2 * Copyright (C) 2000-2012 Free Software Foundation, Inc.
4 * Author: Nikos Mavrogiannopoulos
6 * This file is part of GnuTLS.
8 * The GnuTLS is free software; you can redistribute it and/or
9 * modify it under the terms of the GNU Lesser General Public License
10 * as published by the Free Software Foundation; either version 3 of
11 * the License, or (at your option) any later version.
13 * This library is distributed in the hope that it will be useful, but
14 * WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16 * Lesser General Public License for more details.
18 * You should have received a copy of the GNU Lesser General Public License
19 * along with this program. If not, see <http://www.gnu.org/licenses/>
23 /* This file contains the types and prototypes for all the
24 * high level functionality of the gnutls main library.
26 * If the optional C++ binding was built, it is available in
29 * The openssl compatibility layer (which is under the GNU GPL
30 * license) is in gnutls/openssl.h.
32 * The low level cipher functionality is in gnutls/crypto.h.
55 #define GNUTLS_VERSION "@VERSION@"
57 #define GNUTLS_VERSION_MAJOR @MAJOR_VERSION@
58 #define GNUTLS_VERSION_MINOR @MINOR_VERSION@
59 #define GNUTLS_VERSION_PATCH @PATCH_VERSION@
61 #define GNUTLS_VERSION_NUMBER @NUMBER_VERSION@
63 #define GNUTLS_CIPHER_RIJNDAEL_128_CBC GNUTLS_CIPHER_AES_128_CBC
64 #define GNUTLS_CIPHER_RIJNDAEL_256_CBC GNUTLS_CIPHER_AES_256_CBC
65 #define GNUTLS_CIPHER_RIJNDAEL_CBC GNUTLS_CIPHER_AES_128_CBC
66 #define GNUTLS_CIPHER_ARCFOUR GNUTLS_CIPHER_ARCFOUR_128
69 * gnutls_cipher_algorithm_t:
70 * @GNUTLS_CIPHER_UNKNOWN: Unknown algorithm.
71 * @GNUTLS_CIPHER_NULL: NULL algorithm.
72 * @GNUTLS_CIPHER_ARCFOUR_128: ARCFOUR stream cipher with 128-bit keys.
73 * @GNUTLS_CIPHER_3DES_CBC: 3DES in CBC mode.
74 * @GNUTLS_CIPHER_AES_128_CBC: AES in CBC mode with 128-bit keys.
75 * @GNUTLS_CIPHER_AES_192_CBC: AES in CBC mode with 192-bit keys.
76 * @GNUTLS_CIPHER_AES_256_CBC: AES in CBC mode with 256-bit keys.
77 * @GNUTLS_CIPHER_ARCFOUR_40: ARCFOUR stream cipher with 40-bit keys.
78 * @GNUTLS_CIPHER_CAMELLIA_128_CBC: Camellia in CBC mode with 128-bit keys.
79 * @GNUTLS_CIPHER_CAMELLIA_192_CBC: Camellia in CBC mode with 192-bit keys.
80 * @GNUTLS_CIPHER_CAMELLIA_256_CBC: Camellia in CBC mode with 256-bit keys.
81 * @GNUTLS_CIPHER_RC2_40_CBC: RC2 in CBC mode with 40-bit keys.
82 * @GNUTLS_CIPHER_DES_CBC: DES in CBC mode (56-bit keys).
83 * @GNUTLS_CIPHER_AES_128_GCM: AES in GCM mode with 128-bit keys.
84 * @GNUTLS_CIPHER_AES_256_GCM: AES in GCM mode with 256-bit keys.
85 * @GNUTLS_CIPHER_IDEA_PGP_CFB: IDEA in CFB mode.
86 * @GNUTLS_CIPHER_3DES_PGP_CFB: 3DES in CFB mode.
87 * @GNUTLS_CIPHER_CAST5_PGP_CFB: CAST5 in CFB mode.
88 * @GNUTLS_CIPHER_BLOWFISH_PGP_CFB: Blowfish in CFB mode.
89 * @GNUTLS_CIPHER_SAFER_SK128_PGP_CFB: Safer-SK in CFB mode with 128-bit keys.
90 * @GNUTLS_CIPHER_AES128_PGP_CFB: AES in CFB mode with 128-bit keys.
91 * @GNUTLS_CIPHER_AES192_PGP_CFB: AES in CFB mode with 192-bit keys.
92 * @GNUTLS_CIPHER_AES256_PGP_CFB: AES in CFB mode with 256-bit keys.
93 * @GNUTLS_CIPHER_TWOFISH_PGP_CFB: Twofish in CFB mode.
95 * Enumeration of different symmetric encryption algorithms.
97 typedef enum gnutls_cipher_algorithm
99 GNUTLS_CIPHER_UNKNOWN
= 0,
100 GNUTLS_CIPHER_NULL
= 1,
101 GNUTLS_CIPHER_ARCFOUR_128
= 2,
102 GNUTLS_CIPHER_3DES_CBC
= 3,
103 GNUTLS_CIPHER_AES_128_CBC
= 4,
104 GNUTLS_CIPHER_AES_256_CBC
= 5,
105 GNUTLS_CIPHER_ARCFOUR_40
= 6,
106 GNUTLS_CIPHER_CAMELLIA_128_CBC
= 7,
107 GNUTLS_CIPHER_CAMELLIA_256_CBC
= 8,
108 GNUTLS_CIPHER_RC2_40_CBC
= 90,
109 GNUTLS_CIPHER_DES_CBC
= 91,
110 GNUTLS_CIPHER_AES_192_CBC
= 92,
111 GNUTLS_CIPHER_AES_128_GCM
= 93,
112 GNUTLS_CIPHER_AES_256_GCM
= 94,
113 GNUTLS_CIPHER_CAMELLIA_192_CBC
= 95,
115 /* used only for PGP internals. Ignored in TLS/SSL
117 GNUTLS_CIPHER_IDEA_PGP_CFB
= 200,
118 GNUTLS_CIPHER_3DES_PGP_CFB
= 201,
119 GNUTLS_CIPHER_CAST5_PGP_CFB
= 202,
120 GNUTLS_CIPHER_BLOWFISH_PGP_CFB
= 203,
121 GNUTLS_CIPHER_SAFER_SK128_PGP_CFB
= 204,
122 GNUTLS_CIPHER_AES128_PGP_CFB
= 205,
123 GNUTLS_CIPHER_AES192_PGP_CFB
= 206,
124 GNUTLS_CIPHER_AES256_PGP_CFB
= 207,
125 GNUTLS_CIPHER_TWOFISH_PGP_CFB
= 208
126 } gnutls_cipher_algorithm_t
;
129 * gnutls_kx_algorithm_t:
130 * @GNUTLS_KX_UNKNOWN: Unknown key-exchange algorithm.
131 * @GNUTLS_KX_RSA: RSA key-exchange algorithm.
132 * @GNUTLS_KX_DHE_DSS: DHE-DSS key-exchange algorithm.
133 * @GNUTLS_KX_DHE_RSA: DHE-RSA key-exchange algorithm.
134 * @GNUTLS_KX_ECDHE_RSA: ECDHE-RSA key-exchange algorithm.
135 * @GNUTLS_KX_ECDHE_ECDSA: ECDHE-ECDSA key-exchange algorithm.
136 * @GNUTLS_KX_ANON_DH: Anon-DH key-exchange algorithm.
137 * @GNUTLS_KX_ANON_ECDH: Anon-ECDH key-exchange algorithm.
138 * @GNUTLS_KX_SRP: SRP key-exchange algorithm.
139 * @GNUTLS_KX_RSA_EXPORT: RSA-EXPORT key-exchange algorithm.
140 * @GNUTLS_KX_SRP_RSA: SRP-RSA key-exchange algorithm.
141 * @GNUTLS_KX_SRP_DSS: SRP-DSS key-exchange algorithm.
142 * @GNUTLS_KX_PSK: PSK key-exchange algorithm.
143 * @GNUTLS_KX_DHE_PSK: DHE-PSK key-exchange algorithm.
144 * @GNUTLS_KX_ECDHE_PSK: ECDHE-PSK key-exchange algorithm.
146 * Enumeration of different key exchange algorithms.
150 GNUTLS_KX_UNKNOWN
= 0,
152 GNUTLS_KX_DHE_DSS
= 2,
153 GNUTLS_KX_DHE_RSA
= 3,
154 GNUTLS_KX_ANON_DH
= 4,
156 GNUTLS_KX_RSA_EXPORT
= 6,
157 GNUTLS_KX_SRP_RSA
= 7,
158 GNUTLS_KX_SRP_DSS
= 8,
160 GNUTLS_KX_DHE_PSK
= 10,
161 GNUTLS_KX_ANON_ECDH
= 11,
162 GNUTLS_KX_ECDHE_RSA
= 12,
163 GNUTLS_KX_ECDHE_ECDSA
= 13,
164 GNUTLS_KX_ECDHE_PSK
= 14,
165 } gnutls_kx_algorithm_t
;
168 * gnutls_params_type_t:
169 * @GNUTLS_PARAMS_RSA_EXPORT: Session RSA-EXPORT parameters.
170 * @GNUTLS_PARAMS_DH: Session Diffie-Hellman parameters.
171 * @GNUTLS_PARAMS_ECDH: Session Elliptic-Curve Diffie-Hellman parameters.
173 * Enumeration of different TLS session parameter types.
177 GNUTLS_PARAMS_RSA_EXPORT
= 1,
178 GNUTLS_PARAMS_DH
= 2,
179 GNUTLS_PARAMS_ECDH
= 3,
180 } gnutls_params_type_t
;
183 * gnutls_credentials_type_t:
184 * @GNUTLS_CRD_CERTIFICATE: Certificate credential.
185 * @GNUTLS_CRD_ANON: Anonymous credential.
186 * @GNUTLS_CRD_SRP: SRP credential.
187 * @GNUTLS_CRD_PSK: PSK credential.
188 * @GNUTLS_CRD_IA: IA credential.
190 * Enumeration of different credential types.
194 GNUTLS_CRD_CERTIFICATE
= 1,
199 } gnutls_credentials_type_t
;
201 #define GNUTLS_MAC_SHA GNUTLS_MAC_SHA1
202 #define GNUTLS_DIG_SHA GNUTLS_DIG_SHA1
205 * gnutls_mac_algorithm_t:
206 * @GNUTLS_MAC_UNKNOWN: Unknown MAC algorithm.
207 * @GNUTLS_MAC_NULL: NULL MAC algorithm (empty output).
208 * @GNUTLS_MAC_MD5: HMAC-MD5 algorithm.
209 * @GNUTLS_MAC_SHA1: HMAC-SHA-1 algorithm.
210 * @GNUTLS_MAC_RMD160: HMAC-RMD160 algorithm.
211 * @GNUTLS_MAC_MD2: HMAC-MD2 algorithm.
212 * @GNUTLS_MAC_SHA256: HMAC-SHA-256 algorithm.
213 * @GNUTLS_MAC_SHA384: HMAC-SHA-384 algorithm.
214 * @GNUTLS_MAC_SHA512: HMAC-SHA-512 algorithm.
215 * @GNUTLS_MAC_SHA224: HMAC-SHA-224 algorithm.
216 * @GNUTLS_MAC_AEAD: MAC implicit through AEAD cipher.
218 * Enumeration of different Message Authentication Code (MAC)
223 GNUTLS_MAC_UNKNOWN
= 0,
227 GNUTLS_MAC_RMD160
= 4,
229 GNUTLS_MAC_SHA256
= 6,
230 GNUTLS_MAC_SHA384
= 7,
231 GNUTLS_MAC_SHA512
= 8,
232 GNUTLS_MAC_SHA224
= 9,
233 /* If you add anything here, make sure you align with
234 gnutls_digest_algorithm_t. */
235 GNUTLS_MAC_AEAD
= 200 /* indicates that MAC is on the cipher */
236 } gnutls_mac_algorithm_t
;
239 * gnutls_digest_algorithm_t:
240 * @GNUTLS_DIG_UNKNOWN: Unknown hash algorithm.
241 * @GNUTLS_DIG_NULL: NULL hash algorithm (empty output).
242 * @GNUTLS_DIG_MD5: MD5 algorithm.
243 * @GNUTLS_DIG_SHA1: SHA-1 algorithm.
244 * @GNUTLS_DIG_RMD160: RMD160 algorithm.
245 * @GNUTLS_DIG_MD2: MD2 algorithm.
246 * @GNUTLS_DIG_SHA256: SHA-256 algorithm.
247 * @GNUTLS_DIG_SHA384: SHA-384 algorithm.
248 * @GNUTLS_DIG_SHA512: SHA-512 algorithm.
249 * @GNUTLS_DIG_SHA224: SHA-224 algorithm.
251 * Enumeration of different digest (hash) algorithms.
255 GNUTLS_DIG_UNKNOWN
= GNUTLS_MAC_UNKNOWN
,
256 GNUTLS_DIG_NULL
= GNUTLS_MAC_NULL
,
257 GNUTLS_DIG_MD5
= GNUTLS_MAC_MD5
,
258 GNUTLS_DIG_SHA1
= GNUTLS_MAC_SHA1
,
259 GNUTLS_DIG_RMD160
= GNUTLS_MAC_RMD160
,
260 GNUTLS_DIG_MD2
= GNUTLS_MAC_MD2
,
261 GNUTLS_DIG_SHA256
= GNUTLS_MAC_SHA256
,
262 GNUTLS_DIG_SHA384
= GNUTLS_MAC_SHA384
,
263 GNUTLS_DIG_SHA512
= GNUTLS_MAC_SHA512
,
264 GNUTLS_DIG_SHA224
= GNUTLS_MAC_SHA224
265 /* If you add anything here, make sure you align with
266 gnutls_mac_algorithm_t. */
267 } gnutls_digest_algorithm_t
;
269 /* exported for other gnutls headers. This is the maximum number of
270 * algorithms (ciphers, kx or macs).
272 #define GNUTLS_MAX_ALGORITHM_NUM 32
275 * gnutls_compression_method_t:
276 * @GNUTLS_COMP_UNKNOWN: Unknown compression method.
277 * @GNUTLS_COMP_NULL: The NULL compression method (no compression).
278 * @GNUTLS_COMP_DEFLATE: The DEFLATE compression method from zlib.
279 * @GNUTLS_COMP_ZLIB: Same as %GNUTLS_COMP_DEFLATE.
281 * Enumeration of different TLS compression methods.
285 GNUTLS_COMP_UNKNOWN
= 0,
286 GNUTLS_COMP_NULL
= 1,
287 GNUTLS_COMP_DEFLATE
= 2,
288 GNUTLS_COMP_ZLIB
= GNUTLS_COMP_DEFLATE
,
289 } gnutls_compression_method_t
;
292 * Flags for gnutls_init()
294 * @GNUTLS_SERVER: Connection end is a server.
295 * @GNUTLS_CLIENT: Connection end is a client.
296 * @GNUTLS_DATAGRAM: Connection is datagram oriented (DTLS).
297 * @GNUTLS_NONBLOCK: Connection should not block (DTLS).
300 #define GNUTLS_SERVER 1
301 #define GNUTLS_CLIENT (1<<1)
302 #define GNUTLS_DATAGRAM (1<<2)
303 #define GNUTLS_NONBLOCK (1<<3)
306 * gnutls_alert_level_t:
307 * @GNUTLS_AL_WARNING: Alert of warning severity.
308 * @GNUTLS_AL_FATAL: Alert of fatal severity.
310 * Enumeration of different TLS alert severities.
314 GNUTLS_AL_WARNING
= 1,
316 } gnutls_alert_level_t
;
319 * gnutls_alert_description_t:
320 * @GNUTLS_A_CLOSE_NOTIFY: Close notify.
321 * @GNUTLS_A_UNEXPECTED_MESSAGE: Unexpected message.
322 * @GNUTLS_A_BAD_RECORD_MAC: Bad record MAC.
323 * @GNUTLS_A_DECRYPTION_FAILED: Decryption failed.
324 * @GNUTLS_A_RECORD_OVERFLOW: Record overflow.
325 * @GNUTLS_A_DECOMPRESSION_FAILURE: Decompression failed.
326 * @GNUTLS_A_HANDSHAKE_FAILURE: Handshake failed.
327 * @GNUTLS_A_SSL3_NO_CERTIFICATE: No certificate.
328 * @GNUTLS_A_BAD_CERTIFICATE: Certificate is bad.
329 * @GNUTLS_A_UNSUPPORTED_CERTIFICATE: Certificate is not supported.
330 * @GNUTLS_A_CERTIFICATE_REVOKED: Certificate was revoked.
331 * @GNUTLS_A_CERTIFICATE_EXPIRED: Certificate is expired.
332 * @GNUTLS_A_CERTIFICATE_UNKNOWN: Unknown certificate.
333 * @GNUTLS_A_ILLEGAL_PARAMETER: Illegal parameter.
334 * @GNUTLS_A_UNKNOWN_CA: CA is unknown.
335 * @GNUTLS_A_ACCESS_DENIED: Access was denied.
336 * @GNUTLS_A_DECODE_ERROR: Decode error.
337 * @GNUTLS_A_DECRYPT_ERROR: Decrypt error.
338 * @GNUTLS_A_EXPORT_RESTRICTION: Export restriction.
339 * @GNUTLS_A_PROTOCOL_VERSION: Error in protocol version.
340 * @GNUTLS_A_INSUFFICIENT_SECURITY: Insufficient security.
341 * @GNUTLS_A_USER_CANCELED: User canceled.
342 * @GNUTLS_A_INTERNAL_ERROR: Internal error.
343 * @GNUTLS_A_NO_RENEGOTIATION: No renegotiation is allowed.
344 * @GNUTLS_A_CERTIFICATE_UNOBTAINABLE: Could not retrieve the
345 * specified certificate.
346 * @GNUTLS_A_UNSUPPORTED_EXTENSION: An unsupported extension was
348 * @GNUTLS_A_UNRECOGNIZED_NAME: The server name sent was not
350 * @GNUTLS_A_UNKNOWN_PSK_IDENTITY: The SRP/PSK username is missing
353 * Enumeration of different TLS alerts.
357 GNUTLS_A_CLOSE_NOTIFY
,
358 GNUTLS_A_UNEXPECTED_MESSAGE
= 10,
359 GNUTLS_A_BAD_RECORD_MAC
= 20,
360 GNUTLS_A_DECRYPTION_FAILED
,
361 GNUTLS_A_RECORD_OVERFLOW
,
362 GNUTLS_A_DECOMPRESSION_FAILURE
= 30,
363 GNUTLS_A_HANDSHAKE_FAILURE
= 40,
364 GNUTLS_A_SSL3_NO_CERTIFICATE
= 41,
365 GNUTLS_A_BAD_CERTIFICATE
= 42,
366 GNUTLS_A_UNSUPPORTED_CERTIFICATE
,
367 GNUTLS_A_CERTIFICATE_REVOKED
,
368 GNUTLS_A_CERTIFICATE_EXPIRED
,
369 GNUTLS_A_CERTIFICATE_UNKNOWN
,
370 GNUTLS_A_ILLEGAL_PARAMETER
,
372 GNUTLS_A_ACCESS_DENIED
,
373 GNUTLS_A_DECODE_ERROR
= 50,
374 GNUTLS_A_DECRYPT_ERROR
,
375 GNUTLS_A_EXPORT_RESTRICTION
= 60,
376 GNUTLS_A_PROTOCOL_VERSION
= 70,
377 GNUTLS_A_INSUFFICIENT_SECURITY
,
378 GNUTLS_A_INTERNAL_ERROR
= 80,
379 GNUTLS_A_USER_CANCELED
= 90,
380 GNUTLS_A_NO_RENEGOTIATION
= 100,
381 GNUTLS_A_UNSUPPORTED_EXTENSION
= 110,
382 GNUTLS_A_CERTIFICATE_UNOBTAINABLE
= 111,
383 GNUTLS_A_UNRECOGNIZED_NAME
= 112,
384 GNUTLS_A_UNKNOWN_PSK_IDENTITY
= 115,
385 } gnutls_alert_description_t
;
388 * gnutls_handshake_description_t:
389 * @GNUTLS_HANDSHAKE_HELLO_REQUEST: Hello request.
390 * @GNUTLS_HANDSHAKE_HELLO_VERIFY_REQUEST: DTLS Hello verify request.
391 * @GNUTLS_HANDSHAKE_CLIENT_HELLO: Client hello.
392 * @GNUTLS_HANDSHAKE_SERVER_HELLO: Server hello.
393 * @GNUTLS_HANDSHAKE_NEW_SESSION_TICKET: New session ticket.
394 * @GNUTLS_HANDSHAKE_CERTIFICATE_PKT: Certificate packet.
395 * @GNUTLS_HANDSHAKE_SERVER_KEY_EXCHANGE: Server key exchange.
396 * @GNUTLS_HANDSHAKE_CERTIFICATE_REQUEST: Certificate request.
397 * @GNUTLS_HANDSHAKE_SERVER_HELLO_DONE: Server hello done.
398 * @GNUTLS_HANDSHAKE_CERTIFICATE_VERIFY: Certificate verify.
399 * @GNUTLS_HANDSHAKE_CLIENT_KEY_EXCHANGE: Client key exchange.
400 * @GNUTLS_HANDSHAKE_FINISHED: Finished.
401 * @GNUTLS_HANDSHAKE_CERTIFICATE_STATUS: Certificate status (OCSP).
402 * @GNUTLS_HANDSHAKE_SUPPLEMENTAL: Supplemental.
403 * @GNUTLS_HANDSHAKE_CHANGE_CIPHER_SPEC: Change Cipher Spec.
404 * @GNUTLS_HANDSHAKE_CLIENT_HELLO_V2: SSLv2 Client Hello.
406 * Enumeration of different TLS handshake packets.
410 GNUTLS_HANDSHAKE_HELLO_REQUEST
= 0,
411 GNUTLS_HANDSHAKE_CLIENT_HELLO
= 1,
412 GNUTLS_HANDSHAKE_SERVER_HELLO
= 2,
413 GNUTLS_HANDSHAKE_HELLO_VERIFY_REQUEST
= 3,
414 GNUTLS_HANDSHAKE_NEW_SESSION_TICKET
= 4,
415 GNUTLS_HANDSHAKE_CERTIFICATE_PKT
= 11,
416 GNUTLS_HANDSHAKE_SERVER_KEY_EXCHANGE
= 12,
417 GNUTLS_HANDSHAKE_CERTIFICATE_REQUEST
= 13,
418 GNUTLS_HANDSHAKE_SERVER_HELLO_DONE
= 14,
419 GNUTLS_HANDSHAKE_CERTIFICATE_VERIFY
= 15,
420 GNUTLS_HANDSHAKE_CLIENT_KEY_EXCHANGE
= 16,
421 GNUTLS_HANDSHAKE_FINISHED
= 20,
422 GNUTLS_HANDSHAKE_CERTIFICATE_STATUS
= 22,
423 GNUTLS_HANDSHAKE_SUPPLEMENTAL
= 23,
424 GNUTLS_HANDSHAKE_CHANGE_CIPHER_SPEC
= 254,
425 GNUTLS_HANDSHAKE_CLIENT_HELLO_V2
= 1024,
426 } gnutls_handshake_description_t
;
429 * gnutls_certificate_status_t:
430 * @GNUTLS_CERT_INVALID: The certificate is not signed by one of the
431 * known authorities or the signature is invalid.
432 * @GNUTLS_CERT_SIGNATURE_FAILURE: The signature verification failed.
433 * @GNUTLS_CERT_REVOKED: Certificate is revoked by its authority. In X.509 this will be
434 * set only if CRLs are checked.
435 * @GNUTLS_CERT_SIGNER_NOT_FOUND: The certificate's issuer is not known.
436 * This is the case if the issuer is not included in the trusted certificate list.
437 * @GNUTLS_CERT_SIGNER_NOT_CA: The certificate's signer was not a CA. This
438 * may happen if this was a version 1 certificate, which is common with
439 * some CAs, or a version 3 certificate without the basic constrains extension.
440 * @GNUTLS_CERT_INSECURE_ALGORITHM: The certificate was signed using an insecure
441 * algorithm such as MD2 or MD5. These algorithms have been broken and
442 * should not be trusted.
443 * @GNUTLS_CERT_NOT_ACTIVATED: The certificate is not yet activated.
444 * @GNUTLS_CERT_EXPIRED: The certificate has expired.
446 * Enumeration of certificate status codes. Note that the status
447 * bits have different meanings in OpenPGP keys and X.509
448 * certificate verification.
452 GNUTLS_CERT_INVALID
= 2,
453 GNUTLS_CERT_REVOKED
= 32,
454 GNUTLS_CERT_SIGNER_NOT_FOUND
= 64,
455 GNUTLS_CERT_SIGNER_NOT_CA
= 128,
456 GNUTLS_CERT_INSECURE_ALGORITHM
= 256,
457 GNUTLS_CERT_NOT_ACTIVATED
= 512,
458 GNUTLS_CERT_EXPIRED
= 1024,
459 GNUTLS_CERT_SIGNATURE_FAILURE
= 2048
460 } gnutls_certificate_status_t
;
463 * gnutls_certificate_request_t:
464 * @GNUTLS_CERT_IGNORE: Ignore certificate.
465 * @GNUTLS_CERT_REQUEST: Request certificate.
466 * @GNUTLS_CERT_REQUIRE: Require certificate.
468 * Enumeration of certificate request types.
472 GNUTLS_CERT_IGNORE
= 0,
473 GNUTLS_CERT_REQUEST
= 1,
474 GNUTLS_CERT_REQUIRE
= 2
475 } gnutls_certificate_request_t
;
478 * gnutls_openpgp_crt_status_t:
479 * @GNUTLS_OPENPGP_CERT: Send entire certificate.
480 * @GNUTLS_OPENPGP_CERT_FINGERPRINT: Send only certificate fingerprint.
482 * Enumeration of ways to send OpenPGP certificate.
486 GNUTLS_OPENPGP_CERT
= 0,
487 GNUTLS_OPENPGP_CERT_FINGERPRINT
= 1
488 } gnutls_openpgp_crt_status_t
;
491 * gnutls_close_request_t:
492 * @GNUTLS_SHUT_RDWR: Disallow further receives/sends.
493 * @GNUTLS_SHUT_WR: Disallow further sends.
495 * Enumeration of how TLS session should be terminated. See gnutls_bye().
499 GNUTLS_SHUT_RDWR
= 0,
501 } gnutls_close_request_t
;
505 * @GNUTLS_SSL3: SSL version 3.0.
506 * @GNUTLS_TLS1_0: TLS version 1.0.
507 * @GNUTLS_TLS1: Same as %GNUTLS_TLS1_0.
508 * @GNUTLS_TLS1_1: TLS version 1.1.
509 * @GNUTLS_TLS1_2: TLS version 1.2.
510 * @GNUTLS_DTLS1_0: DTLS version 1.0.
511 * @GNUTLS_DTLS0_9: DTLS version 0.9 (Cisco AnyConnect / OpenSSL 0.9.8e).
512 * @GNUTLS_VERSION_MAX: Maps to the highest supported TLS version.
513 * @GNUTLS_VERSION_UNKNOWN: Unknown SSL/TLS version.
515 * Enumeration of different SSL/TLS protocol versions.
521 GNUTLS_TLS1
= GNUTLS_TLS1_0
,
526 GNUTLS_VERSION_MAX
= GNUTLS_DTLS0_9
,
527 GNUTLS_VERSION_UNKNOWN
= 0xff
531 * gnutls_certificate_type_t:
532 * @GNUTLS_CRT_UNKNOWN: Unknown certificate type.
533 * @GNUTLS_CRT_X509: X.509 Certificate.
534 * @GNUTLS_CRT_OPENPGP: OpenPGP certificate.
535 * @GNUTLS_CRT_RAW: Raw public key (SubjectPublicKey)
537 * Enumeration of different certificate types.
541 GNUTLS_CRT_UNKNOWN
= 0,
543 GNUTLS_CRT_OPENPGP
= 2,
545 } gnutls_certificate_type_t
;
548 * gnutls_x509_crt_fmt_t:
549 * @GNUTLS_X509_FMT_DER: X.509 certificate in DER format (binary).
550 * @GNUTLS_X509_FMT_PEM: X.509 certificate in PEM format (text).
552 * Enumeration of different certificate encoding formats.
556 GNUTLS_X509_FMT_DER
= 0,
557 GNUTLS_X509_FMT_PEM
= 1
558 } gnutls_x509_crt_fmt_t
;
561 * gnutls_certificate_print_formats_t:
562 * @GNUTLS_CRT_PRINT_FULL: Full information about certificate.
563 * @GNUTLS_CRT_PRINT_COMPACT: Information about certificate name in one line, plus identification of the public key.
564 * @GNUTLS_CRT_PRINT_ONELINE: Information about certificate in one line.
565 * @GNUTLS_CRT_PRINT_UNSIGNED_FULL: All info for an unsigned certificate.
567 * Enumeration of different certificate printing variants.
569 typedef enum gnutls_certificate_print_formats
571 GNUTLS_CRT_PRINT_FULL
= 0,
572 GNUTLS_CRT_PRINT_ONELINE
= 1,
573 GNUTLS_CRT_PRINT_UNSIGNED_FULL
= 2,
574 GNUTLS_CRT_PRINT_COMPACT
= 3
575 } gnutls_certificate_print_formats_t
;
577 #define GNUTLS_PK_ECC GNUTLS_PK_EC
579 * gnutls_pk_algorithm_t:
580 * @GNUTLS_PK_UNKNOWN: Unknown public-key algorithm.
581 * @GNUTLS_PK_RSA: RSA public-key algorithm.
582 * @GNUTLS_PK_DSA: DSA public-key algorithm.
583 * @GNUTLS_PK_DH: Diffie-Hellman algorithm. Used to generate parameters.
584 * @GNUTLS_PK_EC: Elliptic curve algorithm. Used to generate parameters.
586 * Enumeration of different public-key algorithms.
590 GNUTLS_PK_UNKNOWN
= 0,
595 } gnutls_pk_algorithm_t
;
597 const char *gnutls_pk_algorithm_get_name (gnutls_pk_algorithm_t algorithm
);
600 * gnutls_sign_algorithm_t:
601 * @GNUTLS_SIGN_UNKNOWN: Unknown signature algorithm.
602 * @GNUTLS_SIGN_RSA_SHA1: Digital signature algorithm RSA with SHA-1
603 * @GNUTLS_SIGN_RSA_SHA: Same as %GNUTLS_SIGN_RSA_SHA1.
604 * @GNUTLS_SIGN_DSA_SHA1: Digital signature algorithm DSA with SHA-1
605 * @GNUTLS_SIGN_DSA_SHA224: Digital signature algorithm DSA with SHA-224
606 * @GNUTLS_SIGN_DSA_SHA256: Digital signature algorithm DSA with SHA-256
607 * @GNUTLS_SIGN_DSA_SHA: Same as %GNUTLS_SIGN_DSA_SHA1.
608 * @GNUTLS_SIGN_RSA_MD5: Digital signature algorithm RSA with MD5.
609 * @GNUTLS_SIGN_RSA_MD2: Digital signature algorithm RSA with MD2.
610 * @GNUTLS_SIGN_RSA_RMD160: Digital signature algorithm RSA with RMD-160.
611 * @GNUTLS_SIGN_RSA_SHA256: Digital signature algorithm RSA with SHA-256.
612 * @GNUTLS_SIGN_RSA_SHA384: Digital signature algorithm RSA with SHA-384.
613 * @GNUTLS_SIGN_RSA_SHA512: Digital signature algorithm RSA with SHA-512.
614 * @GNUTLS_SIGN_RSA_SHA224: Digital signature algorithm RSA with SHA-224.
615 * @GNUTLS_SIGN_ECDSA_SHA1: ECDSA with SHA1.
616 * @GNUTLS_SIGN_ECDSA_SHA256: Digital signature algorithm ECDSA with SHA-256.
617 * @GNUTLS_SIGN_ECDSA_SHA384: Digital signature algorithm ECDSA with SHA-384.
618 * @GNUTLS_SIGN_ECDSA_SHA512: Digital signature algorithm ECDSA with SHA-512.
619 * @GNUTLS_SIGN_ECDSA_SHA224: Digital signature algorithm ECDSA with SHA-224.
621 * Enumeration of different digital signature algorithms.
625 GNUTLS_SIGN_UNKNOWN
= 0,
626 GNUTLS_SIGN_RSA_SHA1
= 1,
627 GNUTLS_SIGN_RSA_SHA
= GNUTLS_SIGN_RSA_SHA1
,
628 GNUTLS_SIGN_DSA_SHA1
= 2,
629 GNUTLS_SIGN_DSA_SHA
= GNUTLS_SIGN_DSA_SHA1
,
630 GNUTLS_SIGN_RSA_MD5
= 3,
631 GNUTLS_SIGN_RSA_MD2
= 4,
632 GNUTLS_SIGN_RSA_RMD160
= 5,
633 GNUTLS_SIGN_RSA_SHA256
= 6,
634 GNUTLS_SIGN_RSA_SHA384
= 7,
635 GNUTLS_SIGN_RSA_SHA512
= 8,
636 GNUTLS_SIGN_RSA_SHA224
= 9,
637 GNUTLS_SIGN_DSA_SHA224
= 10,
638 GNUTLS_SIGN_DSA_SHA256
= 11,
639 GNUTLS_SIGN_ECDSA_SHA1
= 12,
640 GNUTLS_SIGN_ECDSA_SHA224
= 13,
641 GNUTLS_SIGN_ECDSA_SHA256
= 14,
642 GNUTLS_SIGN_ECDSA_SHA384
= 15,
643 GNUTLS_SIGN_ECDSA_SHA512
= 16,
644 } gnutls_sign_algorithm_t
;
647 * gnutls_ecc_curve_t:
648 * @GNUTLS_ECC_CURVE_INVALID: Cannot be known
649 * @GNUTLS_ECC_CURVE_SECP192R1: the SECP192R1 curve
650 * @GNUTLS_ECC_CURVE_SECP224R1: the SECP224R1 curve
651 * @GNUTLS_ECC_CURVE_SECP256R1: the SECP256R1 curve
652 * @GNUTLS_ECC_CURVE_SECP384R1: the SECP384R1 curve
653 * @GNUTLS_ECC_CURVE_SECP521R1: the SECP521R1 curve
655 * Enumeration of ECC curves.
659 GNUTLS_ECC_CURVE_INVALID
=0,
660 GNUTLS_ECC_CURVE_SECP224R1
,
661 GNUTLS_ECC_CURVE_SECP256R1
,
662 GNUTLS_ECC_CURVE_SECP384R1
,
663 GNUTLS_ECC_CURVE_SECP521R1
,
664 GNUTLS_ECC_CURVE_SECP192R1
,
665 } gnutls_ecc_curve_t
;
668 * gnutls_sec_param_t:
669 * @GNUTLS_SEC_PARAM_INSECURE: Less than 72 bits of security
670 * @GNUTLS_SEC_PARAM_WEAK: 72 bits of security
671 * @GNUTLS_SEC_PARAM_UNKNOWN: Cannot be known
672 * @GNUTLS_SEC_PARAM_LOW: 80 bits of security
673 * @GNUTLS_SEC_PARAM_LEGACY: 96 bits of security
674 * @GNUTLS_SEC_PARAM_NORMAL: 112 bits of security
675 * @GNUTLS_SEC_PARAM_HIGH: 128 bits of security
676 * @GNUTLS_SEC_PARAM_ULTRA: 192 bits of security
678 * Enumeration of security parameters for passive attacks.
682 GNUTLS_SEC_PARAM_INSECURE
= -20,
683 GNUTLS_SEC_PARAM_WEAK
= -10,
684 GNUTLS_SEC_PARAM_UNKNOWN
= 0,
685 GNUTLS_SEC_PARAM_LOW
= 1,
686 GNUTLS_SEC_PARAM_LEGACY
= 2,
687 GNUTLS_SEC_PARAM_NORMAL
= 3,
688 GNUTLS_SEC_PARAM_HIGH
= 4,
689 GNUTLS_SEC_PARAM_ULTRA
= 5,
690 } gnutls_sec_param_t
;
693 * gnutls_channel_binding_t:
694 * @GNUTLS_CB_TLS_UNIQUE: "tls-unique" (RFC 5929) channel binding
696 * Enumeration of support channel binding types.
701 } gnutls_channel_binding_t
;
704 /* If you want to change this, then also change the define in
705 * gnutls_int.h, and recompile.
707 typedef void *gnutls_transport_ptr_t
;
709 struct gnutls_session_int
;
710 typedef struct gnutls_session_int
*gnutls_session_t
;
712 struct gnutls_dh_params_int
;
713 typedef struct gnutls_dh_params_int
*gnutls_dh_params_t
;
715 struct gnutls_ecdh_params_int
;
716 typedef struct gnutls_ecdh_params_int
*gnutls_ecdh_params_t
;
719 struct gnutls_x509_privkey_int
;
720 typedef struct gnutls_x509_privkey_int
*gnutls_rsa_params_t
;
722 struct gnutls_priority_st
;
723 typedef struct gnutls_priority_st
*gnutls_priority_t
;
732 typedef struct gnutls_params_st
734 gnutls_params_type_t type
;
737 gnutls_dh_params_t dh
;
738 gnutls_ecdh_params_t ecdh
;
739 gnutls_rsa_params_t rsa_export
;
744 typedef int gnutls_params_function (gnutls_session_t
, gnutls_params_type_t
,
747 /* internal functions */
749 int gnutls_init (gnutls_session_t
* session
,
751 void gnutls_deinit (gnutls_session_t session
);
752 #define _gnutls_deinit(x) gnutls_deinit(x)
754 int gnutls_bye (gnutls_session_t session
, gnutls_close_request_t how
);
756 int gnutls_handshake (gnutls_session_t session
);
758 #define GNUTLS_DEFAULT_HANDSHAKE_TIMEOUT ((unsigned int)-1)
759 void gnutls_handshake_set_timeout (gnutls_session_t session
,
761 int gnutls_rehandshake (gnutls_session_t session
);
763 gnutls_alert_description_t
gnutls_alert_get (gnutls_session_t session
);
764 int gnutls_alert_send (gnutls_session_t session
,
765 gnutls_alert_level_t level
,
766 gnutls_alert_description_t desc
);
767 int gnutls_alert_send_appropriate (gnutls_session_t session
, int err
);
768 const char *gnutls_alert_get_name (gnutls_alert_description_t alert
);
769 const char * gnutls_alert_get_strname (gnutls_alert_description_t alert
);
771 gnutls_sec_param_t
gnutls_pk_bits_to_sec_param (gnutls_pk_algorithm_t algo
,
773 const char *gnutls_sec_param_get_name (gnutls_sec_param_t param
);
774 unsigned int gnutls_sec_param_to_pk_bits (gnutls_pk_algorithm_t algo
,
775 gnutls_sec_param_t param
);
777 /* Elliptic curves */
778 const char * gnutls_ecc_curve_get_name (gnutls_ecc_curve_t curve
);
779 int gnutls_ecc_curve_get_size (gnutls_ecc_curve_t curve
);
780 gnutls_ecc_curve_t
gnutls_ecc_curve_get(gnutls_session_t session
);
782 /* get information on the current session */
783 gnutls_cipher_algorithm_t
gnutls_cipher_get (gnutls_session_t session
);
784 gnutls_kx_algorithm_t
gnutls_kx_get (gnutls_session_t session
);
785 gnutls_mac_algorithm_t
gnutls_mac_get (gnutls_session_t session
);
786 gnutls_compression_method_t
787 gnutls_compression_get (gnutls_session_t session
);
788 gnutls_certificate_type_t
789 gnutls_certificate_type_get (gnutls_session_t session
);
791 int gnutls_sign_algorithm_get (gnutls_session_t session
);
793 int gnutls_sign_algorithm_get_requested (gnutls_session_t session
,
795 gnutls_sign_algorithm_t
* algo
);
797 size_t gnutls_cipher_get_key_size (gnutls_cipher_algorithm_t algorithm
);
798 size_t gnutls_mac_get_key_size (gnutls_mac_algorithm_t algorithm
);
800 /* the name of the specified algorithms */
801 const char *gnutls_cipher_get_name (gnutls_cipher_algorithm_t algorithm
);
802 const char *gnutls_mac_get_name (gnutls_mac_algorithm_t algorithm
);
803 const char *gnutls_compression_get_name (gnutls_compression_method_t
805 const char *gnutls_kx_get_name (gnutls_kx_algorithm_t algorithm
);
806 const char *gnutls_certificate_type_get_name (gnutls_certificate_type_t
808 const char *gnutls_pk_get_name (gnutls_pk_algorithm_t algorithm
);
809 const char *gnutls_sign_get_name (gnutls_sign_algorithm_t algorithm
);
810 gnutls_digest_algorithm_t
811 gnutls_sign_get_hash_algorithm (gnutls_sign_algorithm_t sign
);
812 gnutls_pk_algorithm_t
813 gnutls_sign_get_pk_algorithm (gnutls_sign_algorithm_t sign
);
814 gnutls_sign_algorithm_t
815 gnutls_pk_to_sign (gnutls_pk_algorithm_t pk
,
816 gnutls_digest_algorithm_t hash
);
818 #define gnutls_sign_algorithm_get_name gnutls_sign_get_name
820 gnutls_mac_algorithm_t
gnutls_mac_get_id (const char *name
);
821 gnutls_compression_method_t
gnutls_compression_get_id (const char *name
);
822 gnutls_cipher_algorithm_t
gnutls_cipher_get_id (const char *name
);
823 gnutls_kx_algorithm_t
gnutls_kx_get_id (const char *name
);
824 gnutls_protocol_t
gnutls_protocol_get_id (const char *name
);
825 gnutls_certificate_type_t
gnutls_certificate_type_get_id (const char *name
);
826 gnutls_pk_algorithm_t
gnutls_pk_get_id (const char *name
);
827 gnutls_sign_algorithm_t
gnutls_sign_get_id (const char *name
);
829 /* list supported algorithms */
830 const gnutls_ecc_curve_t
* gnutls_ecc_curve_list (void);
831 const gnutls_cipher_algorithm_t
*gnutls_cipher_list (void);
832 const gnutls_mac_algorithm_t
*gnutls_mac_list (void);
833 const gnutls_compression_method_t
*gnutls_compression_list (void);
834 const gnutls_protocol_t
*gnutls_protocol_list (void);
835 const gnutls_certificate_type_t
*gnutls_certificate_type_list (void);
836 const gnutls_kx_algorithm_t
*gnutls_kx_list (void);
837 const gnutls_pk_algorithm_t
*gnutls_pk_list (void);
838 const gnutls_sign_algorithm_t
*gnutls_sign_list (void);
839 const char *gnutls_cipher_suite_info (size_t idx
,
840 unsigned char *cs_id
,
841 gnutls_kx_algorithm_t
* kx
,
842 gnutls_cipher_algorithm_t
* cipher
,
843 gnutls_mac_algorithm_t
* mac
,
844 gnutls_protocol_t
* min_version
);
846 /* error functions */
847 int gnutls_error_is_fatal (int error
);
848 int gnutls_error_to_alert (int err
, int *level
);
850 void gnutls_perror (int error
);
851 const char *gnutls_strerror (int error
);
852 const char *gnutls_strerror_name (int error
);
854 /* Semi-internal functions.
856 void gnutls_handshake_set_private_extensions (gnutls_session_t session
,
858 gnutls_handshake_description_t
859 gnutls_handshake_get_last_out (gnutls_session_t session
);
860 gnutls_handshake_description_t
861 gnutls_handshake_get_last_in (gnutls_session_t session
);
863 /* Record layer functions.
865 #define GNUTLS_HEARTBEAT_WAIT 1
866 int gnutls_heartbeat_ping (gnutls_session_t session
, size_t data_size
,
867 unsigned int max_tries
, unsigned int flags
);
868 int gnutls_heartbeat_pong (gnutls_session_t session
, unsigned int flags
);
870 ssize_t
gnutls_record_send (gnutls_session_t session
, const void *data
,
872 ssize_t
gnutls_record_recv (gnutls_session_t session
, void *data
,
874 #define gnutls_read gnutls_record_recv
875 #define gnutls_write gnutls_record_send
876 ssize_t
gnutls_record_recv_seq (gnutls_session_t session
, void *data
, size_t data_size
,
879 void gnutls_session_enable_compatibility_mode (gnutls_session_t session
);
881 void gnutls_record_disable_padding (gnutls_session_t session
);
883 int gnutls_record_get_direction (gnutls_session_t session
);
885 size_t gnutls_record_get_max_size (gnutls_session_t session
);
886 ssize_t
gnutls_record_set_max_size (gnutls_session_t session
, size_t size
);
888 size_t gnutls_record_check_pending (gnutls_session_t session
);
890 int gnutls_prf (gnutls_session_t session
,
891 size_t label_size
, const char *label
,
892 int server_random_first
,
893 size_t extra_size
, const char *extra
,
894 size_t outsize
, char *out
);
896 int gnutls_prf_raw (gnutls_session_t session
,
897 size_t label_size
, const char *label
,
898 size_t seed_size
, const char *seed
,
899 size_t outsize
, char *out
);
902 * gnutls_server_name_type_t:
903 * @GNUTLS_NAME_DNS: Domain Name System name type.
905 * Enumeration of different server name types.
910 } gnutls_server_name_type_t
;
912 int gnutls_server_name_set (gnutls_session_t session
,
913 gnutls_server_name_type_t type
,
914 const void *name
, size_t name_length
);
916 int gnutls_server_name_get (gnutls_session_t session
,
917 void *data
, size_t * data_length
,
918 unsigned int *type
, unsigned int indx
);
920 unsigned int gnutls_heartbeat_get_timeout (gnutls_session_t session
);
921 void gnutls_heartbeat_set_timeouts (gnutls_session_t session
, unsigned int retrans_timeout
,
922 unsigned int total_timeout
);
924 #define GNUTLS_HB_PEER_ALLOWED_TO_SEND (1)
925 #define GNUTLS_HB_PEER_NOT_ALLOWED_TO_SEND (1<<1)
928 void gnutls_heartbeat_enable (gnutls_session_t session
, unsigned int type
);
930 #define GNUTLS_HB_LOCAL_ALLOWED_TO_SEND (1<<2)
931 int gnutls_heartbeat_allowed (gnutls_session_t session
, unsigned int type
);
933 /* Safe renegotiation */
934 int gnutls_safe_renegotiation_status (gnutls_session_t session
);
937 * gnutls_supplemental_data_format_type_t:
938 * @GNUTLS_SUPPLEMENTAL_USER_MAPPING_DATA: Supplemental user mapping data.
940 * Enumeration of different supplemental data types (RFC 4680).
944 GNUTLS_SUPPLEMENTAL_USER_MAPPING_DATA
= 0
945 } gnutls_supplemental_data_format_type_t
;
948 *gnutls_supplemental_get_name (gnutls_supplemental_data_format_type_t
951 /* SessionTicket, RFC 5077. */
952 int gnutls_session_ticket_key_generate (gnutls_datum_t
* key
);
953 int gnutls_session_ticket_enable_client (gnutls_session_t session
);
954 int gnutls_session_ticket_enable_server (gnutls_session_t session
,
955 const gnutls_datum_t
* key
);
957 int gnutls_key_generate (gnutls_datum_t
* key
, unsigned int key_size
);
959 /* if you just want some defaults, use the following.
961 int gnutls_priority_init (gnutls_priority_t
* priority_cache
,
962 const char *priorities
, const char **err_pos
);
963 void gnutls_priority_deinit (gnutls_priority_t priority_cache
);
964 int gnutls_priority_get_cipher_suite_index (gnutls_priority_t pcache
, unsigned int idx
, unsigned int *sidx
);
966 int gnutls_priority_set (gnutls_session_t session
,
967 gnutls_priority_t priority
);
968 int gnutls_priority_set_direct (gnutls_session_t session
,
969 const char *priorities
,
970 const char **err_pos
);
972 int gnutls_priority_certificate_type_list (gnutls_priority_t pcache
, const unsigned int** list
);
973 int gnutls_priority_sign_list (gnutls_priority_t pcache
, const unsigned int** list
);
974 int gnutls_priority_protocol_list (gnutls_priority_t pcache
, const unsigned int** list
);
975 int gnutls_priority_compression_list (gnutls_priority_t pcache
, const unsigned int** list
);
976 int gnutls_priority_ecc_curve_list (gnutls_priority_t pcache
, const unsigned int** list
);
980 int gnutls_set_default_priority (gnutls_session_t session
);
982 /* Returns the name of a cipher suite */
983 const char *gnutls_cipher_suite_get_name (gnutls_kx_algorithm_t
985 gnutls_cipher_algorithm_t
987 gnutls_mac_algorithm_t
990 /* get the currently used protocol version */
991 gnutls_protocol_t
gnutls_protocol_get_version (gnutls_session_t session
);
993 const char *gnutls_protocol_get_name (gnutls_protocol_t version
);
998 int gnutls_session_set_data (gnutls_session_t session
,
999 const void *session_data
,
1000 size_t session_data_size
);
1001 int gnutls_session_get_data (gnutls_session_t session
, void *session_data
,
1002 size_t * session_data_size
);
1003 int gnutls_session_get_data2 (gnutls_session_t session
,
1004 gnutls_datum_t
* data
);
1005 void gnutls_session_get_random (gnutls_session_t session
, gnutls_datum_t
* client
,
1006 gnutls_datum_t
* server
);
1008 int gnutls_session_set_premaster (gnutls_session_t session
, unsigned int entity
,
1009 gnutls_protocol_t version
,
1010 gnutls_kx_algorithm_t kx
,
1011 gnutls_cipher_algorithm_t cipher
,
1012 gnutls_mac_algorithm_t mac
,
1013 gnutls_compression_method_t comp
,
1014 const gnutls_datum_t
* master
,
1015 const gnutls_datum_t
* session_id
);
1017 /* returns the session ID */
1018 #define GNUTLS_MAX_SESSION_ID 32
1019 int gnutls_session_get_id (gnutls_session_t session
, void *session_id
,
1020 size_t * session_id_size
);
1023 int gnutls_session_channel_binding (gnutls_session_t session
,
1024 gnutls_channel_binding_t cbtype
,
1025 gnutls_datum_t
* cb
);
1027 /* checks if this session is a resumed one
1029 int gnutls_session_is_resumed (gnutls_session_t session
);
1030 int gnutls_session_resumption_requested (gnutls_session_t session
);
1032 typedef int (*gnutls_db_store_func
) (void *, gnutls_datum_t key
,
1033 gnutls_datum_t data
);
1034 typedef int (*gnutls_db_remove_func
) (void *, gnutls_datum_t key
);
1035 typedef gnutls_datum_t (*gnutls_db_retr_func
) (void *, gnutls_datum_t key
);
1037 void gnutls_db_set_cache_expiration (gnutls_session_t session
, int seconds
);
1039 void gnutls_db_remove_session (gnutls_session_t session
);
1040 void gnutls_db_set_retrieve_function (gnutls_session_t session
,
1041 gnutls_db_retr_func retr_func
);
1042 void gnutls_db_set_remove_function (gnutls_session_t session
,
1043 gnutls_db_remove_func rem_func
);
1044 void gnutls_db_set_store_function (gnutls_session_t session
,
1045 gnutls_db_store_func store_func
);
1046 void gnutls_db_set_ptr (gnutls_session_t session
, void *ptr
);
1047 void *gnutls_db_get_ptr (gnutls_session_t session
);
1048 int gnutls_db_check_entry (gnutls_session_t session
,
1049 gnutls_datum_t session_entry
);
1051 typedef int (*gnutls_handshake_post_client_hello_func
) (gnutls_session_t
);
1053 gnutls_handshake_set_post_client_hello_function (gnutls_session_t session
,
1054 gnutls_handshake_post_client_hello_func
1057 void gnutls_handshake_set_max_packet_length (gnutls_session_t session
,
1060 /* returns libgnutls version (call it with a NULL argument)
1062 const char *gnutls_check_version (const char *req_version
);
1064 /* Functions for setting/clearing credentials
1066 void gnutls_credentials_clear (gnutls_session_t session
);
1068 /* cred is a structure defined by the kx algorithm
1070 int gnutls_credentials_set (gnutls_session_t session
,
1071 gnutls_credentials_type_t type
, void *cred
);
1072 #define gnutls_cred_set gnutls_credentials_set
1076 struct gnutls_x509_privkey_int
;
1077 typedef struct gnutls_x509_privkey_int
*gnutls_x509_privkey_t
;
1079 struct gnutls_x509_crl_int
;
1080 typedef struct gnutls_x509_crl_int
*gnutls_x509_crl_t
;
1082 struct gnutls_x509_crt_int
;
1083 typedef struct gnutls_x509_crt_int
*gnutls_x509_crt_t
;
1085 struct gnutls_x509_crq_int
;
1086 typedef struct gnutls_x509_crq_int
*gnutls_x509_crq_t
;
1088 struct gnutls_openpgp_keyring_int
;
1089 typedef struct gnutls_openpgp_keyring_int
*gnutls_openpgp_keyring_t
;
1092 /* Credential structures - used in gnutls_credentials_set(); */
1094 struct gnutls_certificate_credentials_st
;
1095 typedef struct gnutls_certificate_credentials_st
1096 *gnutls_certificate_credentials_t
;
1097 typedef gnutls_certificate_credentials_t
1098 gnutls_certificate_server_credentials
;
1099 typedef gnutls_certificate_credentials_t
1100 gnutls_certificate_client_credentials
;
1102 typedef struct gnutls_anon_server_credentials_st
1103 *gnutls_anon_server_credentials_t
;
1104 typedef struct gnutls_anon_client_credentials_st
1105 *gnutls_anon_client_credentials_t
;
1107 void gnutls_anon_free_server_credentials (gnutls_anon_server_credentials_t
1110 gnutls_anon_allocate_server_credentials (gnutls_anon_server_credentials_t
1113 void gnutls_anon_set_server_dh_params (gnutls_anon_server_credentials_t res
,
1114 gnutls_dh_params_t dh_params
);
1117 gnutls_anon_set_server_params_function (gnutls_anon_server_credentials_t
1119 gnutls_params_function
* func
);
1122 gnutls_anon_free_client_credentials (gnutls_anon_client_credentials_t sc
);
1124 gnutls_anon_allocate_client_credentials (gnutls_anon_client_credentials_t
1127 /* CERTFILE is an x509 certificate in PEM form.
1128 * KEYFILE is a pkcs-1 private key in PEM form (for RSA keys).
1131 gnutls_certificate_free_credentials (gnutls_certificate_credentials_t sc
);
1133 gnutls_certificate_allocate_credentials (gnutls_certificate_credentials_t
1137 gnutls_certificate_get_issuer (gnutls_certificate_credentials_t sc
,
1138 gnutls_x509_crt_t cert
, gnutls_x509_crt_t
* issuer
, unsigned int flags
);
1140 void gnutls_certificate_free_keys (gnutls_certificate_credentials_t sc
);
1141 void gnutls_certificate_free_cas (gnutls_certificate_credentials_t sc
);
1142 void gnutls_certificate_free_ca_names (gnutls_certificate_credentials_t sc
);
1143 void gnutls_certificate_free_crls (gnutls_certificate_credentials_t sc
);
1145 void gnutls_certificate_set_dh_params (gnutls_certificate_credentials_t res
,
1146 gnutls_dh_params_t dh_params
);
1147 void gnutls_certificate_set_verify_flags (gnutls_certificate_credentials_t
1148 res
, unsigned int flags
);
1149 void gnutls_certificate_set_verify_limits (gnutls_certificate_credentials_t
1150 res
, unsigned int max_bits
,
1151 unsigned int max_depth
);
1154 gnutls_certificate_set_x509_system_trust (gnutls_certificate_credentials_t cred
);
1157 gnutls_certificate_set_x509_trust_file (gnutls_certificate_credentials_t
1158 cred
, const char *cafile
,
1159 gnutls_x509_crt_fmt_t type
);
1160 int gnutls_certificate_set_x509_trust_mem (gnutls_certificate_credentials_t
1161 res
, const gnutls_datum_t
* ca
,
1162 gnutls_x509_crt_fmt_t type
);
1165 gnutls_certificate_set_x509_crl_file (gnutls_certificate_credentials_t
1166 res
, const char *crlfile
,
1167 gnutls_x509_crt_fmt_t type
);
1168 int gnutls_certificate_set_x509_crl_mem (gnutls_certificate_credentials_t
1169 res
, const gnutls_datum_t
* CRL
,
1170 gnutls_x509_crt_fmt_t type
);
1173 gnutls_certificate_set_x509_key_file (gnutls_certificate_credentials_t
1174 res
, const char *certfile
,
1175 const char *keyfile
,
1176 gnutls_x509_crt_fmt_t type
);
1178 int gnutls_certificate_set_x509_key_mem (gnutls_certificate_credentials_t
1179 res
, const gnutls_datum_t
* cert
,
1180 const gnutls_datum_t
* key
,
1181 gnutls_x509_crt_fmt_t type
);
1183 void gnutls_certificate_send_x509_rdn_sequence (gnutls_session_t session
,
1186 int gnutls_certificate_set_x509_simple_pkcs12_file (gnutls_certificate_credentials_t res
, const char *pkcs12file
,
1187 gnutls_x509_crt_fmt_t type
, const char *password
);
1188 int gnutls_certificate_set_x509_simple_pkcs12_mem (gnutls_certificate_credentials_t res
, const gnutls_datum_t
* p12blob
,
1189 gnutls_x509_crt_fmt_t type
, const char *password
);
1191 /* New functions to allow setting already parsed X.509 stuff.
1194 int gnutls_certificate_set_x509_key (gnutls_certificate_credentials_t res
,
1195 gnutls_x509_crt_t
* cert_list
,
1197 gnutls_x509_privkey_t key
);
1198 int gnutls_certificate_set_x509_trust (gnutls_certificate_credentials_t res
,
1199 gnutls_x509_crt_t
* ca_list
,
1201 int gnutls_certificate_set_x509_crl (gnutls_certificate_credentials_t res
,
1202 gnutls_x509_crl_t
* crl_list
,
1205 /* OCSP status request extension, RFC 6066 */
1206 typedef int (*gnutls_status_request_ocsp_func
)
1207 (gnutls_session_t session
, void *ptr
, gnutls_datum_t
*ocsp_response
);
1209 void gnutls_certificate_set_ocsp_status_request_function (gnutls_certificate_credentials_t res
,
1210 gnutls_status_request_ocsp_func ocsp_func
,
1213 int gnutls_certificate_set_ocsp_status_request_file (gnutls_certificate_credentials_t res
,
1214 const char* response_file
, unsigned int flags
);
1216 int gnutls_ocsp_status_request_enable_client (gnutls_session_t session
,
1217 gnutls_datum_t
*responder_id
,
1218 size_t responder_id_size
,
1219 gnutls_datum_t
*request_extensions
);
1221 int gnutls_ocsp_status_request_get (gnutls_session_t session
, gnutls_datum_t
*response
);
1224 /* global state functions
1226 int gnutls_global_init (void);
1227 void gnutls_global_deinit (void);
1231 * @t: where to store time.
1233 * Function prototype for time()-like function. Set with
1234 * gnutls_global_set_time_function().
1236 * Returns: Number of seconds since the epoch, or (time_t)-1 on errors.
1238 typedef time_t (*gnutls_time_func
) (time_t *t
);
1240 typedef int (*mutex_init_func
) (void **mutex
);
1241 typedef int (*mutex_lock_func
) (void **mutex
);
1242 typedef int (*mutex_unlock_func
) (void **mutex
);
1243 typedef int (*mutex_deinit_func
) (void **mutex
);
1245 void gnutls_global_set_mutex (mutex_init_func init
, mutex_deinit_func deinit
,
1246 mutex_lock_func lock
, mutex_unlock_func unlock
);
1248 typedef void *(*gnutls_alloc_function
) (size_t);
1249 typedef void *(*gnutls_calloc_function
) (size_t, size_t);
1250 typedef int (*gnutls_is_secure_function
) (const void *);
1251 typedef void (*gnutls_free_function
) (void *);
1252 typedef void *(*gnutls_realloc_function
) (void *, size_t);
1255 gnutls_global_set_mem_functions (gnutls_alloc_function alloc_func
,
1256 gnutls_alloc_function secure_alloc_func
,
1257 gnutls_is_secure_function is_secure_func
,
1258 gnutls_realloc_function realloc_func
,
1259 gnutls_free_function free_func
);
1261 void gnutls_global_set_time_function (gnutls_time_func time_func
);
1263 /* For use in callbacks */
1264 extern gnutls_alloc_function gnutls_malloc
;
1265 extern gnutls_alloc_function gnutls_secure_malloc
;
1266 extern gnutls_realloc_function gnutls_realloc
;
1267 extern gnutls_calloc_function gnutls_calloc
;
1268 extern gnutls_free_function gnutls_free
;
1270 extern char *(*gnutls_strdup
) (const char *);
1272 typedef void (*gnutls_log_func
) (int, const char *);
1273 typedef void (*gnutls_audit_log_func
) (gnutls_session_t
, const char *);
1274 void gnutls_global_set_log_function (gnutls_log_func log_func
);
1275 void gnutls_global_set_audit_log_function (gnutls_audit_log_func log_func
);
1276 void gnutls_global_set_log_level (int level
);
1278 /* Diffie-Hellman parameter handling.
1280 int gnutls_dh_params_init (gnutls_dh_params_t
* dh_params
);
1281 void gnutls_dh_params_deinit (gnutls_dh_params_t dh_params
);
1282 int gnutls_dh_params_import_raw (gnutls_dh_params_t dh_params
,
1283 const gnutls_datum_t
* prime
,
1284 const gnutls_datum_t
* generator
);
1285 int gnutls_dh_params_import_pkcs3 (gnutls_dh_params_t params
,
1286 const gnutls_datum_t
* pkcs3_params
,
1287 gnutls_x509_crt_fmt_t format
);
1288 int gnutls_dh_params_generate2 (gnutls_dh_params_t params
,
1290 int gnutls_dh_params_export_pkcs3 (gnutls_dh_params_t params
,
1291 gnutls_x509_crt_fmt_t format
,
1292 unsigned char *params_data
,
1293 size_t * params_data_size
);
1294 int gnutls_dh_params_export_raw (gnutls_dh_params_t params
,
1295 gnutls_datum_t
* prime
,
1296 gnutls_datum_t
* generator
,
1297 unsigned int *bits
);
1298 int gnutls_dh_params_cpy (gnutls_dh_params_t dst
, gnutls_dh_params_t src
);
1306 void *iov_base
; /* Starting address */
1307 size_t iov_len
; /* Number of bytes to transfer */
1310 typedef ssize_t (*gnutls_pull_func
) (gnutls_transport_ptr_t
, void *,
1312 typedef ssize_t (*gnutls_push_func
) (gnutls_transport_ptr_t
, const void *,
1315 typedef int (*gnutls_pull_timeout_func
) (gnutls_transport_ptr_t
, unsigned int ms
);
1317 typedef ssize_t (*gnutls_vec_push_func
) (gnutls_transport_ptr_t
,
1318 const giovec_t
* iov
, int iovcnt
);
1320 typedef int (*gnutls_errno_func
) (gnutls_transport_ptr_t
);
1322 void gnutls_transport_set_ptr (gnutls_session_t session
,
1323 gnutls_transport_ptr_t ptr
);
1324 void gnutls_transport_set_ptr2 (gnutls_session_t session
,
1325 gnutls_transport_ptr_t recv_ptr
,
1326 gnutls_transport_ptr_t send_ptr
);
1328 gnutls_transport_ptr_t
gnutls_transport_get_ptr (gnutls_session_t session
);
1329 void gnutls_transport_get_ptr2 (gnutls_session_t session
,
1330 gnutls_transport_ptr_t
* recv_ptr
,
1331 gnutls_transport_ptr_t
* send_ptr
);
1333 void gnutls_transport_set_vec_push_function (gnutls_session_t session
,
1334 gnutls_vec_push_func vec_func
);
1335 void gnutls_transport_set_push_function (gnutls_session_t session
,
1336 gnutls_push_func push_func
);
1337 void gnutls_transport_set_pull_function (gnutls_session_t session
,
1338 gnutls_pull_func pull_func
);
1340 void gnutls_transport_set_pull_timeout_function (gnutls_session_t session
,
1341 gnutls_pull_timeout_func func
);
1343 void gnutls_transport_set_errno_function (gnutls_session_t session
,
1344 gnutls_errno_func errno_func
);
1346 void gnutls_transport_set_errno (gnutls_session_t session
, int err
);
1350 void gnutls_session_set_ptr (gnutls_session_t session
, void *ptr
);
1351 void *gnutls_session_get_ptr (gnutls_session_t session
);
1353 void gnutls_openpgp_send_cert (gnutls_session_t session
,
1354 gnutls_openpgp_crt_status_t status
);
1356 /* This function returns the hash of the given data.
1358 int gnutls_fingerprint (gnutls_digest_algorithm_t algo
,
1359 const gnutls_datum_t
* data
, void *result
,
1360 size_t * result_size
);
1363 * gnutls_random_art_t:
1364 * @GNUTLS_RANDOM_ART_OPENSSH: OpenSSH-style random art.
1366 * Enumeration of different random art types.
1368 typedef enum gnutls_random_art
1370 GNUTLS_RANDOM_ART_OPENSSH
=1,
1371 } gnutls_random_art_t
;
1373 int gnutls_random_art (gnutls_random_art_t type
,
1374 const char* key_type
, unsigned int key_size
,
1375 void * fpr
, size_t fpr_size
,
1376 gnutls_datum_t
* art
);
1381 typedef struct gnutls_srp_server_credentials_st
1382 *gnutls_srp_server_credentials_t
;
1383 typedef struct gnutls_srp_client_credentials_st
1384 *gnutls_srp_client_credentials_t
;
1387 gnutls_srp_free_client_credentials (gnutls_srp_client_credentials_t sc
);
1389 gnutls_srp_allocate_client_credentials (gnutls_srp_client_credentials_t
*
1391 int gnutls_srp_set_client_credentials (gnutls_srp_client_credentials_t res
,
1392 const char *username
,
1393 const char *password
);
1396 gnutls_srp_free_server_credentials (gnutls_srp_server_credentials_t sc
);
1398 gnutls_srp_allocate_server_credentials (gnutls_srp_server_credentials_t
*
1400 int gnutls_srp_set_server_credentials_file (gnutls_srp_server_credentials_t
1401 res
, const char *password_file
,
1402 const char *password_conf_file
);
1404 const char *gnutls_srp_server_get_username (gnutls_session_t session
);
1406 extern void gnutls_srp_set_prime_bits (gnutls_session_t session
,
1409 int gnutls_srp_verifier (const char *username
,
1410 const char *password
,
1411 const gnutls_datum_t
* salt
,
1412 const gnutls_datum_t
* generator
,
1413 const gnutls_datum_t
* prime
,
1414 gnutls_datum_t
* res
);
1416 /* The static parameters defined in draft-ietf-tls-srp-05
1417 * Those should be used as input to gnutls_srp_verifier().
1419 extern const gnutls_datum_t gnutls_srp_4096_group_prime
;
1420 extern const gnutls_datum_t gnutls_srp_4096_group_generator
;
1422 extern const gnutls_datum_t gnutls_srp_3072_group_prime
;
1423 extern const gnutls_datum_t gnutls_srp_3072_group_generator
;
1425 extern const gnutls_datum_t gnutls_srp_2048_group_prime
;
1426 extern const gnutls_datum_t gnutls_srp_2048_group_generator
;
1428 extern const gnutls_datum_t gnutls_srp_1536_group_prime
;
1429 extern const gnutls_datum_t gnutls_srp_1536_group_generator
;
1431 extern const gnutls_datum_t gnutls_srp_1024_group_prime
;
1432 extern const gnutls_datum_t gnutls_srp_1024_group_generator
;
1434 typedef int gnutls_srp_server_credentials_function (gnutls_session_t
,
1435 const char *username
,
1436 gnutls_datum_t
* salt
,
1441 gnutls_datum_t
* prime
);
1443 gnutls_srp_set_server_credentials_function (
1444 gnutls_srp_server_credentials_t cred
,
1445 gnutls_srp_server_credentials_function
* func
);
1447 typedef int gnutls_srp_client_credentials_function (gnutls_session_t
,
1450 gnutls_srp_set_client_credentials_function (
1451 gnutls_srp_client_credentials_t cred
,
1452 gnutls_srp_client_credentials_function
* func
);
1454 int gnutls_srp_base64_encode (const gnutls_datum_t
* data
, char *result
,
1455 size_t * result_size
);
1456 int gnutls_srp_base64_encode_alloc (const gnutls_datum_t
* data
,
1457 gnutls_datum_t
* result
);
1459 int gnutls_srp_base64_decode (const gnutls_datum_t
* b64_data
, char *result
,
1460 size_t * result_size
);
1461 int gnutls_srp_base64_decode_alloc (const gnutls_datum_t
* b64_data
,
1462 gnutls_datum_t
* result
);
1465 typedef struct gnutls_psk_server_credentials_st
1466 *gnutls_psk_server_credentials_t
;
1467 typedef struct gnutls_psk_client_credentials_st
1468 *gnutls_psk_client_credentials_t
;
1471 * gnutls_psk_key_flags:
1472 * @GNUTLS_PSK_KEY_RAW: PSK-key in raw format.
1473 * @GNUTLS_PSK_KEY_HEX: PSK-key in hex format.
1475 * Enumeration of different PSK key flags.
1477 typedef enum gnutls_psk_key_flags
1479 GNUTLS_PSK_KEY_RAW
= 0,
1481 } gnutls_psk_key_flags
;
1484 gnutls_psk_free_client_credentials (gnutls_psk_client_credentials_t sc
);
1486 gnutls_psk_allocate_client_credentials (gnutls_psk_client_credentials_t
*
1488 int gnutls_psk_set_client_credentials (gnutls_psk_client_credentials_t res
,
1489 const char *username
,
1490 const gnutls_datum_t
* key
,
1491 gnutls_psk_key_flags flags
);
1494 gnutls_psk_free_server_credentials (gnutls_psk_server_credentials_t sc
);
1496 gnutls_psk_allocate_server_credentials (gnutls_psk_server_credentials_t
*
1498 int gnutls_psk_set_server_credentials_file (gnutls_psk_server_credentials_t
1499 res
, const char *password_file
);
1502 gnutls_psk_set_server_credentials_hint (gnutls_psk_server_credentials_t
1503 res
, const char *hint
);
1505 const char *gnutls_psk_server_get_username (gnutls_session_t session
);
1506 const char *gnutls_psk_client_get_hint (gnutls_session_t session
);
1508 typedef int gnutls_psk_server_credentials_function (gnutls_session_t
,
1509 const char *username
,
1510 gnutls_datum_t
* key
);
1512 gnutls_psk_set_server_credentials_function (
1513 gnutls_psk_server_credentials_t cred
,
1514 gnutls_psk_server_credentials_function
* func
);
1516 typedef int gnutls_psk_client_credentials_function (gnutls_session_t
,
1518 gnutls_datum_t
* key
);
1520 gnutls_psk_set_client_credentials_function (
1521 gnutls_psk_client_credentials_t cred
,
1522 gnutls_psk_client_credentials_function
* func
);
1524 int gnutls_hex_encode (const gnutls_datum_t
* data
, char *result
,
1525 size_t * result_size
);
1526 int gnutls_hex_decode (const gnutls_datum_t
* hex_data
, void *result
,
1527 size_t * result_size
);
1530 gnutls_psk_set_server_dh_params (gnutls_psk_server_credentials_t res
,
1531 gnutls_dh_params_t dh_params
);
1534 gnutls_psk_set_server_params_function (gnutls_psk_server_credentials_t
1536 gnutls_params_function
* func
);
1539 * gnutls_x509_subject_alt_name_t:
1540 * @GNUTLS_SAN_DNSNAME: DNS-name SAN.
1541 * @GNUTLS_SAN_RFC822NAME: E-mail address SAN.
1542 * @GNUTLS_SAN_URI: URI SAN.
1543 * @GNUTLS_SAN_IPADDRESS: IP address SAN.
1544 * @GNUTLS_SAN_OTHERNAME: OtherName SAN.
1545 * @GNUTLS_SAN_DN: DN SAN.
1546 * @GNUTLS_SAN_OTHERNAME_XMPP: Virtual SAN, used by
1547 * gnutls_x509_crt_get_subject_alt_othername_oid.
1549 * Enumeration of different subject alternative names types.
1551 typedef enum gnutls_x509_subject_alt_name_t
1553 GNUTLS_SAN_DNSNAME
= 1,
1554 GNUTLS_SAN_RFC822NAME
= 2,
1556 GNUTLS_SAN_IPADDRESS
= 4,
1557 GNUTLS_SAN_OTHERNAME
= 5,
1559 /* The following are "virtual" subject alternative name types, in
1560 that they are represented by an otherName value and an OID.
1561 Used by gnutls_x509_crt_get_subject_alt_othername_oid. */
1562 GNUTLS_SAN_OTHERNAME_XMPP
= 1000
1563 } gnutls_x509_subject_alt_name_t
;
1565 struct gnutls_openpgp_crt_int
;
1566 typedef struct gnutls_openpgp_crt_int
*gnutls_openpgp_crt_t
;
1568 struct gnutls_openpgp_privkey_int
;
1569 typedef struct gnutls_openpgp_privkey_int
*gnutls_openpgp_privkey_t
;
1571 struct gnutls_pkcs11_privkey_st
;
1572 typedef struct gnutls_pkcs11_privkey_st
*gnutls_pkcs11_privkey_t
;
1575 * gnutls_privkey_type_t:
1576 * @GNUTLS_PRIVKEY_X509: X.509 private key, #gnutls_x509_privkey_t.
1577 * @GNUTLS_PRIVKEY_OPENPGP: OpenPGP private key, #gnutls_openpgp_privkey_t.
1578 * @GNUTLS_PRIVKEY_PKCS11: PKCS11 private key, #gnutls_pkcs11_privkey_t.
1579 * @GNUTLS_PRIVKEY_EXT: External private key, operating using callbacks.
1581 * Enumeration of different private key types.
1585 GNUTLS_PRIVKEY_X509
,
1586 GNUTLS_PRIVKEY_OPENPGP
,
1587 GNUTLS_PRIVKEY_PKCS11
,
1589 } gnutls_privkey_type_t
;
1591 typedef struct gnutls_retr2_st
1593 gnutls_certificate_type_t cert_type
;
1594 gnutls_privkey_type_t key_type
;
1598 gnutls_x509_crt_t
*x509
;
1599 gnutls_openpgp_crt_t pgp
;
1601 unsigned int ncerts
; /* one for pgp keys */
1605 gnutls_x509_privkey_t x509
;
1606 gnutls_openpgp_privkey_t pgp
;
1607 gnutls_pkcs11_privkey_t pkcs11
;
1610 unsigned int deinit_all
; /* if non zero all keys will be deinited */
1614 /* Functions that allow auth_info_t structures handling
1617 gnutls_credentials_type_t
gnutls_auth_get_type (gnutls_session_t session
);
1618 gnutls_credentials_type_t
1619 gnutls_auth_server_get_type (gnutls_session_t session
);
1620 gnutls_credentials_type_t
1621 gnutls_auth_client_get_type (gnutls_session_t session
);
1625 void gnutls_dh_set_prime_bits (gnutls_session_t session
, unsigned int bits
);
1626 int gnutls_dh_get_secret_bits (gnutls_session_t session
);
1627 int gnutls_dh_get_peers_public_bits (gnutls_session_t session
);
1628 int gnutls_dh_get_prime_bits (gnutls_session_t session
);
1630 int gnutls_dh_get_group (gnutls_session_t session
, gnutls_datum_t
* raw_gen
,
1631 gnutls_datum_t
* raw_prime
);
1632 int gnutls_dh_get_pubkey (gnutls_session_t session
,
1633 gnutls_datum_t
* raw_key
);
1638 /* These are set on the credentials structure.
1641 /* use gnutls_certificate_set_retrieve_function2() in abstract.h
1642 * instead. It's much more efficient.
1645 typedef int gnutls_certificate_retrieve_function (gnutls_session_t
,
1651 gnutls_pk_algorithm_t
1658 void gnutls_certificate_set_retrieve_function (
1659 gnutls_certificate_credentials_t cred
,
1660 gnutls_certificate_retrieve_function
* func
);
1662 typedef int gnutls_certificate_verify_function (gnutls_session_t
);
1664 gnutls_certificate_set_verify_function (gnutls_certificate_credentials_t
1666 gnutls_certificate_verify_function
1670 gnutls_certificate_server_set_request (gnutls_session_t session
,
1671 gnutls_certificate_request_t req
);
1673 /* get data from the session
1675 const gnutls_datum_t
*gnutls_certificate_get_peers (gnutls_session_t
1679 const gnutls_datum_t
*gnutls_certificate_get_ours (gnutls_session_t
1682 time_t gnutls_certificate_activation_time_peers (gnutls_session_t session
);
1683 time_t gnutls_certificate_expiration_time_peers (gnutls_session_t session
);
1685 int gnutls_certificate_client_get_request_status (gnutls_session_t session
);
1686 int gnutls_certificate_verify_peers2 (gnutls_session_t session
,
1687 unsigned int *status
);
1689 int gnutls_pem_base64_encode (const char *msg
, const gnutls_datum_t
* data
,
1690 char *result
, size_t * result_size
);
1691 int gnutls_pem_base64_decode (const char *header
,
1692 const gnutls_datum_t
* b64_data
,
1693 unsigned char *result
, size_t * result_size
);
1695 int gnutls_pem_base64_encode_alloc (const char *msg
,
1696 const gnutls_datum_t
* data
,
1697 gnutls_datum_t
* result
);
1698 int gnutls_pem_base64_decode_alloc (const char *header
,
1699 const gnutls_datum_t
* b64_data
,
1700 gnutls_datum_t
* result
);
1702 /* key_usage will be an OR of the following values:
1705 /* when the key is to be used for signing: */
1706 #define GNUTLS_KEY_DIGITAL_SIGNATURE 128
1707 #define GNUTLS_KEY_NON_REPUDIATION 64
1708 /* when the key is to be used for encryption: */
1709 #define GNUTLS_KEY_KEY_ENCIPHERMENT 32
1710 #define GNUTLS_KEY_DATA_ENCIPHERMENT 16
1711 #define GNUTLS_KEY_KEY_AGREEMENT 8
1712 #define GNUTLS_KEY_KEY_CERT_SIGN 4
1713 #define GNUTLS_KEY_CRL_SIGN 2
1714 #define GNUTLS_KEY_ENCIPHER_ONLY 1
1715 #define GNUTLS_KEY_DECIPHER_ONLY 32768
1718 gnutls_certificate_set_params_function (gnutls_certificate_credentials_t
1720 gnutls_params_function
* func
);
1721 void gnutls_anon_set_params_function (gnutls_anon_server_credentials_t res
,
1722 gnutls_params_function
* func
);
1723 void gnutls_psk_set_params_function (gnutls_psk_server_credentials_t res
,
1724 gnutls_params_function
* func
);
1726 int gnutls_hex2bin (const char *hex_data
, size_t hex_size
,
1727 void *bin_data
, size_t * bin_size
);
1729 /* Trust on first use (or ssh like) functions */
1731 /* stores the provided information to a database
1733 typedef int (*gnutls_tdb_store_func
) (const char* db_name
,
1735 const char* service
,
1737 const gnutls_datum_t
* pubkey
);
1739 typedef int (*gnutls_tdb_store_commitment_func
) (const char* db_name
,
1741 const char* service
,
1743 gnutls_digest_algorithm_t hash_algo
,
1744 const gnutls_datum_t
* hash
);
1746 /* searches for the provided host/service pair that match the
1747 * provided public key in the database. */
1748 typedef int (*gnutls_tdb_verify_func
) (const char* db_name
,
1750 const char* service
,
1751 const gnutls_datum_t
*pubkey
);
1754 struct gnutls_tdb_int
;
1755 typedef struct gnutls_tdb_int
*gnutls_tdb_t
;
1757 int gnutls_tdb_init (gnutls_tdb_t
*tdb
);
1758 void gnutls_tdb_set_store_func (gnutls_tdb_t tdb
,
1759 gnutls_tdb_store_func store
);
1760 void gnutls_tdb_set_store_commitment_func (gnutls_tdb_t tdb
,
1761 gnutls_tdb_store_commitment_func cstore
);
1762 void gnutls_tdb_set_verify_func (gnutls_tdb_t tdb
,
1763 gnutls_tdb_verify_func verify
);
1764 void gnutls_tdb_deinit (gnutls_tdb_t tdb
);
1766 int gnutls_verify_stored_pubkey (const char* db_name
,
1769 const char* service
,
1770 gnutls_certificate_type_t cert_type
,
1771 const gnutls_datum_t
* cert
,
1772 unsigned int flags
);
1774 int gnutls_store_commitment (const char* db_name
,
1777 const char* service
,
1778 gnutls_digest_algorithm_t hash_algo
,
1779 const gnutls_datum_t
* hash
,
1781 unsigned int flags
);
1783 int gnutls_store_pubkey (const char* db_name
,
1786 const char* service
,
1787 gnutls_certificate_type_t cert_type
,
1788 const gnutls_datum_t
* cert
,
1790 unsigned int flags
);
1792 /* Other helper functions */
1793 int gnutls_load_file(const char* filename
, gnutls_datum_t
* data
);
1795 int gnutls_url_is_supported (const char* url
);
1800 * gnutls_pin_flag_t:
1801 * @GNUTLS_PIN_USER: The PIN for the user.
1802 * @GNUTLS_PIN_SO: The PIN for the security officer (admin).
1803 * @GNUTLS_PIN_CONTEXT_SPECIFIC: The PIN is for a specific action and key like signing.
1804 * @GNUTLS_PIN_FINAL_TRY: This is the final try before blocking.
1805 * @GNUTLS_PIN_COUNT_LOW: Few tries remain before token blocks.
1806 * @GNUTLS_PIN_WRONG: Last given PIN was not correct.
1808 * Enumeration of different flags that are input to the PIN function.
1812 GNUTLS_PIN_USER
= (1 << 0),
1813 GNUTLS_PIN_SO
= (1 << 1),
1814 GNUTLS_PIN_FINAL_TRY
= (1 << 2),
1815 GNUTLS_PIN_COUNT_LOW
= (1 << 3),
1816 GNUTLS_PIN_CONTEXT_SPECIFIC
= (1 << 4),
1817 GNUTLS_PIN_WRONG
= (1 << 5),
1818 } gnutls_pin_flag_t
;
1820 #define GNUTLS_PKCS11_PIN_USER GNUTLS_PIN_USER
1821 #define GNUTLS_PKCS11_PIN_SO GNUTLS_PIN_SO
1822 #define GNUTLS_PKCS11_PIN_FINAL_TRY GNUTLS_PIN_FINAL_TRY
1823 #define GNUTLS_PKCS11_PIN_COUNT_LOW GNUTLS_PIN_COUNT_LOW
1824 #define GNUTLS_PKCS11_PIN_CONTEXT_SPECIFIC GNUTLS_PIN_CONTEXT_SPECIFIC
1825 #define GNUTLS_PKCS11_PIN_WRONG GNUTLS_PIN_WRONG
1828 * gnutls_pin_callback_t:
1829 * @userdata: user-controlled data from gnutls_pkcs11_set_pin_function().
1830 * @attempt: pin-attempt counter, initially 0.
1831 * @token_url: URL of token.
1832 * @token_label: label of token.
1833 * @flags: a #gnutls_pin_flag_t flag.
1834 * @pin: buffer to hold PIN, of size @pin_max.
1835 * @pin_max: size of @pin buffer.
1837 * Callback function type for PKCS#11 or TPM PIN entry. It is set by
1838 * functions like gnutls_pkcs11_set_pin_function().
1840 * The callback should provides the PIN code to unlock the token with
1841 * label @token_label, specified by the URL @token_url.
1843 * The PIN code, as a NUL-terminated ASCII string, should be copied
1844 * into the @pin buffer (of maximum size @pin_max), and return 0 to
1845 * indicate success. Alternatively, the callback may return a
1846 * negative gnutls error code to indicate failure and cancel PIN entry
1847 * (in which case, the contents of the @pin parameter are ignored).
1849 * When a PIN is required, the callback will be invoked repeatedly
1850 * (and indefinitely) until either the returned PIN code is correct,
1851 * the callback returns failure, or the token refuses login (e.g. when
1852 * the token is locked due to too many incorrect PINs!). For the
1853 * first such invocation, the @attempt counter will have value zero;
1854 * it will increase by one for each subsequent attempt.
1856 * Returns: %GNUTLS_E_SUCCESS (0) on success or a negative error code on error.
1860 typedef int (*gnutls_pin_callback_t
) (void *userdata
, int attempt
,
1861 const char *token_url
,
1862 const char *token_label
,
1864 char *pin
, size_t pin_max
);
1866 void gnutls_certificate_set_pin_function (gnutls_certificate_credentials_t
,
1867 gnutls_pin_callback_t fn
, void *userdata
);
1870 /* Gnutls error codes. The mapping to a TLS alert is also shown in
1874 #define GNUTLS_E_SUCCESS 0
1875 #define GNUTLS_E_UNKNOWN_COMPRESSION_ALGORITHM -3
1876 #define GNUTLS_E_UNKNOWN_CIPHER_TYPE -6
1877 #define GNUTLS_E_LARGE_PACKET -7
1878 #define GNUTLS_E_UNSUPPORTED_VERSION_PACKET -8 /* GNUTLS_A_PROTOCOL_VERSION */
1879 #define GNUTLS_E_UNEXPECTED_PACKET_LENGTH -9 /* GNUTLS_A_RECORD_OVERFLOW */
1880 #define GNUTLS_E_INVALID_SESSION -10
1881 #define GNUTLS_E_FATAL_ALERT_RECEIVED -12
1882 #define GNUTLS_E_UNEXPECTED_PACKET -15 /* GNUTLS_A_UNEXPECTED_MESSAGE */
1883 #define GNUTLS_E_WARNING_ALERT_RECEIVED -16
1884 #define GNUTLS_E_ERROR_IN_FINISHED_PACKET -18
1885 #define GNUTLS_E_UNEXPECTED_HANDSHAKE_PACKET -19
1886 #define GNUTLS_E_UNKNOWN_CIPHER_SUITE -21 /* GNUTLS_A_HANDSHAKE_FAILURE */
1887 #define GNUTLS_E_UNWANTED_ALGORITHM -22
1888 #define GNUTLS_E_MPI_SCAN_FAILED -23
1889 #define GNUTLS_E_DECRYPTION_FAILED -24 /* GNUTLS_A_DECRYPTION_FAILED, GNUTLS_A_BAD_RECORD_MAC */
1890 #define GNUTLS_E_MEMORY_ERROR -25
1891 #define GNUTLS_E_DECOMPRESSION_FAILED -26 /* GNUTLS_A_DECOMPRESSION_FAILURE */
1892 #define GNUTLS_E_COMPRESSION_FAILED -27
1893 #define GNUTLS_E_AGAIN -28
1894 #define GNUTLS_E_EXPIRED -29
1895 #define GNUTLS_E_DB_ERROR -30
1896 #define GNUTLS_E_SRP_PWD_ERROR -31
1897 #define GNUTLS_E_INSUFFICIENT_CREDENTIALS -32
1898 #define GNUTLS_E_INSUFICIENT_CREDENTIALS GNUTLS_E_INSUFFICIENT_CREDENTIALS /* for backwards compatibility only */
1899 #define GNUTLS_E_INSUFFICIENT_CRED GNUTLS_E_INSUFFICIENT_CREDENTIALS
1900 #define GNUTLS_E_INSUFICIENT_CRED GNUTLS_E_INSUFFICIENT_CREDENTIALS /* for backwards compatibility only */
1902 #define GNUTLS_E_HASH_FAILED -33
1903 #define GNUTLS_E_BASE64_DECODING_ERROR -34
1905 #define GNUTLS_E_MPI_PRINT_FAILED -35
1906 #define GNUTLS_E_REHANDSHAKE -37 /* GNUTLS_A_NO_RENEGOTIATION */
1907 #define GNUTLS_E_GOT_APPLICATION_DATA -38
1908 #define GNUTLS_E_RECORD_LIMIT_REACHED -39
1909 #define GNUTLS_E_ENCRYPTION_FAILED -40
1911 #define GNUTLS_E_PK_ENCRYPTION_FAILED -44
1912 #define GNUTLS_E_PK_DECRYPTION_FAILED -45
1913 #define GNUTLS_E_PK_SIGN_FAILED -46
1914 #define GNUTLS_E_X509_UNSUPPORTED_CRITICAL_EXTENSION -47
1915 #define GNUTLS_E_KEY_USAGE_VIOLATION -48
1916 #define GNUTLS_E_NO_CERTIFICATE_FOUND -49 /* GNUTLS_A_BAD_CERTIFICATE */
1917 #define GNUTLS_E_INVALID_REQUEST -50
1918 #define GNUTLS_E_SHORT_MEMORY_BUFFER -51
1919 #define GNUTLS_E_INTERRUPTED -52
1920 #define GNUTLS_E_PUSH_ERROR -53
1921 #define GNUTLS_E_PULL_ERROR -54
1922 #define GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER -55 /* GNUTLS_A_ILLEGAL_PARAMETER */
1923 #define GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE -56
1924 #define GNUTLS_E_PKCS1_WRONG_PAD -57
1925 #define GNUTLS_E_RECEIVED_ILLEGAL_EXTENSION -58
1926 #define GNUTLS_E_INTERNAL_ERROR -59
1927 #define GNUTLS_E_DH_PRIME_UNACCEPTABLE -63
1928 #define GNUTLS_E_FILE_ERROR -64
1929 #define GNUTLS_E_TOO_MANY_EMPTY_PACKETS -78
1930 #define GNUTLS_E_UNKNOWN_PK_ALGORITHM -80
1931 #define GNUTLS_E_TOO_MANY_HANDSHAKE_PACKETS -81
1933 /* returned if you need to generate temporary RSA
1934 * parameters. These are needed for export cipher suites.
1936 #define GNUTLS_E_NO_TEMPORARY_RSA_PARAMS -84
1938 #define GNUTLS_E_NO_COMPRESSION_ALGORITHMS -86
1939 #define GNUTLS_E_NO_CIPHER_SUITES -87
1941 #define GNUTLS_E_OPENPGP_GETKEY_FAILED -88
1942 #define GNUTLS_E_PK_SIG_VERIFY_FAILED -89
1944 #define GNUTLS_E_ILLEGAL_SRP_USERNAME -90
1945 #define GNUTLS_E_SRP_PWD_PARSING_ERROR -91
1946 #define GNUTLS_E_NO_TEMPORARY_DH_PARAMS -93
1948 /* For certificate and key stuff
1950 #define GNUTLS_E_ASN1_ELEMENT_NOT_FOUND -67
1951 #define GNUTLS_E_ASN1_IDENTIFIER_NOT_FOUND -68
1952 #define GNUTLS_E_ASN1_DER_ERROR -69
1953 #define GNUTLS_E_ASN1_VALUE_NOT_FOUND -70
1954 #define GNUTLS_E_ASN1_GENERIC_ERROR -71
1955 #define GNUTLS_E_ASN1_VALUE_NOT_VALID -72
1956 #define GNUTLS_E_ASN1_TAG_ERROR -73
1957 #define GNUTLS_E_ASN1_TAG_IMPLICIT -74
1958 #define GNUTLS_E_ASN1_TYPE_ANY_ERROR -75
1959 #define GNUTLS_E_ASN1_SYNTAX_ERROR -76
1960 #define GNUTLS_E_ASN1_DER_OVERFLOW -77
1961 #define GNUTLS_E_OPENPGP_UID_REVOKED -79
1962 #define GNUTLS_E_CERTIFICATE_ERROR -43
1963 #define GNUTLS_E_X509_CERTIFICATE_ERROR GNUTLS_E_CERTIFICATE_ERROR
1964 #define GNUTLS_E_CERTIFICATE_KEY_MISMATCH -60
1965 #define GNUTLS_E_UNSUPPORTED_CERTIFICATE_TYPE -61 /* GNUTLS_A_UNSUPPORTED_CERTIFICATE */
1966 #define GNUTLS_E_X509_UNKNOWN_SAN -62
1967 #define GNUTLS_E_OPENPGP_FINGERPRINT_UNSUPPORTED -94
1968 #define GNUTLS_E_X509_UNSUPPORTED_ATTRIBUTE -95
1969 #define GNUTLS_E_UNKNOWN_HASH_ALGORITHM -96
1970 #define GNUTLS_E_UNKNOWN_PKCS_CONTENT_TYPE -97
1971 #define GNUTLS_E_UNKNOWN_PKCS_BAG_TYPE -98
1972 #define GNUTLS_E_INVALID_PASSWORD -99
1973 #define GNUTLS_E_MAC_VERIFY_FAILED -100 /* for PKCS #12 MAC */
1974 #define GNUTLS_E_CONSTRAINT_ERROR -101
1976 #define GNUTLS_E_WARNING_IA_IPHF_RECEIVED -102
1977 #define GNUTLS_E_WARNING_IA_FPHF_RECEIVED -103
1979 #define GNUTLS_E_IA_VERIFY_FAILED -104
1980 #define GNUTLS_E_UNKNOWN_ALGORITHM -105
1981 #define GNUTLS_E_UNSUPPORTED_SIGNATURE_ALGORITHM -106
1982 #define GNUTLS_E_SAFE_RENEGOTIATION_FAILED -107
1983 #define GNUTLS_E_UNSAFE_RENEGOTIATION_DENIED -108
1984 #define GNUTLS_E_UNKNOWN_SRP_USERNAME -109
1985 #define GNUTLS_E_PREMATURE_TERMINATION -110
1987 #define GNUTLS_E_BASE64_ENCODING_ERROR -201
1988 #define GNUTLS_E_INCOMPATIBLE_GCRYPT_LIBRARY -202 /* obsolete */
1989 #define GNUTLS_E_INCOMPATIBLE_CRYPTO_LIBRARY -202
1990 #define GNUTLS_E_INCOMPATIBLE_LIBTASN1_LIBRARY -203
1992 #define GNUTLS_E_OPENPGP_KEYRING_ERROR -204
1993 #define GNUTLS_E_X509_UNSUPPORTED_OID -205
1995 #define GNUTLS_E_RANDOM_FAILED -206
1996 #define GNUTLS_E_BASE64_UNEXPECTED_HEADER_ERROR -207
1998 #define GNUTLS_E_OPENPGP_SUBKEY_ERROR -208
2000 #define GNUTLS_E_CRYPTO_ALREADY_REGISTERED -209
2002 #define GNUTLS_E_HANDSHAKE_TOO_LARGE -210
2004 #define GNUTLS_E_CRYPTODEV_IOCTL_ERROR -211
2005 #define GNUTLS_E_CRYPTODEV_DEVICE_ERROR -212
2007 #define GNUTLS_E_CHANNEL_BINDING_NOT_AVAILABLE -213
2008 #define GNUTLS_E_BAD_COOKIE -214
2009 #define GNUTLS_E_OPENPGP_PREFERRED_KEY_ERROR -215
2010 #define GNUTLS_E_INCOMPAT_DSA_KEY_WITH_TLS_PROTOCOL -216
2012 #define GNUTLS_E_HEARTBEAT_PONG_RECEIVED -292
2013 #define GNUTLS_E_HEARTBEAT_PING_RECEIVED -293
2015 /* PKCS11 related */
2016 #define GNUTLS_E_PKCS11_ERROR -300
2017 #define GNUTLS_E_PKCS11_LOAD_ERROR -301
2018 #define GNUTLS_E_PARSING_ERROR -302
2019 #define GNUTLS_E_PKCS11_PIN_ERROR -303
2021 #define GNUTLS_E_PKCS11_SLOT_ERROR -305
2022 #define GNUTLS_E_LOCKING_ERROR -306
2023 #define GNUTLS_E_PKCS11_ATTRIBUTE_ERROR -307
2024 #define GNUTLS_E_PKCS11_DEVICE_ERROR -308
2025 #define GNUTLS_E_PKCS11_DATA_ERROR -309
2026 #define GNUTLS_E_PKCS11_UNSUPPORTED_FEATURE_ERROR -310
2027 #define GNUTLS_E_PKCS11_KEY_ERROR -311
2028 #define GNUTLS_E_PKCS11_PIN_EXPIRED -312
2029 #define GNUTLS_E_PKCS11_PIN_LOCKED -313
2030 #define GNUTLS_E_PKCS11_SESSION_ERROR -314
2031 #define GNUTLS_E_PKCS11_SIGNATURE_ERROR -315
2032 #define GNUTLS_E_PKCS11_TOKEN_ERROR -316
2033 #define GNUTLS_E_PKCS11_USER_ERROR -317
2035 #define GNUTLS_E_CRYPTO_INIT_FAILED -318
2036 #define GNUTLS_E_TIMEDOUT -319
2037 #define GNUTLS_E_USER_ERROR -320
2038 #define GNUTLS_E_ECC_NO_SUPPORTED_CURVES -321
2039 #define GNUTLS_E_ECC_UNSUPPORTED_CURVE -322
2040 #define GNUTLS_E_PKCS11_REQUESTED_OBJECT_NOT_AVAILBLE -323
2041 #define GNUTLS_E_CERTIFICATE_LIST_UNSORTED -324
2042 #define GNUTLS_E_ILLEGAL_PARAMETER -325
2043 #define GNUTLS_E_NO_PRIORITIES_WERE_SET -326
2044 #define GNUTLS_E_X509_UNSUPPORTED_EXTENSION -327
2045 #define GNUTLS_E_SESSION_EOF -328
2047 #define GNUTLS_E_TPM_ERROR -329
2048 #define GNUTLS_E_TPM_KEY_PASSWORD_ERROR -330
2049 #define GNUTLS_E_TPM_SRK_PASSWORD_ERROR -331
2050 #define GNUTLS_E_TPM_SESSION_ERROR -332
2051 #define GNUTLS_E_TPM_KEY_NOT_FOUND -333
2052 #define GNUTLS_E_TPM_UNINITIALIZED -334
2054 #define GNUTLS_E_NO_CERTIFICATE_STATUS -340
2055 #define GNUTLS_E_OCSP_RESPONSE_ERROR -341
2057 #define GNUTLS_E_UNIMPLEMENTED_FEATURE -1250
2061 #define GNUTLS_E_APPLICATION_ERROR_MAX -65000
2062 #define GNUTLS_E_APPLICATION_ERROR_MIN -65500
2068 #include <gnutls/compat.h>
2070 #endif /* GNUTLS_H */