2 * Copyright (C) 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008,
3 * 2009, 2010 Free Software Foundation, Inc.
5 * Author: Nikos Mavroyanopoulos
7 * This file is part of GnuTLS.
9 * The GnuTLS is free software; you can redistribute it and/or
10 * modify it under the terms of the GNU Lesser General Public License
11 * as published by the Free Software Foundation; either version 2.1 of
12 * the License, or (at your option) any later version.
14 * This library is distributed in the hope that it will be useful, but
15 * WITHOUT ANY WARRANTY; without even the implied warranty of
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
17 * Lesser General Public License for more details.
19 * You should have received a copy of the GNU Lesser General Public
20 * License along with this library; if not, write to the Free Software
21 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301
26 /* This file contains the types and prototypes for all the
27 * high level functionality of gnutls main library. For the
28 * extra functionality (which is under the GNU GPL license) check
29 * the gnutls/extra.h header. The openssl compatibility layer is
30 * in gnutls/openssl.h.
32 * The low level cipher functionality is in libgcrypt. Check
56 #define GNUTLS_VERSION "@VERSION@"
58 #define GNUTLS_VERSION_MAJOR @MAJOR_VERSION@
59 #define GNUTLS_VERSION_MINOR @MINOR_VERSION@
60 #define GNUTLS_VERSION_PATCH @PATCH_VERSION@
62 #define GNUTLS_VERSION_NUMBER @NUMBER_VERSION@
64 #define GNUTLS_CIPHER_RIJNDAEL_128_CBC GNUTLS_CIPHER_AES_128_CBC
65 #define GNUTLS_CIPHER_RIJNDAEL_256_CBC GNUTLS_CIPHER_AES_256_CBC
66 #define GNUTLS_CIPHER_RIJNDAEL_CBC GNUTLS_CIPHER_AES_128_CBC
67 #define GNUTLS_CIPHER_ARCFOUR GNUTLS_CIPHER_ARCFOUR_128
70 * gnutls_cipher_algorithm_t:
71 * @GNUTLS_CIPHER_UNKNOWN: Unknown algorithm.
72 * @GNUTLS_CIPHER_NULL: NULL algorithm.
73 * @GNUTLS_CIPHER_ARCFOUR_128: ARCFOUR stream cipher with 128-bit keys.
74 * @GNUTLS_CIPHER_3DES_CBC: 3DES in CBC mode.
75 * @GNUTLS_CIPHER_AES_128_CBC: AES in CBC mode with 128-bit keys.
76 * @GNUTLS_CIPHER_AES_256_CBC: AES in CBC mode with 256-bit keys.
77 * @GNUTLS_CIPHER_ARCFOUR_40: ARCFOUR stream cipher with 40-bit keys.
78 * @GNUTLS_CIPHER_CAMELLIA_128_CBC: Camellia in CBC mode with 128-bit keys.
79 * @GNUTLS_CIPHER_CAMELLIA_256_CBC: Camellia in CBC mode with 256-bit keys.
80 * @GNUTLS_CIPHER_RC2_40_CBC: RC2 in CBC mode with 40-bit keys.
81 * @GNUTLS_CIPHER_DES_CBC: DES in CBC mode (56-bit keys).
82 * @GNUTLS_CIPHER_AES_192_CBC: AES in CBC mode with 192-bit keys.
83 * @GNUTLS_CIPHER_IDEA_PGP_CFB: IDEA in CFB mode.
84 * @GNUTLS_CIPHER_3DES_PGP_CFB: 3DES in CFB mode.
85 * @GNUTLS_CIPHER_CAST5_PGP_CFB: CAST5 in CFB mode.
86 * @GNUTLS_CIPHER_BLOWFISH_PGP_CFB: Blowfish in CFB mode.
87 * @GNUTLS_CIPHER_SAFER_SK128_PGP_CFB: Safer-SK in CFB mode with 128-bit keys.
88 * @GNUTLS_CIPHER_AES128_PGP_CFB: AES in CFB mode with 128-bit keys.
89 * @GNUTLS_CIPHER_AES192_PGP_CFB: AES in CFB mode with 192-bit keys.
90 * @GNUTLS_CIPHER_AES256_PGP_CFB: AES in CFB mode with 256-bit keys.
91 * @GNUTLS_CIPHER_TWOFISH_PGP_CFB: Twofish in CFB mode.
93 * Enumeration of different symmetric encryption algorithms.
95 typedef enum gnutls_cipher_algorithm
97 GNUTLS_CIPHER_UNKNOWN = 0,
98 GNUTLS_CIPHER_NULL = 1,
99 GNUTLS_CIPHER_ARCFOUR_128 = 2,
100 GNUTLS_CIPHER_3DES_CBC = 3,
101 GNUTLS_CIPHER_AES_128_CBC = 4,
102 GNUTLS_CIPHER_AES_256_CBC = 5,
103 GNUTLS_CIPHER_ARCFOUR_40 = 6,
104 GNUTLS_CIPHER_CAMELLIA_128_CBC = 7,
105 GNUTLS_CIPHER_CAMELLIA_256_CBC = 8,
106 GNUTLS_CIPHER_RC2_40_CBC = 90,
107 GNUTLS_CIPHER_DES_CBC = 91,
108 GNUTLS_CIPHER_AES_192_CBC = 92,
110 /* used only for PGP internals. Ignored in TLS/SSL
112 GNUTLS_CIPHER_IDEA_PGP_CFB = 200,
113 GNUTLS_CIPHER_3DES_PGP_CFB = 201,
114 GNUTLS_CIPHER_CAST5_PGP_CFB = 202,
115 GNUTLS_CIPHER_BLOWFISH_PGP_CFB = 203,
116 GNUTLS_CIPHER_SAFER_SK128_PGP_CFB = 204,
117 GNUTLS_CIPHER_AES128_PGP_CFB = 205,
118 GNUTLS_CIPHER_AES192_PGP_CFB = 206,
119 GNUTLS_CIPHER_AES256_PGP_CFB = 207,
120 GNUTLS_CIPHER_TWOFISH_PGP_CFB = 208
121 } gnutls_cipher_algorithm_t;
124 * gnutls_kx_algorithm_t:
125 * @GNUTLS_KX_UNKNOWN: Unknown key-exchange algorithm.
126 * @GNUTLS_KX_RSA: RSA key-exchange algorithm.
127 * @GNUTLS_KX_DHE_DSS: DHE-DSS key-exchange algorithm.
128 * @GNUTLS_KX_DHE_RSA: DHE-RSA key-exchange algorithm.
129 * @GNUTLS_KX_ANON_DH: Anon-DH key-exchange algorithm.
130 * @GNUTLS_KX_SRP: SRP key-exchange algorithm.
131 * @GNUTLS_KX_RSA_EXPORT: RSA-EXPORT key-exchange algorithm.
132 * @GNUTLS_KX_SRP_RSA: SRP-RSA key-exchange algorithm.
133 * @GNUTLS_KX_SRP_DSS: SRP-DSS key-exchange algorithm.
134 * @GNUTLS_KX_PSK: PSK key-exchange algorithm.
135 * @GNUTLS_KX_DHE_PSK: DHE-PSK key-exchange algorithm.
137 * Enumeration of different key exchange algorithms.
141 GNUTLS_KX_UNKNOWN = 0,
143 GNUTLS_KX_DHE_DSS = 2,
144 GNUTLS_KX_DHE_RSA = 3,
145 GNUTLS_KX_ANON_DH = 4,
147 GNUTLS_KX_RSA_EXPORT = 6,
148 GNUTLS_KX_SRP_RSA = 7,
149 GNUTLS_KX_SRP_DSS = 8,
151 GNUTLS_KX_DHE_PSK = 10
152 } gnutls_kx_algorithm_t;
155 * gnutls_params_type_t:
156 * @GNUTLS_PARAMS_RSA_EXPORT: Session RSA-EXPORT parameters.
157 * @GNUTLS_PARAMS_DH: Session Diffie-Hellman parameters.
159 * Enumeration of different TLS session parameter types.
163 GNUTLS_PARAMS_RSA_EXPORT = 1,
165 } gnutls_params_type_t;
168 * gnutls_credentials_type_t:
169 * @GNUTLS_CRD_CERTIFICATE: Certificate credential.
170 * @GNUTLS_CRD_ANON: Anonymous credential.
171 * @GNUTLS_CRD_SRP: SRP credential.
172 * @GNUTLS_CRD_PSK: PSK credential.
173 * @GNUTLS_CRD_IA: IA credential.
175 * Enumeration of different credential types.
179 GNUTLS_CRD_CERTIFICATE = 1,
184 } gnutls_credentials_type_t;
186 #define GNUTLS_MAC_SHA GNUTLS_MAC_SHA1
187 #define GNUTLS_DIG_SHA GNUTLS_DIG_SHA1
190 * gnutls_mac_algorithm_t:
191 * @GNUTLS_MAC_UNKNOWN: Unknown MAC algorithm.
192 * @GNUTLS_MAC_NULL: NULL MAC algorithm (empty output).
193 * @GNUTLS_MAC_MD5: HMAC-MD5 algorithm.
194 * @GNUTLS_MAC_SHA1: HMAC-SHA-1 algorithm.
195 * @GNUTLS_MAC_RMD160: HMAC-RMD160 algorithm.
196 * @GNUTLS_MAC_MD2: HMAC-MD2 algorithm.
197 * @GNUTLS_MAC_SHA256: HMAC-SHA-256 algorithm.
198 * @GNUTLS_MAC_SHA384: HMAC-SHA-384 algorithm.
199 * @GNUTLS_MAC_SHA512: HMAC-SHA-512 algorithm.
200 * @GNUTLS_MAC_SHA224: HMAC-SHA-224 algorithm.
202 * Enumeration of different Message Authentication Code (MAC)
207 GNUTLS_MAC_UNKNOWN = 0,
211 GNUTLS_MAC_RMD160 = 4,
213 GNUTLS_MAC_SHA256 = 6,
214 GNUTLS_MAC_SHA384 = 7,
215 GNUTLS_MAC_SHA512 = 8,
216 GNUTLS_MAC_SHA224 = 9
217 /* If you add anything here, make sure you align with
218 gnutls_digest_algorithm_t. */
219 } gnutls_mac_algorithm_t;
222 * gnutls_digest_algorithm_t:
223 * @GNUTLS_DIG_UNKNOWN: Unknown hash algorithm.
224 * @GNUTLS_DIG_NULL: NULL hash algorithm (empty output).
225 * @GNUTLS_DIG_MD5: MD5 algorithm.
226 * @GNUTLS_DIG_SHA1: SHA-1 algorithm.
227 * @GNUTLS_DIG_RMD160: RMD160 algorithm.
228 * @GNUTLS_DIG_MD2: MD2 algorithm.
229 * @GNUTLS_DIG_SHA256: SHA-256 algorithm.
230 * @GNUTLS_DIG_SHA384: SHA-384 algorithm.
231 * @GNUTLS_DIG_SHA512: SHA-512 algorithm.
232 * @GNUTLS_DIG_SHA224: SHA-224 algorithm.
234 * Enumeration of different digest (hash) algorithms.
238 GNUTLS_DIG_UNKNOWN = GNUTLS_MAC_UNKNOWN,
239 GNUTLS_DIG_NULL = GNUTLS_MAC_NULL,
240 GNUTLS_DIG_MD5 = GNUTLS_MAC_MD5,
241 GNUTLS_DIG_SHA1 = GNUTLS_MAC_SHA1,
242 GNUTLS_DIG_RMD160 = GNUTLS_MAC_RMD160,
243 GNUTLS_DIG_MD2 = GNUTLS_MAC_MD2,
244 GNUTLS_DIG_SHA256 = GNUTLS_MAC_SHA256,
245 GNUTLS_DIG_SHA384 = GNUTLS_MAC_SHA384,
246 GNUTLS_DIG_SHA512 = GNUTLS_MAC_SHA512,
247 GNUTLS_DIG_SHA224 = GNUTLS_MAC_SHA224
248 /* If you add anything here, make sure you align with
249 gnutls_mac_algorithm_t. */
250 } gnutls_digest_algorithm_t;
252 /* exported for other gnutls headers. This is the maximum number of
253 * algorithms (ciphers, kx or macs).
255 #define GNUTLS_MAX_ALGORITHM_NUM 16
258 * gnutls_compression_method_t:
259 * @GNUTLS_COMP_UNKNOWN: Unknown compression method.
260 * @GNUTLS_COMP_NULL: The NULL compression method (uncompressed).
261 * @GNUTLS_COMP_DEFLATE: The deflate/zlib compression method.
262 * @GNUTLS_COMP_ZLIB: Same as %GNUTLS_COMP_DEFLATE.
263 * @GNUTLS_COMP_LZO: The non-standard LZO compression method.
265 * Enumeration of different TLS compression methods.
269 GNUTLS_COMP_UNKNOWN = 0,
270 GNUTLS_COMP_NULL = 1,
271 GNUTLS_COMP_DEFLATE = 2,
272 GNUTLS_COMP_ZLIB = GNUTLS_COMP_DEFLATE,
273 GNUTLS_COMP_LZO = 3 /* only available if gnutls-extra has
276 } gnutls_compression_method_t;
279 * gnutls_connection_end_t:
280 * @GNUTLS_SERVER: Connection end is a server.
281 * @GNUTLS_CLIENT: Connection end is a client.
283 * Enumeration of different TLS connection end types.
289 } gnutls_connection_end_t;
292 * gnutls_alert_level_t:
293 * @GNUTLS_AL_WARNING: Alert of warning severity.
294 * @GNUTLS_AL_FATAL: Alert of fatal severity.
296 * Enumeration of different TLS alert severities.
300 GNUTLS_AL_WARNING = 1,
302 } gnutls_alert_level_t;
305 * gnutls_alert_description_t:
306 * @GNUTLS_A_CLOSE_NOTIFY: Close notify.
307 * @GNUTLS_A_UNEXPECTED_MESSAGE: Unexpected message.
308 * @GNUTLS_A_BAD_RECORD_MAC: Bad record MAC.
309 * @GNUTLS_A_DECRYPTION_FAILED: Decryption failed.
310 * @GNUTLS_A_RECORD_OVERFLOW: Record overflow.
311 * @GNUTLS_A_DECOMPRESSION_FAILURE: Decompression failed.
312 * @GNUTLS_A_HANDSHAKE_FAILURE: Handshake failed.
313 * @GNUTLS_A_SSL3_NO_CERTIFICATE: No certificate.
314 * @GNUTLS_A_BAD_CERTIFICATE: Certificate is bad.
315 * @GNUTLS_A_UNSUPPORTED_CERTIFICATE: Certificate is not supported.
316 * @GNUTLS_A_CERTIFICATE_REVOKED: Certificate was revoked.
317 * @GNUTLS_A_CERTIFICATE_EXPIRED: Certificate is expired.
318 * @GNUTLS_A_CERTIFICATE_UNKNOWN: Unknown certificate.
319 * @GNUTLS_A_ILLEGAL_PARAMETER: Illegal parameter.
320 * @GNUTLS_A_UNKNOWN_CA: CA is unknown.
321 * @GNUTLS_A_ACCESS_DENIED: Access was denied.
322 * @GNUTLS_A_DECODE_ERROR: Decode error.
323 * @GNUTLS_A_DECRYPT_ERROR: Decrypt error.
324 * @GNUTLS_A_EXPORT_RESTRICTION: Export restriction.
325 * @GNUTLS_A_PROTOCOL_VERSION: Error in protocol version.
326 * @GNUTLS_A_INSUFFICIENT_SECURITY: Insufficient security.
327 * @GNUTLS_A_USER_CANCELED: User canceled.
328 * @GNUTLS_A_INTERNAL_ERROR: Internal error.
329 * @GNUTLS_A_NO_RENEGOTIATION: No renegotiation is allowed.
330 * @GNUTLS_A_CERTIFICATE_UNOBTAINABLE: Could not retrieve the
331 * specified certificate.
332 * @GNUTLS_A_UNSUPPORTED_EXTENSION: An unsupported extension was
334 * @GNUTLS_A_UNRECOGNIZED_NAME: The server name sent was not
336 * @GNUTLS_A_UNKNOWN_PSK_IDENTITY: The SRP/PSK username is missing
338 * @GNUTLS_A_INNER_APPLICATION_FAILURE: Inner application
339 * negotiation failed.
340 * @GNUTLS_A_INNER_APPLICATION_VERIFICATION: Inner application
341 * verification failed.
343 * Enumeration of different TLS alerts.
347 GNUTLS_A_CLOSE_NOTIFY,
348 GNUTLS_A_UNEXPECTED_MESSAGE = 10,
349 GNUTLS_A_BAD_RECORD_MAC = 20,
350 GNUTLS_A_DECRYPTION_FAILED,
351 GNUTLS_A_RECORD_OVERFLOW,
352 GNUTLS_A_DECOMPRESSION_FAILURE = 30,
353 GNUTLS_A_HANDSHAKE_FAILURE = 40,
354 GNUTLS_A_SSL3_NO_CERTIFICATE = 41,
355 GNUTLS_A_BAD_CERTIFICATE = 42,
356 GNUTLS_A_UNSUPPORTED_CERTIFICATE,
357 GNUTLS_A_CERTIFICATE_REVOKED,
358 GNUTLS_A_CERTIFICATE_EXPIRED,
359 GNUTLS_A_CERTIFICATE_UNKNOWN,
360 GNUTLS_A_ILLEGAL_PARAMETER,
362 GNUTLS_A_ACCESS_DENIED,
363 GNUTLS_A_DECODE_ERROR = 50,
364 GNUTLS_A_DECRYPT_ERROR,
365 GNUTLS_A_EXPORT_RESTRICTION = 60,
366 GNUTLS_A_PROTOCOL_VERSION = 70,
367 GNUTLS_A_INSUFFICIENT_SECURITY,
368 GNUTLS_A_INTERNAL_ERROR = 80,
369 GNUTLS_A_USER_CANCELED = 90,
370 GNUTLS_A_NO_RENEGOTIATION = 100,
371 GNUTLS_A_UNSUPPORTED_EXTENSION = 110,
372 GNUTLS_A_CERTIFICATE_UNOBTAINABLE = 111,
373 GNUTLS_A_UNRECOGNIZED_NAME = 112,
374 GNUTLS_A_UNKNOWN_PSK_IDENTITY = 115,
375 GNUTLS_A_INNER_APPLICATION_FAILURE = 208,
376 GNUTLS_A_INNER_APPLICATION_VERIFICATION = 209
377 } gnutls_alert_description_t;
380 * gnutls_handshake_description_t:
381 * @GNUTLS_HANDSHAKE_HELLO_REQUEST: Hello request.
382 * @GNUTLS_HANDSHAKE_CLIENT_HELLO: Client hello.
383 * @GNUTLS_HANDSHAKE_SERVER_HELLO: Server hello.
384 * @GNUTLS_HANDSHAKE_NEW_SESSION_TICKET: New session ticket.
385 * @GNUTLS_HANDSHAKE_CERTIFICATE_PKT: Certificate packet.
386 * @GNUTLS_HANDSHAKE_SERVER_KEY_EXCHANGE: Server key exchange.
387 * @GNUTLS_HANDSHAKE_CERTIFICATE_REQUEST: Certificate request.
388 * @GNUTLS_HANDSHAKE_SERVER_HELLO_DONE: Server hello done.
389 * @GNUTLS_HANDSHAKE_CERTIFICATE_VERIFY: Certificate verify.
390 * @GNUTLS_HANDSHAKE_CLIENT_KEY_EXCHANGE: Client key exchange.
391 * @GNUTLS_HANDSHAKE_FINISHED: Finished.
392 * @GNUTLS_HANDSHAKE_SUPPLEMENTAL: Supplemental.
394 * Enumeration of different TLS handshake packets.
398 GNUTLS_HANDSHAKE_HELLO_REQUEST = 0,
399 GNUTLS_HANDSHAKE_CLIENT_HELLO = 1,
400 GNUTLS_HANDSHAKE_SERVER_HELLO = 2,
401 GNUTLS_HANDSHAKE_NEW_SESSION_TICKET = 4,
402 GNUTLS_HANDSHAKE_CERTIFICATE_PKT = 11,
403 GNUTLS_HANDSHAKE_SERVER_KEY_EXCHANGE = 12,
404 GNUTLS_HANDSHAKE_CERTIFICATE_REQUEST = 13,
405 GNUTLS_HANDSHAKE_SERVER_HELLO_DONE = 14,
406 GNUTLS_HANDSHAKE_CERTIFICATE_VERIFY = 15,
407 GNUTLS_HANDSHAKE_CLIENT_KEY_EXCHANGE = 16,
408 GNUTLS_HANDSHAKE_FINISHED = 20,
409 GNUTLS_HANDSHAKE_SUPPLEMENTAL = 23
410 } gnutls_handshake_description_t;
413 * gnutls_certificate_status_t:
414 * @GNUTLS_CERT_INVALID: Will be set if the certificate was not
416 * @GNUTLS_CERT_REVOKED: Certificate revoked. In X.509 this will be
417 * set only if CRLs are checked.
418 * @GNUTLS_CERT_SIGNER_NOT_FOUND: Certificate not verified. Signer
420 * @GNUTLS_CERT_SIGNER_NOT_CA: Certificate not verified. Signer
421 * not a CA certificate.
422 * @GNUTLS_CERT_INSECURE_ALGORITHM: Certificate not verified,
423 * insecure algorithm.
424 * @GNUTLS_CERT_NOT_ACTIVATED: Certificate not yet activated.
425 * @GNUTLS_CERT_EXPIRED: Certificate expired.
427 * Enumeration of certificate status codes. Note that the status
428 * bits have different meanings in OpenPGP keys and X.509
429 * certificate verification.
433 GNUTLS_CERT_INVALID = 2,
434 GNUTLS_CERT_REVOKED = 32,
435 GNUTLS_CERT_SIGNER_NOT_FOUND = 64,
436 GNUTLS_CERT_SIGNER_NOT_CA = 128,
437 GNUTLS_CERT_INSECURE_ALGORITHM = 256,
438 GNUTLS_CERT_NOT_ACTIVATED = 512,
439 GNUTLS_CERT_EXPIRED = 1024
440 } gnutls_certificate_status_t;
443 * gnutls_certificate_request_t:
444 * @GNUTLS_CERT_IGNORE: Ignore certificate.
445 * @GNUTLS_CERT_REQUEST: Request certificate.
446 * @GNUTLS_CERT_REQUIRE: Require certificate.
448 * Enumeration of certificate request types.
452 GNUTLS_CERT_IGNORE = 0,
453 GNUTLS_CERT_REQUEST = 1,
454 GNUTLS_CERT_REQUIRE = 2
455 } gnutls_certificate_request_t;
458 * gnutls_openpgp_crt_status_t:
459 * @GNUTLS_OPENPGP_CERT: Send entire certificate.
460 * @GNUTLS_OPENPGP_CERT_FINGERPRINT: Send only certificate fingerprint.
462 * Enumeration of ways to send OpenPGP certificate.
466 GNUTLS_OPENPGP_CERT = 0,
467 GNUTLS_OPENPGP_CERT_FINGERPRINT = 1
468 } gnutls_openpgp_crt_status_t;
471 * gnutls_close_request_t:
472 * @GNUTLS_SHUT_RDWR: Disallow further receives/sends.
473 * @GNUTLS_SHUT_WR: Disallow further sends.
475 * Enumeration of how TLS session should be terminated. See gnutls_bye().
479 GNUTLS_SHUT_RDWR = 0,
481 } gnutls_close_request_t;
485 * @GNUTLS_SSL3: SSL version 3.0.
486 * @GNUTLS_TLS1_0: TLS version 1.0.
487 * @GNUTLS_TLS1: Same as %GNUTLS_TLS1_0.
488 * @GNUTLS_TLS1_1: TLS version 1.1.
489 * @GNUTLS_TLS1_2: TLS version 1.2.
490 * @GNUTLS_VERSION_MAX: Maps to the highest supported TLS version.
491 * @GNUTLS_VERSION_UNKNOWN: Unknown SSL/TLS version.
493 * Enumeration of different SSL/TLS protocol versions.
499 GNUTLS_TLS1 = GNUTLS_TLS1_0,
502 GNUTLS_VERSION_MAX = GNUTLS_TLS1_2,
503 GNUTLS_VERSION_UNKNOWN = 0xff
507 * gnutls_certificate_type_t:
508 * @GNUTLS_CRT_UNKNOWN: Unknown certificate type.
509 * @GNUTLS_CRT_X509: X.509 Certificate.
510 * @GNUTLS_CRT_OPENPGP: OpenPGP certificate.
512 * Enumeration of different certificate types.
516 GNUTLS_CRT_UNKNOWN = 0,
518 GNUTLS_CRT_OPENPGP = 2
519 } gnutls_certificate_type_t;
522 * gnutls_x509_crt_fmt_t:
523 * @GNUTLS_X509_FMT_DER: X.509 certificate in DER format (binary).
524 * @GNUTLS_X509_FMT_PEM: X.509 certificate in PEM format (text).
526 * Enumeration of different certificate encoding formats.
530 GNUTLS_X509_FMT_DER = 0,
531 GNUTLS_X509_FMT_PEM = 1
532 } gnutls_x509_crt_fmt_t;
535 * gnutls_certificate_print_formats_t:
536 * @GNUTLS_CRT_PRINT_FULL: Full information about certificate.
537 * @GNUTLS_CRT_PRINT_ONELINE: Information about certificate in one line.
538 * @GNUTLS_CRT_PRINT_UNSIGNED_FULL: All info for an unsigned certificate.
540 * Enumeration of different certificate printing variants.
542 typedef enum gnutls_certificate_print_formats
544 GNUTLS_CRT_PRINT_FULL = 0,
545 GNUTLS_CRT_PRINT_ONELINE = 1,
546 GNUTLS_CRT_PRINT_UNSIGNED_FULL = 2
547 } gnutls_certificate_print_formats_t;
550 * gnutls_pk_algorithm_t:
551 * @GNUTLS_PK_UNKNOWN: Unknown public-key algorithm.
552 * @GNUTLS_PK_RSA: RSA public-key algorithm.
553 * @GNUTLS_PK_DSA: DSA public-key algorithm.
554 * @GNUTLS_PK_DH: Diffie-Hellman algorithm. Used to generate parameters.
556 * Enumeration of different public-key algorithms.
560 GNUTLS_PK_UNKNOWN = 0,
564 } gnutls_pk_algorithm_t;
566 const char *gnutls_pk_algorithm_get_name (gnutls_pk_algorithm_t algorithm);
569 * gnutls_sign_algorithm_t:
570 * @GNUTLS_SIGN_UNKNOWN: Unknown signature algorithm.
571 * @GNUTLS_SIGN_RSA_SHA1: Digital signature algorithm RSA with SHA-1
572 * @GNUTLS_SIGN_RSA_SHA: Same as %GNUTLS_SIGN_RSA_SHA1.
573 * @GNUTLS_SIGN_DSA_SHA1: Digital signature algorithm DSA with SHA-1
574 * @GNUTLS_SIGN_DSA_SHA224: Digital signature algorithm DSA with SHA-224
575 * @GNUTLS_SIGN_DSA_SHA256: Digital signature algorithm DSA with SHA-256
576 * @GNUTLS_SIGN_DSA_SHA: Same as %GNUTLS_SIGN_DSA_SHA1.
577 * @GNUTLS_SIGN_RSA_MD5: Digital signature algorithm RSA with MD5.
578 * @GNUTLS_SIGN_RSA_MD2: Digital signature algorithm RSA with MD2.
579 * @GNUTLS_SIGN_RSA_RMD160: Digital signature algorithm RSA with RMD-160.
580 * @GNUTLS_SIGN_RSA_SHA256: Digital signature algorithm RSA with SHA-256.
581 * @GNUTLS_SIGN_RSA_SHA384: Digital signature algorithm RSA with SHA-384.
582 * @GNUTLS_SIGN_RSA_SHA512: Digital signature algorithm RSA with SHA-512.
583 * @GNUTLS_SIGN_RSA_SHA224: Digital signature algorithm RSA with SHA-224.
585 * Enumeration of different digital signature algorithms.
589 GNUTLS_SIGN_UNKNOWN = 0,
590 GNUTLS_SIGN_RSA_SHA1 = 1,
591 GNUTLS_SIGN_RSA_SHA = GNUTLS_SIGN_RSA_SHA1,
592 GNUTLS_SIGN_DSA_SHA1 = 2,
593 GNUTLS_SIGN_DSA_SHA = GNUTLS_SIGN_DSA_SHA1,
594 GNUTLS_SIGN_RSA_MD5 = 3,
595 GNUTLS_SIGN_RSA_MD2 = 4,
596 GNUTLS_SIGN_RSA_RMD160 = 5,
597 GNUTLS_SIGN_RSA_SHA256 = 6,
598 GNUTLS_SIGN_RSA_SHA384 = 7,
599 GNUTLS_SIGN_RSA_SHA512 = 8,
600 GNUTLS_SIGN_RSA_SHA224 = 9,
601 GNUTLS_SIGN_DSA_SHA224 = 10,
602 GNUTLS_SIGN_DSA_SHA256 = 11
603 } gnutls_sign_algorithm_t;
605 const char *gnutls_sign_algorithm_get_name (gnutls_sign_algorithm_t sign);
608 * gnutls_sec_param_t:
609 * @GNUTLS_SEC_PARAM_UNKNOWN: Cannot be known
610 * @GNUTLS_SEC_PARAM_WEAK: 50 or less bits of security
611 * @GNUTLS_SEC_PARAM_LOW: 80 bits of security
612 * @GNUTLS_SEC_PARAM_NORMAL: 112 bits of security
613 * @GNUTLS_SEC_PARAM_HIGH: 128 bits of security
614 * @GNUTLS_SEC_PARAM_ULTRA: 192 bits of security
616 * Enumeration of security parameters for passive attacks
620 GNUTLS_SEC_PARAM_UNKNOWN,
621 GNUTLS_SEC_PARAM_WEAK,
622 GNUTLS_SEC_PARAM_LOW,
623 GNUTLS_SEC_PARAM_NORMAL,
624 GNUTLS_SEC_PARAM_HIGH,
625 GNUTLS_SEC_PARAM_ULTRA
626 } gnutls_sec_param_t;
629 * gnutls_channel_binding_t:
630 * @GNUTLS_CB_TLS_UNIQUE: "tls-unique" (RFC 5929) channel binding
632 * Enumeration of support channel binding types.
637 } gnutls_channel_binding_t;
639 /* If you want to change this, then also change the define in
640 * gnutls_int.h, and recompile.
642 typedef void *gnutls_transport_ptr_t;
644 struct gnutls_session_int;
645 typedef struct gnutls_session_int *gnutls_session_t;
647 struct gnutls_dh_params_int;
648 typedef struct gnutls_dh_params_int *gnutls_dh_params_t;
651 struct gnutls_x509_privkey_int;
652 typedef struct gnutls_x509_privkey_int *gnutls_rsa_params_t;
654 struct gnutls_priority_st;
655 typedef struct gnutls_priority_st *gnutls_priority_t;
664 typedef struct gnutls_params_st
666 gnutls_params_type_t type;
669 gnutls_dh_params_t dh;
670 gnutls_rsa_params_t rsa_export;
675 typedef int gnutls_params_function (gnutls_session_t, gnutls_params_type_t,
678 /* internal functions */
680 int gnutls_init (gnutls_session_t * session,
681 gnutls_connection_end_t con_end);
682 void gnutls_deinit (gnutls_session_t session);
683 #define _gnutls_deinit(x) gnutls_deinit(x)
685 int gnutls_bye (gnutls_session_t session, gnutls_close_request_t how);
687 int gnutls_handshake (gnutls_session_t session);
688 int gnutls_rehandshake (gnutls_session_t session);
690 gnutls_alert_description_t gnutls_alert_get (gnutls_session_t session);
691 int gnutls_alert_send (gnutls_session_t session,
692 gnutls_alert_level_t level,
693 gnutls_alert_description_t desc);
694 int gnutls_alert_send_appropriate (gnutls_session_t session, int err);
695 const char *gnutls_alert_get_name (gnutls_alert_description_t alert);
697 gnutls_sec_param_t gnutls_pk_bits_to_sec_param (gnutls_pk_algorithm_t algo,
699 const char *gnutls_sec_param_get_name (gnutls_sec_param_t param);
700 unsigned int gnutls_sec_param_to_pk_bits (gnutls_pk_algorithm_t algo,
701 gnutls_sec_param_t param);
703 /* get information on the current session */
704 gnutls_cipher_algorithm_t gnutls_cipher_get (gnutls_session_t session);
705 gnutls_kx_algorithm_t gnutls_kx_get (gnutls_session_t session);
706 gnutls_mac_algorithm_t gnutls_mac_get (gnutls_session_t session);
707 gnutls_compression_method_t
708 gnutls_compression_get (gnutls_session_t session);
709 gnutls_certificate_type_t
710 gnutls_certificate_type_get (gnutls_session_t session);
711 int gnutls_sign_algorithm_get_requested (gnutls_session_t session,
713 gnutls_sign_algorithm_t * algo);
715 size_t gnutls_cipher_get_key_size (gnutls_cipher_algorithm_t algorithm);
716 size_t gnutls_mac_get_key_size (gnutls_mac_algorithm_t algorithm);
718 /* the name of the specified algorithms */
719 const char *gnutls_cipher_get_name (gnutls_cipher_algorithm_t algorithm);
720 const char *gnutls_mac_get_name (gnutls_mac_algorithm_t algorithm);
721 const char *gnutls_compression_get_name (gnutls_compression_method_t
723 const char *gnutls_kx_get_name (gnutls_kx_algorithm_t algorithm);
724 const char *gnutls_certificate_type_get_name (gnutls_certificate_type_t
726 const char *gnutls_pk_get_name (gnutls_pk_algorithm_t algorithm);
727 const char *gnutls_sign_get_name (gnutls_sign_algorithm_t algorithm);
729 gnutls_mac_algorithm_t gnutls_mac_get_id (const char *name);
730 gnutls_compression_method_t gnutls_compression_get_id (const char *name);
731 gnutls_cipher_algorithm_t gnutls_cipher_get_id (const char *name);
732 gnutls_kx_algorithm_t gnutls_kx_get_id (const char *name);
733 gnutls_protocol_t gnutls_protocol_get_id (const char *name);
734 gnutls_certificate_type_t gnutls_certificate_type_get_id (const char *name);
735 gnutls_pk_algorithm_t gnutls_pk_get_id (const char *name);
736 gnutls_sign_algorithm_t gnutls_sign_get_id (const char *name);
738 /* list supported algorithms */
739 const gnutls_cipher_algorithm_t *gnutls_cipher_list (void);
740 const gnutls_mac_algorithm_t *gnutls_mac_list (void);
741 const gnutls_compression_method_t *gnutls_compression_list (void);
742 const gnutls_protocol_t *gnutls_protocol_list (void);
743 const gnutls_certificate_type_t *gnutls_certificate_type_list (void);
744 const gnutls_kx_algorithm_t *gnutls_kx_list (void);
745 const gnutls_pk_algorithm_t *gnutls_pk_list (void);
746 const gnutls_sign_algorithm_t *gnutls_sign_list (void);
747 const char *gnutls_cipher_suite_info (size_t idx,
749 gnutls_kx_algorithm_t * kx,
750 gnutls_cipher_algorithm_t * cipher,
751 gnutls_mac_algorithm_t * mac,
752 gnutls_protocol_t * version);
754 /* error functions */
755 int gnutls_error_is_fatal (int error);
756 int gnutls_error_to_alert (int err, int *level);
758 void gnutls_perror (int error);
759 const char *gnutls_strerror (int error);
760 const char *gnutls_strerror_name (int error);
762 /* Semi-internal functions.
764 void gnutls_handshake_set_private_extensions (gnutls_session_t session,
766 gnutls_handshake_description_t
767 gnutls_handshake_get_last_out (gnutls_session_t session);
768 gnutls_handshake_description_t
769 gnutls_handshake_get_last_in (gnutls_session_t session);
771 /* Record layer functions.
773 ssize_t gnutls_record_send (gnutls_session_t session, const void *data,
775 ssize_t gnutls_record_recv (gnutls_session_t session, void *data,
777 #define gnutls_read gnutls_record_recv
778 #define gnutls_write gnutls_record_send
780 void gnutls_session_enable_compatibility_mode (gnutls_session_t session);
782 void gnutls_record_disable_padding (gnutls_session_t session);
784 int gnutls_record_get_direction (gnutls_session_t session);
786 size_t gnutls_record_get_max_size (gnutls_session_t session);
787 ssize_t gnutls_record_set_max_size (gnutls_session_t session, size_t size);
789 size_t gnutls_record_check_pending (gnutls_session_t session);
791 int gnutls_prf (gnutls_session_t session,
792 size_t label_size, const char *label,
793 int server_random_first,
794 size_t extra_size, const char *extra,
795 size_t outsize, char *out);
797 int gnutls_prf_raw (gnutls_session_t session,
798 size_t label_size, const char *label,
799 size_t seed_size, const char *seed,
800 size_t outsize, char *out);
804 typedef int (*gnutls_ext_recv_func) (gnutls_session_t session,
805 const unsigned char *data, size_t len);
806 typedef int (*gnutls_ext_send_func) (gnutls_session_t session,
807 unsigned char *data, size_t len);
810 * gnutls_ext_parse_type_t:
811 * @GNUTLS_EXT_NONE: Never parsed
812 * @GNUTLS_EXT_ANY: Any extension type.
813 * @GNUTLS_EXT_APPLICATION: Application extension.
814 * @GNUTLS_EXT_TLS: TLS-internal extension.
815 * @GNUTLS_EXT_MANDATORY: Extension parsed even if resuming (or extensions are disabled).
817 * Enumeration of different TLS extension types. This flag
818 * indicates for an extension whether it is useful to application
819 * level or TLS level only. This is (only) used to parse the
820 * application level extensions before the "client_hello" callback
826 GNUTLS_EXT_APPLICATION = 1,
828 GNUTLS_EXT_MANDATORY = 3,
830 } gnutls_ext_parse_type_t;
834 * gnutls_server_name_type_t:
835 * @GNUTLS_NAME_DNS: Domain Name System name type.
837 * Enumeration of different server name types.
842 } gnutls_server_name_type_t;
844 int gnutls_server_name_set (gnutls_session_t session,
845 gnutls_server_name_type_t type,
846 const void *name, size_t name_length);
848 int gnutls_server_name_get (gnutls_session_t session,
849 void *data, size_t * data_length,
850 unsigned int *type, unsigned int indx);
852 /* Safe renegotiation */
853 int gnutls_safe_renegotiation_status (gnutls_session_t session);
856 * gnutls_supplemental_data_format_type_t:
857 * @GNUTLS_SUPPLEMENTAL_USER_MAPPING_DATA: Supplemental user mapping data.
859 * Enumeration of different supplemental data types (RFC 4680).
863 GNUTLS_SUPPLEMENTAL_USER_MAPPING_DATA = 0
864 } gnutls_supplemental_data_format_type_t;
867 *gnutls_supplemental_get_name (gnutls_supplemental_data_format_type_t
870 /* SessionTicket, RFC 5077. */
871 int gnutls_session_ticket_key_generate (gnutls_datum_t * key);
872 int gnutls_session_ticket_enable_client (gnutls_session_t session);
873 int gnutls_session_ticket_enable_server (gnutls_session_t session,
874 const gnutls_datum_t * key);
876 /* if you just want some defaults, use the following.
878 int gnutls_priority_init (gnutls_priority_t * priority_cache,
879 const char *priorities, const char **err_pos);
880 void gnutls_priority_deinit (gnutls_priority_t priority_cache);
882 int gnutls_priority_set (gnutls_session_t session,
883 gnutls_priority_t priority);
884 int gnutls_priority_set_direct (gnutls_session_t session,
885 const char *priorities,
886 const char **err_pos);
890 int gnutls_set_default_priority (gnutls_session_t session);
891 int gnutls_set_default_export_priority (gnutls_session_t session);
893 /* Returns the name of a cipher suite */
894 const char *gnutls_cipher_suite_get_name (gnutls_kx_algorithm_t
896 gnutls_cipher_algorithm_t
898 gnutls_mac_algorithm_t
901 /* get the currently used protocol version */
902 gnutls_protocol_t gnutls_protocol_get_version (gnutls_session_t session);
904 const char *gnutls_protocol_get_name (gnutls_protocol_t version);
909 int gnutls_session_set_data (gnutls_session_t session,
910 const void *session_data,
911 size_t session_data_size);
912 int gnutls_session_get_data (gnutls_session_t session, void *session_data,
913 size_t * session_data_size);
914 int gnutls_session_get_data2 (gnutls_session_t session,
915 gnutls_datum_t * data);
917 /* returns the session ID */
918 #define GNUTLS_MAX_SESSION_ID 32
919 int gnutls_session_get_id (gnutls_session_t session, void *session_id,
920 size_t * session_id_size);
923 int gnutls_session_channel_binding (gnutls_session_t session,
924 gnutls_channel_binding_t cbtype,
925 gnutls_datum_t * cb);
927 /* checks if this session is a resumed one
929 int gnutls_session_is_resumed (gnutls_session_t session);
931 typedef int (*gnutls_db_store_func) (void *, gnutls_datum_t key,
932 gnutls_datum_t data);
933 typedef int (*gnutls_db_remove_func) (void *, gnutls_datum_t key);
934 typedef gnutls_datum_t (*gnutls_db_retr_func) (void *, gnutls_datum_t key);
936 void gnutls_db_set_cache_expiration (gnutls_session_t session, int seconds);
938 void gnutls_db_remove_session (gnutls_session_t session);
939 void gnutls_db_set_retrieve_function (gnutls_session_t session,
940 gnutls_db_retr_func retr_func);
941 void gnutls_db_set_remove_function (gnutls_session_t session,
942 gnutls_db_remove_func rem_func);
943 void gnutls_db_set_store_function (gnutls_session_t session,
944 gnutls_db_store_func store_func);
945 void gnutls_db_set_ptr (gnutls_session_t session, void *ptr);
946 void *gnutls_db_get_ptr (gnutls_session_t session);
947 int gnutls_db_check_entry (gnutls_session_t session,
948 gnutls_datum_t session_entry);
950 typedef int (*gnutls_handshake_post_client_hello_func) (gnutls_session_t);
952 gnutls_handshake_set_post_client_hello_function (gnutls_session_t session,
953 gnutls_handshake_post_client_hello_func
956 void gnutls_handshake_set_max_packet_length (gnutls_session_t session,
959 /* returns libgnutls version (call it with a NULL argument)
961 const char *gnutls_check_version (const char *req_version);
963 /* Functions for setting/clearing credentials
965 void gnutls_credentials_clear (gnutls_session_t session);
967 /* cred is a structure defined by the kx algorithm
969 int gnutls_credentials_set (gnutls_session_t session,
970 gnutls_credentials_type_t type, void *cred);
971 #define gnutls_cred_set gnutls_credentials_set
973 /* Credential structures - used in gnutls_credentials_set(); */
975 struct gnutls_certificate_credentials_st;
976 typedef struct gnutls_certificate_credentials_st
977 *gnutls_certificate_credentials_t;
978 typedef gnutls_certificate_credentials_t
979 gnutls_certificate_server_credentials;
980 typedef gnutls_certificate_credentials_t
981 gnutls_certificate_client_credentials;
983 typedef struct gnutls_anon_server_credentials_st
984 *gnutls_anon_server_credentials_t;
985 typedef struct gnutls_anon_client_credentials_st
986 *gnutls_anon_client_credentials_t;
988 void gnutls_anon_free_server_credentials (gnutls_anon_server_credentials_t
991 gnutls_anon_allocate_server_credentials (gnutls_anon_server_credentials_t
994 void gnutls_anon_set_server_dh_params (gnutls_anon_server_credentials_t res,
995 gnutls_dh_params_t dh_params);
998 gnutls_anon_set_server_params_function (gnutls_anon_server_credentials_t
1000 gnutls_params_function * func);
1003 gnutls_anon_free_client_credentials (gnutls_anon_client_credentials_t sc);
1005 gnutls_anon_allocate_client_credentials (gnutls_anon_client_credentials_t
1008 /* CERTFILE is an x509 certificate in PEM form.
1009 * KEYFILE is a pkcs-1 private key in PEM form (for RSA keys).
1012 gnutls_certificate_free_credentials (gnutls_certificate_credentials_t sc);
1014 gnutls_certificate_allocate_credentials (gnutls_certificate_credentials_t
1017 void gnutls_certificate_free_keys (gnutls_certificate_credentials_t sc);
1018 void gnutls_certificate_free_cas (gnutls_certificate_credentials_t sc);
1019 void gnutls_certificate_free_ca_names (gnutls_certificate_credentials_t sc);
1020 void gnutls_certificate_free_crls (gnutls_certificate_credentials_t sc);
1022 void gnutls_certificate_set_dh_params (gnutls_certificate_credentials_t res,
1023 gnutls_dh_params_t dh_params);
1025 gnutls_certificate_set_rsa_export_params (gnutls_certificate_credentials_t
1027 gnutls_rsa_params_t rsa_params);
1028 void gnutls_certificate_set_verify_flags (gnutls_certificate_credentials_t
1029 res, unsigned int flags);
1030 void gnutls_certificate_set_verify_limits (gnutls_certificate_credentials_t
1031 res, unsigned int max_bits,
1032 unsigned int max_depth);
1035 gnutls_certificate_set_x509_trust_file (gnutls_certificate_credentials_t
1036 res, const char *cafile,
1037 gnutls_x509_crt_fmt_t type);
1038 int gnutls_certificate_set_x509_trust_mem (gnutls_certificate_credentials_t
1039 res, const gnutls_datum_t * ca,
1040 gnutls_x509_crt_fmt_t type);
1043 gnutls_certificate_set_x509_crl_file (gnutls_certificate_credentials_t
1044 res, const char *crlfile,
1045 gnutls_x509_crt_fmt_t type);
1046 int gnutls_certificate_set_x509_crl_mem (gnutls_certificate_credentials_t
1047 res, const gnutls_datum_t * CRL,
1048 gnutls_x509_crt_fmt_t type);
1051 gnutls_certificate_set_x509_key_file (gnutls_certificate_credentials_t
1052 res, const char *certfile,
1053 const char *keyfile,
1054 gnutls_x509_crt_fmt_t type);
1055 int gnutls_certificate_set_x509_key_mem (gnutls_certificate_credentials_t
1056 res, const gnutls_datum_t * cert,
1057 const gnutls_datum_t * key,
1058 gnutls_x509_crt_fmt_t type);
1060 void gnutls_certificate_send_x509_rdn_sequence (gnutls_session_t session,
1063 int gnutls_certificate_set_x509_simple_pkcs12_file
1064 (gnutls_certificate_credentials_t res, const char *pkcs12file,
1065 gnutls_x509_crt_fmt_t type, const char *password);
1066 int gnutls_certificate_set_x509_simple_pkcs12_mem
1067 (gnutls_certificate_credentials_t res, const gnutls_datum_t * p12blob,
1068 gnutls_x509_crt_fmt_t type, const char *password);
1070 /* New functions to allow setting already parsed X.509 stuff.
1072 struct gnutls_x509_privkey_int;
1073 typedef struct gnutls_x509_privkey_int *gnutls_x509_privkey_t;
1075 struct gnutls_x509_crl_int;
1076 typedef struct gnutls_x509_crl_int *gnutls_x509_crl_t;
1078 struct gnutls_x509_crt_int;
1079 typedef struct gnutls_x509_crt_int *gnutls_x509_crt_t;
1081 struct gnutls_x509_crq_int;
1082 typedef struct gnutls_x509_crq_int *gnutls_x509_crq_t;
1084 struct gnutls_openpgp_keyring_int;
1085 typedef struct gnutls_openpgp_keyring_int *gnutls_openpgp_keyring_t;
1088 gnutls_certificate_get_issuer (gnutls_certificate_credentials_t sc,
1089 gnutls_x509_crt_t cert, gnutls_x509_crt_t* issuer, unsigned int flags);
1091 int gnutls_certificate_set_x509_key (gnutls_certificate_credentials_t res,
1092 gnutls_x509_crt_t * cert_list,
1094 gnutls_x509_privkey_t key);
1095 int gnutls_certificate_set_x509_trust (gnutls_certificate_credentials_t res,
1096 gnutls_x509_crt_t * ca_list,
1098 int gnutls_certificate_set_x509_crl (gnutls_certificate_credentials_t res,
1099 gnutls_x509_crl_t * crl_list,
1104 /* global state functions
1106 int gnutls_global_init (void);
1107 void gnutls_global_deinit (void);
1109 typedef time_t (*gnutls_time_func) (time_t *t);
1110 typedef int (*mutex_init_func) (void **mutex);
1111 typedef int (*mutex_lock_func) (void **mutex);
1112 typedef int (*mutex_unlock_func) (void **mutex);
1113 typedef int (*mutex_deinit_func) (void **mutex);
1115 void gnutls_global_set_mutex (mutex_init_func init, mutex_deinit_func deinit,
1116 mutex_lock_func lock, mutex_unlock_func unlock);
1118 typedef void *(*gnutls_alloc_function) (size_t);
1119 typedef void *(*gnutls_calloc_function) (size_t, size_t);
1120 typedef int (*gnutls_is_secure_function) (const void *);
1121 typedef void (*gnutls_free_function) (void *);
1122 typedef void *(*gnutls_realloc_function) (void *, size_t);
1125 gnutls_global_set_mem_functions (gnutls_alloc_function alloc_func,
1126 gnutls_alloc_function secure_alloc_func,
1127 gnutls_is_secure_function is_secure_func,
1128 gnutls_realloc_function realloc_func,
1129 gnutls_free_function free_func);
1131 void gnutls_global_set_time_function (gnutls_time_func);
1133 /* For use in callbacks */
1134 extern gnutls_alloc_function gnutls_malloc;
1135 extern gnutls_alloc_function gnutls_secure_malloc;
1136 extern gnutls_realloc_function gnutls_realloc;
1137 extern gnutls_calloc_function gnutls_calloc;
1138 extern gnutls_free_function gnutls_free;
1140 extern char *(*gnutls_strdup) (const char *);
1142 typedef void (*gnutls_log_func) (int, const char *);
1143 void gnutls_global_set_log_function (gnutls_log_func log_func);
1144 void gnutls_global_set_log_level (int level);
1146 /* Diffie-Hellman parameter handling.
1148 int gnutls_dh_params_init (gnutls_dh_params_t * dh_params);
1149 void gnutls_dh_params_deinit (gnutls_dh_params_t dh_params);
1150 int gnutls_dh_params_import_raw (gnutls_dh_params_t dh_params,
1151 const gnutls_datum_t * prime,
1152 const gnutls_datum_t * generator);
1153 int gnutls_dh_params_import_pkcs3 (gnutls_dh_params_t params,
1154 const gnutls_datum_t * pkcs3_params,
1155 gnutls_x509_crt_fmt_t format);
1156 int gnutls_dh_params_generate2 (gnutls_dh_params_t params,
1158 int gnutls_dh_params_export_pkcs3 (gnutls_dh_params_t params,
1159 gnutls_x509_crt_fmt_t format,
1160 unsigned char *params_data,
1161 size_t * params_data_size);
1162 int gnutls_dh_params_export_raw (gnutls_dh_params_t params,
1163 gnutls_datum_t * prime,
1164 gnutls_datum_t * generator,
1165 unsigned int *bits);
1166 int gnutls_dh_params_cpy (gnutls_dh_params_t dst, gnutls_dh_params_t src);
1171 int gnutls_rsa_params_init (gnutls_rsa_params_t * rsa_params);
1172 void gnutls_rsa_params_deinit (gnutls_rsa_params_t rsa_params);
1173 int gnutls_rsa_params_cpy (gnutls_rsa_params_t dst,
1174 gnutls_rsa_params_t src);
1175 int gnutls_rsa_params_import_raw (gnutls_rsa_params_t rsa_params,
1176 const gnutls_datum_t * m,
1177 const gnutls_datum_t * e,
1178 const gnutls_datum_t * d,
1179 const gnutls_datum_t * p,
1180 const gnutls_datum_t * q,
1181 const gnutls_datum_t * u);
1182 int gnutls_rsa_params_generate2 (gnutls_rsa_params_t params,
1184 int gnutls_rsa_params_export_raw (gnutls_rsa_params_t params,
1185 gnutls_datum_t * m, gnutls_datum_t * e,
1186 gnutls_datum_t * d, gnutls_datum_t * p,
1187 gnutls_datum_t * q, gnutls_datum_t * u,
1188 unsigned int *bits);
1189 int gnutls_rsa_params_export_pkcs1 (gnutls_rsa_params_t params,
1190 gnutls_x509_crt_fmt_t format,
1191 unsigned char *params_data,
1192 size_t * params_data_size);
1193 int gnutls_rsa_params_import_pkcs1 (gnutls_rsa_params_t params,
1194 const gnutls_datum_t * pkcs1_params,
1195 gnutls_x509_crt_fmt_t format);
1201 void *iov_base; /* Starting address */
1202 size_t iov_len; /* Number of bytes to transfer */
1205 typedef ssize_t (*gnutls_pull_func) (gnutls_transport_ptr_t, void *,
1207 typedef ssize_t (*gnutls_push_func) (gnutls_transport_ptr_t, const void *,
1210 typedef ssize_t (*gnutls_vec_push_func) (gnutls_transport_ptr_t,
1211 const giovec_t * iov, int iovcnt);
1213 typedef int (*gnutls_errno_func) (gnutls_transport_ptr_t);
1215 void gnutls_transport_set_ptr (gnutls_session_t session,
1216 gnutls_transport_ptr_t ptr);
1217 void gnutls_transport_set_ptr2 (gnutls_session_t session,
1218 gnutls_transport_ptr_t recv_ptr,
1219 gnutls_transport_ptr_t send_ptr);
1221 gnutls_transport_ptr_t gnutls_transport_get_ptr (gnutls_session_t session);
1222 void gnutls_transport_get_ptr2 (gnutls_session_t session,
1223 gnutls_transport_ptr_t * recv_ptr,
1224 gnutls_transport_ptr_t * send_ptr);
1228 void gnutls_transport_set_vec_push_function (gnutls_session_t session,
1229 gnutls_vec_push_func vec_func);
1230 void gnutls_transport_set_push_function (gnutls_session_t session,
1231 gnutls_push_func push_func);
1232 void gnutls_transport_set_pull_function (gnutls_session_t session,
1233 gnutls_pull_func pull_func);
1235 void gnutls_transport_set_errno_function (gnutls_session_t session,
1236 gnutls_errno_func errno_func);
1238 void gnutls_transport_set_errno (gnutls_session_t session, int err);
1242 void gnutls_session_set_ptr (gnutls_session_t session, void *ptr);
1243 void *gnutls_session_get_ptr (gnutls_session_t session);
1245 void gnutls_openpgp_send_cert (gnutls_session_t session,
1246 gnutls_openpgp_crt_status_t status);
1249 * Actually this function returns the hash of the given data.
1251 int gnutls_fingerprint (gnutls_digest_algorithm_t algo,
1252 const gnutls_datum_t * data, void *result,
1253 size_t * result_size);
1259 typedef struct gnutls_srp_server_credentials_st
1260 *gnutls_srp_server_credentials_t;
1261 typedef struct gnutls_srp_client_credentials_st
1262 *gnutls_srp_client_credentials_t;
1265 gnutls_srp_free_client_credentials (gnutls_srp_client_credentials_t sc);
1267 gnutls_srp_allocate_client_credentials (gnutls_srp_client_credentials_t *
1269 int gnutls_srp_set_client_credentials (gnutls_srp_client_credentials_t res,
1270 const char *username,
1271 const char *password);
1274 gnutls_srp_free_server_credentials (gnutls_srp_server_credentials_t sc);
1276 gnutls_srp_allocate_server_credentials (gnutls_srp_server_credentials_t *
1278 int gnutls_srp_set_server_credentials_file (gnutls_srp_server_credentials_t
1279 res, const char *password_file,
1280 const char *password_conf_file);
1282 const char *gnutls_srp_server_get_username (gnutls_session_t session);
1284 extern void gnutls_srp_set_prime_bits (gnutls_session_t session,
1287 int gnutls_srp_verifier (const char *username,
1288 const char *password,
1289 const gnutls_datum_t * salt,
1290 const gnutls_datum_t * generator,
1291 const gnutls_datum_t * prime,
1292 gnutls_datum_t * res);
1294 /* The static parameters defined in draft-ietf-tls-srp-05
1295 * Those should be used as input to gnutls_srp_verifier().
1297 extern const gnutls_datum_t gnutls_srp_2048_group_prime;
1298 extern const gnutls_datum_t gnutls_srp_2048_group_generator;
1300 extern const gnutls_datum_t gnutls_srp_1536_group_prime;
1301 extern const gnutls_datum_t gnutls_srp_1536_group_generator;
1303 extern const gnutls_datum_t gnutls_srp_1024_group_prime;
1304 extern const gnutls_datum_t gnutls_srp_1024_group_generator;
1306 typedef int gnutls_srp_server_credentials_function (gnutls_session_t,
1307 const char *username,
1308 gnutls_datum_t * salt,
1313 gnutls_datum_t * prime);
1315 gnutls_srp_set_server_credentials_function
1316 (gnutls_srp_server_credentials_t cred,
1317 gnutls_srp_server_credentials_function * func);
1319 typedef int gnutls_srp_client_credentials_function (gnutls_session_t,
1322 gnutls_srp_set_client_credentials_function
1323 (gnutls_srp_client_credentials_t cred,
1324 gnutls_srp_client_credentials_function * func);
1326 int gnutls_srp_base64_encode (const gnutls_datum_t * data, char *result,
1327 size_t * result_size);
1328 int gnutls_srp_base64_encode_alloc (const gnutls_datum_t * data,
1329 gnutls_datum_t * result);
1331 int gnutls_srp_base64_decode (const gnutls_datum_t * b64_data, char *result,
1332 size_t * result_size);
1333 int gnutls_srp_base64_decode_alloc (const gnutls_datum_t * b64_data,
1334 gnutls_datum_t * result);
1337 typedef struct gnutls_psk_server_credentials_st
1338 *gnutls_psk_server_credentials_t;
1339 typedef struct gnutls_psk_client_credentials_st
1340 *gnutls_psk_client_credentials_t;
1343 * gnutls_psk_key_flags:
1344 * @GNUTLS_PSK_KEY_RAW: PSK-key in raw format.
1345 * @GNUTLS_PSK_KEY_HEX: PSK-key in hex format.
1347 * Enumeration of different PSK key flags.
1349 typedef enum gnutls_psk_key_flags
1351 GNUTLS_PSK_KEY_RAW = 0,
1353 } gnutls_psk_key_flags;
1356 gnutls_psk_free_client_credentials (gnutls_psk_client_credentials_t sc);
1358 gnutls_psk_allocate_client_credentials (gnutls_psk_client_credentials_t *
1360 int gnutls_psk_set_client_credentials (gnutls_psk_client_credentials_t res,
1361 const char *username,
1362 const gnutls_datum_t * key,
1363 gnutls_psk_key_flags format);
1366 gnutls_psk_free_server_credentials (gnutls_psk_server_credentials_t sc);
1368 gnutls_psk_allocate_server_credentials (gnutls_psk_server_credentials_t *
1370 int gnutls_psk_set_server_credentials_file (gnutls_psk_server_credentials_t
1371 res, const char *password_file);
1374 gnutls_psk_set_server_credentials_hint (gnutls_psk_server_credentials_t
1375 res, const char *hint);
1377 const char *gnutls_psk_server_get_username (gnutls_session_t session);
1378 const char *gnutls_psk_client_get_hint (gnutls_session_t session);
1380 typedef int gnutls_psk_server_credentials_function (gnutls_session_t,
1381 const char *username,
1382 gnutls_datum_t * key);
1384 gnutls_psk_set_server_credentials_function
1385 (gnutls_psk_server_credentials_t cred,
1386 gnutls_psk_server_credentials_function * func);
1388 typedef int gnutls_psk_client_credentials_function (gnutls_session_t,
1390 gnutls_datum_t * key);
1392 gnutls_psk_set_client_credentials_function
1393 (gnutls_psk_client_credentials_t cred,
1394 gnutls_psk_client_credentials_function * func);
1396 int gnutls_hex_encode (const gnutls_datum_t * data, char *result,
1397 size_t * result_size);
1398 int gnutls_hex_decode (const gnutls_datum_t * hex_data, char *result,
1399 size_t * result_size);
1402 gnutls_psk_set_server_dh_params (gnutls_psk_server_credentials_t res,
1403 gnutls_dh_params_t dh_params);
1406 gnutls_psk_set_server_params_function (gnutls_psk_server_credentials_t
1408 gnutls_params_function * func);
1411 * gnutls_x509_subject_alt_name_t:
1412 * @GNUTLS_SAN_DNSNAME: DNS-name SAN.
1413 * @GNUTLS_SAN_RFC822NAME: E-mail address SAN.
1414 * @GNUTLS_SAN_URI: URI SAN.
1415 * @GNUTLS_SAN_IPADDRESS: IP address SAN.
1416 * @GNUTLS_SAN_OTHERNAME: OtherName SAN.
1417 * @GNUTLS_SAN_DN: DN SAN.
1418 * @GNUTLS_SAN_OTHERNAME_XMPP: Virtual SAN, used by
1419 * gnutls_x509_crt_get_subject_alt_othername_oid().
1421 * Enumeration of different subject alternative names types.
1423 typedef enum gnutls_x509_subject_alt_name_t
1425 GNUTLS_SAN_DNSNAME = 1,
1426 GNUTLS_SAN_RFC822NAME = 2,
1428 GNUTLS_SAN_IPADDRESS = 4,
1429 GNUTLS_SAN_OTHERNAME = 5,
1431 /* The following are "virtual" subject alternative name types, in
1432 that they are represented by an otherName value and an OID.
1433 Used by gnutls_x509_crt_get_subject_alt_othername_oid(). */
1434 GNUTLS_SAN_OTHERNAME_XMPP = 1000
1435 } gnutls_x509_subject_alt_name_t;
1437 struct gnutls_openpgp_crt_int;
1438 typedef struct gnutls_openpgp_crt_int *gnutls_openpgp_crt_t;
1440 struct gnutls_openpgp_privkey_int;
1441 typedef struct gnutls_openpgp_privkey_int *gnutls_openpgp_privkey_t;
1443 struct gnutls_pkcs11_privkey_st;
1444 typedef struct gnutls_pkcs11_privkey_st *gnutls_pkcs11_privkey_t;
1448 GNUTLS_PRIVKEY_X509, /* gnutls_x509_privkey_t */
1449 GNUTLS_PRIVKEY_OPENPGP, /* gnutls_openpgp_privkey_t */
1450 GNUTLS_PRIVKEY_PKCS11 /* gnutls_pkcs11_privkey_t */
1451 } gnutls_privkey_type_t;
1453 typedef struct gnutls_retr2_st
1455 gnutls_certificate_type_t cert_type;
1456 gnutls_privkey_type_t key_type;
1460 gnutls_x509_crt_t *x509;
1461 gnutls_openpgp_crt_t pgp;
1463 unsigned int ncerts; /* one for pgp keys */
1467 gnutls_x509_privkey_t x509;
1468 gnutls_openpgp_privkey_t pgp;
1469 gnutls_pkcs11_privkey_t pkcs11;
1472 unsigned int deinit_all; /* if non zero all keys will be deinited */
1476 /* Functions that allow auth_info_t structures handling
1479 gnutls_credentials_type_t gnutls_auth_get_type (gnutls_session_t session);
1480 gnutls_credentials_type_t
1481 gnutls_auth_server_get_type (gnutls_session_t session);
1482 gnutls_credentials_type_t
1483 gnutls_auth_client_get_type (gnutls_session_t session);
1487 void gnutls_dh_set_prime_bits (gnutls_session_t session, unsigned int bits);
1488 int gnutls_dh_get_secret_bits (gnutls_session_t session);
1489 int gnutls_dh_get_peers_public_bits (gnutls_session_t session);
1490 int gnutls_dh_get_prime_bits (gnutls_session_t session);
1492 int gnutls_dh_get_group (gnutls_session_t session, gnutls_datum_t * raw_gen,
1493 gnutls_datum_t * raw_prime);
1494 int gnutls_dh_get_pubkey (gnutls_session_t session,
1495 gnutls_datum_t * raw_key);
1498 int gnutls_rsa_export_get_pubkey (gnutls_session_t session,
1499 gnutls_datum_t * exponent,
1500 gnutls_datum_t * modulus);
1501 int gnutls_rsa_export_get_modulus_bits (gnutls_session_t session);
1506 /* These are set on the credentials structure.
1509 typedef int gnutls_certificate_retrieve_function (gnutls_session_t,
1515 gnutls_pk_algorithm_t
1522 void gnutls_certificate_set_retrieve_function
1523 (gnutls_certificate_credentials_t cred,
1524 gnutls_certificate_retrieve_function * func);
1526 typedef int gnutls_certificate_verify_function (gnutls_session_t);
1528 gnutls_certificate_set_verify_function (gnutls_certificate_credentials_t
1530 gnutls_certificate_verify_function
1534 gnutls_certificate_server_set_request (gnutls_session_t session,
1535 gnutls_certificate_request_t req);
1537 /* get data from the session
1539 const gnutls_datum_t *gnutls_certificate_get_peers (gnutls_session_t
1543 const gnutls_datum_t *gnutls_certificate_get_ours (gnutls_session_t
1546 time_t gnutls_certificate_activation_time_peers (gnutls_session_t session);
1547 time_t gnutls_certificate_expiration_time_peers (gnutls_session_t session);
1549 int gnutls_certificate_client_get_request_status (gnutls_session_t session);
1550 int gnutls_certificate_verify_peers2 (gnutls_session_t session,
1551 unsigned int *status);
1553 int gnutls_pem_base64_encode (const char *msg, const gnutls_datum_t * data,
1554 char *result, size_t * result_size);
1555 int gnutls_pem_base64_decode (const char *header,
1556 const gnutls_datum_t * b64_data,
1557 unsigned char *result, size_t * result_size);
1559 int gnutls_pem_base64_encode_alloc (const char *msg,
1560 const gnutls_datum_t * data,
1561 gnutls_datum_t * result);
1562 int gnutls_pem_base64_decode_alloc (const char *header,
1563 const gnutls_datum_t * b64_data,
1564 gnutls_datum_t * result);
1566 /* key_usage will be an OR of the following values:
1569 /* when the key is to be used for signing: */
1570 #define GNUTLS_KEY_DIGITAL_SIGNATURE 128
1571 #define GNUTLS_KEY_NON_REPUDIATION 64
1572 /* when the key is to be used for encryption: */
1573 #define GNUTLS_KEY_KEY_ENCIPHERMENT 32
1574 #define GNUTLS_KEY_DATA_ENCIPHERMENT 16
1575 #define GNUTLS_KEY_KEY_AGREEMENT 8
1576 #define GNUTLS_KEY_KEY_CERT_SIGN 4
1577 #define GNUTLS_KEY_CRL_SIGN 2
1578 #define GNUTLS_KEY_ENCIPHER_ONLY 1
1579 #define GNUTLS_KEY_DECIPHER_ONLY 32768
1582 gnutls_certificate_set_params_function (gnutls_certificate_credentials_t
1584 gnutls_params_function * func);
1585 void gnutls_anon_set_params_function (gnutls_anon_server_credentials_t res,
1586 gnutls_params_function * func);
1587 void gnutls_psk_set_params_function (gnutls_psk_server_credentials_t res,
1588 gnutls_params_function * func);
1590 int gnutls_hex2bin (const char *hex_data, size_t hex_size,
1591 char *bin_data, size_t * bin_size);
1593 /* Gnutls error codes. The mapping to a TLS alert is also shown in
1597 #define GNUTLS_E_SUCCESS 0
1598 #define GNUTLS_E_UNKNOWN_COMPRESSION_ALGORITHM -3
1599 #define GNUTLS_E_UNKNOWN_CIPHER_TYPE -6
1600 #define GNUTLS_E_LARGE_PACKET -7
1601 #define GNUTLS_E_UNSUPPORTED_VERSION_PACKET -8 /* GNUTLS_A_PROTOCOL_VERSION */
1602 #define GNUTLS_E_UNEXPECTED_PACKET_LENGTH -9 /* GNUTLS_A_RECORD_OVERFLOW */
1603 #define GNUTLS_E_INVALID_SESSION -10
1604 #define GNUTLS_E_FATAL_ALERT_RECEIVED -12
1605 #define GNUTLS_E_UNEXPECTED_PACKET -15 /* GNUTLS_A_UNEXPECTED_MESSAGE */
1606 #define GNUTLS_E_WARNING_ALERT_RECEIVED -16
1607 #define GNUTLS_E_ERROR_IN_FINISHED_PACKET -18
1608 #define GNUTLS_E_UNEXPECTED_HANDSHAKE_PACKET -19
1609 #define GNUTLS_E_UNKNOWN_CIPHER_SUITE -21 /* GNUTLS_A_HANDSHAKE_FAILURE */
1610 #define GNUTLS_E_UNWANTED_ALGORITHM -22
1611 #define GNUTLS_E_MPI_SCAN_FAILED -23
1612 #define GNUTLS_E_DECRYPTION_FAILED -24 /* GNUTLS_A_DECRYPTION_FAILED, GNUTLS_A_BAD_RECORD_MAC */
1613 #define GNUTLS_E_MEMORY_ERROR -25
1614 #define GNUTLS_E_DECOMPRESSION_FAILED -26 /* GNUTLS_A_DECOMPRESSION_FAILURE */
1615 #define GNUTLS_E_COMPRESSION_FAILED -27
1616 #define GNUTLS_E_AGAIN -28
1617 #define GNUTLS_E_EXPIRED -29
1618 #define GNUTLS_E_DB_ERROR -30
1619 #define GNUTLS_E_SRP_PWD_ERROR -31
1620 #define GNUTLS_E_INSUFFICIENT_CREDENTIALS -32
1621 #define GNUTLS_E_INSUFICIENT_CREDENTIALS GNUTLS_E_INSUFFICIENT_CREDENTIALS /* for backwards compatibility only */
1622 #define GNUTLS_E_INSUFFICIENT_CRED GNUTLS_E_INSUFFICIENT_CREDENTIALS
1623 #define GNUTLS_E_INSUFICIENT_CRED GNUTLS_E_INSUFFICIENT_CREDENTIALS /* for backwards compatibility only */
1625 #define GNUTLS_E_HASH_FAILED -33
1626 #define GNUTLS_E_BASE64_DECODING_ERROR -34
1628 #define GNUTLS_E_MPI_PRINT_FAILED -35
1629 #define GNUTLS_E_REHANDSHAKE -37 /* GNUTLS_A_NO_RENEGOTIATION */
1630 #define GNUTLS_E_GOT_APPLICATION_DATA -38
1631 #define GNUTLS_E_RECORD_LIMIT_REACHED -39
1632 #define GNUTLS_E_ENCRYPTION_FAILED -40
1634 #define GNUTLS_E_PK_ENCRYPTION_FAILED -44
1635 #define GNUTLS_E_PK_DECRYPTION_FAILED -45
1636 #define GNUTLS_E_PK_SIGN_FAILED -46
1637 #define GNUTLS_E_X509_UNSUPPORTED_CRITICAL_EXTENSION -47
1638 #define GNUTLS_E_KEY_USAGE_VIOLATION -48
1639 #define GNUTLS_E_NO_CERTIFICATE_FOUND -49 /* GNUTLS_A_BAD_CERTIFICATE */
1640 #define GNUTLS_E_INVALID_REQUEST -50
1641 #define GNUTLS_E_SHORT_MEMORY_BUFFER -51
1642 #define GNUTLS_E_INTERRUPTED -52
1643 #define GNUTLS_E_PUSH_ERROR -53
1644 #define GNUTLS_E_PULL_ERROR -54
1645 #define GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER -55 /* GNUTLS_A_ILLEGAL_PARAMETER */
1646 #define GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE -56
1647 #define GNUTLS_E_PKCS1_WRONG_PAD -57
1648 #define GNUTLS_E_RECEIVED_ILLEGAL_EXTENSION -58
1649 #define GNUTLS_E_INTERNAL_ERROR -59
1650 #define GNUTLS_E_DH_PRIME_UNACCEPTABLE -63
1651 #define GNUTLS_E_FILE_ERROR -64
1652 #define GNUTLS_E_TOO_MANY_EMPTY_PACKETS -78
1653 #define GNUTLS_E_UNKNOWN_PK_ALGORITHM -80
1656 /* returned if libextra functionality was requested but
1657 * gnutls_global_init_extra() was not called.
1659 #define GNUTLS_E_INIT_LIBEXTRA -82
1660 #define GNUTLS_E_LIBRARY_VERSION_MISMATCH -83
1663 /* returned if you need to generate temporary RSA
1664 * parameters. These are needed for export cipher suites.
1666 #define GNUTLS_E_NO_TEMPORARY_RSA_PARAMS -84
1668 #define GNUTLS_E_LZO_INIT_FAILED -85
1669 #define GNUTLS_E_NO_COMPRESSION_ALGORITHMS -86
1670 #define GNUTLS_E_NO_CIPHER_SUITES -87
1672 #define GNUTLS_E_OPENPGP_GETKEY_FAILED -88
1673 #define GNUTLS_E_PK_SIG_VERIFY_FAILED -89
1675 #define GNUTLS_E_ILLEGAL_SRP_USERNAME -90
1676 #define GNUTLS_E_SRP_PWD_PARSING_ERROR -91
1677 #define GNUTLS_E_NO_TEMPORARY_DH_PARAMS -93
1679 /* For certificate and key stuff
1681 #define GNUTLS_E_ASN1_ELEMENT_NOT_FOUND -67
1682 #define GNUTLS_E_ASN1_IDENTIFIER_NOT_FOUND -68
1683 #define GNUTLS_E_ASN1_DER_ERROR -69
1684 #define GNUTLS_E_ASN1_VALUE_NOT_FOUND -70
1685 #define GNUTLS_E_ASN1_GENERIC_ERROR -71
1686 #define GNUTLS_E_ASN1_VALUE_NOT_VALID -72
1687 #define GNUTLS_E_ASN1_TAG_ERROR -73
1688 #define GNUTLS_E_ASN1_TAG_IMPLICIT -74
1689 #define GNUTLS_E_ASN1_TYPE_ANY_ERROR -75
1690 #define GNUTLS_E_ASN1_SYNTAX_ERROR -76
1691 #define GNUTLS_E_ASN1_DER_OVERFLOW -77
1692 #define GNUTLS_E_OPENPGP_UID_REVOKED -79
1693 #define GNUTLS_E_CERTIFICATE_ERROR -43
1694 #define GNUTLS_E_X509_CERTIFICATE_ERROR GNUTLS_E_CERTIFICATE_ERROR
1695 #define GNUTLS_E_CERTIFICATE_KEY_MISMATCH -60
1696 #define GNUTLS_E_UNSUPPORTED_CERTIFICATE_TYPE -61 /* GNUTLS_A_UNSUPPORTED_CERTIFICATE */
1697 #define GNUTLS_E_X509_UNKNOWN_SAN -62
1698 #define GNUTLS_E_OPENPGP_FINGERPRINT_UNSUPPORTED -94
1699 #define GNUTLS_E_X509_UNSUPPORTED_ATTRIBUTE -95
1700 #define GNUTLS_E_UNKNOWN_HASH_ALGORITHM -96
1701 #define GNUTLS_E_UNKNOWN_PKCS_CONTENT_TYPE -97
1702 #define GNUTLS_E_UNKNOWN_PKCS_BAG_TYPE -98
1703 #define GNUTLS_E_INVALID_PASSWORD -99
1704 #define GNUTLS_E_MAC_VERIFY_FAILED -100 /* for PKCS #12 MAC */
1705 #define GNUTLS_E_CONSTRAINT_ERROR -101
1707 #define GNUTLS_E_WARNING_IA_IPHF_RECEIVED -102
1708 #define GNUTLS_E_WARNING_IA_FPHF_RECEIVED -103
1710 #define GNUTLS_E_IA_VERIFY_FAILED -104
1711 #define GNUTLS_E_UNKNOWN_ALGORITHM -105
1712 #define GNUTLS_E_UNSUPPORTED_SIGNATURE_ALGORITHM -106
1713 #define GNUTLS_E_SAFE_RENEGOTIATION_FAILED -107
1714 #define GNUTLS_E_UNSAFE_RENEGOTIATION_DENIED -108
1715 #define GNUTLS_E_UNKNOWN_SRP_USERNAME -109
1717 #define GNUTLS_E_BASE64_ENCODING_ERROR -201
1718 #define GNUTLS_E_INCOMPATIBLE_GCRYPT_LIBRARY -202 /* obsolete */
1719 #define GNUTLS_E_INCOMPATIBLE_CRYPTO_LIBRARY -202
1720 #define GNUTLS_E_INCOMPATIBLE_LIBTASN1_LIBRARY -203
1722 #define GNUTLS_E_OPENPGP_KEYRING_ERROR -204
1723 #define GNUTLS_E_X509_UNSUPPORTED_OID -205
1725 #define GNUTLS_E_RANDOM_FAILED -206
1726 #define GNUTLS_E_BASE64_UNEXPECTED_HEADER_ERROR -207
1728 #define GNUTLS_E_OPENPGP_SUBKEY_ERROR -208
1730 #define GNUTLS_E_CRYPTO_ALREADY_REGISTERED -209
1732 #define GNUTLS_E_HANDSHAKE_TOO_LARGE -210
1734 #define GNUTLS_E_CRYPTODEV_IOCTL_ERROR -211
1735 #define GNUTLS_E_CRYPTODEV_DEVICE_ERROR -212
1737 #define GNUTLS_E_CHANNEL_BINDING_NOT_AVAILABLE -213
1738 #define GNUTLS_E_OPENPGP_PREFERRED_KEY_ERROR -215
1739 #define GNUTLS_E_INCOMPAT_DSA_KEY_WITH_TLS_PROTOCOL -216
1741 /* PKCS11 related */
1742 #define GNUTLS_E_PKCS11_ERROR -300
1743 #define GNUTLS_E_PKCS11_LOAD_ERROR -301
1744 #define GNUTLS_E_PARSING_ERROR -302
1745 #define GNUTLS_E_PKCS11_PIN_ERROR -303
1747 #define GNUTLS_E_PKCS11_SLOT_ERROR -305
1748 #define GNUTLS_E_LOCKING_ERROR -306
1749 #define GNUTLS_E_PKCS11_ATTRIBUTE_ERROR -307
1750 #define GNUTLS_E_PKCS11_DEVICE_ERROR -308
1751 #define GNUTLS_E_PKCS11_DATA_ERROR -309
1752 #define GNUTLS_E_PKCS11_UNSUPPORTED_FEATURE_ERROR -310
1753 #define GNUTLS_E_PKCS11_KEY_ERROR -311
1754 #define GNUTLS_E_PKCS11_PIN_EXPIRED -312
1755 #define GNUTLS_E_PKCS11_PIN_LOCKED -313
1756 #define GNUTLS_E_PKCS11_SESSION_ERROR -314
1757 #define GNUTLS_E_PKCS11_SIGNATURE_ERROR -315
1758 #define GNUTLS_E_PKCS11_TOKEN_ERROR -316
1759 #define GNUTLS_E_PKCS11_USER_ERROR -317
1761 #define GNUTLS_E_CRYPTO_INIT_FAILED -318
1762 #define GNUTLS_E_CERTIFICATE_LIST_UNSORTED -324
1764 #define GNUTLS_E_UNIMPLEMENTED_FEATURE -1250
1768 #define GNUTLS_E_APPLICATION_ERROR_MAX -65000
1769 #define GNUTLS_E_APPLICATION_ERROR_MIN -65500
1775 #include <gnutls/compat.h>
1777 #endif /* GNUTLS_H */