github/OpenVPNAdapter
4
0
Fork 0
mirror of https://github.com/deneraraujo/OpenVPNAdapter.git synced 2026-04-24 00:00:05 +08:00
Code Issues Packages Projects Releases Wiki Activity

Merge commit '86cc97e55fe346502462284d2e636a2b3708163e' as 'Sources/OpenVPN3'

Browse Source
This commit is contained in:
Sergey Abramchuk
2020-02-24 14:43:11 +03:00
parent 133b3756e6 86cc97e55f
commit 32f1555929
655 changed files with 146468 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
Sources/OpenVPN3/openvpn/mbedtls/pki/dh.hpp
+124
View File
@@ -0,0 +1,124 @@
// OpenVPN -- An application to securely tunnel IP networks
// over a single port, with support for SSL/TLS-based
// session authentication and key exchange,
// packet encryption, packet authentication, and
// packet compression.
//
// Copyright (C) 2012-2017 OpenVPN Inc.
//
// This program is free software: you can redistribute it and/or modify
// it under the terms of the GNU Affero General Public License Version 3
// as published by the Free Software Foundation.
//
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU Affero General Public License for more details.
//
// You should have received a copy of the GNU Affero General Public License
// along with this program in the COPYING file.
// If not, see <http://www.gnu.org/licenses/>.
// Wrap a mbed TLS dhm_context object (Diffie Hellman parameters).
#ifndef OPENVPN_MBEDTLS_PKI_DH_H
#define OPENVPN_MBEDTLS_PKI_DH_H
#include <string>
#include <sstream>
#include <cstring>
#include <mbedtls/x509.h>
#include <openvpn/common/size.hpp>
#include <openvpn/common/exception.hpp>
#include <openvpn/common/rc.hpp>
#include <openvpn/mbedtls/util/error.hpp>
namespace openvpn {
namespace MbedTLSPKI {
class DH : public RC<thread_unsafe_refcount>
{
public:
typedef RCPtr<DH> Ptr;
DH() : dhc(nullptr) {}
DH(const std::string& dh_txt, const std::string& title)
: dhc(nullptr)
{
try {
parse(dh_txt, title);
}
catch (...)
{
dealloc();
throw;
}
}
void parse(const std::string& dh_txt, const std::string& title)
{
alloc();
// dh_txt.length() is increased by 1 as it does not include the NULL-terminator
// which mbedtls_dhm_parse_dhm() expects to see.
const int status = mbedtls_dhm_parse_dhm(dhc,
(const unsigned char *)dh_txt.c_str(),
dh_txt.length() + 1);
if (status < 0)
{
throw MbedTLSException("error parsing " + title + " DH parameters", status);
}
if (status > 0)
{
std::ostringstream os;
os << status << " DH parameters in " << title << " failed to parse";
throw MbedTLSException(os.str());
}
// store PEM data to allow extraction
pem_dhc = dh_txt;
}
std::string extract() const
{
return std::string(pem_dhc);
}
mbedtls_dhm_context* get() const
{
return dhc;
}
~DH()
{
dealloc();
}
private:
void alloc()
{
if (!dhc)
{
dhc = new mbedtls_dhm_context;
mbedtls_dhm_init(dhc);
}
}
void dealloc()
{
if (dhc)
{
mbedtls_dhm_free(dhc);
delete dhc;
dhc = nullptr;
}
}
mbedtls_dhm_context *dhc;
std::string pem_dhc;
};
}
}
#endif
Sources/OpenVPN3/openvpn/mbedtls/pki/pkctx.hpp
+163
View File
@@ -0,0 +1,163 @@
// OpenVPN -- An application to securely tunnel IP networks
// over a single port, with support for SSL/TLS-based
// session authentication and key exchange,
// packet encryption, packet authentication, and
// packet compression.
//
// Copyright (C) 2012-2017 OpenVPN Inc.
//
// This program is free software: you can redistribute it and/or modify
// it under the terms of the GNU Affero General Public License Version 3
// as published by the Free Software Foundation.
//
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU Affero General Public License for more details.
//
// You should have received a copy of the GNU Affero General Public License
// along with this program in the COPYING file.
// If not, see <http://www.gnu.org/licenses/>.
// Wrap a mbed TLS pk_context object.
#ifndef OPENVPN_MBEDTLS_PKI_PKCTX_H
#define OPENVPN_MBEDTLS_PKI_PKCTX_H
#include <string>
#include <sstream>
#include <cstring>
#include <mbedtls/pk.h>
#include <openvpn/common/size.hpp>
#include <openvpn/common/exception.hpp>
#include <openvpn/common/rc.hpp>
#include <openvpn/mbedtls/util/error.hpp>
namespace openvpn {
namespace MbedTLSPKI {
class PKContext : public RC<thread_unsafe_refcount>
{
public:
typedef RCPtr<PKContext> Ptr;
PKContext() : ctx(nullptr) {}
PKContext(const std::string& key_txt, const std::string& title, const std::string& priv_key_pwd)
: ctx(nullptr)
{
try {
parse(key_txt, title, priv_key_pwd);
}
catch (...)
{
dealloc();
throw;
}
}
bool defined() const
{
return ctx != nullptr;
}
PKType::Type key_type() const
{
switch (mbedtls_pk_get_type(ctx))
{
case MBEDTLS_PK_RSA:
case MBEDTLS_PK_RSA_ALT:
case MBEDTLS_PK_RSASSA_PSS:
return PKType::PK_RSA;
case MBEDTLS_PK_ECKEY:
case MBEDTLS_PK_ECKEY_DH:
return PKType::PK_EC;
case MBEDTLS_PK_ECDSA:
return PKType::PK_ECDSA;
case MBEDTLS_PK_NONE:
return PKType::PK_NONE;
default:
return PKType::PK_UNKNOWN;
}
}
size_t key_length() const
{
return mbedtls_pk_get_bitlen(ctx);
}
void parse(const std::string& key_txt, const std::string& title, const std::string& priv_key_pwd)
{
alloc();
// key_txt.length() is increased by 1 as it does not include the NULL-terminator
// which mbedtls_pk_parse_key() expects to see.
const int status = mbedtls_pk_parse_key(ctx,
(const unsigned char *)key_txt.c_str(),
key_txt.length() + 1,
(const unsigned char *)priv_key_pwd.c_str(),
priv_key_pwd.length());
if (status < 0)
throw MbedTLSException("error parsing " + title + " private key", status);
}
std::string extract() const
{
// maximum size of the PEM data is not available at this point
BufferAllocated buff(16000, 0);
int ret = mbedtls_pk_write_key_pem(ctx, buff.data(), buff.max_size());
if (ret < 0)
throw MbedTLSException("extract priv_key: can't write to buffer", ret);
return std::string((const char *)buff.data());
}
void epki_enable(void *arg,
mbedtls_pk_rsa_alt_decrypt_func epki_decrypt,
mbedtls_pk_rsa_alt_sign_func epki_sign,
mbedtls_pk_rsa_alt_key_len_func epki_key_len)
{
alloc();
const int status = mbedtls_pk_setup_rsa_alt(ctx, arg, epki_decrypt, epki_sign, epki_key_len);
if (status < 0)
throw MbedTLSException("error in mbedtls_pk_setup_rsa_alt", status);
}
mbedtls_pk_context* get() const
{
return ctx;
}
~PKContext()
{
dealloc();
}
private:
void alloc()
{
if (!ctx)
{
ctx = new mbedtls_pk_context;
mbedtls_pk_init(ctx);
}
}
void dealloc()
{
if (ctx)
{
mbedtls_pk_free(ctx);
delete ctx;
ctx = nullptr;
}
}
mbedtls_pk_context *ctx;
};
}
}
#endif
Sources/OpenVPN3/openvpn/mbedtls/pki/x509cert.hpp
+167
View File
@@ -0,0 +1,167 @@
// OpenVPN -- An application to securely tunnel IP networks
// over a single port, with support for SSL/TLS-based
// session authentication and key exchange,
// packet encryption, packet authentication, and
// packet compression.
//
// Copyright (C) 2012-2017 OpenVPN Inc.
//
// This program is free software: you can redistribute it and/or modify
// it under the terms of the GNU Affero General Public License Version 3
// as published by the Free Software Foundation.
//
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU Affero General Public License for more details.
//
// You should have received a copy of the GNU Affero General Public License
// along with this program in the COPYING file.
// If not, see <http://www.gnu.org/licenses/>.
// Wrap a mbed TLS x509_crt object
#ifndef OPENVPN_MBEDTLS_PKI_X509CERT_H
#define OPENVPN_MBEDTLS_PKI_X509CERT_H
#include <string>
#include <sstream>
#include <cstring>
#include <iostream>
#include <mbedtls/x509.h>
#include <mbedtls/pem.h>
#include <mbedtls/base64.h>
#include <openvpn/common/size.hpp>
#include <openvpn/common/exception.hpp>
#include <openvpn/common/rc.hpp>
#include <openvpn/mbedtls/util/error.hpp>
namespace openvpn {
namespace MbedTLSPKI {
class X509Cert : public RC<thread_unsafe_refcount>
{
public:
typedef RCPtr<X509Cert> Ptr;
X509Cert() : chain(nullptr) {}
X509Cert(const std::string& cert_txt, const std::string& title, const bool strict)
: chain(nullptr)
{
try {
parse(cert_txt, title, strict);
}
catch (...)
{
dealloc();
throw;
}
}
void parse(const std::string& cert_txt, const std::string& title, const bool strict)
{
alloc();
if (cert_txt.empty())
throw MbedTLSException(title + " certificate is undefined");
// cert_txt.length() is increased by 1 as it does not include the NULL-terminator
// which mbedtls_x509_crt_parse() expects to see.
const int status = mbedtls_x509_crt_parse(chain,
(const unsigned char *)cert_txt.c_str(),
cert_txt.length() + 1);
if (status < 0)
{
throw MbedTLSException("error parsing " + title + " certificate", status);
}
if (status > 0)
{
std::ostringstream os;
os << status << " certificate(s) in " << title << " bundle failed to parse";
if (strict)
throw MbedTLSException(os.str());
else
OPENVPN_LOG("MBEDTLS: " << os.str());
}
}
static std::string der_to_pem(const unsigned char* der, size_t der_size)
{
size_t olen = 0;
int ret;
ret = mbedtls_pem_write_buffer(begin_cert, end_cert, der,
der_size, NULL, 0, &olen);
if (ret != MBEDTLS_ERR_BASE64_BUFFER_TOO_SMALL)
throw MbedTLSException("X509Cert::extract: can't calculate PEM size");
BufferAllocated buff(olen, 0);
ret = mbedtls_pem_write_buffer(begin_cert, end_cert, der,
der_size, buff.data(), buff.max_size(), &olen);
if (ret)
throw MbedTLSException("X509Cert::extract: can't write PEM buffer");
return std::string((const char *)buff.data());
}
std::string extract() const
{
return der_to_pem(chain->raw.p, chain->raw.len);
}
std::vector<std::string> extract_extra_certs() const
{
std::vector<std::string> extra_certs;
/* extra certificates are appended to the main one */
for (mbedtls_x509_crt *cert = chain->next; cert; cert = cert->next)
{
extra_certs.push_back(der_to_pem(cert->raw.p, cert->raw.len));
}
return extra_certs;
}
mbedtls_x509_crt* get() const
{
return chain;
}
virtual ~X509Cert()
{
dealloc();
}
protected:
void alloc()
{
if (!chain)
{
chain = new mbedtls_x509_crt;
mbedtls_x509_crt_init(chain);
}
}
mbedtls_x509_crt *chain;
private:
void dealloc()
{
if (chain)
{
mbedtls_x509_crt_free(chain);
delete chain;
chain = nullptr;
}
}
constexpr static const char* begin_cert = "-----BEGIN CERTIFICATE-----\n";;
constexpr static const char* end_cert = "-----END CERTIFICATE-----\n";;
};
}
}
#endif
Sources/OpenVPN3/openvpn/mbedtls/pki/x509crl.hpp
+119
View File
@@ -0,0 +1,119 @@
// OpenVPN -- An application to securely tunnel IP networks
// over a single port, with support for SSL/TLS-based
// session authentication and key exchange,
// packet encryption, packet authentication, and
// packet compression.
//
// Copyright (C) 2012-2017 OpenVPN Inc.
//
// This program is free software: you can redistribute it and/or modify
// it under the terms of the GNU Affero General Public License Version 3
// as published by the Free Software Foundation.
//
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU Affero General Public License for more details.
//
// You should have received a copy of the GNU Affero General Public License
// along with this program in the COPYING file.
// If not, see <http://www.gnu.org/licenses/>.
// Wrap a mbed TLS x509_crl object
#ifndef OPENVPN_MBEDTLS_PKI_X509CRL_H
#define OPENVPN_MBEDTLS_PKI_X509CRL_H
#include <string>
#include <sstream>
#include <cstring>
#include <mbedtls/x509_crl.h>
#include <openvpn/common/size.hpp>
#include <openvpn/common/exception.hpp>
#include <openvpn/common/rc.hpp>
#include <openvpn/mbedtls/util/error.hpp>
namespace openvpn {
namespace MbedTLSPKI {
class X509CRL : public RC<thread_unsafe_refcount>
{
public:
typedef RCPtr<X509CRL> Ptr;
X509CRL() : chain(nullptr) {}
X509CRL(const std::string& crl_txt)
: chain(nullptr)
{
try {
parse(crl_txt);
}
catch (...)
{
dealloc();
throw;
}
}
void parse(const std::string& crl_txt)
{
alloc();
// crl_txt.length() is increased by 1 as it does not include the NULL-terminator
// which mbedtls_x509_crl_parse() expects to see.
const int status = mbedtls_x509_crl_parse(chain,
(const unsigned char *)crl_txt.c_str(),
crl_txt.length() + 1);
if (status < 0)
{
throw MbedTLSException("error parsing CRL", status);
}
pem_chain = crl_txt;
}
std::string extract() const
{
return std::string(pem_chain);
}
mbedtls_x509_crl* get() const
{
return chain;
}
~X509CRL()
{
dealloc();
}
private:
void alloc()
{
if (!chain)
{
chain = new mbedtls_x509_crl;
std::memset(chain, 0, sizeof(mbedtls_x509_crl));
}
}
void dealloc()
{
if (chain)
{
mbedtls_x509_crl_free(chain);
delete chain;
chain = nullptr;
}
}
mbedtls_x509_crl *chain;
std::string pem_chain;
};
}
}
#endif