search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Add gnutls_psk_client_get_hint function. Use it.
[gnutls.git] / includes / gnutls / gnutls.h.in
blob9864d84b7c988942525c67eea1fed4a30a39649c
1 /* -*- c -*-
2 * Copyright (C) 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008 Free Software Foundation
3 *
4 * Author: Nikos Mavroyanopoulos
5 *
6 * This file is part of GNUTLS.
7 *
8 * The GNUTLS library is free software; you can redistribute it and/or
9 * modify it under the terms of the GNU Lesser General Public License
10 * as published by the Free Software Foundation; either version 2.1 of
11 * the License, or (at your option) any later version.
12 *
13 * This library is distributed in the hope that it will be useful, but
14 * WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16 * Lesser General Public License for more details.
17 *
18 * You should have received a copy of the GNU Lesser General Public
19 * License along with this library; if not, write to the Free Software
20 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301
21 * USA
22 *
23 */
24
25 /* This file contains the types and prototypes for all the
26 * high level functionality of gnutls main library. For the
27 * extra functionality (which is under the GNU GPL license) check
28 * the gnutls/extra.h header. The openssl compatibility layer is
29 * in gnutls/openssl.h.
30 *
31 * The low level cipher functionality is in libgcrypt. Check
32 * gcrypt.h
33 */
34
35
36 #ifndef GNUTLS_H
37 # define GNUTLS_H
38
39 #ifdef __cplusplus
40 extern "C"
41 {
42 #endif
43
44 #define LIBGNUTLS_VERSION "@VERSION@"
45
46 #define LIBGNUTLS_VERSION_MAJOR @MAJOR_VERSION@
47 #define LIBGNUTLS_VERSION_MINOR @MINOR_VERSION@
48 #define LIBGNUTLS_VERSION_PATCH @PATCH_VERSION@
49
50 #define LIBGNUTLS_VERSION_NUMBER @NUMBER_VERSION@
51
52 @POSSIBLY_WARN_ABOUT_MISSING_FEATURES@
53
54 /* Get size_t. */
55 #include <stddef.h>
56 /* Get ssize_t. */
57 #ifndef HAVE_SSIZE_T
58 # define HAVE_SSIZE_T
59 @DEFINE_SSIZE_T@
60 #endif
61 /* Get time_t. */
62 #include <time.h>
63 #include <gnutls/compat.h>
64
65 #define GNUTLS_CIPHER_RIJNDAEL_128_CBC GNUTLS_CIPHER_AES_128_CBC
66 #define GNUTLS_CIPHER_RIJNDAEL_256_CBC GNUTLS_CIPHER_AES_256_CBC
67 #define GNUTLS_CIPHER_RIJNDAEL_CBC GNUTLS_CIPHER_AES_128_CBC
68 #define GNUTLS_CIPHER_ARCFOUR GNUTLS_CIPHER_ARCFOUR_128
69
70 typedef enum gnutls_cipher_algorithm
71 {
72 GNUTLS_CIPHER_UNKNOWN = 0,
73 GNUTLS_CIPHER_NULL = 1,
74 GNUTLS_CIPHER_ARCFOUR_128,
75 GNUTLS_CIPHER_3DES_CBC,
76 GNUTLS_CIPHER_AES_128_CBC,
77 GNUTLS_CIPHER_AES_256_CBC,
78 GNUTLS_CIPHER_ARCFOUR_40,
79 GNUTLS_CIPHER_CAMELLIA_128_CBC,
80 GNUTLS_CIPHER_CAMELLIA_256_CBC,
81 GNUTLS_CIPHER_RC2_40_CBC = 90,
82 GNUTLS_CIPHER_DES_CBC
83 } gnutls_cipher_algorithm_t;
84
85 typedef enum
86 {
87 GNUTLS_KX_UNKNOWN = 0,
88 GNUTLS_KX_RSA = 1,
89 GNUTLS_KX_DHE_DSS,
90 GNUTLS_KX_DHE_RSA,
91 GNUTLS_KX_ANON_DH,
92 GNUTLS_KX_SRP,
93 GNUTLS_KX_RSA_EXPORT,
94 GNUTLS_KX_SRP_RSA,
95 GNUTLS_KX_SRP_DSS,
96 GNUTLS_KX_PSK,
97 GNUTLS_KX_DHE_PSK
98 } gnutls_kx_algorithm_t;
99
100 typedef enum
101 {
102 GNUTLS_PARAMS_RSA_EXPORT = 1,
103 GNUTLS_PARAMS_DH
104 } gnutls_params_type_t;
105
106 typedef enum
107 {
108 GNUTLS_CRD_CERTIFICATE = 1,
109 GNUTLS_CRD_ANON,
110 GNUTLS_CRD_SRP,
111 GNUTLS_CRD_PSK,
112 GNUTLS_CRD_IA
113 } gnutls_credentials_type_t;
114
115 #define GNUTLS_MAC_SHA GNUTLS_MAC_SHA1
116 #define GNUTLS_DIG_SHA GNUTLS_DIG_SHA1
117
118 typedef enum
119 {
120 GNUTLS_MAC_UNKNOWN = 0,
121 GNUTLS_MAC_NULL = 1,
122 GNUTLS_MAC_MD5,
123 GNUTLS_MAC_SHA1,
124 GNUTLS_MAC_RMD160,
125 GNUTLS_MAC_MD2,
126 GNUTLS_MAC_SHA256,
127 GNUTLS_MAC_SHA384,
128 GNUTLS_MAC_SHA512
129 } gnutls_mac_algorithm_t;
130
131 /* The enumerations here should have the same value with
132 gnutls_mac_algorithm_t.
133 */
134 typedef enum
135 {
136 GNUTLS_DIG_NULL = GNUTLS_MAC_NULL,
137 GNUTLS_DIG_MD5 = GNUTLS_MAC_MD5,
138 GNUTLS_DIG_SHA1 = GNUTLS_MAC_SHA1,
139 GNUTLS_DIG_RMD160 = GNUTLS_MAC_RMD160,
140 GNUTLS_DIG_MD2 = GNUTLS_MAC_MD2,
141 GNUTLS_DIG_SHA256 = GNUTLS_MAC_SHA256,
142 GNUTLS_DIG_SHA384 = GNUTLS_MAC_SHA384,
143 GNUTLS_DIG_SHA512 = GNUTLS_MAC_SHA512
144 } gnutls_digest_algorithm_t;
145
146 /* exported for other gnutls headers. This is the maximum number of
147 * algorithms (ciphers, kx or macs).
148 */
149 #define GNUTLS_MAX_ALGORITHM_NUM 16
150
151 #define GNUTLS_COMP_ZLIB GNUTLS_COMP_DEFLATE
152 typedef enum
153 {
154 GNUTLS_COMP_UNKNOWN = 0,
155 GNUTLS_COMP_NULL = 1,
156 GNUTLS_COMP_DEFLATE,
157 GNUTLS_COMP_LZO /* only available if gnutls-extra has
158 been initialized
159 */
160 } gnutls_compression_method_t;
161
162 typedef enum
163 {
164 GNUTLS_SERVER = 1,
165 GNUTLS_CLIENT
166 } gnutls_connection_end_t;
167
168 typedef enum
169 {
170 GNUTLS_AL_WARNING = 1,
171 GNUTLS_AL_FATAL
172 } gnutls_alert_level_t;
173
174 typedef enum
175 {
176 GNUTLS_A_CLOSE_NOTIFY,
177 GNUTLS_A_UNEXPECTED_MESSAGE = 10,
178 GNUTLS_A_BAD_RECORD_MAC = 20,
179 GNUTLS_A_DECRYPTION_FAILED,
180 GNUTLS_A_RECORD_OVERFLOW,
181 GNUTLS_A_DECOMPRESSION_FAILURE = 30,
182 GNUTLS_A_HANDSHAKE_FAILURE = 40,
183 GNUTLS_A_SSL3_NO_CERTIFICATE = 41,
184 GNUTLS_A_BAD_CERTIFICATE = 42,
185 GNUTLS_A_UNSUPPORTED_CERTIFICATE,
186 GNUTLS_A_CERTIFICATE_REVOKED,
187 GNUTLS_A_CERTIFICATE_EXPIRED,
188 GNUTLS_A_CERTIFICATE_UNKNOWN,
189 GNUTLS_A_ILLEGAL_PARAMETER,
190 GNUTLS_A_UNKNOWN_CA,
191 GNUTLS_A_ACCESS_DENIED,
192 GNUTLS_A_DECODE_ERROR = 50,
193 GNUTLS_A_DECRYPT_ERROR,
194 GNUTLS_A_EXPORT_RESTRICTION = 60,
195 GNUTLS_A_PROTOCOL_VERSION = 70,
196 GNUTLS_A_INSUFFICIENT_SECURITY,
197 GNUTLS_A_INTERNAL_ERROR = 80,
198 GNUTLS_A_USER_CANCELED = 90,
199 GNUTLS_A_NO_RENEGOTIATION = 100,
200 GNUTLS_A_UNSUPPORTED_EXTENSION = 110,
201 GNUTLS_A_CERTIFICATE_UNOBTAINABLE = 111,
202 GNUTLS_A_UNRECOGNIZED_NAME = 112,
203 GNUTLS_A_UNKNOWN_PSK_IDENTITY = 115,
204 GNUTLS_A_INNER_APPLICATION_FAILURE = 208,
205 GNUTLS_A_INNER_APPLICATION_VERIFICATION = 209
206 } gnutls_alert_description_t;
207
208 typedef enum
209 { GNUTLS_HANDSHAKE_HELLO_REQUEST = 0,
210 GNUTLS_HANDSHAKE_CLIENT_HELLO = 1,
211 GNUTLS_HANDSHAKE_SERVER_HELLO = 2,
212 GNUTLS_HANDSHAKE_CERTIFICATE_PKT = 11,
213 GNUTLS_HANDSHAKE_SERVER_KEY_EXCHANGE = 12,
214 GNUTLS_HANDSHAKE_CERTIFICATE_REQUEST = 13,
215 GNUTLS_HANDSHAKE_SERVER_HELLO_DONE = 14,
216 GNUTLS_HANDSHAKE_CERTIFICATE_VERIFY = 15,
217 GNUTLS_HANDSHAKE_CLIENT_KEY_EXCHANGE = 16,
218 GNUTLS_HANDSHAKE_FINISHED = 20,
219 GNUTLS_HANDSHAKE_SUPPLEMENTAL = 23
220 } gnutls_handshake_description_t;
221
222 /* Note that the status bits have different meanings
223 * in openpgp keys and x.509 certificate verification.
224 */
225 typedef enum
226 {
227 GNUTLS_CERT_INVALID = 2, /* will be set if the certificate
228 * was not verified.
229 */
230 GNUTLS_CERT_REVOKED = 32, /* in X.509 this will be set only if CRLs are checked
231 */
232
233 /* Those are extra information about the verification
234 * process. Will be set only if the certificate was
235 * not verified.
236 */
237 GNUTLS_CERT_SIGNER_NOT_FOUND = 64,
238 GNUTLS_CERT_SIGNER_NOT_CA = 128,
239 GNUTLS_CERT_INSECURE_ALGORITHM = 256
240 } gnutls_certificate_status_t;
241
242 typedef enum
243 {
244 GNUTLS_CERT_IGNORE,
245 GNUTLS_CERT_REQUEST = 1,
246 GNUTLS_CERT_REQUIRE
247 } gnutls_certificate_request_t;
248
249 typedef enum
250 { GNUTLS_OPENPGP_CERT,
251 GNUTLS_OPENPGP_CERT_FINGERPRINT
252 } gnutls_openpgp_crt_status_t;
253
254 typedef enum
255 {
256 GNUTLS_SHUT_RDWR = 0,
257 GNUTLS_SHUT_WR = 1
258 } gnutls_close_request_t;
259
260 #define GNUTLS_TLS1 GNUTLS_TLS1_0
261 typedef enum
262 {
263 GNUTLS_SSL3 = 1,
264 GNUTLS_TLS1_0,
265 GNUTLS_TLS1_1,
266 GNUTLS_TLS1_2,
267 GNUTLS_VERSION_UNKNOWN = 0xff
268 } gnutls_protocol_t;
269
270 typedef enum
271 {
272 GNUTLS_CRT_UNKNOWN = 0,
273 GNUTLS_CRT_X509 = 1,
274 GNUTLS_CRT_OPENPGP
275 } gnutls_certificate_type_t;
276
277 typedef enum
278 {
279 GNUTLS_X509_FMT_DER,
280 GNUTLS_X509_FMT_PEM
281 } gnutls_x509_crt_fmt_t;
282
283 typedef enum gnutls_certificate_print_formats
284 {
285 GNUTLS_CRT_PRINT_FULL,
286 GNUTLS_CRT_PRINT_ONELINE,
287 GNUTLS_CRT_PRINT_UNSIGNED_FULL,
288 } gnutls_certificate_print_formats_t;
289
290 typedef enum
291 {
292 GNUTLS_PK_UNKNOWN = 0,
293 GNUTLS_PK_RSA = 1,
294 GNUTLS_PK_DSA
295 } gnutls_pk_algorithm_t;
296
297 const char *gnutls_pk_algorithm_get_name (gnutls_pk_algorithm_t algorithm);
298
299 #define GNUTLS_SIGN_RSA_SHA GNUTLS_SIGN_RSA_SHA1
300 #define GNUTLS_SIGN_DSA_SHA GNUTLS_SIGN_DSA_SHA1
301 typedef enum
302 {
303 GNUTLS_SIGN_UNKNOWN = 0,
304 GNUTLS_SIGN_RSA_SHA1 = 1,
305 GNUTLS_SIGN_DSA_SHA1,
306 GNUTLS_SIGN_RSA_MD5,
307 GNUTLS_SIGN_RSA_MD2,
308 GNUTLS_SIGN_RSA_RMD160,
309 GNUTLS_SIGN_RSA_SHA256,
310 GNUTLS_SIGN_RSA_SHA384,
311 GNUTLS_SIGN_RSA_SHA512
312 } gnutls_sign_algorithm_t;
313
314 const char *gnutls_sign_algorithm_get_name (gnutls_sign_algorithm_t
315 algorithm);
316
317 /* If you want to change this, then also change the define in
318 * gnutls_int.h, and recompile.
319 */
320 typedef void *gnutls_transport_ptr_t;
321
322 struct gnutls_session_int;
323 typedef struct gnutls_session_int *gnutls_session_t;
324
325 struct gnutls_dh_params_int;
326 typedef struct gnutls_dh_params_int *gnutls_dh_params_t;
327
328 struct gnutls_x509_privkey_int; /* XXX ugly. */
329 typedef struct gnutls_x509_privkey_int *gnutls_rsa_params_t; /* XXX ugly. */
330
331 struct gnutls_priority_st;
332 typedef struct gnutls_priority_st *gnutls_priority_t;
333
334 typedef struct
335 {
336 unsigned char *data;
337 unsigned int size;
338 } gnutls_datum_t;
339
340
341 typedef struct gnutls_params_st
342 {
343 gnutls_params_type_t type;
344 union params
345 {
346 gnutls_dh_params_t dh;
347 gnutls_rsa_params_t rsa_export;
348 } params;
349 int deinit;
350 } gnutls_params_st;
351
352 typedef int gnutls_params_function (gnutls_session_t, gnutls_params_type_t,
353 gnutls_params_st *);
354
355 /* internal functions */
356
357 int gnutls_init (gnutls_session_t * session,
358 gnutls_connection_end_t con_end);
359 void gnutls_deinit (gnutls_session_t session);
360 #define _gnutls_deinit(x) gnutls_deinit(x)
361
362 int gnutls_bye (gnutls_session_t session, gnutls_close_request_t how);
363
364 int gnutls_handshake (gnutls_session_t session);
365 int gnutls_rehandshake (gnutls_session_t session);
366
367 gnutls_alert_description_t gnutls_alert_get (gnutls_session_t session);
368 int gnutls_alert_send (gnutls_session_t session,
369 gnutls_alert_level_t level,
370 gnutls_alert_description_t desc);
371 int gnutls_alert_send_appropriate (gnutls_session_t session, int err);
372 const char *gnutls_alert_get_name (gnutls_alert_description_t alert);
373
374 /* get information on the current session */
375 gnutls_cipher_algorithm_t gnutls_cipher_get (gnutls_session_t session);
376 gnutls_kx_algorithm_t gnutls_kx_get (gnutls_session_t session);
377 gnutls_mac_algorithm_t gnutls_mac_get (gnutls_session_t session);
378 gnutls_compression_method_t gnutls_compression_get (gnutls_session_t
379 session);
380 gnutls_certificate_type_t gnutls_certificate_type_get (gnutls_session_t
381 session);
382
383 size_t gnutls_cipher_get_key_size (gnutls_cipher_algorithm_t algorithm);
384 size_t gnutls_mac_get_key_size (gnutls_mac_algorithm_t algorithm);
385
386 /* the name of the specified algorithms */
387 const char *gnutls_cipher_get_name (gnutls_cipher_algorithm_t algorithm);
388 const char *gnutls_mac_get_name (gnutls_mac_algorithm_t algorithm);
389 const char *gnutls_compression_get_name (gnutls_compression_method_t
390 algorithm);
391 const char *gnutls_kx_get_name (gnutls_kx_algorithm_t algorithm);
392 const char *gnutls_certificate_type_get_name (gnutls_certificate_type_t
393 type);
394
395 gnutls_mac_algorithm_t gnutls_mac_get_id (const char* name);
396 gnutls_compression_method_t gnutls_compression_get_id (const char* name);
397 gnutls_cipher_algorithm_t gnutls_cipher_get_id (const char* name);
398 gnutls_kx_algorithm_t gnutls_kx_get_id (const char* name);
399 gnutls_protocol_t gnutls_protocol_get_id (const char* name);
400 gnutls_certificate_type_t gnutls_certificate_type_get_id (const char* name);
401
402
403 /* list supported algorithms */
404 const gnutls_cipher_algorithm_t *gnutls_cipher_list (void);
405 const gnutls_mac_algorithm_t *gnutls_mac_list (void);
406 const gnutls_compression_method_t *gnutls_compression_list (void);
407 const gnutls_protocol_t *gnutls_protocol_list (void);
408 const gnutls_certificate_type_t *gnutls_certificate_type_list (void);
409 const gnutls_kx_algorithm_t *gnutls_kx_list (void);
410 const char *gnutls_cipher_suite_info (size_t i,
411 char *id,
412 gnutls_kx_algorithm_t *kx,
413 gnutls_cipher_algorithm_t *cipher,
414 gnutls_mac_algorithm_t *mac,
415 gnutls_protocol_t *version);
416
417 /* error functions */
418 int gnutls_error_is_fatal (int error);
419 int gnutls_error_to_alert (int err, int *level);
420
421 void gnutls_perror (int error);
422 const char *gnutls_strerror (int error);
423
424 /* Semi-internal functions.
425 */
426 void gnutls_handshake_set_private_extensions (gnutls_session_t session,
427 int allow);
428 gnutls_handshake_description_t
429 gnutls_handshake_get_last_out (gnutls_session_t session);
430 gnutls_handshake_description_t
431 gnutls_handshake_get_last_in (gnutls_session_t session);
432
433 /* Record layer functions.
434 */
435 ssize_t gnutls_record_send (gnutls_session_t session, const void *data,
436 size_t sizeofdata);
437 ssize_t gnutls_record_recv (gnutls_session_t session, void *data,
438 size_t sizeofdata);
439 #define gnutls_read gnutls_record_recv
440 #define gnutls_write gnutls_record_send
441
442 void gnutls_session_enable_compatibility_mode (gnutls_session_t session);
443
444 void gnutls_record_disable_padding (gnutls_session_t session);
445
446 int gnutls_record_get_direction (gnutls_session_t session);
447
448 size_t gnutls_record_get_max_size (gnutls_session_t session);
449 ssize_t gnutls_record_set_max_size (gnutls_session_t session, size_t size);
450
451 size_t gnutls_record_check_pending (gnutls_session_t session);
452
453 int gnutls_prf (gnutls_session_t session,
454 size_t label_size, const char *label,
455 int server_random_first,
456 size_t extra_size, const char *extra,
457 size_t outsize, char *out);
458
459 int gnutls_prf_raw (gnutls_session_t session,
460 size_t label_size, const char *label,
461 size_t seed_size, const char *seed,
462 size_t outsize, char *out);
463
464 /* TLS Extensions */
465
466 typedef enum
467 {
468 GNUTLS_NAME_DNS = 1
469 } gnutls_server_name_type_t;
470
471 int gnutls_server_name_set (gnutls_session_t session,
472 gnutls_server_name_type_t type,
473 const void *name, size_t name_length);
474
475 int gnutls_server_name_get (gnutls_session_t session,
476 void *data, size_t * data_length,
477 unsigned int *type, unsigned int indx);
478
479 /* Opaque PRF Input
480 * http://tools.ietf.org/id/draft-rescorla-tls-opaque-prf-input-00.txt
481 */
482
483 void
484 gnutls_oprfi_enable_client (gnutls_session_t session,
485 size_t len,
486 unsigned char *data);
487
488 typedef int (*gnutls_oprfi_callback_func) (gnutls_session_t session,
489 void *userdata,
490 size_t oprfi_len,
491 const unsigned char *in_oprfi,
492 unsigned char *out_oprfi);
493
494 void
495 gnutls_oprfi_enable_server (gnutls_session_t session,
496 gnutls_oprfi_callback_func cb,
497 void *userdata);
498
499 /* Supplemental data, RFC 4680. */
500 typedef enum
501 {
502 GNUTLS_SUPPLEMENTAL_USER_MAPPING_DATA = 0
503 } gnutls_supplemental_data_format_type_t;
504
505 const char *gnutls_supplemental_get_name
506 (gnutls_supplemental_data_format_type_t type);
507
508 /* functions to set priority of cipher suites
509 */
510 int gnutls_cipher_set_priority (gnutls_session_t session, const int *list);
511 int gnutls_mac_set_priority (gnutls_session_t session, const int *list);
512 int gnutls_compression_set_priority (gnutls_session_t session,
513 const int *list);
514 int gnutls_kx_set_priority (gnutls_session_t session, const int *list);
515 int gnutls_protocol_set_priority (gnutls_session_t session,
516 const int *list);
517 int gnutls_certificate_type_set_priority (gnutls_session_t session,
518 const int *list);
519
520 /* if you just want some defaults, use the following.
521 */
522 int gnutls_priority_init( gnutls_priority_t*, const char *priority, const char** err_pos);
523 void gnutls_priority_deinit( gnutls_priority_t);
524
525 int gnutls_priority_set(gnutls_session_t session, gnutls_priority_t);
526 int gnutls_priority_set_direct(gnutls_session_t session, const char *priority, const char** err_pos);
527
528 /* for compatibility
529 */
530 int gnutls_set_default_priority (gnutls_session_t session);
531 int gnutls_set_default_export_priority (gnutls_session_t session);
532
533 /* Returns the name of a cipher suite */
534 const char *gnutls_cipher_suite_get_name (gnutls_kx_algorithm_t
535 kx_algorithm,
536 gnutls_cipher_algorithm_t
537 cipher_algorithm,
538 gnutls_mac_algorithm_t
539 mac_algorithm);
540
541 /* get the currently used protocol version */
542 gnutls_protocol_t gnutls_protocol_get_version (gnutls_session_t session);
543
544 const char *gnutls_protocol_get_name (gnutls_protocol_t version);
545
546
547 /* get/set session
548 */
549 int gnutls_session_set_data (gnutls_session_t session,
550 const void *session_data,
551 size_t session_data_size);
552 int gnutls_session_get_data (gnutls_session_t session, void *session_data,
553 size_t * session_data_size);
554 int gnutls_session_get_data2 (gnutls_session_t session,
555 gnutls_datum_t * data);
556
557 /* returns the session ID */
558 #define GNUTLS_MAX_SESSION_ID 32
559 int gnutls_session_get_id (gnutls_session_t session, void *session_id,
560 size_t * session_id_size);
561
562 /* returns security values.
563 * Do not use them unless you know what you're doing.
564 */
565 #define TLS_MASTER_SIZE 48
566 #define TLS_RANDOM_SIZE 32
567 const void *gnutls_session_get_server_random (gnutls_session_t session);
568 const void *gnutls_session_get_client_random (gnutls_session_t session);
569 const void *gnutls_session_get_master_secret (gnutls_session_t session);
570
571 /* checks if this session is a resumed one
572 */
573 int gnutls_session_is_resumed (gnutls_session_t session);
574
575 typedef int (*gnutls_db_store_func) (void *, gnutls_datum_t key,
576 gnutls_datum_t data);
577 typedef int (*gnutls_db_remove_func) (void *, gnutls_datum_t key);
578 typedef gnutls_datum_t (*gnutls_db_retr_func) (void *, gnutls_datum_t key);
579
580 void gnutls_db_set_cache_expiration (gnutls_session_t session, int seconds);
581
582 void gnutls_db_remove_session (gnutls_session_t session);
583 void gnutls_db_set_retrieve_function (gnutls_session_t session,
584 gnutls_db_retr_func retr_func);
585 void gnutls_db_set_remove_function (gnutls_session_t session,
586 gnutls_db_remove_func rem_func);
587 void gnutls_db_set_store_function (gnutls_session_t session,
588 gnutls_db_store_func store_func);
589 void gnutls_db_set_ptr (gnutls_session_t session, void *ptr);
590 void *gnutls_db_get_ptr (gnutls_session_t session);
591 int gnutls_db_check_entry (gnutls_session_t session,
592 gnutls_datum_t session_entry);
593
594 typedef int (*gnutls_handshake_post_client_hello_func)(gnutls_session_t);
595 void gnutls_handshake_set_post_client_hello_function(gnutls_session_t,
596 gnutls_handshake_post_client_hello_func);
597
598 void gnutls_handshake_set_max_packet_length (gnutls_session_t session,
599 size_t max);
600
601 /* returns libgnutls version (call it with a NULL argument)
602 */
603 const char *gnutls_check_version (const char *req_version);
604
605 /* Functions for setting/clearing credentials
606 */
607 void gnutls_credentials_clear (gnutls_session_t session);
608
609 /* cred is a structure defined by the kx algorithm
610 */
611 int gnutls_credentials_set (gnutls_session_t session,
612 gnutls_credentials_type_t type, void *cred);
613 #define gnutls_cred_set gnutls_credentials_set
614
615 /* Credential structures - used in gnutls_credentials_set(); */
616
617 struct gnutls_certificate_credentials_st;
618 typedef struct gnutls_certificate_credentials_st
619 *gnutls_certificate_credentials_t;
620 typedef gnutls_certificate_credentials_t
621 gnutls_certificate_server_credentials;
622 typedef gnutls_certificate_credentials_t
623 gnutls_certificate_client_credentials;
624
625 typedef struct gnutls_anon_server_credentials_st
626 *gnutls_anon_server_credentials_t;
627 typedef struct gnutls_anon_client_credentials_st
628 *gnutls_anon_client_credentials_t;
629
630 void gnutls_anon_free_server_credentials (gnutls_anon_server_credentials_t sc);
631 int gnutls_anon_allocate_server_credentials (gnutls_anon_server_credentials_t * sc);
632
633 void gnutls_anon_set_server_dh_params (gnutls_anon_server_credentials_t res,
634 gnutls_dh_params_t dh_params);
635
636 void
637 gnutls_anon_set_server_params_function (gnutls_anon_server_credentials_t
638 res,
639 gnutls_params_function * func);
640
641 void gnutls_anon_free_client_credentials (gnutls_anon_client_credentials_t
642 sc);
643 int
644 gnutls_anon_allocate_client_credentials (gnutls_anon_client_credentials_t
645 * sc);
646
647 /* CERTFILE is an x509 certificate in PEM form.
648 * KEYFILE is a pkcs-1 private key in PEM form (for RSA keys).
649 */
650 void gnutls_certificate_free_credentials (gnutls_certificate_credentials_t
651 sc);
652 int
653 gnutls_certificate_allocate_credentials (gnutls_certificate_credentials_t
654 * res);
655
656 void gnutls_certificate_free_keys (gnutls_certificate_credentials_t sc);
657 void gnutls_certificate_free_cas (gnutls_certificate_credentials_t sc);
658 void gnutls_certificate_free_ca_names (gnutls_certificate_credentials_t sc);
659 void gnutls_certificate_free_crls (gnutls_certificate_credentials_t sc);
660
661 void gnutls_certificate_set_dh_params (gnutls_certificate_credentials_t res,
662 gnutls_dh_params_t dh_params);
663 void
664 gnutls_certificate_set_rsa_export_params (gnutls_certificate_credentials_t
665 res,
666 gnutls_rsa_params_t rsa_params);
667 void gnutls_certificate_set_verify_flags (gnutls_certificate_credentials_t
668 res, unsigned int flags);
669 void gnutls_certificate_set_verify_limits (gnutls_certificate_credentials_t
670 res, unsigned int max_bits,
671 unsigned int max_depth);
672
673 int gnutls_certificate_set_x509_trust_file (gnutls_certificate_credentials_t
674 res, const char *CAFILE,
675 gnutls_x509_crt_fmt_t type);
676 int gnutls_certificate_set_x509_trust_mem (gnutls_certificate_credentials_t
677 res, const gnutls_datum_t * CA,
678 gnutls_x509_crt_fmt_t type);
679
680 int gnutls_certificate_set_x509_crl_file (gnutls_certificate_credentials_t
681 res, const char *crlfile,
682 gnutls_x509_crt_fmt_t type);
683 int gnutls_certificate_set_x509_crl_mem (gnutls_certificate_credentials_t
684 res, const gnutls_datum_t * CRL,
685 gnutls_x509_crt_fmt_t type);
686
687 int gnutls_certificate_set_x509_key_file (gnutls_certificate_credentials_t
688 res, const char *CERTFILE,
689 const char *KEYFILE,
690 gnutls_x509_crt_fmt_t type);
691 int gnutls_certificate_set_x509_key_mem (gnutls_certificate_credentials_t
692 res, const gnutls_datum_t * CERT,
693 const gnutls_datum_t * KEY,
694 gnutls_x509_crt_fmt_t type);
695
696 void gnutls_certificate_send_x509_rdn_sequence (gnutls_session_t session,
697 int status);
698
699
700 extern int
701 gnutls_certificate_set_x509_simple_pkcs12_file
702 (gnutls_certificate_credentials_t res, const char *pkcs12file,
703 gnutls_x509_crt_fmt_t type, const char *password);
704
705 /* New functions to allow setting already parsed X.509 stuff.
706 */
707 struct gnutls_x509_privkey_int;
708 typedef struct gnutls_x509_privkey_int *gnutls_x509_privkey_t;
709
710 struct gnutls_x509_crl_int;
711 typedef struct gnutls_x509_crl_int *gnutls_x509_crl_t;
712
713 struct gnutls_x509_crt_int;
714 typedef struct gnutls_x509_crt_int *gnutls_x509_crt_t;
715
716 struct gnutls_openpgp_keyring_int;
717 typedef struct gnutls_openpgp_keyring_int *gnutls_openpgp_keyring_t;
718
719 int gnutls_certificate_set_x509_key (gnutls_certificate_credentials_t res,
720 gnutls_x509_crt_t * cert_list,
721 int cert_list_size,
722 gnutls_x509_privkey_t key);
723 int gnutls_certificate_set_x509_trust (gnutls_certificate_credentials_t res,
724 gnutls_x509_crt_t * ca_list,
725 int ca_list_size);
726 int gnutls_certificate_set_x509_crl (gnutls_certificate_credentials_t res,
727 gnutls_x509_crl_t * crl_list,
728 int crl_list_size);
729
730 void gnutls_certificate_get_x509_cas (gnutls_certificate_credentials_t sc,
731 gnutls_x509_crt_t **x509_ca_list,
732 unsigned int* ncas);
733
734 void gnutls_certificate_get_x509_crls (gnutls_certificate_credentials_t sc,
735 gnutls_x509_crl_t **x509_crl_list,
736 unsigned int* ncrls);
737
738 void gnutls_certificate_get_openpgp_keyring (gnutls_certificate_credentials_t sc,
739 gnutls_openpgp_keyring_t *keyring);
740
741 /* global state functions
742 */
743 int gnutls_global_init (void);
744 void gnutls_global_deinit (void);
745
746 typedef void *(*gnutls_alloc_function) (size_t);
747 typedef void *(*gnutls_calloc_function) (size_t, size_t);
748 typedef int (*gnutls_is_secure_function) (const void *);
749 typedef void (*gnutls_free_function) (void *);
750 typedef void *(*gnutls_realloc_function) (void *, size_t);
751
752 extern void
753 gnutls_global_set_mem_functions (gnutls_alloc_function gt_alloc_func,
754 gnutls_alloc_function
755 gt_secure_alloc_func,
756 gnutls_is_secure_function
757 gt_is_secure_func,
758 gnutls_realloc_function gt_realloc_func,
759 gnutls_free_function gt_free_func);
760
761 /* For use in callbacks */
762 extern gnutls_alloc_function gnutls_malloc;
763 extern gnutls_alloc_function gnutls_secure_malloc;
764 extern gnutls_realloc_function gnutls_realloc;
765 extern gnutls_calloc_function gnutls_calloc;
766 extern gnutls_free_function gnutls_free;
767
768 extern char *(*gnutls_strdup) (const char *);
769
770 typedef void (*gnutls_log_func) (int, const char *);
771 void gnutls_global_set_log_function (gnutls_log_func log_func);
772 void gnutls_global_set_log_level (int level);
773
774 /* Diffie Hellman parameter handling.
775 */
776 int gnutls_dh_params_init (gnutls_dh_params_t * dh_params);
777 void gnutls_dh_params_deinit (gnutls_dh_params_t dh_params);
778 int gnutls_dh_params_import_raw (gnutls_dh_params_t dh_params,
779 const gnutls_datum_t * prime,
780 const gnutls_datum_t * generator);
781 int gnutls_dh_params_import_pkcs3 (gnutls_dh_params_t params,
782 const gnutls_datum_t * pkcs3_params,
783 gnutls_x509_crt_fmt_t format);
784 int gnutls_dh_params_generate2 (gnutls_dh_params_t params,
785 unsigned int bits);
786 int gnutls_dh_params_export_pkcs3 (gnutls_dh_params_t params,
787 gnutls_x509_crt_fmt_t format,
788 unsigned char *params_data,
789 size_t * params_data_size);
790 int gnutls_dh_params_export_raw (gnutls_dh_params_t params,
791 gnutls_datum_t * prime,
792 gnutls_datum_t * generator,
793 unsigned int *bits);
794 int gnutls_dh_params_cpy (gnutls_dh_params_t dst, gnutls_dh_params_t src);
795
796
797 /* RSA params
798 */
799 int gnutls_rsa_params_init (gnutls_rsa_params_t * rsa_params);
800 void gnutls_rsa_params_deinit (gnutls_rsa_params_t rsa_params);
801 int gnutls_rsa_params_cpy (gnutls_rsa_params_t dst,
802 gnutls_rsa_params_t src);
803 int gnutls_rsa_params_import_raw (gnutls_rsa_params_t rsa_params,
804 const gnutls_datum_t * m,
805 const gnutls_datum_t * e,
806 const gnutls_datum_t * d,
807 const gnutls_datum_t * p,
808 const gnutls_datum_t * q,
809 const gnutls_datum_t * u);
810 int gnutls_rsa_params_generate2 (gnutls_rsa_params_t params,
811 unsigned int bits);
812 int gnutls_rsa_params_export_raw (gnutls_rsa_params_t params,
813 gnutls_datum_t * m, gnutls_datum_t * e,
814 gnutls_datum_t * d, gnutls_datum_t * p,
815 gnutls_datum_t * q, gnutls_datum_t * u,
816 unsigned int *bits);
817 int gnutls_rsa_params_export_pkcs1 (gnutls_rsa_params_t params,
818 gnutls_x509_crt_fmt_t format,
819 unsigned char *params_data,
820 size_t * params_data_size);
821 int gnutls_rsa_params_import_pkcs1 (gnutls_rsa_params_t params,
822 const gnutls_datum_t * pkcs1_params,
823 gnutls_x509_crt_fmt_t format);
824
825 /* Session stuff
826 */
827 typedef ssize_t (*gnutls_pull_func) (gnutls_transport_ptr_t, void *,
828 size_t);
829 typedef ssize_t (*gnutls_push_func) (gnutls_transport_ptr_t, const void *,
830 size_t);
831 void gnutls_transport_set_ptr (gnutls_session_t session,
832 gnutls_transport_ptr_t ptr);
833 void gnutls_transport_set_ptr2 (gnutls_session_t session,
834 gnutls_transport_ptr_t recv_ptr,
835 gnutls_transport_ptr_t send_ptr);
836
837 gnutls_transport_ptr_t gnutls_transport_get_ptr (gnutls_session_t session);
838 void gnutls_transport_get_ptr2 (gnutls_session_t session,
839 gnutls_transport_ptr_t * recv_ptr,
840 gnutls_transport_ptr_t * send_ptr);
841
842 void gnutls_transport_set_lowat (gnutls_session_t session, int num);
843
844
845 void gnutls_transport_set_push_function (gnutls_session_t session,
846 gnutls_push_func push_func);
847 void gnutls_transport_set_pull_function (gnutls_session_t session,
848 gnutls_pull_func pull_func);
849
850 void gnutls_transport_set_errno (gnutls_session_t session, int err);
851 void gnutls_transport_set_global_errno (int err);
852
853 /* session specific
854 */
855 void gnutls_session_set_ptr (gnutls_session_t session, void *ptr);
856 void *gnutls_session_get_ptr (gnutls_session_t session);
857
858 void gnutls_openpgp_send_cert (gnutls_session_t session,
859 gnutls_openpgp_crt_status_t status);
860
861 /* fingerprint
862 * Actually this function returns the hash of the given data.
863 */
864 int gnutls_fingerprint (gnutls_digest_algorithm_t algo,
865 const gnutls_datum_t * data, void *result,
866 size_t * result_size);
867
868
869 /* SRP
870 */
871
872 typedef struct gnutls_srp_server_credentials_st
873 *gnutls_srp_server_credentials_t;
874 typedef struct gnutls_srp_client_credentials_st
875 *gnutls_srp_client_credentials_t;
876
877 void gnutls_srp_free_client_credentials (gnutls_srp_client_credentials_t
878 sc);
879 int gnutls_srp_allocate_client_credentials (gnutls_srp_client_credentials_t
880 * sc);
881 int gnutls_srp_set_client_credentials (gnutls_srp_client_credentials_t res,
882 const char *username, const char *password);
883
884 void gnutls_srp_free_server_credentials (gnutls_srp_server_credentials_t
885 sc);
886 int gnutls_srp_allocate_server_credentials (gnutls_srp_server_credentials_t
887 * sc);
888 int gnutls_srp_set_server_credentials_file (gnutls_srp_server_credentials_t
889 res, const char *password_file,
890 const char *password_conf_file);
891
892 const char *gnutls_srp_server_get_username (gnutls_session_t session);
893
894 extern int gnutls_srp_verifier (const char *username,
895 const char *password,
896 const gnutls_datum_t * salt,
897 const gnutls_datum_t * generator,
898 const gnutls_datum_t * prime,
899 gnutls_datum_t * res);
900
901 /* The static parameters defined in draft-ietf-tls-srp-05
902 * Those should be used as input to gnutls_srp_verifier().
903 */
904 extern const gnutls_datum_t gnutls_srp_2048_group_prime;
905 extern const gnutls_datum_t gnutls_srp_2048_group_generator;
906
907 extern const gnutls_datum_t gnutls_srp_1536_group_prime;
908 extern const gnutls_datum_t gnutls_srp_1536_group_generator;
909
910 extern const gnutls_datum_t gnutls_srp_1024_group_prime;
911 extern const gnutls_datum_t gnutls_srp_1024_group_generator;
912
913 typedef int gnutls_srp_server_credentials_function (gnutls_session_t,
914 const char *username,
915 gnutls_datum_t * salt,
916 gnutls_datum_t *
917 verifier,
918 gnutls_datum_t *
919 generator,
920 gnutls_datum_t * prime);
921 void
922 gnutls_srp_set_server_credentials_function
923 (gnutls_srp_server_credentials_t cred,
924 gnutls_srp_server_credentials_function * func);
925
926 typedef int gnutls_srp_client_credentials_function (gnutls_session_t,
927 char **, char **);
928 void
929 gnutls_srp_set_client_credentials_function
930 (gnutls_srp_client_credentials_t cred,
931 gnutls_srp_client_credentials_function * func);
932
933 int gnutls_srp_base64_encode (const gnutls_datum_t * data, char *result,
934 size_t * result_size);
935 int gnutls_srp_base64_encode_alloc (const gnutls_datum_t * data,
936 gnutls_datum_t * result);
937
938 int gnutls_srp_base64_decode (const gnutls_datum_t * b64_data, char *result,
939 size_t * result_size);
940 int gnutls_srp_base64_decode_alloc (const gnutls_datum_t * b64_data,
941 gnutls_datum_t * result);
942
943 /* PSK stuff */
944 typedef struct gnutls_psk_server_credentials_st
945 *gnutls_psk_server_credentials_t;
946 typedef struct gnutls_psk_client_credentials_st
947 *gnutls_psk_client_credentials_t;
948
949 typedef enum gnutls_psk_key_flags
950 {
951 GNUTLS_PSK_KEY_RAW = 0,
952 GNUTLS_PSK_KEY_HEX
953 } gnutls_psk_key_flags;
954
955 void gnutls_psk_free_client_credentials (gnutls_psk_client_credentials_t
956 sc);
957 int gnutls_psk_allocate_client_credentials (gnutls_psk_client_credentials_t
958 * sc);
959 int gnutls_psk_set_client_credentials (gnutls_psk_client_credentials_t res,
960 const char *username,
961 const gnutls_datum_t * key,
962 gnutls_psk_key_flags format);
963
964 void gnutls_psk_free_server_credentials (gnutls_psk_server_credentials_t
965 sc);
966 int gnutls_psk_allocate_server_credentials (gnutls_psk_server_credentials_t
967 * sc);
968 int gnutls_psk_set_server_credentials_file (gnutls_psk_server_credentials_t
969 res, const char *password_file);
970
971 const char *gnutls_psk_server_get_username (gnutls_session_t session);
972 const char *gnutls_psk_client_get_hint (gnutls_session_t session);
973
974 typedef int gnutls_psk_server_credentials_function (gnutls_session_t,
975 const char *username,
976 gnutls_datum_t * key);
977 void
978 gnutls_psk_set_server_credentials_function
979 (gnutls_psk_server_credentials_t cred,
980 gnutls_psk_server_credentials_function * func);
981
982 typedef int gnutls_psk_client_credentials_function (gnutls_session_t,
983 char **username,
984 gnutls_datum_t * key);
985 void
986 gnutls_psk_set_client_credentials_function
987 (gnutls_psk_client_credentials_t cred,
988 gnutls_psk_client_credentials_function * func);
989
990 int gnutls_hex_encode (const gnutls_datum_t * data, char *result,
991 size_t * result_size);
992 int gnutls_hex_decode (const gnutls_datum_t * hex_data, char *result,
993 size_t * result_size);
994
995 void gnutls_psk_set_server_dh_params (gnutls_psk_server_credentials_t res,
996 gnutls_dh_params_t dh_params);
997
998 void gnutls_psk_set_server_params_function (gnutls_psk_server_credentials_t
999 res,
1000 gnutls_params_function * func);
1001
1002 int gnutls_psk_netconf_derive_key (const char *password,
1003 const char *psk_identity,
1004 const char *psk_identity_hint,
1005 gnutls_datum_t *output_key);
1006
1007
1008 typedef enum gnutls_x509_subject_alt_name_t
1009 {
1010 GNUTLS_SAN_DNSNAME = 1,
1011 GNUTLS_SAN_RFC822NAME,
1012 GNUTLS_SAN_URI,
1013 GNUTLS_SAN_IPADDRESS,
1014 GNUTLS_SAN_OTHERNAME,
1015 GNUTLS_SAN_DN,
1016 /* The following are "virtual" subject alternative name types, in
1017 that they are represented by an otherName value and an OID.
1018 Used by gnutls_x509_crt_get_subject_alt_othername_oid(). */
1019 GNUTLS_SAN_OTHERNAME_XMPP = 1000
1020 } gnutls_x509_subject_alt_name_t;
1021
1022 struct gnutls_openpgp_crt_int;
1023 typedef struct gnutls_openpgp_crt_int *gnutls_openpgp_crt_t;
1024
1025 struct gnutls_openpgp_privkey_int;
1026 typedef struct gnutls_openpgp_privkey_int *gnutls_openpgp_privkey_t;
1027
1028 typedef struct gnutls_retr_st
1029 {
1030 gnutls_certificate_type_t type;
1031 union cert
1032 {
1033 gnutls_x509_crt_t *x509;
1034 gnutls_openpgp_crt_t pgp;
1035 } cert;
1036 unsigned int ncerts; /* one for pgp keys */
1037
1038 union key
1039 {
1040 gnutls_x509_privkey_t x509;
1041 gnutls_openpgp_privkey_t pgp;
1042 } key;
1043
1044 unsigned int deinit_all; /* if non zero all keys will be deinited */
1045 } gnutls_retr_st;
1046
1047 typedef int gnutls_certificate_client_retrieve_function (gnutls_session_t,
1048 const
1049 gnutls_datum_t *
1050 req_ca_rdn,
1051 int nreqs,
1052 const
1053 gnutls_pk_algorithm_t
1054 * pk_algos,
1055 int
1056 pk_algos_length,
1057 gnutls_retr_st *);
1058 typedef int gnutls_certificate_server_retrieve_function (gnutls_session_t,
1059 gnutls_retr_st *);
1060
1061
1062 /* Functions that allow auth_info_t structures handling
1063 */
1064
1065 gnutls_credentials_type_t gnutls_auth_get_type (gnutls_session_t session);
1066 gnutls_credentials_type_t
1067 gnutls_auth_server_get_type (gnutls_session_t session);
1068 gnutls_credentials_type_t
1069 gnutls_auth_client_get_type (gnutls_session_t session);
1070
1071 /* DH */
1072
1073 void gnutls_dh_set_prime_bits (gnutls_session_t session, unsigned int bits);
1074 int gnutls_dh_get_secret_bits (gnutls_session_t session);
1075 int gnutls_dh_get_peers_public_bits (gnutls_session_t session);
1076 int gnutls_dh_get_prime_bits (gnutls_session_t session);
1077
1078 int gnutls_dh_get_group (gnutls_session_t session, gnutls_datum_t * raw_gen,
1079 gnutls_datum_t * raw_prime);
1080 int gnutls_dh_get_pubkey (gnutls_session_t session,
1081 gnutls_datum_t * raw_key);
1082
1083 /* RSA */
1084 int gnutls_rsa_export_get_pubkey (gnutls_session_t session,
1085 gnutls_datum_t * exponent,
1086 gnutls_datum_t * modulus);
1087 int gnutls_rsa_export_get_modulus_bits (gnutls_session_t session);
1088
1089 /* X509PKI */
1090
1091 /* External signing callback. Experimental. */
1092 typedef int (*gnutls_sign_func) (gnutls_session_t session,
1093 void *userdata,
1094 gnutls_certificate_type_t cert_type,
1095 const gnutls_datum_t * cert,
1096 const gnutls_datum_t * hash,
1097 gnutls_datum_t * signature);
1098
1099 void gnutls_sign_callback_set (gnutls_session_t session,
1100 gnutls_sign_func sign_func,
1101 void *userdata);
1102 gnutls_sign_func
1103 gnutls_sign_callback_get (gnutls_session_t session,
1104 void **userdata);
1105
1106 /* These are set on the credentials structure.
1107 */
1108 void gnutls_certificate_client_set_retrieve_function
1109 (gnutls_certificate_credentials_t cred,
1110 gnutls_certificate_client_retrieve_function * func);
1111 void gnutls_certificate_server_set_retrieve_function
1112 (gnutls_certificate_credentials_t cred,
1113 gnutls_certificate_server_retrieve_function * func);
1114
1115 void gnutls_certificate_server_set_request (gnutls_session_t session,
1116 gnutls_certificate_request_t
1117 req);
1118
1119 /* get data from the session
1120 */
1121 const gnutls_datum_t *gnutls_certificate_get_peers (gnutls_session_t
1122 session,
1123 unsigned int
1124 *list_size);
1125 const gnutls_datum_t *gnutls_certificate_get_ours (gnutls_session_t
1126 session);
1127
1128 time_t gnutls_certificate_activation_time_peers (gnutls_session_t session);
1129 time_t gnutls_certificate_expiration_time_peers (gnutls_session_t session);
1130
1131 int gnutls_certificate_client_get_request_status (gnutls_session_t session);
1132 int gnutls_certificate_verify_peers2 (gnutls_session_t session,
1133 unsigned int *status);
1134
1135 /* this is obsolete (?). */
1136 int gnutls_certificate_verify_peers (gnutls_session_t session);
1137
1138 int gnutls_pem_base64_encode (const char *msg, const gnutls_datum_t * data,
1139 char *result, size_t * result_size);
1140 int gnutls_pem_base64_decode (const char *header,
1141 const gnutls_datum_t * b64_data,
1142 unsigned char *result, size_t * result_size);
1143
1144 int gnutls_pem_base64_encode_alloc (const char *msg,
1145 const gnutls_datum_t * data,
1146 gnutls_datum_t * result);
1147 int gnutls_pem_base64_decode_alloc (const char *header,
1148 const gnutls_datum_t * b64_data,
1149 gnutls_datum_t * result);
1150
1151 /* key_usage will be an OR of the following values:
1152 */
1153
1154 /* when the key is to be used for signing: */
1155 #define GNUTLS_KEY_DIGITAL_SIGNATURE 128
1156 #define GNUTLS_KEY_NON_REPUDIATION 64
1157 /* when the key is to be used for encryption: */
1158 #define GNUTLS_KEY_KEY_ENCIPHERMENT 32
1159 #define GNUTLS_KEY_DATA_ENCIPHERMENT 16
1160 #define GNUTLS_KEY_KEY_AGREEMENT 8
1161 #define GNUTLS_KEY_KEY_CERT_SIGN 4
1162 #define GNUTLS_KEY_CRL_SIGN 2
1163 #define GNUTLS_KEY_ENCIPHER_ONLY 1
1164 #define GNUTLS_KEY_DECIPHER_ONLY 32768
1165
1166 void
1167 gnutls_certificate_set_params_function (gnutls_certificate_credentials_t res,
1168 gnutls_params_function * func);
1169 void gnutls_anon_set_params_function (gnutls_anon_server_credentials_t res,
1170 gnutls_params_function * func);
1171 void gnutls_psk_set_params_function (gnutls_psk_server_credentials_t res,
1172 gnutls_params_function * func);
1173
1174 int gnutls_hex2bin (const char * hex_data, size_t hex_size,
1175 char * bin_data, size_t * bin_size);
1176
1177 /* Gnutls error codes. The mapping to a TLS alert is also shown in
1178 * comments.
1179 */
1180
1181 #define GNUTLS_E_SUCCESS 0
1182 #define GNUTLS_E_UNKNOWN_COMPRESSION_ALGORITHM -3
1183 #define GNUTLS_E_UNKNOWN_CIPHER_TYPE -6
1184 #define GNUTLS_E_LARGE_PACKET -7
1185 #define GNUTLS_E_UNSUPPORTED_VERSION_PACKET -8 /* GNUTLS_A_PROTOCOL_VERSION */
1186 #define GNUTLS_E_UNEXPECTED_PACKET_LENGTH -9 /* GNUTLS_A_RECORD_OVERFLOW */
1187 #define GNUTLS_E_INVALID_SESSION -10
1188 #define GNUTLS_E_FATAL_ALERT_RECEIVED -12
1189 #define GNUTLS_E_UNEXPECTED_PACKET -15 /* GNUTLS_A_UNEXPECTED_MESSAGE */
1190 #define GNUTLS_E_WARNING_ALERT_RECEIVED -16
1191 #define GNUTLS_E_ERROR_IN_FINISHED_PACKET -18
1192 #define GNUTLS_E_UNEXPECTED_HANDSHAKE_PACKET -19
1193 #define GNUTLS_E_UNKNOWN_CIPHER_SUITE -21 /* GNUTLS_A_HANDSHAKE_FAILURE */
1194 #define GNUTLS_E_UNWANTED_ALGORITHM -22
1195 #define GNUTLS_E_MPI_SCAN_FAILED -23
1196 #define GNUTLS_E_DECRYPTION_FAILED -24 /* GNUTLS_A_DECRYPTION_FAILED, GNUTLS_A_BAD_RECORD_MAC */
1197 #define GNUTLS_E_MEMORY_ERROR -25
1198 #define GNUTLS_E_DECOMPRESSION_FAILED -26 /* GNUTLS_A_DECOMPRESSION_FAILURE */
1199 #define GNUTLS_E_COMPRESSION_FAILED -27
1200 #define GNUTLS_E_AGAIN -28
1201 #define GNUTLS_E_EXPIRED -29
1202 #define GNUTLS_E_DB_ERROR -30
1203 #define GNUTLS_E_SRP_PWD_ERROR -31
1204 #define GNUTLS_E_INSUFFICIENT_CREDENTIALS -32
1205 #define GNUTLS_E_INSUFICIENT_CREDENTIALS GNUTLS_E_INSUFFICIENT_CREDENTIALS /* for backwards compatibility only */
1206 #define GNUTLS_E_INSUFFICIENT_CRED GNUTLS_E_INSUFFICIENT_CREDENTIALS
1207 #define GNUTLS_E_INSUFICIENT_CRED GNUTLS_E_INSUFFICIENT_CREDENTIALS /* for backwards compatibility only */
1208
1209 #define GNUTLS_E_HASH_FAILED -33
1210 #define GNUTLS_E_BASE64_DECODING_ERROR -34
1211
1212 #define GNUTLS_E_MPI_PRINT_FAILED -35
1213 #define GNUTLS_E_REHANDSHAKE -37 /* GNUTLS_A_NO_RENEGOTIATION */
1214 #define GNUTLS_E_GOT_APPLICATION_DATA -38
1215 #define GNUTLS_E_RECORD_LIMIT_REACHED -39
1216 #define GNUTLS_E_ENCRYPTION_FAILED -40
1217
1218 #define GNUTLS_E_PK_ENCRYPTION_FAILED -44
1219 #define GNUTLS_E_PK_DECRYPTION_FAILED -45
1220 #define GNUTLS_E_PK_SIGN_FAILED -46
1221 #define GNUTLS_E_X509_UNSUPPORTED_CRITICAL_EXTENSION -47
1222 #define GNUTLS_E_KEY_USAGE_VIOLATION -48
1223 #define GNUTLS_E_NO_CERTIFICATE_FOUND -49 /* GNUTLS_A_BAD_CERTIFICATE */
1224 #define GNUTLS_E_INVALID_REQUEST -50
1225 #define GNUTLS_E_SHORT_MEMORY_BUFFER -51
1226 #define GNUTLS_E_INTERRUPTED -52
1227 #define GNUTLS_E_PUSH_ERROR -53
1228 #define GNUTLS_E_PULL_ERROR -54
1229 #define GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER -55 /* GNUTLS_A_ILLEGAL_PARAMETER */
1230 #define GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE -56
1231 #define GNUTLS_E_PKCS1_WRONG_PAD -57
1232 #define GNUTLS_E_RECEIVED_ILLEGAL_EXTENSION -58
1233 #define GNUTLS_E_INTERNAL_ERROR -59
1234 #define GNUTLS_E_DH_PRIME_UNACCEPTABLE -63
1235 #define GNUTLS_E_FILE_ERROR -64
1236 #define GNUTLS_E_TOO_MANY_EMPTY_PACKETS -78
1237 #define GNUTLS_E_UNKNOWN_PK_ALGORITHM -80
1238
1239
1240 /* returned if libextra functionality was requested but
1241 * gnutls_global_init_extra() was not called.
1242 */
1243 #define GNUTLS_E_INIT_LIBEXTRA -82
1244 #define GNUTLS_E_LIBRARY_VERSION_MISMATCH -83
1245
1246
1247 /* returned if you need to generate temporary RSA
1248 * parameters. These are needed for export cipher suites.
1249 */
1250 #define GNUTLS_E_NO_TEMPORARY_RSA_PARAMS -84
1251
1252 #define GNUTLS_E_LZO_INIT_FAILED -85
1253 #define GNUTLS_E_NO_COMPRESSION_ALGORITHMS -86
1254 #define GNUTLS_E_NO_CIPHER_SUITES -87
1255
1256 #define GNUTLS_E_OPENPGP_GETKEY_FAILED -88
1257 #define GNUTLS_E_PK_SIG_VERIFY_FAILED -89
1258
1259 #define GNUTLS_E_ILLEGAL_SRP_USERNAME -90
1260 #define GNUTLS_E_SRP_PWD_PARSING_ERROR -91
1261 #define GNUTLS_E_NO_TEMPORARY_DH_PARAMS -93
1262
1263 /* For certificate and key stuff
1264 */
1265 #define GNUTLS_E_ASN1_ELEMENT_NOT_FOUND -67
1266 #define GNUTLS_E_ASN1_IDENTIFIER_NOT_FOUND -68
1267 #define GNUTLS_E_ASN1_DER_ERROR -69
1268 #define GNUTLS_E_ASN1_VALUE_NOT_FOUND -70
1269 #define GNUTLS_E_ASN1_GENERIC_ERROR -71
1270 #define GNUTLS_E_ASN1_VALUE_NOT_VALID -72
1271 #define GNUTLS_E_ASN1_TAG_ERROR -73
1272 #define GNUTLS_E_ASN1_TAG_IMPLICIT -74
1273 #define GNUTLS_E_ASN1_TYPE_ANY_ERROR -75
1274 #define GNUTLS_E_ASN1_SYNTAX_ERROR -76
1275 #define GNUTLS_E_ASN1_DER_OVERFLOW -77
1276 #define GNUTLS_E_OPENPGP_UID_REVOKED -79
1277 #define GNUTLS_E_CERTIFICATE_ERROR -43
1278 #define GNUTLS_E_X509_CERTIFICATE_ERROR GNUTLS_E_CERTIFICATE_ERROR
1279 #define GNUTLS_E_CERTIFICATE_KEY_MISMATCH -60
1280 #define GNUTLS_E_UNSUPPORTED_CERTIFICATE_TYPE -61 /* GNUTLS_A_UNSUPPORTED_CERTIFICATE */
1281 #define GNUTLS_E_X509_UNKNOWN_SAN -62
1282 #define GNUTLS_E_OPENPGP_FINGERPRINT_UNSUPPORTED -94
1283 #define GNUTLS_E_X509_UNSUPPORTED_ATTRIBUTE -95
1284 #define GNUTLS_E_UNKNOWN_HASH_ALGORITHM -96
1285 #define GNUTLS_E_UNKNOWN_PKCS_CONTENT_TYPE -97
1286 #define GNUTLS_E_UNKNOWN_PKCS_BAG_TYPE -98
1287 #define GNUTLS_E_INVALID_PASSWORD -99
1288 #define GNUTLS_E_MAC_VERIFY_FAILED -100 /* for PKCS #12 MAC */
1289 #define GNUTLS_E_CONSTRAINT_ERROR -101
1290
1291 #define GNUTLS_E_WARNING_IA_IPHF_RECEIVED -102
1292 #define GNUTLS_E_WARNING_IA_FPHF_RECEIVED -103
1293
1294 #define GNUTLS_E_IA_VERIFY_FAILED -104
1295
1296 #define GNUTLS_E_UNKNOWN_ALGORITHM -105
1297
1298 #define GNUTLS_E_BASE64_ENCODING_ERROR -201
1299 #define GNUTLS_E_INCOMPATIBLE_GCRYPT_LIBRARY -202 /* obsolete */
1300 #define GNUTLS_E_INCOMPATIBLE_CRYPTO_LIBRARY -202
1301 #define GNUTLS_E_INCOMPATIBLE_LIBTASN1_LIBRARY -203
1302
1303 #define GNUTLS_E_OPENPGP_KEYRING_ERROR -204
1304 #define GNUTLS_E_X509_UNSUPPORTED_OID -205
1305
1306 #define GNUTLS_E_RANDOM_FAILED -206
1307 #define GNUTLS_E_BASE64_UNEXPECTED_HEADER_ERROR -207
1308
1309 #define GNUTLS_E_OPENPGP_SUBKEY_ERROR -208
1310
1311 #define GNUTLS_E_CRYPTO_ALREADY_REGISTERED -209
1312
1313 #define GNUTLS_E_UNIMPLEMENTED_FEATURE -1250
1314
1315 #define GNUTLS_E_APPLICATION_ERROR_MAX -65000
1316 #define GNUTLS_E_APPLICATION_ERROR_MIN -65500
1317
1318 #ifdef __cplusplus
1319 }
1320 #endif
1321
1322 #endif /* GNUTLS_H */
Implementation of the SSL/TLS protocol