File: doc_data_crypto.h

package info (click to toggle)
openvpn 2.7.0-1
  • links: PTS, VCS
  • area: main
  • in suites: sid
  • size: 11,388 kB
  • sloc: ansic: 103,617; sh: 6,873; makefile: 1,010; python: 271; perl: 66
file content (69 lines) | stat: -rw-r--r-- 2,997 bytes parent folder | download | duplicates (2) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
 
/*
 *  OpenVPN -- An application to securely tunnel IP networks
 *             over a single TCP/UDP port, with support for SSL/TLS-based
 *             session authentication and key exchange,
 *             packet encryption, packet authentication, and
 *             packet compression.
 *
 *  Copyright (C) 2010-2026 Sentyron B.V. <openvpn@sentyron.com>
 *
 *
 *  This program is free software; you can redistribute it and/or modify
 *  it under the terms of the GNU General Public License version 2
 *  as published by the Free Software Foundation.
 *
 *  This program is distributed in the hope that it will be useful,
 *  but WITHOUT ANY WARRANTY; without even the implied warranty of
 *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 *  GNU General Public License for more details.
 *
 *  You should have received a copy of the GNU General Public License along
 *  with this program; if not, see <https://www.gnu.org/licenses/>.
 */

/**
 * @file
 * Data Channel Crypto module documentation file.
 */

/**
 * @addtogroup data_crypto Data Channel Crypto module
 *
 * The Data Channel Crypto Module performs cryptographic operations on
 * data channel packets.
 *
 * @par Security parameters
 * This module is merely the user of a VPN tunnel's security parameters.
 * It does not perform the negotiation and setup of the security
 * parameters, nor the %key generation involved.  These actions are done
 * by the \link control_processor Control Channel Processor\endlink.  This
 * module receives the appropriate security parameters from that module in
 * the form of a \c crypto_options structure when they are necessary for
 * processing a packet.
 *
 * @par Packet processing functions
 * This module receives data channel packets from the \link data_control
 * Data Channel Control module\endlink and processes them according to the
 * security parameters of the packet's VPN tunnel.  The \link data_control
 * Data Channel Control module\endlink uses the following interface
 * functions:
 *  - For packets which will be sent to a remote OpenVPN peer:
 *     - \c tls_pre_encrypt()
 *     - \c openvpn_encrypt()
 *     - \c tls_post_encrypt()
 *  - For packets which have been received from a remote OpenVPN peer:
 *     - \c tls_pre_decrypt() (documented as part of the \link
 *       external_multiplexer External Multiplexer\endlink)
 *     - \c openvpn_decrypt()
 *
 * @par Settings that control this module's activity
 * How the data channel processes packets received from the \link data_control
 * Data Channel Control module\endlink at runtime depends on the associated
 * \c crypto_options structure.  To perform cryptographic operations, the
 * \c crypto_options.key_ctx_bi must contain the correct cipher and HMAC
 * security parameters for the direction the packet is traveling in.
 *
 * @par Crypto algorithms
 * This module uses the crypto algorithm implementations of the external
 * crypto library (currently either OpenSSL (default), or mbed TLS).
 */