/* * Copyright (C) 2000,2001,2002 Nikos Mavroyanopoulos * * This file is part of GNUTLS. * * The GNUTLS library is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public * License as published by the Free Software Foundation; either * version 2.1 of the License, or (at your option) any later version. * * This library is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU * Lesser General Public License for more details. * * You should have received a copy of the GNU Lesser General Public * License along with this library; if not, write to the Free Software * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA * */ #ifndef GNUTLS_H # define GNUTLS_H #ifdef __cplusplus extern "C" { #endif #define LIBGNUTLS_VERSION "@VERSION@" @DEFINE_SIZE_T@ @DEFINE_TIME_T@ #define GNUTLS_CIPHER_AES_128_CBC GNUTLS_CIPHER_RIJNDAEL_128_CBC #define GNUTLS_CIPHER_AES_256_CBC GNUTLS_CIPHER_RIJNDAEL_256_CBC #define GNUTLS_CIPHER_RIJNDAEL_CBC GNUTLS_CIPHER_RIJNDAEL_128_CBC typedef enum GNUTLS_BulkCipherAlgorithm { GNUTLS_CIPHER_NULL=1, GNUTLS_CIPHER_ARCFOUR, GNUTLS_CIPHER_3DES_CBC, GNUTLS_CIPHER_RIJNDAEL_128_CBC, GNUTLS_CIPHER_TWOFISH_128_CBC, GNUTLS_CIPHER_RIJNDAEL_256_CBC, GNUTLS_CIPHER_ARCFOUR_EXPORT } GNUTLS_BulkCipherAlgorithm; typedef enum GNUTLS_KXAlgorithm { GNUTLS_KX_RSA=1, GNUTLS_KX_DHE_DSS, GNUTLS_KX_DHE_RSA, GNUTLS_KX_ANON_DH, GNUTLS_KX_SRP } GNUTLS_KXAlgorithm; typedef enum GNUTLS_CredType { GNUTLS_CRD_CERTIFICATE=1, GNUTLS_CRD_ANON, GNUTLS_CRD_SRP } GNUTLS_CredType; typedef enum GNUTLS_MACAlgorithm { GNUTLS_MAC_NULL=1, GNUTLS_MAC_MD5, GNUTLS_MAC_SHA } GNUTLS_MACAlgorithm; typedef enum GNUTLS_DigestAlgorithm { GNUTLS_DIG_NULL=1, GNUTLS_DIG_MD5, GNUTLS_DIG_SHA } GNUTLS_DigestAlgorithm; /* exported for other gnutls headers. This is the maximum number * of algorithms (ciphers, kx or macs). */ #define GNUTLS_MAX_ALGORITHM_NUM 8 typedef enum GNUTLS_CompressionMethod { GNUTLS_COMP_NULL=1, GNUTLS_COMP_ZLIB } GNUTLS_CompressionMethod; typedef enum GNUTLS_ConnectionEnd { GNUTLS_SERVER=1, GNUTLS_CLIENT } GNUTLS_ConnectionEnd; typedef enum GNUTLS_AlertLevel { GNUTLS_AL_WARNING=1, GNUTLS_AL_FATAL } GNUTLS_AlertLevel; typedef enum GNUTLS_AlertDescription { GNUTLS_A_CLOSE_NOTIFY, GNUTLS_A_UNEXPECTED_MESSAGE=10, GNUTLS_A_BAD_RECORD_MAC=20, GNUTLS_A_DECRYPTION_FAILED, GNUTLS_A_RECORD_OVERFLOW, GNUTLS_A_DECOMPRESSION_FAILURE=30, GNUTLS_A_HANDSHAKE_FAILURE=40, GNUTLS_A_SSL3_NO_CERTIFICATE=41, GNUTLS_A_BAD_CERTIFICATE=42, GNUTLS_A_UNSUPPORTED_CERTIFICATE, GNUTLS_A_CERTIFICATE_REVOKED, GNUTLS_A_CERTIFICATE_EXPIRED, GNUTLS_A_CERTIFICATE_UNKNOWN, GNUTLS_A_ILLEGAL_PARAMETER, GNUTLS_A_UNKNOWN_CA, GNUTLS_A_ACCESS_DENIED, GNUTLS_A_DECODE_ERROR=50, GNUTLS_A_DECRYPT_ERROR, GNUTLS_A_EXPORT_RESTRICTION=60, GNUTLS_A_PROTOCOL_VERSION=70, GNUTLS_A_INSUFFICIENT_SECURITY, GNUTLS_A_INTERNAL_ERROR=80, GNUTLS_A_USER_CANCELED=90, GNUTLS_A_NO_RENEGOTIATION=100 } GNUTLS_AlertDescription; typedef enum GNUTLS_CertificateStatus { GNUTLS_CERT_NOT_TRUSTED=2, GNUTLS_CERT_INVALID=4, GNUTLS_CERT_CORRUPTED=16, GNUTLS_CERT_REVOKED=32 } GNUTLS_CertificateStatus; typedef enum GNUTLS_CertificateRequest { GNUTLS_CERT_IGNORE, GNUTLS_CERT_REQUEST=1, GNUTLS_CERT_REQUIRE } GNUTLS_CertificateRequest; typedef enum GNUTLS_OpenPGPKeyStatus { GNUTLS_OPENPGP_KEY, GNUTLS_OPENPGP_KEY_FINGERPRINT } GNUTLS_OpenPGPKeyStatus; typedef enum GNUTLS_CloseRequest { GNUTLS_SHUT_RDWR=0, GNUTLS_SHUT_WR=1 } GNUTLS_CloseRequest; typedef enum GNUTLS_Version { GNUTLS_SSL3=1, GNUTLS_TLS1 } GNUTLS_Version; typedef enum GNUTLS_CertificateType { GNUTLS_CRT_X509=1, GNUTLS_CRT_OPENPGP } GNUTLS_CertificateType; typedef enum GNUTLS_X509_CertificateFmt { GNUTLS_X509_FMT_DER, GNUTLS_X509_FMT_PEM } GNUTLS_X509_CertificateFmt; typedef enum GNUTLS_PKAlgorithm { GNUTLS_PK_RSA = 1, GNUTLS_PK_DSA } GNUTLS_PKAlgorithm; /* If you want to change this, then also change the * define in gnutls_int.h, and recompile. */ #define GNUTLS_TRANSPORT_PTR int typedef const int* GNUTLS_LIST; /* STATE is not really descriptive. Think of it as * as session. */ struct GNUTLS_STATE_INT; typedef struct GNUTLS_STATE_INT* GNUTLS_STATE; struct GNUTLS_DH_PARAMS_INT; typedef struct GNUTLS_DH_PARAMS_INT* GNUTLS_DH_PARAMS; typedef struct { unsigned char * data; int size; } gnutls_datum; /* internal functions */ int gnutls_init(GNUTLS_STATE * state, GNUTLS_ConnectionEnd con_end); void gnutls_deinit(GNUTLS_STATE state); int gnutls_bye( GNUTLS_STATE state, GNUTLS_CloseRequest how); #define gnutls_close gnutls_bye int gnutls_handshake( GNUTLS_STATE state); int gnutls_rehandshake( GNUTLS_STATE state); int gnutls_handshake_get_direction(GNUTLS_STATE state); GNUTLS_AlertDescription gnutls_alert_get( GNUTLS_STATE state); int gnutls_alert_send( GNUTLS_STATE, GNUTLS_AlertLevel, GNUTLS_AlertDescription); int gnutls_alert_send_appropriate( GNUTLS_STATE state, int err); const char* gnutls_alert_get_name( int alert); /* get information on the current state */ GNUTLS_BulkCipherAlgorithm gnutls_cipher_get( GNUTLS_STATE state); GNUTLS_KXAlgorithm gnutls_kx_get( GNUTLS_STATE state); GNUTLS_MACAlgorithm gnutls_mac_get( GNUTLS_STATE state); GNUTLS_CompressionMethod gnutls_compression_get( GNUTLS_STATE state); GNUTLS_CertificateType gnutls_cert_type_get( GNUTLS_STATE state); size_t gnutls_cipher_get_key_size( GNUTLS_BulkCipherAlgorithm algorithm); /* the name of the specified algorithms */ const char *gnutls_cipher_get_name( GNUTLS_BulkCipherAlgorithm); const char *gnutls_mac_get_name( GNUTLS_MACAlgorithm); const char *gnutls_compression_get_name( GNUTLS_CompressionMethod); const char *gnutls_kx_get_name( GNUTLS_KXAlgorithm algorithm); const char *gnutls_cert_type_get_name( GNUTLS_CertificateType type); /* error functions */ int gnutls_error_is_fatal( int error); void gnutls_perror( int error); const char* gnutls_strerror( int error); /* Semi-internal functions. */ void gnutls_handshake_set_private_extensions(GNUTLS_STATE state, int allow); void gnutls_record_set_cbc_protection(GNUTLS_STATE state, int prot); void gnutls_handshake_set_exportable_detection(GNUTLS_STATE state, int det); void gnutls_handshake_set_rsa_pms_check(GNUTLS_STATE state, int check); /* Record layer functions. */ ssize_t gnutls_record_send( GNUTLS_STATE state, const void *data, size_t sizeofdata); ssize_t gnutls_record_recv( GNUTLS_STATE state, void *data, size_t sizeofdata); #define gnutls_read gnutls_record_recv #define gnutls_write gnutls_record_send size_t gnutls_record_get_max_size( GNUTLS_STATE state); ssize_t gnutls_record_set_max_size( GNUTLS_STATE state, size_t size); size_t gnutls_record_check_pending(GNUTLS_STATE state); /* functions to set priority of cipher suites */ int gnutls_cipher_set_priority( GNUTLS_STATE state, GNUTLS_LIST); int gnutls_mac_set_priority( GNUTLS_STATE state, GNUTLS_LIST); int gnutls_compression_set_priority( GNUTLS_STATE state, GNUTLS_LIST); int gnutls_kx_set_priority( GNUTLS_STATE state, GNUTLS_LIST); int gnutls_protocol_set_priority( GNUTLS_STATE state, GNUTLS_LIST); int gnutls_cert_type_set_priority( GNUTLS_STATE state, GNUTLS_LIST); /* Returns the name of a cipher suite */ const char *gnutls_cipher_suite_get_name(GNUTLS_KXAlgorithm kx_algorithm, GNUTLS_BulkCipherAlgorithm cipher_algorithm, GNUTLS_MACAlgorithm mac_algorithm); /* get the currently used protocol version */ GNUTLS_Version gnutls_protocol_get_version(GNUTLS_STATE state); const char *gnutls_protocol_get_name(GNUTLS_Version version); /* get/set session */ int gnutls_session_set_data( GNUTLS_STATE state, void* session, int session_size); int gnutls_session_get_data( GNUTLS_STATE state, void* session, int *session_size); /* returns the session ID */ int gnutls_session_get_id( GNUTLS_STATE state, void* session, int *session_size); /* checks if this session is a resumed one */ int gnutls_session_is_resumed(GNUTLS_STATE state); typedef int (*GNUTLS_DB_STORE_FUNC)(void*, gnutls_datum key, gnutls_datum data); typedef int (*GNUTLS_DB_REMOVE_FUNC)(void*, gnutls_datum key); typedef gnutls_datum (*GNUTLS_DB_RETR_FUNC)(void*, gnutls_datum key); void gnutls_db_set_cache_expiration( GNUTLS_STATE state, int seconds); void gnutls_db_remove_session( GNUTLS_STATE state); void gnutls_db_set_retrieve_function( GNUTLS_STATE, GNUTLS_DB_RETR_FUNC); void gnutls_db_set_remove_function( GNUTLS_STATE, GNUTLS_DB_REMOVE_FUNC); void gnutls_db_set_store_function( GNUTLS_STATE, GNUTLS_DB_STORE_FUNC); void gnutls_db_set_ptr( GNUTLS_STATE, void* db_ptr); void* gnutls_db_get_ptr( GNUTLS_STATE); int gnutls_db_check_entry( GNUTLS_STATE state, gnutls_datum session_entry); void gnutls_handshake_set_max_packet_length( GNUTLS_STATE state, int max); /* returns libgnutls version */ const char* gnutls_check_version( const char*); /* Functions for setting/clearing credentials */ int gnutls_clear_creds( GNUTLS_STATE state); /* cred is a structure defined by the kx algorithm */ int gnutls_cred_set( GNUTLS_STATE, GNUTLS_CredType type, void* cred); /* Credential structures for SRP - used in gnutls_set_cred(); */ struct DSTRUCT; typedef struct DSTRUCT* GNUTLS_CERTIFICATE_CREDENTIALS; typedef GNUTLS_CERTIFICATE_CREDENTIALS GNUTLS_CERTIFICATE_CLIENT_CREDENTIALS; typedef GNUTLS_CERTIFICATE_CREDENTIALS GNUTLS_CERTIFICATE_SERVER_CREDENTIALS; typedef struct DSTRUCT* GNUTLS_ANON_SERVER_CREDENTIALS; typedef struct DSTRUCT* GNUTLS_ANON_CLIENT_CREDENTIALS; void gnutls_anon_free_server_cred( GNUTLS_ANON_SERVER_CREDENTIALS sc); int gnutls_anon_allocate_server_cred( GNUTLS_ANON_SERVER_CREDENTIALS *sc); #define gnutls_anon_free_server_sc gnutls_anon_free_server_cred #define gnutls_anon_allocate_server_sc gnutls_anon_allocate_server_cred int gnutls_anon_set_server_cred( GNUTLS_ANON_SERVER_CREDENTIALS res); void gnutls_anon_set_server_dh_params( GNUTLS_ANON_SERVER_CREDENTIALS res, GNUTLS_DH_PARAMS); void gnutls_anon_free_client_cred( GNUTLS_ANON_SERVER_CREDENTIALS sc); int gnutls_anon_allocate_client_cred( GNUTLS_ANON_SERVER_CREDENTIALS *sc); #define gnutls_anon_free_client_sc gnutls_anon_free_client_cred #define gnutls_anon_allocate_client_sc gnutls_anon_allocate_client_cred int gnutls_anon_set_client_cred( GNUTLS_ANON_SERVER_CREDENTIALS res); /* CERTFILE is an x509 certificate in PEM form. * KEYFILE is a pkcs-1 private key in PEM form (for RSA keys). */ void gnutls_certificate_free_cred( GNUTLS_CERTIFICATE_CREDENTIALS sc); int gnutls_certificate_allocate_cred( GNUTLS_CERTIFICATE_CREDENTIALS *sc); #define gnutls_certificate_free_sc gnutls_certificate_free_cred #define gnutls_certificate_allocate_sc gnutls_certificate_allocate_cred int gnutls_certificate_set_dh_params(GNUTLS_CERTIFICATE_CREDENTIALS res, GNUTLS_DH_PARAMS); int gnutls_certificate_set_x509_trust_file( GNUTLS_CERTIFICATE_CREDENTIALS res, const char* CAFILE, GNUTLS_X509_CertificateFmt); int gnutls_certificate_set_x509_trust_mem(GNUTLS_CERTIFICATE_CREDENTIALS res, const gnutls_datum *CA, GNUTLS_X509_CertificateFmt); int gnutls_certificate_set_x509_key_file( GNUTLS_CERTIFICATE_CREDENTIALS res, const char *CERTFILE, const char* KEYFILE, GNUTLS_X509_CertificateFmt); int gnutls_certificate_set_x509_key_mem(GNUTLS_CERTIFICATE_CREDENTIALS res, const gnutls_datum* CERT, const gnutls_datum* KEY, GNUTLS_X509_CertificateFmt); /* global state functions */ /* In this version global_init accepts two files (pkix.asn, pkcs1.asn). * This will not be the case in the final version. These files * are located in the src/ directory of gnutls distribution. */ int gnutls_global_init(void); void gnutls_global_deinit(void); void gnutls_global_set_mem_functions( void *(*gnutls_alloc_func)(size_t), void* (*gnutls_secure_alloc_func)(size_t), int (*gnutls_is_secure_func)(const void*), void *(*gnutls_realloc_func)(void *, size_t), void (*gnutls_free_func)(void*)); #define gnutls_global_set_mem_func gnutls_global_set_mem_functions typedef void (*GNUTLS_LOG_FUNC)( const char*); void gnutls_global_set_log_function( GNUTLS_LOG_FUNC log_func); #define gnutls_global_set_log_func gnutls_global_set_log_function int gnutls_dh_params_set( GNUTLS_DH_PARAMS, gnutls_datum prime, gnutls_datum generator, int bits); int gnutls_dh_params_init( GNUTLS_DH_PARAMS*); void gnutls_dh_params_deinit( GNUTLS_DH_PARAMS); int gnutls_dh_params_generate( gnutls_datum* prime, gnutls_datum* generator, int bits); typedef ssize_t (*GNUTLS_PULL_FUNC)(GNUTLS_TRANSPORT_PTR, void*, size_t); typedef ssize_t (*GNUTLS_PUSH_FUNC)(GNUTLS_TRANSPORT_PTR, const void*, size_t); void gnutls_transport_set_ptr(GNUTLS_STATE state, GNUTLS_TRANSPORT_PTR ptr); void gnutls_transport_set_ptr2(GNUTLS_STATE state, GNUTLS_TRANSPORT_PTR recv_ptr, GNUTLS_TRANSPORT_PTR send_ptr); GNUTLS_TRANSPORT_PTR gnutls_transport_get_ptr(GNUTLS_STATE state); void gnutls_transport_get_ptr2(GNUTLS_STATE state, GNUTLS_TRANSPORT_PTR *recv_ptr, GNUTLS_TRANSPORT_PTR *send_ptr); void gnutls_transport_set_lowat( GNUTLS_STATE state, int num); void gnutls_transport_set_push_function( GNUTLS_STATE, GNUTLS_PUSH_FUNC push_func); void gnutls_transport_set_pull_function( GNUTLS_STATE, GNUTLS_PULL_FUNC pull_func); #define gnutls_transport_set_push_func gnutls_transport_set_push_function #define gnutls_transport_set_pull_func gnutls_transport_set_pull_function /* state specific */ void gnutls_state_set_ptr(GNUTLS_STATE state, void* ptr); void* gnutls_state_get_ptr(GNUTLS_STATE state); void gnutls_openpgp_send_key(GNUTLS_STATE state, GNUTLS_OpenPGPKeyStatus status); int gnutls_x509_fingerprint(GNUTLS_DigestAlgorithm algo, const gnutls_datum* data, char* result, size_t* result_size);