openvpn3/customcontrolchannel_8hpp_source.html

//    OpenVPN -- An application to securely tunnel IP networks

//               over a single port, with support for SSL/TLS-based

//               session authentication and key exchange,

//               packet encryption, packet authentication, and

//               packet compression.

//

//    Copyright (C) 2012- OpenVPN Inc.

//

//    SPDX-License-Identifier: MPL-2.0 OR AGPL-3.0-only WITH openvpn3-openssl-exception

//

//


#pragma once


#include <vector>

#include <string>

#include <utility>

#include <openvpn/common/string.hpp>

#include <openvpn/common/unicode.hpp>

#include <openvpn/common/base64.hpp>

#include <openvpn/buffer/bufstr.hpp>

#include <openvpn/common/number.hpp>


namespace openvpn {


struct AppControlMessageConfig

{

    bool encoding_base64 = false;


    bool encoding_text = false;


    bool encoding_binary = false;


    std::vector<std::string> supported_protocols;


    int max_msg_size = 0;


    bool operator==(const AppControlMessageConfig &other) const

    {

        return (encoding_base64 == other.encoding_base64) && (encoding_text == other.encoding_text) && (encoding_binary == other.encoding_binary) && (supported_protocols == other.supported_protocols) && (max_msg_size == other.max_msg_size);

    }


    void parse_flags(const std::string &flags)

    {

        for (const auto &flag : string::split(flags, ':'))

        {

            if (flag == "A")

                encoding_text = true;

            else if (flag == "B")

                encoding_binary = true;

            else if (flag == "6")

                encoding_base64 = true;

        }

    }


    bool supports_protocol(const std::string &protocol)

    {

        return (std::find(supported_protocols.begin(), supported_protocols.end(), protocol) != std::end(supported_protocols));

    }


    std::vector<std::string> format_message(const std::string &protocol, const std::string &message)

    {

        if (!supports_protocol(protocol))

            throw std::invalid_argument("protocol [" + protocol + "] is not supported by peer");


        std::string format;


        /* 2 for the encoding and potential 'F', and ','; 4 for the commas; 5 for the message size itself */

        /* Example: ACC,muppets,41,A,{ "me": "pig", "msg": "I am Miss Piggy" })  */

        const std::size_t header_size = std::strlen("ACC,") + 2 + protocol.size() + 4 + 5;

        auto max_fragment_size = max_msg_size - header_size;


        /* check if the message would be able to pass through the message

         * sanitisation of normal control channel receive logic */

        const std::string sanitised_msg = Unicode::utf8_printable(message, Unicode::UTF8_FILTER);

        if (sanitised_msg == message && encoding_text)

            format = "A";

        else if (encoding_base64)

        {

            format = "6";

            max_fragment_size = max_fragment_size * 6 / 8 - 1;

        }

        else

        {

            throw std::invalid_argument("no encoding available to encode app custom control message");

        }


        std::vector<std::string> control_messages;


        for (std::size_t i = 0; i < message.size(); i += max_fragment_size)

        {

            std::string fragment = message.substr(i, max_fragment_size);

            const bool lastfragment = (i + max_fragment_size) >= message.size();


            if (format == "6")

            {

                fragment = base64->encode(fragment);

            }


            std::stringstream control_msg{};

            control_msg << "ACC," << protocol << ",";

            control_msg << std::to_string(fragment.size()) << ",";

            control_msg << format;

            if (!lastfragment)

                control_msg << "F";

            control_msg << "," << fragment;


            control_messages.emplace_back(control_msg.str());

        }

        return control_messages;

    }


    std::string str() const

    {

        if (supported_protocols.empty())

        {

            return {"no supported protocols"};

        }


        std::stringstream out;

        out << "protocols " << string::join(supported_protocols, " ") << ", ";

        out << "msg_size " << max_msg_size << ", ";

        out << "encoding";

        if (encoding_binary)

            out << " binary";

        if (encoding_text)

            out << " ascii";

        if (encoding_base64)

            out << " base64";


        return out.str();

    }


};


OPENVPN_EXCEPTION(parse_acc_message);


class AppControlMessageReceiver

{

  private:

    BufferAllocated recvbuf;

    std::string recvprotocol;


  public:


    bool receive_message(const std::string &msg)

    {

        if (!recvbuf.defined())

            recvbuf.reset(256, BufAllocFlags::GROW);

        // msg includes ACC, prefix

        auto parts = string::split(msg, ',', 4);

        if (parts.size() != 5 || parts[0] != "ACC")

        {

            throw parse_acc_message{"Discarding malformed custom app control message"};

        }


        auto protocol = std::move(parts[1]);

        auto length_str = std::move(parts[2]);

        auto flags = std::move(parts[3]);

        auto message = std::move(parts[4]);


        bool base64Encoding = false;

        bool textEncoding = false;

        bool fragment = false;


        size_t length = 0;

        if (!parse_number(length_str, length) || length != message.length())

        {

            throw parse_acc_message{"Discarding malformed custom app control message"};

        }


        for (char const &c : flags)

        {

            switch (c)

            {

            case '6':

                base64Encoding = true;

                break;

            case 'A':

                textEncoding = true;

                break;

            case 'F':

                fragment = true;

                break;

            default:

                throw parse_acc_message{"Discarding malformed custom app control message. "

                                        "Unknown flag '"

                                        + std::to_string(c) + "' in message found"};

            }

        }

        // exactly just one encoding has to be present. So ensure that the sum of the bools as 0/1 is exactly 1

        if (textEncoding + base64Encoding != 1)

        {

            throw parse_acc_message{"Discarding malformed custom app control message. "

                                    "Unknown or no encoding flag in message found"};

        }


        if (base64Encoding)

            message = base64->decode(message);


        if (!recvbuf.empty() && recvprotocol != protocol)

        {

            throw parse_acc_message{"custom app control framing error: message with different "

                                    "protocol and previous fragmented message not finished"};

        }


        recvbuf.write(message.data(), message.size());

        recvprotocol = protocol;

        return !fragment;

    }


    std::pair<std::string, std::string> get_message()

    {

        auto ret = buf_to_string(recvbuf);

        recvbuf.clear();

        return {recvprotocol, ret};

    }


};


} // namespace openvpn

base64.hpp

bufstr.hpp

openvpn::AppControlMessageReceiver
Definition customcontrolchannel.hpp:162

openvpn::AppControlMessageReceiver::recvbuf
BufferAllocated recvbuf
Definition customcontrolchannel.hpp:164

openvpn::AppControlMessageReceiver::receive_message
bool receive_message(const std::string &msg)
Definition customcontrolchannel.hpp:173

openvpn::AppControlMessageReceiver::recvprotocol
std::string recvprotocol
Definition customcontrolchannel.hpp:165

openvpn::AppControlMessageReceiver::get_message
std::pair< std::string, std::string > get_message()
Definition customcontrolchannel.hpp:240

openvpn::Base64::encode
std::string encode(const V &data) const
Definition base64.hpp:139

openvpn::Base64::decode
size_t decode(void *data, size_t len, const std::string &str) const
Definition base64.hpp:186

openvpn::BufferAllocatedType< unsigned char >

openvpn::BufferAllocatedType::clear
void clear()
Clears the contents of the buffer.
Definition buffer.hpp:1824

openvpn::BufferAllocatedType::reset
void reset(const size_t min_capacity, const BufferFlags flags=BufAllocFlags::NO_FLAGS)
Resets the buffer with the specified minimum capacity and flags.
Definition buffer.hpp:1773

openvpn::ConstBufferType::defined
bool defined() const
Returns true if the buffer is not empty.
Definition buffer.hpp:1224

openvpn::ConstBufferType::empty
bool empty() const
Returns true if the buffer is empty.
Definition buffer.hpp:1236

openvpn::ConstBufferType::write
void write(const T *data, const size_t size)
Write data to the buffer.
Definition buffer.hpp:1563

unicode.hpp

OPENVPN_EXCEPTION
#define OPENVPN_EXCEPTION(C)
Definition exception.hpp:100

openvpn::BufAllocFlags::GROW
constexpr BufferFlags GROW(1u<< 2)
if enabled, buffer will grow (otherwise buffer_full exception will be thrown)

openvpn::Unicode::utf8_printable
STRING utf8_printable(const STRING &str, size_t max_len_flags)
Definition unicode.hpp:129

openvpn::Unicode::UTF8_FILTER
@ UTF8_FILTER
Definition unicode.hpp:126

openvpn::string::join
auto join(const T &strings, const typename T::value_type &delim, const bool tail=false)
Definition string.hpp:521

openvpn::string::split
std::vector< T > split(const T &str, const typename T::value_type sep, const int maxsplit=-1)
Definition string.hpp:492

openvpn
Definition ovpncli.cpp:97

openvpn::base64
const Base64 * base64
Definition base64.hpp:299

openvpn::parse_number
bool parse_number(const char *str, T &retval, const bool nondigit_term=false)
Definition number.hpp:34

openvpn::buf_to_string
std::string buf_to_string(const Buffer &buf)
Definition bufstr.hpp:22

number.hpp

string.hpp

openvpn::AppControlMessageConfig
Definition customcontrolchannel.hpp:32

openvpn::AppControlMessageConfig::supports_protocol
bool supports_protocol(const std::string &protocol)
Definition customcontrolchannel.hpp:67

openvpn::AppControlMessageConfig::supported_protocols
std::vector< std::string > supported_protocols
List of supported protocols.
Definition customcontrolchannel.hpp:44

openvpn::AppControlMessageConfig::encoding_text
bool encoding_text
Definition customcontrolchannel.hpp:38

openvpn::AppControlMessageConfig::max_msg_size
int max_msg_size
Maximum size of each individual message/message fragment.
Definition customcontrolchannel.hpp:47

openvpn::AppControlMessageConfig::encoding_base64
bool encoding_base64
Supports sending/receiving messages as base64 encoded binary.
Definition customcontrolchannel.hpp:34

openvpn::AppControlMessageConfig::format_message
std::vector< std::string > format_message(const std::string &protocol, const std::string &message)
Format a protocol string and a message into a properly packed series of message fragments.
Definition customcontrolchannel.hpp:83

openvpn::AppControlMessageConfig::operator==
bool operator==(const AppControlMessageConfig &other) const
Definition customcontrolchannel.hpp:49

openvpn::AppControlMessageConfig::encoding_binary
bool encoding_binary
support sending binary as is as part of the ACC control channel message (not implemented yet)
Definition customcontrolchannel.hpp:41

openvpn::AppControlMessageConfig::str
std::string str() const
Definition customcontrolchannel.hpp:137

openvpn::AppControlMessageConfig::parse_flags
void parse_flags(const std::string &flags)
Definition customcontrolchannel.hpp:54

flags
reroute_gw flags
Definition test_capture.cpp:266

ret
std::string ret
Definition test_capture.cpp:268

out
static std::stringstream out
Definition test_path.cpp:10

message
const char message[]
Definition test_proto.cpp:255

msg
#define msg(flags,...)
Definition xkey_msg_compat.h:14