gnutlsxx.h 12 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426
  1. /*
  2. * Copyright (C) 2006-2012 Free Software Foundation, Inc.
  3. *
  4. * Author: Nikos Mavrogiannopoulos
  5. *
  6. * This file is part of GnuTLS.
  7. *
  8. * The GnuTLS is free software; you can redistribute it and/or
  9. * modify it under the terms of the GNU Lesser General Public License
  10. * as published by the Free Software Foundation; either version 2.1 of
  11. * the License, or (at your option) any later version.
  12. *
  13. * This library is distributed in the hope that it will be useful, but
  14. * WITHOUT ANY WARRANTY; without even the implied warranty of
  15. * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
  16. * Lesser General Public License for more details.
  17. *
  18. * You should have received a copy of the GNU Lesser General Public License
  19. * along with this program. If not, see <http://www.gnu.org/licenses/>
  20. *
  21. */
  22. #ifndef GNUTLSXX_H
  23. #define GNUTLSXX_H
  24. #include <exception>
  25. #include <vector>
  26. #include <gnutls/gnutls.h>
  27. namespace gnutls {
  28. class noncopyable {
  29. protected:
  30. noncopyable() {
  31. } ~noncopyable() {
  32. } private:
  33. // These are non-implemented.
  34. noncopyable(const noncopyable &);
  35. noncopyable & operator=(const noncopyable &);
  36. };
  37. class exception:public std::exception {
  38. public:
  39. exception(int x);
  40. const char *what() const throw();
  41. int get_code();
  42. protected:
  43. int retcode;
  44. };
  45. class dh_params:private noncopyable {
  46. public:
  47. dh_params();
  48. ~dh_params();
  49. void import_raw(const gnutls_datum_t & prime,
  50. const gnutls_datum_t & generator);
  51. void import_pkcs3(const gnutls_datum_t & pkcs3_params,
  52. gnutls_x509_crt_fmt_t format);
  53. void generate(unsigned int bits);
  54. void export_pkcs3(gnutls_x509_crt_fmt_t format,
  55. unsigned char *params_data,
  56. size_t * params_data_size);
  57. void export_raw(gnutls_datum_t & prime,
  58. gnutls_datum_t & generator);
  59. gnutls_dh_params_t get_params_t() const;
  60. dh_params & operator=(const dh_params & src);
  61. protected:
  62. gnutls_dh_params_t params;
  63. };
  64. class rsa_params:private noncopyable {
  65. public:
  66. rsa_params();
  67. ~rsa_params();
  68. void import_raw(const gnutls_datum_t & m,
  69. const gnutls_datum_t & e,
  70. const gnutls_datum_t & d,
  71. const gnutls_datum_t & p,
  72. const gnutls_datum_t & q,
  73. const gnutls_datum_t & u);
  74. void import_pkcs1(const gnutls_datum_t & pkcs1_params,
  75. gnutls_x509_crt_fmt_t format);
  76. void generate(unsigned int bits);
  77. void export_pkcs1(gnutls_x509_crt_fmt_t format,
  78. unsigned char *params_data,
  79. size_t * params_data_size);
  80. void export_raw(gnutls_datum_t & m, gnutls_datum_t & e,
  81. gnutls_datum_t & d, gnutls_datum_t & p,
  82. gnutls_datum_t & q, gnutls_datum_t & u);
  83. gnutls_rsa_params_t get_params_t() const;
  84. rsa_params & operator=(const rsa_params & src);
  85. protected:
  86. gnutls_rsa_params_t params;
  87. };
  88. class session:private noncopyable {
  89. protected:
  90. gnutls_session_t s;
  91. public:
  92. session(unsigned int);
  93. virtual ~ session();
  94. int bye(gnutls_close_request_t how);
  95. int handshake();
  96. gnutls_alert_description_t get_alert() const;
  97. int send_alert(gnutls_alert_level_t level,
  98. gnutls_alert_description_t desc);
  99. int send_appropriate_alert(int err);
  100. gnutls_cipher_algorithm_t get_cipher() const;
  101. gnutls_kx_algorithm_t get_kx() const;
  102. gnutls_mac_algorithm_t get_mac() const;
  103. gnutls_compression_method_t get_compression() const;
  104. gnutls_certificate_type_t get_certificate_type() const;
  105. // for the handshake
  106. void set_private_extensions(bool allow);
  107. gnutls_handshake_description_t get_handshake_last_out()
  108. const;
  109. gnutls_handshake_description_t get_handshake_last_in()
  110. const;
  111. ssize_t send(const void *data, size_t sizeofdata);
  112. ssize_t recv(void *data, size_t sizeofdata);
  113. bool get_record_direction() const;
  114. // maximum packet size
  115. size_t get_max_size() const;
  116. void set_max_size(size_t size);
  117. size_t check_pending() const;
  118. void prf(size_t label_size, const char *label,
  119. int server_random_first,
  120. size_t extra_size, const char *extra,
  121. size_t outsize, char *out);
  122. void prf_raw(size_t label_size, const char *label,
  123. size_t seed_size, const char *seed,
  124. size_t outsize, char *out);
  125. /* if you just want some defaults, use the following.
  126. */
  127. void set_priority(const char *prio, const char **err_pos);
  128. void set_priority(gnutls_priority_t p);
  129. gnutls_protocol_t get_protocol_version() const;
  130. // for resuming sessions
  131. void set_data(const void *session_data,
  132. size_t session_data_size);
  133. void get_data(void *session_data,
  134. size_t * session_data_size) const;
  135. void get_data(gnutls_session_t session,
  136. gnutls_datum_t & data) const;
  137. void get_id(void *session_id,
  138. size_t * session_id_size) const;
  139. bool is_resumed() const;
  140. void set_max_handshake_packet_length(size_t max);
  141. void clear_credentials();
  142. void set_credentials(class credentials & cred);
  143. void set_transport_ptr(gnutls_transport_ptr_t ptr);
  144. void set_transport_ptr(gnutls_transport_ptr_t recv_ptr,
  145. gnutls_transport_ptr_t send_ptr);
  146. gnutls_transport_ptr_t get_transport_ptr() const;
  147. void get_transport_ptr(gnutls_transport_ptr_t & recv_ptr,
  148. gnutls_transport_ptr_t & send_ptr)
  149. const;
  150. void set_transport_lowat(size_t num);
  151. void set_transport_push_function(gnutls_push_func
  152. push_func);
  153. void set_transport_vec_push_function(gnutls_vec_push_func
  154. vec_push_func);
  155. void set_transport_pull_function(gnutls_pull_func
  156. pull_func);
  157. void set_user_ptr(void *ptr);
  158. void *get_user_ptr() const;
  159. void send_openpgp_cert(gnutls_openpgp_crt_status_t status);
  160. gnutls_credentials_type_t get_auth_type() const;
  161. gnutls_credentials_type_t get_server_auth_type() const;
  162. gnutls_credentials_type_t get_client_auth_type() const;
  163. // informational stuff
  164. void set_dh_prime_bits(unsigned int bits);
  165. unsigned int get_dh_secret_bits() const;
  166. unsigned int get_dh_peers_public_bits() const;
  167. unsigned int get_dh_prime_bits() const;
  168. void get_dh_group(gnutls_datum_t & gen,
  169. gnutls_datum_t & prime) const;
  170. void get_dh_pubkey(gnutls_datum_t & raw_key) const;
  171. void get_rsa_export_pubkey(gnutls_datum_t & exponent,
  172. gnutls_datum_t & modulus) const;
  173. unsigned int get_rsa_export_modulus_bits() const;
  174. void get_our_certificate(gnutls_datum_t & cert) const;
  175. bool get_peers_certificate(std::vector < gnutls_datum_t >
  176. &out_certs) const;
  177. bool get_peers_certificate(const gnutls_datum_t ** certs,
  178. unsigned int *certs_size) const;
  179. time_t get_peers_certificate_activation_time() const;
  180. time_t get_peers_certificate_expiration_time() const;
  181. void verify_peers_certificate(unsigned int &status) const;
  182. };
  183. // interface for databases
  184. class DB:private noncopyable {
  185. public:
  186. virtual ~ DB() = 0;
  187. virtual bool store(const gnutls_datum_t & key,
  188. const gnutls_datum_t & data) = 0;
  189. virtual bool retrieve(const gnutls_datum_t & key,
  190. gnutls_datum_t & data) = 0;
  191. virtual bool remove(const gnutls_datum_t & key) = 0;
  192. };
  193. class server_session:public session {
  194. public:
  195. server_session();
  196. ~server_session();
  197. void db_remove() const;
  198. void set_db_cache_expiration(unsigned int seconds);
  199. void set_db(const DB & db);
  200. // returns true if session is expired
  201. bool db_check_entry(gnutls_datum_t & session_data) const;
  202. // server side only
  203. const char *get_srp_username() const;
  204. const char *get_psk_username() const;
  205. void get_server_name(void *data, size_t * data_length,
  206. unsigned int *type,
  207. unsigned int indx) const;
  208. int rehandshake();
  209. void set_certificate_request(gnutls_certificate_request_t);
  210. };
  211. class client_session:public session {
  212. public:
  213. client_session();
  214. ~client_session();
  215. void set_server_name(gnutls_server_name_type_t type,
  216. const void *name, size_t name_length);
  217. bool get_request_status();
  218. };
  219. class credentials:private noncopyable {
  220. public:
  221. virtual ~ credentials() {
  222. } gnutls_credentials_type_t get_type() const;
  223. protected:
  224. friend class session;
  225. credentials(gnutls_credentials_type_t t);
  226. void *ptr() const;
  227. void set_ptr(void *ptr);
  228. gnutls_credentials_type_t type;
  229. private:
  230. void *cred;
  231. };
  232. class certificate_credentials:public credentials {
  233. public:
  234. ~certificate_credentials();
  235. certificate_credentials();
  236. void free_keys();
  237. void free_cas();
  238. void free_ca_names();
  239. void free_crls();
  240. void set_dh_params(const dh_params & params);
  241. void set_rsa_export_params(const rsa_params & params);
  242. void set_verify_flags(unsigned int flags);
  243. void set_verify_limits(unsigned int max_bits,
  244. unsigned int max_depth);
  245. void set_x509_trust_file(const char *cafile,
  246. gnutls_x509_crt_fmt_t type);
  247. void set_x509_trust(const gnutls_datum_t & CA,
  248. gnutls_x509_crt_fmt_t type);
  249. // FIXME: use classes instead of gnutls_x509_crt_t
  250. void set_x509_trust(gnutls_x509_crt_t * ca_list,
  251. int ca_list_size);
  252. void set_x509_crl_file(const char *crlfile,
  253. gnutls_x509_crt_fmt_t type);
  254. void set_x509_crl(const gnutls_datum_t & CRL,
  255. gnutls_x509_crt_fmt_t type);
  256. void set_x509_crl(gnutls_x509_crl_t * crl_list,
  257. int crl_list_size);
  258. void set_x509_key_file(const char *certfile,
  259. const char *KEYFILE,
  260. gnutls_x509_crt_fmt_t type);
  261. void set_x509_key(const gnutls_datum_t & CERT,
  262. const gnutls_datum_t & KEY,
  263. gnutls_x509_crt_fmt_t type);
  264. // FIXME: use classes
  265. void set_x509_key(gnutls_x509_crt_t * cert_list,
  266. int cert_list_size,
  267. gnutls_x509_privkey_t key);
  268. void set_simple_pkcs12_file(const char *pkcs12file,
  269. gnutls_x509_crt_fmt_t type,
  270. const char *password);
  271. void set_retrieve_function
  272. (gnutls_certificate_retrieve_function * func);
  273. protected:
  274. gnutls_certificate_credentials_t cred;
  275. };
  276. class certificate_server_credentials:public certificate_credentials {
  277. public:
  278. void set_params_function(gnutls_params_function * func);
  279. };
  280. class certificate_client_credentials:public certificate_credentials {
  281. public:
  282. };
  283. class anon_server_credentials:public credentials {
  284. public:
  285. anon_server_credentials();
  286. ~anon_server_credentials();
  287. void set_dh_params(const dh_params & params);
  288. void set_params_function(gnutls_params_function * func);
  289. protected:
  290. gnutls_anon_server_credentials_t cred;
  291. };
  292. class anon_client_credentials:public credentials {
  293. public:
  294. anon_client_credentials();
  295. ~anon_client_credentials();
  296. protected:
  297. gnutls_anon_client_credentials_t cred;
  298. };
  299. class srp_server_credentials:public credentials {
  300. public:
  301. srp_server_credentials();
  302. ~srp_server_credentials();
  303. void set_credentials_file(const char *password_file,
  304. const char *password_conf_file);
  305. void set_credentials_function
  306. (gnutls_srp_server_credentials_function * func);
  307. protected:
  308. gnutls_srp_server_credentials_t cred;
  309. };
  310. class srp_client_credentials:public credentials {
  311. public:
  312. srp_client_credentials();
  313. ~srp_client_credentials();
  314. void set_credentials(const char *username,
  315. const char *password);
  316. void set_credentials_function
  317. (gnutls_srp_client_credentials_function * func);
  318. protected:
  319. gnutls_srp_client_credentials_t cred;
  320. };
  321. class psk_server_credentials:public credentials {
  322. public:
  323. psk_server_credentials();
  324. ~psk_server_credentials();
  325. void set_credentials_file(const char *password_file);
  326. void set_credentials_function
  327. (gnutls_psk_server_credentials_function * func);
  328. void set_dh_params(const dh_params & params);
  329. void set_params_function(gnutls_params_function * func);
  330. protected:
  331. gnutls_psk_server_credentials_t cred;
  332. };
  333. class psk_client_credentials:public credentials {
  334. public:
  335. psk_client_credentials();
  336. ~psk_client_credentials();
  337. void set_credentials(const char *username,
  338. const gnutls_datum_t & key,
  339. gnutls_psk_key_flags flags);
  340. void set_credentials_function
  341. (gnutls_psk_client_credentials_function * func);
  342. protected:
  343. gnutls_psk_client_credentials_t cred;
  344. };
  345. } /* namespace */
  346. #endif /* GNUTLSXX_H */