- Added Doxygen source code documentation parts (donated by Fox-IT)
This commit is contained in:
parent
b94081bfc1
commit
37ca75d6f2
@ -19,5 +19,5 @@ add_subdirectory(tests)
|
||||
add_subdirectory(programs)
|
||||
|
||||
ADD_CUSTOM_TARGET(apidoc
|
||||
COMMAND doxygen Doxyfile
|
||||
COMMAND doxygen doxygen/polarssl.doxyfile
|
||||
WORKING_DIRECTORY ${CMAKE_CURRENT_SOURCE_DIR})
|
||||
|
@ -1,5 +1,10 @@
|
||||
PolarSSL ChangeLog
|
||||
|
||||
= Version Trunk
|
||||
Features
|
||||
* Added Doxygen source code documentation parts donated
|
||||
by Fox-IT
|
||||
|
||||
= Version 0.14.0 released on 2010-08-16
|
||||
Features
|
||||
* Added support for SSL_EDH_RSA_AES_128_SHA and
|
||||
|
4
Doxyfile
4
Doxyfile
@ -1,4 +0,0 @@
|
||||
PROJECT_NAME = PolarSSL
|
||||
INPUT = include/polarssl
|
||||
HTML_OUTPUT = apidoc
|
||||
GENERATE_LATEX = NO
|
10
Makefile
10
Makefile
@ -32,3 +32,13 @@ clean:
|
||||
|
||||
check:
|
||||
( cd tests && $(MAKE) check )
|
||||
|
||||
apidoc:
|
||||
mkdir -p apidoc
|
||||
doxygen doxygen/polarssl.doxyfile
|
||||
|
||||
apidoc_clean:
|
||||
if [ -d apidoc ] ; \
|
||||
then \
|
||||
rm -rf apidoc ; \
|
||||
fi
|
||||
|
35
doxygen/input/doc_encdec.h
Normal file
35
doxygen/input/doc_encdec.h
Normal file
@ -0,0 +1,35 @@
|
||||
/**
|
||||
* @file
|
||||
* Encryption/decryption module documentation file.
|
||||
*/
|
||||
|
||||
/**
|
||||
* @addtogroup encdec_module Encryption/decryption module
|
||||
*
|
||||
* The Encryption/decryption module provides encryption/decryption functions.
|
||||
* One can differtiate between symmetric and asymetric algorithms; the
|
||||
* symmetric ones are mostly used for message confidentiality and the asymmetric
|
||||
* ones for key exchange and message integrity.
|
||||
* Some symmetric algorithms provide different block cipher modes, mainly
|
||||
* Electronic Code Book (ECB) which is used for short (64-bit) messages and
|
||||
* Cipher Block Chaining (CBC) which provides the randomness needed for longer
|
||||
* messages.
|
||||
* Sometimes the same functions are used for encryption and decryption.
|
||||
* The following algorithms are provided:
|
||||
* - Symmetric:
|
||||
* - AES (see \c aes_crypt_ecb() and\c aes_crypt_cbc()).
|
||||
* - ARCFOUR (see \c arc4_crypt()).
|
||||
* - Camellia (see \c camellia_crypt_ecb() and\c camellia_crypt_cbc()).
|
||||
* - DES/3DES (see \c des_crypt_ecb(),\c des_crypt_cbc(),\c des3_crypt_ecb()
|
||||
* and\c des3_crypt_cbc()).
|
||||
* - XTEA (see \c xtea_crypt_ecb()).
|
||||
* - Asymmetric:
|
||||
* - Diffie-Hellman-Merkle (see \c dhm_read_public(),\c dhm_make_public()
|
||||
* and \c dhm_calc_secret()).
|
||||
* - RSA (see \c rsa_public() and\c rsa_private()).
|
||||
*
|
||||
* This module provides encryption/decryption which can be used to provide
|
||||
* secrecy.
|
||||
* It also provides asymmetric key functions which can be used for
|
||||
* confidentiality, integrity, authentication and non-repudiation.
|
||||
*/
|
20
doxygen/input/doc_hashing.h
Normal file
20
doxygen/input/doc_hashing.h
Normal file
@ -0,0 +1,20 @@
|
||||
/**
|
||||
* @file
|
||||
* Hashing module documentation file.
|
||||
*/
|
||||
|
||||
/**
|
||||
* @addtogroup hashing_module Hashing module
|
||||
*
|
||||
* The Hashing module provides one-way hashing functions. Such functions can be
|
||||
* used for creating a hash message authentication code (HMAC) when sending a
|
||||
* message. Such a HMAC can be used in combination with a private key
|
||||
* for authentication, which is a message integrity control.
|
||||
* The following hashing-algorithms are provided:
|
||||
* - MD2, MD4, MD5 128-bit one-way hash functions by Ron Rivest (see
|
||||
* \c md2_hmac(),\c md4_hmac() and\c md5_hmac()).
|
||||
* - SHA-1, SHA-256, SHA-384/512 160-bit or more one-way hash functions by
|
||||
* NIST and NSA (see\c sha1_hmac(),\c sha2_hmac() and\c sha4_hmac()).
|
||||
*
|
||||
* This module provides one-way hashing which can be used for authentication.
|
||||
*/
|
80
doxygen/input/doc_mainpage.h
Normal file
80
doxygen/input/doc_mainpage.h
Normal file
@ -0,0 +1,80 @@
|
||||
l/**
|
||||
* @file
|
||||
* Main page documentation file.
|
||||
*/
|
||||
|
||||
/**
|
||||
* @mainpage PolarSSL v0.14.0 source code documentation
|
||||
*
|
||||
* This documentation describes the internal structure of PolarSSL. It was
|
||||
* automatically generated from specially formatted comment blocks in
|
||||
* PolarSSL's source code using Doxygen. (See
|
||||
* http://www.stack.nl/~dimitri/doxygen/ for more information on Doxygen)
|
||||
*
|
||||
* PolarSSL has a simple setup: it provides the ingredients for an SSL/TLS
|
||||
* implementation. These ingredients are listed as modules in the
|
||||
* \ref mainpage_modules "Modules section". This "Modules section" introduces
|
||||
* the high-level module concepts used throughout this documentation.\n
|
||||
* Some examples of PolarSSL usage can be found in the \ref mainpage_examples
|
||||
* "Examples section".
|
||||
*
|
||||
*
|
||||
* @section mainpage_modules Modules
|
||||
*
|
||||
* PolarSSL supports SSLv3 up to TLSv1.1 communication by providing the
|
||||
* following:
|
||||
* - TCP/IP communication functions: listen, connect, accept, read/write.
|
||||
* - SSL/TLS communication functions: init, handshake, read/write.
|
||||
* - X.509 functions: CRT, CRL and key handling
|
||||
* - Random number generation
|
||||
* - Hashing
|
||||
* - Encryption/decryption
|
||||
*
|
||||
* Above functions are split up neatly into logical interfaces. These can be
|
||||
* used separately to provide any of the above functions or to mix-and-match
|
||||
* into an SSL server/client solution that utilises a X.509 PKI. Examples of
|
||||
* such implementations are amply provided with the source code. Note that
|
||||
* there is also an OpenSSL wrapper provided.\n
|
||||
* Note that PolarSSL does not provide a control channel or (multiple) session
|
||||
* handling.
|
||||
*
|
||||
* @section mainpage_examples Examples
|
||||
*
|
||||
* Example server setup:
|
||||
*
|
||||
* \b Prerequisites:
|
||||
* - X.509 certificate and private key
|
||||
* - session handling functions
|
||||
*
|
||||
* \b Setup:
|
||||
* - Load your certificate and your private RSA key (X.509 interface)
|
||||
* - Setup the listening TCP socket (TCP/IP interface)
|
||||
* - Accept incoming client connection (TCP/IP interface)
|
||||
* - Initialise as an SSL-server (SSL/TLS interface)
|
||||
* - Set parameters, e.g. authentication, ciphers, CA-chain, key exchange
|
||||
* - Set callback functions RNG, IO, session handling
|
||||
* - Perform an SSL-handshake (SSL/TLS interface)
|
||||
* - Read/write data (SSL/TLS interface)
|
||||
* - Close and cleanup (all interfaces)
|
||||
*
|
||||
*
|
||||
* Example client setup:
|
||||
*
|
||||
* \b Prerequisites:
|
||||
* - X.509 certificate and private key
|
||||
* - X.509 trusted CA certificates
|
||||
*
|
||||
* \b Setup:
|
||||
* - Load the trusted CA certificates (X.509 interface)
|
||||
* - Load your certificate and your private RSA key (X.509 interface)
|
||||
* - Setup a TCP/IP connection (TCP/IP interface)
|
||||
* - Initialise as an SSL-client (SSL/TLS interface)
|
||||
* - Set parameters, e.g. authentication mode, ciphers, CA-chain, session
|
||||
* - Set callback functions RNG, IO
|
||||
* - Perform an SSL-handshake (SSL/TLS interface)
|
||||
* - Verify the server certificate (SSL/TLS interface)
|
||||
* - Write/read data (SSL/TLS interface)
|
||||
* - Close and cleanup (all interfaces)
|
||||
*
|
||||
*
|
||||
*/
|
18
doxygen/input/doc_rng.h
Normal file
18
doxygen/input/doc_rng.h
Normal file
@ -0,0 +1,18 @@
|
||||
/**
|
||||
* @file
|
||||
* Random number generator (RNG) module documentation file.
|
||||
*/
|
||||
|
||||
/**
|
||||
* @addtogroup rng_module Random number generator (RNG) module
|
||||
*
|
||||
* The Random number generator (RNG) module provides random number
|
||||
* generation, see \c havege_rand(). It uses the HAVEGE (HArdware Volatile
|
||||
* Entropy Gathering and Expansion) software heuristic which is claimed
|
||||
* to be an unpredictable or empirically strong* random number generation.
|
||||
*
|
||||
* \* Meaning that there seems to be no practical algorithm that can guess
|
||||
* the next bit with a probability larger than 1/2 in an output sequence.
|
||||
*
|
||||
* This module can be used to generate random numbers.
|
||||
*/
|
32
doxygen/input/doc_ssltls.h
Normal file
32
doxygen/input/doc_ssltls.h
Normal file
@ -0,0 +1,32 @@
|
||||
/**
|
||||
* @file
|
||||
* SSL/TLS communication module documentation file.
|
||||
*/
|
||||
|
||||
/**
|
||||
* @addtogroup ssltls_communication_module SSL/TLS communication module
|
||||
*
|
||||
* The SSL/TLS communication module provides the means to create an SSL/TLS
|
||||
* communication channel.
|
||||
* The basic provisions are:
|
||||
* - initialise an SSL/TLS context (see \c ssl_init()).
|
||||
* - perform an SSL/TLS handshake (see \c ssl_handshake()).
|
||||
* - read/write (see \c ssl_read() and\c ssl_write()).
|
||||
* - notify a peer that conection is being closed (see \c ssl_close_notify()).
|
||||
*
|
||||
*
|
||||
* Many aspects of such a channel are set through parameters and callback
|
||||
* functions:
|
||||
* - the endpoint role: client or server.
|
||||
* - the authentication mode. Should verification take place.
|
||||
* - the Host-to-host communication channel. A TCP/IP module is provided.
|
||||
* - the random number generator (RNG).
|
||||
* - the ciphers to use for encryption/decryption.
|
||||
* - session control functions.
|
||||
* - X.509 parameters for certificate-handling and key exchange.
|
||||
*
|
||||
*
|
||||
* This module can be used to create an SSL/TLS server and client and to provide a basic
|
||||
* framework to setup and communicate through an SSL/TLS communication channel.\n
|
||||
* Note that you need to provide for several aspects yourself as mentioned above.
|
||||
*/
|
26
doxygen/input/doc_tcpip.h
Normal file
26
doxygen/input/doc_tcpip.h
Normal file
@ -0,0 +1,26 @@
|
||||
/**
|
||||
* @file
|
||||
* TCP/IP communication module documentation file.
|
||||
*/
|
||||
|
||||
/**
|
||||
* @addtogroup tcpip_communication_module TCP/IP communication module
|
||||
*
|
||||
* The TCP/IP communication module provides for a channel of
|
||||
* communication for the \link ssltls_communication_module SSL/TLS communication
|
||||
* module\endlink to use.
|
||||
* In the TCP/IP-model it provides for communication up to the Transport
|
||||
* (or Host-to-host) layer.
|
||||
* SSL/TLS resides on top of that, in the Application layer, and makes use of
|
||||
* its basic provisions:
|
||||
* - listening on a port (see \c net_bind()).
|
||||
* - accepting a connection (through \c net_accept()).
|
||||
* - read/write (through \c net_recv/\c net_send()).
|
||||
* - close a connection (through \c net_close()).
|
||||
*
|
||||
* This way you have the means to, for example, implement and use an UDP or
|
||||
* IPSec communication solution as a basis.
|
||||
*
|
||||
* This module can be used at server- and clientside to provide a basic
|
||||
* means of communication over the internet.
|
||||
*/
|
21
doxygen/input/doc_x509.h
Normal file
21
doxygen/input/doc_x509.h
Normal file
@ -0,0 +1,21 @@
|
||||
/**
|
||||
* @file
|
||||
* X.509 module documentation file.
|
||||
*/
|
||||
|
||||
/**
|
||||
* @addtogroup x509_module X.509 module
|
||||
*
|
||||
* The X.509 module provides X.509 support which includes:
|
||||
* - X.509 certificate (CRT) reading (see \c x509parse_crt() and
|
||||
* \c x509parse_crtfile()).
|
||||
* - X.509 certificate revocation list (CRL) reading (see \c x509parse_crl()
|
||||
* and\c x509parse_crlfile()).
|
||||
* - X.509 (RSA) private key reading (see \c x509parse_key() and
|
||||
* \c x509parse_keyfile()).
|
||||
* - X.509 certificate signature verification (see \c x509parse_verify())
|
||||
*
|
||||
* This module can be used to build a certificate authority (CA) chain and
|
||||
* verify its signature. It is also used to get a (RSA) private key for signing
|
||||
* and decryption.
|
||||
*/
|
1573
doxygen/polarssl.doxyfile
Normal file
1573
doxygen/polarssl.doxyfile
Normal file
File diff suppressed because it is too large
Load Diff
@ -1,6 +1,8 @@
|
||||
/**
|
||||
* \file aes.h
|
||||
*
|
||||
* \brief AES block cipher encryption
|
||||
*
|
||||
* Copyright (C) 2006-2010, Brainspark B.V.
|
||||
*
|
||||
* This file is part of PolarSSL (http://www.polarssl.org)
|
||||
|
@ -1,6 +1,8 @@
|
||||
/**
|
||||
* \file arc4.h
|
||||
*
|
||||
* \brief The ARCFOUR stream cipher
|
||||
*
|
||||
* Copyright (C) 2006-2010, Brainspark B.V.
|
||||
*
|
||||
* This file is part of PolarSSL (http://www.polarssl.org)
|
||||
|
@ -1,6 +1,8 @@
|
||||
/**
|
||||
* \file base64.h
|
||||
*
|
||||
* \brief RFC 1521 base64 encoding/decoding
|
||||
*
|
||||
* Copyright (C) 2006-2010, Brainspark B.V.
|
||||
*
|
||||
* This file is part of PolarSSL (http://www.polarssl.org)
|
||||
|
@ -1,6 +1,8 @@
|
||||
/**
|
||||
* \file bignum.h
|
||||
*
|
||||
* \brief Multi-precision integer library
|
||||
*
|
||||
* Copyright (C) 2006-2010, Brainspark B.V.
|
||||
*
|
||||
* This file is part of PolarSSL (http://www.polarssl.org)
|
||||
|
@ -1,6 +1,8 @@
|
||||
/**
|
||||
* \file bn_mul.h
|
||||
*
|
||||
* \brief Multi-precision integer library
|
||||
*
|
||||
* Copyright (C) 2006-2010, Brainspark B.V.
|
||||
*
|
||||
* This file is part of PolarSSL (http://www.polarssl.org)
|
||||
|
@ -1,6 +1,8 @@
|
||||
/**
|
||||
* \file camellia.h
|
||||
*
|
||||
* \brief Camellia block cipher
|
||||
*
|
||||
* Copyright (C) 2006-2010, Brainspark B.V.
|
||||
*
|
||||
* This file is part of PolarSSL (http://www.polarssl.org)
|
||||
|
@ -1,6 +1,8 @@
|
||||
/**
|
||||
* \file certs.h
|
||||
*
|
||||
* \brief Camellia block cipher
|
||||
*
|
||||
* Copyright (C) 2006-2010, Brainspark B.V.
|
||||
*
|
||||
* This file is part of PolarSSL (http://www.polarssl.org)
|
||||
|
@ -1,6 +1,8 @@
|
||||
/**
|
||||
* \file config.h
|
||||
*
|
||||
* \brief Configuration options (set of defines)
|
||||
*
|
||||
* Copyright (C) 2006-2010, Brainspark B.V.
|
||||
*
|
||||
* This file is part of PolarSSL (http://www.polarssl.org)
|
||||
|
@ -1,6 +1,8 @@
|
||||
/**
|
||||
* \file debug.h
|
||||
*
|
||||
* \brief Debug functions
|
||||
*
|
||||
* Copyright (C) 2006-2010, Brainspark B.V.
|
||||
*
|
||||
* This file is part of PolarSSL (http://www.polarssl.org)
|
||||
|
@ -1,6 +1,8 @@
|
||||
/**
|
||||
* \file des.h
|
||||
*
|
||||
* \brief Debug functions
|
||||
*
|
||||
* Copyright (C) 2006-2010, Brainspark B.V.
|
||||
*
|
||||
* This file is part of PolarSSL (http://www.polarssl.org)
|
||||
|
@ -1,6 +1,8 @@
|
||||
/**
|
||||
* \file dhm.h
|
||||
*
|
||||
* \brief Diffie-Hellman-Merkle key exchange
|
||||
*
|
||||
* Copyright (C) 2006-2010, Brainspark B.V.
|
||||
*
|
||||
* This file is part of PolarSSL (http://www.polarssl.org)
|
||||
@ -108,7 +110,7 @@ int dhm_read_public( dhm_context *ctx,
|
||||
*
|
||||
* \return 0 if successful, or an POLARSSL_ERR_DHM_XXX error code
|
||||
*/
|
||||
int dhm_make_public( dhm_context *ctx, int s_size,
|
||||
int dhm_make_public( dhm_context *ctx, int x_size,
|
||||
unsigned char *output, int olen,
|
||||
int (*f_rng)(void *), void *p_rng );
|
||||
|
||||
|
@ -1,6 +1,8 @@
|
||||
/**
|
||||
* \file havege.h
|
||||
*
|
||||
* \brief Diffie-Hellman-Merkle key exchange
|
||||
*
|
||||
* Copyright (C) 2006-2010, Brainspark B.V.
|
||||
*
|
||||
* This file is part of PolarSSL (http://www.polarssl.org)
|
||||
|
@ -1,6 +1,8 @@
|
||||
/**
|
||||
* \file md2.h
|
||||
*
|
||||
* \brief MD2 message digest algorithm (hash function)
|
||||
*
|
||||
* Copyright (C) 2006-2010, Brainspark B.V.
|
||||
*
|
||||
* This file is part of PolarSSL (http://www.polarssl.org)
|
||||
|
@ -1,6 +1,8 @@
|
||||
/**
|
||||
* \file md4.h
|
||||
*
|
||||
* \brief MD4 message digest algorithm (hash function)
|
||||
*
|
||||
* Copyright (C) 2006-2010, Brainspark B.V.
|
||||
*
|
||||
* This file is part of PolarSSL (http://www.polarssl.org)
|
||||
|
@ -1,6 +1,8 @@
|
||||
/**
|
||||
* \file md5.h
|
||||
*
|
||||
* \brief MD5 message digest algorithm (hash function)
|
||||
*
|
||||
* Copyright (C) 2006-2010, Brainspark B.V.
|
||||
*
|
||||
* This file is part of PolarSSL (http://www.polarssl.org)
|
||||
|
@ -1,6 +1,8 @@
|
||||
/**
|
||||
* \file net.h
|
||||
*
|
||||
* \brief MD5 message digest algorithm (hash function)
|
||||
*
|
||||
* Copyright (C) 2006-2010, Brainspark B.V.
|
||||
*
|
||||
* This file is part of PolarSSL (http://www.polarssl.org)
|
||||
|
@ -1,6 +1,8 @@
|
||||
/**
|
||||
* \file openssl.h
|
||||
*
|
||||
* \brief OpenSSL wrapper (definitions, inline functions).
|
||||
*
|
||||
* Copyright (C) 2006-2010, Brainspark B.V.
|
||||
*
|
||||
* This file is part of PolarSSL (http://www.polarssl.org)
|
||||
|
@ -1,6 +1,8 @@
|
||||
/**
|
||||
* \file padlock.h
|
||||
*
|
||||
* \brief VIA PadLock ACE for HW encryption/decryption supported by some processors
|
||||
*
|
||||
* Copyright (C) 2006-2010, Brainspark B.V.
|
||||
*
|
||||
* This file is part of PolarSSL (http://www.polarssl.org)
|
||||
|
@ -1,6 +1,8 @@
|
||||
/**
|
||||
* \file rsa.h
|
||||
*
|
||||
* \brief The RSA public-key cryptosystem
|
||||
*
|
||||
* Copyright (C) 2006-2010, Brainspark B.V.
|
||||
*
|
||||
* This file is part of PolarSSL (http://www.polarssl.org)
|
||||
|
@ -1,6 +1,8 @@
|
||||
/**
|
||||
* \file sha1.h
|
||||
*
|
||||
* \brief SHA-1 cryptographic hash function
|
||||
*
|
||||
* Copyright (C) 2006-2010, Brainspark B.V.
|
||||
*
|
||||
* This file is part of PolarSSL (http://www.polarssl.org)
|
||||
|
@ -1,6 +1,8 @@
|
||||
/**
|
||||
* \file sha2.h
|
||||
*
|
||||
* \brief SHA-256 cryptographic hash function
|
||||
*
|
||||
* Copyright (C) 2006-2010, Brainspark B.V.
|
||||
*
|
||||
* This file is part of PolarSSL (http://www.polarssl.org)
|
||||
|
@ -1,6 +1,8 @@
|
||||
/**
|
||||
* \file sha4.h
|
||||
*
|
||||
* \brief SHA-384/512 cryptographic hash function
|
||||
*
|
||||
* Copyright (C) 2006-2010, Brainspark B.V.
|
||||
*
|
||||
* This file is part of PolarSSL (http://www.polarssl.org)
|
||||
|
@ -1,6 +1,8 @@
|
||||
/**
|
||||
* \file ssl.h
|
||||
*
|
||||
* \brief SSL/TLS functions.
|
||||
*
|
||||
* Copyright (C) 2006-2010, Brainspark B.V.
|
||||
*
|
||||
* This file is part of PolarSSL (http://www.polarssl.org)
|
||||
@ -336,7 +338,7 @@ void ssl_set_endpoint( ssl_context *ssl, int endpoint );
|
||||
* \brief Set the certificate verification mode
|
||||
*
|
||||
* \param ssl SSL context
|
||||
* \param mode can be:
|
||||
* \param authmode can be:
|
||||
*
|
||||
* SSL_VERIFY_NONE: peer certificate is not checked (default),
|
||||
* this is insecure and SHOULD be avoided.
|
||||
|
@ -1,6 +1,8 @@
|
||||
/**
|
||||
* \file timing.h
|
||||
*
|
||||
* \brief Portable interface to the CPU cycle counter
|
||||
*
|
||||
* Copyright (C) 2006-2010, Brainspark B.V.
|
||||
*
|
||||
* This file is part of PolarSSL (http://www.polarssl.org)
|
||||
@ -62,7 +64,7 @@ void set_alarm( int seconds );
|
||||
/**
|
||||
* \brief Sleep for a certain amount of time
|
||||
*
|
||||
* \param Delay in milliseconds
|
||||
* \param milliseconds delay in milliseconds
|
||||
*/
|
||||
void m_sleep( int milliseconds );
|
||||
|
||||
|
@ -1,6 +1,8 @@
|
||||
/**
|
||||
* \file x509.h
|
||||
*
|
||||
* \brief X.509 certificate and private key decoding
|
||||
*
|
||||
* Copyright (C) 2006-2010, Brainspark B.V.
|
||||
*
|
||||
* This file is part of PolarSSL (http://www.polarssl.org)
|
||||
@ -27,59 +29,80 @@
|
||||
|
||||
#include "polarssl/rsa.h"
|
||||
|
||||
/*
|
||||
* ASN1 Error codes
|
||||
*
|
||||
* These error codes will be OR'ed to X509 error codes for
|
||||
/**
|
||||
* @addtogroup x509_module
|
||||
* @{
|
||||
*/
|
||||
|
||||
/**
|
||||
* @name ASN1 Error codes
|
||||
* These error codes are OR'ed to X509 error codes for
|
||||
* higher error granularity.
|
||||
* ASN1 is a standard to specify data structures.
|
||||
* @{
|
||||
*/
|
||||
#define POLARSSL_ERR_ASN1_OUT_OF_DATA 0x0014
|
||||
#define POLARSSL_ERR_ASN1_UNEXPECTED_TAG 0x0016
|
||||
#define POLARSSL_ERR_ASN1_INVALID_LENGTH 0x0018
|
||||
#define POLARSSL_ERR_ASN1_LENGTH_MISMATCH 0x001A
|
||||
#define POLARSSL_ERR_ASN1_INVALID_DATA 0x001C
|
||||
#define POLARSSL_ERR_ASN1_OUT_OF_DATA 0x0014 /**< Out of data when parsing an ASN1 data structure. */
|
||||
#define POLARSSL_ERR_ASN1_UNEXPECTED_TAG 0x0016 /**< ASN1 tag was of an unexpected value. */
|
||||
#define POLARSSL_ERR_ASN1_INVALID_LENGTH 0x0018 /**< Error when trying to determine the length or invalid length. */
|
||||
#define POLARSSL_ERR_ASN1_LENGTH_MISMATCH 0x001A /**< Actual length differs from expected length. */
|
||||
#define POLARSSL_ERR_ASN1_INVALID_DATA 0x001C /**< Data is invalid. (not used) */
|
||||
/* @} name */
|
||||
|
||||
/*
|
||||
* X509 Error codes
|
||||
/**
|
||||
* @name X509 Error codes
|
||||
* @{
|
||||
*/
|
||||
#define POLARSSL_ERR_X509_FEATURE_UNAVAILABLE -0x0020
|
||||
#define POLARSSL_ERR_X509_CERT_INVALID_PEM -0x0040
|
||||
#define POLARSSL_ERR_X509_CERT_INVALID_FORMAT -0x0060
|
||||
#define POLARSSL_ERR_X509_CERT_INVALID_VERSION -0x0080
|
||||
#define POLARSSL_ERR_X509_CERT_INVALID_SERIAL -0x00A0
|
||||
#define POLARSSL_ERR_X509_CERT_INVALID_ALG -0x00C0
|
||||
#define POLARSSL_ERR_X509_CERT_INVALID_NAME -0x00E0
|
||||
#define POLARSSL_ERR_X509_CERT_INVALID_DATE -0x0100
|
||||
#define POLARSSL_ERR_X509_CERT_INVALID_PUBKEY -0x0120
|
||||
#define POLARSSL_ERR_X509_CERT_INVALID_SIGNATURE -0x0140
|
||||
#define POLARSSL_ERR_X509_CERT_INVALID_EXTENSIONS -0x0160
|
||||
#define POLARSSL_ERR_X509_CERT_UNKNOWN_VERSION -0x0180
|
||||
#define POLARSSL_ERR_X509_CERT_UNKNOWN_SIG_ALG -0x01A0
|
||||
#define POLARSSL_ERR_X509_CERT_UNKNOWN_PK_ALG -0x01C0
|
||||
#define POLARSSL_ERR_X509_CERT_SIG_MISMATCH -0x01E0
|
||||
#define POLARSSL_ERR_X509_CERT_VERIFY_FAILED -0x0200
|
||||
#define POLARSSL_ERR_X509_KEY_INVALID_PEM -0x0220
|
||||
#define POLARSSL_ERR_X509_KEY_INVALID_VERSION -0x0240
|
||||
#define POLARSSL_ERR_X509_KEY_INVALID_FORMAT -0x0260
|
||||
#define POLARSSL_ERR_X509_KEY_INVALID_ENC_IV -0x0280
|
||||
#define POLARSSL_ERR_X509_KEY_UNKNOWN_ENC_ALG -0x02A0
|
||||
#define POLARSSL_ERR_X509_KEY_PASSWORD_REQUIRED -0x02C0
|
||||
#define POLARSSL_ERR_X509_KEY_PASSWORD_MISMATCH -0x02E0
|
||||
#define POLARSSL_ERR_X509_POINT_ERROR -0x0300
|
||||
#define POLARSSL_ERR_X509_VALUE_TO_LENGTH -0x0320
|
||||
#define POLARSSL_ERR_X509_FEATURE_UNAVAILABLE -0x0020 /**< Unavailable feature, e.g. RSA hashing/encryption combination. */
|
||||
#define POLARSSL_ERR_X509_CERT_INVALID_PEM -0x0040 /**< The PEM-encoded certificate contains invalid elements, e.g. invalid character. */
|
||||
#define POLARSSL_ERR_X509_CERT_INVALID_FORMAT -0x0060 /**< The certificate format is invalid, e.g. different type expected. */
|
||||
#define POLARSSL_ERR_X509_CERT_INVALID_VERSION -0x0080 /**< The certificate version element is invalid. */
|
||||
#define POLARSSL_ERR_X509_CERT_INVALID_SERIAL -0x00A0 /**< The serial tag or value is invalid. */
|
||||
#define POLARSSL_ERR_X509_CERT_INVALID_ALG -0x00C0 /**< The algorithm tag or value is invalid. */
|
||||
#define POLARSSL_ERR_X509_CERT_INVALID_NAME -0x00E0 /**< The name tag or value is invalid. */
|
||||
#define POLARSSL_ERR_X509_CERT_INVALID_DATE -0x0100 /**< The date tag or value is invalid. */
|
||||
#define POLARSSL_ERR_X509_CERT_INVALID_PUBKEY -0x0120 /**< The pubkey tag or value is invalid (only RSA is supported). */
|
||||
#define POLARSSL_ERR_X509_CERT_INVALID_SIGNATURE -0x0140 /**< The signature tag or value invalid. */
|
||||
#define POLARSSL_ERR_X509_CERT_INVALID_EXTENSIONS -0x0160 /**< The extension tag or value is invalid. */
|
||||
#define POLARSSL_ERR_X509_CERT_UNKNOWN_VERSION -0x0180 /**< Certificate or CRL has an unsupported version number. */
|
||||
#define POLARSSL_ERR_X509_CERT_UNKNOWN_SIG_ALG -0x01A0 /**< Signature algorithm (oid) is unsupported. */
|
||||
#define POLARSSL_ERR_X509_CERT_UNKNOWN_PK_ALG -0x01C0 /**< Public key algorithm is unsupported (only RSA is supported). */
|
||||
#define POLARSSL_ERR_X509_CERT_SIG_MISMATCH -0x01E0 /**< Certificate signature algorithms do not match. (see \c ::x509_cert sig_oid) */
|
||||
#define POLARSSL_ERR_X509_CERT_VERIFY_FAILED -0x0200 /**< Certificate verification failed, e.g. CRL, CA or signature check failed. */
|
||||
#define POLARSSL_ERR_X509_KEY_INVALID_PEM -0x0220 /**< PEM key string is not as expected. */
|
||||
#define POLARSSL_ERR_X509_KEY_INVALID_VERSION -0x0240 /**< Unsupported RSA key version */
|
||||
#define POLARSSL_ERR_X509_KEY_INVALID_FORMAT -0x0260 /**< Invalid RSA key tag or value. */
|
||||
#define POLARSSL_ERR_X509_KEY_INVALID_ENC_IV -0x0280 /**< RSA IV is not in hex-format. */
|
||||
#define POLARSSL_ERR_X509_KEY_UNKNOWN_ENC_ALG -0x02A0 /**< Unsupported key encryption algorithm. */
|
||||
#define POLARSSL_ERR_X509_KEY_PASSWORD_REQUIRED -0x02C0 /**< Private key password can't be empty. */
|
||||
#define POLARSSL_ERR_X509_KEY_PASSWORD_MISMATCH -0x02E0 /**< Given private key password does not allow for correct decryption. */
|
||||
#define POLARSSL_ERR_X509_POINT_ERROR -0x0300 /**< Not used. */
|
||||
#define POLARSSL_ERR_X509_VALUE_TO_LENGTH -0x0320 /**< Not used. */
|
||||
/* @} name */
|
||||
|
||||
/*
|
||||
* X509 Verify codes
|
||||
|
||||
/**
|
||||
* @name X509 Verify codes
|
||||
* @{
|
||||
*/
|
||||
#define BADCERT_EXPIRED 1
|
||||
#define BADCERT_REVOKED 2
|
||||
#define BADCERT_CN_MISMATCH 4
|
||||
#define BADCERT_NOT_TRUSTED 8
|
||||
#define BADCRL_NOT_TRUSTED 16
|
||||
#define BADCRL_EXPIRED 32
|
||||
#define BADCERT_EXPIRED 1 /**< The certificate validity has expired. */
|
||||
#define BADCERT_REVOKED 2 /**< The certificate has been revoked (is on a CRL). */
|
||||
#define BADCERT_CN_MISMATCH 4 /**< The certificate Common Name (CN) does not match with the expected CN. */
|
||||
#define BADCERT_NOT_TRUSTED 8 /**< The certificate is not correctly signed by the trusted CA. */
|
||||
#define BADCRL_NOT_TRUSTED 16 /**< CRL is not correctly signed by the trusted CA. */
|
||||
#define BADCRL_EXPIRED 32 /**< CRL is expired. */
|
||||
/* @} name */
|
||||
|
||||
/*
|
||||
* DER constants
|
||||
|
||||
/**
|
||||
* @name DER constants
|
||||
* These constants comply with DER encoded the ANS1 type tags.
|
||||
* DER encoding uses hexadecimal representation.
|
||||
* An example DER sequence is:\n
|
||||
* - 0x02 -- tag indicating INTEGER
|
||||
* - 0x01 -- length in octets
|
||||
* - 0x05 -- value
|
||||
* Such sequences are typically read into \c ::x509_buf.
|
||||
* @{
|
||||
*/
|
||||
#define ASN1_BOOLEAN 0x01
|
||||
#define ASN1_INTEGER 0x02
|
||||
@ -100,6 +123,8 @@
|
||||
#define ASN1_PRIMITIVE 0x00
|
||||
#define ASN1_CONSTRUCTED 0x20
|
||||
#define ASN1_CONTEXT_SPECIFIC 0x80
|
||||
/* @} name */
|
||||
/* @} addtogroup x509_module */
|
||||
|
||||
/*
|
||||
* various object identifiers
|
||||
@ -126,68 +151,89 @@
|
||||
#define OID_PKCS9 "\x2A\x86\x48\x86\xF7\x0D\x01\x09"
|
||||
#define OID_PKCS9_EMAIL "\x2A\x86\x48\x86\xF7\x0D\x01\x09\x01"
|
||||
|
||||
/*
|
||||
* Structures for parsing X.509 certificates
|
||||
/**
|
||||
* @addtogroup x509_module
|
||||
* @{ */
|
||||
|
||||
/**
|
||||
* @name Structures for parsing X.509 certificates and CRLs
|
||||
* @{
|
||||
*/
|
||||
|
||||
/**
|
||||
* Type-length-value structure that allows for ASN1 using DER.
|
||||
*/
|
||||
typedef struct _x509_buf
|
||||
{
|
||||
int tag;
|
||||
int len;
|
||||
unsigned char *p;
|
||||
int tag; /**< ASN1 type, e.g. ASN1_UTF8_STRING. */
|
||||
int len; /**< ASN1 length, e.g. in octets. */
|
||||
unsigned char *p; /**< ASN1 data, e.g. in ASCII. */
|
||||
}
|
||||
x509_buf;
|
||||
|
||||
/**
|
||||
* Container for ASN1 named information objects.
|
||||
* It allows for Relative Distinguished Names (e.g. cn=polarssl,ou=code,etc.).
|
||||
*/
|
||||
typedef struct _x509_name
|
||||
{
|
||||
x509_buf oid;
|
||||
x509_buf val;
|
||||
struct _x509_name *next;
|
||||
x509_buf oid; /**< The object identifier. */
|
||||
x509_buf val; /**< The named value. */
|
||||
struct _x509_name *next; /**< The next named information object. */
|
||||
}
|
||||
x509_name;
|
||||
|
||||
/** Container for date and time (precision in seconds). */
|
||||
typedef struct _x509_time
|
||||
{
|
||||
int year, mon, day;
|
||||
int hour, min, sec;
|
||||
int year, mon, day; /**< Date. */
|
||||
int hour, min, sec; /**< Time. */
|
||||
}
|
||||
x509_time;
|
||||
|
||||
/**
|
||||
* Container for an X.509 certificate. The certificate may be chained.
|
||||
*/
|
||||
typedef struct _x509_cert
|
||||
{
|
||||
x509_buf raw;
|
||||
x509_buf tbs;
|
||||
x509_buf raw; /**< The raw certificate data (DER). */
|
||||
x509_buf tbs; /**< The raw certificate body (DER). The part that is To Be Signed. */
|
||||
|
||||
int version;
|
||||
x509_buf serial;
|
||||
x509_buf sig_oid1;
|
||||
int version; /**< The X.509 version. (0=v1, 1=v2, 2=v3) */
|
||||
x509_buf serial; /**< Unique id for certificate issued by a specific CA. */
|
||||
x509_buf sig_oid1; /**< Signature algorithm, e.g. sha1RSA */
|
||||
|
||||
x509_buf issuer_raw;
|
||||
x509_buf subject_raw;
|
||||
x509_buf issuer_raw; /**< The raw issuer data (DER). Used for quick comparison. */
|
||||
x509_buf subject_raw; /**< The raw subject data (DER). Used for quick comparison. */
|
||||
|
||||
x509_name issuer;
|
||||
x509_name subject;
|
||||
x509_name issuer; /**< The parsed issuer data (named information object). */
|
||||
x509_name subject; /**< The parsed subject data (named information object). */
|
||||
|
||||
x509_time valid_from;
|
||||
x509_time valid_to;
|
||||
x509_time valid_from; /**< Start time of certificate validity. */
|
||||
x509_time valid_to; /**< End time of certificate validity. */
|
||||
|
||||
x509_buf pk_oid;
|
||||
rsa_context rsa;
|
||||
x509_buf pk_oid; /**< Subject public key info. Includes the public key algorithm and the key itself. */
|
||||
rsa_context rsa; /**< Container for the RSA context. Only RSA is supported for public keys at this time. */
|
||||
|
||||
x509_buf issuer_id;
|
||||
x509_buf subject_id;
|
||||
x509_buf v3_ext;
|
||||
x509_buf issuer_id; /**< Optional X.509 v2/v3 issuer unique identifier. */
|
||||
x509_buf subject_id; /**< Optional X.509 v2/v3 subject unique identifier. */
|
||||
x509_buf v3_ext; /**< Optional X.509 v3 extensions. Only Basic Contraints are supported at this time. */
|
||||
|
||||
int ca_istrue;
|
||||
int max_pathlen;
|
||||
int ca_istrue; /**< Optional Basic Constraint extension value: 1 if this certificate belongs to a CA, 0 otherwise. */
|
||||
int max_pathlen; /**< Optional Basic Constraint extension value: The maximum path length to the root certificate. */
|
||||
|
||||
x509_buf sig_oid2;
|
||||
x509_buf sig;
|
||||
int sig_alg;
|
||||
x509_buf sig_oid2; /**< Signature algorithm. Must match sig_oid1. */
|
||||
x509_buf sig; /**< Signature: hash of the tbs part signed with the private key. */
|
||||
int sig_alg; /**< Internal representation of the signature algorithm, e.g. SIG_RSA_MD2 */
|
||||
|
||||
struct _x509_cert *next;
|
||||
struct _x509_cert *next; /**< Next certificate in the CA-chain. */
|
||||
}
|
||||
x509_cert;
|
||||
|
||||
/**
|
||||
* Certificate revocation list entry.
|
||||
* Contains the CA-specific serial numbers and revocation dates.
|
||||
*/
|
||||
typedef struct _x509_crl_entry
|
||||
{
|
||||
x509_buf raw;
|
||||
@ -202,22 +248,26 @@ typedef struct _x509_crl_entry
|
||||
}
|
||||
x509_crl_entry;
|
||||
|
||||
/**
|
||||
* Certificate revocation list structure.
|
||||
* Every CRL may have multiple entries.
|
||||
*/
|
||||
typedef struct _x509_crl
|
||||
{
|
||||
x509_buf raw;
|
||||
x509_buf tbs;
|
||||
x509_buf raw; /**< The raw certificate data (DER). */
|
||||
x509_buf tbs; /**< The raw certificate body (DER). The part that is To Be Signed. */
|
||||
|
||||
int version;
|
||||
x509_buf sig_oid1;
|
||||
|
||||
x509_buf issuer_raw;
|
||||
x509_buf issuer_raw; /**< The raw issuer data (DER). */
|
||||
|
||||
x509_name issuer;
|
||||
x509_name issuer; /**< The parsed issuer data (named information object). */
|
||||
|
||||
x509_time this_update;
|
||||
x509_time next_update;
|
||||
|
||||
x509_crl_entry entry;
|
||||
x509_crl_entry entry; /**< The CRL entries containing the certificate revocation times for this CA. */
|
||||
|
||||
x509_buf crl_ext;
|
||||
|
||||
@ -228,10 +278,16 @@ typedef struct _x509_crl
|
||||
struct _x509_crl *next;
|
||||
}
|
||||
x509_crl;
|
||||
/** @} name Structures for parsing X.509 certificates and CRLs */
|
||||
/** @} addtogroup x509_module */
|
||||
|
||||
/*
|
||||
* Structures for writing X.509 certificates
|
||||
/**
|
||||
* @name Structures for writing X.509 certificates.
|
||||
* XvP: commented out as they are not used.
|
||||
* - <tt>typedef struct _x509_node x509_node;</tt>
|
||||
* - <tt>typedef struct _x509_raw x509_raw;</tt>
|
||||
*/
|
||||
/*
|
||||
typedef struct _x509_node
|
||||
{
|
||||
unsigned char *data;
|
||||
@ -259,11 +315,18 @@ typedef struct _x509_raw
|
||||
x509_node sign;
|
||||
}
|
||||
x509_raw;
|
||||
*/
|
||||
|
||||
#ifdef __cplusplus
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
/**
|
||||
* @name Functions to read in a certificate, CRL or private RSA key
|
||||
* @{
|
||||
*/
|
||||
|
||||
/** @ingroup x509_module */
|
||||
/**
|
||||
* \brief Parse one or more certificates and add them
|
||||
* to the chained list
|
||||
@ -276,6 +339,7 @@ extern "C" {
|
||||
*/
|
||||
int x509parse_crt( x509_cert *chain, const unsigned char *buf, int buflen );
|
||||
|
||||
/** @ingroup x509_module */
|
||||
/**
|
||||
* \brief Load one or more certificates and add them
|
||||
* to the chained list
|
||||
@ -287,6 +351,7 @@ int x509parse_crt( x509_cert *chain, const unsigned char *buf, int buflen );
|
||||
*/
|
||||
int x509parse_crtfile( x509_cert *chain, const char *path );
|
||||
|
||||
/** @ingroup x509_module */
|
||||
/**
|
||||
* \brief Parse one or more CRLs and add them
|
||||
* to the chained list
|
||||
@ -299,6 +364,7 @@ int x509parse_crtfile( x509_cert *chain, const char *path );
|
||||
*/
|
||||
int x509parse_crl( x509_crl *chain, const unsigned char *buf, int buflen );
|
||||
|
||||
/** @ingroup x509_module */
|
||||
/**
|
||||
* \brief Load one or more CRLs and add them
|
||||
* to the chained list
|
||||
@ -310,6 +376,7 @@ int x509parse_crl( x509_crl *chain, const unsigned char *buf, int buflen );
|
||||
*/
|
||||
int x509parse_crlfile( x509_crl *chain, const char *path );
|
||||
|
||||
/** @ingroup x509_module */
|
||||
/**
|
||||
* \brief Parse a private RSA key
|
||||
*
|
||||
@ -325,17 +392,21 @@ int x509parse_key( rsa_context *rsa,
|
||||
const unsigned char *key, int keylen,
|
||||
const unsigned char *pwd, int pwdlen );
|
||||
|
||||
/** @ingroup x509_module */
|
||||
/**
|
||||
* \brief Load and parse a private RSA key
|
||||
*
|
||||
* \param rsa RSA context to be initialized
|
||||
* \param path filename to read the private key from
|
||||
* \param pwd password to decrypt the file (can be NULL)
|
||||
* \param password password to decrypt the file (can be NULL)
|
||||
*
|
||||
* \return 0 if successful, or a specific X509 error code
|
||||
*/
|
||||
int x509parse_keyfile( rsa_context *rsa, const char *path,
|
||||
const char *password );
|
||||
/** @} name Functions to read in a certificate, CRL or private RSA key */
|
||||
|
||||
|
||||
|
||||
/**
|
||||
* \brief Store the certificate DN in printable form into buf;
|
||||
@ -372,7 +443,7 @@ int x509parse_cert_info( char *buf, size_t size, const char *prefix,
|
||||
* \param buf Buffer to write to
|
||||
* \param size Maximum size of buffer
|
||||
* \param prefix A line prefix
|
||||
* \param crt The X509 CRL to represent
|
||||
* \param crl The X509 CRL to represent
|
||||
*
|
||||
* \return The amount of data written to the buffer, or -1 in
|
||||
* case of an error.
|
||||
@ -391,6 +462,11 @@ int x509parse_crl_info( char *buf, size_t size, const char *prefix,
|
||||
*/
|
||||
int x509parse_time_expired( const x509_time *time );
|
||||
|
||||
/**
|
||||
* @name Functions to verify a certificate
|
||||
* @{
|
||||
*/
|
||||
/** @ingroup x509_module */
|
||||
/**
|
||||
* \brief Verify the certificate signature
|
||||
*
|
||||
@ -416,6 +492,15 @@ int x509parse_verify( x509_cert *crt,
|
||||
x509_crl *ca_crl,
|
||||
const char *cn, int *flags );
|
||||
|
||||
/** @} name Functions to verify a certificate */
|
||||
|
||||
|
||||
|
||||
/**
|
||||
* @name Functions to clear a certificate, CRL or private RSA key
|
||||
* @{
|
||||
*/
|
||||
/** @ingroup x509_module */
|
||||
/**
|
||||
* \brief Unallocate all certificate data
|
||||
*
|
||||
@ -423,13 +508,17 @@ int x509parse_verify( x509_cert *crt,
|
||||
*/
|
||||
void x509_free( x509_cert *crt );
|
||||
|
||||
/** @ingroup x509_module */
|
||||
/**
|
||||
* \brief Unallocate all CRL data
|
||||
*
|
||||
* \param crt CRL chain to free
|
||||
* \param crl CRL chain to free
|
||||
*/
|
||||
void x509_crl_free( x509_crl *crl );
|
||||
|
||||
/** @} name Functions to clear a certificate, CRL or private RSA key */
|
||||
|
||||
|
||||
/**
|
||||
* \brief Checkup routine
|
||||
*
|
||||
|
@ -1,6 +1,8 @@
|
||||
/**
|
||||
* \file xtea.h
|
||||
*
|
||||
* \brief XTEA block cipher (32-bit)
|
||||
*
|
||||
* Copyright (C) 2006-2010, Brainspark B.V.
|
||||
*
|
||||
* This file is part of PolarSSL (http://www.polarssl.org)
|
||||
|
Loading…
Reference in New Issue
Block a user