Вы не можете выбрать более 25 тем
Темы должны начинаться с буквы или цифры, могут содержать дефисы(-) и должны содержать не более 35 символов.
498 строки
18 KiB
C
498 строки
18 KiB
C
/* gsasl.h --- Header file for GNU SASL Library.
|
|
* Copyright (C) 2002-2022 Simon Josefsson
|
|
*
|
|
* This file is part of GNU SASL Library.
|
|
*
|
|
* GNU SASL Library is free software; you can redistribute it and/or
|
|
* modify it under the terms of the GNU Lesser General Public License
|
|
* as published by the Free Software Foundation; either version 2.1 of
|
|
* the License, or (at your option) any later version.
|
|
*
|
|
* GNU SASL Library is distributed in the hope that it will be useful,
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
|
* Lesser General Public License for more details.
|
|
*
|
|
* You should have received a copy of the GNU Lesser General Public
|
|
* License License along with GNU SASL Library; if not, write to the
|
|
* Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
|
|
* Boston, MA 02110-1301, USA.
|
|
*
|
|
*/
|
|
|
|
#ifndef GSASL_H
|
|
# define GSASL_H
|
|
|
|
/**
|
|
* SECTION:gsasl
|
|
* @title: gsasl.h
|
|
* @short_description: main library interfaces
|
|
*
|
|
* The main library interfaces are declared in gsasl.h.
|
|
*/
|
|
|
|
# include <stdio.h> /* FILE */
|
|
# include <stddef.h> /* size_t */
|
|
# include <unistd.h> /* ssize_t */
|
|
|
|
/* Get version symbols. */
|
|
# include <gsasl-version.h>
|
|
|
|
# ifndef _GSASL_API
|
|
# if defined GSASL_BUILDING && defined HAVE_VISIBILITY && HAVE_VISIBILITY
|
|
# define _GSASL_API __attribute__((__visibility__("default")))
|
|
# elif defined GSASL_BUILDING && defined _MSC_VER && ! defined GSASL_STATIC
|
|
# define _GSASL_API __declspec(dllexport)
|
|
# elif defined _MSC_VER && ! defined GSASL_STATIC
|
|
# define _GSASL_API __declspec(dllimport)
|
|
# else
|
|
# define _GSASL_API
|
|
# endif
|
|
# endif
|
|
|
|
# ifdef __cplusplus
|
|
extern "C"
|
|
{
|
|
# endif
|
|
|
|
/**
|
|
* Gsasl:
|
|
*
|
|
* Handle to global library context.
|
|
*/
|
|
typedef struct Gsasl Gsasl;
|
|
|
|
/**
|
|
* Gsasl_session:
|
|
*
|
|
* Handle to SASL session context.
|
|
*/
|
|
typedef struct Gsasl_session Gsasl_session;
|
|
|
|
/**
|
|
* Gsasl_rc:
|
|
* @GSASL_OK: Successful return code, guaranteed to be always 0.
|
|
* @GSASL_NEEDS_MORE: Mechanism expects another round-trip.
|
|
* @GSASL_UNKNOWN_MECHANISM: Application requested an unknown mechanism.
|
|
* @GSASL_MECHANISM_CALLED_TOO_MANY_TIMES: Application requested too
|
|
* many round trips from mechanism.
|
|
* @GSASL_MALLOC_ERROR: Memory allocation failed.
|
|
* @GSASL_BASE64_ERROR: Base64 encoding/decoding failed.
|
|
* @GSASL_CRYPTO_ERROR: Cryptographic error.
|
|
* @GSASL_SASLPREP_ERROR: Failed to prepare internationalized string.
|
|
* @GSASL_MECHANISM_PARSE_ERROR: Mechanism could not parse input.
|
|
* @GSASL_AUTHENTICATION_ERROR: Authentication has failed.
|
|
* @GSASL_INTEGRITY_ERROR: Application data integrity check failed.
|
|
* @GSASL_NO_CLIENT_CODE: Library was built with client functionality.
|
|
* @GSASL_NO_SERVER_CODE: Library was built with server functionality.
|
|
* @GSASL_NO_CALLBACK: Application did not provide a callback.
|
|
* @GSASL_NO_ANONYMOUS_TOKEN: Could not get required anonymous token.
|
|
* @GSASL_NO_AUTHID: Could not get required authentication
|
|
* identity (username).
|
|
* @GSASL_NO_AUTHZID: Could not get required authorization identity.
|
|
* @GSASL_NO_PASSWORD: Could not get required password.
|
|
* @GSASL_NO_PASSCODE: Could not get required SecurID PIN.
|
|
* @GSASL_NO_PIN: Could not get required SecurID PIN.
|
|
* @GSASL_NO_SERVICE: Could not get required service name.
|
|
* @GSASL_NO_HOSTNAME: Could not get required hostname.
|
|
* @GSASL_NO_CB_TLS_UNIQUE: Could not get required tls-unique CB.
|
|
* @GSASL_NO_CB_TLS_EXPORTER: Could not get required tls-exporter CB.
|
|
* @GSASL_NO_SAML20_IDP_IDENTIFIER: Could not get required SAML IdP.
|
|
* @GSASL_NO_SAML20_REDIRECT_URL: Could not get required SAML
|
|
* redirect URL.
|
|
* @GSASL_NO_OPENID20_REDIRECT_URL: Could not get required OpenID
|
|
* redirect URL.
|
|
* @GSASL_GSSAPI_RELEASE_BUFFER_ERROR: GSS-API library call error.
|
|
* @GSASL_GSSAPI_IMPORT_NAME_ERROR: GSS-API library call error.
|
|
* @GSASL_GSSAPI_INIT_SEC_CONTEXT_ERROR: GSS-API library call error.
|
|
* @GSASL_GSSAPI_ACCEPT_SEC_CONTEXT_ERROR: GSS-API library call error.
|
|
* @GSASL_GSSAPI_UNWRAP_ERROR: GSS-API library call error.
|
|
* @GSASL_GSSAPI_WRAP_ERROR: GSS-API library call error.
|
|
* @GSASL_GSSAPI_ACQUIRE_CRED_ERROR: GSS-API library call error.
|
|
* @GSASL_GSSAPI_DISPLAY_NAME_ERROR: GSS-API library call error.
|
|
* @GSASL_GSSAPI_UNSUPPORTED_PROTECTION_ERROR: An unsupported
|
|
* quality-of-protection layer was requeted.
|
|
* @GSASL_GSSAPI_ENCAPSULATE_TOKEN_ERROR: GSS-API library call error.
|
|
* @GSASL_GSSAPI_DECAPSULATE_TOKEN_ERROR: GSS-API library call error.
|
|
* @GSASL_GSSAPI_INQUIRE_MECH_FOR_SASLNAME_ERROR: GSS-API library call error.
|
|
* @GSASL_GSSAPI_TEST_OID_SET_MEMBER_ERROR: GSS-API library call error.
|
|
* @GSASL_GSSAPI_RELEASE_OID_SET_ERROR: GSS-API library call error.
|
|
* @GSASL_SECURID_SERVER_NEED_ADDITIONAL_PASSCODE: SecurID mechanism
|
|
* needs an additional passcode.
|
|
* @GSASL_SECURID_SERVER_NEED_NEW_PIN: SecurID mechanism
|
|
* needs an new PIN.
|
|
*
|
|
* Error codes for library functions.
|
|
*/
|
|
typedef enum
|
|
{
|
|
GSASL_OK = 0,
|
|
GSASL_NEEDS_MORE = 1,
|
|
GSASL_UNKNOWN_MECHANISM = 2,
|
|
GSASL_MECHANISM_CALLED_TOO_MANY_TIMES = 3,
|
|
GSASL_MALLOC_ERROR = 7,
|
|
GSASL_BASE64_ERROR = 8,
|
|
GSASL_CRYPTO_ERROR = 9,
|
|
GSASL_SASLPREP_ERROR = 29,
|
|
GSASL_MECHANISM_PARSE_ERROR = 30,
|
|
GSASL_AUTHENTICATION_ERROR = 31,
|
|
GSASL_INTEGRITY_ERROR = 33,
|
|
GSASL_NO_CLIENT_CODE = 35,
|
|
GSASL_NO_SERVER_CODE = 36,
|
|
GSASL_NO_CALLBACK = 51,
|
|
GSASL_NO_ANONYMOUS_TOKEN = 52,
|
|
GSASL_NO_AUTHID = 53,
|
|
GSASL_NO_AUTHZID = 54,
|
|
GSASL_NO_PASSWORD = 55,
|
|
GSASL_NO_PASSCODE = 56,
|
|
GSASL_NO_PIN = 57,
|
|
GSASL_NO_SERVICE = 58,
|
|
GSASL_NO_HOSTNAME = 59,
|
|
GSASL_NO_CB_TLS_UNIQUE = 65,
|
|
GSASL_NO_SAML20_IDP_IDENTIFIER = 66,
|
|
GSASL_NO_SAML20_REDIRECT_URL = 67,
|
|
GSASL_NO_OPENID20_REDIRECT_URL = 68,
|
|
GSASL_NO_CB_TLS_EXPORTER = 69,
|
|
/* Mechanism specific errors. */
|
|
GSASL_GSSAPI_RELEASE_BUFFER_ERROR = 37,
|
|
GSASL_GSSAPI_IMPORT_NAME_ERROR = 38,
|
|
GSASL_GSSAPI_INIT_SEC_CONTEXT_ERROR = 39,
|
|
GSASL_GSSAPI_ACCEPT_SEC_CONTEXT_ERROR = 40,
|
|
GSASL_GSSAPI_UNWRAP_ERROR = 41,
|
|
GSASL_GSSAPI_WRAP_ERROR = 42,
|
|
GSASL_GSSAPI_ACQUIRE_CRED_ERROR = 43,
|
|
GSASL_GSSAPI_DISPLAY_NAME_ERROR = 44,
|
|
GSASL_GSSAPI_UNSUPPORTED_PROTECTION_ERROR = 45,
|
|
GSASL_SECURID_SERVER_NEED_ADDITIONAL_PASSCODE = 48,
|
|
GSASL_SECURID_SERVER_NEED_NEW_PIN = 49,
|
|
GSASL_GSSAPI_ENCAPSULATE_TOKEN_ERROR = 60,
|
|
GSASL_GSSAPI_DECAPSULATE_TOKEN_ERROR = 61,
|
|
GSASL_GSSAPI_INQUIRE_MECH_FOR_SASLNAME_ERROR = 62,
|
|
GSASL_GSSAPI_TEST_OID_SET_MEMBER_ERROR = 63,
|
|
GSASL_GSSAPI_RELEASE_OID_SET_ERROR = 64
|
|
/* When adding new values, note that integers are not necessarily
|
|
assigned monotonously increasingly. */
|
|
} Gsasl_rc;
|
|
|
|
/**
|
|
* Gsasl_property:
|
|
* @GSASL_AUTHID: Authentication identity (username).
|
|
* @GSASL_AUTHZID: Authorization identity.
|
|
* @GSASL_PASSWORD: Password.
|
|
* @GSASL_ANONYMOUS_TOKEN: Anonymous identifier.
|
|
* @GSASL_SERVICE: Service name
|
|
* @GSASL_HOSTNAME: Host name.
|
|
* @GSASL_GSSAPI_DISPLAY_NAME: GSS-API credential principal name.
|
|
* @GSASL_PASSCODE: SecurID passcode.
|
|
* @GSASL_SUGGESTED_PIN: SecurID suggested PIN.
|
|
* @GSASL_PIN: SecurID PIN.
|
|
* @GSASL_REALM: User realm.
|
|
* @GSASL_DIGEST_MD5_HASHED_PASSWORD: Pre-computed hashed DIGEST-MD5
|
|
* password, to avoid storing passwords in the clear.
|
|
* @GSASL_QOPS: Set of quality-of-protection values.
|
|
* @GSASL_QOP: Quality-of-protection value.
|
|
* @GSASL_SCRAM_ITER: Number of iterations in password-to-key hashing.
|
|
* @GSASL_SCRAM_SALT: Salt for password-to-key hashing.
|
|
* @GSASL_SCRAM_SALTED_PASSWORD: Hex-encoded hashed/salted password.
|
|
* @GSASL_SCRAM_SERVERKEY: Hex-encoded SCRAM ServerKey derived
|
|
* from users' passowrd.
|
|
* @GSASL_SCRAM_STOREDKEY: Hex-encoded SCRAM StoredKey derived
|
|
* from users' passowrd.
|
|
* @GSASL_CB_TLS_UNIQUE: Base64 encoded tls-unique channel binding.
|
|
* @GSASL_CB_TLS_EXPORTER: Base64 encoded tls-exporter channel binding.
|
|
* @GSASL_SAML20_IDP_IDENTIFIER: SAML20 user IdP URL.
|
|
* @GSASL_SAML20_REDIRECT_URL: SAML 2.0 URL to access in browser.
|
|
* @GSASL_OPENID20_REDIRECT_URL: OpenID 2.0 URL to access in browser.
|
|
* @GSASL_OPENID20_OUTCOME_DATA: OpenID 2.0 authentication outcome data.
|
|
* @GSASL_SAML20_AUTHENTICATE_IN_BROWSER: Request to perform SAML 2.0
|
|
* authentication in browser.
|
|
* @GSASL_OPENID20_AUTHENTICATE_IN_BROWSER: Request to perform OpenID 2.0
|
|
* authentication in browser.
|
|
* @GSASL_VALIDATE_SIMPLE: Request for simple validation.
|
|
* @GSASL_VALIDATE_EXTERNAL: Request for validation of EXTERNAL.
|
|
* @GSASL_VALIDATE_ANONYMOUS: Request for validation of ANONYMOUS.
|
|
* @GSASL_VALIDATE_GSSAPI: Request for validation of GSSAPI/GS2.
|
|
* @GSASL_VALIDATE_SECURID: Reqest for validation of SecurID.
|
|
* @GSASL_VALIDATE_SAML20: Reqest for validation of SAML20.
|
|
* @GSASL_VALIDATE_OPENID20: Reqest for validation of OpenID 2.0 login.
|
|
*
|
|
* Callback/property types.
|
|
*/
|
|
typedef enum
|
|
{
|
|
/* Information properties, e.g., username. */
|
|
GSASL_AUTHID = 1,
|
|
GSASL_AUTHZID = 2,
|
|
GSASL_PASSWORD = 3,
|
|
GSASL_ANONYMOUS_TOKEN = 4,
|
|
GSASL_SERVICE = 5,
|
|
GSASL_HOSTNAME = 6,
|
|
GSASL_GSSAPI_DISPLAY_NAME = 7,
|
|
GSASL_PASSCODE = 8,
|
|
GSASL_SUGGESTED_PIN = 9,
|
|
GSASL_PIN = 10,
|
|
GSASL_REALM = 11,
|
|
GSASL_DIGEST_MD5_HASHED_PASSWORD = 12,
|
|
GSASL_QOPS = 13,
|
|
GSASL_QOP = 14,
|
|
GSASL_SCRAM_ITER = 15,
|
|
GSASL_SCRAM_SALT = 16,
|
|
GSASL_SCRAM_SALTED_PASSWORD = 17,
|
|
GSASL_SCRAM_SERVERKEY = 23,
|
|
GSASL_SCRAM_STOREDKEY = 24,
|
|
GSASL_CB_TLS_UNIQUE = 18,
|
|
GSASL_SAML20_IDP_IDENTIFIER = 19,
|
|
GSASL_SAML20_REDIRECT_URL = 20,
|
|
GSASL_OPENID20_REDIRECT_URL = 21,
|
|
GSASL_OPENID20_OUTCOME_DATA = 22,
|
|
GSASL_CB_TLS_EXPORTER = 25,
|
|
/* Client callbacks. */
|
|
GSASL_SAML20_AUTHENTICATE_IN_BROWSER = 250,
|
|
GSASL_OPENID20_AUTHENTICATE_IN_BROWSER = 251,
|
|
/* Server validation callback properties. */
|
|
GSASL_VALIDATE_SIMPLE = 500,
|
|
GSASL_VALIDATE_EXTERNAL = 501,
|
|
GSASL_VALIDATE_ANONYMOUS = 502,
|
|
GSASL_VALIDATE_GSSAPI = 503,
|
|
GSASL_VALIDATE_SECURID = 504,
|
|
GSASL_VALIDATE_SAML20 = 505,
|
|
GSASL_VALIDATE_OPENID20 = 506
|
|
} Gsasl_property;
|
|
|
|
/**
|
|
* Gsasl_callback_function:
|
|
* @ctx: libgsasl handle.
|
|
* @sctx: session handle, may be NULL.
|
|
* @prop: enumerated value of Gsasl_property type.
|
|
*
|
|
* Prototype of function that the application should implement. Use
|
|
* gsasl_callback_set() to inform the library about your callback
|
|
* function.
|
|
*
|
|
* It is called by the SASL library when it need some information
|
|
* from the application. Depending on the value of @prop, it should
|
|
* either set some property (e.g., username or password) using
|
|
* gsasl_property_set(), or it should extract some properties (e.g.,
|
|
* authentication and authorization identities) using
|
|
* gsasl_property_fast() and use them to make a policy decision,
|
|
* perhaps returning GSASL_AUTHENTICATION_ERROR or GSASL_OK
|
|
* depending on whether the policy permitted the operation.
|
|
*
|
|
* Return value: Any valid return code, the interpretation of which
|
|
* depend on the @prop value.
|
|
*
|
|
* Since: 0.2.0
|
|
**/
|
|
typedef int (*Gsasl_callback_function) (Gsasl * ctx, Gsasl_session * sctx,
|
|
Gsasl_property prop);
|
|
|
|
/**
|
|
* Gsasl_mechname_limits:
|
|
* @GSASL_MIN_MECHANISM_SIZE: Minimum size of mechanism name strings.
|
|
* @GSASL_MAX_MECHANISM_SIZE: Maximum size of mechanism name strings.
|
|
*
|
|
* SASL mechanisms are named by strings, from 1 to 20 characters in
|
|
* length, consisting of upper-case letters, digits, hyphens, and/or
|
|
* underscores. See also gsasl_mechanism_name_p().
|
|
*/
|
|
typedef enum
|
|
{
|
|
GSASL_MIN_MECHANISM_SIZE = 1,
|
|
GSASL_MAX_MECHANISM_SIZE = 20
|
|
} Gsasl_mechname_limits;
|
|
|
|
/**
|
|
* Gsasl_qop:
|
|
* @GSASL_QOP_AUTH: Authentication only.
|
|
* @GSASL_QOP_AUTH_INT: Authentication and integrity.
|
|
* @GSASL_QOP_AUTH_CONF: Authentication, integrity and confidentiality.
|
|
*
|
|
* Quality of Protection types (DIGEST-MD5 and GSSAPI). The
|
|
* integrity and confidentiality values is about application data
|
|
* wrapping. We recommend that you use @GSASL_QOP_AUTH with TLS as
|
|
* that combination is generally more secure and have better chance
|
|
* of working than the integrity/confidentiality layers of SASL.
|
|
*/
|
|
typedef enum
|
|
{
|
|
GSASL_QOP_AUTH = 1,
|
|
GSASL_QOP_AUTH_INT = 2,
|
|
GSASL_QOP_AUTH_CONF = 4
|
|
} Gsasl_qop;
|
|
|
|
/**
|
|
* Gsasl_saslprep_flags:
|
|
* @GSASL_ALLOW_UNASSIGNED: Allow unassigned code points.
|
|
*
|
|
* Flags for the SASLprep function, see gsasl_saslprep(). For
|
|
* background, see the GNU Libidn documentation.
|
|
*/
|
|
typedef enum
|
|
{
|
|
GSASL_ALLOW_UNASSIGNED = 1
|
|
} Gsasl_saslprep_flags;
|
|
|
|
/* Library entry and exit points: version.c, init.c, done.c */
|
|
extern _GSASL_API int gsasl_init (Gsasl ** ctx);
|
|
extern _GSASL_API void gsasl_done (Gsasl * ctx);
|
|
extern _GSASL_API const char *gsasl_check_version (const char *req_version);
|
|
|
|
/* Callback handling: callback.c */
|
|
extern _GSASL_API void gsasl_callback_set (Gsasl * ctx,
|
|
Gsasl_callback_function cb);
|
|
extern _GSASL_API int gsasl_callback (Gsasl * ctx, Gsasl_session * sctx,
|
|
Gsasl_property prop);
|
|
|
|
extern _GSASL_API void gsasl_callback_hook_set (Gsasl * ctx, void *hook);
|
|
extern _GSASL_API void *gsasl_callback_hook_get (Gsasl * ctx);
|
|
|
|
extern _GSASL_API void gsasl_session_hook_set (Gsasl_session * sctx,
|
|
void *hook);
|
|
extern _GSASL_API void *gsasl_session_hook_get (Gsasl_session * sctx);
|
|
|
|
/* Property handling: property.c */
|
|
extern _GSASL_API int gsasl_property_set (Gsasl_session * sctx,
|
|
Gsasl_property prop,
|
|
const char *data);
|
|
extern _GSASL_API int gsasl_property_set_raw (Gsasl_session * sctx,
|
|
Gsasl_property prop,
|
|
const char *data, size_t len);
|
|
extern _GSASL_API void gsasl_property_free (Gsasl_session * sctx,
|
|
Gsasl_property prop);
|
|
extern _GSASL_API const char *gsasl_property_get (Gsasl_session * sctx,
|
|
Gsasl_property prop);
|
|
extern _GSASL_API const char *gsasl_property_fast (Gsasl_session * sctx,
|
|
Gsasl_property prop);
|
|
|
|
/* Mechanism handling: listmech.c, supportp.c, suggest.c */
|
|
extern _GSASL_API int gsasl_client_mechlist (Gsasl * ctx, char **out);
|
|
extern _GSASL_API int gsasl_client_support_p (Gsasl * ctx,
|
|
const char *name);
|
|
extern _GSASL_API const char *gsasl_client_suggest_mechanism (Gsasl * ctx,
|
|
const char
|
|
*mechlist);
|
|
|
|
extern _GSASL_API int gsasl_server_mechlist (Gsasl * ctx, char **out);
|
|
extern _GSASL_API int gsasl_server_support_p (Gsasl * ctx,
|
|
const char *name);
|
|
extern _GSASL_API int gsasl_mechanism_name_p (const char *mech);
|
|
|
|
/* Authentication functions: xstart.c, xstep.c, xfinish.c */
|
|
extern _GSASL_API int gsasl_client_start (Gsasl * ctx, const char *mech,
|
|
Gsasl_session ** sctx);
|
|
extern _GSASL_API int gsasl_server_start (Gsasl * ctx, const char *mech,
|
|
Gsasl_session ** sctx);
|
|
extern _GSASL_API int gsasl_step (Gsasl_session * sctx,
|
|
const char *input, size_t input_len,
|
|
char **output, size_t *output_len);
|
|
extern _GSASL_API int gsasl_step64 (Gsasl_session * sctx,
|
|
const char *b64input, char **b64output);
|
|
extern _GSASL_API void gsasl_finish (Gsasl_session * sctx);
|
|
|
|
/* Session functions: xcode.c, mechname.c */
|
|
extern _GSASL_API int gsasl_encode (Gsasl_session * sctx,
|
|
const char *input, size_t input_len,
|
|
char **output, size_t *output_len);
|
|
extern _GSASL_API int gsasl_decode (Gsasl_session * sctx,
|
|
const char *input, size_t input_len,
|
|
char **output, size_t *output_len);
|
|
extern _GSASL_API const char *gsasl_mechanism_name (Gsasl_session * sctx);
|
|
|
|
/* Error handling: error.c */
|
|
extern _GSASL_API const char *gsasl_strerror (int err);
|
|
extern _GSASL_API const char *gsasl_strerror_name (int err);
|
|
|
|
/* Internationalized string processing: stringprep.c */
|
|
extern _GSASL_API int gsasl_saslprep (const char *in,
|
|
Gsasl_saslprep_flags flags,
|
|
char **out, int *stringpreprc);
|
|
|
|
/* Crypto functions: crypto.c */
|
|
|
|
/**
|
|
* Gsasl_hash:
|
|
* @GSASL_HASH_SHA1: Hash function SHA-1.
|
|
* @GSASL_HASH_SHA256: Hash function SHA-256.
|
|
*
|
|
* Hash functions. You may use gsasl_hash_length() to get the
|
|
* output size of a hash function.
|
|
*
|
|
* Currently only used as parameter to
|
|
* gsasl_scram_secrets_from_salted_password() and
|
|
* gsasl_scram_secrets_from_password() to specify for which SCRAM
|
|
* mechanism to prepare secrets for.
|
|
*
|
|
* Since: 1.10
|
|
*/
|
|
typedef enum
|
|
{
|
|
/* Hash algorithm identifiers. */
|
|
GSASL_HASH_SHA1 = 2,
|
|
GSASL_HASH_SHA256 = 3,
|
|
} Gsasl_hash;
|
|
|
|
/**
|
|
* Gsasl_hash_length:
|
|
* @GSASL_HASH_SHA1_SIZE: Output size of hash function SHA-1.
|
|
* @GSASL_HASH_SHA256_SIZE: Output size of hash function SHA-256.
|
|
* @GSASL_HASH_MAX_SIZE: Maximum output size of any %Gsasl_hash_length.
|
|
*
|
|
* Identifiers specifying the output size of hash functions.
|
|
*
|
|
* These can be used when statically allocating the buffers needed
|
|
* for, e.g., gsasl_scram_secrets_from_password().
|
|
*
|
|
* Since: 1.10
|
|
*/
|
|
typedef enum
|
|
{
|
|
/* Output sizes of hashes. */
|
|
GSASL_HASH_SHA1_SIZE = 20,
|
|
GSASL_HASH_SHA256_SIZE = 32,
|
|
GSASL_HASH_MAX_SIZE = GSASL_HASH_SHA256_SIZE
|
|
} Gsasl_hash_length;
|
|
|
|
extern _GSASL_API int gsasl_nonce (char *data, size_t datalen);
|
|
extern _GSASL_API int gsasl_random (char *data, size_t datalen);
|
|
|
|
extern _GSASL_API size_t gsasl_hash_length (Gsasl_hash hash);
|
|
|
|
extern _GSASL_API int
|
|
gsasl_scram_secrets_from_salted_password (Gsasl_hash hash,
|
|
const char *salted_password,
|
|
char *client_key,
|
|
char *server_key,
|
|
char *stored_key);
|
|
extern _GSASL_API int
|
|
gsasl_scram_secrets_from_password (Gsasl_hash hash,
|
|
const char *password,
|
|
unsigned int iteration_count,
|
|
const char *salt,
|
|
size_t saltlen,
|
|
char *salted_password,
|
|
char *client_key,
|
|
char *server_key, char *stored_key);
|
|
|
|
/* Utilities: md5pwd.c, base64.c, free.c */
|
|
extern _GSASL_API int gsasl_simple_getpass (const char *filename,
|
|
const char *username,
|
|
char **key);
|
|
extern _GSASL_API int gsasl_base64_to (const char *in, size_t inlen,
|
|
char **out, size_t *outlen);
|
|
extern _GSASL_API int gsasl_base64_from (const char *in, size_t inlen,
|
|
char **out, size_t *outlen);
|
|
extern _GSASL_API int gsasl_hex_to (const char *in, size_t inlen,
|
|
char **out, size_t *outlen);
|
|
extern _GSASL_API int gsasl_hex_from (const char *in, char **out,
|
|
size_t *outlen);
|
|
extern _GSASL_API void gsasl_free (void *ptr);
|
|
|
|
/* Get the mechanism API. */
|
|
# include <gsasl-mech.h>
|
|
|
|
# ifdef __cplusplus
|
|
}
|
|
# endif
|
|
|
|
#endif /* GSASL_H */
|