mirror of
https://github.com/OpenVPN/openvpn3.git
synced 2024-09-20 04:02:15 +02:00
Minor refactor of CryptoDC virtual methods to achieve
a better fit between users and providers.
This commit is contained in:
parent
6422234d9f
commit
1465964f21
@ -67,49 +67,44 @@ namespace openvpn {
|
||||
|
||||
// Initialization
|
||||
|
||||
virtual void init_encrypt_cipher(const StaticKey& key)
|
||||
virtual void init_cipher(StaticKey&& encrypt_key,
|
||||
StaticKey&& decrypt_key)
|
||||
{
|
||||
encrypt_.cipher.init(cipher, key, CRYPTO_API::CipherContext::ENCRYPT);
|
||||
encrypt_.cipher.init(cipher, encrypt_key, CRYPTO_API::CipherContext::ENCRYPT);
|
||||
decrypt_.cipher.init(cipher, decrypt_key, CRYPTO_API::CipherContext::DECRYPT);
|
||||
}
|
||||
|
||||
virtual void init_encrypt_hmac(const StaticKey& key)
|
||||
virtual void init_hmac(StaticKey&& encrypt_key,
|
||||
StaticKey&& decrypt_key)
|
||||
{
|
||||
encrypt_.hmac.init(digest, key);
|
||||
encrypt_.hmac.init(digest, encrypt_key);
|
||||
decrypt_.hmac.init(digest, decrypt_key);
|
||||
}
|
||||
|
||||
virtual void init_encrypt_pid_send(const int form)
|
||||
virtual void init_pid(const int send_form,
|
||||
const int recv_mode,
|
||||
const int recv_form,
|
||||
const int recv_seq_backtrack,
|
||||
const int recv_time_backtrack,
|
||||
const char *recv_name,
|
||||
const int recv_unit,
|
||||
const SessionStats::Ptr& recv_stats_arg)
|
||||
{
|
||||
encrypt_.pid_send.init(form);
|
||||
}
|
||||
|
||||
virtual void init_decrypt_cipher(const StaticKey& key)
|
||||
{
|
||||
decrypt_.cipher.init(cipher, key, CRYPTO_API::CipherContext::DECRYPT);
|
||||
}
|
||||
|
||||
virtual void init_decrypt_hmac(const StaticKey& key)
|
||||
{
|
||||
decrypt_.hmac.init(digest, key);
|
||||
}
|
||||
|
||||
virtual void init_decrypt_pid_recv(const int mode, const int form,
|
||||
const int seq_backtrack, const int time_backtrack,
|
||||
const char *name, const int unit,
|
||||
const SessionStats::Ptr& stats_arg)
|
||||
{
|
||||
decrypt_.pid_recv.init(mode, form, seq_backtrack, time_backtrack, name, unit, stats_arg);
|
||||
encrypt_.pid_send.init(send_form);
|
||||
decrypt_.pid_recv.init(recv_mode, recv_form, recv_seq_backtrack, recv_time_backtrack,
|
||||
recv_name, recv_unit, recv_stats_arg);
|
||||
}
|
||||
|
||||
// Indicate whether or not cipher/digest is defined
|
||||
|
||||
virtual bool cipher_defined() const
|
||||
virtual unsigned int defined() const
|
||||
{
|
||||
return cipher.defined();
|
||||
}
|
||||
|
||||
virtual bool digest_defined() const
|
||||
{
|
||||
return digest.defined();
|
||||
unsigned int ret = 0;
|
||||
if (cipher.defined())
|
||||
ret |= CIPHER_DEFINED;
|
||||
if (digest.defined())
|
||||
ret |= HMAC_DEFINED;
|
||||
return ret;
|
||||
}
|
||||
|
||||
// Rekeying
|
||||
@ -150,21 +145,15 @@ namespace openvpn {
|
||||
return new CryptoCHM<CRYPTO_API>(cipher, digest, frame, prng);
|
||||
}
|
||||
|
||||
// Info for ProtoContext::options_string
|
||||
|
||||
virtual std::string cipher_name() const
|
||||
// cipher/HMAC/key info
|
||||
virtual Info crypto_info()
|
||||
{
|
||||
return cipher.defined() ? cipher.name() : "[null-cipher]";
|
||||
}
|
||||
|
||||
virtual std::string digest_name() const
|
||||
{
|
||||
return digest.defined() ? digest.name() : "[null-digest]";
|
||||
}
|
||||
|
||||
virtual size_t key_size() const
|
||||
{
|
||||
return cipher.defined() ? cipher.key_length_in_bits() : 0;
|
||||
Info ret;
|
||||
ret.cipher_alg = cipher.type();
|
||||
ret.hmac_alg = digest.type();
|
||||
ret.cipher_key_size = (cipher.defined() ? cipher.key_length() : 0);
|
||||
ret.hmac_key_size = (digest.defined() ? digest.size() : 0);
|
||||
return ret;
|
||||
}
|
||||
|
||||
// Info for ProtoContext::link_mtu_adjust
|
||||
|
@ -126,6 +126,14 @@ namespace openvpn {
|
||||
return get(type).name;
|
||||
}
|
||||
|
||||
inline const char *name(const Type type, const char *default_name)
|
||||
{
|
||||
if (type == NONE)
|
||||
return default_name;
|
||||
else
|
||||
return get(type).name;
|
||||
}
|
||||
|
||||
inline Type legal_dc_cipher(const Type type)
|
||||
{
|
||||
const Alg& alg = get(type);
|
||||
|
@ -49,20 +49,27 @@ namespace openvpn {
|
||||
|
||||
// Initialization
|
||||
|
||||
virtual void init_encrypt_cipher(const StaticKey& key) = 0;
|
||||
virtual void init_encrypt_hmac(const StaticKey& key) = 0;
|
||||
virtual void init_encrypt_pid_send(const int form) = 0;
|
||||
virtual void init_decrypt_cipher(const StaticKey& key) = 0;
|
||||
virtual void init_decrypt_hmac(const StaticKey& key) = 0;
|
||||
virtual void init_decrypt_pid_recv(const int mode, const int form,
|
||||
const int seq_backtrack, const int time_backtrack,
|
||||
const char *name, const int unit,
|
||||
const SessionStats::Ptr& stats_arg) = 0;
|
||||
// return value of defined()
|
||||
enum {
|
||||
CIPHER_DEFINED=(1<<0),
|
||||
HMAC_DEFINED=(1<<1)
|
||||
};
|
||||
virtual unsigned int defined() const = 0;
|
||||
|
||||
// Indicate whether or not cipher/digest is defined
|
||||
virtual void init_cipher(StaticKey&& encrypt_key,
|
||||
StaticKey&& decrypt_key) = 0;
|
||||
|
||||
virtual bool cipher_defined() const = 0;
|
||||
virtual bool digest_defined() const = 0;
|
||||
virtual void init_hmac(StaticKey&& encrypt_key,
|
||||
StaticKey&& decrypt_key) = 0;
|
||||
|
||||
virtual void init_pid(const int send_form,
|
||||
const int recv_mode,
|
||||
const int recv_form,
|
||||
const int recv_seq_backtrack,
|
||||
const int recv_time_backtrack,
|
||||
const char *recv_name,
|
||||
const int recv_unit,
|
||||
const SessionStats::Ptr& recv_stats_arg) = 0;
|
||||
|
||||
// Rekeying
|
||||
|
||||
@ -84,14 +91,16 @@ namespace openvpn {
|
||||
|
||||
virtual CryptoDCInstance::Ptr new_obj(const unsigned int key_id) = 0;
|
||||
|
||||
// Info for ProtoContext::options_string
|
||||
|
||||
virtual std::string cipher_name() const = 0;
|
||||
virtual std::string digest_name() const = 0;
|
||||
virtual size_t key_size() const = 0;
|
||||
// cipher/HMAC/key info
|
||||
struct Info {
|
||||
CryptoAlgs::Type cipher_alg;
|
||||
CryptoAlgs::Type hmac_alg;
|
||||
unsigned int cipher_key_size;
|
||||
unsigned int hmac_key_size;
|
||||
};
|
||||
virtual Info crypto_info() = 0;
|
||||
|
||||
// Info for ProtoContext::link_mtu_adjust
|
||||
|
||||
virtual size_t encap_overhead() const = 0;
|
||||
};
|
||||
|
||||
|
@ -602,9 +602,10 @@ namespace openvpn {
|
||||
|
||||
if (dc_context)
|
||||
{
|
||||
out << ",cipher " << dc_context->cipher_name();
|
||||
out << ",auth " << dc_context->digest_name();
|
||||
out << ",keysize " << dc_context->key_size();
|
||||
const CryptoDCContext::Info ci = dc_context->crypto_info();
|
||||
out << ",cipher " << CryptoAlgs::name(ci.cipher_alg, "[null-cipher]");
|
||||
out << ",auth " << CryptoAlgs::name(ci.hmac_alg, "[null-digest]");
|
||||
out << ",keysize " << (ci.cipher_key_size * 8);
|
||||
}
|
||||
if (tls_auth_key.defined())
|
||||
out << ",tls-auth";
|
||||
@ -1296,26 +1297,27 @@ namespace openvpn {
|
||||
{
|
||||
const Config& c = *proto.config;
|
||||
const unsigned int key_dir = proto.is_server() ? OpenVPNStaticKey::INVERSE : OpenVPNStaticKey::NORMAL;
|
||||
OpenVPNStaticKey& key = data_channel_key->key;
|
||||
const OpenVPNStaticKey& key = data_channel_key->key;
|
||||
|
||||
// build crypto context for data channel encryption/decryption
|
||||
crypto = proto.config->dc_context->new_obj(key_id_);
|
||||
if (crypto->cipher_defined())
|
||||
{
|
||||
crypto->init_encrypt_cipher(key.slice(OpenVPNStaticKey::CIPHER | OpenVPNStaticKey::ENCRYPT | key_dir));
|
||||
crypto->init_decrypt_cipher(key.slice(OpenVPNStaticKey::CIPHER | OpenVPNStaticKey::DECRYPT | key_dir));
|
||||
}
|
||||
if (crypto->digest_defined())
|
||||
{
|
||||
crypto->init_encrypt_hmac(key.slice(OpenVPNStaticKey::HMAC | OpenVPNStaticKey::ENCRYPT | key_dir));
|
||||
crypto->init_decrypt_hmac(key.slice(OpenVPNStaticKey::HMAC | OpenVPNStaticKey::DECRYPT | key_dir));
|
||||
}
|
||||
crypto->init_encrypt_pid_send(PacketID::SHORT_FORM);
|
||||
crypto->init_decrypt_pid_recv(c.pid_mode,
|
||||
PacketID::SHORT_FORM,
|
||||
c.pid_seq_backtrack, c.pid_time_backtrack,
|
||||
"DATA", int(key_id_),
|
||||
proto.stats);
|
||||
const unsigned int def = crypto->defined();
|
||||
|
||||
if (def & CryptoDCInstance::CIPHER_DEFINED)
|
||||
crypto->init_cipher(key.slice(OpenVPNStaticKey::CIPHER | OpenVPNStaticKey::ENCRYPT | key_dir),
|
||||
key.slice(OpenVPNStaticKey::CIPHER | OpenVPNStaticKey::DECRYPT | key_dir));
|
||||
|
||||
if (def & CryptoDCInstance::HMAC_DEFINED)
|
||||
crypto->init_hmac(key.slice(OpenVPNStaticKey::HMAC | OpenVPNStaticKey::ENCRYPT | key_dir),
|
||||
key.slice(OpenVPNStaticKey::HMAC | OpenVPNStaticKey::DECRYPT | key_dir));
|
||||
|
||||
crypto->init_pid(PacketID::SHORT_FORM,
|
||||
c.pid_mode,
|
||||
PacketID::SHORT_FORM,
|
||||
c.pid_seq_backtrack, c.pid_time_backtrack,
|
||||
"DATA", int(key_id_),
|
||||
proto.stats);
|
||||
|
||||
if (data_channel_key->rekey_defined)
|
||||
crypto->rekey(data_channel_key->rekey_type);
|
||||
data_channel_key.reset();
|
||||
|
Loading…
Reference in New Issue
Block a user