Go to the source code of this file.
Data Structures | |
| struct | packet_id_rec |
| struct | packet_id_persist |
| struct | packet_id_persist_file_image |
| struct | packet_id_send |
| struct | packet_id_net |
| Data structure for describing the packet id that is received/send to the network. More... | |
| struct | packet_id |
Macros | |
| #define | PACKET_ID_MAX UINT32_MAX |
| #define | PACKET_ID_EPOCH_MAX 0x0000ffffffffffffull |
| #define | PACKET_ID_MASK 0x0000ffffffffffffull |
| Mask of the bits that contain the 48-bit of the per-epoch packet counter in the packet id. | |
| #define | PACKET_ID_WRAP_TRIGGER 0xFF000000 |
| #define | htonpid(x) htonl(x) |
| #define | ntohpid(x) ntohl(x) |
| #define | htontime(x) htonl((net_time_t)x) |
| #define | ntohtime(x) ((time_t)ntohl(x)) |
| #define | packet_id_format "%" PRIu64 |
| #define | MIN_SEQ_BACKTRACK 0 |
| #define | MAX_SEQ_BACKTRACK 65536 |
| #define | DEFAULT_SEQ_BACKTRACK 64 |
| #define | MIN_TIME_BACKTRACK 0 |
| #define | MAX_TIME_BACKTRACK 600 |
| #define | DEFAULT_TIME_BACKTRACK 15 |
| #define | SEQ_REAP_INTERVAL 5 |
Typedefs | |
| typedef uint32_t | packet_id_type |
| typedef uint32_t | net_time_t |
| typedef uint64_t | packet_id_print_type |
Functions | |
| CIRC_LIST (seq_list, time_t) | |
| void | packet_id_init (struct packet_id *p, int seq_backtrack, int time_backtrack, const char *name, int unit) |
| void | packet_id_free (struct packet_id *p) |
| void | packet_id_move_recv (struct packet_id_rec *dest, struct packet_id_rec *src) |
Move the packet id recv structure from src to dest. | |
| bool | packet_id_test (struct packet_id_rec *p, const struct packet_id_net *pin) |
| void | packet_id_add (struct packet_id_rec *p, const struct packet_id_net *pin) |
| void | packet_id_reap (struct packet_id_rec *p) |
| void | packet_id_persist_init (struct packet_id_persist *p) |
| void | packet_id_persist_close (struct packet_id_persist *p) |
| void | packet_id_persist_load (struct packet_id_persist *p, const char *filename) |
| void | packet_id_persist_save (struct packet_id_persist *p) |
| void | packet_id_persist_load_obj (const struct packet_id_persist *p, struct packet_id *pid) |
| const char * | packet_id_persist_print (const struct packet_id_persist *p, struct gc_arena *gc) |
| bool | packet_id_read (struct packet_id_net *pin, struct buffer *buf, bool long_form) |
| bool | packet_id_write (struct packet_id_send *p, struct buffer *buf, bool long_form, bool prepend) |
| Write a packet ID to buf, and update the packet ID state. | |
| static bool | packet_id_initialized (const struct packet_id *pid) |
| Is this struct packet_id initialized? | |
| static bool | packet_id_persist_enabled (const struct packet_id_persist *p) |
| static void | packet_id_persist_save_obj (struct packet_id_persist *p, const struct packet_id *pid) |
| static void | reset_packet_id_send (struct packet_id_send *p) |
| Reset the current send packet id to its initial state. | |
| const char * | packet_id_net_print (const struct packet_id_net *pin, bool print_timestamp, struct gc_arena *gc) |
| static int | packet_id_size (bool long_form) |
| static bool | packet_id_close_to_wrapping (const struct packet_id_send *p) |
| static void | packet_id_reap_test (struct packet_id_rec *p) |
| bool | packet_id_write_epoch (struct packet_id_send *p, uint16_t epoch, struct buffer *buf) |
| Writes the packet ID containing both the epoch and the packet id to the buffer specified by buf. | |
| uint16_t | packet_id_read_epoch (struct packet_id_net *p, struct buffer *buf) |
| Reads the packet ID containing both the epoch and the per-epoch counter from the buf. | |
Macro Definition Documentation
◆ DEFAULT_SEQ_BACKTRACK
| #define DEFAULT_SEQ_BACKTRACK 64 |
Definition at line 87 of file packet_id.h.
◆ DEFAULT_TIME_BACKTRACK
| #define DEFAULT_TIME_BACKTRACK 15 |
Definition at line 96 of file packet_id.h.
◆ htonpid
| #define htonpid | ( | x | ) | htonl(x) |
Definition at line 62 of file packet_id.h.
◆ htontime
| #define htontime | ( | x | ) | htonl((net_time_t)x) |
Definition at line 68 of file packet_id.h.
◆ MAX_SEQ_BACKTRACK
| #define MAX_SEQ_BACKTRACK 65536 |
Definition at line 86 of file packet_id.h.
◆ MAX_TIME_BACKTRACK
| #define MAX_TIME_BACKTRACK 600 |
Definition at line 95 of file packet_id.h.
◆ MIN_SEQ_BACKTRACK
| #define MIN_SEQ_BACKTRACK 0 |
Definition at line 85 of file packet_id.h.
◆ MIN_TIME_BACKTRACK
| #define MIN_TIME_BACKTRACK 0 |
Definition at line 94 of file packet_id.h.
◆ ntohpid
| #define ntohpid | ( | x | ) | ntohl(x) |
Definition at line 65 of file packet_id.h.
◆ ntohtime
| #define ntohtime | ( | x | ) | ((time_t)ntohl(x)) |
Definition at line 71 of file packet_id.h.
◆ PACKET_ID_EPOCH_MAX
| #define PACKET_ID_EPOCH_MAX 0x0000ffffffffffffull |
Definition at line 48 of file packet_id.h.
◆ packet_id_format
| #define packet_id_format "%" PRIu64 |
Definition at line 77 of file packet_id.h.
◆ PACKET_ID_MASK
| #define PACKET_ID_MASK 0x0000ffffffffffffull |
Mask of the bits that contain the 48-bit of the per-epoch packet counter in the packet id.
Definition at line 51 of file packet_id.h.
◆ PACKET_ID_MAX
| #define PACKET_ID_MAX UINT32_MAX |
Definition at line 47 of file packet_id.h.
◆ PACKET_ID_WRAP_TRIGGER
| #define PACKET_ID_WRAP_TRIGGER 0xFF000000 |
Definition at line 59 of file packet_id.h.
◆ SEQ_REAP_INTERVAL
| #define SEQ_REAP_INTERVAL 5 |
Definition at line 105 of file packet_id.h.
Typedef Documentation
◆ net_time_t
| typedef uint32_t net_time_t |
Definition at line 52 of file packet_id.h.
◆ packet_id_print_type
| typedef uint64_t packet_id_print_type |
Definition at line 78 of file packet_id.h.
◆ packet_id_type
| typedef uint32_t packet_id_type |
Definition at line 46 of file packet_id.h.
Function Documentation
◆ CIRC_LIST()
| CIRC_LIST | ( | seq_list | , |
| time_t | |||
| ) |
◆ packet_id_add()
| void packet_id_add | ( | struct packet_id_rec * | p, |
| const struct packet_id_net * | pin | ||
| ) |
Definition at line 138 of file packet_id.c.
References CIRC_LIST_ITEM, CIRC_LIST_PUSH, CIRC_LIST_RESET, CIRC_LIST_SIZE, get_random(), packet_id_rec::id, packet_id_net::id, now, packet_id_rec::seq_backtrack, SEQ_EXPIRED, packet_id_rec::seq_list, SEQ_UNSEEN, packet_id_rec::time, and packet_id_net::time.
Referenced by crypto_check_replay().
◆ packet_id_close_to_wrapping()
|
inlinestatic |
Definition at line 322 of file packet_id.h.
References packet_id_send::id, and PACKET_ID_WRAP_TRIGGER.
Referenced by should_trigger_renegotiation().
◆ packet_id_free()
| void packet_id_free | ( | struct packet_id * | p | ) |
Definition at line 127 of file packet_id.c.
References CLEAR, D_PID_DEBUG, dmsg, packet_id::rec, and packet_id_rec::seq_list.
Referenced by do_close_packet_id(), key_state_free(), test_crypto_thread(), test_generate_reset_packet_tls_auth(), tls_auth_standalone_free(), tls_wrap_free(), and uninit_crypto_options().
◆ packet_id_init()
| void packet_id_init | ( | struct packet_id * | p, |
| int | seq_backtrack, | ||
| int | time_backtrack, | ||
| const char * | name, | ||
| int | unit | ||
| ) |
Definition at line 96 of file packet_id.c.
References ASSERT, CLEAR, D_PID_DEBUG, dmsg, packet_id_init_recv(), and packet_id::rec.
Referenced by do_init_crypto_static(), init_crypto_options(), key_state_init(), test_generate_reset_packet_tls_auth(), test_tls_crypt_setup(), tls_auth_standalone_init(), tls_session_generate_dynamic_tls_crypt_key(), and tls_session_init().
◆ packet_id_initialized()
|
inlinestatic |
Is this struct packet_id initialized?
Definition at line 275 of file packet_id.h.
References packet_id_rec::initialized, and packet_id::rec.
Referenced by openvpn_decrypt_aead(), openvpn_decrypt_v1(), openvpn_encrypt_aead(), openvpn_encrypt_v1(), tls_crypt_unwrap(), tls_crypt_wrap(), and tls_wrap_free().
◆ packet_id_move_recv()
| void packet_id_move_recv | ( | struct packet_id_rec * | dest, |
| struct packet_id_rec * | src | ||
| ) |
Move the packet id recv structure from src to dest.
src will be reinitialised. dest will be freed before the move.
Definition at line 109 of file packet_id.c.
References ASSERT, CLEAR, packet_id_rec::name, packet_id_init_recv(), packet_id_rec::seq_backtrack, packet_id_rec::seq_list, packet_id_rec::time_backtrack, and packet_id_rec::unit.
Referenced by epoch_replace_update_recv_key().
◆ packet_id_net_print()
| const char * packet_id_net_print | ( | const struct packet_id_net * | pin, |
| bool | print_timestamp, | ||
| struct gc_arena * | gc | ||
| ) |
Definition at line 428 of file packet_id.c.
References alloc_buf_gc(), BSTR, buf_printf(), gc, buffer::len, packet_id_format, and time_string().
Referenced by crypto_check_replay(), and protocol_dump().
◆ packet_id_persist_close()
| void packet_id_persist_close | ( | struct packet_id_persist * | p | ) |
Definition at line 456 of file packet_id.c.
References D_PID_PERSIST, buffer::len, M_ERRNO, msg, packet_id_persist_enabled(), and packet_id_persist_init().
Referenced by do_close_packet_id().
◆ packet_id_persist_enabled()
|
inlinestatic |
Definition at line 282 of file packet_id.h.
References packet_id_persist::fd.
Referenced by packet_id_persist_close(), packet_id_persist_load(), packet_id_persist_load_obj(), packet_id_persist_print(), packet_id_persist_save(), packet_id_persist_save_obj(), and process_coarse_timers().
◆ packet_id_persist_init()
| void packet_id_persist_init | ( | struct packet_id_persist * | p | ) |
Definition at line 446 of file packet_id.c.
References buffer::len.
Referenced by packet_id_persist_close().
◆ packet_id_persist_load()
| void packet_id_persist_load | ( | struct packet_id_persist * | p, |
| const char * | filename | ||
| ) |
Definition at line 470 of file packet_id.c.
References D_PID_PERSIST, D_PID_PERSIST_DEBUG, dmsg, packet_id_persist::fd, packet_id_persist::filename, gc, gc_free(), gc_new(), packet_id_persist::id, packet_id_persist_file_image::id, packet_id_persist::id_last_written, M_ERR, M_ERRNO, msg, O_BINARY, packet_id_persist_enabled(), packet_id_persist_print(), platform_open(), read, packet_id_persist::time, packet_id_persist_file_image::time, and packet_id_persist::time_last_written.
Referenced by init_crypto_pre().
◆ packet_id_persist_load_obj()
| void packet_id_persist_load_obj | ( | const struct packet_id_persist * | p, |
| struct packet_id * | pid | ||
| ) |
Definition at line 561 of file packet_id.c.
References packet_id_rec::id, packet_id_persist::id, packet_id_persist_enabled(), packet_id::rec, packet_id_rec::time, and packet_id_persist::time.
Referenced by do_init_crypto_static(), and tls_session_init().
◆ packet_id_persist_print()
| const char * packet_id_persist_print | ( | const struct packet_id_persist * | p, |
| struct gc_arena * | gc | ||
| ) |
Definition at line 571 of file packet_id.c.
References alloc_buf_gc(), buf_printf(), buffer::data, gc, buffer::len, packet_id_format, packet_id_persist_enabled(), and time_string().
Referenced by packet_id_persist_load(), and packet_id_persist_save().
◆ packet_id_persist_save()
| void packet_id_persist_save | ( | struct packet_id_persist * | p | ) |
Definition at line 519 of file packet_id.c.
References D_PID_PERSIST, D_PID_PERSIST_DEBUG, dmsg, packet_id_persist::fd, packet_id_persist::filename, gc, gc_free(), gc_new(), packet_id_persist::id, packet_id_persist_file_image::id, packet_id_persist::id_last_written, M_ERRNO, msg, packet_id_persist_enabled(), packet_id_persist_print(), packet_id_persist::time, packet_id_persist_file_image::time, packet_id_persist::time_last_written, and write.
Referenced by do_close_packet_id(), and process_coarse_timers().
◆ packet_id_persist_save_obj()
|
inlinestatic |
Definition at line 289 of file packet_id.h.
References packet_id_rec::id, packet_id_persist::id, packet_id_persist_enabled(), packet_id::rec, packet_id_rec::time, and packet_id_persist::time.
Referenced by crypto_check_replay().
◆ packet_id_read()
| bool packet_id_read | ( | struct packet_id_net * | pin, |
| struct buffer * | buf, | ||
| bool | long_form | ||
| ) |
Definition at line 323 of file packet_id.c.
References buf_read(), packet_id_net::id, ntohpid, ntohtime, and packet_id_net::time.
Referenced by do_pre_decrypt_check(), openvpn_decrypt_aead(), openvpn_decrypt_v1(), protocol_dump(), and tls_crypt_unwrap().
◆ packet_id_read_epoch()
| uint16_t packet_id_read_epoch | ( | struct packet_id_net * | p, |
| struct buffer * | buf | ||
| ) |
Reads the packet ID containing both the epoch and the per-epoch counter from the buf.
Will return 0 as epoch id if there is any error.
- Parameters
-
p packet_id struct to populate with the on-wire counter buf buffer to read the packet id from.
- Returns
- 0 for an error/invalid id, epoch otherwise
Referenced by openvpn_decrypt_aead(), and test_packet_id_write_epoch().
◆ packet_id_reap()
| void packet_id_reap | ( | struct packet_id_rec * | p | ) |
Definition at line 193 of file packet_id.c.
References CIRC_LIST_ITEM, CIRC_LIST_SIZE, packet_id_rec::last_reap, now, SEQ_EXPIRED, packet_id_rec::seq_list, and packet_id_rec::time_backtrack.
Referenced by packet_id_reap_test().
◆ packet_id_reap_test()
|
inlinestatic |
Definition at line 328 of file packet_id.h.
References packet_id_rec::last_reap, now, packet_id_reap(), and SEQ_REAP_INTERVAL.
Referenced by crypto_check_replay().
◆ packet_id_size()
|
inlinestatic |
Definition at line 316 of file packet_id.h.
Referenced by calc_control_channel_frame_overhead(), calc_packet_id_size_dc(), crypto_max_overhead(), openvpn_decrypt_aead(), swap_hmac(), tls_crypt_buf_overhead(), and tls_init_control_channel_frame_parameters().
◆ packet_id_test()
| bool packet_id_test | ( | struct packet_id_rec * | p, |
| const struct packet_id_net * | pin | ||
| ) |
Definition at line 224 of file packet_id.c.
References ASSERT, CIRC_LIST_ITEM, CIRC_LIST_SIZE, D_PID_DEBUG, D_PID_DEBUG_LOW, D_PID_DEBUG_MEDIUM, packet_id_rec::id, packet_id_net::id, packet_id_rec::initialized, packet_id_rec::max_backtrack_stat, packet_id_debug(), packet_id_rec::seq_backtrack, packet_id_rec::seq_list, packet_id_rec::time, and packet_id_net::time.
Referenced by crypto_check_replay().
◆ packet_id_write()
| bool packet_id_write | ( | struct packet_id_send * | p, |
| struct buffer * | buf, | ||
| bool | long_form, | ||
| bool | prepend | ||
| ) |
Write a packet ID to buf, and update the packet ID state.
- Parameters
-
p Packet ID state. buf Buffer to write the packet ID too long_form If true, also update and write time_t to buf prepend If true, prepend to buffer, otherwise append.
- Returns
- true if successful, false otherwise.
Definition at line 386 of file packet_id.c.
References buf_write(), buf_write_prepend(), htonpid, htontime, packet_id_send::id, packet_id_send_update(), and packet_id_send::time.
Referenced by openvpn_encrypt_aead(), openvpn_encrypt_v1(), test_packet_id_write_long(), test_packet_id_write_long_prepend(), test_packet_id_write_long_wrap(), test_packet_id_write_short(), test_packet_id_write_short_prepend(), test_packet_id_write_short_wrap(), and tls_crypt_wrap().
◆ packet_id_write_epoch()
| bool packet_id_write_epoch | ( | struct packet_id_send * | p, |
| uint16_t | epoch, | ||
| struct buffer * | buf | ||
| ) |
Writes the packet ID containing both the epoch and the packet id to the buffer specified by buf.
- Parameters
-
p packet id send structure to use for the packet id epoch epoch to write to the packet buf buffer to write the packet id/epoch to
- Returns
- false if the packet id space is exhausted and cannot be written
Referenced by openvpn_encrypt_aead(), and test_packet_id_write_epoch().
◆ reset_packet_id_send()
|
inlinestatic |
Reset the current send packet id to its initial state.
Use very carefully (e.g. in the standalone reset packet context) to avoid sending more than one packet with the same packet id (that is not also a resend like the reset packet)
- Parameters
-
p the packet structure to modify
Definition at line 307 of file packet_id.h.
References packet_id_send::id, and packet_id_send::time.
Referenced by epoch_init_send_key_ctx(), send_hmac_reset_packet(), and test_generate_reset_packet_tls_auth().
