1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
|
[CCode (cprefix = "gnutls_", lower_case_cprefix = "gnutls_", cheader_filename = "gnutls/gnutls.h")]
namespace GnuTLS {
public int global_init();
[CCode (cname = "gnutls_pull_func", has_target = false)]
public delegate ssize_t PullFunc(void* transport_ptr, [CCode (ctype = "void*", array_length_type="size_t")] uint8[] array);
[CCode (cname = "gnutls_pull_timeout_func", has_target = false)]
public delegate int PullTimeoutFunc(void* transport_ptr, uint ms);
[CCode (cname = "gnutls_push_func", has_target = false)]
public delegate ssize_t PushFunc(void* transport_ptr, [CCode (ctype = "void*", array_length_type="size_t")] uint8[] array);
[CCode (cname = "gnutls_certificate_verify_function", has_target = false)]
public delegate int VerifyFunc(Session session);
[Compact]
[CCode (cname = "struct gnutls_session_int", free_function = "gnutls_deinit")]
public class Session {
public static Session? create(int con_end) throws GLib.Error {
Session result;
var ret = init(out result, con_end);
throw_if_error(ret);
return result;
}
[CCode (cname = "gnutls_init")]
private static int init(out Session session, int con_end);
[CCode (cname = "gnutls_transport_set_push_function")]
public void set_push_function(PushFunc func);
[CCode (cname = "gnutls_transport_set_pull_function")]
public void set_pull_function(PullFunc func);
[CCode (cname = "gnutls_transport_set_pull_timeout_function")]
public void set_pull_timeout_function(PullTimeoutFunc func);
[CCode (cname = "gnutls_transport_set_ptr")]
public void set_transport_pointer(void* ptr);
[CCode (cname = "gnutls_transport_get_ptr")]
public void* get_transport_pointer();
[CCode (cname = "gnutls_heartbeat_enable")]
public int enable_heartbeat(uint type);
[CCode (cname = "gnutls_certificate_server_set_request")]
public void server_set_request(CertificateRequest req);
[CCode (cname = "gnutls_credentials_set")]
public int set_credentials_(CredentialsType type, void* cred);
[CCode (cname = "gnutls_credentials_set_")]
public void set_credentials(CredentialsType type, void* cred) throws GLib.Error {
int err = set_credentials_(type, cred);
throw_if_error(err);
}
[CCode (cname = "gnutls_priority_set_direct")]
public int set_priority_from_string_(string priority, out unowned string err_pos = null);
[CCode (cname = "gnutls_priority_set_direct_")]
public void set_priority_from_string(string priority, out unowned string err_pos = null) throws GLib.Error {
int err = set_priority_from_string_(priority, out err_pos);
throw_if_error(err);
}
[CCode (cname = "gnutls_srtp_set_profile_direct")]
public int set_srtp_profile_direct_(string profiles, out unowned string err_pos = null);
[CCode (cname = "gnutls_srtp_set_profile_direct_")]
public void set_srtp_profile_direct(string profiles, out unowned string err_pos = null) throws GLib.Error {
int err = set_srtp_profile_direct_(profiles, out err_pos);
throw_if_error(err);
}
[CCode (cname = "gnutls_transport_set_int")]
public void transport_set_int(int fd);
[CCode (cname = "gnutls_handshake")]
public int handshake();
[CCode (cname = "gnutls_srtp_get_keys")]
public int get_srtp_keys_(void *key_material, uint32 key_material_size, out Datum client_key, out Datum client_salt, out Datum server_key, out Datum server_salt);
[CCode (cname = "gnutls_srtp_get_keys_")]
public void get_srtp_keys(void *key_material, uint32 key_material_size, out Datum client_key, out Datum client_salt, out Datum server_key, out Datum server_salt) throws GLib.Error {
get_srtp_keys_(key_material, key_material_size, out client_key, out client_salt, out server_key, out server_salt);
}
[CCode (cname = "gnutls_certificate_get_peers", array_length_type = "unsigned int")]
public unowned Datum[]? get_peer_certificates();
[CCode (cname = "gnutls_session_set_verify_function")]
public void set_verify_function(VerifyFunc func);
}
[Compact]
[CCode (cname = "struct gnutls_certificate_credentials_st", free_function = "gnutls_certificate_free_credentials", cprefix = "gnutls_certificate_")]
public class CertificateCredentials {
[CCode (cname = "gnutls_certificate_allocate_credentials")]
private static int allocate(out CertificateCredentials credentials);
public static CertificateCredentials create() throws GLib.Error {
CertificateCredentials result;
var ret = allocate (out result);
throw_if_error(ret);
return result;
}
public void get_x509_crt(uint index, [CCode (array_length_type = "unsigned int")] out unowned X509.Certificate[] x509_ca_list);
public int set_x509_key(X509.Certificate[] cert_list, X509.PrivateKey key);
}
[CCode (cheader_filename = "gnutls/x509.h", cprefix = "GNUTLS_")]
namespace X509 {
[Compact]
[CCode (cname = "struct gnutls_x509_crt_int", cprefix = "gnutls_x509_crt_", free_function = "gnutls_x509_crt_deinit")]
public class Certificate {
[CCode (cname = "gnutls_x509_crt_init")]
private static int init (out Certificate cert);
public static Certificate create() throws GLib.Error {
Certificate result;
var ret = init (out result);
throw_if_error(ret);
return result;
}
[CCode (cname = "gnutls_x509_crt_import")]
public int import_(ref Datum data, CertificateFormat format);
[CCode (cname = "gnutls_x509_crt_import_")]
public void import(ref Datum data, CertificateFormat format) throws GLib.Error {
int err = import_(ref data, format);
throw_if_error(err);
}
[CCode (cname = "gnutls_x509_crt_set_version")]
public int set_version_(uint version);
[CCode (cname = "gnutls_x509_crt_set_version_")]
public void set_version(uint version) throws GLib.Error {
int err = set_version_(version);
throw_if_error(err);
}
[CCode (cname = "gnutls_x509_crt_set_key")]
public int set_key_(PrivateKey key);
[CCode (cname = "gnutls_x509_crt_set_key_")]
public void set_key(PrivateKey key) throws GLib.Error {
int err = set_key_(key);
throw_if_error(err);
}
[CCode (cname = "gnutls_x509_crt_set_activation_time")]
public int set_activation_time_(time_t act_time);
[CCode (cname = "gnutls_x509_crt_set_activation_time_")]
public void set_activation_time(time_t act_time) throws GLib.Error {
int err = set_activation_time_(act_time);
throw_if_error(err);
}
[CCode (cname = "gnutls_x509_crt_set_expiration_time")]
public int set_expiration_time_(time_t exp_time);
[CCode (cname = "gnutls_x509_crt_set_expiration_time_")]
public void set_expiration_time(time_t exp_time) throws GLib.Error {
int err = set_expiration_time_(exp_time);
throw_if_error(err);
}
[CCode (cname = "gnutls_x509_crt_set_serial")]
public int set_serial_(void* serial, size_t serial_size);
[CCode (cname = "gnutls_x509_crt_set_serial_")]
public void set_serial(void* serial, size_t serial_size) throws GLib.Error {
int err = set_serial_(serial, serial_size);
throw_if_error(err);
}
[CCode (cname = "gnutls_x509_crt_sign")]
public int sign_(Certificate issuer, PrivateKey issuer_key);
[CCode (cname = "gnutls_x509_crt_sign_")]
public void sign(Certificate issuer, PrivateKey issuer_key) throws GLib.Error {
int err = sign_(issuer, issuer_key);
throw_if_error(err);
}
[CCode (cname = "gnutls_x509_crt_get_fingerprint")]
public int get_fingerprint_(DigestAlgorithm algo, void* buf, ref size_t buf_size);
[CCode (cname = "gnutls_x509_crt_get_fingerprint_")]
public void get_fingerprint(DigestAlgorithm algo, void* buf, ref size_t buf_size) throws GLib.Error {
int err = get_fingerprint_(algo, buf, ref buf_size);
throw_if_error(err);
}
}
[Compact]
[CCode (cname = "struct gnutls_x509_privkey_int", cprefix = "gnutls_x509_privkey_", free_function = "gnutls_x509_privkey_deinit")]
public class PrivateKey {
private static int init (out PrivateKey key);
public static PrivateKey create () throws GLib.Error {
PrivateKey result;
var ret = init (out result);
throw_if_error(ret);
return result;
}
public int generate(PKAlgorithm algo, uint bits, uint flags = 0);
}
}
[CCode (cname = "gnutls_certificate_request_t", cprefix = "GNUTLS_CERT_", has_type_id = false)]
public enum CertificateRequest {
IGNORE,
REQUEST,
REQUIRE
}
[CCode (cname = "gnutls_pk_algorithm_t", cprefix = "GNUTLS_PK_", has_type_id = false)]
public enum PKAlgorithm {
UNKNOWN,
RSA,
DSA;
}
[CCode (cname = "gnutls_digest_algorithm_t", cprefix = "GNUTLS_DIG_", has_type_id = false)]
public enum DigestAlgorithm {
NULL,
MD5,
SHA1,
RMD160,
MD2,
SHA224,
SHA256,
SHA384,
SHA512;
}
[Flags]
[CCode (cname = "gnutls_init_flags_t", cprefix = "GNUTLS_", has_type_id = false)]
public enum InitFlags {
SERVER,
CLIENT,
DATAGRAM
}
[CCode (cname = "gnutls_credentials_type_t", cprefix = "GNUTLS_CRD_", has_type_id = false)]
public enum CredentialsType {
CERTIFICATE,
ANON,
SRP,
PSK,
IA
}
[CCode (cname = "gnutls_x509_crt_fmt_t", cprefix = "GNUTLS_X509_FMT_", has_type_id = false)]
public enum CertificateFormat {
DER,
PEM
}
[Flags]
[CCode (cname = "gnutls_certificate_status_t", cprefix = "GNUTLS_CERT_", has_type_id = false)]
public enum CertificateStatus {
INVALID, // will be set if the certificate was not verified.
REVOKED, // in X.509 this will be set only if CRLs are checked
SIGNER_NOT_FOUND,
SIGNER_NOT_CA,
INSECURE_ALGORITHM
}
[SimpleType]
[CCode (cname = "gnutls_datum_t", has_type_id = false)]
public struct Datum {
public uint8* data;
public uint size;
public uint8[] extract() {
uint8[size] ret = new uint8[size];
for (int i = 0; i < size; i++) {
ret[i] = data[i];
}
return ret;
}
}
// Gnutls error codes. The mapping to a TLS alert is also shown in comments.
[CCode (cname = "int", cprefix = "GNUTLS_E_", lower_case_cprefix = "gnutls_error_", has_type_id = false)]
public enum ErrorCode {
SUCCESS,
UNKNOWN_COMPRESSION_ALGORITHM,
UNKNOWN_CIPHER_TYPE,
LARGE_PACKET,
UNSUPPORTED_VERSION_PACKET, // GNUTLS_A_PROTOCOL_VERSION
UNEXPECTED_PACKET_LENGTH, // GNUTLS_A_RECORD_OVERFLOW
INVALID_SESSION,
FATAL_ALERT_RECEIVED,
UNEXPECTED_PACKET, // GNUTLS_A_UNEXPECTED_MESSAGE
WARNING_ALERT_RECEIVED,
ERROR_IN_FINISHED_PACKET,
UNEXPECTED_HANDSHAKE_PACKET,
UNKNOWN_CIPHER_SUITE, // GNUTLS_A_HANDSHAKE_FAILURE
UNWANTED_ALGORITHM,
MPI_SCAN_FAILED,
DECRYPTION_FAILED, // GNUTLS_A_DECRYPTION_FAILED, GNUTLS_A_BAD_RECORD_MAC
MEMORY_ERROR,
DECOMPRESSION_FAILED, // GNUTLS_A_DECOMPRESSION_FAILURE
COMPRESSION_FAILED,
AGAIN,
EXPIRED,
DB_ERROR,
SRP_PWD_ERROR,
INSUFFICIENT_CREDENTIALS,
HASH_FAILED,
BASE64_DECODING_ERROR,
MPI_PRINT_FAILED,
REHANDSHAKE, // GNUTLS_A_NO_RENEGOTIATION
GOT_APPLICATION_DATA,
RECORD_LIMIT_REACHED,
ENCRYPTION_FAILED,
PK_ENCRYPTION_FAILED,
PK_DECRYPTION_FAILED,
PK_SIGN_FAILED,
X509_UNSUPPORTED_CRITICAL_EXTENSION,
KEY_USAGE_VIOLATION,
NO_CERTIFICATE_FOUND, // GNUTLS_A_BAD_CERTIFICATE
INVALID_REQUEST,
SHORT_MEMORY_BUFFER,
INTERRUPTED,
PUSH_ERROR,
PULL_ERROR,
RECEIVED_ILLEGAL_PARAMETER, // GNUTLS_A_ILLEGAL_PARAMETER
REQUESTED_DATA_NOT_AVAILABLE,
PKCS1_WRONG_PAD,
RECEIVED_ILLEGAL_EXTENSION,
INTERNAL_ERROR,
DH_PRIME_UNACCEPTABLE,
FILE_ERROR,
TOO_MANY_EMPTY_PACKETS,
UNKNOWN_PK_ALGORITHM,
// returned if libextra functionality was requested but
// gnutls_global_init_extra() was not called.
INIT_LIBEXTRA,
LIBRARY_VERSION_MISMATCH,
// returned if you need to generate temporary RSA
// parameters. These are needed for export cipher suites.
NO_TEMPORARY_RSA_PARAMS,
LZO_INIT_FAILED,
NO_COMPRESSION_ALGORITHMS,
NO_CIPHER_SUITES,
OPENPGP_GETKEY_FAILED,
PK_SIG_VERIFY_FAILED,
ILLEGAL_SRP_USERNAME,
SRP_PWD_PARSING_ERROR,
NO_TEMPORARY_DH_PARAMS,
// For certificate and key stuff
ASN1_ELEMENT_NOT_FOUND,
ASN1_IDENTIFIER_NOT_FOUND,
ASN1_DER_ERROR,
ASN1_VALUE_NOT_FOUND,
ASN1_GENERIC_ERROR,
ASN1_VALUE_NOT_VALID,
ASN1_TAG_ERROR,
ASN1_TAG_IMPLICIT,
ASN1_TYPE_ANY_ERROR,
ASN1_SYNTAX_ERROR,
ASN1_DER_OVERFLOW,
OPENPGP_UID_REVOKED,
CERTIFICATE_ERROR,
CERTIFICATE_KEY_MISMATCH,
UNSUPPORTED_CERTIFICATE_TYPE, // GNUTLS_A_UNSUPPORTED_CERTIFICATE
X509_UNKNOWN_SAN,
OPENPGP_FINGERPRINT_UNSUPPORTED,
X509_UNSUPPORTED_ATTRIBUTE,
UNKNOWN_HASH_ALGORITHM,
UNKNOWN_PKCS_CONTENT_TYPE,
UNKNOWN_PKCS_BAG_TYPE,
INVALID_PASSWORD,
MAC_VERIFY_FAILED, // for PKCS #12 MAC
CONSTRAINT_ERROR,
WARNING_IA_IPHF_RECEIVED,
WARNING_IA_FPHF_RECEIVED,
IA_VERIFY_FAILED,
UNKNOWN_ALGORITHM,
BASE64_ENCODING_ERROR,
INCOMPATIBLE_CRYPTO_LIBRARY,
INCOMPATIBLE_LIBTASN1_LIBRARY,
OPENPGP_KEYRING_ERROR,
X509_UNSUPPORTED_OID,
RANDOM_FAILED,
BASE64_UNEXPECTED_HEADER_ERROR,
OPENPGP_SUBKEY_ERROR,
CRYPTO_ALREADY_REGISTERED,
HANDSHAKE_TOO_LARGE,
UNIMPLEMENTED_FEATURE,
APPLICATION_ERROR_MAX, // -65000
APPLICATION_ERROR_MIN; // -65500
[CCode (cname = "gnutls_error_is_fatal")]
public bool is_fatal();
[CCode (cname = "gnutls_perror")]
public void print();
[CCode (cname = "gnutls_strerror")]
public unowned string to_string();
}
public void throw_if_error(int err_int) throws GLib.Error {
ErrorCode error = (ErrorCode)err_int;
if (error != ErrorCode.SUCCESS) {
throw new GLib.Error(-1, error, "%s%s", error.to_string(), error.is_fatal() ? " fatal" : "");
}
}
}
|