/* given a key and key_type, build a key_ctx */
void
init_key_ctx (struct key_ctx *ctx, struct key *key,
const struct key_type *kt, int enc,
const char *prefix)
{
struct gc_arena gc = gc_new ();
CLEAR (*ctx);
if (kt->cipher && kt->cipher_length > 0)
{
ALLOC_OBJ(ctx->cipher, cipher_ctx_t);
cipher_ctx_init (ctx->cipher, key->cipher, kt->cipher_length,
kt->cipher, enc);
msg (D_HANDSHAKE, "%s: Cipher '%s' initialized with %d bit key",
prefix,
cipher_kt_name(kt->cipher),
kt->cipher_length *8);
dmsg (D_SHOW_KEYS, "%s: CIPHER KEY: %s", prefix,
format_hex (key->cipher, kt->cipher_length, 0, &gc));
dmsg (D_CRYPTO_DEBUG, "%s: CIPHER block_size=%d iv_size=%d",
prefix,
cipher_kt_block_size(kt->cipher),
cipher_kt_iv_size(kt->cipher));
}
if (kt->digest && kt->hmac_length > 0)
{
ALLOC_OBJ(ctx->hmac, hmac_ctx_t);
hmac_ctx_init (ctx->hmac, key->hmac, kt->hmac_length, kt->digest);
msg (D_HANDSHAKE,
"%s: Using %d bit message hash '%s' for HMAC authentication",
prefix, md_kt_size(kt->digest) * 8, md_kt_name(kt->digest));
dmsg (D_SHOW_KEYS, "%s: HMAC KEY: %s", prefix,
format_hex (key->hmac, kt->hmac_length, 0, &gc));
dmsg (D_CRYPTO_DEBUG, "%s: HMAC size=%d block_size=%d",
prefix,
md_kt_size(kt->digest),
hmac_ctx_size(ctx->hmac));
}
gc_free (&gc);
}
/* Reset the nonce value, also done periodically to refresh entropy */
static void
prng_reset_nonce ()
{
const int size = md_kt_size (nonce_md) + nonce_secret_len;
#if 1 /* Must be 1 for real usage */
if (!rand_bytes (nonce_data, size))
msg (M_FATAL, "ERROR: Random number generator cannot obtain entropy for PRNG");
#else
/* Only for testing -- will cause a predictable PRNG sequence */
{
int i;
for (i = 0; i < size; ++i)
nonce_data[i] = (uint8_t) i;
}
#endif
}
/*
* Build a struct key_type.
*/
void
init_key_type (struct key_type *kt, const char *ciphername,
bool ciphername_defined, const char *authname,
bool authname_defined, int keysize,
bool cfb_ofb_allowed, bool warn)
{
CLEAR (*kt);
if (ciphername && ciphername_defined)
{
kt->cipher = cipher_kt_get (ciphername);
kt->cipher_length = cipher_kt_key_size (kt->cipher);
if (keysize > 0 && keysize <= MAX_CIPHER_KEY_LENGTH)
kt->cipher_length = keysize;
/* check legal cipher mode */
{
const unsigned int mode = cipher_kt_mode (kt->cipher);
if (!(mode == OPENVPN_MODE_CBC
#ifdef ALLOW_NON_CBC_CIPHERS
|| (cfb_ofb_allowed && (mode == OPENVPN_MODE_CFB || mode == OPENVPN_MODE_OFB))
#endif
))
#ifdef ENABLE_SMALL
msg (M_FATAL, "Cipher '%s' mode not supported", ciphername);
#else
msg (M_FATAL, "Cipher '%s' uses a mode not supported by " PACKAGE_NAME " in your current configuration. CBC mode is always supported, while CFB and OFB modes are supported only when using SSL/TLS authentication and key exchange mode, and when " PACKAGE_NAME " has been built with ALLOW_NON_CBC_CIPHERS.", ciphername);
#endif
}
}
else
{
if (warn)
msg (M_WARN, "******* WARNING *******: null cipher specified, no encryption will be used");
}
if (authname && authname_defined)
{
kt->digest = md_kt_get (authname);
kt->hmac_length = md_kt_size (kt->digest);
}
else
{
if (warn)
msg (M_WARN, "******* WARNING *******: null MAC specified, no authentication will be used");
}
}
void
prng_init (const char *md_name, const int nonce_secret_len_parm)
{
prng_uninit ();
nonce_md = md_name ? md_kt_get (md_name) : NULL;
if (nonce_md)
{
ASSERT (nonce_secret_len_parm >= NONCE_SECRET_LEN_MIN && nonce_secret_len_parm <= NONCE_SECRET_LEN_MAX);
nonce_secret_len = nonce_secret_len_parm;
{
const int size = md_kt_size(nonce_md) + nonce_secret_len;
dmsg (D_CRYPTO_DEBUG, "PRNG init md=%s size=%d", md_kt_name(nonce_md), size);
nonce_data = (uint8_t*) malloc (size);
check_malloc_return (nonce_data);
prng_reset_nonce();
}
}
}
/*
* Build a struct key_type.
*/
void
init_key_type (struct key_type *kt, const char *ciphername,
bool ciphername_defined, const char *authname,
bool authname_defined, int keysize,
bool cfb_ofb_allowed, bool warn)
{
CLEAR (*kt);
if (ciphername && ciphername_defined)
{
kt->cipher = cipher_kt_get (translate_cipher_name_from_openvpn(ciphername));
kt->cipher_length = cipher_kt_key_size (kt->cipher);
if (keysize > 0 && keysize <= MAX_CIPHER_KEY_LENGTH)
kt->cipher_length = keysize;
/* check legal cipher mode */
{
if (!(cipher_kt_mode_cbc(kt->cipher)
#ifdef ENABLE_OFB_CFB_MODE
|| (cfb_ofb_allowed && cipher_kt_mode_ofb_cfb(kt->cipher))
#endif
))
msg (M_FATAL, "Cipher '%s' mode not supported", ciphername);
}
}
else
{
if (warn)
msg (M_WARN, "******* WARNING *******: null cipher specified, no encryption will be used");
}
if (authname && authname_defined)
{
kt->digest = md_kt_get (authname);
kt->hmac_length = md_kt_size (kt->digest);
}
else
{
if (warn)
msg (M_WARN, "******* WARNING *******: null MAC specified, no authentication will be used");
}
}
static struct key_type
tls_crypt_kt(void)
{
struct key_type kt;
kt.cipher = cipher_kt_get("AES-256-CTR");
kt.digest = md_kt_get("SHA256");
if (!kt.cipher)
{
msg(M_WARN, "ERROR: --tls-crypt requires AES-256-CTR support.");
return (struct key_type) { 0 };
}
if (!kt.digest)
{
msg(M_WARN, "ERROR: --tls-crypt requires HMAC-SHA-256 support.");
return (struct key_type) { 0 };
}
kt.cipher_length = cipher_kt_key_size(kt.cipher);
kt.hmac_length = md_kt_size(kt.digest);
return kt;
}
