OpenVPN 3 Core Library
Loading...
Searching...
No Matches
cryptodc.hpp
Go to the documentation of this file.
1// OpenVPN -- An application to securely tunnel IP networks
2// over a single port, with support for SSL/TLS-based
3// session authentication and key exchange,
4// packet encryption, packet authentication, and
5// packet compression.
6//
7// Copyright (C) 2012- OpenVPN Inc.
8//
9// SPDX-License-Identifier: MPL-2.0 OR AGPL-3.0-only WITH openvpn3-openssl-exception
10//
11
12// Base class for OpenVPN data channel encryption/decryption
13
14#ifndef OPENVPN_CRYPTO_CRYPTODC_H
15#define OPENVPN_CRYPTO_CRYPTODC_H
16
17#include <utility> // for std::move
18#include <cstdint> // for std::uint32_t, etc.
19
20#include <openvpn/common/exception.hpp>
21#include <openvpn/buffer/buffer.hpp>
22#include <openvpn/error/error.hpp>
23#include <openvpn/common/rc.hpp>
24#include <openvpn/frame/frame.hpp>
25#include <openvpn/crypto/static_key.hpp>
26#include <openvpn/crypto/packet_id_control.hpp>
27#include <openvpn/crypto/cryptoalgs.hpp>
28#include <openvpn/compress/compress.hpp>
29
30namespace openvpn {
31
32// Base class for encryption/decryption of data channel
33class CryptoDCInstance : public RC<thread_unsafe_refcount>
34{
35 public:
36 typedef RCPtr<CryptoDCInstance> Ptr;
37
38 // Encrypt/Decrypt
39
40 // returns true if packet ID is close to wrapping
41 virtual bool encrypt(BufferAllocated &buf, const unsigned char *op32) = 0;
42
43 virtual Error::Type decrypt(BufferAllocated &buf, std::time_t now, const unsigned char *op32) = 0;
44
45 // Initialization
46
47 // return value of defined()
48 enum
49 {
50 CIPHER_DEFINED = (1 << 0), // may call init_cipher method
51 HMAC_DEFINED = (1 << 1), // may call init_hmac method
52 CRYPTO_DEFINED = (1 << 2), // may call encrypt or decrypt methods
53 EXPLICIT_EXIT_NOTIFY_DEFINED = (1 << 3) // may call explicit_exit_notify method
54 };
55 virtual unsigned int defined() const = 0;
56
57
62 virtual void init_cipher(StaticKey &&encrypt_key,
63 StaticKey &&decrypt_key) = 0;
64
65 virtual void init_hmac(StaticKey &&encrypt_key,
66 StaticKey &&decrypt_key) = 0;
67
68 virtual void init_pid(const char *recv_name,
69 const int recv_unit,
70 const SessionStats::Ptr &recv_stats_arg) = 0;
71
72 virtual void init_remote_peer_id(const int remote_peer_id)
73 {
74 }
75
76 virtual bool consider_compression(const CompressContext &comp_ctx) = 0;
77
78 virtual void explicit_exit_notify()
79 {
80 }
81
82 // Rekeying
83
93
94 virtual void rekey(const RekeyType type) = 0;
95};
96
98class CryptoDCSettingsData
99{
100 public:
101 OPENVPN_SIMPLE_EXCEPTION(no_data_channel_factory);
102
103 CryptoDCSettingsData() = default;
104
109
114
115 void set_use_epoch_keys(bool use_epoch)
116 {
117 use_epoch_keys = use_epoch;
118 }
119
120 CryptoAlgs::Type cipher() const
121 {
122 return cipher_;
123 }
124
136
137 bool useEpochKeys() const
138 {
139 return use_epoch_keys;
140 }
141
142 void set_key_derivation(CryptoAlgs::KeyDerivation method)
143 {
144 key_derivation_ = method;
145 }
146
151
152
153 private:
154 CryptoAlgs::Type cipher_ = CryptoAlgs::NONE;
155 CryptoAlgs::Type digest_ = CryptoAlgs::NONE;
156 CryptoAlgs::KeyDerivation key_derivation_ = CryptoAlgs::KeyDerivation::OPENVPN_PRF;
157 bool use_epoch_keys = false;
158};
159
160// Factory for CryptoDCInstance objects
161class CryptoDCContext : public RC<thread_unsafe_refcount>
162{
163 public:
164 explicit CryptoDCContext(const CryptoAlgs::KeyDerivation method)
165 : key_derivation(method)
166 {
167 }
168
169 typedef RCPtr<CryptoDCContext> Ptr;
170
171 virtual CryptoDCInstance::Ptr new_obj(const unsigned int key_id) = 0;
172
173 virtual CryptoDCSettingsData crypto_info() = 0;
174
175 // Info for ProtoContext::link_mtu_adjust
176 virtual size_t encap_overhead() const = 0;
177
178 protected:
179 CryptoAlgs::KeyDerivation key_derivation = CryptoAlgs::KeyDerivation::OPENVPN_PRF;
180};
181
182// Factory for CryptoDCContext objects
183class CryptoDCFactory : public RC<thread_unsafe_refcount>
184{
185 public:
186 typedef RCPtr<CryptoDCFactory> Ptr;
187
188 virtual CryptoDCContext::Ptr new_obj(const CryptoDCSettingsData) = 0;
189};
190
191
192// Manage cipher/digest settings, DC factory, and DC context.
193class CryptoDCSettings : public CryptoDCSettingsData
194{
195 public:
196 OPENVPN_SIMPLE_EXCEPTION(no_data_channel_factory);
197
198 CryptoDCSettings() = default;
199
200 void set_factory(const CryptoDCFactory::Ptr &factory)
201 {
202 factory_ = factory;
203 context_.reset();
204 dirty = false;
205 }
206
207 void set_cipher(const CryptoAlgs::Type new_cipher)
208 {
209 if (new_cipher != cipher())
210 {
211 CryptoDCSettingsData::set_cipher(new_cipher);
212 dirty = true;
213 }
214 }
215
216 void set_digest(const CryptoAlgs::Type new_digest)
217 {
218 if (new_digest != digest())
219 {
220 CryptoDCSettingsData::set_digest(new_digest);
221 dirty = true;
222 }
223 }
224
225 void set_use_epoch_keys(bool at_the_end)
226 {
227 if (at_the_end != useEpochKeys())
228 {
229 CryptoDCSettingsData::set_use_epoch_keys(at_the_end);
230 dirty = true;
231 }
232 }
233
234 CryptoDCContext &context()
235 {
236 if (!context_ || dirty)
237 {
238 if (!factory_)
239 throw no_data_channel_factory();
240 context_ = factory_->new_obj(*this);
241 dirty = false;
242 }
243 return *context_;
244 }
245
246 void reset()
247 {
248 factory_.reset();
249 context_.reset();
250 dirty = false;
251 }
252
253 [[nodiscard]] CryptoDCFactory::Ptr factory() const
254 {
255 return factory_;
256 }
257
258 private:
259 bool dirty = false;
260 CryptoDCFactory::Ptr factory_;
261 CryptoDCContext::Ptr context_;
262};
263} // namespace openvpn
264
265#endif
openvpn::CryptoDCContext::crypto_info
virtual CryptoDCSettingsData crypto_info()=0
openvpn::CryptoDCContext::new_obj
virtual CryptoDCInstance::Ptr new_obj(const unsigned int key_id)=0
openvpn::CryptoDCContext::CryptoDCContext
CryptoDCContext(const CryptoAlgs::KeyDerivation method)
Definition cryptodc.hpp:164
openvpn::CryptoDCContext::key_derivation
CryptoAlgs::KeyDerivation key_derivation
Definition cryptodc.hpp:179
openvpn::CryptoDCContext::Ptr
RCPtr< CryptoDCContext > Ptr
Definition cryptodc.hpp:169
openvpn::CryptoDCContext::encap_overhead
virtual size_t encap_overhead() const =0
openvpn::CryptoDCFactory::Ptr
RCPtr< CryptoDCFactory > Ptr
Definition cryptodc.hpp:186
openvpn::CryptoDCFactory::new_obj
virtual CryptoDCContext::Ptr new_obj(const CryptoDCSettingsData)=0
openvpn::CryptoDCInstance::explicit_exit_notify
virtual void explicit_exit_notify()
Definition cryptodc.hpp:78
openvpn::CryptoDCInstance::init_pid
virtual void init_pid(const char *recv_name, const int recv_unit, const SessionStats::Ptr &recv_stats_arg)=0
openvpn::CryptoDCInstance::defined
virtual unsigned int defined() const =0
openvpn::CryptoDCInstance::init_remote_peer_id
virtual void init_remote_peer_id(const int remote_peer_id)
Definition cryptodc.hpp:72
openvpn::CryptoDCInstance::init_hmac
virtual void init_hmac(StaticKey &&encrypt_key, StaticKey &&decrypt_key)=0
openvpn::CryptoDCInstance::rekey
virtual void rekey(const RekeyType type)=0
openvpn::CryptoDCInstance::encrypt
virtual bool encrypt(BufferAllocated &buf, const unsigned char *op32)=0
openvpn::CryptoDCInstance::decrypt
virtual Error::Type decrypt(BufferAllocated &buf, std::time_t now, const unsigned char *op32)=0
openvpn::CryptoDCInstance::consider_compression
virtual bool consider_compression(const CompressContext &comp_ctx)=0
openvpn::CryptoDCInstance::Ptr
RCPtr< CryptoDCInstance > Ptr
Definition cryptodc.hpp:36
openvpn::CryptoDCInstance::init_cipher
virtual void init_cipher(StaticKey &&encrypt_key, StaticKey &&decrypt_key)=0
openvpn::CryptoDCSettingsData::OPENVPN_SIMPLE_EXCEPTION
OPENVPN_SIMPLE_EXCEPTION(no_data_channel_factory)
openvpn::CryptoDCSettingsData::set_digest
void set_digest(CryptoAlgs::Type digest)
Definition cryptodc.hpp:110
openvpn::CryptoDCSettingsData::cipher
CryptoAlgs::Type cipher() const
Definition cryptodc.hpp:120
openvpn::CryptoDCSettingsData::set_cipher
void set_cipher(CryptoAlgs::Type cipher)
Definition cryptodc.hpp:105
openvpn::CryptoDCSettingsData::key_derivation
CryptoAlgs::KeyDerivation key_derivation() const
Definition cryptodc.hpp:147
openvpn::CryptoDCSettingsData::digest
CryptoAlgs::Type digest() const
Definition cryptodc.hpp:132
openvpn::CryptoDCSettingsData::key_derivation_
CryptoAlgs::KeyDerivation key_derivation_
Definition cryptodc.hpp:156
openvpn::CryptoDCSettingsData::set_key_derivation
void set_key_derivation(CryptoAlgs::KeyDerivation method)
Definition cryptodc.hpp:142
openvpn::CryptoDCSettingsData::set_use_epoch_keys
void set_use_epoch_keys(bool use_epoch)
Definition cryptodc.hpp:115
openvpn::CryptoDCSettings::context
CryptoDCContext & context()
Definition cryptodc.hpp:234
openvpn::CryptoDCSettings::set_use_epoch_keys
void set_use_epoch_keys(bool at_the_end)
Definition cryptodc.hpp:225
openvpn::CryptoDCSettings::factory_
CryptoDCFactory::Ptr factory_
Definition cryptodc.hpp:260
openvpn::CryptoDCSettings::OPENVPN_SIMPLE_EXCEPTION
OPENVPN_SIMPLE_EXCEPTION(no_data_channel_factory)
openvpn::CryptoDCSettings::context_
CryptoDCContext::Ptr context_
Definition cryptodc.hpp:261
openvpn::CryptoDCSettings::set_digest
void set_digest(const CryptoAlgs::Type new_digest)
Definition cryptodc.hpp:216
openvpn::CryptoDCSettings::set_factory
void set_factory(const CryptoDCFactory::Ptr &factory)
Definition cryptodc.hpp:200
openvpn::CryptoDCSettings::factory
CryptoDCFactory::Ptr factory() const
Definition cryptodc.hpp:253
openvpn::CryptoDCSettings::set_cipher
void set_cipher(const CryptoAlgs::Type new_cipher)
Definition cryptodc.hpp:207
openvpn::RCPtr
The smart pointer class.
Definition rc.hpp:119
openvpn::RCPtr::reset
void reset() noexcept
Points this RCPtr<T> to nullptr safely.
Definition rc.hpp:290
openvpn::RC
Reference count base class for objects tracked by RCPtr. Disallows copying and assignment.
Definition rc.hpp:912
openvpn::CryptoAlgs::use_cipher_digest
bool use_cipher_digest(const Type type)
Definition cryptoalgs.hpp:398
packet_id_control.hpp
static_key.hpp