1/* 2 * OpenVPN -- An application to securely tunnel IP networks 3 * over a single TCP/UDP port, with support for SSL/TLS-based 4 * session authentication and key exchange, 5 * packet encryption, packet authentication, and 6 * packet compression. 7 * 8 * Copyright (C) 2002-2010 OpenVPN Technologies, Inc. <sales@openvpn.net> 9 * Copyright (C) 2010 Fox Crypto B.V. <openvpn@fox-it.com> 10 * 11 * This program is free software; you can redistribute it and/or modify 12 * it under the terms of the GNU General Public License version 2 13 * as published by the Free Software Foundation. 14 * 15 * This program is distributed in the hope that it will be useful, 16 * but WITHOUT ANY WARRANTY; without even the implied warranty of 17 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 18 * GNU General Public License for more details. 19 * 20 * You should have received a copy of the GNU General Public License 21 * along with this program (see the file COPYING included with this 22 * distribution); if not, write to the Free Software Foundation, Inc., 23 * 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA 24 */ 25 26/** 27 * @file Data Channel Cryptography PolarSSL-specific backend interface 28 */ 29 30#ifndef CRYPTO_POLARSSL_H_ 31#define CRYPTO_POLARSSL_H_ 32 33#include <polarssl/cipher.h> 34#include <polarssl/md.h> 35#include <polarssl/ctr_drbg.h> 36 37/** Generic cipher key type %context. */ 38typedef cipher_info_t cipher_kt_t; 39 40/** Generic message digest key type %context. */ 41typedef md_info_t md_kt_t; 42 43/** Generic cipher %context. */ 44typedef cipher_context_t cipher_ctx_t; 45 46/** Generic message digest %context. */ 47typedef md_context_t md_ctx_t; 48 49/** Generic HMAC %context. */ 50typedef md_context_t hmac_ctx_t; 51 52/** Maximum length of an IV */ 53#define OPENVPN_MAX_IV_LENGTH POLARSSL_MAX_IV_LENGTH 54 55/** Cipher is in CBC mode */ 56#define OPENVPN_MODE_CBC POLARSSL_MODE_CBC 57 58/** Cipher is in OFB mode */ 59#define OPENVPN_MODE_OFB POLARSSL_MODE_OFB 60 61/** Cipher is in CFB mode */ 62#define OPENVPN_MODE_CFB POLARSSL_MODE_CFB 63 64/** Cipher should encrypt */ 65#define OPENVPN_OP_ENCRYPT POLARSSL_ENCRYPT 66 67/** Cipher should decrypt */ 68#define OPENVPN_OP_DECRYPT POLARSSL_DECRYPT 69 70#define MD4_DIGEST_LENGTH 16 71#define MD5_DIGEST_LENGTH 16 72#define SHA_DIGEST_LENGTH 20 73#define DES_KEY_LENGTH 8 74 75/** 76 * Returns a singleton instance of the PolarSSL random number generator. 77 * 78 * For PolarSSL 1.1+, this is the CTR_DRBG random number generator. If it 79 * hasn't been initialised yet, the RNG will be initialised using the default 80 * entropy sources. Aside from the default platform entropy sources, an 81 * additional entropy source, the HAVEGE random number generator will also be 82 * added. During initialisation, a personalisation string will be added based 83 * on the time, the PID, and a pointer to the random context. 84 */ 85ctr_drbg_context * rand_ctx_get(); 86 87#ifdef ENABLE_PREDICTION_RESISTANCE 88/** 89 * Enable prediction resistance on the random number generator. 90 */ 91void rand_ctx_enable_prediction_resistance(); 92#endif 93 94#endif /* CRYPTO_POLARSSL_H_ */ 95