OpenVPN
Public Types | Data Fields
tls_wrap_ctx Struct Reference

Control channel wrapping (–tls-auth/–tls-crypt) context. More...

#include <ssl_common.h>

Collaboration diagram for tls_wrap_ctx:
Collaboration graph
[legend]

Public Types

enum  { TLS_WRAP_NONE = 0, TLS_WRAP_AUTH, TLS_WRAP_CRYPT }
 

Data Fields

enum tls_wrap_ctx:: { ... }  mode
 Control channel wrapping mode. More...
 
struct crypto_options opt
 Crypto state. More...
 
struct buffer work
 Work buffer (only for –tls-crypt) More...
 
struct key_ctx tls_crypt_v2_server_key
 Decrypts client keys. More...
 
const struct buffertls_crypt_v2_wkc
 Wrapped client key, sent to server. More...
 
struct buffer tls_crypt_v2_metadata
 Received from client. More...
 
bool cleanup_key_ctx
 opt.key_ctx_bi is owned by this context More...
 
struct key2 original_wrap_keydata
 original key data to be xored in to the key for dynamic tls-crypt. More...
 

Detailed Description

Control channel wrapping (–tls-auth/–tls-crypt) context.

Definition at line 266 of file ssl_common.h.

Member Enumeration Documentation

◆ anonymous enum

anonymous enum
Enumerator
TLS_WRAP_NONE 

No control channel wrapping.

TLS_WRAP_AUTH 

Control channel authentication.

TLS_WRAP_CRYPT 

Control channel encryption and authentication.

Definition at line 268 of file ssl_common.h.

Field Documentation

◆ cleanup_key_ctx

bool tls_wrap_ctx::cleanup_key_ctx

opt.key_ctx_bi is owned by this context

Definition at line 279 of file ssl_common.h.

Referenced by free_tls_pre_decrypt_state(), tls_crypt_v2_extract_client_key(), and tls_wrap_free().

◆ mode

enum { ... } tls_wrap_ctx::mode

◆ opt

struct crypto_options tls_wrap_ctx::opt

◆ original_wrap_keydata

struct key2 tls_wrap_ctx::original_wrap_keydata

original key data to be xored in to the key for dynamic tls-crypt.

We keep the original key data to ensure that the newly generated key for the dynamic tls-crypt has the same level of quality by using xor with the original key. This gives us the same same entropy/randomness as the original tls-crypt key to ensure the post-quantum use case of tls-crypt still holds true

Definition at line 289 of file ssl_common.h.

Referenced by do_init_crypto_tls(), init_tas_crypt(), tls_crypt_v2_extract_client_key(), and tls_wrap_free().

◆ tls_crypt_v2_metadata

struct buffer tls_wrap_ctx::tls_crypt_v2_metadata

◆ tls_crypt_v2_server_key

struct key_ctx tls_wrap_ctx::tls_crypt_v2_server_key

Decrypts client keys.

Definition at line 275 of file ssl_common.h.

Referenced by do_init_crypto_tls(), read_control_auth(), and tls_crypt_v2_extract_client_key().

◆ tls_crypt_v2_wkc

const struct buffer* tls_wrap_ctx::tls_crypt_v2_wkc

Wrapped client key, sent to server.

Definition at line 276 of file ssl_common.h.

Referenced by do_init_crypto_tls(), and tls_wrap_control().

◆ work

struct buffer tls_wrap_ctx::work

Work buffer (only for –tls-crypt)

Definition at line 274 of file ssl_common.h.

Referenced by do_init_frame_tls(), free_tas(), init_tas_crypt(), test_tls_crypt_secure_reneg_key(), tls_wrap_control(), and tls_wrap_free().


The documentation for this struct was generated from the following file: