Added translate_cipher name to crypto_openssl.c and crypto_polarssl.c
to translate between OpenVPN(/OpenSSL) and PolarSSL data channel
cipher algorithm names. OpenSSL does not require any translating,
PolarSSL does for a small number of algorithms. This improves on
config file compatibility between the OpenSSL and PolarSSL builds.
Signed-off-by: Steffan Karger <steffan.karger@fox-it.com>
Acked-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <1363942465-3251-5-git-send-email-steffan.karger@fox-it.com>
URL: http://article.gmane.org/gmane.network.openvpn.devel/7435
Signed-off-by: Gert Doering <gert@greenie.muc.de>
... | ... |
@@ -401,7 +401,7 @@ init_key_type (struct key_type *kt, const char *ciphername, |
401 | 401 |
CLEAR (*kt); |
402 | 402 |
if (ciphername && ciphername_defined) |
403 | 403 |
{ |
404 |
- kt->cipher = cipher_kt_get (ciphername); |
|
404 |
+ kt->cipher = cipher_kt_get (translate_cipher_name_from_openvpn(ciphername)); |
|
405 | 405 |
kt->cipher_length = cipher_kt_key_size (kt->cipher); |
406 | 406 |
if (keysize > 0 && keysize <= MAX_CIPHER_KEY_LENGTH) |
407 | 407 |
kt->cipher_length = keysize; |
... | ... |
@@ -63,6 +63,18 @@ void crypto_init_lib_engine (const char *engine_name); |
63 | 63 |
void crypto_init_dmalloc (void); |
64 | 64 |
#endif /* DMALLOC */ |
65 | 65 |
|
66 |
+/** |
|
67 |
+ * Translate a data channel cipher name from the OpenVPN config file |
|
68 |
+ * 'language' to the crypto library specific name. |
|
69 |
+ */ |
|
70 |
+const char * translate_cipher_name_from_openvpn (const char *cipher_name); |
|
71 |
+ |
|
72 |
+/** |
|
73 |
+ * Translate a data channel cipher name from the crypto library specific name |
|
74 |
+ * to the OpenVPN config file 'language'. |
|
75 |
+ */ |
|
76 |
+const char * translate_cipher_name_from_openvpn (const char *cipher_name); |
|
77 |
+ |
|
66 | 78 |
void show_available_ciphers (void); |
67 | 79 |
|
68 | 80 |
void show_available_digests (void); |
... | ... |
@@ -281,6 +281,18 @@ crypto_init_dmalloc (void) |
281 | 281 |
} |
282 | 282 |
#endif /* DMALLOC */ |
283 | 283 |
|
284 |
+const char * |
|
285 |
+translate_cipher_name_from_openvpn (const char *cipher_name) { |
|
286 |
+ // OpenSSL doesn't require any translation |
|
287 |
+ return cipher_name; |
|
288 |
+} |
|
289 |
+ |
|
290 |
+const char * |
|
291 |
+translate_cipher_name_to_openvpn (const char *cipher_name) { |
|
292 |
+ // OpenSSL doesn't require any translation |
|
293 |
+ return cipher_name; |
|
294 |
+} |
|
295 |
+ |
|
284 | 296 |
void |
285 | 297 |
show_available_ciphers () |
286 | 298 |
{ |
... | ... |
@@ -94,6 +94,53 @@ crypto_init_dmalloc (void) |
94 | 94 |
} |
95 | 95 |
#endif /* DMALLOC */ |
96 | 96 |
|
97 |
+typedef struct { const char * openvpn_name; const char * polarssl_name; } cipher_name_pair; |
|
98 |
+cipher_name_pair cipher_name_translation_table[] = { |
|
99 |
+ { "BF-CBC", "BLOWFISH-CBC" }, |
|
100 |
+ { "BF-CFB", "BLOWFISH-CFB64" }, |
|
101 |
+ { "CAMELLIA-128-CFB", "CAMELLIA-128-CFB128" }, |
|
102 |
+ { "CAMELLIA-192-CFB", "CAMELLIA-192-CFB128" }, |
|
103 |
+ { "CAMELLIA-256-CFB", "CAMELLIA-256-CFB128" } |
|
104 |
+}; |
|
105 |
+ |
|
106 |
+const cipher_name_pair * |
|
107 |
+get_cipher_name_pair(const char *cipher_name) { |
|
108 |
+ cipher_name_pair *pair; |
|
109 |
+ size_t i = 0; |
|
110 |
+ |
|
111 |
+ /* Search for a cipher name translation */ |
|
112 |
+ for (; i < sizeof (cipher_name_translation_table) / sizeof (*cipher_name_translation_table); i++) |
|
113 |
+ { |
|
114 |
+ pair = &cipher_name_translation_table[i]; |
|
115 |
+ if (0 == strcmp (cipher_name, pair->openvpn_name) || |
|
116 |
+ 0 == strcmp (cipher_name, pair->polarssl_name)) |
|
117 |
+ return pair; |
|
118 |
+ } |
|
119 |
+ |
|
120 |
+ /* Nothing found, return null */ |
|
121 |
+ return NULL; |
|
122 |
+} |
|
123 |
+ |
|
124 |
+const char * |
|
125 |
+translate_cipher_name_from_openvpn (const char *cipher_name) { |
|
126 |
+ const cipher_name_pair *pair = get_cipher_name_pair(cipher_name); |
|
127 |
+ |
|
128 |
+ if (NULL == pair) |
|
129 |
+ return cipher_name; |
|
130 |
+ |
|
131 |
+ return pair->polarssl_name; |
|
132 |
+} |
|
133 |
+ |
|
134 |
+const char * |
|
135 |
+translate_cipher_name_to_openvpn (const char *cipher_name) { |
|
136 |
+ const cipher_name_pair *pair = get_cipher_name_pair(cipher_name); |
|
137 |
+ |
|
138 |
+ if (NULL == pair) |
|
139 |
+ return cipher_name; |
|
140 |
+ |
|
141 |
+ return pair->openvpn_name; |
|
142 |
+} |
|
143 |
+ |
|
97 | 144 |
void |
98 | 145 |
show_available_ciphers () |
99 | 146 |
{ |
... | ... |
@@ -114,7 +161,7 @@ show_available_ciphers () |
114 | 114 |
|
115 | 115 |
if (info && info->mode == POLARSSL_MODE_CBC) |
116 | 116 |
printf ("%s %d bit default key\n", |
117 |
- info->name, cipher_kt_key_size(info) * 8); |
|
117 |
+ cipher_kt_name(info), cipher_kt_key_size(info) * 8); |
|
118 | 118 |
|
119 | 119 |
ciphers++; |
120 | 120 |
} |
... | ... |
@@ -331,7 +378,8 @@ cipher_kt_name (const cipher_info_t *cipher_kt) |
331 | 331 |
{ |
332 | 332 |
if (NULL == cipher_kt) |
333 | 333 |
return "[null-cipher]"; |
334 |
- return cipher_kt->name; |
|
334 |
+ |
|
335 |
+ return translate_cipher_name_to_openvpn(cipher_kt->name); |
|
335 | 336 |
} |
336 | 337 |
|
337 | 338 |
int |