1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
|
/*
* Copyright (C) 2000,2001 Nikos Mavroyanopoulos
*
* This file is part of GNUTLS.
*
* GNUTLS is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* GNUTLS is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
*/
#define LIBGNUTLS_VERSION "@VERSION@"
#define GNUTLS_AES GNUTLS_RIJNDAEL
typedef enum BulkCipherAlgorithm { GNUTLS_NULL_CIPHER=1, GNUTLS_ARCFOUR, GNUTLS_3DES_CBC, GNUTLS_RIJNDAEL_CBC, GNUTLS_TWOFISH_CBC, GNUTLS_RIJNDAEL256_CBC } BulkCipherAlgorithm;
typedef enum KXAlgorithm { GNUTLS_KX_RSA=1, GNUTLS_KX_DHE_DSS, GNUTLS_KX_DHE_RSA, GNUTLS_KX_DH_DSS, GNUTLS_KX_DH_RSA, GNUTLS_KX_DH_ANON, GNUTLS_KX_SRP } KXAlgorithm;
typedef enum CredType { GNUTLS_X509PKI=1, GNUTLS_ANON, GNUTLS_SRP } CredType;
typedef enum MACAlgorithm { GNUTLS_NULL_MAC=1, GNUTLS_MAC_MD5, GNUTLS_MAC_SHA } MACAlgorithm;
typedef enum CompressionMethod { GNUTLS_NULL_COMPRESSION=1, GNUTLS_ZLIB } CompressionMethod;
typedef enum ConnectionEnd { GNUTLS_SERVER=1, GNUTLS_CLIENT } ConnectionEnd;
typedef enum AlertLevel { GNUTLS_WARNING=1, GNUTLS_FATAL } AlertLevel;
typedef enum AlertDescription { GNUTLS_CLOSE_NOTIFY, GNUTLS_UNEXPECTED_MESSAGE=10, GNUTLS_BAD_RECORD_MAC=20,
GNUTLS_DECRYPTION_FAILED, GNUTLS_RECORD_OVERFLOW, GNUTLS_DECOMPRESSION_FAILURE=30,
GNUTLS_HANDSHAKE_FAILURE=40, GNUTLS_NETSCAPE_NO_CLIENT_CERTIFICATE=41,
GNUTLS_BAD_CERTIFICATE=42, GNUTLS_UNSUPPORTED_CERTIFICATE,
GNUTLS_CERTIFICATE_REVOKED, GNUTLS_CERTIFICATE_EXPIRED, GNUTLS_CERTIFICATE_UNKNOWN,
GNUTLS_ILLEGAL_PARAMETER, GNUTLS_UNKNOWN_CA, GNUTLS_ACCESS_DENIED, GNUTLS_DECODE_ERROR=50,
GNUTLS_DECRYPT_ERROR, GNUTLS_EXPORT_RESTRICTION=60, GNUTLS_PROTOCOL_VERSION=70,
GNUTLS_INSUFFICIENT_SECURITY, GNUTLS_INTERNAL_ERROR=80, GNUTLS_USER_CANCELED=90,
GNUTLS_NO_RENEGOTIATION=100
} AlertDescription;
typedef enum CertificateStatus { GNUTLS_CERT_TRUSTED=1, GNUTLS_CERT_NOT_TRUSTED, GNUTLS_CERT_EXPIRED, GNUTLS_CERT_INVALID } CertificateStatus;
typedef enum CertificateRequest { GNUTLS_CERT_REQUEST=1, GNUTLS_CERT_REQUIRE } CertificateRequest;
typedef enum CloseRequest { GNUTLS_BYE_RW=0, GNUTLS_BYE_W=1, GNUTLS_BYE_R=2 } CloseRequest;
typedef enum GNUTLS_Version { GNUTLS_SSL3=1, GNUTLS_TLS1 } GNUTLS_Version;
#define SOCKET int
#define LIST ...
struct GNUTLS_STATE_INT;
typedef struct GNUTLS_STATE_INT* GNUTLS_STATE;
typedef struct {
unsigned char * data;
int size;
} gnutls_datum;
typedef enum PKAlgorithm { GNUTLS_PK_RSA = 1, GNUTLS_PK_DSA, /* sign only */
GNUTLS_PK_DH
} PKAlgorithm;
/* You cannot use these structures directly
*/
typedef struct gnutls_cert gnutls_cert;
typedef struct gnutls_private_key gnutls_private_key;
/* internal functions */
int gnutls_init(GNUTLS_STATE * state, ConnectionEnd con_end);
int gnutls_deinit(GNUTLS_STATE state);
int gnutls_bye(SOCKET cd, GNUTLS_STATE state, CloseRequest how);
int gnutls_handshake(SOCKET cd, GNUTLS_STATE state);
int gnutls_check_pending(GNUTLS_STATE state);
int gnutls_rehandshake(SOCKET cd, GNUTLS_STATE state);
AlertDescription gnutls_get_last_alert( GNUTLS_STATE state);
int gnutls_send_alert(SOCKET, GNUTLS_STATE, AlertLevel, AlertDescription);
/* get information on the current state */
BulkCipherAlgorithm gnutls_get_current_cipher( GNUTLS_STATE state);
KXAlgorithm gnutls_get_current_kx( GNUTLS_STATE state);
MACAlgorithm gnutls_get_current_mac_algorithm( GNUTLS_STATE state);
CompressionMethod gnutls_get_current_compression_method( GNUTLS_STATE state);
/* the name of the specified algorithms */
const char *gnutls_cipher_get_name( BulkCipherAlgorithm);
const char *gnutls_mac_get_name( MACAlgorithm);
const char *gnutls_compression_get_name( CompressionMethod);
const char *gnutls_kx_get_name( KXAlgorithm algorithm);
/* error functions */
int gnutls_is_fatal_error( int error);
void gnutls_perror( int error);
const char* gnutls_strerror( int error);
ssize_t gnutls_send(SOCKET cd, GNUTLS_STATE state, void *data, size_t sizeofdata, int flags);
ssize_t gnutls_recv(SOCKET cd, GNUTLS_STATE state, void *data, size_t sizeofdata, int flags);
ssize_t gnutls_write(SOCKET cd, GNUTLS_STATE state, void *data, size_t sizeofdata);
ssize_t gnutls_read(SOCKET cd, GNUTLS_STATE state, void *data, size_t sizeofdata);
/* functions to set priority of cipher suites */
int gnutls_set_cipher_priority( GNUTLS_STATE state, LIST);
int gnutls_set_mac_priority( GNUTLS_STATE state, LIST);
int gnutls_set_compression_priority( GNUTLS_STATE state, LIST);
int gnutls_set_kx_priority( GNUTLS_STATE state, LIST);
int gnutls_set_protocol_priority( GNUTLS_STATE state, LIST);
int gnutls_set_certificate_request( GNUTLS_STATE, CertificateRequest);
/* set our version - 0 for TLS 1.0 and 1 for SSL3 */
GNUTLS_Version gnutls_get_current_version(GNUTLS_STATE state);
const char *gnutls_version_get_name(GNUTLS_Version version);
/* get/set session */
int gnutls_set_current_session( GNUTLS_STATE state, void* session, int session_size);
int gnutls_get_current_session( GNUTLS_STATE state, void* session, int *session_size);
/* returns the session ID */
int gnutls_get_current_session_id( GNUTLS_STATE state, void* session, int *session_size);
int gnutls_set_lowat( GNUTLS_STATE state, int num);
int gnutls_set_cache_expiration( GNUTLS_STATE state, int seconds);
int gnutls_set_db_name( GNUTLS_STATE state, char* filename);
int gnutls_clean_db( GNUTLS_STATE state);
/* returns libgnutls version */
const char* gnutls_check_version();
/* Functions for setting/clearing credentials */
int gnutls_clear_creds( GNUTLS_STATE state);
/* cred is a structure defined by the kx algorithm */
int gnutls_set_cred( GNUTLS_STATE, CredType type, void* cred);
CredType gnutls_get_auth_info_type( GNUTLS_STATE);
void* gnutls_get_auth_info( GNUTLS_STATE);
/* A null terminated string containing the dnsname.
* This will only exist if the client supports the dnsname
* TLS extension. (draft-ietf-tls-extensions)
*/
const char* gnutls_ext_get_dnsname( GNUTLS_STATE);
int gnutls_ext_set_dnsname( GNUTLS_STATE, const char* dnsname);
/* This will set the Common Name field in case of X509PKI
* authentication. This will be used while verifying the
* certificate
*/
/* Credential structures for SRP - used in gnutls_set_cred(); */
struct DSTRUCT;
typedef struct DSTRUCT* X509PKI_CREDENTIALS;
typedef X509PKI_CREDENTIALS X509PKI_CLIENT_CREDENTIALS;
typedef X509PKI_CREDENTIALS X509PKI_SERVER_CREDENTIALS;
typedef struct DSTRUCT* SRP_SERVER_CREDENTIALS;
typedef struct DSTRUCT* SRP_CLIENT_CREDENTIALS;
typedef struct DSTRUCT* ANON_SERVER_CREDENTIALS;
typedef struct DSTRUCT* ANON_CLIENT_CREDENTIALS;
void gnutls_free_srp_client_sc( SRP_CLIENT_CREDENTIALS sc);
int gnutls_allocate_srp_client_sc( SRP_CLIENT_CREDENTIALS *sc);
int gnutls_set_srp_client_cred( SRP_CLIENT_CREDENTIALS res, char *username, char* password);
void gnutls_free_srp_server_sc( SRP_SERVER_CREDENTIALS sc);
int gnutls_allocate_srp_server_sc( SRP_SERVER_CREDENTIALS *sc);
int gnutls_set_srp_server_cred( SRP_SERVER_CREDENTIALS res, char *password_file, char* password_conf_file);
void gnutls_free_anon_server_sc( ANON_SERVER_CREDENTIALS sc);
int gnutls_allocate_anon_server_sc( ANON_SERVER_CREDENTIALS *sc);
int gnutls_set_anon_server_cred( ANON_SERVER_CREDENTIALS res, int dh_bits);
/* CERTFILE is an x509 certificate in PEM form.
* KEYFILE is a pkcs-1 private key in PEM form (for RSA keys).
*/
void gnutls_free_x509_sc( X509PKI_CREDENTIALS sc);
int gnutls_allocate_x509_sc( X509PKI_CREDENTIALS *sc, int ncerts);
int gnutls_set_x509_key( X509PKI_CREDENTIALS res, char *CERTFILE, char* KEYFILE);
int gnutls_set_x509_trust( X509PKI_CREDENTIALS res, char* CAFILE, char* CRLFILE);
#define gnutls_free_x509_server_sc gnutls_free_x509_sc
#define gnutls_allocate_x509_server_sc gnutls_allocate_x509_sc
#define gnutls_set_x509_server_key gnutls_set_x509_key
#define gnutls_set_x509_server_trust gnutls_set_x509_trust
#define gnutls_free_x509_client_sc gnutls_free_x509_sc
#define gnutls_allocate_x509_client_sc gnutls_allocate_x509_sc
#define gnutls_set_x509_client_key gnutls_set_x509_key
#define gnutls_set_x509_client_trust gnutls_set_x509_trust
/* global state functions
*/
/* In this version global_init accepts two files (pkix.asn, pkcs1.asn).
* This will not be the case in the final version. These files
* are located in the src/ directory of gnutls distribution.
*/
int gnutls_global_init();
void gnutls_global_deinit();
typedef ssize_t (*RECV_FUNC)(SOCKET, void*, size_t,int);
typedef ssize_t (*SEND_FUNC)(SOCKET, const void*, size_t,int);
typedef void (*LOG_FUNC)( const char*);
void gnutls_global_set_send_func( SEND_FUNC send_func);
void gnutls_global_set_recv_func( RECV_FUNC recv_func);
/* Auth_Info structures */
typedef struct X509PKI_CLIENT_AUTH_INFO_INT *X509PKI_CLIENT_AUTH_INFO;
typedef X509PKI_CLIENT_AUTH_INFO X509PKI_SERVER_AUTH_INFO;
typedef struct SRP_CLIENT_AUTH_INFO_INT *SRP_CLIENT_AUTH_INFO;
typedef struct SRP_SERVER_AUTH_INFO_INT *SRP_SERVER_AUTH_INFO;
typedef struct ANON_CLIENT_AUTH_INFO_INT *ANON_CLIENT_AUTH_INFO;
typedef struct ANON_SERVER_AUTH_INFO_INT *ANON_SERVER_AUTH_INFO;
|