Commit 4087c470 authored by Paul Bakker's avatar Paul Bakker

Added mechanism to provide alternative cipher / hash implementations

All symmetric cipher algorithms and hash algorithms now include support
for a POLARSSL_XXX_ALT flag that prevents the definition of the
algorithm context structure and all 'core' functions.
parent 9691bbe9
......@@ -5,11 +5,14 @@ Features
* Parsing of PKCS#8 encrypted private key files
* PKCS#12 PBE and derivation functions
Change
Changes
* HAVEGE random generator disabled by default
* Internally split up x509parse_key() into a (PEM) handler function
and specific DER parser functions for the PKCS#1 and unencrypted
PKCS#8 private key formats
* Added mechanism to provide alternative implementations for all
symmetric cipher and hash algorithms (e.g. POLARSSL_AES_ALT in
config.h)
Bugfix
* Secure renegotiation extension should only be sent in case client
......
......@@ -3,7 +3,7 @@
*
* \brief AES block cipher
*
* Copyright (C) 2006-2010, Brainspark B.V.
* Copyright (C) 2006-2013, Brainspark B.V.
*
* This file is part of PolarSSL (http://www.polarssl.org)
* Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
......@@ -27,6 +27,8 @@
#ifndef POLARSSL_AES_H
#define POLARSSL_AES_H
#include "config.h"
#include <string.h>
#ifdef _MSC_VER
......@@ -42,6 +44,10 @@ typedef UINT32 uint32_t;
#define POLARSSL_ERR_AES_INVALID_KEY_LENGTH -0x0020 /**< Invalid key length. */
#define POLARSSL_ERR_AES_INVALID_INPUT_LENGTH -0x0022 /**< Invalid data input length. */
#if !defined(POLARSSL_AES_ALT)
// Regular implementation
//
/**
* \brief AES context structure
*/
......@@ -169,6 +175,19 @@ int aes_crypt_ctr( aes_context *ctx,
unsigned char stream_block[16],
const unsigned char *input,
unsigned char *output );
#ifdef __cplusplus
}
#endif
#else /* POLARSSL_AES_ALT */
#include "aes_alt.h"
#endif /* POLARSSL_AES_ALT */
#ifdef __cplusplus
extern "C" {
#endif
/**
* \brief Checkup routine
*
......
......@@ -3,7 +3,7 @@
*
* \brief The ARCFOUR stream cipher
*
* Copyright (C) 2006-2010, Brainspark B.V.
* Copyright (C) 2006-2013, Brainspark B.V.
*
* This file is part of PolarSSL (http://www.polarssl.org)
* Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
......@@ -27,8 +27,14 @@
#ifndef POLARSSL_ARC4_H
#define POLARSSL_ARC4_H
#include "config.h"
#include <string.h>
#if !defined(POLARSSL_ARC4_ALT)
// Regular implementation
//
/**
* \brief ARC4 context structure
*/
......@@ -66,6 +72,18 @@ void arc4_setup( arc4_context *ctx, const unsigned char *key, unsigned int keyle
int arc4_crypt( arc4_context *ctx, size_t length, const unsigned char *input,
unsigned char *output );
#ifdef __cplusplus
}
#endif
#else /* POLARSSL_ARC4_ALT */
#include "arc4_alt.h"
#endif /* POLARSSL_ARC4_ALT */
#ifdef __cplusplus
extern "C" {
#endif
/**
* \brief Checkup routine
*
......
......@@ -3,7 +3,7 @@
*
* \brief Blowfish block cipher
*
* Copyright (C) 2012-2012, Brainspark B.V.
* Copyright (C) 2012-2013, Brainspark B.V.
*
* This file is part of PolarSSL (http://www.polarssl.org)
* Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
......@@ -27,6 +27,8 @@
#ifndef POLARSSL_BLOWFISH_H
#define POLARSSL_BLOWFISH_H
#include "config.h"
#include <string.h>
#ifdef _MSC_VER
......@@ -46,6 +48,10 @@ typedef UINT32 uint32_t;
#define POLARSSL_ERR_BLOWFISH_INVALID_KEY_LENGTH -0x0016 /**< Invalid key length. */
#define POLARSSL_ERR_BLOWFISH_INVALID_INPUT_LENGTH -0x0018 /**< Invalid data input length. */
#if !defined(POLARSSL_BLOWFISH_ALT)
// Regular implementation
//
/**
* \brief Blowfish context structure
*/
......@@ -158,4 +164,8 @@ int blowfish_crypt_ctr( blowfish_context *ctx,
}
#endif
#else /* POLARSSL_BLOWFISH_ALT */
#include "blowfish_alt.h"
#endif /* POLARSSL_BLOWFISH_ALT */
#endif /* blowfish.h */
......@@ -3,7 +3,7 @@
*
* \brief Camellia block cipher
*
* Copyright (C) 2006-2010, Brainspark B.V.
* Copyright (C) 2006-2013, Brainspark B.V.
*
* This file is part of PolarSSL (http://www.polarssl.org)
* Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
......@@ -27,6 +27,8 @@
#ifndef POLARSSL_CAMELLIA_H
#define POLARSSL_CAMELLIA_H
#include "config.h"
#include <string.h>
#ifdef _MSC_VER
......@@ -42,6 +44,10 @@ typedef UINT32 uint32_t;
#define POLARSSL_ERR_CAMELLIA_INVALID_KEY_LENGTH -0x0024 /**< Invalid key length. */
#define POLARSSL_ERR_CAMELLIA_INVALID_INPUT_LENGTH -0x0026 /**< Invalid data input length. */
#if !defined(POLARSSL_CAMELLIA_ALT)
// Regular implementation
//
/**
* \brief CAMELLIA context structure
*/
......@@ -168,6 +174,18 @@ int camellia_crypt_ctr( camellia_context *ctx,
const unsigned char *input,
unsigned char *output );
#ifdef __cplusplus
}
#endif
#else /* POLARSSL_CAMELLIA_ALT */
#include "camellia_alt.h"
#endif /* POLARSSL_CAMELLIA_ALT */
#ifdef __cplusplus
extern "C" {
#endif
/**
* \brief Checkup routine
*
......
......@@ -104,6 +104,35 @@
* \{
*/
/**
* \def POLARSSL_XXX_ALT
*
* Uncomment a macro to let PolarSSL use your alternate core implementation of
* a symmetric or hash algorithm (e.g. platform specific assembly optimized
* implementations). Keep in mind that the function prototypes should remain
* the same.
*
* Example: In case you uncomment POLARSSL_AES_ALT, PolarSSL will no longer
* provide the "struct aes_context" definition and omit the base function
* declarations and implementations. "aes_alt.h" will be included from
* "aes.h" to include the new function definitions.
*
* Uncomment a macro to enable alternate implementation for core algorithm
* functions
#define POLARSSL_AES_ALT
#define POLARSSL_ARC4_ALT
#define POLARSSL_BLOWFISH_ALT
#define POLARSSL_CAMELLIA_ALT
#define POLARSSL_DES_ALT
#define POLARSSL_XTEA_ALT
#define POLARSSL_MD2_ALT
#define POLARSSL_MD4_ALT
#define POLARSSL_MD5_ALT
#define POLARSSL_SHA1_ALT
#define POLARSSL_SHA2_ALT
#define POLARSSL_SHA4_ALT
*/
/**
* \def POLARSSL_AES_ROM_TABLES
*
......
......@@ -3,7 +3,7 @@
*
* \brief DES block cipher
*
* Copyright (C) 2006-2010, Brainspark B.V.
* Copyright (C) 2006-2013, Brainspark B.V.
*
* This file is part of PolarSSL (http://www.polarssl.org)
* Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
......@@ -27,6 +27,8 @@
#ifndef POLARSSL_DES_H
#define POLARSSL_DES_H
#include "config.h"
#include <string.h>
#ifdef _MSC_VER
......@@ -43,6 +45,10 @@ typedef UINT32 uint32_t;
#define DES_KEY_SIZE 8
#if !defined(POLARSSL_DES_ALT)
// Regular implementation
//
/**
* \brief DES context structure
*/
......@@ -220,6 +226,18 @@ int des3_crypt_cbc( des3_context *ctx,
const unsigned char *input,
unsigned char *output );
#ifdef __cplusplus
}
#endif
#else /* POLARSSL_DES_ALT */
#include "des_alt.h"
#endif /* POLARSSL_DES_ALT */
#ifdef __cplusplus
extern "C" {
#endif
/**
* \brief Checkup routine
*
......
......@@ -3,7 +3,7 @@
*
* \brief MD2 message digest algorithm (hash function)
*
* Copyright (C) 2006-2010, Brainspark B.V.
* Copyright (C) 2006-2013, Brainspark B.V.
*
* This file is part of PolarSSL (http://www.polarssl.org)
* Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
......@@ -27,10 +27,16 @@
#ifndef POLARSSL_MD2_H
#define POLARSSL_MD2_H
#include "config.h"
#include <string.h>
#define POLARSSL_ERR_MD2_FILE_IO_ERROR -0x0070 /**< Read/write error in file. */
#if !defined(POLARSSL_MD2_ALT)
// Regular implementation
//
/**
* \brief MD2 context structure
*/
......@@ -74,6 +80,18 @@ void md2_update( md2_context *ctx, const unsigned char *input, size_t ilen );
*/
void md2_finish( md2_context *ctx, unsigned char output[16] );
#ifdef __cplusplus
}
#endif
#else /* POLARSSL_MD2_ALT */
#include "md2_alt.h"
#endif /* POLARSSL_MD2_ALT */
#ifdef __cplusplus
extern "C" {
#endif
/**
* \brief Output = MD2( input buffer )
*
......
......@@ -3,7 +3,7 @@
*
* \brief MD4 message digest algorithm (hash function)
*
* Copyright (C) 2006-2010, Brainspark B.V.
* Copyright (C) 2006-2013, Brainspark B.V.
*
* This file is part of PolarSSL (http://www.polarssl.org)
* Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
......@@ -27,6 +27,8 @@
#ifndef POLARSSL_MD4_H
#define POLARSSL_MD4_H
#include "config.h"
#include <string.h>
#ifdef _MSC_VER
......@@ -38,6 +40,10 @@ typedef UINT32 uint32_t;
#define POLARSSL_ERR_MD4_FILE_IO_ERROR -0x0072 /**< Read/write error in file. */
#if !defined(POLARSSL_MD4_ALT)
// Regular implementation
//
/**
* \brief MD4 context structure
*/
......@@ -80,6 +86,18 @@ void md4_update( md4_context *ctx, const unsigned char *input, size_t ilen );
*/
void md4_finish( md4_context *ctx, unsigned char output[16] );
#ifdef __cplusplus
}
#endif
#else /* POLARSSL_MD4_ALT */
#include "md4_alt.h"
#endif /* POLARSSL_MD4_ALT */
#ifdef __cplusplus
extern "C" {
#endif
/**
* \brief Output = MD4( input buffer )
*
......
......@@ -3,7 +3,7 @@
*
* \brief MD5 message digest algorithm (hash function)
*
* Copyright (C) 2006-2010, Brainspark B.V.
* Copyright (C) 2006-2013, Brainspark B.V.
*
* This file is part of PolarSSL (http://www.polarssl.org)
* Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
......@@ -27,6 +27,8 @@
#ifndef POLARSSL_MD5_H
#define POLARSSL_MD5_H
#include "config.h"
#include <string.h>
#ifdef _MSC_VER
......@@ -38,6 +40,10 @@ typedef UINT32 uint32_t;
#define POLARSSL_ERR_MD5_FILE_IO_ERROR -0x0074 /**< Read/write error in file. */
#if !defined(POLARSSL_MD5_ALT)
// Regular implementation
//
/**
* \brief MD5 context structure
*/
......@@ -80,6 +86,21 @@ void md5_update( md5_context *ctx, const unsigned char *input, size_t ilen );
*/
void md5_finish( md5_context *ctx, unsigned char output[16] );
/* Internal use */
void md5_process( md5_context *ctx, const unsigned char data[64] );
#ifdef __cplusplus
}
#endif
#else /* POLARSSL_MD5_ALT */
#include "md5_alt.h"
#endif /* POLARSSL_MD5_ALT */
#ifdef __cplusplus
extern "C" {
#endif
/**
* \brief Output = MD5( input buffer )
*
......@@ -154,9 +175,6 @@ void md5_hmac( const unsigned char *key, size_t keylen,
*/
int md5_self_test( int verbose );
/* Internal use */
void md5_process( md5_context *ctx, const unsigned char data[64] );
#ifdef __cplusplus
}
#endif
......
......@@ -3,7 +3,7 @@
*
* \brief SHA-1 cryptographic hash function
*
* Copyright (C) 2006-2010, Brainspark B.V.
* Copyright (C) 2006-2013, Brainspark B.V.
*
* This file is part of PolarSSL (http://www.polarssl.org)
* Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
......@@ -27,6 +27,8 @@
#ifndef POLARSSL_SHA1_H
#define POLARSSL_SHA1_H
#include "config.h"
#include <string.h>
#ifdef _MSC_VER
......@@ -38,6 +40,10 @@ typedef UINT32 uint32_t;
#define POLARSSL_ERR_SHA1_FILE_IO_ERROR -0x0076 /**< Read/write error in file. */
#if !defined(POLARSSL_SHA1_ALT)
// Regular implementation
//
/**
* \brief SHA-1 context structure
*/
......@@ -80,6 +86,21 @@ void sha1_update( sha1_context *ctx, const unsigned char *input, size_t ilen );
*/
void sha1_finish( sha1_context *ctx, unsigned char output[20] );
/* Internal use */
void sha1_process( sha1_context *ctx, const unsigned char data[64] );
#ifdef __cplusplus
}
#endif
#else /* POLARSSL_SHA1_ALT */
#include "sha1_alt.h"
#endif /* POLARSSL_SHA1_ALT */
#ifdef __cplusplus
extern "C" {
#endif
/**
* \brief Output = SHA-1( input buffer )
*
......@@ -152,9 +173,6 @@ void sha1_hmac( const unsigned char *key, size_t keylen,
*/
int sha1_self_test( int verbose );
/* Internal use */
void sha1_process( sha1_context *ctx, const unsigned char data[64] );
#ifdef __cplusplus
}
#endif
......
......@@ -3,7 +3,7 @@
*
* \brief SHA-224 and SHA-256 cryptographic hash function
*
* Copyright (C) 2006-2010, Brainspark B.V.
* Copyright (C) 2006-2013, Brainspark B.V.
*
* This file is part of PolarSSL (http://www.polarssl.org)
* Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
......@@ -27,6 +27,8 @@
#ifndef POLARSSL_SHA2_H
#define POLARSSL_SHA2_H
#include "config.h"
#include <string.h>
#ifdef _MSC_VER
......@@ -38,6 +40,10 @@ typedef UINT32 uint32_t;
#define POLARSSL_ERR_SHA2_FILE_IO_ERROR -0x0078 /**< Read/write error in file. */
#if !defined(POLARSSL_SHA2_ALT)
// Regular implementation
//
/**
* \brief SHA-256 context structure
*/
......@@ -82,6 +88,21 @@ void sha2_update( sha2_context *ctx, const unsigned char *input, size_t ilen );
*/
void sha2_finish( sha2_context *ctx, unsigned char output[32] );
/* Internal use */
void sha2_process( sha2_context *ctx, const unsigned char data[64] );
#ifdef __cplusplus
}
#endif
#else /* POLARSSL_SHA2_ALT */
#include "sha2_alt.h"
#endif /* POLARSSL_SHA2_ALT */
#ifdef __cplusplus
extern "C" {
#endif
/**
* \brief Output = SHA-256( input buffer )
*
......@@ -160,9 +181,6 @@ void sha2_hmac( const unsigned char *key, size_t keylen,
*/
int sha2_self_test( int verbose );
/* Internal use */
void sha2_process( sha2_context *ctx, const unsigned char data[64] );
#ifdef __cplusplus
}
#endif
......
......@@ -3,7 +3,7 @@
*
* \brief SHA-384 and SHA-512 cryptographic hash function
*
* Copyright (C) 2006-2010, Brainspark B.V.
* Copyright (C) 2006-2013, Brainspark B.V.
*
* This file is part of PolarSSL (http://www.polarssl.org)
* Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
......@@ -27,6 +27,8 @@
#ifndef POLARSSL_SHA4_H
#define POLARSSL_SHA4_H
#include "config.h"
#include <string.h>
#if defined(_MSC_VER) || defined(__WATCOMC__)
......@@ -39,6 +41,10 @@
#define POLARSSL_ERR_SHA4_FILE_IO_ERROR -0x007A /**< Read/write error in file. */
#if !defined(POLARSSL_SHA1_ALT)
// Regular implementation
//
/**
* \brief SHA-512 context structure
*/
......@@ -83,6 +89,18 @@ void sha4_update( sha4_context *ctx, const unsigned char *input, size_t ilen );
*/
void sha4_finish( sha4_context *ctx, unsigned char output[64] );
#ifdef __cplusplus
}
#endif
#else /* POLARSSL_SHA4_ALT */
#include "sha4_alt.h"
#endif /* POLARSSL_SHA4_ALT */
#ifdef __cplusplus
extern "C" {
#endif
/**
* \brief Output = SHA-512( input buffer )
*
......
......@@ -3,7 +3,7 @@
*
* \brief XTEA block cipher (32-bit)
*
* Copyright (C) 2006-2010, Brainspark B.V.
* Copyright (C) 2006-2013, Brainspark B.V.
*
* This file is part of PolarSSL (http://www.polarssl.org)
* Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
......@@ -27,6 +27,8 @@
#ifndef POLARSSL_XTEA_H
#define POLARSSL_XTEA_H
#include "config.h"
#include <string.h>
#ifdef _MSC_VER
......@@ -41,6 +43,10 @@ typedef UINT32 uint32_t;
#define POLARSSL_ERR_XTEA_INVALID_INPUT_LENGTH -0x0028 /**< The data input has an invalid length. */
#if !defined(POLARSSL_XTEA_ALT)
// Regular implementation
//
/**
* \brief XTEA context structure
*/
......@@ -97,6 +103,18 @@ int xtea_crypt_cbc( xtea_context *ctx,
unsigned char *input,
unsigned char *output);
#ifdef __cplusplus
}
#endif
#else /* POLARSSL_XTEA_ALT */
#include "xtea_alt.h"
#endif /* POLARSSL_XTEA_ALT */
#ifdef __cplusplus
extern "C" {
#endif
/**
* \brief Checkup routine
*
......
/*
* FIPS-197 compliant AES implementation
*
* Copyright (C) 2006-2010, Brainspark B.V.
* Copyright (C) 2006-2013, Brainspark B.V.
*
* This file is part of PolarSSL (http://www.polarssl.org)
* Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
......@@ -38,6 +38,8 @@
#include "polarssl/padlock.h"
#endif
#if !defined(POLARSSL_AES_ALT)
/*