OpenVPN
ssl_ncp.h
Go to the documentation of this file.
1 /*
2  * OpenVPN -- An application to securely tunnel IP networks
3  * over a single TCP/UDP port, with support for SSL/TLS-based
4  * session authentication and key exchange,
5  * packet encryption, packet authentication, and
6  * packet compression.
7  *
8  * Copyright (C) 2002-2024 OpenVPN Inc <sales@openvpn.net>
9  * Copyright (C) 2010-2021 Fox Crypto B.V. <openvpn@foxcrypto.com>
10  *
11  * This program is free software; you can redistribute it and/or modify
12  * it under the terms of the GNU General Public License version 2
13  * as published by the Free Software Foundation.
14  *
15  * This program is distributed in the hope that it will be useful,
16  * but WITHOUT ANY WARRANTY; without even the implied warranty of
17  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18  * GNU General Public License for more details.
19  *
20  * You should have received a copy of the GNU General Public License along
21  * with this program; if not, write to the Free Software Foundation, Inc.,
22  * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
23  */
24 
31 #ifndef OPENVPN_SSL_NCP_H
32 #define OPENVPN_SSL_NCP_H
33 
34 #include "buffer.h"
35 #include "options.h"
36 #include "ssl_common.h"
37 
42 bool
43 tls_peer_supports_ncp(const char *peer_info);
44 
45 /* forward declaration to break include dependency loop */
46 struct context;
47 
54 bool
55 check_pull_client_ncp(struct context *c, int found);
56 
74 char *
75 ncp_get_best_cipher(const char *server_list, const char *peer_info,
76  const char *remote_cipher, struct gc_arena *gc);
77 
78 
87 const char *
88 tls_peer_ncp_list(const char *peer_info, struct gc_arena *gc);
89 
103 char *
104 mutate_ncp_cipher_list(const char *list, struct gc_arena *gc);
105 
112 void append_cipher_to_ncp_list(struct options *o, const char *ciphername);
113 
118 bool tls_item_in_cipher_list(const char *item, const char *list);
119 
126 #define MAX_NCP_CIPHERS_LENGTH 127
127 
134 void p2p_mode_ncp(struct tls_multi *multi, struct tls_session *session);
135 
148 const char *
149 get_p2p_ncp_cipher(struct tls_session *session, const char *peer_info,
150  struct gc_arena *gc);
151 
152 
157 bool
159 
168 void
170 
177 const char *
178 ncp_expanded_ciphers(struct options *o, struct gc_arena *gc);
179 #endif /* ifndef OPENVPN_SSL_NCP_H */
mutate_ncp_cipher_list
char * mutate_ncp_cipher_list(const char *list, struct gc_arena *gc)
Check whether the ciphers in the supplied list are supported.
Definition: ssl_ncp.c:98
context
Contains all state information for one tunnel.
Definition: openvpn.h:473
ncp_expanded_ciphers
const char * ncp_expanded_ciphers(struct options *o, struct gc_arena *gc)
returns the o->ncp_ciphers in brackets, e.g.
Definition: ssl_ncp.c:634
tls_item_in_cipher_list
bool tls_item_in_cipher_list(const char *item, const char *list)
Return true iff item is present in the colon-separated zero-terminated cipher list.
Definition: ssl_ncp.c:210
options.h
tls_multi
Security parameter state for a single VPN tunnel.
Definition: ssl_common.h:596
p2p_mode_ncp
void p2p_mode_ncp(struct tls_multi *multi, struct tls_session *session)
Determines if there is common cipher of both peer by looking at the IV_CIPHER peer info.
Definition: ssl_ncp.c:486
options
Definition: options.h:249
ncp_get_best_cipher
char * ncp_get_best_cipher(const char *server_list, const char *peer_info, const char *remote_cipher, struct gc_arena *gc)
Iterates through the ciphers in server_list and return the first cipher that is also supported by the...
Definition: ssl_ncp.c:250
check_session_cipher
bool check_session_cipher(struct tls_session *session, struct options *options)
Checks if the cipher is allowed, otherwise returns false and reset the cipher to the config cipher.
Definition: ssl_ncp.c:530
tls_session
Security parameter state of a single session within a VPN tunnel.
Definition: ssl_common.h:479
buffer.h
tls_peer_supports_ncp
bool tls_peer_supports_ncp(const char *peer_info)
Returns whether the client supports NCP either by announcing IV_NCP>=2 or the IV_CIPHERS list.
Definition: ssl_ncp.c:80
gc_arena
Garbage collection arena used to keep track of dynamically allocated memory.
Definition: buffer.h:116
tls_peer_ncp_list
const char * tls_peer_ncp_list(const char *peer_info, struct gc_arena *gc)
Returns the support cipher list from the peer according to the IV_NCP and IV_CIPHER values in peer_in...
Definition: ssl_ncp.c:229
get_p2p_ncp_cipher
const char * get_p2p_ncp_cipher(struct tls_session *session, const char *peer_info, struct gc_arena *gc)
Determines the best common cipher from both peers IV_CIPHER lists.
Definition: ssl_ncp.c:363
options_postprocess_setdefault_ncpciphers
void options_postprocess_setdefault_ncpciphers(struct options *o)
Checks for availability of Chacha20-Poly1305 and sets the ncp_cipher to either AES-256-GCM:AES-128-GC...
Definition: ssl_ncp.c:591
ssl_common.h
check_pull_client_ncp
bool check_pull_client_ncp(struct context *c, int found)
Checks whether the cipher negotiation is in an acceptable state and we continue to connect or should ...
Definition: ssl_ncp.c:317
append_cipher_to_ncp_list
void append_cipher_to_ncp_list(struct options *o, const char *ciphername)
Appends the cipher specified by the ciphernamer parameter to to the o->ncp_ciphers list.
Definition: ssl_ncp.c:198
session
Definition: keyingmaterialexporter.c:56
gc
struct gc_arena gc
Definition: test_ssl.c:155