aes.h   aes.h 
/** /**
* \file aes.h * \file aes.h
* *
* \brief AES block cipher
*
* Copyright (C) 2006-2010, Brainspark B.V. * Copyright (C) 2006-2010, Brainspark B.V.
* *
* This file is part of PolarSSL (http://www.polarssl.org) * This file is part of PolarSSL (http://www.polarssl.org)
* Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org> * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
* *
* All rights reserved. * All rights reserved.
* *
* This program is free software; you can redistribute it and/or modify * This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by * it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or * the Free Software Foundation; either version 2 of the License, or
skipping to change at line 28 skipping to change at line 30
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details. * GNU General Public License for more details.
* *
* You should have received a copy of the GNU General Public License along * You should have received a copy of the GNU General Public License along
* with this program; if not, write to the Free Software Foundation, Inc., * with this program; if not, write to the Free Software Foundation, Inc.,
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*/ */
#ifndef POLARSSL_AES_H #ifndef POLARSSL_AES_H
#define POLARSSL_AES_H #define POLARSSL_AES_H
#include <string.h>
#define AES_ENCRYPT 1 #define AES_ENCRYPT 1
#define AES_DECRYPT 0 #define AES_DECRYPT 0
#define POLARSSL_ERR_AES_INVALID_KEY_LENGTH -0x0800 #define POLARSSL_ERR_AES_INVALID_KEY_LENGTH -0x0020 /**< In
#define POLARSSL_ERR_AES_INVALID_INPUT_LENGTH -0x0810 valid key length. */
#define POLARSSL_ERR_AES_INVALID_INPUT_LENGTH -0x0022 /**< In
valid data input length. */
/** /**
* \brief AES context structure * \brief AES context structure
*/ */
typedef struct typedef struct
{ {
int nr; /*!< number of rounds */ int nr; /*!< number of rounds */
unsigned long *rk; /*!< AES round keys */ unsigned long *rk; /*!< AES round keys */
unsigned long buf[68]; /*!< unaligned data */ unsigned long buf[68]; /*!< unaligned data */
} }
skipping to change at line 58 skipping to change at line 62
/** /**
* \brief AES key schedule (encryption) * \brief AES key schedule (encryption)
* *
* \param ctx AES context to be initialized * \param ctx AES context to be initialized
* \param key encryption key * \param key encryption key
* \param keysize must be 128, 192 or 256 * \param keysize must be 128, 192 or 256
* *
* \return 0 if successful, or POLARSSL_ERR_AES_INVALID_KEY_LENGTH * \return 0 if successful, or POLARSSL_ERR_AES_INVALID_KEY_LENGTH
*/ */
int aes_setkey_enc( aes_context *ctx, const unsigned char *key, int keysize ); int aes_setkey_enc( aes_context *ctx, const unsigned char *key, unsigned in t keysize );
/** /**
* \brief AES key schedule (decryption) * \brief AES key schedule (decryption)
* *
* \param ctx AES context to be initialized * \param ctx AES context to be initialized
* \param key decryption key * \param key decryption key
* \param keysize must be 128, 192 or 256 * \param keysize must be 128, 192 or 256
* *
* \return 0 if successful, or POLARSSL_ERR_AES_INVALID_KEY_LENGTH * \return 0 if successful, or POLARSSL_ERR_AES_INVALID_KEY_LENGTH
*/ */
int aes_setkey_dec( aes_context *ctx, const unsigned char *key, int keysize ); int aes_setkey_dec( aes_context *ctx, const unsigned char *key, unsigned in t keysize );
/** /**
* \brief AES-ECB block encryption/decryption * \brief AES-ECB block encryption/decryption
* *
* \param ctx AES context * \param ctx AES context
* \param mode AES_ENCRYPT or AES_DECRYPT * \param mode AES_ENCRYPT or AES_DECRYPT
* \param input 16-byte input block * \param input 16-byte input block
* \param output 16-byte output block * \param output 16-byte output block
* *
* \return 0 if successful * \return 0 if successful
skipping to change at line 102 skipping to change at line 106
* \param mode AES_ENCRYPT or AES_DECRYPT * \param mode AES_ENCRYPT or AES_DECRYPT
* \param length length of the input data * \param length length of the input data
* \param iv initialization vector (updated after use) * \param iv initialization vector (updated after use)
* \param input buffer holding the input data * \param input buffer holding the input data
* \param output buffer holding the output data * \param output buffer holding the output data
* *
* \return 0 if successful, or POLARSSL_ERR_AES_INVALID_INPUT_LENGT H * \return 0 if successful, or POLARSSL_ERR_AES_INVALID_INPUT_LENGT H
*/ */
int aes_crypt_cbc( aes_context *ctx, int aes_crypt_cbc( aes_context *ctx,
int mode, int mode,
int length, size_t length,
unsigned char iv[16], unsigned char iv[16],
const unsigned char *input, const unsigned char *input,
unsigned char *output ); unsigned char *output );
/** /**
* \brief AES-CFB128 buffer encryption/decryption. * \brief AES-CFB128 buffer encryption/decryption.
* *
* \param ctx AES context * \param ctx AES context
* \param mode AES_ENCRYPT or AES_DECRYPT * \param mode AES_ENCRYPT or AES_DECRYPT
* \param length length of the input data * \param length length of the input data
* \param iv_off offset in IV (updated after use) * \param iv_off offset in IV (updated after use)
* \param iv initialization vector (updated after use) * \param iv initialization vector (updated after use)
* \param input buffer holding the input data * \param input buffer holding the input data
* \param output buffer holding the output data * \param output buffer holding the output data
* *
* \return 0 if successful * \return 0 if successful
*/ */
int aes_crypt_cfb128( aes_context *ctx, int aes_crypt_cfb128( aes_context *ctx,
int mode, int mode,
int length, size_t length,
int *iv_off, size_t *iv_off,
unsigned char iv[16], unsigned char iv[16],
const unsigned char *input, const unsigned char *input,
unsigned char *output ); unsigned char *output );
/*
* \brief AES-CTR buffer encryption/decryption
*
* Warning: You have to keep the maximum use of your counter in mind!
*
* \param length The length of the data
* \param nc_off The offset in the current stream_block (for resumin
g
* within current cipher stream). The offset pointer t
o
* should be 0 at the start of a stream.
* \param nonce_counter The 128-bit nonce and counter.
* \param stream_block The saved stream-block for resuming. Is overwritten
* by the function.
* \param input The input data stream
* \param output The output data stream
*
* \return 0 if successful
*/
int aes_crypt_ctr( aes_context *ctx,
size_t length,
size_t *nc_off,
unsigned char nonce_counter[16],
unsigned char stream_block[16],
const unsigned char *input,
unsigned char *output );
/** /**
* \brief Checkup routine * \brief Checkup routine
* *
* \return 0 if successful, or 1 if the test failed * \return 0 if successful, or 1 if the test failed
*/ */
int aes_self_test( int verbose ); int aes_self_test( int verbose );
#ifdef __cplusplus #ifdef __cplusplus
} }
#endif #endif
 End of changes. 8 change blocks. 
7 lines changed or deleted 39 lines changed or added


 arc4.h   arc4.h 
/** /**
* \file arc4.h * \file arc4.h
* *
* \brief The ARCFOUR stream cipher
*
* Copyright (C) 2006-2010, Brainspark B.V. * Copyright (C) 2006-2010, Brainspark B.V.
* *
* This file is part of PolarSSL (http://www.polarssl.org) * This file is part of PolarSSL (http://www.polarssl.org)
* Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org> * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
* *
* All rights reserved. * All rights reserved.
* *
* This program is free software; you can redistribute it and/or modify * This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by * it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or * the Free Software Foundation; either version 2 of the License, or
skipping to change at line 28 skipping to change at line 30
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details. * GNU General Public License for more details.
* *
* You should have received a copy of the GNU General Public License along * You should have received a copy of the GNU General Public License along
* with this program; if not, write to the Free Software Foundation, Inc., * with this program; if not, write to the Free Software Foundation, Inc.,
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*/ */
#ifndef POLARSSL_ARC4_H #ifndef POLARSSL_ARC4_H
#define POLARSSL_ARC4_H #define POLARSSL_ARC4_H
#include <string.h>
/** /**
* \brief ARC4 context structure * \brief ARC4 context structure
*/ */
typedef struct typedef struct
{ {
int x; /*!< permutation index */ int x; /*!< permutation index */
int y; /*!< permutation index */ int y; /*!< permutation index */
unsigned char m[256]; /*!< permutation table */ unsigned char m[256]; /*!< permutation table */
} }
arc4_context; arc4_context;
skipping to change at line 50 skipping to change at line 54
extern "C" { extern "C" {
#endif #endif
/** /**
* \brief ARC4 key schedule * \brief ARC4 key schedule
* *
* \param ctx ARC4 context to be initialized * \param ctx ARC4 context to be initialized
* \param key the secret key * \param key the secret key
* \param keylen length of the key * \param keylen length of the key
*/ */
void arc4_setup( arc4_context *ctx, const unsigned char *key, int keylen ); void arc4_setup( arc4_context *ctx, const unsigned char *key, unsigned int keylen );
/** /**
* \brief ARC4 cipher function * \brief ARC4 cipher function
* *
* \param ctx ARC4 context * \param ctx ARC4 context
* \param length length of the input data * \param length length of the input data
* \param input buffer holding the input data * \param input buffer holding the input data
* \param output buffer for the output data * \param output buffer for the output data
* *
* \return 0 if successful * \return 0 if successful
*/ */
int arc4_crypt( arc4_context *ctx, int length, const unsigned char *input, int arc4_crypt( arc4_context *ctx, size_t length, const unsigned char *inpu t,
unsigned char *output ); unsigned char *output );
/* /*
* \brief Checkup routine * \brief Checkup routine
* *
* \return 0 if successful, or 1 if the test failed * \return 0 if successful, or 1 if the test failed
*/ */
int arc4_self_test( int verbose ); int arc4_self_test( int verbose );
#ifdef __cplusplus #ifdef __cplusplus
 End of changes. 4 change blocks. 
2 lines changed or deleted 6 lines changed or added


 base64.h   base64.h 
/** /**
* \file base64.h * \file base64.h
* *
* \brief RFC 1521 base64 encoding/decoding
*
* Copyright (C) 2006-2010, Brainspark B.V. * Copyright (C) 2006-2010, Brainspark B.V.
* *
* This file is part of PolarSSL (http://www.polarssl.org) * This file is part of PolarSSL (http://www.polarssl.org)
* Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org> * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
* *
* All rights reserved. * All rights reserved.
* *
* This program is free software; you can redistribute it and/or modify * This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by * it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or * the Free Software Foundation; either version 2 of the License, or
skipping to change at line 28 skipping to change at line 30
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details. * GNU General Public License for more details.
* *
* You should have received a copy of the GNU General Public License along * You should have received a copy of the GNU General Public License along
* with this program; if not, write to the Free Software Foundation, Inc., * with this program; if not, write to the Free Software Foundation, Inc.,
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*/ */
#ifndef POLARSSL_BASE64_H #ifndef POLARSSL_BASE64_H
#define POLARSSL_BASE64_H #define POLARSSL_BASE64_H
#define POLARSSL_ERR_BASE64_BUFFER_TOO_SMALL 0x0010 #include <string.h>
#define POLARSSL_ERR_BASE64_INVALID_CHARACTER 0x0012
#define POLARSSL_ERR_BASE64_BUFFER_TOO_SMALL -0x0010 /**< Ou
tput buffer too small. */
#define POLARSSL_ERR_BASE64_INVALID_CHARACTER -0x0012 /**< In
valid character in input. */
#ifdef __cplusplus #ifdef __cplusplus
extern "C" { extern "C" {
#endif #endif
/** /**
* \brief Encode a buffer into base64 format * \brief Encode a buffer into base64 format
* *
* \param dst destination buffer * \param dst destination buffer
* \param dlen size of the buffer * \param dlen size of the buffer
* \param src source buffer * \param src source buffer
* \param slen amount of data to be encoded * \param slen amount of data to be encoded
* *
* \return 0 if successful, or POLARSSL_ERR_BASE64_BUFFER_TOO_SMALL . * \return 0 if successful, or POLARSSL_ERR_BASE64_BUFFER_TOO_SMALL .
* *dlen is always updated to reflect the amount * *dlen is always updated to reflect the amount
* of data that has (or would have) been written. * of data that has (or would have) been written.
* *
* \note Call this function with *dlen = 0 to obtain the * \note Call this function with *dlen = 0 to obtain the
* required buffer size in *dlen * required buffer size in *dlen
*/ */
int base64_encode( unsigned char *dst, int *dlen, int base64_encode( unsigned char *dst, size_t *dlen,
const unsigned char *src, int slen ); const unsigned char *src, size_t slen );
/** /**
* \brief Decode a base64-formatted buffer * \brief Decode a base64-formatted buffer
* *
* \param dst destination buffer * \param dst destination buffer
* \param dlen size of the buffer * \param dlen size of the buffer
* \param src source buffer * \param src source buffer
* \param slen amount of data to be decoded * \param slen amount of data to be decoded
* *
* \return 0 if successful, POLARSSL_ERR_BASE64_BUFFER_TOO_SMALL, o r * \return 0 if successful, POLARSSL_ERR_BASE64_BUFFER_TOO_SMALL, o r
* POLARSSL_ERR_BASE64_INVALID_DATA if the input data is no t * POLARSSL_ERR_BASE64_INVALID_DATA if the input data is no t
* correct. *dlen is always updated to reflect the amount * correct. *dlen is always updated to reflect the amount
* of data that has (or would have) been written. * of data that has (or would have) been written.
* *
* \note Call this function with *dlen = 0 to obtain the * \note Call this function with *dlen = 0 to obtain the
* required buffer size in *dlen * required buffer size in *dlen
*/ */
int base64_decode( unsigned char *dst, int *dlen, int base64_decode( unsigned char *dst, size_t *dlen,
const unsigned char *src, int slen ); const unsigned char *src, size_t slen );
/** /**
* \brief Checkup routine * \brief Checkup routine
* *
* \return 0 if successful, or 1 if the test failed * \return 0 if successful, or 1 if the test failed
*/ */
int base64_self_test( int verbose ); int base64_self_test( int verbose );
#ifdef __cplusplus #ifdef __cplusplus
} }
 End of changes. 4 change blocks. 
6 lines changed or deleted 12 lines changed or added


 bignum.h   bignum.h 
/** /**
* \file bignum.h * \file bignum.h
* *
* \brief Multi-precision integer library
*
* Copyright (C) 2006-2010, Brainspark B.V. * Copyright (C) 2006-2010, Brainspark B.V.
* *
* This file is part of PolarSSL (http://www.polarssl.org) * This file is part of PolarSSL (http://www.polarssl.org)
* Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org> * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
* *
* All rights reserved. * All rights reserved.
* *
* This program is free software; you can redistribute it and/or modify * This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by * it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or * the Free Software Foundation; either version 2 of the License, or
skipping to change at line 29 skipping to change at line 31
* GNU General Public License for more details. * GNU General Public License for more details.
* *
* You should have received a copy of the GNU General Public License along * You should have received a copy of the GNU General Public License along
* with this program; if not, write to the Free Software Foundation, Inc., * with this program; if not, write to the Free Software Foundation, Inc.,
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*/ */
#ifndef POLARSSL_BIGNUM_H #ifndef POLARSSL_BIGNUM_H
#define POLARSSL_BIGNUM_H #define POLARSSL_BIGNUM_H
#include <stdio.h> #include <stdio.h>
#include <string.h>
#define POLARSSL_ERR_MPI_FILE_IO_ERROR 0x0002 #define POLARSSL_ERR_MPI_FILE_IO_ERROR -0x0002 /**< An
#define POLARSSL_ERR_MPI_BAD_INPUT_DATA 0x0004 error occurred while reading from or writing to a file. */
#define POLARSSL_ERR_MPI_INVALID_CHARACTER 0x0006 #define POLARSSL_ERR_MPI_BAD_INPUT_DATA -0x0004 /**< Ba
#define POLARSSL_ERR_MPI_BUFFER_TOO_SMALL 0x0008 d input parameters to function. */
#define POLARSSL_ERR_MPI_NEGATIVE_VALUE 0x000A #define POLARSSL_ERR_MPI_INVALID_CHARACTER -0x0006 /**< Th
#define POLARSSL_ERR_MPI_DIVISION_BY_ZERO 0x000C ere is an invalid character in the digit string. */
#define POLARSSL_ERR_MPI_NOT_ACCEPTABLE 0x000E #define POLARSSL_ERR_MPI_BUFFER_TOO_SMALL -0x0008 /**< Th
e output buffer is too small to write too. */
#define POLARSSL_ERR_MPI_NEGATIVE_VALUE -0x000A /**< Th
e input arguments are negative or result in illegal output. */
#define POLARSSL_ERR_MPI_DIVISION_BY_ZERO -0x000C /**< Th
e input argument for division is zero, which is not allowed. */
#define POLARSSL_ERR_MPI_NOT_ACCEPTABLE -0x000E /**< Th
e input arguments are not acceptable. */
#define MPI_CHK(f) if( ( ret = f ) != 0 ) goto cleanup #define MPI_CHK(f) if( ( ret = f ) != 0 ) goto cleanup
/* /*
* Maximum size MPIs are allowed to grow to in number of limbs.
*/
#define POLARSSL_MPI_MAX_LIMBS 10000
/*
* Define the base integer type, architecture-wise * Define the base integer type, architecture-wise
*/ */
#if defined(POLARSSL_HAVE_INT8) #if defined(POLARSSL_HAVE_INT8)
typedef unsigned char t_int; typedef signed char t_sint;
typedef unsigned short t_dbl; typedef unsigned char t_uint;
typedef unsigned short t_udbl;
#else #else
#if defined(POLARSSL_HAVE_INT16) #if defined(POLARSSL_HAVE_INT16)
typedef unsigned short t_int; typedef signed short t_sint;
typedef unsigned long t_dbl; typedef unsigned short t_uint;
typedef unsigned long t_udbl;
#else #else
typedef unsigned long t_int; typedef signed long t_sint;
typedef unsigned long t_uint;
#if defined(_MSC_VER) && defined(_M_IX86) #if defined(_MSC_VER) && defined(_M_IX86)
typedef unsigned __int64 t_dbl; typedef unsigned __int64 t_udbl;
#else #else
#if defined(__amd64__) || defined(__x86_64__) || \ #if defined(__amd64__) || defined(__x86_64__) || \
defined(__ppc64__) || defined(__powerpc64__) || \ defined(__ppc64__) || defined(__powerpc64__) || \
defined(__ia64__) || defined(__alpha__) defined(__ia64__) || defined(__alpha__)
typedef unsigned int t_dbl __attribute__((mode(TI))); typedef unsigned int t_udbl __attribute__((mode(TI)));
#else #else
#if defined(POLARSSL_HAVE_LONGLONG) #if defined(POLARSSL_HAVE_LONGLONG)
typedef unsigned long long t_dbl; typedef unsigned long long t_udbl;
#endif #endif
#endif #endif
#endif #endif
#endif #endif
#endif #endif
/** /**
* \brief MPI structure * \brief MPI structure
*/ */
typedef struct typedef struct
{ {
int s; /*!< integer sign */ int s; /*!< integer sign */
int n; /*!< total # of limbs */ size_t n; /*!< total # of limbs */
t_int *p; /*!< pointer to limbs */ t_uint *p; /*!< pointer to limbs */
} }
mpi; mpi;
#ifdef __cplusplus #ifdef __cplusplus
extern "C" { extern "C" {
#endif #endif
/** /**
* \brief Initialize one or more mpi * \brief Initialize one MPI
*
* \param X One MPI to initialize.
*/ */
void mpi_init( mpi *X, ... ); void mpi_init( mpi *X );
/** /**
* \brief Unallocate one or more mpi * \brief Unallocate one MPI
*
* \param X One MPI to unallocate.
*/ */
void mpi_free( mpi *X, ... ); void mpi_free( mpi *X );
/** /**
* \brief Enlarge to the specified number of limbs * \brief Enlarge to the specified number of limbs
* *
* \param X MPI to grow * \param X MPI to grow
* \param nblimbs The target number of limbs * \param nblimbs The target number of limbs
* *
* \return 0 if successful, * \return 0 if successful,
* 1 if memory allocation failed * 1 if memory allocation failed
*/ */
int mpi_grow( mpi *X, int nblimbs ); int mpi_grow( mpi *X, size_t nblimbs );
/** /**
* \brief Copy the contents of Y into X * \brief Copy the contents of Y into X
* *
* \param X Destination MPI * \param X Destination MPI
* \param Y Source MPI * \param Y Source MPI
* *
* \return 0 if successful, * \return 0 if successful,
* 1 if memory allocation failed * 1 if memory allocation failed
*/ */
skipping to change at line 132 skipping to change at line 147
/** /**
* \brief Set value from integer * \brief Set value from integer
* *
* \param X MPI to set * \param X MPI to set
* \param z Value to use * \param z Value to use
* *
* \return 0 if successful, * \return 0 if successful,
* 1 if memory allocation failed * 1 if memory allocation failed
*/ */
int mpi_lset( mpi *X, int z ); int mpi_lset( mpi *X, t_sint z );
/*
* \brief Get a specific bit from X
*
* \param X MPI to use
* \param pos Zero-based index of the bit in X
*
* \return Either a 0 or a 1
*/
int mpi_get_bit( mpi *X, size_t pos );
/*
* \brief Set a bit of X to a specific value of 0 or 1
*
* \note Will grow X if necessary to set a bit to 1 in a not yet
* existing limb. Will not grow if bit should be set to 0
*
* \param X MPI to use
* \param pos Zero-based index of the bit in X
* \param val The value to set the bit to (0 or 1)
*
* \return 0 if successful,
* 1 if memory allocation failed,
* POLARSSL_ERR_MPI_BAD_INPUT_DATA if val is not 0 or 1
*/
int mpi_set_bit( mpi *X, size_t pos, unsigned char val );
/** /**
* \brief Return the number of least significant bits * \brief Return the number of least significant bits
* *
* \param X MPI to use * \param X MPI to use
*/ */
int mpi_lsb( const mpi *X ); size_t mpi_lsb( const mpi *X );
/** /**
* \brief Return the number of most significant bits * \brief Return the number of most significant bits
* *
* \param X MPI to use * \param X MPI to use
*/ */
int mpi_msb( const mpi *X ); size_t mpi_msb( const mpi *X );
/** /**
* \brief Return the total size in bytes * \brief Return the total size in bytes
* *
* \param X MPI to use * \param X MPI to use
*/ */
int mpi_size( const mpi *X ); size_t mpi_size( const mpi *X );
/** /**
* \brief Import from an ASCII string * \brief Import from an ASCII string
* *
* \param X Destination MPI * \param X Destination MPI
* \param radix Input numeric base * \param radix Input numeric base
* \param s Null-terminated string buffer * \param s Null-terminated string buffer
* *
* \return 0 if successful, or an POLARSSL_ERR_MPI_XXX error code * \return 0 if successful, or an POLARSSL_ERR_MPI_XXX error code
*/ */
skipping to change at line 181 skipping to change at line 222
* \param s String buffer * \param s String buffer
* \param slen String buffer size * \param slen String buffer size
* *
* \return 0 if successful, or an POLARSSL_ERR_MPI_XXX error code. * \return 0 if successful, or an POLARSSL_ERR_MPI_XXX error code.
* *slen is always updated to reflect the amount * *slen is always updated to reflect the amount
* of data that has (or would have) been written. * of data that has (or would have) been written.
* *
* \note Call this function with *slen = 0 to obtain the * \note Call this function with *slen = 0 to obtain the
* minimum required buffer size in *slen. * minimum required buffer size in *slen.
*/ */
int mpi_write_string( const mpi *X, int radix, char *s, int *slen ); int mpi_write_string( const mpi *X, int radix, char *s, size_t *slen );
/** /**
* \brief Read X from an opened file * \brief Read X from an opened file
* *
* \param X Destination MPI * \param X Destination MPI
* \param radix Input numeric base * \param radix Input numeric base
* \param fin Input file handle * \param fin Input file handle
* *
* \return 0 if successful, or an POLARSSL_ERR_MPI_XXX error code * \return 0 if successful, or an POLARSSL_ERR_MPI_XXX error code
*/ */
skipping to change at line 218 skipping to change at line 259
/** /**
* \brief Import X from unsigned binary data, big endian * \brief Import X from unsigned binary data, big endian
* *
* \param X Destination MPI * \param X Destination MPI
* \param buf Input buffer * \param buf Input buffer
* \param buflen Input buffer size * \param buflen Input buffer size
* *
* \return 0 if successful, * \return 0 if successful,
* 1 if memory allocation failed * 1 if memory allocation failed
*/ */
int mpi_read_binary( mpi *X, const unsigned char *buf, int buflen ); int mpi_read_binary( mpi *X, const unsigned char *buf, size_t buflen );
/** /**
* \brief Export X into unsigned binary data, big endian * \brief Export X into unsigned binary data, big endian
* *
* \param X Source MPI * \param X Source MPI
* \param buf Output buffer * \param buf Output buffer
* \param buflen Output buffer size * \param buflen Output buffer size
* *
* \return 0 if successful, * \return 0 if successful,
* POLARSSL_ERR_MPI_BUFFER_TOO_SMALL if buf isn't large eno ugh * POLARSSL_ERR_MPI_BUFFER_TOO_SMALL if buf isn't large eno ugh
*/ */
int mpi_write_binary( const mpi *X, unsigned char *buf, int buflen ); int mpi_write_binary( const mpi *X, unsigned char *buf, size_t buflen );
/** /**
* \brief Left-shift: X <<= count * \brief Left-shift: X <<= count
* *
* \param X MPI to shift * \param X MPI to shift
* \param count Amount to shift * \param count Amount to shift
* *
* \return 0 if successful, * \return 0 if successful,
* 1 if memory allocation failed * 1 if memory allocation failed
*/ */
int mpi_shift_l( mpi *X, int count ); int mpi_shift_l( mpi *X, size_t count );
/** /**
* \brief Right-shift: X >>= count * \brief Right-shift: X >>= count
* *
* \param X MPI to shift * \param X MPI to shift
* \param count Amount to shift * \param count Amount to shift
* *
* \return 0 if successful, * \return 0 if successful,
* 1 if memory allocation failed * 1 if memory allocation failed
*/ */
int mpi_shift_r( mpi *X, int count ); int mpi_shift_r( mpi *X, size_t count );
/** /**
* \brief Compare unsigned values * \brief Compare unsigned values
* *
* \param X Left-hand MPI * \param X Left-hand MPI
* \param Y Right-hand MPI * \param Y Right-hand MPI
* *
* \return 1 if |X| is greater than |Y|, * \return 1 if |X| is greater than |Y|,
* -1 if |X| is lesser than |Y| or * -1 if |X| is lesser than |Y| or
* 0 if |X| is equal to |Y| * 0 if |X| is equal to |Y|
skipping to change at line 288 skipping to change at line 329
/** /**
* \brief Compare signed values * \brief Compare signed values
* *
* \param X Left-hand MPI * \param X Left-hand MPI
* \param z The integer value to compare to * \param z The integer value to compare to
* *
* \return 1 if X is greater than z, * \return 1 if X is greater than z,
* -1 if X is lesser than z or * -1 if X is lesser than z or
* 0 if X is equal to z * 0 if X is equal to z
*/ */
int mpi_cmp_int( const mpi *X, int z ); int mpi_cmp_int( const mpi *X, t_sint z );
/** /**
* \brief Unsigned addition: X = |A| + |B| * \brief Unsigned addition: X = |A| + |B|
* *
* \param X Destination MPI * \param X Destination MPI
* \param A Left-hand MPI * \param A Left-hand MPI
* \param B Right-hand MPI * \param B Right-hand MPI
* *
* \return 0 if successful, * \return 0 if successful,
* 1 if memory allocation failed * 1 if memory allocation failed
skipping to change at line 348 skipping to change at line 389
/** /**
* \brief Signed addition: X = A + b * \brief Signed addition: X = A + b
* *
* \param X Destination MPI * \param X Destination MPI
* \param A Left-hand MPI * \param A Left-hand MPI
* \param b The integer value to add * \param b The integer value to add
* *
* \return 0 if successful, * \return 0 if successful,
* 1 if memory allocation failed * 1 if memory allocation failed
*/ */
int mpi_add_int( mpi *X, const mpi *A, int b ); int mpi_add_int( mpi *X, const mpi *A, t_sint b );
/** /**
* \brief Signed substraction: X = A - b * \brief Signed substraction: X = A - b
* *
* \param X Destination MPI * \param X Destination MPI
* \param A Left-hand MPI * \param A Left-hand MPI
* \param b The integer value to subtract * \param b The integer value to subtract
* *
* \return 0 if successful, * \return 0 if successful,
* 1 if memory allocation failed * 1 if memory allocation failed
*/ */
int mpi_sub_int( mpi *X, const mpi *A, int b ); int mpi_sub_int( mpi *X, const mpi *A, t_sint b );
/** /**
* \brief Baseline multiplication: X = A * B * \brief Baseline multiplication: X = A * B
* *
* \param X Destination MPI * \param X Destination MPI
* \param A Left-hand MPI * \param A Left-hand MPI
* \param B Right-hand MPI * \param B Right-hand MPI
* *
* \return 0 if successful, * \return 0 if successful,
* 1 if memory allocation failed * 1 if memory allocation failed
skipping to change at line 386 skipping to change at line 427
* Note: b is an unsigned integer type, thus * Note: b is an unsigned integer type, thus
* Negative values of b are ignored. * Negative values of b are ignored.
* *
* \param X Destination MPI * \param X Destination MPI
* \param A Left-hand MPI * \param A Left-hand MPI
* \param b The integer value to multiply with * \param b The integer value to multiply with
* *
* \return 0 if successful, * \return 0 if successful,
* 1 if memory allocation failed * 1 if memory allocation failed
*/ */
int mpi_mul_int( mpi *X, const mpi *A, t_int b ); int mpi_mul_int( mpi *X, const mpi *A, t_sint b );
/** /**
* \brief Division by mpi: A = Q * B + R * \brief Division by mpi: A = Q * B + R
* *
* \param Q Destination MPI for the quotient * \param Q Destination MPI for the quotient
* \param R Destination MPI for the rest value * \param R Destination MPI for the rest value
* \param A Left-hand MPI * \param A Left-hand MPI
* \param B Right-hand MPI * \param B Right-hand MPI
* *
* \return 0 if successful, * \return 0 if successful,
skipping to change at line 418 skipping to change at line 459
* \param R Destination MPI for the rest value * \param R Destination MPI for the rest value
* \param A Left-hand MPI * \param A Left-hand MPI
* \param b Integer to divide by * \param b Integer to divide by
* *
* \return 0 if successful, * \return 0 if successful,
* 1 if memory allocation failed, * 1 if memory allocation failed,
* POLARSSL_ERR_MPI_DIVISION_BY_ZERO if b == 0 * POLARSSL_ERR_MPI_DIVISION_BY_ZERO if b == 0
* *
* \note Either Q or R can be NULL. * \note Either Q or R can be NULL.
*/ */
int mpi_div_int( mpi *Q, mpi *R, const mpi *A, int b ); int mpi_div_int( mpi *Q, mpi *R, const mpi *A, t_sint b );
/** /**
* \brief Modulo: R = A mod B * \brief Modulo: R = A mod B
* *
* \param R Destination MPI for the rest value * \param R Destination MPI for the rest value
* \param A Left-hand MPI * \param A Left-hand MPI
* \param B Right-hand MPI * \param B Right-hand MPI
* *
* \return 0 if successful, * \return 0 if successful,
* 1 if memory allocation failed, * 1 if memory allocation failed,
* POLARSSL_ERR_MPI_DIVISION_BY_ZERO if B == 0, * POLARSSL_ERR_MPI_DIVISION_BY_ZERO if B == 0,
* POLARSSL_ERR_MPI_NEGATIVE_VALUE if B < 0 * POLARSSL_ERR_MPI_NEGATIVE_VALUE if B < 0
*/ */
int mpi_mod_mpi( mpi *R, const mpi *A, const mpi *B ); int mpi_mod_mpi( mpi *R, const mpi *A, const mpi *B );
/** /**
* \brief Modulo: r = A mod b * \brief Modulo: r = A mod b
* *
* \param r Destination t_int * \param r Destination t_uint
* \param A Left-hand MPI * \param A Left-hand MPI
* \param b Integer to divide by * \param b Integer to divide by
* *
* \return 0 if successful, * \return 0 if successful,
* 1 if memory allocation failed, * 1 if memory allocation failed,
* POLARSSL_ERR_MPI_DIVISION_BY_ZERO if b == 0, * POLARSSL_ERR_MPI_DIVISION_BY_ZERO if b == 0,
* POLARSSL_ERR_MPI_NEGATIVE_VALUE if b < 0 * POLARSSL_ERR_MPI_NEGATIVE_VALUE if b < 0
*/ */
int mpi_mod_int( t_int *r, const mpi *A, int b ); int mpi_mod_int( t_uint *r, const mpi *A, t_sint b );
/** /**
* \brief Sliding-window exponentiation: X = A^E mod N * \brief Sliding-window exponentiation: X = A^E mod N
* *
* \param X Destination MPI * \param X Destination MPI
* \param A Left-hand MPI * \param A Left-hand MPI
* \param E Exponent MPI * \param E Exponent MPI
* \param N Modular MPI * \param N Modular MPI
* \param _RR Speed-up MPI used for recalculations * \param _RR Speed-up MPI used for recalculations
* *
skipping to change at line 468 skipping to change at line 509
* 1 if memory allocation failed, * 1 if memory allocation failed,
* POLARSSL_ERR_MPI_BAD_INPUT_DATA if N is negative or even * POLARSSL_ERR_MPI_BAD_INPUT_DATA if N is negative or even
* *
* \note _RR is used to avoid re-computing R*R mod N across * \note _RR is used to avoid re-computing R*R mod N across
* multiple calls, which speeds up things a bit. It can * multiple calls, which speeds up things a bit. It can
* be set to NULL if the extra performance is unneeded. * be set to NULL if the extra performance is unneeded.
*/ */
int mpi_exp_mod( mpi *X, const mpi *A, const mpi *E, const mpi *N, mpi *_RR ); int mpi_exp_mod( mpi *X, const mpi *A, const mpi *E, const mpi *N, mpi *_RR );
/** /**
* \brief Fill an MPI X with size bytes of random
*
* \param X Destination MPI
* \param size Size in bytes
* \param f_rng RNG function
* \param p_rng RNG parameter
*
* \return 0 if successful,
* 1 if memory allocation failed
*/
int mpi_fill_random( mpi *X, size_t size, int (*f_rng)(void *), void *p_rng
);
/**
* \brief Greatest common divisor: G = gcd(A, B) * \brief Greatest common divisor: G = gcd(A, B)
* *
* \param G Destination MPI * \param G Destination MPI
* \param A Left-hand MPI * \param A Left-hand MPI
* \param B Right-hand MPI * \param B Right-hand MPI
* *
* \return 0 if successful, * \return 0 if successful,
* 1 if memory allocation failed * 1 if memory allocation failed
*/ */
int mpi_gcd( mpi *G, const mpi *A, const mpi *B ); int mpi_gcd( mpi *G, const mpi *A, const mpi *B );
skipping to change at line 510 skipping to change at line 564
* \return 0 if successful (probably prime), * \return 0 if successful (probably prime),
* 1 if memory allocation failed, * 1 if memory allocation failed,
* POLARSSL_ERR_MPI_NOT_ACCEPTABLE if X is not prime * POLARSSL_ERR_MPI_NOT_ACCEPTABLE if X is not prime
*/ */
int mpi_is_prime( mpi *X, int (*f_rng)(void *), void *p_rng ); int mpi_is_prime( mpi *X, int (*f_rng)(void *), void *p_rng );
/** /**
* \brief Prime number generation * \brief Prime number generation
* *
* \param X Destination MPI * \param X Destination MPI
* \param nbits Required size of X in bits * \param nbits Required size of X in bits ( 3 <= nbits <= 4096 )
* \param dh_flag If 1, then (X-1)/2 will be prime too * \param dh_flag If 1, then (X-1)/2 will be prime too
* \param f_rng RNG function * \param f_rng RNG function
* \param p_rng RNG parameter * \param p_rng RNG parameter
* *
* \return 0 if successful (probably prime), * \return 0 if successful (probably prime),
* 1 if memory allocation failed, * 1 if memory allocation failed,
* POLARSSL_ERR_MPI_BAD_INPUT_DATA if nbits is < 3 * POLARSSL_ERR_MPI_BAD_INPUT_DATA if nbits is < 3
*/ */
int mpi_gen_prime( mpi *X, int nbits, int dh_flag, int mpi_gen_prime( mpi *X, size_t nbits, int dh_flag,
int (*f_rng)(void *), void *p_rng ); int (*f_rng)(void *), void *p_rng );
/** /**
* \brief Checkup routine * \brief Checkup routine
* *
* \return 0 if successful, or 1 if the test failed * \return 0 if successful, or 1 if the test failed
*/ */
int mpi_self_test( int verbose ); int mpi_self_test( int verbose );
#ifdef __cplusplus #ifdef __cplusplus
 End of changes. 35 change blocks. 
40 lines changed or deleted 102 lines changed or added


 bn_mul.h   bn_mul.h 
/** /**
* \file bn_mul.h * \file bn_mul.h
* *
* \brief Multi-precision integer library
*
* Copyright (C) 2006-2010, Brainspark B.V. * Copyright (C) 2006-2010, Brainspark B.V.
* *
* This file is part of PolarSSL (http://www.polarssl.org) * This file is part of PolarSSL (http://www.polarssl.org)
* Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org> * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
* *
* All rights reserved. * All rights reserved.
* *
* This program is free software; you can redistribute it and/or modify * This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by * it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or * the Free Software Foundation; either version 2 of the License, or
skipping to change at line 694 skipping to change at line 696
#endif /* SSE2 */ #endif /* SSE2 */
#endif /* MSVC */ #endif /* MSVC */
#endif /* POLARSSL_HAVE_ASM */ #endif /* POLARSSL_HAVE_ASM */
#if !defined(MULADDC_CORE) #if !defined(MULADDC_CORE)
#if defined(POLARSSL_HAVE_LONGLONG) #if defined(POLARSSL_HAVE_LONGLONG)
#define MULADDC_INIT \ #define MULADDC_INIT \
{ \ { \
t_dbl r; \ t_udbl r; \
t_int r0, r1; t_uint r0, r1;
#define MULADDC_CORE \ #define MULADDC_CORE \
r = *(s++) * (t_dbl) b; \ r = *(s++) * (t_udbl) b; \
r0 = r; \ r0 = r; \
r1 = r >> biL; \ r1 = r >> biL; \
r0 += c; r1 += (r0 < c); \ r0 += c; r1 += (r0 < c); \
r0 += *d; r1 += (r0 < *d); \ r0 += *d; r1 += (r0 < *d); \
c = r1; *(d++) = r0; c = r1; *(d++) = r0;
#define MULADDC_STOP \ #define MULADDC_STOP \
} }
#else #else
#define MULADDC_INIT \ #define MULADDC_INIT \
{ \ { \
t_int s0, s1, b0, b1; \ t_uint s0, s1, b0, b1; \
t_int r0, r1, rx, ry; \ t_uint r0, r1, rx, ry; \
b0 = ( b << biH ) >> biH; \ b0 = ( b << biH ) >> biH; \
b1 = ( b >> biH ); b1 = ( b >> biH );
#define MULADDC_CORE \ #define MULADDC_CORE \
s0 = ( *s << biH ) >> biH; \ s0 = ( *s << biH ) >> biH; \
s1 = ( *s >> biH ); s++; \ s1 = ( *s >> biH ); s++; \
rx = s0 * b1; r0 = s0 * b0; \ rx = s0 * b1; r0 = s0 * b0; \
ry = s1 * b0; r1 = s1 * b1; \ ry = s1 * b0; r1 = s1 * b1; \
r1 += ( rx >> biH ); \ r1 += ( rx >> biH ); \
r1 += ( ry >> biH ); \ r1 += ( ry >> biH ); \
 End of changes. 4 change blocks. 
5 lines changed or deleted 7 lines changed or added


 camellia.h   camellia.h 
/** /**
* \file camellia.h * \file camellia.h
* *
* \brief Camellia block cipher
*
* Copyright (C) 2006-2010, Brainspark B.V. * Copyright (C) 2006-2010, Brainspark B.V.
* *
* This file is part of PolarSSL (http://www.polarssl.org) * This file is part of PolarSSL (http://www.polarssl.org)
* Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org> * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
* *
* All rights reserved. * All rights reserved.
* *
* This program is free software; you can redistribute it and/or modify * This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by * it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or * the Free Software Foundation; either version 2 of the License, or
skipping to change at line 28 skipping to change at line 30
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details. * GNU General Public License for more details.
* *
* You should have received a copy of the GNU General Public License along * You should have received a copy of the GNU General Public License along
* with this program; if not, write to the Free Software Foundation, Inc., * with this program; if not, write to the Free Software Foundation, Inc.,
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*/ */
#ifndef POLARSSL_CAMELLIA_H #ifndef POLARSSL_CAMELLIA_H
#define POLARSSL_CAMELLIA_H #define POLARSSL_CAMELLIA_H
#include <string.h>
#ifdef _MSC_VER #ifdef _MSC_VER
#include <basetsd.h> #include <basetsd.h>
typedef UINT32 uint32_t; typedef UINT32 uint32_t;
#else #else
#include <inttypes.h> #include <inttypes.h>
#endif #endif
#define CAMELLIA_ENCRYPT 1 #define CAMELLIA_ENCRYPT 1
#define CAMELLIA_DECRYPT 0 #define CAMELLIA_DECRYPT 0
#define POLARSSL_ERR_CAMELLIA_INVALID_KEY_LENGTH -0x0a00 #define POLARSSL_ERR_CAMELLIA_INVALID_KEY_LENGTH -0x0024 /**< In
#define POLARSSL_ERR_CAMELLIA_INVALID_INPUT_LENGTH -0x0a10 valid key length. */
#define POLARSSL_ERR_CAMELLIA_INVALID_INPUT_LENGTH -0x0026 /**< In
valid data input length. */
/** /**
* \brief CAMELLIA context structure * \brief CAMELLIA context structure
*/ */
typedef struct typedef struct
{ {
int nr; /*!< number of rounds */ int nr; /*!< number of rounds */
uint32_t rk[68]; /*!< CAMELLIA round keys */ uint32_t rk[68]; /*!< CAMELLIA round keys */
} }
camellia_context; camellia_context;
skipping to change at line 64 skipping to change at line 68
/** /**
* \brief CAMELLIA key schedule (encryption) * \brief CAMELLIA key schedule (encryption)
* *
* \param ctx CAMELLIA context to be initialized * \param ctx CAMELLIA context to be initialized
* \param key encryption key * \param key encryption key
* \param keysize must be 128, 192 or 256 * \param keysize must be 128, 192 or 256
* *
* \return 0 if successful, or POLARSSL_ERR_CAMELLIA_INVALID_KEY_LE NGTH * \return 0 if successful, or POLARSSL_ERR_CAMELLIA_INVALID_KEY_LE NGTH
*/ */
int camellia_setkey_enc( camellia_context *ctx, const unsigned char *key, i nt keysize ); int camellia_setkey_enc( camellia_context *ctx, const unsigned char *key, u nsigned int keysize );
/** /**
* \brief CAMELLIA key schedule (decryption) * \brief CAMELLIA key schedule (decryption)
* *
* \param ctx CAMELLIA context to be initialized * \param ctx CAMELLIA context to be initialized
* \param key decryption key * \param key decryption key
* \param keysize must be 128, 192 or 256 * \param keysize must be 128, 192 or 256
* *
* \return 0 if successful, or POLARSSL_ERR_CAMELLIA_INVALID_KEY_LE NGTH * \return 0 if successful, or POLARSSL_ERR_CAMELLIA_INVALID_KEY_LE NGTH
*/ */
int camellia_setkey_dec( camellia_context *ctx, const unsigned char *key, i nt keysize ); int camellia_setkey_dec( camellia_context *ctx, const unsigned char *key, u nsigned int keysize );
/** /**
* \brief CAMELLIA-ECB block encryption/decryption * \brief CAMELLIA-ECB block encryption/decryption
* *
* \param ctx CAMELLIA context * \param ctx CAMELLIA context
* \param mode CAMELLIA_ENCRYPT or CAMELLIA_DECRYPT * \param mode CAMELLIA_ENCRYPT or CAMELLIA_DECRYPT
* \param input 16-byte input block * \param input 16-byte input block
* \param output 16-byte output block * \param output 16-byte output block
* *
* \return 0 if successful * \return 0 if successful
skipping to change at line 108 skipping to change at line 112
* \param mode CAMELLIA_ENCRYPT or CAMELLIA_DECRYPT * \param mode CAMELLIA_ENCRYPT or CAMELLIA_DECRYPT
* \param length length of the input data * \param length length of the input data
* \param iv initialization vector (updated after use) * \param iv initialization vector (updated after use)
* \param input buffer holding the input data * \param input buffer holding the input data
* \param output buffer holding the output data * \param output buffer holding the output data
* *
* \return 0 if successful, or POLARSSL_ERR_CAMELLIA_INVALID_INPUT_ LENGTH * \return 0 if successful, or POLARSSL_ERR_CAMELLIA_INVALID_INPUT_ LENGTH
*/ */
int camellia_crypt_cbc( camellia_context *ctx, int camellia_crypt_cbc( camellia_context *ctx,
int mode, int mode,
int length, size_t length,
unsigned char iv[16], unsigned char iv[16],
const unsigned char *input, const unsigned char *input,
unsigned char *output ); unsigned char *output );
/** /**
* \brief CAMELLIA-CFB128 buffer encryption/decryption * \brief CAMELLIA-CFB128 buffer encryption/decryption
* *
* \param ctx CAMELLIA context * \param ctx CAMELLIA context
* \param mode CAMELLIA_ENCRYPT or CAMELLIA_DECRYPT * \param mode CAMELLIA_ENCRYPT or CAMELLIA_DECRYPT
* \param length length of the input data * \param length length of the input data
* \param iv_off offset in IV (updated after use) * \param iv_off offset in IV (updated after use)
* \param iv initialization vector (updated after use) * \param iv initialization vector (updated after use)
* \param input buffer holding the input data * \param input buffer holding the input data
* \param output buffer holding the output data * \param output buffer holding the output data
* *
* \return 0 if successful, or POLARSSL_ERR_CAMELLIA_INVALID_INPUT_ LENGTH * \return 0 if successful, or POLARSSL_ERR_CAMELLIA_INVALID_INPUT_ LENGTH
*/ */
int camellia_crypt_cfb128( camellia_context *ctx, int camellia_crypt_cfb128( camellia_context *ctx,
int mode, int mode,
int length, size_t length,
int *iv_off, size_t *iv_off,
unsigned char iv[16], unsigned char iv[16],
const unsigned char *input, const unsigned char *input,
unsigned char *output ); unsigned char *output );
/*
* \brief CAMELLIA-CTR buffer encryption/decryption
*
* Warning: You have to keep the maximum use of your counter in mind!
*
* \param length The length of the data
* \param nc_off The offset in the current stream_block (for resumin
g
* within current cipher stream). The offset pointer t
o
* should be 0 at the start of a stream.
* \param nonce_counter The 128-bit nonce and counter.
* \param stream_block The saved stream-block for resuming. Is overwritten
* by the function.
* \param input The input data stream
* \param output The output data stream
*
* \return 0 if successful
*/
int camellia_crypt_ctr( camellia_context *ctx,
size_t length,
size_t *nc_off,
unsigned char nonce_counter[16],
unsigned char stream_block[16],
const unsigned char *input,
unsigned char *output );
/** /**
* \brief Checkup routine * \brief Checkup routine
* *
* \return 0 if successful, or 1 if the test failed * \return 0 if successful, or 1 if the test failed
*/ */
int camellia_self_test( int verbose ); int camellia_self_test( int verbose );
#ifdef __cplusplus #ifdef __cplusplus
} }
#endif #endif
 End of changes. 8 change blocks. 
7 lines changed or deleted 40 lines changed or added


 certs.h   certs.h 
/** /**
* \file certs.h * \file certs.h
* *
* \brief Sample certificates and DHM parameters for testing
*
* Copyright (C) 2006-2010, Brainspark B.V. * Copyright (C) 2006-2010, Brainspark B.V.
* *
* This file is part of PolarSSL (http://www.polarssl.org) * This file is part of PolarSSL (http://www.polarssl.org)
* Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org> * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
* *
* All rights reserved. * All rights reserved.
* *
* This program is free software; you can redistribute it and/or modify * This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by * it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or * the Free Software Foundation; either version 2 of the License, or
skipping to change at line 39 skipping to change at line 41
extern "C" { extern "C" {
#endif #endif
extern const char test_ca_crt[]; extern const char test_ca_crt[];
extern const char test_ca_key[]; extern const char test_ca_key[];
extern const char test_ca_pwd[]; extern const char test_ca_pwd[];
extern const char test_srv_crt[]; extern const char test_srv_crt[];
extern const char test_srv_key[]; extern const char test_srv_key[];
extern const char test_cli_crt[]; extern const char test_cli_crt[];
extern const char test_cli_key[]; extern const char test_cli_key[];
extern const char test_dhm_params[];
#ifdef __cplusplus #ifdef __cplusplus
} }
#endif #endif
#endif /* certs.h */ #endif /* certs.h */
 End of changes. 2 change blocks. 
0 lines changed or deleted 3 lines changed or added


 config.h   config.h 
/** /**
* \file config.h * \file config.h
* *
* \brief Configuration options (set of defines)
*
* Copyright (C) 2006-2010, Brainspark B.V. * Copyright (C) 2006-2010, Brainspark B.V.
* *
* This file is part of PolarSSL (http://www.polarssl.org) * This file is part of PolarSSL (http://www.polarssl.org)
* Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org> * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
* *
* All rights reserved. * All rights reserved.
* *
* This program is free software; you can redistribute it and/or modify * This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by * it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or * the Free Software Foundation; either version 2 of the License, or
skipping to change at line 36 skipping to change at line 38
* or disable features selectively, and reduce the global * or disable features selectively, and reduce the global
* memory footprint. * memory footprint.
*/ */
#ifndef POLARSSL_CONFIG_H #ifndef POLARSSL_CONFIG_H
#define POLARSSL_CONFIG_H #define POLARSSL_CONFIG_H
#ifndef _CRT_SECURE_NO_DEPRECATE #ifndef _CRT_SECURE_NO_DEPRECATE
#define _CRT_SECURE_NO_DEPRECATE 1 #define _CRT_SECURE_NO_DEPRECATE 1
#endif #endif
/* /**
* Uncomment if native integers are 8-bit wide. * \name SECTION: System support
*
* This section sets system specific settings.
* \{
*/
/**
* \def POLARSSL_HAVE_INT8
* *
* The system uses 8-bit wide native integers.
*
* Uncomment if native integers are 8-bit wide.
#define POLARSSL_HAVE_INT8 #define POLARSSL_HAVE_INT8
*/ */
/* /**
* Uncomment if native integers are 16-bit wide. * \def POLARSSL_HAVE_INT16
*
* The system uses 16-bit wide native integers.
* *
* Uncomment if native integers are 16-bit wide.
#define POLARSSL_HAVE_INT16 #define POLARSSL_HAVE_INT16
*/ */
/* /**
* Uncomment if the compiler supports long long. * \def POLARSSL_HAVE_LONGLONG
* *
* The compiler supports the use of long long.
*
* Uncomment if the compiler supports long long.
#define POLARSSL_HAVE_LONGLONG #define POLARSSL_HAVE_LONGLONG
*/ */
/* /**
* \def POLARSSL_HAVE_ASM
*
* The compiler has support for asm()
*
* Uncomment to enable the use of assembly code. * Uncomment to enable the use of assembly code.
* *
* Requires support for asm() in compiler. * Requires support for asm() in compiler.
* *
* Used in: * Used in:
* library/timing.c * library/timing.c
* library/padlock.c * library/padlock.c
* include/polarssl/bn_mul.h * include/polarssl/bn_mul.h
* *
*/ */
#define POLARSSL_HAVE_ASM #define POLARSSL_HAVE_ASM
/* /**
* \def POLARSSL_HAVE_SSE2
*
* CPI supports SSE2 instruction set.
*
* Uncomment if the CPU supports SSE2 (IA-32 specific). * Uncomment if the CPU supports SSE2 (IA-32 specific).
* *
#define POLARSSL_HAVE_SSE2 #define POLARSSL_HAVE_SSE2
*/ */
/* \} name */
/* /**
* \name SECTION: PolarSSL feature support
*
* This section sets support for features that are or are not needed
* within the modules that are enabled.
* \{
*/
/**
* \def POLARSSL_AES_ROM_TABLES
*
* Store the AES tables in ROM.
*
* Uncomment this macro to store the AES tables in ROM.
*
#define POLARSSL_AES_ROM_TABLES
*/
/**
* \def POLARSSL_CIPHER_MODE_CFB
*
* Enable Cipher Feedback mode (CFB) for symmetric ciphers.
*/
#define POLARSSL_CIPHER_MODE_CFB
/**
* \def POLARSSL_CIPHER_MODE_CTR
*
* Enable Counter Block Cipher mode (CTR) for symmetric ciphers.
*/
#define POLARSSL_CIPHER_MODE_CTR
/**
* \def POLARSSL_DEBUG_MSG
*
* Requires: POLARSSL_DEBUG_C
*
* Enable all SSL/TLS debugging messages. * Enable all SSL/TLS debugging messages.
*/ */
#define POLARSSL_DEBUG_MSG #define POLARSSL_DEBUG_MSG
/* /**
* Enable the checkup functions (*_self_test). * \def POLARSSL_GENPRIME
*
* Requires: POLARSSL_BIGNUM_C, POLARSSL_RSA_C
*
* Enable the RSA prime-number generation code.
*/ */
#define POLARSSL_SELF_TEST #define POLARSSL_GENPRIME
/* /**
* Enable run-time version information functions * \def POLARSSL_FS_IO
*
* Enable functions that use the filesystem.
*/ */
#define POLARSSL_VERSION_C #define POLARSSL_FS_IO
/* /**
* Enable the prime-number generation code. * \def POLARSSL_PKCS1_V21
*
* Requires: POLARSSL_MD_C, POLARSSL_RSA_C
*
* Enable support for PKCS#1 v2.1 encoding.
* This enables support for RSAES-OAEP and RSASSA-PSS operations.
*/ */
#define POLARSSL_GENPRIME #define POLARSSL_PKCS1_V21
/* /**
* Uncomment this macro to store the AES tables in ROM. * \def POLARSSL_RSA_NO_CRT
* *
#define POLARSSL_AES_ROM_TABLES * Do not use the Chinese Remainder Theorem for the RSA private operation.
*
* Uncomment this macro to disable the use of CRT in RSA.
*
#define POLARSSL_RSA_NO_CRT
*/ */
/* /**
* \def POLARSSL_SELF_TEST
*
* Enable the checkup functions (*_self_test).
*/
#define POLARSSL_SELF_TEST
/**
* \def POLARSSL_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION
*
* If set, the X509 parser will not break-off when parsing an X509 certific
ate
* and encountering an unknown critical extension.
*
* Uncomment to prevent an error.
*
#define POLARSSL_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION
*/
/* \} name */
/**
* \name SECTION: PolarSSL modules
*
* This section enables or disables entire modules in PolarSSL
* \{
*/
/**
* \def POLARSSL_AES_C
*
* Enable the AES block cipher.
*
* Module: library/aes.c * Module: library/aes.c
* Caller: library/ssl_tls.c * Caller: library/ssl_tls.c
* library/pem.c
* *
* This module enables the following ciphersuites: * This module enables the following ciphersuites:
* SSL_RSA_AES_128_SHA * SSL_RSA_AES_128_SHA
* SSL_RSA_AES_256_SHA * SSL_RSA_AES_256_SHA
* SSL_EDH_RSA_AES_256_SHA * SSL_EDH_RSA_AES_256_SHA
*/ */
#define POLARSSL_AES_C #define POLARSSL_AES_C
/* /**
* \def POLARSSL_ARC4_C
*
* Enable the ARCFOUR stream cipher.
*
* Module: library/arc4.c * Module: library/arc4.c
* Caller: library/ssl_tls.c * Caller: library/ssl_tls.c
* *
* This module enables the following ciphersuites: * This module enables the following ciphersuites:
* SSL_RSA_RC4_128_MD5 * SSL_RSA_RC4_128_MD5
* SSL_RSA_RC4_128_SHA * SSL_RSA_RC4_128_SHA
*/ */
#define POLARSSL_ARC4_C #define POLARSSL_ARC4_C
/* /**
* \def POLARSSL_BASE64_C
*
* Enable the Base64 module.
*
* Module: library/base64.c * Module: library/base64.c
* Caller: library/x509parse.c * Caller: library/pem.c
* *
* This module is required for X.509 support. * This module is required for PEM support (required by X.509).
*/ */
#define POLARSSL_BASE64_C #define POLARSSL_BASE64_C
/* /**
* \def POLARSSL_BIGNUM_C
*
* Enable the multo-precision integer library.
*
* Module: library/bignum.c * Module: library/bignum.c
* Caller: library/dhm.c * Caller: library/dhm.c
* library/rsa.c * library/rsa.c
* library/ssl_tls.c * library/ssl_tls.c
* library/x509parse.c * library/x509parse.c
* *
* This module is required for RSA and DHM support. * This module is required for RSA and DHM support.
*/ */
#define POLARSSL_BIGNUM_C #define POLARSSL_BIGNUM_C
/* /**
* \def POLARSSL_CAMELLIA_C
*
* Enable the Camellia block cipher.
*
* Module: library/camellia.c * Module: library/camellia.c
* Caller: library/ssl_tls.c * Caller: library/ssl_tls.c
* *
* This module enabled the following cipher suites: * This module enabled the following cipher suites:
* SSL_RSA_CAMELLIA_128_SHA * SSL_RSA_CAMELLIA_128_SHA
* SSL_RSA_CAMELLIA_256_SHA * SSL_RSA_CAMELLIA_256_SHA
* SSL_EDH_RSA_CAMELLIA_256_SHA * SSL_EDH_RSA_CAMELLIA_256_SHA
*/ */
#define POLARSSL_CAMELLIA_C #define POLARSSL_CAMELLIA_C
/* /**
* \def POLARSSL_CERTS_C
*
* Enable the test certificates.
*
* Module: library/certs.c * Module: library/certs.c
* Caller: * Caller:
* *
* This module is used for testing (ssl_client/server). * This module is used for testing (ssl_client/server).
*/ */
#define POLARSSL_CERTS_C #define POLARSSL_CERTS_C
/* /**
* \def POLARSSL_CIPHER_C
*
* Enable the generic cipher layer.
*
* Module: library/cipher.c
* Caller:
*
* Uncomment to enable generic cipher wrappers.
*/
#define POLARSSL_CIPHER_C
/**
* \def POLARSSL_DEBUG_C
*
* Enable the debug functions.
*
* Module: library/debug.c * Module: library/debug.c
* Caller: library/ssl_cli.c * Caller: library/ssl_cli.c
* library/ssl_srv.c * library/ssl_srv.c
* library/ssl_tls.c * library/ssl_tls.c
* *
* This module provides debugging functions. * This module provides debugging functions.
*/ */
#define POLARSSL_DEBUG_C #define POLARSSL_DEBUG_C
/* /**
* \def POLARSSL_DES_C
*
* Enable the DES block cipher.
*
* Module: library/des.c * Module: library/des.c
* Caller: library/ssl_tls.c * Caller: library/ssl_tls.c
* *
* This module enables the following ciphersuites: * This module enables the following ciphersuites:
* SSL_RSA_DES_168_SHA * SSL_RSA_DES_168_SHA
* SSL_EDH_RSA_DES_168_SHA * SSL_EDH_RSA_DES_168_SHA
*/ */
#define POLARSSL_DES_C #define POLARSSL_DES_C
/* /**
* \def POLARSSL_DHM_C
*
* Enable the Diffie-Hellman-Merkle key exchange.
*
* Module: library/dhm.c * Module: library/dhm.c
* Caller: library/ssl_cli.c * Caller: library/ssl_cli.c
* library/ssl_srv.c * library/ssl_srv.c
* *
* This module enables the following ciphersuites: * This module enables the following ciphersuites:
* SSL_EDH_RSA_DES_168_SHA * SSL_EDH_RSA_DES_168_SHA
* SSL_EDH_RSA_AES_256_SHA * SSL_EDH_RSA_AES_256_SHA
* SSL_EDH_RSA_CAMELLIA_256_SHA * SSL_EDH_RSA_CAMELLIA_256_SHA
*/ */
#define POLARSSL_DHM_C #define POLARSSL_DHM_C
/* /**
* \def POLARSSL_ERROR_C
*
* Enable error code to error string conversion.
*
* Module: library/error.c
* Caller:
*
* This module enables err_strerror().
*/
#define POLARSSL_ERROR_C
/**
* \def POLARSSL_HAVEGE_C
*
* Enable the HAVEGE random generator.
*
* Module: library/havege.c * Module: library/havege.c
* Caller: * Caller:
* *
* Requires: POLARSSL_TIMING_C
*
* This module enables the HAVEGE random number generator. * This module enables the HAVEGE random number generator.
*/ */
#define POLARSSL_HAVEGE_C #define POLARSSL_HAVEGE_C
/* /**
* \def POLARSSL_MD_C
*
* Enable the generic message digest layer.
*
* Module: library/md.c
* Caller:
*
* Uncomment to enable generic message digest wrappers.
*/
#define POLARSSL_MD_C
/**
* \def POLARSSL_MD2_C
*
* Enable the MD2 hash algorithm
*
* Module: library/md2.c * Module: library/md2.c
* Caller: library/x509parse.c * Caller: library/x509parse.c
* *
* Uncomment to enable support for (rare) MD2-signed X.509 certs. * Uncomment to enable support for (rare) MD2-signed X.509 certs.
* *
#define POLARSSL_MD2_C #define POLARSSL_MD2_C
*/ */
/* /**
* \def POLARSSL_MD4_C
*
* Enable the MD4 hash algorithm
*
* Module: library/md4.c * Module: library/md4.c
* Caller: library/x509parse.c * Caller: library/x509parse.c
* *
* Uncomment to enable support for (rare) MD4-signed X.509 certs. * Uncomment to enable support for (rare) MD4-signed X.509 certs.
* *
#define POLARSSL_MD4_C #define POLARSSL_MD4_C
*/ */
/* /**
* \def POLARSSL_MD5_C
*
* Enable the MD5 hash algorithm
*
* Module: library/md5.c * Module: library/md5.c
* Caller: library/ssl_tls.c * Caller: library/ssl_tls.c
* library/x509parse.c * library/x509parse.c
* *
* This module is required for SSL/TLS and X.509. * This module is required for SSL/TLS and X.509.
*/ */
#define POLARSSL_MD5_C #define POLARSSL_MD5_C
/* /**
* \def POLARSSL_NET_C
*
* Enable the TCP/IP networking routines.
*
* Module: library/net.c * Module: library/net.c
* Caller: * Caller:
* *
* This module provides TCP/IP networking routines. * This module provides TCP/IP networking routines.
*/ */
#define POLARSSL_NET_C #define POLARSSL_NET_C
/* /**
* \def POLARSSL_PADLOCK_C
*
* Enable VIA Padlock support on x86.
*
* Module: library/padlock.c * Module: library/padlock.c
* Caller: library/aes.c * Caller: library/aes.c
* *
* This modules adds support for the VIA PadLock on x86. * This modules adds support for the VIA PadLock on x86.
*/ */
#define POLARSSL_PADLOCK_C #define POLARSSL_PADLOCK_C
/* /**
* \def POLARSSL_PEM_C
*
* Enable PEM decoding
*
* Module: library/pem.c
* Caller: library/x509parse.c
*
* Requires: POLARSSL_BASE64_C
*
* This modules adds support for decoding PEM files.
*/
#define POLARSSL_PEM_C
/**
* \def POLARSSL_PKCS11_C
*
* Enable support for PKCS#11 smartcard support.
*
* Module: library/ssl_srv.c
* Caller: library/ssl_cli.c
* library/ssl_srv.c
*
* Requires: POLARSSL_SSL_TLS_C
*
* This module is required for SSL/TLS PKCS #11 smartcard support.
* Requires the presence of the PKCS#11 helper library (libpkcs11-helper)
#define POLARSSL_PKCS11_C
*/
/**
* \def POLARSSL_RSA_C
*
* Enable the RSA public-key cryptosystem.
*
* Module: library/rsa.c * Module: library/rsa.c
* Caller: library/ssl_cli.c * Caller: library/ssl_cli.c
* library/ssl_srv.c * library/ssl_srv.c
* library/ssl_tls.c * library/ssl_tls.c
* library/x509.c * library/x509.c
* *
* Requires: POLARSSL_BIGNUM_C
*
* This module is required for SSL/TLS and MD5-signed certificates. * This module is required for SSL/TLS and MD5-signed certificates.
*/ */
#define POLARSSL_RSA_C #define POLARSSL_RSA_C
/* /**
* \def POLARSSL_SHA1_C
*
* Enable the SHA1 cryptographic hash algorithm.
*
* Module: library/sha1.c * Module: library/sha1.c
* Caller: library/ssl_cli.c * Caller: library/ssl_cli.c
* library/ssl_srv.c * library/ssl_srv.c
* library/ssl_tls.c * library/ssl_tls.c
* library/x509parse.c * library/x509parse.c
* *
* This module is required for SSL/TLS and SHA1-signed certificates. * This module is required for SSL/TLS and SHA1-signed certificates.
*/ */
#define POLARSSL_SHA1_C #define POLARSSL_SHA1_C
/* /**
* \def POLARSSL_SHA2_C
*
* Enable the SHA-224 and SHA-256 cryptographic hash algorithms.
*
* Module: library/sha2.c * Module: library/sha2.c
* Caller: * Caller: library/md_wrap.c
* library/x509parse.c
* *
* This module adds support for SHA-224 and SHA-256. * This module adds support for SHA-224 and SHA-256.
*/ */
#define POLARSSL_SHA2_C #define POLARSSL_SHA2_C
/* /**
* \def POLARSSL_SHA4_C
*
* Enable the SHA-384 and SHA-512 cryptographic hash algorithms.
*
* Module: library/sha4.c * Module: library/sha4.c
* Caller: * Caller: library/md_wrap.c
* library/x509parse.c
* *
* This module adds support for SHA-384 and SHA-512. * This module adds support for SHA-384 and SHA-512.
*/ */
#define POLARSSL_SHA4_C #define POLARSSL_SHA4_C
/* /**
* \def POLARSSL_SSL_CLI_C
*
* Enable the SSL/TLS client code.
*
* Module: library/ssl_cli.c * Module: library/ssl_cli.c
* Caller: * Caller:
* *
* Requires: POLARSSL_SSL_TLS_C
*
* This module is required for SSL/TLS client support. * This module is required for SSL/TLS client support.
*/ */
#define POLARSSL_SSL_CLI_C #define POLARSSL_SSL_CLI_C
/* /*
* \def POLARSSL_SSL_SRV_C
*
* Enable the SSL/TLS server code.
*
* Module: library/ssl_srv.c * Module: library/ssl_srv.c
* Caller: * Caller:
* *
* Requires: POLARSSL_SSL_TLS_C
*
* This module is required for SSL/TLS server support. * This module is required for SSL/TLS server support.
*/ */
#define POLARSSL_SSL_SRV_C #define POLARSSL_SSL_SRV_C
/* /**
* \def POLARSSL_SSL_TLS_C
*
* Enable the generic SSL/TLS code.
*
* Module: library/ssl_tls.c * Module: library/ssl_tls.c
* Caller: library/ssl_cli.c * Caller: library/ssl_cli.c
* library/ssl_srv.c * library/ssl_srv.c
* *
* Requires: POLARSSL_MD5_C, POLARSSL_SHA1_C, POLARSSL_X509_PARSE_C
*
* This module is required for SSL/TLS. * This module is required for SSL/TLS.
*/ */
#define POLARSSL_SSL_TLS_C #define POLARSSL_SSL_TLS_C
/* /**
* \def POLARSSL_TIMING_C
*
* Enable the portable timing interface.
*
* Module: library/timing.c * Module: library/timing.c
* Caller: library/havege.c * Caller: library/havege.c
* *
* This module is used by the HAVEGE random number generator. * This module is used by the HAVEGE random number generator.
*/ */
#define POLARSSL_TIMING_C #define POLARSSL_TIMING_C
/* /**
* \def POLARSSL_VERSION_C
*
* Enable run-time version information.
*
* Module: library/version.c
*
* This module provides run-time version information.
*/
#define POLARSSL_VERSION_C
/**
* \def POLARSSL_X509_PARSE_C
*
* Enable X.509 certificate parsing.
*
* Module: library/x509parse.c * Module: library/x509parse.c
* Caller: library/ssl_cli.c * Caller: library/ssl_cli.c
* library/ssl_srv.c * library/ssl_srv.c
* library/ssl_tls.c * library/ssl_tls.c
* *
* Requires: POLARSSL_BIGNUM_C, POLARSSL_RSA_C
*
* This module is required for X.509 certificate parsing. * This module is required for X.509 certificate parsing.
*/ */
#define POLARSSL_X509_PARSE_C #define POLARSSL_X509_PARSE_C
/* /**
* Module: library/x509_write.c * \def POLARSSL_XTEA_C
* Caller: *
* Enable the XTEA block cipher.
* *
* This module is required for X.509 certificate writing.
*/
#define POLARSSL_X509_WRITE_C
/*
* Module: library/xtea.c * Module: library/xtea.c
* Caller: * Caller:
*/ */
#define POLARSSL_XTEA_C #define POLARSSL_XTEA_C
/* \} name */
#endif /* config.h */ #endif /* config.h */
 End of changes. 57 change blocks. 
56 lines changed or deleted 346 lines changed or added


 debug.h   debug.h 
/** /**
* \file debug.h * \file debug.h
* *
* \brief Debug functions
*
* Copyright (C) 2006-2010, Brainspark B.V. * Copyright (C) 2006-2010, Brainspark B.V.
* *
* This file is part of PolarSSL (http://www.polarssl.org) * This file is part of PolarSSL (http://www.polarssl.org)
* Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org> * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
* *
* All rights reserved. * All rights reserved.
* *
* This program is free software; you can redistribute it and/or modify * This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by * it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or * the Free Software Foundation; either version 2 of the License, or
skipping to change at line 31 skipping to change at line 33
* You should have received a copy of the GNU General Public License along * You should have received a copy of the GNU General Public License along
* with this program; if not, write to the Free Software Foundation, Inc., * with this program; if not, write to the Free Software Foundation, Inc.,
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*/ */
#ifndef SSL_DEBUG_H #ifndef SSL_DEBUG_H
#define SSL_DEBUG_H #define SSL_DEBUG_H
#include "polarssl/config.h" #include "polarssl/config.h"
#include "polarssl/ssl.h" #include "polarssl/ssl.h"
#if defined(POLARSSL_DEBUG_MSG) #if defined(POLARSSL_DEBUG_MSG) && defined(POLARSSL_DEBUG_C)
#define SSL_DEBUG_MSG( level, args ) \ #define SSL_DEBUG_MSG( level, args ) \
debug_print_msg( ssl, level, __FILE__, __LINE__, debug_fmt args ); debug_print_msg( ssl, level, __FILE__, __LINE__, debug_fmt args );
#define SSL_DEBUG_RET( level, text, ret ) \ #define SSL_DEBUG_RET( level, text, ret ) \
debug_print_ret( ssl, level, __FILE__, __LINE__, text, ret ); debug_print_ret( ssl, level, __FILE__, __LINE__, text, ret );
#define SSL_DEBUG_BUF( level, text, buf, len ) \ #define SSL_DEBUG_BUF( level, text, buf, len ) \
debug_print_buf( ssl, level, __FILE__, __LINE__, text, buf, len ); debug_print_buf( ssl, level, __FILE__, __LINE__, text, buf, len );
skipping to change at line 73 skipping to change at line 75
void debug_print_msg( const ssl_context *ssl, int level, void debug_print_msg( const ssl_context *ssl, int level,
const char *file, int line, const char *text ); const char *file, int line, const char *text );
void debug_print_ret( const ssl_context *ssl, int level, void debug_print_ret( const ssl_context *ssl, int level,
const char *file, int line, const char *file, int line,
const char *text, int ret ); const char *text, int ret );
void debug_print_buf( const ssl_context *ssl, int level, void debug_print_buf( const ssl_context *ssl, int level,
const char *file, int line, const char *text, const char *file, int line, const char *text,
unsigned char *buf, int len ); unsigned char *buf, size_t len );
void debug_print_mpi( const ssl_context *ssl, int level, void debug_print_mpi( const ssl_context *ssl, int level,
const char *file, int line, const char *file, int line,
const char *text, const mpi *X ); const char *text, const mpi *X );
void debug_print_crt( const ssl_context *ssl, int level, void debug_print_crt( const ssl_context *ssl, int level,
const char *file, int line, const char *file, int line,
const char *text, const x509_cert *crt ); const char *text, const x509_cert *crt );
#ifdef __cplusplus #ifdef __cplusplus
 End of changes. 3 change blocks. 
2 lines changed or deleted 4 lines changed or added


 des.h   des.h 
/** /**
* \file des.h * \file des.h
* *
* \brief DES block cipher
*
* Copyright (C) 2006-2010, Brainspark B.V. * Copyright (C) 2006-2010, Brainspark B.V.
* *
* This file is part of PolarSSL (http://www.polarssl.org) * This file is part of PolarSSL (http://www.polarssl.org)
* Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org> * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
* *
* All rights reserved. * All rights reserved.
* *
* This program is free software; you can redistribute it and/or modify * This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by * it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or * the Free Software Foundation; either version 2 of the License, or
skipping to change at line 28 skipping to change at line 30
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details. * GNU General Public License for more details.
* *
* You should have received a copy of the GNU General Public License along * You should have received a copy of the GNU General Public License along
* with this program; if not, write to the Free Software Foundation, Inc., * with this program; if not, write to the Free Software Foundation, Inc.,
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*/ */
#ifndef POLARSSL_DES_H #ifndef POLARSSL_DES_H
#define POLARSSL_DES_H #define POLARSSL_DES_H
#include <string.h>
#define DES_ENCRYPT 1 #define DES_ENCRYPT 1
#define DES_DECRYPT 0 #define DES_DECRYPT 0
#define POLARSSL_ERR_DES_INVALID_INPUT_LENGTH -0x0C00 #define POLARSSL_ERR_DES_INVALID_INPUT_LENGTH -0x0032 /**< Th
e data input has an invalid length. */
#define DES_KEY_SIZE 8
/** /**
* \brief DES context structure * \brief DES context structure
*/ */
typedef struct typedef struct
{ {
int mode; /*!< encrypt/decrypt */ int mode; /*!< encrypt/decrypt */
unsigned long sk[32]; /*!< DES subkeys */ unsigned long sk[32]; /*!< DES subkeys */
} }
des_context; des_context;
skipping to change at line 58 skipping to change at line 64
int mode; /*!< encrypt/decrypt */ int mode; /*!< encrypt/decrypt */
unsigned long sk[96]; /*!< 3DES subkeys */ unsigned long sk[96]; /*!< 3DES subkeys */
} }
des3_context; des3_context;
#ifdef __cplusplus #ifdef __cplusplus
extern "C" { extern "C" {
#endif #endif
/** /**
* \brief Set key parity on the given key to odd.
*
* DES keys are 56 bits long, but each byte is padded with
* a parity bit to allow verification.
*
* \param key 8-byte secret key
*/
void des_key_set_parity( unsigned char key[DES_KEY_SIZE] );
/**
* \brief Check that key parity on the given key is odd.
*
* DES keys are 56 bits long, but each byte is padded with
* a parity bit to allow verification.
*
* \param key 8-byte secret key
*
* \return 0 is parity was ok, 1 if parity was not correct.
*/
int des_key_check_key_parity( const unsigned char key[DES_KEY_SIZE] );
/**
* \brief Check that key is not a weak or semi-weak DES key
*
* \param key 8-byte secret key
*
* \resurn 0 if no weak key was found, 1 if a weak key was identifi
ed.
*/
int des_key_check_weak( const unsigned char key[DES_KEY_SIZE] );
/**
* \brief DES key schedule (56-bit, encryption) * \brief DES key schedule (56-bit, encryption)
* *
* \param ctx DES context to be initialized * \param ctx DES context to be initialized
* \param key 8-byte secret key * \param key 8-byte secret key
*
* \return 0
*/ */
void des_setkey_enc( des_context *ctx, const unsigned char key[8] ); int des_setkey_enc( des_context *ctx, const unsigned char key[DES_KEY_SIZE] );
/** /**
* \brief DES key schedule (56-bit, decryption) * \brief DES key schedule (56-bit, decryption)
* *
* \param ctx DES context to be initialized * \param ctx DES context to be initialized
* \param key 8-byte secret key * \param key 8-byte secret key
*
* \return 0
*/ */
void des_setkey_dec( des_context *ctx, const unsigned char key[8] ); int des_setkey_dec( des_context *ctx, const unsigned char key[DES_KEY_SIZE] );
/** /**
* \brief Triple-DES key schedule (112-bit, encryption) * \brief Triple-DES key schedule (112-bit, encryption)
* *
* \param ctx 3DES context to be initialized * \param ctx 3DES context to be initialized
* \param key 16-byte secret key * \param key 16-byte secret key
*
* \return 0
*/ */
void des3_set2key_enc( des3_context *ctx, const unsigned char key[16] ); int des3_set2key_enc( des3_context *ctx, const unsigned char key[DES_KEY_SI ZE * 2] );
/** /**
* \brief Triple-DES key schedule (112-bit, decryption) * \brief Triple-DES key schedule (112-bit, decryption)
* *
* \param ctx 3DES context to be initialized * \param ctx 3DES context to be initialized
* \param key 16-byte secret key * \param key 16-byte secret key
*
* \return 0
*/ */
void des3_set2key_dec( des3_context *ctx, const unsigned char key[16] ); int des3_set2key_dec( des3_context *ctx, const unsigned char key[DES_KEY_SI ZE * 2] );
/** /**
* \brief Triple-DES key schedule (168-bit, encryption) * \brief Triple-DES key schedule (168-bit, encryption)
* *
* \param ctx 3DES context to be initialized * \param ctx 3DES context to be initialized
* \param key 24-byte secret key * \param key 24-byte secret key
*
* \return 0
*/ */
void des3_set3key_enc( des3_context *ctx, const unsigned char key[24] ); int des3_set3key_enc( des3_context *ctx, const unsigned char key[DES_KEY_SI ZE * 3] );
/** /**
* \brief Triple-DES key schedule (168-bit, decryption) * \brief Triple-DES key schedule (168-bit, decryption)
* *
* \param ctx 3DES context to be initialized * \param ctx 3DES context to be initialized
* \param key 24-byte secret key * \param key 24-byte secret key
*
* \return 0
*/ */
void des3_set3key_dec( des3_context *ctx, const unsigned char key[24] ); int des3_set3key_dec( des3_context *ctx, const unsigned char key[DES_KEY_SI ZE * 3] );
/** /**
* \brief DES-ECB block encryption/decryption * \brief DES-ECB block encryption/decryption
* *
* \param ctx DES context * \param ctx DES context
* \param input 64-bit input block * \param input 64-bit input block
* \param output 64-bit output block * \param output 64-bit output block
* *
* \return 0 if successful * \return 0 if successful
*/ */
skipping to change at line 130 skipping to change at line 179
* *
* \param ctx DES context * \param ctx DES context
* \param mode DES_ENCRYPT or DES_DECRYPT * \param mode DES_ENCRYPT or DES_DECRYPT
* \param length length of the input data * \param length length of the input data
* \param iv initialization vector (updated after use) * \param iv initialization vector (updated after use)
* \param input buffer holding the input data * \param input buffer holding the input data
* \param output buffer holding the output data * \param output buffer holding the output data
*/ */
int des_crypt_cbc( des_context *ctx, int des_crypt_cbc( des_context *ctx,
int mode, int mode,
int length, size_t length,
unsigned char iv[8], unsigned char iv[8],
const unsigned char *input, const unsigned char *input,
unsigned char *output ); unsigned char *output );
/** /**
* \brief 3DES-ECB block encryption/decryption * \brief 3DES-ECB block encryption/decryption
* *
* \param ctx 3DES context * \param ctx 3DES context
* \param input 64-bit input block * \param input 64-bit input block
* \param output 64-bit output block * \param output 64-bit output block
skipping to change at line 162 skipping to change at line 211
* \param mode DES_ENCRYPT or DES_DECRYPT * \param mode DES_ENCRYPT or DES_DECRYPT
* \param length length of the input data * \param length length of the input data
* \param iv initialization vector (updated after use) * \param iv initialization vector (updated after use)
* \param input buffer holding the input data * \param input buffer holding the input data
* \param output buffer holding the output data * \param output buffer holding the output data
* *
* \return 0 if successful, or POLARSSL_ERR_DES_INVALID_INPUT_LENGT H * \return 0 if successful, or POLARSSL_ERR_DES_INVALID_INPUT_LENGT H
*/ */
int des3_crypt_cbc( des3_context *ctx, int des3_crypt_cbc( des3_context *ctx,
int mode, int mode,
int length, size_t length,
unsigned char iv[8], unsigned char iv[8],
const unsigned char *input, const unsigned char *input,
unsigned char *output ); unsigned char *output );
/* /*
* \brief Checkup routine * \brief Checkup routine
* *
* \return 0 if successful, or 1 if the test failed * \return 0 if successful, or 1 if the test failed
*/ */
int des_self_test( int verbose ); int des_self_test( int verbose );
 End of changes. 18 change blocks. 
9 lines changed or deleted 60 lines changed or added


 dhm.h   dhm.h 
/** /**
* \file dhm.h * \file dhm.h
* *
* \brief Diffie-Hellman-Merkle key exchange
*
* Copyright (C) 2006-2010, Brainspark B.V. * Copyright (C) 2006-2010, Brainspark B.V.
* *
* This file is part of PolarSSL (http://www.polarssl.org) * This file is part of PolarSSL (http://www.polarssl.org)
* Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org> * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
* *
* All rights reserved. * All rights reserved.
* *
* This program is free software; you can redistribute it and/or modify * This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by * it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or * the Free Software Foundation; either version 2 of the License, or
skipping to change at line 30 skipping to change at line 32
* *
* You should have received a copy of the GNU General Public License along * You should have received a copy of the GNU General Public License along
* with this program; if not, write to the Free Software Foundation, Inc., * with this program; if not, write to the Free Software Foundation, Inc.,
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*/ */
#ifndef POLARSSL_DHM_H #ifndef POLARSSL_DHM_H
#define POLARSSL_DHM_H #define POLARSSL_DHM_H
#include "polarssl/bignum.h" #include "polarssl/bignum.h"
#define POLARSSL_ERR_DHM_BAD_INPUT_DATA 0x0480 /*
#define POLARSSL_ERR_DHM_READ_PARAMS_FAILED 0x0490 * DHM Error codes
#define POLARSSL_ERR_DHM_MAKE_PARAMS_FAILED 0x04A0 */
#define POLARSSL_ERR_DHM_READ_PUBLIC_FAILED 0x04B0 #define POLARSSL_ERR_DHM_BAD_INPUT_DATA -0x3080 /**< Ba
#define POLARSSL_ERR_DHM_MAKE_PUBLIC_FAILED 0x04C0 d input parameters to function. */
#define POLARSSL_ERR_DHM_CALC_SECRET_FAILED 0x04D0 #define POLARSSL_ERR_DHM_READ_PARAMS_FAILED -0x3100 /**< Re
ading of the DHM parameters failed. */
#define POLARSSL_ERR_DHM_MAKE_PARAMS_FAILED -0x3180 /**< Ma
king of the DHM parameters failed. */
#define POLARSSL_ERR_DHM_READ_PUBLIC_FAILED -0x3200 /**< Re
ading of the public values failed. */
#define POLARSSL_ERR_DHM_MAKE_PUBLIC_FAILED -0x3280 /**< Ma
keing of the public value failed. */
#define POLARSSL_ERR_DHM_CALC_SECRET_FAILED -0x3300 /**< Ca
lculation of the DHM secret failed. */
/**
* \brief DHM context structure
*/
typedef struct typedef struct
{ {
int len; /*!< size(P) in chars */ size_t len; /*!< size(P) in chars */
mpi P; /*!< prime modulus */ mpi P; /*!< prime modulus */
mpi G; /*!< generator */ mpi G; /*!< generator */
mpi X; /*!< secret value */ mpi X; /*!< secret value */
mpi GX; /*!< self = G^X mod P */ mpi GX; /*!< self = G^X mod P */
mpi GY; /*!< peer = G^Y mod P */ mpi GY; /*!< peer = G^Y mod P */
mpi K; /*!< key = GY^X mod P */ mpi K; /*!< key = GY^X mod P */
mpi RP; /*!< cached R^2 mod P */ mpi RP; /*!< cached R^2 mod P */
} }
dhm_context; dhm_context;
skipping to change at line 84 skipping to change at line 92
* \param f_rng RNG function * \param f_rng RNG function
* \param p_rng RNG parameter * \param p_rng RNG parameter
* *
* \note This function assumes that ctx->P and ctx->G * \note This function assumes that ctx->P and ctx->G
* have already been properly set (for example * have already been properly set (for example
* using mpi_read_string or mpi_read_binary). * using mpi_read_string or mpi_read_binary).
* *
* \return 0 if successful, or an POLARSSL_ERR_DHM_XXX error code * \return 0 if successful, or an POLARSSL_ERR_DHM_XXX error code
*/ */
int dhm_make_params( dhm_context *ctx, int x_size, int dhm_make_params( dhm_context *ctx, int x_size,
unsigned char *output, int *olen, unsigned char *output, size_t *olen,
int (*f_rng)(void *), void *p_rng ); int (*f_rng)(void *), void *p_rng );
/** /**
* \brief Import the peer's public value G^Y * \brief Import the peer's public value G^Y
* *
* \param ctx DHM context * \param ctx DHM context
* \param input input buffer * \param input input buffer
* \param ilen size of buffer * \param ilen size of buffer
* *
* \return 0 if successful, or an POLARSSL_ERR_DHM_XXX error code * \return 0 if successful, or an POLARSSL_ERR_DHM_XXX error code
*/ */
int dhm_read_public( dhm_context *ctx, int dhm_read_public( dhm_context *ctx,
const unsigned char *input, int ilen ); const unsigned char *input, size_t ilen );
/** /**
* \brief Create own private value X and export G^X * \brief Create own private value X and export G^X
* *
* \param ctx DHM context * \param ctx DHM context
* \param x_size private value size in bits * \param x_size private value size in bits
* \param output destination buffer * \param output destination buffer
* \param olen must be equal to ctx->P.len * \param olen must be equal to ctx->P.len
* \param f_rng RNG function * \param f_rng RNG function
* \param p_rng RNG parameter * \param p_rng RNG parameter
* *
* \return 0 if successful, or an POLARSSL_ERR_DHM_XXX error code * \return 0 if successful, or an POLARSSL_ERR_DHM_XXX error code
*/ */
int dhm_make_public( dhm_context *ctx, int s_size, int dhm_make_public( dhm_context *ctx, int x_size,
unsigned char *output, int olen, unsigned char *output, size_t olen,
int (*f_rng)(void *), void *p_rng ); int (*f_rng)(void *), void *p_rng );
/** /**
* \brief Derive and export the shared secret (G^Y)^X mod P * \brief Derive and export the shared secret (G^Y)^X mod P
* *
* \param ctx DHM context * \param ctx DHM context
* \param output destination buffer * \param output destination buffer
* \param olen number of chars written * \param olen number of chars written
* *
* \return 0 if successful, or an POLARSSL_ERR_DHM_XXX error code * \return 0 if successful, or an POLARSSL_ERR_DHM_XXX error code
*/ */
int dhm_calc_secret( dhm_context *ctx, int dhm_calc_secret( dhm_context *ctx,
unsigned char *output, int *olen ); unsigned char *output, size_t *olen );
/* /*
* \brief Free the components of a DHM key * \brief Free the components of a DHM key
*/ */
void dhm_free( dhm_context *ctx ); void dhm_free( dhm_context *ctx );
/** /**
* \brief Checkup routine * \brief Checkup routine
* *
* \return 0 if successful, or 1 if the test failed * \return 0 if successful, or 1 if the test failed
 End of changes. 8 change blocks. 
12 lines changed or deleted 26 lines changed or added


 havege.h   havege.h 
/** /**
* \file havege.h * \file havege.h
* *
* \brief HAVEGE: HArdware Volatile Entropy Gathering and Expansion
*
* Copyright (C) 2006-2010, Brainspark B.V. * Copyright (C) 2006-2010, Brainspark B.V.
* *
* This file is part of PolarSSL (http://www.polarssl.org) * This file is part of PolarSSL (http://www.polarssl.org)
* Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org> * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
* *
* All rights reserved. * All rights reserved.
* *
* This program is free software; you can redistribute it and/or modify * This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by * it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or * the Free Software Foundation; either version 2 of the License, or
 End of changes. 1 change blocks. 
0 lines changed or deleted 2 lines changed or added


 md2.h   md2.h 
/** /**
* \file md2.h * \file md2.h
* *
* \brief MD2 message digest algorithm (hash function)
*
* Copyright (C) 2006-2010, Brainspark B.V. * Copyright (C) 2006-2010, Brainspark B.V.
* *
* This file is part of PolarSSL (http://www.polarssl.org) * This file is part of PolarSSL (http://www.polarssl.org)
* Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org> * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
* *
* All rights reserved. * All rights reserved.
* *
* This program is free software; you can redistribute it and/or modify * This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by * it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or * the Free Software Foundation; either version 2 of the License, or
skipping to change at line 28 skipping to change at line 30
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details. * GNU General Public License for more details.
* *
* You should have received a copy of the GNU General Public License along * You should have received a copy of the GNU General Public License along
* with this program; if not, write to the Free Software Foundation, Inc., * with this program; if not, write to the Free Software Foundation, Inc.,
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*/ */
#ifndef POLARSSL_MD2_H #ifndef POLARSSL_MD2_H
#define POLARSSL_MD2_H #define POLARSSL_MD2_H
#include <string.h>
/** /**
* \brief MD2 context structure * \brief MD2 context structure
*/ */
typedef struct typedef struct
{ {
unsigned char cksum[16]; /*!< checksum of the data block */ unsigned char cksum[16]; /*!< checksum of the data block */
unsigned char state[48]; /*!< intermediate digest state */ unsigned char state[48]; /*!< intermediate digest state */
unsigned char buffer[16]; /*!< data block being processed */ unsigned char buffer[16]; /*!< data block being processed */
unsigned char ipad[64]; /*!< HMAC: inner padding */ unsigned char ipad[64]; /*!< HMAC: inner padding */
unsigned char opad[64]; /*!< HMAC: outer padding */ unsigned char opad[64]; /*!< HMAC: outer padding */
int left; /*!< amount of data in buffer */ size_t left; /*!< amount of data in buffer */
} }
md2_context; md2_context;
#ifdef __cplusplus #ifdef __cplusplus
extern "C" { extern "C" {
#endif #endif
/** /**
* \brief MD2 context setup * \brief MD2 context setup
* *
skipping to change at line 61 skipping to change at line 65
*/ */
void md2_starts( md2_context *ctx ); void md2_starts( md2_context *ctx );
/** /**
* \brief MD2 process buffer * \brief MD2 process buffer
* *
* \param ctx MD2 context * \param ctx MD2 context
* \param input buffer holding the data * \param input buffer holding the data
* \param ilen length of the input data * \param ilen length of the input data
*/ */
void md2_update( md2_context *ctx, const unsigned char *input, int ilen ); void md2_update( md2_context *ctx, const unsigned char *input, size_t ilen );
/** /**
* \brief MD2 final digest * \brief MD2 final digest
* *
* \param ctx MD2 context * \param ctx MD2 context
* \param output MD2 checksum result * \param output MD2 checksum result
*/ */
void md2_finish( md2_context *ctx, unsigned char output[16] ); void md2_finish( md2_context *ctx, unsigned char output[16] );
/** /**
* \brief Output = MD2( input buffer ) * \brief Output = MD2( input buffer )
* *
* \param input buffer holding the data * \param input buffer holding the data
* \param ilen length of the input data * \param ilen length of the input data
* \param output MD2 checksum result * \param output MD2 checksum result
*/ */
void md2( const unsigned char *input, int ilen, unsigned char output[16] ); void md2( const unsigned char *input, size_t ilen, unsigned char output[16] );
/** /**
* \brief Output = MD2( file contents ) * \brief Output = MD2( file contents )
* *
* \param path input file name * \param path input file name
* \param output MD2 checksum result * \param output MD2 checksum result
* *
* \return 0 if successful, 1 if fopen failed, * \return 0 if successful, 1 if fopen failed,
* or 2 if fread failed * or 2 if fread failed
*/ */
int md2_file( const char *path, unsigned char output[16] ); int md2_file( const char *path, unsigned char output[16] );
/** /**
* \brief MD2 HMAC context setup * \brief MD2 HMAC context setup
* *
* \param ctx HMAC context to be initialized * \param ctx HMAC context to be initialized
* \param key HMAC secret key * \param key HMAC secret key
* \param keylen length of the HMAC key * \param keylen length of the HMAC key
*/ */
void md2_hmac_starts( md2_context *ctx, const unsigned char *key, int keyle n ); void md2_hmac_starts( md2_context *ctx, const unsigned char *key, size_t ke ylen );
/** /**
* \brief MD2 HMAC process buffer * \brief MD2 HMAC process buffer
* *
* \param ctx HMAC context * \param ctx HMAC context
* \param input buffer holding the data * \param input buffer holding the data
* \param ilen length of the input data * \param ilen length of the input data
*/ */
void md2_hmac_update( md2_context *ctx, const unsigned char *input, int ile n ); void md2_hmac_update( md2_context *ctx, const unsigned char *input, size_t ilen );
/** /**
* \brief MD2 HMAC final digest * \brief MD2 HMAC final digest
* *
* \param ctx HMAC context * \param ctx HMAC context
* \param output MD2 HMAC checksum result * \param output MD2 HMAC checksum result
*/ */
void md2_hmac_finish( md2_context *ctx, unsigned char output[16] ); void md2_hmac_finish( md2_context *ctx, unsigned char output[16] );
/** /**
skipping to change at line 133 skipping to change at line 137
/** /**
* \brief Output = HMAC-MD2( hmac key, input buffer ) * \brief Output = HMAC-MD2( hmac key, input buffer )
* *
* \param key HMAC secret key * \param key HMAC secret key
* \param keylen length of the HMAC key * \param keylen length of the HMAC key
* \param input buffer holding the data * \param input buffer holding the data
* \param ilen length of the input data * \param ilen length of the input data
* \param output HMAC-MD2 result * \param output HMAC-MD2 result
*/ */
void md2_hmac( const unsigned char *key, int keylen, void md2_hmac( const unsigned char *key, size_t keylen,
const unsigned char *input, int ilen, const unsigned char *input, size_t ilen,
unsigned char output[16] ); unsigned char output[16] );
/** /**
* \brief Checkup routine * \brief Checkup routine
* *
* \return 0 if successful, or 1 if the test failed * \return 0 if successful, or 1 if the test failed
*/ */
int md2_self_test( int verbose ); int md2_self_test( int verbose );
#ifdef __cplusplus #ifdef __cplusplus
 End of changes. 8 change blocks. 
7 lines changed or deleted 11 lines changed or added


 md4.h   md4.h 
/** /**
* \file md4.h * \file md4.h
* *
* \brief MD4 message digest algorithm (hash function)
*
* Copyright (C) 2006-2010, Brainspark B.V. * Copyright (C) 2006-2010, Brainspark B.V.
* *
* This file is part of PolarSSL (http://www.polarssl.org) * This file is part of PolarSSL (http://www.polarssl.org)
* Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org> * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
* *
* All rights reserved. * All rights reserved.
* *
* This program is free software; you can redistribute it and/or modify * This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by * it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or * the Free Software Foundation; either version 2 of the License, or
skipping to change at line 28 skipping to change at line 30
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details. * GNU General Public License for more details.
* *
* You should have received a copy of the GNU General Public License along * You should have received a copy of the GNU General Public License along
* with this program; if not, write to the Free Software Foundation, Inc., * with this program; if not, write to the Free Software Foundation, Inc.,
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*/ */
#ifndef POLARSSL_MD4_H #ifndef POLARSSL_MD4_H
#define POLARSSL_MD4_H #define POLARSSL_MD4_H
#include <string.h>
/** /**
* \brief MD4 context structure * \brief MD4 context structure
*/ */
typedef struct typedef struct
{ {
unsigned long total[2]; /*!< number of bytes processed */ unsigned long total[2]; /*!< number of bytes processed */
unsigned long state[4]; /*!< intermediate digest state */ unsigned long state[4]; /*!< intermediate digest state */
unsigned char buffer[64]; /*!< data block being processed */ unsigned char buffer[64]; /*!< data block being processed */
unsigned char ipad[64]; /*!< HMAC: inner padding */ unsigned char ipad[64]; /*!< HMAC: inner padding */
skipping to change at line 60 skipping to change at line 64
*/ */
void md4_starts( md4_context *ctx ); void md4_starts( md4_context *ctx );
/** /**
* \brief MD4 process buffer * \brief MD4 process buffer
* *
* \param ctx MD4 context * \param ctx MD4 context
* \param input buffer holding the data * \param input buffer holding the data
* \param ilen length of the input data * \param ilen length of the input data
*/ */
void md4_update( md4_context *ctx, const unsigned char *input, int ilen ); void md4_update( md4_context *ctx, const unsigned char *input, size_t ilen );
/** /**
* \brief MD4 final digest * \brief MD4 final digest
* *
* \param ctx MD4 context * \param ctx MD4 context
* \param output MD4 checksum result * \param output MD4 checksum result
*/ */
void md4_finish( md4_context *ctx, unsigned char output[16] ); void md4_finish( md4_context *ctx, unsigned char output[16] );
/** /**
* \brief Output = MD4( input buffer ) * \brief Output = MD4( input buffer )
* *
* \param input buffer holding the data * \param input buffer holding the data
* \param ilen length of the input data * \param ilen length of the input data
* \param output MD4 checksum result * \param output MD4 checksum result
*/ */
void md4( const unsigned char *input, int ilen, unsigned char output[16] ); void md4( const unsigned char *input, size_t ilen, unsigned char output[16] );
/** /**
* \brief Output = MD4( file contents ) * \brief Output = MD4( file contents )
* *
* \param path input file name * \param path input file name
* \param output MD4 checksum result * \param output MD4 checksum result
* *
* \return 0 if successful, 1 if fopen failed, * \return 0 if successful, 1 if fopen failed,
* or 2 if fread failed * or 2 if fread failed
*/ */
int md4_file( const char *path, unsigned char output[16] ); int md4_file( const char *path, unsigned char output[16] );
/** /**
* \brief MD4 HMAC context setup * \brief MD4 HMAC context setup
* *
* \param ctx HMAC context to be initialized * \param ctx HMAC context to be initialized
* \param key HMAC secret key * \param key HMAC secret key
* \param keylen length of the HMAC key * \param keylen length of the HMAC key
*/ */
void md4_hmac_starts( md4_context *ctx, const unsigned char *key, int keyle n ); void md4_hmac_starts( md4_context *ctx, const unsigned char *key, size_t ke ylen );
/** /**
* \brief MD4 HMAC process buffer * \brief MD4 HMAC process buffer
* *
* \param ctx HMAC context * \param ctx HMAC context
* \param input buffer holding the data * \param input buffer holding the data
* \param ilen length of the input data * \param ilen length of the input data
*/ */
void md4_hmac_update( md4_context *ctx, const unsigned char *input, int ile n ); void md4_hmac_update( md4_context *ctx, const unsigned char *input, size_t ilen );
/** /**
* \brief MD4 HMAC final digest * \brief MD4 HMAC final digest
* *
* \param ctx HMAC context * \param ctx HMAC context
* \param output MD4 HMAC checksum result * \param output MD4 HMAC checksum result
*/ */
void md4_hmac_finish( md4_context *ctx, unsigned char output[16] ); void md4_hmac_finish( md4_context *ctx, unsigned char output[16] );
/** /**
skipping to change at line 132 skipping to change at line 136
/** /**
* \brief Output = HMAC-MD4( hmac key, input buffer ) * \brief Output = HMAC-MD4( hmac key, input buffer )
* *
* \param key HMAC secret key * \param key HMAC secret key
* \param keylen length of the HMAC key * \param keylen length of the HMAC key
* \param input buffer holding the data * \param input buffer holding the data
* \param ilen length of the input data * \param ilen length of the input data
* \param output HMAC-MD4 result * \param output HMAC-MD4 result
*/ */
void md4_hmac( const unsigned char *key, int keylen, void md4_hmac( const unsigned char *key, size_t keylen,
const unsigned char *input, int ilen, const unsigned char *input, size_t ilen,
unsigned char output[16] ); unsigned char output[16] );
/** /**
* \brief Checkup routine * \brief Checkup routine
* *
* \return 0 if successful, or 1 if the test failed * \return 0 if successful, or 1 if the test failed
*/ */
int md4_self_test( int verbose ); int md4_self_test( int verbose );
#ifdef __cplusplus #ifdef __cplusplus
 End of changes. 7 change blocks. 
6 lines changed or deleted 10 lines changed or added


 md5.h   md5.h 
/** /**
* \file md5.h * \file md5.h
* *
* \brief MD5 message digest algorithm (hash function)
*
* Copyright (C) 2006-2010, Brainspark B.V. * Copyright (C) 2006-2010, Brainspark B.V.
* *
* This file is part of PolarSSL (http://www.polarssl.org) * This file is part of PolarSSL (http://www.polarssl.org)
* Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org> * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
* *
* All rights reserved. * All rights reserved.
* *
* This program is free software; you can redistribute it and/or modify * This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by * it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or * the Free Software Foundation; either version 2 of the License, or
skipping to change at line 28 skipping to change at line 30
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details. * GNU General Public License for more details.
* *
* You should have received a copy of the GNU General Public License along * You should have received a copy of the GNU General Public License along
* with this program; if not, write to the Free Software Foundation, Inc., * with this program; if not, write to the Free Software Foundation, Inc.,
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*/ */
#ifndef POLARSSL_MD5_H #ifndef POLARSSL_MD5_H
#define POLARSSL_MD5_H #define POLARSSL_MD5_H
#include <string.h>
/** /**
* \brief MD5 context structure * \brief MD5 context structure
*/ */
typedef struct typedef struct
{ {
unsigned long total[2]; /*!< number of bytes processed */ unsigned long total[2]; /*!< number of bytes processed */
unsigned long state[4]; /*!< intermediate digest state */ unsigned long state[4]; /*!< intermediate digest state */
unsigned char buffer[64]; /*!< data block being processed */ unsigned char buffer[64]; /*!< data block being processed */
unsigned char ipad[64]; /*!< HMAC: inner padding */ unsigned char ipad[64]; /*!< HMAC: inner padding */
skipping to change at line 60 skipping to change at line 64
*/ */
void md5_starts( md5_context *ctx ); void md5_starts( md5_context *ctx );
/** /**
* \brief MD5 process buffer * \brief MD5 process buffer
* *
* \param ctx MD5 context * \param ctx MD5 context
* \param input buffer holding the data * \param input buffer holding the data
* \param ilen length of the input data * \param ilen length of the input data
*/ */
void md5_update( md5_context *ctx, const unsigned char *input, int ilen ); void md5_update( md5_context *ctx, const unsigned char *input, size_t ilen );
/** /**
* \brief MD5 final digest * \brief MD5 final digest
* *
* \param ctx MD5 context * \param ctx MD5 context
* \param output MD5 checksum result * \param output MD5 checksum result
*/ */
void md5_finish( md5_context *ctx, unsigned char output[16] ); void md5_finish( md5_context *ctx, unsigned char output[16] );
/** /**
* \brief Output = MD5( input buffer ) * \brief Output = MD5( input buffer )
* *
* \param input buffer holding the data * \param input buffer holding the data
* \param ilen length of the input data * \param ilen length of the input data
* \param output MD5 checksum result * \param output MD5 checksum result
*/ */
void md5( const unsigned char *input, int ilen, unsigned char output[16] ); void md5( const unsigned char *input, size_t ilen, unsigned char output[16] );
/** /**
* \brief Output = MD5( file contents ) * \brief Output = MD5( file contents )
* *
* \param path input file name * \param path input file name
* \param output MD5 checksum result * \param output MD5 checksum result
* *
* \return 0 if successful, 1 if fopen failed, * \return 0 if successful, 1 if fopen failed,
* or 2 if fread failed * or 2 if fread failed
*/ */
int md5_file( const char *path, unsigned char output[16] ); int md5_file( const char *path, unsigned char output[16] );
/** /**
* \brief MD5 HMAC context setup * \brief MD5 HMAC context setup
* *
* \param ctx HMAC context to be initialized * \param ctx HMAC context to be initialized
* \param key HMAC secret key * \param key HMAC secret key
* \param keylen length of the HMAC key * \param keylen length of the HMAC key
*/ */
void md5_hmac_starts( md5_context *ctx, void md5_hmac_starts( md5_context *ctx,
const unsigned char *key, int keylen ); const unsigned char *key, size_t keylen );
/** /**
* \brief MD5 HMAC process buffer * \brief MD5 HMAC process buffer
* *
* \param ctx HMAC context * \param ctx HMAC context
* \param input buffer holding the data * \param input buffer holding the data
* \param ilen length of the input data * \param ilen length of the input data
*/ */
void md5_hmac_update( md5_context *ctx, void md5_hmac_update( md5_context *ctx,
const unsigned char *input, int ilen ); const unsigned char *input, size_t ilen );
/** /**
* \brief MD5 HMAC final digest * \brief MD5 HMAC final digest
* *
* \param ctx HMAC context * \param ctx HMAC context
* \param output MD5 HMAC checksum result * \param output MD5 HMAC checksum result
*/ */
void md5_hmac_finish( md5_context *ctx, unsigned char output[16] ); void md5_hmac_finish( md5_context *ctx, unsigned char output[16] );
/** /**
skipping to change at line 134 skipping to change at line 138
/** /**
* \brief Output = HMAC-MD5( hmac key, input buffer ) * \brief Output = HMAC-MD5( hmac key, input buffer )
* *
* \param key HMAC secret key * \param key HMAC secret key
* \param keylen length of the HMAC key * \param keylen length of the HMAC key
* \param input buffer holding the data * \param input buffer holding the data
* \param ilen length of the input data * \param ilen length of the input data
* \param output HMAC-MD5 result * \param output HMAC-MD5 result
*/ */
void md5_hmac( const unsigned char *key, int keylen, void md5_hmac( const unsigned char *key, size_t keylen,
const unsigned char *input, int ilen, const unsigned char *input, size_t ilen,
unsigned char output[16] ); unsigned char output[16] );
/** /**
* \brief Checkup routine * \brief Checkup routine
* *
* \return 0 if successful, or 1 if the test failed * \return 0 if successful, or 1 if the test failed
*/ */
int md5_self_test( int verbose ); int md5_self_test( int verbose );
#ifdef __cplusplus #ifdef __cplusplus
 End of changes. 7 change blocks. 
6 lines changed or deleted 10 lines changed or added


 net.h   net.h 
/** /**
* \file net.h * \file net.h
* *
* \brief MD5 message digest algorithm (hash function)
*
* Copyright (C) 2006-2010, Brainspark B.V. * Copyright (C) 2006-2010, Brainspark B.V.
* *
* This file is part of PolarSSL (http://www.polarssl.org) * This file is part of PolarSSL (http://www.polarssl.org)
* Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org> * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
* *
* All rights reserved. * All rights reserved.
* *
* This program is free software; you can redistribute it and/or modify * This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by * it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or * the Free Software Foundation; either version 2 of the License, or
skipping to change at line 28 skipping to change at line 30
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details. * GNU General Public License for more details.
* *
* You should have received a copy of the GNU General Public License along * You should have received a copy of the GNU General Public License along
* with this program; if not, write to the Free Software Foundation, Inc., * with this program; if not, write to the Free Software Foundation, Inc.,
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*/ */
#ifndef POLARSSL_NET_H #ifndef POLARSSL_NET_H
#define POLARSSL_NET_H #define POLARSSL_NET_H
#define POLARSSL_ERR_NET_UNKNOWN_HOST -0x0F00 #include <string.h>
#define POLARSSL_ERR_NET_SOCKET_FAILED -0x0F10
#define POLARSSL_ERR_NET_CONNECT_FAILED -0x0F20 #define POLARSSL_ERR_NET_UNKNOWN_HOST -0x0040 /**< Fa
#define POLARSSL_ERR_NET_BIND_FAILED -0x0F30 iled to get an IP address for the given hostname. */
#define POLARSSL_ERR_NET_LISTEN_FAILED -0x0F40 #define POLARSSL_ERR_NET_SOCKET_FAILED -0x0042 /**< Fa
#define POLARSSL_ERR_NET_ACCEPT_FAILED -0x0F50 iled to open a socket. */
#define POLARSSL_ERR_NET_RECV_FAILED -0x0F60 #define POLARSSL_ERR_NET_CONNECT_FAILED -0x0044 /**< Th
#define POLARSSL_ERR_NET_SEND_FAILED -0x0F70 e connection to the given server / port failed. */
#define POLARSSL_ERR_NET_CONN_RESET -0x0F80 #define POLARSSL_ERR_NET_BIND_FAILED -0x0046 /**< Bi
#define POLARSSL_ERR_NET_TRY_AGAIN -0x0F90 nding of the socket failed. */
#define POLARSSL_ERR_NET_LISTEN_FAILED -0x0048 /**< Co
uld not listen on the socket. */
#define POLARSSL_ERR_NET_ACCEPT_FAILED -0x004A /**< Co
uld not accept the incoming connection. */
#define POLARSSL_ERR_NET_RECV_FAILED -0x004C /**< Re
ading information from the socket failed. */
#define POLARSSL_ERR_NET_SEND_FAILED -0x004E /**< Se
nding information through the socket failed. */
#define POLARSSL_ERR_NET_CONN_RESET -0x0050 /**< Co
nnection was reset by peer. */
#define POLARSSL_ERR_NET_WANT_READ -0x0052 /**< Co
nnection requires a read call. */
#define POLARSSL_ERR_NET_WANT_WRITE -0x0054 /**< Co
nnection requires a write call. */
#define POLARSSL_NET_LISTEN_BACKLOG 10 /**< The backlog that listen
() should use. */
#ifdef __cplusplus #ifdef __cplusplus
extern "C" { extern "C" {
#endif #endif
/** /**
* \brief Initiate a TCP connection with host:port * \brief Initiate a TCP connection with host:port
* *
* \param fd Socket to use * \param fd Socket to use
* \param host Host to connect to * \param host Host to connect to
skipping to change at line 122 skipping to change at line 129
/** /**
* \brief Read at most 'len' characters. If no error occurs, * \brief Read at most 'len' characters. If no error occurs,
* the actual amount read is returned. * the actual amount read is returned.
* *
* \param ctx Socket * \param ctx Socket
* \param buf The buffer to write to * \param buf The buffer to write to
* \param len Maximum length of the buffer * \param len Maximum length of the buffer
* *
* \return This function returns the number of bytes received, * \return This function returns the number of bytes received,
* or a non-zero error code; POLARSSL_ERR_NET_TRY_AGAIN * or a non-zero error code; POLARSSL_ERR_NET_WANT_READ
* indicates read() is blocking. * indicates read() is blocking.
*/ */
int net_recv( void *ctx, unsigned char *buf, int len ); int net_recv( void *ctx, unsigned char *buf, size_t len );
/** /**
* \brief Write at most 'len' characters. If no error occurs, * \brief Write at most 'len' characters. If no error occurs,
* the actual amount read is returned. * the actual amount read is returned.
* *
* \param ctx Socket * \param ctx Socket
* \param buf The buffer to read from * \param buf The buffer to read from
* \param len The length of the buffer * \param len The length of the buffer
* *
* \return This function returns the number of bytes sent, * \return This function returns the number of bytes sent,
* or a non-zero error code; POLARSSL_ERR_NET_TRY_AGAIN * or a non-zero error code; POLARSSL_ERR_NET_WANT_WRITE
* indicates write() is blocking. * indicates write() is blocking.
*/ */
int net_send( void *ctx, unsigned char *buf, int len ); int net_send( void *ctx, const unsigned char *buf, size_t len );
/** /**
* \brief Gracefully shutdown the connection * \brief Gracefully shutdown the connection
* *
* \param fd The socket to close * \param fd The socket to close
*/ */
void net_close( int fd ); void net_close( int fd );
#ifdef __cplusplus #ifdef __cplusplus
} }
 End of changes. 6 change blocks. 
14 lines changed or deleted 33 lines changed or added


 openssl.h   openssl.h 
/** /**
* \file openssl.h * \file openssl.h
* *
* \brief OpenSSL wrapper (definitions, inline functions).
*
* Copyright (C) 2006-2010, Brainspark B.V. * Copyright (C) 2006-2010, Brainspark B.V.
* *
* This file is part of PolarSSL (http://www.polarssl.org) * This file is part of PolarSSL (http://www.polarssl.org)
* Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org> * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
* *
* All rights reserved. * All rights reserved.
* *
* This program is free software; you can redistribute it and/or modify * This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by * it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or * the Free Software Foundation; either version 2 of the License, or
 End of changes. 1 change blocks. 
0 lines changed or deleted 2 lines changed or added


 padlock.h   padlock.h 
/** /**
* \file padlock.h * \file padlock.h
* *
* \brief VIA PadLock ACE for HW encryption/decryption supported by some pr
ocessors
*
* Copyright (C) 2006-2010, Brainspark B.V. * Copyright (C) 2006-2010, Brainspark B.V.
* *
* This file is part of PolarSSL (http://www.polarssl.org) * This file is part of PolarSSL (http://www.polarssl.org)
* Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org> * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
* *
* All rights reserved. * All rights reserved.
* *
* This program is free software; you can redistribute it and/or modify * This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by * it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or * the Free Software Foundation; either version 2 of the License, or
skipping to change at line 30 skipping to change at line 32
* *
* You should have received a copy of the GNU General Public License along * You should have received a copy of the GNU General Public License along
* with this program; if not, write to the Free Software Foundation, Inc., * with this program; if not, write to the Free Software Foundation, Inc.,
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*/ */
#ifndef POLARSSL_PADLOCK_H #ifndef POLARSSL_PADLOCK_H
#define POLARSSL_PADLOCK_H #define POLARSSL_PADLOCK_H
#include "polarssl/aes.h" #include "polarssl/aes.h"
#define POLARSSL_ERR_PADLOCK_DATA_MISALIGNED -0x0030 /**< In
put data should be aligned. */
#if defined(POLARSSL_HAVE_ASM) && defined(__GNUC__) && defined(__i386__) #if defined(POLARSSL_HAVE_ASM) && defined(__GNUC__) && defined(__i386__)
#ifndef POLARSSL_HAVE_X86 #ifndef POLARSSL_HAVE_X86
#define POLARSSL_HAVE_X86 #define POLARSSL_HAVE_X86
#endif #endif
#define PADLOCK_RNG 0x000C #define PADLOCK_RNG 0x000C
#define PADLOCK_ACE 0x00C0 #define PADLOCK_ACE 0x00C0
#define PADLOCK_PHE 0x0C00 #define PADLOCK_PHE 0x0C00
#define PADLOCK_PMM 0x3000 #define PADLOCK_PMM 0x3000
#define PADLOCK_ALIGN16(x) (unsigned long *) (16 + ((long) x & ~15)) #define PADLOCK_ALIGN16(x) (unsigned long *) (16 + ((long) x & ~15))
#define POLARSSL_ERR_PADLOCK_DATA_MISALIGNED -0x08E0
#ifdef __cplusplus #ifdef __cplusplus
extern "C" { extern "C" {
#endif #endif
/** /**
* \brief PadLock detection routine * \brief PadLock detection routine
* *
* \param The feature to detect * \param The feature to detect
* *
* \return 1 if CPU has support for the feature, 0 otherwise * \return 1 if CPU has support for the feature, 0 otherwise
skipping to change at line 87 skipping to change at line 89
* \param mode AES_ENCRYPT or AES_DECRYPT * \param mode AES_ENCRYPT or AES_DECRYPT
* \param length length of the input data * \param length length of the input data
* \param iv initialization vector (updated after use) * \param iv initialization vector (updated after use)
* \param input buffer holding the input data * \param input buffer holding the input data
* \param output buffer holding the output data * \param output buffer holding the output data
* *
* \return 0 if success, 1 if operation failed * \return 0 if success, 1 if operation failed
*/ */
int padlock_xcryptcbc( aes_context *ctx, int padlock_xcryptcbc( aes_context *ctx,
int mode, int mode,
int length, size_t length,
unsigned char iv[16], unsigned char iv[16],
const unsigned char *input, const unsigned char *input,
unsigned char *output ); unsigned char *output );
#ifdef __cplusplus #ifdef __cplusplus
} }
#endif #endif
#endif /* HAVE_X86 */ #endif /* HAVE_X86 */
 End of changes. 4 change blocks. 
3 lines changed or deleted 7 lines changed or added


 rsa.h   rsa.h 
/** /**
* \file rsa.h * \file rsa.h
* *
* \brief The RSA public-key cryptosystem
*
* Copyright (C) 2006-2010, Brainspark B.V. * Copyright (C) 2006-2010, Brainspark B.V.
* *
* This file is part of PolarSSL (http://www.polarssl.org) * This file is part of PolarSSL (http://www.polarssl.org)
* Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org> * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
* *
* All rights reserved. * All rights reserved.
* *
* This program is free software; you can redistribute it and/or modify * This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by * it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or * the Free Software Foundation; either version 2 of the License, or
skipping to change at line 33 skipping to change at line 35
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*/ */
#ifndef POLARSSL_RSA_H #ifndef POLARSSL_RSA_H
#define POLARSSL_RSA_H #define POLARSSL_RSA_H
#include "polarssl/bignum.h" #include "polarssl/bignum.h"
/* /*
* RSA Error codes * RSA Error codes
*/ */
#define POLARSSL_ERR_RSA_BAD_INPUT_DATA -0x0400 #define POLARSSL_ERR_RSA_BAD_INPUT_DATA -0x4080 /**< Ba
#define POLARSSL_ERR_RSA_INVALID_PADDING -0x0410 d input parameters to function. */
#define POLARSSL_ERR_RSA_KEY_GEN_FAILED -0x0420 #define POLARSSL_ERR_RSA_INVALID_PADDING -0x4100 /**< In
#define POLARSSL_ERR_RSA_KEY_CHECK_FAILED -0x0430 put data contains invalid padding and is rejected. */
#define POLARSSL_ERR_RSA_PUBLIC_FAILED -0x0440 #define POLARSSL_ERR_RSA_KEY_GEN_FAILED -0x4180 /**< So
#define POLARSSL_ERR_RSA_PRIVATE_FAILED -0x0450 mething failed during generation of a key. */
#define POLARSSL_ERR_RSA_VERIFY_FAILED -0x0460 #define POLARSSL_ERR_RSA_KEY_CHECK_FAILED -0x4200 /**< Ke
#define POLARSSL_ERR_RSA_OUTPUT_TOO_LARGE -0x0470 y failed to pass the libraries validity check. */
#define POLARSSL_ERR_RSA_RNG_FAILED -0x0480 #define POLARSSL_ERR_RSA_PUBLIC_FAILED -0x4280 /**< Th
e public key operation failed. */
#define POLARSSL_ERR_RSA_PRIVATE_FAILED -0x4300 /**< Th
e private key operation failed. */
#define POLARSSL_ERR_RSA_VERIFY_FAILED -0x4380 /**< Th
e PKCS#1 verification failed. */
#define POLARSSL_ERR_RSA_OUTPUT_TOO_LARGE -0x4400 /**< Th
e output buffer for decryption is not large enough. */
#define POLARSSL_ERR_RSA_RNG_FAILED -0x4480 /**< Th
e random generator failed to generate non-zeros. */
/* /*
* PKCS#1 constants * PKCS#1 constants
*/ */
#define SIG_RSA_RAW 0 #define SIG_RSA_RAW 0
#define SIG_RSA_MD2 2 #define SIG_RSA_MD2 2
#define SIG_RSA_MD4 3 #define SIG_RSA_MD4 3
#define SIG_RSA_MD5 4 #define SIG_RSA_MD5 4
#define SIG_RSA_SHA1 5 #define SIG_RSA_SHA1 5
#define SIG_RSA_SHA224 14 #define SIG_RSA_SHA224 14
#define SIG_RSA_SHA256 11 #define SIG_RSA_SHA256 11
#define SIG_RSA_SHA384 12 #define SIG_RSA_SHA384 12
#define SIG_RSA_SHA512 13 #define SIG_RSA_SHA512 13
#define RSA_PUBLIC 0 #define RSA_PUBLIC 0
#define RSA_PRIVATE 1 #define RSA_PRIVATE 1
#define RSA_PKCS_V15 0 #define RSA_PKCS_V15 0
#define RSA_PKCS_V21 1 #define RSA_PKCS_V21 1
#define RSA_SIGN 1 #define RSA_SIGN 1
#define RSA_CRYPT 2 #define RSA_CRYPT 2
#define ASN1_STR_CONSTRUCTED_SEQUENCE "\x30" #define ASN1_STR_CONSTRUCTED_SEQUENCE "\x30"
#define ASN1_STR_NULL "\x05" #define ASN1_STR_NULL "\x05"
#define ASN1_STR_OID "\x06" #define ASN1_STR_OID "\x06"
#define ASN1_STR_OCTET_STRING "\x04" #define ASN1_STR_OCTET_STRING "\x04"
#define OID_DIGEST_ALG_MDX "\x2A\x86\x48\x86\xF7\x0D\x02\x00" #define OID_DIGEST_ALG_MDX "\x2A\x86\x48\x86\xF7\x0D\x02\x00"
#define OID_HASH_ALG_SHA1 "\x2b\x0e\x03\x02\x1a" #define OID_HASH_ALG_SHA1 "\x2b\x0e\x03\x02\x1a"
#define OID_HASH_ALG_SHA2X "\x60\x86\x48\x01\x65\x03\x04\x02\x0 #define OID_HASH_ALG_SHA2X "\x60\x86\x48\x01\x65\x03\x04\x02\x
0" 00"
#define OID_ISO_MEMBER_BODIES "\x2a" #define OID_ISO_MEMBER_BODIES "\x2a"
#define OID_ISO_IDENTIFIED_ORG "\x2b" #define OID_ISO_IDENTIFIED_ORG "\x2b"
/* /*
* ISO Member bodies OID parts * ISO Member bodies OID parts
*/ */
#define OID_COUNTRY_US "\x86\x48" #define OID_COUNTRY_US "\x86\x48"
#define OID_RSA_DATA_SECURITY "\x86\xf7\x0d" #define OID_RSA_DATA_SECURITY "\x86\xf7\x0d"
/* /*
* ISO Identified organization OID parts * ISO Identified organization OID parts
*/ */
#define OID_OIW_SECSIG_SHA1 "\x0e\x03\x02\x1a" #define OID_OIW_SECSIG_SHA1 "\x0e\x03\x02\x1a"
/* /*
* DigestInfo ::= SEQUENCE { * DigestInfo ::= SEQUENCE {
* digestAlgorithm DigestAlgorithmIdentifier, * digestAlgorithm DigestAlgorithmIdentifier,
* digest Digest } * digest Digest }
* *
* DigestAlgorithmIdentifier ::= AlgorithmIdentifier * DigestAlgorithmIdentifier ::= AlgorithmIdentifier
* *
* Digest ::= OCTET STRING * Digest ::= OCTET STRING
*/ */
#define ASN1_HASH_MDX \ #define ASN1_HASH_MDX \
( ( \
\ ASN1_STR_CONSTRUCTED_SEQUENCE "\x20" \
ASN1_STR_CONSTRUCTED_SEQUENCE "\x20" \ ASN1_STR_CONSTRUCTED_SEQUENCE "\x0C" \
ASN1_STR_CONSTRUCTED_SEQUENCE "\x0C" \ ASN1_STR_OID "\x08" \
ASN1_STR_OID "\x08" \ OID_DIGEST_ALG_MDX \
OID_DIGEST_ALG_MDX \ ASN1_STR_NULL "\x00" \
ASN1_STR_NULL "\x00" \ ASN1_STR_OCTET_STRING "\x10" \
ASN1_STR_OCTET_STRING "\x10" \
) )
#define ASN1_HASH_SHA1 \ #define ASN1_HASH_SHA1 \
ASN1_STR_CONSTRUCTED_SEQUENCE "\x21" \ ASN1_STR_CONSTRUCTED_SEQUENCE "\x21" \
ASN1_STR_CONSTRUCTED_SEQUENCE "\x09" \ ASN1_STR_CONSTRUCTED_SEQUENCE "\x09" \
ASN1_STR_OID "\x05" \ ASN1_STR_OID "\x05" \
OID_HASH_ALG_SHA1 \ OID_HASH_ALG_SHA1 \
ASN1_STR_NULL "\x00" \ ASN1_STR_NULL "\x00" \
ASN1_STR_OCTET_STRING "\x14" ASN1_STR_OCTET_STRING "\x14"
#define ASN1_HASH_SHA2X \ #define ASN1_HASH_SHA2X \
ASN1_STR_CONSTRUCTED_SEQUENCE "\x11" \ ASN1_STR_CONSTRUCTED_SEQUENCE "\x11" \
ASN1_STR_CONSTRUCTED_SEQUENCE "\x0d" \ ASN1_STR_CONSTRUCTED_SEQUENCE "\x0d" \
ASN1_STR_OID "\x09" \ ASN1_STR_OID "\x09" \
OID_HASH_ALG_SHA2X \ OID_HASH_ALG_SHA2X \
ASN1_STR_NULL "\x00" \ ASN1_STR_NULL "\x00" \
ASN1_STR_OCTET_STRING "\x00" ASN1_STR_OCTET_STRING "\x00"
/** /**
* \brief RSA context structure * \brief RSA context structure
*/ */
typedef struct typedef struct
{ {
int ver; /*!< always 0 */ int ver; /*!< always 0 */
int len; /*!< size(N) in chars */ size_t len; /*!< size(N) in chars */
mpi N; /*!< public modulus */ mpi N; /*!< public modulus */
mpi E; /*!< public exponent */ mpi E; /*!< public exponent */
mpi D; /*!< private exponent */ mpi D; /*!< private exponent */
mpi P; /*!< 1st prime factor */ mpi P; /*!< 1st prime factor */
mpi Q; /*!< 2nd prime factor */ mpi Q; /*!< 2nd prime factor */
mpi DP; /*!< D % (P - 1) */ mpi DP; /*!< D % (P - 1) */
mpi DQ; /*!< D % (Q - 1) */ mpi DQ; /*!< D % (Q - 1) */
mpi QP; /*!< 1 / (Q % P) */ mpi QP; /*!< 1 / (Q % P) */
mpi RN; /*!< cached R^2 mod N */ mpi RN; /*!< cached R^2 mod N */
mpi RP; /*!< cached R^2 mod P */ mpi RP; /*!< cached R^2 mod P */
mpi RQ; /*!< cached R^2 mod Q */ mpi RQ; /*!< cached R^2 mod Q */
int padding; /*!< 1.5 or OAEP/PSS */ int padding; /*!< RSA_PKCS_V15 for 1.5 padding and
int hash_id; /*!< hash identifier */ RSA_PKCS_v21 for OAEP/PSS */
int hash_id; /*!< Hash identifier of md_type_t as
specified in the md.h header file
for the EME-OAEP and EMSA-PSS
encoding */
} }
rsa_context; rsa_context;
#ifdef __cplusplus #ifdef __cplusplus
extern "C" { extern "C" {
#endif #endif
/** /**
* \brief Initialize an RSA context * \brief Initialize an RSA context
* *
* \param ctx RSA context to be initialized * \param ctx RSA context to be initialized
* \param padding RSA_PKCS_V15 or RSA_PKCS_V21 * \param padding RSA_PKCS_V15 or RSA_PKCS_V21
* \param hash_id RSA_PKCS_V21 hash identifier * \param hash_id RSA_PKCS_V21 hash identifier
* *
* \note The hash_id parameter is actually ignored * \note The hash_id parameter is actually ignored
* when using RSA_PKCS_V15 padding. * when using RSA_PKCS_V15 padding.
*
* \note Currently, RSA_PKCS_V21 padding
* is not supported.
*/ */
void rsa_init( rsa_context *ctx, void rsa_init( rsa_context *ctx,
int padding, int padding,
int hash_id); int hash_id);
/** /**
* \brief Generate an RSA keypair * \brief Generate an RSA keypair
* *
* \param ctx RSA context that will hold the key * \param ctx RSA context that will hold the key
* \param f_rng RNG function * \param f_rng RNG function
skipping to change at line 188 skipping to change at line 191
* \param exponent public exponent (e.g., 65537) * \param exponent public exponent (e.g., 65537)
* *
* \note rsa_init() must be called beforehand to setup * \note rsa_init() must be called beforehand to setup
* the RSA context. * the RSA context.
* *
* \return 0 if successful, or an POLARSSL_ERR_RSA_XXX error code * \return 0 if successful, or an POLARSSL_ERR_RSA_XXX error code
*/ */
int rsa_gen_key( rsa_context *ctx, int rsa_gen_key( rsa_context *ctx,
int (*f_rng)(void *), int (*f_rng)(void *),
void *p_rng, void *p_rng,
int nbits, int exponent ); unsigned int nbits, int exponent );
/** /**
* \brief Check a public RSA key * \brief Check a public RSA key
* *
* \param ctx RSA context to be checked * \param ctx RSA context to be checked
* *
* \return 0 if successful, or an POLARSSL_ERR_RSA_XXX error code * \return 0 if successful, or an POLARSSL_ERR_RSA_XXX error code
*/ */
int rsa_check_pubkey( const rsa_context *ctx ); int rsa_check_pubkey( const rsa_context *ctx );
skipping to change at line 248 skipping to change at line 251
* enough (eg. 128 bytes if RSA-1024 is used). * enough (eg. 128 bytes if RSA-1024 is used).
*/ */
int rsa_private( rsa_context *ctx, int rsa_private( rsa_context *ctx,
const unsigned char *input, const unsigned char *input,
unsigned char *output ); unsigned char *output );
/** /**
* \brief Add the message padding, then do an RSA operation * \brief Add the message padding, then do an RSA operation
* *
* \param ctx RSA context * \param ctx RSA context
* \param f_rng RNG function * \param f_rng RNG function (Needed for padding and PKCS#1 v2.1 encodin g)
* \param p_rng RNG parameter * \param p_rng RNG parameter
* \param mode RSA_PUBLIC or RSA_PRIVATE * \param mode RSA_PUBLIC or RSA_PRIVATE
* \param ilen contains the plaintext length * \param ilen contains the plaintext length
* \param input buffer holding the data to be encrypted * \param input buffer holding the data to be encrypted
* \param output buffer that will hold the ciphertext * \param output buffer that will hold the ciphertext
* *
* \return 0 if successful, or an POLARSSL_ERR_RSA_XXX error code * \return 0 if successful, or an POLARSSL_ERR_RSA_XXX error code
* *
* \note The output buffer must be as large as the size * \note The output buffer must be as large as the size
* of ctx->N (eg. 128 bytes if RSA-1024 is used). * of ctx->N (eg. 128 bytes if RSA-1024 is used).
*/ */
int rsa_pkcs1_encrypt( rsa_context *ctx, int rsa_pkcs1_encrypt( rsa_context *ctx,
int (*f_rng)(void *), int (*f_rng)(void *),
void *p_rng, void *p_rng,
int mode, int ilen, int mode, size_t ilen,
const unsigned char *input, const unsigned char *input,
unsigned char *output ); unsigned char *output );
/** /**
* \brief Do an RSA operation, then remove the message padding * \brief Do an RSA operation, then remove the message padding
* *
* \param ctx RSA context * \param ctx RSA context
* \param mode RSA_PUBLIC or RSA_PRIVATE * \param mode RSA_PUBLIC or RSA_PRIVATE
* \param olen will contain the plaintext length
* \param input buffer holding the encrypted data * \param input buffer holding the encrypted data
* \param output buffer that will hold the plaintext * \param output buffer that will hold the plaintext
* \param olen will contain the plaintext length * \param output_max_len maximum length of the output buffer
* \param output_max_len maximum length of the output buffer
* *
* \return 0 if successful, or an POLARSSL_ERR_RSA_XXX error code * \return 0 if successful, or an POLARSSL_ERR_RSA_XXX error code
* *
* \note The output buffer must be as large as the size * \note The output buffer must be as large as the size
* of ctx->N (eg. 128 bytes if RSA-1024 is used) otherwise * of ctx->N (eg. 128 bytes if RSA-1024 is used) otherwise
* an error is thrown. * an error is thrown.
*/ */
int rsa_pkcs1_decrypt( rsa_context *ctx, int rsa_pkcs1_decrypt( rsa_context *ctx,
int mode, int *olen, int mode, size_t *olen,
const unsigned char *input, const unsigned char *input,
unsigned char *output, unsigned char *output,
int output_max_len ); size_t output_max_len );
/** /**
* \brief Do a private RSA to sign a message digest * \brief Do a private RSA to sign a message digest
* *
* \param ctx RSA context * \param ctx RSA context
* \param f_rng RNG function (Needed for PKCS#1 v2.1 encoding)
* \param p_rng RNG parameter
* \param mode RSA_PUBLIC or RSA_PRIVATE * \param mode RSA_PUBLIC or RSA_PRIVATE
* \param hash_id SIG_RSA_RAW, SIG_RSA_MD{2,4,5} or SIG_RSA_SHA{1,224,256, 384,512} * \param hash_id SIG_RSA_RAW, SIG_RSA_MD{2,4,5} or SIG_RSA_SHA{1,224,256, 384,512}
* \param hashlen message digest length (for SIG_RSA_RAW only) * \param hashlen message digest length (for SIG_RSA_RAW only)
* \param hash buffer holding the message digest * \param hash buffer holding the message digest
* \param sig buffer that will hold the ciphertext * \param sig buffer that will hold the ciphertext
* *
* \return 0 if the signing operation was successful, * \return 0 if the signing operation was successful,
* or an POLARSSL_ERR_RSA_XXX error code * or an POLARSSL_ERR_RSA_XXX error code
* *
* \note The "sig" buffer must be as large as the size * \note The "sig" buffer must be as large as the size
* of ctx->N (eg. 128 bytes if RSA-1024 is used). * of ctx->N (eg. 128 bytes if RSA-1024 is used).
*
* \note In case of PKCS#1 v2.1 encoding keep in mind that
* the hash_id in the RSA context is the one used for the
* encoding. hash_id in the function call is the type of ha
sh
* that is encoded. According to RFC 3447 it is advised to
* keep both hashes the same.
*/ */
int rsa_pkcs1_sign( rsa_context *ctx, int rsa_pkcs1_sign( rsa_context *ctx,
int (*f_rng)(void *),
void *p_rng,
int mode, int mode,
int hash_id, int hash_id,
int hashlen, unsigned int hashlen,
const unsigned char *hash, const unsigned char *hash,
unsigned char *sig ); unsigned char *sig );
/** /**
* \brief Do a public RSA and check the message digest * \brief Do a public RSA and check the message digest
* *
* \param ctx points to an RSA public key * \param ctx points to an RSA public key
* \param mode RSA_PUBLIC or RSA_PRIVATE * \param mode RSA_PUBLIC or RSA_PRIVATE
* \param hash_id SIG_RSA_RAW, SIG_RSA_MD{2,4,5} or SIG_RSA_SHA{1,224,256, 384,512} * \param hash_id SIG_RSA_RAW, SIG_RSA_MD{2,4,5} or SIG_RSA_SHA{1,224,256, 384,512}
* \param hashlen message digest length (for SIG_RSA_RAW only) * \param hashlen message digest length (for SIG_RSA_RAW only)
* \param hash buffer holding the message digest * \param hash buffer holding the message digest
* \param sig buffer holding the ciphertext * \param sig buffer holding the ciphertext
* *
* \return 0 if the verify operation was successful, * \return 0 if the verify operation was successful,
* or an POLARSSL_ERR_RSA_XXX error code * or an POLARSSL_ERR_RSA_XXX error code
* *
* \note The "sig" buffer must be as large as the size * \note The "sig" buffer must be as large as the size
* of ctx->N (eg. 128 bytes if RSA-1024 is used). * of ctx->N (eg. 128 bytes if RSA-1024 is used).
*
* \note In case of PKCS#1 v2.1 encoding keep in mind that
* the hash_id in the RSA context is the one used for the
* verification. hash_id in the function call is the type o
f hash
* that is verified. According to RFC 3447 it is advised to
* keep both hashes the same.
*/ */
int rsa_pkcs1_verify( rsa_context *ctx, int rsa_pkcs1_verify( rsa_context *ctx,
int mode, int mode,
int hash_id, int hash_id,
int hashlen, unsigned int hashlen,
const unsigned char *hash, const unsigned char *hash,
unsigned char *sig ); unsigned char *sig );
/** /**
* \brief Free the components of an RSA key * \brief Free the components of an RSA key
* *
* \param ctx RSA Context to free * \param ctx RSA Context to free
*/ */
void rsa_free( rsa_context *ctx ); void rsa_free( rsa_context *ctx );
 End of changes. 26 change blocks. 
64 lines changed or deleted 93 lines changed or added


 sha1.h   sha1.h 
/** /**
* \file sha1.h * \file sha1.h
* *
* \brief SHA-1 cryptographic hash function
*
* Copyright (C) 2006-2010, Brainspark B.V. * Copyright (C) 2006-2010, Brainspark B.V.
* *
* This file is part of PolarSSL (http://www.polarssl.org) * This file is part of PolarSSL (http://www.polarssl.org)
* Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org> * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
* *
* All rights reserved. * All rights reserved.
* *
* This program is free software; you can redistribute it and/or modify * This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by * it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or * the Free Software Foundation; either version 2 of the License, or
skipping to change at line 28 skipping to change at line 30
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details. * GNU General Public License for more details.
* *
* You should have received a copy of the GNU General Public License along * You should have received a copy of the GNU General Public License along
* with this program; if not, write to the Free Software Foundation, Inc., * with this program; if not, write to the Free Software Foundation, Inc.,
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*/ */
#ifndef POLARSSL_SHA1_H #ifndef POLARSSL_SHA1_H
#define POLARSSL_SHA1_H #define POLARSSL_SHA1_H
#include <string.h>
/** /**
* \brief SHA-1 context structure * \brief SHA-1 context structure
*/ */
typedef struct typedef struct
{ {
unsigned long total[2]; /*!< number of bytes processed */ unsigned long total[2]; /*!< number of bytes processed */
unsigned long state[5]; /*!< intermediate digest state */ unsigned long state[5]; /*!< intermediate digest state */
unsigned char buffer[64]; /*!< data block being processed */ unsigned char buffer[64]; /*!< data block being processed */
unsigned char ipad[64]; /*!< HMAC: inner padding */ unsigned char ipad[64]; /*!< HMAC: inner padding */
skipping to change at line 60 skipping to change at line 64
*/ */
void sha1_starts( sha1_context *ctx ); void sha1_starts( sha1_context *ctx );
/** /**
* \brief SHA-1 process buffer * \brief SHA-1 process buffer
* *
* \param ctx SHA-1 context * \param ctx SHA-1 context
* \param input buffer holding the data * \param input buffer holding the data
* \param ilen length of the input data * \param ilen length of the input data
*/ */
void sha1_update( sha1_context *ctx, const unsigned char *input, int ilen ) ; void sha1_update( sha1_context *ctx, const unsigned char *input, size_t ile n );
/** /**
* \brief SHA-1 final digest * \brief SHA-1 final digest
* *
* \param ctx SHA-1 context * \param ctx SHA-1 context
* \param output SHA-1 checksum result * \param output SHA-1 checksum result
*/ */
void sha1_finish( sha1_context *ctx, unsigned char output[20] ); void sha1_finish( sha1_context *ctx, unsigned char output[20] );
/** /**
* \brief Output = SHA-1( input buffer ) * \brief Output = SHA-1( input buffer )
* *
* \param input buffer holding the data * \param input buffer holding the data
* \param ilen length of the input data * \param ilen length of the input data
* \param output SHA-1 checksum result * \param output SHA-1 checksum result
*/ */
void sha1( const unsigned char *input, int ilen, unsigned char output[20] ) ; void sha1( const unsigned char *input, size_t ilen, unsigned char output[20 ] );
/** /**
* \brief Output = SHA-1( file contents ) * \brief Output = SHA-1( file contents )
* *
* \param path input file name * \param path input file name
* \param output SHA-1 checksum result * \param output SHA-1 checksum result
* *
* \return 0 if successful, 1 if fopen failed, * \return 0 if successful, 1 if fopen failed,
* or 2 if fread failed * or 2 if fread failed
*/ */
int sha1_file( const char *path, unsigned char output[20] ); int sha1_file( const char *path, unsigned char output[20] );
/** /**
* \brief SHA-1 HMAC context setup * \brief SHA-1 HMAC context setup
* *
* \param ctx HMAC context to be initialized * \param ctx HMAC context to be initialized
* \param key HMAC secret key * \param key HMAC secret key
* \param keylen length of the HMAC key * \param keylen length of the HMAC key
*/ */
void sha1_hmac_starts( sha1_context *ctx, const unsigned char *key, int key len ); void sha1_hmac_starts( sha1_context *ctx, const unsigned char *key, size_t keylen );
/** /**
* \brief SHA-1 HMAC process buffer * \brief SHA-1 HMAC process buffer
* *
* \param ctx HMAC context * \param ctx HMAC context
* \param input buffer holding the data * \param input buffer holding the data
* \param ilen length of the input data * \param ilen length of the input data
*/ */
void sha1_hmac_update( sha1_context *ctx, const unsigned char *input, int i len ); void sha1_hmac_update( sha1_context *ctx, const unsigned char *input, size_ t ilen );
/** /**
* \brief SHA-1 HMAC final digest * \brief SHA-1 HMAC final digest
* *
* \param ctx HMAC context * \param ctx HMAC context
* \param output SHA-1 HMAC checksum result * \param output SHA-1 HMAC checksum result
*/ */
void sha1_hmac_finish( sha1_context *ctx, unsigned char output[20] ); void sha1_hmac_finish( sha1_context *ctx, unsigned char output[20] );
/** /**
skipping to change at line 132 skipping to change at line 136
/** /**
* \brief Output = HMAC-SHA-1( hmac key, input buffer ) * \brief Output = HMAC-SHA-1( hmac key, input buffer )
* *
* \param key HMAC secret key * \param key HMAC secret key
* \param keylen length of the HMAC key * \param keylen length of the HMAC key
* \param input buffer holding the data * \param input buffer holding the data
* \param ilen length of the input data * \param ilen length of the input data
* \param output HMAC-SHA-1 result * \param output HMAC-SHA-1 result
*/ */
void sha1_hmac( const unsigned char *key, int keylen, void sha1_hmac( const unsigned char *key, size_t keylen,
const unsigned char *input, int ilen, const unsigned char *input, size_t ilen,
unsigned char output[20] ); unsigned char output[20] );
/** /**
* \brief Checkup routine * \brief Checkup routine
* *
* \return 0 if successful, or 1 if the test failed * \return 0 if successful, or 1 if the test failed
*/ */
int sha1_self_test( int verbose ); int sha1_self_test( int verbose );
#ifdef __cplusplus #ifdef __cplusplus
 End of changes. 7 change blocks. 
6 lines changed or deleted 10 lines changed or added


 sha2.h   sha2.h 
/** /**
* \file sha2.h * \file sha2.h
* *
* \brief SHA-224 and SHA-256 cryptographic hash function
*
* Copyright (C) 2006-2010, Brainspark B.V. * Copyright (C) 2006-2010, Brainspark B.V.
* *
* This file is part of PolarSSL (http://www.polarssl.org) * This file is part of PolarSSL (http://www.polarssl.org)
* Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org> * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
* *
* All rights reserved. * All rights reserved.
* *
* This program is free software; you can redistribute it and/or modify * This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by * it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or * the Free Software Foundation; either version 2 of the License, or
skipping to change at line 28 skipping to change at line 30
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details. * GNU General Public License for more details.
* *
* You should have received a copy of the GNU General Public License along * You should have received a copy of the GNU General Public License along
* with this program; if not, write to the Free Software Foundation, Inc., * with this program; if not, write to the Free Software Foundation, Inc.,
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*/ */
#ifndef POLARSSL_SHA2_H #ifndef POLARSSL_SHA2_H
#define POLARSSL_SHA2_H #define POLARSSL_SHA2_H
#include <string.h>
/** /**
* \brief SHA-256 context structure * \brief SHA-256 context structure
*/ */
typedef struct typedef struct
{ {
unsigned long total[2]; /*!< number of bytes processed */ unsigned long total[2]; /*!< number of bytes processed */
unsigned long state[8]; /*!< intermediate digest state */ unsigned long state[8]; /*!< intermediate digest state */
unsigned char buffer[64]; /*!< data block being processed */ unsigned char buffer[64]; /*!< data block being processed */
unsigned char ipad[64]; /*!< HMAC: inner padding */ unsigned char ipad[64]; /*!< HMAC: inner padding */
skipping to change at line 62 skipping to change at line 66
*/ */
void sha2_starts( sha2_context *ctx, int is224 ); void sha2_starts( sha2_context *ctx, int is224 );
/** /**
* \brief SHA-256 process buffer * \brief SHA-256 process buffer
* *
* \param ctx SHA-256 context * \param ctx SHA-256 context
* \param input buffer holding the data * \param input buffer holding the data
* \param ilen length of the input data * \param ilen length of the input data
*/ */
void sha2_update( sha2_context *ctx, const unsigned char *input, int ilen ) ; void sha2_update( sha2_context *ctx, const unsigned char *input, size_t ile n );
/** /**
* \brief SHA-256 final digest * \brief SHA-256 final digest
* *
* \param ctx SHA-256 context * \param ctx SHA-256 context
* \param output SHA-224/256 checksum result * \param output SHA-224/256 checksum result
*/ */
void sha2_finish( sha2_context *ctx, unsigned char output[32] ); void sha2_finish( sha2_context *ctx, unsigned char output[32] );
/** /**
* \brief Output = SHA-256( input buffer ) * \brief Output = SHA-256( input buffer )
* *
* \param input buffer holding the data * \param input buffer holding the data
* \param ilen length of the input data * \param ilen length of the input data
* \param output SHA-224/256 checksum result * \param output SHA-224/256 checksum result
* \param is224 0 = use SHA256, 1 = use SHA224 * \param is224 0 = use SHA256, 1 = use SHA224
*/ */
void sha2( const unsigned char *input, int ilen, void sha2( const unsigned char *input, size_t ilen,
unsigned char output[32], int is224 ); unsigned char output[32], int is224 );
/** /**
* \brief Output = SHA-256( file contents ) * \brief Output = SHA-256( file contents )
* *
* \param path input file name * \param path input file name
* \param output SHA-224/256 checksum result * \param output SHA-224/256 checksum result
* \param is224 0 = use SHA256, 1 = use SHA224 * \param is224 0 = use SHA256, 1 = use SHA224
* *
* \return 0 if successful, 1 if fopen failed, * \return 0 if successful, 1 if fopen failed,
skipping to change at line 103 skipping to change at line 107
int sha2_file( const char *path, unsigned char output[32], int is224 ); int sha2_file( const char *path, unsigned char output[32], int is224 );
/** /**
* \brief SHA-256 HMAC context setup * \brief SHA-256 HMAC context setup
* *
* \param ctx HMAC context to be initialized * \param ctx HMAC context to be initialized
* \param key HMAC secret key * \param key HMAC secret key
* \param keylen length of the HMAC key * \param keylen length of the HMAC key
* \param is224 0 = use SHA256, 1 = use SHA224 * \param is224 0 = use SHA256, 1 = use SHA224
*/ */
void sha2_hmac_starts( sha2_context *ctx, const unsigned char *key, int key len, void sha2_hmac_starts( sha2_context *ctx, const unsigned char *key, size_t keylen,
int is224 ); int is224 );
/** /**
* \brief SHA-256 HMAC process buffer * \brief SHA-256 HMAC process buffer
* *
* \param ctx HMAC context * \param ctx HMAC context
* \param input buffer holding the data * \param input buffer holding the data
* \param ilen length of the input data * \param ilen length of the input data
*/ */
void sha2_hmac_update( sha2_context *ctx, const unsigned char *input, int i len ); void sha2_hmac_update( sha2_context *ctx, const unsigned char *input, size_ t ilen );
/** /**
* \brief SHA-256 HMAC final digest * \brief SHA-256 HMAC final digest
* *
* \param ctx HMAC context * \param ctx HMAC context
* \param output SHA-224/256 HMAC checksum result * \param output SHA-224/256 HMAC checksum result
*/ */
void sha2_hmac_finish( sha2_context *ctx, unsigned char output[32] ); void sha2_hmac_finish( sha2_context *ctx, unsigned char output[32] );
/** /**
skipping to change at line 140 skipping to change at line 144
/** /**
* \brief Output = HMAC-SHA-256( hmac key, input buffer ) * \brief Output = HMAC-SHA-256( hmac key, input buffer )
* *
* \param key HMAC secret key * \param key HMAC secret key
* \param keylen length of the HMAC key * \param keylen length of the HMAC key
* \param input buffer holding the data * \param input buffer holding the data
* \param ilen length of the input data * \param ilen length of the input data
* \param output HMAC-SHA-224/256 result * \param output HMAC-SHA-224/256 result
* \param is224 0 = use SHA256, 1 = use SHA224 * \param is224 0 = use SHA256, 1 = use SHA224
*/ */
void sha2_hmac( const unsigned char *key, int keylen, void sha2_hmac( const unsigned char *key, size_t keylen,
const unsigned char *input, int ilen, const unsigned char *input, size_t ilen,
unsigned char output[32], int is224 ); unsigned char output[32], int is224 );
/** /**
* \brief Checkup routine * \brief Checkup routine
* *
* \return 0 if successful, or 1 if the test failed * \return 0 if successful, or 1 if the test failed
*/ */
int sha2_self_test( int verbose ); int sha2_self_test( int verbose );
#ifdef __cplusplus #ifdef __cplusplus
 End of changes. 7 change blocks. 
6 lines changed or deleted 10 lines changed or added


 sha4.h   sha4.h 
/** /**
* \file sha4.h * \file sha4.h
* *
* \brief SHA-384 and SHA-512 cryptographic hash function
*
* Copyright (C) 2006-2010, Brainspark B.V. * Copyright (C) 2006-2010, Brainspark B.V.
* *
* This file is part of PolarSSL (http://www.polarssl.org) * This file is part of PolarSSL (http://www.polarssl.org)
* Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org> * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
* *
* All rights reserved. * All rights reserved.
* *
* This program is free software; you can redistribute it and/or modify * This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by * it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or * the Free Software Foundation; either version 2 of the License, or
skipping to change at line 28 skipping to change at line 30
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details. * GNU General Public License for more details.
* *
* You should have received a copy of the GNU General Public License along * You should have received a copy of the GNU General Public License along
* with this program; if not, write to the Free Software Foundation, Inc., * with this program; if not, write to the Free Software Foundation, Inc.,
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*/ */
#ifndef POLARSSL_SHA4_H #ifndef POLARSSL_SHA4_H
#define POLARSSL_SHA4_H #define POLARSSL_SHA4_H
#include <string.h>
#if defined(_MSC_VER) || defined(__WATCOMC__) #if defined(_MSC_VER) || defined(__WATCOMC__)
#define UL64(x) x##ui64 #define UL64(x) x##ui64
#define int64 __int64 #define int64 __int64
#else #else
#define UL64(x) x##ULL #define UL64(x) x##ULL
#define int64 long long #define int64 long long
#endif #endif
/** /**
* \brief SHA-512 context structure * \brief SHA-512 context structure
skipping to change at line 70 skipping to change at line 74
*/ */
void sha4_starts( sha4_context *ctx, int is384 ); void sha4_starts( sha4_context *ctx, int is384 );
/** /**
* \brief SHA-512 process buffer * \brief SHA-512 process buffer
* *
* \param ctx SHA-512 context * \param ctx SHA-512 context
* \param input buffer holding the data * \param input buffer holding the data
* \param ilen length of the input data * \param ilen length of the input data
*/ */
void sha4_update( sha4_context *ctx, const unsigned char *input, int ilen ) ; void sha4_update( sha4_context *ctx, const unsigned char *input, size_t ile n );
/** /**
* \brief SHA-512 final digest * \brief SHA-512 final digest
* *
* \param ctx SHA-512 context * \param ctx SHA-512 context
* \param output SHA-384/512 checksum result * \param output SHA-384/512 checksum result
*/ */
void sha4_finish( sha4_context *ctx, unsigned char output[64] ); void sha4_finish( sha4_context *ctx, unsigned char output[64] );
/** /**
* \brief Output = SHA-512( input buffer ) * \brief Output = SHA-512( input buffer )
* *
* \param input buffer holding the data * \param input buffer holding the data
* \param ilen length of the input data * \param ilen length of the input data
* \param output SHA-384/512 checksum result * \param output SHA-384/512 checksum result
* \param is384 0 = use SHA512, 1 = use SHA384 * \param is384 0 = use SHA512, 1 = use SHA384
*/ */
void sha4( const unsigned char *input, int ilen, void sha4( const unsigned char *input, size_t ilen,
unsigned char output[64], int is384 ); unsigned char output[64], int is384 );
/** /**
* \brief Output = SHA-512( file contents ) * \brief Output = SHA-512( file contents )
* *
* \param path input file name * \param path input file name
* \param output SHA-384/512 checksum result * \param output SHA-384/512 checksum result
* \param is384 0 = use SHA512, 1 = use SHA384 * \param is384 0 = use SHA512, 1 = use SHA384
* *
* \return 0 if successful, 1 if fopen failed, * \return 0 if successful, 1 if fopen failed,
skipping to change at line 111 skipping to change at line 115
int sha4_file( const char *path, unsigned char output[64], int is384 ); int sha4_file( const char *path, unsigned char output[64], int is384 );
/** /**
* \brief SHA-512 HMAC context setup * \brief SHA-512 HMAC context setup
* *
* \param ctx HMAC context to be initialized * \param ctx HMAC context to be initialized
* \param is384 0 = use SHA512, 1 = use SHA384 * \param is384 0 = use SHA512, 1 = use SHA384
* \param key HMAC secret key * \param key HMAC secret key
* \param keylen length of the HMAC key * \param keylen length of the HMAC key
*/ */
void sha4_hmac_starts( sha4_context *ctx, const unsigned char *key, int key len, void sha4_hmac_starts( sha4_context *ctx, const unsigned char *key, size_t keylen,
int is384 ); int is384 );
/** /**
* \brief SHA-512 HMAC process buffer * \brief SHA-512 HMAC process buffer
* *
* \param ctx HMAC context * \param ctx HMAC context
* \param input buffer holding the data * \param input buffer holding the data
* \param ilen length of the input data * \param ilen length of the input data
*/ */
void sha4_hmac_update( sha4_context *ctx, const unsigned char *input, int i len ); void sha4_hmac_update( sha4_context *ctx, const unsigned char *input, size_ t ilen );
/** /**
* \brief SHA-512 HMAC final digest * \brief SHA-512 HMAC final digest
* *
* \param ctx HMAC context * \param ctx HMAC context
* \param output SHA-384/512 HMAC checksum result * \param output SHA-384/512 HMAC checksum result
*/ */
void sha4_hmac_finish( sha4_context *ctx, unsigned char output[64] ); void sha4_hmac_finish( sha4_context *ctx, unsigned char output[64] );
/** /**
skipping to change at line 148 skipping to change at line 152
/** /**
* \brief Output = HMAC-SHA-512( hmac key, input buffer ) * \brief Output = HMAC-SHA-512( hmac key, input buffer )
* *
* \param key HMAC secret key * \param key HMAC secret key
* \param keylen length of the HMAC key * \param keylen length of the HMAC key
* \param input buffer holding the data * \param input buffer holding the data
* \param ilen length of the input data * \param ilen length of the input data
* \param output HMAC-SHA-384/512 result * \param output HMAC-SHA-384/512 result
* \param is384 0 = use SHA512, 1 = use SHA384 * \param is384 0 = use SHA512, 1 = use SHA384
*/ */
void sha4_hmac( const unsigned char *key, int keylen, void sha4_hmac( const unsigned char *key, size_t keylen,
const unsigned char *input, int ilen, const unsigned char *input, size_t ilen,
unsigned char output[64], int is384 ); unsigned char output[64], int is384 );
/** /**
* \brief Checkup routine * \brief Checkup routine
* *
* \return 0 if successful, or 1 if the test failed * \return 0 if successful, or 1 if the test failed
*/ */
int sha4_self_test( int verbose ); int sha4_self_test( int verbose );
#ifdef __cplusplus #ifdef __cplusplus
 End of changes. 7 change blocks. 
6 lines changed or deleted 10 lines changed or added


 ssl.h   ssl.h 
/** /**
* \file ssl.h * \file ssl.h
* *
* \brief SSL/TLS functions.
*
* Copyright (C) 2006-2010, Brainspark B.V. * Copyright (C) 2006-2010, Brainspark B.V.
* *
* This file is part of PolarSSL (http://www.polarssl.org) * This file is part of PolarSSL (http://www.polarssl.org)
* Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org> * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
* *
* All rights reserved. * All rights reserved.
* *
* This program is free software; you can redistribute it and/or modify * This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by * it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or * the Free Software Foundation; either version 2 of the License, or
skipping to change at line 36 skipping to change at line 38
#define POLARSSL_SSL_H #define POLARSSL_SSL_H
#include <time.h> #include <time.h>
#include "polarssl/net.h" #include "polarssl/net.h"
#include "polarssl/dhm.h" #include "polarssl/dhm.h"
#include "polarssl/rsa.h" #include "polarssl/rsa.h"
#include "polarssl/md5.h" #include "polarssl/md5.h"
#include "polarssl/sha1.h" #include "polarssl/sha1.h"
#include "polarssl/x509.h" #include "polarssl/x509.h"
#include "polarssl/config.h"
#if defined(POLARSSL_PKCS11_C)
#include "polarssl/pkcs11.h"
#endif
#if defined(_MSC_VER) && !defined(inline)
#define inline _inline
#else
#if defined(__ARMCC_VERSION) && !defined(inline)
#define inline __inline
#endif /* __ARMCC_VERSION */
#endif /*_MSC_VER */
/* /*
* SSL Error codes * SSL Error codes
*/ */
#define POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE -0x1000 #define POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE -0x7080 /**< Th
#define POLARSSL_ERR_SSL_BAD_INPUT_DATA -0x1800 e requested feature is not available. */
#define POLARSSL_ERR_SSL_INVALID_MAC -0x2000 #define POLARSSL_ERR_SSL_BAD_INPUT_DATA -0x7100 /**< Ba
#define POLARSSL_ERR_SSL_INVALID_RECORD -0x2800 d input parameters to function. */
#define POLARSSL_ERR_SSL_INVALID_MODULUS_SIZE -0x3000 #define POLARSSL_ERR_SSL_INVALID_MAC -0x7180 /**< Ve
#define POLARSSL_ERR_SSL_UNKNOWN_CIPHER -0x3800 rification of the message MAC failed. */
#define POLARSSL_ERR_SSL_NO_CIPHER_CHOSEN -0x4000 #define POLARSSL_ERR_SSL_INVALID_RECORD -0x7200 /**< An
#define POLARSSL_ERR_SSL_NO_SESSION_FOUND -0x4800 invalid SSL record was received. */
#define POLARSSL_ERR_SSL_NO_CLIENT_CERTIFICATE -0x5000 #define POLARSSL_ERR_SSL_CONN_EOF -0x7280 /**< Th
#define POLARSSL_ERR_SSL_CERTIFICATE_TOO_LARGE -0x5800 e connection indicated an EOF. */
#define POLARSSL_ERR_SSL_CERTIFICATE_REQUIRED -0x6000 #define POLARSSL_ERR_SSL_UNKNOWN_CIPHER -0x7300 /**< An
#define POLARSSL_ERR_SSL_PRIVATE_KEY_REQUIRED -0x6800 unknown cipher was received. */
#define POLARSSL_ERR_SSL_CA_CHAIN_REQUIRED -0x7000 #define POLARSSL_ERR_SSL_NO_CIPHER_CHOSEN -0x7380 /**< Th
#define POLARSSL_ERR_SSL_UNEXPECTED_MESSAGE -0x7800 e server has no ciphersuites in common with the client. */
#define POLARSSL_ERR_SSL_FATAL_ALERT_MESSAGE -0x8000 #define POLARSSL_ERR_SSL_NO_SESSION_FOUND -0x7400 /**< No
#define POLARSSL_ERR_SSL_PEER_VERIFY_FAILED -0x8800 session to recover was found. */
#define POLARSSL_ERR_SSL_PEER_CLOSE_NOTIFY -0x9000 #define POLARSSL_ERR_SSL_NO_CLIENT_CERTIFICATE -0x7480 /**< No
#define POLARSSL_ERR_SSL_BAD_HS_CLIENT_HELLO -0x9800 client certification received from the client, but required by the authent
#define POLARSSL_ERR_SSL_BAD_HS_SERVER_HELLO -0xA000 ication mode. */
#define POLARSSL_ERR_SSL_BAD_HS_CERTIFICATE -0xA800 #define POLARSSL_ERR_SSL_CERTIFICATE_TOO_LARGE -0x7500 /**< Ou
#define POLARSSL_ERR_SSL_BAD_HS_CERTIFICATE_REQUEST -0xB000 r own certificate(s) is/are too large to send in an SSL message.*/
#define POLARSSL_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE -0xB800 #define POLARSSL_ERR_SSL_CERTIFICATE_REQUIRED -0x7580 /**< Th
#define POLARSSL_ERR_SSL_BAD_HS_SERVER_HELLO_DONE -0xC000 e own certificate is not set, but needed by the server. */
#define POLARSSL_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE -0xC800 #define POLARSSL_ERR_SSL_PRIVATE_KEY_REQUIRED -0x7600 /**< Th
#define POLARSSL_ERR_SSL_BAD_HS_CERTIFICATE_VERIFY -0xD000 e own private key is not set, but needed. */
#define POLARSSL_ERR_SSL_BAD_HS_CHANGE_CIPHER_SPEC -0xD800 #define POLARSSL_ERR_SSL_CA_CHAIN_REQUIRED -0x7680 /**< No
#define POLARSSL_ERR_SSL_BAD_HS_FINISHED -0xE000 CA Chain is set, but required to operate. */
#define POLARSSL_ERR_SSL_UNEXPECTED_MESSAGE -0x7700 /**< An
unexpected message was received from our peer. */
#define POLARSSL_ERR_SSL_FATAL_ALERT_MESSAGE -0x7780 /**< A
fatal alert message was received from our peer. */
#define POLARSSL_ERR_SSL_PEER_VERIFY_FAILED -0x7800 /**< Ve
rification of our peer failed. */
#define POLARSSL_ERR_SSL_PEER_CLOSE_NOTIFY -0x7880 /**< Th
e peer notified us that the connection is going to be closed. */
#define POLARSSL_ERR_SSL_BAD_HS_CLIENT_HELLO -0x7900 /**< Pr
ocessing of the ClientHello handshake message failed. */
#define POLARSSL_ERR_SSL_BAD_HS_SERVER_HELLO -0x7980 /**< Pr
ocessing of the ServerHello handshake message failed. */
#define POLARSSL_ERR_SSL_BAD_HS_CERTIFICATE -0x7A00 /**< Pr
ocessing of the Certificate handshake message failed. */
#define POLARSSL_ERR_SSL_BAD_HS_CERTIFICATE_REQUEST -0x7A80 /**< Pr
ocessing of the CertificateRequest handshake message failed. */
#define POLARSSL_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE -0x7B00 /**< Pr
ocessing of the ServerKeyExchange handshake message failed. */
#define POLARSSL_ERR_SSL_BAD_HS_SERVER_HELLO_DONE -0x7B80 /**< Pr
ocessing of the ServerHelloDone handshake message failed. */
#define POLARSSL_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE -0x7C00 /**< Pr
ocessing of the ClientKeyExchange handshake message failed. */
#define POLARSSL_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE_DHM_RP -0x7C80 /**< Pr
ocessing of the ClientKeyExchange handshake message failed in DHM Read Publ
ic. */
#define POLARSSL_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE_DHM_CS -0x7D00 /**< Pr
ocessing of the ClientKeyExchange handshake message failed in DHM Calculate
Secret. */
#define POLARSSL_ERR_SSL_BAD_HS_CERTIFICATE_VERIFY -0x7D80 /**< Pr
ocessing of the CertificateVerify handshake message failed. */
#define POLARSSL_ERR_SSL_BAD_HS_CHANGE_CIPHER_SPEC -0x7E00 /**< Pr
ocessing of the ChangeCipherSpec handshake message failed. */
#define POLARSSL_ERR_SSL_BAD_HS_FINISHED -0x7E80 /**< Pr
ocessing of the Finished handshake message failed. */
/* /*
* Various constants * Various constants
*/ */
#define SSL_MAJOR_VERSION_3 3 #define SSL_MAJOR_VERSION_3 3
#define SSL_MINOR_VERSION_0 0 /*!< SSL v3.0 */ #define SSL_MINOR_VERSION_0 0 /*!< SSL v3.0 */
#define SSL_MINOR_VERSION_1 1 /*!< TLS v1.0 */ #define SSL_MINOR_VERSION_1 1 /*!< TLS v1.0 */
#define SSL_MINOR_VERSION_2 2 /*!< TLS v1.1 */ #define SSL_MINOR_VERSION_2 2 /*!< TLS v1.1 */
#define SSL_IS_CLIENT 0 #define SSL_IS_CLIENT 0
skipping to change at line 122 skipping to change at line 139
#define SSL_MSG_CHANGE_CIPHER_SPEC 20 #define SSL_MSG_CHANGE_CIPHER_SPEC 20
#define SSL_MSG_ALERT 21 #define SSL_MSG_ALERT 21
#define SSL_MSG_HANDSHAKE 22 #define SSL_MSG_HANDSHAKE 22
#define SSL_MSG_APPLICATION_DATA 23 #define SSL_MSG_APPLICATION_DATA 23
#define SSL_ALERT_LEVEL_WARNING 1 #define SSL_ALERT_LEVEL_WARNING 1
#define SSL_ALERT_LEVEL_FATAL 2 #define SSL_ALERT_LEVEL_FATAL 2
#define SSL_ALERT_MSG_CLOSE_NOTIFY 0 #define SSL_ALERT_MSG_CLOSE_NOTIFY 0
#define SSL_ALERT_MSG_UNEXPECTED_MESSAGE 10 #define SSL_ALERT_MSG_UNEXPECTED_MESSAGE 10
#define SSL_ALERT_MSG_BAD_RECORD_MAD 20 #define SSL_ALERT_MSG_BAD_RECORD_MAC 20
#define SSL_ALERT_MSG_DECRYPTION_FAILED 21 #define SSL_ALERT_MSG_DECRYPTION_FAILED 21
#define SSL_ALERT_MSG_RECORD_OVERFLOW 22 #define SSL_ALERT_MSG_RECORD_OVERFLOW 22
#define SSL_ALERT_MSG_DECOMPRESSION_FAILURE 30 #define SSL_ALERT_MSG_DECOMPRESSION_FAILURE 30
#define SSL_ALERT_MSG_HANDSHAKE_FAILURE 40 #define SSL_ALERT_MSG_HANDSHAKE_FAILURE 40
#define SSL_ALERT_MSG_NO_CERT 41 #define SSL_ALERT_MSG_NO_CERT 41
#define SSL_ALERT_MSG_BAD_CERT 42 #define SSL_ALERT_MSG_BAD_CERT 42
#define SSL_ALERT_MSG_UNSUPPORTED_CERT 43 #define SSL_ALERT_MSG_UNSUPPORTED_CERT 43
#define SSL_ALERT_MSG_CERT_REVOKED 44 #define SSL_ALERT_MSG_CERT_REVOKED 44
#define SSL_ALERT_MSG_CERT_EXPIRED 45 #define SSL_ALERT_MSG_CERT_EXPIRED 45
#define SSL_ALERT_MSG_CERT_UNKNOWN 46 #define SSL_ALERT_MSG_CERT_UNKNOWN 46
skipping to change at line 195 skipping to change at line 212
typedef struct _ssl_session ssl_session; typedef struct _ssl_session ssl_session;
typedef struct _ssl_context ssl_context; typedef struct _ssl_context ssl_context;
/* /*
* This structure is used for session resuming. * This structure is used for session resuming.
*/ */
struct _ssl_session struct _ssl_session
{ {
time_t start; /*!< starting time */ time_t start; /*!< starting time */
int cipher; /*!< chosen cipher */ int ciphersuite; /*!< chosen ciphersuite */
int length; /*!< session id length */ size_t length; /*!< session id length */
unsigned char id[32]; /*!< session identifier */ unsigned char id[32]; /*!< session identifier */
unsigned char master[48]; /*!< the master secret */ unsigned char master[48]; /*!< the master secret */
ssl_session *next; /*!< next session entry */ ssl_session *next; /*!< next session entry */
}; };
struct _ssl_context struct _ssl_context
{ {
/* /*
* Miscellaneous * Miscellaneous
*/ */
int state; /*!< SSL handshake: current state */ int state; /*!< SSL handshake: current state */
int major_ver; /*!< equal to SSL_MAJOR_VERSION_3 */ int major_ver; /*!< equal to SSL_MAJOR_VERSION_3 */
int minor_ver; /*!< either 0 (SSL3) or 1 (TLS1.0) */ int minor_ver; /*!< either 0 (SSL3) or 1 (TLS1.0) */
int max_major_ver; /*!< max. major version from client */ int max_major_ver; /*!< max. major version from client */
int max_minor_ver; /*!< max. minor version from client */ int max_minor_ver; /*!< max. minor version from client */
/* /*
* Callbacks (RNG, debug, I/O) * Callbacks (RNG, debug, I/O, verification)
*/ */
int (*f_rng)(void *); int (*f_rng)(void *);
void (*f_dbg)(void *, int, const char *); void (*f_dbg)(void *, int, const char *);
int (*f_recv)(void *, unsigned char *, int); int (*f_recv)(void *, unsigned char *, size_t);
int (*f_send)(void *, unsigned char *, int); int (*f_send)(void *, const unsigned char *, size_t);
int (*f_vrfy)(void *, x509_cert *, int, int);
void *p_rng; /*!< context for the RNG function */ void *p_rng; /*!< context for the RNG function */
void *p_dbg; /*!< context for the debug function */ void *p_dbg; /*!< context for the debug function */
void *p_recv; /*!< context for reading operations */ void *p_recv; /*!< context for reading operations */
void *p_send; /*!< context for writing operations */ void *p_send; /*!< context for writing operations */
void *p_vrfy; /*!< context for verification */
/* /*
* Session layer * Session layer
*/ */
int resume; /*!< session resuming flag */ int resume; /*!< session resuming flag */
int timeout; /*!< sess. expiration time */ int timeout; /*!< sess. expiration time */
ssl_session *session; /*!< current session data */ ssl_session *session; /*!< current session data */
int (*s_get)(ssl_context *); /*!< (server) get callback */ int (*s_get)(ssl_context *); /*!< (server) get callback */
int (*s_set)(ssl_context *); /*!< (server) set callback */ int (*s_set)(ssl_context *); /*!< (server) set callback */
/* /*
* Record layer (incoming data) * Record layer (incoming data)
*/ */
unsigned char *in_ctr; /*!< 64-bit incoming message counter */ unsigned char *in_ctr; /*!< 64-bit incoming message counter */
unsigned char *in_hdr; /*!< 5-byte record header (in_ctr+8) */ unsigned char *in_hdr; /*!< 5-byte record header (in_ctr+8) */
unsigned char *in_msg; /*!< the message contents (in_hdr+5) */ unsigned char *in_msg; /*!< the message contents (in_hdr+5) */
unsigned char *in_offt; /*!< read offset in application data */ unsigned char *in_offt; /*!< read offset in application data */
int in_msgtype; /*!< record header: message type */ int in_msgtype; /*!< record header: message type */
int in_msglen; /*!< record header: message length */ size_t in_msglen; /*!< record header: message length */
int in_left; /*!< amount of data read so far */ size_t in_left; /*!< amount of data read so far */
int in_hslen; /*!< current handshake message length */ size_t in_hslen; /*!< current handshake message length */
int nb_zero; /*!< # of 0-length encrypted messages */ int nb_zero; /*!< # of 0-length encrypted messages */
/* /*
* Record layer (outgoing data) * Record layer (outgoing data)
*/ */
unsigned char *out_ctr; /*!< 64-bit outgoing message counter */ unsigned char *out_ctr; /*!< 64-bit outgoing message counter */
unsigned char *out_hdr; /*!< 5-byte record header (out_ctr+8) */ unsigned char *out_hdr; /*!< 5-byte record header (out_ctr+8) */
unsigned char *out_msg; /*!< the message contents (out_hdr+5) */ unsigned char *out_msg; /*!< the message contents (out_hdr+5) */
int out_msgtype; /*!< record header: message type */ int out_msgtype; /*!< record header: message type */
int out_msglen; /*!< record header: message length */ size_t out_msglen; /*!< record header: message length */
int out_left; /*!< amount of data not yet written */ size_t out_left; /*!< amount of data not yet written */
/* /*
* PKI layer * PKI layer
*/ */
rsa_context *rsa_key; /*!< own RSA private key */ rsa_context *rsa_key; /*!< own RSA private key */
#if defined(POLARSSL_PKCS11_C)
pkcs11_context *pkcs11_key; /*!< own PKCS#11 RSA private key *
/
#endif
x509_cert *own_cert; /*!< own X.509 certificate */ x509_cert *own_cert; /*!< own X.509 certificate */
x509_cert *ca_chain; /*!< own trusted CA chain */ x509_cert *ca_chain; /*!< own trusted CA chain */
x509_crl *ca_crl; /*!< trusted CA CRLs */ x509_crl *ca_crl; /*!< trusted CA CRLs */
x509_cert *peer_cert; /*!< peer X.509 cert chain */ x509_cert *peer_cert; /*!< peer X.509 cert chain */
const char *peer_cn; /*!< expected peer CN */ const char *peer_cn; /*!< expected peer CN */
int endpoint; /*!< 0: client, 1: server */ int endpoint; /*!< 0: client, 1: server */
int authmode; /*!< verification mode */ int authmode; /*!< verification mode */
int client_auth; /*!< flag for client auth. */ int client_auth; /*!< flag for client auth. */
int verify_result; /*!< verification result */ int verify_result; /*!< verification result */
/* /*
* Crypto layer * Crypto layer
*/ */
dhm_context dhm_ctx; /*!< DHM key exchange */ dhm_context dhm_ctx; /*!< DHM key exchange */
md5_context fin_md5; /*!< Finished MD5 checksum */ md5_context fin_md5; /*!< Finished MD5 checksum */
sha1_context fin_sha1; /*!< Finished SHA-1 checksum */ sha1_context fin_sha1; /*!< Finished SHA-1 checksum */
int do_crypt; /*!< en(de)cryption flag */ int do_crypt; /*!< en(de)cryption flag */
int *ciphers; /*!< allowed ciphersuites */ int *ciphersuites; /*!< allowed ciphersuites */
int pmslen; /*!< premaster length */ size_t pmslen; /*!< premaster length */
int keylen; /*!< symmetric key length */ unsigned int keylen; /*!< symmetric key length */
int minlen; /*!< min. ciphertext length */ size_t minlen; /*!< min. ciphertext length */
int ivlen; /*!< IV length */ size_t ivlen; /*!< IV length */
int maclen; /*!< MAC length */ size_t maclen; /*!< MAC length */
unsigned char randbytes[64]; /*!< random bytes */ unsigned char randbytes[64]; /*!< random bytes */
unsigned char premaster[256]; /*!< premaster secret */ unsigned char premaster[256]; /*!< premaster secret */
unsigned char iv_enc[16]; /*!< IV (encryption) */ unsigned char iv_enc[16]; /*!< IV (encryption) */
unsigned char iv_dec[16]; /*!< IV (decryption) */ unsigned char iv_dec[16]; /*!< IV (decryption) */
unsigned char mac_enc[32]; /*!< MAC (encryption) */ unsigned char mac_enc[32]; /*!< MAC (encryption) */
unsigned char mac_dec[32]; /*!< MAC (decryption) */ unsigned char mac_dec[32]; /*!< MAC (decryption) */
unsigned long ctx_enc[128]; /*!< encryption context */ unsigned long ctx_enc[128]; /*!< encryption context */
unsigned long ctx_dec[128]; /*!< decryption context */ unsigned long ctx_dec[128]; /*!< decryption context */
/* /*
* TLS extensions * TLS extensions
*/ */
unsigned char *hostname; unsigned char *hostname;
unsigned long hostname_len; size_t hostname_len;
}; };
#ifdef __cplusplus #ifdef __cplusplus
extern "C" { extern "C" {
#endif #endif
extern int ssl_default_ciphers[]; extern int ssl_default_ciphersuites[];
/**
* \brief Returns the list of ciphersuites supported by the SSL/TLS module.
*
* \return a statically allocated array of ciphersuites, the l
ast
* entry is 0.
*/
static inline const int *ssl_list_ciphersuites( void )
{
return ssl_default_ciphersuites;
}
/**
* \brief Return the name of the ciphersuite associated with
the given
* ID
*
* \param ciphersuite_id SSL ciphersuite ID
*
* \return a string containing the ciphersuite name
*/
const char *ssl_get_ciphersuite_name( const int ciphersuite_id );
/**
* \brief Return the ID of the ciphersuite associated with th
e given
* name
*
* \param ciphersuite_name SSL ciphersuite name
*
* \return the ID with the ciphersuite or 0 if not found
*/
int ssl_get_ciphersuite_id( const char *ciphersuite_name );
/** /**
* \brief Initialize an SSL context * \brief Initialize an SSL context
* *
* \param ssl SSL context * \param ssl SSL context
* *
* \return 0 if successful, or 1 if memory allocation failed * \return 0 if successful, or 1 if memory allocation failed
*/ */
int ssl_init( ssl_context *ssl ); int ssl_init( ssl_context *ssl );
skipping to change at line 339 skipping to change at line 392
* *
* \param ssl SSL context * \param ssl SSL context
* \param endpoint must be SSL_IS_CLIENT or SSL_IS_SERVER * \param endpoint must be SSL_IS_CLIENT or SSL_IS_SERVER
*/ */
void ssl_set_endpoint( ssl_context *ssl, int endpoint ); void ssl_set_endpoint( ssl_context *ssl, int endpoint );
/** /**
* \brief Set the certificate verification mode * \brief Set the certificate verification mode
* *
* \param ssl SSL context * \param ssl SSL context
* \param mode can be: * \param authmode can be:
* *
* SSL_VERIFY_NONE: peer certificate is not checked (default), * SSL_VERIFY_NONE: peer certificate is not checked (default),
* this is insecure and SHOULD be avoided. * this is insecure and SHOULD be avoided.
* *
* SSL_VERIFY_OPTIONAL: peer certificate is checked, however the * SSL_VERIFY_OPTIONAL: peer certificate is checked, however the
* handshake continues even if verification failed; * handshake continues even if verification failed;
* ssl_get_verify_result() can be called after the * ssl_get_verify_result() can be called after the
* handshake is complete. * handshake is complete.
* *
* SSL_VERIFY_REQUIRED: peer *must* present a valid certificate, * SSL_VERIFY_REQUIRED: peer *must* present a valid certificate,
* handshake is aborted if verification failed. * handshake is aborted if verification failed.
*/ */
void ssl_set_authmode( ssl_context *ssl, int authmode ); void ssl_set_authmode( ssl_context *ssl, int authmode );
/** /**
* \brief Set the verification callback (Optional).
*
* If set, the verification callback is called once for eve
ry
* certificate in the chain. The verification function has
the
* following parameter: (void *parameter, x509_cert certifi
cate,
* int certifcate_depth, int preverify_ok). It should
* return 0 on SUCCESS.
*
* \param ssl SSL context
* \param f_vrfy verification function
* \param p_vrfy verification parameter
*/
void ssl_set_verify( ssl_context *ssl,
int (*f_vrfy)(void *, x509_cert *, int, int),
void *p_vrfy );
/**
* \brief Set the random number generator callback * \brief Set the random number generator callback
* *
* \param ssl SSL context * \param ssl SSL context
* \param f_rng RNG function * \param f_rng RNG function
* \param p_rng RNG parameter * \param p_rng RNG parameter
*/ */
void ssl_set_rng( ssl_context *ssl, void ssl_set_rng( ssl_context *ssl,
int (*f_rng)(void *), int (*f_rng)(void *),
void *p_rng ); void *p_rng );
skipping to change at line 386 skipping to change at line 456
/** /**
* \brief Set the underlying BIO read and write callbacks * \brief Set the underlying BIO read and write callbacks
* *
* \param ssl SSL context * \param ssl SSL context
* \param f_recv read callback * \param f_recv read callback
* \param p_recv read parameter * \param p_recv read parameter
* \param f_send write callback * \param f_send write callback
* \param p_send write parameter * \param p_send write parameter
*/ */
void ssl_set_bio( ssl_context *ssl, void ssl_set_bio( ssl_context *ssl,
int (*f_recv)(void *, unsigned char *, int), void *p_recv, int (*f_recv)(void *, unsigned char *, size_t), void *p_recv,
int (*f_send)(void *, unsigned char *, int), void *p_send ); int (*f_send)(void *, const unsigned char *, size_t), void *p_send
);
/** /**
* \brief Set the session callbacks (server-side only) * \brief Set the session callbacks (server-side only)
* *
* \param ssl SSL context * \param ssl SSL context
* \param s_get session get callback * \param s_get session get callback
* \param s_set session set callback * \param s_set session set callback
*/ */
void ssl_set_scb( ssl_context *ssl, void ssl_set_scb( ssl_context *ssl,
int (*s_get)(ssl_context *), int (*s_get)(ssl_context *),
skipping to change at line 412 skipping to change at line 482
* *
* \param ssl SSL context * \param ssl SSL context
* \param resume if 0 (default), the session will not be resumed * \param resume if 0 (default), the session will not be resumed
* \param timeout session timeout in seconds, or 0 (no timeout) * \param timeout session timeout in seconds, or 0 (no timeout)
* \param session session context * \param session session context
*/ */
void ssl_set_session( ssl_context *ssl, int resume, int timeout, void ssl_set_session( ssl_context *ssl, int resume, int timeout,
ssl_session *session ); ssl_session *session );
/** /**
* \brief Set the list of allowed ciphersuites * \brief Set the list of allowed ciphersuites
* *
* \param ssl SSL context * \param ssl SSL context
* \param ciphers 0-terminated list of allowed ciphers * \param ciphersuites 0-terminated list of allowed ciphersuites
*/ */
void ssl_set_ciphers( ssl_context *ssl, int *ciphers ); void ssl_set_ciphersuites( ssl_context *ssl, int *ciphersuites );
/** /**
* \brief Set the data required to verify peer certificate * \brief Set the data required to verify peer certificate
* *
* \param ssl SSL context * \param ssl SSL context
* \param ca_chain trusted CA chain * \param ca_chain trusted CA chain
* \param ca_crl trusted CA CRLs * \param ca_crl trusted CA CRLs
* \param peer_cn expected peer CommonName (or NULL) * \param peer_cn expected peer CommonName (or NULL)
* *
* \note TODO: add two more parameters: depth and crl * \note TODO: add two more parameters: depth and crl
skipping to change at line 442 skipping to change at line 512
/** /**
* \brief Set own certificate and private key * \brief Set own certificate and private key
* *
* \param ssl SSL context * \param ssl SSL context
* \param own_cert own public certificate * \param own_cert own public certificate
* \param rsa_key own private RSA key * \param rsa_key own private RSA key
*/ */
void ssl_set_own_cert( ssl_context *ssl, x509_cert *own_cert, void ssl_set_own_cert( ssl_context *ssl, x509_cert *own_cert,
rsa_context *rsa_key ); rsa_context *rsa_key );
#if defined(POLARSSL_PKCS11_C)
/**
* \brief Set own certificate and PKCS#11 private key
*
* \param ssl SSL context
* \param own_cert own public certificate
* \param pkcs11_key own PKCS#11 RSA key
*/
void ssl_set_own_cert_pkcs11( ssl_context *ssl, x509_cert *own_cert,
pkcs11_context *pkcs11_key );
#endif
/** /**
* \brief Set the Diffie-Hellman public P and G values, * \brief Set the Diffie-Hellman public P and G values,
* read as hexadecimal strings (server-side only) * read as hexadecimal strings (server-side only)
* *
* \param ssl SSL context * \param ssl SSL context
* \param dhm_P Diffie-Hellman-Merkle modulus * \param dhm_P Diffie-Hellman-Merkle modulus
* \param dhm_G Diffie-Hellman-Merkle generator * \param dhm_G Diffie-Hellman-Merkle generator
* *
* \return 0 if successful * \return 0 if successful
*/ */
int ssl_set_dh_param( ssl_context *ssl, const char *dhm_P, const char *dhm_ G ); int ssl_set_dh_param( ssl_context *ssl, const char *dhm_P, const char *dhm_ G );
/** /**
* \brief Set the Diffie-Hellman public P and G values,
* read from existing context (server-side only)
*
* \param ssl SSL context
* \param dhm_ctx Diffie-Hellman-Merkle context
*
* \return 0 if successful
*/
int ssl_set_dh_param_ctx( ssl_context *ssl, dhm_context *dhm_ctx );
/**
* \brief Set hostname for ServerName TLS Extension * \brief Set hostname for ServerName TLS Extension
* *
* *
* \param ssl SSL context * \param ssl SSL context
* \param hostname the server hostname * \param hostname the server hostname
* *
* \return 0 if successful * \return 0 if successful
*/ */
int ssl_set_hostname( ssl_context *ssl, const char *hostname ); int ssl_set_hostname( ssl_context *ssl, const char *hostname );
/** /**
* \brief Return the number of data bytes available to read * \brief Return the number of data bytes available to read
* *
* \param ssl SSL context * \param ssl SSL context
* *
* \return how many bytes are available in the read buffer * \return how many bytes are available in the read buffer
*/ */
int ssl_get_bytes_avail( const ssl_context *ssl ); size_t ssl_get_bytes_avail( const ssl_context *ssl );
/** /**
* \brief Return the result of the certificate verification * \brief Return the result of the certificate verification
* *
* \param ssl SSL context * \param ssl SSL context
* *
* \return 0 if successful, or a combination of: * \return 0 if successful, or a combination of:
* BADCERT_EXPIRED * BADCERT_EXPIRED
* BADCERT_REVOKED * BADCERT_REVOKED
* BADCERT_CN_MISMATCH * BADCERT_CN_MISMATCH
* BADCERT_NOT_TRUSTED * BADCERT_NOT_TRUSTED
*/ */
int ssl_get_verify_result( const ssl_context *ssl ); int ssl_get_verify_result( const ssl_context *ssl );
/** /**
* \brief Return the name of the current cipher * \brief Return the name of the current ciphersuite
*
* \param ssl SSL context
*
* \return a string containing the ciphersuite name
*/
const char *ssl_get_ciphersuite( const ssl_context *ssl );
/**
* \brief Return the current SSL version (SSLv3/TLSv1/etc)
* *
* \param ssl SSL context * \param ssl SSL context
* *
* \return a string containing the cipher name * \return a string containing the SSL version
*/ */
const char *ssl_get_cipher( const ssl_context *ssl ); const char *ssl_get_version( const ssl_context *ssl );
/** /**
* \brief Perform the SSL handshake * \brief Perform the SSL handshake
* *
* \param ssl SSL context * \param ssl SSL context
* *
* \return 0 if successful, POLARSSL_ERR_NET_TRY_AGAIN, * \return 0 if successful, POLARSSL_ERR_NET_WANT_READ,
* or a specific SSL error code. * POLARSSL_ERR_NET_WANT_WRITE, or a specific SSL error cod
e.
*/ */
int ssl_handshake( ssl_context *ssl ); int ssl_handshake( ssl_context *ssl );
/** /**
* \brief Read at most 'len' application data bytes * \brief Read at most 'len' application data bytes
* *
* \param ssl SSL context * \param ssl SSL context
* \param buf buffer that will hold the data * \param buf buffer that will hold the data
* \param len how many bytes must be read * \param len how many bytes must be read
* *
* \return This function returns the number of bytes read, * \return This function returns the number of bytes read, 0 for EO F,
* or a negative error code. * or a negative error code.
*/ */
int ssl_read( ssl_context *ssl, unsigned char *buf, int len ); int ssl_read( ssl_context *ssl, unsigned char *buf, size_t len );
/** /**
* \brief Write exactly 'len' application data bytes * \brief Write exactly 'len' application data bytes
* *
* \param ssl SSL context * \param ssl SSL context
* \param buf buffer holding the data * \param buf buffer holding the data
* \param len how many bytes must be written * \param len how many bytes must be written
* *
* \return This function returns the number of bytes written, * \return This function returns the number of bytes written,
* or a negative error code. * or a negative error code.
* *
* \note When this function returns POLARSSL_ERR_NET_TRY_AGAIN, * \note When this function returns POLARSSL_ERR_NET_WANT_WRITE,
* it must be called later with the *same* arguments, * it must be called later with the *same* arguments,
* until it returns a positive value. * until it returns a positive value.
*/ */
int ssl_write( ssl_context *ssl, const unsigned char *buf, int len ); int ssl_write( ssl_context *ssl, const unsigned char *buf, size_t len );
/** /**
* \brief Notify the peer that the connection is being closed * \brief Notify the peer that the connection is being closed
* *
* \param ssl SSL context * \param ssl SSL context
*/ */
int ssl_close_notify( ssl_context *ssl ); int ssl_close_notify( ssl_context *ssl );
/** /**
* \brief Free an SSL context * \brief Free an SSL context
skipping to change at line 558 skipping to change at line 660
/* /*
* Internal functions (do not call directly) * Internal functions (do not call directly)
*/ */
int ssl_handshake_client( ssl_context *ssl ); int ssl_handshake_client( ssl_context *ssl );
int ssl_handshake_server( ssl_context *ssl ); int ssl_handshake_server( ssl_context *ssl );
int ssl_derive_keys( ssl_context *ssl ); int ssl_derive_keys( ssl_context *ssl );
void ssl_calc_verify( ssl_context *ssl, unsigned char hash[36] ); void ssl_calc_verify( ssl_context *ssl, unsigned char hash[36] );
int ssl_read_record( ssl_context *ssl ); int ssl_read_record( ssl_context *ssl );
int ssl_fetch_input( ssl_context *ssl, int nb_want ); /**
* \return 0 if successful, POLARSSL_ERR_SSL_CONN_EOF on EOF or
* another negative error code.
*/
int ssl_fetch_input( ssl_context *ssl, size_t nb_want );
int ssl_write_record( ssl_context *ssl ); int ssl_write_record( ssl_context *ssl );
int ssl_flush_output( ssl_context *ssl ); int ssl_flush_output( ssl_context *ssl );
int ssl_parse_certificate( ssl_context *ssl ); int ssl_parse_certificate( ssl_context *ssl );
int ssl_write_certificate( ssl_context *ssl ); int ssl_write_certificate( ssl_context *ssl );
int ssl_parse_change_cipher_spec( ssl_context *ssl ); int ssl_parse_change_cipher_spec( ssl_context *ssl );
int ssl_write_change_cipher_spec( ssl_context *ssl ); int ssl_write_change_cipher_spec( ssl_context *ssl );
 End of changes. 33 change blocks. 
64 lines changed or deleted 211 lines changed or added


 timing.h   timing.h 
/** /**
* \file timing.h * \file timing.h
* *
* \brief Portable interface to the CPU cycle counter
*
* Copyright (C) 2006-2010, Brainspark B.V. * Copyright (C) 2006-2010, Brainspark B.V.
* *
* This file is part of PolarSSL (http://www.polarssl.org) * This file is part of PolarSSL (http://www.polarssl.org)
* Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org> * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
* *
* All rights reserved. * All rights reserved.
* *
* This program is free software; you can redistribute it and/or modify * This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by * it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or * the Free Software Foundation; either version 2 of the License, or
skipping to change at line 40 skipping to change at line 42
*/ */
struct hr_time struct hr_time
{ {
unsigned char opaque[32]; unsigned char opaque[32];
}; };
#ifdef __cplusplus #ifdef __cplusplus
extern "C" { extern "C" {
#endif #endif
extern int alarmed; extern volatile int alarmed;
/** /**
* \brief Return the CPU cycle counter value * \brief Return the CPU cycle counter value
*/ */
unsigned long hardclock( void ); unsigned long hardclock( void );
/** /**
* \brief Return the elapsed time in milliseconds * \brief Return the elapsed time in milliseconds
* *
* \param val points to a timer structure * \param val points to a timer structure
skipping to change at line 65 skipping to change at line 67
/** /**
* \brief Setup an alarm clock * \brief Setup an alarm clock
* *
* \param seconds delay before the "alarmed" flag is set * \param seconds delay before the "alarmed" flag is set
*/ */
void set_alarm( int seconds ); void set_alarm( int seconds );
/** /**
* \brief Sleep for a certain amount of time * \brief Sleep for a certain amount of time
* *
* \param Delay in milliseconds * \param milliseconds delay in milliseconds
*/ */
void m_sleep( int milliseconds ); void m_sleep( int milliseconds );
#ifdef __cplusplus #ifdef __cplusplus
} }
#endif #endif
#endif /* timing.h */ #endif /* timing.h */
 End of changes. 3 change blocks. 
2 lines changed or deleted 4 lines changed or added


 version.h   version.h 
/** /**
* \file version.h * \file version.h
* *
* \brief Run-time version information
*
* Copyright (C) 2006-2010, Brainspark B.V. * Copyright (C) 2006-2010, Brainspark B.V.
* *
* This file is part of PolarSSL (http://www.polarssl.org) * This file is part of PolarSSL (http://www.polarssl.org)
* Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org> * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
* *
* All rights reserved. * All rights reserved.
* *
* This program is free software; you can redistribute it and/or modify * This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by * it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or * the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version. * (at your option) any later version.
* *
* This program is distributed in the hope that it will be useful, * This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of * but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details. * GNU General Public License for more details.
* *
* You should have received a copy of the GNU General Public License along * You should have received a copy of the GNU General Public License along
* with this program; if not, write to the Free Software Foundation, Inc., * with this program; if not, write to the Free Software Foundation, Inc.,
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
* */
/*
* This set of compile-time defines and run-time variables can be used to * This set of compile-time defines and run-time variables can be used to
* determine the version number of the PolarSSL library used. * determine the version number of the PolarSSL library used.
*/ */
#ifndef POLARSSL_VERSION_H #ifndef POLARSSL_VERSION_H
#define POLARSSL_VERSION_H #define POLARSSL_VERSION_H
#include "polarssl/config.h" #include "polarssl/config.h"
/** /**
* The version number x.y.z is split into three parts. * The version number x.y.z is split into three parts.
* Major, Minor, Patchlevel * Major, Minor, Patchlevel
*/ */
#define POLARSSL_VERSION_MAJOR 0 #define POLARSSL_VERSION_MAJOR 1
#define POLARSSL_VERSION_MINOR 14 #define POLARSSL_VERSION_MINOR 0
#define POLARSSL_VERSION_PATCH 3 #define POLARSSL_VERSION_PATCH 0
/** /**
* The single version number has the following structure: * The single version number has the following structure:
* MMNNPP00 * MMNNPP00
* Major version | Minor version | Patch version * Major version | Minor version | Patch version
*/ */
#define POLARSSL_VERSION_NUMBER 0x000E0300 #define POLARSSL_VERSION_NUMBER 0x01000000
#define POLARSSL_VERSION_STRING "0.14.3" #define POLARSSL_VERSION_STRING "1.0.0"
#define POLARSSL_VERSION_STRING_FULL "PolarSSL 0.14.3" #define POLARSSL_VERSION_STRING_FULL "PolarSSL 1.0.0"
#if defined(POLARSSL_VERSION_C) #if defined(POLARSSL_VERSION_C)
/** /**
* Get the version number. * Get the version number.
* *
* @return The constructed version number in the format * \return The constructed version number in the format
* MMNNPP00 (Major, Minor, Patch). * MMNNPP00 (Major, Minor, Patch).
*/ */
unsigned int version_get_number(); unsigned int version_get_number( void );
/** /**
* Get the version string ("x.y.z"). * Get the version string ("x.y.z").
* *
* @param string The string that will receive the value. * \param string The string that will receive the value.
* (Should be at least 9 bytes in size) * (Should be at least 9 bytes in size)
*/ */
void version_get_string( char *string ); void version_get_string( char *string );
/** /**
* Get the full version string ("PolarSSL x.y.z"). * Get the full version string ("PolarSSL x.y.z").
* *
* @param string The string that will receive the value. * \param string The string that will receive the value.
* (Should be at least 18 bytes in size) * (Should be at least 18 bytes in size)
*/ */
void version_get_string_full( char *string ); void version_get_string_full( char *string );
#endif /* POLARSSL_VERSION_C */ #endif /* POLARSSL_VERSION_C */
#endif /* version.h */ #endif /* version.h */
 End of changes. 8 change blocks. 
11 lines changed or deleted 14 lines changed or added


 x509.h   x509.h 
/** /**
* \file x509.h * \file x509.h
* *
* \brief X.509 certificate and private key decoding
*
* Copyright (C) 2006-2010, Brainspark B.V. * Copyright (C) 2006-2010, Brainspark B.V.
* *
* This file is part of PolarSSL (http://www.polarssl.org) * This file is part of PolarSSL (http://www.polarssl.org)
* Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org> * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
* *
* All rights reserved. * All rights reserved.
* *
* This program is free software; you can redistribute it and/or modify * This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by * it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or * the Free Software Foundation; either version 2 of the License, or
skipping to change at line 29 skipping to change at line 31
* GNU General Public License for more details. * GNU General Public License for more details.
* *
* You should have received a copy of the GNU General Public License along * You should have received a copy of the GNU General Public License along
* with this program; if not, write to the Free Software Foundation, Inc., * with this program; if not, write to the Free Software Foundation, Inc.,
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*/ */
#ifndef POLARSSL_X509_H #ifndef POLARSSL_X509_H
#define POLARSSL_X509_H #define POLARSSL_X509_H
#include "polarssl/rsa.h" #include "polarssl/rsa.h"
#include "polarssl/dhm.h"
/* /**
* ASN1 Error codes * \addtogroup x509_module
* * \{
* These error codes will be OR'ed to X509 error codes for
* higher error granularity.
*/
#define POLARSSL_ERR_ASN1_OUT_OF_DATA 0x0014
#define POLARSSL_ERR_ASN1_UNEXPECTED_TAG 0x0016
#define POLARSSL_ERR_ASN1_INVALID_LENGTH 0x0018
#define POLARSSL_ERR_ASN1_LENGTH_MISMATCH 0x001A
#define POLARSSL_ERR_ASN1_INVALID_DATA 0x001C
/*
* X509 Error codes
*/ */
#define POLARSSL_ERR_X509_FEATURE_UNAVAILABLE -0x0020
#define POLARSSL_ERR_X509_CERT_INVALID_PEM -0x0040
#define POLARSSL_ERR_X509_CERT_INVALID_FORMAT -0x0060
#define POLARSSL_ERR_X509_CERT_INVALID_VERSION -0x0080
#define POLARSSL_ERR_X509_CERT_INVALID_SERIAL -0x00A0
#define POLARSSL_ERR_X509_CERT_INVALID_ALG -0x00C0
#define POLARSSL_ERR_X509_CERT_INVALID_NAME -0x00E0
#define POLARSSL_ERR_X509_CERT_INVALID_DATE -0x0100
#define POLARSSL_ERR_X509_CERT_INVALID_PUBKEY -0x0120
#define POLARSSL_ERR_X509_CERT_INVALID_SIGNATURE -0x0140
#define POLARSSL_ERR_X509_CERT_INVALID_EXTENSIONS -0x0160
#define POLARSSL_ERR_X509_CERT_UNKNOWN_VERSION -0x0180
#define POLARSSL_ERR_X509_CERT_UNKNOWN_SIG_ALG -0x01A0
#define POLARSSL_ERR_X509_CERT_UNKNOWN_PK_ALG -0x01C0
#define POLARSSL_ERR_X509_CERT_SIG_MISMATCH -0x01E0
#define POLARSSL_ERR_X509_CERT_VERIFY_FAILED -0x0200
#define POLARSSL_ERR_X509_KEY_INVALID_PEM -0x0220
#define POLARSSL_ERR_X509_KEY_INVALID_VERSION -0x0240
#define POLARSSL_ERR_X509_KEY_INVALID_FORMAT -0x0260
#define POLARSSL_ERR_X509_KEY_INVALID_ENC_IV -0x0280
#define POLARSSL_ERR_X509_KEY_UNKNOWN_ENC_ALG -0x02A0
#define POLARSSL_ERR_X509_KEY_PASSWORD_REQUIRED -0x02C0
#define POLARSSL_ERR_X509_KEY_PASSWORD_MISMATCH -0x02E0
#define POLARSSL_ERR_X509_POINT_ERROR -0x0300
#define POLARSSL_ERR_X509_VALUE_TO_LENGTH -0x0320
/* /**
* X509 Verify codes * \name ASN1 Error codes
* These error codes are OR'ed to X509 error codes for
* higher error granularity.
* ASN1 is a standard to specify data structures.
* \{
*/ */
#define BADCERT_EXPIRED 1 #define POLARSSL_ERR_ASN1_OUT_OF_DATA -0x0014 /**< Ou
#define BADCERT_REVOKED 2 t of data when parsing an ASN1 data structure. */
#define BADCERT_CN_MISMATCH 4 #define POLARSSL_ERR_ASN1_UNEXPECTED_TAG -0x0016 /**< AS
#define BADCERT_NOT_TRUSTED 8 N1 tag was of an unexpected value. */
#define BADCRL_NOT_TRUSTED 16 #define POLARSSL_ERR_ASN1_INVALID_LENGTH -0x0018 /**< Er
#define BADCRL_EXPIRED 32 ror when trying to determine the length or invalid length. */
#define POLARSSL_ERR_ASN1_LENGTH_MISMATCH -0x001A /**< Ac
/* tual length differs from expected length. */
* DER constants #define POLARSSL_ERR_ASN1_INVALID_DATA -0x001C /**< Da
ta is invalid. (not used) */
/* \} name */
/**
* \name X509 Error codes
* \{
*/
#define POLARSSL_ERR_X509_FEATURE_UNAVAILABLE -0x2080 /**< Un
available feature, e.g. RSA hashing/encryption combination. */
#define POLARSSL_ERR_X509_CERT_INVALID_PEM -0x2100 /**< Th
e PEM-encoded certificate contains invalid elements, e.g. invalid character
. */
#define POLARSSL_ERR_X509_CERT_INVALID_FORMAT -0x2180 /**< Th
e certificate format is invalid, e.g. different type expected. */
#define POLARSSL_ERR_X509_CERT_INVALID_VERSION -0x2200 /**< Th
e certificate version element is invalid. */
#define POLARSSL_ERR_X509_CERT_INVALID_SERIAL -0x2280 /**< Th
e serial tag or value is invalid. */
#define POLARSSL_ERR_X509_CERT_INVALID_ALG -0x2300 /**< Th
e algorithm tag or value is invalid. */
#define POLARSSL_ERR_X509_CERT_INVALID_NAME -0x2380 /**< Th
e name tag or value is invalid. */
#define POLARSSL_ERR_X509_CERT_INVALID_DATE -0x2400 /**< Th
e date tag or value is invalid. */
#define POLARSSL_ERR_X509_CERT_INVALID_PUBKEY -0x2480 /**< Th
e pubkey tag or value is invalid (only RSA is supported). */
#define POLARSSL_ERR_X509_CERT_INVALID_SIGNATURE -0x2500 /**< Th
e signature tag or value invalid. */
#define POLARSSL_ERR_X509_CERT_INVALID_EXTENSIONS -0x2580 /**< Th
e extension tag or value is invalid. */
#define POLARSSL_ERR_X509_CERT_UNKNOWN_VERSION -0x2600 /**< Ce
rtificate or CRL has an unsupported version number. */
#define POLARSSL_ERR_X509_CERT_UNKNOWN_SIG_ALG -0x2680 /**< Si
gnature algorithm (oid) is unsupported. */
#define POLARSSL_ERR_X509_UNKNOWN_PK_ALG -0x2700 /**< Ke
y algorithm is unsupported (only RSA is supported). */
#define POLARSSL_ERR_X509_CERT_SIG_MISMATCH -0x2780 /**< Ce
rtificate signature algorithms do not match. (see \c ::x509_cert sig_oid) *
/
#define POLARSSL_ERR_X509_CERT_VERIFY_FAILED -0x2800 /**< Ce
rtificate verification failed, e.g. CRL, CA or signature check failed. */
#define POLARSSL_ERR_X509_KEY_INVALID_VERSION -0x2880 /**< Un
supported RSA key version */
#define POLARSSL_ERR_X509_KEY_INVALID_FORMAT -0x2900 /**< In
valid RSA key tag or value. */
#define POLARSSL_ERR_X509_POINT_ERROR -0x2980 /**< No
t used. */
#define POLARSSL_ERR_X509_VALUE_TO_LENGTH -0x2A00 /**< No
t used. */
/* \} name */
/**
* \name X509 Verify codes
* \{
*/
#define BADCERT_EXPIRED 0x01 /**< The certificate validity has
expired. */
#define BADCERT_REVOKED 0x02 /**< The certificate has been rev
oked (is on a CRL). */
#define BADCERT_CN_MISMATCH 0x04 /**< The certificate Common Name
(CN) does not match with the expected CN. */
#define BADCERT_NOT_TRUSTED 0x08 /**< The certificate is not corre
ctly signed by the trusted CA. */
#define BADCRL_NOT_TRUSTED 0x10 /**< CRL is not correctly signed
by the trusted CA. */
#define BADCRL_EXPIRED 0x20 /**< CRL is expired. */
#define BADCERT_MISSING 0x40 /**< Certificate was missing. */
#define BADCERT_SKIP_VERIFY 0x80 /**< Certificate verification was
skipped. */
/* \} name */
/**
* \name DER constants
* These constants comply with DER encoded the ANS1 type tags.
* DER encoding uses hexadecimal representation.
* An example DER sequence is:\n
* - 0x02 -- tag indicating INTEGER
* - 0x01 -- length in octets
* - 0x05 -- value
* Such sequences are typically read into \c ::x509_buf.
* \{
*/ */
#define ASN1_BOOLEAN 0x01 #define ASN1_BOOLEAN 0x01
#define ASN1_INTEGER 0x02 #define ASN1_INTEGER 0x02
#define ASN1_BIT_STRING 0x03 #define ASN1_BIT_STRING 0x03
#define ASN1_OCTET_STRING 0x04 #define ASN1_OCTET_STRING 0x04
#define ASN1_NULL 0x05 #define ASN1_NULL 0x05
#define ASN1_OID 0x06 #define ASN1_OID 0x06
#define ASN1_UTF8_STRING 0x0C #define ASN1_UTF8_STRING 0x0C
#define ASN1_SEQUENCE 0x10 #define ASN1_SEQUENCE 0x10
#define ASN1_SET 0x11 #define ASN1_SET 0x11
#define ASN1_PRINTABLE_STRING 0x13 #define ASN1_PRINTABLE_STRING 0x13
#define ASN1_T61_STRING 0x14 #define ASN1_T61_STRING 0x14
#define ASN1_IA5_STRING 0x16 #define ASN1_IA5_STRING 0x16
#define ASN1_UTC_TIME 0x17 #define ASN1_UTC_TIME 0x17
#define ASN1_GENERALIZED_TIME 0x18 #define ASN1_GENERALIZED_TIME 0x18
#define ASN1_UNIVERSAL_STRING 0x1C #define ASN1_UNIVERSAL_STRING 0x1C
#define ASN1_BMP_STRING 0x1E #define ASN1_BMP_STRING 0x1E
#define ASN1_PRIMITIVE 0x00 #define ASN1_PRIMITIVE 0x00
#define ASN1_CONSTRUCTED 0x20 #define ASN1_CONSTRUCTED 0x20
#define ASN1_CONTEXT_SPECIFIC 0x80 #define ASN1_CONTEXT_SPECIFIC 0x80
/* \} name */
/* \} addtogroup x509_module */
/* /*
* various object identifiers * various object identifiers
*/ */
#define X520_COMMON_NAME 3 #define X520_COMMON_NAME 3
#define X520_COUNTRY 6 #define X520_COUNTRY 6
#define X520_LOCALITY 7 #define X520_LOCALITY 7
#define X520_STATE 8 #define X520_STATE 8
#define X520_ORGANIZATION 10 #define X520_ORGANIZATION 10
#define X520_ORG_UNIT 11 #define X520_ORG_UNIT 11
#define PKCS9_EMAIL 1 #define PKCS9_EMAIL 1
#define X509_OUTPUT_DER 0x01 #define X509_OUTPUT_DER 0x01
#define X509_OUTPUT_PEM 0x02 #define X509_OUTPUT_PEM 0x02
#define PEM_LINE_LENGTH 72 #define PEM_LINE_LENGTH 72
#define X509_ISSUER 0x01 #define X509_ISSUER 0x01
#define X509_SUBJECT 0x02 #define X509_SUBJECT 0x02
/** Returns the size of the binary string, without the trailing \\0 */
#define OID_SIZE(x) (sizeof(x) - 1)
#define OID_X520 "\x55\x04" #define OID_X520 "\x55\x04"
#define OID_CN "\x55\x04\x03" #define OID_CN OID_X520 "\x03"
#define OID_PKCS1 "\x2A\x86\x48\x86\xF7\x0D\x01\x01" #define OID_PKCS1 "\x2A\x86\x48\x86\xF7\x0D\x01\x01"
#define OID_PKCS1_RSA "\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01" #define OID_PKCS1_RSA OID_PKCS1 "\x01"
#define OID_RSA_SHA_OBS "\x2B\x0E\x03\x02\x1D" #define OID_RSA_SHA_OBS "\x2B\x0E\x03\x02\x1D"
#define OID_PKCS9 "\x2A\x86\x48\x86\xF7\x0D\x01\x09" #define OID_PKCS9 "\x2A\x86\x48\x86\xF7\x0D\x01\x09"
#define OID_PKCS9_EMAIL "\x2A\x86\x48\x86\xF7\x0D\x01\x09\x01" #define OID_PKCS9_EMAIL OID_PKCS9 "\x01"
/** ISO arc for standard certificate and CRL extensions */
#define OID_ID_CE "\x55\x1D" /**< id-ce OBJECT IDENTIFIER ::
= {joint-iso-ccitt(2) ds(5) 29} */
/**
* Private Internet Extensions
* { iso(1) identified-organization(3) dod(6) internet(1)
* security(5) mechanisms(5) pkix(7) }
*/
#define OID_PKIX "\x2B\x06\x01\x05\x05\x07"
/*
* OIDs for standard certificate extensions
*/
#define OID_AUTHORITY_KEY_IDENTIFIER OID_ID_CE "\x23" /**< id-ce-authori
tyKeyIdentifier OBJECT IDENTIFIER ::= { id-ce 35 } */
#define OID_SUBJECT_KEY_IDENTIFIER OID_ID_CE "\x0E" /**< id-ce-subject
KeyIdentifier OBJECT IDENTIFIER ::= { id-ce 14 } */
#define OID_KEY_USAGE OID_ID_CE "\x0F" /**< id-ce-keyUsag
e OBJECT IDENTIFIER ::= { id-ce 15 } */
#define OID_CERTIFICATE_POLICIES OID_ID_CE "\x20" /**< id-ce-certifi
catePolicies OBJECT IDENTIFIER ::= { id-ce 32 } */
#define OID_POLICY_MAPPINGS OID_ID_CE "\x21" /**< id-ce-policyM
appings OBJECT IDENTIFIER ::= { id-ce 33 } */
#define OID_SUBJECT_ALT_NAME OID_ID_CE "\x11" /**< id-ce-subject
AltName OBJECT IDENTIFIER ::= { id-ce 17 } */
#define OID_ISSUER_ALT_NAME OID_ID_CE "\x12" /**< id-ce-issuerA
ltName OBJECT IDENTIFIER ::= { id-ce 18 } */
#define OID_SUBJECT_DIRECTORY_ATTRS OID_ID_CE "\x09" /**< id-ce-subject
DirectoryAttributes OBJECT IDENTIFIER ::= { id-ce 9 } */
#define OID_BASIC_CONSTRAINTS OID_ID_CE "\x13" /**< id-ce-basicCo
nstraints OBJECT IDENTIFIER ::= { id-ce 19 } */
#define OID_NAME_CONSTRAINTS OID_ID_CE "\x1E" /**< id-ce-nameCon
straints OBJECT IDENTIFIER ::= { id-ce 30 } */
#define OID_POLICY_CONSTRAINTS OID_ID_CE "\x24" /**< id-ce-policyC
onstraints OBJECT IDENTIFIER ::= { id-ce 36 } */
#define OID_EXTENDED_KEY_USAGE OID_ID_CE "\x25" /**< id-ce-extKeyU
sage OBJECT IDENTIFIER ::= { id-ce 37 } */
#define OID_CRL_DISTRIBUTION_POINTS OID_ID_CE "\x1F" /**< id-ce-cRLDist
ributionPoints OBJECT IDENTIFIER ::= { id-ce 31 } */
#define OID_INIHIBIT_ANYPOLICY OID_ID_CE "\x36" /**< id-ce-inhibit
AnyPolicy OBJECT IDENTIFIER ::= { id-ce 54 } */
#define OID_FRESHEST_CRL OID_ID_CE "\x2E" /**< id-ce-freshes
tCRL OBJECT IDENTIFIER ::= { id-ce 46 } */
/*
* X.509 v3 Key Usage Extension flags
*/
#define KU_DIGITAL_SIGNATURE (0x80) /* bit 0 */
#define KU_NON_REPUDIATION (0x40) /* bit 1 */
#define KU_KEY_ENCIPHERMENT (0x20) /* bit 2 */
#define KU_DATA_ENCIPHERMENT (0x10) /* bit 3 */
#define KU_KEY_AGREEMENT (0x08) /* bit 4 */
#define KU_KEY_CERT_SIGN (0x04) /* bit 5 */
#define KU_CRL_SIGN (0x02) /* bit 6 */
/*
* X.509 v3 Extended key usage OIDs
*/
#define OID_ANY_EXTENDED_KEY_USAGE OID_EXTENDED_KEY_USAGE "\x00" /**<
anyExtendedKeyUsage OBJECT IDENTIFIER ::= { id-ce-extKeyUsage 0 } */
#define OID_KP OID_PKIX "\x03" /**< id-kp OBJECT I
DENTIFIER ::= { id-pkix 3 } */
#define OID_SERVER_AUTH OID_KP "\x01" /**< id-kp-serverAuth
OBJECT IDENTIFIER ::= { id-kp 1 } */
#define OID_CLIENT_AUTH OID_KP "\x02" /**< id-kp-clientAuth
OBJECT IDENTIFIER ::= { id-kp 2 } */
#define OID_CODE_SIGNING OID_KP "\x03" /**< id-kp-codeSignin
g OBJECT IDENTIFIER ::= { id-kp 3 } */
#define OID_EMAIL_PROTECTION OID_KP "\x04" /**< id-kp-emailProte
ction OBJECT IDENTIFIER ::= { id-kp 4 } */
#define OID_TIME_STAMPING OID_KP "\x08" /**< id-kp-timeStampi
ng OBJECT IDENTIFIER ::= { id-kp 8 } */
#define OID_OCSP_SIGNING OID_KP "\x09" /**< id-kp-OCSPSignin
g OBJECT IDENTIFIER ::= { id-kp 9 } */
#define STRING_SERVER_AUTH "TLS Web Server Authentication"
#define STRING_CLIENT_AUTH "TLS Web Client Authentication"
#define STRING_CODE_SIGNING "Code Signing"
#define STRING_EMAIL_PROTECTION "E-mail Protection"
#define STRING_TIME_STAMPING "Time Stamping"
#define STRING_OCSP_SIGNING "OCSP Signing"
/*
* OIDs for CRL extensions
*/
#define OID_PRIVATE_KEY_USAGE_PERIOD OID_ID_CE "\x10"
#define OID_CRL_NUMBER OID_ID_CE "\x14" /**< id-ce-cRLNumb
er OBJECT IDENTIFIER ::= { id-ce 20 } */
/*
* Netscape certificate extensions
*/
#define OID_NETSCAPE "\x60\x86\x48\x01\x86\xF8\x42" /**< Net
scape OID */
#define OID_NS_CERT OID_NETSCAPE "\x01"
#define OID_NS_CERT_TYPE OID_NS_CERT "\x01"
#define OID_NS_BASE_URL OID_NS_CERT "\x02"
#define OID_NS_REVOCATION_URL OID_NS_CERT "\x03"
#define OID_NS_CA_REVOCATION_URL OID_NS_CERT "\x04"
#define OID_NS_RENEWAL_URL OID_NS_CERT "\x07"
#define OID_NS_CA_POLICY_URL OID_NS_CERT "\x08"
#define OID_NS_SSL_SERVER_NAME OID_NS_CERT "\x0C"
#define OID_NS_COMMENT OID_NS_CERT "\x0D"
#define OID_NS_DATA_TYPE OID_NETSCAPE "\x02"
#define OID_NS_CERT_SEQUENCE OID_NS_DATA_TYPE "\x05"
/* /*
* Structures for parsing X.509 certificates * Netscape certificate types
* (http://www.mozilla.org/projects/security/pki/nss/tech-notes/tn3.html)
*/
#define NS_CERT_TYPE_SSL_CLIENT (0x80) /* bit 0 */
#define NS_CERT_TYPE_SSL_SERVER (0x40) /* bit 1 */
#define NS_CERT_TYPE_EMAIL (0x20) /* bit 2 */
#define NS_CERT_TYPE_OBJECT_SIGNING (0x10) /* bit 3 */
#define NS_CERT_TYPE_RESERVED (0x08) /* bit 4 */
#define NS_CERT_TYPE_SSL_CA (0x04) /* bit 5 */
#define NS_CERT_TYPE_EMAIL_CA (0x02) /* bit 6 */
#define NS_CERT_TYPE_OBJECT_SIGNING_CA (0x01) /* bit 7 */
#define EXT_AUTHORITY_KEY_IDENTIFIER (1 << 0)
#define EXT_SUBJECT_KEY_IDENTIFIER (1 << 1)
#define EXT_KEY_USAGE (1 << 2)
#define EXT_CERTIFICATE_POLICIES (1 << 3)
#define EXT_POLICY_MAPPINGS (1 << 4)
#define EXT_SUBJECT_ALT_NAME (1 << 5)
#define EXT_ISSUER_ALT_NAME (1 << 6)
#define EXT_SUBJECT_DIRECTORY_ATTRS (1 << 7)
#define EXT_BASIC_CONSTRAINTS (1 << 8)
#define EXT_NAME_CONSTRAINTS (1 << 9)
#define EXT_POLICY_CONSTRAINTS (1 << 10)
#define EXT_EXTENDED_KEY_USAGE (1 << 11)
#define EXT_CRL_DISTRIBUTION_POINTS (1 << 12)
#define EXT_INIHIBIT_ANYPOLICY (1 << 13)
#define EXT_FRESHEST_CRL (1 << 14)
#define EXT_NS_CERT_TYPE (1 << 16)
/**
* \addtogroup x509_module
* \{ */
/**
* \name Structures for parsing X.509 certificates and CRLs
* \{
*/
/**
* Type-length-value structure that allows for ASN1 using DER.
*/ */
typedef struct _x509_buf typedef struct _x509_buf
{ {
int tag; int tag; /**< ASN1 type, e.g. ASN1_UTF8_STRING. */
int len; size_t len; /**< ASN1 length, e.g. in octets. */
unsigned char *p; unsigned char *p; /**< ASN1 data, e.g. in ASCII. */
} }
x509_buf; x509_buf;
/**
* Container for ASN1 bit strings.
*/
typedef struct _x509_bitstring
{
size_t len; /**< ASN1 length, e.g. in octets. */
unsigned char unused_bits; /**< Number of unused bits at the end of th
e string */
unsigned char *p; /**< Raw ASN1 data for the bit string */
}
x509_bitstring;
/**
* Container for ASN1 named information objects.
* It allows for Relative Distinguished Names (e.g. cn=polarssl,ou=code,etc
.).
*/
typedef struct _x509_name typedef struct _x509_name
{ {
x509_buf oid; x509_buf oid; /**< The object identifier. */
x509_buf val; x509_buf val; /**< The named value. */
struct _x509_name *next; struct _x509_name *next; /**< The next named information object. */
} }
x509_name; x509_name;
/**
* Container for a sequence of ASN.1 items
*/
typedef struct _x509_sequence
{
x509_buf buf; /**< Buffer containing the given ASN.1
item. */
struct _x509_sequence *next; /**< The next entry in the sequence. */
}
x509_sequence;
/** Container for date and time (precision in seconds). */
typedef struct _x509_time typedef struct _x509_time
{ {
int year, mon, day; int year, mon, day; /**< Date. */
int hour, min, sec; int hour, min, sec; /**< Time. */
} }
x509_time; x509_time;
/**
* Container for an X.509 certificate. The certificate may be chained.
*/
typedef struct _x509_cert typedef struct _x509_cert
{ {
x509_buf raw; x509_buf raw; /**< The raw certificate data (DER). */
x509_buf tbs; x509_buf tbs; /**< The raw certificate body (DER). The pa
rt that is To Be Signed. */
int version; int version; /**< The X.509 version. (0=v1, 1=v2, 2=v3)
x509_buf serial; */
x509_buf sig_oid1; x509_buf serial; /**< Unique id for certificate issued by a
specific CA. */
x509_buf sig_oid1; /**< Signature algorithm, e.g. sha1RSA */
x509_buf issuer_raw; x509_buf issuer_raw; /**< The raw issuer data (DER). Used for qu
x509_buf subject_raw; ick comparison. */
x509_buf subject_raw; /**< The raw subject data (DER). Used for q
uick comparison. */
x509_name issuer; x509_name issuer; /**< The parsed issuer data (named informat
x509_name subject; ion object). */
x509_name subject; /**< The parsed subject data (named informa
tion object). */
x509_time valid_from; x509_time valid_from; /**< Start time of certificate validity. */
x509_time valid_to; x509_time valid_to; /**< End time of certificate validity. */
x509_buf pk_oid; x509_buf pk_oid; /**< Subject public key info. Includes the
rsa_context rsa; public key algorithm and the key itself. */
rsa_context rsa; /**< Container for the RSA context. Only RS
A is supported for public keys at this time. */
x509_buf issuer_id; x509_buf issuer_id; /**< Optional X.509 v2/v3 issuer unique ide
x509_buf subject_id; ntifier. */
x509_buf v3_ext; x509_buf subject_id; /**< Optional X.509 v2/v3 subject unique id
entifier. */
x509_buf v3_ext; /**< Optional X.509 v3 extensions. Only Bas
ic Contraints are supported at this time. */
int ca_istrue; int ext_types; /**< Bit string containing detected and par
int max_pathlen; sed extensions */
int ca_istrue; /**< Optional Basic Constraint extension va
lue: 1 if this certificate belongs to a CA, 0 otherwise. */
int max_pathlen; /**< Optional Basic Constraint extension va
lue: The maximum path length to the root certificate. */
x509_buf sig_oid2; unsigned char key_usage; /**< Optional key usage extension value: Se
x509_buf sig; e the values below */
int sig_alg;
struct _x509_cert *next; x509_sequence ext_key_usage; /**< Optional list of extended key usage O
IDs. */
unsigned char ns_cert_type; /**< Optional Netscape certificate type ext
ension value: See the values below */
x509_buf sig_oid2; /**< Signature algorithm. Must match sig_oi
d1. */
x509_buf sig; /**< Signature: hash of the tbs part signed
with the private key. */
int sig_alg; /**< Internal representation of the signatu
re algorithm, e.g. SIG_RSA_MD2 */
struct _x509_cert *next; /**< Next certificate in the CA-chain. */
} }
x509_cert; x509_cert;
/**
* Certificate revocation list entry.
* Contains the CA-specific serial numbers and revocation dates.
*/
typedef struct _x509_crl_entry typedef struct _x509_crl_entry
{ {
x509_buf raw; x509_buf raw;
x509_buf serial; x509_buf serial;
x509_time revocation_date; x509_time revocation_date;
x509_buf entry_ext; x509_buf entry_ext;
struct _x509_crl_entry *next; struct _x509_crl_entry *next;
} }
x509_crl_entry; x509_crl_entry;
/**
* Certificate revocation list structure.
* Every CRL may have multiple entries.
*/
typedef struct _x509_crl typedef struct _x509_crl
{ {
x509_buf raw; x509_buf raw; /**< The raw certificate data (DER). */
x509_buf tbs; x509_buf tbs; /**< The raw certificate body (DER). The part t
hat is To Be Signed. */
int version; int version;
x509_buf sig_oid1; x509_buf sig_oid1;
x509_buf issuer_raw; x509_buf issuer_raw; /**< The raw issuer data (DER). */
x509_name issuer; x509_name issuer; /**< The parsed issuer data (named information object). */
x509_time this_update; x509_time this_update;
x509_time next_update; x509_time next_update;
x509_crl_entry entry; x509_crl_entry entry; /**< The CRL entries containing the certificate revocation times for this CA. */
x509_buf crl_ext; x509_buf crl_ext;
x509_buf sig_oid2; x509_buf sig_oid2;
x509_buf sig; x509_buf sig;
int sig_alg; int sig_alg;
struct _x509_crl *next; struct _x509_crl *next;
} }
x509_crl; x509_crl;
/** \} name Structures for parsing X.509 certificates and CRLs */
/** \} addtogroup x509_module */
/* /**
* Structures for writing X.509 certificates * \name Structures for writing X.509 certificates.
* XvP: commented out as they are not used.
* - <tt>typedef struct _x509_node x509_node;</tt>
* - <tt>typedef struct _x509_raw x509_raw;</tt>
*/ */
/*
typedef struct _x509_node typedef struct _x509_node
{ {
unsigned char *data; unsigned char *data;
unsigned char *p; unsigned char *p;
unsigned char *end; unsigned char *end;
size_t len; size_t len;
} }
x509_node; x509_node;
skipping to change at line 262 skipping to change at line 462
x509_node tbs_signalg; x509_node tbs_signalg;
x509_node issuer; x509_node issuer;
x509_node validity; x509_node validity;
x509_node subject; x509_node subject;
x509_node subpubkey; x509_node subpubkey;
x509_node signalg; x509_node signalg;
x509_node sign; x509_node sign;
} }
x509_raw; x509_raw;
*/
#ifdef __cplusplus #ifdef __cplusplus
extern "C" { extern "C" {
#endif #endif
/** /**
* \name Functions to read in DHM parameters, a certificate, CRL or private
RSA key
* \{
*/
/** \ingroup x509_module */
/**
* \brief Parse one or more certificates and add them * \brief Parse one or more certificates and add them
* to the chained list * to the chained list
* *
* \param chain points to the start of the chain * \param chain points to the start of the chain
* \param buf buffer holding the certificate data * \param buf buffer holding the certificate data
* \param buflen size of the buffer * \param buflen size of the buffer
* *
* \return 0 if successful, or a specific X509 error code * \return 0 if successful, or a specific X509 or PEM error code
*/ */
int x509parse_crt( x509_cert *chain, const unsigned char *buf, int buflen ) ; int x509parse_crt( x509_cert *chain, const unsigned char *buf, size_t bufle n );
/** \ingroup x509_module */
/** /**
* \brief Load one or more certificates and add them * \brief Load one or more certificates and add them
* to the chained list * to the chained list
* *
* \param chain points to the start of the chain * \param chain points to the start of the chain
* \param path filename to read the certificates from * \param path filename to read the certificates from
* *
* \return 0 if successful, or a specific X509 error code * \return 0 if successful, or a specific X509 or PEM error code
*/ */
int x509parse_crtfile( x509_cert *chain, const char *path ); int x509parse_crtfile( x509_cert *chain, const char *path );
/** \ingroup x509_module */
/** /**
* \brief Parse one or more CRLs and add them * \brief Parse one or more CRLs and add them
* to the chained list * to the chained list
* *
* \param chain points to the start of the chain * \param chain points to the start of the chain
* \param buf buffer holding the CRL data * \param buf buffer holding the CRL data
* \param buflen size of the buffer * \param buflen size of the buffer
* *
* \return 0 if successful, or a specific X509 error code * \return 0 if successful, or a specific X509 or PEM error code
*/ */
int x509parse_crl( x509_crl *chain, const unsigned char *buf, int buflen ); int x509parse_crl( x509_crl *chain, const unsigned char *buf, size_t buflen );
/** \ingroup x509_module */
/** /**
* \brief Load one or more CRLs and add them * \brief Load one or more CRLs and add them
* to the chained list * to the chained list
* *
* \param chain points to the start of the chain * \param chain points to the start of the chain
* \param path filename to read the CRLs from * \param path filename to read the CRLs from
* *
* \return 0 if successful, or a specific X509 error code * \return 0 if successful, or a specific X509 or PEM error code
*/ */
int x509parse_crlfile( x509_crl *chain, const char *path ); int x509parse_crlfile( x509_crl *chain, const char *path );
/** \ingroup x509_module */
/** /**
* \brief Parse a private RSA key * \brief Parse a private RSA key
* *
* \param rsa RSA context to be initialized * \param rsa RSA context to be initialized
* \param key input buffer * \param key input buffer
* \param keylen size of the buffer * \param keylen size of the buffer
* \param pwd password for decryption (optional) * \param pwd password for decryption (optional)
* \param pwdlen size of the password * \param pwdlen size of the password
* *
* \return 0 if successful, or a specific X509 error code * \return 0 if successful, or a specific X509 or PEM error code
*/ */
int x509parse_key( rsa_context *rsa, int x509parse_key( rsa_context *rsa,
const unsigned char *key, int keylen, const unsigned char *key, size_t keylen,
const unsigned char *pwd, int pwdlen ); const unsigned char *pwd, size_t pwdlen );
/** \ingroup x509_module */
/** /**
* \brief Load and parse a private RSA key * \brief Load and parse a private RSA key
* *
* \param rsa RSA context to be initialized * \param rsa RSA context to be initialized
* \param path filename to read the private key from * \param path filename to read the private key from
* \param pwd password to decrypt the file (can be NULL) * \param password password to decrypt the file (can be NULL)
* *
* \return 0 if successful, or a specific X509 error code * \return 0 if successful, or a specific X509 or PEM error code
*/ */
int x509parse_keyfile( rsa_context *rsa, const char *path, int x509parse_keyfile( rsa_context *rsa, const char *path,
const char *password ); const char *password );
/** \ingroup x509_module */
/**
* \brief Parse a public RSA key
*
* \param rsa RSA context to be initialized
* \param key input buffer
* \param keylen size of the buffer
*
* \return 0 if successful, or a specific X509 or PEM error code
*/
int x509parse_public_key( rsa_context *rsa,
const unsigned char *key, size_t keylen );
/** \ingroup x509_module */
/**
* \brief Load and parse a public RSA key
*
* \param rsa RSA context to be initialized
* \param path filename to read the private key from
*
* \return 0 if successful, or a specific X509 or PEM error code
*/
int x509parse_public_keyfile( rsa_context *rsa, const char *path );
/** \ingroup x509_module */
/**
* \brief Parse DHM parameters
*
* \param dhm DHM context to be initialized
* \param dhmin input buffer
* \param dhminlen size of the buffer
*
* \return 0 if successful, or a specific X509 or PEM error code
*/
int x509parse_dhm( dhm_context *dhm, const unsigned char *dhmin, size_t dhm
inlen );
/** \ingroup x509_module */
/**
* \brief Load and parse DHM parameters
*
* \param dhm DHM context to be initialized
* \param path filename to read the DHM Parameters from
*
* \return 0 if successful, or a specific X509 or PEM error code
*/
int x509parse_dhmfile( dhm_context *dhm, const char *path );
/** \} name Functions to read in DHM parameters, a certificate, CRL or priv
ate RSA key */
/** /**
* \brief Store the certificate DN in printable form into buf; * \brief Store the certificate DN in printable form into buf;
* no more than size characters will be written. * no more than size characters will be written.
* *
* \param buf Buffer to write to * \param buf Buffer to write to
* \param size Maximum size of buffer * \param size Maximum size of buffer
* \param dn The X509 name to represent * \param dn The X509 name to represent
* *
* \return The amount of data written to the buffer, or -1 in * \return The amount of data written to the buffer, or -1 in
* case of an error. * case of an error.
*/ */
int x509parse_dn_gets( char *buf, size_t size, const x509_name *dn ); int x509parse_dn_gets( char *buf, size_t size, const x509_name *dn );
/** /**
* \brief Store the certificate serial in printable form into buf;
* no more than size characters will be written.
*
* \param buf Buffer to write to
* \param size Maximum size of buffer
* \param serial The X509 serial to represent
*
* \return The amount of data written to the buffer, or -1 in
* case of an error.
*/
int x509parse_serial_gets( char *buf, size_t size, const x509_buf *serial )
;
/**
* \brief Returns an informational string about the * \brief Returns an informational string about the
* certificate. * certificate.
* *
* \param buf Buffer to write to * \param buf Buffer to write to
* \param size Maximum size of buffer * \param size Maximum size of buffer
* \param prefix A line prefix * \param prefix A line prefix
* \param crt The X509 certificate to represent * \param crt The X509 certificate to represent
* *
* \return The amount of data written to the buffer, or -1 in * \return The amount of data written to the buffer, or -1 in
* case of an error. * case of an error.
skipping to change at line 375 skipping to change at line 649
int x509parse_cert_info( char *buf, size_t size, const char *prefix, int x509parse_cert_info( char *buf, size_t size, const char *prefix,
const x509_cert *crt ); const x509_cert *crt );
/** /**
* \brief Returns an informational string about the * \brief Returns an informational string about the
* CRL. * CRL.
* *
* \param buf Buffer to write to * \param buf Buffer to write to
* \param size Maximum size of buffer * \param size Maximum size of buffer
* \param prefix A line prefix * \param prefix A line prefix
* \param crt The X509 CRL to represent * \param crl The X509 CRL to represent
* *
* \return The amount of data written to the buffer, or -1 in * \return The amount of data written to the buffer, or -1 in
* case of an error. * case of an error.
*/ */
int x509parse_crl_info( char *buf, size_t size, const char *prefix, int x509parse_crl_info( char *buf, size_t size, const char *prefix,
const x509_crl *crl ); const x509_crl *crl );
/** /**
* \brief Give an known OID, return its descriptive string.
*
* \param oid buffer containing the oid
*
* \return Return a string if the OID is known,
* or NULL otherwise.
*/
const char *x509_oid_get_description( x509_buf *oid );
/*
* \brief Give an OID, return a string version of its OID number.
*
* \param buf Buffer to write to
* \param size Maximum size of buffer
* \param oid Buffer containing the OID
*
* \return The amount of data written to the buffer, or -1 in
* case of an error.
*/
int x509_oid_get_numeric_string( char *buf, size_t size, x509_buf *oid );
/**
* \brief Check a given x509_time against the system time and chec k * \brief Check a given x509_time against the system time and chec k
* if it is valid. * if it is valid.
* *
* \param time x509_time to check * \param time x509_time to check
* *
* \return Return 0 if the x509_time is still valid, * \return Return 0 if the x509_time is still valid,
* or 1 otherwise. * or 1 otherwise.
*/ */
int x509parse_time_expired( const x509_time *time ); int x509parse_time_expired( const x509_time *time );
/** /**
* \name Functions to verify a certificate
* \{
*/
/** \ingroup x509_module */
/**
* \brief Verify the certificate signature * \brief Verify the certificate signature
* *
* \param crt a certificate to be verified * \param crt a certificate to be verified
* \param trust_ca the trusted CA chain * \param trust_ca the trusted CA chain
* \param ca_crl the CRL chain for trusted CA's * \param ca_crl the CRL chain for trusted CA's
* \param cn expected Common Name (can be set to * \param cn expected Common Name (can be set to
* NULL if the CN must not be verified) * NULL if the CN must not be verified)
* \param flags result of the verification * \param flags result of the verification
* \param f_vrfy verification function
* \param p_vrfy verification parameter
* *
* \return 0 if successful or POLARSSL_ERR_X509_SIG_VERIFY_FAILED, * \return 0 if successful or POLARSSL_ERR_X509_SIG_VERIFY_FAILED,
* in which case *flags will have one or more of * in which case *flags will have one or more of
* the following values set: * the following values set:
* BADCERT_EXPIRED -- * BADCERT_EXPIRED --
* BADCERT_REVOKED -- * BADCERT_REVOKED --
* BADCERT_CN_MISMATCH -- * BADCERT_CN_MISMATCH --
* BADCERT_NOT_TRUSTED * BADCERT_NOT_TRUSTED
* *
* \note TODO: add two arguments, depth and crl * \note TODO: add two arguments, depth and crl
*/ */
int x509parse_verify( x509_cert *crt, int x509parse_verify( x509_cert *crt,
x509_cert *trust_ca, x509_cert *trust_ca,
x509_crl *ca_crl, x509_crl *ca_crl,
const char *cn, int *flags ); const char *cn, int *flags,
int (*f_vrfy)(void *, x509_cert *, int, int),
void *p_vrfy );
/**
* \brief Verify the certificate signature
*
* \param crt a certificate to be verified
* \param crl the CRL to verify against
*
* \return 1 if the certificate is revoked, 0 otherwise
*
*/
int x509parse_revoked( const x509_cert *crt, const x509_crl *crl );
/** \} name Functions to verify a certificate */
/**
* \name Functions to clear a certificate, CRL or private RSA key
* \{
*/
/** \ingroup x509_module */
/** /**
* \brief Unallocate all certificate data * \brief Unallocate all certificate data
* *
* \param crt Certificate chain to free * \param crt Certificate chain to free
*/ */
void x509_free( x509_cert *crt ); void x509_free( x509_cert *crt );
/** \ingroup x509_module */
/** /**
* \brief Unallocate all CRL data * \brief Unallocate all CRL data
* *
* \param crt CRL chain to free * \param crl CRL chain to free
*/ */
void x509_crl_free( x509_crl *crl ); void x509_crl_free( x509_crl *crl );
/** \} name Functions to clear a certificate, CRL or private RSA key */
/** /**
* \brief Checkup routine * \brief Checkup routine
* *
* \return 0 if successful, or 1 if the test failed * \return 0 if successful, or 1 if the test failed
*/ */
int x509_self_test( int verbose ); int x509_self_test( int verbose );
#ifdef __cplusplus #ifdef __cplusplus
} }
#endif #endif
 End of changes. 66 change blocks. 
105 lines changed or deleted 519 lines changed or added


 xtea.h   xtea.h 
/** /**
* \file xtea.h * \file xtea.h
* *
* \brief XTEA block cipher (32-bit)
*
* Copyright (C) 2006-2010, Brainspark B.V. * Copyright (C) 2006-2010, Brainspark B.V.
* *
* This file is part of PolarSSL (http://www.polarssl.org) * This file is part of PolarSSL (http://www.polarssl.org)
* Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org> * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
* *
* All rights reserved. * All rights reserved.
* *
* This program is free software; you can redistribute it and/or modify * This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by * it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or * the Free Software Foundation; either version 2 of the License, or
skipping to change at line 28 skipping to change at line 30
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details. * GNU General Public License for more details.
* *
* You should have received a copy of the GNU General Public License along * You should have received a copy of the GNU General Public License along
* with this program; if not, write to the Free Software Foundation, Inc., * with this program; if not, write to the Free Software Foundation, Inc.,
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*/ */
#ifndef POLARSSL_XTEA_H #ifndef POLARSSL_XTEA_H
#define POLARSSL_XTEA_H #define POLARSSL_XTEA_H
#include <string.h>
#ifdef _MSC_VER #ifdef _MSC_VER
#include <basetsd.h> #include <basetsd.h>
typedef UINT32 uint32_t; typedef UINT32 uint32_t;
#else #else
#include <inttypes.h> #include <inttypes.h>
#endif #endif
#define XTEA_ENCRYPT 1 #define XTEA_ENCRYPT 1
#define XTEA_DECRYPT 0 #define XTEA_DECRYPT 0
#define POLARSSL_ERR_XTEA_INVALID_INPUT_LENGTH -0x0028 /**< Th
e data input has an invalid length. */
/** /**
* \brief XTEA context structure * \brief XTEA context structure
*/ */
typedef struct typedef struct
{ {
uint32_t k[4]; /*!< key */ uint32_t k[4]; /*!< key */
} }
xtea_context; xtea_context;
#ifdef __cplusplus #ifdef __cplusplus
skipping to change at line 70 skipping to change at line 76
* \brief XTEA cipher function * \brief XTEA cipher function
* *
* \param ctx XTEA context * \param ctx XTEA context
* \param mode XTEA_ENCRYPT or XTEA_DECRYPT * \param mode XTEA_ENCRYPT or XTEA_DECRYPT
* \param input 8-byte input block * \param input 8-byte input block
* \param output 8-byte output block * \param output 8-byte output block
* *
* \return 0 if successful * \return 0 if successful
*/ */
int xtea_crypt_ecb( xtea_context *ctx, int xtea_crypt_ecb( xtea_context *ctx,
int mode, int mode,
unsigned char input[8], unsigned char input[8],
unsigned char output[8] ); unsigned char output[8] );
/**
* \brief XTEA CBC cipher function
*
* \param ctx XTEA context
* \param mode XTEA_ENCRYPT or XTEA_DECRYPT
* \param length the length of input, multiple of 8
* \param iv initialization vector for CBC mode
* \param input input block
* \param output output block
*
* \return 0 if successful,
* POLARSSL_ERR_XTEA_INVALID_INPUT_LENGTH if the length % 8
!= 0
*/
int xtea_crypt_cbc( xtea_context *ctx,
int mode,
size_t length,
unsigned char iv[8],
unsigned char *input,
unsigned char *output);
/* /*
* \brief Checkup routine * \brief Checkup routine
* *
* \return 0 if successful, or 1 if the test failed * \return 0 if successful, or 1 if the test failed
*/ */
int xtea_self_test( int verbose ); int xtea_self_test( int verbose );
#ifdef __cplusplus #ifdef __cplusplus
} }
 End of changes. 4 change blocks. 
3 lines changed or deleted 31 lines changed or added

This html diff was produced by rfcdiff 1.41. The latest version is available from http://tools.ietf.org/tools/rfcdiff/