OpenVPN
crypto_mbedtls.h
Go to the documentation of this file.
1/*
2 * OpenVPN -- An application to securely tunnel IP networks
3 * over a single TCP/UDP port, with support for SSL/TLS-based
4 * session authentication and key exchange,
5 * packet encryption, packet authentication, and
6 * packet compression.
7 *
8 * Copyright (C) 2002-2025 OpenVPN Inc <sales@openvpn.net>
9 * Copyright (C) 2010-2021 Fox Crypto B.V. <openvpn@foxcrypto.com>
10 *
11 * This program is free software; you can redistribute it and/or modify
12 * it under the terms of the GNU General Public License version 2
13 * as published by the Free Software Foundation.
14 *
15 * This program is distributed in the hope that it will be useful,
16 * but WITHOUT ANY WARRANTY; without even the implied warranty of
17 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 * GNU General Public License for more details.
19 *
20 * You should have received a copy of the GNU General Public License along
21 * with this program; if not, see <https://www.gnu.org/licenses/>.
22 */
23
29#ifndef CRYPTO_MBEDTLS_H_
30#define CRYPTO_MBEDTLS_H_
31
32#include <stdbool.h>
33#include <mbedtls/cipher.h>
34#include <mbedtls/md.h>
35#include <mbedtls/ctr_drbg.h>
36
38typedef mbedtls_md_info_t md_kt_t;
39
41typedef mbedtls_cipher_context_t cipher_ctx_t;
42
44typedef mbedtls_md_context_t md_ctx_t;
45
47typedef mbedtls_md_context_t hmac_ctx_t;
48
49/* Use a dummy type for the provider */
50typedef void provider_t;
51
53#define OPENVPN_MAX_IV_LENGTH MBEDTLS_MAX_IV_LENGTH
54
56#define OPENVPN_MODE_CBC MBEDTLS_MODE_CBC
57
59#define OPENVPN_MODE_OFB MBEDTLS_MODE_OFB
60
62#define OPENVPN_MODE_CFB MBEDTLS_MODE_CFB
63
65#define OPENVPN_MODE_GCM MBEDTLS_MODE_GCM
66
67typedef mbedtls_operation_t crypto_operation_t;
68
70#define OPENVPN_OP_ENCRYPT MBEDTLS_ENCRYPT
71
73#define OPENVPN_OP_DECRYPT MBEDTLS_DECRYPT
74
75#define MD4_DIGEST_LENGTH 16
76#define MD5_DIGEST_LENGTH 16
77#define SHA_DIGEST_LENGTH 20
78#define SHA256_DIGEST_LENGTH 32
79
90mbedtls_ctr_drbg_context *rand_ctx_get(void);
91
92#ifdef ENABLE_PREDICTION_RESISTANCE
96void rand_ctx_enable_prediction_resistance(void);
97
98#endif
99
109bool mbed_log_err(unsigned int flags, int errval, const char *prefix);
110
121bool mbed_log_func_line(unsigned int flags, int errval, const char *func, int line);
122
124static inline bool
125mbed_log_func_line_lite(unsigned int flags, int errval, const char *func, int line)
126{
127 if (errval)
128 {
129 return mbed_log_func_line(flags, errval, func, line);
130 }
131 return true;
132}
133
146#define mbed_ok(errval) mbed_log_func_line_lite(D_CRYPT_ERRORS, errval, __func__, __LINE__)
147
148#endif /* CRYPTO_MBEDTLS_H_ */
static bool mbed_log_func_line_lite(unsigned int flags, int errval, const char *func, int line)
Wraps mbed_log_func_line() to prevent function calls for non-errors.
mbedtls_ctr_drbg_context * rand_ctx_get(void)
Returns a singleton instance of the mbed TLS random number generator.
mbedtls_cipher_context_t cipher_ctx_t
Generic cipher context.
mbedtls_md_context_t hmac_ctx_t
Generic HMAC context.
mbedtls_md_context_t md_ctx_t
Generic message digest context.
bool mbed_log_err(unsigned int flags, int errval, const char *prefix)
Log the supplied mbed TLS error, prefixed by supplied prefix.
mbedtls_md_info_t md_kt_t
Generic message digest key type context.
void provider_t
mbedtls_operation_t crypto_operation_t
bool mbed_log_func_line(unsigned int flags, int errval, const char *func, int line)
Log the supplied mbed TLS error, prefixed by function name and line number.