Reduces code duplication (and prepares for tls-crypt-v2, which needs the
same functionality at more places).
Because tls_crypt_kt() is a static function we now need to include
tls_crypt.c from the tests, rather than tls_crypt.h.
Signed-off-by: Steffan Karger <steffan.karger@fox-it.com>
Acked-by: Antonio Quartulli <a@unstable.cc>
Message-Id: <1502531632-16833-1-git-send-email-steffan.karger@fox-it.com>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg15229.html
Signed-off-by: David Sommerseth <davids@openvpn.net>
... | ... |
@@ -35,35 +35,47 @@ |
35 | 35 |
|
36 | 36 |
#include "tls_crypt.h" |
37 | 37 |
|
38 |
-int |
|
39 |
-tls_crypt_buf_overhead(void) |
|
40 |
-{ |
|
41 |
- return packet_id_size(true) + TLS_CRYPT_TAG_SIZE + TLS_CRYPT_BLOCK_SIZE; |
|
42 |
-} |
|
43 |
- |
|
44 |
-void |
|
45 |
-tls_crypt_init_key(struct key_ctx_bi *key, const char *key_file, |
|
46 |
- const char *key_inline, bool tls_server) |
|
38 |
+static struct key_type |
|
39 |
+tls_crypt_kt(void) |
|
47 | 40 |
{ |
48 |
- const int key_direction = tls_server ? |
|
49 |
- KEY_DIRECTION_NORMAL : KEY_DIRECTION_INVERSE; |
|
50 |
- |
|
51 | 41 |
struct key_type kt; |
52 | 42 |
kt.cipher = cipher_kt_get("AES-256-CTR"); |
53 | 43 |
kt.digest = md_kt_get("SHA256"); |
54 | 44 |
|
55 | 45 |
if (!kt.cipher) |
56 | 46 |
{ |
57 |
- msg(M_FATAL, "ERROR: --tls-crypt requires AES-256-CTR support."); |
|
47 |
+ msg(M_WARN, "ERROR: --tls-crypt requires AES-256-CTR support."); |
|
48 |
+ return (struct key_type) { 0 }; |
|
58 | 49 |
} |
59 | 50 |
if (!kt.digest) |
60 | 51 |
{ |
61 |
- msg(M_FATAL, "ERROR: --tls-crypt requires HMAC-SHA-256 support."); |
|
52 |
+ msg(M_WARN, "ERROR: --tls-crypt requires HMAC-SHA-256 support."); |
|
53 |
+ return (struct key_type) { 0 }; |
|
62 | 54 |
} |
63 | 55 |
|
64 | 56 |
kt.cipher_length = cipher_kt_key_size(kt.cipher); |
65 | 57 |
kt.hmac_length = md_kt_size(kt.digest); |
66 | 58 |
|
59 |
+ return kt; |
|
60 |
+} |
|
61 |
+ |
|
62 |
+int |
|
63 |
+tls_crypt_buf_overhead(void) |
|
64 |
+{ |
|
65 |
+ return packet_id_size(true) + TLS_CRYPT_TAG_SIZE + TLS_CRYPT_BLOCK_SIZE; |
|
66 |
+} |
|
67 |
+ |
|
68 |
+void |
|
69 |
+tls_crypt_init_key(struct key_ctx_bi *key, const char *key_file, |
|
70 |
+ const char *key_inline, bool tls_server) |
|
71 |
+{ |
|
72 |
+ const int key_direction = tls_server ? |
|
73 |
+ KEY_DIRECTION_NORMAL : KEY_DIRECTION_INVERSE; |
|
74 |
+ struct key_type kt = tls_crypt_kt(); |
|
75 |
+ if (!kt.cipher || !kt.digest) |
|
76 |
+ { |
|
77 |
+ msg (M_FATAL, "ERROR: --tls-crypt not supported"); |
|
78 |
+ } |
|
67 | 79 |
crypto_read_openvpn_key(&kt, key, key_file, key_inline, key_direction, |
68 | 80 |
"Control Channel Encryption", "tls-crypt"); |
69 | 81 |
} |
... | ... |
@@ -54,5 +54,4 @@ tls_crypt_testdriver_SOURCES = test_tls_crypt.c mock_msg.c \ |
54 | 54 |
$(openvpn_srcdir)/crypto_openssl.c \ |
55 | 55 |
$(openvpn_srcdir)/otime.c \ |
56 | 56 |
$(openvpn_srcdir)/packet_id.c \ |
57 |
- $(openvpn_srcdir)/platform.c \ |
|
58 |
- $(openvpn_srcdir)/tls_crypt.c |
|
57 |
+ $(openvpn_srcdir)/platform.c |
... | ... |
@@ -39,7 +39,7 @@ |
39 | 39 |
#include <setjmp.h> |
40 | 40 |
#include <cmocka.h> |
41 | 41 |
|
42 |
-#include "tls_crypt.h" |
|
42 |
+#include "tls_crypt.c" |
|
43 | 43 |
|
44 | 44 |
#include "mock_msg.h" |
45 | 45 |
|
... | ... |
@@ -60,23 +60,13 @@ setup(void **state) { |
60 | 60 |
struct test_context *ctx = calloc(1, sizeof(*ctx)); |
61 | 61 |
*state = ctx; |
62 | 62 |
|
63 |
- ctx->kt.cipher = cipher_kt_get("AES-256-CTR"); |
|
64 |
- ctx->kt.digest = md_kt_get("SHA256"); |
|
65 |
- if (!ctx->kt.cipher) |
|
66 |
- { |
|
67 |
- printf("No AES-256-CTR support, skipping test.\n"); |
|
68 |
- return 0; |
|
69 |
- } |
|
70 |
- if (!ctx->kt.digest) |
|
63 |
+ struct key key = { 0 }; |
|
64 |
+ |
|
65 |
+ ctx->kt = tls_crypt_kt(); |
|
66 |
+ if (!ctx->kt.cipher || !ctx->kt.digest) |
|
71 | 67 |
{ |
72 |
- printf("No HMAC-SHA256 support, skipping test.\n"); |
|
73 | 68 |
return 0; |
74 | 69 |
} |
75 |
- ctx->kt.cipher_length = cipher_kt_key_size(ctx->kt.cipher); |
|
76 |
- ctx->kt.hmac_length = md_kt_size(ctx->kt.digest); |
|
77 |
- |
|
78 |
- struct key key = { 0 }; |
|
79 |
- |
|
80 | 70 |
init_key_ctx(&ctx->co.key_ctx_bi.encrypt, &key, &ctx->kt, true, "TEST"); |
81 | 71 |
init_key_ctx(&ctx->co.key_ctx_bi.decrypt, &key, &ctx->kt, false, "TEST"); |
82 | 72 |
|