openvpn/xkey__common_8h_source.html

/*

 *  OpenVPN -- An application to securely tunnel IP networks

 *             over a single TCP/UDP port, with support for SSL/TLS-based

 *             session authentication and key exchange,

 *             packet encryption, packet authentication, and

 *             packet compression.

 *

 *  Copyright (C) 2021-2024 Selva Nair <selva.nair@gmail.com>

 *

 *  This program is free software; you can redistribute it and/or modify

 *  it under the terms of the GNU General Public License as published by the

 *  Free Software Foundation, either version 2 of the License,

 *  or (at your option) any later version.

 *

 *  This program is distributed in the hope that it will be useful,

 *  but WITHOUT ANY WARRANTY; without even the implied warranty of

 *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

 *  GNU General Public License for more details.

 *

 *  You should have received a copy of the GNU General Public License along

 *  with this program; if not, write to the Free Software Foundation, Inc.,

 *  51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.

 */


#ifndef XKEY_COMMON_H_

#define XKEY_COMMON_H_


/* Guard to only enable if OpenSSL is used and not trigger an error if mbed

 * TLS is compiled without OpenSSL being installed */

#if defined(ENABLE_CRYPTO_OPENSSL)

#include <openssl/opensslv.h>

#if OPENSSL_VERSION_NUMBER >= 0x30000010L && !defined(DISABLE_XKEY_PROVIDER)

#define HAVE_XKEY_PROVIDER 1

#include <openssl/provider.h>

#include <openssl/core_dispatch.h>

#include <openssl/ecdsa.h>


OSSL_provider_init_fn xkey_provider_init;


#define XKEY_PROV_PROPS "provider=ovpn.xkey"


typedef struct {

    const char *padmode;

    const char *mdname;

    const char *saltlen;

    const char *keytype;

    const char *op;

} XKEY_SIGALG;


typedef int (XKEY_EXTERNAL_SIGN_fn)(void *handle, unsigned char *sig, size_t *siglen,

                                    const unsigned char *tbs, size_t tbslen,

                                    XKEY_SIGALG sigalg);

typedef void (XKEY_PRIVKEY_FREE_fn)(void *handle);


EVP_PKEY *xkey_load_management_key(OSSL_LIB_CTX *libctx, EVP_PKEY *pubkey);


bool

encode_pkcs1(unsigned char *enc, size_t *enc_len, const char *mdname,

             const unsigned char *tbs, size_t tbslen);


int

xkey_digest(const unsigned char *src, size_t srclen, unsigned char *buf,

            size_t *buflen, const char *mdname);


EVP_PKEY *

xkey_load_generic_key(OSSL_LIB_CTX *libctx, void *handle, EVP_PKEY *pubkey,

                      XKEY_EXTERNAL_SIGN_fn *sign_op, XKEY_PRIVKEY_FREE_fn *free_op);


extern OSSL_LIB_CTX *tls_libctx; /* Global */


static inline int

xkey_max_saltlen(int modBits, int hLen)

{

    int emLen = (modBits - 1 + 7)/8; /* ceil((modBits - 1)/8) */


    return emLen - hLen - 2;

}


int

ecdsa_bin2der(unsigned char *buf, int len, size_t capacity);


#endif /* HAVE_XKEY_PROVIDER */


#endif /* ENABLE_CRYPTO_OPENSSL */


#endif /* XKEY_COMMON_H_ */

OSSL_LIB_CTX
void OSSL_LIB_CTX
Definition openssl_compat.h:130

tls_libctx
OSSL_LIB_CTX * tls_libctx
Definition ssl_openssl.c:79