diff options
author | Jiří Zárevúcky <zarevucky.jiri@gmail.com> | 2009-09-15 22:39:44 +0200 |
---|---|---|
committer | Jürg Billeter <j@bitron.ch> | 2009-09-15 22:39:44 +0200 |
commit | 06a33d64925449d9938ad412f6c7f1d75202acc3 (patch) | |
tree | f9a4775b3a2c92241aac7ff5d57fe32fd8202dae /vapi | |
parent | c80bfc865182aa04bd87e2088eb39a8b8609f6d8 (diff) | |
download | vala-06a33d64925449d9938ad412f6c7f1d75202acc3.tar.gz |
Add gnutls bindings
Fixes bug 594392.
Diffstat (limited to 'vapi')
-rw-r--r-- | vapi/Makefile.am | 1 | ||||
-rw-r--r-- | vapi/gnutls.vapi | 1903 |
2 files changed, 1904 insertions, 0 deletions
diff --git a/vapi/Makefile.am b/vapi/Makefile.am index a6cdec66e..9edfc1b6a 100644 --- a/vapi/Makefile.am +++ b/vapi/Makefile.am @@ -42,6 +42,7 @@ dist_vapi_DATA = \ gnome-desktop-2.0.vapi \ gnome-keyring-1.vapi \ gnome-vfs-2.0.vapi \ + gnutls.vapi \ gobject-2.0.vapi \ goocanvas.deps \ goocanvas.vapi \ diff --git a/vapi/gnutls.vapi b/vapi/gnutls.vapi new file mode 100644 index 000000000..fae83b382 --- /dev/null +++ b/vapi/gnutls.vapi @@ -0,0 +1,1903 @@ +/* gnutls.vapi + * + * Copyright (C) 2009 Jiří Zárevúcky + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2.1 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this library; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA + * + * As a special exception, if you use inline functions from this file, this + * file does not by itself cause the resulting executable to be covered by + * the GNU Lesser General Public License. + * + * Author: + * Jiří Zárevúcky <zarevucky.jiri@gmail.com> + * + */ + +[CCode (cprefix = "gnutls_", lower_case_cprefix = "gnutls_", cheader_filename = "gnutls/gnutls.h")] +namespace GnuTLS +{ + [CCode (cname = "LIBGNUTLS_VERSION")] + public const string VERSION; + [CCode (cname = "LIBGNUTLS_VERSION_MAJOR")] + public const int VERSION_MAJOR; + [CCode (cname = "LIBGNUTLS_VERSION_MINOR")] + public const int VERSION_MINOR; + [CCode (cname = "LIBGNUTLS_VERSION_PATCH")] + public const int VERSION_PATCH; + [CCode (cname = "LIBGNUTLS_VERSION_NUMBER")] + public const int VERSION_NUMBER; + + public unowned string? check_version (string? req_version); + + [CCode (cname = "gnutls_cipher_algorithm_t", cprefix = "GNUTLS_CIPHER_")] + public enum CipherAlgorithm { + UNKNOWN, + NULL, + ARCFOUR_128, + 3DES_CBC, + AES_128_CBC, + AES_256_CBC, + ARCFOUR_40, + CAMELLIA_128_CBC, + CAMELLIA_256_CBC, + RC2_40_CBC, + DES_CBC, + + RIJNDAEL_128_CBC, // == AES_128_CBC + RIJNDAEL_256_CBC, // == AES_256_CBC + RIJNDAEL_CBC, // == AES_128_CBC + ARCFOUR; // == ARCFOUR_128 + + [CCode (cname = "gnutls_cipher_get_key_size")] + public size_t get_key_size (); + [CCode (cname = "gnutls_cipher_get_name")] + public unowned string? get_name (); + [CCode (cname = "gnutls_mac_get_id")] + public static CipherAlgorithm from_name (string name); + [CCode (cname = "gnutls_cipher_list", array_length = "false", array_null_terminated = "true")] + public static unowned CipherAlgorithm[] list (); + } + + [CCode (cname = "gnutls_kx_algorithm_t", cprefix = "GNUTLS_KX_")] + public enum KXAlgorithm { + UNKNOWN, + RSA, + DHE_DSS, + DHE_RSA, + ANON_DH, + SRP, + RSA_EXPORT, + SRP_RSA, + SRP_DSS, + PSK, + DHE_PSK; + + [CCode (cname = "gnutls_kx_get_name")] + public unowned string? get_name (); + [CCode (cname = "gnutls_kx_get_id")] + public static KXAlgorithm from_name (string name); + [CCode (cname = "gnutls_kx_list", array_length = "false", array_null_terminated = "true")] + public static unowned KXAlgorithm[] list (); + } + + [CCode (cname = "gnutls_mac_algorithm_t", cprefix = "GNUTLS_MAC_")] + public enum MacAlgorithm { + UNKNOWN, + NULL, + MD5, + SHA1, + RMD160, + MD2, + SHA256, + SHA384, + SHA512; + + [CCode (cname = "gnutls_mac_get_key_size")] + public size_t get_key_size (); + [CCode (cname = "gnutls_mac_get_name")] + public unowned string? get_name (); + [CCode (cname = "gnutls_mac_get_id")] + public static MacAlgorithm from_name (string name); + [CCode (cname = "gnutls_mac_list", array_length = "false", array_null_terminated = "true")] + public static unowned MacAlgorithm[] list (); + } + + [CCode (cname = "gnutls_digest_algorithm_t", cprefix = "GNUTLS_DIG_")] + public enum DigestAlgorithm { + NULL, + MD5, + SHA1, + RMD160, + MD2, + SHA224, + SHA256, + SHA384, + SHA512; + + [CCode (cname = "gnutls_fingerprint")] + public int fingerprint (/* const */ ref Datum data, void* result, ref size_t result_size); + } + + [CCode (cname = "GNUTLS_MAX_ALGORITHM_NUM")] + public const int MAX_ALGORITHM_NUM; + + [CCode (cname = "gnutls_pk_algorithm_t", cprefix = "GNUTLS_PK_")] + public enum PKAlgorithm { + UNKNOWN, + RSA, + DSA; + + [CCode (cname = "gnutls_pk_algorithm_get_name")] + public unowned string? get_name (); + } + + [CCode (cname = "gnutls_sign_algorithm_t", cprefix = "GNUTLS_SIGN_")] + public enum SignAlgorithm { + UNKNOWN, + RSA_SHA1, + DSA_SHA1, + RSA_MD5, + RSA_MD2, + RSA_RMD160, + RSA_SHA224, + RSA_SHA256, + RSA_SHA384, + RSA_SHA512; + + [CCode (cname = "gnutls_sign_algorithm_get_name")] + public unowned string? get_name (); + } + + [CCode (cname = "gnutls_compression_method_t", cprefix = "GNUTLS_COMP_")] + public enum CompressionMethod { + UNKNOWN, + NULL, + DEFLATE, + ZLIB, // == DEFLATE + LZO; // only available if gnutls-extra has been initialized + + [CCode (cname = "gnutls_compression_get_name")] + public unowned string? get_name (); + [CCode (cname = "gnutls_compression_get_id")] + public static CompressionMethod from_name (string name); + [CCode (cname = "gnutls_compression_list", array_length = "false", array_null_terminated = "true")] + public static unowned CompressionMethod[] list (); + } + + [CCode (cname = "gnutls_params_type_t", cprefix = "GNUTLS_PARAMS_")] + public enum ParamsType { + RSA_EXPORT, + DH + } + + [CCode (cname = "gnutls_credentials_type_t", cprefix = "GNUTLS_CRD_")] + public enum CredentialsType { + CERTIFICATE, + ANON, + SRP, + PSK, + IA + } + + [CCode (cname = "gnutls_alert_level_t", cprefix = "GNUTLS_AL_")] + public enum AlertLevel { + WARNING, + FATAL + } + + [CCode (cname = "gnutls_alert_description_t", cprefix = "GNUTLS_A_")] + public enum AlertDescription { + CLOSE_NOTIFY, + UNEXPECTED_MESSAGE, + BAD_RECORD_MAC, + DECRYPTION_FAILED, + RECORD_OVERFLOW, + DECOMPRESSION_FAILURE, + HANDSHAKE_FAILURE, + SSL3_NO_CERTIFICATE, + BAD_CERTIFICATE, + UNSUPPORTED_CERTIFICATE, + CERTIFICATE_REVOKED, + CERTIFICATE_EXPIRED, + CERTIFICATE_UNKNOWN, + ILLEGAL_PARAMETER, + UNKNOWN_CA, + ACCESS_DENIED, + DECODE_ERROR, + DECRYPT_ERROR, + EXPORT_RESTRICTION, + PROTOCOL_VERSION, + INSUFFICIENT_SECURITY, + INTERNAL_ERROR, + USER_CANCELED, + NO_RENEGOTIATION, + UNSUPPORTED_EXTENSION, + CERTIFICATE_UNOBTAINABLE, + UNRECOGNIZED_NAME, + UNKNOWN_PSK_IDENTITY, + INNER_APPLICATION_FAILURE, + INNER_APPLICATION_VERIFICATION; + + [CCode (cname = "gnutls_alert_get_name")] + public unowned string? get_name (); + } + + [CCode (cname = "gnutls_handshake_description_t", cprefix = "GNUTLS_HANDSHAKE_")] + public enum HandshakeDescription { + HELLO_REQUEST, + CLIENT_HELLO, + SERVER_HELLO, + CERTIFICATE_PKT, + SERVER_KEY_EXCHANGE, + CERTIFICATE_REQUEST, + SERVER_HELLO_DONE, + CERTIFICATE_VERIFY, + CLIENT_KEY_EXCHANGE, + FINISHED, + SUPPLEMENTAL + } + + /* Note that the status bits have different meanings + * in openpgp keys and x.509 certificate verification. + */ + [Flags] + [CCode (cname = "gnutls_certificate_status_t", cprefix = "GNUTLS_CERT_")] + public enum CertificateStatus { + INVALID, // will be set if the certificate was not verified. + REVOKED, // in X.509 this will be set only if CRLs are checked + SIGNER_NOT_FOUND, + SIGNER_NOT_CA, + INSECURE_ALGORITHM + } + + [CCode (cname = "gnutls_certificate_request_t", cprefix = "GNUTLS_CERT_")] + public enum CertificateRequest { + IGNORE, + REQUEST, + REQUIRE + } + +// [CCode (cname = "gnutls_openpgp_crt_status_t", cprefix = "GNUTLS_OPENPGP_")] +// public enum OpenPGP.CertificateStatus { +// CERT, +// CERT_FINGERPRINT +// } +// +// [CCode (cname = "gnutls_connection_end_t", cprefix = "GNUTLS_")] +// public enum ConnectionEnd { +// SERVER, +// CLIENT +// } + + [CCode (cname = "gnutls_close_request_t", cprefix = "GNUTLS_SHUT_")] + public enum CloseRequest { + RDWR, + WR + } + + [CCode (cname = "gnutls_protocol_t", cprefix = "GNUTLS_")] + public enum Protocol { + SSL3, + TLS1, // == TLS1_0 + TLS1_0, + TLS1_1, + TLS1_2, + [CCode (cname = "GNUTLS_VERSION_UNKNOWN")] + UNKNOWN; + + [CCode (cname = "gnutls_protocol_get_name")] + public unowned string? get_name (); + [CCode (cname = "gnutls_protocol_get_id")] + public static Protocol from_name (string name); + [CCode (cname = "gnutls_protocol_list", array_length = "false", array_null_terminated = "true")] + public static unowned Protocol[] list (); + } + + [CCode (cname = "gnutls_certificate_type_t", cprefix = "GNUTLS_CRT_")] + public enum CertificateType { + UNKNOWN, + X509, + OPENPGP; + + [CCode (cname = "gnutls_certificate_type_get_name")] + public unowned string? get_name (); + [CCode (cname = "gnutls_certificate_type_get_id")] + public static CertificateType from_name (string name); + [CCode (cname = "gnutls_certificate_type_list", array_length = "false", array_null_terminated = "true")] + public static unowned CertificateType[] list (); + } + + [CCode (cname = "gnutls_certificate_print_formats_t", cprefix = "GNUTLS_CRT_PRINT_")] + public enum CertificatePrintFormats { + FULL, + ONELINE, + UNSIGNED_FULL + } + + [Flags] + [CCode (cname = "unsigned int", cprefix = "GNUTLS_KEY_")] + public enum KeyUsage + { + DIGITAL_SIGNATURE, + NON_REPUDIATION, + KEY_ENCIPHERMENT, + DATA_ENCIPHERMENT, + KEY_AGREEMENT, + KEY_CERT_SIGN, + CRL_SIGN, + ENCIPHER_ONLY, + DECIPHER_ONLY + } + + [CCode (cname = "gnutls_server_name_type_t", cprefix = "GNUTLS_NAME_")] + public enum ServerNameType { + DNS; + } + + // Diffie Hellman parameter handling. + [Compact] + [CCode (cname = "struct gnutls_dh_params_int", free_function = "gnutls_dh_params_deinit", lower_case_cprefix = "gnutls_dh_params_")] + public class DHParams { + private static int init (DHParams* dh_params); + public static DHParams create () + { + DHParams result = null; + var ret = init (&result); + if (ret != 0) + GLib.error ("%s", ((ErrorCode)ret).to_string ()); + return result; + } + + private int cpy (DHParams source); + + public int import_raw (/* const */ ref Datum prime, /* const */ ref Datum generator); + public int export_raw (/* const */ ref Datum prime, /* const */ ref Datum generator, out uint bits); + public int import_pkcs3 (/* const */ ref Datum pkcs3_params, X509.CertificateFormat format); + public int export_pkcs3 (X509.CertificateFormat format, void* params_data, ref size_t params_data_size); + + [CCode (cname = "gnutls_dh_params_generate2")] + public int generate (uint bits); + } + + [Compact] + [CCode (cname = "struct gnutls_x509_privkey_int", free_function = "gnutls_rsa_params_deinit", lower_case_cprefix = "gnutls_rsa_params_")] + public class RSAParams { + private static int init (RSAParams* dh_params); + public static RSAParams create () + { + RSAParams result = null; + var ret = init (&result); + if (ret != 0) + GLib.error ("%s", ((ErrorCode)ret).to_string ()); + return result; + } + + private int cpy (RSAParams source); + + public int import_raw (/* const */ ref Datum m, /* const */ ref Datum e, /* const */ ref Datum d, /* const */ ref Datum p, /* const */ ref Datum q, /* const */ ref Datum u); + public int export_raw (/* const */ ref Datum m, /* const */ ref Datum e, /* const */ ref Datum d, /* const */ ref Datum p, /* const */ ref Datum q, /* const */ ref Datum u, out uint bits); + public int import_pkcs1 (/* const */ ref Datum pkcs1_params, X509.CertificateFormat format); + public int export_pkcs1 (X509.CertificateFormat format, void* params_data, ref size_t params_data_size); + + public int generate2 (uint bits); + } + + [Compact] + [CCode (cname = "struct gnutls_priority_st", free_function = "gnutls_priority_deinit")] + public class Priority { + private static int init (Priority* self, string priority, out char* err_pos); + public static Priority create (string priority, out ErrorCode err = null, out char* err_pos = null) + { + Priority result = null; + var ret = init (&result, priority, out err_pos); + if (&err != null) + err = (ErrorCode) ret; + return result; + } + } + + [SimpleType] + [CCode (cname = "gnutls_datum_t")] + public struct Datum { + public void* data; + public uint size; + } + + [CCode (cname = "gnutls_params_st")] + public struct Params { + public ParamsType type; + [CCode (cname = "params.dh")] + public DHParams dh_params; + [CCode (cname = "params.rsa_export")] + public RSAParams rsa_params; + public bool deinit; + } + + [CCode (cname = "gnutls_params_function *")] + public static delegate int ParamsFunction (Session session, ParamsType type, Params params); + + [CCode (cname = "gnutls_oprfi_callback_func", instance_pos = "1.2")] + public delegate int OprfiCallbackFunc (Session session, + [CCode (array_length_pos = "1.8", array_length_type = "size_t")] /* const */ uint8[] in_oprfi, + [CCode (array_length_pos = "1.8", array_length_type = "size_t")] uint8[] out_oprfi); + + /* Supplemental data, RFC 4680. */ + [CCode (cname = "gnutls_supplemental_data_format_type_t")] + public enum SupplementalDataFormatType { + USER_MAPPING_DATA; + + [CCode (cname = "gnutls_supplemental_get_name")] + public unowned string? get_name (); + } + + [CCode (cname = "TLS_MASTER_SIZE")] + public const int TLS_MASTER_SIZE; + [CCode (cname = "TLS_RANDOM_SIZE")] + public const int TLS_RANDOM_SIZE; + + [CCode (cname = "gnutls_db_store_func")] + public static delegate int DBStoreFunc (void* ptr, Datum key, Datum data); + [CCode (cname = "gnutls_db_remove_func")] + public static delegate int DBRemoveFunc (void* ptr, Datum key); + [CCode (cname = "gnutls_db_retr_func")] + public static delegate Datum DBRetrieveFunc (void* ptr, Datum key); + + [CCode (cname = "gnutls_handshake_post_client_hello_func")] + public static delegate int HandshakePostClientHelloFunc (Session session); + + // External signing callback. Experimental. + [CCode (cname = "gnutls_sign_func", instance_pos = "1.9")] + public delegate int SignFunc (Session session, CertificateType cert_type, /* const */ ref Datum cert, /* const */ ref Datum hash, out Datum signature); + + [CCode (cname = "gnutls_pull_func")] + public static delegate ssize_t PullFunc (void* transport_ptr, void* buffer, size_t count); + [CCode (cname = "gnutls_push_func")] + public static delegate ssize_t PushFunc (void* transport_ptr, void* buffer, size_t count); + + [Compact] + [CCode (cname = "struct gnutls_session_int", free_function = "gnutls_deinit")] + public class Session { + [CCode (cname = "gnutls_init")] + private static int init (Session* session, int con_end); + + protected static Session create (int con_end) + { + Session result = null; + var ret = init (&result, con_end); + if (ret != 0) + GLib.error ("%s", ((ErrorCode)ret).to_string ()); + return result; + } + + [CCode (cname = "gnutls_credentials_set")] + public int set_credentials (CredentialsType type, void* cred); + [CCode (cname = "gnutls_credentials_clear")] + public void clear_credentials (); + + [CCode (cname = "gnutls_handshake")] + public int handshake (); + [CCode (cname = "gnutls_bye")] + public int bye (CloseRequest how); + + [CCode (cname = "gnutls_session_is_resumed")] + public bool is_resumed (); + + [CCode (cname = "gnutls_alert_get")] + public AlertDescription get_last_alert (); + [CCode (cname = "gnutls_alert_send")] + public int send_alert (AlertLevel level, AlertDescription desc); + [CCode (cname = "gnutls_alert_send_appropriate")] + public int send_appropriate_alert (ErrorCode err); + + [CCode (cname = "gnutls_cipher_get")] + public CipherAlgorithm get_cipher (); + [CCode (cname = "gnutls_kx_get")] + public KXAlgorithm get_kx (); + [CCode (cname = "gnutls_mac_get")] + public MacAlgorithm get_mac (); + [CCode (cname = "gnutls_compression_get")] + public CompressionMethod get_compression (); + [CCode (cname = "gnutls_certificate_type_get")] + public CertificateType get_certificate_type (); + [CCode (cname = "gnutls_protocol_get_version")] + public Protocol get_protocol_version (); + [CCode (cname = "gnutls_record_get_max_size")] + public size_t get_max_record_size (); + [CCode (cname = "gnutls_dh_get_prime_bits")] + public int get_dh_prime_bits (); + [CCode (cname = "gnutls_dh_get_secret_bits")] + public int get_dh_secret_bits (); + [CCode (cname = "gnutls_dh_get_peers_public_bits")] + public int get_peers_dh_public_bits (); + [CCode (cname = "gnutls_dh_get_group")] + public int get_dh_group (out Datum raw_gen, out Datum raw_prime); + [CCode (cname = "gnutls_dh_get_pubkey")] + public int get_dh_pubkey (out Datum raw_key); + [CCode (cname = "gnutls_rsa_export_get_pubkey")] + public int get_rsa_export_pubkey (out Datum exponent, out Datum modulus); + [CCode (cname = "gnutls_rsa_export_get_modulus_bits")] + public int get_rsa_export_modulus_bits (); + + [CCode (cname = "gnutls_handshake_set_private_extensions")] + public void allow_private_extensions (bool allow); + [CCode (cname = "gnutls_handshake_get_last_out")] + public HandshakeDescription get_last_out_handshake (); + [CCode (cname = "gnutls_handshake_get_last_in")] + public HandshakeDescription get_last_in_handshake (); + + [CCode (cname = "gnutls_record_send")] + public ssize_t send (void* buffer, size_t count); + [CCode (cname = "gnutls_record_recv")] + public ssize_t receive (void* buffer, size_t count); + + [CCode (cname = "gnutls_record_get_direction")] + public int get_last_direction (); + + [CCode (cname = "gnutls_record_check_pending")] + public size_t check_pending (); + + [CCode (cname = "gnutls_cipher_set_priority")] + public int set_cipher_priority ([CCode (array_length = "false", array_null_terminated = "true")] CipherAlgorithm[] list); + [CCode (cname = "gnutls_mac_set_priority")] + public int set_mac_priority ([CCode (array_length = "false", array_null_terminated = "true")] MacAlgorithm[] list); + [CCode (cname = "gnutls_compression_set_priority")] + public int set_compression_priority ([CCode (array_length = "false", array_null_terminated = "true")] CompressionMethod[] list); + [CCode (cname = "gnutls_kx_set_priority")] + public int set_kx_priority ([CCode (array_length = "false", array_null_terminated = "true")] KXAlgorithm[] list); + [CCode (cname = "gnutls_protocol_set_priority")] + public int set_protocol_priority ([CCode (array_length = "false", array_null_terminated = "true")] Protocol[] list); + [CCode (cname = "gnutls_certificate_type_set_priority")] + public int set_certificate_type_priority ([CCode (array_length = "false", array_null_terminated = "true")] CertificateType[] list); + + [CCode (cname = "gnutls_priority_set")] + public int set_priority (Priority priority); + [CCode (cname = "gnutls_priority_set_direct")] + public int set_priority_from_string (string priority, out char* err_pos = null); + [CCode (cname = "gnutls_set_default_priority")] + public int set_default_priority (); + [CCode (cname = "gnutls_set_default_export_priority")] + public int set_default_export_priority (); + + [CCode (cname = "GNUTLS_MAX_SESSION_ID")] + public const int MAX_SESSION_ID; + + [CCode (cname = "gnutls_session_get_id")] + public int get_id (void* session_id, ref size_t session_id_size); + + [CCode (cname = "gnutls_session_get_server_random")] + public void* get_server_random (); + [CCode (cname = "gnutls_session_get_client_random")] + public void* get_client_random (); + [CCode (cname = "gnutls_session_get_master_secret")] + public void* get_master_secret (); + + [CCode (cname = "gnutls_transport_set_ptr")] + public void set_transport_ptr (void* ptr); + [CCode (cname = "gnutls_transport_set_ptr2")] + public void set_transport_ptr2 (void* recv_ptr, void* send_ptr); + [CCode (cname = "gnutls_transport_set_lowat")] + public void set_lowat (int num); + [CCode (cname = "gnutls_transport_set_push_function")] + public void set_push_function (PushFunc func); + [CCode (cname = "gnutls_transport_set_pull_function")] + public void set_pull_function (PullFunc func); + + [CCode (cname = "gnutls_transport_set_errno")] + public void set_errno (int err); + + [CCode (cname = "gnutls_session_set_ptr")] + public void set_ptr (void* ptr); + [CCode (cname = "gnutls_session_get_ptr")] + public void* get_ptr (); + + [CCode (cname = "gnutls_auth_get_type")] + public CredentialsType get_auth_type (); + // [CCode (cname = "gnutls_auth_server_get_type")] + // public CredentialsType get_server_auth_type (); + // [CCode (cname = "gnutls_auth_client_get_type")] + // public CredentialsType get_client_auth_type (); + + [CCode (cname = "gnutls_sign_callback_set")] + public void set_sign_callback (SignFunc func); + [CCode (cname = "gnutls_sign_callback_get")] + public SignFunc get_sign_callback (); + + [CCode (cname = "gnutls_certificate_get_peers", array_length_type = "unsigned int")] + public unowned Datum[]? get_peer_certificates (); + [CCode (cname = "gnutls_certificate_get_ours")] + public unowned Datum? get_our_certificate (); + + [CCode (cname = "gnutls_certificate_verify_peers2")] + public int verify_peer_certificate (out CertificateStatus status); + } + + [CCode (cname = "struct gnutls_session_int", lower_case_cprefix = "gnutls_", free_function = "gnutls_deinit")] + public class ClientSession: Session { + + public static ClientSession create () + { + return (ClientSession) Session.create (2); + } + + [CCode (cname = "gnutls_record_set_max_size")] + public ssize_t set_max_record_size (size_t size); + + [CCode (cname = "gnutls_dh_set_prime_bits")] + public void set_dh_prime_bits (uint bits); + + [CCode (cname = "gnutls_server_name_get")] + public int get_server_name (void* data, out size_t data_length, out ServerNameType type, uint index); + + [CCode (cname = "gnutls_oprfi_enable_client")] + public void enable_oprfi ([CCode (array_length_pos = "0.9", array_length_type = "size_t")] uint8[] data); + + [CCode (cname = "gnutls_session_set_data")] + public int set_session_data (void* session_data, size_t session_data_size); + [CCode (cname = "gnutls_session_get_data")] + public int get_session_data (void* session_data, out size_t session_data_size); + [CCode (cname = "gnutls_session_get_data2")] + public int get_session_data2 (out Datum data); + + [CCode (cname = "gnutls_openpgp_send_cert")] + public void set_openpgp_send_cert (bool fingerprint_only); + + [CCode (cname = "gnutls_psk_client_get_hint")] + public unowned string get_psk_hint (); + + [CCode (cname = "gnutls_certificate_client_get_request_status")] + public int get_certificate_request_status (); + } + + [CCode (cname = "struct gnutls_session_int", lower_case_cprefix = "gnutls_", free_function = "gnutls_deinit")] + public class ServerSession: Session { + + public static ServerSession create () + { + return (ServerSession) Session.create (1); + } + + public int rehandshake (); + + [CCode (cname = "gnutls_session_enable_compatibility_mode")] + public void enable_compatibility_mode (); + + [CCode (cname = "gnutls_record_disable_padding")] + public void disable_record_padding (); + + [CCode (cname = "gnutls_server_name_set")] + public int set_server_name (ServerNameType type, void* data, size_t data_length); + + [CCode (cname = "gnutls_oprfi_enable_server")] + public void enable_oprfi (OprfiCallbackFunc cb); + + public void db_set_cache_expiration (int seconds); + public void db_remove_session (); + public void db_set_retrieve_function (DBRetrieveFunc func); + public void db_set_remove_function (DBRemoveFunc func); + public void db_set_store_function (DBStoreFunc func); + public void db_set_ptr (void* ptr); + public void* db_get_ptr (); + public int db_check_entry (Datum session_entry); + + [CCode (cname = "gnutls_handshake_set_post_client_hello_function")] + public void set_post_client_hello_function (HandshakePostClientHelloFunc func); + + [CCode (cname = "gnutls_handshake_set_max_packet_length")] + public void set_max_handshake_packet_length (size_t max); + + [CCode (cname = "gnutls_certificate_server_set_request")] + public void set_certificate_request (CertificateRequest req); + + [CCode (cname = "gnutls_certificate_send_x509_rdn_sequence")] + public void disable_sending_x509_rdn_sequence (bool disable); + + [CCode (cname = "gnutls_psk_server_get_username")] + public unowned string get_psk_username (); + + [CCode (cheader_filename = "gnutls/openpgp.h", cname = "gnutls_openpgp_set_recv_key_function")] + public void set_openpgp_recv_key_function (OpenPGP.RecvKeyFunc func); + } + + + [Compact] + [CCode (cname = "struct gnutls_anon_server_credentials_st", free_function = "gnutls_anon_free_server_credentials")] + public class AnonServerCredentials + { + [CCode (cname = "gnutls_anon_allocate_server_credentials")] + private static int allocate (AnonServerCredentials* credentials); + public static AnonServerCredentials create () + { + AnonServerCredentials result = null; + var ret = allocate (&result); + if (ret != 0) + GLib.error ("%s", ((ErrorCode)ret).to_string ()); + return result; + } + + + [CCode (cname = "gnutls_anon_set_server_dh_params")] + public void set_dh_params (DHParams dh_params); + + // [CCode (cname = "gnutls_anon_set_server_params_function")] + // public void set_server_params_function (ParamsFunction func); + + [CCode (cname = "gnutls_anon_set_params_function")] + public void set_params_function (ParamsFunction func); + } + + [Compact] + [CCode (cname = "struct gnutls_anon_client_credentials_st", free_function = "gnutls_anon_free_client_credentials")] + public class AnonClientCredentials + { + [CCode (cname = "gnutls_anon_allocate_client_credentials")] + private static int allocate (AnonClientCredentials* credentials); + public static AnonClientCredentials create () + { + AnonClientCredentials result = null; + var ret = allocate (&result); + if (ret != 0) + GLib.error ("%s", ((ErrorCode)ret).to_string ()); + return result; + } + } + + [CCode (cheader_filename = "gnutls/x509.h", cprefix = "GNUTLS_")] + namespace X509 + { + // Some OIDs usually found in Distinguished names, or + // in Subject Directory Attribute extensions. + + public const string OID_X520_COUNTRY_NAME; + public const string OID_X520_ORGANIZATION_NAME; + public const string OID_X520_ORGANIZATIONAL_UNIT_NAME; + public const string OID_X520_COMMON_NAME; + public const string OID_X520_LOCALITY_NAME; + public const string OID_X520_STATE_OR_PROVINCE_NAME; + + public const string OID_X520_INITIALS; + public const string OID_X520_GENERATION_QUALIFIER; + public const string OID_X520_SURNAME; + public const string OID_X520_GIVEN_NAME; + public const string OID_X520_TITLE; + public const string OID_X520_DN_QUALIFIER; + public const string OID_X520_PSEUDONYM; + + public const string OID_LDAP_DC; + public const string OID_LDAP_UID; + + // The following should not be included in DN. + + public const string OID_PKCS9_EMAIL; + + public const string OID_PKIX_DATE_OF_BIRTH; + public const string OID_PKIX_PLACE_OF_BIRTH; + public const string OID_PKIX_GENDER; + public const string OID_PKIX_COUNTRY_OF_CITIZENSHIP; + public const string OID_PKIX_COUNTRY_OF_RESIDENCE; + + // Key purpose Object Identifiers. + + public const string KP_TLS_WWW_SERVER; + public const string KP_TLS_WWW_CLIENT; + public const string KP_CODE_SIGNING; + public const string KP_EMAIL_PROTECTION; + public const string KP_TIME_STAMPING; + public const string KP_OCSP_SIGNING; + public const string KP_ANY; + + + [CCode (cname = "gnutls_x509_crt_fmt_t", cprefix = "GNUTLS_X509_FMT_")] + public enum CertificateFormat { + DER, + PEM + } + + [Flags] + [CCode (cname = "gnutls_certificate_import_flags", cprefix = "GNUTLS_X509_CRT_")] + public enum CertificateImportFlags { + /* Fail if the certificates in the buffer are more than the space + * allocated for certificates. The error code will be + * GNUTLS_E_SHORT_MEMORY_BUFFER. + */ + LIST_IMPORT_FAIL_IF_EXCEED // == 1 + } + + [Flags] + [CCode (cname = "unsigned int", cprefix = "GNUTLS_CRL_REASON_")] + public enum RevocationReasons { + UNUSED, + KEY_COMPROMISE, + CA_COMPROMISE, + AFFILIATION_CHANGED, + SUPERSEEDED, + CESSATION_OF_OPERATION, + CERTIFICATE_HOLD, + PRIVILEGE_WITHDRAWN, + AA_COMPROMISE + } + + [Flags] + [CCode (cname = "gnutls_certificate_verify_flags", cprefix = "GNUTLS_VERIFY_")] + public enum CertificateVerifyFlags + { + // If set a signer does not have to be a certificate authority. This + // flag should normaly be disabled, unless you know what this means. + DISABLE_CA_SIGN, + + // Allow only trusted CA certificates that have version 1. This is + // safer than GNUTLS_VERIFY_ALLOW_ANY_X509_V1_CA_CRT, and should be + // used instead. That way only signers in your trusted list will be + // allowed to have certificates of version 1. + ALLOW_X509_V1_CA_CRT, + + // If a certificate is not signed by anyone trusted but exists in + // the trusted CA list do not treat it as trusted. + DO_NOT_ALLOW_SAME, + + // Allow CA certificates that have version 1 (both root and + // intermediate). This might be dangerous since those haven't the + // basicConstraints extension. Must be used in combination with + // GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT. + ALLOW_ANY_X509_V1_CA_CRT, + + // Allow certificates to be signed using the broken MD2 algorithm. + ALLOW_SIGN_RSA_MD2, + + // Allow certificates to be signed using the broken MD5 algorithm. + ALLOW_SIGN_RSA_MD5 + } + + [CCode (cname = "gnutls_x509_subject_alt_name_t")] + public enum SubjectAltName { + DNSNAME, + RFC822NAME, + URI, + IPADDRESS, + OTHERNAME, + DN, + + OTHERNAME_XMPP + } + + [Compact] + [CCode (cname = "void", cprefix = "gnutls_x509_dn_", free_function = "gnutls_x509_dn_deinit")] + public class DN + { + private static int init (DN* dn); + public static DN create () + { + DN result = null; + var ret = init (&result); + if (ret != 0) + GLib.error ("%s", ((ErrorCode)ret).to_string ()); + return result; + } + + public int get_rdn_ava (int irdn, int iava, out unowned Ava ava); + + public int import (ref Datum data); + public int export (CertificateFormat format, void* output, ref size_t output_size); + + } + + // RDN handling. + public int rdn_get (ref Datum idn, char* buf, ref size_t buf_size); + public int rdn_get_oid (ref Datum idn, int index, void* buf, ref size_t buf_size); + public int rdn_get_by_oid (ref Datum idn, string oid, int index, uint raw_flag, void* buf, ref size_t buf_size); + + [SimpleType] + [CCode (cname = "gnutls_x509_ava_st")] + public struct Ava + { + [CCode (cname = "oid.data", array_length_name = "oid.size")] + uint8[] oid; + [CCode (cname = "value.data", array_length_name = "value.size")] + uint8[] value; + ulong value_tag; + } + + [Compact] + [CCode (cname = "struct gnutls_x509_crt_int", cprefix = "gnutls_x509_crt_", free_function = "gnutls_x509_crt_deinit ")] + public class Certificate + { + private static int init (Certificate* cert); + + public static Certificate create () + { + Certificate result = null; + var ret = init (&result); + if (ret != 0) + GLib.error ("%s", ((ErrorCode)ret).to_string ()); + return result; + } + + public int import (ref Datum data, CertificateFormat format); + public int export (CertificateFormat format, void* output, ref size_t output_size); + + public static int list_import ([CCode (array_length = "false")] Certificate[]? certs, + ref uint cert_max, ref Datum data, + CertificateFormat format, bool fail_if_exceed); + + + + public int get_issuer_dn (char* buf, ref size_t buf_size); + public int get_issuer_dn_oid (int index, void* oid, ref size_t oid_size); + public int get_issuer_dn_by_oid (string oid, int index, uint raw_flag, void* buf, ref size_t buf_size); + + public int get_dn (char* buf, ref size_t buf_size); + public int get_dn_oid (int index, void* oid, ref size_t oid_size); + public int get_dn_by_oid (string oid, int index, uint raw_flag, void* buf, ref size_t buf_size); + + + public int get_subject (out DN dn); + public int get_issuer (out DN dn); + + public bool check_hostname (string hostname); + + public SignAlgorithm get_signature_algorithm (); + + public int get_signature (char* sig, ref size_t sig_size); + + public int get_version (); + + public int get_key_id (uint flags, uchar* output, ref size_t output_size); + + public int set_authority_key_id (void* id, size_t id_size); + public int get_authority_key_id (void* ret, ref size_t ret_size, out bool critical); + + public int get_subject_key_id (void* ret, ref size_t ret_size, out bool critical); + + public int get_crl_dist_points (uint seq, void* ret, ref size_t ret_size, out RevocationReasons reason_flags, out bool critical); + public int set_crl_dist_points (SubjectAltName type, void* data_string, RevocationReasons reason_flags); + public int cpy_crl_dist_points (Certificate source); + + public time_t get_activation_time (); + public time_t get_expiration_time (); + + public int get_serial (void* result, ref size_t result_size); + + public PKAlgorithm get_pk_algorithm (out uint bits); + public int get_pk_rsa_raw (out Datum modulus, out Datum exponent); + public int get_pk_dsa_raw (out Datum p, out Datum q, out Datum g, out Datum y); + + public int get_subject_alt_name (uint seq, void* ret, ref size_t ret_size, out bool critical); + public int get_subject_alt_name2 (uint seq, void* ret, ref size_t ret_size, out SubjectAltName ret_type, out bool critical); + + public int get_subject_alt_othername_oid (uint seq, void* ret, ref size_t ret_size); + + public int get_ca_status (out bool critical); + + public int get_basic_constraints (out bool critical, out int ca, out int pathlen); + + public int get_key_usage (out KeyUsage key_usage, out bool critical); + public int set_key_usage (KeyUsage usage); + + public int get_proxy (out bool critical, out int pathlen, [CCode (array_length = "false")] out char[] policyLanguage, out char[] policy); + + public bool dn_oid_known (string oid); + + public int get_extension_oid (int index, void* oid, ref size_t oid_size); + public int get_extension_by_oid (string oid, int index, void* buf, ref size_t buf_size, out bool critical); + + public int get_extension_info (int index, void* oid, ref size_t oid_size, out bool critical); + public int get_extension_data (int index, void* data, ref size_t data_size); + + public int set_extension_by_oid (string oid, void* buf, size_t buf_size, bool critical); + public int set_dn_by_oid (string oid, uint raw_flag, void* name, uint name_size); + public int set_issuer_dn_by_oid (string oid, uint raw_flag, void* name, uint name_size); + public int set_version (uint version); + public int set_key (PrivateKey key); + public int set_ca_status (uint ca); + public int set_basic_constraints (uint ca, int pathLenConstraint); + public int set_subject_alternative_name (SubjectAltName type, string data_string); + + public int sign (Certificate issuer, PrivateKey issuer_key); + public int sign2 (Certificate issuer, PrivateKey issuer_key, DigestAlgorithm alg, uint flags); + + public int set_activation_time (time_t act_time); + public int set_expiration_time (time_t exp_time); + public int set_serial (void* serial, size_t serial_size); + + public int set_subject_key_id (void* id, size_t id_size); + public int set_proxy_dn (Certificate eecrt, uint raw_flag, void* name, uint name_size); + public int set_proxy (int pathLenConstraint, string policyLanguage, [CCode (array_length_type = "size_t")] uint8[] policy); + + public int print (CertificatePrintFormats format, out Datum output); + + public int get_raw_issuer_dn (out unowned Datum start); + public int get_raw_dn (out unowned Datum start); + + public int verify_data (uint flags, ref Datum data, ref Datum signature); + + private int set_crq (CertificateRequest crq); + + // verification + + public int check_issuer (Certificate issuer); + public static int list_verify (Certificate[] cert_list, Certificate[] CA_list, Certificate[] CLR_list, CertificateVerifyFlags flags, out CertificateStatus verify); + public int verify (Certificate[] CA_list, CertificateVerifyFlags flags, out CertificateStatus verify); + public int check_revocation (CRL[] crl_list); + public int get_fingerprint (DigestAlgorithm algo, void* buf, ref size_t buf_size); + public int get_key_purpose_oid (int index, void* oid, ref size_t oid_size, out bool critical); + public int set_key_purpose_oid (string oid, bool critical); + } + + [Compact] + [CCode (cname = "struct gnutls_x509_crl_int", free_function = "gnutls_x509_crl_deinit", cprefix = "gnutls_x509_crl_")] + public class CRL + { + private static int init (CRL* crl); + + public static CRL create () + { + CRL result = null; + var ret = init (&result); + if (ret != 0) + GLib.error ("%s", ((ErrorCode)ret).to_string ()); + return result; + } + + public int import (ref Datum data, CertificateFormat format); + public int export (CertificateFormat format, void* output, ref size_t output_size); + + public int get_issuer_dn (char* buf, ref size_t buf_size); + public int get_issuer_dn_by_oid (string oid, int index, uint raw_flag, void* buf, ref size_t buf_size); + + public int get_dn_oid (int index, void* oid, ref size_t oid_size); + + public int get_signature_algorithm (); + public int get_signature (char* sig, ref size_t sig_size); + public int get_version (); + + public time_t get_this_update (); + public time_t get_next_update (); + + public int get_crt_count (); + public int get_crt_serial (int index, uchar* serial, ref size_t serial_size, out time_t t); + + // aliases for previous two + public int get_certificate_count (); + public int get_certificate (int index, uchar* serial, ref size_t serial_size, out time_t t); + + public int check_issuer (Certificate issuer); + + public int verify (Certificate[] ca_list, CertificateVerifyFlags flags, out CertificateStatus verify); + + // CRL writing + + public int set_version (uint version); + public int sign (Certificate issuer, PrivateKey issuer_key); + public int sign2 (Certificate issuer, PrivateKey issuer_key, DigestAlgorithm algo, uint flags); + + public int set_this_update (time_t act_time); + public int set_next_update (time_t exp_time); + + public int set_crt_serial (void* serial, size_t serial_size, time_t revocation_time); + public int set_crt (Certificate crt, time_t revocation_time); + + public int print (CertificatePrintFormats format, out Datum output); + } + + [Compact] + [CCode (cname = "struct gnutls_pkcs7_int", cprefix = "gnutls_pkcs7_", free_function = "gnutls_pkcs7_deinit")] + public class PKCS7 + { + private static int init (PKCS7* pkcs7); + public static PKCS7 create () + { + PKCS7 result = null; + var ret = init (&result); + if (ret != 0) + GLib.error ("%s", ((ErrorCode)ret).to_string ()); + return result; + } + + public int import (ref Datum data, CertificateFormat format); + public int export (CertificateFormat format, void* output, ref size_t output_size); + + public int get_crt_count (); + public int get_crt_raw (int index, void* certificate, ref size_t certificate_size); + public int set_crt_raw (ref Datum crt); + public int set_crt (Certificate crt); + public int delete_crt (int index); + + public int get_crl_count (); + public int get_crl_raw (int index, void* crl, ref size_t crl_size); + public int set_crl_raw (ref Datum crt); + public int set_crl (CRL crl); + public int delete_crl (int index); + } + + // Flags for the gnutls_x509_privkey_export_pkcs8() function. + [Flags] + [CCode (cname = "gnutls_pkcs_encrypt_flags_t", cprefix = "GNUTLS_PKCS_")] + public enum PKCSEncryptFlags { + PLAIN, + USE_PKCS12_3DES, + USE_PKCS12_ARCFOUR, + USE_PKCS12_RC2_40, + USE_PBES2_3DES + } + + [Compact] + [CCode (cname = "struct gnutls_x509_privkey_int", cprefix = "gnutls_x509_privkey_", free_function = "gnutls_x509_privkey_deinit")] + public class PrivateKey + { + private static int init (PrivateKey* key); + public static PrivateKey create () + { + PrivateKey result = null; + var ret = init (&result); + if (ret != 0) + GLib.error ("%s", ((ErrorCode)ret).to_string ()); + return result; + } + + public int cpy (PrivateKey source); + + public int import (ref Datum data, CertificateFormat format); + public int import_pkcs8 (ref Datum data, CertificateFormat format, string? password, PKCSEncryptFlags flags); + public int import_rsa_raw (ref Datum m, ref Datum e, ref Datum d, ref Datum p, ref Datum q, ref Datum u); + public int import_dsa_raw (ref Datum p, ref Datum q, ref Datum g, ref Datum y, ref Datum x); + + public int export (CertificateFormat format, void* output, ref size_t output_size); + public int export_pkcs8 (CertificateFormat format, string password, PKCSEncryptFlags flags, void* output, ref size_t output_size); + public int export_rsa_raw (out Datum m, out Datum e, out Datum d, out Datum p, out Datum q, out Datum u); + public int export_dsa_raw (out Datum p, out Datum q, out Datum g, out Datum y, out Datum x); + + public int fix (); + public int generate (PKAlgorithm algo, uint bits, uint flags = 0); + + public int get_pk_algorithm (); + public int get_key_id (uint flags, uchar* output, ref size_t output_size); + + // Signing stuff + + public int sign_data (DigestAlgorithm digest, uint flags, ref Datum data, void* signature, ref size_t signature_size); + public int verify_data (uint flags, ref Datum data, ref Datum signature); + public int sign_hash (ref Datum hash, out Datum signature); + } + + [Compact] + [CCode (cname = "struct gnutls_x509_crq_int", cprefix = "gnutls_x509_crq_", free_function = "gnutls_x509_crq_deinit")] + public class CertificateRequest + { + private static int init (CertificateRequest* request); + public static CertificateRequest create () + { + CertificateRequest result = null; + var ret = init (&result); + if (ret != 0) + GLib.error ("%s", ((ErrorCode)ret).to_string ()); + return result; + } + + public int import (ref Datum data, CertificateFormat format); + public int export (CertificateFormat format, void* output, ref size_t output_size); + + public int get_pk_algorithm (out uint bits); + public int get_dn (char* buf, ref size_t buf_size); + public int get_dn_oid (int index, void* oid, ref size_t oid_size); + public int get_dn_by_oid (string oid, int index, uint raw_flag, void* buf, ref size_t buf_size); + public int set_dn_by_oid (string oid, uint raw_flag, void* name, uint name_size); + + public int set_version (uint version); + + public int set_key (PrivateKey key); + + public int sign (PrivateKey key); + public int sign2 (PrivateKey key, DigestAlgorithm algo, uint flags); + + public int set_challenge_password (string pass); + public int get_challenge_password (char* pass, ref size_t pass_size); + + public int set_attribute_by_oid (string oid, void* buf, size_t buf_size); + public int get_attribute_by_oid (string oid, int index, void* buf, ref size_t buf_size); + } + + [Compact] + [CCode (cheader_filename = "gnutls/pkcs12.h", cname = "struct gnutls_pkcs12_int", cprefix = "gnutls_pkcs12_", free_function = "gnutls_pkcs12_deinit")] + public class PKCS12 + { + private static int init (PKCS12* request); + public static PKCS12 create () + { + PKCS12 result = null; + var ret = init (&result); + if (ret != 0) + GLib.error ("%s", ((ErrorCode)ret).to_string ()); + return result; + } + + public int import (ref Datum data, CertificateFormat format, uint flags); + public int export (CertificateFormat format, void* output, ref size_t output_size); + + public int get_bag (int index, PKCS12Bag bag); + public int set_bag (PKCS12Bag bag); + + public int generate_mac (string pass); + public int verify_mac (string pass); + } + + [CCode (cheader_filename = "gnutls/pkcs12.h", cname = "gnutls_pkcs12_bag_type_t", cprefix = "GNUTLS_BAG_")] + public enum PKCS12BagType { + EMPTY, + PKCS8_ENCRYPTED_KEY, + PKCS8_KEY, + CERTIFICATE, + CRL, + ENCRYPTED, + UNKNOWN + } + + [Compact] + [CCode (cheader_filename = "gnutls/pkcs12.h", cname = "struct gnutls_pkcs12_bag_int", cprefix = "gnutls_pkcs12_bag_", free_function = "gnutls_pkcs12_bag_deinit")] + public class PKCS12Bag { + private static int init (PKCS12Bag* request); + public static PKCS12Bag create () + { + PKCS12Bag result = null; + var ret = init (&result); + if (ret != 0) + GLib.error ("%s", ((ErrorCode)ret).to_string ()); + return result; + } + + public int decrypt (string pass); + public int encrypt (string pass, PKCSEncryptFlags flags); + + public PKCS12BagType get_type (int index); + public int get_data (int index, out Datum data); + public int set_data (PKCS12BagType type, ref Datum data); + public int set_crl (CRL crl); + public int set_crt (Certificate crt); + + public int get_count (); + + public int get_key_id (int index, out Datum id); + public int set_key_id (int index, ref Datum id); + + public int get_friendly_name (int index, out unowned string name); + public int set_friendly_name (int index, string name); + } + } + + [CCode (cheader_filename = "gnutls/openpgp.h")] + namespace OpenPGP + { + /** + * gnutls_openpgp_recv_key_func - Callback prototype to get OpenPGP keys + * @session: a TLS session + * @keyfpr: key fingerprint + * @keyfpr_length: length of key fingerprint + * @key: output key. + * + * A callback of this type is used to retrieve OpenPGP keys. Only + * useful on the server, and will only be used if the peer send a key + * fingerprint instead of a full key. See also + * gnutls_openpgp_set_recv_key_function(). + * + */ + public static delegate int RecvKeyFunc (Session session, uint8[] keyfpr, out Datum key); + + [CCode (cname = "gnutls_openpgp_crt_fmt_t", cprefix = "GNUTLS_OPENPGP_FMT_")] + public enum CertificateFormat { + RAW, + BASE64 + } + + [Compact] + [CCode (cname = "struct gnutls_openpgp_crt_int", cprefix = "gnutls_openpgp_crt_", free_function = "gnutls_openpgp_crt_deinit")] + public class Certificate + { + private static int init (Certificate* crt); + public static Certificate create () + { + Certificate result = null; + var ret = init (&result); + if (ret != 0) + GLib.error ("%s", ((ErrorCode)ret).to_string ()); + return result; + } + + public int import (ref Datum data, CertificateFormat format); + public int export (CertificateFormat format, void* output, ref size_t output_size); + + public int print (CertificatePrintFormats format, out Datum output); + + public int get_key_usage (out KeyUsage key_usage); + public int get_fingerprint (void* fpr, ref size_t fpr_size); + public int get_subkey_fingerprint (uint index, void* fpr, ref size_t fpr_size); + + public int get_name (int index, char* buf, ref size_t buf_size); + + public PKAlgorithm get_pk_algorithm (out uint bits); + + public int get_version (); + + public time_t get_creation_time (); + public time_t get_expiration_time (); + + // keyid is 8 bytes + public int get_key_id (uchar* keyid); + + public int check_hostname (string hostname); + + public int get_revoked_status (); + + public int get_subkey_count (); + public int get_subkey_idx (/*const*/ uchar* keyid); + public int get_subkey_revoked_status (uint idx); + + public PKAlgorithm get_subkey_pk_algorithm (uint idx, out uint bits); + + public time_t get_subkey_creation_time (uint idx); + public time_t get_subkey_expiration_time (uint idx); + + public int get_subkey_id (uint idx, uchar* keyid); + public int get_subkey_usage (uint idx, out KeyUsage key_usage); + + public int get_pk_dsa_raw (out Datum p, out Datum q, out Datum g, out Datum y); + public int get_pk_rsa_raw (out Datum m, out Datum e); + + public int get_subkey_pk_dsa_raw (uint index, out Datum p, out Datum q, out Datum g, out Datum y); + public int get_subkey_pk_rsa_raw (uint index, out Datum m, out Datum e); + + public int get_preferred_key_id (uchar* keyid); + public int set_preferred_key_id (/* const */ uchar* keyid); + + public int verify_ring (Keyring keyring, uint flags, out CertificateStatus verify); + public int verify_self (uint flags, out CertificateStatus verify); + } + + [Compact] + [CCode (cname = "struct gnutls_openpgp_privkey_int", cprefix = "gnutls_openpgp_privkey_", free_function = "gnutls_openpgp_privkey_deinit")] + public class PrivateKey + { + private static int init (PrivateKey* key); + public static PrivateKey create () + { + PrivateKey result = null; + var ret = init (&result); + if (ret != 0) + GLib.error ("%s", ((ErrorCode)ret).to_string ()); + return result; + } + + public PKAlgorithm get_pk_algorithm (out uint bits); + + public int import (ref Datum data, CertificateFormat format, string pass, uint flags); + public int export (CertificateFormat format, string password, uint flags, void* output, ref size_t output_size); + + public int sign_hash (ref Datum hash, out Datum signature); + public int get_fingerprint (void* fpr, ref size_t fpr_size); + public int get_subkey_fingerprint (uint idx, void* fpr, ref size_t fpr_size); + + public int get_key_id (uchar* keyid); + public int get_subkey_count (); + public int get_subkey_idx (/*const*/ uchar* keyid); + + public int get_subkey_revoked_status (uint index); + public int get_revoked_status (); + + public PKAlgorithm get_subkey_pk_algorithm (uint idx, out uint bits); + + public time_t get_subkey_expiration_time (uint idx); + public time_t get_subkey_creation_time (uint idx); + + public int get_subkey_id (uint idx, uchar* keyid); + + public int export_subkey_dsa_raw (uint idx, out Datum p, out Datum q, out Datum g, out Datum y, out Datum x); + public int export_subkey_rsa_raw (uint idx, out Datum m, out Datum e, out Datum d, out Datum p, out Datum q, out Datum u); + + public int export_dsa_raw (out Datum p, out Datum q, out Datum g, out Datum y, out Datum x); + public int export_rsa_raw (out Datum m, out Datum e, out Datum d, out Datum p, out Datum q, out Datum u); + + public int set_preferred_key_id (/*const*/ uchar* keyid); + public int get_preferred_key_id (uchar* keyid); + + public int get_auth_subkey (uchar* keyid, uint flag); + } + + [Compact] + [CCode (cname = "struct gnutls_openpgp_keyring_int", cprefix = "gnutls_openpgp_keyring_", free_function = "gnutls_openpgp_keyring_deinit")] + public class Keyring + { + private static int init (Keyring* keyring); + public static Keyring create () + { + Keyring result = null; + var ret = init (&result); + if (ret != 0) + GLib.error ("%s", ((ErrorCode)ret).to_string ()); + return result; + } + + public int import (ref Datum data, CertificateFormat format); + public int check_id (/*const*/ uchar* keyid, uint flags); + + public int get_crt_count (); + public int get_crt (uint index, out Certificate cert); + } + } + + + + [CCode (cname = "gnutls_certificate_client_retrieve_function *")] + public static delegate int ClientCertificateRetrieveFunction (Session session, Datum[] req_ca_rdn, PKAlgorithm[] pk_algos, out RetrStruct st); + [CCode (cname = "gnutls_certificate_server_retrieve_function *")] + public static delegate int ServerCertificateRetrieveFunction (Session session, out RetrStruct st); + + [Compact] + [CCode (cname = "struct gnutls_certificate_credentials_st", + free_function = "gnutls_certificate_free_credentials", + cprefix = "gnutls_certificate_")] + public class CertificateCredentials + { + [CCode (cname = "gnutls_certificate_allocate_credentials")] + private static int allocate (CertificateCredentials* credentials); + public static CertificateCredentials create () + { + CertificateCredentials result = null; + var ret = allocate (&result); + if (ret != 0) + GLib.error ("%s", ((ErrorCode)ret).to_string ()); + return result; + } + + public void free_keys (); + public void free_cas (); + public void free_ca_names (); + public void free_crls (); + + public void set_dh_params (DHParams dh_params); + public void set_rsa_export_params (RSAParams rsa_params); + public void set_verify_flags (X509.CertificateVerifyFlags flags); + public void set_verify_limits (uint max_bits, uint max_depth); + + public int set_x509_trust (X509.Certificate[] ca_list); + public int set_x509_trust_file (string cafile, X509.CertificateFormat type); + public int set_x509_trust_mem (/* const */ ref Datum cadata, X509.CertificateFormat type); + + public int set_x509_crl (X509.CRL[] crl_list); + public int set_x509_crl_file (string crlfile, X509.CertificateFormat type); + public int set_x509_crl_mem (/* const */ ref Datum crldata, X509.CertificateFormat type); + + public int set_x509_key (X509.Certificate[] cert_list, X509.PrivateKey key); + public int set_x509_key_file (string certfile, string keyfile, X509.CertificateFormat type); + public int set_x509_key_mem (/* const */ ref Datum certdata, /* const */ ref Datum keydata, X509.CertificateFormat type); + + public int set_x509_simple_pkcs12_file (string pkcs12file, X509.CertificateFormat type, string? password = null); + + public void get_x509_cas ([CCode (array_length_type = "unsigned int")] out unowned X509.Certificate[] x509_ca_list); + public void get_x509_crls ([CCode (array_length_type = "unsigned int")] out unowned X509.CRL[] x509_crl_list); + + + [CCode (cname = "gnutls_certificate_client_set_retrieve_function")] + public void set_client_certificate_retrieve_function (ClientCertificateRetrieveFunction func); + [CCode (cname = "gnutls_certificate_server_set_retrieve_function")] + public void set_server_certificate_retrieve_function (ServerCertificateRetrieveFunction func); + + [CCode (cname = "gnutls_certificate_set_params_function")] + public void set_params_function (ParamsFunction func); + + // OpenPGP stuff + + public int set_openpgp_key (OpenPGP.Certificate key, OpenPGP.PrivateKey pkey); + + public int set_openpgp_key_file (string certfile, string keyfile, OpenPGP.CertificateFormat format); + public int set_openpgp_key_mem (ref Datum cert, ref Datum key, OpenPGP.CertificateFormat format); + public int set_openpgp_key_file2 (string certfile, string keyfile, string keyid, OpenPGP.CertificateFormat format); + public int set_openpgp_key_mem2 (ref Datum cert, ref Datum key, string keyid, OpenPGP.CertificateFormat format); + + public int set_openpgp_keyring_mem (uchar* data, size_t data_size, OpenPGP.CertificateFormat format); + public int set_openpgp_keyring_file (string file, OpenPGP.CertificateFormat format); + + public void get_openpgp_keyring (out unowned OpenPGP.Keyring keyring); + } + + [CCode (cname = "gnutls_malloc")] + public void* malloc (size_t size); + [CCode (cname = "gnutls_secure_malloc")] + public void* secure_malloc (size_t size); + [CCode (cname = "gnutls_realloc")] + public void* realloc (void* ptr, size_t new_size); + [CCode (cname = "gnutls_calloc")] + public void* calloc (size_t count, size_t block_size); + [CCode (cname = "gnutls_free")] + public void free (void* ptr); + + [CCode (cname = "gnutls_free")] + public void free_data ([CCode (array_length = false)] owned uint[] data); + + [CCode (cname = "gnutls_strdup")] + public string strdup (string str); + + [CCode (cname = "gnutls_alloc_function")] + public static delegate void* AllocFunction (size_t size); + [CCode (cname = "gnutls_calloc_function")] + public static delegate void* CallocFunction (size_t count, size_t block_size); + [CCode (cname = "gnutls_is_secure_function")] + public static delegate int IsSecureFunction (void* ptr); + [CCode (cname = "gnutls_free_function")] + public static delegate void FreeFunction (void* ptr); + [CCode (cname = "gnutls_realloc_function")] + public static delegate void* ReallocFunction (void* ptr, size_t new_size); + + public int global_init (); + public void global_deinit (); + + [CCode (cname = "gnutls_global_set_mem_functions")] + public void set_mem_functions (AllocFunction alloc_func, AllocFunction secure_alloc_func, + IsSecureFunction is_secure_func, ReallocFunction realloc_func, + FreeFunction free_func); + + [CCode (cname = "gnutls_log_func")] + public static delegate void LogFunc (int level, string msg); + [CCode (cname = "gnutls_global_set_log_function")] + public void set_log_function (LogFunc func); + [CCode (cname = "gnutls_global_set_log_level")] + public void set_log_level (int level); + + [CCode (cname = "gnutls_transport_set_global_errno")] + public void set_global_errno (int err); + +// SRP stuff + + [CCode (cname = "gnutls_srp_server_credentials_function *")] + public static delegate int SRPServerCredentialsFunction (Session session, string username, + out Datum salt, out Datum verifier, + out Datum generator, out Datum prime); + + [Compact] + [CCode (cname = "struct gnutls_srp_server_credentials_st", free_function = "gnutls_srp_free_server_credentials")] + public class SRPServerCredentials + { + [CCode (cname = "gnutls_srp_allocate_server_credentials")] + private static int allocate (SRPServerCredentials* sc); + public static SRPServerCredentials create () + { + SRPServerCredentials result = null; + var ret = allocate (&result); + if (ret != 0) + GLib.error ("%s", ((ErrorCode)ret).to_string ()); + return result; + } + + [CCode (cname = "gnutls_srp_set_server_credentials_file")] + public int set_credentials_file (string password_file, string password_conf_file); + + [CCode (cname = "gnutls_srp_server_get_username")] + public string get_username (); + + [CCode (cname = "gnutls_srp_set_server_credentials_function")] + public void set_credentials_function (SRPServerCredentialsFunction func); + } + + [CCode (cname = "gnutls_srp_client_credentials_function *")] + public static delegate int SRPClientCredentialsFunction (Session session, out string username, out string password); + + [Compact] + [CCode (cname = "struct gnutls_srp_client_credentials_st", free_function = "gnutls_srp_free_client_credentials")] + public class SRPClientCredentials + { + [CCode (cname = "gnutls_srp_allocate_client_credentials")] + private static int allocate (SRPClientCredentials* sc); + public static SRPClientCredentials create () + { + SRPClientCredentials result = null; + var ret = allocate (&result); + if (ret != 0) + GLib.error ("%s", ((ErrorCode)ret).to_string ()); + return result; + } + + [CCode (cname = "gnutls_srp_set_client_credentials")] + public int set_credentials (string username, string password); + + [CCode (cname = "gnutls_srp_set_client_credentials_function")] + public void set_credentials_function (SRPClientCredentialsFunction func); + } + + // extern int gnutls_srp_verifier (const char *username, + // const char *password, + // const gnutls_datum_t * salt, + // const gnutls_datum_t * generator, + // const gnutls_datum_t * prime, + // gnutls_datum_t * res); + + public int srp_verifier (string username, string password, /* const */ ref Datum salt, /* const */ ref Datum generator, /* const */ ref Datum prime, out Datum result); + + // The static parameters defined in draft-ietf-tls-srp-05 + // Those should be used as input to gnutls_srp_verifier(). + + public const Datum srp_2048_group_prime; + public const Datum srp_2048_group_generator; + + public const Datum srp_1536_group_prime; + public const Datum srp_1536_group_generator; + + public const Datum srp_1024_group_prime; + public const Datum srp_1024_group_generator; + + public int srp_base64_encode (/* const */ ref Datum data, [CCode (array_length = "false")] char[] result, ref size_t result_size); + public int srp_base64_encode_alloc (/* const */ ref Datum data, out Datum result); + + public int srp_base64_decode (/* const */ ref Datum b64_data, [CCode (array_length = false)] uint8[] result, ref size_t result_size); + public int srp_base64_decode_alloc (/* const */ ref Datum b64_data, out Datum result); + + + + + + +// PSK stuff + + [CCode (cname = "gnutls_psk_key_flags", cprefix = "GNUTLS_PSK_KEY_")] + public enum PSKKeyFlags + { + RAW, + HEX + } + + [CCode (cname = "gnutls_psk_server_credentials_function *")] + public static delegate int PSKServerCredentialsFunction (Session session, string username, /* const */ ref Datum key); + + [Compact] + [CCode (cname = "struct gnutls_psk_server_credentials_st", free_function = "gnutls_psk_free_server_credentials")] + public class PSKServerCredentials + { + [CCode (cname = "gnutls_psk_allocate_server_credentials")] + private static int allocate (PSKServerCredentials* sc); + public static PSKServerCredentials create () + { + PSKServerCredentials result = null; + var ret = allocate (&result); + if (ret != 0) + GLib.error ("%s", ((ErrorCode)ret).to_string ()); + return result; + } + + [CCode (cname = "gnutls_psk_set_server_credentials_file")] + public int set_credentials_file (string password_file); + + [CCode (cname = "gnutls_psk_set_server_credentials_hint")] + public int set_credentials_hint (string hint); + + [CCode (cname = "gnutls_psk_set_server_credentials_function")] + public void set_credentials_function (PSKServerCredentialsFunction func); + + [CCode (cname = "gnutls_psk_set_server_dh_params")] + public void set_dh_params (DHParams dh_params); + + [CCode (cname = "gnutls_psk_set_server_params_function")] // also gnutls_psk_set_params_function + public void set_params_function (ParamsFunction func); + } + + [CCode (cname = "gnutls_psk_client_credentials_function *")] + public static delegate int PSKClientCredentialsFunction (Session session, out string username, out Datum key); + + [Compact] + [CCode (cname = "struct gnutls_psk_client_credentials_st", free_function = "gnutls_psk_free_client_credentials")] + public class PSKClientCredentials + { + [CCode (cname = "gnutls_psk_allocate_client_credentials")] + private static int allocate (PSKClientCredentials* sc); + public static PSKClientCredentials create () + { + PSKClientCredentials result = null; + var ret = allocate (&result); + if (ret != 0) + GLib.error ("%s", ((ErrorCode)ret).to_string ()); + return result; + } + + [CCode (cname = "gnutls_psk_set_client_credentials")] + public int set_credentials (string username, /* const */ ref Datum key, PSKKeyFlags format); + + [CCode (cname = "gnutls_psk_set_client_credentials_function")] + public void set_credentials_function (PSKClientCredentialsFunction func); + } + + public int hex_encode (/* const */ ref Datum data, [CCode (array_length = "false")] char[] result, ref size_t result_size); + public int hex_decode (/* const */ ref Datum hex_data, [CCode (array_length = "false")] char[] result, ref size_t result_size); + + public int psk_netconf_derive_key (string password, string psk_identity, string psk_identity_hint, out Datum output_key); + +//// + + [SimpleType] + [CCode (cname = "gnutls_retr_st")] + public struct RetrStruct + { + public CertificateType type; + [CCode (cname = "cert.x509", array_length_name = "ncerts", array_length_type = "unsigned int")] + public X509.Certificate[] cert_x509; + [CCode (cname = "cert.pgp")] + public OpenPGP.Certificate cert_pgp; + [CCode (cname = "key.x509")] + public X509.PrivateKey key_x509; + [CCode (cname = "key.pgp")] + public OpenPGP.PrivateKey key_pgp; + public uint deinit_all; + } + + public int pem_base64_encode (string msg, /* const */ ref Datum data, void* result, ref size_t result_size); + public int pem_base64_decode (string header, /* const */ ref Datum b64_data, void* result, ref size_t result_size); + + public int pem_base64_encode_alloc (string msg, /* const */ ref Datum data, out Datum result); + public int pem_base64_decode_alloc (string header, /* const */ ref Datum b64_data, out Datum result); + + public int hex2bin (string hex_data, size_t hex_size, void* bin_data, ref size_t bin_size); + + // returns cipher suite name or null if index is out of bounds + public unowned string? cipher_suite_info (size_t index, [CCode (array_length = "false")] char[] cs_id, out KXAlgorithm kx, + out CipherAlgorithm cipher, out MacAlgorithm mac, + out Protocol version); + + public unowned string? cipher_suite_get_name (KXAlgorithm kx, CipherAlgorithm cipher, MacAlgorithm mac); + + public int prf (Session session, size_t label_size, string label, bool server_random_first, + size_t extra_size, void* extra, size_t output_size, void* output); + + public int prf_raw (Session session, size_t label_size, string label, + size_t seed_size, void* seed, size_t output_size, void* output); + + // Gnutls error codes. The mapping to a TLS alert is also shown in comments. + [CCode (cname = "int", cprefix = "GNUTLS_E_", lower_case_cprefix = "gnutls_error_")] + public enum ErrorCode { + + SUCCESS, + UNKNOWN_COMPRESSION_ALGORITHM, + UNKNOWN_CIPHER_TYPE, + LARGE_PACKET, + UNSUPPORTED_VERSION_PACKET, // GNUTLS_A_PROTOCOL_VERSION + UNEXPECTED_PACKET_LENGTH, // GNUTLS_A_RECORD_OVERFLOW + INVALID_SESSION, + FATAL_ALERT_RECEIVED, + UNEXPECTED_PACKET, // GNUTLS_A_UNEXPECTED_MESSAGE + WARNING_ALERT_RECEIVED, + ERROR_IN_FINISHED_PACKET, + UNEXPECTED_HANDSHAKE_PACKET, + UNKNOWN_CIPHER_SUITE, // GNUTLS_A_HANDSHAKE_FAILURE + UNWANTED_ALGORITHM, + MPI_SCAN_FAILED, + DECRYPTION_FAILED, // GNUTLS_A_DECRYPTION_FAILED, GNUTLS_A_BAD_RECORD_MAC + MEMORY_ERROR, + DECOMPRESSION_FAILED, // GNUTLS_A_DECOMPRESSION_FAILURE + COMPRESSION_FAILED, + AGAIN, + EXPIRED, + DB_ERROR, + SRP_PWD_ERROR, + INSUFFICIENT_CREDENTIALS, + + HASH_FAILED, + BASE64_DECODING_ERROR, + + MPI_PRINT_FAILED, + REHANDSHAKE, // GNUTLS_A_NO_RENEGOTIATION + GOT_APPLICATION_DATA, + RECORD_LIMIT_REACHED, + ENCRYPTION_FAILED, + + PK_ENCRYPTION_FAILED, + PK_DECRYPTION_FAILED, + PK_SIGN_FAILED, + X509_UNSUPPORTED_CRITICAL_EXTENSION, + KEY_USAGE_VIOLATION, + NO_CERTIFICATE_FOUND, // GNUTLS_A_BAD_CERTIFICATE + INVALID_REQUEST, + SHORT_MEMORY_BUFFER, + INTERRUPTED, + PUSH_ERROR, + PULL_ERROR, + RECEIVED_ILLEGAL_PARAMETER, // GNUTLS_A_ILLEGAL_PARAMETER + REQUESTED_DATA_NOT_AVAILABLE, + PKCS1_WRONG_PAD, + RECEIVED_ILLEGAL_EXTENSION, + INTERNAL_ERROR, + DH_PRIME_UNACCEPTABLE, + FILE_ERROR, + TOO_MANY_EMPTY_PACKETS, + UNKNOWN_PK_ALGORITHM, + + // returned if libextra functionality was requested but + // gnutls_global_init_extra() was not called. + + INIT_LIBEXTRA, + LIBRARY_VERSION_MISMATCH, + + // returned if you need to generate temporary RSA + // parameters. These are needed for export cipher suites. + + NO_TEMPORARY_RSA_PARAMS, + + LZO_INIT_FAILED, + NO_COMPRESSION_ALGORITHMS, + NO_CIPHER_SUITES, + + OPENPGP_GETKEY_FAILED, + PK_SIG_VERIFY_FAILED, + + ILLEGAL_SRP_USERNAME, + SRP_PWD_PARSING_ERROR, + NO_TEMPORARY_DH_PARAMS, + + // For certificate and key stuff + + ASN1_ELEMENT_NOT_FOUND, + ASN1_IDENTIFIER_NOT_FOUND, + ASN1_DER_ERROR, + ASN1_VALUE_NOT_FOUND, + ASN1_GENERIC_ERROR, + ASN1_VALUE_NOT_VALID, + ASN1_TAG_ERROR, + ASN1_TAG_IMPLICIT, + ASN1_TYPE_ANY_ERROR, + ASN1_SYNTAX_ERROR, + ASN1_DER_OVERFLOW, + OPENPGP_UID_REVOKED, + CERTIFICATE_ERROR, + CERTIFICATE_KEY_MISMATCH, + UNSUPPORTED_CERTIFICATE_TYPE, // GNUTLS_A_UNSUPPORTED_CERTIFICATE + X509_UNKNOWN_SAN, + OPENPGP_FINGERPRINT_UNSUPPORTED, + X509_UNSUPPORTED_ATTRIBUTE, + UNKNOWN_HASH_ALGORITHM, + UNKNOWN_PKCS_CONTENT_TYPE, + UNKNOWN_PKCS_BAG_TYPE, + INVALID_PASSWORD, + MAC_VERIFY_FAILED, // for PKCS #12 MAC + CONSTRAINT_ERROR, + + WARNING_IA_IPHF_RECEIVED, + WARNING_IA_FPHF_RECEIVED, + + IA_VERIFY_FAILED, + + UNKNOWN_ALGORITHM, + + BASE64_ENCODING_ERROR, + INCOMPATIBLE_CRYPTO_LIBRARY, + INCOMPATIBLE_LIBTASN1_LIBRARY, + + OPENPGP_KEYRING_ERROR, + X509_UNSUPPORTED_OID, + + RANDOM_FAILED, + BASE64_UNEXPECTED_HEADER_ERROR, + + OPENPGP_SUBKEY_ERROR, + + CRYPTO_ALREADY_REGISTERED, + + HANDSHAKE_TOO_LARGE, + + UNIMPLEMENTED_FEATURE, + + APPLICATION_ERROR_MAX, // -65000 + APPLICATION_ERROR_MIN; // -65500 + + public bool is_fatal (); + public AlertDescription to_alert (out AlertLevel level); + [CCode (cname = "gnutls_perror")] + public void print (); + [CCode (cname = "gnutls_strerror")] + public unowned string to_string (); + } +} + + |