From 1079962e4c06f88a54e50d997c1b7e84303d30b4 Mon Sep 17 00:00:00 2001 From: Bernhard Schmidt Date: Sat, 15 Aug 2020 21:29:50 +0200 Subject: New upstream version 2.5~beta1 --- src/openvpn/crypto_backend.h | 47 +++++++++++++++++++++++++++++++++++++++----- 1 file changed, 42 insertions(+), 5 deletions(-) (limited to 'src/openvpn/crypto_backend.h') diff --git a/src/openvpn/crypto_backend.h b/src/openvpn/crypto_backend.h index b3db925..85cb084 100644 --- a/src/openvpn/crypto_backend.h +++ b/src/openvpn/crypto_backend.h @@ -36,6 +36,7 @@ #include "crypto_mbedtls.h" #endif #include "basic.h" +#include "buffer.h" /* TLS uses a tag of 128 bytes, let's do the same for OpenVPN */ #define OPENVPN_AEAD_TAG_LENGTH 16 @@ -50,7 +51,7 @@ typedef enum { MD_SHA1, MD_SHA256 -} hash_algo_type ; +} hash_algo_type; /** Struct used in cipher name translation table */ typedef struct { @@ -105,6 +106,34 @@ void show_available_digests(void); void show_available_engines(void); +/** + * Encode binary data as PEM. + * + * @param name The name to use in the PEM header/footer. + * @param dst Destination buffer for PEM-encoded data. Must be a valid + * pointer to an uninitialized buffer structure. Iff this + * function returns true, the buffer will contain memory + * allocated through the supplied gc. + * @param src Source buffer. + * @param gc The garbage collector to use when allocating memory for dst. + * + * @return true iff PEM encode succeeded. + */ +bool crypto_pem_encode(const char *name, struct buffer *dst, + const struct buffer *src, struct gc_arena *gc); + +/** + * Decode a PEM buffer to binary data. + * + * @param name The name expected in the PEM header/footer. + * @param dst Destination buffer for decoded data. + * @param src Source buffer (PEM data). + * + * @return true iff PEM decode succeeded. + */ +bool crypto_pem_decode(const char *name, struct buffer *dst, + const struct buffer *src); + /* * * Random number functions, used in cases where we want @@ -198,7 +227,8 @@ void cipher_des_encrypt_ecb(const unsigned char key[DES_KEY_LENGTH], * initialise encryption/decryption. * * @param ciphername Name of the cipher to retrieve parameters for (e.g. - * \c AES-128-CBC). + * \c AES-128-CBC). Will be translated to the library name + * from the openvpn config name if needed. * * @return A statically allocated structure containing parameters * for the given cipher, or NULL if no matching parameters @@ -208,6 +238,8 @@ const cipher_kt_t *cipher_kt_get(const char *ciphername); /** * Retrieve a string describing the cipher (e.g. \c AES-128-CBC). + * The returned name is normalised to the OpenVPN config name in case the + * name differs from the name used by the crypto library. * * @param cipher_kt Static cipher parameters * @@ -255,6 +287,11 @@ int cipher_kt_block_size(const cipher_kt_t *cipher_kt); */ int cipher_kt_tag_size(const cipher_kt_t *cipher_kt); +/** + * Returns true if we consider this cipher to be insecure. + */ +bool cipher_kt_insecure(const cipher_kt_t *cipher); + /** * Returns the mode that the cipher runs in. * @@ -384,7 +421,7 @@ const cipher_kt_t *cipher_ctx_get_cipher_kt(const cipher_ctx_t *ctx); * * @return \c 0 on failure, \c 1 on success. */ -int cipher_ctx_reset(cipher_ctx_t *ctx, uint8_t *iv_buf); +int cipher_ctx_reset(cipher_ctx_t *ctx, const uint8_t *iv_buf); /** * Updates the given cipher context, providing additional data (AD) for @@ -492,7 +529,7 @@ const char *md_kt_name(const md_kt_t *kt); * * @return Message digest size, in bytes, or 0 if ctx was NULL. */ -int md_kt_size(const md_kt_t *kt); +unsigned char md_kt_size(const md_kt_t *kt); /* @@ -593,7 +630,7 @@ void hmac_ctx_free(hmac_ctx_t *ctx); * Initialises the given HMAC context, using the given digest * and key. * - * @param ctx HMAC context to intialise + * @param ctx HMAC context to initialise * @param key The key to use for the HMAC * @param key_len The key length to use * @param kt Static message digest parameters -- cgit v1.2.3