OpenVPN
ssl_mbedtls.h
Go to the documentation of this file.
1 /*
2  * OpenVPN -- An application to securely tunnel IP networks
3  * over a single TCP/UDP port, with support for SSL/TLS-based
4  * session authentication and key exchange,
5  * packet encryption, packet authentication, and
6  * packet compression.
7  *
8  * Copyright (C) 2002-2018 OpenVPN Inc <sales@openvpn.net>
9  * Copyright (C) 2010-2018 Fox Crypto B.V. <openvpn@fox-it.com>
10  *
11  * This program is free software; you can redistribute it and/or modify
12  * it under the terms of the GNU General Public License version 2
13  * as published by the Free Software Foundation.
14  *
15  * This program is distributed in the hope that it will be useful,
16  * but WITHOUT ANY WARRANTY; without even the implied warranty of
17  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18  * GNU General Public License for more details.
19  *
20  * You should have received a copy of the GNU General Public License along
21  * with this program; if not, write to the Free Software Foundation, Inc.,
22  * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
23  */
24 
29 #ifndef SSL_MBEDTLS_H_
30 #define SSL_MBEDTLS_H_
31 
32 #include "syshead.h"
33 
34 #include <mbedtls/ssl.h>
35 #include <mbedtls/x509_crt.h>
36 #include <mbedtls/version.h>
37 
38 #if defined(ENABLE_PKCS11)
39 #include <pkcs11-helper-1.0/pkcs11h-certificate.h>
40 #endif
41 
42 typedef struct _buffer_entry buffer_entry;
43 
44 struct _buffer_entry {
45  size_t length;
48 };
49 
50 typedef struct {
51  size_t data_start;
55 
56 typedef struct {
59 } bio_ctx;
60 
75  void *sign_ctx, const void *src, size_t src_size,
76  void *dst, size_t dst_size);
77 
82  void *sign_ctx;
83 };
84 
85 #ifdef HAVE_EXPORT_KEYING_MATERIAL
86 
89 struct tls_key_cache {
90  unsigned char client_server_random[64];
91  mbedtls_tls_prf_types tls_prf_type;
92  unsigned char master_secret[48];
93 };
94 #else
95 struct tls_key_cache { };
96 #endif
97 
104 struct tls_root_ctx {
105  bool initialised;
107  int endpoint;
109  mbedtls_dhm_context *dhm_ctx;
110  mbedtls_x509_crt *crt_chain;
111  mbedtls_x509_crt *ca_chain;
112  mbedtls_pk_context *priv_key;
113  mbedtls_x509_crl *crl;
114  time_t crl_last_mtime;
116 #ifdef ENABLE_PKCS11
117  pkcs11h_certificate_t pkcs11_cert;
118 #endif
119  struct external_context external_key;
121  mbedtls_ecp_group_id *groups;
122  mbedtls_x509_crt_profile cert_profile;
123 };
124 
126  mbedtls_ssl_config *ssl_config;
127  mbedtls_ssl_context *ctx;
129 
131 };
132 
144  external_sign_func sign_func,
145  void *sign_ctx);
146 
147 #endif /* SSL_MBEDTLS_H_ */
uint8_t * data
Definition: ssl_mbedtls.h:46
bool initialised
True if the context has been initialised.
Definition: ssl_mbedtls.h:105
buffer_entry * last_block
Definition: ssl_mbedtls.h:53
mbedtls_ecp_group_id * groups
List of allowed groups for this connection.
Definition: ssl_mbedtls.h:121
mbedtls_x509_crt * crt_chain
Local Certificate chain.
Definition: ssl_mbedtls.h:110
external_sign_func sign
Definition: ssl_mbedtls.h:81
endless_buffer out
Definition: ssl_mbedtls.h:58
buffer_entry * next_block
Definition: ssl_mbedtls.h:47
mbedtls_ssl_context * ctx
mbedTLS connection context
Definition: ssl_mbedtls.h:127
time_t crl_last_mtime
CRL last modification time.
Definition: ssl_mbedtls.h:114
mbedtls_pk_context * priv_key
Local private key.
Definition: ssl_mbedtls.h:112
int * allowed_ciphers
List of allowed ciphers for this connection.
Definition: ssl_mbedtls.h:120
buffer_entry * first_block
Definition: ssl_mbedtls.h:52
Context used by external_pkcs1_sign()
Definition: ssl_mbedtls.h:79
off_t crl_last_size
size of last loaded CRL
Definition: ssl_mbedtls.h:115
mbedtls_x509_crt * ca_chain
CA chain for remote verification.
Definition: ssl_mbedtls.h:111
mbedtls_ssl_config * ssl_config
mbedTLS global ssl config
Definition: ssl_mbedtls.h:126
mbedtls_x509_crl * crl
Certificate Revocation List.
Definition: ssl_mbedtls.h:113
bool(* external_sign_func)(void *sign_ctx, const void *src, size_t src_size, void *dst, size_t dst_size)
External signing function prototype.
Definition: ssl_mbedtls.h:74
int tls_ctx_use_external_signing_func(struct tls_root_ctx *ctx, external_sign_func sign_func, void *sign_ctx)
Call the supplied signing function to create a TLS signature during the TLS handshake.
unsigned __int8 uint8_t
Definition: config-msvc.h:159
Structure that wraps the TLS context.
Definition: ssl_mbedtls.h:104
mbedtls_dhm_context * dhm_ctx
Diffie-Helmann-Merkle context.
Definition: ssl_mbedtls.h:109
int endpoint
Whether or not this is a server or a client.
Definition: ssl_mbedtls.h:107
Definition: ssl_mbedtls.h:44
#define bool
Definition: simple.c:61
Definition: buffer.h:1104
size_t length
Definition: ssl_mbedtls.h:45
char * dst
Definition: compat-lz4.h:712
size_t signature_length
Definition: ssl_mbedtls.h:80
size_t data_start
Definition: ssl_mbedtls.h:51
bio_ctx * bio_ctx
Definition: ssl_mbedtls.h:128
endless_buffer in
Definition: ssl_mbedtls.h:57
mbedtls_x509_crt_profile cert_profile
Allowed certificate types.
Definition: ssl_mbedtls.h:122