OpenVPN
|
Go to the source code of this file.
Data Structures | |
struct | cipher_name_pair |
Struct used in cipher name translation table. More... | |
Macros | |
#define | OPENVPN_AEAD_TAG_LENGTH 16 |
#define | OPENVPN_MAX_CIPHER_BLOCK_SIZE 32 |
#define | OPENVPN_MAX_HMAC_SIZE 64 |
#define | MAX_CIPHER_KEY_LENGTH 64 |
#define | MAX_HMAC_KEY_LENGTH 64 |
Enumerations | |
enum | hash_algo_type { MD_SHA1, MD_SHA256 } |
Types referencing specific message digest hashing algorithms. More... | |
Functions | |
void | crypto_init_lib (void) |
void | crypto_uninit_lib (void) |
void | crypto_clear_error (void) |
void | crypto_init_lib_engine (const char *engine_name) |
void | show_available_ciphers (void) |
void | show_available_digests (void) |
void | show_available_engines (void) |
bool | crypto_pem_encode (const char *name, struct buffer *dst, const struct buffer *src, struct gc_arena *gc) |
Encode binary data as PEM. More... | |
bool | crypto_pem_decode (const char *name, struct buffer *dst, const struct buffer *src) |
Decode a PEM buffer to binary data. More... | |
int | rand_bytes (uint8_t *output, int len) |
Wrapper for secure random number generator. More... | |
int | key_des_num_cblocks (const cipher_kt_t *kt) |
Return number of DES cblocks (1 cblock = length of a single-DES key) for the current key type or 0 if not a DES cipher. More... | |
bool | key_des_check (uint8_t *key, int key_len, int ndc) |
void | key_des_fixup (uint8_t *key, int key_len, int ndc) |
void | cipher_des_encrypt_ecb (const unsigned char key[DES_KEY_LENGTH], unsigned char src[DES_KEY_LENGTH], unsigned char dst[DES_KEY_LENGTH]) |
Encrypt the given block, using DES ECB mode. More... | |
const cipher_kt_t * | cipher_kt_get (const char *ciphername) |
Return cipher parameters, based on the given cipher name. More... | |
const char * | cipher_kt_name (const cipher_kt_t *cipher_kt) |
Retrieve a string describing the cipher (e.g. More... | |
int | cipher_kt_key_size (const cipher_kt_t *cipher_kt) |
Returns the size of keys used by the cipher, in bytes. More... | |
int | cipher_kt_iv_size (const cipher_kt_t *cipher_kt) |
Returns the size of the IV used by the cipher, in bytes, or 0 if no IV is used. More... | |
int | cipher_kt_block_size (const cipher_kt_t *cipher_kt) |
Returns the block size of the cipher, in bytes. More... | |
int | cipher_kt_tag_size (const cipher_kt_t *cipher_kt) |
Returns the MAC tag size of the cipher, in bytes. More... | |
bool | cipher_kt_insecure (const cipher_kt_t *cipher) |
Returns true if we consider this cipher to be insecure. More... | |
int | cipher_kt_mode (const cipher_kt_t *cipher_kt) |
Returns the mode that the cipher runs in. More... | |
bool | cipher_kt_mode_cbc (const cipher_kt_t *cipher) |
Check if the supplied cipher is a supported CBC mode cipher. More... | |
bool | cipher_kt_mode_ofb_cfb (const cipher_kt_t *cipher) |
Check if the supplied cipher is a supported OFB or CFB mode cipher. More... | |
bool | cipher_kt_mode_aead (const cipher_kt_t *cipher) |
Check if the supplied cipher is a supported AEAD mode cipher. More... | |
cipher_ctx_t * | cipher_ctx_new (void) |
Generic cipher functions. More... | |
void | cipher_ctx_free (cipher_ctx_t *ctx) |
Cleanup and free a cipher context. More... | |
void | cipher_ctx_init (cipher_ctx_t *ctx, const uint8_t *key, int key_len, const cipher_kt_t *kt, int enc) |
Initialise a cipher context, based on the given key and key type. More... | |
int | cipher_ctx_iv_length (const cipher_ctx_t *ctx) |
Returns the size of the IV used by the cipher, in bytes, or 0 if no IV is used. More... | |
int | cipher_ctx_get_tag (cipher_ctx_t *ctx, uint8_t *tag, int tag_len) |
Gets the computed message authenticated code (MAC) tag for this cipher. More... | |
int | cipher_ctx_block_size (const cipher_ctx_t *ctx) |
Returns the block size of the cipher, in bytes. More... | |
int | cipher_ctx_mode (const cipher_ctx_t *ctx) |
Returns the mode that the cipher runs in. More... | |
const cipher_kt_t * | cipher_ctx_get_cipher_kt (const cipher_ctx_t *ctx) |
Returns the static cipher parameters for this context. More... | |
int | cipher_ctx_reset (cipher_ctx_t *ctx, const uint8_t *iv_buf) |
Resets the given cipher context, setting the IV to the specified value. More... | |
int | cipher_ctx_update_ad (cipher_ctx_t *ctx, const uint8_t *src, int src_len) |
Updates the given cipher context, providing additional data (AD) for authenticated encryption with additional data (AEAD) cipher modes. More... | |
int | cipher_ctx_update (cipher_ctx_t *ctx, uint8_t *dst, int *dst_len, uint8_t *src, int src_len) |
Updates the given cipher context, encrypting data in the source buffer, and placing any complete blocks in the destination buffer. More... | |
int | cipher_ctx_final (cipher_ctx_t *ctx, uint8_t *dst, int *dst_len) |
Pads the final cipher block using PKCS padding, and output to the destination buffer. More... | |
int | cipher_ctx_final_check_tag (cipher_ctx_t *ctx, uint8_t *dst, int *dst_len, uint8_t *tag, size_t tag_len) |
Like cipher_ctx_final , but check the computed authentication tag against the supplied (expected) tag. More... | |
const md_kt_t * | md_kt_get (const char *digest) |
Return message digest parameters, based on the given digest name. More... | |
const char * | md_kt_name (const md_kt_t *kt) |
Retrieve a string describing the digest digest (e.g. More... | |
unsigned char | md_kt_size (const md_kt_t *kt) |
Returns the size of the message digest, in bytes. More... | |
int | md_full (const md_kt_t *kt, const uint8_t *src, int src_len, uint8_t *dst) |
md_ctx_t * | md_ctx_new (void) |
void | md_ctx_free (md_ctx_t *ctx) |
void | md_ctx_init (md_ctx_t *ctx, const md_kt_t *kt) |
void | md_ctx_cleanup (md_ctx_t *ctx) |
int | md_ctx_size (const md_ctx_t *ctx) |
void | md_ctx_update (md_ctx_t *ctx, const uint8_t *src, int src_len) |
void | md_ctx_final (md_ctx_t *ctx, uint8_t *dst) |
hmac_ctx_t * | hmac_ctx_new (void) |
void | hmac_ctx_free (hmac_ctx_t *ctx) |
void | hmac_ctx_init (hmac_ctx_t *ctx, const uint8_t *key, int key_length, const md_kt_t *kt) |
void | hmac_ctx_cleanup (hmac_ctx_t *ctx) |
int | hmac_ctx_size (const hmac_ctx_t *ctx) |
void | hmac_ctx_reset (hmac_ctx_t *ctx) |
void | hmac_ctx_update (hmac_ctx_t *ctx, const uint8_t *src, int src_len) |
void | hmac_ctx_final (hmac_ctx_t *ctx, uint8_t *dst) |
const char * | translate_cipher_name_from_openvpn (const char *cipher_name) |
Translate an OpenVPN cipher name to a crypto library cipher name. More... | |
const char * | translate_cipher_name_to_openvpn (const char *cipher_name) |
Translate a crypto library cipher name to an OpenVPN cipher name. More... | |
bool | ssl_tls1_PRF (const uint8_t *seed, int seed_len, const uint8_t *secret, int secret_len, uint8_t *output, int output_len) |
Calculates the TLS 1.0-1.1 PRF function. More... | |
Variables | |
const cipher_name_pair | cipher_name_translation_table [] |
Cipher name translation table. More... | |
const size_t | cipher_name_translation_table_count |
#define MAX_CIPHER_KEY_LENGTH 64 |
Definition at line 210 of file crypto_backend.h.
Referenced by cipher_kt_get(), generate_key_random(), and write_key().
#define MAX_HMAC_KEY_LENGTH 64 |
Definition at line 490 of file crypto_backend.h.
Referenced by generate_key_random(), init_key_contexts(), md_kt_get(), openvpn_decrypt_v1(), protocol_dump(), and write_key().
#define OPENVPN_AEAD_TAG_LENGTH 16 |
Definition at line 42 of file crypto_backend.h.
Referenced by cipher_kt_tag_size(), and crypto_max_overhead().
#define OPENVPN_MAX_CIPHER_BLOCK_SIZE 32 |
Definition at line 45 of file crypto_backend.h.
Referenced by crypto_max_overhead(), and init_key_type().
#define OPENVPN_MAX_HMAC_SIZE 64 |
Definition at line 48 of file crypto_backend.h.
Referenced by crypto_max_overhead().
enum hash_algo_type |
Types referencing specific message digest hashing algorithms.
Enumerator | |
---|---|
MD_SHA1 | |
MD_SHA256 |
Definition at line 51 of file crypto_backend.h.
int cipher_ctx_block_size | ( | const cipher_ctx_t * | ctx | ) |
Returns the block size of the cipher, in bytes.
ctx | The cipher's context |
Referenced by openvpn_decrypt_aead(), openvpn_decrypt_v1(), openvpn_encrypt_aead(), openvpn_encrypt_v1(), and tls_crypt_v2_wrap_client_key().
int cipher_ctx_final | ( | cipher_ctx_t * | ctx, |
uint8_t * | dst, | ||
int * | dst_len | ||
) |
Pads the final cipher block using PKCS padding, and output to the destination buffer.
ctx | Cipher's context. May not be NULL. |
dst | Destination buffer |
dst_len | Length of the destination buffer, in bytes |
0
on failure, 1
on success. Referenced by openvpn_decrypt_v1(), openvpn_encrypt_aead(), openvpn_encrypt_v1(), tls_crypt_unwrap(), tls_crypt_v2_unwrap_client_key(), tls_crypt_v2_wrap_client_key(), and tls_crypt_wrap().
int cipher_ctx_final_check_tag | ( | cipher_ctx_t * | ctx, |
uint8_t * | dst, | ||
int * | dst_len, | ||
uint8_t * | tag, | ||
size_t | tag_len | ||
) |
Like cipher_ctx_final
, but check the computed authentication tag against the supplied (expected) tag.
This function reports failure when the tags don't match.
ctx | Cipher's context. May not be NULL. |
dst | Destination buffer. |
dst_len | Length of the destination buffer, in bytes. |
tag | The expected authentication tag. |
tag_len | The length of tag, in bytes. |
0
on failure, 1
on success. Referenced by openvpn_decrypt_aead().
void cipher_ctx_free | ( | cipher_ctx_t * | ctx | ) |
const cipher_kt_t* cipher_ctx_get_cipher_kt | ( | const cipher_ctx_t * | ctx | ) |
Returns the static cipher parameters for this context.
ctx | Cipher's context. |
Definition at line 824 of file crypto_openssl.c.
Referenced by key_ctx_update_implicit_iv(), openvpn_decrypt(), openvpn_decrypt_aead(), openvpn_decrypt_v1(), openvpn_encrypt(), openvpn_encrypt_aead(), openvpn_encrypt_v1(), p2p_mode_ncp(), and test_crypto().
int cipher_ctx_get_tag | ( | cipher_ctx_t * | ctx, |
uint8_t * | tag, | ||
int | tag_len | ||
) |
Gets the computed message authenticated code (MAC) tag for this cipher.
ctx | The cipher's context |
tag | The buffer to write computed tag in. |
tag_size | The tag buffer size, in bytes. |
Referenced by openvpn_encrypt_aead().
void cipher_ctx_init | ( | cipher_ctx_t * | ctx, |
const uint8_t * | key, | ||
int | key_len, | ||
const cipher_kt_t * | kt, | ||
int | enc | ||
) |
Initialise a cipher context, based on the given key and key type.
ctx | Cipher context. May not be NULL |
key | Buffer containing the key to use |
key_len | Length of the key, in bytes |
kt | Static cipher parameters to use |
enc | Whether to encrypt or decrypt (either MBEDTLS_OP_ENCRYPT or MBEDTLS_OP_DECRYPT ). |
Referenced by init_key_ctx().
int cipher_ctx_iv_length | ( | const cipher_ctx_t * | ctx | ) |
Returns the size of the IV used by the cipher, in bytes, or 0 if no IV is used.
ctx | The cipher's context |
0
if the cipher does not use an IV or ctx was NULL. Referenced by openvpn_decrypt_aead(), openvpn_decrypt_v1(), openvpn_encrypt_aead(), and openvpn_encrypt_v1().
int cipher_ctx_mode | ( | const cipher_ctx_t * | ctx | ) |
Returns the mode that the cipher runs in.
ctx | Cipher's context. May not be NULL. |
OPENVPN_MODE_CBC
, OPENVPN_MODE_OFB
or OPENVPN_MODE_CFB
cipher_ctx_t* cipher_ctx_new | ( | void | ) |
Generic cipher functions.
Allocate a new cipher context
Definition at line 766 of file crypto_openssl.c.
References check_malloc_return().
Referenced by init_key_ctx().
int cipher_ctx_reset | ( | cipher_ctx_t * | ctx, |
const uint8_t * | iv_buf | ||
) |
Resets the given cipher context, setting the IV to the specified value.
Preserves the associated key information.
ctx | Cipher's context. May not be NULL. |
iv_buf | The IV to use. |
0
on failure, 1
on success. Referenced by openvpn_decrypt_aead(), openvpn_decrypt_v1(), openvpn_encrypt_aead(), openvpn_encrypt_v1(), tls_crypt_unwrap(), tls_crypt_v2_unwrap_client_key(), tls_crypt_v2_wrap_client_key(), and tls_crypt_wrap().
int cipher_ctx_update | ( | cipher_ctx_t * | ctx, |
uint8_t * | dst, | ||
int * | dst_len, | ||
uint8_t * | src, | ||
int | src_len | ||
) |
Updates the given cipher context, encrypting data in the source buffer, and placing any complete blocks in the destination buffer.
Note that if a complete block cannot be written, data is cached in the context, and emitted at a later call to cipher_ctx_update
, or by a call to cipher_ctx_final()
. This implies that dst should have enough room for src_len + cipher_ctx_block_size()
.
ctx | Cipher's context. May not be NULL. |
dst | Destination buffer |
dst_len | Length of the destination buffer, in bytes |
src | Source buffer |
src_len | Length of the source buffer, in bytes |
0
on failure, 1
on success. Referenced by openvpn_decrypt_aead(), openvpn_decrypt_v1(), openvpn_encrypt_aead(), openvpn_encrypt_v1(), tls_crypt_unwrap(), tls_crypt_v2_unwrap_client_key(), tls_crypt_v2_wrap_client_key(), and tls_crypt_wrap().
int cipher_ctx_update_ad | ( | cipher_ctx_t * | ctx, |
const uint8_t * | src, | ||
int | src_len | ||
) |
Updates the given cipher context, providing additional data (AD) for authenticated encryption with additional data (AEAD) cipher modes.
ctx | Cipher's context. May not be NULL. |
src | Source buffer |
src_len | Length of the source buffer, in bytes |
0
on failure, 1
on success. Referenced by openvpn_decrypt_aead(), and openvpn_encrypt_aead().
void cipher_des_encrypt_ecb | ( | const unsigned char | key[DES_KEY_LENGTH], |
unsigned char | src[DES_KEY_LENGTH], | ||
unsigned char | dst[DES_KEY_LENGTH] | ||
) |
Encrypt the given block, using DES ECB mode.
key | DES key to use. |
src | Buffer containing the 8-byte source. |
dst | Buffer containing the 8-byte destination |
Definition at line 878 of file crypto_openssl.c.
Referenced by ntlm_phase_3().
int cipher_kt_block_size | ( | const cipher_kt_t * | cipher_kt | ) |
Returns the block size of the cipher, in bytes.
cipher_kt | Static cipher parameters |
Referenced by crypto_adjust_frame_parameters(), init_key_ctx(), init_key_type(), print_cipher(), and warn_insecure_key_type().
const cipher_kt_t* cipher_kt_get | ( | const char * | ciphername | ) |
Return cipher parameters, based on the given cipher name.
The contents of these parameters are library-specific, and can be used to initialise encryption/decryption.
ciphername | Name of the cipher to retrieve parameters for (e.g. AES-128-CBC ). Will be translated to the library name from the openvpn config name if needed. |
Definition at line 587 of file crypto_openssl.c.
References ASSERT, crypto_msg, D_LOW, MAX_CIPHER_KEY_LENGTH, msg, PACKAGE_NAME, and translate_cipher_name_from_openvpn().
Referenced by init_key_type(), mutate_ncp_cipher_list(), options_postprocess_setdefault_ncpciphers(), test_check_ncp_ciphers_list(), test_translate_cipher(), and tls_crypt_kt().
bool cipher_kt_insecure | ( | const cipher_kt_t * | cipher | ) |
Returns true if we consider this cipher to be insecure.
Referenced by tls_limit_reneg_bytes(), and warn_insecure_key_type().
int cipher_kt_iv_size | ( | const cipher_kt_t * | cipher_kt | ) |
Returns the size of the IV used by the cipher, in bytes, or 0 if no IV is used.
cipher_kt | Static cipher parameters |
Referenced by crypto_adjust_frame_parameters(), init_key_ctx(), key_ctx_update_implicit_iv(), and test_crypto().
int cipher_kt_key_size | ( | const cipher_kt_t * | cipher_kt | ) |
Returns the size of keys used by the cipher, in bytes.
If the cipher has a variable key size, return the default key size.
cipher_kt | Static cipher parameters |
Referenced by init_key_type(), print_cipher(), and tls_crypt_kt().
int cipher_kt_mode | ( | const cipher_kt_t * | cipher_kt | ) |
Returns the mode that the cipher runs in.
cipher_kt | Static cipher parameters. May not be NULL. |
OPENVPN_MODE_CBC
, OPENVPN_MODE_OFB
or OPENVPN_MODE_CFB
Referenced by openvpn_encrypt_v1().
bool cipher_kt_mode_aead | ( | const cipher_kt_t * | cipher | ) |
Check if the supplied cipher is a supported AEAD mode cipher.
cipher | Static cipher parameters. |
Definition at line 739 of file crypto_openssl.c.
References OPENVPN_MODE_GCM.
Referenced by check_replay_consistency(), cipher_kt_tag_size(), crypto_adjust_frame_parameters(), init_key_type(), key_ctx_update_implicit_iv(), openvpn_decrypt(), openvpn_decrypt_aead(), openvpn_encrypt(), openvpn_encrypt_aead(), show_available_ciphers(), and test_crypto().
bool cipher_kt_mode_cbc | ( | const cipher_kt_t * | cipher | ) |
Check if the supplied cipher is a supported CBC mode cipher.
cipher | Static cipher parameters. |
Definition at line 722 of file crypto_openssl.c.
References cipher_kt_mode(), and OPENVPN_MODE_CBC.
Referenced by init_key_type(), openvpn_decrypt_v1(), openvpn_encrypt_v1(), print_cipher(), and show_available_ciphers().
bool cipher_kt_mode_ofb_cfb | ( | const cipher_kt_t * | cipher | ) |
Check if the supplied cipher is a supported OFB or CFB mode cipher.
cipher | Static cipher parameters. |
Definition at line 730 of file crypto_openssl.c.
References cipher_kt_mode(), OPENVPN_MODE_CFB, and OPENVPN_MODE_OFB.
Referenced by calc_options_string_link_mtu(), check_replay_consistency(), do_init_crypto_tls(), init_key_type(), openvpn_decrypt_v1(), openvpn_encrypt_v1(), show_available_ciphers(), and tls_session_update_crypto_params_do_work().
const char* cipher_kt_name | ( | const cipher_kt_t * | cipher_kt | ) |
Retrieve a string describing the cipher (e.g.
AES-128-CBC
). The returned name is normalised to the OpenVPN config name in case the name differs from the name used by the crypto library.
Returns [null-cipher] in case the cipher_kt is NULL.
cipher_kt | Static cipher parameters |
Referenced by init_key_ctx(), mutate_ncp_cipher_list(), options_string(), p2p_mode_ncp(), print_cipher(), and test_translate_cipher().
int cipher_kt_tag_size | ( | const cipher_kt_t * | cipher_kt | ) |
Returns the MAC tag size of the cipher, in bytes.
ctx | Static cipher parameters. |
Referenced by crypto_adjust_frame_parameters(), openvpn_decrypt_aead(), and openvpn_encrypt_aead().
void crypto_clear_error | ( | void | ) |
Definition at line 196 of file crypto_openssl.c.
Referenced by openvpn_decrypt_aead(), openvpn_decrypt_v1(), openvpn_encrypt_aead(), openvpn_encrypt_v1(), tls_crypt_unwrap(), and tls_crypt_wrap().
void crypto_init_lib | ( | void | ) |
Definition at line 155 of file crypto_openssl.c.
Referenced by init_ssl_lib().
void crypto_init_lib_engine | ( | const char * | engine_name | ) |
Definition at line 133 of file crypto_openssl.c.
References ASSERT, M_WARN, and msg.
Referenced by init_crypto_pre().
Decode a PEM buffer to binary data.
name | The name expected in the PEM header/footer. |
dst | Destination buffer for decoded data. |
src | Source buffer (PEM data). |
Definition at line 422 of file crypto_openssl.c.
References BCAP, BLEN, BPTR, buf_write_alloc(), crypto_msg, D_CRYPT_ERRORS, dmsg, and M_FATAL.
Referenced by crypto_pem_encode_decode_loopback(), and read_pem_key_file().
bool crypto_pem_encode | ( | const char * | name, |
struct buffer * | dst, | ||
const struct buffer * | src, | ||
struct gc_arena * | gc | ||
) |
Encode binary data as PEM.
name | The name to use in the PEM header/footer. |
dst | Destination buffer for PEM-encoded data. Must be a valid pointer to an uninitialized buffer structure. Iff this function returns true, the buffer will contain memory allocated through the supplied gc. |
src | Source buffer. |
gc | The garbage collector to use when allocating memory for dst. |
Definition at line 394 of file crypto_openssl.c.
References alloc_buf_gc(), ASSERT, BLEN, BPTR, buf_write(), and buffer::data.
Referenced by crypto_pem_encode_decode_loopback(), tls_crypt_v2_write_client_key_file(), and write_pem_key_file().
void crypto_uninit_lib | ( | void | ) |
void hmac_ctx_cleanup | ( | hmac_ctx_t * | ctx | ) |
Referenced by free_key_ctx(), and gen_hmac_md5().
void hmac_ctx_final | ( | hmac_ctx_t * | ctx, |
uint8_t * | dst | ||
) |
void hmac_ctx_free | ( | hmac_ctx_t * | ctx | ) |
Referenced by free_key_ctx(), and gen_hmac_md5().
void hmac_ctx_init | ( | hmac_ctx_t * | ctx, |
const uint8_t * | key, | ||
int | key_length, | ||
const md_kt_t * | kt | ||
) |
Referenced by gen_hmac_md5(), and init_key_ctx().
hmac_ctx_t* hmac_ctx_new | ( | void | ) |
Definition at line 1006 of file crypto_openssl.c.
References check_malloc_return(), and HMAC_CTX_new().
Referenced by gen_hmac_md5(), and init_key_ctx().
void hmac_ctx_reset | ( | hmac_ctx_t * | ctx | ) |
int hmac_ctx_size | ( | const hmac_ctx_t * | ctx | ) |
Referenced by check_hmac_token(), generate_auth_token(), init_key_ctx(), openvpn_decrypt_v1(), openvpn_encrypt_v1(), swap_hmac(), and tls_crypt_wrap().
void hmac_ctx_update | ( | hmac_ctx_t * | ctx, |
const uint8_t * | src, | ||
int | src_len | ||
) |
bool key_des_check | ( | uint8_t * | key, |
int | key_len, | ||
int | ndc | ||
) |
Definition at line 522 of file crypto_openssl.c.
References buf_read_alloc(), buf_set_read(), crypto_msg, and D_CRYPT_ERRORS.
Referenced by check_key().
void key_des_fixup | ( | uint8_t * | key, |
int | key_len, | ||
int | ndc | ||
) |
Definition at line 559 of file crypto_openssl.c.
References buf_read_alloc(), buf_set_read(), D_CRYPT_ERRORS, and msg.
Referenced by create_des_keys(), and fixup_key().
int key_des_num_cblocks | ( | const cipher_kt_t * | kt | ) |
Return number of DES cblocks (1 cblock = length of a single-DES key) for the current key type or 0 if not a DES cipher.
kt | Type of key |
Referenced by check_key(), and fixup_key().
void md_ctx_cleanup | ( | md_ctx_t * | ctx | ) |
Referenced by DigestCalcHA1(), DigestCalcResponse(), do_close_tls(), and process_incoming_push_reply().
void md_ctx_final | ( | md_ctx_t * | ctx, |
uint8_t * | dst | ||
) |
Referenced by DigestCalcHA1(), DigestCalcResponse(), and process_incoming_push_reply().
void md_ctx_free | ( | md_ctx_t * | ctx | ) |
Referenced by DigestCalcHA1(), DigestCalcResponse(), do_close_tls(), and process_incoming_push_reply().
Referenced by DigestCalcHA1(), DigestCalcResponse(), and process_incoming_push_reply().
md_ctx_t* md_ctx_new | ( | void | ) |
Definition at line 947 of file crypto_openssl.c.
References check_malloc_return(), and EVP_MD_CTX_new().
Referenced by DigestCalcHA1(), DigestCalcResponse(), and process_incoming_push_reply().
int md_ctx_size | ( | const md_ctx_t * | ctx | ) |
void md_ctx_update | ( | md_ctx_t * | ctx, |
const uint8_t * | src, | ||
int | src_len | ||
) |
Referenced by DigestCalcHA1(), DigestCalcResponse(), and push_update_digest().
int md_full | ( | const md_kt_t * | kt, |
const uint8_t * | src, | ||
int | src_len, | ||
uint8_t * | dst | ||
) |
Referenced by gen_md4_hash(), and prng_bytes().
const md_kt_t* md_kt_get | ( | const char * | digest | ) |
Return message digest parameters, based on the given digest name.
The contents of these parameters are library-specific, and can be used to initialise HMAC or message digest operations.
digest | Name of the digest to retrieve parameters for (e.g. MD5 ). |
Definition at line 896 of file crypto_openssl.c.
References ASSERT, crypto_msg, M_FATAL, MAX_HMAC_KEY_LENGTH, and PACKAGE_NAME.
Referenced by auth_token_kt(), DigestCalcHA1(), DigestCalcResponse(), do_init_tls_wrap_key(), gen_hmac_md5(), gen_md4_hash(), init_key_type(), prng_init(), process_incoming_push_reply(), and tls_crypt_kt().
const char* md_kt_name | ( | const md_kt_t * | kt | ) |
Retrieve a string describing the digest digest (e.g.
SHA1
).
kt | Static message digest parameters |
Referenced by init_key_ctx(), options_string(), and prng_init().
unsigned char md_kt_size | ( | const md_kt_t * | kt | ) |
Returns the size of the message digest, in bytes.
kt | Static message digest parameters |
Referenced by auth_token_kt(), do_init_tls_wrap_key(), init_key_ctx(), init_key_type(), prng_bytes(), prng_init(), prng_reset_nonce(), and tls_crypt_kt().
int rand_bytes | ( | uint8_t * | output, |
int | len | ||
) |
Wrapper for secure random number generator.
Retrieves len bytes of random data, and places it in output.
output | Output buffer |
len | Length of the output buffer, in bytes |
1
on success, 0
on failure Definition at line 484 of file crypto_openssl.c.
References crypto_msg, D_CRYPT_ERRORS, and unlikely.
Referenced by establish_http_proxy_passthru(), generate_auth_token(), generate_ephemeral_key(), generate_key_random(), init_static(), prng_bytes(), prng_reset_nonce(), random_bytes_to_buf(), test_crypto(), test_tls_crypt_v2_setup(), tls_crypt_v2_wrap_unwrap_dst_too_small(), tls_crypt_v2_wrap_unwrap_max_metadata(), tls_crypt_v2_write_client_key_file(), and write_pem_key_file().
void show_available_ciphers | ( | void | ) |
Definition at line 286 of file crypto_openssl.c.
References cipher_kt_insecure(), cipher_kt_mode_aead(), cipher_kt_mode_cbc(), cipher_kt_mode_ofb_cfb(), cipher_name_cmp(), ENABLE_OFB_CFB_MODE, M_WARN, msg, PACKAGE_NAME, and print_cipher().
Referenced by print_openssl_info().
void show_available_digests | ( | void | ) |
Definition at line 344 of file crypto_openssl.c.
References PACKAGE_NAME.
Referenced by print_openssl_info().
void show_available_engines | ( | void | ) |
Definition at line 369 of file crypto_openssl.c.
Referenced by print_openssl_info().
bool ssl_tls1_PRF | ( | const uint8_t * | seed, |
int | seed_len, | ||
const uint8_t * | secret, | ||
int | secret_len, | ||
uint8_t * | output, | ||
int | output_len | ||
) |
Calculates the TLS 1.0-1.1 PRF function.
For the exact specification of the function definition see the TLS RFCs like RFC 4346.
seed | seed to use |
seed_len | length of the seed |
secret | secret to use |
secret_len | length of the secret |
output | output destination |
output_len | length of output/number of bytes to generate |
Definition at line 1322 of file crypto_openssl.c.
References D_SHOW_KEY_SOURCE, dmsg, format_hex(), gc_free(), gc_malloc(), gc_new(), secure_memzero(), and tls1_P_hash().
Referenced by crypto_test_tls_prf(), engine_load_key(), and openvpn_PRF().
const char* translate_cipher_name_from_openvpn | ( | const char * | cipher_name | ) |
Translate an OpenVPN cipher name to a crypto library cipher name.
cipher_name | An OpenVPN cipher name |
Definition at line 1841 of file crypto.c.
References get_cipher_name_pair(), and cipher_name_pair::lib_name.
Referenced by cipher_kt_block_size(), and cipher_kt_get().
const char* translate_cipher_name_to_openvpn | ( | const char * | cipher_name | ) |
Translate a crypto library cipher name to an OpenVPN cipher name.
cipher_name | A crypto library cipher name |
Definition at line 1854 of file crypto.c.
References get_cipher_name_pair(), and cipher_name_pair::openvpn_name.
Referenced by cipher_kt_block_size(), cipher_kt_name(), and multi_print_status().
const cipher_name_pair cipher_name_translation_table[] |
Cipher name translation table.
Definition at line 266 of file crypto_openssl.c.
Referenced by get_cipher_name_pair().
const size_t cipher_name_translation_table_count |
Definition at line 272 of file crypto_openssl.c.
Referenced by get_cipher_name_pair().