Security parameter state of one TLS and data channel key session. More...
#include <ssl_common.h>
Detailed Description
Security parameter state of one TLS and data channel key session.
This structure represents one security parameter session between OpenVPN peers. It includes the control channel TLS state and the data channel crypto state. It also contains the reliability layer structures used for control channel messages.
A new key_state structure is initialized for each hard or soft reset.
- See also
- This structure should be initialized using the
key_state_init()function. - This structure should be cleaned up using the
key_state_free()function.
- This structure should be initialized using the
Definition at line 202 of file ssl_common.h.
Field Documentation
◆ acf_last_mod
| time_t key_state::acf_last_mod |
Definition at line 261 of file ssl_common.h.
◆ ack_write_buf
| struct buffer key_state::ack_write_buf |
Definition at line 238 of file ssl_common.h.
Referenced by key_state_free(), key_state_init(), and tls_process().
◆ auth_deferred_expire
| time_t key_state::auth_deferred_expire |
Definition at line 255 of file ssl_common.h.
Referenced by send_auth_pending_messages(), session_move_pre_start(), tls_select_encryption_key(), and update_key_auth_status().
◆ auth_token_state_flags
| unsigned int key_state::auth_token_state_flags |
The state of the auth-token sent from the client.
Definition at line 206 of file ssl_common.h.
Referenced by auth_token_test_env(), generate_auth_token(), and verify_user_pass().
◆ authenticated
| enum ks_auth_state key_state::authenticated |
Definition at line 254 of file ssl_common.h.
Referenced by handle_data_channel_packet(), key_method_2_read(), multi_process_post(), print_key_id(), print_key_id_not_found_reason(), tls_authentication_status(), tls_deauthenticate(), tls_multi_process(), tls_select_encryption_key(), tls_session_generate_data_channel_keys(), update_key_auth_status(), verify_final_auth_checks(), and verify_user_pass().
◆ crypto_options
| struct crypto_options key_state::crypto_options |
Definition at line 232 of file ssl_common.h.
Referenced by cc_exit_notify_enabled(), control_packet_needs_wkc(), generate_key_expansion(), handle_data_channel_packet(), init_epoch_keys(), init_key_contexts(), key_state_free(), key_state_init(), parse_early_negotiation_tlvs(), should_trigger_renegotiation(), tls_pre_encrypt(), tls_process(), tls_select_encryption_key(), and tls_session_generate_data_channel_keys().
◆ dco_status
| enum dco_key_status key_state::dco_status |
Definition at line 266 of file ssl_common.h.
◆ established
| time_t key_state::established |
Definition at line 223 of file ssl_common.h.
Referenced by receive_auth_pending(), send_push_request(), session_move_active(), should_trigger_renegotiation(), and tls_process().
◆ initial
| time_t key_state::initial |
Definition at line 222 of file ssl_common.h.
Referenced by send_auth_pending_messages(), and session_move_pre_start().
◆ initial_opcode
| int key_state::initial_opcode |
Definition at line 228 of file ssl_common.h.
Referenced by key_state_init(), and session_move_pre_start().
◆ key_id
| int key_state::key_id |
Key id for this key_state, inherited from struct tls_session.
- See also
- tls_session::key_id.
Definition at line 212 of file ssl_common.h.
Referenced by handle_data_channel_packet(), key_method_2_read(), key_method_2_write(), key_state_init(), print_key_id(), print_key_id_not_found_reason(), tls_pre_decrypt(), tls_pre_encrypt(), tls_prepend_opcode_v1(), tls_prepend_opcode_v2(), and write_control_auth().
◆ key_src
| struct key_source2* key_state::key_src |
Definition at line 234 of file ssl_common.h.
Referenced by generate_key_expansion_openvpn_prf(), key_method_2_read(), key_method_2_write(), key_state_free(), key_state_init(), and tls_session_generate_data_channel_keys().
◆ ks_ssl
| struct key_state_ssl key_state::ks_ssl |
Definition at line 220 of file ssl_common.h.
Referenced by flush_payload_buffer(), key_state_free(), key_state_init(), read_incoming_tls_ciphertext(), read_incoming_tls_plaintext(), session_move_active(), tls_multi_process(), tls_process_state(), tls_send_payload(), and write_outgoing_tls_ciphertext().
◆ lru_acks
| struct reliable_ack* key_state::lru_acks |
Definition at line 243 of file ssl_common.h.
Referenced by calc_control_channel_frame_overhead(), key_state_free(), key_state_init(), and write_control_auth().
◆ mda_key_id
| unsigned int key_state::mda_key_id |
Definition at line 258 of file ssl_common.h.
Referenced by key_state_init(), management_client_pending_auth(), receive_cr_response(), tls_authenticate_key(), and verify_user_pass_management().
◆ mda_status
| enum auth_deferred_result key_state::mda_status |
Definition at line 259 of file ssl_common.h.
Referenced by man_def_auth_test(), tls_authenticate_key(), and verify_user_pass().
◆ must_die
| time_t key_state::must_die |
Definition at line 225 of file ssl_common.h.
Referenced by key_state_soft_reset(), and lame_duck_must_die().
◆ must_negotiate
| time_t key_state::must_negotiate |
Definition at line 224 of file ssl_common.h.
Referenced by session_move_active(), session_move_pre_start(), tls_process(), and tls_process_state().
◆ n_bytes
| counter_type key_state::n_bytes |
Definition at line 248 of file ssl_common.h.
Referenced by handle_data_channel_packet(), should_trigger_renegotiation(), tls_post_encrypt(), and tls_process().
◆ n_packets
| counter_type key_state::n_packets |
Definition at line 249 of file ssl_common.h.
Referenced by handle_data_channel_packet(), should_trigger_renegotiation(), tls_post_encrypt(), and tls_process().
◆ paybuf
| struct buffer_list* key_state::paybuf |
Holds outgoing message for the control channel until ks->state reaches S_ACTIVE.
Definition at line 247 of file ssl_common.h.
Referenced by flush_payload_buffer(), key_state_free(), and tls_send_payload().
◆ peer_id
| uint32_t key_state::peer_id |
Key id for this key_state, inherited from struct tls_session.
- See also
- tls_multi::peer_id.
Definition at line 218 of file ssl_common.h.
◆ peer_last_packet
| time_t key_state::peer_last_packet |
Definition at line 226 of file ssl_common.h.
Referenced by send_push_request(), and tls_pre_decrypt().
◆ plaintext_read_buf
| struct buffer key_state::plaintext_read_buf |
Definition at line 236 of file ssl_common.h.
Referenced by key_state_free(), key_state_init(), tls_process_state(), tls_rec_payload(), and tls_test_payload_len().
◆ plaintext_write_buf
| struct buffer key_state::plaintext_write_buf |
Definition at line 237 of file ssl_common.h.
Referenced by key_state_free(), key_state_init(), and tls_process_state().
◆ plugin_auth
| struct auth_deferred_status key_state::plugin_auth |
Definition at line 263 of file ssl_common.h.
Referenced by key_state_free(), multi_process_post(), tls_authentication_status(), update_key_auth_status(), and verify_user_pass_plugin().
◆ rec_ack
| struct reliable_ack* key_state::rec_ack |
Definition at line 242 of file ssl_common.h.
Referenced by calc_control_channel_frame_overhead(), key_state_free(), key_state_init(), tls_pre_decrypt(), tls_process(), and write_control_auth().
◆ rec_reliable
| struct reliable* key_state::rec_reliable |
Definition at line 241 of file ssl_common.h.
Referenced by key_state_free(), key_state_init(), parse_early_negotiation_tlvs(), read_incoming_tls_ciphertext(), session_skip_to_pre_start(), tls_pre_decrypt(), and tls_process_state().
◆ remote_addr
| struct link_socket_actual key_state::remote_addr |
Definition at line 230 of file ssl_common.h.
Referenced by handle_data_channel_packet(), key_state_soft_reset(), session_move_active(), session_skip_to_pre_start(), tls_multi_process(), tls_pre_decrypt(), tls_update_remote_addr(), and write_control_auth().
◆ script_auth
| struct auth_deferred_status key_state::script_auth |
Definition at line 264 of file ssl_common.h.
Referenced by key_state_free(), multi_process_post(), tls_authentication_status(), update_key_auth_status(), and verify_user_pass_script().
◆ send_reliable
| struct reliable* key_state::send_reliable |
Definition at line 240 of file ssl_common.h.
Referenced by check_outgoing_ciphertext(), check_session_buf_not_used(), control_packet_needs_wkc(), key_state_free(), key_state_init(), session_move_pre_start(), tls_pre_decrypt(), tls_process(), tls_process_state(), and write_outgoing_tls_ciphertext().
◆ session_id_remote
| struct session_id key_state::session_id_remote |
Definition at line 229 of file ssl_common.h.
Referenced by generate_key_expansion_openvpn_prf(), key_state_soft_reset(), print_key_id(), session_skip_to_pre_start(), tls_multi_process(), tls_pre_decrypt(), and write_control_auth().
◆ state
| int key_state::state |
Definition at line 204 of file ssl_common.h.
Referenced by check_outgoing_ciphertext(), check_session_buf_not_used(), handle_data_channel_packet(), key_state_free(), key_state_init(), lame_duck_must_die(), print_key_id(), print_key_id_not_found_reason(), session_move_active(), session_move_pre_start(), session_skip_to_pre_start(), tls_multi_process(), tls_pre_decrypt(), tls_process(), tls_process_state(), tls_rec_payload(), tls_select_encryption_key(), tls_send_payload(), tls_session_generate_data_channel_keys(), and tls_test_payload_len().
The documentation for this struct was generated from the following file:
- src/openvpn/ssl_common.h
