Security parameter state of one TLS and data channel key session. More...
#include <ssl_common.h>
Data Fields | |
| int | state |
| int | auth_token_state_flags |
| The state of the auth-token sent from the client. More... | |
| int | key_id |
| Key id for this key_state, inherited from struct tls_session. More... | |
| struct key_state_ssl | ks_ssl |
| time_t | initial |
| time_t | established |
| time_t | must_negotiate |
| time_t | must_die |
| time_t | peer_last_packet |
| int | initial_opcode |
| struct session_id | session_id_remote |
| struct link_socket_actual | remote_addr |
| struct crypto_options | crypto_options |
| struct key_source2 * | key_src |
| struct buffer | plaintext_read_buf |
| struct buffer | plaintext_write_buf |
| struct buffer | ack_write_buf |
| struct reliable * | send_reliable |
| struct reliable * | rec_reliable |
| struct reliable_ack * | rec_ack |
| struct buffer_list * | paybuf |
| counter_type | n_bytes |
| counter_type | n_packets |
| enum ks_auth_state | authenticated |
| time_t | auth_deferred_expire |
| unsigned int | mda_key_id |
| enum auth_deferred_result | mda_status |
| time_t | acf_last_mod |
| struct auth_deferred_status | plugin_auth |
| struct auth_deferred_status | script_auth |
Detailed Description
Security parameter state of one TLS and data channel key session.
This structure represents one security parameter session between OpenVPN peers. It includes the control channel TLS state and the data channel crypto state. It also contains the reliability layer structures used for control channel messages.
A new key_state structure is initialized for each hard or soft reset.
- See also
- This structure should be initialized using the
key_state_init()function. - This structure should be cleaned up using the
key_state_free()function.
- This structure should be initialized using the
Definition at line 203 of file ssl_common.h.
Field Documentation
◆ acf_last_mod
| time_t key_state::acf_last_mod |
Definition at line 254 of file ssl_common.h.
◆ ack_write_buf
| struct buffer key_state::ack_write_buf |
Definition at line 233 of file ssl_common.h.
Referenced by key_state_free(), key_state_init(), and tls_process().
◆ auth_deferred_expire
| time_t key_state::auth_deferred_expire |
Definition at line 248 of file ssl_common.h.
Referenced by send_auth_pending_messages(), tls_process(), tls_select_encryption_key(), and update_key_auth_status().
◆ auth_token_state_flags
| int key_state::auth_token_state_flags |
The state of the auth-token sent from the client.
Definition at line 207 of file ssl_common.h.
Referenced by add_session_token_env(), auth_token_test_env(), generate_auth_token(), and verify_user_pass().
◆ authenticated
| enum ks_auth_state key_state::authenticated |
Definition at line 247 of file ssl_common.h.
Referenced by handle_data_channel_packet(), key_method_2_read(), multi_process_post(), print_key_id(), tls_authentication_status(), tls_deauthenticate(), tls_multi_process(), tls_select_encryption_key(), tls_session_generate_data_channel_keys(), update_key_auth_status(), verify_final_auth_checks(), and verify_user_pass().
◆ crypto_options
| struct crypto_options key_state::crypto_options |
Definition at line 227 of file ssl_common.h.
Referenced by handle_data_channel_packet(), key_state_free(), key_state_init(), p2p_mode_ncp(), tls_pre_encrypt(), tls_process(), tls_select_encryption_key(), tls_session_generate_data_channel_keys(), and tls_session_update_crypto_params_do_work().
◆ established
| time_t key_state::established |
Definition at line 218 of file ssl_common.h.
Referenced by receive_auth_pending(), send_push_request(), and tls_process().
◆ initial
| time_t key_state::initial |
Definition at line 217 of file ssl_common.h.
Referenced by send_auth_pending_messages(), and tls_process().
◆ initial_opcode
| int key_state::initial_opcode |
Definition at line 223 of file ssl_common.h.
Referenced by key_state_init(), and tls_process().
◆ key_id
| int key_state::key_id |
Key id for this key_state, inherited from struct tls_session.
- See also
- tls_session::key_id.
Definition at line 213 of file ssl_common.h.
Referenced by handle_data_channel_packet(), key_method_2_read(), key_method_2_write(), key_state_init(), print_key_id(), receive_cr_response(), resend_auth_token_renegotiation(), tls_pre_decrypt(), tls_pre_encrypt(), tls_prepend_opcode_v1(), tls_prepend_opcode_v2(), and write_control_auth().
◆ key_src
| struct key_source2* key_state::key_src |
Definition at line 229 of file ssl_common.h.
Referenced by generate_key_expansion_openvpn_prf(), key_method_2_read(), key_method_2_write(), key_state_free(), key_state_init(), and tls_session_generate_data_channel_keys().
◆ ks_ssl
| struct key_state_ssl key_state::ks_ssl |
Definition at line 215 of file ssl_common.h.
Referenced by flush_payload_buffer(), key_method_2_read(), key_state_export_keying_material(), key_state_free(), key_state_init(), tls_process(), and tls_send_payload().
◆ mda_key_id
| unsigned int key_state::mda_key_id |
Definition at line 251 of file ssl_common.h.
Referenced by key_state_init(), tls_authenticate_key(), and verify_user_pass_management().
◆ mda_status
| enum auth_deferred_result key_state::mda_status |
Definition at line 252 of file ssl_common.h.
Referenced by man_def_auth_test(), and tls_authenticate_key().
◆ must_die
| time_t key_state::must_die |
Definition at line 220 of file ssl_common.h.
Referenced by key_state_soft_reset(), and lame_duck_must_die().
◆ must_negotiate
| time_t key_state::must_negotiate |
Definition at line 219 of file ssl_common.h.
Referenced by tls_process().
◆ n_bytes
| counter_type key_state::n_bytes |
Definition at line 241 of file ssl_common.h.
Referenced by handle_data_channel_packet(), tls_post_encrypt(), and tls_process().
◆ n_packets
| counter_type key_state::n_packets |
Definition at line 242 of file ssl_common.h.
Referenced by handle_data_channel_packet(), tls_post_encrypt(), and tls_process().
◆ paybuf
| struct buffer_list* key_state::paybuf |
Definition at line 239 of file ssl_common.h.
Referenced by flush_payload_buffer(), key_state_free(), and tls_send_payload().
◆ peer_last_packet
| time_t key_state::peer_last_packet |
Definition at line 221 of file ssl_common.h.
Referenced by send_push_request(), and tls_pre_decrypt().
◆ plaintext_read_buf
| struct buffer key_state::plaintext_read_buf |
Definition at line 231 of file ssl_common.h.
Referenced by key_state_free(), key_state_init(), tls_process(), tls_rec_payload(), and tls_test_payload_len().
◆ plaintext_write_buf
| struct buffer key_state::plaintext_write_buf |
Definition at line 232 of file ssl_common.h.
Referenced by key_state_free(), key_state_init(), and tls_process().
◆ plugin_auth
| struct auth_deferred_status key_state::plugin_auth |
Definition at line 256 of file ssl_common.h.
Referenced by key_state_free(), multi_process_post(), update_key_auth_status(), and verify_user_pass_plugin().
◆ rec_ack
| struct reliable_ack* key_state::rec_ack |
Definition at line 237 of file ssl_common.h.
Referenced by key_state_free(), key_state_init(), tls_pre_decrypt(), tls_process(), and write_control_auth().
◆ rec_reliable
| struct reliable* key_state::rec_reliable |
Definition at line 236 of file ssl_common.h.
Referenced by key_state_free(), key_state_init(), tls_pre_decrypt(), and tls_process().
◆ remote_addr
| struct link_socket_actual key_state::remote_addr |
Definition at line 225 of file ssl_common.h.
Referenced by handle_data_channel_packet(), key_state_soft_reset(), tls_multi_process(), tls_pre_decrypt(), tls_process(), tls_update_remote_addr(), and write_control_auth().
◆ script_auth
| struct auth_deferred_status key_state::script_auth |
Definition at line 257 of file ssl_common.h.
Referenced by key_state_free(), multi_process_post(), update_key_auth_status(), and verify_user_pass_script().
◆ send_reliable
| struct reliable* key_state::send_reliable |
Definition at line 235 of file ssl_common.h.
Referenced by key_state_free(), key_state_init(), tls_pre_decrypt(), and tls_process().
◆ session_id_remote
| struct session_id key_state::session_id_remote |
Definition at line 224 of file ssl_common.h.
Referenced by generate_key_expansion_openvpn_prf(), key_state_soft_reset(), print_key_id(), tls_multi_process(), tls_pre_decrypt(), and write_control_auth().
◆ state
| int key_state::state |
Definition at line 205 of file ssl_common.h.
Referenced by handle_data_channel_packet(), key_state_free(), key_state_init(), lame_duck_must_die(), print_key_id(), tls_multi_process(), tls_pre_decrypt(), tls_process(), tls_rec_payload(), tls_select_encryption_key(), tls_send_payload(), tls_session_generate_data_channel_keys(), and tls_test_payload_len().
The documentation for this struct was generated from the following file:
- src/openvpn/ssl_common.h
