2 * Copyright (C) 2010-2012 Free Software Foundation, Inc.
4 * Author: Nikos Mavrogiannopoulos
6 * This file is part of GnuTLS.
8 * The GnuTLS is free software; you can redistribute it and/or
9 * modify it under the terms of the GNU Lesser General Public License
10 * as published by the Free Software Foundation; either version 3 of
11 * the License, or (at your option) any later version.
13 * This library is distributed in the hope that it will be useful, but
14 * WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16 * Lesser General Public License for more details.
18 * You should have received a copy of the GNU Lesser General Public License
19 * along with this program. If not, see <http://www.gnu.org/licenses/>
23 #ifndef __GNUTLS_ABSTRACT_H
24 #define __GNUTLS_ABSTRACT_H
26 #include <gnutls/gnutls.h>
27 #include <gnutls/x509.h>
28 #include <gnutls/pkcs11.h>
29 #include <gnutls/openpgp.h>
30 #include <gnutls/tpm.h>
37 /* Public key operations */
39 struct gnutls_pubkey_st
;
40 typedef struct gnutls_pubkey_st
*gnutls_pubkey_t
;
42 struct gnutls_privkey_st
;
43 typedef struct gnutls_privkey_st
*gnutls_privkey_t
;
45 typedef int (*gnutls_privkey_sign_func
) (gnutls_privkey_t key
,
47 const gnutls_datum_t
* raw_data
,
48 gnutls_datum_t
* signature
);
49 typedef int (*gnutls_privkey_decrypt_func
) (gnutls_privkey_t key
,
51 const gnutls_datum_t
* ciphertext
,
52 gnutls_datum_t
* plaintext
);
54 typedef void (*gnutls_privkey_deinit_func
) (gnutls_privkey_t key
,
57 int gnutls_pubkey_init (gnutls_pubkey_t
* key
);
58 void gnutls_pubkey_deinit (gnutls_pubkey_t key
);
60 void gnutls_pubkey_set_pin_function (gnutls_pubkey_t key
,
61 gnutls_pin_callback_t fn
, void *userdata
);
63 int gnutls_pubkey_get_pk_algorithm (gnutls_pubkey_t key
, unsigned int *bits
);
65 int gnutls_pubkey_import_x509 (gnutls_pubkey_t key
, gnutls_x509_crt_t crt
,
67 int gnutls_pubkey_import_pkcs11 (gnutls_pubkey_t key
,
68 gnutls_pkcs11_obj_t obj
, unsigned int flags
);
69 int gnutls_pubkey_import_openpgp (gnutls_pubkey_t key
,
70 gnutls_openpgp_crt_t crt
,
73 gnutls_pubkey_import_privkey (gnutls_pubkey_t key
, gnutls_privkey_t pkey
,
74 unsigned int usage
, unsigned int flags
);
77 gnutls_pubkey_import_tpm_url (gnutls_pubkey_t pkey
,
79 const char *srk_password
,
83 gnutls_pubkey_import_url (gnutls_pubkey_t key
, const char *url
,
87 gnutls_pubkey_import_tpm_raw (gnutls_pubkey_t pkey
,
88 const gnutls_datum_t
* fdata
,
89 gnutls_tpmkey_fmt_t format
,
90 const char *srk_password
,
93 int gnutls_pubkey_get_preferred_hash_algorithm (gnutls_pubkey_t key
,
94 gnutls_digest_algorithm_t
*
95 hash
, unsigned int *mand
);
97 int gnutls_pubkey_get_pk_rsa_raw (gnutls_pubkey_t key
,
98 gnutls_datum_t
* m
, gnutls_datum_t
* e
);
99 int gnutls_pubkey_get_pk_dsa_raw (gnutls_pubkey_t key
,
100 gnutls_datum_t
* p
, gnutls_datum_t
* q
,
101 gnutls_datum_t
* g
, gnutls_datum_t
* y
);
102 int gnutls_pubkey_get_pk_ecc_raw (gnutls_pubkey_t key
, gnutls_ecc_curve_t
*curve
,
103 gnutls_datum_t
* x
, gnutls_datum_t
* y
);
104 int gnutls_pubkey_get_pk_ecc_x962 (gnutls_pubkey_t key
, gnutls_datum_t
* parameters
,
105 gnutls_datum_t
* ecpoint
);
107 int gnutls_pubkey_export (gnutls_pubkey_t key
,
108 gnutls_x509_crt_fmt_t format
,
109 void *output_data
, size_t * output_data_size
);
111 int gnutls_pubkey_export2 (gnutls_pubkey_t key
,
112 gnutls_x509_crt_fmt_t format
,
113 gnutls_datum_t
* out
);
115 int gnutls_pubkey_get_key_id (gnutls_pubkey_t key
, unsigned int flags
,
116 unsigned char *output_data
,
117 size_t * output_data_size
);
120 gnutls_pubkey_get_openpgp_key_id (gnutls_pubkey_t key
, unsigned int flags
,
121 unsigned char *output_data
,
122 size_t * output_data_size
,
123 unsigned int *subkey
);
125 int gnutls_pubkey_get_key_usage (gnutls_pubkey_t key
, unsigned int *usage
);
126 int gnutls_pubkey_set_key_usage (gnutls_pubkey_t key
, unsigned int usage
);
128 int gnutls_pubkey_import (gnutls_pubkey_t key
,
129 const gnutls_datum_t
* data
,
130 gnutls_x509_crt_fmt_t format
);
133 int gnutls_pubkey_import_pkcs11_url (gnutls_pubkey_t key
, const char *url
,
135 /* GNUTLS_PKCS11_OBJ_FLAG_* */ );
136 int gnutls_pubkey_import_dsa_raw (gnutls_pubkey_t key
,
137 const gnutls_datum_t
* p
,
138 const gnutls_datum_t
* q
,
139 const gnutls_datum_t
* g
,
140 const gnutls_datum_t
* y
);
141 int gnutls_pubkey_import_rsa_raw (gnutls_pubkey_t key
,
142 const gnutls_datum_t
* m
,
143 const gnutls_datum_t
* e
);
146 gnutls_pubkey_import_ecc_x962 (gnutls_pubkey_t key
,
147 const gnutls_datum_t
* parameters
,
148 const gnutls_datum_t
* ecpoint
);
151 gnutls_pubkey_import_ecc_raw (gnutls_pubkey_t key
,
152 gnutls_ecc_curve_t curve
,
153 const gnutls_datum_t
* x
,
154 const gnutls_datum_t
* y
);
157 gnutls_pubkey_encrypt_data (gnutls_pubkey_t key
, unsigned int flags
,
158 const gnutls_datum_t
* plaintext
,
159 gnutls_datum_t
* ciphertext
);
161 int gnutls_x509_crt_set_pubkey (gnutls_x509_crt_t crt
, gnutls_pubkey_t key
);
163 int gnutls_x509_crq_set_pubkey (gnutls_x509_crq_t crq
, gnutls_pubkey_t key
);
165 #define GNUTLS_PUBKEY_VERIFY_FLAG_TLS_RSA 1
166 /* The following flag disables call to PIN callbacks etc.
167 * Only works for TPM keys.
169 #define GNUTLS_PUBKEY_DISABLE_CALLBACKS (1<<2)
171 gnutls_pubkey_verify_hash2 (gnutls_pubkey_t key
,
172 gnutls_sign_algorithm_t algo
,
174 const gnutls_datum_t
* hash
,
175 const gnutls_datum_t
* signature
);
178 gnutls_pubkey_get_verify_algorithm (gnutls_pubkey_t key
,
179 const gnutls_datum_t
* signature
,
180 gnutls_digest_algorithm_t
* hash
);
183 gnutls_pubkey_verify_data2 (gnutls_pubkey_t pubkey
,
184 gnutls_sign_algorithm_t algo
,
186 const gnutls_datum_t
* data
,
187 const gnutls_datum_t
* signature
);
189 /* Private key operations */
191 int gnutls_privkey_init (gnutls_privkey_t
* key
);
192 void gnutls_privkey_deinit (gnutls_privkey_t key
);
194 void gnutls_privkey_set_pin_function (gnutls_privkey_t key
,
195 gnutls_pin_callback_t fn
, void *userdata
);
197 int gnutls_privkey_get_pk_algorithm (gnutls_privkey_t key
,
199 gnutls_privkey_type_t
gnutls_privkey_get_type (gnutls_privkey_t key
);
202 #define GNUTLS_PRIVKEY_IMPORT_AUTO_RELEASE (1<<0)
203 #define GNUTLS_PRIVKEY_IMPORT_COPY (1<<1)
204 /* The following flag disables call to PIN callbacks etc.
205 * Only works for TPM keys.
207 #define GNUTLS_PRIVKEY_DISABLE_CALLBACKS (1<<2)
208 int gnutls_privkey_import_pkcs11 (gnutls_privkey_t pkey
,
209 gnutls_pkcs11_privkey_t key
,
211 int gnutls_privkey_import_x509 (gnutls_privkey_t pkey
,
212 gnutls_x509_privkey_t key
,
214 int gnutls_privkey_import_openpgp (gnutls_privkey_t pkey
,
215 gnutls_openpgp_privkey_t key
,
218 int gnutls_privkey_import_openpgp_raw (gnutls_privkey_t pkey
,
219 const gnutls_datum_t
* data
,
220 gnutls_openpgp_crt_fmt_t format
,
221 const gnutls_openpgp_keyid_t keyid
,
222 const char* password
);
224 int gnutls_privkey_import_x509_raw (gnutls_privkey_t pkey
,
225 const gnutls_datum_t
* data
,
226 gnutls_x509_crt_fmt_t format
,
227 const char* password
, unsigned int flags
);
230 gnutls_privkey_import_tpm_raw (gnutls_privkey_t pkey
,
231 const gnutls_datum_t
* fdata
,
232 gnutls_tpmkey_fmt_t format
,
233 const char *srk_password
,
234 const char *key_password
, unsigned int flags
);
237 gnutls_privkey_import_tpm_url (gnutls_privkey_t pkey
,
238 const char* url
, const char *srk_password
, const char *key_password
,
241 int gnutls_privkey_import_url (gnutls_privkey_t key
, const char *url
, unsigned int flags
);
243 int gnutls_privkey_import_pkcs11_url (gnutls_privkey_t key
, const char *url
);
246 gnutls_privkey_import_ext (gnutls_privkey_t pkey
,
247 gnutls_pk_algorithm_t pk
,
249 gnutls_privkey_sign_func sign_func
,
250 gnutls_privkey_decrypt_func decrypt_func
,
254 gnutls_privkey_import_ext2 (gnutls_privkey_t pkey
,
255 gnutls_pk_algorithm_t pk
,
257 gnutls_privkey_sign_func sign_func
,
258 gnutls_privkey_decrypt_func decrypt_func
,
259 gnutls_privkey_deinit_func deinit_func
,
262 int gnutls_privkey_sign_data (gnutls_privkey_t signer
,
263 gnutls_digest_algorithm_t hash
,
265 const gnutls_datum_t
* data
,
266 gnutls_datum_t
* signature
);
268 int gnutls_privkey_sign_hash (gnutls_privkey_t signer
,
269 gnutls_digest_algorithm_t hash_algo
,
271 const gnutls_datum_t
* hash_data
,
272 gnutls_datum_t
* signature
);
274 int gnutls_privkey_decrypt_data (gnutls_privkey_t key
,
276 const gnutls_datum_t
* ciphertext
,
277 gnutls_datum_t
* plaintext
);
279 int gnutls_x509_crt_privkey_sign (gnutls_x509_crt_t crt
,
280 gnutls_x509_crt_t issuer
,
281 gnutls_privkey_t issuer_key
,
282 gnutls_digest_algorithm_t dig
,
285 int gnutls_x509_crl_privkey_sign (gnutls_x509_crl_t crl
,
286 gnutls_x509_crt_t issuer
,
287 gnutls_privkey_t issuer_key
,
288 gnutls_digest_algorithm_t dig
,
291 int gnutls_x509_crq_privkey_sign (gnutls_x509_crq_t crq
,
292 gnutls_privkey_t key
,
293 gnutls_digest_algorithm_t dig
,
298 * @pubkey: public key of parsed certificate.
299 * @cert: certificate itself of parsed certificate
300 * @type: type of certificate, a #gnutls_certificate_type_t type.
302 * A parsed certificate.
304 typedef struct gnutls_pcert_st
306 gnutls_pubkey_t pubkey
;
308 gnutls_certificate_type_t type
;
311 /* Do not initialize the "cert" element of
313 #define GNUTLS_PCERT_NO_CERT 1
315 int gnutls_pcert_import_x509 (gnutls_pcert_st
* pcert
,
316 gnutls_x509_crt_t crt
, unsigned int flags
);
319 gnutls_pcert_list_import_x509_raw (gnutls_pcert_st
* pcerts
,
320 unsigned int *pcert_max
,
321 const gnutls_datum_t
* data
,
322 gnutls_x509_crt_fmt_t format
, unsigned int flags
);
324 int gnutls_pcert_import_x509_raw (gnutls_pcert_st
* pcert
,
325 const gnutls_datum_t
* cert
,
326 gnutls_x509_crt_fmt_t format
, unsigned int flags
);
328 int gnutls_pcert_import_openpgp_raw (gnutls_pcert_st
* pcert
,
329 const gnutls_datum_t
* cert
,
330 gnutls_openpgp_crt_fmt_t format
,
331 gnutls_openpgp_keyid_t keyid
, unsigned int flags
);
333 int gnutls_pcert_import_openpgp (gnutls_pcert_st
* pcert
,
334 gnutls_openpgp_crt_t crt
, unsigned int flags
);
336 void gnutls_pcert_deinit (gnutls_pcert_st
* pcert
);
338 /* For certificate credentials */
339 /* This is the same as gnutls_certificate_retrieve_function()
340 * but retrieves a gnutls_pcert_st which requires much less processing
341 * within the library.
343 typedef int gnutls_certificate_retrieve_function2 (gnutls_session_t
,
344 const gnutls_datum_t
*
348 gnutls_pk_algorithm_t
352 unsigned int *pcert_length
,
353 gnutls_privkey_t
*privkey
);
356 void gnutls_certificate_set_retrieve_function2 (
357 gnutls_certificate_credentials_t cred
,
358 gnutls_certificate_retrieve_function2
* func
);
361 gnutls_certificate_set_key (gnutls_certificate_credentials_t res
,
364 gnutls_pcert_st
* pcert_list
,
366 gnutls_privkey_t key
);
368 #include <gnutls/compat.h>
370 int gnutls_pubkey_verify_data (gnutls_pubkey_t pubkey
,
372 const gnutls_datum_t
* data
,
373 const gnutls_datum_t
* signature
) _GNUTLS_GCC_ATTR_DEPRECATED
;
375 int gnutls_pubkey_verify_hash (gnutls_pubkey_t key
, unsigned int flags
,
376 const gnutls_datum_t
* hash
,
377 const gnutls_datum_t
* signature
) _GNUTLS_GCC_ATTR_DEPRECATED
;