1/*
2 *  OpenVPN -- An application to securely tunnel IP networks
3 *             over a single TCP/UDP port, with support for SSL/TLS-based
4 *             session authentication and key exchange,
5 *             packet encryption, packet authentication, and
6 *             packet compression.
7 *
8 *  Copyright (C) 2002-2010 OpenVPN Technologies, Inc. <sales@openvpn.net>
9 *  Copyright (C) 2010 Fox Crypto B.V. <openvpn@fox-it.com>
10 *
11 *  This program is free software; you can redistribute it and/or modify
12 *  it under the terms of the GNU General Public License version 2
13 *  as published by the Free Software Foundation.
14 *
15 *  This program is distributed in the hope that it will be useful,
16 *  but WITHOUT ANY WARRANTY; without even the implied warranty of
17 *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
18 *  GNU General Public License for more details.
19 *
20 *  You should have received a copy of the GNU General Public License
21 *  along with this program (see the file COPYING included with this
22 *  distribution); if not, write to the Free Software Foundation, Inc.,
23 *  59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
24 */
25
26/**
27 * @file Data Channel Cryptography PolarSSL-specific backend interface
28 */
29
30#ifndef CRYPTO_POLARSSL_H_
31#define CRYPTO_POLARSSL_H_
32
33#include <polarssl/cipher.h>
34#include <polarssl/md.h>
35#include <polarssl/ctr_drbg.h>
36
37/** Generic cipher key type %context. */
38typedef cipher_info_t cipher_kt_t;
39
40/** Generic message digest key type %context. */
41typedef md_info_t md_kt_t;
42
43/** Generic cipher %context. */
44typedef cipher_context_t cipher_ctx_t;
45
46/** Generic message digest %context. */
47typedef md_context_t md_ctx_t;
48
49/** Generic HMAC %context. */
50typedef md_context_t hmac_ctx_t;
51
52/** Maximum length of an IV */
53#define OPENVPN_MAX_IV_LENGTH 	POLARSSL_MAX_IV_LENGTH
54
55/** Cipher is in CBC mode */
56#define OPENVPN_MODE_CBC 	POLARSSL_MODE_CBC
57
58/** Cipher is in OFB mode */
59#define OPENVPN_MODE_OFB 	POLARSSL_MODE_OFB
60
61/** Cipher is in CFB mode */
62#define OPENVPN_MODE_CFB 	POLARSSL_MODE_CFB
63
64/** Cipher should encrypt */
65#define OPENVPN_OP_ENCRYPT 	POLARSSL_ENCRYPT
66
67/** Cipher should decrypt */
68#define OPENVPN_OP_DECRYPT 	POLARSSL_DECRYPT
69
70#define MD4_DIGEST_LENGTH 	16
71#define MD5_DIGEST_LENGTH 	16
72#define SHA_DIGEST_LENGTH 	20
73#define DES_KEY_LENGTH 8
74
75/**
76 * Returns a singleton instance of the PolarSSL random number generator.
77 *
78 * For PolarSSL 1.1+, this is the CTR_DRBG random number generator. If it
79 * hasn't been initialised yet, the RNG will be initialised using the default
80 * entropy sources. Aside from the default platform entropy sources, an
81 * additional entropy source, the HAVEGE random number generator will also be
82 * added. During initialisation, a personalisation string will be added based
83 * on the time, the PID, and a pointer to the random context.
84 */
85ctr_drbg_context * rand_ctx_get();
86
87#ifdef ENABLE_PREDICTION_RESISTANCE
88/**
89 * Enable prediction resistance on the random number generator.
90 */
91void rand_ctx_enable_prediction_resistance();
92#endif
93
94#endif /* CRYPTO_POLARSSL_H_ */
95