summaryrefslogtreecommitdiff
path: root/lib/gnutls.h.in
blob: 87b6cf684be904288fe674c73958aac1ee2d7557 (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245

/*
 *      Copyright (C) 2000,2001 Nikos Mavroyanopoulos
 *
 * This file is part of GNUTLS.
 *
 * GNUTLS is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation; either version 2 of the License, or
 * (at your option) any later version.
 *
 * GNUTLS is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with this program; if not, write to the Free Software
 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
 */

#ifndef GNUTLS_H
# define GNUTLS_H

#ifdef __cplusplus
extern "C" {
#endif

#define LIBGNUTLS_VERSION "@VERSION@"

#include <sys/types.h>

#define GNUTLS_AES GNUTLS_RIJNDAEL

typedef enum BulkCipherAlgorithm { GNUTLS_NULL_CIPHER=1, GNUTLS_ARCFOUR, GNUTLS_3DES_CBC, GNUTLS_RIJNDAEL_CBC, GNUTLS_TWOFISH_CBC, GNUTLS_RIJNDAEL256_CBC } BulkCipherAlgorithm;
typedef enum KXAlgorithm { GNUTLS_KX_RSA=1, GNUTLS_KX_DHE_DSS, GNUTLS_KX_DHE_RSA, GNUTLS_KX_DH_DSS, GNUTLS_KX_DH_RSA, GNUTLS_KX_DH_ANON, GNUTLS_KX_SRP } KXAlgorithm;
typedef enum CredType { GNUTLS_X509PKI=1, GNUTLS_ANON, GNUTLS_SRP } CredType;
typedef enum MACAlgorithm { GNUTLS_NULL_MAC=1, GNUTLS_MAC_MD5, GNUTLS_MAC_SHA } MACAlgorithm;
typedef enum CompressionMethod { GNUTLS_NULL_COMPRESSION=1, GNUTLS_ZLIB } CompressionMethod;
typedef enum ConnectionEnd { GNUTLS_SERVER=1, GNUTLS_CLIENT } ConnectionEnd;
typedef enum AlertLevel { GNUTLS_WARNING=1, GNUTLS_FATAL } AlertLevel;
typedef enum AlertDescription { GNUTLS_CLOSE_NOTIFY, GNUTLS_UNEXPECTED_MESSAGE=10, GNUTLS_BAD_RECORD_MAC=20,
			GNUTLS_DECRYPTION_FAILED, GNUTLS_RECORD_OVERFLOW,  GNUTLS_DECOMPRESSION_FAILURE=30,
			GNUTLS_HANDSHAKE_FAILURE=40, GNUTLS_NETSCAPE_NO_CLIENT_CERTIFICATE=41,
			GNUTLS_BAD_CERTIFICATE=42, GNUTLS_UNSUPPORTED_CERTIFICATE,
			GNUTLS_CERTIFICATE_REVOKED, GNUTLS_CERTIFICATE_EXPIRED, GNUTLS_CERTIFICATE_UNKNOWN,
			GNUTLS_ILLEGAL_PARAMETER, GNUTLS_UNKNOWN_CA, GNUTLS_ACCESS_DENIED, GNUTLS_DECODE_ERROR=50,
			GNUTLS_DECRYPT_ERROR, GNUTLS_EXPORT_RESTRICTION=60, GNUTLS_PROTOCOL_VERSION=70,
			GNUTLS_INSUFFICIENT_SECURITY, GNUTLS_INTERNAL_ERROR=80, GNUTLS_USER_CANCELED=90,
			GNUTLS_NO_RENEGOTIATION=100
			} AlertDescription;

typedef enum GNUTLS_NAME_IND { GNUTLS_DNSNAME=1 } GNUTLS_NAME_IND; 
typedef enum CertificateStatus { GNUTLS_CERT_TRUSTED=1, GNUTLS_CERT_NOT_TRUSTED, GNUTLS_CERT_EXPIRED, GNUTLS_CERT_INVALID, GNUTLS_CERT_NONE } CertificateStatus;
typedef enum CertificateRequest { GNUTLS_CERT_REQUEST=1, GNUTLS_CERT_REQUIRE } CertificateRequest;
typedef enum CloseRequest { GNUTLS_SHUT_RDWR=0, GNUTLS_SHUT_WR=1 } CloseRequest;

typedef enum GNUTLS_Version { GNUTLS_SSL3=1, GNUTLS_TLS1 } GNUTLS_Version;

/* If you want to change this, then also change the 
 * define in gnutls_int.h, and recompile.
 */
#define SOCKET int

#define GNUTLS_LIST ...

struct GNUTLS_STATE_INT;
typedef struct GNUTLS_STATE_INT* GNUTLS_STATE;

typedef struct {
	unsigned char * data;
	int size;
} gnutls_datum;

typedef enum PKAlgorithm { GNUTLS_PK_RSA = 1, GNUTLS_PK_DSA,	/* sign only */
	GNUTLS_PK_DH
} PKAlgorithm;

/* You cannot use these structures directly
 */
typedef struct gnutls_cert gnutls_cert;
typedef struct gnutls_private_key gnutls_private_key;


/* internal functions */

int gnutls_init(GNUTLS_STATE * state, ConnectionEnd con_end);
int gnutls_deinit(GNUTLS_STATE state);
int gnutls_bye(SOCKET cd, GNUTLS_STATE state, CloseRequest how);

int gnutls_handshake(SOCKET cd, GNUTLS_STATE state);
int gnutls_check_pending(GNUTLS_STATE state);
int gnutls_rehandshake(SOCKET cd, GNUTLS_STATE state);


AlertDescription gnutls_get_last_alert( GNUTLS_STATE state);
int gnutls_send_alert(SOCKET, GNUTLS_STATE, AlertLevel, AlertDescription);
int gnutls_send_appropriate_alert( SOCKET cd, GNUTLS_STATE state, int err);

/* get information on the current state */
BulkCipherAlgorithm gnutls_get_current_cipher( GNUTLS_STATE state);
KXAlgorithm gnutls_get_current_kx( GNUTLS_STATE state);
MACAlgorithm gnutls_get_current_mac_algorithm( GNUTLS_STATE state);
CompressionMethod gnutls_get_current_compression_method( GNUTLS_STATE state);

/* the name of the specified algorithms */
const char *gnutls_cipher_get_name( BulkCipherAlgorithm);
const char *gnutls_mac_get_name( MACAlgorithm);
const char *gnutls_compression_get_name( CompressionMethod);
const char *gnutls_kx_get_name( KXAlgorithm algorithm);


/* error functions */
int gnutls_is_fatal_error( int error);
void gnutls_perror( int error);
const char* gnutls_strerror( int error);

#define gnutls_send(a,b,c,d,e,f) gnutls_write(a,b,c,d,e)
#define gnutls_recv(a,b,c,d,e,f) gnutls_read(a,b,c,d,e)
ssize_t gnutls_write(SOCKET cd, GNUTLS_STATE state, void *data, size_t sizeofdata);
ssize_t gnutls_read(SOCKET cd, GNUTLS_STATE state, void *data, size_t sizeofdata);

/* functions to set priority of cipher suites */
int gnutls_set_cipher_priority( GNUTLS_STATE state, GNUTLS_LIST);
int gnutls_set_mac_priority( GNUTLS_STATE state, GNUTLS_LIST);
int gnutls_set_compression_priority( GNUTLS_STATE state, GNUTLS_LIST);
int gnutls_set_kx_priority( GNUTLS_STATE state, GNUTLS_LIST);
int gnutls_set_protocol_priority( GNUTLS_STATE state, GNUTLS_LIST);

/* set our version - 0 for TLS 1.0 and 1 for SSL3 */
GNUTLS_Version gnutls_get_current_version(GNUTLS_STATE state);
const char *gnutls_version_get_name(GNUTLS_Version version);


/* get/set session */
int gnutls_set_current_session( GNUTLS_STATE state, void* session, int session_size);
int gnutls_get_current_session( GNUTLS_STATE state, void* session, int *session_size);
/* returns the session ID */
int gnutls_get_current_session_id( GNUTLS_STATE state, void* session, int *session_size);

typedef int (*DB_STORE_FUNC)(void*, gnutls_datum key, gnutls_datum data);
typedef int (*DB_REMOVE_FUNC)(void*, gnutls_datum key);
typedef gnutls_datum (*DB_RETR_FUNC)(void*, gnutls_datum key);

int gnutls_set_lowat( GNUTLS_STATE state, int num);
int gnutls_set_cache_expiration( GNUTLS_STATE state, int seconds);
int gnutls_set_db_name( GNUTLS_STATE state, char* filename);	
int gnutls_clean_db( GNUTLS_STATE state);
void gnutls_set_db_retrieve_func( GNUTLS_STATE, DB_RETR_FUNC);
void gnutls_set_db_remove_func( GNUTLS_STATE, DB_REMOVE_FUNC);
void gnutls_set_db_store_func( GNUTLS_STATE, DB_STORE_FUNC);
void gnutls_set_db_ptr( GNUTLS_STATE, void* db_ptr);
int gnutls_check_db_entry( GNUTLS_STATE state, gnutls_datum session_entry);

void gnutls_set_max_handshake_data_buffer_size( GNUTLS_STATE state, int max);

/* returns libgnutls version */
const char* gnutls_check_version();

/* Functions for setting/clearing credentials */
int gnutls_clear_creds( GNUTLS_STATE state);
/* cred is a structure defined by the kx algorithm */
int gnutls_set_cred( GNUTLS_STATE, CredType type, void* cred);

/* A null terminated string containing the dnsname.
 * This will only exist if the client supports the dnsname
 * TLS extension. (draft-ietf-tls-extensions)
 */
const void* gnutls_ext_get_name_ind( GNUTLS_STATE state, GNUTLS_NAME_IND ind);
int gnutls_ext_set_name_ind( GNUTLS_STATE state, GNUTLS_NAME_IND ind, const void* name);

/* This will set the Common Name field in case of X509PKI
 * authentication. This will be used while verifying the
 * certificate
 */

/* Credential structures for SRP - used in gnutls_set_cred(); */

struct DSTRUCT;
typedef struct DSTRUCT* X509PKI_CREDENTIALS;
typedef X509PKI_CREDENTIALS X509PKI_CLIENT_CREDENTIALS;
typedef X509PKI_CREDENTIALS X509PKI_SERVER_CREDENTIALS;

typedef struct DSTRUCT* SRP_SERVER_CREDENTIALS;
typedef struct DSTRUCT* SRP_CLIENT_CREDENTIALS;

typedef struct DSTRUCT* ANON_SERVER_CREDENTIALS;
typedef struct DSTRUCT* ANON_CLIENT_CREDENTIALS;

void gnutls_free_srp_client_sc( SRP_CLIENT_CREDENTIALS sc);
int gnutls_allocate_srp_client_sc( SRP_CLIENT_CREDENTIALS *sc);
int gnutls_set_srp_client_cred( SRP_CLIENT_CREDENTIALS res, char *username, char* password);

void gnutls_free_srp_server_sc( SRP_SERVER_CREDENTIALS sc);
int gnutls_allocate_srp_server_sc( SRP_SERVER_CREDENTIALS *sc);
int gnutls_set_srp_server_cred( SRP_SERVER_CREDENTIALS res, char *password_file, char* password_conf_file);

void gnutls_free_anon_server_sc( ANON_SERVER_CREDENTIALS sc);
int gnutls_allocate_anon_server_sc( ANON_SERVER_CREDENTIALS *sc);
int gnutls_set_anon_server_cred( ANON_SERVER_CREDENTIALS res, int dh_bits);


/* CERTFILE is an x509 certificate in PEM form.
 * KEYFILE is a pkcs-1 private key in PEM form (for RSA keys).
 */
void gnutls_free_x509_sc( X509PKI_CREDENTIALS sc);
int gnutls_allocate_x509_sc( X509PKI_CREDENTIALS *sc, int ncerts);
int gnutls_set_x509_key( X509PKI_CREDENTIALS res, char *CERTFILE, char* KEYFILE);
int gnutls_set_x509_trust( X509PKI_CREDENTIALS res, char* CAFILE, char* CRLFILE);

#define gnutls_free_x509_server_sc gnutls_free_x509_sc
#define gnutls_allocate_x509_server_sc gnutls_allocate_x509_sc
#define gnutls_set_x509_server_key gnutls_set_x509_key
#define gnutls_set_x509_server_trust gnutls_set_x509_trust

#define gnutls_free_x509_client_sc gnutls_free_x509_sc
#define gnutls_allocate_x509_client_sc gnutls_allocate_x509_sc
#define gnutls_set_x509_client_key gnutls_set_x509_key
#define gnutls_set_x509_client_trust gnutls_set_x509_trust


/* global state functions 
 */
/* In this version global_init accepts two files (pkix.asn, pkcs1.asn).
 * This will not be the case in the final version. These files 
 * are located in the src/ directory of gnutls distribution.
 */
int gnutls_global_init();
void gnutls_global_deinit();

int gnutls_dh_replace_params( gnutls_datum prime, gnutls_datum generator, int bits);
int gnutls_dh_generate_params( gnutls_datum* prime, gnutls_datum* generator, int bits);

typedef ssize_t (*PULL_FUNC)(SOCKET, void*, size_t);
typedef ssize_t (*PUSH_FUNC)(SOCKET, const void*, size_t);

typedef void (*LOG_FUNC)( const char*);

void gnutls_set_push_function( GNUTLS_STATE, PUSH_FUNC push_func);
void gnutls_set_pull_function( GNUTLS_STATE, PULL_FUNC pull_func);
#define gnutls_set_push_func gnutls_set_push_function
#define gnutls_set_pull_func gnutls_set_pull_function

size_t gnutls_get_max_record_size( GNUTLS_STATE state);
size_t gnutls_set_max_record_size( GNUTLS_STATE state, size_t size);
View Lorry Controller Status