X-Git-Url: https://www.bearssl.org/gitweb//home/git/?p=BearSSL;a=blobdiff_plain;f=tools%2Fbrssl.h;h=d889b08ed1e294059cdbbb50129d2d841a705384;hp=a3ceb14f27b2ea336334996767cfb41240cb7a1f;hb=3655193439d4e093bb80a2f0d9e02179d424de08;hpb=0d974e1c9c284be028143fbbeaaac7faed8dca96

diff --git a/tools/brssl.h b/tools/brssl.h
index a3ceb14..d889b08 100644
--- a/tools/brssl.h
+++ b/tools/brssl.h
@@ -211,6 +211,23 @@ extern const hash_function hash_functions[];
  */
 unsigned parse_hash_functions(const char *arg);
 
+/*
+ * Get a curve name (by ID). If the curve ID is not known, this returns
+ * NULL.
+ */
+const char *get_curve_name(int id);
+
+/*
+ * Get a curve name (by ID). The name is written in the provided buffer
+ * (zero-terminated). If the curve ID is not known, the name is
+ * "unknown (***)" where "***" is the decimal value of the identifier.
+ * If the name does not fit in the provided buffer, then dst[0] is set
+ * to 0 (unless len is 0, in which case nothing is written), and -1 is
+ * returned. Otherwise, the name is written in dst[] (with a terminating
+ * 0), and this function returns 0.
+ */
+int get_curve_name_ext(int id, char *dst, size_t len);
+
 /*
  * Type for a known cipher suite.
  */
@@ -235,11 +252,12 @@ extern const cipher_suite cipher_suites[];
 #define REQ_SHA384         0x0008   /* suite needs SHA-384 */
 #define REQ_AESCBC         0x0010   /* suite needs AES/CBC encryption */
 #define REQ_AESGCM         0x0020   /* suite needs AES/GCM encryption */
-#define REQ_3DESCBC        0x0040   /* suite needs 3DES/CBC encryption */
-#define REQ_RSAKEYX        0x0080   /* suite uses RSA key exchange */
-#define REQ_ECDHE_RSA      0x0100   /* suite uses ECDHE_RSA key exchange */
-#define REQ_ECDHE_ECDSA    0x0200   /* suite uses ECDHE_ECDSA key exchange */
-#define REQ_ECDH           0x0400   /* suite uses static ECDH key exchange */
+#define REQ_CHAPOL         0x0040   /* suite needs ChaCha20+Poly1305 */
+#define REQ_3DESCBC        0x0080   /* suite needs 3DES/CBC encryption */
+#define REQ_RSAKEYX        0x0100   /* suite uses RSA key exchange */
+#define REQ_ECDHE_RSA      0x0200   /* suite uses ECDHE_RSA key exchange */
+#define REQ_ECDHE_ECDSA    0x0400   /* suite uses ECDHE_ECDSA key exchange */
+#define REQ_ECDH           0x0800   /* suite uses static ECDH key exchange */
 
 /*
  * Parse a list of cipher suite names. The names are comma-separated. If
@@ -269,6 +287,11 @@ const char *get_suite_name(unsigned suite);
  */
 int get_suite_name_ext(unsigned suite, char *dst, size_t len);
 
+/*
+ * Tell whether a cipher suite uses ECDHE key exchange.
+ */
+int uses_ecdhe(unsigned suite);
+
 /*
  * Print out all known names (for protocol versions, cipher suites...).
  */
@@ -279,6 +302,11 @@ void list_names(void);
  */
 const char *ec_curve_name(int curve);
 
+/*
+ * Get the symbolic name for a hash function name (by ID).
+ */
+const char *hash_function_name(int id);
+
 /*
  * Read a file completely. The returned block is allocated with xmalloc()
  * and must be released by the caller.
@@ -342,6 +370,12 @@ pem_object *decode_pem(const void *src, size_t len, size_t *num);
  */
 br_x509_certificate *read_certificates(const char *fname, size_t *num);
 
+/*
+ * Release certificates. This releases all certificate data arrays,
+ * and the whole array as well.
+ */
+void free_certificates(br_x509_certificate *certs, size_t num);
+
 /*
  * Interpret a certificate as a trust anchor. The trust anchor is
  * newly allocated with xmalloc() and the caller must release it.
@@ -369,6 +403,12 @@ void free_ta_contents(br_x509_trust_anchor *ta);
  */
 size_t read_trust_anchors(anchor_list *dst, const char *fname);
 
+/*
+ * Get the "signer key type" for the certificate (key type of the
+ * issuing CA). On error, this prints a message on stderr, and returns 0.
+ */
+int get_cert_signer_algo(br_x509_certificate *xc);
+
 /*
  * Special "no anchor" X.509 validator that wraps around another X.509
  * validator and turns "not trusted" error codes into success. This is
@@ -408,6 +448,20 @@ private_key *read_private_key(const char *fname);
  */
 void free_private_key(private_key *sk);
 
+/*
+ * Get the encoded OID for a given hash function (to use with PKCS#1
+ * signatures). If the hash function ID is 0 (for MD5+SHA-1), or if
+ * the ID is not one of the SHA-* functions (SHA-1, SHA-224, SHA-256,
+ * SHA-384, SHA-512), then this function returns NULL.
+ */
+const unsigned char *get_hash_oid(int id);
+
+/*
+ * Get a hash implementation by ID. This returns NULL if the hash
+ * implementation is not available.
+ */
+const br_hash_class *get_hash_impl(int id);
+
 /*
  * Find the symbolic name and the description for an error. If 'err' is
  * recognised then the error symbolic name is returned; if 'comment' is