OpenVPN
Macros | Functions
tls_crypt.h File Reference
#include "base64.h"
#include "buffer.h"
#include "crypto.h"
#include "session_id.h"
#include "ssl_common.h"
Include dependency graph for tls_crypt.h:
This graph shows which files directly or indirectly include this file:

Go to the source code of this file.

Macros

#define TLS_CRYPT_TAG_SIZE   (256/8)
 
#define TLS_CRYPT_PID_SIZE   (sizeof(packet_id_type) + sizeof(net_time_t))
 
#define TLS_CRYPT_BLOCK_SIZE   (128/8)
 
#define TLS_CRYPT_OFF_PID   (1 + SID_SIZE)
 
#define TLS_CRYPT_OFF_TAG   (TLS_CRYPT_OFF_PID + TLS_CRYPT_PID_SIZE)
 
#define TLS_CRYPT_OFF_CT   (TLS_CRYPT_OFF_TAG + TLS_CRYPT_TAG_SIZE)
 
#define TLS_CRYPT_V2_MAX_WKC_LEN   (1024)
 
#define TLS_CRYPT_V2_CLIENT_KEY_LEN   (2048 / 8)
 
#define TLS_CRYPT_V2_SERVER_KEY_LEN   (sizeof(struct key))
 
#define TLS_CRYPT_V2_TAG_SIZE   (TLS_CRYPT_TAG_SIZE)
 
#define TLS_CRYPT_V2_MAX_METADATA_LEN
 
#define TLS_CRYPT_V2_MAX_B64_METADATA_LEN   OPENVPN_BASE64_LENGTH(TLS_CRYPT_V2_MAX_METADATA_LEN - 1)
 

Functions

void tls_crypt_init_key (struct key_ctx_bi *key, const char *key_file, const char *key_inline, bool tls_server)
 Initialize a key_ctx_bi structure for use with –tls-crypt. More...
 
int tls_crypt_buf_overhead (void)
 Returns the maximum overhead (in bytes) added to the destination buffer by tls_crypt_wrap(). More...
 
void tls_crypt_adjust_frame_parameters (struct frame *frame)
 Adjust frame parameters for –tls-crypt overhead. More...
 
bool tls_crypt_wrap (const struct buffer *src, struct buffer *dst, struct crypto_options *opt)
 Wrap a control channel packet (both authenticates and encrypts the data). More...
 
bool tls_crypt_unwrap (const struct buffer *src, struct buffer *dst, struct crypto_options *opt)
 Unwrap a control channel packet (decrypts, authenticates and performs replay checks). More...
 
void tls_crypt_v2_init_server_key (struct key_ctx *key_ctx, bool encrypt, const char *key_file, const char *key_inline)
 Initialize a tls-crypt-v2 server key (used to encrypt/decrypt client keys). More...
 
void tls_crypt_v2_init_client_key (struct key_ctx_bi *key, struct buffer *wrapped_key_buf, const char *key_file, const char *key_inline)
 Initialize a tls-crypt-v2 client key. More...
 
bool tls_crypt_v2_extract_client_key (struct buffer *buf, struct tls_wrap_ctx *ctx, const struct tls_options *opt)
 Extract a tls-crypt-v2 client key from a P_CONTROL_HARD_RESET_CLIENT_V3 message, and load the key into the supplied tls wrap context. More...
 
void tls_crypt_v2_write_server_key_file (const char *filename)
 Generate a tls-crypt-v2 server key, and write to file. More...
 
void tls_crypt_v2_write_client_key_file (const char *filename, const char *b64_metadata, const char *key_file, const char *key_inline)
 Generate a tls-crypt-v2 client key, and write to file. More...