xref: /freebsd/contrib/bearssl/inc/bearssl.h (revision d9a42747950146bf03cda7f6e25d219253f8a57a) 
1 /*
2  * Copyright (c) 2016 Thomas Pornin <pornin@bolet.org>
3  *
4  * Permission is hereby granted, free of charge, to any person obtaining
5  * a copy of this software and associated documentation files (the
6  * "Software"), to deal in the Software without restriction, including
7  * without limitation the rights to use, copy, modify, merge, publish,
8  * distribute, sublicense, and/or sell copies of the Software, and to
9  * permit persons to whom the Software is furnished to do so, subject to
10  * the following conditions:
11  *
12  * The above copyright notice and this permission notice shall be
13  * included in all copies or substantial portions of the Software.
14  *
15  * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
16  * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
17  * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
18  * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
19  * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
20  * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
21  * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
22  * SOFTWARE.
23  */
24 
25 #ifndef BR_BEARSSL_H__
26 #define BR_BEARSSL_H__
27 
28 #include <stddef.h>
29 #include <stdint.h>
30 
31 /** \mainpage BearSSL API
32  *
33  * # API Layout
34  *
35  * The functions and structures defined by the BearSSL API are located
36  * in various header files:
37  *
38  * | Header file     | Elements                                          |
39  * | :-------------- | :------------------------------------------------ |
40  * | bearssl_hash.h  | Hash functions                                    |
41  * | bearssl_hmac.h  | HMAC                                              |
42  * | bearssl_kdf.h   | Key Derivation Functions                          |
43  * | bearssl_rand.h  | Pseudorandom byte generators                      |
44  * | bearssl_prf.h   | PRF implementations (for SSL/TLS)                 |
45  * | bearssl_block.h | Symmetric encryption                              |
46  * | bearssl_aead.h  | AEAD algorithms (combined encryption + MAC)       |
47  * | bearssl_rsa.h   | RSA encryption and signatures                     |
48  * | bearssl_ec.h    | Elliptic curves support (including ECDSA)         |
49  * | bearssl_ssl.h   | SSL/TLS engine interface                          |
50  * | bearssl_x509.h  | X.509 certificate decoding and validation         |
51  * | bearssl_pem.h   | Base64/PEM decoding support functions             |
52  *
53  * Applications using BearSSL are supposed to simply include `bearssl.h`
54  * as follows:
55  *
56  *     #include <bearssl.h>
57  *
58  * The `bearssl.h` file itself includes all the other header files. It is
59  * possible to include specific header files, but it has no practical
60  * advantage for the application. The API is separated into separate
61  * header files only for documentation convenience.
62  *
63  *
64  * # Conventions
65  *
66  * ## MUST and SHALL
67  *
68  * In all descriptions, the usual "MUST", "SHALL", "MAY",... terminology
69  * is used. Failure to meet requirements expressed with a "MUST" or
70  * "SHALL" implies undefined behaviour, which means that segmentation
71  * faults, buffer overflows, and other similar adverse events, may occur.
72  *
73  * In general, BearSSL is not very forgiving of programming errors, and
74  * does not include much failsafes or error reporting when the problem
75  * does not arise from external transient conditions, and can be fixed
76  * only in the application code. This is done so in order to make the
77  * total code footprint lighter.
78  *
79  *
80  * ## `NULL` values
81  *
82  * Function parameters with a pointer type shall not be `NULL` unless
83  * explicitly authorised by the documentation. As an exception, when
84  * the pointer aims at a sequence of bytes and is accompanied with
85  * a length parameter, and the length is zero (meaning that there is
86  * no byte at all to retrieve), then the pointer may be `NULL` even if
87  * not explicitly allowed.
88  *
89  *
90  * ## Memory Allocation
91  *
92  * BearSSL does not perform dynamic memory allocation. This implies that
93  * for any functionality that requires a non-transient state, the caller
94  * is responsible for allocating the relevant context structure. Such
95  * allocation can be done in any appropriate area, including static data
96  * segments, the heap, and the stack, provided that proper alignment is
97  * respected. The header files define these context structures
98  * (including size and contents), so the C compiler should handle
99  * alignment automatically.
100  *
101  * Since there is no dynamic resource allocation, there is also nothing to
102  * release. When the calling code is done with a BearSSL feature, it
103  * may simple release the context structures it allocated itself, with
104  * no "close function" to call. If the context structures were allocated
105  * on the stack (as local variables), then even that release operation is
106  * implicit.
107  *
108  *
109  * ## Structure Contents
110  *
111  * Except when explicitly indicated, structure contents are opaque: they
112  * are included in the header files so that calling code may know the
113  * structure sizes and alignment requirements, but callers SHALL NOT
114  * access individual fields directly. For fields that are supposed to
115  * be read from or written to, the API defines accessor functions (the
116  * simplest of these accessor functions are defined as `static inline`
117  * functions, and the C compiler will optimise them away).
118  *
119  *
120  * # API Usage
121  *
122  * BearSSL usage for running a SSL/TLS client or server is described
123  * on the [BearSSL Web site](https://www.bearssl.org/api1.html). The
124  * BearSSL source archive also comes with sample code.
125  */
126 
127 #include "bearssl_hash.h"
128 #include "bearssl_hmac.h"
129 #include "bearssl_kdf.h"
130 #include "bearssl_rand.h"
131 #include "bearssl_prf.h"
132 #include "bearssl_block.h"
133 #include "bearssl_aead.h"
134 #include "bearssl_rsa.h"
135 #include "bearssl_ec.h"
136 #include "bearssl_ssl.h"
137 #include "bearssl_x509.h"
138 #include "bearssl_pem.h"
139 
140 #ifdef __cplusplus
141 extern "C" {
142 #endif
143 
144 /** \brief Type for a configuration option.
145  *
146  * A "configuration option" is a value that is selected when the BearSSL
147  * library itself is compiled. Most options are boolean; their value is
148  * then either 1 (option is enabled) or 0 (option is disabled). Some
149  * values have other integer values. Option names correspond to macro
150  * names. Some of the options can be explicitly set in the internal
151  * `"config.h"` file.
152  */
153 typedef struct {
154 	/** \brief Configurable option name. */
155 	const char *name;
156 	/** \brief Configurable option value. */
157 	long value;
158 } br_config_option;
159 
160 /** \brief Get configuration report.
161  *
162  * This function returns compiled configuration options, each as a
163  * 'long' value. Names match internal macro names, in particular those
164  * that can be set in the `"config.h"` inner file. For boolean options,
165  * the numerical value is 1 if enabled, 0 if disabled. For maximum
166  * key sizes, values are expressed in bits.
167  *
168  * The returned array is terminated by an entry whose `name` is `NULL`.
169  *
170  * \return  the configuration report.
171  */
172 const br_config_option *br_get_config(void);
173 
174 /* ======================================================================= */
175 
176 /** \brief Version feature: support for time callback. */
177 #define BR_FEATURE_X509_TIME_CALLBACK   1
178 
179 #ifdef __cplusplus
180 }
181 #endif
182 
183 #endif
184