35#if defined(ENABLE_CRYPTO_MBEDTLS)
47#include <mbedtls/base64.h>
48#include <mbedtls/des.h>
49#include <mbedtls/error.h>
50#include <mbedtls/md5.h>
51#include <mbedtls/cipher.h>
52#include <mbedtls/pem.h>
54#include <mbedtls/entropy.h>
55#include <mbedtls/ssl.h>
67 msg(
M_WARN,
"Note: mbed TLS hardware crypto engine functionality is not "
76 msg(
M_WARN,
"Note: mbed TLS provider functionality is not available");
108mbed_log_err(
unsigned int flags,
int errval,
const char *prefix)
113 mbedtls_strerror(errval, errstr,
sizeof(errstr));
117 prefix =
"mbed TLS error";
119 msg(flags,
"%s: %s", prefix, errstr);
130 if (!snprintf(prefix,
sizeof(prefix),
"%s:%d", func, line))
141crypto_init_dmalloc(
void)
143 msg(
M_ERR,
"Error: dmalloc support is not available for mbed TLS.");
148 {
"BF-CBC",
"BLOWFISH-CBC" },
149 {
"BF-CFB",
"BLOWFISH-CFB64" },
150 {
"CAMELLIA-128-CFB",
"CAMELLIA-128-CFB128" },
151 {
"CAMELLIA-192-CFB",
"CAMELLIA-192-CFB128" },
152 {
"CAMELLIA-256-CFB",
"CAMELLIA-256-CFB128" }
160 const int *ciphers = mbedtls_cipher_list();
163 printf(
"The following ciphers and cipher modes are available for use\n"
164 "with " PACKAGE_NAME
". Each cipher shown below may be used as a\n"
165 "parameter to the --data-ciphers (or --cipher) option. Using a\n"
166 "GCM or CBC mode is recommended. In static key mode only CBC\n"
167 "mode is allowed.\n\n");
170 while (*ciphers != 0)
172 const mbedtls_cipher_info_t *info = mbedtls_cipher_info_from_type(*ciphers);
182 printf(
"\nThe following ciphers have a block size of less than 128 bits, \n"
183 "and are therefore deprecated. Do not use unless you have to.\n\n");
184 ciphers = mbedtls_cipher_list();
185 while (*ciphers != 0)
187 const mbedtls_cipher_info_t *info = mbedtls_cipher_info_from_type(*ciphers);
202 const int *digests = mbedtls_md_list();
205 printf(
"The following message digests are available for use with\n" PACKAGE_NAME
206 ". A message digest is used in conjunction with\n"
207 "the HMAC function, to authenticate received packets.\n"
208 "You can specify a message digest as parameter to\n"
209 "the --auth option.\n\n");
212 while (*digests != 0)
214 const mbedtls_md_info_t *info = mbedtls_md_info_from_type(*digests);
218 printf(
"%s %d bit default key\n", mbedtls_md_get_name(info),
219 mbedtls_md_get_size(info) * 8);
229 printf(
"Sorry, mbed TLS hardware crypto engine functionality is not "
238 char header[1000 + 1] = { 0 };
239 char footer[1000 + 1] = { 0 };
241 if (!snprintf(header,
sizeof(header),
"-----BEGIN %s-----\n", name))
245 if (!snprintf(footer,
sizeof(footer),
"-----END %s-----\n", name))
251 if (MBEDTLS_ERR_BASE64_BUFFER_TOO_SMALL
252 != mbedtls_pem_write_buffer(header, footer,
BPTR(src),
BLEN(src), NULL, 0, &out_len))
261 BCAP(dst), &out_len))
275 char header[1000 + 1] = { 0 };
276 char footer[1000 + 1] = { 0 };
278 if (!snprintf(header,
sizeof(header),
"-----BEGIN %s-----", name))
282 if (!snprintf(footer,
sizeof(footer),
"-----END %s-----", name))
303 msg(
M_WARN,
"PEM decode error: destination buffer too small");
351 msg(
M_FATAL,
"Failed to initialize random generator");
361#ifdef ENABLE_PREDICTION_RESISTANCE
417 msg(
D_LOW,
"Cipher algorithm '%s' not found", ciphername);
418 *
reason =
"disabled because unknown";
426 "Cipher algorithm '%s' uses a default key size (%zu bytes) "
427 "which is larger than " PACKAGE_NAME "'s current maximum key size "
430 *
reason =
"disabled due to key size too large";
444 return "[null-cipher]";
506#ifdef MBEDTLS_CHACHAPOLY_C
541#ifdef MBEDTLS_CHACHAPOLY_C
582 msg(
M_FATAL,
"mbed TLS cipher context init #1");
594 msg(
M_FATAL,
"mbed TLS cipher set padding mode");
658#ifdef MBEDTLS_CHACHAPOLY_C
780 msg(
M_FATAL,
"Message hash algorithm '%s' not found", digest);
785 "Message hash algorithm '%s' uses a default hash size (%d bytes) which is larger than " PACKAGE_NAME
786 "'s current maximum hash size (%d bytes)",
804 return "[null-digest]";
970 volatile const unsigned char *
A = (
volatile const unsigned char *)
a;
971 volatile const unsigned char *
B = (
volatile const unsigned char *)
b;
972 volatile unsigned char diff = 0;
974 for (
size_t i = 0;
i < size;
i++)
976 unsigned char x =
A[
i],
y =
B[
i];
984#if defined(HAVE_MBEDTLS_SSL_TLS_PRF) && defined(MBEDTLS_SSL_TLS_PRF_TLS1)
1014 const size_t olen_orig = olen;
1015 const uint8_t *out_orig = out;
1024 unsigned int chunk = mbedtls_md_get_size(md_kt);
1025 unsigned int A1_len = mbedtls_md_get_size(md_kt);
1029 mbedtls_md_init(ctx);
1030 ASSERT(0 == mbedtls_md_setup(ctx, md_kt, 1));
1031 ASSERT(0 == mbedtls_md_hmac_starts(ctx, sec, sec_len));
1033 mbedtls_md_init(ctx_tmp);
1034 ASSERT(0 == mbedtls_md_setup(ctx_tmp, md_kt, 1));
1035 ASSERT(0 == mbedtls_md_hmac_starts(ctx_tmp, sec, sec_len));
1058 memcpy(out, A1, olen);
1092ssl_tls1_PRF(
const uint8_t *label,
size_t label_len,
const uint8_t *sec,
size_t slen, uint8_t *out1,
1099 uint8_t *out2 = (uint8_t *)
gc_malloc(olen,
false, &
gc);
1101 size_t len = slen / 2;
1102 const uint8_t *S1 = sec;
1103 const uint8_t *S2 = &(sec[len]);
1106 tls1_P_hash(md5, S1, len, label, label_len, out1, olen);
1107 tls1_P_hash(sha1, S2, len, label, label_len, out2, olen);
1109 for (
size_t i = 0;
i < olen;
i++)
bool buf_printf(struct buffer *buf, const char *format,...)
void buf_null_terminate(struct buffer *buf)
void * gc_malloc(size_t size, bool clear, struct gc_arena *a)
struct buffer alloc_buf_gc(size_t size, struct gc_arena *gc)
#define ALLOC_OBJ(dptr, type)
static char * format_hex(const uint8_t *data, int size, int maxoutput, struct gc_arena *gc)
static bool buf_copy(struct buffer *dest, const struct buffer *src)
static bool buf_inc_len(struct buffer *buf, int inc)
static void secure_memzero(void *data, size_t len)
Securely zeroise memory.
static bool buf_write(struct buffer *dest, const void *src, size_t size)
static void gc_free(struct gc_arena *a)
#define ALLOC_OBJ_CLEAR(dptr, type)
static struct gc_arena gc_new(void)
const char * translate_cipher_name_from_openvpn(const char *cipher_name)
Translate an OpenVPN cipher name to a crypto library cipher name.
const char * translate_cipher_name_to_openvpn(const char *cipher_name)
Translate a crypto library cipher name to an OpenVPN cipher name.
void print_cipher(const char *ciphername)
Print a cipher list entry.
Data Channel Cryptography Module.
int memcmp_constant_time(const void *a, const void *b, size_t size)
As memcmp(), but constant-time.
Data Channel Cryptography SSL library-specific backend interface.
int cipher_ctx_update(cipher_ctx_t *ctx, uint8_t *dst, int *dst_len, uint8_t *src, int src_len)
Updates the given cipher context, encrypting data in the source buffer, and placing any complete bloc...
bool ssl_tls1_PRF(const uint8_t *seed, size_t seed_len, const uint8_t *secret, size_t secret_len, uint8_t *output, size_t output_len)
Calculates the TLS 1.0-1.1 PRF function.
void hmac_ctx_update(hmac_ctx_t *ctx, const uint8_t *src, int src_len)
hmac_ctx_t * hmac_ctx_new(void)
int md_full(const char *mdname, const uint8_t *src, int src_len, uint8_t *dst)
Calculates the message digest for the given buffer.
void hmac_ctx_reset(hmac_ctx_t *ctx)
int cipher_ctx_block_size(const cipher_ctx_t *ctx)
Returns the block size of the cipher, in bytes.
bool cipher_kt_mode_cbc(const char *ciphername)
Check if the supplied cipher is a supported CBC mode cipher.
void show_available_engines(void)
void hmac_ctx_init(hmac_ctx_t *ctx, const uint8_t *key, const char *mdname)
md_ctx_t * md_ctx_new(void)
void hmac_ctx_final(hmac_ctx_t *ctx, uint8_t *dst)
int cipher_ctx_iv_length(const cipher_ctx_t *ctx)
Returns the size of the IV used by the cipher, in bytes, or 0 if no IV is used.
void crypto_unload_provider(const char *provname, provider_t *provider)
Unloads the given (OpenSSL) provider.
void crypto_uninit_lib(void)
int cipher_kt_block_size(const char *ciphername)
Returns the block size of the cipher, in bytes.
void md_ctx_update(md_ctx_t *ctx, const uint8_t *src, int src_len)
bool cipher_kt_mode_aead(const char *ciphername)
Check if the supplied cipher is a supported AEAD mode cipher.
int md_ctx_size(const md_ctx_t *ctx)
void show_available_ciphers(void)
bool md_valid(const char *digest)
Return if a message digest parameters is valid given the name of the digest.
bool cipher_ctx_mode_cbc(const cipher_ctx_t *ctx)
Check if the supplied cipher is a supported CBC mode cipher.
void crypto_init_lib(void)
cipher_ctx_t * cipher_ctx_new(void)
Generic cipher functions.
bool cipher_kt_mode_ofb_cfb(const char *ciphername)
Check if the supplied cipher is a supported OFB or CFB mode cipher.
const char * md_kt_name(const char *mdname)
Retrieve a string describing the digest digest (e.g.
int hmac_ctx_size(hmac_ctx_t *ctx)
bool cipher_kt_insecure(const char *ciphername)
Returns true if we consider this cipher to be insecure.
#define MAX_CIPHER_KEY_LENGTH
void crypto_clear_error(void)
bool crypto_pem_decode(const char *name, struct buffer *dst, const struct buffer *src)
Decode a PEM buffer to binary data.
provider_t * crypto_load_provider(const char *provider)
Load the given (OpenSSL) providers.
void cipher_ctx_free(cipher_ctx_t *ctx)
Cleanup and free a cipher context.
int cipher_ctx_mode(const cipher_ctx_t *ctx)
Returns the mode that the cipher runs in.
bool cipher_ctx_mode_ofb_cfb(const cipher_ctx_t *ctx)
Check if the supplied cipher is a supported OFB or CFB mode cipher.
bool cipher_ctx_mode_aead(const cipher_ctx_t *ctx)
Check if the supplied cipher is a supported AEAD mode cipher.
void hmac_ctx_free(hmac_ctx_t *ctx)
int cipher_kt_iv_size(const char *ciphername)
Returns the size of the IV used by the cipher, in bytes, or 0 if no IV is used.
int cipher_kt_tag_size(const char *ciphername)
Returns the MAC tag size of the cipher, in bytes.
int cipher_ctx_update_ad(cipher_ctx_t *ctx, const uint8_t *src, int src_len)
Updates the given cipher context, providing additional data (AD) for authenticated encryption with ad...
int rand_bytes(uint8_t *output, int len)
Wrapper for secure random number generator.
const size_t cipher_name_translation_table_count
const char * cipher_kt_name(const char *ciphername)
Retrieve a normalised string describing the cipher (e.g.
#define MAX_HMAC_KEY_LENGTH
#define OPENVPN_AEAD_TAG_LENGTH
void cipher_ctx_init(cipher_ctx_t *ctx, const uint8_t *key, const char *ciphername, crypto_operation_t enc)
Initialise a cipher context, based on the given key and key type.
int cipher_ctx_get_tag(cipher_ctx_t *ctx, uint8_t *tag, int tag_len)
Gets the computed message authenticated code (MAC) tag for this cipher.
int cipher_kt_key_size(const char *ciphername)
Returns the size of keys used by the cipher, in bytes.
void crypto_init_lib_engine(const char *engine_name)
void hmac_ctx_cleanup(hmac_ctx_t *ctx)
int cipher_ctx_reset(cipher_ctx_t *ctx, const uint8_t *iv_buf)
Resets the given cipher context, setting the IV to the specified value.
const cipher_name_pair cipher_name_translation_table[]
Cipher name translation table.
void md_ctx_cleanup(md_ctx_t *ctx)
int cipher_ctx_final(cipher_ctx_t *ctx, uint8_t *dst, int *dst_len)
Pads the final cipher block using PKCS padding, and output to the destination buffer.
void md_ctx_final(md_ctx_t *ctx, uint8_t *dst)
unsigned char md_kt_size(const char *mdname)
Returns the size of the message digest, in bytes.
void show_available_digests(void)
bool cipher_valid_reason(const char *ciphername, const char **reason)
Returns if the cipher is valid, based on the given cipher name and provides a reason if invalid.
int cipher_ctx_final_check_tag(cipher_ctx_t *ctx, uint8_t *dst, int *dst_len, uint8_t *tag, size_t tag_len)
Like cipher_ctx_final, but check the computed authentication tag against the supplied (expected) tag.
void md_ctx_init(md_ctx_t *ctx, const char *mdname)
Initialises the given message digest context.
void md_ctx_free(md_ctx_t *ctx)
bool crypto_pem_encode(const char *name, struct buffer *dst, const struct buffer *src, struct gc_arena *gc)
Encode binary data as PEM.
mbedtls_ctr_drbg_context * rand_ctx_get(void)
Returns a singleton instance of the mbed TLS random number generator.
mbedtls_cipher_context_t cipher_ctx_t
Generic cipher context.
mbedtls_md_context_t hmac_ctx_t
Generic HMAC context.
#define OPENVPN_MODE_OFB
Cipher is in OFB mode.
#define mbed_ok(errval)
Check errval and log on error.
bool mbed_log_err(unsigned int flags, int errval, const char *prefix)
Log the supplied mbed TLS error, prefixed by supplied prefix.
#define OPENVPN_MODE_CFB
Cipher is in CFB mode.
#define OPENVPN_MODE_CBC
Cipher is in CBC mode.
mbedtls_md_info_t md_kt_t
Generic message digest key type context.
mbedtls_operation_t crypto_operation_t
#define OPENVPN_MODE_GCM
Cipher is in GCM mode.
bool mbed_log_func_line(unsigned int flags, int errval, const char *func, int line)
Log the supplied mbed TLS error, prefixed by function name and line number.
int cipher_kt_mode(const EVP_CIPHER *cipher_kt)
static evp_cipher_type * cipher_get(const char *ciphername)
static evp_md_type * md_get(const char *digest)
#define D_SHOW_KEY_SOURCE
static int min_int(int x, int y)
mbedtls compatibility stub.
static const char * mbedtls_cipher_info_get_name(const mbedtls_cipher_info_t *cipher)
static size_t mbedtls_cipher_info_get_key_bitlen(const mbedtls_cipher_info_t *cipher)
static const mbedtls_md_info_t * mbedtls_md_info_from_ctx(const mbedtls_md_context_t *ctx)
static size_t mbedtls_cipher_info_get_iv_size(const mbedtls_cipher_info_t *cipher)
static mbedtls_cipher_type_t mbedtls_cipher_info_get_type(const mbedtls_cipher_info_t *cipher)
static size_t mbedtls_cipher_info_get_block_size(const mbedtls_cipher_info_t *cipher)
static mbedtls_cipher_mode_t mbedtls_cipher_info_get_mode(const mbedtls_cipher_info_t *cipher)
static const unsigned char * mbedtls_pem_get_buffer(const mbedtls_pem_context *ctx, size_t *buf_size)
const char * time_string(time_t t, long usec, bool show_usec, struct gc_arena *gc)
Wrapper structure for dynamically allocated memory.
int len
Length in bytes of the actual content within the allocated memory.
Struct used in cipher name translation table.
Garbage collection arena used to keep track of dynamically allocated memory.
Container for unidirectional cipher and HMAC key material.