mirror/openvpn3
0
0
Fork 0
mirror of https://github.com/OpenVPN/openvpn3.git synced 2024-09-20 12:12:15 +02:00
Code
659 Commits 3 Branches 40 Tags 12 MiB
5f85652033
Commit Graph

60 Commits

Author SHA1 Message Date
James Yonan
5f85652033 For client, replaced all instances of PRNG to new dynamic type. 2014-10-19 19:59:48 -06:00
James Yonan
5102cff6f1 Added polymorphic classes for message digest algorithms. 
Converted PRNG from static to dynamic polymorphism.
Did not fix PRNG users yet.
 2014-10-19 19:14:56 -06:00
James Yonan
e8ca0c47f3 Added "chm" tag to CBC/HMAC encrypt/decrypt class names and 
source filenames to distinguish from new modes such as AEAD.
 2014-10-19 15:19:14 -06:00
James Yonan
677cd039c4 Defer data channel initialization until after client-side 
options pull, so that cipher/digest can be pushed by server.
Note: incomplete, see fixmes.
 2014-10-18 20:37:08 -06:00
James Yonan
bd04ed3755 Added CryptoAlgs for managing crypto algorithms independently of 
underlying crypto implementation.

Modified proto.hpp to use the new CryptoAlgs types for
cipher/digest selection.

Added initial PolarSSL implementation for cipher/digest
selection using CryptoAlgs types.

Note: this implementation is incomplete, see fixmes.
 2014-10-18 10:50:51 -06:00
James Yonan
9145145b64 Checkpoint toward fully polymorphic data channel API. Added a 
three-level factory model:

CryptoDCFactory   -- builds CryptoDCContext objects for a given
                     cipher/digest
CryptoDCContext   -- builds CryptoDCBase objects for a given key ID
CryptoDCBase      -- encrypt/decrypt data channel
 2014-10-17 15:52:29 -06:00
James Yonan
f47ce33c48 Renamed CryptoContextBase to CryptoDCBase to emphasize 
that this is the Data Channel crypto API.  Related factories,
derived classes, and typedefs also renamed.
 2014-10-16 10:10:42 -06:00
James Yonan
8b71fa9800 Converted RAND_API from static to dynamic polymorphism 
(using RandomAPI as base class).
 2014-10-15 12:53:18 -06:00
James Yonan
ab7dfe6f05 Added CryptoContextBase abstraction to allow use of new 
data channel modes and non-CBC ciphers such as AES-GCM.
 2014-10-08 13:43:40 -06:00
James Yonan
4e39a533e9 Added new constant-time memory comparison function crypto::memneq 
to replace memcmp_secure.  crypto::memneq benefits from insights
gained during the development of crypto_memneq for the Linux kernel.
 2014-08-17 22:09:12 -06:00
James Yonan
2c6d972ad6 Added AGPL copyright/licensing language. 2014-07-20 21:22:06 -06:00
James Yonan
7fe6fad18a Added crypto self test capability to core. 
Added polarssl/bignum-arm.patch to resolve issue where
asm-optimized bignum code would crash on iOS.
 2013-06-14 00:34:49 +00:00
James Yonan
82be8b0107 packet_id.hpp now logs errors to a SessionStats objects, 
like the rest of the core.

Added verbose() method to class SessionStats so that clients can
know whether to pass extra text data to error() virtual method.
 2013-05-22 05:13:11 +00:00
James Yonan
9ed088a28b Implemented "auth none" and "cipher none". 2013-03-13 00:34:17 +00:00
James Yonan
4d9a751af2 Added head comments to all source files. 
Minor reorganization of unicode code.
 2012-11-23 06:18:43 +00:00
James Yonan
df51e2bfc3 Minor SplitLines changes. 2012-11-12 02:33:20 +00:00
James Yonan
5a5a18942a Added parser size validation constants in 
openvpn/client/cliconstants.hpp
 2012-11-12 01:52:03 +00:00
James Yonan
a6b6d487ef Global edit to add copyright notice at head of each source file. 2012-08-24 21:13:42 +00:00
James Yonan
801bfae881 Added Polar SSL crypto support via PolarSSLCryptoAPI. 2012-03-13 04:51:52 +00:00
James Yonan
34dc950815 Core refactor to abstract random and crypto APIs using 
static polymorphism.  Only OpenSSL crypto API is
presently implemented.  Still need to implement Apple
and PolarSSL.
 2012-03-12 12:24:40 +00:00
James Yonan
f13ed3e7a8 Implemented Java client using Swig. 2012-02-11 14:02:51 +00:00
James Yonan
231bd0f21a Top-level client refactoring, to move configuration functionality 
from cli.cpp to ClientOptions in openvpn/client/cliopt.hpp.
 2012-02-06 20:39:10 +00:00
James Yonan
e7a5d9f55b Start process of moving client logic out of cli.cpp into 
general-purpose classes.

Rename ProtoStats to SessionStats and make it more flexible
by using an abstract base class model.

Add a client event queue for the beginnings of a client-backend
API.

Added logic to ProtoContext to invalidate session on certain
kinds of errors in TCP that would be normally be okay in UDP
such as HMAC_ERROR, DECRYPT_ERROR, etc.

Add some alignment adjustment logic for READ_LINK_TCP (3 bytes)
and READ_LINK_UDP (1 byte).
 2012-02-04 10:24:54 +00:00
James Yonan
f7067d817c Added constant-time memcmp. 2012-01-24 01:54:35 +00:00
James Yonan
bd4673c60f Added IP address classes for IPv4/v6. 
Implemented get_default_gateway() for Mac OS X.
 2012-01-11 06:15:32 +00:00
James Yonan
7371bd8e14 First working version of cli that can be entirely driven from config 
file.  Currently limited to UDP, runs only on Linux, and supports
pushed redirect-gateway but not route directives.
 2011-12-18 10:50:08 +00:00
James Yonan
6260957c37 Added AES-NI support. 
Disable logging in Packet ID code unless OPENVPN_DEBUG_PACKET_ID
is defined.
 2011-12-17 05:06:39 +00:00
James Yonan
990231b226 First successful negotiation with AS. 
Still need to parse and apply PUSH_REPLY options.
 2011-12-16 10:02:15 +00:00
James Yonan
c8f7b0ff2f Keepalive implementation. 2011-12-15 08:48:14 +00:00
James Yonan
44ee74f374 Added compression framework. 
Implemented LZO_STUB compressor.

Added methods to generate options and peer info strings.
 2011-12-14 11:34:33 +00:00
James Yonan
3f73d56afb Added some string parsing classes/functions for parsing OpenVPN options 
given as a comma-separated list.
 2011-12-13 19:51:29 +00:00
James Yonan
1b5fa38adb Comment additions. 
Catch buffer exceptions and increment BUFFER_ERRORS.
 2011-12-13 11:13:27 +00:00
James Yonan
1aa65c259b Implemented soft reset in proto.hpp. 2011-12-13 04:46:56 +00:00
James Yonan
f3e9239d80 Full-protocol unit test using ProtoContext, w/o soft resets. 
Test in test/ssl/proto.cpp.
 2011-12-11 08:28:55 +00:00
James Yonan
ee46876142 Added HMAC and Packet ID integrity checks to reliable/SSL test. 2011-12-05 06:11:51 +00:00
James Yonan
d21c7de80c Coded hmac2 methods, for dealing with HMAC operations where HMAC 
signature exists within data range being signed.

In ProtoStack, add raw_write method sending raw packets
that will NOT be encrypted via SSL, but will still be
encapsulated and tracked via reliability layer.

Other misc changes.
 2011-12-04 01:34:32 +00:00
James Yonan
3c57bf9b05 ProtoStack with Apple SSL client and OpenSSL server 
successfully tested by test/reliable/ssl.cpp.
 2011-12-02 22:00:56 +00:00
James Yonan
671df2bb14 Reorganized files so that all code that references OpenSSL 
is either under openvpn/openssl (implementation) or
openvpn/gencrypto (generic crypto selector).

Reorganized applecrypto with evp files under crypto so
that we can eventually build out applecrypto as a full
crypto/ssl replacement for OpenSSL.
 2011-11-23 06:08:26 +00:00
James Yonan
d0e1d06812 Ported tlsprf to CommonCrypto. 2011-11-23 03:35:51 +00:00
James Yonan
713fbab110 Extended Apple CommonCrypto support to full OpenVPN 
data channel layer, so that encdec benchmark will
now run with only CommonCrypto (no OpenSSL linkage).
 2011-11-22 09:13:22 +00:00
James Yonan
0d293533f5 Added OpenSSL-like HMAC API using Apple 
CommonCrypto as backend.
 2011-11-22 03:01:28 +00:00
James Yonan
7dd61393ab Move crypto random number headers out of openvpn/openssl 
into openvpn/random.  Also move boostrand.hpp into
openvpn/random.
 2011-11-21 06:11:06 +00:00
James Yonan
b45e9c2e15 Started on ProtoContext object (master OpenVPN protocol 
context object).

Implemented TLS PRF functions.
 2011-11-21 04:58:54 +00:00
James Yonan
f09b9ae12a Added reltest.cpp for testing ReliableRecv and ReliableSend 
objects by simulating an unreliable packet stream.

Modified packet_id code so that current time (now) is passed
via function calls rather than accessed as a global.

Added integer random number support via boost::random.
 2011-11-09 05:52:52 +00:00
James Yonan
52c42fb5d2 Moved time source files to openvpn/time. 
Added search/replace tool smod.
 2011-11-05 17:02:16 +00:00
James Yonan
b1b313ec28 Implemented new time system based on Time and Time::Duration, 
with Asio integration using boost::asio::time_traits<openvpn::Time>.

Started reliable receive class (ReliableRecv).
 2011-11-01 13:00:49 +00:00
James Yonan
1fcf65fbda Started PKI tree for wrapping OpenSSL PKI objects. 
Started SSL Context class.

Implemented dgram & stream buffer queues that can operate as
OpenSSL BIOs.

Reworked Frame class to make it more flexible.
 2011-10-25 17:32:26 +00:00
James Yonan
e5b9f303bc Developed openvpn::time abstraction. 2011-10-16 07:51:07 +00:00
James Yonan
918caca206 First working static key implementation. 
Tested interoperability with OpenVPN in static key mode.
 2011-10-07 05:47:49 +00:00
James Yonan
422cd204af Added CryptoContext wrapper struct for Encrypt and Decrypt objects. 
Modified build scripts to use -fwhole-program.

Added read_text function to read a text file into a string.
 2011-10-06 17:22:37 +00:00