|
|
@@ -0,0 +1,1944 @@
|
|
|
+/* gnutls.vapi
|
|
|
+ *
|
|
|
+ * Copyright (C) 2009 Jiří Zárevúcky
|
|
|
+ *
|
|
|
+ * This library is free software; you can redistribute it and/or
|
|
|
+ * modify it under the terms of the GNU Lesser General Public
|
|
|
+ * License as published by the Free Software Foundation; either
|
|
|
+ * version 2.1 of the License, or (at your option) any later version.
|
|
|
+ *
|
|
|
+ * This library is distributed in the hope that it will be useful,
|
|
|
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
|
|
+ * Lesser General Public License for more details.
|
|
|
+ *
|
|
|
+ * You should have received a copy of the GNU Lesser General Public
|
|
|
+ * License along with this library; if not, write to the Free Software
|
|
|
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
|
|
|
+ *
|
|
|
+ * As a special exception, if you use inline functions from this file, this
|
|
|
+ * file does not by itself cause the resulting executable to be covered by
|
|
|
+ * the GNU Lesser General Public License.
|
|
|
+ *
|
|
|
+ * Author:
|
|
|
+ * Jiří Zárevúcky <zarevucky.jiri@gmail.com>
|
|
|
+ * Lazily updated by Billy Barrow in 2023
|
|
|
+ *
|
|
|
+ */
|
|
|
+
|
|
|
+ [CCode (cprefix = "gnutls_", lower_case_cprefix = "gnutls_", cheader_filename = "gnutls/gnutls.h")]
|
|
|
+ namespace GnuTLS
|
|
|
+ {
|
|
|
+ [CCode (cname = "LIBGNUTLS_VERSION")]
|
|
|
+ public const string VERSION;
|
|
|
+ [CCode (cname = "LIBGNUTLS_VERSION_MAJOR")]
|
|
|
+ public const int VERSION_MAJOR;
|
|
|
+ [CCode (cname = "LIBGNUTLS_VERSION_MINOR")]
|
|
|
+ public const int VERSION_MINOR;
|
|
|
+ [CCode (cname = "LIBGNUTLS_VERSION_PATCH")]
|
|
|
+ public const int VERSION_PATCH;
|
|
|
+ [CCode (cname = "LIBGNUTLS_VERSION_NUMBER")]
|
|
|
+ public const int VERSION_NUMBER;
|
|
|
+
|
|
|
+ public unowned string? check_version (string? req_version);
|
|
|
+
|
|
|
+ [CCode (cname = "gnutls_cipher_algorithm_t", cprefix = "GNUTLS_CIPHER_", has_type_id = false)]
|
|
|
+ public enum CipherAlgorithm {
|
|
|
+ UNKNOWN,
|
|
|
+ NULL,
|
|
|
+ ARCFOUR_128,
|
|
|
+ 3DES_CBC,
|
|
|
+ AES_128_CBC,
|
|
|
+ AES_256_CBC,
|
|
|
+ ARCFOUR_40,
|
|
|
+ CAMELLIA_128_CBC,
|
|
|
+ CAMELLIA_256_CBC,
|
|
|
+ RC2_40_CBC,
|
|
|
+ DES_CBC,
|
|
|
+
|
|
|
+ RIJNDAEL_128_CBC, // == AES_128_CBC
|
|
|
+ RIJNDAEL_256_CBC, // == AES_256_CBC
|
|
|
+ RIJNDAEL_CBC, // == AES_128_CBC
|
|
|
+ ARCFOUR; // == ARCFOUR_128
|
|
|
+
|
|
|
+ [CCode (cname = "gnutls_cipher_get_key_size")]
|
|
|
+ public size_t get_key_size ();
|
|
|
+ [CCode (cname = "gnutls_cipher_get_name")]
|
|
|
+ public unowned string? get_name ();
|
|
|
+ [CCode (cname = "gnutls_mac_get_id")]
|
|
|
+ public static CipherAlgorithm from_name (string name);
|
|
|
+ [CCode (cname = "gnutls_cipher_list", array_length = "false", array_null_terminated = "true")]
|
|
|
+ public static unowned CipherAlgorithm[] list ();
|
|
|
+ }
|
|
|
+
|
|
|
+ [CCode (cname = "gnutls_kx_algorithm_t", cprefix = "GNUTLS_KX_", has_type_id = false)]
|
|
|
+ public enum KXAlgorithm {
|
|
|
+ UNKNOWN,
|
|
|
+ RSA,
|
|
|
+ DHE_DSS,
|
|
|
+ DHE_RSA,
|
|
|
+ ANON_DH,
|
|
|
+ SRP,
|
|
|
+ RSA_EXPORT,
|
|
|
+ SRP_RSA,
|
|
|
+ SRP_DSS,
|
|
|
+ PSK,
|
|
|
+ DHE_PSK;
|
|
|
+
|
|
|
+ [CCode (cname = "gnutls_kx_get_name")]
|
|
|
+ public unowned string? get_name ();
|
|
|
+ [CCode (cname = "gnutls_kx_get_id")]
|
|
|
+ public static KXAlgorithm from_name (string name);
|
|
|
+ [CCode (cname = "gnutls_kx_list", array_length = "false", array_null_terminated = "true")]
|
|
|
+ public static unowned KXAlgorithm[] list ();
|
|
|
+ }
|
|
|
+
|
|
|
+ [CCode (cname = "gnutls_mac_algorithm_t", cprefix = "GNUTLS_MAC_", has_type_id = false)]
|
|
|
+ public enum MacAlgorithm {
|
|
|
+ UNKNOWN,
|
|
|
+ NULL,
|
|
|
+ MD5,
|
|
|
+ SHA1,
|
|
|
+ RMD160,
|
|
|
+ MD2,
|
|
|
+ SHA256,
|
|
|
+ SHA384,
|
|
|
+ SHA512;
|
|
|
+
|
|
|
+ [CCode (cname = "gnutls_mac_get_key_size")]
|
|
|
+ public size_t get_key_size ();
|
|
|
+ [CCode (cname = "gnutls_mac_get_name")]
|
|
|
+ public unowned string? get_name ();
|
|
|
+ [CCode (cname = "gnutls_mac_get_id")]
|
|
|
+ public static MacAlgorithm from_name (string name);
|
|
|
+ [CCode (cname = "gnutls_mac_list", array_length = "false", array_null_terminated = "true")]
|
|
|
+ public static unowned MacAlgorithm[] list ();
|
|
|
+ }
|
|
|
+
|
|
|
+ [CCode (cname = "gnutls_digest_algorithm_t", cprefix = "GNUTLS_DIG_", has_type_id = false)]
|
|
|
+ public enum DigestAlgorithm {
|
|
|
+ NULL,
|
|
|
+ MD5,
|
|
|
+ SHA1,
|
|
|
+ RMD160,
|
|
|
+ MD2,
|
|
|
+ SHA224,
|
|
|
+ SHA256,
|
|
|
+ SHA384,
|
|
|
+ SHA512;
|
|
|
+
|
|
|
+ [CCode (cname = "gnutls_fingerprint")]
|
|
|
+ public int fingerprint (/* const */ ref Datum data, void* result, ref size_t result_size);
|
|
|
+ }
|
|
|
+
|
|
|
+ [CCode (cname = "GNUTLS_MAX_ALGORITHM_NUM")]
|
|
|
+ public const int MAX_ALGORITHM_NUM;
|
|
|
+
|
|
|
+ [CCode (cname = "gnutls_pk_algorithm_t", cprefix = "GNUTLS_PK_", has_type_id = false)]
|
|
|
+ public enum PKAlgorithm {
|
|
|
+ UNKNOWN,
|
|
|
+ RSA,
|
|
|
+ DSA,
|
|
|
+ DH,
|
|
|
+ ECDSA,
|
|
|
+ ECDH_X25519,
|
|
|
+ RSA_PSS,
|
|
|
+ EDDSA_ED25519,
|
|
|
+ GOST_01,
|
|
|
+ GOST_12_256,
|
|
|
+ GOST_12_512,
|
|
|
+ ECDH_X448,
|
|
|
+ EDDSA_ED448,
|
|
|
+ MAX;
|
|
|
+
|
|
|
+ [CCode (cname = "gnutls_pk_algorithm_get_name")]
|
|
|
+ public unowned string? get_name ();
|
|
|
+ }
|
|
|
+
|
|
|
+ [CCode (cname = "gnutls_sign_algorithm_t", cprefix = "GNUTLS_SIGN_", has_type_id = false)]
|
|
|
+ public enum SignAlgorithm {
|
|
|
+ UNKNOWN,
|
|
|
+ RSA_SHA1,
|
|
|
+ RSA_SHA,
|
|
|
+ DSA_SHA1,
|
|
|
+ DSA_SHA,
|
|
|
+ RSA_MD5,
|
|
|
+ RSA_MD2,
|
|
|
+ RSA_RMD160,
|
|
|
+ RSA_SHA256,
|
|
|
+ RSA_SHA384,
|
|
|
+ RSA_SHA512,
|
|
|
+ RSA_SHA224,
|
|
|
+ DSA_SHA224,
|
|
|
+ DSA_SHA256,
|
|
|
+ ECDSA_SHA1,
|
|
|
+ ECDSA_SHA224,
|
|
|
+ ECDSA_SHA256,
|
|
|
+ ECDSA_SHA384,
|
|
|
+ ECDSA_SHA512,
|
|
|
+ DSA_SHA384,
|
|
|
+ DSA_SHA512,
|
|
|
+ ECDSA_SHA3_224,
|
|
|
+ ECDSA_SHA3_256,
|
|
|
+ ECDSA_SHA3_384,
|
|
|
+ ECDSA_SHA3_512,
|
|
|
+ DSA_SHA3_224,
|
|
|
+ DSA_SHA3_256,
|
|
|
+ DSA_SHA3_384,
|
|
|
+ DSA_SHA3_512,
|
|
|
+ RSA_SHA3_224,
|
|
|
+ RSA_SHA3_256,
|
|
|
+ RSA_SHA3_384,
|
|
|
+ RSA_SHA3_512,
|
|
|
+ RSA_PSS_SHA256,
|
|
|
+ RSA_PSS_SHA384,
|
|
|
+ RSA_PSS_SHA512,
|
|
|
+ EDDSA_ED25519,
|
|
|
+ RSA_RAW,
|
|
|
+ ECDSA_SECP256R1_SHA256,
|
|
|
+ ECDSA_SECP384R1_SHA384,
|
|
|
+ ECDSA_SECP521R1_SHA512,
|
|
|
+ RSA_PSS_RSAE_SHA256,
|
|
|
+ RSA_PSS_RSAE_SHA384,
|
|
|
+ RSA_PSS_RSAE_SHA512,
|
|
|
+ GOST_94,
|
|
|
+ GOST_256,
|
|
|
+ GOST_512,
|
|
|
+ EDDSA_ED448,
|
|
|
+ MAX;
|
|
|
+
|
|
|
+ [CCode (cname = "gnutls_sign_algorithm_get_name")]
|
|
|
+ public unowned string? get_name ();
|
|
|
+ }
|
|
|
+
|
|
|
+ [CCode (cname = "gnutls_compression_method_t", cprefix = "GNUTLS_COMP_", has_type_id = false)]
|
|
|
+ public enum CompressionMethod {
|
|
|
+ UNKNOWN,
|
|
|
+ NULL,
|
|
|
+ DEFLATE,
|
|
|
+ ZLIB, // == DEFLATE
|
|
|
+ LZO; // only available if gnutls-extra has been initialized
|
|
|
+
|
|
|
+ [CCode (cname = "gnutls_compression_get_name")]
|
|
|
+ public unowned string? get_name ();
|
|
|
+ [CCode (cname = "gnutls_compression_get_id")]
|
|
|
+ public static CompressionMethod from_name (string name);
|
|
|
+ [CCode (cname = "gnutls_compression_list", array_length = "false", array_null_terminated = "true")]
|
|
|
+ public static unowned CompressionMethod[] list ();
|
|
|
+ }
|
|
|
+
|
|
|
+ [CCode (cname = "gnutls_params_type_t", cprefix = "GNUTLS_PARAMS_", has_type_id = false)]
|
|
|
+ public enum ParamsType {
|
|
|
+ RSA_EXPORT,
|
|
|
+ DH
|
|
|
+ }
|
|
|
+
|
|
|
+ [CCode (cname = "gnutls_credentials_type_t", cprefix = "GNUTLS_CRD_", has_type_id = false)]
|
|
|
+ public enum CredentialsType {
|
|
|
+ CERTIFICATE,
|
|
|
+ ANON,
|
|
|
+ SRP,
|
|
|
+ PSK,
|
|
|
+ IA
|
|
|
+ }
|
|
|
+
|
|
|
+ [CCode (cname = "gnutls_alert_level_t", cprefix = "GNUTLS_AL_", has_type_id = false)]
|
|
|
+ public enum AlertLevel {
|
|
|
+ WARNING,
|
|
|
+ FATAL
|
|
|
+ }
|
|
|
+
|
|
|
+ [CCode (cname = "gnutls_alert_description_t", cprefix = "GNUTLS_A_", has_type_id = false)]
|
|
|
+ public enum AlertDescription {
|
|
|
+ CLOSE_NOTIFY,
|
|
|
+ UNEXPECTED_MESSAGE,
|
|
|
+ BAD_RECORD_MAC,
|
|
|
+ DECRYPTION_FAILED,
|
|
|
+ RECORD_OVERFLOW,
|
|
|
+ DECOMPRESSION_FAILURE,
|
|
|
+ HANDSHAKE_FAILURE,
|
|
|
+ SSL3_NO_CERTIFICATE,
|
|
|
+ BAD_CERTIFICATE,
|
|
|
+ UNSUPPORTED_CERTIFICATE,
|
|
|
+ CERTIFICATE_REVOKED,
|
|
|
+ CERTIFICATE_EXPIRED,
|
|
|
+ CERTIFICATE_UNKNOWN,
|
|
|
+ ILLEGAL_PARAMETER,
|
|
|
+ UNKNOWN_CA,
|
|
|
+ ACCESS_DENIED,
|
|
|
+ DECODE_ERROR,
|
|
|
+ DECRYPT_ERROR,
|
|
|
+ EXPORT_RESTRICTION,
|
|
|
+ PROTOCOL_VERSION,
|
|
|
+ INSUFFICIENT_SECURITY,
|
|
|
+ INTERNAL_ERROR,
|
|
|
+ USER_CANCELED,
|
|
|
+ NO_RENEGOTIATION,
|
|
|
+ UNSUPPORTED_EXTENSION,
|
|
|
+ CERTIFICATE_UNOBTAINABLE,
|
|
|
+ UNRECOGNIZED_NAME,
|
|
|
+ UNKNOWN_PSK_IDENTITY,
|
|
|
+ INNER_APPLICATION_FAILURE,
|
|
|
+ INNER_APPLICATION_VERIFICATION;
|
|
|
+
|
|
|
+ [CCode (cname = "gnutls_alert_get_name")]
|
|
|
+ public unowned string? get_name ();
|
|
|
+ }
|
|
|
+
|
|
|
+ [CCode (cname = "gnutls_handshake_description_t", cprefix = "GNUTLS_HANDSHAKE_", has_type_id = false)]
|
|
|
+ public enum HandshakeDescription {
|
|
|
+ HELLO_REQUEST,
|
|
|
+ CLIENT_HELLO,
|
|
|
+ SERVER_HELLO,
|
|
|
+ CERTIFICATE_PKT,
|
|
|
+ SERVER_KEY_EXCHANGE,
|
|
|
+ CERTIFICATE_REQUEST,
|
|
|
+ SERVER_HELLO_DONE,
|
|
|
+ CERTIFICATE_VERIFY,
|
|
|
+ CLIENT_KEY_EXCHANGE,
|
|
|
+ FINISHED,
|
|
|
+ SUPPLEMENTAL
|
|
|
+ }
|
|
|
+
|
|
|
+ /* Note that the status bits have different meanings
|
|
|
+ * in openpgp keys and x.509 certificate verification.
|
|
|
+ */
|
|
|
+ [Flags]
|
|
|
+ [CCode (cname = "gnutls_certificate_status_t", cprefix = "GNUTLS_CERT_", has_type_id = false)]
|
|
|
+ public enum CertificateStatus {
|
|
|
+ INVALID, // will be set if the certificate was not verified.
|
|
|
+ REVOKED, // in X.509 this will be set only if CRLs are checked
|
|
|
+ SIGNER_NOT_FOUND,
|
|
|
+ SIGNER_NOT_CA,
|
|
|
+ INSECURE_ALGORITHM
|
|
|
+ }
|
|
|
+
|
|
|
+ [CCode (cname = "gnutls_certificate_request_t", cprefix = "GNUTLS_CERT_", has_type_id = false)]
|
|
|
+ public enum CertificateRequest {
|
|
|
+ IGNORE,
|
|
|
+ REQUEST,
|
|
|
+ REQUIRE
|
|
|
+ }
|
|
|
+
|
|
|
+ // [CCode (cname = "gnutls_openpgp_crt_status_t", cprefix = "GNUTLS_OPENPGP_", has_type_id = false)]
|
|
|
+ // public enum OpenPGP.CertificateStatus {
|
|
|
+ // CERT,
|
|
|
+ // CERT_FINGERPRINT
|
|
|
+ // }
|
|
|
+ //
|
|
|
+ // [CCode (cname = "gnutls_connection_end_t", cprefix = "GNUTLS_", has_type_id = false)]
|
|
|
+ // public enum ConnectionEnd {
|
|
|
+ // SERVER,
|
|
|
+ // CLIENT
|
|
|
+ // }
|
|
|
+
|
|
|
+ [CCode (cname = "gnutls_close_request_t", cprefix = "GNUTLS_SHUT_", has_type_id = false)]
|
|
|
+ public enum CloseRequest {
|
|
|
+ RDWR,
|
|
|
+ WR
|
|
|
+ }
|
|
|
+
|
|
|
+ [CCode (cname = "gnutls_protocol_t", cprefix = "GNUTLS_", has_type_id = false)]
|
|
|
+ public enum Protocol {
|
|
|
+ SSL3,
|
|
|
+ TLS1, // == TLS1_0
|
|
|
+ TLS1_0,
|
|
|
+ TLS1_1,
|
|
|
+ TLS1_2,
|
|
|
+ [CCode (cname = "GNUTLS_VERSION_UNKNOWN")]
|
|
|
+ UNKNOWN;
|
|
|
+
|
|
|
+ [CCode (cname = "gnutls_protocol_get_name")]
|
|
|
+ public unowned string? get_name ();
|
|
|
+ [CCode (cname = "gnutls_protocol_get_id")]
|
|
|
+ public static Protocol from_name (string name);
|
|
|
+ [CCode (cname = "gnutls_protocol_list", array_length = "false", array_null_terminated = "true")]
|
|
|
+ public static unowned Protocol[] list ();
|
|
|
+ }
|
|
|
+
|
|
|
+ [CCode (cname = "gnutls_certificate_type_t", cprefix = "GNUTLS_CRT_", has_type_id = false)]
|
|
|
+ public enum CertificateType {
|
|
|
+ UNKNOWN,
|
|
|
+ X509,
|
|
|
+ OPENPGP;
|
|
|
+
|
|
|
+ [CCode (cname = "gnutls_certificate_type_get_name")]
|
|
|
+ public unowned string? get_name ();
|
|
|
+ [CCode (cname = "gnutls_certificate_type_get_id")]
|
|
|
+ public static CertificateType from_name (string name);
|
|
|
+ [CCode (cname = "gnutls_certificate_type_list", array_length = "false", array_null_terminated = "true")]
|
|
|
+ public static unowned CertificateType[] list ();
|
|
|
+ }
|
|
|
+
|
|
|
+ [CCode (cname = "gnutls_certificate_print_formats_t", cprefix = "GNUTLS_CRT_PRINT_", has_type_id = false)]
|
|
|
+ public enum CertificatePrintFormats {
|
|
|
+ FULL,
|
|
|
+ ONELINE,
|
|
|
+ UNSIGNED_FULL
|
|
|
+ }
|
|
|
+
|
|
|
+ [Flags]
|
|
|
+ [CCode (cname = "unsigned int", cprefix = "GNUTLS_KEY_", has_type_id = false)]
|
|
|
+ public enum KeyUsage
|
|
|
+ {
|
|
|
+ DIGITAL_SIGNATURE,
|
|
|
+ NON_REPUDIATION,
|
|
|
+ KEY_ENCIPHERMENT,
|
|
|
+ DATA_ENCIPHERMENT,
|
|
|
+ KEY_AGREEMENT,
|
|
|
+ KEY_CERT_SIGN,
|
|
|
+ CRL_SIGN,
|
|
|
+ ENCIPHER_ONLY,
|
|
|
+ DECIPHER_ONLY
|
|
|
+ }
|
|
|
+
|
|
|
+ [CCode (cname = "gnutls_server_name_type_t", cprefix = "GNUTLS_NAME_", has_type_id = false)]
|
|
|
+ public enum ServerNameType {
|
|
|
+ DNS;
|
|
|
+ }
|
|
|
+
|
|
|
+ // Diffie Hellman parameter handling.
|
|
|
+ [Compact]
|
|
|
+ [CCode (cname = "struct gnutls_dh_params_int", free_function = "gnutls_dh_params_deinit", lower_case_cprefix = "gnutls_dh_params_")]
|
|
|
+ public class DHParams {
|
|
|
+ private static int init (out DHParams dh_params);
|
|
|
+ public static DHParams create ()
|
|
|
+ {
|
|
|
+ DHParams result;
|
|
|
+ var ret = init (out result);
|
|
|
+ if (ret != 0)
|
|
|
+ GLib.error ("%s", ((ErrorCode)ret).to_string ());
|
|
|
+ return result;
|
|
|
+ }
|
|
|
+
|
|
|
+ private int cpy (DHParams source);
|
|
|
+
|
|
|
+ public int import_raw (/* const */ ref Datum prime, /* const */ ref Datum generator);
|
|
|
+ public int export_raw (/* const */ ref Datum prime, /* const */ ref Datum generator, out uint bits);
|
|
|
+ public int import_pkcs3 (/* const */ ref Datum pkcs3_params, X509.CertificateFormat format);
|
|
|
+ public int export_pkcs3 (X509.CertificateFormat format, void* params_data, ref size_t params_data_size);
|
|
|
+
|
|
|
+ [CCode (cname = "gnutls_dh_params_generate2")]
|
|
|
+ public int generate (uint bits);
|
|
|
+ }
|
|
|
+
|
|
|
+ [Compact]
|
|
|
+ [CCode (cname = "struct gnutls_x509_privkey_int", free_function = "gnutls_rsa_params_deinit", lower_case_cprefix = "gnutls_rsa_params_")]
|
|
|
+ public class RSAParams {
|
|
|
+ private static int init (out RSAParams dh_params);
|
|
|
+ public static RSAParams create ()
|
|
|
+ {
|
|
|
+ RSAParams result = null;
|
|
|
+ var ret = init (out result);
|
|
|
+ if (ret != 0)
|
|
|
+ GLib.error ("%s", ((ErrorCode)ret).to_string ());
|
|
|
+ return result;
|
|
|
+ }
|
|
|
+
|
|
|
+ private int cpy (RSAParams source);
|
|
|
+
|
|
|
+ public int import_raw (/* const */ ref Datum m, /* const */ ref Datum e, /* const */ ref Datum d, /* const */ ref Datum p, /* const */ ref Datum q, /* const */ ref Datum u);
|
|
|
+ public int export_raw (/* const */ ref Datum m, /* const */ ref Datum e, /* const */ ref Datum d, /* const */ ref Datum p, /* const */ ref Datum q, /* const */ ref Datum u, out uint bits);
|
|
|
+ public int import_pkcs1 (/* const */ ref Datum pkcs1_params, X509.CertificateFormat format);
|
|
|
+ public int export_pkcs1 (X509.CertificateFormat format, void* params_data, ref size_t params_data_size);
|
|
|
+
|
|
|
+ public int generate2 (uint bits);
|
|
|
+ }
|
|
|
+
|
|
|
+ [Compact]
|
|
|
+ [CCode (cname = "struct gnutls_priority_st", free_function = "gnutls_priority_deinit")]
|
|
|
+ public class Priority {
|
|
|
+ private static int init (out Priority self, string priority, out char* err_pos);
|
|
|
+ public static Priority create (string priority, out ErrorCode err = null, out char* err_pos = null)
|
|
|
+ {
|
|
|
+ Priority result;
|
|
|
+ var ret = init (out result, priority, out err_pos);
|
|
|
+ if (&err != null) {
|
|
|
+ err = (ErrorCode) ret;
|
|
|
+ } else {
|
|
|
+ err = 0;
|
|
|
+ }
|
|
|
+ return result;
|
|
|
+ }
|
|
|
+ }
|
|
|
+
|
|
|
+ [SimpleType]
|
|
|
+ [CCode (cname = "gnutls_datum_t", has_type_id = false)]
|
|
|
+ public struct Datum {
|
|
|
+ public void* data;
|
|
|
+ public uint size;
|
|
|
+ }
|
|
|
+
|
|
|
+ [CCode (cname = "gnutls_params_st", has_type_id = false)]
|
|
|
+ public struct Params {
|
|
|
+ public ParamsType type;
|
|
|
+ [CCode (cname = "params.dh")]
|
|
|
+ public DHParams dh_params;
|
|
|
+ [CCode (cname = "params.rsa_export")]
|
|
|
+ public RSAParams rsa_params;
|
|
|
+ public bool deinit;
|
|
|
+ }
|
|
|
+
|
|
|
+ [CCode (cname = "gnutls_params_function *", has_target = false)]
|
|
|
+ public delegate int ParamsFunction (Session session, ParamsType type, Params params);
|
|
|
+
|
|
|
+ [CCode (cname = "gnutls_oprfi_callback_func", instance_pos = "1.2")]
|
|
|
+ public delegate int OprfiCallbackFunc (Session session,
|
|
|
+ [CCode (array_length_pos = "1.8", array_length_type = "size_t")] /* const */ uint8[] in_oprfi,
|
|
|
+ [CCode (array_length_pos = "1.8", array_length_type = "size_t")] uint8[] out_oprfi);
|
|
|
+
|
|
|
+ /* Supplemental data, RFC 4680. */
|
|
|
+ [CCode (cname = "gnutls_supplemental_data_format_type_t", has_type_id = false)]
|
|
|
+ public enum SupplementalDataFormatType {
|
|
|
+ USER_MAPPING_DATA;
|
|
|
+
|
|
|
+ [CCode (cname = "gnutls_supplemental_get_name")]
|
|
|
+ public unowned string? get_name ();
|
|
|
+ }
|
|
|
+
|
|
|
+ [CCode (cname = "TLS_MASTER_SIZE")]
|
|
|
+ public const int TLS_MASTER_SIZE;
|
|
|
+ [CCode (cname = "TLS_RANDOM_SIZE")]
|
|
|
+ public const int TLS_RANDOM_SIZE;
|
|
|
+
|
|
|
+ [CCode (cname = "gnutls_db_store_func", has_target = false)]
|
|
|
+ public delegate int DBStoreFunc (void* ptr, Datum key, Datum data);
|
|
|
+ [CCode (cname = "gnutls_db_remove_func", has_target = false)]
|
|
|
+ public delegate int DBRemoveFunc (void* ptr, Datum key);
|
|
|
+ [CCode (cname = "gnutls_db_retr_func", has_target = false)]
|
|
|
+ public delegate Datum DBRetrieveFunc (void* ptr, Datum key);
|
|
|
+
|
|
|
+ [CCode (cname = "gnutls_handshake_post_client_hello_func", has_target = false)]
|
|
|
+ public delegate int HandshakePostClientHelloFunc (Session session);
|
|
|
+
|
|
|
+ // External signing callback. Experimental.
|
|
|
+ [CCode (cname = "gnutls_sign_func", instance_pos = "1.9")]
|
|
|
+ public delegate int SignFunc (Session session, CertificateType cert_type, /* const */ ref Datum cert, /* const */ ref Datum hash, out Datum signature);
|
|
|
+
|
|
|
+ [CCode (cname = "gnutls_pull_func", has_target = false)]
|
|
|
+ public delegate ssize_t PullFunc (void* transport_ptr, void* buffer, size_t count);
|
|
|
+ [CCode (cname = "gnutls_push_func", has_target = false)]
|
|
|
+ public delegate ssize_t PushFunc (void* transport_ptr, void* buffer, size_t count);
|
|
|
+
|
|
|
+ [Compact]
|
|
|
+ [CCode (cname = "struct gnutls_session_int", free_function = "gnutls_deinit")]
|
|
|
+ public class Session {
|
|
|
+ [CCode (cname = "gnutls_init")]
|
|
|
+ private static int init (out Session session, int con_end);
|
|
|
+ protected static Session? create (int con_end)
|
|
|
+ {
|
|
|
+ Session result;
|
|
|
+ var ret = init (out result, con_end);
|
|
|
+ if (ret != 0)
|
|
|
+ GLib.error ("%s", ((ErrorCode)ret).to_string ());
|
|
|
+ return result;
|
|
|
+ }
|
|
|
+
|
|
|
+ [CCode (cname = "gnutls_credentials_set")]
|
|
|
+ public int set_credentials (CredentialsType type, void* cred);
|
|
|
+ [CCode (cname = "gnutls_credentials_clear")]
|
|
|
+ public void clear_credentials ();
|
|
|
+
|
|
|
+ [CCode (cname = "gnutls_handshake")]
|
|
|
+ public int handshake ();
|
|
|
+ [CCode (cname = "gnutls_bye")]
|
|
|
+ public int bye (CloseRequest how);
|
|
|
+
|
|
|
+ [CCode (cname = "gnutls_session_is_resumed")]
|
|
|
+ public bool is_resumed ();
|
|
|
+
|
|
|
+ [CCode (cname = "gnutls_alert_get")]
|
|
|
+ public AlertDescription get_last_alert ();
|
|
|
+ [CCode (cname = "gnutls_alert_send")]
|
|
|
+ public int send_alert (AlertLevel level, AlertDescription desc);
|
|
|
+ [CCode (cname = "gnutls_alert_send_appropriate")]
|
|
|
+ public int send_appropriate_alert (ErrorCode err);
|
|
|
+
|
|
|
+ [CCode (cname = "gnutls_cipher_get")]
|
|
|
+ public CipherAlgorithm get_cipher ();
|
|
|
+ [CCode (cname = "gnutls_kx_get")]
|
|
|
+ public KXAlgorithm get_kx ();
|
|
|
+ [CCode (cname = "gnutls_mac_get")]
|
|
|
+ public MacAlgorithm get_mac ();
|
|
|
+ [CCode (cname = "gnutls_compression_get")]
|
|
|
+ public CompressionMethod get_compression ();
|
|
|
+ [CCode (cname = "gnutls_certificate_type_get")]
|
|
|
+ public CertificateType get_certificate_type ();
|
|
|
+ [CCode (cname = "gnutls_protocol_get_version")]
|
|
|
+ public Protocol get_protocol_version ();
|
|
|
+ [CCode (cname = "gnutls_record_get_max_size")]
|
|
|
+ public size_t get_max_record_size ();
|
|
|
+ [CCode (cname = "gnutls_dh_get_prime_bits")]
|
|
|
+ public int get_dh_prime_bits ();
|
|
|
+ [CCode (cname = "gnutls_dh_get_secret_bits")]
|
|
|
+ public int get_dh_secret_bits ();
|
|
|
+ [CCode (cname = "gnutls_dh_get_peers_public_bits")]
|
|
|
+ public int get_peers_dh_public_bits ();
|
|
|
+ [CCode (cname = "gnutls_dh_get_group")]
|
|
|
+ public int get_dh_group (out Datum raw_gen, out Datum raw_prime);
|
|
|
+ [CCode (cname = "gnutls_dh_get_pubkey")]
|
|
|
+ public int get_dh_pubkey (out Datum raw_key);
|
|
|
+ [CCode (cname = "gnutls_rsa_export_get_pubkey")]
|
|
|
+ public int get_rsa_export_pubkey (out Datum exponent, out Datum modulus);
|
|
|
+ [CCode (cname = "gnutls_rsa_export_get_modulus_bits")]
|
|
|
+ public int get_rsa_export_modulus_bits ();
|
|
|
+
|
|
|
+ [CCode (cname = "gnutls_handshake_set_private_extensions")]
|
|
|
+ public void allow_private_extensions (bool allow);
|
|
|
+ [CCode (cname = "gnutls_handshake_get_last_out")]
|
|
|
+ public HandshakeDescription get_last_out_handshake ();
|
|
|
+ [CCode (cname = "gnutls_handshake_get_last_in")]
|
|
|
+ public HandshakeDescription get_last_in_handshake ();
|
|
|
+
|
|
|
+ [CCode (cname = "gnutls_record_send")]
|
|
|
+ public ssize_t send (void* buffer, size_t count);
|
|
|
+ [CCode (cname = "gnutls_record_recv")]
|
|
|
+ public ssize_t receive (void* buffer, size_t count);
|
|
|
+
|
|
|
+ [CCode (cname = "gnutls_record_get_direction")]
|
|
|
+ public int get_last_direction ();
|
|
|
+
|
|
|
+ [CCode (cname = "gnutls_record_check_pending")]
|
|
|
+ public size_t check_pending ();
|
|
|
+
|
|
|
+ [CCode (cname = "gnutls_cipher_set_priority")]
|
|
|
+ public int set_cipher_priority ([CCode (array_length = "false", array_null_terminated = "true")] CipherAlgorithm[] list);
|
|
|
+ [CCode (cname = "gnutls_mac_set_priority")]
|
|
|
+ public int set_mac_priority ([CCode (array_length = "false", array_null_terminated = "true")] MacAlgorithm[] list);
|
|
|
+ [CCode (cname = "gnutls_compression_set_priority")]
|
|
|
+ public int set_compression_priority ([CCode (array_length = "false", array_null_terminated = "true")] CompressionMethod[] list);
|
|
|
+ [CCode (cname = "gnutls_kx_set_priority")]
|
|
|
+ public int set_kx_priority ([CCode (array_length = "false", array_null_terminated = "true")] KXAlgorithm[] list);
|
|
|
+ [CCode (cname = "gnutls_protocol_set_priority")]
|
|
|
+ public int set_protocol_priority ([CCode (array_length = "false", array_null_terminated = "true")] Protocol[] list);
|
|
|
+ [CCode (cname = "gnutls_certificate_type_set_priority")]
|
|
|
+ public int set_certificate_type_priority ([CCode (array_length = "false", array_null_terminated = "true")] CertificateType[] list);
|
|
|
+
|
|
|
+ [CCode (cname = "gnutls_priority_set")]
|
|
|
+ public int set_priority (Priority priority);
|
|
|
+ [CCode (cname = "gnutls_priority_set_direct")]
|
|
|
+ public int set_priority_from_string (string priority, out unowned string err_pos = null);
|
|
|
+ [CCode (cname = "gnutls_set_default_priority")]
|
|
|
+ public int set_default_priority ();
|
|
|
+ [CCode (cname = "gnutls_set_default_export_priority")]
|
|
|
+ public int set_default_export_priority ();
|
|
|
+
|
|
|
+ [CCode (cname = "GNUTLS_MAX_SESSION_ID")]
|
|
|
+ public const int MAX_SESSION_ID;
|
|
|
+
|
|
|
+ [CCode (cname = "gnutls_session_get_id")]
|
|
|
+ public int get_id (void* session_id, ref size_t session_id_size);
|
|
|
+
|
|
|
+ [CCode (cname = "gnutls_session_get_server_random")]
|
|
|
+ public void* get_server_random ();
|
|
|
+ [CCode (cname = "gnutls_session_get_client_random")]
|
|
|
+ public void* get_client_random ();
|
|
|
+ [CCode (cname = "gnutls_session_get_master_secret")]
|
|
|
+ public void* get_master_secret ();
|
|
|
+
|
|
|
+ [CCode (cname = "gnutls_transport_set_ptr")]
|
|
|
+ public void set_transport_ptr (void* ptr);
|
|
|
+ [CCode (cname = "gnutls_transport_set_ptr2")]
|
|
|
+ public void set_transport_ptr2 (void* recv_ptr, void* send_ptr);
|
|
|
+ [CCode (cname = "gnutls_transport_set_lowat")]
|
|
|
+ public void set_lowat (int num);
|
|
|
+ [CCode (cname = "gnutls_transport_set_push_function")]
|
|
|
+ public void set_push_function (PushFunc func);
|
|
|
+ [CCode (cname = "gnutls_transport_set_pull_function")]
|
|
|
+ public void set_pull_function (PullFunc func);
|
|
|
+
|
|
|
+ [CCode (cname = "gnutls_transport_set_errno")]
|
|
|
+ public void set_errno (int err);
|
|
|
+
|
|
|
+ [CCode (cname = "gnutls_session_set_ptr")]
|
|
|
+ public void set_ptr (void* ptr);
|
|
|
+ [CCode (cname = "gnutls_session_get_ptr")]
|
|
|
+ public void* get_ptr ();
|
|
|
+
|
|
|
+ [CCode (cname = "gnutls_auth_get_type")]
|
|
|
+ public CredentialsType get_auth_type ();
|
|
|
+ // [CCode (cname = "gnutls_auth_server_get_type")]
|
|
|
+ // public CredentialsType get_server_auth_type ();
|
|
|
+ // [CCode (cname = "gnutls_auth_client_get_type")]
|
|
|
+ // public CredentialsType get_client_auth_type ();
|
|
|
+
|
|
|
+ [CCode (cname = "gnutls_sign_callback_set")]
|
|
|
+ public void set_sign_callback (SignFunc func);
|
|
|
+ [CCode (cname = "gnutls_sign_callback_get")]
|
|
|
+ public SignFunc get_sign_callback ();
|
|
|
+
|
|
|
+ [CCode (cname = "gnutls_certificate_get_peers", array_length_type = "unsigned int")]
|
|
|
+ public unowned Datum[]? get_peer_certificates ();
|
|
|
+ [CCode (cname = "gnutls_certificate_get_ours")]
|
|
|
+ public unowned Datum? get_our_certificate ();
|
|
|
+
|
|
|
+ [CCode (cname = "gnutls_certificate_verify_peers2")]
|
|
|
+ public int verify_peer_certificate (out CertificateStatus status);
|
|
|
+ }
|
|
|
+
|
|
|
+ [CCode (cname = "struct gnutls_session_int", lower_case_cprefix = "gnutls_", free_function = "gnutls_deinit")]
|
|
|
+ public class ClientSession: Session {
|
|
|
+
|
|
|
+ public static ClientSession create ()
|
|
|
+ {
|
|
|
+ return (ClientSession) Session.create (2);
|
|
|
+ }
|
|
|
+
|
|
|
+ [CCode (cname = "gnutls_record_set_max_size")]
|
|
|
+ public ssize_t set_max_record_size (size_t size);
|
|
|
+
|
|
|
+ [CCode (cname = "gnutls_dh_set_prime_bits")]
|
|
|
+ public void set_dh_prime_bits (uint bits);
|
|
|
+
|
|
|
+ [CCode (cname = "gnutls_server_name_get")]
|
|
|
+ public int get_server_name (void* data, out size_t data_length, out ServerNameType type, uint index);
|
|
|
+
|
|
|
+ [CCode (cname = "gnutls_oprfi_enable_client")]
|
|
|
+ public void enable_oprfi ([CCode (array_length_pos = "0.9", array_length_type = "size_t")] uint8[] data);
|
|
|
+
|
|
|
+ [CCode (cname = "gnutls_session_set_data")]
|
|
|
+ public int set_session_data (void* session_data, size_t session_data_size);
|
|
|
+ [CCode (cname = "gnutls_session_get_data")]
|
|
|
+ public int get_session_data (void* session_data, out size_t session_data_size);
|
|
|
+ [CCode (cname = "gnutls_session_get_data2")]
|
|
|
+ public int get_session_data2 (out Datum data);
|
|
|
+
|
|
|
+ [CCode (cname = "gnutls_openpgp_send_cert")]
|
|
|
+ public void set_openpgp_send_cert (bool fingerprint_only);
|
|
|
+
|
|
|
+ [CCode (cname = "gnutls_psk_client_get_hint")]
|
|
|
+ public unowned string get_psk_hint ();
|
|
|
+
|
|
|
+ [CCode (cname = "gnutls_certificate_client_get_request_status")]
|
|
|
+ public int get_certificate_request_status ();
|
|
|
+ }
|
|
|
+
|
|
|
+ [CCode (cname = "struct gnutls_session_int", lower_case_cprefix = "gnutls_", free_function = "gnutls_deinit")]
|
|
|
+ public class ServerSession: Session {
|
|
|
+
|
|
|
+ public static ServerSession create ()
|
|
|
+ {
|
|
|
+ return (ServerSession) Session.create (1);
|
|
|
+ }
|
|
|
+
|
|
|
+ public int rehandshake ();
|
|
|
+
|
|
|
+ [CCode (cname = "gnutls_session_enable_compatibility_mode")]
|
|
|
+ public void enable_compatibility_mode ();
|
|
|
+
|
|
|
+ [CCode (cname = "gnutls_record_disable_padding")]
|
|
|
+ public void disable_record_padding ();
|
|
|
+
|
|
|
+ [CCode (cname = "gnutls_server_name_set")]
|
|
|
+ public int set_server_name (ServerNameType type, void* data, size_t data_length);
|
|
|
+
|
|
|
+ [CCode (cname = "gnutls_oprfi_enable_server")]
|
|
|
+ public void enable_oprfi (OprfiCallbackFunc cb);
|
|
|
+
|
|
|
+ public void db_set_cache_expiration (int seconds);
|
|
|
+ public void db_remove_session ();
|
|
|
+ public void db_set_retrieve_function (DBRetrieveFunc func);
|
|
|
+ public void db_set_remove_function (DBRemoveFunc func);
|
|
|
+ public void db_set_store_function (DBStoreFunc func);
|
|
|
+ public void db_set_ptr (void* ptr);
|
|
|
+ public void* db_get_ptr ();
|
|
|
+ public int db_check_entry (Datum session_entry);
|
|
|
+
|
|
|
+ [CCode (cname = "gnutls_handshake_set_post_client_hello_function")]
|
|
|
+ public void set_post_client_hello_function (HandshakePostClientHelloFunc func);
|
|
|
+
|
|
|
+ [CCode (cname = "gnutls_handshake_set_max_packet_length")]
|
|
|
+ public void set_max_handshake_packet_length (size_t max);
|
|
|
+
|
|
|
+ [CCode (cname = "gnutls_certificate_server_set_request")]
|
|
|
+ public void set_certificate_request (CertificateRequest req);
|
|
|
+
|
|
|
+ [CCode (cname = "gnutls_certificate_send_x509_rdn_sequence")]
|
|
|
+ public void disable_sending_x509_rdn_sequence (bool disable);
|
|
|
+
|
|
|
+ [CCode (cname = "gnutls_psk_server_get_username")]
|
|
|
+ public unowned string get_psk_username ();
|
|
|
+
|
|
|
+ [CCode (cheader_filename = "gnutls/openpgp.h", cname = "gnutls_openpgp_set_recv_key_function")]
|
|
|
+ public void set_openpgp_recv_key_function (OpenPGP.RecvKeyFunc func);
|
|
|
+ }
|
|
|
+
|
|
|
+
|
|
|
+ [Compact]
|
|
|
+ [CCode (cname = "struct gnutls_anon_server_credentials_st", free_function = "gnutls_anon_free_server_credentials")]
|
|
|
+ public class AnonServerCredentials
|
|
|
+ {
|
|
|
+ [CCode (cname = "gnutls_anon_allocate_server_credentials")]
|
|
|
+ private static int allocate (out AnonServerCredentials credentials);
|
|
|
+ public static AnonServerCredentials create ()
|
|
|
+ {
|
|
|
+ AnonServerCredentials result;
|
|
|
+ var ret = allocate (out result);
|
|
|
+ if (ret != 0)
|
|
|
+ GLib.error ("%s", ((ErrorCode)ret).to_string ());
|
|
|
+ return result;
|
|
|
+ }
|
|
|
+
|
|
|
+
|
|
|
+ [CCode (cname = "gnutls_anon_set_server_dh_params")]
|
|
|
+ public void set_dh_params (DHParams dh_params);
|
|
|
+
|
|
|
+ // [CCode (cname = "gnutls_anon_set_server_params_function")]
|
|
|
+ // public void set_server_params_function (ParamsFunction func);
|
|
|
+
|
|
|
+ [CCode (cname = "gnutls_anon_set_params_function")]
|
|
|
+ public void set_params_function (ParamsFunction func);
|
|
|
+ }
|
|
|
+
|
|
|
+ [Compact]
|
|
|
+ [CCode (cname = "struct gnutls_anon_client_credentials_st", free_function = "gnutls_anon_free_client_credentials")]
|
|
|
+ public class AnonClientCredentials
|
|
|
+ {
|
|
|
+ [CCode (cname = "gnutls_anon_allocate_client_credentials")]
|
|
|
+ private static int allocate (out AnonClientCredentials credentials);
|
|
|
+ public static AnonClientCredentials create ()
|
|
|
+ {
|
|
|
+ AnonClientCredentials result;
|
|
|
+ var ret = allocate (out result);
|
|
|
+ if (ret != 0)
|
|
|
+ GLib.error ("%s", ((ErrorCode)ret).to_string ());
|
|
|
+ return result;
|
|
|
+ }
|
|
|
+ }
|
|
|
+
|
|
|
+ [CCode (cheader_filename = "gnutls/x509.h", cprefix = "GNUTLS_")]
|
|
|
+ namespace X509
|
|
|
+ {
|
|
|
+ // Some OIDs usually found in Distinguished names, or
|
|
|
+ // in Subject Directory Attribute extensions.
|
|
|
+
|
|
|
+ public const string OID_X520_COUNTRY_NAME;
|
|
|
+ public const string OID_X520_ORGANIZATION_NAME;
|
|
|
+ public const string OID_X520_ORGANIZATIONAL_UNIT_NAME;
|
|
|
+ public const string OID_X520_COMMON_NAME;
|
|
|
+ public const string OID_X520_LOCALITY_NAME;
|
|
|
+ public const string OID_X520_STATE_OR_PROVINCE_NAME;
|
|
|
+
|
|
|
+ public const string OID_X520_INITIALS;
|
|
|
+ public const string OID_X520_GENERATION_QUALIFIER;
|
|
|
+ public const string OID_X520_SURNAME;
|
|
|
+ public const string OID_X520_GIVEN_NAME;
|
|
|
+ public const string OID_X520_TITLE;
|
|
|
+ public const string OID_X520_DN_QUALIFIER;
|
|
|
+ public const string OID_X520_PSEUDONYM;
|
|
|
+
|
|
|
+ public const string OID_LDAP_DC;
|
|
|
+ public const string OID_LDAP_UID;
|
|
|
+
|
|
|
+ // The following should not be included in DN.
|
|
|
+
|
|
|
+ public const string OID_PKCS9_EMAIL;
|
|
|
+
|
|
|
+ public const string OID_PKIX_DATE_OF_BIRTH;
|
|
|
+ public const string OID_PKIX_PLACE_OF_BIRTH;
|
|
|
+ public const string OID_PKIX_GENDER;
|
|
|
+ public const string OID_PKIX_COUNTRY_OF_CITIZENSHIP;
|
|
|
+ public const string OID_PKIX_COUNTRY_OF_RESIDENCE;
|
|
|
+
|
|
|
+ // Key purpose Object Identifiers.
|
|
|
+
|
|
|
+ public const string KP_TLS_WWW_SERVER;
|
|
|
+ public const string KP_TLS_WWW_CLIENT;
|
|
|
+ public const string KP_CODE_SIGNING;
|
|
|
+ public const string KP_EMAIL_PROTECTION;
|
|
|
+ public const string KP_TIME_STAMPING;
|
|
|
+ public const string KP_OCSP_SIGNING;
|
|
|
+ public const string KP_ANY;
|
|
|
+
|
|
|
+
|
|
|
+ [CCode (cname = "gnutls_x509_crt_fmt_t", cprefix = "GNUTLS_X509_FMT_", has_type_id = false)]
|
|
|
+ public enum CertificateFormat {
|
|
|
+ DER,
|
|
|
+ PEM
|
|
|
+ }
|
|
|
+
|
|
|
+ [Flags]
|
|
|
+ [CCode (cname = "gnutls_certificate_import_flags", cprefix = "GNUTLS_X509_CRT_", has_type_id = false)]
|
|
|
+ public enum CertificateImportFlags {
|
|
|
+ /* Fail if the certificates in the buffer are more than the space
|
|
|
+ * allocated for certificates. The error code will be
|
|
|
+ * GNUTLS_E_SHORT_MEMORY_BUFFER.
|
|
|
+ */
|
|
|
+ LIST_IMPORT_FAIL_IF_EXCEED // == 1
|
|
|
+ }
|
|
|
+
|
|
|
+ [Flags]
|
|
|
+ [CCode (cname = "unsigned int", cprefix = "GNUTLS_CRL_REASON_", has_type_id = false)]
|
|
|
+ public enum RevocationReasons {
|
|
|
+ UNUSED,
|
|
|
+ KEY_COMPROMISE,
|
|
|
+ CA_COMPROMISE,
|
|
|
+ AFFILIATION_CHANGED,
|
|
|
+ SUPERSEEDED,
|
|
|
+ CESSATION_OF_OPERATION,
|
|
|
+ CERTIFICATE_HOLD,
|
|
|
+ PRIVILEGE_WITHDRAWN,
|
|
|
+ AA_COMPROMISE
|
|
|
+ }
|
|
|
+
|
|
|
+ [Flags]
|
|
|
+ [CCode (cname = "gnutls_certificate_verify_flags", cprefix = "GNUTLS_VERIFY_", has_type_id = false)]
|
|
|
+ public enum CertificateVerifyFlags
|
|
|
+ {
|
|
|
+ // If set a signer does not have to be a certificate authority. This
|
|
|
+ // flag should normaly be disabled, unless you know what this means.
|
|
|
+ DISABLE_CA_SIGN,
|
|
|
+
|
|
|
+ // Allow only trusted CA certificates that have version 1. This is
|
|
|
+ // safer than GNUTLS_VERIFY_ALLOW_ANY_X509_V1_CA_CRT, and should be
|
|
|
+ // used instead. That way only signers in your trusted list will be
|
|
|
+ // allowed to have certificates of version 1.
|
|
|
+ ALLOW_X509_V1_CA_CRT,
|
|
|
+
|
|
|
+ // If a certificate is not signed by anyone trusted but exists in
|
|
|
+ // the trusted CA list do not treat it as trusted.
|
|
|
+ DO_NOT_ALLOW_SAME,
|
|
|
+
|
|
|
+ // Allow CA certificates that have version 1 (both root and
|
|
|
+ // intermediate). This might be dangerous since those haven't the
|
|
|
+ // basicConstraints extension. Must be used in combination with
|
|
|
+ // GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT.
|
|
|
+ ALLOW_ANY_X509_V1_CA_CRT,
|
|
|
+
|
|
|
+ // Allow certificates to be signed using the broken MD2 algorithm.
|
|
|
+ ALLOW_SIGN_RSA_MD2,
|
|
|
+
|
|
|
+ // Allow certificates to be signed using the broken MD5 algorithm.
|
|
|
+ ALLOW_SIGN_RSA_MD5
|
|
|
+ }
|
|
|
+
|
|
|
+ [CCode (cname = "gnutls_x509_subject_alt_name_t", has_type_id = false)]
|
|
|
+ public enum SubjectAltName {
|
|
|
+ DNSNAME,
|
|
|
+ RFC822NAME,
|
|
|
+ URI,
|
|
|
+ IPADDRESS,
|
|
|
+ OTHERNAME,
|
|
|
+ DN,
|
|
|
+
|
|
|
+ OTHERNAME_XMPP
|
|
|
+ }
|
|
|
+
|
|
|
+ [Compact]
|
|
|
+ [CCode (cname = "void", cprefix = "gnutls_x509_dn_", free_function = "gnutls_x509_dn_deinit")]
|
|
|
+ public class DN
|
|
|
+ {
|
|
|
+ private static int init (out DN dn);
|
|
|
+ public static DN create ()
|
|
|
+ {
|
|
|
+ DN result;
|
|
|
+ var ret = init (out result);
|
|
|
+ if (ret != 0)
|
|
|
+ GLib.error ("%s", ((ErrorCode)ret).to_string ());
|
|
|
+ return result;
|
|
|
+ }
|
|
|
+
|
|
|
+ public int get_rdn_ava (int irdn, int iava, out unowned Ava ava);
|
|
|
+
|
|
|
+ public int import (ref Datum data);
|
|
|
+ public int export (CertificateFormat format, void* output, ref size_t output_size);
|
|
|
+
|
|
|
+ }
|
|
|
+
|
|
|
+ // RDN handling.
|
|
|
+ public int rdn_get (ref Datum idn, char* buf, ref size_t buf_size);
|
|
|
+ public int rdn_get_oid (ref Datum idn, int index, void* buf, ref size_t buf_size);
|
|
|
+ public int rdn_get_by_oid (ref Datum idn, string oid, int index, uint raw_flag, void* buf, ref size_t buf_size);
|
|
|
+
|
|
|
+ [SimpleType]
|
|
|
+ [CCode (cname = "gnutls_x509_ava_st", has_type_id = false)]
|
|
|
+ public struct Ava
|
|
|
+ {
|
|
|
+ [CCode (cname = "oid.data", array_length_cname = "oid.size")]
|
|
|
+ unowned uint8[] oid;
|
|
|
+ [CCode (cname = "value.data", array_length_cname = "value.size")]
|
|
|
+ unowned uint8[] value;
|
|
|
+ ulong value_tag;
|
|
|
+ }
|
|
|
+
|
|
|
+ [Compact]
|
|
|
+ [CCode (cname = "struct gnutls_x509_crt_int", cprefix = "gnutls_x509_crt_", free_function = "gnutls_x509_crt_deinit")]
|
|
|
+ public class Certificate
|
|
|
+ {
|
|
|
+ private static int init (out Certificate cert);
|
|
|
+ public static Certificate create ()
|
|
|
+ {
|
|
|
+ Certificate result;
|
|
|
+ var ret = init (out result);
|
|
|
+ if (ret != 0)
|
|
|
+ GLib.error ("%s", ((ErrorCode)ret).to_string ());
|
|
|
+ return result;
|
|
|
+ }
|
|
|
+
|
|
|
+ public int import (ref Datum data, CertificateFormat format);
|
|
|
+ public int export (CertificateFormat format, void* output, ref size_t output_size);
|
|
|
+
|
|
|
+ public static int list_import ([CCode (array_length = "false")] Certificate[]? certs,
|
|
|
+ ref uint cert_max, ref Datum data,
|
|
|
+ CertificateFormat format, bool fail_if_exceed);
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+ public int get_issuer_dn (char* buf, ref size_t buf_size);
|
|
|
+ public int get_issuer_dn_oid (int index, void* oid, ref size_t oid_size);
|
|
|
+ public int get_issuer_dn_by_oid (string oid, int index, uint raw_flag, void* buf, ref size_t buf_size);
|
|
|
+
|
|
|
+ public int get_dn (char* buf, ref size_t buf_size);
|
|
|
+ public int get_dn_oid (int index, void* oid, ref size_t oid_size);
|
|
|
+ public int get_dn_by_oid (string oid, int index, uint raw_flag, void* buf, ref size_t buf_size);
|
|
|
+
|
|
|
+
|
|
|
+ public int get_subject (out DN dn);
|
|
|
+ public int get_issuer (out DN dn);
|
|
|
+
|
|
|
+ public bool check_hostname (string hostname);
|
|
|
+
|
|
|
+ public SignAlgorithm get_signature_algorithm ();
|
|
|
+
|
|
|
+ public int get_signature (char* sig, ref size_t sig_size);
|
|
|
+
|
|
|
+ public int get_version ();
|
|
|
+
|
|
|
+ public int get_key_id (uint flags, uchar* output, ref size_t output_size);
|
|
|
+
|
|
|
+ public int set_authority_key_id (void* id, size_t id_size);
|
|
|
+ public int get_authority_key_id (void* ret, ref size_t ret_size, out bool critical);
|
|
|
+
|
|
|
+ public int get_subject_key_id (void* ret, ref size_t ret_size, out bool critical);
|
|
|
+
|
|
|
+ public int get_crl_dist_points (uint seq, void* ret, ref size_t ret_size, out RevocationReasons reason_flags, out bool critical);
|
|
|
+ public int set_crl_dist_points (SubjectAltName type, void* data_string, RevocationReasons reason_flags);
|
|
|
+ public int cpy_crl_dist_points (Certificate source);
|
|
|
+
|
|
|
+ public time_t get_activation_time ();
|
|
|
+ public time_t get_expiration_time ();
|
|
|
+
|
|
|
+ public int get_serial (void* result, ref size_t result_size);
|
|
|
+
|
|
|
+ public PKAlgorithm get_pk_algorithm (out uint bits);
|
|
|
+ public int get_pk_rsa_raw (out Datum modulus, out Datum exponent);
|
|
|
+ public int get_pk_dsa_raw (out Datum p, out Datum q, out Datum g, out Datum y);
|
|
|
+
|
|
|
+ public int get_subject_alt_name (uint seq, void* ret, ref size_t ret_size, out bool critical);
|
|
|
+ public int get_subject_alt_name2 (uint seq, void* ret, ref size_t ret_size, out SubjectAltName ret_type, out bool critical);
|
|
|
+
|
|
|
+ public int get_subject_alt_othername_oid (uint seq, void* ret, ref size_t ret_size);
|
|
|
+
|
|
|
+ public int get_ca_status (out bool critical);
|
|
|
+
|
|
|
+ public int get_basic_constraints (out bool critical, out int ca, out int pathlen);
|
|
|
+
|
|
|
+ public int get_key_usage (out KeyUsage key_usage, out bool critical);
|
|
|
+ public int set_key_usage (KeyUsage usage);
|
|
|
+
|
|
|
+ public int get_proxy (out bool critical, out int pathlen, [CCode (array_length = "false")] out char[] policyLanguage, out char[] policy);
|
|
|
+
|
|
|
+ public bool dn_oid_known (string oid);
|
|
|
+
|
|
|
+ public int get_extension_oid (int index, void* oid, ref size_t oid_size);
|
|
|
+ public int get_extension_by_oid (string oid, int index, void* buf, ref size_t buf_size, out bool critical);
|
|
|
+
|
|
|
+ public int get_extension_info (int index, void* oid, ref size_t oid_size, out bool critical);
|
|
|
+ public int get_extension_data (int index, void* data, ref size_t data_size);
|
|
|
+
|
|
|
+ public int set_extension_by_oid (string oid, void* buf, size_t buf_size, bool critical);
|
|
|
+ public int set_dn_by_oid (string oid, uint raw_flag, void* name, uint name_size);
|
|
|
+ public int set_issuer_dn_by_oid (string oid, uint raw_flag, void* name, uint name_size);
|
|
|
+ public int set_version (uint version);
|
|
|
+ public int set_key (PrivateKey key);
|
|
|
+ public int set_ca_status (uint ca);
|
|
|
+ public int set_basic_constraints (uint ca, int pathLenConstraint);
|
|
|
+ public int set_subject_alternative_name (SubjectAltName type, string data_string);
|
|
|
+
|
|
|
+ public int sign (Certificate issuer, PrivateKey issuer_key);
|
|
|
+ public int sign2 (Certificate issuer, PrivateKey issuer_key, DigestAlgorithm alg, uint flags);
|
|
|
+
|
|
|
+ public int set_activation_time (time_t act_time);
|
|
|
+ public int set_expiration_time (time_t exp_time);
|
|
|
+ public int set_serial (void* serial, size_t serial_size);
|
|
|
+
|
|
|
+ public int set_subject_key_id (void* id, size_t id_size);
|
|
|
+ public int set_proxy_dn (Certificate eecrt, uint raw_flag, void* name, uint name_size);
|
|
|
+ public int set_proxy (int pathLenConstraint, string policyLanguage, [CCode (array_length_type = "size_t")] uint8[] policy);
|
|
|
+
|
|
|
+ public int print (CertificatePrintFormats format, out Datum output);
|
|
|
+
|
|
|
+ public int get_raw_issuer_dn (out unowned Datum start);
|
|
|
+ public int get_raw_dn (out unowned Datum start);
|
|
|
+
|
|
|
+ public int verify_data2 (SignAlgorithm algo, uint flags, ref Datum data, ref Datum signature);
|
|
|
+
|
|
|
+ private int set_crq (CertificateRequest crq);
|
|
|
+
|
|
|
+ // verification
|
|
|
+
|
|
|
+ public int check_issuer (Certificate issuer);
|
|
|
+ public static int list_verify (Certificate[] cert_list, Certificate[] CA_list, Certificate[] CLR_list, CertificateVerifyFlags flags, out CertificateStatus verify);
|
|
|
+ public int verify (Certificate[] CA_list, CertificateVerifyFlags flags, out CertificateStatus verify);
|
|
|
+ public int check_revocation (CRL[] crl_list);
|
|
|
+ public int get_fingerprint (DigestAlgorithm algo, void* buf, ref size_t buf_size);
|
|
|
+ public int get_key_purpose_oid (int index, void* oid, ref size_t oid_size, out bool critical);
|
|
|
+ public int set_key_purpose_oid (string oid, bool critical);
|
|
|
+ }
|
|
|
+
|
|
|
+ [Compact]
|
|
|
+ [CCode (cname = "struct gnutls_x509_crl_int", free_function = "gnutls_x509_crl_deinit", cprefix = "gnutls_x509_crl_")]
|
|
|
+ public class CRL
|
|
|
+ {
|
|
|
+ private static int init (out CRL crl);
|
|
|
+ public static CRL create ()
|
|
|
+ {
|
|
|
+ CRL result;
|
|
|
+ var ret = init (out result);
|
|
|
+ if (ret != 0)
|
|
|
+ GLib.error ("%s", ((ErrorCode)ret).to_string ());
|
|
|
+ return result;
|
|
|
+ }
|
|
|
+
|
|
|
+ public int import (ref Datum data, CertificateFormat format);
|
|
|
+ public int export (CertificateFormat format, void* output, ref size_t output_size);
|
|
|
+
|
|
|
+ public int get_issuer_dn (char* buf, ref size_t buf_size);
|
|
|
+ public int get_issuer_dn_by_oid (string oid, int index, uint raw_flag, void* buf, ref size_t buf_size);
|
|
|
+
|
|
|
+ public int get_dn_oid (int index, void* oid, ref size_t oid_size);
|
|
|
+
|
|
|
+ public int get_signature_algorithm ();
|
|
|
+ public int get_signature (char* sig, ref size_t sig_size);
|
|
|
+ public int get_version ();
|
|
|
+
|
|
|
+ public time_t get_this_update ();
|
|
|
+ public time_t get_next_update ();
|
|
|
+
|
|
|
+ public int get_crt_count ();
|
|
|
+ public int get_crt_serial (int index, uchar* serial, ref size_t serial_size, out time_t t);
|
|
|
+
|
|
|
+ // aliases for previous two
|
|
|
+ public int get_certificate_count ();
|
|
|
+ public int get_certificate (int index, uchar* serial, ref size_t serial_size, out time_t t);
|
|
|
+
|
|
|
+ public int check_issuer (Certificate issuer);
|
|
|
+
|
|
|
+ public int verify (Certificate[] ca_list, CertificateVerifyFlags flags, out CertificateStatus verify);
|
|
|
+
|
|
|
+ // CRL writing
|
|
|
+
|
|
|
+ public int set_version (uint version);
|
|
|
+ public int sign (Certificate issuer, PrivateKey issuer_key);
|
|
|
+ public int sign2 (Certificate issuer, PrivateKey issuer_key, DigestAlgorithm algo, uint flags);
|
|
|
+
|
|
|
+ public int set_this_update (time_t act_time);
|
|
|
+ public int set_next_update (time_t exp_time);
|
|
|
+
|
|
|
+ public int set_crt_serial (void* serial, size_t serial_size, time_t revocation_time);
|
|
|
+ public int set_crt (Certificate crt, time_t revocation_time);
|
|
|
+
|
|
|
+ public int print (CertificatePrintFormats format, out Datum output);
|
|
|
+ }
|
|
|
+
|
|
|
+ [Compact]
|
|
|
+ [CCode (cname = "struct gnutls_pkcs7_int", cprefix = "gnutls_pkcs7_", free_function = "gnutls_pkcs7_deinit")]
|
|
|
+ public class PKCS7
|
|
|
+ {
|
|
|
+ private static int init (out PKCS7 pkcs7);
|
|
|
+ public static PKCS7 create ()
|
|
|
+ {
|
|
|
+ PKCS7 result;
|
|
|
+ var ret = init (out result);
|
|
|
+ if (ret != 0)
|
|
|
+ GLib.error ("%s", ((ErrorCode)ret).to_string ());
|
|
|
+ return result;
|
|
|
+ }
|
|
|
+
|
|
|
+ public int import (ref Datum data, CertificateFormat format);
|
|
|
+ public int export (CertificateFormat format, void* output, ref size_t output_size);
|
|
|
+
|
|
|
+ public int get_crt_count ();
|
|
|
+ public int get_crt_raw (int index, void* certificate, ref size_t certificate_size);
|
|
|
+ public int set_crt_raw (ref Datum crt);
|
|
|
+ public int set_crt (Certificate crt);
|
|
|
+ public int delete_crt (int index);
|
|
|
+
|
|
|
+ public int get_crl_count ();
|
|
|
+ public int get_crl_raw (int index, void* crl, ref size_t crl_size);
|
|
|
+ public int set_crl_raw (ref Datum crt);
|
|
|
+ public int set_crl (CRL crl);
|
|
|
+ public int delete_crl (int index);
|
|
|
+ }
|
|
|
+
|
|
|
+ // Flags for the gnutls_x509_privkey_export_pkcs8() function.
|
|
|
+ [Flags]
|
|
|
+ [CCode (cname = "gnutls_pkcs_encrypt_flags_t", cprefix = "GNUTLS_PKCS_", has_type_id = false)]
|
|
|
+ public enum PKCSEncryptFlags {
|
|
|
+ PLAIN,
|
|
|
+ USE_PKCS12_3DES,
|
|
|
+ USE_PKCS12_ARCFOUR,
|
|
|
+ USE_PKCS12_RC2_40,
|
|
|
+ USE_PBES2_3DES
|
|
|
+ }
|
|
|
+
|
|
|
+ [Compact]
|
|
|
+ [CCode (cname = "struct gnutls_x509_privkey_int", cprefix = "gnutls_x509_privkey_", free_function = "gnutls_x509_privkey_deinit")]
|
|
|
+ public class PrivateKey
|
|
|
+ {
|
|
|
+ private static int init (out PrivateKey key);
|
|
|
+ public static PrivateKey create ()
|
|
|
+ {
|
|
|
+ PrivateKey result;
|
|
|
+ var ret = init (out result);
|
|
|
+ if (ret != 0)
|
|
|
+ GLib.error ("%s", ((ErrorCode)ret).to_string ());
|
|
|
+ return result;
|
|
|
+ }
|
|
|
+
|
|
|
+ public int cpy (PrivateKey source);
|
|
|
+
|
|
|
+ public int import (ref Datum data, CertificateFormat format);
|
|
|
+ public int import_pkcs8 (ref Datum data, CertificateFormat format, string? password, PKCSEncryptFlags flags);
|
|
|
+ public int import_rsa_raw (ref Datum m, ref Datum e, ref Datum d, ref Datum p, ref Datum q, ref Datum u);
|
|
|
+ public int import_dsa_raw (ref Datum p, ref Datum q, ref Datum g, ref Datum y, ref Datum x);
|
|
|
+
|
|
|
+ public int export (CertificateFormat format, void* output, ref size_t output_size);
|
|
|
+ public int export_pkcs8 (CertificateFormat format, string password, PKCSEncryptFlags flags, void* output, ref size_t output_size);
|
|
|
+ public int export_rsa_raw (out Datum m, out Datum e, out Datum d, out Datum p, out Datum q, out Datum u);
|
|
|
+ public int export_dsa_raw (out Datum p, out Datum q, out Datum g, out Datum y, out Datum x);
|
|
|
+
|
|
|
+ public int fix ();
|
|
|
+ public int generate (PKAlgorithm algo, uint bits, uint flags = 0);
|
|
|
+
|
|
|
+ public int get_pk_algorithm ();
|
|
|
+ public int get_key_id (uint flags, uchar* output, ref size_t output_size);
|
|
|
+
|
|
|
+ // Signing stuff
|
|
|
+
|
|
|
+ public int sign_data (DigestAlgorithm digest, uint flags, ref Datum data, void* signature, ref size_t signature_size);
|
|
|
+ public int verify_data (uint flags, ref Datum data, ref Datum signature);
|
|
|
+ public int sign_hash (ref Datum hash, out Datum signature);
|
|
|
+ }
|
|
|
+
|
|
|
+ [Compact]
|
|
|
+ [CCode (cname = "struct gnutls_x509_crq_int", cprefix = "gnutls_x509_crq_", free_function = "gnutls_x509_crq_deinit")]
|
|
|
+ public class CertificateRequest
|
|
|
+ {
|
|
|
+ private static int init (out CertificateRequest request);
|
|
|
+ public static CertificateRequest create ()
|
|
|
+ {
|
|
|
+ CertificateRequest result;
|
|
|
+ var ret = init (out result);
|
|
|
+ if (ret != 0)
|
|
|
+ GLib.error ("%s", ((ErrorCode)ret).to_string ());
|
|
|
+ return result;
|
|
|
+ }
|
|
|
+
|
|
|
+ public int import (ref Datum data, CertificateFormat format);
|
|
|
+ public int export (CertificateFormat format, void* output, ref size_t output_size);
|
|
|
+
|
|
|
+ public int get_pk_algorithm (out uint bits);
|
|
|
+ public int get_dn (char* buf, ref size_t buf_size);
|
|
|
+ public int get_dn_oid (int index, void* oid, ref size_t oid_size);
|
|
|
+ public int get_dn_by_oid (string oid, int index, uint raw_flag, void* buf, ref size_t buf_size);
|
|
|
+ public int set_dn_by_oid (string oid, uint raw_flag, void* name, uint name_size);
|
|
|
+
|
|
|
+ public int set_version (uint version);
|
|
|
+
|
|
|
+ public int set_key (PrivateKey key);
|
|
|
+
|
|
|
+ public int sign (PrivateKey key);
|
|
|
+ public int sign2 (PrivateKey key, DigestAlgorithm algo, uint flags);
|
|
|
+
|
|
|
+ public int set_challenge_password (string pass);
|
|
|
+ public int get_challenge_password (char* pass, ref size_t pass_size);
|
|
|
+
|
|
|
+ public int set_attribute_by_oid (string oid, void* buf, size_t buf_size);
|
|
|
+ public int get_attribute_by_oid (string oid, int index, void* buf, ref size_t buf_size);
|
|
|
+ }
|
|
|
+
|
|
|
+ [Compact]
|
|
|
+ [CCode (cheader_filename = "gnutls/pkcs12.h", cname = "struct gnutls_pkcs12_int", cprefix = "gnutls_pkcs12_", free_function = "gnutls_pkcs12_deinit")]
|
|
|
+ public class PKCS12
|
|
|
+ {
|
|
|
+ private static int init (out PKCS12 request);
|
|
|
+ public static PKCS12 create ()
|
|
|
+ {
|
|
|
+ PKCS12 result;
|
|
|
+ var ret = init (out result);
|
|
|
+ if (ret != 0)
|
|
|
+ GLib.error ("%s", ((ErrorCode)ret).to_string ());
|
|
|
+ return result;
|
|
|
+ }
|
|
|
+
|
|
|
+ public int import (ref Datum data, CertificateFormat format, uint flags);
|
|
|
+ public int export (CertificateFormat format, void* output, ref size_t output_size);
|
|
|
+
|
|
|
+ public int get_bag (int index, PKCS12Bag bag);
|
|
|
+ public int set_bag (PKCS12Bag bag);
|
|
|
+
|
|
|
+ public int generate_mac (string pass);
|
|
|
+ public int verify_mac (string pass);
|
|
|
+ }
|
|
|
+
|
|
|
+ [CCode (cheader_filename = "gnutls/pkcs12.h", cname = "gnutls_pkcs12_bag_type_t", cprefix = "GNUTLS_BAG_", has_type_id = false)]
|
|
|
+ public enum PKCS12BagType {
|
|
|
+ EMPTY,
|
|
|
+ PKCS8_ENCRYPTED_KEY,
|
|
|
+ PKCS8_KEY,
|
|
|
+ CERTIFICATE,
|
|
|
+ CRL,
|
|
|
+ ENCRYPTED,
|
|
|
+ UNKNOWN
|
|
|
+ }
|
|
|
+
|
|
|
+ [Compact]
|
|
|
+ [CCode (cheader_filename = "gnutls/pkcs12.h", cname = "struct gnutls_pkcs12_bag_int", cprefix = "gnutls_pkcs12_bag_", free_function = "gnutls_pkcs12_bag_deinit")]
|
|
|
+ public class PKCS12Bag {
|
|
|
+ private static int init (out PKCS12Bag request);
|
|
|
+ public static PKCS12Bag create ()
|
|
|
+ {
|
|
|
+ PKCS12Bag result;
|
|
|
+ var ret = init (out result);
|
|
|
+ if (ret != 0)
|
|
|
+ GLib.error ("%s", ((ErrorCode)ret).to_string ());
|
|
|
+ return result;
|
|
|
+ }
|
|
|
+
|
|
|
+ public int decrypt (string pass);
|
|
|
+ public int encrypt (string pass, PKCSEncryptFlags flags);
|
|
|
+
|
|
|
+ public PKCS12BagType get_type (int index);
|
|
|
+ public int get_data (int index, out Datum data);
|
|
|
+ public int set_data (PKCS12BagType type, ref Datum data);
|
|
|
+ public int set_crl (CRL crl);
|
|
|
+ public int set_crt (Certificate crt);
|
|
|
+
|
|
|
+ public int get_count ();
|
|
|
+
|
|
|
+ public int get_key_id (int index, out Datum id);
|
|
|
+ public int set_key_id (int index, ref Datum id);
|
|
|
+
|
|
|
+ public int get_friendly_name (int index, out unowned string name);
|
|
|
+ public int set_friendly_name (int index, string name);
|
|
|
+ }
|
|
|
+ }
|
|
|
+
|
|
|
+ [CCode (cheader_filename = "gnutls/openpgp.h")]
|
|
|
+ namespace OpenPGP
|
|
|
+ {
|
|
|
+ [CCode (has_target = false)]
|
|
|
+ public delegate int RecvKeyFunc (Session session, uint8[] keyfpr, out Datum key);
|
|
|
+
|
|
|
+ [CCode (cname = "gnutls_openpgp_crt_fmt_t", cprefix = "GNUTLS_OPENPGP_FMT_", has_type_id = false)]
|
|
|
+ public enum CertificateFormat {
|
|
|
+ RAW,
|
|
|
+ BASE64
|
|
|
+ }
|
|
|
+
|
|
|
+ [Compact]
|
|
|
+ [CCode (cname = "struct gnutls_openpgp_crt_int", cprefix = "gnutls_openpgp_crt_", free_function = "gnutls_openpgp_crt_deinit")]
|
|
|
+ public class Certificate
|
|
|
+ {
|
|
|
+ private static int init (out Certificate crt);
|
|
|
+ public static Certificate create ()
|
|
|
+ {
|
|
|
+ Certificate result;
|
|
|
+ var ret = init (out result);
|
|
|
+ if (ret != 0)
|
|
|
+ GLib.error ("%s", ((ErrorCode)ret).to_string ());
|
|
|
+ return result;
|
|
|
+ }
|
|
|
+
|
|
|
+ public int import (ref Datum data, CertificateFormat format);
|
|
|
+ public int export (CertificateFormat format, void* output, ref size_t output_size);
|
|
|
+
|
|
|
+ public int print (CertificatePrintFormats format, out Datum output);
|
|
|
+
|
|
|
+ public int get_key_usage (out KeyUsage key_usage);
|
|
|
+ public int get_fingerprint (void* fpr, ref size_t fpr_size);
|
|
|
+ public int get_subkey_fingerprint (uint index, void* fpr, ref size_t fpr_size);
|
|
|
+
|
|
|
+ public int get_name (int index, char* buf, ref size_t buf_size);
|
|
|
+
|
|
|
+ public PKAlgorithm get_pk_algorithm (out uint bits);
|
|
|
+
|
|
|
+ public int get_version ();
|
|
|
+
|
|
|
+ public time_t get_creation_time ();
|
|
|
+ public time_t get_expiration_time ();
|
|
|
+
|
|
|
+ // keyid is 8 bytes
|
|
|
+ public int get_key_id (uchar* keyid);
|
|
|
+
|
|
|
+ public int check_hostname (string hostname);
|
|
|
+
|
|
|
+ public int get_revoked_status ();
|
|
|
+
|
|
|
+ public int get_subkey_count ();
|
|
|
+ public int get_subkey_idx (/*const*/ uchar* keyid);
|
|
|
+ public int get_subkey_revoked_status (uint idx);
|
|
|
+
|
|
|
+ public PKAlgorithm get_subkey_pk_algorithm (uint idx, out uint bits);
|
|
|
+
|
|
|
+ public time_t get_subkey_creation_time (uint idx);
|
|
|
+ public time_t get_subkey_expiration_time (uint idx);
|
|
|
+
|
|
|
+ public int get_subkey_id (uint idx, uchar* keyid);
|
|
|
+ public int get_subkey_usage (uint idx, out KeyUsage key_usage);
|
|
|
+
|
|
|
+ public int get_pk_dsa_raw (out Datum p, out Datum q, out Datum g, out Datum y);
|
|
|
+ public int get_pk_rsa_raw (out Datum m, out Datum e);
|
|
|
+
|
|
|
+ public int get_subkey_pk_dsa_raw (uint index, out Datum p, out Datum q, out Datum g, out Datum y);
|
|
|
+ public int get_subkey_pk_rsa_raw (uint index, out Datum m, out Datum e);
|
|
|
+
|
|
|
+ public int get_preferred_key_id (uchar* keyid);
|
|
|
+ public int set_preferred_key_id (/* const */ uchar* keyid);
|
|
|
+
|
|
|
+ public int verify_ring (Keyring keyring, uint flags, out CertificateStatus verify);
|
|
|
+ public int verify_self (uint flags, out CertificateStatus verify);
|
|
|
+ }
|
|
|
+
|
|
|
+ [Compact]
|
|
|
+ [CCode (cname = "struct gnutls_openpgp_privkey_int", cprefix = "gnutls_openpgp_privkey_", free_function = "gnutls_openpgp_privkey_deinit")]
|
|
|
+ public class PrivateKey
|
|
|
+ {
|
|
|
+ private static int init (out PrivateKey key);
|
|
|
+ public static PrivateKey create ()
|
|
|
+ {
|
|
|
+ PrivateKey result = null;
|
|
|
+ var ret = init (out result);
|
|
|
+ if (ret != 0)
|
|
|
+ GLib.error ("%s", ((ErrorCode)ret).to_string ());
|
|
|
+ return result;
|
|
|
+ }
|
|
|
+
|
|
|
+ public PKAlgorithm get_pk_algorithm (out uint bits);
|
|
|
+
|
|
|
+ public int import (ref Datum data, CertificateFormat format, string pass, uint flags);
|
|
|
+ public int export (CertificateFormat format, string password, uint flags, void* output, ref size_t output_size);
|
|
|
+
|
|
|
+ public int sign_hash (ref Datum hash, out Datum signature);
|
|
|
+ public int get_fingerprint (void* fpr, ref size_t fpr_size);
|
|
|
+ public int get_subkey_fingerprint (uint idx, void* fpr, ref size_t fpr_size);
|
|
|
+
|
|
|
+ public int get_key_id (uchar* keyid);
|
|
|
+ public int get_subkey_count ();
|
|
|
+ public int get_subkey_idx (/*const*/ uchar* keyid);
|
|
|
+
|
|
|
+ public int get_subkey_revoked_status (uint index);
|
|
|
+ public int get_revoked_status ();
|
|
|
+
|
|
|
+ public PKAlgorithm get_subkey_pk_algorithm (uint idx, out uint bits);
|
|
|
+
|
|
|
+ public time_t get_subkey_expiration_time (uint idx);
|
|
|
+ public time_t get_subkey_creation_time (uint idx);
|
|
|
+
|
|
|
+ public int get_subkey_id (uint idx, uchar* keyid);
|
|
|
+
|
|
|
+ public int export_subkey_dsa_raw (uint idx, out Datum p, out Datum q, out Datum g, out Datum y, out Datum x);
|
|
|
+ public int export_subkey_rsa_raw (uint idx, out Datum m, out Datum e, out Datum d, out Datum p, out Datum q, out Datum u);
|
|
|
+
|
|
|
+ public int export_dsa_raw (out Datum p, out Datum q, out Datum g, out Datum y, out Datum x);
|
|
|
+ public int export_rsa_raw (out Datum m, out Datum e, out Datum d, out Datum p, out Datum q, out Datum u);
|
|
|
+
|
|
|
+ public int set_preferred_key_id (/*const*/ uchar* keyid);
|
|
|
+ public int get_preferred_key_id (uchar* keyid);
|
|
|
+
|
|
|
+ public int get_auth_subkey (uchar* keyid, uint flag);
|
|
|
+ }
|
|
|
+
|
|
|
+ [Compact]
|
|
|
+ [CCode (cname = "struct gnutls_openpgp_keyring_int", cprefix = "gnutls_openpgp_keyring_", free_function = "gnutls_openpgp_keyring_deinit")]
|
|
|
+ public class Keyring
|
|
|
+ {
|
|
|
+ private static int init (out Keyring keyring);
|
|
|
+ public static Keyring create ()
|
|
|
+ {
|
|
|
+ Keyring result;
|
|
|
+ var ret = init (out result);
|
|
|
+ if (ret != 0)
|
|
|
+ GLib.error ("%s", ((ErrorCode)ret).to_string ());
|
|
|
+ return result;
|
|
|
+ }
|
|
|
+
|
|
|
+ public int import (ref Datum data, CertificateFormat format);
|
|
|
+ public int check_id (/*const*/ uchar* keyid, uint flags);
|
|
|
+
|
|
|
+ public int get_crt_count ();
|
|
|
+ public int get_crt (uint index, out Certificate cert);
|
|
|
+ }
|
|
|
+ }
|
|
|
+
|
|
|
+
|
|
|
+ [CCode (cname = "gnutls_certificate_client_retrieve_function *", has_target = false)]
|
|
|
+ public delegate int ClientCertificateRetrieveFunction (Session session, Datum[] req_ca_rdn, PKAlgorithm[] pk_algos, out RetrStruct st);
|
|
|
+ [CCode (cname = "gnutls_certificate_server_retrieve_function *", has_target = false)]
|
|
|
+ public delegate int ServerCertificateRetrieveFunction (Session session, out RetrStruct st);
|
|
|
+
|
|
|
+ [Compact]
|
|
|
+ [CCode (cname = "struct gnutls_certificate_credentials_st",
|
|
|
+ free_function = "gnutls_certificate_free_credentials",
|
|
|
+ cprefix = "gnutls_certificate_")]
|
|
|
+ public class CertificateCredentials
|
|
|
+ {
|
|
|
+ [CCode (cname = "gnutls_certificate_allocate_credentials")]
|
|
|
+ private static int allocate (out CertificateCredentials credentials);
|
|
|
+ public static CertificateCredentials create ()
|
|
|
+ {
|
|
|
+ CertificateCredentials result;
|
|
|
+ var ret = allocate (out result);
|
|
|
+ if (ret != 0)
|
|
|
+ GLib.error ("%s", ((ErrorCode)ret).to_string ());
|
|
|
+ return result;
|
|
|
+ }
|
|
|
+
|
|
|
+ public void free_keys ();
|
|
|
+ public void free_cas ();
|
|
|
+ public void free_ca_names ();
|
|
|
+ public void free_crls ();
|
|
|
+
|
|
|
+ public void set_dh_params (DHParams dh_params);
|
|
|
+ public void set_rsa_export_params (RSAParams rsa_params);
|
|
|
+ public void set_verify_flags (X509.CertificateVerifyFlags flags);
|
|
|
+ public void set_verify_limits (uint max_bits, uint max_depth);
|
|
|
+
|
|
|
+ public int set_x509_trust (X509.Certificate[] ca_list);
|
|
|
+ public int set_x509_trust_file (string cafile, X509.CertificateFormat type);
|
|
|
+ public int set_x509_trust_mem (/* const */ ref Datum cadata, X509.CertificateFormat type);
|
|
|
+
|
|
|
+ public int set_x509_crl (X509.CRL[] crl_list);
|
|
|
+ public int set_x509_crl_file (string crlfile, X509.CertificateFormat type);
|
|
|
+ public int set_x509_crl_mem (/* const */ ref Datum crldata, X509.CertificateFormat type);
|
|
|
+
|
|
|
+ public int set_x509_key (X509.Certificate[] cert_list, X509.PrivateKey key);
|
|
|
+ public int set_x509_key_file (string certfile, string keyfile, X509.CertificateFormat type);
|
|
|
+ public int set_x509_key_mem (/* const */ ref Datum certdata, /* const */ ref Datum keydata, X509.CertificateFormat type);
|
|
|
+
|
|
|
+ public int set_x509_simple_pkcs12_file (string pkcs12file, X509.CertificateFormat type, string? password = null);
|
|
|
+
|
|
|
+ public void get_x509_cas ([CCode (array_length_type = "unsigned int")] out unowned X509.Certificate[] x509_ca_list);
|
|
|
+ public void get_x509_crls ([CCode (array_length_type = "unsigned int")] out unowned X509.CRL[] x509_crl_list);
|
|
|
+
|
|
|
+
|
|
|
+ [CCode (cname = "gnutls_certificate_client_set_retrieve_function")]
|
|
|
+ public void set_client_certificate_retrieve_function (ClientCertificateRetrieveFunction func);
|
|
|
+ [CCode (cname = "gnutls_certificate_server_set_retrieve_function")]
|
|
|
+ public void set_server_certificate_retrieve_function (ServerCertificateRetrieveFunction func);
|
|
|
+
|
|
|
+ [CCode (cname = "gnutls_certificate_set_params_function")]
|
|
|
+ public void set_params_function (ParamsFunction func);
|
|
|
+
|
|
|
+ // OpenPGP stuff
|
|
|
+
|
|
|
+ public int set_openpgp_key (OpenPGP.Certificate key, OpenPGP.PrivateKey pkey);
|
|
|
+
|
|
|
+ public int set_openpgp_key_file (string certfile, string keyfile, OpenPGP.CertificateFormat format);
|
|
|
+ public int set_openpgp_key_mem (ref Datum cert, ref Datum key, OpenPGP.CertificateFormat format);
|
|
|
+ public int set_openpgp_key_file2 (string certfile, string keyfile, string keyid, OpenPGP.CertificateFormat format);
|
|
|
+ public int set_openpgp_key_mem2 (ref Datum cert, ref Datum key, string keyid, OpenPGP.CertificateFormat format);
|
|
|
+
|
|
|
+ public int set_openpgp_keyring_mem (uchar* data, size_t data_size, OpenPGP.CertificateFormat format);
|
|
|
+ public int set_openpgp_keyring_file (string file, OpenPGP.CertificateFormat format);
|
|
|
+
|
|
|
+ public void get_openpgp_keyring (out unowned OpenPGP.Keyring keyring);
|
|
|
+ }
|
|
|
+
|
|
|
+ [CCode (cname = "gnutls_malloc")]
|
|
|
+ public void* malloc (size_t size);
|
|
|
+ [CCode (cname = "gnutls_secure_malloc")]
|
|
|
+ public void* secure_malloc (size_t size);
|
|
|
+ [CCode (cname = "gnutls_realloc")]
|
|
|
+ public void* realloc (void* ptr, size_t new_size);
|
|
|
+ [CCode (cname = "gnutls_calloc")]
|
|
|
+ public void* calloc (size_t count, size_t block_size);
|
|
|
+ [CCode (cname = "gnutls_free")]
|
|
|
+ public void free (void* ptr);
|
|
|
+
|
|
|
+ [CCode (cname = "gnutls_free")]
|
|
|
+ public void free_data ([CCode (array_length = false)] owned uint[] data);
|
|
|
+
|
|
|
+ [CCode (cname = "gnutls_strdup")]
|
|
|
+ public string strdup (string str);
|
|
|
+
|
|
|
+ [CCode (cname = "gnutls_alloc_function", has_target = false)]
|
|
|
+ public delegate void* AllocFunction (size_t size);
|
|
|
+ [CCode (cname = "gnutls_calloc_function", has_target = false)]
|
|
|
+ public delegate void* CallocFunction (size_t count, size_t block_size);
|
|
|
+ [CCode (cname = "gnutls_is_secure_function", has_target = false)]
|
|
|
+ public delegate int IsSecureFunction (void* ptr);
|
|
|
+ [CCode (cname = "gnutls_free_function", has_target = false)]
|
|
|
+ public delegate void FreeFunction (void* ptr);
|
|
|
+ [CCode (cname = "gnutls_realloc_function", has_target = false)]
|
|
|
+ public delegate void* ReallocFunction (void* ptr, size_t new_size);
|
|
|
+
|
|
|
+ public int global_init ();
|
|
|
+ public void global_deinit ();
|
|
|
+
|
|
|
+ [CCode (cname = "gnutls_global_set_mem_functions")]
|
|
|
+ public void set_mem_functions (AllocFunction alloc_func, AllocFunction secure_alloc_func,
|
|
|
+ IsSecureFunction is_secure_func, ReallocFunction realloc_func,
|
|
|
+ FreeFunction free_func);
|
|
|
+
|
|
|
+ [CCode (cname = "gnutls_log_func", has_target = false)]
|
|
|
+ public delegate void LogFunc (int level, string msg);
|
|
|
+ [CCode (cname = "gnutls_global_set_log_function")]
|
|
|
+ public void set_log_function (LogFunc func);
|
|
|
+ [CCode (cname = "gnutls_global_set_log_level")]
|
|
|
+ public void set_log_level (int level);
|
|
|
+
|
|
|
+ [CCode (cname = "gnutls_transport_set_global_errno")]
|
|
|
+ public void set_global_errno (int err);
|
|
|
+
|
|
|
+ // SRP stuff
|
|
|
+
|
|
|
+ [CCode (cname = "gnutls_srp_server_credentials_function *", has_target = false)]
|
|
|
+ public delegate int SRPServerCredentialsFunction (Session session, string username,
|
|
|
+ out Datum salt, out Datum verifier,
|
|
|
+ out Datum generator, out Datum prime);
|
|
|
+
|
|
|
+ [Compact]
|
|
|
+ [CCode (cname = "struct gnutls_srp_server_credentials_st", free_function = "gnutls_srp_free_server_credentials")]
|
|
|
+ public class SRPServerCredentials
|
|
|
+ {
|
|
|
+ [CCode (cname = "gnutls_srp_allocate_server_credentials")]
|
|
|
+ private static int allocate (out SRPServerCredentials sc);
|
|
|
+ public static SRPServerCredentials create ()
|
|
|
+ {
|
|
|
+ SRPServerCredentials result = null;
|
|
|
+ var ret = allocate (out result);
|
|
|
+ if (ret != 0)
|
|
|
+ GLib.error ("%s", ((ErrorCode)ret).to_string ());
|
|
|
+ return result;
|
|
|
+ }
|
|
|
+
|
|
|
+ [CCode (cname = "gnutls_srp_set_server_credentials_file")]
|
|
|
+ public int set_credentials_file (string password_file, string password_conf_file);
|
|
|
+
|
|
|
+ [CCode (cname = "gnutls_srp_server_get_username")]
|
|
|
+ public string get_username ();
|
|
|
+
|
|
|
+ [CCode (cname = "gnutls_srp_set_server_credentials_function")]
|
|
|
+ public void set_credentials_function (SRPServerCredentialsFunction func);
|
|
|
+ }
|
|
|
+
|
|
|
+ [CCode (cname = "gnutls_srp_client_credentials_function *", has_target = false)]
|
|
|
+ public delegate int SRPClientCredentialsFunction (Session session, out string username, out string password);
|
|
|
+
|
|
|
+ [Compact]
|
|
|
+ [CCode (cname = "struct gnutls_srp_client_credentials_st", free_function = "gnutls_srp_free_client_credentials")]
|
|
|
+ public class SRPClientCredentials
|
|
|
+ {
|
|
|
+ [CCode (cname = "gnutls_srp_allocate_client_credentials")]
|
|
|
+ private static int allocate (out SRPClientCredentials sc);
|
|
|
+ public static SRPClientCredentials create ()
|
|
|
+ {
|
|
|
+ SRPClientCredentials result;
|
|
|
+ var ret = allocate (out result);
|
|
|
+ if (ret != 0)
|
|
|
+ GLib.error ("%s", ((ErrorCode)ret).to_string ());
|
|
|
+ return result;
|
|
|
+ }
|
|
|
+
|
|
|
+ [CCode (cname = "gnutls_srp_set_client_credentials")]
|
|
|
+ public int set_credentials (string username, string password);
|
|
|
+
|
|
|
+ [CCode (cname = "gnutls_srp_set_client_credentials_function")]
|
|
|
+ public void set_credentials_function (SRPClientCredentialsFunction func);
|
|
|
+ }
|
|
|
+
|
|
|
+ // extern int gnutls_srp_verifier (const char *username,
|
|
|
+ // const char *password,
|
|
|
+ // const gnutls_datum_t * salt,
|
|
|
+ // const gnutls_datum_t * generator,
|
|
|
+ // const gnutls_datum_t * prime,
|
|
|
+ // gnutls_datum_t * res);
|
|
|
+
|
|
|
+ public int srp_verifier (string username, string password, /* const */ ref Datum salt, /* const */ ref Datum generator, /* const */ ref Datum prime, out Datum result);
|
|
|
+
|
|
|
+ // The static parameters defined in draft-ietf-tls-srp-05
|
|
|
+ // Those should be used as input to gnutls_srp_verifier().
|
|
|
+
|
|
|
+ public const Datum srp_2048_group_prime;
|
|
|
+ public const Datum srp_2048_group_generator;
|
|
|
+
|
|
|
+ public const Datum srp_1536_group_prime;
|
|
|
+ public const Datum srp_1536_group_generator;
|
|
|
+
|
|
|
+ public const Datum srp_1024_group_prime;
|
|
|
+ public const Datum srp_1024_group_generator;
|
|
|
+
|
|
|
+ public int srp_base64_encode (/* const */ ref Datum data, [CCode (array_length = "false")] char[] result, ref size_t result_size);
|
|
|
+ public int srp_base64_encode_alloc (/* const */ ref Datum data, out Datum result);
|
|
|
+
|
|
|
+ public int srp_base64_decode (/* const */ ref Datum b64_data, [CCode (array_length = false)] uint8[] result, ref size_t result_size);
|
|
|
+ public int srp_base64_decode_alloc (/* const */ ref Datum b64_data, out Datum result);
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+ // PSK stuff
|
|
|
+
|
|
|
+ [CCode (cname = "gnutls_psk_key_flags", cprefix = "GNUTLS_PSK_KEY_", has_type_id = false)]
|
|
|
+ public enum PSKKeyFlags
|
|
|
+ {
|
|
|
+ RAW,
|
|
|
+ HEX
|
|
|
+ }
|
|
|
+
|
|
|
+ [CCode (cname = "gnutls_psk_server_credentials_function *", has_target = false)]
|
|
|
+ public delegate int PSKServerCredentialsFunction (Session session, string username, /* const */ ref Datum key);
|
|
|
+
|
|
|
+ [Compact]
|
|
|
+ [CCode (cname = "struct gnutls_psk_server_credentials_st", free_function = "gnutls_psk_free_server_credentials")]
|
|
|
+ public class PSKServerCredentials
|
|
|
+ {
|
|
|
+ [CCode (cname = "gnutls_psk_allocate_server_credentials")]
|
|
|
+ private static int allocate (out PSKServerCredentials sc);
|
|
|
+ public static PSKServerCredentials create ()
|
|
|
+ {
|
|
|
+ PSKServerCredentials result;
|
|
|
+ var ret = allocate (out result);
|
|
|
+ if (ret != 0)
|
|
|
+ GLib.error ("%s", ((ErrorCode)ret).to_string ());
|
|
|
+ return result;
|
|
|
+ }
|
|
|
+
|
|
|
+ [CCode (cname = "gnutls_psk_set_server_credentials_file")]
|
|
|
+ public int set_credentials_file (string password_file);
|
|
|
+
|
|
|
+ [CCode (cname = "gnutls_psk_set_server_credentials_hint")]
|
|
|
+ public int set_credentials_hint (string hint);
|
|
|
+
|
|
|
+ [CCode (cname = "gnutls_psk_set_server_credentials_function")]
|
|
|
+ public void set_credentials_function (PSKServerCredentialsFunction func);
|
|
|
+
|
|
|
+ [CCode (cname = "gnutls_psk_set_server_dh_params")]
|
|
|
+ public void set_dh_params (DHParams dh_params);
|
|
|
+
|
|
|
+ [CCode (cname = "gnutls_psk_set_server_params_function")] // also gnutls_psk_set_params_function
|
|
|
+ public void set_params_function (ParamsFunction func);
|
|
|
+ }
|
|
|
+
|
|
|
+ [CCode (cname = "gnutls_psk_client_credentials_function *", has_target = false)]
|
|
|
+ public delegate int PSKClientCredentialsFunction (Session session, out string username, out Datum key);
|
|
|
+
|
|
|
+ [Compact]
|
|
|
+ [CCode (cname = "struct gnutls_psk_client_credentials_st", free_function = "gnutls_psk_free_client_credentials")]
|
|
|
+ public class PSKClientCredentials
|
|
|
+ {
|
|
|
+ [CCode (cname = "gnutls_psk_allocate_client_credentials")]
|
|
|
+ private static int allocate (out PSKClientCredentials sc);
|
|
|
+ public static PSKClientCredentials create ()
|
|
|
+ {
|
|
|
+ PSKClientCredentials result;
|
|
|
+ var ret = allocate (out result);
|
|
|
+ if (ret != 0)
|
|
|
+ GLib.error ("%s", ((ErrorCode)ret).to_string ());
|
|
|
+ return result;
|
|
|
+ }
|
|
|
+
|
|
|
+ [CCode (cname = "gnutls_psk_set_client_credentials")]
|
|
|
+ public int set_credentials (string username, /* const */ ref Datum key, PSKKeyFlags format);
|
|
|
+
|
|
|
+ [CCode (cname = "gnutls_psk_set_client_credentials_function")]
|
|
|
+ public void set_credentials_function (PSKClientCredentialsFunction func);
|
|
|
+ }
|
|
|
+
|
|
|
+ public int hex_encode (/* const */ ref Datum data, [CCode (array_length = "false")] char[] result, ref size_t result_size);
|
|
|
+ public int hex_decode (/* const */ ref Datum hex_data, [CCode (array_length = "false")] char[] result, ref size_t result_size);
|
|
|
+
|
|
|
+ public int psk_netconf_derive_key (string password, string psk_identity, string psk_identity_hint, out Datum output_key);
|
|
|
+
|
|
|
+ ////
|
|
|
+
|
|
|
+ [SimpleType]
|
|
|
+ [CCode (cname = "gnutls_retr_st", has_type_id = false)]
|
|
|
+ public struct RetrStruct
|
|
|
+ {
|
|
|
+ public CertificateType type;
|
|
|
+ [CCode (cname = "cert.x509", array_length_cname = "ncerts", array_length_type = "unsigned int")]
|
|
|
+ public unowned X509.Certificate[] cert_x509;
|
|
|
+ [CCode (cname = "cert.pgp")]
|
|
|
+ public unowned OpenPGP.Certificate cert_pgp;
|
|
|
+ [CCode (cname = "key.x509")]
|
|
|
+ public unowned X509.PrivateKey key_x509;
|
|
|
+ [CCode (cname = "key.pgp")]
|
|
|
+ public unowned OpenPGP.PrivateKey key_pgp;
|
|
|
+ public uint deinit_all;
|
|
|
+ }
|
|
|
+
|
|
|
+ public int pem_base64_encode (string msg, /* const */ ref Datum data, void* result, ref size_t result_size);
|
|
|
+ public int pem_base64_decode (string header, /* const */ ref Datum b64_data, void* result, ref size_t result_size);
|
|
|
+
|
|
|
+ public int pem_base64_encode_alloc (string msg, /* const */ ref Datum data, out Datum result);
|
|
|
+ public int pem_base64_decode_alloc (string header, /* const */ ref Datum b64_data, out Datum result);
|
|
|
+
|
|
|
+ public int hex2bin (string hex_data, size_t hex_size, void* bin_data, ref size_t bin_size);
|
|
|
+
|
|
|
+ // returns cipher suite name or null if index is out of bounds
|
|
|
+ public unowned string? cipher_suite_info (size_t index, [CCode (array_length = "false")] char[] cs_id, out KXAlgorithm kx,
|
|
|
+ out CipherAlgorithm cipher, out MacAlgorithm mac,
|
|
|
+ out Protocol version);
|
|
|
+
|
|
|
+ public unowned string? cipher_suite_get_name (KXAlgorithm kx, CipherAlgorithm cipher, MacAlgorithm mac);
|
|
|
+
|
|
|
+ public int prf (Session session, size_t label_size, string label, bool server_random_first,
|
|
|
+ size_t extra_size, void* extra, size_t output_size, void* output);
|
|
|
+
|
|
|
+ public int prf_raw (Session session, size_t label_size, string label,
|
|
|
+ size_t seed_size, void* seed, size_t output_size, void* output);
|
|
|
+
|
|
|
+ // Gnutls error codes. The mapping to a TLS alert is also shown in comments.
|
|
|
+ [CCode (cname = "int", cprefix = "GNUTLS_E_", lower_case_cprefix = "gnutls_error_", has_type_id = false)]
|
|
|
+ public enum ErrorCode {
|
|
|
+
|
|
|
+ SUCCESS,
|
|
|
+ UNKNOWN_COMPRESSION_ALGORITHM,
|
|
|
+ UNKNOWN_CIPHER_TYPE,
|
|
|
+ LARGE_PACKET,
|
|
|
+ UNSUPPORTED_VERSION_PACKET, // GNUTLS_A_PROTOCOL_VERSION
|
|
|
+ UNEXPECTED_PACKET_LENGTH, // GNUTLS_A_RECORD_OVERFLOW
|
|
|
+ INVALID_SESSION,
|
|
|
+ FATAL_ALERT_RECEIVED,
|
|
|
+ UNEXPECTED_PACKET, // GNUTLS_A_UNEXPECTED_MESSAGE
|
|
|
+ WARNING_ALERT_RECEIVED,
|
|
|
+ ERROR_IN_FINISHED_PACKET,
|
|
|
+ UNEXPECTED_HANDSHAKE_PACKET,
|
|
|
+ UNKNOWN_CIPHER_SUITE, // GNUTLS_A_HANDSHAKE_FAILURE
|
|
|
+ UNWANTED_ALGORITHM,
|
|
|
+ MPI_SCAN_FAILED,
|
|
|
+ DECRYPTION_FAILED, // GNUTLS_A_DECRYPTION_FAILED, GNUTLS_A_BAD_RECORD_MAC
|
|
|
+ MEMORY_ERROR,
|
|
|
+ DECOMPRESSION_FAILED, // GNUTLS_A_DECOMPRESSION_FAILURE
|
|
|
+ COMPRESSION_FAILED,
|
|
|
+ AGAIN,
|
|
|
+ EXPIRED,
|
|
|
+ DB_ERROR,
|
|
|
+ SRP_PWD_ERROR,
|
|
|
+ INSUFFICIENT_CREDENTIALS,
|
|
|
+
|
|
|
+ HASH_FAILED,
|
|
|
+ BASE64_DECODING_ERROR,
|
|
|
+
|
|
|
+ MPI_PRINT_FAILED,
|
|
|
+ REHANDSHAKE, // GNUTLS_A_NO_RENEGOTIATION
|
|
|
+ GOT_APPLICATION_DATA,
|
|
|
+ RECORD_LIMIT_REACHED,
|
|
|
+ ENCRYPTION_FAILED,
|
|
|
+
|
|
|
+ PK_ENCRYPTION_FAILED,
|
|
|
+ PK_DECRYPTION_FAILED,
|
|
|
+ PK_SIGN_FAILED,
|
|
|
+ X509_UNSUPPORTED_CRITICAL_EXTENSION,
|
|
|
+ KEY_USAGE_VIOLATION,
|
|
|
+ NO_CERTIFICATE_FOUND, // GNUTLS_A_BAD_CERTIFICATE
|
|
|
+ INVALID_REQUEST,
|
|
|
+ SHORT_MEMORY_BUFFER,
|
|
|
+ INTERRUPTED,
|
|
|
+ PUSH_ERROR,
|
|
|
+ PULL_ERROR,
|
|
|
+ RECEIVED_ILLEGAL_PARAMETER, // GNUTLS_A_ILLEGAL_PARAMETER
|
|
|
+ REQUESTED_DATA_NOT_AVAILABLE,
|
|
|
+ PKCS1_WRONG_PAD,
|
|
|
+ RECEIVED_ILLEGAL_EXTENSION,
|
|
|
+ INTERNAL_ERROR,
|
|
|
+ DH_PRIME_UNACCEPTABLE,
|
|
|
+ FILE_ERROR,
|
|
|
+ TOO_MANY_EMPTY_PACKETS,
|
|
|
+ UNKNOWN_PK_ALGORITHM,
|
|
|
+
|
|
|
+ // returned if libextra functionality was requested but
|
|
|
+ // gnutls_global_init_extra() was not called.
|
|
|
+
|
|
|
+ INIT_LIBEXTRA,
|
|
|
+ LIBRARY_VERSION_MISMATCH,
|
|
|
+
|
|
|
+ // returned if you need to generate temporary RSA
|
|
|
+ // parameters. These are needed for export cipher suites.
|
|
|
+
|
|
|
+ NO_TEMPORARY_RSA_PARAMS,
|
|
|
+
|
|
|
+ LZO_INIT_FAILED,
|
|
|
+ NO_COMPRESSION_ALGORITHMS,
|
|
|
+ NO_CIPHER_SUITES,
|
|
|
+
|
|
|
+ OPENPGP_GETKEY_FAILED,
|
|
|
+ PK_SIG_VERIFY_FAILED,
|
|
|
+
|
|
|
+ ILLEGAL_SRP_USERNAME,
|
|
|
+ SRP_PWD_PARSING_ERROR,
|
|
|
+ NO_TEMPORARY_DH_PARAMS,
|
|
|
+
|
|
|
+ // For certificate and key stuff
|
|
|
+
|
|
|
+ ASN1_ELEMENT_NOT_FOUND,
|
|
|
+ ASN1_IDENTIFIER_NOT_FOUND,
|
|
|
+ ASN1_DER_ERROR,
|
|
|
+ ASN1_VALUE_NOT_FOUND,
|
|
|
+ ASN1_GENERIC_ERROR,
|
|
|
+ ASN1_VALUE_NOT_VALID,
|
|
|
+ ASN1_TAG_ERROR,
|
|
|
+ ASN1_TAG_IMPLICIT,
|
|
|
+ ASN1_TYPE_ANY_ERROR,
|
|
|
+ ASN1_SYNTAX_ERROR,
|
|
|
+ ASN1_DER_OVERFLOW,
|
|
|
+ OPENPGP_UID_REVOKED,
|
|
|
+ CERTIFICATE_ERROR,
|
|
|
+ CERTIFICATE_KEY_MISMATCH,
|
|
|
+ UNSUPPORTED_CERTIFICATE_TYPE, // GNUTLS_A_UNSUPPORTED_CERTIFICATE
|
|
|
+ X509_UNKNOWN_SAN,
|
|
|
+ OPENPGP_FINGERPRINT_UNSUPPORTED,
|
|
|
+ X509_UNSUPPORTED_ATTRIBUTE,
|
|
|
+ UNKNOWN_HASH_ALGORITHM,
|
|
|
+ UNKNOWN_PKCS_CONTENT_TYPE,
|
|
|
+ UNKNOWN_PKCS_BAG_TYPE,
|
|
|
+ INVALID_PASSWORD,
|
|
|
+ MAC_VERIFY_FAILED, // for PKCS #12 MAC
|
|
|
+ CONSTRAINT_ERROR,
|
|
|
+
|
|
|
+ WARNING_IA_IPHF_RECEIVED,
|
|
|
+ WARNING_IA_FPHF_RECEIVED,
|
|
|
+
|
|
|
+ IA_VERIFY_FAILED,
|
|
|
+
|
|
|
+ UNKNOWN_ALGORITHM,
|
|
|
+
|
|
|
+ BASE64_ENCODING_ERROR,
|
|
|
+ INCOMPATIBLE_CRYPTO_LIBRARY,
|
|
|
+ INCOMPATIBLE_LIBTASN1_LIBRARY,
|
|
|
+
|
|
|
+ OPENPGP_KEYRING_ERROR,
|
|
|
+ X509_UNSUPPORTED_OID,
|
|
|
+
|
|
|
+ RANDOM_FAILED,
|
|
|
+ BASE64_UNEXPECTED_HEADER_ERROR,
|
|
|
+
|
|
|
+ OPENPGP_SUBKEY_ERROR,
|
|
|
+
|
|
|
+ CRYPTO_ALREADY_REGISTERED,
|
|
|
+
|
|
|
+ HANDSHAKE_TOO_LARGE,
|
|
|
+
|
|
|
+ UNIMPLEMENTED_FEATURE,
|
|
|
+
|
|
|
+ APPLICATION_ERROR_MAX, // -65000
|
|
|
+ APPLICATION_ERROR_MIN; // -65500
|
|
|
+
|
|
|
+ [CCode (cname = "gnutls_error_is_fatal")]
|
|
|
+ public bool is_fatal ();
|
|
|
+ [CCode (cname = "gnutls_error_to_alert")]
|
|
|
+ public AlertDescription to_alert (out AlertLevel level);
|
|
|
+ [CCode (cname = "gnutls_perror")]
|
|
|
+ public void print ();
|
|
|
+ [CCode (cname = "gnutls_strerror")]
|
|
|
+ public unowned string to_string ();
|
|
|
+ }
|
|
|
+ }
|
|
|
+
|
|
|
+
|
|
|
+
|
