- Added Doxygen source code documentation parts (donated by Fox-IT)
diff --git a/include/polarssl/aes.h b/include/polarssl/aes.h
index 5576680..f9b6825 100644
--- a/include/polarssl/aes.h
+++ b/include/polarssl/aes.h
@@ -1,6 +1,8 @@
/**
* \file aes.h
*
+ * \brief AES block cipher encryption
+ *
* Copyright (C) 2006-2010, Brainspark B.V.
*
* This file is part of PolarSSL (http://www.polarssl.org)
diff --git a/include/polarssl/arc4.h b/include/polarssl/arc4.h
index 74f5741..2344c74 100644
--- a/include/polarssl/arc4.h
+++ b/include/polarssl/arc4.h
@@ -1,6 +1,8 @@
/**
* \file arc4.h
*
+ * \brief The ARCFOUR stream cipher
+ *
* Copyright (C) 2006-2010, Brainspark B.V.
*
* This file is part of PolarSSL (http://www.polarssl.org)
diff --git a/include/polarssl/base64.h b/include/polarssl/base64.h
index 2ae4169..1c6498c 100644
--- a/include/polarssl/base64.h
+++ b/include/polarssl/base64.h
@@ -1,6 +1,8 @@
/**
* \file base64.h
*
+ * \brief RFC 1521 base64 encoding/decoding
+ *
* Copyright (C) 2006-2010, Brainspark B.V.
*
* This file is part of PolarSSL (http://www.polarssl.org)
diff --git a/include/polarssl/bignum.h b/include/polarssl/bignum.h
index 80399a2..79bc354 100644
--- a/include/polarssl/bignum.h
+++ b/include/polarssl/bignum.h
@@ -1,6 +1,8 @@
/**
* \file bignum.h
*
+ * \brief Multi-precision integer library
+ *
* Copyright (C) 2006-2010, Brainspark B.V.
*
* This file is part of PolarSSL (http://www.polarssl.org)
diff --git a/include/polarssl/bn_mul.h b/include/polarssl/bn_mul.h
index a73d5fb..87b2052 100644
--- a/include/polarssl/bn_mul.h
+++ b/include/polarssl/bn_mul.h
@@ -1,6 +1,8 @@
/**
* \file bn_mul.h
*
+ * \brief Multi-precision integer library
+ *
* Copyright (C) 2006-2010, Brainspark B.V.
*
* This file is part of PolarSSL (http://www.polarssl.org)
diff --git a/include/polarssl/camellia.h b/include/polarssl/camellia.h
index 323d03e..cebd677 100644
--- a/include/polarssl/camellia.h
+++ b/include/polarssl/camellia.h
@@ -1,6 +1,8 @@
/**
* \file camellia.h
*
+ * \brief Camellia block cipher
+ *
* Copyright (C) 2006-2010, Brainspark B.V.
*
* This file is part of PolarSSL (http://www.polarssl.org)
diff --git a/include/polarssl/certs.h b/include/polarssl/certs.h
index e5e684d..c793932 100644
--- a/include/polarssl/certs.h
+++ b/include/polarssl/certs.h
@@ -1,6 +1,8 @@
/**
* \file certs.h
*
+ * \brief Camellia block cipher
+ *
* Copyright (C) 2006-2010, Brainspark B.V.
*
* This file is part of PolarSSL (http://www.polarssl.org)
diff --git a/include/polarssl/config.h b/include/polarssl/config.h
index 96058f2..1dbbfbb 100644
--- a/include/polarssl/config.h
+++ b/include/polarssl/config.h
@@ -1,6 +1,8 @@
/**
* \file config.h
*
+ * \brief Configuration options (set of defines)
+ *
* Copyright (C) 2006-2010, Brainspark B.V.
*
* This file is part of PolarSSL (http://www.polarssl.org)
diff --git a/include/polarssl/debug.h b/include/polarssl/debug.h
index 43634b7..c6f7406 100644
--- a/include/polarssl/debug.h
+++ b/include/polarssl/debug.h
@@ -1,6 +1,8 @@
/**
* \file debug.h
*
+ * \brief Debug functions
+ *
* Copyright (C) 2006-2010, Brainspark B.V.
*
* This file is part of PolarSSL (http://www.polarssl.org)
diff --git a/include/polarssl/des.h b/include/polarssl/des.h
index 4a8e8ae..53bbbff 100644
--- a/include/polarssl/des.h
+++ b/include/polarssl/des.h
@@ -1,6 +1,8 @@
/**
* \file des.h
*
+ * \brief Debug functions
+ *
* Copyright (C) 2006-2010, Brainspark B.V.
*
* This file is part of PolarSSL (http://www.polarssl.org)
diff --git a/include/polarssl/dhm.h b/include/polarssl/dhm.h
index a2eb5d5..ad0795f 100644
--- a/include/polarssl/dhm.h
+++ b/include/polarssl/dhm.h
@@ -1,6 +1,8 @@
/**
* \file dhm.h
*
+ * \brief Diffie-Hellman-Merkle key exchange
+ *
* Copyright (C) 2006-2010, Brainspark B.V.
*
* This file is part of PolarSSL (http://www.polarssl.org)
@@ -108,7 +110,7 @@
*
* \return 0 if successful, or an POLARSSL_ERR_DHM_XXX error code
*/
-int dhm_make_public( dhm_context *ctx, int s_size,
+int dhm_make_public( dhm_context *ctx, int x_size,
unsigned char *output, int olen,
int (*f_rng)(void *), void *p_rng );
diff --git a/include/polarssl/havege.h b/include/polarssl/havege.h
index 5b643bc..a974462 100644
--- a/include/polarssl/havege.h
+++ b/include/polarssl/havege.h
@@ -1,6 +1,8 @@
/**
* \file havege.h
*
+ * \brief Diffie-Hellman-Merkle key exchange
+ *
* Copyright (C) 2006-2010, Brainspark B.V.
*
* This file is part of PolarSSL (http://www.polarssl.org)
diff --git a/include/polarssl/md2.h b/include/polarssl/md2.h
index 3124cb7..bcda2e3 100644
--- a/include/polarssl/md2.h
+++ b/include/polarssl/md2.h
@@ -1,6 +1,8 @@
/**
* \file md2.h
*
+ * \brief MD2 message digest algorithm (hash function)
+ *
* Copyright (C) 2006-2010, Brainspark B.V.
*
* This file is part of PolarSSL (http://www.polarssl.org)
diff --git a/include/polarssl/md4.h b/include/polarssl/md4.h
index 84f8b1f..c3c5d7e 100644
--- a/include/polarssl/md4.h
+++ b/include/polarssl/md4.h
@@ -1,6 +1,8 @@
/**
* \file md4.h
*
+ * \brief MD4 message digest algorithm (hash function)
+ *
* Copyright (C) 2006-2010, Brainspark B.V.
*
* This file is part of PolarSSL (http://www.polarssl.org)
diff --git a/include/polarssl/md5.h b/include/polarssl/md5.h
index fe6b5a2..e728c38 100644
--- a/include/polarssl/md5.h
+++ b/include/polarssl/md5.h
@@ -1,6 +1,8 @@
/**
* \file md5.h
*
+ * \brief MD5 message digest algorithm (hash function)
+ *
* Copyright (C) 2006-2010, Brainspark B.V.
*
* This file is part of PolarSSL (http://www.polarssl.org)
diff --git a/include/polarssl/net.h b/include/polarssl/net.h
index 1af6eb8..188432e 100644
--- a/include/polarssl/net.h
+++ b/include/polarssl/net.h
@@ -1,6 +1,8 @@
/**
* \file net.h
*
+ * \brief MD5 message digest algorithm (hash function)
+ *
* Copyright (C) 2006-2010, Brainspark B.V.
*
* This file is part of PolarSSL (http://www.polarssl.org)
diff --git a/include/polarssl/openssl.h b/include/polarssl/openssl.h
index e80a54d..4423857 100644
--- a/include/polarssl/openssl.h
+++ b/include/polarssl/openssl.h
@@ -1,6 +1,8 @@
/**
* \file openssl.h
*
+ * \brief OpenSSL wrapper (definitions, inline functions).
+ *
* Copyright (C) 2006-2010, Brainspark B.V.
*
* This file is part of PolarSSL (http://www.polarssl.org)
diff --git a/include/polarssl/padlock.h b/include/polarssl/padlock.h
index 12fa7d3..99ecfee 100644
--- a/include/polarssl/padlock.h
+++ b/include/polarssl/padlock.h
@@ -1,6 +1,8 @@
/**
* \file padlock.h
*
+ * \brief VIA PadLock ACE for HW encryption/decryption supported by some processors
+ *
* Copyright (C) 2006-2010, Brainspark B.V.
*
* This file is part of PolarSSL (http://www.polarssl.org)
diff --git a/include/polarssl/rsa.h b/include/polarssl/rsa.h
index 5fae794..15b047c 100644
--- a/include/polarssl/rsa.h
+++ b/include/polarssl/rsa.h
@@ -1,6 +1,8 @@
/**
* \file rsa.h
*
+ * \brief The RSA public-key cryptosystem
+ *
* Copyright (C) 2006-2010, Brainspark B.V.
*
* This file is part of PolarSSL (http://www.polarssl.org)
diff --git a/include/polarssl/sha1.h b/include/polarssl/sha1.h
index 4eb5f70..1d5cc25 100644
--- a/include/polarssl/sha1.h
+++ b/include/polarssl/sha1.h
@@ -1,6 +1,8 @@
/**
* \file sha1.h
*
+ * \brief SHA-1 cryptographic hash function
+ *
* Copyright (C) 2006-2010, Brainspark B.V.
*
* This file is part of PolarSSL (http://www.polarssl.org)
diff --git a/include/polarssl/sha2.h b/include/polarssl/sha2.h
index be4ae56..813a96c 100644
--- a/include/polarssl/sha2.h
+++ b/include/polarssl/sha2.h
@@ -1,6 +1,8 @@
/**
* \file sha2.h
*
+ * \brief SHA-256 cryptographic hash function
+ *
* Copyright (C) 2006-2010, Brainspark B.V.
*
* This file is part of PolarSSL (http://www.polarssl.org)
diff --git a/include/polarssl/sha4.h b/include/polarssl/sha4.h
index 64084b4..ebf2d45 100644
--- a/include/polarssl/sha4.h
+++ b/include/polarssl/sha4.h
@@ -1,6 +1,8 @@
/**
* \file sha4.h
*
+ * \brief SHA-384/512 cryptographic hash function
+ *
* Copyright (C) 2006-2010, Brainspark B.V.
*
* This file is part of PolarSSL (http://www.polarssl.org)
diff --git a/include/polarssl/ssl.h b/include/polarssl/ssl.h
index 254c8ef..100c004 100644
--- a/include/polarssl/ssl.h
+++ b/include/polarssl/ssl.h
@@ -1,6 +1,8 @@
/**
* \file ssl.h
*
+ * \brief SSL/TLS functions.
+ *
* Copyright (C) 2006-2010, Brainspark B.V.
*
* This file is part of PolarSSL (http://www.polarssl.org)
@@ -336,7 +338,7 @@
* \brief Set the certificate verification mode
*
* \param ssl SSL context
- * \param mode can be:
+ * \param authmode can be:
*
* SSL_VERIFY_NONE: peer certificate is not checked (default),
* this is insecure and SHOULD be avoided.
diff --git a/include/polarssl/timing.h b/include/polarssl/timing.h
index ff9ceef..456508d 100644
--- a/include/polarssl/timing.h
+++ b/include/polarssl/timing.h
@@ -1,6 +1,8 @@
/**
* \file timing.h
*
+ * \brief Portable interface to the CPU cycle counter
+ *
* Copyright (C) 2006-2010, Brainspark B.V.
*
* This file is part of PolarSSL (http://www.polarssl.org)
@@ -62,7 +64,7 @@
/**
* \brief Sleep for a certain amount of time
*
- * \param Delay in milliseconds
+ * \param milliseconds delay in milliseconds
*/
void m_sleep( int milliseconds );
diff --git a/include/polarssl/x509.h b/include/polarssl/x509.h
index 829adaf..cbcb5b0 100644
--- a/include/polarssl/x509.h
+++ b/include/polarssl/x509.h
@@ -1,6 +1,8 @@
/**
* \file x509.h
*
+ * \brief X.509 certificate and private key decoding
+ *
* Copyright (C) 2006-2010, Brainspark B.V.
*
* This file is part of PolarSSL (http://www.polarssl.org)
@@ -27,59 +29,80 @@
#include "polarssl/rsa.h"
-/*
- * ASN1 Error codes
- *
- * These error codes will be OR'ed to X509 error codes for
- * higher error granularity.
+/**
+ * @addtogroup x509_module
+ * @{
*/
-#define POLARSSL_ERR_ASN1_OUT_OF_DATA 0x0014
-#define POLARSSL_ERR_ASN1_UNEXPECTED_TAG 0x0016
-#define POLARSSL_ERR_ASN1_INVALID_LENGTH 0x0018
-#define POLARSSL_ERR_ASN1_LENGTH_MISMATCH 0x001A
-#define POLARSSL_ERR_ASN1_INVALID_DATA 0x001C
-
-/*
- * X509 Error codes
+
+/**
+ * @name ASN1 Error codes
+ * These error codes are OR'ed to X509 error codes for
+ * higher error granularity.
+ * ASN1 is a standard to specify data structures.
+ * @{
*/
-#define POLARSSL_ERR_X509_FEATURE_UNAVAILABLE -0x0020
-#define POLARSSL_ERR_X509_CERT_INVALID_PEM -0x0040
-#define POLARSSL_ERR_X509_CERT_INVALID_FORMAT -0x0060
-#define POLARSSL_ERR_X509_CERT_INVALID_VERSION -0x0080
-#define POLARSSL_ERR_X509_CERT_INVALID_SERIAL -0x00A0
-#define POLARSSL_ERR_X509_CERT_INVALID_ALG -0x00C0
-#define POLARSSL_ERR_X509_CERT_INVALID_NAME -0x00E0
-#define POLARSSL_ERR_X509_CERT_INVALID_DATE -0x0100
-#define POLARSSL_ERR_X509_CERT_INVALID_PUBKEY -0x0120
-#define POLARSSL_ERR_X509_CERT_INVALID_SIGNATURE -0x0140
-#define POLARSSL_ERR_X509_CERT_INVALID_EXTENSIONS -0x0160
-#define POLARSSL_ERR_X509_CERT_UNKNOWN_VERSION -0x0180
-#define POLARSSL_ERR_X509_CERT_UNKNOWN_SIG_ALG -0x01A0
-#define POLARSSL_ERR_X509_CERT_UNKNOWN_PK_ALG -0x01C0
-#define POLARSSL_ERR_X509_CERT_SIG_MISMATCH -0x01E0
-#define POLARSSL_ERR_X509_CERT_VERIFY_FAILED -0x0200
-#define POLARSSL_ERR_X509_KEY_INVALID_PEM -0x0220
-#define POLARSSL_ERR_X509_KEY_INVALID_VERSION -0x0240
-#define POLARSSL_ERR_X509_KEY_INVALID_FORMAT -0x0260
-#define POLARSSL_ERR_X509_KEY_INVALID_ENC_IV -0x0280
-#define POLARSSL_ERR_X509_KEY_UNKNOWN_ENC_ALG -0x02A0
-#define POLARSSL_ERR_X509_KEY_PASSWORD_REQUIRED -0x02C0
-#define POLARSSL_ERR_X509_KEY_PASSWORD_MISMATCH -0x02E0
-#define POLARSSL_ERR_X509_POINT_ERROR -0x0300
-#define POLARSSL_ERR_X509_VALUE_TO_LENGTH -0x0320
+#define POLARSSL_ERR_ASN1_OUT_OF_DATA 0x0014 /**< Out of data when parsing an ASN1 data structure. */
+#define POLARSSL_ERR_ASN1_UNEXPECTED_TAG 0x0016 /**< ASN1 tag was of an unexpected value. */
+#define POLARSSL_ERR_ASN1_INVALID_LENGTH 0x0018 /**< Error when trying to determine the length or invalid length. */
+#define POLARSSL_ERR_ASN1_LENGTH_MISMATCH 0x001A /**< Actual length differs from expected length. */
+#define POLARSSL_ERR_ASN1_INVALID_DATA 0x001C /**< Data is invalid. (not used) */
+/* @} name */
-/*
- * X509 Verify codes
+/**
+ * @name X509 Error codes
+ * @{
*/
-#define BADCERT_EXPIRED 1
-#define BADCERT_REVOKED 2
-#define BADCERT_CN_MISMATCH 4
-#define BADCERT_NOT_TRUSTED 8
-#define BADCRL_NOT_TRUSTED 16
-#define BADCRL_EXPIRED 32
+#define POLARSSL_ERR_X509_FEATURE_UNAVAILABLE -0x0020 /**< Unavailable feature, e.g. RSA hashing/encryption combination. */
+#define POLARSSL_ERR_X509_CERT_INVALID_PEM -0x0040 /**< The PEM-encoded certificate contains invalid elements, e.g. invalid character. */
+#define POLARSSL_ERR_X509_CERT_INVALID_FORMAT -0x0060 /**< The certificate format is invalid, e.g. different type expected. */
+#define POLARSSL_ERR_X509_CERT_INVALID_VERSION -0x0080 /**< The certificate version element is invalid. */
+#define POLARSSL_ERR_X509_CERT_INVALID_SERIAL -0x00A0 /**< The serial tag or value is invalid. */
+#define POLARSSL_ERR_X509_CERT_INVALID_ALG -0x00C0 /**< The algorithm tag or value is invalid. */
+#define POLARSSL_ERR_X509_CERT_INVALID_NAME -0x00E0 /**< The name tag or value is invalid. */
+#define POLARSSL_ERR_X509_CERT_INVALID_DATE -0x0100 /**< The date tag or value is invalid. */
+#define POLARSSL_ERR_X509_CERT_INVALID_PUBKEY -0x0120 /**< The pubkey tag or value is invalid (only RSA is supported). */
+#define POLARSSL_ERR_X509_CERT_INVALID_SIGNATURE -0x0140 /**< The signature tag or value invalid. */
+#define POLARSSL_ERR_X509_CERT_INVALID_EXTENSIONS -0x0160 /**< The extension tag or value is invalid. */
+#define POLARSSL_ERR_X509_CERT_UNKNOWN_VERSION -0x0180 /**< Certificate or CRL has an unsupported version number. */
+#define POLARSSL_ERR_X509_CERT_UNKNOWN_SIG_ALG -0x01A0 /**< Signature algorithm (oid) is unsupported. */
+#define POLARSSL_ERR_X509_CERT_UNKNOWN_PK_ALG -0x01C0 /**< Public key algorithm is unsupported (only RSA is supported). */
+#define POLARSSL_ERR_X509_CERT_SIG_MISMATCH -0x01E0 /**< Certificate signature algorithms do not match. (see \c ::x509_cert sig_oid) */
+#define POLARSSL_ERR_X509_CERT_VERIFY_FAILED -0x0200 /**< Certificate verification failed, e.g. CRL, CA or signature check failed. */
+#define POLARSSL_ERR_X509_KEY_INVALID_PEM -0x0220 /**< PEM key string is not as expected. */
+#define POLARSSL_ERR_X509_KEY_INVALID_VERSION -0x0240 /**< Unsupported RSA key version */
+#define POLARSSL_ERR_X509_KEY_INVALID_FORMAT -0x0260 /**< Invalid RSA key tag or value. */
+#define POLARSSL_ERR_X509_KEY_INVALID_ENC_IV -0x0280 /**< RSA IV is not in hex-format. */
+#define POLARSSL_ERR_X509_KEY_UNKNOWN_ENC_ALG -0x02A0 /**< Unsupported key encryption algorithm. */
+#define POLARSSL_ERR_X509_KEY_PASSWORD_REQUIRED -0x02C0 /**< Private key password can't be empty. */
+#define POLARSSL_ERR_X509_KEY_PASSWORD_MISMATCH -0x02E0 /**< Given private key password does not allow for correct decryption. */
+#define POLARSSL_ERR_X509_POINT_ERROR -0x0300 /**< Not used. */
+#define POLARSSL_ERR_X509_VALUE_TO_LENGTH -0x0320 /**< Not used. */
+/* @} name */
-/*
- * DER constants
+
+/**
+ * @name X509 Verify codes
+ * @{
+ */
+#define BADCERT_EXPIRED 1 /**< The certificate validity has expired. */
+#define BADCERT_REVOKED 2 /**< The certificate has been revoked (is on a CRL). */
+#define BADCERT_CN_MISMATCH 4 /**< The certificate Common Name (CN) does not match with the expected CN. */
+#define BADCERT_NOT_TRUSTED 8 /**< The certificate is not correctly signed by the trusted CA. */
+#define BADCRL_NOT_TRUSTED 16 /**< CRL is not correctly signed by the trusted CA. */
+#define BADCRL_EXPIRED 32 /**< CRL is expired. */
+/* @} name */
+
+
+/**
+ * @name DER constants
+ * These constants comply with DER encoded the ANS1 type tags.
+ * DER encoding uses hexadecimal representation.
+ * An example DER sequence is:\n
+ * - 0x02 -- tag indicating INTEGER
+ * - 0x01 -- length in octets
+ * - 0x05 -- value
+ * Such sequences are typically read into \c ::x509_buf.
+ * @{
*/
#define ASN1_BOOLEAN 0x01
#define ASN1_INTEGER 0x02
@@ -100,6 +123,8 @@
#define ASN1_PRIMITIVE 0x00
#define ASN1_CONSTRUCTED 0x20
#define ASN1_CONTEXT_SPECIFIC 0x80
+/* @} name */
+/* @} addtogroup x509_module */
/*
* various object identifiers
@@ -126,68 +151,89 @@
#define OID_PKCS9 "\x2A\x86\x48\x86\xF7\x0D\x01\x09"
#define OID_PKCS9_EMAIL "\x2A\x86\x48\x86\xF7\x0D\x01\x09\x01"
-/*
- * Structures for parsing X.509 certificates
+/**
+ * @addtogroup x509_module
+ * @{ */
+
+/**
+ * @name Structures for parsing X.509 certificates and CRLs
+ * @{
+ */
+
+/**
+ * Type-length-value structure that allows for ASN1 using DER.
*/
typedef struct _x509_buf
{
- int tag;
- int len;
- unsigned char *p;
+ int tag; /**< ASN1 type, e.g. ASN1_UTF8_STRING. */
+ int len; /**< ASN1 length, e.g. in octets. */
+ unsigned char *p; /**< ASN1 data, e.g. in ASCII. */
}
x509_buf;
+/**
+ * Container for ASN1 named information objects.
+ * It allows for Relative Distinguished Names (e.g. cn=polarssl,ou=code,etc.).
+ */
typedef struct _x509_name
{
- x509_buf oid;
- x509_buf val;
- struct _x509_name *next;
+ x509_buf oid; /**< The object identifier. */
+ x509_buf val; /**< The named value. */
+ struct _x509_name *next; /**< The next named information object. */
}
x509_name;
+/** Container for date and time (precision in seconds). */
typedef struct _x509_time
{
- int year, mon, day;
- int hour, min, sec;
+ int year, mon, day; /**< Date. */
+ int hour, min, sec; /**< Time. */
}
x509_time;
+/**
+ * Container for an X.509 certificate. The certificate may be chained.
+ */
typedef struct _x509_cert
{
- x509_buf raw;
- x509_buf tbs;
+ x509_buf raw; /**< The raw certificate data (DER). */
+ x509_buf tbs; /**< The raw certificate body (DER). The part that is To Be Signed. */
- int version;
- x509_buf serial;
- x509_buf sig_oid1;
+ int version; /**< The X.509 version. (0=v1, 1=v2, 2=v3) */
+ x509_buf serial; /**< Unique id for certificate issued by a specific CA. */
+ x509_buf sig_oid1; /**< Signature algorithm, e.g. sha1RSA */
- x509_buf issuer_raw;
- x509_buf subject_raw;
+ x509_buf issuer_raw; /**< The raw issuer data (DER). Used for quick comparison. */
+ x509_buf subject_raw; /**< The raw subject data (DER). Used for quick comparison. */
- x509_name issuer;
- x509_name subject;
+ x509_name issuer; /**< The parsed issuer data (named information object). */
+ x509_name subject; /**< The parsed subject data (named information object). */
- x509_time valid_from;
- x509_time valid_to;
+ x509_time valid_from; /**< Start time of certificate validity. */
+ x509_time valid_to; /**< End time of certificate validity. */
- x509_buf pk_oid;
- rsa_context rsa;
+ x509_buf pk_oid; /**< Subject public key info. Includes the public key algorithm and the key itself. */
+ rsa_context rsa; /**< Container for the RSA context. Only RSA is supported for public keys at this time. */
- x509_buf issuer_id;
- x509_buf subject_id;
- x509_buf v3_ext;
+ x509_buf issuer_id; /**< Optional X.509 v2/v3 issuer unique identifier. */
+ x509_buf subject_id; /**< Optional X.509 v2/v3 subject unique identifier. */
+ x509_buf v3_ext; /**< Optional X.509 v3 extensions. Only Basic Contraints are supported at this time. */
- int ca_istrue;
- int max_pathlen;
+ int ca_istrue; /**< Optional Basic Constraint extension value: 1 if this certificate belongs to a CA, 0 otherwise. */
+ int max_pathlen; /**< Optional Basic Constraint extension value: The maximum path length to the root certificate. */
- x509_buf sig_oid2;
- x509_buf sig;
- int sig_alg;
+ x509_buf sig_oid2; /**< Signature algorithm. Must match sig_oid1. */
+ x509_buf sig; /**< Signature: hash of the tbs part signed with the private key. */
+ int sig_alg; /**< Internal representation of the signature algorithm, e.g. SIG_RSA_MD2 */
- struct _x509_cert *next;
+ struct _x509_cert *next; /**< Next certificate in the CA-chain. */
}
x509_cert;
+/**
+ * Certificate revocation list entry.
+ * Contains the CA-specific serial numbers and revocation dates.
+ */
typedef struct _x509_crl_entry
{
x509_buf raw;
@@ -202,22 +248,26 @@
}
x509_crl_entry;
+/**
+ * Certificate revocation list structure.
+ * Every CRL may have multiple entries.
+ */
typedef struct _x509_crl
{
- x509_buf raw;
- x509_buf tbs;
+ x509_buf raw; /**< The raw certificate data (DER). */
+ x509_buf tbs; /**< The raw certificate body (DER). The part that is To Be Signed. */
int version;
x509_buf sig_oid1;
- x509_buf issuer_raw;
+ x509_buf issuer_raw; /**< The raw issuer data (DER). */
- x509_name issuer;
+ x509_name issuer; /**< The parsed issuer data (named information object). */
- x509_time this_update;
+ x509_time this_update;
x509_time next_update;
- x509_crl_entry entry;
+ x509_crl_entry entry; /**< The CRL entries containing the certificate revocation times for this CA. */
x509_buf crl_ext;
@@ -228,10 +278,16 @@
struct _x509_crl *next;
}
x509_crl;
+/** @} name Structures for parsing X.509 certificates and CRLs */
+/** @} addtogroup x509_module */
-/*
- * Structures for writing X.509 certificates
+/**
+ * @name Structures for writing X.509 certificates.
+ * XvP: commented out as they are not used.
+ * - <tt>typedef struct _x509_node x509_node;</tt>
+ * - <tt>typedef struct _x509_raw x509_raw;</tt>
*/
+/*
typedef struct _x509_node
{
unsigned char *data;
@@ -259,12 +315,19 @@
x509_node sign;
}
x509_raw;
+*/
#ifdef __cplusplus
extern "C" {
#endif
/**
+ * @name Functions to read in a certificate, CRL or private RSA key
+ * @{
+ */
+
+/** @ingroup x509_module */
+/**
* \brief Parse one or more certificates and add them
* to the chained list
*
@@ -276,6 +339,7 @@
*/
int x509parse_crt( x509_cert *chain, const unsigned char *buf, int buflen );
+/** @ingroup x509_module */
/**
* \brief Load one or more certificates and add them
* to the chained list
@@ -287,6 +351,7 @@
*/
int x509parse_crtfile( x509_cert *chain, const char *path );
+/** @ingroup x509_module */
/**
* \brief Parse one or more CRLs and add them
* to the chained list
@@ -299,6 +364,7 @@
*/
int x509parse_crl( x509_crl *chain, const unsigned char *buf, int buflen );
+/** @ingroup x509_module */
/**
* \brief Load one or more CRLs and add them
* to the chained list
@@ -310,6 +376,7 @@
*/
int x509parse_crlfile( x509_crl *chain, const char *path );
+/** @ingroup x509_module */
/**
* \brief Parse a private RSA key
*
@@ -325,17 +392,21 @@
const unsigned char *key, int keylen,
const unsigned char *pwd, int pwdlen );
+/** @ingroup x509_module */
/**
* \brief Load and parse a private RSA key
*
* \param rsa RSA context to be initialized
* \param path filename to read the private key from
- * \param pwd password to decrypt the file (can be NULL)
+ * \param password password to decrypt the file (can be NULL)
*
* \return 0 if successful, or a specific X509 error code
*/
int x509parse_keyfile( rsa_context *rsa, const char *path,
const char *password );
+/** @} name Functions to read in a certificate, CRL or private RSA key */
+
+
/**
* \brief Store the certificate DN in printable form into buf;
@@ -372,7 +443,7 @@
* \param buf Buffer to write to
* \param size Maximum size of buffer
* \param prefix A line prefix
- * \param crt The X509 CRL to represent
+ * \param crl The X509 CRL to represent
*
* \return The amount of data written to the buffer, or -1 in
* case of an error.
@@ -392,6 +463,11 @@
int x509parse_time_expired( const x509_time *time );
/**
+ * @name Functions to verify a certificate
+ * @{
+ */
+/** @ingroup x509_module */
+/**
* \brief Verify the certificate signature
*
* \param crt a certificate to be verified
@@ -416,6 +492,15 @@
x509_crl *ca_crl,
const char *cn, int *flags );
+/** @} name Functions to verify a certificate */
+
+
+
+/**
+ * @name Functions to clear a certificate, CRL or private RSA key
+ * @{
+ */
+/** @ingroup x509_module */
/**
* \brief Unallocate all certificate data
*
@@ -423,13 +508,17 @@
*/
void x509_free( x509_cert *crt );
+/** @ingroup x509_module */
/**
* \brief Unallocate all CRL data
*
- * \param crt CRL chain to free
+ * \param crl CRL chain to free
*/
void x509_crl_free( x509_crl *crl );
+/** @} name Functions to clear a certificate, CRL or private RSA key */
+
+
/**
* \brief Checkup routine
*
diff --git a/include/polarssl/xtea.h b/include/polarssl/xtea.h
index 026a800..16020d1 100644
--- a/include/polarssl/xtea.h
+++ b/include/polarssl/xtea.h
@@ -1,6 +1,8 @@
/**
* \file xtea.h
*
+ * \brief XTEA block cipher (32-bit)
+ *
* Copyright (C) 2006-2010, Brainspark B.V.
*
* This file is part of PolarSSL (http://www.polarssl.org)