/* * Copyright (C) 2000,2001 Nikos Mavroyanopoulos * * This file is part of GNUTLS. * * GNUTLS is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2 of the License, or * (at your option) any later version. * * GNUTLS is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA */ #ifndef GNUTLS_H # define GNUTLS_H #ifdef __cplusplus extern "C" { #endif #define LIBGNUTLS_VERSION "@VERSION@" @DEFINE_SIZE_T@ @DEFINE_TIME_T@ #define GNUTLS_AES GNUTLS_RIJNDAEL typedef enum BulkCipherAlgorithm { GNUTLS_CIPHER_NULL=1, GNUTLS_CIPHER_ARCFOUR, GNUTLS_CIPHER_3DES_CBC, GNUTLS_CIPHER_RIJNDAEL_CBC, GNUTLS_CIPHER_TWOFISH_CBC, GNUTLS_CIPHER_RIJNDAEL256_CBC } BulkCipherAlgorithm; typedef enum KXAlgorithm { GNUTLS_KX_X509PKI_RSA=1, GNUTLS_KX_X509PKI_DHE_DSS, GNUTLS_KX_X509PKI_DHE_RSA, GNUTLS_KX_ANON_DH, GNUTLS_KX_SRP } KXAlgorithm; typedef enum CredType { GNUTLS_X509PKI=1, GNUTLS_ANON, GNUTLS_SRP } CredType; typedef enum MACAlgorithm { GNUTLS_MAC_NULL=1, GNUTLS_MAC_MD5, GNUTLS_MAC_SHA } MACAlgorithm; typedef enum CompressionMethod { GNUTLS_COMP_NULL=1, GNUTLS_COMP_ZLIB } CompressionMethod; typedef enum ConnectionEnd { GNUTLS_SERVER=1, GNUTLS_CLIENT } ConnectionEnd; typedef enum AlertLevel { GNUTLS_AL_WARNING=1, GNUTLS_AL_FATAL } AlertLevel; typedef enum AlertDescription { GNUTLS_A_CLOSE_NOTIFY, GNUTLS_A_UNEXPECTED_MESSAGE=10, GNUTLS_A_BAD_RECORD_MAC=20, GNUTLS_A_DECRYPTION_FAILED, GNUTLS_A_RECORD_OVERFLOW, GNUTLS_A_DECOMPRESSION_FAILURE=30, GNUTLS_A_HANDSHAKE_FAILURE=40, GNUTLS_A_NETSCAPE_NO_CLIENT_CERTIFICATE=41, GNUTLS_A_BAD_CERTIFICATE=42, GNUTLS_A_UNSUPPORTED_CERTIFICATE, GNUTLS_A_CERTIFICATE_REVOKED, GNUTLS_A_CERTIFICATE_EXPIRED, GNUTLS_A_CERTIFICATE_UNKNOWN, GNUTLS_A_ILLEGAL_PARAMETER, GNUTLS_A_UNKNOWN_CA, GNUTLS_A_ACCESS_DENIED, GNUTLS_A_DECODE_ERROR=50, GNUTLS_A_DECRYPT_ERROR, GNUTLS_A_EXPORT_RESTRICTION=60, GNUTLS_A_PROTOCOL_VERSION=70, GNUTLS_A_INSUFFICIENT_SECURITY, GNUTLS_A_INTERNAL_ERROR=80, GNUTLS_A_USER_CANCELED=90, GNUTLS_A_NO_RENEGOTIATION=100 } AlertDescription; typedef enum GNUTLS_NAME_IND { GNUTLS_DNSNAME=1 } GNUTLS_NAME_IND; typedef enum CertificateStatus { GNUTLS_CERT_TRUSTED=1, GNUTLS_CERT_NOT_TRUSTED, GNUTLS_CERT_EXPIRED, GNUTLS_CERT_INVALID, GNUTLS_CERT_NONE } CertificateStatus; typedef enum CertificateRequest { GNUTLS_CERT_REQUEST=1, GNUTLS_CERT_REQUIRE } CertificateRequest; typedef enum CloseRequest { GNUTLS_SHUT_RDWR=0, GNUTLS_SHUT_WR=1 } CloseRequest; typedef enum GNUTLS_Version { GNUTLS_SSL3=1, GNUTLS_TLS1 } GNUTLS_Version; /* If you want to change this, then also change the * define in gnutls_int.h, and recompile. */ #define GNUTLS_SOCKET_PTR int typedef const int* GNUTLS_LIST; struct GNUTLS_STATE_INT; typedef struct GNUTLS_STATE_INT* GNUTLS_STATE; typedef struct { unsigned char * data; int size; } gnutls_datum; typedef enum PKAlgorithm { GNUTLS_PK_RSA = 1, GNUTLS_PK_DSA, /* sign only */ GNUTLS_PK_DH } PKAlgorithm; /* You cannot use these structures directly */ typedef struct gnutls_cert gnutls_cert; typedef struct gnutls_private_key gnutls_private_key; /* internal functions */ int gnutls_init(GNUTLS_STATE * state, ConnectionEnd con_end); int gnutls_deinit(GNUTLS_STATE state); int gnutls_bye( GNUTLS_STATE state, CloseRequest how); int gnutls_handshake( GNUTLS_STATE state); int gnutls_check_pending(GNUTLS_STATE state); int gnutls_rehandshake( GNUTLS_STATE state); AlertDescription gnutls_get_last_alert( GNUTLS_STATE state); int gnutls_send_alert(GNUTLS_SOCKET_PTR, GNUTLS_STATE, AlertLevel, AlertDescription); int gnutls_send_appropriate_alert( GNUTLS_STATE state, int err); /* get information on the current state */ BulkCipherAlgorithm gnutls_cipher_get_algo( GNUTLS_STATE state); KXAlgorithm gnutls_kx_get_algo( GNUTLS_STATE state); MACAlgorithm gnutls_mac_get_algo( GNUTLS_STATE state); CompressionMethod gnutls_compression_get_algo( GNUTLS_STATE state); /* the name of the specified algorithms */ const char *gnutls_cipher_get_name( BulkCipherAlgorithm); const char *gnutls_mac_get_name( MACAlgorithm); const char *gnutls_compression_get_name( CompressionMethod); const char *gnutls_kx_get_name( KXAlgorithm algorithm); /* error functions */ int gnutls_is_fatal_error( int error); void gnutls_perror( int error); const char* gnutls_strerror( int error); ssize_t gnutls_write( GNUTLS_STATE state, void *data, size_t sizeofdata); ssize_t gnutls_read( GNUTLS_STATE state, void *data, size_t sizeofdata); /* functions to set priority of cipher suites */ int gnutls_cipher_set_priority( GNUTLS_STATE state, GNUTLS_LIST); int gnutls_mac_set_priority( GNUTLS_STATE state, GNUTLS_LIST); int gnutls_compression_set_priority( GNUTLS_STATE state, GNUTLS_LIST); int gnutls_kx_set_priority( GNUTLS_STATE state, GNUTLS_LIST); int gnutls_protocol_set_priority( GNUTLS_STATE state, GNUTLS_LIST); /* set our version - 0 for TLS 1.0 and 1 for SSL3 */ GNUTLS_Version gnutls_protocol_get_version(GNUTLS_STATE state); const char *gnutls_protocol_get_name(GNUTLS_Version version); /* get/set session */ int gnutls_session_set_data( GNUTLS_STATE state, void* session, int session_size); int gnutls_session_get_data( GNUTLS_STATE state, void* session, int *session_size); /* returns the session ID */ int gnutls_session_get_id( GNUTLS_STATE state, void* session, int *session_size); typedef int (*DB_STORE_FUNC)(void*, gnutls_datum key, gnutls_datum data); typedef int (*DB_REMOVE_FUNC)(void*, gnutls_datum key); typedef gnutls_datum (*DB_RETR_FUNC)(void*, gnutls_datum key); void gnutls_set_lowat( GNUTLS_STATE state, int num); void gnutls_set_cache_expiration( GNUTLS_STATE state, int seconds); int gnutls_db_set_name( GNUTLS_STATE state, char* filename); int gnutls_db_clean( GNUTLS_STATE state); void gnutls_db_set_retrieve_func( GNUTLS_STATE, DB_RETR_FUNC); void gnutls_db_set_remove_func( GNUTLS_STATE, DB_REMOVE_FUNC); void gnutls_db_set_store_func( GNUTLS_STATE, DB_STORE_FUNC); void gnutls_db_set_ptr( GNUTLS_STATE, void* db_ptr); int gnutls_db_check_entry( GNUTLS_STATE state, gnutls_datum session_entry); void gnutls_set_max_handshake_data_buffer_size( GNUTLS_STATE state, int max); /* returns libgnutls version */ const char* gnutls_check_version(); /* Functions for setting/clearing credentials */ int gnutls_clear_creds( GNUTLS_STATE state); /* cred is a structure defined by the kx algorithm */ int gnutls_set_cred( GNUTLS_STATE, CredType type, void* cred); /* A null terminated string containing the dnsname. * This will only exist if the client supports the dnsname * TLS extension. (draft-ietf-tls-extensions) */ const void* gnutls_ext_get_name_ind( GNUTLS_STATE state, GNUTLS_NAME_IND ind); int gnutls_ext_set_name_ind( GNUTLS_STATE state, GNUTLS_NAME_IND ind, const void* name); /* This will set the Common Name field in case of X509PKI * authentication. This will be used while verifying the * certificate */ /* Credential structures for SRP - used in gnutls_set_cred(); */ struct DSTRUCT; typedef struct DSTRUCT* X509PKI_CREDENTIALS; typedef X509PKI_CREDENTIALS X509PKI_CLIENT_CREDENTIALS; typedef X509PKI_CREDENTIALS X509PKI_SERVER_CREDENTIALS; typedef struct DSTRUCT* SRP_SERVER_CREDENTIALS; typedef struct DSTRUCT* SRP_CLIENT_CREDENTIALS; typedef struct DSTRUCT* ANON_SERVER_CREDENTIALS; typedef struct DSTRUCT* ANON_CLIENT_CREDENTIALS; void gnutls_srp_free_client_sc( SRP_CLIENT_CREDENTIALS sc); int gnutls_srp_allocate_client_sc( SRP_CLIENT_CREDENTIALS *sc); int gnutls_srp_set_client_cred( SRP_CLIENT_CREDENTIALS res, char *username, char* password); void gnutls_srp_free_server_sc( SRP_SERVER_CREDENTIALS sc); int gnutls_srp_allocate_server_sc( SRP_SERVER_CREDENTIALS *sc); int gnutls_srp_set_server_cred( SRP_SERVER_CREDENTIALS res, char *password_file, char* password_conf_file); void gnutls_anon_free_server_sc( ANON_SERVER_CREDENTIALS sc); int gnutls_anon_allocate_server_sc( ANON_SERVER_CREDENTIALS *sc); int gnutls_anon_set_server_cred( ANON_SERVER_CREDENTIALS res, int dh_bits); /* CERTFILE is an x509 certificate in PEM form. * KEYFILE is a pkcs-1 private key in PEM form (for RSA keys). */ void gnutls_x509pki_free_sc( X509PKI_CREDENTIALS sc); int gnutls_x509pki_allocate_sc( X509PKI_CREDENTIALS *sc, int ncerts); int gnutls_x509pki_set_key( X509PKI_CREDENTIALS res, char *CERTFILE, char* KEYFILE); int gnutls_x509pki_set_trust( X509PKI_CREDENTIALS res, char* CAFILE, char* CRLFILE); #define gnutls_x509pki_free_server_sc gnutls_x509pki_free_sc #define gnutls_x509pki_allocate_server_sc gnutls_x509pki_allocate_sc #define gnutls_x509pki_set_server_key gnutls_x509pki_set_key #define gnutls_x509pki_set_server_trust gnutls_x509pki_set_trust #define gnutls_x509pki_free_client_sc gnutls_x509pki_free_sc #define gnutls_x509pki_allocate_client_sc gnutls_x509pki_allocate_sc #define gnutls_x509pki_set_client_key gnutls_x509pki_set_key #define gnutls_x509pki_set_client_trust gnutls_x509pki_set_trust /* global state functions */ /* In this version global_init accepts two files (pkix.asn, pkcs1.asn). * This will not be the case in the final version. These files * are located in the src/ directory of gnutls distribution. */ int gnutls_global_init(); void gnutls_global_deinit(); int gnutls_dh_replace_params( gnutls_datum prime, gnutls_datum generator, int bits); int gnutls_dh_generate_params( gnutls_datum* prime, gnutls_datum* generator, int bits); typedef ssize_t (*GNUTLS_PULL_FUNC)(GNUTLS_SOCKET_PTR, void*, size_t); typedef ssize_t (*GNUTLS_PUSH_FUNC)(GNUTLS_SOCKET_PTR, const void*, size_t); void gnutls_transport_set_ptr(GNUTLS_STATE state, GNUTLS_SOCKET_PTR ptr); typedef void (*LOG_FUNC)( const char*); void gnutls_transport_set_push_function( GNUTLS_STATE, GNUTLS_PUSH_FUNC push_func); void gnutls_transport_set_pull_function( GNUTLS_STATE, GNUTLS_PULL_FUNC pull_func); size_t gnutls_get_max_record_size( GNUTLS_STATE state); size_t gnutls_set_max_record_size( GNUTLS_STATE state, size_t size);