OpenVPN
ssl_ncp.h
Go to the documentation of this file.
1 /*
2  * OpenVPN -- An application to securely tunnel IP networks
3  * over a single TCP/UDP port, with support for SSL/TLS-based
4  * session authentication and key exchange,
5  * packet encryption, packet authentication, and
6  * packet compression.
7  *
8  * Copyright (C) 2002-2024 OpenVPN Inc <sales@openvpn.net>
9  * Copyright (C) 2010-2021 Fox Crypto B.V. <openvpn@foxcrypto.com>
10  *
11  * This program is free software; you can redistribute it and/or modify
12  * it under the terms of the GNU General Public License version 2
13  * as published by the Free Software Foundation.
14  *
15  * This program is distributed in the hope that it will be useful,
16  * but WITHOUT ANY WARRANTY; without even the implied warranty of
17  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18  * GNU General Public License for more details.
19  *
20  * You should have received a copy of the GNU General Public License along
21  * with this program; if not, write to the Free Software Foundation, Inc.,
22  * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
23  */
24 
30 #ifndef OPENVPN_SSL_NCP_H
31 #define OPENVPN_SSL_NCP_H
32 
33 #include "buffer.h"
34 #include "options.h"
35 #include "ssl_common.h"
36 
41 bool
42 tls_peer_supports_ncp(const char *peer_info);
43 
44 /* forward declaration to break include dependency loop */
45 struct context;
46 
53 bool
54 check_pull_client_ncp(struct context *c, int found);
55 
73 char *
74 ncp_get_best_cipher(const char *server_list, const char *peer_info,
75  const char *remote_cipher, struct gc_arena *gc);
76 
77 
86 const char *
87 tls_peer_ncp_list(const char *peer_info, struct gc_arena *gc);
88 
102 char *
103 mutate_ncp_cipher_list(const char *list, struct gc_arena *gc);
104 
111 void append_cipher_to_ncp_list(struct options *o, const char *ciphername);
112 
117 bool tls_item_in_cipher_list(const char *item, const char *list);
118 
125 #define MAX_NCP_CIPHERS_LENGTH 127
126 
133 void p2p_mode_ncp(struct tls_multi *multi, struct tls_session *session);
134 
147 const char *
148 get_p2p_ncp_cipher(struct tls_session *session, const char *peer_info,
149  struct gc_arena *gc);
150 
151 
156 bool
158 
159 #endif /* ifndef OPENVPN_SSL_NCP_H */
mutate_ncp_cipher_list
char * mutate_ncp_cipher_list(const char *list, struct gc_arena *gc)
Check whether the ciphers in the supplied list are supported.
Definition: ssl_ncp.c:95
context
Contains all state information for one tunnel.
Definition: openvpn.h:476
tls_item_in_cipher_list
bool tls_item_in_cipher_list(const char *item, const char *list)
Return true iff item is present in the colon-separated zero-terminated cipher list.
Definition: ssl_ncp.c:207
options.h
tls_multi
Security parameter state for a single VPN tunnel.
Definition: ssl_common.h:590
p2p_mode_ncp
void p2p_mode_ncp(struct tls_multi *multi, struct tls_session *session)
Determines if there is common cipher of both peer by looking at the IV_CIPHER peer info.
Definition: ssl_ncp.c:470
context::gc
struct gc_arena gc
Garbage collection arena for allocations done in the scope of this context structure.
Definition: openvpn.h:495
options
Definition: options.h:236
ncp_get_best_cipher
char * ncp_get_best_cipher(const char *server_list, const char *peer_info, const char *remote_cipher, struct gc_arena *gc)
Iterates through the ciphers in server_list and return the first cipher that is also supported by the...
Definition: ssl_ncp.c:248
check_session_cipher
bool check_session_cipher(struct tls_session *session, struct options *options)
Checks if the cipher is allowed, otherwise returns false and reset the cipher to the config cipher.
Definition: ssl_ncp.c:511
tls_session
Security parameter state of a single session within a VPN tunnel.
Definition: ssl_common.h:471
buffer.h
tls_peer_supports_ncp
bool tls_peer_supports_ncp(const char *peer_info)
Returns whether the client supports NCP either by announcing IV_NCP>=2 or the IV_CIPHERS list.
Definition: ssl_ncp.c:77
gc_arena
Garbage collection arena used to keep track of dynamically allocated memory.
Definition: buffer.h:116
tls_peer_ncp_list
const char * tls_peer_ncp_list(const char *peer_info, struct gc_arena *gc)
Returns the support cipher list from the peer according to the IV_NCP and IV_CIPHER values in peer_in...
Definition: ssl_ncp.c:227
get_p2p_ncp_cipher
const char * get_p2p_ncp_cipher(struct tls_session *session, const char *peer_info, struct gc_arena *gc)
Determines the best common cipher from both peers IV_CIPHER lists.
Definition: ssl_ncp.c:360
ssl_common.h
check_pull_client_ncp
bool check_pull_client_ncp(struct context *c, int found)
Checks whether the cipher negotiation is in an acceptable state and we continue to connect or should ...
Definition: ssl_ncp.c:315
append_cipher_to_ncp_list
void append_cipher_to_ncp_list(struct options *o, const char *ciphername)
Appends the cipher specified by the ciphernamer parameter to to the o->ncp_ciphers list.
Definition: ssl_ncp.c:195
session
Definition: keyingmaterialexporter.c:56