makefile: Include and build Wine with gnutls26 headers

This commit is contained in:
Andrew Eikum 2018-12-11 10:01:23 -06:00
parent 85bbfb60d7
commit 55b80e0c68
11 changed files with 4286 additions and 4 deletions

1
.gitignore vendored
View File

@ -1,6 +1,5 @@
/dist /dist
/build /build
/contrib
/dist-* /dist-*
/obj-* /obj-*
/syn-* /syn-*

View File

@ -700,7 +700,7 @@ $(WINE_CONFIGURE_FILES64): SHELL = $(CONTAINER_SHELL64)
$(WINE_CONFIGURE_FILES64): $(MAKEFILE_DEP) | $(WINE_OBJ64) $(WINE_CONFIGURE_FILES64): $(MAKEFILE_DEP) | $(WINE_OBJ64)
cd $(dir $@) && \ cd $(dir $@) && \
STRIP=$(STRIP_QUOTED) \ STRIP=$(STRIP_QUOTED) \
CFLAGS=-I$(abspath $(TOOLS_DIR64))"/include -g $(COMMON_FLAGS)" \ CFLAGS="-I$(abspath $(TOOLS_DIR64))/include -I$(abspath $(SRCDIR))/contrib/include -g $(COMMON_FLAGS)" \
LDFLAGS=-L$(abspath $(TOOLS_DIR64))/lib \ LDFLAGS=-L$(abspath $(TOOLS_DIR64))/lib \
PKG_CONFIG_PATH=$(abspath $(TOOLS_DIR64))/lib/pkgconfig \ PKG_CONFIG_PATH=$(abspath $(TOOLS_DIR64))/lib/pkgconfig \
CC=$(CC_QUOTED) \ CC=$(CC_QUOTED) \
@ -715,7 +715,7 @@ $(WINE_CONFIGURE_FILES32): SHELL = $(CONTAINER_SHELL32)
$(WINE_CONFIGURE_FILES32): $(MAKEFILE_DEP) | $(WINE_OBJ32) $(WINE_ORDER_DEPS32) $(WINE_CONFIGURE_FILES32): $(MAKEFILE_DEP) | $(WINE_OBJ32) $(WINE_ORDER_DEPS32)
cd $(dir $@) && \ cd $(dir $@) && \
STRIP=$(STRIP_QUOTED) \ STRIP=$(STRIP_QUOTED) \
CFLAGS=-I$(abspath $(TOOLS_DIR32))"/include -g $(COMMON_FLAGS)" \ CFLAGS="-I$(abspath $(TOOLS_DIR32))/include -I$(abspath $(SRCDIR))/contrib/include -g $(COMMON_FLAGS)" \
LDFLAGS=-L$(abspath $(TOOLS_DIR32))/lib \ LDFLAGS=-L$(abspath $(TOOLS_DIR32))/lib \
PKG_CONFIG_PATH=$(abspath $(TOOLS_DIR32))/lib/pkgconfig \ PKG_CONFIG_PATH=$(abspath $(TOOLS_DIR32))/lib/pkgconfig \
CC=$(CC_QUOTED) \ CC=$(CC_QUOTED) \

View File

@ -0,0 +1,150 @@
#ifndef __GNUTLS_ABSTRACT_H
#define __GNUTLS_ABSTRACT_H
#include <stdarg.h>
#include <gnutls26/gnutls.h>
#include <gnutls26/x509.h>
#include <gnutls26/pkcs11.h>
#include <gnutls26/openpgp.h>
/* Public key operations */
struct gnutls_pubkey_st;
typedef struct gnutls_pubkey_st *gnutls_pubkey_t;
struct gnutls_privkey_st;
typedef struct gnutls_privkey_st *gnutls_privkey_t;
int gnutls_pubkey_init (gnutls_pubkey_t * key);
void gnutls_pubkey_deinit (gnutls_pubkey_t key);
int gnutls_pubkey_get_pk_algorithm (gnutls_pubkey_t key, unsigned int *bits);
int gnutls_pubkey_import_x509 (gnutls_pubkey_t key, gnutls_x509_crt_t crt,
unsigned int flags);
int gnutls_pubkey_import_pkcs11 (gnutls_pubkey_t pkey,
gnutls_pkcs11_obj_t crt, unsigned int flags);
int gnutls_pubkey_import_openpgp (gnutls_pubkey_t pkey,
gnutls_openpgp_crt_t crt,
unsigned int flags);
int
gnutls_pubkey_import_privkey (gnutls_pubkey_t key, gnutls_privkey_t pkey,
unsigned int usage, unsigned int flags);
int gnutls_pubkey_get_preferred_hash_algorithm (gnutls_pubkey_t key,
gnutls_digest_algorithm_t *
hash, unsigned int *mand);
int gnutls_pubkey_get_pk_rsa_raw (gnutls_pubkey_t key,
gnutls_datum_t * m, gnutls_datum_t * e);
int gnutls_pubkey_get_pk_dsa_raw (gnutls_pubkey_t key,
gnutls_datum_t * p, gnutls_datum_t * q,
gnutls_datum_t * g, gnutls_datum_t * y);
int gnutls_pubkey_export (gnutls_pubkey_t key,
gnutls_x509_crt_fmt_t format,
void *output_data, size_t * output_data_size);
int gnutls_pubkey_get_key_id (gnutls_pubkey_t key, unsigned int flags,
unsigned char *output_data,
size_t * output_data_size);
int gnutls_pubkey_get_key_usage (gnutls_pubkey_t key, unsigned int *usage);
int gnutls_pubkey_set_key_usage (gnutls_pubkey_t key, unsigned int usage);
int gnutls_pubkey_import (gnutls_pubkey_t key,
const gnutls_datum_t * data,
gnutls_x509_crt_fmt_t format);
int gnutls_pubkey_import_pkcs11_url (gnutls_pubkey_t key, const char *url,
unsigned int flags
/* GNUTLS_PKCS11_OBJ_FLAG_* */ );
int gnutls_pubkey_import_dsa_raw (gnutls_pubkey_t key,
const gnutls_datum_t * p,
const gnutls_datum_t * q,
const gnutls_datum_t * g,
const gnutls_datum_t * y);
int gnutls_pubkey_import_rsa_raw (gnutls_pubkey_t key,
const gnutls_datum_t * m,
const gnutls_datum_t * e);
int gnutls_x509_crt_set_pubkey (gnutls_x509_crt_t crt, gnutls_pubkey_t key);
int gnutls_x509_crq_set_pubkey (gnutls_x509_crq_t crq, gnutls_pubkey_t key);
int
gnutls_pubkey_verify_hash (gnutls_pubkey_t key, unsigned int flags,
const gnutls_datum_t * hash,
const gnutls_datum_t * signature);
int
gnutls_pubkey_get_verify_algorithm (gnutls_pubkey_t key,
const gnutls_datum_t * signature,
gnutls_digest_algorithm_t * hash);
int gnutls_pubkey_verify_data (gnutls_pubkey_t pubkey,
unsigned int flags,
const gnutls_datum_t * data,
const gnutls_datum_t * signature);
/* Private key operations */
int gnutls_privkey_init (gnutls_privkey_t * key);
void gnutls_privkey_deinit (gnutls_privkey_t key);
int gnutls_privkey_get_pk_algorithm (gnutls_privkey_t key,
unsigned int *bits);
int
gnutls_privkey_get_preferred_hash_algorithm (gnutls_privkey_t key,
gnutls_digest_algorithm_t *
hash, unsigned int *mand);
gnutls_privkey_type_t gnutls_privkey_get_type (gnutls_privkey_t key);
#define GNUTLS_PRIVKEY_IMPORT_AUTO_RELEASE (1<<0)
#define GNUTLS_PRIVKEY_IMPORT_COPY (1<<1)
int gnutls_privkey_import_pkcs11 (gnutls_privkey_t pkey,
gnutls_pkcs11_privkey_t key,
unsigned int flags);
int gnutls_privkey_import_x509 (gnutls_privkey_t pkey,
gnutls_x509_privkey_t key,
unsigned int flags);
int gnutls_privkey_import_openpgp (gnutls_privkey_t pkey,
gnutls_openpgp_privkey_t key,
unsigned int flags);
int gnutls_privkey_sign_data (gnutls_privkey_t signer,
gnutls_digest_algorithm_t hash,
unsigned int flags,
const gnutls_datum_t * data,
gnutls_datum_t * signature);
int gnutls_privkey_sign_hash (gnutls_privkey_t signer,
gnutls_digest_algorithm_t hash_algo,
unsigned int flags,
const gnutls_datum_t * hash_data,
gnutls_datum_t * signature);
int gnutls_privkey_decrypt_data (gnutls_privkey_t key,
unsigned int flags,
const gnutls_datum_t * ciphertext,
gnutls_datum_t * plaintext);
int gnutls_x509_crt_privkey_sign (gnutls_x509_crt_t crt,
gnutls_x509_crt_t issuer,
gnutls_privkey_t issuer_key,
gnutls_digest_algorithm_t dig,
unsigned int flags);
int gnutls_x509_crl_privkey_sign (gnutls_x509_crl_t crl,
gnutls_x509_crt_t issuer,
gnutls_privkey_t issuer_key,
gnutls_digest_algorithm_t dig,
unsigned int flags);
int gnutls_x509_crq_privkey_sign (gnutls_x509_crq_t crq,
gnutls_privkey_t key,
gnutls_digest_algorithm_t dig,
unsigned int flags);
#endif

View File

@ -0,0 +1,359 @@
/* Typedefs for more compatibility with older GnuTLS. */
#ifndef _GNUTLS_COMPAT_H
#define _GNUTLS_COMPAT_H
#ifdef __cplusplus
extern "C"
{
#endif
#ifdef __GNUC__
#define _GNUTLS_GCC_VERSION (__GNUC__ * 10000 + __GNUC_MINOR__ * 100 + __GNUC_PATCHLEVEL__)
#if !defined GNUTLS_INTERNAL_BUILD
#if _GNUTLS_GCC_VERSION >= 30100
#define _GNUTLS_GCC_ATTR_DEPRECATED __attribute__ ((__deprecated__))
#endif
#endif
#endif /* __GNUC__ */
#ifndef _GNUTLS_GCC_ATTR_DEPRECATED
#define _GNUTLS_GCC_ATTR_DEPRECATED
#endif
#define gnutls_cipher_algorithm gnutls_cipher_algorithm_t
#define gnutls_kx_algorithm gnutls_kx_algorithm_t
#define gnutls_paramsype gnutls_paramsype_t
#define gnutls_mac_algorithm gnutls_mac_algorithm_t
#define gnutls_digest_algorithm gnutls_digest_algorithm_t
#define gnutls_compression_method gnutls_compression_method_t
#define gnutls_connection_end gnutls_connection_end_t
#define gnutls_credentialsype gnutls_credentialsype_t
#define gnutls_certificateype gnutls_certificateype_t
#define gnutls_x509_crt_fmt gnutls_x509_crt_fmt_t
#define gnutls_openpgp_key_fmt gnutls_openpgp_key_fmt_t
#define gnutls_pk_algorithm gnutls_pk_algorithm_t
#define gnutls_sign_algorithm gnutls_sign_algorithm_t
#define gnutls_server_name gnutls_server_nameype_t
#define gnutls_protocol gnutls_protocol_version_t
#define gnutls_close_request gnutls_close_request_t
#define gnutls_openpgp_key_status gnutls_openpgp_key_status_t
#define gnutls_certificate_request gnutls_certificate_request_t
#define gnutls_certificate_status gnutls_certificate_status_t
#define gnutls_session gnutls_session_t
#define gnutls_alert_level gnutls_alert_level_t
#define gnutls_alert_description gnutls_alert_description_t
#define gnutls_x509_subject_alt_name gnutls_x509_subject_alt_name_t
#define gnutls_openpgp_key gnutls_openpgp_key_t
#define gnutls_openpgp_privkey gnutls_openpgp_privkey_t
#define gnutls_openpgp_keyring gnutls_openpgp_keyring_t
#define gnutls_x509_crt gnutls_x509_crt_t
#define gnutls_x509_privkey gnutls_x509_privkey_t
#define gnutls_x509_crl gnutls_x509_crl_t
#define gnutls_pkcs7 gnutls_pkcs7_t
#define gnutls_x509_crq gnutls_x509_crq_t
#define gnutls_pkcs_encrypt_flags gnutls_pkcs_encrypt_flags_t
#define gnutls_pkcs12_bag_type gnutls_pkcs12_bag_type_t
#define gnutls_pkcs12_bag gnutls_pkcs12_bag_t
#define gnutls_pkcs12 gnutls_pkcs12_t
#define gnutls_certificate_credentials gnutls_certificate_credentials_t
#define gnutls_anon_server_credentials gnutls_anon_server_credentials_t
#define gnutls_anon_client_credentials gnutls_anon_client_credentials_t
#define gnutls_srp_client_credentials gnutls_srp_client_credentials_t
#define gnutls_srp_server_credentials gnutls_srp_server_credentials_t
#define gnutls_dh_params gnutls_dh_params_t
#define gnutls_rsa_params gnutls_rsa_params_t
#define gnutls_params_type gnutls_params_type_t
#define gnutls_credentials_type gnutls_credentials_type_t
#define gnutls_certificate_type gnutls_certificate_type_t
#define gnutls_datum gnutls_datum_t
#define gnutls_transport_ptr gnutls_transport_ptr_t
/* Old SRP alerts removed in 2.1.x because the TLS-SRP RFC was
modified to use the PSK alert. */
#define GNUTLS_A_MISSING_SRP_USERNAME GNUTLS_A_UNKNOWN_PSK_IDENTITY
#define GNUTLS_A_UNKNOWN_SRP_USERNAME GNUTLS_A_UNKNOWN_PSK_IDENTITY
/* OpenPGP stuff renamed in 2.1.x. */
#define gnutls_openpgp_key_fmt_t gnutls_openpgp_crt_fmt_t
#define GNUTLS_OPENPGP_KEY GNUTLS_OPENPGP_CERT
#define GNUTLS_OPENPGP_KEY_FINGERPRINT GNUTLS_OPENPGP_CERT_FINGERPRINT
#define gnutls_openpgp_send_key gnutls_openpgp_send_cert
#define gnutls_openpgp_key_status_t gnutls_openpgp_crt_status_t
#define gnutls_openpgp_key_t gnutls_openpgp_crt_t
#define gnutls_openpgp_key_init gnutls_openpgp_crt_init
#define gnutls_openpgp_key_deinit gnutls_openpgp_crt_deinit
#define gnutls_openpgp_key_import gnutls_openpgp_crt_import
#define gnutls_openpgp_key_export gnutls_openpgp_crt_export
#define gnutls_openpgp_key_get_key_usage gnutls_openpgp_crt_get_key_usage
#define gnutls_openpgp_key_get_fingerprint gnutls_openpgp_crt_get_fingerprint
#define gnutls_openpgp_key_get_pk_algorithm gnutls_openpgp_crt_get_pk_algorithm
#define gnutls_openpgp_key_get_name gnutls_openpgp_crt_get_name
#define gnutls_openpgp_key_get_version gnutls_openpgp_crt_get_version
#define gnutls_openpgp_key_get_creation_time gnutls_openpgp_crt_get_creation_time
#define gnutls_openpgp_key_get_expiration_time gnutls_openpgp_crt_get_expiration_time
#define gnutls_openpgp_key_get_id gnutls_openpgp_crt_get_id
#define gnutls_openpgp_key_check_hostname gnutls_openpgp_crt_check_hostname
/* OpenPGP stuff renamed in 2.3.x. */
#define gnutls_openpgp_crt_get_id gnutls_openpgp_crt_get_key_id
/* New better names renamed in 2.3.x, add these for backwards
compatibility with old poor names.*/
#define GNUTLS_X509_CRT_FULL GNUTLS_CRT_PRINT_FULL
#define GNUTLS_X509_CRT_ONELINE GNUTLS_CRT_PRINT_ONELINE
#define GNUTLS_X509_CRT_UNSIGNED_FULL GNUTLS_CRT_PRINT_UNSIGNED_FULL
/* These old #define's violate the gnutls_* namespace. */
#define TLS_MASTER_SIZE GNUTLS_MASTER_SIZE
#define TLS_RANDOM_SIZE GNUTLS_RANDOM_SIZE
/* Namespace problems. */
#define LIBGNUTLS_VERSION GNUTLS_VERSION
#define LIBGNUTLS_VERSION_MAJOR GNUTLS_VERSION_MAJOR
#define LIBGNUTLS_VERSION_MINOR GNUTLS_VERSION_MINOR
#define LIBGNUTLS_VERSION_PATCH GNUTLS_VERSION_PATCH
#define LIBGNUTLS_VERSION_NUMBER GNUTLS_VERSION_NUMBER
#define LIBGNUTLS_EXTRA_VERSION GNUTLS_VERSION
/* The gnutls_retr_st was deprecated by gnutls_certificate_retrieve_function()
* and gnutls_retr2_st.
*/
typedef struct gnutls_retr_st
{
gnutls_certificate_type_t type;
union
{
gnutls_x509_crt_t *x509;
gnutls_openpgp_crt_t pgp;
} cert;
unsigned int ncerts; /* one for pgp keys */
union
{
gnutls_x509_privkey_t x509;
gnutls_openpgp_privkey_t pgp;
} key;
unsigned int deinit_all; /* if non zero all keys will be deinited */
} gnutls_retr_st;
typedef int gnutls_certificate_client_retrieve_function (gnutls_session_t,
const
gnutls_datum_t *
req_ca_rdn,
int nreqs,
const
gnutls_pk_algorithm_t
* pk_algos,
int
pk_algos_length,
gnutls_retr_st *);
typedef int gnutls_certificate_server_retrieve_function (gnutls_session_t,
gnutls_retr_st *);
void gnutls_certificate_client_set_retrieve_function
(gnutls_certificate_credentials_t cred,
gnutls_certificate_client_retrieve_function *
func) _GNUTLS_GCC_ATTR_DEPRECATED;
void
gnutls_certificate_server_set_retrieve_function
(gnutls_certificate_credentials_t cred,
gnutls_certificate_server_retrieve_function *
func) _GNUTLS_GCC_ATTR_DEPRECATED;
/* External signing callback. No longer supported because it
* was deprecated by the PKCS #11 API. */
typedef int (*gnutls_sign_func) (gnutls_session_t session,
void *userdata,
gnutls_certificate_type_t cert_type,
const gnutls_datum_t * cert,
const gnutls_datum_t * hash,
gnutls_datum_t * signature);
void
gnutls_sign_callback_set (gnutls_session_t session,
gnutls_sign_func sign_func, void *userdata)
_GNUTLS_GCC_ATTR_DEPRECATED;
gnutls_sign_func
gnutls_sign_callback_get (gnutls_session_t session, void **userdata)
_GNUTLS_GCC_ATTR_DEPRECATED;
/* Extension API is no longer exported because a lot of internal
* structures are used. Currently it works due to a compatibility
* layer, but will be removed in later versions.
*/
int gnutls_ext_register (int type,
const char *name,
gnutls_ext_parse_type_t parse_type,
gnutls_ext_recv_func recv_func,
gnutls_ext_send_func send_func)
_GNUTLS_GCC_ATTR_DEPRECATED;
/* We no longer support the finished callback. Use
* gnutls_session_channel_binding for similar functionality.
*/
typedef void (*gnutls_finished_callback_func) (gnutls_session_t session,
const void *finished,
size_t len);
void gnutls_session_set_finished_function (gnutls_session_t session,
gnutls_finished_callback_func
func)
_GNUTLS_GCC_ATTR_DEPRECATED;
/* returns security values.
* Do not use them unless you know what you're doing. Those are dangerous since
* they depend on a particular TLS version number
*/
#define GNUTLS_MASTER_SIZE 48
#define GNUTLS_RANDOM_SIZE 32
const void *gnutls_session_get_server_random (gnutls_session_t session)
_GNUTLS_GCC_ATTR_DEPRECATED;
const void *gnutls_session_get_client_random (gnutls_session_t session)
_GNUTLS_GCC_ATTR_DEPRECATED;
const void *gnutls_session_get_master_secret (gnutls_session_t session)
_GNUTLS_GCC_ATTR_DEPRECATED;
int gnutls_psk_netconf_derive_key (const char *password,
const char *psk_identity,
const char *psk_identity_hint,
gnutls_datum_t *
output_key)
_GNUTLS_GCC_ATTR_DEPRECATED;
/* This is a very dangerous and error-prone function.
* Use gnutls_privkey_sign_hash() instead.
*/
int gnutls_x509_privkey_sign_hash (gnutls_x509_privkey_t key,
const gnutls_datum_t * hash,
gnutls_datum_t * signature)
_GNUTLS_GCC_ATTR_DEPRECATED;
int gnutls_openpgp_privkey_sign_hash (gnutls_openpgp_privkey_t key,
const gnutls_datum_t * hash,
gnutls_datum_t * signature)
_GNUTLS_GCC_ATTR_DEPRECATED;
/* Deprecated because verify_* functions are moved to public
* keys. Check abstract.h for similar functionality.
*/
int gnutls_x509_privkey_verify_data (gnutls_x509_privkey_t key,
unsigned int flags,
const gnutls_datum_t * data,
const gnutls_datum_t * signature)
_GNUTLS_GCC_ATTR_DEPRECATED;
/* we support the gnutls_privkey_sign_data() instead.
*/
int gnutls_x509_privkey_sign_data (gnutls_x509_privkey_t key,
gnutls_digest_algorithm_t digest,
unsigned int flags,
const gnutls_datum_t * data,
void *signature,
size_t * signature_size)
_GNUTLS_GCC_ATTR_DEPRECATED;
/* gnutls_pubkey_verify_data() */
int gnutls_x509_crt_verify_data (gnutls_x509_crt_t crt,
unsigned int flags,
const gnutls_datum_t * data,
const gnutls_datum_t * signature)
_GNUTLS_GCC_ATTR_DEPRECATED;
/* gnutls_pubkey_verify_hash() */
int gnutls_x509_crt_verify_hash (gnutls_x509_crt_t crt,
unsigned int flags,
const gnutls_datum_t * hash,
const gnutls_datum_t * signature)
_GNUTLS_GCC_ATTR_DEPRECATED;
/* gnutls_pubkey_get_verify_algorithm() */
int gnutls_x509_crt_get_verify_algorithm (gnutls_x509_crt_t crt,
const gnutls_datum_t * signature,
gnutls_digest_algorithm_t * hash)
_GNUTLS_GCC_ATTR_DEPRECATED;
/* gnutls_pubkey_get_preferred_hash_algorithm() */
int gnutls_x509_crt_get_preferred_hash_algorithm (gnutls_x509_crt_t crt,
gnutls_digest_algorithm_t
* hash,
unsigned int *mand)
_GNUTLS_GCC_ATTR_DEPRECATED;
/* gnutls_x509_crq_privkey_sign() */
int gnutls_x509_crq_sign2 (gnutls_x509_crq_t crq,
gnutls_x509_privkey_t key,
gnutls_digest_algorithm_t dig,
unsigned int flags)
_GNUTLS_GCC_ATTR_DEPRECATED;
int gnutls_x509_crq_sign (gnutls_x509_crq_t crq, gnutls_x509_privkey_t key)
_GNUTLS_GCC_ATTR_DEPRECATED;
/* gnutls_x509_crl_privkey_sign */
int gnutls_x509_crl_sign (gnutls_x509_crl_t crl,
gnutls_x509_crt_t issuer,
gnutls_x509_privkey_t issuer_key)
_GNUTLS_GCC_ATTR_DEPRECATED;
int gnutls_x509_crl_sign2 (gnutls_x509_crl_t crl,
gnutls_x509_crt_t issuer,
gnutls_x509_privkey_t issuer_key,
gnutls_digest_algorithm_t dig,
unsigned int flags)
_GNUTLS_GCC_ATTR_DEPRECATED;
void gnutls_certificate_get_x509_cas (gnutls_certificate_credentials_t sc,
gnutls_x509_crt_t ** x509_ca_list,
unsigned int *ncas)
_GNUTLS_GCC_ATTR_DEPRECATED;
void gnutls_certificate_get_x509_crls (gnutls_certificate_credentials_t sc,
gnutls_x509_crl_t ** x509_crl_list,
unsigned int *ncrls)
_GNUTLS_GCC_ATTR_DEPRECATED;
void
gnutls_certificate_get_openpgp_keyring (gnutls_certificate_credentials_t
sc,
gnutls_openpgp_keyring_t *
keyring)
_GNUTLS_GCC_ATTR_DEPRECATED;
/* this is obsolete (?). */
int gnutls_certificate_verify_peers (gnutls_session_t session)
_GNUTLS_GCC_ATTR_DEPRECATED;
/* functions to set priority of cipher suites
*/
int gnutls_cipher_set_priority (gnutls_session_t session, const int *list)
_GNUTLS_GCC_ATTR_DEPRECATED;
int gnutls_mac_set_priority (gnutls_session_t session, const int *list)
_GNUTLS_GCC_ATTR_DEPRECATED;
int gnutls_compression_set_priority (gnutls_session_t session,
const int *list)
_GNUTLS_GCC_ATTR_DEPRECATED;
int gnutls_kx_set_priority (gnutls_session_t session, const int *list)
_GNUTLS_GCC_ATTR_DEPRECATED;
int gnutls_protocol_set_priority (gnutls_session_t session,
const int *list)
_GNUTLS_GCC_ATTR_DEPRECATED;
int gnutls_certificate_type_set_priority (gnutls_session_t session,
const int *list)
_GNUTLS_GCC_ATTR_DEPRECATED;
void gnutls_transport_set_lowat (gnutls_session_t session, int num) _GNUTLS_GCC_ATTR_DEPRECATED;
void gnutls_transport_set_global_errno (int err) _GNUTLS_GCC_ATTR_DEPRECATED;
#ifdef __cplusplus
}
#endif
#endif /* _GNUTLS_COMPAT_H */

View File

@ -0,0 +1,378 @@
/*
* Copyright (C) 2008, 2009, 2010 Free Software Foundation, Inc.
*
* Author: Nikos Mavrogiannopoulos
*
* This file is part of GnuTLS.
*
* The GnuTLS is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public License
* as published by the Free Software Foundation; either version 2.1 of
* the License, or (at your option) any later version.
*
* This library is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public
* License along with this library; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
* USA
*
*/
#ifndef GNUTLS_CRYPTO_H
#define GNUTLS_CRYPTO_H
#ifdef __cplusplus
extern "C"
{
#endif
typedef struct cipher_hd_st *gnutls_cipher_hd_t;
int gnutls_cipher_init (gnutls_cipher_hd_t * handle,
gnutls_cipher_algorithm_t cipher,
const gnutls_datum_t * key,
const gnutls_datum_t * iv);
int gnutls_cipher_encrypt (const gnutls_cipher_hd_t handle,
void *text, size_t textlen);
int gnutls_cipher_decrypt (const gnutls_cipher_hd_t handle,
void *ciphertext, size_t ciphertextlen);
int gnutls_cipher_decrypt2 (gnutls_cipher_hd_t handle,
const void *ciphertext, size_t ciphertextlen,
void *text, size_t textlen);
int gnutls_cipher_encrypt2 (gnutls_cipher_hd_t handle, void *text,
size_t textlen, void *ciphertext,
size_t ciphertextlen);
void gnutls_cipher_deinit (gnutls_cipher_hd_t handle);
int gnutls_cipher_get_block_size (gnutls_cipher_algorithm_t algorithm);
typedef struct hash_hd_st *gnutls_hash_hd_t;
typedef struct hmac_hd_st *gnutls_hmac_hd_t;
int gnutls_hmac_init (gnutls_hmac_hd_t * dig,
gnutls_digest_algorithm_t algorithm, const void *key,
size_t keylen);
int gnutls_hmac (gnutls_hmac_hd_t handle, const void *text, size_t textlen);
void gnutls_hmac_output (gnutls_hmac_hd_t handle, void *digest);
void gnutls_hmac_deinit (gnutls_hmac_hd_t handle, void *digest);
int gnutls_hmac_get_len (gnutls_mac_algorithm_t algorithm);
int gnutls_hmac_fast (gnutls_mac_algorithm_t algorithm, const void *key,
size_t keylen, const void *text, size_t textlen,
void *digest);
int gnutls_hash_init (gnutls_hash_hd_t * dig,
gnutls_digest_algorithm_t algorithm);
int gnutls_hash (gnutls_hash_hd_t handle, const void *text, size_t textlen);
void gnutls_hash_output (gnutls_hash_hd_t handle, void *digest);
void gnutls_hash_deinit (gnutls_hash_hd_t handle, void *digest);
int gnutls_hash_get_len (gnutls_digest_algorithm_t algorithm);
int gnutls_hash_fast (gnutls_digest_algorithm_t algorithm,
const void *text, size_t textlen, void *digest);
/* register ciphers */
#define GNUTLS_CRYPTO_API_VERSION 0x03
#define gnutls_crypto_single_cipher_st gnutls_crypto_cipher_st
#define gnutls_crypto_single_mac_st gnutls_crypto_mac_st
#define gnutls_crypto_single_digest_st gnutls_crypto_digest_st
typedef struct
{
int (*init) (gnutls_cipher_algorithm_t, void **ctx);
int (*setkey) (void *ctx, const void *key, size_t keysize);
int (*setiv) (void *ctx, const void *iv, size_t ivsize);
int (*encrypt) (void *ctx, const void *plain, size_t plainsize,
void *encr, size_t encrsize);
int (*decrypt) (void *ctx, const void *encr, size_t encrsize,
void *plain, size_t plainsize);
void (*deinit) (void *ctx);
} gnutls_crypto_cipher_st;
typedef struct
{
int (*init) (gnutls_mac_algorithm_t, void **ctx);
int (*setkey) (void *ctx, const void *key, size_t keysize);
int (*hash) (void *ctx, const void *text, size_t textsize);
int (*output) (void *src_ctx, void *digest, size_t digestsize);
void (*deinit) (void *ctx);
} gnutls_crypto_mac_st;
typedef struct
{
int (*init) (gnutls_mac_algorithm_t, void **ctx);
int (*hash) (void *ctx, const void *text, size_t textsize);
int (*copy) (void **dst_ctx, void *src_ctx);
int (*output) (void *src_ctx, void *digest, size_t digestsize);
void (*deinit) (void *ctx);
} gnutls_crypto_digest_st;
/**
* gnutls_rnd_level_t:
* @GNUTLS_RND_NONCE: Non-predictable random number. Fatal in parts
* of session if broken, i.e., vulnerable to statistical analysis.
* @GNUTLS_RND_RANDOM: Pseudo-random cryptographic random number.
* Fatal in session if broken.
* @GNUTLS_RND_KEY: Fatal in many sessions if broken.
*
* Enumeration of random quality levels.
*/
typedef enum gnutls_rnd_level
{
GNUTLS_RND_NONCE = 0,
GNUTLS_RND_RANDOM = 1,
GNUTLS_RND_KEY = 2
} gnutls_rnd_level_t;
int gnutls_rnd (gnutls_rnd_level_t level, void *data, size_t len);
/**
* gnutls_pk_flag_t:
* @GNUTLS_PK_FLAG_NONE: No flag.
*
* Enumeration of public-key flag.
*/
typedef enum
{
GNUTLS_PK_FLAG_NONE = 0
} gnutls_pk_flag_t;
typedef struct gnutls_crypto_rnd
{
int (*init) (void **ctx);
int (*rnd) (void *ctx, int level, void *data, size_t datasize);
void (*deinit) (void *ctx);
} gnutls_crypto_rnd_st;
typedef void *bigint_t;
/**
* gnutls_bigint_format_t:
* @GNUTLS_MPI_FORMAT_USG: Raw unsigned integer format.
* @GNUTLS_MPI_FORMAT_STD: Raw signed integer format, always a leading
* zero when positive.
* @GNUTLS_MPI_FORMAT_PGP: The pgp integer format.
*
* Enumeration of different bignum integer encoding formats.
*/
typedef enum
{
/* raw unsigned integer format */
GNUTLS_MPI_FORMAT_USG = 0,
/* raw signed integer format - always a leading zero when positive */
GNUTLS_MPI_FORMAT_STD = 1,
/* the pgp integer format */
GNUTLS_MPI_FORMAT_PGP = 2
} gnutls_bigint_format_t;
typedef struct
{
bigint_t g; /* group generator */
bigint_t p; /* prime */
} gnutls_group_st;
/* Multi precision integer arithmetic */
typedef struct gnutls_crypto_bigint
{
bigint_t (*bigint_new) (int nbits);
void (*bigint_release) (bigint_t n);
/* 0 for equality, > 0 for m1>m2, < 0 for m1<m2 */
int (*bigint_cmp) (const bigint_t m1, const bigint_t m2);
/* as bigint_cmp */
int (*bigint_cmp_ui) (const bigint_t m1, unsigned long m2);
/* ret = a % b */
bigint_t (*bigint_mod) (const bigint_t a, const bigint_t b);
/* a = b -> ret == a */
bigint_t (*bigint_set) (bigint_t a, const bigint_t b);
/* a = b -> ret == a */
bigint_t (*bigint_set_ui) (bigint_t a, unsigned long b);
unsigned int (*bigint_get_nbits) (const bigint_t a);
/* w = b ^ e mod m */
bigint_t (*bigint_powm) (bigint_t w, const bigint_t b,
const bigint_t e, const bigint_t m);
/* w = a + b mod m */
bigint_t (*bigint_addm) (bigint_t w, const bigint_t a,
const bigint_t b, const bigint_t m);
/* w = a - b mod m */
bigint_t (*bigint_subm) (bigint_t w, const bigint_t a, const bigint_t b,
const bigint_t m);
/* w = a * b mod m */
bigint_t (*bigint_mulm) (bigint_t w, const bigint_t a, const bigint_t b,
const bigint_t m);
/* w = a + b */ bigint_t (*bigint_add) (bigint_t w, const bigint_t a,
const bigint_t b);
/* w = a - b */ bigint_t (*bigint_sub) (bigint_t w, const bigint_t a,
const bigint_t b);
/* w = a * b */
bigint_t (*bigint_mul) (bigint_t w, const bigint_t a, const bigint_t b);
/* w = a + b */
bigint_t (*bigint_add_ui) (bigint_t w, const bigint_t a,
unsigned long b);
/* w = a - b */
bigint_t (*bigint_sub_ui) (bigint_t w, const bigint_t a,
unsigned long b);
/* w = a * b */
bigint_t (*bigint_mul_ui) (bigint_t w, const bigint_t a,
unsigned long b);
/* q = a / b */
bigint_t (*bigint_div) (bigint_t q, const bigint_t a, const bigint_t b);
/* 0 if prime */
int (*bigint_prime_check) (const bigint_t pp);
int (*bigint_generate_group) (gnutls_group_st * gg, unsigned int bits);
/* reads an bigint from a buffer */
/* stores an bigint into the buffer. returns
* GNUTLS_E_SHORT_MEMORY_BUFFER if buf_size is not sufficient to
* store this integer, and updates the buf_size;
*/
bigint_t (*bigint_scan) (const void *buf, size_t buf_size,
gnutls_bigint_format_t format);
int (*bigint_print) (const bigint_t a, void *buf, size_t * buf_size,
gnutls_bigint_format_t format);
} gnutls_crypto_bigint_st;
#define GNUTLS_MAX_PK_PARAMS 16
typedef struct
{
bigint_t params[GNUTLS_MAX_PK_PARAMS];
unsigned int params_nr; /* the number of parameters */
unsigned int flags;
} gnutls_pk_params_st;
void gnutls_pk_params_release (gnutls_pk_params_st * p);
void gnutls_pk_params_init (gnutls_pk_params_st * p);
/* params are:
* RSA:
* [0] is modulus
* [1] is public exponent
* [2] is private exponent (private key only)
* [3] is prime1 (p) (private key only)
* [4] is prime2 (q) (private key only)
* [5] is coefficient (u == inverse of p mod q) (private key only)
* [6] e1 == d mod (p-1)
* [7] e2 == d mod (q-1)
*
* note that for libgcrypt that does not use the inverse of q mod p,
* we need to perform conversions using fixup_params().
*
* DSA:
* [0] is p
* [1] is q
* [2] is g
* [3] is y (public key)
* [4] is x (private key only)
*/
/**
* gnutls_direction_t:
* @GNUTLS_IMPORT: Import direction.
* @GNUTLS_EXPORT: Export direction.
*
* Enumeration of different directions.
*/
typedef enum
{
GNUTLS_IMPORT = 0,
GNUTLS_EXPORT = 1
} gnutls_direction_t;
/* Public key algorithms */
typedef struct gnutls_crypto_pk
{
/* The params structure should contain the private or public key
* parameters, depending on the operation */
int (*encrypt) (gnutls_pk_algorithm_t, gnutls_datum_t * ciphertext,
const gnutls_datum_t * plaintext,
const gnutls_pk_params_st * pub);
int (*decrypt) (gnutls_pk_algorithm_t, gnutls_datum_t * plaintext,
const gnutls_datum_t * ciphertext,
const gnutls_pk_params_st * priv);
int (*sign) (gnutls_pk_algorithm_t, gnutls_datum_t * signature,
const gnutls_datum_t * data,
const gnutls_pk_params_st * priv);
int (*verify) (gnutls_pk_algorithm_t, const gnutls_datum_t * data,
const gnutls_datum_t * signature,
const gnutls_pk_params_st * pub);
int (*generate) (gnutls_pk_algorithm_t, unsigned int nbits,
gnutls_pk_params_st *);
/* this function should convert params to ones suitable
* for the above functions
*/
int (*pk_fixup_private_params) (gnutls_pk_algorithm_t, gnutls_direction_t,
gnutls_pk_params_st *);
} gnutls_crypto_pk_st;
/* priority: infinity for backend algorithms, 90 for kernel
algorithms, lowest wins
*/
#define gnutls_crypto_single_cipher_register(algo, prio, st) \
gnutls_crypto_single_cipher_register2 (algo, prio, \
GNUTLS_CRYPTO_API_VERSION, st)
#define gnutls_crypto_single_mac_register(algo, prio, st) \
gnutls_crypto_single_mac_register2 (algo, prio, \
GNUTLS_CRYPTO_API_VERSION, st)
#define gnutls_crypto_single_digest_register(algo, prio, st) \
gnutls_crypto_single_digest_register2(algo, prio, \
GNUTLS_CRYPTO_API_VERSION, st)
int gnutls_crypto_single_cipher_register2 (gnutls_cipher_algorithm_t
algorithm, int priority,
int version,
const
gnutls_crypto_single_cipher_st *
s);
int gnutls_crypto_single_mac_register2 (gnutls_mac_algorithm_t algorithm,
int priority, int version,
const gnutls_crypto_single_mac_st *
s);
int gnutls_crypto_single_digest_register2 (gnutls_digest_algorithm_t
algorithm, int priority,
int version,
const
gnutls_crypto_single_digest_st *
s);
#define gnutls_crypto_cipher_register(prio, st) \
gnutls_crypto_cipher_register2 (prio, GNUTLS_CRYPTO_API_VERSION, st)
#define gnutls_crypto_mac_register(prio, st) \
gnutls_crypto_mac_register2 (prio, GNUTLS_CRYPTO_API_VERSION, st)
#define gnutls_crypto_digest_register(prio, st) \
gnutls_crypto_digest_register2 (prio, GNUTLS_CRYPTO_API_VERSION, st)
int gnutls_crypto_cipher_register2 (int priority, int version,
const gnutls_crypto_cipher_st * s);
int gnutls_crypto_mac_register2 (int priority, int version,
const gnutls_crypto_mac_st * s);
int gnutls_crypto_digest_register2 (int priority, int version,
const gnutls_crypto_digest_st * s);
#define gnutls_crypto_rnd_register(prio, st) \
gnutls_crypto_rnd_register2 (prio, GNUTLS_CRYPTO_API_VERSION, st)
#define gnutls_crypto_pk_register(prio, st) \
gnutls_crypto_pk_register2 (prio, GNUTLS_CRYPTO_API_VERSION, st)
#define gnutls_crypto_bigint_register(prio, st) \
gnutls_crypto_bigint_register2 (prio, GNUTLS_CRYPTO_API_VERSION, st)
int gnutls_crypto_rnd_register2 (int priority, int version,
const gnutls_crypto_rnd_st * s);
int gnutls_crypto_pk_register2 (int priority, int version,
const gnutls_crypto_pk_st * s);
int gnutls_crypto_bigint_register2 (int priority, int version,
const gnutls_crypto_bigint_st * s);
#ifdef __cplusplus
}
#endif
#endif

File diff suppressed because it is too large Load Diff

View File

@ -0,0 +1,365 @@
/*
* Copyright (C) 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010 Free
* Software Foundation, Inc.
*
* Author: Nikos Mavrogiannopoulos
*
* This file is part of GnuTLS.
*
* The GnuTLS is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public License
* as published by the Free Software Foundation; either version 2.1 of
* the License, or (at your option) any later version.
*
* This library is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public
* License along with this library; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301
* USA
*
*/
/* This file contains the types and prototypes for the OpenPGP
* key and private key parsing functions.
*/
#ifndef GNUTLS_OPENPGP_H
#define GNUTLS_OPENPGP_H
#include <gnutls26/gnutls.h>
#ifdef __cplusplus
extern "C"
{
#endif
/* Openpgp certificate stuff
*/
/**
* gnutls_openpgp_crt_fmt_t:
* @GNUTLS_OPENPGP_FMT_RAW: OpenPGP certificate in raw format.
* @GNUTLS_OPENPGP_FMT_BASE64: OpenPGP certificate in base64 format.
*
* Enumeration of different OpenPGP key formats.
*/
typedef enum gnutls_openpgp_crt_fmt
{
GNUTLS_OPENPGP_FMT_RAW,
GNUTLS_OPENPGP_FMT_BASE64
} gnutls_openpgp_crt_fmt_t;
#define GNUTLS_OPENPGP_KEYID_SIZE 8
typedef unsigned char gnutls_openpgp_keyid_t[GNUTLS_OPENPGP_KEYID_SIZE];
/* gnutls_openpgp_cert_t should be defined in gnutls.h
*/
/* initializes the memory for gnutls_openpgp_crt_t struct */
int gnutls_openpgp_crt_init (gnutls_openpgp_crt_t * key);
/* frees all memory */
void gnutls_openpgp_crt_deinit (gnutls_openpgp_crt_t key);
int gnutls_openpgp_crt_import (gnutls_openpgp_crt_t key,
const gnutls_datum_t * data,
gnutls_openpgp_crt_fmt_t format);
int gnutls_openpgp_crt_export (gnutls_openpgp_crt_t key,
gnutls_openpgp_crt_fmt_t format,
void *output_data,
size_t * output_data_size);
int gnutls_openpgp_crt_print (gnutls_openpgp_crt_t cert,
gnutls_certificate_print_formats_t format,
gnutls_datum_t * out);
/* The key_usage flags are defined in gnutls.h. They are
* the GNUTLS_KEY_* definitions.
*/
int gnutls_openpgp_crt_get_key_usage (gnutls_openpgp_crt_t key,
unsigned int *key_usage);
int gnutls_openpgp_crt_get_fingerprint (gnutls_openpgp_crt_t key, void *fpr,
size_t * fprlen);
int gnutls_openpgp_crt_get_subkey_fingerprint (gnutls_openpgp_crt_t key,
unsigned int idx,
void *fpr, size_t * fprlen);
int gnutls_openpgp_crt_get_name (gnutls_openpgp_crt_t key,
int idx, char *buf, size_t * sizeof_buf);
gnutls_pk_algorithm_t
gnutls_openpgp_crt_get_pk_algorithm (gnutls_openpgp_crt_t key,
unsigned int *bits);
int gnutls_openpgp_crt_get_version (gnutls_openpgp_crt_t key);
time_t gnutls_openpgp_crt_get_creation_time (gnutls_openpgp_crt_t key);
time_t gnutls_openpgp_crt_get_expiration_time (gnutls_openpgp_crt_t key);
int gnutls_openpgp_crt_get_key_id (gnutls_openpgp_crt_t key,
gnutls_openpgp_keyid_t keyid);
int gnutls_openpgp_crt_check_hostname (gnutls_openpgp_crt_t key,
const char *hostname);
int gnutls_openpgp_crt_get_revoked_status (gnutls_openpgp_crt_t key);
int gnutls_openpgp_crt_get_subkey_count (gnutls_openpgp_crt_t key);
int gnutls_openpgp_crt_get_subkey_idx (gnutls_openpgp_crt_t key,
const gnutls_openpgp_keyid_t keyid);
int gnutls_openpgp_crt_get_subkey_revoked_status (gnutls_openpgp_crt_t key,
unsigned int idx);
gnutls_pk_algorithm_t
gnutls_openpgp_crt_get_subkey_pk_algorithm (gnutls_openpgp_crt_t key,
unsigned int idx,
unsigned int *bits);
time_t gnutls_openpgp_crt_get_subkey_creation_time (gnutls_openpgp_crt_t
key, unsigned int idx);
time_t gnutls_openpgp_crt_get_subkey_expiration_time (gnutls_openpgp_crt_t
key,
unsigned int idx);
int gnutls_openpgp_crt_get_subkey_id (gnutls_openpgp_crt_t key,
unsigned int idx,
gnutls_openpgp_keyid_t keyid);
int gnutls_openpgp_crt_get_subkey_usage (gnutls_openpgp_crt_t key,
unsigned int idx,
unsigned int *key_usage);
int gnutls_openpgp_crt_get_subkey_pk_dsa_raw (gnutls_openpgp_crt_t crt,
unsigned int idx,
gnutls_datum_t * p,
gnutls_datum_t * q,
gnutls_datum_t * g,
gnutls_datum_t * y);
int gnutls_openpgp_crt_get_subkey_pk_rsa_raw (gnutls_openpgp_crt_t crt,
unsigned int idx,
gnutls_datum_t * m,
gnutls_datum_t * e);
int gnutls_openpgp_crt_get_pk_dsa_raw (gnutls_openpgp_crt_t crt,
gnutls_datum_t * p,
gnutls_datum_t * q,
gnutls_datum_t * g,
gnutls_datum_t * y);
int gnutls_openpgp_crt_get_pk_rsa_raw (gnutls_openpgp_crt_t crt,
gnutls_datum_t * m,
gnutls_datum_t * e);
int gnutls_openpgp_crt_get_preferred_key_id (gnutls_openpgp_crt_t key,
gnutls_openpgp_keyid_t keyid);
int
gnutls_openpgp_crt_set_preferred_key_id (gnutls_openpgp_crt_t key,
const gnutls_openpgp_keyid_t
keyid);
/* privkey stuff.
*/
int gnutls_openpgp_privkey_init (gnutls_openpgp_privkey_t * key);
void gnutls_openpgp_privkey_deinit (gnutls_openpgp_privkey_t key);
gnutls_pk_algorithm_t
gnutls_openpgp_privkey_get_pk_algorithm (gnutls_openpgp_privkey_t key,
unsigned int *bits);
gnutls_sec_param_t
gnutls_openpgp_privkey_sec_param (gnutls_openpgp_privkey_t key);
int gnutls_openpgp_privkey_import (gnutls_openpgp_privkey_t key,
const gnutls_datum_t * data,
gnutls_openpgp_crt_fmt_t format,
const char *password,
unsigned int flags);
int gnutls_openpgp_privkey_get_fingerprint (gnutls_openpgp_privkey_t key,
void *fpr, size_t * fprlen);
int gnutls_openpgp_privkey_get_subkey_fingerprint (gnutls_openpgp_privkey_t
key, unsigned int idx,
void *fpr,
size_t * fprlen);
int gnutls_openpgp_privkey_get_key_id (gnutls_openpgp_privkey_t key,
gnutls_openpgp_keyid_t keyid);
int gnutls_openpgp_privkey_get_subkey_count (gnutls_openpgp_privkey_t key);
int gnutls_openpgp_privkey_get_subkey_idx (gnutls_openpgp_privkey_t key,
const gnutls_openpgp_keyid_t
keyid);
int
gnutls_openpgp_privkey_get_subkey_revoked_status (gnutls_openpgp_privkey_t
key, unsigned int idx);
int gnutls_openpgp_privkey_get_revoked_status (gnutls_openpgp_privkey_t
key);
gnutls_pk_algorithm_t
gnutls_openpgp_privkey_get_subkey_pk_algorithm (gnutls_openpgp_privkey_t
key, unsigned int idx,
unsigned int *bits);
time_t
gnutls_openpgp_privkey_get_subkey_expiration_time
(gnutls_openpgp_privkey_t key, unsigned int idx);
int gnutls_openpgp_privkey_get_subkey_id (gnutls_openpgp_privkey_t key,
unsigned int idx,
gnutls_openpgp_keyid_t keyid);
time_t
gnutls_openpgp_privkey_get_subkey_creation_time (gnutls_openpgp_privkey_t
key, unsigned int idx);
int
gnutls_openpgp_privkey_export_subkey_dsa_raw (gnutls_openpgp_privkey_t
pkey, unsigned int idx,
gnutls_datum_t * p,
gnutls_datum_t * q,
gnutls_datum_t * g,
gnutls_datum_t * y,
gnutls_datum_t * x);
int gnutls_openpgp_privkey_export_subkey_rsa_raw (gnutls_openpgp_privkey_t
pkey, unsigned int idx,
gnutls_datum_t * m,
gnutls_datum_t * e,
gnutls_datum_t * d,
gnutls_datum_t * p,
gnutls_datum_t * q,
gnutls_datum_t * u);
int gnutls_openpgp_privkey_export_dsa_raw (gnutls_openpgp_privkey_t pkey,
gnutls_datum_t * p,
gnutls_datum_t * q,
gnutls_datum_t * g,
gnutls_datum_t * y,
gnutls_datum_t * x);
int gnutls_openpgp_privkey_export_rsa_raw (gnutls_openpgp_privkey_t pkey,
gnutls_datum_t * m,
gnutls_datum_t * e,
gnutls_datum_t * d,
gnutls_datum_t * p,
gnutls_datum_t * q,
gnutls_datum_t * u);
int gnutls_openpgp_privkey_export (gnutls_openpgp_privkey_t key,
gnutls_openpgp_crt_fmt_t format,
const char *password,
unsigned int flags,
void *output_data,
size_t * output_data_size);
int
gnutls_openpgp_privkey_set_preferred_key_id (gnutls_openpgp_privkey_t key,
const gnutls_openpgp_keyid_t
keyid);
int gnutls_openpgp_privkey_get_preferred_key_id (gnutls_openpgp_privkey_t
key,
gnutls_openpgp_keyid_t
keyid);
int gnutls_openpgp_crt_get_auth_subkey (gnutls_openpgp_crt_t crt,
gnutls_openpgp_keyid_t keyid,
unsigned int flag);
/* Keyring stuff.
*/
int gnutls_openpgp_keyring_init (gnutls_openpgp_keyring_t * keyring);
void gnutls_openpgp_keyring_deinit (gnutls_openpgp_keyring_t keyring);
int gnutls_openpgp_keyring_import (gnutls_openpgp_keyring_t keyring,
const gnutls_datum_t * data,
gnutls_openpgp_crt_fmt_t format);
int gnutls_openpgp_keyring_check_id (gnutls_openpgp_keyring_t ring,
const gnutls_openpgp_keyid_t keyid,
unsigned int flags);
int gnutls_openpgp_crt_verify_ring (gnutls_openpgp_crt_t key,
gnutls_openpgp_keyring_t keyring,
unsigned int flags, unsigned int *verify
/* the output of the verification */ );
int gnutls_openpgp_crt_verify_self (gnutls_openpgp_crt_t key,
unsigned int flags,
unsigned int *verify);
int gnutls_openpgp_keyring_get_crt (gnutls_openpgp_keyring_t ring,
unsigned int idx,
gnutls_openpgp_crt_t * cert);
int gnutls_openpgp_keyring_get_crt_count (gnutls_openpgp_keyring_t ring);
/**
* gnutls_openpgp_recv_key_func:
* @session: a TLS session
* @keyfpr: key fingerprint
* @keyfpr_length: length of key fingerprint
* @key: output key.
*
* A callback of this type is used to retrieve OpenPGP keys. Only
* useful on the server, and will only be used if the peer send a key
* fingerprint instead of a full key. See also
* gnutls_openpgp_set_recv_key_function().
*
* Returns: On success, %GNUTLS_E_SUCCESS (zero) is returned,
* otherwise an error code is returned.
*/
typedef int (*gnutls_openpgp_recv_key_func) (gnutls_session_t session,
const unsigned char *keyfpr,
unsigned int keyfpr_length,
gnutls_datum_t * key);
void
gnutls_openpgp_set_recv_key_function (gnutls_session_t session,
gnutls_openpgp_recv_key_func func);
/* certificate authentication stuff.
*/
int gnutls_certificate_set_openpgp_key (gnutls_certificate_credentials_t
res, gnutls_openpgp_crt_t key,
gnutls_openpgp_privkey_t pkey);
int
gnutls_certificate_set_openpgp_key_file (gnutls_certificate_credentials_t
res, const char *certfile,
const char *keyfile,
gnutls_openpgp_crt_fmt_t format);
int gnutls_certificate_set_openpgp_key_mem (gnutls_certificate_credentials_t
res,
const gnutls_datum_t * cert,
const gnutls_datum_t * key,
gnutls_openpgp_crt_fmt_t
format);
int
gnutls_certificate_set_openpgp_key_file2 (gnutls_certificate_credentials_t
res, const char *certfile,
const char *keyfile,
const char *subkey_id,
gnutls_openpgp_crt_fmt_t
format);
int
gnutls_certificate_set_openpgp_key_mem2 (gnutls_certificate_credentials_t
res, const gnutls_datum_t * cert,
const gnutls_datum_t * key,
const char *subkey_id,
gnutls_openpgp_crt_fmt_t format);
int
gnutls_certificate_set_openpgp_keyring_mem
(gnutls_certificate_credentials_t c, const unsigned char *data,
size_t dlen, gnutls_openpgp_crt_fmt_t format);
int
gnutls_certificate_set_openpgp_keyring_file
(gnutls_certificate_credentials_t c, const char *file,
gnutls_openpgp_crt_fmt_t format);
#ifdef __cplusplus
}
#endif
#endif /* GNUTLS_OPENPGP_H */

View File

@ -0,0 +1,304 @@
#ifndef __GNUTLS_PKCS11_H
#define __GNUTLS_PKCS11_H
#include <stdarg.h>
#include <gnutls26/gnutls.h>
#include <gnutls26/x509.h>
#define GNUTLS_PKCS11_MAX_PIN_LEN 32
/* Token callback function. The callback will be used to
* ask the user to re-enter the token with given null terminated
* label. Callback should return zero if token has been inserted
* by user and a negative error code otherwise. It might be called
* multiple times if the token is not detected and the retry counter
* will be increased.
*/
typedef int (*gnutls_pkcs11_token_callback_t) (void *const global_data,
const char *const label,
const unsigned retry);
/**
* gnutls_pkcs11_pin_flag_t:
* @GNUTLS_PKCS11_PIN_USER: The PIN for the user.
* @GNUTLS_PKCS11_PIN_SO: The PIN for the security officer.
* @GNUTLS_PKCS11_PIN_CONTEXT_SPECIFIC: The PIN is for a specific action and key like signing.
* @GNUTLS_PKCS11_PIN_FINAL_TRY: This is the final try before blocking.
* @GNUTLS_PKCS11_PIN_COUNT_LOW: Few tries remain before token blocks.
* @GNUTLS_PKCS11_PIN_WRONG: Last given PIN was not correct.
*
* Enumeration of different PIN flags.
*/
typedef enum
{
GNUTLS_PKCS11_PIN_USER = (1 << 0),
GNUTLS_PKCS11_PIN_SO = (1 << 1),
GNUTLS_PKCS11_PIN_FINAL_TRY = (1 << 2),
GNUTLS_PKCS11_PIN_COUNT_LOW = (1 << 3),
GNUTLS_PKCS11_PIN_CONTEXT_SPECIFIC = (1 << 4),
GNUTLS_PKCS11_PIN_WRONG = (1 << 5),
} gnutls_pkcs11_pin_flag_t;
/**
* gnutls_pkcs11_pin_callback_t:
* @userdata: user-controlled data from gnutls_pkcs11_set_pin_function().
* @attempt: pin-attempt counter, initially 0.
* @token_url: PKCS11 URL.
* @token_label: label of PKCS11 token.
* @flags: a #gnutls_pkcs11_pin_flag_t flag.
* @pin: buffer to hold PIN, of size @pin_max.
* @pin_max: size of @pin buffer.
*
* Callback function type for PKCS#11 PIN entry. It is set by
* gnutls_pkcs11_set_pin_function().
*
* The callback should provides the PIN code to unlock the token with
* label @token_label, specified by the URL @token_url.
*
* The PIN code, as a NUL-terminated ASCII string, should be copied
* into the @pin buffer (of maximum size @pin_max), and return 0 to
* indicate success. Alternatively, the callback may return a
* negative gnutls error code to indicate failure and cancel PIN entry
* (in which case, the contents of the @pin parameter are ignored).
*
* When a PIN is required, the callback will be invoked repeatedly
* (and indefinitely) until either the returned PIN code is correct,
* the callback returns failure, or the token refuses login (e.g. when
* the token is locked due to too many incorrect PINs!). For the
* first such invocation, the @attempt counter will have value zero;
* it will increase by one for each subsequent attempt.
*
* Returns: %GNUTLS_E_SUCCESS (0) on success or a negative error code on error.
*
* Since: 2.12.0
**/
typedef int (*gnutls_pkcs11_pin_callback_t) (void *userdata, int attempt,
const char *token_url,
const char *token_label,
unsigned int flags
/*gnutls_pkcs11_pin_flag_t */ ,
char *pin, size_t pin_max);
struct gnutls_pkcs11_obj_st;
typedef struct gnutls_pkcs11_obj_st *gnutls_pkcs11_obj_t;
#define GNUTLS_PKCS11_FLAG_MANUAL 0 /* Manual loading of libraries */
#define GNUTLS_PKCS11_FLAG_AUTO 1 /* Automatically load libraries by reading /etc/gnutls/pkcs11.conf */
/* pkcs11.conf format:
* load = /lib/xxx-pkcs11.so
* load = /lib/yyy-pkcs11.so
*/
int gnutls_pkcs11_init (unsigned int flags, const char *deprecated_config_file);
void gnutls_pkcs11_deinit (void);
void gnutls_pkcs11_set_token_function (gnutls_pkcs11_token_callback_t fn,
void *userdata);
void gnutls_pkcs11_set_pin_function (gnutls_pkcs11_pin_callback_t fn,
void *userdata);
int gnutls_pkcs11_add_provider (const char *name, const char *params);
int gnutls_pkcs11_obj_init (gnutls_pkcs11_obj_t * obj);
#define GNUTLS_PKCS11_OBJ_FLAG_LOGIN (1<<0) /* force login in the token for the operation */
#define GNUTLS_PKCS11_OBJ_FLAG_MARK_TRUSTED (1<<1) /* object marked as trusted */
#define GNUTLS_PKCS11_OBJ_FLAG_MARK_SENSITIVE (1<<2) /* object marked as sensitive (unexportable) */
#define GNUTLS_PKCS11_OBJ_FLAG_LOGIN_SO (1<<3) /* force login as a security officer in the token for the operation */
/**
* gnutls_pkcs11_url_type_t:
* @GNUTLS_PKCS11_URL_GENERIC: A generic-purpose URL.
* @GNUTLS_PKCS11_URL_LIB: A URL that specifies the library used as well.
* @GNUTLS_PKCS11_URL_LIB_VERSION: A URL that specifies the library and its version.
*
* Enumeration of different URL extraction flags.
*/
typedef enum
{
GNUTLS_PKCS11_URL_GENERIC, /* URL specifies the object on token level */
GNUTLS_PKCS11_URL_LIB, /* URL specifies the object on module level */
GNUTLS_PKCS11_URL_LIB_VERSION /* URL specifies the object on module and version level */
} gnutls_pkcs11_url_type_t;
int gnutls_pkcs11_obj_import_url (gnutls_pkcs11_obj_t, const char *url,
unsigned int flags
/* GNUTLS_PKCS11_OBJ_FLAG_* */ );
int gnutls_pkcs11_obj_export_url (gnutls_pkcs11_obj_t obj,
gnutls_pkcs11_url_type_t detailed,
char **url);
void gnutls_pkcs11_obj_deinit (gnutls_pkcs11_obj_t obj);
int gnutls_pkcs11_obj_export (gnutls_pkcs11_obj_t obj,
void *output_data, size_t * output_data_size);
int gnutls_pkcs11_copy_x509_crt (const char *token_url, gnutls_x509_crt_t crt,
const char *label, unsigned int flags
/* GNUTLS_PKCS11_OBJ_FLAG_* */ );
int gnutls_pkcs11_copy_x509_privkey (const char *token_url, gnutls_x509_privkey_t key,
const char *label, unsigned int key_usage /*GNUTLS_KEY_* */, unsigned int flags
/* GNUTLS_PKCS11_OBJ_FLAG_* */ );
int gnutls_pkcs11_delete_url (const char *object_url, unsigned int flags
/* GNUTLS_PKCS11_OBJ_FLAG_* */ );
int gnutls_pkcs11_copy_secret_key (const char *token_url,
gnutls_datum_t * key, const char *label,
unsigned int key_usage /* GNUTLS_KEY_* */ ,
unsigned int flags
/* GNUTLS_PKCS11_OBJ_FLAG_* */ );
/**
* gnutls_pkcs11_obj_info_t:
* @GNUTLS_PKCS11_OBJ_ID_HEX: The object ID in hex.
* @GNUTLS_PKCS11_OBJ_LABEL: The object label.
* @GNUTLS_PKCS11_OBJ_TOKEN_LABEL: The token's label.
* @GNUTLS_PKCS11_OBJ_TOKEN_SERIAL: The token's serial number.
* @GNUTLS_PKCS11_OBJ_TOKEN_MANUFACTURER: The token's manufacturer.
* @GNUTLS_PKCS11_OBJ_TOKEN_MODEL: The token's model.
* @GNUTLS_PKCS11_OBJ_ID: The object ID.
* @GNUTLS_PKCS11_OBJ_LIBRARY_VERSION: The library's used to access the object version.
* @GNUTLS_PKCS11_OBJ_LIBRARY_DESCRIPTION: The library's used to access the object description (name).
* @GNUTLS_PKCS11_OBJ_LIBRARY_MANUFACTURER: The library's used to access the object manufacturer name.
*
* Enumeration of several object information types.
*/
typedef enum
{
GNUTLS_PKCS11_OBJ_ID_HEX = 1,
GNUTLS_PKCS11_OBJ_LABEL,
GNUTLS_PKCS11_OBJ_TOKEN_LABEL,
GNUTLS_PKCS11_OBJ_TOKEN_SERIAL,
GNUTLS_PKCS11_OBJ_TOKEN_MANUFACTURER,
GNUTLS_PKCS11_OBJ_TOKEN_MODEL,
GNUTLS_PKCS11_OBJ_ID,
/* the pkcs11 provider library info */
GNUTLS_PKCS11_OBJ_LIBRARY_VERSION,
GNUTLS_PKCS11_OBJ_LIBRARY_DESCRIPTION,
GNUTLS_PKCS11_OBJ_LIBRARY_MANUFACTURER
} gnutls_pkcs11_obj_info_t;
int gnutls_pkcs11_obj_get_info (gnutls_pkcs11_obj_t crt,
gnutls_pkcs11_obj_info_t itype, void *output,
size_t * output_size);
/**
* gnutls_pkcs11_obj_attr_t:
* @GNUTLS_PKCS11_OBJ_ATTR_CRT_ALL: Specify all certificates.
* @GNUTLS_PKCS11_OBJ_ATTR_CRT_TRUSTED: Specify all certificates marked as trusted.
* @GNUTLS_PKCS11_OBJ_ATTR_CRT_WITH_PRIVKEY: Specify all certificates with a corresponding private key.
* @GNUTLS_PKCS11_OBJ_ATTR_PUBKEY: Specify all public keys.
* @GNUTLS_PKCS11_OBJ_ATTR_PRIVKEY: Specify all private keys.
* @GNUTLS_PKCS11_OBJ_ATTR_ALL: Specify all objects.
*
* Enumeration of several attributes for object enumeration.
*/
typedef enum
{
GNUTLS_PKCS11_OBJ_ATTR_CRT_ALL = 1, /* all certificates */
GNUTLS_PKCS11_OBJ_ATTR_CRT_TRUSTED, /* certificates marked as trusted */
GNUTLS_PKCS11_OBJ_ATTR_CRT_WITH_PRIVKEY, /* certificates with corresponding private key */
GNUTLS_PKCS11_OBJ_ATTR_PUBKEY, /* public keys */
GNUTLS_PKCS11_OBJ_ATTR_PRIVKEY, /* private keys */
GNUTLS_PKCS11_OBJ_ATTR_ALL /* everything! */
} gnutls_pkcs11_obj_attr_t;
/**
* gnutls_pkcs11_token_info_t:
* @GNUTLS_PKCS11_TOKEN_LABEL: The token's label
* @GNUTLS_PKCS11_TOKEN_SERIAL: The token's serial number
* @GNUTLS_PKCS11_TOKEN_MANUFACTURER: The token's manufacturer
* @GNUTLS_PKCS11_TOKEN_MODEL: The token's model
*
* Enumeration of types for retrieving token information.
*/
typedef enum
{
GNUTLS_PKCS11_TOKEN_LABEL,
GNUTLS_PKCS11_TOKEN_SERIAL,
GNUTLS_PKCS11_TOKEN_MANUFACTURER,
GNUTLS_PKCS11_TOKEN_MODEL
} gnutls_pkcs11_token_info_t;
/**
* gnutls_pkcs11_obj_type_t:
* @GNUTLS_PKCS11_OBJ_UNKNOWN: Unknown PKCS11 object.
* @GNUTLS_PKCS11_OBJ_X509_CRT: X.509 certificate.
* @GNUTLS_PKCS11_OBJ_PUBKEY: Public key.
* @GNUTLS_PKCS11_OBJ_PRIVKEY: Private key.
* @GNUTLS_PKCS11_OBJ_SECRET_KEY: Secret key.
* @GNUTLS_PKCS11_OBJ_DATA: Data object.
*
* Enumeration of object types.
*/
typedef enum
{
GNUTLS_PKCS11_OBJ_UNKNOWN,
GNUTLS_PKCS11_OBJ_X509_CRT,
GNUTLS_PKCS11_OBJ_PUBKEY,
GNUTLS_PKCS11_OBJ_PRIVKEY,
GNUTLS_PKCS11_OBJ_SECRET_KEY,
GNUTLS_PKCS11_OBJ_DATA
} gnutls_pkcs11_obj_type_t;
int
gnutls_pkcs11_token_init (const char *token_url,
const char *so_pin, const char *label);
int
gnutls_pkcs11_token_get_mechanism (const char *url, int idx,
unsigned long *mechanism);
int gnutls_pkcs11_token_set_pin (const char *token_url, const char *oldpin, const char *newpin, unsigned int flags /*gnutls_pkcs11_pin_flag_t */
);
int gnutls_pkcs11_token_get_url (unsigned int seq,
gnutls_pkcs11_url_type_t detailed,
char **url);
int gnutls_pkcs11_token_get_info (const char *url, gnutls_pkcs11_token_info_t ttype,
void *output, size_t * output_size);
#define GNUTLS_PKCS11_TOKEN_HW 1
int gnutls_pkcs11_token_get_flags (const char *url, unsigned int *flags);
int gnutls_pkcs11_obj_list_import_url (gnutls_pkcs11_obj_t * p_list,
unsigned int *const n_list,
const char *url,
gnutls_pkcs11_obj_attr_t attrs,
unsigned int flags
/* GNUTLS_PKCS11_OBJ_FLAG_* */ );
int gnutls_x509_crt_import_pkcs11 (gnutls_x509_crt_t crt,
gnutls_pkcs11_obj_t pkcs11_crt);
int gnutls_x509_crt_import_pkcs11_url (gnutls_x509_crt_t crt, const char *url,
unsigned int flags
/* GNUTLS_PKCS11_OBJ_FLAG_* */ );
gnutls_pkcs11_obj_type_t gnutls_pkcs11_obj_get_type (gnutls_pkcs11_obj_t
certificate);
const char *gnutls_pkcs11_type_get_name (gnutls_pkcs11_obj_type_t);
int gnutls_x509_crt_list_import_pkcs11 (gnutls_x509_crt_t * certs, unsigned int cert_max,
gnutls_pkcs11_obj_t * const objs, unsigned int flags /* must be zero */);
/* private key functions...*/
int gnutls_pkcs11_privkey_init (gnutls_pkcs11_privkey_t * key);
void gnutls_pkcs11_privkey_deinit (gnutls_pkcs11_privkey_t key);
int gnutls_pkcs11_privkey_get_pk_algorithm (gnutls_pkcs11_privkey_t key,
unsigned int *bits);
int gnutls_pkcs11_privkey_get_info (gnutls_pkcs11_privkey_t pkey,
gnutls_pkcs11_obj_info_t itype,
void *output, size_t * output_size);
int gnutls_pkcs11_privkey_import_url (gnutls_pkcs11_privkey_t pkey,
const char *url, unsigned int flags);
int gnutls_pkcs11_privkey_export_url (gnutls_pkcs11_privkey_t key,
gnutls_pkcs11_url_type_t detailed,
char **url);
/** @} */
#endif

View File

@ -0,0 +1,123 @@
/*
* Copyright (C) 2003, 2004, 2005, 2007, 2008, 2009, 2010 Free Software
* Foundation, Inc.
*
* Author: Nikos Mavrogiannopoulos
*
* This file is part of GnuTLS.
*
* The GnuTLS is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public License
* as published by the Free Software Foundation; either version 2.1 of
* the License, or (at your option) any later version.
*
* This library is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public
* License along with this library; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301
* USA
*
*/
#ifndef GNUTLS_PKCS12_H
#define GNUTLS_PKCS12_H
#include <gnutls26/x509.h>
#ifdef __cplusplus
extern "C"
{
#endif
/* PKCS12 structures handling
*/
struct gnutls_pkcs12_int;
typedef struct gnutls_pkcs12_int *gnutls_pkcs12_t;
struct gnutls_pkcs12_bag_int;
typedef struct gnutls_pkcs12_bag_int *gnutls_pkcs12_bag_t;
int gnutls_pkcs12_init (gnutls_pkcs12_t * pkcs12);
void gnutls_pkcs12_deinit (gnutls_pkcs12_t pkcs12);
int gnutls_pkcs12_import (gnutls_pkcs12_t pkcs12,
const gnutls_datum_t * data,
gnutls_x509_crt_fmt_t format, unsigned int flags);
int gnutls_pkcs12_export (gnutls_pkcs12_t pkcs12,
gnutls_x509_crt_fmt_t format,
void *output_data, size_t * output_data_size);
int gnutls_pkcs12_get_bag (gnutls_pkcs12_t pkcs12,
int indx, gnutls_pkcs12_bag_t bag);
int gnutls_pkcs12_set_bag (gnutls_pkcs12_t pkcs12, gnutls_pkcs12_bag_t bag);
int gnutls_pkcs12_generate_mac (gnutls_pkcs12_t pkcs12, const char *pass);
int gnutls_pkcs12_verify_mac (gnutls_pkcs12_t pkcs12, const char *pass);
int gnutls_pkcs12_bag_decrypt (gnutls_pkcs12_bag_t bag, const char *pass);
int gnutls_pkcs12_bag_encrypt (gnutls_pkcs12_bag_t bag, const char *pass,
unsigned int flags);
/**
* gnutls_pkcs12_bag_type_t:
* @GNUTLS_BAG_EMPTY: Empty PKCS-12 bag.
* @GNUTLS_BAG_PKCS8_ENCRYPTED_KEY: PKCS-12 bag with PKCS-8 encrypted key.
* @GNUTLS_BAG_PKCS8_KEY: PKCS-12 bag with PKCS-8 key.
* @GNUTLS_BAG_CERTIFICATE: PKCS-12 bag with certificate.
* @GNUTLS_BAG_CRL: PKCS-12 bag with CRL.
* @GNUTLS_BAG_SECRET: PKCS-12 bag with secret PKCS-9 keys.
* @GNUTLS_BAG_ENCRYPTED: Encrypted PKCS-12 bag.
* @GNUTLS_BAG_UNKNOWN: Unknown PKCS-12 bag.
*
* Enumeration of different PKCS 12 bag types.
*/
typedef enum gnutls_pkcs12_bag_type_t
{
GNUTLS_BAG_EMPTY = 0,
GNUTLS_BAG_PKCS8_ENCRYPTED_KEY = 1,
GNUTLS_BAG_PKCS8_KEY = 2,
GNUTLS_BAG_CERTIFICATE = 3,
GNUTLS_BAG_CRL = 4,
GNUTLS_BAG_SECRET = 5, /* Secret data. Underspecified in pkcs-12,
* gnutls extension. We use the PKCS-9
* random nonce ID 1.2.840.113549.1.9.25.3
* to store randomly generated keys.
*/
GNUTLS_BAG_ENCRYPTED = 10,
GNUTLS_BAG_UNKNOWN = 20
} gnutls_pkcs12_bag_type_t;
gnutls_pkcs12_bag_type_t
gnutls_pkcs12_bag_get_type (gnutls_pkcs12_bag_t bag, int indx);
int gnutls_pkcs12_bag_get_data (gnutls_pkcs12_bag_t bag, int indx,
gnutls_datum_t * data);
int gnutls_pkcs12_bag_set_data (gnutls_pkcs12_bag_t bag,
gnutls_pkcs12_bag_type_t type,
const gnutls_datum_t * data);
int gnutls_pkcs12_bag_set_crl (gnutls_pkcs12_bag_t bag,
gnutls_x509_crl_t crl);
int gnutls_pkcs12_bag_set_crt (gnutls_pkcs12_bag_t bag,
gnutls_x509_crt_t crt);
int gnutls_pkcs12_bag_init (gnutls_pkcs12_bag_t * bag);
void gnutls_pkcs12_bag_deinit (gnutls_pkcs12_bag_t bag);
int gnutls_pkcs12_bag_get_count (gnutls_pkcs12_bag_t bag);
int gnutls_pkcs12_bag_get_key_id (gnutls_pkcs12_bag_t bag, int indx,
gnutls_datum_t * id);
int gnutls_pkcs12_bag_set_key_id (gnutls_pkcs12_bag_t bag, int indx,
const gnutls_datum_t * id);
int gnutls_pkcs12_bag_get_friendly_name (gnutls_pkcs12_bag_t bag, int indx,
char **name);
int gnutls_pkcs12_bag_set_friendly_name (gnutls_pkcs12_bag_t bag, int indx,
const char *name);
#ifdef __cplusplus
}
#endif
#endif /* GNUTLS_PKCS12_H */

View File

@ -0,0 +1,827 @@
/*
* Copyright (C) 2003, 2004, 2005, 2007, 2008, 2009, 2010 Free Software
* Foundation, Inc.
*
* Author: Nikos Mavrogiannopoulos
*
* This file is part of GnuTLS.
*
* The GnuTLS is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public License
* as published by the Free Software Foundation; either version 2.1 of
* the License, or (at your option) any later version.
*
* This library is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public
* License along with this library; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301
* USA
*
*/
/* This file contains the types and prototypes for the X.509
* certificate and CRL handling functions.
*/
#ifndef GNUTLS_X509_H
#define GNUTLS_X509_H
#include <gnutls26/gnutls.h>
#ifdef __cplusplus
extern "C"
{
#endif
/* Some OIDs usually found in Distinguished names, or
* in Subject Directory Attribute extensions.
*/
#define GNUTLS_OID_X520_COUNTRY_NAME "2.5.4.6"
#define GNUTLS_OID_X520_ORGANIZATION_NAME "2.5.4.10"
#define GNUTLS_OID_X520_ORGANIZATIONAL_UNIT_NAME "2.5.4.11"
#define GNUTLS_OID_X520_COMMON_NAME "2.5.4.3"
#define GNUTLS_OID_X520_LOCALITY_NAME "2.5.4.7"
#define GNUTLS_OID_X520_STATE_OR_PROVINCE_NAME "2.5.4.8"
#define GNUTLS_OID_X520_INITIALS "2.5.4.43"
#define GNUTLS_OID_X520_GENERATION_QUALIFIER "2.5.4.44"
#define GNUTLS_OID_X520_SURNAME "2.5.4.4"
#define GNUTLS_OID_X520_GIVEN_NAME "2.5.4.42"
#define GNUTLS_OID_X520_TITLE "2.5.4.12"
#define GNUTLS_OID_X520_DN_QUALIFIER "2.5.4.46"
#define GNUTLS_OID_X520_PSEUDONYM "2.5.4.65"
#define GNUTLS_OID_X520_POSTALCODE "2.5.4.17"
#define GNUTLS_OID_X520_NAME "2.5.4.41"
#define GNUTLS_OID_LDAP_DC "0.9.2342.19200300.100.1.25"
#define GNUTLS_OID_LDAP_UID "0.9.2342.19200300.100.1.1"
/* The following should not be included in DN.
*/
#define GNUTLS_OID_PKCS9_EMAIL "1.2.840.113549.1.9.1"
#define GNUTLS_OID_PKIX_DATE_OF_BIRTH "1.3.6.1.5.5.7.9.1"
#define GNUTLS_OID_PKIX_PLACE_OF_BIRTH "1.3.6.1.5.5.7.9.2"
#define GNUTLS_OID_PKIX_GENDER "1.3.6.1.5.5.7.9.3"
#define GNUTLS_OID_PKIX_COUNTRY_OF_CITIZENSHIP "1.3.6.1.5.5.7.9.4"
#define GNUTLS_OID_PKIX_COUNTRY_OF_RESIDENCE "1.3.6.1.5.5.7.9.5"
/* Key purpose Object Identifiers.
*/
#define GNUTLS_KP_TLS_WWW_SERVER "1.3.6.1.5.5.7.3.1"
#define GNUTLS_KP_TLS_WWW_CLIENT "1.3.6.1.5.5.7.3.2"
#define GNUTLS_KP_CODE_SIGNING "1.3.6.1.5.5.7.3.3"
#define GNUTLS_KP_EMAIL_PROTECTION "1.3.6.1.5.5.7.3.4"
#define GNUTLS_KP_TIME_STAMPING "1.3.6.1.5.5.7.3.8"
#define GNUTLS_KP_OCSP_SIGNING "1.3.6.1.5.5.7.3.9"
#define GNUTLS_KP_IPSEC_IKE "1.3.6.1.5.5.7.3.17"
#define GNUTLS_KP_ANY "2.5.29.37.0"
#define GNUTLS_FSAN_SET 0
#define GNUTLS_FSAN_APPEND 1
/* Certificate handling functions.
*/
/**
* gnutls_certificate_import_flags:
* @GNUTLS_X509_CRT_LIST_IMPORT_FAIL_IF_EXCEED: Fail if the
* certificates in the buffer are more than the space allocated for
* certificates. The error code will be %GNUTLS_E_SHORT_MEMORY_BUFFER.
* @GNUTLS_X509_CRT_LIST_FAIL_IF_UNSORTED: Fail if the certificates
* in the buffer are not ordered starting from subject to issuer.
* The error code will be %GNUTLS_E_CERTIFICATE_LIST_UNSORTED.
*
* Enumeration of different certificate import flags.
*/
typedef enum gnutls_certificate_import_flags
{
GNUTLS_X509_CRT_LIST_IMPORT_FAIL_IF_EXCEED = 1,
GNUTLS_X509_CRT_LIST_FAIL_IF_UNSORTED = 2
} gnutls_certificate_import_flags;
int gnutls_x509_crt_init (gnutls_x509_crt_t * cert);
void gnutls_x509_crt_deinit (gnutls_x509_crt_t cert);
int gnutls_x509_crt_import (gnutls_x509_crt_t cert,
const gnutls_datum_t * data,
gnutls_x509_crt_fmt_t format);
int gnutls_x509_crt_list_import (gnutls_x509_crt_t * certs,
unsigned int *cert_max,
const gnutls_datum_t * data,
gnutls_x509_crt_fmt_t format,
unsigned int flags);
int gnutls_x509_crt_export (gnutls_x509_crt_t cert,
gnutls_x509_crt_fmt_t format,
void *output_data, size_t * output_data_size);
int gnutls_x509_crt_get_issuer_dn (gnutls_x509_crt_t cert, char *buf,
size_t * sizeof_buf);
int gnutls_x509_crt_get_issuer_dn_oid (gnutls_x509_crt_t cert, int indx,
void *oid, size_t * sizeof_oid);
int gnutls_x509_crt_get_issuer_dn_by_oid (gnutls_x509_crt_t cert,
const char *oid, int indx,
unsigned int raw_flag,
void *buf, size_t * sizeof_buf);
int gnutls_x509_crt_get_dn (gnutls_x509_crt_t cert, char *buf,
size_t * sizeof_buf);
int gnutls_x509_crt_get_dn_oid (gnutls_x509_crt_t cert, int indx,
void *oid, size_t * sizeof_oid);
int gnutls_x509_crt_get_dn_by_oid (gnutls_x509_crt_t cert,
const char *oid, int indx,
unsigned int raw_flag, void *buf,
size_t * sizeof_buf);
int gnutls_x509_crt_check_hostname (gnutls_x509_crt_t cert,
const char *hostname);
int gnutls_x509_crt_get_signature_algorithm (gnutls_x509_crt_t cert);
int gnutls_x509_crt_get_signature (gnutls_x509_crt_t cert,
char *sig, size_t * sizeof_sig);
int gnutls_x509_crt_get_version (gnutls_x509_crt_t cert);
int gnutls_x509_crt_get_key_id (gnutls_x509_crt_t crt,
unsigned int flags,
unsigned char *output_data,
size_t * output_data_size);
int gnutls_x509_crt_set_authority_key_id (gnutls_x509_crt_t cert,
const void *id, size_t id_size);
int gnutls_x509_crt_get_authority_key_id (gnutls_x509_crt_t cert,
void *ret, size_t * ret_size,
unsigned int *critical);
int gnutls_x509_crt_get_subject_key_id (gnutls_x509_crt_t cert,
void *ret, size_t * ret_size,
unsigned int *critical);
int gnutls_x509_crt_get_subject_unique_id (gnutls_x509_crt_t crt, char *buf,
size_t * sizeof_buf);
int gnutls_x509_crt_get_issuer_unique_id (gnutls_x509_crt_t crt, char *buf,
size_t * sizeof_buf);
#define GNUTLS_CRL_REASON_UNUSED 128
#define GNUTLS_CRL_REASON_KEY_COMPROMISE 64
#define GNUTLS_CRL_REASON_CA_COMPROMISE 32
#define GNUTLS_CRL_REASON_AFFILIATION_CHANGED 16
#define GNUTLS_CRL_REASON_SUPERSEDED 8
#define GNUTLS_CRL_REASON_SUPERSEEDED GNUTLS_CRL_REASON_SUPERSEDED
#define GNUTLS_CRL_REASON_CESSATION_OF_OPERATION 4
#define GNUTLS_CRL_REASON_CERTIFICATE_HOLD 2
#define GNUTLS_CRL_REASON_PRIVILEGE_WITHDRAWN 1
#define GNUTLS_CRL_REASON_AA_COMPROMISE 32768
int gnutls_x509_crt_get_crl_dist_points (gnutls_x509_crt_t cert,
unsigned int seq, void *ret,
size_t * ret_size,
unsigned int *reason_flags,
unsigned int *critical);
int gnutls_x509_crt_set_crl_dist_points2 (gnutls_x509_crt_t crt,
gnutls_x509_subject_alt_name_t
type, const void *data,
unsigned int data_size,
unsigned int reason_flags);
int gnutls_x509_crt_set_crl_dist_points (gnutls_x509_crt_t crt,
gnutls_x509_subject_alt_name_t
type, const void *data_string,
unsigned int reason_flags);
int gnutls_x509_crt_cpy_crl_dist_points (gnutls_x509_crt_t dst,
gnutls_x509_crt_t src);
time_t gnutls_x509_crt_get_activation_time (gnutls_x509_crt_t cert);
time_t gnutls_x509_crt_get_expiration_time (gnutls_x509_crt_t cert);
int gnutls_x509_crt_get_serial (gnutls_x509_crt_t cert, void *result,
size_t * result_size);
int gnutls_x509_crt_get_pk_algorithm (gnutls_x509_crt_t cert,
unsigned int *bits);
int gnutls_x509_crt_get_pk_rsa_raw (gnutls_x509_crt_t crt,
gnutls_datum_t * m, gnutls_datum_t * e);
int gnutls_x509_crt_get_pk_dsa_raw (gnutls_x509_crt_t crt,
gnutls_datum_t * p,
gnutls_datum_t * q,
gnutls_datum_t * g, gnutls_datum_t * y);
int gnutls_x509_crt_get_subject_alt_name (gnutls_x509_crt_t cert,
unsigned int seq, void *ret,
size_t * ret_size,
unsigned int *critical);
int gnutls_x509_crt_get_subject_alt_name2 (gnutls_x509_crt_t cert,
unsigned int seq, void *ret,
size_t * ret_size,
unsigned int *ret_type,
unsigned int *critical);
int gnutls_x509_crt_get_subject_alt_othername_oid (gnutls_x509_crt_t cert,
unsigned int seq,
void *ret,
size_t * ret_size);
int gnutls_x509_crt_get_issuer_alt_name (gnutls_x509_crt_t cert,
unsigned int seq, void *ret,
size_t * ret_size,
unsigned int *critical);
int gnutls_x509_crt_get_issuer_alt_name2 (gnutls_x509_crt_t cert,
unsigned int seq, void *ret,
size_t * ret_size,
unsigned int *ret_type,
unsigned int *critical);
int gnutls_x509_crt_get_issuer_alt_othername_oid (gnutls_x509_crt_t cert,
unsigned int seq,
void *ret,
size_t * ret_size);
int gnutls_x509_crt_get_ca_status (gnutls_x509_crt_t cert,
unsigned int *critical);
int gnutls_x509_crt_get_basic_constraints (gnutls_x509_crt_t cert,
unsigned int *critical,
int *ca, int *pathlen);
/* The key_usage flags are defined in gnutls.h. They are the
* GNUTLS_KEY_* definitions.
*/
int gnutls_x509_crt_get_key_usage (gnutls_x509_crt_t cert,
unsigned int *key_usage,
unsigned int *critical);
int gnutls_x509_crt_set_key_usage (gnutls_x509_crt_t crt,
unsigned int usage);
int gnutls_x509_crt_get_proxy (gnutls_x509_crt_t cert,
unsigned int *critical,
int *pathlen,
char **policyLanguage,
char **policy, size_t * sizeof_policy);
int gnutls_x509_dn_oid_known (const char *oid);
/* Read extensions by OID. */
int gnutls_x509_crt_get_extension_oid (gnutls_x509_crt_t cert, int indx,
void *oid, size_t * sizeof_oid);
int gnutls_x509_crt_get_extension_by_oid (gnutls_x509_crt_t cert,
const char *oid, int indx,
void *buf,
size_t * sizeof_buf,
unsigned int *critical);
/* Read extensions by sequence number. */
int gnutls_x509_crt_get_extension_info (gnutls_x509_crt_t cert, int indx,
void *oid, size_t * sizeof_oid,
int *critical);
int gnutls_x509_crt_get_extension_data (gnutls_x509_crt_t cert, int indx,
void *data, size_t * sizeof_data);
int gnutls_x509_crt_set_extension_by_oid (gnutls_x509_crt_t crt,
const char *oid,
const void *buf,
size_t sizeof_buf,
unsigned int critical);
/* X.509 Certificate writing.
*/
int gnutls_x509_crt_set_dn_by_oid (gnutls_x509_crt_t crt,
const char *oid,
unsigned int raw_flag,
const void *name,
unsigned int sizeof_name);
int gnutls_x509_crt_set_issuer_dn_by_oid (gnutls_x509_crt_t crt,
const char *oid,
unsigned int raw_flag,
const void *name,
unsigned int sizeof_name);
int gnutls_x509_crt_set_version (gnutls_x509_crt_t crt,
unsigned int version);
int gnutls_x509_crt_set_key (gnutls_x509_crt_t crt,
gnutls_x509_privkey_t key);
int gnutls_x509_crt_set_ca_status (gnutls_x509_crt_t crt, unsigned int ca);
int gnutls_x509_crt_set_basic_constraints (gnutls_x509_crt_t crt,
unsigned int ca,
int pathLenConstraint);
int gnutls_x509_crt_set_subject_alternative_name (gnutls_x509_crt_t crt,
gnutls_x509_subject_alt_name_t
type,
const char *data_string);
int gnutls_x509_crt_set_subject_alt_name (gnutls_x509_crt_t crt,
gnutls_x509_subject_alt_name_t
type, const void *data,
unsigned int data_size,
unsigned int flags);
int gnutls_x509_crt_sign (gnutls_x509_crt_t crt, gnutls_x509_crt_t issuer,
gnutls_x509_privkey_t issuer_key);
int gnutls_x509_crt_sign2 (gnutls_x509_crt_t crt, gnutls_x509_crt_t issuer,
gnutls_x509_privkey_t issuer_key,
gnutls_digest_algorithm_t dig,
unsigned int flags);
int gnutls_x509_crt_set_activation_time (gnutls_x509_crt_t cert,
time_t act_time);
int gnutls_x509_crt_set_expiration_time (gnutls_x509_crt_t cert,
time_t exp_time);
int gnutls_x509_crt_set_serial (gnutls_x509_crt_t cert, const void *serial,
size_t serial_size);
int gnutls_x509_crt_set_subject_key_id (gnutls_x509_crt_t cert,
const void *id, size_t id_size);
int gnutls_x509_crt_set_proxy_dn (gnutls_x509_crt_t crt,
gnutls_x509_crt_t eecrt,
unsigned int raw_flag,
const void *name,
unsigned int sizeof_name);
int gnutls_x509_crt_set_proxy (gnutls_x509_crt_t crt,
int pathLenConstraint,
const char *policyLanguage,
const char *policy, size_t sizeof_policy);
int gnutls_x509_crt_print (gnutls_x509_crt_t cert,
gnutls_certificate_print_formats_t format,
gnutls_datum_t * out);
int gnutls_x509_crl_print (gnutls_x509_crl_t crl,
gnutls_certificate_print_formats_t format,
gnutls_datum_t * out);
/* Access to internal Certificate fields.
*/
int gnutls_x509_crt_get_raw_issuer_dn (gnutls_x509_crt_t cert,
gnutls_datum_t * start);
int gnutls_x509_crt_get_raw_dn (gnutls_x509_crt_t cert,
gnutls_datum_t * start);
/* RDN handling.
*/
int gnutls_x509_rdn_get (const gnutls_datum_t * idn,
char *buf, size_t * sizeof_buf);
int gnutls_x509_rdn_get_oid (const gnutls_datum_t * idn,
int indx, void *buf, size_t * sizeof_buf);
int gnutls_x509_rdn_get_by_oid (const gnutls_datum_t * idn,
const char *oid, int indx,
unsigned int raw_flag, void *buf,
size_t * sizeof_buf);
typedef void *gnutls_x509_dn_t;
typedef struct gnutls_x509_ava_st
{
gnutls_datum_t oid;
gnutls_datum_t value;
unsigned long value_tag;
} gnutls_x509_ava_st;
int gnutls_x509_crt_get_subject (gnutls_x509_crt_t cert,
gnutls_x509_dn_t * dn);
int gnutls_x509_crt_get_issuer (gnutls_x509_crt_t cert,
gnutls_x509_dn_t * dn);
int gnutls_x509_dn_get_rdn_ava (gnutls_x509_dn_t dn, int irdn,
int iava, gnutls_x509_ava_st * ava);
int gnutls_x509_dn_init (gnutls_x509_dn_t * dn);
int gnutls_x509_dn_import (gnutls_x509_dn_t dn,
const gnutls_datum_t * data);
int gnutls_x509_dn_export (gnutls_x509_dn_t dn,
gnutls_x509_crt_fmt_t format, void *output_data,
size_t * output_data_size);
void gnutls_x509_dn_deinit (gnutls_x509_dn_t dn);
/* CRL handling functions.
*/
int gnutls_x509_crl_init (gnutls_x509_crl_t * crl);
void gnutls_x509_crl_deinit (gnutls_x509_crl_t crl);
int gnutls_x509_crl_import (gnutls_x509_crl_t crl,
const gnutls_datum_t * data,
gnutls_x509_crt_fmt_t format);
int gnutls_x509_crl_export (gnutls_x509_crl_t crl,
gnutls_x509_crt_fmt_t format,
void *output_data, size_t * output_data_size);
int
gnutls_x509_crl_get_raw_issuer_dn (gnutls_x509_crl_t crl,
gnutls_datum_t * dn);
int gnutls_x509_crl_get_issuer_dn (const gnutls_x509_crl_t crl,
char *buf, size_t * sizeof_buf);
int gnutls_x509_crl_get_issuer_dn_by_oid (gnutls_x509_crl_t crl,
const char *oid, int indx,
unsigned int raw_flag,
void *buf, size_t * sizeof_buf);
int gnutls_x509_crl_get_dn_oid (gnutls_x509_crl_t crl, int indx,
void *oid, size_t * sizeof_oid);
int gnutls_x509_crl_get_signature_algorithm (gnutls_x509_crl_t crl);
int gnutls_x509_crl_get_signature (gnutls_x509_crl_t crl,
char *sig, size_t * sizeof_sig);
int gnutls_x509_crl_get_version (gnutls_x509_crl_t crl);
time_t gnutls_x509_crl_get_this_update (gnutls_x509_crl_t crl);
time_t gnutls_x509_crl_get_next_update (gnutls_x509_crl_t crl);
int gnutls_x509_crl_get_crt_count (gnutls_x509_crl_t crl);
int gnutls_x509_crl_get_crt_serial (gnutls_x509_crl_t crl, int indx,
unsigned char *serial,
size_t * serial_size, time_t * t);
#define gnutls_x509_crl_get_certificate_count gnutls_x509_crl_get_crt_count
#define gnutls_x509_crl_get_certificate gnutls_x509_crl_get_crt_serial
int gnutls_x509_crl_check_issuer (gnutls_x509_crl_t crl,
gnutls_x509_crt_t issuer);
/* CRL writing.
*/
int gnutls_x509_crl_set_version (gnutls_x509_crl_t crl,
unsigned int version);
int gnutls_x509_crl_set_this_update (gnutls_x509_crl_t crl,
time_t act_time);
int gnutls_x509_crl_set_next_update (gnutls_x509_crl_t crl,
time_t exp_time);
int gnutls_x509_crl_set_crt_serial (gnutls_x509_crl_t crl,
const void *serial,
size_t serial_size,
time_t revocation_time);
int gnutls_x509_crl_set_crt (gnutls_x509_crl_t crl,
gnutls_x509_crt_t crt, time_t revocation_time);
int gnutls_x509_crl_get_authority_key_id (gnutls_x509_crl_t crl, void *ret,
size_t * ret_size,
unsigned int *critical);
int gnutls_x509_crl_get_number (gnutls_x509_crl_t crl, void *ret,
size_t * ret_size, unsigned int *critical);
int gnutls_x509_crl_get_extension_oid (gnutls_x509_crl_t crl, int indx,
void *oid, size_t * sizeof_oid);
int gnutls_x509_crl_get_extension_info (gnutls_x509_crl_t crl, int indx,
void *oid, size_t * sizeof_oid,
int *critical);
int gnutls_x509_crl_get_extension_data (gnutls_x509_crl_t crl, int indx,
void *data, size_t * sizeof_data);
int gnutls_x509_crl_set_authority_key_id (gnutls_x509_crl_t crl,
const void *id, size_t id_size);
int gnutls_x509_crl_set_number (gnutls_x509_crl_t crl,
const void *nr, size_t nr_size);
/* PKCS7 structures handling
*/
struct gnutls_pkcs7_int;
typedef struct gnutls_pkcs7_int *gnutls_pkcs7_t;
int gnutls_pkcs7_init (gnutls_pkcs7_t * pkcs7);
void gnutls_pkcs7_deinit (gnutls_pkcs7_t pkcs7);
int gnutls_pkcs7_import (gnutls_pkcs7_t pkcs7,
const gnutls_datum_t * data,
gnutls_x509_crt_fmt_t format);
int gnutls_pkcs7_export (gnutls_pkcs7_t pkcs7,
gnutls_x509_crt_fmt_t format,
void *output_data, size_t * output_data_size);
int gnutls_pkcs7_get_crt_count (gnutls_pkcs7_t pkcs7);
int gnutls_pkcs7_get_crt_raw (gnutls_pkcs7_t pkcs7, int indx,
void *certificate, size_t * certificate_size);
int gnutls_pkcs7_set_crt_raw (gnutls_pkcs7_t pkcs7,
const gnutls_datum_t * crt);
int gnutls_pkcs7_set_crt (gnutls_pkcs7_t pkcs7, gnutls_x509_crt_t crt);
int gnutls_pkcs7_delete_crt (gnutls_pkcs7_t pkcs7, int indx);
int gnutls_pkcs7_get_crl_raw (gnutls_pkcs7_t pkcs7,
int indx, void *crl, size_t * crl_size);
int gnutls_pkcs7_get_crl_count (gnutls_pkcs7_t pkcs7);
int gnutls_pkcs7_set_crl_raw (gnutls_pkcs7_t pkcs7,
const gnutls_datum_t * crl);
int gnutls_pkcs7_set_crl (gnutls_pkcs7_t pkcs7, gnutls_x509_crl_t crl);
int gnutls_pkcs7_delete_crl (gnutls_pkcs7_t pkcs7, int indx);
/* X.509 Certificate verification functions.
*/
/**
* gnutls_certificate_verify_flags:
* @GNUTLS_VERIFY_DISABLE_CA_SIGN: If set a signer does not have to be
* a certificate authority. This flag should normaly be disabled,
* unless you know what this means.
* @GNUTLS_VERIFY_DISABLE_TRUSTED_TIME_CHECKS: If set a signer in the trusted
* list is never checked for expiration or activation.
* @GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT: Allow trusted CA
* certificates that have version 1. This is the default.
* @GNUTLS_VERIFY_DO_NOT_ALLOW_X509_V1_CA_CRT: Do not allow trusted CA
* certificates that have version 1. This option is to be used
* to deprecate all V1 certificates.
* @GNUTLS_VERIFY_DO_NOT_ALLOW_SAME: If a certificate is not signed by
* anyone trusted but exists in the trusted CA list do not treat it
* as trusted.
* @GNUTLS_VERIFY_ALLOW_ANY_X509_V1_CA_CRT: Allow CA certificates that
* have version 1 (both root and intermediate). This might be
* dangerous since those haven't the basicConstraints
* extension. Must be used in combination with
* %GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT.
* @GNUTLS_VERIFY_ALLOW_SIGN_RSA_MD2: Allow certificates to be signed
* using the broken MD2 algorithm.
* @GNUTLS_VERIFY_ALLOW_SIGN_RSA_MD5: Allow certificates to be signed
* using the broken MD5 algorithm.
* @GNUTLS_VERIFY_DISABLE_TIME_CHECKS: Disable checking of activation
* and expiration validity periods of certificate chains. Don't set
* this unless you understand the security implications.
*
* Enumeration of different certificate verify flags.
*/
typedef enum gnutls_certificate_verify_flags
{
GNUTLS_VERIFY_DISABLE_CA_SIGN = 1,
GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT = 2,
GNUTLS_VERIFY_DO_NOT_ALLOW_SAME = 4,
GNUTLS_VERIFY_ALLOW_ANY_X509_V1_CA_CRT = 8,
GNUTLS_VERIFY_ALLOW_SIGN_RSA_MD2 = 16,
GNUTLS_VERIFY_ALLOW_SIGN_RSA_MD5 = 32,
GNUTLS_VERIFY_DISABLE_TIME_CHECKS = 64,
GNUTLS_VERIFY_DISABLE_TRUSTED_TIME_CHECKS = 128,
GNUTLS_VERIFY_DO_NOT_ALLOW_X509_V1_CA_CRT = 256
} gnutls_certificate_verify_flags;
int gnutls_x509_crt_check_issuer (gnutls_x509_crt_t cert,
gnutls_x509_crt_t issuer);
int gnutls_x509_crt_list_verify (const gnutls_x509_crt_t * cert_list,
int cert_list_length,
const gnutls_x509_crt_t * CA_list,
int CA_list_length,
const gnutls_x509_crl_t * CRL_list,
int CRL_list_length,
unsigned int flags, unsigned int *verify);
int gnutls_x509_crt_verify (gnutls_x509_crt_t cert,
const gnutls_x509_crt_t * CA_list,
int CA_list_length, unsigned int flags,
unsigned int *verify);
int gnutls_x509_crl_verify (gnutls_x509_crl_t crl,
const gnutls_x509_crt_t * CA_list,
int CA_list_length, unsigned int flags,
unsigned int *verify);
int gnutls_x509_crt_check_revocation (gnutls_x509_crt_t cert,
const gnutls_x509_crl_t *
crl_list, int crl_list_length);
int gnutls_x509_crt_get_fingerprint (gnutls_x509_crt_t cert,
gnutls_digest_algorithm_t algo,
void *buf, size_t * sizeof_buf);
int gnutls_x509_crt_get_key_purpose_oid (gnutls_x509_crt_t cert,
int indx, void *oid,
size_t * sizeof_oid,
unsigned int *critical);
int gnutls_x509_crt_set_key_purpose_oid (gnutls_x509_crt_t cert,
const void *oid,
unsigned int critical);
/* Private key handling.
*/
/* Flags for the gnutls_x509_privkey_export_pkcs8() function.
*/
/**
* gnutls_pkcs_encrypt_flags_t:
* @GNUTLS_PKCS_PLAIN: Unencrypted private key.
* @GNUTLS_PKCS8_PLAIN: Same as %GNUTLS_PKCS_PLAIN.
* @GNUTLS_PKCS_USE_PKCS12_3DES: PKCS-12 3DES.
* @GNUTLS_PKCS8_USE_PKCS12_3DES: Same as %GNUTLS_PKCS_USE_PKCS12_3DES.
* @GNUTLS_PKCS_USE_PKCS12_ARCFOUR: PKCS-12 ARCFOUR.
* @GNUTLS_PKCS8_USE_PKCS12_ARCFOUR: Same as %GNUTLS_PKCS_USE_PKCS12_ARCFOUR.
* @GNUTLS_PKCS_USE_PKCS12_RC2_40: PKCS-12 RC2-40.
* @GNUTLS_PKCS8_USE_PKCS12_RC2_40: Same as %GNUTLS_PKCS_USE_PKCS12_RC2_40.
* @GNUTLS_PKCS_USE_PBES2_3DES: PBES2 3DES.
* @GNUTLS_PKCS_USE_PBES2_AES_128: PBES2 AES-128.
* @GNUTLS_PKCS_USE_PBES2_AES_192: PBES2 AES-192.
* @GNUTLS_PKCS_USE_PBES2_AES_256: PBES2 AES-256.
*
* Enumeration of different PKCS encryption flags.
*/
typedef enum gnutls_pkcs_encrypt_flags_t
{
GNUTLS_PKCS_PLAIN = 1,
GNUTLS_PKCS8_PLAIN = GNUTLS_PKCS_PLAIN,
GNUTLS_PKCS_USE_PKCS12_3DES = 2,
GNUTLS_PKCS8_USE_PKCS12_3DES = GNUTLS_PKCS_USE_PKCS12_3DES,
GNUTLS_PKCS_USE_PKCS12_ARCFOUR = 4,
GNUTLS_PKCS8_USE_PKCS12_ARCFOUR = GNUTLS_PKCS_USE_PKCS12_ARCFOUR,
GNUTLS_PKCS_USE_PKCS12_RC2_40 = 8,
GNUTLS_PKCS8_USE_PKCS12_RC2_40 = GNUTLS_PKCS_USE_PKCS12_RC2_40,
GNUTLS_PKCS_USE_PBES2_3DES = 16,
GNUTLS_PKCS_USE_PBES2_AES_128 = 32,
GNUTLS_PKCS_USE_PBES2_AES_192 = 64,
GNUTLS_PKCS_USE_PBES2_AES_256 = 128
} gnutls_pkcs_encrypt_flags_t;
int gnutls_x509_privkey_init (gnutls_x509_privkey_t * key);
void gnutls_x509_privkey_deinit (gnutls_x509_privkey_t key);
gnutls_sec_param_t gnutls_x509_privkey_sec_param (gnutls_x509_privkey_t
key);
int gnutls_x509_privkey_cpy (gnutls_x509_privkey_t dst,
gnutls_x509_privkey_t src);
int gnutls_x509_privkey_import (gnutls_x509_privkey_t key,
const gnutls_datum_t * data,
gnutls_x509_crt_fmt_t format);
int gnutls_x509_privkey_import_pkcs8 (gnutls_x509_privkey_t key,
const gnutls_datum_t * data,
gnutls_x509_crt_fmt_t format,
const char *password,
unsigned int flags);
int gnutls_x509_privkey_import_rsa_raw (gnutls_x509_privkey_t key,
const gnutls_datum_t * m,
const gnutls_datum_t * e,
const gnutls_datum_t * d,
const gnutls_datum_t * p,
const gnutls_datum_t * q,
const gnutls_datum_t * u);
int gnutls_x509_privkey_import_rsa_raw2 (gnutls_x509_privkey_t key,
const gnutls_datum_t * m,
const gnutls_datum_t * e,
const gnutls_datum_t * d,
const gnutls_datum_t * p,
const gnutls_datum_t * q,
const gnutls_datum_t * u,
const gnutls_datum_t * e1,
const gnutls_datum_t * e2);
int gnutls_x509_privkey_fix (gnutls_x509_privkey_t key);
int gnutls_x509_privkey_export_dsa_raw (gnutls_x509_privkey_t key,
gnutls_datum_t * p,
gnutls_datum_t * q,
gnutls_datum_t * g,
gnutls_datum_t * y,
gnutls_datum_t * x);
int gnutls_x509_privkey_import_dsa_raw (gnutls_x509_privkey_t key,
const gnutls_datum_t * p,
const gnutls_datum_t * q,
const gnutls_datum_t * g,
const gnutls_datum_t * y,
const gnutls_datum_t * x);
int gnutls_x509_privkey_get_pk_algorithm (gnutls_x509_privkey_t key);
int gnutls_x509_privkey_get_key_id (gnutls_x509_privkey_t key,
unsigned int flags,
unsigned char *output_data,
size_t * output_data_size);
int gnutls_x509_privkey_generate (gnutls_x509_privkey_t key,
gnutls_pk_algorithm_t algo,
unsigned int bits, unsigned int flags);
int gnutls_x509_privkey_export (gnutls_x509_privkey_t key,
gnutls_x509_crt_fmt_t format,
void *output_data,
size_t * output_data_size);
int gnutls_x509_privkey_export_pkcs8 (gnutls_x509_privkey_t key,
gnutls_x509_crt_fmt_t format,
const char *password,
unsigned int flags,
void *output_data,
size_t * output_data_size);
int gnutls_x509_privkey_export_rsa_raw2 (gnutls_x509_privkey_t key,
gnutls_datum_t * m,
gnutls_datum_t * e,
gnutls_datum_t * d,
gnutls_datum_t * p,
gnutls_datum_t * q,
gnutls_datum_t * u,
gnutls_datum_t * e1,
gnutls_datum_t * e2);
int gnutls_x509_privkey_export_rsa_raw (gnutls_x509_privkey_t key,
gnutls_datum_t * m,
gnutls_datum_t * e,
gnutls_datum_t * d,
gnutls_datum_t * p,
gnutls_datum_t * q,
gnutls_datum_t * u);
/* Certificate request stuff.
*/
int gnutls_x509_crq_print (gnutls_x509_crq_t crq,
gnutls_certificate_print_formats_t format,
gnutls_datum_t * out);
int gnutls_x509_crq_verify (gnutls_x509_crq_t crq, unsigned int flags);
int gnutls_x509_crq_init (gnutls_x509_crq_t * crq);
void gnutls_x509_crq_deinit (gnutls_x509_crq_t crq);
int gnutls_x509_crq_import (gnutls_x509_crq_t crq,
const gnutls_datum_t * data,
gnutls_x509_crt_fmt_t format);
int gnutls_x509_crq_get_dn (gnutls_x509_crq_t crq, char *buf,
size_t * sizeof_buf);
int gnutls_x509_crq_get_dn_oid (gnutls_x509_crq_t crq, int indx,
void *oid, size_t * sizeof_oid);
int gnutls_x509_crq_get_dn_by_oid (gnutls_x509_crq_t crq,
const char *oid, int indx,
unsigned int raw_flag, void *buf,
size_t * sizeof_buf);
int gnutls_x509_crq_set_dn_by_oid (gnutls_x509_crq_t crq,
const char *oid,
unsigned int raw_flag,
const void *data,
unsigned int sizeof_data);
int gnutls_x509_crq_set_version (gnutls_x509_crq_t crq,
unsigned int version);
int gnutls_x509_crq_get_version (gnutls_x509_crq_t crq);
int gnutls_x509_crq_set_key (gnutls_x509_crq_t crq,
gnutls_x509_privkey_t key);
int gnutls_x509_crq_set_challenge_password (gnutls_x509_crq_t crq,
const char *pass);
int gnutls_x509_crq_get_challenge_password (gnutls_x509_crq_t crq,
char *pass,
size_t * sizeof_pass);
int gnutls_x509_crq_set_attribute_by_oid (gnutls_x509_crq_t crq,
const char *oid, void *buf,
size_t sizeof_buf);
int gnutls_x509_crq_get_attribute_by_oid (gnutls_x509_crq_t crq,
const char *oid, int indx,
void *buf, size_t * sizeof_buf);
int gnutls_x509_crq_export (gnutls_x509_crq_t crq,
gnutls_x509_crt_fmt_t format,
void *output_data, size_t * output_data_size);
int gnutls_x509_crt_set_crq (gnutls_x509_crt_t crt, gnutls_x509_crq_t crq);
int gnutls_x509_crt_set_crq_extensions (gnutls_x509_crt_t crt,
gnutls_x509_crq_t crq);
int gnutls_x509_crq_set_key_rsa_raw (gnutls_x509_crq_t crq,
const gnutls_datum_t * m,
const gnutls_datum_t * e);
int gnutls_x509_crq_set_subject_alt_name (gnutls_x509_crq_t crq,
gnutls_x509_subject_alt_name_t nt,
const void *data,
unsigned int data_size,
unsigned int flags);
int gnutls_x509_crq_set_key_usage (gnutls_x509_crq_t crq,
unsigned int usage);
int gnutls_x509_crq_set_basic_constraints (gnutls_x509_crq_t crq,
unsigned int ca,
int pathLenConstraint);
int gnutls_x509_crq_set_key_purpose_oid (gnutls_x509_crq_t crq,
const void *oid,
unsigned int critical);
int gnutls_x509_crq_get_key_purpose_oid (gnutls_x509_crq_t crq, int indx,
void *oid, size_t * sizeof_oid,
unsigned int *critical);
int gnutls_x509_crq_get_extension_data (gnutls_x509_crq_t crq, int indx,
void *data, size_t * sizeof_data);
int gnutls_x509_crq_get_extension_info (gnutls_x509_crq_t crq, int indx,
void *oid, size_t * sizeof_oid,
int *critical);
int gnutls_x509_crq_get_attribute_data (gnutls_x509_crq_t crq, int indx,
void *data, size_t * sizeof_data);
int gnutls_x509_crq_get_attribute_info (gnutls_x509_crq_t crq, int indx,
void *oid, size_t * sizeof_oid);
int gnutls_x509_crq_get_pk_algorithm (gnutls_x509_crq_t crq,
unsigned int *bits);
int gnutls_x509_crq_get_key_id (gnutls_x509_crq_t crq, unsigned int flags,
unsigned char *output_data,
size_t * output_data_size);
int gnutls_x509_crq_get_key_rsa_raw (gnutls_x509_crq_t crq,
gnutls_datum_t * m,
gnutls_datum_t * e);
int gnutls_x509_crq_get_key_usage (gnutls_x509_crq_t crq,
unsigned int *key_usage,
unsigned int *critical);
int gnutls_x509_crq_get_basic_constraints (gnutls_x509_crq_t crq,
unsigned int *critical,
int *ca, int *pathlen);
int gnutls_x509_crq_get_subject_alt_name (gnutls_x509_crq_t crq,
unsigned int seq, void *ret,
size_t * ret_size,
unsigned int *ret_type,
unsigned int *critical);
int gnutls_x509_crq_get_subject_alt_othername_oid (gnutls_x509_crq_t crq,
unsigned int seq,
void *ret,
size_t * ret_size);
int gnutls_x509_crq_get_extension_by_oid (gnutls_x509_crq_t crq,
const char *oid, int indx,
void *buf, size_t * sizeof_buf,
unsigned int *critical);
#ifdef __cplusplus
}
#endif
#endif /* GNUTLS_X509_H */

2
wine

@ -1 +1 @@
Subproject commit 0d666718091ff54b2304908e71ce0967465fb801 Subproject commit d6efa4b35e126d8de4e35c822c7185af4bb3df09