github/OpenVPNAdapter
4
0
Fork 0
mirror of https://github.com/deneraraujo/OpenVPNAdapter.git synced 2026-04-24 00:00:05 +08:00
Code Issues Packages Projects Releases Wiki Activity

Merge commit '86cc97e55fe346502462284d2e636a2b3708163e' as 'Sources/OpenVPN3'

Browse Source
This commit is contained in:
Sergey Abramchuk
2020-02-24 14:43:11 +03:00
parent 133b3756e6 86cc97e55f
commit 32f1555929
655 changed files with 146468 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
Sources/OpenVPN3/openvpn/mbedtls/crypto/api.hpp
+46
View File
@@ -0,0 +1,46 @@
// OpenVPN -- An application to securely tunnel IP networks
// over a single port, with support for SSL/TLS-based
// session authentication and key exchange,
// packet encryption, packet authentication, and
// packet compression.
//
// Copyright (C) 2012-2017 OpenVPN Inc.
//
// This program is free software: you can redistribute it and/or modify
// it under the terms of the GNU Affero General Public License Version 3
// as published by the Free Software Foundation.
//
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU Affero General Public License for more details.
//
// You should have received a copy of the GNU Affero General Public License
// along with this program in the COPYING file.
// If not, see <http://www.gnu.org/licenses/>.
#ifndef OPENVPN_MBEDTLS_CRYPTO_API_H
#define OPENVPN_MBEDTLS_CRYPTO_API_H
#include <openvpn/mbedtls/crypto/cipher.hpp>
#include <openvpn/mbedtls/crypto/ciphergcm.hpp>
#include <openvpn/mbedtls/crypto/digest.hpp>
#include <openvpn/mbedtls/crypto/hmac.hpp>
namespace openvpn {
// type container for MbedTLS Crypto-level API
struct MbedTLSCryptoAPI {
// cipher
typedef MbedTLSCrypto::CipherContext CipherContext;
typedef MbedTLSCrypto::CipherContextGCM CipherContextGCM;
// digest
typedef MbedTLSCrypto::DigestContext DigestContext;
// HMAC
typedef MbedTLSCrypto::HMACContext HMACContext;
};
}
#endif
Sources/OpenVPN3/openvpn/mbedtls/crypto/cipher.hpp
+196
View File
@@ -0,0 +1,196 @@
// OpenVPN -- An application to securely tunnel IP networks
// over a single port, with support for SSL/TLS-based
// session authentication and key exchange,
// packet encryption, packet authentication, and
// packet compression.
//
// Copyright (C) 2012-2017 OpenVPN Inc.
//
// This program is free software: you can redistribute it and/or modify
// it under the terms of the GNU Affero General Public License Version 3
// as published by the Free Software Foundation.
//
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU Affero General Public License for more details.
//
// You should have received a copy of the GNU Affero General Public License
// along with this program in the COPYING file.
// If not, see <http://www.gnu.org/licenses/>.
// Wrap the mbed TLS cipher API defined in <mbedtls/cipher.h> so
// that it can be used as part of the crypto layer of the OpenVPN core.
#ifndef OPENVPN_MBEDTLS_CRYPTO_CIPHER_H
#define OPENVPN_MBEDTLS_CRYPTO_CIPHER_H
#include <string>
#include <mbedtls/cipher.h>
#include <openvpn/common/size.hpp>
#include <openvpn/common/exception.hpp>
#include <openvpn/crypto/static_key.hpp>
#include <openvpn/crypto/cryptoalgs.hpp>
namespace openvpn {
namespace MbedTLSCrypto {
class CipherContext
{
CipherContext(const CipherContext&) = delete;
CipherContext& operator=(const CipherContext&) = delete;
public:
OPENVPN_SIMPLE_EXCEPTION(mbedtls_cipher_mode_error);
OPENVPN_SIMPLE_EXCEPTION(mbedtls_cipher_uninitialized);
OPENVPN_EXCEPTION(mbedtls_cipher_error);
// mode parameter for constructor
enum {
MODE_UNDEF = MBEDTLS_OPERATION_NONE,
ENCRYPT = MBEDTLS_ENCRYPT,
DECRYPT = MBEDTLS_DECRYPT
};
// mbed TLS cipher constants
enum {
MAX_IV_LENGTH = MBEDTLS_MAX_IV_LENGTH,
CIPH_CBC_MODE = MBEDTLS_MODE_CBC
};
CipherContext()
: initialized(false)
{
}
~CipherContext() { erase() ; }
void init(const CryptoAlgs::Type alg, const unsigned char *key, const int mode)
{
erase();
// check that mode is valid
if (!(mode == ENCRYPT || mode == DECRYPT))
throw mbedtls_cipher_mode_error();
// get cipher type
const mbedtls_cipher_info_t *ci = cipher_type(alg);
// initialize cipher context with cipher type
if (mbedtls_cipher_setup(&ctx, ci) < 0)
throw mbedtls_cipher_error("mbedtls_cipher_setup");
// set key and encrypt/decrypt mode
if (mbedtls_cipher_setkey(&ctx, key, ci->key_bitlen, (mbedtls_operation_t)mode) < 0)
throw mbedtls_cipher_error("mbedtls_cipher_setkey");
initialized = true;
}
void reset(const unsigned char *iv)
{
check_initialized();
if (mbedtls_cipher_reset(&ctx) < 0)
throw mbedtls_cipher_error("mbedtls_cipher_reset");
if (mbedtls_cipher_set_iv(&ctx, iv, iv_length()))
throw mbedtls_cipher_error("mbedtls_cipher_set_iv");
}
bool update(unsigned char *out, const size_t max_out_size,
const unsigned char *in, const size_t in_size,
size_t& out_acc)
{
check_initialized();
size_t outlen;
if (mbedtls_cipher_update(&ctx, in, in_size, out, &outlen) >= 0)
{
out_acc += outlen;
return true;
}
else
return false;
}
bool final(unsigned char *out, const size_t max_out_size, size_t& out_acc)
{
check_initialized();
size_t outlen;
if (mbedtls_cipher_finish (&ctx, out, &outlen) >= 0)
{
out_acc += outlen;
return true;
}
else
return false;
}
bool is_initialized() const { return initialized; }
size_t iv_length() const
{
check_initialized();
return mbedtls_cipher_get_iv_size(&ctx);
}
size_t block_size() const
{
check_initialized();
return mbedtls_cipher_get_block_size(&ctx);
}
// return cipher mode (such as CIPH_CBC_MODE, etc.)
int cipher_mode() const
{
check_initialized();
return mbedtls_cipher_get_cipher_mode(&ctx);
}
private:
static const mbedtls_cipher_info_t *cipher_type(const CryptoAlgs::Type alg)
{
switch (alg)
{
case CryptoAlgs::AES_128_CBC:
return mbedtls_cipher_info_from_type(MBEDTLS_CIPHER_AES_128_CBC);
case CryptoAlgs::AES_192_CBC:
return mbedtls_cipher_info_from_type(MBEDTLS_CIPHER_AES_192_CBC);
case CryptoAlgs::AES_256_CBC:
return mbedtls_cipher_info_from_type(MBEDTLS_CIPHER_AES_256_CBC);
case CryptoAlgs::AES_256_CTR:
return mbedtls_cipher_info_from_type(MBEDTLS_CIPHER_AES_256_CTR);
case CryptoAlgs::DES_CBC:
return mbedtls_cipher_info_from_type(MBEDTLS_CIPHER_DES_CBC);
case CryptoAlgs::DES_EDE3_CBC:
return mbedtls_cipher_info_from_type(MBEDTLS_CIPHER_DES_EDE3_CBC);
case CryptoAlgs::BF_CBC:
return mbedtls_cipher_info_from_type(MBEDTLS_CIPHER_BLOWFISH_CBC);
default:
OPENVPN_THROW(mbedtls_cipher_error, CryptoAlgs::name(alg) << ": not usable");
}
}
void erase()
{
if (initialized)
{
mbedtls_cipher_free(&ctx);
initialized = false;
}
}
void check_initialized() const
{
#ifdef OPENVPN_ENABLE_ASSERT
if (!initialized)
throw mbedtls_cipher_uninitialized();
#endif
}
bool initialized;
mbedtls_cipher_context_t ctx;
};
}
}
#endif
Sources/OpenVPN3/openvpn/mbedtls/crypto/ciphergcm.hpp
+170
View File
@@ -0,0 +1,170 @@
// OpenVPN -- An application to securely tunnel IP networks
// over a single port, with support for SSL/TLS-based
// session authentication and key exchange,
// packet encryption, packet authentication, and
// packet compression.
//
// Copyright (C) 2012-2017 OpenVPN Inc.
//
// This program is free software: you can redistribute it and/or modify
// it under the terms of the GNU Affero General Public License Version 3
// as published by the Free Software Foundation.
//
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU Affero General Public License for more details.
//
// You should have received a copy of the GNU Affero General Public License
// along with this program in the COPYING file.
// If not, see <http://www.gnu.org/licenses/>.
// Wrap the mbed TLS GCM API.
#ifndef OPENVPN_MBEDTLS_CRYPTO_CIPHERGCM_H
#define OPENVPN_MBEDTLS_CRYPTO_CIPHERGCM_H
#include <string>
#include <mbedtls/gcm.h>
#include <openvpn/common/size.hpp>
#include <openvpn/common/exception.hpp>
#include <openvpn/common/likely.hpp>
#include <openvpn/crypto/static_key.hpp>
#include <openvpn/crypto/cryptoalgs.hpp>
namespace openvpn {
namespace MbedTLSCrypto {
class CipherContextGCM
{
CipherContextGCM(const CipherContextGCM&) = delete;
CipherContextGCM& operator=(const CipherContextGCM&) = delete;
public:
OPENVPN_EXCEPTION(mbedtls_gcm_error);
// mode parameter for constructor
enum {
MODE_UNDEF = MBEDTLS_OPERATION_NONE,
ENCRYPT = MBEDTLS_ENCRYPT,
DECRYPT = MBEDTLS_DECRYPT
};
// mbed TLS cipher constants
enum {
IV_LEN = 12,
AUTH_TAG_LEN = 16,
SUPPORTS_IN_PLACE_ENCRYPT = 1,
};
#if 0
// mbed TLS encrypt/decrypt return values
enum {
GCM_AUTH_FAILED = MBEDTLS_ERR_GCM_AUTH_FAILED,
SUCCESS = 0,
};
#endif
CipherContextGCM()
: initialized(false)
{
}
~CipherContextGCM() { erase() ; }
void init(const CryptoAlgs::Type alg,
const unsigned char *key,
const unsigned int keysize,
const int mode) // unused
{
erase();
// get cipher type
unsigned int ckeysz = 0;
const mbedtls_cipher_id_t cid = cipher_type(alg, ckeysz);
if (ckeysz > keysize)
throw mbedtls_gcm_error("insufficient key material");
// initialize cipher context
mbedtls_gcm_init(&ctx);
if (mbedtls_gcm_setkey(&ctx, cid, key, ckeysz * 8) < 0)
throw mbedtls_gcm_error("mbedtls_gcm_setkey");
initialized = true;
}
void encrypt(const unsigned char *input,
unsigned char *output,
size_t length,
const unsigned char *iv,
unsigned char *tag,
const unsigned char *ad,
size_t ad_len)
{
check_initialized();
const int status = mbedtls_gcm_crypt_and_tag(&ctx, MBEDTLS_GCM_ENCRYPT,
length, iv, IV_LEN, ad, ad_len,
input, output, AUTH_TAG_LEN, tag);
if (unlikely(status))
OPENVPN_THROW(mbedtls_gcm_error, "mbedtls_gcm_crypt_and_tag failed with status=" << status);
}
// input and output may NOT be equal
bool decrypt(const unsigned char *input,
unsigned char *output,
size_t length,
const unsigned char *iv,
const unsigned char *tag,
const unsigned char *ad,
size_t ad_len)
{
check_initialized();
const int status = mbedtls_gcm_auth_decrypt(&ctx, length, iv, IV_LEN, ad, ad_len, tag,
AUTH_TAG_LEN, input, output);
return status == 0;
}
bool is_initialized() const { return initialized; }
private:
static mbedtls_cipher_id_t cipher_type(const CryptoAlgs::Type alg, unsigned int& keysize)
{
switch (alg)
{
case CryptoAlgs::AES_128_GCM:
keysize = 16;
return MBEDTLS_CIPHER_ID_AES;
case CryptoAlgs::AES_192_GCM:
keysize = 24;
return MBEDTLS_CIPHER_ID_AES;
case CryptoAlgs::AES_256_GCM:
keysize = 32;
return MBEDTLS_CIPHER_ID_AES;
default:
OPENVPN_THROW(mbedtls_gcm_error, CryptoAlgs::name(alg) << ": not usable");
}
}
void erase()
{
if (initialized)
{
mbedtls_gcm_free(&ctx);
initialized = false;
}
}
void check_initialized() const
{
if (unlikely(!initialized))
throw mbedtls_gcm_error("uninitialized");
}
bool initialized;
mbedtls_gcm_context ctx;
};
}
}
#endif
Sources/OpenVPN3/openvpn/mbedtls/crypto/digest.hpp
+157
View File
@@ -0,0 +1,157 @@
// OpenVPN -- An application to securely tunnel IP networks
// over a single port, with support for SSL/TLS-based
// session authentication and key exchange,
// packet encryption, packet authentication, and
// packet compression.
//
// Copyright (C) 2012-2017 OpenVPN Inc.
//
// This program is free software: you can redistribute it and/or modify
// it under the terms of the GNU Affero General Public License Version 3
// as published by the Free Software Foundation.
//
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU Affero General Public License for more details.
//
// You should have received a copy of the GNU Affero General Public License
// along with this program in the COPYING file.
// If not, see <http://www.gnu.org/licenses/>.
// Wrap the mbed TLS digest API defined in <mbedtls/md.h>
// so that it can be used as part of the crypto layer of the OpenVPN core.
#ifndef OPENVPN_MBEDTLS_CRYPTO_DIGEST_H
#define OPENVPN_MBEDTLS_CRYPTO_DIGEST_H
#include <string>
#include <mbedtls/md.h>
#include <openvpn/common/size.hpp>
#include <openvpn/common/exception.hpp>
#include <openvpn/crypto/cryptoalgs.hpp>
namespace openvpn {
namespace MbedTLSCrypto {
class HMACContext;
class DigestContext
{
DigestContext(const DigestContext&) = delete;
DigestContext& operator=(const DigestContext&) = delete;
public:
friend class HMACContext;
OPENVPN_SIMPLE_EXCEPTION(mbedtls_digest_uninitialized);
OPENVPN_SIMPLE_EXCEPTION(mbedtls_digest_final_overflow);
OPENVPN_EXCEPTION(mbedtls_digest_error);
enum {
MAX_DIGEST_SIZE = MBEDTLS_MD_MAX_SIZE
};
DigestContext()
: initialized(false)
{
}
DigestContext(const CryptoAlgs::Type alg)
: initialized(false)
{
init(alg);
}
~DigestContext() { erase() ; }
void init(const CryptoAlgs::Type alg)
{
erase();
ctx.md_ctx = nullptr;
mbedtls_md_init(&ctx);
if ( mbedtls_md_setup(&ctx, digest_type(alg), 1) < 0)
throw mbedtls_digest_error("mbedtls_md_setup");
if (mbedtls_md_starts(&ctx) < 0)
throw mbedtls_digest_error("mbedtls_md_starts");
initialized = true;
}
void update(const unsigned char *in, const size_t size)
{
check_initialized();
if (mbedtls_md_update(&ctx, in, size) < 0)
throw mbedtls_digest_error("mbedtls_md_update");
}
size_t final(unsigned char *out)
{
check_initialized();
if (mbedtls_md_finish(&ctx, out) < 0)
throw mbedtls_digest_error("mbedtls_md_finish");
return size_();
}
size_t size() const
{
check_initialized();
return size_();
}
bool is_initialized() const { return initialized; }
private:
static const mbedtls_md_info_t *digest_type(const CryptoAlgs::Type alg)
{
switch (alg)
{
case CryptoAlgs::MD4:
return mbedtls_md_info_from_type(MBEDTLS_MD_MD4);
case CryptoAlgs::MD5:
return mbedtls_md_info_from_type(MBEDTLS_MD_MD5);
case CryptoAlgs::SHA1:
return mbedtls_md_info_from_type(MBEDTLS_MD_SHA1);
case CryptoAlgs::SHA224:
return mbedtls_md_info_from_type(MBEDTLS_MD_SHA224);
case CryptoAlgs::SHA256:
return mbedtls_md_info_from_type(MBEDTLS_MD_SHA256);
case CryptoAlgs::SHA384:
return mbedtls_md_info_from_type(MBEDTLS_MD_SHA384);
case CryptoAlgs::SHA512:
return mbedtls_md_info_from_type(MBEDTLS_MD_SHA512);
default:
OPENVPN_THROW(mbedtls_digest_error, CryptoAlgs::name(alg) << ": not usable");
}
}
void erase()
{
if (initialized)
{
mbedtls_md_free(&ctx);
initialized = false;
}
}
size_t size_() const
{
return mbedtls_md_get_size(ctx.md_info);
}
void check_initialized() const
{
#ifdef OPENVPN_ENABLE_ASSERT
if (!initialized)
throw mbedtls_digest_uninitialized();
#endif
}
bool initialized;
mbedtls_md_context_t ctx;
};
}
}
#endif
Sources/OpenVPN3/openvpn/mbedtls/crypto/hmac.hpp
+134
View File
@@ -0,0 +1,134 @@
// OpenVPN -- An application to securely tunnel IP networks
// over a single port, with support for SSL/TLS-based
// session authentication and key exchange,
// packet encryption, packet authentication, and
// packet compression.
//
// Copyright (C) 2012-2017 OpenVPN Inc.
//
// This program is free software: you can redistribute it and/or modify
// it under the terms of the GNU Affero General Public License Version 3
// as published by the Free Software Foundation.
//
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU Affero General Public License for more details.
//
// You should have received a copy of the GNU Affero General Public License
// along with this program in the COPYING file.
// If not, see <http://www.gnu.org/licenses/>.
// Wrap the mbed TLS HMAC API defined in <mbedtls/md.h> so
// that it can be used as part of the crypto layer of the OpenVPN core.
#ifndef OPENVPN_MBEDTLS_CRYPTO_HMAC_H
#define OPENVPN_MBEDTLS_CRYPTO_HMAC_H
#include <string>
#include <openvpn/common/size.hpp>
#include <openvpn/common/exception.hpp>
#include <openvpn/mbedtls/crypto/digest.hpp>
namespace openvpn {
namespace MbedTLSCrypto {
class HMACContext
{
HMACContext(const HMACContext&) = delete;
HMACContext& operator=(const HMACContext&) = delete;
public:
OPENVPN_SIMPLE_EXCEPTION(mbedtls_hmac_uninitialized);
OPENVPN_EXCEPTION(mbedtls_hmac_error);
enum {
MAX_HMAC_SIZE = MBEDTLS_MD_MAX_SIZE
};
HMACContext()
: initialized(false)
{
}
HMACContext(const CryptoAlgs::Type digest, const unsigned char *key, const size_t key_size)
: initialized(false)
{
init(digest, key, key_size);
}
~HMACContext() { erase() ; }
void init(const CryptoAlgs::Type digest, const unsigned char *key, const size_t key_size)
{
erase();
ctx.md_ctx = nullptr;
mbedtls_md_init(&ctx);
if (mbedtls_md_setup(&ctx, DigestContext::digest_type(digest), 1) < 0)
throw mbedtls_hmac_error("mbedtls_md_setup");
if (mbedtls_md_hmac_starts(&ctx, key, key_size) < 0)
throw mbedtls_hmac_error("mbedtls_md_hmac_starts");
initialized = true;
}
void reset()
{
check_initialized();
if (mbedtls_md_hmac_reset(&ctx) < 0)
throw mbedtls_hmac_error("mbedtls_md_hmac_reset");
}
void update(const unsigned char *in, const size_t size)
{
check_initialized();
if (mbedtls_md_hmac_update(&ctx, in, size) < 0)
throw mbedtls_hmac_error("mbedtls_md_hmac_update");
}
size_t final(unsigned char *out)
{
check_initialized();
if (mbedtls_md_hmac_finish(&ctx, out) < 0)
throw mbedtls_hmac_error("mbedtls_md_hmac_finish");
return size_();
}
size_t size() const
{
check_initialized();
return size_();
}
bool is_initialized() const { return initialized; }
private:
void erase()
{
if (initialized)
{
mbedtls_md_free(&ctx);
initialized = false;
}
}
size_t size_() const
{
return mbedtls_md_get_size(ctx.md_info);
}
void check_initialized() const
{
#ifdef OPENVPN_ENABLE_ASSERT
if (!initialized)
throw mbedtls_hmac_uninitialized();
#endif
}
bool initialized;
mbedtls_md_context_t ctx;
};
}
}
#endif
Sources/OpenVPN3/openvpn/mbedtls/pki/dh.hpp
+124
View File
@@ -0,0 +1,124 @@
// OpenVPN -- An application to securely tunnel IP networks
// over a single port, with support for SSL/TLS-based
// session authentication and key exchange,
// packet encryption, packet authentication, and
// packet compression.
//
// Copyright (C) 2012-2017 OpenVPN Inc.
//
// This program is free software: you can redistribute it and/or modify
// it under the terms of the GNU Affero General Public License Version 3
// as published by the Free Software Foundation.
//
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU Affero General Public License for more details.
//
// You should have received a copy of the GNU Affero General Public License
// along with this program in the COPYING file.
// If not, see <http://www.gnu.org/licenses/>.
// Wrap a mbed TLS dhm_context object (Diffie Hellman parameters).
#ifndef OPENVPN_MBEDTLS_PKI_DH_H
#define OPENVPN_MBEDTLS_PKI_DH_H
#include <string>
#include <sstream>
#include <cstring>
#include <mbedtls/x509.h>
#include <openvpn/common/size.hpp>
#include <openvpn/common/exception.hpp>
#include <openvpn/common/rc.hpp>
#include <openvpn/mbedtls/util/error.hpp>
namespace openvpn {
namespace MbedTLSPKI {
class DH : public RC<thread_unsafe_refcount>
{
public:
typedef RCPtr<DH> Ptr;
DH() : dhc(nullptr) {}
DH(const std::string& dh_txt, const std::string& title)
: dhc(nullptr)
{
try {
parse(dh_txt, title);
}
catch (...)
{
dealloc();
throw;
}
}
void parse(const std::string& dh_txt, const std::string& title)
{
alloc();
// dh_txt.length() is increased by 1 as it does not include the NULL-terminator
// which mbedtls_dhm_parse_dhm() expects to see.
const int status = mbedtls_dhm_parse_dhm(dhc,
(const unsigned char *)dh_txt.c_str(),
dh_txt.length() + 1);
if (status < 0)
{
throw MbedTLSException("error parsing " + title + " DH parameters", status);
}
if (status > 0)
{
std::ostringstream os;
os << status << " DH parameters in " << title << " failed to parse";
throw MbedTLSException(os.str());
}
// store PEM data to allow extraction
pem_dhc = dh_txt;
}
std::string extract() const
{
return std::string(pem_dhc);
}
mbedtls_dhm_context* get() const
{
return dhc;
}
~DH()
{
dealloc();
}
private:
void alloc()
{
if (!dhc)
{
dhc = new mbedtls_dhm_context;
mbedtls_dhm_init(dhc);
}
}
void dealloc()
{
if (dhc)
{
mbedtls_dhm_free(dhc);
delete dhc;
dhc = nullptr;
}
}
mbedtls_dhm_context *dhc;
std::string pem_dhc;
};
}
}
#endif
Sources/OpenVPN3/openvpn/mbedtls/pki/pkctx.hpp
+163
View File
@@ -0,0 +1,163 @@
// OpenVPN -- An application to securely tunnel IP networks
// over a single port, with support for SSL/TLS-based
// session authentication and key exchange,
// packet encryption, packet authentication, and
// packet compression.
//
// Copyright (C) 2012-2017 OpenVPN Inc.
//
// This program is free software: you can redistribute it and/or modify
// it under the terms of the GNU Affero General Public License Version 3
// as published by the Free Software Foundation.
//
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU Affero General Public License for more details.
//
// You should have received a copy of the GNU Affero General Public License
// along with this program in the COPYING file.
// If not, see <http://www.gnu.org/licenses/>.
// Wrap a mbed TLS pk_context object.
#ifndef OPENVPN_MBEDTLS_PKI_PKCTX_H
#define OPENVPN_MBEDTLS_PKI_PKCTX_H
#include <string>
#include <sstream>
#include <cstring>
#include <mbedtls/pk.h>
#include <openvpn/common/size.hpp>
#include <openvpn/common/exception.hpp>
#include <openvpn/common/rc.hpp>
#include <openvpn/mbedtls/util/error.hpp>
namespace openvpn {
namespace MbedTLSPKI {
class PKContext : public RC<thread_unsafe_refcount>
{
public:
typedef RCPtr<PKContext> Ptr;
PKContext() : ctx(nullptr) {}
PKContext(const std::string& key_txt, const std::string& title, const std::string& priv_key_pwd)
: ctx(nullptr)
{
try {
parse(key_txt, title, priv_key_pwd);
}
catch (...)
{
dealloc();
throw;
}
}
bool defined() const
{
return ctx != nullptr;
}
PKType::Type key_type() const
{
switch (mbedtls_pk_get_type(ctx))
{
case MBEDTLS_PK_RSA:
case MBEDTLS_PK_RSA_ALT:
case MBEDTLS_PK_RSASSA_PSS:
return PKType::PK_RSA;
case MBEDTLS_PK_ECKEY:
case MBEDTLS_PK_ECKEY_DH:
return PKType::PK_EC;
case MBEDTLS_PK_ECDSA:
return PKType::PK_ECDSA;
case MBEDTLS_PK_NONE:
return PKType::PK_NONE;
default:
return PKType::PK_UNKNOWN;
}
}
size_t key_length() const
{
return mbedtls_pk_get_bitlen(ctx);
}
void parse(const std::string& key_txt, const std::string& title, const std::string& priv_key_pwd)
{
alloc();
// key_txt.length() is increased by 1 as it does not include the NULL-terminator
// which mbedtls_pk_parse_key() expects to see.
const int status = mbedtls_pk_parse_key(ctx,
(const unsigned char *)key_txt.c_str(),
key_txt.length() + 1,
(const unsigned char *)priv_key_pwd.c_str(),
priv_key_pwd.length());
if (status < 0)
throw MbedTLSException("error parsing " + title + " private key", status);
}
std::string extract() const
{
// maximum size of the PEM data is not available at this point
BufferAllocated buff(16000, 0);
int ret = mbedtls_pk_write_key_pem(ctx, buff.data(), buff.max_size());
if (ret < 0)
throw MbedTLSException("extract priv_key: can't write to buffer", ret);
return std::string((const char *)buff.data());
}
void epki_enable(void *arg,
mbedtls_pk_rsa_alt_decrypt_func epki_decrypt,
mbedtls_pk_rsa_alt_sign_func epki_sign,
mbedtls_pk_rsa_alt_key_len_func epki_key_len)
{
alloc();
const int status = mbedtls_pk_setup_rsa_alt(ctx, arg, epki_decrypt, epki_sign, epki_key_len);
if (status < 0)
throw MbedTLSException("error in mbedtls_pk_setup_rsa_alt", status);
}
mbedtls_pk_context* get() const
{
return ctx;
}
~PKContext()
{
dealloc();
}
private:
void alloc()
{
if (!ctx)
{
ctx = new mbedtls_pk_context;
mbedtls_pk_init(ctx);
}
}
void dealloc()
{
if (ctx)
{
mbedtls_pk_free(ctx);
delete ctx;
ctx = nullptr;
}
}
mbedtls_pk_context *ctx;
};
}
}
#endif
Sources/OpenVPN3/openvpn/mbedtls/pki/x509cert.hpp
+167
View File
@@ -0,0 +1,167 @@
// OpenVPN -- An application to securely tunnel IP networks
// over a single port, with support for SSL/TLS-based
// session authentication and key exchange,
// packet encryption, packet authentication, and
// packet compression.
//
// Copyright (C) 2012-2017 OpenVPN Inc.
//
// This program is free software: you can redistribute it and/or modify
// it under the terms of the GNU Affero General Public License Version 3
// as published by the Free Software Foundation.
//
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU Affero General Public License for more details.
//
// You should have received a copy of the GNU Affero General Public License
// along with this program in the COPYING file.
// If not, see <http://www.gnu.org/licenses/>.
// Wrap a mbed TLS x509_crt object
#ifndef OPENVPN_MBEDTLS_PKI_X509CERT_H
#define OPENVPN_MBEDTLS_PKI_X509CERT_H
#include <string>
#include <sstream>
#include <cstring>
#include <iostream>
#include <mbedtls/x509.h>
#include <mbedtls/pem.h>
#include <mbedtls/base64.h>
#include <openvpn/common/size.hpp>
#include <openvpn/common/exception.hpp>
#include <openvpn/common/rc.hpp>
#include <openvpn/mbedtls/util/error.hpp>
namespace openvpn {
namespace MbedTLSPKI {
class X509Cert : public RC<thread_unsafe_refcount>
{
public:
typedef RCPtr<X509Cert> Ptr;
X509Cert() : chain(nullptr) {}
X509Cert(const std::string& cert_txt, const std::string& title, const bool strict)
: chain(nullptr)
{
try {
parse(cert_txt, title, strict);
}
catch (...)
{
dealloc();
throw;
}
}
void parse(const std::string& cert_txt, const std::string& title, const bool strict)
{
alloc();
if (cert_txt.empty())
throw MbedTLSException(title + " certificate is undefined");
// cert_txt.length() is increased by 1 as it does not include the NULL-terminator
// which mbedtls_x509_crt_parse() expects to see.
const int status = mbedtls_x509_crt_parse(chain,
(const unsigned char *)cert_txt.c_str(),
cert_txt.length() + 1);
if (status < 0)
{
throw MbedTLSException("error parsing " + title + " certificate", status);
}
if (status > 0)
{
std::ostringstream os;
os << status << " certificate(s) in " << title << " bundle failed to parse";
if (strict)
throw MbedTLSException(os.str());
else
OPENVPN_LOG("MBEDTLS: " << os.str());
}
}
static std::string der_to_pem(const unsigned char* der, size_t der_size)
{
size_t olen = 0;
int ret;
ret = mbedtls_pem_write_buffer(begin_cert, end_cert, der,
der_size, NULL, 0, &olen);
if (ret != MBEDTLS_ERR_BASE64_BUFFER_TOO_SMALL)
throw MbedTLSException("X509Cert::extract: can't calculate PEM size");
BufferAllocated buff(olen, 0);
ret = mbedtls_pem_write_buffer(begin_cert, end_cert, der,
der_size, buff.data(), buff.max_size(), &olen);
if (ret)
throw MbedTLSException("X509Cert::extract: can't write PEM buffer");
return std::string((const char *)buff.data());
}
std::string extract() const
{
return der_to_pem(chain->raw.p, chain->raw.len);
}
std::vector<std::string> extract_extra_certs() const
{
std::vector<std::string> extra_certs;
/* extra certificates are appended to the main one */
for (mbedtls_x509_crt *cert = chain->next; cert; cert = cert->next)
{
extra_certs.push_back(der_to_pem(cert->raw.p, cert->raw.len));
}
return extra_certs;
}
mbedtls_x509_crt* get() const
{
return chain;
}
virtual ~X509Cert()
{
dealloc();
}
protected:
void alloc()
{
if (!chain)
{
chain = new mbedtls_x509_crt;
mbedtls_x509_crt_init(chain);
}
}
mbedtls_x509_crt *chain;
private:
void dealloc()
{
if (chain)
{
mbedtls_x509_crt_free(chain);
delete chain;
chain = nullptr;
}
}
constexpr static const char* begin_cert = "-----BEGIN CERTIFICATE-----\n";;
constexpr static const char* end_cert = "-----END CERTIFICATE-----\n";;
};
}
}
#endif
Sources/OpenVPN3/openvpn/mbedtls/pki/x509crl.hpp
+119
View File
@@ -0,0 +1,119 @@
// OpenVPN -- An application to securely tunnel IP networks
// over a single port, with support for SSL/TLS-based
// session authentication and key exchange,
// packet encryption, packet authentication, and
// packet compression.
//
// Copyright (C) 2012-2017 OpenVPN Inc.
//
// This program is free software: you can redistribute it and/or modify
// it under the terms of the GNU Affero General Public License Version 3
// as published by the Free Software Foundation.
//
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU Affero General Public License for more details.
//
// You should have received a copy of the GNU Affero General Public License
// along with this program in the COPYING file.
// If not, see <http://www.gnu.org/licenses/>.
// Wrap a mbed TLS x509_crl object
#ifndef OPENVPN_MBEDTLS_PKI_X509CRL_H
#define OPENVPN_MBEDTLS_PKI_X509CRL_H
#include <string>
#include <sstream>
#include <cstring>
#include <mbedtls/x509_crl.h>
#include <openvpn/common/size.hpp>
#include <openvpn/common/exception.hpp>
#include <openvpn/common/rc.hpp>
#include <openvpn/mbedtls/util/error.hpp>
namespace openvpn {
namespace MbedTLSPKI {
class X509CRL : public RC<thread_unsafe_refcount>
{
public:
typedef RCPtr<X509CRL> Ptr;
X509CRL() : chain(nullptr) {}
X509CRL(const std::string& crl_txt)
: chain(nullptr)
{
try {
parse(crl_txt);
}
catch (...)
{
dealloc();
throw;
}
}
void parse(const std::string& crl_txt)
{
alloc();
// crl_txt.length() is increased by 1 as it does not include the NULL-terminator
// which mbedtls_x509_crl_parse() expects to see.
const int status = mbedtls_x509_crl_parse(chain,
(const unsigned char *)crl_txt.c_str(),
crl_txt.length() + 1);
if (status < 0)
{
throw MbedTLSException("error parsing CRL", status);
}
pem_chain = crl_txt;
}
std::string extract() const
{
return std::string(pem_chain);
}
mbedtls_x509_crl* get() const
{
return chain;
}
~X509CRL()
{
dealloc();
}
private:
void alloc()
{
if (!chain)
{
chain = new mbedtls_x509_crl;
std::memset(chain, 0, sizeof(mbedtls_x509_crl));
}
}
void dealloc()
{
if (chain)
{
mbedtls_x509_crl_free(chain);
delete chain;
chain = nullptr;
}
}
mbedtls_x509_crl *chain;
std::string pem_chain;
};
}
}
#endif
Sources/OpenVPN3/openvpn/mbedtls/ssl/sslctx.hpp
+1476
View File
File diff suppressed because it is too large Load Diff
Sources/OpenVPN3/openvpn/mbedtls/util/error.hpp
+141
View File
@@ -0,0 +1,141 @@
// OpenVPN -- An application to securely tunnel IP networks
// over a single port, with support for SSL/TLS-based
// session authentication and key exchange,
// packet encryption, packet authentication, and
// packet compression.
//
// Copyright (C) 2012-2017 OpenVPN Inc.
//
// This program is free software: you can redistribute it and/or modify
// it under the terms of the GNU Affero General Public License Version 3
// as published by the Free Software Foundation.
//
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU Affero General Public License for more details.
//
// You should have received a copy of the GNU Affero General Public License
// along with this program in the COPYING file.
// If not, see <http://www.gnu.org/licenses/>.
// mbed TLS exception class that allows a error code
// to be represented.
#ifndef OPENVPN_MBEDTLS_UTIL_ERROR_H
#define OPENVPN_MBEDTLS_UTIL_ERROR_H
#include <string>
#include <mbedtls/ssl.h>
#include <mbedtls/pem.h>
#include <mbedtls/error.h>
#include <openvpn/common/exception.hpp>
#include <openvpn/error/error.hpp>
#include <openvpn/error/excode.hpp>
namespace openvpn {
// string exception class
class MbedTLSException : public ExceptionCode
{
public:
MbedTLSException()
{
errnum = 0;
errtxt = "mbed TLS";
}
explicit MbedTLSException(const std::string& error_text)
{
errnum = 0;
errtxt = "mbed TLS: " + error_text;
}
explicit MbedTLSException(const std::string& error_text, const Error::Type code, const bool fatal)
: ExceptionCode(code, fatal)
{
errnum = 0;
errtxt = "mbed TLS: " + error_text;
}
explicit MbedTLSException(const std::string& error_text, const int mbedtls_errnum)
{
errnum = mbedtls_errnum;
errtxt = "mbed TLS: " + error_text + " : " + mbedtls_errtext(mbedtls_errnum);
// cite forum URL for mbed TLS invalid date
// TODO: Get a better URL for such knowledge information record
if (mbedtls_errnum == MBEDTLS_ERR_X509_INVALID_DATE)
errtxt += ", please see https://forums.openvpn.net/viewtopic.php?f=36&t=21873 for more info";
// for certain mbed TLS errors, translate them to an OpenVPN error code,
// so they can be propagated up to the higher levels (such as UI level)
switch (errnum) {
case MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:
set_code(Error::CERT_VERIFY_FAIL, true);
break;
case MBEDTLS_ERR_PK_PASSWORD_REQUIRED:
case MBEDTLS_ERR_PK_PASSWORD_MISMATCH:
set_code(Error::PEM_PASSWORD_FAIL, true);
break;
case MBEDTLS_ERR_SSL_BAD_HS_PROTOCOL_VERSION:
set_code(Error::TLS_VERSION_MIN, true);
break;
}
}
virtual const char* what() const throw() { return errtxt.c_str(); }
std::string what_str() const { return errtxt; }
int get_errnum() const { return errnum; }
virtual ~MbedTLSException() throw() {}
static std::string mbedtls_errtext(int errnum)
{
char buf[256];
mbedtls_strerror(errnum, buf, sizeof(buf));
return buf;
}
static std::string mbedtls_verify_flags_errtext(const uint32_t flags)
{
// get string rendition of flags
const size_t BUF_SIZE = 1024;
std::unique_ptr<char[]> buf(new char[BUF_SIZE]);
buf[0] = '\0';
mbedtls_x509_crt_verify_info(buf.get(), BUF_SIZE, "", flags);
// postprocess string
std::string ret;
ret.reserve(std::strlen(buf.get()) + 64);
bool newline = false;
for (size_t i = 0; i < BUF_SIZE; ++i)
{
const char c = buf[i];
if (c == '\0')
break;
else if (c == '\n')
newline = true;
else
{
if (newline)
{
ret += ", ";
newline = false;
}
ret += c;
}
}
return ret;
}
private:
std::string errtxt;
int errnum;
};
}
#endif
Sources/OpenVPN3/openvpn/mbedtls/util/pem.hpp
+77
View File
@@ -0,0 +1,77 @@
// OpenVPN -- An application to securely tunnel IP networks
// over a single port, with support for SSL/TLS-based
// session authentication and key exchange,
// packet encryption, packet authentication, and
// packet compression.
//
// Copyright (C) 2017-2018 OpenVPN Technologies, Inc.
//
// This program is free software: you can redistribute it and/or modify
// it under the terms of the GNU General Public License Version 3
// as published by the Free Software Foundation.
//
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU General Public License for more details.
//
// You should have received a copy of the GNU General Public License
// along with this program in the COPYING file.
// If not, see <http://www.gnu.org/licenses/>.
// Wrap the mbedTLS PEM API defined in <mbedtls/pem.h> so
// that it can be used as part of the crypto layer of the OpenVPN core.
#ifndef OPENVPN_MBEDTLS_UTIL_PEM_H
#define OPENVPN_MBEDTLS_UTIL_PEM_H
#include <mbedtls/pem.h>
namespace openvpn {
class MbedTLSPEM
{
public:
static bool pem_encode(BufferAllocated& dst, const unsigned char *src,
size_t src_len, const std::string& key_name)
{
std::string header = "-----BEGIN " + key_name + "-----\n";
std::string footer = "-----END " + key_name + "-----\n";
size_t out_len = 0;
int ret = mbedtls_pem_write_buffer(header.c_str(), footer.c_str(),
src, src_len, dst.data(),
dst.max_size(), &out_len);
if (ret == 0)
dst.set_size(out_len);
else
{
char buf[128];
mbedtls_strerror(ret, buf, 128);
OPENVPN_LOG("mbedtls_pem_write_buffer error: " << buf);
}
return (ret == 0);
}
static bool pem_decode(BufferAllocated& dst, const char *src,
size_t src_len, const std::string& key_name)
{
std::string header = "-----BEGIN " + key_name + "-----";
std::string footer = "-----END " + key_name + "-----";
mbedtls_pem_context ctx = { };
size_t out_len = 0;
int ret = mbedtls_pem_read_buffer(&ctx, header.c_str(), footer.c_str(),
(unsigned char *)src, nullptr, 0,
&out_len);
if (ret == 0)
dst.init(ctx.buf, ctx.buflen, BufferAllocated::DESTRUCT_ZERO);
mbedtls_pem_free(&ctx);
return (ret == 0);
}
};
};
#endif /* OPENVPN_MBEDTLS_UTIL_PEM_H */
Sources/OpenVPN3/openvpn/mbedtls/util/pkcs1.hpp
+71
View File
@@ -0,0 +1,71 @@
// OpenVPN -- An application to securely tunnel IP networks
// over a single port, with support for SSL/TLS-based
// session authentication and key exchange,
// packet encryption, packet authentication, and
// packet compression.
//
// Copyright (C) 2012-2017 OpenVPN Inc.
//
// This program is free software: you can redistribute it and/or modify
// it under the terms of the GNU Affero General Public License Version 3
// as published by the Free Software Foundation.
//
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU Affero General Public License for more details.
//
// You should have received a copy of the GNU Affero General Public License
// along with this program in the COPYING file.
// If not, see <http://www.gnu.org/licenses/>.
#ifndef OPENVPN_MBEDTLS_UTIL_PKCS1_H
#define OPENVPN_MBEDTLS_UTIL_PKCS1_H
#include <openvpn/pki/pkcs1.hpp>
namespace openvpn {
namespace PKCS1 {
namespace DigestPrefix {
class MbedTLSParse : public Parse<mbedtls_md_type_t>
{
public:
MbedTLSParse()
: Parse(MBEDTLS_MD_NONE,
MBEDTLS_MD_MD2,
MBEDTLS_MD_MD5,
MBEDTLS_MD_SHA1,
MBEDTLS_MD_SHA256,
MBEDTLS_MD_SHA384,
MBEDTLS_MD_SHA512)
{
}
static const char *to_string(const mbedtls_md_type_t t)
{
switch (t)
{
case MBEDTLS_MD_NONE:
return "MBEDTLS_MD_NONE";
case MBEDTLS_MD_MD2:
return "MBEDTLS_MD_MD2";
case MBEDTLS_MD_MD5:
return "MBEDTLS_MD_MD5";
case MBEDTLS_MD_SHA1:
return "MBEDTLS_MD_SHA1";
case MBEDTLS_MD_SHA256:
return "MBEDTLS_MD_SHA256";
case MBEDTLS_MD_SHA384:
return "MBEDTLS_MD_SHA384";
case MBEDTLS_MD_SHA512:
return "MBEDTLS_MD_SHA512";
default:
return "MBEDTLS_MD_???";
}
}
};
}
}
}
#endif
Sources/OpenVPN3/openvpn/mbedtls/util/rand.hpp
+135
View File
@@ -0,0 +1,135 @@
// OpenVPN -- An application to securely tunnel IP networks
// over a single port, with support for SSL/TLS-based
// session authentication and key exchange,
// packet encryption, packet authentication, and
// packet compression.
//
// Copyright (C) 2012-2017 OpenVPN Inc.
//
// This program is free software: you can redistribute it and/or modify
// it under the terms of the GNU Affero General Public License Version 3
// as published by the Free Software Foundation.
//
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU Affero General Public License for more details.
//
// You should have received a copy of the GNU Affero General Public License
// along with this program in the COPYING file.
// If not, see <http://www.gnu.org/licenses/>.
// Wrap the mbed TLS Cryptographic Random API defined in <mbedtls/ctr_drbg.h>
// so that it can be used as the primary source of cryptographic entropy by
// the OpenVPN core.
#ifndef OPENVPN_MBEDTLS_UTIL_RAND_H
#define OPENVPN_MBEDTLS_UTIL_RAND_H
#include <mbedtls/entropy.h>
#include <mbedtls/entropy_poll.h>
#include <mbedtls/ctr_drbg.h>
#include <openvpn/random/randapi.hpp>
#include <openvpn/mbedtls/util/error.hpp>
namespace openvpn {
class MbedTLSRandom : public RandomAPI
{
public:
OPENVPN_EXCEPTION(rand_error_mbedtls);
typedef RCPtr<MbedTLSRandom> Ptr;
MbedTLSRandom(const bool prng, RandomAPI::Ptr entropy_source)
: entropy(std::move(entropy_source))
{
// Init RNG context
mbedtls_ctr_drbg_init(&ctx);
// Seed RNG
const int errnum = mbedtls_ctr_drbg_seed(&ctx, entropy_poll, entropy.get(), nullptr, 0);
if (errnum < 0)
throw MbedTLSException("mbedtls_ctr_drbg_seed", errnum);
// If prng is set, configure for higher performance
// by reseeding less frequently.
if (prng)
mbedtls_ctr_drbg_set_reseed_interval(&ctx, 1000000);
}
MbedTLSRandom(const bool prng)
: MbedTLSRandom(prng, RandomAPI::Ptr()) { }
virtual ~MbedTLSRandom()
{
// Free RNG context
mbedtls_ctr_drbg_free(&ctx);
}
// Random algorithm name
virtual std::string name() const
{
const std::string n = "mbedTLS-CTR_DRBG";
if (entropy)
return n + '+' + entropy->name();
else
return n;
}
// Return true if algorithm is crypto-strength
virtual bool is_crypto() const
{
return true;
}
// Fill buffer with random bytes
virtual void rand_bytes(unsigned char *buf, size_t size)
{
const int errnum = rndbytes(buf, size);
if (errnum < 0)
throw MbedTLSException("mbedtls_ctr_drbg_random", errnum);
}
// Like rand_bytes, but don't throw exception.
// Return true on successs, false on fail.
virtual bool rand_bytes_noexcept(unsigned char *buf, size_t size)
{
return rndbytes(buf, size) >= 0;
}
private:
int rndbytes(unsigned char *buf, size_t size)
{
return mbedtls_ctr_drbg_random(&ctx, buf, size);
}
static int entropy_poll(void *arg, unsigned char *output, size_t len)
{
if (arg)
{
RandomAPI* entropy = (RandomAPI*)arg;
if (entropy->rand_bytes_noexcept(output, len))
return 0;
else
return MBEDTLS_ERR_ENTROPY_SOURCE_FAILED;
}
else
{
#ifndef OPENVPN_DISABLE_MBEDTLS_PLATFORM_ENTROPY_POLL
size_t olen;
return mbedtls_platform_entropy_poll(nullptr, output, len, &olen);
#else
return MBEDTLS_ERR_ENTROPY_SOURCE_FAILED;
#endif
}
}
mbedtls_ctr_drbg_context ctx;
RandomAPI::Ptr entropy;
};
}
#endif
Sources/OpenVPN3/openvpn/mbedtls/util/selftest.hpp
+56
View File
@@ -0,0 +1,56 @@
// OpenVPN -- An application to securely tunnel IP networks
// over a single port, with support for SSL/TLS-based
// session authentication and key exchange,
// packet encryption, packet authentication, and
// packet compression.
//
// Copyright (C) 2012-2017 OpenVPN Inc.
//
// This program is free software: you can redistribute it and/or modify
// it under the terms of the GNU Affero General Public License Version 3
// as published by the Free Software Foundation.
//
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU Affero General Public License for more details.
//
// You should have received a copy of the GNU Affero General Public License
// along with this program in the COPYING file.
// If not, see <http://www.gnu.org/licenses/>.
// Call various mbed TLS self-test functions
#ifndef OPENVPN_MBEDTLS_UTIL_SELFTEST_H
#define OPENVPN_MBEDTLS_UTIL_SELFTEST_H
#include <sstream>
#include <mbedtls/bignum.h>
#include <mbedtls/config.h>
#include <mbedtls/cipher.h>
#include <mbedtls/aes.h>
#include <mbedtls/sha1.h>
#include <mbedtls/sha256.h>
#include <mbedtls/sha512.h>
namespace openvpn {
inline std::string crypto_self_test_mbedtls()
{
std::ostringstream os;
#ifdef MBEDTLS_SELF_TEST
const int verbose = 1;
os << "mbed TLS self test (tests return 0 if successful):" << std::endl;
os << " mbedlts_aes_self_test status=" << mbedtls_aes_self_test(verbose) << std::endl;
os << " mbedtls_sha1_self_test status=" << mbedtls_sha1_self_test(verbose) << std::endl;
os << " mbedtls_sha256_self_test status=" << mbedtls_sha256_self_test(verbose) << std::endl;
os << " mbedtls_sha512_self_test status=" << mbedtls_sha512_self_test(verbose) << std::endl;
os << " mbedtls_mpi_self_test status=" << mbedtls_mpi_self_test(verbose) << std::endl;
#else
os << "mbed TLS self test: not compiled" << std::endl;
#endif
return os.str();
}
}
#endif