OpenVPN
Data Structures | Macros | Functions
crypto.h File Reference
#include "crypto_backend.h"
#include "basic.h"
#include "buffer.h"
#include "packet_id.h"
#include "mtu.h"
Include dependency graph for crypto.h:
This graph shows which files directly or indirectly include this file:

Go to the source code of this file.

Data Structures

struct  sha256_digest
 Wrapper struct to pass around SHA256 digests. More...
 
struct  key_type
 
struct  key
 Container for unidirectional cipher and HMAC key material. More...
 
struct  key_ctx
 Container for one set of cipher and/or HMAC contexts. More...
 
struct  key2
 Container for bidirectional cipher and HMAC key material. More...
 
struct  key_direction_state
 Key ordering of the key2.keys array. More...
 
struct  key_ctx_bi
 Container for two sets of OpenSSL cipher and/or HMAC contexts for both sending and receiving directions. More...
 
struct  crypto_options
 Security parameter state for processing data channel packets. More...
 

Macros

#define KEY_DIRECTION_BIDIRECTIONAL   0 /* same keys for both directions */
 
#define KEY_DIRECTION_NORMAL   1 /* encrypt with keys[0], decrypt with keys[1] */
 
#define KEY_DIRECTION_INVERSE   2 /* encrypt with keys[1], decrypt with keys[0] */
 
#define CO_PACKET_ID_LONG_FORM   (1<<0)
 Bit-flag indicating whether to use OpenVPN's long packet ID format. More...
 
#define CO_IGNORE_PACKET_ID   (1<<1)
 Bit-flag indicating whether to ignore the packet ID of a received packet. More...
 
#define CO_MUTE_REPLAY_WARNINGS   (1<<2)
 Bit-flag indicating not to display replay warnings. More...
 
#define CRYPT_ERROR(format)   do { msg(D_CRYPT_ERRORS, "%s: " format, error_prefix); goto error_exit; } while (false)
 
#define OPENVPN_AEAD_MIN_IV_LEN   (sizeof(packet_id_type) + 8)
 Minimal IV length for AEAD mode ciphers (in bytes): 4-byte packet id + 8 bytes implicit IV. More...
 
#define RKF_MUST_SUCCEED   (1<<0)
 
#define RKF_INLINE   (1<<1)
 
#define NONCE_SECRET_LEN_MIN   16
 
#define NONCE_SECRET_LEN_MAX   64
 
#define PRNG_NONCE_RESET_BYTES   1024
 Number of bytes of random to allow before resetting the nonce. More...
 

Functions

void read_key_file (struct key2 *key2, const char *file, const unsigned int flags)
 
int write_key_file (const int nkeys, const char *filename)
 
int read_passphrase_hash (const char *passphrase_file, const md_kt_t *digest, uint8_t *output, int len)
 
void generate_key_random (struct key *key, const struct key_type *kt)
 
void check_replay_consistency (const struct key_type *kt, bool packet_id)
 
bool check_key (struct key *key, const struct key_type *kt)
 
void fixup_key (struct key *key, const struct key_type *kt)
 
bool write_key (const struct key *key, const struct key_type *kt, struct buffer *buf)
 
int read_key (struct key *key, const struct key_type *kt, struct buffer *buf)
 
void init_key_type (struct key_type *kt, const char *ciphername, const char *authname, int keysize, bool tls_mode, bool warn)
 Initialize a key_type structure with. More...
 
void init_key_ctx (struct key_ctx *ctx, const struct key *key, const struct key_type *kt, int enc, const char *prefix)
 
void free_key_ctx (struct key_ctx *ctx)
 
void init_key_ctx_bi (struct key_ctx_bi *ctx, const struct key2 *key2, int key_direction, const struct key_type *kt, const char *name)
 
void free_key_ctx_bi (struct key_ctx_bi *ctx)
 
bool crypto_check_replay (struct crypto_options *opt, const struct packet_id_net *pin, const char *error_prefix, struct gc_arena *gc)
 Check packet ID for replay, and perform replay administration. More...
 
void crypto_adjust_frame_parameters (struct frame *frame, const struct key_type *kt, bool packet_id, bool packet_id_long_form)
 Calculate crypto overhead and adjust frame to account for that. More...
 
size_t crypto_max_overhead (void)
 Return the worst-case OpenVPN crypto overhead (in bytes) More...
 
void prng_init (const char *md_name, const int nonce_secret_len_parm)
 Pseudo-random number generator initialisation. More...
 
void prng_bytes (uint8_t *output, int len)
 
void prng_uninit (void)
 
void test_crypto (struct crypto_options *co, struct frame *f)
 
void key_direction_state_init (struct key_direction_state *kds, int key_direction)
 
void verify_fix_key2 (struct key2 *key2, const struct key_type *kt, const char *shared_secret_file)
 
void must_have_n_keys (const char *filename, const char *option, const struct key2 *key2, int n)
 
int ascii2keydirection (int msglevel, const char *str)
 
const char * keydirection2ascii (int kd, bool remote)
 
void key2_print (const struct key2 *k, const struct key_type *kt, const char *prefix0, const char *prefix1)
 
void crypto_read_openvpn_key (const struct key_type *key_type, struct key_ctx_bi *ctx, const char *key_file, const char *key_inline, const int key_direction, const char *key_name, const char *opt_name)
 
static int memcmp_constant_time (const void *a, const void *b, size_t size)
 As memcmp(), but constant-time. More...
 
static bool key_ctx_bi_defined (const struct key_ctx_bi *key)
 
Functions for performing security operations on data channel packets
void openvpn_encrypt (struct buffer *buf, struct buffer work, struct crypto_options *opt)
 Encrypt and HMAC sign a packet so that it can be sent as a data channel VPN tunnel packet to a remote OpenVPN peer. More...
 
bool openvpn_decrypt (struct buffer *buf, struct buffer work, struct crypto_options *opt, const struct frame *frame, const uint8_t *ad_start)
 HMAC verify and decrypt a data channel packet received from a remote OpenVPN peer. More...
 

Macro Definition Documentation

◆ CO_IGNORE_PACKET_ID

#define CO_IGNORE_PACKET_ID   (1<<1)

Bit-flag indicating whether to ignore the packet ID of a received packet.

This flag is used during processing of the first packet received from a client.

Definition at line 250 of file crypto.h.

Referenced by openvpn_decrypt_v1(), tls_auth_standalone_init(), tls_crypt_ignore_replay(), and tls_crypt_unwrap().

◆ CO_MUTE_REPLAY_WARNINGS

#define CO_MUTE_REPLAY_WARNINGS   (1<<2)

Bit-flag indicating not to display replay warnings.

Definition at line 256 of file crypto.h.

Referenced by crypto_check_replay(), do_init_crypto_static(), and do_init_crypto_tls().

◆ CO_PACKET_ID_LONG_FORM

#define CO_PACKET_ID_LONG_FORM   (1<<0)

Bit-flag indicating whether to use OpenVPN's long packet ID format.

Definition at line 247 of file crypto.h.

Referenced by crypto_check_replay(), do_init_crypto_static(), do_init_crypto_tls(), openvpn_decrypt_v1(), openvpn_encrypt_v1(), and tls_session_update_crypto_params().

◆ CRYPT_ERROR

#define CRYPT_ERROR (   format)    do { msg(D_CRYPT_ERRORS, "%s: " format, error_prefix); goto error_exit; } while (false)

Definition at line 263 of file crypto.h.

Referenced by openvpn_decrypt_aead(), openvpn_decrypt_v1(), and tls_crypt_unwrap().

◆ KEY_DIRECTION_BIDIRECTIONAL

#define KEY_DIRECTION_BIDIRECTIONAL   0 /* same keys for both directions */

◆ KEY_DIRECTION_INVERSE

#define KEY_DIRECTION_INVERSE   2 /* encrypt with keys[1], decrypt with keys[0] */

◆ KEY_DIRECTION_NORMAL

#define KEY_DIRECTION_NORMAL   1 /* encrypt with keys[0], decrypt with keys[1] */

◆ NONCE_SECRET_LEN_MAX

#define NONCE_SECRET_LEN_MAX   64

Definition at line 429 of file crypto.h.

Referenced by add_option(), and prng_init().

◆ NONCE_SECRET_LEN_MIN

#define NONCE_SECRET_LEN_MIN   16

Definition at line 426 of file crypto.h.

Referenced by add_option(), and prng_init().

◆ OPENVPN_AEAD_MIN_IV_LEN

#define OPENVPN_AEAD_MIN_IV_LEN   (sizeof(packet_id_type) + 8)

Minimal IV length for AEAD mode ciphers (in bytes): 4-byte packet id + 8 bytes implicit IV.

Definition at line 270 of file crypto.h.

Referenced by key_ctx_update_implicit_iv(), openvpn_encrypt_aead(), and test_crypto().

◆ PRNG_NONCE_RESET_BYTES

#define PRNG_NONCE_RESET_BYTES   1024

Number of bytes of random to allow before resetting the nonce.

Definition at line 432 of file crypto.h.

Referenced by prng_bytes().

◆ RKF_INLINE

#define RKF_INLINE   (1<<1)

Definition at line 273 of file crypto.h.

Referenced by crypto_read_openvpn_key(), and read_key_file().

◆ RKF_MUST_SUCCEED

#define RKF_MUST_SUCCEED   (1<<0)

Definition at line 272 of file crypto.h.

Referenced by crypto_read_openvpn_key(), and read_key_file().

Function Documentation

◆ ascii2keydirection()

int ascii2keydirection ( int  msglevel,
const char *  str 
)

Definition at line 1527 of file crypto.c.

References KEY_DIRECTION_BIDIRECTIONAL, KEY_DIRECTION_INVERSE, KEY_DIRECTION_NORMAL, and msg.

Referenced by add_option().

◆ check_key()

bool check_key ( struct key key,
const struct key_type kt 
)

◆ check_replay_consistency()

void check_replay_consistency ( const struct key_type kt,
bool  packet_id 
)

◆ crypto_adjust_frame_parameters()

void crypto_adjust_frame_parameters ( struct frame frame,
const struct key_type kt,
bool  packet_id,
bool  packet_id_long_form 
)

◆ crypto_check_replay()

bool crypto_check_replay ( struct crypto_options opt,
const struct packet_id_net pin,
const char *  error_prefix,
struct gc_arena gc 
)

Check packet ID for replay, and perform replay administration.

Parameters
optCrypto options for this packet, contains replay state.
pinPacket ID read from packet.
error_prefixPrefix to use when printing error messages.
gcGarbage collector to use.
Returns
true if packet ID is validated to be not a replay, false otherwise.

Definition at line 325 of file crypto.c.

References CO_MUTE_REPLAY_WARNINGS, CO_PACKET_ID_LONG_FORM, D_REPLAY_ERRORS, crypto_options::flags, msg, crypto_options::packet_id, packet_id_add(), packet_id_net_print(), packet_id_persist_save_obj(), packet_id_reap_test(), packet_id_test(), crypto_options::pid_persist, and packet_id::rec.

Referenced by openvpn_decrypt_aead(), openvpn_decrypt_v1(), and tls_crypt_unwrap().

◆ crypto_max_overhead()

size_t crypto_max_overhead ( void  )

◆ crypto_read_openvpn_key()

void crypto_read_openvpn_key ( const struct key_type key_type,
struct key_ctx_bi ctx,
const char *  key_file,
const char *  key_inline,
const int  key_direction,
const char *  key_name,
const char *  opt_name 
)

◆ fixup_key()

void fixup_key ( struct key key,
const struct key_type kt 
)

◆ free_key_ctx()

void free_key_ctx ( struct key_ctx ctx)

◆ free_key_ctx_bi()

void free_key_ctx_bi ( struct key_ctx_bi ctx)

Definition at line 914 of file crypto.c.

References key_ctx_bi::decrypt, key_ctx_bi::encrypt, and free_key_ctx().

Referenced by key_schedule_free(), key_state_free(), and teardown().

◆ generate_key_random()

void generate_key_random ( struct key key,
const struct key_type kt 
)

◆ init_key_ctx()

void init_key_ctx ( struct key_ctx ctx,
const struct key key,
const struct key_type kt,
int  enc,
const char *  prefix 
)

◆ init_key_ctx_bi()

void init_key_ctx_bi ( struct key_ctx_bi ctx,
const struct key2 key2,
int  key_direction,
const struct key_type kt,
const char *  name 
)

◆ init_key_type()

void init_key_type ( struct key_type kt,
const char *  ciphername,
const char *  authname,
int  keysize,
bool  tls_mode,
bool  warn 
)

Initialize a key_type structure with.

Parameters
ktThe struct key_type to initialize
ciphernameThe name of the cipher to use
authnameThe name of the HMAC digest to use
keysizeThe length of the cipher key to use, in bytes. Only valid for ciphers that support variable length keys.
tls_modeSpecifies wether we are running in TLS mode, which allows more ciphers than static key mode.
warnPrint warnings when null cipher / auth is used.

Definition at line 745 of file crypto.c.

References ASSERT, key_type::cipher, cipher_kt_block_size(), cipher_kt_get(), cipher_kt_key_size(), cipher_kt_mode_aead(), cipher_kt_mode_cbc(), cipher_kt_mode_ofb_cfb(), key_type::cipher_length, CLEAR, key_type::digest, key_type::hmac_length, M_FATAL, M_WARN, MAX_CIPHER_KEY_LENGTH, md_kt_get(), md_kt_size(), msg, OPENVPN_MAX_CIPHER_BLOCK_SIZE, and translate_cipher_name_from_openvpn().

Referenced by calc_options_string_link_mtu(), do_init_crypto_static(), do_init_crypto_tls_c1(), options_string(), and tls_session_update_crypto_params().

◆ key2_print()

void key2_print ( const struct key2 k,
const struct key_type kt,
const char *  prefix0,
const char *  prefix1 
)

◆ key_ctx_bi_defined()

static bool key_ctx_bi_defined ( const struct key_ctx_bi key)
inlinestatic

Definition at line 511 of file crypto.h.

References key_ctx::cipher, key_ctx_bi::decrypt, key_ctx_bi::encrypt, and key_ctx::hmac.

Referenced by do_init_crypto_static().

◆ key_direction_state_init()

void key_direction_state_init ( struct key_direction_state kds,
int  key_direction 
)

◆ keydirection2ascii()

const char* keydirection2ascii ( int  kd,
bool  remote 
)

Definition at line 1550 of file crypto.c.

References ASSERT, KEY_DIRECTION_BIDIRECTIONAL, KEY_DIRECTION_INVERSE, and KEY_DIRECTION_NORMAL.

Referenced by options_string().

◆ memcmp_constant_time()

static int memcmp_constant_time ( const void *  a,
const void *  b,
size_t  size 
)
inlinestatic

As memcmp(), but constant-time.

Returns 0 when data is equal, non-zero otherwise.

Definition at line 496 of file crypto.h.

Referenced by openvpn_decrypt_v1(), tls_crypt_unwrap(), and verify_user_pass().

◆ must_have_n_keys()

void must_have_n_keys ( const char *  filename,
const char *  option,
const struct key2 key2,
int  n 
)

Definition at line 1514 of file crypto.c.

References M_FATAL, msg, and key2::n.

Referenced by crypto_read_openvpn_key().

◆ prng_bytes()

void prng_bytes ( uint8_t output,
int  len 
)

◆ prng_init()

void prng_init ( const char *  md_name,
const int  nonce_secret_len_parm 
)

Pseudo-random number generator initialisation.

(see prng_rand_bytes())

Parameters
md_nameName of the message digest to use
nonce_secret_len_paramLength of the nonce to use

Definition at line 1728 of file crypto.c.

References ASSERT, check_malloc_return(), D_CRYPTO_DEBUG, dmsg, md_kt_get(), md_kt_name(), md_kt_size(), nonce_data, nonce_md, nonce_secret_len, NONCE_SECRET_LEN_MAX, NONCE_SECRET_LEN_MIN, prng_reset_nonce(), and prng_uninit().

Referenced by do_init_crypto_tls_c1(), and init_static().

◆ prng_uninit()

void prng_uninit ( void  )

Definition at line 1747 of file crypto.c.

References nonce_data, nonce_md, and nonce_secret_len.

Referenced by free_ssl_lib(), init_static(), and prng_init().

◆ read_key()

int read_key ( struct key key,
const struct key_type kt,
struct buffer buf 
)

◆ read_key_file()

void read_key_file ( struct key2 key2,
const char *  file,
const unsigned int  flags 
)

◆ read_passphrase_hash()

int read_passphrase_hash ( const char *  passphrase_file,
const md_kt_t digest,
uint8_t output,
int  len 
)

◆ test_crypto()

void test_crypto ( struct crypto_options co,
struct frame f 
)

◆ verify_fix_key2()

void verify_fix_key2 ( struct key2 key2,
const struct key_type kt,
const char *  shared_secret_file 
)

Definition at line 1601 of file crypto.c.

References check_key(), fixup_key(), key2::keys, M_FATAL, msg, and key2::n.

Referenced by crypto_read_openvpn_key().

◆ write_key()

bool write_key ( const struct key key,
const struct key_type kt,
struct buffer buf 
)

◆ write_key_file()

int write_key_file ( const int  nkeys,
const char *  filename 
)