Commit 37ca75d6 authored by Paul Bakker's avatar Paul Bakker
Browse files

- Added Doxygen source code documentation parts (donated by Fox-IT)

parent b94081bf
......@@ -19,5 +19,5 @@ add_subdirectory(tests)
add_subdirectory(programs)
ADD_CUSTOM_TARGET(apidoc
COMMAND doxygen Doxyfile
COMMAND doxygen doxygen/polarssl.doxyfile
WORKING_DIRECTORY ${CMAKE_CURRENT_SOURCE_DIR})
PolarSSL ChangeLog
= Version Trunk
Features
* Added Doxygen source code documentation parts donated
by Fox-IT
= Version 0.14.0 released on 2010-08-16
Features
* Added support for SSL_EDH_RSA_AES_128_SHA and
......
PROJECT_NAME = PolarSSL
INPUT = include/polarssl
HTML_OUTPUT = apidoc
GENERATE_LATEX = NO
......@@ -32,3 +32,13 @@ clean:
check:
( cd tests && $(MAKE) check )
apidoc:
mkdir -p apidoc
doxygen doxygen/polarssl.doxyfile
apidoc_clean:
if [ -d apidoc ] ; \
then \
rm -rf apidoc ; \
fi
/**
* @file
* Encryption/decryption module documentation file.
*/
/**
* @addtogroup encdec_module Encryption/decryption module
*
* The Encryption/decryption module provides encryption/decryption functions.
* One can differtiate between symmetric and asymetric algorithms; the
* symmetric ones are mostly used for message confidentiality and the asymmetric
* ones for key exchange and message integrity.
* Some symmetric algorithms provide different block cipher modes, mainly
* Electronic Code Book (ECB) which is used for short (64-bit) messages and
* Cipher Block Chaining (CBC) which provides the randomness needed for longer
* messages.
* Sometimes the same functions are used for encryption and decryption.
* The following algorithms are provided:
* - Symmetric:
* - AES (see \c aes_crypt_ecb() and\c aes_crypt_cbc()).
* - ARCFOUR (see \c arc4_crypt()).
* - Camellia (see \c camellia_crypt_ecb() and\c camellia_crypt_cbc()).
* - DES/3DES (see \c des_crypt_ecb(),\c des_crypt_cbc(),\c des3_crypt_ecb()
* and\c des3_crypt_cbc()).
* - XTEA (see \c xtea_crypt_ecb()).
* - Asymmetric:
* - Diffie-Hellman-Merkle (see \c dhm_read_public(),\c dhm_make_public()
* and \c dhm_calc_secret()).
* - RSA (see \c rsa_public() and\c rsa_private()).
*
* This module provides encryption/decryption which can be used to provide
* secrecy.
* It also provides asymmetric key functions which can be used for
* confidentiality, integrity, authentication and non-repudiation.
*/
/**
* @file
* Hashing module documentation file.
*/
/**
* @addtogroup hashing_module Hashing module
*
* The Hashing module provides one-way hashing functions. Such functions can be
* used for creating a hash message authentication code (HMAC) when sending a
* message. Such a HMAC can be used in combination with a private key
* for authentication, which is a message integrity control.
* The following hashing-algorithms are provided:
* - MD2, MD4, MD5 128-bit one-way hash functions by Ron Rivest (see
* \c md2_hmac(),\c md4_hmac() and\c md5_hmac()).
* - SHA-1, SHA-256, SHA-384/512 160-bit or more one-way hash functions by
* NIST and NSA (see\c sha1_hmac(),\c sha2_hmac() and\c sha4_hmac()).
*
* This module provides one-way hashing which can be used for authentication.
*/
l/**
* @file
* Main page documentation file.
*/
/**
* @mainpage PolarSSL v0.14.0 source code documentation
*
* This documentation describes the internal structure of PolarSSL. It was
* automatically generated from specially formatted comment blocks in
* PolarSSL's source code using Doxygen. (See
* http://www.stack.nl/~dimitri/doxygen/ for more information on Doxygen)
*
* PolarSSL has a simple setup: it provides the ingredients for an SSL/TLS
* implementation. These ingredients are listed as modules in the
* \ref mainpage_modules "Modules section". This "Modules section" introduces
* the high-level module concepts used throughout this documentation.\n
* Some examples of PolarSSL usage can be found in the \ref mainpage_examples
* "Examples section".
*
*
* @section mainpage_modules Modules
*
* PolarSSL supports SSLv3 up to TLSv1.1 communication by providing the
* following:
* - TCP/IP communication functions: listen, connect, accept, read/write.
* - SSL/TLS communication functions: init, handshake, read/write.
* - X.509 functions: CRT, CRL and key handling
* - Random number generation
* - Hashing
* - Encryption/decryption
*
* Above functions are split up neatly into logical interfaces. These can be
* used separately to provide any of the above functions or to mix-and-match
* into an SSL server/client solution that utilises a X.509 PKI. Examples of
* such implementations are amply provided with the source code. Note that
* there is also an OpenSSL wrapper provided.\n
* Note that PolarSSL does not provide a control channel or (multiple) session
* handling.
*
* @section mainpage_examples Examples
*
* Example server setup:
*
* \b Prerequisites:
* - X.509 certificate and private key
* - session handling functions
*
* \b Setup:
* - Load your certificate and your private RSA key (X.509 interface)
* - Setup the listening TCP socket (TCP/IP interface)
* - Accept incoming client connection (TCP/IP interface)
* - Initialise as an SSL-server (SSL/TLS interface)
* - Set parameters, e.g. authentication, ciphers, CA-chain, key exchange
* - Set callback functions RNG, IO, session handling
* - Perform an SSL-handshake (SSL/TLS interface)
* - Read/write data (SSL/TLS interface)
* - Close and cleanup (all interfaces)
*
*
* Example client setup:
*
* \b Prerequisites:
* - X.509 certificate and private key
* - X.509 trusted CA certificates
*
* \b Setup:
* - Load the trusted CA certificates (X.509 interface)
* - Load your certificate and your private RSA key (X.509 interface)
* - Setup a TCP/IP connection (TCP/IP interface)
* - Initialise as an SSL-client (SSL/TLS interface)
* - Set parameters, e.g. authentication mode, ciphers, CA-chain, session
* - Set callback functions RNG, IO
* - Perform an SSL-handshake (SSL/TLS interface)
* - Verify the server certificate (SSL/TLS interface)
* - Write/read data (SSL/TLS interface)
* - Close and cleanup (all interfaces)
*
*
*/
/**
* @file
* Random number generator (RNG) module documentation file.
*/
/**
* @addtogroup rng_module Random number generator (RNG) module
*
* The Random number generator (RNG) module provides random number
* generation, see \c havege_rand(). It uses the HAVEGE (HArdware Volatile
* Entropy Gathering and Expansion) software heuristic which is claimed
* to be an unpredictable or empirically strong* random number generation.
*
* \* Meaning that there seems to be no practical algorithm that can guess
* the next bit with a probability larger than 1/2 in an output sequence.
*
* This module can be used to generate random numbers.
*/
/**
* @file
* SSL/TLS communication module documentation file.
*/
/**
* @addtogroup ssltls_communication_module SSL/TLS communication module
*
* The SSL/TLS communication module provides the means to create an SSL/TLS
* communication channel.
* The basic provisions are:
* - initialise an SSL/TLS context (see \c ssl_init()).
* - perform an SSL/TLS handshake (see \c ssl_handshake()).
* - read/write (see \c ssl_read() and\c ssl_write()).
* - notify a peer that conection is being closed (see \c ssl_close_notify()).
*
*
* Many aspects of such a channel are set through parameters and callback
* functions:
* - the endpoint role: client or server.
* - the authentication mode. Should verification take place.
* - the Host-to-host communication channel. A TCP/IP module is provided.
* - the random number generator (RNG).
* - the ciphers to use for encryption/decryption.
* - session control functions.
* - X.509 parameters for certificate-handling and key exchange.
*
*
* This module can be used to create an SSL/TLS server and client and to provide a basic
* framework to setup and communicate through an SSL/TLS communication channel.\n
* Note that you need to provide for several aspects yourself as mentioned above.
*/
/**
* @file
* TCP/IP communication module documentation file.
*/
/**
* @addtogroup tcpip_communication_module TCP/IP communication module
*
* The TCP/IP communication module provides for a channel of
* communication for the \link ssltls_communication_module SSL/TLS communication
* module\endlink to use.
* In the TCP/IP-model it provides for communication up to the Transport
* (or Host-to-host) layer.
* SSL/TLS resides on top of that, in the Application layer, and makes use of
* its basic provisions:
* - listening on a port (see \c net_bind()).
* - accepting a connection (through \c net_accept()).
* - read/write (through \c net_recv/\c net_send()).
* - close a connection (through \c net_close()).
*
* This way you have the means to, for example, implement and use an UDP or
* IPSec communication solution as a basis.
*
* This module can be used at server- and clientside to provide a basic
* means of communication over the internet.
*/
/**
* @file
* X.509 module documentation file.
*/
/**
* @addtogroup x509_module X.509 module
*
* The X.509 module provides X.509 support which includes:
* - X.509 certificate (CRT) reading (see \c x509parse_crt() and
* \c x509parse_crtfile()).
* - X.509 certificate revocation list (CRL) reading (see \c x509parse_crl()
* and\c x509parse_crlfile()).
* - X.509 (RSA) private key reading (see \c x509parse_key() and
* \c x509parse_keyfile()).
* - X.509 certificate signature verification (see \c x509parse_verify())
*
* This module can be used to build a certificate authority (CA) chain and
* verify its signature. It is also used to get a (RSA) private key for signing
* and decryption.
*/
This diff is collapsed.
/**
* \file aes.h
*
* \brief AES block cipher encryption
*
* Copyright (C) 2006-2010, Brainspark B.V.
*
* This file is part of PolarSSL (http://www.polarssl.org)
......
/**
* \file arc4.h
*
* \brief The ARCFOUR stream cipher
*
* Copyright (C) 2006-2010, Brainspark B.V.
*
* This file is part of PolarSSL (http://www.polarssl.org)
......
/**
* \file base64.h
*
* \brief RFC 1521 base64 encoding/decoding
*
* Copyright (C) 2006-2010, Brainspark B.V.
*
* This file is part of PolarSSL (http://www.polarssl.org)
......
/**
* \file bignum.h
*
* \brief Multi-precision integer library
*
* Copyright (C) 2006-2010, Brainspark B.V.
*
* This file is part of PolarSSL (http://www.polarssl.org)
......
/**
* \file bn_mul.h
*
* \brief Multi-precision integer library
*
* Copyright (C) 2006-2010, Brainspark B.V.
*
* This file is part of PolarSSL (http://www.polarssl.org)
......
/**
* \file camellia.h
*
* \brief Camellia block cipher
*
* Copyright (C) 2006-2010, Brainspark B.V.
*
* This file is part of PolarSSL (http://www.polarssl.org)
......
/**
* \file certs.h
*
* \brief Camellia block cipher
*
* Copyright (C) 2006-2010, Brainspark B.V.
*
* This file is part of PolarSSL (http://www.polarssl.org)
......
/**
* \file config.h
*
* \brief Configuration options (set of defines)
*
* Copyright (C) 2006-2010, Brainspark B.V.
*
* This file is part of PolarSSL (http://www.polarssl.org)
......
/**
* \file debug.h
*
* \brief Debug functions
*
* Copyright (C) 2006-2010, Brainspark B.V.
*
* This file is part of PolarSSL (http://www.polarssl.org)
......
/**
* \file des.h
*
* \brief Debug functions
*
* Copyright (C) 2006-2010, Brainspark B.V.
*
* This file is part of PolarSSL (http://www.polarssl.org)
......
/**
* \file dhm.h
*
* \brief Diffie-Hellman-Merkle key exchange
*
* Copyright (C) 2006-2010, Brainspark B.V.
*
* This file is part of PolarSSL (http://www.polarssl.org)
......@@ -108,7 +110,7 @@ int dhm_read_public( dhm_context *ctx,
*
* \return 0 if successful, or an POLARSSL_ERR_DHM_XXX error code
*/
int dhm_make_public( dhm_context *ctx, int s_size,
int dhm_make_public( dhm_context *ctx, int x_size,
unsigned char *output, int olen,
int (*f_rng)(void *), void *p_rng );
......
/**
* \file havege.h
*
* \brief Diffie-Hellman-Merkle key exchange
*
* Copyright (C) 2006-2010, Brainspark B.V.
*
* This file is part of PolarSSL (http://www.polarssl.org)
......
/**
* \file md2.h
*
* \brief MD2 message digest algorithm (hash function)
*
* Copyright (C) 2006-2010, Brainspark B.V.
*
* This file is part of PolarSSL (http://www.polarssl.org)
......
/**
* \file md4.h
*
* \brief MD4 message digest algorithm (hash function)
*
* Copyright (C) 2006-2010, Brainspark B.V.
*
* This file is part of PolarSSL (http://www.polarssl.org)
......
/**
* \file md5.h
*
* \brief MD5 message digest algorithm (hash function)
*
* Copyright (C) 2006-2010, Brainspark B.V.
*
* This file is part of PolarSSL (http://www.polarssl.org)
......
/**
* \file net.h
*
* \brief MD5 message digest algorithm (hash function)
*
* Copyright (C) 2006-2010, Brainspark B.V.
*
* This file is part of PolarSSL (http://www.polarssl.org)
......
/**
* \file openssl.h
*
* \brief OpenSSL wrapper (definitions, inline functions).
*
* Copyright (C) 2006-2010, Brainspark B.V.
*
* This file is part of PolarSSL (http://www.polarssl.org)
......
/**
* \file padlock.h
*
* \brief VIA PadLock ACE for HW encryption/decryption supported by some processors
*
* Copyright (C) 2006-2010, Brainspark B.V.
*
* This file is part of PolarSSL (http://www.polarssl.org)
......
/**
* \file rsa.h
*
* \brief The RSA public-key cryptosystem
*
* Copyright (C) 2006-2010, Brainspark B.V.
*
* This file is part of PolarSSL (http://www.polarssl.org)
......
/**
* \file sha1.h
*
* \brief SHA-1 cryptographic hash function
*
* Copyright (C) 2006-2010, Brainspark B.V.
*
* This file is part of PolarSSL (http://www.polarssl.org)
......
/**
* \file sha2.h
*
* \brief SHA-256 cryptographic hash function
*
* Copyright (C) 2006-2010, Brainspark B.V.
*
* This file is part of PolarSSL (http://www.polarssl.org)
......
/**
* \file sha4.h
*
* \brief SHA-384/512 cryptographic hash function
*
* Copyright (C) 2006-2010, Brainspark B.V.
*
* This file is part of PolarSSL (http://www.polarssl.org)
......
/**
* \file ssl.h
*
* \brief SSL/TLS functions.
*
* Copyright (C) 2006-2010, Brainspark B.V.
*
* This file is part of PolarSSL (http://www.polarssl.org)
......@@ -336,7 +338,7 @@ void ssl_set_endpoint( ssl_context *ssl, int endpoint );
* \brief Set the certificate verification mode
*
* \param ssl SSL context
* \param mode can be:
* \param authmode can be:
*
* SSL_VERIFY_NONE: peer certificate is not checked (default),
* this is insecure and SHOULD be avoided.
......
/**
* \file timing.h
*
* \brief Portable interface to the CPU cycle counter
*
* Copyright (C) 2006-2010, Brainspark B.V.
*
* This file is part of PolarSSL (http://www.polarssl.org)
......@@ -62,7 +64,7 @@ void set_alarm( int seconds );
/**
* \brief Sleep for a certain amount of time
*
* \param Delay in milliseconds
* \param milliseconds delay in milliseconds
*/
void m_sleep( int milliseconds );
......
/**
* \file x509.h
*
* \brief X.509 certificate and private key decoding
*
* Copyright (C) 2006-2010, Brainspark B.V.
*
* This file is part of PolarSSL (http://www.polarssl.org)
......@@ -27,59 +29,80 @@
#include "polarssl/rsa.h"
/*
* ASN1 Error codes
*
* These error codes will be OR'ed to X509 error codes for
* higher error granularity.
/**
* @addtogroup x509_module
* @{
*/
#define POLARSSL_ERR_ASN1_OUT_OF_DATA 0x0014
#define POLARSSL_ERR_ASN1_UNEXPECTED_TAG 0x0016
#define POLARSSL_ERR_ASN1_INVALID_LENGTH 0x0018
#define POLARSSL_ERR_ASN1_LENGTH_MISMATCH 0x001A
#define POLARSSL_ERR_ASN1_INVALID_DATA 0x001C
/*
* X509 Error codes
/**
* @name ASN1 Error codes
* These error codes are OR'ed to X509 error codes for
* higher error granularity.
* ASN1 is a standard to specify data structures.
* @{
*/
#define POLARSSL_ERR_X509_FEATURE_UNAVAILABLE -0x0020
#define POLARSSL_ERR_X509_CERT_INVALID_PEM -0x0040
#define POLARSSL_ERR_X509_CERT_INVALID_FORMAT -0x0060
#define POLARSSL_ERR_X509_CERT_INVALID_VERSION -0x0080
#define POLARSSL_ERR_X509_CERT_INVALID_SERIAL -0x00A0
#define POLARSSL_ERR_X509_CERT_INVALID_ALG -0x00C0
#define POLARSSL_ERR_X509_CERT_INVALID_NAME -0x00E0
#define POLARSSL_ERR_X509_CERT_INVALID_DATE -0x0100
#define POLARSSL_ERR_X509_CERT_INVALID_PUBKEY -0x0120
#define POLARSSL_ERR_X509_CERT_INVALID_SIGNATURE -0x0140
#define POLARSSL_ERR_X509_CERT_INVALID_EXTENSIONS -0x0160
#define POLARSSL_ERR_X509_CERT_UNKNOWN_VERSION -0x0180
#define POLARSSL_ERR_X509_CERT_UNKNOWN_SIG_ALG -0x01A0
#define POLARSSL_ERR_X509_CERT_UNKNOWN_PK_ALG -0x01C0
#define POLARSSL_ERR_X509_CERT_SIG_MISMATCH -0x01E0
#define POLARSSL_ERR_X509_CERT_VERIFY_FAILED -0x0200
#define POLARSSL_ERR_X509_KEY_INVALID_PEM -0x0220
#define POLARSSL_ERR_X509_KEY_INVALID_VERSION -0x0240
#define POLARSSL_ERR_X509_KEY_INVALID_FORMAT -0x0260
#define POLARSSL_ERR_X509_KEY_INVALID_ENC_IV -0x0280
#define POLARSSL_ERR_X509_KEY_UNKNOWN_ENC_ALG -0x02A0
#define POLARSSL_ERR_X509_KEY_PASSWORD_REQUIRED -0x02C0
#define POLARSSL_ERR_X509_KEY_PASSWORD_MISMATCH -0x02E0
#define POLARSSL_ERR_X509_POINT_ERROR -0x0300
#define POLARSSL_ERR_X509_VALUE_TO_LENGTH -0x0320
#define POLARSSL_ERR_ASN1_OUT_OF_DATA 0x0014 /**< Out of data when parsing an ASN1 data structure. */
#define POLARSSL_ERR_ASN1_UNEXPECTED_TAG 0x0016 /**< ASN1 tag was of an unexpected value. */
#define POLARSSL_ERR_ASN1_INVALID_LENGTH 0x0018 /**< Error when trying to determine the length or invalid length. */
#define POLARSSL_ERR_ASN1_LENGTH_MISMATCH 0x001A /**< Actual length differs from expected length. */
#define POLARSSL_ERR_ASN1_INVALID_DATA 0x001C /**< Data is invalid. (not used) */
/* @} name */
/**
* @name X509 Error codes
* @{
*/
#define POLARSSL_ERR_X509_FEATURE_UNAVAILABLE -0x0020 /**< Unavailable feature, e.g. RSA hashing/encryption combination. */
#define POLARSSL_ERR_X509_CERT_INVALID_PEM -0x0040 /**< The PEM-encoded certificate contains invalid elements, e.g. invalid character. */
#define POLARSSL_ERR_X509_CERT_INVALID_FORMAT -0x0060 /**< The certificate format is invalid, e.g. different type expected. */
#define POLARSSL_ERR_X509_CERT_INVALID_VERSION -0x0080 /**< The certificate version element is invalid. */
#define POLARSSL_ERR_X509_CERT_INVALID_SERIAL -0x00A0 /**< The serial tag or value is invalid. */
#define POLARSSL_ERR_X509_CERT_INVALID_ALG -0x00C0 /**< The algorithm tag or value is invalid. */
#define POLARSSL_ERR_X509_CERT_INVALID_NAME -0x00E0 /**< The name tag or value is invalid. */
#define POLARSSL_ERR_X509_CERT_INVALID_DATE -0x0100 /**< The date tag or value is invalid. */
#define POLARSSL_ERR_X509_CERT_INVALID_PUBKEY -0x0120 /**< The pubkey tag or value is invalid (only RSA is supported). */
#define POLARSSL_ERR_X509_CERT_INVALID_SIGNATURE -0x0140 /**< The signature tag or value invalid. */
#define POLARSSL_ERR_X509_CERT_INVALID_EXTENSIONS -0x0160 /**< The extension tag or value is invalid. */
#define POLARSSL_ERR_X509_CERT_UNKNOWN_VERSION -0x0180 /**< Certificate or CRL has an unsupported version number. */
#define POLARSSL_ERR_X509_CERT_UNKNOWN_SIG_ALG -0x01A0 /**< Signature algorithm (oid) is unsupported. */
#define POLARSSL_ERR_X509_CERT_UNKNOWN_PK_ALG -0x01C0 /**< Public key algorithm is unsupported (only RSA is supported). */
#define POLARSSL_ERR_X509_CERT_SIG_MISMATCH -0x01E0 /**< Certificate signature algorithms do not match. (see \c ::x509_cert sig_oid) */
#define POLARSSL_ERR_X509_CERT_VERIFY_FAILED -0x0200 /**< Certificate verification failed, e.g. CRL, CA or signature check failed. */