OpenVPN
crypto_mbedtls.c
Go to the documentation of this file.
1 /*
2  * OpenVPN -- An application to securely tunnel IP networks
3  * over a single TCP/UDP port, with support for SSL/TLS-based
4  * session authentication and key exchange,
5  * packet encryption, packet authentication, and
6  * packet compression.
7  *
8  * Copyright (C) 2002-2023 OpenVPN Inc <sales@openvpn.net>
9  * Copyright (C) 2010-2021 Fox Crypto B.V. <openvpn@foxcrypto.com>
10  *
11  * This program is free software; you can redistribute it and/or modify
12  * it under the terms of the GNU General Public License version 2
13  * as published by the Free Software Foundation.
14  *
15  * This program is distributed in the hope that it will be useful,
16  * but WITHOUT ANY WARRANTY; without even the implied warranty of
17  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18  * GNU General Public License for more details.
19  *
20  * You should have received a copy of the GNU General Public License along
21  * with this program; if not, write to the Free Software Foundation, Inc.,
22  * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
23  */
24 
29 #ifdef HAVE_CONFIG_H
30 #include "config.h"
31 #endif
32 
33 #include "syshead.h"
34 
35 #if defined(ENABLE_CRYPTO_MBEDTLS)
36 
37 #include "errlevel.h"
38 #include "basic.h"
39 #include "buffer.h"
40 #include "crypto.h"
41 #include "integer.h"
42 #include "crypto_backend.h"
43 #include "otime.h"
44 #include "mbedtls_compat.h"
45 #include "misc.h"
46 
47 #include <mbedtls/base64.h>
48 #include <mbedtls/des.h>
49 #include <mbedtls/error.h>
50 #include <mbedtls/md5.h>
51 #include <mbedtls/cipher.h>
52 #include <mbedtls/pem.h>
53 
54 #include <mbedtls/entropy.h>
55 #include <mbedtls/ssl.h>
56 
57 
58 /*
59  *
60  * Hardware engine support. Allows loading/unloading of engines.
61  *
62  */
63 
64 void
65 crypto_init_lib_engine(const char *engine_name)
66 {
67  msg(M_WARN, "Note: mbed TLS hardware crypto engine functionality is not "
68  "available");
69 }
70 
71 provider_t *
72 crypto_load_provider(const char *provider)
73 {
74  if (provider)
75  {
76  msg(M_WARN, "Note: mbed TLS provider functionality is not available");
77  }
78  return NULL;
79 }
80 
81 void
82 crypto_unload_provider(const char *provname, provider_t *provider)
83 {
84 }
85 
86 /*
87  *
88  * Functions related to the core crypto library
89  *
90  */
91 
92 void
93 crypto_init_lib(void)
94 {
95 }
96 
97 void
99 {
100 }
101 
102 void
103 crypto_clear_error(void)
104 {
105 }
106 
107 bool
108 mbed_log_err(unsigned int flags, int errval, const char *prefix)
109 {
110  if (0 != errval)
111  {
112  char errstr[256];
113  mbedtls_strerror(errval, errstr, sizeof(errstr));
114 
115  if (NULL == prefix)
116  {
117  prefix = "mbed TLS error";
118  }
119  msg(flags, "%s: %s", prefix, errstr);
120  }
121 
122  return 0 == errval;
123 }
124 
125 bool
126 mbed_log_func_line(unsigned int flags, int errval, const char *func,
127  int line)
128 {
129  char prefix[256];
130 
131  if (!openvpn_snprintf(prefix, sizeof(prefix), "%s:%d", func, line))
132  {
133  return mbed_log_err(flags, errval, func);
134  }
135 
136  return mbed_log_err(flags, errval, prefix);
137 }
138 
139 
140 #ifdef DMALLOC
141 void
142 crypto_init_dmalloc(void)
143 {
144  msg(M_ERR, "Error: dmalloc support is not available for mbed TLS.");
145 }
146 #endif /* DMALLOC */
147 
149  { "BF-CBC", "BLOWFISH-CBC" },
150  { "BF-CFB", "BLOWFISH-CFB64" },
151  { "CAMELLIA-128-CFB", "CAMELLIA-128-CFB128" },
152  { "CAMELLIA-192-CFB", "CAMELLIA-192-CFB128" },
153  { "CAMELLIA-256-CFB", "CAMELLIA-256-CFB128" }
154 };
157 
158 void
160 {
161  const int *ciphers = mbedtls_cipher_list();
162 
163 #ifndef ENABLE_SMALL
164  printf("The following ciphers and cipher modes are available for use\n"
165  "with " PACKAGE_NAME ". Each cipher shown below may be used as a\n"
166  "parameter to the --data-ciphers (or --cipher) option. Using a\n"
167  "GCM or CBC mode is recommended. In static key mode only CBC\n"
168  "mode is allowed.\n\n");
169 #endif
170 
171  while (*ciphers != 0)
172  {
173  const mbedtls_cipher_info_t *info = mbedtls_cipher_info_from_type(*ciphers);
174  const char *name = mbedtls_cipher_info_get_name(info);
175  if (info && name && !cipher_kt_insecure(name)
176  && (cipher_kt_mode_aead(name) || cipher_kt_mode_cbc(name)))
177  {
178  print_cipher(name);
179  }
180  ciphers++;
181  }
182 
183  printf("\nThe following ciphers have a block size of less than 128 bits, \n"
184  "and are therefore deprecated. Do not use unless you have to.\n\n");
185  ciphers = mbedtls_cipher_list();
186  while (*ciphers != 0)
187  {
188  const mbedtls_cipher_info_t *info = mbedtls_cipher_info_from_type(*ciphers);
189  const char *name = mbedtls_cipher_info_get_name(info);
190  if (info && name && cipher_kt_insecure(name)
191  && (cipher_kt_mode_aead(name) || cipher_kt_mode_cbc(name)))
192  {
193  print_cipher(name);
194  }
195  ciphers++;
196  }
197  printf("\n");
198 }
199 
200 void
202 {
203  const int *digests = mbedtls_md_list();
204 
205 #ifndef ENABLE_SMALL
206  printf("The following message digests are available for use with\n"
207  PACKAGE_NAME ". A message digest is used in conjunction with\n"
208  "the HMAC function, to authenticate received packets.\n"
209  "You can specify a message digest as parameter to\n"
210  "the --auth option.\n\n");
211 #endif
212 
213  while (*digests != 0)
214  {
215  const mbedtls_md_info_t *info = mbedtls_md_info_from_type(*digests);
216 
217  if (info)
218  {
219  printf("%s %d bit default key\n", mbedtls_md_get_name(info),
220  mbedtls_md_get_size(info) * 8);
221  }
222  digests++;
223  }
224  printf("\n");
225 }
226 
227 void
229 {
230  printf("Sorry, mbed TLS hardware crypto engine functionality is not "
231  "available\n");
232 }
233 
234 bool
235 crypto_pem_encode(const char *name, struct buffer *dst,
236  const struct buffer *src, struct gc_arena *gc)
237 {
238  /* 1000 chars is the PEM line length limit (+1 for tailing NUL) */
239  char header[1000+1] = { 0 };
240  char footer[1000+1] = { 0 };
241 
242  if (!openvpn_snprintf(header, sizeof(header), "-----BEGIN %s-----\n", name))
243  {
244  return false;
245  }
246  if (!openvpn_snprintf(footer, sizeof(footer), "-----END %s-----\n", name))
247  {
248  return false;
249  }
250 
251  size_t out_len = 0;
252  if (MBEDTLS_ERR_BASE64_BUFFER_TOO_SMALL !=
253  mbedtls_pem_write_buffer(header, footer, BPTR(src), BLEN(src),
254  NULL, 0, &out_len))
255  {
256  return false;
257  }
258 
259  /* We set the size buf to out_len-1 to NOT include the 0 byte that
260  * mbedtls_pem_write_buffer in its length calculation */
261  *dst = alloc_buf_gc(out_len, gc);
262  if (!mbed_ok(mbedtls_pem_write_buffer(header, footer, BPTR(src), BLEN(src),
263  BPTR(dst), BCAP(dst), &out_len))
264  || !buf_inc_len(dst, out_len-1))
265  {
266  CLEAR(*dst);
267  return false;
268  }
269 
270  return true;
271 }
272 
273 bool
274 crypto_pem_decode(const char *name, struct buffer *dst,
275  const struct buffer *src)
276 {
277  /* 1000 chars is the PEM line length limit (+1 for tailing NUL) */
278  char header[1000+1] = { 0 };
279  char footer[1000+1] = { 0 };
280 
281  if (!openvpn_snprintf(header, sizeof(header), "-----BEGIN %s-----", name))
282  {
283  return false;
284  }
285  if (!openvpn_snprintf(footer, sizeof(footer), "-----END %s-----", name))
286  {
287  return false;
288  }
289 
290  /* mbed TLS requires the src to be null-terminated */
291  /* allocate a new buffer to avoid modifying the src buffer */
292  struct gc_arena gc = gc_new();
293  struct buffer input = alloc_buf_gc(BLEN(src) + 1, &gc);
294  buf_copy(&input, src);
295  buf_null_terminate(&input);
296 
297  size_t use_len = 0;
298  mbedtls_pem_context ctx = { 0 };
299  bool ret = mbed_ok(mbedtls_pem_read_buffer(&ctx, header, footer, BPTR(&input),
300  NULL, 0, &use_len));
301  size_t buf_size = 0;
302  const unsigned char *buf = mbedtls_pem_get_buffer(&ctx, &buf_size);
303  if (ret && !buf_write(dst, buf, buf_size))
304  {
305  ret = false;
306  msg(M_WARN, "PEM decode error: destination buffer too small");
307  }
308 
309  mbedtls_pem_free(&ctx);
310  gc_free(&gc);
311  return ret;
312 }
313 
314 /*
315  *
316  * Random number functions, used in cases where we want
317  * reasonably strong cryptographic random number generation
318  * without depleting our entropy pool. Used for random
319  * IV values and a number of other miscellaneous tasks.
320  *
321  */
322 
323 /*
324  * Initialise the given ctr_drbg context, using a personalisation string and an
325  * entropy gathering function.
326  */
327 mbedtls_ctr_drbg_context *
328 rand_ctx_get(void)
329 {
330  static mbedtls_entropy_context ec = {0};
331  static mbedtls_ctr_drbg_context cd_ctx = {0};
332  static bool rand_initialised = false;
333 
334  if (!rand_initialised)
335  {
336  struct gc_arena gc = gc_new();
337  struct buffer pers_string = alloc_buf_gc(100, &gc);
338 
339  /*
340  * Personalisation string, should be as unique as possible (see NIST
341  * 800-90 section 8.7.1). We have very little information at this stage.
342  * Include Program Name, memory address of the context and PID.
343  */
344  buf_printf(&pers_string, "OpenVPN %0u %p %s", platform_getpid(), &cd_ctx, time_string(0, 0, 0, &gc));
345 
346  /* Initialise mbed TLS RNG, and built-in entropy sources */
347  mbedtls_entropy_init(&ec);
348 
349  mbedtls_ctr_drbg_init(&cd_ctx);
350  if (!mbed_ok(mbedtls_ctr_drbg_seed(&cd_ctx, mbedtls_entropy_func, &ec,
351  BPTR(&pers_string), BLEN(&pers_string))))
352  {
353  msg(M_FATAL, "Failed to initialize random generator");
354  }
355 
356  gc_free(&gc);
357  rand_initialised = true;
358  }
359 
360  return &cd_ctx;
361 }
362 
363 #ifdef ENABLE_PREDICTION_RESISTANCE
364 void
365 rand_ctx_enable_prediction_resistance(void)
366 {
367  mbedtls_ctr_drbg_context *cd_ctx = rand_ctx_get();
368 
369  mbedtls_ctr_drbg_set_prediction_resistance(cd_ctx, 1);
370 }
371 #endif /* ENABLE_PREDICTION_RESISTANCE */
372 
373 int
374 rand_bytes(uint8_t *output, int len)
375 {
376  mbedtls_ctr_drbg_context *rng_ctx = rand_ctx_get();
377 
378  while (len > 0)
379  {
380  const size_t blen = min_int(len, MBEDTLS_CTR_DRBG_MAX_REQUEST);
381  if (0 != mbedtls_ctr_drbg_random(rng_ctx, output, blen))
382  {
383  return 0;
384  }
385 
386  output += blen;
387  len -= blen;
388  }
389 
390  return 1;
391 }
392 
393 /*
394  *
395  * Generic cipher key type functions
396  *
397  */
398 static const mbedtls_cipher_info_t *
399 cipher_get(const char *ciphername)
400 {
401  ASSERT(ciphername);
402 
403  const mbedtls_cipher_info_t *cipher = NULL;
404 
405  ciphername = translate_cipher_name_from_openvpn(ciphername);
406  cipher = mbedtls_cipher_info_from_string(ciphername);
407  return cipher;
408 }
409 
410 bool
411 cipher_valid_reason(const char *ciphername, const char **reason)
412 {
413  ASSERT(reason);
414 
415  const mbedtls_cipher_info_t *cipher = cipher_get(ciphername);
416 
417  if (NULL == cipher)
418  {
419  msg(D_LOW, "Cipher algorithm '%s' not found", ciphername);
420  *reason = "disabled because unknown";
421  return false;
422  }
423 
424  const size_t key_bytelen = mbedtls_cipher_info_get_key_bitlen(cipher)/8;
425  if (key_bytelen > MAX_CIPHER_KEY_LENGTH)
426  {
427  msg(D_LOW, "Cipher algorithm '%s' uses a default key size (%zu bytes) "
428  "which is larger than " PACKAGE_NAME "'s current maximum key size "
429  "(%d bytes)", ciphername, key_bytelen, MAX_CIPHER_KEY_LENGTH);
430  *reason = "disabled due to key size too large";
431  return false;
432  }
433 
434  *reason = NULL;
435  return true;
436 }
437 
438 const char *
439 cipher_kt_name(const char *ciphername)
440 {
441  const mbedtls_cipher_info_t *cipher_kt = cipher_get(ciphername);
442  if (NULL == cipher_kt)
443  {
444  return "[null-cipher]";
445  }
446 
448 }
449 
450 int
451 cipher_kt_key_size(const char *ciphername)
452 {
453  const mbedtls_cipher_info_t *cipher_kt = cipher_get(ciphername);
454 
455  if (NULL == cipher_kt)
456  {
457  return 0;
458  }
459 
460  return (int)mbedtls_cipher_info_get_key_bitlen(cipher_kt)/8;
461 }
462 
463 int
464 cipher_kt_iv_size(const char *ciphername)
465 {
466  const mbedtls_cipher_info_t *cipher_kt = cipher_get(ciphername);
467 
468  if (NULL == cipher_kt)
469  {
470  return 0;
471  }
472  return (int)mbedtls_cipher_info_get_iv_size(cipher_kt);
473 }
474 
475 int
476 cipher_kt_block_size(const char *ciphername)
477 {
478  const mbedtls_cipher_info_t *cipher_kt = cipher_get(ciphername);
479  if (NULL == cipher_kt)
480  {
481  return 0;
482  }
483  return (int)mbedtls_cipher_info_get_block_size(cipher_kt);
484 }
485 
486 int
487 cipher_kt_tag_size(const char *ciphername)
488 {
489  if (cipher_kt_mode_aead(ciphername))
490  {
492  }
493  return 0;
494 }
495 
496 bool
497 cipher_kt_insecure(const char *ciphername)
498 {
499  const mbedtls_cipher_info_t *cipher_kt = cipher_get(ciphername);
500  if (!cipher_kt)
501  {
502  return true;
503  }
504 
505  return !(cipher_kt_block_size(ciphername) >= 128 / 8
506 #ifdef MBEDTLS_CHACHAPOLY_C
507  || mbedtls_cipher_info_get_type(cipher_kt) == MBEDTLS_CIPHER_CHACHA20_POLY1305
508 #endif
509  );
510 }
511 
512 static mbedtls_cipher_mode_t
513 cipher_kt_mode(const mbedtls_cipher_info_t *cipher_kt)
514 {
515  ASSERT(NULL != cipher_kt);
516  return mbedtls_cipher_info_get_mode(cipher_kt);
517 }
518 
519 bool
520 cipher_kt_mode_cbc(const char *ciphername)
521 {
522  const mbedtls_cipher_info_t *cipher = cipher_get(ciphername);
523  return cipher && cipher_kt_mode(cipher) == OPENVPN_MODE_CBC;
524 }
525 
526 bool
527 cipher_kt_mode_ofb_cfb(const char *ciphername)
528 {
529  const mbedtls_cipher_info_t *cipher = cipher_get(ciphername);
530  return cipher && (cipher_kt_mode(cipher) == OPENVPN_MODE_OFB
531  || cipher_kt_mode(cipher) == OPENVPN_MODE_CFB);
532 }
533 
534 bool
535 cipher_kt_mode_aead(const char *ciphername)
536 {
537  const mbedtls_cipher_info_t *cipher = cipher_get(ciphername);
538  return cipher && (cipher_kt_mode(cipher) == OPENVPN_MODE_GCM
539 #ifdef MBEDTLS_CHACHAPOLY_C
540  || cipher_kt_mode(cipher) == MBEDTLS_MODE_CHACHAPOLY
541 #endif
542  );
543 }
544 
545 
546 /*
547  *
548  * Generic cipher context functions
549  *
550  */
551 
552 mbedtls_cipher_context_t *
553 cipher_ctx_new(void)
554 {
555  mbedtls_cipher_context_t *ctx;
556  ALLOC_OBJ(ctx, mbedtls_cipher_context_t);
557  return ctx;
558 }
559 
560 void
561 cipher_ctx_free(mbedtls_cipher_context_t *ctx)
562 {
563  mbedtls_cipher_free(ctx);
564  free(ctx);
565 }
566 
567 void
568 cipher_ctx_init(mbedtls_cipher_context_t *ctx, const uint8_t *key,
569  const char *ciphername, const mbedtls_operation_t operation)
570 {
571  ASSERT(NULL != ciphername && NULL != ctx);
572  CLEAR(*ctx);
573 
574  const mbedtls_cipher_info_t *kt = cipher_get(ciphername);
575  ASSERT(kt);
576  size_t key_bitlen = mbedtls_cipher_info_get_key_bitlen(kt);
577 
578  if (!mbed_ok(mbedtls_cipher_setup(ctx, kt)))
579  {
580  msg(M_FATAL, "mbed TLS cipher context init #1");
581  }
582 
583  if (!mbed_ok(mbedtls_cipher_setkey(ctx, key, (int)key_bitlen, operation)))
584  {
585  msg(M_FATAL, "mbed TLS cipher set key");
586  }
587 
588  if (mbedtls_cipher_info_get_mode(kt) == MBEDTLS_MODE_CBC)
589  {
590  if (!mbed_ok(mbedtls_cipher_set_padding_mode(ctx, MBEDTLS_PADDING_PKCS7)))
591  {
592  msg(M_FATAL, "mbed TLS cipher set padding mode");
593  }
594  }
595 
596  /* make sure we used a big enough key */
597  ASSERT(mbedtls_cipher_get_key_bitlen(ctx) <= key_bitlen);
598 }
599 
600 int
601 cipher_ctx_iv_length(const mbedtls_cipher_context_t *ctx)
602 {
603  return mbedtls_cipher_get_iv_size(ctx);
604 }
605 
606 int
607 cipher_ctx_get_tag(cipher_ctx_t *ctx, uint8_t *tag, int tag_len)
608 {
609  if (tag_len > SIZE_MAX)
610  {
611  return 0;
612  }
613 
614  if (!mbed_ok(mbedtls_cipher_write_tag(ctx, (unsigned char *) tag, tag_len)))
615  {
616  return 0;
617  }
618 
619  return 1;
620 }
621 
622 int
623 cipher_ctx_block_size(const mbedtls_cipher_context_t *ctx)
624 {
625  return (int)mbedtls_cipher_get_block_size(ctx);
626 }
627 
628 int
629 cipher_ctx_mode(const mbedtls_cipher_context_t *ctx)
630 {
631  ASSERT(NULL != ctx);
632 
633  return mbedtls_cipher_get_cipher_mode(ctx);
634 }
635 
636 bool
638 {
639  return ctx && cipher_ctx_mode(ctx) == OPENVPN_MODE_CBC;
640 }
641 
642 
643 bool
645 {
646  return ctx && (cipher_ctx_mode(ctx) == OPENVPN_MODE_OFB
647  || cipher_ctx_mode(ctx) == OPENVPN_MODE_CFB);
648 }
649 
650 bool
652 {
653  return ctx && (cipher_ctx_mode(ctx) == OPENVPN_MODE_GCM
654 #ifdef MBEDTLS_CHACHAPOLY_C
655  || cipher_ctx_mode(ctx) == MBEDTLS_MODE_CHACHAPOLY
656 #endif
657  );
658 }
659 
660 int
661 cipher_ctx_reset(mbedtls_cipher_context_t *ctx, const uint8_t *iv_buf)
662 {
663  if (!mbed_ok(mbedtls_cipher_reset(ctx)))
664  {
665  return 0;
666  }
667 
668  if (!mbed_ok(mbedtls_cipher_set_iv(ctx, iv_buf, (size_t)mbedtls_cipher_get_iv_size(ctx))))
669  {
670  return 0;
671  }
672 
673  return 1;
674 }
675 
676 int
677 cipher_ctx_update_ad(cipher_ctx_t *ctx, const uint8_t *src, int src_len)
678 {
679  if (src_len > SIZE_MAX)
680  {
681  return 0;
682  }
683 
684  if (!mbed_ok(mbedtls_cipher_update_ad(ctx, src, src_len)))
685  {
686  return 0;
687  }
688 
689  return 1;
690 }
691 
692 int
693 cipher_ctx_update(mbedtls_cipher_context_t *ctx, uint8_t *dst,
694  int *dst_len, uint8_t *src, int src_len)
695 {
696  size_t s_dst_len = *dst_len;
697 
698  if (!mbed_ok(mbedtls_cipher_update(ctx, src, (size_t) src_len, dst,
699  &s_dst_len)))
700  {
701  return 0;
702  }
703 
704  *dst_len = s_dst_len;
705 
706  return 1;
707 }
708 
709 int
710 cipher_ctx_final(mbedtls_cipher_context_t *ctx, uint8_t *dst, int *dst_len)
711 {
712  size_t s_dst_len = *dst_len;
713 
714  if (!mbed_ok(mbedtls_cipher_finish(ctx, dst, &s_dst_len)))
715  {
716  return 0;
717  }
718 
719  *dst_len = s_dst_len;
720 
721  return 1;
722 }
723 
724 int
725 cipher_ctx_final_check_tag(mbedtls_cipher_context_t *ctx, uint8_t *dst,
726  int *dst_len, uint8_t *tag, size_t tag_len)
727 {
728  size_t olen = 0;
729 
730  if (MBEDTLS_DECRYPT != mbedtls_cipher_get_operation(ctx))
731  {
732  return 0;
733  }
734 
735  if (tag_len > SIZE_MAX)
736  {
737  return 0;
738  }
739 
740  if (!mbed_ok(mbedtls_cipher_finish(ctx, dst, &olen)))
741  {
742  msg(D_CRYPT_ERRORS, "%s: cipher_ctx_final() failed", __func__);
743  return 0;
744  }
745 
746  if (olen > INT_MAX)
747  {
748  return 0;
749  }
750  *dst_len = olen;
751 
752  if (!mbed_ok(mbedtls_cipher_check_tag(ctx, (const unsigned char *) tag,
753  tag_len)))
754  {
755  return 0;
756  }
757 
758  return 1;
759 }
760 
761 
762 
763 /*
764  *
765  * Generic message digest information functions
766  *
767  */
768 
769 
770 static const mbedtls_md_info_t *
771 md_get(const char *digest)
772 {
773  const mbedtls_md_info_t *md = NULL;
774  ASSERT(digest);
775 
776  md = mbedtls_md_info_from_string(digest);
777  if (!md)
778  {
779  msg(M_FATAL, "Message hash algorithm '%s' not found", digest);
780  }
781  if (mbedtls_md_get_size(md) > MAX_HMAC_KEY_LENGTH)
782  {
783  msg(M_FATAL, "Message hash algorithm '%s' uses a default hash size (%d bytes) which is larger than " PACKAGE_NAME "'s current maximum hash size (%d bytes)",
784  digest,
785  mbedtls_md_get_size(md),
787  }
788  return md;
789 }
790 
791 bool
792 md_valid(const char *digest)
793 {
794  const mbedtls_md_info_t *md = mbedtls_md_info_from_string(digest);
795  return md != NULL;
796 }
797 
798 const char *
799 md_kt_name(const char *mdname)
800 {
801  if (!strcmp("none", mdname))
802  {
803  return "[null-digest]";
804  }
805  const mbedtls_md_info_t *kt = md_get(mdname);
806  return mbedtls_md_get_name(kt);
807 }
808 
809 unsigned char
810 md_kt_size(const char *mdname)
811 {
812  if (!strcmp("none", mdname))
813  {
814  return 0;
815  }
816  const mbedtls_md_info_t *kt = md_get(mdname);
817  return mbedtls_md_get_size(kt);
818 }
819 
820 /*
821  *
822  * Generic message digest functions
823  *
824  */
825 
826 int
827 md_full(const char *mdname, const uint8_t *src, int src_len, uint8_t *dst)
828 {
829  const mbedtls_md_info_t *kt = md_get(mdname);
830  return 0 == mbedtls_md(kt, src, src_len, dst);
831 }
832 
833 mbedtls_md_context_t *
834 md_ctx_new(void)
835 {
836  mbedtls_md_context_t *ctx;
837  ALLOC_OBJ_CLEAR(ctx, mbedtls_md_context_t);
838  return ctx;
839 }
840 
841 void
842 md_ctx_free(mbedtls_md_context_t *ctx)
843 {
844  free(ctx);
845 }
846 
847 void
848 md_ctx_init(mbedtls_md_context_t *ctx, const char *mdname)
849 {
850  const mbedtls_md_info_t *kt = md_get(mdname);
851  ASSERT(NULL != ctx && NULL != kt);
852 
853  mbedtls_md_init(ctx);
854  ASSERT(0 == mbedtls_md_setup(ctx, kt, 0));
855  ASSERT(0 == mbedtls_md_starts(ctx));
856 }
857 
858 void
859 md_ctx_cleanup(mbedtls_md_context_t *ctx)
860 {
861  mbedtls_md_free(ctx);
862 }
863 
864 int
865 md_ctx_size(const mbedtls_md_context_t *ctx)
866 {
867  if (NULL == ctx)
868  {
869  return 0;
870  }
871  return (int)mbedtls_md_get_size(mbedtls_md_info_from_ctx(ctx));
872 }
873 
874 void
875 md_ctx_update(mbedtls_md_context_t *ctx, const uint8_t *src, int src_len)
876 {
877  ASSERT(0 == mbedtls_md_update(ctx, src, src_len));
878 }
879 
880 void
881 md_ctx_final(mbedtls_md_context_t *ctx, uint8_t *dst)
882 {
883  ASSERT(0 == mbedtls_md_finish(ctx, dst));
884  mbedtls_md_free(ctx);
885 }
886 
887 
888 /*
889  *
890  * Generic HMAC functions
891  *
892  */
893 
894 
895 /*
896  * TODO: re-enable dmsg for crypto debug
897  */
898 
899 mbedtls_md_context_t *
900 hmac_ctx_new(void)
901 {
902  mbedtls_md_context_t *ctx;
903  ALLOC_OBJ(ctx, mbedtls_md_context_t);
904  return ctx;
905 }
906 
907 void
908 hmac_ctx_free(mbedtls_md_context_t *ctx)
909 {
910  free(ctx);
911 }
912 
913 void
914 hmac_ctx_init(mbedtls_md_context_t *ctx, const uint8_t *key, const char *mdname)
915 {
916  const mbedtls_md_info_t *kt = md_get(mdname);
917  ASSERT(NULL != kt && NULL != ctx);
918 
919  mbedtls_md_init(ctx);
920  int key_len = mbedtls_md_get_size(kt);
921  ASSERT(0 == mbedtls_md_setup(ctx, kt, 1));
922  ASSERT(0 == mbedtls_md_hmac_starts(ctx, key, key_len));
923 
924  /* make sure we used a big enough key */
925  ASSERT(mbedtls_md_get_size(kt) <= key_len);
926 }
927 
928 void
929 hmac_ctx_cleanup(mbedtls_md_context_t *ctx)
930 {
931  mbedtls_md_free(ctx);
932 }
933 
934 int
935 hmac_ctx_size(mbedtls_md_context_t *ctx)
936 {
937  if (NULL == ctx)
938  {
939  return 0;
940  }
941  return mbedtls_md_get_size(mbedtls_md_info_from_ctx(ctx));
942 }
943 
944 void
945 hmac_ctx_reset(mbedtls_md_context_t *ctx)
946 {
947  ASSERT(0 == mbedtls_md_hmac_reset(ctx));
948 }
949 
950 void
951 hmac_ctx_update(mbedtls_md_context_t *ctx, const uint8_t *src, int src_len)
952 {
953  ASSERT(0 == mbedtls_md_hmac_update(ctx, src, src_len));
954 }
955 
956 void
957 hmac_ctx_final(mbedtls_md_context_t *ctx, uint8_t *dst)
958 {
959  ASSERT(0 == mbedtls_md_hmac_finish(ctx, dst));
960 }
961 
962 int
963 memcmp_constant_time(const void *a, const void *b, size_t size)
964 {
965  /* mbed TLS has a no const time memcmp function that it exposes
966  * via its APIs like OpenSSL does with CRYPTO_memcmp
967  * Adapt the function that mbedtls itself uses in
968  * mbedtls_safer_memcmp as it considers that to be safe */
969  volatile const unsigned char *A = (volatile const unsigned char *) a;
970  volatile const unsigned char *B = (volatile const unsigned char *) b;
971  volatile unsigned char diff = 0;
972 
973  for (size_t i = 0; i < size; i++)
974  {
975  unsigned char x = A[i], y = B[i];
976  diff |= x ^ y;
977  }
978 
979  return diff;
980 }
981 /* mbedtls-2.18.0 or newer implements tls_prf, but prf_tls1 is removed
982  * from recent versions, so we use our own implementation if necessary. */
983 #if HAVE_MBEDTLS_SSL_TLS_PRF && defined(MBEDTLS_SSL_TLS_PRF_TLS1)
984 bool
985 ssl_tls1_PRF(const uint8_t *seed, int seed_len, const uint8_t *secret,
986  int secret_len, uint8_t *output, int output_len)
987 {
988  return mbed_ok(mbedtls_ssl_tls_prf(MBEDTLS_SSL_TLS_PRF_TLS1, secret,
989  secret_len, "", seed, seed_len, output,
990  output_len));
991 }
992 #else /* HAVE_MBEDTLS_SSL_TLS_PRF && defined(MBEDTLS_SSL_TLS_PRF_TLS1) */
993 /*
994  * Generate the hash required by for the \c tls1_PRF function.
995  *
996  * @param md_kt Message digest to use
997  * @param sec Secret to base the hash on
998  * @param sec_len Length of the secret
999  * @param seed Seed to hash
1000  * @param seed_len Length of the seed
1001  * @param out Output buffer
1002  * @param olen Length of the output buffer
1003  */
1004 static void
1005 tls1_P_hash(const mbedtls_md_info_t *md_kt, const uint8_t *sec, int sec_len,
1006  const uint8_t *seed, int seed_len, uint8_t *out, int olen)
1007 {
1008  struct gc_arena gc = gc_new();
1009  uint8_t A1[MAX_HMAC_KEY_LENGTH];
1010 
1011 #ifdef ENABLE_DEBUG
1012  /* used by the D_SHOW_KEY_SOURCE, guarded with ENABLE_DEBUG to avoid unused
1013  * variables warnings if compiled with --enable-small */
1014  const int olen_orig = olen;
1015  const uint8_t *out_orig = out;
1016 #endif
1017 
1018  hmac_ctx_t *ctx = hmac_ctx_new();
1019  hmac_ctx_t *ctx_tmp = hmac_ctx_new();
1020 
1021  dmsg(D_SHOW_KEY_SOURCE, "tls1_P_hash sec: %s", format_hex(sec, sec_len, 0, &gc));
1022  dmsg(D_SHOW_KEY_SOURCE, "tls1_P_hash seed: %s", format_hex(seed, seed_len, 0, &gc));
1023 
1024  int chunk = mbedtls_md_get_size(md_kt);
1025  unsigned int A1_len = mbedtls_md_get_size(md_kt);
1026 
1027  /* This is the only place where we init an HMAC with a key that is not
1028  * equal to its size, therefore we init the hmac ctx manually here */
1029  mbedtls_md_init(ctx);
1030  ASSERT(0 == mbedtls_md_setup(ctx, md_kt, 1));
1031  ASSERT(0 == mbedtls_md_hmac_starts(ctx, sec, sec_len));
1032 
1033  mbedtls_md_init(ctx_tmp);
1034  ASSERT(0 == mbedtls_md_setup(ctx_tmp, md_kt, 1));
1035  ASSERT(0 == mbedtls_md_hmac_starts(ctx_tmp, sec, sec_len));
1036 
1037  hmac_ctx_update(ctx, seed, seed_len);
1038  hmac_ctx_final(ctx, A1);
1039 
1040  for (;; )
1041  {
1042  hmac_ctx_reset(ctx);
1043  hmac_ctx_reset(ctx_tmp);
1044  hmac_ctx_update(ctx, A1, A1_len);
1045  hmac_ctx_update(ctx_tmp, A1, A1_len);
1046  hmac_ctx_update(ctx, seed, seed_len);
1047 
1048  if (olen > chunk)
1049  {
1050  hmac_ctx_final(ctx, out);
1051  out += chunk;
1052  olen -= chunk;
1053  hmac_ctx_final(ctx_tmp, A1); /* calc the next A1 value */
1054  }
1055  else /* last one */
1056  {
1057  hmac_ctx_final(ctx, A1);
1058  memcpy(out, A1, olen);
1059  break;
1060  }
1061  }
1062  hmac_ctx_cleanup(ctx);
1063  hmac_ctx_free(ctx);
1064  hmac_ctx_cleanup(ctx_tmp);
1065  hmac_ctx_free(ctx_tmp);
1066  secure_memzero(A1, sizeof(A1));
1067 
1068  dmsg(D_SHOW_KEY_SOURCE, "tls1_P_hash out: %s", format_hex(out_orig, olen_orig, 0, &gc));
1069  gc_free(&gc);
1070 }
1071 
1072 /*
1073  * Use the TLS PRF function for generating data channel keys.
1074  * This code is based on the OpenSSL library.
1075  *
1076  * TLS generates keys as such:
1077  *
1078  * master_secret[48] = PRF(pre_master_secret[48], "master secret",
1079  * ClientHello.random[32] + ServerHello.random[32])
1080  *
1081  * key_block[] = PRF(SecurityParameters.master_secret[48],
1082  * "key expansion",
1083  * SecurityParameters.server_random[32] +
1084  * SecurityParameters.client_random[32]);
1085  *
1086  * Notes:
1087  *
1088  * (1) key_block contains a full set of 4 keys.
1089  * (2) The pre-master secret is generated by the client.
1090  */
1091 bool
1092 ssl_tls1_PRF(const uint8_t *label, int label_len, const uint8_t *sec,
1093  int slen, uint8_t *out1, int olen)
1094 {
1095  struct gc_arena gc = gc_new();
1096  const md_kt_t *md5 = md_get("MD5");
1097  const md_kt_t *sha1 = md_get("SHA1");
1098 
1099  uint8_t *out2 = (uint8_t *)gc_malloc(olen, false, &gc);
1100 
1101  int len = slen/2;
1102  const uint8_t *S1 = sec;
1103  const uint8_t *S2 = &(sec[len]);
1104  len += (slen&1); /* add for odd, make longer */
1105 
1106  tls1_P_hash(md5, S1, len, label, label_len, out1, olen);
1107  tls1_P_hash(sha1, S2, len, label, label_len, out2, olen);
1108 
1109  for (int i = 0; i<olen; i++)
1110  {
1111  out1[i] ^= out2[i];
1112  }
1113 
1114  secure_memzero(out2, olen);
1115 
1116  dmsg(D_SHOW_KEY_SOURCE, "tls1_PRF out[%d]: %s", olen, format_hex(out1, olen, 0, &gc));
1117 
1118  gc_free(&gc);
1119  return true;
1120 }
1121 #endif /* HAVE_MBEDTLS_SSL_TLS_PRF && defined(MBEDTLS_SSL_TLS_PRF_TLS1) */
1122 #endif /* ENABLE_CRYPTO_MBEDTLS */
md_full
int md_full(const char *mdname, const uint8_t *src, int src_len, uint8_t *dst)
Calculates the message digest for the given buffer.
Definition: crypto_openssl.c:1097
cipher_ctx_new
cipher_ctx_t * cipher_ctx_new(void)
Generic cipher functions.
Definition: crypto_openssl.c:827
crypto_uninit_lib
void crypto_uninit_lib(void)
Definition: crypto_openssl.c:212
hmac_ctx_cleanup
void hmac_ctx_cleanup(hmac_ctx_t *ctx)
OPENVPN_MODE_CBC
#define OPENVPN_MODE_CBC
Cipher is in CBC mode.
Definition: crypto_mbedtls.h:55
cipher_ctx_iv_length
int cipher_ctx_iv_length(const cipher_ctx_t *ctx)
Returns the size of the IV used by the cipher, in bytes, or 0 if no IV is used.
gc_new
static struct gc_arena gc_new(void)
Definition: buffer.h:1031
hmac_ctx_t
mbedtls_md_context_t hmac_ctx_t
Generic HMAC context.
Definition: crypto_mbedtls.h:46
PACKAGE_NAME
#define PACKAGE_NAME
Definition: config.h:492
rand_ctx_get
mbedtls_ctr_drbg_context * rand_ctx_get(void)
Returns a singleton instance of the mbed TLS random number generator.
buffer::len
int len
Length in bytes of the actual content within the allocated memory.
Definition: buffer.h:66
M_FATAL
#define M_FATAL
Definition: error.h:95
OPENVPN_MODE_OFB
#define OPENVPN_MODE_OFB
Cipher is in OFB mode.
Definition: crypto_mbedtls.h:58
translate_cipher_name_to_openvpn
const char * translate_cipher_name_to_openvpn(const char *cipher_name)
Translate a crypto library cipher name to an OpenVPN cipher name.
Definition: crypto.c:1687
cipher_ctx_final_check_tag
int cipher_ctx_final_check_tag(cipher_ctx_t *ctx, uint8_t *dst, int *dst_len, uint8_t *tag, size_t tag_len)
Like cipher_ctx_final, but check the computed authentication tag against the supplied (expected) tag.
OPENVPN_MODE_CFB
#define OPENVPN_MODE_CFB
Cipher is in CFB mode.
Definition: crypto_mbedtls.h:61
platform_getpid
unsigned int platform_getpid(void)
Definition: platform.c:333
alloc_buf_gc
struct buffer alloc_buf_gc(size_t size, struct gc_arena *gc)
Definition: buffer.c:88
buf_null_terminate
void buf_null_terminate(struct buffer *buf)
Definition: buffer.c:577
print_cipher
void print_cipher(const char *ciphername)
Print a cipher list entry.
Definition: crypto.c:1623
show_available_ciphers
void show_available_ciphers(void)
Definition: crypto_openssl.c:372
dmsg
#define dmsg(flags,...)
Definition: error.h:154
md_ctx_size
int md_ctx_size(const md_ctx_t *ctx)
cipher_ctx_mode_cbc
bool cipher_ctx_mode_cbc(const cipher_ctx_t *ctx)
Check if the supplied cipher is a supported CBC mode cipher.
Definition: crypto_openssl.c:888
buf_copy
static bool buf_copy(struct buffer *dest, const struct buffer *src)
Definition: buffer.h:730
hmac_ctx_update
void hmac_ctx_update(hmac_ctx_t *ctx, const uint8_t *src, int src_len)
D_LOW
#define D_LOW
Definition: errlevel.h:97
translate_cipher_name_from_openvpn
const char * translate_cipher_name_from_openvpn(const char *cipher_name)
Translate an OpenVPN cipher name to a crypto library cipher name.
Definition: crypto.c:1674
cipher_kt_name
const char * cipher_kt_name(const char *ciphername)
Retrieve a normalised string describing the cipher (e.g.
Definition: crypto_openssl.c:638
mbed_ok
#define mbed_ok(errval)
Check errval and log on error.
Definition: crypto_mbedtls.h:146
MAX_CIPHER_KEY_LENGTH
#define MAX_CIPHER_KEY_LENGTH
Definition: crypto_backend.h:177
md_ctx_new
md_ctx_t * md_ctx_new(void)
Definition: crypto_openssl.c:1108
cipher_ctx_mode_ofb_cfb
bool cipher_ctx_mode_ofb_cfb(const cipher_ctx_t *ctx)
Check if the supplied cipher is a supported OFB or CFB mode cipher.
Definition: crypto_openssl.c:907
cipher_ctx_final
int cipher_ctx_final(cipher_ctx_t *ctx, uint8_t *dst, int *dst_len)
Pads the final cipher block using PKCS padding, and output to the destination buffer.
key
Container for unidirectional cipher and HMAC key material.
Definition: crypto.h:149
mbedtls_md_info_from_ctx
static const mbedtls_md_info_t * mbedtls_md_info_from_ctx(const mbedtls_md_context_t *ctx)
Definition: mbedtls_compat.h:170
mbedtls_cipher_info_get_key_bitlen
static size_t mbedtls_cipher_info_get_key_bitlen(const mbedtls_cipher_info_t *cipher)
Definition: mbedtls_compat.h:140
cipher_ctx_free
void cipher_ctx_free(cipher_ctx_t *ctx)
Cleanup and free a cipher context.
CLEAR
#define CLEAR(x)
Definition: basic.h:33
cipher_kt_block_size
int cipher_kt_block_size(const char *ciphername)
Returns the block size of the cipher, in bytes.
Definition: crypto_openssl.c:676
cipher_name_translation_table
const cipher_name_pair cipher_name_translation_table[]
Cipher name translation table.
Definition: crypto_openssl.c:319
md_ctx_final
void md_ctx_final(md_ctx_t *ctx, uint8_t *dst)
secure_memzero
static void secure_memzero(void *data, size_t len)
Securely zeroise memory.
Definition: buffer.h:414
ASSERT
#define ASSERT(x)
Definition: error.h:201
MAX_HMAC_KEY_LENGTH
#define MAX_HMAC_KEY_LENGTH
Definition: crypto_backend.h:495
mbedtls_cipher_info_get_name
static const char * mbedtls_cipher_info_get_name(const mbedtls_cipher_info_t *cipher)
Definition: mbedtls_compat.h:152
md_kt_name
const char * md_kt_name(const char *mdname)
Retrieve a string describing the digest digest (e.g.
Definition: crypto_openssl.c:1053
buf_inc_len
static bool buf_inc_len(struct buffer *buf, int inc)
Definition: buffer.h:608
OPENVPN_AEAD_TAG_LENGTH
#define OPENVPN_AEAD_TAG_LENGTH
Definition: crypto_backend.h:42
BLEN
#define BLEN(buf)
Definition: buffer.h:127
cipher_valid_reason
bool cipher_valid_reason(const char *ciphername, const char **reason)
Returns if the cipher is valid, based on the given cipher name and provides a reason if invalid.
Definition: crypto_openssl.c:597
mbedtls_cipher_info_get_type
static mbedtls_cipher_type_t mbedtls_cipher_info_get_type(const mbedtls_cipher_info_t *cipher)
Definition: mbedtls_compat.h:158
ALLOC_OBJ
#define ALLOC_OBJ(dptr, type)
Definition: buffer.h:1061
cipher_ctx_init
void cipher_ctx_init(cipher_ctx_t *ctx, const uint8_t *key, const char *cipername, int enc)
Initialise a cipher context, based on the given key and key type.
cipher_ctx_t
mbedtls_cipher_context_t cipher_ctx_t
Generic cipher context.
Definition: crypto_mbedtls.h:40
misc.h
md_ctx_cleanup
void md_ctx_cleanup(md_ctx_t *ctx)
cipher_kt_mode
int cipher_kt_mode(const EVP_CIPHER *cipher_kt)
Definition: crypto_openssl.c:761
M_WARN
#define M_WARN
Definition: error.h:97
cipher_ctx_update
int cipher_ctx_update(cipher_ctx_t *ctx, uint8_t *dst, int *dst_len, uint8_t *src, int src_len)
Updates the given cipher context, encrypting data in the source buffer, and placing any complete bloc...
mbedtls_pem_get_buffer
static const unsigned char * mbedtls_pem_get_buffer(const mbedtls_pem_context *ctx, size_t *buf_size)
Definition: mbedtls_compat.h:176
tls1_P_hash
static bool tls1_P_hash(const EVP_MD *md, const unsigned char *sec, int sec_len, const void *seed, int seed_len, unsigned char *out, int olen)
Definition: crypto_openssl.c:1400
md_get
static evp_md_type * md_get(const char *digest)
Definition: crypto_openssl.c:1000
crypto.h
crypto_init_lib
void crypto_init_lib(void)
Definition: crypto_openssl.c:193
mbed_log_func_line
bool mbed_log_func_line(unsigned int flags, int errval, const char *func, int line)
Log the supplied mbed TLS error, prefixed by function name and line number.
crypto_clear_error
void crypto_clear_error(void)
Definition: crypto_openssl.c:232
M_ERR
#define M_ERR
Definition: error.h:111
errlevel.h
cipher_ctx_mode
int cipher_ctx_mode(const cipher_ctx_t *ctx)
Returns the mode that the cipher runs in.
md_kt_size
unsigned char md_kt_size(const char *mdname)
Returns the size of the message digest, in bytes.
Definition: crypto_openssl.c:1077
cipher_ctx_update_ad
int cipher_ctx_update_ad(cipher_ctx_t *ctx, const uint8_t *src, int src_len)
Updates the given cipher context, providing additional data (AD) for authenticated encryption with ad...
hmac_ctx_final
void hmac_ctx_final(hmac_ctx_t *ctx, uint8_t *dst)
crypto_unload_provider
void crypto_unload_provider(const char *provname, provider_t *provider)
Unloads the given (OpenSSL) provider.
Definition: crypto_openssl.c:176
cipher_kt_mode_aead
bool cipher_kt_mode_aead(const char *ciphername)
Check if the supplied cipher is a supported AEAD mode cipher.
Definition: crypto_openssl.c:795
cipher_ctx_mode_aead
bool cipher_ctx_mode_aead(const cipher_ctx_t *ctx)
Check if the supplied cipher is a supported AEAD mode cipher.
Definition: crypto_openssl.c:922
cipher_name_translation_table_count
const size_t cipher_name_translation_table_count
Definition: crypto_openssl.c:325
buffer
Wrapper structure for dynamically allocated memory.
Definition: buffer.h:60
md_ctx_update
void md_ctx_update(md_ctx_t *ctx, const uint8_t *src, int src_len)
md_ctx_init
void md_ctx_init(md_ctx_t *ctx, const char *mdname)
Initialises the given message digest context.
hmac_ctx_reset
void hmac_ctx_reset(hmac_ctx_t *ctx)
rand_bytes
int rand_bytes(uint8_t *output, int len)
Wrapper for secure random number generator.
Definition: crypto_openssl.c:571
provider_t
void provider_t
Definition: crypto_mbedtls.h:49
hmac_ctx_free
void hmac_ctx_free(hmac_ctx_t *ctx)
cipher_name_pair
Struct used in cipher name translation table.
Definition: crypto_backend.h:57
D_CRYPT_ERRORS
#define D_CRYPT_ERRORS
Definition: errlevel.h:58
show_available_engines
void show_available_engines(void)
Definition: crypto_openssl.c:456
buf_write
static bool buf_write(struct buffer *dest, const void *src, size_t size)
Definition: buffer.h:686
mbedtls_compat.h
BCAP
#define BCAP(buf)
Definition: buffer.h:130
cipher_ctx_block_size
int cipher_ctx_block_size(const cipher_ctx_t *ctx)
Returns the block size of the cipher, in bytes.
mbedtls_cipher_info_get_block_size
static size_t mbedtls_cipher_info_get_block_size(const mbedtls_cipher_info_t *cipher)
Definition: mbedtls_compat.h:128
buffer.h
syshead.h
BPTR
#define BPTR(buf)
Definition: buffer.h:124
md_kt_t
mbedtls_md_info_t md_kt_t
Generic message digest key type context.
Definition: crypto_mbedtls.h:37
show_available_digests
void show_available_digests(void)
Definition: crypto_openssl.c:427
cipher_kt_mode_ofb_cfb
bool cipher_kt_mode_ofb_cfb(const char *ciphername)
Check if the supplied cipher is a supported OFB or CFB mode cipher.
Definition: crypto_openssl.c:783
cipher_kt_insecure
bool cipher_kt_insecure(const char *ciphername)
Returns true if we consider this cipher to be insecure.
Definition: crypto_openssl.c:738
gc_arena
Garbage collection arena used to keep track of dynamically allocated memory.
Definition: buffer.h:116
crypto_pem_encode
bool crypto_pem_encode(const char *name, struct buffer *dst, const struct buffer *src, struct gc_arena *gc)
Encode binary data as PEM.
Definition: crypto_openssl.c:481
OPENVPN_MODE_GCM
#define OPENVPN_MODE_GCM
Cipher is in GCM mode.
Definition: crypto_mbedtls.h:64
cipher_ctx_get_tag
int cipher_ctx_get_tag(cipher_ctx_t *ctx, uint8_t *tag, int tag_len)
Gets the computed message authenticated code (MAC) tag for this cipher.
cipher_kt_key_size
int cipher_kt_key_size(const char *ciphername)
Returns the size of keys used by the cipher, in bytes.
Definition: crypto_openssl.c:658
memcmp_constant_time
int memcmp_constant_time(const void *a, const void *b, size_t size)
As memcmp(), but constant-time.
Definition: crypto_openssl.c:1328
mbedtls_cipher_info_get_iv_size
static size_t mbedtls_cipher_info_get_iv_size(const mbedtls_cipher_info_t *cipher)
Definition: mbedtls_compat.h:134
cipher_get
static evp_cipher_type * cipher_get(const char *ciphername)
Definition: crypto_openssl.c:588
cipher_kt_tag_size
int cipher_kt_tag_size(const char *ciphername)
Returns the MAC tag size of the cipher, in bytes.
Definition: crypto_openssl.c:725
md_ctx_free
void md_ctx_free(md_ctx_t *ctx)
gc_malloc
void * gc_malloc(size_t size, bool clear, struct gc_arena *a)
Definition: buffer.c:380
otime.h
D_SHOW_KEY_SOURCE
#define D_SHOW_KEY_SOURCE
Definition: errlevel.h:122
openvpn_snprintf
bool openvpn_snprintf(char *str, size_t size, const char *format,...)
Definition: buffer.c:294
crypto_pem_decode
bool crypto_pem_decode(const char *name, struct buffer *dst, const struct buffer *src)
Decode a PEM buffer to binary data.
Definition: crypto_openssl.c:509
min_int
static int min_int(int x, int y)
Definition: integer.h:89
gc_free
static void gc_free(struct gc_arena *a)
Definition: buffer.h:1039
crypto_load_provider
provider_t * crypto_load_provider(const char *provider)
Load the given (OpenSSL) providers.
Definition: crypto_openssl.c:159
cipher_kt_mode_cbc
bool cipher_kt_mode_cbc(const char *ciphername)
Check if the supplied cipher is a supported CBC mode cipher.
Definition: crypto_openssl.c:768
ALLOC_OBJ_CLEAR
#define ALLOC_OBJ_CLEAR(dptr, type)
Definition: buffer.h:1066
config.h
cipher_ctx_reset
int cipher_ctx_reset(cipher_ctx_t *ctx, const uint8_t *iv_buf)
Resets the given cipher context, setting the IV to the specified value.
hmac_ctx_new
hmac_ctx_t * hmac_ctx_new(void)
Definition: crypto_openssl.c:1169
mbed_log_err
bool mbed_log_err(unsigned int flags, int errval, const char *prefix)
Log the supplied mbed TLS error, prefixed by supplied prefix.
time_string
const char * time_string(time_t t, int usec, bool show_usec, struct gc_arena *gc)
Definition: otime.c:108
format_hex
static char * format_hex(const uint8_t *data, int size, int maxoutput, struct gc_arena *gc)
Definition: buffer.h:523
hmac_ctx_init
void hmac_ctx_init(hmac_ctx_t *ctx, const uint8_t *key, const char *mdname)
md_valid
bool md_valid(const char *digest)
Return if a message digest parameters is valid given the name of the digest.
Definition: crypto_openssl.c:1021
crypto_init_lib_engine
void crypto_init_lib_engine(const char *engine_name)
Definition: crypto_openssl.c:143
cipher_kt_iv_size
int cipher_kt_iv_size(const char *ciphername)
Returns the size of the IV used by the cipher, in bytes, or 0 if no IV is used.
Definition: crypto_openssl.c:667
msg
#define msg(flags,...)
Definition: error.h:150
integer.h
crypto_backend.h
buf_printf
bool buf_printf(struct buffer *buf, const char *format,...)
Definition: buffer.c:240
ssl_tls1_PRF
bool ssl_tls1_PRF(const uint8_t *seed, int seed_len, const uint8_t *secret, int secret_len, uint8_t *output, int output_len)
Calculates the TLS 1.0-1.1 PRF function.
Definition: crypto_openssl.c:1518
mbedtls_cipher_info_get_mode
static mbedtls_cipher_mode_t mbedtls_cipher_info_get_mode(const mbedtls_cipher_info_t *cipher)
Definition: mbedtls_compat.h:146
hmac_ctx_size
int hmac_ctx_size(hmac_ctx_t *ctx)