openvpn3/acc__certcheck_8hpp_source.html

//    OpenVPN -- An application to securely tunnel IP networks

//               over a single port, with support for SSL/TLS-based

//               session authentication and key exchange,

//               packet encryption, packet authentication, and

//               packet compression.

//

//    Copyright (C) 2012- OpenVPN Inc.

//

//    SPDX-License-Identifier: MPL-2.0 OR AGPL-3.0-only WITH openvpn3-openssl-exception

//


#pragma once


#include <string>

#include <memory>

#include <optional>

#include <stdexcept>


#include <openvpn/buffer/buffer.hpp>

#include <openvpn/ssl/sslchoose.hpp>

#include <openvpn/ssl/sslapi.hpp>


namespace openvpn {


struct SslApiBuilder

{


    SslApiBuilder(SSLLib::SSLAPI::Config::Ptr cfg)

        : mConfig(std::move(cfg)),

          mFactory(mConfig->new_factory()),

          mServer(mFactory->ssl()) {};


    SslApiBuilder(const SslApiBuilder &) = delete;

    SslApiBuilder(SslApiBuilder &&) noexcept = delete;

    SslApiBuilder &operator=(const SslApiBuilder &) = delete;

    SslApiBuilder &operator=(SslApiBuilder &&) = delete;


  public: // API


    openvpn::SSLAPI &get()

    {

        return *mServer;

    }


  private:                                // Data

    SSLLib::SSLAPI::Config::Ptr mConfig;

    openvpn::SSLFactoryAPI::Ptr mFactory;

    openvpn::SSLAPI::Ptr mServer;

};


struct AccHandshaker

{

    using MsgT = std::optional<std::string>;

    AccHandshaker() = default;

    AccHandshaker(SSLLib::SSLAPI::Config::Ptr cfg);

    MsgT process_msg(const MsgT &msg);

    std::string details();

    void reset(SSLLib::SSLAPI::Config::Ptr cfg);


  private:

    std::unique_ptr<SslApiBuilder> mSslApi;

};


inline AccHandshaker::AccHandshaker(SSLLib::SSLAPI::Config::Ptr cfg)

    : mSslApi(new SslApiBuilder(std::move(cfg)))

{

    mSslApi->get().start_handshake();

}


inline AccHandshaker::MsgT AccHandshaker::process_msg(const MsgT &msg)

{

    if (!mSslApi)

        throw std::runtime_error("AccHandshaker::process_msg: not configured");


    MsgT ret = std::nullopt;

    auto &api = mSslApi->get();

    if (msg)

    {

        api.write_ciphertext(BufferAllocatedRc::Create(reinterpret_cast<const unsigned char *>(msg->c_str()),

                                                       msg->size(),

                                                       BufAllocFlags::NO_FLAGS));


        // Won't handshake without this even though there is no data available.

        uint8_t cleartext[8];

        api.read_cleartext(cleartext, sizeof(cleartext));

    }


    if (api.read_ciphertext_ready())

    {

        auto reply = api.read_ciphertext();

        ret = {reinterpret_cast<const char *>(reply->c_data()),

               reinterpret_cast<const char *>(reply->c_data_end())};

    }


    return ret;

}


inline std::string AccHandshaker::details()

{

    if (!mSslApi)

        throw std::runtime_error("AccHandshaker::details: not configured");


    return mSslApi->get().ssl_handshake_details();

}


inline void AccHandshaker::reset(SSLLib::SSLAPI::Config::Ptr cfg)

{

    mSslApi.reset(new SslApiBuilder(std::move(cfg)));

    mSslApi->get().start_handshake();

}


} // namespace openvpn

buffer.hpp

openvpn::RCPtr< SSLFactoryAPI >

openvpn::RcEnable::Create
static Ptr Create(ArgsT &&...args)
Creates a new instance of RcEnable with the given arguments.
Definition make_rc.hpp:43

openvpn::SSLAPI
Definition sslapi.hpp:49

openvpn::BufAllocFlags::NO_FLAGS
constexpr BufferFlags NO_FLAGS(0u)
no flags set

openvpn
Definition ovpncli.cpp:97

sslapi.hpp

sslchoose.hpp

openvpn::AccHandshaker
defines a class that handles SSL/TLS handshaking
Definition acc_certcheck.hpp:87

openvpn::AccHandshaker::details
std::string details()
returns ssl_handshake_details() if the SSLAPI is available
Definition acc_certcheck.hpp:148

openvpn::AccHandshaker::mSslApi
std::unique_ptr< SslApiBuilder > mSslApi
Definition acc_certcheck.hpp:96

openvpn::AccHandshaker::MsgT
std::optional< std::string > MsgT
Definition acc_certcheck.hpp:88

openvpn::AccHandshaker::AccHandshaker
AccHandshaker()=default

openvpn::AccHandshaker::process_msg
MsgT process_msg(const MsgT &msg)
Incrementally process the CLIENT HELLO / SERVER HELLO exchange.
Definition acc_certcheck.hpp:116

openvpn::AccHandshaker::reset
void reset(SSLLib::SSLAPI::Config::Ptr cfg)
Re-init the handshaker.
Definition acc_certcheck.hpp:163

openvpn::SslApiBuilder
The SslApiBuilder struct is used to initialize and configure an SSL/TLS API in OpenVPN.
Definition acc_certcheck.hpp:37

openvpn::SslApiBuilder::SslApiBuilder
SslApiBuilder(const SslApiBuilder &)=delete

openvpn::SslApiBuilder::mConfig
SSLLib::SSLAPI::Config::Ptr mConfig
Configuration for this SSL server.
Definition acc_certcheck.hpp:63

openvpn::SslApiBuilder::get
openvpn::SSLAPI & get()
get a reference to the encapsulated ssl object
Definition acc_certcheck.hpp:57

openvpn::SslApiBuilder::SslApiBuilder
SslApiBuilder(SslApiBuilder &&) noexcept=delete

openvpn::SslApiBuilder::SslApiBuilder
SslApiBuilder(SSLLib::SSLAPI::Config::Ptr cfg)
Construct a new SslApiBuilder object.
Definition acc_certcheck.hpp:42

openvpn::SslApiBuilder::mServer
openvpn::SSLAPI::Ptr mServer
Server created from the factory - depends on mConfig and mFactory.
Definition acc_certcheck.hpp:65

openvpn::SslApiBuilder::mFactory
openvpn::SSLFactoryAPI::Ptr mFactory
Factory from the SSL configuration.
Definition acc_certcheck.hpp:64

ret
std::string ret
Definition test_capture.cpp:268

msg
#define msg(flags,...)
Definition xkey_msg_compat.h:14