1/* -*- c -*- 2 * Copyright (C) 2000-2016 Free Software Foundation, Inc. 3 * Copyright (C) 2015-2017 Red Hat, Inc. 4 * 5 * Author: Nikos Mavrogiannopoulos 6 * 7 * This file is part of GnuTLS. 8 * 9 * The GnuTLS is free software; you can redistribute it and/or 10 * modify it under the terms of the GNU Lesser General Public License 11 * as published by the Free Software Foundation; either version 2.1 of 12 * the License, or (at your option) any later version. 13 * 14 * This library is distributed in the hope that it will be useful, but 15 * WITHOUT ANY WARRANTY; without even the implied warranty of 16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 17 * Lesser General Public License for more details. 18 * 19 * You should have received a copy of the GNU Lesser General Public License 20 * along with this program. If not, see <https://www.gnu.org/licenses/> 21 * 22 */ 23 24/* This file contains the types and prototypes for all the 25 * high level functionality of the gnutls main library. 26 * 27 * If the optional C++ binding was built, it is available in 28 * gnutls/gnutlsxx.h. 29 * 30 * The openssl compatibility layer (which is under the GNU GPL 31 * license) is in gnutls/openssl.h. 32 * 33 * The low level cipher functionality is in gnutls/crypto.h. 34 */ 35 36 37#ifndef GNUTLS_H 38#define GNUTLS_H 39 40/* Get ssize_t. */ 41#include <sys/types.h> 42 43/* Get size_t. */ 44#include <stddef.h> 45 46/* Get time_t. */ 47#include <time.h> 48 49/* *INDENT-OFF* */ 50#ifdef __cplusplus 51extern "C" { 52#endif 53/* *INDENT-ON* */ 54 55#define GNUTLS_VERSION "@VERSION@" 56 57#define GNUTLS_VERSION_MAJOR @MAJOR_VERSION@ 58#define GNUTLS_VERSION_MINOR @MINOR_VERSION@ 59#define GNUTLS_VERSION_PATCH @PATCH_VERSION@ 60 61#define GNUTLS_VERSION_NUMBER @NUMBER_VERSION@ 62 63#define GNUTLS_CIPHER_RIJNDAEL_128_CBC GNUTLS_CIPHER_AES_128_CBC 64#define GNUTLS_CIPHER_RIJNDAEL_256_CBC GNUTLS_CIPHER_AES_256_CBC 65#define GNUTLS_CIPHER_RIJNDAEL_CBC GNUTLS_CIPHER_AES_128_CBC 66#define GNUTLS_CIPHER_ARCFOUR GNUTLS_CIPHER_ARCFOUR_128 67 68#if !defined(GNUTLS_INTERNAL_BUILD) && defined(_WIN32) 69# define _SYM_EXPORT __declspec(dllimport) 70#else 71# define _SYM_EXPORT 72#endif 73 74#ifdef __GNUC__ 75# define __GNUTLS_CONST__ __attribute__((const)) 76# define __GNUTLS_PURE__ __attribute__((pure)) 77#else 78# define __GNUTLS_CONST__ 79# define __GNUTLS_PURE__ 80#endif 81 82 83/* Use the following definition globally in your program to disable 84 * implicit initialization of gnutls. */ 85#define GNUTLS_SKIP_GLOBAL_INIT int _gnutls_global_init_skip(void); \ 86 int _gnutls_global_init_skip(void) {return 1;} 87 88/** 89 * gnutls_cipher_algorithm_t: 90 * @GNUTLS_CIPHER_UNKNOWN: Value to identify an unknown/unsupported algorithm. 91 * @GNUTLS_CIPHER_NULL: The NULL (identity) encryption algorithm. 92 * @GNUTLS_CIPHER_ARCFOUR_128: ARCFOUR stream cipher with 128-bit keys. 93 * @GNUTLS_CIPHER_3DES_CBC: 3DES in CBC mode. 94 * @GNUTLS_CIPHER_AES_128_CBC: AES in CBC mode with 128-bit keys. 95 * @GNUTLS_CIPHER_AES_192_CBC: AES in CBC mode with 192-bit keys. 96 * @GNUTLS_CIPHER_AES_256_CBC: AES in CBC mode with 256-bit keys. 97 * @GNUTLS_CIPHER_AES_128_CFB8: AES in CFB8 mode with 128-bit keys. 98 * @GNUTLS_CIPHER_AES_192_CFB8: AES in CFB8 mode with 192-bit keys. 99 * @GNUTLS_CIPHER_AES_256_CFB8: AES in CFB8 mode with 256-bit keys. 100 * @GNUTLS_CIPHER_ARCFOUR_40: ARCFOUR stream cipher with 40-bit keys. 101 * @GNUTLS_CIPHER_CAMELLIA_128_CBC: Camellia in CBC mode with 128-bit keys. 102 * @GNUTLS_CIPHER_CAMELLIA_192_CBC: Camellia in CBC mode with 192-bit keys. 103 * @GNUTLS_CIPHER_CAMELLIA_256_CBC: Camellia in CBC mode with 256-bit keys. 104 * @GNUTLS_CIPHER_RC2_40_CBC: RC2 in CBC mode with 40-bit keys. 105 * @GNUTLS_CIPHER_DES_CBC: DES in CBC mode (56-bit keys). 106 * @GNUTLS_CIPHER_AES_128_GCM: AES in GCM mode with 128-bit keys (AEAD). 107 * @GNUTLS_CIPHER_AES_256_GCM: AES in GCM mode with 256-bit keys (AEAD). 108 * @GNUTLS_CIPHER_AES_128_CCM: AES in CCM mode with 128-bit keys (AEAD). 109 * @GNUTLS_CIPHER_AES_256_CCM: AES in CCM mode with 256-bit keys (AEAD). 110 * @GNUTLS_CIPHER_AES_128_CCM_8: AES in CCM mode with 64-bit tag and 128-bit keys (AEAD). 111 * @GNUTLS_CIPHER_AES_256_CCM_8: AES in CCM mode with 64-bit tag and 256-bit keys (AEAD). 112 * @GNUTLS_CIPHER_CAMELLIA_128_GCM: CAMELLIA in GCM mode with 128-bit keys (AEAD). 113 * @GNUTLS_CIPHER_CAMELLIA_256_GCM: CAMELLIA in GCM mode with 256-bit keys (AEAD). 114 * @GNUTLS_CIPHER_SALSA20_256: Salsa20 with 256-bit keys. 115 * @GNUTLS_CIPHER_ESTREAM_SALSA20_256: Estream's Salsa20 variant with 256-bit keys. 116 * @GNUTLS_CIPHER_CHACHA20_32: Chacha20 cipher with 96-bit nonces and 32-bit block counters. 117 * @GNUTLS_CIPHER_CHACHA20_64: Chacha20 cipher with 64-bit nonces and 64-bit block counters. 118 * @GNUTLS_CIPHER_CHACHA20_POLY1305: The Chacha20 cipher with the Poly1305 authenticator (AEAD). 119 * @GNUTLS_CIPHER_GOST28147_TC26Z_CFB: GOST 28147-89 (Magma) cipher in CFB mode with TC26 Z S-box. 120 * @GNUTLS_CIPHER_GOST28147_CPA_CFB: GOST 28147-89 (Magma) cipher in CFB mode with CryptoPro A S-box. 121 * @GNUTLS_CIPHER_GOST28147_CPB_CFB: GOST 28147-89 (Magma) cipher in CFB mode with CryptoPro B S-box. 122 * @GNUTLS_CIPHER_GOST28147_CPC_CFB: GOST 28147-89 (Magma) cipher in CFB mode with CryptoPro C S-box. 123 * @GNUTLS_CIPHER_GOST28147_CPD_CFB: GOST 28147-89 (Magma) cipher in CFB mode with CryptoPro D S-box. 124 * @GNUTLS_CIPHER_AES_128_XTS: AES in XTS mode with 128-bit key + 128bit tweak key. 125 * @GNUTLS_CIPHER_AES_256_XTS: AES in XTS mode with 256-bit key + 256bit tweak key. 126 * Note that the XTS ciphers are message oriented. 127 * The whole message needs to be provided with a single call, because 128 * cipher-stealing requires to know where the message actually terminates 129 * in order to be able to compute where the stealing occurs. 130 * @GNUTLS_CIPHER_GOST28147_TC26Z_CNT: GOST 28147-89 (Magma) cipher in CNT mode with TC26 Z S-box. 131 * @GNUTLS_CIPHER_IDEA_PGP_CFB: IDEA in CFB mode (placeholder - unsupported). 132 * @GNUTLS_CIPHER_3DES_PGP_CFB: 3DES in CFB mode (placeholder - unsupported). 133 * @GNUTLS_CIPHER_CAST5_PGP_CFB: CAST5 in CFB mode (placeholder - unsupported). 134 * @GNUTLS_CIPHER_BLOWFISH_PGP_CFB: Blowfish in CFB mode (placeholder - unsupported). 135 * @GNUTLS_CIPHER_SAFER_SK128_PGP_CFB: Safer-SK in CFB mode with 128-bit keys (placeholder - unsupported). 136 * @GNUTLS_CIPHER_AES128_PGP_CFB: AES in CFB mode with 128-bit keys (placeholder - unsupported). 137 * @GNUTLS_CIPHER_AES192_PGP_CFB: AES in CFB mode with 192-bit keys (placeholder - unsupported). 138 * @GNUTLS_CIPHER_AES256_PGP_CFB: AES in CFB mode with 256-bit keys (placeholder - unsupported). 139 * @GNUTLS_CIPHER_TWOFISH_PGP_CFB: Twofish in CFB mode (placeholder - unsupported). 140 * @GNUTLS_CIPHER_AES_128_SIV: AES in SIV mode with 128-bit key. 141 * @GNUTLS_CIPHER_AES_256_SIV: AES in SIV mode with 256-bit key. 142 * Note that the SIV ciphers can only be used with 143 * the AEAD interface, and the IV plays a role as 144 * the authentication tag while it is prepended to 145 * the cipher text. 146 * @GNUTLS_CIPHER_AES_192_GCM: AES in GCM mode with 192-bit keys (AEAD). 147 * 148 * Enumeration of different symmetric encryption algorithms. 149 */ 150typedef enum gnutls_cipher_algorithm { 151 GNUTLS_CIPHER_UNKNOWN = 0, 152 GNUTLS_CIPHER_NULL = 1, 153 GNUTLS_CIPHER_ARCFOUR_128 = 2, 154 GNUTLS_CIPHER_3DES_CBC = 3, 155 GNUTLS_CIPHER_AES_128_CBC = 4, 156 GNUTLS_CIPHER_AES_256_CBC = 5, 157 GNUTLS_CIPHER_ARCFOUR_40 = 6, 158 GNUTLS_CIPHER_CAMELLIA_128_CBC = 7, 159 GNUTLS_CIPHER_CAMELLIA_256_CBC = 8, 160 GNUTLS_CIPHER_AES_192_CBC = 9, 161 GNUTLS_CIPHER_AES_128_GCM = 10, 162 GNUTLS_CIPHER_AES_256_GCM = 11, 163 GNUTLS_CIPHER_CAMELLIA_192_CBC = 12, 164 GNUTLS_CIPHER_SALSA20_256 = 13, 165 GNUTLS_CIPHER_ESTREAM_SALSA20_256 = 14, 166 GNUTLS_CIPHER_CAMELLIA_128_GCM = 15, 167 GNUTLS_CIPHER_CAMELLIA_256_GCM = 16, 168 GNUTLS_CIPHER_RC2_40_CBC = 17, 169 GNUTLS_CIPHER_DES_CBC = 18, 170 GNUTLS_CIPHER_AES_128_CCM = 19, 171 GNUTLS_CIPHER_AES_256_CCM = 20, 172 GNUTLS_CIPHER_AES_128_CCM_8 = 21, 173 GNUTLS_CIPHER_AES_256_CCM_8 = 22, 174 GNUTLS_CIPHER_CHACHA20_POLY1305 = 23, 175 GNUTLS_CIPHER_GOST28147_TC26Z_CFB = 24, 176 GNUTLS_CIPHER_GOST28147_CPA_CFB = 25, 177 GNUTLS_CIPHER_GOST28147_CPB_CFB = 26, 178 GNUTLS_CIPHER_GOST28147_CPC_CFB = 27, 179 GNUTLS_CIPHER_GOST28147_CPD_CFB = 28, 180 GNUTLS_CIPHER_AES_128_CFB8 = 29, 181 GNUTLS_CIPHER_AES_192_CFB8 = 30, 182 GNUTLS_CIPHER_AES_256_CFB8 = 31, 183 GNUTLS_CIPHER_AES_128_XTS = 32, 184 GNUTLS_CIPHER_AES_256_XTS = 33, 185 GNUTLS_CIPHER_GOST28147_TC26Z_CNT = 34, 186 GNUTLS_CIPHER_CHACHA20_64 = 35, 187 GNUTLS_CIPHER_CHACHA20_32 = 36, 188 GNUTLS_CIPHER_AES_128_SIV = 37, 189 GNUTLS_CIPHER_AES_256_SIV = 38, 190 GNUTLS_CIPHER_AES_192_GCM = 39, 191 192 /* used only for PGP internals. Ignored in TLS/SSL 193 */ 194 GNUTLS_CIPHER_IDEA_PGP_CFB = 200, 195 GNUTLS_CIPHER_3DES_PGP_CFB = 201, 196 GNUTLS_CIPHER_CAST5_PGP_CFB = 202, 197 GNUTLS_CIPHER_BLOWFISH_PGP_CFB = 203, 198 GNUTLS_CIPHER_SAFER_SK128_PGP_CFB = 204, 199 GNUTLS_CIPHER_AES128_PGP_CFB = 205, 200 GNUTLS_CIPHER_AES192_PGP_CFB = 206, 201 GNUTLS_CIPHER_AES256_PGP_CFB = 207, 202 GNUTLS_CIPHER_TWOFISH_PGP_CFB = 208 203} gnutls_cipher_algorithm_t; 204 205/** 206 * gnutls_kx_algorithm_t: 207 * @GNUTLS_KX_UNKNOWN: Unknown key-exchange algorithm. 208 * @GNUTLS_KX_RSA: RSA key-exchange algorithm. 209 * @GNUTLS_KX_DHE_DSS: DHE-DSS key-exchange algorithm. 210 * @GNUTLS_KX_DHE_RSA: DHE-RSA key-exchange algorithm. 211 * @GNUTLS_KX_ECDHE_RSA: ECDHE-RSA key-exchange algorithm. 212 * @GNUTLS_KX_ECDHE_ECDSA: ECDHE-ECDSA key-exchange algorithm. 213 * @GNUTLS_KX_ANON_DH: Anon-DH key-exchange algorithm. 214 * @GNUTLS_KX_ANON_ECDH: Anon-ECDH key-exchange algorithm. 215 * @GNUTLS_KX_SRP: SRP key-exchange algorithm. 216 * @GNUTLS_KX_RSA_EXPORT: RSA-EXPORT key-exchange algorithm (defunc). 217 * @GNUTLS_KX_SRP_RSA: SRP-RSA key-exchange algorithm. 218 * @GNUTLS_KX_SRP_DSS: SRP-DSS key-exchange algorithm. 219 * @GNUTLS_KX_PSK: PSK key-exchange algorithm. 220 * @GNUTLS_KX_DHE_PSK: DHE-PSK key-exchange algorithm. 221 * @GNUTLS_KX_ECDHE_PSK: ECDHE-PSK key-exchange algorithm. 222 * @GNUTLS_KX_RSA_PSK: RSA-PSK key-exchange algorithm. 223 * @GNUTLS_KX_VKO_GOST_12: VKO GOST R 34.10-2012 key-exchange algorithm. 224 * 225 * Enumeration of different key exchange algorithms. 226 */ 227typedef enum { 228 GNUTLS_KX_UNKNOWN = 0, 229 GNUTLS_KX_RSA = 1, 230 GNUTLS_KX_DHE_DSS = 2, 231 GNUTLS_KX_DHE_RSA = 3, 232 GNUTLS_KX_ANON_DH = 4, 233 GNUTLS_KX_SRP = 5, 234 GNUTLS_KX_RSA_EXPORT = 6, 235 GNUTLS_KX_SRP_RSA = 7, 236 GNUTLS_KX_SRP_DSS = 8, 237 GNUTLS_KX_PSK = 9, 238 GNUTLS_KX_DHE_PSK = 10, 239 GNUTLS_KX_ANON_ECDH = 11, 240 GNUTLS_KX_ECDHE_RSA = 12, 241 GNUTLS_KX_ECDHE_ECDSA = 13, 242 GNUTLS_KX_ECDHE_PSK = 14, 243 GNUTLS_KX_RSA_PSK = 15, 244 GNUTLS_KX_VKO_GOST_12 = 16 245} gnutls_kx_algorithm_t; 246 247/** 248 * gnutls_params_type_t: 249 * @GNUTLS_PARAMS_RSA_EXPORT: Session RSA-EXPORT parameters (defunc). 250 * @GNUTLS_PARAMS_DH: Session Diffie-Hellman parameters. 251 * @GNUTLS_PARAMS_ECDH: Session Elliptic-Curve Diffie-Hellman parameters. 252 * 253 * Enumeration of different TLS session parameter types. 254 */ 255typedef enum { 256 GNUTLS_PARAMS_RSA_EXPORT = 1, 257 GNUTLS_PARAMS_DH = 2, 258 GNUTLS_PARAMS_ECDH = 3 259} gnutls_params_type_t; 260 261/** 262 * gnutls_credentials_type_t: 263 * @GNUTLS_CRD_CERTIFICATE: Certificate credential. 264 * @GNUTLS_CRD_ANON: Anonymous credential. 265 * @GNUTLS_CRD_SRP: SRP credential. 266 * @GNUTLS_CRD_PSK: PSK credential. 267 * @GNUTLS_CRD_IA: IA credential. 268 * 269 * Enumeration of different credential types. 270 */ 271typedef enum { 272 GNUTLS_CRD_CERTIFICATE = 1, 273 GNUTLS_CRD_ANON, 274 GNUTLS_CRD_SRP, 275 GNUTLS_CRD_PSK, 276 GNUTLS_CRD_IA 277} gnutls_credentials_type_t; 278 279#define GNUTLS_MAC_SHA GNUTLS_MAC_SHA1 280#define GNUTLS_DIG_SHA GNUTLS_DIG_SHA1 281 282/** 283 * gnutls_mac_algorithm_t: 284 * @GNUTLS_MAC_UNKNOWN: Unknown MAC algorithm. 285 * @GNUTLS_MAC_NULL: NULL MAC algorithm (empty output). 286 * @GNUTLS_MAC_MD5: HMAC-MD5 algorithm. 287 * @GNUTLS_MAC_SHA1: HMAC-SHA-1 algorithm. 288 * @GNUTLS_MAC_RMD160: HMAC-RMD160 algorithm. 289 * @GNUTLS_MAC_MD2: HMAC-MD2 algorithm. 290 * @GNUTLS_MAC_SHA256: HMAC-SHA-256 algorithm. 291 * @GNUTLS_MAC_SHA384: HMAC-SHA-384 algorithm. 292 * @GNUTLS_MAC_SHA512: HMAC-SHA-512 algorithm. 293 * @GNUTLS_MAC_SHA224: HMAC-SHA-224 algorithm. 294 * @GNUTLS_MAC_MD5_SHA1: Combined MD5+SHA1 MAC placeholder. 295 * @GNUTLS_MAC_GOSTR_94: HMAC GOST R 34.11-94 algorithm. 296 * @GNUTLS_MAC_STREEBOG_256: HMAC GOST R 34.11-2001 (Streebog) algorithm, 256 bit. 297 * @GNUTLS_MAC_STREEBOG_512: HMAC GOST R 34.11-2001 (Streebog) algorithm, 512 bit. 298 * @GNUTLS_MAC_AEAD: MAC implicit through AEAD cipher. 299 * @GNUTLS_MAC_UMAC_96: The UMAC-96 MAC algorithm (requires nonce). 300 * @GNUTLS_MAC_UMAC_128: The UMAC-128 MAC algorithm (requires nonce). 301 * @GNUTLS_MAC_AES_CMAC_128: The AES-CMAC-128 MAC algorithm. 302 * @GNUTLS_MAC_AES_CMAC_256: The AES-CMAC-256 MAC algorithm. 303 * @GNUTLS_MAC_AES_GMAC_128: The AES-GMAC-128 MAC algorithm (requires nonce). 304 * @GNUTLS_MAC_AES_GMAC_192: The AES-GMAC-192 MAC algorithm (requires nonce). 305 * @GNUTLS_MAC_AES_GMAC_256: The AES-GMAC-256 MAC algorithm (requires nonce). 306 * @GNUTLS_MAC_SHA3_224: Reserved; unimplemented. 307 * @GNUTLS_MAC_SHA3_256: Reserved; unimplemented. 308 * @GNUTLS_MAC_SHA3_384: Reserved; unimplemented. 309 * @GNUTLS_MAC_SHA3_512: Reserved; unimplemented. 310 * @GNUTLS_MAC_GOST28147_TC26Z_IMIT: The GOST 28147-89 working in IMIT mode with TC26 Z S-box. 311 * @GNUTLS_MAC_SHAKE_128: Reserved; unimplemented. 312 * @GNUTLS_MAC_SHAKE_256: Reserved; unimplemented. 313 * 314 * Enumeration of different Message Authentication Code (MAC) 315 * algorithms. 316 */ 317typedef enum { 318 GNUTLS_MAC_UNKNOWN = 0, 319 GNUTLS_MAC_NULL = 1, 320 GNUTLS_MAC_MD5 = 2, 321 GNUTLS_MAC_SHA1 = 3, 322 GNUTLS_MAC_RMD160 = 4, 323 GNUTLS_MAC_MD2 = 5, 324 GNUTLS_MAC_SHA256 = 6, 325 GNUTLS_MAC_SHA384 = 7, 326 GNUTLS_MAC_SHA512 = 8, 327 GNUTLS_MAC_SHA224 = 9, 328 GNUTLS_MAC_SHA3_224 = 10, /* reserved: no implementation */ 329 GNUTLS_MAC_SHA3_256 = 11, /* reserved: no implementation */ 330 GNUTLS_MAC_SHA3_384 = 12, /* reserved: no implementation */ 331 GNUTLS_MAC_SHA3_512 = 13, /* reserved: no implementation */ 332 GNUTLS_MAC_MD5_SHA1 = 14, /* reserved: no implementation */ 333 GNUTLS_MAC_GOSTR_94 = 15, 334 GNUTLS_MAC_STREEBOG_256 = 16, 335 GNUTLS_MAC_STREEBOG_512 = 17, 336 /* If you add anything here, make sure you align with 337 gnutls_digest_algorithm_t. */ 338 GNUTLS_MAC_AEAD = 200, /* indicates that MAC is on the cipher */ 339 GNUTLS_MAC_UMAC_96 = 201, 340 GNUTLS_MAC_UMAC_128 = 202, 341 GNUTLS_MAC_AES_CMAC_128 = 203, 342 GNUTLS_MAC_AES_CMAC_256 = 204, 343 GNUTLS_MAC_AES_GMAC_128 = 205, 344 GNUTLS_MAC_AES_GMAC_192 = 206, 345 GNUTLS_MAC_AES_GMAC_256 = 207, 346 GNUTLS_MAC_GOST28147_TC26Z_IMIT = 208, 347 GNUTLS_MAC_SHAKE_128 = 209, 348 GNUTLS_MAC_SHAKE_256 = 210 349} gnutls_mac_algorithm_t; 350 351/** 352 * gnutls_digest_algorithm_t: 353 * @GNUTLS_DIG_UNKNOWN: Unknown hash algorithm. 354 * @GNUTLS_DIG_NULL: NULL hash algorithm (empty output). 355 * @GNUTLS_DIG_MD5: MD5 algorithm. 356 * @GNUTLS_DIG_SHA1: SHA-1 algorithm. 357 * @GNUTLS_DIG_RMD160: RMD160 algorithm. 358 * @GNUTLS_DIG_MD2: MD2 algorithm. 359 * @GNUTLS_DIG_SHA256: SHA-256 algorithm. 360 * @GNUTLS_DIG_SHA384: SHA-384 algorithm. 361 * @GNUTLS_DIG_SHA512: SHA-512 algorithm. 362 * @GNUTLS_DIG_SHA224: SHA-224 algorithm. 363 * @GNUTLS_DIG_SHA3_224: SHA3-224 algorithm. 364 * @GNUTLS_DIG_SHA3_256: SHA3-256 algorithm. 365 * @GNUTLS_DIG_SHA3_384: SHA3-384 algorithm. 366 * @GNUTLS_DIG_SHA3_512: SHA3-512 algorithm. 367 * @GNUTLS_DIG_MD5_SHA1: Combined MD5+SHA1 algorithm. 368 * @GNUTLS_DIG_GOSTR_94: GOST R 34.11-94 algorithm. 369 * @GNUTLS_DIG_STREEBOG_256: GOST R 34.11-2001 (Streebog) algorithm, 256 bit. 370 * @GNUTLS_DIG_STREEBOG_512: GOST R 34.11-2001 (Streebog) algorithm, 512 bit. 371 * @GNUTLS_DIG_SHAKE_128: Reserved; unimplemented. 372 * @GNUTLS_DIG_SHAKE_256: Reserved; unimplemented. 373 * 374 * Enumeration of different digest (hash) algorithms. 375 */ 376typedef enum { 377 GNUTLS_DIG_UNKNOWN = GNUTLS_MAC_UNKNOWN, 378 GNUTLS_DIG_NULL = GNUTLS_MAC_NULL, 379 GNUTLS_DIG_MD5 = GNUTLS_MAC_MD5, 380 GNUTLS_DIG_SHA1 = GNUTLS_MAC_SHA1, 381 GNUTLS_DIG_RMD160 = GNUTLS_MAC_RMD160, 382 GNUTLS_DIG_MD2 = GNUTLS_MAC_MD2, 383 GNUTLS_DIG_SHA256 = GNUTLS_MAC_SHA256, 384 GNUTLS_DIG_SHA384 = GNUTLS_MAC_SHA384, 385 GNUTLS_DIG_SHA512 = GNUTLS_MAC_SHA512, 386 GNUTLS_DIG_SHA224 = GNUTLS_MAC_SHA224, 387 GNUTLS_DIG_SHA3_224 = GNUTLS_MAC_SHA3_224, 388 GNUTLS_DIG_SHA3_256 = GNUTLS_MAC_SHA3_256, 389 GNUTLS_DIG_SHA3_384 = GNUTLS_MAC_SHA3_384, 390 GNUTLS_DIG_SHA3_512 = GNUTLS_MAC_SHA3_512, 391 GNUTLS_DIG_MD5_SHA1 = GNUTLS_MAC_MD5_SHA1, 392 GNUTLS_DIG_GOSTR_94 = GNUTLS_MAC_GOSTR_94, 393 GNUTLS_DIG_STREEBOG_256 = GNUTLS_MAC_STREEBOG_256, 394 GNUTLS_DIG_STREEBOG_512 = GNUTLS_MAC_STREEBOG_512, 395 GNUTLS_DIG_SHAKE_128 = GNUTLS_MAC_SHAKE_128, 396 GNUTLS_DIG_SHAKE_256 = GNUTLS_MAC_SHAKE_256 397 /* If you add anything here, make sure you align with 398 gnutls_mac_algorithm_t. */ 399} gnutls_digest_algorithm_t; 400 401 /* exported for other gnutls headers. This is the maximum number of 402 * algorithms (ciphers, kx or macs). 403 */ 404#define GNUTLS_MAX_ALGORITHM_NUM 64 405#define GNUTLS_MAX_SESSION_ID_SIZE 32 406 407 408/** 409 * gnutls_compression_method_t: 410 * @GNUTLS_COMP_UNKNOWN: Unknown compression method. 411 * @GNUTLS_COMP_NULL: The NULL compression method (no compression). 412 * @GNUTLS_COMP_DEFLATE: The DEFLATE compression method from zlib. 413 * @GNUTLS_COMP_ZLIB: Same as %GNUTLS_COMP_DEFLATE. 414 * 415 * Enumeration of different TLS compression methods. 416 */ 417typedef enum { 418 GNUTLS_COMP_UNKNOWN = 0, 419 GNUTLS_COMP_NULL = 1, 420 GNUTLS_COMP_DEFLATE = 2, 421 GNUTLS_COMP_ZLIB = GNUTLS_COMP_DEFLATE 422} gnutls_compression_method_t; 423 424 425/** 426 * gnutls_init_flags_t: 427 * 428 * @GNUTLS_SERVER: Connection end is a server. 429 * @GNUTLS_CLIENT: Connection end is a client. 430 * @GNUTLS_DATAGRAM: Connection is datagram oriented (DTLS). Since 3.0.0. 431 * @GNUTLS_NONBLOCK: Connection should not block. Since 3.0.0. 432 * @GNUTLS_NO_SIGNAL: In systems where SIGPIPE is delivered on send, it will be disabled. That flag has effect in systems which support the MSG_NOSIGNAL sockets flag (since 3.4.2). 433 * @GNUTLS_NO_EXTENSIONS: Do not enable any TLS extensions by default (since 3.1.2). As TLS 1.2 and later require extensions this option is considered obsolete and should not be used. 434 * @GNUTLS_NO_REPLAY_PROTECTION: Disable any replay protection in DTLS. This must only be used if replay protection is achieved using other means. Since 3.2.2. 435 * @GNUTLS_ALLOW_ID_CHANGE: Allow the peer to replace its certificate, or change its ID during a rehandshake. This change is often used in attacks and thus prohibited by default. Since 3.5.0. 436 * @GNUTLS_ENABLE_FALSE_START: Enable the TLS false start on client side if the negotiated ciphersuites allow it. This will enable sending data prior to the handshake being complete, and may introduce a risk of crypto failure when combined with certain key exchanged; for that GnuTLS may not enable that option in ciphersuites that are known to be not safe for false start. Since 3.5.0. 437 * @GNUTLS_ENABLE_EARLY_START: Under TLS1.3 allow the server to return earlier than the full handshake 438 * finish; similarly to false start the handshake will be completed once data are received by the 439 * client, while the server is able to transmit sooner. This is not enabled by default as it could 440 * break certain existing server assumptions and use-cases. Since 3.6.4. 441 * @GNUTLS_ENABLE_EARLY_DATA: Under TLS1.3 allow the server to receive early data sent as part of the initial ClientHello (0-RTT). This is not enabled by default as early data has weaker security properties than other data. Since 3.6.5. 442 * @GNUTLS_FORCE_CLIENT_CERT: When in client side and only a single cert is specified, send that certificate irrespective of the issuers expected by the server. Since 3.5.0. 443 * @GNUTLS_NO_TICKETS: Flag to indicate that the session should not use resumption with session tickets. 444 * @GNUTLS_KEY_SHARE_TOP3: Generate key shares for the top-3 different groups which are enabled. 445 * That is, as each group is associated with a key type (EC, finite field, x25519), generate 446 * three keys using %GNUTLS_PK_DH, %GNUTLS_PK_EC, %GNUTLS_PK_ECDH_X25519 if all of them are enabled. 447 * @GNUTLS_KEY_SHARE_TOP2: Generate key shares for the top-2 different groups which are enabled. 448 * For example (ECDH + x25519). This is the default. 449 * @GNUTLS_KEY_SHARE_TOP: Generate key share for the first group which is enabled. 450 * For example x25519. This option is the most performant for client (less CPU spent 451 * generating keys), but if the server doesn't support the advertized option it may 452 * result to more roundtrips needed to discover the server's choice. 453 * @GNUTLS_NO_AUTO_REKEY: Disable auto-rekeying under TLS1.3. If this option is not specified 454 * gnutls will force a rekey after 2^24 records have been sent. 455 * @GNUTLS_POST_HANDSHAKE_AUTH: Enable post handshake authentication for server and client. When set and 456 * a server requests authentication after handshake %GNUTLS_E_REAUTH_REQUEST will be returned 457 * by gnutls_record_recv(). A client should then call gnutls_reauth() to re-authenticate. 458 * @GNUTLS_SAFE_PADDING_CHECK: Flag to indicate that the TLS 1.3 padding check will be done in a 459 * safe way which doesn't leak the pad size based on GnuTLS processing time. This is of use to 460 * applications which hide the length of transferred data via the TLS1.3 padding mechanism and 461 * are already taking steps to hide the data processing time. This comes at a performance 462 * penalty. 463 * @GNUTLS_AUTO_REAUTH: Enable transparent re-authentication in client side when the server 464 * requests to. That is, reauthentication is handled within gnutls_record_recv(), and 465 * the %GNUTLS_E_REHANDSHAKE or %GNUTLS_E_REAUTH_REQUEST are not returned. This must be 466 * enabled with %GNUTLS_POST_HANDSHAKE_AUTH for TLS1.3. Enabling this flag requires to restore 467 * interrupted calls to gnutls_record_recv() based on the output of gnutls_record_get_direction(), 468 * since gnutls_record_recv() could be interrupted when sending when this flag is enabled. 469 * Note this flag may not be used if you are using the same session for sending and receiving 470 * in different threads. 471 * @GNUTLS_ENABLE_EARLY_DATA: Under TLS1.3 allow the server to receive early data sent as part of the initial ClientHello (0-RTT). 472 * This is not enabled by default as early data has weaker security properties than other data. Since 3.6.5. 473 * @GNUTLS_ENABLE_RAWPK: Allows raw public-keys to be negotiated during the handshake. Since 3.6.6. 474 * @GNUTLS_NO_AUTO_SEND_TICKET: Under TLS1.3 disable auto-sending of 475 * session tickets during the handshake. 476 * 477 * Enumeration of different flags for gnutls_init() function. All the flags 478 * can be combined except @GNUTLS_SERVER and @GNUTLS_CLIENT which are mutually 479 * exclusive. 480 * 481 * The key share options relate to the TLS 1.3 key share extension 482 * which is a speculative key generation expecting that the server 483 * would support the generated key. 484 */ 485typedef enum { 486 GNUTLS_SERVER = 1, 487 GNUTLS_CLIENT = (1<<1), 488 GNUTLS_DATAGRAM = (1<<2), 489 GNUTLS_NONBLOCK = (1<<3), 490 GNUTLS_NO_EXTENSIONS = (1<<4), 491 GNUTLS_NO_REPLAY_PROTECTION = (1<<5), 492 GNUTLS_NO_SIGNAL = (1<<6), 493 GNUTLS_ALLOW_ID_CHANGE = (1<<7), 494 GNUTLS_ENABLE_FALSE_START = (1<<8), 495 GNUTLS_FORCE_CLIENT_CERT = (1<<9), 496 GNUTLS_NO_TICKETS = (1<<10), 497 GNUTLS_KEY_SHARE_TOP = (1<<11), 498 GNUTLS_KEY_SHARE_TOP2 = (1<<12), 499 GNUTLS_KEY_SHARE_TOP3 = (1<<13), 500 GNUTLS_POST_HANDSHAKE_AUTH = (1<<14), 501 GNUTLS_NO_AUTO_REKEY = (1<<15), 502 GNUTLS_SAFE_PADDING_CHECK = (1<<16), 503 GNUTLS_ENABLE_EARLY_START = (1<<17), 504 GNUTLS_ENABLE_RAWPK = (1<<18), 505 GNUTLS_AUTO_REAUTH = (1<<19), 506 GNUTLS_ENABLE_EARLY_DATA = (1<<20), 507 GNUTLS_NO_AUTO_SEND_TICKET = (1<<21) 508} gnutls_init_flags_t; 509 510/* compatibility defines (previous versions of gnutls 511 * used defines instead of enumerated values). */ 512#define GNUTLS_SERVER (1) 513#define GNUTLS_CLIENT (1<<1) 514#define GNUTLS_DATAGRAM (1<<2) 515#define GNUTLS_NONBLOCK (1<<3) 516#define GNUTLS_NO_EXTENSIONS (1<<4) 517#define GNUTLS_NO_REPLAY_PROTECTION (1<<5) 518#define GNUTLS_NO_SIGNAL (1<<6) 519#define GNUTLS_ALLOW_ID_CHANGE (1<<7) 520#define GNUTLS_ENABLE_FALSE_START (1<<8) 521#define GNUTLS_FORCE_CLIENT_CERT (1<<9) 522#define GNUTLS_NO_TICKETS (1<<10) 523#define GNUTLS_ENABLE_CERT_TYPE_NEG 0 524 // Here for compatibility reasons 525 526/** 527 * gnutls_alert_level_t: 528 * @GNUTLS_AL_WARNING: Alert of warning severity. 529 * @GNUTLS_AL_FATAL: Alert of fatal severity. 530 * 531 * Enumeration of different TLS alert severities. 532 */ 533typedef enum { 534 GNUTLS_AL_WARNING = 1, 535 GNUTLS_AL_FATAL 536} gnutls_alert_level_t; 537 538/** 539 * gnutls_alert_description_t: 540 * @GNUTLS_A_CLOSE_NOTIFY: Close notify. 541 * @GNUTLS_A_UNEXPECTED_MESSAGE: Unexpected message. 542 * @GNUTLS_A_BAD_RECORD_MAC: Bad record MAC. 543 * @GNUTLS_A_DECRYPTION_FAILED: Decryption failed. 544 * @GNUTLS_A_RECORD_OVERFLOW: Record overflow. 545 * @GNUTLS_A_DECOMPRESSION_FAILURE: Decompression failed. 546 * @GNUTLS_A_HANDSHAKE_FAILURE: Handshake failed. 547 * @GNUTLS_A_SSL3_NO_CERTIFICATE: No certificate. 548 * @GNUTLS_A_BAD_CERTIFICATE: Certificate is bad. 549 * @GNUTLS_A_UNSUPPORTED_CERTIFICATE: Certificate is not supported. 550 * @GNUTLS_A_CERTIFICATE_REVOKED: Certificate was revoked. 551 * @GNUTLS_A_CERTIFICATE_EXPIRED: Certificate is expired. 552 * @GNUTLS_A_CERTIFICATE_UNKNOWN: Unknown certificate. 553 * @GNUTLS_A_ILLEGAL_PARAMETER: Illegal parameter. 554 * @GNUTLS_A_UNKNOWN_CA: CA is unknown. 555 * @GNUTLS_A_ACCESS_DENIED: Access was denied. 556 * @GNUTLS_A_DECODE_ERROR: Decode error. 557 * @GNUTLS_A_DECRYPT_ERROR: Decrypt error. 558 * @GNUTLS_A_EXPORT_RESTRICTION: Export restriction. 559 * @GNUTLS_A_PROTOCOL_VERSION: Error in protocol version. 560 * @GNUTLS_A_INSUFFICIENT_SECURITY: Insufficient security. 561 * @GNUTLS_A_INTERNAL_ERROR: Internal error. 562 * @GNUTLS_A_INAPPROPRIATE_FALLBACK: Inappropriate fallback, 563 * @GNUTLS_A_USER_CANCELED: User canceled. 564 * @GNUTLS_A_NO_RENEGOTIATION: No renegotiation is allowed. 565 * @GNUTLS_A_MISSING_EXTENSION: An extension was expected but was not seen 566 * @GNUTLS_A_UNSUPPORTED_EXTENSION: An unsupported extension was 567 * sent. 568 * @GNUTLS_A_CERTIFICATE_UNOBTAINABLE: Could not retrieve the 569 * specified certificate. 570 * @GNUTLS_A_UNRECOGNIZED_NAME: The server name sent was not 571 * recognized. 572 * @GNUTLS_A_UNKNOWN_PSK_IDENTITY: The SRP/PSK username is missing 573 * or not known. 574 * @GNUTLS_A_CERTIFICATE_REQUIRED: Certificate is required. 575 * @GNUTLS_A_NO_APPLICATION_PROTOCOL: The ALPN protocol requested is 576 * not supported by the peer. 577 * 578 * Enumeration of different TLS alerts. 579 */ 580typedef enum { 581 GNUTLS_A_CLOSE_NOTIFY, 582 GNUTLS_A_UNEXPECTED_MESSAGE = 10, 583 GNUTLS_A_BAD_RECORD_MAC = 20, 584 GNUTLS_A_DECRYPTION_FAILED, 585 GNUTLS_A_RECORD_OVERFLOW, 586 GNUTLS_A_DECOMPRESSION_FAILURE = 30, 587 GNUTLS_A_HANDSHAKE_FAILURE = 40, 588 GNUTLS_A_SSL3_NO_CERTIFICATE = 41, 589 GNUTLS_A_BAD_CERTIFICATE = 42, 590 GNUTLS_A_UNSUPPORTED_CERTIFICATE, 591 GNUTLS_A_CERTIFICATE_REVOKED, 592 GNUTLS_A_CERTIFICATE_EXPIRED, 593 GNUTLS_A_CERTIFICATE_UNKNOWN, 594 GNUTLS_A_ILLEGAL_PARAMETER, 595 GNUTLS_A_UNKNOWN_CA, 596 GNUTLS_A_ACCESS_DENIED, 597 GNUTLS_A_DECODE_ERROR = 50, 598 GNUTLS_A_DECRYPT_ERROR, 599 GNUTLS_A_EXPORT_RESTRICTION = 60, 600 GNUTLS_A_PROTOCOL_VERSION = 70, 601 GNUTLS_A_INSUFFICIENT_SECURITY, 602 GNUTLS_A_INTERNAL_ERROR = 80, 603 GNUTLS_A_INAPPROPRIATE_FALLBACK = 86, 604 GNUTLS_A_USER_CANCELED = 90, 605 GNUTLS_A_NO_RENEGOTIATION = 100, 606 GNUTLS_A_MISSING_EXTENSION = 109, 607 GNUTLS_A_UNSUPPORTED_EXTENSION = 110, 608 GNUTLS_A_CERTIFICATE_UNOBTAINABLE = 111, 609 GNUTLS_A_UNRECOGNIZED_NAME = 112, 610 GNUTLS_A_UNKNOWN_PSK_IDENTITY = 115, 611 GNUTLS_A_CERTIFICATE_REQUIRED = 116, 612 GNUTLS_A_NO_APPLICATION_PROTOCOL = 120, 613 GNUTLS_A_MAX = GNUTLS_A_NO_APPLICATION_PROTOCOL 614} gnutls_alert_description_t; 615 616/** 617 * gnutls_handshake_description_t: 618 * @GNUTLS_HANDSHAKE_HELLO_REQUEST: Hello request. 619 * @GNUTLS_HANDSHAKE_HELLO_VERIFY_REQUEST: DTLS Hello verify request. 620 * @GNUTLS_HANDSHAKE_CLIENT_HELLO: Client hello. 621 * @GNUTLS_HANDSHAKE_SERVER_HELLO: Server hello. 622 * @GNUTLS_HANDSHAKE_END_OF_EARLY_DATA: End of early data. 623 * @GNUTLS_HANDSHAKE_HELLO_RETRY_REQUEST: Hello retry request. 624 * @GNUTLS_HANDSHAKE_NEW_SESSION_TICKET: New session ticket. 625 * @GNUTLS_HANDSHAKE_CERTIFICATE_PKT: Certificate packet. 626 * @GNUTLS_HANDSHAKE_SERVER_KEY_EXCHANGE: Server key exchange. 627 * @GNUTLS_HANDSHAKE_CERTIFICATE_REQUEST: Certificate request. 628 * @GNUTLS_HANDSHAKE_SERVER_HELLO_DONE: Server hello done. 629 * @GNUTLS_HANDSHAKE_CERTIFICATE_VERIFY: Certificate verify. 630 * @GNUTLS_HANDSHAKE_CLIENT_KEY_EXCHANGE: Client key exchange. 631 * @GNUTLS_HANDSHAKE_FINISHED: Finished. 632 * @GNUTLS_HANDSHAKE_CERTIFICATE_STATUS: Certificate status (OCSP). 633 * @GNUTLS_HANDSHAKE_KEY_UPDATE: TLS1.3 key update message. 634 * @GNUTLS_HANDSHAKE_SUPPLEMENTAL: Supplemental. 635 * @GNUTLS_HANDSHAKE_CHANGE_CIPHER_SPEC: Change Cipher Spec. 636 * @GNUTLS_HANDSHAKE_CLIENT_HELLO_V2: SSLv2 Client Hello. 637 * @GNUTLS_HANDSHAKE_ENCRYPTED_EXTENSIONS: Encrypted extensions message. 638 * 639 * Enumeration of different TLS handshake packets. 640 */ 641typedef enum { 642 GNUTLS_HANDSHAKE_HELLO_REQUEST = 0, 643 GNUTLS_HANDSHAKE_CLIENT_HELLO = 1, 644 GNUTLS_HANDSHAKE_SERVER_HELLO = 2, 645 GNUTLS_HANDSHAKE_HELLO_VERIFY_REQUEST = 3, 646 GNUTLS_HANDSHAKE_NEW_SESSION_TICKET = 4, 647 GNUTLS_HANDSHAKE_END_OF_EARLY_DATA = 5, 648 GNUTLS_HANDSHAKE_ENCRYPTED_EXTENSIONS = 8, 649 GNUTLS_HANDSHAKE_CERTIFICATE_PKT = 11, 650 GNUTLS_HANDSHAKE_SERVER_KEY_EXCHANGE = 12, 651 GNUTLS_HANDSHAKE_CERTIFICATE_REQUEST = 13, 652 GNUTLS_HANDSHAKE_SERVER_HELLO_DONE = 14, 653 GNUTLS_HANDSHAKE_CERTIFICATE_VERIFY = 15, 654 GNUTLS_HANDSHAKE_CLIENT_KEY_EXCHANGE = 16, 655 GNUTLS_HANDSHAKE_FINISHED = 20, 656 GNUTLS_HANDSHAKE_CERTIFICATE_STATUS = 22, 657 GNUTLS_HANDSHAKE_SUPPLEMENTAL = 23, 658 GNUTLS_HANDSHAKE_KEY_UPDATE = 24, 659 GNUTLS_HANDSHAKE_CHANGE_CIPHER_SPEC = 254, 660 GNUTLS_HANDSHAKE_CLIENT_HELLO_V2 = 1024, 661 GNUTLS_HANDSHAKE_HELLO_RETRY_REQUEST = 1025, 662} gnutls_handshake_description_t; 663 664#define GNUTLS_HANDSHAKE_ANY ((unsigned int)-1) 665 666const char 667 *gnutls_handshake_description_get_name(gnutls_handshake_description_t 668 type); 669 670/** 671 * gnutls_certificate_status_t: 672 * @GNUTLS_CERT_INVALID: The certificate is not signed by one of the 673 * known authorities or the signature is invalid (deprecated by the flags 674 * %GNUTLS_CERT_SIGNATURE_FAILURE and %GNUTLS_CERT_SIGNER_NOT_FOUND). 675 * @GNUTLS_CERT_SIGNATURE_FAILURE: The signature verification failed. 676 * @GNUTLS_CERT_REVOKED: Certificate is revoked by its authority. In X.509 this will be 677 * set only if CRLs are checked. 678 * @GNUTLS_CERT_SIGNER_NOT_FOUND: The certificate's issuer is not known. 679 * This is the case if the issuer is not included in the trusted certificate list. 680 * @GNUTLS_CERT_SIGNER_NOT_CA: The certificate's signer was not a CA. This 681 * may happen if this was a version 1 certificate, which is common with 682 * some CAs, or a version 3 certificate without the basic constrains extension. 683 * @GNUTLS_CERT_SIGNER_CONSTRAINTS_FAILURE: The certificate's signer constraints were 684 * violated. 685 * @GNUTLS_CERT_INSECURE_ALGORITHM: The certificate was signed using an insecure 686 * algorithm such as MD2 or MD5. These algorithms have been broken and 687 * should not be trusted. 688 * @GNUTLS_CERT_NOT_ACTIVATED: The certificate is not yet activated. 689 * @GNUTLS_CERT_EXPIRED: The certificate has expired. 690 * @GNUTLS_CERT_REVOCATION_DATA_SUPERSEDED: The revocation data are old and have been superseded. 691 * @GNUTLS_CERT_REVOCATION_DATA_ISSUED_IN_FUTURE: The revocation data have a future issue date. 692 * @GNUTLS_CERT_UNEXPECTED_OWNER: The owner is not the expected one. 693 * @GNUTLS_CERT_MISMATCH: The certificate presented isn't the expected one (TOFU) 694 * @GNUTLS_CERT_PURPOSE_MISMATCH: The certificate or an intermediate does not match the intended purpose (extended key usage). 695 * @GNUTLS_CERT_MISSING_OCSP_STATUS: The certificate requires the server to send the certifiate status, but no status was received. 696 * @GNUTLS_CERT_INVALID_OCSP_STATUS: The received OCSP status response is invalid. 697 * @GNUTLS_CERT_UNKNOWN_CRIT_EXTENSIONS: The certificate has extensions marked as critical which are not supported. 698 * 699 * Enumeration of certificate status codes. Note that the status 700 * bits may have different meanings in OpenPGP keys and X.509 701 * certificate verification. 702 */ 703typedef enum { 704 GNUTLS_CERT_INVALID = 1 << 1, 705 GNUTLS_CERT_REVOKED = 1 << 5, 706 GNUTLS_CERT_SIGNER_NOT_FOUND = 1 << 6, 707 GNUTLS_CERT_SIGNER_NOT_CA = 1 << 7, 708 GNUTLS_CERT_INSECURE_ALGORITHM = 1 << 8, 709 GNUTLS_CERT_NOT_ACTIVATED = 1 << 9, 710 GNUTLS_CERT_EXPIRED = 1 << 10, 711 GNUTLS_CERT_SIGNATURE_FAILURE = 1 << 11, 712 GNUTLS_CERT_REVOCATION_DATA_SUPERSEDED = 1 << 12, 713 GNUTLS_CERT_UNEXPECTED_OWNER = 1 << 14, 714 GNUTLS_CERT_REVOCATION_DATA_ISSUED_IN_FUTURE = 1 << 15, 715 GNUTLS_CERT_SIGNER_CONSTRAINTS_FAILURE = 1 << 16, 716 GNUTLS_CERT_MISMATCH = 1 << 17, 717 GNUTLS_CERT_PURPOSE_MISMATCH = 1 << 18, 718 GNUTLS_CERT_MISSING_OCSP_STATUS = 1 << 19, 719 GNUTLS_CERT_INVALID_OCSP_STATUS = 1 << 20, 720 GNUTLS_CERT_UNKNOWN_CRIT_EXTENSIONS = 1 << 21 721} gnutls_certificate_status_t; 722 723/** 724 * gnutls_certificate_request_t: 725 * @GNUTLS_CERT_IGNORE: Ignore certificate. 726 * @GNUTLS_CERT_REQUEST: Request certificate. 727 * @GNUTLS_CERT_REQUIRE: Require certificate. 728 * 729 * Enumeration of certificate request types. 730 */ 731typedef enum { 732 GNUTLS_CERT_IGNORE = 0, 733 GNUTLS_CERT_REQUEST = 1, 734 GNUTLS_CERT_REQUIRE = 2 735} gnutls_certificate_request_t; 736 737/** 738 * gnutls_openpgp_crt_status_t: 739 * @GNUTLS_OPENPGP_CERT: Send entire certificate. 740 * @GNUTLS_OPENPGP_CERT_FINGERPRINT: Send only certificate fingerprint. 741 * 742 * Enumeration of ways to send OpenPGP certificate. 743 */ 744typedef enum { 745 GNUTLS_OPENPGP_CERT = 0, 746 GNUTLS_OPENPGP_CERT_FINGERPRINT = 1 747} gnutls_openpgp_crt_status_t; 748 749/** 750 * gnutls_close_request_t: 751 * @GNUTLS_SHUT_RDWR: Disallow further receives/sends. 752 * @GNUTLS_SHUT_WR: Disallow further sends. 753 * 754 * Enumeration of how TLS session should be terminated. See gnutls_bye(). 755 */ 756typedef enum { 757 GNUTLS_SHUT_RDWR = 0, 758 GNUTLS_SHUT_WR = 1 759} gnutls_close_request_t; 760 761/** 762 * gnutls_protocol_t: 763 * @GNUTLS_SSL3: SSL version 3.0. 764 * @GNUTLS_TLS1_0: TLS version 1.0. 765 * @GNUTLS_TLS1: Same as %GNUTLS_TLS1_0. 766 * @GNUTLS_TLS1_1: TLS version 1.1. 767 * @GNUTLS_TLS1_2: TLS version 1.2. 768 * @GNUTLS_TLS1_3: TLS version 1.3. 769 * @GNUTLS_DTLS1_0: DTLS version 1.0. 770 * @GNUTLS_DTLS1_2: DTLS version 1.2. 771 * @GNUTLS_DTLS0_9: DTLS version 0.9 (Cisco AnyConnect / OpenSSL 0.9.8e). 772 * @GNUTLS_TLS_VERSION_MAX: Maps to the highest supported TLS version. 773 * @GNUTLS_DTLS_VERSION_MAX: Maps to the highest supported DTLS version. 774 * @GNUTLS_VERSION_UNKNOWN: Unknown SSL/TLS version. 775 * 776 * Enumeration of different SSL/TLS protocol versions. 777 */ 778typedef enum { 779 GNUTLS_SSL3 = 1, 780 GNUTLS_TLS1_0 = 2, 781 GNUTLS_TLS1 = GNUTLS_TLS1_0, 782 GNUTLS_TLS1_1 = 3, 783 GNUTLS_TLS1_2 = 4, 784 GNUTLS_TLS1_3 = 5, 785 786 GNUTLS_DTLS0_9 = 200, 787 GNUTLS_DTLS1_0 = 201, /* 201 */ 788 GNUTLS_DTLS1_2 = 202, 789 GNUTLS_DTLS_VERSION_MIN = GNUTLS_DTLS0_9, 790 GNUTLS_DTLS_VERSION_MAX = GNUTLS_DTLS1_2, 791 GNUTLS_TLS_VERSION_MAX = GNUTLS_TLS1_3, 792 GNUTLS_VERSION_UNKNOWN = 0xff /* change it to 0xffff */ 793} gnutls_protocol_t; 794 795#define GNUTLS_CRT_RAW GNUTLS_CRT_RAWPK 796 797/** 798 * gnutls_certificate_type_t: 799 * @GNUTLS_CRT_UNKNOWN: Unknown certificate type. 800 * @GNUTLS_CRT_X509: X.509 Certificate. 801 * @GNUTLS_CRT_OPENPGP: OpenPGP certificate. 802 * @GNUTLS_CRT_RAWPK: Raw public-key (SubjectPublicKeyInfo) 803 * 804 * Enumeration of different certificate types. 805 */ 806typedef enum { 807 GNUTLS_CRT_UNKNOWN = 0, 808 GNUTLS_CRT_X509 = 1, 809 GNUTLS_CRT_OPENPGP = 2, 810 GNUTLS_CRT_RAWPK = 3, 811 GNUTLS_CRT_MAX = GNUTLS_CRT_RAWPK 812} gnutls_certificate_type_t; 813 814/** 815 * gnutls_x509_crt_fmt_t: 816 * @GNUTLS_X509_FMT_DER: X.509 certificate in DER format (binary). 817 * @GNUTLS_X509_FMT_PEM: X.509 certificate in PEM format (text). 818 * 819 * Enumeration of different certificate encoding formats. 820 */ 821typedef enum { 822 GNUTLS_X509_FMT_DER = 0, 823 GNUTLS_X509_FMT_PEM = 1 824} gnutls_x509_crt_fmt_t; 825 826/** 827 * gnutls_certificate_print_formats_t: 828 * @GNUTLS_CRT_PRINT_FULL: Full information about certificate. 829 * @GNUTLS_CRT_PRINT_FULL_NUMBERS: Full information about certificate and include easy to parse public key parameters. 830 * @GNUTLS_CRT_PRINT_COMPACT: Information about certificate name in one line, plus identification of the public key. 831 * @GNUTLS_CRT_PRINT_ONELINE: Information about certificate in one line. 832 * @GNUTLS_CRT_PRINT_UNSIGNED_FULL: All info for an unsigned certificate. 833 * 834 * Enumeration of different certificate printing variants. 835 */ 836typedef enum gnutls_certificate_print_formats { 837 GNUTLS_CRT_PRINT_FULL = 0, 838 GNUTLS_CRT_PRINT_ONELINE = 1, 839 GNUTLS_CRT_PRINT_UNSIGNED_FULL = 2, 840 GNUTLS_CRT_PRINT_COMPACT = 3, 841 GNUTLS_CRT_PRINT_FULL_NUMBERS = 4 842} gnutls_certificate_print_formats_t; 843 844#define GNUTLS_PK_ECC GNUTLS_PK_ECDSA 845#define GNUTLS_PK_EC GNUTLS_PK_ECDSA 846 847#define GNUTLS_PK_ECDHX GNUTLS_PK_ECDH_X25519 848/** 849 * gnutls_pk_algorithm_t: 850 * @GNUTLS_PK_UNKNOWN: Unknown public-key algorithm. 851 * @GNUTLS_PK_RSA: RSA public-key algorithm. 852 * @GNUTLS_PK_RSA_PSS: RSA public-key algorithm, with PSS padding. 853 * @GNUTLS_PK_DSA: DSA public-key algorithm. 854 * @GNUTLS_PK_DH: Diffie-Hellman algorithm. Used to generate parameters. 855 * @GNUTLS_PK_ECDSA: Elliptic curve algorithm. These parameters are compatible with the ECDSA and ECDH algorithm. 856 * @GNUTLS_PK_ECDH_X25519: Elliptic curve algorithm, restricted to ECDH as per rfc7748. 857 * @GNUTLS_PK_EDDSA_ED25519: Edwards curve Digital signature algorithm. Used with SHA512 on signatures. 858 * @GNUTLS_PK_GOST_01: GOST R 34.10-2001 algorithm per rfc5832. 859 * @GNUTLS_PK_GOST_12_256: GOST R 34.10-2012 algorithm, 256-bit key per rfc7091. 860 * @GNUTLS_PK_GOST_12_512: GOST R 34.10-2012 algorithm, 512-bit key per rfc7091. 861 * @GNUTLS_PK_ECDH_X448: Elliptic curve algorithm, restricted to ECDH as per rfc7748. 862 * @GNUTLS_PK_EDDSA_ED448: Edwards curve Digital signature algorithm. Used with SHAKE256 on signatures. 863 * 864 * Enumeration of different public-key algorithms. 865 */ 866typedef enum { 867 GNUTLS_PK_UNKNOWN = 0, 868 GNUTLS_PK_RSA = 1, 869 GNUTLS_PK_DSA = 2, 870 GNUTLS_PK_DH = 3, 871 GNUTLS_PK_ECDSA = 4, 872 GNUTLS_PK_ECDH_X25519 = 5, 873 GNUTLS_PK_RSA_PSS = 6, 874 GNUTLS_PK_EDDSA_ED25519 = 7, 875 GNUTLS_PK_GOST_01 = 8, 876 GNUTLS_PK_GOST_12_256 = 9, 877 GNUTLS_PK_GOST_12_512 = 10, 878 GNUTLS_PK_ECDH_X448 = 11, 879 GNUTLS_PK_EDDSA_ED448 = 12, 880 GNUTLS_PK_MAX = GNUTLS_PK_EDDSA_ED448 881} gnutls_pk_algorithm_t; 882 883 884const char *gnutls_pk_algorithm_get_name(gnutls_pk_algorithm_t algorithm); 885 886/** 887 * gnutls_sign_algorithm_t: 888 * @GNUTLS_SIGN_UNKNOWN: Unknown signature algorithm. 889 * @GNUTLS_SIGN_RSA_RAW: Digital signature algorithm RSA with DigestInfo formatted data 890 * @GNUTLS_SIGN_RSA_SHA1: Digital signature algorithm RSA with SHA-1 891 * @GNUTLS_SIGN_RSA_SHA: Same as %GNUTLS_SIGN_RSA_SHA1. 892 * @GNUTLS_SIGN_DSA_SHA1: Digital signature algorithm DSA with SHA-1 893 * @GNUTLS_SIGN_DSA_SHA224: Digital signature algorithm DSA with SHA-224 894 * @GNUTLS_SIGN_DSA_SHA256: Digital signature algorithm DSA with SHA-256 895 * @GNUTLS_SIGN_DSA_SHA384: Digital signature algorithm DSA with SHA-384 896 * @GNUTLS_SIGN_DSA_SHA512: Digital signature algorithm DSA with SHA-512 897 * @GNUTLS_SIGN_DSA_SHA: Same as %GNUTLS_SIGN_DSA_SHA1. 898 * @GNUTLS_SIGN_RSA_MD5: Digital signature algorithm RSA with MD5. 899 * @GNUTLS_SIGN_RSA_MD2: Digital signature algorithm RSA with MD2. 900 * @GNUTLS_SIGN_RSA_RMD160: Digital signature algorithm RSA with RMD-160. 901 * @GNUTLS_SIGN_RSA_SHA256: Digital signature algorithm RSA with SHA-256. 902 * @GNUTLS_SIGN_RSA_SHA384: Digital signature algorithm RSA with SHA-384. 903 * @GNUTLS_SIGN_RSA_SHA512: Digital signature algorithm RSA with SHA-512. 904 * @GNUTLS_SIGN_RSA_SHA224: Digital signature algorithm RSA with SHA-224. 905 * @GNUTLS_SIGN_ECDSA_SHA1: ECDSA with SHA1. 906 * @GNUTLS_SIGN_ECDSA_SHA224: Digital signature algorithm ECDSA with SHA-224. 907 * @GNUTLS_SIGN_ECDSA_SHA256: Digital signature algorithm ECDSA with SHA-256. 908 * @GNUTLS_SIGN_ECDSA_SHA384: Digital signature algorithm ECDSA with SHA-384. 909 * @GNUTLS_SIGN_ECDSA_SHA512: Digital signature algorithm ECDSA with SHA-512. 910 * @GNUTLS_SIGN_ECDSA_SECP256R1_SHA256: Digital signature algorithm ECDSA-SECP256R1 with SHA-256 (used in TLS 1.3 but not PKIX). 911 * @GNUTLS_SIGN_ECDSA_SECP384R1_SHA384: Digital signature algorithm ECDSA-SECP384R1 with SHA-384 (used in TLS 1.3 but not PKIX). 912 * @GNUTLS_SIGN_ECDSA_SECP521R1_SHA512: Digital signature algorithm ECDSA-SECP521R1 with SHA-512 (used in TLS 1.3 but not PKIX). 913 * @GNUTLS_SIGN_ECDSA_SHA3_224: Digital signature algorithm ECDSA with SHA3-224. 914 * @GNUTLS_SIGN_ECDSA_SHA3_256: Digital signature algorithm ECDSA with SHA3-256. 915 * @GNUTLS_SIGN_ECDSA_SHA3_384: Digital signature algorithm ECDSA with SHA3-384. 916 * @GNUTLS_SIGN_ECDSA_SHA3_512: Digital signature algorithm ECDSA with SHA3-512. 917 * @GNUTLS_SIGN_DSA_SHA3_224: Digital signature algorithm DSA with SHA3-224. 918 * @GNUTLS_SIGN_DSA_SHA3_256: Digital signature algorithm DSA with SHA3-256. 919 * @GNUTLS_SIGN_DSA_SHA3_384: Digital signature algorithm DSA with SHA3-384. 920 * @GNUTLS_SIGN_DSA_SHA3_512: Digital signature algorithm DSA with SHA3-512. 921 * @GNUTLS_SIGN_RSA_SHA3_224: Digital signature algorithm RSA with SHA3-224. 922 * @GNUTLS_SIGN_RSA_SHA3_256: Digital signature algorithm RSA with SHA3-256. 923 * @GNUTLS_SIGN_RSA_SHA3_384: Digital signature algorithm RSA with SHA3-384. 924 * @GNUTLS_SIGN_RSA_SHA3_512: Digital signature algorithm RSA with SHA3-512. 925 * @GNUTLS_SIGN_RSA_PSS_RSAE_SHA256: Digital signature algorithm RSA with SHA-256, 926 * with PSS padding (RSA PKCS#1 1.5 certificate). This signature is identical 927 * to #GNUTLS_SIGN_RSA_PSS_SHA256, but they are distinct as the TLS1.3 protocol 928 * treats them differently. 929 * @GNUTLS_SIGN_RSA_PSS_RSAE_SHA384: Digital signature algorithm RSA with SHA-384, 930 * with PSS padding (RSA PKCS#1 1.5 certificate). This signature is identical 931 * to #GNUTLS_SIGN_RSA_PSS_SHA384, but they are distinct as the TLS1.3 protocol 932 * treats them differently. 933 * @GNUTLS_SIGN_RSA_PSS_RSAE_SHA512: Digital signature algorithm RSA with SHA-512, 934 * with PSS padding (RSA PKCS#1 1.5 certificate). This signature is identical 935 * to #GNUTLS_SIGN_RSA_PSS_SHA512, but they are distinct as the TLS1.3 protocol 936 * treats them differently. 937 * @GNUTLS_SIGN_RSA_PSS_SHA256: Digital signature algorithm RSA with SHA-256, with PSS padding (RSA-PSS certificate). 938 * @GNUTLS_SIGN_RSA_PSS_SHA384: Digital signature algorithm RSA with SHA-384, with PSS padding (RSA-PSS certificate). 939 * @GNUTLS_SIGN_RSA_PSS_SHA512: Digital signature algorithm RSA with SHA-512, with PSS padding (RSA-PSS certificate). 940 * @GNUTLS_SIGN_EDDSA_ED25519: Digital signature algorithm EdDSA with Ed25519 curve. 941 * @GNUTLS_SIGN_GOST_94: Digital signature algorithm GOST R 34.10-2001 with GOST R 34.11-94 942 * @GNUTLS_SIGN_GOST_256: Digital signature algorithm GOST R 34.10-2012 with GOST R 34.11-2012 256 bit 943 * @GNUTLS_SIGN_GOST_512: Digital signature algorithm GOST R 34.10-2012 with GOST R 34.11-2012 512 bit 944 * @GNUTLS_SIGN_EDDSA_ED448: Digital signature algorithm EdDSA with Ed448 curve. 945 * 946 * Enumeration of different digital signature algorithms. 947 */ 948typedef enum { 949 GNUTLS_SIGN_UNKNOWN = 0, 950 GNUTLS_SIGN_RSA_SHA1 = 1, 951 GNUTLS_SIGN_RSA_SHA = GNUTLS_SIGN_RSA_SHA1, 952 GNUTLS_SIGN_DSA_SHA1 = 2, 953 GNUTLS_SIGN_DSA_SHA = GNUTLS_SIGN_DSA_SHA1, 954 GNUTLS_SIGN_RSA_MD5 = 3, 955 GNUTLS_SIGN_RSA_MD2 = 4, 956 GNUTLS_SIGN_RSA_RMD160 = 5, 957 GNUTLS_SIGN_RSA_SHA256 = 6, 958 GNUTLS_SIGN_RSA_SHA384 = 7, 959 GNUTLS_SIGN_RSA_SHA512 = 8, 960 GNUTLS_SIGN_RSA_SHA224 = 9, 961 GNUTLS_SIGN_DSA_SHA224 = 10, 962 GNUTLS_SIGN_DSA_SHA256 = 11, 963 GNUTLS_SIGN_ECDSA_SHA1 = 12, 964 GNUTLS_SIGN_ECDSA_SHA224 = 13, 965 GNUTLS_SIGN_ECDSA_SHA256 = 14, 966 GNUTLS_SIGN_ECDSA_SHA384 = 15, 967 GNUTLS_SIGN_ECDSA_SHA512 = 16, 968 GNUTLS_SIGN_DSA_SHA384 = 17, 969 GNUTLS_SIGN_DSA_SHA512 = 18, 970 GNUTLS_SIGN_ECDSA_SHA3_224 = 20, 971 GNUTLS_SIGN_ECDSA_SHA3_256 = 21, 972 GNUTLS_SIGN_ECDSA_SHA3_384 = 22, 973 GNUTLS_SIGN_ECDSA_SHA3_512 = 23, 974 975 GNUTLS_SIGN_DSA_SHA3_224 = 24, 976 GNUTLS_SIGN_DSA_SHA3_256 = 25, 977 GNUTLS_SIGN_DSA_SHA3_384 = 26, 978 GNUTLS_SIGN_DSA_SHA3_512 = 27, 979 GNUTLS_SIGN_RSA_SHA3_224 = 28, 980 GNUTLS_SIGN_RSA_SHA3_256 = 29, 981 GNUTLS_SIGN_RSA_SHA3_384 = 30, 982 GNUTLS_SIGN_RSA_SHA3_512 = 31, 983 984 GNUTLS_SIGN_RSA_PSS_SHA256 = 32, 985 GNUTLS_SIGN_RSA_PSS_SHA384 = 33, 986 GNUTLS_SIGN_RSA_PSS_SHA512 = 34, 987 GNUTLS_SIGN_EDDSA_ED25519 = 35, 988 GNUTLS_SIGN_RSA_RAW = 36, 989 990 GNUTLS_SIGN_ECDSA_SECP256R1_SHA256 = 37, 991 GNUTLS_SIGN_ECDSA_SECP384R1_SHA384 = 38, 992 GNUTLS_SIGN_ECDSA_SECP521R1_SHA512 = 39, 993 994 GNUTLS_SIGN_RSA_PSS_RSAE_SHA256 = 40, 995 GNUTLS_SIGN_RSA_PSS_RSAE_SHA384 = 41, 996 GNUTLS_SIGN_RSA_PSS_RSAE_SHA512 = 42, 997 998 GNUTLS_SIGN_GOST_94 = 43, 999 GNUTLS_SIGN_GOST_256 = 44, 1000 GNUTLS_SIGN_GOST_512 = 45, 1001 GNUTLS_SIGN_EDDSA_ED448 = 46, 1002 GNUTLS_SIGN_MAX = GNUTLS_SIGN_EDDSA_ED448 1003} gnutls_sign_algorithm_t; 1004 1005/** 1006 * gnutls_ecc_curve_t: 1007 * @GNUTLS_ECC_CURVE_INVALID: Cannot be known 1008 * @GNUTLS_ECC_CURVE_SECP192R1: the SECP192R1 curve 1009 * @GNUTLS_ECC_CURVE_SECP224R1: the SECP224R1 curve 1010 * @GNUTLS_ECC_CURVE_SECP256R1: the SECP256R1 curve 1011 * @GNUTLS_ECC_CURVE_SECP384R1: the SECP384R1 curve 1012 * @GNUTLS_ECC_CURVE_SECP521R1: the SECP521R1 curve 1013 * @GNUTLS_ECC_CURVE_X25519: the X25519 curve (ECDH only) 1014 * @GNUTLS_ECC_CURVE_ED25519: the Ed25519 curve 1015 * @GNUTLS_ECC_CURVE_GOST256CPA: GOST R 34.10 CryptoPro 256 A curve 1016 * @GNUTLS_ECC_CURVE_GOST256CPB: GOST R 34.10 CryptoPro 256 B curve 1017 * @GNUTLS_ECC_CURVE_GOST256CPC: GOST R 34.10 CryptoPro 256 C curve 1018 * @GNUTLS_ECC_CURVE_GOST256CPXA: GOST R 34.10 CryptoPro 256 XchA curve 1019 * @GNUTLS_ECC_CURVE_GOST256CPXB: GOST R 34.10 CryptoPro 256 XchB curve 1020 * @GNUTLS_ECC_CURVE_GOST512A: GOST R 34.10 TC26 512 A curve 1021 * @GNUTLS_ECC_CURVE_GOST512B: GOST R 34.10 TC26 512 B curve 1022 * @GNUTLS_ECC_CURVE_GOST512C: GOST R 34.10 TC26 512 C curve 1023 * @GNUTLS_ECC_CURVE_GOST256A: GOST R 34.10 TC26 256 A curve 1024 * @GNUTLS_ECC_CURVE_GOST256B: GOST R 34.10 TC26 256 B curve 1025 * @GNUTLS_ECC_CURVE_GOST256C: GOST R 34.10 TC26 256 C curve 1026 * @GNUTLS_ECC_CURVE_GOST256D: GOST R 34.10 TC26 256 D curve 1027 * @GNUTLS_ECC_CURVE_X448: the X448 curve (ECDH only) 1028 * @GNUTLS_ECC_CURVE_ED448: the Ed448 curve 1029 * 1030 * Enumeration of ECC curves. 1031 */ 1032typedef enum { 1033 GNUTLS_ECC_CURVE_INVALID = 0, 1034 GNUTLS_ECC_CURVE_SECP224R1, 1035 GNUTLS_ECC_CURVE_SECP256R1, 1036 GNUTLS_ECC_CURVE_SECP384R1, 1037 GNUTLS_ECC_CURVE_SECP521R1, 1038 GNUTLS_ECC_CURVE_SECP192R1, 1039 GNUTLS_ECC_CURVE_X25519, 1040 GNUTLS_ECC_CURVE_ED25519, 1041 GNUTLS_ECC_CURVE_GOST256CPA, 1042 GNUTLS_ECC_CURVE_GOST256CPB, 1043 GNUTLS_ECC_CURVE_GOST256CPC, 1044 GNUTLS_ECC_CURVE_GOST256CPXA, 1045 GNUTLS_ECC_CURVE_GOST256CPXB, 1046 GNUTLS_ECC_CURVE_GOST512A, 1047 GNUTLS_ECC_CURVE_GOST512B, 1048 GNUTLS_ECC_CURVE_GOST512C, 1049 GNUTLS_ECC_CURVE_GOST256A, 1050 GNUTLS_ECC_CURVE_GOST256B, 1051 GNUTLS_ECC_CURVE_GOST256C, 1052 GNUTLS_ECC_CURVE_GOST256D, 1053 GNUTLS_ECC_CURVE_X448, 1054 GNUTLS_ECC_CURVE_ED448, 1055 GNUTLS_ECC_CURVE_MAX = GNUTLS_ECC_CURVE_ED448 1056} gnutls_ecc_curve_t; 1057 1058/** 1059 * gnutls_group_t: 1060 * @GNUTLS_GROUP_INVALID: Indicates unknown/invalid group 1061 * @GNUTLS_GROUP_SECP192R1: the SECP192R1 curve group (legacy, only for TLS 1.2 compatibility) 1062 * @GNUTLS_GROUP_SECP224R1: the SECP224R1 curve group (legacy, only for TLS 1.2 compatibility) 1063 * @GNUTLS_GROUP_SECP256R1: the SECP256R1 curve group 1064 * @GNUTLS_GROUP_SECP384R1: the SECP384R1 curve group 1065 * @GNUTLS_GROUP_SECP521R1: the SECP521R1 curve group 1066 * @GNUTLS_GROUP_X25519: the X25519 curve group 1067 * @GNUTLS_GROUP_GC256A: the GOST R 34.10 TC26 256 A curve group 1068 * @GNUTLS_GROUP_GC256B: the GOST R 34.10 TC26 256 B curve group 1069 * @GNUTLS_GROUP_GC256C: the GOST R 34.10 TC26 256 C curve group 1070 * @GNUTLS_GROUP_GC256D: the GOST R 34.10 TC26 256 D curve group 1071 * @GNUTLS_GROUP_GC512A: the GOST R 34.10 TC26 512 A curve group 1072 * @GNUTLS_GROUP_GC512B: the GOST R 34.10 TC26 512 B curve group 1073 * @GNUTLS_GROUP_GC512C: the GOST R 34.10 TC26 512 C curve group 1074 * @GNUTLS_GROUP_FFDHE2048: the FFDHE2048 group 1075 * @GNUTLS_GROUP_FFDHE3072: the FFDHE3072 group 1076 * @GNUTLS_GROUP_FFDHE4096: the FFDHE4096 group 1077 * @GNUTLS_GROUP_FFDHE6144: the FFDHE6144 group 1078 * @GNUTLS_GROUP_FFDHE8192: the FFDHE8192 group 1079 * @GNUTLS_GROUP_X448: the X448 curve group 1080 * 1081 * Enumeration of supported groups. It is intended to be backwards 1082 * compatible with the enumerations in %gnutls_ecc_curve_t for the groups 1083 * which are valid elliptic curves. 1084 */ 1085typedef enum { 1086 GNUTLS_GROUP_INVALID = 0, 1087 GNUTLS_GROUP_SECP192R1 = GNUTLS_ECC_CURVE_SECP192R1, 1088 GNUTLS_GROUP_SECP224R1 = GNUTLS_ECC_CURVE_SECP224R1, 1089 GNUTLS_GROUP_SECP256R1 = GNUTLS_ECC_CURVE_SECP256R1, 1090 GNUTLS_GROUP_SECP384R1 = GNUTLS_ECC_CURVE_SECP384R1, 1091 GNUTLS_GROUP_SECP521R1 = GNUTLS_ECC_CURVE_SECP521R1, 1092 GNUTLS_GROUP_X25519 = GNUTLS_ECC_CURVE_X25519, 1093 GNUTLS_GROUP_X448 = GNUTLS_ECC_CURVE_X448, 1094 1095 GNUTLS_GROUP_GC256A = GNUTLS_ECC_CURVE_GOST256A, 1096 GNUTLS_GROUP_GC256B = GNUTLS_ECC_CURVE_GOST256B, 1097 GNUTLS_GROUP_GC256C = GNUTLS_ECC_CURVE_GOST256C, 1098 GNUTLS_GROUP_GC256D = GNUTLS_ECC_CURVE_GOST256D, 1099 GNUTLS_GROUP_GC512A = GNUTLS_ECC_CURVE_GOST512A, 1100 GNUTLS_GROUP_GC512B = GNUTLS_ECC_CURVE_GOST512B, 1101 GNUTLS_GROUP_GC512C = GNUTLS_ECC_CURVE_GOST512C, 1102 1103 GNUTLS_GROUP_FFDHE2048 = 256, 1104 GNUTLS_GROUP_FFDHE3072, 1105 GNUTLS_GROUP_FFDHE4096, 1106 GNUTLS_GROUP_FFDHE8192, 1107 GNUTLS_GROUP_FFDHE6144, 1108 GNUTLS_GROUP_MAX = GNUTLS_GROUP_FFDHE6144, 1109} gnutls_group_t; 1110 1111/* macros to allow specifying a specific curve in gnutls_privkey_generate() 1112 * and gnutls_x509_privkey_generate() */ 1113#define GNUTLS_CURVE_TO_BITS(curve) (unsigned int)(((unsigned int)1<<31)|((unsigned int)(curve))) 1114#define GNUTLS_BITS_TO_CURVE(bits) (((unsigned int)(bits)) & 0x7FFFFFFF) 1115#define GNUTLS_BITS_ARE_CURVE(bits) (((unsigned int)(bits)) & 0x80000000) 1116 1117/** 1118 * gnutls_sec_param_t: 1119 * @GNUTLS_SEC_PARAM_UNKNOWN: Cannot be known 1120 * @GNUTLS_SEC_PARAM_INSECURE: Less than 42 bits of security 1121 * @GNUTLS_SEC_PARAM_EXPORT: 42 bits of security 1122 * @GNUTLS_SEC_PARAM_VERY_WEAK: 64 bits of security 1123 * @GNUTLS_SEC_PARAM_WEAK: 72 bits of security 1124 * @GNUTLS_SEC_PARAM_LOW: 80 bits of security 1125 * @GNUTLS_SEC_PARAM_LEGACY: 96 bits of security 1126 * @GNUTLS_SEC_PARAM_MEDIUM: 112 bits of security (used to be %GNUTLS_SEC_PARAM_NORMAL) 1127 * @GNUTLS_SEC_PARAM_HIGH: 128 bits of security 1128 * @GNUTLS_SEC_PARAM_ULTRA: 192 bits of security 1129 * @GNUTLS_SEC_PARAM_FUTURE: 256 bits of security 1130 * 1131 * Enumeration of security parameters for passive attacks. 1132 */ 1133typedef enum { 1134 GNUTLS_SEC_PARAM_UNKNOWN = 0, 1135 GNUTLS_SEC_PARAM_INSECURE = 5, 1136 GNUTLS_SEC_PARAM_EXPORT = 10, 1137 GNUTLS_SEC_PARAM_VERY_WEAK = 15, 1138 GNUTLS_SEC_PARAM_WEAK = 20, 1139 GNUTLS_SEC_PARAM_LOW = 25, 1140 GNUTLS_SEC_PARAM_LEGACY = 30, 1141 GNUTLS_SEC_PARAM_MEDIUM = 35, 1142 GNUTLS_SEC_PARAM_HIGH = 40, 1143 GNUTLS_SEC_PARAM_ULTRA = 45, 1144 GNUTLS_SEC_PARAM_FUTURE = 50, 1145 GNUTLS_SEC_PARAM_MAX = GNUTLS_SEC_PARAM_FUTURE 1146} gnutls_sec_param_t; 1147 1148/* old name */ 1149#define GNUTLS_SEC_PARAM_NORMAL GNUTLS_SEC_PARAM_MEDIUM 1150 1151/** 1152 * gnutls_channel_binding_t: 1153 * @GNUTLS_CB_TLS_UNIQUE: "tls-unique" (RFC 5929) channel binding 1154 * 1155 * Enumeration of support channel binding types. 1156 */ 1157typedef enum { 1158 GNUTLS_CB_TLS_UNIQUE 1159} gnutls_channel_binding_t; 1160 1161/** 1162 * gnutls_gost_paramset_t: 1163 * @GNUTLS_GOST_PARAMSET_UNKNOWN: Unknown/default parameter set 1164 * @GNUTLS_GOST_PARAMSET_TC26_Z: Specified by TC26, see rfc7836 1165 * @GNUTLS_GOST_PARAMSET_CP_A: CryptoPro-A, see rfc4357 1166 * @GNUTLS_GOST_PARAMSET_CP_B: CryptoPro-B, see rfc4357 1167 * @GNUTLS_GOST_PARAMSET_CP_C: CryptoPro-C, see rfc4357 1168 * @GNUTLS_GOST_PARAMSET_CP_D: CryptoPro-D, see rfc4357 1169 * 1170 * Enumeration of different GOST 28147 parameter sets. 1171 */ 1172typedef enum { 1173 GNUTLS_GOST_PARAMSET_UNKNOWN = 0, 1174 GNUTLS_GOST_PARAMSET_TC26_Z, 1175 GNUTLS_GOST_PARAMSET_CP_A, 1176 GNUTLS_GOST_PARAMSET_CP_B, 1177 GNUTLS_GOST_PARAMSET_CP_C, 1178 GNUTLS_GOST_PARAMSET_CP_D 1179} gnutls_gost_paramset_t; 1180 1181/** 1182 * gnutls_ctype_target_t: 1183 * @GNUTLS_CTYPE_CLIENT: for requesting client certificate type values. 1184 * @GNUTLS_CTYPE_SERVER: for requesting server certificate type values. 1185 * @GNUTLS_CTYPE_OURS: for requesting our certificate type values. 1186 * @GNUTLS_CTYPE_PEERS: for requesting the peers' certificate type values. 1187 * 1188 * Enumeration of certificate type targets with respect to asymmetric 1189 * certificate types as specified in RFC7250 and P2P connection set up 1190 * as specified in draft-vanrein-tls-symmetry-02. 1191 */ 1192typedef enum { 1193 GNUTLS_CTYPE_CLIENT, 1194 GNUTLS_CTYPE_SERVER, 1195 GNUTLS_CTYPE_OURS, 1196 GNUTLS_CTYPE_PEERS 1197} gnutls_ctype_target_t; 1198 1199/* If you want to change this, then also change the define in 1200 * gnutls_int.h, and recompile. 1201 */ 1202typedef void *gnutls_transport_ptr_t; 1203 1204struct gnutls_session_int; 1205typedef struct gnutls_session_int *gnutls_session_t; 1206 1207struct gnutls_dh_params_int; 1208typedef struct gnutls_dh_params_int *gnutls_dh_params_t; 1209 1210 /* XXX ugly. */ 1211struct gnutls_x509_privkey_int; 1212typedef struct gnutls_x509_privkey_int *gnutls_rsa_params_t; 1213 1214struct gnutls_priority_st; 1215typedef struct gnutls_priority_st *gnutls_priority_t; 1216 1217typedef struct { 1218 unsigned char *data; 1219 unsigned int size; 1220} gnutls_datum_t; 1221 1222 1223typedef struct gnutls_params_st { 1224 gnutls_params_type_t type; 1225 union params { 1226 gnutls_dh_params_t dh; 1227 gnutls_rsa_params_t rsa_export; 1228 } params; 1229 int deinit; 1230} gnutls_params_st; 1231 1232typedef int gnutls_params_function(gnutls_session_t, gnutls_params_type_t, 1233 gnutls_params_st *); 1234 1235/* internal functions */ 1236 1237int gnutls_init(gnutls_session_t * session, unsigned int flags); 1238void gnutls_deinit(gnutls_session_t session); 1239#define _gnutls_deinit(x) gnutls_deinit(x) 1240 1241int gnutls_bye(gnutls_session_t session, gnutls_close_request_t how); 1242 1243int gnutls_handshake(gnutls_session_t session); 1244 1245int gnutls_reauth(gnutls_session_t session, unsigned int flags); 1246 1247#define GNUTLS_DEFAULT_HANDSHAKE_TIMEOUT ((unsigned int)-1) 1248#define GNUTLS_INDEFINITE_TIMEOUT ((unsigned int)-2) 1249void gnutls_handshake_set_timeout(gnutls_session_t session, 1250 unsigned int ms); 1251int gnutls_rehandshake(gnutls_session_t session); 1252 1253#define GNUTLS_KU_PEER 1 1254int gnutls_session_key_update(gnutls_session_t session, unsigned flags); 1255 1256gnutls_alert_description_t gnutls_alert_get(gnutls_session_t session); 1257int gnutls_alert_send(gnutls_session_t session, 1258 gnutls_alert_level_t level, 1259 gnutls_alert_description_t desc); 1260int gnutls_alert_send_appropriate(gnutls_session_t session, int err); 1261const char *gnutls_alert_get_name(gnutls_alert_description_t alert); 1262const char *gnutls_alert_get_strname(gnutls_alert_description_t alert); 1263 1264gnutls_sec_param_t gnutls_pk_bits_to_sec_param(gnutls_pk_algorithm_t algo, 1265 unsigned int bits); 1266const char *gnutls_sec_param_get_name(gnutls_sec_param_t param); 1267unsigned int gnutls_sec_param_to_pk_bits(gnutls_pk_algorithm_t algo, 1268 gnutls_sec_param_t param); 1269unsigned int 1270 gnutls_sec_param_to_symmetric_bits(gnutls_sec_param_t param) __GNUTLS_CONST__; 1271 1272/* Elliptic curves */ 1273const char * 1274 gnutls_ecc_curve_get_name(gnutls_ecc_curve_t curve) __GNUTLS_CONST__; 1275const char * 1276 gnutls_ecc_curve_get_oid(gnutls_ecc_curve_t curve) __GNUTLS_CONST__; 1277 1278const char * 1279 gnutls_group_get_name(gnutls_group_t group) __GNUTLS_CONST__; 1280 1281int 1282 gnutls_ecc_curve_get_size(gnutls_ecc_curve_t curve) __GNUTLS_CONST__; 1283gnutls_ecc_curve_t gnutls_ecc_curve_get(gnutls_session_t session); 1284 1285gnutls_group_t gnutls_group_get(gnutls_session_t session); 1286 1287/* get information on the current session */ 1288gnutls_cipher_algorithm_t gnutls_cipher_get(gnutls_session_t session); 1289gnutls_kx_algorithm_t gnutls_kx_get(gnutls_session_t session); 1290gnutls_mac_algorithm_t gnutls_mac_get(gnutls_session_t session); 1291gnutls_digest_algorithm_t gnutls_prf_hash_get(const gnutls_session_t session); 1292gnutls_certificate_type_t 1293gnutls_certificate_type_get(gnutls_session_t session); 1294gnutls_certificate_type_t 1295gnutls_certificate_type_get2(gnutls_session_t session, 1296 gnutls_ctype_target_t target); 1297 1298int gnutls_sign_algorithm_get(gnutls_session_t session); 1299int gnutls_sign_algorithm_get_client(gnutls_session_t session); 1300 1301int gnutls_sign_algorithm_get_requested(gnutls_session_t session, 1302 size_t indx, 1303 gnutls_sign_algorithm_t * algo); 1304 1305/* the name of the specified algorithms */ 1306const char * 1307 gnutls_cipher_get_name(gnutls_cipher_algorithm_t algorithm) __GNUTLS_CONST__; 1308const char * 1309 gnutls_mac_get_name(gnutls_mac_algorithm_t algorithm) __GNUTLS_CONST__; 1310 1311const char * 1312 gnutls_digest_get_name(gnutls_digest_algorithm_t algorithm) __GNUTLS_CONST__; 1313const char * 1314 gnutls_digest_get_oid(gnutls_digest_algorithm_t algorithm) __GNUTLS_CONST__; 1315 1316const char * 1317 gnutls_kx_get_name(gnutls_kx_algorithm_t algorithm) __GNUTLS_CONST__; 1318const char * 1319 gnutls_certificate_type_get_name(gnutls_certificate_type_t 1320 type) __GNUTLS_CONST__; 1321const char * 1322 gnutls_pk_get_name(gnutls_pk_algorithm_t algorithm) __GNUTLS_CONST__; 1323const char * 1324 gnutls_pk_get_oid(gnutls_pk_algorithm_t algorithm) __GNUTLS_CONST__; 1325 1326const char * 1327 gnutls_sign_get_name(gnutls_sign_algorithm_t algorithm) __GNUTLS_CONST__; 1328 1329const char *gnutls_sign_get_oid(gnutls_sign_algorithm_t sign) __GNUTLS_CONST__; 1330 1331const char * 1332 gnutls_gost_paramset_get_name(gnutls_gost_paramset_t param) __GNUTLS_CONST__; 1333const char * 1334 gnutls_gost_paramset_get_oid(gnutls_gost_paramset_t param) __GNUTLS_CONST__; 1335 1336size_t 1337 gnutls_cipher_get_key_size(gnutls_cipher_algorithm_t algorithm) __GNUTLS_CONST__; 1338size_t 1339 gnutls_mac_get_key_size(gnutls_mac_algorithm_t algorithm) __GNUTLS_CONST__; 1340 1341unsigned gnutls_sign_is_secure(gnutls_sign_algorithm_t algorithm) __GNUTLS_CONST__; 1342 1343/* It is possible that a signature algorithm is ok to use for short-lived 1344 * data (e.g., to sign a TLS session), but not for data that are long-lived 1345 * like certificates. This flag is about checking the security of the algorithm 1346 * for long-lived data. */ 1347#define GNUTLS_SIGN_FLAG_SECURE_FOR_CERTS 1 1348unsigned gnutls_sign_is_secure2(gnutls_sign_algorithm_t algorithm, unsigned int flags) __GNUTLS_CONST__; 1349 1350gnutls_digest_algorithm_t 1351 gnutls_sign_get_hash_algorithm(gnutls_sign_algorithm_t sign) __GNUTLS_CONST__; 1352gnutls_pk_algorithm_t 1353 gnutls_sign_get_pk_algorithm(gnutls_sign_algorithm_t sign) __GNUTLS_CONST__; 1354gnutls_sign_algorithm_t 1355 gnutls_pk_to_sign(gnutls_pk_algorithm_t pk, 1356 gnutls_digest_algorithm_t hash) __GNUTLS_CONST__; 1357 1358unsigned 1359gnutls_sign_supports_pk_algorithm(gnutls_sign_algorithm_t sign, gnutls_pk_algorithm_t pk) __GNUTLS_CONST__; 1360 1361#define gnutls_sign_algorithm_get_name gnutls_sign_get_name 1362 1363gnutls_mac_algorithm_t gnutls_mac_get_id(const char *name) __GNUTLS_CONST__; 1364gnutls_digest_algorithm_t gnutls_digest_get_id(const char *name) __GNUTLS_CONST__; 1365 1366gnutls_cipher_algorithm_t 1367 gnutls_cipher_get_id(const char *name) __GNUTLS_CONST__; 1368 1369gnutls_kx_algorithm_t 1370 gnutls_kx_get_id(const char *name) __GNUTLS_CONST__; 1371gnutls_protocol_t 1372 gnutls_protocol_get_id(const char *name) __GNUTLS_CONST__; 1373gnutls_certificate_type_t 1374 gnutls_certificate_type_get_id(const char *name) __GNUTLS_CONST__; 1375gnutls_pk_algorithm_t 1376 gnutls_pk_get_id(const char *name) __GNUTLS_CONST__; 1377gnutls_sign_algorithm_t 1378 gnutls_sign_get_id(const char *name) __GNUTLS_CONST__; 1379gnutls_ecc_curve_t gnutls_ecc_curve_get_id(const char *name) __GNUTLS_CONST__; 1380gnutls_pk_algorithm_t gnutls_ecc_curve_get_pk(gnutls_ecc_curve_t curve) __GNUTLS_CONST__; 1381gnutls_group_t gnutls_group_get_id(const char *name); 1382 1383gnutls_digest_algorithm_t 1384 gnutls_oid_to_digest(const char *oid) __GNUTLS_CONST__; 1385gnutls_mac_algorithm_t 1386 gnutls_oid_to_mac(const char *oid) __GNUTLS_CONST__; 1387gnutls_pk_algorithm_t 1388 gnutls_oid_to_pk(const char *oid) __GNUTLS_CONST__; 1389gnutls_sign_algorithm_t 1390 gnutls_oid_to_sign(const char *oid) __GNUTLS_CONST__; 1391gnutls_ecc_curve_t 1392 gnutls_oid_to_ecc_curve(const char *oid) __GNUTLS_CONST__; 1393gnutls_gost_paramset_t 1394 gnutls_oid_to_gost_paramset(const char *oid) __GNUTLS_CONST__; 1395 1396 /* list supported algorithms */ 1397const gnutls_ecc_curve_t * 1398 gnutls_ecc_curve_list(void) __GNUTLS_PURE__; 1399const gnutls_group_t * 1400 gnutls_group_list(void) __GNUTLS_PURE__; 1401const gnutls_cipher_algorithm_t * 1402 gnutls_cipher_list(void) __GNUTLS_PURE__; 1403const gnutls_mac_algorithm_t * 1404 gnutls_mac_list(void) __GNUTLS_PURE__; 1405const gnutls_digest_algorithm_t * 1406 gnutls_digest_list(void) __GNUTLS_PURE__; 1407const gnutls_protocol_t * 1408 gnutls_protocol_list(void) __GNUTLS_PURE__; 1409const gnutls_certificate_type_t * 1410 gnutls_certificate_type_list(void) __GNUTLS_PURE__; 1411const gnutls_kx_algorithm_t * 1412 gnutls_kx_list(void) __GNUTLS_PURE__; 1413const gnutls_pk_algorithm_t * 1414 gnutls_pk_list(void) __GNUTLS_PURE__; 1415const gnutls_sign_algorithm_t * 1416 gnutls_sign_list(void) __GNUTLS_PURE__; 1417const char * 1418 gnutls_cipher_suite_info(size_t idx, 1419 unsigned char *cs_id, 1420 gnutls_kx_algorithm_t * kx, 1421 gnutls_cipher_algorithm_t * cipher, 1422 gnutls_mac_algorithm_t * mac, 1423 gnutls_protocol_t * min_version); 1424 1425 /* error functions */ 1426int gnutls_error_is_fatal(int error) __GNUTLS_CONST__; 1427int gnutls_error_to_alert(int err, int *level); 1428 1429void gnutls_perror(int error); 1430const char * gnutls_strerror(int error) __GNUTLS_CONST__; 1431const char * gnutls_strerror_name(int error) __GNUTLS_CONST__; 1432 1433/* Semi-internal functions. 1434 */ 1435void gnutls_handshake_set_private_extensions(gnutls_session_t session, 1436 int allow); 1437int gnutls_handshake_set_random(gnutls_session_t session, 1438 const gnutls_datum_t * random); 1439 1440gnutls_handshake_description_t 1441gnutls_handshake_get_last_out(gnutls_session_t session); 1442gnutls_handshake_description_t 1443gnutls_handshake_get_last_in(gnutls_session_t session); 1444 1445/* Record layer functions. 1446 */ 1447#define GNUTLS_HEARTBEAT_WAIT 1 1448int gnutls_heartbeat_ping(gnutls_session_t session, size_t data_size, 1449 unsigned int max_tries, unsigned int flags); 1450int gnutls_heartbeat_pong(gnutls_session_t session, unsigned int flags); 1451 1452void gnutls_record_set_timeout(gnutls_session_t session, unsigned int ms); 1453void gnutls_record_disable_padding(gnutls_session_t session); 1454 1455void gnutls_record_cork(gnutls_session_t session); 1456#define GNUTLS_RECORD_WAIT 1 1457int gnutls_record_uncork(gnutls_session_t session, unsigned int flags); 1458size_t gnutls_record_discard_queued(gnutls_session_t session); 1459 1460int 1461gnutls_record_get_state(gnutls_session_t session, 1462 unsigned read, 1463 gnutls_datum_t *mac_key, 1464 gnutls_datum_t *IV, 1465 gnutls_datum_t *cipher_key, 1466 unsigned char seq_number[8]); 1467 1468int 1469gnutls_record_set_state(gnutls_session_t session, 1470 unsigned read, 1471 const unsigned char seq_number[8]); 1472 1473typedef struct { 1474 size_t low; 1475 size_t high; 1476} gnutls_range_st; 1477 1478int gnutls_range_split(gnutls_session_t session, 1479 const gnutls_range_st * orig, 1480 gnutls_range_st * small_range, 1481 gnutls_range_st * rem_range); 1482 1483ssize_t gnutls_record_send(gnutls_session_t session, const void *data, 1484 size_t data_size); 1485ssize_t gnutls_record_send2(gnutls_session_t session, const void *data, 1486 size_t data_size, size_t pad, unsigned flags); 1487ssize_t gnutls_record_send_range(gnutls_session_t session, 1488 const void *data, size_t data_size, 1489 const gnutls_range_st * range); 1490ssize_t gnutls_record_recv(gnutls_session_t session, void *data, 1491 size_t data_size); 1492 1493typedef struct mbuffer_st *gnutls_packet_t; 1494 1495ssize_t 1496gnutls_record_recv_packet(gnutls_session_t session, 1497 gnutls_packet_t *packet); 1498 1499void gnutls_packet_get(gnutls_packet_t packet, gnutls_datum_t *data, unsigned char *sequence); 1500void gnutls_packet_deinit(gnutls_packet_t packet); 1501 1502#define gnutls_read gnutls_record_recv 1503#define gnutls_write gnutls_record_send 1504ssize_t gnutls_record_recv_seq(gnutls_session_t session, void *data, 1505 size_t data_size, unsigned char *seq); 1506 1507size_t gnutls_record_overhead_size(gnutls_session_t session); 1508 1509size_t 1510 gnutls_est_record_overhead_size(gnutls_protocol_t version, 1511 gnutls_cipher_algorithm_t cipher, 1512 gnutls_mac_algorithm_t mac, 1513 gnutls_compression_method_t comp, 1514 unsigned int flags) __GNUTLS_CONST__; 1515 1516void gnutls_session_enable_compatibility_mode(gnutls_session_t session); 1517#define gnutls_record_set_max_empty_records(session, x) 1518 1519unsigned gnutls_record_can_use_length_hiding(gnutls_session_t session); 1520 1521int gnutls_record_get_direction(gnutls_session_t session); 1522 1523size_t gnutls_record_get_max_size(gnutls_session_t session); 1524ssize_t gnutls_record_set_max_size(gnutls_session_t session, size_t size); 1525ssize_t gnutls_record_set_max_recv_size(gnutls_session_t session, size_t size); 1526 1527size_t gnutls_record_check_pending(gnutls_session_t session); 1528size_t gnutls_record_check_corked(gnutls_session_t session); 1529 1530size_t gnutls_record_get_max_early_data_size(gnutls_session_t session); 1531int gnutls_record_set_max_early_data_size(gnutls_session_t session, size_t size); 1532ssize_t gnutls_record_send_early_data(gnutls_session_t session, 1533 const void *data, 1534 size_t length); 1535ssize_t gnutls_record_recv_early_data(gnutls_session_t session, 1536 void *data, 1537 size_t data_size); 1538 1539void gnutls_session_force_valid(gnutls_session_t session); 1540 1541int gnutls_prf(gnutls_session_t session, 1542 size_t label_size, const char *label, 1543 int server_random_first, 1544 size_t extra_size, const char *extra, 1545 size_t outsize, char *out); 1546int gnutls_prf_rfc5705(gnutls_session_t session, 1547 size_t label_size, const char *label, 1548 size_t context_size, const char *context, 1549 size_t outsize, char *out); 1550int gnutls_prf_early(gnutls_session_t session, 1551 size_t label_size, const char *label, 1552 size_t context_size, const char *context, 1553 size_t outsize, char *out); 1554 1555int gnutls_prf_raw(gnutls_session_t session, 1556 size_t label_size, const char *label, 1557 size_t seed_size, const char *seed, 1558 size_t outsize, char *out); 1559 1560/** 1561 * gnutls_server_name_type_t: 1562 * @GNUTLS_NAME_DNS: Domain Name System name type. 1563 * 1564 * Enumeration of different server name types. 1565 */ 1566typedef enum { 1567 GNUTLS_NAME_DNS = 1 1568} gnutls_server_name_type_t; 1569 1570int gnutls_server_name_set(gnutls_session_t session, 1571 gnutls_server_name_type_t type, 1572 const void *name, size_t name_length); 1573 1574int gnutls_server_name_get(gnutls_session_t session, 1575 void *data, size_t * data_length, 1576 unsigned int *type, unsigned int indx); 1577 1578unsigned int gnutls_heartbeat_get_timeout(gnutls_session_t session); 1579void gnutls_heartbeat_set_timeouts(gnutls_session_t session, 1580 unsigned int retrans_timeout, 1581 unsigned int total_timeout); 1582 1583#define GNUTLS_HB_PEER_ALLOWED_TO_SEND (1) 1584#define GNUTLS_HB_PEER_NOT_ALLOWED_TO_SEND (1<<1) 1585 1586 /* Heartbeat */ 1587void gnutls_heartbeat_enable(gnutls_session_t session, unsigned int type); 1588 1589#define GNUTLS_HB_LOCAL_ALLOWED_TO_SEND (1<<2) 1590unsigned gnutls_heartbeat_allowed(gnutls_session_t session, unsigned int type); 1591 1592 /* Safe renegotiation */ 1593unsigned gnutls_safe_renegotiation_status(gnutls_session_t session); 1594unsigned gnutls_session_ext_master_secret_status(gnutls_session_t session); 1595unsigned gnutls_session_etm_status(gnutls_session_t session); 1596 1597/** 1598 * gnutls_session_flags_t: 1599 * @GNUTLS_SFLAGS_SAFE_RENEGOTIATION: Safe renegotiation (RFC5746) was used 1600 * @GNUTLS_SFLAGS_EXT_MASTER_SECRET: The extended master secret (RFC7627) extension was used 1601 * @GNUTLS_SFLAGS_ETM: The encrypt then MAC (RFC7366) extension was used 1602 * @GNUTLS_SFLAGS_RFC7919: The RFC7919 Diffie-Hellman parameters were negotiated 1603 * @GNUTLS_SFLAGS_HB_LOCAL_SEND: The heartbeat negotiation allows the local side to send heartbeat messages 1604 * @GNUTLS_SFLAGS_HB_PEER_SEND: The heartbeat negotiation allows the peer to send heartbeat messages 1605 * @GNUTLS_SFLAGS_FALSE_START: False start was used in this client session. 1606 * @GNUTLS_SFLAGS_SESSION_TICKET: A session ticket has been received by the server. 1607 * @GNUTLS_SFLAGS_POST_HANDSHAKE_AUTH: Indicates client capability for post-handshake auth; set only on server side. 1608 * @GNUTLS_SFLAGS_EARLY_START: The TLS1.3 server session returned early. 1609 * @GNUTLS_SFLAGS_EARLY_DATA: The TLS1.3 early data has been received by the server. 1610 * @GNUTLS_SFLAGS_CLI_REQUESTED_OCSP: Set when the client has requested OCSP staple during handshake. 1611 * @GNUTLS_SFLAGS_SERV_REQUESTED_OCSP: Set when the server has requested OCSP staple during handshake. 1612 * 1613 * Enumeration of different session parameters. 1614 */ 1615typedef enum { 1616 GNUTLS_SFLAGS_SAFE_RENEGOTIATION = 1, 1617 GNUTLS_SFLAGS_EXT_MASTER_SECRET = 1<<1, 1618 GNUTLS_SFLAGS_ETM = 1<<2, 1619 GNUTLS_SFLAGS_HB_LOCAL_SEND = 1<<3, 1620 GNUTLS_SFLAGS_HB_PEER_SEND = 1<<4, 1621 GNUTLS_SFLAGS_FALSE_START = 1<<5, 1622 GNUTLS_SFLAGS_RFC7919 = 1<<6, 1623 GNUTLS_SFLAGS_SESSION_TICKET = 1<<7, 1624 GNUTLS_SFLAGS_POST_HANDSHAKE_AUTH = 1<<8, 1625 GNUTLS_SFLAGS_EARLY_START = 1<<9, 1626 GNUTLS_SFLAGS_EARLY_DATA = 1<<10, 1627 GNUTLS_SFLAGS_CLI_REQUESTED_OCSP = 1<<11, 1628 GNUTLS_SFLAGS_SERV_REQUESTED_OCSP = 1<<12 1629} gnutls_session_flags_t; 1630 1631unsigned gnutls_session_get_flags(gnutls_session_t session); 1632 1633/** 1634 * gnutls_supplemental_data_format_type_t: 1635 * @GNUTLS_SUPPLEMENTAL_UNKNOWN: Unknown data format 1636 * 1637 * Enumeration of different supplemental data types (RFC 4680). 1638 */ 1639typedef enum { 1640 GNUTLS_SUPPLEMENTAL_UNKNOWN = 0, 1641} gnutls_supplemental_data_format_type_t; 1642 1643const char 1644*gnutls_supplemental_get_name(gnutls_supplemental_data_format_type_t type); 1645 1646 /* SessionTicket, RFC 5077. */ 1647int gnutls_session_ticket_key_generate(gnutls_datum_t * key); 1648int gnutls_session_ticket_enable_client(gnutls_session_t session); 1649int gnutls_session_ticket_enable_server(gnutls_session_t session, 1650 const gnutls_datum_t * key); 1651 1652int gnutls_session_ticket_send(gnutls_session_t session, unsigned nr, unsigned flags); 1653 1654 /* SRTP, RFC 5764 */ 1655 1656/** 1657 * gnutls_srtp_profile_t: 1658 * @GNUTLS_SRTP_AES128_CM_HMAC_SHA1_80: 128 bit AES with a 80 bit HMAC-SHA1 1659 * @GNUTLS_SRTP_AES128_CM_HMAC_SHA1_32: 128 bit AES with a 32 bit HMAC-SHA1 1660 * @GNUTLS_SRTP_NULL_HMAC_SHA1_80: NULL cipher with a 80 bit HMAC-SHA1 1661 * @GNUTLS_SRTP_NULL_HMAC_SHA1_32: NULL cipher with a 32 bit HMAC-SHA1 1662 * 1663 * Enumeration of different SRTP protection profiles. 1664 */ 1665typedef enum { 1666 GNUTLS_SRTP_AES128_CM_HMAC_SHA1_80 = 0x0001, 1667 GNUTLS_SRTP_AES128_CM_HMAC_SHA1_32 = 0x0002, 1668 GNUTLS_SRTP_NULL_HMAC_SHA1_80 = 0x0005, 1669 GNUTLS_SRTP_NULL_HMAC_SHA1_32 = 0x0006 1670} gnutls_srtp_profile_t; 1671 1672int gnutls_srtp_set_profile(gnutls_session_t session, 1673 gnutls_srtp_profile_t profile); 1674int gnutls_srtp_set_profile_direct(gnutls_session_t session, 1675 const char *profiles, 1676 const char **err_pos); 1677int gnutls_srtp_get_selected_profile(gnutls_session_t session, 1678 gnutls_srtp_profile_t * profile); 1679 1680const char *gnutls_srtp_get_profile_name(gnutls_srtp_profile_t profile); 1681int gnutls_srtp_get_profile_id(const char *name, 1682 gnutls_srtp_profile_t * profile); 1683int gnutls_srtp_get_keys(gnutls_session_t session, 1684 void *key_material, 1685 unsigned int key_material_size, 1686 gnutls_datum_t * client_key, 1687 gnutls_datum_t * client_salt, 1688 gnutls_datum_t * server_key, 1689 gnutls_datum_t * server_salt); 1690 1691int gnutls_srtp_set_mki(gnutls_session_t session, 1692 const gnutls_datum_t * mki); 1693int gnutls_srtp_get_mki(gnutls_session_t session, gnutls_datum_t * mki); 1694 1695/* ALPN TLS extension */ 1696 1697/** 1698 * gnutls_alpn_flags_t: 1699 * @GNUTLS_ALPN_MANDATORY: Require ALPN negotiation. The connection will be 1700 * aborted if no matching ALPN protocol is found. 1701 * @GNUTLS_ALPN_SERVER_PRECEDENCE: The choices set by the server 1702 * will take precedence over the client's. 1703 * 1704 * Enumeration of different ALPN flags. These are used by gnutls_alpn_set_protocols(). 1705 */ 1706typedef enum { 1707 GNUTLS_ALPN_MANDATORY = 1, 1708 GNUTLS_ALPN_SERVER_PRECEDENCE = (1<<1) 1709} gnutls_alpn_flags_t; 1710 1711#define GNUTLS_ALPN_MAND GNUTLS_ALPN_MANDATORY 1712int gnutls_alpn_get_selected_protocol(gnutls_session_t session, 1713 gnutls_datum_t * protocol); 1714int gnutls_alpn_set_protocols(gnutls_session_t session, 1715 const gnutls_datum_t * protocols, 1716 unsigned protocols_size, unsigned flags); 1717 1718int gnutls_key_generate(gnutls_datum_t * key, unsigned int key_size); 1719 1720 1721#define GNUTLS_PRIORITY_INIT_DEF_APPEND 1 1722int gnutls_priority_init(gnutls_priority_t * priority_cache, 1723 const char *priorities, const char **err_pos); 1724int gnutls_priority_init2(gnutls_priority_t * priority_cache, 1725 const char *priorities, const char **err_pos, 1726 unsigned flags); 1727void gnutls_priority_deinit(gnutls_priority_t priority_cache); 1728int gnutls_priority_get_cipher_suite_index(gnutls_priority_t pcache, 1729 unsigned int idx, 1730 unsigned int *sidx); 1731 1732#define GNUTLS_PRIORITY_LIST_INIT_KEYWORDS 1 1733#define GNUTLS_PRIORITY_LIST_SPECIAL 2 1734const char * 1735gnutls_priority_string_list(unsigned iter, unsigned int flags); 1736 1737int gnutls_priority_set(gnutls_session_t session, 1738 gnutls_priority_t priority); 1739 1740int gnutls_priority_set_direct(gnutls_session_t session, 1741 const char *priorities, 1742 const char **err_pos); 1743 1744int gnutls_priority_certificate_type_list(gnutls_priority_t pcache, 1745 const unsigned int **list); 1746int gnutls_priority_certificate_type_list2(gnutls_priority_t pcache, 1747 const unsigned int **list, 1748 gnutls_ctype_target_t target); 1749int gnutls_priority_sign_list(gnutls_priority_t pcache, 1750 const unsigned int **list); 1751int gnutls_priority_protocol_list(gnutls_priority_t pcache, 1752 const unsigned int **list); 1753int gnutls_priority_ecc_curve_list(gnutls_priority_t pcache, 1754 const unsigned int **list); 1755int 1756gnutls_priority_group_list(gnutls_priority_t pcache, 1757 const unsigned int **list); 1758 1759int gnutls_priority_kx_list(gnutls_priority_t pcache, 1760 const unsigned int **list); 1761int gnutls_priority_cipher_list(gnutls_priority_t pcache, 1762 const unsigned int **list); 1763int gnutls_priority_mac_list(gnutls_priority_t pcache, 1764 const unsigned int **list); 1765 1766const char *gnutls_get_system_config_file(void); 1767 1768int gnutls_set_default_priority(gnutls_session_t session); 1769int gnutls_set_default_priority_append(gnutls_session_t session, 1770 const char *add_prio, 1771 const char **err_pos, 1772 unsigned flags); 1773 1774/* Returns the name of a cipher suite */ 1775const char * 1776 gnutls_cipher_suite_get_name(gnutls_kx_algorithm_t kx_algorithm, 1777 gnutls_cipher_algorithm_t cipher_algorithm, 1778 gnutls_mac_algorithm_t mac_algorithm) __GNUTLS_CONST__; 1779 1780/* get the currently used protocol version */ 1781gnutls_protocol_t gnutls_protocol_get_version(gnutls_session_t session); 1782 1783const char * 1784 gnutls_protocol_get_name(gnutls_protocol_t version) __GNUTLS_CONST__; 1785 1786 1787/* get/set session 1788 */ 1789int gnutls_session_set_data(gnutls_session_t session, 1790 const void *session_data, 1791 size_t session_data_size); 1792int gnutls_session_get_data(gnutls_session_t session, void *session_data, 1793 size_t * session_data_size); 1794int gnutls_session_get_data2(gnutls_session_t session, 1795 gnutls_datum_t * data); 1796void gnutls_session_get_random(gnutls_session_t session, 1797 gnutls_datum_t * client, 1798 gnutls_datum_t * server); 1799 1800void gnutls_session_get_master_secret(gnutls_session_t session, 1801 gnutls_datum_t * secret); 1802 1803char *gnutls_session_get_desc(gnutls_session_t session); 1804 1805typedef int gnutls_certificate_verify_function(gnutls_session_t); 1806void gnutls_session_set_verify_function(gnutls_session_t session, gnutls_certificate_verify_function * func); 1807 1808/** 1809 * gnutls_vdata_types_t: 1810 * @GNUTLS_DT_UNKNOWN: Unknown data type. 1811 * @GNUTLS_DT_DNS_HOSTNAME: The data contain a null-terminated DNS hostname; the hostname will be 1812 * matched using the RFC6125 rules. If the data contain a textual IP (v4 or v6) address it will 1813 * be marched against the IPAddress Alternative name, unless the verification flag %GNUTLS_VERIFY_DO_NOT_ALLOW_IP_MATCHES 1814 * is specified. 1815 * @GNUTLS_DT_IP_ADDRESS: The data contain a raw IP address (4 or 16 bytes). If will be matched 1816 * against the IPAddress Alternative name; option available since 3.6.0. 1817 * @GNUTLS_DT_RFC822NAME: The data contain a null-terminated email address; the email will be 1818 * matched against the RFC822Name Alternative name of the certificate, or the EMAIL DN component if the 1819 * former isn't available. Prior to matching the email address will be converted to ACE 1820 * (ASCII-compatible-encoding). 1821 * @GNUTLS_DT_KEY_PURPOSE_OID: The data contain a null-terminated key purpose OID. It will be matched 1822 * against the certificate's Extended Key Usage extension. 1823 * 1824 * Enumeration of different typed-data options. They are used as input to certificate 1825 * verification functions to provide information about the name and purpose of the 1826 * certificate. Only a single option of a type can be provided to the relevant functions 1827 * (i.e., options %GNUTLS_DT_DNS_HOSTNAME, %GNUTLS_DT_IP_ADDRESS and 1828 * %GNUTLS_DT_RFC822NAME cannot be combined). 1829 */ 1830typedef enum { 1831 GNUTLS_DT_UNKNOWN = 0, 1832 GNUTLS_DT_DNS_HOSTNAME = 1, 1833 GNUTLS_DT_KEY_PURPOSE_OID = 2, 1834 GNUTLS_DT_RFC822NAME = 3, 1835 GNUTLS_DT_IP_ADDRESS = 4 1836} gnutls_vdata_types_t; 1837 1838typedef struct { 1839 gnutls_vdata_types_t type; 1840 unsigned char *data; 1841 unsigned int size; 1842} gnutls_typed_vdata_st; 1843 1844void gnutls_session_set_verify_cert(gnutls_session_t session, 1845 const char *hostname, unsigned flags); 1846 1847void 1848gnutls_session_set_verify_cert2(gnutls_session_t session, 1849 gnutls_typed_vdata_st * data, 1850 unsigned elements, unsigned flags); 1851 1852unsigned int gnutls_session_get_verify_cert_status(gnutls_session_t); 1853 1854int gnutls_session_set_premaster(gnutls_session_t session, 1855 unsigned int entity, 1856 gnutls_protocol_t version, 1857 gnutls_kx_algorithm_t kx, 1858 gnutls_cipher_algorithm_t cipher, 1859 gnutls_mac_algorithm_t mac, 1860 gnutls_compression_method_t comp, 1861 const gnutls_datum_t * master, 1862 const gnutls_datum_t * session_id); 1863 1864/* returns the session ID */ 1865#define GNUTLS_MAX_SESSION_ID 32 1866int gnutls_session_get_id(gnutls_session_t session, void *session_id, 1867 size_t * session_id_size); 1868int gnutls_session_get_id2(gnutls_session_t session, 1869 gnutls_datum_t * session_id); 1870 1871int gnutls_session_set_id(gnutls_session_t session, 1872 const gnutls_datum_t * sid); 1873 1874int gnutls_session_channel_binding(gnutls_session_t session, 1875 gnutls_channel_binding_t cbtype, 1876 gnutls_datum_t * cb); 1877 1878/* checks if this session is a resumed one 1879 */ 1880int gnutls_session_is_resumed(gnutls_session_t session); 1881int gnutls_session_resumption_requested(gnutls_session_t session); 1882 1883typedef int (*gnutls_db_store_func) (void *, gnutls_datum_t key, 1884 gnutls_datum_t data); 1885typedef int (*gnutls_db_remove_func) (void *, gnutls_datum_t key); 1886typedef gnutls_datum_t(*gnutls_db_retr_func) (void *, gnutls_datum_t key); 1887 1888void gnutls_db_set_cache_expiration(gnutls_session_t session, int seconds); 1889unsigned gnutls_db_get_default_cache_expiration(void); 1890 1891void gnutls_db_remove_session(gnutls_session_t session); 1892void gnutls_db_set_retrieve_function(gnutls_session_t session, 1893 gnutls_db_retr_func retr_func); 1894void gnutls_db_set_remove_function(gnutls_session_t session, 1895 gnutls_db_remove_func rem_func); 1896void gnutls_db_set_store_function(gnutls_session_t session, 1897 gnutls_db_store_func store_func); 1898void gnutls_db_set_ptr(gnutls_session_t session, void *ptr); 1899void *gnutls_db_get_ptr(gnutls_session_t session); 1900int gnutls_db_check_entry(gnutls_session_t session, 1901 gnutls_datum_t session_entry); 1902time_t gnutls_db_check_entry_time(gnutls_datum_t * entry); 1903time_t gnutls_db_check_entry_expire_time(gnutls_datum_t * entry); 1904 1905 /** 1906 * gnutls_handshake_hook_func: 1907 * @session: the current session 1908 * @htype: the type of the handshake message (%gnutls_handshake_description_t) 1909 * @when: non zero if this is a post-process/generation call and zero otherwise 1910 * @incoming: non zero if this is an incoming message and zero if this is an outgoing message 1911 * @msg: the (const) data of the handshake message without the handshake headers. 1912 * 1913 * Function prototype for handshake hooks. It is set using 1914 * gnutls_handshake_set_hook_function(). 1915 * 1916 * Returns: Non zero on error. 1917 */ 1918#define GNUTLS_HOOK_POST (1) 1919#define GNUTLS_HOOK_PRE (0) 1920#define GNUTLS_HOOK_BOTH (-1) 1921 1922typedef int (*gnutls_handshake_hook_func) (gnutls_session_t, 1923 unsigned int htype, 1924 unsigned when, 1925 unsigned int incoming, 1926 const gnutls_datum_t *msg); 1927void gnutls_handshake_set_hook_function(gnutls_session_t session, 1928 unsigned int htype, int when, 1929 gnutls_handshake_hook_func func); 1930 1931#define gnutls_handshake_post_client_hello_func gnutls_handshake_simple_hook_func 1932typedef int (*gnutls_handshake_simple_hook_func) (gnutls_session_t); 1933void 1934gnutls_handshake_set_post_client_hello_function(gnutls_session_t session, 1935 gnutls_handshake_simple_hook_func func); 1936 1937void gnutls_handshake_set_max_packet_length(gnutls_session_t session, 1938 size_t max); 1939 1940/* returns libgnutls version (call it with a NULL argument) 1941 */ 1942const char * gnutls_check_version(const char *req_version) __GNUTLS_CONST__; 1943 1944/* A macro which will allow optimizing out calls to gnutls_check_version() 1945 * when the version being compiled with is sufficient. 1946 * Used as: 1947 * if (gnutls_check_version_numerc(3,3,16)) { 1948 */ 1949#define gnutls_check_version_numeric(a,b,c) \ 1950 ((GNUTLS_VERSION_MAJOR >= (a)) && \ 1951 ((GNUTLS_VERSION_NUMBER >= ( ((a) << 16) + ((b) << 8) + (c) )) || \ 1952 gnutls_check_version(#a "." #b "." #c))) 1953 1954/* Functions for setting/clearing credentials 1955 */ 1956void gnutls_credentials_clear(gnutls_session_t session); 1957 1958/* cred is a structure defined by the kx algorithm 1959 */ 1960int gnutls_credentials_set(gnutls_session_t session, 1961 gnutls_credentials_type_t type, void *cred); 1962int gnutls_credentials_get(gnutls_session_t session, 1963 gnutls_credentials_type_t type, void **cred); 1964#define gnutls_cred_set gnutls_credentials_set 1965 1966/* x.509 types */ 1967 1968struct gnutls_pubkey_st; 1969typedef struct gnutls_pubkey_st *gnutls_pubkey_t; 1970 1971struct gnutls_privkey_st; 1972typedef struct gnutls_privkey_st *gnutls_privkey_t; 1973 1974struct gnutls_x509_privkey_int; 1975typedef struct gnutls_x509_privkey_int *gnutls_x509_privkey_t; 1976 1977struct gnutls_x509_crl_int; 1978typedef struct gnutls_x509_crl_int *gnutls_x509_crl_t; 1979 1980struct gnutls_x509_crt_int; 1981typedef struct gnutls_x509_crt_int *gnutls_x509_crt_t; 1982 1983struct gnutls_x509_crq_int; 1984typedef struct gnutls_x509_crq_int *gnutls_x509_crq_t; 1985 1986struct gnutls_openpgp_keyring_int; 1987typedef struct gnutls_openpgp_keyring_int *gnutls_openpgp_keyring_t; 1988 1989 1990/* Credential structures - used in gnutls_credentials_set(); */ 1991 1992struct gnutls_certificate_credentials_st; 1993typedef struct gnutls_certificate_credentials_st 1994*gnutls_certificate_credentials_t; 1995typedef gnutls_certificate_credentials_t 1996 gnutls_certificate_server_credentials; 1997typedef gnutls_certificate_credentials_t 1998 gnutls_certificate_client_credentials; 1999 2000typedef struct gnutls_anon_server_credentials_st 2001*gnutls_anon_server_credentials_t; 2002typedef struct gnutls_anon_client_credentials_st 2003*gnutls_anon_client_credentials_t; 2004 2005void gnutls_anon_free_server_credentials(gnutls_anon_server_credentials_t 2006 sc); 2007int 2008gnutls_anon_allocate_server_credentials(gnutls_anon_server_credentials_t 2009 * sc); 2010 2011void gnutls_anon_set_server_dh_params(gnutls_anon_server_credentials_t res, 2012 gnutls_dh_params_t dh_params); 2013 2014int 2015gnutls_anon_set_server_known_dh_params(gnutls_anon_server_credentials_t res, 2016 gnutls_sec_param_t sec_param); 2017 2018void 2019gnutls_anon_set_server_params_function(gnutls_anon_server_credentials_t 2020 res, gnutls_params_function * func); 2021 2022void 2023gnutls_anon_free_client_credentials(gnutls_anon_client_credentials_t sc); 2024int 2025gnutls_anon_allocate_client_credentials(gnutls_anon_client_credentials_t 2026 * sc); 2027 2028/* CERTFILE is an x509 certificate in PEM form. 2029 * KEYFILE is a pkcs-1 private key in PEM form (for RSA keys). 2030 */ 2031void 2032gnutls_certificate_free_credentials(gnutls_certificate_credentials_t sc); 2033int 2034gnutls_certificate_allocate_credentials(gnutls_certificate_credentials_t 2035 * res); 2036 2037int 2038gnutls_certificate_get_issuer(gnutls_certificate_credentials_t sc, 2039 gnutls_x509_crt_t cert, 2040 gnutls_x509_crt_t * issuer, 2041 unsigned int flags); 2042 2043int gnutls_certificate_get_crt_raw(gnutls_certificate_credentials_t sc, 2044 unsigned idx1, unsigned idx2, 2045 gnutls_datum_t * cert); 2046 2047void gnutls_certificate_free_keys(gnutls_certificate_credentials_t sc); 2048void gnutls_certificate_free_cas(gnutls_certificate_credentials_t sc); 2049void gnutls_certificate_free_ca_names(gnutls_certificate_credentials_t sc); 2050void gnutls_certificate_free_crls(gnutls_certificate_credentials_t sc); 2051 2052void gnutls_certificate_set_dh_params(gnutls_certificate_credentials_t res, 2053 gnutls_dh_params_t dh_params); 2054 2055int gnutls_certificate_set_known_dh_params(gnutls_certificate_credentials_t res, 2056 gnutls_sec_param_t sec_param); 2057void gnutls_certificate_set_verify_flags(gnutls_certificate_credentials_t 2058 res, unsigned int flags); 2059unsigned int 2060gnutls_certificate_get_verify_flags(gnutls_certificate_credentials_t res); 2061 2062/** 2063 * gnutls_certificate_flags: 2064 * @GNUTLS_CERTIFICATE_SKIP_KEY_CERT_MATCH: Skip the key and certificate matching check. 2065 * @GNUTLS_CERTIFICATE_API_V2: If set the gnutls_certificate_set_*key* functions will return an index of the added key pair instead of zero. 2066 * @GNUTLS_CERTIFICATE_SKIP_OCSP_RESPONSE_CHECK: If set, the gnutls_certificate_set_ocsp_status_request_file 2067 * function, will not check whether the response set matches any of the certificates. 2068 * @GNUTLS_CERTIFICATE_VERIFY_CRLS: This will enable CRL verification when added in the certificate structure. 2069 * When used, it requires CAs to be added before CRLs. 2070 * 2071 * Enumeration of different certificate credentials flags. 2072 */ 2073typedef enum gnutls_certificate_flags { 2074 GNUTLS_CERTIFICATE_SKIP_KEY_CERT_MATCH = 1, 2075 GNUTLS_CERTIFICATE_API_V2 = (1<<1), 2076 GNUTLS_CERTIFICATE_SKIP_OCSP_RESPONSE_CHECK = (1<<2), 2077 GNUTLS_CERTIFICATE_VERIFY_CRLS = (1<<3) 2078} gnutls_certificate_flags; 2079 2080void gnutls_certificate_set_flags(gnutls_certificate_credentials_t, 2081 unsigned flags); 2082 2083void gnutls_certificate_set_verify_limits(gnutls_certificate_credentials_t 2084 res, unsigned int max_bits, 2085 unsigned int max_depth); 2086 2087int 2088gnutls_certificate_set_x509_system_trust(gnutls_certificate_credentials_t 2089 cred); 2090 2091int 2092gnutls_certificate_set_x509_trust_file(gnutls_certificate_credentials_t 2093 cred, const char *cafile, 2094 gnutls_x509_crt_fmt_t type); 2095int 2096gnutls_certificate_set_x509_trust_dir(gnutls_certificate_credentials_t cred, 2097 const char *ca_dir, 2098 gnutls_x509_crt_fmt_t type); 2099 2100int gnutls_certificate_set_x509_trust_mem(gnutls_certificate_credentials_t 2101 res, const gnutls_datum_t * ca, 2102 gnutls_x509_crt_fmt_t type); 2103 2104int 2105gnutls_certificate_set_x509_crl_file(gnutls_certificate_credentials_t 2106 res, const char *crlfile, 2107 gnutls_x509_crt_fmt_t type); 2108int gnutls_certificate_set_x509_crl_mem(gnutls_certificate_credentials_t 2109 res, const gnutls_datum_t * CRL, 2110 gnutls_x509_crt_fmt_t type); 2111 2112int 2113gnutls_certificate_set_x509_key_file(gnutls_certificate_credentials_t 2114 res, const char *certfile, 2115 const char *keyfile, 2116 gnutls_x509_crt_fmt_t type); 2117 2118int 2119gnutls_certificate_set_x509_key_file2(gnutls_certificate_credentials_t 2120 res, const char *certfile, 2121 const char *keyfile, 2122 gnutls_x509_crt_fmt_t type, 2123 const char *pass, 2124 unsigned int flags); 2125 2126int gnutls_certificate_set_x509_key_mem(gnutls_certificate_credentials_t 2127 res, const gnutls_datum_t * cert, 2128 const gnutls_datum_t * key, 2129 gnutls_x509_crt_fmt_t type); 2130 2131int gnutls_certificate_set_x509_key_mem2(gnutls_certificate_credentials_t 2132 res, const gnutls_datum_t * cert, 2133 const gnutls_datum_t * key, 2134 gnutls_x509_crt_fmt_t type, 2135 const char *pass, 2136 unsigned int flags); 2137 2138void gnutls_certificate_send_x509_rdn_sequence(gnutls_session_t session, 2139 int status); 2140 2141int 2142gnutls_certificate_set_x509_simple_pkcs12_file 2143(gnutls_certificate_credentials_t res, const char *pkcs12file, 2144 gnutls_x509_crt_fmt_t type, const char *password); 2145int 2146gnutls_certificate_set_x509_simple_pkcs12_mem 2147(gnutls_certificate_credentials_t res, const gnutls_datum_t * p12blob, 2148 gnutls_x509_crt_fmt_t type, const char *password); 2149 2150/* New functions to allow setting already parsed X.509 stuff. 2151 */ 2152 2153int gnutls_certificate_set_x509_key(gnutls_certificate_credentials_t res, 2154 gnutls_x509_crt_t * cert_list, 2155 int cert_list_size, 2156 gnutls_x509_privkey_t key); 2157int gnutls_certificate_set_x509_trust(gnutls_certificate_credentials_t res, 2158 gnutls_x509_crt_t * ca_list, 2159 int ca_list_size); 2160int gnutls_certificate_set_x509_crl(gnutls_certificate_credentials_t res, 2161 gnutls_x509_crl_t * crl_list, 2162 int crl_list_size); 2163 2164int gnutls_certificate_get_x509_key(gnutls_certificate_credentials_t res, 2165 unsigned index, 2166 gnutls_x509_privkey_t *key); 2167int gnutls_certificate_get_x509_crt(gnutls_certificate_credentials_t res, 2168 unsigned index, 2169 gnutls_x509_crt_t **crt_list, 2170 unsigned *crt_list_size); 2171 2172 /* OCSP status request extension, RFC 6066 */ 2173typedef int (*gnutls_status_request_ocsp_func) 2174 (gnutls_session_t session, void *ptr, gnutls_datum_t *ocsp_response); 2175 2176void 2177gnutls_certificate_set_ocsp_status_request_function 2178(gnutls_certificate_credentials_t res, 2179gnutls_status_request_ocsp_func ocsp_func, void *ptr); 2180 2181int 2182gnutls_certificate_set_ocsp_status_request_function2 2183(gnutls_certificate_credentials_t res, unsigned idx, 2184gnutls_status_request_ocsp_func ocsp_func, void *ptr); 2185 2186int 2187gnutls_certificate_set_ocsp_status_request_file 2188(gnutls_certificate_credentials_t res, const char *response_file, 2189 unsigned idx); 2190 2191int 2192gnutls_certificate_set_ocsp_status_request_file2 2193(gnutls_certificate_credentials_t res, const char *response_file, 2194 unsigned idx, gnutls_x509_crt_fmt_t fmt); 2195 2196int 2197gnutls_certificate_set_ocsp_status_request_mem 2198(gnutls_certificate_credentials_t res, const gnutls_datum_t *resp, 2199 unsigned idx, gnutls_x509_crt_fmt_t fmt); 2200 2201typedef struct gnutls_ocsp_data_st { 2202 unsigned int version; /* must be zero */ 2203 gnutls_datum_t response; 2204 time_t exptime; 2205 unsigned char padding[32]; 2206} gnutls_ocsp_data_st; 2207 2208time_t 2209gnutls_certificate_get_ocsp_expiration(gnutls_certificate_credentials_t sc, 2210 unsigned idx, 2211 int oidx, 2212 unsigned flags); 2213 2214int gnutls_ocsp_status_request_enable_client(gnutls_session_t session, 2215 gnutls_datum_t * responder_id, 2216 size_t responder_id_size, 2217 gnutls_datum_t * 2218 request_extensions); 2219 2220int gnutls_ocsp_status_request_get(gnutls_session_t session, 2221 gnutls_datum_t * response); 2222 2223#define GNUTLS_OCSP_SR_IS_AVAIL 1 2224unsigned gnutls_ocsp_status_request_is_checked(gnutls_session_t session, 2225 unsigned int flags); 2226 2227int 2228gnutls_ocsp_status_request_get2(gnutls_session_t session, 2229 unsigned idx, 2230 gnutls_datum_t * response); 2231 2232/* RAW public key functions (RFC7250) */ 2233int gnutls_certificate_set_rawpk_key_mem(gnutls_certificate_credentials_t cred, 2234 const gnutls_datum_t* spki, 2235 const gnutls_datum_t* pkey, 2236 gnutls_x509_crt_fmt_t format, 2237 const char* pass, 2238 unsigned int key_usage, 2239 const char **names, 2240 unsigned int names_length, 2241 unsigned int flags); 2242 2243int gnutls_certificate_set_rawpk_key_file(gnutls_certificate_credentials_t cred, 2244 const char* rawpkfile, 2245 const char* privkeyfile, 2246 gnutls_x509_crt_fmt_t format, 2247 const char *pass, 2248 unsigned int key_usage, 2249 const char **names, 2250 unsigned int names_length, 2251 unsigned int privkey_flags, 2252 unsigned int pkcs11_flags); 2253 2254 2255/* global state functions 2256 */ 2257int gnutls_global_init(void); 2258void gnutls_global_deinit(void); 2259 2260 /** 2261 * gnutls_time_func: 2262 * @t: where to store time. 2263 * 2264 * Function prototype for time()-like function. Set with 2265 * gnutls_global_set_time_function(). 2266 * 2267 * Returns: Number of seconds since the epoch, or (time_t)-1 on errors. 2268 */ 2269typedef time_t(*gnutls_time_func) (time_t * t); 2270 2271typedef int (*mutex_init_func) (void **mutex); 2272typedef int (*mutex_lock_func) (void **mutex); 2273typedef int (*mutex_unlock_func) (void **mutex); 2274typedef int (*mutex_deinit_func) (void **mutex); 2275 2276void gnutls_global_set_mutex(mutex_init_func init, 2277 mutex_deinit_func deinit, 2278 mutex_lock_func lock, 2279 mutex_unlock_func unlock); 2280 2281typedef void *(*gnutls_alloc_function) (size_t); 2282typedef void *(*gnutls_calloc_function) (size_t, size_t); 2283typedef int (*gnutls_is_secure_function) (const void *); 2284typedef void (*gnutls_free_function) (void *); 2285typedef void *(*gnutls_realloc_function) (void *, size_t); 2286 2287void gnutls_global_set_time_function(gnutls_time_func time_func); 2288 2289/* For use in callbacks */ 2290extern _SYM_EXPORT gnutls_alloc_function gnutls_malloc; 2291extern _SYM_EXPORT gnutls_realloc_function gnutls_realloc; 2292extern _SYM_EXPORT gnutls_calloc_function gnutls_calloc; 2293extern _SYM_EXPORT gnutls_free_function gnutls_free; 2294 2295#ifdef GNUTLS_INTERNAL_BUILD 2296#define gnutls_free(a) gnutls_free((void *) (a)), a=NULL 2297#endif 2298 2299extern _SYM_EXPORT char *(*gnutls_strdup) (const char *); 2300 2301/* a variant of memset that doesn't get optimized out */ 2302void gnutls_memset(void *data, int c, size_t size); 2303 2304/* constant time memcmp */ 2305int gnutls_memcmp(const void *s1, const void *s2, size_t n); 2306 2307typedef void (*gnutls_log_func) (int, const char *); 2308typedef void (*gnutls_audit_log_func) (gnutls_session_t, const char *); 2309void gnutls_global_set_log_function(gnutls_log_func log_func); 2310void gnutls_global_set_audit_log_function(gnutls_audit_log_func log_func); 2311void gnutls_global_set_log_level(int level); 2312 2313 /** 2314 * gnutls_keylog_func: 2315 * @session: the current session 2316 * @label: the keylog label 2317 * @secret: the (const) data of the derived secret. 2318 * 2319 * Function prototype for keylog hooks. It is set using 2320 * gnutls_session_set_keylog_function(). 2321 * 2322 * Returns: Non zero on error. 2323 * Since: 3.6.13 2324 */ 2325typedef int (*gnutls_keylog_func) (gnutls_session_t session, 2326 const char *label, 2327 const gnutls_datum_t *secret); 2328gnutls_keylog_func gnutls_session_get_keylog_function(const gnutls_session_t session); 2329void gnutls_session_set_keylog_function(gnutls_session_t session, 2330 gnutls_keylog_func func); 2331 2332/* Diffie-Hellman parameter handling. 2333 */ 2334int gnutls_dh_params_init(gnutls_dh_params_t * dh_params); 2335void gnutls_dh_params_deinit(gnutls_dh_params_t dh_params); 2336int gnutls_dh_params_import_raw(gnutls_dh_params_t dh_params, 2337 const gnutls_datum_t * prime, 2338 const gnutls_datum_t * generator); 2339int gnutls_dh_params_import_dsa(gnutls_dh_params_t dh_params, gnutls_x509_privkey_t key); 2340int gnutls_dh_params_import_raw2(gnutls_dh_params_t dh_params, 2341 const gnutls_datum_t * prime, 2342 const gnutls_datum_t * generator, 2343 unsigned key_bits); 2344int gnutls_dh_params_import_raw3(gnutls_dh_params_t dh_params, 2345 const gnutls_datum_t * prime, 2346 const gnutls_datum_t * q, 2347 const gnutls_datum_t * generator); 2348int gnutls_dh_params_import_pkcs3(gnutls_dh_params_t params, 2349 const gnutls_datum_t * pkcs3_params, 2350 gnutls_x509_crt_fmt_t format); 2351int gnutls_dh_params_generate2(gnutls_dh_params_t params, 2352 unsigned int bits); 2353int gnutls_dh_params_export_pkcs3(gnutls_dh_params_t params, 2354 gnutls_x509_crt_fmt_t format, 2355 unsigned char *params_data, 2356 size_t * params_data_size); 2357int gnutls_dh_params_export2_pkcs3(gnutls_dh_params_t params, 2358 gnutls_x509_crt_fmt_t format, 2359 gnutls_datum_t * out); 2360int gnutls_dh_params_export_raw(gnutls_dh_params_t params, 2361 gnutls_datum_t * prime, 2362 gnutls_datum_t * generator, 2363 unsigned int *bits); 2364int gnutls_dh_params_cpy(gnutls_dh_params_t dst, gnutls_dh_params_t src); 2365 2366 2367 2368/* Session stuff 2369 */ 2370@DEFINE_IOVEC_T@ 2371 2372typedef ssize_t(*gnutls_pull_func) (gnutls_transport_ptr_t, void *, 2373 size_t); 2374typedef ssize_t(*gnutls_push_func) (gnutls_transport_ptr_t, const void *, 2375 size_t); 2376 2377int gnutls_system_recv_timeout(gnutls_transport_ptr_t ptr, unsigned int ms); 2378typedef int (*gnutls_pull_timeout_func) (gnutls_transport_ptr_t, 2379 unsigned int ms); 2380 2381typedef ssize_t(*gnutls_vec_push_func) (gnutls_transport_ptr_t, 2382 const giovec_t * iov, int iovcnt); 2383 2384typedef int (*gnutls_errno_func) (gnutls_transport_ptr_t); 2385 2386#if 0 2387 /* This will be defined as macro. */ 2388 void gnutls_transport_set_int (gnutls_session_t session, int r); 2389#endif 2390 2391void gnutls_transport_set_int2(gnutls_session_t session, int r, int s); 2392#define gnutls_transport_set_int(s, i) gnutls_transport_set_int2(s, i, i) 2393 2394void gnutls_transport_get_int2(gnutls_session_t session, int *r, int *s); 2395int gnutls_transport_get_int(gnutls_session_t session); 2396 2397void gnutls_transport_set_ptr(gnutls_session_t session, 2398 gnutls_transport_ptr_t ptr); 2399void gnutls_transport_set_ptr2(gnutls_session_t session, 2400 gnutls_transport_ptr_t recv_ptr, 2401 gnutls_transport_ptr_t send_ptr); 2402 2403gnutls_transport_ptr_t gnutls_transport_get_ptr(gnutls_session_t session); 2404void gnutls_transport_get_ptr2(gnutls_session_t session, 2405 gnutls_transport_ptr_t * recv_ptr, 2406 gnutls_transport_ptr_t * send_ptr); 2407 2408void gnutls_transport_set_vec_push_function(gnutls_session_t session, 2409 gnutls_vec_push_func vec_func); 2410void gnutls_transport_set_push_function(gnutls_session_t session, 2411 gnutls_push_func push_func); 2412void gnutls_transport_set_pull_function(gnutls_session_t session, 2413 gnutls_pull_func pull_func); 2414 2415void gnutls_transport_set_pull_timeout_function(gnutls_session_t session, 2416 gnutls_pull_timeout_func 2417 func); 2418 2419void gnutls_transport_set_errno_function(gnutls_session_t session, 2420 gnutls_errno_func errno_func); 2421 2422void gnutls_transport_set_errno(gnutls_session_t session, int err); 2423 2424/* session specific 2425 */ 2426void gnutls_session_set_ptr(gnutls_session_t session, void *ptr); 2427void *gnutls_session_get_ptr(gnutls_session_t session); 2428 2429void gnutls_openpgp_send_cert(gnutls_session_t session, 2430 gnutls_openpgp_crt_status_t status); 2431 2432/* This function returns the hash of the given data. 2433 */ 2434int gnutls_fingerprint(gnutls_digest_algorithm_t algo, 2435 const gnutls_datum_t * data, void *result, 2436 size_t * result_size); 2437 2438 /** 2439 * gnutls_random_art_t: 2440 * @GNUTLS_RANDOM_ART_OPENSSH: OpenSSH-style random art. 2441 * 2442 * Enumeration of different random art types. 2443 */ 2444typedef enum gnutls_random_art { 2445 GNUTLS_RANDOM_ART_OPENSSH = 1 2446} gnutls_random_art_t; 2447 2448int gnutls_random_art(gnutls_random_art_t type, 2449 const char *key_type, unsigned int key_size, 2450 void *fpr, size_t fpr_size, gnutls_datum_t * art); 2451 2452/* IDNA */ 2453#define GNUTLS_IDNA_FORCE_2008 (1<<1) 2454int gnutls_idna_map(const char * input, unsigned ilen, gnutls_datum_t *out, unsigned flags); 2455int gnutls_idna_reverse_map(const char *input, unsigned ilen, gnutls_datum_t *out, unsigned flags); 2456 2457/* SRP 2458 */ 2459 2460typedef struct gnutls_srp_server_credentials_st 2461*gnutls_srp_server_credentials_t; 2462typedef struct gnutls_srp_client_credentials_st 2463*gnutls_srp_client_credentials_t; 2464 2465void 2466gnutls_srp_free_client_credentials(gnutls_srp_client_credentials_t sc); 2467int 2468gnutls_srp_allocate_client_credentials(gnutls_srp_client_credentials_t * 2469 sc); 2470int gnutls_srp_set_client_credentials(gnutls_srp_client_credentials_t res, 2471 const char *username, 2472 const char *password); 2473 2474void 2475gnutls_srp_free_server_credentials(gnutls_srp_server_credentials_t sc); 2476int 2477gnutls_srp_allocate_server_credentials(gnutls_srp_server_credentials_t * 2478 sc); 2479int gnutls_srp_set_server_credentials_file(gnutls_srp_server_credentials_t 2480 res, const char *password_file, 2481 const char *password_conf_file); 2482 2483const char *gnutls_srp_server_get_username(gnutls_session_t session); 2484 2485void gnutls_srp_set_prime_bits(gnutls_session_t session, 2486 unsigned int bits); 2487 2488int gnutls_srp_verifier(const char *username, 2489 const char *password, 2490 const gnutls_datum_t * salt, 2491 const gnutls_datum_t * generator, 2492 const gnutls_datum_t * prime, 2493 gnutls_datum_t * res); 2494 2495/* The static parameters defined in draft-ietf-tls-srp-05 2496 * Those should be used as input to gnutls_srp_verifier(). 2497 */ 2498extern _SYM_EXPORT const gnutls_datum_t gnutls_srp_8192_group_prime; 2499extern _SYM_EXPORT const gnutls_datum_t gnutls_srp_8192_group_generator; 2500 2501extern _SYM_EXPORT const gnutls_datum_t gnutls_srp_4096_group_prime; 2502extern _SYM_EXPORT const gnutls_datum_t gnutls_srp_4096_group_generator; 2503 2504extern _SYM_EXPORT const gnutls_datum_t gnutls_srp_3072_group_prime; 2505extern _SYM_EXPORT const gnutls_datum_t gnutls_srp_3072_group_generator; 2506 2507extern _SYM_EXPORT const gnutls_datum_t gnutls_srp_2048_group_prime; 2508extern _SYM_EXPORT const gnutls_datum_t gnutls_srp_2048_group_generator; 2509 2510extern _SYM_EXPORT const gnutls_datum_t gnutls_srp_1536_group_prime; 2511extern _SYM_EXPORT const gnutls_datum_t gnutls_srp_1536_group_generator; 2512 2513extern _SYM_EXPORT const gnutls_datum_t gnutls_srp_1024_group_prime; 2514extern _SYM_EXPORT const gnutls_datum_t gnutls_srp_1024_group_generator; 2515 2516/* The static parameters defined in rfc7919 2517 */ 2518 2519extern _SYM_EXPORT const gnutls_datum_t gnutls_ffdhe_8192_group_prime; 2520extern _SYM_EXPORT const gnutls_datum_t gnutls_ffdhe_8192_group_q; 2521extern _SYM_EXPORT const gnutls_datum_t gnutls_ffdhe_8192_group_generator; 2522extern _SYM_EXPORT const unsigned int gnutls_ffdhe_8192_key_bits; 2523 2524extern _SYM_EXPORT const gnutls_datum_t gnutls_ffdhe_6144_group_prime; 2525extern _SYM_EXPORT const gnutls_datum_t gnutls_ffdhe_6144_group_q; 2526extern _SYM_EXPORT const gnutls_datum_t gnutls_ffdhe_6144_group_generator; 2527extern _SYM_EXPORT const unsigned int gnutls_ffdhe_6144_key_bits; 2528 2529extern _SYM_EXPORT const gnutls_datum_t gnutls_ffdhe_4096_group_prime; 2530extern _SYM_EXPORT const gnutls_datum_t gnutls_ffdhe_4096_group_q; 2531extern _SYM_EXPORT const gnutls_datum_t gnutls_ffdhe_4096_group_generator; 2532extern _SYM_EXPORT const unsigned int gnutls_ffdhe_4096_key_bits; 2533 2534extern _SYM_EXPORT const gnutls_datum_t gnutls_ffdhe_3072_group_prime; 2535extern _SYM_EXPORT const gnutls_datum_t gnutls_ffdhe_3072_group_q; 2536extern _SYM_EXPORT const gnutls_datum_t gnutls_ffdhe_3072_group_generator; 2537extern _SYM_EXPORT const unsigned int gnutls_ffdhe_3072_key_bits; 2538 2539extern _SYM_EXPORT const gnutls_datum_t gnutls_ffdhe_2048_group_prime; 2540extern _SYM_EXPORT const gnutls_datum_t gnutls_ffdhe_2048_group_q; 2541extern _SYM_EXPORT const gnutls_datum_t gnutls_ffdhe_2048_group_generator; 2542extern _SYM_EXPORT const unsigned int gnutls_ffdhe_2048_key_bits; 2543 2544typedef int gnutls_srp_server_credentials_function(gnutls_session_t, 2545 const char *username, 2546 gnutls_datum_t * salt, 2547 gnutls_datum_t * 2548 verifier, 2549 gnutls_datum_t * 2550 generator, 2551 gnutls_datum_t * prime); 2552void 2553gnutls_srp_set_server_credentials_function(gnutls_srp_server_credentials_t 2554 cred, 2555 gnutls_srp_server_credentials_function 2556 * func); 2557 2558typedef int gnutls_srp_client_credentials_function(gnutls_session_t, 2559 char **, char **); 2560void 2561gnutls_srp_set_client_credentials_function(gnutls_srp_client_credentials_t 2562 cred, 2563 gnutls_srp_client_credentials_function 2564 * func); 2565 2566int gnutls_srp_base64_encode(const gnutls_datum_t * data, char *result, 2567 size_t * result_size); 2568int gnutls_srp_base64_encode2(const gnutls_datum_t * data, 2569 gnutls_datum_t * result); 2570 2571int gnutls_srp_base64_decode(const gnutls_datum_t * b64_data, char *result, 2572 size_t * result_size); 2573int gnutls_srp_base64_decode2(const gnutls_datum_t * b64_data, 2574 gnutls_datum_t * result); 2575 2576#define gnutls_srp_base64_encode_alloc gnutls_srp_base64_encode2 2577#define gnutls_srp_base64_decode_alloc gnutls_srp_base64_decode2 2578 2579void 2580gnutls_srp_set_server_fake_salt_seed(gnutls_srp_server_credentials_t 2581 sc, 2582 const gnutls_datum_t * seed, 2583 unsigned int salt_length); 2584 2585/* PSK stuff */ 2586typedef struct gnutls_psk_server_credentials_st 2587*gnutls_psk_server_credentials_t; 2588typedef struct gnutls_psk_client_credentials_st 2589*gnutls_psk_client_credentials_t; 2590 2591/** 2592 * gnutls_psk_key_flags: 2593 * @GNUTLS_PSK_KEY_RAW: PSK-key in raw format. 2594 * @GNUTLS_PSK_KEY_HEX: PSK-key in hex format. 2595 * 2596 * Enumeration of different PSK key flags. 2597 */ 2598typedef enum gnutls_psk_key_flags { 2599 GNUTLS_PSK_KEY_RAW = 0, 2600 GNUTLS_PSK_KEY_HEX 2601} gnutls_psk_key_flags; 2602 2603void 2604gnutls_psk_free_client_credentials(gnutls_psk_client_credentials_t sc); 2605int 2606gnutls_psk_allocate_client_credentials(gnutls_psk_client_credentials_t * 2607 sc); 2608int gnutls_psk_set_client_credentials(gnutls_psk_client_credentials_t res, 2609 const char *username, 2610 const gnutls_datum_t * key, 2611 gnutls_psk_key_flags flags); 2612int gnutls_psk_set_client_credentials2(gnutls_psk_client_credentials_t res, 2613 const gnutls_datum_t *username, 2614 const gnutls_datum_t *key, 2615 gnutls_psk_key_flags flags); 2616 2617void 2618gnutls_psk_free_server_credentials(gnutls_psk_server_credentials_t sc); 2619int 2620gnutls_psk_allocate_server_credentials(gnutls_psk_server_credentials_t * 2621 sc); 2622int gnutls_psk_set_server_credentials_file(gnutls_psk_server_credentials_t 2623 res, const char *password_file); 2624 2625int 2626gnutls_psk_set_server_credentials_hint(gnutls_psk_server_credentials_t 2627 res, const char *hint); 2628 2629const char *gnutls_psk_server_get_username(gnutls_session_t session); 2630int gnutls_psk_server_get_username2(gnutls_session_t session, 2631 gnutls_datum_t *out); 2632const char *gnutls_psk_client_get_hint(gnutls_session_t session); 2633 2634typedef int gnutls_psk_server_credentials_function(gnutls_session_t, 2635 const char *username, 2636 gnutls_datum_t * key); 2637typedef int gnutls_psk_server_credentials_function2(gnutls_session_t, 2638 const gnutls_datum_t *username, 2639 gnutls_datum_t *key); 2640void 2641gnutls_psk_set_server_credentials_function(gnutls_psk_server_credentials_t 2642 cred, 2643 gnutls_psk_server_credentials_function 2644 * func); 2645void 2646gnutls_psk_set_server_credentials_function2(gnutls_psk_server_credentials_t cred, 2647 gnutls_psk_server_credentials_function2 *func); 2648 2649typedef int gnutls_psk_client_credentials_function(gnutls_session_t, 2650 char **username, 2651 gnutls_datum_t * key); 2652typedef int gnutls_psk_client_credentials_function2(gnutls_session_t, 2653 gnutls_datum_t *username, 2654 gnutls_datum_t *key); 2655void 2656gnutls_psk_set_client_credentials_function(gnutls_psk_client_credentials_t 2657 cred, 2658 gnutls_psk_client_credentials_function 2659 * func); 2660void 2661gnutls_psk_set_client_credentials_function2(gnutls_psk_client_credentials_t cred, 2662 gnutls_psk_client_credentials_function2 *func); 2663 2664int gnutls_hex_encode(const gnutls_datum_t * data, char *result, 2665 size_t * result_size); 2666int gnutls_hex_decode(const gnutls_datum_t * hex_data, void *result, 2667 size_t * result_size); 2668 2669int gnutls_hex_encode2(const gnutls_datum_t * data, gnutls_datum_t *result); 2670int gnutls_hex_decode2(const gnutls_datum_t * data, gnutls_datum_t *result); 2671 2672void 2673gnutls_psk_set_server_dh_params(gnutls_psk_server_credentials_t res, 2674 gnutls_dh_params_t dh_params); 2675 2676int 2677gnutls_psk_set_server_known_dh_params(gnutls_psk_server_credentials_t res, 2678 gnutls_sec_param_t sec_param); 2679 2680void 2681gnutls_psk_set_server_params_function(gnutls_psk_server_credentials_t 2682 res, gnutls_params_function * func); 2683 2684/** 2685 * gnutls_x509_subject_alt_name_t: 2686 * @GNUTLS_SAN_DNSNAME: DNS-name SAN. 2687 * @GNUTLS_SAN_RFC822NAME: E-mail address SAN. 2688 * @GNUTLS_SAN_URI: URI SAN. 2689 * @GNUTLS_SAN_IPADDRESS: IP address SAN. 2690 * @GNUTLS_SAN_OTHERNAME: OtherName SAN. 2691 * @GNUTLS_SAN_DN: DN SAN. 2692 * @GNUTLS_SAN_REGISTERED_ID: RegisteredID. 2693 * @GNUTLS_SAN_OTHERNAME_XMPP: Virtual SAN, used by certain functions for convenience. 2694 * @GNUTLS_SAN_OTHERNAME_KRB5PRINCIPAL: Virtual SAN, used by certain functions for convenience. 2695 * 2696 * Enumeration of different subject alternative names types. 2697 */ 2698typedef enum gnutls_x509_subject_alt_name_t { 2699 GNUTLS_SAN_DNSNAME = 1, 2700 GNUTLS_SAN_RFC822NAME = 2, 2701 GNUTLS_SAN_URI = 3, 2702 GNUTLS_SAN_IPADDRESS = 4, 2703 GNUTLS_SAN_OTHERNAME = 5, 2704 GNUTLS_SAN_DN = 6, 2705 GNUTLS_SAN_REGISTERED_ID = 7, 2706 GNUTLS_SAN_MAX = GNUTLS_SAN_REGISTERED_ID, 2707 /* The following are "virtual" subject alternative name types, in 2708 that they are represented by an otherName value and an OID. 2709 Used by gnutls_x509_crt_get_subject_alt_othername_oid. */ 2710 GNUTLS_SAN_OTHERNAME_XMPP = 1000, 2711 GNUTLS_SAN_OTHERNAME_KRB5PRINCIPAL 2712} gnutls_x509_subject_alt_name_t; 2713 2714struct gnutls_openpgp_crt_int; 2715typedef struct gnutls_openpgp_crt_int *gnutls_openpgp_crt_t; 2716 2717struct gnutls_openpgp_privkey_int; 2718typedef struct gnutls_openpgp_privkey_int *gnutls_openpgp_privkey_t; 2719 2720struct gnutls_pkcs11_privkey_st; 2721typedef struct gnutls_pkcs11_privkey_st *gnutls_pkcs11_privkey_t; 2722 2723/** 2724 * gnutls_privkey_type_t: 2725 * @GNUTLS_PRIVKEY_X509: X.509 private key, #gnutls_x509_privkey_t. 2726 * @GNUTLS_PRIVKEY_OPENPGP: OpenPGP private key, #gnutls_openpgp_privkey_t. 2727 * @GNUTLS_PRIVKEY_PKCS11: PKCS11 private key, #gnutls_pkcs11_privkey_t. 2728 * @GNUTLS_PRIVKEY_EXT: External private key, operating using callbacks. 2729 * 2730 * Enumeration of different private key types. 2731 */ 2732typedef enum { 2733 GNUTLS_PRIVKEY_X509, 2734 GNUTLS_PRIVKEY_OPENPGP, 2735 GNUTLS_PRIVKEY_PKCS11, 2736 GNUTLS_PRIVKEY_EXT 2737} gnutls_privkey_type_t; 2738 2739typedef struct gnutls_retr2_st { 2740 gnutls_certificate_type_t cert_type; 2741 gnutls_privkey_type_t key_type; 2742 2743 union { 2744 gnutls_x509_crt_t *x509; 2745 gnutls_openpgp_crt_t pgp; 2746 } cert; 2747 unsigned int ncerts; /* one for pgp keys */ 2748 2749 union { 2750 gnutls_x509_privkey_t x509; 2751 gnutls_openpgp_privkey_t pgp; 2752 gnutls_pkcs11_privkey_t pkcs11; 2753 } key; 2754 2755 unsigned int deinit_all; /* if non zero all keys will be deinited */ 2756} gnutls_retr2_st; 2757 2758 2759 /* Functions that allow auth_info_t structures handling 2760 */ 2761 2762gnutls_credentials_type_t gnutls_auth_get_type(gnutls_session_t session); 2763gnutls_credentials_type_t 2764gnutls_auth_server_get_type(gnutls_session_t session); 2765gnutls_credentials_type_t 2766gnutls_auth_client_get_type(gnutls_session_t session); 2767 2768 /* DH */ 2769 2770void gnutls_dh_set_prime_bits(gnutls_session_t session, unsigned int bits); 2771int gnutls_dh_get_secret_bits(gnutls_session_t session); 2772int gnutls_dh_get_peers_public_bits(gnutls_session_t session); 2773int gnutls_dh_get_prime_bits(gnutls_session_t session); 2774 2775int gnutls_dh_get_group(gnutls_session_t session, gnutls_datum_t * raw_gen, 2776 gnutls_datum_t * raw_prime); 2777int gnutls_dh_get_pubkey(gnutls_session_t session, 2778 gnutls_datum_t * raw_key); 2779 2780 /* X509PKI */ 2781 2782 2783 /* These are set on the credentials structure. 2784 */ 2785 2786 /* use gnutls_certificate_set_retrieve_function2() in abstract.h 2787 * instead. It's much more efficient. 2788 */ 2789 2790typedef int gnutls_certificate_retrieve_function(gnutls_session_t, 2791 const 2792 gnutls_datum_t * 2793 req_ca_rdn, 2794 int nreqs, 2795 const 2796 gnutls_pk_algorithm_t 2797 * pk_algos, 2798 int 2799 pk_algos_length, 2800 gnutls_retr2_st *); 2801 2802 2803void 2804gnutls_certificate_set_retrieve_function(gnutls_certificate_credentials_t 2805 cred, 2806 gnutls_certificate_retrieve_function 2807 * func); 2808 2809void 2810gnutls_certificate_set_verify_function(gnutls_certificate_credentials_t 2811 cred, 2812 gnutls_certificate_verify_function 2813 * func); 2814 2815void 2816gnutls_certificate_server_set_request(gnutls_session_t session, 2817 gnutls_certificate_request_t req); 2818 2819 /* get data from the session 2820 */ 2821const gnutls_datum_t *gnutls_certificate_get_peers(gnutls_session_t 2822 session, unsigned int 2823 *list_size); 2824const gnutls_datum_t *gnutls_certificate_get_ours(gnutls_session_t 2825 session); 2826 2827int gnutls_certificate_get_peers_subkey_id(gnutls_session_t session, 2828 gnutls_datum_t * id); 2829 2830time_t gnutls_certificate_activation_time_peers(gnutls_session_t session); 2831time_t gnutls_certificate_expiration_time_peers(gnutls_session_t session); 2832 2833unsigned gnutls_certificate_client_get_request_status(gnutls_session_t session); 2834int gnutls_certificate_verify_peers2(gnutls_session_t session, 2835 unsigned int *status); 2836int gnutls_certificate_verify_peers3(gnutls_session_t session, 2837 const char *hostname, 2838 unsigned int *status); 2839 2840int 2841gnutls_certificate_verify_peers(gnutls_session_t session, 2842 gnutls_typed_vdata_st * data, 2843 unsigned int elements, 2844 unsigned int *status); 2845 2846int gnutls_certificate_verification_status_print(unsigned int status, 2847 gnutls_certificate_type_t 2848 type, 2849 gnutls_datum_t * out, 2850 unsigned int flags); 2851 2852int gnutls_pem_base64_encode(const char *msg, const gnutls_datum_t * data, 2853 char *result, size_t * result_size); 2854int gnutls_pem_base64_decode(const char *header, 2855 const gnutls_datum_t * b64_data, 2856 unsigned char *result, size_t * result_size); 2857 2858int gnutls_pem_base64_encode2(const char *msg, 2859 const gnutls_datum_t * data, 2860 gnutls_datum_t * result); 2861int gnutls_pem_base64_decode2(const char *header, 2862 const gnutls_datum_t * b64_data, 2863 gnutls_datum_t * result); 2864 2865int gnutls_base64_encode2(const gnutls_datum_t * data, 2866 gnutls_datum_t * result); 2867int gnutls_base64_decode2(const gnutls_datum_t * b64_data, 2868 gnutls_datum_t * result); 2869 2870#define gnutls_pem_base64_encode_alloc gnutls_pem_base64_encode2 2871#define gnutls_pem_base64_decode_alloc gnutls_pem_base64_decode2 2872 2873 /* key_usage will be an OR of the following values: 2874 */ 2875 2876 /* when the key is to be used for signing: */ 2877#define GNUTLS_KEY_DIGITAL_SIGNATURE 128 2878#define GNUTLS_KEY_NON_REPUDIATION 64 2879 /* when the key is to be used for encryption: */ 2880#define GNUTLS_KEY_KEY_ENCIPHERMENT 32 2881#define GNUTLS_KEY_DATA_ENCIPHERMENT 16 2882#define GNUTLS_KEY_KEY_AGREEMENT 8 2883#define GNUTLS_KEY_KEY_CERT_SIGN 4 2884#define GNUTLS_KEY_CRL_SIGN 2 2885#define GNUTLS_KEY_ENCIPHER_ONLY 1 2886#define GNUTLS_KEY_DECIPHER_ONLY 32768 2887 2888void 2889gnutls_certificate_set_params_function(gnutls_certificate_credentials_t 2890 res, gnutls_params_function * func); 2891void gnutls_anon_set_params_function(gnutls_anon_server_credentials_t res, 2892 gnutls_params_function * func); 2893void gnutls_psk_set_params_function(gnutls_psk_server_credentials_t res, 2894 gnutls_params_function * func); 2895 2896int gnutls_hex2bin(const char *hex_data, size_t hex_size, 2897 void *bin_data, size_t * bin_size); 2898 2899 /* Trust on first use (or ssh like) functions */ 2900 2901 /* stores the provided information to a database 2902 */ 2903typedef int (*gnutls_tdb_store_func) (const char *db_name, 2904 const char *host, 2905 const char *service, 2906 time_t expiration, 2907 const gnutls_datum_t * pubkey); 2908 2909typedef int (*gnutls_tdb_store_commitment_func) (const char *db_name, 2910 const char *host, 2911 const char *service, 2912 time_t expiration, 2913 gnutls_digest_algorithm_t 2914 hash_algo, 2915 const gnutls_datum_t * 2916 hash); 2917 2918 /* searches for the provided host/service pair that match the 2919 * provided public key in the database. */ 2920typedef int (*gnutls_tdb_verify_func) (const char *db_name, 2921 const char *host, 2922 const char *service, 2923 const gnutls_datum_t * pubkey); 2924 2925 2926struct gnutls_tdb_int; 2927typedef struct gnutls_tdb_int *gnutls_tdb_t; 2928 2929int gnutls_tdb_init(gnutls_tdb_t * tdb); 2930void gnutls_tdb_set_store_func(gnutls_tdb_t tdb, 2931 gnutls_tdb_store_func store); 2932void gnutls_tdb_set_store_commitment_func(gnutls_tdb_t tdb, 2933 gnutls_tdb_store_commitment_func 2934 cstore); 2935void gnutls_tdb_set_verify_func(gnutls_tdb_t tdb, 2936 gnutls_tdb_verify_func verify); 2937void gnutls_tdb_deinit(gnutls_tdb_t tdb); 2938 2939int gnutls_verify_stored_pubkey(const char *db_name, 2940 gnutls_tdb_t tdb, 2941 const char *host, 2942 const char *service, 2943 gnutls_certificate_type_t cert_type, 2944 const gnutls_datum_t * cert, 2945 unsigned int flags); 2946 2947#define GNUTLS_SCOMMIT_FLAG_ALLOW_BROKEN 1 2948int gnutls_store_commitment(const char *db_name, 2949 gnutls_tdb_t tdb, 2950 const char *host, 2951 const char *service, 2952 gnutls_digest_algorithm_t hash_algo, 2953 const gnutls_datum_t * hash, 2954 time_t expiration, unsigned int flags); 2955 2956int gnutls_store_pubkey(const char *db_name, 2957 gnutls_tdb_t tdb, 2958 const char *host, 2959 const char *service, 2960 gnutls_certificate_type_t cert_type, 2961 const gnutls_datum_t * cert, 2962 time_t expiration, unsigned int flags); 2963 2964 /* Other helper functions */ 2965int gnutls_load_file(const char *filename, gnutls_datum_t * data); 2966 2967unsigned gnutls_url_is_supported(const char *url); 2968 2969 /* PIN callback */ 2970 2971/** 2972 * gnutls_pin_flag_t: 2973 * @GNUTLS_PIN_USER: The PIN for the user. 2974 * @GNUTLS_PIN_SO: The PIN for the security officer (admin). 2975 * @GNUTLS_PIN_CONTEXT_SPECIFIC: The PIN is for a specific action and key like signing. 2976 * @GNUTLS_PIN_FINAL_TRY: This is the final try before blocking. 2977 * @GNUTLS_PIN_COUNT_LOW: Few tries remain before token blocks. 2978 * @GNUTLS_PIN_WRONG: Last given PIN was not correct. 2979 * 2980 * Enumeration of different flags that are input to the PIN function. 2981 */ 2982typedef enum { 2983 GNUTLS_PIN_USER = (1 << 0), 2984 GNUTLS_PIN_SO = (1 << 1), 2985 GNUTLS_PIN_FINAL_TRY = (1 << 2), 2986 GNUTLS_PIN_COUNT_LOW = (1 << 3), 2987 GNUTLS_PIN_CONTEXT_SPECIFIC = (1 << 4), 2988 GNUTLS_PIN_WRONG = (1 << 5) 2989} gnutls_pin_flag_t; 2990 2991#define GNUTLS_PKCS11_PIN_USER GNUTLS_PIN_USER 2992#define GNUTLS_PKCS11_PIN_SO GNUTLS_PIN_SO 2993#define GNUTLS_PKCS11_PIN_FINAL_TRY GNUTLS_PIN_FINAL_TRY 2994#define GNUTLS_PKCS11_PIN_COUNT_LOW GNUTLS_PIN_COUNT_LOW 2995#define GNUTLS_PKCS11_PIN_CONTEXT_SPECIFIC GNUTLS_PIN_CONTEXT_SPECIFIC 2996#define GNUTLS_PKCS11_PIN_WRONG GNUTLS_PIN_WRONG 2997 2998/** 2999 * gnutls_pin_callback_t: 3000 * @userdata: user-controlled data from gnutls_pkcs11_set_pin_function(). 3001 * @attempt: pin-attempt counter, initially 0. 3002 * @token_url: URL of token. 3003 * @token_label: label of token. 3004 * @flags: a #gnutls_pin_flag_t flag. 3005 * @pin: buffer to hold PIN, of size @pin_max. 3006 * @pin_max: size of @pin buffer. 3007 * 3008 * Callback function type for PKCS#11 or TPM PIN entry. It is set by 3009 * functions like gnutls_pkcs11_set_pin_function(). 3010 * 3011 * The callback should provides the PIN code to unlock the token with 3012 * label @token_label, specified by the URL @token_url. 3013 * 3014 * The PIN code, as a NUL-terminated ASCII string, should be copied 3015 * into the @pin buffer (of maximum size @pin_max), and return 0 to 3016 * indicate success. Alternatively, the callback may return a 3017 * negative gnutls error code to indicate failure and cancel PIN entry 3018 * (in which case, the contents of the @pin parameter are ignored). 3019 * 3020 * When a PIN is required, the callback will be invoked repeatedly 3021 * (and indefinitely) until either the returned PIN code is correct, 3022 * the callback returns failure, or the token refuses login (e.g. when 3023 * the token is locked due to too many incorrect PINs!). For the 3024 * first such invocation, the @attempt counter will have value zero; 3025 * it will increase by one for each subsequent attempt. 3026 * 3027 * Returns: %GNUTLS_E_SUCCESS (0) on success or a negative error code on error. 3028 * 3029 * Since: 2.12.0 3030 **/ 3031typedef int (*gnutls_pin_callback_t) (void *userdata, int attempt, 3032 const char *token_url, 3033 const char *token_label, 3034 unsigned int flags, 3035 char *pin, size_t pin_max); 3036 3037void gnutls_certificate_set_pin_function(gnutls_certificate_credentials_t, 3038 gnutls_pin_callback_t fn, 3039 void *userdata); 3040 3041/* Public string related functions */ 3042typedef struct gnutls_buffer_st *gnutls_buffer_t; 3043 3044int gnutls_buffer_append_data(gnutls_buffer_t, const void *data, size_t data_size); 3045 3046#define GNUTLS_UTF8_IGNORE_ERRS 1 3047int gnutls_utf8_password_normalize(const unsigned char *password, unsigned password_len, 3048 gnutls_datum_t *out, unsigned flags); 3049 3050/* Public extensions related functions */ 3051 3052typedef void *gnutls_ext_priv_data_t; 3053 3054void gnutls_ext_set_data(gnutls_session_t session, unsigned type, 3055 gnutls_ext_priv_data_t); 3056int gnutls_ext_get_data(gnutls_session_t session, unsigned type, 3057 gnutls_ext_priv_data_t *); 3058 3059unsigned gnutls_ext_get_current_msg(gnutls_session_t session); 3060 3061typedef int (*gnutls_ext_recv_func) (gnutls_session_t session, 3062 const unsigned char *data, 3063 size_t len); 3064 3065typedef int (*gnutls_ext_send_func) (gnutls_session_t session, 3066 gnutls_buffer_t extdata); 3067 3068typedef void (*gnutls_ext_deinit_data_func) (gnutls_ext_priv_data_t data); 3069 3070typedef int (*gnutls_ext_pack_func) (gnutls_ext_priv_data_t data, 3071 gnutls_buffer_t packed_data); 3072 3073typedef int (*gnutls_ext_unpack_func) (gnutls_buffer_t packed_data, 3074 gnutls_ext_priv_data_t *data); 3075 3076#define GNUTLS_EXT_RAW_FLAG_TLS_CLIENT_HELLO 1 3077#define GNUTLS_EXT_RAW_FLAG_DTLS_CLIENT_HELLO (1<<1) 3078typedef int (*gnutls_ext_raw_process_func)(void *ctx, unsigned tls_id, const unsigned char *data, unsigned data_size); 3079int gnutls_ext_raw_parse(void *ctx, gnutls_ext_raw_process_func cb, 3080 const gnutls_datum_t *data, unsigned int flags); 3081 3082/** 3083 * gnutls_ext_parse_type_t: 3084 * @GNUTLS_EXT_NONE: Never to be parsed 3085 * @GNUTLS_EXT_ANY: Any extension type (should not be used as it is used only internally). 3086 * @GNUTLS_EXT_VERSION_NEG: Extensions to be parsed first for TLS version negotiation. 3087 * @GNUTLS_EXT_MANDATORY: Parsed after @GNUTLS_EXT_VERSION_NEG and even when resuming. 3088 * @GNUTLS_EXT_APPLICATION: Parsed after @GNUTLS_EXT_MANDATORY 3089 * @GNUTLS_EXT_TLS: TLS-internal extensions, parsed after @GNUTLS_EXT_APPLICATION. 3090 * 3091 * Enumeration of different TLS extension parsing phases. The @gnutls_ext_parse_type_t 3092 * indicates the time/phase an extension is parsed during Client or Server hello parsing. 3093 * 3094 */ 3095typedef enum { 3096 GNUTLS_EXT_ANY = 0, 3097 GNUTLS_EXT_APPLICATION = 1, 3098 GNUTLS_EXT_TLS = 2, 3099 GNUTLS_EXT_MANDATORY = 3, 3100 GNUTLS_EXT_NONE = 4, 3101 GNUTLS_EXT_VERSION_NEG = 5 3102} gnutls_ext_parse_type_t; 3103 3104/** 3105 * gnutls_ext_flags_t: 3106 * @GNUTLS_EXT_FLAG_OVERRIDE_INTERNAL: If specified the extension registered will override the internal; this does not work with extensions existing prior to 3.6.0. 3107 * @GNUTLS_EXT_FLAG_CLIENT_HELLO: This extension can be present in a client hello 3108 * @GNUTLS_EXT_FLAG_TLS12_SERVER_HELLO: This extension can be present in a TLS1.2 or earlier server hello 3109 * @GNUTLS_EXT_FLAG_TLS13_SERVER_HELLO: This extension can be present in a TLS1.3 server hello 3110 * @GNUTLS_EXT_FLAG_EE: This extension can be present in encrypted extensions message 3111 * @GNUTLS_EXT_FLAG_HRR: This extension can be present in hello retry request message 3112 * @GNUTLS_EXT_FLAG_IGNORE_CLIENT_REQUEST: When flag is present, this extension will be send even if the client didn't advertise it. An extension of this type is the Cookie TLS1.3 extension. 3113 * @GNUTLS_EXT_FLAG_DTLS: This extension can be present under DTLS; otherwise ignored. 3114 * @GNUTLS_EXT_FLAG_TLS: This extension can be present under TLS; otherwise ignored. 3115 * 3116 * Enumeration of different TLS extension registration flags. 3117 */ 3118typedef enum { 3119 GNUTLS_EXT_FLAG_OVERRIDE_INTERNAL = 1, 3120 GNUTLS_EXT_FLAG_CLIENT_HELLO = (1<<1), 3121 GNUTLS_EXT_FLAG_TLS12_SERVER_HELLO = (1<<2), 3122 GNUTLS_EXT_FLAG_TLS13_SERVER_HELLO = (1<<3), 3123 GNUTLS_EXT_FLAG_EE = (1<<4), /* ENCRYPTED */ 3124 GNUTLS_EXT_FLAG_HRR = (1<<5), 3125 GNUTLS_EXT_FLAG_IGNORE_CLIENT_REQUEST = (1<<6), 3126 GNUTLS_EXT_FLAG_TLS = (1<<7), 3127 GNUTLS_EXT_FLAG_DTLS = (1<<8) 3128} gnutls_ext_flags_t; 3129 3130/* Register a custom tls extension 3131 */ 3132int gnutls_ext_register(const char *name, int type, gnutls_ext_parse_type_t parse_point, 3133 gnutls_ext_recv_func recv_func, gnutls_ext_send_func send_func, 3134 gnutls_ext_deinit_data_func deinit_func, gnutls_ext_pack_func pack_func, 3135 gnutls_ext_unpack_func unpack_func); 3136 3137int gnutls_session_ext_register(gnutls_session_t, const char *name, int type, gnutls_ext_parse_type_t parse_point, 3138 gnutls_ext_recv_func recv_func, gnutls_ext_send_func send_func, 3139 gnutls_ext_deinit_data_func deinit_func, gnutls_ext_pack_func pack_func, 3140 gnutls_ext_unpack_func unpack_func, unsigned flags); 3141 3142const char *gnutls_ext_get_name(unsigned int ext); 3143const char *gnutls_ext_get_name2(gnutls_session_t session, unsigned int tls_id, 3144 gnutls_ext_parse_type_t parse_point); 3145 3146/* Public supplemental data related functions */ 3147 3148typedef int (*gnutls_supp_recv_func) (gnutls_session_t session, 3149 const unsigned char * data, size_t data_size); 3150typedef int (*gnutls_supp_send_func) (gnutls_session_t session, 3151 gnutls_buffer_t buf); 3152 3153int gnutls_supplemental_register(const char *name, 3154 gnutls_supplemental_data_format_type_t type, 3155 gnutls_supp_recv_func supp_recv_func, 3156 gnutls_supp_send_func supp_send_func); 3157 3158int gnutls_session_supplemental_register(gnutls_session_t session, const char *name, 3159 gnutls_supplemental_data_format_type_t type, 3160 gnutls_supp_recv_func supp_recv_func, 3161 gnutls_supp_send_func supp_send_func, 3162 unsigned int flags); 3163 3164void gnutls_supplemental_recv(gnutls_session_t session, unsigned do_recv_supplemental); 3165 3166void gnutls_supplemental_send(gnutls_session_t session, unsigned do_send_supplemental); 3167 3168/* Anti-replay related functions */ 3169 3170typedef struct gnutls_anti_replay_st *gnutls_anti_replay_t; 3171 3172int gnutls_anti_replay_init(gnutls_anti_replay_t *anti_replay); 3173void gnutls_anti_replay_deinit(gnutls_anti_replay_t anti_replay); 3174void gnutls_anti_replay_set_window(gnutls_anti_replay_t anti_replay, 3175 unsigned int window); 3176void gnutls_anti_replay_enable(gnutls_session_t session, 3177 gnutls_anti_replay_t anti_replay); 3178 3179typedef int (*gnutls_db_add_func) (void *, time_t exp_time, const gnutls_datum_t *key, 3180 const gnutls_datum_t *data); 3181 3182void gnutls_anti_replay_set_add_function(gnutls_anti_replay_t, 3183 gnutls_db_add_func add_func); 3184 3185void gnutls_anti_replay_set_ptr(gnutls_anti_replay_t, void *ptr); 3186 3187 3188/* FIPS140-2 related functions */ 3189unsigned gnutls_fips140_mode_enabled(void); 3190 3191/** 3192 * gnutls_fips_mode_t: 3193 * @GNUTLS_FIPS140_DISABLED: The FIPS140-2 mode is disabled. 3194 * @GNUTLS_FIPS140_STRICT: The default mode; all forbidden operations will cause an 3195 * operation failure via error code. 3196 * @GNUTLS_FIPS140_LAX: The library still uses the FIPS140-2 relevant algorithms but all 3197 * forbidden by FIPS140-2 operations are allowed; this is useful when the 3198 * application is aware of the followed security policy, and needs 3199 * to utilize disallowed operations for other reasons (e.g., compatibility). 3200 * @GNUTLS_FIPS140_LOG: Similarly to %GNUTLS_FIPS140_LAX, it allows forbidden operations; any use of them results 3201 * to a message to the audit callback functions. 3202 * @GNUTLS_FIPS140_SELFTESTS: A transient state during library initialization. That state 3203 * cannot be set or seen by applications. 3204 * 3205 * Enumeration of different operational modes under FIPS140-2. 3206 */ 3207typedef enum gnutls_fips_mode_t { 3208 GNUTLS_FIPS140_DISABLED = 0, 3209 GNUTLS_FIPS140_STRICT = 1, 3210 GNUTLS_FIPS140_SELFTESTS = 2, 3211 GNUTLS_FIPS140_LAX = 3, 3212 GNUTLS_FIPS140_LOG = 4 3213} gnutls_fips_mode_t; 3214 3215#define GNUTLS_FIPS140_SET_MODE_THREAD 1 3216 3217void gnutls_fips140_set_mode(gnutls_fips_mode_t mode, unsigned flags); 3218 3219#define GNUTLS_FIPS140_SET_LAX_MODE() do { \ 3220 if (gnutls_fips140_mode_enabled()) \ 3221 gnutls_fips140_set_mode(GNUTLS_FIPS140_LAX, GNUTLS_FIPS140_SET_MODE_THREAD); \ 3222 } while(0) 3223 3224#define GNUTLS_FIPS140_SET_STRICT_MODE() do { \ 3225 if (gnutls_fips140_mode_enabled()) \ 3226 gnutls_fips140_set_mode(GNUTLS_FIPS140_STRICT, GNUTLS_FIPS140_SET_MODE_THREAD); \ 3227 } while(0) 3228 3229 /* Gnutls error codes. The mapping to a TLS alert is also shown in 3230 * comments. 3231 */ 3232 3233#define GNUTLS_E_SUCCESS 0 3234#define GNUTLS_E_UNKNOWN_COMPRESSION_ALGORITHM -3 3235#define GNUTLS_E_UNKNOWN_CIPHER_TYPE -6 3236#define GNUTLS_E_LARGE_PACKET -7 3237#define GNUTLS_E_UNSUPPORTED_VERSION_PACKET -8 /* GNUTLS_A_PROTOCOL_VERSION */ 3238#define GNUTLS_E_TLS_PACKET_DECODING_ERROR GNUTLS_E_UNEXPECTED_PACKET_LENGTH 3239#define GNUTLS_E_UNEXPECTED_PACKET_LENGTH -9 /* GNUTLS_A_DECODE_ERROR */ 3240#define GNUTLS_E_INVALID_SESSION -10 3241#define GNUTLS_E_FATAL_ALERT_RECEIVED -12 3242#define GNUTLS_E_UNEXPECTED_PACKET -15 /* GNUTLS_A_UNEXPECTED_MESSAGE */ 3243#define GNUTLS_E_WARNING_ALERT_RECEIVED -16 3244#define GNUTLS_E_ERROR_IN_FINISHED_PACKET -18 3245#define GNUTLS_E_UNEXPECTED_HANDSHAKE_PACKET -19 3246#define GNUTLS_E_UNKNOWN_CIPHER_SUITE -21 /* GNUTLS_A_HANDSHAKE_FAILURE */ 3247#define GNUTLS_E_UNWANTED_ALGORITHM -22 3248#define GNUTLS_E_MPI_SCAN_FAILED -23 3249#define GNUTLS_E_DECRYPTION_FAILED -24 /* GNUTLS_A_DECRYPTION_FAILED, GNUTLS_A_BAD_RECORD_MAC */ 3250#define GNUTLS_E_MEMORY_ERROR -25 3251#define GNUTLS_E_DECOMPRESSION_FAILED -26 /* GNUTLS_A_DECOMPRESSION_FAILURE */ 3252#define GNUTLS_E_COMPRESSION_FAILED -27 3253#define GNUTLS_E_AGAIN -28 3254#define GNUTLS_E_EXPIRED -29 3255#define GNUTLS_E_DB_ERROR -30 3256#define GNUTLS_E_SRP_PWD_ERROR GNUTLS_E_KEYFILE_ERROR 3257#define GNUTLS_E_KEYFILE_ERROR -31 3258#define GNUTLS_E_INSUFFICIENT_CREDENTIALS -32 3259#define GNUTLS_E_INSUFICIENT_CREDENTIALS GNUTLS_E_INSUFFICIENT_CREDENTIALS /* for backwards compatibility only */ 3260#define GNUTLS_E_INSUFFICIENT_CRED GNUTLS_E_INSUFFICIENT_CREDENTIALS 3261#define GNUTLS_E_INSUFICIENT_CRED GNUTLS_E_INSUFFICIENT_CREDENTIALS /* for backwards compatibility only */ 3262 3263#define GNUTLS_E_HASH_FAILED -33 3264#define GNUTLS_E_BASE64_DECODING_ERROR -34 3265 3266#define GNUTLS_E_MPI_PRINT_FAILED -35 3267#define GNUTLS_E_REHANDSHAKE -37 /* GNUTLS_A_NO_RENEGOTIATION */ 3268#define GNUTLS_E_GOT_APPLICATION_DATA -38 3269#define GNUTLS_E_RECORD_LIMIT_REACHED -39 3270#define GNUTLS_E_ENCRYPTION_FAILED -40 3271 3272#define GNUTLS_E_PK_ENCRYPTION_FAILED -44 3273#define GNUTLS_E_PK_DECRYPTION_FAILED -45 3274#define GNUTLS_E_PK_SIGN_FAILED -46 3275#define GNUTLS_E_X509_UNSUPPORTED_CRITICAL_EXTENSION -47 3276#define GNUTLS_E_KEY_USAGE_VIOLATION -48 3277#define GNUTLS_E_NO_CERTIFICATE_FOUND -49 /* GNUTLS_A_BAD_CERTIFICATE */ 3278#define GNUTLS_E_INVALID_REQUEST -50 3279#define GNUTLS_E_SHORT_MEMORY_BUFFER -51 3280#define GNUTLS_E_INTERRUPTED -52 3281#define GNUTLS_E_PUSH_ERROR -53 3282#define GNUTLS_E_PULL_ERROR -54 3283#define GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER -55 /* GNUTLS_A_ILLEGAL_PARAMETER */ 3284#define GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE -56 3285#define GNUTLS_E_PKCS1_WRONG_PAD -57 3286#define GNUTLS_E_RECEIVED_ILLEGAL_EXTENSION -58 3287#define GNUTLS_E_INTERNAL_ERROR -59 3288#define GNUTLS_E_DH_PRIME_UNACCEPTABLE -63 3289#define GNUTLS_E_FILE_ERROR -64 3290#define GNUTLS_E_TOO_MANY_EMPTY_PACKETS -78 3291#define GNUTLS_E_UNKNOWN_PK_ALGORITHM -80 3292#define GNUTLS_E_TOO_MANY_HANDSHAKE_PACKETS -81 3293#define GNUTLS_E_RECEIVED_DISALLOWED_NAME -82 /* GNUTLS_A_ILLEGAL_PARAMETER */ 3294#define GNUTLS_E_CERTIFICATE_REQUIRED -112 /* GNUTLS_A_CERTIFICATE_REQUIRED */ 3295 3296 /* returned if you need to generate temporary RSA 3297 * parameters. These are needed for export cipher suites. 3298 */ 3299#define GNUTLS_E_NO_TEMPORARY_RSA_PARAMS -84 3300 3301#define GNUTLS_E_NO_COMPRESSION_ALGORITHMS -86 3302#define GNUTLS_E_NO_CIPHER_SUITES -87 3303 3304#define GNUTLS_E_OPENPGP_GETKEY_FAILED -88 3305#define GNUTLS_E_PK_SIG_VERIFY_FAILED -89 3306 3307#define GNUTLS_E_ILLEGAL_SRP_USERNAME -90 3308#define GNUTLS_E_SRP_PWD_PARSING_ERROR GNUTLS_E_KEYFILE_PARSING_ERROR 3309#define GNUTLS_E_KEYFILE_PARSING_ERROR -91 3310#define GNUTLS_E_NO_TEMPORARY_DH_PARAMS -93 3311 3312 /* For certificate and key stuff 3313 */ 3314#define GNUTLS_E_ASN1_ELEMENT_NOT_FOUND -67 3315#define GNUTLS_E_ASN1_IDENTIFIER_NOT_FOUND -68 3316#define GNUTLS_E_ASN1_DER_ERROR -69 3317#define GNUTLS_E_ASN1_VALUE_NOT_FOUND -70 3318#define GNUTLS_E_ASN1_GENERIC_ERROR -71 3319#define GNUTLS_E_ASN1_VALUE_NOT_VALID -72 3320#define GNUTLS_E_ASN1_TAG_ERROR -73 3321#define GNUTLS_E_ASN1_TAG_IMPLICIT -74 3322#define GNUTLS_E_ASN1_TYPE_ANY_ERROR -75 3323#define GNUTLS_E_ASN1_SYNTAX_ERROR -76 3324#define GNUTLS_E_ASN1_DER_OVERFLOW -77 3325#define GNUTLS_E_OPENPGP_UID_REVOKED -79 3326#define GNUTLS_E_CERTIFICATE_ERROR -43 3327#define GNUTLS_E_X509_CERTIFICATE_ERROR GNUTLS_E_CERTIFICATE_ERROR 3328#define GNUTLS_E_CERTIFICATE_KEY_MISMATCH -60 3329#define GNUTLS_E_UNSUPPORTED_CERTIFICATE_TYPE -61 /* GNUTLS_A_UNSUPPORTED_CERTIFICATE */ 3330#define GNUTLS_E_X509_UNKNOWN_SAN -62 3331#define GNUTLS_E_OPENPGP_FINGERPRINT_UNSUPPORTED -94 3332#define GNUTLS_E_X509_UNSUPPORTED_ATTRIBUTE -95 3333#define GNUTLS_E_UNKNOWN_HASH_ALGORITHM -96 3334#define GNUTLS_E_UNKNOWN_PKCS_CONTENT_TYPE -97 3335#define GNUTLS_E_UNKNOWN_PKCS_BAG_TYPE -98 3336#define GNUTLS_E_INVALID_PASSWORD -99 3337#define GNUTLS_E_MAC_VERIFY_FAILED -100 /* for PKCS #12 MAC */ 3338#define GNUTLS_E_CONSTRAINT_ERROR -101 3339 3340#define GNUTLS_E_WARNING_IA_IPHF_RECEIVED -102 3341#define GNUTLS_E_WARNING_IA_FPHF_RECEIVED -103 3342 3343#define GNUTLS_E_IA_VERIFY_FAILED -104 3344#define GNUTLS_E_UNKNOWN_ALGORITHM -105 3345#define GNUTLS_E_UNSUPPORTED_SIGNATURE_ALGORITHM -106 3346#define GNUTLS_E_SAFE_RENEGOTIATION_FAILED -107 3347#define GNUTLS_E_UNSAFE_RENEGOTIATION_DENIED -108 3348#define GNUTLS_E_UNKNOWN_SRP_USERNAME -109 3349#define GNUTLS_E_PREMATURE_TERMINATION -110 3350 3351#define GNUTLS_E_MALFORMED_CIDR -111 3352 3353#define GNUTLS_E_BASE64_ENCODING_ERROR -201 3354#define GNUTLS_E_INCOMPATIBLE_GCRYPT_LIBRARY -202 /* obsolete */ 3355#define GNUTLS_E_INCOMPATIBLE_CRYPTO_LIBRARY -202 3356#define GNUTLS_E_INCOMPATIBLE_LIBTASN1_LIBRARY -203 3357 3358#define GNUTLS_E_OPENPGP_KEYRING_ERROR -204 3359#define GNUTLS_E_X509_UNSUPPORTED_OID -205 3360 3361#define GNUTLS_E_RANDOM_FAILED -206 3362#define GNUTLS_E_BASE64_UNEXPECTED_HEADER_ERROR -207 3363 3364#define GNUTLS_E_OPENPGP_SUBKEY_ERROR -208 3365 3366#define GNUTLS_E_CRYPTO_ALREADY_REGISTERED GNUTLS_E_ALREADY_REGISTERED 3367#define GNUTLS_E_ALREADY_REGISTERED -209 3368 3369#define GNUTLS_E_HANDSHAKE_TOO_LARGE -210 3370 3371#define GNUTLS_E_CRYPTODEV_IOCTL_ERROR -211 3372#define GNUTLS_E_CRYPTODEV_DEVICE_ERROR -212 3373 3374#define GNUTLS_E_CHANNEL_BINDING_NOT_AVAILABLE -213 3375#define GNUTLS_E_BAD_COOKIE -214 3376#define GNUTLS_E_OPENPGP_PREFERRED_KEY_ERROR -215 3377#define GNUTLS_E_INCOMPAT_DSA_KEY_WITH_TLS_PROTOCOL -216 3378#define GNUTLS_E_INSUFFICIENT_SECURITY -217 3379 3380#define GNUTLS_E_HEARTBEAT_PONG_RECEIVED -292 3381#define GNUTLS_E_HEARTBEAT_PING_RECEIVED -293 3382 3383#define GNUTLS_E_UNRECOGNIZED_NAME -294 3384 3385/* PKCS11 related */ 3386#define GNUTLS_E_PKCS11_ERROR -300 3387#define GNUTLS_E_PKCS11_LOAD_ERROR -301 3388#define GNUTLS_E_PARSING_ERROR -302 3389#define GNUTLS_E_PKCS11_PIN_ERROR -303 3390 3391#define GNUTLS_E_PKCS11_SLOT_ERROR -305 3392#define GNUTLS_E_LOCKING_ERROR -306 3393#define GNUTLS_E_PKCS11_ATTRIBUTE_ERROR -307 3394#define GNUTLS_E_PKCS11_DEVICE_ERROR -308 3395#define GNUTLS_E_PKCS11_DATA_ERROR -309 3396#define GNUTLS_E_PKCS11_UNSUPPORTED_FEATURE_ERROR -310 3397#define GNUTLS_E_PKCS11_KEY_ERROR -311 3398#define GNUTLS_E_PKCS11_PIN_EXPIRED -312 3399#define GNUTLS_E_PKCS11_PIN_LOCKED -313 3400#define GNUTLS_E_PKCS11_SESSION_ERROR -314 3401#define GNUTLS_E_PKCS11_SIGNATURE_ERROR -315 3402#define GNUTLS_E_PKCS11_TOKEN_ERROR -316 3403#define GNUTLS_E_PKCS11_USER_ERROR -317 3404 3405#define GNUTLS_E_CRYPTO_INIT_FAILED -318 3406#define GNUTLS_E_TIMEDOUT -319 3407#define GNUTLS_E_USER_ERROR -320 3408#define GNUTLS_E_ECC_NO_SUPPORTED_CURVES -321 3409#define GNUTLS_E_ECC_UNSUPPORTED_CURVE -322 3410#define GNUTLS_E_PKCS11_REQUESTED_OBJECT_NOT_AVAILBLE -323 3411#define GNUTLS_E_CERTIFICATE_LIST_UNSORTED -324 3412#define GNUTLS_E_ILLEGAL_PARAMETER -325 /* GNUTLS_A_ILLEGAL_PARAMETER */ 3413#define GNUTLS_E_NO_PRIORITIES_WERE_SET -326 3414#define GNUTLS_E_X509_UNSUPPORTED_EXTENSION -327 3415#define GNUTLS_E_SESSION_EOF -328 3416 3417#define GNUTLS_E_TPM_ERROR -329 3418#define GNUTLS_E_TPM_KEY_PASSWORD_ERROR -330 3419#define GNUTLS_E_TPM_SRK_PASSWORD_ERROR -331 3420#define GNUTLS_E_TPM_SESSION_ERROR -332 3421#define GNUTLS_E_TPM_KEY_NOT_FOUND -333 3422#define GNUTLS_E_TPM_UNINITIALIZED -334 3423#define GNUTLS_E_TPM_NO_LIB -335 3424 3425#define GNUTLS_E_NO_CERTIFICATE_STATUS -340 3426#define GNUTLS_E_OCSP_RESPONSE_ERROR -341 3427#define GNUTLS_E_RANDOM_DEVICE_ERROR -342 3428#define GNUTLS_E_AUTH_ERROR -343 3429#define GNUTLS_E_NO_APPLICATION_PROTOCOL -344 3430#define GNUTLS_E_SOCKETS_INIT_ERROR -345 3431#define GNUTLS_E_KEY_IMPORT_FAILED -346 3432#define GNUTLS_E_INAPPROPRIATE_FALLBACK -347 /*GNUTLS_A_INAPPROPRIATE_FALLBACK*/ 3433#define GNUTLS_E_CERTIFICATE_VERIFICATION_ERROR -348 3434#define GNUTLS_E_PRIVKEY_VERIFICATION_ERROR -349 3435#define GNUTLS_E_UNEXPECTED_EXTENSIONS_LENGTH -350 /*GNUTLS_A_DECODE_ERROR*/ 3436#define GNUTLS_E_ASN1_EMBEDDED_NULL_IN_STRING -351 3437 3438#define GNUTLS_E_SELF_TEST_ERROR -400 3439#define GNUTLS_E_NO_SELF_TEST -401 3440#define GNUTLS_E_LIB_IN_ERROR_STATE -402 3441#define GNUTLS_E_PK_GENERATION_ERROR -403 3442#define GNUTLS_E_IDNA_ERROR -404 3443 3444#define GNUTLS_E_NEED_FALLBACK -405 3445#define GNUTLS_E_SESSION_USER_ID_CHANGED -406 3446#define GNUTLS_E_HANDSHAKE_DURING_FALSE_START -407 3447#define GNUTLS_E_UNAVAILABLE_DURING_HANDSHAKE -408 3448#define GNUTLS_E_PK_INVALID_PUBKEY -409 3449#define GNUTLS_E_PK_INVALID_PRIVKEY -410 3450#define GNUTLS_E_NOT_YET_ACTIVATED -411 3451#define GNUTLS_E_INVALID_UTF8_STRING -412 3452#define GNUTLS_E_NO_EMBEDDED_DATA -413 3453#define GNUTLS_E_INVALID_UTF8_EMAIL -414 3454#define GNUTLS_E_INVALID_PASSWORD_STRING -415 3455#define GNUTLS_E_CERTIFICATE_TIME_ERROR -416 3456#define GNUTLS_E_RECORD_OVERFLOW -417 /* GNUTLS_A_RECORD_OVERFLOW */ 3457#define GNUTLS_E_ASN1_TIME_ERROR -418 3458#define GNUTLS_E_INCOMPATIBLE_SIG_WITH_KEY -419 3459#define GNUTLS_E_PK_INVALID_PUBKEY_PARAMS -420 3460#define GNUTLS_E_PK_NO_VALIDATION_PARAMS -421 3461#define GNUTLS_E_OCSP_MISMATCH_WITH_CERTS -422 3462 3463#define GNUTLS_E_NO_COMMON_KEY_SHARE -423 3464#define GNUTLS_E_REAUTH_REQUEST -424 3465#define GNUTLS_E_TOO_MANY_MATCHES -425 3466#define GNUTLS_E_CRL_VERIFICATION_ERROR -426 3467#define GNUTLS_E_MISSING_EXTENSION -427 3468#define GNUTLS_E_DB_ENTRY_EXISTS -428 3469#define GNUTLS_E_EARLY_DATA_REJECTED -429 3470#define GNUTLS_E_X509_DUPLICATE_EXTENSION -430 3471 3472#define GNUTLS_E_UNIMPLEMENTED_FEATURE -1250 3473 3474/* Internal errors of the library; will never be returned 3475 * to a calling application */ 3476#define GNUTLS_E_INT_RET_0 -1251 3477#define GNUTLS_E_INT_CHECK_AGAIN -1252 3478 3479#define GNUTLS_E_APPLICATION_ERROR_MAX -65000 3480#define GNUTLS_E_APPLICATION_ERROR_MIN -65500 3481 3482/* *INDENT-OFF* */ 3483#ifdef __cplusplus 3484} 3485#endif 3486/* *INDENT-ON* */ 3487 3488#include <gnutls/compat.h> 3489 3490#endif /* GNUTLS_H */ 3491