search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Simplified certificate verification by adding gnutls_certificate_verify_peers3().
[gnutls.git] / lib / includes / gnutls / gnutls.h.in
blob8a48479965be131bbb4f8c68f9a37e785b2093bc
1 /* -*- c -*-
2 * Copyright (C) 2000-2012 Free Software Foundation, Inc.
3 *
4 * Author: Nikos Mavrogiannopoulos
5 *
6 * This file is part of GnuTLS.
7 *
8 * The GnuTLS is free software; you can redistribute it and/or
9 * modify it under the terms of the GNU Lesser General Public License
10 * as published by the Free Software Foundation; either version 3 of
11 * the License, or (at your option) any later version.
12 *
13 * This library is distributed in the hope that it will be useful, but
14 * WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16 * Lesser General Public License for more details.
17 *
18 * You should have received a copy of the GNU Lesser General Public License
19 * along with this program. If not, see <http://www.gnu.org/licenses/>
20 *
21 */
22
23 /* This file contains the types and prototypes for all the
24 * high level functionality of the gnutls main library.
25 *
26 * If the optional C++ binding was built, it is available in
27 * gnutls/gnutlsxx.h.
28 *
29 * The openssl compatibility layer (which is under the GNU GPL
30 * license) is in gnutls/openssl.h.
31 *
32 * The low level cipher functionality is in gnutls/crypto.h.
33 */
34
35
36 #ifndef GNUTLS_H
37 #define GNUTLS_H
38
39 /* Get size_t. */
40 #include <stddef.h>
41 /* Get ssize_t. */
42 #ifndef HAVE_SSIZE_T
43 #define HAVE_SSIZE_T
44 /* *INDENT-OFF* */
45 @DEFINE_SSIZE_T@
46 /* *INDENT-ON* */
47 #endif
48 /* Get time_t. */
49 #include <time.h>
50 #ifdef __cplusplus
51 extern "C"
52 {
53 #endif
54
55 #define GNUTLS_VERSION "@VERSION@"
56
57 #define GNUTLS_VERSION_MAJOR @MAJOR_VERSION@
58 #define GNUTLS_VERSION_MINOR @MINOR_VERSION@
59 #define GNUTLS_VERSION_PATCH @PATCH_VERSION@
60
61 #define GNUTLS_VERSION_NUMBER @NUMBER_VERSION@
62
63 #define GNUTLS_CIPHER_RIJNDAEL_128_CBC GNUTLS_CIPHER_AES_128_CBC
64 #define GNUTLS_CIPHER_RIJNDAEL_256_CBC GNUTLS_CIPHER_AES_256_CBC
65 #define GNUTLS_CIPHER_RIJNDAEL_CBC GNUTLS_CIPHER_AES_128_CBC
66 #define GNUTLS_CIPHER_ARCFOUR GNUTLS_CIPHER_ARCFOUR_128
67
68 /**
69 * gnutls_cipher_algorithm_t:
70 * @GNUTLS_CIPHER_UNKNOWN: Unknown algorithm.
71 * @GNUTLS_CIPHER_NULL: NULL algorithm.
72 * @GNUTLS_CIPHER_ARCFOUR_128: ARCFOUR stream cipher with 128-bit keys.
73 * @GNUTLS_CIPHER_3DES_CBC: 3DES in CBC mode.
74 * @GNUTLS_CIPHER_AES_128_CBC: AES in CBC mode with 128-bit keys.
75 * @GNUTLS_CIPHER_AES_192_CBC: AES in CBC mode with 192-bit keys.
76 * @GNUTLS_CIPHER_AES_256_CBC: AES in CBC mode with 256-bit keys.
77 * @GNUTLS_CIPHER_ARCFOUR_40: ARCFOUR stream cipher with 40-bit keys.
78 * @GNUTLS_CIPHER_CAMELLIA_128_CBC: Camellia in CBC mode with 128-bit keys.
79 * @GNUTLS_CIPHER_CAMELLIA_192_CBC: Camellia in CBC mode with 192-bit keys.
80 * @GNUTLS_CIPHER_CAMELLIA_256_CBC: Camellia in CBC mode with 256-bit keys.
81 * @GNUTLS_CIPHER_RC2_40_CBC: RC2 in CBC mode with 40-bit keys.
82 * @GNUTLS_CIPHER_DES_CBC: DES in CBC mode (56-bit keys).
83 * @GNUTLS_CIPHER_AES_128_GCM: AES in GCM mode with 128-bit keys.
84 * @GNUTLS_CIPHER_AES_256_GCM: AES in GCM mode with 256-bit keys.
85 * @GNUTLS_CIPHER_IDEA_PGP_CFB: IDEA in CFB mode.
86 * @GNUTLS_CIPHER_3DES_PGP_CFB: 3DES in CFB mode.
87 * @GNUTLS_CIPHER_CAST5_PGP_CFB: CAST5 in CFB mode.
88 * @GNUTLS_CIPHER_BLOWFISH_PGP_CFB: Blowfish in CFB mode.
89 * @GNUTLS_CIPHER_SAFER_SK128_PGP_CFB: Safer-SK in CFB mode with 128-bit keys.
90 * @GNUTLS_CIPHER_AES128_PGP_CFB: AES in CFB mode with 128-bit keys.
91 * @GNUTLS_CIPHER_AES192_PGP_CFB: AES in CFB mode with 192-bit keys.
92 * @GNUTLS_CIPHER_AES256_PGP_CFB: AES in CFB mode with 256-bit keys.
93 * @GNUTLS_CIPHER_TWOFISH_PGP_CFB: Twofish in CFB mode.
94 *
95 * Enumeration of different symmetric encryption algorithms.
96 */
97 typedef enum gnutls_cipher_algorithm
98 {
99 GNUTLS_CIPHER_UNKNOWN = 0,
100 GNUTLS_CIPHER_NULL = 1,
101 GNUTLS_CIPHER_ARCFOUR_128 = 2,
102 GNUTLS_CIPHER_3DES_CBC = 3,
103 GNUTLS_CIPHER_AES_128_CBC = 4,
104 GNUTLS_CIPHER_AES_256_CBC = 5,
105 GNUTLS_CIPHER_ARCFOUR_40 = 6,
106 GNUTLS_CIPHER_CAMELLIA_128_CBC = 7,
107 GNUTLS_CIPHER_CAMELLIA_256_CBC = 8,
108 GNUTLS_CIPHER_RC2_40_CBC = 90,
109 GNUTLS_CIPHER_DES_CBC = 91,
110 GNUTLS_CIPHER_AES_192_CBC = 92,
111 GNUTLS_CIPHER_AES_128_GCM = 93,
112 GNUTLS_CIPHER_AES_256_GCM = 94,
113 GNUTLS_CIPHER_CAMELLIA_192_CBC = 95,
114
115 /* used only for PGP internals. Ignored in TLS/SSL
116 */
117 GNUTLS_CIPHER_IDEA_PGP_CFB = 200,
118 GNUTLS_CIPHER_3DES_PGP_CFB = 201,
119 GNUTLS_CIPHER_CAST5_PGP_CFB = 202,
120 GNUTLS_CIPHER_BLOWFISH_PGP_CFB = 203,
121 GNUTLS_CIPHER_SAFER_SK128_PGP_CFB = 204,
122 GNUTLS_CIPHER_AES128_PGP_CFB = 205,
123 GNUTLS_CIPHER_AES192_PGP_CFB = 206,
124 GNUTLS_CIPHER_AES256_PGP_CFB = 207,
125 GNUTLS_CIPHER_TWOFISH_PGP_CFB = 208
126 } gnutls_cipher_algorithm_t;
127
128 /**
129 * gnutls_kx_algorithm_t:
130 * @GNUTLS_KX_UNKNOWN: Unknown key-exchange algorithm.
131 * @GNUTLS_KX_RSA: RSA key-exchange algorithm.
132 * @GNUTLS_KX_DHE_DSS: DHE-DSS key-exchange algorithm.
133 * @GNUTLS_KX_DHE_RSA: DHE-RSA key-exchange algorithm.
134 * @GNUTLS_KX_ECDHE_RSA: ECDHE-RSA key-exchange algorithm.
135 * @GNUTLS_KX_ECDHE_ECDSA: ECDHE-ECDSA key-exchange algorithm.
136 * @GNUTLS_KX_ANON_DH: Anon-DH key-exchange algorithm.
137 * @GNUTLS_KX_ANON_ECDH: Anon-ECDH key-exchange algorithm.
138 * @GNUTLS_KX_SRP: SRP key-exchange algorithm.
139 * @GNUTLS_KX_RSA_EXPORT: RSA-EXPORT key-exchange algorithm.
140 * @GNUTLS_KX_SRP_RSA: SRP-RSA key-exchange algorithm.
141 * @GNUTLS_KX_SRP_DSS: SRP-DSS key-exchange algorithm.
142 * @GNUTLS_KX_PSK: PSK key-exchange algorithm.
143 * @GNUTLS_KX_DHE_PSK: DHE-PSK key-exchange algorithm.
144 * @GNUTLS_KX_ECDHE_PSK: ECDHE-PSK key-exchange algorithm.
145 *
146 * Enumeration of different key exchange algorithms.
147 */
148 typedef enum
149 {
150 GNUTLS_KX_UNKNOWN = 0,
151 GNUTLS_KX_RSA = 1,
152 GNUTLS_KX_DHE_DSS = 2,
153 GNUTLS_KX_DHE_RSA = 3,
154 GNUTLS_KX_ANON_DH = 4,
155 GNUTLS_KX_SRP = 5,
156 GNUTLS_KX_RSA_EXPORT = 6,
157 GNUTLS_KX_SRP_RSA = 7,
158 GNUTLS_KX_SRP_DSS = 8,
159 GNUTLS_KX_PSK = 9,
160 GNUTLS_KX_DHE_PSK = 10,
161 GNUTLS_KX_ANON_ECDH = 11,
162 GNUTLS_KX_ECDHE_RSA = 12,
163 GNUTLS_KX_ECDHE_ECDSA = 13,
164 GNUTLS_KX_ECDHE_PSK = 14,
165 } gnutls_kx_algorithm_t;
166
167 /**
168 * gnutls_params_type_t:
169 * @GNUTLS_PARAMS_RSA_EXPORT: Session RSA-EXPORT parameters.
170 * @GNUTLS_PARAMS_DH: Session Diffie-Hellman parameters.
171 * @GNUTLS_PARAMS_ECDH: Session Elliptic-Curve Diffie-Hellman parameters.
172 *
173 * Enumeration of different TLS session parameter types.
174 */
175 typedef enum
176 {
177 GNUTLS_PARAMS_RSA_EXPORT = 1,
178 GNUTLS_PARAMS_DH = 2,
179 GNUTLS_PARAMS_ECDH = 3,
180 } gnutls_params_type_t;
181
182 /**
183 * gnutls_credentials_type_t:
184 * @GNUTLS_CRD_CERTIFICATE: Certificate credential.
185 * @GNUTLS_CRD_ANON: Anonymous credential.
186 * @GNUTLS_CRD_SRP: SRP credential.
187 * @GNUTLS_CRD_PSK: PSK credential.
188 * @GNUTLS_CRD_IA: IA credential.
189 *
190 * Enumeration of different credential types.
191 */
192 typedef enum
193 {
194 GNUTLS_CRD_CERTIFICATE = 1,
195 GNUTLS_CRD_ANON,
196 GNUTLS_CRD_SRP,
197 GNUTLS_CRD_PSK,
198 GNUTLS_CRD_IA
199 } gnutls_credentials_type_t;
200
201 #define GNUTLS_MAC_SHA GNUTLS_MAC_SHA1
202 #define GNUTLS_DIG_SHA GNUTLS_DIG_SHA1
203
204 /**
205 * gnutls_mac_algorithm_t:
206 * @GNUTLS_MAC_UNKNOWN: Unknown MAC algorithm.
207 * @GNUTLS_MAC_NULL: NULL MAC algorithm (empty output).
208 * @GNUTLS_MAC_MD5: HMAC-MD5 algorithm.
209 * @GNUTLS_MAC_SHA1: HMAC-SHA-1 algorithm.
210 * @GNUTLS_MAC_RMD160: HMAC-RMD160 algorithm.
211 * @GNUTLS_MAC_MD2: HMAC-MD2 algorithm.
212 * @GNUTLS_MAC_SHA256: HMAC-SHA-256 algorithm.
213 * @GNUTLS_MAC_SHA384: HMAC-SHA-384 algorithm.
214 * @GNUTLS_MAC_SHA512: HMAC-SHA-512 algorithm.
215 * @GNUTLS_MAC_SHA224: HMAC-SHA-224 algorithm.
216 * @GNUTLS_MAC_AEAD: MAC implicit through AEAD cipher.
217 *
218 * Enumeration of different Message Authentication Code (MAC)
219 * algorithms.
220 */
221 typedef enum
222 {
223 GNUTLS_MAC_UNKNOWN = 0,
224 GNUTLS_MAC_NULL = 1,
225 GNUTLS_MAC_MD5 = 2,
226 GNUTLS_MAC_SHA1 = 3,
227 GNUTLS_MAC_RMD160 = 4,
228 GNUTLS_MAC_MD2 = 5,
229 GNUTLS_MAC_SHA256 = 6,
230 GNUTLS_MAC_SHA384 = 7,
231 GNUTLS_MAC_SHA512 = 8,
232 GNUTLS_MAC_SHA224 = 9,
233 /* If you add anything here, make sure you align with
234 gnutls_digest_algorithm_t. */
235 GNUTLS_MAC_AEAD = 200 /* indicates that MAC is on the cipher */
236 } gnutls_mac_algorithm_t;
237
238 /**
239 * gnutls_digest_algorithm_t:
240 * @GNUTLS_DIG_UNKNOWN: Unknown hash algorithm.
241 * @GNUTLS_DIG_NULL: NULL hash algorithm (empty output).
242 * @GNUTLS_DIG_MD5: MD5 algorithm.
243 * @GNUTLS_DIG_SHA1: SHA-1 algorithm.
244 * @GNUTLS_DIG_RMD160: RMD160 algorithm.
245 * @GNUTLS_DIG_MD2: MD2 algorithm.
246 * @GNUTLS_DIG_SHA256: SHA-256 algorithm.
247 * @GNUTLS_DIG_SHA384: SHA-384 algorithm.
248 * @GNUTLS_DIG_SHA512: SHA-512 algorithm.
249 * @GNUTLS_DIG_SHA224: SHA-224 algorithm.
250 *
251 * Enumeration of different digest (hash) algorithms.
252 */
253 typedef enum
254 {
255 GNUTLS_DIG_UNKNOWN = GNUTLS_MAC_UNKNOWN,
256 GNUTLS_DIG_NULL = GNUTLS_MAC_NULL,
257 GNUTLS_DIG_MD5 = GNUTLS_MAC_MD5,
258 GNUTLS_DIG_SHA1 = GNUTLS_MAC_SHA1,
259 GNUTLS_DIG_RMD160 = GNUTLS_MAC_RMD160,
260 GNUTLS_DIG_MD2 = GNUTLS_MAC_MD2,
261 GNUTLS_DIG_SHA256 = GNUTLS_MAC_SHA256,
262 GNUTLS_DIG_SHA384 = GNUTLS_MAC_SHA384,
263 GNUTLS_DIG_SHA512 = GNUTLS_MAC_SHA512,
264 GNUTLS_DIG_SHA224 = GNUTLS_MAC_SHA224
265 /* If you add anything here, make sure you align with
266 gnutls_mac_algorithm_t. */
267 } gnutls_digest_algorithm_t;
268
269 /* exported for other gnutls headers. This is the maximum number of
270 * algorithms (ciphers, kx or macs).
271 */
272 #define GNUTLS_MAX_ALGORITHM_NUM 32
273
274 /**
275 * gnutls_compression_method_t:
276 * @GNUTLS_COMP_UNKNOWN: Unknown compression method.
277 * @GNUTLS_COMP_NULL: The NULL compression method (no compression).
278 * @GNUTLS_COMP_DEFLATE: The DEFLATE compression method from zlib.
279 * @GNUTLS_COMP_ZLIB: Same as %GNUTLS_COMP_DEFLATE.
280 *
281 * Enumeration of different TLS compression methods.
282 */
283 typedef enum
284 {
285 GNUTLS_COMP_UNKNOWN = 0,
286 GNUTLS_COMP_NULL = 1,
287 GNUTLS_COMP_DEFLATE = 2,
288 GNUTLS_COMP_ZLIB = GNUTLS_COMP_DEFLATE,
289 } gnutls_compression_method_t;
290
291 /*
292 * Flags for gnutls_init()
293 *
294 * @GNUTLS_SERVER: Connection end is a server.
295 * @GNUTLS_CLIENT: Connection end is a client.
296 * @GNUTLS_DATAGRAM: Connection is datagram oriented (DTLS).
297 * @GNUTLS_NONBLOCK: Connection should not block (DTLS).
298 * @GNUTLS_NO_EXTENSIONS: Do not enable any TLS extensions by default.
299 *
300 */
301 #define GNUTLS_SERVER 1
302 #define GNUTLS_CLIENT (1<<1)
303 #define GNUTLS_DATAGRAM (1<<2)
304 #define GNUTLS_NONBLOCK (1<<3)
305 #define GNUTLS_NO_EXTENSIONS (1<<4)
306
307 /**
308 * gnutls_alert_level_t:
309 * @GNUTLS_AL_WARNING: Alert of warning severity.
310 * @GNUTLS_AL_FATAL: Alert of fatal severity.
311 *
312 * Enumeration of different TLS alert severities.
313 */
314 typedef enum
315 {
316 GNUTLS_AL_WARNING = 1,
317 GNUTLS_AL_FATAL
318 } gnutls_alert_level_t;
319
320 /**
321 * gnutls_alert_description_t:
322 * @GNUTLS_A_CLOSE_NOTIFY: Close notify.
323 * @GNUTLS_A_UNEXPECTED_MESSAGE: Unexpected message.
324 * @GNUTLS_A_BAD_RECORD_MAC: Bad record MAC.
325 * @GNUTLS_A_DECRYPTION_FAILED: Decryption failed.
326 * @GNUTLS_A_RECORD_OVERFLOW: Record overflow.
327 * @GNUTLS_A_DECOMPRESSION_FAILURE: Decompression failed.
328 * @GNUTLS_A_HANDSHAKE_FAILURE: Handshake failed.
329 * @GNUTLS_A_SSL3_NO_CERTIFICATE: No certificate.
330 * @GNUTLS_A_BAD_CERTIFICATE: Certificate is bad.
331 * @GNUTLS_A_UNSUPPORTED_CERTIFICATE: Certificate is not supported.
332 * @GNUTLS_A_CERTIFICATE_REVOKED: Certificate was revoked.
333 * @GNUTLS_A_CERTIFICATE_EXPIRED: Certificate is expired.
334 * @GNUTLS_A_CERTIFICATE_UNKNOWN: Unknown certificate.
335 * @GNUTLS_A_ILLEGAL_PARAMETER: Illegal parameter.
336 * @GNUTLS_A_UNKNOWN_CA: CA is unknown.
337 * @GNUTLS_A_ACCESS_DENIED: Access was denied.
338 * @GNUTLS_A_DECODE_ERROR: Decode error.
339 * @GNUTLS_A_DECRYPT_ERROR: Decrypt error.
340 * @GNUTLS_A_EXPORT_RESTRICTION: Export restriction.
341 * @GNUTLS_A_PROTOCOL_VERSION: Error in protocol version.
342 * @GNUTLS_A_INSUFFICIENT_SECURITY: Insufficient security.
343 * @GNUTLS_A_USER_CANCELED: User canceled.
344 * @GNUTLS_A_INTERNAL_ERROR: Internal error.
345 * @GNUTLS_A_NO_RENEGOTIATION: No renegotiation is allowed.
346 * @GNUTLS_A_CERTIFICATE_UNOBTAINABLE: Could not retrieve the
347 * specified certificate.
348 * @GNUTLS_A_UNSUPPORTED_EXTENSION: An unsupported extension was
349 * sent.
350 * @GNUTLS_A_UNRECOGNIZED_NAME: The server name sent was not
351 * recognized.
352 * @GNUTLS_A_UNKNOWN_PSK_IDENTITY: The SRP/PSK username is missing
353 * or not known.
354 *
355 * Enumeration of different TLS alerts.
356 */
357 typedef enum
358 {
359 GNUTLS_A_CLOSE_NOTIFY,
360 GNUTLS_A_UNEXPECTED_MESSAGE = 10,
361 GNUTLS_A_BAD_RECORD_MAC = 20,
362 GNUTLS_A_DECRYPTION_FAILED,
363 GNUTLS_A_RECORD_OVERFLOW,
364 GNUTLS_A_DECOMPRESSION_FAILURE = 30,
365 GNUTLS_A_HANDSHAKE_FAILURE = 40,
366 GNUTLS_A_SSL3_NO_CERTIFICATE = 41,
367 GNUTLS_A_BAD_CERTIFICATE = 42,
368 GNUTLS_A_UNSUPPORTED_CERTIFICATE,
369 GNUTLS_A_CERTIFICATE_REVOKED,
370 GNUTLS_A_CERTIFICATE_EXPIRED,
371 GNUTLS_A_CERTIFICATE_UNKNOWN,
372 GNUTLS_A_ILLEGAL_PARAMETER,
373 GNUTLS_A_UNKNOWN_CA,
374 GNUTLS_A_ACCESS_DENIED,
375 GNUTLS_A_DECODE_ERROR = 50,
376 GNUTLS_A_DECRYPT_ERROR,
377 GNUTLS_A_EXPORT_RESTRICTION = 60,
378 GNUTLS_A_PROTOCOL_VERSION = 70,
379 GNUTLS_A_INSUFFICIENT_SECURITY,
380 GNUTLS_A_INTERNAL_ERROR = 80,
381 GNUTLS_A_USER_CANCELED = 90,
382 GNUTLS_A_NO_RENEGOTIATION = 100,
383 GNUTLS_A_UNSUPPORTED_EXTENSION = 110,
384 GNUTLS_A_CERTIFICATE_UNOBTAINABLE = 111,
385 GNUTLS_A_UNRECOGNIZED_NAME = 112,
386 GNUTLS_A_UNKNOWN_PSK_IDENTITY = 115,
387 } gnutls_alert_description_t;
388
389 /**
390 * gnutls_handshake_description_t:
391 * @GNUTLS_HANDSHAKE_HELLO_REQUEST: Hello request.
392 * @GNUTLS_HANDSHAKE_HELLO_VERIFY_REQUEST: DTLS Hello verify request.
393 * @GNUTLS_HANDSHAKE_CLIENT_HELLO: Client hello.
394 * @GNUTLS_HANDSHAKE_SERVER_HELLO: Server hello.
395 * @GNUTLS_HANDSHAKE_NEW_SESSION_TICKET: New session ticket.
396 * @GNUTLS_HANDSHAKE_CERTIFICATE_PKT: Certificate packet.
397 * @GNUTLS_HANDSHAKE_SERVER_KEY_EXCHANGE: Server key exchange.
398 * @GNUTLS_HANDSHAKE_CERTIFICATE_REQUEST: Certificate request.
399 * @GNUTLS_HANDSHAKE_SERVER_HELLO_DONE: Server hello done.
400 * @GNUTLS_HANDSHAKE_CERTIFICATE_VERIFY: Certificate verify.
401 * @GNUTLS_HANDSHAKE_CLIENT_KEY_EXCHANGE: Client key exchange.
402 * @GNUTLS_HANDSHAKE_FINISHED: Finished.
403 * @GNUTLS_HANDSHAKE_CERTIFICATE_STATUS: Certificate status (OCSP).
404 * @GNUTLS_HANDSHAKE_SUPPLEMENTAL: Supplemental.
405 * @GNUTLS_HANDSHAKE_CHANGE_CIPHER_SPEC: Change Cipher Spec.
406 * @GNUTLS_HANDSHAKE_CLIENT_HELLO_V2: SSLv2 Client Hello.
407 *
408 * Enumeration of different TLS handshake packets.
409 */
410 typedef enum
411 {
412 GNUTLS_HANDSHAKE_HELLO_REQUEST = 0,
413 GNUTLS_HANDSHAKE_CLIENT_HELLO = 1,
414 GNUTLS_HANDSHAKE_SERVER_HELLO = 2,
415 GNUTLS_HANDSHAKE_HELLO_VERIFY_REQUEST = 3,
416 GNUTLS_HANDSHAKE_NEW_SESSION_TICKET = 4,
417 GNUTLS_HANDSHAKE_CERTIFICATE_PKT = 11,
418 GNUTLS_HANDSHAKE_SERVER_KEY_EXCHANGE = 12,
419 GNUTLS_HANDSHAKE_CERTIFICATE_REQUEST = 13,
420 GNUTLS_HANDSHAKE_SERVER_HELLO_DONE = 14,
421 GNUTLS_HANDSHAKE_CERTIFICATE_VERIFY = 15,
422 GNUTLS_HANDSHAKE_CLIENT_KEY_EXCHANGE = 16,
423 GNUTLS_HANDSHAKE_FINISHED = 20,
424 GNUTLS_HANDSHAKE_CERTIFICATE_STATUS = 22,
425 GNUTLS_HANDSHAKE_SUPPLEMENTAL = 23,
426 GNUTLS_HANDSHAKE_CHANGE_CIPHER_SPEC = 254,
427 GNUTLS_HANDSHAKE_CLIENT_HELLO_V2 = 1024,
428 } gnutls_handshake_description_t;
429
430 /**
431 * gnutls_certificate_status_t:
432 * @GNUTLS_CERT_INVALID: The certificate is not signed by one of the
433 * known authorities or the signature is invalid.
434 * @GNUTLS_CERT_SIGNATURE_FAILURE: The signature verification failed.
435 * @GNUTLS_CERT_REVOKED: Certificate is revoked by its authority. In X.509 this will be
436 * set only if CRLs are checked.
437 * @GNUTLS_CERT_SIGNER_NOT_FOUND: The certificate's issuer is not known.
438 * This is the case if the issuer is not included in the trusted certificate list.
439 * @GNUTLS_CERT_SIGNER_NOT_CA: The certificate's signer was not a CA. This
440 * may happen if this was a version 1 certificate, which is common with
441 * some CAs, or a version 3 certificate without the basic constrains extension.
442 * @GNUTLS_CERT_INSECURE_ALGORITHM: The certificate was signed using an insecure
443 * algorithm such as MD2 or MD5. These algorithms have been broken and
444 * should not be trusted.
445 * @GNUTLS_CERT_NOT_ACTIVATED: The certificate is not yet activated.
446 * @GNUTLS_CERT_EXPIRED: The certificate has expired.
447 * @GNUTLS_CERT_REVOCATION_DATA_TOO_OLD: The OCSP revocation data are too old.
448 * @GNUTLS_CERT_REVOCATION_DATA_INVALID: The OCSP revocation data are invalid.
449 * @GNUTLS_CERT_UNEXPECTED_OWNER: The owner is not the expected one.
450 *
451 * Enumeration of certificate status codes. Note that the status
452 * bits may have different meanings in OpenPGP keys and X.509
453 * certificate verification.
454 */
455 typedef enum
456 {
457 GNUTLS_CERT_INVALID = 2,
458 GNUTLS_CERT_REVOKED = 32,
459 GNUTLS_CERT_SIGNER_NOT_FOUND = 64,
460 GNUTLS_CERT_SIGNER_NOT_CA = 128,
461 GNUTLS_CERT_INSECURE_ALGORITHM = 256,
462 GNUTLS_CERT_NOT_ACTIVATED = 512,
463 GNUTLS_CERT_EXPIRED = 1024,
464 GNUTLS_CERT_SIGNATURE_FAILURE = 2048,
465 GNUTLS_CERT_REVOCATION_DATA_TOO_OLD = 4096,
466 GNUTLS_CERT_REVOCATION_DATA_INVALID = 8192,
467 GNUTLS_CERT_UNEXPECTED_OWNER = 16384,
468 } gnutls_certificate_status_t;
469
470 /**
471 * gnutls_certificate_request_t:
472 * @GNUTLS_CERT_IGNORE: Ignore certificate.
473 * @GNUTLS_CERT_REQUEST: Request certificate.
474 * @GNUTLS_CERT_REQUIRE: Require certificate.
475 *
476 * Enumeration of certificate request types.
477 */
478 typedef enum
479 {
480 GNUTLS_CERT_IGNORE = 0,
481 GNUTLS_CERT_REQUEST = 1,
482 GNUTLS_CERT_REQUIRE = 2
483 } gnutls_certificate_request_t;
484
485 /**
486 * gnutls_openpgp_crt_status_t:
487 * @GNUTLS_OPENPGP_CERT: Send entire certificate.
488 * @GNUTLS_OPENPGP_CERT_FINGERPRINT: Send only certificate fingerprint.
489 *
490 * Enumeration of ways to send OpenPGP certificate.
491 */
492 typedef enum
493 {
494 GNUTLS_OPENPGP_CERT = 0,
495 GNUTLS_OPENPGP_CERT_FINGERPRINT = 1
496 } gnutls_openpgp_crt_status_t;
497
498 /**
499 * gnutls_close_request_t:
500 * @GNUTLS_SHUT_RDWR: Disallow further receives/sends.
501 * @GNUTLS_SHUT_WR: Disallow further sends.
502 *
503 * Enumeration of how TLS session should be terminated. See gnutls_bye().
504 */
505 typedef enum
506 {
507 GNUTLS_SHUT_RDWR = 0,
508 GNUTLS_SHUT_WR = 1
509 } gnutls_close_request_t;
510
511 /**
512 * gnutls_protocol_t:
513 * @GNUTLS_SSL3: SSL version 3.0.
514 * @GNUTLS_TLS1_0: TLS version 1.0.
515 * @GNUTLS_TLS1: Same as %GNUTLS_TLS1_0.
516 * @GNUTLS_TLS1_1: TLS version 1.1.
517 * @GNUTLS_TLS1_2: TLS version 1.2.
518 * @GNUTLS_DTLS1_0: DTLS version 1.0.
519 * @GNUTLS_DTLS0_9: DTLS version 0.9 (Cisco AnyConnect / OpenSSL 0.9.8e).
520 * @GNUTLS_VERSION_MAX: Maps to the highest supported TLS version.
521 * @GNUTLS_VERSION_UNKNOWN: Unknown SSL/TLS version.
522 *
523 * Enumeration of different SSL/TLS protocol versions.
524 */
525 typedef enum
526 {
527 GNUTLS_SSL3 = 1,
528 GNUTLS_TLS1_0 = 2,
529 GNUTLS_TLS1 = GNUTLS_TLS1_0,
530 GNUTLS_TLS1_1 = 3,
531 GNUTLS_TLS1_2 = 4,
532 GNUTLS_DTLS1_0 = 5,
533 GNUTLS_DTLS0_9 = 6,
534 GNUTLS_VERSION_MAX = GNUTLS_DTLS0_9,
535 GNUTLS_VERSION_UNKNOWN = 0xff
536 } gnutls_protocol_t;
537
538 /**
539 * gnutls_certificate_type_t:
540 * @GNUTLS_CRT_UNKNOWN: Unknown certificate type.
541 * @GNUTLS_CRT_X509: X.509 Certificate.
542 * @GNUTLS_CRT_OPENPGP: OpenPGP certificate.
543 * @GNUTLS_CRT_RAW: Raw public key (SubjectPublicKey)
544 *
545 * Enumeration of different certificate types.
546 */
547 typedef enum
548 {
549 GNUTLS_CRT_UNKNOWN = 0,
550 GNUTLS_CRT_X509 = 1,
551 GNUTLS_CRT_OPENPGP = 2,
552 GNUTLS_CRT_RAW = 3
553 } gnutls_certificate_type_t;
554
555 /**
556 * gnutls_x509_crt_fmt_t:
557 * @GNUTLS_X509_FMT_DER: X.509 certificate in DER format (binary).
558 * @GNUTLS_X509_FMT_PEM: X.509 certificate in PEM format (text).
559 *
560 * Enumeration of different certificate encoding formats.
561 */
562 typedef enum
563 {
564 GNUTLS_X509_FMT_DER = 0,
565 GNUTLS_X509_FMT_PEM = 1
566 } gnutls_x509_crt_fmt_t;
567
568 /**
569 * gnutls_certificate_print_formats_t:
570 * @GNUTLS_CRT_PRINT_FULL: Full information about certificate.
571 * @GNUTLS_CRT_PRINT_COMPACT: Information about certificate name in one line, plus identification of the public key.
572 * @GNUTLS_CRT_PRINT_ONELINE: Information about certificate in one line.
573 * @GNUTLS_CRT_PRINT_UNSIGNED_FULL: All info for an unsigned certificate.
574 *
575 * Enumeration of different certificate printing variants.
576 */
577 typedef enum gnutls_certificate_print_formats
578 {
579 GNUTLS_CRT_PRINT_FULL = 0,
580 GNUTLS_CRT_PRINT_ONELINE = 1,
581 GNUTLS_CRT_PRINT_UNSIGNED_FULL = 2,
582 GNUTLS_CRT_PRINT_COMPACT = 3
583 } gnutls_certificate_print_formats_t;
584
585 #define GNUTLS_PK_ECC GNUTLS_PK_EC
586 /**
587 * gnutls_pk_algorithm_t:
588 * @GNUTLS_PK_UNKNOWN: Unknown public-key algorithm.
589 * @GNUTLS_PK_RSA: RSA public-key algorithm.
590 * @GNUTLS_PK_DSA: DSA public-key algorithm.
591 * @GNUTLS_PK_DH: Diffie-Hellman algorithm. Used to generate parameters.
592 * @GNUTLS_PK_EC: Elliptic curve algorithm. Used to generate parameters.
593 *
594 * Enumeration of different public-key algorithms.
595 */
596 typedef enum
597 {
598 GNUTLS_PK_UNKNOWN = 0,
599 GNUTLS_PK_RSA = 1,
600 GNUTLS_PK_DSA = 2,
601 GNUTLS_PK_DH = 3,
602 GNUTLS_PK_EC = 4,
603 } gnutls_pk_algorithm_t;
604
605 const char *gnutls_pk_algorithm_get_name (gnutls_pk_algorithm_t algorithm);
606
607 /**
608 * gnutls_sign_algorithm_t:
609 * @GNUTLS_SIGN_UNKNOWN: Unknown signature algorithm.
610 * @GNUTLS_SIGN_RSA_SHA1: Digital signature algorithm RSA with SHA-1
611 * @GNUTLS_SIGN_RSA_SHA: Same as %GNUTLS_SIGN_RSA_SHA1.
612 * @GNUTLS_SIGN_DSA_SHA1: Digital signature algorithm DSA with SHA-1
613 * @GNUTLS_SIGN_DSA_SHA224: Digital signature algorithm DSA with SHA-224
614 * @GNUTLS_SIGN_DSA_SHA256: Digital signature algorithm DSA with SHA-256
615 * @GNUTLS_SIGN_DSA_SHA: Same as %GNUTLS_SIGN_DSA_SHA1.
616 * @GNUTLS_SIGN_RSA_MD5: Digital signature algorithm RSA with MD5.
617 * @GNUTLS_SIGN_RSA_MD2: Digital signature algorithm RSA with MD2.
618 * @GNUTLS_SIGN_RSA_RMD160: Digital signature algorithm RSA with RMD-160.
619 * @GNUTLS_SIGN_RSA_SHA256: Digital signature algorithm RSA with SHA-256.
620 * @GNUTLS_SIGN_RSA_SHA384: Digital signature algorithm RSA with SHA-384.
621 * @GNUTLS_SIGN_RSA_SHA512: Digital signature algorithm RSA with SHA-512.
622 * @GNUTLS_SIGN_RSA_SHA224: Digital signature algorithm RSA with SHA-224.
623 * @GNUTLS_SIGN_ECDSA_SHA1: ECDSA with SHA1.
624 * @GNUTLS_SIGN_ECDSA_SHA256: Digital signature algorithm ECDSA with SHA-256.
625 * @GNUTLS_SIGN_ECDSA_SHA384: Digital signature algorithm ECDSA with SHA-384.
626 * @GNUTLS_SIGN_ECDSA_SHA512: Digital signature algorithm ECDSA with SHA-512.
627 * @GNUTLS_SIGN_ECDSA_SHA224: Digital signature algorithm ECDSA with SHA-224.
628 *
629 * Enumeration of different digital signature algorithms.
630 */
631 typedef enum
632 {
633 GNUTLS_SIGN_UNKNOWN = 0,
634 GNUTLS_SIGN_RSA_SHA1 = 1,
635 GNUTLS_SIGN_RSA_SHA = GNUTLS_SIGN_RSA_SHA1,
636 GNUTLS_SIGN_DSA_SHA1 = 2,
637 GNUTLS_SIGN_DSA_SHA = GNUTLS_SIGN_DSA_SHA1,
638 GNUTLS_SIGN_RSA_MD5 = 3,
639 GNUTLS_SIGN_RSA_MD2 = 4,
640 GNUTLS_SIGN_RSA_RMD160 = 5,
641 GNUTLS_SIGN_RSA_SHA256 = 6,
642 GNUTLS_SIGN_RSA_SHA384 = 7,
643 GNUTLS_SIGN_RSA_SHA512 = 8,
644 GNUTLS_SIGN_RSA_SHA224 = 9,
645 GNUTLS_SIGN_DSA_SHA224 = 10,
646 GNUTLS_SIGN_DSA_SHA256 = 11,
647 GNUTLS_SIGN_ECDSA_SHA1 = 12,
648 GNUTLS_SIGN_ECDSA_SHA224 = 13,
649 GNUTLS_SIGN_ECDSA_SHA256 = 14,
650 GNUTLS_SIGN_ECDSA_SHA384 = 15,
651 GNUTLS_SIGN_ECDSA_SHA512 = 16,
652 } gnutls_sign_algorithm_t;
653
654 /**
655 * gnutls_ecc_curve_t:
656 * @GNUTLS_ECC_CURVE_INVALID: Cannot be known
657 * @GNUTLS_ECC_CURVE_SECP192R1: the SECP192R1 curve
658 * @GNUTLS_ECC_CURVE_SECP224R1: the SECP224R1 curve
659 * @GNUTLS_ECC_CURVE_SECP256R1: the SECP256R1 curve
660 * @GNUTLS_ECC_CURVE_SECP384R1: the SECP384R1 curve
661 * @GNUTLS_ECC_CURVE_SECP521R1: the SECP521R1 curve
662 *
663 * Enumeration of ECC curves.
664 */
665 typedef enum
666 {
667 GNUTLS_ECC_CURVE_INVALID=0,
668 GNUTLS_ECC_CURVE_SECP224R1,
669 GNUTLS_ECC_CURVE_SECP256R1,
670 GNUTLS_ECC_CURVE_SECP384R1,
671 GNUTLS_ECC_CURVE_SECP521R1,
672 GNUTLS_ECC_CURVE_SECP192R1,
673 } gnutls_ecc_curve_t;
674
675 /**
676 * gnutls_sec_param_t:
677 * @GNUTLS_SEC_PARAM_INSECURE: Less than 72 bits of security
678 * @GNUTLS_SEC_PARAM_WEAK: 72 bits of security
679 * @GNUTLS_SEC_PARAM_UNKNOWN: Cannot be known
680 * @GNUTLS_SEC_PARAM_LOW: 80 bits of security
681 * @GNUTLS_SEC_PARAM_LEGACY: 96 bits of security
682 * @GNUTLS_SEC_PARAM_NORMAL: 112 bits of security
683 * @GNUTLS_SEC_PARAM_HIGH: 128 bits of security
684 * @GNUTLS_SEC_PARAM_ULTRA: 192 bits of security
685 *
686 * Enumeration of security parameters for passive attacks.
687 */
688 typedef enum
689 {
690 GNUTLS_SEC_PARAM_INSECURE = -20,
691 GNUTLS_SEC_PARAM_WEAK = -10,
692 GNUTLS_SEC_PARAM_UNKNOWN = 0,
693 GNUTLS_SEC_PARAM_LOW = 1,
694 GNUTLS_SEC_PARAM_LEGACY = 2,
695 GNUTLS_SEC_PARAM_NORMAL = 3,
696 GNUTLS_SEC_PARAM_HIGH = 4,
697 GNUTLS_SEC_PARAM_ULTRA = 5,
698 } gnutls_sec_param_t;
699
700 /**
701 * gnutls_channel_binding_t:
702 * @GNUTLS_CB_TLS_UNIQUE: "tls-unique" (RFC 5929) channel binding
703 *
704 * Enumeration of support channel binding types.
705 */
706 typedef enum
707 {
708 GNUTLS_CB_TLS_UNIQUE
709 } gnutls_channel_binding_t;
710
711
712 /* If you want to change this, then also change the define in
713 * gnutls_int.h, and recompile.
714 */
715 typedef void *gnutls_transport_ptr_t;
716
717 struct gnutls_session_int;
718 typedef struct gnutls_session_int *gnutls_session_t;
719
720 struct gnutls_dh_params_int;
721 typedef struct gnutls_dh_params_int *gnutls_dh_params_t;
722
723 struct gnutls_ecdh_params_int;
724 typedef struct gnutls_ecdh_params_int *gnutls_ecdh_params_t;
725
726 /* XXX ugly. */
727 struct gnutls_x509_privkey_int;
728 typedef struct gnutls_x509_privkey_int *gnutls_rsa_params_t;
729
730 struct gnutls_priority_st;
731 typedef struct gnutls_priority_st *gnutls_priority_t;
732
733 typedef struct
734 {
735 unsigned char *data;
736 unsigned int size;
737 } gnutls_datum_t;
738
739
740 typedef struct gnutls_params_st
741 {
742 gnutls_params_type_t type;
743 union params
744 {
745 gnutls_dh_params_t dh;
746 gnutls_ecdh_params_t ecdh;
747 gnutls_rsa_params_t rsa_export;
748 } params;
749 int deinit;
750 } gnutls_params_st;
751
752 typedef int gnutls_params_function (gnutls_session_t, gnutls_params_type_t,
753 gnutls_params_st *);
754
755 /* internal functions */
756
757 int gnutls_init (gnutls_session_t * session,
758 unsigned int flags);
759 void gnutls_deinit (gnutls_session_t session);
760 #define _gnutls_deinit(x) gnutls_deinit(x)
761
762 int gnutls_bye (gnutls_session_t session, gnutls_close_request_t how);
763
764 int gnutls_handshake (gnutls_session_t session);
765
766 #define GNUTLS_DEFAULT_HANDSHAKE_TIMEOUT ((unsigned int)-1)
767 void gnutls_handshake_set_timeout (gnutls_session_t session,
768 unsigned int ms);
769 int gnutls_rehandshake (gnutls_session_t session);
770
771 gnutls_alert_description_t gnutls_alert_get (gnutls_session_t session);
772 int gnutls_alert_send (gnutls_session_t session,
773 gnutls_alert_level_t level,
774 gnutls_alert_description_t desc);
775 int gnutls_alert_send_appropriate (gnutls_session_t session, int err);
776 const char *gnutls_alert_get_name (gnutls_alert_description_t alert);
777 const char * gnutls_alert_get_strname (gnutls_alert_description_t alert);
778
779 gnutls_sec_param_t gnutls_pk_bits_to_sec_param (gnutls_pk_algorithm_t algo,
780 unsigned int bits);
781 const char *gnutls_sec_param_get_name (gnutls_sec_param_t param);
782 unsigned int gnutls_sec_param_to_pk_bits (gnutls_pk_algorithm_t algo,
783 gnutls_sec_param_t param);
784
785 /* Elliptic curves */
786 const char * gnutls_ecc_curve_get_name (gnutls_ecc_curve_t curve);
787 int gnutls_ecc_curve_get_size (gnutls_ecc_curve_t curve);
788 gnutls_ecc_curve_t gnutls_ecc_curve_get(gnutls_session_t session);
789
790 /* get information on the current session */
791 gnutls_cipher_algorithm_t gnutls_cipher_get (gnutls_session_t session);
792 gnutls_kx_algorithm_t gnutls_kx_get (gnutls_session_t session);
793 gnutls_mac_algorithm_t gnutls_mac_get (gnutls_session_t session);
794 gnutls_compression_method_t
795 gnutls_compression_get (gnutls_session_t session);
796 gnutls_certificate_type_t
797 gnutls_certificate_type_get (gnutls_session_t session);
798
799 int gnutls_sign_algorithm_get (gnutls_session_t session);
800
801 int gnutls_sign_algorithm_get_requested (gnutls_session_t session,
802 size_t indx,
803 gnutls_sign_algorithm_t * algo);
804
805 size_t gnutls_cipher_get_key_size (gnutls_cipher_algorithm_t algorithm);
806 size_t gnutls_mac_get_key_size (gnutls_mac_algorithm_t algorithm);
807
808 /* the name of the specified algorithms */
809 const char *gnutls_cipher_get_name (gnutls_cipher_algorithm_t algorithm);
810 const char *gnutls_mac_get_name (gnutls_mac_algorithm_t algorithm);
811 const char *gnutls_compression_get_name (gnutls_compression_method_t
812 algorithm);
813 const char *gnutls_kx_get_name (gnutls_kx_algorithm_t algorithm);
814 const char *gnutls_certificate_type_get_name (gnutls_certificate_type_t
815 type);
816 const char *gnutls_pk_get_name (gnutls_pk_algorithm_t algorithm);
817 const char *gnutls_sign_get_name (gnutls_sign_algorithm_t algorithm);
818 gnutls_digest_algorithm_t
819 gnutls_sign_get_hash_algorithm (gnutls_sign_algorithm_t sign);
820 gnutls_pk_algorithm_t
821 gnutls_sign_get_pk_algorithm (gnutls_sign_algorithm_t sign);
822 gnutls_sign_algorithm_t
823 gnutls_pk_to_sign (gnutls_pk_algorithm_t pk,
824 gnutls_digest_algorithm_t hash);
825
826 #define gnutls_sign_algorithm_get_name gnutls_sign_get_name
827
828 gnutls_mac_algorithm_t gnutls_mac_get_id (const char *name);
829 gnutls_compression_method_t gnutls_compression_get_id (const char *name);
830 gnutls_cipher_algorithm_t gnutls_cipher_get_id (const char *name);
831 gnutls_kx_algorithm_t gnutls_kx_get_id (const char *name);
832 gnutls_protocol_t gnutls_protocol_get_id (const char *name);
833 gnutls_certificate_type_t gnutls_certificate_type_get_id (const char *name);
834 gnutls_pk_algorithm_t gnutls_pk_get_id (const char *name);
835 gnutls_sign_algorithm_t gnutls_sign_get_id (const char *name);
836
837 /* list supported algorithms */
838 const gnutls_ecc_curve_t * gnutls_ecc_curve_list (void);
839 const gnutls_cipher_algorithm_t *gnutls_cipher_list (void);
840 const gnutls_mac_algorithm_t *gnutls_mac_list (void);
841 const gnutls_compression_method_t *gnutls_compression_list (void);
842 const gnutls_protocol_t *gnutls_protocol_list (void);
843 const gnutls_certificate_type_t *gnutls_certificate_type_list (void);
844 const gnutls_kx_algorithm_t *gnutls_kx_list (void);
845 const gnutls_pk_algorithm_t *gnutls_pk_list (void);
846 const gnutls_sign_algorithm_t *gnutls_sign_list (void);
847 const char *gnutls_cipher_suite_info (size_t idx,
848 unsigned char *cs_id,
849 gnutls_kx_algorithm_t * kx,
850 gnutls_cipher_algorithm_t * cipher,
851 gnutls_mac_algorithm_t * mac,
852 gnutls_protocol_t * min_version);
853
854 /* error functions */
855 int gnutls_error_is_fatal (int error);
856 int gnutls_error_to_alert (int err, int *level);
857
858 void gnutls_perror (int error);
859 const char *gnutls_strerror (int error);
860 const char *gnutls_strerror_name (int error);
861
862 /* Semi-internal functions.
863 */
864 void gnutls_handshake_set_private_extensions (gnutls_session_t session,
865 int allow);
866 gnutls_handshake_description_t
867 gnutls_handshake_get_last_out (gnutls_session_t session);
868 gnutls_handshake_description_t
869 gnutls_handshake_get_last_in (gnutls_session_t session);
870
871 /* Record layer functions.
872 */
873 #define GNUTLS_HEARTBEAT_WAIT 1
874 int gnutls_heartbeat_ping (gnutls_session_t session, size_t data_size,
875 unsigned int max_tries, unsigned int flags);
876 int gnutls_heartbeat_pong (gnutls_session_t session, unsigned int flags);
877
878 ssize_t gnutls_record_send (gnutls_session_t session, const void *data,
879 size_t data_size);
880 ssize_t gnutls_record_recv (gnutls_session_t session, void *data,
881 size_t data_size);
882 #define gnutls_read gnutls_record_recv
883 #define gnutls_write gnutls_record_send
884 ssize_t gnutls_record_recv_seq (gnutls_session_t session, void *data, size_t data_size,
885 unsigned char *seq);
886
887 void gnutls_session_enable_compatibility_mode (gnutls_session_t session);
888
889 void gnutls_record_disable_padding (gnutls_session_t session);
890
891 int gnutls_record_get_direction (gnutls_session_t session);
892
893 size_t gnutls_record_get_max_size (gnutls_session_t session);
894 ssize_t gnutls_record_set_max_size (gnutls_session_t session, size_t size);
895
896 size_t gnutls_record_check_pending (gnutls_session_t session);
897
898 int gnutls_prf (gnutls_session_t session,
899 size_t label_size, const char *label,
900 int server_random_first,
901 size_t extra_size, const char *extra,
902 size_t outsize, char *out);
903
904 int gnutls_prf_raw (gnutls_session_t session,
905 size_t label_size, const char *label,
906 size_t seed_size, const char *seed,
907 size_t outsize, char *out);
908
909 /**
910 * gnutls_server_name_type_t:
911 * @GNUTLS_NAME_DNS: Domain Name System name type.
912 *
913 * Enumeration of different server name types.
914 */
915 typedef enum
916 {
917 GNUTLS_NAME_DNS = 1
918 } gnutls_server_name_type_t;
919
920 int gnutls_server_name_set (gnutls_session_t session,
921 gnutls_server_name_type_t type,
922 const void *name, size_t name_length);
923
924 int gnutls_server_name_get (gnutls_session_t session,
925 void *data, size_t * data_length,
926 unsigned int *type, unsigned int indx);
927
928 unsigned int gnutls_heartbeat_get_timeout (gnutls_session_t session);
929 void gnutls_heartbeat_set_timeouts (gnutls_session_t session, unsigned int retrans_timeout,
930 unsigned int total_timeout);
931
932 #define GNUTLS_HB_PEER_ALLOWED_TO_SEND (1)
933 #define GNUTLS_HB_PEER_NOT_ALLOWED_TO_SEND (1<<1)
934
935 /* Heartbeat */
936 void gnutls_heartbeat_enable (gnutls_session_t session, unsigned int type);
937
938 #define GNUTLS_HB_LOCAL_ALLOWED_TO_SEND (1<<2)
939 int gnutls_heartbeat_allowed (gnutls_session_t session, unsigned int type);
940
941 /* Safe renegotiation */
942 int gnutls_safe_renegotiation_status (gnutls_session_t session);
943
944 /**
945 * gnutls_supplemental_data_format_type_t:
946 * @GNUTLS_SUPPLEMENTAL_USER_MAPPING_DATA: Supplemental user mapping data.
947 *
948 * Enumeration of different supplemental data types (RFC 4680).
949 */
950 typedef enum
951 {
952 GNUTLS_SUPPLEMENTAL_USER_MAPPING_DATA = 0
953 } gnutls_supplemental_data_format_type_t;
954
955 const char
956 *gnutls_supplemental_get_name (gnutls_supplemental_data_format_type_t
957 type);
958
959 /* SessionTicket, RFC 5077. */
960 int gnutls_session_ticket_key_generate (gnutls_datum_t * key);
961 int gnutls_session_ticket_enable_client (gnutls_session_t session);
962 int gnutls_session_ticket_enable_server (gnutls_session_t session,
963 const gnutls_datum_t * key);
964
965 int gnutls_key_generate (gnutls_datum_t * key, unsigned int key_size);
966
967 /* if you just want some defaults, use the following.
968 */
969 int gnutls_priority_init (gnutls_priority_t * priority_cache,
970 const char *priorities, const char **err_pos);
971 void gnutls_priority_deinit (gnutls_priority_t priority_cache);
972 int gnutls_priority_get_cipher_suite_index (gnutls_priority_t pcache, unsigned int idx, unsigned int *sidx);
973
974 int gnutls_priority_set (gnutls_session_t session,
975 gnutls_priority_t priority);
976 int gnutls_priority_set_direct (gnutls_session_t session,
977 const char *priorities,
978 const char **err_pos);
979
980 int gnutls_priority_certificate_type_list (gnutls_priority_t pcache, const unsigned int** list);
981 int gnutls_priority_sign_list (gnutls_priority_t pcache, const unsigned int** list);
982 int gnutls_priority_protocol_list (gnutls_priority_t pcache, const unsigned int** list);
983 int gnutls_priority_compression_list (gnutls_priority_t pcache, const unsigned int** list);
984 int gnutls_priority_ecc_curve_list (gnutls_priority_t pcache, const unsigned int** list);
985
986 /* for compatibility
987 */
988 int gnutls_set_default_priority (gnutls_session_t session);
989
990 /* Returns the name of a cipher suite */
991 const char *gnutls_cipher_suite_get_name (gnutls_kx_algorithm_t
992 kx_algorithm,
993 gnutls_cipher_algorithm_t
994 cipher_algorithm,
995 gnutls_mac_algorithm_t
996 mac_algorithm);
997
998 /* get the currently used protocol version */
999 gnutls_protocol_t gnutls_protocol_get_version (gnutls_session_t session);
1000
1001 const char *gnutls_protocol_get_name (gnutls_protocol_t version);
1002
1003
1004 /* get/set session
1005 */
1006 int gnutls_session_set_data (gnutls_session_t session,
1007 const void *session_data,
1008 size_t session_data_size);
1009 int gnutls_session_get_data (gnutls_session_t session, void *session_data,
1010 size_t * session_data_size);
1011 int gnutls_session_get_data2 (gnutls_session_t session,
1012 gnutls_datum_t * data);
1013 void gnutls_session_get_random (gnutls_session_t session, gnutls_datum_t* client,
1014 gnutls_datum_t* server);
1015
1016 int gnutls_session_set_premaster (gnutls_session_t session, unsigned int entity,
1017 gnutls_protocol_t version,
1018 gnutls_kx_algorithm_t kx,
1019 gnutls_cipher_algorithm_t cipher,
1020 gnutls_mac_algorithm_t mac,
1021 gnutls_compression_method_t comp,
1022 const gnutls_datum_t* master,
1023 const gnutls_datum_t * session_id);
1024
1025 /* returns the session ID */
1026 #define GNUTLS_MAX_SESSION_ID 32
1027 int gnutls_session_get_id (gnutls_session_t session, void *session_id,
1028 size_t * session_id_size);
1029 int gnutls_session_get_id2 (gnutls_session_t session, gnutls_datum_t *session_id);
1030
1031 int gnutls_session_channel_binding (gnutls_session_t session,
1032 gnutls_channel_binding_t cbtype,
1033 gnutls_datum_t * cb);
1034
1035 /* checks if this session is a resumed one
1036 */
1037 int gnutls_session_is_resumed (gnutls_session_t session);
1038 int gnutls_session_resumption_requested (gnutls_session_t session);
1039
1040 typedef int (*gnutls_db_store_func) (void *, gnutls_datum_t key,
1041 gnutls_datum_t data);
1042 typedef int (*gnutls_db_remove_func) (void *, gnutls_datum_t key);
1043 typedef gnutls_datum_t (*gnutls_db_retr_func) (void *, gnutls_datum_t key);
1044
1045 void gnutls_db_set_cache_expiration (gnutls_session_t session, int seconds);
1046
1047 void gnutls_db_remove_session (gnutls_session_t session);
1048 void gnutls_db_set_retrieve_function (gnutls_session_t session,
1049 gnutls_db_retr_func retr_func);
1050 void gnutls_db_set_remove_function (gnutls_session_t session,
1051 gnutls_db_remove_func rem_func);
1052 void gnutls_db_set_store_function (gnutls_session_t session,
1053 gnutls_db_store_func store_func);
1054 void gnutls_db_set_ptr (gnutls_session_t session, void *ptr);
1055 void *gnutls_db_get_ptr (gnutls_session_t session);
1056 int gnutls_db_check_entry (gnutls_session_t session,
1057 gnutls_datum_t session_entry);
1058
1059 typedef int (*gnutls_handshake_post_client_hello_func) (gnutls_session_t);
1060 void
1061 gnutls_handshake_set_post_client_hello_function (gnutls_session_t session,
1062 gnutls_handshake_post_client_hello_func
1063 func);
1064
1065 void gnutls_handshake_set_max_packet_length (gnutls_session_t session,
1066 size_t max);
1067
1068 /* returns libgnutls version (call it with a NULL argument)
1069 */
1070 const char *gnutls_check_version (const char *req_version);
1071
1072 /* Functions for setting/clearing credentials
1073 */
1074 void gnutls_credentials_clear (gnutls_session_t session);
1075
1076 /* cred is a structure defined by the kx algorithm
1077 */
1078 int gnutls_credentials_set (gnutls_session_t session,
1079 gnutls_credentials_type_t type, void *cred);
1080 #define gnutls_cred_set gnutls_credentials_set
1081
1082 /* x.509 types */
1083
1084 struct gnutls_x509_privkey_int;
1085 typedef struct gnutls_x509_privkey_int *gnutls_x509_privkey_t;
1086
1087 struct gnutls_x509_crl_int;
1088 typedef struct gnutls_x509_crl_int *gnutls_x509_crl_t;
1089
1090 struct gnutls_x509_crt_int;
1091 typedef struct gnutls_x509_crt_int *gnutls_x509_crt_t;
1092
1093 struct gnutls_x509_crq_int;
1094 typedef struct gnutls_x509_crq_int *gnutls_x509_crq_t;
1095
1096 struct gnutls_openpgp_keyring_int;
1097 typedef struct gnutls_openpgp_keyring_int *gnutls_openpgp_keyring_t;
1098
1099
1100 /* Credential structures - used in gnutls_credentials_set(); */
1101
1102 struct gnutls_certificate_credentials_st;
1103 typedef struct gnutls_certificate_credentials_st
1104 *gnutls_certificate_credentials_t;
1105 typedef gnutls_certificate_credentials_t
1106 gnutls_certificate_server_credentials;
1107 typedef gnutls_certificate_credentials_t
1108 gnutls_certificate_client_credentials;
1109
1110 typedef struct gnutls_anon_server_credentials_st
1111 *gnutls_anon_server_credentials_t;
1112 typedef struct gnutls_anon_client_credentials_st
1113 *gnutls_anon_client_credentials_t;
1114
1115 void gnutls_anon_free_server_credentials (gnutls_anon_server_credentials_t
1116 sc);
1117 int
1118 gnutls_anon_allocate_server_credentials (gnutls_anon_server_credentials_t
1119 * sc);
1120
1121 void gnutls_anon_set_server_dh_params (gnutls_anon_server_credentials_t res,
1122 gnutls_dh_params_t dh_params);
1123
1124 void
1125 gnutls_anon_set_server_params_function (gnutls_anon_server_credentials_t
1126 res,
1127 gnutls_params_function * func);
1128
1129 void
1130 gnutls_anon_free_client_credentials (gnutls_anon_client_credentials_t sc);
1131 int
1132 gnutls_anon_allocate_client_credentials (gnutls_anon_client_credentials_t
1133 * sc);
1134
1135 /* CERTFILE is an x509 certificate in PEM form.
1136 * KEYFILE is a pkcs-1 private key in PEM form (for RSA keys).
1137 */
1138 void
1139 gnutls_certificate_free_credentials (gnutls_certificate_credentials_t sc);
1140 int
1141 gnutls_certificate_allocate_credentials (gnutls_certificate_credentials_t
1142 * res);
1143
1144 int
1145 gnutls_certificate_get_issuer (gnutls_certificate_credentials_t sc,
1146 gnutls_x509_crt_t cert, gnutls_x509_crt_t* issuer, unsigned int flags);
1147
1148 void gnutls_certificate_free_keys (gnutls_certificate_credentials_t sc);
1149 void gnutls_certificate_free_cas (gnutls_certificate_credentials_t sc);
1150 void gnutls_certificate_free_ca_names (gnutls_certificate_credentials_t sc);
1151 void gnutls_certificate_free_crls (gnutls_certificate_credentials_t sc);
1152
1153 void gnutls_certificate_set_dh_params (gnutls_certificate_credentials_t res,
1154 gnutls_dh_params_t dh_params);
1155 void gnutls_certificate_set_verify_flags (gnutls_certificate_credentials_t
1156 res, unsigned int flags);
1157 void gnutls_certificate_update_verify_flags (gnutls_certificate_credentials_t
1158 res, unsigned int flags);
1159 void gnutls_certificate_set_verify_limits (gnutls_certificate_credentials_t
1160 res, unsigned int max_bits,
1161 unsigned int max_depth);
1162
1163 int
1164 gnutls_certificate_set_x509_system_trust (gnutls_certificate_credentials_t cred);
1165
1166 int
1167 gnutls_certificate_set_x509_trust_file (gnutls_certificate_credentials_t
1168 cred, const char *cafile,
1169 gnutls_x509_crt_fmt_t type);
1170 int gnutls_certificate_set_x509_trust_mem (gnutls_certificate_credentials_t
1171 res, const gnutls_datum_t * ca,
1172 gnutls_x509_crt_fmt_t type);
1173
1174 int
1175 gnutls_certificate_set_x509_crl_file (gnutls_certificate_credentials_t
1176 res, const char *crlfile,
1177 gnutls_x509_crt_fmt_t type);
1178 int gnutls_certificate_set_x509_crl_mem (gnutls_certificate_credentials_t
1179 res, const gnutls_datum_t * CRL,
1180 gnutls_x509_crt_fmt_t type);
1181
1182 int
1183 gnutls_certificate_set_x509_key_file (gnutls_certificate_credentials_t
1184 res, const char *certfile,
1185 const char *keyfile,
1186 gnutls_x509_crt_fmt_t type);
1187
1188 int gnutls_certificate_set_x509_key_mem (gnutls_certificate_credentials_t
1189 res, const gnutls_datum_t * cert,
1190 const gnutls_datum_t * key,
1191 gnutls_x509_crt_fmt_t type);
1192
1193 void gnutls_certificate_send_x509_rdn_sequence (gnutls_session_t session,
1194 int status);
1195
1196 int gnutls_certificate_set_x509_simple_pkcs12_file (gnutls_certificate_credentials_t res, const char *pkcs12file,
1197 gnutls_x509_crt_fmt_t type, const char *password);
1198 int gnutls_certificate_set_x509_simple_pkcs12_mem (gnutls_certificate_credentials_t res, const gnutls_datum_t * p12blob,
1199 gnutls_x509_crt_fmt_t type, const char *password);
1200
1201 /* New functions to allow setting already parsed X.509 stuff.
1202 */
1203
1204 int gnutls_certificate_set_x509_key (gnutls_certificate_credentials_t res,
1205 gnutls_x509_crt_t * cert_list,
1206 int cert_list_size,
1207 gnutls_x509_privkey_t key);
1208 int gnutls_certificate_set_x509_trust (gnutls_certificate_credentials_t res,
1209 gnutls_x509_crt_t * ca_list,
1210 int ca_list_size);
1211 int gnutls_certificate_set_x509_crl (gnutls_certificate_credentials_t res,
1212 gnutls_x509_crl_t * crl_list,
1213 int crl_list_size);
1214
1215 /* OCSP status request extension, RFC 6066 */
1216 typedef int (*gnutls_status_request_ocsp_func)
1217 (gnutls_session_t session, void *ptr, gnutls_datum_t *ocsp_response);
1218
1219 void gnutls_certificate_set_ocsp_status_request_function (gnutls_certificate_credentials_t res,
1220 gnutls_status_request_ocsp_func ocsp_func,
1221 void *ptr);
1222
1223 int gnutls_certificate_set_ocsp_status_request_file (gnutls_certificate_credentials_t res,
1224 const char* response_file, unsigned int flags);
1225
1226 int gnutls_ocsp_status_request_enable_client (gnutls_session_t session,
1227 gnutls_datum_t *responder_id,
1228 size_t responder_id_size,
1229 gnutls_datum_t *request_extensions);
1230
1231 int gnutls_ocsp_status_request_get (gnutls_session_t session, gnutls_datum_t *response);
1232
1233
1234 /* global state functions
1235 */
1236 int gnutls_global_init (void);
1237 void gnutls_global_deinit (void);
1238
1239 /**
1240 * gnutls_time_func:
1241 * @t: where to store time.
1242 *
1243 * Function prototype for time()-like function. Set with
1244 * gnutls_global_set_time_function().
1245 *
1246 * Returns: Number of seconds since the epoch, or (time_t)-1 on errors.
1247 */
1248 typedef time_t (*gnutls_time_func) (time_t *t);
1249
1250 typedef int (*mutex_init_func) (void **mutex);
1251 typedef int (*mutex_lock_func) (void **mutex);
1252 typedef int (*mutex_unlock_func) (void **mutex);
1253 typedef int (*mutex_deinit_func) (void **mutex);
1254
1255 void gnutls_global_set_mutex (mutex_init_func init, mutex_deinit_func deinit,
1256 mutex_lock_func lock, mutex_unlock_func unlock);
1257
1258 typedef void *(*gnutls_alloc_function) (size_t);
1259 typedef void *(*gnutls_calloc_function) (size_t, size_t);
1260 typedef int (*gnutls_is_secure_function) (const void *);
1261 typedef void (*gnutls_free_function) (void *);
1262 typedef void *(*gnutls_realloc_function) (void *, size_t);
1263
1264 void
1265 gnutls_global_set_mem_functions (gnutls_alloc_function alloc_func,
1266 gnutls_alloc_function secure_alloc_func,
1267 gnutls_is_secure_function is_secure_func,
1268 gnutls_realloc_function realloc_func,
1269 gnutls_free_function free_func);
1270
1271 void gnutls_global_set_time_function (gnutls_time_func time_func);
1272
1273 /* For use in callbacks */
1274 extern gnutls_alloc_function gnutls_malloc;
1275 extern gnutls_alloc_function gnutls_secure_malloc;
1276 extern gnutls_realloc_function gnutls_realloc;
1277 extern gnutls_calloc_function gnutls_calloc;
1278 extern gnutls_free_function gnutls_free;
1279
1280 extern char *(*gnutls_strdup) (const char *);
1281
1282 typedef void (*gnutls_log_func) (int, const char *);
1283 typedef void (*gnutls_audit_log_func) (gnutls_session_t, const char *);
1284 void gnutls_global_set_log_function (gnutls_log_func log_func);
1285 void gnutls_global_set_audit_log_function (gnutls_audit_log_func log_func);
1286 void gnutls_global_set_log_level (int level);
1287
1288 /* Diffie-Hellman parameter handling.
1289 */
1290 int gnutls_dh_params_init (gnutls_dh_params_t * dh_params);
1291 void gnutls_dh_params_deinit (gnutls_dh_params_t dh_params);
1292 int gnutls_dh_params_import_raw (gnutls_dh_params_t dh_params,
1293 const gnutls_datum_t * prime,
1294 const gnutls_datum_t * generator);
1295 int gnutls_dh_params_import_pkcs3 (gnutls_dh_params_t params,
1296 const gnutls_datum_t * pkcs3_params,
1297 gnutls_x509_crt_fmt_t format);
1298 int gnutls_dh_params_generate2 (gnutls_dh_params_t params,
1299 unsigned int bits);
1300 int gnutls_dh_params_export_pkcs3 (gnutls_dh_params_t params,
1301 gnutls_x509_crt_fmt_t format,
1302 unsigned char *params_data,
1303 size_t * params_data_size);
1304 int gnutls_dh_params_export2_pkcs3 (gnutls_dh_params_t params,
1305 gnutls_x509_crt_fmt_t format,
1306 gnutls_datum_t *out);
1307 int gnutls_dh_params_export_raw (gnutls_dh_params_t params,
1308 gnutls_datum_t * prime,
1309 gnutls_datum_t * generator,
1310 unsigned int *bits);
1311 int gnutls_dh_params_cpy (gnutls_dh_params_t dst, gnutls_dh_params_t src);
1312
1313
1314
1315 /* Session stuff
1316 */
1317 typedef struct
1318 {
1319 void *iov_base; /* Starting address */
1320 size_t iov_len; /* Number of bytes to transfer */
1321 } giovec_t;
1322
1323 typedef ssize_t (*gnutls_pull_func) (gnutls_transport_ptr_t, void *,
1324 size_t);
1325 typedef ssize_t (*gnutls_push_func) (gnutls_transport_ptr_t, const void *,
1326 size_t);
1327
1328 typedef int (*gnutls_pull_timeout_func) (gnutls_transport_ptr_t, unsigned int ms);
1329
1330 typedef ssize_t (*gnutls_vec_push_func) (gnutls_transport_ptr_t,
1331 const giovec_t * iov, int iovcnt);
1332
1333 typedef int (*gnutls_errno_func) (gnutls_transport_ptr_t);
1334
1335 void gnutls_transport_set_ptr (gnutls_session_t session,
1336 gnutls_transport_ptr_t ptr);
1337 void gnutls_transport_set_ptr2 (gnutls_session_t session,
1338 gnutls_transport_ptr_t recv_ptr,
1339 gnutls_transport_ptr_t send_ptr);
1340
1341 gnutls_transport_ptr_t gnutls_transport_get_ptr (gnutls_session_t session);
1342 void gnutls_transport_get_ptr2 (gnutls_session_t session,
1343 gnutls_transport_ptr_t * recv_ptr,
1344 gnutls_transport_ptr_t * send_ptr);
1345
1346 void gnutls_transport_set_vec_push_function (gnutls_session_t session,
1347 gnutls_vec_push_func vec_func);
1348 void gnutls_transport_set_push_function (gnutls_session_t session,
1349 gnutls_push_func push_func);
1350 void gnutls_transport_set_pull_function (gnutls_session_t session,
1351 gnutls_pull_func pull_func);
1352
1353 void gnutls_transport_set_pull_timeout_function (gnutls_session_t session,
1354 gnutls_pull_timeout_func func);
1355
1356 void gnutls_transport_set_errno_function (gnutls_session_t session,
1357 gnutls_errno_func errno_func);
1358
1359 void gnutls_transport_set_errno (gnutls_session_t session, int err);
1360
1361 /* session specific
1362 */
1363 void gnutls_session_set_ptr (gnutls_session_t session, void *ptr);
1364 void *gnutls_session_get_ptr (gnutls_session_t session);
1365
1366 void gnutls_openpgp_send_cert (gnutls_session_t session,
1367 gnutls_openpgp_crt_status_t status);
1368
1369 /* This function returns the hash of the given data.
1370 */
1371 int gnutls_fingerprint (gnutls_digest_algorithm_t algo,
1372 const gnutls_datum_t * data, void *result,
1373 size_t * result_size);
1374
1375 /**
1376 * gnutls_random_art_t:
1377 * @GNUTLS_RANDOM_ART_OPENSSH: OpenSSH-style random art.
1378 *
1379 * Enumeration of different random art types.
1380 */
1381 typedef enum gnutls_random_art
1382 {
1383 GNUTLS_RANDOM_ART_OPENSSH=1,
1384 } gnutls_random_art_t;
1385
1386 int gnutls_random_art (gnutls_random_art_t type,
1387 const char* key_type, unsigned int key_size,
1388 void * fpr, size_t fpr_size,
1389 gnutls_datum_t* art);
1390
1391 /* SRP
1392 */
1393
1394 typedef struct gnutls_srp_server_credentials_st
1395 *gnutls_srp_server_credentials_t;
1396 typedef struct gnutls_srp_client_credentials_st
1397 *gnutls_srp_client_credentials_t;
1398
1399 void
1400 gnutls_srp_free_client_credentials (gnutls_srp_client_credentials_t sc);
1401 int
1402 gnutls_srp_allocate_client_credentials (gnutls_srp_client_credentials_t *
1403 sc);
1404 int gnutls_srp_set_client_credentials (gnutls_srp_client_credentials_t res,
1405 const char *username,
1406 const char *password);
1407
1408 void
1409 gnutls_srp_free_server_credentials (gnutls_srp_server_credentials_t sc);
1410 int
1411 gnutls_srp_allocate_server_credentials (gnutls_srp_server_credentials_t *
1412 sc);
1413 int gnutls_srp_set_server_credentials_file (gnutls_srp_server_credentials_t
1414 res, const char *password_file,
1415 const char *password_conf_file);
1416
1417 const char *gnutls_srp_server_get_username (gnutls_session_t session);
1418
1419 extern void gnutls_srp_set_prime_bits (gnutls_session_t session,
1420 unsigned int bits);
1421
1422 int gnutls_srp_verifier (const char *username,
1423 const char *password,
1424 const gnutls_datum_t * salt,
1425 const gnutls_datum_t * generator,
1426 const gnutls_datum_t * prime,
1427 gnutls_datum_t * res);
1428
1429 /* The static parameters defined in draft-ietf-tls-srp-05
1430 * Those should be used as input to gnutls_srp_verifier().
1431 */
1432 extern const gnutls_datum_t gnutls_srp_4096_group_prime;
1433 extern const gnutls_datum_t gnutls_srp_4096_group_generator;
1434
1435 extern const gnutls_datum_t gnutls_srp_3072_group_prime;
1436 extern const gnutls_datum_t gnutls_srp_3072_group_generator;
1437
1438 extern const gnutls_datum_t gnutls_srp_2048_group_prime;
1439 extern const gnutls_datum_t gnutls_srp_2048_group_generator;
1440
1441 extern const gnutls_datum_t gnutls_srp_1536_group_prime;
1442 extern const gnutls_datum_t gnutls_srp_1536_group_generator;
1443
1444 extern const gnutls_datum_t gnutls_srp_1024_group_prime;
1445 extern const gnutls_datum_t gnutls_srp_1024_group_generator;
1446
1447 typedef int gnutls_srp_server_credentials_function (gnutls_session_t,
1448 const char *username,
1449 gnutls_datum_t * salt,
1450 gnutls_datum_t *
1451 verifier,
1452 gnutls_datum_t *
1453 generator,
1454 gnutls_datum_t * prime);
1455 void
1456 gnutls_srp_set_server_credentials_function (
1457 gnutls_srp_server_credentials_t cred,
1458 gnutls_srp_server_credentials_function * func);
1459
1460 typedef int gnutls_srp_client_credentials_function (gnutls_session_t,
1461 char **, char **);
1462 void
1463 gnutls_srp_set_client_credentials_function (
1464 gnutls_srp_client_credentials_t cred,
1465 gnutls_srp_client_credentials_function * func);
1466
1467 int gnutls_srp_base64_encode (const gnutls_datum_t * data, char *result,
1468 size_t * result_size);
1469 int gnutls_srp_base64_encode_alloc (const gnutls_datum_t * data,
1470 gnutls_datum_t * result);
1471
1472 int gnutls_srp_base64_decode (const gnutls_datum_t * b64_data, char *result,
1473 size_t * result_size);
1474 int gnutls_srp_base64_decode_alloc (const gnutls_datum_t * b64_data,
1475 gnutls_datum_t * result);
1476
1477 /* PSK stuff */
1478 typedef struct gnutls_psk_server_credentials_st
1479 *gnutls_psk_server_credentials_t;
1480 typedef struct gnutls_psk_client_credentials_st
1481 *gnutls_psk_client_credentials_t;
1482
1483 /**
1484 * gnutls_psk_key_flags:
1485 * @GNUTLS_PSK_KEY_RAW: PSK-key in raw format.
1486 * @GNUTLS_PSK_KEY_HEX: PSK-key in hex format.
1487 *
1488 * Enumeration of different PSK key flags.
1489 */
1490 typedef enum gnutls_psk_key_flags
1491 {
1492 GNUTLS_PSK_KEY_RAW = 0,
1493 GNUTLS_PSK_KEY_HEX
1494 } gnutls_psk_key_flags;
1495
1496 void
1497 gnutls_psk_free_client_credentials (gnutls_psk_client_credentials_t sc);
1498 int
1499 gnutls_psk_allocate_client_credentials (gnutls_psk_client_credentials_t *
1500 sc);
1501 int gnutls_psk_set_client_credentials (gnutls_psk_client_credentials_t res,
1502 const char *username,
1503 const gnutls_datum_t * key,
1504 gnutls_psk_key_flags flags);
1505
1506 void
1507 gnutls_psk_free_server_credentials (gnutls_psk_server_credentials_t sc);
1508 int
1509 gnutls_psk_allocate_server_credentials (gnutls_psk_server_credentials_t *
1510 sc);
1511 int gnutls_psk_set_server_credentials_file (gnutls_psk_server_credentials_t
1512 res, const char *password_file);
1513
1514 int
1515 gnutls_psk_set_server_credentials_hint (gnutls_psk_server_credentials_t
1516 res, const char *hint);
1517
1518 const char *gnutls_psk_server_get_username (gnutls_session_t session);
1519 const char *gnutls_psk_client_get_hint (gnutls_session_t session);
1520
1521 typedef int gnutls_psk_server_credentials_function (gnutls_session_t,
1522 const char *username,
1523 gnutls_datum_t * key);
1524 void
1525 gnutls_psk_set_server_credentials_function (
1526 gnutls_psk_server_credentials_t cred,
1527 gnutls_psk_server_credentials_function * func);
1528
1529 typedef int gnutls_psk_client_credentials_function (gnutls_session_t,
1530 char **username,
1531 gnutls_datum_t * key);
1532 void
1533 gnutls_psk_set_client_credentials_function (
1534 gnutls_psk_client_credentials_t cred,
1535 gnutls_psk_client_credentials_function * func);
1536
1537 int gnutls_hex_encode (const gnutls_datum_t * data, char *result,
1538 size_t * result_size);
1539 int gnutls_hex_decode (const gnutls_datum_t * hex_data, void *result,
1540 size_t * result_size);
1541
1542 void
1543 gnutls_psk_set_server_dh_params (gnutls_psk_server_credentials_t res,
1544 gnutls_dh_params_t dh_params);
1545
1546 void
1547 gnutls_psk_set_server_params_function (gnutls_psk_server_credentials_t
1548 res,
1549 gnutls_params_function * func);
1550
1551 /**
1552 * gnutls_x509_subject_alt_name_t:
1553 * @GNUTLS_SAN_DNSNAME: DNS-name SAN.
1554 * @GNUTLS_SAN_RFC822NAME: E-mail address SAN.
1555 * @GNUTLS_SAN_URI: URI SAN.
1556 * @GNUTLS_SAN_IPADDRESS: IP address SAN.
1557 * @GNUTLS_SAN_OTHERNAME: OtherName SAN.
1558 * @GNUTLS_SAN_DN: DN SAN.
1559 * @GNUTLS_SAN_OTHERNAME_XMPP: Virtual SAN, used by
1560 * gnutls_x509_crt_get_subject_alt_othername_oid.
1561 *
1562 * Enumeration of different subject alternative names types.
1563 */
1564 typedef enum gnutls_x509_subject_alt_name_t
1565 {
1566 GNUTLS_SAN_DNSNAME = 1,
1567 GNUTLS_SAN_RFC822NAME = 2,
1568 GNUTLS_SAN_URI = 3,
1569 GNUTLS_SAN_IPADDRESS = 4,
1570 GNUTLS_SAN_OTHERNAME = 5,
1571 GNUTLS_SAN_DN = 6,
1572 /* The following are "virtual" subject alternative name types, in
1573 that they are represented by an otherName value and an OID.
1574 Used by gnutls_x509_crt_get_subject_alt_othername_oid. */
1575 GNUTLS_SAN_OTHERNAME_XMPP = 1000
1576 } gnutls_x509_subject_alt_name_t;
1577
1578 struct gnutls_openpgp_crt_int;
1579 typedef struct gnutls_openpgp_crt_int *gnutls_openpgp_crt_t;
1580
1581 struct gnutls_openpgp_privkey_int;
1582 typedef struct gnutls_openpgp_privkey_int *gnutls_openpgp_privkey_t;
1583
1584 struct gnutls_pkcs11_privkey_st;
1585 typedef struct gnutls_pkcs11_privkey_st *gnutls_pkcs11_privkey_t;
1586
1587 /**
1588 * gnutls_privkey_type_t:
1589 * @GNUTLS_PRIVKEY_X509: X.509 private key, #gnutls_x509_privkey_t.
1590 * @GNUTLS_PRIVKEY_OPENPGP: OpenPGP private key, #gnutls_openpgp_privkey_t.
1591 * @GNUTLS_PRIVKEY_PKCS11: PKCS11 private key, #gnutls_pkcs11_privkey_t.
1592 * @GNUTLS_PRIVKEY_EXT: External private key, operating using callbacks.
1593 *
1594 * Enumeration of different private key types.
1595 */
1596 typedef enum
1597 {
1598 GNUTLS_PRIVKEY_X509,
1599 GNUTLS_PRIVKEY_OPENPGP,
1600 GNUTLS_PRIVKEY_PKCS11,
1601 GNUTLS_PRIVKEY_EXT
1602 } gnutls_privkey_type_t;
1603
1604 typedef struct gnutls_retr2_st
1605 {
1606 gnutls_certificate_type_t cert_type;
1607 gnutls_privkey_type_t key_type;
1608
1609 union
1610 {
1611 gnutls_x509_crt_t *x509;
1612 gnutls_openpgp_crt_t pgp;
1613 } cert;
1614 unsigned int ncerts; /* one for pgp keys */
1615
1616 union
1617 {
1618 gnutls_x509_privkey_t x509;
1619 gnutls_openpgp_privkey_t pgp;
1620 gnutls_pkcs11_privkey_t pkcs11;
1621 } key;
1622
1623 unsigned int deinit_all; /* if non zero all keys will be deinited */
1624 } gnutls_retr2_st;
1625
1626
1627 /* Functions that allow auth_info_t structures handling
1628 */
1629
1630 gnutls_credentials_type_t gnutls_auth_get_type (gnutls_session_t session);
1631 gnutls_credentials_type_t
1632 gnutls_auth_server_get_type (gnutls_session_t session);
1633 gnutls_credentials_type_t
1634 gnutls_auth_client_get_type (gnutls_session_t session);
1635
1636 /* DH */
1637
1638 void gnutls_dh_set_prime_bits (gnutls_session_t session, unsigned int bits);
1639 int gnutls_dh_get_secret_bits (gnutls_session_t session);
1640 int gnutls_dh_get_peers_public_bits (gnutls_session_t session);
1641 int gnutls_dh_get_prime_bits (gnutls_session_t session);
1642
1643 int gnutls_dh_get_group (gnutls_session_t session, gnutls_datum_t * raw_gen,
1644 gnutls_datum_t * raw_prime);
1645 int gnutls_dh_get_pubkey (gnutls_session_t session,
1646 gnutls_datum_t * raw_key);
1647
1648 /* X509PKI */
1649
1650
1651 /* These are set on the credentials structure.
1652 */
1653
1654 /* use gnutls_certificate_set_retrieve_function2() in abstract.h
1655 * instead. It's much more efficient.
1656 */
1657
1658 typedef int gnutls_certificate_retrieve_function (gnutls_session_t,
1659 const
1660 gnutls_datum_t *
1661 req_ca_rdn,
1662 int nreqs,
1663 const
1664 gnutls_pk_algorithm_t
1665 * pk_algos,
1666 int
1667 pk_algos_length,
1668 gnutls_retr2_st *);
1669
1670
1671 void gnutls_certificate_set_retrieve_function (
1672 gnutls_certificate_credentials_t cred,
1673 gnutls_certificate_retrieve_function * func);
1674
1675 typedef int gnutls_certificate_verify_function (gnutls_session_t);
1676 void
1677 gnutls_certificate_set_verify_function (gnutls_certificate_credentials_t
1678 cred,
1679 gnutls_certificate_verify_function
1680 * func);
1681
1682 void
1683 gnutls_certificate_server_set_request (gnutls_session_t session,
1684 gnutls_certificate_request_t req);
1685
1686 /* get data from the session
1687 */
1688 const gnutls_datum_t *gnutls_certificate_get_peers (gnutls_session_t
1689 session,
1690 unsigned int
1691 *list_size);
1692 const gnutls_datum_t *gnutls_certificate_get_ours (gnutls_session_t
1693 session);
1694
1695 int gnutls_certificate_get_peers_subkey_id(gnutls_session_t session,
1696 gnutls_datum_t *id);
1697
1698 time_t gnutls_certificate_activation_time_peers (gnutls_session_t session);
1699 time_t gnutls_certificate_expiration_time_peers (gnutls_session_t session);
1700
1701 int gnutls_certificate_client_get_request_status (gnutls_session_t session);
1702 int gnutls_certificate_verify_peers2 (gnutls_session_t session,
1703 unsigned int *status);
1704 int gnutls_certificate_verify_peers3 (gnutls_session_t session,
1705 const char* hostname,
1706 unsigned int *status);
1707
1708 int gnutls_pem_base64_encode (const char *msg, const gnutls_datum_t * data,
1709 char *result, size_t * result_size);
1710 int gnutls_pem_base64_decode (const char *header,
1711 const gnutls_datum_t * b64_data,
1712 unsigned char *result, size_t * result_size);
1713
1714 int gnutls_pem_base64_encode_alloc (const char *msg,
1715 const gnutls_datum_t * data,
1716 gnutls_datum_t * result);
1717 int gnutls_pem_base64_decode_alloc (const char *header,
1718 const gnutls_datum_t * b64_data,
1719 gnutls_datum_t * result);
1720
1721 /* key_usage will be an OR of the following values:
1722 */
1723
1724 /* when the key is to be used for signing: */
1725 #define GNUTLS_KEY_DIGITAL_SIGNATURE 128
1726 #define GNUTLS_KEY_NON_REPUDIATION 64
1727 /* when the key is to be used for encryption: */
1728 #define GNUTLS_KEY_KEY_ENCIPHERMENT 32
1729 #define GNUTLS_KEY_DATA_ENCIPHERMENT 16
1730 #define GNUTLS_KEY_KEY_AGREEMENT 8
1731 #define GNUTLS_KEY_KEY_CERT_SIGN 4
1732 #define GNUTLS_KEY_CRL_SIGN 2
1733 #define GNUTLS_KEY_ENCIPHER_ONLY 1
1734 #define GNUTLS_KEY_DECIPHER_ONLY 32768
1735
1736 void
1737 gnutls_certificate_set_params_function (gnutls_certificate_credentials_t
1738 res,
1739 gnutls_params_function * func);
1740 void gnutls_anon_set_params_function (gnutls_anon_server_credentials_t res,
1741 gnutls_params_function * func);
1742 void gnutls_psk_set_params_function (gnutls_psk_server_credentials_t res,
1743 gnutls_params_function * func);
1744
1745 int gnutls_hex2bin (const char *hex_data, size_t hex_size,
1746 void *bin_data, size_t * bin_size);
1747
1748 /* Trust on first use (or ssh like) functions */
1749
1750 /* stores the provided information to a database
1751 */
1752 typedef int (*gnutls_tdb_store_func) (const char* db_name,
1753 const char* host,
1754 const char* service,
1755 time_t expiration,
1756 const gnutls_datum_t* pubkey);
1757
1758 typedef int (*gnutls_tdb_store_commitment_func) (const char* db_name,
1759 const char* host,
1760 const char* service,
1761 time_t expiration,
1762 gnutls_digest_algorithm_t hash_algo,
1763 const gnutls_datum_t* hash);
1764
1765 /* searches for the provided host/service pair that match the
1766 * provided public key in the database. */
1767 typedef int (*gnutls_tdb_verify_func) (const char* db_name,
1768 const char* host,
1769 const char* service,
1770 const gnutls_datum_t *pubkey);
1771
1772
1773 struct gnutls_tdb_int;
1774 typedef struct gnutls_tdb_int *gnutls_tdb_t;
1775
1776 int gnutls_tdb_init (gnutls_tdb_t *tdb);
1777 void gnutls_tdb_set_store_func (gnutls_tdb_t tdb,
1778 gnutls_tdb_store_func store);
1779 void gnutls_tdb_set_store_commitment_func (gnutls_tdb_t tdb,
1780 gnutls_tdb_store_commitment_func cstore);
1781 void gnutls_tdb_set_verify_func (gnutls_tdb_t tdb,
1782 gnutls_tdb_verify_func verify);
1783 void gnutls_tdb_deinit (gnutls_tdb_t tdb);
1784
1785 int gnutls_verify_stored_pubkey (const char* db_name,
1786 gnutls_tdb_t tdb,
1787 const char* host,
1788 const char* service,
1789 gnutls_certificate_type_t cert_type,
1790 const gnutls_datum_t * cert,
1791 unsigned int flags);
1792
1793 int gnutls_store_commitment (const char* db_name,
1794 gnutls_tdb_t tdb,
1795 const char* host,
1796 const char* service,
1797 gnutls_digest_algorithm_t hash_algo,
1798 const gnutls_datum_t* hash,
1799 time_t expiration,
1800 unsigned int flags);
1801
1802 int gnutls_store_pubkey (const char* db_name,
1803 gnutls_tdb_t tdb,
1804 const char* host,
1805 const char* service,
1806 gnutls_certificate_type_t cert_type,
1807 const gnutls_datum_t * cert,
1808 time_t expiration,
1809 unsigned int flags);
1810
1811 /* Other helper functions */
1812 int gnutls_load_file(const char* filename, gnutls_datum_t * data);
1813
1814 int gnutls_url_is_supported (const char* url);
1815
1816 /* PIN callback */
1817
1818 /**
1819 * gnutls_pin_flag_t:
1820 * @GNUTLS_PIN_USER: The PIN for the user.
1821 * @GNUTLS_PIN_SO: The PIN for the security officer (admin).
1822 * @GNUTLS_PIN_CONTEXT_SPECIFIC: The PIN is for a specific action and key like signing.
1823 * @GNUTLS_PIN_FINAL_TRY: This is the final try before blocking.
1824 * @GNUTLS_PIN_COUNT_LOW: Few tries remain before token blocks.
1825 * @GNUTLS_PIN_WRONG: Last given PIN was not correct.
1826 *
1827 * Enumeration of different flags that are input to the PIN function.
1828 */
1829 typedef enum
1830 {
1831 GNUTLS_PIN_USER = (1 << 0),
1832 GNUTLS_PIN_SO = (1 << 1),
1833 GNUTLS_PIN_FINAL_TRY = (1 << 2),
1834 GNUTLS_PIN_COUNT_LOW = (1 << 3),
1835 GNUTLS_PIN_CONTEXT_SPECIFIC = (1 << 4),
1836 GNUTLS_PIN_WRONG = (1 << 5),
1837 } gnutls_pin_flag_t;
1838
1839 #define GNUTLS_PKCS11_PIN_USER GNUTLS_PIN_USER
1840 #define GNUTLS_PKCS11_PIN_SO GNUTLS_PIN_SO
1841 #define GNUTLS_PKCS11_PIN_FINAL_TRY GNUTLS_PIN_FINAL_TRY
1842 #define GNUTLS_PKCS11_PIN_COUNT_LOW GNUTLS_PIN_COUNT_LOW
1843 #define GNUTLS_PKCS11_PIN_CONTEXT_SPECIFIC GNUTLS_PIN_CONTEXT_SPECIFIC
1844 #define GNUTLS_PKCS11_PIN_WRONG GNUTLS_PIN_WRONG
1845
1846 /**
1847 * gnutls_pin_callback_t:
1848 * @userdata: user-controlled data from gnutls_pkcs11_set_pin_function().
1849 * @attempt: pin-attempt counter, initially 0.
1850 * @token_url: URL of token.
1851 * @token_label: label of token.
1852 * @flags: a #gnutls_pin_flag_t flag.
1853 * @pin: buffer to hold PIN, of size @pin_max.
1854 * @pin_max: size of @pin buffer.
1855 *
1856 * Callback function type for PKCS#11 or TPM PIN entry. It is set by
1857 * functions like gnutls_pkcs11_set_pin_function().
1858 *
1859 * The callback should provides the PIN code to unlock the token with
1860 * label @token_label, specified by the URL @token_url.
1861 *
1862 * The PIN code, as a NUL-terminated ASCII string, should be copied
1863 * into the @pin buffer (of maximum size @pin_max), and return 0 to
1864 * indicate success. Alternatively, the callback may return a
1865 * negative gnutls error code to indicate failure and cancel PIN entry
1866 * (in which case, the contents of the @pin parameter are ignored).
1867 *
1868 * When a PIN is required, the callback will be invoked repeatedly
1869 * (and indefinitely) until either the returned PIN code is correct,
1870 * the callback returns failure, or the token refuses login (e.g. when
1871 * the token is locked due to too many incorrect PINs!). For the
1872 * first such invocation, the @attempt counter will have value zero;
1873 * it will increase by one for each subsequent attempt.
1874 *
1875 * Returns: %GNUTLS_E_SUCCESS (0) on success or a negative error code on error.
1876 *
1877 * Since: 2.12.0
1878 **/
1879 typedef int (*gnutls_pin_callback_t) (void *userdata, int attempt,
1880 const char *token_url,
1881 const char *token_label,
1882 unsigned int flags,
1883 char *pin, size_t pin_max);
1884
1885 void gnutls_certificate_set_pin_function (gnutls_certificate_credentials_t,
1886 gnutls_pin_callback_t fn, void *userdata);
1887
1888
1889 /* Gnutls error codes. The mapping to a TLS alert is also shown in
1890 * comments.
1891 */
1892
1893 #define GNUTLS_E_SUCCESS 0
1894 #define GNUTLS_E_UNKNOWN_COMPRESSION_ALGORITHM -3
1895 #define GNUTLS_E_UNKNOWN_CIPHER_TYPE -6
1896 #define GNUTLS_E_LARGE_PACKET -7
1897 #define GNUTLS_E_UNSUPPORTED_VERSION_PACKET -8 /* GNUTLS_A_PROTOCOL_VERSION */
1898 #define GNUTLS_E_UNEXPECTED_PACKET_LENGTH -9 /* GNUTLS_A_RECORD_OVERFLOW */
1899 #define GNUTLS_E_INVALID_SESSION -10
1900 #define GNUTLS_E_FATAL_ALERT_RECEIVED -12
1901 #define GNUTLS_E_UNEXPECTED_PACKET -15 /* GNUTLS_A_UNEXPECTED_MESSAGE */
1902 #define GNUTLS_E_WARNING_ALERT_RECEIVED -16
1903 #define GNUTLS_E_ERROR_IN_FINISHED_PACKET -18
1904 #define GNUTLS_E_UNEXPECTED_HANDSHAKE_PACKET -19
1905 #define GNUTLS_E_UNKNOWN_CIPHER_SUITE -21 /* GNUTLS_A_HANDSHAKE_FAILURE */
1906 #define GNUTLS_E_UNWANTED_ALGORITHM -22
1907 #define GNUTLS_E_MPI_SCAN_FAILED -23
1908 #define GNUTLS_E_DECRYPTION_FAILED -24 /* GNUTLS_A_DECRYPTION_FAILED, GNUTLS_A_BAD_RECORD_MAC */
1909 #define GNUTLS_E_MEMORY_ERROR -25
1910 #define GNUTLS_E_DECOMPRESSION_FAILED -26 /* GNUTLS_A_DECOMPRESSION_FAILURE */
1911 #define GNUTLS_E_COMPRESSION_FAILED -27
1912 #define GNUTLS_E_AGAIN -28
1913 #define GNUTLS_E_EXPIRED -29
1914 #define GNUTLS_E_DB_ERROR -30
1915 #define GNUTLS_E_SRP_PWD_ERROR -31
1916 #define GNUTLS_E_INSUFFICIENT_CREDENTIALS -32
1917 #define GNUTLS_E_INSUFICIENT_CREDENTIALS GNUTLS_E_INSUFFICIENT_CREDENTIALS /* for backwards compatibility only */
1918 #define GNUTLS_E_INSUFFICIENT_CRED GNUTLS_E_INSUFFICIENT_CREDENTIALS
1919 #define GNUTLS_E_INSUFICIENT_CRED GNUTLS_E_INSUFFICIENT_CREDENTIALS /* for backwards compatibility only */
1920
1921 #define GNUTLS_E_HASH_FAILED -33
1922 #define GNUTLS_E_BASE64_DECODING_ERROR -34
1923
1924 #define GNUTLS_E_MPI_PRINT_FAILED -35
1925 #define GNUTLS_E_REHANDSHAKE -37 /* GNUTLS_A_NO_RENEGOTIATION */
1926 #define GNUTLS_E_GOT_APPLICATION_DATA -38
1927 #define GNUTLS_E_RECORD_LIMIT_REACHED -39
1928 #define GNUTLS_E_ENCRYPTION_FAILED -40
1929
1930 #define GNUTLS_E_PK_ENCRYPTION_FAILED -44
1931 #define GNUTLS_E_PK_DECRYPTION_FAILED -45
1932 #define GNUTLS_E_PK_SIGN_FAILED -46
1933 #define GNUTLS_E_X509_UNSUPPORTED_CRITICAL_EXTENSION -47
1934 #define GNUTLS_E_KEY_USAGE_VIOLATION -48
1935 #define GNUTLS_E_NO_CERTIFICATE_FOUND -49 /* GNUTLS_A_BAD_CERTIFICATE */
1936 #define GNUTLS_E_INVALID_REQUEST -50
1937 #define GNUTLS_E_SHORT_MEMORY_BUFFER -51
1938 #define GNUTLS_E_INTERRUPTED -52
1939 #define GNUTLS_E_PUSH_ERROR -53
1940 #define GNUTLS_E_PULL_ERROR -54
1941 #define GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER -55 /* GNUTLS_A_ILLEGAL_PARAMETER */
1942 #define GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE -56
1943 #define GNUTLS_E_PKCS1_WRONG_PAD -57
1944 #define GNUTLS_E_RECEIVED_ILLEGAL_EXTENSION -58
1945 #define GNUTLS_E_INTERNAL_ERROR -59
1946 #define GNUTLS_E_DH_PRIME_UNACCEPTABLE -63
1947 #define GNUTLS_E_FILE_ERROR -64
1948 #define GNUTLS_E_TOO_MANY_EMPTY_PACKETS -78
1949 #define GNUTLS_E_UNKNOWN_PK_ALGORITHM -80
1950 #define GNUTLS_E_TOO_MANY_HANDSHAKE_PACKETS -81
1951
1952 /* returned if you need to generate temporary RSA
1953 * parameters. These are needed for export cipher suites.
1954 */
1955 #define GNUTLS_E_NO_TEMPORARY_RSA_PARAMS -84
1956
1957 #define GNUTLS_E_NO_COMPRESSION_ALGORITHMS -86
1958 #define GNUTLS_E_NO_CIPHER_SUITES -87
1959
1960 #define GNUTLS_E_OPENPGP_GETKEY_FAILED -88
1961 #define GNUTLS_E_PK_SIG_VERIFY_FAILED -89
1962
1963 #define GNUTLS_E_ILLEGAL_SRP_USERNAME -90
1964 #define GNUTLS_E_SRP_PWD_PARSING_ERROR -91
1965 #define GNUTLS_E_NO_TEMPORARY_DH_PARAMS -93
1966
1967 /* For certificate and key stuff
1968 */
1969 #define GNUTLS_E_ASN1_ELEMENT_NOT_FOUND -67
1970 #define GNUTLS_E_ASN1_IDENTIFIER_NOT_FOUND -68
1971 #define GNUTLS_E_ASN1_DER_ERROR -69
1972 #define GNUTLS_E_ASN1_VALUE_NOT_FOUND -70
1973 #define GNUTLS_E_ASN1_GENERIC_ERROR -71
1974 #define GNUTLS_E_ASN1_VALUE_NOT_VALID -72
1975 #define GNUTLS_E_ASN1_TAG_ERROR -73
1976 #define GNUTLS_E_ASN1_TAG_IMPLICIT -74
1977 #define GNUTLS_E_ASN1_TYPE_ANY_ERROR -75
1978 #define GNUTLS_E_ASN1_SYNTAX_ERROR -76
1979 #define GNUTLS_E_ASN1_DER_OVERFLOW -77
1980 #define GNUTLS_E_OPENPGP_UID_REVOKED -79
1981 #define GNUTLS_E_CERTIFICATE_ERROR -43
1982 #define GNUTLS_E_X509_CERTIFICATE_ERROR GNUTLS_E_CERTIFICATE_ERROR
1983 #define GNUTLS_E_CERTIFICATE_KEY_MISMATCH -60
1984 #define GNUTLS_E_UNSUPPORTED_CERTIFICATE_TYPE -61 /* GNUTLS_A_UNSUPPORTED_CERTIFICATE */
1985 #define GNUTLS_E_X509_UNKNOWN_SAN -62
1986 #define GNUTLS_E_OPENPGP_FINGERPRINT_UNSUPPORTED -94
1987 #define GNUTLS_E_X509_UNSUPPORTED_ATTRIBUTE -95
1988 #define GNUTLS_E_UNKNOWN_HASH_ALGORITHM -96
1989 #define GNUTLS_E_UNKNOWN_PKCS_CONTENT_TYPE -97
1990 #define GNUTLS_E_UNKNOWN_PKCS_BAG_TYPE -98
1991 #define GNUTLS_E_INVALID_PASSWORD -99
1992 #define GNUTLS_E_MAC_VERIFY_FAILED -100 /* for PKCS #12 MAC */
1993 #define GNUTLS_E_CONSTRAINT_ERROR -101
1994
1995 #define GNUTLS_E_WARNING_IA_IPHF_RECEIVED -102
1996 #define GNUTLS_E_WARNING_IA_FPHF_RECEIVED -103
1997
1998 #define GNUTLS_E_IA_VERIFY_FAILED -104
1999 #define GNUTLS_E_UNKNOWN_ALGORITHM -105
2000 #define GNUTLS_E_UNSUPPORTED_SIGNATURE_ALGORITHM -106
2001 #define GNUTLS_E_SAFE_RENEGOTIATION_FAILED -107
2002 #define GNUTLS_E_UNSAFE_RENEGOTIATION_DENIED -108
2003 #define GNUTLS_E_UNKNOWN_SRP_USERNAME -109
2004 #define GNUTLS_E_PREMATURE_TERMINATION -110
2005
2006 #define GNUTLS_E_BASE64_ENCODING_ERROR -201
2007 #define GNUTLS_E_INCOMPATIBLE_GCRYPT_LIBRARY -202 /* obsolete */
2008 #define GNUTLS_E_INCOMPATIBLE_CRYPTO_LIBRARY -202
2009 #define GNUTLS_E_INCOMPATIBLE_LIBTASN1_LIBRARY -203
2010
2011 #define GNUTLS_E_OPENPGP_KEYRING_ERROR -204
2012 #define GNUTLS_E_X509_UNSUPPORTED_OID -205
2013
2014 #define GNUTLS_E_RANDOM_FAILED -206
2015 #define GNUTLS_E_BASE64_UNEXPECTED_HEADER_ERROR -207
2016
2017 #define GNUTLS_E_OPENPGP_SUBKEY_ERROR -208
2018
2019 #define GNUTLS_E_CRYPTO_ALREADY_REGISTERED -209
2020
2021 #define GNUTLS_E_HANDSHAKE_TOO_LARGE -210
2022
2023 #define GNUTLS_E_CRYPTODEV_IOCTL_ERROR -211
2024 #define GNUTLS_E_CRYPTODEV_DEVICE_ERROR -212
2025
2026 #define GNUTLS_E_CHANNEL_BINDING_NOT_AVAILABLE -213
2027 #define GNUTLS_E_BAD_COOKIE -214
2028 #define GNUTLS_E_OPENPGP_PREFERRED_KEY_ERROR -215
2029 #define GNUTLS_E_INCOMPAT_DSA_KEY_WITH_TLS_PROTOCOL -216
2030
2031 #define GNUTLS_E_HEARTBEAT_PONG_RECEIVED -292
2032 #define GNUTLS_E_HEARTBEAT_PING_RECEIVED -293
2033
2034 /* PKCS11 related */
2035 #define GNUTLS_E_PKCS11_ERROR -300
2036 #define GNUTLS_E_PKCS11_LOAD_ERROR -301
2037 #define GNUTLS_E_PARSING_ERROR -302
2038 #define GNUTLS_E_PKCS11_PIN_ERROR -303
2039
2040 #define GNUTLS_E_PKCS11_SLOT_ERROR -305
2041 #define GNUTLS_E_LOCKING_ERROR -306
2042 #define GNUTLS_E_PKCS11_ATTRIBUTE_ERROR -307
2043 #define GNUTLS_E_PKCS11_DEVICE_ERROR -308
2044 #define GNUTLS_E_PKCS11_DATA_ERROR -309
2045 #define GNUTLS_E_PKCS11_UNSUPPORTED_FEATURE_ERROR -310
2046 #define GNUTLS_E_PKCS11_KEY_ERROR -311
2047 #define GNUTLS_E_PKCS11_PIN_EXPIRED -312
2048 #define GNUTLS_E_PKCS11_PIN_LOCKED -313
2049 #define GNUTLS_E_PKCS11_SESSION_ERROR -314
2050 #define GNUTLS_E_PKCS11_SIGNATURE_ERROR -315
2051 #define GNUTLS_E_PKCS11_TOKEN_ERROR -316
2052 #define GNUTLS_E_PKCS11_USER_ERROR -317
2053
2054 #define GNUTLS_E_CRYPTO_INIT_FAILED -318
2055 #define GNUTLS_E_TIMEDOUT -319
2056 #define GNUTLS_E_USER_ERROR -320
2057 #define GNUTLS_E_ECC_NO_SUPPORTED_CURVES -321
2058 #define GNUTLS_E_ECC_UNSUPPORTED_CURVE -322
2059 #define GNUTLS_E_PKCS11_REQUESTED_OBJECT_NOT_AVAILBLE -323
2060 #define GNUTLS_E_CERTIFICATE_LIST_UNSORTED -324
2061 #define GNUTLS_E_ILLEGAL_PARAMETER -325
2062 #define GNUTLS_E_NO_PRIORITIES_WERE_SET -326
2063 #define GNUTLS_E_X509_UNSUPPORTED_EXTENSION -327
2064 #define GNUTLS_E_SESSION_EOF -328
2065
2066 #define GNUTLS_E_TPM_ERROR -329
2067 #define GNUTLS_E_TPM_KEY_PASSWORD_ERROR -330
2068 #define GNUTLS_E_TPM_SRK_PASSWORD_ERROR -331
2069 #define GNUTLS_E_TPM_SESSION_ERROR -332
2070 #define GNUTLS_E_TPM_KEY_NOT_FOUND -333
2071 #define GNUTLS_E_TPM_UNINITIALIZED -334
2072
2073 #define GNUTLS_E_NO_CERTIFICATE_STATUS -340
2074 #define GNUTLS_E_OCSP_RESPONSE_ERROR -341
2075
2076 #define GNUTLS_E_UNIMPLEMENTED_FEATURE -1250
2077
2078
2079
2080 #define GNUTLS_E_APPLICATION_ERROR_MAX -65000
2081 #define GNUTLS_E_APPLICATION_ERROR_MIN -65500
2082
2083 #ifdef __cplusplus
2084 }
2085 #endif
2086
2087 #include <gnutls/compat.h>
2088
2089 #endif /* GNUTLS_H */
Implementation of the SSL/TLS protocol