lib/includes/gnutls/gnutls.h.in

   1 /* -*- c -*-
   2  * Copyright (C) 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008,
   3  * 2009, 2010 Free Software Foundation, Inc.
   4  *
   5  * Author: Nikos Mavroyanopoulos
   6  *
   7  * This file is part of GnuTLS.
   8  *
   9  * The GnuTLS is free software; you can redistribute it and/or
  10  * modify it under the terms of the GNU Lesser General Public License
  11  * as published by the Free Software Foundation; either version 2.1 of
  12  * the License, or (at your option) any later version.
  13  *
  14  * This library is distributed in the hope that it will be useful, but
  15  * WITHOUT ANY WARRANTY; without even the implied warranty of
  16  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
  17  * Lesser General Public License for more details.
  18  *
  19  * You should have received a copy of the GNU Lesser General Public
  20  * License along with this library; if not, write to the Free Software
  21  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301
  22  * USA
  23  *
  24  */
  25
  26 /* This file contains the types and prototypes for all the
  27  * high level functionality of gnutls main library. For the
  28  * extra functionality (which is under the GNU GPL license) check
  29  * the gnutls/extra.h header. The openssl compatibility layer is
  30  * in gnutls/openssl.h.
  31  *
  32  * The low level cipher functionality is in libgcrypt. Check
  33  * gcrypt.h
  34  */
  35
  36
  37 #ifndef GNUTLS_H
  38 #define GNUTLS_H
  39
  40 /* Get size_t. */
  41 #include <stddef.h>
  42 /* Get ssize_t. */
  43 #ifndef HAVE_SSIZE_T
  44 #define HAVE_SSIZE_T
  45 /* *INDENT-OFF* */
  46 @DEFINE_SSIZE_T@
  47 /* *INDENT-ON* */
  48 #endif
  49 /* Get time_t. */
  50 #include <time.h>
  51 #ifdef __cplusplus
  52 extern "C"
  53 {
  54 #endif
  55
  56 #define GNUTLS_VERSION "@VERSION@"
  57
  58 #define GNUTLS_VERSION_MAJOR @MAJOR_VERSION@
  59 #define GNUTLS_VERSION_MINOR @MINOR_VERSION@
  60 #define GNUTLS_VERSION_PATCH @PATCH_VERSION@
  61
  62 #define GNUTLS_VERSION_NUMBER @NUMBER_VERSION@
  63
  64 #define GNUTLS_CIPHER_RIJNDAEL_128_CBC GNUTLS_CIPHER_AES_128_CBC
  65 #define GNUTLS_CIPHER_RIJNDAEL_256_CBC GNUTLS_CIPHER_AES_256_CBC
  66 #define GNUTLS_CIPHER_RIJNDAEL_CBC GNUTLS_CIPHER_AES_128_CBC
  67 #define GNUTLS_CIPHER_ARCFOUR GNUTLS_CIPHER_ARCFOUR_128
  68
  69   /**
  70    * gnutls_cipher_algorithm_t:
  71    * @GNUTLS_CIPHER_UNKNOWN: Unknown algorithm.
  72    * @GNUTLS_CIPHER_NULL: NULL algorithm.
  73    * @GNUTLS_CIPHER_ARCFOUR_128: ARCFOUR stream cipher with 128-bit keys.
  74    * @GNUTLS_CIPHER_3DES_CBC: 3DES in CBC mode.
  75    * @GNUTLS_CIPHER_AES_128_CBC: AES in CBC mode with 128-bit keys.
  76    * @GNUTLS_CIPHER_AES_256_CBC: AES in CBC mode with 256-bit keys.
  77    * @GNUTLS_CIPHER_ARCFOUR_40: ARCFOUR stream cipher with 40-bit keys.
  78    * @GNUTLS_CIPHER_CAMELLIA_128_CBC: Camellia in CBC mode with 128-bit keys.
  79    * @GNUTLS_CIPHER_CAMELLIA_256_CBC: Camellia in CBC mode with 256-bit keys.
  80    * @GNUTLS_CIPHER_RC2_40_CBC: RC2 in CBC mode with 40-bit keys.
  81    * @GNUTLS_CIPHER_DES_CBC: DES in CBC mode (56-bit keys).
  82    * @GNUTLS_CIPHER_AES_192_CBC: AES in CBC mode with 192-bit keys.
  83    * @GNUTLS_CIPHER_IDEA_PGP_CFB: IDEA in CFB mode.
  84    * @GNUTLS_CIPHER_3DES_PGP_CFB: 3DES in CFB mode.
  85    * @GNUTLS_CIPHER_CAST5_PGP_CFB: CAST5 in CFB mode.
  86    * @GNUTLS_CIPHER_BLOWFISH_PGP_CFB: Blowfish in CFB mode.
  87    * @GNUTLS_CIPHER_SAFER_SK128_PGP_CFB: Safer-SK in CFB mode with 128-bit keys.
  88    * @GNUTLS_CIPHER_AES128_PGP_CFB: AES in CFB mode with 128-bit keys.
  89    * @GNUTLS_CIPHER_AES192_PGP_CFB: AES in CFB mode with 192-bit keys.
  90    * @GNUTLS_CIPHER_AES256_PGP_CFB: AES in CFB mode with 256-bit keys.
  91    * @GNUTLS_CIPHER_TWOFISH_PGP_CFB: Twofish in CFB mode.
  92    *
  93    * Enumeration of different symmetric encryption algorithms.
  94    */
  95   typedef enum gnutls_cipher_algorithm
  96   {
  97     GNUTLS_CIPHER_UNKNOWN = 0,
  98     GNUTLS_CIPHER_NULL = 1,
  99     GNUTLS_CIPHER_ARCFOUR_128 = 2,
 100     GNUTLS_CIPHER_3DES_CBC = 3,
 101     GNUTLS_CIPHER_AES_128_CBC = 4,
 102     GNUTLS_CIPHER_AES_256_CBC = 5,
 103     GNUTLS_CIPHER_ARCFOUR_40 = 6,
 104     GNUTLS_CIPHER_CAMELLIA_128_CBC = 7,
 105     GNUTLS_CIPHER_CAMELLIA_256_CBC = 8,
 106     GNUTLS_CIPHER_RC2_40_CBC = 90,
 107     GNUTLS_CIPHER_DES_CBC = 91,
 108     GNUTLS_CIPHER_AES_192_CBC = 92,
 109
 110     /* used only for PGP internals. Ignored in TLS/SSL
 111      */
 112     GNUTLS_CIPHER_IDEA_PGP_CFB = 200,
 113     GNUTLS_CIPHER_3DES_PGP_CFB = 201,
 114     GNUTLS_CIPHER_CAST5_PGP_CFB = 202,
 115     GNUTLS_CIPHER_BLOWFISH_PGP_CFB = 203,
 116     GNUTLS_CIPHER_SAFER_SK128_PGP_CFB = 204,
 117     GNUTLS_CIPHER_AES128_PGP_CFB = 205,
 118     GNUTLS_CIPHER_AES192_PGP_CFB = 206,
 119     GNUTLS_CIPHER_AES256_PGP_CFB = 207,
 120     GNUTLS_CIPHER_TWOFISH_PGP_CFB = 208
 121   } gnutls_cipher_algorithm_t;
 122
 123   /**
 124    * gnutls_kx_algorithm_t:
 125    * @GNUTLS_KX_UNKNOWN: Unknown key-exchange algorithm.
 126    * @GNUTLS_KX_RSA: RSA key-exchange algorithm.
 127    * @GNUTLS_KX_DHE_DSS: DHE-DSS key-exchange algorithm.
 128    * @GNUTLS_KX_DHE_RSA: DHE-RSA key-exchange algorithm.
 129    * @GNUTLS_KX_ANON_DH: Anon-DH key-exchange algorithm.
 130    * @GNUTLS_KX_SRP: SRP key-exchange algorithm.
 131    * @GNUTLS_KX_RSA_EXPORT: RSA-EXPORT key-exchange algorithm.
 132    * @GNUTLS_KX_SRP_RSA: SRP-RSA key-exchange algorithm.
 133    * @GNUTLS_KX_SRP_DSS: SRP-DSS key-exchange algorithm.
 134    * @GNUTLS_KX_PSK: PSK key-exchange algorithm.
 135    * @GNUTLS_KX_DHE_PSK: DHE-PSK key-exchange algorithm.
 136    *
 137    * Enumeration of different key exchange algorithms.
 138    */
 139   typedef enum
 140   {
 141     GNUTLS_KX_UNKNOWN = 0,
 142     GNUTLS_KX_RSA = 1,
 143     GNUTLS_KX_DHE_DSS = 2,
 144     GNUTLS_KX_DHE_RSA = 3,
 145     GNUTLS_KX_ANON_DH = 4,
 146     GNUTLS_KX_SRP = 5,
 147     GNUTLS_KX_RSA_EXPORT = 6,
 148     GNUTLS_KX_SRP_RSA = 7,
 149     GNUTLS_KX_SRP_DSS = 8,
 150     GNUTLS_KX_PSK = 9,
 151     GNUTLS_KX_DHE_PSK = 10
 152   } gnutls_kx_algorithm_t;
 153
 154   /**
 155    * gnutls_params_type_t:
 156    * @GNUTLS_PARAMS_RSA_EXPORT: Session RSA-EXPORT parameters.
 157    * @GNUTLS_PARAMS_DH: Session Diffie-Hellman parameters.
 158    *
 159    * Enumeration of different TLS session parameter types.
 160    */
 161   typedef enum
 162   {
 163     GNUTLS_PARAMS_RSA_EXPORT = 1,
 164     GNUTLS_PARAMS_DH = 2
 165   } gnutls_params_type_t;
 166
 167   /**
 168    * gnutls_credentials_type_t:
 169    * @GNUTLS_CRD_CERTIFICATE: Certificate credential.
 170    * @GNUTLS_CRD_ANON: Anonymous credential.
 171    * @GNUTLS_CRD_SRP: SRP credential.
 172    * @GNUTLS_CRD_PSK: PSK credential.
 173    * @GNUTLS_CRD_IA: IA credential.
 174    *
 175    * Enumeration of different credential types.
 176    */
 177   typedef enum
 178   {
 179     GNUTLS_CRD_CERTIFICATE = 1,
 180     GNUTLS_CRD_ANON,
 181     GNUTLS_CRD_SRP,
 182     GNUTLS_CRD_PSK,
 183     GNUTLS_CRD_IA
 184   } gnutls_credentials_type_t;
 185
 186 #define GNUTLS_MAC_SHA GNUTLS_MAC_SHA1
 187 #define GNUTLS_DIG_SHA GNUTLS_DIG_SHA1
 188
 189   /**
 190    * gnutls_mac_algorithm_t:
 191    * @GNUTLS_MAC_UNKNOWN: Unknown MAC algorithm.
 192    * @GNUTLS_MAC_NULL: NULL MAC algorithm (empty output).
 193    * @GNUTLS_MAC_MD5: HMAC-MD5 algorithm.
 194    * @GNUTLS_MAC_SHA1: HMAC-SHA-1 algorithm.
 195    * @GNUTLS_MAC_RMD160: HMAC-RMD160 algorithm.
 196    * @GNUTLS_MAC_MD2: HMAC-MD2 algorithm.
 197    * @GNUTLS_MAC_SHA256: HMAC-SHA-256 algorithm.
 198    * @GNUTLS_MAC_SHA384: HMAC-SHA-384 algorithm.
 199    * @GNUTLS_MAC_SHA512: HMAC-SHA-512 algorithm.
 200    * @GNUTLS_MAC_SHA224: HMAC-SHA-224 algorithm.
 201    *
 202    * Enumeration of different Message Authentication Code (MAC)
 203    * algorithms.
 204    */
 205   typedef enum
 206   {
 207     GNUTLS_MAC_UNKNOWN = 0,
 208     GNUTLS_MAC_NULL = 1,
 209     GNUTLS_MAC_MD5 = 2,
 210     GNUTLS_MAC_SHA1 = 3,
 211     GNUTLS_MAC_RMD160 = 4,
 212     GNUTLS_MAC_MD2 = 5,
 213     GNUTLS_MAC_SHA256 = 6,
 214     GNUTLS_MAC_SHA384 = 7,
 215     GNUTLS_MAC_SHA512 = 8,
 216     GNUTLS_MAC_SHA224 = 9
 217       /* If you add anything here, make sure you align with
 218          gnutls_digest_algorithm_t. */
 219   } gnutls_mac_algorithm_t;
 220
 221   /**
 222    * gnutls_digest_algorithm_t:
 223    * @GNUTLS_DIG_UNKNOWN: Unknown hash algorithm.
 224    * @GNUTLS_DIG_NULL: NULL hash algorithm (empty output).
 225    * @GNUTLS_DIG_MD5: MD5 algorithm.
 226    * @GNUTLS_DIG_SHA1: SHA-1 algorithm.
 227    * @GNUTLS_DIG_RMD160: RMD160 algorithm.
 228    * @GNUTLS_DIG_MD2: MD2 algorithm.
 229    * @GNUTLS_DIG_SHA256: SHA-256 algorithm.
 230    * @GNUTLS_DIG_SHA384: SHA-384 algorithm.
 231    * @GNUTLS_DIG_SHA512: SHA-512 algorithm.
 232    * @GNUTLS_DIG_SHA224: SHA-224 algorithm.
 233    *
 234    * Enumeration of different digest (hash) algorithms.
 235    */
 236   typedef enum
 237   {
 238     GNUTLS_DIG_UNKNOWN = GNUTLS_MAC_UNKNOWN,
 239     GNUTLS_DIG_NULL = GNUTLS_MAC_NULL,
 240     GNUTLS_DIG_MD5 = GNUTLS_MAC_MD5,
 241     GNUTLS_DIG_SHA1 = GNUTLS_MAC_SHA1,
 242     GNUTLS_DIG_RMD160 = GNUTLS_MAC_RMD160,
 243     GNUTLS_DIG_MD2 = GNUTLS_MAC_MD2,
 244     GNUTLS_DIG_SHA256 = GNUTLS_MAC_SHA256,
 245     GNUTLS_DIG_SHA384 = GNUTLS_MAC_SHA384,
 246     GNUTLS_DIG_SHA512 = GNUTLS_MAC_SHA512,
 247     GNUTLS_DIG_SHA224 = GNUTLS_MAC_SHA224
 248       /* If you add anything here, make sure you align with
 249          gnutls_mac_algorithm_t. */
 250   } gnutls_digest_algorithm_t;
 251
 252   /* exported for other gnutls headers. This is the maximum number of
 253    * algorithms (ciphers, kx or macs).
 254    */
 255 #define GNUTLS_MAX_ALGORITHM_NUM 16
 256
 257   /**
 258    * gnutls_compression_method_t:
 259    * @GNUTLS_COMP_UNKNOWN: Unknown compression method.
 260    * @GNUTLS_COMP_NULL: The NULL compression method (uncompressed).
 261    * @GNUTLS_COMP_DEFLATE: The deflate/zlib compression method.
 262    * @GNUTLS_COMP_ZLIB: Same as %GNUTLS_COMP_DEFLATE.
 263    * @GNUTLS_COMP_LZO: The non-standard LZO compression method.
 264    *
 265    * Enumeration of different TLS compression methods.
 266    */
 267   typedef enum
 268   {
 269     GNUTLS_COMP_UNKNOWN = 0,
 270     GNUTLS_COMP_NULL = 1,
 271     GNUTLS_COMP_DEFLATE = 2,
 272     GNUTLS_COMP_ZLIB = GNUTLS_COMP_DEFLATE,
 273     GNUTLS_COMP_LZO = 3         /* only available if gnutls-extra has
 274                                    been initialized
 275                                  */
 276   } gnutls_compression_method_t;
 277
 278   /**
 279    * gnutls_connection_end_t:
 280    * @GNUTLS_SERVER: Connection end is a server.
 281    * @GNUTLS_CLIENT: Connection end is a client.
 282    *
 283    * Enumeration of different TLS connection end types.
 284    */
 285   typedef enum
 286   {
 287     GNUTLS_SERVER = 1,
 288     GNUTLS_CLIENT
 289   } gnutls_connection_end_t;
 290
 291   /**
 292    * gnutls_alert_level_t:
 293    * @GNUTLS_AL_WARNING: Alert of warning severity.
 294    * @GNUTLS_AL_FATAL: Alert of fatal severity.
 295    *
 296    * Enumeration of different TLS alert severities.
 297    */
 298   typedef enum
 299   {
 300     GNUTLS_AL_WARNING = 1,
 301     GNUTLS_AL_FATAL
 302   } gnutls_alert_level_t;
 303
 304   /**
 305    * gnutls_alert_description_t:
 306    * @GNUTLS_A_CLOSE_NOTIFY: Close notify.
 307    * @GNUTLS_A_UNEXPECTED_MESSAGE: Unexpected message.
 308    * @GNUTLS_A_BAD_RECORD_MAC: Bad record MAC.
 309    * @GNUTLS_A_DECRYPTION_FAILED: Decryption failed.
 310    * @GNUTLS_A_RECORD_OVERFLOW: Record overflow.
 311    * @GNUTLS_A_DECOMPRESSION_FAILURE: Decompression failed.
 312    * @GNUTLS_A_HANDSHAKE_FAILURE: Handshake failed.
 313    * @GNUTLS_A_SSL3_NO_CERTIFICATE: No certificate.
 314    * @GNUTLS_A_BAD_CERTIFICATE: Certificate is bad.
 315    * @GNUTLS_A_UNSUPPORTED_CERTIFICATE: Certificate is not supported.
 316    * @GNUTLS_A_CERTIFICATE_REVOKED: Certificate was revoked.
 317    * @GNUTLS_A_CERTIFICATE_EXPIRED: Certificate is expired.
 318    * @GNUTLS_A_CERTIFICATE_UNKNOWN: Unknown certificate.
 319    * @GNUTLS_A_ILLEGAL_PARAMETER: Illegal parameter.
 320    * @GNUTLS_A_UNKNOWN_CA: CA is unknown.
 321    * @GNUTLS_A_ACCESS_DENIED: Access was denied.
 322    * @GNUTLS_A_DECODE_ERROR: Decode error.
 323    * @GNUTLS_A_DECRYPT_ERROR: Decrypt error.
 324    * @GNUTLS_A_EXPORT_RESTRICTION: Export restriction.
 325    * @GNUTLS_A_PROTOCOL_VERSION: Error in protocol version.
 326    * @GNUTLS_A_INSUFFICIENT_SECURITY: Insufficient security.
 327    * @GNUTLS_A_USER_CANCELED: User canceled.
 328    * @GNUTLS_A_INTERNAL_ERROR: Internal error.
 329    * @GNUTLS_A_NO_RENEGOTIATION: No renegotiation is allowed.
 330    * @GNUTLS_A_CERTIFICATE_UNOBTAINABLE: Could not retrieve the
 331    *   specified certificate.
 332    * @GNUTLS_A_UNSUPPORTED_EXTENSION: An unsupported extension was
 333    *   sent.
 334    * @GNUTLS_A_UNRECOGNIZED_NAME: The server name sent was not
 335    *   recognized.
 336    * @GNUTLS_A_UNKNOWN_PSK_IDENTITY: The SRP/PSK username is missing
 337    *   or not known.
 338    * @GNUTLS_A_INNER_APPLICATION_FAILURE: Inner application
 339    *   negotiation failed.
 340    * @GNUTLS_A_INNER_APPLICATION_VERIFICATION: Inner application
 341    *   verification failed.
 342    *
 343    * Enumeration of different TLS alerts.
 344    */
 345   typedef enum
 346   {
 347     GNUTLS_A_CLOSE_NOTIFY,
 348     GNUTLS_A_UNEXPECTED_MESSAGE = 10,
 349     GNUTLS_A_BAD_RECORD_MAC = 20,
 350     GNUTLS_A_DECRYPTION_FAILED,
 351     GNUTLS_A_RECORD_OVERFLOW,
 352     GNUTLS_A_DECOMPRESSION_FAILURE = 30,
 353     GNUTLS_A_HANDSHAKE_FAILURE = 40,
 354     GNUTLS_A_SSL3_NO_CERTIFICATE = 41,
 355     GNUTLS_A_BAD_CERTIFICATE = 42,
 356     GNUTLS_A_UNSUPPORTED_CERTIFICATE,
 357     GNUTLS_A_CERTIFICATE_REVOKED,
 358     GNUTLS_A_CERTIFICATE_EXPIRED,
 359     GNUTLS_A_CERTIFICATE_UNKNOWN,
 360     GNUTLS_A_ILLEGAL_PARAMETER,
 361     GNUTLS_A_UNKNOWN_CA,
 362     GNUTLS_A_ACCESS_DENIED,
 363     GNUTLS_A_DECODE_ERROR = 50,
 364     GNUTLS_A_DECRYPT_ERROR,
 365     GNUTLS_A_EXPORT_RESTRICTION = 60,
 366     GNUTLS_A_PROTOCOL_VERSION = 70,
 367     GNUTLS_A_INSUFFICIENT_SECURITY,
 368     GNUTLS_A_INTERNAL_ERROR = 80,
 369     GNUTLS_A_USER_CANCELED = 90,
 370     GNUTLS_A_NO_RENEGOTIATION = 100,
 371     GNUTLS_A_UNSUPPORTED_EXTENSION = 110,
 372     GNUTLS_A_CERTIFICATE_UNOBTAINABLE = 111,
 373     GNUTLS_A_UNRECOGNIZED_NAME = 112,
 374     GNUTLS_A_UNKNOWN_PSK_IDENTITY = 115,
 375     GNUTLS_A_INNER_APPLICATION_FAILURE = 208,
 376     GNUTLS_A_INNER_APPLICATION_VERIFICATION = 209
 377   } gnutls_alert_description_t;
 378
 379   /**
 380    * gnutls_handshake_description_t:
 381    * @GNUTLS_HANDSHAKE_HELLO_REQUEST: Hello request.
 382    * @GNUTLS_HANDSHAKE_CLIENT_HELLO: Client hello.
 383    * @GNUTLS_HANDSHAKE_SERVER_HELLO: Server hello.
 384    * @GNUTLS_HANDSHAKE_NEW_SESSION_TICKET: New session ticket.
 385    * @GNUTLS_HANDSHAKE_CERTIFICATE_PKT: Certificate packet.
 386    * @GNUTLS_HANDSHAKE_SERVER_KEY_EXCHANGE: Server key exchange.
 387    * @GNUTLS_HANDSHAKE_CERTIFICATE_REQUEST: Certificate request.
 388    * @GNUTLS_HANDSHAKE_SERVER_HELLO_DONE: Server hello done.
 389    * @GNUTLS_HANDSHAKE_CERTIFICATE_VERIFY: Certificate verify.
 390    * @GNUTLS_HANDSHAKE_CLIENT_KEY_EXCHANGE: Client key exchange.
 391    * @GNUTLS_HANDSHAKE_FINISHED: Finished.
 392    * @GNUTLS_HANDSHAKE_SUPPLEMENTAL: Supplemental.
 393    *
 394    * Enumeration of different TLS handshake packets.
 395    */
 396   typedef enum
 397   {
 398     GNUTLS_HANDSHAKE_HELLO_REQUEST = 0,
 399     GNUTLS_HANDSHAKE_CLIENT_HELLO = 1,
 400     GNUTLS_HANDSHAKE_SERVER_HELLO = 2,
 401     GNUTLS_HANDSHAKE_NEW_SESSION_TICKET = 4,
 402     GNUTLS_HANDSHAKE_CERTIFICATE_PKT = 11,
 403     GNUTLS_HANDSHAKE_SERVER_KEY_EXCHANGE = 12,
 404     GNUTLS_HANDSHAKE_CERTIFICATE_REQUEST = 13,
 405     GNUTLS_HANDSHAKE_SERVER_HELLO_DONE = 14,
 406     GNUTLS_HANDSHAKE_CERTIFICATE_VERIFY = 15,
 407     GNUTLS_HANDSHAKE_CLIENT_KEY_EXCHANGE = 16,
 408     GNUTLS_HANDSHAKE_FINISHED = 20,
 409     GNUTLS_HANDSHAKE_SUPPLEMENTAL = 23
 410   } gnutls_handshake_description_t;
 411
 412   /**
 413    * gnutls_certificate_status_t:
 414    * @GNUTLS_CERT_INVALID: Will be set if the certificate was not
 415    *   verified.
 416    * @GNUTLS_CERT_REVOKED: Certificate revoked.  In X.509 this will be
 417    *   set only if CRLs are checked.
 418    * @GNUTLS_CERT_SIGNER_NOT_FOUND: Certificate not verified.  Signer
 419    *   not found.
 420    * @GNUTLS_CERT_SIGNER_NOT_CA: Certificate not verified.  Signer
 421    *   not a CA certificate.
 422    * @GNUTLS_CERT_INSECURE_ALGORITHM: Certificate not verified,
 423    *   insecure algorithm.
 424    * @GNUTLS_CERT_NOT_ACTIVATED: Certificate not yet activated.
 425    * @GNUTLS_CERT_EXPIRED: Certificate expired.
 426    *
 427    * Enumeration of certificate status codes.  Note that the status
 428    * bits have different meanings in OpenPGP keys and X.509
 429    * certificate verification.
 430    */
 431   typedef enum
 432   {
 433     GNUTLS_CERT_INVALID = 2,
 434     GNUTLS_CERT_REVOKED = 32,
 435     GNUTLS_CERT_SIGNER_NOT_FOUND = 64,
 436     GNUTLS_CERT_SIGNER_NOT_CA = 128,
 437     GNUTLS_CERT_INSECURE_ALGORITHM = 256,
 438     GNUTLS_CERT_NOT_ACTIVATED = 512,
 439     GNUTLS_CERT_EXPIRED = 1024
 440   } gnutls_certificate_status_t;
 441
 442   /**
 443    * gnutls_certificate_request_t:
 444    * @GNUTLS_CERT_IGNORE: Ignore certificate.
 445    * @GNUTLS_CERT_REQUEST: Request certificate.
 446    * @GNUTLS_CERT_REQUIRE: Require certificate.
 447    *
 448    * Enumeration of certificate request types.
 449    */
 450   typedef enum
 451   {
 452     GNUTLS_CERT_IGNORE = 0,
 453     GNUTLS_CERT_REQUEST = 1,
 454     GNUTLS_CERT_REQUIRE = 2
 455   } gnutls_certificate_request_t;
 456
 457   /**
 458    * gnutls_openpgp_crt_status_t:
 459    * @GNUTLS_OPENPGP_CERT: Send entire certificate.
 460    * @GNUTLS_OPENPGP_CERT_FINGERPRINT: Send only certificate fingerprint.
 461    *
 462    * Enumeration of ways to send OpenPGP certificate.
 463    */
 464   typedef enum
 465   {
 466     GNUTLS_OPENPGP_CERT = 0,
 467     GNUTLS_OPENPGP_CERT_FINGERPRINT = 1
 468   } gnutls_openpgp_crt_status_t;
 469
 470   /**
 471    * gnutls_close_request_t:
 472    * @GNUTLS_SHUT_RDWR: Disallow further receives/sends.
 473    * @GNUTLS_SHUT_WR: Disallow further sends.
 474    *
 475    * Enumeration of how TLS session should be terminated.  See gnutls_bye().
 476    */
 477   typedef enum
 478   {
 479     GNUTLS_SHUT_RDWR = 0,
 480     GNUTLS_SHUT_WR = 1
 481   } gnutls_close_request_t;
 482
 483   /**
 484    * gnutls_protocol_t:
 485    * @GNUTLS_SSL3: SSL version 3.0.
 486    * @GNUTLS_TLS1_0: TLS version 1.0.
 487    * @GNUTLS_TLS1: Same as %GNUTLS_TLS1_0.
 488    * @GNUTLS_TLS1_1: TLS version 1.1.
 489    * @GNUTLS_TLS1_2: TLS version 1.2.
 490    * @GNUTLS_VERSION_MAX: Maps to the highest supported TLS version.
 491    * @GNUTLS_VERSION_UNKNOWN: Unknown SSL/TLS version.
 492    *
 493    * Enumeration of different SSL/TLS protocol versions.
 494    */
 495   typedef enum
 496   {
 497     GNUTLS_SSL3 = 1,
 498     GNUTLS_TLS1_0 = 2,
 499     GNUTLS_TLS1 = GNUTLS_TLS1_0,
 500     GNUTLS_TLS1_1 = 3,
 501     GNUTLS_TLS1_2 = 4,
 502     GNUTLS_VERSION_MAX = GNUTLS_TLS1_2,
 503     GNUTLS_VERSION_UNKNOWN = 0xff
 504   } gnutls_protocol_t;
 505
 506   /**
 507    * gnutls_certificate_type_t:
 508    * @GNUTLS_CRT_UNKNOWN: Unknown certificate type.
 509    * @GNUTLS_CRT_X509: X.509 Certificate.
 510    * @GNUTLS_CRT_OPENPGP: OpenPGP certificate.
 511    *
 512    * Enumeration of different certificate types.
 513    */
 514   typedef enum
 515   {
 516     GNUTLS_CRT_UNKNOWN = 0,
 517     GNUTLS_CRT_X509 = 1,
 518     GNUTLS_CRT_OPENPGP = 2
 519   } gnutls_certificate_type_t;
 520
 521   /**
 522    * gnutls_x509_crt_fmt_t:
 523    * @GNUTLS_X509_FMT_DER: X.509 certificate in DER format (binary).
 524    * @GNUTLS_X509_FMT_PEM: X.509 certificate in PEM format (text).
 525    *
 526    * Enumeration of different certificate encoding formats.
 527    */
 528   typedef enum
 529   {
 530     GNUTLS_X509_FMT_DER = 0,
 531     GNUTLS_X509_FMT_PEM = 1
 532   } gnutls_x509_crt_fmt_t;
 533
 534   /**
 535    * gnutls_certificate_print_formats_t:
 536    * @GNUTLS_CRT_PRINT_FULL: Full information about certificate.
 537    * @GNUTLS_CRT_PRINT_ONELINE: Information about certificate in one line.
 538    * @GNUTLS_CRT_PRINT_UNSIGNED_FULL: All info for an unsigned certificate.
 539    *
 540    * Enumeration of different certificate printing variants.
 541    */
 542   typedef enum gnutls_certificate_print_formats
 543   {
 544     GNUTLS_CRT_PRINT_FULL = 0,
 545     GNUTLS_CRT_PRINT_ONELINE = 1,
 546     GNUTLS_CRT_PRINT_UNSIGNED_FULL = 2
 547   } gnutls_certificate_print_formats_t;
 548
 549   /**
 550    * gnutls_pk_algorithm_t:
 551    * @GNUTLS_PK_UNKNOWN: Unknown public-key algorithm.
 552    * @GNUTLS_PK_RSA: RSA public-key algorithm.
 553    * @GNUTLS_PK_DSA: DSA public-key algorithm.
 554    * @GNUTLS_PK_DH: Diffie-Hellman algorithm. Used to generate parameters.
 555    *
 556    * Enumeration of different public-key algorithms.
 557    */
 558   typedef enum
 559   {
 560     GNUTLS_PK_UNKNOWN = 0,
 561     GNUTLS_PK_RSA = 1,
 562     GNUTLS_PK_DSA = 2,
 563     GNUTLS_PK_DH = 3
 564   } gnutls_pk_algorithm_t;
 565
 566   const char *gnutls_pk_algorithm_get_name (gnutls_pk_algorithm_t algorithm);
 567
 568   /**
 569    * gnutls_sign_algorithm_t:
 570    * @GNUTLS_SIGN_UNKNOWN: Unknown signature algorithm.
 571    * @GNUTLS_SIGN_RSA_SHA1: Digital signature algorithm RSA with SHA-1
 572    * @GNUTLS_SIGN_RSA_SHA: Same as %GNUTLS_SIGN_RSA_SHA1.
 573    * @GNUTLS_SIGN_DSA_SHA1: Digital signature algorithm DSA with SHA-1
 574    * @GNUTLS_SIGN_DSA_SHA224: Digital signature algorithm DSA with SHA-224
 575    * @GNUTLS_SIGN_DSA_SHA256: Digital signature algorithm DSA with SHA-256
 576    * @GNUTLS_SIGN_DSA_SHA: Same as %GNUTLS_SIGN_DSA_SHA1.
 577    * @GNUTLS_SIGN_RSA_MD5: Digital signature algorithm RSA with MD5.
 578    * @GNUTLS_SIGN_RSA_MD2: Digital signature algorithm RSA with MD2.
 579    * @GNUTLS_SIGN_RSA_RMD160: Digital signature algorithm RSA with RMD-160.
 580    * @GNUTLS_SIGN_RSA_SHA256: Digital signature algorithm RSA with SHA-256.
 581    * @GNUTLS_SIGN_RSA_SHA384: Digital signature algorithm RSA with SHA-384.
 582    * @GNUTLS_SIGN_RSA_SHA512: Digital signature algorithm RSA with SHA-512.
 583    * @GNUTLS_SIGN_RSA_SHA224: Digital signature algorithm RSA with SHA-224.
 584    *
 585    * Enumeration of different digital signature algorithms.
 586    */
 587   typedef enum
 588   {
 589     GNUTLS_SIGN_UNKNOWN = 0,
 590     GNUTLS_SIGN_RSA_SHA1 = 1,
 591     GNUTLS_SIGN_RSA_SHA = GNUTLS_SIGN_RSA_SHA1,
 592     GNUTLS_SIGN_DSA_SHA1 = 2,
 593     GNUTLS_SIGN_DSA_SHA = GNUTLS_SIGN_DSA_SHA1,
 594     GNUTLS_SIGN_RSA_MD5 = 3,
 595     GNUTLS_SIGN_RSA_MD2 = 4,
 596     GNUTLS_SIGN_RSA_RMD160 = 5,
 597     GNUTLS_SIGN_RSA_SHA256 = 6,
 598     GNUTLS_SIGN_RSA_SHA384 = 7,
 599     GNUTLS_SIGN_RSA_SHA512 = 8,
 600     GNUTLS_SIGN_RSA_SHA224 = 9,
 601     GNUTLS_SIGN_DSA_SHA224 = 10,
 602     GNUTLS_SIGN_DSA_SHA256 = 11
 603   } gnutls_sign_algorithm_t;
 604
 605   const char *gnutls_sign_algorithm_get_name (gnutls_sign_algorithm_t sign);
 606
 607   /**
 608    * gnutls_sec_param_t:
 609    * @GNUTLS_SEC_PARAM_UNKNOWN: Cannot be known
 610    * @GNUTLS_SEC_PARAM_WEAK: 50 or less bits of security
 611    * @GNUTLS_SEC_PARAM_LOW: 80 bits of security
 612    * @GNUTLS_SEC_PARAM_NORMAL: 112 bits of security
 613    * @GNUTLS_SEC_PARAM_HIGH: 128 bits of security
 614    * @GNUTLS_SEC_PARAM_ULTRA: 192 bits of security
 615    *
 616    * Enumeration of security parameters for passive attacks
 617    */
 618   typedef enum
 619   {
 620     GNUTLS_SEC_PARAM_UNKNOWN,
 621     GNUTLS_SEC_PARAM_WEAK,
 622     GNUTLS_SEC_PARAM_LOW,
 623     GNUTLS_SEC_PARAM_NORMAL,
 624     GNUTLS_SEC_PARAM_HIGH,
 625     GNUTLS_SEC_PARAM_ULTRA
 626   } gnutls_sec_param_t;
 627
 628   /**
 629    * gnutls_channel_binding_t:
 630    * @GNUTLS_CB_TLS_UNIQUE: "tls-unique" (RFC 5929) channel binding
 631    *
 632    * Enumeration of support channel binding types.
 633    */
 634   typedef enum
 635   {
 636     GNUTLS_CB_TLS_UNIQUE
 637   } gnutls_channel_binding_t;
 638
 639 /* If you want to change this, then also change the define in
 640  * gnutls_int.h, and recompile.
 641  */
 642   typedef void *gnutls_transport_ptr_t;
 643
 644   struct gnutls_session_int;
 645   typedef struct gnutls_session_int *gnutls_session_t;
 646
 647   struct gnutls_dh_params_int;
 648   typedef struct gnutls_dh_params_int *gnutls_dh_params_t;
 649
 650   /* XXX ugly. */
 651   struct gnutls_x509_privkey_int;
 652   typedef struct gnutls_x509_privkey_int *gnutls_rsa_params_t;
 653
 654   struct gnutls_priority_st;
 655   typedef struct gnutls_priority_st *gnutls_priority_t;
 656
 657   typedef struct
 658   {
 659     unsigned char *data;
 660     unsigned int size;
 661   } gnutls_datum_t;
 662
 663
 664   typedef struct gnutls_params_st
 665   {
 666     gnutls_params_type_t type;
 667     union params
 668     {
 669       gnutls_dh_params_t dh;
 670       gnutls_rsa_params_t rsa_export;
 671     } params;
 672     int deinit;
 673   } gnutls_params_st;
 674
 675   typedef int gnutls_params_function (gnutls_session_t, gnutls_params_type_t,
 676                                       gnutls_params_st *);
 677
 678 /* internal functions */
 679
 680   int gnutls_init (gnutls_session_t * session,
 681                    gnutls_connection_end_t con_end);
 682   void gnutls_deinit (gnutls_session_t session);
 683 #define _gnutls_deinit(x) gnutls_deinit(x)
 684
 685   int gnutls_bye (gnutls_session_t session, gnutls_close_request_t how);
 686
 687   int gnutls_handshake (gnutls_session_t session);
 688   int gnutls_rehandshake (gnutls_session_t session);
 689
 690   gnutls_alert_description_t gnutls_alert_get (gnutls_session_t session);
 691   int gnutls_alert_send (gnutls_session_t session,
 692                          gnutls_alert_level_t level,
 693                          gnutls_alert_description_t desc);
 694   int gnutls_alert_send_appropriate (gnutls_session_t session, int err);
 695   const char *gnutls_alert_get_name (gnutls_alert_description_t alert);
 696
 697   gnutls_sec_param_t gnutls_pk_bits_to_sec_param (gnutls_pk_algorithm_t algo,
 698                                                   unsigned int bits);
 699   const char *gnutls_sec_param_get_name (gnutls_sec_param_t param);
 700   unsigned int gnutls_sec_param_to_pk_bits (gnutls_pk_algorithm_t algo,
 701                                             gnutls_sec_param_t param);
 702
 703 /* get information on the current session */
 704   gnutls_cipher_algorithm_t gnutls_cipher_get (gnutls_session_t session);
 705   gnutls_kx_algorithm_t gnutls_kx_get (gnutls_session_t session);
 706   gnutls_mac_algorithm_t gnutls_mac_get (gnutls_session_t session);
 707     gnutls_compression_method_t
 708     gnutls_compression_get (gnutls_session_t session);
 709     gnutls_certificate_type_t
 710     gnutls_certificate_type_get (gnutls_session_t session);
 711   int gnutls_sign_algorithm_get_requested (gnutls_session_t session,
 712                                            size_t indx,
 713                                            gnutls_sign_algorithm_t * algo);
 714
 715   size_t gnutls_cipher_get_key_size (gnutls_cipher_algorithm_t algorithm);
 716   size_t gnutls_mac_get_key_size (gnutls_mac_algorithm_t algorithm);
 717
 718 /* the name of the specified algorithms */
 719   const char *gnutls_cipher_get_name (gnutls_cipher_algorithm_t algorithm);
 720   const char *gnutls_mac_get_name (gnutls_mac_algorithm_t algorithm);
 721   const char *gnutls_compression_get_name (gnutls_compression_method_t
 722                                            algorithm);
 723   const char *gnutls_kx_get_name (gnutls_kx_algorithm_t algorithm);
 724   const char *gnutls_certificate_type_get_name (gnutls_certificate_type_t
 725                                                 type);
 726   const char *gnutls_pk_get_name (gnutls_pk_algorithm_t algorithm);
 727   const char *gnutls_sign_get_name (gnutls_sign_algorithm_t algorithm);
 728
 729   gnutls_mac_algorithm_t gnutls_mac_get_id (const char *name);
 730   gnutls_compression_method_t gnutls_compression_get_id (const char *name);
 731   gnutls_cipher_algorithm_t gnutls_cipher_get_id (const char *name);
 732   gnutls_kx_algorithm_t gnutls_kx_get_id (const char *name);
 733   gnutls_protocol_t gnutls_protocol_get_id (const char *name);
 734   gnutls_certificate_type_t gnutls_certificate_type_get_id (const char *name);
 735   gnutls_pk_algorithm_t gnutls_pk_get_id (const char *name);
 736   gnutls_sign_algorithm_t gnutls_sign_get_id (const char *name);
 737
 738   /* list supported algorithms */
 739   const gnutls_cipher_algorithm_t *gnutls_cipher_list (void);
 740   const gnutls_mac_algorithm_t *gnutls_mac_list (void);
 741   const gnutls_compression_method_t *gnutls_compression_list (void);
 742   const gnutls_protocol_t *gnutls_protocol_list (void);
 743   const gnutls_certificate_type_t *gnutls_certificate_type_list (void);
 744   const gnutls_kx_algorithm_t *gnutls_kx_list (void);
 745   const gnutls_pk_algorithm_t *gnutls_pk_list (void);
 746   const gnutls_sign_algorithm_t *gnutls_sign_list (void);
 747   const char *gnutls_cipher_suite_info (size_t idx,
 748                                         char *cs_id,
 749                                         gnutls_kx_algorithm_t * kx,
 750                                         gnutls_cipher_algorithm_t * cipher,
 751                                         gnutls_mac_algorithm_t * mac,
 752                                         gnutls_protocol_t * version);
 753
 754   /* error functions */
 755   int gnutls_error_is_fatal (int error);
 756   int gnutls_error_to_alert (int err, int *level);
 757
 758   void gnutls_perror (int error);
 759   const char *gnutls_strerror (int error);
 760   const char *gnutls_strerror_name (int error);
 761
 762 /* Semi-internal functions.
 763  */
 764   void gnutls_handshake_set_private_extensions (gnutls_session_t session,
 765                                                 int allow);
 766     gnutls_handshake_description_t
 767     gnutls_handshake_get_last_out (gnutls_session_t session);
 768     gnutls_handshake_description_t
 769     gnutls_handshake_get_last_in (gnutls_session_t session);
 770
 771 /* Record layer functions.
 772  */
 773   ssize_t gnutls_record_send (gnutls_session_t session, const void *data,
 774                               size_t sizeofdata);
 775   ssize_t gnutls_record_recv (gnutls_session_t session, void *data,
 776                               size_t sizeofdata);
 777 #define gnutls_read gnutls_record_recv
 778 #define gnutls_write gnutls_record_send
 779
 780   void gnutls_session_enable_compatibility_mode (gnutls_session_t session);
 781
 782   void gnutls_record_disable_padding (gnutls_session_t session);
 783
 784   int gnutls_record_get_direction (gnutls_session_t session);
 785
 786   size_t gnutls_record_get_max_size (gnutls_session_t session);
 787   ssize_t gnutls_record_set_max_size (gnutls_session_t session, size_t size);
 788
 789   size_t gnutls_record_check_pending (gnutls_session_t session);
 790
 791   int gnutls_prf (gnutls_session_t session,
 792                   size_t label_size, const char *label,
 793                   int server_random_first,
 794                   size_t extra_size, const char *extra,
 795                   size_t outsize, char *out);
 796
 797   int gnutls_prf_raw (gnutls_session_t session,
 798                       size_t label_size, const char *label,
 799                       size_t seed_size, const char *seed,
 800                       size_t outsize, char *out);
 801
 802 /* TLS Extensions */
 803
 804   typedef int (*gnutls_ext_recv_func) (gnutls_session_t session,
 805                                        const unsigned char *data, size_t len);
 806   typedef int (*gnutls_ext_send_func) (gnutls_session_t session,
 807                                        unsigned char *data, size_t len);
 808
 809   /**
 810    * gnutls_ext_parse_type_t:
 811    * @GNUTLS_EXT_NONE: Never parsed
 812    * @GNUTLS_EXT_ANY: Any extension type.
 813    * @GNUTLS_EXT_APPLICATION: Application extension.
 814    * @GNUTLS_EXT_TLS: TLS-internal extension.
 815    * @GNUTLS_EXT_MANDATORY: Extension parsed even if resuming (or extensions are disabled).
 816    *
 817    * Enumeration of different TLS extension types.  This flag
 818    * indicates for an extension whether it is useful to application
 819    * level or TLS level only.  This is (only) used to parse the
 820    * application level extensions before the "client_hello" callback
 821    * is called.
 822    */
 823   typedef enum
 824   {
 825     GNUTLS_EXT_ANY = 0,
 826     GNUTLS_EXT_APPLICATION = 1,
 827     GNUTLS_EXT_TLS = 2,
 828     GNUTLS_EXT_MANDATORY = 3,
 829     GNUTLS_EXT_NONE = 4
 830   } gnutls_ext_parse_type_t;
 831
 832
 833   /**
 834    * gnutls_server_name_type_t:
 835    * @GNUTLS_NAME_DNS: Domain Name System name type.
 836    *
 837    * Enumeration of different server name types.
 838    */
 839   typedef enum
 840   {
 841     GNUTLS_NAME_DNS = 1
 842   } gnutls_server_name_type_t;
 843
 844   int gnutls_server_name_set (gnutls_session_t session,
 845                               gnutls_server_name_type_t type,
 846                               const void *name, size_t name_length);
 847
 848   int gnutls_server_name_get (gnutls_session_t session,
 849                               void *data, size_t * data_length,
 850                               unsigned int *type, unsigned int indx);
 851
 852   /* Safe renegotiation */
 853   int gnutls_safe_renegotiation_status (gnutls_session_t session);
 854
 855   /**
 856    * gnutls_supplemental_data_format_type_t:
 857    * @GNUTLS_SUPPLEMENTAL_USER_MAPPING_DATA: Supplemental user mapping data.
 858    *
 859    * Enumeration of different supplemental data types (RFC 4680).
 860    */
 861   typedef enum
 862   {
 863     GNUTLS_SUPPLEMENTAL_USER_MAPPING_DATA = 0
 864   } gnutls_supplemental_data_format_type_t;
 865
 866   const char
 867     *gnutls_supplemental_get_name (gnutls_supplemental_data_format_type_t
 868                                    type);
 869
 870   /* SessionTicket, RFC 5077. */
 871   int gnutls_session_ticket_key_generate (gnutls_datum_t * key);
 872   int gnutls_session_ticket_enable_client (gnutls_session_t session);
 873   int gnutls_session_ticket_enable_server (gnutls_session_t session,
 874                                            const gnutls_datum_t * key);
 875
 876 /* if you just want some defaults, use the following.
 877  */
 878   int gnutls_priority_init (gnutls_priority_t * priority_cache,
 879                             const char *priorities, const char **err_pos);
 880   void gnutls_priority_deinit (gnutls_priority_t priority_cache);
 881
 882   int gnutls_priority_set (gnutls_session_t session,
 883                            gnutls_priority_t priority);
 884   int gnutls_priority_set_direct (gnutls_session_t session,
 885                                   const char *priorities,
 886                                   const char **err_pos);
 887
 888   /* for compatibility
 889    */
 890   int gnutls_set_default_priority (gnutls_session_t session);
 891   int gnutls_set_default_export_priority (gnutls_session_t session);
 892
 893 /* Returns the name of a cipher suite */
 894   const char *gnutls_cipher_suite_get_name (gnutls_kx_algorithm_t
 895                                             kx_algorithm,
 896                                             gnutls_cipher_algorithm_t
 897                                             cipher_algorithm,
 898                                             gnutls_mac_algorithm_t
 899                                             mac_algorithm);
 900
 901 /* get the currently used protocol version */
 902   gnutls_protocol_t gnutls_protocol_get_version (gnutls_session_t session);
 903
 904   const char *gnutls_protocol_get_name (gnutls_protocol_t version);
 905
 906
 907 /* get/set session
 908  */
 909   int gnutls_session_set_data (gnutls_session_t session,
 910                                const void *session_data,
 911                                size_t session_data_size);
 912   int gnutls_session_get_data (gnutls_session_t session, void *session_data,
 913                                size_t * session_data_size);
 914   int gnutls_session_get_data2 (gnutls_session_t session,
 915                                 gnutls_datum_t * data);
 916
 917 /* returns the session ID */
 918 #define GNUTLS_MAX_SESSION_ID 32
 919   int gnutls_session_get_id (gnutls_session_t session, void *session_id,
 920                              size_t * session_id_size);
 921
 922
 923   int gnutls_session_channel_binding (gnutls_session_t session,
 924                                       gnutls_channel_binding_t cbtype,
 925                                       gnutls_datum_t * cb);
 926
 927 /* checks if this session is a resumed one
 928  */
 929   int gnutls_session_is_resumed (gnutls_session_t session);
 930
 931   typedef int (*gnutls_db_store_func) (void *, gnutls_datum_t key,
 932                                        gnutls_datum_t data);
 933   typedef int (*gnutls_db_remove_func) (void *, gnutls_datum_t key);
 934   typedef gnutls_datum_t (*gnutls_db_retr_func) (void *, gnutls_datum_t key);
 935
 936   void gnutls_db_set_cache_expiration (gnutls_session_t session, int seconds);
 937
 938   void gnutls_db_remove_session (gnutls_session_t session);
 939   void gnutls_db_set_retrieve_function (gnutls_session_t session,
 940                                         gnutls_db_retr_func retr_func);
 941   void gnutls_db_set_remove_function (gnutls_session_t session,
 942                                       gnutls_db_remove_func rem_func);
 943   void gnutls_db_set_store_function (gnutls_session_t session,
 944                                      gnutls_db_store_func store_func);
 945   void gnutls_db_set_ptr (gnutls_session_t session, void *ptr);
 946   void *gnutls_db_get_ptr (gnutls_session_t session);
 947   int gnutls_db_check_entry (gnutls_session_t session,
 948                              gnutls_datum_t session_entry);
 949
 950   typedef int (*gnutls_handshake_post_client_hello_func) (gnutls_session_t);
 951   void
 952     gnutls_handshake_set_post_client_hello_function (gnutls_session_t session,
 953                                                      gnutls_handshake_post_client_hello_func
 954                                                      func);
 955
 956   void gnutls_handshake_set_max_packet_length (gnutls_session_t session,
 957                                                size_t max);
 958
 959 /* returns libgnutls version (call it with a NULL argument)
 960  */
 961   const char *gnutls_check_version (const char *req_version);
 962
 963 /* Functions for setting/clearing credentials
 964  */
 965   void gnutls_credentials_clear (gnutls_session_t session);
 966
 967 /* cred is a structure defined by the kx algorithm
 968  */
 969   int gnutls_credentials_set (gnutls_session_t session,
 970                               gnutls_credentials_type_t type, void *cred);
 971 #define gnutls_cred_set gnutls_credentials_set
 972
 973 /* Credential structures - used in gnutls_credentials_set(); */
 974
 975   struct gnutls_certificate_credentials_st;
 976   typedef struct gnutls_certificate_credentials_st
 977     *gnutls_certificate_credentials_t;
 978   typedef gnutls_certificate_credentials_t
 979     gnutls_certificate_server_credentials;
 980   typedef gnutls_certificate_credentials_t
 981     gnutls_certificate_client_credentials;
 982
 983   typedef struct gnutls_anon_server_credentials_st
 984     *gnutls_anon_server_credentials_t;
 985   typedef struct gnutls_anon_client_credentials_st
 986     *gnutls_anon_client_credentials_t;
 987
 988   void gnutls_anon_free_server_credentials (gnutls_anon_server_credentials_t
 989                                             sc);
 990   int
 991     gnutls_anon_allocate_server_credentials (gnutls_anon_server_credentials_t
 992                                              * sc);
 993
 994   void gnutls_anon_set_server_dh_params (gnutls_anon_server_credentials_t res,
 995                                          gnutls_dh_params_t dh_params);
 996
 997   void
 998     gnutls_anon_set_server_params_function (gnutls_anon_server_credentials_t
 999                                             res,
1000                                             gnutls_params_function * func);
1001
1002   void
1003     gnutls_anon_free_client_credentials (gnutls_anon_client_credentials_t sc);
1004   int
1005     gnutls_anon_allocate_client_credentials (gnutls_anon_client_credentials_t
1006                                              * sc);
1007
1008 /* CERTFILE is an x509 certificate in PEM form.
1009  * KEYFILE is a pkcs-1 private key in PEM form (for RSA keys).
1010  */
1011   void
1012     gnutls_certificate_free_credentials (gnutls_certificate_credentials_t sc);
1013   int
1014     gnutls_certificate_allocate_credentials (gnutls_certificate_credentials_t
1015                                              * res);
1016
1017   void gnutls_certificate_free_keys (gnutls_certificate_credentials_t sc);
1018   void gnutls_certificate_free_cas (gnutls_certificate_credentials_t sc);
1019   void gnutls_certificate_free_ca_names (gnutls_certificate_credentials_t sc);
1020   void gnutls_certificate_free_crls (gnutls_certificate_credentials_t sc);
1021
1022   void gnutls_certificate_set_dh_params (gnutls_certificate_credentials_t res,
1023                                          gnutls_dh_params_t dh_params);
1024   void
1025     gnutls_certificate_set_rsa_export_params (gnutls_certificate_credentials_t
1026                                               res,
1027                                               gnutls_rsa_params_t rsa_params);
1028   void gnutls_certificate_set_verify_flags (gnutls_certificate_credentials_t
1029                                             res, unsigned int flags);
1030   void gnutls_certificate_set_verify_limits (gnutls_certificate_credentials_t
1031                                              res, unsigned int max_bits,
1032                                              unsigned int max_depth);
1033
1034   int
1035     gnutls_certificate_set_x509_trust_file (gnutls_certificate_credentials_t
1036                                             res, const char *cafile,
1037                                             gnutls_x509_crt_fmt_t type);
1038   int gnutls_certificate_set_x509_trust_mem (gnutls_certificate_credentials_t
1039                                              res, const gnutls_datum_t * ca,
1040                                              gnutls_x509_crt_fmt_t type);
1041
1042   int
1043     gnutls_certificate_set_x509_crl_file (gnutls_certificate_credentials_t
1044                                           res, const char *crlfile,
1045                                           gnutls_x509_crt_fmt_t type);
1046   int gnutls_certificate_set_x509_crl_mem (gnutls_certificate_credentials_t
1047                                            res, const gnutls_datum_t * CRL,
1048                                            gnutls_x509_crt_fmt_t type);
1049
1050   int
1051     gnutls_certificate_set_x509_key_file (gnutls_certificate_credentials_t
1052                                           res, const char *certfile,
1053                                           const char *keyfile,
1054                                           gnutls_x509_crt_fmt_t type);
1055   int gnutls_certificate_set_x509_key_mem (gnutls_certificate_credentials_t
1056                                            res, const gnutls_datum_t * cert,
1057                                            const gnutls_datum_t * key,
1058                                            gnutls_x509_crt_fmt_t type);
1059
1060   void gnutls_certificate_send_x509_rdn_sequence (gnutls_session_t session,
1061                                                   int status);
1062
1063   int gnutls_certificate_set_x509_simple_pkcs12_file
1064     (gnutls_certificate_credentials_t res, const char *pkcs12file,
1065      gnutls_x509_crt_fmt_t type, const char *password);
1066   int gnutls_certificate_set_x509_simple_pkcs12_mem
1067     (gnutls_certificate_credentials_t res, const gnutls_datum_t * p12blob,
1068      gnutls_x509_crt_fmt_t type, const char *password);
1069
1070 /* New functions to allow setting already parsed X.509 stuff.
1071  */
1072   struct gnutls_x509_privkey_int;
1073   typedef struct gnutls_x509_privkey_int *gnutls_x509_privkey_t;
1074
1075   struct gnutls_x509_crl_int;
1076   typedef struct gnutls_x509_crl_int *gnutls_x509_crl_t;
1077
1078   struct gnutls_x509_crt_int;
1079   typedef struct gnutls_x509_crt_int *gnutls_x509_crt_t;
1080
1081   struct gnutls_x509_crq_int;
1082   typedef struct gnutls_x509_crq_int *gnutls_x509_crq_t;
1083
1084   struct gnutls_openpgp_keyring_int;
1085   typedef struct gnutls_openpgp_keyring_int *gnutls_openpgp_keyring_t;
1086
1087   int
1088     gnutls_certificate_get_issuer (gnutls_certificate_credentials_t sc,
1089     gnutls_x509_crt_t cert, gnutls_x509_crt_t* issuer, unsigned int flags);
1090
1091   int gnutls_certificate_set_x509_key (gnutls_certificate_credentials_t res,
1092                                        gnutls_x509_crt_t * cert_list,
1093                                        int cert_list_size,
1094                                        gnutls_x509_privkey_t key);
1095   int gnutls_certificate_set_x509_trust (gnutls_certificate_credentials_t res,
1096                                          gnutls_x509_crt_t * ca_list,
1097                                          int ca_list_size);
1098   int gnutls_certificate_set_x509_crl (gnutls_certificate_credentials_t res,
1099                                        gnutls_x509_crl_t * crl_list,
1100                                        int crl_list_size);
1101
1102
1103
1104 /* global state functions
1105  */
1106   int gnutls_global_init (void);
1107   void gnutls_global_deinit (void);
1108
1109   typedef time_t (*gnutls_time_func) (time_t *t);
1110   typedef int (*mutex_init_func) (void **mutex);
1111   typedef int (*mutex_lock_func) (void **mutex);
1112   typedef int (*mutex_unlock_func) (void **mutex);
1113   typedef int (*mutex_deinit_func) (void **mutex);
1114
1115   void gnutls_global_set_mutex (mutex_init_func init, mutex_deinit_func deinit,
1116                                 mutex_lock_func lock, mutex_unlock_func unlock);
1117
1118   typedef void *(*gnutls_alloc_function) (size_t);
1119   typedef void *(*gnutls_calloc_function) (size_t, size_t);
1120   typedef int (*gnutls_is_secure_function) (const void *);
1121   typedef void (*gnutls_free_function) (void *);
1122   typedef void *(*gnutls_realloc_function) (void *, size_t);
1123
1124   void
1125     gnutls_global_set_mem_functions (gnutls_alloc_function alloc_func,
1126                                      gnutls_alloc_function secure_alloc_func,
1127                                      gnutls_is_secure_function is_secure_func,
1128                                      gnutls_realloc_function realloc_func,
1129                                      gnutls_free_function free_func);
1130
1131   void gnutls_global_set_time_function (gnutls_time_func);
1132
1133 /* For use in callbacks */
1134   extern gnutls_alloc_function gnutls_malloc;
1135   extern gnutls_alloc_function gnutls_secure_malloc;
1136   extern gnutls_realloc_function gnutls_realloc;
1137   extern gnutls_calloc_function gnutls_calloc;
1138   extern gnutls_free_function gnutls_free;
1139
1140   extern char *(*gnutls_strdup) (const char *);
1141
1142   typedef void (*gnutls_log_func) (int, const char *);
1143   void gnutls_global_set_log_function (gnutls_log_func log_func);
1144   void gnutls_global_set_log_level (int level);
1145
1146 /* Diffie-Hellman parameter handling.
1147  */
1148   int gnutls_dh_params_init (gnutls_dh_params_t * dh_params);
1149   void gnutls_dh_params_deinit (gnutls_dh_params_t dh_params);
1150   int gnutls_dh_params_import_raw (gnutls_dh_params_t dh_params,
1151                                    const gnutls_datum_t * prime,
1152                                    const gnutls_datum_t * generator);
1153   int gnutls_dh_params_import_pkcs3 (gnutls_dh_params_t params,
1154                                      const gnutls_datum_t * pkcs3_params,
1155                                      gnutls_x509_crt_fmt_t format);
1156   int gnutls_dh_params_generate2 (gnutls_dh_params_t params,
1157                                   unsigned int bits);
1158   int gnutls_dh_params_export_pkcs3 (gnutls_dh_params_t params,
1159                                      gnutls_x509_crt_fmt_t format,
1160                                      unsigned char *params_data,
1161                                      size_t * params_data_size);
1162   int gnutls_dh_params_export_raw (gnutls_dh_params_t params,
1163                                    gnutls_datum_t * prime,
1164                                    gnutls_datum_t * generator,
1165                                    unsigned int *bits);
1166   int gnutls_dh_params_cpy (gnutls_dh_params_t dst, gnutls_dh_params_t src);
1167
1168
1169 /* RSA params
1170  */
1171   int gnutls_rsa_params_init (gnutls_rsa_params_t * rsa_params);
1172   void gnutls_rsa_params_deinit (gnutls_rsa_params_t rsa_params);
1173   int gnutls_rsa_params_cpy (gnutls_rsa_params_t dst,
1174                              gnutls_rsa_params_t src);
1175   int gnutls_rsa_params_import_raw (gnutls_rsa_params_t rsa_params,
1176                                     const gnutls_datum_t * m,
1177                                     const gnutls_datum_t * e,
1178                                     const gnutls_datum_t * d,
1179                                     const gnutls_datum_t * p,
1180                                     const gnutls_datum_t * q,
1181                                     const gnutls_datum_t * u);
1182   int gnutls_rsa_params_generate2 (gnutls_rsa_params_t params,
1183                                    unsigned int bits);
1184   int gnutls_rsa_params_export_raw (gnutls_rsa_params_t params,
1185                                     gnutls_datum_t * m, gnutls_datum_t * e,
1186                                     gnutls_datum_t * d, gnutls_datum_t * p,
1187                                     gnutls_datum_t * q, gnutls_datum_t * u,
1188                                     unsigned int *bits);
1189   int gnutls_rsa_params_export_pkcs1 (gnutls_rsa_params_t params,
1190                                       gnutls_x509_crt_fmt_t format,
1191                                       unsigned char *params_data,
1192                                       size_t * params_data_size);
1193   int gnutls_rsa_params_import_pkcs1 (gnutls_rsa_params_t params,
1194                                       const gnutls_datum_t * pkcs1_params,
1195                                       gnutls_x509_crt_fmt_t format);
1196
1197 /* Session stuff
1198  */
1199   typedef struct
1200   {
1201     void *iov_base;             /* Starting address */
1202     size_t iov_len;             /* Number of bytes to transfer */
1203   } giovec_t;
1204
1205   typedef ssize_t (*gnutls_pull_func) (gnutls_transport_ptr_t, void *,
1206                                        size_t);
1207   typedef ssize_t (*gnutls_push_func) (gnutls_transport_ptr_t, const void *,
1208                                        size_t);
1209
1210   typedef ssize_t (*gnutls_vec_push_func) (gnutls_transport_ptr_t,
1211                                            const giovec_t * iov, int iovcnt);
1212
1213   typedef int (*gnutls_errno_func) (gnutls_transport_ptr_t);
1214
1215   void gnutls_transport_set_ptr (gnutls_session_t session,
1216                                  gnutls_transport_ptr_t ptr);
1217   void gnutls_transport_set_ptr2 (gnutls_session_t session,
1218                                   gnutls_transport_ptr_t recv_ptr,
1219                                   gnutls_transport_ptr_t send_ptr);
1220
1221   gnutls_transport_ptr_t gnutls_transport_get_ptr (gnutls_session_t session);
1222   void gnutls_transport_get_ptr2 (gnutls_session_t session,
1223                                   gnutls_transport_ptr_t * recv_ptr,
1224                                   gnutls_transport_ptr_t * send_ptr);
1225
1226
1227
1228   void gnutls_transport_set_vec_push_function (gnutls_session_t session,
1229                                             gnutls_vec_push_func vec_func);
1230   void gnutls_transport_set_push_function (gnutls_session_t session,
1231                                            gnutls_push_func push_func);
1232   void gnutls_transport_set_pull_function (gnutls_session_t session,
1233                                            gnutls_pull_func pull_func);
1234
1235   void gnutls_transport_set_errno_function (gnutls_session_t session,
1236                                             gnutls_errno_func errno_func);
1237
1238   void gnutls_transport_set_errno (gnutls_session_t session, int err);
1239
1240 /* session specific
1241  */
1242   void gnutls_session_set_ptr (gnutls_session_t session, void *ptr);
1243   void *gnutls_session_get_ptr (gnutls_session_t session);
1244
1245   void gnutls_openpgp_send_cert (gnutls_session_t session,
1246                                  gnutls_openpgp_crt_status_t status);
1247
1248 /* fingerprint
1249  * Actually this function returns the hash of the given data.
1250  */
1251   int gnutls_fingerprint (gnutls_digest_algorithm_t algo,
1252                           const gnutls_datum_t * data, void *result,
1253                           size_t * result_size);
1254
1255
1256 /* SRP
1257  */
1258
1259   typedef struct gnutls_srp_server_credentials_st
1260     *gnutls_srp_server_credentials_t;
1261   typedef struct gnutls_srp_client_credentials_st
1262     *gnutls_srp_client_credentials_t;
1263
1264   void
1265     gnutls_srp_free_client_credentials (gnutls_srp_client_credentials_t sc);
1266   int
1267     gnutls_srp_allocate_client_credentials (gnutls_srp_client_credentials_t *
1268                                             sc);
1269   int gnutls_srp_set_client_credentials (gnutls_srp_client_credentials_t res,
1270                                          const char *username,
1271                                          const char *password);
1272
1273   void
1274     gnutls_srp_free_server_credentials (gnutls_srp_server_credentials_t sc);
1275   int
1276     gnutls_srp_allocate_server_credentials (gnutls_srp_server_credentials_t *
1277                                             sc);
1278   int gnutls_srp_set_server_credentials_file (gnutls_srp_server_credentials_t
1279                                               res, const char *password_file,
1280                                               const char *password_conf_file);
1281
1282   const char *gnutls_srp_server_get_username (gnutls_session_t session);
1283
1284   extern void gnutls_srp_set_prime_bits (gnutls_session_t session,
1285                                          unsigned int bits);
1286
1287   int gnutls_srp_verifier (const char *username,
1288                            const char *password,
1289                            const gnutls_datum_t * salt,
1290                            const gnutls_datum_t * generator,
1291                            const gnutls_datum_t * prime,
1292                            gnutls_datum_t * res);
1293
1294 /* The static parameters defined in draft-ietf-tls-srp-05
1295  * Those should be used as input to gnutls_srp_verifier().
1296  */
1297   extern const gnutls_datum_t gnutls_srp_2048_group_prime;
1298   extern const gnutls_datum_t gnutls_srp_2048_group_generator;
1299
1300   extern const gnutls_datum_t gnutls_srp_1536_group_prime;
1301   extern const gnutls_datum_t gnutls_srp_1536_group_generator;
1302
1303   extern const gnutls_datum_t gnutls_srp_1024_group_prime;
1304   extern const gnutls_datum_t gnutls_srp_1024_group_generator;
1305
1306   typedef int gnutls_srp_server_credentials_function (gnutls_session_t,
1307                                                       const char *username,
1308                                                       gnutls_datum_t * salt,
1309                                                       gnutls_datum_t *
1310                                                       verifier,
1311                                                       gnutls_datum_t *
1312                                                       generator,
1313                                                       gnutls_datum_t * prime);
1314   void
1315     gnutls_srp_set_server_credentials_function
1316     (gnutls_srp_server_credentials_t cred,
1317      gnutls_srp_server_credentials_function * func);
1318
1319   typedef int gnutls_srp_client_credentials_function (gnutls_session_t,
1320                                                       char **, char **);
1321   void
1322     gnutls_srp_set_client_credentials_function
1323     (gnutls_srp_client_credentials_t cred,
1324      gnutls_srp_client_credentials_function * func);
1325
1326   int gnutls_srp_base64_encode (const gnutls_datum_t * data, char *result,
1327                                 size_t * result_size);
1328   int gnutls_srp_base64_encode_alloc (const gnutls_datum_t * data,
1329                                       gnutls_datum_t * result);
1330
1331   int gnutls_srp_base64_decode (const gnutls_datum_t * b64_data, char *result,
1332                                 size_t * result_size);
1333   int gnutls_srp_base64_decode_alloc (const gnutls_datum_t * b64_data,
1334                                       gnutls_datum_t * result);
1335
1336 /* PSK stuff */
1337   typedef struct gnutls_psk_server_credentials_st
1338     *gnutls_psk_server_credentials_t;
1339   typedef struct gnutls_psk_client_credentials_st
1340     *gnutls_psk_client_credentials_t;
1341
1342   /**
1343    * gnutls_psk_key_flags:
1344    * @GNUTLS_PSK_KEY_RAW: PSK-key in raw format.
1345    * @GNUTLS_PSK_KEY_HEX: PSK-key in hex format.
1346    *
1347    * Enumeration of different PSK key flags.
1348    */
1349   typedef enum gnutls_psk_key_flags
1350   {
1351     GNUTLS_PSK_KEY_RAW = 0,
1352     GNUTLS_PSK_KEY_HEX
1353   } gnutls_psk_key_flags;
1354
1355   void
1356     gnutls_psk_free_client_credentials (gnutls_psk_client_credentials_t sc);
1357   int
1358     gnutls_psk_allocate_client_credentials (gnutls_psk_client_credentials_t *
1359                                             sc);
1360   int gnutls_psk_set_client_credentials (gnutls_psk_client_credentials_t res,
1361                                          const char *username,
1362                                          const gnutls_datum_t * key,
1363                                          gnutls_psk_key_flags format);
1364
1365   void
1366     gnutls_psk_free_server_credentials (gnutls_psk_server_credentials_t sc);
1367   int
1368     gnutls_psk_allocate_server_credentials (gnutls_psk_server_credentials_t *
1369                                             sc);
1370   int gnutls_psk_set_server_credentials_file (gnutls_psk_server_credentials_t
1371                                               res, const char *password_file);
1372
1373   int
1374     gnutls_psk_set_server_credentials_hint (gnutls_psk_server_credentials_t
1375                                             res, const char *hint);
1376
1377   const char *gnutls_psk_server_get_username (gnutls_session_t session);
1378   const char *gnutls_psk_client_get_hint (gnutls_session_t session);
1379
1380   typedef int gnutls_psk_server_credentials_function (gnutls_session_t,
1381                                                       const char *username,
1382                                                       gnutls_datum_t * key);
1383   void
1384     gnutls_psk_set_server_credentials_function
1385     (gnutls_psk_server_credentials_t cred,
1386      gnutls_psk_server_credentials_function * func);
1387
1388   typedef int gnutls_psk_client_credentials_function (gnutls_session_t,
1389                                                       char **username,
1390                                                       gnutls_datum_t * key);
1391   void
1392     gnutls_psk_set_client_credentials_function
1393     (gnutls_psk_client_credentials_t cred,
1394      gnutls_psk_client_credentials_function * func);
1395
1396   int gnutls_hex_encode (const gnutls_datum_t * data, char *result,
1397                          size_t * result_size);
1398   int gnutls_hex_decode (const gnutls_datum_t * hex_data, char *result,
1399                          size_t * result_size);
1400
1401   void
1402     gnutls_psk_set_server_dh_params (gnutls_psk_server_credentials_t res,
1403                                      gnutls_dh_params_t dh_params);
1404
1405   void
1406     gnutls_psk_set_server_params_function (gnutls_psk_server_credentials_t
1407                                            res,
1408                                            gnutls_params_function * func);
1409
1410   /**
1411    * gnutls_x509_subject_alt_name_t:
1412    * @GNUTLS_SAN_DNSNAME: DNS-name SAN.
1413    * @GNUTLS_SAN_RFC822NAME: E-mail address SAN.
1414    * @GNUTLS_SAN_URI: URI SAN.
1415    * @GNUTLS_SAN_IPADDRESS: IP address SAN.
1416    * @GNUTLS_SAN_OTHERNAME: OtherName SAN.
1417    * @GNUTLS_SAN_DN: DN SAN.
1418    * @GNUTLS_SAN_OTHERNAME_XMPP: Virtual SAN, used by
1419    *   gnutls_x509_crt_get_subject_alt_othername_oid().
1420    *
1421    * Enumeration of different subject alternative names types.
1422    */
1423   typedef enum gnutls_x509_subject_alt_name_t
1424   {
1425     GNUTLS_SAN_DNSNAME = 1,
1426     GNUTLS_SAN_RFC822NAME = 2,
1427     GNUTLS_SAN_URI = 3,
1428     GNUTLS_SAN_IPADDRESS = 4,
1429     GNUTLS_SAN_OTHERNAME = 5,
1430     GNUTLS_SAN_DN = 6,
1431     /* The following are "virtual" subject alternative name types, in
1432        that they are represented by an otherName value and an OID.
1433        Used by gnutls_x509_crt_get_subject_alt_othername_oid().  */
1434     GNUTLS_SAN_OTHERNAME_XMPP = 1000
1435   } gnutls_x509_subject_alt_name_t;
1436
1437   struct gnutls_openpgp_crt_int;
1438   typedef struct gnutls_openpgp_crt_int *gnutls_openpgp_crt_t;
1439
1440   struct gnutls_openpgp_privkey_int;
1441   typedef struct gnutls_openpgp_privkey_int *gnutls_openpgp_privkey_t;
1442
1443   struct gnutls_pkcs11_privkey_st;
1444   typedef struct gnutls_pkcs11_privkey_st *gnutls_pkcs11_privkey_t;
1445
1446   typedef enum
1447   {
1448     GNUTLS_PRIVKEY_X509,        /* gnutls_x509_privkey_t */
1449     GNUTLS_PRIVKEY_OPENPGP,     /* gnutls_openpgp_privkey_t */
1450     GNUTLS_PRIVKEY_PKCS11       /* gnutls_pkcs11_privkey_t */
1451   } gnutls_privkey_type_t;
1452
1453   typedef struct gnutls_retr2_st
1454   {
1455     gnutls_certificate_type_t cert_type;
1456     gnutls_privkey_type_t key_type;
1457
1458     union
1459     {
1460       gnutls_x509_crt_t *x509;
1461       gnutls_openpgp_crt_t pgp;
1462     } cert;
1463     unsigned int ncerts;        /* one for pgp keys */
1464
1465     union
1466     {
1467       gnutls_x509_privkey_t x509;
1468       gnutls_openpgp_privkey_t pgp;
1469       gnutls_pkcs11_privkey_t pkcs11;
1470     } key;
1471
1472     unsigned int deinit_all;    /* if non zero all keys will be deinited */
1473   } gnutls_retr2_st;
1474
1475
1476   /* Functions that allow auth_info_t structures handling
1477    */
1478
1479   gnutls_credentials_type_t gnutls_auth_get_type (gnutls_session_t session);
1480     gnutls_credentials_type_t
1481     gnutls_auth_server_get_type (gnutls_session_t session);
1482     gnutls_credentials_type_t
1483     gnutls_auth_client_get_type (gnutls_session_t session);
1484
1485   /* DH */
1486
1487   void gnutls_dh_set_prime_bits (gnutls_session_t session, unsigned int bits);
1488   int gnutls_dh_get_secret_bits (gnutls_session_t session);
1489   int gnutls_dh_get_peers_public_bits (gnutls_session_t session);
1490   int gnutls_dh_get_prime_bits (gnutls_session_t session);
1491
1492   int gnutls_dh_get_group (gnutls_session_t session, gnutls_datum_t * raw_gen,
1493                            gnutls_datum_t * raw_prime);
1494   int gnutls_dh_get_pubkey (gnutls_session_t session,
1495                             gnutls_datum_t * raw_key);
1496
1497   /* RSA */
1498   int gnutls_rsa_export_get_pubkey (gnutls_session_t session,
1499                                     gnutls_datum_t * exponent,
1500                                     gnutls_datum_t * modulus);
1501   int gnutls_rsa_export_get_modulus_bits (gnutls_session_t session);
1502
1503   /* X509PKI */
1504
1505
1506   /* These are set on the credentials structure.
1507    */
1508
1509   typedef int gnutls_certificate_retrieve_function (gnutls_session_t,
1510                                                     const
1511                                                     gnutls_datum_t *
1512                                                     req_ca_rdn,
1513                                                     int nreqs,
1514                                                     const
1515                                                     gnutls_pk_algorithm_t
1516                                                     * pk_algos,
1517                                                     int
1518                                                     pk_algos_length,
1519                                                     gnutls_retr2_st *);
1520
1521
1522   void gnutls_certificate_set_retrieve_function
1523     (gnutls_certificate_credentials_t cred,
1524      gnutls_certificate_retrieve_function * func);
1525
1526   typedef int gnutls_certificate_verify_function (gnutls_session_t);
1527   void
1528     gnutls_certificate_set_verify_function (gnutls_certificate_credentials_t
1529                                             cred,
1530                                             gnutls_certificate_verify_function
1531                                             * func);
1532
1533   void
1534     gnutls_certificate_server_set_request (gnutls_session_t session,
1535                                            gnutls_certificate_request_t req);
1536
1537   /* get data from the session
1538    */
1539   const gnutls_datum_t *gnutls_certificate_get_peers (gnutls_session_t
1540                                                       session,
1541                                                       unsigned int
1542                                                       *list_size);
1543   const gnutls_datum_t *gnutls_certificate_get_ours (gnutls_session_t
1544                                                      session);
1545
1546   time_t gnutls_certificate_activation_time_peers (gnutls_session_t session);
1547   time_t gnutls_certificate_expiration_time_peers (gnutls_session_t session);
1548
1549   int gnutls_certificate_client_get_request_status (gnutls_session_t session);
1550   int gnutls_certificate_verify_peers2 (gnutls_session_t session,
1551                                         unsigned int *status);
1552
1553   int gnutls_pem_base64_encode (const char *msg, const gnutls_datum_t * data,
1554                                 char *result, size_t * result_size);
1555   int gnutls_pem_base64_decode (const char *header,
1556                                 const gnutls_datum_t * b64_data,
1557                                 unsigned char *result, size_t * result_size);
1558
1559   int gnutls_pem_base64_encode_alloc (const char *msg,
1560                                       const gnutls_datum_t * data,
1561                                       gnutls_datum_t * result);
1562   int gnutls_pem_base64_decode_alloc (const char *header,
1563                                       const gnutls_datum_t * b64_data,
1564                                       gnutls_datum_t * result);
1565
1566   /* key_usage will be an OR of the following values:
1567    */
1568
1569   /* when the key is to be used for signing: */
1570 #define GNUTLS_KEY_DIGITAL_SIGNATURE    128
1571 #define GNUTLS_KEY_NON_REPUDIATION      64
1572   /* when the key is to be used for encryption: */
1573 #define GNUTLS_KEY_KEY_ENCIPHERMENT     32
1574 #define GNUTLS_KEY_DATA_ENCIPHERMENT    16
1575 #define GNUTLS_KEY_KEY_AGREEMENT        8
1576 #define GNUTLS_KEY_KEY_CERT_SIGN        4
1577 #define GNUTLS_KEY_CRL_SIGN             2
1578 #define GNUTLS_KEY_ENCIPHER_ONLY        1
1579 #define GNUTLS_KEY_DECIPHER_ONLY        32768
1580
1581   void
1582     gnutls_certificate_set_params_function (gnutls_certificate_credentials_t
1583                                             res,
1584                                             gnutls_params_function * func);
1585   void gnutls_anon_set_params_function (gnutls_anon_server_credentials_t res,
1586                                         gnutls_params_function * func);
1587   void gnutls_psk_set_params_function (gnutls_psk_server_credentials_t res,
1588                                        gnutls_params_function * func);
1589
1590   int gnutls_hex2bin (const char *hex_data, size_t hex_size,
1591                       char *bin_data, size_t * bin_size);
1592
1593   /* Gnutls error codes. The mapping to a TLS alert is also shown in
1594    * comments.
1595    */
1596
1597 #define GNUTLS_E_SUCCESS 0
1598 #define GNUTLS_E_UNKNOWN_COMPRESSION_ALGORITHM -3
1599 #define GNUTLS_E_UNKNOWN_CIPHER_TYPE -6
1600 #define GNUTLS_E_LARGE_PACKET -7
1601 #define GNUTLS_E_UNSUPPORTED_VERSION_PACKET -8  /* GNUTLS_A_PROTOCOL_VERSION */
1602 #define GNUTLS_E_UNEXPECTED_PACKET_LENGTH -9    /* GNUTLS_A_RECORD_OVERFLOW */
1603 #define GNUTLS_E_INVALID_SESSION -10
1604 #define GNUTLS_E_FATAL_ALERT_RECEIVED -12
1605 #define GNUTLS_E_UNEXPECTED_PACKET -15  /* GNUTLS_A_UNEXPECTED_MESSAGE */
1606 #define GNUTLS_E_WARNING_ALERT_RECEIVED -16
1607 #define GNUTLS_E_ERROR_IN_FINISHED_PACKET -18
1608 #define GNUTLS_E_UNEXPECTED_HANDSHAKE_PACKET -19
1609 #define GNUTLS_E_UNKNOWN_CIPHER_SUITE -21       /* GNUTLS_A_HANDSHAKE_FAILURE */
1610 #define GNUTLS_E_UNWANTED_ALGORITHM -22
1611 #define GNUTLS_E_MPI_SCAN_FAILED -23
1612 #define GNUTLS_E_DECRYPTION_FAILED -24  /* GNUTLS_A_DECRYPTION_FAILED, GNUTLS_A_BAD_RECORD_MAC */
1613 #define GNUTLS_E_MEMORY_ERROR -25
1614 #define GNUTLS_E_DECOMPRESSION_FAILED -26       /* GNUTLS_A_DECOMPRESSION_FAILURE */
1615 #define GNUTLS_E_COMPRESSION_FAILED -27
1616 #define GNUTLS_E_AGAIN -28
1617 #define GNUTLS_E_EXPIRED -29
1618 #define GNUTLS_E_DB_ERROR -30
1619 #define GNUTLS_E_SRP_PWD_ERROR -31
1620 #define GNUTLS_E_INSUFFICIENT_CREDENTIALS -32
1621 #define GNUTLS_E_INSUFICIENT_CREDENTIALS GNUTLS_E_INSUFFICIENT_CREDENTIALS      /* for backwards compatibility only */
1622 #define GNUTLS_E_INSUFFICIENT_CRED GNUTLS_E_INSUFFICIENT_CREDENTIALS
1623 #define GNUTLS_E_INSUFICIENT_CRED GNUTLS_E_INSUFFICIENT_CREDENTIALS     /* for backwards compatibility only */
1624
1625 #define GNUTLS_E_HASH_FAILED -33
1626 #define GNUTLS_E_BASE64_DECODING_ERROR -34
1627
1628 #define GNUTLS_E_MPI_PRINT_FAILED -35
1629 #define GNUTLS_E_REHANDSHAKE -37        /* GNUTLS_A_NO_RENEGOTIATION */
1630 #define GNUTLS_E_GOT_APPLICATION_DATA -38
1631 #define GNUTLS_E_RECORD_LIMIT_REACHED -39
1632 #define GNUTLS_E_ENCRYPTION_FAILED -40
1633
1634 #define GNUTLS_E_PK_ENCRYPTION_FAILED -44
1635 #define GNUTLS_E_PK_DECRYPTION_FAILED -45
1636 #define GNUTLS_E_PK_SIGN_FAILED -46
1637 #define GNUTLS_E_X509_UNSUPPORTED_CRITICAL_EXTENSION -47
1638 #define GNUTLS_E_KEY_USAGE_VIOLATION -48
1639 #define GNUTLS_E_NO_CERTIFICATE_FOUND -49       /* GNUTLS_A_BAD_CERTIFICATE */
1640 #define GNUTLS_E_INVALID_REQUEST -50
1641 #define GNUTLS_E_SHORT_MEMORY_BUFFER -51
1642 #define GNUTLS_E_INTERRUPTED -52
1643 #define GNUTLS_E_PUSH_ERROR -53
1644 #define GNUTLS_E_PULL_ERROR -54
1645 #define GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER -55 /* GNUTLS_A_ILLEGAL_PARAMETER */
1646 #define GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE -56
1647 #define GNUTLS_E_PKCS1_WRONG_PAD -57
1648 #define GNUTLS_E_RECEIVED_ILLEGAL_EXTENSION -58
1649 #define GNUTLS_E_INTERNAL_ERROR -59
1650 #define GNUTLS_E_DH_PRIME_UNACCEPTABLE -63
1651 #define GNUTLS_E_FILE_ERROR -64
1652 #define GNUTLS_E_TOO_MANY_EMPTY_PACKETS -78
1653 #define GNUTLS_E_UNKNOWN_PK_ALGORITHM -80
1654
1655
1656   /* returned if libextra functionality was requested but
1657    * gnutls_global_init_extra() was not called.
1658    */
1659 #define GNUTLS_E_INIT_LIBEXTRA -82
1660 #define GNUTLS_E_LIBRARY_VERSION_MISMATCH -83
1661
1662
1663   /* returned if you need to generate temporary RSA
1664    * parameters. These are needed for export cipher suites.
1665    */
1666 #define GNUTLS_E_NO_TEMPORARY_RSA_PARAMS -84
1667
1668 #define GNUTLS_E_LZO_INIT_FAILED -85
1669 #define GNUTLS_E_NO_COMPRESSION_ALGORITHMS -86
1670 #define GNUTLS_E_NO_CIPHER_SUITES -87
1671
1672 #define GNUTLS_E_OPENPGP_GETKEY_FAILED -88
1673 #define GNUTLS_E_PK_SIG_VERIFY_FAILED -89
1674
1675 #define GNUTLS_E_ILLEGAL_SRP_USERNAME -90
1676 #define GNUTLS_E_SRP_PWD_PARSING_ERROR -91
1677 #define GNUTLS_E_NO_TEMPORARY_DH_PARAMS -93
1678
1679   /* For certificate and key stuff
1680    */
1681 #define GNUTLS_E_ASN1_ELEMENT_NOT_FOUND -67
1682 #define GNUTLS_E_ASN1_IDENTIFIER_NOT_FOUND -68
1683 #define GNUTLS_E_ASN1_DER_ERROR -69
1684 #define GNUTLS_E_ASN1_VALUE_NOT_FOUND -70
1685 #define GNUTLS_E_ASN1_GENERIC_ERROR -71
1686 #define GNUTLS_E_ASN1_VALUE_NOT_VALID -72
1687 #define GNUTLS_E_ASN1_TAG_ERROR -73
1688 #define GNUTLS_E_ASN1_TAG_IMPLICIT -74
1689 #define GNUTLS_E_ASN1_TYPE_ANY_ERROR -75
1690 #define GNUTLS_E_ASN1_SYNTAX_ERROR -76
1691 #define GNUTLS_E_ASN1_DER_OVERFLOW -77
1692 #define GNUTLS_E_OPENPGP_UID_REVOKED -79
1693 #define GNUTLS_E_CERTIFICATE_ERROR -43
1694 #define GNUTLS_E_X509_CERTIFICATE_ERROR GNUTLS_E_CERTIFICATE_ERROR
1695 #define GNUTLS_E_CERTIFICATE_KEY_MISMATCH -60
1696 #define GNUTLS_E_UNSUPPORTED_CERTIFICATE_TYPE -61       /* GNUTLS_A_UNSUPPORTED_CERTIFICATE */
1697 #define GNUTLS_E_X509_UNKNOWN_SAN -62
1698 #define GNUTLS_E_OPENPGP_FINGERPRINT_UNSUPPORTED -94
1699 #define GNUTLS_E_X509_UNSUPPORTED_ATTRIBUTE -95
1700 #define GNUTLS_E_UNKNOWN_HASH_ALGORITHM -96
1701 #define GNUTLS_E_UNKNOWN_PKCS_CONTENT_TYPE -97
1702 #define GNUTLS_E_UNKNOWN_PKCS_BAG_TYPE -98
1703 #define GNUTLS_E_INVALID_PASSWORD -99
1704 #define GNUTLS_E_MAC_VERIFY_FAILED -100 /* for PKCS #12 MAC */
1705 #define GNUTLS_E_CONSTRAINT_ERROR -101
1706
1707 #define GNUTLS_E_WARNING_IA_IPHF_RECEIVED -102
1708 #define GNUTLS_E_WARNING_IA_FPHF_RECEIVED -103
1709
1710 #define GNUTLS_E_IA_VERIFY_FAILED -104
1711 #define GNUTLS_E_UNKNOWN_ALGORITHM -105
1712 #define GNUTLS_E_UNSUPPORTED_SIGNATURE_ALGORITHM -106
1713 #define GNUTLS_E_SAFE_RENEGOTIATION_FAILED -107
1714 #define GNUTLS_E_UNSAFE_RENEGOTIATION_DENIED -108
1715 #define GNUTLS_E_UNKNOWN_SRP_USERNAME -109
1716
1717 #define GNUTLS_E_BASE64_ENCODING_ERROR -201
1718 #define GNUTLS_E_INCOMPATIBLE_GCRYPT_LIBRARY -202       /* obsolete */
1719 #define GNUTLS_E_INCOMPATIBLE_CRYPTO_LIBRARY -202
1720 #define GNUTLS_E_INCOMPATIBLE_LIBTASN1_LIBRARY -203
1721
1722 #define GNUTLS_E_OPENPGP_KEYRING_ERROR -204
1723 #define GNUTLS_E_X509_UNSUPPORTED_OID -205
1724
1725 #define GNUTLS_E_RANDOM_FAILED -206
1726 #define GNUTLS_E_BASE64_UNEXPECTED_HEADER_ERROR -207
1727
1728 #define GNUTLS_E_OPENPGP_SUBKEY_ERROR -208
1729
1730 #define GNUTLS_E_CRYPTO_ALREADY_REGISTERED -209
1731
1732 #define GNUTLS_E_HANDSHAKE_TOO_LARGE -210
1733
1734 #define GNUTLS_E_CRYPTODEV_IOCTL_ERROR -211
1735 #define GNUTLS_E_CRYPTODEV_DEVICE_ERROR -212
1736
1737 #define GNUTLS_E_CHANNEL_BINDING_NOT_AVAILABLE -213
1738 #define GNUTLS_E_OPENPGP_PREFERRED_KEY_ERROR -215
1739 #define GNUTLS_E_INCOMPAT_DSA_KEY_WITH_TLS_PROTOCOL -216
1740
1741 /* PKCS11 related */
1742 #define GNUTLS_E_PKCS11_ERROR -300
1743 #define GNUTLS_E_PKCS11_LOAD_ERROR -301
1744 #define GNUTLS_E_PARSING_ERROR -302
1745 #define GNUTLS_E_PKCS11_PIN_ERROR -303
1746
1747 #define GNUTLS_E_PKCS11_SLOT_ERROR -305
1748 #define GNUTLS_E_LOCKING_ERROR -306
1749 #define GNUTLS_E_PKCS11_ATTRIBUTE_ERROR -307
1750 #define GNUTLS_E_PKCS11_DEVICE_ERROR -308
1751 #define GNUTLS_E_PKCS11_DATA_ERROR -309
1752 #define GNUTLS_E_PKCS11_UNSUPPORTED_FEATURE_ERROR -310
1753 #define GNUTLS_E_PKCS11_KEY_ERROR -311
1754 #define GNUTLS_E_PKCS11_PIN_EXPIRED -312
1755 #define GNUTLS_E_PKCS11_PIN_LOCKED -313
1756 #define GNUTLS_E_PKCS11_SESSION_ERROR -314
1757 #define GNUTLS_E_PKCS11_SIGNATURE_ERROR -315
1758 #define GNUTLS_E_PKCS11_TOKEN_ERROR -316
1759 #define GNUTLS_E_PKCS11_USER_ERROR -317
1760
1761 #define GNUTLS_E_CRYPTO_INIT_FAILED -318
1762 #define GNUTLS_E_CERTIFICATE_LIST_UNSORTED -324
1763
1764 #define GNUTLS_E_UNIMPLEMENTED_FEATURE -1250
1765
1766
1767
1768 #define GNUTLS_E_APPLICATION_ERROR_MAX -65000
1769 #define GNUTLS_E_APPLICATION_ERROR_MIN -65500
1770
1771 #ifdef __cplusplus
1772 }
1773 #endif
1774
1775 #include <gnutls/compat.h>
1776
1777 #endif                          /* GNUTLS_H */