wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2026-01-27 05:12:19 +01:00
Code Issues Packages Projects Releases Wiki Activity

Add missing API documentation for Doxygen:

Browse Source 
This PR adds Doxygen documentation for native wolfSSL API functions that were previously undocumented. It includes documentation notes for APIs gated on specific preprocessor macros:

- WOLF_PRIVATE_KEY_ID: _Id and _Label init helpers (wc_AesInit_Id, wc_AesInit_Label, wc_ecc_init_id, wc_ecc_init_label, wc_InitRsaKey_Id, wc_InitRsaKey_Label) require this for PKCS11 support

- WC_NO_CONSTRUCTORS: New/Delete constructor functions (wc_AesNew/Delete, wc_curve25519_new/delete, wc_ed25519_new/delete, wc_NewRsaKey/DeleteRsaKey) are only available when this is not defined. WC_NO_CONSTRUCTORS is automatically defined when WOLFSSL_NO_MALLOC is defined.

- WOLFSSL_PUBLIC_ASN: ASN functions marked with WOLFSSL_ASN_API include  notes indicating they are not public by default

- WOLFSSL_DUAL_ALG_CERTS: wc_GeneratePreTBS and wc_MakeSigWithBitStr for Post-Quantum dual algorithm certificate signing

The New/Delete functions are documented as being exposed to support allocation of structures using dynamic memory to provide better ABI compatibility.
This commit is contained in:
David Garske
2025-12-26 08:00:20 -08:00
parent 1744c11686
commit 77d9410aa0
35 changed files with 13226 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1693
doc/dox_comments/header_files/aes.h
View File

File diff suppressed because it is too large Load Diff

54
doc/dox_comments/header_files/arc4.h
View File

@@ -57,3 +57,57 @@ int wc_Arc4Process(Arc4* arc4, byte* out, const byte* in, word32 length);
\sa wc_Arc4Process
*/
int wc_Arc4SetKey(Arc4* arc4, const byte* key, word32 length);
/*!
\ingroup ARC4
\brief This function initializes an ARC4 structure for use with
asynchronous cryptographic operations. It sets up the heap hint and
device ID for hardware acceleration support.
\return 0 On success.
\return BAD_FUNC_ARG If arc4 is NULL.
\param arc4 pointer to the Arc4 structure to initialize
\param heap pointer to heap hint for memory allocation (can be NULL)
\param devId device ID for hardware acceleration (use INVALID_DEVID
for software)
_Example_
\code
Arc4 arc4;
int ret = wc_Arc4Init(&arc4, NULL, INVALID_DEVID);
if (ret != 0) {
// initialization failed
}
// use arc4 for encryption/decryption
wc_Arc4Free(&arc4);
\endcode
\sa wc_Arc4SetKey
\sa wc_Arc4Free
*/
int wc_Arc4Init(Arc4* arc4, void* heap, int devId);
/*!
\ingroup ARC4
\brief This function frees an ARC4 structure, releasing any resources
allocated for asynchronous cryptographic operations. It should be
called when the ARC4 structure is no longer needed.
\return none No return value.
\param arc4 pointer to the Arc4 structure to free
_Example_
\code
Arc4 arc4;
wc_Arc4Init(&arc4, NULL, INVALID_DEVID);
wc_Arc4SetKey(&arc4, key, keyLen);
// use arc4 for encryption/decryption
wc_Arc4Free(&arc4);
\endcode
\sa wc_Arc4Init
\sa wc_Arc4SetKey
*/
void wc_Arc4Free(Arc4* arc4);

105
doc/dox_comments/header_files/ascon.h
View File

@@ -466,4 +466,109 @@ int wc_AsconAEAD128_DecryptUpdate(wc_AsconAEAD128* a, byte* out, const byte* in,
*/
int wc_AsconAEAD128_DecryptFinal(wc_AsconAEAD128* a, const byte* tag);
/*!
\ingroup ASCON
\brief This function allocates and initializes a new Ascon Hash256
context. The returned context must be freed with wc_AsconHash256_Free
when no longer needed.
\return Pointer to allocated wc_AsconHash256 structure on success.
\return NULL on allocation or initialization failure.
_Example_
\code
wc_AsconHash256* hash = wc_AsconHash256_New();
if (hash == NULL) {
// handle allocation error
}
byte data[]; // data to hash
wc_AsconHash256_Update(hash, data, sizeof(data));
byte digest[ASCON_HASH256_SZ];
wc_AsconHash256_Final(hash, digest);
wc_AsconHash256_Free(hash);
\endcode
\sa wc_AsconHash256_Free
\sa wc_AsconHash256_Init
*/
wc_AsconHash256* wc_AsconHash256_New(void);
/*!
\ingroup ASCON
\brief This function frees an Ascon Hash256 context that was allocated
with wc_AsconHash256_New. It clears the context before freeing to
prevent information leakage.
\return none No return value.
\param a pointer to the wc_AsconHash256 structure to free
_Example_
\code
wc_AsconHash256* hash = wc_AsconHash256_New();
if (hash != NULL) {
// use hash context
wc_AsconHash256_Free(hash);
}
\endcode
\sa wc_AsconHash256_New
\sa wc_AsconHash256_Clear
*/
void wc_AsconHash256_Free(wc_AsconHash256* a);
/*!
\ingroup ASCON
\brief This function clears an Ascon Hash256 context by zeroing all
internal state. This should be called to securely erase sensitive
data from memory.
\return none No return value.
\param a pointer to the wc_AsconHash256 structure to clear
_Example_
\code
wc_AsconHash256 hash;
wc_AsconHash256_Init(&hash);
byte data[]; // data to hash
wc_AsconHash256_Update(&hash, data, sizeof(data));
byte digest[ASCON_HASH256_SZ];
wc_AsconHash256_Final(&hash, digest);
wc_AsconHash256_Clear(&hash);
\endcode
\sa wc_AsconHash256_Init
\sa wc_AsconHash256_Free
*/
void wc_AsconHash256_Clear(wc_AsconHash256* a);
/*!
\ingroup ASCON
\brief This function allocates and initializes a new Ascon AEAD128
context. The returned context must be freed with wc_AsconAEAD128_Free
when no longer needed.
\return Pointer to allocated wc_AsconAEAD128 structure on success.
\return NULL on allocation or initialization failure.
_Example_
\code
wc_AsconAEAD128* aead = wc_AsconAEAD128_New();
if (aead == NULL) {
// handle allocation error
}
byte key[ASCON_AEAD128_KEY_SZ] = { }; // key
byte nonce[ASCON_AEAD128_NONCE_SZ] = { }; // nonce
wc_AsconAEAD128_SetKey(aead, key);
wc_AsconAEAD128_SetNonce(aead, nonce);
// perform encryption/decryption
wc_AsconAEAD128_Free(aead);
\endcode
\sa wc_AsconAEAD128_Free
\sa wc_AsconAEAD128_Init
*/
wc_AsconAEAD128* wc_AsconAEAD128_New(void);

239
doc/dox_comments/header_files/asn.h
View File

@@ -0,0 +1,239 @@
/*!
\ingroup ASN
\brief This function converts BER (Basic Encoding Rules) formatted data
to DER (Distinguished Encoding Rules) format. BER allows indefinite
length encoding while DER requires definite lengths. This function
calculates definite lengths for all indefinite length items.
\return 0 On success.
\return ASN_PARSE_E If the BER data is invalid.
\return BAD_FUNC_ARG If ber or derSz are NULL.
\return BUFFER_E If der is not NULL and derSz is too small.
\param ber pointer to the buffer containing BER formatted data
\param berSz size of the BER data in bytes
\param der pointer to buffer to store DER formatted data (can be NULL
to calculate required size)
\param derSz pointer to size of der buffer; updated with actual size
needed or used
\note This API is not public by default. Define WOLFSSL_PUBLIC_ASN to
expose APIs marked WOLFSSL_ASN_API.
_Example_
\code
byte ber[256] = { }; // BER encoded data
byte der[256];
word32 derSz = sizeof(der);
int ret = wc_BerToDer(ber, sizeof(ber), der, &derSz);
if (ret == 0) {
// der now contains DER formatted data of length derSz
}
\endcode
\sa wc_EncodeObjectId
*/
int wc_BerToDer(const byte* ber, word32 berSz, byte* der, word32* derSz);
/*!
\ingroup ASN
\brief This function frees a linked list of alternative names
(DNS_entry structures). It deallocates each node and its associated
name string, IP string, and RID string if present.
\return none No return value.
\param altNames pointer to the head of the alternative names linked list
\param heap pointer to heap hint for memory deallocation (can be NULL)
\note This API is not public by default. Define WOLFSSL_PUBLIC_ASN to
expose APIs marked WOLFSSL_ASN_API.
_Example_
\code
DNS_entry* altNames = NULL;
// populate altNames with certificate alternative names
FreeAltNames(altNames, NULL);
// altNames list is now freed
\endcode
\sa AltNameNew
*/
void FreeAltNames(DNS_entry* altNames, void* heap);
/*!
\ingroup ASN
\brief This function sets an extended callback for handling unknown
certificate extensions during certificate parsing. The callback
receives additional context information compared to the basic
callback.
\return 0 On success.
\return BAD_FUNC_ARG If cert is NULL.
\param cert pointer to the DecodedCert structure
\param cb callback function to handle unknown extensions
\param ctx context pointer passed to the callback
\note This API is not public by default. Define WOLFSSL_PUBLIC_ASN to
expose APIs marked WOLFSSL_ASN_API.
_Example_
\code
DecodedCert cert;
int UnknownExtCallback(const byte* oid, word32 oidSz, int crit,
const byte* der, word32 derSz, void* ctx) {
// handle unknown extension
return 0;
}
wc_InitDecodedCert(&cert, derCert, derCertSz, NULL);
wc_SetUnknownExtCallbackEx(&cert, UnknownExtCallback, myContext);
wc_ParseCert(&cert, CERT_TYPE, NO_VERIFY, NULL);
\endcode
\sa wc_SetUnknownExtCallback
\sa wc_InitDecodedCert
*/
int wc_SetUnknownExtCallbackEx(DecodedCert* cert,
wc_UnknownExtCallbackEx cb, void *ctx);
/*!
\ingroup ASN
\brief This function verifies the signature on a certificate using a
certificate manager. It checks that the certificate is properly
signed by a trusted CA.
\return 0 On successful signature verification.
\return ASN_SIG_CONFIRM_E If signature verification fails.
\return Other negative values on error.
\param cert pointer to the DER encoded certificate
\param certSz size of the certificate in bytes
\param heap pointer to heap hint for memory allocation (can be NULL)
\param cm pointer to certificate manager containing trusted CAs
_Example_
\code
byte cert[2048] = { }; // DER encoded certificate
word32 certSz = sizeof(cert);
WOLFSSL_CERT_MANAGER* cm;
cm = wolfSSL_CertManagerNew();
wolfSSL_CertManagerLoadCA(cm, "ca-cert.pem", NULL);
int ret = wc_CheckCertSignature(cert, certSz, NULL, cm);
if (ret == 0) {
// certificate signature is valid
}
wolfSSL_CertManagerFree(cm);
\endcode
\sa wolfSSL_CertManagerNew
\sa wolfSSL_CertManagerLoadCA
*/
int wc_CheckCertSignature(const byte* cert, word32 certSz, void* heap,
void* cm);
/*!
\ingroup ASN
\brief This function encodes an array of word16 values into an ASN.1
Object Identifier (OID) in DER format. OIDs are used to identify
algorithms, extensions, and other objects in certificates and
cryptographic protocols.
\return 0 On success.
\return BAD_FUNC_ARG If in, inSz, or outSz are invalid.
\return BUFFER_E If out is not NULL and outSz is too small.
\param in pointer to array of word16 values representing OID components
\param inSz number of components in the OID
\param out pointer to buffer to store encoded OID (can be NULL to
calculate size)
\param outSz pointer to size of out buffer; updated with actual size
_Example_
\code
word16 oid[] = {1, 2, 840, 113549, 1, 1, 11}; // sha256WithRSAEncryption
byte encoded[32];
word32 encodedSz = sizeof(encoded);
int ret = wc_EncodeObjectId(oid, sizeof(oid)/sizeof(word16),
encoded, &encodedSz);
if (ret == 0) {
// encoded contains DER encoded OID
}
\endcode
\sa wc_BerToDer
*/
int wc_EncodeObjectId(const word16* in, word32 inSz, byte* out,
word32* outSz);
/*!
\ingroup ASN
\brief This function sets the algorithm identifier in DER format. It
encodes the algorithm OID and optional parameters based on the
algorithm type and curve size.
\return Length of the encoded algorithm identifier on success.
\return Negative value on error.
\param algoOID algorithm object identifier constant
\param output pointer to buffer to store encoded algorithm ID
\param type type of encoding (oidSigType, oidHashType, etc.)
\param curveSz size of the curve for ECC algorithms (0 for non-ECC)
_Example_
\code
byte algId[32];
word32 len;
len = SetAlgoID(CTC_SHA256wRSA, algId, oidSigType, 0);
if (len > 0) {
// algId contains encoded algorithm identifier
}
\endcode
\sa wc_EncodeObjectId
*/
word32 SetAlgoID(int algoOID, byte* output, int type, int curveSz);
/*!
\ingroup ASN
\brief This function decodes a DER encoded Diffie-Hellman public key.
It extracts the public key value from the DER encoding and stores it
in the DhKey structure.
\return 0 On success.
\return BAD_FUNC_ARG If input, inOutIdx, key, or inSz are invalid.
\return ASN_PARSE_E If the DER encoding is invalid.
\return Other negative values on error.
\param input pointer to buffer containing DER encoded public key
\param inOutIdx pointer to index in buffer; updated to end of key
\param key pointer to DhKey structure to store decoded public key
\param inSz size of the input buffer
_Example_
\code
byte derKey[256] = { }; // DER encoded DH public key
word32 idx = 0;
DhKey key;
wc_InitDhKey(&key);
int ret = wc_DhPublicKeyDecode(derKey, &idx, &key, sizeof(derKey));
if (ret == 0) {
// key now contains the decoded public key
}
wc_FreeDhKey(&key);
\endcode
\sa wc_InitDhKey
\sa wc_DhKeyDecode
*/
int wc_DhPublicKeyDecode(const byte* input, word32* inOutIdx, DhKey* key,
word32 inSz);

1553
doc/dox_comments/header_files/asn_public.h
View File

File diff suppressed because it is too large Load Diff

41
doc/dox_comments/header_files/chacha.h
View File

@@ -97,3 +97,44 @@ int wc_Chacha_Process(ChaCha* ctx, byte* cipher, const byte* plain,
\sa wc_Chacha_Process
*/
int wc_Chacha_SetKey(ChaCha* ctx, const byte* key, word32 keySz);
/*!
\ingroup ChaCha
\brief This function sets the key and nonce for an XChaCha cipher
context. XChaCha extends ChaCha20 to use a 192-bit nonce instead of
96 bits, providing better security for applications that need to
encrypt many messages with the same key.
\return 0 On success.
\return BAD_FUNC_ARG If ctx, key, or nonce is NULL, or if keySz is
invalid, or if nonceSz is not XCHACHA_NONCE_BYTES (24 bytes).
\return Other negative values on error.
\param ctx pointer to the ChaCha structure to initialize
\param key pointer to the key buffer (16 or 32 bytes)
\param keySz length of the key in bytes (16 or 32)
\param nonce pointer to the nonce buffer (must be 24 bytes)
\param nonceSz length of the nonce in bytes (must be 24)
\param counter initial block counter value (usually 0)
_Example_
\code
ChaCha ctx;
byte key[32] = { }; // 256-bit key
byte nonce[24] = { }; // 192-bit nonce
byte plaintext[100] = { }; // data to encrypt
byte ciphertext[100];
int ret = wc_XChacha_SetKey(&ctx, key, 32, nonce, 24, 0);
if (ret != 0) {
// error setting XChaCha key
}
wc_Chacha_Process(&ctx, ciphertext, plaintext, 100);
\endcode
\sa wc_Chacha_SetKey
\sa wc_Chacha_SetIV
\sa wc_Chacha_Process
*/
int wc_XChacha_SetKey(ChaCha *ctx, const byte *key, word32 keySz,
const byte *nonce, word32 nonceSz, word32 counter);

270
doc/dox_comments/header_files/chacha20_poly1305.h
View File

@@ -122,3 +122,273 @@ int wc_ChaCha20Poly1305_Decrypt(
const byte* inCiphertext, word32 inCiphertextLen,
const byte inAuthTag[CHACHA20_POLY1305_AEAD_AUTHTAG_SIZE],
byte* outPlaintext);
/*!
\ingroup ChaCha20Poly1305
\brief Compares two authentication tags in constant time to prevent
timing attacks.
\return 0 If tags match
\return MAC_CMP_FAILED_E If tags do not match
\param authTag First authentication tag
\param authTagChk Second authentication tag to compare
_Example_
\code
byte tag1[CHACHA20_POLY1305_AEAD_AUTHTAG_SIZE];
byte tag2[CHACHA20_POLY1305_AEAD_AUTHTAG_SIZE];
int ret = wc_ChaCha20Poly1305_CheckTag(tag1, tag2);
if (ret != 0) {
// tags do not match
}
\endcode
\sa wc_ChaCha20Poly1305_Decrypt
*/
int wc_ChaCha20Poly1305_CheckTag(
const byte authTag[CHACHA20_POLY1305_AEAD_AUTHTAG_SIZE],
const byte authTagChk[CHACHA20_POLY1305_AEAD_AUTHTAG_SIZE]);
/*!
\ingroup ChaCha20Poly1305
\brief Initializes a ChaChaPoly_Aead structure for incremental
encryption or decryption operations.
\return 0 On success
\return BAD_FUNC_ARG If parameters are invalid
\param aead Pointer to ChaChaPoly_Aead structure to initialize
\param inKey 32-byte encryption key
\param inIV 12-byte initialization vector
\param isEncrypt 1 for encryption, 0 for decryption
_Example_
\code
ChaChaPoly_Aead aead;
byte key[CHACHA20_POLY1305_AEAD_KEYSIZE];
byte iv[CHACHA20_POLY1305_AEAD_IV_SIZE];
int ret = wc_ChaCha20Poly1305_Init(&aead, key, iv, 1);
if (ret != 0) {
// error initializing
}
\endcode
\sa wc_ChaCha20Poly1305_UpdateAad
\sa wc_ChaCha20Poly1305_UpdateData
\sa wc_ChaCha20Poly1305_Final
*/
int wc_ChaCha20Poly1305_Init(ChaChaPoly_Aead* aead,
const byte inKey[CHACHA20_POLY1305_AEAD_KEYSIZE],
const byte inIV[CHACHA20_POLY1305_AEAD_IV_SIZE],
int isEncrypt);
/*!
\ingroup ChaCha20Poly1305
\brief Updates the AEAD context with additional authenticated data
(AAD). Must be called after Init and before UpdateData.
\return 0 On success
\return BAD_FUNC_ARG If parameters are invalid
\param aead Pointer to initialized ChaChaPoly_Aead structure
\param inAAD Additional authenticated data
\param inAADLen Length of AAD in bytes
_Example_
\code
ChaChaPoly_Aead aead;
byte aad[]; // AAD data
wc_ChaCha20Poly1305_Init(&aead, key, iv, 1);
int ret = wc_ChaCha20Poly1305_UpdateAad(&aead, aad, sizeof(aad));
if (ret != 0) {
// error updating AAD
}
\endcode
\sa wc_ChaCha20Poly1305_Init
\sa wc_ChaCha20Poly1305_UpdateData
*/
int wc_ChaCha20Poly1305_UpdateAad(ChaChaPoly_Aead* aead,
const byte* inAAD, word32 inAADLen);
/*!
\ingroup ChaCha20Poly1305
\brief Encrypts or decrypts data incrementally. Can be called
multiple times to process data in chunks.
\return 0 On success
\return BAD_FUNC_ARG If parameters are invalid
\param aead Pointer to initialized ChaChaPoly_Aead structure
\param inData Input data (plaintext or ciphertext)
\param outData Output buffer for result
\param dataLen Length of data to process
_Example_
\code
ChaChaPoly_Aead aead;
byte plain[]; // plaintext
byte cipher[sizeof(plain)];
wc_ChaCha20Poly1305_Init(&aead, key, iv, 1);
wc_ChaCha20Poly1305_UpdateAad(&aead, aad, aadLen);
int ret = wc_ChaCha20Poly1305_UpdateData(&aead, plain,
cipher, sizeof(plain));
\endcode
\sa wc_ChaCha20Poly1305_Init
\sa wc_ChaCha20Poly1305_Final
*/
int wc_ChaCha20Poly1305_UpdateData(ChaChaPoly_Aead* aead,
const byte* inData, byte* outData, word32 dataLen);
/*!
\ingroup ChaCha20Poly1305
\brief Finalizes the AEAD operation and generates the
authentication tag.
\return 0 On success
\return BAD_FUNC_ARG If parameters are invalid
\param aead Pointer to ChaChaPoly_Aead structure
\param outAuthTag Buffer to store 16-byte authentication tag
_Example_
\code
ChaChaPoly_Aead aead;
byte authTag[CHACHA20_POLY1305_AEAD_AUTHTAG_SIZE];
wc_ChaCha20Poly1305_Init(&aead, key, iv, 1);
wc_ChaCha20Poly1305_UpdateAad(&aead, aad, aadLen);
wc_ChaCha20Poly1305_UpdateData(&aead, plain, cipher, plainLen);
int ret = wc_ChaCha20Poly1305_Final(&aead, authTag);
\endcode
\sa wc_ChaCha20Poly1305_Init
\sa wc_ChaCha20Poly1305_UpdateData
*/
int wc_ChaCha20Poly1305_Final(ChaChaPoly_Aead* aead,
byte outAuthTag[CHACHA20_POLY1305_AEAD_AUTHTAG_SIZE]);
/*!
\ingroup ChaCha20Poly1305
\brief Initializes XChaCha20-Poly1305 AEAD with extended nonce.
XChaCha20 uses a 24-byte nonce instead of 12-byte.
\return 0 On success
\return BAD_FUNC_ARG If parameters are invalid
\param aead Pointer to ChaChaPoly_Aead structure
\param ad Additional authenticated data
\param ad_len Length of AAD
\param inKey Encryption key
\param inKeySz Key size (must be 32)
\param inIV Initialization vector
\param inIVSz IV size (must be 24 for XChaCha20)
\param isEncrypt 1 for encryption, 0 for decryption
_Example_
\code
ChaChaPoly_Aead aead;
byte key[32];
byte iv[24];
byte aad[]; // AAD
int ret = wc_XChaCha20Poly1305_Init(&aead, aad, sizeof(aad),
key, 32, iv, 24, 1);
\endcode
\sa wc_XChaCha20Poly1305_Encrypt
\sa wc_XChaCha20Poly1305_Decrypt
*/
int wc_XChaCha20Poly1305_Init(ChaChaPoly_Aead* aead,
const byte *ad, word32 ad_len,
const byte *inKey, word32 inKeySz,
const byte *inIV, word32 inIVSz,
int isEncrypt);
/*!
\ingroup ChaCha20Poly1305
\brief One-shot XChaCha20-Poly1305 encryption with 24-byte nonce.
\return 0 On success
\return BAD_FUNC_ARG If parameters are invalid
\return BUFFER_E If dst_space is insufficient
\param dst Output buffer for ciphertext and tag
\param dst_space Size of output buffer
\param src Input plaintext
\param src_len Length of plaintext
\param ad Additional authenticated data
\param ad_len Length of AAD
\param nonce 24-byte nonce
\param nonce_len Nonce length (must be 24)
\param key 32-byte encryption key
\param key_len Key length (must be 32)
_Example_
\code
byte key[32], nonce[24];
byte plain[]; // plaintext
byte cipher[sizeof(plain) + 16];
int ret = wc_XChaCha20Poly1305_Encrypt(cipher, sizeof(cipher),
plain, sizeof(plain),
NULL, 0, nonce, 24,
key, 32);
\endcode
\sa wc_XChaCha20Poly1305_Decrypt
*/
int wc_XChaCha20Poly1305_Encrypt(byte *dst, size_t dst_space,
const byte *src, size_t src_len,
const byte *ad, size_t ad_len,
const byte *nonce, size_t nonce_len,
const byte *key, size_t key_len);
/*!
\ingroup ChaCha20Poly1305
\brief One-shot XChaCha20-Poly1305 decryption with 24-byte nonce.
\return 0 On success
\return BAD_FUNC_ARG If parameters are invalid
\return BUFFER_E If dst_space is insufficient
\return MAC_CMP_FAILED_E If authentication fails
\param dst Output buffer for plaintext
\param dst_space Size of output buffer
\param src Input ciphertext with tag
\param src_len Length of ciphertext plus tag
\param ad Additional authenticated data
\param ad_len Length of AAD
\param nonce 24-byte nonce
\param nonce_len Nonce length (must be 24)
\param key 32-byte decryption key
\param key_len Key length (must be 32)
_Example_
\code
byte key[32], nonce[24];
byte cipher[]; // ciphertext + tag
byte plain[sizeof(cipher) - 16];
int ret = wc_XChaCha20Poly1305_Decrypt(plain, sizeof(plain),
cipher, sizeof(cipher),
NULL, 0, nonce, 24,
key, 32);
if (ret == MAC_CMP_FAILED_E) {
// authentication failed
}
\endcode
\sa wc_XChaCha20Poly1305_Encrypt
*/
int wc_XChaCha20Poly1305_Decrypt(byte *dst, size_t dst_space,
const byte *src, size_t src_len,
const byte *ad, size_t ad_len,
const byte *nonce, size_t nonce_len,
const byte *key, size_t key_len);

79
doc/dox_comments/header_files/cmac.h
View File

@@ -206,3 +206,82 @@ int wc_AesCmacVerify(const byte* check, word32 checkSz,
\endcode
*/
int wc_CMAC_Grow(Cmac* cmac, const byte* in, int inSz);
/*!
\ingroup CMAC
\brief Single shot AES-CMAC generation with extended parameters
including heap and device ID.
\return 0 on success
\return BAD_FUNC_ARG if parameters are invalid
\param cmac Pointer to Cmac structure (can be NULL for one-shot)
\param out Buffer to store MAC output
\param outSz Pointer to output size (in/out)
\param in Input data to authenticate
\param inSz Length of input data
\param key AES key
\param keySz Key size (16, 24, or 32 bytes)
\param heap Heap hint for memory allocation (can be NULL)
\param devId Device ID for hardware acceleration (use
INVALID_DEVID for software)
_Example_
\code
byte mac[AES_BLOCK_SIZE];
word32 macSz = sizeof(mac);
byte key[16], msg[64];
int ret = wc_AesCmacGenerate_ex(NULL, mac, &macSz, msg,
sizeof(msg), key, sizeof(key),
NULL, INVALID_DEVID);
\endcode
\sa wc_AesCmacGenerate
\sa wc_AesCmacVerify_ex
*/
int wc_AesCmacGenerate_ex(Cmac *cmac, byte* out, word32* outSz,
const byte* in, word32 inSz,
const byte* key, word32 keySz,
void* heap, int devId);
/*!
\ingroup CMAC
\brief Single shot AES-CMAC verification with extended parameters
including heap and device ID.
\return 0 on success
\return BAD_FUNC_ARG if parameters are invalid
\return MAC_CMP_FAILED_E if MAC verification fails
\param cmac Pointer to Cmac structure (can be NULL for one-shot)
\param check Expected MAC value to verify
\param checkSz Size of expected MAC
\param in Input data to authenticate
\param inSz Length of input data
\param key AES key
\param keySz Key size (16, 24, or 32 bytes)
\param heap Heap hint for memory allocation (can be NULL)
\param devId Device ID for hardware acceleration (use
INVALID_DEVID for software)
_Example_
\code
byte mac[AES_BLOCK_SIZE];
byte key[16], msg[64];
int ret = wc_AesCmacVerify_ex(NULL, mac, sizeof(mac), msg,
sizeof(msg), key, sizeof(key),
NULL, INVALID_DEVID);
if (ret == MAC_CMP_FAILED_E) {
// MAC verification failed
}
\endcode
\sa wc_AesCmacVerify
\sa wc_AesCmacGenerate_ex
*/
int wc_AesCmacVerify_ex(Cmac* cmac, const byte* check, word32 checkSz,
const byte* in, word32 inSz,
const byte* key, word32 keySz,
void* heap, int devId);

40
doc/dox_comments/header_files/coding.h
View File

@@ -235,3 +235,43 @@ int Base16_Decode(const byte* in, word32 inLen, byte* out, word32* outLen);
*/
int Base16_Encode(const byte* in, word32 inLen, byte* out, word32* outLen);
/*!
\ingroup Base_Encoding
\brief This function decodes Base64 encoded input without using
constant-time operations. This is faster than the constant-time
version but may be vulnerable to timing attacks. Use only when
timing attacks are not a concern.
\return 0 On successfully decoding the Base64 encoded input.
\return BAD_FUNC_ARG If the output buffer is too small to store the
decoded input.
\return ASN_INPUT_E If a character in the input buffer falls outside
of the Base64 range or if there is an invalid line ending.
\return BUFFER_E If running out of buffer while decoding.
\param in pointer to the input buffer to decode
\param inLen length of the input buffer to decode
\param out pointer to the output buffer to store decoded message
\param outLen pointer to length of output buffer; updated with bytes
written
_Example_
\code
byte encoded[] = "SGVsbG8gV29ybGQ="; // "Hello World" in Base64
byte decoded[64];
word32 outLen = sizeof(decoded);
int ret = Base64_Decode_nonCT(encoded, sizeof(encoded)-1, decoded,
&outLen);
if (ret != 0) {
// error decoding input
}
// decoded now contains "Hello World"
\endcode
\sa Base64_Decode
\sa Base64_Encode
*/
int Base64_Decode_nonCT(const byte* in, word32 inLen, byte* out,
word32* outLen);

128
doc/dox_comments/header_files/compress.h
View File

@@ -70,3 +70,131 @@ int wc_Compress(byte* out, word32 outSz, const byte* in, word32 inSz, word32 fla
\sa wc_Compress
*/
int wc_DeCompress(byte* out, word32 outSz, const byte* in, word32 inSz);
/*!
\ingroup Compression
\brief This function compresses the given input data using Huffman
coding with extended parameters. This is similar to wc_Compress but
allows specification of compression flags and window bits for more
control over the compression process.
\return On successfully compressing the input data, returns the
number of bytes stored in the output buffer
\return COMPRESS_INIT_E Returned if there is an error initializing
the stream for compression
\return COMPRESS_E Returned if an error occurs during compression
\param out pointer to the output buffer in which to store the
compressed data
\param outSz size available in the output buffer for storage
\param in pointer to the buffer containing the message to compress
\param inSz size of the input message to compress
\param flags flags to control how compression operates
\param windowBits the base two logarithm of the window size (8..15)
_Example_
\code
byte message[] = { // initialize text to compress };
byte compressed[(sizeof(message) + sizeof(message) * .001 + 12)];
word32 flags = 0;
word32 windowBits = 15; // 32KB window
int ret = wc_Compress_ex(compressed, sizeof(compressed), message,
sizeof(message), flags, windowBits);
if (ret < 0) {
// error compressing data
}
\endcode
\sa wc_Compress
\sa wc_DeCompress_ex
*/
int wc_Compress_ex(byte* out, word32 outSz, const byte* in, word32 inSz,
word32 flags, word32 windowBits);
/*!
\ingroup Compression
\brief This function decompresses the given compressed data using
Huffman coding with extended parameters. This is similar to
wc_DeCompress but allows specification of window bits for more
control over the decompression process.
\return On successfully decompressing the input data, returns the
number of bytes stored in the output buffer
\return COMPRESS_INIT_E Returned if there is an error initializing
the stream for decompression
\return COMPRESS_E Returned if an error occurs during decompression
\param out pointer to the output buffer in which to store the
decompressed data
\param outSz size available in the output buffer for storage
\param in pointer to the buffer containing the message to decompress
\param inSz size of the input message to decompress
\param windowBits the base two logarithm of the window size (8..15)
_Example_
\code
byte compressed[] = { // initialize compressed message };
byte decompressed[MAX_MESSAGE_SIZE];
int windowBits = 15;
int ret = wc_DeCompress_ex(decompressed, sizeof(decompressed),
compressed, sizeof(compressed),
windowBits);
if (ret < 0) {
// error decompressing data
}
\endcode
\sa wc_DeCompress
\sa wc_Compress_ex
*/
int wc_DeCompress_ex(byte* out, word32 outSz, const byte* in, word32 inSz,
int windowBits);
/*!
\ingroup Compression
\brief This function decompresses the given compressed data using
Huffman coding with dynamic memory allocation. The output buffer is
allocated dynamically and the caller is responsible for freeing it.
\return On successfully decompressing the input data, returns the
number of bytes stored in the output buffer
\return COMPRESS_INIT_E Returned if there is an error initializing
the stream for decompression
\return COMPRESS_E Returned if an error occurs during decompression
\return MEMORY_E Returned if memory allocation fails
\param out pointer to pointer that will be set to the allocated
output buffer
\param max maximum size to allocate for output buffer
\param memoryType type of memory to allocate (DYNAMIC_TYPE_TMP_BUFFER)
\param in pointer to the buffer containing the message to decompress
\param inSz size of the input message to decompress
\param windowBits the base two logarithm of the window size (8..15)
\param heap heap hint for memory allocation (can be NULL)
_Example_
\code
byte compressed[] = { // initialize compressed message };
byte* decompressed = NULL;
int max = 1024 * 1024; // 1MB max
int ret = wc_DeCompressDynamic(&decompressed, max,
DYNAMIC_TYPE_TMP_BUFFER, compressed,
sizeof(compressed), 15, NULL);
if (ret < 0) {
// error decompressing data
}
else {
// use decompressed data
XFREE(decompressed, NULL, DYNAMIC_TYPE_TMP_BUFFER);
}
\endcode
\sa wc_DeCompress
\sa wc_DeCompress_ex
*/
int wc_DeCompressDynamic(byte** out, int max, int memoryType,
const byte* in, word32 inSz, int windowBits,
void* heap);

71
doc/dox_comments/header_files/cryptocb.h
View File

@@ -109,3 +109,74 @@ int wc_CryptoCb_RegisterDevice(int devId, CryptoDevCallbackFunc cb, void* ctx);
\sa wolfSSL_CTX_SetDevId
*/
void wc_CryptoCb_UnRegisterDevice(int devId);
/*!
\ingroup CryptoCb
\brief This function returns the default device ID for crypto
callbacks. This is useful when you want to get the device ID that
was set as the default for the library.
\return The default device ID, or INVALID_DEVID if no default is set.
_Example_
\code
int devId = wc_CryptoCb_DefaultDevID();
if (devId != INVALID_DEVID) {
// default device ID is set
}
\endcode
\sa wc_CryptoCb_RegisterDevice
\sa wc_CryptoCb_UnRegisterDevice
*/
int wc_CryptoCb_DefaultDevID(void);
/*!
\ingroup CryptoCb
\brief This function sets a callback for finding crypto devices.
The callback is invoked when a device ID needs to be resolved to
a device context. This is useful for dynamic device management.
\return none No returns.
\param cb callback function with prototype:
typedef void* (*CryptoDevCallbackFind)(int devId);
_Example_
\code
void* myDeviceFindCb(int devId) {
// lookup device context by ID
return deviceContext;
}
wc_CryptoCb_SetDeviceFindCb(myDeviceFindCb);
\endcode
\sa wc_CryptoCb_RegisterDevice
*/
void wc_CryptoCb_SetDeviceFindCb(CryptoDevCallbackFind cb);
/*!
\ingroup CryptoCb
\brief This function converts a wc_CryptoInfo structure to a
human-readable string for debugging purposes. The string is printed
to stdout and describes the cryptographic operation being performed.
\return none No returns.
\param info pointer to the wc_CryptoInfo structure to convert
_Example_
\code
int myCryptoCb(int devId, wc_CryptoInfo* info, void* ctx) {
// print debug info about the operation
wc_CryptoCb_InfoString(info);
// handle the operation
return CRYPTOCB_UNAVAILABLE;
}
\endcode
\sa wc_CryptoCb_RegisterDevice
*/
void wc_CryptoCb_InfoString(wc_CryptoInfo* info);

323
doc/dox_comments/header_files/curve25519.h
View File

@@ -769,3 +769,326 @@ int wc_curve25519_export_key_raw_ex(curve25519_key* key,
*/
int wc_curve25519_size(curve25519_key* key);
/*!
\ingroup Curve25519
\brief This function generates a Curve25519 public key from a given
private key. This is a lower-level function that operates directly
on byte buffers rather than curve25519_key structures.
\return 0 On successfully generating the public key
\return ECC_BAD_ARG_E If the key sizes are invalid
\return BAD_FUNC_ARG If any input parameters are NULL
\param public_size Size of the public key buffer (must be 32)
\param pub Pointer to buffer to store the public key
\param private_size Size of the private key (must be 32)
\param priv Pointer to buffer containing the private key
_Example_
\code
byte priv[CURVE25519_KEYSIZE];
byte pub[CURVE25519_KEYSIZE];
// initialize priv with private key
int ret = wc_curve25519_make_pub(sizeof(pub), pub, sizeof(priv),
priv);
if (ret != 0) {
// error generating public key
}
\endcode
\sa wc_curve25519_make_key
\sa wc_curve25519_make_pub_blind
*/
int wc_curve25519_make_pub(int public_size, byte* pub, int private_size,
const byte* priv);
/*!
\ingroup Curve25519
\brief This function generates a Curve25519 public key from a given
private key with blinding to resist side-channel attacks. This adds
randomization to the scalar multiplication operation.
\return 0 On successfully generating the public key
\return ECC_BAD_ARG_E If the key sizes are invalid
\return BAD_FUNC_ARG If any input parameters are NULL
\param public_size Size of the public key buffer (must be 32)
\param pub Pointer to buffer to store the public key
\param private_size Size of the private key (must be 32)
\param priv Pointer to buffer containing the private key
\param rng Pointer to initialized RNG for blinding
_Example_
\code
WC_RNG rng;
byte priv[CURVE25519_KEYSIZE];
byte pub[CURVE25519_KEYSIZE];
wc_InitRng(&rng);
// initialize priv with private key
int ret = wc_curve25519_make_pub_blind(sizeof(pub), pub,
sizeof(priv), priv, &rng);
if (ret != 0) {
// error generating public key
}
\endcode
\sa wc_curve25519_make_pub
\sa wc_curve25519_generic_blind
*/
int wc_curve25519_make_pub_blind(int public_size, byte* pub,
int private_size, const byte* priv,
WC_RNG* rng);
/*!
\ingroup Curve25519
\brief This function performs a generic Curve25519 scalar
multiplication with a custom basepoint. This allows computing
scalar * basepoint for any basepoint, not just the standard
generator.
\return 0 On successfully computing the result
\return ECC_BAD_ARG_E If the sizes are invalid
\return BAD_FUNC_ARG If any input parameters are NULL
\param public_size Size of the output buffer (must be 32)
\param pub Pointer to buffer to store the result
\param private_size Size of the scalar (must be 32)
\param priv Pointer to buffer containing the scalar
\param basepoint_size Size of the basepoint (must be 32)
\param basepoint Pointer to buffer containing the basepoint
_Example_
\code
byte scalar[CURVE25519_KEYSIZE];
byte basepoint[CURVE25519_KEYSIZE];
byte result[CURVE25519_KEYSIZE];
// initialize scalar and basepoint
int ret = wc_curve25519_generic(sizeof(result), result,
sizeof(scalar), scalar,
sizeof(basepoint), basepoint);
if (ret != 0) {
// error computing result
}
\endcode
\sa wc_curve25519_shared_secret
\sa wc_curve25519_generic_blind
*/
int wc_curve25519_generic(int public_size, byte* pub, int private_size,
const byte* priv, int basepoint_size,
const byte* basepoint);
/*!
\ingroup Curve25519
\brief This function performs a generic Curve25519 scalar
multiplication with a custom basepoint and blinding to resist
side-channel attacks.
\return 0 On successfully computing the result
\return ECC_BAD_ARG_E If the sizes are invalid
\return BAD_FUNC_ARG If any input parameters are NULL
\param public_size Size of the output buffer (must be 32)
\param pub Pointer to buffer to store the result
\param private_size Size of the scalar (must be 32)
\param priv Pointer to buffer containing the scalar
\param basepoint_size Size of the basepoint (must be 32)
\param basepoint Pointer to buffer containing the basepoint
\param rng Pointer to initialized RNG for blinding
_Example_
\code
WC_RNG rng;
byte scalar[CURVE25519_KEYSIZE];
byte basepoint[CURVE25519_KEYSIZE];
byte result[CURVE25519_KEYSIZE];
wc_InitRng(&rng);
// initialize scalar and basepoint
int ret = wc_curve25519_generic_blind(sizeof(result), result,
sizeof(scalar), scalar,
sizeof(basepoint), basepoint,
&rng);
\endcode
\sa wc_curve25519_generic
\sa wc_curve25519_make_pub_blind
*/
int wc_curve25519_generic_blind(int public_size, byte* pub,
int private_size, const byte* priv,
int basepoint_size, const byte* basepoint,
WC_RNG* rng);
/*!
\ingroup Curve25519
\brief This function generates a Curve25519 private key using the
given random number generator. This is a lower-level function that
generates only the private key bytes.
\return 0 On successfully generating the private key
\return ECC_BAD_ARG_E If keysize is invalid
\return BAD_FUNC_ARG If any input parameters are NULL
\return RNG_FAILURE_E If random number generation fails
\param rng Pointer to initialized RNG
\param keysize Size of the key to generate (must be 32)
\param priv Pointer to buffer to store the private key
_Example_
\code
WC_RNG rng;
byte priv[CURVE25519_KEYSIZE];
wc_InitRng(&rng);
int ret = wc_curve25519_make_priv(&rng, sizeof(priv), priv);
if (ret != 0) {
// error generating private key
}
\endcode
\sa wc_curve25519_make_key
\sa wc_curve25519_make_pub
*/
int wc_curve25519_make_priv(WC_RNG* rng, int keysize, byte* priv);
/*!
\ingroup Curve25519
\brief This function initializes a Curve25519 key with extended
parameters, allowing specification of custom heap and device ID
for hardware acceleration.
\return 0 On successfully initializing the key
\return BAD_FUNC_ARG If key is NULL
\param key Pointer to the curve25519_key structure to initialize
\param heap Pointer to heap hint for memory allocation (can be
NULL)
\param devId Device ID for hardware acceleration (use
INVALID_DEVID for software only)
_Example_
\code
curve25519_key key;
void* heap = NULL;
int devId = INVALID_DEVID;
int ret = wc_curve25519_init_ex(&key, heap, devId);
if (ret != 0) {
// error initializing key
}
\endcode
\sa wc_curve25519_init
\sa wc_curve25519_free
*/
int wc_curve25519_init_ex(curve25519_key* key, void* heap, int devId);
/*!
\ingroup Curve25519
\brief This function sets the RNG to be used with a Curve25519
key. This is useful for operations that require randomness such
as blinded scalar multiplication.
\return 0 On successfully setting the RNG
\return BAD_FUNC_ARG If key or rng is NULL
\param key Pointer to the curve25519_key structure
\param rng Pointer to initialized RNG
_Example_
\code
WC_RNG rng;
curve25519_key key;
wc_InitRng(&rng);
wc_curve25519_init(&key);
int ret = wc_curve25519_set_rng(&key, &rng);
if (ret != 0) {
// error setting RNG
}
\endcode
\sa wc_curve25519_init
\sa wc_curve25519_make_key
*/
int wc_curve25519_set_rng(curve25519_key* key, WC_RNG* rng);
/*!
\ingroup Curve25519
\brief This function allocates and initializes a new Curve25519
key structure with extended parameters. The caller is responsible
for freeing the key with wc_curve25519_delete. These New/Delete
functions are exposed to support allocation of the structure using
dynamic memory to provide better ABI compatibility.
\note This API is only available when WC_NO_CONSTRUCTORS is not defined.
WC_NO_CONSTRUCTORS is automatically defined when WOLFSSL_NO_MALLOC is
defined.
\return Pointer to newly allocated curve25519_key on success
\return NULL on failure
\param heap Pointer to heap hint for memory allocation (can be
NULL)
\param devId Device ID for hardware acceleration (use
INVALID_DEVID for software only)
\param result_code Pointer to store result code (0 on success)
_Example_
\code
int ret;
curve25519_key* key;
key = wc_curve25519_new(NULL, INVALID_DEVID, &ret);
if (key == NULL || ret != 0) {
// error allocating key
}
// use key
wc_curve25519_delete(key, &key);
\endcode
\sa wc_curve25519_delete
\sa wc_curve25519_init_ex
*/
curve25519_key* wc_curve25519_new(void* heap, int devId,
int *result_code);
/*!
\ingroup Curve25519
\brief This function frees a Curve25519 key structure that was
allocated with wc_curve25519_new and sets the pointer to NULL.
These New/Delete functions are exposed to support allocation of the
structure using dynamic memory to provide better ABI compatibility.
\note This API is only available when WC_NO_CONSTRUCTORS is not defined.
WC_NO_CONSTRUCTORS is automatically defined when WOLFSSL_NO_MALLOC is
defined.
\return 0 On successfully freeing the key
\return BAD_FUNC_ARG If key or key_p is NULL
\param key Pointer to the curve25519_key structure to free
\param key_p Pointer to the key pointer (will be set to NULL)
_Example_
\code
int ret;
curve25519_key* key;
key = wc_curve25519_new(NULL, INVALID_DEVID, &ret);
// use key
ret = wc_curve25519_delete(key, &key);
if (ret != 0) {
// error freeing key
}
// key is now NULL
\endcode
\sa wc_curve25519_new
\sa wc_curve25519_free
*/
int wc_curve25519_delete(curve25519_key* key, curve25519_key** key_p);

34
doc/dox_comments/header_files/curve448.h
View File

@@ -766,3 +766,37 @@ int wc_curve448_export_key_raw_ex(curve448_key* key,
*/
int wc_curve448_size(curve448_key* key);
/*!
\ingroup Curve448
\brief This function generates a Curve448 public key from a given
private key. It computes the public key by performing scalar
multiplication of the base point with the private key.
\return 0 On success.
\return ECC_BAD_ARG_E If public_size is not CURVE448_PUB_KEY_SIZE or
if private_size is not CURVE448_KEY_SIZE.
\return BAD_FUNC_ARG If pub or priv is NULL.
\param public_size size of the public key buffer (must be 56 bytes)
\param pub pointer to buffer to store the generated public key
\param private_size size of the private key (must be 56 bytes)
\param priv pointer to the private key buffer
_Example_
\code
byte priv[CURVE448_KEY_SIZE] = { }; // private key
byte pub[CURVE448_PUB_KEY_SIZE];
int ret = wc_curve448_make_pub(CURVE448_PUB_KEY_SIZE, pub,
CURVE448_KEY_SIZE, priv);
if (ret != 0) {
// error generating public key
}
\endcode
\sa wc_curve448_make_key
\sa wc_curve448_import_private
*/
int wc_curve448_make_pub(int public_size, byte* pub, int private_size,
const byte* priv);

121
doc/dox_comments/header_files/des3.h
View File

@@ -330,3 +330,124 @@ int wc_Des3_CbcEncrypt(Des3* des, byte* out,
*/
int wc_Des3_CbcDecrypt(Des3* des, byte* out,
const byte* in,word32 sz);
/*!
\ingroup 3DES
\brief This function decrypts the input ciphertext and stores the
resulting plaintext in the output buffer. It uses DES encryption
with Electronic Codebook (ECB) mode. Warning: In nearly all use
cases ECB mode is considered to be less secure. Please avoid using
ECB APIs directly whenever possible.
\return 0 On successfully decrypting the given ciphertext
\param des pointer to the Des structure to use for decryption
\param out pointer to the buffer in which to store the decrypted
plaintext
\param in pointer to the input buffer containing the ciphertext
\param sz length of the ciphertext to decrypt
_Example_
\code
Des dec;
byte cipher[]; // ciphertext to decrypt
byte plain[sizeof(cipher)];
wc_Des_SetKey(&dec, key, iv, DES_DECRYPTION);
if (wc_Des_EcbDecrypt(&dec, plain, cipher, sizeof(cipher)) != 0) {
// error decrypting message
}
\endcode
\sa wc_Des_SetKey
\sa wc_Des_EcbEncrypt
*/
int wc_Des_EcbDecrypt(Des* des, byte* out, const byte* in, word32 sz);
/*!
\ingroup 3DES
\brief This function decrypts the input ciphertext and stores the
resulting plaintext in the output buffer. It uses Triple DES (3DES)
encryption with Electronic Codebook (ECB) mode. Warning: In nearly
all use cases ECB mode is considered to be less secure. Please
avoid using ECB APIs directly whenever possible.
\return 0 On successfully decrypting the given ciphertext
\param des pointer to the Des3 structure to use for decryption
\param out pointer to the buffer in which to store the decrypted
plaintext
\param in pointer to the input buffer containing the ciphertext
\param sz length of the ciphertext to decrypt
_Example_
\code
Des3 dec;
byte cipher[]; // ciphertext to decrypt
byte plain[sizeof(cipher)];
wc_Des3_SetKey(&dec, key, iv, DES_DECRYPTION);
if (wc_Des3_EcbDecrypt(&dec, plain, cipher, sizeof(cipher)) != 0) {
// error decrypting message
}
\endcode
\sa wc_Des3_SetKey
\sa wc_Des3_EcbEncrypt
*/
int wc_Des3_EcbDecrypt(Des3* des, byte* out, const byte* in, word32 sz);
/*!
\ingroup 3DES
\brief This function initializes a Des3 structure for use with
hardware acceleration and custom memory management. This is an
extended version of the standard initialization that allows
specification of heap hints and device IDs.
\return 0 On successfully initializing the Des3 structure
\return BAD_FUNC_ARG If des3 is NULL
\param des3 pointer to the Des3 structure to initialize
\param heap pointer to heap hint for memory allocation (can be NULL)
\param devId device ID for hardware acceleration (use INVALID_DEVID
for software only)
_Example_
\code
Des3 des;
void* heap = NULL;
int devId = INVALID_DEVID;
if (wc_Des3Init(&des, heap, devId) != 0) {
// error initializing Des3 structure
}
\endcode
\sa wc_Des3_SetKey
\sa wc_Des3Free
*/
int wc_Des3Init(Des3* des3, void* heap, int devId);
/*!
\ingroup 3DES
\brief This function frees a Des3 structure and releases any
resources allocated for it. This should be called when finished
using the Des3 structure to prevent memory leaks.
\return none No returns.
\param des3 pointer to the Des3 structure to free
_Example_
\code
Des3 des;
wc_Des3Init(&des, NULL, INVALID_DEVID);
wc_Des3_SetKey(&des, key, iv, DES_ENCRYPTION);
// use des for encryption/decryption
wc_Des3Free(&des);
\endcode
\sa wc_Des3Init
\sa wc_Des3_SetKey
*/
void wc_Des3Free(Des3* des3);

680
doc/dox_comments/header_files/dh.h
View File

@@ -274,9 +274,348 @@ int wc_DhParamsLoad(const byte* input, word32 inSz, byte* p,
/*!
\ingroup Diffie-Hellman
\brief Encodes DH parameters to DER format for OpenSSL compatibility.
\brief This function returns ... and requires that HAVE_FFDHE_2048 be
defined.
\return Length of DER encoding on success
\return Negative on error
\param dh DH parameters to encode
\param out Output buffer pointer (if *out is NULL, allocates buffer)
_Example_
\code
WOLFSSL_DH* dh = wolfSSL_DH_new();
unsigned char* der = NULL;
int derSz = wolfSSL_i2d_DHparams(dh, &der);
if (derSz > 0) {
// use der buffer
XFREE(der, NULL, DYNAMIC_TYPE_OPENSSL);
}
\endcode
\sa wolfSSL_DH_new
*/
int wolfSSL_i2d_DHparams(const WOLFSSL_DH *dh, unsigned char **out);
/*!
\ingroup Diffie-Hellman
\brief Allocates and initializes a new DH structure for OpenSSL
compatibility.
\return Pointer to WOLFSSL_DH on success
\return NULL on failure
_Example_
\code
WOLFSSL_DH* dh = wolfSSL_DH_new();
if (dh == NULL) {
// error allocating DH
}
// use dh
wolfSSL_DH_free(dh);
\endcode
\sa wolfSSL_DH_free
\sa wolfSSL_DH_generate_key
*/
WOLFSSL_DH* wolfSSL_DH_new(void);
/*!
\ingroup Diffie-Hellman
\brief Creates a new DH structure with named group parameters.
\return Pointer to WOLFSSL_DH on success
\return NULL on failure
\param nid Named group identifier (e.g., NID_ffdhe2048)
_Example_
\code
WOLFSSL_DH* dh = wolfSSL_DH_new_by_nid(NID_ffdhe2048);
if (dh == NULL) {
// error creating DH with named group
}
\endcode
\sa wolfSSL_DH_new
*/
WOLFSSL_DH* wolfSSL_DH_new_by_nid(int nid);
/*!
\ingroup Diffie-Hellman
\brief Frees a DH structure.
\param dh DH structure to free
_Example_
\code
WOLFSSL_DH* dh = wolfSSL_DH_new();
// use dh
wolfSSL_DH_free(dh);
\endcode
\sa wolfSSL_DH_new
*/
void wolfSSL_DH_free(WOLFSSL_DH* dh);
/*!
\ingroup Diffie-Hellman
\brief Duplicates a DH structure.
\return Pointer to new WOLFSSL_DH on success
\return NULL on failure
\param dh DH structure to duplicate
_Example_
\code
WOLFSSL_DH* dh = wolfSSL_DH_new();
WOLFSSL_DH* dhCopy = wolfSSL_DH_dup(dh);
\endcode
\sa wolfSSL_DH_new
*/
WOLFSSL_DH* wolfSSL_DH_dup(WOLFSSL_DH* dh);
/*!
\ingroup Diffie-Hellman
\brief Increments reference count for DH structure.
\return 1 on success
\return 0 on failure
\param dh DH structure to increment reference
_Example_
\code
WOLFSSL_DH* dh = wolfSSL_DH_new();
int ret = wolfSSL_DH_up_ref(dh);
\endcode
\sa wolfSSL_DH_free
*/
int wolfSSL_DH_up_ref(WOLFSSL_DH* dh);
/*!
\ingroup Diffie-Hellman
\brief Validates DH parameters.
\return 1 on success
\return 0 on failure
\param dh DH parameters to check
\param codes Output for validation error codes
_Example_
\code
WOLFSSL_DH* dh = wolfSSL_DH_new();
int codes;
int ret = wolfSSL_DH_check(dh, &codes);
if (ret != 1 || codes != 0) {
// validation failed
}
\endcode
\sa wolfSSL_DH_generate_key
*/
int wolfSSL_DH_check(const WOLFSSL_DH *dh, int *codes);
/*!
\ingroup Diffie-Hellman
\brief Returns size of DH key in bytes.
\return Key size in bytes on success
\return -1 on failure
\param dh DH structure
_Example_
\code
WOLFSSL_DH* dh = wolfSSL_DH_new();
int size = wolfSSL_DH_size(dh);
\endcode
\sa wolfSSL_DH_new
*/
int wolfSSL_DH_size(WOLFSSL_DH* dh);
/*!
\ingroup Diffie-Hellman
\brief Generates DH public/private key pair.
\return 1 on success
\return 0 on failure
\param dh DH structure with parameters set
_Example_
\code
WOLFSSL_DH* dh = wolfSSL_DH_new();
// set p and g parameters
int ret = wolfSSL_DH_generate_key(dh);
if (ret != 1) {
// key generation failed
}
\endcode
\sa wolfSSL_DH_compute_key
*/
int wolfSSL_DH_generate_key(WOLFSSL_DH* dh);
/*!
\ingroup Diffie-Hellman
\brief Computes shared secret from peer's public key.
\return Length of shared secret on success
\return -1 on failure
\param key Output buffer for shared secret
\param pub Peer's public key
\param dh DH structure with private key
_Example_
\code
WOLFSSL_DH* dh = wolfSSL_DH_new();
wolfSSL_DH_generate_key(dh);
byte secret[256];
WOLFSSL_BIGNUM* peerPub = NULL; // peer's public key
int secretSz = wolfSSL_DH_compute_key(secret, peerPub, dh);
\endcode
\sa wolfSSL_DH_generate_key
*/
int wolfSSL_DH_compute_key(unsigned char* key,
const WOLFSSL_BIGNUM* pub, WOLFSSL_DH* dh);
/*!
\ingroup Diffie-Hellman
\brief Computes shared secret with zero-padding to DH size.
\return Length of shared secret on success
\return -1 on failure
\param key Output buffer for shared secret
\param otherPub Peer's public key
\param dh DH structure with private key
_Example_
\code
WOLFSSL_DH* dh = wolfSSL_DH_new();
wolfSSL_DH_generate_key(dh);
byte secret[256];
WOLFSSL_BIGNUM* peerPub = NULL;
int secretSz = wolfSSL_DH_compute_key_padded(secret, peerPub, dh);
\endcode
\sa wolfSSL_DH_compute_key
*/
int wolfSSL_DH_compute_key_padded(unsigned char* key,
const WOLFSSL_BIGNUM* otherPub,
WOLFSSL_DH* dh);
/*!
\ingroup Diffie-Hellman
\brief Loads DH parameters from DER buffer.
\return WOLFSSL_SUCCESS on success
\return WOLFSSL_FAILURE on failure
\param dh DH structure to load into
\param derBuf DER-encoded DH parameters
\param derSz Size of DER buffer
_Example_
\code
WOLFSSL_DH* dh = wolfSSL_DH_new();
byte derBuf[256];
int ret = wolfSSL_DH_LoadDer(dh, derBuf, sizeof(derBuf));
\endcode
\sa wolfSSL_DH_new
*/
int wolfSSL_DH_LoadDer(WOLFSSL_DH* dh, const unsigned char* derBuf,
int derSz);
/*!
\ingroup Diffie-Hellman
\brief Sets optional private key length.
\return 1 on success
\return 0 on failure
\param dh DH structure
\param len Private key length in bits
_Example_
\code
WOLFSSL_DH* dh = wolfSSL_DH_new();
int ret = wolfSSL_DH_set_length(dh, 256);
\endcode
\sa wolfSSL_DH_generate_key
*/
int wolfSSL_DH_set_length(WOLFSSL_DH* dh, long len);
/*!
\ingroup Diffie-Hellman
\brief Sets DH parameters p, q, and g.
\return 1 on success
\return 0 on failure
\param dh DH structure
\param p Prime modulus (takes ownership)
\param q Subgroup order (takes ownership, can be NULL)
\param g Generator (takes ownership)
_Example_
\code
WOLFSSL_DH* dh = wolfSSL_DH_new();
WOLFSSL_BIGNUM *p = wolfSSL_BN_new();
WOLFSSL_BIGNUM *g = wolfSSL_BN_new();
// set p and g values
int ret = wolfSSL_DH_set0_pqg(dh, p, NULL, g);
\endcode
\sa wolfSSL_DH_generate_key
*/
int wolfSSL_DH_set0_pqg(WOLFSSL_DH *dh, WOLFSSL_BIGNUM *p,
WOLFSSL_BIGNUM *q, WOLFSSL_BIGNUM *g);
/*!
\ingroup Diffie-Hellman
\brief Returns DH parameters for 2048-bit MODP group with 256-bit
subgroup.
\return Pointer to WOLFSSL_DH on success
\return NULL on failure
_Example_
\code
WOLFSSL_DH* dh = wolfSSL_DH_get_2048_256();
if (dh == NULL) {
// error getting standard group
}
\endcode
\sa wolfSSL_DH_new_by_nid
*/
WOLFSSL_DH* wolfSSL_DH_get_2048_256(void);
/*!
\ingroup Diffie-Hellman
\brief Returns FFDHE 2048-bit group parameters.
\return Pointer to DhParams structure
\return NULL if not compiled with HAVE_FFDHE_2048
_Example_
\code
const DhParams* params = wc_Dh_ffdhe2048_Get();
if (params != NULL) {
// use params
}
\endcode
\sa wc_Dh_ffdhe3072_Get
\sa wc_Dh_ffdhe4096_Get
@@ -287,9 +626,18 @@ const DhParams* wc_Dh_ffdhe2048_Get(void);
/*!
\ingroup Diffie-Hellman
\brief Returns FFDHE 3072-bit group parameters.
\brief This function returns ... and requires that HAVE_FFDHE_3072 be
defined.
\return Pointer to DhParams structure
\return NULL if not compiled with HAVE_FFDHE_3072
_Example_
\code
const DhParams* params = wc_Dh_ffdhe3072_Get();
if (params != NULL) {
// use params
}
\endcode
\sa wc_Dh_ffdhe2048_Get
\sa wc_Dh_ffdhe4096_Get
@@ -300,9 +648,18 @@ const DhParams* wc_Dh_ffdhe3072_Get(void);
/*!
\ingroup Diffie-Hellman
\brief Returns FFDHE 4096-bit group parameters.
\brief This function returns ... and requires that HAVE_FFDHE_4096 be
defined.
\return Pointer to DhParams structure
\return NULL if not compiled with HAVE_FFDHE_4096
_Example_
\code
const DhParams* params = wc_Dh_ffdhe4096_Get();
if (params != NULL) {
// use params
}
\endcode
\sa wc_Dh_ffdhe2048_Get
\sa wc_Dh_ffdhe3072_Get
@@ -313,9 +670,18 @@ const DhParams* wc_Dh_ffdhe4096_Get(void);
/*!
\ingroup Diffie-Hellman
\brief Returns FFDHE 6144-bit group parameters.
\brief This function returns ... and requires that HAVE_FFDHE_6144 be
defined.
\return Pointer to DhParams structure
\return NULL if not compiled with HAVE_FFDHE_6144
_Example_
\code
const DhParams* params = wc_Dh_ffdhe6144_Get();
if (params != NULL) {
// use params
}
\endcode
\sa wc_Dh_ffdhe2048_Get
\sa wc_Dh_ffdhe3072_Get
@@ -326,9 +692,18 @@ const DhParams* wc_Dh_ffdhe6144_Get(void);
/*!
\ingroup Diffie-Hellman
\brief Returns FFDHE 8192-bit group parameters.
\brief This function returns ... and requires that HAVE_FFDHE_8192 be
defined.
\return Pointer to DhParams structure
\return NULL if not compiled with HAVE_FFDHE_8192
_Example_
\code
const DhParams* params = wc_Dh_ffdhe8192_Get();
if (params != NULL) {
// use params
}
\endcode
\sa wc_Dh_ffdhe2048_Get
\sa wc_Dh_ffdhe3072_Get
@@ -337,6 +712,291 @@ const DhParams* wc_Dh_ffdhe6144_Get(void);
*/
const DhParams* wc_Dh_ffdhe8192_Get(void);
/*!
\ingroup Diffie-Hellman
\brief Initializes DH key with heap hint and device ID.
\return 0 on success
\return BAD_FUNC_ARG if key is NULL
\param key DH key to initialize
\param heap Heap hint for memory allocation
\param devId Device ID for hardware acceleration
_Example_
\code
DhKey key;
int ret = wc_InitDhKey_ex(&key, NULL, INVALID_DEVID);
if (ret != 0) {
// error initializing key
}
\endcode
\sa wc_InitDhKey
\sa wc_FreeDhKey
*/
int wc_InitDhKey_ex(DhKey* key, void* heap, int devId);
/*!
\ingroup Diffie-Hellman
\brief Computes shared secret with constant-time operations.
\return 0 on success
\return BAD_FUNC_ARG if parameters are invalid
\return BUFFER_E if output buffer too small
\param key DH key with parameters
\param agree Output buffer for shared secret
\param agreeSz Input: buffer size, Output: secret size
\param priv Private key
\param privSz Private key size
\param otherPub Peer's public key
\param pubSz Peer's public key size
_Example_
\code
DhKey key;
byte agree[256], priv[256], pub[256];
word32 agreeSz = sizeof(agree);
int ret = wc_DhAgree_ct(&key, agree, &agreeSz, priv,
sizeof(priv), pub, sizeof(pub));
\endcode
\sa wc_DhAgree
*/
int wc_DhAgree_ct(DhKey* key, byte* agree, word32 *agreeSz,
const byte* priv, word32 privSz,
const byte* otherPub, word32 pubSz);
/*!
\ingroup Diffie-Hellman
\brief Sets DH key to use named group parameters.
\return 0 on success
\return BAD_FUNC_ARG if parameters are invalid
\param key DH key to configure
\param name Named group identifier
_Example_
\code
DhKey key;
wc_InitDhKey(&key);
int ret = wc_DhSetNamedKey(&key, WC_FFDHE_2048);
\endcode
\sa wc_DhGetNamedKeyParamSize
*/
int wc_DhSetNamedKey(DhKey* key, int name);
/*!
\ingroup Diffie-Hellman
\brief Gets parameter sizes for named group.
\return 0 on success
\return BAD_FUNC_ARG if parameters are invalid
\param name Named group identifier
\param p Output for prime size
\param g Output for generator size
\param q Output for subgroup order size
_Example_
\code
word32 pSz, gSz, qSz;
int ret = wc_DhGetNamedKeyParamSize(WC_FFDHE_2048, &pSz, &gSz,
&qSz);
\endcode
\sa wc_DhSetNamedKey
*/
int wc_DhGetNamedKeyParamSize(int name, word32* p, word32* g,
word32* q);
/*!
\ingroup Diffie-Hellman
\brief Gets minimum key size for named group.
\return Minimum key size in bits
\return 0 if invalid name
\param name Named group identifier
_Example_
\code
word32 minSize = wc_DhGetNamedKeyMinSize(WC_FFDHE_2048);
\endcode
\sa wc_DhSetNamedKey
*/
word32 wc_DhGetNamedKeyMinSize(int name);
/*!
\ingroup Diffie-Hellman
\brief Compares parameters against named group.
\return 0 if parameters match named group
\return Non-zero if parameters don't match
\param name Named group identifier
\param noQ 1 to skip q comparison
\param p Prime modulus
\param pSz Prime size
\param g Generator
\param gSz Generator size
\param q Subgroup order
\param qSz Subgroup order size
_Example_
\code
byte p[256], g[256];
int ret = wc_DhCmpNamedKey(WC_FFDHE_2048, 1, p, sizeof(p),
g, sizeof(g), NULL, 0);
\endcode
\sa wc_DhSetNamedKey
*/
int wc_DhCmpNamedKey(int name, int noQ, const byte* p, word32 pSz,
const byte* g, word32 gSz, const byte* q,
word32 qSz);
/*!
\ingroup Diffie-Hellman
\brief Copies named group parameters to buffers.
\return 0 on success
\return BAD_FUNC_ARG if parameters are invalid
\return BUFFER_E if buffers too small
\param name Named group identifier
\param p Output buffer for prime
\param pSz Input: buffer size, Output: prime size
\param g Output buffer for generator
\param gSz Input: buffer size, Output: generator size
\param q Output buffer for subgroup order
\param qSz Input: buffer size, Output: subgroup order size
_Example_
\code
byte p[512], g[512], q[512];
word32 pSz = sizeof(p), gSz = sizeof(g), qSz = sizeof(q);
int ret = wc_DhCopyNamedKey(WC_FFDHE_2048, p, &pSz, g, &gSz,
q, &qSz);
\endcode
\sa wc_DhSetNamedKey
*/
int wc_DhCopyNamedKey(int name, byte* p, word32* pSz, byte* g,
word32* gSz, byte* q, word32* qSz);
/*!
\ingroup Diffie-Hellman
\brief Generates public key from private key.
\return 0 on success
\return BAD_FUNC_ARG if parameters are invalid
\param key DH key with parameters set
\param priv Private key
\param privSz Private key size
\param pub Output buffer for public key
\param pubSz Input: buffer size, Output: public key size
_Example_
\code
DhKey key;
byte priv[256], pub[256];
word32 pubSz = sizeof(pub);
int ret = wc_DhGeneratePublic(&key, priv, sizeof(priv), pub,
&pubSz);
\endcode
\sa wc_DhGenerateKeyPair
*/
int wc_DhGeneratePublic(DhKey* key, byte* priv, word32 privSz,
byte* pub, word32* pubSz);
/*!
\ingroup Diffie-Hellman
\brief Imports private and/or public key into DH key.
\return 0 on success
\return BAD_FUNC_ARG if parameters are invalid
\param key DH key to import into
\param priv Private key (can be NULL)
\param privSz Private key size
\param pub Public key (can be NULL)
\param pubSz Public key size
_Example_
\code
DhKey key;
byte priv[256], pub[256];
int ret = wc_DhImportKeyPair(&key, priv, sizeof(priv), pub,
sizeof(pub));
\endcode
\sa wc_DhExportKeyPair
*/
int wc_DhImportKeyPair(DhKey* key, const byte* priv, word32 privSz,
const byte* pub, word32 pubSz);
/*!
\ingroup Diffie-Hellman
\brief Exports private and public key from DH key.
\return 0 on success
\return BAD_FUNC_ARG if parameters are invalid
\return BUFFER_E if buffers too small
\param key DH key to export from
\param priv Output buffer for private key
\param pPrivSz Input: buffer size, Output: private key size
\param pub Output buffer for public key
\param pPubSz Input: buffer size, Output: public key size
_Example_
\code
DhKey key;
byte priv[256], pub[256];
word32 privSz = sizeof(priv), pubSz = sizeof(pub);
int ret = wc_DhExportKeyPair(&key, priv, &privSz, pub, &pubSz);
\endcode
\sa wc_DhImportKeyPair
*/
int wc_DhExportKeyPair(DhKey* key, byte* priv, word32* pPrivSz,
byte* pub, word32* pPubSz);
/*!
\ingroup Diffie-Hellman
\brief Validates public key value.
\return 0 if public key is valid
\return BAD_FUNC_ARG if parameters are invalid
\return MP_VAL if public key is invalid
\param prime Prime modulus
\param primeSz Prime size
\param pub Public key to validate
\param pubSz Public key size
_Example_
\code
byte prime[256], pub[256];
int ret = wc_DhCheckPubValue(prime, sizeof(prime), pub,
sizeof(pub));
if (ret != 0) {
// invalid public key
}
\endcode
\sa wc_DhCheckPubKey
*/
int wc_DhCheckPubValue(const byte* prime, word32 primeSz,
const byte* pub, word32 pubSz);
/*!
\ingroup Diffie-Hellman

295
doc/dox_comments/header_files/dsa.h
View File

@@ -340,3 +340,298 @@ int wc_MakeDsaKey(WC_RNG *rng, DsaKey *dsa);
\sa wc_InitDsaKey
*/
int wc_MakeDsaParameters(WC_RNG *rng, int modulus_size, DsaKey *dsa);
/*!
\ingroup DSA
\brief Initializes DSA key with heap hint.
\return 0 on success
\return negative on failure
\param key DSA key structure
\param h Heap hint for memory allocation
_Example_
\code
DsaKey key;
int ret = wc_InitDsaKey_h(&key, NULL);
\endcode
\sa wc_InitDsaKey
*/
int wc_InitDsaKey_h(DsaKey* key, void* h);
/*!
\ingroup DSA
\brief Signs digest with extended parameters.
\return 0 on success
\return negative on failure
\param digest Digest to sign
\param digestSz Digest size
\param out Output signature buffer
\param key DSA key
\param rng Random number generator
_Example_
\code
byte digest[WC_SHA_DIGEST_SIZE];
byte sig[40];
WC_RNG rng;
int ret = wc_DsaSign_ex(digest, sizeof(digest), sig, &key,
&rng);
\endcode
\sa wc_DsaSign
*/
int wc_DsaSign_ex(const byte* digest, word32 digestSz, byte* out,
DsaKey* key, WC_RNG* rng);
/*!
\ingroup DSA
\brief Verifies signature with extended parameters.
\return 0 on success
\return negative on failure
\param digest Digest
\param digestSz Digest size
\param sig Signature buffer
\param key DSA key
\param answer Verification result
_Example_
\code
byte digest[WC_SHA_DIGEST_SIZE];
byte sig[40];
int answer;
int ret = wc_DsaVerify_ex(digest, sizeof(digest), sig, &key,
&answer);
\endcode
\sa wc_DsaVerify
*/
int wc_DsaVerify_ex(const byte* digest, word32 digestSz,
const byte* sig, DsaKey* key, int* answer);
/*!
\ingroup DSA
\brief Sets DSA public key in output buffer.
\return Size on success
\return negative on failure
\param output Output buffer
\param key DSA key
\param outLen Output buffer length
\param with_header Include header flag
_Example_
\code
byte output[256];
int ret = wc_SetDsaPublicKey(output, &key, sizeof(output), 1);
\endcode
\sa wc_DsaKeyToPublicDer
*/
int wc_SetDsaPublicKey(byte* output, DsaKey* key, int outLen,
int with_header);
/*!
\ingroup DSA
\brief Converts DSA key to public DER format.
\return Size on success
\return negative on failure
\param key DSA key
\param output Output buffer
\param inLen Output buffer length
_Example_
\code
DsaKey key;
WC_RNG rng;
byte output[256];
// Initialize key and RNG
wc_InitDsaKey(&key);
wc_InitRng(&rng);
// Generate DSA key or import existing key
wc_MakeDsaKey(&rng, &key);
// Convert to public DER format
int ret = wc_DsaKeyToPublicDer(&key, output, sizeof(output));
if (ret > 0) {
// output contains DER encoded public key of size ret
}
wc_FreeDsaKey(&key);
wc_FreeRng(&rng);
\endcode
\sa wc_SetDsaPublicKey
*/
int wc_DsaKeyToPublicDer(DsaKey* key, byte* output, word32 inLen);
/*!
\ingroup DSA
\brief Imports DSA parameters from raw format. The parameters p, q, and
g must be provided as ASCII hexadecimal strings (without 0x prefix).
These represent the DSA domain parameters: p is the prime modulus, q is
the prime divisor (subgroup order), and g is the generator.
\return 0 on success
\return negative on failure
\param dsa DSA key structure (must be initialized)
\param p P parameter as ASCII hex string (prime modulus)
\param q Q parameter as ASCII hex string (prime divisor/subgroup order)
\param g G parameter as ASCII hex string (generator)
_Example_
\code
DsaKey dsa;
wc_InitDsaKey(&dsa);
// DSA parameters as ASCII hexadecimal strings (example values)
const char* pStr = "E0A67598CD1B763BC98C8ABB333E5DDA0CD3AA0E5E1F"
"B5BA8A7B4EABC10BA338FAE06DD4B90FDA70D7CF0CB0"
"C638BE3341BEC0AF8A7330A3307DED2299A0EE606DF0"
"35177A239C34A912C202AA5F83B9C4A7CF0235B5316B"
"FC6EFB9A248411258B30B839AF172440F32563056CB6"
"7A861158DDD90E6A894C72A5BBEF9E286C6B";
const char* qStr = "E950511EAB424B9A19A2AEB4E159B7844C589C4F";
const char* gStr = "D29D5121B0423C2769AB21843E5A3240FF19CACC792D"
"C6E7925E6D1A4E6E4E3D119A3D133C8D3C8C8C8C8C8C"
"8C8C8C8C8C8C8C8C8C8C8C8C8C8C8C8C8C8C8C8C8C8C"
"8C8C8C8C8C8C8C8C8C8C8C8C8C8C8C8C8C8C8C8C8C8C";
int ret = wc_DsaImportParamsRaw(&dsa, pStr, qStr, gStr);
if (ret == 0) {
// DSA parameters successfully imported
// Can now use dsa for key generation or signing
}
wc_FreeDsaKey(&dsa);
\endcode
\sa wc_DsaImportParamsRawCheck
\sa wc_InitDsaKey
*/
int wc_DsaImportParamsRaw(DsaKey* dsa, const char* p, const char* q,
const char* g);
/*!
\ingroup DSA
\brief Imports DSA parameters from raw format with optional validation.
The parameters p, q, and g must be provided as ASCII hexadecimal strings
(without 0x prefix). The trusted parameter controls whether the prime p
is validated: when trusted=1, prime checking is skipped (use when
parameters come from a trusted source); when trusted=0, performs full
primality testing on p (recommended for untrusted sources).
\return 0 on success
\return DH_CHECK_PUB_E if p fails primality test (when trusted=0)
\return negative on other failures
\param dsa DSA key structure (must be initialized)
\param p P parameter as ASCII hex string (prime modulus)
\param q Q parameter as ASCII hex string (prime divisor/subgroup order)
\param g G parameter as ASCII hex string (generator)
\param trusted If 1, skip prime validation (trusted source); if 0,
perform full primality test on p
\param rng Random number generator (required when trusted=0 for
primality testing)
_Example_
\code
DsaKey dsa;
WC_RNG rng;
// Initialize DSA key and RNG
wc_InitDsaKey(&dsa);
wc_InitRng(&rng);
// DSA parameters as ASCII hexadecimal strings
const char* pStr = "E0A67598CD1B763BC98C8ABB333E5DDA0CD3AA0E5E1F"
"B5BA8A7B4EABC10BA338FAE06DD4B90FDA70D7CF0CB0"
"C638BE3341BEC0AF8A7330A3307DED2299A0EE606DF0"
"35177A239C34A912C202AA5F83B9C4A7CF0235B5316B"
"FC6EFB9A248411258B30B839AF172440F32563056CB6"
"7A861158DDD90E6A894C72A5BBEF9E286C6B";
const char* qStr = "E950511EAB424B9A19A2AEB4E159B7844C589C4F";
const char* gStr = "D29D5121B0423C2769AB21843E5A3240FF19CACC792D"
"C6E7925E6D1A4E6E4E3D119A3D133C8D3C8C8C8C8C8C"
"8C8C8C8C8C8C8C8C8C8C8C8C8C8C8C8C8C8C8C8C8C8C"
"8C8C8C8C8C8C8C8C8C8C8C8C8C8C8C8C8C8C8C8C8C8C";
// Import with validation (trusted=0 performs primality test on p)
int ret = wc_DsaImportParamsRawCheck(&dsa, pStr, qStr, gStr, 0,
&rng);
if (ret == 0) {
// Parameters imported and validated successfully
}
wc_FreeDsaKey(&dsa);
wc_FreeRng(&rng);
\endcode
\sa wc_DsaImportParamsRaw
\sa wc_InitDsaKey
*/
int wc_DsaImportParamsRawCheck(DsaKey* dsa, const char* p,
const char* q, const char* g, int trusted, WC_RNG* rng);
/*!
\ingroup DSA
\brief Exports DSA parameters to raw format.
\return 0 on success
\return negative on failure
\param dsa DSA key structure
\param p P parameter buffer
\param pSz P parameter size (in/out)
\param q Q parameter buffer
\param qSz Q parameter size (in/out)
\param g G parameter buffer
\param gSz G parameter size (in/out)
_Example_
\code
byte p[256], q[32], g[256];
word32 pSz = sizeof(p), qSz = sizeof(q), gSz = sizeof(g);
int ret = wc_DsaExportParamsRaw(&dsa, p, &pSz, q, &qSz, g,
&gSz);
\endcode
\sa wc_DsaImportParamsRaw
*/
int wc_DsaExportParamsRaw(DsaKey* dsa, byte* p, word32* pSz, byte* q,
word32* qSz, byte* g, word32* gSz);
/*!
\ingroup DSA
\brief Exports DSA key to raw format.
\return 0 on success
\return negative on failure
\param dsa DSA key structure
\param x Private key buffer
\param xSz Private key size (in/out)
\param y Public key buffer
\param ySz Public key size (in/out)
_Example_
\code
byte x[32], y[256];
word32 xSz = sizeof(x), ySz = sizeof(y);
int ret = wc_DsaExportKeyRaw(&dsa, x, &xSz, y, &ySz);
\endcode
\sa wc_DsaImportParamsRaw
*/
int wc_DsaExportKeyRaw(DsaKey* dsa, byte* x, word32* xSz, byte* y,
word32* ySz);

1241
doc/dox_comments/header_files/ecc.h
View File

File diff suppressed because it is too large Load Diff

215
doc/dox_comments/header_files/ed25519.h
View File

@@ -1087,3 +1087,218 @@ int wc_ed25519_pub_size(const ed25519_key* key);
*/
int wc_ed25519_sig_size(const ed25519_key* key);
/*!
\ingroup ED25519
\brief Signs message with extended parameters.
\return 0 on success
\return negative on failure
\param in Input message
\param inLen Input message length
\param out Output signature buffer
\param outLen Output signature length pointer
\param key Ed25519 key
\param type Signature type
\param context Context buffer
\param contextLen Context length
_Example_
\code
byte msg[] = "message";
byte sig[ED25519_SIG_SIZE];
word32 sigLen = sizeof(sig);
int ret = wc_ed25519_sign_msg_ex(msg, sizeof(msg), sig, &sigLen,
&key, Ed25519, NULL, 0);
\endcode
\sa wc_ed25519_sign_msg
*/
int wc_ed25519_sign_msg_ex(const byte* in, word32 inLen, byte* out,
word32 *outLen, ed25519_key* key, byte type, const byte* context,
byte contextLen);
/*!
\ingroup ED25519
\brief Verifies signature with extended parameters.
\return 0 on success
\return negative on failure
\param sig Signature buffer
\param sigLen Signature length
\param msg Message buffer
\param msgLen Message length
\param res Verification result pointer
\param key Ed25519 key
\param type Signature type
\param context Context buffer
\param contextLen Context length
_Example_
\code
byte msg[] = "message";
byte sig[ED25519_SIG_SIZE];
int res;
int ret = wc_ed25519_verify_msg_ex(sig, sizeof(sig), msg,
sizeof(msg), &res, &key,
Ed25519, NULL, 0);
\endcode
\sa wc_ed25519_verify_msg
*/
int wc_ed25519_verify_msg_ex(const byte* sig, word32 sigLen,
const byte* msg, word32 msgLen, int* res, ed25519_key* key,
byte type, const byte* context, byte contextLen);
/*!
\ingroup ED25519
\brief Initializes streaming verification.
\return 0 on success
\return negative on failure
\param sig Signature buffer
\param sigLen Signature length
\param key Ed25519 key
\param type Signature type
\param context Context buffer
\param contextLen Context length
_Example_
\code
byte sig[ED25519_SIG_SIZE];
int ret = wc_ed25519_verify_msg_init(sig, sizeof(sig), &key,
Ed25519, NULL, 0);
\endcode
\sa wc_ed25519_verify_msg_update
\sa wc_ed25519_verify_msg_final
*/
int wc_ed25519_verify_msg_init(const byte* sig, word32 sigLen,
ed25519_key* key, byte type, const byte* context,
byte contextLen);
/*!
\ingroup ED25519
\brief Updates streaming verification with message segment.
\return 0 on success
\return negative on failure
\param msgSegment Message segment buffer
\param msgSegmentLen Message segment length
\param key Ed25519 key
_Example_
\code
byte msgPart[] = "part";
int ret = wc_ed25519_verify_msg_update(msgPart, sizeof(msgPart),
&key);
\endcode
\sa wc_ed25519_verify_msg_init
\sa wc_ed25519_verify_msg_final
*/
int wc_ed25519_verify_msg_update(const byte* msgSegment,
word32 msgSegmentLen, ed25519_key* key);
/*!
\ingroup ED25519
\brief Finalizes streaming verification.
\return 0 on success
\return negative on failure
\param sig Signature buffer
\param sigLen Signature length
\param res Verification result pointer
\param key Ed25519 key
_Example_
\code
byte sig[ED25519_SIG_SIZE];
int res;
int ret = wc_ed25519_verify_msg_final(sig, sizeof(sig), &res,
&key);
\endcode
\sa wc_ed25519_verify_msg_init
\sa wc_ed25519_verify_msg_update
*/
int wc_ed25519_verify_msg_final(const byte* sig, word32 sigLen,
int* res, ed25519_key* key);
/*!
\ingroup ED25519
\brief Initializes Ed25519 key with extended parameters.
\return 0 on success
\return negative on failure
\param key Ed25519 key structure
\param heap Heap hint for memory allocation
\param devId Device ID for hardware acceleration
_Example_
\code
ed25519_key key;
int ret = wc_ed25519_init_ex(&key, NULL, INVALID_DEVID);
\endcode
\sa wc_ed25519_init
*/
int wc_ed25519_init_ex(ed25519_key* key, void* heap, int devId);
/*!
\ingroup ED25519
\brief Allocates and initializes new Ed25519 key. These New/Delete
functions are exposed to support allocation of the structure using
dynamic memory to provide better ABI compatibility.
\note This API is only available when WC_NO_CONSTRUCTORS is not defined.
WC_NO_CONSTRUCTORS is automatically defined when WOLFSSL_NO_MALLOC is
defined.
\return ed25519_key pointer on success
\return NULL on failure
\param heap Heap hint for memory allocation
\param devId Device ID for hardware acceleration
\param result_code Result code pointer
_Example_
\code
int result;
ed25519_key* key = wc_ed25519_new(NULL, INVALID_DEVID, &result);
\endcode
\sa wc_ed25519_delete
*/
ed25519_key* wc_ed25519_new(void* heap, int devId, int *result_code);
/*!
\ingroup ED25519
\brief Frees and deletes Ed25519 key. These New/Delete functions are
exposed to support allocation of the structure using dynamic memory
to provide better ABI compatibility.
\note This API is only available when WC_NO_CONSTRUCTORS is not defined.
WC_NO_CONSTRUCTORS is automatically defined when WOLFSSL_NO_MALLOC is
defined.
\return 0 on success
\return negative on failure
\param key Ed25519 key to delete
\param key_p Pointer to key pointer (set to NULL after delete)
_Example_
\code
ed25519_key* key = wc_ed25519_new(NULL, INVALID_DEVID, NULL);
int ret = wc_ed25519_delete(key, &key);
\endcode
\sa wc_ed25519_new
*/
int wc_ed25519_delete(ed25519_key* key, ed25519_key** key_p);

39
doc/dox_comments/header_files/iotsafe.h
View File

@@ -288,6 +288,43 @@ int wc_iotsafe_ecc_import_public(ecc_key *key, byte key_id);
*/
int wc_iotsafe_ecc_export_public(ecc_key *key, byte key_id);
/*!
\ingroup IoTSafe
\brief Export an ECC 256-bit public key, from ecc_key object to a
writable public-key slot into the IoT-Safe applet. Equivalent to
wc_iotsafe_ecc_export_public, except that it can be invoked with a
key ID of two or more bytes.
\return 0 upon success
\return < 0 in case of failure
\param key the ecc_key object containing the key to be exported
\param key_id pointer to the key id in the IoT-Safe applet where
the public key will be stored
\param id_size the key id size in bytes
_Example_
\code
ecc_key key;
word16 keyId = 0x0302;
wc_ecc_init(&key);
wc_ecc_make_key(&rng, 32, &key);
int ret = wc_iotsafe_ecc_export_public_ex(&key, (byte*)&keyId,
sizeof(keyId));
if (ret != 0) {
// error exporting public key
}
\endcode
\sa wc_iotsafe_ecc_export_public
\sa wc_iotsafe_ecc_import_public_ex
\sa wc_iotsafe_ecc_export_private_ex
*/
int wc_iotsafe_ecc_export_public_ex(ecc_key *key, byte *key_id,
word16 id_size);
/*!
\ingroup IoTSafe
@@ -462,4 +499,4 @@ int wc_iotsafe_ecc_gen_k(byte key_id);
\sa wc_iotsafe_ecc_sign_hash_ex
\sa wc_iotsafe_ecc_verify_hash_ex
*/
int wc_iotsafe_ecc_gen_k(byte key_id);
int wc_iotsafe_ecc_gen_k_ex(byte *key_id, word16 id_size);

1326
doc/dox_comments/header_files/pkcs7.h
View File

File diff suppressed because it is too large Load Diff

68
doc/dox_comments/header_files/poly1305.h
View File

@@ -137,3 +137,71 @@ int wc_Poly1305Final(Poly1305* poly1305, byte* tag);
*/
int wc_Poly1305_MAC(Poly1305* ctx, const byte* additional, word32 addSz,
const byte* input, word32 sz, byte* tag, word32 tagSz);
/*!
\ingroup Poly1305
\brief Adds padding to Poly1305 context.
\return 0 on success
\return BAD_FUNC_ARG if ctx is NULL
\param ctx Poly1305 context
\param lenToPad Length to pad
_Example_
\code
Poly1305 ctx;
byte key[32];
wc_Poly1305SetKey(&ctx, key, sizeof(key));
int ret = wc_Poly1305_Pad(&ctx, 10);
\endcode
\sa wc_Poly1305_MAC
*/
int wc_Poly1305_Pad(Poly1305* ctx, word32 lenToPad);
/*!
\ingroup Poly1305
\brief Encodes AAD and data sizes for Poly1305.
\return 0 on success
\return BAD_FUNC_ARG if ctx is NULL
\param ctx Poly1305 context
\param aadSz Additional authenticated data size
\param dataSz Data size
_Example_
\code
Poly1305 ctx;
byte key[32];
wc_Poly1305SetKey(&ctx, key, sizeof(key));
int ret = wc_Poly1305_EncodeSizes(&ctx, 16, 100);
\endcode
\sa wc_Poly1305_MAC
*/
int wc_Poly1305_EncodeSizes(Poly1305* ctx, word32 aadSz, word32 dataSz);
/*!
\ingroup Poly1305
\brief Encodes AAD and data sizes for Poly1305 using 64-bit values.
\return 0 on success
\return BAD_FUNC_ARG if ctx is NULL
\param ctx Poly1305 context
\param aadSz Additional authenticated data size
\param dataSz Data size
_Example_
\code
Poly1305 ctx;
byte key[32];
wc_Poly1305SetKey(&ctx, key, sizeof(key));
int ret = wc_Poly1305_EncodeSizes64(&ctx, 16, 100);
\endcode
\sa wc_Poly1305_EncodeSizes
*/
int wc_Poly1305_EncodeSizes64(Poly1305* ctx, word64 aadSz, word64 dataSz);

62
doc/dox_comments/header_files/psa.h
View File

@@ -94,3 +94,65 @@ void wolfSSL_free_psa_ctx(struct psa_ssl_ctx *ctx);
int wolfSSL_psa_set_private_key_id(struct psa_ssl_ctx *ctx,
psa_key_id_t id);
/*!
\ingroup PSA
\brief This function generates random bytes using the PSA crypto API.
This is a wrapper around the PSA random number generation functions.
\return 0 On success
\return Negative value on error
\param out pointer to buffer to store random bytes
\param sz number of random bytes to generate
_Example_
\code
byte random[32];
int ret = wc_psa_get_random(random, sizeof(random));
if (ret != 0) {
// error generating random bytes
}
\endcode
\sa wc_RNG_GenerateBlock
*/
int wc_psa_get_random(unsigned char *out, word32 sz);
/*!
\ingroup PSA
\brief This function performs AES encryption or decryption using the
PSA crypto API. It supports various AES modes through the algorithm
parameter.
\return 0 On success
\return Negative value on error
\param aes pointer to initialized Aes structure
\param input pointer to input data buffer
\param output pointer to output data buffer
\param length length of data to process
\param alg PSA algorithm identifier specifying the AES mode
\param direction encryption (1) or decryption (0)
_Example_
\code
Aes aes;
byte key[16] = { }; // AES key
byte input[16] = { }; // plaintext
byte output[16];
wc_AesInit(&aes, NULL, INVALID_DEVID);
wc_AesSetKey(&aes, key, sizeof(key), NULL, AES_ENCRYPTION);
int ret = wc_psa_aes_encrypt_decrypt(&aes, input, output,
sizeof(input),
PSA_ALG_ECB_NO_PADDING, 1);
\endcode
\sa wc_AesEncrypt
\sa wc_AesDecrypt
*/
int wc_psa_aes_encrypt_decrypt(Aes *aes, const uint8_t *input,
uint8_t *output, size_t length,
psa_algorithm_t alg, int direction);

170
doc/dox_comments/header_files/pwdbased.h
View File

@@ -168,3 +168,173 @@ int wc_PBKDF2(byte* output, const byte* passwd, int pLen,
int wc_PKCS12_PBKDF(byte* output, const byte* passwd, int passLen,
const byte* salt, int saltLen, int iterations,
int kLen, int hashType, int id);
/*!
\ingroup Password
\brief Extended version of PBKDF1 with heap hint.
\return 0 on success
\return BAD_FUNC_ARG on invalid arguments
\return MEMORY_E on memory allocation error
\param key Output key buffer
\param keyLen Key length
\param iv Output IV buffer
\param ivLen IV length
\param passwd Password buffer
\param passwdLen Password length
\param salt Salt buffer
\param saltLen Salt length
\param iterations Iteration count
\param hashType Hash algorithm type
\param heap Heap hint for memory allocation
_Example_
\code
byte key[16], iv[16];
byte pass[] = "password";
byte salt[] = "salt";
int ret = wc_PBKDF1_ex(key, sizeof(key), iv, sizeof(iv),
pass, sizeof(pass), salt, sizeof(salt), 1000, WC_SHA, NULL);
\endcode
\sa wc_PBKDF1
*/
int wc_PBKDF1_ex(byte* key, int keyLen, byte* iv, int ivLen,
const byte* passwd, int passwdLen, const byte* salt, int saltLen,
int iterations, int hashType, void* heap);
/*!
\ingroup Password
\brief Extended version of PBKDF2 with heap hint and device ID.
\return 0 on success
\return BAD_FUNC_ARG on invalid arguments
\return MEMORY_E on memory allocation error
\param output Output key buffer
\param passwd Password buffer
\param pLen Password length
\param salt Salt buffer
\param sLen Salt length
\param iterations Iteration count
\param kLen Key length
\param hashType Hash algorithm type
\param heap Heap hint for memory allocation
\param devId Device ID for hardware acceleration
_Example_
\code
byte key[32];
byte pass[] = "password";
byte salt[] = "salt";
int ret = wc_PBKDF2_ex(key, pass, sizeof(pass), salt,
sizeof(salt), 2048, sizeof(key), WC_SHA256, NULL,
INVALID_DEVID);
\endcode
\sa wc_PBKDF2
*/
int wc_PBKDF2_ex(byte* output, const byte* passwd, int pLen,
const byte* salt, int sLen, int iterations, int kLen,
int hashType, void* heap, int devId);
/*!
\ingroup Password
\brief Extended version of PKCS12_PBKDF with heap hint.
\return 0 on success
\return BAD_FUNC_ARG on invalid arguments
\return MEMORY_E on memory allocation error
\param output Output key buffer
\param passwd Password buffer
\param passLen Password length
\param salt Salt buffer
\param saltLen Salt length
\param iterations Iteration count
\param kLen Key length
\param hashType Hash algorithm type
\param id Purpose identifier (1=key, 2=IV, 3=MAC)
\param heap Heap hint for memory allocation
_Example_
\code
byte key[32];
byte pass[] = "password";
byte salt[] = "salt";
int ret = wc_PKCS12_PBKDF_ex(key, pass, sizeof(pass), salt,
sizeof(salt), 2048, sizeof(key), WC_SHA256, 1, NULL);
\endcode
\sa wc_PKCS12_PBKDF
*/
int wc_PKCS12_PBKDF_ex(byte* output, const byte* passwd,int passLen,
const byte* salt, int saltLen, int iterations, int kLen,
int hashType, int id, void* heap);
/*!
\ingroup Password
\brief Implements scrypt key derivation function.
\return 0 on success
\return BAD_FUNC_ARG on invalid arguments
\return MEMORY_E on memory allocation error
\param output Output key buffer
\param passwd Password buffer
\param passLen Password length
\param salt Salt buffer
\param saltLen Salt length
\param cost CPU/memory cost parameter (N)
\param blockSize Block size parameter (r)
\param parallel Parallelization parameter (p)
\param dkLen Derived key length
_Example_
\code
byte key[32];
byte pass[] = "password";
byte salt[] = "salt";
int ret = wc_scrypt(key, pass, sizeof(pass), salt,
sizeof(salt), 16384, 8, 1, sizeof(key));
\endcode
\sa wc_scrypt_ex
*/
int wc_scrypt(byte* output, const byte* passwd, int passLen,
const byte* salt, int saltLen, int cost, int blockSize,
int parallel, int dkLen);
/*!
\ingroup Password
\brief Extended scrypt with iteration count instead of cost.
\return 0 on success
\return BAD_FUNC_ARG on invalid arguments
\return MEMORY_E on memory allocation error
\param output Output key buffer
\param passwd Password buffer
\param passLen Password length
\param salt Salt buffer
\param saltLen Salt length
\param iterations Iteration count
\param blockSize Block size parameter (r)
\param parallel Parallelization parameter (p)
\param dkLen Derived key length
_Example_
\code
byte key[32];
byte pass[] = "password";
byte salt[] = "salt";
int ret = wc_scrypt_ex(key, pass, sizeof(pass), salt,
sizeof(salt), 16384, 8, 1, sizeof(key));
\endcode
\sa wc_scrypt
*/
int wc_scrypt_ex(byte* output, const byte* passwd, int passLen,
const byte* salt, int saltLen, word32 iterations, int blockSize,
int parallel, int dkLen);

36
doc/dox_comments/header_files/quic.h
View File

@@ -342,6 +342,42 @@ WOLFSSL_API int wolfSSL_process_quic_post_handshake(WOLFSSL *ssl);
*/
int wolfSSL_quic_read_write(WOLFSSL *ssl);
/*!
\ingroup QUIC
\brief Perform the QUIC handshake. This function processes CRYPTO
data that has been provided via wolfSSL_provide_quic_data() and
advances the handshake state. It should be called repeatedly until
the handshake is complete.
\return WOLFSSL_SUCCESS If handshake completed successfully
\return WOLFSSL_FATAL_ERROR If a fatal error occurred
\return Other values indicating handshake is in progress
\param ssl pointer to a WOLFSSL structure created using
wolfSSL_new()
_Example_
\code
WOLFSSL* ssl;
// initialize ssl with QUIC method
while (!wolfSSL_is_init_finished(ssl)) {
int ret = wolfSSL_quic_do_handshake(ssl);
if (ret == WOLFSSL_FATAL_ERROR) {
// handle error
break;
}
// provide more CRYPTO data if available
}
\endcode
\sa wolfSSL_provide_quic_data
\sa wolfSSL_quic_read_write
\sa wolfSSL_is_init_finished
*/
int wolfSSL_quic_do_handshake(WOLFSSL* ssl);
/*!
\ingroup QUIC

320
doc/dox_comments/header_files/random.h
View File

@@ -325,3 +325,323 @@ WC_RNG* wc_rng_free(WC_RNG* rng);
int wc_RNG_HealthTest(int reseed, const byte* seedA, word32 seedASz,
const byte* seedB, word32 seedBSz,
byte* output, word32 outputSz);
/*!
\ingroup Random
\brief Generates seed from OS entropy source. Lower-level function
used internally by wc_InitRng.
\return 0 On success
\return WINCRYPT_E Failed to acquire context (Windows)
\return CRYPTGEN_E Failed to generate random (Windows)
\return RNG_FAILURE_E Failed to read entropy
\param os Pointer to OS_Seed structure
\param output Buffer to store seed
\param sz Size of seed in bytes
_Example_
\code
OS_Seed os;
byte seed[32];
int ret = wc_GenerateSeed(&os, seed, sizeof(seed));
\endcode
\sa wc_InitRng
*/
int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz);
/*!
\ingroup Random
\brief Allocates and initializes new WC_RNG with optional nonce.
\return Pointer to WC_RNG on success
\return NULL on failure
\param nonce Nonce buffer (can be NULL)
\param nonceSz Nonce size
\param heap Heap hint (can be NULL)
_Example_
\code
WC_RNG* rng = wc_rng_new(NULL, 0, NULL);
wc_rng_free(rng);
\endcode
\sa wc_rng_free
*/
WC_RNG* wc_rng_new(byte* nonce, word32 nonceSz, void* heap);
/*!
\ingroup Random
\brief Allocates and initializes WC_RNG with extended parameters.
\return 0 On success
\return BAD_FUNC_ARG If rng is NULL
\return MEMORY_E Memory allocation failed
\param rng Pointer to store WC_RNG pointer
\param nonce Nonce buffer (can be NULL)
\param nonceSz Nonce size
\param heap Heap hint (can be NULL)
\param devId Device ID (INVALID_DEVID for software)
_Example_
\code
WC_RNG* rng;
int ret = wc_rng_new_ex(&rng, NULL, 0, NULL, INVALID_DEVID);
wc_rng_free(rng);
\endcode
\sa wc_rng_new
*/
int wc_rng_new_ex(WC_RNG **rng, byte* nonce, word32 nonceSz, void* heap,
int devId);
/*!
\ingroup Random
\brief Frees WC_RNG allocated with wc_rng_new.
\param rng WC_RNG to free
_Example_
\code
WC_RNG* rng = wc_rng_new(NULL, 0, NULL);
wc_rng_free(rng);
\endcode
\sa wc_rng_new
*/
void wc_rng_free(WC_RNG* rng);
/*!
\ingroup Random
\brief Initializes WC_RNG with extended parameters.
\return 0 On success
\return BAD_FUNC_ARG If rng is NULL
\return RNG_FAILURE_E Initialization failed
\param rng WC_RNG to initialize
\param heap Heap hint (can be NULL)
\param devId Device ID (INVALID_DEVID for software)
_Example_
\code
WC_RNG rng;
int ret = wc_InitRng_ex(&rng, NULL, INVALID_DEVID);
wc_FreeRng(&rng);
\endcode
\sa wc_InitRng
*/
int wc_InitRng_ex(WC_RNG* rng, void* heap, int devId);
/*!
\ingroup Random
\brief Initializes WC_RNG with nonce.
\return 0 On success
\return BAD_FUNC_ARG If rng is NULL
\return RNG_FAILURE_E Initialization failed
\param rng WC_RNG to initialize
\param nonce Nonce buffer
\param nonceSz Nonce size
_Example_
\code
WC_RNG rng;
byte nonce[16];
int ret = wc_InitRngNonce(&rng, nonce, sizeof(nonce));
wc_FreeRng(&rng);
\endcode
\sa wc_InitRng
*/
int wc_InitRngNonce(WC_RNG* rng, byte* nonce, word32 nonceSz);
/*!
\ingroup Random
\brief Initializes WC_RNG with nonce and extended parameters.
\return 0 On success
\return BAD_FUNC_ARG If rng is NULL
\return RNG_FAILURE_E Initialization failed
\param rng WC_RNG to initialize
\param nonce Nonce buffer
\param nonceSz Nonce size
\param heap Heap hint (can be NULL)
\param devId Device ID (INVALID_DEVID for software)
_Example_
\code
WC_RNG rng;
byte nonce[16];
int ret = wc_InitRngNonce_ex(&rng, nonce, sizeof(nonce), NULL,
INVALID_DEVID);
wc_FreeRng(&rng);
\endcode
\sa wc_InitRngNonce
*/
int wc_InitRngNonce_ex(WC_RNG* rng, byte* nonce, word32 nonceSz,
void* heap, int devId);
/*!
\ingroup Random
\brief Sets callback for custom seed generation.
\return 0 On success
\return BAD_FUNC_ARG If cb is NULL
\param cb Seed callback function
_Example_
\code
int my_cb(OS_Seed* os, byte* out, word32 sz) { return 0; }
wc_SetSeed_Cb(my_cb);
\endcode
\sa wc_GenerateSeed
*/
int wc_SetSeed_Cb(wc_RngSeed_Cb cb);
/*!
\ingroup Random
\brief Reseeds DRBG with new entropy.
\return 0 On success
\return BAD_FUNC_ARG If rng or seed is NULL
\return RNG_FAILURE_E Reseed failed
\param rng WC_RNG to reseed
\param seed Seed buffer
\param seedSz Seed size
_Example_
\code
WC_RNG rng;
byte seed[32];
wc_InitRng(&rng);
int ret = wc_RNG_DRBG_Reseed(&rng, seed, sizeof(seed));
\endcode
\sa wc_InitRng
*/
int wc_RNG_DRBG_Reseed(WC_RNG* rng, const byte* seed, word32 seedSz);
/*!
\ingroup Random
\brief Tests seed validity for DRBG.
\return 0 If valid
\return BAD_FUNC_ARG If seed is NULL
\return RNG_FAILURE_E Validation failed
\param seed Seed to test
\param seedSz Seed size
_Example_
\code
byte seed[32];
int ret = wc_RNG_TestSeed(seed, sizeof(seed));
\endcode
\sa wc_InitRng
*/
int wc_RNG_TestSeed(const byte* seed, word32 seedSz);
/*!
\ingroup Random
\brief RNG health test with extended parameters.
\return 0 On success
\return BAD_FUNC_ARG If required params NULL
\return -1 Test failed
\param reseed Non-zero to test reseeding
\param nonce Nonce buffer (can be NULL)
\param nonceSz Nonce size
\param seedA Initial seed
\param seedASz Initial seed size
\param seedB Reseed buffer (required if reseed set)
\param seedBSz Reseed size
\param output Output buffer
\param outputSz Output size
\param heap Heap hint (can be NULL)
\param devId Device ID (INVALID_DEVID for software)
_Example_
\code
byte seedA[32], seedB[32], out[64];
int ret = wc_RNG_HealthTest_ex(1, NULL, 0, seedA, 32, seedB, 32,
out, 64, NULL, INVALID_DEVID);
\endcode
\sa wc_RNG_HealthTest
*/
int wc_RNG_HealthTest_ex(int reseed, const byte* nonce, word32 nonceSz,
const byte* seedA, word32 seedASz,
const byte* seedB, word32 seedBSz, byte* output,
word32 outputSz, void* heap, int devId);
/*!
\ingroup Random
\brief Gets raw entropy without DRBG processing.
\return 0 On success
\return BAD_FUNC_ARG If raw is NULL
\return RNG_FAILURE_E Failed
\param raw Buffer for entropy
\param cnt Bytes to retrieve
_Example_
\code
byte raw[32];
int ret = wc_Entropy_GetRawEntropy(raw, sizeof(raw));
\endcode
\sa wc_Entropy_Get
*/
int wc_Entropy_GetRawEntropy(unsigned char* raw, int cnt);
/*!
\ingroup Random
\brief Gets processed entropy with specified bits.
\return 0 On success
\return BAD_FUNC_ARG If entropy is NULL
\return RNG_FAILURE_E Failed
\param bits Entropy bits required
\param entropy Buffer for entropy
\param len Buffer size
_Example_
\code
byte entropy[32];
int ret = wc_Entropy_Get(256, entropy, sizeof(entropy));
\endcode
\sa wc_Entropy_GetRawEntropy
*/
int wc_Entropy_Get(int bits, unsigned char* entropy, word32 len);
/*!
\ingroup Random
\brief Tests entropy source on demand.
\return 0 On success
\return RNG_FAILURE_E Test failed
_Example_
\code
int ret = wc_Entropy_OnDemandTest();
\endcode
\sa wc_Entropy_Get
*/
int wc_Entropy_OnDemandTest(void);

591
doc/dox_comments/header_files/rsa.h
View File

@@ -43,6 +43,9 @@ int wc_InitRsaKey(RsaKey* key, void* heap);
The key has to be associated with RNG by wc_RsaSetRNG when WC_RSA_BLINDING
is enabled.
\note This API is only available when WOLF_PRIVATE_KEY_ID is defined,
which is set for PKCS11 support.
\return 0 Returned upon successfully initializing the RSA structure for
use with encryption and decryption
\return BAD_FUNC_ARGS Returned if the RSA key pointer evaluates to NULL
@@ -1612,3 +1615,591 @@ int wc_RsaSetNonBlock(RsaKey* key, RsaNb* nb);
*/
int wc_RsaSetNonBlockTime(RsaKey* key, word32 maxBlockUs,
word32 cpuMHz);
/*!
\ingroup RSA
\brief Initializes RSA key with heap and device ID.
\return 0 on success
\return negative on error
\param key RSA key structure
\param heap Heap hint
\param devId Device ID
_Example_
\code
RsaKey key;
int ret = wc_InitRsaKey_ex(&key, NULL, INVALID_DEVID);
\endcode
\sa wc_InitRsaKey
*/
int wc_InitRsaKey_ex(RsaKey* key, void* heap, int devId);
/*!
\ingroup RSA
\brief Allocates and initializes new RSA key. These New/Delete functions
are exposed to support allocation of the structure using dynamic memory
to provide better ABI compatibility.
\note This API is only available when WC_NO_CONSTRUCTORS is not defined.
WC_NO_CONSTRUCTORS is automatically defined when WOLFSSL_NO_MALLOC is
defined.
\return RsaKey pointer on success
\return NULL on failure
\param heap Heap hint
\param devId Device ID
\param result_code Result code pointer
_Example_
\code
int result;
RsaKey* key = wc_NewRsaKey(NULL, INVALID_DEVID, &result);
\endcode
\sa wc_DeleteRsaKey
*/
RsaKey* wc_NewRsaKey(void* heap, int devId, int *result_code);
/*!
\ingroup RSA
\brief Deletes and frees RSA key. These New/Delete functions are exposed
to support allocation of the structure using dynamic memory to provide
better ABI compatibility.
\note This API is only available when WC_NO_CONSTRUCTORS is not defined.
WC_NO_CONSTRUCTORS is automatically defined when WOLFSSL_NO_MALLOC is
defined.
\return 0 on success
\return negative on error
\param key RSA key to delete
\param key_p Pointer to key pointer
_Example_
\code
RsaKey* key;
int ret = wc_DeleteRsaKey(key, &key);
\endcode
\sa wc_NewRsaKey
*/
int wc_DeleteRsaKey(RsaKey* key, RsaKey** key_p);
/*!
\ingroup RSA
\brief Initializes RSA key with label.
\note This API is only available when WOLF_PRIVATE_KEY_ID is defined,
which is set for PKCS11 support.
\return 0 on success
\return negative on error
\param key RSA key structure
\param label Label string
\param heap Heap hint
\param devId Device ID
_Example_
\code
RsaKey key;
int ret = wc_InitRsaKey_Label(&key, "mykey", NULL,
INVALID_DEVID);
\endcode
\sa wc_InitRsaKey_ex
*/
int wc_InitRsaKey_Label(RsaKey* key, const char* label, void* heap,
int devId);
/*!
\ingroup RSA
\brief Checks RSA key validity.
\return 0 on success
\return negative on error
\param key RSA key to check
_Example_
\code
RsaKey key;
int ret = wc_CheckRsaKey(&key);
\endcode
\sa wc_MakeRsaKey
*/
int wc_CheckRsaKey(RsaKey* key);
/*!
\ingroup RSA
\brief Uses key ID for hardware RSA.
\return 0 on success
\return negative on error
\param key RSA key
\param keyId Key identifier
\param flags Flags
_Example_
\code
RsaKey key;
int ret = wc_RsaUseKeyId(&key, 1, 0);
\endcode
\sa wc_RsaGetKeyId
*/
int wc_RsaUseKeyId(RsaKey* key, word32 keyId, word32 flags);
/*!
\ingroup RSA
\brief Gets key ID from hardware RSA key.
\return 0 on success
\return negative on error
\param key RSA key
\param keyId Key identifier pointer
_Example_
\code
RsaKey key;
word32 keyId;
int ret = wc_RsaGetKeyId(&key, &keyId);
\endcode
\sa wc_RsaUseKeyId
*/
int wc_RsaGetKeyId(RsaKey* key, word32* keyId);
/*!
\ingroup RSA
\brief Performs RSA operation.
\return 0 on success
\return negative on error
\param in Input buffer
\param inLen Input length
\param out Output buffer
\param outLen Output length pointer
\param type Operation type
\param key RSA key
\param rng Random number generator
_Example_
\code
RsaKey key;
WC_RNG rng;
byte in[256], out[256];
word32 outLen = sizeof(out);
int ret = wc_RsaFunction(in, 256, out, &outLen,
RSA_PUBLIC_ENCRYPT, &key, &rng);
\endcode
\sa wc_RsaPublicEncrypt
*/
int wc_RsaFunction(const byte* in, word32 inLen, byte* out,
word32* outLen, int type, RsaKey* key, WC_RNG* rng);
/*!
\ingroup RSA
\brief Signs with RSA-PSS extended options.
\return Size of signature on success
\return negative on error
\param in Input buffer
\param inLen Input length
\param out Output buffer
\param outLen Output buffer size
\param hash Hash type
\param mgf MGF type
\param saltLen Salt length
\param key RSA key
\param rng Random number generator
_Example_
\code
RsaKey key;
WC_RNG rng;
byte in[32], sig[256];
int ret = wc_RsaPSS_Sign_ex(in, 32, sig, sizeof(sig),
WC_HASH_TYPE_SHA256,
WC_MGF1SHA256, 32, &key, &rng);
\endcode
\sa wc_RsaPSS_Sign
*/
int wc_RsaPSS_Sign_ex(const byte* in, word32 inLen, byte* out,
word32 outLen, enum wc_HashType hash, int mgf, int saltLen,
RsaKey* key, WC_RNG* rng);
/*!
\ingroup RSA
\brief Verifies RSA signature with padding type.
\return Size of decrypted data on success
\return negative on error
\param in Input signature
\param inLen Signature length
\param out Output buffer
\param outLen Output buffer size
\param key RSA key
\param pad_type Padding type
_Example_
\code
RsaKey key;
byte sig[256], out[256];
int ret = wc_RsaSSL_Verify_ex(sig, 256, out, sizeof(out),
&key, RSA_PKCS1_PADDING);
\endcode
\sa wc_RsaSSL_Verify
*/
int wc_RsaSSL_Verify_ex(const byte* in, word32 inLen, byte* out,
word32 outLen, RsaKey* key, int pad_type);
/*!
\ingroup RSA
\brief Verifies RSA signature with hash type.
\return Size of decrypted data on success
\return negative on error
\param in Input signature
\param inLen Signature length
\param out Output buffer
\param outLen Output buffer size
\param key RSA key
\param pad_type Padding type
\param hash Hash type
_Example_
\code
RsaKey key;
byte sig[256], out[256];
int ret = wc_RsaSSL_Verify_ex2(sig, 256, out, sizeof(out),
&key, RSA_PKCS1_PADDING,
WC_HASH_TYPE_SHA256);
\endcode
\sa wc_RsaSSL_Verify_ex
*/
int wc_RsaSSL_Verify_ex2(const byte* in, word32 inLen, byte* out,
word32 outLen, RsaKey* key, int pad_type,
enum wc_HashType hash);
/*!
\ingroup RSA
\brief Verifies RSA-PSS inline with extended options.
\return Size of verified data on success
\return negative on error
\param in Input/output buffer
\param inLen Input length
\param out Output pointer
\param hash Hash type
\param mgf MGF type
\param saltLen Salt length
\param key RSA key
_Example_
\code
RsaKey key;
byte sig[256];
byte* out;
int ret = wc_RsaPSS_VerifyInline_ex(sig, 256, &out,
WC_HASH_TYPE_SHA256,
WC_MGF1SHA256, 32, &key);
\endcode
\sa wc_RsaPSS_VerifyInline
*/
int wc_RsaPSS_VerifyInline_ex(byte* in, word32 inLen, byte** out,
enum wc_HashType hash, int mgf, int saltLen, RsaKey* key);
/*!
\ingroup RSA
\brief Verifies RSA-PSS with extended options.
\return Size of verified data on success
\return negative on error
\param in Input signature
\param inLen Signature length
\param out Output buffer
\param outLen Output buffer size
\param hash Hash type
\param mgf MGF type
\param saltLen Salt length
\param key RSA key
_Example_
\code
RsaKey key;
byte sig[256], out[256];
int ret = wc_RsaPSS_Verify_ex(sig, 256, out, sizeof(out),
WC_HASH_TYPE_SHA256,
WC_MGF1SHA256, 32, &key);
\endcode
\sa wc_RsaPSS_Verify
*/
int wc_RsaPSS_Verify_ex(const byte* in, word32 inLen, byte* out,
word32 outLen, enum wc_HashType hash, int mgf, int saltLen,
RsaKey* key);
/*!
\ingroup RSA
\brief Checks RSA-PSS padding with extended options.
\return 0 on success
\return negative on error
\param in Padded data
\param inLen Padded data length
\param sig Signature
\param sigSz Signature size
\param hashType Hash type
\param saltLen Salt length
\param bits Key size in bits
\param heap Heap hint
_Example_
\code
byte padded[256], sig[256];
int ret = wc_RsaPSS_CheckPadding_ex2(padded, 256, sig, 256,
WC_HASH_TYPE_SHA256, 32,
2048, NULL);
\endcode
\sa wc_RsaPSS_CheckPadding_ex
*/
int wc_RsaPSS_CheckPadding_ex2(const byte* in, word32 inLen,
const byte* sig, word32 sigSz, enum wc_HashType hashType,
int saltLen, int bits, void* heap);
/*!
\ingroup RSA
\brief Exports RSA key components.
\return 0 on success
\return negative on error
\param key RSA key
\param e Public exponent buffer
\param eSz Public exponent size pointer
\param n Modulus buffer
\param nSz Modulus size pointer
\param d Private exponent buffer
\param dSz Private exponent size pointer
\param p Prime p buffer
\param pSz Prime p size pointer
\param q Prime q buffer
\param qSz Prime q size pointer
_Example_
\code
RsaKey key;
byte e[3], n[256], d[256], p[128], q[128];
word32 eSz = 3, nSz = 256, dSz = 256, pSz = 128, qSz = 128;
int ret = wc_RsaExportKey(&key, e, &eSz, n, &nSz, d, &dSz,
p, &pSz, q, &qSz);
\endcode
\sa wc_RsaFlattenPublicKey
*/
int wc_RsaExportKey(const RsaKey* key, byte* e, word32* eSz,
byte* n, word32* nSz, byte* d, word32* dSz, byte* p,
word32* pSz, byte* q, word32* qSz);
/*!
\ingroup RSA
\brief Checks probable prime with extended options.
\return 0 on success
\return negative on error
\param p Prime p buffer
\param pSz Prime p size
\param q Prime q buffer
\param qSz Prime q size
\param e Public exponent buffer
\param eSz Public exponent size
\param nlen Modulus length
\param isPrime Prime result pointer
\param rng Random number generator
_Example_
\code
byte p[128], q[128], e[3];
int isPrime;
WC_RNG rng;
int ret = wc_CheckProbablePrime_ex(p, 128, q, 128, e, 3,
2048, &isPrime, &rng);
\endcode
\sa wc_CheckProbablePrime
*/
int wc_CheckProbablePrime_ex(const byte* p, word32 pSz,
const byte* q, word32 qSz, const byte* e, word32 eSz,
int nlen, int* isPrime, WC_RNG* rng);
/*!
\ingroup RSA
\brief Checks probable prime.
\return 0 on success
\return negative on error
\param p Prime p buffer
\param pSz Prime p size
\param q Prime q buffer
\param qSz Prime q size
\param e Public exponent buffer
\param eSz Public exponent size
\param nlen Modulus length
\param isPrime Prime result pointer
_Example_
\code
byte p[128], q[128], e[3];
int isPrime;
int ret = wc_CheckProbablePrime(p, 128, q, 128, e, 3, 2048,
&isPrime);
\endcode
\sa wc_CheckProbablePrime_ex
*/
int wc_CheckProbablePrime(const byte* p, word32 pSz,
const byte* q, word32 qSz, const byte* e, word32 eSz,
int nlen, int* isPrime);
/*!
\ingroup RSA
\brief Pads data with extended options.
\return 0 on success
\return negative on error
\param input Input data
\param inputLen Input length
\param pkcsBlock Output padded block
\param pkcsBlockLen Padded block size
\param padValue Pad value
\param rng Random number generator
\param padType Padding type
\param hType Hash type
\param mgf MGF type
\param optLabel Optional label
\param labelLen Label length
\param saltLen Salt length
\param bits Key size in bits
\param heap Heap hint
_Example_
\code
byte in[32], padded[256];
WC_RNG rng;
int ret = wc_RsaPad_ex(in, 32, padded, 256, 0x00, &rng,
RSA_BLOCK_TYPE_1,
WC_HASH_TYPE_SHA256, WC_MGF1SHA256,
NULL, 0, 32, 2048, NULL);
\endcode
\sa wc_RsaUnPad_ex
*/
int wc_RsaPad_ex(const byte* input, word32 inputLen,
byte* pkcsBlock, word32 pkcsBlockLen, byte padValue,
WC_RNG* rng, int padType, enum wc_HashType hType, int mgf,
byte* optLabel, word32 labelLen, int saltLen, int bits,
void* heap);
/*!
\ingroup RSA
\brief Unpads data with extended options.
\return Size of unpadded data on success
\return negative on error
\param pkcsBlock Padded block
\param pkcsBlockLen Padded block length
\param out Output pointer
\param padValue Pad value
\param padType Padding type
\param hType Hash type
\param mgf MGF type
\param optLabel Optional label
\param labelLen Label length
\param saltLen Salt length
\param bits Key size in bits
\param heap Heap hint
_Example_
\code
byte padded[256];
byte* out;
int ret = wc_RsaUnPad_ex(padded, 256, &out, 0x00,
RSA_BLOCK_TYPE_1,
WC_HASH_TYPE_SHA256, WC_MGF1SHA256,
NULL, 0, 32, 2048, NULL);
\endcode
\sa wc_RsaPad_ex
*/
int wc_RsaUnPad_ex(byte* pkcsBlock, word32 pkcsBlockLen,
byte** out, byte padValue, int padType,
enum wc_HashType hType, int mgf, byte* optLabel,
word32 labelLen, int saltLen, int bits, void* heap);
/*!
\ingroup RSA
\brief Decodes raw RSA private key.
\return 0 on success
\return negative on error
\param n Modulus buffer
\param nSz Modulus size
\param e Public exponent buffer
\param eSz Public exponent size
\param d Private exponent buffer
\param dSz Private exponent size
\param u Coefficient buffer
\param uSz Coefficient size
\param p Prime p buffer
\param pSz Prime p size
\param q Prime q buffer
\param qSz Prime q size
\param dP dP buffer
\param dPSz dP size
\param dQ dQ buffer
\param dQSz dQ size
\param key RSA key
_Example_
\code
RsaKey key;
byte n[256], e[3], d[256], u[256], p[128], q[128];
byte dP[128], dQ[128];
int ret = wc_RsaPrivateKeyDecodeRaw(n, 256, e, 3, d, 256,
u, 256, p, 128, q, 128,
dP, 128, dQ, 128, &key);
\endcode
\sa wc_RsaPrivateKeyDecode
*/
int wc_RsaPrivateKeyDecodeRaw(const byte* n, word32 nSz,
const byte* e, word32 eSz, const byte* d, word32 dSz,
const byte* u, word32 uSz, const byte* p, word32 pSz,
const byte* q, word32 qSz, const byte* dP, word32 dPSz,
const byte* dQ, word32 dQSz, RsaKey* key);

121
doc/dox_comments/header_files/sha.h
View File

@@ -142,3 +142,124 @@ void wc_ShaFree(wc_Sha* sha);
\sa wc_InitSha
*/
int wc_ShaGetHash(wc_Sha* sha, byte* hash);
/*!
\ingroup SHA
\brief Initializes SHA with heap and device ID.
\return 0 on success
\return negative on error
\param sha SHA structure
\param heap Heap hint
\param devId Device ID
_Example_
\code
wc_Sha sha;
int ret = wc_InitSha_ex(&sha, NULL, INVALID_DEVID);
\endcode
\sa wc_InitSha
*/
int wc_InitSha_ex(wc_Sha* sha, void* heap, int devId);
/*!
\ingroup SHA
\brief Gets raw hash without finalizing.
\return 0 on success
\return negative on error
\param sha SHA structure
\param hash Output hash buffer
_Example_
\code
wc_Sha sha;
byte hash[WC_SHA_DIGEST_SIZE];
int ret = wc_ShaFinalRaw(&sha, hash);
\endcode
\sa wc_ShaFinal
*/
int wc_ShaFinalRaw(wc_Sha* sha, byte* hash);
/*!
\ingroup SHA
\brief Copies SHA context.
\return 0 on success
\return negative on error
\param src Source SHA structure
\param dst Destination SHA structure
_Example_
\code
wc_Sha src, dst;
int ret = wc_ShaCopy(&src, &dst);
\endcode
\sa wc_InitSha
*/
int wc_ShaCopy(wc_Sha* src, wc_Sha* dst);
/*!
\ingroup SHA
\brief Transforms SHA block.
\return 0 on success
\return negative on error
\param sha SHA structure
\param data Block data
_Example_
\code
wc_Sha sha;
unsigned char block[WC_SHA_BLOCK_SIZE];
int ret = wc_ShaTransform(&sha, block);
\endcode
\sa wc_ShaUpdate
*/
int wc_ShaTransform(wc_Sha* sha, const unsigned char* data);
/*!
\ingroup SHA
\brief Sets SHA size.
\return none No returns
\param sha SHA structure
\param len Size to set
_Example_
\code
wc_Sha sha;
wc_ShaSizeSet(&sha, 1000);
\endcode
\sa wc_ShaUpdate
*/
void wc_ShaSizeSet(wc_Sha* sha, word32 len);
/*!
\ingroup SHA
\brief Sets SHA flags.
\return 0 on success
\return negative on error
\param sha SHA structure
\param flags Flags to set
_Example_
\code
wc_Sha sha;
int ret = wc_ShaSetFlags(&sha, WC_HASH_FLAG_WILLCOPY);
\endcode
\sa wc_InitSha
*/
int wc_ShaSetFlags(wc_Sha* sha, word32 flags);

345
doc/dox_comments/header_files/sha256.h
View File

@@ -194,7 +194,7 @@ int wc_InitSha224(wc_Sha224* sha224);
_Example_
\code
Sha224 sha224;
byte data[] = { /* Data to be hashed };
byte data[]; // Data to be hashed
word32 len = sizeof(data);
if ((ret = wc_InitSha224(&sha224)) != 0) {
@@ -227,7 +227,7 @@ int wc_Sha224Update(wc_Sha224* sha224, const byte* data, word32 len);
_Example_
\code
Sha224 sha224;
byte data[] = { /* Data to be hashed };
byte data[]; // Data to be hashed
word32 len = sizeof(data);
if ((ret = wc_InitSha224(&sha224)) != 0) {
@@ -244,3 +244,344 @@ int wc_Sha224Update(wc_Sha224* sha224, const byte* data, word32 len);
\sa wc_Sha224Update
*/
int wc_Sha224Final(wc_Sha224* sha224, byte* hash);
/*!
\ingroup SHA
\brief Initializes SHA256 with heap and device ID.
\return 0 on success
\return negative on error
\param sha SHA256 structure
\param heap Heap hint
\param devId Device ID
_Example_
\code
wc_Sha256 sha;
int ret = wc_InitSha256_ex(&sha, NULL, INVALID_DEVID);
\endcode
\sa wc_InitSha256
*/
int wc_InitSha256_ex(wc_Sha256* sha, void* heap, int devId);
/*!
\ingroup SHA
\brief Gets raw hash without finalizing.
\return 0 on success
\return negative on error
\param sha256 SHA256 structure
\param hash Output hash buffer
_Example_
\code
wc_Sha256 sha;
byte hash[WC_SHA256_DIGEST_SIZE];
int ret = wc_Sha256FinalRaw(&sha, hash);
\endcode
\sa wc_Sha256Final
*/
int wc_Sha256FinalRaw(wc_Sha256* sha256, byte* hash);
/*!
\ingroup SHA
\brief Transforms SHA256 block.
\return 0 on success
\return negative on error
\param sha SHA256 structure
\param data Block data
_Example_
\code
wc_Sha256 sha;
unsigned char block[WC_SHA256_BLOCK_SIZE];
int ret = wc_Sha256Transform(&sha, block);
\endcode
\sa wc_Sha256Update
*/
int wc_Sha256Transform(wc_Sha256* sha, const unsigned char* data);
/*!
\ingroup SHA
\brief Hashes single block and outputs result.
\return 0 on success
\return negative on error
\param sha SHA256 structure
\param data Block data
\param hash Output hash buffer
_Example_
\code
wc_Sha256 sha;
unsigned char block[WC_SHA256_BLOCK_SIZE];
unsigned char hash[WC_SHA256_DIGEST_SIZE];
int ret = wc_Sha256HashBlock(&sha, block, hash);
\endcode
\sa wc_Sha256Transform
*/
int wc_Sha256HashBlock(wc_Sha256* sha, const unsigned char* data,
unsigned char* hash);
/*!
\ingroup SHA
\brief Grows SHA256 buffer with input data. This function is only
available when WOLFSSL_HASH_KEEP is defined. It is used for keeping an
internal buffer to hold all data to be hashed rather than iterating
over update, which is necessary for some hardware acceleration
platforms that have restrictions on streaming hash operations.
\return 0 on success
\return negative on error
\param sha256 SHA256 structure
\param in Input data
\param inSz Input size
_Example_
\code
wc_Sha256 sha;
byte data[100];
int ret = wc_Sha256_Grow(&sha, data, sizeof(data));
\endcode
\sa wc_Sha256Update
*/
int wc_Sha256_Grow(wc_Sha256* sha256, const byte* in, int inSz);
/*!
\ingroup SHA
\brief Copies SHA256 context.
\return 0 on success
\return negative on error
\param src Source SHA256 structure
\param dst Destination SHA256 structure
_Example_
\code
wc_Sha256 src, dst;
int ret = wc_Sha256Copy(&src, &dst);
\endcode
\sa wc_InitSha256
*/
int wc_Sha256Copy(wc_Sha256* src, wc_Sha256* dst);
/*!
\ingroup SHA
\brief Sets SHA256 size.
\return none No returns
\param sha256 SHA256 structure
\param len Size to set
_Example_
\code
wc_Sha256 sha;
wc_Sha256SizeSet(&sha, 1000);
\endcode
\sa wc_Sha256Update
*/
void wc_Sha256SizeSet(wc_Sha256* sha256, word32 len);
/*!
\ingroup SHA
\brief Sets SHA256 flags.
\return 0 on success
\return negative on error
\param sha256 SHA256 structure
\param flags Flags to set
_Example_
\code
wc_Sha256 sha;
int ret = wc_Sha256SetFlags(&sha, WC_HASH_FLAG_WILLCOPY);
\endcode
\sa wc_InitSha256
*/
int wc_Sha256SetFlags(wc_Sha256* sha256, word32 flags);
/*!
\ingroup SHA
\brief Gets SHA256 flags.
\return 0 on success
\return negative on error
\param sha256 SHA256 structure
\param flags Pointer to store flags
_Example_
\code
wc_Sha256 sha;
word32 flags;
int ret = wc_Sha256GetFlags(&sha, &flags);
\endcode
\sa wc_Sha256SetFlags
*/
int wc_Sha256GetFlags(wc_Sha256* sha256, word32* flags);
/*!
\ingroup SHA
\brief Initializes SHA224 with heap and device ID.
\return 0 on success
\return negative on error
\param sha224 SHA224 structure
\param heap Heap hint
\param devId Device ID
_Example_
\code
wc_Sha224 sha;
int ret = wc_InitSha224_ex(&sha, NULL, INVALID_DEVID);
\endcode
\sa wc_InitSha224
*/
int wc_InitSha224_ex(wc_Sha224* sha224, void* heap, int devId);
/*!
\ingroup SHA
\brief Frees SHA224 resources.
\return none No returns
\param sha224 SHA224 structure
_Example_
\code
wc_Sha224 sha;
wc_InitSha224(&sha);
wc_Sha224Free(&sha);
\endcode
\sa wc_InitSha224
*/
void wc_Sha224Free(wc_Sha224* sha224);
/*!
\ingroup SHA
\brief Grows SHA224 buffer with input data. This function is only
available when WOLFSSL_HASH_KEEP is defined. It is used for keeping an
internal buffer to hold all data to be hashed rather than iterating
over update, which is necessary for some hardware acceleration
platforms that have restrictions on streaming hash operations.
\return 0 on success
\return negative on error
\param sha224 SHA224 structure
\param in Input data
\param inSz Input size
_Example_
\code
wc_Sha224 sha;
byte data[100];
int ret = wc_Sha224_Grow(&sha, data, sizeof(data));
\endcode
\sa wc_Sha224Update
*/
int wc_Sha224_Grow(wc_Sha224* sha224, const byte* in, int inSz);
/*!
\ingroup SHA
\brief Gets SHA224 hash without finalizing.
\return 0 on success
\return negative on error
\param sha224 SHA224 structure
\param hash Output hash buffer
_Example_
\code
wc_Sha224 sha;
byte hash[WC_SHA224_DIGEST_SIZE];
int ret = wc_Sha224GetHash(&sha, hash);
\endcode
\sa wc_Sha224Final
*/
int wc_Sha224GetHash(wc_Sha224* sha224, byte* hash);
/*!
\ingroup SHA
\brief Copies SHA224 context.
\return 0 on success
\return negative on error
\param src Source SHA224 structure
\param dst Destination SHA224 structure
_Example_
\code
wc_Sha224 src, dst;
int ret = wc_Sha224Copy(&src, &dst);
\endcode
\sa wc_InitSha224
*/
int wc_Sha224Copy(wc_Sha224* src, wc_Sha224* dst);
/*!
\ingroup SHA
\brief Sets SHA224 flags.
\return 0 on success
\return negative on error
\param sha224 SHA224 structure
\param flags Flags to set
_Example_
\code
wc_Sha224 sha;
int ret = wc_Sha224SetFlags(&sha, WC_HASH_FLAG_WILLCOPY);
\endcode
\sa wc_InitSha224
*/
int wc_Sha224SetFlags(wc_Sha224* sha224, word32 flags);
/*!
\ingroup SHA
\brief Gets SHA224 flags.
\return 0 on success
\return negative on error
\param sha224 SHA224 structure
\param flags Pointer to store flags
_Example_
\code
wc_Sha224 sha;
word32 flags;
int ret = wc_Sha224GetFlags(&sha, &flags);
\endcode
\sa wc_Sha224SetFlags
*/
int wc_Sha224GetFlags(wc_Sha224* sha224, word32* flags);

824
doc/dox_comments/header_files/sha512.h
View File

@@ -181,3 +181,827 @@ int wc_Sha384Update(wc_Sha384* sha, const byte* data, word32 len);
\sa wc_InitSha384
*/
int wc_Sha384Final(wc_Sha384* sha384, byte* hash);
/*!
\ingroup SHA
\brief Initializes SHA512 with heap and device ID.
\return 0 on success
\return negative on error
\param sha SHA512 structure
\param heap Heap hint
\param devId Device ID
_Example_
\code
wc_Sha512 sha;
int ret = wc_InitSha512_ex(&sha, NULL, INVALID_DEVID);
\endcode
\sa wc_InitSha512
*/
int wc_InitSha512_ex(wc_Sha512* sha, void* heap, int devId);
/*!
\ingroup SHA
\brief Gets raw hash without finalizing.
\return 0 on success
\return negative on error
\param sha512 SHA512 structure
\param hash Output hash buffer
_Example_
\code
wc_Sha512 sha;
byte hash[WC_SHA512_DIGEST_SIZE];
int ret = wc_Sha512FinalRaw(&sha, hash);
\endcode
\sa wc_Sha512Final
*/
int wc_Sha512FinalRaw(wc_Sha512* sha512, byte* hash);
/*!
\ingroup SHA
\brief Frees SHA512 resources.
\return none No returns
\param sha SHA512 structure
_Example_
\code
wc_Sha512 sha;
wc_InitSha512(&sha);
wc_Sha512Free(&sha);
\endcode
\sa wc_InitSha512
*/
void wc_Sha512Free(wc_Sha512* sha);
/*!
\ingroup SHA
\brief Gets SHA512 hash without finalizing.
\return 0 on success
\return negative on error
\param sha512 SHA512 structure
\param hash Output hash buffer
_Example_
\code
wc_Sha512 sha;
byte hash[WC_SHA512_DIGEST_SIZE];
int ret = wc_Sha512GetHash(&sha, hash);
\endcode
\sa wc_Sha512Final
*/
int wc_Sha512GetHash(wc_Sha512* sha512, byte* hash);
/*!
\ingroup SHA
\brief Copies SHA512 context.
\return 0 on success
\return negative on error
\param src Source SHA512 structure
\param dst Destination SHA512 structure
_Example_
\code
wc_Sha512 src, dst;
int ret = wc_Sha512Copy(&src, &dst);
\endcode
\sa wc_InitSha512
*/
int wc_Sha512Copy(wc_Sha512* src, wc_Sha512* dst);
/*!
\ingroup SHA
\brief Grows SHA512 buffer with input data.
\return 0 on success
\return negative on error
\param sha512 SHA512 structure
\param in Input data
\param inSz Input size
_Example_
\code
wc_Sha512 sha;
byte data[100];
int ret = wc_Sha512_Grow(&sha, data, sizeof(data));
\endcode
\sa wc_Sha512Update
*/
int wc_Sha512_Grow(wc_Sha512* sha512, const byte* in, int inSz);
/*!
\ingroup SHA
\brief Sets SHA512 flags.
\return 0 on success
\return negative on error
\param sha512 SHA512 structure
\param flags Flags to set
_Example_
\code
wc_Sha512 sha;
int ret = wc_Sha512SetFlags(&sha, WC_HASH_FLAG_WILLCOPY);
\endcode
\sa wc_InitSha512
*/
int wc_Sha512SetFlags(wc_Sha512* sha512, word32 flags);
/*!
\ingroup SHA
\brief Gets SHA512 flags.
\return 0 on success
\return negative on error
\param sha512 SHA512 structure
\param flags Pointer to store flags
_Example_
\code
wc_Sha512 sha;
word32 flags;
int ret = wc_Sha512GetFlags(&sha, &flags);
\endcode
\sa wc_Sha512SetFlags
*/
int wc_Sha512GetFlags(wc_Sha512* sha512, word32* flags);
/*!
\ingroup SHA
\brief Transforms SHA512 block.
\return 0 on success
\return negative on error
\param sha SHA512 structure
\param data Block data
_Example_
\code
wc_Sha512 sha;
unsigned char block[WC_SHA512_BLOCK_SIZE];
int ret = wc_Sha512Transform(&sha, block);
\endcode
\sa wc_Sha512Update
*/
int wc_Sha512Transform(wc_Sha512* sha, const unsigned char* data);
/*!
\ingroup SHA
\brief Initializes SHA512/224.
\return 0 on success
\return negative on error
\param sha SHA512 structure
_Example_
\code
wc_Sha512 sha;
int ret = wc_InitSha512_224(&sha);
\endcode
\sa wc_Sha512_224Update
*/
int wc_InitSha512_224(wc_Sha512* sha);
/*!
\ingroup SHA
\brief Initializes SHA512/224 with heap and device ID.
\return 0 on success
\return negative on error
\param sha SHA512 structure
\param heap Heap hint
\param devId Device ID
_Example_
\code
wc_Sha512 sha;
int ret = wc_InitSha512_224_ex(&sha, NULL, INVALID_DEVID);
\endcode
\sa wc_InitSha512_224
*/
int wc_InitSha512_224_ex(wc_Sha512* sha, void* heap, int devId);
/*!
\ingroup SHA
\brief Updates SHA512/224 hash with data.
\return 0 on success
\return negative on error
\param sha SHA512 structure
\param data Input data
\param len Input size
_Example_
\code
wc_Sha512 sha;
byte data[100];
int ret = wc_Sha512_224Update(&sha, data, sizeof(data));
\endcode
\sa wc_InitSha512_224
*/
int wc_Sha512_224Update(wc_Sha512* sha, const byte* data, word32 len);
/*!
\ingroup SHA
\brief Gets raw SHA512/224 hash without finalizing.
\return 0 on success
\return negative on error
\param sha512 SHA512 structure
\param hash Output hash buffer
_Example_
\code
wc_Sha512 sha;
byte hash[WC_SHA512_224_DIGEST_SIZE];
int ret = wc_Sha512_224FinalRaw(&sha, hash);
\endcode
\sa wc_Sha512_224Final
*/
int wc_Sha512_224FinalRaw(wc_Sha512* sha512, byte* hash);
/*!
\ingroup SHA
\brief Finalizes SHA512/224 hash.
\return 0 on success
\return negative on error
\param sha512 SHA512 structure
\param hash Output hash buffer
_Example_
\code
wc_Sha512 sha;
byte hash[WC_SHA512_224_DIGEST_SIZE];
int ret = wc_Sha512_224Final(&sha, hash);
\endcode
\sa wc_Sha512_224Update
*/
int wc_Sha512_224Final(wc_Sha512* sha512, byte* hash);
/*!
\ingroup SHA
\brief Frees SHA512/224 resources.
\return none No returns
\param sha SHA512 structure
_Example_
\code
wc_Sha512 sha;
wc_InitSha512_224(&sha);
wc_Sha512_224Free(&sha);
\endcode
\sa wc_InitSha512_224
*/
void wc_Sha512_224Free(wc_Sha512* sha);
/*!
\ingroup SHA
\brief Gets SHA512/224 hash without finalizing.
\return 0 on success
\return negative on error
\param sha512 SHA512 structure
\param hash Output hash buffer
_Example_
\code
wc_Sha512 sha;
byte hash[WC_SHA512_224_DIGEST_SIZE];
int ret = wc_Sha512_224GetHash(&sha, hash);
\endcode
\sa wc_Sha512_224Final
*/
int wc_Sha512_224GetHash(wc_Sha512* sha512, byte* hash);
/*!
\ingroup SHA
\brief Copies SHA512/224 context.
\return 0 on success
\return negative on error
\param src Source SHA512 structure
\param dst Destination SHA512 structure
_Example_
\code
wc_Sha512 src, dst;
int ret = wc_Sha512_224Copy(&src, &dst);
\endcode
\sa wc_InitSha512_224
*/
int wc_Sha512_224Copy(wc_Sha512* src, wc_Sha512* dst);
/*!
\ingroup SHA
\brief Sets SHA512/224 flags.
\return 0 on success
\return negative on error
\param sha512 SHA512 structure
\param flags Flags to set
_Example_
\code
wc_Sha512 sha;
int ret = wc_Sha512_224SetFlags(&sha, WC_HASH_FLAG_WILLCOPY);
\endcode
\sa wc_InitSha512_224
*/
int wc_Sha512_224SetFlags(wc_Sha512* sha512, word32 flags);
/*!
\ingroup SHA
\brief Gets SHA512/224 flags.
\return 0 on success
\return negative on error
\param sha512 SHA512 structure
\param flags Pointer to store flags
_Example_
\code
wc_Sha512 sha;
word32 flags;
int ret = wc_Sha512_224GetFlags(&sha, &flags);
\endcode
\sa wc_Sha512_224SetFlags
*/
int wc_Sha512_224GetFlags(wc_Sha512* sha512, word32* flags);
/*!
\ingroup SHA
\brief Transforms SHA512/224 block.
\return 0 on success
\return negative on error
\param sha SHA512 structure
\param data Block data
_Example_
\code
wc_Sha512 sha;
unsigned char block[WC_SHA512_BLOCK_SIZE];
int ret = wc_Sha512_224Transform(&sha, block);
\endcode
\sa wc_Sha512_224Update
*/
int wc_Sha512_224Transform(wc_Sha512* sha, const unsigned char* data);
/*!
\ingroup SHA
\brief Initializes SHA512/256.
\return 0 on success
\return negative on error
\param sha SHA512 structure
_Example_
\code
wc_Sha512 sha;
int ret = wc_InitSha512_256(&sha);
\endcode
\sa wc_Sha512_256Update
*/
int wc_InitSha512_256(wc_Sha512* sha);
/*!
\ingroup SHA
\brief Initializes SHA512/256 with heap and device ID.
\return 0 on success
\return negative on error
\param sha SHA512 structure
\param heap Heap hint
\param devId Device ID
_Example_
\code
wc_Sha512 sha;
int ret = wc_InitSha512_256_ex(&sha, NULL, INVALID_DEVID);
\endcode
\sa wc_InitSha512_256
*/
int wc_InitSha512_256_ex(wc_Sha512* sha, void* heap, int devId);
/*!
\ingroup SHA
\brief Updates SHA512/256 hash with data.
\return 0 on success
\return negative on error
\param sha SHA512 structure
\param data Input data
\param len Input size
_Example_
\code
wc_Sha512 sha;
byte data[100];
int ret = wc_Sha512_256Update(&sha, data, sizeof(data));
\endcode
\sa wc_InitSha512_256
*/
int wc_Sha512_256Update(wc_Sha512* sha, const byte* data, word32 len);
/*!
\ingroup SHA
\brief Gets raw SHA512/256 hash without finalizing.
\return 0 on success
\return negative on error
\param sha512 SHA512 structure
\param hash Output hash buffer
_Example_
\code
wc_Sha512 sha;
byte hash[WC_SHA512_256_DIGEST_SIZE];
int ret = wc_Sha512_256FinalRaw(&sha, hash);
\endcode
\sa wc_Sha512_256Final
*/
int wc_Sha512_256FinalRaw(wc_Sha512* sha512, byte* hash);
/*!
\ingroup SHA
\brief Finalizes SHA512/256 hash.
\return 0 on success
\return negative on error
\param sha512 SHA512 structure
\param hash Output hash buffer
_Example_
\code
wc_Sha512 sha;
byte hash[WC_SHA512_256_DIGEST_SIZE];
int ret = wc_Sha512_256Final(&sha, hash);
\endcode
\sa wc_Sha512_256Update
*/
int wc_Sha512_256Final(wc_Sha512* sha512, byte* hash);
/*!
\ingroup SHA
\brief Frees SHA512/256 resources.
\return none No returns
\param sha SHA512 structure
_Example_
\code
wc_Sha512 sha;
wc_InitSha512_256(&sha);
wc_Sha512_256Free(&sha);
\endcode
\sa wc_InitSha512_256
*/
void wc_Sha512_256Free(wc_Sha512* sha);
/*!
\ingroup SHA
\brief Gets SHA512/256 hash without finalizing.
\return 0 on success
\return negative on error
\param sha512 SHA512 structure
\param hash Output hash buffer
_Example_
\code
wc_Sha512 sha;
byte hash[WC_SHA512_256_DIGEST_SIZE];
int ret = wc_Sha512_256GetHash(&sha, hash);
\endcode
\sa wc_Sha512_256Final
*/
int wc_Sha512_256GetHash(wc_Sha512* sha512, byte* hash);
/*!
\ingroup SHA
\brief Copies SHA512/256 context.
\return 0 on success
\return negative on error
\param src Source SHA512 structure
\param dst Destination SHA512 structure
_Example_
\code
wc_Sha512 src, dst;
int ret = wc_Sha512_256Copy(&src, &dst);
\endcode
\sa wc_InitSha512_256
*/
int wc_Sha512_256Copy(wc_Sha512* src, wc_Sha512* dst);
/*!
\ingroup SHA
\brief Sets SHA512/256 flags.
\return 0 on success
\return negative on error
\param sha512 SHA512 structure
\param flags Flags to set
_Example_
\code
wc_Sha512 sha;
int ret = wc_Sha512_256SetFlags(&sha, WC_HASH_FLAG_WILLCOPY);
\endcode
\sa wc_InitSha512_256
*/
int wc_Sha512_256SetFlags(wc_Sha512* sha512, word32 flags);
/*!
\ingroup SHA
\brief Gets SHA512/256 flags.
\return 0 on success
\return negative on error
\param sha512 SHA512 structure
\param flags Pointer to store flags
_Example_
\code
wc_Sha512 sha;
word32 flags;
int ret = wc_Sha512_256GetFlags(&sha, &flags);
\endcode
\sa wc_Sha512_256SetFlags
*/
int wc_Sha512_256GetFlags(wc_Sha512* sha512, word32* flags);
/*!
\ingroup SHA
\brief Transforms SHA512/256 block.
\return 0 on success
\return negative on error
\param sha SHA512 structure
\param data Block data
_Example_
\code
wc_Sha512 sha;
unsigned char block[WC_SHA512_BLOCK_SIZE];
int ret = wc_Sha512_256Transform(&sha, block);
\endcode
\sa wc_Sha512_256Update
*/
int wc_Sha512_256Transform(wc_Sha512* sha, const unsigned char* data);
/*!
\ingroup SHA
\brief Initializes SHA384 with heap and device ID.
\return 0 on success
\return negative on error
\param sha SHA384 structure
\param heap Heap hint
\param devId Device ID
_Example_
\code
wc_Sha384 sha;
int ret = wc_InitSha384_ex(&sha, NULL, INVALID_DEVID);
\endcode
\sa wc_InitSha384
*/
int wc_InitSha384_ex(wc_Sha384* sha, void* heap, int devId);
/*!
\ingroup SHA
\brief Gets raw SHA384 hash without finalizing.
\return 0 on success
\return negative on error
\param sha384 SHA384 structure
\param hash Output hash buffer
_Example_
\code
wc_Sha384 sha;
byte hash[WC_SHA384_DIGEST_SIZE];
int ret = wc_Sha384FinalRaw(&sha, hash);
\endcode
\sa wc_Sha384Final
*/
int wc_Sha384FinalRaw(wc_Sha384* sha384, byte* hash);
/*!
\ingroup SHA
\brief Frees SHA384 resources.
\return none No returns
\param sha SHA384 structure
_Example_
\code
wc_Sha384 sha;
wc_InitSha384(&sha);
wc_Sha384Free(&sha);
\endcode
\sa wc_InitSha384
*/
void wc_Sha384Free(wc_Sha384* sha);
/*!
\ingroup SHA
\brief Gets SHA384 hash without finalizing.
\return 0 on success
\return negative on error
\param sha384 SHA384 structure
\param hash Output hash buffer
_Example_
\code
wc_Sha384 sha;
byte hash[WC_SHA384_DIGEST_SIZE];
int ret = wc_Sha384GetHash(&sha, hash);
\endcode
\sa wc_Sha384Final
*/
int wc_Sha384GetHash(wc_Sha384* sha384, byte* hash);
/*!
\ingroup SHA
\brief Copies SHA384 context.
\return 0 on success
\return negative on error
\param src Source SHA384 structure
\param dst Destination SHA384 structure
_Example_
\code
wc_Sha384 src, dst;
int ret = wc_Sha384Copy(&src, &dst);
\endcode
\sa wc_InitSha384
*/
int wc_Sha384Copy(wc_Sha384* src, wc_Sha384* dst);
/*!
\ingroup SHA
\brief Grows SHA384 buffer with input data.
\return 0 on success
\return negative on error
\param sha384 SHA384 structure
\param in Input data
\param inSz Input size
_Example_
\code
wc_Sha384 sha;
byte data[100];
int ret = wc_Sha384_Grow(&sha, data, sizeof(data));
\endcode
\sa wc_Sha384Update
*/
int wc_Sha384_Grow(wc_Sha384* sha384, const byte* in, int inSz);
/*!
\ingroup SHA
\brief Sets SHA384 flags.
\return 0 on success
\return negative on error
\param sha384 SHA384 structure
\param flags Flags to set
_Example_
\code
wc_Sha384 sha;
int ret = wc_Sha384SetFlags(&sha, WC_HASH_FLAG_WILLCOPY);
\endcode
\sa wc_InitSha384
*/
int wc_Sha384SetFlags(wc_Sha384* sha384, word32 flags);
/*!
\ingroup SHA
\brief Gets SHA384 flags.
\return 0 on success
\return negative on error
\param sha384 SHA384 structure
\param flags Pointer to store flags
_Example_
\code
wc_Sha384 sha;
word32 flags;
int ret = wc_Sha384GetFlags(&sha, &flags);
\endcode
\sa wc_Sha384SetFlags
*/
int wc_Sha384GetFlags(wc_Sha384* sha384, word32* flags);
/*!
\ingroup SHA
\brief Transforms SHA384 block.
\return 0 on success
\return negative on error
\param sha SHA384 structure
\param data Block data
_Example_
\code
wc_Sha384 sha;
unsigned char block[WC_SHA384_BLOCK_SIZE];
int ret = wc_Sha384Transform(&sha, block);
\endcode
\sa wc_Sha384Update
*/
int wc_Sha384Transform(wc_Sha384* sha, const unsigned char* data);

203
doc/dox_comments/header_files/signature.h
View File

@@ -145,3 +145,206 @@ int wc_SignatureGenerate(
byte* sig, word32 *sig_len,
const void* key, word32 key_len,
WC_RNG* rng);
/*!
\ingroup Signature
\brief This function verifies a signature using a pre-computed hash.
Unlike wc_SignatureVerify which hashes the data first, this function
takes the hash directly and verifies the signature against it.
If sig_type is WC_SIGNATURE_TYPE_RSA_W_ENC, hash data must be encoded
with wc_EncodeSignature prior to calling.
\return 0 Success
\return SIG_TYPE_E Signature type not enabled/available
\return BAD_FUNC_ARG Bad function argument provided
\return BUFFER_E Output buffer too small or input too large
\param hash_type A hash type from enum wc_HashType
\param sig_type A signature type such as WC_SIGNATURE_TYPE_ECC or
WC_SIGNATURE_TYPE_RSA
\param hash_data Pointer to buffer containing the hash to verify
\param hash_len Length of the hash buffer
\param sig Pointer to buffer containing the signature
\param sig_len Length of the signature buffer
\param key Pointer to a key structure such as ecc_key or RsaKey
\param key_len Size of the key structure
_Example_
\code
ecc_key eccKey;
byte hash[WC_SHA256_DIGEST_SIZE];
byte sig[ECC_MAX_SIG_SIZE];
word32 sigLen = sizeof(sig);
wc_ecc_init(&eccKey);
// import public key and compute hash
int ret = wc_SignatureVerifyHash(WC_HASH_TYPE_SHA256,
WC_SIGNATURE_TYPE_ECC, hash,
sizeof(hash), sig, sigLen,
&eccKey, sizeof(eccKey));
if (ret == 0) {
// signature verified
}
\endcode
\sa wc_SignatureVerify
\sa wc_SignatureGenerateHash
*/
int wc_SignatureVerifyHash(enum wc_HashType hash_type,
enum wc_SignatureType sig_type,
const byte* hash_data, word32 hash_len,
const byte* sig, word32 sig_len,
const void* key, word32 key_len);
/*!
\ingroup Signature
\brief This function generates a signature from a pre-computed hash.
Unlike wc_SignatureGenerate which hashes the data first, this
function takes the hash directly and signs it.
If sig_type is WC_SIGNATURE_TYPE_RSA_W_ENC, hash data must be encoded
with wc_EncodeSignature prior to calling.
\return 0 Success
\return SIG_TYPE_E Signature type not enabled/available
\return BAD_FUNC_ARG Bad function argument provided
\return BUFFER_E Output buffer too small or input too large
\param hash_type A hash type from enum wc_HashType
\param sig_type A signature type such as WC_SIGNATURE_TYPE_ECC or
WC_SIGNATURE_TYPE_RSA
\param hash_data Pointer to buffer containing the hash to sign
\param hash_len Length of the hash buffer
\param sig Pointer to buffer to output signature
\param sig_len Pointer to length of signature output buffer
\param key Pointer to a key structure such as ecc_key or RsaKey
\param key_len Size of the key structure
\param rng Pointer to an initialized RNG structure
_Example_
\code
WC_RNG rng;
ecc_key eccKey;
byte hash[WC_SHA256_DIGEST_SIZE];
byte sig[ECC_MAX_SIG_SIZE];
word32 sigLen = sizeof(sig);
wc_InitRng(&rng);
wc_ecc_init(&eccKey);
wc_ecc_make_key(&rng, 32, &eccKey);
// compute hash
int ret = wc_SignatureGenerateHash(WC_HASH_TYPE_SHA256,
WC_SIGNATURE_TYPE_ECC, hash,
sizeof(hash), sig, &sigLen,
&eccKey, sizeof(eccKey), &rng);
\endcode
\sa wc_SignatureGenerate
\sa wc_SignatureVerifyHash
*/
int wc_SignatureGenerateHash(enum wc_HashType hash_type,
enum wc_SignatureType sig_type,
const byte* hash_data, word32 hash_len,
byte* sig, word32 *sig_len,
const void* key, word32 key_len,
WC_RNG* rng);
/*!
\ingroup Signature
\brief This function generates a signature from a pre-computed hash
with extended options. This is similar to wc_SignatureGenerateHash
but allows optional verification of the signature after generation.
\return 0 Success
\return SIG_TYPE_E Signature type not enabled/available
\return BAD_FUNC_ARG Bad function argument provided
\return BUFFER_E Output buffer too small or input too large
\param hash_type A hash type from enum wc_HashType
\param sig_type A signature type such as WC_SIGNATURE_TYPE_ECC or
WC_SIGNATURE_TYPE_RSA
\param hash_data Pointer to buffer containing the hash to sign
\param hash_len Length of the hash buffer
\param sig Pointer to buffer to output signature
\param sig_len Pointer to length of signature output buffer
\param key Pointer to a key structure such as ecc_key or RsaKey
\param key_len Size of the key structure
\param rng Pointer to an initialized RNG structure
\param verify If non-zero, verify the signature after generation
_Example_
\code
WC_RNG rng;
ecc_key eccKey;
byte hash[WC_SHA256_DIGEST_SIZE];
byte sig[ECC_MAX_SIG_SIZE];
word32 sigLen = sizeof(sig);
wc_InitRng(&rng);
wc_ecc_init(&eccKey);
wc_ecc_make_key(&rng, 32, &eccKey);
int ret = wc_SignatureGenerateHash_ex(WC_HASH_TYPE_SHA256,
WC_SIGNATURE_TYPE_ECC, hash,
sizeof(hash), sig, &sigLen,
&eccKey, sizeof(eccKey),
&rng, 1);
\endcode
\sa wc_SignatureGenerateHash
\sa wc_SignatureGenerate_ex
*/
int wc_SignatureGenerateHash_ex(enum wc_HashType hash_type,
enum wc_SignatureType sig_type,
const byte* hash_data, word32 hash_len,
byte* sig, word32 *sig_len,
const void* key, word32 key_len,
WC_RNG* rng, int verify);
/*!
\ingroup Signature
\brief This function generates a signature from data with extended
options. This is similar to wc_SignatureGenerate but allows optional
verification of the signature after generation.
\return 0 Success
\return SIG_TYPE_E Signature type not enabled/available
\return BAD_FUNC_ARG Bad function argument provided
\return BUFFER_E Output buffer too small or input too large
\param hash_type A hash type from enum wc_HashType
\param sig_type A signature type such as WC_SIGNATURE_TYPE_ECC or
WC_SIGNATURE_TYPE_RSA
\param data Pointer to buffer containing the data to hash and sign
\param data_len Length of the data buffer
\param sig Pointer to buffer to output signature
\param sig_len Pointer to length of signature output buffer
\param key Pointer to a key structure such as ecc_key or RsaKey
\param key_len Size of the key structure
\param rng Pointer to an initialized RNG structure
\param verify If non-zero, verify the signature after generation
_Example_
\code
WC_RNG rng;
ecc_key eccKey;
byte data[]; // data to sign
byte sig[ECC_MAX_SIG_SIZE];
word32 sigLen = sizeof(sig);
wc_InitRng(&rng);
wc_ecc_init(&eccKey);
wc_ecc_make_key(&rng, 32, &eccKey);
int ret = wc_SignatureGenerate_ex(WC_HASH_TYPE_SHA256,
WC_SIGNATURE_TYPE_ECC, data,
sizeof(data), sig, &sigLen,
&eccKey, sizeof(eccKey), &rng, 1);
\endcode
\sa wc_SignatureGenerate
\sa wc_SignatureGenerateHash_ex
*/
int wc_SignatureGenerate_ex(enum wc_HashType hash_type,
enum wc_SignatureType sig_type,
const byte* data, word32 data_len,
byte* sig, word32 *sig_len,
const void* key, word32 key_len,
WC_RNG* rng, int verify);

43
doc/dox_comments/header_files/srp.h
View File

@@ -32,6 +32,49 @@
*/
int wc_SrpInit(Srp* srp, SrpType type, SrpSide side);
/*!
\ingroup SRP
\brief Initializes the Srp struct for usage with extended parameters.
This function is similar to wc_SrpInit but allows specification of a
custom heap hint and device ID for hardware acceleration.
\return 0 on success.
\return BAD_FUNC_ARG Returns when there's an issue with the arguments
such as srp being null or SrpSide not being SRP_CLIENT_SIDE or
SRP_SERVER_SIDE.
\return NOT_COMPILED_IN Returns when a type is passed as an argument
but hasn't been configured in the wolfCrypt build.
\return <0 on error.
\param srp the Srp structure to be initialized.
\param type the hash type to be used.
\param side the side of the communication.
\param heap pointer to heap hint for memory allocation (can be NULL).
\param devId device ID for hardware acceleration (use INVALID_DEVID
for software only).
_Example_
\code
Srp srp;
void* heap = NULL;
int devId = INVALID_DEVID;
if (wc_SrpInit_ex(&srp, SRP_TYPE_SHA, SRP_CLIENT_SIDE, heap,
devId) != 0) {
// Initialization error
}
else {
wc_SrpTerm(&srp);
}
\endcode
\sa wc_SrpInit
\sa wc_SrpTerm
\sa wc_SrpSetUsername
*/
int wc_SrpInit_ex(Srp* srp, SrpType type, SrpSide side, void* heap,
int devId);
/*!
\ingroup SRP

298
doc/dox_comments/header_files/types.h
View File

@@ -170,3 +170,301 @@ void XFREE(void *p, void* heap, int type);
\sa CheckRunTimeFastMath
*/
word32 CheckRunTimeSettings(void);
/*!
\ingroup String
\brief Thread-safe string tokenization.
\return Pointer to next token or NULL
\param str String to tokenize (NULL for continuation)
\param delim Delimiter characters
\param nextp Pointer to save position
_Example_
\code
char str[] = "one,two,three";
char* saveptr;
char* token = wc_strtok(str, ",", &saveptr);
\endcode
\sa wc_strsep
*/
char* wc_strtok(char *str, const char *delim, char **nextp);
/*!
\ingroup String
\brief Separates string by delimiter.
\return Pointer to token or NULL
\param stringp Pointer to string pointer
\param delim Delimiter characters
_Example_
\code
char str[] = "one,two,three";
char* ptr = str;
char* token = wc_strsep(&ptr, ",");
\endcode
\sa wc_strtok
*/
char* wc_strsep(char **stringp, const char *delim);
/*!
\ingroup String
\brief Safely copies string with size limit.
\return Length of source string
\param dst Destination buffer
\param src Source string
\param dstSize Destination buffer size
_Example_
\code
char dst[10];
size_t len = wc_strlcpy(dst, "hello", sizeof(dst));
\endcode
\sa wc_strlcat
*/
size_t wc_strlcpy(char *dst, const char *src, size_t dstSize);
/*!
\ingroup String
\brief Safely concatenates strings with size limit.
\return Total length attempted
\param dst Destination buffer
\param src Source string
\param dstSize Destination buffer size
_Example_
\code
char dst[20] = "hello";
size_t len = wc_strlcat(dst, " world", sizeof(dst));
\endcode
\sa wc_strlcpy
*/
size_t wc_strlcat(char *dst, const char *src, size_t dstSize);
/*!
\ingroup String
\brief Case-insensitive string comparison.
\return 0 if equal, non-zero otherwise
\param s1 First string
\param s2 Second string
_Example_
\code
if (wc_strcasecmp("Hello", "hello") == 0) {
// strings are equal
}
\endcode
\sa wc_strncasecmp
*/
int wc_strcasecmp(const char *s1, const char *s2);
/*!
\ingroup String
\brief Case-insensitive string comparison with length limit.
\return 0 if equal, non-zero otherwise
\param s1 First string
\param s2 Second string
\param n Maximum characters to compare
_Example_
\code
if (wc_strncasecmp("Hello", "hello", 5) == 0) {
// strings are equal
}
\endcode
\sa wc_strcasecmp
*/
int wc_strncasecmp(const char *s1, const char *s2, size_t n);
/*!
\ingroup Threading
\brief Creates a new thread.
\return 0 on success
\return negative on error
\param thread Thread handle pointer
\param cb Thread callback function
\param arg Argument to pass to callback
_Example_
\code
THREAD_TYPE thread;
int ret = wolfSSL_NewThread(&thread, myCallback, NULL);
\endcode
\sa wolfSSL_JoinThread
*/
int wolfSSL_NewThread(THREAD_TYPE* thread, THREAD_CB cb, void* arg);
/*!
\ingroup Threading
\brief Creates a detached thread.
\return 0 on success
\return negative on error
\param cb Thread callback function
\param arg Argument to pass to callback
_Example_
\code
int ret = wolfSSL_NewThreadNoJoin(myCallback, NULL);
\endcode
\sa wolfSSL_NewThread
*/
int wolfSSL_NewThreadNoJoin(THREAD_CB_NOJOIN cb, void* arg);
/*!
\ingroup Threading
\brief Waits for thread to complete.
\return 0 on success
\return negative on error
\param thread Thread handle
_Example_
\code
THREAD_TYPE thread;
wolfSSL_NewThread(&thread, myCallback, NULL);
int ret = wolfSSL_JoinThread(thread);
\endcode
\sa wolfSSL_NewThread
*/
int wolfSSL_JoinThread(THREAD_TYPE thread);
/*!
\ingroup Threading
\brief Initializes condition variable.
\return 0 on success
\return negative on error
\param cond Condition variable pointer
_Example_
\code
COND_TYPE cond;
int ret = wolfSSL_CondInit(&cond);
\endcode
\sa wolfSSL_CondFree
*/
int wolfSSL_CondInit(COND_TYPE* cond);
/*!
\ingroup Threading
\brief Frees condition variable.
\return 0 on success
\return negative on error
\param cond Condition variable pointer
_Example_
\code
COND_TYPE cond;
wolfSSL_CondInit(&cond);
int ret = wolfSSL_CondFree(&cond);
\endcode
\sa wolfSSL_CondInit
*/
int wolfSSL_CondFree(COND_TYPE* cond);
/*!
\ingroup Threading
\brief Signals condition variable.
\return 0 on success
\return negative on error
\param cond Condition variable pointer
_Example_
\code
COND_TYPE cond;
int ret = wolfSSL_CondSignal(&cond);
\endcode
\sa wolfSSL_CondWait
*/
int wolfSSL_CondSignal(COND_TYPE* cond);
/*!
\ingroup Threading
\brief Waits on condition variable.
\return 0 on success
\return negative on error
\param cond Condition variable pointer
_Example_
\code
COND_TYPE cond;
int ret = wolfSSL_CondWait(&cond);
\endcode
\sa wolfSSL_CondSignal
*/
int wolfSSL_CondWait(COND_TYPE* cond);
/*!
\ingroup Threading
\brief Starts condition variable.
\return 0 on success
\return negative on error
\param cond Condition variable pointer
_Example_
\code
COND_TYPE cond;
int ret = wolfSSL_CondStart(&cond);
\endcode
\sa wolfSSL_CondEnd
*/
int wolfSSL_CondStart(COND_TYPE* cond);
/*!
\ingroup Threading
\brief Ends condition variable.
\return 0 on success
\return negative on error
\param cond Condition variable pointer
_Example_
\code
COND_TYPE cond;
wolfSSL_CondStart(&cond);
int ret = wolfSSL_CondEnd(&cond);
\endcode
\sa wolfSSL_CondStart
*/
int wolfSSL_CondEnd(COND_TYPE* cond);

121
doc/dox_comments/header_files/wc_encrypt.h
View File

@@ -210,3 +210,124 @@ int wc_Des3_CbcEncryptWithKey(byte* out,
int wc_Des3_CbcDecryptWithKey(byte* out,
const byte* in, word32 sz,
const byte* key, const byte* iv);
/*!
\ingroup AES
\brief This function encrypts a plaintext message and stores the
result in the output buffer. It uses AES encryption with cipher
block chaining (CBC) mode. This function does not require an AES
structure to be initialized. Instead, it takes in a key and an iv
and uses these to encrypt the message.
\return 0 On successfully encrypting the message
\return BAD_ALIGN_E Returned on block align error
\return BAD_FUNC_ARG Returned if key length is invalid
\return MEMORY_E Returned if WOLFSSL_SMALL_STACK is enabled and
XMALLOC fails to instantiate an AES object
\param out pointer to the output buffer in which to store the
ciphertext of the encrypted message
\param in pointer to the input buffer containing plaintext to
encrypt
\param inSz size of input message
\param key 16, 24, or 32 byte secret key for encryption
\param keySz size of key used for encryption
\param iv pointer to the 16 byte initialization vector to use
_Example_
\code
byte key[]; // 16, 24, or 32 byte key
byte iv[]; // 16 byte iv
byte plain[]; // plaintext to encrypt
byte cipher[sizeof(plain)];
int ret = wc_AesCbcEncryptWithKey(cipher, plain, sizeof(plain),
key, sizeof(key), iv);
if (ret != 0) {
// encryption error
}
\endcode
\sa wc_AesCbcDecryptWithKey
\sa wc_AesSetKey
\sa wc_AesCbcEncrypt
*/
int wc_AesCbcEncryptWithKey(byte* out, const byte* in, word32 inSz,
const byte* key, word32 keySz,
const byte* iv);
/*!
\ingroup Crypto
\brief This function decrypts an encrypted key buffer using the
provided password. It supports various encryption algorithms
including DES, 3DES, and AES. The encryption information is
provided in the EncryptedInfo structure.
\return Length of decrypted key on success
\return Negative value on error
\param info pointer to EncryptedInfo structure containing encryption
algorithm and parameters
\param der pointer to the encrypted key buffer
\param derSz size of the encrypted key buffer
\param password pointer to the password buffer
\param passwordSz size of the password
\param hashType hash algorithm to use for key derivation
_Example_
\code
EncryptedInfo info;
byte encryptedKey[]; // encrypted key data
byte password[] = "mypassword";
int ret = wc_BufferKeyDecrypt(&info, encryptedKey,
sizeof(encryptedKey), password,
sizeof(password)-1, WC_SHA256);
if (ret < 0) {
// decryption error
}
\endcode
\sa wc_BufferKeyEncrypt
*/
int wc_BufferKeyDecrypt(struct EncryptedInfo* info, byte* der,
word32 derSz, const byte* password,
int passwordSz, int hashType);
/*!
\ingroup Crypto
\brief This function encrypts a key buffer using the provided
password. It supports various encryption algorithms including DES,
3DES, and AES. The encryption information is provided in the
EncryptedInfo structure.
\return Length of encrypted key on success
\return Negative value on error
\param info pointer to EncryptedInfo structure containing encryption
algorithm and parameters
\param der pointer to the key buffer to encrypt
\param derSz size of the key buffer
\param password pointer to the password buffer
\param passwordSz size of the password
\param hashType hash algorithm to use for key derivation
_Example_
\code
EncryptedInfo info;
byte key[]; // key data to encrypt
byte password[] = "mypassword";
info.algo = AES256CBCb;
int ret = wc_BufferKeyEncrypt(&info, key, sizeof(key), password,
sizeof(password)-1, WC_SHA256);
if (ret < 0) {
// encryption error
}
\endcode
\sa wc_BufferKeyDecrypt
*/
int wc_BufferKeyEncrypt(struct EncryptedInfo* info, byte* der,
word32 derSz, const byte* password,
int passwordSz, int hashType);

693
doc/dox_comments/header_files/wc_port.h
View File

@@ -41,3 +41,696 @@ int wolfCrypt_Init(void);
\sa wolfCrypt_Init
*/
int wolfCrypt_Cleanup(void);
/*!
\ingroup Atomic
\brief Initializes atomic integer.
\return none No returns
\param c Atomic integer pointer
\param i Initial value
_Example_
\code
wolfSSL_Atomic_Int counter;
wolfSSL_Atomic_Int_Init(&counter, 0);
\endcode
\sa wolfSSL_Atomic_Int_FetchAdd
*/
void wolfSSL_Atomic_Int_Init(wolfSSL_Atomic_Int* c, int i);
/*!
\ingroup Atomic
\brief Initializes atomic unsigned integer.
\return none No returns
\param c Atomic unsigned integer pointer
\param i Initial value
_Example_
\code
wolfSSL_Atomic_Uint counter;
wolfSSL_Atomic_Uint_Init(&counter, 0);
\endcode
\sa wolfSSL_Atomic_Uint_FetchAdd
*/
void wolfSSL_Atomic_Uint_Init(wolfSSL_Atomic_Uint* c, unsigned int i);
/*!
\ingroup Atomic
\brief Atomically adds to integer and returns old value.
\return Old value before addition
\param c Atomic integer pointer
\param i Value to add
_Example_
\code
wolfSSL_Atomic_Int counter;
int old = wolfSSL_Atomic_Int_FetchAdd(&counter, 1);
\endcode
\sa wolfSSL_Atomic_Int_AddFetch
*/
int wolfSSL_Atomic_Int_FetchAdd(wolfSSL_Atomic_Int* c, int i);
/*!
\ingroup Atomic
\brief Atomically subtracts from integer and returns old value.
\return Old value before subtraction
\param c Atomic integer pointer
\param i Value to subtract
_Example_
\code
wolfSSL_Atomic_Int counter;
int old = wolfSSL_Atomic_Int_FetchSub(&counter, 1);
\endcode
\sa wolfSSL_Atomic_Int_SubFetch
*/
int wolfSSL_Atomic_Int_FetchSub(wolfSSL_Atomic_Int* c, int i);
/*!
\ingroup Atomic
\brief Atomically adds to integer and returns new value.
\return New value after addition
\param c Atomic integer pointer
\param i Value to add
_Example_
\code
wolfSSL_Atomic_Int counter;
int new_val = wolfSSL_Atomic_Int_AddFetch(&counter, 1);
\endcode
\sa wolfSSL_Atomic_Int_FetchAdd
*/
int wolfSSL_Atomic_Int_AddFetch(wolfSSL_Atomic_Int* c, int i);
/*!
\ingroup Atomic
\brief Atomically subtracts from integer and returns new value.
\return New value after subtraction
\param c Atomic integer pointer
\param i Value to subtract
_Example_
\code
wolfSSL_Atomic_Int counter;
int new_val = wolfSSL_Atomic_Int_SubFetch(&counter, 1);
\endcode
\sa wolfSSL_Atomic_Int_FetchSub
*/
int wolfSSL_Atomic_Int_SubFetch(wolfSSL_Atomic_Int* c, int i);
/*!
\ingroup Atomic
\brief Atomically compares and exchanges integer.
\return 1 if exchange occurred, 0 otherwise
\param c Atomic integer pointer
\param expected_i Pointer to expected value
\param new_i New value to set
_Example_
\code
wolfSSL_Atomic_Int counter;
int expected = 0;
int ret = wolfSSL_Atomic_Int_CompareExchange(&counter, &expected, 1);
\endcode
\sa wolfSSL_Atomic_Int_FetchAdd
*/
int wolfSSL_Atomic_Int_CompareExchange(wolfSSL_Atomic_Int* c,
int *expected_i, int new_i);
/*!
\ingroup Atomic
\brief Atomically adds to unsigned integer and returns old value.
\return Old value before addition
\param c Atomic unsigned integer pointer
\param i Value to add
_Example_
\code
wolfSSL_Atomic_Uint counter;
unsigned int old = wolfSSL_Atomic_Uint_FetchAdd(&counter, 1);
\endcode
\sa wolfSSL_Atomic_Uint_AddFetch
*/
unsigned int wolfSSL_Atomic_Uint_FetchAdd(wolfSSL_Atomic_Uint* c,
unsigned int i);
/*!
\ingroup Atomic
\brief Atomically subtracts from unsigned integer, returns old value.
\return Old value before subtraction
\param c Atomic unsigned integer pointer
\param i Value to subtract
_Example_
\code
wolfSSL_Atomic_Uint counter;
unsigned int old = wolfSSL_Atomic_Uint_FetchSub(&counter, 1);
\endcode
\sa wolfSSL_Atomic_Uint_SubFetch
*/
unsigned int wolfSSL_Atomic_Uint_FetchSub(wolfSSL_Atomic_Uint* c,
unsigned int i);
/*!
\ingroup Atomic
\brief Atomically adds to unsigned integer, returns new value.
\return New value after addition
\param c Atomic unsigned integer pointer
\param i Value to add
_Example_
\code
wolfSSL_Atomic_Uint counter;
unsigned int new_val = wolfSSL_Atomic_Uint_AddFetch(&counter, 1);
\endcode
\sa wolfSSL_Atomic_Uint_FetchAdd
*/
unsigned int wolfSSL_Atomic_Uint_AddFetch(wolfSSL_Atomic_Uint* c,
unsigned int i);
/*!
\ingroup Atomic
\brief Atomically subtracts from unsigned integer, returns new value.
\return New value after subtraction
\param c Atomic unsigned integer pointer
\param i Value to subtract
_Example_
\code
wolfSSL_Atomic_Uint counter;
unsigned int new_val = wolfSSL_Atomic_Uint_SubFetch(&counter, 1);
\endcode
\sa wolfSSL_Atomic_Uint_FetchSub
*/
unsigned int wolfSSL_Atomic_Uint_SubFetch(wolfSSL_Atomic_Uint* c,
unsigned int i);
/*!
\ingroup Atomic
\brief Atomically compares and exchanges unsigned integer.
\return 1 if exchange occurred, 0 otherwise
\param c Atomic unsigned integer pointer
\param expected_i Pointer to expected value
\param new_i New value to set
_Example_
\code
wolfSSL_Atomic_Uint counter;
unsigned int expected = 0;
int ret = wolfSSL_Atomic_Uint_CompareExchange(&counter, &expected, 1);
\endcode
\sa wolfSSL_Atomic_Uint_FetchAdd
*/
int wolfSSL_Atomic_Uint_CompareExchange(wolfSSL_Atomic_Uint* c,
unsigned int *expected_i,
unsigned int new_i);
/*!
\ingroup Atomic
\brief Atomically compares and exchanges pointer.
\return 1 if exchange occurred, 0 otherwise
\param c Pointer to pointer
\param expected_ptr Pointer to expected pointer value
\param new_ptr New pointer value
_Example_
\code
void* ptr = NULL;
void* expected = NULL;
void* new_val = malloc(100);
int ret = wolfSSL_Atomic_Ptr_CompareExchange(&ptr, &expected, new_val);
\endcode
\sa wolfSSL_Atomic_Int_CompareExchange
*/
int wolfSSL_Atomic_Ptr_CompareExchange(void** c, void **expected_ptr,
void *new_ptr);
/*!
\ingroup Mutex
\brief Initializes mutex.
\return 0 on success
\return negative on error
\param m Mutex pointer
_Example_
\code
wolfSSL_Mutex mutex;
int ret = wc_InitMutex(&mutex);
\endcode
\sa wc_FreeMutex
*/
int wc_InitMutex(wolfSSL_Mutex* m);
/*!
\ingroup Mutex
\brief Frees mutex resources.
\return 0 on success
\return negative on error
\param m Mutex pointer
_Example_
\code
wolfSSL_Mutex mutex;
wc_InitMutex(&mutex);
int ret = wc_FreeMutex(&mutex);
\endcode
\sa wc_InitMutex
*/
int wc_FreeMutex(wolfSSL_Mutex* m);
/*!
\ingroup Mutex
\brief Locks mutex.
\return 0 on success
\return negative on error
\param m Mutex pointer
_Example_
\code
wolfSSL_Mutex mutex;
int ret = wc_LockMutex(&mutex);
\endcode
\sa wc_UnLockMutex
*/
int wc_LockMutex(wolfSSL_Mutex* m);
/*!
\ingroup Mutex
\brief Unlocks mutex.
\return 0 on success
\return negative on error
\param m Mutex pointer
_Example_
\code
wolfSSL_Mutex mutex;
wc_LockMutex(&mutex);
int ret = wc_UnLockMutex(&mutex);
\endcode
\sa wc_LockMutex
*/
int wc_UnLockMutex(wolfSSL_Mutex* m);
/*!
\ingroup Mutex
\brief Initializes and allocates mutex.
\return Pointer to mutex on success
\return NULL on error
\param none No parameters
_Example_
\code
wolfSSL_Mutex* mutex = wc_InitAndAllocMutex();
if (mutex != NULL) {
wc_LockMutex(mutex);
}
\endcode
\sa wc_InitMutex
*/
wolfSSL_Mutex* wc_InitAndAllocMutex(void);
/*!
\ingroup RwLock
\brief Initializes read-write lock.
\return 0 on success
\return negative on error
\param m Read-write lock pointer
_Example_
\code
wolfSSL_RwLock lock;
int ret = wc_InitRwLock(&lock);
\endcode
\sa wc_FreeRwLock
*/
int wc_InitRwLock(wolfSSL_RwLock* m);
/*!
\ingroup RwLock
\brief Frees read-write lock resources.
\return 0 on success
\return negative on error
\param m Read-write lock pointer
_Example_
\code
wolfSSL_RwLock lock;
wc_InitRwLock(&lock);
int ret = wc_FreeRwLock(&lock);
\endcode
\sa wc_InitRwLock
*/
int wc_FreeRwLock(wolfSSL_RwLock* m);
/*!
\ingroup RwLock
\brief Locks read-write lock for writing.
\return 0 on success
\return negative on error
\param m Read-write lock pointer
_Example_
\code
wolfSSL_RwLock lock;
int ret = wc_LockRwLock_Wr(&lock);
\endcode
\sa wc_UnLockRwLock
*/
int wc_LockRwLock_Wr(wolfSSL_RwLock* m);
/*!
\ingroup RwLock
\brief Locks read-write lock for reading.
\return 0 on success
\return negative on error
\param m Read-write lock pointer
_Example_
\code
wolfSSL_RwLock lock;
int ret = wc_LockRwLock_Rd(&lock);
\endcode
\sa wc_UnLockRwLock
*/
int wc_LockRwLock_Rd(wolfSSL_RwLock* m);
/*!
\ingroup RwLock
\brief Unlocks read-write lock.
\return 0 on success
\return negative on error
\param m Read-write lock pointer
_Example_
\code
wolfSSL_RwLock lock;
wc_LockRwLock_Rd(&lock);
int ret = wc_UnLockRwLock(&lock);
\endcode
\sa wc_LockRwLock_Rd
*/
int wc_UnLockRwLock(wolfSSL_RwLock* m);
/*!
\ingroup Mutex
\brief Locks mutex with debug info.
\return 0 on success
\return negative on error
\param flag Lock flag
\param type Lock type
\param file Source file name
\param line Source line number
_Example_
\code
int ret = wc_LockMutex_ex(0, 0, __FILE__, __LINE__);
\endcode
\sa wc_LockMutex
*/
int wc_LockMutex_ex(int flag, int type, const char* file, int line);
/*!
\ingroup Mutex
\brief Sets mutex callback.
\return 0 on success
\return negative on error
\param cb Mutex callback pointer
_Example_
\code
mutex_cb cb;
int ret = wc_SetMutexCb(&cb);
\endcode
\sa wc_GetMutexCb
*/
int wc_SetMutexCb(mutex_cb* cb);
/*!
\ingroup Mutex
\brief Gets mutex callback.
\return Pointer to mutex callback
\param none No parameters
_Example_
\code
mutex_cb* cb = wc_GetMutexCb();
\endcode
\sa wc_SetMutexCb
*/
mutex_cb* wc_GetMutexCb(void);
/*!
\ingroup Memory
\brief Checkpoints peak heap allocations.
\return Peak allocation count
\param none No parameters
_Example_
\code
long peak = wolfCrypt_heap_peakAllocs_checkpoint();
\endcode
\sa wolfCrypt_heap_peakBytes_checkpoint
*/
long wolfCrypt_heap_peakAllocs_checkpoint(void);
/*!
\ingroup Memory
\brief Checkpoints peak heap bytes.
\return Peak bytes allocated
\param none No parameters
_Example_
\code
long peak = wolfCrypt_heap_peakBytes_checkpoint();
\endcode
\sa wolfCrypt_heap_peakAllocs_checkpoint
*/
long wolfCrypt_heap_peakBytes_checkpoint(void);
/*!
\ingroup File
\brief Loads file into buffer.
\return 0 on success
\return negative on error
\param fname File name
\param buf Buffer pointer
\param bufLen Buffer length pointer
\param heap Heap hint
_Example_
\code
unsigned char* buf = NULL;
size_t len = 0;
int ret = wc_FileLoad("file.txt", &buf, &len, NULL);
\endcode
\sa wc_FileExists
*/
int wc_FileLoad(const char* fname, unsigned char** buf, size_t* bufLen,
void* heap);
/*!
\ingroup File
\brief Reads first entry in directory.
\return 0 on success
\return negative on error
\param ctx Directory context
\param path Directory path
\param name Pointer to store entry name
_Example_
\code
ReadDirCtx ctx;
char* name;
int ret = wc_ReadDirFirst(&ctx, "/path", &name);
\endcode
\sa wc_ReadDirNext
*/
int wc_ReadDirFirst(ReadDirCtx* ctx, const char* path, char** name);
/*!
\ingroup File
\brief Reads next entry in directory.
\return 0 on success
\return negative on error
\param ctx Directory context
\param path Directory path
\param name Pointer to store entry name
_Example_
\code
ReadDirCtx ctx;
char* name;
int ret = wc_ReadDirNext(&ctx, "/path", &name);
\endcode
\sa wc_ReadDirFirst
*/
int wc_ReadDirNext(ReadDirCtx* ctx, const char* path, char** name);
/*!
\ingroup File
\brief Closes directory reading.
\return none No returns
\param ctx Directory context
_Example_
\code
ReadDirCtx ctx;
wc_ReadDirClose(&ctx);
\endcode
\sa wc_ReadDirFirst
*/
void wc_ReadDirClose(ReadDirCtx* ctx);
/*!
\ingroup File
\brief Checks if file exists.
\return 1 if file exists
\return 0 if file does not exist
\param fname File name
_Example_
\code
if (wc_FileExists("file.txt")) {
// file exists
}
\endcode
\sa wc_FileLoad
*/
int wc_FileExists(const char* fname);
/*!
\ingroup Callback
\brief Checks if handle callback is set.
\return 1 if set
\return 0 if not set
\param none No parameters
_Example_
\code
if (wolfSSL_GetHandleCbSet()) {
// callback is set
}
\endcode
\sa wolfSSL_SetHandleCb
*/
int wolfSSL_GetHandleCbSet(void);
/*!
\ingroup Callback
\brief Sets handle callback.
\return 0 on success
\return negative on error
\param in Handle callback
_Example_
\code
int ret = wolfSSL_SetHandleCb(myHandleCallback);
\endcode
\sa wolfSSL_GetHandleCbSet
*/
int wolfSSL_SetHandleCb(wolfSSL_DSP_Handle_cb in);

798
doc/dox_comments/header_files/wolfio.h
View File

@@ -666,3 +666,801 @@ WOLFSSL_API void wolfSSL_SetRecvFrom(WOLFSSL* ssl, WolfSSLRecvFrom recvFrom);
\sa wolfSSL_SSLSetIOSend
*/
WOLFSSL_API void wolfSSL_SetSendTo(WOLFSSL* ssl, WolfSSLSento sendTo);
/*!
\ingroup IO
\brief Waits for socket to be ready for I/O with timeout.
\return 0 on success
\return negative on error
\param sockfd Socket file descriptor
\param to_sec Timeout in seconds
_Example_
\code
SOCKET_T sockfd;
int ret = wolfIO_Select(sockfd, 5);
\endcode
\sa wolfIO_TcpConnect
*/
int wolfIO_Select(SOCKET_T sockfd, int to_sec);
/*!
\ingroup IO
\brief Connects to TCP server with timeout.
\return 0 on success
\return negative on error
\param sockfd Pointer to socket file descriptor
\param ip IP address string
\param port Port number
\param to_sec Timeout in seconds
_Example_
\code
SOCKET_T sockfd;
int ret = wolfIO_TcpConnect(&sockfd, "127.0.0.1", 443, 5);
\endcode
\sa wolfIO_TcpBind
*/
int wolfIO_TcpConnect(SOCKET_T* sockfd, const char* ip,
unsigned short port, int to_sec);
/*!
\ingroup IO
\brief Accepts TCP connection.
\return Socket descriptor on success
\return negative on error
\param sockfd Socket file descriptor
\param peer_addr Peer address structure
\param peer_len Peer address length
_Example_
\code
SOCKET_T sockfd;
SOCKADDR peer;
XSOCKLENT len = sizeof(peer);
int ret = wolfIO_TcpAccept(sockfd, &peer, &len);
\endcode
\sa wolfIO_TcpBind
*/
int wolfIO_TcpAccept(SOCKET_T sockfd, SOCKADDR* peer_addr,
XSOCKLENT* peer_len);
/*!
\ingroup IO
\brief Binds TCP socket to port.
\return 0 on success
\return negative on error
\param sockfd Pointer to socket file descriptor
\param port Port number
_Example_
\code
SOCKET_T sockfd;
int ret = wolfIO_TcpBind(&sockfd, 443);
\endcode
\sa wolfIO_TcpAccept
*/
int wolfIO_TcpBind(SOCKET_T* sockfd, word16 port);
/*!
\ingroup IO
\brief Sends data on socket.
\return Number of bytes sent on success
\return negative on error
\param sd Socket descriptor
\param buf Buffer to send
\param sz Buffer size
\param wrFlags Write flags
_Example_
\code
SOCKET_T sd;
char buf[100];
int ret = wolfIO_Send(sd, buf, sizeof(buf), 0);
\endcode
\sa wolfIO_Recv
*/
int wolfIO_Send(SOCKET_T sd, char *buf, int sz, int wrFlags);
/*!
\ingroup IO
\brief Receives data from socket.
\return Number of bytes received on success
\return negative on error
\param sd Socket descriptor
\param buf Buffer to receive into
\param sz Buffer size
\param rdFlags Read flags
_Example_
\code
SOCKET_T sd;
char buf[100];
int ret = wolfIO_Recv(sd, buf, sizeof(buf), 0);
\endcode
\sa wolfIO_Send
*/
int wolfIO_Recv(SOCKET_T sd, char *buf, int sz, int rdFlags);
/*!
\ingroup IO
\brief Sends datagram to address.
\return Number of bytes sent on success
\return negative on error
\param sd Socket descriptor
\param addr Destination address
\param buf Buffer to send
\param sz Buffer size
\param wrFlags Write flags
_Example_
\code
SOCKET_T sd;
WOLFSSL_BIO_ADDR addr;
char buf[100];
int ret = wolfIO_SendTo(sd, &addr, buf, sizeof(buf), 0);
\endcode
\sa wolfIO_RecvFrom
*/
int wolfIO_SendTo(SOCKET_T sd, WOLFSSL_BIO_ADDR *addr, char *buf, int sz,
int wrFlags);
/*!
\ingroup IO
\brief Receives datagram from address.
\return Number of bytes received on success
\return negative on error
\param sd Socket descriptor
\param addr Source address
\param buf Buffer to receive into
\param sz Buffer size
\param rdFlags Read flags
_Example_
\code
SOCKET_T sd;
WOLFSSL_BIO_ADDR addr;
char buf[100];
int ret = wolfIO_RecvFrom(sd, &addr, buf, sizeof(buf), 0);
\endcode
\sa wolfIO_SendTo
*/
int wolfIO_RecvFrom(SOCKET_T sd, WOLFSSL_BIO_ADDR *addr, char *buf, int sz,
int rdFlags);
/*!
\ingroup IO
\brief BIO send callback.
\return Number of bytes sent on success
\return negative on error
\param ssl SSL object
\param buf Buffer to send
\param sz Buffer size
\param ctx Context pointer
_Example_
\code
WOLFSSL* ssl;
char buf[100];
int ret = wolfSSL_BioSend(ssl, buf, sizeof(buf), NULL);
\endcode
\sa wolfSSL_BioReceive
*/
int wolfSSL_BioSend(WOLFSSL* ssl, char *buf, int sz, void *ctx);
/*!
\ingroup IO
\brief BIO receive callback.
\return Number of bytes received on success
\return negative on error
\param ssl SSL object
\param buf Buffer to receive into
\param sz Buffer size
\param ctx Context pointer
_Example_
\code
WOLFSSL* ssl;
char buf[100];
int ret = wolfSSL_BioReceive(ssl, buf, sizeof(buf), NULL);
\endcode
\sa wolfSSL_BioSend
*/
int wolfSSL_BioReceive(WOLFSSL* ssl, char* buf, int sz, void* ctx);
/*!
\ingroup IO
\brief Receives multicast datagram.
\return Number of bytes received on success
\return negative on error
\param ssl SSL object
\param buf Buffer to receive into
\param sz Buffer size
\param ctx Context pointer
_Example_
\code
WOLFSSL* ssl;
char buf[100];
int ret = EmbedReceiveFromMcast(ssl, buf, sizeof(buf), NULL);
\endcode
\sa EmbedReceiveFrom
*/
int EmbedReceiveFromMcast(WOLFSSL *ssl, char *buf, int sz, void *ctx);
/*!
\ingroup IO
\brief Builds HTTP OCSP request.
\return Request size on success
\return negative on error
\param domainName Domain name
\param path URL path
\param ocspReqSz OCSP request size
\param buf Output buffer
\param bufSize Buffer size
_Example_
\code
char buf[1024];
int ret = wolfIO_HttpBuildRequestOcsp("example.com", "/ocsp", 100,
(unsigned char*)buf, sizeof(buf));
\endcode
\sa wolfIO_HttpProcessResponseOcsp
*/
int wolfIO_HttpBuildRequestOcsp(const char* domainName, const char* path,
int ocspReqSz, unsigned char* buf,
int bufSize);
/*!
\ingroup IO
\brief Processes HTTP OCSP response with generic I/O.
\return 0 on success
\return negative on error
\param ioCb I/O callback
\param ioCbCtx I/O callback context
\param respBuf Response buffer pointer
\param httpBuf HTTP buffer
\param httpBufSz HTTP buffer size
\param heap Heap hint
_Example_
\code
unsigned char* resp = NULL;
unsigned char httpBuf[1024];
int ret = wolfIO_HttpProcessResponseOcspGenericIO(myIoCb, ctx, &resp,
httpBuf,
sizeof(httpBuf), NULL);
\endcode
\sa wolfIO_HttpProcessResponseOcsp
*/
int wolfIO_HttpProcessResponseOcspGenericIO(WolfSSLGenericIORecvCb ioCb,
void* ioCbCtx,
unsigned char** respBuf,
unsigned char* httpBuf,
int httpBufSz, void* heap);
/*!
\ingroup IO
\brief Processes HTTP OCSP response.
\return 0 on success
\return negative on error
\param sfd Socket file descriptor
\param respBuf Response buffer pointer
\param httpBuf HTTP buffer
\param httpBufSz HTTP buffer size
\param heap Heap hint
_Example_
\code
int sfd;
unsigned char* resp = NULL;
unsigned char httpBuf[1024];
int ret = wolfIO_HttpProcessResponseOcsp(sfd, &resp, httpBuf,
sizeof(httpBuf), NULL);
\endcode
\sa wolfIO_HttpBuildRequestOcsp
*/
int wolfIO_HttpProcessResponseOcsp(int sfd, unsigned char** respBuf,
unsigned char* httpBuf, int httpBufSz,
void* heap);
/*!
\ingroup IO
\brief OCSP lookup callback.
\return 0 on success
\return negative on error
\param ctx Context pointer
\param url URL string
\param urlSz URL size
\param ocspReqBuf OCSP request buffer
\param ocspReqSz OCSP request size
\param ocspRespBuf OCSP response buffer pointer
_Example_
\code
byte* resp = NULL;
byte req[100];
int ret = EmbedOcspLookup(NULL, "http://example.com/ocsp", 25, req,
sizeof(req), &resp);
\endcode
\sa EmbedOcspRespFree
*/
int EmbedOcspLookup(void* ctx, const char* url, int urlSz,
byte* ocspReqBuf, int ocspReqSz, byte** ocspRespBuf);
/*!
\ingroup IO
\brief Builds HTTP CRL request.
\return Request size on success
\return negative on error
\param url URL string
\param urlSz URL size
\param domainName Domain name
\param buf Output buffer
\param bufSize Buffer size
_Example_
\code
char buf[1024];
int ret = wolfIO_HttpBuildRequestCrl("http://example.com/crl", 22,
"example.com",
(unsigned char*)buf, sizeof(buf));
\endcode
\sa wolfIO_HttpProcessResponseCrl
*/
int wolfIO_HttpBuildRequestCrl(const char* url, int urlSz,
const char* domainName, unsigned char* buf,
int bufSize);
/*!
\ingroup IO
\brief Processes HTTP CRL response.
\return 0 on success
\return negative on error
\param crl CRL object
\param sfd Socket file descriptor
\param httpBuf HTTP buffer
\param httpBufSz HTTP buffer size
_Example_
\code
WOLFSSL_CRL crl;
int sfd;
unsigned char httpBuf[1024];
int ret = wolfIO_HttpProcessResponseCrl(&crl, sfd, httpBuf,
sizeof(httpBuf));
\endcode
\sa wolfIO_HttpBuildRequestCrl
*/
int wolfIO_HttpProcessResponseCrl(WOLFSSL_CRL* crl, int sfd,
unsigned char* httpBuf, int httpBufSz);
/*!
\ingroup IO
\brief CRL lookup callback.
\return 0 on success
\return negative on error
\param crl CRL object
\param url URL string
\param urlSz URL size
_Example_
\code
WOLFSSL_CRL crl;
int ret = EmbedCrlLookup(&crl, "http://example.com/crl", 22);
\endcode
\sa wolfIO_HttpBuildRequestCrl
*/
int EmbedCrlLookup(WOLFSSL_CRL* crl, const char* url, int urlSz);
/*!
\ingroup IO
\brief Decodes URL into components.
\return 0 on success
\return negative on error
\param url URL string
\param urlSz URL size
\param outName Output domain name
\param outPath Output path
\param outPort Output port
_Example_
\code
char name[256], path[256];
unsigned short port;
int ret = wolfIO_DecodeUrl("http://example.com:443/path", 28, name,
path, &port);
\endcode
\sa wolfIO_HttpBuildRequest
*/
int wolfIO_DecodeUrl(const char* url, int urlSz, char* outName,
char* outPath, unsigned short* outPort);
/*!
\ingroup IO
\brief Builds generic HTTP request.
\return Request size on success
\return negative on error
\param reqType Request type (GET, POST, etc.)
\param domainName Domain name
\param path URL path
\param pathLen Path length
\param reqSz Request body size
\param contentType Content type
\param buf Output buffer
\param bufSize Buffer size
_Example_
\code
char buf[1024];
int ret = wolfIO_HttpBuildRequest("POST", "example.com", "/api", 4,
100, "application/json",
(unsigned char*)buf, sizeof(buf));
\endcode
\sa wolfIO_HttpProcessResponse
*/
int wolfIO_HttpBuildRequest(const char* reqType, const char* domainName,
const char* path, int pathLen, int reqSz,
const char* contentType, unsigned char* buf,
int bufSize);
/*!
\ingroup IO
\brief Processes HTTP response with generic I/O.
\return 0 on success
\return negative on error
\param ioCb I/O callback
\param ioCbCtx I/O callback context
\param appStrList Application string list
\param respBuf Response buffer pointer
\param httpBuf HTTP buffer
\param httpBufSz HTTP buffer size
\param dynType Dynamic type
\param heap Heap hint
_Example_
\code
unsigned char* resp = NULL;
unsigned char httpBuf[1024];
const char* appStrs[] = {"200 OK", NULL};
int ret = wolfIO_HttpProcessResponseGenericIO(myIoCb, ctx, appStrs,
&resp, httpBuf,
sizeof(httpBuf), 0, NULL);
\endcode
\sa wolfIO_HttpProcessResponse
*/
int wolfIO_HttpProcessResponseGenericIO(WolfSSLGenericIORecvCb ioCb,
void* ioCbCtx,
const char** appStrList,
unsigned char** respBuf,
unsigned char* httpBuf,
int httpBufSz, int dynType,
void* heap);
/*!
\ingroup IO
\brief Processes HTTP response.
\return 0 on success
\return negative on error
\param sfd Socket file descriptor
\param appStrList Application string list
\param respBuf Response buffer pointer
\param httpBuf HTTP buffer
\param httpBufSz HTTP buffer size
\param dynType Dynamic type
\param heap Heap hint
_Example_
\code
int sfd;
unsigned char* resp = NULL;
unsigned char httpBuf[1024];
const char* appStrs[] = {"200 OK", NULL};
int ret = wolfIO_HttpProcessResponse(sfd, appStrs, &resp, httpBuf,
sizeof(httpBuf), 0, NULL);
\endcode
\sa wolfIO_HttpBuildRequest
*/
int wolfIO_HttpProcessResponse(int sfd, const char** appStrList,
unsigned char** respBuf,
unsigned char* httpBuf, int httpBufSz,
int dynType, void* heap);
/*!
\ingroup IO
\brief Sets I/O send callback for context.
\return none No returns
\param ctx SSL context
\param CBIOSend Send callback
_Example_
\code
WOLFSSL_CTX* ctx;
wolfSSL_CTX_SetIOSend(ctx, mySendCallback);
\endcode
\sa wolfSSL_SSLSetIOSend
*/
void wolfSSL_CTX_SetIOSend(WOLFSSL_CTX *ctx, CallbackIOSend CBIOSend);
/*!
\ingroup IO
\brief Sets I/O receive callback for SSL object.
\return none No returns
\param ssl SSL object
\param CBIORecv Receive callback
_Example_
\code
WOLFSSL* ssl;
wolfSSL_SSLSetIORecv(ssl, myRecvCallback);
\endcode
\sa wolfSSL_CTX_SetIORecv
*/
void wolfSSL_SSLSetIORecv(WOLFSSL *ssl, CallbackIORecv CBIORecv);
/*!
\ingroup IO
\brief Sets I/O send callback for SSL object.
\return none No returns
\param ssl SSL object
\param CBIOSend Send callback
_Example_
\code
WOLFSSL* ssl;
wolfSSL_SSLSetIOSend(ssl, mySendCallback);
\endcode
\sa wolfSSL_CTX_SetIOSend
*/
void wolfSSL_SSLSetIOSend(WOLFSSL *ssl, CallbackIOSend CBIOSend);
/*!
\ingroup IO
\brief Sets I/O for Mynewt platform.
\return none No returns
\param ssl SSL object
\param mnSocket Mynewt socket
\param mnSockAddrIn Mynewt socket address
_Example_
\code
WOLFSSL* ssl;
struct mn_socket sock;
struct mn_sockaddr_in addr;
wolfSSL_SetIO_Mynewt(ssl, &sock, &addr);
\endcode
\sa wolfSSL_SetIO_LwIP
*/
void wolfSSL_SetIO_Mynewt(WOLFSSL* ssl, struct mn_socket* mnSocket,
struct mn_sockaddr_in* mnSockAddrIn);
/*!
\ingroup IO
\brief Sets I/O for LwIP platform.
\return 0 on success
\return negative on error
\param ssl SSL object
\param pcb Protocol control block
\param recv Receive callback
\param sent Sent callback
\param arg Argument pointer
_Example_
\code
WOLFSSL* ssl;
struct tcp_pcb* pcb;
int ret = wolfSSL_SetIO_LwIP(ssl, pcb, myRecv, mySent, NULL);
\endcode
\sa wolfSSL_SetIO_Mynewt
*/
int wolfSSL_SetIO_LwIP(WOLFSSL* ssl, void *pcb, tcp_recv_fn recv,
tcp_sent_fn sent, void *arg);
/*!
\ingroup IO
\brief Sets cookie context for DTLS.
\return none No returns
\param ssl SSL object
\param ctx Cookie context
_Example_
\code
WOLFSSL* ssl;
void* ctx;
wolfSSL_SetCookieCtx(ssl, ctx);
\endcode
\sa wolfSSL_GetCookieCtx
*/
void wolfSSL_SetCookieCtx(WOLFSSL* ssl, void *ctx);
/*!
\ingroup IO
\brief Gets cookie context for DTLS.
\return Cookie context pointer
\param ssl SSL object
_Example_
\code
WOLFSSL* ssl;
void* ctx = wolfSSL_GetCookieCtx(ssl);
\endcode
\sa wolfSSL_SetCookieCtx
*/
void* wolfSSL_GetCookieCtx(WOLFSSL* ssl);
/*!
\ingroup IO
\brief Sets get peer callback for context.
\return none No returns
\param ctx SSL context
\param cb Get peer callback
_Example_
\code
WOLFSSL_CTX* ctx;
wolfSSL_CTX_SetIOGetPeer(ctx, myGetPeerCallback);
\endcode
\sa wolfSSL_CTX_SetIOSetPeer
*/
void wolfSSL_CTX_SetIOGetPeer(WOLFSSL_CTX* ctx, CallbackGetPeer cb);
/*!
\ingroup IO
\brief Sets set peer callback for context.
\return none No returns
\param ctx SSL context
\param cb Set peer callback
_Example_
\code
WOLFSSL_CTX* ctx;
wolfSSL_CTX_SetIOSetPeer(ctx, mySetPeerCallback);
\endcode
\sa wolfSSL_CTX_SetIOGetPeer
*/
void wolfSSL_CTX_SetIOSetPeer(WOLFSSL_CTX* ctx, CallbackSetPeer cb);
/*!
\ingroup IO
\brief Gets peer information.
\return 0 on success
\return negative on error
\param ssl SSL object
\param ip IP address buffer
\param ipSz IP address buffer size pointer
\param port Port number pointer
\param fam Address family pointer
_Example_
\code
WOLFSSL* ssl;
char ip[46];
int ipSz = sizeof(ip);
unsigned short port;
int fam;
int ret = EmbedGetPeer(ssl, ip, &ipSz, &port, &fam);
\endcode
\sa EmbedSetPeer
*/
int EmbedGetPeer(WOLFSSL* ssl, char* ip, int* ipSz, unsigned short* port,
int* fam);
/*!
\ingroup IO
\brief Sets peer information.
\return 0 on success
\return negative on error
\param ssl SSL object
\param ip IP address string
\param ipSz IP address string size
\param port Port number
\param fam Address family
_Example_
\code
WOLFSSL* ssl;
int ret = EmbedSetPeer(ssl, "127.0.0.1", 9, 443, AF_INET);
\endcode
\sa EmbedGetPeer
*/
int EmbedSetPeer(WOLFSSL* ssl, char* ip, int ipSz, unsigned short port,
int fam);