extra

extra

Synopsis

#define             GNUTLS_EXTRA_VERSION
enum                gnutls_ia_apptype_t;
int                 (*gnutls_ia_avp_func)               (gnutls_session_t session,
                                                         void *ptr,
                                                         const char *last,
                                                         size_t lastlen,
                                                         char **next,
                                                         size_t *nextlen);
void                gnutls_ia_free_client_credentials   (gnutls_ia_client_credentials_t sc);
int                 gnutls_ia_allocate_client_credentials
                                                        (gnutls_ia_client_credentials_t *sc);
void                gnutls_ia_free_server_credentials   (gnutls_ia_server_credentials_t sc);
int                 gnutls_ia_allocate_server_credentials
                                                        (gnutls_ia_server_credentials_t *sc);
void                gnutls_ia_set_client_avp_function   (gnutls_ia_client_credentials_t cred,
                                                         gnutls_ia_avp_func avp_func);
void                gnutls_ia_set_client_avp_ptr        (gnutls_ia_client_credentials_t cred,
                                                         void *ptr);
void *              gnutls_ia_get_client_avp_ptr        (gnutls_ia_client_credentials_t cred);
void                gnutls_ia_set_server_avp_function   (gnutls_ia_server_credentials_t cred,
                                                         gnutls_ia_avp_func avp_func);
void                gnutls_ia_set_server_avp_ptr        (gnutls_ia_server_credentials_t cred,
                                                         void *ptr);
void *              gnutls_ia_get_server_avp_ptr        (gnutls_ia_server_credentials_t cred);
int                 gnutls_ia_handshake_p               (gnutls_session_t session);
int                 gnutls_ia_handshake                 (gnutls_session_t session);
int                 gnutls_ia_permute_inner_secret      (gnutls_session_t session,
                                                         size_t session_keys_size,
                                                         const char *session_keys);
int                 gnutls_ia_endphase_send             (gnutls_session_t session,
                                                         int final_p);
int                 gnutls_ia_verify_endphase           (gnutls_session_t session,
                                                         const char *checksum);
ssize_t             gnutls_ia_send                      (gnutls_session_t session,
                                                         const char *data,
                                                         size_t sizeofdata);
ssize_t             gnutls_ia_recv                      (gnutls_session_t session,
                                                         char *data,
                                                         size_t sizeofdata);
int                 gnutls_ia_generate_challenge        (gnutls_session_t session,
                                                         size_t buffer_size,
                                                         char *buffer);
void                gnutls_ia_extract_inner_secret      (gnutls_session_t session,
                                                         char *buffer);
void                gnutls_ia_enable                    (gnutls_session_t session,
                                                         int allow_skip_on_resume);
int                 gnutls_global_init_extra            (void);
int                 gnutls_register_md5_handler         (void);
const char *        gnutls_extra_check_version          (const char *req_version);

Description

Details

GNUTLS_EXTRA_VERSION

#define GNUTLS_EXTRA_VERSION GNUTLS_VERSION


enum gnutls_ia_apptype_t

  typedef enum
  {
    GNUTLS_IA_APPLICATION_PAYLOAD = 0,
    GNUTLS_IA_INTERMEDIATE_PHASE_FINISHED = 1,
    GNUTLS_IA_FINAL_PHASE_FINISHED = 2
  } gnutls_ia_apptype_t;


gnutls_ia_avp_func ()

int                 (*gnutls_ia_avp_func)               (gnutls_session_t session,
                                                         void *ptr,
                                                         const char *last,
                                                         size_t lastlen,
                                                         char **next,
                                                         size_t *nextlen);

session :

ptr :

last :

lastlen :

next :

nextlen :

Returns :


gnutls_ia_free_client_credentials ()

void                gnutls_ia_free_client_credentials   (gnutls_ia_client_credentials_t sc);

sc :


gnutls_ia_allocate_client_credentials ()

int                 gnutls_ia_allocate_client_credentials
                                                        (gnutls_ia_client_credentials_t *sc);

sc :

Returns :


gnutls_ia_free_server_credentials ()

void                gnutls_ia_free_server_credentials   (gnutls_ia_server_credentials_t sc);

sc :


gnutls_ia_allocate_server_credentials ()

int                 gnutls_ia_allocate_server_credentials
                                                        (gnutls_ia_server_credentials_t *sc);

sc :

Returns :


gnutls_ia_set_client_avp_function ()

void                gnutls_ia_set_client_avp_function   (gnutls_ia_client_credentials_t cred,
                                                         gnutls_ia_avp_func avp_func);

cred :

avp_func :


gnutls_ia_set_client_avp_ptr ()

void                gnutls_ia_set_client_avp_ptr        (gnutls_ia_client_credentials_t cred,
                                                         void *ptr);

cred :

ptr :


gnutls_ia_get_client_avp_ptr ()

void *              gnutls_ia_get_client_avp_ptr        (gnutls_ia_client_credentials_t cred);

cred :

Returns :


gnutls_ia_set_server_avp_function ()

void                gnutls_ia_set_server_avp_function   (gnutls_ia_server_credentials_t cred,
                                                         gnutls_ia_avp_func avp_func);

cred :

avp_func :


gnutls_ia_set_server_avp_ptr ()

void                gnutls_ia_set_server_avp_ptr        (gnutls_ia_server_credentials_t cred,
                                                         void *ptr);

cred :

ptr :


gnutls_ia_get_server_avp_ptr ()

void *              gnutls_ia_get_server_avp_ptr        (gnutls_ia_server_credentials_t cred);

cred :

Returns :


gnutls_ia_handshake_p ()

int                 gnutls_ia_handshake_p               (gnutls_session_t session);

Predicate to be used after gnutls_handshake() to decide whether to invoke gnutls_ia_handshake(). Usable by both clients and servers.

session :

is a gnutls_session_t structure.

Returns :

non-zero if TLS/IA handshake is expected, zero otherwise.

gnutls_ia_handshake ()

int                 gnutls_ia_handshake                 (gnutls_session_t session);

Perform a TLS/IA handshake. This should be called after gnutls_handshake() iff gnutls_ia_handshake_p().

session :

is a gnutls_session_t structure.

Returns :

On success, GNUTLS_E_SUCCESS (zero) is returned, otherwise an error code is returned.

gnutls_ia_permute_inner_secret ()

int                 gnutls_ia_permute_inner_secret      (gnutls_session_t session,
                                                         size_t session_keys_size,
                                                         const char *session_keys);

Permute the inner secret using the generated session keys.

This can be called in the TLS/IA AVP callback to mix any generated session keys with the TLS/IA inner secret.

session :

is a gnutls_session_t structure.

session_keys_size :

Size of generated session keys (0 if none).

session_keys :

Generated session keys, used to permute inner secret (NULL if none).

Returns :

Return zero on success, or a negative error code.

gnutls_ia_endphase_send ()

int                 gnutls_ia_endphase_send             (gnutls_session_t session,
                                                         int final_p);

Send a TLS/IA end phase message.

In the client, this should only be used to acknowledge an end phase message sent by the server.

In the server, this can be called instead of gnutls_ia_send() if the server wishes to end an application phase.

session :

is a gnutls_session_t structure.

final_p :

Set iff this should signal the final phase.

Returns :

Return 0 on success, or an error code.

gnutls_ia_verify_endphase ()

int                 gnutls_ia_verify_endphase           (gnutls_session_t session,
                                                         const char *checksum);

Verify TLS/IA end phase checksum data. If verification fails, the GNUTLS_A_INNER_APPLICATION_VERIFICATION alert is sent to the other sie.

This function is called when gnutls_ia_recv() return GNUTLS_E_WARNING_IA_IPHF_RECEIVED or GNUTLS_E_WARNING_IA_FPHF_RECEIVED.

session :

is a gnutls_session_t structure.

checksum :

12-byte checksum data, received from gnutls_ia_recv().

Returns :

Return 0 on successful verification, or an error code. If the checksum verification of the end phase message fails, GNUTLS_E_IA_VERIFY_FAILED is returned.

gnutls_ia_send ()

ssize_t             gnutls_ia_send                      (gnutls_session_t session,
                                                         const char *data,
                                                         size_t sizeofdata);

session :

data :

sizeofdata :

Returns :


gnutls_ia_recv ()

ssize_t             gnutls_ia_recv                      (gnutls_session_t session,
                                                         char *data,
                                                         size_t sizeofdata);

session :

data :

sizeofdata :

Returns :


gnutls_ia_generate_challenge ()

int                 gnutls_ia_generate_challenge        (gnutls_session_t session,
                                                         size_t buffer_size,
                                                         char *buffer);

Generate an application challenge that the client cannot control or predict, based on the TLS/IA inner secret.

session :

is a gnutls_session_t structure.

buffer_size :

size of output buffer.

buffer :

pre-allocated buffer to contain buffer_size bytes of output.

Returns :

Returns 0 on success, or an negative error code.

gnutls_ia_extract_inner_secret ()

void                gnutls_ia_extract_inner_secret      (gnutls_session_t session,
                                                         char *buffer);

Copy the 48 bytes large inner secret into the specified buffer

This function is typically used after the TLS/IA handshake has concluded. The TLS/IA inner secret can be used as input to a PRF to derive session keys. Do not use the inner secret directly as a session key, because for a resumed session that does not include an application phase, the inner secret will be identical to the inner secret in the original session. It is important to include, for example, the client and server randomness when deriving a sesssion key from the inner secret.

session :

is a gnutls_session_t structure.

buffer :

pre-allocated buffer to hold 48 bytes of inner secret.

gnutls_ia_enable ()

void                gnutls_ia_enable                    (gnutls_session_t session,
                                                         int allow_skip_on_resume);

session :

allow_skip_on_resume :


gnutls_global_init_extra ()

int                 gnutls_global_init_extra            (void);

Returns :


gnutls_register_md5_handler ()

int                 gnutls_register_md5_handler         (void);

Register a non-libgcrypt based MD5 and HMAC-MD5 handler. This is useful if you run Libgcrypt in FIPS-mode. Normally TLS requires use of MD5, so without this you cannot use GnuTLS with libgcrypt in FIPS mode.

Returns :

GNUTLS_E_SUCCESS on success, otherwise an error.

Since 2.6.0


gnutls_extra_check_version ()

const char *        gnutls_extra_check_version          (const char *req_version);

req_version :

Returns :