OpenVPN
test_crypto.c
Go to the documentation of this file.
1 /*
2  * OpenVPN -- An application to securely tunnel IP networks
3  * over a single UDP port, with support for SSL/TLS-based
4  * session authentication and key exchange,
5  * packet encryption, packet authentication, and
6  * packet compression.
7  *
8  * Copyright (C) 2016-2021 Fox Crypto B.V. <openvpn@foxcrypto.com>
9  *
10  * This program is free software; you can redistribute it and/or modify
11  * it under the terms of the GNU General Public License version 2
12  * as published by the Free Software Foundation.
13  *
14  * This program is distributed in the hope that it will be useful,
15  * but WITHOUT ANY WARRANTY; without even the implied warranty of
16  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17  * GNU General Public License for more details.
18  *
19  * You should have received a copy of the GNU General Public License along
20  * with this program; if not, write to the Free Software Foundation, Inc.,
21  * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
22  */
23 
24 #ifdef HAVE_CONFIG_H
25 #include "config.h"
26 #elif defined(_MSC_VER)
27 #include "config-msvc.h"
28 #endif
29 
30 #include "syshead.h"
31 
32 #include <stdio.h>
33 #include <stdlib.h>
34 #include <stdarg.h>
35 #include <string.h>
36 #include <setjmp.h>
37 #include <cmocka.h>
38 
39 #include "crypto.h"
40 #include "options.h"
41 #include "ssl_backend.h"
42 
43 #include "mock_msg.h"
44 #include "mss.h"
45 
46 static const char testtext[] = "Dummy text to test PEM encoding";
47 
48 static void
49 crypto_pem_encode_decode_loopback(void **state)
50 {
51  struct gc_arena gc = gc_new();
52  struct buffer src_buf;
53  buf_set_read(&src_buf, (void *)testtext, sizeof(testtext));
54 
55  uint8_t dec[sizeof(testtext)];
56  struct buffer dec_buf;
57  buf_set_write(&dec_buf, dec, sizeof(dec));
58 
59  struct buffer pem_buf;
60 
61  assert_true(crypto_pem_encode("TESTKEYNAME", &pem_buf, &src_buf, &gc));
62  assert_true(BLEN(&src_buf) < BLEN(&pem_buf));
63 
64  /* Wrong key name */
65  assert_false(crypto_pem_decode("WRONGNAME", &dec_buf, &pem_buf));
66 
67  assert_true(crypto_pem_decode("TESTKEYNAME", &dec_buf, &pem_buf));
68  assert_int_equal(BLEN(&src_buf), BLEN(&dec_buf));
69  assert_memory_equal(BPTR(&src_buf), BPTR(&dec_buf), BLEN(&src_buf));
70 
71  gc_free(&gc);
72 }
73 
74 static void
75 test_translate_cipher(const char *ciphername, const char *openvpn_name)
76 {
77  bool cipher = cipher_valid(ciphername);
78 
79  /* Empty cipher is fine */
80  if (!cipher)
81  {
82  return;
83  }
84 
85  const char *kt_name = cipher_kt_name(ciphername);
86 
87  assert_string_equal(kt_name, openvpn_name);
88 }
89 
90 static void
91 test_cipher_names(const char *ciphername, const char *openvpn_name)
92 {
93  struct gc_arena gc = gc_new();
94  /* Go through some variants, if the cipher library accepts these, they
95  * should be normalised to the openvpn name */
96  char *upper = string_alloc(ciphername, &gc);
97  char *lower = string_alloc(ciphername, &gc);
98  char *random_case = string_alloc(ciphername, &gc);
99 
100  for (int i = 0; i < strlen(ciphername); i++)
101  {
102  upper[i] = toupper(ciphername[i]);
103  lower[i] = tolower(ciphername[i]);
104  if (rand() & 0x1)
105  {
106  random_case[i] = upper[i];
107  }
108  else
109  {
110  random_case[i] = lower[i];
111  }
112  }
113 
114  if (!openvpn_name)
115  {
116  openvpn_name = upper;
117  }
118 
119  test_translate_cipher(upper, openvpn_name);
120  test_translate_cipher(lower, openvpn_name);
121  test_translate_cipher(random_case, openvpn_name);
122  test_translate_cipher(ciphername, openvpn_name);
123 
124 
125  gc_free(&gc);
126 }
127 
128 static void
129 crypto_translate_cipher_names(void **state)
130 {
131  /* Test that a number of ciphers to see that they turn out correctly */
132  test_cipher_names("BF-CBC", NULL);
133  test_cipher_names("BLOWFISH-CBC", "BF-CBC");
134  test_cipher_names("Chacha20-Poly1305", NULL);
135  test_cipher_names("AES-128-GCM", NULL);
136  test_cipher_names("AES-128-CBC", NULL);
137  test_cipher_names("CAMELLIA-128-CFB128", "CAMELLIA-128-CFB");
138  test_cipher_names("id-aes256-GCM", "AES-256-GCM");
139 }
140 
141 
142 static uint8_t good_prf[32] = {0xd9, 0x8c, 0x85, 0x18, 0xc8, 0x5e, 0x94, 0x69,
143  0x27, 0x91, 0x6a, 0xcf, 0xc2, 0xd5, 0x92, 0xfb,
144  0xb1, 0x56, 0x7e, 0x4b, 0x4b, 0x14, 0x59, 0xe6,
145  0xa9, 0x04, 0xac, 0x2d, 0xda, 0xb7, 0x2d, 0x67};
146 
147 static const char *ipsumlorem = "Lorem ipsum dolor sit amet, consectetur "
148  "adipisici elit, sed eiusmod tempor incidunt "
149  "ut labore et dolore magna aliqua.";
150 
151 static void
152 crypto_test_tls_prf(void **state)
153 {
154  const char *seedstr = "Quis aute iure reprehenderit in voluptate "
155  "velit esse cillum dolore";
156  const unsigned char *seed = (const unsigned char *)seedstr;
157  const size_t seed_len = strlen(seedstr);
158 
159 
160  const unsigned char *secret = (const unsigned char *) ipsumlorem;
161  size_t secret_len = strlen((const char *)secret);
162 
163 
164  uint8_t out[32];
165  ssl_tls1_PRF(seed, seed_len, secret, secret_len, out, sizeof(out));
166 
167  assert_memory_equal(good_prf, out, sizeof(out));
168 }
169 
170 static uint8_t testkey[20] = {0x0b, 0x00};
171 static uint8_t goodhash[20] = {0x58, 0xea, 0x5a, 0xf0, 0x42, 0x94, 0xe9, 0x17,
172  0xed, 0x84, 0xb9, 0xf0, 0x83, 0x30, 0x23, 0xae,
173  0x8b, 0xa7, 0x7e, 0xb8};
174 
175 static void
176 crypto_test_hmac(void **state)
177 {
178  hmac_ctx_t *hmac = hmac_ctx_new();
179 
180  assert_int_equal(md_kt_size("SHA1"), 20);
181 
182  uint8_t key[20];
183  memcpy(key, testkey, sizeof(key));
184 
185  hmac_ctx_init(hmac, key, "SHA1");
186  hmac_ctx_update(hmac, (const uint8_t *)ipsumlorem, (int) strlen(ipsumlorem));
187  hmac_ctx_update(hmac, (const uint8_t *)ipsumlorem, (int) strlen(ipsumlorem));
188 
189  uint8_t hash[20];
190  hmac_ctx_final(hmac, hash);
191 
192  assert_memory_equal(hash, goodhash, sizeof(hash));
193  memset(hash, 0x00, sizeof(hash));
194 
195  /* try again */
196  hmac_ctx_reset(hmac);
197  hmac_ctx_update(hmac, (const uint8_t *)ipsumlorem, (int) strlen(ipsumlorem));
198  hmac_ctx_update(hmac, (const uint8_t *)ipsumlorem, (int) strlen(ipsumlorem));
199  hmac_ctx_final(hmac, hash);
200 
201  assert_memory_equal(hash, goodhash, sizeof(hash));
202 
203  /* Fill our key with random data to ensure it is not used by hmac anymore */
204  memset(key, 0x55, sizeof(key));
205 
206  hmac_ctx_reset(hmac);
207  hmac_ctx_update(hmac, (const uint8_t *)ipsumlorem, (int) strlen(ipsumlorem));
208  hmac_ctx_update(hmac, (const uint8_t *)ipsumlorem, (int) strlen(ipsumlorem));
209  hmac_ctx_final(hmac, hash);
210 
211  assert_memory_equal(hash, goodhash, sizeof(hash));
212  hmac_ctx_cleanup(hmac);
213  hmac_ctx_free(hmac);
214 }
215 
216 void
217 test_des_encrypt(void **state)
218 {
219  /* We have a small des encrypt method that is only for NTLMv1. This unit
220  * test ensures that it is not accidentally broken */
221 
222  const unsigned char des_key[DES_KEY_LENGTH] = {0x42, 0x23};
223 
224  const char *src = "MoinWelt";
225 
226  /* cipher_des_encrypt_ecb wants a non const */
227  unsigned char *src2 = (unsigned char *) strdup(src);
228 
229  unsigned char dst[DES_KEY_LENGTH];
230  cipher_des_encrypt_ecb(des_key, src2, dst);
231 
232  const unsigned char dst_good[DES_KEY_LENGTH] = {0xd3, 0x8f, 0x61, 0xf7, 0xbe, 0x27, 0xb6, 0xa2};
233 
234  assert_memory_equal(dst, dst_good, DES_KEY_LENGTH);
235 
236  free(src2);
237 }
238 
239 /* This test is in test_crypto as it calls into the functions that calculate
240  * the crypto overhead */
241 static void
242 test_occ_mtu_calculation(void **state)
243 {
244  struct gc_arena gc = gc_new();
245 
246  struct frame f = { 0 };
247  struct options o = { 0 };
248  size_t linkmtu;
249 
250  /* common defaults */
251  o.ce.tun_mtu = 1400;
252  o.replay = true;
253  o.ce.proto = PROTO_UDP;
254 
255  /* No crypto at all */
256  o.ciphername = "none";
257  o.authname = "none";
258  linkmtu = calc_options_string_link_mtu(&o, &f);
259  assert_int_equal(linkmtu, 1400);
260 
261  /* Static key OCC examples */
262  o.shared_secret_file = "not null";
263 
264  /* secret, auth none, cipher none */
265  o.ciphername = "none";
266  o.authname = "none";
267  linkmtu = calc_options_string_link_mtu(&o, &f);
268  assert_int_equal(linkmtu, 1408);
269 
270  /* secret, cipher AES-128-CBC, auth none */
271  o.ciphername = "AES-128-CBC";
272  o.authname = "none";
273  linkmtu = calc_options_string_link_mtu(&o, &f);
274  assert_int_equal(linkmtu, 1440);
275 
276  /* secret, cipher none, auth SHA256 */
277  o.ciphername = "none";
278  o.authname = "SHA256";
279  linkmtu = calc_options_string_link_mtu(&o, &f);
280  assert_int_equal(linkmtu, 1440);
281 
282  /* secret, cipher BF-CBC, auth SHA1 */
283  o.ciphername = "BF-CBC";
284  o.authname = "SHA1";
285  linkmtu = calc_options_string_link_mtu(&o, &f);
286  assert_int_equal(linkmtu, 1444);
287 
288  /* secret, cipher BF-CBC, auth SHA1, tcp-client */
289  o.ce.proto = PROTO_TCP_CLIENT;
290  linkmtu = calc_options_string_link_mtu(&o, &f);
291  assert_int_equal(linkmtu, 1446);
292 
293  o.ce.proto = PROTO_UDP;
294 
295 #if defined(USE_COMP)
296  o.comp.alg = COMP_ALG_LZO;
297 
298  /* secret, comp-lzo yes, cipher BF-CBC, auth SHA1 */
299  linkmtu = calc_options_string_link_mtu(&o, &f);
300  assert_int_equal(linkmtu, 1445);
301 
302  /* secret, comp-lzo yes, cipher BF-CBC, auth SHA1, fragment 1200 */
303  o.ce.fragment = 1200;
304  linkmtu = calc_options_string_link_mtu(&o, &f);
305  assert_int_equal(linkmtu, 1449);
306 
307  o.comp.alg = COMP_ALG_UNDEF;
308  o.ce.fragment = 0;
309 #endif
310 
311  /* TLS mode */
312  o.shared_secret_file = NULL;
313  o.tls_client = true;
314  o.pull = true;
315 
316  /* tls client, cipher AES-128-CBC, auth SHA1, tls-auth */
317  o.authname = "SHA1";
318  o.ciphername = "AES-128-CBC";
319  o.tls_auth_file = "dummy";
320 
321  linkmtu = calc_options_string_link_mtu(&o, &f);
322  assert_int_equal(linkmtu, 1457);
323 
324  /* tls client, cipher AES-128-CBC, auth SHA1 */
325  o.tls_auth_file = NULL;
326 
327  linkmtu = calc_options_string_link_mtu(&o, &f);
328  assert_int_equal(linkmtu, 1457);
329 
330  /* tls client, cipher none, auth none */
331  o.authname = "none";
332  o.ciphername = "none";
333 
334  linkmtu = calc_options_string_link_mtu(&o, &f);
335  assert_int_equal(linkmtu, 1405);
336 
337  /* tls client, auth none, cipher none, no-replay */
338  o.replay = false;
339 
340  linkmtu = calc_options_string_link_mtu(&o, &f);
341  assert_int_equal(linkmtu, 1401);
342 
343 
344  o.replay = true;
345 
346  /* tls client, auth SHA1, cipher AES-256-GCM */
347  o.authname = "SHA1";
348  o.ciphername = "AES-256-GCM";
349  linkmtu = calc_options_string_link_mtu(&o, &f);
350  assert_int_equal(linkmtu, 1449);
351 
352 
353 #if defined(USE_COMP)
354  o.comp.alg = COMP_ALG_LZO;
355 
356  /* tls client, auth SHA1, cipher AES-256-GCM, fragment, comp-lzo yes */
357  o.ce.fragment = 1200;
358  linkmtu = calc_options_string_link_mtu(&o, &f);
359  assert_int_equal(linkmtu, 1454);
360 
361  /* tls client, auth SHA1, cipher AES-256-GCM, fragment, comp-lzo yes, socks */
362  o.ce.socks_proxy_server = "socks.example.com";
363  linkmtu = calc_options_string_link_mtu(&o, &f);
364  assert_int_equal(linkmtu, 1464);
365 #endif
366 
367  gc_free(&gc);
368 }
369 
370 static void
371 test_mssfix_mtu_calculation(void **state)
372 {
373  struct gc_arena gc = gc_new();
374 
375  struct frame f = { 0 };
376  struct options o = { 0 };
377 
378  /* common defaults */
379  o.ce.tun_mtu = 1400;
380  o.ce.mssfix = 1000;
381  o.replay = true;
382  o.ce.proto = PROTO_UDP;
383 
384  /* No crypto at all */
385  o.ciphername = "none";
386  o.authname = "none";
387  struct key_type kt;
388  init_key_type(&kt, o.ciphername, o.authname, false, false);
389 
390  /* No encryption, just packet id (8) + TCP payload(20) + IP payload(20) */
391  frame_calculate_dynamic(&f, &kt, &o, NULL);
392  assert_int_equal(f.mss_fix, 952);
393 
394  /* Static key OCC examples */
395  o.shared_secret_file = "not null";
396 
397  /* secret, auth none, cipher none */
398  o.ciphername = "none";
399  o.authname = "none";
400  init_key_type(&kt, o.ciphername, o.authname, false, false);
401  frame_calculate_dynamic(&f, &kt, &o, NULL);
402  assert_int_equal(f.mss_fix, 952);
403 
404  /* secret, cipher AES-128-CBC, auth none */
405  o.ciphername = "AES-128-CBC";
406  o.authname = "none";
407  init_key_type(&kt, o.ciphername, o.authname, false, false);
408 
409  for (int i = 990; i <= 1010; i++)
410  {
411  /* 992 - 1008 should end up with the same mssfix value all they
412  * all result in the same CBC block size/padding and <= 991 and >=1008
413  * should be one block less and more respectively */
414  o.ce.mssfix = i;
415  frame_calculate_dynamic(&f, &kt, &o, NULL);
416  if (i <= 991)
417  {
418  assert_int_equal(f.mss_fix, 911);
419  }
420  else if (i >= 1008)
421  {
422  assert_int_equal(f.mss_fix, 943);
423  }
424  else
425  {
426  assert_int_equal(f.mss_fix, 927);
427  }
428  }
429 #ifdef USE_COMP
430  o.comp.alg = COMP_ALG_LZO;
431 
432  /* Same but with compression added. Compression adds one byte extra to the
433  * payload so the payload should be reduced by compared to the no
434  * compression calculation before */
435  for (int i = 990; i <= 1010; i++)
436  {
437  /* 992 - 1008 should end up with the same mssfix value all they
438  * all result in the same CBC block size/padding and <= 991 and >=1008
439  * should be one block less and more respectively */
440  o.ce.mssfix = i;
441  frame_calculate_dynamic(&f, &kt, &o, NULL);
442  if (i <= 991)
443  {
444  assert_int_equal(f.mss_fix, 910);
445  }
446  else if (i >= 1008)
447  {
448  assert_int_equal(f.mss_fix, 942);
449  }
450  else
451  {
452  assert_int_equal(f.mss_fix, 926);
453  }
454  }
455  o.comp.alg = COMP_ALG_UNDEF;
456 #endif /* ifdef USE_COMP */
457 
458  /* tls client, auth SHA1, cipher AES-256-GCM */
459  o.authname = "SHA1";
460  o.ciphername = "AES-256-GCM";
461  o.tls_client = true;
462  o.peer_id = 77;
463  o.use_peer_id = true;
464  init_key_type(&kt, o.ciphername, o.authname, true, false);
465 
466  for (int i = 900; i <= 1200; i++)
467  {
468  /* For stream ciphers, the value should not be influenced by block
469  * sizes or similar but always have the same difference */
470  o.ce.mssfix = i;
471  frame_calculate_dynamic(&f, &kt, &o, NULL);
472 
473  /* 4 byte opcode/peerid, 4 byte pkt ID, 16 byte tag, 40 TCP+IP */
474  assert_int_equal(f.mss_fix, i - 4 - 4 - 16 - 40);
475  }
476 
477  gc_free(&gc);
478 }
479 
480 int
481 main(void)
482 {
483  const struct CMUnitTest tests[] = {
484  cmocka_unit_test(crypto_pem_encode_decode_loopback),
485  cmocka_unit_test(crypto_translate_cipher_names),
486  cmocka_unit_test(crypto_test_tls_prf),
487  cmocka_unit_test(crypto_test_hmac),
488  cmocka_unit_test(test_des_encrypt),
489  cmocka_unit_test(test_occ_mtu_calculation),
490  cmocka_unit_test(test_mssfix_mtu_calculation)
491  };
492 
493 #if defined(ENABLE_CRYPTO_OPENSSL)
494  OpenSSL_add_all_algorithms();
495 #endif
496 
497  int ret = cmocka_run_group_tests_name("crypto tests", tests, NULL, NULL);
498 
499 #if defined(ENABLE_CRYPTO_OPENSSL)
500  EVP_cleanup();
501 #endif
502 
503  return ret;
504 }
main
int main(void)
Definition: test_crypto.c:481
cipher_valid
static bool cipher_valid(const char *ciphername)
Returns if the cipher is valid, based on the given cipher name.
Definition: crypto_backend.h:215
hmac_ctx_cleanup
void hmac_ctx_cleanup(hmac_ctx_t *ctx)
connection_entry::mssfix
int mssfix
Definition: options.h:133
options::use_peer_id
bool use_peer_id
Definition: options.h:664
ssl_backend.h
gc_new
static struct gc_arena gc_new(void)
Definition: buffer.h:998
hmac_ctx_t
mbedtls_md_context_t hmac_ctx_t
Generic HMAC context.
Definition: crypto_mbedtls.h:46
connection_entry::socks_proxy_server
const char * socks_proxy_server
Definition: options.h:116
crypto_test_tls_prf
static void crypto_test_tls_prf(void **state)
Definition: test_crypto.c:152
hash
Definition: list.h:58
options::authname
const char * authname
Definition: options.h:541
options::tls_client
bool tls_client
Definition: options.h:556
options::shared_secret_file
const char * shared_secret_file
Definition: options.h:534
testtext
static const char testtext[]
Definition: test_crypto.c:46
config-msvc.h
options::ce
struct connection_entry ce
Definition: options.h:271
hmac_ctx_update
void hmac_ctx_update(hmac_ctx_t *ctx, const uint8_t *src, int src_len)
options.h
cipher_kt_name
const char * cipher_kt_name(const char *ciphername)
Retrieve a normalised string describing the cipher (e.g.
Definition: crypto_openssl.c:623
frame
Packet geometry parameters.
Definition: mtu.h:93
test_occ_mtu_calculation
static void test_occ_mtu_calculation(void **state)
Definition: test_crypto.c:242
key
Container for unidirectional cipher and HMAC key material.
Definition: crypto.h:149
ipsumlorem
static const char * ipsumlorem
Definition: test_crypto.c:147
string_alloc
char * string_alloc(const char *str, struct gc_arena *gc)
Definition: buffer.c:662
test_translate_cipher
static void test_translate_cipher(const char *ciphername, const char *openvpn_name)
Definition: test_crypto.c:75
testkey
static uint8_t testkey[20]
Definition: test_crypto.c:170
PROTO_TCP_CLIENT
@ PROTO_TCP_CLIENT
Definition: socket.h:556
test_cipher_names
static void test_cipher_names(const char *ciphername, const char *openvpn_name)
Definition: test_crypto.c:91
BLEN
#define BLEN(buf)
Definition: buffer.h:127
calc_options_string_link_mtu
size_t calc_options_string_link_mtu(const struct options *o, const struct frame *frame)
Calculate the link-mtu to advertise to our peer.
Definition: mtu.c:166
frame_calculate_dynamic
void frame_calculate_dynamic(struct frame *frame, struct key_type *kt, const struct options *options, struct link_socket_info *lsi)
Set the –mssfix option.
Definition: mss.c:336
crypto_translate_cipher_names
static void crypto_translate_cipher_names(void **state)
Definition: test_crypto.c:129
options::tls_auth_file
const char * tls_auth_file
Definition: options.h:626
goodhash
static uint8_t goodhash[20]
Definition: test_crypto.c:171
options
Definition: options.h:232
crypto.h
options::gc
struct gc_arena gc
Definition: options.h:234
md_kt_size
unsigned char md_kt_size(const char *mdname)
Returns the size of the message digest, in bytes.
Definition: crypto_openssl.c:1106
crypto_pem_encode_decode_loopback
static void crypto_pem_encode_decode_loopback(void **state)
Definition: test_crypto.c:49
hmac_ctx_final
void hmac_ctx_final(hmac_ctx_t *ctx, uint8_t *dst)
buffer
Wrapper structure for dynamically allocated memory.
Definition: buffer.h:60
hmac_ctx_reset
void hmac_ctx_reset(hmac_ctx_t *ctx)
hmac_ctx_free
void hmac_ctx_free(hmac_ctx_t *ctx)
key_type
Definition: crypto.h:139
mock_msg.h
syshead.h
BPTR
#define BPTR(buf)
Definition: buffer.h:124
gc_arena
Garbage collection arena used to keep track of dynamically allocated memory.
Definition: buffer.h:116
crypto_pem_encode
bool crypto_pem_encode(const char *name, struct buffer *dst, const struct buffer *src, struct gc_arena *gc)
Encode binary data as PEM.
Definition: crypto_openssl.c:466
buf_set_write
static void buf_set_write(struct buffer *buf, uint8_t *data, int size)
Definition: buffer.h:318
options::replay
bool replay
Definition: options.h:544
cipher_des_encrypt_ecb
void cipher_des_encrypt_ecb(const unsigned char key[DES_KEY_LENGTH], unsigned char src[DES_KEY_LENGTH], unsigned char dst[DES_KEY_LENGTH])
Encrypt the given block, using DES ECB mode.
Definition: crypto_openssl.c:977
options::peer_id
uint32_t peer_id
Definition: options.h:665
crypto_pem_decode
bool crypto_pem_decode(const char *name, struct buffer *dst, const struct buffer *src)
Decode a PEM buffer to binary data.
Definition: crypto_openssl.c:494
gc_free
static void gc_free(struct gc_arena *a)
Definition: buffer.h:1006
mss.h
config.h
hmac_ctx_new
hmac_ctx_t * hmac_ctx_new(void)
Definition: crypto_openssl.c:1198
connection_entry::fragment
int fragment
Definition: options.h:130
test_des_encrypt
void test_des_encrypt(void **state)
Definition: test_crypto.c:217
connection_entry::proto
int proto
Definition: options.h:101
hmac_ctx_init
void hmac_ctx_init(hmac_ctx_t *ctx, const uint8_t *key, const char *mdname)
init_key_type
void init_key_type(struct key_type *kt, const char *ciphername, const char *authname, bool tls_mode, bool warn)
Initialize a key_type structure with.
Definition: crypto.c:745
crypto_test_hmac
static void crypto_test_hmac(void **state)
Definition: test_crypto.c:176
connection_entry::tun_mtu
int tun_mtu
Definition: options.h:120
options::ciphername
const char * ciphername
Definition: options.h:537
DES_KEY_LENGTH
#define DES_KEY_LENGTH
Definition: crypto_mbedtls.h:76
http-client.f
string f
Definition: http-client.py:6
test_mssfix_mtu_calculation
static void test_mssfix_mtu_calculation(void **state)
Definition: test_crypto.c:371
ssl_tls1_PRF
bool ssl_tls1_PRF(const uint8_t *seed, int seed_len, const uint8_t *secret, int secret_len, uint8_t *output, int output_len)
Calculates the TLS 1.0-1.1 PRF function.
Definition: crypto_openssl.c:1607
buf_set_read
static void buf_set_read(struct buffer *buf, const uint8_t *data, size_t size)
Definition: buffer.h:335
options::pull
bool pull
Definition: options.h:522
good_prf
static uint8_t good_prf[32]
Definition: test_crypto.c:142
PROTO_UDP
@ PROTO_UDP
Definition: socket.h:553
Generated by   doxygen 1.8.17