1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
|
/*
* OpenVPN -- An application to securely tunnel IP networks
* over a single TCP/UDP port, with support for SSL/TLS-based
* session authentication and key exchange,
* packet encryption, packet authentication, and
* packet compression.
*
* Copyright (C) 2002-2010 OpenVPN Technologies, Inc. <sales@openvpn.net>
* Copyright (C) 2010 Fox Crypto B.V. <openvpn@fox-it.com>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2
* as published by the Free Software Foundation.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program (see the file COPYING included with this
* distribution); if not, write to the Free Software Foundation, Inc.,
* 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/
/**
* @file Data Channel Cryptography PolarSSL-specific backend interface
*/
#ifndef CRYPTO_POLARSSL_H_
#define CRYPTO_POLARSSL_H_
#include <polarssl/cipher.h>
#include <polarssl/md.h>
#include <polarssl/ctr_drbg.h>
/** Generic cipher key type %context. */
typedef cipher_info_t cipher_kt_t;
/** Generic message digest key type %context. */
typedef md_info_t md_kt_t;
/** Generic cipher %context. */
typedef cipher_context_t cipher_ctx_t;
/** Generic message digest %context. */
typedef md_context_t md_ctx_t;
/** Generic HMAC %context. */
typedef md_context_t hmac_ctx_t;
/** Maximum length of an IV */
#define OPENVPN_MAX_IV_LENGTH POLARSSL_MAX_IV_LENGTH
/** Cipher is in CBC mode */
#define OPENVPN_MODE_CBC POLARSSL_MODE_CBC
/** Cipher is in OFB mode */
#define OPENVPN_MODE_OFB POLARSSL_MODE_OFB
/** Cipher is in CFB mode */
#define OPENVPN_MODE_CFB POLARSSL_MODE_CFB
/** Cipher should encrypt */
#define OPENVPN_OP_ENCRYPT POLARSSL_ENCRYPT
/** Cipher should decrypt */
#define OPENVPN_OP_DECRYPT POLARSSL_DECRYPT
#define MD4_DIGEST_LENGTH 16
#define MD5_DIGEST_LENGTH 16
#define SHA_DIGEST_LENGTH 20
#define DES_KEY_LENGTH 8
/**
* Returns a singleton instance of the PolarSSL random number generator.
*
* For PolarSSL 1.1+, this is the CTR_DRBG random number generator. If it
* hasn't been initialised yet, the RNG will be initialised using the default
* entropy sources. Aside from the default platform entropy sources, an
* additional entropy source, the HAVEGE random number generator will also be
* added. During initialisation, a personalisation string will be added based
* on the time, the PID, and a pointer to the random context.
*/
ctr_drbg_context * rand_ctx_get();
#ifdef ENABLE_PREDICTION_RESISTANCE
/**
* Enable prediction resistance on the random number generator.
*/
void rand_ctx_enable_prediction_resistance();
#endif
/**
* Log the supplied PolarSSL error, prefixed by supplied prefix.
*
* @param flags Flags to indicate error type and priority.
* @param errval PolarSSL error code to convert to error message.
* @param prefix Prefix to PolarSSL error message.
*
* @returns true if no errors are detected, false otherwise.
*/
bool polar_log_err(unsigned int flags, int errval, const char *prefix);
/**
* Log the supplied PolarSSL error, prefixed by function name and line number.
*
* @param flags Flags to indicate error type and priority.
* @param errval PolarSSL error code to convert to error message.
* @param func Function name where error was reported.
* @param line Line number where error was reported.
*
* @returns true if no errors are detected, false otherwise.
*/
bool polar_log_func_line(unsigned int flags, int errval, const char *func,
int line);
/** Wraps polar_log_func_line() to prevent function calls for non-errors */
static inline bool polar_log_func_line_lite(unsigned int flags, int errval,
const char *func, int line) {
if (errval) {
return polar_log_func_line (flags, errval, func, line);
}
return true;
}
/**
* Check errval and log on error.
*
* Convenience wrapper to put around polarssl library calls, e.g.
* if (!polar_ok(polarssl_func())) return 0;
* or
* ASSERT (polar_ok(polarssl_func()));
*
* @param errval PolarSSL error code to convert to error message.
*
* @returns true if no errors are detected, false otherwise.
*/
#define polar_ok(errval) \
polar_log_func_line_lite (D_CRYPT_ERRORS, errval, __func__, __LINE__)
#endif /* CRYPTO_POLARSSL_H_ */
|