Commit dcbfdcc1 authored by Paul Bakker's avatar Paul Bakker
Browse files

Updated doxygen documentation in header files and HTML pages

parent 6ec34fb5
......@@ -5,33 +5,47 @@
/**
* @addtogroup encdec_module Encryption/decryption module
*
* The Encryption/decryption module provides encryption/decryption functions.
* One can differtiate between symmetric and asymetric algorithms; the
* symmetric ones are mostly used for message confidentiality and the asymmetric
*
* The Encryption/decryption module provides encryption/decryption functions.
* One can differentiate between symmetric and asymmetric algorithms; the
* symmetric ones are mostly used for message confidentiality and the asymmetric
* ones for key exchange and message integrity.
* Some symmetric algorithms provide different block cipher modes, mainly
* Electronic Code Book (ECB) which is used for short (64-bit) messages and
* Cipher Block Chaining (CBC) which provides the structure needed for longer
* messages. In addition the Cipher Feedback Mode (CFB-128) stream cipher mode
* is implemented for specific algorithms.
* Some symmetric algorithms provide different block cipher modes, mainly
* Electronic Code Book (ECB) which is used for short (64-bit) messages and
* Cipher Block Chaining (CBC) which provides the structure needed for longer
* messages. In addition the Cipher Feedback Mode (CFB-128) stream cipher mode,
* Counter mode (CTR) and Galois Counter Mode (GCM) are implemented for
* specific algorithms.
*
* All symmetric encryption algorithms are accessible via the generic cipher layer
* (see \c cipher_init_ctx()).
*
* The asymmetric encryptrion algorithms are accessible via the generic public
* key layer (see \c pk_init()).
*
* Sometimes the same functions are used for encryption and decryption.
* The following algorithms are provided:
* - Symmetric:
* - AES (see \c aes_crypt_ecb(), \c aes_crypt_cbc() and \c aes_crypt_cfb128()).
* - AES (see \c aes_crypt_ecb(), \c aes_crypt_cbc(), \c aes_crypt_cfb128() and
* \c aes_crypt_ctr()).
* - ARCFOUR (see \c arc4_crypt()).
* - Camellia (see \c camellia_crypt_ecb(), \c camellia_crypt_cbc() and \c camellia_crypt_cfb128()).
* - DES/3DES (see \c des_crypt_ecb(), \c des_crypt_cbc(), \c des3_crypt_ecb()
* - Blowfish / BF (see \c blowfish_crypt_ecb(), \c blowfish_crypt_cbc(),
* \c blowfish_crypt_cfb64() and \c blowfish_crypt_ctr())
* - Camellia (see \c camellia_crypt_ecb(), \c camellia_crypt_cbc(),
* \c camellia_crypt_cfb128() and \c camellia_crypt_ctr()).
* - DES/3DES (see \c des_crypt_ecb(), \c des_crypt_cbc(), \c des3_crypt_ecb()
* and \c des3_crypt_cbc()).
* - XTEA (see \c xtea_crypt_ecb()).
* - Asymmetric:
* - Diffie-Hellman-Merkle (see \c dhm_read_public(), \c dhm_make_public()
* - Diffie-Hellman-Merkle (see \c dhm_read_public(), \c dhm_make_public()
* and \c dhm_calc_secret()).
* - RSA (see \c rsa_public() and \c rsa_private()).
* - Elliptic Curves over GF(p) (see \c ecp_point_init()).
* - Elliptic Curve Digital Signature Algorithm (ECDSA) (see \c ecdsa_init()).
* - Elliptic Curve Diffie Hellman (ECDH) (see \c ecdh_init()).
*
* This module provides encryption/decryption which can be used to provide
* This module provides encryption/decryption which can be used to provide
* secrecy.
* It also provides asymmetric key functions which can be used for
* confidentiality, integrity, authentication and non-repudiation.
*
* It also provides asymmetric key functions which can be used for
* confidentiality, integrity, authentication and non-repudiation.
*/
......@@ -5,16 +5,20 @@
/**
* @addtogroup hashing_module Hashing module
*
*
* The Hashing module provides one-way hashing functions. Such functions can be
* used for creating a hash message authentication code (HMAC) when sending a
* used for creating a hash message authentication code (HMAC) when sending a
* message. Such a HMAC can be used in combination with a private key
* for authentication, which is a message integrity control.
* for authentication, which is a message integrity control.
*
* All hash algorithms can be accessed via the generic MD layer (see
* \c md_init_ctx())
*
* The following hashing-algorithms are provided:
* - MD2, MD4, MD5 128-bit one-way hash functions by Ron Rivest (see
* - MD2, MD4, MD5 128-bit one-way hash functions by Ron Rivest (see
* \c md2_hmac(), \c md4_hmac() and \c md5_hmac()).
* - SHA-1, SHA-256, SHA-384/512 160-bit or more one-way hash functions by
* NIST and NSA (see\c sha1_hmac(), \c sha2_hmac() and \c sha4_hmac()).
* - SHA-1, SHA-256, SHA-384/512 160-bit or more one-way hash functions by
* NIST and NSA (see\c sha1_hmac(), \c sha256_hmac() and \c sha512_hmac()).
*
* This module provides one-way hashing which can be used for authentication.
*/
......@@ -5,23 +5,22 @@
/**
* @mainpage PolarSSL v1.2.6 source code documentation
*
*
* This documentation describes the internal structure of PolarSSL. It was
* automatically generated from specially formatted comment blocks in
* PolarSSL's source code using Doxygen. (See
* http://www.stack.nl/~dimitri/doxygen/ for more information on Doxygen)
*
* PolarSSL has a simple setup: it provides the ingredients for an SSL/TLS
* implementation. These ingredients are listed as modules in the
* \ref mainpage_modules "Modules section". This "Modules section" introduces
* the high-level module concepts used throughout this documentation.\n
*
* PolarSSL has a simple setup: it provides the ingredients for an SSL/TLS
* implementation. These ingredients are listed as modules in the
* \ref mainpage_modules "Modules section". This "Modules section" introduces
* the high-level module concepts used throughout this documentation.\n
* Some examples of PolarSSL usage can be found in the \ref mainpage_examples
* "Examples section".
*
*
*
* @section mainpage_modules Modules
*
* PolarSSL supports SSLv3 up to TLSv1.2 communication by providing the
*
* PolarSSL supports SSLv3 up to TLSv1.2 communication by providing the
* following:
* - TCP/IP communication functions: listen, connect, accept, read/write.
* - SSL/TLS communication functions: init, handshake, read/write.
......@@ -30,19 +29,19 @@
* - Hashing
* - Encryption/decryption
*
* Above functions are split up neatly into logical interfaces. These can be
* used separately to provide any of the above functions or to mix-and-match
* into an SSL server/client solution that utilises a X.509 PKI. Examples of
* such implementations are amply provided with the source code. Note that
* there is also an OpenSSL wrapper provided.\n
* Above functions are split up neatly into logical interfaces. These can be
* used separately to provide any of the above functions or to mix-and-match
* into an SSL server/client solution that utilises a X.509 PKI. Examples of
* such implementations are amply provided with the source code.
*
* Note that PolarSSL does not provide a control channel or (multiple) session
* handling.
* handling without additional work from the developer.
*
* @section mainpage_examples Examples
*
*
* Example server setup:
*
* \b Prerequisites:
* \b Prerequisites:
* - X.509 certificate and private key
* - session handling functions
*
......@@ -57,7 +56,6 @@
* - Read/write data (SSL/TLS interface)
* - Close and cleanup (all interfaces)
*
*
* Example client setup:
*
* \b Prerequisites:
......@@ -75,6 +73,4 @@
* - Verify the server certificate (SSL/TLS interface)
* - Write/read data (SSL/TLS interface)
* - Close and cleanup (all interfaces)
*
*
*/
......@@ -5,18 +5,19 @@
/**
* @addtogroup rng_module Random number generator (RNG) module
*
*
* The Random number generator (RNG) module provides random number
* generation, see \c ctr_dbrg_random() or \c havege_random().
* generation, see \c ctr_dbrg_random().
*
* The former uses the block-cipher counter-mode based deterministic random
* The block-cipher counter-mode based deterministic random
* bit generator (CTR_DBRG) as specified in NIST SP800-90. It needs an external
* source of entropy. For these purposes \c entropy_func() can be used. This is
* an implementation based on a simple entropy accumulator design.
*
* The latter random number generator uses the HAVEGE (HArdware Volatile
* Entropy Gathering and Expansion) software heuristic which is claimed
* to be an unpredictable or empirically strong* random number generation.
* The other number generator that is included is less strong and uses the HAVEGE
* (HArdware Volatile Entropy Gathering and Expansion) software heuristic
* which considered unsafe for primary usage, but provides additional random
* to the entropy pool if enables.
*
* \* Meaning that there seems to be no practical algorithm that can guess
* the next bit with a probability larger than 1/2 in an output sequence.
......
......@@ -5,16 +5,16 @@
/**
* @addtogroup ssltls_communication_module SSL/TLS communication module
*
*
* The SSL/TLS communication module provides the means to create an SSL/TLS
* communication channel.
* communication channel.
*
* The basic provisions are:
* - initialise an SSL/TLS context (see \c ssl_init()).
* - perform an SSL/TLS handshake (see \c ssl_handshake()).
* - read/write (see \c ssl_read() and \c ssl_write()).
* - notify a peer that conection is being closed (see \c ssl_close_notify()).
*
*
* Many aspects of such a channel are set through parameters and callback
* functions:
* - the endpoint role: client or server.
......@@ -24,7 +24,6 @@
* - the ciphers to use for encryption/decryption.
* - session control functions.
* - X.509 parameters for certificate-handling and key exchange.
*
*
* This module can be used to create an SSL/TLS server and client and to provide a basic
* framework to setup and communicate through an SSL/TLS communication channel.\n
......
......@@ -5,12 +5,12 @@
/**
* @addtogroup tcpip_communication_module TCP/IP communication module
*
*
* The TCP/IP communication module provides for a channel of
* communication for the \link ssltls_communication_module SSL/TLS communication
* module\endlink to use.
* In the TCP/IP-model it provides for communication up to the Transport
* (or Host-to-host) layer.
* communication for the \link ssltls_communication_module SSL/TLS communication
* module\endlink to use.
* In the TCP/IP-model it provides for communication up to the Transport
* (or Host-to-host) layer.
* SSL/TLS resides on top of that, in the Application layer, and makes use of
* its basic provisions:
* - listening on a port (see \c net_bind()).
......@@ -18,9 +18,9 @@
* - read/write (through \c net_recv()/\c net_send()).
* - close a connection (through \c net_close()).
*
* This way you have the means to, for example, implement and use an UDP or
* This way you have the means to, for example, implement and use an UDP or
* IPSec communication solution as a basis.
*
*
* This module can be used at server- and clientside to provide a basic
* means of communication over the internet.
*/
......@@ -5,17 +5,19 @@
/**
* @addtogroup x509_module X.509 module
*
*
* The X.509 module provides X.509 support which includes:
* - X.509 certificate (CRT) reading (see \c x509parse_crt() and
* \c x509parse_crtfile()).
* - X.509 certificate revocation list (CRL) reading (see \c x509parse_crl()
* and\c x509parse_crlfile()).
* - X.509 (RSA) private key reading (see \c x509parse_key_rsa() and
* \c x509parse_keyfile_rsa()).
* - X.509 (RSA and ECC) private key reading (see \c x509parse_key() and
* \c x509parse_keyfile()).
* - X.509 certificate signature verification (see \c x509parse_verify())
* - X.509 certificate writing and certificate request writing (see
* \c x509write_crt_der() and \c x509write_csr_der()).
*
* This module can be used to build a certificate authority (CA) chain and
* verify its signature. It is also used to get a (RSA) private key for signing
* and decryption.
* verify its signature. It is also used to generate Certificate Signing
* Requests and X509 certificates just as a CA would do.
*/
......@@ -128,7 +128,6 @@ int aes_crypt_cbc( aes_context *ctx,
* both encryption and decryption. So a context initialized with
* aes_setkey_enc() for both AES_ENCRYPT and AES_DECRYPT.
*
* both
* \param ctx AES context
* \param mode AES_ENCRYPT or AES_DECRYPT
* \param length length of the input data
......@@ -156,6 +155,7 @@ int aes_crypt_cfb128( aes_context *ctx,
* both encryption and decryption. So a context initialized with
* aes_setkey_enc() for both AES_ENCRYPT and AES_DECRYPT.
*
* \param ctx AES context
* \param length The length of the data
* \param nc_off The offset in the current stream_block (for resuming
* within current cipher stream). The offset pointer to
......
......@@ -116,7 +116,6 @@ int blowfish_crypt_cbc( blowfish_context *ctx,
/**
* \brief Blowfish CFB buffer encryption/decryption.
*
* both
* \param ctx Blowfish context
* \param mode BLOWFISH_ENCRYPT or BLOWFISH_DECRYPT
* \param length length of the input data
......@@ -140,6 +139,7 @@ int blowfish_crypt_cfb64( blowfish_context *ctx,
*
* Warning: You have to keep the maximum use of your counter in mind!
*
* \param ctx Blowfish context
* \param length The length of the data
* \param nc_off The offset in the current stream_block (for resuming
* within current cipher stream). The offset pointer to
......
......@@ -134,7 +134,7 @@ int camellia_crypt_cbc( camellia_context *ctx,
* \param iv initialization vector (updated after use)
* \param input buffer holding the input data
* \param output buffer holding the output data
*
*
* \return 0 if successful, or POLARSSL_ERR_CAMELLIA_INVALID_INPUT_LENGTH
*/
int camellia_crypt_cfb128( camellia_context *ctx,
......@@ -154,6 +154,7 @@ int camellia_crypt_cfb128( camellia_context *ctx,
* both encryption and decryption. So a context initialized with
* camellia_setkey_enc() for both CAMELLIA_ENCRYPT and CAMELLIA_DECRYPT.
*
* \param ctx CAMELLIA context
* \param length The length of the data
* \param nc_off The offset in the current stream_block (for resuming
* within current cipher stream). The offset pointer to
......
......@@ -479,6 +479,7 @@ int cipher_set_padding_mode( cipher_context_t *ctx, cipher_padding_t mode );
/**
* \brief Set the initialization vector (IV) or nonce
*
* \param ctx generic cipher context
* \param iv IV to use (or NONCE_COUNTER for CTR-mode ciphers)
* \param iv_len IV length for ciphers with variable-size IV;
* discarded by ciphers with fixed-size IV.
......@@ -579,6 +580,7 @@ int cipher_finish( cipher_context_t *ctx,
* No effect for other ciphers.
* Must be called after cipher_finish().
*
* \param ctx Generic cipher context
* \param tag buffer to write the tag
* \param tag_len Length of the tag to write
*
......@@ -593,6 +595,7 @@ int cipher_write_tag( cipher_context_t *ctx,
* Calling time depends on the cipher:
* for GCM, must be called after cipher_finish().
*
* \param ctx Generic cipher context
* \param tag Buffer holding the tag
* \param tag_len Length of the tag to check
*
......
......@@ -1102,7 +1102,6 @@
* Enable the TCP/IP networking routines.
*
* Module: library/net.c
* Caller:
*
* This module provides TCP/IP networking routines.
*/
......@@ -1347,8 +1346,8 @@
* Caller: library/havege.c
*
* This module is used by the HAVEGE random number generator.
#define POLARSSL_TIMING_C
*/
#define POLARSSL_TIMING_C
/**
* \def POLARSSL_VERSION_C
......
......@@ -201,6 +201,7 @@ int ctr_drbg_random( void *p_rng,
/**
* \brief Write a seed file
*
* \param ctx CTR_DRBG context
* \param path Name of the file
*
* \return 0 if successful, 1 on file error, or
......@@ -212,6 +213,7 @@ int ctr_drbg_write_seed_file( ctr_drbg_context *ctx, const char *path );
* \brief Read and update a seed file. Seed is added to this
* instance
*
* \param ctx CTR_DRBG context
* \param path Name of the file
*
* \return 0 if successful, 1 on file error,
......
......@@ -103,8 +103,9 @@ void ecdh_free( ecdh_context *ctx );
* \brief Setup and write the ServerKeyExhange parameters
*
* \param ctx ECDH context
* \param buf destination buffer
* \param olen number of chars written
* \param buf destination buffer
* \param blen length of buffer
* \param f_rng RNG function
* \param p_rng RNG parameter
*
......@@ -122,7 +123,7 @@ int ecdh_make_params( ecdh_context *ctx, size_t *olen,
* \brief Parse the ServerKeyExhange parameters
*
* \param ctx ECDH context
* \param buf $(start of input buffer)
* \param buf pointer to start of input buffer
* \param end one past end of buffer
*
* \return 0 if successful, or an POLARSSL_ERR_ECP_XXX error code
......@@ -137,6 +138,8 @@ int ecdh_read_params( ecdh_context *ctx,
* \param olen number of bytes actually written
* \param buf destination buffer
* \param blen size of destination buffer
* \param f_rng RNG function
* \param p_rng RNG parameter
*
* \return 0 if successful, or an POLARSSL_ERR_ECP_XXX error code
*/
......
......@@ -132,7 +132,7 @@ int ecdsa_read_signature( ecdsa_context *ctx,
* \brief Generate an ECDSA keypair on the given curve
*
* \param ctx ECDSA context in which the keypair should be stored
* \param grp Group (elliptic curve) to use. One of the various
* \param gid Group (elliptic curve) to use. One of the various
* POLARSSL_ECP_DP_XXX macros depending on configuration.
* \param f_rng RNG function
* \param p_rng RNG parameter
......
......@@ -315,7 +315,7 @@ int ecp_point_read_binary( const ecp_group *grp, ecp_point *P,
* \note Index should be a value of RFC 4492's enum NamdeCurve,
* possibly in the form of a POLARSSL_ECP_DP_XXX macro.
*/
int ecp_use_known_dp( ecp_group *grp, ecp_group_id id );
int ecp_use_known_dp( ecp_group *grp, ecp_group_id index );
/**
* \brief Set a group from a TLS ECParameters record
......@@ -365,8 +365,9 @@ int ecp_tls_read_point( const ecp_group *grp, ecp_point *pt,
* \param grp ECP group used
* \param pt Point to export
* \param format Export format
* \param olen length of data written
* \param buf Buffer to write to
* \param len Buffer length
* \param blen Buffer length
*
* \return 0 if successful,
* or POLARSSL_ERR_ECP_BAD_INPUT_DATA
......
......@@ -413,7 +413,7 @@ int oid_get_sig_alg_desc( const asn1_buf *oid, const char **desc );
* \return 0 if successful, or POLARSSL_ERR_OID_NOT_FOUND
*/
int oid_get_oid_by_sig_alg( pk_type_t pk_alg, md_type_t md_alg,
const char **oid_str );
const char **oid );
/**
* \brief Translate hash algorithm OID into md_type
......@@ -444,7 +444,7 @@ int oid_get_extended_key_usage( const asn1_buf *oid, const char **desc );
*
* \return 0 if successful, or POLARSSL_ERR_OID_NOT_FOUND
*/
int oid_get_oid_by_md( md_type_t md_alg, const char **oid_str );
int oid_get_oid_by_md( md_type_t md_alg, const char **oid );
#if defined(POLARSSL_CIPHER_C)
/**
......
......@@ -184,7 +184,7 @@ typedef size_t (*pk_rsa_alt_key_len_func)( void *ctx );
/**
* \brief Return information associated with the given PK type
*
* \param type PK type to search for.
* \param pk_type PK type to search for.
*
* \return The PK info associated with the type or NULL if not found.
*/
......@@ -321,6 +321,8 @@ int pk_sign( pk_context *ctx, md_type_t md_alg,
* \param output Decrypted output
* \param olen Decrypted message lenght
* \param osize Size of the output buffer
* \param f_rng RNG function
* \param p_rng RNG parameter
*
* \return 0 on success, or a specific error code.
*/
......@@ -338,6 +340,8 @@ int pk_decrypt( pk_context *ctx,
* \param output Encrypted output
* \param olen Encrypted output length
* \param osize Size of the output buffer
* \param f_rng RNG function
* \param p_rng RNG parameter
*
* \return 0 on success, or a specific error code.
*/
......
/**
* \file pkcs#5.h
* \file pkcs5.h
*
* \brief PKCS#5 functions
*
......@@ -59,7 +59,7 @@ extern "C" {
* \param pbe_params the ASN.1 algorithm parameters
* \param mode either PKCS5_DECRYPT or PKCS5_ENCRYPT
* \param pwd password to use when generating key
* \param plen length of password
* \param pwdlen length of password
* \param data data to process
* \param datalen length of data
* \param output output buffer
......
......@@ -1000,9 +1000,9 @@ int ssl_set_own_cert_rsa( ssl_context *ssl, x509_cert *own_cert,
* \param ssl SSL context
* \param own_cert own public certificate chain
* \param rsa_key alternate implementation private RSA key
* \param rsa_decrypt_func alternate implementation of \c rsa_pkcs1_decrypt()
* \param rsa_sign_func alternate implementation of \c rsa_pkcs1_sign()
* \param rsa_key_len_func function returning length of RSA key in bytes
* \param rsa_decrypt alternate implementation of \c rsa_pkcs1_decrypt()
* \param rsa_sign alternate implementation of \c rsa_pkcs1_sign()
* \param rsa_key_len function returning length of RSA key in bytes
*
* \return 0 on success, or a specific error code.
*/
......@@ -1135,7 +1135,7 @@ void ssl_set_min_version( ssl_context *ssl, int major, int minor );
* negotiate with the server during handshake)
*
* \param ssl SSL context
* \param mfl Code for maximum fragment length (allowed values:
* \param mfl_code Code for maximum fragment length (allowed values:
* SSL_MAX_FRAG_LEN_512, SSL_MAX_FRAG_LEN_1024,
* SSL_MAX_FRAG_LEN_2048, SSL_MAX_FRAG_LEN_4096)
*
......
......@@ -84,6 +84,7 @@ typedef struct _x509_csr
}
x509_csr;
/* \} name */
/* \} addtogroup x509_module */
/**
......@@ -121,7 +122,7 @@ void x509write_csr_set_rsa_key( x509_csr *ctx, rsa_context *rsa );
* (e.g. POLARSSL_MD_SHA1)
*
* \param ctx CSR context to use
* \param md_ald MD algorithm to use
* \param md_alg MD algorithm to use
*/
void x509write_csr_set_md_alg( x509_csr *ctx, md_type_t md_alg );
......@@ -206,7 +207,7 @@ int x509write_key_der( rsa_context *rsa, unsigned char *buf, size_t size );
* return value to determine where you should start
* using the buffer
*
* \param rsa CSR to write away
* \param ctx CSR to write away
* \param buf buffer to write to
* \param size size of the buffer
*
......@@ -242,7 +243,7 @@ int x509write_key_pem( rsa_context *rsa, unsigned char *buf, size_t size );
* \brief Write a CSR (Certificate Signing Request) to a
* PEM string
*
* \param rsa CSR to write away
* \param ctx CSR to write away
* \param buf buffer to write to
* \param size size of the buffer
*
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment