PolarSSL
Encyclopedia
PolarSSL is a dual licensed (open source
- GPLv2 and commercial) implementation of the SSL and TLS
protocols. PolarSSL is almost entirely based on XySSL, which was written and copyrighted by French "white hat hacker" Christophe Devine. XySSL was first released on November 1, 2006 under GPL and BSD licenses. When Christophe Devine was no longer able to support XySSL in 2008 it was taken over by Paul Bakker who renamed it PolarSSL.
The core library
(written in the C programming language
) implements the basic cryptographic
functions and provides various utility functions. Unlike OpenSSL
and other implementations of TLS, PolarSSL is designed to fit on small embedded devices, with the minimum complete TLS stack requiring under 60KB of program space and under 64KB of RAM. It is also highly modular: each component, such as a cryptographic function, can be used independently from the rest of the framework. Versions are also available for Microsoft Windows
and Linux
. Because PolarSSL is written in the C programming language
, without external dependencies, it works on most Operating Systems and architectures without any hassle.
PolarSSL has a lot of documentation online, including full doxygen API documentation, Design Documentation for security evaluations, example applications and more.
The automatic test suites contain over 1600 tests for regressions, code coverage and cryptographic validation.
The PolarSSL modules are as loosely coupled as possible. If you want to use AES, just copy aes.c and aes.h and you are set. No other files required! This is valid for all symmetric and hash algorithms. Other modules are either as simple, or also require the modules they are dependent on (Sounds logical, doesn't it?).
All portability code is also present in the modules themselves. Doesn't this create duplicate defines? Yes, in some cases it does. But putting it in a central header file would defeat the entire loose coupling we hold so dear!
Cipher
s:
Cryptographic hash function
s:
Public-key cryptography
:
Open source
The term open source describes practices in production and development that promote access to the end product's source materials. Some consider open source a philosophy, others consider it a pragmatic methodology...
- GPLv2 and commercial) implementation of the SSL and TLS
Transport Layer Security
Transport Layer Security and its predecessor, Secure Sockets Layer , are cryptographic protocols that provide communication security over the Internet...
protocols. PolarSSL is almost entirely based on XySSL, which was written and copyrighted by French "white hat hacker" Christophe Devine. XySSL was first released on November 1, 2006 under GPL and BSD licenses. When Christophe Devine was no longer able to support XySSL in 2008 it was taken over by Paul Bakker who renamed it PolarSSL.
The core library
Library (computer science)
In computer science, a library is a collection of resources used to develop software. These may include pre-written code and subroutines, classes, values or type specifications....
(written in the C programming language
C (programming language)
C is a general-purpose computer programming language developed between 1969 and 1973 by Dennis Ritchie at the Bell Telephone Laboratories for use with the Unix operating system....
) implements the basic cryptographic
Cryptography
Cryptography is the practice and study of techniques for secure communication in the presence of third parties...
functions and provides various utility functions. Unlike OpenSSL
OpenSSL
OpenSSL is an open source implementation of the SSL and TLS protocols. The core library implements the basic cryptographic functions and provides various utility functions...
and other implementations of TLS, PolarSSL is designed to fit on small embedded devices, with the minimum complete TLS stack requiring under 60KB of program space and under 64KB of RAM. It is also highly modular: each component, such as a cryptographic function, can be used independently from the rest of the framework. Versions are also available for Microsoft Windows
Microsoft Windows
Microsoft Windows is a series of operating systems produced by Microsoft.Microsoft introduced an operating environment named Windows on November 20, 1985 as an add-on to MS-DOS in response to the growing interest in graphical user interfaces . Microsoft Windows came to dominate the world's personal...
and Linux
Linux
Linux is a Unix-like computer operating system assembled under the model of free and open source software development and distribution. The defining component of any Linux system is the Linux kernel, an operating system kernel first released October 5, 1991 by Linus Torvalds...
. Because PolarSSL is written in the C programming language
C (programming language)
C is a general-purpose computer programming language developed between 1969 and 1973 by Dennis Ritchie at the Bell Telephone Laboratories for use with the Unix operating system....
, without external dependencies, it works on most Operating Systems and architectures without any hassle.
PolarSSL Philosophy
PolarSSL is designed to be readable, documented, tested, low profile, loosely coupled and portable.PolarSSL has a lot of documentation online, including full doxygen API documentation, Design Documentation for security evaluations, example applications and more.
The automatic test suites contain over 1600 tests for regressions, code coverage and cryptographic validation.
The PolarSSL modules are as loosely coupled as possible. If you want to use AES, just copy aes.c and aes.h and you are set. No other files required! This is valid for all symmetric and hash algorithms. Other modules are either as simple, or also require the modules they are dependent on (Sounds logical, doesn't it?).
All portability code is also present in the modules themselves. Doesn't this create duplicate defines? Yes, in some cases it does. But putting it in a central header file would defeat the entire loose coupling we hold so dear!
Major version releases
- PolarSSL 1.0.0 was released on August 9, 2011.
- PolarSSL 0.14.0 was released on August 16, 2010.
- PolarSSL 0.13.1 was released on March 24, 2010.
- PolarSSL 0.12.1 was released on October 4, 2009.
- PolarSSL 0.12.0 was released on July 28, 2009.
- PolarSSL 0.11.0 was released on May 3, 2009.
Algorithms
PolarSSL supports a number of different cryptographic algorithms:Cipher
Cipher
In cryptography, a cipher is an algorithm for performing encryption or decryption — a series of well-defined steps that can be followed as a procedure. An alternative, less common term is encipherment. In non-technical usage, a “cipher” is the same thing as a “code”; however, the concepts...
s:
- AESAdvanced Encryption StandardAdvanced Encryption Standard is a specification for the encryption of electronic data. It has been adopted by the U.S. government and is now used worldwide. It supersedes DES...
, CamelliaCamellia (cipher)In cryptography, Camellia is a 128-bit block cipher jointly developed by Mitsubishi and NTT. The cipher has been approved for use by the ISO/IEC, the European Union's NESSIE project and the Japanese CRYPTREC project...
, DESData Encryption StandardThe Data Encryption Standard is a block cipher that uses shared secret encryption. It was selected by the National Bureau of Standards as an official Federal Information Processing Standard for the United States in 1976 and which has subsequently enjoyed widespread use internationally. It is...
, RC4RC4In cryptography, RC4 is the most widely used software stream cipher and is used in popular protocols such as Secure Sockets Layer and WEP...
, RC5RC5In cryptography, RC5 is a block cipher notable for its simplicity. Designed by Ronald Rivest in 1994, RC stands for "Rivest Cipher", or alternatively, "Ron's Code"...
, Triple DESTriple DESIn cryptography, Triple DES is the common name for the Triple Data Encryption Algorithm block cipher, which applies the Data Encryption Standard cipher algorithm three times to each data block....
, XTEAXTEAIn cryptography, XTEA is a block cipher designed to correct weaknesses in TEA. The cipher's designers were David Wheeler and Roger Needham of the Cambridge Computer Laboratory, and the algorithm was presented in an unpublished technical report in 1997...
Cryptographic hash function
Cryptographic hash function
A cryptographic hash function is a deterministic procedure that takes an arbitrary block of data and returns a fixed-size bit string, the hash value, such that an accidental or intentional change to the data will change the hash value...
s:
- MD5MD5The MD5 Message-Digest Algorithm is a widely used cryptographic hash function that produces a 128-bit hash value. Specified in RFC 1321, MD5 has been employed in a wide variety of security applications, and is also commonly used to check data integrity...
, MD2, MD4MD4The MD4 Message-Digest Algorithm is a cryptographic hash function developed by Ronald Rivest in 1990. The digest length is 128 bits. The algorithm has influenced later designs, such as the MD5, SHA-1 and RIPEMD algorithms....
, SHA-1, SHA-2SHA-2In cryptography, SHA-2 is a set of cryptographic hash functions designed by the National Security Agency and published in 2001 by the NIST as a U.S. Federal Information Processing Standard. SHA stands for Secure Hash Algorithm. SHA-2 includes a significant number of changes from its predecessor,...
Public-key cryptography
Public-key cryptography
Public-key cryptography refers to a cryptographic system requiring two separate keys, one to lock or encrypt the plaintext, and one to unlock or decrypt the cyphertext. Neither key will do both functions. One of these keys is published or public and the other is kept private...
:
- RSA, DSADigital Signature AlgorithmThe Digital Signature Algorithm is a United States Federal Government standard or FIPS for digital signatures. It was proposed by the National Institute of Standards and Technology in August 1991 for use in their Digital Signature Standard , specified in FIPS 186, adopted in 1993. A minor...
, Diffie-Hellman key exchangeDiffie-Hellman key exchangeDiffie–Hellman key exchange Synonyms of Diffie–Hellman key exchange include:*Diffie–Hellman key agreement*Diffie–Hellman key establishment*Diffie–Hellman key negotiation...
See also
- Transport Layer SecurityTransport Layer SecurityTransport Layer Security and its predecessor, Secure Sockets Layer , are cryptographic protocols that provide communication security over the Internet...
- Comparison of TLS ImplementationsComparison of TLS ImplementationsThe Transport Layer Security protocol provide the ability to secure communications across networks. There are several TLS implementations which are free and open source software and sometimes choosing between the available implementations can be tough...
- POSSE projectPOSSE projectThe Portable Open Source Security Elements, or POSSE project, was a co-operative venture between the University of Pennsylvania Distributed Systems Laboratory, the OpenBSD project and others. It received funding through a grant from the United States Defense Advanced Research Projects Agency, or...
- GnuTLSGnuTLSGnuTLS , the GNU Transport Layer Security Library, is a free software implementation of the SSL and TLS protocols. Its purpose is to offer an application programming interface for applications to enable secure communication protocols over their network transport layer.-Features:GnuTLS consists of...
- Network Security ServicesNetwork Security ServicesIn computing, Network Security Services comprises a set of libraries designed to support cross-platform development of security-enabled client and server applications. NSS provides a complete open-source implementation of crypto libraries supporting SSL and S/MIME...
- CyaSSLCyaSSLCyaSSL is a small, portable, embedded SSL programming library targeted for use by embedded systems developers. It is an open source, implementation of SSL built in the C language. It includes SSL client libraries and an SSL server implementation as well as support for multiple API's, including...
- MatrixSSLMatrixSSLMatrixSSL is an TLS/SSL implementation designed for custom applications in embedded hardware environments. The MatrixSSL library contains a full cryptographic software module that includes industry-standard public key and symmetric key algorithms....
- OpenSSLOpenSSLOpenSSL is an open source implementation of the SSL and TLS protocols. The core library implements the basic cryptographic functions and provides various utility functions...