diff options
author | Jörg Frings-Fürst <debian@jff.email> | 2021-11-29 20:51:58 +0100 |
---|---|---|
committer | Jörg Frings-Fürst <debian@jff.email> | 2021-11-29 20:51:58 +0100 |
commit | 6e3e95a9da9458ddf0874b4bd1c8ce6b47fcef27 (patch) | |
tree | 6e3667709d99f857d90b9831426f6a32ee70d113 /src/openvpn/crypto_backend.h | |
parent | b29f419d68b26b75a44e3ac00748875f1003b900 (diff) | |
parent | f2b3dda12a731c2e0971cb7889728edaf23f6cb0 (diff) |
Merge branch 'upstream' into develop
Diffstat (limited to 'src/openvpn/crypto_backend.h')
-rw-r--r-- | src/openvpn/crypto_backend.h | 51 |
1 files changed, 44 insertions, 7 deletions
diff --git a/src/openvpn/crypto_backend.h b/src/openvpn/crypto_backend.h index b3db925..b5e3bd9 100644 --- a/src/openvpn/crypto_backend.h +++ b/src/openvpn/crypto_backend.h @@ -5,8 +5,8 @@ * packet encryption, packet authentication, and * packet compression. * - * Copyright (C) 2002-2018 OpenVPN Inc <sales@openvpn.net> - * Copyright (C) 2010-2018 Fox Crypto B.V. <openvpn@fox-it.com> + * Copyright (C) 2002-2021 OpenVPN Inc <sales@openvpn.net> + * Copyright (C) 2010-2021 Fox Crypto B.V. <openvpn@foxcrypto.com> * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License version 2 @@ -36,6 +36,7 @@ #include "crypto_mbedtls.h" #endif #include "basic.h" +#include "buffer.h" /* TLS uses a tag of 128 bytes, let's do the same for OpenVPN */ #define OPENVPN_AEAD_TAG_LENGTH 16 @@ -50,7 +51,7 @@ typedef enum { MD_SHA1, MD_SHA256 -} hash_algo_type ; +} hash_algo_type; /** Struct used in cipher name translation table */ typedef struct { @@ -105,6 +106,34 @@ void show_available_digests(void); void show_available_engines(void); +/** + * Encode binary data as PEM. + * + * @param name The name to use in the PEM header/footer. + * @param dst Destination buffer for PEM-encoded data. Must be a valid + * pointer to an uninitialized buffer structure. Iff this + * function returns true, the buffer will contain memory + * allocated through the supplied gc. + * @param src Source buffer. + * @param gc The garbage collector to use when allocating memory for dst. + * + * @return true iff PEM encode succeeded. + */ +bool crypto_pem_encode(const char *name, struct buffer *dst, + const struct buffer *src, struct gc_arena *gc); + +/** + * Decode a PEM buffer to binary data. + * + * @param name The name expected in the PEM header/footer. + * @param dst Destination buffer for decoded data. + * @param src Source buffer (PEM data). + * + * @return true iff PEM decode succeeded. + */ +bool crypto_pem_decode(const char *name, struct buffer *dst, + const struct buffer *src); + /* * * Random number functions, used in cases where we want @@ -198,7 +227,8 @@ void cipher_des_encrypt_ecb(const unsigned char key[DES_KEY_LENGTH], * initialise encryption/decryption. * * @param ciphername Name of the cipher to retrieve parameters for (e.g. - * \c AES-128-CBC). + * \c AES-128-CBC). Will be translated to the library name + * from the openvpn config name if needed. * * @return A statically allocated structure containing parameters * for the given cipher, or NULL if no matching parameters @@ -208,6 +238,8 @@ const cipher_kt_t *cipher_kt_get(const char *ciphername); /** * Retrieve a string describing the cipher (e.g. \c AES-128-CBC). + * The returned name is normalised to the OpenVPN config name in case the + * name differs from the name used by the crypto library. * * @param cipher_kt Static cipher parameters * @@ -256,6 +288,11 @@ int cipher_kt_block_size(const cipher_kt_t *cipher_kt); int cipher_kt_tag_size(const cipher_kt_t *cipher_kt); /** + * Returns true if we consider this cipher to be insecure. + */ +bool cipher_kt_insecure(const cipher_kt_t *cipher); + +/** * Returns the mode that the cipher runs in. * * @param cipher_kt Static cipher parameters. May not be NULL. @@ -384,7 +421,7 @@ const cipher_kt_t *cipher_ctx_get_cipher_kt(const cipher_ctx_t *ctx); * * @return \c 0 on failure, \c 1 on success. */ -int cipher_ctx_reset(cipher_ctx_t *ctx, uint8_t *iv_buf); +int cipher_ctx_reset(cipher_ctx_t *ctx, const uint8_t *iv_buf); /** * Updates the given cipher context, providing additional data (AD) for @@ -492,7 +529,7 @@ const char *md_kt_name(const md_kt_t *kt); * * @return Message digest size, in bytes, or 0 if ctx was NULL. */ -int md_kt_size(const md_kt_t *kt); +unsigned char md_kt_size(const md_kt_t *kt); /* @@ -593,7 +630,7 @@ void hmac_ctx_free(hmac_ctx_t *ctx); * Initialises the given HMAC context, using the given digest * and key. * - * @param ctx HMAC context to intialise + * @param ctx HMAC context to initialise * @param key The key to use for the HMAC * @param key_len The key length to use * @param kt Static message digest parameters |