-------------------------------------------------------------------
-----
#ifndef GNUTLSXX_H
# define GNUTLSXX_H
#include <exception>
#include <vector>
#include <gnutls.h>
namespace gnutls {
class exception: public std::exception
{
public:
exception( int x);
const char* what() const throw();
protected:
int retcode;
};
class dh_params
{
public:
dh_params();
~dh_params();
void import_raw( const gnutls_datum_t & prime,
const gnutls_datum_t & generator);
void import_pkcs3( const gnutls_datum_t & pkcs3_params,
gnutls_x509_crt_fmt_t format);
void generate( unsigned int bits);
void export_pkcs3( gnutls_x509_crt_fmt_t format, unsigned
char *params_data, size_t * params_data_size); void export_raw(
gnutls_datum_t& prime, gnutls_datum_t &generator);
gnutls_dh_params_t get_params_t() const;
dh_params & operator=(const dh_params& src);
protected:
gnutls_dh_params_t params;
};
class rsa_params
{
public:
rsa_params();
~rsa_params();
void import_raw( const gnutls_datum_t & m,
const gnutls_datum_t & e,
const gnutls_datum_t & d,
const gnutls_datum_t & p,
const gnutls_datum_t & q,
const gnutls_datum_t & u);
void import_pkcs1( const gnutls_datum_t & pkcs1_params,
gnutls_x509_crt_fmt_t format);
void generate( unsigned int bits);
void export_pkcs1( gnutls_x509_crt_fmt_t format, unsigned
char *params_data, size_t * params_data_size); void export_raw(
gnutls_datum_t & m, gnutls_datum_t & e, gnutls_datum_t & d,
gnutls_datum_t & p, gnutls_datum_t & q, gnutls_datum_t & u);
gnutls_rsa_params_t get_params_t() const;
rsa_params & operator=(const rsa_params& src);
protected:
gnutls_rsa_params_t params;
};
enum priority_flag { ALL_CIPHERS, EXPORT_CIPHERS };
class session
{
protected:
gnutls_session_t s;
public:
session( gnutls_connection_end_t);
virtual ~session();
int bye( gnutls_close_request_t how);
int handshake ();
gnutls_alert_description_t get_alert() throw();
int send_alert ( gnutls_alert_level_t level,
gnutls_alert_description_t desc);
int send_appropriate_alert (int err);
gnutls_cipher_algorithm_t get_cipher() throw();
gnutls_kx_algorithm_t get_kx () throw();
gnutls_mac_algorithm_t get_mac () throw();
gnutls_compression_method_t get_compression () throw();
gnutls_certificate_type_t get_certificate_type() throw();
// for the handshake
void set_private_extensions ( bool allow) throw();
gnutls_handshake_description_t get_handshake_last_out()
throw(); gnutls_handshake_description_t get_handshake_last_in()
throw();
ssize_t send (const void *data, size_t sizeofdata);
ssize_t recv (void *data, size_t sizeofdata);
bool get_record_direction() throw();
// maximum packet size
size_t get_max_size() throw();
void set_max_size(size_t size);
size_t check_pending() throw();
void prf (size_t label_size, const char *label,
int server_random_first,
size_t extra_size, const char *extra,
size_t outsize, char *out);
void prf_raw ( size_t label_size, const char *label,
size_t seed_size, const char *seed,
size_t outsize, char *out);
void set_cipher_priority (const int *list);
void set_mac_priority (const int *list);
void set_compression_priority (const int *list);
void set_kx_priority (const int *list);
void set_protocol_priority (const int *list);
void set_certificate_type_priority (const int *list);
/* if you just want some defaults, use the following.
*/
void set_default_priority (priority_flag flag);
gnutls_protocol_t get_protocol_version() throw();
// for resuming sessions
void set_data ( const void *session_data,
size_t session_data_size);
void get_data (void *session_data,
size_t * session_data_size);
void get_data(gnutls_session_t session,
gnutls_datum_t & data);
void get_id ( void *session_id,
size_t * session_id_size);
bool is_resumed () throw();
void set_max_handshake_packet_length ( size_t max) throw();
void clear_credentials() throw();
void set_credentials( class credentials & cred);
void set_transport_ptr( gnutls_transport_ptr_t ptr);
void set_transport_ptr( gnutls_transport_ptr_t recv_ptr,
gnutls_transport_ptr_t send_ptr); gnutls_transport_ptr_t
get_transport_ptr();
void get_transport_ptr(gnutls_transport_ptr_t * recv_ptr,
gnutls_transport_ptr_t * send_ptr);
void set_transport_lowat (size_t num);
void set_transport_push_function( gnutls_push_func
push_func); void set_transport_pull_function( gnutls_pull_func
pull_func);
void set_user_ptr( void* ptr);
void *get_user_ptr();
void send_openpgp_key( gnutls_openpgp_key_status_t status);
gnutls_credentials_type_t get_auth_type();
gnutls_credentials_type_t get_server_auth_type();
gnutls_credentials_type_t get_client_auth_type();
// informational stuff
void set_dh_prime_bits( unsigned int bits);
unsigned int get_dh_secret_bits();
unsigned int get_dh_peers_public_bits();
unsigned int get_dh_prime_bits();
void get_dh_group( gnutls_datum_t & gen, gnutls_datum_t &
prime); void get_dh_pubkey( gnutls_datum_t & raw_key);
void get_rsa_export_pubkey( gnutls_datum& exponent,
gnutls_datum& modulus); unsigned int get_rsa_export_modulus_bits();
const gnutls_datum* get_our_certificate();
bool get_peers_certificate(std::vector<gnutls_datum_t>
&out_certs); bool get_peers_certificate(const gnutls_datum_t**
certs, unsigned int *certs_size);
time_t get_peers_certificate_activation_time();
time_t get_peers_certificate_expiration_time();
void verify_peers_certificate( unsigned int& status);
};
class server_session: public session
{
void set_db_cache_expiration (unsigned int seconds) throw();
void db_remove ();
void set_db_retrieve_function ( gnutls_db_retr_func retr_func);
void set_db_remove_function ( gnutls_db_remove_func rem_func);
void set_db_store_function ( gnutls_db_store_func store_func);
void set_db_ptr ( void *ptr);
void *get_db_ptr ();
// returns true if session is expired
bool db_check_entry ( gnutls_datum_t &session_entry);
// server side only
const char *get_srp_username();
const char *get_psk_username();
void get_server_name (void *data, size_t * data_length,
unsigned int *type, unsigned int indx);
int rehandshake();
void set_certificate_request( gnutls_certificate_request_t);
};
class client_session: public session
{
void set_server_name (gnutls_server_name_type_t type,
const void *name, size_t name_length);
bool client_session::get_request_status();
};
class credentials
{
public:
credentials(gnutls_credentials_type_t t) : type(t) { }
virtual ~credentials() { }
gnutls_credentials_type_t get_type();
protected:
friend class session;
virtual void* ptr();
gnutls_credentials_type_t type;
};
class certificate_credentials: public credentials
{
public:
~certificate_credentials();
certificate_credentials();
void free_keys ();
void free_cas ();
void free_ca_names ();
void free_crls ();
void set_dh_params ( const dh_params ¶ms);
void set_rsa_export_params ( const rsa_params& params);
void set_verify_flags ( unsigned int flags);
void set_verify_limits ( unsigned int max_bits, unsigned
int max_depth);
void set_x509_trust_file(const char *cafile,
gnutls_x509_crt_fmt_t type); void set_x509_trust(const
gnutls_datum_t & CA, gnutls_x509_crt_fmt_t type); // FIXME: use
classes instead of gnutls_x509_crt_t void set_x509_trust (
gnutls_x509_crt_t * ca_list, int ca_list_size);
void set_x509_crl_file( const char *crlfile,
gnutls_x509_crt_fmt_t type); void set_x509_crl(const gnutls_datum_t
& CRL, gnutls_x509_crt_fmt_t type); void set_x509_crl (
gnutls_x509_crl_t * crl_list, int crl_list_size);
void set_x509_key_file(const char *certfile, const char
*KEYFILE, gnutls_x509_crt_fmt_t type); void set_x509_key(const
gnutls_datum_t & CERT, const gnutls_datum_t & KEY,
gnutls_x509_crt_fmt_t type); // FIXME: use classes
void set_x509_key ( gnutls_x509_crt_t * cert_list, int
cert_list_size, gnutls_x509_privkey_t key);
void set_simple_pkcs12_file( const char *pkcs12file,
gnutls_x509_crt_fmt_t type, const char *password);
protected:
void* ptr();
gnutls_certificate_credentials_t cred;
};
class certificate_server_credentials: public
certificate_credentials {
certificate_server_credentials() { }
public:
void set_retrieve_function(
gnutls_certificate_server_retrieve_function* func) throw(); void
set_params_function( gnutls_params_function* func) throw(); };
class certificate_client_credentials: public
certificate_credentials {
public:
certificate_client_credentials() { }
void set_retrieve_function(
gnutls_certificate_client_retrieve_function* func) throw(); };
class anon_server_credentials: public credentials
{
public:
anon_server_credentials();
~anon_server_credentials();
void set_dh_params ( const dh_params ¶ms);
void set_params_function ( gnutls_params_function * func)
throw(); protected:
gnutls_anon_server_credentials_t cred;
};
class anon_client_credentials: public credentials
{
public:
anon_client_credentials();
~anon_client_credentials();
protected:
gnutls_anon_client_credentials_t cred;
};
class srp_server_credentials: public credentials
{
public:
srp_server_credentials();
~srp_server_credentials();
void set_credentials_file (const char *password_file, const
char *password_conf_file); void set_credentials_function(
gnutls_srp_server_credentials_function *func); protected:
void* ptr();
gnutls_srp_server_credentials_t cred;
};
class srp_client_credentials: public credentials
{
public:
srp_client_credentials();
~srp_client_credentials();
void set_credentials (const char *username, const char
*password); void set_credentials_function(
gnutls_srp_client_credentials_function* func); protected:
void* ptr();
gnutls_srp_client_credentials_t cred;
};
class psk_server_credentials: public credentials
{
public:
psk_server_credentials();
~psk_server_credentials();
void set_credentials_file(const char* password_file);
void set_credentials_function(
gnutls_psk_server_credentials_function* func); void set_dh_params (
const dh_params ¶ms);
void set_params_function (gnutls_params_function * func)
throw(); protected:
void* ptr();
gnutls_psk_server_credentials_t cred;
};
class psk_client_credentials: public credentials
{
public:
psk_client_credentials();
~psk_client_credentials();
void set_credentials (const char *username, const
gnutls_datum_t& key, gnutls_psk_key_flags flags); void
set_credentials_function( gnutls_psk_client_credentials_function*
func); protected:
void* ptr();
gnutls_psk_client_credentials_t cred;
};
}; /* namespace */
#endif /* GNUTLSXX_H */
-------------------------------------------------------------------
-----
_______________________________________________
Gnutls-dev mailing list
address@hidden
http://lists.gnupg.org/mailman/listinfo/gnutls-dev