Control channel wrapping (–tls-auth/–tls-crypt) context. More...
#include <ssl_common.h>
Public Types | |
| enum | { TLS_WRAP_NONE = 0 , TLS_WRAP_AUTH , TLS_WRAP_CRYPT } |
Data Fields | |
| enum tls_wrap_ctx:: { ... } | mode |
| Control channel wrapping mode. | |
| struct crypto_options | opt |
| Crypto state. | |
| struct buffer | work |
| Work buffer (only for –tls-crypt) | |
| struct key_ctx | tls_crypt_v2_server_key |
| Decrypts client keys. | |
| const struct buffer * | tls_crypt_v2_wkc |
| Wrapped client key, sent to server. | |
| struct buffer | tls_crypt_v2_metadata |
| Received from client. | |
| bool | cleanup_key_ctx |
| opt.key_ctx_bi is owned by this context | |
| struct key2 | original_wrap_keydata |
| original key data to be xored in to the key for dynamic tls-crypt. | |
Detailed Description
Control channel wrapping (–tls-auth/–tls-crypt) context.
Definition at line 267 of file ssl_common.h.
Member Enumeration Documentation
◆ anonymous enum
| anonymous enum |
| Enumerator | |
|---|---|
| TLS_WRAP_NONE | No control channel wrapping. |
| TLS_WRAP_AUTH | Control channel authentication. |
| TLS_WRAP_CRYPT | Control channel encryption and authentication. |
Definition at line 269 of file ssl_common.h.
Field Documentation
◆ cleanup_key_ctx
| bool tls_wrap_ctx::cleanup_key_ctx |
opt.key_ctx_bi is owned by this context
Definition at line 280 of file ssl_common.h.
Referenced by free_tls_pre_decrypt_state(), tls_crypt_v2_extract_client_key(), and tls_wrap_free().
◆ []
| enum { ... } tls_wrap_ctx::mode |
Control channel wrapping mode.
Referenced by do_init_crypto_tls(), init_tas_auth(), init_tas_crypt(), read_control_auth(), test_generate_reset_packet_plain(), tls_crypt_v2_extract_client_key(), tls_crypt_v2_wrap_unwrap_max_metadata(), and tls_wrap_control().
◆ opt
| struct crypto_options tls_wrap_ctx::opt |
Crypto state.
Definition at line 274 of file ssl_common.h.
Referenced by do_init_crypto_tls(), do_pre_decrypt_check(), free_tas(), free_tls_pre_decrypt_state(), init_tas_auth(), init_tas_crypt(), read_control_auth(), send_hmac_reset_packet(), test_generate_reset_packet_tls_auth(), test_tls_crypt_secure_reneg_key(), tls_auth_standalone_free(), tls_auth_standalone_init(), tls_crypt_v2_extract_client_key(), tls_wrap_control(), and tls_wrap_free().
◆ original_wrap_keydata
| struct key2 tls_wrap_ctx::original_wrap_keydata |
original key data to be xored in to the key for dynamic tls-crypt.
We keep the original key data to ensure that the newly generated key for the dynamic tls-crypt has the same level of quality by using xor with the original key. This gives us the same same entropy/randomness as the original tls-crypt key to ensure the post-quantum use case of tls-crypt still holds true
Definition at line 290 of file ssl_common.h.
Referenced by do_init_crypto_tls(), init_tas_crypt(), tls_crypt_v2_extract_client_key(), and tls_wrap_free().
◆ tls_crypt_v2_metadata
| struct buffer tls_wrap_ctx::tls_crypt_v2_metadata |
Received from client.
Definition at line 279 of file ssl_common.h.
Referenced by free_tls_pre_decrypt_state(), tls_crypt_v2_extract_client_key(), tls_crypt_v2_verify_metadata(), and tls_wrap_free().
◆ tls_crypt_v2_server_key
| struct key_ctx tls_wrap_ctx::tls_crypt_v2_server_key |
Decrypts client keys.
Definition at line 276 of file ssl_common.h.
Referenced by do_init_crypto_tls(), read_control_auth(), tls_crypt_v2_extract_client_key(), and tls_crypt_v2_wrap_unwrap_max_metadata().
◆ tls_crypt_v2_wkc
| const struct buffer* tls_wrap_ctx::tls_crypt_v2_wkc |
Wrapped client key, sent to server.
Definition at line 277 of file ssl_common.h.
Referenced by do_init_crypto_tls(), and tls_wrap_control().
◆ work
| struct buffer tls_wrap_ctx::work |
Work buffer (only for –tls-crypt)
Definition at line 275 of file ssl_common.h.
Referenced by do_init_frame_tls(), free_tas(), init_tas_crypt(), test_tls_crypt_secure_reneg_key(), tls_wrap_control(), and tls_wrap_free().
The documentation for this struct was generated from the following file:
- src/openvpn/ssl_common.h
