openvpn3/crypto_2cipher_8hpp_source.html

//    OpenVPN -- An application to securely tunnel IP networks

//               over a single port, with support for SSL/TLS-based

//               session authentication and key exchange,

//               packet encryption, packet authentication, and

//               packet compression.

//

//    Copyright (C) 2012- OpenVPN Inc.

//

//    SPDX-License-Identifier: MPL-2.0 OR AGPL-3.0-only WITH openvpn3-openssl-exception

//


// General-purpose cipher classes that are independent of the underlying CRYPTO_API


#ifndef OPENVPN_CRYPTO_CIPHER_H

#define OPENVPN_CRYPTO_CIPHER_H


#include <string>


#include <openvpn/common/size.hpp>

#include <openvpn/common/exception.hpp>

#include <openvpn/crypto/static_key.hpp>

#include <openvpn/crypto/cryptoalgs.hpp>

#include <openvpn/crypto/definitions.hpp>


namespace openvpn {

template <typename CRYPTO_API>


class CipherContext

{

  public:

    OPENVPN_SIMPLE_EXCEPTION(cipher_mode_error);

    OPENVPN_SIMPLE_EXCEPTION(cipher_uninitialized);

    OPENVPN_SIMPLE_EXCEPTION(cipher_init_insufficient_key_material);

    OPENVPN_SIMPLE_EXCEPTION(cipher_internal_error);

    OPENVPN_SIMPLE_EXCEPTION(cipher_output_buffer);


  public:


    CipherContext()

        : mode_(CRYPTO_API::CipherContext::MODE_UNDEF)

    {

    }


    CipherContext(const CryptoAlgs::Type cipher, const StaticKey &key, const int mode)

        : mode_(CRYPTO_API::CipherContext::MODE_UNDEF)

    {

        init(cipher, key, mode);

    }


    bool defined() const

    {

        return ctx.is_initialized();

    }


    // size of iv buffer to pass to encrypt_decrypt


    size_t iv_length() const

    {

        return ctx.iv_length();

    }


    // cipher mode (such as CIPH_CBC_MODE, etc.)


    int cipher_mode() const

    {

        return ctx.cipher_mode();

    }


    // size of out buffer to pass to encrypt_decrypt


    size_t output_size(const size_t in_size) const

    {

        return in_size + ctx.block_size();

    }


    void init(SSLLib::Ctx libctx, const CryptoAlgs::Type cipher, const StaticKey &key, const int mode)

    {

        const CryptoAlgs::Alg &alg = CryptoAlgs::get(cipher);


        // check that provided key is large enough

        if (key.size() < alg.key_length())

            throw cipher_init_insufficient_key_material();


        // IV consistency check

        if (alg.iv_length() > CRYPTO_API::CipherContext::MAX_IV_LENGTH)

            throw cipher_internal_error();


        // initialize cipher context with cipher type, key, and encrypt/decrypt mode

        ctx.init(libctx, cipher, key.data(), mode);


        // save mode in object

        mode_ = mode;

    }


    size_t encrypt(const unsigned char *iv,

                   unsigned char *out,

                   const size_t out_size,

                   const unsigned char *in,

                   const size_t in_size)

    {

        if (mode_ != CRYPTO_API::CipherContext::ENCRYPT)

            throw cipher_mode_error();

        return encrypt_decrypt(iv, out, out_size, in, in_size);

    }


    size_t decrypt(const unsigned char *iv,

                   unsigned char *out,

                   const size_t out_size,

                   const unsigned char *in,

                   const size_t in_size)

    {

        if (mode_ != CRYPTO_API::CipherContext::DECRYPT)

            throw cipher_mode_error();

        return encrypt_decrypt(iv, out, out_size, in, in_size);

    }


    size_t encrypt_decrypt(const unsigned char *iv,

                           unsigned char *out,

                           const size_t out_size,

                           const unsigned char *in,

                           const size_t in_size)

    {

        if (out_size < output_size(in_size))

            throw cipher_output_buffer();

        ctx.reset(iv);

        size_t outlen = 0;

        if (!ctx.update(out, out_size, in, in_size, outlen))

            return 0;

        if (!ctx.final(out + outlen, out_size - outlen, outlen))

            return 0;

        return outlen;

    }


  private:

    int mode_;

    typename CRYPTO_API::CipherContext ctx;

};


} // namespace openvpn


#endif // OPENVPN_CRYPTO_CIPHER_H

openvpn::CipherContext
Definition cipher.hpp:28

openvpn::CipherContext::OPENVPN_SIMPLE_EXCEPTION
OPENVPN_SIMPLE_EXCEPTION(cipher_mode_error)

openvpn::CipherContext::cipher_mode
int cipher_mode() const
Definition cipher.hpp:60

openvpn::CipherContext::ctx
CRYPTO_API::CipherContext ctx
Definition cipher.hpp:131

openvpn::CipherContext::init
void init(SSLLib::Ctx libctx, const CryptoAlgs::Type cipher, const StaticKey &key, const int mode)
Definition cipher.hpp:71

openvpn::CipherContext::encrypt
size_t encrypt(const unsigned char *iv, unsigned char *out, const size_t out_size, const unsigned char *in, const size_t in_size)
Definition cipher.hpp:90

openvpn::CipherContext::output_size
size_t output_size(const size_t in_size) const
Definition cipher.hpp:66

openvpn::CipherContext::iv_length
size_t iv_length() const
Definition cipher.hpp:54

openvpn::CipherContext::CipherContext
CipherContext()
Definition cipher.hpp:37

openvpn::CipherContext::encrypt_decrypt
size_t encrypt_decrypt(const unsigned char *iv, unsigned char *out, const size_t out_size, const unsigned char *in, const size_t in_size)
Definition cipher.hpp:112

openvpn::CipherContext::mode_
int mode_
Definition cipher.hpp:130

openvpn::CipherContext::CipherContext
CipherContext(const CryptoAlgs::Type cipher, const StaticKey &key, const int mode)
Definition cipher.hpp:42

openvpn::CipherContext::OPENVPN_SIMPLE_EXCEPTION
OPENVPN_SIMPLE_EXCEPTION(cipher_internal_error)

openvpn::CipherContext::OPENVPN_SIMPLE_EXCEPTION
OPENVPN_SIMPLE_EXCEPTION(cipher_output_buffer)

openvpn::CipherContext::OPENVPN_SIMPLE_EXCEPTION
OPENVPN_SIMPLE_EXCEPTION(cipher_uninitialized)

openvpn::CipherContext::defined
bool defined() const
Definition cipher.hpp:48

openvpn::CipherContext::OPENVPN_SIMPLE_EXCEPTION
OPENVPN_SIMPLE_EXCEPTION(cipher_init_insufficient_key_material)

openvpn::CipherContext::decrypt
size_t decrypt(const unsigned char *iv, unsigned char *out, const size_t out_size, const unsigned char *in, const size_t in_size)
Definition cipher.hpp:101

openvpn::CryptoAlgs::Alg
Definition cryptoalgs.hpp:110

openvpn::CryptoAlgs::Alg::key_length
size_t key_length() const
Definition cryptoalgs.hpp:146

openvpn::CryptoAlgs::Alg::iv_length
size_t iv_length() const
Definition cryptoalgs.hpp:150

openvpn::StaticKey
Definition static_key.hpp:31

openvpn::StaticKey::data
const unsigned char * data() const
Definition static_key.hpp:54

openvpn::StaticKey::size
size_t size() const
Definition static_key.hpp:50

cryptoalgs.hpp

definitions.hpp

exception.hpp

openvpn::CryptoAlgs::Type
Type
Definition cryptoalgs.hpp:56

openvpn::CryptoAlgs::get
const Alg & get(const Type type)
Definition cryptoalgs.hpp:237

openvpn::SSLLib::Ctx
void * Ctx
Definition definitions.hpp:26

openvpn
Definition ovpncli.cpp:97

size.hpp

static_key.hpp

out
static std::stringstream out
Definition test_path.cpp:10