Sine there's --auth gost-mac, using HMAC throughout the code is misleading. Especially in the crypto code itself.
This changes function and variable names as well as comments to use the more generic MAC instead. Signed-off-by: Heiko Hund <heiko.h...@sophos.com> --- doc/openvpn.8 | 46 ++++++------- sample/sample-config-files/server.conf | 2 +- src/openvpn/crypto.c | 118 ++++++++++++++++---------------- src/openvpn/crypto.h | 42 ++++++------ src/openvpn/crypto_backend.h | 58 ++++++++-------- src/openvpn/crypto_openssl.c | 42 ++++++------ src/openvpn/crypto_openssl.h | 6 +- src/openvpn/crypto_polarssl.c | 22 +++--- src/openvpn/crypto_polarssl.h | 4 +- src/openvpn/forward.c | 4 +- src/openvpn/forward.h | 2 +- src/openvpn/init.c | 2 +- src/openvpn/ntlm.c | 10 +-- src/openvpn/openvpn.h | 8 +-- src/openvpn/options.c | 2 +- src/openvpn/ssl.c | 94 ++++++++++++------------- src/openvpn/ssl.h | 12 ++-- src/openvpn/ssl_common.h | 4 +- 18 files changed, 239 insertions(+), 239 deletions(-) diff --git a/doc/openvpn.8 b/doc/openvpn.8 index d967ebd..c10283c 100644 --- a/doc/openvpn.8 +++ b/doc/openvpn.8 @@ -3565,14 +3565,14 @@ which was generated with The optional .B direction parameter enables the use of 4 distinct keys -(HMAC-send, cipher-encrypt, HMAC-receive, cipher-decrypt), so that -each data flow direction has a different set of HMAC and cipher keys. +(MAC-send, cipher-encrypt, MAC-receive, cipher-decrypt), so that +each data flow direction has a different set of MAC and cipher keys. This has a number of desirable security properties including eliminating certain kinds of DoS and message replay attacks. When the .B direction -parameter is omitted, 2 keys are used bidirectionally, one for HMAC +parameter is omitted, 2 keys are used bidirectionally, one for MAC and the other for encryption/decryption. The @@ -3622,25 +3622,25 @@ but random-looking data. .\"********************************************************* .TP .B \-\-auth alg -Authenticate packets with HMAC using message -digest algorithm +Authenticate packets with a message authentication algorithm (MAC) using +message digest algorithm .B alg. (The default is .B SHA1 ). -HMAC is a commonly used message authentication algorithm (MAC) that uses +The commonly used message authentication algorithm is HMAC that uses a data string, a secure hash algorithm, and a key, to produce a digital signature. -OpenVPN's usage of HMAC is to first encrypt a packet, then HMAC the resulting ciphertext. +OpenVPN's usage of the MAC is to first encrypt a packet, then MAC the resulting ciphertext. -In static-key encryption mode, the HMAC key +In static-key encryption mode, the MAC key is included in the key file generated by .B \-\-genkey. -In TLS mode, the HMAC key is dynamically generated and shared +In TLS mode, the MAC key is dynamically generated and shared between peers via the TLS control channel. If OpenVPN receives a packet with -a bad HMAC it will drop the packet. -HMAC usually adds 16 or 20 bytes per packet. +a bad MAC it will drop the packet. +MACs usually adds 16 or 20 bytes per packet. Set .B alg=none to disable authentication. @@ -3945,12 +3945,12 @@ TLS mode is the most powerful crypto mode of OpenVPN in both security and flexib TLS mode works by establishing control and data channels which are multiplexed over a single TCP/UDP port. OpenVPN initiates a TLS session over the control channel and uses it to exchange cipher -and HMAC keys to protect the data channel. TLS mode uses a robust reliability +and MAC keys to protect the data channel. TLS mode uses a robust reliability layer over the UDP connection for all control channel communication, while the data channel, over which encrypted tunnel data passes, is forwarded without any mediation. The result is the best of both worlds: a fast data channel that forwards over UDP with only the overhead of encrypt, -decrypt, and HMAC functions, +decrypt, and MAC functions, and a control channel that provides all of the security features of TLS, including certificate-based authentication and Diffie Hellman forward secrecy. @@ -4226,7 +4226,7 @@ for protecting the tunnel data channel is generated and exchanged over the TLS session. In method 1 (the default for OpenVPN 1.x), both sides generate -random encrypt and HMAC-send keys which are forwarded to +random encrypt and MAC-send keys which are forwarded to the other host over the TLS channel. In method 2, (the default for OpenVPN 2.0) @@ -4364,14 +4364,14 @@ Exit on TLS negotiation failure. .\"********************************************************* .TP .B \-\-tls-auth file [direction] -Add an additional layer of HMAC authentication on top of the TLS +Add an additional layer of MAC authentication on top of the TLS control channel to protect against DoS attacks. In a nutshell, .B \-\-tls-auth -enables a kind of "HMAC firewall" on OpenVPN's TCP/UDP port, +enables a kind of "MAC firewall" on OpenVPN's TCP/UDP port, where TLS control channel packets -bearing an incorrect HMAC signature can be dropped immediately without +bearing an incorrect MAC signature can be dropped immediately without response. .B file @@ -4385,7 +4385,7 @@ An OpenVPN static key file generated by parameter is used). .B (2) -A freeform passphrase file. In this case the HMAC key will +A freeform passphrase file. In this case the MAC key will be derived by taking a secure hash of this file, similar to the .BR md5sum (1) @@ -4430,14 +4430,14 @@ fallen to buffer overflow attacks. So as a second line of defense, OpenVPN offers this special layer of authentication on top of the TLS control channel so that every packet on the control channel is authenticated by an -HMAC signature and a unique ID for replay protection. +MAC signature and a unique ID for replay protection. This signature will also help protect against DoS (Denial of Service) attacks. An important rule of thumb in reducing vulnerability to DoS attacks is to minimize the amount of resources a potential, but as yet unauthenticated, client is able to consume. .B \-\-tls-auth -does this by signing every TLS control channel packet with an HMAC signature, +does this by signing every TLS control channel packet with an MAC signature, including packets which are sent before the TLS level has had a chance to authenticate the peer. The result is that packets without @@ -6214,9 +6214,9 @@ packets. On Linux 2.4+: This will allow incoming packets on UDP port 1194 (OpenVPN's default UDP port) from an OpenVPN peer at 1.2.3.4. -If you are using HMAC-based packet authentication (the default in any of +If you are using MAC-based packet authentication (the default in any of OpenVPN's secure modes), having the firewall filter on source -address can be considered optional, since HMAC packet authentication +address can be considered optional, since MAC packet authentication is a much more secure method of verifying the authenticity of a packet source. In that case: .IP @@ -6263,7 +6263,7 @@ other hosts on the local network. These rules are secure if you use packet authentication, since no incoming packets will arrive on a TUN or TAP virtual device -unless they first pass an HMAC authentication test. +unless they first pass an MAC authentication test. .\"********************************************************* .SH FAQ .I http://openvpn.net/faq.html diff --git a/sample/sample-config-files/server.conf b/sample/sample-config-files/server.conf index f483b6b..60d1355 100644 --- a/sample/sample-config-files/server.conf +++ b/sample/sample-config-files/server.conf @@ -226,7 +226,7 @@ ifconfig-pool-persist ipp.txt keepalive 10 120 # For extra security beyond that provided -# by SSL/TLS, create an "HMAC firewall" +# by SSL/TLS, create an "MAC firewall" # to help block DoS attacks and UDP port flooding. # # Generate with: diff --git a/src/openvpn/crypto.c b/src/openvpn/crypto.c index f86c83a..fb935ba 100644 --- a/src/openvpn/crypto.c +++ b/src/openvpn/crypto.c @@ -177,16 +177,16 @@ openvpn_encrypt (struct buffer *buf, struct buffer work, work = *buf; } - /* HMAC the ciphertext (or plaintext if !cipher) */ - if (ctx->hmac) + /* MAC the ciphertext (or plaintext if !cipher) */ + if (ctx->mac) { uint8_t *output = NULL; - hmac_ctx_reset (ctx->hmac); - hmac_ctx_update (ctx->hmac, BPTR(&work), BLEN(&work)); - output = buf_prepend (&work, hmac_ctx_size(ctx->hmac)); + mac_ctx_reset (ctx->mac); + mac_ctx_update (ctx->mac, BPTR (&work), BLEN (&work)); + output = buf_prepend (&work, mac_ctx_size (ctx->mac)); ASSERT (output); - hmac_ctx_final (ctx->hmac, output); + mac_ctx_final (ctx->mac, output); } *buf = work; @@ -225,29 +225,29 @@ openvpn_decrypt (struct buffer *buf, struct buffer work, struct packet_id_net pin; bool have_pin = false; - /* Verify the HMAC */ - if (ctx->hmac) + /* Verify the MAC */ + if (ctx->mac) { - int hmac_len; - uint8_t local_hmac[MAX_HMAC_KEY_LENGTH]; /* HMAC of ciphertext computed locally */ + int mac_len; + uint8_t local_mac[MAX_MAC_KEY_LENGTH]; /* MAC of ciphertext computed locally */ - hmac_ctx_reset(ctx->hmac); + mac_ctx_reset(ctx->mac); - /* Assume the length of the input HMAC */ - hmac_len = hmac_ctx_size (ctx->hmac); + /* Assume the length of the input MAC */ + mac_len = mac_ctx_size (ctx->mac); - /* Authentication fails if insufficient data in packet for HMAC */ - if (buf->len < hmac_len) + /* Authentication fails if insufficient data in packet for MAC */ + if (buf->len < mac_len) CRYPT_ERROR ("missing authentication info"); - hmac_ctx_update (ctx->hmac, BPTR (buf) + hmac_len, BLEN (buf) - hmac_len); - hmac_ctx_final (ctx->hmac, local_hmac); + mac_ctx_update (ctx->mac, BPTR (buf) + mac_len, BLEN (buf) - mac_len); + mac_ctx_final (ctx->mac, local_mac); - /* Compare locally computed HMAC with packet HMAC */ - if (memcmp (local_hmac, BPTR (buf), hmac_len)) - CRYPT_ERROR ("packet HMAC authentication failed"); + /* Compare locally computed MAC with packet MAC */ + if (memcmp (local_mac, BPTR (buf), mac_len)) + CRYPT_ERROR ("packet MAC authentication failed"); - ASSERT (buf_advance (buf, hmac_len)); + ASSERT (buf_advance (buf, mac_len)); } /* Decrypt packet ID + payload */ @@ -386,7 +386,7 @@ crypto_adjust_frame_parameters(struct frame *frame, (packet_id ? packet_id_size (packet_id_long_form) : 0) + ((cipher_defined && use_iv) ? cipher_kt_iv_size (kt->cipher) : 0) + (cipher_defined ? cipher_kt_block_size (kt->cipher) : 0) + /* worst case padding expansion */ - kt->hmac_length); + kt->mac_length); } /* @@ -429,8 +429,8 @@ init_key_type (struct key_type *kt, const char *ciphername, if (authname && authname_defined) { kt->digest = md_kt_get (authname); - kt->hmac_length = md_kt_size (kt->digest); - kt->hmac_key_length = hmac_key_size (kt->digest); + kt->mac_length = md_kt_size (kt->digest); + kt->mac_key_length = mac_key_size (kt->digest); } else { @@ -466,22 +466,22 @@ init_key_ctx (struct key_ctx *ctx, struct key *key, cipher_kt_block_size(kt->cipher), cipher_kt_iv_size(kt->cipher)); } - if (kt->digest && kt->hmac_key_length > 0) + if (kt->digest && kt->mac_key_length > 0) { - ALLOC_OBJ(ctx->hmac, hmac_ctx_t); - hmac_ctx_init (ctx->hmac, key->hmac, kt->hmac_key_length, kt->digest); + ALLOC_OBJ(ctx->mac, mac_ctx_t); + mac_ctx_init (ctx->mac, key->mac, kt->mac_key_length, kt->digest); msg (D_HANDSHAKE, - "%s: Using %d bit message hash '%s' for HMAC authentication", + "%s: Using %d bit message hash '%s' for MAC authentication", prefix, md_kt_size(kt->digest) * 8, md_kt_name(kt->digest)); - dmsg (D_SHOW_KEYS, "%s: HMAC KEY: %s", prefix, - format_hex (key->hmac, kt->hmac_key_length, 0, &gc)); + dmsg (D_SHOW_KEYS, "%s: MAC KEY: %s", prefix, + format_hex (key->mac, kt->mac_key_length, 0, &gc)); - dmsg (D_CRYPTO_DEBUG, "%s: HMAC size=%d block_size=%d", + dmsg (D_CRYPTO_DEBUG, "%s: MAC size=%d block_size=%d", prefix, md_kt_size(kt->digest), - hmac_ctx_size(ctx->hmac)); + mac_ctx_size(ctx->mac)); } gc_free (&gc); @@ -496,11 +496,11 @@ free_key_ctx (struct key_ctx *ctx) free(ctx->cipher); ctx->cipher = NULL; } - if (ctx->hmac) + if (ctx->mac) { - hmac_ctx_cleanup(ctx->hmac); - free(ctx->hmac); - ctx->hmac = NULL; + mac_ctx_cleanup (ctx->mac); + free (ctx->mac); + ctx->mac = NULL; } } @@ -611,7 +611,7 @@ void generate_key_random (struct key *key, const struct key_type *kt) { int cipher_len = MAX_CIPHER_KEY_LENGTH; - int hmac_key_len = MAX_HMAC_KEY_LENGTH; + int mac_key_len = MAX_MAC_KEY_LENGTH; struct gc_arena gc = gc_new (); @@ -622,15 +622,15 @@ generate_key_random (struct key *key, const struct key_type *kt) if (kt->cipher && kt->cipher_length > 0 && kt->cipher_length <= cipher_len) cipher_len = kt->cipher_length; - if (kt->digest && kt->hmac_key_length > 0 && kt->hmac_key_length <= hmac_key_len) - hmac_key_len = kt->hmac_key_length; + if (kt->digest && kt->mac_key_length > 0 && kt->mac_key_length <= mac_key_len) + mac_key_len = kt->mac_key_length; } if (!rand_bytes (key->cipher, cipher_len) - || !rand_bytes (key->hmac, hmac_key_len)) + || !rand_bytes (key->mac, mac_key_len)) msg (M_FATAL, "ERROR: Random number generator cannot obtain entropy for key generation"); dmsg (D_SHOW_KEY_SOURCE, "Cipher source entropy: %s", format_hex (key->cipher, cipher_len, 0, &gc)); - dmsg (D_SHOW_KEY_SOURCE, "HMAC source entropy: %s", format_hex (key->hmac, hmac_key_len, 0, &gc)); + dmsg (D_SHOW_KEY_SOURCE, "MAC source entropy: %s", format_hex (key->mac, mac_key_len, 0, &gc)); if (kt) fixup_key (key, kt); @@ -653,15 +653,15 @@ key2_print (const struct key2* k, dmsg (D_SHOW_KEY_SOURCE, "%s (cipher): %s", prefix0, format_hex (k->keys[0].cipher, kt->cipher_length, 0, &gc)); - dmsg (D_SHOW_KEY_SOURCE, "%s (hmac): %s", + dmsg (D_SHOW_KEY_SOURCE, "%s (mac): %s", prefix0, - format_hex (k->keys[0].hmac, kt->hmac_key_length, 0, &gc)); + format_hex (k->keys[0].mac, kt->mac_key_length, 0, &gc)); dmsg (D_SHOW_KEY_SOURCE, "%s (cipher): %s", prefix1, format_hex (k->keys[1].cipher, kt->cipher_length, 0, &gc)); - dmsg (D_SHOW_KEY_SOURCE, "%s (hmac): %s", + dmsg (D_SHOW_KEY_SOURCE, "%s (mac): %s", prefix1, - format_hex (k->keys[1].hmac, kt->hmac_key_length, 0, &gc)); + format_hex (k->keys[1].mac, kt->mac_key_length, 0, &gc)); gc_free (&gc); } @@ -728,7 +728,7 @@ get_tls_handshake_key (const struct key_type *key_type, const int key_direction, const unsigned int flags) { - if (passphrase_file && key_type->hmac_key_length) + if (passphrase_file && key_type->mac_key_length) { struct key2 key2; struct key_type kt = *key_type; @@ -770,9 +770,9 @@ get_tls_handshake_key (const struct key_type *key_type, /* failed, now try to get hash from a freeform file */ hash_key_size = read_passphrase_hash (passphrase_file, kt.digest, - key2.keys[0].hmac, - MAX_HMAC_KEY_LENGTH); - ASSERT (hash_key_size == kt.hmac_key_length); + key2.keys[0].mac, + MAX_MAC_KEY_LENGTH); + ASSERT (hash_key_size == kt.mac_key_length); /* suceeded */ key2.n = 1; @@ -787,7 +787,7 @@ get_tls_handshake_key (const struct key_type *key_type, key_direction_state_init (&kds, key_direction); must_have_n_keys (passphrase_file, "tls-auth", &key2, kds.need_keys); - /* initialize hmac key in both directions */ + /* initialize MAC key in both directions */ init_key_ctx (&ctx->encrypt, &key2.keys[kds.out_key], &kt, OPENVPN_OP_ENCRYPT, "Outgoing Control Channel Authentication"); @@ -1224,15 +1224,15 @@ write_key (const struct key *key, const struct key_type *kt, struct buffer *buf) { ASSERT (kt->cipher_length <= MAX_CIPHER_KEY_LENGTH - && kt->hmac_key_length <= MAX_HMAC_KEY_LENGTH); + && kt->mac_key_length <= MAX_MAC_KEY_LENGTH); if (!buf_write (buf, &kt->cipher_length, 1)) return false; - if (!buf_write (buf, &kt->hmac_key_length, 1)) + if (!buf_write (buf, &kt->mac_key_length, 1)) return false; if (!buf_write (buf, key->cipher, kt->cipher_length)) return false; - if (!buf_write (buf, key->hmac, kt->hmac_key_length)) + if (!buf_write (buf, key->mac, kt->mac_key_length)) return false; return true; @@ -1248,20 +1248,20 @@ int read_key (struct key *key, const struct key_type *kt, struct buffer *buf) { uint8_t cipher_length; - uint8_t hmac_key_length; + uint8_t mac_key_length; CLEAR (*key); if (!buf_read (buf, &cipher_length, 1)) goto read_err; - if (!buf_read (buf, &hmac_key_length, 1)) + if (!buf_read (buf, &mac_key_length, 1)) goto read_err; if (!buf_read (buf, key->cipher, cipher_length)) goto read_err; - if (!buf_read (buf, key->hmac, hmac_key_length)) + if (!buf_read (buf, key->mac, mac_key_length)) goto read_err; - if (cipher_length != kt->cipher_length || hmac_key_length != kt->hmac_key_length) + if (cipher_length != kt->cipher_length || mac_key_length != kt->mac_key_length) goto key_len_err; return 1; @@ -1272,8 +1272,8 @@ read_err: key_len_err: msg (D_TLS_ERRORS, - "TLS Error: key length mismatch, local cipher/hmac %d/%d, remote cipher/hmac %d/%d", - kt->cipher_length, kt->hmac_key_length, cipher_length, hmac_key_length); + "TLS Error: key length mismatch, local cipher/mac %d/%d, remote cipher/mac %d/%d", + kt->cipher_length, kt->mac_key_length, cipher_length, mac_key_length); return 0; } diff --git a/src/openvpn/crypto.h b/src/openvpn/crypto.h index 6f91b6f..2c34db2 100644 --- a/src/openvpn/crypto.h +++ b/src/openvpn/crypto.h @@ -41,38 +41,38 @@ #include "mtu.h" /* - * Defines a key type and key length for both cipher and HMAC. + * Defines a key type and key length for both cipher and MAC. */ struct key_type { uint8_t cipher_length; /**< Cipher length, in bytes */ - uint8_t hmac_length; /**< HMAC length, in bytes */ - uint8_t hmac_key_length; /**< HMAC key length, in bytes */ + uint8_t mac_length; /**< MAC length, in bytes */ + uint8_t mac_key_length; /**< MAC key length, in bytes */ const cipher_kt_t *cipher; /**< Cipher static parameters */ const md_kt_t *digest; /**< Message digest static parameters */ }; /** - * Container for unidirectional cipher and HMAC %key material. + * Container for unidirectional cipher and MAC %key material. * @ingroup control_processor */ struct key { uint8_t cipher[MAX_CIPHER_KEY_LENGTH]; /**< %Key material for cipher operations. */ - uint8_t hmac[MAX_HMAC_KEY_LENGTH]; - /**< %Key material for HMAC operations. */ + uint8_t mac[MAX_MAC_KEY_LENGTH]; + /**< %Key material for MAC operations. */ }; /** - * Container for one set of OpenSSL cipher and/or HMAC contexts. + * Container for one set of OpenSSL cipher and/or MAC contexts. * @ingroup control_processor */ struct key_ctx { cipher_ctx_t *cipher; /**< Generic cipher %context. */ - hmac_ctx_t *hmac; /**< Generic HMAC %context. */ + mac_ctx_t *mac; /**< Generic MAC %context. */ }; #define KEY_DIRECTION_BIDIRECTIONAL 0 /* same keys for both directions */ @@ -80,7 +80,7 @@ struct key_ctx #define KEY_DIRECTION_INVERSE 2 /* encrypt with keys[1], decrypt with keys[0] */ /** - * Container for bidirectional cipher and HMAC %key material. + * Container for bidirectional cipher and MAC %key material. * @ingroup control_processor */ struct key2 @@ -117,15 +117,15 @@ struct key_direction_state }; /** - * Container for two sets of OpenSSL cipher and/or HMAC contexts for both + * Container for two sets of OpenSSL cipher and/or MAC contexts for both * sending and receiving directions. * @ingroup control_processor */ struct key_ctx_bi { - struct key_ctx encrypt; /**< OpenSSL cipher and/or HMAC contexts + struct key_ctx encrypt; /**< OpenSSL cipher and/or MAC contexts * for sending direction. */ - struct key_ctx decrypt; /**< OpenSSL cipher and/or HMAC contexts + struct key_ctx decrypt; /**< OpenSSL cipher and/or MAC contexts * for receiving direction. */ }; @@ -136,7 +136,7 @@ struct key_ctx_bi struct crypto_options { struct key_ctx_bi *key_ctx_bi; - /**< OpenSSL cipher and HMAC contexts for + /**< OpenSSL cipher and MAC contexts for * both sending and receiving * directions. */ struct packet_id *packet_id; /**< Current packet ID state for both @@ -214,17 +214,17 @@ void free_key_ctx_bi (struct key_ctx_bi *ctx); * @{ */ /** - * Encrypt and HMAC sign a packet so that it can be sent as a data channel + * Encrypt and MAC sign a packet so that it can be sent as a data channel * VPN tunnel packet to a remote OpenVPN peer. * @ingroup data_crypto * - * This function handles encryption and HMAC signing of a data channel + * This function handles encryption and MAC signing of a data channel * packet before it is sent to its remote OpenVPN peer. It receives the * necessary security parameters in the \a opt argument, which should have * been set to the correct values by the \c tls_pre_encrypt() function. * - * This function calls the \c EVP_Cipher* and \c HMAC_* functions of the - * OpenSSL library to perform the actual security operations. + * This function calls the \c cipher_* and \c mac_* functions of the + * crypto backend to perform the actual security operations. * * If an error occurs during processing, then the \a buf %buffer is set to * empty. @@ -246,7 +246,7 @@ void openvpn_encrypt (struct buffer *buf, struct buffer work, /** - * HMAC verify and decrypt a data channel packet received from a remote + * MAC verify and decrypt a data channel packet received from a remote * OpenVPN peer. * @ingroup data_crypto * @@ -255,8 +255,8 @@ void openvpn_encrypt (struct buffer *buf, struct buffer work, * security parameters in the \a opt argument, which should have been set * to the correct values by the \c tls_pre_decrypt() function. * - * This function calls the \c EVP_Cipher* and \c HMAC_* functions of the - * OpenSSL library to perform the actual security operations. + * This function calls the \c cipher_* and \c mac_* functions of the + * crypto backend to perform the actual security operations. * * If an error occurs during processing, then the \a buf %buffer is set to * empty. @@ -391,7 +391,7 @@ bool md5_digest_equal (const struct md5_digest *d1, const struct md5_digest *d2) static inline bool key_ctx_bi_defined(const struct key_ctx_bi* key) { - return key->encrypt.cipher || key->encrypt.hmac || key->decrypt.cipher || key->decrypt.hmac; + return key->encrypt.cipher || key->encrypt.mac || key->decrypt.cipher || key->decrypt.mac; } diff --git a/src/openvpn/crypto_backend.h b/src/openvpn/crypto_backend.h index deff011..1c9a7f3 100644 --- a/src/openvpn/crypto_backend.h +++ b/src/openvpn/crypto_backend.h @@ -335,18 +335,18 @@ int cipher_ctx_final (cipher_ctx_t *ctx, uint8_t *dst, int *dst_len); */ /* - * Max size in bytes of any HMAC key that might conceivably be used. + * Max size in bytes of any MAC key that might conceivably be used. * * This value is checked at compile time in crypto.c to make sure * it is always at least EVP_MAX_MD_SIZE. We define our own value * for the same reason as above. */ -#define MAX_HMAC_KEY_LENGTH 64 +#define MAX_MAC_KEY_LENGTH 64 /** * Return message digest parameters, based on the given digest name. The * contents of these parameters are library-specific, and can be used to - * initialise HMAC or message digest operations. + * initialise MAC or message digest operations. * * @param digest Name of the digest to retrieve parameters for (e.g. * \c MD5). @@ -438,70 +438,70 @@ void md_ctx_final (md_ctx_t *ctx, uint8_t *dst); /* * - * Generic HMAC functions + * Generic MAC functions * */ /* - * Returns the size of the HMAC key by the given message digest. + * Returns the size of the MAC key by the given message digest. * * @param ctx Message digest context. May not be NULL. * - * @return Size of the HMAC key in bytes. + * @return Size of the MAC key in bytes. */ -int hmac_key_size (const md_kt_t *ctx); +int mac_key_size (const md_kt_t *ctx); /* - * Initialises the given HMAC context, using the given digest + * Initialises the given MAC context, using the given digest * and key. * - * @param ctx HMAC context to intialise - * @param key The key to use for the HMAC + * @param ctx MAC context to intialise + * @param key The key to use for the MAC * @param key_len The key length to use * @param kt Static message digest parameters * */ -void hmac_ctx_init (hmac_ctx_t *ctx, const uint8_t *key, int key_length, +void mac_ctx_init (mac_ctx_t *ctx, const uint8_t *key, int key_length, const md_kt_t *kt); /* - * Free the given HMAC context. + * Free the given MAC context. * - * @param ctx HMAC context + * @param ctx MAC context */ -void hmac_ctx_cleanup(hmac_ctx_t *ctx); +void mac_ctx_cleanup(mac_ctx_t *ctx); /* - * Returns the size of the HMAC output by the given HMAC Context + * Returns the size of the MAC output by the given MAC Context * - * @param ctx HMAC context. + * @param ctx MAC context. * - * @return Size of the HMAC, or \0 if ctx is NULL. + * @return Size of the MAC, or \0 if ctx is NULL. */ -int hmac_ctx_size (const hmac_ctx_t *ctx); +int mac_ctx_size (const mac_ctx_t *ctx); /* - * Resets the given HMAC context, preserving the associated key information + * Resets the given MAC context, preserving the associated key information * - * @param ctx HMAC context. May not be NULL. + * @param ctx MAC context. May not be NULL. */ -void hmac_ctx_reset (hmac_ctx_t *ctx); +void mac_ctx_reset (mac_ctx_t *ctx); /* - * Process the given data for use in the HMAC. + * Process the given data for use in the MAC. * - * @param ctx HMAC context. May not be NULL. - * @param src The buffer to HMAC. May not be NULL. + * @param ctx MAC context. May not be NULL. + * @param src The buffer to MAC. May not be NULL. * @param src_len The length of the incoming buffer. */ -void hmac_ctx_update (hmac_ctx_t *ctx, const uint8_t *src, int src_len); +void mac_ctx_update (mac_ctx_t *ctx, const uint8_t *src, int src_len); /* - * Output the HMAC to the given buffer. + * Output the MAC to the given buffer. * - * @param ctx HMAC context. May not be NULL. - * @param dst buffer to write the HMAC to. May not be NULL. + * @param ctx MAC context. May not be NULL. + * @param dst buffer to write the MAC to. May not be NULL. */ -void hmac_ctx_final (hmac_ctx_t *ctx, uint8_t *dst); +void mac_ctx_final (mac_ctx_t *ctx, uint8_t *dst); #endif /* CRYPTO_BACKEND_H_ */ diff --git a/src/openvpn/crypto_openssl.c b/src/openvpn/crypto_openssl.c index b5f3cef..33ad1da 100644 --- a/src/openvpn/crypto_openssl.c +++ b/src/openvpn/crypto_openssl.c @@ -53,8 +53,8 @@ #warning Some OpenSSL EVP ciphers now support key lengths greater than MAX_CIPHER_KEY_LENGTH -- consider increasing MAX_CIPHER_KEY_LENGTH #endif -#if MAX_HMAC_KEY_LENGTH < EVP_MAX_MD_SIZE -#warning Some OpenSSL HMAC message digests now support key lengths greater than MAX_HMAC_KEY_LENGTH -- consider increasing MAX_HMAC_KEY_LENGTH +#if MAX_MAC_KEY_LENGTH < EVP_MAX_MD_SIZE +#warning Some OpenSSL MAC message digests now support key lengths greater than MAX_MAC_KEY_LENGTH -- consider increasing MAX_MAC_KEY_LENGTH #endif /* @@ -336,7 +336,7 @@ show_available_digests () #ifndef ENABLE_SMALL printf ("The following message digests are available for use with\n" PACKAGE_NAME ". A message digest is used in conjunction with\n" - "the HMAC function, to authenticate received packets.\n" + "the MAC function, to authenticate received packets.\n" "You can specify a message digest as parameter to\n" "the --auth option.\n\n"); #endif @@ -633,11 +633,11 @@ md_kt_get (const char *digest) md = EVP_get_digestbyname (digest); if (!md) msg (M_SSLERR, "Message hash algorithm '%s' not found", digest); - if (EVP_MD_size (md) > MAX_HMAC_KEY_LENGTH) + if (EVP_MD_size (md) > MAX_MAC_KEY_LENGTH) msg (M_FATAL, "Message hash algorithm '%s' uses a default hash size (%d bytes) which is larger than " PACKAGE_NAME "'s current maximum hash size (%d bytes)", digest, EVP_MD_size (md), - MAX_HMAC_KEY_LENGTH); + MAX_MAC_KEY_LENGTH); return md; } @@ -710,14 +710,14 @@ md_ctx_final (EVP_MD_CTX *ctx, uint8_t *dst) /* * - * Generic HMAC functions + * Generic MAC functions * */ #if SSLEAY_VERSION_NUMBER >= 0x10000000L int -hmac_key_size (const EVP_MD *kt) +mac_key_size (const EVP_MD *kt) { if (NULL == kt) return 0; @@ -725,7 +725,7 @@ hmac_key_size (const EVP_MD *kt) } void -hmac_ctx_init (EVP_MD_CTX *ctx, const uint8_t *key, int key_len, +mac_ctx_init (EVP_MD_CTX *ctx, const uint8_t *key, int key_len, const EVP_MD *kt) { int pkey_id; @@ -741,41 +741,41 @@ hmac_ctx_init (EVP_MD_CTX *ctx, const uint8_t *key, int key_len, } void -hmac_ctx_cleanup (EVP_MD_CTX *ctx) +mac_ctx_cleanup (EVP_MD_CTX *ctx) { /* frees the key implicitly */ EVP_MD_CTX_cleanup (ctx); } int -hmac_ctx_size (const EVP_MD_CTX *ctx) +mac_ctx_size (const EVP_MD_CTX *ctx) { return EVP_MD_CTX_size (ctx); } void -hmac_ctx_reset (EVP_MD_CTX *ctx) +mac_ctx_reset (EVP_MD_CTX *ctx) { EVP_DigestInit_ex (ctx, EVP_MD_CTX_md (ctx), NULL); } void -hmac_ctx_update (EVP_MD_CTX *ctx, const uint8_t *src, int src_len) +mac_ctx_update (EVP_MD_CTX *ctx, const uint8_t *src, int src_len) { EVP_DigestSignUpdate (ctx, src, src_len); } void -hmac_ctx_final (EVP_MD_CTX *ctx, uint8_t *dst) +mac_ctx_final (EVP_MD_CTX *ctx, uint8_t *dst) { - size_t mac_len = hmac_ctx_size (ctx); + size_t mac_len = mac_ctx_size (ctx); EVP_DigestSignFinal (ctx, dst, &mac_len); } #else /* SSLEAY_VERSION_NUMBER >= 0x10000000L */ int -hmac_key_size (const EVP_MD *kt) +mac_key_size (const EVP_MD *kt) { if (NULL == kt) return 0; @@ -783,7 +783,7 @@ hmac_key_size (const EVP_MD *kt) } void -hmac_ctx_init (HMAC_CTX *ctx, const uint8_t *key, int key_len, +mac_ctx_init (HMAC_CTX *ctx, const uint8_t *key, int key_len, const EVP_MD *kt) { ASSERT(NULL != kt && NULL != ctx); @@ -798,31 +798,31 @@ hmac_ctx_init (HMAC_CTX *ctx, const uint8_t *key, int key_len, } void -hmac_ctx_cleanup(HMAC_CTX *ctx) +mac_ctx_cleanup(HMAC_CTX *ctx) { HMAC_CTX_cleanup (ctx); } int -hmac_ctx_size (const HMAC_CTX *ctx) +mac_ctx_size (const HMAC_CTX *ctx) { return HMAC_size (ctx); } void -hmac_ctx_reset (HMAC_CTX *ctx) +mac_ctx_reset (HMAC_CTX *ctx) { HMAC_Init_ex (ctx, NULL, 0, NULL, NULL); } void -hmac_ctx_update (HMAC_CTX *ctx, const uint8_t *src, int src_len) +mac_ctx_update (HMAC_CTX *ctx, const uint8_t *src, int src_len) { HMAC_Update (ctx, src, src_len); } void -hmac_ctx_final (HMAC_CTX *ctx, uint8_t *dst) +mac_ctx_final (HMAC_CTX *ctx, uint8_t *dst) { unsigned int in_hmac_len = 0; diff --git a/src/openvpn/crypto_openssl.h b/src/openvpn/crypto_openssl.h index d7c9dd8..4c172db 100644 --- a/src/openvpn/crypto_openssl.h +++ b/src/openvpn/crypto_openssl.h @@ -46,11 +46,11 @@ typedef EVP_CIPHER_CTX cipher_ctx_t; /** Generic message digest %context. */ typedef EVP_MD_CTX md_ctx_t; -/** Generic HMAC %context. */ +/** Generic MAC %context. */ #if OPENSSL_VERSION_NUMBER >= 0x10000000L -typedef EVP_MD_CTX hmac_ctx_t; +typedef EVP_MD_CTX mac_ctx_t; #else -typedef HMAC_CTX hmac_ctx_t; +typedef HMAC_CTX mac_ctx_t; #endif /** Maximum length of an IV */ diff --git a/src/openvpn/crypto_polarssl.c b/src/openvpn/crypto_polarssl.c index b44ea12..e35fc07 100644 --- a/src/openvpn/crypto_polarssl.c +++ b/src/openvpn/crypto_polarssl.c @@ -119,7 +119,7 @@ show_available_digests () #ifndef ENABLE_SMALL printf ("The following message digests are available for use with\n" PACKAGE_NAME ". A message digest is used in conjunction with\n" - "the HMAC function, to authenticate received packets.\n" + "the MAC function, to authenticate received packets.\n" "You can specify a message digest as parameter to\n" "the --auth option.\n\n"); #endif @@ -461,11 +461,11 @@ md_kt_get (const char *digest) md = md_info_from_string(digest); if (!md) msg (M_FATAL, "Message hash algorithm '%s' not found", digest); - if (md->size > MAX_HMAC_KEY_LENGTH) + if (md->size > MAX_MAC_KEY_LENGTH) msg (M_FATAL, "Message hash algorithm '%s' uses a default hash size (%d bytes) which is larger than " PACKAGE_NAME "'s current maximum hash size (%d bytes)", digest, md->size, - MAX_HMAC_KEY_LENGTH); + MAX_MAC_KEY_LENGTH); return md; } @@ -538,7 +538,7 @@ md_ctx_final (md_context_t *ctx, uint8_t *dst) /* * - * Generic HMAC functions + * Generic MAC functions * */ @@ -547,7 +547,7 @@ md_ctx_final (md_context_t *ctx, uint8_t *dst) * TODO: re-enable dmsg for crypto debug */ int -hmac_key_size (const md_info_t *kt) +mac_key_size (const md_info_t *kt) { if (NULL == kt) return 0; @@ -555,7 +555,7 @@ hmac_key_size (const md_info_t *kt) } void -hmac_ctx_init (md_context_t *ctx, const uint8_t *key, int key_len, const md_info_t *kt) +mac_ctx_init (md_context_t *ctx, const uint8_t *key, int key_len, const md_info_t *kt) { ASSERT(NULL != kt && NULL != ctx); @@ -569,13 +569,13 @@ hmac_ctx_init (md_context_t *ctx, const uint8_t *key, int key_len, const md_info } void -hmac_ctx_cleanup(md_context_t *ctx) +mac_ctx_cleanup(md_context_t *ctx) { ASSERT(0 == md_free_ctx(ctx)); } int -hmac_ctx_size (const md_context_t *ctx) +mac_ctx_size (const md_context_t *ctx) { if (NULL == ctx) return 0; @@ -583,19 +583,19 @@ hmac_ctx_size (const md_context_t *ctx) } void -hmac_ctx_reset (md_context_t *ctx) +mac_ctx_reset (md_context_t *ctx) { ASSERT(0 == md_hmac_reset(ctx)); } void -hmac_ctx_update (md_context_t *ctx, const uint8_t *src, int src_len) +mac_ctx_update (md_context_t *ctx, const uint8_t *src, int src_len) { ASSERT(0 == md_hmac_update(ctx, src, src_len)); } void -hmac_ctx_final (md_context_t *ctx, uint8_t *dst) +mac_ctx_final (md_context_t *ctx, uint8_t *dst) { ASSERT(0 == md_hmac_finish(ctx, dst)); } diff --git a/src/openvpn/crypto_polarssl.h b/src/openvpn/crypto_polarssl.h index bfabb91..7590353 100644 --- a/src/openvpn/crypto_polarssl.h +++ b/src/openvpn/crypto_polarssl.h @@ -47,8 +47,8 @@ typedef cipher_context_t cipher_ctx_t; /** Generic message digest %context. */ typedef md_context_t md_ctx_t; -/** Generic HMAC %context. */ -typedef md_context_t hmac_ctx_t; +/** Generic MAC %context. */ +typedef md_context_t mac_ctx_t; /** Maximum length of an IV */ #define OPENVPN_MAX_IV_LENGTH POLARSSL_MAX_IV_LENGTH diff --git a/src/openvpn/forward.c b/src/openvpn/forward.c index 57c7846..156703c 100644 --- a/src/openvpn/forward.c +++ b/src/openvpn/forward.c @@ -423,7 +423,7 @@ buffer_turnover (const uint8_t *orig_buf, struct buffer *dest_stub, struct buffe } /* - * Compress, fragment, encrypt and HMAC-sign an outgoing packet. + * Compress, fragment, encrypt and MAC-sign an outgoing packet. * Input: c->c2.buf * Output: c->c2.to_link */ @@ -469,7 +469,7 @@ encrypt_sign (struct context *c, bool comp_frag) /* * Encrypt the packet and write an optional - * HMAC signature. + * MAC signature. */ openvpn_encrypt (&c->c2.buf, b->encrypt_buf, &c->c2.crypto_options, &c->c2.frame); #endif diff --git a/src/openvpn/forward.h b/src/openvpn/forward.h index 0f829bd..efca2bb 100644 --- a/src/openvpn/forward.h +++ b/src/openvpn/forward.h @@ -88,7 +88,7 @@ void show_wait_status (struct context *c); * security operations on the packet. * - Call \c tls_pre_encrypt() to choose the appropriate security * parameters for this packet. - * - Call \c openvpn_encrypt() to encrypt and HMAC signed the packet. + * - Call \c openvpn_encrypt() to encrypt and MAC signed the packet. * - Call \c tls_post_encrypt() to prepend the one-byte OpenVPN header * and do some TLS accounting. * - Place the resulting packet in \c c->c2.to_link so that it can be sent diff --git a/src/openvpn/init.c b/src/openvpn/init.c index 564621d..118e2f9 100644 --- a/src/openvpn/init.c +++ b/src/openvpn/init.c @@ -1961,7 +1961,7 @@ do_init_crypto_static (struct context *c, const unsigned int flags) options->authname_defined, options->keysize, options->test_crypto, true); - /* Read cipher and hmac keys from shared secret file */ + /* Read cipher and MAC keys from shared secret file */ { unsigned int rkf_flags = RKF_MUST_SUCCEED; const char *rkf_file = options->shared_secret_file; diff --git a/src/openvpn/ntlm.c b/src/openvpn/ntlm.c index 3390bdd..570a375 100644 --- a/src/openvpn/ntlm.c +++ b/src/openvpn/ntlm.c @@ -87,13 +87,13 @@ static void gen_hmac_md5 (const char* data, int data_len, const char* key, int key_len,char *result) { const md_kt_t *md5_kt = md_kt_get("MD5"); - hmac_ctx_t hmac_ctx; + mac_ctx_t hmac_ctx; CLEAR(hmac_ctx); - hmac_ctx_init(&hmac_ctx, key, key_len, md5_kt); - hmac_ctx_update(&hmac_ctx, (const unsigned char *)data, data_len); - hmac_ctx_final(&hmac_ctx, (unsigned char *)result); - hmac_ctx_cleanup(&hmac_ctx); + mac_ctx_init(&hmac_ctx, key, key_len, md5_kt); + mac_ctx_update(&hmac_ctx, (const unsigned char *)data, data_len); + mac_ctx_final(&hmac_ctx, (unsigned char *)result); + mac_ctx_cleanup(&hmac_ctx); } static void diff --git a/src/openvpn/openvpn.h b/src/openvpn/openvpn.h index 3ff5470..a96beab 100644 --- a/src/openvpn/openvpn.h +++ b/src/openvpn/openvpn.h @@ -56,7 +56,7 @@ struct key_schedule { #ifdef ENABLE_CRYPTO - /* which cipher, HMAC digest, and key sizes are we using? */ + /* which cipher, MAC digest, and key sizes are we using? */ struct key_type key_type; /* pre-shared static key, read from a file */ @@ -66,7 +66,7 @@ struct key_schedule /* our global SSL context */ struct tls_root_ctx ssl_ctx; - /* optional authentication HMAC key for TLS control channel */ + /* optional authentication MAC key for TLS control channel */ struct key_ctx_bi tls_auth_key; #endif /* ENABLE_SSL */ @@ -347,7 +347,7 @@ struct context_2 * connection attempt. This structure * is used by the \c * tls_pre_decrypt_lite() function when - * it performs the HMAC firewall check + * it performs the MAC firewall check * on the first connection packet * received from a new client. See the * \c --tls-auth commandline option. */ @@ -572,7 +572,7 @@ struct context #define PROTO_DUMP(buf, gc) protocol_dump((buf), \ PROTO_DUMP_FLAGS | \ (c->c2.tls_multi ? PD_TLS : 0) | \ - (c->options.tls_auth_file ? c->c1.ks.key_type.hmac_key_length : 0), \ + (c->options.tls_auth_file ? c->c1.ks.key_type.mac_key_length : 0), \ gc) #else #define TLS_MODE(c) (false) diff --git a/src/openvpn/options.c b/src/openvpn/options.c index b78ff15..225c453 100644 --- a/src/openvpn/options.c +++ b/src/openvpn/options.c @@ -517,7 +517,7 @@ static const char usage_message[] = " If d is specified, use separate keys for each\n" " direction, set d=0 on one side of the connection,\n" " and d=1 on the other side.\n" - "--auth alg : Authenticate packets with HMAC using message\n" + "--auth alg : Authenticate packets with MAC using message\n" " digest algorithm alg (default=%s).\n" " (usually adds 16 or 20 bytes per packet)\n" " Set alg=none to disable authentication.\n" diff --git a/src/openvpn/ssl.c b/src/openvpn/ssl.c index a1a0628..3d1c6a1 100644 --- a/src/openvpn/ssl.c +++ b/src/openvpn/ssl.c @@ -33,7 +33,7 @@ /* * The routines in this file deal with dynamically negotiating - * the data channel HMAC and cipher keys through a TLS session. + * the data channel MAC and cipher keys through a TLS session. * * Both the TLS session and the data channel are multiplexed * over the same TCP/UDP port. @@ -873,7 +873,7 @@ tls_multi_init (struct tls_options *tls_options) /* get command line derived options */ ret->opt = *tls_options; - /* set up pointer to HMAC object for TLS packet authentication */ + /* set up pointer to MAC object for TLS packet authentication */ ret->opt.tls_auth.key_ctx_bi = &ret->opt.tls_auth_key; /* set up list of keys to be scanned by data channel encrypt and decrypt routines */ @@ -910,7 +910,7 @@ tls_auth_standalone_init (struct tls_options *tls_options, ALLOC_OBJ_CLEAR_GC (tas, struct tls_auth_standalone, gc); - /* set up pointer to HMAC object for TLS packet authentication */ + /* set up pointer to MAC object for TLS packet authentication */ tas->tls_auth_key = tls_options->tls_auth_key; tas->tls_auth_options.key_ctx_bi = &tas->tls_auth_key; tas->tls_auth_options.flags |= CO_PACKET_ID_LONG_FORM; @@ -980,29 +980,29 @@ tls_multi_free (struct tls_multi *multi, bool clear) /* - * Move a packet authentication HMAC + related fields to or from the front + * Move a packet authentication MAC + related fields to or from the front * of the buffer so it can be processed by encrypt/decrypt. */ /* - * Dependent on hmac size, opcode size, and session_id size. + * Dependent on MAC size, opcode size, and session_id size. * Will assert if too small. */ #define SWAP_BUF_SIZE 256 static bool -swap_hmac (struct buffer *buf, const struct crypto_options *co, bool incoming) +swap_mac (struct buffer *buf, const struct crypto_options *co, bool incoming) { struct key_ctx *ctx; ASSERT (co); ctx = (incoming ? &co->key_ctx_bi->decrypt : &co->key_ctx_bi->encrypt); - ASSERT (ctx->hmac); + ASSERT (ctx->mac); { - /* hmac + packet_id (8 bytes) */ - const int hmac_size = hmac_ctx_size (ctx->hmac) + packet_id_size (true); + /* MAC + packet_id (8 bytes) */ + const int mac_size = mac_ctx_size (ctx->mac) + packet_id_size (true); /* opcode + session_id */ const int osid_size = 1 + SID_SIZE; @@ -1015,11 +1015,11 @@ swap_hmac (struct buffer *buf, const struct crypto_options *co, bool incoming) if (incoming) { e1 = osid_size; - e2 = hmac_size; + e2 = mac_size; } else { - e1 = hmac_size; + e1 = mac_size; e2 = osid_size; } @@ -1061,11 +1061,11 @@ write_control_auth (struct tls_session *session, ASSERT (session_id_write_prepend (&session->session_id, buf)); ASSERT (header = buf_prepend (buf, 1)); *header = ks->key_id | (opcode << P_OPCODE_SHIFT); - if (session->tls_auth.key_ctx_bi->encrypt.hmac) + if (session->tls_auth.key_ctx_bi->encrypt.mac) { - /* no encryption, only write hmac */ + /* no encryption, only write MAC */ openvpn_encrypt (buf, null, &session->tls_auth, NULL); - ASSERT (swap_hmac (buf, &session->tls_auth, false)); + ASSERT (swap_mac (buf, &session->tls_auth, false)); } *to_link_addr = &ks->remote_addr; } @@ -1080,21 +1080,21 @@ read_control_auth (struct buffer *buf, { struct gc_arena gc = gc_new (); - if (co->key_ctx_bi->decrypt.hmac) + if (co->key_ctx_bi->decrypt.mac) { struct buffer null = clear_buf (); - /* move the hmac record to the front of the packet */ - if (!swap_hmac (buf, co, true)) + /* move the MAC record to the front of the packet */ + if (!swap_mac (buf, co, true)) { msg (D_TLS_ERRORS, - "TLS Error: cannot locate HMAC in incoming packet from %s", + "TLS Error: cannot locate MAC in incoming packet from %s", print_link_socket_actual (from, &gc)); gc_free (&gc); return false; } - /* authenticate only (no decrypt) and remove the hmac record + /* authenticate only (no decrypt) and remove the MAC record from the head of the buffer */ openvpn_decrypt (buf, null, co, NULL); if (!buf->len) @@ -1175,9 +1175,9 @@ tls1_P_hash(const md_kt_t *md_kt, { struct gc_arena gc = gc_new (); int chunk,n; - hmac_ctx_t ctx; - hmac_ctx_t ctx_tmp; - uint8_t A1[MAX_HMAC_KEY_LENGTH]; + mac_ctx_t ctx; + mac_ctx_t ctx_tmp; + uint8_t A1[MAX_MAC_KEY_LENGTH]; unsigned int A1_len; #ifdef ENABLE_DEBUG @@ -1194,37 +1194,37 @@ tls1_P_hash(const md_kt_t *md_kt, chunk = md_kt_size(md_kt); A1_len = md_kt_size(md_kt); - hmac_ctx_init(&ctx, sec, sec_len, md_kt); - hmac_ctx_init(&ctx_tmp, sec, sec_len, md_kt); + mac_ctx_init(&ctx, sec, sec_len, md_kt); + mac_ctx_init(&ctx_tmp, sec, sec_len, md_kt); - hmac_ctx_update(&ctx,seed,seed_len); - hmac_ctx_final(&ctx, A1); + mac_ctx_update(&ctx,seed,seed_len); + mac_ctx_final(&ctx, A1); n=0; for (;;) { - hmac_ctx_reset(&ctx); - hmac_ctx_reset(&ctx_tmp); - hmac_ctx_update(&ctx,A1,A1_len); - hmac_ctx_update(&ctx_tmp,A1,A1_len); - hmac_ctx_update(&ctx,seed,seed_len); + mac_ctx_reset(&ctx); + mac_ctx_reset(&ctx_tmp); + mac_ctx_update(&ctx,A1,A1_len); + mac_ctx_update(&ctx_tmp,A1,A1_len); + mac_ctx_update(&ctx,seed,seed_len); if (olen > chunk) { - hmac_ctx_final(&ctx, out); + mac_ctx_final(&ctx, out); out+=chunk; olen-=chunk; - hmac_ctx_final(&ctx_tmp, A1); /* calc the next A1 value */ + mac_ctx_final(&ctx_tmp, A1); /* calc the next A1 value */ } else /* last one */ { - hmac_ctx_final(&ctx, A1); + mac_ctx_final(&ctx, A1); memcpy(out,A1,olen); break; } } - hmac_ctx_cleanup(&ctx); - hmac_ctx_cleanup(&ctx_tmp); + mac_ctx_cleanup(&ctx); + mac_ctx_cleanup(&ctx_tmp); CLEAR (A1); dmsg (D_SHOW_KEY_SOURCE, "tls1_P_hash out: %s", format_hex (out_orig, olen_orig, 0, &gc)); @@ -3033,7 +3033,7 @@ tls_pre_decrypt (struct tls_multi *multi, * determine whether we should generate a client instance * object, in which case true is returned. * - * This function is essentially the first-line HMAC firewall + * This function is essentially the first-line MAC firewall * on the UDP port listener in --mode server mode. */ bool @@ -3103,7 +3103,7 @@ tls_pre_decrypt_lite (const struct tls_auth_standalone *tas, */ co.flags |= CO_IGNORE_PACKET_ID; - /* HMAC test, if --tls-auth was specified */ + /* MAC test, if --tls-auth was specified */ status = read_control_auth (&newbuf, &co, from); free_buf (&newbuf); if (!status) @@ -3111,11 +3111,11 @@ tls_pre_decrypt_lite (const struct tls_auth_standalone *tas, /* * At this point, if --tls-auth is being used, we know that - * the packet has passed the HMAC test, but we don't know if + * the packet has passed the MAC test, but we don't know if * it is a replay yet. We will attempt to defeat replays * by not advancing to the S_START state until we * receive an ACK from our first reply to the client - * that includes an HMAC of our randomly generated 64 bit + * that includes an MAC of our randomly generated 64 bit * session ID. * * On the other hand if --tls-auth is not being used, we @@ -3294,7 +3294,7 @@ protocol_dump (struct buffer *buffer, unsigned int flags, struct gc_arena *gc) int op; int key_id; - int tls_auth_hmac_size = (flags & PD_TLS_AUTH_HMAC_SIZE_MASK); + int tls_auth_mac_size = (flags & PD_TLS_AUTH_MAC_SIZE_MASK); if (buf.len <= 0) { @@ -3330,19 +3330,19 @@ protocol_dump (struct buffer *buffer, unsigned int flags, struct gc_arena *gc) } /* - * tls-auth hmac + packet_id + * tls-auth MAC + packet_id */ - if (tls_auth_hmac_size) + if (tls_auth_mac_size) { struct packet_id_net pin; - uint8_t tls_auth_hmac[MAX_HMAC_KEY_LENGTH]; + uint8_t tls_auth_mac[MAX_MAC_KEY_LENGTH]; - ASSERT (tls_auth_hmac_size <= MAX_HMAC_KEY_LENGTH); + ASSERT (tls_auth_mac_size <= MAX_MAC_KEY_LENGTH); - if (!buf_read (&buf, tls_auth_hmac, tls_auth_hmac_size)) + if (!buf_read (&buf, tls_auth_mac, tls_auth_mac_size)) goto done; if (flags & PD_VERBOSE) - buf_printf (&out, " tls_hmac=%s", format_hex (tls_auth_hmac, tls_auth_hmac_size, 0, gc)); + buf_printf (&out, " tls_mac=%s", format_hex (tls_auth_mac, tls_auth_mac_size, 0, gc)); if (!packet_id_read (&pin, &buf, true)) goto done; diff --git a/src/openvpn/ssl.h b/src/openvpn/ssl.h index 001e4fd..f5046e7 100644 --- a/src/openvpn/ssl.h +++ b/src/openvpn/ssl.h @@ -326,7 +326,7 @@ bool tls_pre_decrypt (struct tls_multi *multi, * The tests performed by this function are whether the packet's opcode is * correct for establishing a new VPN tunnel, whether its key ID is 0, and * whether its size is not too large. This function also performs the - * initial HMAC firewall test, if configured to do so. + * initial MAC firewall test, if configured to do so. * * The incoming packet and the local VPN tunnel state are not modified by * this function. Its sole purpose is to inspect the packet and determine @@ -341,7 +341,7 @@ bool tls_pre_decrypt (struct tls_multi *multi, * @return * @li True if the packet is valid and a new VPN tunnel should be created * for this client. - * @li False if the packet is not valid, did not pass the HMAC firewall + * @li False if the packet is not valid, did not pass the MAC firewall * test, or some other error occurred. */ bool tls_pre_decrypt_lite (const struct tls_auth_standalone *tas, @@ -482,10 +482,10 @@ tls_set_single_session (struct tls_multi *multi) /* * protocol_dump() flags */ -#define PD_TLS_AUTH_HMAC_SIZE_MASK 0xFF -#define PD_SHOW_DATA (1<<8) -#define PD_TLS (1<<9) -#define PD_VERBOSE (1<<10) +#define PD_TLS_AUTH_MAC_SIZE_MASK 0xFF +#define PD_SHOW_DATA (1<<8) +#define PD_TLS (1<<9) +#define PD_VERBOSE (1<<10) const char *protocol_dump (struct buffer *buffer, unsigned int flags, diff --git a/src/openvpn/ssl_common.h b/src/openvpn/ssl_common.h index f3f43be..3adf507 100644 --- a/src/openvpn/ssl_common.h +++ b/src/openvpn/ssl_common.h @@ -162,7 +162,7 @@ struct key_state struct link_socket_actual remote_addr; /* peer's IP addr */ struct packet_id packet_id; /* for data channel, to prevent replay attacks */ - struct key_ctx_bi key; /* data channel keys for encrypt/decrypt/hmac */ + struct key_ctx_bi key; /* data channel keys for encrypt/decrypt/MAC */ struct key_source2 *key_src; /* source entropy for key expansion */ @@ -209,7 +209,7 @@ struct tls_options /* our master TLS context from which all SSL objects derived */ struct tls_root_ctx ssl_ctx; - /* data channel cipher, hmac, and key lengths */ + /* data channel cipher, MAC, and key lengths */ struct key_type key_type; /* true if we are a TLS server, client otherwise */ -- 1.7.9.5
