github/OpenVPNAdapter
4
0
Fork 0
mirror of https://github.com/deneraraujo/OpenVPNAdapter.git synced 2026-04-24 00:00:05 +08:00
Code Issues Packages Projects Releases Wiki Activity

Merge commit '86cc97e55fe346502462284d2e636a2b3708163e' as 'Sources/OpenVPN3'

Browse Source
This commit is contained in:
Sergey Abramchuk
2020-02-24 14:43:11 +03:00
parent 133b3756e6 86cc97e55f
commit 32f1555929
655 changed files with 146468 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
Sources/OpenVPN3/openvpn/openssl/crypto/api.hpp
+46
View File
@@ -0,0 +1,46 @@
// OpenVPN -- An application to securely tunnel IP networks
// over a single port, with support for SSL/TLS-based
// session authentication and key exchange,
// packet encryption, packet authentication, and
// packet compression.
//
// Copyright (C) 2012-2017 OpenVPN Inc.
//
// This program is free software: you can redistribute it and/or modify
// it under the terms of the GNU Affero General Public License Version 3
// as published by the Free Software Foundation.
//
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU Affero General Public License for more details.
//
// You should have received a copy of the GNU Affero General Public License
// along with this program in the COPYING file.
// If not, see <http://www.gnu.org/licenses/>.
#ifndef OPENVPN_OPENSSL_CRYPTO_API_H
#define OPENVPN_OPENSSL_CRYPTO_API_H
#include <openvpn/openssl/crypto/cipher.hpp>
#include <openvpn/openssl/crypto/ciphergcm.hpp>
#include <openvpn/openssl/crypto/digest.hpp>
#include <openvpn/openssl/crypto/hmac.hpp>
namespace openvpn {
// type container for OpenSSL Crypto-level API
struct OpenSSLCryptoAPI {
// cipher
typedef OpenSSLCrypto::CipherContext CipherContext;
typedef OpenSSLCrypto::CipherContextGCM CipherContextGCM;
// digest
typedef OpenSSLCrypto::DigestContext DigestContext;
// HMAC
typedef OpenSSLCrypto::HMACContext HMACContext;
};
}
#endif
Sources/OpenVPN3/openvpn/openssl/crypto/cipher.hpp
+200
View File
@@ -0,0 +1,200 @@
// OpenVPN -- An application to securely tunnel IP networks
// over a single port, with support for SSL/TLS-based
// session authentication and key exchange,
// packet encryption, packet authentication, and
// packet compression.
//
// Copyright (C) 2012-2017 OpenVPN Inc.
//
// This program is free software: you can redistribute it and/or modify
// it under the terms of the GNU Affero General Public License Version 3
// as published by the Free Software Foundation.
//
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU Affero General Public License for more details.
//
// You should have received a copy of the GNU Affero General Public License
// along with this program in the COPYING file.
// If not, see <http://www.gnu.org/licenses/>.
// Wrap the OpenSSL cipher API defined in <openssl/evp.h> so
// that it can be used as part of the crypto layer of the OpenVPN core.
#ifndef OPENVPN_OPENSSL_CRYPTO_CIPHER_H
#define OPENVPN_OPENSSL_CRYPTO_CIPHER_H
#include <string>
#include <openssl/objects.h>
#include <openssl/evp.h>
#include <openvpn/common/size.hpp>
#include <openvpn/common/exception.hpp>
#include <openvpn/crypto/static_key.hpp>
#include <openvpn/crypto/cryptoalgs.hpp>
#include <openvpn/openssl/util/error.hpp>
#include <openvpn/openssl/compat.hpp>
namespace openvpn {
namespace OpenSSLCrypto {
class CipherContext
{
CipherContext(const CipherContext&) = delete;
CipherContext& operator=(const CipherContext&) = delete;
public:
OPENVPN_SIMPLE_EXCEPTION(openssl_cipher_mode_error);
OPENVPN_SIMPLE_EXCEPTION(openssl_cipher_uninitialized);
OPENVPN_EXCEPTION(openssl_cipher_error);
// mode parameter for constructor
enum {
MODE_UNDEF = -1,
ENCRYPT = 1,
DECRYPT = 0
};
// OpenSSL cipher constants
enum {
MAX_IV_LENGTH = EVP_MAX_IV_LENGTH,
CIPH_CBC_MODE = EVP_CIPH_CBC_MODE
};
CipherContext()
: initialized(false)
{
}
~CipherContext() { erase() ; }
void init(const CryptoAlgs::Type alg, const unsigned char *key, const int mode)
{
// check that mode is valid
if (!(mode == ENCRYPT || mode == DECRYPT))
throw openssl_cipher_mode_error();
erase();
ctx = EVP_CIPHER_CTX_new ();
EVP_CIPHER_CTX_reset (ctx);
if (!EVP_CipherInit_ex (ctx, cipher_type(alg), nullptr, key, nullptr, mode))
{
openssl_clear_error_stack();
throw openssl_cipher_error("EVP_CipherInit_ex (init)");
}
initialized = true;
}
void reset(const unsigned char *iv)
{
check_initialized();
if (!EVP_CipherInit_ex (ctx, nullptr, nullptr, nullptr, iv, -1))
{
openssl_clear_error_stack();
throw openssl_cipher_error("EVP_CipherInit_ex (reset)");
}
}
bool update(unsigned char *out, const size_t max_out_size,
const unsigned char *in, const size_t in_size,
size_t& out_acc)
{
check_initialized();
int outlen;
if (EVP_CipherUpdate (ctx, out, &outlen, in, int(in_size)))
{
out_acc += outlen;
return true;
}
else
{
openssl_clear_error_stack();
return false;
}
}
bool final(unsigned char *out, const size_t max_out_size, size_t& out_acc)
{
check_initialized();
int outlen;
if (EVP_CipherFinal_ex (ctx, out, &outlen))
{
out_acc += outlen;
return true;
}
else
{
openssl_clear_error_stack();
return false;
}
}
bool is_initialized() const { return initialized; }
size_t iv_length() const
{
check_initialized();
return EVP_CIPHER_CTX_iv_length (ctx);
}
size_t block_size() const
{
check_initialized();
return EVP_CIPHER_CTX_block_size (ctx);
}
// return cipher mode (such as CIPH_CBC_MODE, etc.)
int cipher_mode() const
{
check_initialized();
return EVP_CIPHER_CTX_mode (ctx);
}
private:
static const EVP_CIPHER *cipher_type(const CryptoAlgs::Type alg)
{
switch (alg)
{
case CryptoAlgs::AES_128_CBC:
return EVP_aes_128_cbc();
case CryptoAlgs::AES_192_CBC:
return EVP_aes_192_cbc();
case CryptoAlgs::AES_256_CBC:
return EVP_aes_256_cbc();
case CryptoAlgs::AES_256_CTR:
return EVP_aes_256_ctr();
case CryptoAlgs::DES_CBC:
return EVP_des_cbc();
case CryptoAlgs::DES_EDE3_CBC:
return EVP_des_ede3_cbc();
case CryptoAlgs::BF_CBC:
return EVP_bf_cbc();
default:
OPENVPN_THROW(openssl_cipher_error, CryptoAlgs::name(alg) << ": not usable");
}
}
void erase()
{
if (initialized)
{
EVP_CIPHER_CTX_free (ctx);
initialized = false;
}
}
void check_initialized() const
{
#ifdef OPENVPN_ENABLE_ASSERT
if (!initialized)
throw openssl_cipher_uninitialized();
#endif
}
bool initialized;
EVP_CIPHER_CTX* ctx;
};
}
}
#endif
Sources/OpenVPN3/openvpn/openssl/crypto/ciphergcm.hpp
+245
View File
@@ -0,0 +1,245 @@
// OpenVPN -- An application to securely tunnel IP networks
// over a single port, with support for SSL/TLS-based
// session authentication and key exchange,
// packet encryption, packet authentication, and
// packet compression.
//
// Copyright (C) 2012-2017 OpenVPN Inc.
//
// This program is free software: you can redistribute it and/or modify
// it under the terms of the GNU Affero General Public License Version 3
// as published by the Free Software Foundation.
//
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU Affero General Public License for more details.
//
// You should have received a copy of the GNU Affero General Public License
// along with this program in the COPYING file.
// If not, see <http://www.gnu.org/licenses/>.
// Wrap the OpenSSL GCM API.
#ifndef OPENVPN_OPENSSL_CRYPTO_CIPHERGCM_H
#define OPENVPN_OPENSSL_CRYPTO_CIPHERGCM_H
#include <string>
#include <openssl/objects.h>
#include <openssl/evp.h>
#include <openvpn/common/size.hpp>
#include <openvpn/common/exception.hpp>
#include <openvpn/common/likely.hpp>
#include <openvpn/crypto/static_key.hpp>
#include <openvpn/crypto/cryptoalgs.hpp>
#include <openvpn/openssl/util/error.hpp>
namespace openvpn {
namespace OpenSSLCrypto {
class CipherContextGCM
{
CipherContextGCM(const CipherContextGCM&) = delete;
CipherContextGCM& operator=(const CipherContextGCM&) = delete;
public:
OPENVPN_EXCEPTION(openssl_gcm_error);
// mode parameter for constructor
enum {
MODE_UNDEF = -1,
ENCRYPT = 1,
DECRYPT = 0
};
// OpenSSL cipher constants
enum {
IV_LEN = 12,
AUTH_TAG_LEN = 16,
SUPPORTS_IN_PLACE_ENCRYPT = 0,
};
CipherContextGCM()
: initialized(false)
{
}
~CipherContextGCM() { erase() ; }
void init(const CryptoAlgs::Type alg,
const unsigned char *key,
const unsigned int keysize,
const int mode)
{
erase();
unsigned int ckeysz = 0;
const EVP_CIPHER *ciph = cipher_type(alg, ckeysz);
if (ckeysz > keysize)
throw openssl_gcm_error("insufficient key material");
ctx = EVP_CIPHER_CTX_new();
EVP_CIPHER_CTX_reset(ctx);
switch (mode)
{
case ENCRYPT:
if (!EVP_EncryptInit_ex(ctx, ciph, nullptr, key, nullptr))
{
openssl_clear_error_stack();
throw openssl_gcm_error("EVP_EncryptInit_ex (init)");
}
break;
case DECRYPT:
if (!EVP_DecryptInit_ex(ctx, ciph, nullptr, key, nullptr))
{
openssl_clear_error_stack();
throw openssl_gcm_error("EVP_DecryptInit_ex (init)");
}
break;
default:
throw openssl_gcm_error("bad mode");
}
if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, IV_LEN, nullptr) != 1)
{
openssl_clear_error_stack();
throw openssl_gcm_error("EVP_CIPHER_CTX_ctrl set IV len");
}
initialized = true;
}
void encrypt(const unsigned char *input,
unsigned char *output,
size_t length,
const unsigned char *iv,
unsigned char *tag,
const unsigned char *ad,
size_t ad_len)
{
int len;
int ciphertext_len;
check_initialized();
if (!EVP_EncryptInit_ex(ctx, nullptr, nullptr, nullptr, iv))
{
openssl_clear_error_stack();
throw openssl_gcm_error("EVP_EncryptInit_ex (reset)");
}
if (!EVP_EncryptUpdate(ctx, nullptr, &len, ad, int(ad_len)))
{
openssl_clear_error_stack();
throw openssl_gcm_error("EVP_EncryptUpdate AD");
}
if (!EVP_EncryptUpdate(ctx, output, &len, input, int(length)))
{
openssl_clear_error_stack();
throw openssl_gcm_error("EVP_EncryptUpdate data");
}
ciphertext_len = len;
if (!EVP_EncryptFinal_ex(ctx, output+len, &len))
{
openssl_clear_error_stack();
throw openssl_gcm_error("EVP_EncryptFinal_ex");
}
ciphertext_len += len;
if (ciphertext_len != length)
{
throw openssl_gcm_error("encrypt size inconsistency");
}
if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_GET_TAG, AUTH_TAG_LEN, tag))
{
openssl_clear_error_stack();
throw openssl_gcm_error("EVP_CIPHER_CTX_ctrl get tag");
}
}
bool decrypt(const unsigned char *input,
unsigned char *output,
size_t length,
const unsigned char *iv,
unsigned char *tag,
const unsigned char *ad,
size_t ad_len)
{
int len;
int plaintext_len;
check_initialized();
if (!EVP_DecryptInit_ex(ctx, nullptr, nullptr, nullptr, iv))
{
openssl_clear_error_stack();
throw openssl_gcm_error("EVP_DecryptInit_ex (reset)");
}
if (!EVP_DecryptUpdate(ctx, nullptr, &len, ad, int(ad_len)))
{
openssl_clear_error_stack();
throw openssl_gcm_error("EVP_DecryptUpdate AD");
}
if (!EVP_DecryptUpdate(ctx, output, &len, input, int(length)))
{
openssl_clear_error_stack();
throw openssl_gcm_error("EVP_DecryptUpdate data");
}
plaintext_len = len;
if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_TAG, AUTH_TAG_LEN, tag))
{
openssl_clear_error_stack();
throw openssl_gcm_error("EVP_CIPHER_CTX_ctrl set tag");
}
if (!EVP_DecryptFinal_ex(ctx, output+len, &len))
{
openssl_clear_error_stack();
return false;
}
plaintext_len += len;
if (plaintext_len != length)
{
throw openssl_gcm_error("decrypt size inconsistency");
}
return true;
}
bool is_initialized() const { return initialized; }
private:
static const EVP_CIPHER *cipher_type(const CryptoAlgs::Type alg,
unsigned int& keysize)
{
switch (alg)
{
case CryptoAlgs::AES_128_GCM:
keysize = 16;
return EVP_aes_128_gcm();
case CryptoAlgs::AES_192_GCM:
keysize = 24;
return EVP_aes_192_gcm();
case CryptoAlgs::AES_256_GCM:
keysize = 32;
return EVP_aes_256_gcm();
default:
OPENVPN_THROW(openssl_gcm_error, CryptoAlgs::name(alg) << ": not usable");
}
}
void erase()
{
if (initialized)
{
EVP_CIPHER_CTX_free(ctx);
initialized = false;
}
}
void check_initialized() const
{
#ifdef OPENVPN_ENABLE_ASSERT
if (unlikely(!initialized))
throw openssl_gcm_error("uninitialized");
#endif
}
bool initialized;
EVP_CIPHER_CTX *ctx;
};
}
}
#endif
Sources/OpenVPN3/openvpn/openssl/crypto/digest.hpp
+168
View File
@@ -0,0 +1,168 @@
// OpenVPN -- An application to securely tunnel IP networks
// over a single port, with support for SSL/TLS-based
// session authentication and key exchange,
// packet encryption, packet authentication, and
// packet compression.
//
// Copyright (C) 2012-2017 OpenVPN Inc.
//
// This program is free software: you can redistribute it and/or modify
// it under the terms of the GNU Affero General Public License Version 3
// as published by the Free Software Foundation.
//
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU Affero General Public License for more details.
//
// You should have received a copy of the GNU Affero General Public License
// along with this program in the COPYING file.
// If not, see <http://www.gnu.org/licenses/>.
// Wrap the OpenSSL digest API defined in <openssl/evp.h>
// so that it can be used as part of the crypto layer of the OpenVPN core.
#ifndef OPENVPN_OPENSSL_CRYPTO_DIGEST_H
#define OPENVPN_OPENSSL_CRYPTO_DIGEST_H
#include <string>
#include <openssl/objects.h>
#include <openssl/evp.h>
#include <openssl/md4.h>
#include <openssl/md5.h>
#include <openssl/sha.h>
#include <openssl/hmac.h>
#include <openvpn/common/size.hpp>
#include <openvpn/common/exception.hpp>
#include <openvpn/crypto/cryptoalgs.hpp>
#include <openvpn/openssl/util/error.hpp>
#include <openvpn/openssl/compat.hpp>
namespace openvpn {
namespace OpenSSLCrypto {
class HMACContext;
class DigestContext
{
DigestContext(const DigestContext&) = delete;
DigestContext& operator=(const DigestContext&) = delete;
public:
friend class HMACContext;
OPENVPN_SIMPLE_EXCEPTION(openssl_digest_uninitialized);
OPENVPN_EXCEPTION(openssl_digest_error);
enum {
MAX_DIGEST_SIZE = EVP_MAX_MD_SIZE
};
DigestContext()
: initialized(false)
{
}
DigestContext(const CryptoAlgs::Type alg)
: initialized(false)
{
init(alg);
}
~DigestContext() { erase() ; }
void init(const CryptoAlgs::Type alg)
{
erase();
ctx=EVP_MD_CTX_new ();
if (!EVP_DigestInit(ctx, digest_type(alg)))
{
openssl_clear_error_stack();
throw openssl_digest_error("EVP_DigestInit");
}
initialized = true;
}
void update(const unsigned char *in, const size_t size)
{
check_initialized();
if (!EVP_DigestUpdate(ctx, in, int(size)))
{
openssl_clear_error_stack();
throw openssl_digest_error("EVP_DigestUpdate");
}
}
size_t final(unsigned char *out)
{
check_initialized();
unsigned int outlen;
if (!EVP_DigestFinal(ctx, out, &outlen))
{
openssl_clear_error_stack();
throw openssl_digest_error("EVP_DigestFinal");
}
return outlen;
}
size_t size() const
{
check_initialized();
return EVP_MD_CTX_size(ctx);
}
bool is_initialized() const { return initialized; }
private:
static const EVP_MD *digest_type(const CryptoAlgs::Type alg)
{
switch (alg)
{
case CryptoAlgs::MD4:
return EVP_md4();
case CryptoAlgs::MD5:
return EVP_md5();
case CryptoAlgs::SHA1:
return EVP_sha1();
case CryptoAlgs::SHA224:
return EVP_sha224();
case CryptoAlgs::SHA256:
return EVP_sha256();
case CryptoAlgs::SHA384:
return EVP_sha384();
case CryptoAlgs::SHA512:
return EVP_sha512();
default:
OPENVPN_THROW(openssl_digest_error, CryptoAlgs::name(alg) << ": not usable");
}
}
void erase()
{
if (initialized)
{
#if OPENSSL_VERSION_NUMBER < 0x10100000L
EVP_MD_CTX_cleanup(ctx);
#endif
EVP_MD_CTX_free(ctx);
initialized = false;
}
}
void check_initialized() const
{
#ifdef OPENVPN_ENABLE_ASSERT
if (!initialized)
throw openssl_digest_uninitialized();
#endif
}
bool initialized;
EVP_MD_CTX *ctx;
};
}
}
#endif
Sources/OpenVPN3/openvpn/openssl/crypto/hmac.hpp
+148
View File
@@ -0,0 +1,148 @@
// OpenVPN -- An application to securely tunnel IP networks
// over a single port, with support for SSL/TLS-based
// session authentication and key exchange,
// packet encryption, packet authentication, and
// packet compression.
//
// Copyright (C) 2012-2017 OpenVPN Inc.
//
// This program is free software: you can redistribute it and/or modify
// it under the terms of the GNU Affero General Public License Version 3
// as published by the Free Software Foundation.
//
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU Affero General Public License for more details.
//
// You should have received a copy of the GNU Affero General Public License
// along with this program in the COPYING file.
// If not, see <http://www.gnu.org/licenses/>.
// Wrap the OpenSSL HMAC API defined in <openssl/hmac.h> so
// that it can be used as part of the crypto layer of the OpenVPN core.
#ifndef OPENVPN_OPENSSL_CRYPTO_HMAC_H
#define OPENVPN_OPENSSL_CRYPTO_HMAC_H
#include <string>
#include <openvpn/common/size.hpp>
#include <openvpn/common/exception.hpp>
#include <openvpn/openssl/crypto/digest.hpp>
#include <openvpn/openssl/compat.hpp>
namespace openvpn {
namespace OpenSSLCrypto {
class HMACContext
{
HMACContext(const HMACContext&) = delete;
HMACContext& operator=(const HMACContext&) = delete;
public:
OPENVPN_SIMPLE_EXCEPTION(openssl_hmac_uninitialized);
OPENVPN_EXCEPTION(openssl_hmac_error);
enum {
MAX_HMAC_SIZE = EVP_MAX_MD_SIZE
};
HMACContext()
: initialized(false)
{
}
HMACContext(const CryptoAlgs::Type digest, const unsigned char *key, const size_t key_size)
: initialized(false)
{
init(digest, key, key_size);
}
~HMACContext() { erase() ; }
void init(const CryptoAlgs::Type digest, const unsigned char *key, const size_t key_size)
{
erase();
ctx = HMAC_CTX_new ();
if (!HMAC_Init_ex (ctx, key, int(key_size), DigestContext::digest_type(digest), nullptr))
{
openssl_clear_error_stack();
throw openssl_hmac_error("HMAC_Init_ex (init)");
}
initialized = true;
}
void reset()
{
check_initialized();
if (!HMAC_Init_ex (ctx, nullptr, 0, nullptr, nullptr))
{
openssl_clear_error_stack();
throw openssl_hmac_error("HMAC_Init_ex (reset)");
}
}
void update(const unsigned char *in, const size_t size)
{
check_initialized();
if (!HMAC_Update(ctx, in, int(size)))
{
openssl_clear_error_stack();
throw openssl_hmac_error("HMAC_Update");
}
}
size_t final(unsigned char *out)
{
check_initialized();
unsigned int outlen;
if (!HMAC_Final(ctx, out, &outlen))
{
openssl_clear_error_stack();
throw openssl_hmac_error("HMAC_Final");
}
return outlen;
}
size_t size() const
{
check_initialized();
return size_();
}
bool is_initialized() const { return initialized; }
private:
void erase()
{
if (initialized)
{
#if OPENSSL_VERSION_NUMBER < 0x10100000L
#endif
HMAC_CTX_free(ctx);
initialized = false;
}
}
size_t size_() const
{
return HMAC_size(ctx);
}
void check_initialized() const
{
#ifdef OPENVPN_ENABLE_ASSERT
if (!initialized)
throw openssl_hmac_uninitialized();
#endif
}
bool initialized;
HMAC_CTX* ctx;
};
}
}
#endif