rlm_cipher.c File Reference

Creates dynamic expansions for encrypting/decrypting data. More...

#include <freeradius-devel/server/base.h>
#include <freeradius-devel/server/module_rlm.h>
#include <freeradius-devel/tls/base.h>
#include <freeradius-devel/tls/cert.h>
#include <freeradius-devel/tls/log.h>
#include <freeradius-devel/tls/utils.h>
#include <freeradius-devel/tls/strerror.h>
#include <freeradius-devel/util/debug.h>
#include <freeradius-devel/unlang/xlat_func.h>
#include <freeradius-devel/unlang/xlat.h>
#include <freeradius-devel/tls/openssl_user_macros.h>
#include <openssl/crypto.h>
#include <openssl/pem.h>
#include <openssl/evp.h>
#include <openssl/rsa.h>
#include <openssl/x509.h>

Include dependency graph for rlm_cipher.c:

Go to the source code of this file.

Data Structures
struct	cipher_rsa_oaep_t
	Configuration for the OAEP padding method. More...
struct	cipher_rsa_t
	Configuration for RSA encryption/decryption/signing. More...
struct	rlm_cipher_rsa_thread_inst_t
struct	rlm_cipher_t
	Instance configuration. More...
union	rlm_cipher_t.__unnamed157__
	Supported cipher types. More...

Enumerations
enum	cipher_cert_attributes_t {   CIPHER_CERT_ATTR_UNKNOWN = 0 ,   CIPHER_CERT_ATTR_SERIAL ,   CIPHER_CERT_ATTR_FINGERPRINT ,   CIPHER_CERT_ATTR_NOT_BEFORE ,   CIPHER_CERT_ATTR_NOT_AFTER }
enum	cipher_cert_verify_mode_t {   CIPHER_CERT_VERIFY_INVALID = 0 ,   CIPHER_CERT_VERIFY_HARD ,   CIPHER_CERT_VERIFY_SOFT ,   CIPHER_CERT_VERIFY_NONE }
	Certificate validation modes. More...
enum	cipher_type_t {   RLM_CIPHER_TYPE_INVALID = 0 ,   RLM_CIPHER_TYPE_RSA = 1 ,   RLM_CIPHER_TYPE_SYMMETRIC = 2 }

Functions
static int	_evp_md_ctx_free (EVP_MD_CTX *evp_md_ctx)
	Talloc destructor for freeing an EVP_MD_CTX. More...
static int	_evp_pkey_ctx_free (EVP_PKEY_CTX *evp_pkey_ctx)
	Talloc destructor for freeing an EVP_PKEY_CTX. More...
static int	_evp_pkey_free (EVP_PKEY *pkey)
	Talloc destructor for freeing an EVP_PKEY (representing a certificate) More...
static int	_x509_cert_free (X509 *cert)
	Talloc destructor for freeing an X509 struct (representing a public certificate) More...
static xlat_action_t	cipher_certificate_xlat (TALLOC_CTX *ctx, fr_dcursor_t *out, xlat_ctx_t const *xctx, request_t *request, fr_value_box_list_t *in)
static xlat_action_t	cipher_fingerprint_xlat (TALLOC_CTX *ctx, fr_dcursor_t *out, xlat_ctx_t const *xctx, request_t *request, fr_value_box_list_t *in)
	Return the fingerprint of the public certificate. More...
static int	cipher_rsa_certificate_file_load (TALLOC_CTX *ctx, void *out, UNUSED void *parent, CONF_ITEM *ci, UNUSED conf_parser_t const *rule)
static int	cipher_rsa_certificate_file_load (TALLOC_CTX *ctx, void *out, void *parent, CONF_ITEM *ci, UNUSED conf_parser_t const *rule)
	Load an RSA public key using OpenSSL functions. More...
static xlat_action_t	cipher_rsa_decrypt_xlat (TALLOC_CTX *ctx, fr_dcursor_t *out, xlat_ctx_t const *xctx, request_t *request, fr_value_box_list_t *in)
	Decrypt input data. More...
static xlat_action_t	cipher_rsa_encrypt_xlat (TALLOC_CTX *ctx, fr_dcursor_t *out, xlat_ctx_t const *xctx, request_t *request, fr_value_box_list_t *in)
	Encrypt input data. More...
static int	cipher_rsa_padding_params_set (EVP_PKEY_CTX *evp_pkey_ctx, cipher_rsa_t const *rsa_inst)
static int	cipher_rsa_padding_type_parse (UNUSED TALLOC_CTX *ctx, void *out, UNUSED void *parent, CONF_ITEM *ci, UNUSED conf_parser_t const *rule)
	Checks if the specified padding type is valid. More...
static int	cipher_rsa_private_key_file_load (TALLOC_CTX *ctx, void *out, void *parent, CONF_ITEM *ci, UNUSED conf_parser_t const *rule)
	Load and (optionally decrypt) an RSA private key using OpenSSL functions. More...
static int	cipher_rsa_private_key_file_load (UNUSED TALLOC_CTX *ctx, void *out, UNUSED void *parent, CONF_ITEM *ci, UNUSED conf_parser_t const *rule)
static xlat_action_t	cipher_rsa_sign_xlat (TALLOC_CTX *ctx, fr_dcursor_t *out, xlat_ctx_t const *xctx, request_t *request, fr_value_box_list_t *in)
	Sign input data. More...
static int	cipher_rsa_thread_instantiate (module_thread_inst_ctx_t const *mctx)
	Pre-initialises the EVP_PKEY_CTX necessary for performing RSA encryption/decryption/sign/verify. More...
static xlat_action_t	cipher_rsa_verify_xlat (TALLOC_CTX *ctx, fr_dcursor_t *out, xlat_ctx_t const *xctx, request_t *request, fr_value_box_list_t *in)
	Verify input data. More...
static xlat_action_t	cipher_serial_xlat (TALLOC_CTX *ctx, fr_dcursor_t *out, xlat_ctx_t const *xctx, request_t *request, UNUSED fr_value_box_list_t *in)
	Return the serial of the public certificate. More...
static int	cipher_type_parse (UNUSED TALLOC_CTX *ctx, void *out, UNUSED void *parent, CONF_ITEM *ci, UNUSED conf_parser_t const *rule)
	Checks if the specified cipher type is valid. More...
static int	digest_type_parse (UNUSED TALLOC_CTX *ctx, void *out, UNUSED void *parent, CONF_ITEM *ci, UNUSED conf_parser_t const *rule)
	Calls EVP_get_digestbyname() to convert the digest type. More...
static int	mod_bootstrap (module_inst_ctx_t const *mctx)
static int	mod_thread_instantiate (module_thread_inst_ctx_t const *mctx)

Variables
static fr_table_num_sorted_t const	cert_attributes []
	Public key types. More...
static size_t	cert_attributes_len = NUM_ELEMENTS(cert_attributes)
static fr_table_num_sorted_t const	cipher_cert_verify_mode_table []
static size_t	cipher_cert_verify_mode_table_len = NUM_ELEMENTS(cipher_cert_verify_mode_table)
static xlat_arg_parser_t const	cipher_certificate_xlat_args []
static xlat_arg_parser_t const	cipher_rsa_decrypt_xlat_arg []
static xlat_arg_parser_t const	cipher_rsa_encrypt_xlat_arg []
static fr_table_num_sorted_t const	cipher_rsa_padding []
	The type of padding used. More...
static size_t	cipher_rsa_padding_len = NUM_ELEMENTS(cipher_rsa_padding)
static xlat_arg_parser_t const	cipher_rsa_sign_xlat_arg []
static xlat_arg_parser_t const	cipher_rsa_verify_xlat_arg []
static fr_table_num_sorted_t const	cipher_type []
static size_t	cipher_type_len = NUM_ELEMENTS(cipher_type)
static const conf_parser_t	module_config []
static fr_table_num_sorted_t const	pkey_types []
	Public key types. More...
static size_t	pkey_types_len = NUM_ELEMENTS(pkey_types)
module_rlm_t	rlm_cipher
static const conf_parser_t	rsa_config []
	Configuration for the RSA cipher type. More...
static const conf_parser_t	rsa_oaep_config []
	Configuration for the RSA-PCKS1-OAEP padding scheme. More...

Detailed Description

Creates dynamic expansions for encrypting/decrypting data.

Id

c19b23742580801c33c2e10348f7d9fae0b2161d

Author

Arran Cudbard-Bell (a.cud.nosp@m.bard.nosp@m.b@fre.nosp@m.erad.nosp@m.ius.o.nosp@m.rg)

Copyright

2018 The FreeRADIUS server project

2018 Network RADIUS (legal.nosp@m.@net.nosp@m.workr.nosp@m.adiu.nosp@m.s.com)

Definition in file rlm_cipher.c.

---

Data Structure Documentation

cipher_rsa_oaep_t

struct cipher_rsa_oaep_t

Configuration for the OAEP padding method.

Definition at line 146 of file rlm_cipher.c.

Data Fields
char const *	label	Additional input to the hashing function.
EVP_MD *	mgf1_digest	Masking function digest.
EVP_MD *	oaep_digest	Padding digest type.

cipher_rsa_t

struct cipher_rsa_t

Configuration for RSA encryption/decryption/signing.

Definition at line 158 of file rlm_cipher.c.

Collaboration diagram for cipher_rsa_t:

Data Fields
EVP_PKEY *	certificate_file	Public (certificate) file.
fr_unix_time_t	not_after	Certificate isn't valid after this time.
fr_unix_time_t	not_before	Certificate isn't valid before this time.
cipher_rsa_oaep_t *	oaep	OAEP can use a configurable message digest type.
int	padding	Type of padding to apply to the plaintext or ciphertext before feeding it to RSA crypto functions.
EVP_PKEY *	private_key_file	Private key file.
char const *	private_key_password	Password to decrypt the private key.
char const *	random_file	If set, we read 10K of data (or the complete file) and use it to seed OpenSSL's PRNG.
EVP_MD *	sig_digest	Signature digest type.
cipher_cert_verify_mode_t	verify_mode	How hard we try to verify the certificate.
X509 *	x509_certificate_file	Needed for extracting certificate attributes.

rlm_cipher_rsa_thread_inst_t

struct rlm_cipher_rsa_thread_inst_t

Definition at line 133 of file rlm_cipher.c.

Data Fields
uint8_t *	digest_buff	Pre-allocated digest buffer.
EVP_PKEY_CTX *	evp_decrypt_ctx	Pre-allocated evp_pkey_ctx.
EVP_PKEY_CTX *	evp_encrypt_ctx	Pre-allocated evp_pkey_ctx.
EVP_MD_CTX *	evp_md_ctx	Pre-allocated evp_md_ctx for sign and verify.
EVP_PKEY_CTX *	evp_sign_ctx	Pre-allocated evp_pkey_ctx.
EVP_PKEY_CTX *	evp_verify_ctx	Pre-allocated evp_pkey_ctx.

rlm_cipher_t

struct rlm_cipher_t

Instance configuration.

Definition at line 183 of file rlm_cipher.c.

Data Fields
union rlm_cipher_t	__unnamed__	Supported cipher types.
cipher_type_t	type	Type of encryption to use.

rlm_cipher_t.__unnamed157__

union rlm_cipher_t.__unnamed157__

Supported cipher types.

Definition at line 189 of file rlm_cipher.c.

Data Fields
cipher_rsa_t *	rsa	Use RSA encryption (with optional padding).

Enumeration Type Documentation

cipher_cert_attributes_t

enum cipher_cert_attributes_t

Enumerator
CIPHER_CERT_ATTR_UNKNOWN	Unrecognised attribute.
CIPHER_CERT_ATTR_SERIAL	Certificate's serial number.
CIPHER_CERT_ATTR_FINGERPRINT	Dynamically calculated fingerprint.
CIPHER_CERT_ATTR_NOT_BEFORE	Time the certificate becomes valid.
CIPHER_CERT_ATTR_NOT_AFTER	Time the certificate expires.

Definition at line 79 of file rlm_cipher.c.

cipher_cert_verify_mode_t

enum cipher_cert_verify_mode_t

Certificate validation modes.

Enumerator
CIPHER_CERT_VERIFY_INVALID
CIPHER_CERT_VERIFY_HARD	Fail if the certificate isn't valid.
CIPHER_CERT_VERIFY_SOFT	Warn if the certificate isn't valid.
CIPHER_CERT_VERIFY_NONE	Don't check to see if the we're between notBefore or notAfter.

Definition at line 70 of file rlm_cipher.c.

cipher_type_t

enum cipher_type_t

Enumerator
RLM_CIPHER_TYPE_INVALID
RLM_CIPHER_TYPE_RSA
RLM_CIPHER_TYPE_SYMMETRIC	Any symmetric cipher available via OpenSSL's EVP interface.

Definition at line 60 of file rlm_cipher.c.

Function Documentation

_evp_md_ctx_free()

static int _evp_md_ctx_free ( EVP_MD_CTX *  evp_md_ctx )

static

Talloc destructor for freeing an EVP_MD_CTX.

Parameters

[in]

evp_md_ctx

to free.

Returns

0

Definition at line 988 of file rlm_cipher.c.

Here is the caller graph for this function:

_evp_pkey_ctx_free()

static int _evp_pkey_ctx_free ( EVP_PKEY_CTX *  evp_pkey_ctx )

static

Talloc destructor for freeing an EVP_PKEY_CTX.

Parameters

[in]

evp_pkey_ctx

to free.

Returns

0

Definition at line 976 of file rlm_cipher.c.

Here is the caller graph for this function:

_evp_pkey_free()

static int _evp_pkey_free ( EVP_PKEY *  pkey )

static

Talloc destructor for freeing an EVP_PKEY (representing a certificate)

Parameters

[in]

pkey

to free.

Returns

0

Definition at line 338 of file rlm_cipher.c.

Here is the caller graph for this function:

_x509_cert_free()

static int _x509_cert_free ( X509 *  cert )

static

Talloc destructor for freeing an X509 struct (representing a public certificate)

Parameters

[in]

cert

to free.

Returns

0

Definition at line 350 of file rlm_cipher.c.

Here is the caller graph for this function:

cipher_certificate_xlat()

static xlat_action_t cipher_certificate_xlat ( TALLOC_CTX *  ctx, fr_dcursor_t *  out, xlat_ctx_t const *  xctx, request_t *  request, fr_value_box_list_t *  in  )

static

Definition at line 936 of file rlm_cipher.c.

Here is the call graph for this function:

Here is the caller graph for this function:

cipher_rsa_certificate_file_load() [1/2]

static int cipher_rsa_certificate_file_load ( TALLOC_CTX *  ctx, void *  out, UNUSED void *  parent, CONF_ITEM *  ci, UNUSED conf_parser_t const *  rule  )

static

cipher_rsa_certificate_file_load() [2/2]

static int cipher_rsa_certificate_file_load ( TALLOC_CTX *  ctx, void *  out, void *  parent, CONF_ITEM *  ci, UNUSED conf_parser_t const *  rule  )

static

Load an RSA public key using OpenSSL functions.

Parameters

[in]	ctx	UNUSED. Although the EVP_PKEY struct will be allocated with talloc, we need to call the specialised free function anyway.
[out]	out	Where to write the EVP_PKEY * representing the certificate we just loaded.
[in]	parent	Base structure address.
[in]	ci	Config item containing the certificate path.
[in]	rule	this callback was attached to.

Returns

• -1 on failure.
• 0 on success.

Definition at line 430 of file rlm_cipher.c.

Here is the call graph for this function:

cipher_rsa_padding_params_set()

static int cipher_rsa_padding_params_set ( EVP_PKEY_CTX *  evp_pkey_ctx, cipher_rsa_t const *  rsa_inst  )

static

Definition at line 995 of file rlm_cipher.c.

Here is the call graph for this function:

Here is the caller graph for this function:

cipher_rsa_padding_type_parse()

static int cipher_rsa_padding_type_parse ( UNUSED TALLOC_CTX *  ctx, void *  out, UNUSED void *  parent, CONF_ITEM *  ci, UNUSED conf_parser_t const *  rule  )

static

Checks if the specified padding type is valid.

Parameters

[in]	ctx	to allocate data in.
[out]	out	Padding type.
[in]	parent	Base structure address.
[in]	ci	CONF_PAIR specifying the padding type..
[in]	rule	unused.

Returns

• 0 on success.
• -1 on failure.

Definition at line 282 of file rlm_cipher.c.

Here is the call graph for this function:

cipher_rsa_private_key_file_load() [1/2]

static int cipher_rsa_private_key_file_load ( TALLOC_CTX *  ctx, void *  out, void *  parent, CONF_ITEM *  ci, UNUSED conf_parser_t const *  rule  )

static

Load and (optionally decrypt) an RSA private key using OpenSSL functions.

Parameters

[in]	ctx	UNUSED. Although the EVP_PKEY struct will be allocated with talloc, we need to call the specialised free function anyway.
[out]	out	Where to write the EVP_PKEY * representing the certificate we just loaded.
[in]	parent	Base structure address.
[in]	ci	Config item containing the certificate path.
[in]	rule	this callback was attached to.

Returns

• -1 on failure.
• 0 on success.

Definition at line 371 of file rlm_cipher.c.

Here is the call graph for this function:

cipher_rsa_private_key_file_load() [2/2]

static int cipher_rsa_private_key_file_load ( UNUSED TALLOC_CTX *  ctx, void *  out, UNUSED void *  parent, CONF_ITEM *  ci, UNUSED conf_parser_t const *  rule  )

static

cipher_rsa_thread_instantiate()

static int cipher_rsa_thread_instantiate ( module_thread_inst_ctx_t const *  mctx )

static

Pre-initialises the EVP_PKEY_CTX necessary for performing RSA encryption/decryption/sign/verify.

If reference counting is used for EVP_PKEY structs, should also prevent any mutex contention associated with incrementing/decrementing those references.

xlat functions MUST NOT interleave PKEY operations with yields

Returns

0.

Definition at line 1061 of file rlm_cipher.c.

Here is the call graph for this function:

Here is the caller graph for this function:

cipher_type_parse()

static int cipher_type_parse ( UNUSED TALLOC_CTX *  ctx, void *  out, UNUSED void *  parent, CONF_ITEM *  ci, UNUSED conf_parser_t const *  rule  )

static

Checks if the specified cipher type is valid.

Parameters

[in]	ctx	to allocate data in.
[out]	out	Cipher enumeration type.
[in]	parent	Base structure address.
[in]	ci	CONF_PAIR specifying the name of the type module.
[in]	rule	unused.

Returns

• 0 on success.
• -1 on failure.

Definition at line 311 of file rlm_cipher.c.

Here is the call graph for this function:

digest_type_parse()

static int digest_type_parse ( UNUSED TALLOC_CTX *  ctx, void *  out, UNUSED void *  parent, CONF_ITEM *  ci, UNUSED conf_parser_t const *  rule  )

static

Calls EVP_get_digestbyname() to convert the digest type.

Parameters

[in]	ctx	to allocate data in.
[out]	out	EVP_MD representing the OpenSSL digest type.
[in]	parent	Base structure address.
[in]	ci	CONF_PAIR specifying the name of the digest.
[in]	rule	unused.

Returns

• 0 on success.
• -1 on failure.

Definition at line 253 of file rlm_cipher.c.

Here is the call graph for this function:

mod_bootstrap()

static int mod_bootstrap ( module_inst_ctx_t const *  mctx )

static

Definition at line 1244 of file rlm_cipher.c.

Here is the call graph for this function:

mod_thread_instantiate()

static int mod_thread_instantiate ( module_thread_inst_ctx_t const *  mctx )

static

Definition at line 1221 of file rlm_cipher.c.

Here is the call graph for this function:

Variable Documentation

cert_attributes

fr_table_num_sorted_t const cert_attributes[]

static

Initial value:

= {
        { L("fingerprint"),     CIPHER_CERT_ATTR_FINGERPRINT    },
        { L("notAfter"),        CIPHER_CERT_ATTR_NOT_AFTER      },
        { L("notBefore"),       CIPHER_CERT_ATTR_NOT_BEFORE     },
        { L("serial"),          CIPHER_CERT_ATTR_SERIAL         },
}

Public key types.

Definition at line 125 of file rlm_cipher.c.

cert_attributes_len

size_t cert_attributes_len = NUM_ELEMENTS(cert_attributes)

static

Definition at line 131 of file rlm_cipher.c.

cipher_cert_verify_mode_table

fr_table_num_sorted_t const cipher_cert_verify_mode_table[]

static

Initial value:

= {
        { L("hard"),    CIPHER_CERT_VERIFY_HARD },
        { L("none"),    CIPHER_CERT_VERIFY_SOFT },
        { L("soft"),    CIPHER_CERT_VERIFY_NONE }
}

Definition at line 115 of file rlm_cipher.c.

cipher_cert_verify_mode_table_len

size_t cipher_cert_verify_mode_table_len = NUM_ELEMENTS(cipher_cert_verify_mode_table)

static

Definition at line 120 of file rlm_cipher.c.

cipher_certificate_xlat_args

xlat_arg_parser_t const cipher_certificate_xlat_args[]

static

Initial value:

= {
        { .required = true, .concat = false, .single = true, .type = FR_TYPE_STRING },
        { .required = false, .concat = false, .single = true, .type = FR_TYPE_STRING }, 
        XLAT_ARG_PARSER_TERMINATOR
}

Definition at line 849 of file rlm_cipher.c.

cipher_rsa_decrypt_xlat_arg

xlat_arg_parser_t const cipher_rsa_decrypt_xlat_arg[]

static

Initial value:

= {
        { .required = true, .concat = true, .type = FR_TYPE_OCTETS },
        XLAT_ARG_PARSER_TERMINATOR
}

Definition at line 674 of file rlm_cipher.c.

cipher_rsa_encrypt_xlat_arg

xlat_arg_parser_t const cipher_rsa_encrypt_xlat_arg[]

static

Initial value:

= {
        { .required = true, .concat = true, .type = FR_TYPE_STRING },
        XLAT_ARG_PARSER_TERMINATOR
}

Definition at line 535 of file rlm_cipher.c.

cipher_rsa_padding

fr_table_num_sorted_t const cipher_rsa_padding[]

static

Initial value:

= {
        { L("none"),    RSA_NO_PADDING          },
        { L("oaep"),    RSA_PKCS1_OAEP_PADDING  },              
        { L("pkcs"),    RSA_PKCS1_PADDING       },              
        { L("x931"),    RSA_X931_PADDING        }
}

The type of padding used.

Definition at line 101 of file rlm_cipher.c.

cipher_rsa_padding_len

size_t cipher_rsa_padding_len = NUM_ELEMENTS(cipher_rsa_padding)

static

Definition at line 107 of file rlm_cipher.c.

cipher_rsa_sign_xlat_arg

xlat_arg_parser_t const cipher_rsa_sign_xlat_arg[]

static

Initial value:

= {
        { .required = true, .concat = true, .type = FR_TYPE_STRING },
        XLAT_ARG_PARSER_TERMINATOR
}

Definition at line 596 of file rlm_cipher.c.

cipher_rsa_verify_xlat_arg

xlat_arg_parser_t const cipher_rsa_verify_xlat_arg[]

static

Initial value:

= {
        { .required = true, .concat = false, .single = true, .type = FR_TYPE_VOID },
        { .required = true, .concat = true, .type = FR_TYPE_STRING },
        { .variadic = XLAT_ARG_VARIADIC_EMPTY_SQUASH, .concat = true,  .type = FR_TYPE_STRING },
        XLAT_ARG_PARSER_TERMINATOR
}

Definition at line 733 of file rlm_cipher.c.

cipher_type

fr_table_num_sorted_t const cipher_type[]

static

Initial value:

= {
        { L("rsa"),             RLM_CIPHER_TYPE_RSA             },
        { L("symmetric"),       RLM_CIPHER_TYPE_SYMMETRIC       }
}

Definition at line 109 of file rlm_cipher.c.

cipher_type_len

size_t cipher_type_len = NUM_ELEMENTS(cipher_type)

static

Definition at line 113 of file rlm_cipher.c.

module_config

const conf_parser_t module_config[]

static

Initial value:

= {
        { FR_CONF_OFFSET_TYPE_FLAGS("type", FR_TYPE_VOID, CONF_FLAG_NOT_EMPTY, rlm_cipher_t, type), .func = cipher_type_parse, .dflt = "rsa" },
        { FR_CONF_OFFSET_SUBSECTION("rsa", 0, rlm_cipher_t, rsa, rsa_config), .subcs_size = sizeof(cipher_rsa_t), .subcs_type = "cipher_rsa_t" },
        CONF_PARSER_TERMINATOR
}

Definition at line 236 of file rlm_cipher.c.

pkey_types

fr_table_num_sorted_t const pkey_types[]

static

Initial value:

= {
        { L("DH"),      EVP_PKEY_DH             },
        { L("DSA"),     EVP_PKEY_DSA            },
        { L("EC"),      EVP_PKEY_EC             },
        { L("RSA"),     EVP_PKEY_RSA            }
}

Public key types.

Definition at line 90 of file rlm_cipher.c.

pkey_types_len

size_t pkey_types_len = NUM_ELEMENTS(pkey_types)

static

Definition at line 96 of file rlm_cipher.c.

rlm_cipher

module_rlm_t rlm_cipher

Initial value:

= {
        .common = {
                .magic                  = MODULE_MAGIC_INIT,
                .name                   = "cipher",
                .inst_size              = sizeof(rlm_cipher_t),
                .thread_inst_size       = sizeof(rlm_cipher_rsa_thread_inst_t),
                .config                 = module_config,
                .bootstrap              = mod_bootstrap,
                .thread_instantiate     = mod_thread_instantiate
        }
}

Definition at line 1340 of file rlm_cipher.c.

rsa_config

const conf_parser_t rsa_config[]

static

Initial value:

= {
        { FR_CONF_OFFSET("verify_mode", cipher_rsa_t, verify_mode),
                         .func = cf_table_parse_int,
                         .uctx = &(cf_table_parse_ctx_t){
                                .table = cipher_cert_verify_mode_table,
                                .len = &cipher_cert_verify_mode_table_len
                         },
                         .dflt = "hard" }, 
 
        { FR_CONF_OFFSET_FLAGS("private_key_password", CONF_FLAG_SECRET, cipher_rsa_t, private_key_password) }, 
        { FR_CONF_OFFSET_TYPE_FLAGS("private_key_file", FR_TYPE_VOID, CONF_FLAG_NOT_EMPTY, cipher_rsa_t, private_key_file), .func = cipher_rsa_private_key_file_load },
        { FR_CONF_OFFSET_TYPE_FLAGS("certificate_file", FR_TYPE_VOID, CONF_FLAG_NOT_EMPTY, cipher_rsa_t, certificate_file), .func = cipher_rsa_certificate_file_load },
 
        { FR_CONF_OFFSET("random_file", cipher_rsa_t, random_file) },
 
        { FR_CONF_OFFSET_TYPE_FLAGS("signature_digest", FR_TYPE_VOID, CONF_FLAG_NOT_EMPTY, cipher_rsa_t, sig_digest), .func = digest_type_parse, .dflt = "sha256" },
 
        { FR_CONF_OFFSET_TYPE_FLAGS("padding_type", FR_TYPE_VOID, CONF_FLAG_NOT_EMPTY, cipher_rsa_t, padding), .func = cipher_rsa_padding_type_parse, .dflt = "pkcs" },
 
        { FR_CONF_OFFSET_SUBSECTION("oaep", 0, cipher_rsa_t, oaep, rsa_oaep_config),
                         .subcs_size = sizeof(cipher_rsa_oaep_t), .subcs_type = "cipher_rsa_oaep_t" },
 
        CONF_PARSER_TERMINATOR
}

Configuration for the RSA cipher type.

Definition at line 208 of file rlm_cipher.c.

rsa_oaep_config

const conf_parser_t rsa_oaep_config[]

static

Initial value:

= {
        { FR_CONF_OFFSET_TYPE_FLAGS("oaep_digest", FR_TYPE_VOID, CONF_FLAG_NOT_EMPTY, cipher_rsa_oaep_t, oaep_digest), .func = digest_type_parse, .dflt = "sha256" },
        { FR_CONF_OFFSET_TYPE_FLAGS("mgf1_digest", FR_TYPE_VOID, CONF_FLAG_NOT_EMPTY, cipher_rsa_oaep_t, mgf1_digest), .func = digest_type_parse, .dflt = "sha256" },
        { FR_CONF_OFFSET("label", cipher_rsa_oaep_t, label) },
 
        CONF_PARSER_TERMINATOR
}

Configuration for the RSA-PCKS1-OAEP padding scheme.

Definition at line 197 of file rlm_cipher.c.