summaryrefslogtreecommitdiff
path: root/src/openvpn/crypto_backend.h
diff options
context:
space:
mode:
authorBernhard Schmidt <berni@debian.org>2020-09-01 16:52:17 +0200
committerBernhard Schmidt <berni@debian.org>2020-09-01 16:52:17 +0200
commit9fc3b98112217f2d92a67977dbde0987cc7a1803 (patch)
tree29fcc8654ee65d9dd89ade797bea2f3d9dfd9cfd /src/openvpn/crypto_backend.h
parenta8758c0e03eed188dcb9da0e4fd781a67c25bf1e (diff)
parent69b02b1f7fd609d84ace13ab04697158de2418a9 (diff)
Merge branch 'debian/experimental-2.5'
Diffstat (limited to 'src/openvpn/crypto_backend.h')
-rw-r--r--src/openvpn/crypto_backend.h47
1 files changed, 42 insertions, 5 deletions
diff --git a/src/openvpn/crypto_backend.h b/src/openvpn/crypto_backend.h
index b3db925..85cb084 100644
--- a/src/openvpn/crypto_backend.h
+++ b/src/openvpn/crypto_backend.h
@@ -36,6 +36,7 @@
#include "crypto_mbedtls.h"
#endif
#include "basic.h"
+#include "buffer.h"
/* TLS uses a tag of 128 bytes, let's do the same for OpenVPN */
#define OPENVPN_AEAD_TAG_LENGTH 16
@@ -50,7 +51,7 @@
typedef enum {
MD_SHA1,
MD_SHA256
-} hash_algo_type ;
+} hash_algo_type;
/** Struct used in cipher name translation table */
typedef struct {
@@ -105,6 +106,34 @@ void show_available_digests(void);
void show_available_engines(void);
+/**
+ * Encode binary data as PEM.
+ *
+ * @param name The name to use in the PEM header/footer.
+ * @param dst Destination buffer for PEM-encoded data. Must be a valid
+ * pointer to an uninitialized buffer structure. Iff this
+ * function returns true, the buffer will contain memory
+ * allocated through the supplied gc.
+ * @param src Source buffer.
+ * @param gc The garbage collector to use when allocating memory for dst.
+ *
+ * @return true iff PEM encode succeeded.
+ */
+bool crypto_pem_encode(const char *name, struct buffer *dst,
+ const struct buffer *src, struct gc_arena *gc);
+
+/**
+ * Decode a PEM buffer to binary data.
+ *
+ * @param name The name expected in the PEM header/footer.
+ * @param dst Destination buffer for decoded data.
+ * @param src Source buffer (PEM data).
+ *
+ * @return true iff PEM decode succeeded.
+ */
+bool crypto_pem_decode(const char *name, struct buffer *dst,
+ const struct buffer *src);
+
/*
*
* Random number functions, used in cases where we want
@@ -198,7 +227,8 @@ void cipher_des_encrypt_ecb(const unsigned char key[DES_KEY_LENGTH],
* initialise encryption/decryption.
*
* @param ciphername Name of the cipher to retrieve parameters for (e.g.
- * \c AES-128-CBC).
+ * \c AES-128-CBC). Will be translated to the library name
+ * from the openvpn config name if needed.
*
* @return A statically allocated structure containing parameters
* for the given cipher, or NULL if no matching parameters
@@ -208,6 +238,8 @@ const cipher_kt_t *cipher_kt_get(const char *ciphername);
/**
* Retrieve a string describing the cipher (e.g. \c AES-128-CBC).
+ * The returned name is normalised to the OpenVPN config name in case the
+ * name differs from the name used by the crypto library.
*
* @param cipher_kt Static cipher parameters
*
@@ -256,6 +288,11 @@ int cipher_kt_block_size(const cipher_kt_t *cipher_kt);
int cipher_kt_tag_size(const cipher_kt_t *cipher_kt);
/**
+ * Returns true if we consider this cipher to be insecure.
+ */
+bool cipher_kt_insecure(const cipher_kt_t *cipher);
+
+/**
* Returns the mode that the cipher runs in.
*
* @param cipher_kt Static cipher parameters. May not be NULL.
@@ -384,7 +421,7 @@ const cipher_kt_t *cipher_ctx_get_cipher_kt(const cipher_ctx_t *ctx);
*
* @return \c 0 on failure, \c 1 on success.
*/
-int cipher_ctx_reset(cipher_ctx_t *ctx, uint8_t *iv_buf);
+int cipher_ctx_reset(cipher_ctx_t *ctx, const uint8_t *iv_buf);
/**
* Updates the given cipher context, providing additional data (AD) for
@@ -492,7 +529,7 @@ const char *md_kt_name(const md_kt_t *kt);
*
* @return Message digest size, in bytes, or 0 if ctx was NULL.
*/
-int md_kt_size(const md_kt_t *kt);
+unsigned char md_kt_size(const md_kt_t *kt);
/*
@@ -593,7 +630,7 @@ void hmac_ctx_free(hmac_ctx_t *ctx);
* Initialises the given HMAC context, using the given digest
* and key.
*
- * @param ctx HMAC context to intialise
+ * @param ctx HMAC context to initialise
* @param key The key to use for the HMAC
* @param key_len The key length to use
* @param kt Static message digest parameters