Merge commit '86cc97e55fe346502462284d2e636a2b3708163e' as 'Sources/OpenVPN3'

Sources/OpenVPN3/openvpn/crypto/cipher.hpp

@@ -0,0 +1,133 @@
+//    OpenVPN -- An application to securely tunnel IP networks
+//               over a single port, with support for SSL/TLS-based
+//               session authentication and key exchange,
+//               packet encryption, packet authentication, and
+//               packet compression.
+//
+//    Copyright (C) 2012-2017 OpenVPN Inc.
+//
+//    This program is free software: you can redistribute it and/or modify
+//    it under the terms of the GNU Affero General Public License Version 3
+//    as published by the Free Software Foundation.
+//
+//    This program is distributed in the hope that it will be useful,
+//    but WITHOUT ANY WARRANTY; without even the implied warranty of
+//    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+//    GNU Affero General Public License for more details.
+//
+//    You should have received a copy of the GNU Affero General Public License
+//    along with this program in the COPYING file.
+//    If not, see <http://www.gnu.org/licenses/>.
+
+// General-purpose cipher classes that are independent of the underlying CRYPTO_API
+
+#ifndef OPENVPN_CRYPTO_CIPHER_H
+#define OPENVPN_CRYPTO_CIPHER_H
+
+#include <string>
+
+#include <openvpn/common/size.hpp>
+#include <openvpn/common/exception.hpp>
+#include <openvpn/crypto/static_key.hpp>
+#include <openvpn/crypto/cryptoalgs.hpp>
+
+namespace openvpn {
+  template <typename CRYPTO_API>
+  class CipherContext
+  {
+  public:
+    OPENVPN_SIMPLE_EXCEPTION(cipher_mode_error);
+    OPENVPN_SIMPLE_EXCEPTION(cipher_uninitialized);
+    OPENVPN_SIMPLE_EXCEPTION(cipher_init_insufficient_key_material);
+    OPENVPN_SIMPLE_EXCEPTION(cipher_internal_error);
+    OPENVPN_SIMPLE_EXCEPTION(cipher_output_buffer);
+
+  public:
+    CipherContext() : mode_(CRYPTO_API::CipherContext::MODE_UNDEF) {}
+
+    CipherContext(const CryptoAlgs::Type cipher, const StaticKey& key, const int mode)
+      : mode_(CRYPTO_API::CipherContext::MODE_UNDEF)
+    {
+      init(cipher, key, mode);
+    }
+
+    bool defined() const { return ctx.is_initialized(); }
+
+    // size of iv buffer to pass to encrypt_decrypt
+    size_t iv_length() const
+    {
+      return ctx.iv_length();
+    }
+
+    // cipher mode (such as CIPH_CBC_MODE, etc.)
+    int cipher_mode() const
+    {
+      return ctx.cipher_mode();
+    }
+
+    // size of out buffer to pass to encrypt_decrypt
+    size_t output_size(const size_t in_size) const
+    {
+      return in_size + ctx.block_size();
+    }
+
+    void init(const CryptoAlgs::Type cipher, const StaticKey& key, const int mode)
+    {
+      const CryptoAlgs::Alg& alg = CryptoAlgs::get(cipher);
+
+      // check that provided key is large enough
+      if (key.size() < alg.key_length())
+	throw cipher_init_insufficient_key_material();
+
+      // IV consistency check
+      if (alg.iv_length() > CRYPTO_API::CipherContext::MAX_IV_LENGTH)
+	throw cipher_internal_error();
+
+      // initialize cipher context with cipher type, key, and encrypt/decrypt mode
+      ctx.init(cipher, key.data(), mode);
+
+      // save mode in object
+      mode_ = mode;
+    }
+
+    size_t encrypt(const unsigned char *iv,
+		   unsigned char *out, const size_t out_size,
+		   const unsigned char *in, const size_t in_size)
+    {
+      if (mode_ != CRYPTO_API::CipherContext::ENCRYPT)
+	throw cipher_mode_error();
+      return encrypt_decrypt(iv, out, out_size, in, in_size);
+    }
+
+    size_t decrypt(const unsigned char *iv,
+		   unsigned char *out, const size_t out_size,
+		   const unsigned char *in, const size_t in_size)
+    {
+      if (mode_ != CRYPTO_API::CipherContext::DECRYPT)
+	throw cipher_mode_error();
+      return encrypt_decrypt(iv, out, out_size, in, in_size);
+    }
+
+    size_t encrypt_decrypt(const unsigned char *iv,
+			   unsigned char *out, const size_t out_size,
+			   const unsigned char *in, const size_t in_size)
+    {
+      if (out_size < output_size(in_size))
+	throw cipher_output_buffer();
+      ctx.reset(iv);
+      size_t outlen = 0;
+      if (!ctx.update(out, out_size, in, in_size, outlen))
+	return 0;
+      if (!ctx.final(out + outlen, out_size - outlen, outlen))
+	return 0;
+      return outlen;
+    }
+
+  private:
+    int mode_;
+    typename CRYPTO_API::CipherContext ctx;
+  };
+
+} // namespace openvpn
+
+#endif // OPENVPN_CRYPTO_CIPHER_H