2 * Copyright (C) 2000-2012 Free Software Foundation, Inc.
4 * Author: Nikos Mavrogiannopoulos
6 * This file is part of GnuTLS.
8 * The GnuTLS is free software; you can redistribute it and/or
9 * modify it under the terms of the GNU Lesser General Public License
10 * as published by the Free Software Foundation; either version 2.1 of
11 * the License, or (at your option) any later version.
13 * This library is distributed in the hope that it will be useful, but
14 * WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16 * Lesser General Public License for more details.
18 * You should have received a copy of the GNU Lesser General Public License
19 * along with this program. If not, see <http://www.gnu.org/licenses/>
23 /* This file contains the types and prototypes for all the
24 * high level functionality of the gnutls main library.
26 * If the optional C++ binding was built, it is available in
29 * The openssl compatibility layer (which is under the GNU GPL
30 * license) is in gnutls/openssl.h.
32 * The low level cipher functionality is in gnutls/crypto.h.
57 #define GNUTLS_VERSION "@VERSION@"
59 #define GNUTLS_VERSION_MAJOR @MAJOR_VERSION@
60 #define GNUTLS_VERSION_MINOR @MINOR_VERSION@
61 #define GNUTLS_VERSION_PATCH @PATCH_VERSION@
63 #define GNUTLS_VERSION_NUMBER @NUMBER_VERSION@
65 #define GNUTLS_CIPHER_RIJNDAEL_128_CBC GNUTLS_CIPHER_AES_128_CBC
66 #define GNUTLS_CIPHER_RIJNDAEL_256_CBC GNUTLS_CIPHER_AES_256_CBC
67 #define GNUTLS_CIPHER_RIJNDAEL_CBC GNUTLS_CIPHER_AES_128_CBC
68 #define GNUTLS_CIPHER_ARCFOUR GNUTLS_CIPHER_ARCFOUR_128
70 #if !defined(GNUTLS_INTERNAL_BUILD) && defined(_WIN32)
71 # define _SYM_EXPORT __declspec(dllimport)
77 * gnutls_cipher_algorithm_t:
78 * @GNUTLS_CIPHER_UNKNOWN: Unknown algorithm.
79 * @GNUTLS_CIPHER_NULL: NULL algorithm.
80 * @GNUTLS_CIPHER_ARCFOUR_128: ARCFOUR stream cipher with 128-bit keys.
81 * @GNUTLS_CIPHER_3DES_CBC: 3DES in CBC mode.
82 * @GNUTLS_CIPHER_AES_128_CBC: AES in CBC mode with 128-bit keys.
83 * @GNUTLS_CIPHER_AES_192_CBC: AES in CBC mode with 192-bit keys.
84 * @GNUTLS_CIPHER_AES_256_CBC: AES in CBC mode with 256-bit keys.
85 * @GNUTLS_CIPHER_ARCFOUR_40: ARCFOUR stream cipher with 40-bit keys.
86 * @GNUTLS_CIPHER_CAMELLIA_128_CBC: Camellia in CBC mode with 128-bit keys.
87 * @GNUTLS_CIPHER_CAMELLIA_192_CBC: Camellia in CBC mode with 192-bit keys.
88 * @GNUTLS_CIPHER_CAMELLIA_256_CBC: Camellia in CBC mode with 256-bit keys.
89 * @GNUTLS_CIPHER_RC2_40_CBC: RC2 in CBC mode with 40-bit keys.
90 * @GNUTLS_CIPHER_DES_CBC: DES in CBC mode (56-bit keys).
91 * @GNUTLS_CIPHER_AES_128_GCM: AES in GCM mode with 128-bit keys.
92 * @GNUTLS_CIPHER_AES_256_GCM: AES in GCM mode with 256-bit keys.
93 * @GNUTLS_CIPHER_AES_128_CCM: AES in CCM mode with 128-bit keys.
94 * @GNUTLS_CIPHER_AES_256_CCM: AES in CCM mode with 256-bit keys.
95 * @GNUTLS_CIPHER_CAMELLIA_128_GCM: CAMELLIA in GCM mode with 128-bit keys.
96 * @GNUTLS_CIPHER_CAMELLIA_256_GCM: CAMELLIA in GCM mode with 256-bit keys.
97 * @GNUTLS_CIPHER_SALSA20_256: Salsa20 with 256-bit keys.
98 * @GNUTLS_CIPHER_ESTREAM_SALSA20_256: Estream's Salsa20 variant with 256-bit keys.
99 * @GNUTLS_CIPHER_IDEA_PGP_CFB: IDEA in CFB mode.
100 * @GNUTLS_CIPHER_3DES_PGP_CFB: 3DES in CFB mode.
101 * @GNUTLS_CIPHER_CAST5_PGP_CFB: CAST5 in CFB mode.
102 * @GNUTLS_CIPHER_BLOWFISH_PGP_CFB: Blowfish in CFB mode.
103 * @GNUTLS_CIPHER_SAFER_SK128_PGP_CFB: Safer-SK in CFB mode with 128-bit keys.
104 * @GNUTLS_CIPHER_AES128_PGP_CFB: AES in CFB mode with 128-bit keys.
105 * @GNUTLS_CIPHER_AES192_PGP_CFB: AES in CFB mode with 192-bit keys.
106 * @GNUTLS_CIPHER_AES256_PGP_CFB: AES in CFB mode with 256-bit keys.
107 * @GNUTLS_CIPHER_TWOFISH_PGP_CFB: Twofish in CFB mode.
109 * Enumeration of different symmetric encryption algorithms.
111 typedef enum gnutls_cipher_algorithm {
112 GNUTLS_CIPHER_UNKNOWN = 0,
113 GNUTLS_CIPHER_NULL = 1,
114 GNUTLS_CIPHER_ARCFOUR_128 = 2,
115 GNUTLS_CIPHER_3DES_CBC = 3,
116 GNUTLS_CIPHER_AES_128_CBC = 4,
117 GNUTLS_CIPHER_AES_256_CBC = 5,
118 GNUTLS_CIPHER_ARCFOUR_40 = 6,
119 GNUTLS_CIPHER_CAMELLIA_128_CBC = 7,
120 GNUTLS_CIPHER_CAMELLIA_256_CBC = 8,
121 GNUTLS_CIPHER_AES_192_CBC = 9,
122 GNUTLS_CIPHER_AES_128_GCM = 10,
123 GNUTLS_CIPHER_AES_256_GCM = 11,
124 GNUTLS_CIPHER_CAMELLIA_192_CBC = 12,
125 GNUTLS_CIPHER_SALSA20_256 = 13,
126 GNUTLS_CIPHER_ESTREAM_SALSA20_256 = 14,
127 GNUTLS_CIPHER_CAMELLIA_128_GCM = 15,
128 GNUTLS_CIPHER_CAMELLIA_256_GCM = 16,
129 GNUTLS_CIPHER_RC2_40_CBC = 17,
130 GNUTLS_CIPHER_DES_CBC = 18,
131 GNUTLS_CIPHER_AES_128_CCM = 19,
132 GNUTLS_CIPHER_AES_256_CCM = 20,
134 /* used only for PGP internals. Ignored in TLS/SSL
136 GNUTLS_CIPHER_IDEA_PGP_CFB = 200,
137 GNUTLS_CIPHER_3DES_PGP_CFB = 201,
138 GNUTLS_CIPHER_CAST5_PGP_CFB = 202,
139 GNUTLS_CIPHER_BLOWFISH_PGP_CFB = 203,
140 GNUTLS_CIPHER_SAFER_SK128_PGP_CFB = 204,
141 GNUTLS_CIPHER_AES128_PGP_CFB = 205,
142 GNUTLS_CIPHER_AES192_PGP_CFB = 206,
143 GNUTLS_CIPHER_AES256_PGP_CFB = 207,
144 GNUTLS_CIPHER_TWOFISH_PGP_CFB = 208
145 } gnutls_cipher_algorithm_t;
148 * gnutls_kx_algorithm_t:
149 * @GNUTLS_KX_UNKNOWN: Unknown key-exchange algorithm.
150 * @GNUTLS_KX_RSA: RSA key-exchange algorithm.
151 * @GNUTLS_KX_DHE_DSS: DHE-DSS key-exchange algorithm.
152 * @GNUTLS_KX_DHE_RSA: DHE-RSA key-exchange algorithm.
153 * @GNUTLS_KX_ECDHE_RSA: ECDHE-RSA key-exchange algorithm.
154 * @GNUTLS_KX_ECDHE_ECDSA: ECDHE-ECDSA key-exchange algorithm.
155 * @GNUTLS_KX_ANON_DH: Anon-DH key-exchange algorithm.
156 * @GNUTLS_KX_ANON_ECDH: Anon-ECDH key-exchange algorithm.
157 * @GNUTLS_KX_SRP: SRP key-exchange algorithm.
158 * @GNUTLS_KX_RSA_EXPORT: RSA-EXPORT key-exchange algorithm (defunc).
159 * @GNUTLS_KX_SRP_RSA: SRP-RSA key-exchange algorithm.
160 * @GNUTLS_KX_SRP_DSS: SRP-DSS key-exchange algorithm.
161 * @GNUTLS_KX_PSK: PSK key-exchange algorithm.
162 * @GNUTLS_KX_DHE_PSK: DHE-PSK key-exchange algorithm.
163 * @GNUTLS_KX_ECDHE_PSK: ECDHE-PSK key-exchange algorithm.
164 * @GNUTLS_KX_RSA_PSK: RSA-PSK key-exchange algorithm.
166 * Enumeration of different key exchange algorithms.
169 GNUTLS_KX_UNKNOWN = 0,
171 GNUTLS_KX_DHE_DSS = 2,
172 GNUTLS_KX_DHE_RSA = 3,
173 GNUTLS_KX_ANON_DH = 4,
175 GNUTLS_KX_RSA_EXPORT = 6,
176 GNUTLS_KX_SRP_RSA = 7,
177 GNUTLS_KX_SRP_DSS = 8,
179 GNUTLS_KX_DHE_PSK = 10,
180 GNUTLS_KX_ANON_ECDH = 11,
181 GNUTLS_KX_ECDHE_RSA = 12,
182 GNUTLS_KX_ECDHE_ECDSA = 13,
183 GNUTLS_KX_ECDHE_PSK = 14,
184 GNUTLS_KX_RSA_PSK = 15
185 } gnutls_kx_algorithm_t;
188 * gnutls_params_type_t:
189 * @GNUTLS_PARAMS_RSA_EXPORT: Session RSA-EXPORT parameters (defunc).
190 * @GNUTLS_PARAMS_DH: Session Diffie-Hellman parameters.
191 * @GNUTLS_PARAMS_ECDH: Session Elliptic-Curve Diffie-Hellman parameters.
193 * Enumeration of different TLS session parameter types.
196 GNUTLS_PARAMS_RSA_EXPORT = 1,
197 GNUTLS_PARAMS_DH = 2,
198 GNUTLS_PARAMS_ECDH = 3
199 } gnutls_params_type_t;
202 * gnutls_credentials_type_t:
203 * @GNUTLS_CRD_CERTIFICATE: Certificate credential.
204 * @GNUTLS_CRD_ANON: Anonymous credential.
205 * @GNUTLS_CRD_SRP: SRP credential.
206 * @GNUTLS_CRD_PSK: PSK credential.
207 * @GNUTLS_CRD_IA: IA credential.
209 * Enumeration of different credential types.
212 GNUTLS_CRD_CERTIFICATE = 1,
217 } gnutls_credentials_type_t;
219 #define GNUTLS_MAC_SHA GNUTLS_MAC_SHA1
220 #define GNUTLS_DIG_SHA GNUTLS_DIG_SHA1
223 * gnutls_mac_algorithm_t:
224 * @GNUTLS_MAC_UNKNOWN: Unknown MAC algorithm.
225 * @GNUTLS_MAC_NULL: NULL MAC algorithm (empty output).
226 * @GNUTLS_MAC_MD5: HMAC-MD5 algorithm.
227 * @GNUTLS_MAC_SHA1: HMAC-SHA-1 algorithm.
228 * @GNUTLS_MAC_RMD160: HMAC-RMD160 algorithm.
229 * @GNUTLS_MAC_MD2: HMAC-MD2 algorithm.
230 * @GNUTLS_MAC_SHA256: HMAC-SHA-256 algorithm.
231 * @GNUTLS_MAC_SHA384: HMAC-SHA-384 algorithm.
232 * @GNUTLS_MAC_SHA512: HMAC-SHA-512 algorithm.
233 * @GNUTLS_MAC_SHA224: HMAC-SHA-224 algorithm.
234 * @GNUTLS_MAC_AEAD: MAC implicit through AEAD cipher.
235 * @GNUTLS_MAC_UMAC_96: The UMAC-96 MAC algorithm.
236 * @GNUTLS_MAC_UMAC_128: The UMAC-128 MAC algorithm.
238 * Enumeration of different Message Authentication Code (MAC)
242 GNUTLS_MAC_UNKNOWN = 0,
246 GNUTLS_MAC_RMD160 = 4,
248 GNUTLS_MAC_SHA256 = 6,
249 GNUTLS_MAC_SHA384 = 7,
250 GNUTLS_MAC_SHA512 = 8,
251 GNUTLS_MAC_SHA224 = 9,
252 /* If you add anything here, make sure you align with
253 gnutls_digest_algorithm_t. */
254 GNUTLS_MAC_AEAD = 200, /* indicates that MAC is on the cipher */
255 GNUTLS_MAC_UMAC_96 = 201,
256 GNUTLS_MAC_UMAC_128 = 202
257 } gnutls_mac_algorithm_t;
260 * gnutls_digest_algorithm_t:
261 * @GNUTLS_DIG_UNKNOWN: Unknown hash algorithm.
262 * @GNUTLS_DIG_NULL: NULL hash algorithm (empty output).
263 * @GNUTLS_DIG_MD5: MD5 algorithm.
264 * @GNUTLS_DIG_SHA1: SHA-1 algorithm.
265 * @GNUTLS_DIG_RMD160: RMD160 algorithm.
266 * @GNUTLS_DIG_MD2: MD2 algorithm.
267 * @GNUTLS_DIG_SHA256: SHA-256 algorithm.
268 * @GNUTLS_DIG_SHA384: SHA-384 algorithm.
269 * @GNUTLS_DIG_SHA512: SHA-512 algorithm.
270 * @GNUTLS_DIG_SHA224: SHA-224 algorithm.
272 * Enumeration of different digest (hash) algorithms.
275 GNUTLS_DIG_UNKNOWN = GNUTLS_MAC_UNKNOWN,
276 GNUTLS_DIG_NULL = GNUTLS_MAC_NULL,
277 GNUTLS_DIG_MD5 = GNUTLS_MAC_MD5,
278 GNUTLS_DIG_SHA1 = GNUTLS_MAC_SHA1,
279 GNUTLS_DIG_RMD160 = GNUTLS_MAC_RMD160,
280 GNUTLS_DIG_MD2 = GNUTLS_MAC_MD2,
281 GNUTLS_DIG_SHA256 = GNUTLS_MAC_SHA256,
282 GNUTLS_DIG_SHA384 = GNUTLS_MAC_SHA384,
283 GNUTLS_DIG_SHA512 = GNUTLS_MAC_SHA512,
284 GNUTLS_DIG_SHA224 = GNUTLS_MAC_SHA224
285 /* If you add anything here, make sure you align with
286 gnutls_mac_algorithm_t. */
287 } gnutls_digest_algorithm_t;
289 /* exported for other gnutls headers. This is the maximum number of
290 * algorithms (ciphers, kx or macs).
292 #define GNUTLS_MAX_ALGORITHM_NUM 32
293 #define GNUTLS_MAX_SESSION_ID_SIZE 32
297 * gnutls_compression_method_t:
298 * @GNUTLS_COMP_UNKNOWN: Unknown compression method.
299 * @GNUTLS_COMP_NULL: The NULL compression method (no compression).
300 * @GNUTLS_COMP_DEFLATE: The DEFLATE compression method from zlib.
301 * @GNUTLS_COMP_ZLIB: Same as %GNUTLS_COMP_DEFLATE.
303 * Enumeration of different TLS compression methods.
306 GNUTLS_COMP_UNKNOWN = 0,
307 GNUTLS_COMP_NULL = 1,
308 GNUTLS_COMP_DEFLATE = 2,
309 GNUTLS_COMP_ZLIB = GNUTLS_COMP_DEFLATE
310 } gnutls_compression_method_t;
313 * Flags for gnutls_init()
315 * @GNUTLS_SERVER: Connection end is a server.
316 * @GNUTLS_CLIENT: Connection end is a client.
317 * @GNUTLS_DATAGRAM: Connection is datagram oriented (DTLS).
318 * @GNUTLS_NONBLOCK: Connection should not block (DTLS).
319 * @GNUTLS_NO_EXTENSIONS: Do not enable any TLS extensions by default.
320 * @GNUTLS_NO_REPLAY_PROTECTION: Disable any replay protection in DTLS.
323 #define GNUTLS_SERVER 1
324 #define GNUTLS_CLIENT (1<<1)
325 #define GNUTLS_DATAGRAM (1<<2)
326 #define GNUTLS_NONBLOCK (1<<3)
327 #define GNUTLS_NO_EXTENSIONS (1<<4)
328 #define GNUTLS_NO_REPLAY_PROTECTION (1<<5)
331 * gnutls_alert_level_t:
332 * @GNUTLS_AL_WARNING: Alert of warning severity.
333 * @GNUTLS_AL_FATAL: Alert of fatal severity.
335 * Enumeration of different TLS alert severities.
338 GNUTLS_AL_WARNING = 1,
340 } gnutls_alert_level_t;
343 * gnutls_alert_description_t:
344 * @GNUTLS_A_CLOSE_NOTIFY: Close notify.
345 * @GNUTLS_A_UNEXPECTED_MESSAGE: Unexpected message.
346 * @GNUTLS_A_BAD_RECORD_MAC: Bad record MAC.
347 * @GNUTLS_A_DECRYPTION_FAILED: Decryption failed.
348 * @GNUTLS_A_RECORD_OVERFLOW: Record overflow.
349 * @GNUTLS_A_DECOMPRESSION_FAILURE: Decompression failed.
350 * @GNUTLS_A_HANDSHAKE_FAILURE: Handshake failed.
351 * @GNUTLS_A_SSL3_NO_CERTIFICATE: No certificate.
352 * @GNUTLS_A_BAD_CERTIFICATE: Certificate is bad.
353 * @GNUTLS_A_UNSUPPORTED_CERTIFICATE: Certificate is not supported.
354 * @GNUTLS_A_CERTIFICATE_REVOKED: Certificate was revoked.
355 * @GNUTLS_A_CERTIFICATE_EXPIRED: Certificate is expired.
356 * @GNUTLS_A_CERTIFICATE_UNKNOWN: Unknown certificate.
357 * @GNUTLS_A_ILLEGAL_PARAMETER: Illegal parameter.
358 * @GNUTLS_A_UNKNOWN_CA: CA is unknown.
359 * @GNUTLS_A_ACCESS_DENIED: Access was denied.
360 * @GNUTLS_A_DECODE_ERROR: Decode error.
361 * @GNUTLS_A_DECRYPT_ERROR: Decrypt error.
362 * @GNUTLS_A_EXPORT_RESTRICTION: Export restriction.
363 * @GNUTLS_A_PROTOCOL_VERSION: Error in protocol version.
364 * @GNUTLS_A_INSUFFICIENT_SECURITY: Insufficient security.
365 * @GNUTLS_A_USER_CANCELED: User canceled.
366 * @GNUTLS_A_INTERNAL_ERROR: Internal error.
367 * @GNUTLS_A_NO_RENEGOTIATION: No renegotiation is allowed.
368 * @GNUTLS_A_CERTIFICATE_UNOBTAINABLE: Could not retrieve the
369 * specified certificate.
370 * @GNUTLS_A_UNSUPPORTED_EXTENSION: An unsupported extension was
372 * @GNUTLS_A_UNRECOGNIZED_NAME: The server name sent was not
374 * @GNUTLS_A_UNKNOWN_PSK_IDENTITY: The SRP/PSK username is missing
376 * @GNUTLS_A_NO_APPLICATION_PROTOCOL: The ALPN protocol requested is
377 * not supported by the peer.
379 * Enumeration of different TLS alerts.
382 GNUTLS_A_CLOSE_NOTIFY,
383 GNUTLS_A_UNEXPECTED_MESSAGE = 10,
384 GNUTLS_A_BAD_RECORD_MAC = 20,
385 GNUTLS_A_DECRYPTION_FAILED,
386 GNUTLS_A_RECORD_OVERFLOW,
387 GNUTLS_A_DECOMPRESSION_FAILURE = 30,
388 GNUTLS_A_HANDSHAKE_FAILURE = 40,
389 GNUTLS_A_SSL3_NO_CERTIFICATE = 41,
390 GNUTLS_A_BAD_CERTIFICATE = 42,
391 GNUTLS_A_UNSUPPORTED_CERTIFICATE,
392 GNUTLS_A_CERTIFICATE_REVOKED,
393 GNUTLS_A_CERTIFICATE_EXPIRED,
394 GNUTLS_A_CERTIFICATE_UNKNOWN,
395 GNUTLS_A_ILLEGAL_PARAMETER,
397 GNUTLS_A_ACCESS_DENIED,
398 GNUTLS_A_DECODE_ERROR = 50,
399 GNUTLS_A_DECRYPT_ERROR,
400 GNUTLS_A_EXPORT_RESTRICTION = 60,
401 GNUTLS_A_PROTOCOL_VERSION = 70,
402 GNUTLS_A_INSUFFICIENT_SECURITY,
403 GNUTLS_A_INTERNAL_ERROR = 80,
404 GNUTLS_A_USER_CANCELED = 90,
405 GNUTLS_A_NO_RENEGOTIATION = 100,
406 GNUTLS_A_UNSUPPORTED_EXTENSION = 110,
407 GNUTLS_A_CERTIFICATE_UNOBTAINABLE = 111,
408 GNUTLS_A_UNRECOGNIZED_NAME = 112,
409 GNUTLS_A_UNKNOWN_PSK_IDENTITY = 115,
410 GNUTLS_A_NO_APPLICATION_PROTOCOL = 120
411 } gnutls_alert_description_t;
414 * gnutls_handshake_description_t:
415 * @GNUTLS_HANDSHAKE_HELLO_REQUEST: Hello request.
416 * @GNUTLS_HANDSHAKE_HELLO_VERIFY_REQUEST: DTLS Hello verify request.
417 * @GNUTLS_HANDSHAKE_CLIENT_HELLO: Client hello.
418 * @GNUTLS_HANDSHAKE_SERVER_HELLO: Server hello.
419 * @GNUTLS_HANDSHAKE_NEW_SESSION_TICKET: New session ticket.
420 * @GNUTLS_HANDSHAKE_CERTIFICATE_PKT: Certificate packet.
421 * @GNUTLS_HANDSHAKE_SERVER_KEY_EXCHANGE: Server key exchange.
422 * @GNUTLS_HANDSHAKE_CERTIFICATE_REQUEST: Certificate request.
423 * @GNUTLS_HANDSHAKE_SERVER_HELLO_DONE: Server hello done.
424 * @GNUTLS_HANDSHAKE_CERTIFICATE_VERIFY: Certificate verify.
425 * @GNUTLS_HANDSHAKE_CLIENT_KEY_EXCHANGE: Client key exchange.
426 * @GNUTLS_HANDSHAKE_FINISHED: Finished.
427 * @GNUTLS_HANDSHAKE_CERTIFICATE_STATUS: Certificate status (OCSP).
428 * @GNUTLS_HANDSHAKE_SUPPLEMENTAL: Supplemental.
429 * @GNUTLS_HANDSHAKE_CHANGE_CIPHER_SPEC: Change Cipher Spec.
430 * @GNUTLS_HANDSHAKE_CLIENT_HELLO_V2: SSLv2 Client Hello.
432 * Enumeration of different TLS handshake packets.
435 GNUTLS_HANDSHAKE_HELLO_REQUEST = 0,
436 GNUTLS_HANDSHAKE_CLIENT_HELLO = 1,
437 GNUTLS_HANDSHAKE_SERVER_HELLO = 2,
438 GNUTLS_HANDSHAKE_HELLO_VERIFY_REQUEST = 3,
439 GNUTLS_HANDSHAKE_NEW_SESSION_TICKET = 4,
440 GNUTLS_HANDSHAKE_CERTIFICATE_PKT = 11,
441 GNUTLS_HANDSHAKE_SERVER_KEY_EXCHANGE = 12,
442 GNUTLS_HANDSHAKE_CERTIFICATE_REQUEST = 13,
443 GNUTLS_HANDSHAKE_SERVER_HELLO_DONE = 14,
444 GNUTLS_HANDSHAKE_CERTIFICATE_VERIFY = 15,
445 GNUTLS_HANDSHAKE_CLIENT_KEY_EXCHANGE = 16,
446 GNUTLS_HANDSHAKE_FINISHED = 20,
447 GNUTLS_HANDSHAKE_CERTIFICATE_STATUS = 22,
448 GNUTLS_HANDSHAKE_SUPPLEMENTAL = 23,
449 GNUTLS_HANDSHAKE_CHANGE_CIPHER_SPEC = 254,
450 GNUTLS_HANDSHAKE_CLIENT_HELLO_V2 = 1024
451 } gnutls_handshake_description_t;
453 #define GNUTLS_HANDSHAKE_ANY ((unsigned int)-1)
456 *gnutls_handshake_description_get_name(gnutls_handshake_description_t
460 * gnutls_certificate_status_t:
461 * @GNUTLS_CERT_INVALID: The certificate is not signed by one of the
462 * known authorities or the signature is invalid (deprecated by the flags
463 * %GNUTLS_CERT_SIGNATURE_FAILURE and %GNUTLS_CERT_SIGNER_NOT_FOUND).
464 * @GNUTLS_CERT_SIGNATURE_FAILURE: The signature verification failed.
465 * @GNUTLS_CERT_REVOKED: Certificate is revoked by its authority. In X.509 this will be
466 * set only if CRLs are checked.
467 * @GNUTLS_CERT_SIGNER_NOT_FOUND: The certificate's issuer is not known.
468 * This is the case if the issuer is not included in the trusted certificate list.
469 * @GNUTLS_CERT_SIGNER_NOT_CA: The certificate's signer was not a CA. This
470 * may happen if this was a version 1 certificate, which is common with
471 * some CAs, or a version 3 certificate without the basic constrains extension.
472 * @GNUTLS_CERT_SIGNER_CONSTRAINTS_FAILURE: The certificate's signer constraints were
474 * @GNUTLS_CERT_INSECURE_ALGORITHM: The certificate was signed using an insecure
475 * algorithm such as MD2 or MD5. These algorithms have been broken and
476 * should not be trusted.
477 * @GNUTLS_CERT_NOT_ACTIVATED: The certificate is not yet activated.
478 * @GNUTLS_CERT_EXPIRED: The certificate has expired.
479 * @GNUTLS_CERT_REVOCATION_DATA_SUPERSEDED: The revocation data are old and have been superseded.
480 * @GNUTLS_CERT_REVOCATION_DATA_ISSUED_IN_FUTURE: The revocation data have a future issue date.
481 * @GNUTLS_CERT_UNEXPECTED_OWNER: The owner is not the expected one.
482 * @GNUTLS_CERT_MISMATCH: The certificate presented isn't the expected one (TOFU)
483 * @GNUTLS_CERT_PURPOSE_MISMATCH: The certificate or an intermediate does not match the intended purpose (extended key usage).
485 * Enumeration of certificate status codes. Note that the status
486 * bits may have different meanings in OpenPGP keys and X.509
487 * certificate verification.
490 GNUTLS_CERT_INVALID = 1 << 1,
491 GNUTLS_CERT_REVOKED = 1 << 5,
492 GNUTLS_CERT_SIGNER_NOT_FOUND = 1 << 6,
493 GNUTLS_CERT_SIGNER_NOT_CA = 1 << 7,
494 GNUTLS_CERT_INSECURE_ALGORITHM = 1 << 8,
495 GNUTLS_CERT_NOT_ACTIVATED = 1 << 9,
496 GNUTLS_CERT_EXPIRED = 1 << 10,
497 GNUTLS_CERT_SIGNATURE_FAILURE = 1 << 11,
498 GNUTLS_CERT_REVOCATION_DATA_SUPERSEDED = 1 << 12,
499 GNUTLS_CERT_UNEXPECTED_OWNER = 1 << 14,
500 GNUTLS_CERT_REVOCATION_DATA_ISSUED_IN_FUTURE = 1 << 15,
501 GNUTLS_CERT_SIGNER_CONSTRAINTS_FAILURE = 1 << 16,
502 GNUTLS_CERT_MISMATCH = 1 << 17,
503 GNUTLS_CERT_PURPOSE_MISMATCH = 1 << 18
504 } gnutls_certificate_status_t;
507 * gnutls_certificate_request_t:
508 * @GNUTLS_CERT_IGNORE: Ignore certificate.
509 * @GNUTLS_CERT_REQUEST: Request certificate.
510 * @GNUTLS_CERT_REQUIRE: Require certificate.
512 * Enumeration of certificate request types.
515 GNUTLS_CERT_IGNORE = 0,
516 GNUTLS_CERT_REQUEST = 1,
517 GNUTLS_CERT_REQUIRE = 2
518 } gnutls_certificate_request_t;
521 * gnutls_openpgp_crt_status_t:
522 * @GNUTLS_OPENPGP_CERT: Send entire certificate.
523 * @GNUTLS_OPENPGP_CERT_FINGERPRINT: Send only certificate fingerprint.
525 * Enumeration of ways to send OpenPGP certificate.
528 GNUTLS_OPENPGP_CERT = 0,
529 GNUTLS_OPENPGP_CERT_FINGERPRINT = 1
530 } gnutls_openpgp_crt_status_t;
533 * gnutls_close_request_t:
534 * @GNUTLS_SHUT_RDWR: Disallow further receives/sends.
535 * @GNUTLS_SHUT_WR: Disallow further sends.
537 * Enumeration of how TLS session should be terminated. See gnutls_bye().
540 GNUTLS_SHUT_RDWR = 0,
542 } gnutls_close_request_t;
546 * @GNUTLS_SSL3: SSL version 3.0.
547 * @GNUTLS_TLS1_0: TLS version 1.0.
548 * @GNUTLS_TLS1: Same as %GNUTLS_TLS1_0.
549 * @GNUTLS_TLS1_1: TLS version 1.1.
550 * @GNUTLS_TLS1_2: TLS version 1.2.
551 * @GNUTLS_DTLS1_0: DTLS version 1.0.
552 * @GNUTLS_DTLS1_2: DTLS version 1.2.
553 * @GNUTLS_DTLS0_9: DTLS version 0.9 (Cisco AnyConnect / OpenSSL 0.9.8e).
554 * @GNUTLS_VERSION_MAX: Maps to the highest supported TLS version.
555 * @GNUTLS_VERSION_UNKNOWN: Unknown SSL/TLS version.
557 * Enumeration of different SSL/TLS protocol versions.
562 GNUTLS_TLS1 = GNUTLS_TLS1_0,
566 GNUTLS_DTLS0_9 = 200,
567 GNUTLS_DTLS1_0 = 201, /* 201 */
568 GNUTLS_DTLS1_2 = 202,
569 GNUTLS_DTLS_VERSION_MIN = GNUTLS_DTLS1_0,
570 GNUTLS_DTLS_VERSION_MAX = GNUTLS_DTLS1_2,
571 GNUTLS_TLS_VERSION_MAX = GNUTLS_TLS1_2,
572 GNUTLS_VERSION_UNKNOWN = 0xff /* change it to 0xffff */
576 * gnutls_certificate_type_t:
577 * @GNUTLS_CRT_UNKNOWN: Unknown certificate type.
578 * @GNUTLS_CRT_X509: X.509 Certificate.
579 * @GNUTLS_CRT_OPENPGP: OpenPGP certificate.
580 * @GNUTLS_CRT_RAW: Raw public key (SubjectPublicKey)
582 * Enumeration of different certificate types.
585 GNUTLS_CRT_UNKNOWN = 0,
587 GNUTLS_CRT_OPENPGP = 2,
589 } gnutls_certificate_type_t;
592 * gnutls_x509_crt_fmt_t:
593 * @GNUTLS_X509_FMT_DER: X.509 certificate in DER format (binary).
594 * @GNUTLS_X509_FMT_PEM: X.509 certificate in PEM format (text).
596 * Enumeration of different certificate encoding formats.
599 GNUTLS_X509_FMT_DER = 0,
600 GNUTLS_X509_FMT_PEM = 1
601 } gnutls_x509_crt_fmt_t;
604 * gnutls_certificate_print_formats_t:
605 * @GNUTLS_CRT_PRINT_FULL: Full information about certificate.
606 * @GNUTLS_CRT_PRINT_FULL_NUMBERS: Full information about certificate and include easy to parse public key parameters.
607 * @GNUTLS_CRT_PRINT_COMPACT: Information about certificate name in one line, plus identification of the public key.
608 * @GNUTLS_CRT_PRINT_ONELINE: Information about certificate in one line.
609 * @GNUTLS_CRT_PRINT_UNSIGNED_FULL: All info for an unsigned certificate.
611 * Enumeration of different certificate printing variants.
613 typedef enum gnutls_certificate_print_formats {
614 GNUTLS_CRT_PRINT_FULL = 0,
615 GNUTLS_CRT_PRINT_ONELINE = 1,
616 GNUTLS_CRT_PRINT_UNSIGNED_FULL = 2,
617 GNUTLS_CRT_PRINT_COMPACT = 3,
618 GNUTLS_CRT_PRINT_FULL_NUMBERS = 4
619 } gnutls_certificate_print_formats_t;
621 #define GNUTLS_PK_ECC GNUTLS_PK_EC
623 * gnutls_pk_algorithm_t:
624 * @GNUTLS_PK_UNKNOWN: Unknown public-key algorithm.
625 * @GNUTLS_PK_RSA: RSA public-key algorithm.
626 * @GNUTLS_PK_DSA: DSA public-key algorithm.
627 * @GNUTLS_PK_DH: Diffie-Hellman algorithm. Used to generate parameters.
628 * @GNUTLS_PK_EC: Elliptic curve algorithm. Used to generate parameters.
630 * Enumeration of different public-key algorithms.
633 GNUTLS_PK_UNKNOWN = 0,
638 } gnutls_pk_algorithm_t;
640 const char *gnutls_pk_algorithm_get_name(gnutls_pk_algorithm_t algorithm);
643 * gnutls_sign_algorithm_t:
644 * @GNUTLS_SIGN_UNKNOWN: Unknown signature algorithm.
645 * @GNUTLS_SIGN_RSA_SHA1: Digital signature algorithm RSA with SHA-1
646 * @GNUTLS_SIGN_RSA_SHA: Same as %GNUTLS_SIGN_RSA_SHA1.
647 * @GNUTLS_SIGN_DSA_SHA1: Digital signature algorithm DSA with SHA-1
648 * @GNUTLS_SIGN_DSA_SHA224: Digital signature algorithm DSA with SHA-224
649 * @GNUTLS_SIGN_DSA_SHA256: Digital signature algorithm DSA with SHA-256
650 * @GNUTLS_SIGN_DSA_SHA384: Digital signature algorithm DSA with SHA-384
651 * @GNUTLS_SIGN_DSA_SHA512: Digital signature algorithm DSA with SHA-512
652 * @GNUTLS_SIGN_DSA_SHA: Same as %GNUTLS_SIGN_DSA_SHA1.
653 * @GNUTLS_SIGN_RSA_MD5: Digital signature algorithm RSA with MD5.
654 * @GNUTLS_SIGN_RSA_MD2: Digital signature algorithm RSA with MD2.
655 * @GNUTLS_SIGN_RSA_RMD160: Digital signature algorithm RSA with RMD-160.
656 * @GNUTLS_SIGN_RSA_SHA256: Digital signature algorithm RSA with SHA-256.
657 * @GNUTLS_SIGN_RSA_SHA384: Digital signature algorithm RSA with SHA-384.
658 * @GNUTLS_SIGN_RSA_SHA512: Digital signature algorithm RSA with SHA-512.
659 * @GNUTLS_SIGN_RSA_SHA224: Digital signature algorithm RSA with SHA-224.
660 * @GNUTLS_SIGN_ECDSA_SHA1: ECDSA with SHA1.
661 * @GNUTLS_SIGN_ECDSA_SHA256: Digital signature algorithm ECDSA with SHA-256.
662 * @GNUTLS_SIGN_ECDSA_SHA384: Digital signature algorithm ECDSA with SHA-384.
663 * @GNUTLS_SIGN_ECDSA_SHA512: Digital signature algorithm ECDSA with SHA-512.
664 * @GNUTLS_SIGN_ECDSA_SHA224: Digital signature algorithm ECDSA with SHA-224.
666 * Enumeration of different digital signature algorithms.
669 GNUTLS_SIGN_UNKNOWN = 0,
670 GNUTLS_SIGN_RSA_SHA1 = 1,
671 GNUTLS_SIGN_RSA_SHA = GNUTLS_SIGN_RSA_SHA1,
672 GNUTLS_SIGN_DSA_SHA1 = 2,
673 GNUTLS_SIGN_DSA_SHA = GNUTLS_SIGN_DSA_SHA1,
674 GNUTLS_SIGN_RSA_MD5 = 3,
675 GNUTLS_SIGN_RSA_MD2 = 4,
676 GNUTLS_SIGN_RSA_RMD160 = 5,
677 GNUTLS_SIGN_RSA_SHA256 = 6,
678 GNUTLS_SIGN_RSA_SHA384 = 7,
679 GNUTLS_SIGN_RSA_SHA512 = 8,
680 GNUTLS_SIGN_RSA_SHA224 = 9,
681 GNUTLS_SIGN_DSA_SHA224 = 10,
682 GNUTLS_SIGN_DSA_SHA256 = 11,
683 GNUTLS_SIGN_ECDSA_SHA1 = 12,
684 GNUTLS_SIGN_ECDSA_SHA224 = 13,
685 GNUTLS_SIGN_ECDSA_SHA256 = 14,
686 GNUTLS_SIGN_ECDSA_SHA384 = 15,
687 GNUTLS_SIGN_ECDSA_SHA512 = 16,
688 GNUTLS_SIGN_DSA_SHA384 = 17,
689 GNUTLS_SIGN_DSA_SHA512 = 18
690 } gnutls_sign_algorithm_t;
693 * gnutls_ecc_curve_t:
694 * @GNUTLS_ECC_CURVE_INVALID: Cannot be known
695 * @GNUTLS_ECC_CURVE_SECP192R1: the SECP192R1 curve
696 * @GNUTLS_ECC_CURVE_SECP224R1: the SECP224R1 curve
697 * @GNUTLS_ECC_CURVE_SECP256R1: the SECP256R1 curve
698 * @GNUTLS_ECC_CURVE_SECP384R1: the SECP384R1 curve
699 * @GNUTLS_ECC_CURVE_SECP521R1: the SECP521R1 curve
701 * Enumeration of ECC curves.
704 GNUTLS_ECC_CURVE_INVALID = 0,
705 GNUTLS_ECC_CURVE_SECP224R1,
706 GNUTLS_ECC_CURVE_SECP256R1,
707 GNUTLS_ECC_CURVE_SECP384R1,
708 GNUTLS_ECC_CURVE_SECP521R1,
709 GNUTLS_ECC_CURVE_SECP192R1
710 } gnutls_ecc_curve_t;
712 /* macros to allow specifying a specific curve in gnutls_privkey_generate()
713 * and gnutls_x509_privkey_generate() */
714 #define GNUTLS_CURVE_TO_BITS(curve) (unsigned int)((1<<31)|(curve))
715 #define GNUTLS_BITS_TO_CURVE(bits) ((bits) & 0x7FFFFFFF)
716 #define GNUTLS_BITS_ARE_CURVE(bits) ((bits) & 0x80000000)
719 * gnutls_sec_param_t:
720 * @GNUTLS_SEC_PARAM_UNKNOWN: Cannot be known
721 * @GNUTLS_SEC_PARAM_INSECURE: Less than 42 bits of security
722 * @GNUTLS_SEC_PARAM_EXPORT: 42 bits of security
723 * @GNUTLS_SEC_PARAM_VERY_WEAK: 64 bits of security
724 * @GNUTLS_SEC_PARAM_WEAK: 72 bits of security
725 * @GNUTLS_SEC_PARAM_LOW: 80 bits of security
726 * @GNUTLS_SEC_PARAM_LEGACY: 96 bits of security
727 * @GNUTLS_SEC_PARAM_MEDIUM: 112 bits of security (used to be %GNUTLS_SEC_PARAM_NORMAL)
728 * @GNUTLS_SEC_PARAM_HIGH: 128 bits of security
729 * @GNUTLS_SEC_PARAM_ULTRA: 192 bits of security
731 * Enumeration of security parameters for passive attacks.
734 GNUTLS_SEC_PARAM_UNKNOWN = 0,
735 GNUTLS_SEC_PARAM_INSECURE = 5,
736 GNUTLS_SEC_PARAM_EXPORT = 10,
737 GNUTLS_SEC_PARAM_VERY_WEAK = 15,
738 GNUTLS_SEC_PARAM_WEAK = 20,
739 GNUTLS_SEC_PARAM_LOW = 25,
740 GNUTLS_SEC_PARAM_LEGACY = 30,
741 GNUTLS_SEC_PARAM_MEDIUM = 35,
742 GNUTLS_SEC_PARAM_HIGH = 40,
743 GNUTLS_SEC_PARAM_ULTRA = 45
744 } gnutls_sec_param_t;
747 #define GNUTLS_SEC_PARAM_NORMAL GNUTLS_SEC_PARAM_MEDIUM
750 * gnutls_channel_binding_t:
751 * @GNUTLS_CB_TLS_UNIQUE: "tls-unique" (RFC 5929) channel binding
753 * Enumeration of support channel binding types.
757 } gnutls_channel_binding_t;
760 /* If you want to change this, then also change the define in
761 * gnutls_int.h, and recompile.
763 typedef void *gnutls_transport_ptr_t;
765 struct gnutls_session_int;
766 typedef struct gnutls_session_int *gnutls_session_t;
768 struct gnutls_dh_params_int;
769 typedef struct gnutls_dh_params_int *gnutls_dh_params_t;
772 struct gnutls_x509_privkey_int;
773 typedef struct gnutls_x509_privkey_int *gnutls_rsa_params_t;
775 struct gnutls_priority_st;
776 typedef struct gnutls_priority_st *gnutls_priority_t;
784 typedef struct gnutls_params_st {
785 gnutls_params_type_t type;
787 gnutls_dh_params_t dh;
788 gnutls_rsa_params_t rsa_export;
793 typedef int gnutls_params_function(gnutls_session_t, gnutls_params_type_t,
796 /* internal functions */
798 int gnutls_init(gnutls_session_t * session, unsigned int flags);
799 void gnutls_deinit(gnutls_session_t session);
800 #define _gnutls_deinit(x) gnutls_deinit(x)
802 int gnutls_bye(gnutls_session_t session, gnutls_close_request_t how);
804 int gnutls_handshake(gnutls_session_t session);
806 #define GNUTLS_DEFAULT_HANDSHAKE_TIMEOUT ((unsigned int)-1)
807 void gnutls_handshake_set_timeout(gnutls_session_t session,
809 int gnutls_rehandshake(gnutls_session_t session);
811 gnutls_alert_description_t gnutls_alert_get(gnutls_session_t session);
812 int gnutls_alert_send(gnutls_session_t session,
813 gnutls_alert_level_t level,
814 gnutls_alert_description_t desc);
815 int gnutls_alert_send_appropriate(gnutls_session_t session, int err);
816 const char *gnutls_alert_get_name(gnutls_alert_description_t alert);
817 const char *gnutls_alert_get_strname(gnutls_alert_description_t alert);
819 gnutls_sec_param_t gnutls_pk_bits_to_sec_param(gnutls_pk_algorithm_t algo,
821 const char *gnutls_sec_param_get_name(gnutls_sec_param_t param);
822 unsigned int gnutls_sec_param_to_pk_bits(gnutls_pk_algorithm_t algo,
823 gnutls_sec_param_t param);
825 gnutls_sec_param_to_symmetric_bits(gnutls_sec_param_t param);
827 /* Elliptic curves */
828 const char *gnutls_ecc_curve_get_name(gnutls_ecc_curve_t curve);
829 int gnutls_ecc_curve_get_size(gnutls_ecc_curve_t curve);
830 gnutls_ecc_curve_t gnutls_ecc_curve_get(gnutls_session_t session);
832 /* get information on the current session */
833 gnutls_cipher_algorithm_t gnutls_cipher_get(gnutls_session_t session);
834 gnutls_kx_algorithm_t gnutls_kx_get(gnutls_session_t session);
835 gnutls_mac_algorithm_t gnutls_mac_get(gnutls_session_t session);
836 gnutls_compression_method_t
837 gnutls_compression_get(gnutls_session_t session);
838 gnutls_certificate_type_t
839 gnutls_certificate_type_get(gnutls_session_t session);
841 int gnutls_sign_algorithm_get(gnutls_session_t session);
842 int gnutls_sign_algorithm_get_client(gnutls_session_t session);
844 int gnutls_sign_algorithm_get_requested(gnutls_session_t session,
846 gnutls_sign_algorithm_t * algo);
848 /* the name of the specified algorithms */
849 const char *gnutls_cipher_get_name(gnutls_cipher_algorithm_t algorithm);
850 const char *gnutls_mac_get_name(gnutls_mac_algorithm_t algorithm);
851 const char *gnutls_digest_get_name(gnutls_digest_algorithm_t algorithm);
852 const char *gnutls_compression_get_name(gnutls_compression_method_t
854 const char *gnutls_kx_get_name(gnutls_kx_algorithm_t algorithm);
855 const char *gnutls_certificate_type_get_name(gnutls_certificate_type_t
857 const char *gnutls_pk_get_name(gnutls_pk_algorithm_t algorithm);
858 const char *gnutls_sign_get_name(gnutls_sign_algorithm_t algorithm);
860 size_t gnutls_cipher_get_key_size(gnutls_cipher_algorithm_t algorithm);
861 size_t gnutls_mac_get_key_size(gnutls_mac_algorithm_t algorithm);
863 int gnutls_sign_is_secure(gnutls_sign_algorithm_t algorithm);
864 gnutls_digest_algorithm_t
865 gnutls_sign_get_hash_algorithm(gnutls_sign_algorithm_t sign);
866 gnutls_pk_algorithm_t
867 gnutls_sign_get_pk_algorithm(gnutls_sign_algorithm_t sign);
868 gnutls_sign_algorithm_t
869 gnutls_pk_to_sign(gnutls_pk_algorithm_t pk,
870 gnutls_digest_algorithm_t hash);
872 #define gnutls_sign_algorithm_get_name gnutls_sign_get_name
874 gnutls_mac_algorithm_t gnutls_mac_get_id(const char *name);
875 gnutls_digest_algorithm_t gnutls_digest_get_id(const char *name);
876 gnutls_compression_method_t gnutls_compression_get_id(const char *name);
877 gnutls_cipher_algorithm_t gnutls_cipher_get_id(const char *name);
878 gnutls_kx_algorithm_t gnutls_kx_get_id(const char *name);
879 gnutls_protocol_t gnutls_protocol_get_id(const char *name);
880 gnutls_certificate_type_t gnutls_certificate_type_get_id(const char *name);
881 gnutls_pk_algorithm_t gnutls_pk_get_id(const char *name);
882 gnutls_sign_algorithm_t gnutls_sign_get_id(const char *name);
884 /* list supported algorithms */
885 const gnutls_ecc_curve_t *gnutls_ecc_curve_list(void);
886 const gnutls_cipher_algorithm_t *gnutls_cipher_list(void);
887 const gnutls_mac_algorithm_t *gnutls_mac_list(void);
888 const gnutls_digest_algorithm_t *gnutls_digest_list(void);
889 const gnutls_compression_method_t *gnutls_compression_list(void);
890 const gnutls_protocol_t *gnutls_protocol_list(void);
891 const gnutls_certificate_type_t *gnutls_certificate_type_list(void);
892 const gnutls_kx_algorithm_t *gnutls_kx_list(void);
893 const gnutls_pk_algorithm_t *gnutls_pk_list(void);
894 const gnutls_sign_algorithm_t *gnutls_sign_list(void);
895 const char *gnutls_cipher_suite_info(size_t idx,
896 unsigned char *cs_id,
897 gnutls_kx_algorithm_t * kx,
898 gnutls_cipher_algorithm_t * cipher,
899 gnutls_mac_algorithm_t * mac,
900 gnutls_protocol_t * min_version);
902 /* error functions */
903 int gnutls_error_is_fatal(int error);
904 int gnutls_error_to_alert(int err, int *level);
906 void gnutls_perror(int error);
907 const char *gnutls_strerror(int error);
908 const char *gnutls_strerror_name(int error);
910 /* Semi-internal functions.
912 void gnutls_handshake_set_private_extensions(gnutls_session_t session,
914 int gnutls_handshake_set_random(gnutls_session_t session,
915 const gnutls_datum_t * random);
917 gnutls_handshake_description_t
918 gnutls_handshake_get_last_out(gnutls_session_t session);
919 gnutls_handshake_description_t
920 gnutls_handshake_get_last_in(gnutls_session_t session);
922 /* Record layer functions.
924 #define GNUTLS_HEARTBEAT_WAIT 1
925 int gnutls_heartbeat_ping(gnutls_session_t session, size_t data_size,
926 unsigned int max_tries, unsigned int flags);
927 int gnutls_heartbeat_pong(gnutls_session_t session, unsigned int flags);
929 void gnutls_record_set_timeout(gnutls_session_t session, unsigned int ms);
930 void gnutls_record_disable_padding(gnutls_session_t session);
932 void gnutls_record_cork(gnutls_session_t session);
933 #define GNUTLS_RECORD_WAIT 1
934 int gnutls_record_uncork(gnutls_session_t session, unsigned int flags);
935 size_t gnutls_record_discard_queued(gnutls_session_t session);
936 unsigned gnutls_record_is_async(gnutls_session_t session);
943 int gnutls_range_split(gnutls_session_t session,
944 const gnutls_range_st * orig,
945 gnutls_range_st * small_range,
946 gnutls_range_st * rem_range);
948 ssize_t gnutls_record_send(gnutls_session_t session, const void *data,
950 ssize_t gnutls_record_send_range(gnutls_session_t session,
951 const void *data, size_t data_size,
952 const gnutls_range_st * range);
953 ssize_t gnutls_record_recv(gnutls_session_t session, void *data,
956 typedef struct mbuffer_st *gnutls_packet_t;
959 gnutls_record_recv_packet(gnutls_session_t session,
960 gnutls_packet_t *packet);
962 void gnutls_packet_get(gnutls_packet_t packet, gnutls_datum_t *data, unsigned char *sequence);
963 void gnutls_packet_deinit(gnutls_packet_t packet);
965 #define gnutls_read gnutls_record_recv
966 #define gnutls_write gnutls_record_send
967 ssize_t gnutls_record_recv_seq(gnutls_session_t session, void *data,
968 size_t data_size, unsigned char *seq);
970 size_t gnutls_record_overhead_size(gnutls_session_t session);
972 size_t gnutls_est_record_overhead_size(gnutls_protocol_t version,
973 gnutls_cipher_algorithm_t cipher,
974 gnutls_mac_algorithm_t mac,
975 gnutls_compression_method_t comp,
978 void gnutls_session_enable_compatibility_mode(gnutls_session_t session);
979 void gnutls_record_set_max_empty_records(gnutls_session_t session,
980 const unsigned int i);
982 int gnutls_record_can_use_length_hiding(gnutls_session_t session);
984 int gnutls_record_get_direction(gnutls_session_t session);
986 size_t gnutls_record_get_max_size(gnutls_session_t session);
987 ssize_t gnutls_record_set_max_size(gnutls_session_t session, size_t size);
989 size_t gnutls_record_check_pending(gnutls_session_t session);
990 size_t gnutls_record_check_corked(gnutls_session_t session);
992 void gnutls_session_force_valid(gnutls_session_t session);
994 int gnutls_prf(gnutls_session_t session,
995 size_t label_size, const char *label,
996 int server_random_first,
997 size_t extra_size, const char *extra,
998 size_t outsize, char *out);
1000 int gnutls_prf_raw(gnutls_session_t session,
1001 size_t label_size, const char *label,
1002 size_t seed_size, const char *seed,
1003 size_t outsize, char *out);
1006 * gnutls_server_name_type_t:
1007 * @GNUTLS_NAME_DNS: Domain Name System name type.
1009 * Enumeration of different server name types.
1013 } gnutls_server_name_type_t;
1015 int gnutls_server_name_set(gnutls_session_t session,
1016 gnutls_server_name_type_t type,
1017 const void *name, size_t name_length);
1019 int gnutls_server_name_get(gnutls_session_t session,
1020 void *data, size_t * data_length,
1021 unsigned int *type, unsigned int indx);
1023 unsigned int gnutls_heartbeat_get_timeout(gnutls_session_t session);
1024 void gnutls_heartbeat_set_timeouts(gnutls_session_t session,
1025 unsigned int retrans_timeout,
1026 unsigned int total_timeout);
1028 #define GNUTLS_HB_PEER_ALLOWED_TO_SEND (1)
1029 #define GNUTLS_HB_PEER_NOT_ALLOWED_TO_SEND (1<<1)
1032 void gnutls_heartbeat_enable(gnutls_session_t session, unsigned int type);
1034 #define GNUTLS_HB_LOCAL_ALLOWED_TO_SEND (1<<2)
1035 int gnutls_heartbeat_allowed(gnutls_session_t session, unsigned int type);
1037 /* Safe renegotiation */
1038 int gnutls_safe_renegotiation_status(gnutls_session_t session);
1039 unsigned gnutls_session_ext_master_secret_status(gnutls_session_t session);
1040 unsigned gnutls_session_etm_status(gnutls_session_t session);
1043 * gnutls_supplemental_data_format_type_t:
1044 * @GNUTLS_SUPPLEMENTAL_USER_MAPPING_DATA: Supplemental user mapping data.
1046 * Enumeration of different supplemental data types (RFC 4680).
1049 GNUTLS_SUPPLEMENTAL_USER_MAPPING_DATA = 0
1050 } gnutls_supplemental_data_format_type_t;
1053 *gnutls_supplemental_get_name(gnutls_supplemental_data_format_type_t type);
1055 /* SessionTicket, RFC 5077. */
1056 int gnutls_session_ticket_key_generate(gnutls_datum_t * key);
1057 int gnutls_session_ticket_enable_client(gnutls_session_t session);
1058 int gnutls_session_ticket_enable_server(gnutls_session_t session,
1059 const gnutls_datum_t * key);
1061 /* SRTP, RFC 5764 */
1064 * gnutls_srtp_profile_t:
1065 * @GNUTLS_SRTP_AES128_CM_HMAC_SHA1_80: 128 bit AES with a 80 bit HMAC-SHA1
1066 * @GNUTLS_SRTP_AES128_CM_HMAC_SHA1_32: 128 bit AES with a 32 bit HMAC-SHA1
1067 * @GNUTLS_SRTP_NULL_HMAC_SHA1_80: NULL cipher with a 80 bit HMAC-SHA1
1068 * @GNUTLS_SRTP_NULL_HMAC_SHA1_32: NULL cipher with a 32 bit HMAC-SHA1
1070 * Enumeration of different SRTP protection profiles.
1073 GNUTLS_SRTP_AES128_CM_HMAC_SHA1_80 = 0x0001,
1074 GNUTLS_SRTP_AES128_CM_HMAC_SHA1_32 = 0x0002,
1075 GNUTLS_SRTP_NULL_HMAC_SHA1_80 = 0x0005,
1076 GNUTLS_SRTP_NULL_HMAC_SHA1_32 = 0x0006
1077 } gnutls_srtp_profile_t;
1079 int gnutls_srtp_set_profile(gnutls_session_t session,
1080 gnutls_srtp_profile_t profile);
1081 int gnutls_srtp_set_profile_direct(gnutls_session_t session,
1082 const char *profiles,
1083 const char **err_pos);
1084 int gnutls_srtp_get_selected_profile(gnutls_session_t session,
1085 gnutls_srtp_profile_t * profile);
1087 const char *gnutls_srtp_get_profile_name(gnutls_srtp_profile_t profile);
1088 int gnutls_srtp_get_profile_id(const char *name,
1089 gnutls_srtp_profile_t * profile);
1090 int gnutls_srtp_get_keys(gnutls_session_t session,
1092 unsigned int key_material_size,
1093 gnutls_datum_t * client_key,
1094 gnutls_datum_t * client_salt,
1095 gnutls_datum_t * server_key,
1096 gnutls_datum_t * server_salt);
1098 int gnutls_srtp_set_mki(gnutls_session_t session,
1099 const gnutls_datum_t * mki);
1100 int gnutls_srtp_get_mki(gnutls_session_t session, gnutls_datum_t * mki);
1102 /* ALPN TLS extension */
1103 #define GNUTLS_ALPN_MAND 1
1104 int gnutls_alpn_get_selected_protocol(gnutls_session_t session,
1105 gnutls_datum_t * protocol);
1106 int gnutls_alpn_set_protocols(gnutls_session_t session,
1107 const gnutls_datum_t * protocols,
1108 unsigned protocols_size, unsigned flags);
1110 int gnutls_key_generate(gnutls_datum_t * key, unsigned int key_size);
1112 /* if you just want some defaults, use the following.
1115 int gnutls_priority_init(gnutls_priority_t * priority_cache,
1116 const char *priorities, const char **err_pos);
1117 void gnutls_priority_deinit(gnutls_priority_t priority_cache);
1118 int gnutls_priority_get_cipher_suite_index(gnutls_priority_t pcache,
1120 unsigned int *sidx);
1122 #define GNUTLS_PRIORITY_LIST_INIT_KEYWORDS 1
1123 #define GNUTLS_PRIORITY_LIST_SPECIAL 2
1125 gnutls_priority_string_list(unsigned iter, unsigned int flags);
1127 int gnutls_priority_set(gnutls_session_t session,
1128 gnutls_priority_t priority);
1129 int gnutls_priority_set_direct(gnutls_session_t session,
1130 const char *priorities,
1131 const char **err_pos);
1133 int gnutls_priority_certificate_type_list(gnutls_priority_t pcache,
1134 const unsigned int **list);
1135 int gnutls_priority_sign_list(gnutls_priority_t pcache,
1136 const unsigned int **list);
1137 int gnutls_priority_protocol_list(gnutls_priority_t pcache,
1138 const unsigned int **list);
1139 int gnutls_priority_compression_list(gnutls_priority_t pcache,
1140 const unsigned int **list);
1141 int gnutls_priority_ecc_curve_list(gnutls_priority_t pcache,
1142 const unsigned int **list);
1144 int gnutls_priority_kx_list(gnutls_priority_t pcache,
1145 const unsigned int **list);
1146 int gnutls_priority_cipher_list(gnutls_priority_t pcache,
1147 const unsigned int **list);
1148 int gnutls_priority_mac_list(gnutls_priority_t pcache,
1149 const unsigned int **list);
1151 /* for compatibility
1153 int gnutls_set_default_priority(gnutls_session_t session);
1155 /* Returns the name of a cipher suite */
1156 const char *gnutls_cipher_suite_get_name(gnutls_kx_algorithm_t
1158 gnutls_cipher_algorithm_t
1160 gnutls_mac_algorithm_t
1163 /* get the currently used protocol version */
1164 gnutls_protocol_t gnutls_protocol_get_version(gnutls_session_t session);
1166 const char *gnutls_protocol_get_name(gnutls_protocol_t version);
1171 int gnutls_session_set_data(gnutls_session_t session,
1172 const void *session_data,
1173 size_t session_data_size);
1174 int gnutls_session_get_data(gnutls_session_t session, void *session_data,
1175 size_t * session_data_size);
1176 int gnutls_session_get_data2(gnutls_session_t session,
1177 gnutls_datum_t * data);
1178 void gnutls_session_get_random(gnutls_session_t session,
1179 gnutls_datum_t * client,
1180 gnutls_datum_t * server);
1181 char *gnutls_session_get_desc(gnutls_session_t session);
1183 int gnutls_session_set_premaster(gnutls_session_t session,
1184 unsigned int entity,
1185 gnutls_protocol_t version,
1186 gnutls_kx_algorithm_t kx,
1187 gnutls_cipher_algorithm_t cipher,
1188 gnutls_mac_algorithm_t mac,
1189 gnutls_compression_method_t comp,
1190 const gnutls_datum_t * master,
1191 const gnutls_datum_t * session_id);
1193 /* returns the session ID */
1194 #define GNUTLS_MAX_SESSION_ID 32
1195 int gnutls_session_get_id(gnutls_session_t session, void *session_id,
1196 size_t * session_id_size);
1197 int gnutls_session_get_id2(gnutls_session_t session,
1198 gnutls_datum_t * session_id);
1200 int gnutls_session_set_id(gnutls_session_t session,
1201 const gnutls_datum_t * sid);
1203 int gnutls_session_channel_binding(gnutls_session_t session,
1204 gnutls_channel_binding_t cbtype,
1205 gnutls_datum_t * cb);
1207 /* checks if this session is a resumed one
1209 int gnutls_session_is_resumed(gnutls_session_t session);
1210 int gnutls_session_resumption_requested(gnutls_session_t session);
1212 typedef int (*gnutls_db_store_func) (void *, gnutls_datum_t key,
1213 gnutls_datum_t data);
1214 typedef int (*gnutls_db_remove_func) (void *, gnutls_datum_t key);
1215 typedef gnutls_datum_t(*gnutls_db_retr_func) (void *, gnutls_datum_t key);
1217 void gnutls_db_set_cache_expiration(gnutls_session_t session, int seconds);
1218 unsigned gnutls_db_get_default_cache_expiration(void);
1220 void gnutls_db_remove_session(gnutls_session_t session);
1221 void gnutls_db_set_retrieve_function(gnutls_session_t session,
1222 gnutls_db_retr_func retr_func);
1223 void gnutls_db_set_remove_function(gnutls_session_t session,
1224 gnutls_db_remove_func rem_func);
1225 void gnutls_db_set_store_function(gnutls_session_t session,
1226 gnutls_db_store_func store_func);
1227 void gnutls_db_set_ptr(gnutls_session_t session, void *ptr);
1228 void *gnutls_db_get_ptr(gnutls_session_t session);
1229 int gnutls_db_check_entry(gnutls_session_t session,
1230 gnutls_datum_t session_entry);
1231 time_t gnutls_db_check_entry_time(gnutls_datum_t * entry);
1234 * gnutls_handshake_hook_func:
1235 * @session: the current session
1236 * @htype: the type of the handshake message (%gnutls_handshake_description_t)
1237 * @post: non zero if this is a post-process/generation call and zero otherwise
1238 * @incoming: non zero if this is an incoming message and zero if this is an outgoing message
1240 * Function prototype for handshake hooks. It is set using
1241 * gnutls_handshake_set_hook_function().
1243 * Returns: Non zero on error.
1245 #define GNUTLS_HOOK_POST (1)
1246 #define GNUTLS_HOOK_PRE (0)
1247 #define GNUTLS_HOOK_BOTH (-1)
1249 typedef int (*gnutls_handshake_hook_func) (gnutls_session_t,
1252 unsigned int incoming);
1253 void gnutls_handshake_set_hook_function(gnutls_session_t session,
1254 unsigned int htype, int post,
1255 gnutls_handshake_hook_func func);
1257 typedef int (*gnutls_handshake_post_client_hello_func) (gnutls_session_t);
1259 gnutls_handshake_set_post_client_hello_function(gnutls_session_t session,
1260 gnutls_handshake_post_client_hello_func
1263 void gnutls_handshake_set_max_packet_length(gnutls_session_t session,
1266 /* returns libgnutls version (call it with a NULL argument)
1268 const char *gnutls_check_version(const char *req_version);
1270 /* Functions for setting/clearing credentials
1272 void gnutls_credentials_clear(gnutls_session_t session);
1274 /* cred is a structure defined by the kx algorithm
1276 int gnutls_credentials_set(gnutls_session_t session,
1277 gnutls_credentials_type_t type, void *cred);
1278 int gnutls_credentials_get(gnutls_session_t session,
1279 gnutls_credentials_type_t type, void **cred);
1280 #define gnutls_cred_set gnutls_credentials_set
1284 struct gnutls_pubkey_st;
1285 typedef struct gnutls_pubkey_st *gnutls_pubkey_t;
1287 struct gnutls_privkey_st;
1288 typedef struct gnutls_privkey_st *gnutls_privkey_t;
1290 struct gnutls_x509_privkey_int;
1291 typedef struct gnutls_x509_privkey_int *gnutls_x509_privkey_t;
1293 struct gnutls_x509_crl_int;
1294 typedef struct gnutls_x509_crl_int *gnutls_x509_crl_t;
1296 struct gnutls_x509_crt_int;
1297 typedef struct gnutls_x509_crt_int *gnutls_x509_crt_t;
1299 struct gnutls_x509_crq_int;
1300 typedef struct gnutls_x509_crq_int *gnutls_x509_crq_t;
1302 struct gnutls_openpgp_keyring_int;
1303 typedef struct gnutls_openpgp_keyring_int *gnutls_openpgp_keyring_t;
1306 /* Credential structures - used in gnutls_credentials_set(); */
1308 struct gnutls_certificate_credentials_st;
1309 typedef struct gnutls_certificate_credentials_st
1310 *gnutls_certificate_credentials_t;
1311 typedef gnutls_certificate_credentials_t
1312 gnutls_certificate_server_credentials;
1313 typedef gnutls_certificate_credentials_t
1314 gnutls_certificate_client_credentials;
1316 typedef struct gnutls_anon_server_credentials_st
1317 *gnutls_anon_server_credentials_t;
1318 typedef struct gnutls_anon_client_credentials_st
1319 *gnutls_anon_client_credentials_t;
1321 void gnutls_anon_free_server_credentials(gnutls_anon_server_credentials_t
1324 gnutls_anon_allocate_server_credentials(gnutls_anon_server_credentials_t
1327 void gnutls_anon_set_server_dh_params(gnutls_anon_server_credentials_t res,
1328 gnutls_dh_params_t dh_params);
1331 gnutls_anon_set_server_params_function(gnutls_anon_server_credentials_t
1332 res, gnutls_params_function * func);
1335 gnutls_anon_free_client_credentials(gnutls_anon_client_credentials_t sc);
1337 gnutls_anon_allocate_client_credentials(gnutls_anon_client_credentials_t
1340 /* CERTFILE is an x509 certificate in PEM form.
1341 * KEYFILE is a pkcs-1 private key in PEM form (for RSA keys).
1344 gnutls_certificate_free_credentials(gnutls_certificate_credentials_t sc);
1346 gnutls_certificate_allocate_credentials(gnutls_certificate_credentials_t
1350 gnutls_certificate_get_issuer(gnutls_certificate_credentials_t sc,
1351 gnutls_x509_crt_t cert,
1352 gnutls_x509_crt_t * issuer,
1353 unsigned int flags);
1355 int gnutls_certificate_get_crt_raw(gnutls_certificate_credentials_t sc,
1356 unsigned idx1, unsigned idx2,
1357 gnutls_datum_t * cert);
1359 void gnutls_certificate_free_keys(gnutls_certificate_credentials_t sc);
1360 void gnutls_certificate_free_cas(gnutls_certificate_credentials_t sc);
1361 void gnutls_certificate_free_ca_names(gnutls_certificate_credentials_t sc);
1362 void gnutls_certificate_free_crls(gnutls_certificate_credentials_t sc);
1364 void gnutls_certificate_set_dh_params(gnutls_certificate_credentials_t res,
1365 gnutls_dh_params_t dh_params);
1366 void gnutls_certificate_set_verify_flags(gnutls_certificate_credentials_t
1367 res, unsigned int flags);
1369 gnutls_certificate_get_verify_flags(gnutls_certificate_credentials_t res);
1371 void gnutls_certificate_set_verify_limits(gnutls_certificate_credentials_t
1372 res, unsigned int max_bits,
1373 unsigned int max_depth);
1376 gnutls_certificate_get_verify_flags(gnutls_certificate_credentials_t);
1379 gnutls_certificate_set_x509_system_trust(gnutls_certificate_credentials_t
1383 gnutls_certificate_set_x509_trust_file(gnutls_certificate_credentials_t
1384 cred, const char *cafile,
1385 gnutls_x509_crt_fmt_t type);
1387 gnutls_certificate_set_x509_trust_dir(gnutls_certificate_credentials_t cred,
1389 gnutls_x509_crt_fmt_t type);
1391 int gnutls_certificate_set_x509_trust_mem(gnutls_certificate_credentials_t
1392 res, const gnutls_datum_t * ca,
1393 gnutls_x509_crt_fmt_t type);
1396 gnutls_certificate_set_x509_crl_file(gnutls_certificate_credentials_t
1397 res, const char *crlfile,
1398 gnutls_x509_crt_fmt_t type);
1399 int gnutls_certificate_set_x509_crl_mem(gnutls_certificate_credentials_t
1400 res, const gnutls_datum_t * CRL,
1401 gnutls_x509_crt_fmt_t type);
1404 gnutls_certificate_set_x509_key_file(gnutls_certificate_credentials_t
1405 res, const char *certfile,
1406 const char *keyfile,
1407 gnutls_x509_crt_fmt_t type);
1410 gnutls_certificate_set_x509_key_file2(gnutls_certificate_credentials_t
1411 res, const char *certfile,
1412 const char *keyfile,
1413 gnutls_x509_crt_fmt_t type,
1415 unsigned int flags);
1417 int gnutls_certificate_set_x509_key_mem(gnutls_certificate_credentials_t
1418 res, const gnutls_datum_t * cert,
1419 const gnutls_datum_t * key,
1420 gnutls_x509_crt_fmt_t type);
1422 int gnutls_certificate_set_x509_key_mem2(gnutls_certificate_credentials_t
1423 res, const gnutls_datum_t * cert,
1424 const gnutls_datum_t * key,
1425 gnutls_x509_crt_fmt_t type,
1427 unsigned int flags);
1429 void gnutls_certificate_send_x509_rdn_sequence(gnutls_session_t session,
1433 gnutls_certificate_set_x509_simple_pkcs12_file
1434 (gnutls_certificate_credentials_t res, const char *pkcs12file,
1435 gnutls_x509_crt_fmt_t type, const char *password);
1437 gnutls_certificate_set_x509_simple_pkcs12_mem
1438 (gnutls_certificate_credentials_t res, const gnutls_datum_t * p12blob,
1439 gnutls_x509_crt_fmt_t type, const char *password);
1441 /* New functions to allow setting already parsed X.509 stuff.
1444 int gnutls_certificate_set_x509_key(gnutls_certificate_credentials_t res,
1445 gnutls_x509_crt_t * cert_list,
1447 gnutls_x509_privkey_t key);
1448 int gnutls_certificate_set_x509_trust(gnutls_certificate_credentials_t res,
1449 gnutls_x509_crt_t * ca_list,
1451 int gnutls_certificate_set_x509_crl(gnutls_certificate_credentials_t res,
1452 gnutls_x509_crl_t * crl_list,
1455 int gnutls_certificate_get_x509_key(gnutls_certificate_credentials_t res,
1457 gnutls_x509_privkey_t *key);
1458 int gnutls_certificate_get_x509_crt(gnutls_certificate_credentials_t res,
1460 gnutls_x509_crt_t **crt_list,
1461 unsigned *crt_list_size);
1463 /* OCSP status request extension, RFC 6066 */
1464 typedef int (*gnutls_status_request_ocsp_func)
1465 (gnutls_session_t session, void *ptr, gnutls_datum_t * ocsp_response);
1468 gnutls_certificate_set_ocsp_status_request_function
1469 (gnutls_certificate_credentials_t res,
1470 gnutls_status_request_ocsp_func ocsp_func, void *ptr);
1473 gnutls_certificate_set_ocsp_status_request_file
1474 (gnutls_certificate_credentials_t res, const char *response_file,
1475 unsigned int flags);
1477 int gnutls_ocsp_status_request_enable_client(gnutls_session_t session,
1478 gnutls_datum_t * responder_id,
1479 size_t responder_id_size,
1481 request_extensions);
1483 int gnutls_ocsp_status_request_get(gnutls_session_t session,
1484 gnutls_datum_t * response);
1486 #define GNUTLS_OCSP_SR_IS_AVAIL 1
1487 int gnutls_ocsp_status_request_is_checked(gnutls_session_t session,
1488 unsigned int flags);
1490 /* global state functions
1492 int gnutls_global_init(void);
1493 void gnutls_global_deinit(void);
1497 * @t: where to store time.
1499 * Function prototype for time()-like function. Set with
1500 * gnutls_global_set_time_function().
1502 * Returns: Number of seconds since the epoch, or (time_t)-1 on errors.
1504 typedef time_t(*gnutls_time_func) (time_t * t);
1506 typedef int (*mutex_init_func) (void **mutex);
1507 typedef int (*mutex_lock_func) (void **mutex);
1508 typedef int (*mutex_unlock_func) (void **mutex);
1509 typedef int (*mutex_deinit_func) (void **mutex);
1511 void gnutls_global_set_mutex(mutex_init_func init,
1512 mutex_deinit_func deinit,
1513 mutex_lock_func lock,
1514 mutex_unlock_func unlock);
1516 typedef void *(*gnutls_alloc_function) (size_t);
1517 typedef void *(*gnutls_calloc_function) (size_t, size_t);
1518 typedef int (*gnutls_is_secure_function) (const void *);
1519 typedef void (*gnutls_free_function) (void *);
1520 typedef void *(*gnutls_realloc_function) (void *, size_t);
1522 void gnutls_global_set_time_function(gnutls_time_func time_func);
1524 /* For use in callbacks */
1525 extern _SYM_EXPORT gnutls_alloc_function gnutls_malloc;
1526 extern _SYM_EXPORT gnutls_realloc_function gnutls_realloc;
1527 extern _SYM_EXPORT gnutls_calloc_function gnutls_calloc;
1528 extern _SYM_EXPORT gnutls_free_function gnutls_free;
1530 extern _SYM_EXPORT char *(*gnutls_strdup) (const char *);
1532 /* a variant of memset that doesn't get optimized out */
1533 void gnutls_memset(void *data, int c, size_t size);
1535 /* constant time memcmp */
1536 int gnutls_memcmp(const void *s1, const void *s2, size_t n);
1538 typedef void (*gnutls_log_func) (int, const char *);
1539 typedef void (*gnutls_audit_log_func) (gnutls_session_t, const char *);
1540 void gnutls_global_set_log_function(gnutls_log_func log_func);
1541 void gnutls_global_set_audit_log_function(gnutls_audit_log_func log_func);
1542 void gnutls_global_set_log_level(int level);
1544 /* Diffie-Hellman parameter handling.
1546 int gnutls_dh_params_init(gnutls_dh_params_t * dh_params);
1547 void gnutls_dh_params_deinit(gnutls_dh_params_t dh_params);
1548 int gnutls_dh_params_import_raw(gnutls_dh_params_t dh_params,
1549 const gnutls_datum_t * prime,
1550 const gnutls_datum_t * generator);
1551 int gnutls_dh_params_import_raw2(gnutls_dh_params_t dh_params,
1552 const gnutls_datum_t * prime,
1553 const gnutls_datum_t * generator,
1555 int gnutls_dh_params_import_pkcs3(gnutls_dh_params_t params,
1556 const gnutls_datum_t * pkcs3_params,
1557 gnutls_x509_crt_fmt_t format);
1558 int gnutls_dh_params_generate2(gnutls_dh_params_t params,
1560 int gnutls_dh_params_export_pkcs3(gnutls_dh_params_t params,
1561 gnutls_x509_crt_fmt_t format,
1562 unsigned char *params_data,
1563 size_t * params_data_size);
1564 int gnutls_dh_params_export2_pkcs3(gnutls_dh_params_t params,
1565 gnutls_x509_crt_fmt_t format,
1566 gnutls_datum_t * out);
1567 int gnutls_dh_params_export_raw(gnutls_dh_params_t params,
1568 gnutls_datum_t * prime,
1569 gnutls_datum_t * generator,
1570 unsigned int *bits);
1571 int gnutls_dh_params_cpy(gnutls_dh_params_t dst, gnutls_dh_params_t src);
1578 void *iov_base; /* Starting address */
1579 size_t iov_len; /* Number of bytes to transfer */
1582 typedef ssize_t(*gnutls_pull_func) (gnutls_transport_ptr_t, void *,
1584 typedef ssize_t(*gnutls_push_func) (gnutls_transport_ptr_t, const void *,
1587 int gnutls_system_recv_timeout(gnutls_transport_ptr_t ptr, unsigned int ms);
1588 typedef int (*gnutls_pull_timeout_func) (gnutls_transport_ptr_t,
1591 typedef ssize_t(*gnutls_vec_push_func) (gnutls_transport_ptr_t,
1592 const giovec_t * iov, int iovcnt);
1594 typedef int (*gnutls_errno_func) (gnutls_transport_ptr_t);
1597 /* This will be defined as macro. */
1598 void gnutls_transport_set_int (gnutls_session_t session, int r);
1601 void gnutls_transport_set_int2(gnutls_session_t session, int r, int s);
1602 #define gnutls_transport_set_int(s, i) gnutls_transport_set_int2(s, i, i)
1604 void gnutls_transport_get_int2(gnutls_session_t session, int *r, int *s);
1605 int gnutls_transport_get_int(gnutls_session_t session);
1607 void gnutls_transport_set_ptr(gnutls_session_t session,
1608 gnutls_transport_ptr_t ptr);
1609 void gnutls_transport_set_ptr2(gnutls_session_t session,
1610 gnutls_transport_ptr_t recv_ptr,
1611 gnutls_transport_ptr_t send_ptr);
1613 gnutls_transport_ptr_t gnutls_transport_get_ptr(gnutls_session_t session);
1614 void gnutls_transport_get_ptr2(gnutls_session_t session,
1615 gnutls_transport_ptr_t * recv_ptr,
1616 gnutls_transport_ptr_t * send_ptr);
1618 void gnutls_transport_set_vec_push_function(gnutls_session_t session,
1619 gnutls_vec_push_func vec_func);
1620 void gnutls_transport_set_push_function(gnutls_session_t session,
1621 gnutls_push_func push_func);
1622 void gnutls_transport_set_pull_function(gnutls_session_t session,
1623 gnutls_pull_func pull_func);
1625 void gnutls_transport_set_pull_timeout_function(gnutls_session_t session,
1626 gnutls_pull_timeout_func
1629 void gnutls_transport_set_errno_function(gnutls_session_t session,
1630 gnutls_errno_func errno_func);
1632 void gnutls_transport_set_errno(gnutls_session_t session, int err);
1636 void gnutls_session_set_ptr(gnutls_session_t session, void *ptr);
1637 void *gnutls_session_get_ptr(gnutls_session_t session);
1639 void gnutls_openpgp_send_cert(gnutls_session_t session,
1640 gnutls_openpgp_crt_status_t status);
1642 /* This function returns the hash of the given data.
1644 int gnutls_fingerprint(gnutls_digest_algorithm_t algo,
1645 const gnutls_datum_t * data, void *result,
1646 size_t * result_size);
1649 * gnutls_random_art_t:
1650 * @GNUTLS_RANDOM_ART_OPENSSH: OpenSSH-style random art.
1652 * Enumeration of different random art types.
1654 typedef enum gnutls_random_art {
1655 GNUTLS_RANDOM_ART_OPENSSH = 1
1656 } gnutls_random_art_t;
1658 int gnutls_random_art(gnutls_random_art_t type,
1659 const char *key_type, unsigned int key_size,
1660 void *fpr, size_t fpr_size, gnutls_datum_t * art);
1665 typedef struct gnutls_srp_server_credentials_st
1666 *gnutls_srp_server_credentials_t;
1667 typedef struct gnutls_srp_client_credentials_st
1668 *gnutls_srp_client_credentials_t;
1671 gnutls_srp_free_client_credentials(gnutls_srp_client_credentials_t sc);
1673 gnutls_srp_allocate_client_credentials(gnutls_srp_client_credentials_t *
1675 int gnutls_srp_set_client_credentials(gnutls_srp_client_credentials_t res,
1676 const char *username,
1677 const char *password);
1680 gnutls_srp_free_server_credentials(gnutls_srp_server_credentials_t sc);
1682 gnutls_srp_allocate_server_credentials(gnutls_srp_server_credentials_t *
1684 int gnutls_srp_set_server_credentials_file(gnutls_srp_server_credentials_t
1685 res, const char *password_file,
1686 const char *password_conf_file);
1688 const char *gnutls_srp_server_get_username(gnutls_session_t session);
1690 void gnutls_srp_set_prime_bits(gnutls_session_t session,
1693 int gnutls_srp_verifier(const char *username,
1694 const char *password,
1695 const gnutls_datum_t * salt,
1696 const gnutls_datum_t * generator,
1697 const gnutls_datum_t * prime,
1698 gnutls_datum_t * res);
1700 /* The static parameters defined in draft-ietf-tls-srp-05
1701 * Those should be used as input to gnutls_srp_verifier().
1703 extern _SYM_EXPORT const gnutls_datum_t gnutls_srp_4096_group_prime;
1704 extern _SYM_EXPORT const gnutls_datum_t gnutls_srp_4096_group_generator;
1706 extern _SYM_EXPORT const gnutls_datum_t gnutls_srp_3072_group_prime;
1707 extern _SYM_EXPORT const gnutls_datum_t gnutls_srp_3072_group_generator;
1709 extern _SYM_EXPORT const gnutls_datum_t gnutls_srp_2048_group_prime;
1710 extern _SYM_EXPORT const gnutls_datum_t gnutls_srp_2048_group_generator;
1712 extern _SYM_EXPORT const gnutls_datum_t gnutls_srp_1536_group_prime;
1713 extern _SYM_EXPORT const gnutls_datum_t gnutls_srp_1536_group_generator;
1715 extern _SYM_EXPORT const gnutls_datum_t gnutls_srp_1024_group_prime;
1716 extern _SYM_EXPORT const gnutls_datum_t gnutls_srp_1024_group_generator;
1718 typedef int gnutls_srp_server_credentials_function(gnutls_session_t,
1719 const char *username,
1720 gnutls_datum_t * salt,
1725 gnutls_datum_t * prime);
1727 gnutls_srp_set_server_credentials_function(gnutls_srp_server_credentials_t
1729 gnutls_srp_server_credentials_function
1732 typedef int gnutls_srp_client_credentials_function(gnutls_session_t,
1735 gnutls_srp_set_client_credentials_function(gnutls_srp_client_credentials_t
1737 gnutls_srp_client_credentials_function
1740 int gnutls_srp_base64_encode(const gnutls_datum_t * data, char *result,
1741 size_t * result_size);
1742 int gnutls_srp_base64_encode_alloc(const gnutls_datum_t * data,
1743 gnutls_datum_t * result);
1745 int gnutls_srp_base64_decode(const gnutls_datum_t * b64_data, char *result,
1746 size_t * result_size);
1747 int gnutls_srp_base64_decode_alloc(const gnutls_datum_t * b64_data,
1748 gnutls_datum_t * result);
1751 gnutls_srp_set_server_fake_salt_seed(gnutls_srp_server_credentials_t
1753 const gnutls_datum_t * seed,
1754 unsigned int salt_length);
1757 typedef struct gnutls_psk_server_credentials_st
1758 *gnutls_psk_server_credentials_t;
1759 typedef struct gnutls_psk_client_credentials_st
1760 *gnutls_psk_client_credentials_t;
1763 * gnutls_psk_key_flags:
1764 * @GNUTLS_PSK_KEY_RAW: PSK-key in raw format.
1765 * @GNUTLS_PSK_KEY_HEX: PSK-key in hex format.
1767 * Enumeration of different PSK key flags.
1769 typedef enum gnutls_psk_key_flags {
1770 GNUTLS_PSK_KEY_RAW = 0,
1772 } gnutls_psk_key_flags;
1775 gnutls_psk_free_client_credentials(gnutls_psk_client_credentials_t sc);
1777 gnutls_psk_allocate_client_credentials(gnutls_psk_client_credentials_t *
1779 int gnutls_psk_set_client_credentials(gnutls_psk_client_credentials_t res,
1780 const char *username,
1781 const gnutls_datum_t * key,
1782 gnutls_psk_key_flags flags);
1785 gnutls_psk_free_server_credentials(gnutls_psk_server_credentials_t sc);
1787 gnutls_psk_allocate_server_credentials(gnutls_psk_server_credentials_t *
1789 int gnutls_psk_set_server_credentials_file(gnutls_psk_server_credentials_t
1790 res, const char *password_file);
1793 gnutls_psk_set_server_credentials_hint(gnutls_psk_server_credentials_t
1794 res, const char *hint);
1796 const char *gnutls_psk_server_get_username(gnutls_session_t session);
1797 const char *gnutls_psk_client_get_hint(gnutls_session_t session);
1799 typedef int gnutls_psk_server_credentials_function(gnutls_session_t,
1800 const char *username,
1801 gnutls_datum_t * key);
1803 gnutls_psk_set_server_credentials_function(gnutls_psk_server_credentials_t
1805 gnutls_psk_server_credentials_function
1808 typedef int gnutls_psk_client_credentials_function(gnutls_session_t,
1810 gnutls_datum_t * key);
1812 gnutls_psk_set_client_credentials_function(gnutls_psk_client_credentials_t
1814 gnutls_psk_client_credentials_function
1817 int gnutls_hex_encode(const gnutls_datum_t * data, char *result,
1818 size_t * result_size);
1819 int gnutls_hex_decode(const gnutls_datum_t * hex_data, void *result,
1820 size_t * result_size);
1823 gnutls_psk_set_server_dh_params(gnutls_psk_server_credentials_t res,
1824 gnutls_dh_params_t dh_params);
1827 gnutls_psk_set_server_params_function(gnutls_psk_server_credentials_t
1828 res, gnutls_params_function * func);
1831 * gnutls_x509_subject_alt_name_t:
1832 * @GNUTLS_SAN_DNSNAME: DNS-name SAN.
1833 * @GNUTLS_SAN_RFC822NAME: E-mail address SAN.
1834 * @GNUTLS_SAN_URI: URI SAN.
1835 * @GNUTLS_SAN_IPADDRESS: IP address SAN.
1836 * @GNUTLS_SAN_OTHERNAME: OtherName SAN.
1837 * @GNUTLS_SAN_DN: DN SAN.
1838 * @GNUTLS_SAN_OTHERNAME_XMPP: Virtual SAN, used by
1839 * gnutls_x509_crt_get_subject_alt_othername_oid.
1841 * Enumeration of different subject alternative names types.
1843 typedef enum gnutls_x509_subject_alt_name_t {
1844 GNUTLS_SAN_DNSNAME = 1,
1845 GNUTLS_SAN_RFC822NAME = 2,
1847 GNUTLS_SAN_IPADDRESS = 4,
1848 GNUTLS_SAN_OTHERNAME = 5,
1850 /* The following are "virtual" subject alternative name types, in
1851 that they are represented by an otherName value and an OID.
1852 Used by gnutls_x509_crt_get_subject_alt_othername_oid. */
1853 GNUTLS_SAN_OTHERNAME_XMPP = 1000
1854 } gnutls_x509_subject_alt_name_t;
1856 struct gnutls_openpgp_crt_int;
1857 typedef struct gnutls_openpgp_crt_int *gnutls_openpgp_crt_t;
1859 struct gnutls_openpgp_privkey_int;
1860 typedef struct gnutls_openpgp_privkey_int *gnutls_openpgp_privkey_t;
1862 struct gnutls_pkcs11_privkey_st;
1863 typedef struct gnutls_pkcs11_privkey_st *gnutls_pkcs11_privkey_t;
1866 * gnutls_privkey_type_t:
1867 * @GNUTLS_PRIVKEY_X509: X.509 private key, #gnutls_x509_privkey_t.
1868 * @GNUTLS_PRIVKEY_OPENPGP: OpenPGP private key, #gnutls_openpgp_privkey_t.
1869 * @GNUTLS_PRIVKEY_PKCS11: PKCS11 private key, #gnutls_pkcs11_privkey_t.
1870 * @GNUTLS_PRIVKEY_EXT: External private key, operating using callbacks.
1872 * Enumeration of different private key types.
1875 GNUTLS_PRIVKEY_X509,
1876 GNUTLS_PRIVKEY_OPENPGP,
1877 GNUTLS_PRIVKEY_PKCS11,
1879 } gnutls_privkey_type_t;
1881 typedef struct gnutls_retr2_st {
1882 gnutls_certificate_type_t cert_type;
1883 gnutls_privkey_type_t key_type;
1886 gnutls_x509_crt_t *x509;
1887 gnutls_openpgp_crt_t pgp;
1889 unsigned int ncerts; /* one for pgp keys */
1892 gnutls_x509_privkey_t x509;
1893 gnutls_openpgp_privkey_t pgp;
1894 gnutls_pkcs11_privkey_t pkcs11;
1897 unsigned int deinit_all; /* if non zero all keys will be deinited */
1901 /* Functions that allow auth_info_t structures handling
1904 gnutls_credentials_type_t gnutls_auth_get_type(gnutls_session_t session);
1905 gnutls_credentials_type_t
1906 gnutls_auth_server_get_type(gnutls_session_t session);
1907 gnutls_credentials_type_t
1908 gnutls_auth_client_get_type(gnutls_session_t session);
1912 void gnutls_dh_set_prime_bits(gnutls_session_t session, unsigned int bits);
1913 int gnutls_dh_get_secret_bits(gnutls_session_t session);
1914 int gnutls_dh_get_peers_public_bits(gnutls_session_t session);
1915 int gnutls_dh_get_prime_bits(gnutls_session_t session);
1917 int gnutls_dh_get_group(gnutls_session_t session, gnutls_datum_t * raw_gen,
1918 gnutls_datum_t * raw_prime);
1919 int gnutls_dh_get_pubkey(gnutls_session_t session,
1920 gnutls_datum_t * raw_key);
1925 /* These are set on the credentials structure.
1928 /* use gnutls_certificate_set_retrieve_function2() in abstract.h
1929 * instead. It's much more efficient.
1932 typedef int gnutls_certificate_retrieve_function(gnutls_session_t,
1938 gnutls_pk_algorithm_t
1946 gnutls_certificate_set_retrieve_function(gnutls_certificate_credentials_t
1948 gnutls_certificate_retrieve_function
1951 typedef int gnutls_certificate_verify_function(gnutls_session_t);
1953 gnutls_certificate_set_verify_function(gnutls_certificate_credentials_t
1955 gnutls_certificate_verify_function
1959 gnutls_certificate_server_set_request(gnutls_session_t session,
1960 gnutls_certificate_request_t req);
1962 /* get data from the session
1964 const gnutls_datum_t *gnutls_certificate_get_peers(gnutls_session_t
1965 session, unsigned int
1967 const gnutls_datum_t *gnutls_certificate_get_ours(gnutls_session_t
1970 int gnutls_certificate_get_peers_subkey_id(gnutls_session_t session,
1971 gnutls_datum_t * id);
1973 time_t gnutls_certificate_activation_time_peers(gnutls_session_t session);
1974 time_t gnutls_certificate_expiration_time_peers(gnutls_session_t session);
1976 int gnutls_certificate_client_get_request_status(gnutls_session_t session);
1977 int gnutls_certificate_verify_peers2(gnutls_session_t session,
1978 unsigned int *status);
1979 int gnutls_certificate_verify_peers3(gnutls_session_t session,
1980 const char *hostname,
1981 unsigned int *status);
1984 * gnutls_vdata_types_t:
1985 * @GNUTLS_DT_UNKNOWN: Unknown data type.
1986 * @GNUTLS_DT_DNS_HOSTNAME: The data contain a null-terminated DNS hostname.
1987 * @GNUTLS_DT_KEY_PURPOSE_OID: The data contain a null-terminated key purpose OID.
1989 * Enumeration of different key exchange algorithms.
1992 GNUTLS_DT_UNKNOWN = 0,
1993 GNUTLS_DT_DNS_HOSTNAME = 1,
1994 GNUTLS_DT_KEY_PURPOSE_OID = 2
1995 } gnutls_vdata_types_t;
1998 gnutls_vdata_types_t type;
1999 unsigned char *data;
2001 } gnutls_typed_vdata_st;
2004 gnutls_certificate_verify_peers(gnutls_session_t session,
2005 gnutls_typed_vdata_st * data,
2006 unsigned int elements,
2007 unsigned int *status);
2009 int gnutls_certificate_verification_status_print(unsigned int status,
2010 gnutls_certificate_type_t
2012 gnutls_datum_t * out,
2013 unsigned int flags);
2015 int gnutls_pem_base64_encode(const char *msg, const gnutls_datum_t * data,
2016 char *result, size_t * result_size);
2017 int gnutls_pem_base64_decode(const char *header,
2018 const gnutls_datum_t * b64_data,
2019 unsigned char *result, size_t * result_size);
2021 int gnutls_pem_base64_encode_alloc(const char *msg,
2022 const gnutls_datum_t * data,
2023 gnutls_datum_t * result);
2024 int gnutls_pem_base64_decode_alloc(const char *header,
2025 const gnutls_datum_t * b64_data,
2026 gnutls_datum_t * result);
2028 /* key_usage will be an OR of the following values:
2031 /* when the key is to be used for signing: */
2032 #define GNUTLS_KEY_DIGITAL_SIGNATURE 128
2033 #define GNUTLS_KEY_NON_REPUDIATION 64
2034 /* when the key is to be used for encryption: */
2035 #define GNUTLS_KEY_KEY_ENCIPHERMENT 32
2036 #define GNUTLS_KEY_DATA_ENCIPHERMENT 16
2037 #define GNUTLS_KEY_KEY_AGREEMENT 8
2038 #define GNUTLS_KEY_KEY_CERT_SIGN 4
2039 #define GNUTLS_KEY_CRL_SIGN 2
2040 #define GNUTLS_KEY_ENCIPHER_ONLY 1
2041 #define GNUTLS_KEY_DECIPHER_ONLY 32768
2044 gnutls_certificate_set_params_function(gnutls_certificate_credentials_t
2045 res, gnutls_params_function * func);
2046 void gnutls_anon_set_params_function(gnutls_anon_server_credentials_t res,
2047 gnutls_params_function * func);
2048 void gnutls_psk_set_params_function(gnutls_psk_server_credentials_t res,
2049 gnutls_params_function * func);
2051 int gnutls_hex2bin(const char *hex_data, size_t hex_size,
2052 void *bin_data, size_t * bin_size);
2054 /* Trust on first use (or ssh like) functions */
2056 /* stores the provided information to a database
2058 typedef int (*gnutls_tdb_store_func) (const char *db_name,
2060 const char *service,
2062 const gnutls_datum_t * pubkey);
2064 typedef int (*gnutls_tdb_store_commitment_func) (const char *db_name,
2066 const char *service,
2068 gnutls_digest_algorithm_t
2070 const gnutls_datum_t *
2073 /* searches for the provided host/service pair that match the
2074 * provided public key in the database. */
2075 typedef int (*gnutls_tdb_verify_func) (const char *db_name,
2077 const char *service,
2078 const gnutls_datum_t * pubkey);
2081 struct gnutls_tdb_int;
2082 typedef struct gnutls_tdb_int *gnutls_tdb_t;
2084 int gnutls_tdb_init(gnutls_tdb_t * tdb);
2085 void gnutls_tdb_set_store_func(gnutls_tdb_t tdb,
2086 gnutls_tdb_store_func store);
2087 void gnutls_tdb_set_store_commitment_func(gnutls_tdb_t tdb,
2088 gnutls_tdb_store_commitment_func
2090 void gnutls_tdb_set_verify_func(gnutls_tdb_t tdb,
2091 gnutls_tdb_verify_func verify);
2092 void gnutls_tdb_deinit(gnutls_tdb_t tdb);
2094 int gnutls_verify_stored_pubkey(const char *db_name,
2097 const char *service,
2098 gnutls_certificate_type_t cert_type,
2099 const gnutls_datum_t * cert,
2100 unsigned int flags);
2102 int gnutls_store_commitment(const char *db_name,
2105 const char *service,
2106 gnutls_digest_algorithm_t hash_algo,
2107 const gnutls_datum_t * hash,
2108 time_t expiration, unsigned int flags);
2110 int gnutls_store_pubkey(const char *db_name,
2113 const char *service,
2114 gnutls_certificate_type_t cert_type,
2115 const gnutls_datum_t * cert,
2116 time_t expiration, unsigned int flags);
2118 /* Other helper functions */
2119 int gnutls_load_file(const char *filename, gnutls_datum_t * data);
2121 int gnutls_url_is_supported(const char *url);
2126 * gnutls_pin_flag_t:
2127 * @GNUTLS_PIN_USER: The PIN for the user.
2128 * @GNUTLS_PIN_SO: The PIN for the security officer (admin).
2129 * @GNUTLS_PIN_CONTEXT_SPECIFIC: The PIN is for a specific action and key like signing.
2130 * @GNUTLS_PIN_FINAL_TRY: This is the final try before blocking.
2131 * @GNUTLS_PIN_COUNT_LOW: Few tries remain before token blocks.
2132 * @GNUTLS_PIN_WRONG: Last given PIN was not correct.
2134 * Enumeration of different flags that are input to the PIN function.
2137 GNUTLS_PIN_USER = (1 << 0),
2138 GNUTLS_PIN_SO = (1 << 1),
2139 GNUTLS_PIN_FINAL_TRY = (1 << 2),
2140 GNUTLS_PIN_COUNT_LOW = (1 << 3),
2141 GNUTLS_PIN_CONTEXT_SPECIFIC = (1 << 4),
2142 GNUTLS_PIN_WRONG = (1 << 5)
2143 } gnutls_pin_flag_t;
2145 #define GNUTLS_PKCS11_PIN_USER GNUTLS_PIN_USER
2146 #define GNUTLS_PKCS11_PIN_SO GNUTLS_PIN_SO
2147 #define GNUTLS_PKCS11_PIN_FINAL_TRY GNUTLS_PIN_FINAL_TRY
2148 #define GNUTLS_PKCS11_PIN_COUNT_LOW GNUTLS_PIN_COUNT_LOW
2149 #define GNUTLS_PKCS11_PIN_CONTEXT_SPECIFIC GNUTLS_PIN_CONTEXT_SPECIFIC
2150 #define GNUTLS_PKCS11_PIN_WRONG GNUTLS_PIN_WRONG
2153 * gnutls_pin_callback_t:
2154 * @userdata: user-controlled data from gnutls_pkcs11_set_pin_function().
2155 * @attempt: pin-attempt counter, initially 0.
2156 * @token_url: URL of token.
2157 * @token_label: label of token.
2158 * @flags: a #gnutls_pin_flag_t flag.
2159 * @pin: buffer to hold PIN, of size @pin_max.
2160 * @pin_max: size of @pin buffer.
2162 * Callback function type for PKCS#11 or TPM PIN entry. It is set by
2163 * functions like gnutls_pkcs11_set_pin_function().
2165 * The callback should provides the PIN code to unlock the token with
2166 * label @token_label, specified by the URL @token_url.
2168 * The PIN code, as a NUL-terminated ASCII string, should be copied
2169 * into the @pin buffer (of maximum size @pin_max), and return 0 to
2170 * indicate success. Alternatively, the callback may return a
2171 * negative gnutls error code to indicate failure and cancel PIN entry
2172 * (in which case, the contents of the @pin parameter are ignored).
2174 * When a PIN is required, the callback will be invoked repeatedly
2175 * (and indefinitely) until either the returned PIN code is correct,
2176 * the callback returns failure, or the token refuses login (e.g. when
2177 * the token is locked due to too many incorrect PINs!). For the
2178 * first such invocation, the @attempt counter will have value zero;
2179 * it will increase by one for each subsequent attempt.
2181 * Returns: %GNUTLS_E_SUCCESS (0) on success or a negative error code on error.
2185 typedef int (*gnutls_pin_callback_t) (void *userdata, int attempt,
2186 const char *token_url,
2187 const char *token_label,
2189 char *pin, size_t pin_max);
2191 void gnutls_certificate_set_pin_function(gnutls_certificate_credentials_t,
2192 gnutls_pin_callback_t fn,
2195 /* FIPS140-2 related functions */
2196 int gnutls_fips140_mode_enabled(void);
2198 /* Gnutls error codes. The mapping to a TLS alert is also shown in
2202 #define GNUTLS_E_SUCCESS 0
2203 #define GNUTLS_E_UNKNOWN_COMPRESSION_ALGORITHM -3
2204 #define GNUTLS_E_UNKNOWN_CIPHER_TYPE -6
2205 #define GNUTLS_E_LARGE_PACKET -7
2206 #define GNUTLS_E_UNSUPPORTED_VERSION_PACKET -8 /* GNUTLS_A_PROTOCOL_VERSION */
2207 #define GNUTLS_E_UNEXPECTED_PACKET_LENGTH -9 /* GNUTLS_A_RECORD_OVERFLOW */
2208 #define GNUTLS_E_INVALID_SESSION -10
2209 #define GNUTLS_E_FATAL_ALERT_RECEIVED -12
2210 #define GNUTLS_E_UNEXPECTED_PACKET -15 /* GNUTLS_A_UNEXPECTED_MESSAGE */
2211 #define GNUTLS_E_WARNING_ALERT_RECEIVED -16
2212 #define GNUTLS_E_ERROR_IN_FINISHED_PACKET -18
2213 #define GNUTLS_E_UNEXPECTED_HANDSHAKE_PACKET -19
2214 #define GNUTLS_E_UNKNOWN_CIPHER_SUITE -21 /* GNUTLS_A_HANDSHAKE_FAILURE */
2215 #define GNUTLS_E_UNWANTED_ALGORITHM -22
2216 #define GNUTLS_E_MPI_SCAN_FAILED -23
2217 #define GNUTLS_E_DECRYPTION_FAILED -24 /* GNUTLS_A_DECRYPTION_FAILED, GNUTLS_A_BAD_RECORD_MAC */
2218 #define GNUTLS_E_MEMORY_ERROR -25
2219 #define GNUTLS_E_DECOMPRESSION_FAILED -26 /* GNUTLS_A_DECOMPRESSION_FAILURE */
2220 #define GNUTLS_E_COMPRESSION_FAILED -27
2221 #define GNUTLS_E_AGAIN -28
2222 #define GNUTLS_E_EXPIRED -29
2223 #define GNUTLS_E_DB_ERROR -30
2224 #define GNUTLS_E_SRP_PWD_ERROR -31
2225 #define GNUTLS_E_INSUFFICIENT_CREDENTIALS -32
2226 #define GNUTLS_E_INSUFICIENT_CREDENTIALS GNUTLS_E_INSUFFICIENT_CREDENTIALS /* for backwards compatibility only */
2227 #define GNUTLS_E_INSUFFICIENT_CRED GNUTLS_E_INSUFFICIENT_CREDENTIALS
2228 #define GNUTLS_E_INSUFICIENT_CRED GNUTLS_E_INSUFFICIENT_CREDENTIALS /* for backwards compatibility only */
2230 #define GNUTLS_E_HASH_FAILED -33
2231 #define GNUTLS_E_BASE64_DECODING_ERROR -34
2233 #define GNUTLS_E_MPI_PRINT_FAILED -35
2234 #define GNUTLS_E_REHANDSHAKE -37 /* GNUTLS_A_NO_RENEGOTIATION */
2235 #define GNUTLS_E_GOT_APPLICATION_DATA -38
2236 #define GNUTLS_E_RECORD_LIMIT_REACHED -39
2237 #define GNUTLS_E_ENCRYPTION_FAILED -40
2239 #define GNUTLS_E_PK_ENCRYPTION_FAILED -44
2240 #define GNUTLS_E_PK_DECRYPTION_FAILED -45
2241 #define GNUTLS_E_PK_SIGN_FAILED -46
2242 #define GNUTLS_E_X509_UNSUPPORTED_CRITICAL_EXTENSION -47
2243 #define GNUTLS_E_KEY_USAGE_VIOLATION -48
2244 #define GNUTLS_E_NO_CERTIFICATE_FOUND -49 /* GNUTLS_A_BAD_CERTIFICATE */
2245 #define GNUTLS_E_INVALID_REQUEST -50
2246 #define GNUTLS_E_SHORT_MEMORY_BUFFER -51
2247 #define GNUTLS_E_INTERRUPTED -52
2248 #define GNUTLS_E_PUSH_ERROR -53
2249 #define GNUTLS_E_PULL_ERROR -54
2250 #define GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER -55 /* GNUTLS_A_ILLEGAL_PARAMETER */
2251 #define GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE -56
2252 #define GNUTLS_E_PKCS1_WRONG_PAD -57
2253 #define GNUTLS_E_RECEIVED_ILLEGAL_EXTENSION -58
2254 #define GNUTLS_E_INTERNAL_ERROR -59
2255 #define GNUTLS_E_DH_PRIME_UNACCEPTABLE -63
2256 #define GNUTLS_E_FILE_ERROR -64
2257 #define GNUTLS_E_TOO_MANY_EMPTY_PACKETS -78
2258 #define GNUTLS_E_UNKNOWN_PK_ALGORITHM -80
2259 #define GNUTLS_E_TOO_MANY_HANDSHAKE_PACKETS -81
2261 /* returned if you need to generate temporary RSA
2262 * parameters. These are needed for export cipher suites.
2264 #define GNUTLS_E_NO_TEMPORARY_RSA_PARAMS -84
2266 #define GNUTLS_E_NO_COMPRESSION_ALGORITHMS -86
2267 #define GNUTLS_E_NO_CIPHER_SUITES -87
2269 #define GNUTLS_E_OPENPGP_GETKEY_FAILED -88
2270 #define GNUTLS_E_PK_SIG_VERIFY_FAILED -89
2272 #define GNUTLS_E_ILLEGAL_SRP_USERNAME -90
2273 #define GNUTLS_E_SRP_PWD_PARSING_ERROR -91
2274 #define GNUTLS_E_NO_TEMPORARY_DH_PARAMS -93
2276 /* For certificate and key stuff
2278 #define GNUTLS_E_ASN1_ELEMENT_NOT_FOUND -67
2279 #define GNUTLS_E_ASN1_IDENTIFIER_NOT_FOUND -68
2280 #define GNUTLS_E_ASN1_DER_ERROR -69
2281 #define GNUTLS_E_ASN1_VALUE_NOT_FOUND -70
2282 #define GNUTLS_E_ASN1_GENERIC_ERROR -71
2283 #define GNUTLS_E_ASN1_VALUE_NOT_VALID -72
2284 #define GNUTLS_E_ASN1_TAG_ERROR -73
2285 #define GNUTLS_E_ASN1_TAG_IMPLICIT -74
2286 #define GNUTLS_E_ASN1_TYPE_ANY_ERROR -75
2287 #define GNUTLS_E_ASN1_SYNTAX_ERROR -76
2288 #define GNUTLS_E_ASN1_DER_OVERFLOW -77
2289 #define GNUTLS_E_OPENPGP_UID_REVOKED -79
2290 #define GNUTLS_E_CERTIFICATE_ERROR -43
2291 #define GNUTLS_E_X509_CERTIFICATE_ERROR GNUTLS_E_CERTIFICATE_ERROR
2292 #define GNUTLS_E_CERTIFICATE_KEY_MISMATCH -60
2293 #define GNUTLS_E_UNSUPPORTED_CERTIFICATE_TYPE -61 /* GNUTLS_A_UNSUPPORTED_CERTIFICATE */
2294 #define GNUTLS_E_X509_UNKNOWN_SAN -62
2295 #define GNUTLS_E_OPENPGP_FINGERPRINT_UNSUPPORTED -94
2296 #define GNUTLS_E_X509_UNSUPPORTED_ATTRIBUTE -95
2297 #define GNUTLS_E_UNKNOWN_HASH_ALGORITHM -96
2298 #define GNUTLS_E_UNKNOWN_PKCS_CONTENT_TYPE -97
2299 #define GNUTLS_E_UNKNOWN_PKCS_BAG_TYPE -98
2300 #define GNUTLS_E_INVALID_PASSWORD -99
2301 #define GNUTLS_E_MAC_VERIFY_FAILED -100 /* for PKCS #12 MAC */
2302 #define GNUTLS_E_CONSTRAINT_ERROR -101
2304 #define GNUTLS_E_WARNING_IA_IPHF_RECEIVED -102
2305 #define GNUTLS_E_WARNING_IA_FPHF_RECEIVED -103
2307 #define GNUTLS_E_IA_VERIFY_FAILED -104
2308 #define GNUTLS_E_UNKNOWN_ALGORITHM -105
2309 #define GNUTLS_E_UNSUPPORTED_SIGNATURE_ALGORITHM -106
2310 #define GNUTLS_E_SAFE_RENEGOTIATION_FAILED -107
2311 #define GNUTLS_E_UNSAFE_RENEGOTIATION_DENIED -108
2312 #define GNUTLS_E_UNKNOWN_SRP_USERNAME -109
2313 #define GNUTLS_E_PREMATURE_TERMINATION -110
2315 #define GNUTLS_E_BASE64_ENCODING_ERROR -201
2316 #define GNUTLS_E_INCOMPATIBLE_GCRYPT_LIBRARY -202 /* obsolete */
2317 #define GNUTLS_E_INCOMPATIBLE_CRYPTO_LIBRARY -202
2318 #define GNUTLS_E_INCOMPATIBLE_LIBTASN1_LIBRARY -203
2320 #define GNUTLS_E_OPENPGP_KEYRING_ERROR -204
2321 #define GNUTLS_E_X509_UNSUPPORTED_OID -205
2323 #define GNUTLS_E_RANDOM_FAILED -206
2324 #define GNUTLS_E_BASE64_UNEXPECTED_HEADER_ERROR -207
2326 #define GNUTLS_E_OPENPGP_SUBKEY_ERROR -208
2328 #define GNUTLS_E_CRYPTO_ALREADY_REGISTERED -209
2330 #define GNUTLS_E_HANDSHAKE_TOO_LARGE -210
2332 #define GNUTLS_E_CRYPTODEV_IOCTL_ERROR -211
2333 #define GNUTLS_E_CRYPTODEV_DEVICE_ERROR -212
2335 #define GNUTLS_E_CHANNEL_BINDING_NOT_AVAILABLE -213
2336 #define GNUTLS_E_BAD_COOKIE -214
2337 #define GNUTLS_E_OPENPGP_PREFERRED_KEY_ERROR -215
2338 #define GNUTLS_E_INCOMPAT_DSA_KEY_WITH_TLS_PROTOCOL -216
2340 #define GNUTLS_E_HEARTBEAT_PONG_RECEIVED -292
2341 #define GNUTLS_E_HEARTBEAT_PING_RECEIVED -293
2343 /* PKCS11 related */
2344 #define GNUTLS_E_PKCS11_ERROR -300
2345 #define GNUTLS_E_PKCS11_LOAD_ERROR -301
2346 #define GNUTLS_E_PARSING_ERROR -302
2347 #define GNUTLS_E_PKCS11_PIN_ERROR -303
2349 #define GNUTLS_E_PKCS11_SLOT_ERROR -305
2350 #define GNUTLS_E_LOCKING_ERROR -306
2351 #define GNUTLS_E_PKCS11_ATTRIBUTE_ERROR -307
2352 #define GNUTLS_E_PKCS11_DEVICE_ERROR -308
2353 #define GNUTLS_E_PKCS11_DATA_ERROR -309
2354 #define GNUTLS_E_PKCS11_UNSUPPORTED_FEATURE_ERROR -310
2355 #define GNUTLS_E_PKCS11_KEY_ERROR -311
2356 #define GNUTLS_E_PKCS11_PIN_EXPIRED -312
2357 #define GNUTLS_E_PKCS11_PIN_LOCKED -313
2358 #define GNUTLS_E_PKCS11_SESSION_ERROR -314
2359 #define GNUTLS_E_PKCS11_SIGNATURE_ERROR -315
2360 #define GNUTLS_E_PKCS11_TOKEN_ERROR -316
2361 #define GNUTLS_E_PKCS11_USER_ERROR -317
2363 #define GNUTLS_E_CRYPTO_INIT_FAILED -318
2364 #define GNUTLS_E_TIMEDOUT -319
2365 #define GNUTLS_E_USER_ERROR -320
2366 #define GNUTLS_E_ECC_NO_SUPPORTED_CURVES -321
2367 #define GNUTLS_E_ECC_UNSUPPORTED_CURVE -322
2368 #define GNUTLS_E_PKCS11_REQUESTED_OBJECT_NOT_AVAILBLE -323
2369 #define GNUTLS_E_CERTIFICATE_LIST_UNSORTED -324
2370 #define GNUTLS_E_ILLEGAL_PARAMETER -325
2371 #define GNUTLS_E_NO_PRIORITIES_WERE_SET -326
2372 #define GNUTLS_E_X509_UNSUPPORTED_EXTENSION -327
2373 #define GNUTLS_E_SESSION_EOF -328
2375 #define GNUTLS_E_TPM_ERROR -329
2376 #define GNUTLS_E_TPM_KEY_PASSWORD_ERROR -330
2377 #define GNUTLS_E_TPM_SRK_PASSWORD_ERROR -331
2378 #define GNUTLS_E_TPM_SESSION_ERROR -332
2379 #define GNUTLS_E_TPM_KEY_NOT_FOUND -333
2380 #define GNUTLS_E_TPM_UNINITIALIZED -334
2382 #define GNUTLS_E_NO_CERTIFICATE_STATUS -340
2383 #define GNUTLS_E_OCSP_RESPONSE_ERROR -341
2384 #define GNUTLS_E_RANDOM_DEVICE_ERROR -342
2385 #define GNUTLS_E_AUTH_ERROR -343
2386 #define GNUTLS_E_NO_APPLICATION_PROTOCOL -344
2387 #define GNUTLS_E_SOCKETS_INIT_ERROR -345
2388 #define GNUTLS_E_KEY_IMPORT_FAILED -346
2390 #define GNUTLS_E_SELF_TEST_ERROR -400
2391 #define GNUTLS_E_NO_SELF_TEST -401
2392 #define GNUTLS_E_LIB_IN_ERROR_STATE -402
2393 #define GNUTLS_E_PK_GENERATION_ERROR -403
2394 #define GNUTLS_E_IDNA_ERROR -404
2396 #define GNUTLS_E_UNIMPLEMENTED_FEATURE -1250
2400 #define GNUTLS_E_APPLICATION_ERROR_MAX -65000
2401 #define GNUTLS_E_APPLICATION_ERROR_MIN -65500
2409 #include <gnutls/compat.h>
2411 #endif /* GNUTLS_H */
projects / gnutls:gnutls.git / blob