diff options
author | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2013-11-08 22:14:07 +0100 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2013-11-08 22:17:10 +0100 |
commit | 76c93d23c073ef8b885503b7d28a31ffe2add6d8 (patch) | |
tree | 1dd2d22a197bc40c5330e516969a7cb1ae9bc96f /lib/includes | |
parent | 559a144f6bbcbb611453f82e655dd7438c14d1a7 (diff) | |
download | gnutls-76c93d23c073ef8b885503b7d28a31ffe2add6d8.tar.gz |
reindented code
Diffstat (limited to 'lib/includes')
-rw-r--r-- | lib/includes/gnutls/abstract.h | 709 | ||||
-rw-r--r-- | lib/includes/gnutls/compat.h | 523 | ||||
-rw-r--r-- | lib/includes/gnutls/crypto.h | 132 | ||||
-rw-r--r-- | lib/includes/gnutls/dtls.h | 63 | ||||
-rw-r--r-- | lib/includes/gnutls/gnutlsxx.h | 790 | ||||
-rw-r--r-- | lib/includes/gnutls/ocsp.h | 287 | ||||
-rw-r--r-- | lib/includes/gnutls/openpgp.h | 553 | ||||
-rw-r--r-- | lib/includes/gnutls/pkcs11.h | 419 | ||||
-rw-r--r-- | lib/includes/gnutls/pkcs12.h | 173 | ||||
-rw-r--r-- | lib/includes/gnutls/tpm.h | 49 | ||||
-rw-r--r-- | lib/includes/gnutls/x509.h | 1865 | ||||
-rw-r--r-- | lib/includes/gnutls/xssl.h | 116 |
12 files changed, 2979 insertions, 2700 deletions
diff --git a/lib/includes/gnutls/abstract.h b/lib/includes/gnutls/abstract.h index d030f0cce5..33767bc249 100644 --- a/lib/includes/gnutls/abstract.h +++ b/lib/includes/gnutls/abstract.h @@ -30,8 +30,7 @@ #include <gnutls/tpm.h> #ifdef __cplusplus -extern "C" -{ +extern "C" { #endif /* Public key operations */ @@ -47,177 +46,209 @@ extern "C" * * Enumeration of different certificate import flags. */ - typedef enum gnutls_pubkey_flags - { - GNUTLS_PUBKEY_VERIFY_FLAG_TLS1_RSA = 1, - GNUTLS_PUBKEY_DISABLE_CALLBACKS = 1<<2, - GNUTLS_PUBKEY_GET_OPENPGP_FINGERPRINT = 1<<3, - } gnutls_pubkey_flags_t; - -typedef int (*gnutls_privkey_sign_func) (gnutls_privkey_t key, - void *userdata, - const gnutls_datum_t * raw_data, - gnutls_datum_t * signature); -typedef int (*gnutls_privkey_decrypt_func) (gnutls_privkey_t key, - void *userdata, - const gnutls_datum_t * ciphertext, - gnutls_datum_t * plaintext); - -typedef void (*gnutls_privkey_deinit_func) (gnutls_privkey_t key, - void *userdata); - -int gnutls_pubkey_init (gnutls_pubkey_t * key); -void gnutls_pubkey_deinit (gnutls_pubkey_t key); - -void gnutls_pubkey_set_pin_function (gnutls_pubkey_t key, - gnutls_pin_callback_t fn, void *userdata); - -int gnutls_pubkey_get_pk_algorithm (gnutls_pubkey_t key, unsigned int *bits); - -int gnutls_pubkey_import_x509 (gnutls_pubkey_t key, gnutls_x509_crt_t crt, - unsigned int flags); -int gnutls_pubkey_import_x509_crq (gnutls_pubkey_t key, gnutls_x509_crq_t crq, - unsigned int flags); -int gnutls_pubkey_import_pkcs11 (gnutls_pubkey_t key, - gnutls_pkcs11_obj_t obj, unsigned int flags); -int gnutls_pubkey_import_openpgp (gnutls_pubkey_t key, - gnutls_openpgp_crt_t crt, - unsigned int flags); - -int gnutls_pubkey_import_openpgp_raw (gnutls_pubkey_t pkey, - const gnutls_datum_t * data, - gnutls_openpgp_crt_fmt_t format, - const gnutls_openpgp_keyid_t keyid, - unsigned int flags); -int gnutls_pubkey_import_x509_raw (gnutls_pubkey_t pkey, - const gnutls_datum_t * data, - gnutls_x509_crt_fmt_t format, - unsigned int flags); - -int -gnutls_pubkey_import_privkey (gnutls_pubkey_t key, gnutls_privkey_t pkey, - unsigned int usage, unsigned int flags); - -int -gnutls_pubkey_import_tpm_url (gnutls_pubkey_t pkey, - const char* url, - const char *srk_password, - unsigned int flags); - -int -gnutls_pubkey_import_url (gnutls_pubkey_t key, const char *url, - unsigned int flags); - -int -gnutls_pubkey_import_tpm_raw (gnutls_pubkey_t pkey, - const gnutls_datum_t * fdata, - gnutls_tpmkey_fmt_t format, - const char *srk_password, - unsigned int flags); - -int gnutls_pubkey_get_preferred_hash_algorithm (gnutls_pubkey_t key, - gnutls_digest_algorithm_t * - hash, unsigned int *mand); - -int gnutls_pubkey_get_pk_rsa_raw (gnutls_pubkey_t key, - gnutls_datum_t * m, gnutls_datum_t * e); -int gnutls_pubkey_get_pk_dsa_raw (gnutls_pubkey_t key, - gnutls_datum_t * p, gnutls_datum_t * q, - gnutls_datum_t * g, gnutls_datum_t * y); -int gnutls_pubkey_get_pk_ecc_raw (gnutls_pubkey_t key, gnutls_ecc_curve_t *curve, - gnutls_datum_t * x, gnutls_datum_t * y); -int gnutls_pubkey_get_pk_ecc_x962 (gnutls_pubkey_t key, gnutls_datum_t* parameters, - gnutls_datum_t * ecpoint); - -int gnutls_pubkey_export (gnutls_pubkey_t key, - gnutls_x509_crt_fmt_t format, - void *output_data, size_t * output_data_size); - -int gnutls_pubkey_export2 (gnutls_pubkey_t key, - gnutls_x509_crt_fmt_t format, - gnutls_datum_t * out); - -int gnutls_pubkey_get_key_id (gnutls_pubkey_t key, unsigned int flags, - unsigned char *output_data, - size_t * output_data_size); - -int -gnutls_pubkey_get_openpgp_key_id (gnutls_pubkey_t key, unsigned int flags, - unsigned char *output_data, - size_t * output_data_size, - unsigned int *subkey); - -int gnutls_pubkey_get_key_usage (gnutls_pubkey_t key, unsigned int *usage); -int gnutls_pubkey_set_key_usage (gnutls_pubkey_t key, unsigned int usage); - -int gnutls_pubkey_import (gnutls_pubkey_t key, - const gnutls_datum_t * data, - gnutls_x509_crt_fmt_t format); - - -int gnutls_pubkey_import_pkcs11_url (gnutls_pubkey_t key, const char *url, - unsigned int flags - /* GNUTLS_PKCS11_OBJ_FLAG_* */ ); -int gnutls_pubkey_import_dsa_raw (gnutls_pubkey_t key, - const gnutls_datum_t * p, - const gnutls_datum_t * q, - const gnutls_datum_t * g, - const gnutls_datum_t * y); -int gnutls_pubkey_import_rsa_raw (gnutls_pubkey_t key, - const gnutls_datum_t * m, - const gnutls_datum_t * e); - -int -gnutls_pubkey_import_ecc_x962 (gnutls_pubkey_t key, - const gnutls_datum_t * parameters, - const gnutls_datum_t * ecpoint); - -int -gnutls_pubkey_import_ecc_raw (gnutls_pubkey_t key, - gnutls_ecc_curve_t curve, - const gnutls_datum_t * x, - const gnutls_datum_t * y); - -int -gnutls_pubkey_encrypt_data (gnutls_pubkey_t key, unsigned int flags, - const gnutls_datum_t * plaintext, - gnutls_datum_t * ciphertext); - -int gnutls_x509_crt_set_pubkey (gnutls_x509_crt_t crt, gnutls_pubkey_t key); - -int gnutls_x509_crq_set_pubkey (gnutls_x509_crq_t crq, gnutls_pubkey_t key); - -int -gnutls_pubkey_verify_hash2 (gnutls_pubkey_t key, - gnutls_sign_algorithm_t algo, - unsigned int flags, - const gnutls_datum_t * hash, - const gnutls_datum_t * signature); - -int -gnutls_pubkey_get_verify_algorithm (gnutls_pubkey_t key, - const gnutls_datum_t * signature, - gnutls_digest_algorithm_t * hash); - -int -gnutls_pubkey_verify_data2 (gnutls_pubkey_t pubkey, - gnutls_sign_algorithm_t algo, - unsigned int flags, - const gnutls_datum_t * data, - const gnutls_datum_t * signature); + typedef enum gnutls_pubkey_flags { + GNUTLS_PUBKEY_VERIFY_FLAG_TLS1_RSA = 1, + GNUTLS_PUBKEY_DISABLE_CALLBACKS = 1 << 2, + GNUTLS_PUBKEY_GET_OPENPGP_FINGERPRINT = 1 << 3, + } gnutls_pubkey_flags_t; + + typedef int (*gnutls_privkey_sign_func) (gnutls_privkey_t key, + void *userdata, + const gnutls_datum_t * + raw_data, + gnutls_datum_t * + signature); + typedef int (*gnutls_privkey_decrypt_func) (gnutls_privkey_t key, + void *userdata, + const gnutls_datum_t * + ciphertext, + gnutls_datum_t * + plaintext); + + typedef void (*gnutls_privkey_deinit_func) (gnutls_privkey_t key, + void *userdata); + + int gnutls_pubkey_init(gnutls_pubkey_t * key); + void gnutls_pubkey_deinit(gnutls_pubkey_t key); + + void gnutls_pubkey_set_pin_function(gnutls_pubkey_t key, + gnutls_pin_callback_t fn, + void *userdata); + + int gnutls_pubkey_get_pk_algorithm(gnutls_pubkey_t key, + unsigned int *bits); + + int gnutls_pubkey_import_x509(gnutls_pubkey_t key, + gnutls_x509_crt_t crt, + unsigned int flags); + int gnutls_pubkey_import_x509_crq(gnutls_pubkey_t key, + gnutls_x509_crq_t crq, + unsigned int flags); + int gnutls_pubkey_import_pkcs11(gnutls_pubkey_t key, + gnutls_pkcs11_obj_t obj, + unsigned int flags); + int gnutls_pubkey_import_openpgp(gnutls_pubkey_t key, + gnutls_openpgp_crt_t crt, + unsigned int flags); + + int gnutls_pubkey_import_openpgp_raw(gnutls_pubkey_t pkey, + const gnutls_datum_t * data, + gnutls_openpgp_crt_fmt_t + format, + const gnutls_openpgp_keyid_t + keyid, unsigned int flags); + int gnutls_pubkey_import_x509_raw(gnutls_pubkey_t pkey, + const gnutls_datum_t * data, + gnutls_x509_crt_fmt_t format, + unsigned int flags); + + int + gnutls_pubkey_import_privkey(gnutls_pubkey_t key, + gnutls_privkey_t pkey, + unsigned int usage, + unsigned int flags); + + int + gnutls_pubkey_import_tpm_url(gnutls_pubkey_t pkey, + const char *url, + const char *srk_password, + unsigned int flags); + + int + gnutls_pubkey_import_url(gnutls_pubkey_t key, const char *url, + unsigned int flags); + + int + gnutls_pubkey_import_tpm_raw(gnutls_pubkey_t pkey, + const gnutls_datum_t * fdata, + gnutls_tpmkey_fmt_t format, + const char *srk_password, + unsigned int flags); + + int gnutls_pubkey_get_preferred_hash_algorithm(gnutls_pubkey_t key, + gnutls_digest_algorithm_t + * hash, + unsigned int *mand); + + int gnutls_pubkey_get_pk_rsa_raw(gnutls_pubkey_t key, + gnutls_datum_t * m, + gnutls_datum_t * e); + int gnutls_pubkey_get_pk_dsa_raw(gnutls_pubkey_t key, + gnutls_datum_t * p, + gnutls_datum_t * q, + gnutls_datum_t * g, + gnutls_datum_t * y); + int gnutls_pubkey_get_pk_ecc_raw(gnutls_pubkey_t key, + gnutls_ecc_curve_t * curve, + gnutls_datum_t * x, + gnutls_datum_t * y); + int gnutls_pubkey_get_pk_ecc_x962(gnutls_pubkey_t key, + gnutls_datum_t * parameters, + gnutls_datum_t * ecpoint); + + int gnutls_pubkey_export(gnutls_pubkey_t key, + gnutls_x509_crt_fmt_t format, + void *output_data, + size_t * output_data_size); + + int gnutls_pubkey_export2(gnutls_pubkey_t key, + gnutls_x509_crt_fmt_t format, + gnutls_datum_t * out); + + int gnutls_pubkey_get_key_id(gnutls_pubkey_t key, + unsigned int flags, + unsigned char *output_data, + size_t * output_data_size); + + int + gnutls_pubkey_get_openpgp_key_id(gnutls_pubkey_t key, + unsigned int flags, + unsigned char *output_data, + size_t * output_data_size, + unsigned int *subkey); + + int gnutls_pubkey_get_key_usage(gnutls_pubkey_t key, + unsigned int *usage); + int gnutls_pubkey_set_key_usage(gnutls_pubkey_t key, + unsigned int usage); + + int gnutls_pubkey_import(gnutls_pubkey_t key, + const gnutls_datum_t * data, + gnutls_x509_crt_fmt_t format); + + + int gnutls_pubkey_import_pkcs11_url(gnutls_pubkey_t key, + const char *url, + unsigned int flags + /* GNUTLS_PKCS11_OBJ_FLAG_* */ + ); + int gnutls_pubkey_import_dsa_raw(gnutls_pubkey_t key, + const gnutls_datum_t * p, + const gnutls_datum_t * q, + const gnutls_datum_t * g, + const gnutls_datum_t * y); + int gnutls_pubkey_import_rsa_raw(gnutls_pubkey_t key, + const gnutls_datum_t * m, + const gnutls_datum_t * e); + + int + gnutls_pubkey_import_ecc_x962(gnutls_pubkey_t key, + const gnutls_datum_t * parameters, + const gnutls_datum_t * ecpoint); + + int + gnutls_pubkey_import_ecc_raw(gnutls_pubkey_t key, + gnutls_ecc_curve_t curve, + const gnutls_datum_t * x, + const gnutls_datum_t * y); + + int + gnutls_pubkey_encrypt_data(gnutls_pubkey_t key, + unsigned int flags, + const gnutls_datum_t * plaintext, + gnutls_datum_t * ciphertext); + + int gnutls_x509_crt_set_pubkey(gnutls_x509_crt_t crt, + gnutls_pubkey_t key); + + int gnutls_x509_crq_set_pubkey(gnutls_x509_crq_t crq, + gnutls_pubkey_t key); + + int + gnutls_pubkey_verify_hash2(gnutls_pubkey_t key, + gnutls_sign_algorithm_t algo, + unsigned int flags, + const gnutls_datum_t * hash, + const gnutls_datum_t * signature); + + int + gnutls_pubkey_get_verify_algorithm(gnutls_pubkey_t key, + const gnutls_datum_t * + signature, + gnutls_digest_algorithm_t * + hash); + + int + gnutls_pubkey_verify_data2(gnutls_pubkey_t pubkey, + gnutls_sign_algorithm_t algo, + unsigned int flags, + const gnutls_datum_t * data, + const gnutls_datum_t * signature); /* Private key operations */ -int gnutls_privkey_init (gnutls_privkey_t * key); -void gnutls_privkey_deinit (gnutls_privkey_t key); + int gnutls_privkey_init(gnutls_privkey_t * key); + void gnutls_privkey_deinit(gnutls_privkey_t key); -void gnutls_privkey_set_pin_function (gnutls_privkey_t key, - gnutls_pin_callback_t fn, void *userdata); + void gnutls_privkey_set_pin_function(gnutls_privkey_t key, + gnutls_pin_callback_t fn, + void *userdata); -int gnutls_privkey_get_pk_algorithm (gnutls_privkey_t key, - unsigned int *bits); -gnutls_privkey_type_t gnutls_privkey_get_type (gnutls_privkey_t key); -int gnutls_privkey_status (gnutls_privkey_t key); + int gnutls_privkey_get_pk_algorithm(gnutls_privkey_t key, + unsigned int *bits); + gnutls_privkey_type_t gnutls_privkey_get_type(gnutls_privkey_t + key); + int gnutls_privkey_status(gnutls_privkey_t key); /** * gnutls_privkey_flags: @@ -230,102 +261,109 @@ int gnutls_privkey_status (gnutls_privkey_t key); * * Enumeration of different certificate import flags. */ - typedef enum gnutls_privkey_flags - { - GNUTLS_PRIVKEY_IMPORT_AUTO_RELEASE = 1, - GNUTLS_PRIVKEY_IMPORT_COPY = 1<<1, - GNUTLS_PRIVKEY_DISABLE_CALLBACKS = 1<<2, - GNUTLS_PRIVKEY_SIGN_FLAG_TLS1_RSA = 1<<4, - } gnutls_privkey_flags_t; - -int gnutls_privkey_import_pkcs11 (gnutls_privkey_t pkey, - gnutls_pkcs11_privkey_t key, - unsigned int flags); -int gnutls_privkey_import_x509 (gnutls_privkey_t pkey, - gnutls_x509_privkey_t key, - unsigned int flags); -int gnutls_privkey_import_openpgp (gnutls_privkey_t pkey, - gnutls_openpgp_privkey_t key, - unsigned int flags); - -int gnutls_privkey_import_openpgp_raw (gnutls_privkey_t pkey, - const gnutls_datum_t * data, - gnutls_openpgp_crt_fmt_t format, - const gnutls_openpgp_keyid_t keyid, - const char* password); - -int gnutls_privkey_import_x509_raw (gnutls_privkey_t pkey, - const gnutls_datum_t * data, - gnutls_x509_crt_fmt_t format, - const char* password, unsigned int flags); - -int -gnutls_privkey_import_tpm_raw (gnutls_privkey_t pkey, - const gnutls_datum_t * fdata, - gnutls_tpmkey_fmt_t format, - const char *srk_password, - const char *key_password, unsigned int flags); - -int -gnutls_privkey_import_tpm_url (gnutls_privkey_t pkey, - const char* url, const char *srk_password, const char *key_password, - unsigned int flags); - -int gnutls_privkey_import_url (gnutls_privkey_t key, const char *url, unsigned int flags); - -int gnutls_privkey_import_pkcs11_url (gnutls_privkey_t key, const char *url); - -int -gnutls_privkey_import_ext (gnutls_privkey_t pkey, - gnutls_pk_algorithm_t pk, - void* userdata, - gnutls_privkey_sign_func sign_func, - gnutls_privkey_decrypt_func decrypt_func, - unsigned int flags); - -int -gnutls_privkey_import_ext2 (gnutls_privkey_t pkey, - gnutls_pk_algorithm_t pk, - void* userdata, - gnutls_privkey_sign_func sign_func, - gnutls_privkey_decrypt_func decrypt_func, - gnutls_privkey_deinit_func deinit_func, - unsigned int flags); - -int gnutls_privkey_sign_data (gnutls_privkey_t signer, - gnutls_digest_algorithm_t hash, - unsigned int flags, - const gnutls_datum_t * data, - gnutls_datum_t * signature); - -int gnutls_privkey_sign_hash (gnutls_privkey_t signer, - gnutls_digest_algorithm_t hash_algo, - unsigned int flags, - const gnutls_datum_t * hash_data, - gnutls_datum_t * signature); - - -int gnutls_privkey_decrypt_data (gnutls_privkey_t key, - unsigned int flags, - const gnutls_datum_t * ciphertext, - gnutls_datum_t * plaintext); - -int gnutls_x509_crt_privkey_sign (gnutls_x509_crt_t crt, - gnutls_x509_crt_t issuer, - gnutls_privkey_t issuer_key, - gnutls_digest_algorithm_t dig, - unsigned int flags); - -int gnutls_x509_crl_privkey_sign (gnutls_x509_crl_t crl, - gnutls_x509_crt_t issuer, - gnutls_privkey_t issuer_key, - gnutls_digest_algorithm_t dig, - unsigned int flags); - -int gnutls_x509_crq_privkey_sign (gnutls_x509_crq_t crq, - gnutls_privkey_t key, - gnutls_digest_algorithm_t dig, - unsigned int flags); + typedef enum gnutls_privkey_flags { + GNUTLS_PRIVKEY_IMPORT_AUTO_RELEASE = 1, + GNUTLS_PRIVKEY_IMPORT_COPY = 1 << 1, + GNUTLS_PRIVKEY_DISABLE_CALLBACKS = 1 << 2, + GNUTLS_PRIVKEY_SIGN_FLAG_TLS1_RSA = 1 << 4, + } gnutls_privkey_flags_t; + + int gnutls_privkey_import_pkcs11(gnutls_privkey_t pkey, + gnutls_pkcs11_privkey_t key, + unsigned int flags); + int gnutls_privkey_import_x509(gnutls_privkey_t pkey, + gnutls_x509_privkey_t key, + unsigned int flags); + int gnutls_privkey_import_openpgp(gnutls_privkey_t pkey, + gnutls_openpgp_privkey_t key, + unsigned int flags); + + int gnutls_privkey_import_openpgp_raw(gnutls_privkey_t pkey, + const gnutls_datum_t * data, + gnutls_openpgp_crt_fmt_t + format, + const gnutls_openpgp_keyid_t + keyid, const char *password); + + int gnutls_privkey_import_x509_raw(gnutls_privkey_t pkey, + const gnutls_datum_t * data, + gnutls_x509_crt_fmt_t format, + const char *password, + unsigned int flags); + + int + gnutls_privkey_import_tpm_raw(gnutls_privkey_t pkey, + const gnutls_datum_t * fdata, + gnutls_tpmkey_fmt_t format, + const char *srk_password, + const char *key_password, + unsigned int flags); + + int + gnutls_privkey_import_tpm_url(gnutls_privkey_t pkey, + const char *url, + const char *srk_password, + const char *key_password, + unsigned int flags); + + int gnutls_privkey_import_url(gnutls_privkey_t key, + const char *url, unsigned int flags); + + int gnutls_privkey_import_pkcs11_url(gnutls_privkey_t key, + const char *url); + + int + gnutls_privkey_import_ext(gnutls_privkey_t pkey, + gnutls_pk_algorithm_t pk, + void *userdata, + gnutls_privkey_sign_func sign_func, + gnutls_privkey_decrypt_func + decrypt_func, unsigned int flags); + + int + gnutls_privkey_import_ext2(gnutls_privkey_t pkey, + gnutls_pk_algorithm_t pk, + void *userdata, + gnutls_privkey_sign_func sign_func, + gnutls_privkey_decrypt_func + decrypt_func, + gnutls_privkey_deinit_func deinit_func, + unsigned int flags); + + int gnutls_privkey_sign_data(gnutls_privkey_t signer, + gnutls_digest_algorithm_t hash, + unsigned int flags, + const gnutls_datum_t * data, + gnutls_datum_t * signature); + + int gnutls_privkey_sign_hash(gnutls_privkey_t signer, + gnutls_digest_algorithm_t hash_algo, + unsigned int flags, + const gnutls_datum_t * hash_data, + gnutls_datum_t * signature); + + + int gnutls_privkey_decrypt_data(gnutls_privkey_t key, + unsigned int flags, + const gnutls_datum_t * ciphertext, + gnutls_datum_t * plaintext); + + int gnutls_x509_crt_privkey_sign(gnutls_x509_crt_t crt, + gnutls_x509_crt_t issuer, + gnutls_privkey_t issuer_key, + gnutls_digest_algorithm_t dig, + unsigned int flags); + + int gnutls_x509_crl_privkey_sign(gnutls_x509_crl_t crl, + gnutls_x509_crt_t issuer, + gnutls_privkey_t issuer_key, + gnutls_digest_algorithm_t dig, + unsigned int flags); + + int gnutls_x509_crq_privkey_sign(gnutls_x509_crq_t crq, + gnutls_privkey_t key, + gnutls_digest_algorithm_t dig, + unsigned int flags); /** * gnutls_pcert_st: @@ -335,88 +373,101 @@ int gnutls_x509_crq_privkey_sign (gnutls_x509_crq_t crq, * * A parsed certificate. */ -typedef struct gnutls_pcert_st -{ - gnutls_pubkey_t pubkey; - gnutls_datum_t cert; - gnutls_certificate_type_t type; -} gnutls_pcert_st; + typedef struct gnutls_pcert_st { + gnutls_pubkey_t pubkey; + gnutls_datum_t cert; + gnutls_certificate_type_t type; + } gnutls_pcert_st; /* Do not initialize the "cert" element of * the certificate */ #define GNUTLS_PCERT_NO_CERT 1 -int gnutls_pcert_import_x509 (gnutls_pcert_st* pcert, - gnutls_x509_crt_t crt, unsigned int flags); + int gnutls_pcert_import_x509(gnutls_pcert_st * pcert, + gnutls_x509_crt_t crt, + unsigned int flags); -int -gnutls_pcert_list_import_x509_raw (gnutls_pcert_st * pcerts, - unsigned int *pcert_max, - const gnutls_datum_t * data, - gnutls_x509_crt_fmt_t format, unsigned int flags); + int + gnutls_pcert_list_import_x509_raw(gnutls_pcert_st * pcerts, + unsigned int *pcert_max, + const gnutls_datum_t * data, + gnutls_x509_crt_fmt_t format, + unsigned int flags); -int gnutls_pcert_import_x509_raw (gnutls_pcert_st* pcert, - const gnutls_datum_t* cert, - gnutls_x509_crt_fmt_t format, unsigned int flags); + int gnutls_pcert_import_x509_raw(gnutls_pcert_st * pcert, + const gnutls_datum_t * cert, + gnutls_x509_crt_fmt_t format, + unsigned int flags); -int gnutls_pcert_import_openpgp_raw (gnutls_pcert_st* pcert, - const gnutls_datum_t* cert, - gnutls_openpgp_crt_fmt_t format, - gnutls_openpgp_keyid_t keyid, unsigned int flags); + int gnutls_pcert_import_openpgp_raw(gnutls_pcert_st * pcert, + const gnutls_datum_t * cert, + gnutls_openpgp_crt_fmt_t + format, + gnutls_openpgp_keyid_t keyid, + unsigned int flags); -int gnutls_pcert_import_openpgp (gnutls_pcert_st* pcert, - gnutls_openpgp_crt_t crt, unsigned int flags); + int gnutls_pcert_import_openpgp(gnutls_pcert_st * pcert, + gnutls_openpgp_crt_t crt, + unsigned int flags); -void gnutls_pcert_deinit (gnutls_pcert_st* pcert); + void gnutls_pcert_deinit(gnutls_pcert_st * pcert); /* For certificate credentials */ - /* This is the same as gnutls_certificate_retrieve_function() - * but retrieves a gnutls_pcert_st which requires much less processing - * within the library. - */ - typedef int gnutls_certificate_retrieve_function2 (gnutls_session_t, - const gnutls_datum_t * - req_ca_rdn, - int nreqs, - const - gnutls_pk_algorithm_t - * pk_algos, - int pk_algos_length, - gnutls_pcert_st **, - unsigned int *pcert_length, - gnutls_privkey_t *privkey); - - -void gnutls_certificate_set_retrieve_function2 ( - gnutls_certificate_credentials_t cred, - gnutls_certificate_retrieve_function2 * func); - -int -gnutls_certificate_set_key (gnutls_certificate_credentials_t res, - const char** names, - int names_size, - gnutls_pcert_st * pcert_list, - int pcert_list_size, - gnutls_privkey_t key); + /* This is the same as gnutls_certificate_retrieve_function() + * but retrieves a gnutls_pcert_st which requires much less processing + * within the library. + */ + typedef int gnutls_certificate_retrieve_function2(gnutls_session_t, + const + gnutls_datum_t * + req_ca_rdn, + int nreqs, const + gnutls_pk_algorithm_t + * pk_algos, + int + pk_algos_length, + gnutls_pcert_st + **, + unsigned int + *pcert_length, + gnutls_privkey_t + * privkey); + + + void gnutls_certificate_set_retrieve_function2 + (gnutls_certificate_credentials_t cred, + gnutls_certificate_retrieve_function2 * func); + + int + gnutls_certificate_set_key(gnutls_certificate_credentials_t res, + const char **names, + int names_size, + gnutls_pcert_st * pcert_list, + int pcert_list_size, + gnutls_privkey_t key); #include <gnutls/compat.h> -int gnutls_pubkey_verify_data (gnutls_pubkey_t pubkey, - unsigned int flags, - const gnutls_datum_t * data, - const gnutls_datum_t * signature) _GNUTLS_GCC_ATTR_DEPRECATED; - -int gnutls_pubkey_verify_hash (gnutls_pubkey_t key, unsigned int flags, - const gnutls_datum_t * hash, - const gnutls_datum_t * signature) _GNUTLS_GCC_ATTR_DEPRECATED; - -int -gnutls_pubkey_print (gnutls_pubkey_t pubkey, - gnutls_certificate_print_formats_t format, - gnutls_datum_t * out); + int gnutls_pubkey_verify_data(gnutls_pubkey_t pubkey, + unsigned int flags, + const gnutls_datum_t * data, + const gnutls_datum_t * + signature) + _GNUTLS_GCC_ATTR_DEPRECATED; + + int gnutls_pubkey_verify_hash(gnutls_pubkey_t key, + unsigned int flags, + const gnutls_datum_t * hash, + const gnutls_datum_t * + signature) + _GNUTLS_GCC_ATTR_DEPRECATED; + + int + gnutls_pubkey_print(gnutls_pubkey_t pubkey, + gnutls_certificate_print_formats_t format, + gnutls_datum_t * out); #ifdef __cplusplus } #endif - #endif diff --git a/lib/includes/gnutls/compat.h b/lib/includes/gnutls/compat.h index 2e829fc9f3..4a330e5bfb 100644 --- a/lib/includes/gnutls/compat.h +++ b/lib/includes/gnutls/compat.h @@ -26,8 +26,7 @@ #define _GNUTLS_COMPAT_H #ifdef __cplusplus -extern "C" -{ +extern "C" { #endif #ifdef __GNUC__ @@ -40,50 +39,84 @@ extern "C" #endif #endif -#endif /* __GNUC__ */ +#endif /* __GNUC__ */ #ifndef _GNUTLS_GCC_ATTR_DEPRECATED #define _GNUTLS_GCC_ATTR_DEPRECATED #endif /* gnutls_connection_end_t was made redundant in 2.99.0 */ -typedef unsigned int gnutls_connection_end_t _GNUTLS_GCC_ATTR_DEPRECATED; + typedef unsigned int gnutls_connection_end_t + _GNUTLS_GCC_ATTR_DEPRECATED; /* Stuff deprected in 2.x */ -typedef gnutls_cipher_algorithm_t gnutls_cipher_algorithm _GNUTLS_GCC_ATTR_DEPRECATED; -typedef gnutls_kx_algorithm_t gnutls_kx_algorithm _GNUTLS_GCC_ATTR_DEPRECATED; -typedef gnutls_mac_algorithm_t gnutls_mac_algorithm _GNUTLS_GCC_ATTR_DEPRECATED; -typedef gnutls_digest_algorithm_t gnutls_digest_algorithm _GNUTLS_GCC_ATTR_DEPRECATED; -typedef gnutls_compression_method_t gnutls_compression_method _GNUTLS_GCC_ATTR_DEPRECATED; -typedef gnutls_connection_end_t gnutls_connection_end _GNUTLS_GCC_ATTR_DEPRECATED; -typedef gnutls_x509_crt_fmt_t gnutls_x509_crt_fmt _GNUTLS_GCC_ATTR_DEPRECATED; -typedef gnutls_pk_algorithm_t gnutls_pk_algorithm _GNUTLS_GCC_ATTR_DEPRECATED; -typedef gnutls_sign_algorithm_t gnutls_sign_algorithm _GNUTLS_GCC_ATTR_DEPRECATED; -typedef gnutls_close_request_t gnutls_close_request _GNUTLS_GCC_ATTR_DEPRECATED; -typedef gnutls_certificate_request_t gnutls_certificate_request _GNUTLS_GCC_ATTR_DEPRECATED; -typedef gnutls_certificate_status_t gnutls_certificate_status _GNUTLS_GCC_ATTR_DEPRECATED; -typedef gnutls_session_t gnutls_session _GNUTLS_GCC_ATTR_DEPRECATED; -typedef gnutls_alert_level_t gnutls_alert_level _GNUTLS_GCC_ATTR_DEPRECATED; -typedef gnutls_alert_description_t gnutls_alert_description _GNUTLS_GCC_ATTR_DEPRECATED; -typedef gnutls_x509_subject_alt_name_t gnutls_x509_subject_alt_name _GNUTLS_GCC_ATTR_DEPRECATED; -typedef gnutls_openpgp_privkey_t gnutls_openpgp_privkey _GNUTLS_GCC_ATTR_DEPRECATED; -typedef gnutls_openpgp_keyring_t gnutls_openpgp_keyring _GNUTLS_GCC_ATTR_DEPRECATED; -typedef gnutls_x509_crt_t gnutls_x509_crt _GNUTLS_GCC_ATTR_DEPRECATED; -typedef gnutls_x509_privkey_t gnutls_x509_privkey _GNUTLS_GCC_ATTR_DEPRECATED; -typedef gnutls_x509_crl_t gnutls_x509_crl _GNUTLS_GCC_ATTR_DEPRECATED; -typedef gnutls_x509_crq_t gnutls_x509_crq _GNUTLS_GCC_ATTR_DEPRECATED; -typedef gnutls_certificate_credentials_t gnutls_certificate_credentials _GNUTLS_GCC_ATTR_DEPRECATED; -typedef gnutls_anon_server_credentials_t gnutls_anon_server_credentials _GNUTLS_GCC_ATTR_DEPRECATED; -typedef gnutls_anon_client_credentials_t gnutls_anon_client_credentials _GNUTLS_GCC_ATTR_DEPRECATED; -typedef gnutls_srp_client_credentials_t gnutls_srp_client_credentials _GNUTLS_GCC_ATTR_DEPRECATED; -typedef gnutls_srp_server_credentials_t gnutls_srp_server_credentials _GNUTLS_GCC_ATTR_DEPRECATED; -typedef gnutls_dh_params_t gnutls_dh_params _GNUTLS_GCC_ATTR_DEPRECATED; -typedef gnutls_rsa_params_t gnutls_rsa_params _GNUTLS_GCC_ATTR_DEPRECATED; -typedef gnutls_params_type_t gnutls_params_type _GNUTLS_GCC_ATTR_DEPRECATED; -typedef gnutls_credentials_type_t gnutls_credentials_type _GNUTLS_GCC_ATTR_DEPRECATED; -typedef gnutls_certificate_type_t gnutls_certificate_type _GNUTLS_GCC_ATTR_DEPRECATED; -typedef gnutls_datum_t gnutls_datum _GNUTLS_GCC_ATTR_DEPRECATED; -typedef gnutls_transport_ptr_t gnutls_transport_ptr _GNUTLS_GCC_ATTR_DEPRECATED; + typedef gnutls_cipher_algorithm_t gnutls_cipher_algorithm + _GNUTLS_GCC_ATTR_DEPRECATED; + typedef gnutls_kx_algorithm_t gnutls_kx_algorithm + _GNUTLS_GCC_ATTR_DEPRECATED; + typedef gnutls_mac_algorithm_t gnutls_mac_algorithm + _GNUTLS_GCC_ATTR_DEPRECATED; + typedef gnutls_digest_algorithm_t gnutls_digest_algorithm + _GNUTLS_GCC_ATTR_DEPRECATED; + typedef gnutls_compression_method_t gnutls_compression_method + _GNUTLS_GCC_ATTR_DEPRECATED; + typedef gnutls_connection_end_t gnutls_connection_end + _GNUTLS_GCC_ATTR_DEPRECATED; + typedef gnutls_x509_crt_fmt_t gnutls_x509_crt_fmt + _GNUTLS_GCC_ATTR_DEPRECATED; + typedef gnutls_pk_algorithm_t gnutls_pk_algorithm + _GNUTLS_GCC_ATTR_DEPRECATED; + typedef gnutls_sign_algorithm_t gnutls_sign_algorithm + _GNUTLS_GCC_ATTR_DEPRECATED; + typedef gnutls_close_request_t gnutls_close_request + _GNUTLS_GCC_ATTR_DEPRECATED; + typedef gnutls_certificate_request_t gnutls_certificate_request + _GNUTLS_GCC_ATTR_DEPRECATED; + typedef gnutls_certificate_status_t gnutls_certificate_status + _GNUTLS_GCC_ATTR_DEPRECATED; + typedef gnutls_session_t gnutls_session + _GNUTLS_GCC_ATTR_DEPRECATED; + typedef gnutls_alert_level_t gnutls_alert_level + _GNUTLS_GCC_ATTR_DEPRECATED; + typedef gnutls_alert_description_t gnutls_alert_description + _GNUTLS_GCC_ATTR_DEPRECATED; + typedef gnutls_x509_subject_alt_name_t gnutls_x509_subject_alt_name + _GNUTLS_GCC_ATTR_DEPRECATED; + typedef gnutls_openpgp_privkey_t gnutls_openpgp_privkey + _GNUTLS_GCC_ATTR_DEPRECATED; + typedef gnutls_openpgp_keyring_t gnutls_openpgp_keyring + _GNUTLS_GCC_ATTR_DEPRECATED; + typedef gnutls_x509_crt_t gnutls_x509_crt + _GNUTLS_GCC_ATTR_DEPRECATED; + typedef gnutls_x509_privkey_t gnutls_x509_privkey + _GNUTLS_GCC_ATTR_DEPRECATED; + typedef gnutls_x509_crl_t gnutls_x509_crl + _GNUTLS_GCC_ATTR_DEPRECATED; + typedef gnutls_x509_crq_t gnutls_x509_crq + _GNUTLS_GCC_ATTR_DEPRECATED; + typedef gnutls_certificate_credentials_t + gnutls_certificate_credentials _GNUTLS_GCC_ATTR_DEPRECATED; + typedef gnutls_anon_server_credentials_t + gnutls_anon_server_credentials _GNUTLS_GCC_ATTR_DEPRECATED; + typedef gnutls_anon_client_credentials_t + gnutls_anon_client_credentials _GNUTLS_GCC_ATTR_DEPRECATED; + typedef gnutls_srp_client_credentials_t + gnutls_srp_client_credentials _GNUTLS_GCC_ATTR_DEPRECATED; + typedef gnutls_srp_server_credentials_t + gnutls_srp_server_credentials _GNUTLS_GCC_ATTR_DEPRECATED; + typedef gnutls_dh_params_t gnutls_dh_params + _GNUTLS_GCC_ATTR_DEPRECATED; + typedef gnutls_rsa_params_t gnutls_rsa_params + _GNUTLS_GCC_ATTR_DEPRECATED; + typedef gnutls_params_type_t gnutls_params_type + _GNUTLS_GCC_ATTR_DEPRECATED; + typedef gnutls_credentials_type_t gnutls_credentials_type + _GNUTLS_GCC_ATTR_DEPRECATED; + typedef gnutls_certificate_type_t gnutls_certificate_type + _GNUTLS_GCC_ATTR_DEPRECATED; + typedef gnutls_datum_t gnutls_datum _GNUTLS_GCC_ATTR_DEPRECATED; + typedef gnutls_transport_ptr_t gnutls_transport_ptr + _GNUTLS_GCC_ATTR_DEPRECATED; /* Old SRP alerts removed in 2.1.x because the TLS-SRP RFC was modified to use the PSK alert. */ @@ -94,8 +127,10 @@ typedef gnutls_transport_ptr_t gnutls_transport_ptr _GNUTLS_GCC_ATTR_DEPRECATED; #define GNUTLS_OPENPGP_KEY GNUTLS_OPENPGP_CERT #define GNUTLS_OPENPGP_KEY_FINGERPRINT GNUTLS_OPENPGP_CERT_FINGERPRINT #define gnutls_openpgp_send_key gnutls_openpgp_send_cert -typedef gnutls_openpgp_crt_status_t gnutls_openpgp_key_status_t _GNUTLS_GCC_ATTR_DEPRECATED; -typedef gnutls_openpgp_crt_t gnutls_openpgp_key_t _GNUTLS_GCC_ATTR_DEPRECATED; + typedef gnutls_openpgp_crt_status_t gnutls_openpgp_key_status_t + _GNUTLS_GCC_ATTR_DEPRECATED; + typedef gnutls_openpgp_crt_t gnutls_openpgp_key_t + _GNUTLS_GCC_ATTR_DEPRECATED; #define gnutls_openpgp_key_init gnutls_openpgp_crt_init #define gnutls_openpgp_key_deinit gnutls_openpgp_crt_deinit #define gnutls_openpgp_key_import gnutls_openpgp_crt_import @@ -130,211 +165,239 @@ typedef gnutls_openpgp_crt_t gnutls_openpgp_key_t _GNUTLS_GCC_ATTR_DEPRECATED; /* The gnutls_retr_st was deprecated by gnutls_certificate_retrieve_function() * and gnutls_retr2_st. */ -typedef struct gnutls_retr_st -{ - gnutls_certificate_type_t type; - union - { - gnutls_x509_crt_t *x509; - gnutls_openpgp_crt_t pgp; - } cert; - unsigned int ncerts; /* one for pgp keys */ - - union - { - gnutls_x509_privkey_t x509; - gnutls_openpgp_privkey_t pgp; - } key; - - unsigned int deinit_all; /* if non zero all keys will be deinited */ -} gnutls_retr_st; - -typedef int gnutls_certificate_client_retrieve_function (gnutls_session_t, - const - gnutls_datum_t * - req_ca_rdn, - int nreqs, - const - gnutls_pk_algorithm_t - * pk_algos, - int - pk_algos_length, - gnutls_retr_st *); -typedef int gnutls_certificate_server_retrieve_function (gnutls_session_t, - gnutls_retr_st *); - -void gnutls_certificate_client_set_retrieve_function - (gnutls_certificate_credentials_t cred, - gnutls_certificate_client_retrieve_function * - func) _GNUTLS_GCC_ATTR_DEPRECATED; -void - gnutls_certificate_server_set_retrieve_function - (gnutls_certificate_credentials_t cred, - gnutls_certificate_server_retrieve_function * - func) _GNUTLS_GCC_ATTR_DEPRECATED; - - /* External signing callback. No longer supported because it - * was deprecated by the PKCS #11 API or gnutls_privkey_import_ext. */ -typedef int (*gnutls_sign_func) (gnutls_session_t session, - void *userdata, - gnutls_certificate_type_t cert_type, - const gnutls_datum_t * cert, - const gnutls_datum_t * hash, - gnutls_datum_t * signature); - -void -gnutls_sign_callback_set (gnutls_session_t session, - gnutls_sign_func sign_func, void *userdata) - _GNUTLS_GCC_ATTR_DEPRECATED; -gnutls_sign_func -gnutls_sign_callback_get (gnutls_session_t session, void **userdata) - _GNUTLS_GCC_ATTR_DEPRECATED; + typedef struct gnutls_retr_st { + gnutls_certificate_type_t type; + union { + gnutls_x509_crt_t *x509; + gnutls_openpgp_crt_t pgp; + } cert; + unsigned int ncerts; /* one for pgp keys */ + + union { + gnutls_x509_privkey_t x509; + gnutls_openpgp_privkey_t pgp; + } key; + + unsigned int deinit_all; /* if non zero all keys will be deinited */ + } gnutls_retr_st; + + typedef int + gnutls_certificate_client_retrieve_function(gnutls_session_t, + const + gnutls_datum_t * + req_ca_rdn, + int nreqs, const + gnutls_pk_algorithm_t + * pk_algos, int + pk_algos_length, + gnutls_retr_st *); + typedef int + gnutls_certificate_server_retrieve_function(gnutls_session_t, + gnutls_retr_st *); + + void gnutls_certificate_client_set_retrieve_function + (gnutls_certificate_credentials_t cred, + gnutls_certificate_client_retrieve_function * + func) _GNUTLS_GCC_ATTR_DEPRECATED; + void + gnutls_certificate_server_set_retrieve_function + (gnutls_certificate_credentials_t cred, + gnutls_certificate_server_retrieve_function * + func) _GNUTLS_GCC_ATTR_DEPRECATED; + + /* External signing callback. No longer supported because it + * was deprecated by the PKCS #11 API or gnutls_privkey_import_ext. */ + typedef int (*gnutls_sign_func) (gnutls_session_t session, + void *userdata, + gnutls_certificate_type_t + cert_type, + const gnutls_datum_t * cert, + const gnutls_datum_t * hash, + gnutls_datum_t * signature); + + void + gnutls_sign_callback_set(gnutls_session_t session, + gnutls_sign_func sign_func, + void *userdata) + _GNUTLS_GCC_ATTR_DEPRECATED; + gnutls_sign_func + gnutls_sign_callback_get(gnutls_session_t session, + void **userdata) + _GNUTLS_GCC_ATTR_DEPRECATED; /* This is a very dangerous and error-prone function. * Use gnutls_privkey_sign_hash() instead. */ - int gnutls_x509_privkey_sign_hash (gnutls_x509_privkey_t key, - const gnutls_datum_t * hash, - gnutls_datum_t * signature) - _GNUTLS_GCC_ATTR_DEPRECATED; + int gnutls_x509_privkey_sign_hash(gnutls_x509_privkey_t key, + const gnutls_datum_t * hash, + gnutls_datum_t * signature) + _GNUTLS_GCC_ATTR_DEPRECATED; - int gnutls_openpgp_privkey_sign_hash (gnutls_openpgp_privkey_t key, - const gnutls_datum_t * hash, - gnutls_datum_t * signature) - _GNUTLS_GCC_ATTR_DEPRECATED; + int gnutls_openpgp_privkey_sign_hash(gnutls_openpgp_privkey_t key, + const gnutls_datum_t * hash, + gnutls_datum_t * signature) + _GNUTLS_GCC_ATTR_DEPRECATED; /* we support the gnutls_privkey_sign_data() instead. */ - int gnutls_x509_privkey_sign_data (gnutls_x509_privkey_t key, - gnutls_digest_algorithm_t digest, - unsigned int flags, - const gnutls_datum_t * data, - void *signature, - size_t * signature_size) - _GNUTLS_GCC_ATTR_DEPRECATED; - - /* gnutls_pubkey_verify_data() */ - int gnutls_x509_crt_verify_data (gnutls_x509_crt_t crt, - unsigned int flags, - const gnutls_datum_t * data, - const gnutls_datum_t * signature) - _GNUTLS_GCC_ATTR_DEPRECATED; - - - /* gnutls_pubkey_verify_hash() */ - int gnutls_x509_crt_verify_hash (gnutls_x509_crt_t crt, - unsigned int flags, - const gnutls_datum_t * hash, - const gnutls_datum_t * signature) - _GNUTLS_GCC_ATTR_DEPRECATED; - - /* gnutls_pubkey_get_verify_algorithm() */ - int gnutls_x509_crt_get_verify_algorithm (gnutls_x509_crt_t crt, - const gnutls_datum_t * signature, - gnutls_digest_algorithm_t * hash) - _GNUTLS_GCC_ATTR_DEPRECATED; - - /* gnutls_pubkey_get_preferred_hash_algorithm() */ - int gnutls_x509_crt_get_preferred_hash_algorithm (gnutls_x509_crt_t crt, - gnutls_digest_algorithm_t - * hash, - unsigned int *mand) - _GNUTLS_GCC_ATTR_DEPRECATED; - - /* gnutls_x509_crq_privkey_sign() */ - int gnutls_x509_crq_sign (gnutls_x509_crq_t crq, gnutls_x509_privkey_t key) - _GNUTLS_GCC_ATTR_DEPRECATED; - - - - /* gnutls_x509_crl_privkey_sign */ - int gnutls_x509_crl_sign (gnutls_x509_crl_t crl, - gnutls_x509_crt_t issuer, - gnutls_x509_privkey_t issuer_key) - _GNUTLS_GCC_ATTR_DEPRECATED; - - /* functions to set priority of cipher suites - */ - int gnutls_cipher_set_priority (gnutls_session_t session, const int *list) - _GNUTLS_GCC_ATTR_DEPRECATED; - int gnutls_mac_set_priority (gnutls_session_t session, const int *list) - _GNUTLS_GCC_ATTR_DEPRECATED; - int gnutls_compression_set_priority (gnutls_session_t session, - const int *list) - _GNUTLS_GCC_ATTR_DEPRECATED; - int gnutls_kx_set_priority (gnutls_session_t session, const int *list) - _GNUTLS_GCC_ATTR_DEPRECATED; - int gnutls_protocol_set_priority (gnutls_session_t session, - const int *list) - _GNUTLS_GCC_ATTR_DEPRECATED; - int gnutls_certificate_type_set_priority (gnutls_session_t session, - const int *list) - _GNUTLS_GCC_ATTR_DEPRECATED; + int gnutls_x509_privkey_sign_data(gnutls_x509_privkey_t key, + gnutls_digest_algorithm_t digest, + unsigned int flags, + const gnutls_datum_t * data, + void *signature, + size_t * signature_size) + _GNUTLS_GCC_ATTR_DEPRECATED; + + /* gnutls_pubkey_verify_data() */ + int gnutls_x509_crt_verify_data(gnutls_x509_crt_t crt, + unsigned int flags, + const gnutls_datum_t * data, + const gnutls_datum_t * signature) + _GNUTLS_GCC_ATTR_DEPRECATED; + + + /* gnutls_pubkey_verify_hash() */ + int gnutls_x509_crt_verify_hash(gnutls_x509_crt_t crt, + unsigned int flags, + const gnutls_datum_t * hash, + const gnutls_datum_t * signature) + _GNUTLS_GCC_ATTR_DEPRECATED; + + /* gnutls_pubkey_get_verify_algorithm() */ + int gnutls_x509_crt_get_verify_algorithm(gnutls_x509_crt_t crt, + const gnutls_datum_t * + signature, + gnutls_digest_algorithm_t + * hash) + _GNUTLS_GCC_ATTR_DEPRECATED; + + /* gnutls_pubkey_get_preferred_hash_algorithm() */ + int gnutls_x509_crt_get_preferred_hash_algorithm(gnutls_x509_crt_t + crt, + gnutls_digest_algorithm_t + * hash, + unsigned int + *mand) + _GNUTLS_GCC_ATTR_DEPRECATED; + + /* gnutls_x509_crq_privkey_sign() */ + int gnutls_x509_crq_sign(gnutls_x509_crq_t crq, + gnutls_x509_privkey_t key) + _GNUTLS_GCC_ATTR_DEPRECATED; + + + + /* gnutls_x509_crl_privkey_sign */ + int gnutls_x509_crl_sign(gnutls_x509_crl_t crl, + gnutls_x509_crt_t issuer, + gnutls_x509_privkey_t issuer_key) + _GNUTLS_GCC_ATTR_DEPRECATED; + + /* functions to set priority of cipher suites + */ + int gnutls_cipher_set_priority(gnutls_session_t session, + const int *list) + _GNUTLS_GCC_ATTR_DEPRECATED; + int gnutls_mac_set_priority(gnutls_session_t session, + const int *list) + _GNUTLS_GCC_ATTR_DEPRECATED; + int gnutls_compression_set_priority(gnutls_session_t session, + const int *list) + _GNUTLS_GCC_ATTR_DEPRECATED; + int gnutls_kx_set_priority(gnutls_session_t session, + const int *list) + _GNUTLS_GCC_ATTR_DEPRECATED; + int gnutls_protocol_set_priority(gnutls_session_t session, + const int *list) + _GNUTLS_GCC_ATTR_DEPRECATED; + int gnutls_certificate_type_set_priority(gnutls_session_t session, + const int *list) + _GNUTLS_GCC_ATTR_DEPRECATED; /* RSA params */ - int gnutls_rsa_params_init (gnutls_rsa_params_t * rsa_params) _GNUTLS_GCC_ATTR_DEPRECATED; - void gnutls_rsa_params_deinit (gnutls_rsa_params_t rsa_params) _GNUTLS_GCC_ATTR_DEPRECATED; - int gnutls_rsa_params_cpy (gnutls_rsa_params_t dst, - gnutls_rsa_params_t src) _GNUTLS_GCC_ATTR_DEPRECATED; - int gnutls_rsa_params_import_raw (gnutls_rsa_params_t rsa_params, - const gnutls_datum_t * m, - const gnutls_datum_t * e, - const gnutls_datum_t * d, - const gnutls_datum_t * p, - const gnutls_datum_t * q, - const gnutls_datum_t * u); - int gnutls_rsa_params_generate2 (gnutls_rsa_params_t params, - unsigned int bits) _GNUTLS_GCC_ATTR_DEPRECATED; - int gnutls_rsa_params_export_raw (gnutls_rsa_params_t rsa, - gnutls_datum_t * m, gnutls_datum_t * e, - gnutls_datum_t * d, gnutls_datum_t * p, - gnutls_datum_t * q, gnutls_datum_t * u, - unsigned int *bits) _GNUTLS_GCC_ATTR_DEPRECATED; - int gnutls_rsa_params_export_pkcs1 (gnutls_rsa_params_t params, - gnutls_x509_crt_fmt_t format, - unsigned char *params_data, - size_t * params_data_size) _GNUTLS_GCC_ATTR_DEPRECATED; - int gnutls_rsa_params_import_pkcs1 (gnutls_rsa_params_t params, - const gnutls_datum_t * pkcs1_params, - gnutls_x509_crt_fmt_t format) _GNUTLS_GCC_ATTR_DEPRECATED; - - int gnutls_rsa_export_get_pubkey (gnutls_session_t session, - gnutls_datum_t * exponent, - gnutls_datum_t * modulus) _GNUTLS_GCC_ATTR_DEPRECATED; - int gnutls_rsa_export_get_modulus_bits (gnutls_session_t session) _GNUTLS_GCC_ATTR_DEPRECATED; - int gnutls_set_default_export_priority (gnutls_session_t session) _GNUTLS_GCC_ATTR_DEPRECATED; - - void - gnutls_certificate_set_rsa_export_params (gnutls_certificate_credentials_t - res, - gnutls_rsa_params_t rsa_params) _GNUTLS_GCC_ATTR_DEPRECATED; - - /* use gnutls_privkey_sign_hash() with the GNUTLS_PRIVKEY_SIGN_FLAG_TLS1_RSA flag */ - int gnutls_privkey_sign_raw_data (gnutls_privkey_t key, - unsigned flags, - const gnutls_datum_t * data, - gnutls_datum_t * signature) _GNUTLS_GCC_ATTR_DEPRECATED; + int gnutls_rsa_params_init(gnutls_rsa_params_t * + rsa_params) _GNUTLS_GCC_ATTR_DEPRECATED; + void gnutls_rsa_params_deinit(gnutls_rsa_params_t rsa_params) + _GNUTLS_GCC_ATTR_DEPRECATED; + int gnutls_rsa_params_cpy(gnutls_rsa_params_t dst, + gnutls_rsa_params_t src) + _GNUTLS_GCC_ATTR_DEPRECATED; + int gnutls_rsa_params_import_raw(gnutls_rsa_params_t rsa_params, + const gnutls_datum_t * m, + const gnutls_datum_t * e, + const gnutls_datum_t * d, + const gnutls_datum_t * p, + const gnutls_datum_t * q, + const gnutls_datum_t * u); + int gnutls_rsa_params_generate2(gnutls_rsa_params_t params, + unsigned int bits) + _GNUTLS_GCC_ATTR_DEPRECATED; + int gnutls_rsa_params_export_raw(gnutls_rsa_params_t rsa, + gnutls_datum_t * m, + gnutls_datum_t * e, + gnutls_datum_t * d, + gnutls_datum_t * p, + gnutls_datum_t * q, + gnutls_datum_t * u, + unsigned int *bits) + _GNUTLS_GCC_ATTR_DEPRECATED; + int gnutls_rsa_params_export_pkcs1(gnutls_rsa_params_t params, + gnutls_x509_crt_fmt_t format, + unsigned char *params_data, + size_t * + params_data_size) + _GNUTLS_GCC_ATTR_DEPRECATED; + int gnutls_rsa_params_import_pkcs1(gnutls_rsa_params_t params, + const gnutls_datum_t * + pkcs1_params, + gnutls_x509_crt_fmt_t format) + _GNUTLS_GCC_ATTR_DEPRECATED; + + int gnutls_rsa_export_get_pubkey(gnutls_session_t session, + gnutls_datum_t * exponent, + gnutls_datum_t * + modulus) + _GNUTLS_GCC_ATTR_DEPRECATED; + int gnutls_rsa_export_get_modulus_bits(gnutls_session_t session) + _GNUTLS_GCC_ATTR_DEPRECATED; + int gnutls_set_default_export_priority(gnutls_session_t session) + _GNUTLS_GCC_ATTR_DEPRECATED; + + void + gnutls_certificate_set_rsa_export_params + (gnutls_certificate_credentials_t res, + gnutls_rsa_params_t rsa_params) _GNUTLS_GCC_ATTR_DEPRECATED; + + /* use gnutls_privkey_sign_hash() with the GNUTLS_PRIVKEY_SIGN_FLAG_TLS1_RSA flag */ + int gnutls_privkey_sign_raw_data(gnutls_privkey_t key, + unsigned flags, + const gnutls_datum_t * data, + gnutls_datum_t * + signature) + _GNUTLS_GCC_ATTR_DEPRECATED; #ifdef _ISOC99_SOURCE /* we provide older functions for compatibility as inline functions that * depend on gnutls_session_get_random. */ - -static inline const void *gnutls_session_get_server_random (gnutls_session_t session) _GNUTLS_GCC_ATTR_DEPRECATED; -static inline const void *gnutls_session_get_server_random (gnutls_session_t session) -{ - gnutls_datum_t rnd; - gnutls_session_get_random(session, NULL, &rnd);/*doc-skip*/ - return rnd.data; -} -static inline const void *gnutls_session_get_client_random (gnutls_session_t session) _GNUTLS_GCC_ATTR_DEPRECATED; -static inline const void *gnutls_session_get_client_random (gnutls_session_t session) -{ - gnutls_datum_t rnd; - gnutls_session_get_random(session, &rnd, NULL);/*doc-skip*/ - return rnd.data; -} + static inline const void + *gnutls_session_get_server_random(gnutls_session_t session) + _GNUTLS_GCC_ATTR_DEPRECATED; + static inline const void + *gnutls_session_get_server_random(gnutls_session_t session) { + gnutls_datum_t rnd; + gnutls_session_get_random(session, NULL, &rnd); /*doc-skip */ + return rnd.data; + } static inline const void + *gnutls_session_get_client_random(gnutls_session_t session) + _GNUTLS_GCC_ATTR_DEPRECATED; + static inline const void + *gnutls_session_get_client_random(gnutls_session_t session) { + gnutls_datum_t rnd; + gnutls_session_get_random(session, &rnd, NULL); /*doc-skip */ + return rnd.data; + } #endif @@ -342,4 +405,4 @@ static inline const void *gnutls_session_get_client_random (gnutls_session_t ses } #endif -#endif /* _GNUTLS_COMPAT_H */ +#endif /* _GNUTLS_COMPAT_H */ diff --git a/lib/includes/gnutls/crypto.h b/lib/includes/gnutls/crypto.h index 44d77f9339..6ab571472d 100644 --- a/lib/includes/gnutls/crypto.h +++ b/lib/includes/gnutls/crypto.h @@ -24,61 +24,71 @@ #define GNUTLS_CRYPTO_H #ifdef __cplusplus -extern "C" -{ +extern "C" { #endif - typedef struct api_cipher_hd_st *gnutls_cipher_hd_t; - - int gnutls_cipher_init (gnutls_cipher_hd_t * handle, - gnutls_cipher_algorithm_t cipher, - const gnutls_datum_t * key, - const gnutls_datum_t * iv); - int gnutls_cipher_encrypt (const gnutls_cipher_hd_t handle, - void *text, size_t textlen); - int gnutls_cipher_decrypt (const gnutls_cipher_hd_t handle, - void *ciphertext, size_t ciphertextlen); - int gnutls_cipher_decrypt2 (gnutls_cipher_hd_t handle, - const void *ciphertext, size_t ciphertextlen, - void *text, size_t textlen); - int gnutls_cipher_encrypt2 (gnutls_cipher_hd_t handle, const void *text, - size_t textlen, void *ciphertext, - size_t ciphertextlen); - - void gnutls_cipher_set_iv (gnutls_cipher_hd_t handle, void *iv, size_t ivlen); - - int gnutls_cipher_tag( gnutls_cipher_hd_t handle, void* tag, size_t tag_size); - int gnutls_cipher_add_auth( gnutls_cipher_hd_t handle, const void* text, size_t text_size); - - void gnutls_cipher_deinit (gnutls_cipher_hd_t handle); - int gnutls_cipher_get_block_size (gnutls_cipher_algorithm_t algorithm); - int gnutls_cipher_get_iv_size (gnutls_cipher_algorithm_t algorithm); - int gnutls_cipher_get_tag_size (gnutls_cipher_algorithm_t algorithm); - - typedef struct hash_hd_st *gnutls_hash_hd_t; - typedef struct hmac_hd_st *gnutls_hmac_hd_t; - - size_t gnutls_mac_get_nonce_size (gnutls_mac_algorithm_t algorithm); - int gnutls_hmac_init (gnutls_hmac_hd_t * dig, - gnutls_mac_algorithm_t algorithm, const void *key, - size_t keylen); - void gnutls_hmac_set_nonce (gnutls_hmac_hd_t handle, const void *nonce, size_t nonce_len); - int gnutls_hmac (gnutls_hmac_hd_t handle, const void *text, size_t textlen); - void gnutls_hmac_output (gnutls_hmac_hd_t handle, void *digest); - void gnutls_hmac_deinit (gnutls_hmac_hd_t handle, void *digest); - int gnutls_hmac_get_len (gnutls_mac_algorithm_t algorithm); - int gnutls_hmac_fast (gnutls_mac_algorithm_t algorithm, const void *key, - size_t keylen, const void *text, size_t textlen, - void *digest); - - int gnutls_hash_init (gnutls_hash_hd_t * dig, - gnutls_digest_algorithm_t algorithm); - int gnutls_hash (gnutls_hash_hd_t handle, const void *text, size_t textlen); - void gnutls_hash_output (gnutls_hash_hd_t handle, void *digest); - void gnutls_hash_deinit (gnutls_hash_hd_t handle, void *digest); - int gnutls_hash_get_len (gnutls_digest_algorithm_t algorithm); - int gnutls_hash_fast (gnutls_digest_algorithm_t algorithm, - const void *text, size_t textlen, void *digest); + typedef struct api_cipher_hd_st *gnutls_cipher_hd_t; + + int gnutls_cipher_init(gnutls_cipher_hd_t * handle, + gnutls_cipher_algorithm_t cipher, + const gnutls_datum_t * key, + const gnutls_datum_t * iv); + int gnutls_cipher_encrypt(const gnutls_cipher_hd_t handle, + void *text, size_t textlen); + int gnutls_cipher_decrypt(const gnutls_cipher_hd_t handle, + void *ciphertext, size_t ciphertextlen); + int gnutls_cipher_decrypt2(gnutls_cipher_hd_t handle, + const void *ciphertext, + size_t ciphertextlen, void *text, + size_t textlen); + int gnutls_cipher_encrypt2(gnutls_cipher_hd_t handle, + const void *text, size_t textlen, + void *ciphertext, size_t ciphertextlen); + + void gnutls_cipher_set_iv(gnutls_cipher_hd_t handle, void *iv, + size_t ivlen); + + int gnutls_cipher_tag(gnutls_cipher_hd_t handle, void *tag, + size_t tag_size); + int gnutls_cipher_add_auth(gnutls_cipher_hd_t handle, + const void *text, size_t text_size); + + void gnutls_cipher_deinit(gnutls_cipher_hd_t handle); + int gnutls_cipher_get_block_size(gnutls_cipher_algorithm_t + algorithm); + int gnutls_cipher_get_iv_size(gnutls_cipher_algorithm_t algorithm); + int gnutls_cipher_get_tag_size(gnutls_cipher_algorithm_t + algorithm); + + typedef struct hash_hd_st *gnutls_hash_hd_t; + typedef struct hmac_hd_st *gnutls_hmac_hd_t; + + size_t gnutls_mac_get_nonce_size(gnutls_mac_algorithm_t algorithm); + int gnutls_hmac_init(gnutls_hmac_hd_t * dig, + gnutls_mac_algorithm_t algorithm, + const void *key, size_t keylen); + void gnutls_hmac_set_nonce(gnutls_hmac_hd_t handle, + const void *nonce, size_t nonce_len); + int gnutls_hmac(gnutls_hmac_hd_t handle, const void *text, + size_t textlen); + void gnutls_hmac_output(gnutls_hmac_hd_t handle, void *digest); + void gnutls_hmac_deinit(gnutls_hmac_hd_t handle, void *digest); + int gnutls_hmac_get_len(gnutls_mac_algorithm_t algorithm); + int gnutls_hmac_fast(gnutls_mac_algorithm_t algorithm, + const void *key, size_t keylen, + const void *text, size_t textlen, + void *digest); + + int gnutls_hash_init(gnutls_hash_hd_t * dig, + gnutls_digest_algorithm_t algorithm); + int gnutls_hash(gnutls_hash_hd_t handle, const void *text, + size_t textlen); + void gnutls_hash_output(gnutls_hash_hd_t handle, void *digest); + void gnutls_hash_deinit(gnutls_hash_hd_t handle, void *digest); + int gnutls_hash_get_len(gnutls_digest_algorithm_t algorithm); + int gnutls_hash_fast(gnutls_digest_algorithm_t algorithm, + const void *text, size_t textlen, + void *digest); /* register ciphers */ @@ -93,19 +103,17 @@ extern "C" * * Enumeration of random quality levels. */ - typedef enum gnutls_rnd_level - { - GNUTLS_RND_NONCE = 0, - GNUTLS_RND_RANDOM = 1, - GNUTLS_RND_KEY = 2 - } gnutls_rnd_level_t; + typedef enum gnutls_rnd_level { + GNUTLS_RND_NONCE = 0, + GNUTLS_RND_RANDOM = 1, + GNUTLS_RND_KEY = 2 + } gnutls_rnd_level_t; - int gnutls_rnd (gnutls_rnd_level_t level, void *data, size_t len); + int gnutls_rnd(gnutls_rnd_level_t level, void *data, size_t len); - void gnutls_rnd_refresh (void); + void gnutls_rnd_refresh(void); #ifdef __cplusplus } #endif - #endif diff --git a/lib/includes/gnutls/dtls.h b/lib/includes/gnutls/dtls.h index ec5782ab86..c773a664dd 100644 --- a/lib/includes/gnutls/dtls.h +++ b/lib/includes/gnutls/dtls.h @@ -30,23 +30,24 @@ #include <gnutls/gnutls.h> #ifdef __cplusplus -extern "C" -{ +extern "C" { #endif #define GNUTLS_COOKIE_KEY_SIZE 16 -void gnutls_dtls_set_timeouts (gnutls_session_t session, - unsigned int retrans_timeout, - unsigned int total_timeout); + void gnutls_dtls_set_timeouts(gnutls_session_t session, + unsigned int retrans_timeout, + unsigned int total_timeout); -unsigned int gnutls_dtls_get_mtu (gnutls_session_t session); -unsigned int gnutls_dtls_get_data_mtu (gnutls_session_t session); + unsigned int gnutls_dtls_get_mtu(gnutls_session_t session); + unsigned int gnutls_dtls_get_data_mtu(gnutls_session_t session); -void gnutls_dtls_set_mtu (gnutls_session_t session, unsigned int mtu); -int gnutls_dtls_set_data_mtu (gnutls_session_t session, unsigned int mtu); + void gnutls_dtls_set_mtu(gnutls_session_t session, + unsigned int mtu); + int gnutls_dtls_set_data_mtu(gnutls_session_t session, + unsigned int mtu); -unsigned int gnutls_dtls_get_timeout (gnutls_session_t session); + unsigned int gnutls_dtls_get_timeout(gnutls_session_t session); /** * gnutls_dtls_prestate_st: @@ -59,31 +60,31 @@ unsigned int gnutls_dtls_get_timeout (gnutls_session_t session); * gnutls_dtls_cookie_send(), gnutls_dtls_cookie_verify() and * gnutls_dtls_prestate_set(). */ - typedef struct - { - unsigned int record_seq; - unsigned int hsk_read_seq; - unsigned int hsk_write_seq; - } gnutls_dtls_prestate_st; + typedef struct { + unsigned int record_seq; + unsigned int hsk_read_seq; + unsigned int hsk_write_seq; + } gnutls_dtls_prestate_st; - int gnutls_dtls_cookie_send (gnutls_datum_t* key, - void* client_data, size_t client_data_size, - gnutls_dtls_prestate_st* prestate, - gnutls_transport_ptr_t ptr, - gnutls_push_func push_func); + int gnutls_dtls_cookie_send(gnutls_datum_t * key, + void *client_data, + size_t client_data_size, + gnutls_dtls_prestate_st * prestate, + gnutls_transport_ptr_t ptr, + gnutls_push_func push_func); - int gnutls_dtls_cookie_verify (gnutls_datum_t* key, - void* client_data, size_t client_data_size, - void* _msg, size_t msg_size, - gnutls_dtls_prestate_st* prestate); + int gnutls_dtls_cookie_verify(gnutls_datum_t * key, + void *client_data, + size_t client_data_size, void *_msg, + size_t msg_size, + gnutls_dtls_prestate_st * prestate); - void gnutls_dtls_prestate_set (gnutls_session_t session, - gnutls_dtls_prestate_st* prestate); + void gnutls_dtls_prestate_set(gnutls_session_t session, + gnutls_dtls_prestate_st * prestate); + + unsigned int gnutls_record_get_discarded(gnutls_session_t session); - unsigned int gnutls_record_get_discarded (gnutls_session_t session); - #ifdef __cplusplus } #endif - -#endif /* GNUTLS_DTLS_H */ +#endif /* GNUTLS_DTLS_H */ diff --git a/lib/includes/gnutls/gnutlsxx.h b/lib/includes/gnutls/gnutlsxx.h index 2603b7dac6..1ed83fbd44 100644 --- a/lib/includes/gnutls/gnutlsxx.h +++ b/lib/includes/gnutls/gnutlsxx.h @@ -27,400 +27,400 @@ #include <vector> #include <gnutls/gnutls.h> -namespace gnutls -{ - - class noncopyable - { - protected: - noncopyable () - { - } - ~noncopyable () - { - } - - private: - // These are non-implemented. - noncopyable (const noncopyable &); - noncopyable & operator= (const noncopyable &); - }; - - - class exception:public std::exception - { - public: - exception (int x); - const char *what () const throw (); - int get_code (); - protected: - int retcode; - }; - - - class dh_params:private noncopyable - { - public: - dh_params (); - ~dh_params (); - void import_raw (const gnutls_datum_t & prime, - const gnutls_datum_t & generator); - void import_pkcs3 (const gnutls_datum_t & pkcs3_params, - gnutls_x509_crt_fmt_t format); - void generate (unsigned int bits); - - void export_pkcs3 (gnutls_x509_crt_fmt_t format, - unsigned char *params_data, size_t * params_data_size); - void export_raw (gnutls_datum_t & prime, gnutls_datum_t & generator); - - gnutls_dh_params_t get_params_t () const; - dh_params & operator= (const dh_params & src); - protected: - gnutls_dh_params_t params; - }; - - - class rsa_params:private noncopyable - { - public: - rsa_params (); - ~rsa_params (); - void import_raw (const gnutls_datum_t & m, - const gnutls_datum_t & e, - const gnutls_datum_t & d, - const gnutls_datum_t & p, - const gnutls_datum_t & q, const gnutls_datum_t & u); - void import_pkcs1 (const gnutls_datum_t & pkcs1_params, - gnutls_x509_crt_fmt_t format); - void generate (unsigned int bits); - - void export_pkcs1 (gnutls_x509_crt_fmt_t format, - unsigned char *params_data, size_t * params_data_size); - void export_raw (gnutls_datum_t & m, gnutls_datum_t & e, - gnutls_datum_t & d, gnutls_datum_t & p, - gnutls_datum_t & q, gnutls_datum_t & u); - gnutls_rsa_params_t get_params_t () const; - rsa_params & operator= (const rsa_params & src); - - protected: - gnutls_rsa_params_t params; - }; - - class session:private noncopyable - { - protected: - gnutls_session_t s; - public: - session (unsigned int); - virtual ~ session (); - - int bye (gnutls_close_request_t how); - int handshake (); - - gnutls_alert_description_t get_alert () const; - - int send_alert (gnutls_alert_level_t level, - gnutls_alert_description_t desc); - int send_appropriate_alert (int err); - - gnutls_cipher_algorithm_t get_cipher () const; - gnutls_kx_algorithm_t get_kx () const; - gnutls_mac_algorithm_t get_mac () const; - gnutls_compression_method_t get_compression () const; - gnutls_certificate_type_t get_certificate_type () const; - - // for the handshake - void set_private_extensions (bool allow); - - gnutls_handshake_description_t get_handshake_last_out () const; - gnutls_handshake_description_t get_handshake_last_in () const; - - ssize_t send (const void *data, size_t sizeofdata); - ssize_t recv (void *data, size_t sizeofdata); - - bool get_record_direction () const; - - // maximum packet size - size_t get_max_size () const; - void set_max_size (size_t size); - - size_t check_pending () const; - - void prf (size_t label_size, const char *label, - int server_random_first, - size_t extra_size, const char *extra, - size_t outsize, char *out); - - void prf_raw (size_t label_size, const char *label, - size_t seed_size, const char *seed, - size_t outsize, char *out); - - /* if you just want some defaults, use the following. - */ - void set_priority (const char *prio, const char **err_pos); - void set_priority (gnutls_priority_t p); - - gnutls_protocol_t get_protocol_version () const; - - // for resuming sessions - void set_data (const void *session_data, size_t session_data_size); - void get_data (void *session_data, size_t * session_data_size) const; - void get_data (gnutls_session_t session, gnutls_datum_t & data) const; - void get_id (void *session_id, size_t * session_id_size) const; - - bool is_resumed () const; - - void set_max_handshake_packet_length (size_t max); - - void clear_credentials (); - void set_credentials (class credentials & cred); - - void set_transport_ptr (gnutls_transport_ptr_t ptr); - void set_transport_ptr (gnutls_transport_ptr_t recv_ptr, - gnutls_transport_ptr_t send_ptr); - gnutls_transport_ptr_t get_transport_ptr () const; - void get_transport_ptr (gnutls_transport_ptr_t & recv_ptr, - gnutls_transport_ptr_t & send_ptr) const; - - void set_transport_lowat (size_t num); - void set_transport_push_function (gnutls_push_func push_func); - void set_transport_vec_push_function (gnutls_vec_push_func vec_push_func); - void set_transport_pull_function (gnutls_pull_func pull_func); - - void set_user_ptr (void *ptr); - void *get_user_ptr () const; - - void send_openpgp_cert (gnutls_openpgp_crt_status_t status); - - gnutls_credentials_type_t get_auth_type () const; - gnutls_credentials_type_t get_server_auth_type () const; - gnutls_credentials_type_t get_client_auth_type () const; - - // informational stuff - void set_dh_prime_bits (unsigned int bits); - unsigned int get_dh_secret_bits () const; - unsigned int get_dh_peers_public_bits () const; - unsigned int get_dh_prime_bits () const; - void get_dh_group (gnutls_datum_t & gen, gnutls_datum_t & prime) const; - void get_dh_pubkey (gnutls_datum_t & raw_key) const; - void get_rsa_export_pubkey (gnutls_datum_t & exponent, - gnutls_datum_t & modulus) const; - unsigned int get_rsa_export_modulus_bits () const; - - void get_our_certificate (gnutls_datum_t & cert) const; - bool get_peers_certificate (std::vector < gnutls_datum_t > - &out_certs) const; - bool get_peers_certificate (const gnutls_datum_t ** certs, - unsigned int *certs_size) const; - - time_t get_peers_certificate_activation_time () const; - time_t get_peers_certificate_expiration_time () const; - void verify_peers_certificate (unsigned int &status) const; - - }; +namespace gnutls { + + class noncopyable { + protected: + noncopyable() { + } ~noncopyable() { + } private: + // These are non-implemented. + noncopyable(const noncopyable &); + noncopyable & operator=(const noncopyable &); + }; + + + class exception:public std::exception { + public: + exception(int x); + const char *what() const throw(); + int get_code(); + protected: + int retcode; + }; + + + class dh_params:private noncopyable { + public: + dh_params(); + ~dh_params(); + void import_raw(const gnutls_datum_t & prime, + const gnutls_datum_t & generator); + void import_pkcs3(const gnutls_datum_t & pkcs3_params, + gnutls_x509_crt_fmt_t format); + void generate(unsigned int bits); + + void export_pkcs3(gnutls_x509_crt_fmt_t format, + unsigned char *params_data, + size_t * params_data_size); + void export_raw(gnutls_datum_t & prime, + gnutls_datum_t & generator); + + gnutls_dh_params_t get_params_t() const; + dh_params & operator=(const dh_params & src); + protected: + gnutls_dh_params_t params; + }; + + + class rsa_params:private noncopyable { + public: + rsa_params(); + ~rsa_params(); + void import_raw(const gnutls_datum_t & m, + const gnutls_datum_t & e, + const gnutls_datum_t & d, + const gnutls_datum_t & p, + const gnutls_datum_t & q, + const gnutls_datum_t & u); + void import_pkcs1(const gnutls_datum_t & pkcs1_params, + gnutls_x509_crt_fmt_t format); + void generate(unsigned int bits); + + void export_pkcs1(gnutls_x509_crt_fmt_t format, + unsigned char *params_data, + size_t * params_data_size); + void export_raw(gnutls_datum_t & m, gnutls_datum_t & e, + gnutls_datum_t & d, gnutls_datum_t & p, + gnutls_datum_t & q, gnutls_datum_t & u); + gnutls_rsa_params_t get_params_t() const; + rsa_params & operator=(const rsa_params & src); + + protected: + gnutls_rsa_params_t params; + }; + + class session:private noncopyable { + protected: + gnutls_session_t s; + public: + session(unsigned int); + virtual ~ session(); + + int bye(gnutls_close_request_t how); + int handshake(); + + gnutls_alert_description_t get_alert() const; + + int send_alert(gnutls_alert_level_t level, + gnutls_alert_description_t desc); + int send_appropriate_alert(int err); + + gnutls_cipher_algorithm_t get_cipher() const; + gnutls_kx_algorithm_t get_kx() const; + gnutls_mac_algorithm_t get_mac() const; + gnutls_compression_method_t get_compression() const; + gnutls_certificate_type_t get_certificate_type() const; + + // for the handshake + void set_private_extensions(bool allow); + + gnutls_handshake_description_t get_handshake_last_out() + const; + gnutls_handshake_description_t get_handshake_last_in() + const; + + ssize_t send(const void *data, size_t sizeofdata); + ssize_t recv(void *data, size_t sizeofdata); + + bool get_record_direction() const; + + // maximum packet size + size_t get_max_size() const; + void set_max_size(size_t size); + + size_t check_pending() const; + + void prf(size_t label_size, const char *label, + int server_random_first, + size_t extra_size, const char *extra, + size_t outsize, char *out); + + void prf_raw(size_t label_size, const char *label, + size_t seed_size, const char *seed, + size_t outsize, char *out); + + /* if you just want some defaults, use the following. + */ + void set_priority(const char *prio, const char **err_pos); + void set_priority(gnutls_priority_t p); + + gnutls_protocol_t get_protocol_version() const; + + // for resuming sessions + void set_data(const void *session_data, + size_t session_data_size); + void get_data(void *session_data, + size_t * session_data_size) const; + void get_data(gnutls_session_t session, + gnutls_datum_t & data) const; + void get_id(void *session_id, + size_t * session_id_size) const; + + bool is_resumed() const; + + void set_max_handshake_packet_length(size_t max); + + void clear_credentials(); + void set_credentials(class credentials & cred); + + void set_transport_ptr(gnutls_transport_ptr_t ptr); + void set_transport_ptr(gnutls_transport_ptr_t recv_ptr, + gnutls_transport_ptr_t send_ptr); + gnutls_transport_ptr_t get_transport_ptr() const; + void get_transport_ptr(gnutls_transport_ptr_t & recv_ptr, + gnutls_transport_ptr_t & send_ptr) + const; + + void set_transport_lowat(size_t num); + void set_transport_push_function(gnutls_push_func + push_func); + void set_transport_vec_push_function(gnutls_vec_push_func + vec_push_func); + void set_transport_pull_function(gnutls_pull_func + pull_func); + + void set_user_ptr(void *ptr); + void *get_user_ptr() const; + + void send_openpgp_cert(gnutls_openpgp_crt_status_t status); + + gnutls_credentials_type_t get_auth_type() const; + gnutls_credentials_type_t get_server_auth_type() const; + gnutls_credentials_type_t get_client_auth_type() const; + + // informational stuff + void set_dh_prime_bits(unsigned int bits); + unsigned int get_dh_secret_bits() const; + unsigned int get_dh_peers_public_bits() const; + unsigned int get_dh_prime_bits() const; + void get_dh_group(gnutls_datum_t & gen, + gnutls_datum_t & prime) const; + void get_dh_pubkey(gnutls_datum_t & raw_key) const; + void get_rsa_export_pubkey(gnutls_datum_t & exponent, + gnutls_datum_t & modulus) const; + unsigned int get_rsa_export_modulus_bits() const; + + void get_our_certificate(gnutls_datum_t & cert) const; + bool get_peers_certificate(std::vector < gnutls_datum_t > + &out_certs) const; + bool get_peers_certificate(const gnutls_datum_t ** certs, + unsigned int *certs_size) const; + + time_t get_peers_certificate_activation_time() const; + time_t get_peers_certificate_expiration_time() const; + void verify_peers_certificate(unsigned int &status) const; + + }; // interface for databases - class DB:private noncopyable - { - public: - virtual ~ DB () = 0; - virtual bool store (const gnutls_datum_t & key, - const gnutls_datum_t & data) = 0; - virtual bool retrieve (const gnutls_datum_t & key, - gnutls_datum_t & data) = 0; - virtual bool remove (const gnutls_datum_t & key) = 0; - }; - - class server_session:public session - { - public: - server_session (); - ~server_session (); - void db_remove () const; - - void set_db_cache_expiration (unsigned int seconds); - void set_db (const DB & db); - - // returns true if session is expired - bool db_check_entry (gnutls_datum_t & session_data) const; - - // server side only - const char *get_srp_username () const; - const char *get_psk_username () const; - - void get_server_name (void *data, size_t * data_length, - unsigned int *type, unsigned int indx) const; - - int rehandshake (); - void set_certificate_request (gnutls_certificate_request_t); - }; - - class client_session:public session - { - public: - client_session (); - ~client_session (); - - void set_server_name (gnutls_server_name_type_t type, - const void *name, size_t name_length); - - bool get_request_status (); - }; - - - class credentials:private noncopyable - { - public: - virtual ~ credentials () - { - } - gnutls_credentials_type_t get_type () const; - protected: - friend class session; - credentials (gnutls_credentials_type_t t); - void *ptr () const; - void set_ptr (void *ptr); - gnutls_credentials_type_t type; - private: - void *cred; - }; - - class certificate_credentials:public credentials - { - public: - ~certificate_credentials (); - certificate_credentials (); - - void free_keys (); - void free_cas (); - void free_ca_names (); - void free_crls (); - - void set_dh_params (const dh_params & params); - void set_rsa_export_params (const rsa_params & params); - void set_verify_flags (unsigned int flags); - void set_verify_limits (unsigned int max_bits, unsigned int max_depth); - - void set_x509_trust_file (const char *cafile, gnutls_x509_crt_fmt_t type); - void set_x509_trust (const gnutls_datum_t & CA, - gnutls_x509_crt_fmt_t type); - // FIXME: use classes instead of gnutls_x509_crt_t - void set_x509_trust (gnutls_x509_crt_t * ca_list, int ca_list_size); - - void set_x509_crl_file (const char *crlfile, gnutls_x509_crt_fmt_t type); - void set_x509_crl (const gnutls_datum_t & CRL, - gnutls_x509_crt_fmt_t type); - void set_x509_crl (gnutls_x509_crl_t * crl_list, int crl_list_size); - - void set_x509_key_file (const char *certfile, const char *KEYFILE, - gnutls_x509_crt_fmt_t type); - void set_x509_key (const gnutls_datum_t & CERT, - const gnutls_datum_t & KEY, - gnutls_x509_crt_fmt_t type); - // FIXME: use classes - void set_x509_key (gnutls_x509_crt_t * cert_list, int cert_list_size, - gnutls_x509_privkey_t key); - - - void set_simple_pkcs12_file (const char *pkcs12file, - gnutls_x509_crt_fmt_t type, - const char *password); - - void set_retrieve_function (gnutls_certificate_retrieve_function * func); - - protected: - gnutls_certificate_credentials_t cred; - }; - - class certificate_server_credentials:public certificate_credentials - { - public: - void set_params_function (gnutls_params_function * func); - }; - - class certificate_client_credentials:public certificate_credentials - { - public: - }; - - - - - class anon_server_credentials:public credentials - { - public: - anon_server_credentials (); - ~anon_server_credentials (); - void set_dh_params (const dh_params & params); - void set_params_function (gnutls_params_function * func); - protected: - gnutls_anon_server_credentials_t cred; - }; - - class anon_client_credentials:public credentials - { - public: - anon_client_credentials (); - ~anon_client_credentials (); - protected: - gnutls_anon_client_credentials_t cred; - }; - - - class srp_server_credentials:public credentials - { - public: - srp_server_credentials (); - ~srp_server_credentials (); - void set_credentials_file (const char *password_file, - const char *password_conf_file); - void set_credentials_function (gnutls_srp_server_credentials_function * - func); - protected: - gnutls_srp_server_credentials_t cred; - }; - - class srp_client_credentials:public credentials - { - public: - srp_client_credentials (); - ~srp_client_credentials (); - void set_credentials (const char *username, const char *password); - void set_credentials_function (gnutls_srp_client_credentials_function * - func); - protected: - gnutls_srp_client_credentials_t cred; - }; - - - class psk_server_credentials:public credentials - { - public: - psk_server_credentials (); - ~psk_server_credentials (); - void set_credentials_file (const char *password_file); - void set_credentials_function (gnutls_psk_server_credentials_function * - func); - void set_dh_params (const dh_params & params); - void set_params_function (gnutls_params_function * func); - protected: - gnutls_psk_server_credentials_t cred; - }; - - class psk_client_credentials:public credentials - { - public: - psk_client_credentials (); - ~psk_client_credentials (); - void set_credentials (const char *username, const gnutls_datum_t & key, - gnutls_psk_key_flags flags); - void set_credentials_function (gnutls_psk_client_credentials_function * - func); - protected: - gnutls_psk_client_credentials_t cred; - }; - - -} /* namespace */ - -#endif /* GNUTLSXX_H */ + class DB:private noncopyable { + public: + virtual ~ DB() = 0; + virtual bool store(const gnutls_datum_t & key, + const gnutls_datum_t & data) = 0; + virtual bool retrieve(const gnutls_datum_t & key, + gnutls_datum_t & data) = 0; + virtual bool remove(const gnutls_datum_t & key) = 0; + }; + + class server_session:public session { + public: + server_session(); + ~server_session(); + void db_remove() const; + + void set_db_cache_expiration(unsigned int seconds); + void set_db(const DB & db); + + // returns true if session is expired + bool db_check_entry(gnutls_datum_t & session_data) const; + + // server side only + const char *get_srp_username() const; + const char *get_psk_username() const; + + void get_server_name(void *data, size_t * data_length, + unsigned int *type, + unsigned int indx) const; + + int rehandshake(); + void set_certificate_request(gnutls_certificate_request_t); + }; + + class client_session:public session { + public: + client_session(); + ~client_session(); + + void set_server_name(gnutls_server_name_type_t type, + const void *name, size_t name_length); + + bool get_request_status(); + }; + + + class credentials:private noncopyable { + public: + virtual ~ credentials() { + } gnutls_credentials_type_t get_type() const; + protected: + friend class session; + credentials(gnutls_credentials_type_t t); + void *ptr() const; + void set_ptr(void *ptr); + gnutls_credentials_type_t type; + private: + void *cred; + }; + + class certificate_credentials:public credentials { + public: + ~certificate_credentials(); + certificate_credentials(); + + void free_keys(); + void free_cas(); + void free_ca_names(); + void free_crls(); + + void set_dh_params(const dh_params & params); + void set_rsa_export_params(const rsa_params & params); + void set_verify_flags(unsigned int flags); + void set_verify_limits(unsigned int max_bits, + unsigned int max_depth); + + void set_x509_trust_file(const char *cafile, + gnutls_x509_crt_fmt_t type); + void set_x509_trust(const gnutls_datum_t & CA, + gnutls_x509_crt_fmt_t type); + // FIXME: use classes instead of gnutls_x509_crt_t + void set_x509_trust(gnutls_x509_crt_t * ca_list, + int ca_list_size); + + void set_x509_crl_file(const char *crlfile, + gnutls_x509_crt_fmt_t type); + void set_x509_crl(const gnutls_datum_t & CRL, + gnutls_x509_crt_fmt_t type); + void set_x509_crl(gnutls_x509_crl_t * crl_list, + int crl_list_size); + + void set_x509_key_file(const char *certfile, + const char *KEYFILE, + gnutls_x509_crt_fmt_t type); + void set_x509_key(const gnutls_datum_t & CERT, + const gnutls_datum_t & KEY, + gnutls_x509_crt_fmt_t type); + // FIXME: use classes + void set_x509_key(gnutls_x509_crt_t * cert_list, + int cert_list_size, + gnutls_x509_privkey_t key); + + + void set_simple_pkcs12_file(const char *pkcs12file, + gnutls_x509_crt_fmt_t type, + const char *password); + + void set_retrieve_function + (gnutls_certificate_retrieve_function * func); + + protected: + gnutls_certificate_credentials_t cred; + }; + + class certificate_server_credentials:public certificate_credentials { + public: + void set_params_function(gnutls_params_function * func); + }; + + class certificate_client_credentials:public certificate_credentials { + public: + }; + + + + + class anon_server_credentials:public credentials { + public: + anon_server_credentials(); + ~anon_server_credentials(); + void set_dh_params(const dh_params & params); + void set_params_function(gnutls_params_function * func); + protected: + gnutls_anon_server_credentials_t cred; + }; + + class anon_client_credentials:public credentials { + public: + anon_client_credentials(); + ~anon_client_credentials(); + protected: + gnutls_anon_client_credentials_t cred; + }; + + + class srp_server_credentials:public credentials { + public: + srp_server_credentials(); + ~srp_server_credentials(); + void set_credentials_file(const char *password_file, + const char *password_conf_file); + void set_credentials_function + (gnutls_srp_server_credentials_function * func); + protected: + gnutls_srp_server_credentials_t cred; + }; + + class srp_client_credentials:public credentials { + public: + srp_client_credentials(); + ~srp_client_credentials(); + void set_credentials(const char *username, + const char *password); + void set_credentials_function + (gnutls_srp_client_credentials_function * func); + protected: + gnutls_srp_client_credentials_t cred; + }; + + + class psk_server_credentials:public credentials { + public: + psk_server_credentials(); + ~psk_server_credentials(); + void set_credentials_file(const char *password_file); + void set_credentials_function + (gnutls_psk_server_credentials_function * func); + void set_dh_params(const dh_params & params); + void set_params_function(gnutls_params_function * func); + protected: + gnutls_psk_server_credentials_t cred; + }; + + class psk_client_credentials:public credentials { + public: + psk_client_credentials(); + ~psk_client_credentials(); + void set_credentials(const char *username, + const gnutls_datum_t & key, + gnutls_psk_key_flags flags); + void set_credentials_function + (gnutls_psk_client_credentials_function * func); + protected: + gnutls_psk_client_credentials_t cred; + }; + + +} /* namespace */ + +#endif /* GNUTLSXX_H */ diff --git a/lib/includes/gnutls/ocsp.h b/lib/includes/gnutls/ocsp.h index 99046ad276..e7f412251a 100644 --- a/lib/includes/gnutls/ocsp.h +++ b/lib/includes/gnutls/ocsp.h @@ -30,8 +30,7 @@ #include <gnutls/x509.h> #ifdef __cplusplus -extern "C" -{ +extern "C" { #endif #define GNUTLS_OCSP_NONCE "1.3.6.1.5.5.7.48.1.2" @@ -43,11 +42,10 @@ extern "C" * * Enumeration of different OCSP printing variants. */ -typedef enum gnutls_ocsp_print_formats_t - { - GNUTLS_OCSP_PRINT_FULL = 0, - GNUTLS_OCSP_PRINT_COMPACT = 1, - } gnutls_ocsp_print_formats_t; + typedef enum gnutls_ocsp_print_formats_t { + GNUTLS_OCSP_PRINT_FULL = 0, + GNUTLS_OCSP_PRINT_COMPACT = 1, + } gnutls_ocsp_print_formats_t; /** * gnutls_ocsp_resp_status_t: @@ -60,15 +58,14 @@ typedef enum gnutls_ocsp_print_formats_t * * Enumeration of different OCSP response status codes. */ -typedef enum gnutls_ocsp_resp_status_t - { - GNUTLS_OCSP_RESP_SUCCESSFUL = 0, - GNUTLS_OCSP_RESP_MALFORMEDREQUEST = 1, - GNUTLS_OCSP_RESP_INTERNALERROR = 2, - GNUTLS_OCSP_RESP_TRYLATER = 3, - GNUTLS_OCSP_RESP_SIGREQUIRED = 5, - GNUTLS_OCSP_RESP_UNAUTHORIZED = 6 - } gnutls_ocsp_resp_status_t; + typedef enum gnutls_ocsp_resp_status_t { + GNUTLS_OCSP_RESP_SUCCESSFUL = 0, + GNUTLS_OCSP_RESP_MALFORMEDREQUEST = 1, + GNUTLS_OCSP_RESP_INTERNALERROR = 2, + GNUTLS_OCSP_RESP_TRYLATER = 3, + GNUTLS_OCSP_RESP_SIGREQUIRED = 5, + GNUTLS_OCSP_RESP_UNAUTHORIZED = 6 + } gnutls_ocsp_resp_status_t; /** * gnutls_ocsp_cert_status_t: @@ -79,12 +76,11 @@ typedef enum gnutls_ocsp_resp_status_t * * Enumeration of different OCSP response certificate status codes. */ -typedef enum gnutls_ocsp_cert_status_t - { - GNUTLS_OCSP_CERT_GOOD = 0, - GNUTLS_OCSP_CERT_REVOKED = 1, - GNUTLS_OCSP_CERT_UNKNOWN = 2 - } gnutls_ocsp_cert_status_t; + typedef enum gnutls_ocsp_cert_status_t { + GNUTLS_OCSP_CERT_GOOD = 0, + GNUTLS_OCSP_CERT_REVOKED = 1, + GNUTLS_OCSP_CERT_UNKNOWN = 2 + } gnutls_ocsp_cert_status_t; /** * gnutls_x509_crl_reason_t: @@ -103,19 +99,18 @@ typedef enum gnutls_ocsp_cert_status_t * corresponds to the CRLReason ASN.1 enumeration type, and not the * ReasonFlags ASN.1 bit string. */ -typedef enum gnutls_x509_crl_reason_t - { - GNUTLS_X509_CRLREASON_UNSPECIFIED = 0, - GNUTLS_X509_CRLREASON_KEYCOMPROMISE = 1, - GNUTLS_X509_CRLREASON_CACOMPROMISE = 2, - GNUTLS_X509_CRLREASON_AFFILIATIONCHANGED = 3, - GNUTLS_X509_CRLREASON_SUPERSEDED = 4, - GNUTLS_X509_CRLREASON_CESSATIONOFOPERATION = 5, - GNUTLS_X509_CRLREASON_CERTIFICATEHOLD = 6, - GNUTLS_X509_CRLREASON_REMOVEFROMCRL = 8, - GNUTLS_X509_CRLREASON_PRIVILEGEWITHDRAWN = 9, - GNUTLS_X509_CRLREASON_AACOMPROMISE = 10 - } gnutls_x509_crl_reason_t; + typedef enum gnutls_x509_crl_reason_t { + GNUTLS_X509_CRLREASON_UNSPECIFIED = 0, + GNUTLS_X509_CRLREASON_KEYCOMPROMISE = 1, + GNUTLS_X509_CRLREASON_CACOMPROMISE = 2, + GNUTLS_X509_CRLREASON_AFFILIATIONCHANGED = 3, + GNUTLS_X509_CRLREASON_SUPERSEDED = 4, + GNUTLS_X509_CRLREASON_CESSATIONOFOPERATION = 5, + GNUTLS_X509_CRLREASON_CERTIFICATEHOLD = 6, + GNUTLS_X509_CRLREASON_REMOVEFROMCRL = 8, + GNUTLS_X509_CRLREASON_PRIVILEGEWITHDRAWN = 9, + GNUTLS_X509_CRLREASON_AACOMPROMISE = 10 + } gnutls_x509_crl_reason_t; /** * gnutls_ocsp_verify_reason_t: @@ -130,130 +125,134 @@ typedef enum gnutls_x509_crl_reason_t * Enumeration of OCSP verify status codes, used by * gnutls_ocsp_resp_verify() and gnutls_ocsp_resp_verify_direct(). */ -typedef enum gnutls_ocsp_verify_reason_t - { - GNUTLS_OCSP_VERIFY_SIGNER_NOT_FOUND = 1, - GNUTLS_OCSP_VERIFY_SIGNER_KEYUSAGE_ERROR = 2, - GNUTLS_OCSP_VERIFY_UNTRUSTED_SIGNER = 4, - GNUTLS_OCSP_VERIFY_INSECURE_ALGORITHM = 8, - GNUTLS_OCSP_VERIFY_SIGNATURE_FAILURE = 16, - GNUTLS_OCSP_VERIFY_CERT_NOT_ACTIVATED = 32, - GNUTLS_OCSP_VERIFY_CERT_EXPIRED = 64 - } gnutls_ocsp_verify_reason_t; + typedef enum gnutls_ocsp_verify_reason_t { + GNUTLS_OCSP_VERIFY_SIGNER_NOT_FOUND = 1, + GNUTLS_OCSP_VERIFY_SIGNER_KEYUSAGE_ERROR = 2, + GNUTLS_OCSP_VERIFY_UNTRUSTED_SIGNER = 4, + GNUTLS_OCSP_VERIFY_INSECURE_ALGORITHM = 8, + GNUTLS_OCSP_VERIFY_SIGNATURE_FAILURE = 16, + GNUTLS_OCSP_VERIFY_CERT_NOT_ACTIVATED = 32, + GNUTLS_OCSP_VERIFY_CERT_EXPIRED = 64 + } gnutls_ocsp_verify_reason_t; - struct gnutls_ocsp_req_int; - typedef struct gnutls_ocsp_req_int *gnutls_ocsp_req_t; + struct gnutls_ocsp_req_int; + typedef struct gnutls_ocsp_req_int *gnutls_ocsp_req_t; - int gnutls_ocsp_req_init (gnutls_ocsp_req_t * req); - void gnutls_ocsp_req_deinit (gnutls_ocsp_req_t req); + int gnutls_ocsp_req_init(gnutls_ocsp_req_t * req); + void gnutls_ocsp_req_deinit(gnutls_ocsp_req_t req); - int gnutls_ocsp_req_import (gnutls_ocsp_req_t req, - const gnutls_datum_t * data); - int gnutls_ocsp_req_export (gnutls_ocsp_req_t req, gnutls_datum_t * data); - int gnutls_ocsp_req_print (gnutls_ocsp_req_t req, - gnutls_ocsp_print_formats_t format, - gnutls_datum_t * out); + int gnutls_ocsp_req_import(gnutls_ocsp_req_t req, + const gnutls_datum_t * data); + int gnutls_ocsp_req_export(gnutls_ocsp_req_t req, + gnutls_datum_t * data); + int gnutls_ocsp_req_print(gnutls_ocsp_req_t req, + gnutls_ocsp_print_formats_t format, + gnutls_datum_t * out); - int gnutls_ocsp_req_get_version (gnutls_ocsp_req_t req); + int gnutls_ocsp_req_get_version(gnutls_ocsp_req_t req); - int gnutls_ocsp_req_get_cert_id (gnutls_ocsp_req_t req, - unsigned indx, - gnutls_digest_algorithm_t *digest, - gnutls_datum_t *issuer_name_hash, - gnutls_datum_t *issuer_key_hash, - gnutls_datum_t *serial_number); - int gnutls_ocsp_req_add_cert_id (gnutls_ocsp_req_t req, - gnutls_digest_algorithm_t digest, - const gnutls_datum_t *issuer_name_hash, - const gnutls_datum_t *issuer_key_hash, - const gnutls_datum_t *serial_number); - int gnutls_ocsp_req_add_cert (gnutls_ocsp_req_t req, - gnutls_digest_algorithm_t digest, - gnutls_x509_crt_t issuer, - gnutls_x509_crt_t cert); + int gnutls_ocsp_req_get_cert_id(gnutls_ocsp_req_t req, + unsigned indx, + gnutls_digest_algorithm_t * digest, + gnutls_datum_t * issuer_name_hash, + gnutls_datum_t * issuer_key_hash, + gnutls_datum_t * serial_number); + int gnutls_ocsp_req_add_cert_id(gnutls_ocsp_req_t req, + gnutls_digest_algorithm_t digest, + const gnutls_datum_t * + issuer_name_hash, + const gnutls_datum_t * + issuer_key_hash, + const gnutls_datum_t * + serial_number); + int gnutls_ocsp_req_add_cert(gnutls_ocsp_req_t req, + gnutls_digest_algorithm_t digest, + gnutls_x509_crt_t issuer, + gnutls_x509_crt_t cert); - int gnutls_ocsp_req_get_extension (gnutls_ocsp_req_t req, - unsigned indx, - gnutls_datum_t *oid, - unsigned int *critical, - gnutls_datum_t *data); - int gnutls_ocsp_req_set_extension (gnutls_ocsp_req_t req, - const char *oid, - unsigned int critical, - const gnutls_datum_t *data); + int gnutls_ocsp_req_get_extension(gnutls_ocsp_req_t req, + unsigned indx, + gnutls_datum_t * oid, + unsigned int *critical, + gnutls_datum_t * data); + int gnutls_ocsp_req_set_extension(gnutls_ocsp_req_t req, + const char *oid, + unsigned int critical, + const gnutls_datum_t * data); - int gnutls_ocsp_req_get_nonce (gnutls_ocsp_req_t req, - unsigned int *critical, - gnutls_datum_t *nonce); - int gnutls_ocsp_req_set_nonce (gnutls_ocsp_req_t req, - unsigned int critical, - const gnutls_datum_t *nonce); - int gnutls_ocsp_req_randomize_nonce (gnutls_ocsp_req_t req); + int gnutls_ocsp_req_get_nonce(gnutls_ocsp_req_t req, + unsigned int *critical, + gnutls_datum_t * nonce); + int gnutls_ocsp_req_set_nonce(gnutls_ocsp_req_t req, + unsigned int critical, + const gnutls_datum_t * nonce); + int gnutls_ocsp_req_randomize_nonce(gnutls_ocsp_req_t req); - struct gnutls_ocsp_resp_int; - typedef struct gnutls_ocsp_resp_int *gnutls_ocsp_resp_t; + struct gnutls_ocsp_resp_int; + typedef struct gnutls_ocsp_resp_int *gnutls_ocsp_resp_t; - int gnutls_ocsp_resp_init (gnutls_ocsp_resp_t * resp); - void gnutls_ocsp_resp_deinit (gnutls_ocsp_resp_t resp); + int gnutls_ocsp_resp_init(gnutls_ocsp_resp_t * resp); + void gnutls_ocsp_resp_deinit(gnutls_ocsp_resp_t resp); - int gnutls_ocsp_resp_import (gnutls_ocsp_resp_t resp, - const gnutls_datum_t * data); - int gnutls_ocsp_resp_export (gnutls_ocsp_resp_t resp, - gnutls_datum_t * data); - int gnutls_ocsp_resp_print (gnutls_ocsp_resp_t resp, - gnutls_ocsp_print_formats_t format, - gnutls_datum_t * out); + int gnutls_ocsp_resp_import(gnutls_ocsp_resp_t resp, + const gnutls_datum_t * data); + int gnutls_ocsp_resp_export(gnutls_ocsp_resp_t resp, + gnutls_datum_t * data); + int gnutls_ocsp_resp_print(gnutls_ocsp_resp_t resp, + gnutls_ocsp_print_formats_t format, + gnutls_datum_t * out); - int gnutls_ocsp_resp_get_status (gnutls_ocsp_resp_t resp); - int gnutls_ocsp_resp_get_response (gnutls_ocsp_resp_t resp, - gnutls_datum_t *response_type_oid, - gnutls_datum_t *response); + int gnutls_ocsp_resp_get_status(gnutls_ocsp_resp_t resp); + int gnutls_ocsp_resp_get_response(gnutls_ocsp_resp_t resp, + gnutls_datum_t * + response_type_oid, + gnutls_datum_t * response); - int gnutls_ocsp_resp_get_version (gnutls_ocsp_resp_t resp); - int gnutls_ocsp_resp_get_responder (gnutls_ocsp_resp_t resp, - gnutls_datum_t *dn); - time_t gnutls_ocsp_resp_get_produced (gnutls_ocsp_resp_t resp); - int gnutls_ocsp_resp_get_single (gnutls_ocsp_resp_t resp, - unsigned indx, - gnutls_digest_algorithm_t *digest, - gnutls_datum_t *issuer_name_hash, - gnutls_datum_t *issuer_key_hash, - gnutls_datum_t *serial_number, - unsigned int *cert_status, - time_t *this_update, - time_t *next_update, - time_t *revocation_time, - unsigned int *revocation_reason); - int gnutls_ocsp_resp_get_extension (gnutls_ocsp_resp_t resp, - unsigned indx, - gnutls_datum_t *oid, - unsigned int *critical, - gnutls_datum_t *data); - int gnutls_ocsp_resp_get_nonce (gnutls_ocsp_resp_t resp, - unsigned int *critical, - gnutls_datum_t *nonce); - int gnutls_ocsp_resp_get_signature_algorithm (gnutls_ocsp_resp_t resp); - int gnutls_ocsp_resp_get_signature (gnutls_ocsp_resp_t resp, - gnutls_datum_t *sig); - int gnutls_ocsp_resp_get_certs (gnutls_ocsp_resp_t resp, - gnutls_x509_crt_t ** certs, - size_t *ncerts); + int gnutls_ocsp_resp_get_version(gnutls_ocsp_resp_t resp); + int gnutls_ocsp_resp_get_responder(gnutls_ocsp_resp_t resp, + gnutls_datum_t * dn); + time_t gnutls_ocsp_resp_get_produced(gnutls_ocsp_resp_t resp); + int gnutls_ocsp_resp_get_single(gnutls_ocsp_resp_t resp, + unsigned indx, + gnutls_digest_algorithm_t * digest, + gnutls_datum_t * issuer_name_hash, + gnutls_datum_t * issuer_key_hash, + gnutls_datum_t * serial_number, + unsigned int *cert_status, + time_t * this_update, + time_t * next_update, + time_t * revocation_time, + unsigned int *revocation_reason); + int gnutls_ocsp_resp_get_extension(gnutls_ocsp_resp_t resp, + unsigned indx, + gnutls_datum_t * oid, + unsigned int *critical, + gnutls_datum_t * data); + int gnutls_ocsp_resp_get_nonce(gnutls_ocsp_resp_t resp, + unsigned int *critical, + gnutls_datum_t * nonce); + int gnutls_ocsp_resp_get_signature_algorithm(gnutls_ocsp_resp_t + resp); + int gnutls_ocsp_resp_get_signature(gnutls_ocsp_resp_t resp, + gnutls_datum_t * sig); + int gnutls_ocsp_resp_get_certs(gnutls_ocsp_resp_t resp, + gnutls_x509_crt_t ** certs, + size_t * ncerts); - int gnutls_ocsp_resp_verify_direct (gnutls_ocsp_resp_t resp, - gnutls_x509_crt_t issuer, - unsigned int *verify, - unsigned int flags); - int gnutls_ocsp_resp_verify (gnutls_ocsp_resp_t resp, - gnutls_x509_trust_list_t trustlist, - unsigned int *verify, - unsigned int flags); + int gnutls_ocsp_resp_verify_direct(gnutls_ocsp_resp_t resp, + gnutls_x509_crt_t issuer, + unsigned int *verify, + unsigned int flags); + int gnutls_ocsp_resp_verify(gnutls_ocsp_resp_t resp, + gnutls_x509_trust_list_t trustlist, + unsigned int *verify, + unsigned int flags); - int gnutls_ocsp_resp_check_crt (gnutls_ocsp_resp_t resp, - unsigned int indx, - gnutls_x509_crt_t crt); + int gnutls_ocsp_resp_check_crt(gnutls_ocsp_resp_t resp, + unsigned int indx, + gnutls_x509_crt_t crt); #ifdef __cplusplus } #endif - -#endif /* GNUTLS_OCSP_H */ +#endif /* GNUTLS_OCSP_H */ diff --git a/lib/includes/gnutls/openpgp.h b/lib/includes/gnutls/openpgp.h index e87e2d307f..abb0ed348b 100644 --- a/lib/includes/gnutls/openpgp.h +++ b/lib/includes/gnutls/openpgp.h @@ -31,8 +31,7 @@ #include <limits.h> #ifdef __cplusplus -extern "C" -{ +extern "C" { #endif /* Openpgp certificate stuff @@ -45,257 +44,270 @@ extern "C" * * Enumeration of different OpenPGP key formats. */ - typedef enum gnutls_openpgp_crt_fmt - { - GNUTLS_OPENPGP_FMT_RAW, - GNUTLS_OPENPGP_FMT_BASE64 - } gnutls_openpgp_crt_fmt_t; + typedef enum gnutls_openpgp_crt_fmt { + GNUTLS_OPENPGP_FMT_RAW, + GNUTLS_OPENPGP_FMT_BASE64 + } gnutls_openpgp_crt_fmt_t; #define GNUTLS_OPENPGP_KEYID_SIZE 8 #define GNUTLS_OPENPGP_V4_FINGERPRINT_SIZE 20 - typedef unsigned char gnutls_openpgp_keyid_t[GNUTLS_OPENPGP_KEYID_SIZE]; + typedef unsigned char + gnutls_openpgp_keyid_t[GNUTLS_OPENPGP_KEYID_SIZE]; /* gnutls_openpgp_cert_t should be defined in gnutls.h */ - /* initializes the memory for gnutls_openpgp_crt_t struct */ - int gnutls_openpgp_crt_init (gnutls_openpgp_crt_t * key); - /* frees all memory */ - void gnutls_openpgp_crt_deinit (gnutls_openpgp_crt_t key); - - int gnutls_openpgp_crt_import (gnutls_openpgp_crt_t key, - const gnutls_datum_t * data, - gnutls_openpgp_crt_fmt_t format); - int gnutls_openpgp_crt_export (gnutls_openpgp_crt_t key, - gnutls_openpgp_crt_fmt_t format, - void *output_data, - size_t * output_data_size); - int gnutls_openpgp_crt_export2 (gnutls_openpgp_crt_t key, - gnutls_openpgp_crt_fmt_t format, - gnutls_datum_t * out); - - int gnutls_openpgp_crt_print (gnutls_openpgp_crt_t cert, - gnutls_certificate_print_formats_t format, - gnutls_datum_t * out); + /* initializes the memory for gnutls_openpgp_crt_t struct */ + int gnutls_openpgp_crt_init(gnutls_openpgp_crt_t * key); + /* frees all memory */ + void gnutls_openpgp_crt_deinit(gnutls_openpgp_crt_t key); + + int gnutls_openpgp_crt_import(gnutls_openpgp_crt_t key, + const gnutls_datum_t * data, + gnutls_openpgp_crt_fmt_t format); + int gnutls_openpgp_crt_export(gnutls_openpgp_crt_t key, + gnutls_openpgp_crt_fmt_t format, + void *output_data, + size_t * output_data_size); + int gnutls_openpgp_crt_export2(gnutls_openpgp_crt_t key, + gnutls_openpgp_crt_fmt_t format, + gnutls_datum_t * out); + + int gnutls_openpgp_crt_print(gnutls_openpgp_crt_t cert, + gnutls_certificate_print_formats_t + format, gnutls_datum_t * out); /* The key_usage flags are defined in gnutls.h. They are * the GNUTLS_KEY_* definitions. */ #define GNUTLS_OPENPGP_MASTER_KEYID_IDX INT_MAX - int gnutls_openpgp_crt_get_key_usage (gnutls_openpgp_crt_t key, - unsigned int *key_usage); - int gnutls_openpgp_crt_get_fingerprint (gnutls_openpgp_crt_t key, void *fpr, - size_t * fprlen); - int gnutls_openpgp_crt_get_subkey_fingerprint (gnutls_openpgp_crt_t key, - unsigned int idx, - void *fpr, size_t * fprlen); - - int gnutls_openpgp_crt_get_name (gnutls_openpgp_crt_t key, - int idx, char *buf, size_t * sizeof_buf); - - gnutls_pk_algorithm_t - gnutls_openpgp_crt_get_pk_algorithm (gnutls_openpgp_crt_t key, - unsigned int *bits); - - int gnutls_openpgp_crt_get_version (gnutls_openpgp_crt_t key); - - time_t gnutls_openpgp_crt_get_creation_time (gnutls_openpgp_crt_t key); - time_t gnutls_openpgp_crt_get_expiration_time (gnutls_openpgp_crt_t key); - - int gnutls_openpgp_crt_get_key_id (gnutls_openpgp_crt_t key, - gnutls_openpgp_keyid_t keyid); - - int gnutls_openpgp_crt_check_hostname (gnutls_openpgp_crt_t key, - const char *hostname); - - int gnutls_openpgp_crt_get_revoked_status (gnutls_openpgp_crt_t key); - - int gnutls_openpgp_crt_get_subkey_count (gnutls_openpgp_crt_t key); - int gnutls_openpgp_crt_get_subkey_idx (gnutls_openpgp_crt_t key, - const gnutls_openpgp_keyid_t keyid); - int gnutls_openpgp_crt_get_subkey_revoked_status (gnutls_openpgp_crt_t key, - unsigned int idx); - gnutls_pk_algorithm_t - gnutls_openpgp_crt_get_subkey_pk_algorithm (gnutls_openpgp_crt_t key, - unsigned int idx, - unsigned int *bits); - time_t gnutls_openpgp_crt_get_subkey_creation_time (gnutls_openpgp_crt_t - key, unsigned int idx); - time_t gnutls_openpgp_crt_get_subkey_expiration_time (gnutls_openpgp_crt_t - key, - unsigned int idx); - int gnutls_openpgp_crt_get_subkey_id (gnutls_openpgp_crt_t key, - unsigned int idx, - gnutls_openpgp_keyid_t keyid); - int gnutls_openpgp_crt_get_subkey_usage (gnutls_openpgp_crt_t key, - unsigned int idx, - unsigned int *key_usage); - - int gnutls_openpgp_crt_get_subkey_pk_dsa_raw (gnutls_openpgp_crt_t crt, - unsigned int idx, - gnutls_datum_t * p, - gnutls_datum_t * q, - gnutls_datum_t * g, - gnutls_datum_t * y); - int gnutls_openpgp_crt_get_subkey_pk_rsa_raw (gnutls_openpgp_crt_t crt, - unsigned int idx, - gnutls_datum_t * m, - gnutls_datum_t * e); - int gnutls_openpgp_crt_get_pk_dsa_raw (gnutls_openpgp_crt_t crt, - gnutls_datum_t * p, - gnutls_datum_t * q, - gnutls_datum_t * g, - gnutls_datum_t * y); - int gnutls_openpgp_crt_get_pk_rsa_raw (gnutls_openpgp_crt_t crt, - gnutls_datum_t * m, - gnutls_datum_t * e); - - int gnutls_openpgp_crt_get_preferred_key_id (gnutls_openpgp_crt_t key, - gnutls_openpgp_keyid_t keyid); - int - gnutls_openpgp_crt_set_preferred_key_id (gnutls_openpgp_crt_t key, - const gnutls_openpgp_keyid_t - keyid); + int gnutls_openpgp_crt_get_key_usage(gnutls_openpgp_crt_t key, + unsigned int *key_usage); + int gnutls_openpgp_crt_get_fingerprint(gnutls_openpgp_crt_t key, + void *fpr, size_t * fprlen); + int gnutls_openpgp_crt_get_subkey_fingerprint(gnutls_openpgp_crt_t + key, + unsigned int idx, + void *fpr, + size_t * fprlen); + + int gnutls_openpgp_crt_get_name(gnutls_openpgp_crt_t key, + int idx, char *buf, + size_t * sizeof_buf); + + gnutls_pk_algorithm_t + gnutls_openpgp_crt_get_pk_algorithm(gnutls_openpgp_crt_t key, + unsigned int *bits); + + int gnutls_openpgp_crt_get_version(gnutls_openpgp_crt_t key); + + time_t gnutls_openpgp_crt_get_creation_time(gnutls_openpgp_crt_t + key); + time_t gnutls_openpgp_crt_get_expiration_time(gnutls_openpgp_crt_t + key); + + int gnutls_openpgp_crt_get_key_id(gnutls_openpgp_crt_t key, + gnutls_openpgp_keyid_t keyid); + + int gnutls_openpgp_crt_check_hostname(gnutls_openpgp_crt_t key, + const char *hostname); + + int gnutls_openpgp_crt_get_revoked_status(gnutls_openpgp_crt_t + key); + + int gnutls_openpgp_crt_get_subkey_count(gnutls_openpgp_crt_t key); + int gnutls_openpgp_crt_get_subkey_idx(gnutls_openpgp_crt_t key, + const gnutls_openpgp_keyid_t + keyid); + int gnutls_openpgp_crt_get_subkey_revoked_status + (gnutls_openpgp_crt_t key, unsigned int idx); + gnutls_pk_algorithm_t + gnutls_openpgp_crt_get_subkey_pk_algorithm(gnutls_openpgp_crt_t + key, + unsigned int idx, + unsigned int *bits); + time_t + gnutls_openpgp_crt_get_subkey_creation_time + (gnutls_openpgp_crt_t key, unsigned int idx); + time_t + gnutls_openpgp_crt_get_subkey_expiration_time + (gnutls_openpgp_crt_t key, unsigned int idx); + int gnutls_openpgp_crt_get_subkey_id(gnutls_openpgp_crt_t key, + unsigned int idx, + gnutls_openpgp_keyid_t keyid); + int gnutls_openpgp_crt_get_subkey_usage(gnutls_openpgp_crt_t key, + unsigned int idx, + unsigned int *key_usage); + + int gnutls_openpgp_crt_get_subkey_pk_dsa_raw(gnutls_openpgp_crt_t + crt, unsigned int idx, + gnutls_datum_t * p, + gnutls_datum_t * q, + gnutls_datum_t * g, + gnutls_datum_t * y); + int gnutls_openpgp_crt_get_subkey_pk_rsa_raw(gnutls_openpgp_crt_t + crt, unsigned int idx, + gnutls_datum_t * m, + gnutls_datum_t * e); + int gnutls_openpgp_crt_get_pk_dsa_raw(gnutls_openpgp_crt_t crt, + gnutls_datum_t * p, + gnutls_datum_t * q, + gnutls_datum_t * g, + gnutls_datum_t * y); + int gnutls_openpgp_crt_get_pk_rsa_raw(gnutls_openpgp_crt_t crt, + gnutls_datum_t * m, + gnutls_datum_t * e); + + int gnutls_openpgp_crt_get_preferred_key_id(gnutls_openpgp_crt_t + key, + gnutls_openpgp_keyid_t + keyid); + int + gnutls_openpgp_crt_set_preferred_key_id(gnutls_openpgp_crt_t key, + const + gnutls_openpgp_keyid_t + keyid); /* privkey stuff. */ - int gnutls_openpgp_privkey_init (gnutls_openpgp_privkey_t * key); - void gnutls_openpgp_privkey_deinit (gnutls_openpgp_privkey_t key); - gnutls_pk_algorithm_t - gnutls_openpgp_privkey_get_pk_algorithm (gnutls_openpgp_privkey_t key, - unsigned int *bits); - - gnutls_sec_param_t - gnutls_openpgp_privkey_sec_param (gnutls_openpgp_privkey_t key); - int gnutls_openpgp_privkey_import (gnutls_openpgp_privkey_t key, - const gnutls_datum_t * data, - gnutls_openpgp_crt_fmt_t format, - const char *password, - unsigned int flags); - - int gnutls_openpgp_privkey_get_fingerprint (gnutls_openpgp_privkey_t key, - void *fpr, size_t * fprlen); - int gnutls_openpgp_privkey_get_subkey_fingerprint (gnutls_openpgp_privkey_t - key, unsigned int idx, - void *fpr, - size_t * fprlen); - int gnutls_openpgp_privkey_get_key_id (gnutls_openpgp_privkey_t key, - gnutls_openpgp_keyid_t keyid); - int gnutls_openpgp_privkey_get_subkey_count (gnutls_openpgp_privkey_t key); - int gnutls_openpgp_privkey_get_subkey_idx (gnutls_openpgp_privkey_t key, - const gnutls_openpgp_keyid_t - keyid); - - int - gnutls_openpgp_privkey_get_subkey_revoked_status (gnutls_openpgp_privkey_t - key, unsigned int idx); - - int gnutls_openpgp_privkey_get_revoked_status (gnutls_openpgp_privkey_t - key); - - gnutls_pk_algorithm_t - gnutls_openpgp_privkey_get_subkey_pk_algorithm (gnutls_openpgp_privkey_t - key, unsigned int idx, - unsigned int *bits); - - time_t - gnutls_openpgp_privkey_get_subkey_expiration_time - (gnutls_openpgp_privkey_t key, unsigned int idx); - - int gnutls_openpgp_privkey_get_subkey_id (gnutls_openpgp_privkey_t key, - unsigned int idx, - gnutls_openpgp_keyid_t keyid); - - time_t - gnutls_openpgp_privkey_get_subkey_creation_time (gnutls_openpgp_privkey_t - key, unsigned int idx); - - int - gnutls_openpgp_privkey_export_subkey_dsa_raw (gnutls_openpgp_privkey_t - pkey, unsigned int idx, - gnutls_datum_t * p, - gnutls_datum_t * q, - gnutls_datum_t * g, - gnutls_datum_t * y, - gnutls_datum_t * x); - int gnutls_openpgp_privkey_export_subkey_rsa_raw (gnutls_openpgp_privkey_t - pkey, unsigned int idx, - gnutls_datum_t * m, - gnutls_datum_t * e, - gnutls_datum_t * d, - gnutls_datum_t * p, - gnutls_datum_t * q, - gnutls_datum_t * u); - - int gnutls_openpgp_privkey_export_dsa_raw (gnutls_openpgp_privkey_t pkey, - gnutls_datum_t * p, - gnutls_datum_t * q, - gnutls_datum_t * g, - gnutls_datum_t * y, - gnutls_datum_t * x); - int gnutls_openpgp_privkey_export_rsa_raw (gnutls_openpgp_privkey_t pkey, - gnutls_datum_t * m, - gnutls_datum_t * e, - gnutls_datum_t * d, - gnutls_datum_t * p, - gnutls_datum_t * q, - gnutls_datum_t * u); - - int gnutls_openpgp_privkey_export (gnutls_openpgp_privkey_t key, - gnutls_openpgp_crt_fmt_t format, - const char *password, - unsigned int flags, - void *output_data, - size_t * output_data_size); - int gnutls_openpgp_privkey_export2 (gnutls_openpgp_privkey_t key, - gnutls_openpgp_crt_fmt_t format, - const char *password, - unsigned int flags, - gnutls_datum_t * out); - - int - gnutls_openpgp_privkey_set_preferred_key_id (gnutls_openpgp_privkey_t key, - const gnutls_openpgp_keyid_t - keyid); - int gnutls_openpgp_privkey_get_preferred_key_id (gnutls_openpgp_privkey_t - key, - gnutls_openpgp_keyid_t - keyid); - - int gnutls_openpgp_crt_get_auth_subkey (gnutls_openpgp_crt_t crt, - gnutls_openpgp_keyid_t keyid, - unsigned int flag); + int gnutls_openpgp_privkey_init(gnutls_openpgp_privkey_t * key); + void gnutls_openpgp_privkey_deinit(gnutls_openpgp_privkey_t key); + gnutls_pk_algorithm_t + gnutls_openpgp_privkey_get_pk_algorithm + (gnutls_openpgp_privkey_t key, unsigned int *bits); + + gnutls_sec_param_t + gnutls_openpgp_privkey_sec_param(gnutls_openpgp_privkey_t key); + int gnutls_openpgp_privkey_import(gnutls_openpgp_privkey_t key, + const gnutls_datum_t * data, + gnutls_openpgp_crt_fmt_t format, + const char *password, + unsigned int flags); + + int gnutls_openpgp_privkey_get_fingerprint(gnutls_openpgp_privkey_t + key, void *fpr, + size_t * fprlen); + int gnutls_openpgp_privkey_get_subkey_fingerprint + (gnutls_openpgp_privkey_t key, unsigned int idx, void *fpr, + size_t * fprlen); + int gnutls_openpgp_privkey_get_key_id(gnutls_openpgp_privkey_t key, + gnutls_openpgp_keyid_t + keyid); + int gnutls_openpgp_privkey_get_subkey_count + (gnutls_openpgp_privkey_t key); + int gnutls_openpgp_privkey_get_subkey_idx(gnutls_openpgp_privkey_t + key, + const + gnutls_openpgp_keyid_t + keyid); + + int + gnutls_openpgp_privkey_get_subkey_revoked_status + (gnutls_openpgp_privkey_t key, unsigned int idx); + + int gnutls_openpgp_privkey_get_revoked_status + (gnutls_openpgp_privkey_t key); + + gnutls_pk_algorithm_t + gnutls_openpgp_privkey_get_subkey_pk_algorithm + (gnutls_openpgp_privkey_t key, unsigned int idx, + unsigned int *bits); + + time_t + gnutls_openpgp_privkey_get_subkey_expiration_time + (gnutls_openpgp_privkey_t key, unsigned int idx); + + int gnutls_openpgp_privkey_get_subkey_id(gnutls_openpgp_privkey_t + key, unsigned int idx, + gnutls_openpgp_keyid_t + keyid); + + time_t + gnutls_openpgp_privkey_get_subkey_creation_time + (gnutls_openpgp_privkey_t key, unsigned int idx); + + int + gnutls_openpgp_privkey_export_subkey_dsa_raw + (gnutls_openpgp_privkey_t pkey, unsigned int idx, + gnutls_datum_t * p, gnutls_datum_t * q, gnutls_datum_t * g, + gnutls_datum_t * y, gnutls_datum_t * x); + int gnutls_openpgp_privkey_export_subkey_rsa_raw + (gnutls_openpgp_privkey_t pkey, unsigned int idx, + gnutls_datum_t * m, gnutls_datum_t * e, gnutls_datum_t * d, + gnutls_datum_t * p, gnutls_datum_t * q, gnutls_datum_t * u); + + int gnutls_openpgp_privkey_export_dsa_raw(gnutls_openpgp_privkey_t + pkey, gnutls_datum_t * p, + gnutls_datum_t * q, + gnutls_datum_t * g, + gnutls_datum_t * y, + gnutls_datum_t * x); + int gnutls_openpgp_privkey_export_rsa_raw(gnutls_openpgp_privkey_t + pkey, gnutls_datum_t * m, + gnutls_datum_t * e, + gnutls_datum_t * d, + gnutls_datum_t * p, + gnutls_datum_t * q, + gnutls_datum_t * u); + + int gnutls_openpgp_privkey_export(gnutls_openpgp_privkey_t key, + gnutls_openpgp_crt_fmt_t format, + const char *password, + unsigned int flags, + void *output_data, + size_t * output_data_size); + int gnutls_openpgp_privkey_export2(gnutls_openpgp_privkey_t key, + gnutls_openpgp_crt_fmt_t format, + const char *password, + unsigned int flags, + gnutls_datum_t * out); + + int + gnutls_openpgp_privkey_set_preferred_key_id + (gnutls_openpgp_privkey_t key, + const gnutls_openpgp_keyid_t keyid); + int gnutls_openpgp_privkey_get_preferred_key_id + (gnutls_openpgp_privkey_t key, gnutls_openpgp_keyid_t keyid); + + int gnutls_openpgp_crt_get_auth_subkey(gnutls_openpgp_crt_t crt, + gnutls_openpgp_keyid_t + keyid, unsigned int flag); /* Keyring stuff. */ - int gnutls_openpgp_keyring_init (gnutls_openpgp_keyring_t * keyring); - void gnutls_openpgp_keyring_deinit (gnutls_openpgp_keyring_t keyring); + int gnutls_openpgp_keyring_init(gnutls_openpgp_keyring_t * + keyring); + void gnutls_openpgp_keyring_deinit(gnutls_openpgp_keyring_t + keyring); - int gnutls_openpgp_keyring_import (gnutls_openpgp_keyring_t keyring, - const gnutls_datum_t * data, - gnutls_openpgp_crt_fmt_t format); + int gnutls_openpgp_keyring_import(gnutls_openpgp_keyring_t keyring, + const gnutls_datum_t * data, + gnutls_openpgp_crt_fmt_t format); - int gnutls_openpgp_keyring_check_id (gnutls_openpgp_keyring_t ring, - const gnutls_openpgp_keyid_t keyid, - unsigned int flags); + int gnutls_openpgp_keyring_check_id(gnutls_openpgp_keyring_t ring, + const gnutls_openpgp_keyid_t + keyid, unsigned int flags); - int gnutls_openpgp_crt_verify_ring (gnutls_openpgp_crt_t key, - gnutls_openpgp_keyring_t keyring, - unsigned int flags, unsigned int *verify - /* the output of the verification */ ); + int gnutls_openpgp_crt_verify_ring(gnutls_openpgp_crt_t key, + gnutls_openpgp_keyring_t + keyring, unsigned int flags, + unsigned int *verify + /* the output of the verification */ + ); - int gnutls_openpgp_crt_verify_self (gnutls_openpgp_crt_t key, - unsigned int flags, - unsigned int *verify); + int gnutls_openpgp_crt_verify_self(gnutls_openpgp_crt_t key, + unsigned int flags, + unsigned int *verify); - int gnutls_openpgp_keyring_get_crt (gnutls_openpgp_keyring_t ring, - unsigned int idx, - gnutls_openpgp_crt_t * cert); + int gnutls_openpgp_keyring_get_crt(gnutls_openpgp_keyring_t ring, + unsigned int idx, + gnutls_openpgp_crt_t * cert); - int gnutls_openpgp_keyring_get_crt_count (gnutls_openpgp_keyring_t ring); + int gnutls_openpgp_keyring_get_crt_count(gnutls_openpgp_keyring_t + ring); @@ -316,59 +328,56 @@ extern "C" * Returns: On success, %GNUTLS_E_SUCCESS (zero) is returned, * otherwise an error code is returned. */ - typedef int (*gnutls_openpgp_recv_key_func) (gnutls_session_t session, - const unsigned char *keyfpr, - unsigned int keyfpr_length, - gnutls_datum_t * key); + typedef int (*gnutls_openpgp_recv_key_func) (gnutls_session_t + session, + const unsigned char + *keyfpr, + unsigned int + keyfpr_length, + gnutls_datum_t * key); - void - gnutls_openpgp_set_recv_key_function (gnutls_session_t session, - gnutls_openpgp_recv_key_func func); + void + gnutls_openpgp_set_recv_key_function(gnutls_session_t session, + gnutls_openpgp_recv_key_func + func); /* certificate authentication stuff. */ - int gnutls_certificate_set_openpgp_key (gnutls_certificate_credentials_t res, - gnutls_openpgp_crt_t crt, - gnutls_openpgp_privkey_t pkey); - - int - gnutls_certificate_set_openpgp_key_file (gnutls_certificate_credentials_t - res, const char *certfile, - const char *keyfile, - gnutls_openpgp_crt_fmt_t format); - int gnutls_certificate_set_openpgp_key_mem (gnutls_certificate_credentials_t - res, - const gnutls_datum_t * cert, - const gnutls_datum_t * key, - gnutls_openpgp_crt_fmt_t - format); - - int - gnutls_certificate_set_openpgp_key_file2 (gnutls_certificate_credentials_t - res, const char *certfile, - const char *keyfile, - const char *subkey_id, - gnutls_openpgp_crt_fmt_t - format); - int - gnutls_certificate_set_openpgp_key_mem2 (gnutls_certificate_credentials_t - res, const gnutls_datum_t * cert, - const gnutls_datum_t * key, - const char *subkey_id, - gnutls_openpgp_crt_fmt_t format); - - int gnutls_certificate_set_openpgp_keyring_mem ( - gnutls_certificate_credentials_t c, const unsigned char *data, - size_t dlen, gnutls_openpgp_crt_fmt_t format); - - int gnutls_certificate_set_openpgp_keyring_file ( - gnutls_certificate_credentials_t c, const char *file, - gnutls_openpgp_crt_fmt_t format); + int gnutls_certificate_set_openpgp_key + (gnutls_certificate_credentials_t res, + gnutls_openpgp_crt_t crt, gnutls_openpgp_privkey_t pkey); + + int + gnutls_certificate_set_openpgp_key_file + (gnutls_certificate_credentials_t res, const char *certfile, + const char *keyfile, gnutls_openpgp_crt_fmt_t format); + int gnutls_certificate_set_openpgp_key_mem + (gnutls_certificate_credentials_t res, + const gnutls_datum_t * cert, const gnutls_datum_t * key, + gnutls_openpgp_crt_fmt_t format); + + int + gnutls_certificate_set_openpgp_key_file2 + (gnutls_certificate_credentials_t res, const char *certfile, + const char *keyfile, const char *subkey_id, + gnutls_openpgp_crt_fmt_t format); + int + gnutls_certificate_set_openpgp_key_mem2 + (gnutls_certificate_credentials_t res, + const gnutls_datum_t * cert, const gnutls_datum_t * key, + const char *subkey_id, gnutls_openpgp_crt_fmt_t format); + + int gnutls_certificate_set_openpgp_keyring_mem + (gnutls_certificate_credentials_t c, const unsigned char *data, + size_t dlen, gnutls_openpgp_crt_fmt_t format); + + int gnutls_certificate_set_openpgp_keyring_file + (gnutls_certificate_credentials_t c, const char *file, + gnutls_openpgp_crt_fmt_t format); #ifdef __cplusplus } #endif - -#endif /* GNUTLS_OPENPGP_H */ +#endif /* GNUTLS_OPENPGP_H */ diff --git a/lib/includes/gnutls/pkcs11.h b/lib/includes/gnutls/pkcs11.h index d3e641b7f1..13015c0bef 100644 --- a/lib/includes/gnutls/pkcs11.h +++ b/lib/includes/gnutls/pkcs11.h @@ -29,8 +29,7 @@ #include <gnutls/x509.h> #ifdef __cplusplus -extern "C" -{ +extern "C" { #endif #define GNUTLS_PKCS11_MAX_PIN_LEN 32 @@ -53,46 +52,51 @@ extern "C" * * Since: 2.12.0 **/ -typedef int (*gnutls_pkcs11_token_callback_t) (void *const userdata, - const char *const label, - unsigned retry); + typedef int (*gnutls_pkcs11_token_callback_t) (void *const + userdata, + const char *const + label, + unsigned retry); -struct gnutls_pkcs11_obj_st; -typedef struct gnutls_pkcs11_obj_st *gnutls_pkcs11_obj_t; + struct gnutls_pkcs11_obj_st; + typedef struct gnutls_pkcs11_obj_st *gnutls_pkcs11_obj_t; -#define GNUTLS_PKCS11_FLAG_MANUAL 0 /* Manual loading of libraries */ -#define GNUTLS_PKCS11_FLAG_AUTO 1 /* Automatically load libraries by reading /etc/gnutls/pkcs11.conf */ +#define GNUTLS_PKCS11_FLAG_MANUAL 0 /* Manual loading of libraries */ +#define GNUTLS_PKCS11_FLAG_AUTO 1 /* Automatically load libraries by reading /etc/gnutls/pkcs11.conf */ /* pkcs11.conf format: * load = /lib/xxx-pkcs11.so * load = /lib/yyy-pkcs11.so */ -int gnutls_pkcs11_init (unsigned int flags, const char *deprecated_config_file); -int gnutls_pkcs11_reinit (void); -void gnutls_pkcs11_deinit (void); -void gnutls_pkcs11_set_token_function (gnutls_pkcs11_token_callback_t fn, - void *userdata); - -void gnutls_pkcs11_set_pin_function (gnutls_pin_callback_t fn, - void *userdata); - -gnutls_pin_callback_t gnutls_pkcs11_get_pin_function (void **userdata); - -int gnutls_pkcs11_add_provider (const char *name, const char *params); -int gnutls_pkcs11_obj_init (gnutls_pkcs11_obj_t * obj); -void gnutls_pkcs11_obj_set_pin_function (gnutls_pkcs11_obj_t obj, - gnutls_pin_callback_t fn, - void *userdata); - -#define GNUTLS_PKCS11_OBJ_FLAG_LOGIN (1<<0) /* force login in the token for the operation */ -#define GNUTLS_PKCS11_OBJ_FLAG_MARK_TRUSTED (1<<1) /* object marked as trusted */ -#define GNUTLS_PKCS11_OBJ_FLAG_MARK_SENSITIVE (1<<2) /* object marked as sensitive (unexportable) */ -#define GNUTLS_PKCS11_OBJ_FLAG_LOGIN_SO (1<<3) /* force login as a security officer in the token for the operation */ -#define GNUTLS_PKCS11_OBJ_FLAG_MARK_PRIVATE (1<<4) /* marked as private (requires PIN to access) */ -#define GNUTLS_PKCS11_OBJ_FLAG_MARK_NOT_PRIVATE (1<<5) /* marked as not private */ + int gnutls_pkcs11_init(unsigned int flags, + const char *deprecated_config_file); + int gnutls_pkcs11_reinit(void); + void gnutls_pkcs11_deinit(void); + void gnutls_pkcs11_set_token_function + (gnutls_pkcs11_token_callback_t fn, void *userdata); + + void gnutls_pkcs11_set_pin_function(gnutls_pin_callback_t fn, + void *userdata); + + gnutls_pin_callback_t gnutls_pkcs11_get_pin_function(void + **userdata); + + int gnutls_pkcs11_add_provider(const char *name, + const char *params); + int gnutls_pkcs11_obj_init(gnutls_pkcs11_obj_t * obj); + void gnutls_pkcs11_obj_set_pin_function(gnutls_pkcs11_obj_t obj, + gnutls_pin_callback_t fn, + void *userdata); + +#define GNUTLS_PKCS11_OBJ_FLAG_LOGIN (1<<0) /* force login in the token for the operation */ +#define GNUTLS_PKCS11_OBJ_FLAG_MARK_TRUSTED (1<<1) /* object marked as trusted */ +#define GNUTLS_PKCS11_OBJ_FLAG_MARK_SENSITIVE (1<<2) /* object marked as sensitive (unexportable) */ +#define GNUTLS_PKCS11_OBJ_FLAG_LOGIN_SO (1<<3) /* force login as a security officer in the token for the operation */ +#define GNUTLS_PKCS11_OBJ_FLAG_MARK_PRIVATE (1<<4) /* marked as private (requires PIN to access) */ +#define GNUTLS_PKCS11_OBJ_FLAG_MARK_NOT_PRIVATE (1<<5) /* marked as not private */ /** * gnutls_pkcs11_url_type_t: @@ -102,41 +106,51 @@ void gnutls_pkcs11_obj_set_pin_function (gnutls_pkcs11_obj_t obj, * * Enumeration of different URL extraction flags. */ -typedef enum - { - GNUTLS_PKCS11_URL_GENERIC, /* URL specifies the object on token level */ - GNUTLS_PKCS11_URL_LIB, /* URL specifies the object on module level */ - GNUTLS_PKCS11_URL_LIB_VERSION /* URL specifies the object on module and version level */ - } gnutls_pkcs11_url_type_t; - -int gnutls_pkcs11_obj_import_url (gnutls_pkcs11_obj_t obj, - const char *url, - unsigned int flags - /* GNUTLS_PKCS11_OBJ_FLAG_* */ ); -int gnutls_pkcs11_obj_export_url (gnutls_pkcs11_obj_t obj, - gnutls_pkcs11_url_type_t detailed, - char **url); -void gnutls_pkcs11_obj_deinit (gnutls_pkcs11_obj_t obj); - -int gnutls_pkcs11_obj_export (gnutls_pkcs11_obj_t obj, - void *output_data, size_t * output_data_size); -int gnutls_pkcs11_obj_export2 (gnutls_pkcs11_obj_t obj, - gnutls_datum_t *out); - -int gnutls_pkcs11_copy_x509_crt (const char *token_url, gnutls_x509_crt_t crt, - const char *label, unsigned int flags - /* GNUTLS_PKCS11_OBJ_FLAG_* */ ); -int gnutls_pkcs11_copy_x509_privkey (const char *token_url, gnutls_x509_privkey_t key, - const char *label, unsigned int key_usage /*GNUTLS_KEY_* */, unsigned int flags - /* GNUTLS_PKCS11_OBJ_FLAG_* */ ); -int gnutls_pkcs11_delete_url (const char *object_url, unsigned int flags - /* GNUTLS_PKCS11_OBJ_FLAG_* */ ); - -int gnutls_pkcs11_copy_secret_key (const char *token_url, - gnutls_datum_t * key, const char *label, - unsigned int key_usage /* GNUTLS_KEY_* */ , - unsigned int flags - /* GNUTLS_PKCS11_OBJ_FLAG_* */ ); + typedef enum { + GNUTLS_PKCS11_URL_GENERIC, /* URL specifies the object on token level */ + GNUTLS_PKCS11_URL_LIB, /* URL specifies the object on module level */ + GNUTLS_PKCS11_URL_LIB_VERSION /* URL specifies the object on module and version level */ + } gnutls_pkcs11_url_type_t; + + int gnutls_pkcs11_obj_import_url(gnutls_pkcs11_obj_t obj, + const char *url, + unsigned int flags + /* GNUTLS_PKCS11_OBJ_FLAG_* */ ); + int gnutls_pkcs11_obj_export_url(gnutls_pkcs11_obj_t obj, + gnutls_pkcs11_url_type_t detailed, + char **url); + void gnutls_pkcs11_obj_deinit(gnutls_pkcs11_obj_t obj); + + int gnutls_pkcs11_obj_export(gnutls_pkcs11_obj_t obj, + void *output_data, + size_t * output_data_size); + int gnutls_pkcs11_obj_export2(gnutls_pkcs11_obj_t obj, + gnutls_datum_t * out); + + int gnutls_pkcs11_copy_x509_crt(const char *token_url, + gnutls_x509_crt_t crt, + const char *label, + unsigned int flags + /* GNUTLS_PKCS11_OBJ_FLAG_* */ ); + int gnutls_pkcs11_copy_x509_privkey(const char *token_url, + gnutls_x509_privkey_t key, + const char *label, + unsigned int key_usage + /*GNUTLS_KEY_* */ , + unsigned int flags + /* GNUTLS_PKCS11_OBJ_FLAG_* */ + ); + int gnutls_pkcs11_delete_url(const char *object_url, + unsigned int flags + /* GNUTLS_PKCS11_OBJ_FLAG_* */ ); + + int gnutls_pkcs11_copy_secret_key(const char *token_url, + gnutls_datum_t * key, + const char *label, + unsigned int key_usage + /* GNUTLS_KEY_* */ , + unsigned int flags + /* GNUTLS_PKCS11_OBJ_FLAG_* */ ); /** * gnutls_pkcs11_obj_info_t: @@ -153,24 +167,23 @@ int gnutls_pkcs11_copy_secret_key (const char *token_url, * * Enumeration of several object information types. */ -typedef enum - { - GNUTLS_PKCS11_OBJ_ID_HEX = 1, - GNUTLS_PKCS11_OBJ_LABEL, - GNUTLS_PKCS11_OBJ_TOKEN_LABEL, - GNUTLS_PKCS11_OBJ_TOKEN_SERIAL, - GNUTLS_PKCS11_OBJ_TOKEN_MANUFACTURER, - GNUTLS_PKCS11_OBJ_TOKEN_MODEL, - GNUTLS_PKCS11_OBJ_ID, - /* the pkcs11 provider library info */ - GNUTLS_PKCS11_OBJ_LIBRARY_VERSION, - GNUTLS_PKCS11_OBJ_LIBRARY_DESCRIPTION, - GNUTLS_PKCS11_OBJ_LIBRARY_MANUFACTURER - } gnutls_pkcs11_obj_info_t; - -int gnutls_pkcs11_obj_get_info (gnutls_pkcs11_obj_t crt, - gnutls_pkcs11_obj_info_t itype, void *output, - size_t * output_size); + typedef enum { + GNUTLS_PKCS11_OBJ_ID_HEX = 1, + GNUTLS_PKCS11_OBJ_LABEL, + GNUTLS_PKCS11_OBJ_TOKEN_LABEL, + GNUTLS_PKCS11_OBJ_TOKEN_SERIAL, + GNUTLS_PKCS11_OBJ_TOKEN_MANUFACTURER, + GNUTLS_PKCS11_OBJ_TOKEN_MODEL, + GNUTLS_PKCS11_OBJ_ID, + /* the pkcs11 provider library info */ + GNUTLS_PKCS11_OBJ_LIBRARY_VERSION, + GNUTLS_PKCS11_OBJ_LIBRARY_DESCRIPTION, + GNUTLS_PKCS11_OBJ_LIBRARY_MANUFACTURER + } gnutls_pkcs11_obj_info_t; + + int gnutls_pkcs11_obj_get_info(gnutls_pkcs11_obj_t crt, + gnutls_pkcs11_obj_info_t itype, + void *output, size_t * output_size); /** * gnutls_pkcs11_obj_attr_t: @@ -184,16 +197,15 @@ int gnutls_pkcs11_obj_get_info (gnutls_pkcs11_obj_t crt, * * Enumeration of several attributes for object enumeration. */ -typedef enum - { - GNUTLS_PKCS11_OBJ_ATTR_CRT_ALL = 1, /* all certificates */ - GNUTLS_PKCS11_OBJ_ATTR_CRT_TRUSTED, /* certificates marked as trusted */ - GNUTLS_PKCS11_OBJ_ATTR_CRT_WITH_PRIVKEY, /* certificates with corresponding private key */ - GNUTLS_PKCS11_OBJ_ATTR_PUBKEY, /* public keys */ - GNUTLS_PKCS11_OBJ_ATTR_PRIVKEY, /* private keys */ - GNUTLS_PKCS11_OBJ_ATTR_ALL, /* everything! */ - GNUTLS_PKCS11_OBJ_ATTR_CRT_TRUSTED_CA, /* CAs */ - } gnutls_pkcs11_obj_attr_t; + typedef enum { + GNUTLS_PKCS11_OBJ_ATTR_CRT_ALL = 1, /* all certificates */ + GNUTLS_PKCS11_OBJ_ATTR_CRT_TRUSTED, /* certificates marked as trusted */ + GNUTLS_PKCS11_OBJ_ATTR_CRT_WITH_PRIVKEY, /* certificates with corresponding private key */ + GNUTLS_PKCS11_OBJ_ATTR_PUBKEY, /* public keys */ + GNUTLS_PKCS11_OBJ_ATTR_PRIVKEY, /* private keys */ + GNUTLS_PKCS11_OBJ_ATTR_ALL, /* everything! */ + GNUTLS_PKCS11_OBJ_ATTR_CRT_TRUSTED_CA, /* CAs */ + } gnutls_pkcs11_obj_attr_t; /** * gnutls_pkcs11_token_info_t: @@ -204,13 +216,12 @@ typedef enum * * Enumeration of types for retrieving token information. */ -typedef enum - { - GNUTLS_PKCS11_TOKEN_LABEL, - GNUTLS_PKCS11_TOKEN_SERIAL, - GNUTLS_PKCS11_TOKEN_MANUFACTURER, - GNUTLS_PKCS11_TOKEN_MODEL - } gnutls_pkcs11_token_info_t; + typedef enum { + GNUTLS_PKCS11_TOKEN_LABEL, + GNUTLS_PKCS11_TOKEN_SERIAL, + GNUTLS_PKCS11_TOKEN_MANUFACTURER, + GNUTLS_PKCS11_TOKEN_MODEL + } gnutls_pkcs11_token_info_t; /** * gnutls_pkcs11_obj_type_t: @@ -223,108 +234,120 @@ typedef enum * * Enumeration of object types. */ -typedef enum - { - GNUTLS_PKCS11_OBJ_UNKNOWN, - GNUTLS_PKCS11_OBJ_X509_CRT, - GNUTLS_PKCS11_OBJ_PUBKEY, - GNUTLS_PKCS11_OBJ_PRIVKEY, - GNUTLS_PKCS11_OBJ_SECRET_KEY, - GNUTLS_PKCS11_OBJ_DATA - } gnutls_pkcs11_obj_type_t; - -int -gnutls_pkcs11_token_init (const char *token_url, - const char *so_pin, const char *label); - -int -gnutls_pkcs11_token_get_mechanism (const char *url, unsigned int idx, - unsigned long *mechanism); - -int gnutls_pkcs11_token_set_pin (const char *token_url, - const char *oldpin, - const char *newpin, - unsigned int flags /*gnutls_pin_flag_t */ - ); - -int gnutls_pkcs11_token_get_url (unsigned int seq, - gnutls_pkcs11_url_type_t detailed, - char **url); -int gnutls_pkcs11_token_get_info (const char *url, - gnutls_pkcs11_token_info_t ttype, - void *output, size_t * output_size); + typedef enum { + GNUTLS_PKCS11_OBJ_UNKNOWN, + GNUTLS_PKCS11_OBJ_X509_CRT, + GNUTLS_PKCS11_OBJ_PUBKEY, + GNUTLS_PKCS11_OBJ_PRIVKEY, + GNUTLS_PKCS11_OBJ_SECRET_KEY, + GNUTLS_PKCS11_OBJ_DATA + } gnutls_pkcs11_obj_type_t; + + int + gnutls_pkcs11_token_init(const char *token_url, + const char *so_pin, const char *label); + + int + gnutls_pkcs11_token_get_mechanism(const char *url, + unsigned int idx, + unsigned long *mechanism); + + int gnutls_pkcs11_token_set_pin(const char *token_url, const char *oldpin, const char *newpin, unsigned int flags /*gnutls_pin_flag_t */ + ); + + int gnutls_pkcs11_token_get_url(unsigned int seq, + gnutls_pkcs11_url_type_t detailed, + char **url); + int gnutls_pkcs11_token_get_info(const char *url, + gnutls_pkcs11_token_info_t ttype, + void *output, + size_t * output_size); #define GNUTLS_PKCS11_TOKEN_HW 1 -int gnutls_pkcs11_token_get_flags (const char *url, unsigned int *flags); - -int gnutls_pkcs11_obj_list_import_url (gnutls_pkcs11_obj_t * p_list, - unsigned int *const n_list, - const char *url, - gnutls_pkcs11_obj_attr_t attrs, - unsigned int flags - /* GNUTLS_PKCS11_OBJ_FLAG_* */ ); - -int -gnutls_pkcs11_obj_list_import_url2 (gnutls_pkcs11_obj_t ** p_list, - unsigned int *n_list, - const char *url, - gnutls_pkcs11_obj_attr_t attrs, - unsigned int flags - /* GNUTLS_PKCS11_OBJ_FLAG_* */ ); - -int gnutls_x509_crt_import_pkcs11 (gnutls_x509_crt_t crt, - gnutls_pkcs11_obj_t pkcs11_crt); -int gnutls_x509_crt_import_pkcs11_url (gnutls_x509_crt_t crt, const char *url, - unsigned int flags - /* GNUTLS_PKCS11_OBJ_FLAG_* */ ); - -gnutls_pkcs11_obj_type_t gnutls_pkcs11_obj_get_type (gnutls_pkcs11_obj_t obj); -const char *gnutls_pkcs11_type_get_name (gnutls_pkcs11_obj_type_t type); - -int gnutls_x509_crt_list_import_pkcs11 (gnutls_x509_crt_t * certs, - unsigned int cert_max, - gnutls_pkcs11_obj_t * const objs, - unsigned int flags /* must be zero */); + int gnutls_pkcs11_token_get_flags(const char *url, + unsigned int *flags); + + int gnutls_pkcs11_obj_list_import_url(gnutls_pkcs11_obj_t * p_list, + unsigned int *const n_list, + const char *url, + gnutls_pkcs11_obj_attr_t + attrs, unsigned int flags + /* GNUTLS_PKCS11_OBJ_FLAG_* */ + ); + + int + gnutls_pkcs11_obj_list_import_url2(gnutls_pkcs11_obj_t ** p_list, + unsigned int *n_list, + const char *url, + gnutls_pkcs11_obj_attr_t attrs, + unsigned int flags + /* GNUTLS_PKCS11_OBJ_FLAG_* */ + ); + + int gnutls_x509_crt_import_pkcs11(gnutls_x509_crt_t crt, + gnutls_pkcs11_obj_t pkcs11_crt); + int gnutls_x509_crt_import_pkcs11_url(gnutls_x509_crt_t crt, + const char *url, + unsigned int flags + /* GNUTLS_PKCS11_OBJ_FLAG_* */ + ); + + gnutls_pkcs11_obj_type_t + gnutls_pkcs11_obj_get_type(gnutls_pkcs11_obj_t obj); + const char *gnutls_pkcs11_type_get_name(gnutls_pkcs11_obj_type_t + type); + + int gnutls_x509_crt_list_import_pkcs11(gnutls_x509_crt_t * certs, + unsigned int cert_max, + gnutls_pkcs11_obj_t * + const objs, + unsigned int flags + /* must be zero */ ); /* private key functions...*/ -int gnutls_pkcs11_privkey_init (gnutls_pkcs11_privkey_t * key); -void gnutls_pkcs11_privkey_set_pin_function (gnutls_pkcs11_privkey_t key, - gnutls_pin_callback_t fn, - void *userdata); -void gnutls_pkcs11_privkey_deinit (gnutls_pkcs11_privkey_t key); -int gnutls_pkcs11_privkey_get_pk_algorithm (gnutls_pkcs11_privkey_t key, - unsigned int *bits); -int gnutls_pkcs11_privkey_get_info (gnutls_pkcs11_privkey_t pkey, - gnutls_pkcs11_obj_info_t itype, - void *output, size_t * output_size); - -int gnutls_pkcs11_privkey_import_url (gnutls_pkcs11_privkey_t pkey, - const char *url, unsigned int flags); - -int gnutls_pkcs11_privkey_export_url (gnutls_pkcs11_privkey_t key, - gnutls_pkcs11_url_type_t detailed, - char **url); -int gnutls_pkcs11_privkey_status (gnutls_pkcs11_privkey_t key); - -int gnutls_pkcs11_privkey_generate (const char* url, - gnutls_pk_algorithm_t pk, - unsigned int bits, - const char* label, unsigned int flags); - -int -gnutls_pkcs11_privkey_generate2 (const char* url, gnutls_pk_algorithm_t pk, - unsigned int bits, const char* label, - gnutls_x509_crt_fmt_t fmt, - gnutls_datum_t * pubkey, - unsigned int flags); - -int -gnutls_pkcs11_token_get_random (const char* token_url, - void* data, - size_t len); + int gnutls_pkcs11_privkey_init(gnutls_pkcs11_privkey_t * key); + void gnutls_pkcs11_privkey_set_pin_function(gnutls_pkcs11_privkey_t + key, + gnutls_pin_callback_t + fn, void *userdata); + void gnutls_pkcs11_privkey_deinit(gnutls_pkcs11_privkey_t key); + int gnutls_pkcs11_privkey_get_pk_algorithm(gnutls_pkcs11_privkey_t + key, + unsigned int *bits); + int gnutls_pkcs11_privkey_get_info(gnutls_pkcs11_privkey_t pkey, + gnutls_pkcs11_obj_info_t itype, + void *output, + size_t * output_size); + + int gnutls_pkcs11_privkey_import_url(gnutls_pkcs11_privkey_t pkey, + const char *url, + unsigned int flags); + + int gnutls_pkcs11_privkey_export_url(gnutls_pkcs11_privkey_t key, + gnutls_pkcs11_url_type_t + detailed, char **url); + int gnutls_pkcs11_privkey_status(gnutls_pkcs11_privkey_t key); + + int gnutls_pkcs11_privkey_generate(const char *url, + gnutls_pk_algorithm_t pk, + unsigned int bits, + const char *label, + unsigned int flags); + + int + gnutls_pkcs11_privkey_generate2(const char *url, + gnutls_pk_algorithm_t pk, + unsigned int bits, + const char *label, + gnutls_x509_crt_fmt_t fmt, + gnutls_datum_t * pubkey, + unsigned int flags); + + int + gnutls_pkcs11_token_get_random(const char *token_url, + void *data, size_t len); #ifdef __cplusplus } #endif - #endif diff --git a/lib/includes/gnutls/pkcs12.h b/lib/includes/gnutls/pkcs12.h index ef8f209679..ad1410d434 100644 --- a/lib/includes/gnutls/pkcs12.h +++ b/lib/includes/gnutls/pkcs12.h @@ -26,51 +26,57 @@ #include <gnutls/x509.h> #ifdef __cplusplus -extern "C" -{ +extern "C" { #endif - /* PKCS12 structures handling - */ - struct gnutls_pkcs12_int; - typedef struct gnutls_pkcs12_int *gnutls_pkcs12_t; - - struct gnutls_pkcs12_bag_int; - typedef struct gnutls_pkcs12_bag_int *gnutls_pkcs12_bag_t; - - int gnutls_pkcs12_init (gnutls_pkcs12_t * pkcs12); - void gnutls_pkcs12_deinit (gnutls_pkcs12_t pkcs12); - int gnutls_pkcs12_import (gnutls_pkcs12_t pkcs12, - const gnutls_datum_t * data, - gnutls_x509_crt_fmt_t format, unsigned int flags); - int gnutls_pkcs12_export (gnutls_pkcs12_t pkcs12, - gnutls_x509_crt_fmt_t format, - void *output_data, size_t * output_data_size); - int gnutls_pkcs12_export2 (gnutls_pkcs12_t pkcs12, - gnutls_x509_crt_fmt_t format, - gnutls_datum_t *out); - - int gnutls_pkcs12_get_bag (gnutls_pkcs12_t pkcs12, - int indx, gnutls_pkcs12_bag_t bag); - int gnutls_pkcs12_set_bag (gnutls_pkcs12_t pkcs12, gnutls_pkcs12_bag_t bag); - - int gnutls_pkcs12_generate_mac (gnutls_pkcs12_t pkcs12, const char *pass); - int gnutls_pkcs12_verify_mac (gnutls_pkcs12_t pkcs12, const char *pass); - - int gnutls_pkcs12_bag_decrypt (gnutls_pkcs12_bag_t bag, const char *pass); - int gnutls_pkcs12_bag_encrypt (gnutls_pkcs12_bag_t bag, const char *pass, - unsigned int flags); + /* PKCS12 structures handling + */ + struct gnutls_pkcs12_int; + typedef struct gnutls_pkcs12_int *gnutls_pkcs12_t; + + struct gnutls_pkcs12_bag_int; + typedef struct gnutls_pkcs12_bag_int *gnutls_pkcs12_bag_t; + + int gnutls_pkcs12_init(gnutls_pkcs12_t * pkcs12); + void gnutls_pkcs12_deinit(gnutls_pkcs12_t pkcs12); + int gnutls_pkcs12_import(gnutls_pkcs12_t pkcs12, + const gnutls_datum_t * data, + gnutls_x509_crt_fmt_t format, + unsigned int flags); + int gnutls_pkcs12_export(gnutls_pkcs12_t pkcs12, + gnutls_x509_crt_fmt_t format, + void *output_data, + size_t * output_data_size); + int gnutls_pkcs12_export2(gnutls_pkcs12_t pkcs12, + gnutls_x509_crt_fmt_t format, + gnutls_datum_t * out); + + int gnutls_pkcs12_get_bag(gnutls_pkcs12_t pkcs12, + int indx, gnutls_pkcs12_bag_t bag); + int gnutls_pkcs12_set_bag(gnutls_pkcs12_t pkcs12, + gnutls_pkcs12_bag_t bag); + + int gnutls_pkcs12_generate_mac(gnutls_pkcs12_t pkcs12, + const char *pass); + int gnutls_pkcs12_verify_mac(gnutls_pkcs12_t pkcs12, + const char *pass); + + int gnutls_pkcs12_bag_decrypt(gnutls_pkcs12_bag_t bag, + const char *pass); + int gnutls_pkcs12_bag_encrypt(gnutls_pkcs12_bag_t bag, + const char *pass, + unsigned int flags); #define GNUTLS_PKCS12_SP_INCLUDE_SELF_SIGNED 1 - int gnutls_pkcs12_simple_parse (gnutls_pkcs12_t p12, - const char *password, - gnutls_x509_privkey_t * key, - gnutls_x509_crt_t ** chain, - unsigned int * chain_len, - gnutls_x509_crt_t ** extra_certs, - unsigned int * extra_certs_len, - gnutls_x509_crl_t * crl, - unsigned int flags); + int gnutls_pkcs12_simple_parse(gnutls_pkcs12_t p12, + const char *password, + gnutls_x509_privkey_t * key, + gnutls_x509_crt_t ** chain, + unsigned int *chain_len, + gnutls_x509_crt_t ** extra_certs, + unsigned int *extra_certs_len, + gnutls_x509_crl_t * crl, + unsigned int flags); /** * gnutls_pkcs12_bag_type_t: @@ -85,50 +91,49 @@ extern "C" * * Enumeration of different PKCS 12 bag types. */ - typedef enum gnutls_pkcs12_bag_type_t - { - GNUTLS_BAG_EMPTY = 0, - GNUTLS_BAG_PKCS8_ENCRYPTED_KEY = 1, - GNUTLS_BAG_PKCS8_KEY = 2, - GNUTLS_BAG_CERTIFICATE = 3, - GNUTLS_BAG_CRL = 4, - GNUTLS_BAG_SECRET = 5, /* Secret data. Underspecified in pkcs-12, - * gnutls extension. We use the PKCS-9 - * random nonce ID 1.2.840.113549.1.9.25.3 - * to store randomly generated keys. - */ - GNUTLS_BAG_ENCRYPTED = 10, - GNUTLS_BAG_UNKNOWN = 20 - } gnutls_pkcs12_bag_type_t; - - gnutls_pkcs12_bag_type_t - gnutls_pkcs12_bag_get_type (gnutls_pkcs12_bag_t bag, int indx); - int gnutls_pkcs12_bag_get_data (gnutls_pkcs12_bag_t bag, int indx, - gnutls_datum_t * data); - int gnutls_pkcs12_bag_set_data (gnutls_pkcs12_bag_t bag, - gnutls_pkcs12_bag_type_t type, - const gnutls_datum_t * data); - int gnutls_pkcs12_bag_set_crl (gnutls_pkcs12_bag_t bag, - gnutls_x509_crl_t crl); - int gnutls_pkcs12_bag_set_crt (gnutls_pkcs12_bag_t bag, - gnutls_x509_crt_t crt); - - int gnutls_pkcs12_bag_init (gnutls_pkcs12_bag_t * bag); - void gnutls_pkcs12_bag_deinit (gnutls_pkcs12_bag_t bag); - int gnutls_pkcs12_bag_get_count (gnutls_pkcs12_bag_t bag); - - int gnutls_pkcs12_bag_get_key_id (gnutls_pkcs12_bag_t bag, int indx, - gnutls_datum_t * id); - int gnutls_pkcs12_bag_set_key_id (gnutls_pkcs12_bag_t bag, int indx, - const gnutls_datum_t * id); - - int gnutls_pkcs12_bag_get_friendly_name (gnutls_pkcs12_bag_t bag, int indx, - char **name); - int gnutls_pkcs12_bag_set_friendly_name (gnutls_pkcs12_bag_t bag, int indx, - const char *name); + typedef enum gnutls_pkcs12_bag_type_t { + GNUTLS_BAG_EMPTY = 0, + GNUTLS_BAG_PKCS8_ENCRYPTED_KEY = 1, + GNUTLS_BAG_PKCS8_KEY = 2, + GNUTLS_BAG_CERTIFICATE = 3, + GNUTLS_BAG_CRL = 4, + GNUTLS_BAG_SECRET = 5, /* Secret data. Underspecified in pkcs-12, + * gnutls extension. We use the PKCS-9 + * random nonce ID 1.2.840.113549.1.9.25.3 + * to store randomly generated keys. + */ + GNUTLS_BAG_ENCRYPTED = 10, + GNUTLS_BAG_UNKNOWN = 20 + } gnutls_pkcs12_bag_type_t; + + gnutls_pkcs12_bag_type_t + gnutls_pkcs12_bag_get_type(gnutls_pkcs12_bag_t bag, int indx); + int gnutls_pkcs12_bag_get_data(gnutls_pkcs12_bag_t bag, int indx, + gnutls_datum_t * data); + int gnutls_pkcs12_bag_set_data(gnutls_pkcs12_bag_t bag, + gnutls_pkcs12_bag_type_t type, + const gnutls_datum_t * data); + int gnutls_pkcs12_bag_set_crl(gnutls_pkcs12_bag_t bag, + gnutls_x509_crl_t crl); + int gnutls_pkcs12_bag_set_crt(gnutls_pkcs12_bag_t bag, + gnutls_x509_crt_t crt); + + int gnutls_pkcs12_bag_init(gnutls_pkcs12_bag_t * bag); + void gnutls_pkcs12_bag_deinit(gnutls_pkcs12_bag_t bag); + int gnutls_pkcs12_bag_get_count(gnutls_pkcs12_bag_t bag); + + int gnutls_pkcs12_bag_get_key_id(gnutls_pkcs12_bag_t bag, int indx, + gnutls_datum_t * id); + int gnutls_pkcs12_bag_set_key_id(gnutls_pkcs12_bag_t bag, int indx, + const gnutls_datum_t * id); + + int gnutls_pkcs12_bag_get_friendly_name(gnutls_pkcs12_bag_t bag, + int indx, char **name); + int gnutls_pkcs12_bag_set_friendly_name(gnutls_pkcs12_bag_t bag, + int indx, + const char *name); #ifdef __cplusplus } #endif - -#endif /* GNUTLS_PKCS12_H */ +#endif /* GNUTLS_PKCS12_H */ diff --git a/lib/includes/gnutls/tpm.h b/lib/includes/gnutls/tpm.h index 4d59d2e504..cf2c0dd566 100644 --- a/lib/includes/gnutls/tpm.h +++ b/lib/includes/gnutls/tpm.h @@ -27,12 +27,11 @@ #include <gnutls/x509.h> #ifdef __cplusplus -extern "C" -{ +extern "C" { #endif -struct tpm_key_list_st; -typedef struct tpm_key_list_st *gnutls_tpm_key_list_t; + struct tpm_key_list_st; + typedef struct tpm_key_list_st *gnutls_tpm_key_list_t; #define GNUTLS_TPM_KEY_SIGNING (1<<1) #define GNUTLS_TPM_REGISTER_KEY (1<<2) @@ -46,31 +45,33 @@ typedef struct tpm_key_list_st *gnutls_tpm_key_list_t; * * Enumeration of different certificate encoding formats. */ - typedef enum - { - GNUTLS_TPMKEY_FMT_RAW = 0, - GNUTLS_TPMKEY_FMT_DER = GNUTLS_TPMKEY_FMT_RAW, - GNUTLS_TPMKEY_FMT_CTK_PEM = 1 - } gnutls_tpmkey_fmt_t; + typedef enum { + GNUTLS_TPMKEY_FMT_RAW = 0, + GNUTLS_TPMKEY_FMT_DER = GNUTLS_TPMKEY_FMT_RAW, + GNUTLS_TPMKEY_FMT_CTK_PEM = 1 + } gnutls_tpmkey_fmt_t; -int -gnutls_tpm_privkey_generate (gnutls_pk_algorithm_t pk, unsigned int bits, - const char* srk_password, - const char* key_password, - gnutls_tpmkey_fmt_t format, - gnutls_x509_crt_fmt_t pub_format, - gnutls_datum_t* privkey, - gnutls_datum_t* pubkey, - unsigned int flags); + int + gnutls_tpm_privkey_generate(gnutls_pk_algorithm_t pk, + unsigned int bits, + const char *srk_password, + const char *key_password, + gnutls_tpmkey_fmt_t format, + gnutls_x509_crt_fmt_t pub_format, + gnutls_datum_t * privkey, + gnutls_datum_t * pubkey, + unsigned int flags); -void gnutls_tpm_key_list_deinit (gnutls_tpm_key_list_t list); -int gnutls_tpm_key_list_get_url (gnutls_tpm_key_list_t list, unsigned int idx, char** url, unsigned int flags); -int gnutls_tpm_get_registered (gnutls_tpm_key_list_t *list); -int gnutls_tpm_privkey_delete (const char* url, const char* srk_password); + void gnutls_tpm_key_list_deinit(gnutls_tpm_key_list_t list); + int gnutls_tpm_key_list_get_url(gnutls_tpm_key_list_t list, + unsigned int idx, char **url, + unsigned int flags); + int gnutls_tpm_get_registered(gnutls_tpm_key_list_t * list); + int gnutls_tpm_privkey_delete(const char *url, + const char *srk_password); #ifdef __cplusplus } #endif - #endif diff --git a/lib/includes/gnutls/x509.h b/lib/includes/gnutls/x509.h index 3e2bf2b570..c06ff4735e 100644 --- a/lib/includes/gnutls/x509.h +++ b/lib/includes/gnutls/x509.h @@ -30,8 +30,7 @@ #include <gnutls/gnutls.h> #ifdef __cplusplus -extern "C" -{ +extern "C" { #endif /* Some OIDs usually found in Distinguished names, or @@ -100,94 +99,118 @@ extern "C" * * Enumeration of different certificate import flags. */ - typedef enum gnutls_certificate_import_flags - { - GNUTLS_X509_CRT_LIST_IMPORT_FAIL_IF_EXCEED = 1, - GNUTLS_X509_CRT_LIST_FAIL_IF_UNSORTED = 2 - } gnutls_certificate_import_flags; - - int gnutls_x509_crt_init (gnutls_x509_crt_t * cert); - void gnutls_x509_crt_deinit (gnutls_x509_crt_t cert); - int gnutls_x509_crt_import (gnutls_x509_crt_t cert, - const gnutls_datum_t * data, - gnutls_x509_crt_fmt_t format); - int gnutls_x509_crt_list_import2 (gnutls_x509_crt_t ** certs, - unsigned int * size, - const gnutls_datum_t * data, - gnutls_x509_crt_fmt_t format, unsigned int flags); - int gnutls_x509_crt_list_import (gnutls_x509_crt_t * certs, - unsigned int *cert_max, - const gnutls_datum_t * data, - gnutls_x509_crt_fmt_t format, - unsigned int flags); - int gnutls_x509_crt_export (gnutls_x509_crt_t cert, - gnutls_x509_crt_fmt_t format, - void *output_data, size_t * output_data_size); - int gnutls_x509_crt_export2 (gnutls_x509_crt_t cert, - gnutls_x509_crt_fmt_t format, - gnutls_datum_t* out); - int gnutls_x509_crt_get_private_key_usage_period (gnutls_x509_crt_t cert, time_t* activation, time_t* expiration, - unsigned int *critical); - - int gnutls_x509_crt_get_issuer_dn (gnutls_x509_crt_t cert, char *buf, - size_t * buf_size); - int gnutls_x509_crt_get_issuer_dn2 (gnutls_x509_crt_t cert, gnutls_datum_t* dn); - int gnutls_x509_crt_get_issuer_dn_oid (gnutls_x509_crt_t cert, int indx, - void *oid, size_t * oid_size); - int gnutls_x509_crt_get_issuer_dn_by_oid (gnutls_x509_crt_t cert, - const char *oid, int indx, - unsigned int raw_flag, - void *buf, size_t * buf_size); - int gnutls_x509_crt_get_dn (gnutls_x509_crt_t cert, char *buf, - size_t * buf_size); - int gnutls_x509_crt_get_dn2 (gnutls_x509_crt_t cert, gnutls_datum_t* dn); - int gnutls_x509_crt_get_dn_oid (gnutls_x509_crt_t cert, int indx, - void *oid, size_t * oid_size); - int gnutls_x509_crt_get_dn_by_oid (gnutls_x509_crt_t cert, - const char *oid, int indx, - unsigned int raw_flag, void *buf, - size_t * buf_size); - int gnutls_x509_crt_check_hostname (gnutls_x509_crt_t cert, - const char *hostname); - - int gnutls_x509_crt_get_signature_algorithm (gnutls_x509_crt_t cert); - int gnutls_x509_crt_get_signature (gnutls_x509_crt_t cert, - char *sig, size_t * sizeof_sig); - int gnutls_x509_crt_get_version (gnutls_x509_crt_t cert); - int gnutls_x509_crt_get_key_id (gnutls_x509_crt_t crt, - unsigned int flags, - unsigned char *output_data, - size_t * output_data_size); - - int gnutls_x509_crt_set_private_key_usage_period (gnutls_x509_crt_t crt, - time_t activation, - time_t expiration); - int gnutls_x509_crt_set_authority_key_id (gnutls_x509_crt_t cert, - const void *id, size_t id_size); - int gnutls_x509_crt_get_authority_key_id (gnutls_x509_crt_t cert, - void *id, size_t * id_size, - unsigned int *critical); - int gnutls_x509_crt_get_authority_key_gn_serial (gnutls_x509_crt_t cert, - unsigned int seq, - void *alt, - size_t * alt_size, - unsigned int *alt_type, - void* serial, - size_t *serial_size, - unsigned int *critical); - - int gnutls_x509_crt_get_subject_key_id (gnutls_x509_crt_t cert, - void *ret, size_t * ret_size, - unsigned int *critical); - - int gnutls_x509_crt_get_subject_unique_id (gnutls_x509_crt_t crt, char *buf, - size_t * buf_size); - - int gnutls_x509_crt_get_issuer_unique_id (gnutls_x509_crt_t crt, char *buf, - size_t * buf_size); - - void gnutls_x509_crt_set_pin_function (gnutls_x509_crt_t crt, - gnutls_pin_callback_t fn, void *userdata); + typedef enum gnutls_certificate_import_flags { + GNUTLS_X509_CRT_LIST_IMPORT_FAIL_IF_EXCEED = 1, + GNUTLS_X509_CRT_LIST_FAIL_IF_UNSORTED = 2 + } gnutls_certificate_import_flags; + + int gnutls_x509_crt_init(gnutls_x509_crt_t * cert); + void gnutls_x509_crt_deinit(gnutls_x509_crt_t cert); + int gnutls_x509_crt_import(gnutls_x509_crt_t cert, + const gnutls_datum_t * data, + gnutls_x509_crt_fmt_t format); + int gnutls_x509_crt_list_import2(gnutls_x509_crt_t ** certs, + unsigned int *size, + const gnutls_datum_t * data, + gnutls_x509_crt_fmt_t format, + unsigned int flags); + int gnutls_x509_crt_list_import(gnutls_x509_crt_t * certs, + unsigned int *cert_max, + const gnutls_datum_t * data, + gnutls_x509_crt_fmt_t format, + unsigned int flags); + int gnutls_x509_crt_export(gnutls_x509_crt_t cert, + gnutls_x509_crt_fmt_t format, + void *output_data, + size_t * output_data_size); + int gnutls_x509_crt_export2(gnutls_x509_crt_t cert, + gnutls_x509_crt_fmt_t format, + gnutls_datum_t * out); + int gnutls_x509_crt_get_private_key_usage_period(gnutls_x509_crt_t + cert, + time_t * + activation, + time_t * + expiration, + unsigned int + *critical); + + int gnutls_x509_crt_get_issuer_dn(gnutls_x509_crt_t cert, + char *buf, size_t * buf_size); + int gnutls_x509_crt_get_issuer_dn2(gnutls_x509_crt_t cert, + gnutls_datum_t * dn); + int gnutls_x509_crt_get_issuer_dn_oid(gnutls_x509_crt_t cert, + int indx, void *oid, + size_t * oid_size); + int gnutls_x509_crt_get_issuer_dn_by_oid(gnutls_x509_crt_t cert, + const char *oid, int indx, + unsigned int raw_flag, + void *buf, + size_t * buf_size); + int gnutls_x509_crt_get_dn(gnutls_x509_crt_t cert, char *buf, + size_t * buf_size); + int gnutls_x509_crt_get_dn2(gnutls_x509_crt_t cert, + gnutls_datum_t * dn); + int gnutls_x509_crt_get_dn_oid(gnutls_x509_crt_t cert, int indx, + void *oid, size_t * oid_size); + int gnutls_x509_crt_get_dn_by_oid(gnutls_x509_crt_t cert, + const char *oid, int indx, + unsigned int raw_flag, void *buf, + size_t * buf_size); + int gnutls_x509_crt_check_hostname(gnutls_x509_crt_t cert, + const char *hostname); + + int gnutls_x509_crt_get_signature_algorithm(gnutls_x509_crt_t + cert); + int gnutls_x509_crt_get_signature(gnutls_x509_crt_t cert, + char *sig, size_t * sizeof_sig); + int gnutls_x509_crt_get_version(gnutls_x509_crt_t cert); + int gnutls_x509_crt_get_key_id(gnutls_x509_crt_t crt, + unsigned int flags, + unsigned char *output_data, + size_t * output_data_size); + + int gnutls_x509_crt_set_private_key_usage_period(gnutls_x509_crt_t + crt, + time_t activation, + time_t + expiration); + int gnutls_x509_crt_set_authority_key_id(gnutls_x509_crt_t cert, + const void *id, + size_t id_size); + int gnutls_x509_crt_get_authority_key_id(gnutls_x509_crt_t cert, + void *id, + size_t * id_size, + unsigned int *critical); + int gnutls_x509_crt_get_authority_key_gn_serial(gnutls_x509_crt_t + cert, + unsigned int seq, + void *alt, + size_t * alt_size, + unsigned int + *alt_type, + void *serial, + size_t * + serial_size, + unsigned int + *critical); + + int gnutls_x509_crt_get_subject_key_id(gnutls_x509_crt_t cert, + void *ret, + size_t * ret_size, + unsigned int *critical); + + int gnutls_x509_crt_get_subject_unique_id(gnutls_x509_crt_t crt, + char *buf, + size_t * buf_size); + + int gnutls_x509_crt_get_issuer_unique_id(gnutls_x509_crt_t crt, + char *buf, + size_t * buf_size); + + void gnutls_x509_crt_set_pin_function(gnutls_x509_crt_t crt, + gnutls_pin_callback_t fn, + void *userdata); /** * gnutls_info_access_what_t: @@ -200,22 +223,24 @@ extern "C" * Enumeration of types for the @what parameter of * gnutls_x509_crt_get_authority_info_access(). */ - typedef enum gnutls_info_access_what_t - { - GNUTLS_IA_ACCESSMETHOD_OID = 1, - GNUTLS_IA_ACCESSLOCATION_GENERALNAME_TYPE = 2, - /* use 100-108 for the generalName types, populate as needed */ - GNUTLS_IA_URI = 106, - /* quick-access variants that match both OID and name type. */ - GNUTLS_IA_OCSP_URI = 10006, - GNUTLS_IA_CAISSUERS_URI = 10106 - } gnutls_info_access_what_t; - - int gnutls_x509_crt_get_authority_info_access (gnutls_x509_crt_t crt, - unsigned int seq, - int what, - gnutls_datum_t * data, - unsigned int *critical); + typedef enum gnutls_info_access_what_t { + GNUTLS_IA_ACCESSMETHOD_OID = 1, + GNUTLS_IA_ACCESSLOCATION_GENERALNAME_TYPE = 2, + /* use 100-108 for the generalName types, populate as needed */ + GNUTLS_IA_URI = 106, + /* quick-access variants that match both OID and name type. */ + GNUTLS_IA_OCSP_URI = 10006, + GNUTLS_IA_CAISSUERS_URI = 10106 + } gnutls_info_access_what_t; + + int gnutls_x509_crt_get_authority_info_access(gnutls_x509_crt_t + crt, + unsigned int seq, + int what, + gnutls_datum_t * + data, + unsigned int + *critical); #define GNUTLS_CRL_REASON_SUPERSEEDED GNUTLS_CRL_REASON_SUPERSEDED, /** @@ -232,110 +257,125 @@ extern "C" * * Enumeration of types for the CRL revocation reasons. */ - typedef enum gnutls_x509_crl_reason_flags_t - { - GNUTLS_CRL_REASON_UNSPECIFIED=0, - GNUTLS_CRL_REASON_PRIVILEGE_WITHDRAWN=1, - GNUTLS_CRL_REASON_CERTIFICATE_HOLD=2, - GNUTLS_CRL_REASON_CESSATION_OF_OPERATION=4, - GNUTLS_CRL_REASON_SUPERSEDED=8, - GNUTLS_CRL_REASON_AFFILIATION_CHANGED=16, - GNUTLS_CRL_REASON_CA_COMPROMISE=32, - GNUTLS_CRL_REASON_KEY_COMPROMISE=64, - GNUTLS_CRL_REASON_UNUSED=128, - GNUTLS_CRL_REASON_AA_COMPROMISE=32768 - } gnutls_x509_crl_reason_flags_t; - - int gnutls_x509_crt_get_crl_dist_points (gnutls_x509_crt_t cert, - unsigned int seq, void *ret, - size_t * ret_size, - unsigned int *reason_flags, - unsigned int *critical); - int gnutls_x509_crt_set_crl_dist_points2 (gnutls_x509_crt_t crt, - gnutls_x509_subject_alt_name_t - type, const void *data, - unsigned int data_size, - unsigned int reason_flags); - int gnutls_x509_crt_set_crl_dist_points (gnutls_x509_crt_t crt, - gnutls_x509_subject_alt_name_t - type, const void *data_string, - unsigned int reason_flags); - int gnutls_x509_crt_cpy_crl_dist_points (gnutls_x509_crt_t dst, - gnutls_x509_crt_t src); - - int gnutls_x509_crl_sign2 (gnutls_x509_crl_t crl, - gnutls_x509_crt_t issuer, - gnutls_x509_privkey_t issuer_key, - gnutls_digest_algorithm_t dig, - unsigned int flags); - - time_t gnutls_x509_crt_get_activation_time (gnutls_x509_crt_t cert); - time_t gnutls_x509_crt_get_expiration_time (gnutls_x509_crt_t cert); - int gnutls_x509_crt_get_serial (gnutls_x509_crt_t cert, void *result, - size_t * result_size); - - int gnutls_x509_crt_get_pk_algorithm (gnutls_x509_crt_t cert, - unsigned int *bits); - int gnutls_x509_crt_get_pk_rsa_raw (gnutls_x509_crt_t crt, - gnutls_datum_t * m, gnutls_datum_t * e); - int gnutls_x509_crt_get_pk_dsa_raw (gnutls_x509_crt_t crt, - gnutls_datum_t * p, - gnutls_datum_t * q, - gnutls_datum_t * g, gnutls_datum_t * y); - - int gnutls_x509_crt_get_subject_alt_name (gnutls_x509_crt_t cert, - unsigned int seq, void *san, - size_t * san_size, - unsigned int *critical); - int gnutls_x509_crt_get_subject_alt_name2 (gnutls_x509_crt_t cert, - unsigned int seq, void *san, - size_t * san_size, - unsigned int *san_type, - unsigned int *critical); - - int gnutls_x509_crt_get_subject_alt_othername_oid (gnutls_x509_crt_t cert, - unsigned int seq, - void *oid, - size_t * oid_size); - - int gnutls_x509_crt_get_issuer_alt_name (gnutls_x509_crt_t cert, - unsigned int seq, void *ian, - size_t * ian_size, - unsigned int *critical); - int gnutls_x509_crt_get_issuer_alt_name2 (gnutls_x509_crt_t cert, - unsigned int seq, void *ian, - size_t * ian_size, - unsigned int *ian_type, - unsigned int *critical); - - int gnutls_x509_crt_get_issuer_alt_othername_oid (gnutls_x509_crt_t cert, - unsigned int seq, - void *ret, - size_t * ret_size); - - int gnutls_x509_crt_get_ca_status (gnutls_x509_crt_t cert, - unsigned int *critical); - int gnutls_x509_crt_get_basic_constraints (gnutls_x509_crt_t cert, - unsigned int *critical, - unsigned int *ca, int *pathlen); + typedef enum gnutls_x509_crl_reason_flags_t { + GNUTLS_CRL_REASON_UNSPECIFIED = 0, + GNUTLS_CRL_REASON_PRIVILEGE_WITHDRAWN = 1, + GNUTLS_CRL_REASON_CERTIFICATE_HOLD = 2, + GNUTLS_CRL_REASON_CESSATION_OF_OPERATION = 4, + GNUTLS_CRL_REASON_SUPERSEDED = 8, + GNUTLS_CRL_REASON_AFFILIATION_CHANGED = 16, + GNUTLS_CRL_REASON_CA_COMPROMISE = 32, + GNUTLS_CRL_REASON_KEY_COMPROMISE = 64, + GNUTLS_CRL_REASON_UNUSED = 128, + GNUTLS_CRL_REASON_AA_COMPROMISE = 32768 + } gnutls_x509_crl_reason_flags_t; + + int gnutls_x509_crt_get_crl_dist_points(gnutls_x509_crt_t cert, + unsigned int seq, + void *ret, + size_t * ret_size, + unsigned int *reason_flags, + unsigned int *critical); + int gnutls_x509_crt_set_crl_dist_points2(gnutls_x509_crt_t crt, + gnutls_x509_subject_alt_name_t + type, const void *data, + unsigned int data_size, + unsigned int + reason_flags); + int gnutls_x509_crt_set_crl_dist_points(gnutls_x509_crt_t crt, + gnutls_x509_subject_alt_name_t + type, + const void *data_string, + unsigned int reason_flags); + int gnutls_x509_crt_cpy_crl_dist_points(gnutls_x509_crt_t dst, + gnutls_x509_crt_t src); + + int gnutls_x509_crl_sign2(gnutls_x509_crl_t crl, + gnutls_x509_crt_t issuer, + gnutls_x509_privkey_t issuer_key, + gnutls_digest_algorithm_t dig, + unsigned int flags); + + time_t gnutls_x509_crt_get_activation_time(gnutls_x509_crt_t cert); + time_t gnutls_x509_crt_get_expiration_time(gnutls_x509_crt_t cert); + int gnutls_x509_crt_get_serial(gnutls_x509_crt_t cert, + void *result, size_t * result_size); + + int gnutls_x509_crt_get_pk_algorithm(gnutls_x509_crt_t cert, + unsigned int *bits); + int gnutls_x509_crt_get_pk_rsa_raw(gnutls_x509_crt_t crt, + gnutls_datum_t * m, + gnutls_datum_t * e); + int gnutls_x509_crt_get_pk_dsa_raw(gnutls_x509_crt_t crt, + gnutls_datum_t * p, + gnutls_datum_t * q, + gnutls_datum_t * g, + gnutls_datum_t * y); + + int gnutls_x509_crt_get_subject_alt_name(gnutls_x509_crt_t cert, + unsigned int seq, + void *san, + size_t * san_size, + unsigned int *critical); + int gnutls_x509_crt_get_subject_alt_name2(gnutls_x509_crt_t cert, + unsigned int seq, + void *san, + size_t * san_size, + unsigned int *san_type, + unsigned int *critical); + + int gnutls_x509_crt_get_subject_alt_othername_oid(gnutls_x509_crt_t + cert, + unsigned int seq, + void *oid, + size_t * + oid_size); + + int gnutls_x509_crt_get_issuer_alt_name(gnutls_x509_crt_t cert, + unsigned int seq, + void *ian, + size_t * ian_size, + unsigned int *critical); + int gnutls_x509_crt_get_issuer_alt_name2(gnutls_x509_crt_t cert, + unsigned int seq, + void *ian, + size_t * ian_size, + unsigned int *ian_type, + unsigned int *critical); + + int gnutls_x509_crt_get_issuer_alt_othername_oid(gnutls_x509_crt_t + cert, + unsigned int seq, + void *ret, + size_t * + ret_size); + + int gnutls_x509_crt_get_ca_status(gnutls_x509_crt_t cert, + unsigned int *critical); + int gnutls_x509_crt_get_basic_constraints(gnutls_x509_crt_t cert, + unsigned int *critical, + unsigned int *ca, + int *pathlen); /* The key_usage flags are defined in gnutls.h. They are the * GNUTLS_KEY_* definitions. */ - int gnutls_x509_crt_get_key_usage (gnutls_x509_crt_t cert, - unsigned int *key_usage, - unsigned int *critical); - int gnutls_x509_crt_set_key_usage (gnutls_x509_crt_t crt, - unsigned int usage); - int gnutls_x509_crt_set_authority_info_access (gnutls_x509_crt_t crt, - int what, - gnutls_datum_t * data); - - int gnutls_x509_crt_get_proxy (gnutls_x509_crt_t cert, - unsigned int *critical, - int *pathlen, - char **policyLanguage, - char **policy, size_t * sizeof_policy); + int gnutls_x509_crt_get_key_usage(gnutls_x509_crt_t cert, + unsigned int *key_usage, + unsigned int *critical); + int gnutls_x509_crt_set_key_usage(gnutls_x509_crt_t crt, + unsigned int usage); + int gnutls_x509_crt_set_authority_info_access(gnutls_x509_crt_t + crt, int what, + gnutls_datum_t * + data); + + int gnutls_x509_crt_get_proxy(gnutls_x509_crt_t cert, + unsigned int *critical, + int *pathlen, + char **policyLanguage, + char **policy, + size_t * sizeof_policy); #define GNUTLS_MAX_QUALIFIERS 8 @@ -347,310 +387,349 @@ extern "C" * * Enumeration of types for the X.509 qualifiers, of the certificate policy extension. */ - typedef enum gnutls_x509_qualifier_t - { - GNUTLS_X509_QUALIFIER_UNKNOWN = 0, GNUTLS_X509_QUALIFIER_URI, - GNUTLS_X509_QUALIFIER_NOTICE - } gnutls_x509_qualifier_t; - - typedef struct gnutls_x509_policy_st - { - char* oid; - unsigned int qualifiers; - struct { - gnutls_x509_qualifier_t type; - char* data; - unsigned int size; - } qualifier[GNUTLS_MAX_QUALIFIERS]; - } gnutls_x509_policy_st; - - void gnutls_x509_policy_release(struct gnutls_x509_policy_st* policy); - int gnutls_x509_crt_get_policy (gnutls_x509_crt_t crt, int indx, - struct gnutls_x509_policy_st* policy, - unsigned int * critical); - int gnutls_x509_crt_set_policy (gnutls_x509_crt_t crt, struct gnutls_x509_policy_st* policy, - unsigned int critical); - - int gnutls_x509_dn_oid_known (const char *oid); + typedef enum gnutls_x509_qualifier_t { + GNUTLS_X509_QUALIFIER_UNKNOWN = + 0, GNUTLS_X509_QUALIFIER_URI, + GNUTLS_X509_QUALIFIER_NOTICE + } gnutls_x509_qualifier_t; + + typedef struct gnutls_x509_policy_st { + char *oid; + unsigned int qualifiers; + struct { + gnutls_x509_qualifier_t type; + char *data; + unsigned int size; + } qualifier[GNUTLS_MAX_QUALIFIERS]; + } gnutls_x509_policy_st; + + void gnutls_x509_policy_release(struct gnutls_x509_policy_st + *policy); + int gnutls_x509_crt_get_policy(gnutls_x509_crt_t crt, int indx, + struct gnutls_x509_policy_st + *policy, unsigned int *critical); + int gnutls_x509_crt_set_policy(gnutls_x509_crt_t crt, + struct gnutls_x509_policy_st + *policy, unsigned int critical); + + int gnutls_x509_dn_oid_known(const char *oid); #define GNUTLS_X509_DN_OID_RETURN_OID 1 - const char* gnutls_x509_dn_oid_name (const char *oid, unsigned int flags); - - /* Read extensions by OID. */ - int gnutls_x509_crt_get_extension_oid (gnutls_x509_crt_t cert, int indx, - void *oid, size_t * oid_size); - int gnutls_x509_crt_get_extension_by_oid (gnutls_x509_crt_t cert, - const char *oid, int indx, - void *buf, size_t * buf_size, - unsigned int *critical); - - /* Read extensions by sequence number. */ - int gnutls_x509_crt_get_extension_info (gnutls_x509_crt_t cert, int indx, - void *oid, size_t * oid_size, - unsigned int *critical); - int gnutls_x509_crt_get_extension_data (gnutls_x509_crt_t cert, int indx, - void *data, size_t * sizeof_data); - - int gnutls_x509_crt_set_extension_by_oid (gnutls_x509_crt_t crt, - const char *oid, - const void *buf, - size_t sizeof_buf, - unsigned int critical); + const char *gnutls_x509_dn_oid_name(const char *oid, + unsigned int flags); + + /* Read extensions by OID. */ + int gnutls_x509_crt_get_extension_oid(gnutls_x509_crt_t cert, + int indx, void *oid, + size_t * oid_size); + int gnutls_x509_crt_get_extension_by_oid(gnutls_x509_crt_t cert, + const char *oid, int indx, + void *buf, + size_t * buf_size, + unsigned int *critical); + + /* Read extensions by sequence number. */ + int gnutls_x509_crt_get_extension_info(gnutls_x509_crt_t cert, + int indx, void *oid, + size_t * oid_size, + unsigned int *critical); + int gnutls_x509_crt_get_extension_data(gnutls_x509_crt_t cert, + int indx, void *data, + size_t * sizeof_data); + + int gnutls_x509_crt_set_extension_by_oid(gnutls_x509_crt_t crt, + const char *oid, + const void *buf, + size_t sizeof_buf, + unsigned int critical); /* X.509 Certificate writing. */ - int gnutls_x509_crt_set_dn (gnutls_x509_crt_t crt, const char *dn, const char** err); - - int gnutls_x509_crt_set_dn_by_oid (gnutls_x509_crt_t crt, - const char *oid, - unsigned int raw_flag, - const void *name, - unsigned int sizeof_name); - int gnutls_x509_crt_set_issuer_dn_by_oid (gnutls_x509_crt_t crt, - const char *oid, - unsigned int raw_flag, - const void *name, - unsigned int sizeof_name); - int gnutls_x509_crt_set_issuer_dn (gnutls_x509_crt_t crt, const char *dn, const char** err); - - int gnutls_x509_crt_set_version (gnutls_x509_crt_t crt, - unsigned int version); - int gnutls_x509_crt_set_key (gnutls_x509_crt_t crt, - gnutls_x509_privkey_t key); - int gnutls_x509_crt_set_ca_status (gnutls_x509_crt_t crt, unsigned int ca); - int gnutls_x509_crt_set_basic_constraints (gnutls_x509_crt_t crt, - unsigned int ca, - int pathLenConstraint); - int gnutls_x509_crt_set_subject_alternative_name (gnutls_x509_crt_t crt, - gnutls_x509_subject_alt_name_t - type, - const char *data_string); - int gnutls_x509_crt_set_subject_alt_name (gnutls_x509_crt_t crt, - gnutls_x509_subject_alt_name_t - type, const void *data, - unsigned int data_size, - unsigned int flags); - int gnutls_x509_crt_sign (gnutls_x509_crt_t crt, gnutls_x509_crt_t issuer, - gnutls_x509_privkey_t issuer_key); - int gnutls_x509_crt_sign2 (gnutls_x509_crt_t crt, gnutls_x509_crt_t issuer, - gnutls_x509_privkey_t issuer_key, - gnutls_digest_algorithm_t dig, - unsigned int flags); - int gnutls_x509_crt_set_activation_time (gnutls_x509_crt_t cert, - time_t act_time); - int gnutls_x509_crt_set_expiration_time (gnutls_x509_crt_t cert, - time_t exp_time); - int gnutls_x509_crt_set_serial (gnutls_x509_crt_t cert, const void *serial, - size_t serial_size); - - int gnutls_x509_crt_set_subject_key_id (gnutls_x509_crt_t cert, - const void *id, size_t id_size); - - int gnutls_x509_crt_set_proxy_dn (gnutls_x509_crt_t crt, - gnutls_x509_crt_t eecrt, - unsigned int raw_flag, - const void *name, - unsigned int sizeof_name); - int gnutls_x509_crt_set_proxy (gnutls_x509_crt_t crt, - int pathLenConstraint, - const char *policyLanguage, - const char *policy, size_t sizeof_policy); - - int gnutls_x509_crt_print (gnutls_x509_crt_t cert, - gnutls_certificate_print_formats_t format, - gnutls_datum_t * out); - int gnutls_x509_crl_print (gnutls_x509_crl_t crl, - gnutls_certificate_print_formats_t format, - gnutls_datum_t * out); - - /* Access to internal Certificate fields. - */ - int gnutls_x509_crt_get_raw_issuer_dn (gnutls_x509_crt_t cert, - gnutls_datum_t * start); - int gnutls_x509_crt_get_raw_dn (gnutls_x509_crt_t cert, - gnutls_datum_t * start); + int gnutls_x509_crt_set_dn(gnutls_x509_crt_t crt, const char *dn, + const char **err); + + int gnutls_x509_crt_set_dn_by_oid(gnutls_x509_crt_t crt, + const char *oid, + unsigned int raw_flag, + const void *name, + unsigned int sizeof_name); + int gnutls_x509_crt_set_issuer_dn_by_oid(gnutls_x509_crt_t crt, + const char *oid, + unsigned int raw_flag, + const void *name, + unsigned int sizeof_name); + int gnutls_x509_crt_set_issuer_dn(gnutls_x509_crt_t crt, + const char *dn, + const char **err); + + int gnutls_x509_crt_set_version(gnutls_x509_crt_t crt, + unsigned int version); + int gnutls_x509_crt_set_key(gnutls_x509_crt_t crt, + gnutls_x509_privkey_t key); + int gnutls_x509_crt_set_ca_status(gnutls_x509_crt_t crt, + unsigned int ca); + int gnutls_x509_crt_set_basic_constraints(gnutls_x509_crt_t crt, + unsigned int ca, + int pathLenConstraint); + int gnutls_x509_crt_set_subject_alternative_name(gnutls_x509_crt_t + crt, + gnutls_x509_subject_alt_name_t + type, + const char + *data_string); + int gnutls_x509_crt_set_subject_alt_name(gnutls_x509_crt_t crt, + gnutls_x509_subject_alt_name_t + type, const void *data, + unsigned int data_size, + unsigned int flags); + int gnutls_x509_crt_sign(gnutls_x509_crt_t crt, + gnutls_x509_crt_t issuer, + gnutls_x509_privkey_t issuer_key); + int gnutls_x509_crt_sign2(gnutls_x509_crt_t crt, + gnutls_x509_crt_t issuer, + gnutls_x509_privkey_t issuer_key, + gnutls_digest_algorithm_t dig, + unsigned int flags); + int gnutls_x509_crt_set_activation_time(gnutls_x509_crt_t cert, + time_t act_time); + int gnutls_x509_crt_set_expiration_time(gnutls_x509_crt_t cert, + time_t exp_time); + int gnutls_x509_crt_set_serial(gnutls_x509_crt_t cert, + const void *serial, + size_t serial_size); + + int gnutls_x509_crt_set_subject_key_id(gnutls_x509_crt_t cert, + const void *id, + size_t id_size); + + int gnutls_x509_crt_set_proxy_dn(gnutls_x509_crt_t crt, + gnutls_x509_crt_t eecrt, + unsigned int raw_flag, + const void *name, + unsigned int sizeof_name); + int gnutls_x509_crt_set_proxy(gnutls_x509_crt_t crt, + int pathLenConstraint, + const char *policyLanguage, + const char *policy, + size_t sizeof_policy); + + int gnutls_x509_crt_print(gnutls_x509_crt_t cert, + gnutls_certificate_print_formats_t + format, gnutls_datum_t * out); + int gnutls_x509_crl_print(gnutls_x509_crl_t crl, + gnutls_certificate_print_formats_t + format, gnutls_datum_t * out); + + /* Access to internal Certificate fields. + */ + int gnutls_x509_crt_get_raw_issuer_dn(gnutls_x509_crt_t cert, + gnutls_datum_t * start); + int gnutls_x509_crt_get_raw_dn(gnutls_x509_crt_t cert, + gnutls_datum_t * start); /* RDN handling. */ - int gnutls_x509_rdn_get (const gnutls_datum_t * idn, - char *buf, size_t * sizeof_buf); - int gnutls_x509_rdn_get_oid (const gnutls_datum_t * idn, - int indx, void *buf, size_t * sizeof_buf); + int gnutls_x509_rdn_get(const gnutls_datum_t * idn, + char *buf, size_t * sizeof_buf); + int gnutls_x509_rdn_get_oid(const gnutls_datum_t * idn, + int indx, void *buf, + size_t * sizeof_buf); - int gnutls_x509_rdn_get_by_oid (const gnutls_datum_t * idn, - const char *oid, int indx, - unsigned int raw_flag, void *buf, - size_t * sizeof_buf); + int gnutls_x509_rdn_get_by_oid(const gnutls_datum_t * idn, + const char *oid, int indx, + unsigned int raw_flag, void *buf, + size_t * sizeof_buf); - typedef void *gnutls_x509_dn_t; + typedef void *gnutls_x509_dn_t; - typedef struct gnutls_x509_ava_st - { - gnutls_datum_t oid; - gnutls_datum_t value; - unsigned long value_tag; - } gnutls_x509_ava_st; + typedef struct gnutls_x509_ava_st { + gnutls_datum_t oid; + gnutls_datum_t value; + unsigned long value_tag; + } gnutls_x509_ava_st; - int gnutls_x509_crt_get_subject (gnutls_x509_crt_t cert, - gnutls_x509_dn_t * dn); - int gnutls_x509_crt_get_issuer (gnutls_x509_crt_t cert, - gnutls_x509_dn_t * dn); - int gnutls_x509_dn_get_rdn_ava (gnutls_x509_dn_t dn, int irdn, - int iava, gnutls_x509_ava_st * ava); + int gnutls_x509_crt_get_subject(gnutls_x509_crt_t cert, + gnutls_x509_dn_t * dn); + int gnutls_x509_crt_get_issuer(gnutls_x509_crt_t cert, + gnutls_x509_dn_t * dn); + int gnutls_x509_dn_get_rdn_ava(gnutls_x509_dn_t dn, int irdn, + int iava, gnutls_x509_ava_st * ava); - int gnutls_x509_dn_init (gnutls_x509_dn_t * dn); + int gnutls_x509_dn_init(gnutls_x509_dn_t * dn); - int gnutls_x509_dn_import (gnutls_x509_dn_t dn, - const gnutls_datum_t * data); + int gnutls_x509_dn_import(gnutls_x509_dn_t dn, + const gnutls_datum_t * data); - int gnutls_x509_dn_export (gnutls_x509_dn_t dn, - gnutls_x509_crt_fmt_t format, void *output_data, - size_t * output_data_size); - int gnutls_x509_dn_export2 (gnutls_x509_dn_t dn, - gnutls_x509_crt_fmt_t format, - gnutls_datum_t * out); + int gnutls_x509_dn_export(gnutls_x509_dn_t dn, + gnutls_x509_crt_fmt_t format, + void *output_data, + size_t * output_data_size); + int gnutls_x509_dn_export2(gnutls_x509_dn_t dn, + gnutls_x509_crt_fmt_t format, + gnutls_datum_t * out); - void gnutls_x509_dn_deinit (gnutls_x509_dn_t dn); + void gnutls_x509_dn_deinit(gnutls_x509_dn_t dn); /* CRL handling functions. */ - int gnutls_x509_crl_init (gnutls_x509_crl_t * crl); - void gnutls_x509_crl_deinit (gnutls_x509_crl_t crl); - - int gnutls_x509_crl_import (gnutls_x509_crl_t crl, - const gnutls_datum_t * data, - gnutls_x509_crt_fmt_t format); - int gnutls_x509_crl_export (gnutls_x509_crl_t crl, - gnutls_x509_crt_fmt_t format, - void *output_data, size_t * output_data_size); - int gnutls_x509_crl_export2 (gnutls_x509_crl_t crl, - gnutls_x509_crt_fmt_t format, - gnutls_datum_t *out); - - int - gnutls_x509_crl_get_raw_issuer_dn (gnutls_x509_crl_t crl, - gnutls_datum_t * dn); - - int gnutls_x509_crl_get_issuer_dn (gnutls_x509_crl_t crl, - char *buf, size_t * sizeof_buf); - int gnutls_x509_crl_get_issuer_dn2 (gnutls_x509_crl_t crl, gnutls_datum_t* dn); - int gnutls_x509_crl_get_issuer_dn_by_oid (gnutls_x509_crl_t crl, - const char *oid, int indx, - unsigned int raw_flag, - void *buf, size_t * sizeof_buf); - int gnutls_x509_crl_get_dn_oid (gnutls_x509_crl_t crl, int indx, - void *oid, size_t * sizeof_oid); - - int gnutls_x509_crl_get_signature_algorithm (gnutls_x509_crl_t crl); - int gnutls_x509_crl_get_signature (gnutls_x509_crl_t crl, - char *sig, size_t * sizeof_sig); - int gnutls_x509_crl_get_version (gnutls_x509_crl_t crl); - - time_t gnutls_x509_crl_get_this_update (gnutls_x509_crl_t crl); - time_t gnutls_x509_crl_get_next_update (gnutls_x509_crl_t crl); - - int gnutls_x509_crl_get_crt_count (gnutls_x509_crl_t crl); - int gnutls_x509_crl_get_crt_serial (gnutls_x509_crl_t crl, int indx, - unsigned char *serial, - size_t * serial_size, time_t * t); + int gnutls_x509_crl_init(gnutls_x509_crl_t * crl); + void gnutls_x509_crl_deinit(gnutls_x509_crl_t crl); + + int gnutls_x509_crl_import(gnutls_x509_crl_t crl, + const gnutls_datum_t * data, + gnutls_x509_crt_fmt_t format); + int gnutls_x509_crl_export(gnutls_x509_crl_t crl, + gnutls_x509_crt_fmt_t format, + void *output_data, + size_t * output_data_size); + int gnutls_x509_crl_export2(gnutls_x509_crl_t crl, + gnutls_x509_crt_fmt_t format, + gnutls_datum_t * out); + + int + gnutls_x509_crl_get_raw_issuer_dn(gnutls_x509_crl_t crl, + gnutls_datum_t * dn); + + int gnutls_x509_crl_get_issuer_dn(gnutls_x509_crl_t crl, + char *buf, size_t * sizeof_buf); + int gnutls_x509_crl_get_issuer_dn2(gnutls_x509_crl_t crl, + gnutls_datum_t * dn); + int gnutls_x509_crl_get_issuer_dn_by_oid(gnutls_x509_crl_t crl, + const char *oid, int indx, + unsigned int raw_flag, + void *buf, + size_t * sizeof_buf); + int gnutls_x509_crl_get_dn_oid(gnutls_x509_crl_t crl, int indx, + void *oid, size_t * sizeof_oid); + + int gnutls_x509_crl_get_signature_algorithm(gnutls_x509_crl_t crl); + int gnutls_x509_crl_get_signature(gnutls_x509_crl_t crl, + char *sig, size_t * sizeof_sig); + int gnutls_x509_crl_get_version(gnutls_x509_crl_t crl); + + time_t gnutls_x509_crl_get_this_update(gnutls_x509_crl_t crl); + time_t gnutls_x509_crl_get_next_update(gnutls_x509_crl_t crl); + + int gnutls_x509_crl_get_crt_count(gnutls_x509_crl_t crl); + int gnutls_x509_crl_get_crt_serial(gnutls_x509_crl_t crl, int indx, + unsigned char *serial, + size_t * serial_size, + time_t * t); #define gnutls_x509_crl_get_certificate_count gnutls_x509_crl_get_crt_count #define gnutls_x509_crl_get_certificate gnutls_x509_crl_get_crt_serial - int gnutls_x509_crl_check_issuer (gnutls_x509_crl_t crl, - gnutls_x509_crt_t issuer); + int gnutls_x509_crl_check_issuer(gnutls_x509_crl_t crl, + gnutls_x509_crt_t issuer); - int gnutls_x509_crl_list_import2 (gnutls_x509_crl_t ** crls, - unsigned int * size, - const gnutls_datum_t * data, - gnutls_x509_crt_fmt_t format, unsigned int flags); + int gnutls_x509_crl_list_import2(gnutls_x509_crl_t ** crls, + unsigned int *size, + const gnutls_datum_t * data, + gnutls_x509_crt_fmt_t format, + unsigned int flags); - int gnutls_x509_crl_list_import (gnutls_x509_crl_t * crls, - unsigned int *crl_max, - const gnutls_datum_t * data, - gnutls_x509_crt_fmt_t format, - unsigned int flags); + int gnutls_x509_crl_list_import(gnutls_x509_crl_t * crls, + unsigned int *crl_max, + const gnutls_datum_t * data, + gnutls_x509_crt_fmt_t format, + unsigned int flags); /* CRL writing. */ - int gnutls_x509_crl_set_version (gnutls_x509_crl_t crl, - unsigned int version); - int gnutls_x509_crl_set_this_update (gnutls_x509_crl_t crl, - time_t act_time); - int gnutls_x509_crl_set_next_update (gnutls_x509_crl_t crl, - time_t exp_time); - int gnutls_x509_crl_set_crt_serial (gnutls_x509_crl_t crl, - const void *serial, - size_t serial_size, - time_t revocation_time); - int gnutls_x509_crl_set_crt (gnutls_x509_crl_t crl, - gnutls_x509_crt_t crt, time_t revocation_time); - - int gnutls_x509_crl_get_authority_key_id (gnutls_x509_crl_t crl, void *id, - size_t * id_size, - unsigned int *critical); - int gnutls_x509_crl_get_authority_key_gn_serial (gnutls_x509_crl_t crl, - unsigned int seq, - void *alt, - size_t * alt_size, - unsigned int *alt_type, - void* serial, - size_t *serial_size, - unsigned int *critical); - - int gnutls_x509_crl_get_number (gnutls_x509_crl_t crl, void *ret, - size_t * ret_size, unsigned int *critical); - - int gnutls_x509_crl_get_extension_oid (gnutls_x509_crl_t crl, int indx, - void *oid, size_t * sizeof_oid); - - int gnutls_x509_crl_get_extension_info (gnutls_x509_crl_t crl, int indx, - void *oid, size_t * sizeof_oid, - unsigned int *critical); - - int gnutls_x509_crl_get_extension_data (gnutls_x509_crl_t crl, int indx, - void *data, size_t * sizeof_data); - - int gnutls_x509_crl_set_authority_key_id (gnutls_x509_crl_t crl, - const void *id, size_t id_size); - - int gnutls_x509_crl_set_number (gnutls_x509_crl_t crl, - const void *nr, size_t nr_size); + int gnutls_x509_crl_set_version(gnutls_x509_crl_t crl, + unsigned int version); + int gnutls_x509_crl_set_this_update(gnutls_x509_crl_t crl, + time_t act_time); + int gnutls_x509_crl_set_next_update(gnutls_x509_crl_t crl, + time_t exp_time); + int gnutls_x509_crl_set_crt_serial(gnutls_x509_crl_t crl, + const void *serial, + size_t serial_size, + time_t revocation_time); + int gnutls_x509_crl_set_crt(gnutls_x509_crl_t crl, + gnutls_x509_crt_t crt, + time_t revocation_time); + + int gnutls_x509_crl_get_authority_key_id(gnutls_x509_crl_t crl, + void *id, + size_t * id_size, + unsigned int *critical); + int gnutls_x509_crl_get_authority_key_gn_serial(gnutls_x509_crl_t + crl, + unsigned int seq, + void *alt, + size_t * alt_size, + unsigned int + *alt_type, + void *serial, + size_t * + serial_size, + unsigned int + *critical); + + int gnutls_x509_crl_get_number(gnutls_x509_crl_t crl, void *ret, + size_t * ret_size, + unsigned int *critical); + + int gnutls_x509_crl_get_extension_oid(gnutls_x509_crl_t crl, + int indx, void *oid, + size_t * sizeof_oid); + + int gnutls_x509_crl_get_extension_info(gnutls_x509_crl_t crl, + int indx, void *oid, + size_t * sizeof_oid, + unsigned int *critical); + + int gnutls_x509_crl_get_extension_data(gnutls_x509_crl_t crl, + int indx, void *data, + size_t * sizeof_data); + + int gnutls_x509_crl_set_authority_key_id(gnutls_x509_crl_t crl, + const void *id, + size_t id_size); + + int gnutls_x509_crl_set_number(gnutls_x509_crl_t crl, + const void *nr, size_t nr_size); /* PKCS7 structures handling */ - struct gnutls_pkcs7_int; - typedef struct gnutls_pkcs7_int *gnutls_pkcs7_t; - - int gnutls_pkcs7_init (gnutls_pkcs7_t * pkcs7); - void gnutls_pkcs7_deinit (gnutls_pkcs7_t pkcs7); - int gnutls_pkcs7_import (gnutls_pkcs7_t pkcs7, - const gnutls_datum_t * data, - gnutls_x509_crt_fmt_t format); - int gnutls_pkcs7_export (gnutls_pkcs7_t pkcs7, - gnutls_x509_crt_fmt_t format, - void *output_data, size_t * output_data_size); - int gnutls_pkcs7_export2 (gnutls_pkcs7_t pkcs7, - gnutls_x509_crt_fmt_t format, - gnutls_datum_t *out); - - int gnutls_pkcs7_get_crt_count (gnutls_pkcs7_t pkcs7); - int gnutls_pkcs7_get_crt_raw (gnutls_pkcs7_t pkcs7, int indx, - void *certificate, size_t * certificate_size); - - int gnutls_pkcs7_set_crt_raw (gnutls_pkcs7_t pkcs7, - const gnutls_datum_t * crt); - int gnutls_pkcs7_set_crt (gnutls_pkcs7_t pkcs7, gnutls_x509_crt_t crt); - int gnutls_pkcs7_delete_crt (gnutls_pkcs7_t pkcs7, int indx); - - int gnutls_pkcs7_get_crl_raw (gnutls_pkcs7_t pkcs7, - int indx, void *crl, size_t * crl_size); - int gnutls_pkcs7_get_crl_count (gnutls_pkcs7_t pkcs7); - - int gnutls_pkcs7_set_crl_raw (gnutls_pkcs7_t pkcs7, - const gnutls_datum_t * crl); - int gnutls_pkcs7_set_crl (gnutls_pkcs7_t pkcs7, gnutls_x509_crl_t crl); - int gnutls_pkcs7_delete_crl (gnutls_pkcs7_t pkcs7, int indx); + struct gnutls_pkcs7_int; + typedef struct gnutls_pkcs7_int *gnutls_pkcs7_t; + + int gnutls_pkcs7_init(gnutls_pkcs7_t * pkcs7); + void gnutls_pkcs7_deinit(gnutls_pkcs7_t pkcs7); + int gnutls_pkcs7_import(gnutls_pkcs7_t pkcs7, + const gnutls_datum_t * data, + gnutls_x509_crt_fmt_t format); + int gnutls_pkcs7_export(gnutls_pkcs7_t pkcs7, + gnutls_x509_crt_fmt_t format, + void *output_data, + size_t * output_data_size); + int gnutls_pkcs7_export2(gnutls_pkcs7_t pkcs7, + gnutls_x509_crt_fmt_t format, + gnutls_datum_t * out); + + int gnutls_pkcs7_get_crt_count(gnutls_pkcs7_t pkcs7); + int gnutls_pkcs7_get_crt_raw(gnutls_pkcs7_t pkcs7, int indx, + void *certificate, + size_t * certificate_size); + + int gnutls_pkcs7_set_crt_raw(gnutls_pkcs7_t pkcs7, + const gnutls_datum_t * crt); + int gnutls_pkcs7_set_crt(gnutls_pkcs7_t pkcs7, + gnutls_x509_crt_t crt); + int gnutls_pkcs7_delete_crt(gnutls_pkcs7_t pkcs7, int indx); + + int gnutls_pkcs7_get_crl_raw(gnutls_pkcs7_t pkcs7, + int indx, void *crl, + size_t * crl_size); + int gnutls_pkcs7_get_crl_count(gnutls_pkcs7_t pkcs7); + + int gnutls_pkcs7_set_crl_raw(gnutls_pkcs7_t pkcs7, + const gnutls_datum_t * crl); + int gnutls_pkcs7_set_crl(gnutls_pkcs7_t pkcs7, + gnutls_x509_crl_t crl); + int gnutls_pkcs7_delete_crl(gnutls_pkcs7_t pkcs7, int indx); /* X.509 Certificate verification functions. */ @@ -694,57 +773,58 @@ extern "C" * * Enumeration of different certificate verify flags. */ - typedef enum gnutls_certificate_verify_flags - { - GNUTLS_VERIFY_DISABLE_CA_SIGN = 1<<0, - GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT = 1<<1, - GNUTLS_VERIFY_DO_NOT_ALLOW_SAME = 1<<2, - GNUTLS_VERIFY_ALLOW_ANY_X509_V1_CA_CRT = 1<<3, - GNUTLS_VERIFY_ALLOW_SIGN_RSA_MD2 = 1<<4, - GNUTLS_VERIFY_ALLOW_SIGN_RSA_MD5 = 1<<5, - GNUTLS_VERIFY_DISABLE_TIME_CHECKS = 1<<6, - GNUTLS_VERIFY_DISABLE_TRUSTED_TIME_CHECKS = 1<<7, - GNUTLS_VERIFY_DO_NOT_ALLOW_X509_V1_CA_CRT = 1<<8, - GNUTLS_VERIFY_DISABLE_CRL_CHECKS = 1<<9, - GNUTLS_VERIFY_ALLOW_UNSORTED_CHAIN = 1<<10, - GNUTLS_VERIFY_DO_NOT_ALLOW_UNSORTED_CHAIN = 1<<11, - } gnutls_certificate_verify_flags; - - int gnutls_x509_crt_check_issuer (gnutls_x509_crt_t cert, - gnutls_x509_crt_t issuer); - - int gnutls_x509_crt_list_verify (const gnutls_x509_crt_t * cert_list, - int cert_list_length, - const gnutls_x509_crt_t * CA_list, - int CA_list_length, - const gnutls_x509_crl_t * CRL_list, - int CRL_list_length, - unsigned int flags, unsigned int *verify); - - int gnutls_x509_crt_verify (gnutls_x509_crt_t cert, - const gnutls_x509_crt_t * CA_list, - int CA_list_length, unsigned int flags, - unsigned int *verify); - int gnutls_x509_crl_verify (gnutls_x509_crl_t crl, - const gnutls_x509_crt_t * CA_list, - int CA_list_length, unsigned int flags, - unsigned int *verify); - - int gnutls_x509_crt_check_revocation (gnutls_x509_crt_t cert, - const gnutls_x509_crl_t * - crl_list, int crl_list_length); - - int gnutls_x509_crt_get_fingerprint (gnutls_x509_crt_t cert, - gnutls_digest_algorithm_t algo, - void *buf, size_t * buf_size); - - int gnutls_x509_crt_get_key_purpose_oid (gnutls_x509_crt_t cert, - int indx, void *oid, - size_t * oid_size, - unsigned int *critical); - int gnutls_x509_crt_set_key_purpose_oid (gnutls_x509_crt_t cert, - const void *oid, - unsigned int critical); + typedef enum gnutls_certificate_verify_flags { + GNUTLS_VERIFY_DISABLE_CA_SIGN = 1 << 0, + GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT = 1 << 1, + GNUTLS_VERIFY_DO_NOT_ALLOW_SAME = 1 << 2, + GNUTLS_VERIFY_ALLOW_ANY_X509_V1_CA_CRT = 1 << 3, + GNUTLS_VERIFY_ALLOW_SIGN_RSA_MD2 = 1 << 4, + GNUTLS_VERIFY_ALLOW_SIGN_RSA_MD5 = 1 << 5, + GNUTLS_VERIFY_DISABLE_TIME_CHECKS = 1 << 6, + GNUTLS_VERIFY_DISABLE_TRUSTED_TIME_CHECKS = 1 << 7, + GNUTLS_VERIFY_DO_NOT_ALLOW_X509_V1_CA_CRT = 1 << 8, + GNUTLS_VERIFY_DISABLE_CRL_CHECKS = 1 << 9, + GNUTLS_VERIFY_ALLOW_UNSORTED_CHAIN = 1 << 10, + GNUTLS_VERIFY_DO_NOT_ALLOW_UNSORTED_CHAIN = 1 << 11, + } gnutls_certificate_verify_flags; + + int gnutls_x509_crt_check_issuer(gnutls_x509_crt_t cert, + gnutls_x509_crt_t issuer); + + int gnutls_x509_crt_list_verify(const gnutls_x509_crt_t * + cert_list, int cert_list_length, + const gnutls_x509_crt_t * CA_list, + int CA_list_length, + const gnutls_x509_crl_t * CRL_list, + int CRL_list_length, + unsigned int flags, + unsigned int *verify); + + int gnutls_x509_crt_verify(gnutls_x509_crt_t cert, + const gnutls_x509_crt_t * CA_list, + int CA_list_length, unsigned int flags, + unsigned int *verify); + int gnutls_x509_crl_verify(gnutls_x509_crl_t crl, + const gnutls_x509_crt_t * CA_list, + int CA_list_length, unsigned int flags, + unsigned int *verify); + + int gnutls_x509_crt_check_revocation(gnutls_x509_crt_t cert, + const gnutls_x509_crl_t * + crl_list, + int crl_list_length); + + int gnutls_x509_crt_get_fingerprint(gnutls_x509_crt_t cert, + gnutls_digest_algorithm_t algo, + void *buf, size_t * buf_size); + + int gnutls_x509_crt_get_key_purpose_oid(gnutls_x509_crt_t cert, + int indx, void *oid, + size_t * oid_size, + unsigned int *critical); + int gnutls_x509_crt_set_key_purpose_oid(gnutls_x509_crt_t cert, + const void *oid, + unsigned int critical); /* Private key handling. */ @@ -771,351 +851,398 @@ extern "C" * * Enumeration of different PKCS encryption flags. */ - typedef enum gnutls_pkcs_encrypt_flags_t - { - GNUTLS_PKCS_PLAIN = 1, - GNUTLS_PKCS_USE_PKCS12_3DES = 2, - GNUTLS_PKCS_USE_PKCS12_ARCFOUR = 4, - GNUTLS_PKCS_USE_PKCS12_RC2_40 = 8, - GNUTLS_PKCS_USE_PBES2_3DES = 16, - GNUTLS_PKCS_USE_PBES2_AES_128 = 32, - GNUTLS_PKCS_USE_PBES2_AES_192 = 64, - GNUTLS_PKCS_USE_PBES2_AES_256 = 128, - GNUTLS_PKCS_NULL_PASSWORD = 256 - } gnutls_pkcs_encrypt_flags_t; - - int gnutls_x509_privkey_init (gnutls_x509_privkey_t * key); - void gnutls_x509_privkey_deinit (gnutls_x509_privkey_t key); - gnutls_sec_param_t gnutls_x509_privkey_sec_param (gnutls_x509_privkey_t - key); - int gnutls_x509_privkey_cpy (gnutls_x509_privkey_t dst, - gnutls_x509_privkey_t src); - int gnutls_x509_privkey_import (gnutls_x509_privkey_t key, - const gnutls_datum_t * data, - gnutls_x509_crt_fmt_t format); - int gnutls_x509_privkey_import_pkcs8 (gnutls_x509_privkey_t key, - const gnutls_datum_t * data, - gnutls_x509_crt_fmt_t format, - const char *password, - unsigned int flags); - int gnutls_x509_privkey_import_openssl (gnutls_x509_privkey_t key, - const gnutls_datum_t *data, - const char* password); - - int gnutls_x509_privkey_import2 (gnutls_x509_privkey_t key, - const gnutls_datum_t * data, - gnutls_x509_crt_fmt_t format, - const char* password, unsigned int flags); - - int gnutls_x509_privkey_import_rsa_raw (gnutls_x509_privkey_t key, - const gnutls_datum_t * m, - const gnutls_datum_t * e, - const gnutls_datum_t * d, - const gnutls_datum_t * p, - const gnutls_datum_t * q, - const gnutls_datum_t * u); - int gnutls_x509_privkey_import_rsa_raw2 (gnutls_x509_privkey_t key, - const gnutls_datum_t * m, - const gnutls_datum_t * e, - const gnutls_datum_t * d, - const gnutls_datum_t * p, - const gnutls_datum_t * q, - const gnutls_datum_t * u, - const gnutls_datum_t * e1, - const gnutls_datum_t * e2); - int gnutls_x509_privkey_import_ecc_raw (gnutls_x509_privkey_t key, - gnutls_ecc_curve_t curve, - const gnutls_datum_t * x, - const gnutls_datum_t * y, - const gnutls_datum_t * k); - - int gnutls_x509_privkey_fix (gnutls_x509_privkey_t key); - - int gnutls_x509_privkey_export_dsa_raw (gnutls_x509_privkey_t key, - gnutls_datum_t * p, - gnutls_datum_t * q, - gnutls_datum_t * g, - gnutls_datum_t * y, - gnutls_datum_t * x); - int gnutls_x509_privkey_import_dsa_raw (gnutls_x509_privkey_t key, - const gnutls_datum_t * p, - const gnutls_datum_t * q, - const gnutls_datum_t * g, - const gnutls_datum_t * y, - const gnutls_datum_t * x); - - int gnutls_x509_privkey_get_pk_algorithm (gnutls_x509_privkey_t key); - int gnutls_x509_privkey_get_pk_algorithm2 (gnutls_x509_privkey_t key, unsigned int *bits); - int gnutls_x509_privkey_get_key_id (gnutls_x509_privkey_t key, - unsigned int flags, - unsigned char *output_data, - size_t * output_data_size); - - int gnutls_x509_privkey_generate (gnutls_x509_privkey_t key, - gnutls_pk_algorithm_t algo, - unsigned int bits, unsigned int flags); - int gnutls_x509_privkey_verify_params (gnutls_x509_privkey_t key); - - int gnutls_x509_privkey_export (gnutls_x509_privkey_t key, - gnutls_x509_crt_fmt_t format, - void *output_data, - size_t * output_data_size); - int gnutls_x509_privkey_export2 (gnutls_x509_privkey_t key, - gnutls_x509_crt_fmt_t format, - gnutls_datum_t * out); - int gnutls_x509_privkey_export_pkcs8 (gnutls_x509_privkey_t key, - gnutls_x509_crt_fmt_t format, - const char *password, - unsigned int flags, - void *output_data, - size_t * output_data_size); - int gnutls_x509_privkey_export2_pkcs8 (gnutls_x509_privkey_t key, - gnutls_x509_crt_fmt_t format, - const char *password, - unsigned int flags, - gnutls_datum_t * out); - int gnutls_x509_privkey_export_rsa_raw2 (gnutls_x509_privkey_t key, - gnutls_datum_t * m, - gnutls_datum_t * e, - gnutls_datum_t * d, - gnutls_datum_t * p, - gnutls_datum_t * q, - gnutls_datum_t * u, - gnutls_datum_t * e1, - gnutls_datum_t * e2); - int gnutls_x509_privkey_export_rsa_raw (gnutls_x509_privkey_t key, - gnutls_datum_t * m, - gnutls_datum_t * e, - gnutls_datum_t * d, - gnutls_datum_t * p, - gnutls_datum_t * q, - gnutls_datum_t * u); - int gnutls_x509_privkey_export_ecc_raw (gnutls_x509_privkey_t key, - gnutls_ecc_curve_t *curve, - gnutls_datum_t * x, gnutls_datum_t * y, - gnutls_datum_t* k); + typedef enum gnutls_pkcs_encrypt_flags_t { + GNUTLS_PKCS_PLAIN = 1, + GNUTLS_PKCS_USE_PKCS12_3DES = 2, + GNUTLS_PKCS_USE_PKCS12_ARCFOUR = 4, + GNUTLS_PKCS_USE_PKCS12_RC2_40 = 8, + GNUTLS_PKCS_USE_PBES2_3DES = 16, + GNUTLS_PKCS_USE_PBES2_AES_128 = 32, + GNUTLS_PKCS_USE_PBES2_AES_192 = 64, + GNUTLS_PKCS_USE_PBES2_AES_256 = 128, + GNUTLS_PKCS_NULL_PASSWORD = 256 + } gnutls_pkcs_encrypt_flags_t; + + int gnutls_x509_privkey_init(gnutls_x509_privkey_t * key); + void gnutls_x509_privkey_deinit(gnutls_x509_privkey_t key); + gnutls_sec_param_t + gnutls_x509_privkey_sec_param(gnutls_x509_privkey_t key); + int gnutls_x509_privkey_cpy(gnutls_x509_privkey_t dst, + gnutls_x509_privkey_t src); + int gnutls_x509_privkey_import(gnutls_x509_privkey_t key, + const gnutls_datum_t * data, + gnutls_x509_crt_fmt_t format); + int gnutls_x509_privkey_import_pkcs8(gnutls_x509_privkey_t key, + const gnutls_datum_t * data, + gnutls_x509_crt_fmt_t format, + const char *password, + unsigned int flags); + int gnutls_x509_privkey_import_openssl(gnutls_x509_privkey_t key, + const gnutls_datum_t * data, + const char *password); + + int gnutls_x509_privkey_import2(gnutls_x509_privkey_t key, + const gnutls_datum_t * data, + gnutls_x509_crt_fmt_t format, + const char *password, + unsigned int flags); + + int gnutls_x509_privkey_import_rsa_raw(gnutls_x509_privkey_t key, + const gnutls_datum_t * m, + const gnutls_datum_t * e, + const gnutls_datum_t * d, + const gnutls_datum_t * p, + const gnutls_datum_t * q, + const gnutls_datum_t * u); + int gnutls_x509_privkey_import_rsa_raw2(gnutls_x509_privkey_t key, + const gnutls_datum_t * m, + const gnutls_datum_t * e, + const gnutls_datum_t * d, + const gnutls_datum_t * p, + const gnutls_datum_t * q, + const gnutls_datum_t * u, + const gnutls_datum_t * e1, + const gnutls_datum_t * e2); + int gnutls_x509_privkey_import_ecc_raw(gnutls_x509_privkey_t key, + gnutls_ecc_curve_t curve, + const gnutls_datum_t * x, + const gnutls_datum_t * y, + const gnutls_datum_t * k); + + int gnutls_x509_privkey_fix(gnutls_x509_privkey_t key); + + int gnutls_x509_privkey_export_dsa_raw(gnutls_x509_privkey_t key, + gnutls_datum_t * p, + gnutls_datum_t * q, + gnutls_datum_t * g, + gnutls_datum_t * y, + gnutls_datum_t * x); + int gnutls_x509_privkey_import_dsa_raw(gnutls_x509_privkey_t key, + const gnutls_datum_t * p, + const gnutls_datum_t * q, + const gnutls_datum_t * g, + const gnutls_datum_t * y, + const gnutls_datum_t * x); + + int gnutls_x509_privkey_get_pk_algorithm(gnutls_x509_privkey_t + key); + int gnutls_x509_privkey_get_pk_algorithm2(gnutls_x509_privkey_t + key, unsigned int *bits); + int gnutls_x509_privkey_get_key_id(gnutls_x509_privkey_t key, + unsigned int flags, + unsigned char *output_data, + size_t * output_data_size); + + int gnutls_x509_privkey_generate(gnutls_x509_privkey_t key, + gnutls_pk_algorithm_t algo, + unsigned int bits, + unsigned int flags); + int gnutls_x509_privkey_verify_params(gnutls_x509_privkey_t key); + + int gnutls_x509_privkey_export(gnutls_x509_privkey_t key, + gnutls_x509_crt_fmt_t format, + void *output_data, + size_t * output_data_size); + int gnutls_x509_privkey_export2(gnutls_x509_privkey_t key, + gnutls_x509_crt_fmt_t format, + gnutls_datum_t * out); + int gnutls_x509_privkey_export_pkcs8(gnutls_x509_privkey_t key, + gnutls_x509_crt_fmt_t format, + const char *password, + unsigned int flags, + void *output_data, + size_t * output_data_size); + int gnutls_x509_privkey_export2_pkcs8(gnutls_x509_privkey_t key, + gnutls_x509_crt_fmt_t format, + const char *password, + unsigned int flags, + gnutls_datum_t * out); + int gnutls_x509_privkey_export_rsa_raw2(gnutls_x509_privkey_t key, + gnutls_datum_t * m, + gnutls_datum_t * e, + gnutls_datum_t * d, + gnutls_datum_t * p, + gnutls_datum_t * q, + gnutls_datum_t * u, + gnutls_datum_t * e1, + gnutls_datum_t * e2); + int gnutls_x509_privkey_export_rsa_raw(gnutls_x509_privkey_t key, + gnutls_datum_t * m, + gnutls_datum_t * e, + gnutls_datum_t * d, + gnutls_datum_t * p, + gnutls_datum_t * q, + gnutls_datum_t * u); + int gnutls_x509_privkey_export_ecc_raw(gnutls_x509_privkey_t key, + gnutls_ecc_curve_t * curve, + gnutls_datum_t * x, + gnutls_datum_t * y, + gnutls_datum_t * k); /* Certificate request stuff. */ - int gnutls_x509_crq_sign2 (gnutls_x509_crq_t crq, - gnutls_x509_privkey_t key, - gnutls_digest_algorithm_t dig, - unsigned int flags); - - int gnutls_x509_crq_print (gnutls_x509_crq_t crq, - gnutls_certificate_print_formats_t format, - gnutls_datum_t * out); - - int gnutls_x509_crq_verify (gnutls_x509_crq_t crq, unsigned int flags); - - int gnutls_x509_crq_init (gnutls_x509_crq_t * crq); - void gnutls_x509_crq_deinit (gnutls_x509_crq_t crq); - int gnutls_x509_crq_import (gnutls_x509_crq_t crq, - const gnutls_datum_t * data, - gnutls_x509_crt_fmt_t format); - - int gnutls_x509_crq_get_private_key_usage_period (gnutls_x509_crq_t cert, time_t* activation, time_t* expiration, - unsigned int *critical); - - int gnutls_x509_crq_get_dn (gnutls_x509_crq_t crq, char *buf, - size_t * sizeof_buf); - int gnutls_x509_crq_get_dn2 (gnutls_x509_crq_t crq, gnutls_datum_t* dn); - int gnutls_x509_crq_get_dn_oid (gnutls_x509_crq_t crq, int indx, - void *oid, size_t * sizeof_oid); - int gnutls_x509_crq_get_dn_by_oid (gnutls_x509_crq_t crq, - const char *oid, int indx, - unsigned int raw_flag, void *buf, - size_t * sizeof_buf); - int gnutls_x509_crq_set_dn (gnutls_x509_crq_t crq, const char *dn, const char** err); - int gnutls_x509_crq_set_dn_by_oid (gnutls_x509_crq_t crq, - const char *oid, - unsigned int raw_flag, - const void *data, - unsigned int sizeof_data); - int gnutls_x509_crq_set_version (gnutls_x509_crq_t crq, - unsigned int version); - int gnutls_x509_crq_get_version (gnutls_x509_crq_t crq); - int gnutls_x509_crq_set_key (gnutls_x509_crq_t crq, - gnutls_x509_privkey_t key); - - int gnutls_x509_crq_set_challenge_password (gnutls_x509_crq_t crq, - const char *pass); - int gnutls_x509_crq_get_challenge_password (gnutls_x509_crq_t crq, - char *pass, - size_t * sizeof_pass); - - int gnutls_x509_crq_set_attribute_by_oid (gnutls_x509_crq_t crq, - const char *oid, void *buf, - size_t sizeof_buf); - int gnutls_x509_crq_get_attribute_by_oid (gnutls_x509_crq_t crq, - const char *oid, int indx, - void *buf, size_t * sizeof_buf); - - int gnutls_x509_crq_export (gnutls_x509_crq_t crq, - gnutls_x509_crt_fmt_t format, - void *output_data, size_t * output_data_size); - int gnutls_x509_crq_export2 (gnutls_x509_crq_t crq, - gnutls_x509_crt_fmt_t format, - gnutls_datum_t * out); - - int gnutls_x509_crt_set_crq (gnutls_x509_crt_t crt, gnutls_x509_crq_t crq); - int gnutls_x509_crt_set_crq_extensions (gnutls_x509_crt_t crt, - gnutls_x509_crq_t crq); - - int gnutls_x509_crq_set_private_key_usage_period (gnutls_x509_crq_t crq, - time_t activation, - time_t expiration); - int gnutls_x509_crq_set_key_rsa_raw (gnutls_x509_crq_t crq, - const gnutls_datum_t * m, - const gnutls_datum_t * e); - int gnutls_x509_crq_set_subject_alt_name (gnutls_x509_crq_t crq, - gnutls_x509_subject_alt_name_t nt, - const void *data, - unsigned int data_size, - unsigned int flags); - - int gnutls_x509_crq_set_key_usage (gnutls_x509_crq_t crq, - unsigned int usage); - int gnutls_x509_crq_set_basic_constraints (gnutls_x509_crq_t crq, - unsigned int ca, - int pathLenConstraint); - int gnutls_x509_crq_set_key_purpose_oid (gnutls_x509_crq_t crq, - const void *oid, - unsigned int critical); - int gnutls_x509_crq_get_key_purpose_oid (gnutls_x509_crq_t crq, int indx, - void *oid, size_t * sizeof_oid, - unsigned int *critical); - - int gnutls_x509_crq_get_extension_data (gnutls_x509_crq_t crq, int indx, - void *data, size_t * sizeof_data); - int gnutls_x509_crq_get_extension_info (gnutls_x509_crq_t crq, int indx, - void *oid, size_t * sizeof_oid, - unsigned int *critical); - int gnutls_x509_crq_get_attribute_data (gnutls_x509_crq_t crq, int indx, - void *data, size_t * sizeof_data); - int gnutls_x509_crq_get_attribute_info (gnutls_x509_crq_t crq, int indx, - void *oid, size_t * sizeof_oid); - int gnutls_x509_crq_get_pk_algorithm (gnutls_x509_crq_t crq, - unsigned int *bits); - - int gnutls_x509_crq_get_key_id (gnutls_x509_crq_t crq, unsigned int flags, - unsigned char *output_data, - size_t * output_data_size); - int gnutls_x509_crq_get_key_rsa_raw (gnutls_x509_crq_t crq, - gnutls_datum_t * m, - gnutls_datum_t * e); - - int gnutls_x509_crq_get_key_usage (gnutls_x509_crq_t crq, - unsigned int *key_usage, - unsigned int *critical); - int gnutls_x509_crq_get_basic_constraints (gnutls_x509_crq_t crq, - unsigned int *critical, - unsigned int *ca, int *pathlen); - int gnutls_x509_crq_get_subject_alt_name (gnutls_x509_crq_t crq, - unsigned int seq, void *ret, - size_t * ret_size, - unsigned int *ret_type, - unsigned int *critical); - int gnutls_x509_crq_get_subject_alt_othername_oid (gnutls_x509_crq_t crq, - unsigned int seq, - void *ret, - size_t * ret_size); - - int gnutls_x509_crq_get_extension_by_oid (gnutls_x509_crq_t crq, - const char *oid, int indx, - void *buf, size_t * sizeof_buf, - unsigned int *critical); - - typedef struct gnutls_x509_trust_list_st *gnutls_x509_trust_list_t; - - int - gnutls_x509_trust_list_init (gnutls_x509_trust_list_t * list, unsigned int size); - - void - gnutls_x509_trust_list_deinit (gnutls_x509_trust_list_t list, unsigned int all); - - int gnutls_x509_trust_list_get_issuer(gnutls_x509_trust_list_t list, - gnutls_x509_crt_t cert, gnutls_x509_crt_t* issuer, unsigned int flags); - - int - gnutls_x509_trust_list_add_cas (gnutls_x509_trust_list_t list, - const gnutls_x509_crt_t * clist, int clist_size, unsigned int flags); - int gnutls_x509_trust_list_remove_cas(gnutls_x509_trust_list_t list, - const gnutls_x509_crt_t * clist, - int clist_size); - - int gnutls_x509_trust_list_add_named_crt (gnutls_x509_trust_list_t list, - gnutls_x509_crt_t cert, const void* name, size_t name_size, unsigned int flags); + int gnutls_x509_crq_sign2(gnutls_x509_crq_t crq, + gnutls_x509_privkey_t key, + gnutls_digest_algorithm_t dig, + unsigned int flags); + + int gnutls_x509_crq_print(gnutls_x509_crq_t crq, + gnutls_certificate_print_formats_t + format, gnutls_datum_t * out); + + int gnutls_x509_crq_verify(gnutls_x509_crq_t crq, + unsigned int flags); + + int gnutls_x509_crq_init(gnutls_x509_crq_t * crq); + void gnutls_x509_crq_deinit(gnutls_x509_crq_t crq); + int gnutls_x509_crq_import(gnutls_x509_crq_t crq, + const gnutls_datum_t * data, + gnutls_x509_crt_fmt_t format); + + int gnutls_x509_crq_get_private_key_usage_period(gnutls_x509_crq_t + cert, + time_t * + activation, + time_t * + expiration, + unsigned int + *critical); + + int gnutls_x509_crq_get_dn(gnutls_x509_crq_t crq, char *buf, + size_t * sizeof_buf); + int gnutls_x509_crq_get_dn2(gnutls_x509_crq_t crq, + gnutls_datum_t * dn); + int gnutls_x509_crq_get_dn_oid(gnutls_x509_crq_t crq, int indx, + void *oid, size_t * sizeof_oid); + int gnutls_x509_crq_get_dn_by_oid(gnutls_x509_crq_t crq, + const char *oid, int indx, + unsigned int raw_flag, void *buf, + size_t * sizeof_buf); + int gnutls_x509_crq_set_dn(gnutls_x509_crq_t crq, const char *dn, + const char **err); + int gnutls_x509_crq_set_dn_by_oid(gnutls_x509_crq_t crq, + const char *oid, + unsigned int raw_flag, + const void *data, + unsigned int sizeof_data); + int gnutls_x509_crq_set_version(gnutls_x509_crq_t crq, + unsigned int version); + int gnutls_x509_crq_get_version(gnutls_x509_crq_t crq); + int gnutls_x509_crq_set_key(gnutls_x509_crq_t crq, + gnutls_x509_privkey_t key); + + int gnutls_x509_crq_set_challenge_password(gnutls_x509_crq_t crq, + const char *pass); + int gnutls_x509_crq_get_challenge_password(gnutls_x509_crq_t crq, + char *pass, + size_t * sizeof_pass); + + int gnutls_x509_crq_set_attribute_by_oid(gnutls_x509_crq_t crq, + const char *oid, + void *buf, + size_t sizeof_buf); + int gnutls_x509_crq_get_attribute_by_oid(gnutls_x509_crq_t crq, + const char *oid, int indx, + void *buf, + size_t * sizeof_buf); + + int gnutls_x509_crq_export(gnutls_x509_crq_t crq, + gnutls_x509_crt_fmt_t format, + void *output_data, + size_t * output_data_size); + int gnutls_x509_crq_export2(gnutls_x509_crq_t crq, + gnutls_x509_crt_fmt_t format, + gnutls_datum_t * out); + + int gnutls_x509_crt_set_crq(gnutls_x509_crt_t crt, + gnutls_x509_crq_t crq); + int gnutls_x509_crt_set_crq_extensions(gnutls_x509_crt_t crt, + gnutls_x509_crq_t crq); + + int gnutls_x509_crq_set_private_key_usage_period(gnutls_x509_crq_t + crq, + time_t activation, + time_t + expiration); + int gnutls_x509_crq_set_key_rsa_raw(gnutls_x509_crq_t crq, + const gnutls_datum_t * m, + const gnutls_datum_t * e); + int gnutls_x509_crq_set_subject_alt_name(gnutls_x509_crq_t crq, + gnutls_x509_subject_alt_name_t + nt, const void *data, + unsigned int data_size, + unsigned int flags); + + int gnutls_x509_crq_set_key_usage(gnutls_x509_crq_t crq, + unsigned int usage); + int gnutls_x509_crq_set_basic_constraints(gnutls_x509_crq_t crq, + unsigned int ca, + int pathLenConstraint); + int gnutls_x509_crq_set_key_purpose_oid(gnutls_x509_crq_t crq, + const void *oid, + unsigned int critical); + int gnutls_x509_crq_get_key_purpose_oid(gnutls_x509_crq_t crq, + int indx, void *oid, + size_t * sizeof_oid, + unsigned int *critical); + + int gnutls_x509_crq_get_extension_data(gnutls_x509_crq_t crq, + int indx, void *data, + size_t * sizeof_data); + int gnutls_x509_crq_get_extension_info(gnutls_x509_crq_t crq, + int indx, void *oid, + size_t * sizeof_oid, + unsigned int *critical); + int gnutls_x509_crq_get_attribute_data(gnutls_x509_crq_t crq, + int indx, void *data, + size_t * sizeof_data); + int gnutls_x509_crq_get_attribute_info(gnutls_x509_crq_t crq, + int indx, void *oid, + size_t * sizeof_oid); + int gnutls_x509_crq_get_pk_algorithm(gnutls_x509_crq_t crq, + unsigned int *bits); + + int gnutls_x509_crq_get_key_id(gnutls_x509_crq_t crq, + unsigned int flags, + unsigned char *output_data, + size_t * output_data_size); + int gnutls_x509_crq_get_key_rsa_raw(gnutls_x509_crq_t crq, + gnutls_datum_t * m, + gnutls_datum_t * e); + + int gnutls_x509_crq_get_key_usage(gnutls_x509_crq_t crq, + unsigned int *key_usage, + unsigned int *critical); + int gnutls_x509_crq_get_basic_constraints(gnutls_x509_crq_t crq, + unsigned int *critical, + unsigned int *ca, + int *pathlen); + int gnutls_x509_crq_get_subject_alt_name(gnutls_x509_crq_t crq, + unsigned int seq, + void *ret, + size_t * ret_size, + unsigned int *ret_type, + unsigned int *critical); + int gnutls_x509_crq_get_subject_alt_othername_oid(gnutls_x509_crq_t + crq, + unsigned int seq, + void *ret, + size_t * + ret_size); + + int gnutls_x509_crq_get_extension_by_oid(gnutls_x509_crq_t crq, + const char *oid, int indx, + void *buf, + size_t * sizeof_buf, + unsigned int *critical); + + typedef struct gnutls_x509_trust_list_st *gnutls_x509_trust_list_t; + + int + gnutls_x509_trust_list_init(gnutls_x509_trust_list_t * list, + unsigned int size); + + void + gnutls_x509_trust_list_deinit(gnutls_x509_trust_list_t list, + unsigned int all); + + int gnutls_x509_trust_list_get_issuer(gnutls_x509_trust_list_t + list, gnutls_x509_crt_t cert, + gnutls_x509_crt_t * issuer, + unsigned int flags); + + int + gnutls_x509_trust_list_add_cas(gnutls_x509_trust_list_t list, + const gnutls_x509_crt_t * clist, + int clist_size, + unsigned int flags); + int gnutls_x509_trust_list_remove_cas(gnutls_x509_trust_list_t + list, + const gnutls_x509_crt_t * + clist, int clist_size); + + int gnutls_x509_trust_list_add_named_crt(gnutls_x509_trust_list_t + list, + gnutls_x509_crt_t cert, + const void *name, + size_t name_size, + unsigned int flags); #define GNUTLS_TL_VERIFY_CRL 1 - int - gnutls_x509_trust_list_add_crls (gnutls_x509_trust_list_t list, - const gnutls_x509_crl_t * crl_list, int crl_size, unsigned int flags, - unsigned int verification_flags); - - typedef int gnutls_verify_output_function ( - gnutls_x509_crt_t cert, - gnutls_x509_crt_t issuer, /* The issuer if verification failed - * because of him. might be null. - */ - gnutls_x509_crl_t crl, /* The CRL that caused verification failure - * if any. Might be null. - */ - unsigned int verification_output); - - int gnutls_x509_trust_list_verify_named_crt ( - gnutls_x509_trust_list_t list, - gnutls_x509_crt_t cert, - const void * name, size_t name_size, - unsigned int flags, - unsigned int *verify, - gnutls_verify_output_function func); - - int - gnutls_x509_trust_list_verify_crt ( - gnutls_x509_trust_list_t list, - gnutls_x509_crt_t *cert_list, - unsigned int cert_list_size, - unsigned int flags, - unsigned int *verify, - gnutls_verify_output_function func); - - /* trust list convenience functions */ -int -gnutls_x509_trust_list_add_trust_mem(gnutls_x509_trust_list_t list, - const gnutls_datum_t * cas, - const gnutls_datum_t * crls, - gnutls_x509_crt_fmt_t type, - unsigned int tl_flags, - unsigned int tl_vflags); - -int -gnutls_x509_trust_list_add_trust_file(gnutls_x509_trust_list_t list, - const char* ca_file, - const char* crl_file, - gnutls_x509_crt_fmt_t type, - unsigned int tl_flags, - unsigned int tl_vflags); - -int -gnutls_x509_trust_list_remove_trust_file(gnutls_x509_trust_list_t list, - const char* ca_file, - gnutls_x509_crt_fmt_t type); - -int -gnutls_x509_trust_list_remove_trust_mem(gnutls_x509_trust_list_t list, - const gnutls_datum_t * cas, - gnutls_x509_crt_fmt_t type); - -int -gnutls_x509_trust_list_add_system_trust(gnutls_x509_trust_list_t list, - unsigned int tl_flags, unsigned int tl_vflags); - -void gnutls_certificate_set_trust_list (gnutls_certificate_credentials_t res, - gnutls_x509_trust_list_t tlist, unsigned flags); + int + gnutls_x509_trust_list_add_crls(gnutls_x509_trust_list_t list, + const gnutls_x509_crl_t * + crl_list, int crl_size, + unsigned int flags, + unsigned int verification_flags); + + typedef int gnutls_verify_output_function(gnutls_x509_crt_t cert, gnutls_x509_crt_t issuer, /* The issuer if verification failed + * because of him. might be null. + */ + gnutls_x509_crl_t crl, /* The CRL that caused verification failure + * if any. Might be null. + */ + unsigned int + verification_output); + + int gnutls_x509_trust_list_verify_named_crt + (gnutls_x509_trust_list_t list, gnutls_x509_crt_t cert, + const void *name, size_t name_size, unsigned int flags, + unsigned int *verify, gnutls_verify_output_function func); + + int + gnutls_x509_trust_list_verify_crt(gnutls_x509_trust_list_t list, + gnutls_x509_crt_t * cert_list, + unsigned int cert_list_size, + unsigned int flags, + unsigned int *verify, + gnutls_verify_output_function + func); + + /* trust list convenience functions */ + int + gnutls_x509_trust_list_add_trust_mem(gnutls_x509_trust_list_t + list, + const gnutls_datum_t * cas, + const gnutls_datum_t * crls, + gnutls_x509_crt_fmt_t type, + unsigned int tl_flags, + unsigned int tl_vflags); + + int + gnutls_x509_trust_list_add_trust_file(gnutls_x509_trust_list_t + list, const char *ca_file, + const char *crl_file, + gnutls_x509_crt_fmt_t type, + unsigned int tl_flags, + unsigned int tl_vflags); + + int + gnutls_x509_trust_list_remove_trust_file(gnutls_x509_trust_list_t + list, + const char *ca_file, + gnutls_x509_crt_fmt_t + type); + + int + gnutls_x509_trust_list_remove_trust_mem(gnutls_x509_trust_list_t + list, + const gnutls_datum_t * + cas, + gnutls_x509_crt_fmt_t + type); + + int + gnutls_x509_trust_list_add_system_trust(gnutls_x509_trust_list_t + list, + unsigned int tl_flags, + unsigned int tl_vflags); + + void gnutls_certificate_set_trust_list + (gnutls_certificate_credentials_t res, + gnutls_x509_trust_list_t tlist, unsigned flags); #ifdef __cplusplus } #endif - -#endif /* GNUTLS_X509_H */ +#endif /* GNUTLS_X509_H */ diff --git a/lib/includes/gnutls/xssl.h b/lib/includes/gnutls/xssl.h index 0afe88dc26..578eca6e08 100644 --- a/lib/includes/gnutls/xssl.h +++ b/lib/includes/gnutls/xssl.h @@ -27,95 +27,87 @@ typedef struct xssl_st *xssl_t; typedef struct xssl_cred_st *xssl_cred_t; -ssize_t xssl_printf (xssl_t sb, const char *fmt, ...) +ssize_t xssl_printf(xssl_t sb, const char *fmt, ...) #ifdef __GNUC__ - __attribute__ ((format (printf, 2, 3))) + __attribute__ ((format(printf, 2, 3))) #endif -; + ; -ssize_t xssl_write (xssl_t sb, const void *data, - size_t data_size); +ssize_t xssl_write(xssl_t sb, const void *data, size_t data_size); -ssize_t xssl_flush (xssl_t sb); +ssize_t xssl_flush(xssl_t sb); -ssize_t xssl_read(xssl_t sb, void* data, size_t data_size); +ssize_t xssl_read(xssl_t sb, void *data, size_t data_size); ssize_t -xssl_getdelim (xssl_t sbuf, char **lineptr, size_t *n, int delimiter); +xssl_getdelim(xssl_t sbuf, char **lineptr, size_t * n, int delimiter); #define xssl_getline(sbuf, ptr, n) xssl_getdelim(sbuf, ptr, n, '\n') void xssl_deinit(xssl_t sb); #define GNUTLS_SBUF_WRITE_FLUSHES (1<<0) -int xssl_sinit (xssl_t * isb, gnutls_session_t session, - unsigned int flags); +int xssl_sinit(xssl_t * isb, gnutls_session_t session, unsigned int flags); gnutls_session_t xssl_get_session(xssl_t sb); -int xssl_client_init (xssl_t * isb, const char* hostname, - const char* service, - gnutls_transport_ptr fd, - const char* priority, xssl_cred_t cred, - unsigned int *status, - unsigned int flags); +int xssl_client_init(xssl_t * isb, const char *hostname, + const char *service, + gnutls_transport_ptr fd, + const char *priority, xssl_cred_t cred, + unsigned int *status, unsigned int flags); -int xssl_server_init (xssl_t * isb, - gnutls_transport_ptr fd, - const char* priority, xssl_cred_t cred, - unsigned int *status, - unsigned int flags); +int xssl_server_init(xssl_t * isb, + gnutls_transport_ptr fd, + const char *priority, xssl_cred_t cred, + unsigned int *status, unsigned int flags); /* High level credential structures */ -typedef enum -{ - GNUTLS_VMETHOD_NO_AUTH = 0, - GNUTLS_VMETHOD_TOFU = 1<<0, - GNUTLS_VMETHOD_GIVEN_CAS = 1<<1, - GNUTLS_VMETHOD_SYSTEM_CAS = 1<<2 +typedef enum { + GNUTLS_VMETHOD_NO_AUTH = 0, + GNUTLS_VMETHOD_TOFU = 1 << 0, + GNUTLS_VMETHOD_GIVEN_CAS = 1 << 1, + GNUTLS_VMETHOD_SYSTEM_CAS = 1 << 2 } gnutls_vmethod_t; -typedef enum -{ - GNUTLS_CINPUT_TYPE_FILE = 0, - GNUTLS_CINPUT_TYPE_MEM = 1, - GNUTLS_CINPUT_TYPE_PIN_FUNC = 2, +typedef enum { + GNUTLS_CINPUT_TYPE_FILE = 0, + GNUTLS_CINPUT_TYPE_MEM = 1, + GNUTLS_CINPUT_TYPE_PIN_FUNC = 2, } gnutls_cinput_type_t; -typedef enum -{ - GNUTLS_CINPUT_CAS = 1, /* i1 contains the CAs */ - GNUTLS_CINPUT_CRLS = 2,/* i1 contains the CRLs */ - GNUTLS_CINPUT_TOFU_DB = 3, /* i1 contains the DB filename */ - GNUTLS_CINPUT_KEYPAIR = 4, /* i1 contains the certificate, i2 the key - * or i1.pin_fn contains the pin function, - * and i2.udata the user pointer */ +typedef enum { + GNUTLS_CINPUT_CAS = 1, /* i1 contains the CAs */ + GNUTLS_CINPUT_CRLS = 2, /* i1 contains the CRLs */ + GNUTLS_CINPUT_TOFU_DB = 3, /* i1 contains the DB filename */ + GNUTLS_CINPUT_KEYPAIR = 4, /* i1 contains the certificate, i2 the key + * or i1.pin_fn contains the pin function, + * and i2.udata the user pointer */ } gnutls_cinput_contents_t; typedef struct gnutls_cinput_st { - gnutls_cinput_type_t type; - gnutls_cinput_contents_t contents; - gnutls_x509_crt_fmt_t fmt; /* if applicable */ - - union { - gnutls_pin_callback_t pin_fn; - const char* file; - gnutls_datum_t mem; - } i1; - - union { - void* udata; - const char* file; - gnutls_datum_t mem; - } i2; - - unsigned long future_pad[8]; + gnutls_cinput_type_t type; + gnutls_cinput_contents_t contents; + gnutls_x509_crt_fmt_t fmt; /* if applicable */ + + union { + gnutls_pin_callback_t pin_fn; + const char *file; + gnutls_datum_t mem; + } i1; + + union { + void *udata; + const char *file; + gnutls_datum_t mem; + } i2; + + unsigned long future_pad[8]; } gnutls_cinput_st; -int xssl_cred_init (xssl_cred_t *c, unsigned vflags, - gnutls_cinput_st* aux, - unsigned aux_size); -void xssl_cred_deinit (xssl_cred_t cred); +int xssl_cred_init(xssl_cred_t * c, unsigned vflags, + gnutls_cinput_st * aux, unsigned aux_size); +void xssl_cred_deinit(xssl_cred_t cred); -#endif /* GNUTLS_SBUF_H */ +#endif /* GNUTLS_SBUF_H */ |