 |
OpenVPN 3 Core Library
|
|
OpenVPN 3 Core Library
|
Implements the PsidCookie interface. More...
#include <psid_cookie_impl.hpp>
Public Member Functions | |
| PsidCookieImpl (ServerProto::Factory *psfp) | |
| Intercept | intercept (Buffer &pkt_buf, const PsidCookieAddrInfoBase &pcaib) override |
| Called when a potential new client session packet is received. | |
| ProtoSessionID | get_cookie_psid () override |
| Get the cookie psid from client's 2nd packet. | |
| void | provide_psid_cookie_transport (PsidCookieTransportBase::Ptr pctb) override |
| Give this component the transport needed to send the server's HARD_RESET. | |
 Public Member Functions inherited from openvpn::PsidCookie | |
| virtual | ~PsidCookie ()=default |
| Public Member Functions inherited from openvpn::RC< thread_unsafe_refcount > | |
| RC () noexcept=default | |
| RC (const RC &)=delete | |
| virtual | ~RC ()=default |
| RC & | operator= (const RC &)=delete |
| olong | use_count () const noexcept |
| Delegates call to RCImpl and returns the result. | |
Static Public Member Functions | |
| static void | pre_threading_setup () |
| Static Public Member Functions inherited from openvpn::RC< thread_unsafe_refcount > | |
| static constexpr bool | is_thread_safe () |
| Delegates call to RCImpl and returns the result. | |
Static Public Attributes | |
| static constexpr int | SID_SIZE = ProtoSessionID::SIZE |
| static constexpr int | OPCODE_SIZE = 1 |
Private Types | |
| using | CookieHelper = ProtoContext::PsidCookieHelper |
Private Member Functions | |
| Intercept | process_clients_initial_reset_tls_auth (ConstBuffer &pkt_buf, const PsidCookieAddrInfoBase &pcaib) |
| Intercept | process_clients_server_reset_ack_tls_auth (ConstBuffer &pkt_buf, const PsidCookieAddrInfoBase &pcaib) |
| Intercept | process_clients_initial_reset_tls_crypt (Buffer &pkt_buf, const PsidCookieAddrInfoBase &pcaib, const CookieHelper &ch) |
| Intercept | process_clients_server_reset_ack_tls_crypt (Buffer &pkt_buf, const PsidCookieAddrInfoBase &pcaib) |
| ProtoSessionID | calculate_session_id_hmac (const ProtoSessionID &cli_psid, const PsidCookieAddrInfoBase &pcaib, unsigned int offset) |
| Calculate the psid cookie, the ProtoSessionID hmac. | |
| bool | check_session_id_hmac (const ProtoSessionID &srv_psid, const ProtoSessionID &cli_psid, const PsidCookieAddrInfoBase &pcaib) |
| std::optional< std::pair< TLSCryptInstance::Ptr, TLSCryptInstance::Ptr > > | init_tls_crypt_v2 (Buffer &pkt_buf) |
| Set up a couple of TLSCryptInstance (send, recv) from a TLS crypt V2 packet's WKc. | |
Static Private Member Functions | |
| static StaticKey | create_key () |
| static const StaticKey & | get_key () |
Private Attributes | |
| ProtoContext::ProtoConfig & | pcfg_ |
| TimePtr | now_ |
| const Time::Duration & | handwindow_ |
| OvpnHMACInstance::Ptr | ta_hmac_recv_ |
| OvpnHMACInstance::Ptr | ta_hmac_send_ |
| SSLLib::CryptoAPI::HMACContext | hmac_ctx_ |
| PsidCookieTransportBase::Ptr | pctb_ |
| ProtoSessionID | cookie_psid_ |
Static Private Attributes | |
| static constexpr CryptoAlgs::Type | digest_ = CryptoAlgs::Type::SHA256 |
Additional Inherited Members | |
| Public Types inherited from openvpn::PsidCookie | |
| enum class | Intercept { DECLINE_HANDLING , EARLY_DROP , DROP_1ST , HANDLE_1ST , DROP_2ND , HANDLE_2ND } |
| Values returned by the intercept() function. More... | |
| using | Ptr = RCPtr< PsidCookie > |
| Public Types inherited from openvpn::RC< thread_unsafe_refcount > | |
| using | Ptr = RCPtr< RC > |
Implements the PsidCookie interface.
This code currently only supports tls-auth. The approach can be applied with minimal changes also to tls-crypt/no auth but requires more changes/protocol changes and updated clients for the tls-crypt-v2 case.
This class is not thread safe; it expects to be instantiated in each thread of a multi-threaded server implementation.
Definition at line 45 of file psid_cookie_impl.hpp.
|
private |
Definition at line 134 of file psid_cookie_impl.hpp.
|
inline |
Definition at line 58 of file psid_cookie_impl.hpp.
|
inlineprivate |
Calculate the psid cookie, the ProtoSessionID hmac.
| cli_psid | Client's protocol session id, ProtoSessionID |
| pcaib | Client's address information, reproducibly hashable |
| offset | moves the time valid time window backward from current |
Definition at line 432 of file psid_cookie_impl.hpp.
|
inlineprivate |
|
inlinestaticprivate |
|
inlineoverridevirtual |
Get the cookie psid from client's 2nd packet.
This provides the server's psid (a.k.a, the cookie_psid) as returned by the client in it's 2nd packet. It may only be called after intercept() returns HANDLE_2ND, indicating a valid psid cookie. Further, it may only be called once as it invalidates the internal data source after it sets the return value.
Implements openvpn::PsidCookie.
Definition at line 119 of file psid_cookie_impl.hpp.
|
inlinestaticprivate |
|
inlineprivate |
Set up a couple of TLSCryptInstance (send, recv) from a TLS crypt V2 packet's WKc.
| pkt_buf | The packet holding the WKc at the end. |
Definition at line 496 of file psid_cookie_impl.hpp.
|
inlineoverridevirtual |
Called when a potential new client session packet is received.
Called by the server implementation when it recieves a packet for which it has no state information. Such a packet is potentially a client HARD_RESET or a 2nd client packet returning the psid cookie.
| pkt_buf | The packet received by the server implementation. |
| pcaib | The address information as contained in an instance of the class that the server implementation derived from the PsidCookieAddrInfoBase class |
Implements openvpn::PsidCookie.
Definition at line 90 of file psid_cookie_impl.hpp.
|
inlinestatic |
|
inlineprivate |
|
inlineprivate |
|
inlineprivate |
|
inlineprivate |
|
inlineoverridevirtual |
Give this component the transport needed to send the server's HARD_RESET.
The server implementation must call this method before the intercept() function is asked to handle a packet
| pctb | The transport capability as provided by the server implementation's object derived from the PsidCookieTransportBase class |
Implements openvpn::PsidCookie.
Definition at line 126 of file psid_cookie_impl.hpp.
|
private |
Definition at line 537 of file psid_cookie_impl.hpp.
|
staticconstexprprivate |
Definition at line 524 of file psid_cookie_impl.hpp.
|
private |
Definition at line 528 of file psid_cookie_impl.hpp.
|
private |
Definition at line 534 of file psid_cookie_impl.hpp.
|
private |
Definition at line 527 of file psid_cookie_impl.hpp.
|
staticconstexpr |
Definition at line 49 of file psid_cookie_impl.hpp.
|
private |
Definition at line 526 of file psid_cookie_impl.hpp.
|
private |
Definition at line 536 of file psid_cookie_impl.hpp.
|
staticconstexpr |
Definition at line 48 of file psid_cookie_impl.hpp.
|
private |
Definition at line 530 of file psid_cookie_impl.hpp.
|
private |
Definition at line 531 of file psid_cookie_impl.hpp.
1.9.8