2 * Copyright (C) 2000-2012 Free Software Foundation, Inc.
4 * Author: Nikos Mavrogiannopoulos
6 * This file is part of GnuTLS.
8 * The GnuTLS is free software; you can redistribute it and/or
9 * modify it under the terms of the GNU Lesser General Public License
10 * as published by the Free Software Foundation; either version 2.1 of
11 * the License, or (at your option) any later version.
13 * This library is distributed in the hope that it will be useful, but
14 * WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16 * Lesser General Public License for more details.
18 * You should have received a copy of the GNU Lesser General Public License
19 * along with this program. If not, see <http://www.gnu.org/licenses/>
23 /* This file contains the types and prototypes for all the
24 * high level functionality of the gnutls main library.
26 * If the optional C++ binding was built, it is available in
29 * The openssl compatibility layer (which is under the GNU GPL
30 * license) is in gnutls/openssl.h.
32 * The low level cipher functionality is in gnutls/crypto.h.
55 #define GNUTLS_VERSION "@VERSION@"
57 #define GNUTLS_VERSION_MAJOR @MAJOR_VERSION@
58 #define GNUTLS_VERSION_MINOR @MINOR_VERSION@
59 #define GNUTLS_VERSION_PATCH @PATCH_VERSION@
61 #define GNUTLS_VERSION_NUMBER @NUMBER_VERSION@
63 #define GNUTLS_CIPHER_RIJNDAEL_128_CBC GNUTLS_CIPHER_AES_128_CBC
64 #define GNUTLS_CIPHER_RIJNDAEL_256_CBC GNUTLS_CIPHER_AES_256_CBC
65 #define GNUTLS_CIPHER_RIJNDAEL_CBC GNUTLS_CIPHER_AES_128_CBC
66 #define GNUTLS_CIPHER_ARCFOUR GNUTLS_CIPHER_ARCFOUR_128
69 * gnutls_cipher_algorithm_t:
70 * @GNUTLS_CIPHER_UNKNOWN: Unknown algorithm.
71 * @GNUTLS_CIPHER_NULL: NULL algorithm.
72 * @GNUTLS_CIPHER_ARCFOUR_128: ARCFOUR stream cipher with 128-bit keys.
73 * @GNUTLS_CIPHER_3DES_CBC: 3DES in CBC mode.
74 * @GNUTLS_CIPHER_AES_128_CBC: AES in CBC mode with 128-bit keys.
75 * @GNUTLS_CIPHER_AES_192_CBC: AES in CBC mode with 192-bit keys.
76 * @GNUTLS_CIPHER_AES_256_CBC: AES in CBC mode with 256-bit keys.
77 * @GNUTLS_CIPHER_ARCFOUR_40: ARCFOUR stream cipher with 40-bit keys.
78 * @GNUTLS_CIPHER_CAMELLIA_128_CBC: Camellia in CBC mode with 128-bit keys.
79 * @GNUTLS_CIPHER_CAMELLIA_192_CBC: Camellia in CBC mode with 192-bit keys.
80 * @GNUTLS_CIPHER_CAMELLIA_256_CBC: Camellia in CBC mode with 256-bit keys.
81 * @GNUTLS_CIPHER_RC2_40_CBC: RC2 in CBC mode with 40-bit keys.
82 * @GNUTLS_CIPHER_DES_CBC: DES in CBC mode (56-bit keys).
83 * @GNUTLS_CIPHER_AES_128_GCM: AES in GCM mode with 128-bit keys.
84 * @GNUTLS_CIPHER_AES_256_GCM: AES in GCM mode with 256-bit keys.
85 * @GNUTLS_CIPHER_IDEA_PGP_CFB: IDEA in CFB mode.
86 * @GNUTLS_CIPHER_3DES_PGP_CFB: 3DES in CFB mode.
87 * @GNUTLS_CIPHER_CAST5_PGP_CFB: CAST5 in CFB mode.
88 * @GNUTLS_CIPHER_BLOWFISH_PGP_CFB: Blowfish in CFB mode.
89 * @GNUTLS_CIPHER_SAFER_SK128_PGP_CFB: Safer-SK in CFB mode with 128-bit keys.
90 * @GNUTLS_CIPHER_AES128_PGP_CFB: AES in CFB mode with 128-bit keys.
91 * @GNUTLS_CIPHER_AES192_PGP_CFB: AES in CFB mode with 192-bit keys.
92 * @GNUTLS_CIPHER_AES256_PGP_CFB: AES in CFB mode with 256-bit keys.
93 * @GNUTLS_CIPHER_TWOFISH_PGP_CFB: Twofish in CFB mode.
95 * Enumeration of different symmetric encryption algorithms.
97 typedef enum gnutls_cipher_algorithm
99 GNUTLS_CIPHER_UNKNOWN = 0,
100 GNUTLS_CIPHER_NULL = 1,
101 GNUTLS_CIPHER_ARCFOUR_128 = 2,
102 GNUTLS_CIPHER_3DES_CBC = 3,
103 GNUTLS_CIPHER_AES_128_CBC = 4,
104 GNUTLS_CIPHER_AES_256_CBC = 5,
105 GNUTLS_CIPHER_ARCFOUR_40 = 6,
106 GNUTLS_CIPHER_CAMELLIA_128_CBC = 7,
107 GNUTLS_CIPHER_CAMELLIA_256_CBC = 8,
108 GNUTLS_CIPHER_RC2_40_CBC = 90,
109 GNUTLS_CIPHER_DES_CBC = 91,
110 GNUTLS_CIPHER_AES_192_CBC = 92,
111 GNUTLS_CIPHER_AES_128_GCM = 93,
112 GNUTLS_CIPHER_AES_256_GCM = 94,
113 GNUTLS_CIPHER_CAMELLIA_192_CBC = 95,
114 GNUTLS_CIPHER_SALSA20_256 = 96,
116 /* used only for PGP internals. Ignored in TLS/SSL
118 GNUTLS_CIPHER_IDEA_PGP_CFB = 200,
119 GNUTLS_CIPHER_3DES_PGP_CFB = 201,
120 GNUTLS_CIPHER_CAST5_PGP_CFB = 202,
121 GNUTLS_CIPHER_BLOWFISH_PGP_CFB = 203,
122 GNUTLS_CIPHER_SAFER_SK128_PGP_CFB = 204,
123 GNUTLS_CIPHER_AES128_PGP_CFB = 205,
124 GNUTLS_CIPHER_AES192_PGP_CFB = 206,
125 GNUTLS_CIPHER_AES256_PGP_CFB = 207,
126 GNUTLS_CIPHER_TWOFISH_PGP_CFB = 208
127 } gnutls_cipher_algorithm_t;
130 * gnutls_kx_algorithm_t:
131 * @GNUTLS_KX_UNKNOWN: Unknown key-exchange algorithm.
132 * @GNUTLS_KX_RSA: RSA key-exchange algorithm.
133 * @GNUTLS_KX_DHE_DSS: DHE-DSS key-exchange algorithm.
134 * @GNUTLS_KX_DHE_RSA: DHE-RSA key-exchange algorithm.
135 * @GNUTLS_KX_ECDHE_RSA: ECDHE-RSA key-exchange algorithm.
136 * @GNUTLS_KX_ECDHE_ECDSA: ECDHE-ECDSA key-exchange algorithm.
137 * @GNUTLS_KX_ANON_DH: Anon-DH key-exchange algorithm.
138 * @GNUTLS_KX_ANON_ECDH: Anon-ECDH key-exchange algorithm.
139 * @GNUTLS_KX_SRP: SRP key-exchange algorithm.
140 * @GNUTLS_KX_RSA_EXPORT: RSA-EXPORT key-exchange algorithm.
141 * @GNUTLS_KX_SRP_RSA: SRP-RSA key-exchange algorithm.
142 * @GNUTLS_KX_SRP_DSS: SRP-DSS key-exchange algorithm.
143 * @GNUTLS_KX_PSK: PSK key-exchange algorithm.
144 * @GNUTLS_KX_DHE_PSK: DHE-PSK key-exchange algorithm.
145 * @GNUTLS_KX_ECDHE_PSK: ECDHE-PSK key-exchange algorithm.
147 * Enumeration of different key exchange algorithms.
151 GNUTLS_KX_UNKNOWN = 0,
153 GNUTLS_KX_DHE_DSS = 2,
154 GNUTLS_KX_DHE_RSA = 3,
155 GNUTLS_KX_ANON_DH = 4,
157 GNUTLS_KX_RSA_EXPORT = 6,
158 GNUTLS_KX_SRP_RSA = 7,
159 GNUTLS_KX_SRP_DSS = 8,
161 GNUTLS_KX_DHE_PSK = 10,
162 GNUTLS_KX_ANON_ECDH = 11,
163 GNUTLS_KX_ECDHE_RSA = 12,
164 GNUTLS_KX_ECDHE_ECDSA = 13,
165 GNUTLS_KX_ECDHE_PSK = 14,
166 } gnutls_kx_algorithm_t;
169 * gnutls_params_type_t:
170 * @GNUTLS_PARAMS_RSA_EXPORT: Session RSA-EXPORT parameters.
171 * @GNUTLS_PARAMS_DH: Session Diffie-Hellman parameters.
172 * @GNUTLS_PARAMS_ECDH: Session Elliptic-Curve Diffie-Hellman parameters.
174 * Enumeration of different TLS session parameter types.
178 GNUTLS_PARAMS_RSA_EXPORT = 1,
179 GNUTLS_PARAMS_DH = 2,
180 GNUTLS_PARAMS_ECDH = 3,
181 } gnutls_params_type_t;
184 * gnutls_credentials_type_t:
185 * @GNUTLS_CRD_CERTIFICATE: Certificate credential.
186 * @GNUTLS_CRD_ANON: Anonymous credential.
187 * @GNUTLS_CRD_SRP: SRP credential.
188 * @GNUTLS_CRD_PSK: PSK credential.
189 * @GNUTLS_CRD_IA: IA credential.
191 * Enumeration of different credential types.
195 GNUTLS_CRD_CERTIFICATE = 1,
200 } gnutls_credentials_type_t;
202 #define GNUTLS_MAC_SHA GNUTLS_MAC_SHA1
203 #define GNUTLS_DIG_SHA GNUTLS_DIG_SHA1
206 * gnutls_mac_algorithm_t:
207 * @GNUTLS_MAC_UNKNOWN: Unknown MAC algorithm.
208 * @GNUTLS_MAC_NULL: NULL MAC algorithm (empty output).
209 * @GNUTLS_MAC_MD5: HMAC-MD5 algorithm.
210 * @GNUTLS_MAC_SHA1: HMAC-SHA-1 algorithm.
211 * @GNUTLS_MAC_RMD160: HMAC-RMD160 algorithm.
212 * @GNUTLS_MAC_MD2: HMAC-MD2 algorithm.
213 * @GNUTLS_MAC_SHA256: HMAC-SHA-256 algorithm.
214 * @GNUTLS_MAC_SHA384: HMAC-SHA-384 algorithm.
215 * @GNUTLS_MAC_SHA512: HMAC-SHA-512 algorithm.
216 * @GNUTLS_MAC_SHA224: HMAC-SHA-224 algorithm.
217 * @GNUTLS_MAC_AEAD: MAC implicit through AEAD cipher.
219 * Enumeration of different Message Authentication Code (MAC)
224 GNUTLS_MAC_UNKNOWN = 0,
228 GNUTLS_MAC_RMD160 = 4,
230 GNUTLS_MAC_SHA256 = 6,
231 GNUTLS_MAC_SHA384 = 7,
232 GNUTLS_MAC_SHA512 = 8,
233 GNUTLS_MAC_SHA224 = 9,
234 /* If you add anything here, make sure you align with
235 gnutls_digest_algorithm_t. */
236 GNUTLS_MAC_AEAD = 200, /* indicates that MAC is on the cipher */
237 GNUTLS_MAC_UMAC_96 = 201,
238 GNUTLS_MAC_UMAC_128 = 202,
239 } gnutls_mac_algorithm_t;
242 * gnutls_digest_algorithm_t:
243 * @GNUTLS_DIG_UNKNOWN: Unknown hash algorithm.
244 * @GNUTLS_DIG_NULL: NULL hash algorithm (empty output).
245 * @GNUTLS_DIG_MD5: MD5 algorithm.
246 * @GNUTLS_DIG_SHA1: SHA-1 algorithm.
247 * @GNUTLS_DIG_RMD160: RMD160 algorithm.
248 * @GNUTLS_DIG_MD2: MD2 algorithm.
249 * @GNUTLS_DIG_SHA256: SHA-256 algorithm.
250 * @GNUTLS_DIG_SHA384: SHA-384 algorithm.
251 * @GNUTLS_DIG_SHA512: SHA-512 algorithm.
252 * @GNUTLS_DIG_SHA224: SHA-224 algorithm.
254 * Enumeration of different digest (hash) algorithms.
258 GNUTLS_DIG_UNKNOWN = GNUTLS_MAC_UNKNOWN,
259 GNUTLS_DIG_NULL = GNUTLS_MAC_NULL,
260 GNUTLS_DIG_MD5 = GNUTLS_MAC_MD5,
261 GNUTLS_DIG_SHA1 = GNUTLS_MAC_SHA1,
262 GNUTLS_DIG_RMD160 = GNUTLS_MAC_RMD160,
263 GNUTLS_DIG_MD2 = GNUTLS_MAC_MD2,
264 GNUTLS_DIG_SHA256 = GNUTLS_MAC_SHA256,
265 GNUTLS_DIG_SHA384 = GNUTLS_MAC_SHA384,
266 GNUTLS_DIG_SHA512 = GNUTLS_MAC_SHA512,
267 GNUTLS_DIG_SHA224 = GNUTLS_MAC_SHA224
268 /* If you add anything here, make sure you align with
269 gnutls_mac_algorithm_t. */
270 } gnutls_digest_algorithm_t;
272 /* exported for other gnutls headers. This is the maximum number of
273 * algorithms (ciphers, kx or macs).
275 #define GNUTLS_MAX_ALGORITHM_NUM 32
278 * gnutls_compression_method_t:
279 * @GNUTLS_COMP_UNKNOWN: Unknown compression method.
280 * @GNUTLS_COMP_NULL: The NULL compression method (no compression).
281 * @GNUTLS_COMP_DEFLATE: The DEFLATE compression method from zlib.
282 * @GNUTLS_COMP_ZLIB: Same as %GNUTLS_COMP_DEFLATE.
284 * Enumeration of different TLS compression methods.
288 GNUTLS_COMP_UNKNOWN = 0,
289 GNUTLS_COMP_NULL = 1,
290 GNUTLS_COMP_DEFLATE = 2,
291 GNUTLS_COMP_ZLIB = GNUTLS_COMP_DEFLATE,
292 } gnutls_compression_method_t;
295 * Flags for gnutls_init()
297 * @GNUTLS_SERVER: Connection end is a server.
298 * @GNUTLS_CLIENT: Connection end is a client.
299 * @GNUTLS_DATAGRAM: Connection is datagram oriented (DTLS).
300 * @GNUTLS_NONBLOCK: Connection should not block (DTLS).
301 * @GNUTLS_NO_EXTENSIONS: Do not enable any TLS extensions by default.
304 #define GNUTLS_SERVER 1
305 #define GNUTLS_CLIENT (1<<1)
306 #define GNUTLS_DATAGRAM (1<<2)
307 #define GNUTLS_NONBLOCK (1<<3)
308 #define GNUTLS_NO_EXTENSIONS (1<<4)
311 * gnutls_alert_level_t:
312 * @GNUTLS_AL_WARNING: Alert of warning severity.
313 * @GNUTLS_AL_FATAL: Alert of fatal severity.
315 * Enumeration of different TLS alert severities.
319 GNUTLS_AL_WARNING = 1,
321 } gnutls_alert_level_t;
324 * gnutls_alert_description_t:
325 * @GNUTLS_A_CLOSE_NOTIFY: Close notify.
326 * @GNUTLS_A_UNEXPECTED_MESSAGE: Unexpected message.
327 * @GNUTLS_A_BAD_RECORD_MAC: Bad record MAC.
328 * @GNUTLS_A_DECRYPTION_FAILED: Decryption failed.
329 * @GNUTLS_A_RECORD_OVERFLOW: Record overflow.
330 * @GNUTLS_A_DECOMPRESSION_FAILURE: Decompression failed.
331 * @GNUTLS_A_HANDSHAKE_FAILURE: Handshake failed.
332 * @GNUTLS_A_SSL3_NO_CERTIFICATE: No certificate.
333 * @GNUTLS_A_BAD_CERTIFICATE: Certificate is bad.
334 * @GNUTLS_A_UNSUPPORTED_CERTIFICATE: Certificate is not supported.
335 * @GNUTLS_A_CERTIFICATE_REVOKED: Certificate was revoked.
336 * @GNUTLS_A_CERTIFICATE_EXPIRED: Certificate is expired.
337 * @GNUTLS_A_CERTIFICATE_UNKNOWN: Unknown certificate.
338 * @GNUTLS_A_ILLEGAL_PARAMETER: Illegal parameter.
339 * @GNUTLS_A_UNKNOWN_CA: CA is unknown.
340 * @GNUTLS_A_ACCESS_DENIED: Access was denied.
341 * @GNUTLS_A_DECODE_ERROR: Decode error.
342 * @GNUTLS_A_DECRYPT_ERROR: Decrypt error.
343 * @GNUTLS_A_EXPORT_RESTRICTION: Export restriction.
344 * @GNUTLS_A_PROTOCOL_VERSION: Error in protocol version.
345 * @GNUTLS_A_INSUFFICIENT_SECURITY: Insufficient security.
346 * @GNUTLS_A_USER_CANCELED: User canceled.
347 * @GNUTLS_A_INTERNAL_ERROR: Internal error.
348 * @GNUTLS_A_NO_RENEGOTIATION: No renegotiation is allowed.
349 * @GNUTLS_A_CERTIFICATE_UNOBTAINABLE: Could not retrieve the
350 * specified certificate.
351 * @GNUTLS_A_UNSUPPORTED_EXTENSION: An unsupported extension was
353 * @GNUTLS_A_UNRECOGNIZED_NAME: The server name sent was not
355 * @GNUTLS_A_UNKNOWN_PSK_IDENTITY: The SRP/PSK username is missing
358 * Enumeration of different TLS alerts.
362 GNUTLS_A_CLOSE_NOTIFY,
363 GNUTLS_A_UNEXPECTED_MESSAGE = 10,
364 GNUTLS_A_BAD_RECORD_MAC = 20,
365 GNUTLS_A_DECRYPTION_FAILED,
366 GNUTLS_A_RECORD_OVERFLOW,
367 GNUTLS_A_DECOMPRESSION_FAILURE = 30,
368 GNUTLS_A_HANDSHAKE_FAILURE = 40,
369 GNUTLS_A_SSL3_NO_CERTIFICATE = 41,
370 GNUTLS_A_BAD_CERTIFICATE = 42,
371 GNUTLS_A_UNSUPPORTED_CERTIFICATE,
372 GNUTLS_A_CERTIFICATE_REVOKED,
373 GNUTLS_A_CERTIFICATE_EXPIRED,
374 GNUTLS_A_CERTIFICATE_UNKNOWN,
375 GNUTLS_A_ILLEGAL_PARAMETER,
377 GNUTLS_A_ACCESS_DENIED,
378 GNUTLS_A_DECODE_ERROR = 50,
379 GNUTLS_A_DECRYPT_ERROR,
380 GNUTLS_A_EXPORT_RESTRICTION = 60,
381 GNUTLS_A_PROTOCOL_VERSION = 70,
382 GNUTLS_A_INSUFFICIENT_SECURITY,
383 GNUTLS_A_INTERNAL_ERROR = 80,
384 GNUTLS_A_USER_CANCELED = 90,
385 GNUTLS_A_NO_RENEGOTIATION = 100,
386 GNUTLS_A_UNSUPPORTED_EXTENSION = 110,
387 GNUTLS_A_CERTIFICATE_UNOBTAINABLE = 111,
388 GNUTLS_A_UNRECOGNIZED_NAME = 112,
389 GNUTLS_A_UNKNOWN_PSK_IDENTITY = 115,
390 } gnutls_alert_description_t;
393 * gnutls_handshake_description_t:
394 * @GNUTLS_HANDSHAKE_HELLO_REQUEST: Hello request.
395 * @GNUTLS_HANDSHAKE_HELLO_VERIFY_REQUEST: DTLS Hello verify request.
396 * @GNUTLS_HANDSHAKE_CLIENT_HELLO: Client hello.
397 * @GNUTLS_HANDSHAKE_SERVER_HELLO: Server hello.
398 * @GNUTLS_HANDSHAKE_NEW_SESSION_TICKET: New session ticket.
399 * @GNUTLS_HANDSHAKE_CERTIFICATE_PKT: Certificate packet.
400 * @GNUTLS_HANDSHAKE_SERVER_KEY_EXCHANGE: Server key exchange.
401 * @GNUTLS_HANDSHAKE_CERTIFICATE_REQUEST: Certificate request.
402 * @GNUTLS_HANDSHAKE_SERVER_HELLO_DONE: Server hello done.
403 * @GNUTLS_HANDSHAKE_CERTIFICATE_VERIFY: Certificate verify.
404 * @GNUTLS_HANDSHAKE_CLIENT_KEY_EXCHANGE: Client key exchange.
405 * @GNUTLS_HANDSHAKE_FINISHED: Finished.
406 * @GNUTLS_HANDSHAKE_CERTIFICATE_STATUS: Certificate status (OCSP).
407 * @GNUTLS_HANDSHAKE_SUPPLEMENTAL: Supplemental.
408 * @GNUTLS_HANDSHAKE_CHANGE_CIPHER_SPEC: Change Cipher Spec.
409 * @GNUTLS_HANDSHAKE_CLIENT_HELLO_V2: SSLv2 Client Hello.
411 * Enumeration of different TLS handshake packets.
415 GNUTLS_HANDSHAKE_HELLO_REQUEST = 0,
416 GNUTLS_HANDSHAKE_CLIENT_HELLO = 1,
417 GNUTLS_HANDSHAKE_SERVER_HELLO = 2,
418 GNUTLS_HANDSHAKE_HELLO_VERIFY_REQUEST = 3,
419 GNUTLS_HANDSHAKE_NEW_SESSION_TICKET = 4,
420 GNUTLS_HANDSHAKE_CERTIFICATE_PKT = 11,
421 GNUTLS_HANDSHAKE_SERVER_KEY_EXCHANGE = 12,
422 GNUTLS_HANDSHAKE_CERTIFICATE_REQUEST = 13,
423 GNUTLS_HANDSHAKE_SERVER_HELLO_DONE = 14,
424 GNUTLS_HANDSHAKE_CERTIFICATE_VERIFY = 15,
425 GNUTLS_HANDSHAKE_CLIENT_KEY_EXCHANGE = 16,
426 GNUTLS_HANDSHAKE_FINISHED = 20,
427 GNUTLS_HANDSHAKE_CERTIFICATE_STATUS = 22,
428 GNUTLS_HANDSHAKE_SUPPLEMENTAL = 23,
429 GNUTLS_HANDSHAKE_CHANGE_CIPHER_SPEC = 254,
430 GNUTLS_HANDSHAKE_CLIENT_HELLO_V2 = 1024,
431 } gnutls_handshake_description_t;
434 * gnutls_certificate_status_t:
435 * @GNUTLS_CERT_INVALID: The certificate is not signed by one of the
436 * known authorities or the signature is invalid (deprecated by the flags
437 * %GNUTLS_CERT_SIGNATURE_FAILURE and %GNUTLS_CERT_SIGNER_NOT_FOUND).
438 * @GNUTLS_CERT_SIGNATURE_FAILURE: The signature verification failed.
439 * @GNUTLS_CERT_REVOKED: Certificate is revoked by its authority. In X.509 this will be
440 * set only if CRLs are checked.
441 * @GNUTLS_CERT_SIGNER_NOT_FOUND: The certificate's issuer is not known.
442 * This is the case if the issuer is not included in the trusted certificate list.
443 * @GNUTLS_CERT_SIGNER_NOT_CA: The certificate's signer was not a CA. This
444 * may happen if this was a version 1 certificate, which is common with
445 * some CAs, or a version 3 certificate without the basic constrains extension.
446 * @GNUTLS_CERT_SIGNER_CONSTRAINTS_FAILURE: The certificate's signer constraints were
448 * @GNUTLS_CERT_INSECURE_ALGORITHM: The certificate was signed using an insecure
449 * algorithm such as MD2 or MD5. These algorithms have been broken and
450 * should not be trusted.
451 * @GNUTLS_CERT_NOT_ACTIVATED: The certificate is not yet activated.
452 * @GNUTLS_CERT_EXPIRED: The certificate has expired.
453 * @GNUTLS_CERT_REVOCATION_DATA_SUPERSEDED: The revocation data are old and have been superseded.
454 * @GNUTLS_CERT_REVOCATION_DATA_ISSUED_IN_FUTURE: The revocation data have a future issue date.
455 * @GNUTLS_CERT_UNEXPECTED_OWNER: The owner is not the expected one.
456 * @GNUTLS_CERT_MISMATCH: The certificate presented isn't the expected one (TOFU)
458 * Enumeration of certificate status codes. Note that the status
459 * bits may have different meanings in OpenPGP keys and X.509
460 * certificate verification.
464 GNUTLS_CERT_INVALID = 1<<1,
465 GNUTLS_CERT_REVOKED = 1<<5,
466 GNUTLS_CERT_SIGNER_NOT_FOUND = 1<<6,
467 GNUTLS_CERT_SIGNER_NOT_CA = 1<<7,
468 GNUTLS_CERT_INSECURE_ALGORITHM = 1<<8,
469 GNUTLS_CERT_NOT_ACTIVATED = 1<<9,
470 GNUTLS_CERT_EXPIRED = 1<<10,
471 GNUTLS_CERT_SIGNATURE_FAILURE = 1<<11,
472 GNUTLS_CERT_REVOCATION_DATA_SUPERSEDED = 1<<12,
473 GNUTLS_CERT_UNEXPECTED_OWNER = 1<<14,
474 GNUTLS_CERT_REVOCATION_DATA_ISSUED_IN_FUTURE = 1<<15,
475 GNUTLS_CERT_SIGNER_CONSTRAINTS_FAILURE = 1<<16,
476 GNUTLS_CERT_MISMATCH = 1<<17,
477 } gnutls_certificate_status_t;
480 * gnutls_certificate_request_t:
481 * @GNUTLS_CERT_IGNORE: Ignore certificate.
482 * @GNUTLS_CERT_REQUEST: Request certificate.
483 * @GNUTLS_CERT_REQUIRE: Require certificate.
485 * Enumeration of certificate request types.
489 GNUTLS_CERT_IGNORE = 0,
490 GNUTLS_CERT_REQUEST = 1,
491 GNUTLS_CERT_REQUIRE = 2
492 } gnutls_certificate_request_t;
495 * gnutls_openpgp_crt_status_t:
496 * @GNUTLS_OPENPGP_CERT: Send entire certificate.
497 * @GNUTLS_OPENPGP_CERT_FINGERPRINT: Send only certificate fingerprint.
499 * Enumeration of ways to send OpenPGP certificate.
503 GNUTLS_OPENPGP_CERT = 0,
504 GNUTLS_OPENPGP_CERT_FINGERPRINT = 1
505 } gnutls_openpgp_crt_status_t;
508 * gnutls_close_request_t:
509 * @GNUTLS_SHUT_RDWR: Disallow further receives/sends.
510 * @GNUTLS_SHUT_WR: Disallow further sends.
512 * Enumeration of how TLS session should be terminated. See gnutls_bye().
516 GNUTLS_SHUT_RDWR = 0,
518 } gnutls_close_request_t;
522 * @GNUTLS_SSL3: SSL version 3.0.
523 * @GNUTLS_TLS1_0: TLS version 1.0.
524 * @GNUTLS_TLS1: Same as %GNUTLS_TLS1_0.
525 * @GNUTLS_TLS1_1: TLS version 1.1.
526 * @GNUTLS_TLS1_2: TLS version 1.2.
527 * @GNUTLS_DTLS1_0: DTLS version 1.0.
528 * @GNUTLS_DTLS0_9: DTLS version 0.9 (Cisco AnyConnect / OpenSSL 0.9.8e).
529 * @GNUTLS_VERSION_MAX: Maps to the highest supported TLS version.
530 * @GNUTLS_VERSION_UNKNOWN: Unknown SSL/TLS version.
532 * Enumeration of different SSL/TLS protocol versions.
538 GNUTLS_TLS1 = GNUTLS_TLS1_0,
543 GNUTLS_VERSION_MAX = GNUTLS_DTLS0_9,
544 GNUTLS_VERSION_UNKNOWN = 0xff
548 * gnutls_certificate_type_t:
549 * @GNUTLS_CRT_UNKNOWN: Unknown certificate type.
550 * @GNUTLS_CRT_X509: X.509 Certificate.
551 * @GNUTLS_CRT_OPENPGP: OpenPGP certificate.
552 * @GNUTLS_CRT_RAW: Raw public key (SubjectPublicKey)
554 * Enumeration of different certificate types.
558 GNUTLS_CRT_UNKNOWN = 0,
560 GNUTLS_CRT_OPENPGP = 2,
562 } gnutls_certificate_type_t;
565 * gnutls_x509_crt_fmt_t:
566 * @GNUTLS_X509_FMT_DER: X.509 certificate in DER format (binary).
567 * @GNUTLS_X509_FMT_PEM: X.509 certificate in PEM format (text).
569 * Enumeration of different certificate encoding formats.
573 GNUTLS_X509_FMT_DER = 0,
574 GNUTLS_X509_FMT_PEM = 1
575 } gnutls_x509_crt_fmt_t;
578 * gnutls_certificate_print_formats_t:
579 * @GNUTLS_CRT_PRINT_FULL: Full information about certificate.
580 * @GNUTLS_CRT_PRINT_FULL_NUMBERS: Full information about certificate and include easy to parse public key parameters.
581 * @GNUTLS_CRT_PRINT_COMPACT: Information about certificate name in one line, plus identification of the public key.
582 * @GNUTLS_CRT_PRINT_ONELINE: Information about certificate in one line.
583 * @GNUTLS_CRT_PRINT_UNSIGNED_FULL: All info for an unsigned certificate.
585 * Enumeration of different certificate printing variants.
587 typedef enum gnutls_certificate_print_formats
589 GNUTLS_CRT_PRINT_FULL = 0,
590 GNUTLS_CRT_PRINT_ONELINE = 1,
591 GNUTLS_CRT_PRINT_UNSIGNED_FULL = 2,
592 GNUTLS_CRT_PRINT_COMPACT = 3,
593 GNUTLS_CRT_PRINT_FULL_NUMBERS = 4,
594 } gnutls_certificate_print_formats_t;
596 #define GNUTLS_PK_ECC GNUTLS_PK_EC
598 * gnutls_pk_algorithm_t:
599 * @GNUTLS_PK_UNKNOWN: Unknown public-key algorithm.
600 * @GNUTLS_PK_RSA: RSA public-key algorithm.
601 * @GNUTLS_PK_DSA: DSA public-key algorithm.
602 * @GNUTLS_PK_DH: Diffie-Hellman algorithm. Used to generate parameters.
603 * @GNUTLS_PK_EC: Elliptic curve algorithm. Used to generate parameters.
605 * Enumeration of different public-key algorithms.
609 GNUTLS_PK_UNKNOWN = 0,
614 } gnutls_pk_algorithm_t;
616 const char *gnutls_pk_algorithm_get_name (gnutls_pk_algorithm_t algorithm);
619 * gnutls_sign_algorithm_t:
620 * @GNUTLS_SIGN_UNKNOWN: Unknown signature algorithm.
621 * @GNUTLS_SIGN_RSA_SHA1: Digital signature algorithm RSA with SHA-1
622 * @GNUTLS_SIGN_RSA_SHA: Same as %GNUTLS_SIGN_RSA_SHA1.
623 * @GNUTLS_SIGN_DSA_SHA1: Digital signature algorithm DSA with SHA-1
624 * @GNUTLS_SIGN_DSA_SHA224: Digital signature algorithm DSA with SHA-224
625 * @GNUTLS_SIGN_DSA_SHA256: Digital signature algorithm DSA with SHA-256
626 * @GNUTLS_SIGN_DSA_SHA: Same as %GNUTLS_SIGN_DSA_SHA1.
627 * @GNUTLS_SIGN_RSA_MD5: Digital signature algorithm RSA with MD5.
628 * @GNUTLS_SIGN_RSA_MD2: Digital signature algorithm RSA with MD2.
629 * @GNUTLS_SIGN_RSA_RMD160: Digital signature algorithm RSA with RMD-160.
630 * @GNUTLS_SIGN_RSA_SHA256: Digital signature algorithm RSA with SHA-256.
631 * @GNUTLS_SIGN_RSA_SHA384: Digital signature algorithm RSA with SHA-384.
632 * @GNUTLS_SIGN_RSA_SHA512: Digital signature algorithm RSA with SHA-512.
633 * @GNUTLS_SIGN_RSA_SHA224: Digital signature algorithm RSA with SHA-224.
634 * @GNUTLS_SIGN_ECDSA_SHA1: ECDSA with SHA1.
635 * @GNUTLS_SIGN_ECDSA_SHA256: Digital signature algorithm ECDSA with SHA-256.
636 * @GNUTLS_SIGN_ECDSA_SHA384: Digital signature algorithm ECDSA with SHA-384.
637 * @GNUTLS_SIGN_ECDSA_SHA512: Digital signature algorithm ECDSA with SHA-512.
638 * @GNUTLS_SIGN_ECDSA_SHA224: Digital signature algorithm ECDSA with SHA-224.
640 * Enumeration of different digital signature algorithms.
644 GNUTLS_SIGN_UNKNOWN = 0,
645 GNUTLS_SIGN_RSA_SHA1 = 1,
646 GNUTLS_SIGN_RSA_SHA = GNUTLS_SIGN_RSA_SHA1,
647 GNUTLS_SIGN_DSA_SHA1 = 2,
648 GNUTLS_SIGN_DSA_SHA = GNUTLS_SIGN_DSA_SHA1,
649 GNUTLS_SIGN_RSA_MD5 = 3,
650 GNUTLS_SIGN_RSA_MD2 = 4,
651 GNUTLS_SIGN_RSA_RMD160 = 5,
652 GNUTLS_SIGN_RSA_SHA256 = 6,
653 GNUTLS_SIGN_RSA_SHA384 = 7,
654 GNUTLS_SIGN_RSA_SHA512 = 8,
655 GNUTLS_SIGN_RSA_SHA224 = 9,
656 GNUTLS_SIGN_DSA_SHA224 = 10,
657 GNUTLS_SIGN_DSA_SHA256 = 11,
658 GNUTLS_SIGN_ECDSA_SHA1 = 12,
659 GNUTLS_SIGN_ECDSA_SHA224 = 13,
660 GNUTLS_SIGN_ECDSA_SHA256 = 14,
661 GNUTLS_SIGN_ECDSA_SHA384 = 15,
662 GNUTLS_SIGN_ECDSA_SHA512 = 16,
663 } gnutls_sign_algorithm_t;
666 * gnutls_ecc_curve_t:
667 * @GNUTLS_ECC_CURVE_INVALID: Cannot be known
668 * @GNUTLS_ECC_CURVE_SECP192R1: the SECP192R1 curve
669 * @GNUTLS_ECC_CURVE_SECP224R1: the SECP224R1 curve
670 * @GNUTLS_ECC_CURVE_SECP256R1: the SECP256R1 curve
671 * @GNUTLS_ECC_CURVE_SECP384R1: the SECP384R1 curve
672 * @GNUTLS_ECC_CURVE_SECP521R1: the SECP521R1 curve
674 * Enumeration of ECC curves.
678 GNUTLS_ECC_CURVE_INVALID=0,
679 GNUTLS_ECC_CURVE_SECP224R1,
680 GNUTLS_ECC_CURVE_SECP256R1,
681 GNUTLS_ECC_CURVE_SECP384R1,
682 GNUTLS_ECC_CURVE_SECP521R1,
683 GNUTLS_ECC_CURVE_SECP192R1,
684 } gnutls_ecc_curve_t;
687 * gnutls_sec_param_t:
688 * @GNUTLS_SEC_PARAM_UNKNOWN: Cannot be known
689 * @GNUTLS_SEC_PARAM_INSECURE: Less than 42 bits of security
690 * @GNUTLS_SEC_PARAM_EXPORT: 42 bits of security
691 * @GNUTLS_SEC_PARAM_VERY_WEAK: 64 bits of security
692 * @GNUTLS_SEC_PARAM_WEAK: 72 bits of security
693 * @GNUTLS_SEC_PARAM_LOW: 80 bits of security
694 * @GNUTLS_SEC_PARAM_LEGACY: 96 bits of security
695 * @GNUTLS_SEC_PARAM_NORMAL: 112 bits of security
696 * @GNUTLS_SEC_PARAM_HIGH: 128 bits of security
697 * @GNUTLS_SEC_PARAM_ULTRA: 192 bits of security
699 * Enumeration of security parameters for passive attacks.
703 GNUTLS_SEC_PARAM_INSECURE = -20,
704 GNUTLS_SEC_PARAM_EXPORT = -15,
705 GNUTLS_SEC_PARAM_VERY_WEAK = -12,
706 GNUTLS_SEC_PARAM_WEAK = -10,
707 GNUTLS_SEC_PARAM_UNKNOWN = 0,
708 GNUTLS_SEC_PARAM_LOW = 1,
709 GNUTLS_SEC_PARAM_LEGACY = 2,
710 GNUTLS_SEC_PARAM_NORMAL = 3,
711 GNUTLS_SEC_PARAM_HIGH = 4,
712 GNUTLS_SEC_PARAM_ULTRA = 5,
713 } gnutls_sec_param_t;
716 * gnutls_channel_binding_t:
717 * @GNUTLS_CB_TLS_UNIQUE: "tls-unique" (RFC 5929) channel binding
719 * Enumeration of support channel binding types.
724 } gnutls_channel_binding_t;
727 /* If you want to change this, then also change the define in
728 * gnutls_int.h, and recompile.
730 typedef void *gnutls_transport_ptr_t;
732 struct gnutls_session_int;
733 typedef struct gnutls_session_int *gnutls_session_t;
735 struct gnutls_dh_params_int;
736 typedef struct gnutls_dh_params_int *gnutls_dh_params_t;
738 struct gnutls_ecdh_params_int;
739 typedef struct gnutls_ecdh_params_int *gnutls_ecdh_params_t;
742 struct gnutls_x509_privkey_int;
743 typedef struct gnutls_x509_privkey_int *gnutls_rsa_params_t;
745 struct gnutls_priority_st;
746 typedef struct gnutls_priority_st *gnutls_priority_t;
755 typedef struct gnutls_params_st
757 gnutls_params_type_t type;
760 gnutls_dh_params_t dh;
761 gnutls_ecdh_params_t ecdh;
762 gnutls_rsa_params_t rsa_export;
767 typedef int gnutls_params_function (gnutls_session_t, gnutls_params_type_t,
770 /* internal functions */
772 int gnutls_init (gnutls_session_t * session,
774 void gnutls_deinit (gnutls_session_t session);
775 #define _gnutls_deinit(x) gnutls_deinit(x)
777 int gnutls_bye (gnutls_session_t session, gnutls_close_request_t how);
779 int gnutls_handshake (gnutls_session_t session);
781 #define GNUTLS_DEFAULT_HANDSHAKE_TIMEOUT ((unsigned int)-1)
782 void gnutls_handshake_set_timeout (gnutls_session_t session,
784 int gnutls_rehandshake (gnutls_session_t session);
786 gnutls_alert_description_t gnutls_alert_get (gnutls_session_t session);
787 int gnutls_alert_send (gnutls_session_t session,
788 gnutls_alert_level_t level,
789 gnutls_alert_description_t desc);
790 int gnutls_alert_send_appropriate (gnutls_session_t session, int err);
791 const char *gnutls_alert_get_name (gnutls_alert_description_t alert);
792 const char * gnutls_alert_get_strname (gnutls_alert_description_t alert);
794 gnutls_sec_param_t gnutls_pk_bits_to_sec_param (gnutls_pk_algorithm_t algo,
796 const char *gnutls_sec_param_get_name (gnutls_sec_param_t param);
797 unsigned int gnutls_sec_param_to_pk_bits (gnutls_pk_algorithm_t algo,
798 gnutls_sec_param_t param);
800 /* Elliptic curves */
801 const char * gnutls_ecc_curve_get_name (gnutls_ecc_curve_t curve);
802 int gnutls_ecc_curve_get_size (gnutls_ecc_curve_t curve);
803 gnutls_ecc_curve_t gnutls_ecc_curve_get(gnutls_session_t session);
805 /* get information on the current session */
806 gnutls_cipher_algorithm_t gnutls_cipher_get (gnutls_session_t session);
807 gnutls_kx_algorithm_t gnutls_kx_get (gnutls_session_t session);
808 gnutls_mac_algorithm_t gnutls_mac_get (gnutls_session_t session);
809 gnutls_compression_method_t
810 gnutls_compression_get (gnutls_session_t session);
811 gnutls_certificate_type_t
812 gnutls_certificate_type_get (gnutls_session_t session);
814 int gnutls_sign_algorithm_get (gnutls_session_t session);
816 int gnutls_sign_algorithm_get_requested (gnutls_session_t session,
818 gnutls_sign_algorithm_t * algo);
820 /* the name of the specified algorithms */
821 const char *gnutls_cipher_get_name (gnutls_cipher_algorithm_t algorithm);
822 const char *gnutls_mac_get_name (gnutls_mac_algorithm_t algorithm);
823 const char *gnutls_compression_get_name (gnutls_compression_method_t
825 const char *gnutls_kx_get_name (gnutls_kx_algorithm_t algorithm);
826 const char *gnutls_certificate_type_get_name (gnutls_certificate_type_t
828 const char *gnutls_pk_get_name (gnutls_pk_algorithm_t algorithm);
829 const char *gnutls_sign_get_name (gnutls_sign_algorithm_t algorithm);
831 int gnutls_sign_is_secure (gnutls_sign_algorithm_t algorithm);
832 gnutls_digest_algorithm_t
833 gnutls_sign_get_hash_algorithm (gnutls_sign_algorithm_t sign);
834 gnutls_pk_algorithm_t
835 gnutls_sign_get_pk_algorithm (gnutls_sign_algorithm_t sign);
836 gnutls_sign_algorithm_t
837 gnutls_pk_to_sign (gnutls_pk_algorithm_t pk,
838 gnutls_digest_algorithm_t hash);
840 #define gnutls_sign_algorithm_get_name gnutls_sign_get_name
842 gnutls_mac_algorithm_t gnutls_mac_get_id (const char *name);
843 gnutls_compression_method_t gnutls_compression_get_id (const char *name);
844 gnutls_cipher_algorithm_t gnutls_cipher_get_id (const char *name);
845 gnutls_kx_algorithm_t gnutls_kx_get_id (const char *name);
846 gnutls_protocol_t gnutls_protocol_get_id (const char *name);
847 gnutls_certificate_type_t gnutls_certificate_type_get_id (const char *name);
848 gnutls_pk_algorithm_t gnutls_pk_get_id (const char *name);
849 gnutls_sign_algorithm_t gnutls_sign_get_id (const char *name);
851 /* list supported algorithms */
852 const gnutls_ecc_curve_t * gnutls_ecc_curve_list (void);
853 const gnutls_cipher_algorithm_t *gnutls_cipher_list (void);
854 const gnutls_mac_algorithm_t *gnutls_mac_list (void);
855 const gnutls_compression_method_t *gnutls_compression_list (void);
856 const gnutls_protocol_t *gnutls_protocol_list (void);
857 const gnutls_certificate_type_t *gnutls_certificate_type_list (void);
858 const gnutls_kx_algorithm_t *gnutls_kx_list (void);
859 const gnutls_pk_algorithm_t *gnutls_pk_list (void);
860 const gnutls_sign_algorithm_t *gnutls_sign_list (void);
861 const char *gnutls_cipher_suite_info (size_t idx,
862 unsigned char *cs_id,
863 gnutls_kx_algorithm_t * kx,
864 gnutls_cipher_algorithm_t * cipher,
865 gnutls_mac_algorithm_t * mac,
866 gnutls_protocol_t * min_version);
868 /* error functions */
869 int gnutls_error_is_fatal (int error);
870 int gnutls_error_to_alert (int err, int *level);
872 void gnutls_perror (int error);
873 const char *gnutls_strerror (int error);
874 const char *gnutls_strerror_name (int error);
876 /* Semi-internal functions.
878 void gnutls_handshake_set_private_extensions (gnutls_session_t session,
880 int gnutls_handshake_set_random (gnutls_session_t session, const gnutls_datum_t* random);
882 gnutls_handshake_description_t
883 gnutls_handshake_get_last_out (gnutls_session_t session);
884 gnutls_handshake_description_t
885 gnutls_handshake_get_last_in (gnutls_session_t session);
887 /* Record layer functions.
889 #define GNUTLS_HEARTBEAT_WAIT 1
890 int gnutls_heartbeat_ping (gnutls_session_t session, size_t data_size,
891 unsigned int max_tries, unsigned int flags);
892 int gnutls_heartbeat_pong (gnutls_session_t session, unsigned int flags);
894 void gnutls_record_set_timeout (gnutls_session_t session, unsigned int ms);
895 void gnutls_record_disable_padding (gnutls_session_t session);
897 void gnutls_record_cork (gnutls_session_t session);
898 #define GNUTLS_RECORD_WAIT 1
899 int gnutls_record_uncork (gnutls_session_t session, unsigned int flags);
906 int gnutls_range_split (gnutls_session_t session,
907 const gnutls_range_st *orig,
908 gnutls_range_st * small_range,
909 gnutls_range_st * rem_range);
911 ssize_t gnutls_record_send (gnutls_session_t session, const void *data,
913 ssize_t gnutls_record_send_range (gnutls_session_t session, const void *data,
914 size_t data_size, const gnutls_range_st *range);
915 ssize_t gnutls_record_recv (gnutls_session_t session, void *data,
917 #define gnutls_read gnutls_record_recv
918 #define gnutls_write gnutls_record_send
919 ssize_t gnutls_record_recv_seq (gnutls_session_t session, void *data, size_t data_size,
922 void gnutls_session_enable_compatibility_mode (gnutls_session_t session);
923 void gnutls_record_set_max_empty_records (gnutls_session_t session, const unsigned int i);
925 int gnutls_record_can_use_length_hiding (gnutls_session_t session);
927 int gnutls_record_get_direction (gnutls_session_t session);
929 size_t gnutls_record_get_max_size (gnutls_session_t session);
930 ssize_t gnutls_record_set_max_size (gnutls_session_t session, size_t size);
932 size_t gnutls_record_check_pending (gnutls_session_t session);
934 void gnutls_session_force_valid (gnutls_session_t session);
936 int gnutls_prf (gnutls_session_t session,
937 size_t label_size, const char *label,
938 int server_random_first,
939 size_t extra_size, const char *extra,
940 size_t outsize, char *out);
942 int gnutls_prf_raw (gnutls_session_t session,
943 size_t label_size, const char *label,
944 size_t seed_size, const char *seed,
945 size_t outsize, char *out);
948 * gnutls_server_name_type_t:
949 * @GNUTLS_NAME_DNS: Domain Name System name type.
951 * Enumeration of different server name types.
956 } gnutls_server_name_type_t;
958 int gnutls_server_name_set (gnutls_session_t session,
959 gnutls_server_name_type_t type,
960 const void *name, size_t name_length);
962 int gnutls_server_name_get (gnutls_session_t session,
963 void *data, size_t * data_length,
964 unsigned int *type, unsigned int indx);
966 unsigned int gnutls_heartbeat_get_timeout (gnutls_session_t session);
967 void gnutls_heartbeat_set_timeouts (gnutls_session_t session, unsigned int retrans_timeout,
968 unsigned int total_timeout);
970 #define GNUTLS_HB_PEER_ALLOWED_TO_SEND (1)
971 #define GNUTLS_HB_PEER_NOT_ALLOWED_TO_SEND (1<<1)
974 void gnutls_heartbeat_enable (gnutls_session_t session, unsigned int type);
976 #define GNUTLS_HB_LOCAL_ALLOWED_TO_SEND (1<<2)
977 int gnutls_heartbeat_allowed (gnutls_session_t session, unsigned int type);
979 /* Safe renegotiation */
980 int gnutls_safe_renegotiation_status (gnutls_session_t session);
983 * gnutls_supplemental_data_format_type_t:
984 * @GNUTLS_SUPPLEMENTAL_USER_MAPPING_DATA: Supplemental user mapping data.
986 * Enumeration of different supplemental data types (RFC 4680).
990 GNUTLS_SUPPLEMENTAL_USER_MAPPING_DATA = 0
991 } gnutls_supplemental_data_format_type_t;
994 *gnutls_supplemental_get_name (gnutls_supplemental_data_format_type_t
997 /* SessionTicket, RFC 5077. */
998 int gnutls_session_ticket_key_generate (gnutls_datum_t * key);
999 int gnutls_session_ticket_enable_client (gnutls_session_t session);
1000 int gnutls_session_ticket_enable_server (gnutls_session_t session,
1001 const gnutls_datum_t * key);
1003 /* SRTP, RFC 5764 */
1006 * gnutls_srtp_profile_t:
1007 * @GNUTLS_SRTP_AES128_CM_HMAC_SHA1_80: 128 bit AES with a 80 bit HMAC-SHA1
1008 * @GNUTLS_SRTP_AES128_CM_HMAC_SHA1_32: 128 bit AES with a 32 bit HMAC-SHA1
1009 * @GNUTLS_SRTP_NULL_HMAC_SHA1_80: NULL cipher with a 80 bit HMAC-SHA1
1010 * @GNUTLS_SRTP_NULL_HMAC_SHA1_32: NULL cipher with a 32 bit HMAC-SHA1
1012 * Enumeration of different SRTP protection profiles.
1016 GNUTLS_SRTP_AES128_CM_HMAC_SHA1_80 = 0x0001,
1017 GNUTLS_SRTP_AES128_CM_HMAC_SHA1_32 = 0x0002,
1018 GNUTLS_SRTP_NULL_HMAC_SHA1_80 = 0x0005,
1019 GNUTLS_SRTP_NULL_HMAC_SHA1_32 = 0x0006
1020 } gnutls_srtp_profile_t;
1022 int gnutls_srtp_set_profile (gnutls_session_t session,
1023 gnutls_srtp_profile_t profile);
1024 int gnutls_srtp_set_profile_direct (gnutls_session_t session,
1025 const char *profiles, const char **err_pos);
1026 int gnutls_srtp_get_selected_profile (gnutls_session_t session,
1027 gnutls_srtp_profile_t *profile);
1029 const char *gnutls_srtp_get_profile_name (gnutls_srtp_profile_t profile);
1030 int gnutls_srtp_get_profile_id (const char *name,
1031 gnutls_srtp_profile_t *profile);
1032 int gnutls_srtp_get_keys (gnutls_session_t session,
1034 unsigned int key_material_size,
1035 gnutls_datum_t *client_key,
1036 gnutls_datum_t *client_salt,
1037 gnutls_datum_t *server_key,
1038 gnutls_datum_t *server_salt);
1040 int gnutls_srtp_set_mki (gnutls_session_t session, const gnutls_datum_t *mki);
1041 int gnutls_srtp_get_mki (gnutls_session_t session, gnutls_datum_t *mki);
1043 int gnutls_key_generate (gnutls_datum_t * key, unsigned int key_size);
1045 /* if you just want some defaults, use the following.
1047 int gnutls_priority_init (gnutls_priority_t * priority_cache,
1048 const char *priorities, const char **err_pos);
1049 void gnutls_priority_deinit (gnutls_priority_t priority_cache);
1050 int gnutls_priority_get_cipher_suite_index (gnutls_priority_t pcache, unsigned int idx, unsigned int *sidx);
1052 int gnutls_priority_set (gnutls_session_t session,
1053 gnutls_priority_t priority);
1054 int gnutls_priority_set_direct (gnutls_session_t session,
1055 const char *priorities,
1056 const char **err_pos);
1058 int gnutls_priority_certificate_type_list (gnutls_priority_t pcache, const unsigned int** list);
1059 int gnutls_priority_sign_list (gnutls_priority_t pcache, const unsigned int** list);
1060 int gnutls_priority_protocol_list (gnutls_priority_t pcache, const unsigned int** list);
1061 int gnutls_priority_compression_list (gnutls_priority_t pcache, const unsigned int** list);
1062 int gnutls_priority_ecc_curve_list (gnutls_priority_t pcache, const unsigned int** list);
1064 /* for compatibility
1066 int gnutls_set_default_priority (gnutls_session_t session);
1068 /* Returns the name of a cipher suite */
1069 const char *gnutls_cipher_suite_get_name (gnutls_kx_algorithm_t
1071 gnutls_cipher_algorithm_t
1073 gnutls_mac_algorithm_t
1076 /* get the currently used protocol version */
1077 gnutls_protocol_t gnutls_protocol_get_version (gnutls_session_t session);
1079 const char *gnutls_protocol_get_name (gnutls_protocol_t version);
1084 int gnutls_session_set_data (gnutls_session_t session,
1085 const void *session_data,
1086 size_t session_data_size);
1087 int gnutls_session_get_data (gnutls_session_t session, void *session_data,
1088 size_t * session_data_size);
1089 int gnutls_session_get_data2 (gnutls_session_t session,
1090 gnutls_datum_t * data);
1091 void gnutls_session_get_random (gnutls_session_t session, gnutls_datum_t* client,
1092 gnutls_datum_t* server);
1093 char * gnutls_session_get_desc (gnutls_session_t session);
1095 int gnutls_session_set_premaster (gnutls_session_t session, unsigned int entity,
1096 gnutls_protocol_t version,
1097 gnutls_kx_algorithm_t kx,
1098 gnutls_cipher_algorithm_t cipher,
1099 gnutls_mac_algorithm_t mac,
1100 gnutls_compression_method_t comp,
1101 const gnutls_datum_t* master,
1102 const gnutls_datum_t * session_id);
1104 /* returns the session ID */
1105 #define GNUTLS_MAX_SESSION_ID 32
1106 int gnutls_session_get_id (gnutls_session_t session, void *session_id,
1107 size_t * session_id_size);
1108 int gnutls_session_get_id2 (gnutls_session_t session, gnutls_datum_t *session_id);
1110 int gnutls_session_channel_binding (gnutls_session_t session,
1111 gnutls_channel_binding_t cbtype,
1112 gnutls_datum_t * cb);
1114 /* checks if this session is a resumed one
1116 int gnutls_session_is_resumed (gnutls_session_t session);
1117 int gnutls_session_resumption_requested (gnutls_session_t session);
1119 typedef int (*gnutls_db_store_func) (void *, gnutls_datum_t key,
1120 gnutls_datum_t data);
1121 typedef int (*gnutls_db_remove_func) (void *, gnutls_datum_t key);
1122 typedef gnutls_datum_t (*gnutls_db_retr_func) (void *, gnutls_datum_t key);
1124 void gnutls_db_set_cache_expiration (gnutls_session_t session, int seconds);
1126 void gnutls_db_remove_session (gnutls_session_t session);
1127 void gnutls_db_set_retrieve_function (gnutls_session_t session,
1128 gnutls_db_retr_func retr_func);
1129 void gnutls_db_set_remove_function (gnutls_session_t session,
1130 gnutls_db_remove_func rem_func);
1131 void gnutls_db_set_store_function (gnutls_session_t session,
1132 gnutls_db_store_func store_func);
1133 void gnutls_db_set_ptr (gnutls_session_t session, void *ptr);
1134 void *gnutls_db_get_ptr (gnutls_session_t session);
1135 int gnutls_db_check_entry (gnutls_session_t session,
1136 gnutls_datum_t session_entry);
1137 time_t gnutls_db_check_entry_time (gnutls_datum_t *entry);
1139 typedef int (*gnutls_handshake_post_client_hello_func) (gnutls_session_t);
1141 gnutls_handshake_set_post_client_hello_function (gnutls_session_t session,
1142 gnutls_handshake_post_client_hello_func
1145 void gnutls_handshake_set_max_packet_length (gnutls_session_t session,
1148 /* returns libgnutls version (call it with a NULL argument)
1150 const char *gnutls_check_version (const char *req_version);
1152 /* Functions for setting/clearing credentials
1154 void gnutls_credentials_clear (gnutls_session_t session);
1156 /* cred is a structure defined by the kx algorithm
1158 int gnutls_credentials_set (gnutls_session_t session,
1159 gnutls_credentials_type_t type, void *cred);
1160 #define gnutls_cred_set gnutls_credentials_set
1164 struct gnutls_x509_privkey_int;
1165 typedef struct gnutls_x509_privkey_int *gnutls_x509_privkey_t;
1167 struct gnutls_x509_crl_int;
1168 typedef struct gnutls_x509_crl_int *gnutls_x509_crl_t;
1170 struct gnutls_x509_crt_int;
1171 typedef struct gnutls_x509_crt_int *gnutls_x509_crt_t;
1173 struct gnutls_x509_crq_int;
1174 typedef struct gnutls_x509_crq_int *gnutls_x509_crq_t;
1176 struct gnutls_openpgp_keyring_int;
1177 typedef struct gnutls_openpgp_keyring_int *gnutls_openpgp_keyring_t;
1180 /* Credential structures - used in gnutls_credentials_set(); */
1182 struct gnutls_certificate_credentials_st;
1183 typedef struct gnutls_certificate_credentials_st
1184 *gnutls_certificate_credentials_t;
1185 typedef gnutls_certificate_credentials_t
1186 gnutls_certificate_server_credentials;
1187 typedef gnutls_certificate_credentials_t
1188 gnutls_certificate_client_credentials;
1190 typedef struct gnutls_anon_server_credentials_st
1191 *gnutls_anon_server_credentials_t;
1192 typedef struct gnutls_anon_client_credentials_st
1193 *gnutls_anon_client_credentials_t;
1195 void gnutls_anon_free_server_credentials (gnutls_anon_server_credentials_t
1198 gnutls_anon_allocate_server_credentials (gnutls_anon_server_credentials_t
1201 void gnutls_anon_set_server_dh_params (gnutls_anon_server_credentials_t res,
1202 gnutls_dh_params_t dh_params);
1205 gnutls_anon_set_server_params_function (gnutls_anon_server_credentials_t
1207 gnutls_params_function * func);
1210 gnutls_anon_free_client_credentials (gnutls_anon_client_credentials_t sc);
1212 gnutls_anon_allocate_client_credentials (gnutls_anon_client_credentials_t
1215 /* CERTFILE is an x509 certificate in PEM form.
1216 * KEYFILE is a pkcs-1 private key in PEM form (for RSA keys).
1219 gnutls_certificate_free_credentials (gnutls_certificate_credentials_t sc);
1221 gnutls_certificate_allocate_credentials (gnutls_certificate_credentials_t
1225 gnutls_certificate_get_issuer (gnutls_certificate_credentials_t sc,
1226 gnutls_x509_crt_t cert, gnutls_x509_crt_t* issuer, unsigned int flags);
1228 void gnutls_certificate_free_keys (gnutls_certificate_credentials_t sc);
1229 void gnutls_certificate_free_cas (gnutls_certificate_credentials_t sc);
1230 void gnutls_certificate_free_ca_names (gnutls_certificate_credentials_t sc);
1231 void gnutls_certificate_free_crls (gnutls_certificate_credentials_t sc);
1233 void gnutls_certificate_set_dh_params (gnutls_certificate_credentials_t res,
1234 gnutls_dh_params_t dh_params);
1235 void gnutls_certificate_set_verify_flags (gnutls_certificate_credentials_t
1236 res, unsigned int flags);
1237 void gnutls_certificate_set_verify_limits (gnutls_certificate_credentials_t
1238 res, unsigned int max_bits,
1239 unsigned int max_depth);
1242 gnutls_certificate_set_x509_system_trust (gnutls_certificate_credentials_t cred);
1245 gnutls_certificate_set_x509_trust_file (gnutls_certificate_credentials_t
1246 cred, const char *cafile,
1247 gnutls_x509_crt_fmt_t type);
1248 int gnutls_certificate_set_x509_trust_mem (gnutls_certificate_credentials_t
1249 res, const gnutls_datum_t * ca,
1250 gnutls_x509_crt_fmt_t type);
1253 gnutls_certificate_set_x509_crl_file (gnutls_certificate_credentials_t
1254 res, const char *crlfile,
1255 gnutls_x509_crt_fmt_t type);
1256 int gnutls_certificate_set_x509_crl_mem (gnutls_certificate_credentials_t
1257 res, const gnutls_datum_t * CRL,
1258 gnutls_x509_crt_fmt_t type);
1261 gnutls_certificate_set_x509_key_file (gnutls_certificate_credentials_t
1262 res, const char *certfile,
1263 const char *keyfile,
1264 gnutls_x509_crt_fmt_t type);
1266 int gnutls_certificate_set_x509_key_mem (gnutls_certificate_credentials_t
1267 res, const gnutls_datum_t * cert,
1268 const gnutls_datum_t * key,
1269 gnutls_x509_crt_fmt_t type);
1271 void gnutls_certificate_send_x509_rdn_sequence (gnutls_session_t session,
1274 int gnutls_certificate_set_x509_simple_pkcs12_file (gnutls_certificate_credentials_t res, const char *pkcs12file,
1275 gnutls_x509_crt_fmt_t type, const char *password);
1276 int gnutls_certificate_set_x509_simple_pkcs12_mem (gnutls_certificate_credentials_t res, const gnutls_datum_t * p12blob,
1277 gnutls_x509_crt_fmt_t type, const char *password);
1279 /* New functions to allow setting already parsed X.509 stuff.
1282 int gnutls_certificate_set_x509_key (gnutls_certificate_credentials_t res,
1283 gnutls_x509_crt_t * cert_list,
1285 gnutls_x509_privkey_t key);
1286 int gnutls_certificate_set_x509_trust (gnutls_certificate_credentials_t res,
1287 gnutls_x509_crt_t * ca_list,
1289 int gnutls_certificate_set_x509_crl (gnutls_certificate_credentials_t res,
1290 gnutls_x509_crl_t * crl_list,
1293 /* OCSP status request extension, RFC 6066 */
1294 typedef int (*gnutls_status_request_ocsp_func)
1295 (gnutls_session_t session, void *ptr, gnutls_datum_t *ocsp_response);
1297 void gnutls_certificate_set_ocsp_status_request_function (gnutls_certificate_credentials_t res,
1298 gnutls_status_request_ocsp_func ocsp_func,
1301 int gnutls_certificate_set_ocsp_status_request_file (gnutls_certificate_credentials_t res,
1302 const char* response_file, unsigned int flags);
1304 int gnutls_ocsp_status_request_enable_client (gnutls_session_t session,
1305 gnutls_datum_t *responder_id,
1306 size_t responder_id_size,
1307 gnutls_datum_t *request_extensions);
1309 int gnutls_ocsp_status_request_get (gnutls_session_t session, gnutls_datum_t *response);
1311 int gnutls_ocsp_status_request_is_checked (gnutls_session_t session, unsigned int flags);
1313 /* global state functions
1315 int gnutls_global_init (void);
1316 void gnutls_global_deinit (void);
1320 * @t: where to store time.
1322 * Function prototype for time()-like function. Set with
1323 * gnutls_global_set_time_function().
1325 * Returns: Number of seconds since the epoch, or (time_t)-1 on errors.
1327 typedef time_t (*gnutls_time_func) (time_t *t);
1329 typedef int (*mutex_init_func) (void **mutex);
1330 typedef int (*mutex_lock_func) (void **mutex);
1331 typedef int (*mutex_unlock_func) (void **mutex);
1332 typedef int (*mutex_deinit_func) (void **mutex);
1334 void gnutls_global_set_mutex (mutex_init_func init, mutex_deinit_func deinit,
1335 mutex_lock_func lock, mutex_unlock_func unlock);
1337 typedef void *(*gnutls_alloc_function) (size_t);
1338 typedef void *(*gnutls_calloc_function) (size_t, size_t);
1339 typedef int (*gnutls_is_secure_function) (const void *);
1340 typedef void (*gnutls_free_function) (void *);
1341 typedef void *(*gnutls_realloc_function) (void *, size_t);
1344 gnutls_global_set_mem_functions (gnutls_alloc_function alloc_func,
1345 gnutls_alloc_function secure_alloc_func,
1346 gnutls_is_secure_function is_secure_func,
1347 gnutls_realloc_function realloc_func,
1348 gnutls_free_function free_func);
1350 void gnutls_global_set_time_function (gnutls_time_func time_func);
1352 /* For use in callbacks */
1353 extern gnutls_alloc_function gnutls_malloc;
1354 extern gnutls_alloc_function gnutls_secure_malloc;
1355 extern gnutls_realloc_function gnutls_realloc;
1356 extern gnutls_calloc_function gnutls_calloc;
1357 extern gnutls_free_function gnutls_free;
1359 extern char *(*gnutls_strdup) (const char *);
1361 typedef void (*gnutls_log_func) (int, const char *);
1362 typedef void (*gnutls_audit_log_func) (gnutls_session_t, const char *);
1363 void gnutls_global_set_log_function (gnutls_log_func log_func);
1364 void gnutls_global_set_audit_log_function (gnutls_audit_log_func log_func);
1365 void gnutls_global_set_log_level (int level);
1367 /* Diffie-Hellman parameter handling.
1369 int gnutls_dh_params_init (gnutls_dh_params_t * dh_params);
1370 void gnutls_dh_params_deinit (gnutls_dh_params_t dh_params);
1371 int gnutls_dh_params_import_raw (gnutls_dh_params_t dh_params,
1372 const gnutls_datum_t * prime,
1373 const gnutls_datum_t * generator);
1374 int gnutls_dh_params_import_pkcs3 (gnutls_dh_params_t params,
1375 const gnutls_datum_t * pkcs3_params,
1376 gnutls_x509_crt_fmt_t format);
1377 int gnutls_dh_params_generate2 (gnutls_dh_params_t params,
1379 int gnutls_dh_params_export_pkcs3 (gnutls_dh_params_t params,
1380 gnutls_x509_crt_fmt_t format,
1381 unsigned char *params_data,
1382 size_t * params_data_size);
1383 int gnutls_dh_params_export2_pkcs3 (gnutls_dh_params_t params,
1384 gnutls_x509_crt_fmt_t format,
1385 gnutls_datum_t *out);
1386 int gnutls_dh_params_export_raw (gnutls_dh_params_t params,
1387 gnutls_datum_t * prime,
1388 gnutls_datum_t * generator,
1389 unsigned int *bits);
1390 int gnutls_dh_params_cpy (gnutls_dh_params_t dst, gnutls_dh_params_t src);
1398 void *iov_base; /* Starting address */
1399 size_t iov_len; /* Number of bytes to transfer */
1402 typedef ssize_t (*gnutls_pull_func) (gnutls_transport_ptr_t, void *,
1404 typedef ssize_t (*gnutls_push_func) (gnutls_transport_ptr_t, const void *,
1407 typedef int (*gnutls_pull_timeout_func) (gnutls_transport_ptr_t, unsigned int ms);
1409 typedef ssize_t (*gnutls_vec_push_func) (gnutls_transport_ptr_t,
1410 const giovec_t * iov, int iovcnt);
1412 typedef int (*gnutls_errno_func) (gnutls_transport_ptr_t);
1414 /* This will be defined as macro.
1415 void gnutls_transport_set_int (gnutls_session_t session, int r);
1417 void gnutls_transport_set_int2 (gnutls_session_t session, int r, int s);
1418 #define gnutls_transport_set_int(s, i) gnutls_transport_set_int2(s, i, i)
1420 void gnutls_transport_get_int2 (gnutls_session_t session, int * r, int *s);
1421 int gnutls_transport_get_int (gnutls_session_t session);
1423 void gnutls_transport_set_ptr (gnutls_session_t session,
1424 gnutls_transport_ptr_t ptr);
1425 void gnutls_transport_set_ptr2 (gnutls_session_t session,
1426 gnutls_transport_ptr_t recv_ptr,
1427 gnutls_transport_ptr_t send_ptr);
1429 gnutls_transport_ptr_t gnutls_transport_get_ptr (gnutls_session_t session);
1430 void gnutls_transport_get_ptr2 (gnutls_session_t session,
1431 gnutls_transport_ptr_t * recv_ptr,
1432 gnutls_transport_ptr_t * send_ptr);
1434 void gnutls_transport_set_vec_push_function (gnutls_session_t session,
1435 gnutls_vec_push_func vec_func);
1436 void gnutls_transport_set_push_function (gnutls_session_t session,
1437 gnutls_push_func push_func);
1438 void gnutls_transport_set_pull_function (gnutls_session_t session,
1439 gnutls_pull_func pull_func);
1441 void gnutls_transport_set_pull_timeout_function (gnutls_session_t session,
1442 gnutls_pull_timeout_func func);
1444 void gnutls_transport_set_errno_function (gnutls_session_t session,
1445 gnutls_errno_func errno_func);
1447 void gnutls_transport_set_errno (gnutls_session_t session, int err);
1451 void gnutls_session_set_ptr (gnutls_session_t session, void *ptr);
1452 void *gnutls_session_get_ptr (gnutls_session_t session);
1454 void gnutls_openpgp_send_cert (gnutls_session_t session,
1455 gnutls_openpgp_crt_status_t status);
1457 /* This function returns the hash of the given data.
1459 int gnutls_fingerprint (gnutls_digest_algorithm_t algo,
1460 const gnutls_datum_t * data, void *result,
1461 size_t * result_size);
1464 * gnutls_random_art_t:
1465 * @GNUTLS_RANDOM_ART_OPENSSH: OpenSSH-style random art.
1467 * Enumeration of different random art types.
1469 typedef enum gnutls_random_art
1471 GNUTLS_RANDOM_ART_OPENSSH=1,
1472 } gnutls_random_art_t;
1474 int gnutls_random_art (gnutls_random_art_t type,
1475 const char* key_type, unsigned int key_size,
1476 void * fpr, size_t fpr_size,
1477 gnutls_datum_t* art);
1482 typedef struct gnutls_srp_server_credentials_st
1483 *gnutls_srp_server_credentials_t;
1484 typedef struct gnutls_srp_client_credentials_st
1485 *gnutls_srp_client_credentials_t;
1488 gnutls_srp_free_client_credentials (gnutls_srp_client_credentials_t sc);
1490 gnutls_srp_allocate_client_credentials (gnutls_srp_client_credentials_t *
1492 int gnutls_srp_set_client_credentials (gnutls_srp_client_credentials_t res,
1493 const char *username,
1494 const char *password);
1497 gnutls_srp_free_server_credentials (gnutls_srp_server_credentials_t sc);
1499 gnutls_srp_allocate_server_credentials (gnutls_srp_server_credentials_t *
1501 int gnutls_srp_set_server_credentials_file (gnutls_srp_server_credentials_t
1502 res, const char *password_file,
1503 const char *password_conf_file);
1505 const char *gnutls_srp_server_get_username (gnutls_session_t session);
1507 extern void gnutls_srp_set_prime_bits (gnutls_session_t session,
1510 int gnutls_srp_verifier (const char *username,
1511 const char *password,
1512 const gnutls_datum_t * salt,
1513 const gnutls_datum_t * generator,
1514 const gnutls_datum_t * prime,
1515 gnutls_datum_t * res);
1517 /* The static parameters defined in draft-ietf-tls-srp-05
1518 * Those should be used as input to gnutls_srp_verifier().
1520 extern const gnutls_datum_t gnutls_srp_4096_group_prime;
1521 extern const gnutls_datum_t gnutls_srp_4096_group_generator;
1523 extern const gnutls_datum_t gnutls_srp_3072_group_prime;
1524 extern const gnutls_datum_t gnutls_srp_3072_group_generator;
1526 extern const gnutls_datum_t gnutls_srp_2048_group_prime;
1527 extern const gnutls_datum_t gnutls_srp_2048_group_generator;
1529 extern const gnutls_datum_t gnutls_srp_1536_group_prime;
1530 extern const gnutls_datum_t gnutls_srp_1536_group_generator;
1532 extern const gnutls_datum_t gnutls_srp_1024_group_prime;
1533 extern const gnutls_datum_t gnutls_srp_1024_group_generator;
1535 typedef int gnutls_srp_server_credentials_function (gnutls_session_t,
1536 const char *username,
1537 gnutls_datum_t * salt,
1542 gnutls_datum_t * prime);
1544 gnutls_srp_set_server_credentials_function (
1545 gnutls_srp_server_credentials_t cred,
1546 gnutls_srp_server_credentials_function * func);
1548 typedef int gnutls_srp_client_credentials_function (gnutls_session_t,
1551 gnutls_srp_set_client_credentials_function (
1552 gnutls_srp_client_credentials_t cred,
1553 gnutls_srp_client_credentials_function * func);
1555 int gnutls_srp_base64_encode (const gnutls_datum_t * data, char *result,
1556 size_t * result_size);
1557 int gnutls_srp_base64_encode_alloc (const gnutls_datum_t * data,
1558 gnutls_datum_t * result);
1560 int gnutls_srp_base64_decode (const gnutls_datum_t * b64_data, char *result,
1561 size_t * result_size);
1562 int gnutls_srp_base64_decode_alloc (const gnutls_datum_t * b64_data,
1563 gnutls_datum_t * result);
1566 typedef struct gnutls_psk_server_credentials_st
1567 *gnutls_psk_server_credentials_t;
1568 typedef struct gnutls_psk_client_credentials_st
1569 *gnutls_psk_client_credentials_t;
1572 * gnutls_psk_key_flags:
1573 * @GNUTLS_PSK_KEY_RAW: PSK-key in raw format.
1574 * @GNUTLS_PSK_KEY_HEX: PSK-key in hex format.
1576 * Enumeration of different PSK key flags.
1578 typedef enum gnutls_psk_key_flags
1580 GNUTLS_PSK_KEY_RAW = 0,
1582 } gnutls_psk_key_flags;
1585 gnutls_psk_free_client_credentials (gnutls_psk_client_credentials_t sc);
1587 gnutls_psk_allocate_client_credentials (gnutls_psk_client_credentials_t *
1589 int gnutls_psk_set_client_credentials (gnutls_psk_client_credentials_t res,
1590 const char *username,
1591 const gnutls_datum_t * key,
1592 gnutls_psk_key_flags flags);
1595 gnutls_psk_free_server_credentials (gnutls_psk_server_credentials_t sc);
1597 gnutls_psk_allocate_server_credentials (gnutls_psk_server_credentials_t *
1599 int gnutls_psk_set_server_credentials_file (gnutls_psk_server_credentials_t
1600 res, const char *password_file);
1603 gnutls_psk_set_server_credentials_hint (gnutls_psk_server_credentials_t
1604 res, const char *hint);
1606 const char *gnutls_psk_server_get_username (gnutls_session_t session);
1607 const char *gnutls_psk_client_get_hint (gnutls_session_t session);
1609 typedef int gnutls_psk_server_credentials_function (gnutls_session_t,
1610 const char *username,
1611 gnutls_datum_t * key);
1613 gnutls_psk_set_server_credentials_function (
1614 gnutls_psk_server_credentials_t cred,
1615 gnutls_psk_server_credentials_function * func);
1617 typedef int gnutls_psk_client_credentials_function (gnutls_session_t,
1619 gnutls_datum_t * key);
1621 gnutls_psk_set_client_credentials_function (
1622 gnutls_psk_client_credentials_t cred,
1623 gnutls_psk_client_credentials_function * func);
1625 int gnutls_hex_encode (const gnutls_datum_t * data, char *result,
1626 size_t * result_size);
1627 int gnutls_hex_decode (const gnutls_datum_t * hex_data, void *result,
1628 size_t * result_size);
1631 gnutls_psk_set_server_dh_params (gnutls_psk_server_credentials_t res,
1632 gnutls_dh_params_t dh_params);
1635 gnutls_psk_set_server_params_function (gnutls_psk_server_credentials_t
1637 gnutls_params_function * func);
1640 * gnutls_x509_subject_alt_name_t:
1641 * @GNUTLS_SAN_DNSNAME: DNS-name SAN.
1642 * @GNUTLS_SAN_RFC822NAME: E-mail address SAN.
1643 * @GNUTLS_SAN_URI: URI SAN.
1644 * @GNUTLS_SAN_IPADDRESS: IP address SAN.
1645 * @GNUTLS_SAN_OTHERNAME: OtherName SAN.
1646 * @GNUTLS_SAN_DN: DN SAN.
1647 * @GNUTLS_SAN_OTHERNAME_XMPP: Virtual SAN, used by
1648 * gnutls_x509_crt_get_subject_alt_othername_oid.
1650 * Enumeration of different subject alternative names types.
1652 typedef enum gnutls_x509_subject_alt_name_t
1654 GNUTLS_SAN_DNSNAME = 1,
1655 GNUTLS_SAN_RFC822NAME = 2,
1657 GNUTLS_SAN_IPADDRESS = 4,
1658 GNUTLS_SAN_OTHERNAME = 5,
1660 /* The following are "virtual" subject alternative name types, in
1661 that they are represented by an otherName value and an OID.
1662 Used by gnutls_x509_crt_get_subject_alt_othername_oid. */
1663 GNUTLS_SAN_OTHERNAME_XMPP = 1000
1664 } gnutls_x509_subject_alt_name_t;
1666 struct gnutls_openpgp_crt_int;
1667 typedef struct gnutls_openpgp_crt_int *gnutls_openpgp_crt_t;
1669 struct gnutls_openpgp_privkey_int;
1670 typedef struct gnutls_openpgp_privkey_int *gnutls_openpgp_privkey_t;
1672 struct gnutls_pkcs11_privkey_st;
1673 typedef struct gnutls_pkcs11_privkey_st *gnutls_pkcs11_privkey_t;
1676 * gnutls_privkey_type_t:
1677 * @GNUTLS_PRIVKEY_X509: X.509 private key, #gnutls_x509_privkey_t.
1678 * @GNUTLS_PRIVKEY_OPENPGP: OpenPGP private key, #gnutls_openpgp_privkey_t.
1679 * @GNUTLS_PRIVKEY_PKCS11: PKCS11 private key, #gnutls_pkcs11_privkey_t.
1680 * @GNUTLS_PRIVKEY_EXT: External private key, operating using callbacks.
1682 * Enumeration of different private key types.
1686 GNUTLS_PRIVKEY_X509,
1687 GNUTLS_PRIVKEY_OPENPGP,
1688 GNUTLS_PRIVKEY_PKCS11,
1690 } gnutls_privkey_type_t;
1692 typedef struct gnutls_retr2_st
1694 gnutls_certificate_type_t cert_type;
1695 gnutls_privkey_type_t key_type;
1699 gnutls_x509_crt_t *x509;
1700 gnutls_openpgp_crt_t pgp;
1702 unsigned int ncerts; /* one for pgp keys */
1706 gnutls_x509_privkey_t x509;
1707 gnutls_openpgp_privkey_t pgp;
1708 gnutls_pkcs11_privkey_t pkcs11;
1711 unsigned int deinit_all; /* if non zero all keys will be deinited */
1715 /* Functions that allow auth_info_t structures handling
1718 gnutls_credentials_type_t gnutls_auth_get_type (gnutls_session_t session);
1719 gnutls_credentials_type_t
1720 gnutls_auth_server_get_type (gnutls_session_t session);
1721 gnutls_credentials_type_t
1722 gnutls_auth_client_get_type (gnutls_session_t session);
1726 void gnutls_dh_set_prime_bits (gnutls_session_t session, unsigned int bits);
1727 int gnutls_dh_get_secret_bits (gnutls_session_t session);
1728 int gnutls_dh_get_peers_public_bits (gnutls_session_t session);
1729 int gnutls_dh_get_prime_bits (gnutls_session_t session);
1731 int gnutls_dh_get_group (gnutls_session_t session, gnutls_datum_t * raw_gen,
1732 gnutls_datum_t * raw_prime);
1733 int gnutls_dh_get_pubkey (gnutls_session_t session,
1734 gnutls_datum_t * raw_key);
1739 /* These are set on the credentials structure.
1742 /* use gnutls_certificate_set_retrieve_function2() in abstract.h
1743 * instead. It's much more efficient.
1746 typedef int gnutls_certificate_retrieve_function (gnutls_session_t,
1752 gnutls_pk_algorithm_t
1759 void gnutls_certificate_set_retrieve_function (
1760 gnutls_certificate_credentials_t cred,
1761 gnutls_certificate_retrieve_function * func);
1763 typedef int gnutls_certificate_verify_function (gnutls_session_t);
1765 gnutls_certificate_set_verify_function (gnutls_certificate_credentials_t
1767 gnutls_certificate_verify_function
1771 gnutls_certificate_server_set_request (gnutls_session_t session,
1772 gnutls_certificate_request_t req);
1774 /* get data from the session
1776 const gnutls_datum_t *gnutls_certificate_get_peers (gnutls_session_t
1780 const gnutls_datum_t *gnutls_certificate_get_ours (gnutls_session_t
1783 int gnutls_certificate_get_peers_subkey_id(gnutls_session_t session,
1784 gnutls_datum_t *id);
1786 time_t gnutls_certificate_activation_time_peers (gnutls_session_t session);
1787 time_t gnutls_certificate_expiration_time_peers (gnutls_session_t session);
1789 int gnutls_certificate_client_get_request_status (gnutls_session_t session);
1790 int gnutls_certificate_verify_peers2 (gnutls_session_t session,
1791 unsigned int *status);
1792 int gnutls_certificate_verify_peers3 (gnutls_session_t session,
1793 const char* hostname,
1794 unsigned int *status);
1796 int gnutls_certificate_verification_status_print (unsigned int status,
1797 gnutls_certificate_type_t type,
1798 gnutls_datum_t * out, unsigned int flags);
1800 int gnutls_pem_base64_encode (const char *msg, const gnutls_datum_t * data,
1801 char *result, size_t * result_size);
1802 int gnutls_pem_base64_decode (const char *header,
1803 const gnutls_datum_t * b64_data,
1804 unsigned char *result, size_t * result_size);
1806 int gnutls_pem_base64_encode_alloc (const char *msg,
1807 const gnutls_datum_t * data,
1808 gnutls_datum_t * result);
1809 int gnutls_pem_base64_decode_alloc (const char *header,
1810 const gnutls_datum_t * b64_data,
1811 gnutls_datum_t * result);
1813 /* key_usage will be an OR of the following values:
1816 /* when the key is to be used for signing: */
1817 #define GNUTLS_KEY_DIGITAL_SIGNATURE 128
1818 #define GNUTLS_KEY_NON_REPUDIATION 64
1819 /* when the key is to be used for encryption: */
1820 #define GNUTLS_KEY_KEY_ENCIPHERMENT 32
1821 #define GNUTLS_KEY_DATA_ENCIPHERMENT 16
1822 #define GNUTLS_KEY_KEY_AGREEMENT 8
1823 #define GNUTLS_KEY_KEY_CERT_SIGN 4
1824 #define GNUTLS_KEY_CRL_SIGN 2
1825 #define GNUTLS_KEY_ENCIPHER_ONLY 1
1826 #define GNUTLS_KEY_DECIPHER_ONLY 32768
1829 gnutls_certificate_set_params_function (gnutls_certificate_credentials_t
1831 gnutls_params_function * func);
1832 void gnutls_anon_set_params_function (gnutls_anon_server_credentials_t res,
1833 gnutls_params_function * func);
1834 void gnutls_psk_set_params_function (gnutls_psk_server_credentials_t res,
1835 gnutls_params_function * func);
1837 int gnutls_hex2bin (const char *hex_data, size_t hex_size,
1838 void *bin_data, size_t * bin_size);
1840 /* Trust on first use (or ssh like) functions */
1842 /* stores the provided information to a database
1844 typedef int (*gnutls_tdb_store_func) (const char* db_name,
1846 const char* service,
1848 const gnutls_datum_t* pubkey);
1850 typedef int (*gnutls_tdb_store_commitment_func) (const char* db_name,
1852 const char* service,
1854 gnutls_digest_algorithm_t hash_algo,
1855 const gnutls_datum_t* hash);
1857 /* searches for the provided host/service pair that match the
1858 * provided public key in the database. */
1859 typedef int (*gnutls_tdb_verify_func) (const char* db_name,
1861 const char* service,
1862 const gnutls_datum_t *pubkey);
1865 struct gnutls_tdb_int;
1866 typedef struct gnutls_tdb_int *gnutls_tdb_t;
1868 int gnutls_tdb_init (gnutls_tdb_t *tdb);
1869 void gnutls_tdb_set_store_func (gnutls_tdb_t tdb,
1870 gnutls_tdb_store_func store);
1871 void gnutls_tdb_set_store_commitment_func (gnutls_tdb_t tdb,
1872 gnutls_tdb_store_commitment_func cstore);
1873 void gnutls_tdb_set_verify_func (gnutls_tdb_t tdb,
1874 gnutls_tdb_verify_func verify);
1875 void gnutls_tdb_deinit (gnutls_tdb_t tdb);
1877 int gnutls_verify_stored_pubkey (const char* db_name,
1880 const char* service,
1881 gnutls_certificate_type_t cert_type,
1882 const gnutls_datum_t * cert,
1883 unsigned int flags);
1885 int gnutls_store_commitment (const char* db_name,
1888 const char* service,
1889 gnutls_digest_algorithm_t hash_algo,
1890 const gnutls_datum_t* hash,
1892 unsigned int flags);
1894 int gnutls_store_pubkey (const char* db_name,
1897 const char* service,
1898 gnutls_certificate_type_t cert_type,
1899 const gnutls_datum_t * cert,
1901 unsigned int flags);
1903 /* Other helper functions */
1904 int gnutls_load_file(const char* filename, gnutls_datum_t * data);
1906 int gnutls_url_is_supported (const char* url);
1911 * gnutls_pin_flag_t:
1912 * @GNUTLS_PIN_USER: The PIN for the user.
1913 * @GNUTLS_PIN_SO: The PIN for the security officer (admin).
1914 * @GNUTLS_PIN_CONTEXT_SPECIFIC: The PIN is for a specific action and key like signing.
1915 * @GNUTLS_PIN_FINAL_TRY: This is the final try before blocking.
1916 * @GNUTLS_PIN_COUNT_LOW: Few tries remain before token blocks.
1917 * @GNUTLS_PIN_WRONG: Last given PIN was not correct.
1919 * Enumeration of different flags that are input to the PIN function.
1923 GNUTLS_PIN_USER = (1 << 0),
1924 GNUTLS_PIN_SO = (1 << 1),
1925 GNUTLS_PIN_FINAL_TRY = (1 << 2),
1926 GNUTLS_PIN_COUNT_LOW = (1 << 3),
1927 GNUTLS_PIN_CONTEXT_SPECIFIC = (1 << 4),
1928 GNUTLS_PIN_WRONG = (1 << 5),
1929 } gnutls_pin_flag_t;
1931 #define GNUTLS_PKCS11_PIN_USER GNUTLS_PIN_USER
1932 #define GNUTLS_PKCS11_PIN_SO GNUTLS_PIN_SO
1933 #define GNUTLS_PKCS11_PIN_FINAL_TRY GNUTLS_PIN_FINAL_TRY
1934 #define GNUTLS_PKCS11_PIN_COUNT_LOW GNUTLS_PIN_COUNT_LOW
1935 #define GNUTLS_PKCS11_PIN_CONTEXT_SPECIFIC GNUTLS_PIN_CONTEXT_SPECIFIC
1936 #define GNUTLS_PKCS11_PIN_WRONG GNUTLS_PIN_WRONG
1939 * gnutls_pin_callback_t:
1940 * @userdata: user-controlled data from gnutls_pkcs11_set_pin_function().
1941 * @attempt: pin-attempt counter, initially 0.
1942 * @token_url: URL of token.
1943 * @token_label: label of token.
1944 * @flags: a #gnutls_pin_flag_t flag.
1945 * @pin: buffer to hold PIN, of size @pin_max.
1946 * @pin_max: size of @pin buffer.
1948 * Callback function type for PKCS#11 or TPM PIN entry. It is set by
1949 * functions like gnutls_pkcs11_set_pin_function().
1951 * The callback should provides the PIN code to unlock the token with
1952 * label @token_label, specified by the URL @token_url.
1954 * The PIN code, as a NUL-terminated ASCII string, should be copied
1955 * into the @pin buffer (of maximum size @pin_max), and return 0 to
1956 * indicate success. Alternatively, the callback may return a
1957 * negative gnutls error code to indicate failure and cancel PIN entry
1958 * (in which case, the contents of the @pin parameter are ignored).
1960 * When a PIN is required, the callback will be invoked repeatedly
1961 * (and indefinitely) until either the returned PIN code is correct,
1962 * the callback returns failure, or the token refuses login (e.g. when
1963 * the token is locked due to too many incorrect PINs!). For the
1964 * first such invocation, the @attempt counter will have value zero;
1965 * it will increase by one for each subsequent attempt.
1967 * Returns: %GNUTLS_E_SUCCESS (0) on success or a negative error code on error.
1971 typedef int (*gnutls_pin_callback_t) (void *userdata, int attempt,
1972 const char *token_url,
1973 const char *token_label,
1975 char *pin, size_t pin_max);
1977 void gnutls_certificate_set_pin_function (gnutls_certificate_credentials_t,
1978 gnutls_pin_callback_t fn, void *userdata);
1980 /* Gnutls error codes. The mapping to a TLS alert is also shown in
1984 #define GNUTLS_E_SUCCESS 0
1985 #define GNUTLS_E_UNKNOWN_COMPRESSION_ALGORITHM -3
1986 #define GNUTLS_E_UNKNOWN_CIPHER_TYPE -6
1987 #define GNUTLS_E_LARGE_PACKET -7
1988 #define GNUTLS_E_UNSUPPORTED_VERSION_PACKET -8 /* GNUTLS_A_PROTOCOL_VERSION */
1989 #define GNUTLS_E_UNEXPECTED_PACKET_LENGTH -9 /* GNUTLS_A_RECORD_OVERFLOW */
1990 #define GNUTLS_E_INVALID_SESSION -10
1991 #define GNUTLS_E_FATAL_ALERT_RECEIVED -12
1992 #define GNUTLS_E_UNEXPECTED_PACKET -15 /* GNUTLS_A_UNEXPECTED_MESSAGE */
1993 #define GNUTLS_E_WARNING_ALERT_RECEIVED -16
1994 #define GNUTLS_E_ERROR_IN_FINISHED_PACKET -18
1995 #define GNUTLS_E_UNEXPECTED_HANDSHAKE_PACKET -19
1996 #define GNUTLS_E_UNKNOWN_CIPHER_SUITE -21 /* GNUTLS_A_HANDSHAKE_FAILURE */
1997 #define GNUTLS_E_UNWANTED_ALGORITHM -22
1998 #define GNUTLS_E_MPI_SCAN_FAILED -23
1999 #define GNUTLS_E_DECRYPTION_FAILED -24 /* GNUTLS_A_DECRYPTION_FAILED, GNUTLS_A_BAD_RECORD_MAC */
2000 #define GNUTLS_E_MEMORY_ERROR -25
2001 #define GNUTLS_E_DECOMPRESSION_FAILED -26 /* GNUTLS_A_DECOMPRESSION_FAILURE */
2002 #define GNUTLS_E_COMPRESSION_FAILED -27
2003 #define GNUTLS_E_AGAIN -28
2004 #define GNUTLS_E_EXPIRED -29
2005 #define GNUTLS_E_DB_ERROR -30
2006 #define GNUTLS_E_SRP_PWD_ERROR -31
2007 #define GNUTLS_E_INSUFFICIENT_CREDENTIALS -32
2008 #define GNUTLS_E_INSUFICIENT_CREDENTIALS GNUTLS_E_INSUFFICIENT_CREDENTIALS /* for backwards compatibility only */
2009 #define GNUTLS_E_INSUFFICIENT_CRED GNUTLS_E_INSUFFICIENT_CREDENTIALS
2010 #define GNUTLS_E_INSUFICIENT_CRED GNUTLS_E_INSUFFICIENT_CREDENTIALS /* for backwards compatibility only */
2012 #define GNUTLS_E_HASH_FAILED -33
2013 #define GNUTLS_E_BASE64_DECODING_ERROR -34
2015 #define GNUTLS_E_MPI_PRINT_FAILED -35
2016 #define GNUTLS_E_REHANDSHAKE -37 /* GNUTLS_A_NO_RENEGOTIATION */
2017 #define GNUTLS_E_GOT_APPLICATION_DATA -38
2018 #define GNUTLS_E_RECORD_LIMIT_REACHED -39
2019 #define GNUTLS_E_ENCRYPTION_FAILED -40
2021 #define GNUTLS_E_PK_ENCRYPTION_FAILED -44
2022 #define GNUTLS_E_PK_DECRYPTION_FAILED -45
2023 #define GNUTLS_E_PK_SIGN_FAILED -46
2024 #define GNUTLS_E_X509_UNSUPPORTED_CRITICAL_EXTENSION -47
2025 #define GNUTLS_E_KEY_USAGE_VIOLATION -48
2026 #define GNUTLS_E_NO_CERTIFICATE_FOUND -49 /* GNUTLS_A_BAD_CERTIFICATE */
2027 #define GNUTLS_E_INVALID_REQUEST -50
2028 #define GNUTLS_E_SHORT_MEMORY_BUFFER -51
2029 #define GNUTLS_E_INTERRUPTED -52
2030 #define GNUTLS_E_PUSH_ERROR -53
2031 #define GNUTLS_E_PULL_ERROR -54
2032 #define GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER -55 /* GNUTLS_A_ILLEGAL_PARAMETER */
2033 #define GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE -56
2034 #define GNUTLS_E_PKCS1_WRONG_PAD -57
2035 #define GNUTLS_E_RECEIVED_ILLEGAL_EXTENSION -58
2036 #define GNUTLS_E_INTERNAL_ERROR -59
2037 #define GNUTLS_E_DH_PRIME_UNACCEPTABLE -63
2038 #define GNUTLS_E_FILE_ERROR -64
2039 #define GNUTLS_E_TOO_MANY_EMPTY_PACKETS -78
2040 #define GNUTLS_E_UNKNOWN_PK_ALGORITHM -80
2041 #define GNUTLS_E_TOO_MANY_HANDSHAKE_PACKETS -81
2043 /* returned if you need to generate temporary RSA
2044 * parameters. These are needed for export cipher suites.
2046 #define GNUTLS_E_NO_TEMPORARY_RSA_PARAMS -84
2048 #define GNUTLS_E_NO_COMPRESSION_ALGORITHMS -86
2049 #define GNUTLS_E_NO_CIPHER_SUITES -87
2051 #define GNUTLS_E_OPENPGP_GETKEY_FAILED -88
2052 #define GNUTLS_E_PK_SIG_VERIFY_FAILED -89
2054 #define GNUTLS_E_ILLEGAL_SRP_USERNAME -90
2055 #define GNUTLS_E_SRP_PWD_PARSING_ERROR -91
2056 #define GNUTLS_E_NO_TEMPORARY_DH_PARAMS -93
2058 /* For certificate and key stuff
2060 #define GNUTLS_E_ASN1_ELEMENT_NOT_FOUND -67
2061 #define GNUTLS_E_ASN1_IDENTIFIER_NOT_FOUND -68
2062 #define GNUTLS_E_ASN1_DER_ERROR -69
2063 #define GNUTLS_E_ASN1_VALUE_NOT_FOUND -70
2064 #define GNUTLS_E_ASN1_GENERIC_ERROR -71
2065 #define GNUTLS_E_ASN1_VALUE_NOT_VALID -72
2066 #define GNUTLS_E_ASN1_TAG_ERROR -73
2067 #define GNUTLS_E_ASN1_TAG_IMPLICIT -74
2068 #define GNUTLS_E_ASN1_TYPE_ANY_ERROR -75
2069 #define GNUTLS_E_ASN1_SYNTAX_ERROR -76
2070 #define GNUTLS_E_ASN1_DER_OVERFLOW -77
2071 #define GNUTLS_E_OPENPGP_UID_REVOKED -79
2072 #define GNUTLS_E_CERTIFICATE_ERROR -43
2073 #define GNUTLS_E_X509_CERTIFICATE_ERROR GNUTLS_E_CERTIFICATE_ERROR
2074 #define GNUTLS_E_CERTIFICATE_KEY_MISMATCH -60
2075 #define GNUTLS_E_UNSUPPORTED_CERTIFICATE_TYPE -61 /* GNUTLS_A_UNSUPPORTED_CERTIFICATE */
2076 #define GNUTLS_E_X509_UNKNOWN_SAN -62
2077 #define GNUTLS_E_OPENPGP_FINGERPRINT_UNSUPPORTED -94
2078 #define GNUTLS_E_X509_UNSUPPORTED_ATTRIBUTE -95
2079 #define GNUTLS_E_UNKNOWN_HASH_ALGORITHM -96
2080 #define GNUTLS_E_UNKNOWN_PKCS_CONTENT_TYPE -97
2081 #define GNUTLS_E_UNKNOWN_PKCS_BAG_TYPE -98
2082 #define GNUTLS_E_INVALID_PASSWORD -99
2083 #define GNUTLS_E_MAC_VERIFY_FAILED -100 /* for PKCS #12 MAC */
2084 #define GNUTLS_E_CONSTRAINT_ERROR -101
2086 #define GNUTLS_E_WARNING_IA_IPHF_RECEIVED -102
2087 #define GNUTLS_E_WARNING_IA_FPHF_RECEIVED -103
2089 #define GNUTLS_E_IA_VERIFY_FAILED -104
2090 #define GNUTLS_E_UNKNOWN_ALGORITHM -105
2091 #define GNUTLS_E_UNSUPPORTED_SIGNATURE_ALGORITHM -106
2092 #define GNUTLS_E_SAFE_RENEGOTIATION_FAILED -107
2093 #define GNUTLS_E_UNSAFE_RENEGOTIATION_DENIED -108
2094 #define GNUTLS_E_UNKNOWN_SRP_USERNAME -109
2095 #define GNUTLS_E_PREMATURE_TERMINATION -110
2097 #define GNUTLS_E_BASE64_ENCODING_ERROR -201
2098 #define GNUTLS_E_INCOMPATIBLE_GCRYPT_LIBRARY -202 /* obsolete */
2099 #define GNUTLS_E_INCOMPATIBLE_CRYPTO_LIBRARY -202
2100 #define GNUTLS_E_INCOMPATIBLE_LIBTASN1_LIBRARY -203
2102 #define GNUTLS_E_OPENPGP_KEYRING_ERROR -204
2103 #define GNUTLS_E_X509_UNSUPPORTED_OID -205
2105 #define GNUTLS_E_RANDOM_FAILED -206
2106 #define GNUTLS_E_BASE64_UNEXPECTED_HEADER_ERROR -207
2108 #define GNUTLS_E_OPENPGP_SUBKEY_ERROR -208
2110 #define GNUTLS_E_CRYPTO_ALREADY_REGISTERED -209
2112 #define GNUTLS_E_HANDSHAKE_TOO_LARGE -210
2114 #define GNUTLS_E_CRYPTODEV_IOCTL_ERROR -211
2115 #define GNUTLS_E_CRYPTODEV_DEVICE_ERROR -212
2117 #define GNUTLS_E_CHANNEL_BINDING_NOT_AVAILABLE -213
2118 #define GNUTLS_E_BAD_COOKIE -214
2119 #define GNUTLS_E_OPENPGP_PREFERRED_KEY_ERROR -215
2120 #define GNUTLS_E_INCOMPAT_DSA_KEY_WITH_TLS_PROTOCOL -216
2122 #define GNUTLS_E_HEARTBEAT_PONG_RECEIVED -292
2123 #define GNUTLS_E_HEARTBEAT_PING_RECEIVED -293
2125 /* PKCS11 related */
2126 #define GNUTLS_E_PKCS11_ERROR -300
2127 #define GNUTLS_E_PKCS11_LOAD_ERROR -301
2128 #define GNUTLS_E_PARSING_ERROR -302
2129 #define GNUTLS_E_PKCS11_PIN_ERROR -303
2131 #define GNUTLS_E_PKCS11_SLOT_ERROR -305
2132 #define GNUTLS_E_LOCKING_ERROR -306
2133 #define GNUTLS_E_PKCS11_ATTRIBUTE_ERROR -307
2134 #define GNUTLS_E_PKCS11_DEVICE_ERROR -308
2135 #define GNUTLS_E_PKCS11_DATA_ERROR -309
2136 #define GNUTLS_E_PKCS11_UNSUPPORTED_FEATURE_ERROR -310
2137 #define GNUTLS_E_PKCS11_KEY_ERROR -311
2138 #define GNUTLS_E_PKCS11_PIN_EXPIRED -312
2139 #define GNUTLS_E_PKCS11_PIN_LOCKED -313
2140 #define GNUTLS_E_PKCS11_SESSION_ERROR -314
2141 #define GNUTLS_E_PKCS11_SIGNATURE_ERROR -315
2142 #define GNUTLS_E_PKCS11_TOKEN_ERROR -316
2143 #define GNUTLS_E_PKCS11_USER_ERROR -317
2145 #define GNUTLS_E_CRYPTO_INIT_FAILED -318
2146 #define GNUTLS_E_TIMEDOUT -319
2147 #define GNUTLS_E_USER_ERROR -320
2148 #define GNUTLS_E_ECC_NO_SUPPORTED_CURVES -321
2149 #define GNUTLS_E_ECC_UNSUPPORTED_CURVE -322
2150 #define GNUTLS_E_PKCS11_REQUESTED_OBJECT_NOT_AVAILBLE -323
2151 #define GNUTLS_E_CERTIFICATE_LIST_UNSORTED -324
2152 #define GNUTLS_E_ILLEGAL_PARAMETER -325
2153 #define GNUTLS_E_NO_PRIORITIES_WERE_SET -326
2154 #define GNUTLS_E_X509_UNSUPPORTED_EXTENSION -327
2155 #define GNUTLS_E_SESSION_EOF -328
2157 #define GNUTLS_E_TPM_ERROR -329
2158 #define GNUTLS_E_TPM_KEY_PASSWORD_ERROR -330
2159 #define GNUTLS_E_TPM_SRK_PASSWORD_ERROR -331
2160 #define GNUTLS_E_TPM_SESSION_ERROR -332
2161 #define GNUTLS_E_TPM_KEY_NOT_FOUND -333
2162 #define GNUTLS_E_TPM_UNINITIALIZED -334
2164 #define GNUTLS_E_NO_CERTIFICATE_STATUS -340
2165 #define GNUTLS_E_OCSP_RESPONSE_ERROR -341
2166 #define GNUTLS_E_RANDOM_DEVICE_ERROR -342
2167 #define GNUTLS_E_AUTH_ERROR -343
2169 #define GNUTLS_E_UNIMPLEMENTED_FEATURE -1250
2173 #define GNUTLS_E_APPLICATION_ERROR_MAX -65000
2174 #define GNUTLS_E_APPLICATION_ERROR_MIN -65500
2180 #include <gnutls/compat.h>
2182 #endif /* GNUTLS_H */
projects / gnutls:gnutls.git / blob