Refactor data channel setting to CryptoDCSettingsData class

Instead of passing around a number of individual argument, use a data
holder class to describe all the settings. This will also allow adding
more data channel parameters in the future (tag location, 64 bit IV)
easier.  This has a slight cost of something passing more parameters
than needed.

Signed-off-by: Arne Schwabe <[email protected]>

openvpn/crypto/crypto_aead.hpp

@@ -157,10 +157,10 @@ class Crypto : public CryptoDCInstance
     typedef CryptoDCInstance Base;
 
     Crypto(SSLLib::Ctx libctx_arg,
-           const CryptoAlgs::Type cipher_arg,
+           CryptoDCSettingsData dc_settings_data,
            const Frame::Ptr &frame_arg,
            const SessionStats::Ptr &stats_arg)
-        : cipher(cipher_arg),
+        : dc_settings(dc_settings_data),
           frame(frame_arg),
           stats(stats_arg),
           libctx(libctx_arg)
@@ -270,12 +270,12 @@ class Crypto : public CryptoDCInstance
     void init_cipher(StaticKey &&encrypt_key, StaticKey &&decrypt_key) override
     {
         e.impl.init(libctx,
-                    cipher,
+                    dc_settings.cipher(),
                     encrypt_key.data(),
                     clamp_to_default<unsigned int>(encrypt_key.size(), 0),
                     CRYPTO_API::CipherContextAEAD::ENCRYPT);
         d.impl.init(libctx,
-                    cipher,
+                    dc_settings.cipher(),
                     decrypt_key.data(),
                     clamp_to_default<unsigned int>(decrypt_key.size(), 0),
                     CRYPTO_API::CipherContextAEAD::DECRYPT);
@@ -288,15 +288,13 @@ class Crypto : public CryptoDCInstance
         d.nonce.set_tail(decrypt_key);
     }
 
-    void init_pid(const int send_form,
-                  const int recv_mode,
-                  const int recv_form,
+    void init_pid(const int recv_mode,
                   const char *recv_name,
                   const int recv_unit,
                   const SessionStats::Ptr &recv_stats_arg) override
     {
-        e.pid_send.init(send_form);
-        d.pid_recv.init(recv_mode, recv_form, recv_name, recv_unit, recv_stats_arg);
+        e.pid_send.init(PacketID::SHORT_FORM);
+        d.pid_recv.init(recv_mode, PacketID::SHORT_FORM, recv_name, recv_unit, recv_stats_arg);
     }
 
     // Indicate whether or not cipher/digest is defined
@@ -307,7 +305,7 @@ class Crypto : public CryptoDCInstance
 
         // AEAD mode doesn't use HMAC, but we still indicate HMAC_DEFINED
         // because we want to use the HMAC keying material for the AEAD nonce tail.
-        if (CryptoAlgs::defined(cipher))
+        if (CryptoAlgs::defined(dc_settings.cipher()))
             ret |= (CIPHER_DEFINED | HMAC_DEFINED);
         return ret;
     }
@@ -324,7 +322,7 @@ class Crypto : public CryptoDCInstance
     }
 
   private:
-    CryptoAlgs::Type cipher;
+    CryptoDCSettingsData dc_settings;
     Frame::Ptr frame;
     SessionStats::Ptr stats;
     SSLLib::Ctx libctx;
@@ -339,31 +337,29 @@ class CryptoContext : public CryptoDCContext
     typedef RCPtr<CryptoContext> Ptr;
 
     CryptoContext(SSLLib::Ctx libctx_arg,
-                  const CryptoAlgs::Type cipher_arg,
-                  const CryptoAlgs::KeyDerivation key_method,
+                  CryptoDCSettingsData dc_settings_data,
                   const Frame::Ptr &frame_arg,
                   const SessionStats::Ptr &stats_arg)
-        : CryptoDCContext(key_method),
-          cipher(CryptoAlgs::legal_dc_cipher(cipher_arg)),
+        : CryptoDCContext(dc_settings_data.key_derivation()),
+          dc_settings(std::move(dc_settings_data)),
           frame(frame_arg),
           stats(stats_arg),
           libctx(libctx_arg)
     {
+        /* Check if the cipher is legal for AEAD and otherwise throw */
+        legal_dc_cipher(dc_settings.cipher());
+        dc_settings.set_digest(CryptoAlgs::NONE);
     }
 
     CryptoDCInstance::Ptr new_obj(const unsigned int key_id) override
     {
-        return new Crypto<CRYPTO_API>(libctx, cipher, frame, stats);
+        return new Crypto<CRYPTO_API>(libctx, dc_settings, frame, stats);
     }
 
     // cipher/HMAC/key info
-    Info crypto_info() override
+    CryptoDCSettingsData crypto_info() override
     {
-        Info ret;
-        ret.cipher_alg = cipher;
-        ret.hmac_alg = CryptoAlgs::NONE;
-        ret.key_derivation = key_derivation;
-        return ret;
+        return dc_settings;
     }
 
     // Info for ProtoContext::link_mtu_adjust
@@ -374,7 +370,7 @@ class CryptoContext : public CryptoDCContext
     }
 
   private:
-    CryptoAlgs::Type cipher;
+    CryptoDCSettingsData dc_settings;
     Frame::Ptr frame;
     SessionStats::Ptr stats;
     SSLLib::Ctx libctx;

openvpn/crypto/crypto_chm.hpp

@@ -40,13 +40,11 @@ class CryptoCHM : public CryptoDCInstance
 
     CryptoCHM(
         SSLLib::Ctx libctx_arg,
-        const CryptoAlgs::Type cipher_arg,
-        const CryptoAlgs::Type digest_arg,
+        CryptoDCSettingsData dc_settings_data,
         const Frame::Ptr &frame_arg,
         const SessionStats::Ptr &stats_arg,
         const StrongRandomAPI::Ptr &rng_arg)
-        : cipher(cipher_arg),
-          digest(digest_arg),
+        : dc_settings(dc_settings_data),
           frame(frame_arg),
           stats(stats_arg),
           rng(rng_arg),
@@ -76,26 +74,27 @@ class CryptoCHM : public CryptoDCInstance
     void init_cipher(StaticKey &&encrypt_key,
                      StaticKey &&decrypt_key) override
     {
-        encrypt_.cipher.init(libctx, cipher, encrypt_key, CRYPTO_API::CipherContext::ENCRYPT);
-        decrypt_.cipher.init(libctx, cipher, decrypt_key, CRYPTO_API::CipherContext::DECRYPT);
+        encrypt_.cipher.init(libctx, dc_settings.cipher(), encrypt_key, CRYPTO_API::CipherContext::ENCRYPT);
+        decrypt_.cipher.init(libctx, dc_settings.cipher(), decrypt_key, CRYPTO_API::CipherContext::DECRYPT);
     }
 
     void init_hmac(StaticKey &&encrypt_key,
                    StaticKey &&decrypt_key) override
     {
-        encrypt_.hmac.init(digest, encrypt_key);
-        decrypt_.hmac.init(digest, decrypt_key);
+        encrypt_.hmac.init(dc_settings.digest(), encrypt_key);
+        decrypt_.hmac.init(dc_settings.digest(), decrypt_key);
     }
 
-    void init_pid(const int send_form,
-                  const int recv_mode,
-                  const int recv_form,
+    void init_pid(const int recv_mode,
                   const char *recv_name,
                   const int recv_unit,
                   const SessionStats::Ptr &recv_stats_arg) override
     {
-        encrypt_.pid_send.init(send_form);
-        decrypt_.pid_recv.init(recv_mode, recv_form, recv_name, recv_unit, recv_stats_arg);
+        /* CBC encryption always uses short packet ID */
+        auto pid_form = PacketID::SHORT_FORM;
+
+        encrypt_.pid_send.init(pid_form);
+        decrypt_.pid_recv.init(recv_mode, pid_form, recv_name, recv_unit, recv_stats_arg);
     }
 
     bool consider_compression(const CompressContext &comp_ctx) override
@@ -108,9 +107,9 @@ class CryptoCHM : public CryptoDCInstance
     unsigned int defined() const override
     {
         unsigned int ret = CRYPTO_DEFINED;
-        if (CryptoAlgs::defined(cipher))
+        if (CryptoAlgs::defined(dc_settings.cipher()))
             ret |= CIPHER_DEFINED;
-        if (CryptoAlgs::defined(digest))
+        if (CryptoAlgs::defined(dc_settings.digest()))
             ret |= HMAC_DEFINED;
         return ret;
     }
@@ -122,8 +121,7 @@ class CryptoCHM : public CryptoDCInstance
     }
 
   private:
-    CryptoAlgs::Type cipher;
-    CryptoAlgs::Type digest;
+    CryptoDCSettingsData dc_settings;
     Frame::Ptr frame;
     SessionStats::Ptr stats;
     StrongRandomAPI::Ptr rng;
@@ -141,15 +139,12 @@ class CryptoContextCHM : public CryptoDCContext
 
     CryptoContextCHM(
         SSLLib::Ctx libctx_arg,
-        const CryptoAlgs::Type cipher_arg,
-        const CryptoAlgs::Type digest_arg,
-        const CryptoAlgs::KeyDerivation key_method,
+        CryptoDCSettingsData dc_settings_arg,
         const Frame::Ptr &frame_arg,
         const SessionStats::Ptr &stats_arg,
         const StrongRandomAPI::Ptr &rng_arg)
-        : CryptoDCContext(key_method),
-          cipher(CryptoAlgs::dc_cbc_cipher(cipher_arg)),
-          digest(CryptoAlgs::dc_cbc_hash(digest_arg)),
+        : CryptoDCContext(dc_settings_arg.key_derivation()),
+          dc_settings(std::move(dc_settings_arg)),
           frame(frame_arg),
           stats(stats_arg),
           rng(rng_arg),
@@ -163,35 +158,29 @@ class CryptoContextCHM : public CryptoDCContext
          * can be called and calculated for the OCC strings even if we do not allow the cipher
          * to be actually used */
         return new CryptoCHM<CRYPTO_API>(libctx,
-                                         CryptoAlgs::legal_dc_cipher(cipher),
-                                         CryptoAlgs::legal_dc_digest(digest),
+                                         dc_settings,
                                          frame,
                                          stats,
                                          rng);
     }
 
     // cipher/HMAC/key info
-    Info crypto_info() override
+    CryptoDCSettingsData crypto_info() override
     {
-        Info ret;
-        ret.cipher_alg = cipher;
-        ret.hmac_alg = digest;
-        ret.key_derivation = key_derivation;
-        return ret;
+        return dc_settings;
     }
 
     // Info for ProtoContext::link_mtu_adjust
 
     size_t encap_overhead() const override
     {
-        return CryptoAlgs::size(digest) +      // HMAC
-               CryptoAlgs::iv_length(cipher) + // Cipher IV
-               CryptoAlgs::block_size(cipher); // worst-case PKCS#7 padding expansion
+        return CryptoAlgs::size(dc_settings.digest()) +      // HMAC
+               CryptoAlgs::iv_length(dc_settings.cipher()) + // Cipher IV
+               CryptoAlgs::block_size(dc_settings.cipher()); // worst-case PKCS#7 padding expansion
     }
 
   private:
-    CryptoAlgs::Type cipher;
-    CryptoAlgs::Type digest;
+    CryptoDCSettingsData dc_settings;
     Frame::Ptr frame;
     SessionStats::Ptr stats;
     StrongRandomAPI::Ptr rng;