OpenVPN
|
#include "syshead.h"
#include "crypto.h"
#include "error.h"
#include "integer.h"
#include "platform.h"
#include "memdbg.h"
Go to the source code of this file.
Macros | |
#define | PARSE_INITIAL 0 |
#define | PARSE_HEAD 1 |
#define | PARSE_DATA 2 |
#define | PARSE_DATA_COMPLETE 3 |
#define | PARSE_FOOT 4 |
#define | PARSE_FINISHED 5 |
Functions | |
static void | openvpn_encrypt_aead (struct buffer *buf, struct buffer work, struct crypto_options *opt) |
static void | openvpn_encrypt_v1 (struct buffer *buf, struct buffer work, struct crypto_options *opt) |
void | openvpn_encrypt (struct buffer *buf, struct buffer work, struct crypto_options *opt) |
Encrypt and HMAC sign a packet so that it can be sent as a data channel VPN tunnel packet to a remote OpenVPN peer. More... | |
bool | crypto_check_replay (struct crypto_options *opt, const struct packet_id_net *pin, const char *error_prefix, struct gc_arena *gc) |
Check packet ID for replay, and perform replay administration. More... | |
static bool | openvpn_decrypt_aead (struct buffer *buf, struct buffer work, struct crypto_options *opt, const struct frame *frame, const uint8_t *ad_start) |
Unwrap (authenticate, decrypt and check replay protection) AEAD-mode data channel packets. More... | |
static bool | openvpn_decrypt_v1 (struct buffer *buf, struct buffer work, struct crypto_options *opt, const struct frame *frame) |
bool | openvpn_decrypt (struct buffer *buf, struct buffer work, struct crypto_options *opt, const struct frame *frame, const uint8_t *ad_start) |
HMAC verify and decrypt a data channel packet received from a remote OpenVPN peer. More... | |
void | crypto_adjust_frame_parameters (struct frame *frame, const struct key_type *kt, bool packet_id, bool packet_id_long_form) |
Calculate crypto overhead and adjust frame to account for that. More... | |
unsigned int | crypto_max_overhead (void) |
Return the worst-case OpenVPN crypto overhead (in bytes) More... | |
void | init_key_type (struct key_type *kt, const char *ciphername, const char *authname, int keysize, bool tls_mode, bool warn) |
Initialize a key_type structure with. More... | |
void | init_key_ctx (struct key_ctx *ctx, const struct key *key, const struct key_type *kt, int enc, const char *prefix) |
void | init_key_ctx_bi (struct key_ctx_bi *ctx, const struct key2 *key2, int key_direction, const struct key_type *kt, const char *name) |
void | free_key_ctx (struct key_ctx *ctx) |
void | free_key_ctx_bi (struct key_ctx_bi *ctx) |
static bool | key_is_zero (struct key *key, const struct key_type *kt) |
bool | check_key (struct key *key, const struct key_type *kt) |
void | fixup_key (struct key *key, const struct key_type *kt) |
void | check_replay_consistency (const struct key_type *kt, bool packet_id) |
void | generate_key_random (struct key *key, const struct key_type *kt) |
void | key2_print (const struct key2 *k, const struct key_type *kt, const char *prefix0, const char *prefix1) |
void | test_crypto (struct crypto_options *co, struct frame *frame) |
void | crypto_read_openvpn_key (const struct key_type *key_type, struct key_ctx_bi *ctx, const char *key_file, const char *key_inline, const int key_direction, const char *key_name, const char *opt_name) |
void | read_key_file (struct key2 *key2, const char *file, const unsigned int flags) |
int | write_key_file (const int nkeys, const char *filename) |
Write nkeys 1024-bits keys to file. More... | |
void | must_have_n_keys (const char *filename, const char *option, const struct key2 *key2, int n) |
int | ascii2keydirection (int msglevel, const char *str) |
const char * | keydirection2ascii (int kd, bool remote, bool humanreadable) |
void | key_direction_state_init (struct key_direction_state *kds, int key_direction) |
void | verify_fix_key2 (struct key2 *key2, const struct key_type *kt, const char *shared_secret_file) |
bool | write_key (const struct key *key, const struct key_type *kt, struct buffer *buf) |
int | read_key (struct key *key, const struct key_type *kt, struct buffer *buf) |
static void | prng_reset_nonce (void) |
void | prng_init (const char *md_name, const int nonce_secret_len_parm) |
Pseudo-random number generator initialisation. More... | |
void | prng_uninit (void) |
void | prng_bytes (uint8_t *output, int len) |
long int | get_random (void) |
void | print_cipher (const cipher_kt_t *cipher) |
Print a cipher list entry. More... | |
static const cipher_name_pair * | get_cipher_name_pair (const char *cipher_name) |
const char * | translate_cipher_name_from_openvpn (const char *cipher_name) |
Translate a data channel cipher name from the crypto library specific name to the OpenVPN config file 'language'. More... | |
const char * | translate_cipher_name_to_openvpn (const char *cipher_name) |
Translate a crypto library cipher name to an OpenVPN cipher name. More... | |
void | write_pem_key_file (const char *filename, const char *pem_name) |
Generate a server key with enough randomness to fill a key struct and write to file. More... | |
bool | read_pem_key_file (struct buffer *key, const char *pem_name, const char *key_file, const char *key_inline) |
Read key material from a PEM encoded files into the key structure. More... | |
Variables | |
static const char | static_key_head [] = "-----BEGIN OpenVPN Static key V1-----" |
static const char | static_key_foot [] = "-----END OpenVPN Static key V1-----" |
static const char | printable_char_fmt [] |
static const char | unprintable_char_fmt [] |
static uint8_t * | nonce_data = NULL |
static const md_kt_t * | nonce_md = NULL |
static int | nonce_secret_len = 0 |
#define PARSE_DATA 2 |
Referenced by read_key_file().
#define PARSE_DATA_COMPLETE 3 |
Referenced by read_key_file().
#define PARSE_FINISHED 5 |
Referenced by read_key_file().
#define PARSE_FOOT 4 |
Referenced by read_key_file().
#define PARSE_HEAD 1 |
Referenced by read_key_file().
#define PARSE_INITIAL 0 |
Referenced by read_key_file().
int ascii2keydirection | ( | int | msglevel, |
const char * | str | ||
) |
Definition at line 1497 of file crypto.c.
References KEY_DIRECTION_BIDIRECTIONAL, KEY_DIRECTION_INVERSE, KEY_DIRECTION_NORMAL, and msg.
Referenced by add_option().
Definition at line 937 of file crypto.c.
References key_type::cipher, key::cipher, key_type::cipher_length, key_des_check(), key_des_num_cblocks(), and key_is_zero().
Referenced by generate_key_expansion(), generate_key_random(), key_method_1_read(), key_method_1_write(), and verify_fix_key2().
Definition at line 1007 of file crypto.c.
References ASSERT, key_type::cipher, cipher_kt_mode_aead(), cipher_kt_mode_ofb_cfb(), M_FATAL, and msg.
Referenced by do_init_crypto_static(), and do_init_crypto_tls().
void crypto_adjust_frame_parameters | ( | struct frame * | frame, |
const struct key_type * | kt, | ||
bool | packet_id, | ||
bool | packet_id_long_form | ||
) |
Calculate crypto overhead and adjust frame to account for that.
Definition at line 698 of file crypto.c.
References key_type::cipher, cipher_kt_block_size(), cipher_kt_iv_size(), cipher_kt_mode_aead(), cipher_kt_tag_size(), D_MTU_DEBUG, frame_add_to_extra_frame(), key_type::hmac_length, msg, and packet_id_size().
Referenced by calc_options_string_link_mtu(), do_init_crypto_static(), do_init_crypto_tls(), and tls_session_update_crypto_params().
bool crypto_check_replay | ( | struct crypto_options * | opt, |
const struct packet_id_net * | pin, | ||
const char * | error_prefix, | ||
struct gc_arena * | gc | ||
) |
Check packet ID for replay, and perform replay administration.
opt | Crypto options for this packet, contains replay state. |
pin | Packet ID read from packet. |
error_prefix | Prefix to use when printing error messages. |
gc | Garbage collector to use. |
Definition at line 323 of file crypto.c.
References CO_MUTE_REPLAY_WARNINGS, CO_PACKET_ID_LONG_FORM, D_REPLAY_ERRORS, crypto_options::flags, msg, crypto_options::packet_id, packet_id_add(), packet_id_net_print(), packet_id_persist_save_obj(), packet_id_reap_test(), packet_id_test(), crypto_options::pid_persist, and packet_id::rec.
Referenced by openvpn_decrypt_aead(), openvpn_decrypt_v1(), and tls_crypt_unwrap().
unsigned int crypto_max_overhead | ( | void | ) |
Return the worst-case OpenVPN crypto overhead (in bytes)
Definition at line 732 of file crypto.c.
References max_int(), OPENVPN_AEAD_TAG_LENGTH, OPENVPN_MAX_CIPHER_BLOCK_SIZE, OPENVPN_MAX_HMAC_SIZE, OPENVPN_MAX_IV_LENGTH, and packet_id_size().
Referenced by calc_options_string_link_mtu(), do_init_crypto_tls(), and tls_session_update_crypto_params().
void crypto_read_openvpn_key | ( | const struct key_type * | key_type, |
struct key_ctx_bi * | ctx, | ||
const char * | key_file, | ||
const char * | key_inline, | ||
const int | key_direction, | ||
const char * | key_name, | ||
const char * | opt_name | ||
) |
Definition at line 1178 of file crypto.c.
References init_key_ctx_bi(), key_direction_state_init(), M_ERR, msg, must_have_n_keys(), key2::n, key_direction_state::need_keys, read_key_file(), RKF_INLINE, RKF_MUST_SUCCEED, secure_memzero(), and verify_fix_key2().
Referenced by do_init_crypto_static(), do_init_tls_wrap_key(), and tls_crypt_init_key().
Definition at line 976 of file crypto.c.
References check_debug_level(), key_type::cipher, key::cipher, key_type::cipher_length, D_CRYPTO_DEBUG, dmsg, format_hex(), gc_free(), gc_new(), key_des_fixup(), and key_des_num_cblocks().
Referenced by generate_key_expansion(), generate_key_random(), and verify_fix_key2().
void free_key_ctx | ( | struct key_ctx * | ctx | ) |
Definition at line 894 of file crypto.c.
References key_ctx::cipher, cipher_ctx_cleanup(), cipher_ctx_free(), key_ctx::hmac, hmac_ctx_cleanup(), hmac_ctx_free(), and key_ctx::implicit_iv_len.
Referenced by free_key_ctx_bi(), key_schedule_free(), tls_crypt_fail_invalid_key(), and tls_crypt_v2_write_client_key_file().
void free_key_ctx_bi | ( | struct key_ctx_bi * | ctx | ) |
Definition at line 912 of file crypto.c.
References key_ctx_bi::decrypt, key_ctx_bi::encrypt, and free_key_ctx().
Referenced by do_close_free_key_schedule(), key_schedule_free(), key_state_free(), test_tls_crypt_teardown(), test_tls_crypt_v2_teardown(), tls_crypt_v2_wrap_unwrap_wrong_key(), tls_crypt_v2_write_client_key_file(), tls_pre_decrypt_lite(), and tls_wrap_free().
Definition at line 1023 of file crypto.c.
References check_key(), key_type::cipher, key::cipher, key_type::cipher_length, CLEAR, D_SHOW_KEY_SOURCE, key_type::digest, dmsg, fixup_key(), format_hex(), gc_free(), gc_new(), key::hmac, key_type::hmac_length, M_FATAL, MAX_CIPHER_KEY_LENGTH, MAX_HMAC_KEY_LENGTH, msg, and rand_bytes().
Referenced by key_method_1_write(), and write_key_file().
|
static |
Definition at line 1806 of file crypto.c.
References cipher_name_translation_table, cipher_name_translation_table_count, cipher_name_pair::lib_name, and cipher_name_pair::openvpn_name.
Referenced by translate_cipher_name_from_openvpn(), and translate_cipher_name_to_openvpn().
long int get_random | ( | void | ) |
Definition at line 1767 of file crypto.c.
Referenced by check_send_occ_msg_dowork(), check_timeout_random_component_dowork(), do_init_crypto_tls(), fragment_init(), gen_nonce(), hash_iterator_delete_element(), init_connection_list(), multi_init(), packet_id_add(), platform_create_temp_file(), route_quota_exceeded(), and schedule_remove_entry().
void init_key_ctx | ( | struct key_ctx * | ctx, |
const struct key * | key, | ||
const struct key_type * | kt, | ||
int | enc, | ||
const char * | prefix | ||
) |
Definition at line 821 of file crypto.c.
References key_type::cipher, key::cipher, key_ctx::cipher, cipher_ctx_init(), cipher_ctx_new(), cipher_kt_block_size(), cipher_kt_insecure(), cipher_kt_iv_size(), cipher_kt_name(), key_type::cipher_length, CLEAR, D_CRYPTO_DEBUG, D_HANDSHAKE, D_SHOW_KEYS, key_type::digest, dmsg, format_hex(), gc_free(), gc_new(), key::hmac, key_ctx::hmac, hmac_ctx_init(), hmac_ctx_new(), hmac_ctx_size(), key_type::hmac_length, M_WARN, md_kt_name(), md_kt_size(), msg, and translate_cipher_name_to_openvpn().
Referenced by init_key_ctx_bi(), key_method_1_read(), key_method_1_write(), test_tls_crypt_setup(), tls_crypt_fail_invalid_key(), and tls_crypt_v2_init_server_key().
void init_key_ctx_bi | ( | struct key_ctx_bi * | ctx, |
const struct key2 * | key2, | ||
int | key_direction, | ||
const struct key_type * | kt, | ||
const char * | name | ||
) |
Definition at line 874 of file crypto.c.
References key_ctx_bi::decrypt, key_ctx_bi::encrypt, key_direction_state::in_key, init_key_ctx(), key_ctx_bi::initialized, key_direction_state_init(), key2::keys, OPENVPN_OP_DECRYPT, OPENVPN_OP_ENCRYPT, openvpn_snprintf(), and key_direction_state::out_key.
Referenced by crypto_read_openvpn_key(), generate_key_expansion(), test_tls_crypt_v2_setup(), tls_crypt_v2_load_client_key(), and tls_crypt_v2_wrap_unwrap_wrong_key().
void init_key_type | ( | struct key_type * | kt, |
const char * | ciphername, | ||
const char * | authname, | ||
int | keysize, | ||
bool | tls_mode, | ||
bool | warn | ||
) |
Initialize a key_type structure with.
kt | The struct key_type to initialize |
ciphername | The name of the cipher to use |
authname | The name of the HMAC digest to use |
keysize | The length of the cipher key to use, in bytes. Only valid for ciphers that support variable length keys. |
tls_mode | Specifies whether we are running in TLS mode, which allows more ciphers than static key mode. |
warn | Print warnings when null cipher / auth is used. |
Definition at line 743 of file crypto.c.
References ASSERT, key_type::cipher, cipher_kt_block_size(), cipher_kt_get(), cipher_kt_key_size(), cipher_kt_mode_aead(), cipher_kt_mode_cbc(), cipher_kt_mode_ofb_cfb(), key_type::cipher_length, CLEAR, key_type::digest, ENABLE_OFB_CFB_MODE, key_type::hmac_length, M_FATAL, M_WARN, MAX_CIPHER_KEY_LENGTH, md_kt_get(), md_kt_size(), msg, OPENVPN_MAX_CIPHER_BLOCK_SIZE, and translate_cipher_name_from_openvpn().
Referenced by calc_options_string_link_mtu(), do_init_crypto_static(), do_init_crypto_tls_c1(), options_string(), and tls_session_update_crypto_params().
void key2_print | ( | const struct key2 * | k, |
const struct key_type * | kt, | ||
const char * | prefix0, | ||
const char * | prefix1 | ||
) |
Definition at line 1067 of file crypto.c.
References ASSERT, key::cipher, key_type::cipher_length, D_SHOW_KEY_SOURCE, dmsg, format_hex(), gc_free(), gc_new(), key::hmac, key_type::hmac_length, key2::keys, and key2::n.
Referenced by generate_key_expansion().
void key_direction_state_init | ( | struct key_direction_state * | kds, |
int | key_direction | ||
) |
Definition at line 1549 of file crypto.c.
References ASSERT, CLEAR, key_direction_state::in_key, KEY_DIRECTION_BIDIRECTIONAL, KEY_DIRECTION_INVERSE, KEY_DIRECTION_NORMAL, key_direction_state::need_keys, and key_direction_state::out_key.
Referenced by crypto_read_openvpn_key(), and init_key_ctx_bi().
Definition at line 919 of file crypto.c.
References key::cipher, key_type::cipher_length, D_CRYPT_ERRORS, and msg.
Referenced by check_key().
Definition at line 1520 of file crypto.c.
References ASSERT, KEY_DIRECTION_BIDIRECTIONAL, KEY_DIRECTION_INVERSE, and KEY_DIRECTION_NORMAL.
Referenced by options_string(), show_connection_entry(), and show_settings().
void must_have_n_keys | ( | const char * | filename, |
const char * | option, | ||
const struct key2 * | key2, | ||
int | n | ||
) |
|
static |
Unwrap (authenticate, decrypt and check replay protection) AEAD-mode data channel packets.
Set buf->len to 0 and return false on decrypt error.
On success, buf is set to point to plaintext, true is returned.
Definition at line 360 of file crypto.c.
References ASSERT, BLEN, BPTR, buf_advance(), buf_inc_len(), buf_init, buf_safe(), key_ctx::cipher, cipher_ctx_block_size(), cipher_ctx_final_check_tag(), cipher_ctx_get_cipher_kt(), cipher_ctx_iv_length(), cipher_ctx_reset(), cipher_ctx_update(), cipher_ctx_update_ad(), cipher_kt_mode_aead(), cipher_kt_tag_size(), CRYPT_ERROR, crypto_check_replay(), crypto_clear_error(), D_PACKET_CONTENT, buffer::data, key_ctx_bi::decrypt, dmsg, format_hex(), FRAME_HEADROOM_ADJ, FRAME_HEADROOM_MARKER_DECRYPT, gc_free(), gc_init(), key_ctx::implicit_iv, key_ctx::implicit_iv_len, crypto_options::key_ctx_bi, buffer::len, OPENVPN_MAX_IV_LENGTH, crypto_options::packet_id, packet_id_initialized(), and packet_id_read().
Referenced by openvpn_decrypt().
|
static |
Definition at line 507 of file crypto.c.
References ASSERT, BLEN, BOOL_CAST, BPTR, buf_advance(), buf_inc_len(), buf_init, buf_safe(), buf_set_read(), key_ctx::cipher, cipher_ctx_block_size(), cipher_ctx_final(), cipher_ctx_get_cipher_kt(), cipher_ctx_iv_length(), cipher_ctx_reset(), cipher_ctx_update(), cipher_kt_mode_cbc(), cipher_kt_mode_ofb_cfb(), CO_IGNORE_PACKET_ID, CO_PACKET_ID_LONG_FORM, CRYPT_ERROR, crypto_check_replay(), crypto_clear_error(), D_PACKET_CONTENT, key_ctx_bi::decrypt, dmsg, crypto_options::flags, format_hex(), FRAME_HEADROOM_ADJ, FRAME_HEADROOM_MARKER_DECRYPT, gc_free(), gc_init(), key_ctx::hmac, hmac_ctx_final(), hmac_ctx_reset(), hmac_ctx_size(), hmac_ctx_update(), crypto_options::key_ctx_bi, buffer::len, MAX_HMAC_KEY_LENGTH, memcmp_constant_time(), OPENVPN_MAX_IV_LENGTH, crypto_options::packet_id, packet_id_initialized(), and packet_id_read().
Referenced by openvpn_decrypt().
|
static |
Definition at line 64 of file crypto.c.
References ASSERT, BEND, BLEN, BPTR, buf_inc_len(), buf_safe(), buf_set_write(), buf_write(), buf_write_alloc(), buffer::capacity, key_ctx::cipher, cipher_ctx_block_size(), cipher_ctx_final(), cipher_ctx_get_cipher_kt(), cipher_ctx_get_tag(), cipher_ctx_iv_length(), cipher_ctx_reset(), cipher_ctx_update(), cipher_ctx_update_ad(), cipher_kt_mode_aead(), cipher_kt_tag_size(), crypto_clear_error(), D_CRYPT_ERRORS, D_PACKET_CONTENT, dmsg, key_ctx_bi::encrypt, format_hex(), gc_free(), gc_init(), key_ctx::implicit_iv, key_ctx::implicit_iv_len, crypto_options::key_ctx_bi, buffer::len, msg, buffer::offset, OPENVPN_AEAD_MIN_IV_LEN, OPENVPN_MAX_IV_LENGTH, crypto_options::packet_id, packet_id_initialized(), packet_id_write(), and packet_id::send.
Referenced by openvpn_encrypt().
|
static |
Definition at line 161 of file crypto.c.
References ASSERT, BEND, BLEN, BPTR, buf_inc_len(), buf_prepend(), buf_safe(), buf_set_write(), buf_write(), buf_write_alloc(), buf_write_prepend(), buffer::capacity, key_ctx::cipher, cipher_ctx_block_size(), cipher_ctx_final(), cipher_ctx_get_cipher_kt(), cipher_ctx_iv_length(), cipher_ctx_reset(), cipher_ctx_update(), cipher_kt_mode(), cipher_kt_mode_cbc(), cipher_kt_mode_ofb_cfb(), CO_PACKET_ID_LONG_FORM, crypto_clear_error(), D_CRYPT_ERRORS, D_PACKET_CONTENT, dmsg, key_ctx_bi::encrypt, crypto_options::flags, format_hex(), gc_free(), gc_init(), key_ctx::hmac, hmac_ctx_final(), hmac_ctx_reset(), hmac_ctx_size(), hmac_ctx_update(), crypto_options::key_ctx_bi, buffer::len, msg, buffer::offset, OPENVPN_MAX_IV_LENGTH, OPENVPN_MODE_CBC, crypto_options::packet_id, packet_id_initialized(), packet_id_write(), prng_bytes(), and packet_id::send.
Referenced by openvpn_encrypt().
void print_cipher | ( | const cipher_kt_t * | cipher | ) |
Print a cipher list entry.
Definition at line 1779 of file crypto.c.
References cipher_kt_block_size(), cipher_kt_key_size(), cipher_kt_mode_cbc(), cipher_kt_name(), cipher_kt_var_key_size(), and translate_cipher_name_to_openvpn().
Referenced by show_available_ciphers().
void prng_bytes | ( | uint8_t * | output, |
int | len | ||
) |
Definition at line 1735 of file crypto.c.
References ASSERT, md_full(), md_kt_size(), min_int(), nonce_data, nonce_md, nonce_secret_len, PRNG_NONCE_RESET_BYTES, prng_reset_nonce(), and rand_bytes().
Referenced by get_random(), hostname_randomize(), init_static(), openvpn_encrypt_v1(), schedule_remove_entry(), and session_id_random().
void prng_init | ( | const char * | md_name, |
const int | nonce_secret_len_parm | ||
) |
Pseudo-random number generator initialisation.
(see prng_rand_bytes()
)
md_name | Name of the message digest to use |
nonce_secret_len_param | Length of the nonce to use |
Definition at line 1707 of file crypto.c.
References ASSERT, check_malloc_return(), D_CRYPTO_DEBUG, dmsg, malloc, md_kt_get(), md_kt_name(), md_kt_size(), nonce_data, nonce_md, nonce_secret_len, NONCE_SECRET_LEN_MAX, NONCE_SECRET_LEN_MIN, prng_reset_nonce(), and prng_uninit().
Referenced by do_init_crypto_tls_c1(), and init_static().
|
static |
Definition at line 1686 of file crypto.c.
References M_FATAL, md_kt_size(), msg, nonce_data, nonce_md, nonce_secret_len, and rand_bytes().
Referenced by prng_bytes(), and prng_init().
void prng_uninit | ( | void | ) |
Definition at line 1726 of file crypto.c.
References free, nonce_data, nonce_md, and nonce_secret_len.
Referenced by free_ssl_lib(), init_static(), and prng_init().
Definition at line 1631 of file crypto.c.
References buf_read(), key::cipher, key_type::cipher_length, CLEAR, D_TLS_ERRORS, key::hmac, key_type::hmac_length, and msg.
Referenced by key_method_1_read().
void read_key_file | ( | struct key2 * | key2, |
const char * | file, | ||
const unsigned int | flags | ||
) |
Definition at line 1225 of file crypto.c.
References ASSERT, buf_clear(), buf_set_read(), buf_valid(), buffer_read_from_file(), CLEAR, buffer::data, format_hex_ex(), gc_free(), gc_new(), INLINE_FILE_TAG, key2::keys, buffer::len, M_FATAL, M_INFO, match(), msg, key2::n, PARSE_DATA, PARSE_DATA_COMPLETE, PARSE_FINISHED, PARSE_FOOT, PARSE_HEAD, PARSE_INITIAL, printable_char_fmt, RKF_INLINE, RKF_MUST_SUCCEED, SIZE, static_key_foot, static_key_head, and unprintable_char_fmt.
Referenced by crypto_read_openvpn_key().
bool read_pem_key_file | ( | struct buffer * | key, |
const char * | pem_name, | ||
const char * | key_file, | ||
const char * | key_inline | ||
) |
Read key material from a PEM encoded files into the key structure.
key | the key structure that will hold the key material |
pem_name | the name used in the pem encoding start/end lines |
key_file | name of the file to read |
key_inline | a string holding the data in case of an inline key |
Definition at line 1887 of file crypto.c.
References buf_clear(), buf_set_read(), buf_valid(), buffer_read_from_file(), crypto_pem_decode(), gc_free(), gc_new(), INLINE_FILE_TAG, M_WARN, and msg.
Referenced by tls_crypt_v2_init_client_key(), and tls_crypt_v2_init_server_key().
void test_crypto | ( | struct crypto_options * | co, |
struct frame * | frame | ||
) |
Definition at line 1090 of file crypto.c.
References alloc_buf_gc(), ASSERT, BLEN, BPTR, buf_init, BUF_SIZE, buf_write_alloc(), buffer::capacity, key_ctx::cipher, cipher_ctx_get_cipher_kt(), cipher_kt_iv_size(), cipher_kt_mode_aead(), clear_buf(), key_ctx_bi::decrypt, key_ctx_bi::encrypt, FRAME_HEADROOM, gc_free(), gc_new(), key_ctx::implicit_iv, key_ctx::implicit_iv_len, crypto_options::key_ctx_bi, buffer::len, M_FATAL, M_INFO, msg, OPENVPN_AEAD_MIN_IV_LEN, openvpn_decrypt(), openvpn_encrypt(), OPENVPN_MAX_IV_LENGTH, PACKAGE_NAME, rand_bytes(), TUN_MTU_SIZE, and update_time().
Referenced by show_settings(), and test_crypto_thread().
const char * translate_cipher_name_from_openvpn | ( | const char * | cipher_name | ) |
Translate a data channel cipher name from the crypto library specific name to the OpenVPN config file 'language'.
Translate a data channel cipher name from the OpenVPN config file 'language' to the crypto library specific name.
Translate an OpenVPN cipher name to a crypto library cipher name.
cipher_name | An OpenVPN cipher name |
Definition at line 1827 of file crypto.c.
References get_cipher_name_pair(), and cipher_name_pair::lib_name.
Referenced by cipher_kt_block_size(), init_key_type(), and tls_check_ncp_cipher_list().
const char* translate_cipher_name_to_openvpn | ( | const char * | cipher_name | ) |
Translate a crypto library cipher name to an OpenVPN cipher name.
cipher_name | A crypto library cipher name |
Definition at line 1840 of file crypto.c.
References get_cipher_name_pair(), and cipher_name_pair::openvpn_name.
Referenced by cipher_kt_block_size(), cipher_name_cmp(), init_key_ctx(), multi_print_status(), options_string(), and print_cipher().
void verify_fix_key2 | ( | struct key2 * | key2, |
const struct key_type * | kt, | ||
const char * | shared_secret_file | ||
) |
Definition at line 1578 of file crypto.c.
References check_key(), fixup_key(), key2::keys, M_FATAL, msg, and key2::n.
Referenced by crypto_read_openvpn_key().
Definition at line 1598 of file crypto.c.
References ASSERT, buf_write(), key::cipher, key_type::cipher_length, key::hmac, key_type::hmac_length, MAX_CIPHER_KEY_LENGTH, and MAX_HMAC_KEY_LENGTH.
Referenced by key_method_1_write().
int write_key_file | ( | const int | nkeys, |
const char * | filename | ||
) |
Write nkeys 1024-bits keys to file.
Definition at line 1426 of file crypto.c.
References alloc_buf_gc(), buf_clear(), buf_printf(), buffer_write_file(), format_hex_ex(), gc_free(), gc_new(), generate_key_random(), secure_memzero(), static_key_foot, and static_key_head.
Referenced by do_genkey().
void write_pem_key_file | ( | const char * | filename, |
const char * | pem_name | ||
) |
Generate a server key with enough randomness to fill a key struct and write to file.
filename | Filename of the server key file to create. |
pem_name | The name to use in the PEM header/footer. |
Definition at line 1853 of file crypto.c.
References buf_clear(), buf_set_read(), buffer_write_file(), clear_buf(), crypto_pem_encode(), gc_free(), gc_new(), M_ERR, M_NONFATAL, M_WARN, msg, rand_bytes(), and secure_memzero().
Referenced by tls_crypt_v2_write_server_key_file().
|
static |
Definition at line 1680 of file crypto.c.
Referenced by prng_bytes(), prng_init(), prng_reset_nonce(), and prng_uninit().
|
static |
Definition at line 1681 of file crypto.c.
Referenced by prng_bytes(), prng_init(), prng_reset_nonce(), and prng_uninit().
|
static |
Definition at line 1682 of file crypto.c.
Referenced by prng_bytes(), prng_init(), prng_reset_nonce(), and prng_uninit().
|
static |
Definition at line 1216 of file crypto.c.
Referenced by read_key_file().
|
static |
Definition at line 1214 of file crypto.c.
Referenced by read_key_file(), and write_key_file().
|
static |
Definition at line 1213 of file crypto.c.
Referenced by read_key_file(), and write_key_file().
|
static |
Definition at line 1219 of file crypto.c.
Referenced by read_key_file().