search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Undo the downgrade of OpenVPN to 2.1rc13
[tomato.git] / release / src / router / openvpn / crypto.h
blob9a677d0fc6b7e1a8cb72fcc2cfcee40d52e6d364
1 /*
2 * OpenVPN -- An application to securely tunnel IP networks
3 * over a single TCP/UDP port, with support for SSL/TLS-based
4 * session authentication and key exchange,
5 * packet encryption, packet authentication, and
6 * packet compression.
7 *
8 * Copyright (C) 2002-2008 OpenVPN Technologies, Inc. <sales@openvpn.net>
9 *
10 * This program is free software; you can redistribute it and/or modify
11 * it under the terms of the GNU General Public License version 2
12 * as published by the Free Software Foundation.
13 *
14 * This program is distributed in the hope that it will be useful,
15 * but WITHOUT ANY WARRANTY; without even the implied warranty of
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 * GNU General Public License for more details.
18 *
19 * You should have received a copy of the GNU General Public License
20 * along with this program (see the file COPYING included with this
21 * distribution); if not, write to the Free Software Foundation, Inc.,
22 * 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
23 */
24
25 #ifndef CRYPTO_H
26 #define CRYPTO_H
27 #ifdef USE_CRYPTO
28
29 #define ALLOW_NON_CBC_CIPHERS
30
31 /*
32 * Does our OpenSSL library support crypto hardware acceleration?
33 */
34 #if defined(HAVE_OPENSSL_ENGINE_H) && defined(HAVE_ENGINE_LOAD_BUILTIN_ENGINES) && defined(HAVE_ENGINE_REGISTER_ALL_COMPLETE) && defined(HAVE_ENGINE_CLEANUP)
35 #define CRYPTO_ENGINE 1
36 #else
37 #define CRYPTO_ENGINE 0
38 #endif
39
40 #include <openssl/objects.h>
41 #include <openssl/rand.h>
42 #include <openssl/evp.h>
43 #include <openssl/hmac.h>
44 #include <openssl/des.h>
45 #include <openssl/md5.h>
46 #if NTLM
47 #include <openssl/md4.h>
48 #endif
49 #include <openssl/sha.h>
50 #include <openssl/err.h>
51
52 #if CRYPTO_ENGINE
53 #include <openssl/engine.h>
54 #endif
55
56 #if SSLEAY_VERSION_NUMBER >= 0x00907000L
57 #include <openssl/des_old.h>
58 #endif
59
60 #include "basic.h"
61 #include "buffer.h"
62 #include "packet_id.h"
63 #include "mtu.h"
64
65 /*
66 * Workarounds for incompatibilites between OpenSSL libraries.
67 * Right now we accept OpenSSL libraries from 0.9.5 to 0.9.7.
68 */
69
70 #if SSLEAY_VERSION_NUMBER < 0x00907000L
71
72 /* Workaround: EVP_CIPHER_mode is defined wrong in OpenSSL 0.9.6 but is fixed in 0.9.7 */
73 #undef EVP_CIPHER_mode
74 #define EVP_CIPHER_mode(e) (((e)->flags) & EVP_CIPH_MODE)
75
76 #define DES_cblock des_cblock
77 #define DES_is_weak_key des_is_weak_key
78 #define DES_check_key_parity des_check_key_parity
79 #define DES_set_odd_parity des_set_odd_parity
80
81 #define HMAC_CTX_init(ctx) CLEAR (*ctx)
82 #define HMAC_Init_ex(ctx,sec,len,md,impl) HMAC_Init(ctx, sec, len, md)
83 #define HMAC_CTX_cleanup(ctx) HMAC_cleanup(ctx)
84 #define EVP_MD_CTX_cleanup(md) CLEAR (*md)
85
86 #define INFO_CALLBACK_SSL_CONST
87
88 #endif
89
90 #ifndef INFO_CALLBACK_SSL_CONST
91 #define INFO_CALLBACK_SSL_CONST const
92 #endif
93
94 #if SSLEAY_VERSION_NUMBER < 0x00906000
95
96 #undef EVP_CIPHER_mode
97 #define EVP_CIPHER_mode(x) 1
98 #define EVP_CIPHER_CTX_mode(x) 1
99 #define EVP_CIPHER_flags(x) 0
100
101 #define EVP_CIPH_CBC_MODE 1
102 #define EVP_CIPH_CFB_MODE 0
103 #define EVP_CIPH_OFB_MODE 0
104 #define EVP_CIPH_VARIABLE_LENGTH 0
105
106 #define OPENSSL_malloc(x) malloc(x)
107 #define OPENSSL_free(x) free(x)
108
109 static inline int
110 EVP_CipherInit_ov (EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, uint8_t *key, uint8_t *iv, int enc)
111 {
112 EVP_CipherInit (ctx, type, key, iv, enc);
113 return 1;
114 }
115
116 static inline int
117 EVP_CipherUpdate_ov (EVP_CIPHER_CTX *ctx, uint8_t *out, int *outl, uint8_t *in, int inl)
118 {
119 EVP_CipherUpdate (ctx, out, outl, in, inl);
120 return 1;
121 }
122
123 static inline bool
124 cipher_ok (const char* name)
125 {
126 const int i = strlen (name) - 4;
127 if (i >= 0)
128 return !strcmp (name + i, "-CBC");
129 else
130 return false;
131 }
132
133 #else
134
135 static inline int
136 EVP_CipherInit_ov (EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, uint8_t *key, uint8_t *iv, int enc)
137 {
138 return EVP_CipherInit (ctx, type, key, iv, enc);
139 }
140
141 static inline int
142 EVP_CipherUpdate_ov (EVP_CIPHER_CTX *ctx, uint8_t *out, int *outl, uint8_t *in, int inl)
143 {
144 return EVP_CipherUpdate (ctx, out, outl, in, inl);
145 }
146
147 static inline bool
148 cipher_ok (const char* name)
149 {
150 return true;
151 }
152
153 #endif
154
155 #if SSLEAY_VERSION_NUMBER < 0x0090581f
156 #undef DES_check_key_parity
157 #define DES_check_key_parity(x) 1
158 #endif
159
160 #ifndef EVP_CIPHER_name
161 #define EVP_CIPHER_name(e) OBJ_nid2sn(EVP_CIPHER_nid(e))
162 #endif
163
164 #ifndef EVP_MD_name
165 #define EVP_MD_name(e) OBJ_nid2sn(EVP_MD_type(e))
166 #endif
167
168 /*
169 * Max size in bytes of any cipher key that might conceivably be used.
170 *
171 * This value is checked at compile time in crypto.c to make sure
172 * it is always at least EVP_MAX_KEY_LENGTH.
173 *
174 * We define our own value, since this parameter
175 * is used to control the size of static key files.
176 * If the OpenSSL library increases EVP_MAX_KEY_LENGTH,
177 * we don't want our key files to be suddenly rendered
178 * unusable.
179 */
180 #define MAX_CIPHER_KEY_LENGTH 64
181
182 /*
183 * Max size in bytes of any HMAC key that might conceivably be used.
184 *
185 * This value is checked at compile time in crypto.c to make sure
186 * it is always at least EVP_MAX_MD_SIZE. We define our own value
187 * for the same reason as above.
188 */
189 #define MAX_HMAC_KEY_LENGTH 64
190
191 /*
192 * Defines a key type and key length for both cipher and HMAC.
193 */
194 struct key_type
195 {
196 uint8_t cipher_length;
197 uint8_t hmac_length;
198 const EVP_CIPHER *cipher;
199 const EVP_MD *digest;
200 };
201
202 /*
203 * A random key.
204 */
205 struct key
206 {
207 uint8_t cipher[MAX_CIPHER_KEY_LENGTH];
208 uint8_t hmac[MAX_HMAC_KEY_LENGTH];
209 };
210
211 #define KEY_DIRECTION_BIDIRECTIONAL 0 /* same keys for both directions */
212 #define KEY_DIRECTION_NORMAL 1 /* encrypt with keys[0], decrypt with keys[1] */
213 #define KEY_DIRECTION_INVERSE 2 /* encrypt with keys[1], decrypt with keys[0] */
214
215 /*
216 * Dual random keys (for encrypt/decrypt)
217 */
218 struct key2
219 {
220 int n;
221 struct key keys[2];
222 };
223
224 /*
225 * Used for controlling bidirectional keys
226 * vs. a separate key for each direction.
227 */
228 struct key_direction_state
229 {
230 int out_key;
231 int in_key;
232 int need_keys;
233 };
234
235 /*
236 * A key context for cipher and/or HMAC.
237 */
238 struct key_ctx
239 {
240 EVP_CIPHER_CTX *cipher;
241 HMAC_CTX *hmac;
242 };
243
244 /*
245 * Cipher/HMAC key context for both sending and receiving
246 * directions.
247 */
248 struct key_ctx_bi
249 {
250 struct key_ctx encrypt;
251 struct key_ctx decrypt;
252 };
253
254 /*
255 * Options for encrypt/decrypt.
256 */
257 struct crypto_options
258 {
259 struct key_ctx_bi *key_ctx_bi;
260 struct packet_id *packet_id;
261 struct packet_id_persist *pid_persist;
262
263 # define CO_PACKET_ID_LONG_FORM (1<<0)
264 # define CO_USE_IV (1<<1)
265 # define CO_IGNORE_PACKET_ID (1<<2)
266 # define CO_MUTE_REPLAY_WARNINGS (1<<3)
267 unsigned int flags;
268 };
269
270 void init_key_type (struct key_type *kt, const char *ciphername,
271 bool ciphername_defined, const char *authname,
272 bool authname_defined, int keysize,
273 bool cfb_ofb_allowed, bool warn);
274
275 #define RKF_MUST_SUCCEED (1<<0)
276 #define RKF_INLINE (1<<1)
277 void read_key_file (struct key2 *key2, const char *file, const unsigned int flags);
278
279 int write_key_file (const int nkeys, const char *filename);
280
281 int read_passphrase_hash (const char *passphrase_file,
282 const EVP_MD *digest,
283 uint8_t *output,
284 int len);
285
286 void generate_key_random (struct key *key, const struct key_type *kt);
287
288 void check_replay_iv_consistency(const struct key_type *kt, bool packet_id, bool use_iv);
289
290 bool check_key (struct key *key, const struct key_type *kt);
291
292 void fixup_key (struct key *key, const struct key_type *kt);
293
294 bool write_key (const struct key *key, const struct key_type *kt,
295 struct buffer *buf);
296
297 int read_key (struct key *key, const struct key_type *kt, struct buffer *buf);
298
299 bool cfb_ofb_mode (const struct key_type* kt);
300
301 const char *kt_cipher_name (const struct key_type *kt);
302 const char *kt_digest_name (const struct key_type *kt);
303 int kt_key_size (const struct key_type *kt);
304
305 /* enc parameter in init_key_ctx */
306 #define DO_ENCRYPT 1
307 #define DO_DECRYPT 0
308
309 void init_key_ctx (struct key_ctx *ctx, struct key *key,
310 const struct key_type *kt, int enc,
311 const char *prefix);
312
313 void free_key_ctx (struct key_ctx *ctx);
314 void free_key_ctx_bi (struct key_ctx_bi *ctx);
315
316 void openvpn_encrypt (struct buffer *buf, struct buffer work,
317 const struct crypto_options *opt,
318 const struct frame* frame);
319
320 bool openvpn_decrypt (struct buffer *buf, struct buffer work,
321 const struct crypto_options *opt,
322 const struct frame* frame);
323
324
325 void crypto_adjust_frame_parameters(struct frame *frame,
326 const struct key_type* kt,
327 bool cipher_defined,
328 bool use_iv,
329 bool packet_id,
330 bool packet_id_long_form);
331
332 #define NONCE_SECRET_LEN_MIN 16
333 #define NONCE_SECRET_LEN_MAX 64
334 void prng_init (const char *md_name, const int nonce_secret_len_parm);
335 void prng_bytes (uint8_t *output, int len);
336 void prng_uninit ();
337
338 void test_crypto (const struct crypto_options *co, struct frame* f);
339
340 const char *md5sum(uint8_t *buf, int len, int n_print_chars, struct gc_arena *gc);
341
342 void show_available_ciphers (void);
343
344 void show_available_digests (void);
345
346 void show_available_engines (void);
347
348 void init_crypto_lib_engine (const char *engine_name);
349
350 void init_crypto_lib (void);
351
352 void uninit_crypto_lib (void);
353
354 /* key direction functions */
355
356 void key_direction_state_init (struct key_direction_state *kds, int key_direction);
357
358 void verify_fix_key2 (struct key2 *key2, const struct key_type *kt, const char *shared_secret_file);
359
360 void must_have_n_keys (const char *filename, const char *option, const struct key2 *key2, int n);
361
362 int ascii2keydirection (int msglevel, const char *str);
363
364 const char *keydirection2ascii (int kd, bool remote);
365
366 /* print keys */
367 void key2_print (const struct key2* k,
368 const struct key_type *kt,
369 const char* prefix0,
370 const char* prefix1);
371
372 /* memory debugging */
373 void openssl_dmalloc_init (void);
374
375 #ifdef USE_SSL
376
377 #define GHK_INLINE (1<<0)
378 void get_tls_handshake_key (const struct key_type *key_type,
379 struct key_ctx_bi *ctx,
380 const char *passphrase_file,
381 const int key_direction,
382 const unsigned int flags);
383
384 #else
385
386 void init_ssl_lib (void);
387 void free_ssl_lib (void);
388
389 #endif /* USE_SSL */
390
391 /*
392 * Inline functions
393 */
394
395 static inline bool
396 key_ctx_bi_defined(const struct key_ctx_bi* key)
397 {
398 return key->encrypt.cipher || key->encrypt.hmac || key->decrypt.cipher || key->decrypt.hmac;
399 }
400
401 #endif /* USE_CRYPTO */
402 #endif /* CRYPTO_H */
Tomato firmware and modifications.