Security parameter state of one TLS and data channel key session. More...
#include <ssl_common.h>
Detailed Description
Security parameter state of one TLS and data channel key session.
This structure represents one security parameter session between OpenVPN peers. It includes the control channel TLS state and the data channel crypto state. It also contains the reliability layer structures used for control channel messages.
A new key_state structure is initialized for each hard or soft reset.
- See also
- This structure should be initialized using the
key_state_init()function. - This structure should be cleaned up using the
key_state_free()function.
- This structure should be initialized using the
Definition at line 199 of file ssl_common.h.
Field Documentation
◆ acf_last_mod
| time_t key_state::acf_last_mod |
Definition at line 258 of file ssl_common.h.
◆ ack_write_buf
| struct buffer key_state::ack_write_buf |
Definition at line 235 of file ssl_common.h.
Referenced by key_state_free(), key_state_init(), and tls_process().
◆ auth_deferred_expire
| time_t key_state::auth_deferred_expire |
Definition at line 252 of file ssl_common.h.
Referenced by send_auth_pending_messages(), session_move_pre_start(), tls_select_encryption_key(), and update_key_auth_status().
◆ auth_token_state_flags
| unsigned int key_state::auth_token_state_flags |
The state of the auth-token sent from the client.
Definition at line 203 of file ssl_common.h.
Referenced by auth_token_test_env(), generate_auth_token(), and verify_user_pass().
◆ authenticated
| enum ks_auth_state key_state::authenticated |
Definition at line 251 of file ssl_common.h.
Referenced by handle_data_channel_packet(), key_method_2_read(), multi_process_post(), print_key_id(), print_key_id_not_found_reason(), tls_authentication_status(), tls_deauthenticate(), tls_multi_process(), tls_select_encryption_key(), tls_session_generate_data_channel_keys(), update_key_auth_status(), verify_final_auth_checks(), and verify_user_pass().
◆ crypto_options
| struct crypto_options key_state::crypto_options |
Definition at line 229 of file ssl_common.h.
Referenced by cc_exit_notify_enabled(), control_packet_needs_wkc(), generate_key_expansion(), handle_data_channel_packet(), init_epoch_keys(), init_key_contexts(), key_state_free(), key_state_init(), parse_early_negotiation_tlvs(), should_trigger_renegotiation(), tls_pre_encrypt(), tls_process(), tls_select_encryption_key(), and tls_session_generate_data_channel_keys().
◆ dco_status
| enum dco_key_status key_state::dco_status |
Definition at line 263 of file ssl_common.h.
◆ established
| time_t key_state::established |
Definition at line 220 of file ssl_common.h.
Referenced by receive_auth_pending(), send_push_request(), session_move_active(), should_trigger_renegotiation(), and tls_process().
◆ initial
| time_t key_state::initial |
Definition at line 219 of file ssl_common.h.
Referenced by send_auth_pending_messages(), and session_move_pre_start().
◆ initial_opcode
| int key_state::initial_opcode |
Definition at line 225 of file ssl_common.h.
Referenced by key_state_init(), and session_move_pre_start().
◆ key_id
| int key_state::key_id |
Key id for this key_state, inherited from struct tls_session.
- See also
- tls_session::key_id.
Definition at line 209 of file ssl_common.h.
Referenced by handle_data_channel_packet(), key_method_2_read(), key_method_2_write(), key_state_init(), print_key_id(), print_key_id_not_found_reason(), tls_pre_decrypt(), tls_pre_encrypt(), tls_prepend_opcode_v1(), tls_prepend_opcode_v2(), and write_control_auth().
◆ key_src
| struct key_source2* key_state::key_src |
Definition at line 231 of file ssl_common.h.
Referenced by generate_key_expansion_openvpn_prf(), key_method_2_read(), key_method_2_write(), key_state_free(), key_state_init(), and tls_session_generate_data_channel_keys().
◆ ks_ssl
| struct key_state_ssl key_state::ks_ssl |
Definition at line 217 of file ssl_common.h.
Referenced by flush_payload_buffer(), key_state_free(), key_state_init(), read_incoming_tls_ciphertext(), read_incoming_tls_plaintext(), session_move_active(), tls_multi_process(), tls_process_state(), tls_send_payload(), and write_outgoing_tls_ciphertext().
◆ lru_acks
| struct reliable_ack* key_state::lru_acks |
Definition at line 240 of file ssl_common.h.
Referenced by calc_control_channel_frame_overhead(), key_state_free(), key_state_init(), and write_control_auth().
◆ mda_key_id
| unsigned int key_state::mda_key_id |
Definition at line 255 of file ssl_common.h.
Referenced by key_state_init(), management_client_pending_auth(), receive_cr_response(), tls_authenticate_key(), and verify_user_pass_management().
◆ mda_status
| enum auth_deferred_result key_state::mda_status |
Definition at line 256 of file ssl_common.h.
Referenced by man_def_auth_test(), tls_authenticate_key(), and verify_user_pass().
◆ must_die
| time_t key_state::must_die |
Definition at line 222 of file ssl_common.h.
Referenced by key_state_soft_reset(), and lame_duck_must_die().
◆ must_negotiate
| time_t key_state::must_negotiate |
Definition at line 221 of file ssl_common.h.
Referenced by session_move_active(), session_move_pre_start(), tls_process(), and tls_process_state().
◆ n_bytes
| counter_type key_state::n_bytes |
Definition at line 245 of file ssl_common.h.
Referenced by handle_data_channel_packet(), should_trigger_renegotiation(), tls_post_encrypt(), and tls_process().
◆ n_packets
| counter_type key_state::n_packets |
Definition at line 246 of file ssl_common.h.
Referenced by handle_data_channel_packet(), should_trigger_renegotiation(), tls_post_encrypt(), and tls_process().
◆ paybuf
| struct buffer_list* key_state::paybuf |
Holds outgoing message for the control channel until ks->state reaches S_ACTIVE.
Definition at line 244 of file ssl_common.h.
Referenced by flush_payload_buffer(), key_state_free(), and tls_send_payload().
◆ peer_id
| uint32_t key_state::peer_id |
Key id for this key_state, inherited from struct tls_session.
- See also
- tls_multi::peer_id.
Definition at line 215 of file ssl_common.h.
◆ peer_last_packet
| time_t key_state::peer_last_packet |
Definition at line 223 of file ssl_common.h.
Referenced by send_push_request(), and tls_pre_decrypt().
◆ plaintext_read_buf
| struct buffer key_state::plaintext_read_buf |
Definition at line 233 of file ssl_common.h.
Referenced by key_state_free(), key_state_init(), tls_process_state(), tls_rec_payload(), and tls_test_payload_len().
◆ plaintext_write_buf
| struct buffer key_state::plaintext_write_buf |
Definition at line 234 of file ssl_common.h.
Referenced by key_state_free(), key_state_init(), and tls_process_state().
◆ plugin_auth
| struct auth_deferred_status key_state::plugin_auth |
Definition at line 260 of file ssl_common.h.
Referenced by key_state_free(), multi_process_post(), tls_authentication_status(), update_key_auth_status(), and verify_user_pass_plugin().
◆ rec_ack
| struct reliable_ack* key_state::rec_ack |
Definition at line 239 of file ssl_common.h.
Referenced by calc_control_channel_frame_overhead(), key_state_free(), key_state_init(), tls_pre_decrypt(), tls_process(), and write_control_auth().
◆ rec_reliable
| struct reliable* key_state::rec_reliable |
Definition at line 238 of file ssl_common.h.
Referenced by key_state_free(), key_state_init(), parse_early_negotiation_tlvs(), read_incoming_tls_ciphertext(), session_skip_to_pre_start(), tls_pre_decrypt(), and tls_process_state().
◆ remote_addr
| struct link_socket_actual key_state::remote_addr |
Definition at line 227 of file ssl_common.h.
Referenced by handle_data_channel_packet(), key_state_soft_reset(), session_move_active(), session_skip_to_pre_start(), tls_multi_process(), tls_pre_decrypt(), tls_update_remote_addr(), and write_control_auth().
◆ script_auth
| struct auth_deferred_status key_state::script_auth |
Definition at line 261 of file ssl_common.h.
Referenced by key_state_free(), multi_process_post(), tls_authentication_status(), update_key_auth_status(), and verify_user_pass_script().
◆ send_reliable
| struct reliable* key_state::send_reliable |
Definition at line 237 of file ssl_common.h.
Referenced by check_outgoing_ciphertext(), check_session_buf_not_used(), control_packet_needs_wkc(), key_state_free(), key_state_init(), session_move_pre_start(), tls_pre_decrypt(), tls_process(), tls_process_state(), and write_outgoing_tls_ciphertext().
◆ session_id_remote
| struct session_id key_state::session_id_remote |
Definition at line 226 of file ssl_common.h.
Referenced by generate_key_expansion_openvpn_prf(), key_state_soft_reset(), print_key_id(), session_skip_to_pre_start(), tls_multi_process(), tls_pre_decrypt(), and write_control_auth().
◆ state
| int key_state::state |
Definition at line 201 of file ssl_common.h.
Referenced by check_outgoing_ciphertext(), check_session_buf_not_used(), handle_data_channel_packet(), key_state_free(), key_state_init(), lame_duck_must_die(), print_key_id(), print_key_id_not_found_reason(), session_move_active(), session_move_pre_start(), session_skip_to_pre_start(), tls_multi_process(), tls_pre_decrypt(), tls_process(), tls_process_state(), tls_rec_payload(), tls_select_encryption_key(), tls_send_payload(), tls_session_generate_data_channel_keys(), and tls_test_payload_len().
The documentation for this struct was generated from the following file:
- src/openvpn/ssl_common.h
