1 /* 2 * Copyright (C) 2010-2012 Free Software Foundation, Inc. 3 * Copyright (C) 2015-2017 Red Hat, Inc. 4 * 5 * Author: Nikos Mavrogiannopoulos 6 * 7 * This file is part of GnuTLS. 8 * 9 * The GnuTLS is free software; you can redistribute it and/or 10 * modify it under the terms of the GNU Lesser General Public License 11 * as published by the Free Software Foundation; either version 2.1 of 12 * the License, or (at your option) any later version. 13 * 14 * This library is distributed in the hope that it will be useful, but 15 * WITHOUT ANY WARRANTY; without even the implied warranty of 16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 17 * Lesser General Public License for more details. 18 * 19 * You should have received a copy of the GNU Lesser General Public License 20 * along with this program. If not, see <https://www.gnu.org/licenses/> 21 * 22 */ 23 24 #ifndef __GNUTLS_ABSTRACT_H 25 #define __GNUTLS_ABSTRACT_H 26 27 #include <gnutls/gnutls.h> 28 #include <gnutls/x509.h> 29 #include <gnutls/pkcs11.h> 30 #include <gnutls/openpgp.h> 31 #include <gnutls/tpm.h> 32 33 /* *INDENT-OFF* */ 34 #ifdef __cplusplus 35 extern "C" { 36 #endif 37 /* *INDENT-ON* */ 38 39 /* Public key operations */ 40 41 #define GNUTLS_PUBKEY_VERIFY_FLAG_TLS_RSA GNUTLS_PUBKEY_VERIFY_FLAG_TLS1_RSA 42 /** 43 * gnutls_pubkey_flags: 44 * @GNUTLS_PUBKEY_DISABLE_CALLBACKS: The following flag disables call to PIN callbacks. Only 45 * relevant to TPM keys. 46 * @GNUTLS_PUBKEY_GET_OPENPGP_FINGERPRINT: request an OPENPGP fingerprint instead of the default. 47 * 48 * Enumeration of different certificate import flags. 49 */ 50 typedef enum gnutls_pubkey_flags { 51 GNUTLS_PUBKEY_DISABLE_CALLBACKS = 1 << 2, 52 GNUTLS_PUBKEY_GET_OPENPGP_FINGERPRINT = 1 << 3 53 } gnutls_pubkey_flags_t; 54 55 /** 56 * gnutls_abstract_export_flags: 57 * @GNUTLS_EXPORT_FLAG_NO_LZ: do not prepend a leading zero to exported values 58 * 59 * Enumeration of different certificate import flags. 60 */ 61 typedef enum gnutls_abstract_export_flags { 62 GNUTLS_EXPORT_FLAG_NO_LZ = 1 63 } gnutls_abstract_export_flags_t; 64 65 #define GNUTLS_PUBKEY_VERIFY_FLAG_TLS1_RSA GNUTLS_VERIFY_USE_TLS1_RSA 66 67 typedef int (*gnutls_privkey_sign_func) (gnutls_privkey_t key, 68 void *userdata, 69 const gnutls_datum_t *raw_data, 70 gnutls_datum_t * signature); 71 72 73 typedef int (*gnutls_privkey_decrypt_func) (gnutls_privkey_t key, 74 void *userdata, 75 const gnutls_datum_t *ciphertext, 76 gnutls_datum_t * plaintext); 77 78 typedef int (*gnutls_privkey_decrypt_func2) (gnutls_privkey_t key, 79 void *userdata, 80 const gnutls_datum_t *ciphertext, 81 unsigned char * plaintext, 82 size_t plaintext_size); 83 84 /* to be called to sign pre-hashed data. The input will be 85 * the output of the hash (such as SHA256) corresponding to 86 * the signature algorithm. The algorithm GNUTLS_SIGN_RSA_RAW 87 * will be provided when RSA PKCS#1 DigestInfo structure is provided 88 * as data (when this is called from a TLS 1.0 or 1.1 session). 89 */ 90 typedef int (*gnutls_privkey_sign_hash_func) (gnutls_privkey_t key, 91 gnutls_sign_algorithm_t algo, 92 void *userdata, 93 unsigned int flags, 94 const gnutls_datum_t *hash, 95 gnutls_datum_t * signature); 96 97 /* to be called to sign data. The input data will be 98 * the data to be signed (and hashed), with the provided 99 * signature algorithm. This function is used for algorithms 100 * like ed25519 which cannot take pre-hashed data as input. 101 */ 102 typedef int (*gnutls_privkey_sign_data_func) (gnutls_privkey_t key, 103 gnutls_sign_algorithm_t algo, 104 void *userdata, 105 unsigned int flags, 106 const gnutls_datum_t *data, 107 gnutls_datum_t * signature); 108 109 typedef void (*gnutls_privkey_deinit_func) (gnutls_privkey_t key, 110 void *userdata); 111 112 113 #define GNUTLS_SIGN_ALGO_TO_FLAGS(sig) (unsigned int)((sig)<<20) 114 #define GNUTLS_FLAGS_TO_SIGN_ALGO(flags) (unsigned int)((flags)>>20) 115 116 /* Should return the public key algorithm (gnutls_pk_algorithm_t) */ 117 #define GNUTLS_PRIVKEY_INFO_PK_ALGO 1 118 /* Should return the preferred signature algorithm (gnutls_sign_algorithm_t) or 0. */ 119 #define GNUTLS_PRIVKEY_INFO_SIGN_ALGO (1<<1) 120 /* Should return true (1) or false (0) if the provided sign algorithm 121 * (obtained with GNUTLS_FLAGS_TO_SIGN_ALGO) is supported. 122 */ 123 #define GNUTLS_PRIVKEY_INFO_HAVE_SIGN_ALGO (1<<2) 124 /* Should return the number of bits of the public key algorithm (required for RSA-PSS) 125 * It is the value that should be returned by gnutls_pubkey_get_pk_algorithm() */ 126 #define GNUTLS_PRIVKEY_INFO_PK_ALGO_BITS (1<<3) 127 128 /* returns information on the public key associated with userdata */ 129 typedef int (*gnutls_privkey_info_func) (gnutls_privkey_t key, unsigned int flags, void *userdata); 130 131 int gnutls_pubkey_init(gnutls_pubkey_t * key); 132 void gnutls_pubkey_deinit(gnutls_pubkey_t key); 133 134 int gnutls_pubkey_verify_params(gnutls_pubkey_t key); 135 136 void gnutls_pubkey_set_pin_function(gnutls_pubkey_t key, 137 gnutls_pin_callback_t fn, 138 void *userdata); 139 140 int gnutls_pubkey_get_pk_algorithm(gnutls_pubkey_t key, 141 unsigned int *bits); 142 143 int 144 gnutls_pubkey_set_spki(gnutls_pubkey_t key, 145 const gnutls_x509_spki_t spki, 146 unsigned int flags); 147 148 int 149 gnutls_pubkey_get_spki(gnutls_pubkey_t key, 150 const gnutls_x509_spki_t spki, 151 unsigned int flags); 152 153 int gnutls_pubkey_import_x509(gnutls_pubkey_t key, 154 gnutls_x509_crt_t crt, unsigned int flags); 155 int gnutls_pubkey_import_x509_crq(gnutls_pubkey_t key, 156 gnutls_x509_crq_t crq, 157 unsigned int flags); 158 int gnutls_pubkey_import_pkcs11(gnutls_pubkey_t key, 159 gnutls_pkcs11_obj_t obj, 160 unsigned int flags); 161 int gnutls_pubkey_import_openpgp(gnutls_pubkey_t key, 162 gnutls_openpgp_crt_t crt, 163 unsigned int flags); 164 165 int gnutls_pubkey_import_openpgp_raw(gnutls_pubkey_t pkey, 166 const gnutls_datum_t * data, 167 gnutls_openpgp_crt_fmt_t 168 format, 169 const gnutls_openpgp_keyid_t 170 keyid, unsigned int flags); 171 int gnutls_pubkey_import_x509_raw(gnutls_pubkey_t pkey, 172 const gnutls_datum_t * data, 173 gnutls_x509_crt_fmt_t format, 174 unsigned int flags); 175 176 int 177 gnutls_pubkey_import_privkey(gnutls_pubkey_t key, 178 gnutls_privkey_t pkey, 179 unsigned int usage, unsigned int flags); 180 181 int 182 gnutls_pubkey_import_tpm_url(gnutls_pubkey_t pkey, 183 const char *url, 184 const char *srk_password, unsigned int flags); 185 186 int 187 gnutls_pubkey_import_url(gnutls_pubkey_t key, const char *url, 188 unsigned int flags); 189 190 int 191 gnutls_pubkey_import_tpm_raw(gnutls_pubkey_t pkey, 192 const gnutls_datum_t * fdata, 193 gnutls_tpmkey_fmt_t format, 194 const char *srk_password, unsigned int flags); 195 196 int gnutls_pubkey_get_preferred_hash_algorithm(gnutls_pubkey_t key, 197 gnutls_digest_algorithm_t 198 * hash, unsigned int *mand); 199 200 #define gnutls_pubkey_get_pk_rsa_raw gnutls_pubkey_export_rsa_raw 201 int gnutls_pubkey_export_rsa_raw(gnutls_pubkey_t key, 202 gnutls_datum_t * m, gnutls_datum_t * e); 203 204 int gnutls_pubkey_export_rsa_raw2(gnutls_pubkey_t key, 205 gnutls_datum_t * m, gnutls_datum_t * e, 206 unsigned flags); 207 208 #define gnutls_pubkey_get_pk_dsa_raw gnutls_pubkey_export_dsa_raw 209 int gnutls_pubkey_export_dsa_raw(gnutls_pubkey_t key, 210 gnutls_datum_t * p, 211 gnutls_datum_t * q, 212 gnutls_datum_t * g, gnutls_datum_t * y); 213 214 int gnutls_pubkey_export_dsa_raw2(gnutls_pubkey_t key, 215 gnutls_datum_t * p, 216 gnutls_datum_t * q, 217 gnutls_datum_t * g, gnutls_datum_t * y, 218 unsigned flags); 219 220 int gnutls_pubkey_export_ecc_raw2(gnutls_pubkey_t key, 221 gnutls_ecc_curve_t * curve, 222 gnutls_datum_t * x, gnutls_datum_t * y, 223 unsigned flags); 224 225 int gnutls_pubkey_export_gost_raw2(gnutls_pubkey_t key, 226 gnutls_ecc_curve_t * curve, 227 gnutls_digest_algorithm_t * digest, 228 gnutls_gost_paramset_t * paramset, 229 gnutls_datum_t * x, gnutls_datum_t * y, 230 unsigned int flags); 231 232 #define gnutls_pubkey_get_pk_ecc_raw gnutls_pubkey_export_ecc_raw 233 int gnutls_pubkey_export_ecc_raw(gnutls_pubkey_t key, 234 gnutls_ecc_curve_t * curve, 235 gnutls_datum_t * x, gnutls_datum_t * y); 236 237 #define gnutls_pubkey_get_pk_ecc_x962 gnutls_pubkey_export_ecc_x962 238 int gnutls_pubkey_export_ecc_x962(gnutls_pubkey_t key, 239 gnutls_datum_t * parameters, 240 gnutls_datum_t * ecpoint); 241 242 int gnutls_pubkey_export(gnutls_pubkey_t key, 243 gnutls_x509_crt_fmt_t format, 244 void *output_data, size_t * output_data_size); 245 246 int gnutls_pubkey_export2(gnutls_pubkey_t key, 247 gnutls_x509_crt_fmt_t format, 248 gnutls_datum_t * out); 249 250 int gnutls_pubkey_get_key_id(gnutls_pubkey_t key, 251 unsigned int flags, 252 unsigned char *output_data, 253 size_t * output_data_size); 254 255 int 256 gnutls_pubkey_get_openpgp_key_id(gnutls_pubkey_t key, 257 unsigned int flags, 258 unsigned char *output_data, 259 size_t * output_data_size, 260 unsigned int *subkey); 261 262 int gnutls_pubkey_get_key_usage(gnutls_pubkey_t key, unsigned int *usage); 263 int gnutls_pubkey_set_key_usage(gnutls_pubkey_t key, unsigned int usage); 264 265 int gnutls_pubkey_import(gnutls_pubkey_t key, 266 const gnutls_datum_t * data, 267 gnutls_x509_crt_fmt_t format); 268 269 270 #define gnutls_pubkey_import_pkcs11_url(key, url, flags) gnutls_pubkey_import_url(key, url, flags) 271 272 int gnutls_pubkey_import_dsa_raw(gnutls_pubkey_t key, 273 const gnutls_datum_t * p, 274 const gnutls_datum_t * q, 275 const gnutls_datum_t * g, 276 const gnutls_datum_t * y); 277 int gnutls_pubkey_import_rsa_raw(gnutls_pubkey_t key, 278 const gnutls_datum_t * m, 279 const gnutls_datum_t * e); 280 281 int 282 gnutls_pubkey_import_ecc_x962(gnutls_pubkey_t key, 283 const gnutls_datum_t * parameters, 284 const gnutls_datum_t * ecpoint); 285 286 int 287 gnutls_pubkey_import_ecc_raw(gnutls_pubkey_t key, 288 gnutls_ecc_curve_t curve, 289 const gnutls_datum_t * x, 290 const gnutls_datum_t * y); 291 292 int 293 gnutls_pubkey_import_gost_raw(gnutls_pubkey_t key, 294 gnutls_ecc_curve_t curve, 295 gnutls_digest_algorithm_t digest, 296 gnutls_gost_paramset_t paramset, 297 const gnutls_datum_t * x, 298 const gnutls_datum_t * y); 299 300 int 301 gnutls_pubkey_encrypt_data(gnutls_pubkey_t key, 302 unsigned int flags, 303 const gnutls_datum_t * plaintext, 304 gnutls_datum_t * ciphertext); 305 306 int gnutls_x509_crt_set_pubkey(gnutls_x509_crt_t crt, gnutls_pubkey_t key); 307 308 int gnutls_x509_crq_set_pubkey(gnutls_x509_crq_t crq, gnutls_pubkey_t key); 309 310 int 311 gnutls_pubkey_verify_hash2(gnutls_pubkey_t key, 312 gnutls_sign_algorithm_t algo, 313 unsigned int flags, 314 const gnutls_datum_t * hash, 315 const gnutls_datum_t * signature); 316 317 int 318 gnutls_pubkey_verify_data2(gnutls_pubkey_t pubkey, 319 gnutls_sign_algorithm_t algo, 320 unsigned int flags, 321 const gnutls_datum_t * data, 322 const gnutls_datum_t * signature); 323 324 /* Private key operations */ 325 326 int gnutls_privkey_init(gnutls_privkey_t * key); 327 void gnutls_privkey_deinit(gnutls_privkey_t key); 328 329 /* macros to allow specifying a subgroup and group size in gnutls_privkey_generate() 330 * and gnutls_x509_privkey_generate() */ 331 #define GNUTLS_SUBGROUP_TO_BITS(group, subgroup) (unsigned int)((subgroup<<16)|(group)) 332 #define GNUTLS_BITS_TO_SUBGROUP(bits) ((bits >> 16) & 0xFFFF) 333 #define GNUTLS_BITS_TO_GROUP(bits) (bits & 0xFFFF) 334 #define GNUTLS_BITS_HAVE_SUBGROUP(bits) ((bits) & 0xFFFF0000) 335 336 int 337 gnutls_privkey_generate (gnutls_privkey_t key, 338 gnutls_pk_algorithm_t algo, unsigned int bits, 339 unsigned int flags); 340 int 341 gnutls_privkey_generate2(gnutls_privkey_t pkey, 342 gnutls_pk_algorithm_t algo, unsigned int bits, 343 unsigned int flags, const gnutls_keygen_data_st *data, unsigned data_size); 344 345 int 346 gnutls_privkey_set_spki(gnutls_privkey_t key, 347 const gnutls_x509_spki_t spki, 348 unsigned int flags); 349 350 int 351 gnutls_privkey_get_spki(gnutls_privkey_t key, 352 const gnutls_x509_spki_t spki, 353 unsigned int flags); 354 355 int gnutls_privkey_verify_seed(gnutls_privkey_t key, gnutls_digest_algorithm_t, const void *seed, size_t seed_size); 356 int gnutls_privkey_get_seed(gnutls_privkey_t key, gnutls_digest_algorithm_t*, void *seed, size_t *seed_size); 357 358 int gnutls_privkey_verify_params(gnutls_privkey_t key); 359 360 void gnutls_privkey_set_flags(gnutls_privkey_t key, unsigned int flags); 361 362 void gnutls_privkey_set_pin_function (gnutls_privkey_t key, 363 gnutls_pin_callback_t fn, void *userdata); 364 365 int gnutls_privkey_get_pk_algorithm(gnutls_privkey_t key, 366 unsigned int *bits); 367 gnutls_privkey_type_t gnutls_privkey_get_type(gnutls_privkey_t key); 368 int gnutls_privkey_status(gnutls_privkey_t key); 369 370 /** 371 * gnutls_privkey_flags: 372 * @GNUTLS_PRIVKEY_SIGN_FLAG_TLS1_RSA: Make an RSA signature on the hashed data as in the TLS protocol. 373 * @GNUTLS_PRIVKEY_SIGN_FLAG_RSA_PSS: Make an RSA signature on the hashed data with the PSS padding. 374 * @GNUTLS_PRIVKEY_FLAG_REPRODUCIBLE: Make a signature on the hashed data with reproducible parameters. 375 * For RSA-PSS, that means to use empty salt instead of random value. To 376 * verify a signature created using this flag, the corresponding SPKI needs 377 * to be set on the public key. Use gnutls_pubkey_set_spki() for that. 378 * For ECDSA/DSA, it uses the deterministic construction of random parameter 379 * according to RFC 6979. Note that this only supports the NIST curves and DSA 380 * subgroup bits up to 512. 381 * @GNUTLS_PRIVKEY_IMPORT_AUTO_RELEASE: When importing a private key, automatically 382 * release it when the structure it was imported is released. 383 * @GNUTLS_PRIVKEY_IMPORT_COPY: Copy required values during import. 384 * @GNUTLS_PRIVKEY_DISABLE_CALLBACKS: The following flag disables call to PIN callbacks etc. 385 * Only relevant to TPM keys. 386 * @GNUTLS_PRIVKEY_FLAG_PROVABLE: When generating a key involving prime numbers, use provable primes; a seed may be required. 387 * @GNUTLS_PRIVKEY_FLAG_CA: The generated private key is going to be used as a CA (relevant for RSA-PSS keys). 388 * @GNUTLS_PRIVKEY_FLAG_EXPORT_COMPAT: Keys generated or imported as provable require an extended format which cannot be read by previous versions 389 * of gnutls or other applications. By setting this flag the key will be exported in a backwards compatible way, 390 * even if the information about the seed used will be lost. 391 * 392 * Enumeration of different certificate import flags. 393 */ 394 typedef enum gnutls_privkey_flags { 395 GNUTLS_PRIVKEY_IMPORT_AUTO_RELEASE = 1, 396 GNUTLS_PRIVKEY_IMPORT_COPY = 1 << 1, 397 GNUTLS_PRIVKEY_DISABLE_CALLBACKS = 1 << 2, 398 GNUTLS_PRIVKEY_SIGN_FLAG_TLS1_RSA = 1 << 4, 399 GNUTLS_PRIVKEY_FLAG_PROVABLE = 1 << 5, 400 GNUTLS_PRIVKEY_FLAG_EXPORT_COMPAT = 1 << 6, 401 GNUTLS_PRIVKEY_SIGN_FLAG_RSA_PSS = 1 << 7, 402 GNUTLS_PRIVKEY_FLAG_REPRODUCIBLE = 1 << 8, 403 GNUTLS_PRIVKEY_FLAG_CA = 1 << 9 404 } gnutls_privkey_flags_t; 405 406 int gnutls_privkey_import_pkcs11(gnutls_privkey_t pkey, 407 gnutls_pkcs11_privkey_t key, 408 unsigned int flags); 409 int gnutls_privkey_import_x509(gnutls_privkey_t pkey, 410 gnutls_x509_privkey_t key, 411 unsigned int flags); 412 int gnutls_privkey_import_openpgp(gnutls_privkey_t pkey, 413 gnutls_openpgp_privkey_t key, 414 unsigned int flags); 415 416 int gnutls_privkey_export_x509(gnutls_privkey_t pkey, 417 gnutls_x509_privkey_t * key); 418 int gnutls_privkey_export_openpgp(gnutls_privkey_t pkey, 419 gnutls_openpgp_privkey_t * key); 420 int 421 gnutls_privkey_export_pkcs11(gnutls_privkey_t pkey, 422 gnutls_pkcs11_privkey_t *key); 423 424 int gnutls_privkey_import_openpgp_raw(gnutls_privkey_t pkey, 425 const gnutls_datum_t * data, 426 gnutls_openpgp_crt_fmt_t 427 format, 428 const gnutls_openpgp_keyid_t 429 keyid, const char *password); 430 431 int gnutls_privkey_import_x509_raw(gnutls_privkey_t pkey, 432 const gnutls_datum_t * data, 433 gnutls_x509_crt_fmt_t format, 434 const char *password, 435 unsigned int flags); 436 437 int 438 gnutls_privkey_import_tpm_raw(gnutls_privkey_t pkey, 439 const gnutls_datum_t * fdata, 440 gnutls_tpmkey_fmt_t format, 441 const char *srk_password, 442 const char *key_password, 443 unsigned int flags); 444 445 int 446 gnutls_privkey_import_tpm_url(gnutls_privkey_t pkey, 447 const char *url, 448 const char *srk_password, 449 const char *key_password, 450 unsigned int flags); 451 452 int gnutls_privkey_import_url(gnutls_privkey_t key, 453 const char *url, unsigned int flags); 454 455 #if 0 456 /* for documentation purposes */ 457 int gnutls_privkey_import_pkcs11_url(gnutls_privkey_t key, const char *url); 458 #endif 459 460 #define gnutls_privkey_import_pkcs11_url(key, url) gnutls_privkey_import_url(key, url, 0) 461 462 int 463 gnutls_privkey_import_ext(gnutls_privkey_t pkey, 464 gnutls_pk_algorithm_t pk, 465 void *userdata, 466 gnutls_privkey_sign_func sign_func, 467 gnutls_privkey_decrypt_func 468 decrypt_func, unsigned int flags); 469 470 int 471 gnutls_privkey_import_ext2(gnutls_privkey_t pkey, 472 gnutls_pk_algorithm_t pk, 473 void *userdata, 474 gnutls_privkey_sign_func sign_func, 475 gnutls_privkey_decrypt_func 476 decrypt_func, 477 gnutls_privkey_deinit_func deinit_func, 478 unsigned int flags); 479 480 int 481 gnutls_privkey_import_ext3(gnutls_privkey_t pkey, 482 void *userdata, 483 gnutls_privkey_sign_func sign_func, 484 gnutls_privkey_decrypt_func decrypt_func, 485 gnutls_privkey_deinit_func deinit_func, 486 gnutls_privkey_info_func info_func, 487 unsigned int flags); 488 489 int 490 gnutls_privkey_import_ext4(gnutls_privkey_t pkey, 491 void *userdata, 492 gnutls_privkey_sign_data_func sign_data_func, 493 gnutls_privkey_sign_hash_func sign_hash_func, 494 gnutls_privkey_decrypt_func decrypt_func, 495 gnutls_privkey_deinit_func deinit_func, 496 gnutls_privkey_info_func info_func, 497 unsigned int flags); 498 499 int gnutls_privkey_import_dsa_raw(gnutls_privkey_t key, 500 const gnutls_datum_t * p, 501 const gnutls_datum_t * q, 502 const gnutls_datum_t * g, 503 const gnutls_datum_t * y, 504 const gnutls_datum_t * x); 505 506 int gnutls_privkey_import_rsa_raw(gnutls_privkey_t key, 507 const gnutls_datum_t * m, 508 const gnutls_datum_t * e, 509 const gnutls_datum_t * d, 510 const gnutls_datum_t * p, 511 const gnutls_datum_t * q, 512 const gnutls_datum_t * u, 513 const gnutls_datum_t * e1, 514 const gnutls_datum_t * e2); 515 int gnutls_privkey_import_ecc_raw(gnutls_privkey_t key, 516 gnutls_ecc_curve_t curve, 517 const gnutls_datum_t * x, 518 const gnutls_datum_t * y, 519 const gnutls_datum_t * k); 520 521 int gnutls_privkey_import_gost_raw(gnutls_privkey_t key, 522 gnutls_ecc_curve_t curve, 523 gnutls_digest_algorithm_t digest, 524 gnutls_gost_paramset_t paramset, 525 const gnutls_datum_t * x, 526 const gnutls_datum_t * y, 527 const gnutls_datum_t * k); 528 529 530 int gnutls_privkey_sign_data(gnutls_privkey_t signer, 531 gnutls_digest_algorithm_t hash, 532 unsigned int flags, 533 const gnutls_datum_t * data, 534 gnutls_datum_t * signature); 535 536 int gnutls_privkey_sign_data2(gnutls_privkey_t signer, 537 gnutls_sign_algorithm_t algo, 538 unsigned int flags, 539 const gnutls_datum_t * data, 540 gnutls_datum_t * signature); 541 542 #define gnutls_privkey_sign_raw_data(key, flags, data, sig) \ 543 gnutls_privkey_sign_hash ( key, 0, GNUTLS_PRIVKEY_SIGN_FLAG_TLS1_RSA, data, sig) 544 545 int gnutls_privkey_sign_hash(gnutls_privkey_t signer, 546 gnutls_digest_algorithm_t hash_algo, 547 unsigned int flags, 548 const gnutls_datum_t * hash_data, 549 gnutls_datum_t * signature); 550 551 int gnutls_privkey_sign_hash2(gnutls_privkey_t signer, 552 gnutls_sign_algorithm_t algo, 553 unsigned int flags, 554 const gnutls_datum_t * hash_data, 555 gnutls_datum_t * signature); 556 557 int gnutls_privkey_decrypt_data(gnutls_privkey_t key, 558 unsigned int flags, 559 const gnutls_datum_t * ciphertext, 560 gnutls_datum_t * plaintext); 561 562 int gnutls_privkey_decrypt_data2(gnutls_privkey_t key, 563 unsigned int flags, 564 const gnutls_datum_t * ciphertext, 565 unsigned char * plaintext, 566 size_t plaintext_size); 567 568 int 569 gnutls_privkey_export_rsa_raw(gnutls_privkey_t key, 570 gnutls_datum_t * m, gnutls_datum_t * e, 571 gnutls_datum_t * d, gnutls_datum_t * p, 572 gnutls_datum_t * q, gnutls_datum_t * u, 573 gnutls_datum_t * e1, 574 gnutls_datum_t * e2); 575 576 int 577 gnutls_privkey_export_rsa_raw2(gnutls_privkey_t key, 578 gnutls_datum_t * m, gnutls_datum_t * e, 579 gnutls_datum_t * d, gnutls_datum_t * p, 580 gnutls_datum_t * q, gnutls_datum_t * u, 581 gnutls_datum_t * e1, 582 gnutls_datum_t * e2, unsigned flags); 583 584 int 585 gnutls_privkey_export_dsa_raw(gnutls_privkey_t key, 586 gnutls_datum_t * p, gnutls_datum_t * q, 587 gnutls_datum_t * g, gnutls_datum_t * y, 588 gnutls_datum_t * x); 589 590 int 591 gnutls_privkey_export_dsa_raw2(gnutls_privkey_t key, 592 gnutls_datum_t * p, gnutls_datum_t * q, 593 gnutls_datum_t * g, gnutls_datum_t * y, 594 gnutls_datum_t * x, unsigned flags); 595 596 int 597 gnutls_privkey_export_ecc_raw(gnutls_privkey_t key, 598 gnutls_ecc_curve_t * curve, 599 gnutls_datum_t * x, 600 gnutls_datum_t * y, 601 gnutls_datum_t * k); 602 603 int 604 gnutls_privkey_export_ecc_raw2(gnutls_privkey_t key, 605 gnutls_ecc_curve_t * curve, 606 gnutls_datum_t * x, 607 gnutls_datum_t * y, 608 gnutls_datum_t * k, 609 unsigned flags); 610 611 int 612 gnutls_privkey_export_gost_raw2(gnutls_privkey_t key, 613 gnutls_ecc_curve_t * curve, 614 gnutls_digest_algorithm_t * digest, 615 gnutls_gost_paramset_t * paramset, 616 gnutls_datum_t * x, 617 gnutls_datum_t * y, 618 gnutls_datum_t * k, 619 unsigned flags); 620 621 622 int gnutls_x509_crt_privkey_sign(gnutls_x509_crt_t crt, 623 gnutls_x509_crt_t issuer, 624 gnutls_privkey_t issuer_key, 625 gnutls_digest_algorithm_t dig, 626 unsigned int flags); 627 628 int gnutls_x509_crl_privkey_sign(gnutls_x509_crl_t crl, 629 gnutls_x509_crt_t issuer, 630 gnutls_privkey_t issuer_key, 631 gnutls_digest_algorithm_t dig, 632 unsigned int flags); 633 634 int gnutls_x509_crq_privkey_sign(gnutls_x509_crq_t crq, 635 gnutls_privkey_t key, 636 gnutls_digest_algorithm_t dig, 637 unsigned int flags); 638 639 /** 640 * gnutls_pcert_st: 641 * @pubkey: public key of parsed certificate. 642 * @cert: certificate itself of parsed certificate 643 * @type: type of certificate, a #gnutls_certificate_type_t type. 644 * 645 * A parsed certificate. 646 */ 647 typedef struct gnutls_pcert_st { 648 gnutls_pubkey_t pubkey; 649 gnutls_datum_t cert; 650 gnutls_certificate_type_t type; 651 } gnutls_pcert_st; 652 653 /* This flag is unused/ignored */ 654 #define GNUTLS_PCERT_NO_CERT 1 655 656 int gnutls_pcert_import_x509(gnutls_pcert_st * pcert, 657 gnutls_x509_crt_t crt, unsigned int flags); 658 659 int gnutls_pcert_import_x509_list(gnutls_pcert_st * pcert, 660 gnutls_x509_crt_t *crt, unsigned *ncrt, 661 unsigned int flags); 662 663 int gnutls_pcert_export_x509(gnutls_pcert_st * pcert, 664 gnutls_x509_crt_t * crt); 665 666 int 667 gnutls_pcert_list_import_x509_raw(gnutls_pcert_st * pcerts, 668 unsigned int *pcert_max, 669 const gnutls_datum_t * data, 670 gnutls_x509_crt_fmt_t format, 671 unsigned int flags); 672 673 int gnutls_pcert_list_import_x509_file(gnutls_pcert_st *pcert_list, 674 unsigned *pcert_list_size, 675 const char *file, 676 gnutls_x509_crt_fmt_t format, 677 gnutls_pin_callback_t pin_fn, 678 void *pin_fn_userdata, 679 unsigned int flags); 680 681 int gnutls_pcert_import_x509_raw(gnutls_pcert_st * pcert, 682 const gnutls_datum_t * cert, 683 gnutls_x509_crt_fmt_t format, 684 unsigned int flags); 685 686 int gnutls_pcert_import_openpgp_raw(gnutls_pcert_st * pcert, 687 const gnutls_datum_t * cert, 688 gnutls_openpgp_crt_fmt_t 689 format, 690 gnutls_openpgp_keyid_t keyid, 691 unsigned int flags); 692 693 int gnutls_pcert_import_openpgp(gnutls_pcert_st * pcert, 694 gnutls_openpgp_crt_t crt, 695 unsigned int flags); 696 697 int gnutls_pcert_export_openpgp(gnutls_pcert_st * pcert, 698 gnutls_openpgp_crt_t * crt); 699 700 void gnutls_pcert_deinit(gnutls_pcert_st * pcert); 701 702 int gnutls_pcert_import_rawpk(gnutls_pcert_st* pcert, 703 gnutls_pubkey_t key, unsigned int flags); 704 705 int gnutls_pcert_import_rawpk_raw(gnutls_pcert_st* pcert, 706 const gnutls_datum_t* rawpubkey, 707 gnutls_x509_crt_fmt_t format, 708 unsigned int key_usage, unsigned int flags); 709 710 /* For certificate credentials */ 711 /* This is the same as gnutls_certificate_retrieve_function() 712 * but retrieves a gnutls_pcert_st which requires much less processing 713 * within the library. 714 */ 715 typedef int gnutls_certificate_retrieve_function2(gnutls_session_t, 716 const gnutls_datum_t *req_ca_rdn, 717 int nreqs, 718 const gnutls_pk_algorithm_t *pk_algos, 719 int pk_algos_length, 720 gnutls_pcert_st**, 721 unsigned int *pcert_length, 722 gnutls_privkey_t *privkey); 723 724 725 void gnutls_certificate_set_retrieve_function2 726 (gnutls_certificate_credentials_t cred, 727 gnutls_certificate_retrieve_function2 *func); 728 729 struct gnutls_cert_retr_st { 730 unsigned version; /* set to 1 */ 731 gnutls_certificate_credentials_t cred; 732 const gnutls_datum_t *req_ca_rdn; 733 unsigned nreqs; 734 const gnutls_pk_algorithm_t *pk_algos; 735 unsigned pk_algos_length; 736 737 /* other fields may be added if version is > 1 */ 738 unsigned char padding[64]; 739 }; 740 741 /* When the callback sets this value, gnutls will deinitialize the given 742 * values after use */ 743 #define GNUTLS_CERT_RETR_DEINIT_ALL 1 744 745 typedef int gnutls_certificate_retrieve_function3( 746 gnutls_session_t, 747 const struct gnutls_cert_retr_st *info, 748 gnutls_pcert_st **certs, 749 unsigned int *pcert_length, 750 gnutls_ocsp_data_st **ocsp, 751 unsigned int *ocsp_length, 752 gnutls_privkey_t *privkey, 753 unsigned int *flags); 754 755 756 void gnutls_certificate_set_retrieve_function3 757 (gnutls_certificate_credentials_t cred, 758 gnutls_certificate_retrieve_function3 *func); 759 760 int 761 gnutls_certificate_set_key(gnutls_certificate_credentials_t res, 762 const char **names, 763 int names_size, 764 gnutls_pcert_st * pcert_list, 765 int pcert_list_size, gnutls_privkey_t key); 766 767 int 768 gnutls_pubkey_print(gnutls_pubkey_t pubkey, 769 gnutls_certificate_print_formats_t format, 770 gnutls_datum_t * out); 771 772 /* *INDENT-OFF* */ 773 #ifdef __cplusplus 774 } 775 #endif 776 /* *INDENT-ON* */ 777 #endif 778