Classes
class	Alg

Enumerations
enum class	KeyDerivation { UNDEFINED , OPENVPN_PRF , TLS_EKM }

enum	Type { NONE = 0 , AES_128_CBC , AES_192_CBC , AES_256_CBC , DES_CBC , DES_EDE3_CBC , BF_CBC , AES_256_CTR , AES_128_GCM , AES_192_GCM , AES_256_GCM , CHACHA20_POLY1305 , MD4 , MD5 , SHA1 , SHA224 , SHA256 , SHA384 , SHA512 , SIZE }

enum	Mode { MODE_UNDEF = 0 , CBC_HMAC , AEAD , MODE_MASK = 0x03 }

enum	AlgFlags { F_CIPHER = (1 << 2) , F_DIGEST = (1 << 3) , F_ALLOW_DC = (1 << 4) }

enum	{ AEAD_NONCE_TAIL_SIZE = 8 }

Functions
	OPENVPN_EXCEPTION (crypto_alg)

	OPENVPN_SIMPLE_EXCEPTION (crypto_alg_index)

const char *	name (const KeyDerivation kd)

bool	defined (const Type type)

const Alg &	get_index (const size_t i)

const Alg *	get_ptr (const Type type)

const Alg &	get (const Type type)

std::size_t	for_each (std::function< bool(Type, const Alg &)> fn)

Type	lookup (const std::string &name)

const char *	name (const Type type, const char *default_name=nullptr)

size_t	size (const Type type)

size_t	key_length (const Type type)

size_t	iv_length (const Type type)

size_t	block_size (const Type type)

Mode	mode (const Type type)

uint64_t	aead_usage_limit (const Type type)

Type	legal_dc_cipher (const Type type)

Type	legal_dc_digest (const Type type)

Type	dc_cbc_cipher (const Type type)

Type	dc_cbc_hash (const Type type)

void	allow_dc_algs (const std::list< Type > types)

template<typename CRYPTO_API >
void	allow_default_dc_algs (SSLLib::Ctx libctx, bool preferred=false, bool legacy=false)

bool	use_cipher_digest (const Type type)

Variables
static constexpr uint64_t	gcm_limit = (1ull << 36) - 1

std::array< Alg, Type::SIZE >	algs

Enumeration Type Documentation

◆ anonymous enum

anonymous enum

Enumerator
AEAD_NONCE_TAIL_SIZE

Definition at line 105 of file cryptoalgs.hpp.

◆ AlgFlags

enum openvpn::CryptoAlgs::AlgFlags

Enumerator
F_CIPHER
F_DIGEST
F_ALLOW_DC

Definition at line 96 of file cryptoalgs.hpp.

◆ KeyDerivation

enum class openvpn::CryptoAlgs::KeyDerivation

strong

Enumerator
UNDEFINED
OPENVPN_PRF
TLS_EKM

Definition at line 33 of file cryptoalgs.hpp.

◆ Mode

enum openvpn::CryptoAlgs::Mode

Enumerator
MODE_UNDEF
CBC_HMAC
AEAD
MODE_MASK

Definition at line 88 of file cryptoalgs.hpp.

◆ Type

enum openvpn::CryptoAlgs::Type

Enumerator
NONE
AES_128_CBC
AES_192_CBC
AES_256_CBC
DES_CBC
DES_EDE3_CBC
BF_CBC
AES_256_CTR
AES_128_GCM
AES_192_GCM
AES_256_GCM
CHACHA20_POLY1305
MD4
MD5
SHA1
SHA224
SHA256
SHA384
SHA512
SIZE

Definition at line 55 of file cryptoalgs.hpp.

Function Documentation

◆ aead_usage_limit()

uint64_t openvpn::CryptoAlgs::aead_usage_limit ( const Type type )

inline

Definition at line 297 of file cryptoalgs.hpp.

◆ allow_dc_algs()

void openvpn::CryptoAlgs::allow_dc_algs ( const std::list< Type > types )

inline

Definition at line 335 of file cryptoalgs.hpp.

◆ allow_default_dc_algs()

template<typename CRYPTO_API >

void openvpn::CryptoAlgs::allow_default_dc_algs	(	SSLLib::Ctx	libctx,
		bool	preferred = `false`,
		bool	legacy = `false`
	)

inline

Allows the default algorithms but only those which are available with the library context.

Parameters

libctx	Library context to use
preferred	Allow only the preferred algorithms, also disabling legacy (only AEAD)
legacy	Allow also legacy algorithm that are vulnerable to SWEET32 no effect if preferred is true

Definition at line 353 of file cryptoalgs.hpp.

◆ block_size()

size_t openvpn::CryptoAlgs::block_size ( const Type type )

inline

Definition at line 285 of file cryptoalgs.hpp.

Here is the caller graph for this function:

◆ dc_cbc_cipher()

Type openvpn::CryptoAlgs::dc_cbc_cipher ( const Type type )

inline

Definition at line 319 of file cryptoalgs.hpp.

◆ dc_cbc_hash()

Type openvpn::CryptoAlgs::dc_cbc_hash ( const Type type )

inline

Definition at line 327 of file cryptoalgs.hpp.

◆ defined()

bool openvpn::CryptoAlgs::defined ( const Type type )

inline

Definition at line 217 of file cryptoalgs.hpp.

Here is the caller graph for this function:

◆ for_each()

std::size_t openvpn::CryptoAlgs::for_each ( std::function< bool(Type, const Alg &)> fn )

inline

Definition at line 240 of file cryptoalgs.hpp.

Here is the caller graph for this function:

◆ get()

const Alg & openvpn::CryptoAlgs::get ( const Type type )

inline

Definition at line 235 of file cryptoalgs.hpp.

Here is the caller graph for this function:

◆ get_index()

const Alg & openvpn::CryptoAlgs::get_index ( const size_t i )

inline

Definition at line 222 of file cryptoalgs.hpp.

Here is the caller graph for this function:

◆ get_ptr()

const Alg * openvpn::CryptoAlgs::get_ptr ( const Type type )

inline

Definition at line 229 of file cryptoalgs.hpp.

Here is the caller graph for this function:

◆ iv_length()

size_t openvpn::CryptoAlgs::iv_length ( const Type type )

inline

Definition at line 279 of file cryptoalgs.hpp.

Here is the caller graph for this function:

◆ key_length()

size_t openvpn::CryptoAlgs::key_length ( const Type type )

inline

Definition at line 273 of file cryptoalgs.hpp.

Here is the caller graph for this function:

◆ legal_dc_cipher()

Type openvpn::CryptoAlgs::legal_dc_cipher ( const Type type )

inline

Definition at line 303 of file cryptoalgs.hpp.

◆ legal_dc_digest()

Type openvpn::CryptoAlgs::legal_dc_digest ( const Type type )

inline

Definition at line 311 of file cryptoalgs.hpp.

◆ lookup()

Type openvpn::CryptoAlgs::lookup ( const std::string & name )

inline

Definition at line 249 of file cryptoalgs.hpp.

Here is the caller graph for this function:

◆ mode()

Mode openvpn::CryptoAlgs::mode ( const Type type )

inline

Definition at line 291 of file cryptoalgs.hpp.

Here is the caller graph for this function:

◆ name() [1/2]

const char * openvpn::CryptoAlgs::name ( const KeyDerivation kd )

inline

Definition at line 40 of file cryptoalgs.hpp.

Here is the caller graph for this function:

◆ name() [2/2]

const char * openvpn::CryptoAlgs::name	(	const Type	type,
		const char *	default_name = `nullptr`
	)

inline

Definition at line 259 of file cryptoalgs.hpp.

◆ OPENVPN_EXCEPTION()

openvpn::CryptoAlgs::OPENVPN_EXCEPTION ( crypto_alg )

◆ OPENVPN_SIMPLE_EXCEPTION()

openvpn::CryptoAlgs::OPENVPN_SIMPLE_EXCEPTION ( crypto_alg_index )

◆ size()

size_t openvpn::CryptoAlgs::size ( const Type type )

inline

Definition at line 267 of file cryptoalgs.hpp.

Here is the caller graph for this function:

◆ use_cipher_digest()

bool openvpn::CryptoAlgs::use_cipher_digest ( const Type type )

inline

Check if a specific algorithm depends on an additional digest or not

Parameters

type	CryptoAlgs::Type to check

Returns: Returns true if the queried algorithm depends on a digest, otherwise false.

Definition at line 396 of file cryptoalgs.hpp.

Here is the caller graph for this function:

Variable Documentation

◆ algs

std::array<Alg, Type::SIZE> openvpn::CryptoAlgs::algs

inline

Initial value:

= {
    
    Alg{"none",               F_CIPHER|F_DIGEST|CBC_HMAC,   0,  0,  0, 0 },
    Alg{"AES-128-CBC",        F_CIPHER|CBC_HMAC,           16, 16, 16, 0 },
    Alg{"AES-192-CBC",        F_CIPHER|CBC_HMAC,           24, 16, 16, 0 },
    Alg{"AES-256-CBC",        F_CIPHER|CBC_HMAC,           32, 16, 16, 0 },
    Alg{"DES-CBC",            F_CIPHER|CBC_HMAC,            8,  8,  8, 0 },
    Alg{"DES-EDE3-CBC",       F_CIPHER|CBC_HMAC,           24,  8,  8, 0 },
    Alg{"BF-CBC",             F_CIPHER|CBC_HMAC,           16,  8,  8, 0 },
    Alg{"AES-256-CTR",        F_CIPHER,                    32, 16, 16, 0 },
    Alg{"AES-128-GCM",        F_CIPHER|AEAD,               16, 12, 16, gcm_limit },
    Alg{"AES-192-GCM",        F_CIPHER|AEAD,               24, 12, 16, gcm_limit },
    Alg{"AES-256-GCM",        F_CIPHER|AEAD,               32, 12, 16, gcm_limit },
    Alg{"CHACHA20-POLY1305",  F_CIPHER|AEAD,               32, 12, 16, 0 },
    Alg{"MD4",                F_DIGEST,                    16,  0,  0, 0 },
    Alg{"MD5",                F_DIGEST,                    16,  0,  0, 0 },
    Alg{"SHA1",               F_DIGEST,                    20,  0,  0, 0 },
    Alg{"SHA224",             F_DIGEST,                    28,  0,  0, 0 },
    Alg{"SHA256",             F_DIGEST,                    32,  0,  0, 0 },
    Alg{"SHA384",             F_DIGEST,                    48,  0,  0, 0 },
    Alg{"SHA512",             F_DIGEST,                    64,  0,  0, 0 }
    
}

Definition at line 193 of file cryptoalgs.hpp.

◆ gcm_limit

constexpr uint64_t openvpn::CryptoAlgs::gcm_limit = (1ull << 36) - 1

staticconstexpr

The limit for AES-GCM ciphers according to https://datatracker.ietf.org/doc/draft-irtf-cfrg-aead-limits/

Definition at line 191 of file cryptoalgs.hpp.

Classes

Enumerations

Functions

Variables

Enumeration Type Documentation

◆ anonymous enum

◆ AlgFlags

◆ KeyDerivation

◆ Mode

◆ Type

Function Documentation

◆ aead_usage_limit()

◆ allow_dc_algs()

◆ allow_default_dc_algs()

◆ block_size()

◆ dc_cbc_cipher()

◆ dc_cbc_hash()

◆ defined()

◆ for_each()

◆ get()

◆ get_index()

◆ get_ptr()

◆ iv_length()

◆ key_length()

◆ legal_dc_cipher()

◆ legal_dc_digest()

◆ lookup()

◆ mode()

◆ name() [1/2]

◆ name() [2/2]

◆ OPENVPN_EXCEPTION()

◆ OPENVPN_SIMPLE_EXCEPTION()

◆ size()

◆ use_cipher_digest()

Variable Documentation

◆ algs

◆ gcm_limit