OpenVPN
xkey_common.h
Go to the documentation of this file.
1 /*
2  * OpenVPN -- An application to securely tunnel IP networks
3  * over a single TCP/UDP port, with support for SSL/TLS-based
4  * session authentication and key exchange,
5  * packet encryption, packet authentication, and
6  * packet compression.
7  *
8  * Copyright (C) 2021-2024 Selva Nair <selva.nair@gmail.com>
9  *
10  * This program is free software; you can redistribute it and/or modify
11  * it under the terms of the GNU General Public License as published by the
12  * Free Software Foundation, either version 2 of the License,
13  * or (at your option) any later version.
14  *
15  * This program is distributed in the hope that it will be useful,
16  * but WITHOUT ANY WARRANTY; without even the implied warranty of
17  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18  * GNU General Public License for more details.
19  *
20  * You should have received a copy of the GNU General Public License along
21  * with this program; if not, write to the Free Software Foundation, Inc.,
22  * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
23  */
24 
25 #ifndef XKEY_COMMON_H_
26 #define XKEY_COMMON_H_
27 
28 /* Guard to only enable if OpenSSL is used and not trigger an error if mbed
29  * TLS is compiled without OpenSSL being installed */
30 #if defined(ENABLE_CRYPTO_OPENSSL)
31 #include <openssl/opensslv.h>
32 #if OPENSSL_VERSION_NUMBER >= 0x30000010L && !defined(DISABLE_XKEY_PROVIDER)
33 #define HAVE_XKEY_PROVIDER 1
34 #include <openssl/provider.h>
35 #include <openssl/core_dispatch.h>
36 #include <openssl/ecdsa.h>
37 
42 OSSL_provider_init_fn xkey_provider_init;
43 
44 #define XKEY_PROV_PROPS "provider=ovpn.xkey"
45 
50 typedef struct {
51  const char *padmode;
52  const char *mdname;
53  const char *saltlen;
54  const char *keytype;
55  const char *op;
56 } XKEY_SIGALG;
57 
82 typedef int (XKEY_EXTERNAL_SIGN_fn)(void *handle, unsigned char *sig, size_t *siglen,
83  const unsigned char *tbs, size_t tbslen,
84  XKEY_SIGALG sigalg);
90 typedef void (XKEY_PRIVKEY_FREE_fn)(void *handle);
91 
101 EVP_PKEY *xkey_load_management_key(OSSL_LIB_CTX *libctx, EVP_PKEY *pubkey);
102 
119 bool
120 encode_pkcs1(unsigned char *enc, size_t *enc_len, const char *mdname,
121  const unsigned char *tbs, size_t tbslen);
122 
137 int
138 xkey_digest(const unsigned char *src, size_t srclen, unsigned char *buf,
139  size_t *buflen, const char *mdname);
140 
154 EVP_PKEY *
155 xkey_load_generic_key(OSSL_LIB_CTX *libctx, void *handle, EVP_PKEY *pubkey,
156  XKEY_EXTERNAL_SIGN_fn *sign_op, XKEY_PRIVKEY_FREE_fn *free_op);
157 
158 extern OSSL_LIB_CTX *tls_libctx; /* Global */
159 
167 static inline int
168 xkey_max_saltlen(int modBits, int hLen)
169 {
170  int emLen = (modBits - 1 + 7)/8; /* ceil((modBits - 1)/8) */
171 
172  return emLen - hLen - 2;
173 }
174 
185 int
186 ecdsa_bin2der(unsigned char *buf, int len, size_t capacity);
187 
188 #endif /* HAVE_XKEY_PROVIDER */
189 
190 #endif /* ENABLE_CRYPTO_OPENSSL */
191 
192 #endif /* XKEY_COMMON_H_ */
tls_libctx
OSSL_LIB_CTX * tls_libctx
Definition: ssl_openssl.c:72
OSSL_LIB_CTX
void OSSL_LIB_CTX
Definition: openssl_compat.h:129