Add g_(d)tls_connection_get_channel_binding_data calls and enums

* Add g_tls_connection_get_channel_binding_data API call * Add g_dtls_connection_get_channel_binding_data API call * Add get_binding_data method to GTlsConnection class * Add get_binding_data method to GDtlsConnection interface * Add GTlsChannelBindingType enum with tls-unique and tls-server-end-point types * Add GTlsChannelBindingError enum and G_TLS_CHANNEL_BINDING_ERROR quark * Add new API calls to documentation reference gio-sections-common
2025-08-02 07:23:41 +02:00 · 2020-06-25 12:40:34 +00:00
parent 6801e06d83
commit 44524b9daa
9 changed files with 322 additions and 1 deletions
--- a/gio/gdtlsconnection.c
+++ b/gio/gdtlsconnection.c
@@ -26,6 +26,7 @@
 #include "gsocket.h"
 #include "gtlsbackend.h"
 #include "gtlscertificate.h"
+#include "gtlsconnection.h"
 #include "gdtlsclientconnection.h"
 #include "gtlsdatabase.h"
 #include "gtlsinteraction.h"
@@ -1073,3 +1074,52 @@ g_dtls_connection_get_negotiated_protocol (GDtlsConnection *conn)

  return iface->get_negotiated_protocol (conn);
 }
+
+/**
+ * g_dtls_connection_get_channel_binding_data:
+ * @conn: a #GDtlsConnection
+ * @type: #GTlsChannelBindingType type of data to fetch
+ * @data: (out callee-allocates)(optional)(transfer none): #GByteArray is
+ *        filled with the binding data, or %NULL
+ * @error: a #GError pointer, or %NULL
+ *
+ * Query the TLS backend for TLS channel binding data of @type for @conn.
+ *
+ * This call retrieves TLS channel binding data as specified in RFC
+ * [5056](https://tools.ietf.org/html/rfc5056), RFC
+ * [5929](https://tools.ietf.org/html/rfc5929), and related RFCs.  The
+ * binding data is returned in @data.  The @data is resized by the callee
+ * using #GByteArray buffer management and will be freed when the @data
+ * is destroyed by g_byte_array_unref(). If @data is %NULL, it will only
+ * check whether TLS backend is able to fetch the data (e.g. whether @type
+ * is supported by the TLS backend). It does not guarantee that the data
+ * will be available though.  That could happen if TLS connection does not
+ * support @type or the binding data is not available yet due to additional
+ * negotiation or input required.
+ *
+ * Returns: %TRUE on success, %FALSE otherwise
+ *
+ * Since: 2.66
+ */
+gboolean
+g_dtls_connection_get_channel_binding_data (GDtlsConnection         *conn,
+                                            GTlsChannelBindingType   type,
+                                            GByteArray              *data,
+                                            GError                 **error)
+{
+  GDtlsConnectionInterface *iface;
+
+  g_return_val_if_fail (G_IS_DTLS_CONNECTION (conn), FALSE);
+  g_return_val_if_fail (error == NULL || *error == NULL, FALSE);
+
+  iface = G_DTLS_CONNECTION_GET_INTERFACE (conn);
+  if (iface->get_binding_data == NULL)
+    {
+      g_set_error_literal (error, G_TLS_CHANNEL_BINDING_ERROR,
+          G_TLS_CHANNEL_BINDING_ERROR_NOT_IMPLEMENTED,
+          _("TLS backend does not implement TLS binding retrieval"));
+      return FALSE;
+    }
+
+  return iface->get_binding_data (conn, type, data, error);
+}