flags
);
254 int gnutls_privkey_import_pkcs11_url (gnutls_privkey_t key
, const char *url
);
257 gnutls_privkey_import_ext (gnutls_privkey_t pkey
,
258 gnutls_pk_algorithm_t pk
,
260 gnutls_privkey_sign_func sign_func
,
261 gnutls_privkey_decrypt_func decrypt_func
,
265 gnutls_privkey_import_ext2 (gnutls_privkey_t pkey
,
266 gnutls_pk_algorithm_t pk
,
268 gnutls_privkey_sign_func sign_func
,
269 gnutls_privkey_decrypt_func decrypt_func
,
270 gnutls_privkey_deinit_func deinit_func
,
273 int gnutls_privkey_sign_data (gnutls_privkey_t signer
,
274 gnutls_digest_algorithm_t hash
,
276 const gnutls_datum_t
* data
,
277 gnutls_datum_t
* signature
);
279 int gnutls_privkey_sign_hash (gnutls_privkey_t signer
,
280 gnutls_digest_algorithm_t hash_algo
,
282 const gnutls_datum_t
* hash_data
,
283 gnutls_datum_t
* signature
);
285 int gnutls_privkey_decrypt_data (gnutls_privkey_t key
,
287 const gnutls_datum_t
* ciphertext
,
288 gnutls_datum_t
* plaintext
);
290 int gnutls_x509_crt_privkey_sign (gnutls_x509_crt_t crt
,
291 gnutls_x509_crt_t issuer
,
292 gnutls_privkey_t issuer_key
,
293 gnutls_digest_algorithm_t dig
,
296 int gnutls_x509_crl_privkey_sign (gnutls_x509_crl_t crl
,
297 gnutls_x509_crt_t issuer
,
298 gnutls_privkey_t issuer_key
,
299 gnutls_digest_algorithm_t dig
,
302 int gnutls_x509_crq_privkey_sign (gnutls_x509_crq_t crq
,
303 gnutls_privkey_t key
,
304 gnutls_digest_algorithm_t dig
,
309 * @pubkey: public key of parsed certificate.
310 * @cert: certificate itself of parsed certificate
311 * @type: type of certificate, a #gnutls_certificate_type_t type.
313 * A parsed certificate.
315 typedef struct gnutls_pcert_st
317 gnutls_pubkey_t pubkey
;
319 gnutls_certificate_type_t type
;
322 /* Do not initialize the "cert" element of
324 #define GNUTLS_PCERT_NO_CERT 1
326 int gnutls_pcert_import_x509 (gnutls_pcert_st
* pcert
,
327 gnutls_x509_crt_t crt
, unsigned int flags
);
330 gnutls_pcert_list_import_x509_raw (gnutls_pcert_st
* pcerts
,
331 unsigned int *pcert_max
,
332 const gnutls_datum_t
* data
,
333 gnutls_x509_crt_fmt_t format
, unsigned int flags
);
335 int gnutls_pcert_import_x509_raw (gnutls_pcert_st
* pcert
,
336 const gnutls_datum_t
* cert
,
337 gnutls_x509_crt_fmt_t format
, unsigned int flags
);
339 int gnutls_pcert_import_openpgp_raw (gnutls_pcert_st
* pcert
,
340 const gnutls_datum_t
* cert
,
341 gnutls_openpgp_crt_fmt_t format
,
342 gnutls_openpgp_keyid_t keyid
, unsigned int flags
);
344 int gnutls_pcert_import_openpgp (gnutls_pcert_st
* pcert
,
345 gnutls_openpgp_crt_t crt
, unsigned int flags
);
347 void gnutls_pcert_deinit (gnutls_pcert_st
* pcert
);
349 /* For certificate credentials */
350 /* This is the same as gnutls_certificate_retrieve_function()
351 * but retrieves a gnutls_pcert_st which requires much less processing
352 * within the library.
354 typedef int gnutls_certificate_retrieve_function2 (gnutls_session_t
,
355 const gnutls_datum_t
*
359 gnutls_pk_algorithm_t
363 unsigned int *pcert_length
,
364 gnutls_privkey_t
*privkey
);
367 void gnutls_certificate_set_retrieve_function2 (
368 gnutls_certificate_credentials_t cred
,
369 gnutls_certificate_retrieve_function2
* func
);
372 gnutls_certificate_set_key (gnutls_certificate_credentials_t res
,
375 gnutls_pcert_st
* pcert_list
,
377 gnutls_privkey_t key
);
379 #include <gnutls/compat.h>
381 int gnutls_pubkey_verify_data (gnutls_pubkey_t pubkey
,
383 const gnutls_datum_t
* data
,
384 const gnutls_datum_t
* signature
) _GNUTLS_GCC_ATTR_DEPRECATED
;
386 int gnutls_pubkey_verify_hash (gnutls_pubkey_t key
, unsigned int flags
,
387 const gnutls_datum_t
* hash
,
388 const gnutls_datum_t
* signature
) _GNUTLS_GCC_ATTR_DEPRECATED
;