1
/*
2
 * Copyright (c) 2016 Thomas Pornin <[email protected]>
3
 *
4
 * Permission is hereby granted, free of charge, to any person obtaining 
5
 * a copy of this software and associated documentation files (the
6
 * "Software"), to deal in the Software without restriction, including
7
 * without limitation the rights to use, copy, modify, merge, publish,
8
 * distribute, sublicense, and/or sell copies of the Software, and to
9
 * permit persons to whom the Software is furnished to do so, subject to
10
 * the following conditions:
11
 *
12
 * The above copyright notice and this permission notice shall be 
13
 * included in all copies or substantial portions of the Software.
14
 *
15
 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, 
16
 * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
17
 * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND 
18
 * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
19
 * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
20
 * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
21
 * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
22
 * SOFTWARE.
23
 */
24

25
#include "brssl.h"
26
#include "bearssl.h"
27

28
/* see brssl.h */
29
const protocol_version protocol_versions[] = {
30
	{ "tls10", BR_TLS10, "TLS 1.0" },
31
	{ "tls11", BR_TLS11, "TLS 1.1" },
32
	{ "tls12", BR_TLS12, "TLS 1.2" },
33
	{ NULL, 0, NULL }
34
};
35

36
/* see brssl.h */
37
const hash_function hash_functions[] = {
38
	{ "md5",     &br_md5_vtable,     "MD5" },
39
	{ "sha1",    &br_sha1_vtable,    "SHA-1" },
40
	{ "sha224",  &br_sha224_vtable,  "SHA-224" },
41
	{ "sha256",  &br_sha256_vtable,  "SHA-256" },
42
	{ "sha384",  &br_sha384_vtable,  "SHA-384" },
43
	{ "sha512",  &br_sha512_vtable,  "SHA-512" },
44
	{ NULL, 0, NULL }
45
};
46

47
/* see brssl.h */
48
const cipher_suite cipher_suites[] = {
49
	{
50
		"ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256",
51
		BR_TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,
52
		REQ_ECDHE_ECDSA | REQ_CHAPOL | REQ_SHA256 | REQ_TLS12,
53
		"ECDHE with ECDSA, ChaCha20+Poly1305 encryption (TLS 1.2+)"
54
	},
55
	{
56
		"ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256",
57
		BR_TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
58
		REQ_ECDHE_RSA | REQ_CHAPOL | REQ_SHA256 | REQ_TLS12,
59
		"ECDHE with RSA, ChaCha20+Poly1305 encryption (TLS 1.2+)"
60
	},
61
	{
62
		"ECDHE_ECDSA_WITH_AES_128_GCM_SHA256",
63
		BR_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
64
		REQ_ECDHE_ECDSA | REQ_AESGCM | REQ_SHA256 | REQ_TLS12,
65
		"ECDHE with ECDSA, AES-128/GCM encryption (TLS 1.2+)"
66
	},
67
	{
68
		"ECDHE_RSA_WITH_AES_128_GCM_SHA256",
69
		BR_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
70
		REQ_ECDHE_RSA | REQ_AESGCM | REQ_SHA256 | REQ_TLS12,
71
		"ECDHE with RSA, AES-128/GCM encryption (TLS 1.2+)"
72
	},
73
	{
74
		"ECDHE_ECDSA_WITH_AES_256_GCM_SHA384",
75
		BR_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
76
		REQ_ECDHE_ECDSA | REQ_AESGCM | REQ_SHA384 | REQ_TLS12,
77
		"ECDHE with ECDSA, AES-256/GCM encryption (TLS 1.2+)"
78
	},
79
	{
80
		"ECDHE_RSA_WITH_AES_256_GCM_SHA384",
81
		BR_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
82
		REQ_ECDHE_RSA | REQ_AESGCM | REQ_SHA384 | REQ_TLS12,
83
		"ECDHE with RSA, AES-256/GCM encryption (TLS 1.2+)"
84
	},
85
	{
86
		"ECDHE_ECDSA_WITH_AES_128_CCM",
87
		BR_TLS_ECDHE_ECDSA_WITH_AES_128_CCM,
88
		REQ_ECDHE_ECDSA | REQ_AESCCM | REQ_SHA256 | REQ_TLS12,
89
		"ECDHE with ECDSA, AES-128/CCM encryption (TLS 1.2+)"
90
	},
91
	{
92
		"ECDHE_ECDSA_WITH_AES_256_CCM",
93
		BR_TLS_ECDHE_ECDSA_WITH_AES_256_CCM,
94
		REQ_ECDHE_ECDSA | REQ_AESCCM | REQ_SHA256 | REQ_TLS12,
95
		"ECDHE with ECDSA, AES-256/CCM encryption (TLS 1.2+)"
96
	},
97
	{
98
		"ECDHE_ECDSA_WITH_AES_128_CCM_8",
99
		BR_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8,
100
		REQ_ECDHE_ECDSA | REQ_AESCCM | REQ_SHA256 | REQ_TLS12,
101
		"ECDHE with ECDSA, AES-128/CCM_8 encryption (TLS 1.2+)"
102
	},
103
	{
104
		"ECDHE_ECDSA_WITH_AES_256_CCM_8",
105
		BR_TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8,
106
		REQ_ECDHE_ECDSA | REQ_AESCCM | REQ_SHA256 | REQ_TLS12,
107
		"ECDHE with ECDSA, AES-256/CCM_8 encryption (TLS 1.2+)"
108
	},
109
	{
110
		"ECDHE_ECDSA_WITH_AES_128_CBC_SHA256",
111
		BR_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,
112
		REQ_ECDHE_ECDSA | REQ_AESCBC | REQ_SHA256 | REQ_TLS12,
113
		"ECDHE with ECDSA, AES-128/CBC + SHA-256 (TLS 1.2+)"
114
	},
115
	{
116
		"ECDHE_RSA_WITH_AES_128_CBC_SHA256",
117
		BR_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
118
		REQ_ECDHE_RSA | REQ_AESCBC | REQ_SHA256 | REQ_TLS12,
119
		"ECDHE with RSA, AES-128/CBC + SHA-256 (TLS 1.2+)"
120
	},
121
	{
122
		"ECDHE_ECDSA_WITH_AES_256_CBC_SHA384",
123
		BR_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,
124
		REQ_ECDHE_ECDSA | REQ_AESCBC | REQ_SHA384 | REQ_TLS12,
125
		"ECDHE with ECDSA, AES-256/CBC + SHA-384 (TLS 1.2+)"
126
	},
127
	{
128
		"ECDHE_RSA_WITH_AES_256_CBC_SHA384",
129
		BR_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,
130
		REQ_ECDHE_RSA | REQ_AESCBC | REQ_SHA384 | REQ_TLS12,
131
		"ECDHE with RSA, AES-256/CBC + SHA-384 (TLS 1.2+)"
132
	},
133
	{
134
		"ECDHE_ECDSA_WITH_AES_128_CBC_SHA",
135
		BR_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
136
		REQ_ECDHE_ECDSA | REQ_AESCBC | REQ_SHA1,
137
		"ECDHE with ECDSA, AES-128/CBC + SHA-1"
138
	},
139
	{
140
		"ECDHE_RSA_WITH_AES_128_CBC_SHA",
141
		BR_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
142
		REQ_ECDHE_RSA | REQ_AESCBC | REQ_SHA1,
143
		"ECDHE with RSA, AES-128/CBC + SHA-1"
144
	},
145
	{
146
		"ECDHE_ECDSA_WITH_AES_256_CBC_SHA",
147
		BR_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
148
		REQ_ECDHE_ECDSA | REQ_AESCBC | REQ_SHA1,
149
		"ECDHE with ECDSA, AES-256/CBC + SHA-1"
150
	},
151
	{
152
		"ECDHE_RSA_WITH_AES_256_CBC_SHA",
153
		BR_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
154
		REQ_ECDHE_RSA | REQ_AESCBC | REQ_SHA1,
155
		"ECDHE with RSA, AES-256/CBC + SHA-1"
156
	},
157
	{
158
		"ECDH_ECDSA_WITH_AES_128_GCM_SHA256",
159
		BR_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256,
160
		REQ_ECDH | REQ_AESGCM | REQ_SHA256 | REQ_TLS12,
161
		"ECDH key exchange (EC cert), AES-128/GCM (TLS 1.2+)"
162
	},
163
	{
164
		"ECDH_RSA_WITH_AES_128_GCM_SHA256",
165
		BR_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256,
166
		REQ_ECDH | REQ_AESGCM | REQ_SHA256 | REQ_TLS12,
167
		"ECDH key exchange (RSA cert), AES-128/GCM (TLS 1.2+)"
168
	},
169
	{
170
		"ECDH_ECDSA_WITH_AES_256_GCM_SHA384",
171
		BR_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384,
172
		REQ_ECDH | REQ_AESGCM | REQ_SHA384 | REQ_TLS12,
173
		"ECDH key exchange (EC cert), AES-256/GCM (TLS 1.2+)"
174
	},
175
	{
176
		"ECDH_RSA_WITH_AES_256_GCM_SHA384",
177
		BR_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384,
178
		REQ_ECDH | REQ_AESGCM | REQ_SHA384 | REQ_TLS12,
179
		"ECDH key exchange (RSA cert), AES-256/GCM (TLS 1.2+)"
180
	},
181
	{
182
		"ECDH_ECDSA_WITH_AES_128_CBC_SHA256",
183
		BR_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256,
184
		REQ_ECDH | REQ_AESCBC | REQ_SHA256 | REQ_TLS12,
185
		"ECDH key exchange (EC cert), AES-128/CBC + HMAC/SHA-256 (TLS 1.2+)"
186
	},
187
	{
188
		"ECDH_RSA_WITH_AES_128_CBC_SHA256",
189
		BR_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256,
190
		REQ_ECDH | REQ_AESCBC | REQ_SHA256 | REQ_TLS12,
191
		"ECDH key exchange (RSA cert), AES-128/CBC + HMAC/SHA-256 (TLS 1.2+)"
192
	},
193
	{
194
		"ECDH_ECDSA_WITH_AES_256_CBC_SHA384",
195
		BR_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384,
196
		REQ_ECDH | REQ_AESCBC | REQ_SHA384 | REQ_TLS12,
197
		"ECDH key exchange (EC cert), AES-256/CBC + HMAC/SHA-384 (TLS 1.2+)"
198
	},
199
	{
200
		"ECDH_RSA_WITH_AES_256_CBC_SHA384",
201
		BR_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384,
202
		REQ_ECDH | REQ_AESCBC | REQ_SHA384 | REQ_TLS12,
203
		"ECDH key exchange (RSA cert), AES-256/CBC + HMAC/SHA-384 (TLS 1.2+)"
204
	},
205
	{
206
		"ECDH_ECDSA_WITH_AES_128_CBC_SHA",
207
		BR_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA,
208
		REQ_ECDH | REQ_AESCBC | REQ_SHA1,
209
		"ECDH key exchange (EC cert), AES-128/CBC + HMAC/SHA-1"
210
	},
211
	{
212
		"ECDH_RSA_WITH_AES_128_CBC_SHA",
213
		BR_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA,
214
		REQ_ECDH | REQ_AESCBC | REQ_SHA1,
215
		"ECDH key exchange (RSA cert), AES-128/CBC + HMAC/SHA-1"
216
	},
217
	{
218
		"ECDH_ECDSA_WITH_AES_256_CBC_SHA",
219
		BR_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA,
220
		REQ_ECDH | REQ_AESCBC | REQ_SHA1,
221
		"ECDH key exchange (EC cert), AES-256/CBC + HMAC/SHA-1"
222
	},
223
	{
224
		"ECDH_RSA_WITH_AES_256_CBC_SHA",
225
		BR_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA,
226
		REQ_ECDH | REQ_AESCBC | REQ_SHA1,
227
		"ECDH key exchange (RSA cert), AES-256/CBC + HMAC/SHA-1"
228
	},
229
	{
230
		"RSA_WITH_AES_128_GCM_SHA256",
231
		BR_TLS_RSA_WITH_AES_128_GCM_SHA256,
232
		REQ_RSAKEYX | REQ_AESGCM | REQ_SHA256 | REQ_TLS12,
233
		"RSA key exchange, AES-128/GCM encryption (TLS 1.2+)"
234
	},
235
	{
236
		"RSA_WITH_AES_256_GCM_SHA384",
237
		BR_TLS_RSA_WITH_AES_256_GCM_SHA384,
238
		REQ_RSAKEYX | REQ_AESGCM | REQ_SHA384 | REQ_TLS12,
239
		"RSA key exchange, AES-256/GCM encryption (TLS 1.2+)"
240
	},
241
	{
242
		"RSA_WITH_AES_128_CCM",
243
		BR_TLS_RSA_WITH_AES_128_CCM,
244
		REQ_RSAKEYX | REQ_AESCCM | REQ_SHA256 | REQ_TLS12,
245
		"RSA key exchange, AES-128/CCM encryption (TLS 1.2+)"
246
	},
247
	{
248
		"RSA_WITH_AES_256_CCM",
249
		BR_TLS_RSA_WITH_AES_256_CCM,
250
		REQ_RSAKEYX | REQ_AESCCM | REQ_SHA256 | REQ_TLS12,
251
		"RSA key exchange, AES-256/CCM encryption (TLS 1.2+)"
252
	},
253
	{
254
		"RSA_WITH_AES_128_CCM_8",
255
		BR_TLS_RSA_WITH_AES_128_CCM_8,
256
		REQ_RSAKEYX | REQ_AESCCM | REQ_SHA256 | REQ_TLS12,
257
		"RSA key exchange, AES-128/CCM_8 encryption (TLS 1.2+)"
258
	},
259
	{
260
		"RSA_WITH_AES_256_CCM_8",
261
		BR_TLS_RSA_WITH_AES_256_CCM_8,
262
		REQ_RSAKEYX | REQ_AESCCM | REQ_SHA256 | REQ_TLS12,
263
		"RSA key exchange, AES-256/CCM_8 encryption (TLS 1.2+)"
264
	},
265
	{
266
		"RSA_WITH_AES_128_CBC_SHA256",
267
		BR_TLS_RSA_WITH_AES_128_CBC_SHA256,
268
		REQ_RSAKEYX | REQ_AESCBC | REQ_SHA256 | REQ_TLS12,
269
		"RSA key exchange, AES-128/CBC + HMAC/SHA-256 (TLS 1.2+)"
270
	},
271
	{
272
		"RSA_WITH_AES_256_CBC_SHA256",
273
		BR_TLS_RSA_WITH_AES_256_CBC_SHA256,
274
		REQ_RSAKEYX | REQ_AESCBC | REQ_SHA256 | REQ_TLS12,
275
		"RSA key exchange, AES-256/CBC + HMAC/SHA-256 (TLS 1.2+)"
276
	},
277
	{
278
		"RSA_WITH_AES_128_CBC_SHA",
279
		BR_TLS_RSA_WITH_AES_128_CBC_SHA,
280
		REQ_RSAKEYX | REQ_AESCBC | REQ_SHA1,
281
		"RSA key exchange, AES-128/CBC + HMAC/SHA-1"
282
	},
283
	{
284
		"RSA_WITH_AES_256_CBC_SHA",
285
		BR_TLS_RSA_WITH_AES_256_CBC_SHA,
286
		REQ_RSAKEYX | REQ_AESCBC | REQ_SHA1,
287
		"RSA key exchange, AES-256/CBC + HMAC/SHA-1"
288
	},
289
	{
290
		"ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA",
291
		BR_TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA,
292
		REQ_ECDHE_ECDSA | REQ_3DESCBC | REQ_SHA1,
293
		"ECDHE with ECDSA, 3DES/CBC + SHA-1"
294
	},
295
	{
296
		"ECDHE_RSA_WITH_3DES_EDE_CBC_SHA",
297
		BR_TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,
298
		REQ_ECDHE_RSA | REQ_3DESCBC | REQ_SHA1,
299
		"ECDHE with RSA, 3DES/CBC + SHA-1"
300
	},
301
	{
302
		"ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA",
303
		BR_TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA,
304
		REQ_ECDH | REQ_3DESCBC | REQ_SHA1,
305
		"ECDH key exchange (EC cert), 3DES/CBC + HMAC/SHA-1"
306
	},
307
	{
308
		"ECDH_RSA_WITH_3DES_EDE_CBC_SHA",
309
		BR_TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA,
310
		REQ_ECDH | REQ_3DESCBC | REQ_SHA1,
311
		"ECDH key exchange (RSA cert), 3DES/CBC + HMAC/SHA-1"
312
	},
313
	{
314
		"RSA_WITH_3DES_EDE_CBC_SHA",
315
		BR_TLS_RSA_WITH_3DES_EDE_CBC_SHA,
316
		REQ_RSAKEYX | REQ_3DESCBC | REQ_SHA1,
317
		"RSA key exchange, 3DES/CBC + HMAC/SHA-1"
318
	},
319
	{ NULL, 0, 0, NULL }
320
};
321

322
static const struct {
323
	int id;
324
	const char *name;
325
	const char *sid[4];
326
} curves[] = {
327
	{ BR_EC_sect163k1,
328
	  "sect163k1",
329
	  { "sect163k1", "K-163", NULL, NULL } },
330
	{ BR_EC_sect163r1,
331
	  "sect163r1",
332
	  { "sect163r1", NULL, NULL, NULL } },
333
	{ BR_EC_sect163r2,
334
	  "sect163r2",
335
	  { "sect163r2", "B-163", NULL, NULL } },
336
	{ BR_EC_sect193r1,
337
	  "sect193r1",
338
	  { "sect193r1", NULL, NULL, NULL } },
339
	{ BR_EC_sect193r2,
340
	  "sect193r2",
341
	  { "sect193r2", NULL, NULL, NULL } },
342
	{ BR_EC_sect233k1,
343
	  "sect233k1",
344
	  { "sect233k1", "K-233", NULL, NULL } },
345
	{ BR_EC_sect233r1,
346
	  "sect233r1",
347
	  { "sect233r1", "B-233", NULL, NULL } },
348
	{ BR_EC_sect239k1,
349
	  "sect239k1",
350
	  { "sect239k1", NULL, NULL, NULL } },
351
	{ BR_EC_sect283k1,
352
	  "sect283k1",
353
	  { "sect283k1", "K-283", NULL, NULL } },
354
	{ BR_EC_sect283r1,
355
	  "sect283r1",
356
	  { "sect283r1", "B-283", NULL, NULL } },
357
	{ BR_EC_sect409k1,
358
	  "sect409k1",
359
	  { "sect409k1", "K-409", NULL, NULL } },
360
	{ BR_EC_sect409r1,
361
	  "sect409r1",
362
	  { "sect409r1", "B-409", NULL, NULL } },
363
	{ BR_EC_sect571k1,
364
	  "sect571k1",
365
	  { "sect571k1", "K-571", NULL, NULL } },
366
	{ BR_EC_sect571r1,
367
	  "sect571r1",
368
	  { "sect571r1", "B-571", NULL, NULL } },
369
	{ BR_EC_secp160k1,
370
	  "secp160k1",
371
	  { "secp160k1", NULL, NULL, NULL } },
372
	{ BR_EC_secp160r1,
373
	  "secp160r1",
374
	  { "secp160r1", NULL, NULL, NULL } },
375
	{ BR_EC_secp160r2,
376
	  "secp160r2",
377
	  { "secp160r2", NULL, NULL, NULL } },
378
	{ BR_EC_secp192k1,
379
	  "secp192k1",
380
	  { "secp192k1", NULL, NULL, NULL } },
381
	{ BR_EC_secp192r1,
382
	  "secp192r1",
383
	  { "secp192r1", "P-192", NULL, NULL } },
384
	{ BR_EC_secp224k1,
385
	  "secp224k1",
386
	  { "secp224k1", NULL, NULL, NULL } },
387
	{ BR_EC_secp224r1,
388
	  "secp224r1",
389
	  { "secp224r1", "P-224", NULL, NULL } },
390
	{ BR_EC_secp256k1,
391
	  "secp256k1",
392
	  { "secp256k1", NULL, NULL, NULL } },
393
	{ BR_EC_secp256r1,
394
	  "secp256r1 (P-256)",
395
	  { "secp256r1", "P-256", "prime256v1", NULL } },
396
	{ BR_EC_secp384r1,
397
	  "secp384r1 (P-384)",
398
	  { "secp384r1", "P-384", NULL, NULL } },
399
	{ BR_EC_secp521r1,
400
	  "secp521r1 (P-521)",
401
	  { "secp521r1", "P-521", NULL, NULL } },
402
	{ BR_EC_brainpoolP256r1,
403
	  "brainpoolP256r1",
404
	  { "brainpoolP256r1", NULL, NULL, NULL } },
405
	{ BR_EC_brainpoolP384r1,
406
	  "brainpoolP384r1",
407
	  { "brainpoolP384r1", NULL, NULL, NULL } },
408
	{ BR_EC_brainpoolP512r1,
409
	  "brainpoolP512r1",
410
	  { "brainpoolP512r1", NULL, NULL, NULL } },
411
	{ BR_EC_curve25519,
412
	  "Curve25519",
413
	  { "curve25519", "c25519", NULL, NULL } },
414
	{ BR_EC_curve448,
415
	  "Curve448",
416
	  { "curve448", "c448", NULL, NULL } },
417
	{ 0, 0, { 0, 0, 0, 0 } }
418
};
419

420
static const struct {
421
	const char *long_name;
422
	const char *short_name;
423
	const void *impl;
424
} algo_names[] = {
425
	/* Block ciphers */
426
	{ "aes_big_cbcenc",    "big",         &br_aes_big_cbcenc_vtable },
427
	{ "aes_big_cbcdec",    "big",         &br_aes_big_cbcdec_vtable },
428
	{ "aes_big_ctr",       "big",         &br_aes_big_ctr_vtable },
429
	{ "aes_big_ctrcbc",    "big",         &br_aes_big_ctrcbc_vtable },
430
	{ "aes_small_cbcenc",  "small",       &br_aes_small_cbcenc_vtable },
431
	{ "aes_small_cbcdec",  "small",       &br_aes_small_cbcdec_vtable },
432
	{ "aes_small_ctr",     "small",       &br_aes_small_ctr_vtable },
433
	{ "aes_small_ctrcbc",  "small",       &br_aes_small_ctrcbc_vtable },
434
	{ "aes_ct_cbcenc",     "ct",          &br_aes_ct_cbcenc_vtable },
435
	{ "aes_ct_cbcdec",     "ct",          &br_aes_ct_cbcdec_vtable },
436
	{ "aes_ct_ctr",        "ct",          &br_aes_ct_ctr_vtable },
437
	{ "aes_ct_ctrcbc",     "ct",          &br_aes_ct_ctrcbc_vtable },
438
	{ "aes_ct64_cbcenc",   "ct64",        &br_aes_ct64_cbcenc_vtable },
439
	{ "aes_ct64_cbcdec",   "ct64",        &br_aes_ct64_cbcdec_vtable },
440
	{ "aes_ct64_ctr",      "ct64",        &br_aes_ct64_ctr_vtable },
441
	{ "aes_ct64_ctrcbc",   "ct64",        &br_aes_ct64_ctrcbc_vtable },
442

443
	{ "des_tab_cbcenc",    "tab",         &br_des_tab_cbcenc_vtable },
444
	{ "des_tab_cbcdec",    "tab",         &br_des_tab_cbcdec_vtable },
445
	{ "des_ct_cbcenc",     "ct",          &br_des_ct_cbcenc_vtable },
446
	{ "des_ct_cbcdec",     "ct",          &br_des_ct_cbcdec_vtable },
447

448
	{ "chacha20_ct",       "ct",          &br_chacha20_ct_run },
449

450
	{ "ghash_ctmul",       "ctmul",       &br_ghash_ctmul },
451
	{ "ghash_ctmul32",     "ctmul32",     &br_ghash_ctmul32 },
452
	{ "ghash_ctmul64",     "ctmul64",     &br_ghash_ctmul64 },
453

454
	{ "poly1305_ctmul",    "ctmul",       &br_poly1305_ctmul_run },
455
	{ "poly1305_ctmul32",  "ctmul32",     &br_poly1305_ctmul32_run },
456

457
	{ "ec_all_m15",        "all_m15",     &br_ec_all_m15 },
458
	{ "ec_all_m31",        "all_m31",     &br_ec_all_m31 },
459
	{ "ec_c25519_i15",     "c25519_i15",  &br_ec_c25519_i15 },
460
	{ "ec_c25519_i31",     "c25519_i31",  &br_ec_c25519_i31 },
461
	{ "ec_c25519_m15",     "c25519_m15",  &br_ec_c25519_m15 },
462
	{ "ec_c25519_m31",     "c25519_m31",  &br_ec_c25519_m31 },
463
	{ "ec_p256_m15",       "p256_m15",    &br_ec_p256_m15 },
464
	{ "ec_p256_m31",       "p256_m31",    &br_ec_p256_m31 },
465
	{ "ec_prime_i15",      "prime_i15",   &br_ec_prime_i15 },
466
	{ "ec_prime_i31",      "prime_i31",   &br_ec_prime_i31 },
467

468
	{ "ecdsa_i15_sign_asn1",  "i15_asn1",  &br_ecdsa_i15_sign_asn1 },
469
	{ "ecdsa_i15_sign_raw",   "i15_raw",   &br_ecdsa_i15_sign_raw },
470
	{ "ecdsa_i31_sign_asn1",  "i31_asn1",  &br_ecdsa_i31_sign_asn1 },
471
	{ "ecdsa_i31_sign_raw",   "i31_raw",   &br_ecdsa_i31_sign_raw },
472
	{ "ecdsa_i15_vrfy_asn1",  "i15_asn1",  &br_ecdsa_i15_vrfy_asn1 },
473
	{ "ecdsa_i15_vrfy_raw",   "i15_raw",   &br_ecdsa_i15_vrfy_raw },
474
	{ "ecdsa_i31_vrfy_asn1",  "i31_asn1",  &br_ecdsa_i31_vrfy_asn1 },
475
	{ "ecdsa_i31_vrfy_raw",   "i31_raw",   &br_ecdsa_i31_vrfy_raw },
476

477
	{ "rsa_i15_pkcs1_sign",   "i15",       &br_rsa_i15_pkcs1_sign },
478
	{ "rsa_i31_pkcs1_sign",   "i31",       &br_rsa_i31_pkcs1_sign },
479
	{ "rsa_i32_pkcs1_sign",   "i32",       &br_rsa_i32_pkcs1_sign },
480
	{ "rsa_i15_pkcs1_vrfy",   "i15",       &br_rsa_i15_pkcs1_vrfy },
481
	{ "rsa_i31_pkcs1_vrfy",   "i31",       &br_rsa_i31_pkcs1_vrfy },
482
	{ "rsa_i32_pkcs1_vrfy",   "i32",       &br_rsa_i32_pkcs1_vrfy },
483

484
	{ 0, 0, 0 }
485
};
486

487
static const struct {
488
	const char *long_name;
489
	const char *short_name;
490
	const void *(*get)(void);
491
} algo_names_dyn[] = {
492
	{ "aes_pwr8_cbcenc",      "pwr8",
493
		(const void *(*)(void))&br_aes_pwr8_cbcenc_get_vtable },
494
	{ "aes_pwr8_cbcdec",      "pwr8",
495
		(const void *(*)(void))&br_aes_pwr8_cbcdec_get_vtable },
496
	{ "aes_pwr8_ctr",         "pwr8",
497
		(const void *(*)(void))&br_aes_pwr8_ctr_get_vtable },
498
	{ "aes_pwr8_ctrcbc",      "pwr8",
499
		(const void *(*)(void))&br_aes_pwr8_ctrcbc_get_vtable },
500
	{ "aes_x86ni_cbcenc",     "x86ni",
501
		(const void *(*)(void))&br_aes_x86ni_cbcenc_get_vtable },
502
	{ "aes_x86ni_cbcdec",     "x86ni",
503
		(const void *(*)(void))&br_aes_x86ni_cbcdec_get_vtable },
504
	{ "aes_x86ni_ctr",        "x86ni",
505
		(const void *(*)(void))&br_aes_x86ni_ctr_get_vtable },
506
	{ "aes_x86ni_ctrcbc",     "x86ni",
507
		(const void *(*)(void))&br_aes_x86ni_ctrcbc_get_vtable },
508
	{ "chacha20_sse2",        "sse2",
509
		(const void *(*)(void))&br_chacha20_sse2_get },
510
	{ "ghash_pclmul",         "pclmul",
511
		(const void *(*)(void))&br_ghash_pclmul_get },
512
	{ "ghash_pwr8",           "pwr8",
513
		(const void *(*)(void))&br_ghash_pwr8_get },
514
	{ "poly1305_ctmulq",      "ctmulq",
515
		(const void *(*)(void))&br_poly1305_ctmulq_get },
516
	{ "rsa_i62_pkcs1_sign",   "i62",
517
		(const void *(*)(void))&br_rsa_i62_pkcs1_sign_get },
518
	{ "rsa_i62_pkcs1_vrfy",   "i62",
519
		(const void *(*)(void))&br_rsa_i62_pkcs1_vrfy_get },
520
	{ "ec_c25519_m62",        "m62",
521
		(const void *(*)(void))&br_ec_c25519_m62_get },
522
	{ "ec_c25519_m64",        "m64",
523
		(const void *(*)(void))&br_ec_c25519_m64_get },
524
	{ "ec_p256_m62",          "m62",
525
		(const void *(*)(void))&br_ec_p256_m62_get },
526
	{ "ec_p256_m64",          "m64",
527
		(const void *(*)(void))&br_ec_p256_m64_get },
528
	{ 0, 0, 0, }
529
};
530

531
/* see brssl.h */
532
const char *
533
get_algo_name(const void *impl, int long_name)
534
{
535
	size_t u;
536

537
	for (u = 0; algo_names[u].long_name; u ++) {
538
		if (impl == algo_names[u].impl) {
539
			return long_name
540
				? algo_names[u].long_name
541
				: algo_names[u].short_name;
542
		}
543
	}
544
	for (u = 0; algo_names_dyn[u].long_name; u ++) {
545
		if (impl == algo_names_dyn[u].get()) {
546
			return long_name
547
				? algo_names_dyn[u].long_name
548
				: algo_names_dyn[u].short_name;
549
		}
550
	}
551
	return "UNKNOWN";
552
}
553

554
/* see brssl.h */
555
const char *
556
get_curve_name(int id)
557
{
558
	size_t u;
559

560
	for (u = 0; curves[u].name; u ++) {
561
		if (curves[u].id == id) {
562
			return curves[u].name;
563
		}
564
	}
565
	return NULL;
566
}
567

568
/* see brssl.h */
569
int
570
get_curve_name_ext(int id, char *dst, size_t len)
571
{
572
	const char *name;
573
	char tmp[30];
574
	size_t n;
575

576
	name = get_curve_name(id);
577
	if (name == NULL) {
578
		sprintf(tmp, "unknown (%d)", id);
579
		name = tmp;
580
	}
581
	n = 1 + strlen(name);
582
	if (n > len) {
583
		if (len > 0) {
584
			dst[0] = 0;
585
		}
586
		return -1;
587
	}
588
	memcpy(dst, name, n);
589
	return 0;
590
}
591

592
/* see brssl.h */
593
const char *
594
get_suite_name(unsigned suite)
595
{
596
	size_t u;
597

598
	for (u = 0; cipher_suites[u].name; u ++) {
599
		if (cipher_suites[u].suite == suite) {
600
			return cipher_suites[u].name;
601
		}
602
	}
603
	return NULL;
604
}
605

606
/* see brssl.h */
607
int
608
get_suite_name_ext(unsigned suite, char *dst, size_t len)
609
{
610
	const char *name;
611
	char tmp[30];
612
	size_t n;
613

614
	name = get_suite_name(suite);
615
	if (name == NULL) {
616
		sprintf(tmp, "unknown (0x%04X)", suite);
617
		name = tmp;
618
	}
619
	n = 1 + strlen(name);
620
	if (n > len) {
621
		if (len > 0) {
622
			dst[0] = 0;
623
		}
624
		return -1;
625
	}
626
	memcpy(dst, name, n);
627
	return 0;
628
}
629

630
/* see brssl.h */
631
int
632
uses_ecdhe(unsigned suite)
633
{
634
	size_t u;
635

636
	for (u = 0; cipher_suites[u].name; u ++) {
637
		if (cipher_suites[u].suite == suite) {
638
			return (cipher_suites[u].req
639
				& (REQ_ECDHE_RSA | REQ_ECDHE_ECDSA)) != 0;
640
		}
641
	}
642
	return 0;
643
}
644

645
/* see brssl.h */
646
void
647
list_names(void)
648
{
649
	size_t u;
650

651
	printf("Protocol versions:\n");
652
	for (u = 0; protocol_versions[u].name; u ++) {
653
		printf("   %-8s %s\n",
654
			protocol_versions[u].name,
655
			protocol_versions[u].comment);
656
	}
657
	printf("Hash functions:\n");
658
	for (u = 0; hash_functions[u].name; u ++) {
659
		printf("   %-8s %s\n",
660
			hash_functions[u].name,
661
			hash_functions[u].comment);
662
	}
663
	printf("Cipher suites:\n");
664
	for (u = 0; cipher_suites[u].name; u ++) {
665
		printf("   %s\n        %s\n",
666
			cipher_suites[u].name,
667
			cipher_suites[u].comment);
668
	}
669
}
670

671
/* see brssl.h */
672
void
673
list_curves(void)
674
{
675
	size_t u;
676
	for (u = 0; curves[u].name; u ++) {
677
		size_t v;
678

679
		for (v = 0; curves[u].sid[v]; v ++) {
680
			if (v == 0) {
681
				printf("   ");
682
			} else if (v == 1) {
683
				printf(" (");
684
			} else {
685
				printf(", ");
686
			}
687
			printf("%s", curves[u].sid[v]);
688
		}
689
		if (v > 1) {
690
			printf(")");
691
		}
692
		printf("\n");
693
	}
694
}
695

696
static int
697
is_ign(int c)
698
{
699
	if (c == 0) {
700
		return 0;
701
	}
702
	if (c <= 32 || c == '-' || c == '_' || c == '.'
703
		|| c == '/' || c == '+' || c == ':')
704
	{
705
		return 1;
706
	}
707
	return 0;
708
}
709

710
/*
711
 * Get next non-ignored character, normalised:
712
 *    ASCII letters are converted to lowercase
713
 *    control characters, space, '-', '_', '.', '/', '+' and ':' are ignored
714
 * A terminating zero is returned as 0.
715
 */
716
static int
717
next_char(const char **ps, const char *limit)
718
{
719
	for (;;) {
720
		int c;
721

722
		if (*ps == limit) {
723
			return 0;
724
		}
725
		c = *(*ps) ++;
726
		if (c == 0) {
727
			return 0;
728
		}
729
		if (c >= 'A' && c <= 'Z') {
730
			c += 'a' - 'A';
731
		}
732
		if (!is_ign(c)) {
733
			return c;
734
		}
735
	}
736
}
737

738
/*
739
 * Partial string equality comparison, with normalisation.
740
 */
741
static int
742
eqstr_chunk(const char *s1, size_t s1_len, const char *s2, size_t s2_len)
743
{
744
	const char *lim1, *lim2;
745

746
	lim1 = s1 + s1_len;
747
	lim2 = s2 + s2_len;
748
	for (;;) {
749
		int c1, c2;
750

751
		c1 = next_char(&s1, lim1);
752
		c2 = next_char(&s2, lim2);
753
		if (c1 != c2) {
754
			return 0;
755
		}
756
		if (c1 == 0) {
757
			return 1;
758
		}
759
	}
760
}
761

762
/* see brssl.h */
763
int
764
eqstr(const char *s1, const char *s2)
765
{
766
	return eqstr_chunk(s1, strlen(s1), s2, strlen(s2));
767
}
768

769
static int
770
hexval(int c)
771
{
772
	if (c >= '0' && c <= '9') {
773
		return c - '0';
774
	} else if (c >= 'A' && c <= 'F') {
775
		return c - 'A' + 10;
776
	} else if (c >= 'a' && c <= 'f') {
777
		return c - 'a' + 10;
778
	} else {
779
		return -1;
780
	}
781
}
782

783
/* see brssl.h */
784
size_t
785
parse_size(const char *s)
786
{
787
	int radix;
788
	size_t acc;
789
	const char *t;
790

791
	t = s;
792
	if (t[0] == '0' && (t[1] == 'x' || t[1] == 'X')) {
793
		radix = 16;
794
		t += 2;
795
	} else {
796
		radix = 10;
797
	}
798
	acc = 0;
799
	for (;;) {
800
		int c, d;
801
		size_t z;
802

803
		c = *t ++;
804
		if (c == 0) {
805
			return acc;
806
		}
807
		d = hexval(c);
808
		if (d < 0 || d >= radix) {
809
			fprintf(stderr, "ERROR: not a valid digit: '%c'\n", c);
810
			return (size_t)-1;
811
		}
812
		z = acc * (size_t)radix + (size_t)d;
813
		if (z < (size_t)d || (z / (size_t)radix) != acc
814
			|| z == (size_t)-1)
815
		{
816
			fprintf(stderr, "ERROR: value too large: %s\n", s);
817
			return (size_t)-1;
818
		}
819
		acc = z;
820
	}
821
}
822

823
/*
824
 * Comma-separated list enumeration. This returns a pointer to the first
825
 * word in the string, skipping leading ignored characters. '*len' is
826
 * set to the word length (not counting trailing ignored characters).
827
 * '*str' is updated to point to immediately after the next comma, or to
828
 * the terminating zero, whichever comes first.
829
 *
830
 * Empty words are skipped. If there is no next non-empty word, then this
831
 * function returns NULL and sets *len to 0.
832
 */
833
static const char *
834
next_word(const char **str, size_t *len)
835
{
836
	int c;
837
	const char *begin;
838
	size_t u;
839

840
	/*
841
	 * Find next non-ignored character which is not a comma.
842
	 */
843
	for (;;) {
844
		c = **str;
845
		if (c == 0) {
846
			*len = 0;
847
			return NULL;
848
		}
849
		if (!is_ign(c) && c != ',') {
850
			break;
851
		}
852
		(*str) ++;
853
	}
854

855
	/*
856
	 * Find next comma or terminator.
857
	 */
858
	begin = *str;
859
	for (;;) {
860
		c = *(*str);
861
		if (c == 0 || c == ',') {
862
			break;
863
		}
864
		(*str) ++;
865
	}
866

867
	/*
868
	 * Remove trailing ignored characters.
869
	 */
870
	u = (size_t)(*str - begin);
871
	while (u > 0 && is_ign(begin[u - 1])) {
872
		u --;
873
	}
874
	if (c == ',') {
875
		(*str) ++;
876
	}
877
	*len = u;
878
	return begin;
879
}
880

881
/* see brssl.h */
882
unsigned
883
parse_version(const char *name, size_t len)
884
{
885
	size_t u;
886

887
	for (u = 0;; u ++) {
888
		const char *ref;
889

890
		ref = protocol_versions[u].name;
891
		if (ref == NULL) {
892
			fprintf(stderr, "ERROR: unrecognised protocol"
893
				" version name: '%s'\n", name);
894
			return 0;
895
		}
896
		if (eqstr_chunk(ref, strlen(ref), name, len)) {
897
			return protocol_versions[u].version;
898
		}
899
	}
900
}
901

902
/* see brssl.h */
903
unsigned
904
parse_hash_functions(const char *arg)
905
{
906
	unsigned r;
907

908
	r = 0;
909
	for (;;) {
910
		const char *name;
911
		size_t len;
912
		size_t u;
913

914
		name = next_word(&arg, &len);
915
		if (name == NULL) {
916
			break;
917
		}
918
		for (u = 0;; u ++) {
919
			const char *ref;
920

921
			ref = hash_functions[u].name;
922
			if (ref == 0) {
923
				fprintf(stderr, "ERROR: unrecognised"
924
					" hash function name: '");
925
				fwrite(name, 1, len, stderr);
926
				fprintf(stderr, "'\n");
927
				return 0;
928
			}
929
			if (eqstr_chunk(ref, strlen(ref), name, len)) {
930
				int id;
931

932
				id = (hash_functions[u].hclass->desc
933
					>> BR_HASHDESC_ID_OFF)
934
					& BR_HASHDESC_ID_MASK;
935
				r |= (unsigned)1 << id;
936
				break;
937
			}
938
		}
939
	}
940
	if (r == 0) {
941
		fprintf(stderr, "ERROR: no hash function name provided\n");
942
	}
943
	return r;
944
}
945

946
/* see brssl.h */
947
cipher_suite *
948
parse_suites(const char *arg, size_t *num)
949
{
950
	VECTOR(cipher_suite) suites = VEC_INIT;
951
	cipher_suite *r;
952

953
	for (;;) {
954
		const char *name;
955
		size_t u, len;
956

957
		name = next_word(&arg, &len);
958
		if (name == NULL) {
959
			break;
960
		}
961
		for (u = 0;; u ++) {
962
			const char *ref;
963

964
			ref = cipher_suites[u].name;
965
			if (ref == NULL) {
966
				fprintf(stderr, "ERROR: unrecognised"
967
					" cipher suite '");
968
				fwrite(name, 1, len, stderr);
969
				fprintf(stderr, "'\n");
970
				return 0;
971
			}
972
			if (eqstr_chunk(ref, strlen(ref), name, len)) {
973
				VEC_ADD(suites, cipher_suites[u]);
974
				break;
975
			}
976
		}
977
	}
978
	if (VEC_LEN(suites) == 0) {
979
		fprintf(stderr, "ERROR: no cipher suite provided\n");
980
	}
981
	r = VEC_TOARRAY(suites);
982
	*num = VEC_LEN(suites);
983
	VEC_CLEAR(suites);
984
	return r;
985
}
986

987
/* see brssl.h */
988
const char *
989
ec_curve_name(int curve)
990
{
991
	switch (curve) {
992
	case BR_EC_sect163k1:        return "sect163k1";
993
	case BR_EC_sect163r1:        return "sect163r1";
994
	case BR_EC_sect163r2:        return "sect163r2";
995
	case BR_EC_sect193r1:        return "sect193r1";
996
	case BR_EC_sect193r2:        return "sect193r2";
997
	case BR_EC_sect233k1:        return "sect233k1";
998
	case BR_EC_sect233r1:        return "sect233r1";
999
	case BR_EC_sect239k1:        return "sect239k1";
1000
	case BR_EC_sect283k1:        return "sect283k1";
1001
	case BR_EC_sect283r1:        return "sect283r1";
1002
	case BR_EC_sect409k1:        return "sect409k1";
1003
	case BR_EC_sect409r1:        return "sect409r1";
1004
	case BR_EC_sect571k1:        return "sect571k1";
1005
	case BR_EC_sect571r1:        return "sect571r1";
1006
	case BR_EC_secp160k1:        return "secp160k1";
1007
	case BR_EC_secp160r1:        return "secp160r1";
1008
	case BR_EC_secp160r2:        return "secp160r2";
1009
	case BR_EC_secp192k1:        return "secp192k1";
1010
	case BR_EC_secp192r1:        return "secp192r1";
1011
	case BR_EC_secp224k1:        return "secp224k1";
1012
	case BR_EC_secp224r1:        return "secp224r1";
1013
	case BR_EC_secp256k1:        return "secp256k1";
1014
	case BR_EC_secp256r1:        return "secp256r1";
1015
	case BR_EC_secp384r1:        return "secp384r1";
1016
	case BR_EC_secp521r1:        return "secp521r1";
1017
	case BR_EC_brainpoolP256r1:  return "brainpoolP256r1";
1018
	case BR_EC_brainpoolP384r1:  return "brainpoolP384r1";
1019
	case BR_EC_brainpoolP512r1:  return "brainpoolP512r1";
1020
	default:
1021
		return "unknown";
1022
	}
1023
}
1024

1025
/* see brssl.h */
1026
int
1027
get_curve_by_name(const char *str)
1028
{
1029
	size_t u, v;
1030

1031
	for (u = 0; curves[u].name; u ++) {
1032
		for (v = 0; curves[u].sid[v]; v ++) {
1033
			if (eqstr(curves[u].sid[v], str)) {
1034
				return curves[u].id;
1035
			}
1036
		}
1037
	}
1038
	return -1;
1039
}
1040

1041
/* see brssl.h */
1042
const char *
1043
hash_function_name(int id)
1044
{
1045
	switch (id) {
1046
	case br_md5sha1_ID:  return "MD5+SHA-1";
1047
	case br_md5_ID:      return "MD5";
1048
	case br_sha1_ID:     return "SHA-1";
1049
	case br_sha224_ID:   return "SHA-224";
1050
	case br_sha256_ID:   return "SHA-256";
1051
	case br_sha384_ID:   return "SHA-384";
1052
	case br_sha512_ID:   return "SHA-512";
1053
	default:
1054
		return "unknown";
1055
	}
1056
}
1057

1058