Classes
class	Alg

Enumerations
enum class	KeyDerivation { UNDEFINED , OPENVPN_PRF , TLS_EKM }

enum	Type { NONE = 0 , AES_128_CBC , AES_192_CBC , AES_256_CBC , DES_CBC , DES_EDE3_CBC , BF_CBC , AES_256_CTR , AES_128_GCM , AES_192_GCM , AES_256_GCM , CHACHA20_POLY1305 , MD4 , MD5 , SHA1 , SHA224 , SHA256 , SHA384 , SHA512 , SIZE }

enum	Mode { MODE_UNDEF = 0 , CBC_HMAC , AEAD }

enum	AlgFlags { F_CIPHER = (1 << 0) , F_DIGEST = (1 << 1) , F_ALLOW_DC = (1 << 2) }

enum	{ AEAD_NONCE_TAIL_SIZE = 8 }

Functions
	OPENVPN_EXCEPTION (crypto_alg)

	OPENVPN_SIMPLE_EXCEPTION (crypto_alg_index)

const char *	name (const KeyDerivation kd)

bool	defined (const Type type)

const Alg &	get_index (const size_t i)

const Alg *	get_ptr (const Type type)

const Alg &	get (const Type type)

std::size_t	for_each (std::function< bool(Type, const Alg &)> fn)

Type	lookup (const std::string &name)

const char *	name (const Type type, const char *default_name=nullptr)

size_t	size (const Type type)

size_t	key_length (const Type type)

size_t	iv_length (const Type type)

size_t	block_size (const Type type)

Mode	mode (const Type type)

uint64_t	aead_usage_limit (const Type type)

Type	legal_dc_cipher (const Type type)

Type	legal_dc_digest (const Type type)

Type	dc_cbc_cipher (const Type type)

Type	dc_cbc_hash (const Type type)

void	allow_dc_algs (const std::list< Type > types)

template<typename CRYPTO_API >
void	allow_default_dc_algs (SSLLib::Ctx libctx, bool preferred=false, bool legacy=false)

bool	use_cipher_digest (const Type type)

Variables
static constexpr uint64_t	gcm_limit = (1ull << 36) - 1

std::array< Alg, Type::SIZE >	algs

Enumeration Type Documentation

◆ anonymous enum

anonymous enum

Enumerator
AEAD_NONCE_TAIL_SIZE

Definition at line 104 of file cryptoalgs.hpp.

◆ AlgFlags

enum openvpn::CryptoAlgs::AlgFlags

Enumerator
F_CIPHER
F_DIGEST
F_ALLOW_DC

Definition at line 95 of file cryptoalgs.hpp.

◆ KeyDerivation

enum class openvpn::CryptoAlgs::KeyDerivation

strong

Enumerator
UNDEFINED
OPENVPN_PRF
TLS_EKM

Definition at line 33 of file cryptoalgs.hpp.

◆ Mode

enum openvpn::CryptoAlgs::Mode

Enumerator
MODE_UNDEF
CBC_HMAC
AEAD

Definition at line 88 of file cryptoalgs.hpp.

◆ Type

enum openvpn::CryptoAlgs::Type

Enumerator
NONE
AES_128_CBC
AES_192_CBC
AES_256_CBC
DES_CBC
DES_EDE3_CBC
BF_CBC
AES_256_CTR
AES_128_GCM
AES_192_GCM
AES_256_GCM
CHACHA20_POLY1305
MD4
MD5
SHA1
SHA224
SHA256
SHA384
SHA512
SIZE

Definition at line 55 of file cryptoalgs.hpp.

Function Documentation

◆ aead_usage_limit()

uint64_t openvpn::CryptoAlgs::aead_usage_limit ( const Type type )

inline

Definition at line 299 of file cryptoalgs.hpp.

◆ allow_dc_algs()

void openvpn::CryptoAlgs::allow_dc_algs ( const std::list< Type > types )

inline

Definition at line 337 of file cryptoalgs.hpp.

◆ allow_default_dc_algs()

template<typename CRYPTO_API >

void openvpn::CryptoAlgs::allow_default_dc_algs	(	SSLLib::Ctx	libctx,
		bool	preferred = `false`,
		bool	legacy = `false`
	)

inline

Allows the default algorithms but only those which are available with the library context.

Parameters

libctx	Library context to use
preferred	Allow only the preferred algorithms, also disabling legacy (only AEAD)
legacy	Allow also legacy algorithm that are vulnerable to SWEET32 no effect if preferred is true

Definition at line 355 of file cryptoalgs.hpp.

◆ block_size()

size_t openvpn::CryptoAlgs::block_size ( const Type type )

inline

Definition at line 287 of file cryptoalgs.hpp.

Here is the caller graph for this function:

◆ dc_cbc_cipher()

Type openvpn::CryptoAlgs::dc_cbc_cipher ( const Type type )

inline

Definition at line 321 of file cryptoalgs.hpp.

◆ dc_cbc_hash()

Type openvpn::CryptoAlgs::dc_cbc_hash ( const Type type )

inline

Definition at line 329 of file cryptoalgs.hpp.

◆ defined()

bool openvpn::CryptoAlgs::defined ( const Type type )

inline

Definition at line 219 of file cryptoalgs.hpp.

Here is the caller graph for this function:

◆ for_each()

std::size_t openvpn::CryptoAlgs::for_each ( std::function< bool(Type, const Alg &)> fn )

inline

Definition at line 242 of file cryptoalgs.hpp.

Here is the caller graph for this function:

◆ get()

const Alg & openvpn::CryptoAlgs::get ( const Type type )

inline

Definition at line 237 of file cryptoalgs.hpp.

Here is the caller graph for this function:

◆ get_index()

const Alg & openvpn::CryptoAlgs::get_index ( const size_t i )

inline

Definition at line 224 of file cryptoalgs.hpp.

Here is the caller graph for this function:

◆ get_ptr()

const Alg * openvpn::CryptoAlgs::get_ptr ( const Type type )

inline

Definition at line 231 of file cryptoalgs.hpp.

Here is the caller graph for this function:

◆ iv_length()

size_t openvpn::CryptoAlgs::iv_length ( const Type type )

inline

Definition at line 281 of file cryptoalgs.hpp.

Here is the caller graph for this function:

◆ key_length()

size_t openvpn::CryptoAlgs::key_length ( const Type type )

inline

Definition at line 275 of file cryptoalgs.hpp.

Here is the caller graph for this function:

◆ legal_dc_cipher()

Type openvpn::CryptoAlgs::legal_dc_cipher ( const Type type )

inline

Definition at line 305 of file cryptoalgs.hpp.

◆ legal_dc_digest()

Type openvpn::CryptoAlgs::legal_dc_digest ( const Type type )

inline

Definition at line 313 of file cryptoalgs.hpp.

◆ lookup()

Type openvpn::CryptoAlgs::lookup ( const std::string & name )

inline

Definition at line 251 of file cryptoalgs.hpp.

Here is the caller graph for this function:

◆ mode()

Mode openvpn::CryptoAlgs::mode ( const Type type )

inline

Definition at line 293 of file cryptoalgs.hpp.

Here is the caller graph for this function:

◆ name() [1/2]

const char * openvpn::CryptoAlgs::name ( const KeyDerivation kd )

inline

Definition at line 40 of file cryptoalgs.hpp.

Here is the caller graph for this function:

◆ name() [2/2]

const char * openvpn::CryptoAlgs::name	(	const Type	type,
		const char *	default_name = `nullptr`
	)

inline

Definition at line 261 of file cryptoalgs.hpp.

◆ OPENVPN_EXCEPTION()

openvpn::CryptoAlgs::OPENVPN_EXCEPTION ( crypto_alg )

◆ OPENVPN_SIMPLE_EXCEPTION()

openvpn::CryptoAlgs::OPENVPN_SIMPLE_EXCEPTION ( crypto_alg_index )

◆ size()

size_t openvpn::CryptoAlgs::size ( const Type type )

inline

Definition at line 269 of file cryptoalgs.hpp.

Here is the caller graph for this function:

◆ use_cipher_digest()

bool openvpn::CryptoAlgs::use_cipher_digest ( const Type type )

inline

Check if a specific algorithm depends on an additional digest or not

Parameters

type	CryptoAlgs::Type to check

Returns: Returns true if the queried algorithm depends on a digest, otherwise false.

Definition at line 398 of file cryptoalgs.hpp.

Here is the caller graph for this function:

Variable Documentation

◆ algs

std::array<Alg, Type::SIZE> openvpn::CryptoAlgs::algs

inline

Initial value:

= {
    
    Alg{"none",               F_CIPHER|F_DIGEST, CBC_HMAC,   0,  0,  0, 0 },
    Alg{"AES-128-CBC",        F_CIPHER,          CBC_HMAC,  16, 16, 16, 0 },
    Alg{"AES-192-CBC",        F_CIPHER,          CBC_HMAC,  24, 16, 16, 0 },
    Alg{"AES-256-CBC",        F_CIPHER,          CBC_HMAC,  32, 16, 16, 0 },
    Alg{"DES-CBC",            F_CIPHER,          CBC_HMAC,    8,  8,  8, 0 },
    Alg{"DES-EDE3-CBC",       F_CIPHER,          CBC_HMAC,   24,  8,  8, 0 },
    Alg{"BF-CBC",             F_CIPHER,          CBC_HMAC,   16,  8,  8, 0 },
    Alg{"AES-256-CTR",        F_CIPHER,          MODE_UNDEF, 32, 16, 16, 0 },
    Alg{"AES-128-GCM",        F_CIPHER,          AEAD,       16, 12, 16, gcm_limit },
    Alg{"AES-192-GCM",        F_CIPHER,          AEAD,       24, 12, 16, gcm_limit },
    Alg{"AES-256-GCM",        F_CIPHER,          AEAD,       32, 12, 16, gcm_limit },
    Alg{"CHACHA20-POLY1305",  F_CIPHER,          AEAD,       32, 12, 16, 0 },
    Alg{"MD4",                F_DIGEST,          MODE_UNDEF, 16,  0,  0, 0 },
    Alg{"MD5",                F_DIGEST,          MODE_UNDEF, 16,  0,  0, 0 },
    Alg{"SHA1",               F_DIGEST,          MODE_UNDEF, 20,  0,  0, 0 },
    Alg{"SHA224",             F_DIGEST,          MODE_UNDEF, 28,  0,  0, 0 },
    Alg{"SHA256",             F_DIGEST,          MODE_UNDEF, 32,  0,  0, 0 },
    Alg{"SHA384",             F_DIGEST,          MODE_UNDEF, 48,  0,  0, 0 },
    Alg{"SHA512",             F_DIGEST,          MODE_UNDEF, 64,  0,  0, 0 }
    
}

Definition at line 195 of file cryptoalgs.hpp.

◆ gcm_limit

constexpr uint64_t openvpn::CryptoAlgs::gcm_limit = (1ull << 36) - 1

staticconstexpr

The limit for AES-GCM ciphers according to https://datatracker.ietf.org/doc/draft-irtf-cfrg-aead-limits/

Definition at line 193 of file cryptoalgs.hpp.

Classes

Enumerations

Functions

Variables

Enumeration Type Documentation

◆ anonymous enum

◆ AlgFlags

◆ KeyDerivation

◆ Mode

◆ Type

Function Documentation

◆ aead_usage_limit()

◆ allow_dc_algs()

◆ allow_default_dc_algs()

◆ block_size()

◆ dc_cbc_cipher()

◆ dc_cbc_hash()

◆ defined()

◆ for_each()

◆ get()

◆ get_index()

◆ get_ptr()

◆ iv_length()

◆ key_length()

◆ legal_dc_cipher()

◆ legal_dc_digest()

◆ lookup()

◆ mode()

◆ name() [1/2]

◆ name() [2/2]

◆ OPENVPN_EXCEPTION()

◆ OPENVPN_SIMPLE_EXCEPTION()

◆ size()

◆ use_cipher_digest()

Variable Documentation

◆ algs

◆ gcm_limit