#include "syshead.h"
#include "ssl_util.h"
#include "ssl_pkt.h"
#include "ssl_common.h"
#include "crypto.h"
#include "session_id.h"
#include "reliable.h"
#include "tls_crypt.h"

Include dependency graph for ssl_pkt.c:

Macros
#define	SWAP_BUF_SIZE 256

Functions
static bool	swap_hmac (struct buffer buf, const struct crypto_options co, bool incoming)
	Move a packet authentication HMAC + related fields to or from the front of the buffer so it can be processed by encrypt/decrypt. More...

static void	tls_wrap_control (struct tls_wrap_ctx ctx, uint8_t header, struct buffer buf, struct session_id *session_id)
	Wraps a TLS control packet by adding tls-auth HMAC or tls-crypt(-v2) encryption and opcode header including session id. More...

void	write_control_auth (struct tls_session session, struct key_state ks, struct buffer buf, struct link_socket_actual *to_link_addr, int opcode, int max_ack, bool prepend_ack)

bool	read_control_auth (struct buffer buf, struct tls_wrap_ctx ctx, const struct link_socket_actual from, const struct tls_options opt)

void	free_tls_pre_decrypt_state (struct tls_pre_decrypt_state *state)

enum first_packet_verdict	tls_pre_decrypt_lite (const struct tls_auth_standalone tas, struct tls_pre_decrypt_state state, const struct link_socket_actual from, const struct buffer buf)
	Inspect an incoming packet for which no VPN tunnel is active, and determine whether a new VPN tunnel should be created. More...

struct buffer	tls_reset_standalone (struct tls_wrap_ctx ctx, struct tls_auth_standalone tas, struct session_id own_sid, struct session_id remote_sid, uint8_t header, bool request_resend_wkc)
	This function creates a reset packet using the information from the tls pre decrypt state. More...

hmac_ctx_t *	session_id_hmac_init (void)

struct session_id	calculate_session_id_hmac (struct session_id client_sid, const struct openvpn_sockaddr from, hmac_ctx_t hmac, int handwindow, int offset)
	Calculates the HMAC based server session id based on a client session id and socket addr. More...

bool	check_session_id_hmac (struct tls_pre_decrypt_state state, const struct openvpn_sockaddr from, hmac_ctx_t *hmac, int handwindow)
	Checks if a control packet has a correct HMAC server session id. More...

Macro Definition Documentation

◆ SWAP_BUF_SIZE

#define SWAP_BUF_SIZE 256

Definition at line 41 of file ssl_pkt.c.

Function Documentation

◆ calculate_session_id_hmac()

struct session_id calculate_session_id_hmac	(	struct session_id	client_sid,
		const struct openvpn_sockaddr *	from,
		hmac_ctx_t *	hmac,
		int	handwindow,
		int	offset
	)

Calculates the HMAC based server session id based on a client session id and socket addr.

Parameters

client_sid	session id of the client
from	link_socket from the client
hmac	the hmac context to use for the calculation
handwindow	the quantisation of the current time
offset	offset to 'now' to use

Returns: the expected server session id

Definition at line 487 of file ssl_pkt.c.

References hmac_ctx_final(), hmac_ctx_reset(), hmac_ctx_update(), now, SHA256_DIGEST_LENGTH, and SID_SIZE.

Referenced by check_session_id_hmac(), do_pre_decrypt_check(), and test_calc_session_id_hmac_static().

◆ check_session_id_hmac()

bool check_session_id_hmac	(	struct tls_pre_decrypt_state *	state,
		const struct openvpn_sockaddr *	from,
		hmac_ctx_t *	hmac,
		int	handwindow
	)

Checks if a control packet has a correct HMAC server session id.

Parameters

client_sid	session id of the client
from	link_socket from the client
hmac	the hmac context to use for the calculation
handwindow	the quantisation of the current time

Returns: the expected server session id

Definition at line 529 of file ssl_pkt.c.

References calculate_session_id_hmac(), memcmp_constant_time(), tls_pre_decrypt_state::newbuf, tls_pre_decrypt_state::peer_session_id, reliable_ack_parse(), tls_pre_decrypt_state::server_session_id, and SID_SIZE.

Referenced by do_pre_decrypt_check(), test_verify_hmac_none(), and test_verify_hmac_tls_auth().

◆ free_tls_pre_decrypt_state()

void free_tls_pre_decrypt_state ( struct tls_pre_decrypt_state * state )

Parameters

state

Definition at line 285 of file ssl_pkt.c.

References tls_wrap_ctx::cleanup_key_ctx, free_buf(), free_key_ctx_bi(), crypto_options::key_ctx_bi, tls_pre_decrypt_state::newbuf, tls_wrap_ctx::opt, tls_wrap_ctx::tls_crypt_v2_metadata, and tls_pre_decrypt_state::tls_wrap_tmp.

Referenced by multi_get_create_instance_udp(), test_generate_reset_packet_plain(), test_generate_reset_packet_tls_auth(), test_tls_decrypt_lite_auth(), test_tls_decrypt_lite_crypt(), test_tls_decrypt_lite_none(), test_verify_hmac_none(), and test_verify_hmac_tls_auth().

◆ read_control_auth()

bool read_control_auth	(	struct buffer *	buf,
		struct tls_wrap_ctx *	ctx,
		const struct link_socket_actual *	from,
		const struct tls_options *	opt
	)

Definition at line 200 of file ssl_pkt.c.

References alloc_buf_gc(), ASSERT, BPTR, buf_advance(), buf_clear(), buf_copy(), buf_forward_capacity_total(), buf_init, key_ctx::cipher, cleanup(), clear_buf(), D_TLS_ERRORS, gc_free(), gc_new(), buffer::len, tls_wrap_ctx::mode, msg, buffer::offset, openvpn_decrypt(), tls_wrap_ctx::opt, P_CONTROL_HARD_RESET_CLIENT_V3, P_CONTROL_WKC_V1, P_OPCODE_SHIFT, print_link_socket_actual(), SID_SIZE, swap_hmac(), tls_crypt_unwrap(), tls_crypt_v2_extract_client_key(), and tls_wrap_ctx::tls_crypt_v2_server_key.

Referenced by tls_pre_decrypt(), and tls_pre_decrypt_lite().

◆ session_id_hmac_init()

hmac_ctx_t* session_id_hmac_init ( void )

Definition at line 473 of file ssl_pkt.c.

References ASSERT, hmac_ctx_init(), hmac_ctx_new(), md_valid(), rand_bytes(), and SHA256_DIGEST_LENGTH.

Referenced by do_init_crypto_tls(), test_verify_hmac_none(), and test_verify_hmac_tls_auth().

◆ swap_hmac()

static bool swap_hmac	(	struct buffer *	buf,
		const struct crypto_options *	co,
		bool	incoming
	)

static

Move a packet authentication HMAC + related fields to or from the front of the buffer so it can be processed by encrypt/decrypt.

Turning the on wire format that starts with the opcode to a format that starts with the hmac e.g. "onwire" [opcode, peer session id] [hmac, packet id] [remainder of packed]

"internal" [hmac, packet id] [opcode, peer session id] [remainder of packet]

Parameters

buf	the buffer the swap operation is executed on
incoming	determines the direction of the swap
co	crypto options, determines the hmac to use in the swap

Returns: if the swap was successful (buf was large enough)

Definition at line 61 of file ssl_pkt.c.

References ASSERT, BPTR, key_ctx_bi::decrypt, key_ctx_bi::encrypt, key_ctx::hmac, hmac_ctx_size(), crypto_options::key_ctx_bi, buffer::len, packet_id_size(), SID_SIZE, and SWAP_BUF_SIZE.

Referenced by read_control_auth(), and tls_wrap_control().

◆ tls_reset_standalone()

struct buffer tls_reset_standalone	(	struct tls_wrap_ctx *	ctx,
		struct tls_auth_standalone *	tas,
		struct session_id *	own_sid,
		struct session_id *	remote_sid,
		uint8_t	header,
		bool	request_resend_wkc
	)

This function creates a reset packet using the information from the tls pre decrypt state.

Definition at line 428 of file ssl_pkt.c.

References ASSERT, frame::buf, buf_init, buf_write(), buf_write_u16(), buf_write_u32(), buf_write_u8(), EARLY_NEG_FLAG_RESEND_WKC, tls_auth_standalone::frame, frame::headroom, htonpid, session_id::id, SID_SIZE, tls_wrap_control(), TLV_TYPE_EARLY_NEG_FLAGS, and tls_auth_standalone::workbuf.

Referenced by send_hmac_reset_packet(), test_generate_reset_packet_plain(), and test_generate_reset_packet_tls_auth().

◆ tls_wrap_control()

static void tls_wrap_control	(	struct tls_wrap_ctx *	ctx,
		uint8_t	header,
		struct buffer *	buf,
		struct session_id *	session_id
	)

static

Wraps a TLS control packet by adding tls-auth HMAC or tls-crypt(-v2) encryption and opcode header including session id.

Parameters

ctx	tls wrapping context
header	first byte of the packet (opcode and key id)
buf	buffer to write the resulting packet to
session_id	session id to use as our session id

Definition at line 121 of file ssl_pkt.c.

References ASSERT, buf_copy(), buf_init, buf_write(), buf_write_prepend(), clear_buf(), D_TLS_ERRORS, buffer::len, tls_wrap_ctx::mode, msg, buffer::offset, openvpn_encrypt(), tls_wrap_ctx::opt, P_CONTROL_HARD_RESET_CLIENT_V3, P_CONTROL_WKC_V1, P_OPCODE_SHIFT, session_id_write(), session_id_write_prepend(), swap_hmac(), tls_wrap_ctx::tls_crypt_v2_wkc, tls_crypt_wrap(), and tls_wrap_ctx::work.

Referenced by tls_reset_standalone(), and write_control_auth().

◆ write_control_auth()

void write_control_auth	(	struct tls_session *	session,
		struct key_state *	ks,
		struct buffer *	buf,
		struct link_socket_actual **	to_link_addr,
		int	opcode,
		int	max_ack,
		bool	prepend_ack
	)

Definition at line 168 of file ssl_pkt.c.

References ASSERT, CO_USE_TLS_KEY_MATERIAL_EXPORT, D_TLS_DEBUG, key_state::key_id, link_socket_actual_defined(), key_state::lru_acks, min_int(), msg, P_OPCODE_SHIFT, packet_opcode_name(), key_state::rec_ack, reliable_ack_write(), key_state::remote_addr, key_state::session_id_remote, tls_session_get_tls_wrap(), and tls_wrap_control().

Referenced by tls_process(), and tls_process_state().

Macros

Functions

Macro Definition Documentation

◆ SWAP_BUF_SIZE

Function Documentation

◆ calculate_session_id_hmac()

◆ check_session_id_hmac()

◆ free_tls_pre_decrypt_state()

◆ read_control_auth()

◆ session_id_hmac_init()

◆ swap_hmac()

◆ tls_reset_standalone()

◆ tls_wrap_control()

◆ write_control_auth()