Creates dynamic expansions for encrypting/decrypting data. More...

#include <freeradius-devel/server/base.h>
#include <freeradius-devel/server/module_rlm.h>
#include <freeradius-devel/tls/base.h>
#include <freeradius-devel/tls/cert.h>
#include <freeradius-devel/tls/log.h>
#include <freeradius-devel/tls/strerror.h>
#include <freeradius-devel/util/debug.h>
#include <freeradius-devel/unlang/xlat_func.h>
#include <freeradius-devel/unlang/xlat.h>
#include <freeradius-devel/tls/openssl_user_macros.h>
#include <openssl/crypto.h>
#include <openssl/pem.h>
#include <openssl/evp.h>
#include <openssl/rsa.h>
#include <openssl/x509.h>

Include dependency graph for rlm_cipher.c:

Go to the source code of this file.

Data Structures
struct	cipher_rsa_oaep_t
	Configuration for the OAEP padding method. More...

struct	cipher_rsa_t
	Configuration for RSA encryption/decryption/signing. More...

struct	rlm_cipher_rsa_thread_inst_t

struct	rlm_cipher_t
	Instance configuration. More...

union	rlm_cipher_t.__unnamed148__
	Supported cipher types. More...

Enumerations
enum	cipher_cert_attributes_t { CIPHER_CERT_ATTR_UNKNOWN = 0 , CIPHER_CERT_ATTR_SERIAL , CIPHER_CERT_ATTR_FINGERPRINT , CIPHER_CERT_ATTR_NOT_BEFORE , CIPHER_CERT_ATTR_NOT_AFTER }

enum	cipher_cert_verify_mode_t { CIPHER_CERT_VERIFY_INVALID = 0 , CIPHER_CERT_VERIFY_HARD , CIPHER_CERT_VERIFY_SOFT , CIPHER_CERT_VERIFY_NONE }
	Certificate validation modes. More...

enum	cipher_type_t { RLM_CIPHER_TYPE_INVALID = 0 , RLM_CIPHER_TYPE_RSA = 1 }

Functions
static int	_evp_md_ctx_free (EVP_MD_CTX *evp_md_ctx)
	Talloc destructor for freeing an EVP_MD_CTX. More...

static int	_evp_pkey_ctx_free (EVP_PKEY_CTX *evp_pkey_ctx)
	Talloc destructor for freeing an EVP_PKEY_CTX. More...

static int	_evp_pkey_free (EVP_PKEY *pkey)
	Talloc destructor for freeing an EVP_PKEY (representing a certificate) More...

static int	_get_private_key_password (char buf, int size, UNUSED int rwflag, void u)
	Return the static private key password we have configured. More...

static int	_x509_cert_free (X509 *cert)
	Talloc destructor for freeing an X509 struct (representing a public certificate) More...

static xlat_action_t	cipher_certificate_xlat (TALLOC_CTX ctx, fr_dcursor_t out, xlat_ctx_t const xctx, request_t request, fr_value_box_list_t *in)

static xlat_action_t	cipher_fingerprint_xlat (TALLOC_CTX ctx, fr_dcursor_t out, xlat_ctx_t const xctx, request_t request, fr_value_box_list_t *in)
	Return the fingerprint of the public certificate. More...

static int	cipher_rsa_certificate_file_load (TALLOC_CTX ctx, void out, UNUSED void parent, CONF_ITEM ci, UNUSED conf_parser_t const *rule)

static int	cipher_rsa_certificate_file_load (TALLOC_CTX ctx, void out, void parent, CONF_ITEM ci, UNUSED conf_parser_t const *rule)
	Load an RSA public key using OpenSSL functions. More...

static xlat_action_t	cipher_rsa_decrypt_xlat (TALLOC_CTX ctx, fr_dcursor_t out, xlat_ctx_t const xctx, request_t request, fr_value_box_list_t *in)
	Decrypt input data. More...

static xlat_action_t	cipher_rsa_encrypt_xlat (TALLOC_CTX ctx, fr_dcursor_t out, xlat_ctx_t const xctx, request_t request, fr_value_box_list_t *in)
	Encrypt input data. More...

static int	cipher_rsa_padding_params_set (EVP_PKEY_CTX evp_pkey_ctx, cipher_rsa_t const rsa_inst)

static int	cipher_rsa_padding_type_parse (UNUSED TALLOC_CTX ctx, void out, UNUSED void parent, CONF_ITEM ci, UNUSED conf_parser_t const *rule)
	Checks if the specified padding type is valid. More...

static int	cipher_rsa_private_key_file_load (TALLOC_CTX ctx, void out, void parent, CONF_ITEM ci, UNUSED conf_parser_t const *rule)
	Load and (optionally decrypt) an RSA private key using OpenSSL functions. More...

static int	cipher_rsa_private_key_file_load (UNUSED TALLOC_CTX ctx, void out, UNUSED void parent, CONF_ITEM ci, UNUSED conf_parser_t const *rule)

static xlat_action_t	cipher_rsa_sign_xlat (TALLOC_CTX ctx, fr_dcursor_t out, xlat_ctx_t const xctx, request_t request, fr_value_box_list_t *in)
	Sign input data. More...

static int	cipher_rsa_thread_instantiate (module_thread_inst_ctx_t const *mctx)
	Pre-initialises the EVP_PKEY_CTX necessary for performing RSA encryption/decryption/sign/verify. More...

static xlat_action_t	cipher_rsa_verify_xlat (TALLOC_CTX ctx, fr_dcursor_t out, xlat_ctx_t const xctx, request_t request, fr_value_box_list_t *in)
	Verify input data. More...

static xlat_action_t	cipher_serial_xlat (TALLOC_CTX ctx, fr_dcursor_t out, xlat_ctx_t const xctx, request_t request, UNUSED fr_value_box_list_t *in)
	Return the serial of the public certificate. More...

static int	cipher_type_parse (UNUSED TALLOC_CTX ctx, void out, UNUSED void parent, CONF_ITEM ci, UNUSED conf_parser_t const *rule)
	Checks if the specified cipher type is valid. More...

static int	digest_type_parse (UNUSED TALLOC_CTX ctx, void out, UNUSED void parent, CONF_ITEM ci, UNUSED conf_parser_t const *rule)
	Calls EVP_get_digestbyname() to convert the digest type. More...

static int	mod_bootstrap (module_inst_ctx_t const *mctx)

static int	mod_thread_instantiate (module_thread_inst_ctx_t const *mctx)

Variables
static fr_table_num_sorted_t const	cert_attributes []
	Public key types. More...

static size_t	cert_attributes_len = NUM_ELEMENTS(cert_attributes)

static fr_table_num_sorted_t const	cipher_cert_verify_mode_table []

static size_t	cipher_cert_verify_mode_table_len = NUM_ELEMENTS(cipher_cert_verify_mode_table)

static xlat_arg_parser_t const	cipher_certificate_xlat_args []

static xlat_arg_parser_t const	cipher_rsa_decrypt_xlat_arg []

static xlat_arg_parser_t const	cipher_rsa_encrypt_xlat_arg []

static fr_table_num_sorted_t const	cipher_rsa_padding []
	The type of padding used. More...

static size_t	cipher_rsa_padding_len = NUM_ELEMENTS(cipher_rsa_padding)

static xlat_arg_parser_t const	cipher_rsa_sign_xlat_arg []

static xlat_arg_parser_t const	cipher_rsa_verify_xlat_arg []

static fr_table_num_sorted_t const	cipher_type []

static size_t	cipher_type_len = NUM_ELEMENTS(cipher_type)

static const conf_parser_t	module_config []

static fr_table_num_sorted_t const	pkey_types []
	Public key types. More...

static size_t	pkey_types_len = NUM_ELEMENTS(pkey_types)

module_rlm_t	rlm_cipher

static const conf_parser_t	rsa_config []
	Configuration for the RSA cipher type. More...

static const conf_parser_t	rsa_oaep_config []
	Configuration for the RSA-PCKS1-OAEP padding scheme. More...

Detailed Description

Creates dynamic expansions for encrypting/decrypting data.

Id: 4fa8e1c270abb2153e1a77cc7fc6ae16449c52a8

Author: Arran Cudbard-Bell (a.cud.nosp@m.bard.nosp@m.b@fre.nosp@m.erad.nosp@m.ius.o.nosp@m.rg)

Copyright: 2018 The FreeRADIUS server project; 2018 Network RADIUS (legal.nosp@m.@net.nosp@m.workr.nosp@m.adiu.nosp@m.s.com)

Definition in file rlm_cipher.c.

Data Structure Documentation

◆ cipher_rsa_oaep_t

struct cipher_rsa_oaep_t

Configuration for the OAEP padding method.

Definition at line 145 of file rlm_cipher.c.

Data Fields
char const *	label	Additional input to the hashing function.
EVP_MD *	mgf1_digest	Masking function digest.
EVP_MD *	oaep_digest	Padding digest type.

◆ cipher_rsa_t

struct cipher_rsa_t

Configuration for RSA encryption/decryption/signing.

Definition at line 157 of file rlm_cipher.c.

Collaboration diagram for cipher_rsa_t:

Data Fields
EVP_PKEY *	certificate_file	Public (certificate) file.
fr_unix_time_t	not_after	Certificate isn't valid after this time.
fr_unix_time_t	not_before	Certificate isn't valid before this time.
cipher_rsa_oaep_t *	oaep	OAEP can use a configurable message digest type.
int	padding	Type of padding to apply to the plaintext or ciphertext before feeding it to RSA crypto functions.
EVP_PKEY *	private_key_file	Private key file.
char const *	private_key_password	Password to decrypt the private key.
char const *	random_file	If set, we read 10K of data (or the complete file) and use it to seed OpenSSL's PRNG.
EVP_MD *	sig_digest	Signature digest type.
cipher_cert_verify_mode_t	verify_mode	How hard we try to verify the certificate.
X509 *	x509_certificate_file	Needed for extracting certificate attributes.

◆ rlm_cipher_rsa_thread_inst_t

struct rlm_cipher_rsa_thread_inst_t

Definition at line 132 of file rlm_cipher.c.

Data Fields
uint8_t *	digest_buff	Pre-allocated digest buffer.
EVP_PKEY_CTX *	evp_decrypt_ctx	Pre-allocated evp_pkey_ctx.
EVP_PKEY_CTX *	evp_encrypt_ctx	Pre-allocated evp_pkey_ctx.
EVP_MD_CTX *	evp_md_ctx	Pre-allocated evp_md_ctx for sign and verify.
EVP_PKEY_CTX *	evp_sign_ctx	Pre-allocated evp_pkey_ctx.
EVP_PKEY_CTX *	evp_verify_ctx	Pre-allocated evp_pkey_ctx.

◆ rlm_cipher_t

struct rlm_cipher_t

Instance configuration.

Definition at line 182 of file rlm_cipher.c.

Data Fields
union rlm_cipher_t	__unnamed__	Supported cipher types.
cipher_type_t	type	Type of encryption to use.

◆ rlm_cipher_t.unnamed148

union rlm_cipher_t.__unnamed148__

Supported cipher types.

Definition at line 188 of file rlm_cipher.c.

Data Fields
cipher_rsa_t *	rsa	Use RSA encryption (with optional padding).

Enumeration Type Documentation

◆ cipher_cert_attributes_t

enum cipher_cert_attributes_t

Enumerator
CIPHER_CERT_ATTR_UNKNOWN	Unrecognised attribute.
CIPHER_CERT_ATTR_SERIAL	Certificate's serial number.
CIPHER_CERT_ATTR_FINGERPRINT	Dynamically calculated fingerprint.
CIPHER_CERT_ATTR_NOT_BEFORE	Time the certificate becomes valid.
CIPHER_CERT_ATTR_NOT_AFTER	Time the certificate expires.

Definition at line 76 of file rlm_cipher.c.

◆ cipher_cert_verify_mode_t

enum cipher_cert_verify_mode_t

Certificate validation modes.

Enumerator
CIPHER_CERT_VERIFY_INVALID
CIPHER_CERT_VERIFY_HARD	Fail if the certificate isn't valid.
CIPHER_CERT_VERIFY_SOFT	Warn if the certificate isn't valid.
CIPHER_CERT_VERIFY_NONE	Don't check to see if the we're between notBefore or notAfter.

Definition at line 67 of file rlm_cipher.c.

◆ cipher_type_t

enum cipher_type_t

Enumerator
RLM_CIPHER_TYPE_INVALID
RLM_CIPHER_TYPE_RSA

Definition at line 59 of file rlm_cipher.c.

Function Documentation

◆ _evp_md_ctx_free()

static int _evp_md_ctx_free ( EVP_MD_CTX * evp_md_ctx )

static

Talloc destructor for freeing an EVP_MD_CTX.

Parameters

[in] evp_md_ctx to free.

Returns: 0

Definition at line 1020 of file rlm_cipher.c.

Here is the caller graph for this function:

◆ _evp_pkey_ctx_free()

static int _evp_pkey_ctx_free ( EVP_PKEY_CTX * evp_pkey_ctx )

static

Talloc destructor for freeing an EVP_PKEY_CTX.

Parameters

[in] evp_pkey_ctx to free.

Returns: 0

Definition at line 1008 of file rlm_cipher.c.

Here is the caller graph for this function:

◆ _evp_pkey_free()

static int _evp_pkey_free ( EVP_PKEY * pkey )

static

Talloc destructor for freeing an EVP_PKEY (representing a certificate)

Parameters

[in] pkey to free.

Returns: 0

Definition at line 370 of file rlm_cipher.c.

Here is the caller graph for this function:

◆ _get_private_key_password()

static int _get_private_key_password	(	char *	buf,
		int	size,
		UNUSED int	rwflag,
		void *	u
	)

static

Return the static private key password we have configured.

Parameters

[out]	buf	Where to write the password to.
[in]	size	The length of buf.
[in]	rwflag	0 if password used for decryption. 1 if password used for encryption.
[in]	u	The static password.

Returns

0 on error.
>0 on success (the length of the password).

Definition at line 344 of file rlm_cipher.c.

Here is the caller graph for this function:

◆ _x509_cert_free()

static int _x509_cert_free ( X509 * cert )

static

Talloc destructor for freeing an X509 struct (representing a public certificate)

Parameters

[in] cert to free.

Returns: 0

Definition at line 382 of file rlm_cipher.c.

Here is the caller graph for this function:

◆ cipher_certificate_xlat()

static xlat_action_t cipher_certificate_xlat	(	TALLOC_CTX *	ctx,
		fr_dcursor_t *	out,
		xlat_ctx_t const *	xctx,
		request_t *	request,
		fr_value_box_list_t *	in
	)

static

Definition at line 968 of file rlm_cipher.c.

Here is the call graph for this function:

Here is the caller graph for this function:

◆ cipher_rsa_certificate_file_load() [1/2]

static int cipher_rsa_certificate_file_load	(	TALLOC_CTX *	ctx,
		void *	out,
		UNUSED void *	parent,
		CONF_ITEM *	ci,
		UNUSED conf_parser_t const *	rule
	)

static

◆ cipher_rsa_certificate_file_load() [2/2]

static int cipher_rsa_certificate_file_load	(	TALLOC_CTX *	ctx,
		void *	out,
		void *	parent,
		CONF_ITEM *	ci,
		UNUSED conf_parser_t const *	rule
	)

static

Load an RSA public key using OpenSSL functions.

Parameters

[in]	ctx	UNUSED. Although the EVP_PKEY struct will be allocated with talloc, we need to call the specialised free function anyway.
[out]	out	Where to write the EVP_PKEY * representing the certificate we just loaded.
[in]	parent	Base structure address.
[in]	ci	Config item containing the certificate path.
[in]	rule	this callback was attached to.

Returns

-1 on failure.
0 on success.

Definition at line 462 of file rlm_cipher.c.

Here is the call graph for this function:

◆ cipher_rsa_padding_params_set()

static int cipher_rsa_padding_params_set	(	EVP_PKEY_CTX *	evp_pkey_ctx,
		cipher_rsa_t const *	rsa_inst
	)

static

Definition at line 1027 of file rlm_cipher.c.

Here is the call graph for this function:

Here is the caller graph for this function:

◆ cipher_rsa_padding_type_parse()

static int cipher_rsa_padding_type_parse	(	UNUSED TALLOC_CTX *	ctx,
		void *	out,
		UNUSED void *	parent,
		CONF_ITEM *	ci,
		UNUSED conf_parser_t const *	rule
	)

static

Checks if the specified padding type is valid.

Parameters

[in]	ctx	to allocate data in.
[out]	out	Padding type.
[in]	parent	Base structure address.
[in]	ci	CONF_PAIR specifying the padding type..
[in]	rule	unused.

Returns

0 on success.
-1 on failure.

Definition at line 282 of file rlm_cipher.c.

Here is the call graph for this function:

◆ cipher_rsa_private_key_file_load() [1/2]

static int cipher_rsa_private_key_file_load	(	TALLOC_CTX *	ctx,
		void *	out,
		void *	parent,
		CONF_ITEM *	ci,
		UNUSED conf_parser_t const *	rule
	)

static

Load and (optionally decrypt) an RSA private key using OpenSSL functions.

Parameters

[in]	ctx	UNUSED. Although the EVP_PKEY struct will be allocated with talloc, we need to call the specialised free function anyway.
[out]	out	Where to write the EVP_PKEY * representing the certificate we just loaded.
[in]	parent	Base structure address.
[in]	ci	Config item containing the certificate path.
[in]	rule	this callback was attached to.

Returns

-1 on failure.
0 on success.

Definition at line 403 of file rlm_cipher.c.

Here is the call graph for this function:

◆ cipher_rsa_private_key_file_load() [2/2]

static int cipher_rsa_private_key_file_load	(	UNUSED TALLOC_CTX *	ctx,
		void *	out,
		UNUSED void *	parent,
		CONF_ITEM *	ci,
		UNUSED conf_parser_t const *	rule
	)

static

◆ cipher_rsa_thread_instantiate()

static int cipher_rsa_thread_instantiate ( module_thread_inst_ctx_t const * mctx )

static

Pre-initialises the EVP_PKEY_CTX necessary for performing RSA encryption/decryption/sign/verify.

If reference counting is used for EVP_PKEY structs, should also prevent any mutex contention associated with incrementing/decrementing those references.

xlat functions MUST NOT interleave PKEY operations with yields

Returns: 0.

Definition at line 1096 of file rlm_cipher.c.

Here is the call graph for this function:

Here is the caller graph for this function:

◆ cipher_type_parse()

static int cipher_type_parse	(	UNUSED TALLOC_CTX *	ctx,
		void *	out,
		UNUSED void *	parent,
		CONF_ITEM *	ci,
		UNUSED conf_parser_t const *	rule
	)

static

Checks if the specified cipher type is valid.

Parameters

[in]	ctx	to allocate data in.
[out]	out	Cipher enumeration type.
[in]	parent	Base structure address.
[in]	ci	CONF_PAIR specifying the name of the type module.
[in]	rule	unused.

Returns

0 on success.
-1 on failure.

Definition at line 311 of file rlm_cipher.c.

Here is the call graph for this function:

◆ digest_type_parse()

static int digest_type_parse	(	UNUSED TALLOC_CTX *	ctx,
		void *	out,
		UNUSED void *	parent,
		CONF_ITEM *	ci,
		UNUSED conf_parser_t const *	rule
	)

static

Calls EVP_get_digestbyname() to convert the digest type.

Parameters

[in]	ctx	to allocate data in.
[out]	out	EVP_MD representing the OpenSSL digest type.
[in]	parent	Base structure address.
[in]	ci	CONF_PAIR specifying the name of the digest.
[in]	rule	unused.

Returns

0 on success.
-1 on failure.

Definition at line 253 of file rlm_cipher.c.

Here is the call graph for this function:

◆ mod_bootstrap()

static int mod_bootstrap ( module_inst_ctx_t const * mctx )

static

Definition at line 1278 of file rlm_cipher.c.

Here is the call graph for this function:

◆ mod_thread_instantiate()

static int mod_thread_instantiate ( module_thread_inst_ctx_t const * mctx )

static

Definition at line 1256 of file rlm_cipher.c.

Here is the call graph for this function:

Variable Documentation

◆ cert_attributes

fr_table_num_sorted_t const cert_attributes[]

static

Initial value:

= {
        { L("fingerprint"),     CIPHER_CERT_ATTR_FINGERPRINT    },
        { L("notAfter"),        CIPHER_CERT_ATTR_NOT_AFTER      },
        { L("notBefore"),       CIPHER_CERT_ATTR_NOT_BEFORE     },
        { L("serial"),          CIPHER_CERT_ATTR_SERIAL         },
}

Public key types.

Definition at line 124 of file rlm_cipher.c.

◆ cert_attributes_len

size_t cert_attributes_len = NUM_ELEMENTS(cert_attributes)

static

Definition at line 130 of file rlm_cipher.c.

◆ cipher_cert_verify_mode_table

fr_table_num_sorted_t const cipher_cert_verify_mode_table[]

static

Initial value:

= {
        { L("hard"),    CIPHER_CERT_VERIFY_HARD },
        { L("none"),    CIPHER_CERT_VERIFY_SOFT },
        { L("soft"),    CIPHER_CERT_VERIFY_NONE }
}

Definition at line 114 of file rlm_cipher.c.

◆ cipher_cert_verify_mode_table_len

size_t cipher_cert_verify_mode_table_len = NUM_ELEMENTS(cipher_cert_verify_mode_table)

static

Definition at line 119 of file rlm_cipher.c.

◆ cipher_certificate_xlat_args

xlat_arg_parser_t const cipher_certificate_xlat_args[]

static

Initial value:

= {
        { .required = true, .concat = false, .single = true, .type = FR_TYPE_STRING },
        { .required = false, .concat = false, .single = true, .type = FR_TYPE_STRING }, 
        XLAT_ARG_PARSER_TERMINATOR
}

Definition at line 881 of file rlm_cipher.c.

◆ cipher_rsa_decrypt_xlat_arg

xlat_arg_parser_t const cipher_rsa_decrypt_xlat_arg[]

static

Initial value:

= {
        { .required = true, .concat = true, .type = FR_TYPE_OCTETS },
        XLAT_ARG_PARSER_TERMINATOR
}

Definition at line 706 of file rlm_cipher.c.

◆ cipher_rsa_encrypt_xlat_arg

xlat_arg_parser_t const cipher_rsa_encrypt_xlat_arg[]

static

Initial value:

= {
        { .required = true, .concat = true, .type = FR_TYPE_STRING },
        XLAT_ARG_PARSER_TERMINATOR
}

Definition at line 567 of file rlm_cipher.c.

◆ cipher_rsa_padding

fr_table_num_sorted_t const cipher_rsa_padding[]

static

Initial value:

= {
        { L("none"),    RSA_NO_PADDING          },
        { L("oaep"),    RSA_PKCS1_OAEP_PADDING  },              
        { L("pkcs"),    RSA_PKCS1_PADDING       },              
 
        { L("ssl"),     RSA_SSLV23_PADDING      },
 
        { L("x931"),    RSA_X931_PADDING        }
}

The type of padding used.

Definition at line 98 of file rlm_cipher.c.

◆ cipher_rsa_padding_len

size_t cipher_rsa_padding_len = NUM_ELEMENTS(cipher_rsa_padding)

static

Definition at line 107 of file rlm_cipher.c.

◆ cipher_rsa_sign_xlat_arg

xlat_arg_parser_t const cipher_rsa_sign_xlat_arg[]

static

Initial value:

= {
        { .required = true, .concat = true, .type = FR_TYPE_STRING },
        XLAT_ARG_PARSER_TERMINATOR
}

Definition at line 628 of file rlm_cipher.c.

◆ cipher_rsa_verify_xlat_arg

xlat_arg_parser_t const cipher_rsa_verify_xlat_arg[]

static

Initial value:

= {
        { .required = true, .concat = false, .single = true, .type = FR_TYPE_VOID },
        { .required = true, .concat = true, .type = FR_TYPE_STRING },
        { .variadic = XLAT_ARG_VARIADIC_EMPTY_SQUASH, .concat = true,  .type = FR_TYPE_STRING },
        XLAT_ARG_PARSER_TERMINATOR
}

Definition at line 765 of file rlm_cipher.c.

◆ cipher_type

fr_table_num_sorted_t const cipher_type[]

static

Initial value:

= {
        { L("rsa"),     RLM_CIPHER_TYPE_RSA     }
}

Definition at line 109 of file rlm_cipher.c.

◆ cipher_type_len

size_t cipher_type_len = NUM_ELEMENTS(cipher_type)

static

Definition at line 112 of file rlm_cipher.c.

◆ module_config

const conf_parser_t module_config[]

static

Initial value:

= {
        { FR_CONF_OFFSET_TYPE_FLAGS("type", FR_TYPE_VOID, CONF_FLAG_NOT_EMPTY, rlm_cipher_t, type), .func = cipher_type_parse, .dflt = "rsa" },
        { FR_CONF_OFFSET_SUBSECTION("rsa", 0, rlm_cipher_t, rsa, rsa_config), .subcs_size = sizeof(cipher_rsa_t), .subcs_type = "cipher_rsa_t" },
 
        CONF_PARSER_TERMINATOR
}

Definition at line 235 of file rlm_cipher.c.

◆ pkey_types

fr_table_num_sorted_t const pkey_types[]

static

Initial value:

= {
        { L("DH"),      EVP_PKEY_DH             },
        { L("DSA"),     EVP_PKEY_DSA            },
        { L("EC"),      EVP_PKEY_EC             },
        { L("RSA"),     EVP_PKEY_RSA            }
}

Public key types.

Definition at line 87 of file rlm_cipher.c.

◆ pkey_types_len

size_t pkey_types_len = NUM_ELEMENTS(pkey_types)

static

Definition at line 93 of file rlm_cipher.c.

◆ rlm_cipher

module_rlm_t rlm_cipher

Initial value:

= {
        .common = {
                .magic                  = MODULE_MAGIC_INIT,
                .name                   = "cipher",
                .flags                  = MODULE_TYPE_THREAD_SAFE,
                .inst_size              = sizeof(rlm_cipher_t),
                .thread_inst_size       = sizeof(rlm_cipher_rsa_thread_inst_t),
                .config                 = module_config,
                .bootstrap              = mod_bootstrap,
                .thread_instantiate     = mod_thread_instantiate
        }
}

Definition at line 1374 of file rlm_cipher.c.

◆ rsa_config

const conf_parser_t rsa_config[]

static

Initial value:

= {
        { FR_CONF_OFFSET("verify_mode", cipher_rsa_t, verify_mode),
                         .func = cf_table_parse_int,
                         .uctx = &(cf_table_parse_ctx_t){
                                .table = cipher_cert_verify_mode_table,
                                .len = &cipher_cert_verify_mode_table_len
                         },
                         .dflt = "hard" }, 
 
        { FR_CONF_OFFSET_FLAGS("private_key_password", CONF_FLAG_SECRET, cipher_rsa_t, private_key_password) }, 
        { FR_CONF_OFFSET_TYPE_FLAGS("private_key_file", FR_TYPE_VOID, CONF_FLAG_NOT_EMPTY, cipher_rsa_t, private_key_file), .func = cipher_rsa_private_key_file_load },
        { FR_CONF_OFFSET_TYPE_FLAGS("certificate_file", FR_TYPE_VOID, CONF_FLAG_NOT_EMPTY, cipher_rsa_t, certificate_file), .func = cipher_rsa_certificate_file_load },
 
        { FR_CONF_OFFSET("random_file", cipher_rsa_t, random_file) },
 
        { FR_CONF_OFFSET_TYPE_FLAGS("signature_digest", FR_TYPE_VOID, CONF_FLAG_NOT_EMPTY, cipher_rsa_t, sig_digest), .func = digest_type_parse, .dflt = "sha256" },
 
        { FR_CONF_OFFSET_TYPE_FLAGS("padding_type", FR_TYPE_VOID, CONF_FLAG_NOT_EMPTY, cipher_rsa_t, padding), .func = cipher_rsa_padding_type_parse, .dflt = "pkcs" },
 
        { FR_CONF_OFFSET_SUBSECTION("oaep", 0, cipher_rsa_t, oaep, rsa_oaep_config),
                         .subcs_size = sizeof(cipher_rsa_oaep_t), .subcs_type = "cipher_rsa_oaep_t" },
 
        CONF_PARSER_TERMINATOR
}

Configuration for the RSA cipher type.

Definition at line 207 of file rlm_cipher.c.

◆ rsa_oaep_config

const conf_parser_t rsa_oaep_config[]

static

Initial value:

= {
        { FR_CONF_OFFSET_TYPE_FLAGS("oaep_digest", FR_TYPE_VOID, CONF_FLAG_NOT_EMPTY, cipher_rsa_oaep_t, oaep_digest), .func = digest_type_parse, .dflt = "sha256" },
        { FR_CONF_OFFSET_TYPE_FLAGS("mgf1_digest", FR_TYPE_VOID, CONF_FLAG_NOT_EMPTY, cipher_rsa_oaep_t, mgf1_digest), .func = digest_type_parse, .dflt = "sha256" },
        { FR_CONF_OFFSET("label", cipher_rsa_oaep_t, label) },
 
        CONF_PARSER_TERMINATOR
}

Configuration for the RSA-PCKS1-OAEP padding scheme.

Definition at line 196 of file rlm_cipher.c.

Data Structures

Enumerations

Functions

Variables

Detailed Description

Data Structure Documentation

◆ cipher_rsa_oaep_t

◆ cipher_rsa_t

◆ rlm_cipher_rsa_thread_inst_t

◆ rlm_cipher_t

◆ rlm_cipher_t.__unnamed148__

Enumeration Type Documentation

◆ cipher_cert_attributes_t

◆ cipher_cert_verify_mode_t

◆ cipher_type_t

Function Documentation

◆ _evp_md_ctx_free()

◆ _evp_pkey_ctx_free()

◆ _evp_pkey_free()

◆ _get_private_key_password()

◆ _x509_cert_free()

◆ cipher_certificate_xlat()

◆ cipher_rsa_certificate_file_load() [1/2]

◆ cipher_rsa_certificate_file_load() [2/2]

◆ cipher_rsa_padding_params_set()

◆ cipher_rsa_padding_type_parse()

◆ cipher_rsa_private_key_file_load() [1/2]

◆ cipher_rsa_private_key_file_load() [2/2]

◆ cipher_rsa_thread_instantiate()

◆ cipher_type_parse()

◆ digest_type_parse()

◆ mod_bootstrap()

◆ mod_thread_instantiate()

Variable Documentation

◆ cert_attributes

◆ cert_attributes_len

◆ cipher_cert_verify_mode_table

◆ cipher_cert_verify_mode_table_len

◆ cipher_certificate_xlat_args

◆ cipher_rsa_decrypt_xlat_arg

◆ cipher_rsa_encrypt_xlat_arg

◆ cipher_rsa_padding

◆ cipher_rsa_padding_len

◆ cipher_rsa_sign_xlat_arg

◆ cipher_rsa_verify_xlat_arg

◆ cipher_type

◆ cipher_type_len

◆ module_config

◆ pkey_types

◆ pkey_types_len

◆ rlm_cipher

◆ rsa_config

◆ rsa_oaep_config

◆ rlm_cipher_t.unnamed148