mirror/openvpn3
0
0
Fork 0
mirror of https://github.com/OpenVPN/openvpn3.git synced 2024-09-20 04:02:15 +02:00
Code
5329d67521
openvpn3/openvpn/crypto/cryptodc.hpp
Frank Lichtenheld f00c816a0f
cryptodc: remove stray ';' 
This causes only warnings with -Wpedantic, which we don't
intend to use. But doesn't hurt to fix anyway.

Signed-off-by: Frank Lichtenheld <frank@lichtenheld.com>
2023-11-08 21:10:22 +01:00

251 lines
6.8 KiB
C++
Raw Blame History

// OpenVPN -- An application to securely tunnel IP networks
// over a single port, with support for SSL/TLS-based
// session authentication and key exchange,
// packet encryption, packet authentication, and
// packet compression.
//
// Copyright (C) 2012-2022 OpenVPN Inc.
//
// This program is free software: you can redistribute it and/or modify
// it under the terms of the GNU Affero General Public License Version 3
// as published by the Free Software Foundation.
//
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU Affero General Public License for more details.
//
// You should have received a copy of the GNU Affero General Public License
// along with this program in the COPYING file.
// If not, see <http://www.gnu.org/licenses/>.
// Base class for OpenVPN data channel encryption/decryption
#ifndef OPENVPN_CRYPTO_CRYPTODC_H
#define OPENVPN_CRYPTO_CRYPTODC_H
#include <utility> // for std::move
#include <cstdint> // for std::uint32_t, etc.
#include <openvpn/common/exception.hpp>
#include <openvpn/buffer/buffer.hpp>
#include <openvpn/error/error.hpp>
#include <openvpn/common/rc.hpp>
#include <openvpn/frame/frame.hpp>
#include <openvpn/crypto/static_key.hpp>
#include <openvpn/crypto/packet_id.hpp>
#include <openvpn/crypto/cryptoalgs.hpp>
#include <openvpn/compress/compress.hpp>
namespace openvpn {
// Base class for encryption/decryption of data channel
class CryptoDCInstance : public RC<thread_unsafe_refcount>
{
public:
typedef RCPtr<CryptoDCInstance> Ptr;
// Encrypt/Decrypt
// returns true if packet ID is close to wrapping
virtual bool encrypt(BufferAllocated &buf, const PacketID::time_t now, const unsigned char *op32) = 0;
virtual Error::Type decrypt(BufferAllocated &buf, const PacketID::time_t now, const unsigned char *op32) = 0;
// Initialization
// return value of defined()
enum
{
CIPHER_DEFINED = (1 << 0), // may call init_cipher method
HMAC_DEFINED = (1 << 1), // may call init_hmac method
CRYPTO_DEFINED = (1 << 2), // may call encrypt or decrypt methods
EXPLICIT_EXIT_NOTIFY_DEFINED = (1 << 3), // may call explicit_exit_notify method
};
virtual unsigned int defined() const = 0;
virtual void init_cipher(StaticKey &&encrypt_key,
StaticKey &&decrypt_key)
= 0;
virtual void init_hmac(StaticKey &&encrypt_key,
StaticKey &&decrypt_key)
= 0;
virtual void init_pid(const int send_form,
const int recv_mode,
const int recv_form,
const char *recv_name,
const int recv_unit,
const SessionStats::Ptr &recv_stats_arg)
= 0;
virtual void init_remote_peer_id(const int remote_peer_id)
{
}
virtual bool consider_compression(const CompressContext &comp_ctx) = 0;
virtual void explicit_exit_notify()
{
}
// Rekeying
enum RekeyType
{
ACTIVATE_PRIMARY,
ACTIVATE_PRIMARY_MOVE,
NEW_SECONDARY,
PRIMARY_SECONDARY_SWAP,
DEACTIVATE_SECONDARY,
DEACTIVATE_ALL,
};
virtual void rekey(const RekeyType type) = 0;
};
// Factory for CryptoDCInstance objects
class CryptoDCContext : public RC<thread_unsafe_refcount>
{
public:
explicit CryptoDCContext(const CryptoAlgs::KeyDerivation method)
: key_derivation(method)
{
}
typedef RCPtr<CryptoDCContext> Ptr;
virtual CryptoDCInstance::Ptr new_obj(const unsigned int key_id) = 0;
// cipher/HMAC/key info
struct Info
{
Info()
{
}
CryptoAlgs::Type cipher_alg = CryptoAlgs::NONE;
CryptoAlgs::Type hmac_alg = CryptoAlgs::NONE;
CryptoAlgs::KeyDerivation key_derivation = CryptoAlgs::KeyDerivation::OPENVPN_PRF;
};
virtual Info crypto_info() = 0;
// Info for ProtoContext::link_mtu_adjust
virtual size_t encap_overhead() const = 0;
protected:
CryptoAlgs::KeyDerivation key_derivation = CryptoAlgs::KeyDerivation::OPENVPN_PRF;
};
// Factory for CryptoDCContext objects
class CryptoDCFactory : public RC<thread_unsafe_refcount>
{
public:
typedef RCPtr<CryptoDCFactory> Ptr;
virtual CryptoDCContext::Ptr new_obj(const CryptoAlgs::Type cipher,
const CryptoAlgs::Type digest,
const CryptoAlgs::KeyDerivation method)
= 0;
};
// Manage cipher/digest settings, DC factory, and DC context.
class CryptoDCSettings
{
public:
OPENVPN_SIMPLE_EXCEPTION(no_data_channel_factory);
CryptoDCSettings()
{
}
void set_factory(const CryptoDCFactory::Ptr &factory)
{
factory_ = factory;
context_.reset();
dirty = false;
}
void set_cipher(const CryptoAlgs::Type cipher)
{
if (cipher != cipher_)
{
cipher_ = cipher;
dirty = true;
}
}
void set_digest(const CryptoAlgs::Type digest)
{
if (digest != digest_)
{
digest_ = digest;
dirty = true;
}
}
CryptoDCContext &context()
{
if (!context_ || dirty)
{
if (!factory_)
throw no_data_channel_factory();
context_ = factory_->new_obj(cipher_, digest_, key_derivation_);
dirty = false;
}
return *context_;
}
void reset()
{
factory_.reset();
context_.reset();
dirty = false;
}
CryptoAlgs::Type cipher() const
{
return cipher_;
}
/**
* Retrieve the digest configured for the data channel.
* If the configured data channel cipher does not use any
* additional digest, CryptoAlgs::NONE is returned.
*
* @return Returns the cipher digest in use
*/
CryptoAlgs::Type digest() const
{
return (CryptoAlgs::use_cipher_digest(cipher_) ? digest_ : CryptoAlgs::NONE);
}
CryptoDCFactory::Ptr factory() const
{
return factory_;
}
void set_key_derivation(CryptoAlgs::KeyDerivation method)
{
key_derivation_ = method;
}
CryptoAlgs::KeyDerivation key_derivation() const
{
return key_derivation_;
}
private:
CryptoAlgs::Type cipher_ = CryptoAlgs::NONE;
CryptoAlgs::Type digest_ = CryptoAlgs::NONE;
CryptoAlgs::KeyDerivation key_derivation_ = CryptoAlgs::KeyDerivation::OPENVPN_PRF;
CryptoDCFactory::Ptr factory_;
CryptoDCContext::Ptr context_;
bool dirty = false;
};
} // namespace openvpn
#endif
View Git Blame Copy Permalink