path: root/lib/gnutls.h.in

/*
 *      Copyright (C) 2000,2001 Nikos Mavroyanopoulos
 *
 * This file is part of GNUTLS.
 *
 * GNUTLS is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation; either version 2 of the License, or
 * (at your option) any later version.
 *
 * GNUTLS is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with this program; if not, write to the Free Software
 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
 */

#ifndef GNUTLS_H
# define GNUTLS_H

#ifdef __cplusplus
extern "C" {
#endif

#define LIBGNUTLS_VERSION "@VERSION@"

#include <sys/types.h>

#define GNUTLS_AES GNUTLS_RIJNDAEL

typedef enum BulkCipherAlgorithm { GNUTLS_NULL_CIPHER=1, GNUTLS_ARCFOUR, GNUTLS_3DES_CBC, GNUTLS_RIJNDAEL_CBC, GNUTLS_TWOFISH_CBC, GNUTLS_RIJNDAEL256_CBC } BulkCipherAlgorithm;
typedef enum KXAlgorithm { GNUTLS_KX_RSA=1, GNUTLS_KX_DHE_DSS, GNUTLS_KX_DHE_RSA, GNUTLS_KX_DH_DSS, GNUTLS_KX_DH_RSA, GNUTLS_KX_DH_ANON, GNUTLS_KX_SRP } KXAlgorithm;
typedef enum CredType { GNUTLS_X509PKI=1, GNUTLS_ANON, GNUTLS_SRP } CredType;
typedef enum MACAlgorithm { GNUTLS_NULL_MAC=1, GNUTLS_MAC_MD5, GNUTLS_MAC_SHA } MACAlgorithm;
typedef enum CompressionMethod { GNUTLS_NULL_COMPRESSION=1, GNUTLS_ZLIB } CompressionMethod;
typedef enum ConnectionEnd { GNUTLS_SERVER=1, GNUTLS_CLIENT } ConnectionEnd;
typedef enum AlertLevel { GNUTLS_WARNING=1, GNUTLS_FATAL } AlertLevel;
typedef enum AlertDescription { GNUTLS_CLOSE_NOTIFY, GNUTLS_UNEXPECTED_MESSAGE=10, GNUTLS_BAD_RECORD_MAC=20,
			GNUTLS_DECRYPTION_FAILED, GNUTLS_RECORD_OVERFLOW,  GNUTLS_DECOMPRESSION_FAILURE=30,
			GNUTLS_HANDSHAKE_FAILURE=40, GNUTLS_NETSCAPE_NO_CLIENT_CERTIFICATE=41,
			GNUTLS_BAD_CERTIFICATE=42, GNUTLS_UNSUPPORTED_CERTIFICATE,
			GNUTLS_CERTIFICATE_REVOKED, GNUTLS_CERTIFICATE_EXPIRED, GNUTLS_CERTIFICATE_UNKNOWN,
			GNUTLS_ILLEGAL_PARAMETER, GNUTLS_UNKNOWN_CA, GNUTLS_ACCESS_DENIED, GNUTLS_DECODE_ERROR=50,
			GNUTLS_DECRYPT_ERROR, GNUTLS_EXPORT_RESTRICTION=60, GNUTLS_PROTOCOL_VERSION=70,
			GNUTLS_INSUFFICIENT_SECURITY, GNUTLS_INTERNAL_ERROR=80, GNUTLS_USER_CANCELED=90,
			GNUTLS_NO_RENEGOTIATION=100
			} AlertDescription;


typedef enum CertificateStatus { GNUTLS_CERT_TRUSTED=1, GNUTLS_CERT_NOT_TRUSTED, GNUTLS_CERT_EXPIRED, GNUTLS_CERT_INVALID } CertificateStatus;
typedef enum CertificateRequest { GNUTLS_CERT_REQUEST=1, GNUTLS_CERT_REQUIRE } CertificateRequest;
typedef enum CloseRequest { GNUTLS_SHUT_RDWR=0, GNUTLS_SHUT_WR=1 } CloseRequest;

typedef enum GNUTLS_Version { GNUTLS_SSL3=1, GNUTLS_TLS1 } GNUTLS_Version;

#define SOCKET int
#define LIST ...

struct GNUTLS_STATE_INT;
typedef struct GNUTLS_STATE_INT* GNUTLS_STATE;

typedef struct {
	unsigned char * data;
	int size;
} gnutls_datum;

typedef enum PKAlgorithm { GNUTLS_PK_RSA = 1, GNUTLS_PK_DSA,	/* sign only */
	GNUTLS_PK_DH
} PKAlgorithm;

/* You cannot use these structures directly
 */
typedef struct gnutls_cert gnutls_cert;
typedef struct gnutls_private_key gnutls_private_key;


/* internal functions */

int gnutls_init(GNUTLS_STATE * state, ConnectionEnd con_end);
int gnutls_deinit(GNUTLS_STATE state);
int gnutls_bye(SOCKET cd, GNUTLS_STATE state, CloseRequest how);

int gnutls_handshake(SOCKET cd, GNUTLS_STATE state);
int gnutls_check_pending(GNUTLS_STATE state);
int gnutls_rehandshake(SOCKET cd, GNUTLS_STATE state);

AlertDescription gnutls_get_last_alert( GNUTLS_STATE state);
int gnutls_send_alert(SOCKET, GNUTLS_STATE, AlertLevel, AlertDescription);

/* get information on the current state */
BulkCipherAlgorithm gnutls_get_current_cipher( GNUTLS_STATE state);
KXAlgorithm gnutls_get_current_kx( GNUTLS_STATE state);
MACAlgorithm gnutls_get_current_mac_algorithm( GNUTLS_STATE state);
CompressionMethod gnutls_get_current_compression_method( GNUTLS_STATE state);

/* the name of the specified algorithms */
const char *gnutls_cipher_get_name( BulkCipherAlgorithm);
const char *gnutls_mac_get_name( MACAlgorithm);
const char *gnutls_compression_get_name( CompressionMethod);
const char *gnutls_kx_get_name( KXAlgorithm algorithm);


/* error functions */
int gnutls_is_fatal_error( int error);
void gnutls_perror( int error);
const char* gnutls_strerror( int error);

ssize_t gnutls_send(SOCKET cd, GNUTLS_STATE state, void *data, size_t sizeofdata, int flags);
ssize_t gnutls_recv(SOCKET cd, GNUTLS_STATE state, void *data, size_t sizeofdata, int flags);
ssize_t gnutls_write(SOCKET cd, GNUTLS_STATE state, void *data, size_t sizeofdata);
ssize_t gnutls_read(SOCKET cd, GNUTLS_STATE state, void *data, size_t sizeofdata);

/* functions to set priority of cipher suites */
int gnutls_set_cipher_priority( GNUTLS_STATE state, LIST);
int gnutls_set_mac_priority( GNUTLS_STATE state, LIST);
int gnutls_set_compression_priority( GNUTLS_STATE state, LIST);
int gnutls_set_kx_priority( GNUTLS_STATE state, LIST);
int gnutls_set_protocol_priority( GNUTLS_STATE state, LIST);

/* set our version - 0 for TLS 1.0 and 1 for SSL3 */
GNUTLS_Version gnutls_get_current_version(GNUTLS_STATE state);
const char *gnutls_version_get_name(GNUTLS_Version version);


/* get/set session */
int gnutls_set_current_session( GNUTLS_STATE state, void* session, int session_size);
int gnutls_get_current_session( GNUTLS_STATE state, void* session, int *session_size);
/* returns the session ID */
int gnutls_get_current_session_id( GNUTLS_STATE state, void* session, int *session_size);

int gnutls_set_lowat( GNUTLS_STATE state, int num);
int gnutls_set_cache_expiration( GNUTLS_STATE state, int seconds);
int gnutls_set_db_name( GNUTLS_STATE state, char* filename);	
int gnutls_clean_db( GNUTLS_STATE state);

/* returns libgnutls version */
const char* gnutls_check_version();

/* Functions for setting/clearing credentials */
int gnutls_clear_creds( GNUTLS_STATE state);
/* cred is a structure defined by the kx algorithm */
int gnutls_set_cred( GNUTLS_STATE, CredType type, void* cred);

CredType gnutls_get_auth_info_type( GNUTLS_STATE);
void* gnutls_get_auth_info( GNUTLS_STATE);

/* A null terminated string containing the dnsname.
 * This will only exist if the client supports the dnsname
 * TLS extension. (draft-ietf-tls-extensions)
 */
const char* gnutls_ext_get_dnsname( GNUTLS_STATE);
int gnutls_ext_set_dnsname( GNUTLS_STATE, const char* dnsname);

/* This will set the Common Name field in case of X509PKI
 * authentication. This will be used while verifying the
 * certificate
 */

/* Credential structures for SRP - used in gnutls_set_cred(); */

struct DSTRUCT;
typedef struct DSTRUCT* X509PKI_CREDENTIALS;
typedef X509PKI_CREDENTIALS X509PKI_CLIENT_CREDENTIALS;
typedef X509PKI_CREDENTIALS X509PKI_SERVER_CREDENTIALS;

typedef struct DSTRUCT* SRP_SERVER_CREDENTIALS;
typedef struct DSTRUCT* SRP_CLIENT_CREDENTIALS;

typedef struct DSTRUCT* ANON_SERVER_CREDENTIALS;
typedef struct DSTRUCT* ANON_CLIENT_CREDENTIALS;


void gnutls_free_srp_client_sc( SRP_CLIENT_CREDENTIALS sc);
int gnutls_allocate_srp_client_sc( SRP_CLIENT_CREDENTIALS *sc);
int gnutls_set_srp_client_cred( SRP_CLIENT_CREDENTIALS res, char *username, char* password);

void gnutls_free_srp_server_sc( SRP_SERVER_CREDENTIALS sc);
int gnutls_allocate_srp_server_sc( SRP_SERVER_CREDENTIALS *sc);
int gnutls_set_srp_server_cred( SRP_SERVER_CREDENTIALS res, char *password_file, char* password_conf_file);

void gnutls_free_anon_server_sc( ANON_SERVER_CREDENTIALS sc);
int gnutls_allocate_anon_server_sc( ANON_SERVER_CREDENTIALS *sc);
int gnutls_set_anon_server_cred( ANON_SERVER_CREDENTIALS res, int dh_bits);


/* CERTFILE is an x509 certificate in PEM form.
 * KEYFILE is a pkcs-1 private key in PEM form (for RSA keys).
 */
void gnutls_free_x509_sc( X509PKI_CREDENTIALS sc);
int gnutls_allocate_x509_sc( X509PKI_CREDENTIALS *sc, int ncerts);
int gnutls_set_x509_key( X509PKI_CREDENTIALS res, char *CERTFILE, char* KEYFILE);
int gnutls_set_x509_trust( X509PKI_CREDENTIALS res, char* CAFILE, char* CRLFILE);

#define gnutls_free_x509_server_sc gnutls_free_x509_sc
#define gnutls_allocate_x509_server_sc gnutls_allocate_x509_sc
#define gnutls_set_x509_server_key gnutls_set_x509_key
#define gnutls_set_x509_server_trust gnutls_set_x509_trust

#define gnutls_free_x509_client_sc gnutls_free_x509_sc
#define gnutls_allocate_x509_client_sc gnutls_allocate_x509_sc
#define gnutls_set_x509_client_key gnutls_set_x509_key
#define gnutls_set_x509_client_trust gnutls_set_x509_trust


/* global state functions 
 */
/* In this version global_init accepts two files (pkix.asn, pkcs1.asn).
 * This will not be the case in the final version. These files 
 * are located in the src/ directory of gnutls distribution.
 */
int gnutls_global_init();
void gnutls_global_deinit();

typedef ssize_t (*RECV_FUNC)(SOCKET, void*, size_t,int);
typedef ssize_t (*SEND_FUNC)(SOCKET, const void*, size_t,int);
typedef void (*LOG_FUNC)( const char*);

void gnutls_global_set_send_func( SEND_FUNC send_func);
void gnutls_global_set_recv_func( RECV_FUNC recv_func);

/* Auth_Info structures */

typedef struct X509PKI_CLIENT_AUTH_INFO_INT *X509PKI_CLIENT_AUTH_INFO;
typedef X509PKI_CLIENT_AUTH_INFO X509PKI_SERVER_AUTH_INFO;

typedef struct SRP_CLIENT_AUTH_INFO_INT {} *SRP_CLIENT_AUTH_INFO;
typedef struct SRP_SERVER_AUTH_INFO_INT {} *SRP_SERVER_AUTH_INFO;
typedef struct ANON_CLIENT_AUTH_INFO_INT {} *ANON_CLIENT_AUTH_INFO;
typedef struct ANON_SERVER_AUTH_INFO_INT {} *ANON_SERVER_AUTH_INFO;