openvpn/crypto__mbedtls_8h_source.html

/*

 *  OpenVPN -- An application to securely tunnel IP networks

 *             over a single TCP/UDP port, with support for SSL/TLS-based

 *             session authentication and key exchange,

 *             packet encryption, packet authentication, and

 *             packet compression.

 *

 *  Copyright (C) 2002-2025 OpenVPN Inc <sales@openvpn.net>

 *  Copyright (C) 2010-2021 Fox Crypto B.V. <openvpn@foxcrypto.com>

 *

 *  This program is free software; you can redistribute it and/or modify

 *  it under the terms of the GNU General Public License version 2

 *  as published by the Free Software Foundation.

 *

 *  This program is distributed in the hope that it will be useful,

 *  but WITHOUT ANY WARRANTY; without even the implied warranty of

 *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

 *  GNU General Public License for more details.

 *

 *  You should have received a copy of the GNU General Public License along

 *  with this program; if not, see <https://www.gnu.org/licenses/>.

 */


#ifndef CRYPTO_MBEDTLS_H_

#define CRYPTO_MBEDTLS_H_


#include <stdbool.h>

#include <mbedtls/cipher.h>

#include <mbedtls/md.h>

#include <mbedtls/ctr_drbg.h>


typedef mbedtls_md_info_t md_kt_t;


typedef mbedtls_cipher_context_t cipher_ctx_t;


typedef mbedtls_md_context_t md_ctx_t;


typedef mbedtls_md_context_t hmac_ctx_t;


/* Use a dummy type for the provider */

typedef void provider_t;


#define OPENVPN_MAX_IV_LENGTH MBEDTLS_MAX_IV_LENGTH


#define OPENVPN_MODE_CBC MBEDTLS_MODE_CBC


#define OPENVPN_MODE_OFB MBEDTLS_MODE_OFB


#define OPENVPN_MODE_CFB MBEDTLS_MODE_CFB


#define OPENVPN_MODE_GCM MBEDTLS_MODE_GCM


typedef mbedtls_operation_t crypto_operation_t;


#define OPENVPN_OP_ENCRYPT MBEDTLS_ENCRYPT


#define OPENVPN_OP_DECRYPT MBEDTLS_DECRYPT


#define MD4_DIGEST_LENGTH    16

#define MD5_DIGEST_LENGTH    16

#define SHA_DIGEST_LENGTH    20

#define SHA256_DIGEST_LENGTH 32


mbedtls_ctr_drbg_context *rand_ctx_get(void);


#ifdef ENABLE_PREDICTION_RESISTANCE

void rand_ctx_enable_prediction_resistance(void);


#endif


bool mbed_log_err(unsigned int flags, int errval, const char *prefix);


bool mbed_log_func_line(unsigned int flags, int errval, const char *func, int line);


static inline bool


mbed_log_func_line_lite(unsigned int flags, int errval, const char *func, int line)

{

    if (errval)

    {

        return mbed_log_func_line(flags, errval, func, line);

    }

    return true;

}


#define mbed_ok(errval) mbed_log_func_line_lite(D_CRYPT_ERRORS, errval, __func__, __LINE__)


#endif /* CRYPTO_MBEDTLS_H_ */

mbed_log_func_line_lite
static bool mbed_log_func_line_lite(unsigned int flags, int errval, const char *func, int line)
Wraps mbed_log_func_line() to prevent function calls for non-errors.
Definition crypto_mbedtls.h:125

rand_ctx_get
mbedtls_ctr_drbg_context * rand_ctx_get(void)
Returns a singleton instance of the mbed TLS random number generator.

cipher_ctx_t
mbedtls_cipher_context_t cipher_ctx_t
Generic cipher context.
Definition crypto_mbedtls.h:41

hmac_ctx_t
mbedtls_md_context_t hmac_ctx_t
Generic HMAC context.
Definition crypto_mbedtls.h:47

md_ctx_t
mbedtls_md_context_t md_ctx_t
Generic message digest context.
Definition crypto_mbedtls.h:44

mbed_log_err
bool mbed_log_err(unsigned int flags, int errval, const char *prefix)
Log the supplied mbed TLS error, prefixed by supplied prefix.

md_kt_t
mbedtls_md_info_t md_kt_t
Generic message digest key type context.
Definition crypto_mbedtls.h:38

provider_t
void provider_t
Definition crypto_mbedtls.h:50

crypto_operation_t
mbedtls_operation_t crypto_operation_t
Definition crypto_mbedtls.h:67

mbed_log_func_line
bool mbed_log_func_line(unsigned int flags, int errval, const char *func, int line)
Log the supplied mbed TLS error, prefixed by function name and line number.