首頁 探索 說明
註冊 登入
xiewenjie
/
laser_pc
1
0
複刻 0
檔案 問題管理 0 合併請求 0 Wiki
目錄樹: 77ec6c99b6
分支列表 標籤列表
laser_pc
/
CodeSign
/
GnuTLS
/
lib
/
includes
/
gnutls.h

gnutls.h 106 KB
文件歷史 原始文件

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283848586878889909192939495969798991001011021031041051061071081091101111121131141151161171181191201211221231241251261271281291301311321331341351361371381391401411421431441451461471481491501511521531541551561571581591601611621631641651661671681691701711721731741751761771781791801811821831841851861871881891901911921931941951961971981992002012022032042052062072082092102112122132142152162172182192202212222232242252262272282292302312322332342352362372382392402412422432442452462472482492502512522532542552562572582592602612622632642652662672682692702712722732742752762772782792802812822832842852862872882892902912922932942952962972982993003013023033043053063073083093103113123133143153163173183193203213223233243253263273283293303313323333343353363373383393403413423433443453463473483493503513523533543553563573583593603613623633643653663673683693703713723733743753763773783793803813823833843853863873883893903913923933943953963973983994004014024034044054064074084094104114124134144154164174184194204214224234244254264274284294304314324334344354364374384394404414424434444454464474484494504514524534544554564574584594604614624634644654664674684694704714724734744754764774784794804814824834844854864874884894904914924934944954964974984995005015025035045055065075085095105115125135145155165175185195205215225235245255265275285295305315325335345355365375385395405415425435445455465475485495505515525535545555565575585595605615625635645655665675685695705715725735745755765775785795805815825835845855865875885895905915925935945955965975985996006016026036046056066076086096106116126136146156166176186196206216226236246256266276286296306316326336346356366376386396406416426436446456466476486496506516526536546556566576586596606616626636646656666676686696706716726736746756766776786796806816826836846856866876886896906916926936946956966976986997007017027037047057067077087097107117127137147157167177187197207217227237247257267277287297307317327337347357367377387397407417427437447457467477487497507517527537547557567577587597607617627637647657667677687697707717727737747757767777787797807817827837847857867877887897907917927937947957967977987998008018028038048058068078088098108118128138148158168178188198208218228238248258268278288298308318328338348358368378388398408418428438448458468478488498508518528538548558568578588598608618628638648658668678688698708718728738748758768778788798808818828838848858868878888898908918928938948958968978988999009019029039049059069079089099109119129139149159169179189199209219229239249259269279289299309319329339349359369379389399409419429439449459469479489499509519529539549559569579589599609619629639649659669679689699709719729739749759769779789799809819829839849859869879889899909919929939949959969979989991000100110021003100410051006100710081009101010111012101310141015101610171018101910201021102210231024102510261027102810291030103110321033103410351036103710381039104010411042104310441045104610471048104910501051105210531054105510561057105810591060106110621063106410651066106710681069107010711072107310741075107610771078107910801081108210831084108510861087108810891090109110921093109410951096109710981099110011011102110311041105110611071108110911101111111211131114111511161117111811191120112111221123112411251126112711281129113011311132113311341135113611371138113911401141114211431144114511461147114811491150115111521153115411551156115711581159116011611162116311641165116611671168116911701171117211731174117511761177117811791180118111821183118411851186118711881189119011911192119311941195119611971198119912001201120212031204120512061207120812091210121112121213121412151216121712181219122012211222122312241225122612271228122912301231123212331234123512361237123812391240124112421243124412451246124712481249125012511252125312541255125612571258125912601261126212631264126512661267126812691270127112721273127412751276127712781279128012811282128312841285128612871288128912901291129212931294129512961297129812991300130113021303130413051306130713081309131013111312131313141315131613171318131913201321132213231324132513261327132813291330133113321333133413351336133713381339134013411342134313441345134613471348134913501351135213531354135513561357135813591360136113621363136413651366136713681369137013711372137313741375137613771378137913801381138213831384138513861387138813891390139113921393139413951396139713981399140014011402140314041405140614071408140914101411141214131414141514161417141814191420142114221423142414251426142714281429143014311432143314341435143614371438143914401441144214431444144514461447144814491450145114521453145414551456145714581459146014611462146314641465146614671468146914701471147214731474147514761477147814791480148114821483148414851486148714881489149014911492149314941495149614971498149915001501150215031504150515061507150815091510151115121513151415151516151715181519152015211522152315241525152615271528152915301531153215331534153515361537153815391540154115421543154415451546154715481549155015511552155315541555155615571558155915601561156215631564156515661567156815691570157115721573157415751576157715781579158015811582158315841585158615871588158915901591159215931594159515961597159815991600160116021603160416051606160716081609161016111612161316141615161616171618161916201621162216231624162516261627162816291630163116321633163416351636163716381639164016411642164316441645164616471648164916501651165216531654165516561657165816591660166116621663166416651666166716681669167016711672167316741675167616771678167916801681168216831684168516861687168816891690169116921693169416951696169716981699170017011702170317041705170617071708170917101711171217131714171517161717171817191720172117221723172417251726172717281729173017311732173317341735173617371738173917401741174217431744174517461747174817491750175117521753175417551756175717581759176017611762176317641765176617671768176917701771177217731774177517761777177817791780178117821783178417851786178717881789179017911792179317941795179617971798179918001801180218031804180518061807180818091810181118121813181418151816181718181819182018211822182318241825182618271828182918301831183218331834183518361837183818391840184118421843184418451846184718481849185018511852185318541855185618571858185918601861186218631864186518661867186818691870187118721873187418751876187718781879188018811882188318841885188618871888188918901891189218931894189518961897189818991900190119021903190419051906190719081909191019111912191319141915191619171918191919201921192219231924192519261927192819291930193119321933193419351936193719381939194019411942194319441945194619471948194919501951195219531954195519561957195819591960196119621963196419651966196719681969197019711972197319741975197619771978197919801981198219831984198519861987198819891990199119921993199419951996199719981999200020012002200320042005200620072008200920102011201220132014201520162017201820192020202120222023202420252026202720282029203020312032203320342035203620372038203920402041204220432044204520462047204820492050205120522053205420552056205720582059206020612062206320642065206620672068206920702071207220732074207520762077207820792080208120822083208420852086208720882089209020912092209320942095209620972098209921002101210221032104210521062107210821092110211121122113211421152116211721182119212021212122212321242125212621272128212921302131213221332134213521362137213821392140214121422143214421452146214721482149215021512152215321542155215621572158215921602161216221632164216521662167216821692170217121722173217421752176217721782179218021812182218321842185218621872188218921902191219221932194219521962197219821992200220122022203220422052206220722082209221022112212221322142215221622172218221922202221222222232224222522262227222822292230223122322233223422352236223722382239224022412242224322442245224622472248224922502251225222532254225522562257225822592260226122622263226422652266226722682269227022712272227322742275227622772278227922802281228222832284228522862287228822892290229122922293229422952296229722982299230023012302230323042305230623072308230923102311231223132314231523162317231823192320232123222323232423252326232723282329233023312332233323342335233623372338233923402341234223432344234523462347234823492350235123522353235423552356235723582359236023612362236323642365236623672368236923702371237223732374237523762377237823792380238123822383238423852386238723882389239023912392239323942395239623972398239924002401240224032404240524062407240824092410241124122413241424152416241724182419242024212422242324242425242624272428242924302431243224332434243524362437243824392440244124422443244424452446244724482449245024512452245324542455245624572458245924602461246224632464246524662467246824692470247124722473247424752476247724782479248024812482248324842485248624872488248924902491249224932494249524962497249824992500250125022503250425052506250725082509251025112512251325142515251625172518251925202521252225232524252525262527252825292530253125322533253425352536253725382539254025412542254325442545254625472548254925502551255225532554255525562557255825592560256125622563256425652566256725682569257025712572257325742575257625772578257925802581258225832584258525862587258825892590259125922593259425952596259725982599260026012602260326042605260626072608260926102611261226132614261526162617261826192620262126222623262426252626262726282629263026312632263326342635263626372638263926402641264226432644264526462647264826492650265126522653265426552656265726582659266026612662266326642665266626672668266926702671267226732674267526762677267826792680268126822683268426852686268726882689269026912692269326942695269626972698269927002701270227032704270527062707270827092710271127122713271427152716271727182719272027212722272327242725272627272728272927302731273227332734273527362737273827392740274127422743274427452746274727482749275027512752275327542755275627572758275927602761276227632764276527662767276827692770277127722773277427752776277727782779278027812782278327842785278627872788278927902791279227932794279527962797279827992800280128022803280428052806280728082809281028112812281328142815281628172818281928202821282228232824282528262827282828292830283128322833283428352836283728382839284028412842284328442845284628472848284928502851285228532854285528562857285828592860286128622863286428652866286728682869287028712872287328742875287628772878287928802881288228832884288528862887288828892890289128922893289428952896289728982899290029012902290329042905290629072908290929102911291229132914291529162917291829192920292129222923292429252926292729282929293029312932293329342935293629372938293929402941294229432944294529462947294829492950295129522953295429552956295729582959296029612962296329642965 
  1. /* -*- c -*-
    2. 

  2.  * Copyright (C) 2000-2016 Free Software Foundation, Inc.
    3. 

  3.  * Copyright (C) 2015-2017 Red Hat, Inc.
    4. 

  4.  *
    5. 

  5.  * Author: Nikos Mavrogiannopoulos
    6. 

  6.  *
    7. 

  7.  * This file is part of GnuTLS.
    8. 

  8.  *
    9. 

  9.  * The GnuTLS is free software; you can redistribute it and/or
    10. 

  10.  * modify it under the terms of the GNU Lesser General Public License
    11. 

  11.  * as published by the Free Software Foundation; either version 2.1 of
    12. 

  12.  * the License, or (at your option) any later version.
    13. 

  13.  *
    14. 

  14.  * This library is distributed in the hope that it will be useful, but
    15. 

  15.  * WITHOUT ANY WARRANTY; without even the implied warranty of
    16. 

  16.  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
    17. 

  17.  * Lesser General Public License for more details.
    18. 

  18.  *
    19. 

  19.  * You should have received a copy of the GNU Lesser General Public License
    20. 

  20.  * along with this program.  If not, see <http://www.gnu.org/licenses/>
    21. 

  21.  *
    22. 

  22.  */
    23. 

  23. 

  24. /* This file contains the types and prototypes for all the
    25. 

  25.  * high level functionality of the gnutls main library.
    26. 

  26.  *
    27. 

  27.  * If the optional C++ binding was built, it is available in
    28. 

  28.  * gnutls/gnutlsxx.h.
    29. 

  29.  *
    30. 

  30.  * The openssl compatibility layer (which is under the GNU GPL
    31. 

  31.  * license) is in gnutls/openssl.h.
    32. 

  32.  *
    33. 

  33.  * The low level cipher functionality is in gnutls/crypto.h.
    34. 

  34.  */
    35. 

  35. 

  36. 

  37. #ifndef GNUTLS_H
    38. 

  38. #define GNUTLS_H
    39. 

  39. 

  40. /* Get size_t. */
    41. 

  41. #include <stddef.h>
    42. 

  42. /* Get ssize_t. */
    43. 

  43. #ifndef HAVE_SSIZE_T
    44. 

  44. #define HAVE_SSIZE_T
    45. 

  45. /* *INDENT-OFF* */
    46. 

  46. #include <sys/types.h>
    47. 

  47. /* *INDENT-ON* */
    48. 

  48. #endif
    49. 

  49. /* Get time_t. */
    50. 

  50. #include <time.h>
    51. 

  51. 

  52. /* *INDENT-OFF* */
    53. 

  53. #ifdef __cplusplus
    54. 

  54. extern "C" {
    55. 

  55. #endif
    56. 

  56. /* *INDENT-ON* */
    57. 

  57. 

  58. #define GNUTLS_VERSION "3.6.0"
    59. 

  59. 

  60. #define GNUTLS_VERSION_MAJOR 3
    61. 

  61. #define GNUTLS_VERSION_MINOR 6
    62. 

  62. #define GNUTLS_VERSION_PATCH 0
    63. 

  63. 

  64. #define GNUTLS_VERSION_NUMBER 0x030600
    65. 

  65. 

  66. #define GNUTLS_CIPHER_RIJNDAEL_128_CBC GNUTLS_CIPHER_AES_128_CBC
    67. 

  67. #define GNUTLS_CIPHER_RIJNDAEL_256_CBC GNUTLS_CIPHER_AES_256_CBC
    68. 

  68. #define GNUTLS_CIPHER_RIJNDAEL_CBC GNUTLS_CIPHER_AES_128_CBC
    69. 

  69. #define GNUTLS_CIPHER_ARCFOUR GNUTLS_CIPHER_ARCFOUR_128
    70. 

  70. 

  71. #if !defined(GNUTLS_INTERNAL_BUILD) && defined(_WIN32)
    72. 

  72. # define _SYM_EXPORT __declspec(dllimport)
    73. 

  73. #else
    74. 

  74. # define _SYM_EXPORT
    75. 

  75. #endif
    76. 

  76. 

  77. #ifdef __GNUC__
    78. 

  78. # define __GNUTLS_CONST__  __attribute__((const))
    79. 

  79. # define __GNUTLS_PURE__  __attribute__((pure))
    80. 

  80. #else
    81. 

  81. # define __GNUTLS_CONST__
    82. 

  82. # define __GNUTLS_PURE__
    83. 

  83. #endif
    84. 

  84. 

  85. 

  86. /* Use the following definition globally in your program to disable
    87. 

  87.  * implicit initialization of gnutls. */
    88. 

  88. #define GNUTLS_SKIP_GLOBAL_INIT int _gnutls_global_init_skip(void); \
    89. 

  89.     int _gnutls_global_init_skip(void) {return 1;}
    90. 

  90. 

  91. /**
    92. 

  92.  * gnutls_cipher_algorithm_t:
    93. 

  93.  * @GNUTLS_CIPHER_UNKNOWN: Value to identify an unknown/unsupported algorithm.
    94. 

  94.  * @GNUTLS_CIPHER_NULL: The NULL (identity) encryption algorithm.
    95. 

  95.  * @GNUTLS_CIPHER_ARCFOUR_128: ARCFOUR stream cipher with 128-bit keys.
    96. 

  96.  * @GNUTLS_CIPHER_3DES_CBC: 3DES in CBC mode.
    97. 

  97.  * @GNUTLS_CIPHER_AES_128_CBC: AES in CBC mode with 128-bit keys.
    98. 

  98.  * @GNUTLS_CIPHER_AES_192_CBC: AES in CBC mode with 192-bit keys.
    99. 

  99.  * @GNUTLS_CIPHER_AES_256_CBC: AES in CBC mode with 256-bit keys.
    100. 

  100.  * @GNUTLS_CIPHER_ARCFOUR_40: ARCFOUR stream cipher with 40-bit keys.
    101. 

  101.  * @GNUTLS_CIPHER_CAMELLIA_128_CBC: Camellia in CBC mode with 128-bit keys.
    102. 

  102.  * @GNUTLS_CIPHER_CAMELLIA_192_CBC: Camellia in CBC mode with 192-bit keys.
    103. 

  103.  * @GNUTLS_CIPHER_CAMELLIA_256_CBC: Camellia in CBC mode with 256-bit keys.
    104. 

  104.  * @GNUTLS_CIPHER_RC2_40_CBC: RC2 in CBC mode with 40-bit keys.
    105. 

  105.  * @GNUTLS_CIPHER_DES_CBC: DES in CBC mode (56-bit keys).
    106. 

  106.  * @GNUTLS_CIPHER_AES_128_GCM: AES in GCM mode with 128-bit keys.
    107. 

  107.  * @GNUTLS_CIPHER_AES_256_GCM: AES in GCM mode with 256-bit keys.
    108. 

  108.  * @GNUTLS_CIPHER_AES_128_CCM: AES in CCM mode with 128-bit keys.
    109. 

  109.  * @GNUTLS_CIPHER_AES_256_CCM: AES in CCM mode with 256-bit keys.
    110. 

  110.  * @GNUTLS_CIPHER_AES_128_CCM_8: AES in CCM mode with 64-bit tag and 128-bit keys.
    111. 

  111.  * @GNUTLS_CIPHER_AES_256_CCM_8: AES in CCM mode with 64-bit tag and 256-bit keys.
    112. 

  112.  * @GNUTLS_CIPHER_CAMELLIA_128_GCM: CAMELLIA in GCM mode with 128-bit keys.
    113. 

  113.  * @GNUTLS_CIPHER_CAMELLIA_256_GCM: CAMELLIA in GCM mode with 256-bit keys.
    114. 

  114.  * @GNUTLS_CIPHER_SALSA20_256: Salsa20 with 256-bit keys.
    115. 

  115.  * @GNUTLS_CIPHER_ESTREAM_SALSA20_256: Estream's Salsa20 variant with 256-bit keys.
    116. 

  116.  * @GNUTLS_CIPHER_CHACHA20_POLY1305: The Chacha20 cipher with the Poly1305 authenticator (AEAD).
    117. 

  117.  * @GNUTLS_CIPHER_IDEA_PGP_CFB: IDEA in CFB mode (placeholder - unsupported).
    118. 

  118.  * @GNUTLS_CIPHER_3DES_PGP_CFB: 3DES in CFB mode (placeholder - unsupported).
    119. 

  119.  * @GNUTLS_CIPHER_CAST5_PGP_CFB: CAST5 in CFB mode (placeholder - unsupported).
    120. 

  120.  * @GNUTLS_CIPHER_BLOWFISH_PGP_CFB: Blowfish in CFB mode (placeholder - unsupported).
    121. 

  121.  * @GNUTLS_CIPHER_SAFER_SK128_PGP_CFB: Safer-SK in CFB mode with 128-bit keys (placeholder - unsupported).
    122. 

  122.  * @GNUTLS_CIPHER_AES128_PGP_CFB: AES in CFB mode with 128-bit keys (placeholder - unsupported).
    123. 

  123.  * @GNUTLS_CIPHER_AES192_PGP_CFB: AES in CFB mode with 192-bit keys (placeholder - unsupported).
    124. 

  124.  * @GNUTLS_CIPHER_AES256_PGP_CFB: AES in CFB mode with 256-bit keys (placeholder - unsupported).
    125. 

  125.  * @GNUTLS_CIPHER_TWOFISH_PGP_CFB: Twofish in CFB mode (placeholder - unsupported).
    126. 

  126.  *
    127. 

  127.  * Enumeration of different symmetric encryption algorithms.
    128. 

  128.  */
    129. 

  129. typedef enum gnutls_cipher_algorithm {
    130. 

  130. 	GNUTLS_CIPHER_UNKNOWN = 0,
    131. 

  131. 	GNUTLS_CIPHER_NULL = 1,
    132. 

  132. 	GNUTLS_CIPHER_ARCFOUR_128 = 2,
    133. 

  133. 	GNUTLS_CIPHER_3DES_CBC = 3,
    134. 

  134. 	GNUTLS_CIPHER_AES_128_CBC = 4,
    135. 

  135. 	GNUTLS_CIPHER_AES_256_CBC = 5,
    136. 

  136. 	GNUTLS_CIPHER_ARCFOUR_40 = 6,
    137. 

  137. 	GNUTLS_CIPHER_CAMELLIA_128_CBC = 7,
    138. 

  138. 	GNUTLS_CIPHER_CAMELLIA_256_CBC = 8,
    139. 

  139. 	GNUTLS_CIPHER_AES_192_CBC = 9,
    140. 

  140. 	GNUTLS_CIPHER_AES_128_GCM = 10,
    141. 

  141. 	GNUTLS_CIPHER_AES_256_GCM = 11,
    142. 

  142. 	GNUTLS_CIPHER_CAMELLIA_192_CBC = 12,
    143. 

  143. 	GNUTLS_CIPHER_SALSA20_256 = 13,
    144. 

  144. 	GNUTLS_CIPHER_ESTREAM_SALSA20_256 = 14,
    145. 

  145. 	GNUTLS_CIPHER_CAMELLIA_128_GCM = 15,
    146. 

  146. 	GNUTLS_CIPHER_CAMELLIA_256_GCM = 16,
    147. 

  147. 	GNUTLS_CIPHER_RC2_40_CBC = 17,
    148. 

  148. 	GNUTLS_CIPHER_DES_CBC = 18,
    149. 

  149. 	GNUTLS_CIPHER_AES_128_CCM = 19,
    150. 

  150. 	GNUTLS_CIPHER_AES_256_CCM = 20,
    151. 

  151. 	GNUTLS_CIPHER_AES_128_CCM_8 = 21,
    152. 

  152. 	GNUTLS_CIPHER_AES_256_CCM_8 = 22,
    153. 

  153. 	GNUTLS_CIPHER_CHACHA20_POLY1305 = 23,
    154. 

  154. 

  155. 	/* used only for PGP internals. Ignored in TLS/SSL
    156. 

  156. 	 */
    157. 

  157. 	GNUTLS_CIPHER_IDEA_PGP_CFB = 200,
    158. 

  158. 	GNUTLS_CIPHER_3DES_PGP_CFB = 201,
    159. 

  159. 	GNUTLS_CIPHER_CAST5_PGP_CFB = 202,
    160. 

  160. 	GNUTLS_CIPHER_BLOWFISH_PGP_CFB = 203,
    161. 

  161. 	GNUTLS_CIPHER_SAFER_SK128_PGP_CFB = 204,
    162. 

  162. 	GNUTLS_CIPHER_AES128_PGP_CFB = 205,
    163. 

  163. 	GNUTLS_CIPHER_AES192_PGP_CFB = 206,
    164. 

  164. 	GNUTLS_CIPHER_AES256_PGP_CFB = 207,
    165. 

  165. 	GNUTLS_CIPHER_TWOFISH_PGP_CFB = 208
    166. 

  166. } gnutls_cipher_algorithm_t;
    167. 

  167. 

  168. /**
    169. 

  169.  * gnutls_kx_algorithm_t:
    170. 

  170.  * @GNUTLS_KX_UNKNOWN: Unknown key-exchange algorithm.
    171. 

  171.  * @GNUTLS_KX_RSA: RSA key-exchange algorithm.
    172. 

  172.  * @GNUTLS_KX_DHE_DSS: DHE-DSS key-exchange algorithm.
    173. 

  173.  * @GNUTLS_KX_DHE_RSA: DHE-RSA key-exchange algorithm.
    174. 

  174.  * @GNUTLS_KX_ECDHE_RSA: ECDHE-RSA key-exchange algorithm.
    175. 

  175.  * @GNUTLS_KX_ECDHE_ECDSA: ECDHE-ECDSA key-exchange algorithm.
    176. 

  176.  * @GNUTLS_KX_ANON_DH: Anon-DH key-exchange algorithm.
    177. 

  177.  * @GNUTLS_KX_ANON_ECDH: Anon-ECDH key-exchange algorithm.
    178. 

  178.  * @GNUTLS_KX_SRP: SRP key-exchange algorithm.
    179. 

  179.  * @GNUTLS_KX_RSA_EXPORT: RSA-EXPORT key-exchange algorithm (defunc).
    180. 

  180.  * @GNUTLS_KX_SRP_RSA: SRP-RSA key-exchange algorithm.
    181. 

  181.  * @GNUTLS_KX_SRP_DSS: SRP-DSS key-exchange algorithm.
    182. 

  182.  * @GNUTLS_KX_PSK: PSK key-exchange algorithm.
    183. 

  183.  * @GNUTLS_KX_DHE_PSK: DHE-PSK key-exchange algorithm.
    184. 

  184.  * @GNUTLS_KX_ECDHE_PSK: ECDHE-PSK key-exchange algorithm.
    185. 

  185.  * @GNUTLS_KX_RSA_PSK: RSA-PSK key-exchange algorithm.
    186. 

  186.  *
    187. 

  187.  * Enumeration of different key exchange algorithms.
    188. 

  188.  */
    189. 

  189. typedef enum {
    190. 

  190. 	GNUTLS_KX_UNKNOWN = 0,
    191. 

  191. 	GNUTLS_KX_RSA = 1,
    192. 

  192. 	GNUTLS_KX_DHE_DSS = 2,
    193. 

  193. 	GNUTLS_KX_DHE_RSA = 3,
    194. 

  194. 	GNUTLS_KX_ANON_DH = 4,
    195. 

  195. 	GNUTLS_KX_SRP = 5,
    196. 

  196. 	GNUTLS_KX_RSA_EXPORT = 6,
    197. 

  197. 	GNUTLS_KX_SRP_RSA = 7,
    198. 

  198. 	GNUTLS_KX_SRP_DSS = 8,
    199. 

  199. 	GNUTLS_KX_PSK = 9,
    200. 

  200. 	GNUTLS_KX_DHE_PSK = 10,
    201. 

  201. 	GNUTLS_KX_ANON_ECDH = 11,
    202. 

  202. 	GNUTLS_KX_ECDHE_RSA = 12,
    203. 

  203. 	GNUTLS_KX_ECDHE_ECDSA = 13,
    204. 

  204. 	GNUTLS_KX_ECDHE_PSK = 14,
    205. 

  205. 	GNUTLS_KX_RSA_PSK = 15
    206. 

  206. } gnutls_kx_algorithm_t;
    207. 

  207. 

  208. /**
    209. 

  209.  * gnutls_params_type_t:
    210. 

  210.  * @GNUTLS_PARAMS_RSA_EXPORT: Session RSA-EXPORT parameters (defunc).
    211. 

  211.  * @GNUTLS_PARAMS_DH: Session Diffie-Hellman parameters.
    212. 

  212.  * @GNUTLS_PARAMS_ECDH: Session Elliptic-Curve Diffie-Hellman parameters.
    213. 

  213.  *
    214. 

  214.  * Enumeration of different TLS session parameter types.
    215. 

  215.  */
    216. 

  216. typedef enum {
    217. 

  217. 	GNUTLS_PARAMS_RSA_EXPORT = 1,
    218. 

  218. 	GNUTLS_PARAMS_DH = 2,
    219. 

  219. 	GNUTLS_PARAMS_ECDH = 3
    220. 

  220. } gnutls_params_type_t;
    221. 

  221. 

  222. /**
    223. 

  223.  * gnutls_credentials_type_t:
    224. 

  224.  * @GNUTLS_CRD_CERTIFICATE: Certificate credential.
    225. 

  225.  * @GNUTLS_CRD_ANON: Anonymous credential.
    226. 

  226.  * @GNUTLS_CRD_SRP: SRP credential.
    227. 

  227.  * @GNUTLS_CRD_PSK: PSK credential.
    228. 

  228.  * @GNUTLS_CRD_IA: IA credential.
    229. 

  229.  *
    230. 

  230.  * Enumeration of different credential types.
    231. 

  231.  */
    232. 

  232. typedef enum {
    233. 

  233. 	GNUTLS_CRD_CERTIFICATE = 1,
    234. 

  234. 	GNUTLS_CRD_ANON,
    235. 

  235. 	GNUTLS_CRD_SRP,
    236. 

  236. 	GNUTLS_CRD_PSK,
    237. 

  237. 	GNUTLS_CRD_IA
    238. 

  238. } gnutls_credentials_type_t;
    239. 

  239. 

  240. #define GNUTLS_MAC_SHA GNUTLS_MAC_SHA1
    241. 

  241. #define GNUTLS_DIG_SHA GNUTLS_DIG_SHA1
    242. 

  242. 

  243. /**
    244. 

  244.  * gnutls_mac_algorithm_t:
    245. 

  245.  * @GNUTLS_MAC_UNKNOWN: Unknown MAC algorithm.
    246. 

  246.  * @GNUTLS_MAC_NULL: NULL MAC algorithm (empty output).
    247. 

  247.  * @GNUTLS_MAC_MD5: HMAC-MD5 algorithm.
    248. 

  248.  * @GNUTLS_MAC_SHA1: HMAC-SHA-1 algorithm.
    249. 

  249.  * @GNUTLS_MAC_RMD160: HMAC-RMD160 algorithm.
    250. 

  250.  * @GNUTLS_MAC_MD2: HMAC-MD2 algorithm.
    251. 

  251.  * @GNUTLS_MAC_SHA256: HMAC-SHA-256 algorithm.
    252. 

  252.  * @GNUTLS_MAC_SHA384: HMAC-SHA-384 algorithm.
    253. 

  253.  * @GNUTLS_MAC_SHA512: HMAC-SHA-512 algorithm.
    254. 

  254.  * @GNUTLS_MAC_SHA224: HMAC-SHA-224 algorithm.
    255. 

  255.  * @GNUTLS_MAC_MD5_SHA1: Combined MD5+SHA1 MAC placeholder.
    256. 

  256.  * @GNUTLS_MAC_AEAD: MAC implicit through AEAD cipher.
    257. 

  257.  * @GNUTLS_MAC_UMAC_96: The UMAC-96 MAC algorithm.
    258. 

  258.  * @GNUTLS_MAC_UMAC_128: The UMAC-128 MAC algorithm.
    259. 

  259.  *
    260. 

  260.  * Enumeration of different Message Authentication Code (MAC)
    261. 

  261.  * algorithms.
    262. 

  262.  */
    263. 

  263. typedef enum {
    264. 

  264. 	GNUTLS_MAC_UNKNOWN = 0,
    265. 

  265. 	GNUTLS_MAC_NULL = 1,
    266. 

  266. 	GNUTLS_MAC_MD5 = 2,
    267. 

  267. 	GNUTLS_MAC_SHA1 = 3,
    268. 

  268. 	GNUTLS_MAC_RMD160 = 4,
    269. 

  269. 	GNUTLS_MAC_MD2 = 5,
    270. 

  270. 	GNUTLS_MAC_SHA256 = 6,
    271. 

  271. 	GNUTLS_MAC_SHA384 = 7,
    272. 

  272. 	GNUTLS_MAC_SHA512 = 8,
    273. 

  273. 	GNUTLS_MAC_SHA224 = 9,
    274. 

  274. 	GNUTLS_MAC_SHA3_224 = 10, /* reserved: no implementation */
    275. 

  275. 	GNUTLS_MAC_SHA3_256 = 11, /* reserved: no implementation */
    276. 

  276. 	GNUTLS_MAC_SHA3_384 = 12, /* reserved: no implementation */
    277. 

  277. 	GNUTLS_MAC_SHA3_512 = 13, /* reserved: no implementation */
    278. 

  278. 	GNUTLS_MAC_MD5_SHA1 = 14, /* reserved: no implementation */
    279. 

  279. 	/* If you add anything here, make sure you align with
    280. 

  280. 	   gnutls_digest_algorithm_t. */
    281. 

  281. 	GNUTLS_MAC_AEAD = 200,	/* indicates that MAC is on the cipher */
    282. 

  282. 	GNUTLS_MAC_UMAC_96 = 201,
    283. 

  283. 	GNUTLS_MAC_UMAC_128 = 202
    284. 

  284. } gnutls_mac_algorithm_t;
    285. 

  285. 

  286. /**
    287. 

  287.  * gnutls_digest_algorithm_t:
    288. 

  288.  * @GNUTLS_DIG_UNKNOWN: Unknown hash algorithm.
    289. 

  289.  * @GNUTLS_DIG_NULL: NULL hash algorithm (empty output).
    290. 

  290.  * @GNUTLS_DIG_MD5: MD5 algorithm.
    291. 

  291.  * @GNUTLS_DIG_SHA1: SHA-1 algorithm.
    292. 

  292.  * @GNUTLS_DIG_RMD160: RMD160 algorithm.
    293. 

  293.  * @GNUTLS_DIG_MD2: MD2 algorithm.
    294. 

  294.  * @GNUTLS_DIG_SHA256: SHA-256 algorithm.
    295. 

  295.  * @GNUTLS_DIG_SHA384: SHA-384 algorithm.
    296. 

  296.  * @GNUTLS_DIG_SHA512: SHA-512 algorithm.
    297. 

  297.  * @GNUTLS_DIG_SHA224: SHA-224 algorithm.
    298. 

  298.  * @GNUTLS_DIG_SHA3_224: SHA3-224 algorithm.
    299. 

  299.  * @GNUTLS_DIG_SHA3_256: SHA3-256 algorithm.
    300. 

  300.  * @GNUTLS_DIG_SHA3_384: SHA3-384 algorithm.
    301. 

  301.  * @GNUTLS_DIG_SHA3_512: SHA3-512 algorithm.
    302. 

  302.  * @GNUTLS_DIG_MD5_SHA1: Combined MD5+SHA1 algorithm.
    303. 

  303.  *
    304. 

  304.  * Enumeration of different digest (hash) algorithms.
    305. 

  305.  */
    306. 

  306. typedef enum {
    307. 

  307. 	GNUTLS_DIG_UNKNOWN = GNUTLS_MAC_UNKNOWN,
    308. 

  308. 	GNUTLS_DIG_NULL = GNUTLS_MAC_NULL,
    309. 

  309. 	GNUTLS_DIG_MD5 = GNUTLS_MAC_MD5,
    310. 

  310. 	GNUTLS_DIG_SHA1 = GNUTLS_MAC_SHA1,
    311. 

  311. 	GNUTLS_DIG_RMD160 = GNUTLS_MAC_RMD160,
    312. 

  312. 	GNUTLS_DIG_MD2 = GNUTLS_MAC_MD2,
    313. 

  313. 	GNUTLS_DIG_SHA256 = GNUTLS_MAC_SHA256,
    314. 

  314. 	GNUTLS_DIG_SHA384 = GNUTLS_MAC_SHA384,
    315. 

  315. 	GNUTLS_DIG_SHA512 = GNUTLS_MAC_SHA512,
    316. 

  316. 	GNUTLS_DIG_SHA224 = GNUTLS_MAC_SHA224,
    317. 

  317. 	GNUTLS_DIG_SHA3_224 = GNUTLS_MAC_SHA3_224,
    318. 

  318. 	GNUTLS_DIG_SHA3_256 = GNUTLS_MAC_SHA3_256,
    319. 

  319. 	GNUTLS_DIG_SHA3_384 = GNUTLS_MAC_SHA3_384,
    320. 

  320. 	GNUTLS_DIG_SHA3_512 = GNUTLS_MAC_SHA3_512,
    321. 

  321. 	GNUTLS_DIG_MD5_SHA1 = GNUTLS_MAC_MD5_SHA1
    322. 

  322. 	    /* If you add anything here, make sure you align with
    323. 

  323. 	       gnutls_mac_algorithm_t. */
    324. 

  324. } gnutls_digest_algorithm_t;
    325. 

  325. 

  326.   /* exported for other gnutls headers. This is the maximum number of
    327. 

  327.    * algorithms (ciphers, kx or macs).
    328. 

  328.    */
    329. 

  329. #define GNUTLS_MAX_ALGORITHM_NUM 64
    330. 

  330. #define GNUTLS_MAX_SESSION_ID_SIZE 32
    331. 

  331. 

  332. 

  333. /**
    334. 

  334.  * gnutls_compression_method_t:
    335. 

  335.  * @GNUTLS_COMP_UNKNOWN: Unknown compression method.
    336. 

  336.  * @GNUTLS_COMP_NULL: The NULL compression method (no compression).
    337. 

  337.  * @GNUTLS_COMP_DEFLATE: The DEFLATE compression method from zlib.
    338. 

  338.  * @GNUTLS_COMP_ZLIB: Same as %GNUTLS_COMP_DEFLATE.
    339. 

  339.  *
    340. 

  340.  * Enumeration of different TLS compression methods.
    341. 

  341.  */
    342. 

  342. typedef enum {
    343. 

  343. 	GNUTLS_COMP_UNKNOWN = 0,
    344. 

  344. 	GNUTLS_COMP_NULL = 1,
    345. 

  345. 	GNUTLS_COMP_DEFLATE = 2,
    346. 

  346. 	GNUTLS_COMP_ZLIB = GNUTLS_COMP_DEFLATE
    347. 

  347. } gnutls_compression_method_t;
    348. 

  348. 

  349. 

  350. /**
    351. 

  351.  * gnutls_init_flags_t:
    352. 

  352.  *
    353. 

  353.  * @GNUTLS_SERVER: Connection end is a server.
    354. 

  354.  * @GNUTLS_CLIENT: Connection end is a client.
    355. 

  355.  * @GNUTLS_DATAGRAM: Connection is datagram oriented (DTLS). Since 3.0.0.
    356. 

  356.  * @GNUTLS_NONBLOCK: Connection should not block. Since 3.0.0.
    357. 

  357.  * @GNUTLS_NO_SIGNAL: In systems where SIGPIPE is delivered on send, it will be disabled. That flag has effect in systems which support the MSG_NOSIGNAL sockets flag (since 3.4.2).
    358. 

  358.  * @GNUTLS_NO_EXTENSIONS: Do not enable any TLS extensions by default (since 3.1.2).
    359. 

  359.  * @GNUTLS_NO_REPLAY_PROTECTION: Disable any replay protection in DTLS. This must only be used if  replay protection is achieved using other means. Since 3.2.2.
    360. 

  360.  * @GNUTLS_ALLOW_ID_CHANGE: Allow the peer to replace its certificate, or change its ID during a rehandshake. This change is often used in attacks and thus prohibited by default. Since 3.5.0.
    361. 

  361.  * @GNUTLS_ENABLE_FALSE_START: Enable the TLS false start on client side if the negotiated ciphersuites allow it. This will enable sending data prior to the handshake being complete, and may introduce a risk of crypto failure when combined with certain key exchanged; for that GnuTLS may not enable that option in ciphersuites that are known to be not safe for false start. Since 3.5.0.
    362. 

  362.  * @GNUTLS_FORCE_CLIENT_CERT: When in client side and only a single cert is specified, send that certificate irrespective of the issuers expected by the server. Since 3.5.0.
    363. 

  363.  * @GNUTLS_NO_TICKETS: Flag to indicate that the session should not use resumption with session tickets.
    364. 

  364.  *
    365. 

  365.  * Enumeration of different flags for gnutls_init() function. All the flags
    366. 

  366.  * can be combined except @GNUTLS_SERVER and @GNUTLS_CLIENT which are mutually
    367. 

  367.  * exclusive.
    368. 

  368.  */
    369. 

  369. typedef enum {
    370. 

  370. 	GNUTLS_SERVER = 1,
    371. 

  371. 	GNUTLS_CLIENT = (1<<1),
    372. 

  372. 	GNUTLS_DATAGRAM = (1<<2),
    373. 

  373. 	GNUTLS_NONBLOCK = (1<<3),
    374. 

  374. 	GNUTLS_NO_EXTENSIONS = (1<<4),
    375. 

  375. 	GNUTLS_NO_REPLAY_PROTECTION = (1<<5),
    376. 

  376. 	GNUTLS_NO_SIGNAL = (1<<6),
    377. 

  377. 	GNUTLS_ALLOW_ID_CHANGE = (1<<7),
    378. 

  378. 	GNUTLS_ENABLE_FALSE_START = (1<<8),
    379. 

  379. 	GNUTLS_FORCE_CLIENT_CERT = (1<<9),
    380. 

  380. 	GNUTLS_NO_TICKETS = (1<<10)
    381. 

  381. } gnutls_init_flags_t;
    382. 

  382. 

  383. /* compatibility defines (previous versions of gnutls
    384. 

  384.  * used defines instead of enumerated values). */
    385. 

  385. #define GNUTLS_SERVER (1)
    386. 

  386. #define GNUTLS_CLIENT (1<<1)
    387. 

  387. #define GNUTLS_DATAGRAM (1<<2)
    388. 

  388. #define GNUTLS_NONBLOCK (1<<3)
    389. 

  389. #define GNUTLS_NO_EXTENSIONS (1<<4)
    390. 

  390. #define GNUTLS_NO_REPLAY_PROTECTION (1<<5)
    391. 

  391. #define GNUTLS_NO_SIGNAL (1<<6)
    392. 

  392. #define GNUTLS_ALLOW_ID_CHANGE (1<<7)
    393. 

  393. #define GNUTLS_ENABLE_FALSE_START (1<<8)
    394. 

  394. #define GNUTLS_FORCE_CLIENT_CERT (1<<9)
    395. 

  395. #define GNUTLS_NO_TICKETS (1<<10)
    396. 

  396. 

  397. /**
    398. 

  398.  * gnutls_alert_level_t:
    399. 

  399.  * @GNUTLS_AL_WARNING: Alert of warning severity.
    400. 

  400.  * @GNUTLS_AL_FATAL: Alert of fatal severity.
    401. 

  401.  *
    402. 

  402.  * Enumeration of different TLS alert severities.
    403. 

  403.  */
    404. 

  404. typedef enum {
    405. 

  405. 	GNUTLS_AL_WARNING = 1,
    406. 

  406. 	GNUTLS_AL_FATAL
    407. 

  407. } gnutls_alert_level_t;
    408. 

  408. 

  409. /**
    410. 

  410.  * gnutls_alert_description_t:
    411. 

  411.  * @GNUTLS_A_CLOSE_NOTIFY: Close notify.
    412. 

  412.  * @GNUTLS_A_UNEXPECTED_MESSAGE: Unexpected message.
    413. 

  413.  * @GNUTLS_A_BAD_RECORD_MAC: Bad record MAC.
    414. 

  414.  * @GNUTLS_A_DECRYPTION_FAILED: Decryption failed.
    415. 

  415.  * @GNUTLS_A_RECORD_OVERFLOW: Record overflow.
    416. 

  416.  * @GNUTLS_A_DECOMPRESSION_FAILURE: Decompression failed.
    417. 

  417.  * @GNUTLS_A_HANDSHAKE_FAILURE: Handshake failed.
    418. 

  418.  * @GNUTLS_A_SSL3_NO_CERTIFICATE: No certificate.
    419. 

  419.  * @GNUTLS_A_BAD_CERTIFICATE: Certificate is bad.
    420. 

  420.  * @GNUTLS_A_UNSUPPORTED_CERTIFICATE: Certificate is not supported.
    421. 

  421.  * @GNUTLS_A_CERTIFICATE_REVOKED: Certificate was revoked.
    422. 

  422.  * @GNUTLS_A_CERTIFICATE_EXPIRED: Certificate is expired.
    423. 

  423.  * @GNUTLS_A_CERTIFICATE_UNKNOWN: Unknown certificate.
    424. 

  424.  * @GNUTLS_A_ILLEGAL_PARAMETER: Illegal parameter.
    425. 

  425.  * @GNUTLS_A_UNKNOWN_CA: CA is unknown.
    426. 

  426.  * @GNUTLS_A_ACCESS_DENIED: Access was denied.
    427. 

  427.  * @GNUTLS_A_DECODE_ERROR: Decode error.
    428. 

  428.  * @GNUTLS_A_DECRYPT_ERROR: Decrypt error.
    429. 

  429.  * @GNUTLS_A_EXPORT_RESTRICTION: Export restriction.
    430. 

  430.  * @GNUTLS_A_PROTOCOL_VERSION: Error in protocol version.
    431. 

  431.  * @GNUTLS_A_INSUFFICIENT_SECURITY: Insufficient security.
    432. 

  432.  * @GNUTLS_A_USER_CANCELED: User canceled.
    433. 

  433.  * @GNUTLS_A_INTERNAL_ERROR: Internal error.
    434. 

  434.  * @GNUTLS_A_INAPPROPRIATE_FALLBACK: Inappropriate fallback,
    435. 

  435.  * @GNUTLS_A_NO_RENEGOTIATION: No renegotiation is allowed.
    436. 

  436.  * @GNUTLS_A_CERTIFICATE_UNOBTAINABLE: Could not retrieve the
    437. 

  437.  *   specified certificate.
    438. 

  438.  * @GNUTLS_A_UNSUPPORTED_EXTENSION: An unsupported extension was
    439. 

  439.  *   sent.
    440. 

  440.  * @GNUTLS_A_UNRECOGNIZED_NAME: The server name sent was not
    441. 

  441.  *   recognized.
    442. 

  442.  * @GNUTLS_A_UNKNOWN_PSK_IDENTITY: The SRP/PSK username is missing
    443. 

  443.  *   or not known.
    444. 

  444.  * @GNUTLS_A_NO_APPLICATION_PROTOCOL: The ALPN protocol requested is
    445. 

  445.  *   not supported by the peer.
    446. 

  446.  *
    447. 

  447.  * Enumeration of different TLS alerts.
    448. 

  448.  */
    449. 

  449. typedef enum {
    450. 

  450. 	GNUTLS_A_CLOSE_NOTIFY,
    451. 

  451. 	GNUTLS_A_UNEXPECTED_MESSAGE = 10,
    452. 

  452. 	GNUTLS_A_BAD_RECORD_MAC = 20,
    453. 

  453. 	GNUTLS_A_DECRYPTION_FAILED,
    454. 

  454. 	GNUTLS_A_RECORD_OVERFLOW,
    455. 

  455. 	GNUTLS_A_DECOMPRESSION_FAILURE = 30,
    456. 

  456. 	GNUTLS_A_HANDSHAKE_FAILURE = 40,
    457. 

  457. 	GNUTLS_A_SSL3_NO_CERTIFICATE = 41,
    458. 

  458. 	GNUTLS_A_BAD_CERTIFICATE = 42,
    459. 

  459. 	GNUTLS_A_UNSUPPORTED_CERTIFICATE,
    460. 

  460. 	GNUTLS_A_CERTIFICATE_REVOKED,
    461. 

  461. 	GNUTLS_A_CERTIFICATE_EXPIRED,
    462. 

  462. 	GNUTLS_A_CERTIFICATE_UNKNOWN,
    463. 

  463. 	GNUTLS_A_ILLEGAL_PARAMETER,
    464. 

  464. 	GNUTLS_A_UNKNOWN_CA,
    465. 

  465. 	GNUTLS_A_ACCESS_DENIED,
    466. 

  466. 	GNUTLS_A_DECODE_ERROR = 50,
    467. 

  467. 	GNUTLS_A_DECRYPT_ERROR,
    468. 

  468. 	GNUTLS_A_EXPORT_RESTRICTION = 60,
    469. 

  469. 	GNUTLS_A_PROTOCOL_VERSION = 70,
    470. 

  470. 	GNUTLS_A_INSUFFICIENT_SECURITY,
    471. 

  471. 	GNUTLS_A_INTERNAL_ERROR = 80,
    472. 

  472. 	GNUTLS_A_INAPPROPRIATE_FALLBACK = 86,
    473. 

  473. 	GNUTLS_A_USER_CANCELED = 90,
    474. 

  474. 	GNUTLS_A_NO_RENEGOTIATION = 100,
    475. 

  475. 	GNUTLS_A_UNSUPPORTED_EXTENSION = 110,
    476. 

  476. 	GNUTLS_A_CERTIFICATE_UNOBTAINABLE = 111,
    477. 

  477. 	GNUTLS_A_UNRECOGNIZED_NAME = 112,
    478. 

  478. 	GNUTLS_A_UNKNOWN_PSK_IDENTITY = 115,
    479. 

  479. 	GNUTLS_A_NO_APPLICATION_PROTOCOL = 120,
    480. 

  480. 	GNUTLS_A_MAX = GNUTLS_A_NO_APPLICATION_PROTOCOL
    481. 

  481. } gnutls_alert_description_t;
    482. 

  482. 

  483. /**
    484. 

  484.  * gnutls_handshake_description_t:
    485. 

  485.  * @GNUTLS_HANDSHAKE_HELLO_REQUEST: Hello request.
    486. 

  486.  * @GNUTLS_HANDSHAKE_HELLO_VERIFY_REQUEST: DTLS Hello verify request.
    487. 

  487.  * @GNUTLS_HANDSHAKE_CLIENT_HELLO: Client hello.
    488. 

  488.  * @GNUTLS_HANDSHAKE_SERVER_HELLO: Server hello.
    489. 

  489.  * @GNUTLS_HANDSHAKE_NEW_SESSION_TICKET: New session ticket.
    490. 

  490.  * @GNUTLS_HANDSHAKE_CERTIFICATE_PKT: Certificate packet.
    491. 

  491.  * @GNUTLS_HANDSHAKE_SERVER_KEY_EXCHANGE: Server key exchange.
    492. 

  492.  * @GNUTLS_HANDSHAKE_CERTIFICATE_REQUEST: Certificate request.
    493. 

  493.  * @GNUTLS_HANDSHAKE_SERVER_HELLO_DONE: Server hello done.
    494. 

  494.  * @GNUTLS_HANDSHAKE_CERTIFICATE_VERIFY: Certificate verify.
    495. 

  495.  * @GNUTLS_HANDSHAKE_CLIENT_KEY_EXCHANGE: Client key exchange.
    496. 

  496.  * @GNUTLS_HANDSHAKE_FINISHED: Finished.
    497. 

  497.  * @GNUTLS_HANDSHAKE_CERTIFICATE_STATUS: Certificate status (OCSP).
    498. 

  498.  * @GNUTLS_HANDSHAKE_SUPPLEMENTAL: Supplemental.
    499. 

  499.  * @GNUTLS_HANDSHAKE_CHANGE_CIPHER_SPEC: Change Cipher Spec.
    500. 

  500.  * @GNUTLS_HANDSHAKE_CLIENT_HELLO_V2: SSLv2 Client Hello.
    501. 

  501.  *
    502. 

  502.  * Enumeration of different TLS handshake packets.
    503. 

  503.  */
    504. 

  504. typedef enum {
    505. 

  505. 	GNUTLS_HANDSHAKE_HELLO_REQUEST = 0,
    506. 

  506. 	GNUTLS_HANDSHAKE_CLIENT_HELLO = 1,
    507. 

  507. 	GNUTLS_HANDSHAKE_SERVER_HELLO = 2,
    508. 

  508. 	GNUTLS_HANDSHAKE_HELLO_VERIFY_REQUEST = 3,
    509. 

  509. 	GNUTLS_HANDSHAKE_NEW_SESSION_TICKET = 4,
    510. 

  510. 	GNUTLS_HANDSHAKE_CERTIFICATE_PKT = 11,
    511. 

  511. 	GNUTLS_HANDSHAKE_SERVER_KEY_EXCHANGE = 12,
    512. 

  512. 	GNUTLS_HANDSHAKE_CERTIFICATE_REQUEST = 13,
    513. 

  513. 	GNUTLS_HANDSHAKE_SERVER_HELLO_DONE = 14,
    514. 

  514. 	GNUTLS_HANDSHAKE_CERTIFICATE_VERIFY = 15,
    515. 

  515. 	GNUTLS_HANDSHAKE_CLIENT_KEY_EXCHANGE = 16,
    516. 

  516. 	GNUTLS_HANDSHAKE_FINISHED = 20,
    517. 

  517. 	GNUTLS_HANDSHAKE_CERTIFICATE_STATUS = 22,
    518. 

  518. 	GNUTLS_HANDSHAKE_SUPPLEMENTAL = 23,
    519. 

  519. 	GNUTLS_HANDSHAKE_CHANGE_CIPHER_SPEC = 254,
    520. 

  520. 	GNUTLS_HANDSHAKE_CLIENT_HELLO_V2 = 1024
    521. 

  521. } gnutls_handshake_description_t;
    522. 

  522. 

  523. #define GNUTLS_HANDSHAKE_ANY ((unsigned int)-1)
    524. 

  524. 

  525. const char
    526. 

  526.     *gnutls_handshake_description_get_name(gnutls_handshake_description_t
    527. 

  527. 					   type);
    528. 

  528. 

  529. /**
    530. 

  530.  * gnutls_certificate_status_t:
    531. 

  531.  * @GNUTLS_CERT_INVALID: The certificate is not signed by one of the
    532. 

  532.  *   known authorities or the signature is invalid (deprecated by the flags 
    533. 

  533.  *   %GNUTLS_CERT_SIGNATURE_FAILURE and %GNUTLS_CERT_SIGNER_NOT_FOUND).
    534. 

  534.  * @GNUTLS_CERT_SIGNATURE_FAILURE: The signature verification failed.
    535. 

  535.  * @GNUTLS_CERT_REVOKED: Certificate is revoked by its authority.  In X.509 this will be
    536. 

  536.  *   set only if CRLs are checked.
    537. 

  537.  * @GNUTLS_CERT_SIGNER_NOT_FOUND: The certificate's issuer is not known. 
    538. 

  538.  *   This is the case if the issuer is not included in the trusted certificate list.
    539. 

  539.  * @GNUTLS_CERT_SIGNER_NOT_CA: The certificate's signer was not a CA. This
    540. 

  540.  *   may happen if this was a version 1 certificate, which is common with 
    541. 

  541.  *   some CAs, or a version 3 certificate without the basic constrains extension.
    542. 

  542.  * @GNUTLS_CERT_SIGNER_CONSTRAINTS_FAILURE: The certificate's signer constraints were
    543. 

  543.  *   violated.
    544. 

  544.  * @GNUTLS_CERT_INSECURE_ALGORITHM:  The certificate was signed using an insecure
    545. 

  545.  *   algorithm such as MD2 or MD5. These algorithms have been broken and
    546. 

  546.  *   should not be trusted.
    547. 

  547.  * @GNUTLS_CERT_NOT_ACTIVATED: The certificate is not yet activated.
    548. 

  548.  * @GNUTLS_CERT_EXPIRED: The certificate has expired.
    549. 

  549.  * @GNUTLS_CERT_REVOCATION_DATA_SUPERSEDED: The revocation data are old and have been superseded.
    550. 

  550.  * @GNUTLS_CERT_REVOCATION_DATA_ISSUED_IN_FUTURE: The revocation data have a future issue date.
    551. 

  551.  * @GNUTLS_CERT_UNEXPECTED_OWNER: The owner is not the expected one.
    552. 

  552.  * @GNUTLS_CERT_MISMATCH: The certificate presented isn't the expected one (TOFU)
    553. 

  553.  * @GNUTLS_CERT_PURPOSE_MISMATCH: The certificate or an intermediate does not match the intended purpose (extended key usage).
    554. 

  554.  * @GNUTLS_CERT_MISSING_OCSP_STATUS: The certificate requires the server to send the certifiate status, but no status was received.
    555. 

  555.  * @GNUTLS_CERT_INVALID_OCSP_STATUS: The received OCSP status response is invalid.
    556. 

  556.  * @GNUTLS_CERT_UNKNOWN_CRIT_EXTENSIONS: The certificate has extensions marked as critical which are not supported.
    557. 

  557.  *
    558. 

  558.  * Enumeration of certificate status codes.  Note that the status
    559. 

  559.  * bits may have different meanings in OpenPGP keys and X.509
    560. 

  560.  * certificate verification.
    561. 

  561.  */
    562. 

  562. typedef enum {
    563. 

  563. 	GNUTLS_CERT_INVALID = 1 << 1,
    564. 

  564. 	GNUTLS_CERT_REVOKED = 1 << 5,
    565. 

  565. 	GNUTLS_CERT_SIGNER_NOT_FOUND = 1 << 6,
    566. 

  566. 	GNUTLS_CERT_SIGNER_NOT_CA = 1 << 7,
    567. 

  567. 	GNUTLS_CERT_INSECURE_ALGORITHM = 1 << 8,
    568. 

  568. 	GNUTLS_CERT_NOT_ACTIVATED = 1 << 9,
    569. 

  569. 	GNUTLS_CERT_EXPIRED = 1 << 10,
    570. 

  570. 	GNUTLS_CERT_SIGNATURE_FAILURE = 1 << 11,
    571. 

  571. 	GNUTLS_CERT_REVOCATION_DATA_SUPERSEDED = 1 << 12,
    572. 

  572. 	GNUTLS_CERT_UNEXPECTED_OWNER = 1 << 14,
    573. 

  573. 	GNUTLS_CERT_REVOCATION_DATA_ISSUED_IN_FUTURE = 1 << 15,
    574. 

  574. 	GNUTLS_CERT_SIGNER_CONSTRAINTS_FAILURE = 1 << 16,
    575. 

  575. 	GNUTLS_CERT_MISMATCH = 1 << 17,
    576. 

  576. 	GNUTLS_CERT_PURPOSE_MISMATCH = 1 << 18,
    577. 

  577. 	GNUTLS_CERT_MISSING_OCSP_STATUS = 1 << 19,
    578. 

  578. 	GNUTLS_CERT_INVALID_OCSP_STATUS = 1 << 20,
    579. 

  579. 	GNUTLS_CERT_UNKNOWN_CRIT_EXTENSIONS = 1 << 21
    580. 

  580. } gnutls_certificate_status_t;
    581. 

  581. 

  582. /**
    583. 

  583.  * gnutls_certificate_request_t:
    584. 

  584.  * @GNUTLS_CERT_IGNORE: Ignore certificate.
    585. 

  585.  * @GNUTLS_CERT_REQUEST: Request certificate.
    586. 

  586.  * @GNUTLS_CERT_REQUIRE: Require certificate.
    587. 

  587.  *
    588. 

  588.  * Enumeration of certificate request types.
    589. 

  589.  */
    590. 

  590. typedef enum {
    591. 

  591. 	GNUTLS_CERT_IGNORE = 0,
    592. 

  592. 	GNUTLS_CERT_REQUEST = 1,
    593. 

  593. 	GNUTLS_CERT_REQUIRE = 2
    594. 

  594. } gnutls_certificate_request_t;
    595. 

  595. 

  596. /**
    597. 

  597.  * gnutls_openpgp_crt_status_t:
    598. 

  598.  * @GNUTLS_OPENPGP_CERT: Send entire certificate.
    599. 

  599.  * @GNUTLS_OPENPGP_CERT_FINGERPRINT: Send only certificate fingerprint.
    600. 

  600.  *
    601. 

  601.  * Enumeration of ways to send OpenPGP certificate.
    602. 

  602.  */
    603. 

  603. typedef enum {
    604. 

  604. 	GNUTLS_OPENPGP_CERT = 0,
    605. 

  605. 	GNUTLS_OPENPGP_CERT_FINGERPRINT = 1
    606. 

  606. } gnutls_openpgp_crt_status_t;
    607. 

  607. 

  608. /**
    609. 

  609.  * gnutls_close_request_t:
    610. 

  610.  * @GNUTLS_SHUT_RDWR: Disallow further receives/sends.
    611. 

  611.  * @GNUTLS_SHUT_WR: Disallow further sends.
    612. 

  612.  *
    613. 

  613.  * Enumeration of how TLS session should be terminated.  See gnutls_bye().
    614. 

  614.  */
    615. 

  615. typedef enum {
    616. 

  616. 	GNUTLS_SHUT_RDWR = 0,
    617. 

  617. 	GNUTLS_SHUT_WR = 1
    618. 

  618. } gnutls_close_request_t;
    619. 

  619. 

  620. /**
    621. 

  621.  * gnutls_protocol_t:
    622. 

  622.  * @GNUTLS_SSL3: SSL version 3.0.
    623. 

  623.  * @GNUTLS_TLS1_0: TLS version 1.0.
    624. 

  624.  * @GNUTLS_TLS1: Same as %GNUTLS_TLS1_0.
    625. 

  625.  * @GNUTLS_TLS1_1: TLS version 1.1.
    626. 

  626.  * @GNUTLS_TLS1_2: TLS version 1.2.
    627. 

  627.  * @GNUTLS_DTLS1_0: DTLS version 1.0.
    628. 

  628.  * @GNUTLS_DTLS1_2: DTLS version 1.2.
    629. 

  629.  * @GNUTLS_DTLS0_9: DTLS version 0.9 (Cisco AnyConnect / OpenSSL 0.9.8e).
    630. 

  630.  * @GNUTLS_VERSION_MAX: Maps to the highest supported TLS version.
    631. 

  631.  * @GNUTLS_VERSION_UNKNOWN: Unknown SSL/TLS version.
    632. 

  632.  *
    633. 

  633.  * Enumeration of different SSL/TLS protocol versions.
    634. 

  634.  */
    635. 

  635. typedef enum {
    636. 

  636. 	GNUTLS_SSL3 = 1,
    637. 

  637. 	GNUTLS_TLS1_0 = 2,
    638. 

  638. 	GNUTLS_TLS1 = GNUTLS_TLS1_0,
    639. 

  639. 	GNUTLS_TLS1_1 = 3,
    640. 

  640. 	GNUTLS_TLS1_2 = 4,
    641. 

  641. 

  642. 	GNUTLS_DTLS0_9 = 200,
    643. 

  643. 	GNUTLS_DTLS1_0 = 201,	/* 201 */
    644. 

  644. 	GNUTLS_DTLS1_2 = 202,
    645. 

  645. 	GNUTLS_DTLS_VERSION_MIN = GNUTLS_DTLS0_9,
    646. 

  646. 	GNUTLS_DTLS_VERSION_MAX = GNUTLS_DTLS1_2,
    647. 

  647. 	GNUTLS_TLS_VERSION_MAX = GNUTLS_TLS1_2,
    648. 

  648. 	GNUTLS_VERSION_UNKNOWN = 0xff	/* change it to 0xffff */
    649. 

  649. } gnutls_protocol_t;
    650. 

  650. 

  651. /**
    652. 

  652.  * gnutls_certificate_type_t:
    653. 

  653.  * @GNUTLS_CRT_UNKNOWN: Unknown certificate type.
    654. 

  654.  * @GNUTLS_CRT_X509: X.509 Certificate.
    655. 

  655.  * @GNUTLS_CRT_OPENPGP: OpenPGP certificate.
    656. 

  656.  * @GNUTLS_CRT_RAW: Raw public key (SubjectPublicKey)
    657. 

  657.  *
    658. 

  658.  * Enumeration of different certificate types.
    659. 

  659.  */
    660. 

  660. typedef enum {
    661. 

  661. 	GNUTLS_CRT_UNKNOWN = 0,
    662. 

  662. 	GNUTLS_CRT_X509 = 1,
    663. 

  663. 	GNUTLS_CRT_OPENPGP = 2,
    664. 

  664. 	GNUTLS_CRT_RAW = 3
    665. 

  665. } gnutls_certificate_type_t;
    666. 

  666. 

  667. /**
    668. 

  668.  * gnutls_x509_crt_fmt_t:
    669. 

  669.  * @GNUTLS_X509_FMT_DER: X.509 certificate in DER format (binary).
    670. 

  670.  * @GNUTLS_X509_FMT_PEM: X.509 certificate in PEM format (text).
    671. 

  671.  *
    672. 

  672.  * Enumeration of different certificate encoding formats.
    673. 

  673.  */
    674. 

  674. typedef enum {
    675. 

  675. 	GNUTLS_X509_FMT_DER = 0,
    676. 

  676. 	GNUTLS_X509_FMT_PEM = 1
    677. 

  677. } gnutls_x509_crt_fmt_t;
    678. 

  678. 

  679. /**
    680. 

  680.  * gnutls_certificate_print_formats_t:
    681. 

  681.  * @GNUTLS_CRT_PRINT_FULL: Full information about certificate.
    682. 

  682.  * @GNUTLS_CRT_PRINT_FULL_NUMBERS: Full information about certificate and include easy to parse public key parameters.
    683. 

  683.  * @GNUTLS_CRT_PRINT_COMPACT: Information about certificate name in one line, plus identification of the public key.
    684. 

  684.  * @GNUTLS_CRT_PRINT_ONELINE: Information about certificate in one line.
    685. 

  685.  * @GNUTLS_CRT_PRINT_UNSIGNED_FULL: All info for an unsigned certificate.
    686. 

  686.  *
    687. 

  687.  * Enumeration of different certificate printing variants.
    688. 

  688.  */
    689. 

  689. typedef enum gnutls_certificate_print_formats {
    690. 

  690. 	GNUTLS_CRT_PRINT_FULL = 0,
    691. 

  691. 	GNUTLS_CRT_PRINT_ONELINE = 1,
    692. 

  692. 	GNUTLS_CRT_PRINT_UNSIGNED_FULL = 2,
    693. 

  693. 	GNUTLS_CRT_PRINT_COMPACT = 3,
    694. 

  694. 	GNUTLS_CRT_PRINT_FULL_NUMBERS = 4
    695. 

  695. } gnutls_certificate_print_formats_t;
    696. 

  696. 

  697. #define GNUTLS_PK_ECC GNUTLS_PK_ECDSA
    698. 

  698. #define GNUTLS_PK_EC GNUTLS_PK_ECDSA
    699. 

  699. 

  700. #define GNUTLS_PK_ECDHX GNUTLS_PK_ECDH_X25519
    701. 

  701. /**
    702. 

  702.  * gnutls_pk_algorithm_t:
    703. 

  703.  * @GNUTLS_PK_UNKNOWN: Unknown public-key algorithm.
    704. 

  704.  * @GNUTLS_PK_RSA: RSA public-key algorithm.
    705. 

  705.  * @GNUTLS_PK_RSA_PSS: RSA public-key algorithm, with PSS padding.
    706. 

  706.  * @GNUTLS_PK_DSA: DSA public-key algorithm.
    707. 

  707.  * @GNUTLS_PK_DH: Diffie-Hellman algorithm. Used to generate parameters.
    708. 

  708.  * @GNUTLS_PK_ECDSA: Elliptic curve algorithm. These parameters are compatible with the ECDSA and ECDH algorithm.
    709. 

  709.  * @GNUTLS_PK_ECDH_X25519: Elliptic curve algorithm, restricted to ECDH as per rfc7748.
    710. 

  710.  * @GNUTLS_PK_EDDSA_ED25519: Edwards curve Digital signature algorithm. Used with SHA512 on signatures.
    711. 

  711.  *
    712. 

  712.  * Enumeration of different public-key algorithms.
    713. 

  713.  */
    714. 

  714. typedef enum {
    715. 

  715. 	GNUTLS_PK_UNKNOWN = 0,
    716. 

  716. 	GNUTLS_PK_RSA = 1,
    717. 

  717. 	GNUTLS_PK_DSA = 2,
    718. 

  718. 	GNUTLS_PK_DH = 3,
    719. 

  719. 	GNUTLS_PK_ECDSA = 4,
    720. 

  720. 	GNUTLS_PK_ECDH_X25519 = 5,
    721. 

  721. 	GNUTLS_PK_RSA_PSS = 6,
    722. 

  722. 	GNUTLS_PK_EDDSA_ED25519 = 7,
    723. 

  723. 	GNUTLS_PK_MAX = GNUTLS_PK_EDDSA_ED25519
    724. 

  724. } gnutls_pk_algorithm_t;
    725. 

  725. 

  726. 

  727. const char *gnutls_pk_algorithm_get_name(gnutls_pk_algorithm_t algorithm);
    728. 

  728. 

  729. /**
    730. 

  730.  * gnutls_sign_algorithm_t:
    731. 

  731.  * @GNUTLS_SIGN_UNKNOWN: Unknown signature algorithm.
    732. 

  732.  * @GNUTLS_SIGN_RSA_RAW: Digital signature algorithm RSA with DigestInfo formatted data
    733. 

  733.  * @GNUTLS_SIGN_RSA_SHA1: Digital signature algorithm RSA with SHA-1
    734. 

  734.  * @GNUTLS_SIGN_RSA_SHA: Same as %GNUTLS_SIGN_RSA_SHA1.
    735. 

  735.  * @GNUTLS_SIGN_DSA_SHA1: Digital signature algorithm DSA with SHA-1
    736. 

  736.  * @GNUTLS_SIGN_DSA_SHA224: Digital signature algorithm DSA with SHA-224
    737. 

  737.  * @GNUTLS_SIGN_DSA_SHA256: Digital signature algorithm DSA with SHA-256
    738. 

  738.  * @GNUTLS_SIGN_DSA_SHA384: Digital signature algorithm DSA with SHA-384
    739. 

  739.  * @GNUTLS_SIGN_DSA_SHA512: Digital signature algorithm DSA with SHA-512
    740. 

  740.  * @GNUTLS_SIGN_DSA_SHA: Same as %GNUTLS_SIGN_DSA_SHA1.
    741. 

  741.  * @GNUTLS_SIGN_RSA_MD5: Digital signature algorithm RSA with MD5.
    742. 

  742.  * @GNUTLS_SIGN_RSA_MD2: Digital signature algorithm RSA with MD2.
    743. 

  743.  * @GNUTLS_SIGN_RSA_RMD160: Digital signature algorithm RSA with RMD-160.
    744. 

  744.  * @GNUTLS_SIGN_RSA_SHA256: Digital signature algorithm RSA with SHA-256.
    745. 

  745.  * @GNUTLS_SIGN_RSA_SHA384: Digital signature algorithm RSA with SHA-384.
    746. 

  746.  * @GNUTLS_SIGN_RSA_SHA512: Digital signature algorithm RSA with SHA-512.
    747. 

  747.  * @GNUTLS_SIGN_RSA_SHA224: Digital signature algorithm RSA with SHA-224.
    748. 

  748.  * @GNUTLS_SIGN_ECDSA_SHA1: ECDSA with SHA1.
    749. 

  749.  * @GNUTLS_SIGN_ECDSA_SHA224: Digital signature algorithm ECDSA with SHA-224.
    750. 

  750.  * @GNUTLS_SIGN_ECDSA_SHA256: Digital signature algorithm ECDSA with SHA-256.
    751. 

  751.  * @GNUTLS_SIGN_ECDSA_SHA384: Digital signature algorithm ECDSA with SHA-384.
    752. 

  752.  * @GNUTLS_SIGN_ECDSA_SHA512: Digital signature algorithm ECDSA with SHA-512.
    753. 

  753.  * @GNUTLS_SIGN_ECDSA_SHA3_224: Digital signature algorithm ECDSA with SHA3-224.
    754. 

  754.  * @GNUTLS_SIGN_ECDSA_SHA3_256: Digital signature algorithm ECDSA with SHA3-256.
    755. 

  755.  * @GNUTLS_SIGN_ECDSA_SHA3_384: Digital signature algorithm ECDSA with SHA3-384.
    756. 

  756.  * @GNUTLS_SIGN_ECDSA_SHA3_512: Digital signature algorithm ECDSA with SHA3-512.
    757. 

  757.  * @GNUTLS_SIGN_DSA_SHA3_224: Digital signature algorithm DSA with SHA3-224.
    758. 

  758.  * @GNUTLS_SIGN_DSA_SHA3_256: Digital signature algorithm DSA with SHA3-256.
    759. 

  759.  * @GNUTLS_SIGN_DSA_SHA3_384: Digital signature algorithm DSA with SHA3-384.
    760. 

  760.  * @GNUTLS_SIGN_DSA_SHA3_512: Digital signature algorithm DSA with SHA3-512.
    761. 

  761.  * @GNUTLS_SIGN_RSA_SHA3_224: Digital signature algorithm RSA with SHA3-224.
    762. 

  762.  * @GNUTLS_SIGN_RSA_SHA3_256: Digital signature algorithm RSA with SHA3-256.
    763. 

  763.  * @GNUTLS_SIGN_RSA_SHA3_384: Digital signature algorithm RSA with SHA3-384.
    764. 

  764.  * @GNUTLS_SIGN_RSA_SHA3_512: Digital signature algorithm RSA with SHA3-512.
    765. 

  765.  * @GNUTLS_SIGN_RSA_PSS_SHA256: Digital signature algorithm RSA with SHA-256, with PSS padding.
    766. 

  766.  * @GNUTLS_SIGN_RSA_PSS_SHA384: Digital signature algorithm RSA with SHA-384, with PSS padding.
    767. 

  767.  * @GNUTLS_SIGN_RSA_PSS_SHA512: Digital signature algorithm RSA with SHA-512, with PSS padding.
    768. 

  768.  * @GNUTLS_SIGN_EDDSA_ED25519: Digital signature algorithm EdDSA with Ed25519 curve.
    769. 

  769.  *
    770. 

  770.  * Enumeration of different digital signature algorithms.
    771. 

  771.  */
    772. 

  772. typedef enum {
    773. 

  773. 	GNUTLS_SIGN_UNKNOWN = 0,
    774. 

  774. 	GNUTLS_SIGN_RSA_SHA1 = 1,
    775. 

  775. 	GNUTLS_SIGN_RSA_SHA = GNUTLS_SIGN_RSA_SHA1,
    776. 

  776. 	GNUTLS_SIGN_DSA_SHA1 = 2,
    777. 

  777. 	GNUTLS_SIGN_DSA_SHA = GNUTLS_SIGN_DSA_SHA1,
    778. 

  778. 	GNUTLS_SIGN_RSA_MD5 = 3,
    779. 

  779. 	GNUTLS_SIGN_RSA_MD2 = 4,
    780. 

  780. 	GNUTLS_SIGN_RSA_RMD160 = 5,
    781. 

  781. 	GNUTLS_SIGN_RSA_SHA256 = 6,
    782. 

  782. 	GNUTLS_SIGN_RSA_SHA384 = 7,
    783. 

  783. 	GNUTLS_SIGN_RSA_SHA512 = 8,
    784. 

  784. 	GNUTLS_SIGN_RSA_SHA224 = 9,
    785. 

  785. 	GNUTLS_SIGN_DSA_SHA224 = 10,
    786. 

  786. 	GNUTLS_SIGN_DSA_SHA256 = 11,
    787. 

  787. 	GNUTLS_SIGN_ECDSA_SHA1 = 12,
    788. 

  788. 	GNUTLS_SIGN_ECDSA_SHA224 = 13,
    789. 

  789. 	GNUTLS_SIGN_ECDSA_SHA256 = 14,
    790. 

  790. 	GNUTLS_SIGN_ECDSA_SHA384 = 15,
    791. 

  791. 	GNUTLS_SIGN_ECDSA_SHA512 = 16,
    792. 

  792. 	GNUTLS_SIGN_DSA_SHA384 = 17,
    793. 

  793. 	GNUTLS_SIGN_DSA_SHA512 = 18,
    794. 

  794. 	GNUTLS_SIGN_ECDSA_SHA3_224 = 20,
    795. 

  795. 	GNUTLS_SIGN_ECDSA_SHA3_256 = 21,
    796. 

  796. 	GNUTLS_SIGN_ECDSA_SHA3_384 = 22,
    797. 

  797. 	GNUTLS_SIGN_ECDSA_SHA3_512 = 23,
    798. 

  798. 

  799. 	GNUTLS_SIGN_DSA_SHA3_224 = 24,
    800. 

  800. 	GNUTLS_SIGN_DSA_SHA3_256 = 25,
    801. 

  801. 	GNUTLS_SIGN_DSA_SHA3_384 = 26,
    802. 

  802. 	GNUTLS_SIGN_DSA_SHA3_512 = 27,
    803. 

  803. 	GNUTLS_SIGN_RSA_SHA3_224 = 28,
    804. 

  804. 	GNUTLS_SIGN_RSA_SHA3_256 = 29,
    805. 

  805. 	GNUTLS_SIGN_RSA_SHA3_384 = 30,
    806. 

  806. 	GNUTLS_SIGN_RSA_SHA3_512 = 31,
    807. 

  807. 

  808. 	GNUTLS_SIGN_RSA_PSS_SHA256 = 32,
    809. 

  809. 	GNUTLS_SIGN_RSA_PSS_SHA384 = 33,
    810. 

  810. 	GNUTLS_SIGN_RSA_PSS_SHA512 = 34,
    811. 

  811. 	GNUTLS_SIGN_EDDSA_ED25519 = 35,
    812. 

  812. 	GNUTLS_SIGN_RSA_RAW = 36,
    813. 

  813. 	GNUTLS_SIGN_MAX = GNUTLS_SIGN_RSA_RAW
    814. 

  814. } gnutls_sign_algorithm_t;
    815. 

  815. 

  816. /**
    817. 

  817.  * gnutls_ecc_curve_t:
    818. 

  818.  * @GNUTLS_ECC_CURVE_INVALID: Cannot be known
    819. 

  819.  * @GNUTLS_ECC_CURVE_SECP192R1: the SECP192R1 curve
    820. 

  820.  * @GNUTLS_ECC_CURVE_SECP224R1: the SECP224R1 curve
    821. 

  821.  * @GNUTLS_ECC_CURVE_SECP256R1: the SECP256R1 curve
    822. 

  822.  * @GNUTLS_ECC_CURVE_SECP384R1: the SECP384R1 curve
    823. 

  823.  * @GNUTLS_ECC_CURVE_SECP521R1: the SECP521R1 curve
    824. 

  824.  * @GNUTLS_ECC_CURVE_X25519: the X25519 curve (ECDH only)
    825. 

  825.  * @GNUTLS_ECC_CURVE_ED25519: the Ed25519 curve
    826. 

  826.  *
    827. 

  827.  * Enumeration of ECC curves.
    828. 

  828.  */
    829. 

  829. typedef enum {
    830. 

  830. 	GNUTLS_ECC_CURVE_INVALID = 0,
    831. 

  831. 	GNUTLS_ECC_CURVE_SECP224R1,
    832. 

  832. 	GNUTLS_ECC_CURVE_SECP256R1,
    833. 

  833. 	GNUTLS_ECC_CURVE_SECP384R1,
    834. 

  834. 	GNUTLS_ECC_CURVE_SECP521R1,
    835. 

  835. 	GNUTLS_ECC_CURVE_SECP192R1,
    836. 

  836. 	GNUTLS_ECC_CURVE_X25519,
    837. 

  837. 	GNUTLS_ECC_CURVE_ED25519,
    838. 

  838. 	GNUTLS_ECC_CURVE_MAX = GNUTLS_ECC_CURVE_ED25519
    839. 

  839. } gnutls_ecc_curve_t;
    840. 

  840. 

  841. /**
    842. 

  842.  * gnutls_group_t:
    843. 

  843.  * @GNUTLS_GROUP_INVALID: Indicates unknown/invalid group
    844. 

  844.  * @GNUTLS_GROUP_SECP192R1: the SECP192R1 curve group (legacy, only for TLS 1.2 compatibility)
    845. 

  845.  * @GNUTLS_GROUP_SECP224R1: the SECP224R1 curve group (legacy, only for TLS 1.2 compatibility)
    846. 

  846.  * @GNUTLS_GROUP_SECP256R1: the SECP256R1 curve group
    847. 

  847.  * @GNUTLS_GROUP_SECP384R1: the SECP384R1 curve group
    848. 

  848.  * @GNUTLS_GROUP_SECP521R1: the SECP521R1 curve group
    849. 

  849.  * @GNUTLS_GROUP_X25519: the X25519 curve group
    850. 

  850.  * @GNUTLS_GROUP_FFDHE2048: the FFDHE2048 group
    851. 

  851.  * @GNUTLS_GROUP_FFDHE3072: the FFDHE3072 group
    852. 

  852.  * @GNUTLS_GROUP_FFDHE4096: the FFDHE4096 group
    853. 

  853.  * @GNUTLS_GROUP_FFDHE8192: the FFDHE8192 group
    854. 

  854.  *
    855. 

  855.  * Enumeration of supported groups. It is intended to be backwards
    856. 

  856.  * compatible with the enumerations in %gnutls_ecc_curve_t for the groups
    857. 

  857.  * which are valid elliptic curves.
    858. 

  858.  */
    859. 

  859. typedef enum {
    860. 

  860. 	GNUTLS_GROUP_INVALID = 0,
    861. 

  861. 	GNUTLS_GROUP_SECP192R1 = GNUTLS_ECC_CURVE_SECP192R1,
    862. 

  862. 	GNUTLS_GROUP_SECP224R1 = GNUTLS_ECC_CURVE_SECP224R1,
    863. 

  863. 	GNUTLS_GROUP_SECP256R1 = GNUTLS_ECC_CURVE_SECP256R1,
    864. 

  864. 	GNUTLS_GROUP_SECP384R1 = GNUTLS_ECC_CURVE_SECP384R1,
    865. 

  865. 	GNUTLS_GROUP_SECP521R1 = GNUTLS_ECC_CURVE_SECP521R1,
    866. 

  866. 	GNUTLS_GROUP_X25519 = GNUTLS_ECC_CURVE_X25519,
    867. 

  867. 

  868. 	GNUTLS_GROUP_FFDHE2048 = 256,
    869. 

  869. 	GNUTLS_GROUP_FFDHE3072,
    870. 

  870. 	GNUTLS_GROUP_FFDHE4096,
    871. 

  871. 	GNUTLS_GROUP_FFDHE8192,
    872. 

  872. 	GNUTLS_GROUP_MAX = GNUTLS_GROUP_FFDHE8192,
    873. 

  873. } gnutls_group_t;
    874. 

  874. 

  875. /* macros to allow specifying a specific curve in gnutls_privkey_generate()
    876. 

  876.  * and gnutls_x509_privkey_generate() */
    877. 

  877. #define GNUTLS_CURVE_TO_BITS(curve) (unsigned int)(((unsigned int)1<<31)|((unsigned int)(curve)))
    878. 

  878. #define GNUTLS_BITS_TO_CURVE(bits) (((unsigned int)(bits)) & 0x7FFFFFFF)
    879. 

  879. #define GNUTLS_BITS_ARE_CURVE(bits) (((unsigned int)(bits)) & 0x80000000)
    880. 

  880. 

  881. /**
    882. 

  882.  * gnutls_sec_param_t:
    883. 

  883.  * @GNUTLS_SEC_PARAM_UNKNOWN: Cannot be known
    884. 

  884.  * @GNUTLS_SEC_PARAM_INSECURE: Less than 42 bits of security
    885. 

  885.  * @GNUTLS_SEC_PARAM_EXPORT: 42 bits of security
    886. 

  886.  * @GNUTLS_SEC_PARAM_VERY_WEAK: 64 bits of security
    887. 

  887.  * @GNUTLS_SEC_PARAM_WEAK: 72 bits of security
    888. 

  888.  * @GNUTLS_SEC_PARAM_LOW: 80 bits of security
    889. 

  889.  * @GNUTLS_SEC_PARAM_LEGACY: 96 bits of security
    890. 

  890.  * @GNUTLS_SEC_PARAM_MEDIUM: 112 bits of security (used to be %GNUTLS_SEC_PARAM_NORMAL)
    891. 

  891.  * @GNUTLS_SEC_PARAM_HIGH: 128 bits of security
    892. 

  892.  * @GNUTLS_SEC_PARAM_ULTRA: 192 bits of security
    893. 

  893.  * @GNUTLS_SEC_PARAM_FUTURE: 256 bits of security
    894. 

  894.  *
    895. 

  895.  * Enumeration of security parameters for passive attacks.
    896. 

  896.  */
    897. 

  897. typedef enum {
    898. 

  898. 	GNUTLS_SEC_PARAM_UNKNOWN = 0,
    899. 

  899. 	GNUTLS_SEC_PARAM_INSECURE = 5,
    900. 

  900. 	GNUTLS_SEC_PARAM_EXPORT = 10,
    901. 

  901. 	GNUTLS_SEC_PARAM_VERY_WEAK = 15,
    902. 

  902. 	GNUTLS_SEC_PARAM_WEAK = 20,
    903. 

  903. 	GNUTLS_SEC_PARAM_LOW = 25,
    904. 

  904. 	GNUTLS_SEC_PARAM_LEGACY = 30,
    905. 

  905. 	GNUTLS_SEC_PARAM_MEDIUM = 35,
    906. 

  906. 	GNUTLS_SEC_PARAM_HIGH = 40,
    907. 

  907. 	GNUTLS_SEC_PARAM_ULTRA = 45,
    908. 

  908. 	GNUTLS_SEC_PARAM_FUTURE = 50,
    909. 

  909. 	GNUTLS_SEC_PARAM_MAX = GNUTLS_SEC_PARAM_FUTURE
    910. 

  910. } gnutls_sec_param_t;
    911. 

  911. 

  912. /* old name */
    913. 

  913. #define GNUTLS_SEC_PARAM_NORMAL GNUTLS_SEC_PARAM_MEDIUM
    914. 

  914. 

  915. /**
    916. 

  916.  * gnutls_channel_binding_t:
    917. 

  917.  * @GNUTLS_CB_TLS_UNIQUE: "tls-unique" (RFC 5929) channel binding
    918. 

  918.  *
    919. 

  919.  * Enumeration of support channel binding types.
    920. 

  920.  */
    921. 

  921. typedef enum {
    922. 

  922. 	GNUTLS_CB_TLS_UNIQUE
    923. 

  923. } gnutls_channel_binding_t;
    924. 

  924. 

  925. 

  926. /* If you want to change this, then also change the define in
    927. 

  927.  * gnutls_int.h, and recompile.
    928. 

  928.  */
    929. 

  929. typedef void *gnutls_transport_ptr_t;
    930. 

  930. 

  931. struct gnutls_session_int;
    932. 

  932. typedef struct gnutls_session_int *gnutls_session_t;
    933. 

  933. 

  934. struct gnutls_dh_params_int;
    935. 

  935. typedef struct gnutls_dh_params_int *gnutls_dh_params_t;
    936. 

  936. 

  937.   /* XXX ugly. */
    938. 

  938. struct gnutls_x509_privkey_int;
    939. 

  939. typedef struct gnutls_x509_privkey_int *gnutls_rsa_params_t;
    940. 

  940. 

  941. struct gnutls_priority_st;
    942. 

  942. typedef struct gnutls_priority_st *gnutls_priority_t;
    943. 

  943. 

  944. typedef struct {
    945. 

  945. 	unsigned char *data;
    946. 

  946. 	unsigned int size;
    947. 

  947. } gnutls_datum_t;
    948. 

  948. 

  949. 

  950. typedef struct gnutls_params_st {
    951. 

  951. 	gnutls_params_type_t type;
    952. 

  952. 	union params {
    953. 

  953. 		gnutls_dh_params_t dh;
    954. 

  954. 		gnutls_rsa_params_t rsa_export;
    955. 

  955. 	} params;
    956. 

  956. 	int deinit;
    957. 

  957. } gnutls_params_st;
    958. 

  958. 

  959. typedef int gnutls_params_function(gnutls_session_t, gnutls_params_type_t,
    960. 

  960. 				   gnutls_params_st *);
    961. 

  961. 

  962. /* internal functions */
    963. 

  963. 

  964. int gnutls_init(gnutls_session_t * session, unsigned int flags);
    965. 

  965. void gnutls_deinit(gnutls_session_t session);
    966. 

  966. #define _gnutls_deinit(x) gnutls_deinit(x)
    967. 

  967. 

  968. int gnutls_bye(gnutls_session_t session, gnutls_close_request_t how);
    969. 

  969. 

  970. int gnutls_handshake(gnutls_session_t session);
    971. 

  971. 

  972. #define GNUTLS_DEFAULT_HANDSHAKE_TIMEOUT ((unsigned int)-1)
    973. 

  973. #define GNUTLS_INDEFINITE_TIMEOUT ((unsigned int)-2)
    974. 

  974. void gnutls_handshake_set_timeout(gnutls_session_t session,
    975. 

  975. 				  unsigned int ms);
    976. 

  976. int gnutls_rehandshake(gnutls_session_t session);
    977. 

  977. 

  978. gnutls_alert_description_t gnutls_alert_get(gnutls_session_t session);
    979. 

  979. int gnutls_alert_send(gnutls_session_t session,
    980. 

  980. 		      gnutls_alert_level_t level,
    981. 

  981. 		      gnutls_alert_description_t desc);
    982. 

  982. int gnutls_alert_send_appropriate(gnutls_session_t session, int err);
    983. 

  983. const char *gnutls_alert_get_name(gnutls_alert_description_t alert);
    984. 

  984. const char *gnutls_alert_get_strname(gnutls_alert_description_t alert);
    985. 

  985. 

  986. gnutls_sec_param_t gnutls_pk_bits_to_sec_param(gnutls_pk_algorithm_t algo,
    987. 

  987. 					       unsigned int bits);
    988. 

  988. const char *gnutls_sec_param_get_name(gnutls_sec_param_t param);
    989. 

  989. unsigned int gnutls_sec_param_to_pk_bits(gnutls_pk_algorithm_t algo,
    990. 

  990. 					 gnutls_sec_param_t param);
    991. 

  991. unsigned int
    992. 

  992. 	gnutls_sec_param_to_symmetric_bits(gnutls_sec_param_t param) __GNUTLS_CONST__;
    993. 

  993. 

  994. /* Elliptic curves */
    995. 

  995. const char *
    996. 

  996. 	gnutls_ecc_curve_get_name(gnutls_ecc_curve_t curve) __GNUTLS_CONST__;
    997. 

  997. const char *
    998. 

  998. 	gnutls_ecc_curve_get_oid(gnutls_ecc_curve_t curve) __GNUTLS_CONST__;
    999. 

  999. 

  1000. const char *
    1001. 

  1001. 	gnutls_group_get_name(gnutls_group_t group) __GNUTLS_CONST__;
    1002. 

  1002. 

  1003. int
    1004. 

  1004. 	gnutls_ecc_curve_get_size(gnutls_ecc_curve_t curve) __GNUTLS_CONST__;
    1005. 

  1005. gnutls_ecc_curve_t gnutls_ecc_curve_get(gnutls_session_t session);
    1006. 

  1006. 

  1007. gnutls_group_t gnutls_group_get(gnutls_session_t session);
    1008. 

  1008. 

  1009. /* get information on the current session */
    1010. 

  1010. gnutls_cipher_algorithm_t gnutls_cipher_get(gnutls_session_t session);
    1011. 

  1011. gnutls_kx_algorithm_t gnutls_kx_get(gnutls_session_t session);
    1012. 

  1012. gnutls_mac_algorithm_t gnutls_mac_get(gnutls_session_t session);
    1013. 

  1013. gnutls_certificate_type_t
    1014. 

  1014. gnutls_certificate_type_get(gnutls_session_t session);
    1015. 

  1015. 

  1016. int gnutls_sign_algorithm_get(gnutls_session_t session);
    1017. 

  1017. int gnutls_sign_algorithm_get_client(gnutls_session_t session);
    1018. 

  1018. 

  1019. int gnutls_sign_algorithm_get_requested(gnutls_session_t session,
    1020. 

  1020. 					size_t indx,
    1021. 

  1021. 					gnutls_sign_algorithm_t * algo);
    1022. 

  1022. 

  1023. /* the name of the specified algorithms */
    1024. 

  1024. const char *
    1025. 

  1025. 	gnutls_cipher_get_name(gnutls_cipher_algorithm_t algorithm) __GNUTLS_CONST__;
    1026. 

  1026. const char *
    1027. 

  1027. 	gnutls_mac_get_name(gnutls_mac_algorithm_t algorithm) __GNUTLS_CONST__;
    1028. 

  1028. 

  1029. const char *
    1030. 

  1030. 	gnutls_digest_get_name(gnutls_digest_algorithm_t algorithm) __GNUTLS_CONST__;
    1031. 

  1031. const char *
    1032. 

  1032. 	gnutls_digest_get_oid(gnutls_digest_algorithm_t algorithm) __GNUTLS_CONST__;
    1033. 

  1033. 

  1034. const char *
    1035. 

  1035. 	gnutls_kx_get_name(gnutls_kx_algorithm_t algorithm) __GNUTLS_CONST__;
    1036. 

  1036. const char *
    1037. 

  1037. 	gnutls_certificate_type_get_name(gnutls_certificate_type_t
    1038. 

  1038. 					     type) __GNUTLS_CONST__;
    1039. 

  1039. const char *
    1040. 

  1040. 	gnutls_pk_get_name(gnutls_pk_algorithm_t algorithm) __GNUTLS_CONST__;
    1041. 

  1041. const char *
    1042. 

  1042. 	gnutls_pk_get_oid(gnutls_pk_algorithm_t algorithm) __GNUTLS_CONST__;
    1043. 

  1043. 

  1044. const char *
    1045. 

  1045. 	gnutls_sign_get_name(gnutls_sign_algorithm_t algorithm) __GNUTLS_CONST__;
    1046. 

  1046. 

  1047. const char *gnutls_sign_get_oid(gnutls_sign_algorithm_t sign) __GNUTLS_CONST__;
    1048. 

  1048. 

  1049. size_t
    1050. 

  1050. 	gnutls_cipher_get_key_size(gnutls_cipher_algorithm_t algorithm) __GNUTLS_CONST__;
    1051. 

  1051. size_t
    1052. 

  1052. 	gnutls_mac_get_key_size(gnutls_mac_algorithm_t algorithm) __GNUTLS_CONST__;
    1053. 

  1053. 

  1054. unsigned gnutls_sign_is_secure(gnutls_sign_algorithm_t algorithm) __GNUTLS_CONST__;
    1055. 

  1055. 

  1056. /* It is possible that a signature algorithm is ok to use for short-lived
    1057. 

  1057.  * data (e.g., to sign a TLS session), but not for data that are long-lived
    1058. 

  1058.  * like certificates. This flag is about checking the security of the algorithm
    1059. 

  1059.  * for long-lived data. */
    1060. 

  1060. #define GNUTLS_SIGN_FLAG_SECURE_FOR_CERTS 1
    1061. 

  1061. unsigned gnutls_sign_is_secure2(gnutls_sign_algorithm_t algorithm, unsigned int flags) __GNUTLS_CONST__;
    1062. 

  1062. 

  1063. gnutls_digest_algorithm_t
    1064. 

  1064. 	gnutls_sign_get_hash_algorithm(gnutls_sign_algorithm_t sign) __GNUTLS_CONST__;
    1065. 

  1065. gnutls_pk_algorithm_t
    1066. 

  1066. 	gnutls_sign_get_pk_algorithm(gnutls_sign_algorithm_t sign) __GNUTLS_CONST__;
    1067. 

  1067. gnutls_sign_algorithm_t
    1068. 

  1068. 	gnutls_pk_to_sign(gnutls_pk_algorithm_t pk,
    1069. 

  1069. 		  gnutls_digest_algorithm_t hash) __GNUTLS_CONST__;
    1070. 

  1070. 

  1071. unsigned
    1072. 

  1072. gnutls_sign_supports_pk_algorithm(gnutls_sign_algorithm_t sign, gnutls_pk_algorithm_t pk) __GNUTLS_CONST__;
    1073. 

  1073. 

  1074. #define gnutls_sign_algorithm_get_name gnutls_sign_get_name
    1075. 

  1075. 

  1076. gnutls_mac_algorithm_t gnutls_mac_get_id(const char *name) __GNUTLS_CONST__;
    1077. 

  1077. gnutls_digest_algorithm_t gnutls_digest_get_id(const char *name) __GNUTLS_CONST__;
    1078. 

  1078. 

  1079. gnutls_cipher_algorithm_t
    1080. 

  1080. 	gnutls_cipher_get_id(const char *name) __GNUTLS_CONST__;
    1081. 

  1081. 

  1082. gnutls_kx_algorithm_t
    1083. 

  1083. 	gnutls_kx_get_id(const char *name) __GNUTLS_CONST__;
    1084. 

  1084. gnutls_protocol_t
    1085. 

  1085. 	gnutls_protocol_get_id(const char *name) __GNUTLS_CONST__;
    1086. 

  1086. gnutls_certificate_type_t
    1087. 

  1087. 	gnutls_certificate_type_get_id(const char *name) __GNUTLS_CONST__;
    1088. 

  1088. gnutls_pk_algorithm_t
    1089. 

  1089. 	gnutls_pk_get_id(const char *name) __GNUTLS_CONST__;
    1090. 

  1090. gnutls_sign_algorithm_t
    1091. 

  1091. 	gnutls_sign_get_id(const char *name) __GNUTLS_CONST__;
    1092. 

  1092. gnutls_ecc_curve_t gnutls_ecc_curve_get_id(const char *name)  __GNUTLS_CONST__;
    1093. 

  1093. gnutls_pk_algorithm_t gnutls_ecc_curve_get_pk(gnutls_ecc_curve_t curve) __GNUTLS_CONST__;
    1094. 

  1094. gnutls_group_t gnutls_group_get_id(const char *name);
    1095. 

  1095. 

  1096. gnutls_digest_algorithm_t
    1097. 

  1097. 	gnutls_oid_to_digest(const char *oid)  __GNUTLS_CONST__;
    1098. 

  1098. gnutls_mac_algorithm_t
    1099. 

  1099. 	gnutls_oid_to_mac(const char *oid)  __GNUTLS_CONST__;
    1100. 

  1100. gnutls_pk_algorithm_t
    1101. 

  1101. 	gnutls_oid_to_pk(const char *oid) __GNUTLS_CONST__;
    1102. 

  1102. gnutls_sign_algorithm_t
    1103. 

  1103. 	gnutls_oid_to_sign(const char *oid) __GNUTLS_CONST__;
    1104. 

  1104. gnutls_ecc_curve_t
    1105. 

  1105. 	gnutls_oid_to_ecc_curve(const char *oid) __GNUTLS_CONST__;
    1106. 

  1106. 

  1107.   /* list supported algorithms */
    1108. 

  1108. const gnutls_ecc_curve_t *
    1109. 

  1109. 	gnutls_ecc_curve_list(void)  __GNUTLS_PURE__;
    1110. 

  1110. const gnutls_group_t *
    1111. 

  1111. 	gnutls_group_list(void)  __GNUTLS_PURE__;
    1112. 

  1112. const gnutls_cipher_algorithm_t *
    1113. 

  1113. 	gnutls_cipher_list(void) __GNUTLS_PURE__;
    1114. 

  1114. const gnutls_mac_algorithm_t *
    1115. 

  1115. 	gnutls_mac_list(void) __GNUTLS_PURE__;
    1116. 

  1116. const gnutls_digest_algorithm_t *
    1117. 

  1117. 	gnutls_digest_list(void) __GNUTLS_PURE__;
    1118. 

  1118. const gnutls_protocol_t *
    1119. 

  1119. 	gnutls_protocol_list(void) __GNUTLS_PURE__;
    1120. 

  1120. const gnutls_certificate_type_t *
    1121. 

  1121. 	gnutls_certificate_type_list(void) __GNUTLS_PURE__;
    1122. 

  1122. const gnutls_kx_algorithm_t *
    1123. 

  1123. 	gnutls_kx_list(void) __GNUTLS_PURE__;
    1124. 

  1124. const gnutls_pk_algorithm_t *
    1125. 

  1125. 	gnutls_pk_list(void) __GNUTLS_PURE__;
    1126. 

  1126. const gnutls_sign_algorithm_t *
    1127. 

  1127. 	gnutls_sign_list(void) __GNUTLS_PURE__;
    1128. 

  1128. const char *
    1129. 

  1129. 	gnutls_cipher_suite_info(size_t idx,
    1130. 

  1130. 			         unsigned char *cs_id,
    1131. 

  1131. 				 gnutls_kx_algorithm_t * kx,
    1132. 

  1132. 				 gnutls_cipher_algorithm_t * cipher,
    1133. 

  1133. 				 gnutls_mac_algorithm_t * mac,
    1134. 

  1134. 				 gnutls_protocol_t * min_version);
    1135. 

  1135. 

  1136.   /* error functions */
    1137. 

  1137. int gnutls_error_is_fatal(int error) __GNUTLS_CONST__;
    1138. 

  1138. int gnutls_error_to_alert(int err, int *level);
    1139. 

  1139. 

  1140. void gnutls_perror(int error);
    1141. 

  1141. const char * gnutls_strerror(int error) __GNUTLS_CONST__;
    1142. 

  1142. const char * gnutls_strerror_name(int error) __GNUTLS_CONST__;
    1143. 

  1143. 

  1144. /* Semi-internal functions.
    1145. 

  1145.  */
    1146. 

  1146. void gnutls_handshake_set_private_extensions(gnutls_session_t session,
    1147. 

  1147. 					     int allow);
    1148. 

  1148. int gnutls_handshake_set_random(gnutls_session_t session,
    1149. 

  1149. 				const gnutls_datum_t * random);
    1150. 

  1150. 

  1151. gnutls_handshake_description_t
    1152. 

  1152. gnutls_handshake_get_last_out(gnutls_session_t session);
    1153. 

  1153. gnutls_handshake_description_t
    1154. 

  1154. gnutls_handshake_get_last_in(gnutls_session_t session);
    1155. 

  1155. 

  1156. /* Record layer functions.
    1157. 

  1157.  */
    1158. 

  1158. #define GNUTLS_HEARTBEAT_WAIT 1
    1159. 

  1159. int gnutls_heartbeat_ping(gnutls_session_t session, size_t data_size,
    1160. 

  1160. 			  unsigned int max_tries, unsigned int flags);
    1161. 

  1161. int gnutls_heartbeat_pong(gnutls_session_t session, unsigned int flags);
    1162. 

  1162. 

  1163. void gnutls_record_set_timeout(gnutls_session_t session, unsigned int ms);
    1164. 

  1164. void gnutls_record_disable_padding(gnutls_session_t session);
    1165. 

  1165. 

  1166. void gnutls_record_cork(gnutls_session_t session);
    1167. 

  1167. #define GNUTLS_RECORD_WAIT 1
    1168. 

  1168. int gnutls_record_uncork(gnutls_session_t session, unsigned int flags);
    1169. 

  1169. size_t gnutls_record_discard_queued(gnutls_session_t session);
    1170. 

  1170. 

  1171. int
    1172. 

  1172. gnutls_record_get_state(gnutls_session_t session,
    1173. 

  1173. 			unsigned read,
    1174. 

  1174. 			gnutls_datum_t *mac_key,
    1175. 

  1175. 			gnutls_datum_t *IV,
    1176. 

  1176. 			gnutls_datum_t *cipher_key,
    1177. 

  1177. 			unsigned char seq_number[8]);
    1178. 

  1178. 

  1179. int
    1180. 

  1180. gnutls_record_set_state(gnutls_session_t session,
    1181. 

  1181. 			unsigned read,
    1182. 

  1182. 			unsigned char seq_number[8]);
    1183. 

  1183. 

  1184. typedef struct {
    1185. 

  1185. 	size_t low;
    1186. 

  1186. 	size_t high;
    1187. 

  1187. } gnutls_range_st;
    1188. 

  1188. 

  1189. int gnutls_range_split(gnutls_session_t session,
    1190. 

  1190. 		       const gnutls_range_st * orig,
    1191. 

  1191. 		       gnutls_range_st * small_range,
    1192. 

  1192. 		       gnutls_range_st * rem_range);
    1193. 

  1193. 

  1194. ssize_t gnutls_record_send(gnutls_session_t session, const void *data,
    1195. 

  1195. 			   size_t data_size);
    1196. 

  1196. ssize_t gnutls_record_send_range(gnutls_session_t session,
    1197. 

  1197. 				 const void *data, size_t data_size,
    1198. 

  1198. 				 const gnutls_range_st * range);
    1199. 

  1199. ssize_t gnutls_record_recv(gnutls_session_t session, void *data,
    1200. 

  1200. 			   size_t data_size);
    1201. 

  1201. 

  1202. typedef struct mbuffer_st *gnutls_packet_t;
    1203. 

  1203. 

  1204. ssize_t
    1205. 

  1205. gnutls_record_recv_packet(gnutls_session_t session, 
    1206. 

  1206. 			  gnutls_packet_t *packet);
    1207. 

  1207. 

  1208. void gnutls_packet_get(gnutls_packet_t packet, gnutls_datum_t *data, unsigned char *sequence);
    1209. 

  1209. void gnutls_packet_deinit(gnutls_packet_t packet);
    1210. 

  1210. 

  1211. #define gnutls_read gnutls_record_recv
    1212. 

  1212. #define gnutls_write gnutls_record_send
    1213. 

  1213. ssize_t gnutls_record_recv_seq(gnutls_session_t session, void *data,
    1214. 

  1214. 			       size_t data_size, unsigned char *seq);
    1215. 

  1215. 

  1216. size_t gnutls_record_overhead_size(gnutls_session_t session);
    1217. 

  1217. 

  1218. size_t
    1219. 

  1219. 	gnutls_est_record_overhead_size(gnutls_protocol_t version,
    1220. 

  1220. 				        gnutls_cipher_algorithm_t cipher,
    1221. 

  1221. 				        gnutls_mac_algorithm_t mac,
    1222. 

  1222. 				        gnutls_compression_method_t comp,
    1223. 

  1223. 				        unsigned int flags) __GNUTLS_CONST__;
    1224. 

  1224. 

  1225. void gnutls_session_enable_compatibility_mode(gnutls_session_t session);
    1226. 

  1226. #define gnutls_record_set_max_empty_records(session, x)
    1227. 

  1227. 

  1228. int gnutls_record_can_use_length_hiding(gnutls_session_t session);
    1229. 

  1229. 

  1230. int gnutls_record_get_direction(gnutls_session_t session);
    1231. 

  1231. 

  1232. size_t gnutls_record_get_max_size(gnutls_session_t session);
    1233. 

  1233. ssize_t gnutls_record_set_max_size(gnutls_session_t session, size_t size);
    1234. 

  1234. 

  1235. size_t gnutls_record_check_pending(gnutls_session_t session);
    1236. 

  1236. size_t gnutls_record_check_corked(gnutls_session_t session);
    1237. 

  1237. 

  1238. void gnutls_session_force_valid(gnutls_session_t session);
    1239. 

  1239. 

  1240. int gnutls_prf(gnutls_session_t session,
    1241. 

  1241. 	       size_t label_size, const char *label,
    1242. 

  1242. 	       int server_random_first,
    1243. 

  1243. 	       size_t extra_size, const char *extra,
    1244. 

  1244. 	       size_t outsize, char *out);
    1245. 

  1245. int gnutls_prf_rfc5705(gnutls_session_t session,
    1246. 

  1246. 	       size_t label_size, const char *label,
    1247. 

  1247. 	       size_t context_size, const char *context,
    1248. 

  1248. 	       size_t outsize, char *out);
    1249. 

  1249. 

  1250. int gnutls_prf_raw(gnutls_session_t session,
    1251. 

  1251. 		   size_t label_size, const char *label,
    1252. 

  1252. 		   size_t seed_size, const char *seed,
    1253. 

  1253. 		   size_t outsize, char *out);
    1254. 

  1254. 

  1255. /**
    1256. 

  1256.  * gnutls_server_name_type_t:
    1257. 

  1257.  * @GNUTLS_NAME_DNS: Domain Name System name type.
    1258. 

  1258.  *
    1259. 

  1259.  * Enumeration of different server name types.
    1260. 

  1260.  */
    1261. 

  1261. typedef enum {
    1262. 

  1262. 	GNUTLS_NAME_DNS = 1
    1263. 

  1263. } gnutls_server_name_type_t;
    1264. 

  1264. 

  1265. int gnutls_server_name_set(gnutls_session_t session,
    1266. 

  1266. 			   gnutls_server_name_type_t type,
    1267. 

  1267. 			   const void *name, size_t name_length);
    1268. 

  1268. 

  1269. int gnutls_server_name_get(gnutls_session_t session,
    1270. 

  1270. 			   void *data, size_t * data_length,
    1271. 

  1271. 			   unsigned int *type, unsigned int indx);
    1272. 

  1272. 

  1273. unsigned int gnutls_heartbeat_get_timeout(gnutls_session_t session);
    1274. 

  1274. void gnutls_heartbeat_set_timeouts(gnutls_session_t session,
    1275. 

  1275. 				   unsigned int retrans_timeout,
    1276. 

  1276. 				   unsigned int total_timeout);
    1277. 

  1277. 

  1278. #define GNUTLS_HB_PEER_ALLOWED_TO_SEND (1)
    1279. 

  1279. #define GNUTLS_HB_PEER_NOT_ALLOWED_TO_SEND (1<<1)
    1280. 

  1280. 

  1281.   /* Heartbeat */
    1282. 

  1282. void gnutls_heartbeat_enable(gnutls_session_t session, unsigned int type);
    1283. 

  1283. 

  1284. #define GNUTLS_HB_LOCAL_ALLOWED_TO_SEND (1<<2)
    1285. 

  1285. unsigned gnutls_heartbeat_allowed(gnutls_session_t session, unsigned int type);
    1286. 

  1286. 

  1287.   /* Safe renegotiation */
    1288. 

  1288. unsigned gnutls_safe_renegotiation_status(gnutls_session_t session);
    1289. 

  1289. unsigned gnutls_session_ext_master_secret_status(gnutls_session_t session);
    1290. 

  1290. unsigned gnutls_session_etm_status(gnutls_session_t session);
    1291. 

  1291. 

  1292. /**
    1293. 

  1293.  * gnutls_session_flags_t:
    1294. 

  1294.  * @GNUTLS_SFLAGS_SAFE_RENEGOTIATION: Safe renegotiation (RFC5746) was used
    1295. 

  1295.  * @GNUTLS_SFLAGS_EXT_MASTER_SECRET: The extended master secret (RFC7627) extension was used
    1296. 

  1296.  * @GNUTLS_SFLAGS_ETM: The encrypt then MAC (RFC7366) extension was used
    1297. 

  1297.  * @GNUTLS_SFLAGS_RFC7919: The RFC7919 Diffie-Hellman parameters were negotiated
    1298. 

  1298.  * @GNUTLS_SFLAGS_HB_LOCAL_SEND: The heartbeat negotiation allows the local side to send heartbeat messages
    1299. 

  1299.  * @GNUTLS_SFLAGS_HB_PEER_SEND: The heartbeat negotiation allows the peer to send heartbeat messages
    1300. 

  1300.  * @GNUTLS_SFLAGS_FALSE_START: The appdata set with gnutls_handshake_set_appdata() were sent during handshake (false start)
    1301. 

  1301.  *
    1302. 

  1302.  * Enumeration of different session parameters.
    1303. 

  1303.  */
    1304. 

  1304. typedef enum {
    1305. 

  1305. 	GNUTLS_SFLAGS_SAFE_RENEGOTIATION = 1,
    1306. 

  1306. 	GNUTLS_SFLAGS_EXT_MASTER_SECRET = 1<<1,
    1307. 

  1307. 	GNUTLS_SFLAGS_ETM = 1<<2,
    1308. 

  1308. 	GNUTLS_SFLAGS_HB_LOCAL_SEND = 1<<3,
    1309. 

  1309. 	GNUTLS_SFLAGS_HB_PEER_SEND = 1<<4,
    1310. 

  1310. 	GNUTLS_SFLAGS_FALSE_START = 1<<5,
    1311. 

  1311. 	GNUTLS_SFLAGS_RFC7919 = 1<<6
    1312. 

  1312. } gnutls_session_flags_t;
    1313. 

  1313. 

  1314. unsigned gnutls_session_get_flags(gnutls_session_t session);
    1315. 

  1315. 

  1316. /**
    1317. 

  1317.  * gnutls_supplemental_data_format_type_t:
    1318. 

  1318.  * @GNUTLS_SUPPLEMENTAL_UNKNOWN: Unknown data format
    1319. 

  1319.  *
    1320. 

  1320.  * Enumeration of different supplemental data types (RFC 4680).
    1321. 

  1321.  */
    1322. 

  1322. typedef enum {
    1323. 

  1323. 	GNUTLS_SUPPLEMENTAL_UNKNOWN = 0,
    1324. 

  1324. } gnutls_supplemental_data_format_type_t;
    1325. 

  1325. 

  1326. const char
    1327. 

  1327. *gnutls_supplemental_get_name(gnutls_supplemental_data_format_type_t type);
    1328. 

  1328. 

  1329.   /* SessionTicket, RFC 5077. */
    1330. 

  1330. int gnutls_session_ticket_key_generate(gnutls_datum_t * key);
    1331. 

  1331. int gnutls_session_ticket_enable_client(gnutls_session_t session);
    1332. 

  1332. int gnutls_session_ticket_enable_server(gnutls_session_t session,
    1333. 

  1333. 					const gnutls_datum_t * key);
    1334. 

  1334. 

  1335.   /* SRTP, RFC 5764 */
    1336. 

  1336. 

  1337. /**
    1338. 

  1338.  * gnutls_srtp_profile_t:
    1339. 

  1339.  * @GNUTLS_SRTP_AES128_CM_HMAC_SHA1_80: 128 bit AES with a 80 bit HMAC-SHA1
    1340. 

  1340.  * @GNUTLS_SRTP_AES128_CM_HMAC_SHA1_32: 128 bit AES with a 32 bit HMAC-SHA1
    1341. 

  1341.  * @GNUTLS_SRTP_NULL_HMAC_SHA1_80: NULL cipher with a 80 bit HMAC-SHA1
    1342. 

  1342.  * @GNUTLS_SRTP_NULL_HMAC_SHA1_32: NULL cipher with a 32 bit HMAC-SHA1
    1343. 

  1343.  *
    1344. 

  1344.  * Enumeration of different SRTP protection profiles.
    1345. 

  1345.  */
    1346. 

  1346. typedef enum {
    1347. 

  1347. 	GNUTLS_SRTP_AES128_CM_HMAC_SHA1_80 = 0x0001,
    1348. 

  1348. 	GNUTLS_SRTP_AES128_CM_HMAC_SHA1_32 = 0x0002,
    1349. 

  1349. 	GNUTLS_SRTP_NULL_HMAC_SHA1_80 = 0x0005,
    1350. 

  1350. 	GNUTLS_SRTP_NULL_HMAC_SHA1_32 = 0x0006
    1351. 

  1351. } gnutls_srtp_profile_t;
    1352. 

  1352. 

  1353. int gnutls_srtp_set_profile(gnutls_session_t session,
    1354. 

  1354. 			    gnutls_srtp_profile_t profile);
    1355. 

  1355. int gnutls_srtp_set_profile_direct(gnutls_session_t session,
    1356. 

  1356. 				   const char *profiles,
    1357. 

  1357. 				   const char **err_pos);
    1358. 

  1358. int gnutls_srtp_get_selected_profile(gnutls_session_t session,
    1359. 

  1359. 				     gnutls_srtp_profile_t * profile);
    1360. 

  1360. 

  1361. const char *gnutls_srtp_get_profile_name(gnutls_srtp_profile_t profile);
    1362. 

  1362. int gnutls_srtp_get_profile_id(const char *name,
    1363. 

  1363. 			       gnutls_srtp_profile_t * profile);
    1364. 

  1364. int gnutls_srtp_get_keys(gnutls_session_t session,
    1365. 

  1365. 			 void *key_material,
    1366. 

  1366. 			 unsigned int key_material_size,
    1367. 

  1367. 			 gnutls_datum_t * client_key,
    1368. 

  1368. 			 gnutls_datum_t * client_salt,
    1369. 

  1369. 			 gnutls_datum_t * server_key,
    1370. 

  1370. 			 gnutls_datum_t * server_salt);
    1371. 

  1371. 

  1372. int gnutls_srtp_set_mki(gnutls_session_t session,
    1373. 

  1373. 			const gnutls_datum_t * mki);
    1374. 

  1374. int gnutls_srtp_get_mki(gnutls_session_t session, gnutls_datum_t * mki);
    1375. 

  1375. 

  1376. /* ALPN TLS extension */
    1377. 

  1377. 

  1378. /**
    1379. 

  1379.  * gnutls_alpn_flags_t:
    1380. 

  1380.  * @GNUTLS_ALPN_MANDATORY: Require ALPN negotiation. The connection will be
    1381. 

  1381.  *   aborted if no matching ALPN protocol is found.
    1382. 

  1382.  * @GNUTLS_ALPN_SERVER_PRECEDENCE: The choices set by the server
    1383. 

  1383.  *   will take precedence over the client's.
    1384. 

  1384.  *
    1385. 

  1385.  * Enumeration of different ALPN flags. These are used by gnutls_alpn_set_protocols().
    1386. 

  1386.  */
    1387. 

  1387. typedef enum {
    1388. 

  1388. 	GNUTLS_ALPN_MANDATORY = 1,
    1389. 

  1389. 	GNUTLS_ALPN_SERVER_PRECEDENCE = (1<<1)
    1390. 

  1390. } gnutls_alpn_flags_t;
    1391. 

  1391. 

  1392. #define GNUTLS_ALPN_MAND GNUTLS_ALPN_MANDATORY
    1393. 

  1393. int gnutls_alpn_get_selected_protocol(gnutls_session_t session,
    1394. 

  1394. 				      gnutls_datum_t * protocol);
    1395. 

  1395. int gnutls_alpn_set_protocols(gnutls_session_t session,
    1396. 

  1396. 			      const gnutls_datum_t * protocols,
    1397. 

  1397. 			      unsigned protocols_size, unsigned flags);
    1398. 

  1398. 

  1399. int gnutls_key_generate(gnutls_datum_t * key, unsigned int key_size);
    1400. 

  1400. 

  1401. /* if you just want some defaults, use the following.
    1402. 

  1402.  */
    1403. 

  1403. 

  1404. int gnutls_priority_init(gnutls_priority_t * priority_cache,
    1405. 

  1405. 			 const char *priorities, const char **err_pos);
    1406. 

  1406. void gnutls_priority_deinit(gnutls_priority_t priority_cache);
    1407. 

  1407. int gnutls_priority_get_cipher_suite_index(gnutls_priority_t pcache,
    1408. 

  1408. 					   unsigned int idx,
    1409. 

  1409. 					   unsigned int *sidx);
    1410. 

  1410. 

  1411. #define GNUTLS_PRIORITY_LIST_INIT_KEYWORDS 1
    1412. 

  1412. #define GNUTLS_PRIORITY_LIST_SPECIAL 2
    1413. 

  1413. const char *
    1414. 

  1414. gnutls_priority_string_list(unsigned iter, unsigned int flags);
    1415. 

  1415. 

  1416. int gnutls_priority_set(gnutls_session_t session,
    1417. 

  1417. 			gnutls_priority_t priority);
    1418. 

  1418. 

  1419. int gnutls_priority_set_direct(gnutls_session_t session,
    1420. 

  1420. 			       const char *priorities,
    1421. 

  1421. 			       const char **err_pos);
    1422. 

  1422. 

  1423. int gnutls_priority_certificate_type_list(gnutls_priority_t pcache,
    1424. 

  1424. 					  const unsigned int **list);
    1425. 

  1425. int gnutls_priority_sign_list(gnutls_priority_t pcache,
    1426. 

  1426. 			      const unsigned int **list);
    1427. 

  1427. int gnutls_priority_protocol_list(gnutls_priority_t pcache,
    1428. 

  1428. 				  const unsigned int **list);
    1429. 

  1429. int gnutls_priority_ecc_curve_list(gnutls_priority_t pcache,
    1430. 

  1430. 				   const unsigned int **list);
    1431. 

  1431. int
    1432. 

  1432. gnutls_priority_group_list(gnutls_priority_t pcache,
    1433. 

  1433. 			   const unsigned int **list);
    1434. 

  1434. 

  1435. int gnutls_priority_kx_list(gnutls_priority_t pcache,
    1436. 

  1436. 			    const unsigned int **list);
    1437. 

  1437. int gnutls_priority_cipher_list(gnutls_priority_t pcache,
    1438. 

  1438. 				const unsigned int **list);
    1439. 

  1439. int gnutls_priority_mac_list(gnutls_priority_t pcache,
    1440. 

  1440. 			     const unsigned int **list);
    1441. 

  1441. 

  1442.   /* for compatibility
    1443. 

  1443.    */
    1444. 

  1444. int gnutls_set_default_priority(gnutls_session_t session);
    1445. 

  1445. 

  1446. /* Returns the name of a cipher suite */
    1447. 

  1447. const char *
    1448. 

  1448. 	gnutls_cipher_suite_get_name(gnutls_kx_algorithm_t kx_algorithm,
    1449. 

  1449. 				     gnutls_cipher_algorithm_t cipher_algorithm,
    1450. 

  1450. 				     gnutls_mac_algorithm_t mac_algorithm) __GNUTLS_CONST__;
    1451. 

  1451. 

  1452. /* get the currently used protocol version */
    1453. 

  1453. gnutls_protocol_t gnutls_protocol_get_version(gnutls_session_t session);
    1454. 

  1454. 

  1455. const char *
    1456. 

  1456. 	gnutls_protocol_get_name(gnutls_protocol_t version) __GNUTLS_CONST__;
    1457. 

  1457. 

  1458. 

  1459. /* get/set session 
    1460. 

  1460.  */
    1461. 

  1461. int gnutls_session_set_data(gnutls_session_t session,
    1462. 

  1462. 			    const void *session_data,
    1463. 

  1463. 			    size_t session_data_size);
    1464. 

  1464. int gnutls_session_get_data(gnutls_session_t session, void *session_data,
    1465. 

  1465. 			    size_t * session_data_size);
    1466. 

  1466. int gnutls_session_get_data2(gnutls_session_t session,
    1467. 

  1467. 			     gnutls_datum_t * data);
    1468. 

  1468. void gnutls_session_get_random(gnutls_session_t session,
    1469. 

  1469. 			       gnutls_datum_t * client,
    1470. 

  1470. 			       gnutls_datum_t * server);
    1471. 

  1471. 

  1472. void gnutls_session_get_master_secret(gnutls_session_t session,
    1473. 

  1473. 			              gnutls_datum_t * secret);
    1474. 

  1474. 

  1475. char *gnutls_session_get_desc(gnutls_session_t session);
    1476. 

  1476. 

  1477. typedef int gnutls_certificate_verify_function(gnutls_session_t);
    1478. 

  1478. void gnutls_session_set_verify_function(gnutls_session_t session, gnutls_certificate_verify_function * func);
    1479. 

  1479. 

  1480. /**
    1481. 

  1481.  * gnutls_vdata_types_t:
    1482. 

  1482.  * @GNUTLS_DT_UNKNOWN: Unknown data type.
    1483. 

  1483.  * @GNUTLS_DT_DNS_HOSTNAME: The data contain a null-terminated DNS hostname; the hostname will be 
    1484. 

  1484.  *   matched using the RFC6125 rules. If the data contain a textual IP (v4 or v6) address it will
    1485. 

  1485.  *   be marched against the IPAddress Alternative name, unless the verification flag %GNUTLS_VERIFY_DO_NOT_ALLOW_IP_MATCHES
    1486. 

  1486.  *   is specified.
    1487. 

  1487.  * @GNUTLS_DT_IP_ADDRESS: The data contain a raw IP address (4 or 16 bytes). If will be matched
    1488. 

  1488.  *   against the IPAddress Alternative name; option available since 3.6.0.
    1489. 

  1489.  * @GNUTLS_DT_RFC822NAME: The data contain a null-terminated email address; the email will be
    1490. 

  1490.  *   matched against the RFC822Name Alternative name of the certificate, or the EMAIL DN component if the
    1491. 

  1491.  *   former isn't available. Prior to matching the email address will be converted to ACE
    1492. 

  1492.  *   (ASCII-compatible-encoding).
    1493. 

  1493.  * @GNUTLS_DT_KEY_PURPOSE_OID: The data contain a null-terminated key purpose OID. It will be matched
    1494. 

  1494.  *   against the certificate's Extended Key Usage extension.
    1495. 

  1495.  *
    1496. 

  1496.  * Enumeration of different typed-data options. They are used as input to certificate
    1497. 

  1497.  * verification functions to provide information about the name and purpose of the
    1498. 

  1498.  * certificate. Only a single option of a type can be provided to the relevant functions
    1499. 

  1499.  * (i.e., options %GNUTLS_DT_DNS_HOSTNAME, %GNUTLS_DT_IP_ADDRESS and
    1500. 

  1500.  * %GNUTLS_DT_RFC822NAME cannot be combined).
    1501. 

  1501.  */
    1502. 

  1502. typedef enum {
    1503. 

  1503. 	GNUTLS_DT_UNKNOWN = 0,
    1504. 

  1504. 	GNUTLS_DT_DNS_HOSTNAME = 1,
    1505. 

  1505. 	GNUTLS_DT_KEY_PURPOSE_OID = 2,
    1506. 

  1506. 	GNUTLS_DT_RFC822NAME = 3,
    1507. 

  1507. 	GNUTLS_DT_IP_ADDRESS = 4
    1508. 

  1508. } gnutls_vdata_types_t;
    1509. 

  1509. 

  1510. typedef struct {
    1511. 

  1511. 	gnutls_vdata_types_t type;
    1512. 

  1512. 	unsigned char *data;
    1513. 

  1513. 	unsigned int size;
    1514. 

  1514. } gnutls_typed_vdata_st;
    1515. 

  1515. 

  1516. void gnutls_session_set_verify_cert(gnutls_session_t session,
    1517. 

  1517. 			       const char *hostname, unsigned flags);
    1518. 

  1518. 

  1519. void
    1520. 

  1520. gnutls_session_set_verify_cert2(gnutls_session_t session,
    1521. 

  1521. 				gnutls_typed_vdata_st * data,
    1522. 

  1522. 				unsigned elements, unsigned flags);
    1523. 

  1523. 

  1524. unsigned int gnutls_session_get_verify_cert_status(gnutls_session_t);
    1525. 

  1525. 

  1526. int gnutls_session_set_premaster(gnutls_session_t session,
    1527. 

  1527. 				 unsigned int entity,
    1528. 

  1528. 				 gnutls_protocol_t version,
    1529. 

  1529. 				 gnutls_kx_algorithm_t kx,
    1530. 

  1530. 				 gnutls_cipher_algorithm_t cipher,
    1531. 

  1531. 				 gnutls_mac_algorithm_t mac,
    1532. 

  1532. 				 gnutls_compression_method_t comp,
    1533. 

  1533. 				 const gnutls_datum_t * master,
    1534. 

  1534. 				 const gnutls_datum_t * session_id);
    1535. 

  1535. 

  1536. /* returns the session ID */
    1537. 

  1537. #define GNUTLS_MAX_SESSION_ID 32
    1538. 

  1538. int gnutls_session_get_id(gnutls_session_t session, void *session_id,
    1539. 

  1539. 			  size_t * session_id_size);
    1540. 

  1540. int gnutls_session_get_id2(gnutls_session_t session,
    1541. 

  1541. 			   gnutls_datum_t * session_id);
    1542. 

  1542. 

  1543. int gnutls_session_set_id(gnutls_session_t session,
    1544. 

  1544. 			  const gnutls_datum_t * sid);
    1545. 

  1545. 

  1546. int gnutls_session_channel_binding(gnutls_session_t session,
    1547. 

  1547. 				   gnutls_channel_binding_t cbtype,
    1548. 

  1548. 				   gnutls_datum_t * cb);
    1549. 

  1549. 

  1550. /* checks if this session is a resumed one 
    1551. 

  1551.  */
    1552. 

  1552. int gnutls_session_is_resumed(gnutls_session_t session);
    1553. 

  1553. int gnutls_session_resumption_requested(gnutls_session_t session);
    1554. 

  1554. 

  1555. typedef int (*gnutls_db_store_func) (void *, gnutls_datum_t key,
    1556. 

  1556. 				     gnutls_datum_t data);
    1557. 

  1557. typedef int (*gnutls_db_remove_func) (void *, gnutls_datum_t key);
    1558. 

  1558. typedef gnutls_datum_t(*gnutls_db_retr_func) (void *, gnutls_datum_t key);
    1559. 

  1559. 

  1560. void gnutls_db_set_cache_expiration(gnutls_session_t session, int seconds);
    1561. 

  1561. unsigned gnutls_db_get_default_cache_expiration(void);
    1562. 

  1562. 

  1563. void gnutls_db_remove_session(gnutls_session_t session);
    1564. 

  1564. void gnutls_db_set_retrieve_function(gnutls_session_t session,
    1565. 

  1565. 				     gnutls_db_retr_func retr_func);
    1566. 

  1566. void gnutls_db_set_remove_function(gnutls_session_t session,
    1567. 

  1567. 				   gnutls_db_remove_func rem_func);
    1568. 

  1568. void gnutls_db_set_store_function(gnutls_session_t session,
    1569. 

  1569. 				  gnutls_db_store_func store_func);
    1570. 

  1570. void gnutls_db_set_ptr(gnutls_session_t session, void *ptr);
    1571. 

  1571. void *gnutls_db_get_ptr(gnutls_session_t session);
    1572. 

  1572. int gnutls_db_check_entry(gnutls_session_t session,
    1573. 

  1573. 			  gnutls_datum_t session_entry);
    1574. 

  1574. time_t gnutls_db_check_entry_time(gnutls_datum_t * entry);
    1575. 

  1575. 

  1576.   /**
    1577. 

  1577.    * gnutls_handshake_hook_func:
    1578. 

  1578.    * @session: the current session
    1579. 

  1579.    * @htype: the type of the handshake message (%gnutls_handshake_description_t)
    1580. 

  1580.    * @post: non zero if this is a post-process/generation call and zero otherwise
    1581. 

  1581.    * @incoming: non zero if this is an incoming message and zero if this is an outgoing message
    1582. 

  1582.    * @msg: the (const) data of the handshake message without the handshake headers.
    1583. 

  1583.    *
    1584. 

  1584.    * Function prototype for handshake hooks. It is set using
    1585. 

  1585.    * gnutls_handshake_set_hook_function().
    1586. 

  1586.    *
    1587. 

  1587.    * Returns: Non zero on error.
    1588. 

  1588.    */
    1589. 

  1589. #define GNUTLS_HOOK_POST (1)
    1590. 

  1590. #define GNUTLS_HOOK_PRE (0)
    1591. 

  1591. #define GNUTLS_HOOK_BOTH (-1)
    1592. 

  1592. 

  1593. typedef int (*gnutls_handshake_hook_func) (gnutls_session_t,
    1594. 

  1594. 					   unsigned int htype,
    1595. 

  1595. 					   unsigned post,
    1596. 

  1596. 					   unsigned int incoming,
    1597. 

  1597. 					   const gnutls_datum_t *msg);
    1598. 

  1598. void gnutls_handshake_set_hook_function(gnutls_session_t session,
    1599. 

  1599. 					unsigned int htype, int post,
    1600. 

  1600. 					gnutls_handshake_hook_func func);
    1601. 

  1601. 

  1602. #define gnutls_handshake_post_client_hello_func gnutls_handshake_simple_hook_func
    1603. 

  1603. typedef int (*gnutls_handshake_simple_hook_func) (gnutls_session_t);
    1604. 

  1604. void
    1605. 

  1605. gnutls_handshake_set_post_client_hello_function(gnutls_session_t session,
    1606. 

  1606. 						gnutls_handshake_simple_hook_func func);
    1607. 

  1607. 

  1608. void gnutls_handshake_set_max_packet_length(gnutls_session_t session,
    1609. 

  1609. 					    size_t max);
    1610. 

  1610. 

  1611. /* returns libgnutls version (call it with a NULL argument)
    1612. 

  1612.  */
    1613. 

  1613. const char * gnutls_check_version(const char *req_version) __GNUTLS_CONST__;
    1614. 

  1614. 

  1615. /* A macro which will allow optimizing out calls to gnutls_check_version()
    1616. 

  1616.  * when the version being compiled with is sufficient.
    1617. 

  1617.  * Used as:
    1618. 

  1618.  *   if (gnutls_check_version_numerc(3,3,16)) {
    1619. 

  1619.  */
    1620. 

  1620. #define gnutls_check_version_numeric(a,b,c) \
    1621. 

  1621. 	((GNUTLS_VERSION_MAJOR >= (a)) &&  \
    1622. 

  1622. 	 ((GNUTLS_VERSION_NUMBER >= ( ((a) << 16) + ((b) << 8) + (c) )) || \
    1623. 

  1623. 	 gnutls_check_version(#a "." #b "." #c)))
    1624. 

  1624. 

  1625. /* Functions for setting/clearing credentials
    1626. 

  1626.  */
    1627. 

  1627. void gnutls_credentials_clear(gnutls_session_t session);
    1628. 

  1628. 

  1629. /* cred is a structure defined by the kx algorithm
    1630. 

  1630.  */
    1631. 

  1631. int gnutls_credentials_set(gnutls_session_t session,
    1632. 

  1632. 			   gnutls_credentials_type_t type, void *cred);
    1633. 

  1633. int gnutls_credentials_get(gnutls_session_t session,
    1634. 

  1634. 			   gnutls_credentials_type_t type, void **cred);
    1635. 

  1635. #define gnutls_cred_set	gnutls_credentials_set
    1636. 

  1636. 

  1637. /* x.509 types */
    1638. 

  1638. 

  1639. struct gnutls_pubkey_st;
    1640. 

  1640. typedef struct gnutls_pubkey_st *gnutls_pubkey_t;
    1641. 

  1641. 

  1642. struct gnutls_privkey_st;
    1643. 

  1643. typedef struct gnutls_privkey_st *gnutls_privkey_t;
    1644. 

  1644. 

  1645. struct gnutls_x509_privkey_int;
    1646. 

  1646. typedef struct gnutls_x509_privkey_int *gnutls_x509_privkey_t;
    1647. 

  1647. 

  1648. struct gnutls_x509_crl_int;
    1649. 

  1649. typedef struct gnutls_x509_crl_int *gnutls_x509_crl_t;
    1650. 

  1650. 

  1651. struct gnutls_x509_crt_int;
    1652. 

  1652. typedef struct gnutls_x509_crt_int *gnutls_x509_crt_t;
    1653. 

  1653. 

  1654. struct gnutls_x509_crq_int;
    1655. 

  1655. typedef struct gnutls_x509_crq_int *gnutls_x509_crq_t;
    1656. 

  1656. 

  1657. struct gnutls_openpgp_keyring_int;
    1658. 

  1658. typedef struct gnutls_openpgp_keyring_int *gnutls_openpgp_keyring_t;
    1659. 

  1659. 

  1660. 

  1661. /* Credential structures - used in gnutls_credentials_set(); */
    1662. 

  1662. 

  1663. struct gnutls_certificate_credentials_st;
    1664. 

  1664. typedef struct gnutls_certificate_credentials_st
    1665. 

  1665. *gnutls_certificate_credentials_t;
    1666. 

  1666. typedef gnutls_certificate_credentials_t
    1667. 

  1667.     gnutls_certificate_server_credentials;
    1668. 

  1668. typedef gnutls_certificate_credentials_t
    1669. 

  1669.     gnutls_certificate_client_credentials;
    1670. 

  1670. 

  1671. typedef struct gnutls_anon_server_credentials_st
    1672. 

  1672. *gnutls_anon_server_credentials_t;
    1673. 

  1673. typedef struct gnutls_anon_client_credentials_st
    1674. 

  1674. *gnutls_anon_client_credentials_t;
    1675. 

  1675. 

  1676. void gnutls_anon_free_server_credentials(gnutls_anon_server_credentials_t
    1677. 

  1677. 					 sc);
    1678. 

  1678. int
    1679. 

  1679. gnutls_anon_allocate_server_credentials(gnutls_anon_server_credentials_t
    1680. 

  1680. 					* sc);
    1681. 

  1681. 

  1682. void gnutls_anon_set_server_dh_params(gnutls_anon_server_credentials_t res,
    1683. 

  1683. 				      gnutls_dh_params_t dh_params);
    1684. 

  1684. 

  1685. int
    1686. 

  1686. gnutls_anon_set_server_known_dh_params(gnutls_anon_server_credentials_t res,
    1687. 

  1687. 					gnutls_sec_param_t sec_param);
    1688. 

  1688. 

  1689. void
    1690. 

  1690. gnutls_anon_set_server_params_function(gnutls_anon_server_credentials_t
    1691. 

  1691. 				       res, gnutls_params_function * func);
    1692. 

  1692. 

  1693. void
    1694. 

  1694. gnutls_anon_free_client_credentials(gnutls_anon_client_credentials_t sc);
    1695. 

  1695. int
    1696. 

  1696. gnutls_anon_allocate_client_credentials(gnutls_anon_client_credentials_t
    1697. 

  1697. 					* sc);
    1698. 

  1698. 

  1699. /* CERTFILE is an x509 certificate in PEM form.
    1700. 

  1700.  * KEYFILE is a pkcs-1 private key in PEM form (for RSA keys).
    1701. 

  1701.  */
    1702. 

  1702. void
    1703. 

  1703. gnutls_certificate_free_credentials(gnutls_certificate_credentials_t sc);
    1704. 

  1704. int
    1705. 

  1705. gnutls_certificate_allocate_credentials(gnutls_certificate_credentials_t
    1706. 

  1706. 					* res);
    1707. 

  1707. 

  1708. int
    1709. 

  1709. gnutls_certificate_get_issuer(gnutls_certificate_credentials_t sc,
    1710. 

  1710. 			      gnutls_x509_crt_t cert,
    1711. 

  1711. 			      gnutls_x509_crt_t * issuer,
    1712. 

  1712. 			      unsigned int flags);
    1713. 

  1713. 

  1714. int gnutls_certificate_get_crt_raw(gnutls_certificate_credentials_t sc,
    1715. 

  1715. 				   unsigned idx1, unsigned idx2,
    1716. 

  1716. 				   gnutls_datum_t * cert);
    1717. 

  1717. 

  1718. int
    1719. 

  1719. gnutls_certificate_get_x509_crt(gnutls_certificate_credentials_t res,
    1720. 

  1720.                                 unsigned index,
    1721. 

  1721.                                 gnutls_x509_crt_t **crt_list,
    1722. 

  1722.                                 unsigned *crt_list_size);
    1723. 

  1723. 

  1724. int
    1725. 

  1725. gnutls_certificate_get_x509_key(gnutls_certificate_credentials_t res,
    1726. 

  1726.                                 unsigned index,
    1727. 

  1727.                                 gnutls_x509_privkey_t *key);
    1728. 

  1728. 

  1729. void gnutls_certificate_free_keys(gnutls_certificate_credentials_t sc);
    1730. 

  1730. void gnutls_certificate_free_cas(gnutls_certificate_credentials_t sc);
    1731. 

  1731. void gnutls_certificate_free_ca_names(gnutls_certificate_credentials_t sc);
    1732. 

  1732. void gnutls_certificate_free_crls(gnutls_certificate_credentials_t sc);
    1733. 

  1733. 

  1734. void gnutls_certificate_set_dh_params(gnutls_certificate_credentials_t res,
    1735. 

  1735. 				      gnutls_dh_params_t dh_params);
    1736. 

  1736. 

  1737. int gnutls_certificate_set_known_dh_params(gnutls_certificate_credentials_t res,
    1738. 

  1738. 					   gnutls_sec_param_t sec_param);
    1739. 

  1739. void gnutls_certificate_set_verify_flags(gnutls_certificate_credentials_t
    1740. 

  1740. 					 res, unsigned int flags);
    1741. 

  1741. unsigned int
    1742. 

  1742. gnutls_certificate_get_verify_flags(gnutls_certificate_credentials_t res);
    1743. 

  1743. 

  1744. /**
    1745. 

  1745.  * gnutls_certificate_flags:
    1746. 

  1746.  * @GNUTLS_CERTIFICATE_SKIP_KEY_CERT_MATCH: Skip the key and certificate matching check.
    1747. 

  1747.  * @GNUTLS_CERTIFICATE_API_V2: If set the gnutls_certificate_set_*key* functions will return an index of the added key pair instead of zero.
    1748. 

  1748.  *
    1749. 

  1749.  * Enumeration of different certificate credentials flags.
    1750. 

  1750.  */
    1751. 

  1751. typedef enum gnutls_certificate_flags {
    1752. 

  1752. 	GNUTLS_CERTIFICATE_SKIP_KEY_CERT_MATCH = 1,
    1753. 

  1753. 	GNUTLS_CERTIFICATE_API_V2 = (1<<1)
    1754. 

  1754. } gnutls_certificate_flags;
    1755. 

  1755. 

  1756. void gnutls_certificate_set_flags(gnutls_certificate_credentials_t,
    1757. 

  1757. 				  unsigned flags);
    1758. 

  1758. 

  1759. void gnutls_certificate_set_verify_limits(gnutls_certificate_credentials_t
    1760. 

  1760. 					  res, unsigned int max_bits,
    1761. 

  1761. 					  unsigned int max_depth);
    1762. 

  1762. 

  1763. unsigned int
    1764. 

  1764. gnutls_certificate_get_verify_flags(gnutls_certificate_credentials_t);
    1765. 

  1765. 

  1766. int
    1767. 

  1767. gnutls_certificate_set_x509_system_trust(gnutls_certificate_credentials_t
    1768. 

  1768. 					 cred);
    1769. 

  1769. 

  1770. int
    1771. 

  1771. gnutls_certificate_set_x509_trust_file(gnutls_certificate_credentials_t
    1772. 

  1772. 				       cred, const char *cafile,
    1773. 

  1773. 				       gnutls_x509_crt_fmt_t type);
    1774. 

  1774. int
    1775. 

  1775. gnutls_certificate_set_x509_trust_dir(gnutls_certificate_credentials_t cred,
    1776. 

  1776. 				      const char *ca_dir,
    1777. 

  1777. 				      gnutls_x509_crt_fmt_t type);
    1778. 

  1778. 

  1779. int gnutls_certificate_set_x509_trust_mem(gnutls_certificate_credentials_t
    1780. 

  1780. 					  res, const gnutls_datum_t * ca,
    1781. 

  1781. 					  gnutls_x509_crt_fmt_t type);
    1782. 

  1782. 

  1783. int
    1784. 

  1784. gnutls_certificate_set_x509_crl_file(gnutls_certificate_credentials_t
    1785. 

  1785. 				     res, const char *crlfile,
    1786. 

  1786. 				     gnutls_x509_crt_fmt_t type);
    1787. 

  1787. int gnutls_certificate_set_x509_crl_mem(gnutls_certificate_credentials_t
    1788. 

  1788. 					res, const gnutls_datum_t * CRL,
    1789. 

  1789. 					gnutls_x509_crt_fmt_t type);
    1790. 

  1790. 

  1791. int
    1792. 

  1792. gnutls_certificate_set_x509_key_file(gnutls_certificate_credentials_t
    1793. 

  1793. 				     res, const char *certfile,
    1794. 

  1794. 				     const char *keyfile,
    1795. 

  1795. 				     gnutls_x509_crt_fmt_t type);
    1796. 

  1796. 

  1797. int
    1798. 

  1798. gnutls_certificate_set_x509_key_file2(gnutls_certificate_credentials_t
    1799. 

  1799. 				      res, const char *certfile,
    1800. 

  1800. 				      const char *keyfile,
    1801. 

  1801. 				      gnutls_x509_crt_fmt_t type,
    1802. 

  1802. 				      const char *pass,
    1803. 

  1803. 				      unsigned int flags);
    1804. 

  1804. 

  1805. int gnutls_certificate_set_x509_key_mem(gnutls_certificate_credentials_t
    1806. 

  1806. 					res, const gnutls_datum_t * cert,
    1807. 

  1807. 					const gnutls_datum_t * key,
    1808. 

  1808. 					gnutls_x509_crt_fmt_t type);
    1809. 

  1809. 

  1810. int gnutls_certificate_set_x509_key_mem2(gnutls_certificate_credentials_t
    1811. 

  1811. 					 res, const gnutls_datum_t * cert,
    1812. 

  1812. 					 const gnutls_datum_t * key,
    1813. 

  1813. 					 gnutls_x509_crt_fmt_t type,
    1814. 

  1814. 					 const char *pass,
    1815. 

  1815. 					 unsigned int flags);
    1816. 

  1816. 

  1817. void gnutls_certificate_send_x509_rdn_sequence(gnutls_session_t session,
    1818. 

  1818. 					       int status);
    1819. 

  1819. 

  1820. int
    1821. 

  1821. gnutls_certificate_set_x509_simple_pkcs12_file
    1822. 

  1822. (gnutls_certificate_credentials_t res, const char *pkcs12file,
    1823. 

  1823.  gnutls_x509_crt_fmt_t type, const char *password);
    1824. 

  1824. int
    1825. 

  1825. gnutls_certificate_set_x509_simple_pkcs12_mem
    1826. 

  1826. (gnutls_certificate_credentials_t res, const gnutls_datum_t * p12blob,
    1827. 

  1827.  gnutls_x509_crt_fmt_t type, const char *password);
    1828. 

  1828. 

  1829. /* New functions to allow setting already parsed X.509 stuff.
    1830. 

  1830.  */
    1831. 

  1831. 

  1832. int gnutls_certificate_set_x509_key(gnutls_certificate_credentials_t res,
    1833. 

  1833. 				    gnutls_x509_crt_t * cert_list,
    1834. 

  1834. 				    int cert_list_size,
    1835. 

  1835. 				    gnutls_x509_privkey_t key);
    1836. 

  1836. int gnutls_certificate_set_x509_trust(gnutls_certificate_credentials_t res,
    1837. 

  1837. 				      gnutls_x509_crt_t * ca_list,
    1838. 

  1838. 				      int ca_list_size);
    1839. 

  1839. int gnutls_certificate_set_x509_crl(gnutls_certificate_credentials_t res,
    1840. 

  1840. 				    gnutls_x509_crl_t * crl_list,
    1841. 

  1841. 				    int crl_list_size);
    1842. 

  1842. 

  1843. int gnutls_certificate_get_x509_key(gnutls_certificate_credentials_t res,
    1844. 

  1844.                                     unsigned index,
    1845. 

  1845.                                     gnutls_x509_privkey_t *key);
    1846. 

  1846. int gnutls_certificate_get_x509_crt(gnutls_certificate_credentials_t res,
    1847. 

  1847.                                     unsigned index,
    1848. 

  1848.                                     gnutls_x509_crt_t **crt_list,
    1849. 

  1849.                                     unsigned *crt_list_size);
    1850. 

  1850. 

  1851.   /* OCSP status request extension, RFC 6066 */
    1852. 

  1852. typedef int (*gnutls_status_request_ocsp_func)
    1853. 

  1853.  (gnutls_session_t session, void *ptr, gnutls_datum_t * ocsp_response);
    1854. 

  1854. 

  1855. void
    1856. 

  1856. gnutls_certificate_set_ocsp_status_request_function
    1857. 

  1857. (gnutls_certificate_credentials_t res,
    1858. 

  1858. gnutls_status_request_ocsp_func ocsp_func, void *ptr);
    1859. 

  1859. 

  1860. int
    1861. 

  1861. gnutls_certificate_set_ocsp_status_request_function2
    1862. 

  1862. (gnutls_certificate_credentials_t res, unsigned idx,
    1863. 

  1863. gnutls_status_request_ocsp_func ocsp_func, void *ptr);
    1864. 

  1864. 

  1865. int
    1866. 

  1866. gnutls_certificate_set_ocsp_status_request_file
    1867. 

  1867. (gnutls_certificate_credentials_t res, const char *response_file,
    1868. 

  1868.  unsigned idx);
    1869. 

  1869. 

  1870. int gnutls_ocsp_status_request_enable_client(gnutls_session_t session,
    1871. 

  1871. 					     gnutls_datum_t * responder_id,
    1872. 

  1872. 					     size_t responder_id_size,
    1873. 

  1873. 					     gnutls_datum_t *
    1874. 

  1874. 					     request_extensions);
    1875. 

  1875. 

  1876. int gnutls_ocsp_status_request_get(gnutls_session_t session,
    1877. 

  1877. 				   gnutls_datum_t * response);
    1878. 

  1878. 

  1879. #define GNUTLS_OCSP_SR_IS_AVAIL 1
    1880. 

  1880. int gnutls_ocsp_status_request_is_checked(gnutls_session_t session,
    1881. 

  1881. 					  unsigned int flags);
    1882. 

  1882. 

  1883. /* global state functions
    1884. 

  1884.  */
    1885. 

  1885. int gnutls_global_init(void);
    1886. 

  1886. void gnutls_global_deinit(void);
    1887. 

  1887. 

  1888.   /**
    1889. 

  1889.    * gnutls_time_func:
    1890. 

  1890.    * @t: where to store time.
    1891. 

  1891.    *
    1892. 

  1892.    * Function prototype for time()-like function.  Set with
    1893. 

  1893.    * gnutls_global_set_time_function().
    1894. 

  1894.    *
    1895. 

  1895.    * Returns: Number of seconds since the epoch, or (time_t)-1 on errors.
    1896. 

  1896.    */
    1897. 

  1897. typedef time_t(*gnutls_time_func) (time_t * t);
    1898. 

  1898. 

  1899. typedef int (*mutex_init_func) (void **mutex);
    1900. 

  1900. typedef int (*mutex_lock_func) (void **mutex);
    1901. 

  1901. typedef int (*mutex_unlock_func) (void **mutex);
    1902. 

  1902. typedef int (*mutex_deinit_func) (void **mutex);
    1903. 

  1903. 

  1904. void gnutls_global_set_mutex(mutex_init_func init,
    1905. 

  1905. 			     mutex_deinit_func deinit,
    1906. 

  1906. 			     mutex_lock_func lock,
    1907. 

  1907. 			     mutex_unlock_func unlock);
    1908. 

  1908. 

  1909. typedef void *(*gnutls_alloc_function) (size_t);
    1910. 

  1910. typedef void *(*gnutls_calloc_function) (size_t, size_t);
    1911. 

  1911. typedef int (*gnutls_is_secure_function) (const void *);
    1912. 

  1912. typedef void (*gnutls_free_function) (void *);
    1913. 

  1913. typedef void *(*gnutls_realloc_function) (void *, size_t);
    1914. 

  1914. 

  1915. void gnutls_global_set_time_function(gnutls_time_func time_func);
    1916. 

  1916. 

  1917. /* For use in callbacks */
    1918. 

  1918. extern _SYM_EXPORT gnutls_alloc_function gnutls_malloc;
    1919. 

  1919. extern _SYM_EXPORT gnutls_realloc_function gnutls_realloc;
    1920. 

  1920. extern _SYM_EXPORT gnutls_calloc_function gnutls_calloc;
    1921. 

  1921. extern _SYM_EXPORT gnutls_free_function gnutls_free;
    1922. 

  1922. 

  1923. extern _SYM_EXPORT char *(*gnutls_strdup) (const char *);
    1924. 

  1924. 

  1925. /* a variant of memset that doesn't get optimized out */
    1926. 

  1926. void gnutls_memset(void *data, int c, size_t size);
    1927. 

  1927. 

  1928. /* constant time memcmp */
    1929. 

  1929. int gnutls_memcmp(const void *s1, const void *s2, size_t n);
    1930. 

  1930. 

  1931. typedef void (*gnutls_log_func) (int, const char *);
    1932. 

  1932. typedef void (*gnutls_audit_log_func) (gnutls_session_t, const char *);
    1933. 

  1933. void gnutls_global_set_log_function(gnutls_log_func log_func);
    1934. 

  1934. void gnutls_global_set_audit_log_function(gnutls_audit_log_func log_func);
    1935. 

  1935. void gnutls_global_set_log_level(int level);
    1936. 

  1936. 

  1937. /* Diffie-Hellman parameter handling.
    1938. 

  1938.  */
    1939. 

  1939. int gnutls_dh_params_init(gnutls_dh_params_t * dh_params);
    1940. 

  1940. void gnutls_dh_params_deinit(gnutls_dh_params_t dh_params);
    1941. 

  1941. int gnutls_dh_params_import_raw(gnutls_dh_params_t dh_params,
    1942. 

  1942. 				const gnutls_datum_t * prime,
    1943. 

  1943. 				const gnutls_datum_t * generator);
    1944. 

  1944. int gnutls_dh_params_import_dsa(gnutls_dh_params_t dh_params, gnutls_x509_privkey_t key);
    1945. 

  1945. int gnutls_dh_params_import_raw2(gnutls_dh_params_t dh_params,
    1946. 

  1946. 				 const gnutls_datum_t * prime,
    1947. 

  1947. 				 const gnutls_datum_t * generator,
    1948. 

  1948. 				 unsigned key_bits);
    1949. 

  1949. int gnutls_dh_params_import_pkcs3(gnutls_dh_params_t params,
    1950. 

  1950. 				  const gnutls_datum_t * pkcs3_params,
    1951. 

  1951. 				  gnutls_x509_crt_fmt_t format);
    1952. 

  1952. int gnutls_dh_params_generate2(gnutls_dh_params_t params,
    1953. 

  1953. 			       unsigned int bits);
    1954. 

  1954. int gnutls_dh_params_export_pkcs3(gnutls_dh_params_t params,
    1955. 

  1955. 				  gnutls_x509_crt_fmt_t format,
    1956. 

  1956. 				  unsigned char *params_data,
    1957. 

  1957. 				  size_t * params_data_size);
    1958. 

  1958. int gnutls_dh_params_export2_pkcs3(gnutls_dh_params_t params,
    1959. 

  1959. 				   gnutls_x509_crt_fmt_t format,
    1960. 

  1960. 				   gnutls_datum_t * out);
    1961. 

  1961. int gnutls_dh_params_export_raw(gnutls_dh_params_t params,
    1962. 

  1962. 				gnutls_datum_t * prime,
    1963. 

  1963. 				gnutls_datum_t * generator,
    1964. 

  1964. 				unsigned int *bits);
    1965. 

  1965. int gnutls_dh_params_cpy(gnutls_dh_params_t dst, gnutls_dh_params_t src);
    1966. 

  1966. 

  1967. 

  1968. 

  1969. /* Session stuff
    1970. 

  1970.  */
    1971. 

  1971. typedef struct {
    1972. 

  1972.     void *iov_base;
    1973. 

  1973.     size_t iov_len;
    1974. 

  1974. } giovec_t;
    1975. 

  1975. 

  1976. typedef ssize_t(*gnutls_pull_func) (gnutls_transport_ptr_t, void *,
    1977. 

  1977. 				    size_t);
    1978. 

  1978. typedef ssize_t(*gnutls_push_func) (gnutls_transport_ptr_t, const void *,
    1979. 

  1979. 				    size_t);
    1980. 

  1980. 

  1981. int gnutls_system_recv_timeout(gnutls_transport_ptr_t ptr, unsigned int ms);
    1982. 

  1982. typedef int (*gnutls_pull_timeout_func) (gnutls_transport_ptr_t,
    1983. 

  1983. 					 unsigned int ms);
    1984. 

  1984. 

  1985. typedef ssize_t(*gnutls_vec_push_func) (gnutls_transport_ptr_t,
    1986. 

  1986. 					const giovec_t * iov, int iovcnt);
    1987. 

  1987. 

  1988. typedef int (*gnutls_errno_func) (gnutls_transport_ptr_t);
    1989. 

  1989. 

  1990. #if 0
    1991. 

  1991.  /* This will be defined as macro. */
    1992. 

  1992.   void gnutls_transport_set_int (gnutls_session_t session, int r);
    1993. 

  1993. #endif
    1994. 

  1994. 

  1995. void gnutls_transport_set_int2(gnutls_session_t session, int r, int s);
    1996. 

  1996. #define gnutls_transport_set_int(s, i) gnutls_transport_set_int2(s, i, i)
    1997. 

  1997. 

  1998. void gnutls_transport_get_int2(gnutls_session_t session, int *r, int *s);
    1999. 

  1999. int gnutls_transport_get_int(gnutls_session_t session);
    2000. 

  2000. 

  2001. void gnutls_transport_set_ptr(gnutls_session_t session,
    2002. 

  2002. 			      gnutls_transport_ptr_t ptr);
    2003. 

  2003. void gnutls_transport_set_ptr2(gnutls_session_t session,
    2004. 

  2004. 			       gnutls_transport_ptr_t recv_ptr,
    2005. 

  2005. 			       gnutls_transport_ptr_t send_ptr);
    2006. 

  2006. 

  2007. gnutls_transport_ptr_t gnutls_transport_get_ptr(gnutls_session_t session);
    2008. 

  2008. void gnutls_transport_get_ptr2(gnutls_session_t session,
    2009. 

  2009. 			       gnutls_transport_ptr_t * recv_ptr,
    2010. 

  2010. 			       gnutls_transport_ptr_t * send_ptr);
    2011. 

  2011. 

  2012. void gnutls_transport_set_vec_push_function(gnutls_session_t session,
    2013. 

  2013. 					    gnutls_vec_push_func vec_func);
    2014. 

  2014. void gnutls_transport_set_push_function(gnutls_session_t session,
    2015. 

  2015. 					gnutls_push_func push_func);
    2016. 

  2016. void gnutls_transport_set_pull_function(gnutls_session_t session,
    2017. 

  2017. 					gnutls_pull_func pull_func);
    2018. 

  2018. 

  2019. void gnutls_transport_set_pull_timeout_function(gnutls_session_t session,
    2020. 

  2020. 						gnutls_pull_timeout_func
    2021. 

  2021. 						func);
    2022. 

  2022. 

  2023. void gnutls_transport_set_errno_function(gnutls_session_t session,
    2024. 

  2024. 					 gnutls_errno_func errno_func);
    2025. 

  2025. 

  2026. void gnutls_transport_set_errno(gnutls_session_t session, int err);
    2027. 

  2027. 

  2028. /* session specific 
    2029. 

  2029.  */
    2030. 

  2030. void gnutls_session_set_ptr(gnutls_session_t session, void *ptr);
    2031. 

  2031. void *gnutls_session_get_ptr(gnutls_session_t session);
    2032. 

  2032. 

  2033. void gnutls_openpgp_send_cert(gnutls_session_t session,
    2034. 

  2034. 			      gnutls_openpgp_crt_status_t status);
    2035. 

  2035. 

  2036. /* This function returns the hash of the given data.
    2037. 

  2037.  */
    2038. 

  2038. int gnutls_fingerprint(gnutls_digest_algorithm_t algo,
    2039. 

  2039. 		       const gnutls_datum_t * data, void *result,
    2040. 

  2040. 		       size_t * result_size);
    2041. 

  2041. 

  2042.   /**
    2043. 

  2043.    * gnutls_random_art_t:
    2044. 

  2044.    * @GNUTLS_RANDOM_ART_OPENSSH: OpenSSH-style random art.
    2045. 

  2045.    *
    2046. 

  2046.    * Enumeration of different random art types.
    2047. 

  2047.    */
    2048. 

  2048. typedef enum gnutls_random_art {
    2049. 

  2049. 	GNUTLS_RANDOM_ART_OPENSSH = 1
    2050. 

  2050. } gnutls_random_art_t;
    2051. 

  2051. 

  2052. int gnutls_random_art(gnutls_random_art_t type,
    2053. 

  2053. 		      const char *key_type, unsigned int key_size,
    2054. 

  2054. 		      void *fpr, size_t fpr_size, gnutls_datum_t * art);
    2055. 

  2055. 

  2056. /* IDNA */
    2057. 

  2057. #define GNUTLS_IDNA_FORCE_2008 (1<<1)
    2058. 

  2058. int gnutls_idna_map(const char * input, unsigned ilen, gnutls_datum_t *out, unsigned flags);
    2059. 

  2059. int gnutls_idna_reverse_map(const char *input, unsigned ilen, gnutls_datum_t *out, unsigned flags);
    2060. 

  2060. 

  2061. /* SRP 
    2062. 

  2062.  */
    2063. 

  2063. 

  2064. typedef struct gnutls_srp_server_credentials_st
    2065. 

  2065. *gnutls_srp_server_credentials_t;
    2066. 

  2066. typedef struct gnutls_srp_client_credentials_st
    2067. 

  2067. *gnutls_srp_client_credentials_t;
    2068. 

  2068. 

  2069. void
    2070. 

  2070. gnutls_srp_free_client_credentials(gnutls_srp_client_credentials_t sc);
    2071. 

  2071. int
    2072. 

  2072. gnutls_srp_allocate_client_credentials(gnutls_srp_client_credentials_t *
    2073. 

  2073. 				       sc);
    2074. 

  2074. int gnutls_srp_set_client_credentials(gnutls_srp_client_credentials_t res,
    2075. 

  2075. 				      const char *username,
    2076. 

  2076. 				      const char *password);
    2077. 

  2077. 

  2078. void
    2079. 

  2079. gnutls_srp_free_server_credentials(gnutls_srp_server_credentials_t sc);
    2080. 

  2080. int
    2081. 

  2081. gnutls_srp_allocate_server_credentials(gnutls_srp_server_credentials_t *
    2082. 

  2082. 				       sc);
    2083. 

  2083. int gnutls_srp_set_server_credentials_file(gnutls_srp_server_credentials_t
    2084. 

  2084. 					   res, const char *password_file,
    2085. 

  2085. 					   const char *password_conf_file);
    2086. 

  2086. 

  2087. const char *gnutls_srp_server_get_username(gnutls_session_t session);
    2088. 

  2088. 

  2089. void gnutls_srp_set_prime_bits(gnutls_session_t session,
    2090. 

  2090.                                unsigned int bits);
    2091. 

  2091. 

  2092. int gnutls_srp_verifier(const char *username,
    2093. 

  2093. 			const char *password,
    2094. 

  2094. 			const gnutls_datum_t * salt,
    2095. 

  2095. 			const gnutls_datum_t * generator,
    2096. 

  2096. 			const gnutls_datum_t * prime,
    2097. 

  2097. 			gnutls_datum_t * res);
    2098. 

  2098. 

  2099. /* The static parameters defined in draft-ietf-tls-srp-05
    2100. 

  2100.  * Those should be used as input to gnutls_srp_verifier().
    2101. 

  2101.  */
    2102. 

  2102. extern _SYM_EXPORT const gnutls_datum_t gnutls_srp_4096_group_prime;
    2103. 

  2103. extern _SYM_EXPORT const gnutls_datum_t gnutls_srp_4096_group_generator;
    2104. 

  2104. 

  2105. extern _SYM_EXPORT const gnutls_datum_t gnutls_srp_3072_group_prime;
    2106. 

  2106. extern _SYM_EXPORT const gnutls_datum_t gnutls_srp_3072_group_generator;
    2107. 

  2107. 

  2108. extern _SYM_EXPORT const gnutls_datum_t gnutls_srp_2048_group_prime;
    2109. 

  2109. extern _SYM_EXPORT const gnutls_datum_t gnutls_srp_2048_group_generator;
    2110. 

  2110. 

  2111. extern _SYM_EXPORT const gnutls_datum_t gnutls_srp_1536_group_prime;
    2112. 

  2112. extern _SYM_EXPORT const gnutls_datum_t gnutls_srp_1536_group_generator;
    2113. 

  2113. 

  2114. extern _SYM_EXPORT const gnutls_datum_t gnutls_srp_1024_group_prime;
    2115. 

  2115. extern _SYM_EXPORT const gnutls_datum_t gnutls_srp_1024_group_generator;
    2116. 

  2116. 

  2117. /* The static parameters defined in rfc7919
    2118. 

  2118.  */
    2119. 

  2119. 

  2120. extern _SYM_EXPORT const gnutls_datum_t gnutls_ffdhe_8192_group_prime;
    2121. 

  2121. extern _SYM_EXPORT const gnutls_datum_t gnutls_ffdhe_8192_group_generator;
    2122. 

  2122. extern _SYM_EXPORT const unsigned int gnutls_ffdhe_8192_key_bits;
    2123. 

  2123. 

  2124. extern _SYM_EXPORT const gnutls_datum_t gnutls_ffdhe_4096_group_prime;
    2125. 

  2125. extern _SYM_EXPORT const gnutls_datum_t gnutls_ffdhe_4096_group_generator;
    2126. 

  2126. extern _SYM_EXPORT const unsigned int gnutls_ffdhe_4096_key_bits;
    2127. 

  2127. 

  2128. extern _SYM_EXPORT const gnutls_datum_t gnutls_ffdhe_3072_group_prime;
    2129. 

  2129. extern _SYM_EXPORT const gnutls_datum_t gnutls_ffdhe_3072_group_generator;
    2130. 

  2130. extern _SYM_EXPORT const unsigned int gnutls_ffdhe_3072_key_bits;
    2131. 

  2131. 

  2132. extern _SYM_EXPORT const gnutls_datum_t gnutls_ffdhe_2048_group_prime;
    2133. 

  2133. extern _SYM_EXPORT const gnutls_datum_t gnutls_ffdhe_2048_group_generator;
    2134. 

  2134. extern _SYM_EXPORT const unsigned int gnutls_ffdhe_2048_key_bits;
    2135. 

  2135. 

  2136. typedef int gnutls_srp_server_credentials_function(gnutls_session_t,
    2137. 

  2137. 						   const char *username,
    2138. 

  2138. 						   gnutls_datum_t * salt,
    2139. 

  2139. 						   gnutls_datum_t *
    2140. 

  2140. 						   verifier,
    2141. 

  2141. 						   gnutls_datum_t *
    2142. 

  2142. 						   generator,
    2143. 

  2143. 						   gnutls_datum_t * prime);
    2144. 

  2144. void
    2145. 

  2145. gnutls_srp_set_server_credentials_function(gnutls_srp_server_credentials_t
    2146. 

  2146. 					   cred,
    2147. 

  2147. 					   gnutls_srp_server_credentials_function
    2148. 

  2148. 					   * func);
    2149. 

  2149. 

  2150. typedef int gnutls_srp_client_credentials_function(gnutls_session_t,
    2151. 

  2151. 						   char **, char **);
    2152. 

  2152. void
    2153. 

  2153. gnutls_srp_set_client_credentials_function(gnutls_srp_client_credentials_t
    2154. 

  2154. 					   cred,
    2155. 

  2155. 					   gnutls_srp_client_credentials_function
    2156. 

  2156. 					   * func);
    2157. 

  2157. 

  2158. int gnutls_srp_base64_encode(const gnutls_datum_t * data, char *result,
    2159. 

  2159. 			     size_t * result_size);
    2160. 

  2160. int gnutls_srp_base64_encode2(const gnutls_datum_t * data,
    2161. 

  2161. 				   gnutls_datum_t * result);
    2162. 

  2162. 

  2163. int gnutls_srp_base64_decode(const gnutls_datum_t * b64_data, char *result,
    2164. 

  2164. 			     size_t * result_size);
    2165. 

  2165. int gnutls_srp_base64_decode2(const gnutls_datum_t * b64_data,
    2166. 

  2166. 				   gnutls_datum_t * result);
    2167. 

  2167. 

  2168. #define gnutls_srp_base64_encode_alloc gnutls_srp_base64_encode2
    2169. 

  2169. #define gnutls_srp_base64_decode_alloc gnutls_srp_base64_decode2
    2170. 

  2170. 

  2171. void
    2172. 

  2172. gnutls_srp_set_server_fake_salt_seed(gnutls_srp_server_credentials_t
    2173. 

  2173. 				     sc,
    2174. 

  2174. 				     const gnutls_datum_t * seed,
    2175. 

  2175. 				     unsigned int salt_length);
    2176. 

  2176. 

  2177. /* PSK stuff */
    2178. 

  2178. typedef struct gnutls_psk_server_credentials_st
    2179. 

  2179. *gnutls_psk_server_credentials_t;
    2180. 

  2180. typedef struct gnutls_psk_client_credentials_st
    2181. 

  2181. *gnutls_psk_client_credentials_t;
    2182. 

  2182. 

  2183. /**
    2184. 

  2184.  * gnutls_psk_key_flags:
    2185. 

  2185.  * @GNUTLS_PSK_KEY_RAW: PSK-key in raw format.
    2186. 

  2186.  * @GNUTLS_PSK_KEY_HEX: PSK-key in hex format.
    2187. 

  2187.  *
    2188. 

  2188.  * Enumeration of different PSK key flags.
    2189. 

  2189.  */
    2190. 

  2190. typedef enum gnutls_psk_key_flags {
    2191. 

  2191. 	GNUTLS_PSK_KEY_RAW = 0,
    2192. 

  2192. 	GNUTLS_PSK_KEY_HEX
    2193. 

  2193. } gnutls_psk_key_flags;
    2194. 

  2194. 

  2195. void
    2196. 

  2196. gnutls_psk_free_client_credentials(gnutls_psk_client_credentials_t sc);
    2197. 

  2197. int
    2198. 

  2198. gnutls_psk_allocate_client_credentials(gnutls_psk_client_credentials_t *
    2199. 

  2199. 				       sc);
    2200. 

  2200. int gnutls_psk_set_client_credentials(gnutls_psk_client_credentials_t res,
    2201. 

  2201. 				      const char *username,
    2202. 

  2202. 				      const gnutls_datum_t * key,
    2203. 

  2203. 				      gnutls_psk_key_flags flags);
    2204. 

  2204. 

  2205. void
    2206. 

  2206. gnutls_psk_free_server_credentials(gnutls_psk_server_credentials_t sc);
    2207. 

  2207. int
    2208. 

  2208. gnutls_psk_allocate_server_credentials(gnutls_psk_server_credentials_t *
    2209. 

  2209. 				       sc);
    2210. 

  2210. int gnutls_psk_set_server_credentials_file(gnutls_psk_server_credentials_t
    2211. 

  2211. 					   res, const char *password_file);
    2212. 

  2212. 

  2213. int
    2214. 

  2214. gnutls_psk_set_server_credentials_hint(gnutls_psk_server_credentials_t
    2215. 

  2215. 				       res, const char *hint);
    2216. 

  2216. 

  2217. const char *gnutls_psk_server_get_username(gnutls_session_t session);
    2218. 

  2218. const char *gnutls_psk_client_get_hint(gnutls_session_t session);
    2219. 

  2219. 

  2220. typedef int gnutls_psk_server_credentials_function(gnutls_session_t,
    2221. 

  2221. 						   const char *username,
    2222. 

  2222. 						   gnutls_datum_t * key);
    2223. 

  2223. void
    2224. 

  2224. gnutls_psk_set_server_credentials_function(gnutls_psk_server_credentials_t
    2225. 

  2225. 					   cred,
    2226. 

  2226. 					   gnutls_psk_server_credentials_function
    2227. 

  2227. 					   * func);
    2228. 

  2228. 

  2229. typedef int gnutls_psk_client_credentials_function(gnutls_session_t,
    2230. 

  2230. 						   char **username,
    2231. 

  2231. 						   gnutls_datum_t * key);
    2232. 

  2232. void
    2233. 

  2233. gnutls_psk_set_client_credentials_function(gnutls_psk_client_credentials_t
    2234. 

  2234. 					   cred,
    2235. 

  2235. 					   gnutls_psk_client_credentials_function
    2236. 

  2236. 					   * func);
    2237. 

  2237. 

  2238. int gnutls_hex_encode(const gnutls_datum_t * data, char *result,
    2239. 

  2239. 		      size_t * result_size);
    2240. 

  2240. int gnutls_hex_decode(const gnutls_datum_t * hex_data, void *result,
    2241. 

  2241. 		      size_t * result_size);
    2242. 

  2242. 

  2243. int gnutls_hex_encode2(const gnutls_datum_t * data, gnutls_datum_t *result);
    2244. 

  2244. int gnutls_hex_decode2(const gnutls_datum_t * data, gnutls_datum_t *result);
    2245. 

  2245. 

  2246. void
    2247. 

  2247. gnutls_psk_set_server_dh_params(gnutls_psk_server_credentials_t res,
    2248. 

  2248. 				gnutls_dh_params_t dh_params);
    2249. 

  2249. 

  2250. int
    2251. 

  2251. gnutls_psk_set_server_known_dh_params(gnutls_psk_server_credentials_t res,
    2252. 

  2252. 				      gnutls_sec_param_t sec_param);
    2253. 

  2253. 

  2254. void
    2255. 

  2255. gnutls_psk_set_server_params_function(gnutls_psk_server_credentials_t
    2256. 

  2256. 				      res, gnutls_params_function * func);
    2257. 

  2257. 

  2258. /**
    2259. 

  2259.  * gnutls_x509_subject_alt_name_t:
    2260. 

  2260.  * @GNUTLS_SAN_DNSNAME: DNS-name SAN.
    2261. 

  2261.  * @GNUTLS_SAN_RFC822NAME: E-mail address SAN.
    2262. 

  2262.  * @GNUTLS_SAN_URI: URI SAN.
    2263. 

  2263.  * @GNUTLS_SAN_IPADDRESS: IP address SAN.
    2264. 

  2264.  * @GNUTLS_SAN_OTHERNAME: OtherName SAN.
    2265. 

  2265.  * @GNUTLS_SAN_DN: DN SAN.
    2266. 

  2266.  * @GNUTLS_SAN_OTHERNAME_XMPP: Virtual SAN, used by certain functions for convenience.
    2267. 

  2267.  * @GNUTLS_SAN_OTHERNAME_KRB5PRINCIPAL: Virtual SAN, used by certain functions for convenience.
    2268. 

  2268.  *
    2269. 

  2269.  * Enumeration of different subject alternative names types.
    2270. 

  2270.  */
    2271. 

  2271. typedef enum gnutls_x509_subject_alt_name_t {
    2272. 

  2272. 	GNUTLS_SAN_DNSNAME = 1,
    2273. 

  2273. 	GNUTLS_SAN_RFC822NAME = 2,
    2274. 

  2274. 	GNUTLS_SAN_URI = 3,
    2275. 

  2275. 	GNUTLS_SAN_IPADDRESS = 4,
    2276. 

  2276. 	GNUTLS_SAN_OTHERNAME = 5,
    2277. 

  2277. 	GNUTLS_SAN_DN = 6,
    2278. 

  2278. 	GNUTLS_SAN_MAX = GNUTLS_SAN_DN,
    2279. 

  2279. 	/* The following are "virtual" subject alternative name types, in
    2280. 

  2280. 	   that they are represented by an otherName value and an OID.
    2281. 

  2281. 	   Used by gnutls_x509_crt_get_subject_alt_othername_oid.  */
    2282. 

  2282. 	GNUTLS_SAN_OTHERNAME_XMPP = 1000,
    2283. 

  2283. 	GNUTLS_SAN_OTHERNAME_KRB5PRINCIPAL
    2284. 

  2284. } gnutls_x509_subject_alt_name_t;
    2285. 

  2285. 

  2286. struct gnutls_openpgp_crt_int;
    2287. 

  2287. typedef struct gnutls_openpgp_crt_int *gnutls_openpgp_crt_t;
    2288. 

  2288. 

  2289. struct gnutls_openpgp_privkey_int;
    2290. 

  2290. typedef struct gnutls_openpgp_privkey_int *gnutls_openpgp_privkey_t;
    2291. 

  2291. 

  2292. struct gnutls_pkcs11_privkey_st;
    2293. 

  2293. typedef struct gnutls_pkcs11_privkey_st *gnutls_pkcs11_privkey_t;
    2294. 

  2294. 

  2295. /**
    2296. 

  2296.  * gnutls_privkey_type_t:
    2297. 

  2297.  * @GNUTLS_PRIVKEY_X509: X.509 private key, #gnutls_x509_privkey_t.
    2298. 

  2298.  * @GNUTLS_PRIVKEY_OPENPGP: OpenPGP private key, #gnutls_openpgp_privkey_t.
    2299. 

  2299.  * @GNUTLS_PRIVKEY_PKCS11: PKCS11 private key, #gnutls_pkcs11_privkey_t.
    2300. 

  2300.  * @GNUTLS_PRIVKEY_EXT: External private key, operating using callbacks.
    2301. 

  2301.  *
    2302. 

  2302.  * Enumeration of different private key types.
    2303. 

  2303.  */
    2304. 

  2304. typedef enum {
    2305. 

  2305. 	GNUTLS_PRIVKEY_X509,
    2306. 

  2306. 	GNUTLS_PRIVKEY_OPENPGP,
    2307. 

  2307. 	GNUTLS_PRIVKEY_PKCS11,
    2308. 

  2308. 	GNUTLS_PRIVKEY_EXT
    2309. 

  2309. } gnutls_privkey_type_t;
    2310. 

  2310. 

  2311. typedef struct gnutls_retr2_st {
    2312. 

  2312. 	gnutls_certificate_type_t cert_type;
    2313. 

  2313. 	gnutls_privkey_type_t key_type;
    2314. 

  2314. 

  2315. 	union {
    2316. 

  2316. 		gnutls_x509_crt_t *x509;
    2317. 

  2317. 		gnutls_openpgp_crt_t pgp;
    2318. 

  2318. 	} cert;
    2319. 

  2319. 	unsigned int ncerts;	/* one for pgp keys */
    2320. 

  2320. 

  2321. 	union {
    2322. 

  2322. 		gnutls_x509_privkey_t x509;
    2323. 

  2323. 		gnutls_openpgp_privkey_t pgp;
    2324. 

  2324. 		gnutls_pkcs11_privkey_t pkcs11;
    2325. 

  2325. 	} key;
    2326. 

  2326. 

  2327. 	unsigned int deinit_all;	/* if non zero all keys will be deinited */
    2328. 

  2328. } gnutls_retr2_st;
    2329. 

  2329. 

  2330. 

  2331.   /* Functions that allow auth_info_t structures handling
    2332. 

  2332.    */
    2333. 

  2333. 

  2334. gnutls_credentials_type_t gnutls_auth_get_type(gnutls_session_t session);
    2335. 

  2335. gnutls_credentials_type_t
    2336. 

  2336. gnutls_auth_server_get_type(gnutls_session_t session);
    2337. 

  2337. gnutls_credentials_type_t
    2338. 

  2338. gnutls_auth_client_get_type(gnutls_session_t session);
    2339. 

  2339. 

  2340.   /* DH */
    2341. 

  2341. 

  2342. void gnutls_dh_set_prime_bits(gnutls_session_t session, unsigned int bits);
    2343. 

  2343. int gnutls_dh_get_secret_bits(gnutls_session_t session);
    2344. 

  2344. int gnutls_dh_get_peers_public_bits(gnutls_session_t session);
    2345. 

  2345. int gnutls_dh_get_prime_bits(gnutls_session_t session);
    2346. 

  2346. 

  2347. int gnutls_dh_get_group(gnutls_session_t session, gnutls_datum_t * raw_gen,
    2348. 

  2348. 			gnutls_datum_t * raw_prime);
    2349. 

  2349. int gnutls_dh_get_pubkey(gnutls_session_t session,
    2350. 

  2350. 			 gnutls_datum_t * raw_key);
    2351. 

  2351. 

  2352.   /* X509PKI */
    2353. 

  2353. 

  2354. 

  2355.   /* These are set on the credentials structure.
    2356. 

  2356.    */
    2357. 

  2357. 

  2358.   /* use gnutls_certificate_set_retrieve_function2() in abstract.h
    2359. 

  2359.    * instead. It's much more efficient.
    2360. 

  2360.    */
    2361. 

  2361. 

  2362. typedef int gnutls_certificate_retrieve_function(gnutls_session_t,
    2363. 

  2363. 						 const
    2364. 

  2364. 						 gnutls_datum_t *
    2365. 

  2365. 						 req_ca_rdn,
    2366. 

  2366. 						 int nreqs,
    2367. 

  2367. 						 const
    2368. 

  2368. 						 gnutls_pk_algorithm_t
    2369. 

  2369. 						 * pk_algos,
    2370. 

  2370. 						 int
    2371. 

  2371. 						 pk_algos_length,
    2372. 

  2372. 						 gnutls_retr2_st *);
    2373. 

  2373. 

  2374. 

  2375. void
    2376. 

  2376. gnutls_certificate_set_retrieve_function(gnutls_certificate_credentials_t
    2377. 

  2377. 					 cred,
    2378. 

  2378. 					 gnutls_certificate_retrieve_function
    2379. 

  2379. 					 * func);
    2380. 

  2380. 

  2381. void
    2382. 

  2382. gnutls_certificate_set_verify_function(gnutls_certificate_credentials_t
    2383. 

  2383. 				       cred,
    2384. 

  2384. 				       gnutls_certificate_verify_function
    2385. 

  2385. 				       * func);
    2386. 

  2386. 

  2387. void
    2388. 

  2388. gnutls_certificate_server_set_request(gnutls_session_t session,
    2389. 

  2389. 				      gnutls_certificate_request_t req);
    2390. 

  2390. 

  2391.   /* get data from the session
    2392. 

  2392.    */
    2393. 

  2393. const gnutls_datum_t *gnutls_certificate_get_peers(gnutls_session_t
    2394. 

  2394. 						   session, unsigned int
    2395. 

  2395. 						   *list_size);
    2396. 

  2396. const gnutls_datum_t *gnutls_certificate_get_ours(gnutls_session_t
    2397. 

  2397. 						  session);
    2398. 

  2398. 

  2399. int gnutls_certificate_get_peers_subkey_id(gnutls_session_t session,
    2400. 

  2400. 					   gnutls_datum_t * id);
    2401. 

  2401. 

  2402. time_t gnutls_certificate_activation_time_peers(gnutls_session_t session);
    2403. 

  2403. time_t gnutls_certificate_expiration_time_peers(gnutls_session_t session);
    2404. 

  2404. 

  2405. int gnutls_certificate_client_get_request_status(gnutls_session_t session);
    2406. 

  2406. int gnutls_certificate_verify_peers2(gnutls_session_t session,
    2407. 

  2407. 				     unsigned int *status);
    2408. 

  2408. int gnutls_certificate_verify_peers3(gnutls_session_t session,
    2409. 

  2409. 				     const char *hostname,
    2410. 

  2410. 				     unsigned int *status);
    2411. 

  2411. 

  2412. int
    2413. 

  2413. gnutls_certificate_verify_peers(gnutls_session_t session,
    2414. 

  2414. 				gnutls_typed_vdata_st * data,
    2415. 

  2415. 				unsigned int elements,
    2416. 

  2416. 				unsigned int *status);
    2417. 

  2417. 

  2418. int gnutls_certificate_verification_status_print(unsigned int status,
    2419. 

  2419. 						 gnutls_certificate_type_t
    2420. 

  2420. 						 type,
    2421. 

  2421. 						 gnutls_datum_t * out,
    2422. 

  2422. 						 unsigned int flags);
    2423. 

  2423. 

  2424. int gnutls_pem_base64_encode(const char *msg, const gnutls_datum_t * data,
    2425. 

  2425. 			     char *result, size_t * result_size);
    2426. 

  2426. int gnutls_pem_base64_decode(const char *header,
    2427. 

  2427. 			     const gnutls_datum_t * b64_data,
    2428. 

  2428. 			     unsigned char *result, size_t * result_size);
    2429. 

  2429. 

  2430. int gnutls_pem_base64_encode2(const char *msg,
    2431. 

  2431. 				   const gnutls_datum_t * data,
    2432. 

  2432. 				   gnutls_datum_t * result);
    2433. 

  2433. int gnutls_pem_base64_decode2(const char *header,
    2434. 

  2434. 				   const gnutls_datum_t * b64_data,
    2435. 

  2435. 				   gnutls_datum_t * result);
    2436. 

  2436. 

  2437. int gnutls_base64_encode2(const gnutls_datum_t * data,
    2438. 

  2438. 			  gnutls_datum_t * result);
    2439. 

  2439. int gnutls_base64_decode2(const gnutls_datum_t * b64_data,
    2440. 

  2440. 			  gnutls_datum_t * result);
    2441. 

  2441. 

  2442. #define gnutls_pem_base64_encode_alloc gnutls_pem_base64_encode2
    2443. 

  2443. #define gnutls_pem_base64_decode_alloc gnutls_pem_base64_decode2
    2444. 

  2444. 

  2445.   /* key_usage will be an OR of the following values:
    2446. 

  2446.    */
    2447. 

  2447. 

  2448.   /* when the key is to be used for signing: */
    2449. 

  2449. #define GNUTLS_KEY_DIGITAL_SIGNATURE	128
    2450. 

  2450. #define GNUTLS_KEY_NON_REPUDIATION	64
    2451. 

  2451.   /* when the key is to be used for encryption: */
    2452. 

  2452. #define GNUTLS_KEY_KEY_ENCIPHERMENT	32
    2453. 

  2453. #define GNUTLS_KEY_DATA_ENCIPHERMENT	16
    2454. 

  2454. #define GNUTLS_KEY_KEY_AGREEMENT	8
    2455. 

  2455. #define GNUTLS_KEY_KEY_CERT_SIGN	4
    2456. 

  2456. #define GNUTLS_KEY_CRL_SIGN		2
    2457. 

  2457. #define GNUTLS_KEY_ENCIPHER_ONLY	1
    2458. 

  2458. #define GNUTLS_KEY_DECIPHER_ONLY	32768
    2459. 

  2459. 

  2460. void
    2461. 

  2461. gnutls_certificate_set_params_function(gnutls_certificate_credentials_t
    2462. 

  2462. 				       res, gnutls_params_function * func);
    2463. 

  2463. void gnutls_anon_set_params_function(gnutls_anon_server_credentials_t res,
    2464. 

  2464. 				     gnutls_params_function * func);
    2465. 

  2465. void gnutls_psk_set_params_function(gnutls_psk_server_credentials_t res,
    2466. 

  2466. 				    gnutls_params_function * func);
    2467. 

  2467. 

  2468. int gnutls_hex2bin(const char *hex_data, size_t hex_size,
    2469. 

  2469. 		   void *bin_data, size_t * bin_size);
    2470. 

  2470. 

  2471.   /* Trust on first use (or ssh like) functions */
    2472. 

  2472. 

  2473.   /* stores the provided information to a database
    2474. 

  2474.    */
    2475. 

  2475. typedef int (*gnutls_tdb_store_func) (const char *db_name,
    2476. 

  2476. 				      const char *host,
    2477. 

  2477. 				      const char *service,
    2478. 

  2478. 				      time_t expiration,
    2479. 

  2479. 				      const gnutls_datum_t * pubkey);
    2480. 

  2480. 

  2481. typedef int (*gnutls_tdb_store_commitment_func) (const char *db_name,
    2482. 

  2482. 						 const char *host,
    2483. 

  2483. 						 const char *service,
    2484. 

  2484. 						 time_t expiration,
    2485. 

  2485. 						 gnutls_digest_algorithm_t
    2486. 

  2486. 						 hash_algo,
    2487. 

  2487. 						 const gnutls_datum_t *
    2488. 

  2488. 						 hash);
    2489. 

  2489. 

  2490.   /* searches for the provided host/service pair that match the
    2491. 

  2491.    * provided public key in the database. */
    2492. 

  2492. typedef int (*gnutls_tdb_verify_func) (const char *db_name,
    2493. 

  2493. 				       const char *host,
    2494. 

  2494. 				       const char *service,
    2495. 

  2495. 				       const gnutls_datum_t * pubkey);
    2496. 

  2496. 

  2497. 

  2498. struct gnutls_tdb_int;
    2499. 

  2499. typedef struct gnutls_tdb_int *gnutls_tdb_t;
    2500. 

  2500. 

  2501. int gnutls_tdb_init(gnutls_tdb_t * tdb);
    2502. 

  2502. void gnutls_tdb_set_store_func(gnutls_tdb_t tdb,
    2503. 

  2503. 			       gnutls_tdb_store_func store);
    2504. 

  2504. void gnutls_tdb_set_store_commitment_func(gnutls_tdb_t tdb,
    2505. 

  2505. 					  gnutls_tdb_store_commitment_func
    2506. 

  2506. 					  cstore);
    2507. 

  2507. void gnutls_tdb_set_verify_func(gnutls_tdb_t tdb,
    2508. 

  2508. 				gnutls_tdb_verify_func verify);
    2509. 

  2509. void gnutls_tdb_deinit(gnutls_tdb_t tdb);
    2510. 

  2510. 

  2511. int gnutls_verify_stored_pubkey(const char *db_name,
    2512. 

  2512. 				gnutls_tdb_t tdb,
    2513. 

  2513. 				const char *host,
    2514. 

  2514. 				const char *service,
    2515. 

  2515. 				gnutls_certificate_type_t cert_type,
    2516. 

  2516. 				const gnutls_datum_t * cert,
    2517. 

  2517. 				unsigned int flags);
    2518. 

  2518. 

  2519. #define GNUTLS_SCOMMIT_FLAG_ALLOW_BROKEN 1
    2520. 

  2520. int gnutls_store_commitment(const char *db_name,
    2521. 

  2521. 			    gnutls_tdb_t tdb,
    2522. 

  2522. 			    const char *host,
    2523. 

  2523. 			    const char *service,
    2524. 

  2524. 			    gnutls_digest_algorithm_t hash_algo,
    2525. 

  2525. 			    const gnutls_datum_t * hash,
    2526. 

  2526. 			    time_t expiration, unsigned int flags);
    2527. 

  2527. 

  2528. int gnutls_store_pubkey(const char *db_name,
    2529. 

  2529. 			gnutls_tdb_t tdb,
    2530. 

  2530. 			const char *host,
    2531. 

  2531. 			const char *service,
    2532. 

  2532. 			gnutls_certificate_type_t cert_type,
    2533. 

  2533. 			const gnutls_datum_t * cert,
    2534. 

  2534. 			time_t expiration, unsigned int flags);
    2535. 

  2535. 

  2536.   /* Other helper functions */
    2537. 

  2537. int gnutls_load_file(const char *filename, gnutls_datum_t * data);
    2538. 

  2538. 

  2539. unsigned gnutls_url_is_supported(const char *url);
    2540. 

  2540. 

  2541.   /* PIN callback */
    2542. 

  2542. 

  2543. /**
    2544. 

  2544.  * gnutls_pin_flag_t:
    2545. 

  2545.  * @GNUTLS_PIN_USER: The PIN for the user.
    2546. 

  2546.  * @GNUTLS_PIN_SO: The PIN for the security officer (admin).
    2547. 

  2547.  * @GNUTLS_PIN_CONTEXT_SPECIFIC: The PIN is for a specific action and key like signing.
    2548. 

  2548.  * @GNUTLS_PIN_FINAL_TRY: This is the final try before blocking.
    2549. 

  2549.  * @GNUTLS_PIN_COUNT_LOW: Few tries remain before token blocks.
    2550. 

  2550.  * @GNUTLS_PIN_WRONG: Last given PIN was not correct.
    2551. 

  2551.  *
    2552. 

  2552.  * Enumeration of different flags that are input to the PIN function.
    2553. 

  2553.  */
    2554. 

  2554. typedef enum {
    2555. 

  2555. 	GNUTLS_PIN_USER = (1 << 0),
    2556. 

  2556. 	GNUTLS_PIN_SO = (1 << 1),
    2557. 

  2557. 	GNUTLS_PIN_FINAL_TRY = (1 << 2),
    2558. 

  2558. 	GNUTLS_PIN_COUNT_LOW = (1 << 3),
    2559. 

  2559. 	GNUTLS_PIN_CONTEXT_SPECIFIC = (1 << 4),
    2560. 

  2560. 	GNUTLS_PIN_WRONG = (1 << 5)
    2561. 

  2561. } gnutls_pin_flag_t;
    2562. 

  2562. 

  2563. #define GNUTLS_PKCS11_PIN_USER GNUTLS_PIN_USER
    2564. 

  2564. #define GNUTLS_PKCS11_PIN_SO GNUTLS_PIN_SO
    2565. 

  2565. #define GNUTLS_PKCS11_PIN_FINAL_TRY GNUTLS_PIN_FINAL_TRY
    2566. 

  2566. #define GNUTLS_PKCS11_PIN_COUNT_LOW  GNUTLS_PIN_COUNT_LOW
    2567. 

  2567. #define GNUTLS_PKCS11_PIN_CONTEXT_SPECIFIC GNUTLS_PIN_CONTEXT_SPECIFIC
    2568. 

  2568. #define GNUTLS_PKCS11_PIN_WRONG GNUTLS_PIN_WRONG
    2569. 

  2569. 

  2570. /**
    2571. 

  2571.  * gnutls_pin_callback_t:
    2572. 

  2572.  * @userdata: user-controlled data from gnutls_pkcs11_set_pin_function().
    2573. 

  2573.  * @attempt: pin-attempt counter, initially 0.
    2574. 

  2574.  * @token_url: URL of token.
    2575. 

  2575.  * @token_label: label of token.
    2576. 

  2576.  * @flags: a #gnutls_pin_flag_t flag.
    2577. 

  2577.  * @pin: buffer to hold PIN, of size @pin_max.
    2578. 

  2578.  * @pin_max: size of @pin buffer.
    2579. 

  2579.  *
    2580. 

  2580.  * Callback function type for PKCS#11 or TPM PIN entry.  It is set by
    2581. 

  2581.  * functions like gnutls_pkcs11_set_pin_function().
    2582. 

  2582.  *
    2583. 

  2583.  * The callback should provides the PIN code to unlock the token with
    2584. 

  2584.  * label @token_label, specified by the URL @token_url.
    2585. 

  2585.  *
    2586. 

  2586.  * The PIN code, as a NUL-terminated ASCII string, should be copied
    2587. 

  2587.  * into the @pin buffer (of maximum size @pin_max), and return 0 to
    2588. 

  2588.  * indicate success.  Alternatively, the callback may return a
    2589. 

  2589.  * negative gnutls error code to indicate failure and cancel PIN entry
    2590. 

  2590.  * (in which case, the contents of the @pin parameter are ignored).
    2591. 

  2591.  *
    2592. 

  2592.  * When a PIN is required, the callback will be invoked repeatedly
    2593. 

  2593.  * (and indefinitely) until either the returned PIN code is correct,
    2594. 

  2594.  * the callback returns failure, or the token refuses login (e.g. when
    2595. 

  2595.  * the token is locked due to too many incorrect PINs!).  For the
    2596. 

  2596.  * first such invocation, the @attempt counter will have value zero;
    2597. 

  2597.  * it will increase by one for each subsequent attempt.
    2598. 

  2598.  *
    2599. 

  2599.  * Returns: %GNUTLS_E_SUCCESS (0) on success or a negative error code on error.
    2600. 

  2600.  *
    2601. 

  2601.  * Since: 2.12.0
    2602. 

  2602.  **/
    2603. 

  2603. typedef int (*gnutls_pin_callback_t) (void *userdata, int attempt,
    2604. 

  2604. 				      const char *token_url,
    2605. 

  2605. 				      const char *token_label,
    2606. 

  2606. 				      unsigned int flags,
    2607. 

  2607. 				      char *pin, size_t pin_max);
    2608. 

  2608. 

  2609. void gnutls_certificate_set_pin_function(gnutls_certificate_credentials_t,
    2610. 

  2610. 					 gnutls_pin_callback_t fn,
    2611. 

  2611. 					 void *userdata);
    2612. 

  2612. 

  2613. /* Public string related functions */
    2614. 

  2614. typedef struct gnutls_buffer_st *gnutls_buffer_t;
    2615. 

  2615. 

  2616. int gnutls_buffer_append_data(gnutls_buffer_t, const void *data, size_t data_size);
    2617. 

  2617. 

  2618. #define GNUTLS_UTF8_IGNORE_ERRS 1
    2619. 

  2619. int gnutls_utf8_password_normalize(const unsigned char *password, unsigned password_len,
    2620. 

  2620. 				   gnutls_datum_t *out, unsigned flags);
    2621. 

  2621. 

  2622. /* Public extensions related functions */
    2623. 

  2623. 

  2624. typedef void *gnutls_ext_priv_data_t;
    2625. 

  2625. 

  2626. void gnutls_ext_set_data(gnutls_session_t session, unsigned type,
    2627. 

  2627. 			 gnutls_ext_priv_data_t);
    2628. 

  2628. int gnutls_ext_get_data(gnutls_session_t session, unsigned type,
    2629. 

  2629. 			gnutls_ext_priv_data_t *);
    2630. 

  2630. 

  2631. typedef int (*gnutls_ext_recv_func) (gnutls_session_t session,
    2632. 

  2632. 				     const unsigned char *data,
    2633. 

  2633. 				     size_t len);
    2634. 

  2634. 

  2635. typedef int (*gnutls_ext_send_func) (gnutls_session_t session,
    2636. 

  2636. 				     gnutls_buffer_t extdata);
    2637. 

  2637. 

  2638. typedef void (*gnutls_ext_deinit_data_func) (gnutls_ext_priv_data_t data);
    2639. 

  2639. 

  2640. typedef int (*gnutls_ext_pack_func) (gnutls_ext_priv_data_t data,
    2641. 

  2641. 				     gnutls_buffer_t packed_data);
    2642. 

  2642. 

  2643. typedef int (*gnutls_ext_unpack_func) (gnutls_buffer_t packed_data,
    2644. 

  2644. 				       gnutls_ext_priv_data_t *data);
    2645. 

  2645. 

  2646. 

  2647. /**
    2648. 

  2648.  * gnutls_ext_parse_type_t:
    2649. 

  2649.  * @GNUTLS_EXT_NONE: Never parsed
    2650. 

  2650.  * @GNUTLS_EXT_ANY: Any extension type (internal use only).
    2651. 

  2651.  * @GNUTLS_EXT_APPLICATION: Application extension.
    2652. 

  2652.  * @GNUTLS_EXT_TLS: TLS-internal extension.
    2653. 

  2653.  * @GNUTLS_EXT_MANDATORY: Extension parsed even if resuming (or extensions are disabled).
    2654. 

  2654.  *
    2655. 

  2655.  * Enumeration of different TLS extension types.  This type is
    2656. 

  2656.  * to indicate whether an extension is useful to application
    2657. 

  2657.  * level or TLS level only.  This is used to parse the
    2658. 

  2658.  * application level extensions before the "client_hello" callback
    2659. 

  2659.  * is called.
    2660. 

  2660.  */
    2661. 

  2661. typedef enum {
    2662. 

  2662.   GNUTLS_EXT_ANY = 0,
    2663. 

  2663.   GNUTLS_EXT_APPLICATION = 1,
    2664. 

  2664.   GNUTLS_EXT_TLS = 2,
    2665. 

  2665.   GNUTLS_EXT_MANDATORY = 3,
    2666. 

  2666.   GNUTLS_EXT_NONE = 4
    2667. 

  2667. } gnutls_ext_parse_type_t;
    2668. 

  2668. 

  2669. /**
    2670. 

  2670.  * gnutls_ext_flags_t:
    2671. 

  2671.  * @GNUTLS_EXT_FLAG_OVERRIDE_INTERNAL: If specified the extension registered will override the internal; this does not work with extensions existing prior to 3.6.0.
    2672. 

  2672.  *
    2673. 

  2673.  * Enumeration of different TLS extension registration flags.
    2674. 

  2674.  */
    2675. 

  2675. typedef enum {
    2676. 

  2676.   GNUTLS_EXT_FLAG_OVERRIDE_INTERNAL = 1
    2677. 

  2677. } gnutls_ext_flags_t;
    2678. 

  2678. 

  2679. /* Register a custom tls extension
    2680. 

  2680.  */
    2681. 

  2681. int gnutls_ext_register(const char *name, int type, gnutls_ext_parse_type_t parse_type,
    2682. 

  2682. 				gnutls_ext_recv_func recv_func, gnutls_ext_send_func send_func, 
    2683. 

  2683. 				gnutls_ext_deinit_data_func deinit_func, gnutls_ext_pack_func pack_func,
    2684. 

  2684. 				gnutls_ext_unpack_func unpack_func);
    2685. 

  2685. 

  2686. int gnutls_session_ext_register(gnutls_session_t, const char *name, int type, gnutls_ext_parse_type_t parse_type,
    2687. 

  2687. 				gnutls_ext_recv_func recv_func, gnutls_ext_send_func send_func, 
    2688. 

  2688. 				gnutls_ext_deinit_data_func deinit_func, gnutls_ext_pack_func pack_func,
    2689. 

  2689. 				gnutls_ext_unpack_func unpack_func, unsigned flags);
    2690. 

  2690. 

  2691. const char *gnutls_ext_get_name(unsigned int ext);
    2692. 

  2692. 

  2693. /* Public supplemental data related functions */
    2694. 

  2694. 

  2695. typedef int (*gnutls_supp_recv_func) (gnutls_session_t session,
    2696. 

  2696. 			       const unsigned char * data, size_t data_size);
    2697. 

  2697. typedef int (*gnutls_supp_send_func) (gnutls_session_t session,
    2698. 

  2698. 			       gnutls_buffer_t buf);
    2699. 

  2699. 

  2700. int gnutls_supplemental_register(const char *name, 
    2701. 

  2701. 				gnutls_supplemental_data_format_type_t type, 
    2702. 

  2702. 				gnutls_supp_recv_func supp_recv_func,
    2703. 

  2703. 				gnutls_supp_send_func supp_send_func);
    2704. 

  2704. 

  2705. int gnutls_session_supplemental_register(gnutls_session_t session, const char *name,
    2706. 

  2706. 				gnutls_supplemental_data_format_type_t type, 
    2707. 

  2707. 				gnutls_supp_recv_func supp_recv_func,
    2708. 

  2708. 				gnutls_supp_send_func supp_send_func,
    2709. 

  2709. 				unsigned int flags);
    2710. 

  2710. 

  2711. void gnutls_supplemental_recv(gnutls_session_t session, unsigned do_recv_supplemental);
    2712. 

  2712. 

  2713. void gnutls_supplemental_send(gnutls_session_t session, unsigned do_send_supplemental);
    2714. 

  2714. 

  2715. /* FIPS140-2 related functions */
    2716. 

  2716. unsigned gnutls_fips140_mode_enabled(void);
    2717. 

  2717. 

  2718.   /* Gnutls error codes. The mapping to a TLS alert is also shown in
    2719. 

  2719.    * comments.
    2720. 

  2720.    */
    2721. 

  2721. 

  2722. #define GNUTLS_E_SUCCESS 0
    2723. 

  2723. #define	GNUTLS_E_UNKNOWN_COMPRESSION_ALGORITHM -3
    2724. 

  2724. #define	GNUTLS_E_UNKNOWN_CIPHER_TYPE -6
    2725. 

  2725. #define	GNUTLS_E_LARGE_PACKET -7
    2726. 

  2726. #define GNUTLS_E_UNSUPPORTED_VERSION_PACKET -8	/* GNUTLS_A_PROTOCOL_VERSION */
    2727. 

  2727. #define GNUTLS_E_TLS_PACKET_DECODING_ERROR GNUTLS_E_UNEXPECTED_PACKET_LENGTH
    2728. 

  2728. #define GNUTLS_E_UNEXPECTED_PACKET_LENGTH -9	/* GNUTLS_A_DECODE_ERROR */
    2729. 

  2729. #define GNUTLS_E_INVALID_SESSION -10
    2730. 

  2730. #define GNUTLS_E_FATAL_ALERT_RECEIVED -12
    2731. 

  2731. #define GNUTLS_E_UNEXPECTED_PACKET -15	/* GNUTLS_A_UNEXPECTED_MESSAGE */
    2732. 

  2732. #define GNUTLS_E_WARNING_ALERT_RECEIVED -16
    2733. 

  2733. #define GNUTLS_E_ERROR_IN_FINISHED_PACKET -18
    2734. 

  2734. #define GNUTLS_E_UNEXPECTED_HANDSHAKE_PACKET -19
    2735. 

  2735. #define	GNUTLS_E_UNKNOWN_CIPHER_SUITE -21	/* GNUTLS_A_HANDSHAKE_FAILURE */
    2736. 

  2736. #define	GNUTLS_E_UNWANTED_ALGORITHM -22
    2737. 

  2737. #define	GNUTLS_E_MPI_SCAN_FAILED -23
    2738. 

  2738. #define GNUTLS_E_DECRYPTION_FAILED -24	/* GNUTLS_A_DECRYPTION_FAILED, GNUTLS_A_BAD_RECORD_MAC */
    2739. 

  2739. #define GNUTLS_E_MEMORY_ERROR -25
    2740. 

  2740. #define GNUTLS_E_DECOMPRESSION_FAILED -26	/* GNUTLS_A_DECOMPRESSION_FAILURE */
    2741. 

  2741. #define GNUTLS_E_COMPRESSION_FAILED -27
    2742. 

  2742. #define GNUTLS_E_AGAIN -28
    2743. 

  2743. #define GNUTLS_E_EXPIRED -29
    2744. 

  2744. #define GNUTLS_E_DB_ERROR -30
    2745. 

  2745. #define GNUTLS_E_SRP_PWD_ERROR -31
    2746. 

  2746. #define GNUTLS_E_INSUFFICIENT_CREDENTIALS -32
    2747. 

  2747. #define GNUTLS_E_INSUFICIENT_CREDENTIALS GNUTLS_E_INSUFFICIENT_CREDENTIALS	/* for backwards compatibility only */
    2748. 

  2748. #define GNUTLS_E_INSUFFICIENT_CRED GNUTLS_E_INSUFFICIENT_CREDENTIALS
    2749. 

  2749. #define GNUTLS_E_INSUFICIENT_CRED GNUTLS_E_INSUFFICIENT_CREDENTIALS	/* for backwards compatibility only */
    2750. 

  2750. 

  2751. #define GNUTLS_E_HASH_FAILED -33
    2752. 

  2752. #define GNUTLS_E_BASE64_DECODING_ERROR -34
    2753. 

  2753. 

  2754. #define	GNUTLS_E_MPI_PRINT_FAILED -35
    2755. 

  2755. #define GNUTLS_E_REHANDSHAKE -37	/* GNUTLS_A_NO_RENEGOTIATION */
    2756. 

  2756. #define GNUTLS_E_GOT_APPLICATION_DATA -38
    2757. 

  2757. #define GNUTLS_E_RECORD_LIMIT_REACHED -39
    2758. 

  2758. #define GNUTLS_E_ENCRYPTION_FAILED -40
    2759. 

  2759. 

  2760. #define GNUTLS_E_PK_ENCRYPTION_FAILED -44
    2761. 

  2761. #define GNUTLS_E_PK_DECRYPTION_FAILED -45
    2762. 

  2762. #define GNUTLS_E_PK_SIGN_FAILED -46
    2763. 

  2763. #define GNUTLS_E_X509_UNSUPPORTED_CRITICAL_EXTENSION -47
    2764. 

  2764. #define GNUTLS_E_KEY_USAGE_VIOLATION -48
    2765. 

  2765. #define GNUTLS_E_NO_CERTIFICATE_FOUND -49	/* GNUTLS_A_BAD_CERTIFICATE */
    2766. 

  2766. #define GNUTLS_E_INVALID_REQUEST -50
    2767. 

  2767. #define GNUTLS_E_SHORT_MEMORY_BUFFER -51
    2768. 

  2768. #define GNUTLS_E_INTERRUPTED -52
    2769. 

  2769. #define GNUTLS_E_PUSH_ERROR -53
    2770. 

  2770. #define GNUTLS_E_PULL_ERROR -54
    2771. 

  2771. #define GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER -55	/* GNUTLS_A_ILLEGAL_PARAMETER */
    2772. 

  2772. #define GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE -56
    2773. 

  2773. #define GNUTLS_E_PKCS1_WRONG_PAD -57
    2774. 

  2774. #define GNUTLS_E_RECEIVED_ILLEGAL_EXTENSION -58
    2775. 

  2775. #define GNUTLS_E_INTERNAL_ERROR -59
    2776. 

  2776. #define GNUTLS_E_DH_PRIME_UNACCEPTABLE -63
    2777. 

  2777. #define GNUTLS_E_FILE_ERROR -64
    2778. 

  2778. #define GNUTLS_E_TOO_MANY_EMPTY_PACKETS -78
    2779. 

  2779. #define GNUTLS_E_UNKNOWN_PK_ALGORITHM -80
    2780. 

  2780. #define GNUTLS_E_TOO_MANY_HANDSHAKE_PACKETS -81
    2781. 

  2781. 

  2782.   /* returned if you need to generate temporary RSA
    2783. 

  2783.    * parameters. These are needed for export cipher suites.
    2784. 

  2784.    */
    2785. 

  2785. #define GNUTLS_E_NO_TEMPORARY_RSA_PARAMS -84
    2786. 

  2786. 

  2787. #define GNUTLS_E_NO_COMPRESSION_ALGORITHMS -86
    2788. 

  2788. #define GNUTLS_E_NO_CIPHER_SUITES -87
    2789. 

  2789. 

  2790. #define GNUTLS_E_OPENPGP_GETKEY_FAILED -88
    2791. 

  2791. #define GNUTLS_E_PK_SIG_VERIFY_FAILED -89
    2792. 

  2792. 

  2793. #define GNUTLS_E_ILLEGAL_SRP_USERNAME -90
    2794. 

  2794. #define GNUTLS_E_SRP_PWD_PARSING_ERROR -91
    2795. 

  2795. #define GNUTLS_E_NO_TEMPORARY_DH_PARAMS -93
    2796. 

  2796. 

  2797.   /* For certificate and key stuff
    2798. 

  2798.    */
    2799. 

  2799. #define GNUTLS_E_ASN1_ELEMENT_NOT_FOUND -67
    2800. 

  2800. #define GNUTLS_E_ASN1_IDENTIFIER_NOT_FOUND -68
    2801. 

  2801. #define GNUTLS_E_ASN1_DER_ERROR -69
    2802. 

  2802. #define GNUTLS_E_ASN1_VALUE_NOT_FOUND -70
    2803. 

  2803. #define GNUTLS_E_ASN1_GENERIC_ERROR -71
    2804. 

  2804. #define GNUTLS_E_ASN1_VALUE_NOT_VALID -72
    2805. 

  2805. #define GNUTLS_E_ASN1_TAG_ERROR -73
    2806. 

  2806. #define GNUTLS_E_ASN1_TAG_IMPLICIT -74
    2807. 

  2807. #define GNUTLS_E_ASN1_TYPE_ANY_ERROR -75
    2808. 

  2808. #define GNUTLS_E_ASN1_SYNTAX_ERROR -76
    2809. 

  2809. #define GNUTLS_E_ASN1_DER_OVERFLOW -77
    2810. 

  2810. #define GNUTLS_E_OPENPGP_UID_REVOKED -79
    2811. 

  2811. #define GNUTLS_E_CERTIFICATE_ERROR -43
    2812. 

  2812. #define GNUTLS_E_X509_CERTIFICATE_ERROR GNUTLS_E_CERTIFICATE_ERROR
    2813. 

  2813. #define GNUTLS_E_CERTIFICATE_KEY_MISMATCH -60
    2814. 

  2814. #define GNUTLS_E_UNSUPPORTED_CERTIFICATE_TYPE -61	/* GNUTLS_A_UNSUPPORTED_CERTIFICATE */
    2815. 

  2815. #define GNUTLS_E_X509_UNKNOWN_SAN -62
    2816. 

  2816. #define GNUTLS_E_OPENPGP_FINGERPRINT_UNSUPPORTED -94
    2817. 

  2817. #define GNUTLS_E_X509_UNSUPPORTED_ATTRIBUTE -95
    2818. 

  2818. #define GNUTLS_E_UNKNOWN_HASH_ALGORITHM -96
    2819. 

  2819. #define GNUTLS_E_UNKNOWN_PKCS_CONTENT_TYPE -97
    2820. 

  2820. #define GNUTLS_E_UNKNOWN_PKCS_BAG_TYPE -98
    2821. 

  2821. #define GNUTLS_E_INVALID_PASSWORD -99
    2822. 

  2822. #define GNUTLS_E_MAC_VERIFY_FAILED -100	/* for PKCS #12 MAC */
    2823. 

  2823. #define GNUTLS_E_CONSTRAINT_ERROR -101
    2824. 

  2824. 

  2825. #define GNUTLS_E_WARNING_IA_IPHF_RECEIVED -102
    2826. 

  2826. #define GNUTLS_E_WARNING_IA_FPHF_RECEIVED -103
    2827. 

  2827. 

  2828. #define GNUTLS_E_IA_VERIFY_FAILED -104
    2829. 

  2829. #define GNUTLS_E_UNKNOWN_ALGORITHM -105
    2830. 

  2830. #define GNUTLS_E_UNSUPPORTED_SIGNATURE_ALGORITHM -106
    2831. 

  2831. #define GNUTLS_E_SAFE_RENEGOTIATION_FAILED -107
    2832. 

  2832. #define GNUTLS_E_UNSAFE_RENEGOTIATION_DENIED -108
    2833. 

  2833. #define GNUTLS_E_UNKNOWN_SRP_USERNAME -109
    2834. 

  2834. #define GNUTLS_E_PREMATURE_TERMINATION -110
    2835. 

  2835. 

  2836. #define GNUTLS_E_MALFORMED_CIDR -111
    2837. 

  2837. 

  2838. #define GNUTLS_E_BASE64_ENCODING_ERROR -201
    2839. 

  2839. #define GNUTLS_E_INCOMPATIBLE_GCRYPT_LIBRARY -202	/* obsolete */
    2840. 

  2840. #define GNUTLS_E_INCOMPATIBLE_CRYPTO_LIBRARY -202
    2841. 

  2841. #define GNUTLS_E_INCOMPATIBLE_LIBTASN1_LIBRARY -203
    2842. 

  2842. 

  2843. #define GNUTLS_E_OPENPGP_KEYRING_ERROR -204
    2844. 

  2844. #define GNUTLS_E_X509_UNSUPPORTED_OID -205
    2845. 

  2845. 

  2846. #define GNUTLS_E_RANDOM_FAILED -206
    2847. 

  2847. #define GNUTLS_E_BASE64_UNEXPECTED_HEADER_ERROR -207
    2848. 

  2848. 

  2849. #define GNUTLS_E_OPENPGP_SUBKEY_ERROR -208
    2850. 

  2850. 

  2851. #define GNUTLS_E_CRYPTO_ALREADY_REGISTERED GNUTLS_E_ALREADY_REGISTERED
    2852. 

  2852. #define GNUTLS_E_ALREADY_REGISTERED -209
    2853. 

  2853. 

  2854. #define GNUTLS_E_HANDSHAKE_TOO_LARGE -210
    2855. 

  2855. 

  2856. #define GNUTLS_E_CRYPTODEV_IOCTL_ERROR -211
    2857. 

  2857. #define GNUTLS_E_CRYPTODEV_DEVICE_ERROR -212
    2858. 

  2858. 

  2859. #define GNUTLS_E_CHANNEL_BINDING_NOT_AVAILABLE -213
    2860. 

  2860. #define GNUTLS_E_BAD_COOKIE -214
    2861. 

  2861. #define GNUTLS_E_OPENPGP_PREFERRED_KEY_ERROR -215
    2862. 

  2862. #define GNUTLS_E_INCOMPAT_DSA_KEY_WITH_TLS_PROTOCOL -216
    2863. 

  2863. #define GNUTLS_E_INSUFFICIENT_SECURITY -217
    2864. 

  2864. 

  2865. #define GNUTLS_E_HEARTBEAT_PONG_RECEIVED -292
    2866. 

  2866. #define GNUTLS_E_HEARTBEAT_PING_RECEIVED -293
    2867. 

  2867. 

  2868. #define GNUTLS_E_UNRECOGNIZED_NAME -294
    2869. 

  2869. 

  2870. /* PKCS11 related */
    2871. 

  2871. #define GNUTLS_E_PKCS11_ERROR -300
    2872. 

  2872. #define GNUTLS_E_PKCS11_LOAD_ERROR -301
    2873. 

  2873. #define GNUTLS_E_PARSING_ERROR -302
    2874. 

  2874. #define GNUTLS_E_PKCS11_PIN_ERROR -303
    2875. 

  2875. 

  2876. #define GNUTLS_E_PKCS11_SLOT_ERROR -305
    2877. 

  2877. #define GNUTLS_E_LOCKING_ERROR -306
    2878. 

  2878. #define GNUTLS_E_PKCS11_ATTRIBUTE_ERROR -307
    2879. 

  2879. #define GNUTLS_E_PKCS11_DEVICE_ERROR -308
    2880. 

  2880. #define GNUTLS_E_PKCS11_DATA_ERROR -309
    2881. 

  2881. #define GNUTLS_E_PKCS11_UNSUPPORTED_FEATURE_ERROR -310
    2882. 

  2882. #define GNUTLS_E_PKCS11_KEY_ERROR -311
    2883. 

  2883. #define GNUTLS_E_PKCS11_PIN_EXPIRED -312
    2884. 

  2884. #define GNUTLS_E_PKCS11_PIN_LOCKED -313
    2885. 

  2885. #define GNUTLS_E_PKCS11_SESSION_ERROR -314
    2886. 

  2886. #define GNUTLS_E_PKCS11_SIGNATURE_ERROR -315
    2887. 

  2887. #define GNUTLS_E_PKCS11_TOKEN_ERROR -316
    2888. 

  2888. #define GNUTLS_E_PKCS11_USER_ERROR -317
    2889. 

  2889. 

  2890. #define GNUTLS_E_CRYPTO_INIT_FAILED -318
    2891. 

  2891. #define GNUTLS_E_TIMEDOUT -319
    2892. 

  2892. #define GNUTLS_E_USER_ERROR -320
    2893. 

  2893. #define GNUTLS_E_ECC_NO_SUPPORTED_CURVES -321
    2894. 

  2894. #define GNUTLS_E_ECC_UNSUPPORTED_CURVE -322
    2895. 

  2895. #define GNUTLS_E_PKCS11_REQUESTED_OBJECT_NOT_AVAILBLE -323
    2896. 

  2896. #define GNUTLS_E_CERTIFICATE_LIST_UNSORTED -324
    2897. 

  2897. #define GNUTLS_E_ILLEGAL_PARAMETER -325
    2898. 

  2898. #define GNUTLS_E_NO_PRIORITIES_WERE_SET -326
    2899. 

  2899. #define GNUTLS_E_X509_UNSUPPORTED_EXTENSION -327
    2900. 

  2900. #define GNUTLS_E_SESSION_EOF -328
    2901. 

  2901. 

  2902. #define GNUTLS_E_TPM_ERROR -329
    2903. 

  2903. #define GNUTLS_E_TPM_KEY_PASSWORD_ERROR -330
    2904. 

  2904. #define GNUTLS_E_TPM_SRK_PASSWORD_ERROR -331
    2905. 

  2905. #define GNUTLS_E_TPM_SESSION_ERROR -332
    2906. 

  2906. #define GNUTLS_E_TPM_KEY_NOT_FOUND -333
    2907. 

  2907. #define GNUTLS_E_TPM_UNINITIALIZED -334
    2908. 

  2908. #define GNUTLS_E_TPM_NO_LIB -335
    2909. 

  2909. 

  2910. #define GNUTLS_E_NO_CERTIFICATE_STATUS -340
    2911. 

  2911. #define GNUTLS_E_OCSP_RESPONSE_ERROR -341
    2912. 

  2912. #define GNUTLS_E_RANDOM_DEVICE_ERROR -342
    2913. 

  2913. #define GNUTLS_E_AUTH_ERROR -343
    2914. 

  2914. #define GNUTLS_E_NO_APPLICATION_PROTOCOL -344
    2915. 

  2915. #define GNUTLS_E_SOCKETS_INIT_ERROR -345
    2916. 

  2916. #define GNUTLS_E_KEY_IMPORT_FAILED -346
    2917. 

  2917. #define GNUTLS_E_INAPPROPRIATE_FALLBACK -347 /*GNUTLS_A_INAPPROPRIATE_FALLBACK*/
    2918. 

  2918. #define GNUTLS_E_CERTIFICATE_VERIFICATION_ERROR -348
    2919. 

  2919. #define GNUTLS_E_PRIVKEY_VERIFICATION_ERROR -349
    2920. 

  2920. #define GNUTLS_E_UNEXPECTED_EXTENSIONS_LENGTH -350 /*GNUTLS_A_DECODE_ERROR*/
    2921. 

  2921. #define GNUTLS_E_ASN1_EMBEDDED_NULL_IN_STRING -351
    2922. 

  2922. 

  2923. #define GNUTLS_E_SELF_TEST_ERROR -400
    2924. 

  2924. #define GNUTLS_E_NO_SELF_TEST -401
    2925. 

  2925. #define GNUTLS_E_LIB_IN_ERROR_STATE -402
    2926. 

  2926. #define GNUTLS_E_PK_GENERATION_ERROR -403
    2927. 

  2927. #define GNUTLS_E_IDNA_ERROR -404
    2928. 

  2928. 

  2929. #define GNUTLS_E_NEED_FALLBACK -405
    2930. 

  2930. #define GNUTLS_E_SESSION_USER_ID_CHANGED -406
    2931. 

  2931. #define GNUTLS_E_HANDSHAKE_DURING_FALSE_START -407
    2932. 

  2932. #define GNUTLS_E_UNAVAILABLE_DURING_HANDSHAKE -408
    2933. 

  2933. #define GNUTLS_E_PK_INVALID_PUBKEY -409
    2934. 

  2934. #define GNUTLS_E_PK_INVALID_PRIVKEY -410
    2935. 

  2935. #define GNUTLS_E_NOT_YET_ACTIVATED -411
    2936. 

  2936. #define GNUTLS_E_INVALID_UTF8_STRING -412
    2937. 

  2937. #define GNUTLS_E_NO_EMBEDDED_DATA -413
    2938. 

  2938. #define GNUTLS_E_INVALID_UTF8_EMAIL -414
    2939. 

  2939. #define GNUTLS_E_INVALID_PASSWORD_STRING -415
    2940. 

  2940. #define GNUTLS_E_CERTIFICATE_TIME_ERROR -416
    2941. 

  2941. #define GNUTLS_E_RECORD_OVERFLOW -417	/* GNUTLS_A_RECORD_OVERFLOW */
    2942. 

  2942. #define GNUTLS_E_ASN1_TIME_ERROR -418
    2943. 

  2943. #define GNUTLS_E_INCOMPATIBLE_SIG_WITH_KEY -419
    2944. 

  2944. #define GNUTLS_E_PK_INVALID_PUBKEY_PARAMS -420
    2945. 

  2945. #define GNUTLS_E_PK_NO_VALIDATION_PARAMS -421
    2946. 

  2946. 

  2947. #define GNUTLS_E_UNIMPLEMENTED_FEATURE -1250
    2948. 

  2948. 

  2949. /* Internal errors of the library; will never be returned
    2950. 

  2950.  * to a calling application */
    2951. 

  2951. #define GNUTLS_E_INT_RET_0 -1251
    2952. 

  2952. #define GNUTLS_E_INT_CHECK_AGAIN -1252
    2953. 

  2953. 

  2954. #define GNUTLS_E_APPLICATION_ERROR_MAX -65000
    2955. 

  2955. #define GNUTLS_E_APPLICATION_ERROR_MIN -65500
    2956. 

  2956. 

  2957. /* *INDENT-OFF* */
    2958. 

  2958. #ifdef __cplusplus
    2959. 

  2959. }
    2960. 

  2960. #endif
    2961. 

  2961. /* *INDENT-ON* */
    2962. 

  2962. 

  2963. #include <gnutls/compat.h>
    2964. 

  2964. 

  2965. #endif				/* GNUTLS_H */
    2966.