OpenVPN
mbedtls_compat.h
Go to the documentation of this file.
1 /*
2  * OpenVPN -- An application to securely tunnel IP networks
3  * over a single TCP/UDP port, with support for SSL/TLS-based
4  * session authentication and key exchange,
5  * packet encryption, packet authentication, and
6  * packet compression.
7  *
8  * Copyright (C) 2023 Fox Crypto B.V. <openvpn@foxcrypto.com>
9  *
10  * This program is free software; you can redistribute it and/or modify
11  * it under the terms of the GNU General Public License version 2
12  * as published by the Free Software Foundation.
13  *
14  * This program is distributed in the hope that it will be useful,
15  * but WITHOUT ANY WARRANTY; without even the implied warranty of
16  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17  * GNU General Public License for more details.
18  *
19  * You should have received a copy of the GNU General Public License along
20  * with this program; if not, write to the Free Software Foundation, Inc.,
21  * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
22  */
23 
33 #ifndef MBEDTLS_COMPAT_H_
34 #define MBEDTLS_COMPAT_H_
35 
36 #include "syshead.h"
37 
38 #include "errlevel.h"
39 
40 #include <mbedtls/cipher.h>
41 #include <mbedtls/ctr_drbg.h>
42 #include <mbedtls/dhm.h>
43 #include <mbedtls/ecp.h>
44 #include <mbedtls/md.h>
45 #include <mbedtls/pem.h>
46 #include <mbedtls/pk.h>
47 #include <mbedtls/ssl.h>
48 #include <mbedtls/version.h>
49 #include <mbedtls/x509_crt.h>
50 
51 #if HAVE_MBEDTLS_PSA_CRYPTO_H
52  #include <psa/crypto.h>
53 #endif
54 
55 #if MBEDTLS_VERSION_NUMBER >= 0x03000000
56 typedef uint16_t mbedtls_compat_group_id;
57 #else
58 typedef mbedtls_ecp_group_id mbedtls_compat_group_id;
59 #endif
60 
61 static inline void
62 mbedtls_compat_psa_crypto_init(void)
63 {
64 #if HAVE_MBEDTLS_PSA_CRYPTO_H && defined(MBEDTLS_PSA_CRYPTO_C)
65  if (psa_crypto_init() != PSA_SUCCESS)
66  {
67  msg(M_FATAL, "mbedtls: psa_crypto_init() failed");
68  }
69 #else
70  return;
71 #endif /* HAVE_MBEDTLS_PSA_CRYPTO_H && defined(MBEDTLS_PSA_CRYPTO_C) */
72 }
73 
74 static inline mbedtls_compat_group_id
75 mbedtls_compat_get_group_id(const mbedtls_ecp_curve_info *curve_info)
76 {
77 #if MBEDTLS_VERSION_NUMBER >= 0x03000000
78  return curve_info->tls_id;
79 #else
80  return curve_info->grp_id;
81 #endif
82 }
83 
84 /*
85  * In older versions of mbedtls, mbedtls_ctr_drbg_update() did not return an
86  * error code, and it was deprecated in favor of mbedtls_ctr_drbg_update_ret()
87  * which does.
88  *
89  * In mbedtls 3, this function was removed and mbedtls_ctr_drbg_update() returns
90  * an error code.
91  */
92 static inline int
93 mbedtls_compat_ctr_drbg_update(mbedtls_ctr_drbg_context *ctx,
94  const unsigned char *additional,
95  size_t add_len)
96 {
97 #if MBEDTLS_VERSION_NUMBER > 0x03000000
98  return mbedtls_ctr_drbg_update(ctx, additional, add_len);
99 #elif HAVE_MBEDTLS_CTR_DRBG_UPDATE_RET
100  return mbedtls_ctr_drbg_update_ret(ctx, additional, add_len);
101 #else
102  mbedtls_ctr_drbg_update(ctx, additional, add_len);
103  return 0;
104 #endif /* HAVE_MBEDTLS_CTR_DRBG_UPDATE_RET */
105 }
106 
107 static inline int
108 mbedtls_compat_pk_check_pair(const mbedtls_pk_context *pub, const mbedtls_pk_context *prv,
109  int (*f_rng)(void *, unsigned char *, size_t), void *p_rng)
110 {
111 #if MBEDTLS_VERSION_NUMBER < 0x03020100
112  return mbedtls_pk_check_pair(pub, prv);
113 #else
114  return mbedtls_pk_check_pair(pub, prv, f_rng, p_rng);
115 #endif /* MBEDTLS_VERSION_NUMBER < 0x03020100 */
116 }
117 
118 static inline int
119 mbedtls_compat_pk_parse_key(mbedtls_pk_context *ctx,
120  const unsigned char *key, size_t keylen,
121  const unsigned char *pwd, size_t pwdlen,
122  int (*f_rng)(void *, unsigned char *, size_t), void *p_rng)
123 {
124 #if MBEDTLS_VERSION_NUMBER < 0x03020100
125  return mbedtls_pk_parse_key(ctx, key, keylen, pwd, pwdlen);
126 #else
127  return mbedtls_pk_parse_key(ctx, key, keylen, pwd, pwdlen, f_rng, p_rng);
128 #endif
129 }
130 
131 static inline int
132 mbedtls_compat_pk_parse_keyfile(mbedtls_pk_context *ctx,
133  const char *path, const char *password,
134  int (*f_rng)(void *, unsigned char *, size_t), void *p_rng)
135 {
136 #if MBEDTLS_VERSION_NUMBER < 0x03020100
137  return mbedtls_pk_parse_keyfile(ctx, path, password);
138 #else
139  return mbedtls_pk_parse_keyfile(ctx, path, password, f_rng, p_rng);
140 #endif
141 }
142 
143 #if MBEDTLS_VERSION_NUMBER < 0x03020100
144 typedef enum {
145  MBEDTLS_SSL_VERSION_UNKNOWN,
146  MBEDTLS_SSL_VERSION_TLS1_2 = 0x0303,
147  MBEDTLS_SSL_VERSION_TLS1_3 = 0x0304,
148 } mbedtls_ssl_protocol_version;
149 
150 static inline void
151 mbedtls_ssl_conf_min_tls_version(mbedtls_ssl_config *conf, mbedtls_ssl_protocol_version tls_version)
152 {
153  int major = (tls_version >> 8) & 0xff;
154  int minor = tls_version & 0xff;
155  mbedtls_ssl_conf_min_version(conf, major, minor);
156 }
157 
158 static inline void
159 mbedtls_ssl_conf_max_tls_version(mbedtls_ssl_config *conf, mbedtls_ssl_protocol_version tls_version)
160 {
161  int major = (tls_version >> 8) & 0xff;
162  int minor = tls_version & 0xff;
163  mbedtls_ssl_conf_max_version(conf, major, minor);
164 }
165 
166 static inline void
167 mbedtls_ssl_conf_groups(mbedtls_ssl_config *conf, mbedtls_compat_group_id *groups)
168 {
169  mbedtls_ssl_conf_curves(conf, groups);
170 }
171 
172 static inline size_t
173 mbedtls_cipher_info_get_block_size(const mbedtls_cipher_info_t *cipher)
174 {
175  return (size_t)cipher->block_size;
176 }
177 
178 static inline size_t
179 mbedtls_cipher_info_get_iv_size(const mbedtls_cipher_info_t *cipher)
180 {
181  return (size_t)cipher->iv_size;
182 }
183 
184 static inline size_t
185 mbedtls_cipher_info_get_key_bitlen(const mbedtls_cipher_info_t *cipher)
186 {
187  return (size_t)cipher->key_bitlen;
188 }
189 
190 static inline mbedtls_cipher_mode_t
191 mbedtls_cipher_info_get_mode(const mbedtls_cipher_info_t *cipher)
192 {
193  return cipher->mode;
194 }
195 
196 static inline const char *
197 mbedtls_cipher_info_get_name(const mbedtls_cipher_info_t *cipher)
198 {
199  return cipher->name;
200 }
201 
202 static inline mbedtls_cipher_type_t
203 mbedtls_cipher_info_get_type(const mbedtls_cipher_info_t *cipher)
204 {
205  return cipher->type;
206 }
207 
208 static inline size_t
209 mbedtls_dhm_get_bitlen(const mbedtls_dhm_context *ctx)
210 {
211  return 8 * ctx->len;
212 }
213 
214 static inline const mbedtls_md_info_t *
215 mbedtls_md_info_from_ctx(const mbedtls_md_context_t *ctx)
216 {
217  return ctx->md_info;
218 }
219 
220 static inline const unsigned char *
221 mbedtls_pem_get_buffer(const mbedtls_pem_context *ctx, size_t *buf_size)
222 {
223  *buf_size = ctx->buflen;
224  return ctx->buf;
225 }
226 
227 static inline int
228 mbedtls_x509_crt_has_ext_type(const mbedtls_x509_crt *ctx, int ext_type)
229 {
230  return ctx->ext_types & ext_type;
231 }
232 #endif /* MBEDTLS_VERSION_NUMBER < 0x03020100 */
233 
234 #endif /* MBEDTLS_COMPAT_H_ */
mbedtls_compat_get_group_id
static mbedtls_compat_group_id mbedtls_compat_get_group_id(const mbedtls_ecp_curve_info *curve_info)
Definition: mbedtls_compat.h:75
mbedtls_compat_pk_parse_key
static int mbedtls_compat_pk_parse_key(mbedtls_pk_context *ctx, const unsigned char *key, size_t keylen, const unsigned char *pwd, size_t pwdlen, int(*f_rng)(void *, unsigned char *, size_t), void *p_rng)
Definition: mbedtls_compat.h:119
M_FATAL
#define M_FATAL
Definition: error.h:89
mbedtls_compat_ctr_drbg_update
static int mbedtls_compat_ctr_drbg_update(mbedtls_ctr_drbg_context *ctx, const unsigned char *additional, size_t add_len)
Definition: mbedtls_compat.h:93
mbedtls_compat_pk_check_pair
static int mbedtls_compat_pk_check_pair(const mbedtls_pk_context *pub, const mbedtls_pk_context *prv, int(*f_rng)(void *, unsigned char *, size_t), void *p_rng)
Definition: mbedtls_compat.h:108
mbedtls_ssl_conf_min_tls_version
static void mbedtls_ssl_conf_min_tls_version(mbedtls_ssl_config *conf, mbedtls_ssl_protocol_version tls_version)
Definition: mbedtls_compat.h:151
key
Container for unidirectional cipher and HMAC key material.
Definition: crypto.h:149
mbedtls_md_info_from_ctx
static const mbedtls_md_info_t * mbedtls_md_info_from_ctx(const mbedtls_md_context_t *ctx)
Definition: mbedtls_compat.h:215
mbedtls_cipher_info_get_key_bitlen
static size_t mbedtls_cipher_info_get_key_bitlen(const mbedtls_cipher_info_t *cipher)
Definition: mbedtls_compat.h:185
mbedtls_cipher_info_get_name
static const char * mbedtls_cipher_info_get_name(const mbedtls_cipher_info_t *cipher)
Definition: mbedtls_compat.h:197
mbedtls_cipher_info_get_type
static mbedtls_cipher_type_t mbedtls_cipher_info_get_type(const mbedtls_cipher_info_t *cipher)
Definition: mbedtls_compat.h:203
mbedtls_ssl_conf_max_tls_version
static void mbedtls_ssl_conf_max_tls_version(mbedtls_ssl_config *conf, mbedtls_ssl_protocol_version tls_version)
Definition: mbedtls_compat.h:159
mbedtls_pem_get_buffer
static const unsigned char * mbedtls_pem_get_buffer(const mbedtls_pem_context *ctx, size_t *buf_size)
Definition: mbedtls_compat.h:221
errlevel.h
mbedtls_dhm_get_bitlen
static size_t mbedtls_dhm_get_bitlen(const mbedtls_dhm_context *ctx)
Definition: mbedtls_compat.h:209
mbedtls_compat_psa_crypto_init
static void mbedtls_compat_psa_crypto_init(void)
Definition: mbedtls_compat.h:62
mbedtls_cipher_info_get_block_size
static size_t mbedtls_cipher_info_get_block_size(const mbedtls_cipher_info_t *cipher)
Definition: mbedtls_compat.h:173
syshead.h
mbedtls_cipher_info_get_iv_size
static size_t mbedtls_cipher_info_get_iv_size(const mbedtls_cipher_info_t *cipher)
Definition: mbedtls_compat.h:179
mbedtls_ssl_conf_groups
static void mbedtls_ssl_conf_groups(mbedtls_ssl_config *conf, mbedtls_compat_group_id *groups)
Definition: mbedtls_compat.h:167
mbedtls_ssl_protocol_version
mbedtls_ssl_protocol_version
Definition: mbedtls_compat.h:144
MBEDTLS_SSL_VERSION_TLS1_2
@ MBEDTLS_SSL_VERSION_TLS1_2
Definition: mbedtls_compat.h:146
mbedtls_x509_crt_has_ext_type
static int mbedtls_x509_crt_has_ext_type(const mbedtls_x509_crt *ctx, int ext_type)
Definition: mbedtls_compat.h:228
MBEDTLS_SSL_VERSION_TLS1_3
@ MBEDTLS_SSL_VERSION_TLS1_3
Definition: mbedtls_compat.h:147
MBEDTLS_SSL_VERSION_UNKNOWN
@ MBEDTLS_SSL_VERSION_UNKNOWN
Definition: mbedtls_compat.h:145
mbedtls_compat_pk_parse_keyfile
static int mbedtls_compat_pk_parse_keyfile(mbedtls_pk_context *ctx, const char *path, const char *password, int(*f_rng)(void *, unsigned char *, size_t), void *p_rng)
Definition: mbedtls_compat.h:132
msg
#define msg(flags,...)
Definition: error.h:144
mbedtls_compat_group_id
mbedtls_ecp_group_id mbedtls_compat_group_id
Definition: mbedtls_compat.h:58
mbedtls_cipher_info_get_mode
static mbedtls_cipher_mode_t mbedtls_cipher_info_get_mode(const mbedtls_cipher_info_t *cipher)
Definition: mbedtls_compat.h:191
Generated by   doxygen 1.8.17