1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
|
/*
* Copyright (C) 2006-2012 Free Software Foundation, Inc.
*
* Author: Nikos Mavrogiannopoulos
*
* This file is part of GnuTLS.
*
* The GnuTLS is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public License
* as published by the Free Software Foundation; either version 2.1 of
* the License, or (at your option) any later version.
*
* This library is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public License
* along with this program. If not, see <https://www.gnu.org/licenses/>
*
*/
#ifndef GNUTLSXX_H
#define GNUTLSXX_H
#include <exception>
#include <vector>
#include <gnutls/gnutls.h>
namespace gnutls {
class noncopyable {
protected:
noncopyable() {
} ~noncopyable() {
} private:
// These are non-implemented.
noncopyable(const noncopyable &);
noncopyable & operator=(const noncopyable &);
};
class exception:public std::exception {
public:
exception(int x);
const char *what() const throw();
int get_code();
protected:
int retcode;
};
class dh_params:private noncopyable {
public:
dh_params();
~dh_params();
void import_raw(const gnutls_datum_t & prime,
const gnutls_datum_t & generator);
void import_pkcs3(const gnutls_datum_t & pkcs3_params,
gnutls_x509_crt_fmt_t format);
void generate(unsigned int bits);
void export_pkcs3(gnutls_x509_crt_fmt_t format,
unsigned char *params_data,
size_t * params_data_size);
void export_raw(gnutls_datum_t & prime,
gnutls_datum_t & generator);
gnutls_dh_params_t get_params_t() const;
dh_params & operator=(const dh_params & src);
protected:
gnutls_dh_params_t params;
};
class rsa_params:private noncopyable {
public:
rsa_params();
~rsa_params();
void import_raw(const gnutls_datum_t & m,
const gnutls_datum_t & e,
const gnutls_datum_t & d,
const gnutls_datum_t & p,
const gnutls_datum_t & q,
const gnutls_datum_t & u);
void import_pkcs1(const gnutls_datum_t & pkcs1_params,
gnutls_x509_crt_fmt_t format);
void generate(unsigned int bits);
void export_pkcs1(gnutls_x509_crt_fmt_t format,
unsigned char *params_data,
size_t * params_data_size);
void export_raw(gnutls_datum_t & m, gnutls_datum_t & e,
gnutls_datum_t & d, gnutls_datum_t & p,
gnutls_datum_t & q, gnutls_datum_t & u);
gnutls_rsa_params_t get_params_t() const;
rsa_params & operator=(const rsa_params & src);
protected:
gnutls_rsa_params_t params;
};
class session:private noncopyable {
protected:
gnutls_session_t s;
public:
session(unsigned int);
virtual ~ session();
gnutls_session_t ptr();
int bye(gnutls_close_request_t how);
int handshake();
gnutls_alert_description_t get_alert() const;
int send_alert(gnutls_alert_level_t level,
gnutls_alert_description_t desc);
int send_appropriate_alert(int err);
gnutls_cipher_algorithm_t get_cipher() const;
gnutls_kx_algorithm_t get_kx() const;
gnutls_mac_algorithm_t get_mac() const;
gnutls_compression_method_t get_compression() const;
gnutls_certificate_type_t get_certificate_type() const;
// for the handshake
void set_private_extensions(bool allow);
gnutls_handshake_description_t get_handshake_last_out()
const;
gnutls_handshake_description_t get_handshake_last_in()
const;
ssize_t send(const void *data, size_t sizeofdata);
ssize_t recv(void *data, size_t sizeofdata);
bool get_record_direction() const;
// maximum packet size
size_t get_max_size() const;
void set_max_size(size_t size);
size_t check_pending() const;
void prf(size_t label_size, const char *label,
int server_random_first,
size_t extra_size, const char *extra,
size_t outsize, char *out);
void prf_raw(size_t label_size, const char *label,
size_t seed_size, const char *seed,
size_t outsize, char *out);
/* if you just want some defaults, use the following.
*/
void set_priority(const char *prio, const char **err_pos);
void set_priority(gnutls_priority_t p);
gnutls_protocol_t get_protocol_version() const;
// for resuming sessions
void set_data(const void *session_data,
size_t session_data_size);
void get_data(void *session_data,
size_t * session_data_size) const;
void get_data(gnutls_session_t session,
gnutls_datum_t & data) const;
void get_id(void *session_id,
size_t * session_id_size) const;
bool is_resumed() const;
void set_max_handshake_packet_length(size_t max);
void clear_credentials();
void set_credentials(class credentials & cred);
void set_transport_ptr(gnutls_transport_ptr_t ptr);
void set_transport_ptr(gnutls_transport_ptr_t recv_ptr,
gnutls_transport_ptr_t send_ptr);
gnutls_transport_ptr_t get_transport_ptr() const;
void get_transport_ptr(gnutls_transport_ptr_t & recv_ptr,
gnutls_transport_ptr_t & send_ptr)
const;
void set_transport_lowat(size_t num);
void set_transport_push_function(gnutls_push_func
push_func);
void set_transport_vec_push_function(gnutls_vec_push_func
vec_push_func);
void set_transport_pull_function(gnutls_pull_func
pull_func);
void set_transport_pull_timeout_function (gnutls_pull_timeout_func pull_timeout_func);
void set_user_ptr(void *ptr);
void *get_user_ptr() const;
void send_openpgp_cert(gnutls_openpgp_crt_status_t status);
gnutls_credentials_type_t get_auth_type() const;
gnutls_credentials_type_t get_server_auth_type() const;
gnutls_credentials_type_t get_client_auth_type() const;
// informational stuff
void set_dh_prime_bits(unsigned int bits);
unsigned int get_dh_secret_bits() const;
unsigned int get_dh_peers_public_bits() const;
unsigned int get_dh_prime_bits() const;
void get_dh_group(gnutls_datum_t & gen,
gnutls_datum_t & prime) const;
void get_dh_pubkey(gnutls_datum_t & raw_key) const;
void get_rsa_export_pubkey(gnutls_datum_t & exponent,
gnutls_datum_t & modulus) const;
unsigned int get_rsa_export_modulus_bits() const;
void get_our_certificate(gnutls_datum_t & cert) const;
bool get_peers_certificate(std::vector < gnutls_datum_t >
&out_certs) const;
bool get_peers_certificate(const gnutls_datum_t ** certs,
unsigned int *certs_size) const;
time_t get_peers_certificate_activation_time() const;
time_t get_peers_certificate_expiration_time() const;
void verify_peers_certificate(unsigned int &status) const;
};
// interface for databases
class DB:private noncopyable {
public:
virtual ~ DB() = 0;
virtual bool store(const gnutls_datum_t & key,
const gnutls_datum_t & data) = 0;
virtual bool retrieve(const gnutls_datum_t & key,
gnutls_datum_t & data) = 0;
virtual bool remove(const gnutls_datum_t & key) = 0;
};
class server_session:public session {
public:
server_session();
server_session(int flags);
~server_session();
void db_remove() const;
void set_db_cache_expiration(unsigned int seconds);
void set_db(const DB & db);
// returns true if session is expired
bool db_check_entry(gnutls_datum_t & session_data) const;
// server side only
const char *get_srp_username() const;
const char *get_psk_username() const;
void get_server_name(void *data, size_t * data_length,
unsigned int *type,
unsigned int indx) const;
int rehandshake();
void set_certificate_request(gnutls_certificate_request_t);
};
class client_session:public session {
public:
client_session();
client_session(int flags);
~client_session();
void set_verify_cert(const char *hostname, unsigned flags);
void set_server_name(gnutls_server_name_type_t type,
const void *name, size_t name_length);
bool get_request_status();
};
class credentials:private noncopyable {
public:
virtual ~ credentials() {
} gnutls_credentials_type_t get_type() const;
protected:
friend class session;
credentials(gnutls_credentials_type_t t);
void *ptr() const;
void set_ptr(void *ptr);
gnutls_credentials_type_t type;
private:
void *cred;
};
class certificate_credentials:public credentials {
public:
~certificate_credentials();
certificate_credentials();
void free_keys();
void free_cas();
void free_ca_names();
void free_crls();
void set_dh_params(const dh_params & params);
void set_rsa_export_params(const rsa_params & params);
void set_verify_flags(unsigned int flags);
void set_verify_limits(unsigned int max_bits,
unsigned int max_depth);
void set_x509_trust_file(const char *cafile,
gnutls_x509_crt_fmt_t type);
void set_x509_trust(const gnutls_datum_t & CA,
gnutls_x509_crt_fmt_t type);
// FIXME: use classes instead of gnutls_x509_crt_t
void set_x509_trust(gnutls_x509_crt_t * ca_list,
int ca_list_size);
void set_x509_crl_file(const char *crlfile,
gnutls_x509_crt_fmt_t type);
void set_x509_crl(const gnutls_datum_t & CRL,
gnutls_x509_crt_fmt_t type);
void set_x509_crl(gnutls_x509_crl_t * crl_list,
int crl_list_size);
void set_x509_key_file(const char *certfile,
const char *KEYFILE,
gnutls_x509_crt_fmt_t type);
void set_x509_key(const gnutls_datum_t & CERT,
const gnutls_datum_t & KEY,
gnutls_x509_crt_fmt_t type);
// FIXME: use classes
void set_x509_key(gnutls_x509_crt_t * cert_list,
int cert_list_size,
gnutls_x509_privkey_t key);
void set_simple_pkcs12_file(const char *pkcs12file,
gnutls_x509_crt_fmt_t type,
const char *password);
void set_retrieve_function
(gnutls_certificate_retrieve_function * func);
protected:
gnutls_certificate_credentials_t cred;
};
class certificate_server_credentials:public certificate_credentials {
public:
void set_params_function(gnutls_params_function * func);
};
class certificate_client_credentials:public certificate_credentials {
public:
};
class anon_server_credentials:public credentials {
public:
anon_server_credentials();
~anon_server_credentials();
void set_dh_params(const dh_params & params);
void set_params_function(gnutls_params_function * func);
protected:
gnutls_anon_server_credentials_t cred;
};
class anon_client_credentials:public credentials {
public:
anon_client_credentials();
~anon_client_credentials();
protected:
gnutls_anon_client_credentials_t cred;
};
class srp_server_credentials:public credentials {
public:
srp_server_credentials();
~srp_server_credentials();
void set_credentials_file(const char *password_file,
const char *password_conf_file);
void set_credentials_function
(gnutls_srp_server_credentials_function * func);
protected:
gnutls_srp_server_credentials_t cred;
};
class srp_client_credentials:public credentials {
public:
srp_client_credentials();
~srp_client_credentials();
void set_credentials(const char *username,
const char *password);
void set_credentials_function
(gnutls_srp_client_credentials_function * func);
protected:
gnutls_srp_client_credentials_t cred;
};
class psk_server_credentials:public credentials {
public:
psk_server_credentials();
~psk_server_credentials();
void set_credentials_file(const char *password_file);
void set_credentials_function
(gnutls_psk_server_credentials_function * func);
void set_dh_params(const dh_params & params);
void set_params_function(gnutls_params_function * func);
protected:
gnutls_psk_server_credentials_t cred;
};
class psk_client_credentials:public credentials {
public:
psk_client_credentials();
~psk_client_credentials();
void set_credentials(const char *username,
const gnutls_datum_t & key,
gnutls_psk_key_flags flags);
void set_credentials_function
(gnutls_psk_client_credentials_function * func);
protected:
gnutls_psk_client_credentials_t cred;
};
} /* namespace */
#endif /* GNUTLSXX_H */
|