-
Notifications
You must be signed in to change notification settings - Fork 409
/
Copy pathstatic_key.hpp
207 lines (172 loc) · 4.94 KB
/
static_key.hpp
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
// OpenVPN -- An application to securely tunnel IP networks
// over a single port, with support for SSL/TLS-based
// session authentication and key exchange,
// packet encryption, packet authentication, and
// packet compression.
//
// Copyright (C) 2012- OpenVPN Inc.
//
// SPDX-License-Identifier: MPL-2.0 OR AGPL-3.0-only WITH openvpn3-openssl-exception
//
// Classes for handling OpenVPN static keys (and tls-auth keys)
#ifndef OPENVPN_CRYPTO_STATIC_KEY_H
#define OPENVPN_CRYPTO_STATIC_KEY_H
#include <string>
#include <sstream>
#include <openvpn/common/exception.hpp>
#include <openvpn/common/hexstr.hpp>
#include <openvpn/common/file.hpp>
#include <openvpn/common/splitlines.hpp>
#include <openvpn/common/base64.hpp>
#include <openvpn/buffer/buffer.hpp>
#include <openvpn/random/randapi.hpp>
namespace openvpn {
class StaticKey
{
friend class OpenVPNStaticKey;
typedef BufferAllocated key_t;
public:
StaticKey()
{
}
StaticKey(const unsigned char *key_data, const size_t key_size)
: key_data_(key_data, key_size, BufAllocFlags::DESTRUCT_ZERO)
{
}
StaticKey(const key_t &keydata)
: key_data_(keydata)
{
key_data_.or_flags(BufAllocFlags::DESTRUCT_ZERO);
}
size_t size() const
{
return key_data_.size();
}
const unsigned char *data() const
{
return key_data_.c_data();
}
void erase()
{
key_data_.clear();
}
std::string render_hex() const
{
return openvpn::render_hex_generic(key_data_);
}
void parse_from_base64(const std::string &b64, const size_t capacity)
{
key_data_.reset(capacity, BufAllocFlags::DESTRUCT_ZERO);
base64->decode(key_data_, b64);
}
std::string render_to_base64() const
{
return base64->encode(key_data_);
}
void init_from_rng(StrongRandomAPI &rng, const size_t key_size)
{
key_data_.init(key_size, BufAllocFlags::DESTRUCT_ZERO);
rng.rand_bytes(key_data_.data(), key_size);
key_data_.set_size(key_size);
}
private:
key_t key_data_;
};
class OpenVPNStaticKey
{
typedef StaticKey::key_t key_t;
public:
enum
{
KEY_SIZE = 256 // bytes
};
// key specifier
enum
{
// key for cipher and hmac
CIPHER = 0,
HMAC = (1 << 0),
// do we want to encrypt or decrypt with this key
ENCRYPT = 0,
DECRYPT = (1 << 1),
// key direction
NORMAL = 0,
INVERSE = (1 << 2)
};
OPENVPN_SIMPLE_EXCEPTION(static_key_parse_error);
OPENVPN_SIMPLE_EXCEPTION(static_key_bad_size);
bool defined() const
{
return key_data_.defined();
}
void XOR(const OpenVPNStaticKey &other)
{
assert(defined() && other.defined());
for (std::size_t i = 0; i < key_data_.size(); ++i)
key_data_[i] ^= other.key_data_[i];
}
StaticKey slice(unsigned int key_specifier) const
{
if (key_data_.size() != KEY_SIZE)
throw static_key_bad_size();
static const unsigned char key_table[] = {0, 1, 2, 3, 2, 3, 0, 1};
const unsigned int idx = key_table[key_specifier & 7] * 64;
return StaticKey(key_data_.c_data() + idx, KEY_SIZE / 4);
}
void parse_from_file(const std::string &filename)
{
const std::string str = read_text(filename);
parse(str);
}
void parse(const std::string &key_text)
{
SplitLines in(key_text, 0);
key_t data(KEY_SIZE, BufAllocFlags::DESTRUCT_ZERO);
bool in_body = false;
while (in(true))
{
const std::string &line = in.line_ref();
if (line == static_key_head())
in_body = true;
else if (line == static_key_foot())
in_body = false;
else if (in_body)
parse_hex(data, line);
}
if (in_body || data.size() != KEY_SIZE)
throw static_key_parse_error();
key_data_ = std::move(data);
}
std::string render() const
{
if (key_data_.size() != KEY_SIZE)
throw static_key_bad_size();
std::ostringstream out;
out << static_key_head() << "\n";
for (size_t i = 0; i < KEY_SIZE; i += 16)
out << render_hex(key_data_.c_data() + i, 16) << "\n";
out << static_key_foot() << "\n";
return out.str();
}
unsigned char *raw_alloc()
{
key_data_.init(KEY_SIZE, BufAllocFlags::DESTRUCT_ZERO | BufAllocFlags::ARRAY);
return key_data_.data();
}
void erase()
{
key_data_.clear();
}
private:
static const char *static_key_head()
{
return "-----BEGIN OpenVPN Static key V1-----";
}
static const char *static_key_foot()
{
return "-----END OpenVPN Static key V1-----";
}
key_t key_data_;
};
} // namespace openvpn
#endif // OPENVPN_CRYPTO_STATIC_KEY_H