1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
|
/*
* Copyright (C) 2000,2001,2002 Nikos Mavroyanopoulos
*
* This file is part of GNUTLS.
*
* GNUTLS is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* GNUTLS is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
*/
#ifndef GNUTLS_H
# define GNUTLS_H
#ifdef __cplusplus
extern "C" {
#endif
#define LIBGNUTLS_VERSION "@VERSION@"
@DEFINE_SIZE_T@
@DEFINE_TIME_T@
#define GNUTLS_CIPHER_AES_128_CBC GNUTLS_CIPHER_RIJNDAEL_128_CBC
#define GNUTLS_CIPHER_AES_256_CBC GNUTLS_CIPHER_RIJNDAEL_256_CBC
#define GNUTLS_CIPHER_RIJNDAEL_CBC GNUTLS_CIPHER_RIJNDAEL_128_CBC
typedef enum GNUTLS_BulkCipherAlgorithm { GNUTLS_CIPHER_NULL=1, GNUTLS_CIPHER_ARCFOUR, GNUTLS_CIPHER_3DES_CBC, GNUTLS_CIPHER_RIJNDAEL_128_CBC, GNUTLS_CIPHER_TWOFISH_128_CBC, GNUTLS_CIPHER_RIJNDAEL_256_CBC } GNUTLS_BulkCipherAlgorithm;
typedef enum GNUTLS_KXAlgorithm { GNUTLS_KX_RSA=1, GNUTLS_KX_DHE_DSS, GNUTLS_KX_DHE_RSA, GNUTLS_KX_ANON_DH, GNUTLS_KX_SRP } GNUTLS_KXAlgorithm;
typedef enum GNUTLS_CredType { GNUTLS_CRD_CERTIFICATE=1, GNUTLS_CRD_ANON, GNUTLS_CRD_SRP } GNUTLS_CredType;
typedef enum GNUTLS_MACAlgorithm { GNUTLS_MAC_NULL=1, GNUTLS_MAC_MD5, GNUTLS_MAC_SHA } GNUTLS_MACAlgorithm;
typedef enum GNUTLS_DigestAlgorithm { GNUTLS_DIG_NULL=1, GNUTLS_DIG_MD5, GNUTLS_DIG_SHA } GNUTLS_DigestAlgorithm;
typedef enum GNUTLS_CompressionMethod { GNUTLS_COMP_NULL=1, GNUTLS_COMP_ZLIB } GNUTLS_CompressionMethod;
typedef enum GNUTLS_ConnectionEnd { GNUTLS_SERVER=1, GNUTLS_CLIENT } GNUTLS_ConnectionEnd;
typedef enum GNUTLS_AlertLevel { GNUTLS_AL_WARNING=1, GNUTLS_AL_FATAL } GNUTLS_AlertLevel;
typedef enum GNUTLS_AlertDescription { GNUTLS_A_CLOSE_NOTIFY, GNUTLS_A_UNEXPECTED_MESSAGE=10, GNUTLS_A_BAD_RECORD_MAC=20,
GNUTLS_A_DECRYPTION_FAILED, GNUTLS_A_RECORD_OVERFLOW, GNUTLS_A_DECOMPRESSION_FAILURE=30,
GNUTLS_A_HANDSHAKE_FAILURE=40, GNUTLS_A_SSL3_NO_CERTIFICATE=41,
GNUTLS_A_BAD_CERTIFICATE=42, GNUTLS_A_UNSUPPORTED_CERTIFICATE,
GNUTLS_A_CERTIFICATE_REVOKED, GNUTLS_A_CERTIFICATE_EXPIRED, GNUTLS_A_CERTIFICATE_UNKNOWN,
GNUTLS_A_ILLEGAL_PARAMETER, GNUTLS_A_UNKNOWN_CA, GNUTLS_A_ACCESS_DENIED, GNUTLS_A_DECODE_ERROR=50,
GNUTLS_A_DECRYPT_ERROR, GNUTLS_A_EXPORT_RESTRICTION=60, GNUTLS_A_PROTOCOL_VERSION=70,
GNUTLS_A_INSUFFICIENT_SECURITY, GNUTLS_A_INTERNAL_ERROR=80, GNUTLS_A_USER_CANCELED=90,
GNUTLS_A_NO_RENEGOTIATION=100
} GNUTLS_AlertDescription;
typedef enum GNUTLS_CertificateStatus {
GNUTLS_CERT_NOT_TRUSTED=2,
GNUTLS_CERT_INVALID=4,
GNUTLS_CERT_EXPIRED=8, GNUTLS_CERT_CORRUPTED=16,
GNUTLS_CERT_REVOKED=32
} GNUTLS_CertificateStatus;
typedef enum GNUTLS_CertificateRequest { GNUTLS_CERT_IGNORE, GNUTLS_CERT_REQUEST=1, GNUTLS_CERT_REQUIRE } GNUTLS_CertificateRequest;
typedef enum GNUTLS_OpenPGPKeyStatus { GNUTLS_OPENPGP_KEY,
GNUTLS_OPENPGP_KEY_FINGERPRINT
} GNUTLS_OpenPGPKeyStatus;
typedef enum GNUTLS_CloseRequest { GNUTLS_SHUT_RDWR=0, GNUTLS_SHUT_WR=1 } GNUTLS_CloseRequest;
typedef enum GNUTLS_Version { GNUTLS_SSL3=1, GNUTLS_TLS1 } GNUTLS_Version;
typedef enum GNUTLS_CertificateType { GNUTLS_CRT_X509=1, GNUTLS_CRT_OPENPGP
} GNUTLS_CertificateType;
typedef enum GNUTLS_X509_CertificateFmt { GNUTLS_X509_FMT_DER,
GNUTLS_X509_FMT_PEM } GNUTLS_X509_CertificateFmt;
/* If you want to change this, then also change the
* define in gnutls_int.h, and recompile.
*/
#define GNUTLS_TRANSPORT_PTR int
typedef const int* GNUTLS_LIST;
struct GNUTLS_STATE_INT;
typedef struct GNUTLS_STATE_INT* GNUTLS_STATE;
struct GNUTLS_DH_PARAMS_INT;
typedef struct GNUTLS_DH_PARAMS_INT* GNUTLS_DH_PARAMS;
typedef struct {
unsigned char * data;
int size;
} gnutls_datum;
/* internal functions */
int gnutls_init(GNUTLS_STATE * state, GNUTLS_ConnectionEnd con_end);
void gnutls_deinit(GNUTLS_STATE state);
int gnutls_bye( GNUTLS_STATE state, GNUTLS_CloseRequest how);
#define gnutls_close gnutls_bye
int gnutls_handshake( GNUTLS_STATE state);
int gnutls_rehandshake( GNUTLS_STATE state);
GNUTLS_AlertDescription gnutls_alert_get( GNUTLS_STATE state);
int gnutls_alert_send( GNUTLS_STATE, GNUTLS_AlertLevel, GNUTLS_AlertDescription);
int gnutls_alert_send_appropriate( GNUTLS_STATE state, int err);
const char* gnutls_alert_get_name( int alert);
/* get information on the current state */
GNUTLS_BulkCipherAlgorithm gnutls_cipher_get( GNUTLS_STATE state);
GNUTLS_KXAlgorithm gnutls_kx_get( GNUTLS_STATE state);
GNUTLS_MACAlgorithm gnutls_mac_get( GNUTLS_STATE state);
GNUTLS_CompressionMethod gnutls_compression_get( GNUTLS_STATE state);
GNUTLS_CertificateType gnutls_cert_type_get( GNUTLS_STATE state);
/* the name of the specified algorithms */
const char *gnutls_cipher_get_name( GNUTLS_BulkCipherAlgorithm);
const char *gnutls_mac_get_name( GNUTLS_MACAlgorithm);
const char *gnutls_compression_get_name( GNUTLS_CompressionMethod);
const char *gnutls_kx_get_name( GNUTLS_KXAlgorithm algorithm);
const char *gnutls_cert_type_get_name( GNUTLS_CertificateType type);
/* error functions */
int gnutls_error_is_fatal( int error);
void gnutls_perror( int error);
const char* gnutls_strerror( int error);
void gnutls_record_set_cbc_protection(GNUTLS_STATE state, int prot);
ssize_t gnutls_record_send( GNUTLS_STATE state, const void *data, size_t sizeofdata);
ssize_t gnutls_record_recv( GNUTLS_STATE state, void *data, size_t sizeofdata);
#define gnutls_read gnutls_record_recv
#define gnutls_write gnutls_record_send
/* functions to set priority of cipher suites */
int gnutls_cipher_set_priority( GNUTLS_STATE state, GNUTLS_LIST);
int gnutls_mac_set_priority( GNUTLS_STATE state, GNUTLS_LIST);
int gnutls_compression_set_priority( GNUTLS_STATE state, GNUTLS_LIST);
int gnutls_kx_set_priority( GNUTLS_STATE state, GNUTLS_LIST);
int gnutls_protocol_set_priority( GNUTLS_STATE state, GNUTLS_LIST);
int gnutls_cert_type_set_priority( GNUTLS_STATE state, GNUTLS_LIST);
/* set our version - 0 for TLS 1.0 and 1 for SSL3 */
GNUTLS_Version gnutls_protocol_get_version(GNUTLS_STATE state);
const char *gnutls_protocol_get_name(GNUTLS_Version version);
/* get/set session */
int gnutls_session_set_data( GNUTLS_STATE state, void* session, int session_size);
int gnutls_session_get_data( GNUTLS_STATE state, void* session, int *session_size);
/* returns the session ID */
int gnutls_session_get_id( GNUTLS_STATE state, void* session, int *session_size);
typedef int (*GNUTLS_DB_STORE_FUNC)(void*, gnutls_datum key, gnutls_datum data);
typedef int (*GNUTLS_DB_REMOVE_FUNC)(void*, gnutls_datum key);
typedef gnutls_datum (*GNUTLS_DB_RETR_FUNC)(void*, gnutls_datum key);
void gnutls_db_set_cache_expiration( GNUTLS_STATE state, int seconds);
int gnutls_db_set_name( GNUTLS_STATE state, const char* filename);
int gnutls_db_clean( GNUTLS_STATE state);
void gnutls_db_remove_session( GNUTLS_STATE state);
void gnutls_db_set_retrieve_func( GNUTLS_STATE, GNUTLS_DB_RETR_FUNC);
void gnutls_db_set_remove_func( GNUTLS_STATE, GNUTLS_DB_REMOVE_FUNC);
void gnutls_db_set_store_func( GNUTLS_STATE, GNUTLS_DB_STORE_FUNC);
void gnutls_db_set_ptr( GNUTLS_STATE, void* db_ptr);
void* gnutls_db_get_ptr( GNUTLS_STATE);
int gnutls_db_check_entry( GNUTLS_STATE state, gnutls_datum session_entry);
void gnutls_handshake_set_max_length( GNUTLS_STATE state, int max);
/* returns libgnutls version */
const char* gnutls_check_version( const char*);
/* Functions for setting/clearing credentials */
int gnutls_clear_creds( GNUTLS_STATE state);
/* cred is a structure defined by the kx algorithm */
int gnutls_cred_set( GNUTLS_STATE, GNUTLS_CredType type, void* cred);
/* Credential structures for SRP - used in gnutls_set_cred(); */
struct DSTRUCT;
typedef struct DSTRUCT* GNUTLS_CERTIFICATE_CREDENTIALS;
typedef GNUTLS_CERTIFICATE_CREDENTIALS GNUTLS_CERTIFICATE_CLIENT_CREDENTIALS;
typedef GNUTLS_CERTIFICATE_CREDENTIALS GNUTLS_CERTIFICATE_SERVER_CREDENTIALS;
typedef struct DSTRUCT* GNUTLS_SRP_SERVER_CREDENTIALS;
typedef struct DSTRUCT* GNUTLS_SRP_CLIENT_CREDENTIALS;
typedef struct DSTRUCT* GNUTLS_ANON_SERVER_CREDENTIALS;
typedef struct DSTRUCT* GNUTLS_ANON_CLIENT_CREDENTIALS;
void gnutls_srp_free_client_sc( GNUTLS_SRP_CLIENT_CREDENTIALS sc);
int gnutls_srp_allocate_client_sc( GNUTLS_SRP_CLIENT_CREDENTIALS *sc);
int gnutls_srp_set_client_cred( GNUTLS_SRP_CLIENT_CREDENTIALS res, char *username, char* password);
void gnutls_srp_free_server_sc( GNUTLS_SRP_SERVER_CREDENTIALS sc);
int gnutls_srp_allocate_server_sc( GNUTLS_SRP_SERVER_CREDENTIALS *sc);
int gnutls_srp_set_server_cred_file( GNUTLS_SRP_SERVER_CREDENTIALS res, char *password_file, char* password_conf_file);
void gnutls_anon_free_server_sc( GNUTLS_ANON_SERVER_CREDENTIALS sc);
int gnutls_anon_allocate_server_sc( GNUTLS_ANON_SERVER_CREDENTIALS *sc);
int gnutls_anon_set_server_cred( GNUTLS_ANON_SERVER_CREDENTIALS res);
void gnutls_anon_set_server_dh_params( GNUTLS_ANON_SERVER_CREDENTIALS res, GNUTLS_DH_PARAMS);
void gnutls_anon_free_client_sc( GNUTLS_ANON_SERVER_CREDENTIALS sc);
int gnutls_anon_allocate_client_sc( GNUTLS_ANON_SERVER_CREDENTIALS *sc);
int gnutls_anon_set_client_cred( GNUTLS_ANON_SERVER_CREDENTIALS res);
/* CERTFILE is an x509 certificate in PEM form.
* KEYFILE is a pkcs-1 private key in PEM form (for RSA keys).
*/
void gnutls_certificate_free_sc( GNUTLS_CERTIFICATE_CREDENTIALS sc);
int gnutls_certificate_allocate_sc( GNUTLS_CERTIFICATE_CREDENTIALS *sc);
int gnutls_certificate_set_dh_params(GNUTLS_CERTIFICATE_CREDENTIALS res, GNUTLS_DH_PARAMS);
int gnutls_certificate_set_x509_trust_file( GNUTLS_CERTIFICATE_CREDENTIALS res, char* CAFILE,
char* CRLFILE, GNUTLS_X509_CertificateFmt);
int gnutls_certificate_set_x509_trust_mem(GNUTLS_CERTIFICATE_CREDENTIALS res, const gnutls_datum *CA,
const gnutls_datum *CRL, GNUTLS_X509_CertificateFmt);
int gnutls_certificate_set_x509_key_file( GNUTLS_CERTIFICATE_CREDENTIALS res,
char *CERTFILE, char* KEYFILE, GNUTLS_X509_CertificateFmt);
int gnutls_certificate_set_x509_key_mem(GNUTLS_CERTIFICATE_CREDENTIALS res,
const gnutls_datum* CERT, const gnutls_datum* KEY,
GNUTLS_X509_CertificateFmt);
int gnutls_certificate_set_openpgp_key_file( GNUTLS_CERTIFICATE_CREDENTIALS res, char *CERTFILE, char* KEYFILE);
int gnutls_certificate_set_openpgp_key_mem( GNUTLS_CERTIFICATE_CREDENTIALS res,
const gnutls_datum* CERT, const gnutls_datum* KEY);
void gnutls_certificate_set_openpgp_keyserver(GNUTLS_CERTIFICATE_CREDENTIALS res,
char* keyserver, int port);
void gnutls_certificate_set_openpgp_trustdb(GNUTLS_CERTIFICATE_CREDENTIALS res,
char* trustdb);
int gnutls_certificate_set_openpgp_keyring_mem( GNUTLS_CERTIFICATE_CREDENTIALS res,
const char *data, size_t len);
int gnutls_certificate_set_openpgp_keyring_file( GNUTLS_CERTIFICATE_CREDENTIALS res, const char *name);
/* global state functions
*/
/* In this version global_init accepts two files (pkix.asn, pkcs1.asn).
* This will not be the case in the final version. These files
* are located in the src/ directory of gnutls distribution.
*/
int gnutls_global_init(void);
void gnutls_global_deinit(void);
int gnutls_dh_params_set( GNUTLS_DH_PARAMS, gnutls_datum prime, gnutls_datum generator, int bits);
int gnutls_dh_params_init( GNUTLS_DH_PARAMS*);
void gnutls_dh_params_deinit( GNUTLS_DH_PARAMS);
int gnutls_dh_params_generate( gnutls_datum* prime, gnutls_datum* generator, int bits);
typedef ssize_t (*GNUTLS_PULL_FUNC)(GNUTLS_TRANSPORT_PTR, void*, size_t);
typedef ssize_t (*GNUTLS_PUSH_FUNC)(GNUTLS_TRANSPORT_PTR, const void*, size_t);
void gnutls_transport_set_ptr(GNUTLS_STATE state, GNUTLS_TRANSPORT_PTR ptr);
GNUTLS_TRANSPORT_PTR gnutls_transport_get_ptr(GNUTLS_STATE state);
void gnutls_transport_set_lowat( GNUTLS_STATE state, int num);
typedef void (*GNUTLS_LOG_FUNC)( const char*);
void gnutls_transport_set_push_func( GNUTLS_STATE, GNUTLS_PUSH_FUNC push_func);
void gnutls_transport_set_pull_func( GNUTLS_STATE, GNUTLS_PULL_FUNC pull_func);
size_t gnutls_record_get_max_size( GNUTLS_STATE state);
ssize_t gnutls_record_set_max_size( GNUTLS_STATE state, size_t size);
size_t gnutls_record_check_pending(GNUTLS_STATE state);
void gnutls_openpgp_send_key(GNUTLS_STATE state, GNUTLS_OpenPGPKeyStatus status);
int gnutls_x509_fingerprint(GNUTLS_DigestAlgorithm algo, const gnutls_datum* data, char* result, size_t* result_size);
int gnutls_openpgp_fingerprint( const gnutls_datum* data, char* result, size_t* result_size);
|
