@gjsify/tls-native 0.4.30 → 0.4.32

package/prebuilds/linux-s390x/GjsifyTls-1.0.gir

@@ -2,10 +2,22 @@
 <!-- GjsifyTls-1.0.gir generated by valac 0.56.19, do not modify. -->
 <repository version="1.2" xmlns="http://www.gtk.org/introspection/core/1.0" xmlns:c="http://www.gtk.org/introspection/c/1.0" xmlns:doc="http://www.gtk.org/introspection/doc/1.0" xmlns:glib="http://www.gtk.org/introspection/glib/1.0">
 <include name="GObject" version="2.0"/>
+<include name="Gio" version="2.0"/>
+<include name="GLib" version="2.0"/>
 <package name="gjsifytls"/>
 <c:include name="gjsifytls.h"/>
 <doc:format name="unknown"/>
 <namespace name="GjsifyTls" version="1.0" shared-library="libgjsifytls.so" c:prefix="GjsifyTls" c:identifier-prefixes="GjsifyTls" c:symbol-prefixes="gjsify_tls">
+	<enumeration name="ChannelBindingType" c:type="GjsifyTlsChannelBindingType" glib:type-name="GjsifyTlsChannelBindingType" glib:get-type="gjsify_tls_channel_binding_type_get_type">
+		<member name="tls_unique" c:identifier="GJSIFY_TLS_CHANNEL_BINDING_TYPE_TLS_UNIQUE" value="0"/>
+		<member name="tls_server_end_point" c:identifier="GJSIFY_TLS_CHANNEL_BINDING_TYPE_TLS_SERVER_END_POINT" value="1"/>
+		<member name="tls_exporter" c:identifier="GJSIFY_TLS_CHANNEL_BINDING_TYPE_TLS_EXPORTER" value="2"/>
+	</enumeration>
+	<enumeration name="SessionAccessError" c:type="GjsifyTlsSessionAccessError" glib:type-name="GjsifyTlsSessionAccessError" glib:get-type="gjsify_tls_session_access_error_get_type" glib:error-domain="gjsify-tls-session-access-error-quark">
+		<member name="not_supported" c:identifier="GJSIFY_TLS_SESSION_ACCESS_ERROR_NOT_SUPPORTED" value="0"/>
+		<member name="not_ready" c:identifier="GJSIFY_TLS_SESSION_ACCESS_ERROR_NOT_READY" value="1"/>
+		<member name="gnutls_error" c:identifier="GJSIFY_TLS_SESSION_ACCESS_ERROR_GNUTLS_ERROR" value="2"/>
+	</enumeration>
 	<class name="OcspResponseInfo" c:type="GjsifyTlsOcspResponseInfo" c:symbol-prefix="ocsp_response_info" glib:type-name="GjsifyTlsOcspResponseInfo" glib:get-type="gjsify_tls_ocsp_response_info_get_type" glib:type-struct="OcspResponseInfoClass" parent="GObject.Object">
 		<field name="parent_instance" readable="0" private="1">
 			<type name="GObject.Object" c:type="GObject"/>
@@ -150,5 +162,115 @@
 		</field>
 	</record>
 	<record name="TlsPrivate" c:type="GjsifyTlsTlsPrivate" disguised="1"/>
+	<class name="SessionAccess" c:type="GjsifyTlsSessionAccess" c:symbol-prefix="session_access" glib:type-name="GjsifyTlsSessionAccess" glib:get-type="gjsify_tls_session_access_get_type" glib:type-struct="SessionAccessClass" parent="GObject.Object">
+		<field name="parent_instance" readable="0" private="1">
+			<type name="GObject.Object" c:type="GObject"/>
+		</field>
+		<field name="priv" readable="0" private="1">
+			<type name="SessionAccessPrivate" c:type="GjsifyTlsSessionAccessPrivate*"/>
+		</field>
+		<function name="is_supported" c:identifier="gjsify_tls_session_access_is_supported">
+			<return-value transfer-ownership="full">
+				<type name="gboolean" c:type="gboolean"/>
+			</return-value>
+		</function>
+		<function name="for_connection" c:identifier="gjsify_tls_session_access_for_connection">
+			<return-value transfer-ownership="full" nullable="1">
+				<type name="GjsifyTls.SessionAccess" c:type="GjsifyTlsSessionAccess*"/>
+			</return-value>
+			<parameters>
+				<parameter name="connection" transfer-ownership="none" nullable="1">
+					<type name="Gio.TlsConnection" c:type="GTlsConnection*"/>
+				</parameter>
+			</parameters>
+		</function>
+		<method name="is_session_reused" c:identifier="gjsify_tls_session_access_is_session_reused" throws="1">
+			<return-value transfer-ownership="full">
+				<type name="gboolean" c:type="gboolean"/>
+			</return-value>
+			<parameters>
+				<instance-parameter name="self" transfer-ownership="none">
+					<type name="GjsifyTls.SessionAccess" c:type="GjsifyTlsSessionAccess*"/>
+				</instance-parameter>
+			</parameters>
+		</method>
+		<method name="get_session_data" c:identifier="gjsify_tls_session_access_get_session_data" throws="1">
+			<return-value transfer-ownership="full">
+				<type name="GLib.Bytes" c:type="GBytes*"/>
+			</return-value>
+			<parameters>
+				<instance-parameter name="self" transfer-ownership="none">
+					<type name="GjsifyTls.SessionAccess" c:type="GjsifyTlsSessionAccess*"/>
+				</instance-parameter>
+			</parameters>
+		</method>
+		<method name="set_session_data" c:identifier="gjsify_tls_session_access_set_session_data" throws="1">
+			<return-value transfer-ownership="full">
+				<type name="none" c:type="void"/>
+			</return-value>
+			<parameters>
+				<instance-parameter name="self" transfer-ownership="none">
+					<type name="GjsifyTls.SessionAccess" c:type="GjsifyTlsSessionAccess*"/>
+				</instance-parameter>
+				<parameter name="data" transfer-ownership="none">
+					<type name="GLib.Bytes" c:type="GBytes*"/>
+				</parameter>
+			</parameters>
+		</method>
+		<method name="get_channel_binding" c:identifier="gjsify_tls_session_access_get_channel_binding" throws="1">
+			<return-value transfer-ownership="full">
+				<type name="GLib.Bytes" c:type="GBytes*"/>
+			</return-value>
+			<parameters>
+				<instance-parameter name="self" transfer-ownership="none">
+					<type name="GjsifyTls.SessionAccess" c:type="GjsifyTlsSessionAccess*"/>
+				</instance-parameter>
+				<parameter name="binding" transfer-ownership="none">
+					<type name="GjsifyTls.ChannelBindingType" c:type="GjsifyTlsChannelBindingType"/>
+				</parameter>
+			</parameters>
+		</method>
+		<method name="get_finished" c:identifier="gjsify_tls_session_access_get_finished" throws="1">
+			<return-value transfer-ownership="full">
+				<type name="GLib.Bytes" c:type="GBytes*"/>
+			</return-value>
+			<parameters>
+				<instance-parameter name="self" transfer-ownership="none">
+					<type name="GjsifyTls.SessionAccess" c:type="GjsifyTlsSessionAccess*"/>
+				</instance-parameter>
+			</parameters>
+		</method>
+		<method name="get_peer_finished" c:identifier="gjsify_tls_session_access_get_peer_finished" throws="1">
+			<return-value transfer-ownership="full">
+				<type name="GLib.Bytes" c:type="GBytes*"/>
+			</return-value>
+			<parameters>
+				<instance-parameter name="self" transfer-ownership="none">
+					<type name="GjsifyTls.SessionAccess" c:type="GjsifyTlsSessionAccess*"/>
+				</instance-parameter>
+			</parameters>
+		</method>
+		<method name="get_negotiated_protocol_version" c:identifier="gjsify_tls_session_access_get_negotiated_protocol_version">
+			<return-value transfer-ownership="full">
+				<type name="utf8" c:type="gchar*"/>
+			</return-value>
+			<parameters>
+				<instance-parameter name="self" transfer-ownership="none">
+					<type name="GjsifyTls.SessionAccess" c:type="GjsifyTlsSessionAccess*"/>
+				</instance-parameter>
+			</parameters>
+		</method>
+		<constructor name="new" c:identifier="gjsify_tls_session_access_new">
+			<return-value transfer-ownership="full">
+				<type name="GjsifyTls.SessionAccess" c:type="GjsifyTlsSessionAccess*"/>
+			</return-value>
+		</constructor>
+	</class>
+	<record name="SessionAccessClass" c:type="GjsifyTlsSessionAccessClass" glib:is-gtype-struct-for="SessionAccess">
+		<field name="parent_class" readable="0" private="1">
+			<type name="GObject.ObjectClass" c:type="GObjectClass"/>
+		</field>
+	</record>
+	<record name="SessionAccessPrivate" c:type="GjsifyTlsSessionAccessPrivate" disguised="1"/>
 </namespace>
 </repository>

package/prebuilds/linux-x86_64/GjsifyTls-1.0.gir

@@ -2,10 +2,22 @@
 <!-- GjsifyTls-1.0.gir generated by valac 0.56.19, do not modify. -->
 <repository version="1.2" xmlns="http://www.gtk.org/introspection/core/1.0" xmlns:c="http://www.gtk.org/introspection/c/1.0" xmlns:doc="http://www.gtk.org/introspection/doc/1.0" xmlns:glib="http://www.gtk.org/introspection/glib/1.0">
 <include name="GObject" version="2.0"/>
+<include name="Gio" version="2.0"/>
+<include name="GLib" version="2.0"/>
 <package name="gjsifytls"/>
 <c:include name="gjsifytls.h"/>
 <doc:format name="unknown"/>
 <namespace name="GjsifyTls" version="1.0" shared-library="libgjsifytls.so" c:prefix="GjsifyTls" c:identifier-prefixes="GjsifyTls" c:symbol-prefixes="gjsify_tls">
+	<enumeration name="ChannelBindingType" c:type="GjsifyTlsChannelBindingType" glib:type-name="GjsifyTlsChannelBindingType" glib:get-type="gjsify_tls_channel_binding_type_get_type">
+		<member name="tls_unique" c:identifier="GJSIFY_TLS_CHANNEL_BINDING_TYPE_TLS_UNIQUE" value="0"/>
+		<member name="tls_server_end_point" c:identifier="GJSIFY_TLS_CHANNEL_BINDING_TYPE_TLS_SERVER_END_POINT" value="1"/>
+		<member name="tls_exporter" c:identifier="GJSIFY_TLS_CHANNEL_BINDING_TYPE_TLS_EXPORTER" value="2"/>
+	</enumeration>
+	<enumeration name="SessionAccessError" c:type="GjsifyTlsSessionAccessError" glib:type-name="GjsifyTlsSessionAccessError" glib:get-type="gjsify_tls_session_access_error_get_type" glib:error-domain="gjsify-tls-session-access-error-quark">
+		<member name="not_supported" c:identifier="GJSIFY_TLS_SESSION_ACCESS_ERROR_NOT_SUPPORTED" value="0"/>
+		<member name="not_ready" c:identifier="GJSIFY_TLS_SESSION_ACCESS_ERROR_NOT_READY" value="1"/>
+		<member name="gnutls_error" c:identifier="GJSIFY_TLS_SESSION_ACCESS_ERROR_GNUTLS_ERROR" value="2"/>
+	</enumeration>
 	<class name="OcspResponseInfo" c:type="GjsifyTlsOcspResponseInfo" c:symbol-prefix="ocsp_response_info" glib:type-name="GjsifyTlsOcspResponseInfo" glib:get-type="gjsify_tls_ocsp_response_info_get_type" glib:type-struct="OcspResponseInfoClass" parent="GObject.Object">
 		<field name="parent_instance" readable="0" private="1">
 			<type name="GObject.Object" c:type="GObject"/>
@@ -150,5 +162,115 @@
 		</field>
 	</record>
 	<record name="TlsPrivate" c:type="GjsifyTlsTlsPrivate" disguised="1"/>
+	<class name="SessionAccess" c:type="GjsifyTlsSessionAccess" c:symbol-prefix="session_access" glib:type-name="GjsifyTlsSessionAccess" glib:get-type="gjsify_tls_session_access_get_type" glib:type-struct="SessionAccessClass" parent="GObject.Object">
+		<field name="parent_instance" readable="0" private="1">
+			<type name="GObject.Object" c:type="GObject"/>
+		</field>
+		<field name="priv" readable="0" private="1">
+			<type name="SessionAccessPrivate" c:type="GjsifyTlsSessionAccessPrivate*"/>
+		</field>
+		<function name="is_supported" c:identifier="gjsify_tls_session_access_is_supported">
+			<return-value transfer-ownership="full">
+				<type name="gboolean" c:type="gboolean"/>
+			</return-value>
+		</function>
+		<function name="for_connection" c:identifier="gjsify_tls_session_access_for_connection">
+			<return-value transfer-ownership="full" nullable="1">
+				<type name="GjsifyTls.SessionAccess" c:type="GjsifyTlsSessionAccess*"/>
+			</return-value>
+			<parameters>
+				<parameter name="connection" transfer-ownership="none" nullable="1">
+					<type name="Gio.TlsConnection" c:type="GTlsConnection*"/>
+				</parameter>
+			</parameters>
+		</function>
+		<method name="is_session_reused" c:identifier="gjsify_tls_session_access_is_session_reused" throws="1">
+			<return-value transfer-ownership="full">
+				<type name="gboolean" c:type="gboolean"/>
+			</return-value>
+			<parameters>
+				<instance-parameter name="self" transfer-ownership="none">
+					<type name="GjsifyTls.SessionAccess" c:type="GjsifyTlsSessionAccess*"/>
+				</instance-parameter>
+			</parameters>
+		</method>
+		<method name="get_session_data" c:identifier="gjsify_tls_session_access_get_session_data" throws="1">
+			<return-value transfer-ownership="full">
+				<type name="GLib.Bytes" c:type="GBytes*"/>
+			</return-value>
+			<parameters>
+				<instance-parameter name="self" transfer-ownership="none">
+					<type name="GjsifyTls.SessionAccess" c:type="GjsifyTlsSessionAccess*"/>
+				</instance-parameter>
+			</parameters>
+		</method>
+		<method name="set_session_data" c:identifier="gjsify_tls_session_access_set_session_data" throws="1">
+			<return-value transfer-ownership="full">
+				<type name="none" c:type="void"/>
+			</return-value>
+			<parameters>
+				<instance-parameter name="self" transfer-ownership="none">
+					<type name="GjsifyTls.SessionAccess" c:type="GjsifyTlsSessionAccess*"/>
+				</instance-parameter>
+				<parameter name="data" transfer-ownership="none">
+					<type name="GLib.Bytes" c:type="GBytes*"/>
+				</parameter>
+			</parameters>
+		</method>
+		<method name="get_channel_binding" c:identifier="gjsify_tls_session_access_get_channel_binding" throws="1">
+			<return-value transfer-ownership="full">
+				<type name="GLib.Bytes" c:type="GBytes*"/>
+			</return-value>
+			<parameters>
+				<instance-parameter name="self" transfer-ownership="none">
+					<type name="GjsifyTls.SessionAccess" c:type="GjsifyTlsSessionAccess*"/>
+				</instance-parameter>
+				<parameter name="binding" transfer-ownership="none">
+					<type name="GjsifyTls.ChannelBindingType" c:type="GjsifyTlsChannelBindingType"/>
+				</parameter>
+			</parameters>
+		</method>
+		<method name="get_finished" c:identifier="gjsify_tls_session_access_get_finished" throws="1">
+			<return-value transfer-ownership="full">
+				<type name="GLib.Bytes" c:type="GBytes*"/>
+			</return-value>
+			<parameters>
+				<instance-parameter name="self" transfer-ownership="none">
+					<type name="GjsifyTls.SessionAccess" c:type="GjsifyTlsSessionAccess*"/>
+				</instance-parameter>
+			</parameters>
+		</method>
+		<method name="get_peer_finished" c:identifier="gjsify_tls_session_access_get_peer_finished" throws="1">
+			<return-value transfer-ownership="full">
+				<type name="GLib.Bytes" c:type="GBytes*"/>
+			</return-value>
+			<parameters>
+				<instance-parameter name="self" transfer-ownership="none">
+					<type name="GjsifyTls.SessionAccess" c:type="GjsifyTlsSessionAccess*"/>
+				</instance-parameter>
+			</parameters>
+		</method>
+		<method name="get_negotiated_protocol_version" c:identifier="gjsify_tls_session_access_get_negotiated_protocol_version">
+			<return-value transfer-ownership="full">
+				<type name="utf8" c:type="gchar*"/>
+			</return-value>
+			<parameters>
+				<instance-parameter name="self" transfer-ownership="none">
+					<type name="GjsifyTls.SessionAccess" c:type="GjsifyTlsSessionAccess*"/>
+				</instance-parameter>
+			</parameters>
+		</method>
+		<constructor name="new" c:identifier="gjsify_tls_session_access_new">
+			<return-value transfer-ownership="full">
+				<type name="GjsifyTls.SessionAccess" c:type="GjsifyTlsSessionAccess*"/>
+			</return-value>
+		</constructor>
+	</class>
+	<record name="SessionAccessClass" c:type="GjsifyTlsSessionAccessClass" glib:is-gtype-struct-for="SessionAccess">
+		<field name="parent_class" readable="0" private="1">
+			<type name="GObject.ObjectClass" c:type="GObjectClass"/>
+		</field>
+	</record>
+	<record name="SessionAccessPrivate" c:type="GjsifyTlsSessionAccessPrivate" disguised="1"/>
 </namespace>
 </repository>

package/src/vala/gjsify-tls-private.vapi

@@ -0,0 +1,39 @@
+/* gjsify-tls-private.vapi — Vala binding for the local C shim that
+ * exposes `Gio.TlsConnection` GnuTLS-session-t-backed APIs (session
+ * resumption, channel binding). See `src/c/gjsify-tls-private.h` for
+ * the documented surface.
+ *
+ * Loaded via meson's `vala_args: ['--vapidir=<srcdir>/src/vala']`.
+ *
+ * Used by: `session-access.vala` Path-A implementation (replacing
+ * the POC NOT_SUPPORTED throws with real GnuTLS-backed calls).
+ */
+
+[CCode (cheader_filename = "gjsify-tls-private.h", cprefix = "gjsify_tls_private_")]
+namespace GjsifyTlsPrivate {
+
+    [CCode (cname = "GjsifyTlsPrivateError", cprefix = "GJSIFY_TLS_PRIVATE_ERROR_", has_type_id = false)]
+    public errordomain Error {
+        NOT_SUPPORTED,
+        GNUTLS_FAILED;
+        public static GLib.Quark quark ();
+    }
+
+    [CCode (cname = "gjsify_tls_private_is_supported")]
+    public bool is_supported ();
+
+    [CCode (cname = "gjsify_tls_private_is_gnutls_connection")]
+    public bool is_gnutls_connection (GLib.TlsConnection conn);
+
+    [CCode (cname = "gjsify_tls_private_is_session_reused")]
+    public bool is_session_reused (GLib.TlsConnection conn) throws GjsifyTlsPrivate.Error;
+
+    [CCode (cname = "gjsify_tls_private_get_session_data")]
+    public GLib.Bytes get_session_data (GLib.TlsConnection conn) throws GjsifyTlsPrivate.Error;
+
+    [CCode (cname = "gjsify_tls_private_set_session_data")]
+    public bool set_session_data (GLib.TlsConnection conn, GLib.Bytes data) throws GjsifyTlsPrivate.Error;
+
+    [CCode (cname = "gjsify_tls_private_get_channel_binding")]
+    public GLib.Bytes get_channel_binding (GLib.TlsConnection conn, int binding_type) throws GjsifyTlsPrivate.Error;
+}

package/src/vala/gnutls-session.vapi

@@ -0,0 +1,54 @@
+/* gnutls-session.vapi — Vala 0.56's bundled gnutls.vapi covers most
+ * of the session API (set_data / get_data / get_data2 / is_resumed),
+ * but `gnutls_session_channel_binding` is missing. This sibling vapi
+ * fills that gap.
+ *
+ * Same `.vapi` (vs `.vala`) reasoning as `gnutls-ocsp.vapi`: putting
+ * `[CCode (cname = "struct …")]` bindings in a `.vala` file makes valac
+ * try to *emit* the typedef, which collides with the typedef already
+ * present in `gnutls/gnutls.h`. `.vapi` declarations are pure
+ * mappings — no code emission.
+ *
+ * Loaded via meson's `vala_args: ['--vapidir=<srcdir>/src/vala']`.
+ *
+ * Used by: `session-access.vala` for the `tls-unique` / `tls-exporter`
+ * channel-binding extraction required by SCRAM-SHA-* SASL (RFC 5929,
+ * RFC 9266).
+ */
+
+[CCode (cheader_filename = "gnutls/gnutls.h", cprefix = "GNUTLS_CB_")]
+namespace GjsifyTlsSession {
+
+    /**
+     * Channel-binding type per RFC 5929 §4 + RFC 9266.
+     *
+     * GnuTLS exposes this enum as `gnutls_channel_binding_t`.
+     */
+    [CCode (cname = "gnutls_channel_binding_t", has_type_id = false)]
+    public enum ChannelBinding {
+        /** `tls-unique` (RFC 5929 §3) — TLS 1.0–1.2 only. The first
+         *  Finished message bytes from the handshake. */
+        [CCode (cname = "GNUTLS_CB_TLS_UNIQUE")]
+        TLS_UNIQUE,
+        /** `tls-server-end-point` (RFC 5929 §4) — hash of the server cert. */
+        [CCode (cname = "GNUTLS_CB_TLS_SERVER_END_POINT")]
+        TLS_SERVER_END_POINT,
+        /** `tls-exporter` (RFC 9266) — TLS 1.3 replacement for `tls-unique`. */
+        [CCode (cname = "GNUTLS_CB_TLS_EXPORTER")]
+        TLS_EXPORTER,
+    }
+
+    /**
+     * `gnutls_session_channel_binding(session, cbtype, &cb)` — extract
+     * the negotiated channel-binding bytes from a live session.
+     *
+     * @session  raw `gnutls_session_t` pointer (opaque to Vala)
+     * @cbtype   one of the {@link ChannelBinding} values
+     * @cb       out: filled with the channel-binding bytes
+     * @returns  0 on success, a GnuTLS error code on failure (e.g.
+     *           `GNUTLS_E_INVALID_REQUEST` for a binding type that
+     *           the negotiated TLS version doesn't support).
+     */
+    [CCode (cname = "gnutls_session_channel_binding")]
+    public int session_channel_binding (void* session, ChannelBinding cbtype, out GnuTLS.Datum cb);
+}