#define REQ_SHA384 0x0008 /* suite needs SHA-384 */
#define REQ_AESCBC 0x0010 /* suite needs AES/CBC encryption */
#define REQ_AESGCM 0x0020 /* suite needs AES/GCM encryption */
-#define REQ_CHAPOL 0x0040 /* suite needs ChaCha20+Poly1305 */
-#define REQ_3DESCBC 0x0080 /* suite needs 3DES/CBC encryption */
-#define REQ_RSAKEYX 0x0100 /* suite uses RSA key exchange */
-#define REQ_ECDHE_RSA 0x0200 /* suite uses ECDHE_RSA key exchange */
-#define REQ_ECDHE_ECDSA 0x0400 /* suite uses ECDHE_ECDSA key exchange */
-#define REQ_ECDH 0x0800 /* suite uses static ECDH key exchange */
+#define REQ_AESCCM 0x0040 /* suite needs AES/CCM encryption */
+#define REQ_CHAPOL 0x0080 /* suite needs ChaCha20+Poly1305 */
+#define REQ_3DESCBC 0x0100 /* suite needs 3DES/CBC encryption */
+#define REQ_RSAKEYX 0x0200 /* suite uses RSA key exchange */
+#define REQ_ECDHE_RSA 0x0400 /* suite uses ECDHE_RSA key exchange */
+#define REQ_ECDHE_ECDSA 0x0800 /* suite uses ECDHE_ECDSA key exchange */
+#define REQ_ECDH 0x1000 /* suite uses static ECDH key exchange */
/*
* Parse a list of cipher suite names. The names are comma-separated. If
*/
void list_names(void);
+/*
+ * Print out all known elliptic curve names.
+ */
+void list_curves(void);
+
/*
* Get the symbolic name for an elliptic curve (by ID).
*/
const char *ec_curve_name(int curve);
+/*
+ * Get a curve by symbolic name. If the name is not recognized, -1 is
+ * returned.
+ */
+int get_curve_by_name(const char *str);
+
/*
* Get the symbolic name for a hash function name (by ID).
*/
*/
const char *find_error_name(int err, const char **comment);
+/*
+ * Find the symbolic name for an algorithm implementation. Provided
+ * pointer should be a pointer to a vtable or to a function, where
+ * appropriate. If not recognised, then the string "UNKNOWN" is returned.
+ *
+ * If 'long_name' is non-zero, then the returned name recalls the
+ * algorithm type as well; otherwise, only the core implementation name
+ * is returned (e.g. the long name could be 'aes_big_cbcenc' while the
+ * short name is 'big').
+ */
+const char *get_algo_name(const void *algo, int long_name);
+
/*
* Run a SSL engine, with a socket connected to the peer, and using
- * stdin/stdout to exchange application data.
+ * stdin/stdout to exchange application data. The socket must be a
+ * non-blocking descriptor.
+ *
+ * To help with Win32 compatibility, the socket descriptor is provided
+ * as an "unsigned long" value.
*
* Returned value:
* 0 SSL connection closed successfully
* -1 early socket close
* -2 stdout was closed, or something failed badly
*/
-int run_ssl_engine(br_ssl_engine_context *eng, int fd, unsigned flags);
+int run_ssl_engine(br_ssl_engine_context *eng,
+ unsigned long fd, unsigned flags);
#define RUN_ENGINE_VERBOSE 0x0001 /* enable verbose messages */
#define RUN_ENGINE_TRACE 0x0002 /* hex dump of records */
*/
int do_chain(int argc, char *argv[]);
+/*
+ * Do the "twrch" command. Returned value is 0 on success, -1 on failure
+ * (processing or arguments), or a non-zero exit code. Command-line
+ * arguments start _after_ the command name.
+ */
+int do_twrch(int argc, char *argv[]);
+
+/*
+ * Do the "impl" command. Returned value is 0 on success, -1 on failure.
+ * Command-line arguments start _after_ the command name.
+ */
+int do_impl(int argc, char *argv[]);
+
#endif