| blob | bf81595ad6551cfd0943642085232a4c95ed93b2 |
1 /*
2 * OpenVPN -- An application to securely tunnel IP networks
3 * over a single TCP/UDP port, with support for SSL/TLS-based
4 * session authentication and key exchange,
5 * packet encryption, packet authentication, and
6 * packet compression.
7 *
8 * Copyright (C) 2002-2005 OpenVPN Solutions LLC <info@openvpn.net>
9 *
10 * This program is free software; you can redistribute it and/or modify
11 * it under the terms of the GNU General Public License version 2
12 * as published by the Free Software Foundation.
13 *
14 * This program is distributed in the hope that it will be useful,
15 * but WITHOUT ANY WARRANTY; without even the implied warranty of
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 * GNU General Public License for more details.
18 *
19 * You should have received a copy of the GNU General Public License
20 * along with this program (see the file COPYING included with this
21 * distribution); if not, write to the Free Software Foundation, Inc.,
22 * 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
23 */
25 #ifndef CRYPTO_H
26 #define CRYPTO_H
27 #ifdef USE_CRYPTO
29 /*
30 * Does our OpenSSL library support crypto hardware acceleration?
31 */
32 #if defined(HAVE_OPENSSL_ENGINE_H) && defined(HAVE_ENGINE_LOAD_BUILTIN_ENGINES) && defined(HAVE_ENGINE_REGISTER_ALL_COMPLETE) && defined(HAVE_ENGINE_CLEANUP)
33 #define CRYPTO_ENGINE 1
34 #else
35 #define CRYPTO_ENGINE 0
36 #endif
38 #include <openssl/objects.h>
39 #include <openssl/rand.h>
40 #include <openssl/evp.h>
41 #include <openssl/hmac.h>
42 #include <openssl/des.h>
43 #include <openssl/md5.h>
44 #if NTLM
45 #include <openssl/md4.h>
46 #endif
47 #include <openssl/sha.h>
48 #include <openssl/err.h>
50 #if CRYPTO_ENGINE
51 #include <openssl/engine.h>
52 #endif
54 #if SSLEAY_VERSION_NUMBER >= 0x00907000L
55 #include <openssl/des_old.h>
56 #endif
63 /*
64 * Workarounds for incompatibilites between OpenSSL libraries.
65 * Right now we accept OpenSSL libraries from 0.9.5 to 0.9.7.
66 */
68 #if SSLEAY_VERSION_NUMBER < 0x00907000L
70 /* Workaround: EVP_CIPHER_mode is defined wrong in OpenSSL 0.9.6 but is fixed in 0.9.7 */
71 #undef EVP_CIPHER_mode
72 #define EVP_CIPHER_mode(e) (((e)->flags) & EVP_CIPH_MODE)
74 #define DES_cblock des_cblock
75 #define DES_is_weak_key des_is_weak_key
76 #define DES_check_key_parity des_check_key_parity
77 #define DES_set_odd_parity des_set_odd_parity
79 #define HMAC_CTX_init(ctx) CLEAR (*ctx)
80 #define HMAC_Init_ex(ctx,sec,len,md,impl) HMAC_Init(ctx, sec, len, md)
81 #define HMAC_CTX_cleanup(ctx) HMAC_cleanup(ctx)
82 #define EVP_MD_CTX_cleanup(md) CLEAR (*md)
84 #define INFO_CALLBACK_SSL_CONST
86 #endif
88 #ifndef INFO_CALLBACK_SSL_CONST
89 #define INFO_CALLBACK_SSL_CONST const
90 #endif
92 #if SSLEAY_VERSION_NUMBER < 0x00906000
94 #undef EVP_CIPHER_mode
95 #define EVP_CIPHER_mode(x) 1
96 #define EVP_CIPHER_CTX_mode(x) 1
97 #define EVP_CIPHER_flags(x) 0
99 #define EVP_CIPH_CBC_MODE 1
100 #define EVP_CIPH_CFB_MODE 0
101 #define EVP_CIPH_OFB_MODE 0
102 #define EVP_CIPH_VARIABLE_LENGTH 0
104 #define OPENSSL_malloc(x) malloc(x)
105 #define OPENSSL_free(x) free(x)
108 EVP_CipherInit_ov (EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, uint8_t *key, uint8_t *iv, int enc)
109 {
112 }
116 {
119 }
123 {
127 else
129 }
131 #else
134 EVP_CipherInit_ov (EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, uint8_t *key, uint8_t *iv, int enc)
135 {
137 }
141 {
143 }
147 {
149 }
151 #endif
153 #if SSLEAY_VERSION_NUMBER < 0x0090581f
154 #undef DES_check_key_parity
155 #define DES_check_key_parity(x) 1
156 #endif
158 #ifndef EVP_CIPHER_name
159 #define EVP_CIPHER_name(e) OBJ_nid2sn(EVP_CIPHER_nid(e))
160 #endif
162 #ifndef EVP_MD_name
163 #define EVP_MD_name(e) OBJ_nid2sn(EVP_MD_type(e))
164 #endif
166 /*
167 * Max size in bytes of any cipher key that might conceivably be used.
168 *
169 * This value is checked at compile time in crypto.c to make sure
170 * it is always at least EVP_MAX_KEY_LENGTH.
171 *
172 * We define our own value, since this parameter
173 * is used to control the size of static key files.
174 * If the OpenSSL library increases EVP_MAX_KEY_LENGTH,
175 * we don't want our key files to be suddenly rendered
176 * unusable.
177 */
178 #define MAX_CIPHER_KEY_LENGTH 64
180 /*
181 * Max size in bytes of any HMAC key that might conceivably be used.
182 *
183 * This value is checked at compile time in crypto.c to make sure
184 * it is always at least EVP_MAX_MD_SIZE. We define our own value
185 * for the same reason as above.
186 */
187 #define MAX_HMAC_KEY_LENGTH 64
189 /*
190 * Defines a key type and key length for both cipher and HMAC.
191 */
192 struct key_type
193 {
198 };
200 /*
201 * A random key.
202 */
203 struct key
204 {
207 };
213 /*
214 * Dual random keys (for encrypt/decrypt)
215 */
216 struct key2
217 {
220 };
222 /*
223 * Used for controlling bidirectional keys
224 * vs. a separate key for each direction.
225 */
226 struct key_direction_state
227 {
231 };
233 /*
234 * A key context for cipher and/or HMAC.
235 */
236 struct key_ctx
237 {
240 };
242 /*
243 * Cipher/HMAC key context for both sending and receiving
244 * directions.
245 */
246 struct key_ctx_bi
247 {
250 };
252 /*
253 * Options for encrypt/decrypt.
254 */
255 struct crypto_options
256 {
261 # define CO_PACKET_ID_LONG_FORM (1<<0)
262 # define CO_USE_IV (1<<1)
263 # define CO_IGNORE_PACKET_ID (1<<2)
264 # define CO_MUTE_REPLAY_WARNINGS (1<<3)
266 };
301 /* enc parameter in init_key_ctx */
302 #define DO_ENCRYPT 1
303 #define DO_DECRYPT 0
347 /* key direction functions */
351 void verify_fix_key2 (struct key2 *key2, const struct key_type *kt, const char *shared_secret_file);
353 void must_have_n_keys (const char *filename, const char *option, const struct key2 *key2, int n);
359 /* print keys */
365 /* memory debugging */
368 #ifdef USE_SSL
375 #else
382 /*
383 * Inline functions
384 */
388 {
390 }