13 files changed, 465 insertions, 422 deletions

diff --git a/src/Crypto.cpp b/src/Crypto.cpp
deleted file mode 100644
index 370b498bf..000000000
--- a/src/Crypto.cpp
+++ /dev/null
@@ -1,257 +0,0 @@
-
-// Crypto.cpp
-
-// Implements classes that wrap the cryptographic code library
-
-#include "Globals.h"
-#include "Crypto.h"
-
-#include "polarssl/pk.h"
-
-
-
-
-
-/*
-// Self-test the hash formatting for known values:
-// sha1(Notch) : 4ed1f46bbe04bc756bcb17c0c7ce3e4632f06a48
-// sha1(jeb_)  : -7c9d5b0044c130109a5d7b5fb5c317c02b4e28c1
-// sha1(simon) : 88e16a1019277b15d58faf0541e11910eb756f6
-
-class Test
-{
-public:
-	Test(void)
-	{
-		AString DigestNotch, DigestJeb, DigestSimon;
-		Byte Digest[20];
-		cSHA1Checksum Checksum;
-		Checksum.Update((const Byte *)"Notch", 5);
-		Checksum.Finalize(Digest);
-		cSHA1Checksum::DigestToJava(Digest, DigestNotch);
-		Checksum.Restart();
-		Checksum.Update((const Byte *)"jeb_", 4);
-		Checksum.Finalize(Digest);
-		cSHA1Checksum::DigestToJava(Digest, DigestJeb);
-		Checksum.Restart();
-		Checksum.Update((const Byte *)"simon", 5);
-		Checksum.Finalize(Digest);
-		cSHA1Checksum::DigestToJava(Digest, DigestSimon);
-		printf("Notch: \"%s\"\n", DigestNotch.c_str());
-		printf("jeb_:  \"%s\"\n",  DigestJeb.c_str());
-		printf("simon: \"%s\"\n", DigestSimon.c_str());
-		assert(DigestNotch == "4ed1f46bbe04bc756bcb17c0c7ce3e4632f06a48");
-		assert(DigestJeb   == "-7c9d5b0044c130109a5d7b5fb5c317c02b4e28c1");
-		assert(DigestSimon == "88e16a1019277b15d58faf0541e11910eb756f6");
-	}
-} test;
-*/
-
-
-
-
-
-
-///////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
-// cAESCFBDecryptor:
-
-cAESCFBDecryptor::cAESCFBDecryptor(void) :
-	m_IVOffset(0),
-	m_IsValid(false)
-{
-}
-
-
-
-
-
-cAESCFBDecryptor::~cAESCFBDecryptor()
-{
-	// Clear the leftover in-memory data, so that they can't be accessed by a backdoor
-	memset(&m_Aes, 0, sizeof(m_Aes));
-}
-
-
-
-
-
-void cAESCFBDecryptor::Init(const Byte a_Key[16], const Byte a_IV[16])
-{
-	ASSERT(!IsValid());  // Cannot Init twice
-	
-	memcpy(m_IV, a_IV, 16);
-	aes_setkey_enc(&m_Aes, a_Key, 128);
-	m_IsValid = true;
-}
-
-
-
-
-
-void cAESCFBDecryptor::ProcessData(Byte * a_DecryptedOut, const Byte * a_EncryptedIn, size_t a_Length)
-{
-	ASSERT(IsValid());  // Must Init() first
-	
-	// PolarSSL doesn't support AES-CFB8, need to implement it manually:
-	for (size_t i = 0; i < a_Length; i++)
-	{
-		Byte Buffer[sizeof(m_IV)];
-		aes_crypt_ecb(&m_Aes, AES_ENCRYPT, m_IV, Buffer);
-		for (size_t idx = 0; idx < sizeof(m_IV) - 1; idx++)
-		{
-			m_IV[idx] = m_IV[idx + 1];
-		}
-		m_IV[sizeof(m_IV) - 1] = a_EncryptedIn[i];
-		a_DecryptedOut[i] = a_EncryptedIn[i] ^ Buffer[0];
-	}
-}
-
-
-
-
-
-///////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
-// cAESCFBEncryptor:
-
-cAESCFBEncryptor::cAESCFBEncryptor(void) :
-	m_IVOffset(0),
-	m_IsValid(false)
-{
-}
-
-
-
-
-
-cAESCFBEncryptor::~cAESCFBEncryptor()
-{
-	// Clear the leftover in-memory data, so that they can't be accessed by a backdoor
-	memset(&m_Aes, 0, sizeof(m_Aes));
-}
-
-
-
-
-
-void cAESCFBEncryptor::Init(const Byte a_Key[16], const Byte a_IV[16])
-{
-	ASSERT(!IsValid());  // Cannot Init twice
-	ASSERT(m_IVOffset == 0);
-	
-	memcpy(m_IV, a_IV, 16);
-	aes_setkey_enc(&m_Aes, a_Key, 128);
-	m_IsValid = true;
-}
-
-
-
-
-
-void cAESCFBEncryptor::ProcessData(Byte * a_EncryptedOut, const Byte * a_PlainIn, size_t a_Length)
-{
-	ASSERT(IsValid());  // Must Init() first
-	
-	// PolarSSL doesn't do AES-CFB8, so we need to implement it ourselves:
-	for (size_t i = 0; i < a_Length; i++)
-	{
-		Byte Buffer[sizeof(m_IV)];
-		aes_crypt_ecb(&m_Aes, AES_ENCRYPT, m_IV, Buffer);
-		for (size_t idx = 0; idx < sizeof(m_IV) - 1; idx++)
-		{
-			m_IV[idx] = m_IV[idx + 1];
-		}
-		a_EncryptedOut[i] = a_PlainIn[i] ^ Buffer[0];
-		m_IV[sizeof(m_IV) - 1] = a_EncryptedOut[i];
-	}
-}
-
-
-
-
-
-///////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
-// cSHA1Checksum:
-
-cSHA1Checksum::cSHA1Checksum(void) :
-	m_DoesAcceptInput(true)
-{
-	sha1_starts(&m_Sha1);
-}
-
-
-
-
-
-void cSHA1Checksum::Update(const Byte * a_Data, size_t a_Length)
-{
-	ASSERT(m_DoesAcceptInput);  // Not Finalize()-d yet, or Restart()-ed
-	
-	sha1_update(&m_Sha1, a_Data, a_Length);
-}
-
-
-
-
-
-void cSHA1Checksum::Finalize(cSHA1Checksum::Checksum & a_Output)
-{
-	ASSERT(m_DoesAcceptInput);  // Not Finalize()-d yet, or Restart()-ed
-	
-	sha1_finish(&m_Sha1, a_Output);
-	m_DoesAcceptInput = false;
-}
-
-
-
-
-
-void cSHA1Checksum::DigestToJava(const Checksum & a_Digest, AString & a_Out)
-{
-	Checksum Digest;
-	memcpy(Digest, a_Digest, sizeof(Digest));
-	
-	bool IsNegative = (Digest[0] >= 0x80);
-	if (IsNegative)
-	{
-		// Two's complement:
-		bool carry = true;  // Add one to the whole number
-		for (int i = 19; i >= 0; i--)
-		{
-			Digest[i] = ~Digest[i];
-			if (carry)
-			{
-				carry = (Digest[i] == 0xff);
-				Digest[i]++;
-			}
-		}
-	}
-	a_Out.clear();
-	a_Out.reserve(40);
-	for (int i = 0; i < 20; i++)
-	{
-		AppendPrintf(a_Out, "%02x", Digest[i]);
-	}
-	while ((a_Out.length() > 0) && (a_Out[0] == '0'))
-	{
-		a_Out.erase(0, 1);
-	}
-	if (IsNegative)
-	{
-		a_Out.insert(0, "-");
-	}
-}
-
-
-
-
-
-
-void cSHA1Checksum::Restart(void)
-{
-	sha1_starts(&m_Sha1);
-	m_DoesAcceptInput = true;
-}
-
-
-
-
diff --git a/src/Crypto.h b/src/Crypto.h
deleted file mode 100644
index 993b21afb..000000000
--- a/src/Crypto.h
+++ /dev/null
@@ -1,124 +0,0 @@
-
-// Crypto.h
-
-// Declares classes that wrap the cryptographic code library
-
-
-
-
-
-#pragma once
-
-#include "polarssl/rsa.h"
-#include "polarssl/aes.h"
-#include "polarssl/entropy.h"
-#include "polarssl/ctr_drbg.h"
-#include "polarssl/sha1.h"
-
-
-
-
-
-/** Decrypts data using the AES / CFB (128) algorithm */
-class cAESCFBDecryptor
-{
-public:
-	Byte test;
-	
-	cAESCFBDecryptor(void);
-	~cAESCFBDecryptor();
-	
-	/** Initializes the decryptor with the specified Key / IV */
-	void Init(const Byte a_Key[16], const Byte a_IV[16]);
-	
-	/** Decrypts a_Length bytes of the encrypted data; produces a_Length output bytes */
-	void ProcessData(Byte * a_DecryptedOut, const Byte * a_EncryptedIn, size_t a_Length);
-	
-	/** Returns true if the object has been initialized with the Key / IV */
-	bool IsValid(void) const { return m_IsValid; }
-	
-protected:
-	aes_context m_Aes;
-	
-	/** The InitialVector, used by the CFB mode decryption */
-	Byte m_IV[16];
-	
-	/** Current offset in the m_IV, used by the CFB mode decryption */
-	size_t m_IVOffset;
-	
-	/** Indicates whether the object has been initialized with the Key / IV */
-	bool m_IsValid;
-} ;
-
-
-
-
-
-/** Encrypts data using the AES / CFB (128) algorithm */
-class cAESCFBEncryptor
-{
-public:
-	cAESCFBEncryptor(void);
-	~cAESCFBEncryptor();
-	
-	/** Initializes the decryptor with the specified Key / IV */
-	void Init(const Byte a_Key[16], const Byte a_IV[16]);
-	
-	/** Encrypts a_Length bytes of the plain data; produces a_Length output bytes */
-	void ProcessData(Byte * a_EncryptedOut, const Byte * a_PlainIn, size_t a_Length);
-	
-	/** Returns true if the object has been initialized with the Key / IV */
-	bool IsValid(void) const { return m_IsValid; }
-	
-protected:
-	aes_context m_Aes;
-	
-	/** The InitialVector, used by the CFB mode encryption */
-	Byte m_IV[16];
-	
-	/** Current offset in the m_IV, used by the CFB mode encryption */
-	size_t m_IVOffset;
-	
-	/** Indicates whether the object has been initialized with the Key / IV */
-	bool m_IsValid;
-} ;
-
-
-
-
-
-/** Calculates a SHA1 checksum for data stream */
-class cSHA1Checksum
-{
-public:
-	typedef Byte Checksum[20];  // The type used for storing the checksum
-	
-	cSHA1Checksum(void);
-	
-	/** Adds the specified data to the checksum */
-	void Update(const Byte * a_Data, size_t a_Length);
-	
-	/** Calculates and returns the final checksum */
-	void Finalize(Checksum & a_Output);
-	
-	/** Returns true if the object is accepts more input data, false if Finalize()-d (need to Restart()) */
-	bool DoesAcceptInput(void) const { return m_DoesAcceptInput; }
-	
-	/** Converts a raw 160-bit SHA1 digest into a Java Hex representation
-	According to http://wiki.vg/wiki/index.php?title=Protocol_Encryption&oldid=2802
-	*/
-	static void DigestToJava(const Checksum & a_Digest, AString & a_JavaOut);
-	
-	/** Clears the current context and start a new checksum calculation */
-	void Restart(void);
-	
-protected:
-	/** True if the object is accepts more input data, false if Finalize()-d (need to Restart()) */
-	bool m_DoesAcceptInput;
-	
-	sha1_context m_Sha1;
-} ;
-
-
-
-
diff --git a/src/PolarSSL++/AesCfb128Decryptor.cpp b/src/PolarSSL++/AesCfb128Decryptor.cpp
new file mode 100644
index 000000000..af0d5106e
--- /dev/null
+++ b/src/PolarSSL++/AesCfb128Decryptor.cpp
@@ -0,0 +1,67 @@
+
+// AesCfb128Decryptor.cpp
+
+// Implements the cAesCfb128Decryptor class decrypting data using AES CFB-128
+
+#include "Globals.h"
+#include "AesCfb128Decryptor.h"
+
+
+
+
+
+cAesCfb128Decryptor::cAesCfb128Decryptor(void) :
+	m_IVOffset(0),
+	m_IsValid(false)
+{
+}
+
+
+
+
+
+cAesCfb128Decryptor::~cAesCfb128Decryptor()
+{
+	// Clear the leftover in-memory data, so that they can't be accessed by a backdoor
+	memset(&m_Aes, 0, sizeof(m_Aes));
+}
+
+
+
+
+
+void cAesCfb128Decryptor::Init(const Byte a_Key[16], const Byte a_IV[16])
+{
+	ASSERT(!IsValid());  // Cannot Init twice
+	
+	memcpy(m_IV, a_IV, 16);
+	aes_setkey_enc(&m_Aes, a_Key, 128);
+	m_IsValid = true;
+}
+
+
+
+
+
+void cAesCfb128Decryptor::ProcessData(Byte * a_DecryptedOut, const Byte * a_EncryptedIn, size_t a_Length)
+{
+	ASSERT(IsValid());  // Must Init() first
+	
+	// PolarSSL doesn't support AES-CFB8, need to implement it manually:
+	for (size_t i = 0; i < a_Length; i++)
+	{
+		Byte Buffer[sizeof(m_IV)];
+		aes_crypt_ecb(&m_Aes, AES_ENCRYPT, m_IV, Buffer);
+		for (size_t idx = 0; idx < sizeof(m_IV) - 1; idx++)
+		{
+			m_IV[idx] = m_IV[idx + 1];
+		}
+		m_IV[sizeof(m_IV) - 1] = a_EncryptedIn[i];
+		a_DecryptedOut[i] = a_EncryptedIn[i] ^ Buffer[0];
+	}
+}
+
+
+
+
+
diff --git a/src/PolarSSL++/AesCfb128Decryptor.h b/src/PolarSSL++/AesCfb128Decryptor.h
new file mode 100644
index 000000000..68c203d70
--- /dev/null
+++ b/src/PolarSSL++/AesCfb128Decryptor.h
@@ -0,0 +1,52 @@
+
+// AesCfb128Decryptor.h
+
+// Declares the cAesCfb128Decryptor class decrypting data using AES CFB-128
+
+
+
+
+
+#pragma once
+
+#include "polarssl/aes.h"
+
+
+
+
+
+/** Decrypts data using the AES / CFB 128 algorithm */
+class cAesCfb128Decryptor
+{
+public:
+	Byte test;
+	
+	cAesCfb128Decryptor(void);
+	~cAesCfb128Decryptor();
+	
+	/** Initializes the decryptor with the specified Key / IV */
+	void Init(const Byte a_Key[16], const Byte a_IV[16]);
+	
+	/** Decrypts a_Length bytes of the encrypted data; produces a_Length output bytes */
+	void ProcessData(Byte * a_DecryptedOut, const Byte * a_EncryptedIn, size_t a_Length);
+	
+	/** Returns true if the object has been initialized with the Key / IV */
+	bool IsValid(void) const { return m_IsValid; }
+	
+protected:
+	aes_context m_Aes;
+	
+	/** The InitialVector, used by the CFB mode decryption */
+	Byte m_IV[16];
+	
+	/** Current offset in the m_IV, used by the CFB mode decryption */
+	size_t m_IVOffset;
+	
+	/** Indicates whether the object has been initialized with the Key / IV */
+	bool m_IsValid;
+} ;
+
+
+
+
+
diff --git a/src/PolarSSL++/AesCfb128Encryptor.cpp b/src/PolarSSL++/AesCfb128Encryptor.cpp
new file mode 100644
index 000000000..a641ad48e
--- /dev/null
+++ b/src/PolarSSL++/AesCfb128Encryptor.cpp
@@ -0,0 +1,68 @@
+
+// AesCfb128Encryptor.cpp
+
+// Implements the cAesCfb128Encryptor class encrypting data using AES CFB-128
+
+#include "Globals.h"
+#include "AesCfb128Encryptor.h"
+
+
+
+
+
+cAesCfb128Encryptor::cAesCfb128Encryptor(void) :
+	m_IVOffset(0),
+	m_IsValid(false)
+{
+}
+
+
+
+
+
+cAesCfb128Encryptor::~cAesCfb128Encryptor()
+{
+	// Clear the leftover in-memory data, so that they can't be accessed by a backdoor
+	memset(&m_Aes, 0, sizeof(m_Aes));
+}
+
+
+
+
+
+void cAesCfb128Encryptor::Init(const Byte a_Key[16], const Byte a_IV[16])
+{
+	ASSERT(!IsValid());  // Cannot Init twice
+	ASSERT(m_IVOffset == 0);
+	
+	memcpy(m_IV, a_IV, 16);
+	aes_setkey_enc(&m_Aes, a_Key, 128);
+	m_IsValid = true;
+}
+
+
+
+
+
+void cAesCfb128Encryptor::ProcessData(Byte * a_EncryptedOut, const Byte * a_PlainIn, size_t a_Length)
+{
+	ASSERT(IsValid());  // Must Init() first
+	
+	// PolarSSL doesn't do AES-CFB8, so we need to implement it ourselves:
+	for (size_t i = 0; i < a_Length; i++)
+	{
+		Byte Buffer[sizeof(m_IV)];
+		aes_crypt_ecb(&m_Aes, AES_ENCRYPT, m_IV, Buffer);
+		for (size_t idx = 0; idx < sizeof(m_IV) - 1; idx++)
+		{
+			m_IV[idx] = m_IV[idx + 1];
+		}
+		a_EncryptedOut[i] = a_PlainIn[i] ^ Buffer[0];
+		m_IV[sizeof(m_IV) - 1] = a_EncryptedOut[i];
+	}
+}
+
+
+
+
+
diff --git a/src/PolarSSL++/AesCfb128Encryptor.h b/src/PolarSSL++/AesCfb128Encryptor.h
new file mode 100644
index 000000000..9dbb5d2c3
--- /dev/null
+++ b/src/PolarSSL++/AesCfb128Encryptor.h
@@ -0,0 +1,50 @@
+
+// AesCfb128Encryptor.h
+
+// Declares the cAesCfb128Encryptor class encrypting data using AES CFB-128
+
+
+
+
+
+#pragma once
+
+#include "polarssl/aes.h"
+
+
+
+
+
+/** Encrypts data using the AES / CFB (128) algorithm */
+class cAesCfb128Encryptor
+{
+public:
+	cAesCfb128Encryptor(void);
+	~cAesCfb128Encryptor();
+	
+	/** Initializes the decryptor with the specified Key / IV */
+	void Init(const Byte a_Key[16], const Byte a_IV[16]);
+	
+	/** Encrypts a_Length bytes of the plain data; produces a_Length output bytes */
+	void ProcessData(Byte * a_EncryptedOut, const Byte * a_PlainIn, size_t a_Length);
+	
+	/** Returns true if the object has been initialized with the Key / IV */
+	bool IsValid(void) const { return m_IsValid; }
+	
+protected:
+	aes_context m_Aes;
+	
+	/** The InitialVector, used by the CFB mode encryption */
+	Byte m_IV[16];
+	
+	/** Current offset in the m_IV, used by the CFB mode encryption */
+	size_t m_IVOffset;
+	
+	/** Indicates whether the object has been initialized with the Key / IV */
+	bool m_IsValid;
+} ;
+
+
+
+
+
diff --git a/src/PolarSSL++/CMakeLists.txt b/src/PolarSSL++/CMakeLists.txt
index bf7720abc..b0a592760 100644
--- a/src/PolarSSL++/CMakeLists.txt
+++ b/src/PolarSSL++/CMakeLists.txt
@@ -5,27 +5,33 @@ project (MCServer)
 include_directories ("${PROJECT_SOURCE_DIR}/../")
 
 set(SOURCES
-	"BlockingSslClientSocket.cpp"
-	"BufferedSslContext.cpp"
-	"CallbackSslContext.cpp"
-	"CtrDrbgContext.cpp"
-	"EntropyContext.cpp"
-	"PublicKey.cpp"
-	"RsaPrivateKey.cpp"
-	"SslContext.cpp"
-	"X509Cert.cpp"
+	AesCfb128Decryptor.cpp
+	AesCfb128Encryptor.cpp
+	BlockingSslClientSocket.cpp
+	BufferedSslContext.cpp
+	CallbackSslContext.cpp
+	CtrDrbgContext.cpp
+	EntropyContext.cpp
+	PublicKey.cpp
+	RsaPrivateKey.cpp
+	Sha1Checksum.cpp
+	SslContext.cpp
+	X509Cert.cpp
 )
 
 set(HEADERS
-	"BlockingSslClientSocket.h"
-	"BufferedSslContext.h"
-	"CallbackSslContext.h"
-	"CtrDrbgContext.h"
-	"EntropyContext.h"
-	"PublicKey.h"
-	"RsaPrivateKey.h"
-	"SslContext.h"
-	"X509Cert.h"
+	AesCfb128Decryptor.h
+	AesCfb128Encryptor.h
+	BlockingSslClientSocket.h
+	BufferedSslContext.h
+	CallbackSslContext.h
+	CtrDrbgContext.h
+	EntropyContext.h
+	PublicKey.h
+	RsaPrivateKey.h
+	SslContext.h
+	Sha1Checksum.h
+	X509Cert.h
 )
 
 add_library(PolarSSL++ ${SOURCES} ${HEADERS})
diff --git a/src/PolarSSL++/Sha1Checksum.cpp b/src/PolarSSL++/Sha1Checksum.cpp
new file mode 100644
index 000000000..a1ee9d7b9
--- /dev/null
+++ b/src/PolarSSL++/Sha1Checksum.cpp
@@ -0,0 +1,138 @@
+
+// Sha1Checksum.cpp
+
+// Declares the cSha1Checksum class representing the SHA-1 checksum calculator
+
+#include "Globals.h"
+#include "Sha1Checksum.h"
+
+
+
+
+
+/*
+// Self-test the hash formatting for known values:
+// sha1(Notch) : 4ed1f46bbe04bc756bcb17c0c7ce3e4632f06a48
+// sha1(jeb_)  : -7c9d5b0044c130109a5d7b5fb5c317c02b4e28c1
+// sha1(simon) : 88e16a1019277b15d58faf0541e11910eb756f6
+
+static class Test
+{
+public:
+	Test(void)
+	{
+		AString DigestNotch, DigestJeb, DigestSimon;
+		Byte Digest[20];
+		cSha1Checksum Checksum;
+		Checksum.Update((const Byte *)"Notch", 5);
+		Checksum.Finalize(Digest);
+		cSha1Checksum::DigestToJava(Digest, DigestNotch);
+		Checksum.Restart();
+		Checksum.Update((const Byte *)"jeb_", 4);
+		Checksum.Finalize(Digest);
+		cSha1Checksum::DigestToJava(Digest, DigestJeb);
+		Checksum.Restart();
+		Checksum.Update((const Byte *)"simon", 5);
+		Checksum.Finalize(Digest);
+		cSha1Checksum::DigestToJava(Digest, DigestSimon);
+		printf("Notch: \"%s\"\n", DigestNotch.c_str());
+		printf("jeb_:  \"%s\"\n",  DigestJeb.c_str());
+		printf("simon: \"%s\"\n", DigestSimon.c_str());
+		assert(DigestNotch == "4ed1f46bbe04bc756bcb17c0c7ce3e4632f06a48");
+		assert(DigestJeb   == "-7c9d5b0044c130109a5d7b5fb5c317c02b4e28c1");
+		assert(DigestSimon == "88e16a1019277b15d58faf0541e11910eb756f6");
+	}
+} test;
+*/
+
+
+
+
+
+
+///////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
+// cSha1Checksum:
+
+cSha1Checksum::cSha1Checksum(void) :
+	m_DoesAcceptInput(true)
+{
+	sha1_starts(&m_Sha1);
+}
+
+
+
+
+
+void cSha1Checksum::Update(const Byte * a_Data, size_t a_Length)
+{
+	ASSERT(m_DoesAcceptInput);  // Not Finalize()-d yet, or Restart()-ed
+	
+	sha1_update(&m_Sha1, a_Data, a_Length);
+}
+
+
+
+
+
+void cSha1Checksum::Finalize(cSha1Checksum::Checksum & a_Output)
+{
+	ASSERT(m_DoesAcceptInput);  // Not Finalize()-d yet, or Restart()-ed
+	
+	sha1_finish(&m_Sha1, a_Output);
+	m_DoesAcceptInput = false;
+}
+
+
+
+
+
+void cSha1Checksum::DigestToJava(const Checksum & a_Digest, AString & a_Out)
+{
+	Checksum Digest;
+	memcpy(Digest, a_Digest, sizeof(Digest));
+	
+	bool IsNegative = (Digest[0] >= 0x80);
+	if (IsNegative)
+	{
+		// Two's complement:
+		bool carry = true;  // Add one to the whole number
+		for (int i = 19; i >= 0; i--)
+		{
+			Digest[i] = ~Digest[i];
+			if (carry)
+			{
+				carry = (Digest[i] == 0xff);
+				Digest[i]++;
+			}
+		}
+	}
+	a_Out.clear();
+	a_Out.reserve(40);
+	for (int i = 0; i < 20; i++)
+	{
+		AppendPrintf(a_Out, "%02x", Digest[i]);
+	}
+	while ((a_Out.length() > 0) && (a_Out[0] == '0'))
+	{
+		a_Out.erase(0, 1);
+	}
+	if (IsNegative)
+	{
+		a_Out.insert(0, "-");
+	}
+}
+
+
+
+
+
+
+void cSha1Checksum::Restart(void)
+{
+	sha1_starts(&m_Sha1);
+	m_DoesAcceptInput = true;
+}
+
+
+
+
diff --git a/src/PolarSSL++/Sha1Checksum.h b/src/PolarSSL++/Sha1Checksum.h
new file mode 100644
index 000000000..68fdbcf1b
--- /dev/null
+++ b/src/PolarSSL++/Sha1Checksum.h
@@ -0,0 +1,52 @@
+
+// Sha1Checksum.h
+
+// Declares the cSha1Checksum class representing the SHA-1 checksum calculator
+
+
+
+
+
+#pragma once
+
+#include "polarssl/sha1.h"
+
+
+
+
+
+/** Calculates a SHA1 checksum for data stream */
+class cSha1Checksum
+{
+public:
+	typedef Byte Checksum[20];  // The type used for storing the checksum
+	
+	cSha1Checksum(void);
+	
+	/** Adds the specified data to the checksum */
+	void Update(const Byte * a_Data, size_t a_Length);
+	
+	/** Calculates and returns the final checksum */
+	void Finalize(Checksum & a_Output);
+	
+	/** Returns true if the object is accepts more input data, false if Finalize()-d (need to Restart()) */
+	bool DoesAcceptInput(void) const { return m_DoesAcceptInput; }
+	
+	/** Converts a raw 160-bit SHA1 digest into a Java Hex representation
+	According to http://wiki.vg/wiki/index.php?title=Protocol_Encryption&oldid=2802
+	*/
+	static void DigestToJava(const Checksum & a_Digest, AString & a_JavaOut);
+	
+	/** Clears the current context and start a new checksum calculation */
+	void Restart(void);
+	
+protected:
+	/** True if the object is accepts more input data, false if Finalize()-d (need to Restart()) */
+	bool m_DoesAcceptInput;
+	
+	sha1_context m_Sha1;
+} ;
+
+
+
+
diff --git a/src/Protocol/Protocol132.cpp b/src/Protocol/Protocol132.cpp
index acfa5e811..f4717f592 100644
--- a/src/Protocol/Protocol132.cpp
+++ b/src/Protocol/Protocol132.cpp
@@ -18,19 +18,7 @@
 #include "../WorldStorage/FastNBT.h"
 #include "../WorldStorage/EnchantmentSerializer.h"
 #include "../StringCompression.h"
-
-#ifdef _MSC_VER
-	#pragma warning(push)
-	#pragma warning(disable:4127)
-	#pragma warning(disable:4244)
-	#pragma warning(disable:4231)
-	#pragma warning(disable:4189)
-	#pragma warning(disable:4702)
-#endif
-
-#ifdef _MSC_VER
-	#pragma warning(pop)
-#endif
+#include "PolarSSL++/Sha1Checksum.h"
 
 
 
@@ -876,7 +864,7 @@ void cProtocol132::StartEncryption(const Byte * a_Key)
 	m_IsEncrypted = true;
 	
 	// Prepare the m_AuthServerID:
-	cSHA1Checksum Checksum;
+	cSha1Checksum Checksum;
 	cServer * Server = cRoot::Get()->GetServer();
 	AString ServerID = Server->GetServerID();
 	Checksum.Update((const Byte *)ServerID.c_str(), ServerID.length());
@@ -884,7 +872,7 @@ void cProtocol132::StartEncryption(const Byte * a_Key)
 	Checksum.Update((const Byte *)Server->GetPublicKeyDER().data(), Server->GetPublicKeyDER().size());
 	Byte Digest[20];
 	Checksum.Finalize(Digest);
-	cSHA1Checksum::DigestToJava(Digest, m_AuthServerID);
+	cSha1Checksum::DigestToJava(Digest, m_AuthServerID);
 }
 
 
diff --git a/src/Protocol/Protocol132.h b/src/Protocol/Protocol132.h
index b280c8a41..32bc7d581 100644
--- a/src/Protocol/Protocol132.h
+++ b/src/Protocol/Protocol132.h
@@ -24,7 +24,8 @@
 	#pragma warning(pop)
 #endif
 
-#include "../Crypto.h"
+#include "PolarSSL++/AesCfb128Decryptor.h"
+#include "PolarSSL++/AesCfb128Encryptor.h"
 
 
 
@@ -79,8 +80,8 @@ public:
 protected:
 	bool m_IsEncrypted;
 	
-	cAESCFBDecryptor m_Decryptor;
-	cAESCFBEncryptor m_Encryptor;
+	cAesCfb128Decryptor m_Decryptor;
+	cAesCfb128Encryptor m_Encryptor;
 	
 	AString m_DataToSend;
 	
diff --git a/src/Protocol/Protocol17x.cpp b/src/Protocol/Protocol17x.cpp
index 001b8c219..a6d566625 100644
--- a/src/Protocol/Protocol17x.cpp
+++ b/src/Protocol/Protocol17x.cpp
@@ -33,6 +33,7 @@ Implements the 1.7.x protocol classes:
 #include "../CompositeChat.h"
 #include "../Entities/ArrowEntity.h"
 #include "../Entities/FireworkEntity.h"
+#include "PolarSSL++/Sha1Checksum.h"
 
 
 
@@ -2293,7 +2294,7 @@ void cProtocol172::StartEncryption(const Byte * a_Key)
 	m_IsEncrypted = true;
 	
 	// Prepare the m_AuthServerID:
-	cSHA1Checksum Checksum;
+	cSha1Checksum Checksum;
 	cServer * Server = cRoot::Get()->GetServer();
 	const AString & ServerID = Server->GetServerID();
 	Checksum.Update((const Byte *)ServerID.c_str(), ServerID.length());
@@ -2301,7 +2302,7 @@ void cProtocol172::StartEncryption(const Byte * a_Key)
 	Checksum.Update((const Byte *)Server->GetPublicKeyDER().data(), Server->GetPublicKeyDER().size());
 	Byte Digest[20];
 	Checksum.Finalize(Digest);
-	cSHA1Checksum::DigestToJava(Digest, m_AuthServerID);
+	cSha1Checksum::DigestToJava(Digest, m_AuthServerID);
 }
 
 
diff --git a/src/Protocol/Protocol17x.h b/src/Protocol/Protocol17x.h
index 6a3e81eff..3f9c93357 100644
--- a/src/Protocol/Protocol17x.h
+++ b/src/Protocol/Protocol17x.h
@@ -30,7 +30,8 @@ Declares the 1.7.x protocol classes:
 	#pragma warning(pop)
 #endif
 
-#include "../Crypto.h"
+#include "PolarSSL++/AesCfb128Decryptor.h"
+#include "PolarSSL++/AesCfb128Encryptor.h"
 
 
 
@@ -236,8 +237,8 @@ protected:
 	
 	bool m_IsEncrypted;
 	
-	cAESCFBDecryptor m_Decryptor;
-	cAESCFBEncryptor m_Encryptor;
+	cAesCfb128Decryptor m_Decryptor;
+	cAesCfb128Decryptor m_Encryptor;
 
 	/** The logfile where the comm is logged, when g_ShouldLogComm is true */
 	cFile m_CommLogFile;