OpenVPN: key_state Struct Reference

OpenVPN

Security parameter state of one TLS and data channel key session. More...

#include <ssl_common.h>

Collaboration diagram for key_state:

Collaboration graph

[legend]

Data Fields
int	state

int	key_id
	Key id for this key_state, inherited from struct tls_session. More...

struct key_state_ssl	ks_ssl

time_t	initial

time_t	established

time_t	must_negotiate

time_t	must_die

time_t	peer_last_packet

int	initial_opcode

struct session_id	session_id_remote

struct link_socket_actual	remote_addr

struct crypto_options	crypto_options

struct key_source2 *	key_src

struct buffer	plaintext_read_buf

struct buffer	plaintext_write_buf

struct buffer	ack_write_buf

struct reliable *	send_reliable

struct reliable *	rec_reliable

struct reliable_ack *	rec_ack

struct buffer_list *	paybuf

counter_type	n_bytes

counter_type	n_packets

enum ks_auth_state	authenticated

time_t	auth_deferred_expire

unsigned int	mda_key_id

unsigned int	mda_status

time_t	acf_last_mod

struct auth_deferred_status	plugin_auth

struct auth_deferred_status	script_auth

Detailed Description

Security parameter state of one TLS and data channel key session.

This structure represents one security parameter session between OpenVPN peers. It includes the control channel TLS state and the data channel crypto state. It also contains the reliability layer structures used for control channel messages.

A new key_state structure is initialized for each hard or soft reset.

See also

This structure should be initialized using the key_state_init() function.
This structure should be cleaned up using the key_state_free() function.

Definition at line 185 of file ssl_common.h.

Field Documentation

◆ acf_last_mod

time_t key_state::acf_last_mod

Definition at line 234 of file ssl_common.h.

◆ ack_write_buf

struct buffer key_state::ack_write_buf

Definition at line 213 of file ssl_common.h.

Referenced by key_state_free(), key_state_init(), and tls_process().

◆ auth_deferred_expire

time_t key_state::auth_deferred_expire

Definition at line 228 of file ssl_common.h.

Referenced by send_auth_pending_messages(), tls_authentication_status(), tls_process(), and tls_select_encryption_key().

◆ authenticated

enum ks_auth_state key_state::authenticated

Definition at line 227 of file ssl_common.h.

Referenced by handle_data_channel_packet(), key_method_2_read(), key_method_2_write(), multi_process_post(), print_key_id(), tls_authentication_status(), tls_deauthenticate(), tls_select_encryption_key(), tls_session_generate_data_channel_keys(), verify_final_auth_checks(), and verify_user_pass().

◆ crypto_options

struct crypto_options key_state::crypto_options

Definition at line 207 of file ssl_common.h.

Referenced by handle_data_channel_packet(), key_state_free(), key_state_init(), tls_pre_encrypt(), tls_process(), tls_select_encryption_key(), tls_session_generate_data_channel_keys(), and tls_session_update_crypto_params().

◆ established

time_t key_state::established

Definition at line 198 of file ssl_common.h.

Referenced by receive_auth_pending(), send_push_request(), and tls_process().

◆ initial

time_t key_state::initial

Definition at line 197 of file ssl_common.h.

Referenced by send_auth_pending_messages(), and tls_process().

◆ initial_opcode

int key_state::initial_opcode

Definition at line 203 of file ssl_common.h.

Referenced by key_state_init(), and tls_process().

◆ key_id

int key_state::key_id

Key id for this key_state, inherited from struct tls_session.

See also: tls_session::key_id.

Definition at line 193 of file ssl_common.h.

Referenced by handle_data_channel_packet(), key_method_2_read(), key_state_init(), print_key_id(), receive_cr_response(), tls_pre_decrypt(), tls_pre_encrypt(), tls_prepend_opcode_v1(), tls_prepend_opcode_v2(), and write_control_auth().

◆ key_src

struct key_source2* key_state::key_src

Definition at line 209 of file ssl_common.h.

Referenced by generate_key_expansion_openvpn_prf(), key_method_2_read(), key_method_2_write(), key_state_free(), key_state_init(), and tls_session_generate_data_channel_keys().

◆ ks_ssl

struct key_state_ssl key_state::ks_ssl

Definition at line 195 of file ssl_common.h.

Referenced by flush_payload_buffer(), key_method_2_read(), key_state_export_keying_material(), key_state_free(), key_state_init(), tls_process(), and tls_send_payload().

◆ mda_key_id

unsigned int key_state::mda_key_id

Definition at line 231 of file ssl_common.h.

Referenced by key_state_init(), tls_authenticate_key(), and verify_user_pass_management().

◆ mda_status

unsigned int key_state::mda_status

Definition at line 232 of file ssl_common.h.

Referenced by man_def_auth_test(), and tls_authenticate_key().

◆ must_die

time_t key_state::must_die

Definition at line 200 of file ssl_common.h.

Referenced by key_state_soft_reset(), and lame_duck_must_die().

◆ must_negotiate

time_t key_state::must_negotiate

Definition at line 199 of file ssl_common.h.

Referenced by tls_process().

◆ n_bytes

counter_type key_state::n_bytes

Definition at line 221 of file ssl_common.h.

Referenced by handle_data_channel_packet(), tls_post_encrypt(), and tls_process().

◆ n_packets

counter_type key_state::n_packets

Definition at line 222 of file ssl_common.h.

Referenced by handle_data_channel_packet(), tls_post_encrypt(), and tls_process().

◆ paybuf

struct buffer_list* key_state::paybuf

Definition at line 219 of file ssl_common.h.

Referenced by flush_payload_buffer(), key_state_free(), and tls_send_payload().

◆ peer_last_packet

time_t key_state::peer_last_packet

Definition at line 201 of file ssl_common.h.

Referenced by send_push_request(), and tls_pre_decrypt().

◆ plaintext_read_buf

struct buffer key_state::plaintext_read_buf

Definition at line 211 of file ssl_common.h.

Referenced by key_state_free(), key_state_init(), tls_process(), tls_rec_payload(), and tls_test_payload_len().

◆ plaintext_write_buf

struct buffer key_state::plaintext_write_buf

Definition at line 212 of file ssl_common.h.

Referenced by key_state_free(), key_state_init(), and tls_process().

◆ plugin_auth

struct auth_deferred_status key_state::plugin_auth

Definition at line 236 of file ssl_common.h.

Referenced by key_state_free(), multi_process_post(), tls_authentication_status(), and verify_user_pass_plugin().

◆ rec_ack

struct reliable_ack* key_state::rec_ack

Definition at line 217 of file ssl_common.h.

Referenced by key_state_free(), key_state_init(), tls_pre_decrypt(), tls_process(), and write_control_auth().

◆ rec_reliable

struct reliable* key_state::rec_reliable

Definition at line 216 of file ssl_common.h.

Referenced by key_state_free(), key_state_init(), tls_pre_decrypt(), and tls_process().

◆ remote_addr

struct link_socket_actual key_state::remote_addr

Definition at line 205 of file ssl_common.h.

Referenced by handle_data_channel_packet(), key_state_soft_reset(), tls_multi_process(), tls_pre_decrypt(), tls_process(), tls_update_remote_addr(), and write_control_auth().

◆ script_auth

struct auth_deferred_status key_state::script_auth

Definition at line 237 of file ssl_common.h.

Referenced by key_state_free(), multi_process_post(), tls_authentication_status(), and verify_user_pass_script().

◆ send_reliable

struct reliable* key_state::send_reliable

Definition at line 215 of file ssl_common.h.

Referenced by key_state_free(), key_state_init(), tls_pre_decrypt(), and tls_process().

◆ session_id_remote

struct session_id key_state::session_id_remote

Definition at line 204 of file ssl_common.h.

Referenced by generate_key_expansion_openvpn_prf(), key_state_soft_reset(), print_key_id(), tls_multi_process(), tls_pre_decrypt(), and write_control_auth().

◆ state

int key_state::state

Definition at line 187 of file ssl_common.h.

Referenced by key_state_free(), key_state_init(), lame_duck_must_die(), print_key_id(), tls_multi_process(), tls_pre_decrypt(), tls_process(), tls_rec_payload(), tls_select_encryption_key(), tls_send_payload(), and tls_test_payload_len().

The documentation for this struct was generated from the following file:

src/openvpn/ssl_common.h