X-Git-Url: https://bearssl.org/gitweb//home/git/?p=BearSSL;a=blobdiff_plain;f=tools%2Fbrssl.h;h=f2957e640f4db949768c0ccb68110fc1f717aa8b;hp=e93ed4c7d527b456dd73fa99a3384b1cfd4154dc;hb=c1d1306e276005428778c669a149f2a4cbc50c85;hpb=e61ad42191511226309bad2cbde8cd9e8cc743cb diff --git a/tools/brssl.h b/tools/brssl.h index e93ed4c..f2957e6 100644 --- a/tools/brssl.h +++ b/tools/brssl.h @@ -211,6 +211,23 @@ extern const hash_function hash_functions[]; */ unsigned parse_hash_functions(const char *arg); +/* + * Get a curve name (by ID). If the curve ID is not known, this returns + * NULL. + */ +const char *get_curve_name(int id); + +/* + * Get a curve name (by ID). The name is written in the provided buffer + * (zero-terminated). If the curve ID is not known, the name is + * "unknown (***)" where "***" is the decimal value of the identifier. + * If the name does not fit in the provided buffer, then dst[0] is set + * to 0 (unless len is 0, in which case nothing is written), and -1 is + * returned. Otherwise, the name is written in dst[] (with a terminating + * 0), and this function returns 0. + */ +int get_curve_name_ext(int id, char *dst, size_t len); + /* * Type for a known cipher suite. */ @@ -235,11 +252,12 @@ extern const cipher_suite cipher_suites[]; #define REQ_SHA384 0x0008 /* suite needs SHA-384 */ #define REQ_AESCBC 0x0010 /* suite needs AES/CBC encryption */ #define REQ_AESGCM 0x0020 /* suite needs AES/GCM encryption */ -#define REQ_3DESCBC 0x0040 /* suite needs 3DES/CBC encryption */ -#define REQ_RSAKEYX 0x0080 /* suite uses RSA key exchange */ -#define REQ_ECDHE_RSA 0x0100 /* suite uses ECDHE_RSA key exchange */ -#define REQ_ECDHE_ECDSA 0x0200 /* suite uses ECDHE_ECDSA key exchange */ -#define REQ_ECDH 0x0400 /* suite uses static ECDH key exchange */ +#define REQ_CHAPOL 0x0040 /* suite needs ChaCha20+Poly1305 */ +#define REQ_3DESCBC 0x0080 /* suite needs 3DES/CBC encryption */ +#define REQ_RSAKEYX 0x0100 /* suite uses RSA key exchange */ +#define REQ_ECDHE_RSA 0x0200 /* suite uses ECDHE_RSA key exchange */ +#define REQ_ECDHE_ECDSA 0x0400 /* suite uses ECDHE_ECDSA key exchange */ +#define REQ_ECDH 0x0800 /* suite uses static ECDH key exchange */ /* * Parse a list of cipher suite names. The names are comma-separated. If @@ -269,6 +287,11 @@ const char *get_suite_name(unsigned suite); */ int get_suite_name_ext(unsigned suite, char *dst, size_t len); +/* + * Tell whether a cipher suite uses ECDHE key exchange. + */ +int uses_ecdhe(unsigned suite); + /* * Print out all known names (for protocol versions, cipher suites...). */ @@ -448,17 +471,33 @@ const br_hash_class *get_hash_impl(int id); */ const char *find_error_name(int err, const char **comment); +/* + * Find the symbolic name for an algorithm implementation. Provided + * pointer should be a pointer to a vtable or to a function, where + * appropriate. If not recognised, then the string "UNKNOWN" is returned. + * + * If 'long_name' is non-zero, then the returned name recalls the + * algorithm type as well; otherwise, only the core implementation name + * is returned (e.g. the long name could be 'aes_big_cbcenc' while the + * short name is 'big'). + */ +const char *get_algo_name(const void *algo, int long_name); + /* * Run a SSL engine, with a socket connected to the peer, and using * stdin/stdout to exchange application data. * + * To help with Win32 compatibility, the socket descriptor is provided + * as an "unsigned long" value. + * * Returned value: * 0 SSL connection closed successfully * x > 0 SSL error "x" * -1 early socket close * -2 stdout was closed, or something failed badly */ -int run_ssl_engine(br_ssl_engine_context *eng, int fd, unsigned flags); +int run_ssl_engine(br_ssl_engine_context *eng, + unsigned long fd, unsigned flags); #define RUN_ENGINE_VERBOSE 0x0001 /* enable verbose messages */ #define RUN_ENGINE_TRACE 0x0002 /* hex dump of records */