OpenVPN
xkey_common.h
Go to the documentation of this file.
1/*
2 * OpenVPN -- An application to securely tunnel IP networks
3 * over a single TCP/UDP port, with support for SSL/TLS-based
4 * session authentication and key exchange,
5 * packet encryption, packet authentication, and
6 * packet compression.
7 *
8 * Copyright (C) 2021-2025 Selva Nair <selva.nair@gmail.com>
9 *
10 * This program is free software; you can redistribute it and/or modify
11 * it under the terms of the GNU General Public License as published by the
12 * Free Software Foundation, either version 2 of the License,
13 * or (at your option) any later version.
14 *
15 * This program is distributed in the hope that it will be useful,
16 * but WITHOUT ANY WARRANTY; without even the implied warranty of
17 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 * GNU General Public License for more details.
19 *
20 * You should have received a copy of the GNU General Public License along
21 * with this program; if not, see <https://www.gnu.org/licenses/>.
22 */
23
24#ifndef XKEY_COMMON_H_
25#define XKEY_COMMON_H_
26
27/* Guard to only enable if OpenSSL is used and not trigger an error if mbed
28 * TLS is compiled without OpenSSL being installed */
29#if defined(ENABLE_CRYPTO_OPENSSL)
30#include <openssl/opensslv.h>
31#if OPENSSL_VERSION_NUMBER >= 0x30000010L && !defined(DISABLE_XKEY_PROVIDER)
32#define HAVE_XKEY_PROVIDER 1
33#include <openssl/provider.h>
34#include <openssl/core_dispatch.h>
35#include <openssl/ecdsa.h>
36
41OSSL_provider_init_fn xkey_provider_init;
42
43#define XKEY_PROV_PROPS "provider=ovpn.xkey"
44
49typedef struct
50{
51 const char *padmode;
52 const char *mdname;
53 const char *saltlen;
54 const char *keytype;
55 const char *op;
56} XKEY_SIGALG;
57
82typedef int(XKEY_EXTERNAL_SIGN_fn)(void *handle, unsigned char *sig, size_t *siglen,
83 const unsigned char *tbs, size_t tbslen, XKEY_SIGALG sigalg);
89typedef void(XKEY_PRIVKEY_FREE_fn)(void *handle);
90
100EVP_PKEY *xkey_load_management_key(OSSL_LIB_CTX *libctx, EVP_PKEY *pubkey);
101
118bool encode_pkcs1(unsigned char *enc, size_t *enc_len, const char *mdname, const unsigned char *tbs,
119 size_t tbslen);
120
135int xkey_digest(const unsigned char *src, size_t srclen, unsigned char *buf, size_t *buflen,
136 const char *mdname);
137
151EVP_PKEY *xkey_load_generic_key(OSSL_LIB_CTX *libctx, void *handle, EVP_PKEY *pubkey,
152 XKEY_EXTERNAL_SIGN_fn *sign_op, XKEY_PRIVKEY_FREE_fn *free_op);
153
154extern OSSL_LIB_CTX *tls_libctx; /* Global */
155
163static inline int
164xkey_max_saltlen(int modBits, int hLen)
165{
166 int emLen = (modBits - 1 + 7) / 8; /* ceil((modBits - 1)/8) */
167
168 return emLen - hLen - 2;
169}
170
181int ecdsa_bin2der(unsigned char *buf, int len, size_t capacity);
182
183#endif /* HAVE_XKEY_PROVIDER */
184
185#endif /* ENABLE_CRYPTO_OPENSSL */
186
187#endif /* XKEY_COMMON_H_ */
void OSSL_LIB_CTX
OSSL_LIB_CTX * tls_libctx
Definition ssl_openssl.c:78