openvpn/ssl__ncp_8h_source.html

/*

 *  OpenVPN -- An application to securely tunnel IP networks

 *             over a single TCP/UDP port, with support for SSL/TLS-based

 *             session authentication and key exchange,

 *             packet encryption, packet authentication, and

 *             packet compression.

 *

 *  Copyright (C) 2002-2025 OpenVPN Inc <sales@openvpn.net>

 *  Copyright (C) 2010-2021 Fox Crypto B.V. <openvpn@foxcrypto.com>

 *

 *  This program is free software; you can redistribute it and/or modify

 *  it under the terms of the GNU General Public License version 2

 *  as published by the Free Software Foundation.

 *

 *  This program is distributed in the hope that it will be useful,

 *  but WITHOUT ANY WARRANTY; without even the implied warranty of

 *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

 *  GNU General Public License for more details.

 *

 *  You should have received a copy of the GNU General Public License along

 *  with this program; if not, see <https://www.gnu.org/licenses/>.

 */


#ifndef OPENVPN_SSL_NCP_H

#define OPENVPN_SSL_NCP_H


#include "buffer.h"

#include "options.h"

#include "ssl_common.h"


bool tls_peer_supports_ncp(const char *peer_info);


/* forward declaration to break include dependency loop */

struct context;


bool check_pull_client_ncp(struct context *c, unsigned int found);


char *ncp_get_best_cipher(const char *server_list, const char *peer_info, const char *remote_cipher,

                          struct gc_arena *gc);


const char *tls_peer_ncp_list(const char *peer_info, struct gc_arena *gc);


char *mutate_ncp_cipher_list(const char *list, struct gc_arena *gc);


void append_cipher_to_ncp_list(struct options *o, const char *ciphername);


bool tls_item_in_cipher_list(const char *item, const char *list);


#define MAX_NCP_CIPHERS_LENGTH 127


void p2p_mode_ncp(struct tls_multi *multi, struct tls_session *session);


const char *get_p2p_ncp_cipher(struct tls_session *session, const char *peer_info,

                               struct gc_arena *gc);


bool check_session_cipher(struct tls_session *session, struct options *options);


void options_postprocess_setdefault_ncpciphers(struct options *o);


const char *ncp_expanded_ciphers(struct options *o, struct gc_arena *gc);

#endif /* ifndef OPENVPN_SSL_NCP_H */

buffer.h

options.h

ssl_common.h
Control Channel Common Data Structures.

ncp_get_best_cipher
char * ncp_get_best_cipher(const char *server_list, const char *peer_info, const char *remote_cipher, struct gc_arena *gc)
Iterates through the ciphers in server_list and return the first cipher that is also supported by the...
Definition ssl_ncp.c:246

tls_peer_ncp_list
const char * tls_peer_ncp_list(const char *peer_info, struct gc_arena *gc)
Returns the support cipher list from the peer according to the IV_NCP and IV_CIPHER values in peer_in...
Definition ssl_ncp.c:225

options_postprocess_setdefault_ncpciphers
void options_postprocess_setdefault_ncpciphers(struct options *o)
Checks for availability of Chacha20-Poly1305 and sets the ncp_cipher to either AES-256-GCM:AES-128-GC...
Definition ssl_ncp.c:575

ncp_expanded_ciphers
const char * ncp_expanded_ciphers(struct options *o, struct gc_arena *gc)
returns the o->ncp_ciphers in brackets, e.g.
Definition ssl_ncp.c:618

check_session_cipher
bool check_session_cipher(struct tls_session *session, struct options *options)
Checks if the cipher is allowed, otherwise returns false and reset the cipher to the config cipher.
Definition ssl_ncp.c:515

p2p_mode_ncp
void p2p_mode_ncp(struct tls_multi *multi, struct tls_session *session)
Determines if there is common cipher of both peer by looking at the IV_CIPHER peer info.
Definition ssl_ncp.c:472

tls_item_in_cipher_list
bool tls_item_in_cipher_list(const char *item, const char *list)
Return true iff item is present in the colon-separated zero-terminated cipher list.
Definition ssl_ncp.c:206

append_cipher_to_ncp_list
void append_cipher_to_ncp_list(struct options *o, const char *ciphername)
Appends the cipher specified by the ciphernamer parameter to to the o->ncp_ciphers list.
Definition ssl_ncp.c:195

tls_peer_supports_ncp
bool tls_peer_supports_ncp(const char *peer_info)
Returns whether the client supports NCP either by announcing IV_NCP>=2 or the IV_CIPHERS list.
Definition ssl_ncp.c:79

check_pull_client_ncp
bool check_pull_client_ncp(struct context *c, unsigned int found)
Checks whether the cipher negotiation is in an acceptable state and we continue to connect or should ...
Definition ssl_ncp.c:310

mutate_ncp_cipher_list
char * mutate_ncp_cipher_list(const char *list, struct gc_arena *gc)
Check whether the ciphers in the supplied list are supported.
Definition ssl_ncp.c:96

get_p2p_ncp_cipher
const char * get_p2p_ncp_cipher(struct tls_session *session, const char *peer_info, struct gc_arena *gc)
Determines the best common cipher from both peers IV_CIPHER lists.
Definition ssl_ncp.c:355

context
Contains all state information for one tunnel.
Definition openvpn.h:474

context::multi
struct multi_context * multi
Pointer to the main P2MP context.
Definition openvpn.h:492

gc_arena
Garbage collection arena used to keep track of dynamically allocated memory.
Definition buffer.h:116

options
Definition options.h:252

session
Definition keyingmaterialexporter.c:58

tls_multi
Security parameter state for a single VPN tunnel.
Definition ssl_common.h:612

tls_session
Security parameter state of a single session within a VPN tunnel.
Definition ssl_common.h:490

gc
struct gc_arena gc
Definition test_ssl.c:154