OpenVPN 3 Core Library
Loading...
Searching...
No Matches
static_key.hpp
Go to the documentation of this file.
1// OpenVPN -- An application to securely tunnel IP networks
2// over a single port, with support for SSL/TLS-based
3// session authentication and key exchange,
4// packet encryption, packet authentication, and
5// packet compression.
6//
7// Copyright (C) 2012- OpenVPN Inc.
8//
9// SPDX-License-Identifier: MPL-2.0 OR AGPL-3.0-only WITH openvpn3-openssl-exception
10//
11
12// Classes for handling OpenVPN static keys (and tls-auth keys)
13
14#ifndef OPENVPN_CRYPTO_STATIC_KEY_H
15#define OPENVPN_CRYPTO_STATIC_KEY_H
16
17#include <string>
18#include <sstream>
19
20#include <openvpn/common/exception.hpp>
21#include <openvpn/common/hexstr.hpp>
22#include <openvpn/common/file.hpp>
23#include <openvpn/common/splitlines.hpp>
24#include <openvpn/common/base64.hpp>
25#include <openvpn/buffer/buffer.hpp>
26#include <openvpn/random/randapi.hpp>
27
28namespace openvpn {
29
30class StaticKey
31{
32 friend class OpenVPNStaticKey;
33 typedef BufferAllocated key_t;
34
35 public:
36 StaticKey()
37 {
38 }
39 StaticKey(const unsigned char *key_data, const size_t key_size)
40 : key_data_(key_data, key_size, BufAllocFlags::DESTRUCT_ZERO)
41 {
42 }
43
44 StaticKey(const key_t &keydata)
45 : key_data_(keydata)
46 {
47 key_data_.or_flags(BufAllocFlags::DESTRUCT_ZERO);
48 }
49
50 size_t size() const
51 {
52 return key_data_.size();
53 }
54 const unsigned char *data() const
55 {
56 return key_data_.c_data();
57 }
58 void erase()
59 {
60 key_data_.clear();
61 }
62
63 std::string render_hex() const
64 {
65 return openvpn::render_hex_generic(key_data_);
66 }
67
68 void parse_from_base64(const std::string &b64, const size_t capacity)
69 {
70 key_data_.reset(capacity, BufAllocFlags::DESTRUCT_ZERO);
71 base64->decode(key_data_, b64);
72 }
73
74 std::string render_to_base64() const
75 {
76 return base64->encode(key_data_);
77 }
78
79 void init_from_rng(StrongRandomAPI &rng, const size_t key_size)
80 {
81 key_data_.init(key_size, BufAllocFlags::DESTRUCT_ZERO);
82 rng.rand_bytes(key_data_.data(), key_size);
83 key_data_.set_size(key_size);
84 }
85
86 private:
87 key_t key_data_;
88};
89
90class OpenVPNStaticKey
91{
92 typedef StaticKey::key_t key_t;
93
94 public:
95 enum
96 {
97 KEY_SIZE = 256 // bytes
98 };
99
100 // key specifier
101 enum
102 {
103 // key for cipher and hmac
104 CIPHER = 0,
105 HMAC = (1 << 0),
106
107 // do we want to encrypt or decrypt with this key
108 ENCRYPT = 0,
109 DECRYPT = (1 << 1),
110
111 // key direction
112 NORMAL = 0,
113 INVERSE = (1 << 2)
114 };
115
116 OPENVPN_SIMPLE_EXCEPTION(static_key_parse_error);
117 OPENVPN_SIMPLE_EXCEPTION(static_key_bad_size);
118
119 bool defined() const
120 {
121 return key_data_.defined();
122 }
123
124 void XOR(const OpenVPNStaticKey &other)
125 {
126 assert(defined() && other.defined());
127
128 for (std::size_t i = 0; i < key_data_.size(); ++i)
129 key_data_[i] ^= other.key_data_[i];
130 }
131
132 StaticKey slice(unsigned int key_specifier) const
133 {
134 if (key_data_.size() != KEY_SIZE)
135 throw static_key_bad_size();
136 static const unsigned char key_table[] = {0, 1, 2, 3, 2, 3, 0, 1};
137 const unsigned int idx = key_table[key_specifier & 7] * 64;
138 return StaticKey(key_data_.c_data() + idx, KEY_SIZE / 4);
139 }
140
141 void parse_from_file(const std::string &filename)
142 {
143 const std::string str = read_text(filename);
144 parse(str);
145 }
146
147 void parse(const std::string &key_text)
148 {
149 SplitLines in(key_text, 0);
150 key_t data(KEY_SIZE, BufAllocFlags::DESTRUCT_ZERO);
151 bool in_body = false;
152 while (in(true))
153 {
154 const std::string &line = in.line_ref();
155 if (line == static_key_head())
156 in_body = true;
157 else if (line == static_key_foot())
158 in_body = false;
159 else if (in_body)
160 parse_hex(data, line);
161 }
162 if (in_body || data.size() != KEY_SIZE)
163 throw static_key_parse_error();
164 key_data_ = std::move(data);
165 }
166
167 std::string render() const
168 {
169 if (key_data_.size() != KEY_SIZE)
170 throw static_key_bad_size();
171 std::ostringstream out;
172 out << static_key_head() << "\n";
173 for (size_t i = 0; i < KEY_SIZE; i += 16)
174 out << render_hex(key_data_.c_data() + i, 16) << "\n";
175 out << static_key_foot() << "\n";
176 return out.str();
177 }
178
184
185 void erase()
186 {
187 key_data_.clear();
188 }
189
190 private:
191 static const char *static_key_head()
192 {
193 return "-----BEGIN OpenVPN Static key V1-----";
194 }
195
196 static const char *static_key_foot()
197 {
198 return "-----END OpenVPN Static key V1-----";
199 }
200
201 key_t key_data_;
202};
203
204
205} // namespace openvpn
206
207#endif // OPENVPN_CRYPTO_STATIC_KEY_H
openvpn::Base64::encode
std::string encode(const V &data) const
Definition base64.hpp:139
openvpn::Base64::decode
size_t decode(void *data, size_t len, const std::string &str) const
Definition base64.hpp:186
openvpn::BufferAllocatedType::clear
void clear()
Clears the contents of the buffer.
Definition buffer.hpp:1790
openvpn::BufferAllocatedType::init
void init(const size_t capacity, const unsigned int flags)
Initializes the buffer with the specified capacity and flags.
Definition buffer.hpp:1707
openvpn::BufferAllocatedType::reset
void reset(const size_t min_capacity, const unsigned int flags)
Resets the buffer with the specified minimum capacity and flags.
Definition buffer.hpp:1741
openvpn::BufferAllocatedType::or_flags
void or_flags(const unsigned int flags)
Sets the specified flags for the buffer.
Definition buffer.hpp:1797
openvpn::ConstBufferType::defined
bool defined() const
Returns true if the buffer is not empty.
Definition buffer.hpp:1207
openvpn::ConstBufferType::c_data
const T * c_data() const
Returns a const pointer to the start of the buffer.
Definition buffer.hpp:1177
openvpn::ConstBufferType::size
size_t size() const
Returns the size of the buffer in T objects.
Definition buffer.hpp:1225
openvpn::ConstBufferType::data
T * data()
Get a mutable pointer to the start of the array.
Definition buffer.hpp:1433
openvpn::ConstBufferType::set_size
void set_size(const size_t size)
After an external method, operating on the array as a mutable unsigned char buffer,...
Definition buffer.hpp:1367
openvpn::OpenVPNStaticKey::key_t
StaticKey::key_t key_t
Definition static_key.hpp:92
openvpn::OpenVPNStaticKey::static_key_foot
static const char * static_key_foot()
Definition static_key.hpp:196
openvpn::OpenVPNStaticKey::OPENVPN_SIMPLE_EXCEPTION
OPENVPN_SIMPLE_EXCEPTION(static_key_bad_size)
openvpn::OpenVPNStaticKey::XOR
void XOR(const OpenVPNStaticKey &other)
Definition static_key.hpp:124
openvpn::OpenVPNStaticKey::OPENVPN_SIMPLE_EXCEPTION
OPENVPN_SIMPLE_EXCEPTION(static_key_parse_error)
openvpn::OpenVPNStaticKey::static_key_head
static const char * static_key_head()
Definition static_key.hpp:191
openvpn::OpenVPNStaticKey::render
std::string render() const
Definition static_key.hpp:167
openvpn::OpenVPNStaticKey::raw_alloc
unsigned char * raw_alloc()
Definition static_key.hpp:179
openvpn::OpenVPNStaticKey::parse_from_file
void parse_from_file(const std::string &filename)
Definition static_key.hpp:141
openvpn::OpenVPNStaticKey::parse
void parse(const std::string &key_text)
Definition static_key.hpp:147
openvpn::OpenVPNStaticKey::slice
StaticKey slice(unsigned int key_specifier) const
Definition static_key.hpp:132
openvpn::RandomAPI::rand_bytes
virtual void rand_bytes(unsigned char *buf, size_t size)=0
Fill a buffer with random bytes.
openvpn::SplitLinesType::line_ref
std::string & line_ref()
Definition splitlines.hpp:96
openvpn::StaticKey::key_t
BufferAllocated key_t
Definition static_key.hpp:33
openvpn::StaticKey::StaticKey
StaticKey(const unsigned char *key_data, const size_t key_size)
Definition static_key.hpp:39
openvpn::StaticKey::render_hex
std::string render_hex() const
Definition static_key.hpp:63
openvpn::StaticKey::parse_from_base64
void parse_from_base64(const std::string &b64, const size_t capacity)
Definition static_key.hpp:68
openvpn::StaticKey::init_from_rng
void init_from_rng(StrongRandomAPI &rng, const size_t key_size)
Definition static_key.hpp:79
openvpn::StaticKey::data
const unsigned char * data() const
Definition static_key.hpp:54
openvpn::StaticKey::render_to_base64
std::string render_to_base64() const
Definition static_key.hpp:74
openvpn::StaticKey::StaticKey
StaticKey(const key_t &keydata)
Definition static_key.hpp:44
openvpn::StaticKey::size
size_t size() const
Definition static_key.hpp:50
openvpn::StrongRandomAPI
Abstract base class for cryptographically strong random number generators.
Definition randapi.hpp:228
openvpn
Support deferred server-side state creation when client connects.
Definition ovpncli.cpp:95
openvpn::render_hex_generic
std::string render_hex_generic(const V &data, const bool caps=false)
Definition hexstr.hpp:230
openvpn::parse_hex
void parse_hex(V &dest, const std::string &str)
Definition hexstr.hpp:352
openvpn::read_text
std::string read_text(const std::string &filename, const std::uint64_t max_size=0)
Definition file.hpp:127
openvpn::render_hex
std::string render_hex(const unsigned char *data, size_t size, const bool caps=false)
Definition hexstr.hpp:135
openvpn::base64
const Base64 * base64
Definition base64.hpp:299
randapi.hpp
Implementation of the base classes for random number generators.
openvpn::BufAllocFlags::DESTRUCT_ZERO
@ DESTRUCT_ZERO
if enabled, destructor will zero data before deletion
Definition buffer.hpp:871
openvpn::BufAllocFlags::ARRAY
@ ARRAY
if enabled, use as array
Definition buffer.hpp:873
out
static std::stringstream out
Definition test_path.cpp:10
key_text
const char key_text[]
Definition test_statickey.cpp:11