OpenVPN
crypto_mbedtls.c
Go to the documentation of this file.
1 /*
2  * OpenVPN -- An application to securely tunnel IP networks
3  * over a single TCP/UDP port, with support for SSL/TLS-based
4  * session authentication and key exchange,
5  * packet encryption, packet authentication, and
6  * packet compression.
7  *
8  * Copyright (C) 2002-2018 OpenVPN Inc <sales@openvpn.net>
9  * Copyright (C) 2010-2018 Fox Crypto B.V. <openvpn@fox-it.com>
10  *
11  * This program is free software; you can redistribute it and/or modify
12  * it under the terms of the GNU General Public License version 2
13  * as published by the Free Software Foundation.
14  *
15  * This program is distributed in the hope that it will be useful,
16  * but WITHOUT ANY WARRANTY; without even the implied warranty of
17  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18  * GNU General Public License for more details.
19  *
20  * You should have received a copy of the GNU General Public License along
21  * with this program; if not, write to the Free Software Foundation, Inc.,
22  * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
23  */
24 
29 #ifdef HAVE_CONFIG_H
30 #include "config.h"
31 #elif defined(_MSC_VER)
32 #include "config-msvc.h"
33 #endif
34 
35 #include "syshead.h"
36 
37 #if defined(ENABLE_CRYPTO_MBEDTLS)
38 
39 #include "errlevel.h"
40 #include "basic.h"
41 #include "buffer.h"
42 #include "crypto.h"
43 #include "integer.h"
44 #include "crypto_backend.h"
45 #include "otime.h"
46 #include "misc.h"
47 
48 #include <mbedtls/base64.h>
49 #include <mbedtls/des.h>
50 #include <mbedtls/error.h>
51 #include <mbedtls/md5.h>
52 #include <mbedtls/cipher.h>
53 #include <mbedtls/havege.h>
54 #include <mbedtls/pem.h>
55 
56 #include <mbedtls/entropy.h>
57 
58 
59 /*
60  *
61  * Hardware engine support. Allows loading/unloading of engines.
62  *
63  */
64 
65 void
66 crypto_init_lib_engine(const char *engine_name)
67 {
68  msg(M_WARN, "Note: mbed TLS hardware crypto engine functionality is not "
69  "available");
70 }
71 
72 /*
73  *
74  * Functions related to the core crypto library
75  *
76  */
77 
78 void
79 crypto_init_lib(void)
80 {
81 }
82 
83 void
85 {
86 }
87 
88 void
90 {
91 }
92 
93 bool
94 mbed_log_err(unsigned int flags, int errval, const char *prefix)
95 {
96  if (0 != errval)
97  {
98  char errstr[256];
99  mbedtls_strerror(errval, errstr, sizeof(errstr));
100 
101  if (NULL == prefix)
102  {
103  prefix = "mbed TLS error";
104  }
105  msg(flags, "%s: %s", prefix, errstr);
106  }
107 
108  return 0 == errval;
109 }
110 
111 bool
112 mbed_log_func_line(unsigned int flags, int errval, const char *func,
113  int line)
114 {
115  char prefix[256];
116 
117  if (!openvpn_snprintf(prefix, sizeof(prefix), "%s:%d", func, line))
118  {
119  return mbed_log_err(flags, errval, func);
120  }
121 
122  return mbed_log_err(flags, errval, prefix);
123 }
124 
125 
126 #ifdef DMALLOC
127 void
128 crypto_init_dmalloc(void)
129 {
130  msg(M_ERR, "Error: dmalloc support is not available for mbed TLS.");
131 }
132 #endif /* DMALLOC */
133 
135  { "BF-CBC", "BLOWFISH-CBC" },
136  { "BF-CFB", "BLOWFISH-CFB64" },
137  { "CAMELLIA-128-CFB", "CAMELLIA-128-CFB128" },
138  { "CAMELLIA-192-CFB", "CAMELLIA-192-CFB128" },
139  { "CAMELLIA-256-CFB", "CAMELLIA-256-CFB128" }
140 };
142  sizeof(cipher_name_translation_table) / sizeof(*cipher_name_translation_table);
143 
144 void
146 {
147  const int *ciphers = mbedtls_cipher_list();
148 
149 #ifndef ENABLE_SMALL
150  printf("The following ciphers and cipher modes are available for use\n"
151  "with " PACKAGE_NAME ". Each cipher shown below may be used as a\n"
152  "parameter to the --cipher option. Using a CBC or GCM mode is\n"
153  "recommended. In static key mode only CBC mode is allowed.\n\n");
154 #endif
155 
156  while (*ciphers != 0)
157  {
158  const cipher_kt_t *info = mbedtls_cipher_info_from_type(*ciphers);
159  if (info && !cipher_kt_insecure(info)
160  && (cipher_kt_mode_aead(info) || cipher_kt_mode_cbc(info)))
161  {
162  print_cipher(info);
163  }
164  ciphers++;
165  }
166 
167  printf("\nThe following ciphers have a block size of less than 128 bits, \n"
168  "and are therefore deprecated. Do not use unless you have to.\n\n");
169  ciphers = mbedtls_cipher_list();
170  while (*ciphers != 0)
171  {
172  const cipher_kt_t *info = mbedtls_cipher_info_from_type(*ciphers);
173  if (info && cipher_kt_insecure(info)
174  && (cipher_kt_mode_aead(info) || cipher_kt_mode_cbc(info)))
175  {
176  print_cipher(info);
177  }
178  ciphers++;
179  }
180  printf("\n");
181 }
182 
183 void
185 {
186  const int *digests = mbedtls_md_list();
187 
188 #ifndef ENABLE_SMALL
189  printf("The following message digests are available for use with\n"
190  PACKAGE_NAME ". A message digest is used in conjunction with\n"
191  "the HMAC function, to authenticate received packets.\n"
192  "You can specify a message digest as parameter to\n"
193  "the --auth option.\n\n");
194 #endif
195 
196  while (*digests != 0)
197  {
198  const mbedtls_md_info_t *info = mbedtls_md_info_from_type(*digests);
199 
200  if (info)
201  {
202  printf("%s %d bit default key\n", mbedtls_md_get_name(info),
203  mbedtls_md_get_size(info) * 8);
204  }
205  digests++;
206  }
207  printf("\n");
208 }
209 
210 void
212 {
213  printf("Sorry, mbed TLS hardware crypto engine functionality is not "
214  "available\n");
215 }
216 
217 bool
218 crypto_pem_encode(const char *name, struct buffer *dst,
219  const struct buffer *src, struct gc_arena *gc)
220 {
221  /* 1000 chars is the PEM line length limit (+1 for tailing NUL) */
222  char header[1000+1] = { 0 };
223  char footer[1000+1] = { 0 };
224 
225  if (!openvpn_snprintf(header, sizeof(header), "-----BEGIN %s-----\n", name))
226  {
227  return false;
228  }
229  if (!openvpn_snprintf(footer, sizeof(footer), "-----END %s-----\n", name))
230  {
231  return false;
232  }
233 
234  size_t out_len = 0;
235  if (MBEDTLS_ERR_BASE64_BUFFER_TOO_SMALL !=
236  mbedtls_pem_write_buffer(header, footer, BPTR(src), BLEN(src),
237  NULL, 0, &out_len))
238  {
239  return false;
240  }
241 
242  *dst = alloc_buf_gc(out_len, gc);
243  if (!mbed_ok(mbedtls_pem_write_buffer(header, footer, BPTR(src), BLEN(src),
244  BPTR(dst), BCAP(dst), &out_len))
245  || !buf_inc_len(dst, out_len))
246  {
247  CLEAR(*dst);
248  return false;
249  }
250 
251  return true;
252 }
253 
254 bool
255 crypto_pem_decode(const char *name, struct buffer *dst,
256  const struct buffer *src)
257 {
258  /* 1000 chars is the PEM line length limit (+1 for tailing NUL) */
259  char header[1000+1] = { 0 };
260  char footer[1000+1] = { 0 };
261 
262  if (*(BLAST(src)) != '\0')
263  {
264  msg(M_WARN, "PEM decode error: source buffer not null-terminated");
265  return false;
266  }
267  if (!openvpn_snprintf(header, sizeof(header), "-----BEGIN %s-----", name))
268  {
269  return false;
270  }
271  if (!openvpn_snprintf(footer, sizeof(footer), "-----END %s-----", name))
272  {
273  return false;
274  }
275 
276  size_t use_len = 0;
277  mbedtls_pem_context ctx = { 0 };
278  bool ret = mbed_ok(mbedtls_pem_read_buffer(&ctx, header, footer, BPTR(src),
279  NULL, 0, &use_len));
280  if (ret && !buf_write(dst, ctx.buf, ctx.buflen))
281  {
282  ret = false;
283  msg(M_WARN, "PEM decode error: destination buffer too small");
284  }
285 
286  mbedtls_pem_free(&ctx);
287  return ret;
288 }
289 
290 /*
291  *
292  * Random number functions, used in cases where we want
293  * reasonably strong cryptographic random number generation
294  * without depleting our entropy pool. Used for random
295  * IV values and a number of other miscellaneous tasks.
296  *
297  */
298 
299 /*
300  * Initialise the given ctr_drbg context, using a personalisation string and an
301  * entropy gathering function.
302  */
303 mbedtls_ctr_drbg_context *
304 rand_ctx_get(void)
305 {
306  static mbedtls_entropy_context ec = {0};
307  static mbedtls_ctr_drbg_context cd_ctx = {0};
308  static bool rand_initialised = false;
309 
310  if (!rand_initialised)
311  {
312  struct gc_arena gc = gc_new();
313  struct buffer pers_string = alloc_buf_gc(100, &gc);
314 
315  /*
316  * Personalisation string, should be as unique as possible (see NIST
317  * 800-90 section 8.7.1). We have very little information at this stage.
318  * Include Program Name, memory address of the context and PID.
319  */
320  buf_printf(&pers_string, "OpenVPN %0u %p %s", platform_getpid(), &cd_ctx, time_string(0, 0, 0, &gc));
321 
322  /* Initialise mbed TLS RNG, and built-in entropy sources */
323  mbedtls_entropy_init(&ec);
324 
325  mbedtls_ctr_drbg_init(&cd_ctx);
326  if (!mbed_ok(mbedtls_ctr_drbg_seed(&cd_ctx, mbedtls_entropy_func, &ec,
327  BPTR(&pers_string), BLEN(&pers_string))))
328  {
329  msg(M_FATAL, "Failed to initialize random generator");
330  }
331 
332  gc_free(&gc);
333  rand_initialised = true;
334  }
335 
336  return &cd_ctx;
337 }
338 
339 #ifdef ENABLE_PREDICTION_RESISTANCE
340 void
341 rand_ctx_enable_prediction_resistance(void)
342 {
343  mbedtls_ctr_drbg_context *cd_ctx = rand_ctx_get();
344 
345  mbedtls_ctr_drbg_set_prediction_resistance(cd_ctx, 1);
346 }
347 #endif /* ENABLE_PREDICTION_RESISTANCE */
348 
349 int
350 rand_bytes(uint8_t *output, int len)
351 {
352  mbedtls_ctr_drbg_context *rng_ctx = rand_ctx_get();
353 
354  while (len > 0)
355  {
356  const size_t blen = min_int(len, MBEDTLS_CTR_DRBG_MAX_REQUEST);
357  if (0 != mbedtls_ctr_drbg_random(rng_ctx, output, blen))
358  {
359  return 0;
360  }
361 
362  output += blen;
363  len -= blen;
364  }
365 
366  return 1;
367 }
368 
369 /*
370  *
371  * Key functions, allow manipulation of keys.
372  *
373  */
374 
375 
376 int
377 key_des_num_cblocks(const mbedtls_cipher_info_t *kt)
378 {
379  int ret = 0;
380  if (kt->type == MBEDTLS_CIPHER_DES_CBC)
381  {
382  ret = 1;
383  }
384  if (kt->type == MBEDTLS_CIPHER_DES_EDE_CBC)
385  {
386  ret = 2;
387  }
388  if (kt->type == MBEDTLS_CIPHER_DES_EDE3_CBC)
389  {
390  ret = 3;
391  }
392 
393  dmsg(D_CRYPTO_DEBUG, "CRYPTO INFO: n_DES_cblocks=%d", ret);
394  return ret;
395 }
396 
397 bool
398 key_des_check(uint8_t *key, int key_len, int ndc)
399 {
400  int i;
401  struct buffer b;
402 
403  buf_set_read(&b, key, key_len);
404 
405  for (i = 0; i < ndc; ++i)
406  {
407  unsigned char *key = buf_read_alloc(&b, MBEDTLS_DES_KEY_SIZE);
408  if (!key)
409  {
410  msg(D_CRYPT_ERRORS, "CRYPTO INFO: check_key_DES: insufficient key material");
411  goto err;
412  }
413  if (0 != mbedtls_des_key_check_weak(key))
414  {
415  msg(D_CRYPT_ERRORS, "CRYPTO INFO: check_key_DES: weak key detected");
416  goto err;
417  }
418  if (0 != mbedtls_des_key_check_key_parity(key))
419  {
420  msg(D_CRYPT_ERRORS, "CRYPTO INFO: check_key_DES: bad parity detected");
421  goto err;
422  }
423  }
424  return true;
425 
426 err:
427  return false;
428 }
429 
430 void
431 key_des_fixup(uint8_t *key, int key_len, int ndc)
432 {
433  int i;
434  struct buffer b;
435 
436  buf_set_read(&b, key, key_len);
437  for (i = 0; i < ndc; ++i)
438  {
439  unsigned char *key = buf_read_alloc(&b, MBEDTLS_DES_KEY_SIZE);
440  if (!key)
441  {
442  msg(D_CRYPT_ERRORS, "CRYPTO INFO: fixup_key_DES: insufficient key material");
443  return;
444  }
445  mbedtls_des_key_set_parity(key);
446  }
447 }
448 
449 /*
450  *
451  * Generic cipher key type functions
452  *
453  */
454 
455 
456 const mbedtls_cipher_info_t *
457 cipher_kt_get(const char *ciphername)
458 {
459  const mbedtls_cipher_info_t *cipher = NULL;
460 
461  ASSERT(ciphername);
462 
463  cipher = mbedtls_cipher_info_from_string(ciphername);
464 
465  if (NULL == cipher)
466  {
467  msg(D_LOW, "Cipher algorithm '%s' not found", ciphername);
468  return NULL;
469  }
470 
471  if (cipher->key_bitlen/8 > MAX_CIPHER_KEY_LENGTH)
472  {
473  msg(D_LOW, "Cipher algorithm '%s' uses a default key size (%d bytes) "
474  "which is larger than " PACKAGE_NAME "'s current maximum key size "
475  "(%d bytes)", ciphername, cipher->key_bitlen/8, MAX_CIPHER_KEY_LENGTH);
476  return NULL;
477  }
478 
479  return cipher;
480 }
481 
482 const char *
483 cipher_kt_name(const mbedtls_cipher_info_t *cipher_kt)
484 {
485  if (NULL == cipher_kt)
486  {
487  return "[null-cipher]";
488  }
489 
490  return translate_cipher_name_to_openvpn(cipher_kt->name);
491 }
492 
493 int
494 cipher_kt_key_size(const mbedtls_cipher_info_t *cipher_kt)
495 {
496  if (NULL == cipher_kt)
497  {
498  return 0;
499  }
500 
501  return cipher_kt->key_bitlen/8;
502 }
503 
504 int
505 cipher_kt_iv_size(const mbedtls_cipher_info_t *cipher_kt)
506 {
507  if (NULL == cipher_kt)
508  {
509  return 0;
510  }
511  return cipher_kt->iv_size;
512 }
513 
514 int
515 cipher_kt_block_size(const mbedtls_cipher_info_t *cipher_kt)
516 {
517  if (NULL == cipher_kt)
518  {
519  return 0;
520  }
521  return cipher_kt->block_size;
522 }
523 
524 int
525 cipher_kt_tag_size(const mbedtls_cipher_info_t *cipher_kt)
526 {
527 #ifdef HAVE_AEAD_CIPHER_MODES
528  if (cipher_kt && cipher_kt_mode_aead(cipher_kt))
529  {
531  }
532 #endif
533  return 0;
534 }
535 
536 bool
537 cipher_kt_insecure(const mbedtls_cipher_info_t *cipher_kt)
538 {
539  return !(cipher_kt_block_size(cipher_kt) >= 128 / 8
540 #ifdef MBEDTLS_CHACHAPOLY_C
541  || cipher_kt->type == MBEDTLS_CIPHER_CHACHA20_POLY1305
542 #endif
543  );
544 }
545 
546 int
547 cipher_kt_mode(const mbedtls_cipher_info_t *cipher_kt)
548 {
549  ASSERT(NULL != cipher_kt);
550  return cipher_kt->mode;
551 }
552 
553 bool
554 cipher_kt_mode_cbc(const cipher_kt_t *cipher)
555 {
556  return cipher && cipher_kt_mode(cipher) == OPENVPN_MODE_CBC;
557 }
558 
559 bool
560 cipher_kt_mode_ofb_cfb(const cipher_kt_t *cipher)
561 {
562  return cipher && (cipher_kt_mode(cipher) == OPENVPN_MODE_OFB
563  || cipher_kt_mode(cipher) == OPENVPN_MODE_CFB);
564 }
565 
566 bool
567 cipher_kt_mode_aead(const cipher_kt_t *cipher)
568 {
569  return cipher && (cipher_kt_mode(cipher) == OPENVPN_MODE_GCM
570 #ifdef MBEDTLS_CHACHAPOLY_C
571  || cipher_kt_mode(cipher) == MBEDTLS_MODE_CHACHAPOLY
572 #endif
573  );
574 }
575 
576 
577 /*
578  *
579  * Generic cipher context functions
580  *
581  */
582 
583 mbedtls_cipher_context_t *
584 cipher_ctx_new(void)
585 {
586  mbedtls_cipher_context_t *ctx;
587  ALLOC_OBJ(ctx, mbedtls_cipher_context_t);
588  return ctx;
589 }
590 
591 void
592 cipher_ctx_free(mbedtls_cipher_context_t *ctx)
593 {
594  free(ctx);
595 }
596 
597 void
598 cipher_ctx_init(mbedtls_cipher_context_t *ctx, const uint8_t *key, int key_len,
599  const mbedtls_cipher_info_t *kt, const mbedtls_operation_t operation)
600 {
601  ASSERT(NULL != kt && NULL != ctx);
602 
603  CLEAR(*ctx);
604 
605  if (!mbed_ok(mbedtls_cipher_setup(ctx, kt)))
606  {
607  msg(M_FATAL, "mbed TLS cipher context init #1");
608  }
609 
610  if (!mbed_ok(mbedtls_cipher_setkey(ctx, key, key_len*8, operation)))
611  {
612  msg(M_FATAL, "mbed TLS cipher set key");
613  }
614 
615  /* make sure we used a big enough key */
616  ASSERT(ctx->key_bitlen <= key_len*8);
617 }
618 
619 void
620 cipher_ctx_cleanup(mbedtls_cipher_context_t *ctx)
621 {
622  mbedtls_cipher_free(ctx);
623 }
624 
625 int
626 cipher_ctx_iv_length(const mbedtls_cipher_context_t *ctx)
627 {
628  return mbedtls_cipher_get_iv_size(ctx);
629 }
630 
631 int
632 cipher_ctx_get_tag(cipher_ctx_t *ctx, uint8_t *tag, int tag_len)
633 {
634 #ifdef HAVE_AEAD_CIPHER_MODES
635  if (tag_len > SIZE_MAX)
636  {
637  return 0;
638  }
639 
640  if (!mbed_ok(mbedtls_cipher_write_tag(ctx, (unsigned char *) tag, tag_len)))
641  {
642  return 0;
643  }
644 
645  return 1;
646 #else /* ifdef HAVE_AEAD_CIPHER_MODES */
647  ASSERT(0);
648 #endif /* HAVE_AEAD_CIPHER_MODES */
649 }
650 
651 int
652 cipher_ctx_block_size(const mbedtls_cipher_context_t *ctx)
653 {
654  return mbedtls_cipher_get_block_size(ctx);
655 }
656 
657 int
658 cipher_ctx_mode(const mbedtls_cipher_context_t *ctx)
659 {
660  ASSERT(NULL != ctx);
661 
662  return cipher_kt_mode(ctx->cipher_info);
663 }
664 
665 const cipher_kt_t *
667 {
668  return ctx ? ctx->cipher_info : NULL;
669 }
670 
671 int
672 cipher_ctx_reset(mbedtls_cipher_context_t *ctx, const uint8_t *iv_buf)
673 {
674  if (!mbed_ok(mbedtls_cipher_reset(ctx)))
675  {
676  return 0;
677  }
678 
679  if (!mbed_ok(mbedtls_cipher_set_iv(ctx, iv_buf, ctx->cipher_info->iv_size)))
680  {
681  return 0;
682  }
683 
684  return 1;
685 }
686 
687 int
688 cipher_ctx_update_ad(cipher_ctx_t *ctx, const uint8_t *src, int src_len)
689 {
690 #ifdef HAVE_AEAD_CIPHER_MODES
691  if (src_len > SIZE_MAX)
692  {
693  return 0;
694  }
695 
696  if (!mbed_ok(mbedtls_cipher_update_ad(ctx, src, src_len)))
697  {
698  return 0;
699  }
700 
701  return 1;
702 #else /* ifdef HAVE_AEAD_CIPHER_MODES */
703  ASSERT(0);
704 #endif /* HAVE_AEAD_CIPHER_MODES */
705 }
706 
707 int
708 cipher_ctx_update(mbedtls_cipher_context_t *ctx, uint8_t *dst,
709  int *dst_len, uint8_t *src, int src_len)
710 {
711  size_t s_dst_len = *dst_len;
712 
713  if (!mbed_ok(mbedtls_cipher_update(ctx, src, (size_t) src_len, dst,
714  &s_dst_len)))
715  {
716  return 0;
717  }
718 
719  *dst_len = s_dst_len;
720 
721  return 1;
722 }
723 
724 int
725 cipher_ctx_final(mbedtls_cipher_context_t *ctx, uint8_t *dst, int *dst_len)
726 {
727  size_t s_dst_len = *dst_len;
728 
729  if (!mbed_ok(mbedtls_cipher_finish(ctx, dst, &s_dst_len)))
730  {
731  return 0;
732  }
733 
734  *dst_len = s_dst_len;
735 
736  return 1;
737 }
738 
739 int
740 cipher_ctx_final_check_tag(mbedtls_cipher_context_t *ctx, uint8_t *dst,
741  int *dst_len, uint8_t *tag, size_t tag_len)
742 {
743 #ifdef HAVE_AEAD_CIPHER_MODES
744  size_t olen = 0;
745 
746  if (MBEDTLS_DECRYPT != ctx->operation)
747  {
748  return 0;
749  }
750 
751  if (tag_len > SIZE_MAX)
752  {
753  return 0;
754  }
755 
756  if (!mbed_ok(mbedtls_cipher_finish(ctx, dst, &olen)))
757  {
758  msg(D_CRYPT_ERRORS, "%s: cipher_ctx_final() failed", __func__);
759  return 0;
760  }
761 
762  if (olen > INT_MAX)
763  {
764  return 0;
765  }
766  *dst_len = olen;
767 
768  if (!mbed_ok(mbedtls_cipher_check_tag(ctx, (const unsigned char *) tag,
769  tag_len)))
770  {
771  return 0;
772  }
773 
774  return 1;
775 #else /* ifdef HAVE_AEAD_CIPHER_MODES */
776  ASSERT(0);
777 #endif /* HAVE_AEAD_CIPHER_MODES */
778 }
779 
780 void
781 cipher_des_encrypt_ecb(const unsigned char key[DES_KEY_LENGTH],
782  unsigned char *src,
783  unsigned char *dst)
784 {
785  mbedtls_des_context ctx;
786 
787  ASSERT(mbed_ok(mbedtls_des_setkey_enc(&ctx, key)));
788  ASSERT(mbed_ok(mbedtls_des_crypt_ecb(&ctx, src, dst)));
789 }
790 
791 
792 
793 /*
794  *
795  * Generic message digest information functions
796  *
797  */
798 
799 
800 const mbedtls_md_info_t *
801 md_kt_get(const char *digest)
802 {
803  const mbedtls_md_info_t *md = NULL;
804  ASSERT(digest);
805 
806  md = mbedtls_md_info_from_string(digest);
807  if (!md)
808  {
809  msg(M_FATAL, "Message hash algorithm '%s' not found", digest);
810  }
811  if (mbedtls_md_get_size(md) > MAX_HMAC_KEY_LENGTH)
812  {
813  msg(M_FATAL, "Message hash algorithm '%s' uses a default hash size (%d bytes) which is larger than " PACKAGE_NAME "'s current maximum hash size (%d bytes)",
814  digest,
815  mbedtls_md_get_size(md),
817  }
818  return md;
819 }
820 
821 const char *
822 md_kt_name(const mbedtls_md_info_t *kt)
823 {
824  if (NULL == kt)
825  {
826  return "[null-digest]";
827  }
828  return mbedtls_md_get_name(kt);
829 }
830 
831 int
832 md_kt_size(const mbedtls_md_info_t *kt)
833 {
834  if (NULL == kt)
835  {
836  return 0;
837  }
838  return mbedtls_md_get_size(kt);
839 }
840 
841 /*
842  *
843  * Generic message digest functions
844  *
845  */
846 
847 int
848 md_full(const md_kt_t *kt, const uint8_t *src, int src_len, uint8_t *dst)
849 {
850  return 0 == mbedtls_md(kt, src, src_len, dst);
851 }
852 
853 mbedtls_md_context_t *
854 md_ctx_new(void)
855 {
856  mbedtls_md_context_t *ctx;
857  ALLOC_OBJ_CLEAR(ctx, mbedtls_md_context_t);
858  return ctx;
859 }
860 
861 void
862 md_ctx_free(mbedtls_md_context_t *ctx)
863 {
864  free(ctx);
865 }
866 
867 void
868 md_ctx_init(mbedtls_md_context_t *ctx, const mbedtls_md_info_t *kt)
869 {
870  ASSERT(NULL != ctx && NULL != kt);
871 
872  mbedtls_md_init(ctx);
873  ASSERT(0 == mbedtls_md_setup(ctx, kt, 0));
874  ASSERT(0 == mbedtls_md_starts(ctx));
875 }
876 
877 void
878 md_ctx_cleanup(mbedtls_md_context_t *ctx)
879 {
880  mbedtls_md_free(ctx);
881 }
882 
883 int
884 md_ctx_size(const mbedtls_md_context_t *ctx)
885 {
886  if (NULL == ctx)
887  {
888  return 0;
889  }
890  return mbedtls_md_get_size(ctx->md_info);
891 }
892 
893 void
894 md_ctx_update(mbedtls_md_context_t *ctx, const uint8_t *src, int src_len)
895 {
896  ASSERT(0 == mbedtls_md_update(ctx, src, src_len));
897 }
898 
899 void
900 md_ctx_final(mbedtls_md_context_t *ctx, uint8_t *dst)
901 {
902  ASSERT(0 == mbedtls_md_finish(ctx, dst));
903  mbedtls_md_free(ctx);
904 }
905 
906 
907 /*
908  *
909  * Generic HMAC functions
910  *
911  */
912 
913 
914 /*
915  * TODO: re-enable dmsg for crypto debug
916  */
917 
918 mbedtls_md_context_t *
919 hmac_ctx_new(void)
920 {
921  mbedtls_md_context_t *ctx;
922  ALLOC_OBJ(ctx, mbedtls_md_context_t);
923  return ctx;
924 }
925 
926 void
927 hmac_ctx_free(mbedtls_md_context_t *ctx)
928 {
929  free(ctx);
930 }
931 
932 void
933 hmac_ctx_init(mbedtls_md_context_t *ctx, const uint8_t *key, int key_len,
934  const mbedtls_md_info_t *kt)
935 {
936  ASSERT(NULL != kt && NULL != ctx);
937 
938  mbedtls_md_init(ctx);
939  ASSERT(0 == mbedtls_md_setup(ctx, kt, 1));
940  ASSERT(0 == mbedtls_md_hmac_starts(ctx, key, key_len));
941 
942  /* make sure we used a big enough key */
943  ASSERT(mbedtls_md_get_size(kt) <= key_len);
944 }
945 
946 void
947 hmac_ctx_cleanup(mbedtls_md_context_t *ctx)
948 {
949  mbedtls_md_free(ctx);
950 }
951 
952 int
953 hmac_ctx_size(const mbedtls_md_context_t *ctx)
954 {
955  if (NULL == ctx)
956  {
957  return 0;
958  }
959  return mbedtls_md_get_size(ctx->md_info);
960 }
961 
962 void
963 hmac_ctx_reset(mbedtls_md_context_t *ctx)
964 {
965  ASSERT(0 == mbedtls_md_hmac_reset(ctx));
966 }
967 
968 void
969 hmac_ctx_update(mbedtls_md_context_t *ctx, const uint8_t *src, int src_len)
970 {
971  ASSERT(0 == mbedtls_md_hmac_update(ctx, src, src_len));
972 }
973 
974 void
975 hmac_ctx_final(mbedtls_md_context_t *ctx, uint8_t *dst)
976 {
977  ASSERT(0 == mbedtls_md_hmac_finish(ctx, dst));
978 }
979 
980 #endif /* ENABLE_CRYPTO_MBEDTLS */
int md_full(const md_kt_t *kt, const uint8_t *src, int src_len, uint8_t *dst)
unsigned int platform_getpid(void)
Definition: platform.c:178
bool cipher_kt_mode_aead(const cipher_kt_t *cipher)
Check if the supplied cipher is a supported AEAD mode cipher.
bool crypto_pem_decode(const char *name, struct buffer *dst, const struct buffer *src)
Decode a PEM buffer to binary data.
const cipher_kt_t * cipher_ctx_get_cipher_kt(const cipher_ctx_t *ctx)
Returns the static cipher parameters for this context.
#define D_CRYPT_ERRORS
Definition: errlevel.h:58
mbedtls_cipher_context_t cipher_ctx_t
Generic cipher context.
md_ctx_t * md_ctx_new(void)
#define ALLOC_OBJ(dptr, type)
Definition: buffer.h:1045
int key_des_num_cblocks(const cipher_kt_t *kt)
Return number of DES cblocks (1 cblock = length of a single-DES key) for the current key type or 0 if...
#define D_CRYPTO_DEBUG
Definition: errlevel.h:144
bool cipher_kt_mode_ofb_cfb(const cipher_kt_t *cipher)
Check if the supplied cipher is a supported OFB or CFB mode cipher.
int cipher_ctx_final(cipher_ctx_t *ctx, uint8_t *dst, int *dst_len)
Pads the final cipher block using PKCS padding, and output to the destination buffer.
static void gc_free(struct gc_arena *a)
Definition: buffer.h:1023
#define dmsg
Definition: error.h:174
static uint8_t * buf_read_alloc(struct buffer *buf, int size)
Definition: buffer.h:675
#define OPENVPN_MODE_OFB
Cipher is in OFB mode.
#define OPENVPN_MODE_CFB
Cipher is in CFB mode.
void md_ctx_free(md_ctx_t *ctx)
bool buf_printf(struct buffer *buf, const char *format,...)
Definition: buffer.c:245
int cipher_ctx_reset(cipher_ctx_t *ctx, const uint8_t *iv_buf)
Resets the given cipher context, setting the IV to the specified value.
int cipher_kt_iv_size(const cipher_kt_t *cipher_kt)
Returns the size of the IV used by the cipher, in bytes, or 0 if no IV is used.
bool cipher_kt_insecure(const cipher_kt_t *cipher)
Returns true if we consider this cipher to be insecure.
int cipher_kt_tag_size(const cipher_kt_t *cipher_kt)
Returns the MAC tag size of the cipher, in bytes.
#define MAX_CIPHER_KEY_LENGTH
#define ASSERT(x)
Definition: error.h:221
int cipher_ctx_get_tag(cipher_ctx_t *ctx, uint8_t *tag, int tag_len)
Gets the computed message authenticated code (MAC) tag for this cipher.
#define D_LOW
Definition: errlevel.h:97
bool key_des_check(uint8_t *key, int key_len, int ndc)
void hmac_ctx_cleanup(hmac_ctx_t *ctx)
void cipher_des_encrypt_ecb(const unsigned char key[DES_KEY_LENGTH], unsigned char src[DES_KEY_LENGTH], unsigned char dst[DES_KEY_LENGTH])
Encrypt the given block, using DES ECB mode.
#define BCAP(buf)
Definition: buffer.h:130
list flags
#define OPENVPN_MODE_GCM
Cipher is in GCM mode.
int len
Length in bytes of the actual content within the allocated memory.
Definition: buffer.h:66
void print_cipher(const cipher_kt_t *cipher)
Print a cipher list entry.
Definition: crypto.c:1779
int cipher_ctx_iv_length(const cipher_ctx_t *ctx)
Returns the size of the IV used by the cipher, in bytes, or 0 if no IV is used.
static bool buf_write(struct buffer *dest, const void *src, int size)
Definition: buffer.h:689
#define CLEAR(x)
Definition: basic.h:33
#define BPTR(buf)
Definition: buffer.h:124
void cipher_ctx_free(cipher_ctx_t *ctx)
Free a cipher context.
const cipher_name_pair cipher_name_translation_table[]
Cipher name translation table.
void md_ctx_final(md_ctx_t *ctx, uint8_t *dst)
void crypto_clear_error(void)
bool openvpn_snprintf(char *str, size_t size, const char *format,...)
Definition: buffer.c:299
int cipher_ctx_mode(const cipher_ctx_t *ctx)
Returns the mode that the cipher runs in.
int md_kt_size(const md_kt_t *kt)
Returns the size of the message digest, in bytes.
bool crypto_pem_encode(const char *name, struct buffer *dst, const struct buffer *src, struct gc_arena *gc)
Encode binary data as PEM.
void show_available_engines(void)
#define OPENVPN_MODE_CBC
Cipher is in CBC mode.
void md_ctx_update(md_ctx_t *ctx, const uint8_t *src, int src_len)
int rand_bytes(uint8_t *output, int len)
Wrapper for secure random number generator.
static struct gc_arena gc_new(void)
Definition: buffer.h:1015
#define mbed_ok(errval)
Check errval and log on error.
int cipher_ctx_final_check_tag(cipher_ctx_t *ctx, uint8_t *dst, int *dst_len, uint8_t *tag, size_t tag_len)
Like cipher_ctx_final, but check the computed authentication tag against the supplied (expected) tag...
#define PACKAGE_NAME
Definition: config.h:730
#define ALLOC_OBJ_CLEAR(dptr, type)
Definition: buffer.h:1050
int cipher_ctx_update_ad(cipher_ctx_t *ctx, const uint8_t *src, int src_len)
Updates the given cipher context, providing additional data (AD) for authenticated encryption with ad...
void hmac_ctx_update(hmac_ctx_t *ctx, const uint8_t *src, int src_len)
mbedtls_md_info_t md_kt_t
Generic message digest key type context.
const char * time_string(time_t t, int usec, bool show_usec, struct gc_arena *gc)
Definition: otime.c:114
bool mbed_log_func_line(unsigned int flags, int errval, const char *func, int line)
Log the supplied mbed TLS error, prefixed by function name and line number.
int md_ctx_size(const md_ctx_t *ctx)
mbedtls_cipher_info_t cipher_kt_t
Generic cipher key type context.
const char * md_kt_name(const md_kt_t *kt)
Retrieve a string describing the digest digest (e.g.
int hmac_ctx_size(const hmac_ctx_t *ctx)
void key_des_fixup(uint8_t *key, int key_len, int ndc)
const md_kt_t * md_kt_get(const char *digest)
Return message digest parameters, based on the given digest name.
void show_available_ciphers(void)
#define msg
Definition: error.h:173
int cipher_ctx_update(cipher_ctx_t *ctx, uint8_t *dst, int *dst_len, uint8_t *src, int src_len)
Updates the given cipher context, encrypting data in the source buffer, and placing any complete bloc...
int cipher_kt_key_size(const cipher_kt_t *cipher_kt)
Returns the size of keys used by the cipher, in bytes.
void md_ctx_cleanup(md_ctx_t *ctx)
#define MAX_HMAC_KEY_LENGTH
#define BLEN(buf)
Definition: buffer.h:127
cipher_ctx_t * cipher_ctx_new(void)
Generic cipher functions.
int cipher_ctx_block_size(const cipher_ctx_t *ctx)
Returns the block size of the cipher, in bytes.
unsigned __int8 uint8_t
Definition: config-msvc.h:123
#define M_ERR
Definition: error.h:110
static bool buf_inc_len(struct buffer *buf, int inc)
Definition: buffer.h:611
const size_t cipher_name_translation_table_count
void show_available_digests(void)
Struct used in cipher name translation table.
Wrapper structure for dynamically allocated memory.
Definition: buffer.h:60
#define M_FATAL
Definition: error.h:94
const char * translate_cipher_name_to_openvpn(const char *cipher_name)
Translate a crypto library cipher name to an OpenVPN cipher name.
Definition: crypto.c:1840
int cipher_kt_mode(const cipher_kt_t *cipher_kt)
Returns the mode that the cipher runs in.
int cipher_kt_block_size(const cipher_kt_t *cipher_kt)
Returns the block size of the cipher, in bytes.
void cipher_ctx_init(cipher_ctx_t *ctx, const uint8_t *key, int key_len, const cipher_kt_t *kt, int enc)
Initialise a cipher context, based on the given key and key type.
void crypto_uninit_lib(void)
bool mbed_log_err(unsigned int flags, int errval, const char *prefix)
Log the supplied mbed TLS error, prefixed by supplied prefix.
struct buffer alloc_buf_gc(size_t size, struct gc_arena *gc)
Definition: buffer.c:90
#define M_WARN
Definition: error.h:96
static int min_int(int x, int y)
Definition: integer.h:57
#define free
Definition: cmocka.c:1850
Garbage collection arena used to keep track of dynamically allocated memory.
Definition: buffer.h:116
#define BLAST(buf)
Definition: buffer.h:126
void md_ctx_init(md_ctx_t *ctx, const md_kt_t *kt)
#define OPENVPN_AEAD_TAG_LENGTH
void hmac_ctx_init(hmac_ctx_t *ctx, const uint8_t *key, int key_length, const md_kt_t *kt)
char * dst
Definition: compat-lz4.h:455
hmac_ctx_t * hmac_ctx_new(void)
void crypto_init_lib_engine(const char *engine_name)
void cipher_ctx_cleanup(cipher_ctx_t *ctx)
Cleanup the specified context.
void hmac_ctx_final(hmac_ctx_t *ctx, uint8_t *dst)
#define DES_KEY_LENGTH
void hmac_ctx_free(hmac_ctx_t *ctx)
mbedtls_ctr_drbg_context * rand_ctx_get(void)
Returns a singleton instance of the mbed TLS random number generator.
static void buf_set_read(struct buffer *buf, const uint8_t *data, int size)
Definition: buffer.h:335
const cipher_kt_t * cipher_kt_get(const char *ciphername)
Return cipher parameters, based on the given cipher name.
void crypto_init_lib(void)
void hmac_ctx_reset(hmac_ctx_t *ctx)
const char * cipher_kt_name(const cipher_kt_t *cipher_kt)
Retrieve a string describing the cipher (e.g.
Container for unidirectional cipher and HMAC key material.
Definition: crypto.h:151
bool cipher_kt_mode_cbc(const cipher_kt_t *cipher)
Check if the supplied cipher is a supported CBC mode cipher.