1 module bindbc.gnutls.dane; 2 3 import bindbc.gnutls.gnutls; 4 5 enum dane_cert_usage_t 6 { 7 DANE_CERT_USAGE_CA = 0, 8 DANE_CERT_USAGE_EE = 1, 9 DANE_CERT_USAGE_LOCAL_CA = 2, 10 DANE_CERT_USAGE_LOCAL_EE = 3 11 } 12 13 enum dane_cert_type_t 14 { 15 DANE_CERT_X509 = 0, 16 DANE_CERT_PK = 1 17 } 18 19 enum dane_match_type_t 20 { 21 DANE_MATCH_EXACT = 0, 22 DANE_MATCH_SHA2_256 = 1, 23 DANE_MATCH_SHA2_512 = 2 24 } 25 26 enum dane_query_status_t 27 { 28 DANE_QUERY_UNKNOWN = 0, 29 DANE_QUERY_DNSSEC_VERIFIED = 1, 30 DANE_QUERY_BOGUS = 2, 31 DANE_QUERY_NO_DNSSEC = 3 32 } 33 34 struct dane_state_st; 35 alias dane_state_t = dane_state_st*; 36 struct dane_query_st; 37 alias dane_query_t = dane_query_st*; 38 39 enum dane_state_flags_t 40 { 41 DANE_F_IGNORE_LOCAL_RESOLVER = 1, 42 DANE_F_INSECURE = 2, 43 DANE_F_IGNORE_DNSSEC = 4 44 } 45 46 enum dane_verify_flags_t 47 { 48 DANE_VFLAG_FAIL_IF_NOT_CHECKED = 1, 49 DANE_VFLAG_ONLY_CHECK_EE_USAGE = 1 << 1, 50 DANE_VFLAG_ONLY_CHECK_CA_USAGE = 1 << 2 51 } 52 53 enum dane_verify_status_t 54 { 55 DANE_VERIFY_CA_CONSTRAINTS_VIOLATED = 1, 56 DANE_VERIFY_CERT_DIFFERS = 1 << 1, 57 DANE_VERIFY_UNKNOWN_DANE_INFO = 1 << 2 58 } 59 60 enum DANE_VERIFY_CA_CONSTRAINS_VIOLATED = dane_verify_status_t.DANE_VERIFY_CA_CONSTRAINTS_VIOLATED; 61 enum DANE_VERIFY_NO_DANE_INFO = dane_verify_status_t.DANE_VERIFY_UNKNOWN_DANE_INFO; 62 63 enum DANE_E_SUCCESS = 0; 64 enum DANE_E_INITIALIZATION_ERROR = -1; 65 enum DANE_E_RESOLVING_ERROR = -2; 66 enum DANE_E_NO_DANE_DATA = -3; 67 enum DANE_E_RECEIVED_CORRUPT_DATA = -4; 68 enum DANE_E_INVALID_DNSSEC_SIG = -5; 69 enum DANE_E_NO_DNSSEC_SIG = -6; 70 enum DANE_E_MEMORY_ERROR = -7; 71 enum DANE_E_REQUESTED_DATA_NOT_AVAILABLE = -8; 72 enum DANE_E_INVALID_REQUEST = -9; 73 enum DANE_E_PUBKEY_ERROR = -10; 74 enum DANE_E_NO_CERT = -11; 75 enum DANE_E_FILE_ERROR = -12; 76 enum DANE_E_CERT_ERROR = -13; 77 enum DANE_E_UNKNOWN_DANE_DATA = -14; 78 79 version (BindGnuTLS_Static) 80 { 81 extern (System) @nogc nothrow @system: 82 83 int dane_state_init (dane_state_t* s, uint flags); 84 int dane_state_set_dlv_file (dane_state_t s, const(char)* file); 85 void dane_state_deinit (dane_state_t s); 86 int dane_raw_tlsa (dane_state_t s, dane_query_t* r, char** dane_data, const(int)* dane_data_len, int secure, int bogus); 87 int dane_query_tlsa (dane_state_t s, dane_query_t* r, const(char)* host, const(char)* proto, uint port); 88 dane_query_status_t dane_query_status (dane_query_t q); 89 uint dane_query_entries (dane_query_t q); 90 int dane_query_data (dane_query_t q, uint idx, uint* usage, uint* type, uint* match, gnutls_datum_t* data); 91 int dane_query_to_raw_tlsa (dane_query_t q, uint* data_entries, char*** dane_data, int** dane_data_len, int* secure, int* bogus); 92 void dane_query_deinit (dane_query_t q); 93 const(char)* dane_cert_type_name (dane_cert_type_t type); 94 const(char)* dane_match_type_name (dane_match_type_t type); 95 const(char)* dane_cert_usage_name (dane_cert_usage_t usage); 96 int dane_verification_status_print (uint status, gnutls_datum_t* out_, uint flags); 97 int dane_verify_crt_raw (dane_state_t s, const(gnutls_datum_t)* chain, uint chain_size, gnutls_certificate_type_t chain_type, dane_query_t r, uint sflags, uint vflags, uint* verify); 98 int dane_verify_crt (dane_state_t s, const(gnutls_datum_t)* chain, uint chain_size, gnutls_certificate_type_t chain_type, const(char)* hostname, const(char)* proto, uint port, uint sflags, uint vflags, uint* verify); 99 int dane_verify_session_crt (dane_state_t s, gnutls_session_t session, const(char)* hostname, const(char)* proto, uint port, uint sflags, uint vflags, uint* verify); 100 const(char)* dane_strerror (int error); 101 } 102 else 103 { 104 extern (System) @nogc nothrow @system 105 { 106 alias pdane_state_init = int function (dane_state_t* s, uint flags); 107 alias pdane_state_set_dlv_file = int function (dane_state_t s, const(char)* file); 108 alias pdane_state_deinit = void function (dane_state_t s); 109 alias pdane_raw_tlsa = int function (dane_state_t s, dane_query_t* r, char** dane_data, const(int)* dane_data_len, int secure, int bogus); 110 alias pdane_query_tlsa = int function (dane_state_t s, dane_query_t* r, const(char)* host, const(char)* proto, uint port); 111 alias pdane_query_status = dane_query_status_t function (dane_query_t q); 112 alias pdane_query_entries = uint function (dane_query_t q); 113 alias pdane_query_data = int function (dane_query_t q, uint idx, uint* usage, uint* type, uint* match, gnutls_datum_t* data); 114 alias pdane_query_to_raw_tlsa = int function (dane_query_t q, uint* data_entries, char*** dane_data, int** dane_data_len, int* secure, int* bogus); 115 alias pdane_query_deinit = void function (dane_query_t q); 116 alias pdane_cert_type_name = const(char)* function (dane_cert_type_t type); 117 alias pdane_match_type_name = const(char)* function (dane_match_type_t type); 118 alias pdane_cert_usage_name = const(char)* function (dane_cert_usage_t usage); 119 alias pdane_verification_status_print = int function (uint status, gnutls_datum_t* out_, uint flags); 120 alias pdane_verify_crt_raw = int function (dane_state_t s, const(gnutls_datum_t)* chain, uint chain_size, gnutls_certificate_type_t chain_type, dane_query_t r, uint sflags, uint vflags, uint* verify); 121 alias pdane_verify_crt = int function (dane_state_t s, const(gnutls_datum_t)* chain, uint chain_size, gnutls_certificate_type_t chain_type, const(char)* hostname, const(char)* proto, uint port, uint sflags, uint vflags, uint* verify); 122 alias pdane_verify_session_crt = int function (dane_state_t s, gnutls_session_t session, const(char)* hostname, const(char)* proto, uint port, uint sflags, uint vflags, uint* verify); 123 alias pdane_strerror = const(char)* function (int error); 124 } 125 126 __gshared 127 { 128 pdane_state_init dane_state_init; 129 pdane_state_set_dlv_file dane_state_set_dlv_file; 130 pdane_state_deinit dane_state_deinit; 131 pdane_raw_tlsa dane_raw_tlsa; 132 pdane_query_tlsa dane_query_tlsa; 133 pdane_query_status dane_query_status; 134 pdane_query_entries dane_query_entries; 135 pdane_query_data dane_query_data; 136 pdane_query_to_raw_tlsa dane_query_to_raw_tlsa; 137 pdane_query_deinit dane_query_deinit; 138 pdane_cert_type_name dane_cert_type_name; 139 pdane_match_type_name dane_match_type_name; 140 pdane_cert_usage_name dane_cert_usage_name; 141 pdane_verification_status_print dane_verification_status_print; 142 pdane_verify_crt_raw dane_verify_crt_raw; 143 pdane_verify_crt dane_verify_crt; 144 pdane_verify_session_crt dane_verify_session_crt; 145 pdane_strerror dane_strerror; 146 } 147 148 import bindbc.loader : SharedLib, bindSymbol_stdcall; 149 void bindDane(SharedLib lib) 150 { 151 lib.bindSymbol_stdcall(dane_state_init, "dane_state_init"); 152 lib.bindSymbol_stdcall(dane_state_set_dlv_file, "dane_state_set_dlv_file"); 153 lib.bindSymbol_stdcall(dane_state_deinit, "dane_state_deinit"); 154 lib.bindSymbol_stdcall(dane_raw_tlsa, "dane_raw_tlsa"); 155 lib.bindSymbol_stdcall(dane_query_tlsa, "dane_query_tlsa"); 156 lib.bindSymbol_stdcall(dane_query_status, "dane_query_status"); 157 lib.bindSymbol_stdcall(dane_query_entries, "dane_query_entries"); 158 lib.bindSymbol_stdcall(dane_query_data, "dane_query_data"); 159 lib.bindSymbol_stdcall(dane_query_to_raw_tlsa, "dane_query_to_raw_tlsa"); 160 lib.bindSymbol_stdcall(dane_query_deinit, "dane_query_deinit"); 161 lib.bindSymbol_stdcall(dane_cert_type_name, "dane_cert_type_name"); 162 lib.bindSymbol_stdcall(dane_match_type_name, "dane_match_type_name"); 163 lib.bindSymbol_stdcall(dane_cert_usage_name, "dane_cert_usage_name"); 164 lib.bindSymbol_stdcall(dane_verification_status_print, "dane_verification_status_print"); 165 lib.bindSymbol_stdcall(dane_verify_crt_raw, "dane_verify_crt_raw"); 166 lib.bindSymbol_stdcall(dane_verify_crt, "dane_verify_crt"); 167 lib.bindSymbol_stdcall(dane_verify_session_crt, "dane_verify_session_crt"); 168 lib.bindSymbol_stdcall(dane_strerror, "dane_strerror"); 169 } 170 }