void md5_state_init (struct md5_state *s) { const md_kt_t *md5_kt = md_kt_get("MD5"); md_ctx_init(&s->ctx, md5_kt); }
const char * md5sum (uint8_t *buf, int len, int n_print_chars, struct gc_arena *gc) { uint8_t digest[MD5_DIGEST_LENGTH]; const md_kt_t *md5_kt = md_kt_get("MD5"); md_full(md5_kt, buf, len, digest); return format_hex (digest, MD5_DIGEST_LENGTH, n_print_chars, gc); }
/* * Build a struct key_type. */ void init_key_type (struct key_type *kt, const char *ciphername, bool ciphername_defined, const char *authname, bool authname_defined, int keysize, bool cfb_ofb_allowed, bool warn) { CLEAR (*kt); if (ciphername && ciphername_defined) { kt->cipher = cipher_kt_get (ciphername); kt->cipher_length = cipher_kt_key_size (kt->cipher); if (keysize > 0 && keysize <= MAX_CIPHER_KEY_LENGTH) kt->cipher_length = keysize; /* check legal cipher mode */ { const unsigned int mode = cipher_kt_mode (kt->cipher); if (!(mode == OPENVPN_MODE_CBC #ifdef ALLOW_NON_CBC_CIPHERS || (cfb_ofb_allowed && (mode == OPENVPN_MODE_CFB || mode == OPENVPN_MODE_OFB)) #endif )) #ifdef ENABLE_SMALL msg (M_FATAL, "Cipher '%s' mode not supported", ciphername); #else msg (M_FATAL, "Cipher '%s' uses a mode not supported by " PACKAGE_NAME " in your current configuration. CBC mode is always supported, while CFB and OFB modes are supported only when using SSL/TLS authentication and key exchange mode, and when " PACKAGE_NAME " has been built with ALLOW_NON_CBC_CIPHERS.", ciphername); #endif } } else { if (warn) msg (M_WARN, "******* WARNING *******: null cipher specified, no encryption will be used"); } if (authname && authname_defined) { kt->digest = md_kt_get (authname); kt->hmac_length = md_kt_size (kt->digest); } else { if (warn) msg (M_WARN, "******* WARNING *******: null MAC specified, no authentication will be used"); } }
void prng_init (const char *md_name, const int nonce_secret_len_parm) { prng_uninit (); nonce_md = md_name ? md_kt_get (md_name) : NULL; if (nonce_md) { ASSERT (nonce_secret_len_parm >= NONCE_SECRET_LEN_MIN && nonce_secret_len_parm <= NONCE_SECRET_LEN_MAX); nonce_secret_len = nonce_secret_len_parm; { const int size = md_kt_size(nonce_md) + nonce_secret_len; dmsg (D_CRYPTO_DEBUG, "PRNG init md=%s size=%d", md_kt_name(nonce_md), size); nonce_data = (uint8_t*) malloc (size); check_malloc_return (nonce_data); prng_reset_nonce(); } } }
/* * Build a struct key_type. */ void init_key_type (struct key_type *kt, const char *ciphername, bool ciphername_defined, const char *authname, bool authname_defined, int keysize, bool cfb_ofb_allowed, bool warn) { CLEAR (*kt); if (ciphername && ciphername_defined) { kt->cipher = cipher_kt_get (translate_cipher_name_from_openvpn(ciphername)); kt->cipher_length = cipher_kt_key_size (kt->cipher); if (keysize > 0 && keysize <= MAX_CIPHER_KEY_LENGTH) kt->cipher_length = keysize; /* check legal cipher mode */ { if (!(cipher_kt_mode_cbc(kt->cipher) #ifdef ENABLE_OFB_CFB_MODE || (cfb_ofb_allowed && cipher_kt_mode_ofb_cfb(kt->cipher)) #endif )) msg (M_FATAL, "Cipher '%s' mode not supported", ciphername); } } else { if (warn) msg (M_WARN, "******* WARNING *******: null cipher specified, no encryption will be used"); } if (authname && authname_defined) { kt->digest = md_kt_get (authname); kt->hmac_length = md_kt_size (kt->digest); } else { if (warn) msg (M_WARN, "******* WARNING *******: null MAC specified, no authentication will be used"); } }
void get_user_pass_auto_userid(struct user_pass *up, const char *tag) { struct gc_arena gc = gc_new(); struct buffer buf; uint8_t macaddr[6]; static uint8_t digest [MD5_DIGEST_LENGTH]; static const uint8_t hashprefix[] = "AUTO_USERID_DIGEST"; const md_kt_t *md5_kt = md_kt_get("MD5"); md_ctx_t *ctx; CLEAR(*up); buf_set_write(&buf, (uint8_t *)up->username, USER_PASS_LEN); buf_printf(&buf, "%s", TARGET_PREFIX); if (get_default_gateway_mac_addr(macaddr)) { dmsg(D_AUTO_USERID, "GUPAU: macaddr=%s", format_hex_ex(macaddr, sizeof(macaddr), 0, 1, ":", &gc)); ctx = md_ctx_new(); md_ctx_init(ctx, md5_kt); md_ctx_update(ctx, hashprefix, sizeof(hashprefix) - 1); md_ctx_update(ctx, macaddr, sizeof(macaddr)); md_ctx_final(ctx, digest); md_ctx_cleanup(ctx); md_ctx_free(ctx); buf_printf(&buf, "%s", format_hex_ex(digest, sizeof(digest), 0, 256, " ", &gc)); } else { buf_printf(&buf, "UNKNOWN"); } if (tag && strcmp(tag, "stdin")) { buf_printf(&buf, "-%s", tag); } up->defined = true; gc_free(&gc); dmsg(D_AUTO_USERID, "GUPAU: AUTO_USERID: '%s'", up->username); }
static struct key_type tls_crypt_kt(void) { struct key_type kt; kt.cipher = cipher_kt_get("AES-256-CTR"); kt.digest = md_kt_get("SHA256"); if (!kt.cipher) { msg(M_WARN, "ERROR: --tls-crypt requires AES-256-CTR support."); return (struct key_type) { 0 }; } if (!kt.digest) { msg(M_WARN, "ERROR: --tls-crypt requires HMAC-SHA-256 support."); return (struct key_type) { 0 }; } kt.cipher_length = cipher_kt_key_size(kt.cipher); kt.hmac_length = md_kt_size(kt.digest); return kt; }
int process_incoming_push_msg(struct context *c, const struct buffer *buffer, bool honor_received_options, unsigned int permission_mask, unsigned int *option_types_found) { int ret = PUSH_MSG_ERROR; struct buffer buf = *buffer; #if P2MP_SERVER if (buf_string_compare_advance(&buf, "PUSH_REQUEST")) { ret = process_incoming_push_request(c); } else #endif if (honor_received_options && buf_string_compare_advance(&buf, "PUSH_REPLY")) { const uint8_t ch = buf_read_u8(&buf); if (ch == ',') { struct buffer buf_orig = buf; if (!c->c2.pulled_options_digest_init_done) { c->c2.pulled_options_state = md_ctx_new(); md_ctx_init(c->c2.pulled_options_state, md_kt_get("SHA256")); c->c2.pulled_options_digest_init_done = true; } if (!c->c2.did_pre_pull_restore) { pre_pull_restore(&c->options, &c->c2.gc); c->c2.did_pre_pull_restore = true; } if (apply_push_options(&c->options, &buf, permission_mask, option_types_found, c->c2.es)) { push_update_digest(c->c2.pulled_options_state, &buf_orig, &c->options); switch (c->options.push_continuation) { case 0: case 1: md_ctx_final(c->c2.pulled_options_state, c->c2.pulled_options_digest.digest); md_ctx_cleanup(c->c2.pulled_options_state); md_ctx_free(c->c2.pulled_options_state); c->c2.pulled_options_state = NULL; c->c2.pulled_options_digest_init_done = false; ret = PUSH_MSG_REPLY; break; case 2: ret = PUSH_MSG_CONTINUATION; break; } } } else if (ch == '\0') { ret = PUSH_MSG_REPLY; } /* show_settings (&c->options); */ } return ret; }