openvpn3/mbedtls_2crypto_2digest_8hpp_source.html

//    OpenVPN -- An application to securely tunnel IP networks

//               over a single port, with support for SSL/TLS-based

//               session authentication and key exchange,

//               packet encryption, packet authentication, and

//               packet compression.

//

//    Copyright (C) 2012- OpenVPN Inc.

//

//    SPDX-License-Identifier: MPL-2.0 OR AGPL-3.0-only WITH openvpn3-openssl-exception

//


// Wrap the mbed TLS digest API defined in <mbedtls/md.h>

// so that it can be used as part of the crypto layer of the OpenVPN core.


#ifndef OPENVPN_MBEDTLS_CRYPTO_DIGEST_H

#define OPENVPN_MBEDTLS_CRYPTO_DIGEST_H


#include <string>


#include <mbedtls/md.h>


#include <openvpn/common/size.hpp>

#include <openvpn/common/exception.hpp>

#include <openvpn/crypto/cryptoalgs.hpp>

#include <openvpn/mbedtls/mbedtls_compat.hpp>


namespace openvpn::MbedTLSCrypto {

class HMACContext;


class DigestContext

{

    DigestContext(const DigestContext &) = delete;

    DigestContext &operator=(const DigestContext &) = delete;


  public:

    friend class HMACContext;


    OPENVPN_SIMPLE_EXCEPTION(mbedtls_digest_uninitialized);

    OPENVPN_SIMPLE_EXCEPTION(mbedtls_digest_final_overflow);

    OPENVPN_EXCEPTION(mbedtls_digest_error);


    enum

    {

        MAX_DIGEST_SIZE = MBEDTLS_MD_MAX_SIZE

    };


    DigestContext()

        : initialized(false)

    {

    }


    DigestContext(const CryptoAlgs::Type alg)

        : initialized(false)

    {

        init(alg);

    }


    // SSLLib::Ctx is unused in mbedtls


    DigestContext(const CryptoAlgs::Type alg, SSLLib::Ctx)

        : initialized(false)

    {

        init(alg);

    }


    ~DigestContext()

    {

        erase();

    }


    void init(const CryptoAlgs::Type alg)

    {

        erase();


        mbedtls_md_init(&ctx);

        if (mbedtls_md_setup(&ctx, digest_type(alg), 1) < 0)

            throw mbedtls_digest_error("mbedtls_md_setup");

        if (mbedtls_md_starts(&ctx) < 0)

            throw mbedtls_digest_error("mbedtls_md_starts");

        initialized = true;

    }


    void update(const unsigned char *in, const size_t size)

    {

        check_initialized();

        if (mbedtls_md_update(&ctx, in, size) < 0)

            throw mbedtls_digest_error("mbedtls_md_update");

    }


    size_t final(unsigned char *out)

    {

        check_initialized();

        if (mbedtls_md_finish(&ctx, out) < 0)

            throw mbedtls_digest_error("mbedtls_md_finish");

        return size_();

    }


    size_t size() const

    {

        check_initialized();

        return size_();

    }


    bool is_initialized() const

    {

        return initialized;

    }


  private:


    static const mbedtls_md_info_t *digest_type(const CryptoAlgs::Type alg)

    {

        switch (alg)

        {

#if MBEDTLS_VERSION_NUMBER < 0x03000000

        case CryptoAlgs::MD4:

            return mbedtls_md_info_from_type(MBEDTLS_MD_MD4);

#endif

        case CryptoAlgs::MD5:

            return mbedtls_md_info_from_type(MBEDTLS_MD_MD5);

        case CryptoAlgs::SHA1:

            return mbedtls_md_info_from_type(MBEDTLS_MD_SHA1);

        case CryptoAlgs::SHA224:

            return mbedtls_md_info_from_type(MBEDTLS_MD_SHA224);

        case CryptoAlgs::SHA256:

            return mbedtls_md_info_from_type(MBEDTLS_MD_SHA256);

        case CryptoAlgs::SHA384:

            return mbedtls_md_info_from_type(MBEDTLS_MD_SHA384);

        case CryptoAlgs::SHA512:

            return mbedtls_md_info_from_type(MBEDTLS_MD_SHA512);

        default:

            OPENVPN_THROW(mbedtls_digest_error, CryptoAlgs::name(alg) << ": not usable");

        }

    }


    void erase()

    {

        if (initialized)

        {

            mbedtls_md_free(&ctx);

            initialized = false;

        }

    }


    size_t size_() const

    {

        return mbedtls_md_get_size(mbedtls_md_info_from_ctx(&ctx));

    }


    void check_initialized() const

    {

#ifdef OPENVPN_ENABLE_ASSERT

        if (!initialized)

            throw mbedtls_digest_uninitialized();

#endif

    }


    bool initialized;

    mbedtls_md_context_t ctx;

};


} // namespace openvpn::MbedTLSCrypto


#endif

openvpn::MbedTLSCrypto::DigestContext
Definition digest.hpp:31

openvpn::MbedTLSCrypto::DigestContext::erase
void erase()
Definition digest.hpp:134

openvpn::MbedTLSCrypto::DigestContext::size_
size_t size_() const
Definition digest.hpp:143

openvpn::MbedTLSCrypto::DigestContext::OPENVPN_SIMPLE_EXCEPTION
OPENVPN_SIMPLE_EXCEPTION(mbedtls_digest_final_overflow)

openvpn::MbedTLSCrypto::DigestContext::operator=
DigestContext & operator=(const DigestContext &)=delete

openvpn::MbedTLSCrypto::DigestContext::size
size_t size() const
Definition digest.hpp:97

openvpn::MbedTLSCrypto::DigestContext::is_initialized
bool is_initialized() const
Definition digest.hpp:103

openvpn::MbedTLSCrypto::DigestContext::OPENVPN_SIMPLE_EXCEPTION
OPENVPN_SIMPLE_EXCEPTION(mbedtls_digest_uninitialized)

openvpn::MbedTLSCrypto::DigestContext::digest_type
static const mbedtls_md_info_t * digest_type(const CryptoAlgs::Type alg)
Definition digest.hpp:109

openvpn::MbedTLSCrypto::DigestContext::ctx
mbedtls_md_context_t ctx
Definition digest.hpp:157

openvpn::MbedTLSCrypto::DigestContext::DigestContext
DigestContext()
Definition digest.hpp:47

openvpn::MbedTLSCrypto::DigestContext::DigestContext
DigestContext(const DigestContext &)=delete

openvpn::MbedTLSCrypto::DigestContext::MAX_DIGEST_SIZE
@ MAX_DIGEST_SIZE
Definition digest.hpp:44

openvpn::MbedTLSCrypto::DigestContext::update
void update(const unsigned char *in, const size_t size)
Definition digest.hpp:82

openvpn::MbedTLSCrypto::DigestContext::DigestContext
DigestContext(const CryptoAlgs::Type alg, SSLLib::Ctx)
Definition digest.hpp:59

openvpn::MbedTLSCrypto::DigestContext::DigestContext
DigestContext(const CryptoAlgs::Type alg)
Definition digest.hpp:52

openvpn::MbedTLSCrypto::DigestContext::OPENVPN_EXCEPTION
OPENVPN_EXCEPTION(mbedtls_digest_error)

openvpn::MbedTLSCrypto::DigestContext::check_initialized
void check_initialized() const
Definition digest.hpp:148

openvpn::MbedTLSCrypto::DigestContext::init
void init(const CryptoAlgs::Type alg)
Definition digest.hpp:70

openvpn::MbedTLSCrypto::DigestContext::initialized
bool initialized
Definition digest.hpp:156

openvpn::MbedTLSCrypto::DigestContext::~DigestContext
~DigestContext()
Definition digest.hpp:65

openvpn::MbedTLSCrypto::HMACContext
Definition hmac.hpp:27

cryptoalgs.hpp

exception.hpp

OPENVPN_THROW
#define OPENVPN_THROW(exc, stuff)
Definition exception.hpp:175

mbedtls_compat.hpp

mbedtls_md_info_from_ctx
static const mbedtls_md_info_t * mbedtls_md_info_from_ctx(const mbedtls_md_context_t *ctx)
Definition mbedtls_compat.hpp:30

openvpn::CryptoAlgs::Type
Type
Definition cryptoalgs.hpp:56

openvpn::CryptoAlgs::SHA512
@ SHA512
Definition cryptoalgs.hpp:83

openvpn::CryptoAlgs::SHA256
@ SHA256
Definition cryptoalgs.hpp:81

openvpn::CryptoAlgs::SHA1
@ SHA1
Definition cryptoalgs.hpp:79

openvpn::CryptoAlgs::SHA224
@ SHA224
Definition cryptoalgs.hpp:80

openvpn::CryptoAlgs::MD4
@ MD4
Definition cryptoalgs.hpp:77

openvpn::CryptoAlgs::SHA384
@ SHA384
Definition cryptoalgs.hpp:82

openvpn::CryptoAlgs::MD5
@ MD5
Definition cryptoalgs.hpp:78

openvpn::CryptoAlgs::name
const char * name(const KeyDerivation kd)
Definition cryptoalgs.hpp:40

openvpn::MbedTLSCrypto
Definition cipher.hpp:27

openvpn::SSLLib::Ctx
void * Ctx
Definition definitions.hpp:26

size.hpp

out
static std::stringstream out
Definition test_path.cpp:10