]> git.ipfire.org Git - thirdparty/openvpn.git/blame - src/openvpn/ssl_common.h
projects / thirdparty / openvpn.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
uncrustify openvpnserv/ sources
[thirdparty/openvpn.git] / src / openvpn / ssl_common.h
CommitLineData
9a160b79
AJ		 1/*
2 * OpenVPN -- An application to securely tunnel IP networks
3 * over a single TCP/UDP port, with support for SSL/TLS-based
4 * session authentication and key exchange,
5 * packet encryption, packet authentication, and
6 * packet compression.
7 *
49979459
DS		 8 * Copyright (C) 2002-2018 OpenVPN Inc <sales@openvpn.net>
9 * Copyright (C) 2010-2018 Fox Crypto B.V. <openvpn@fox-it.com>
9a160b79
AJ		 10 *
11 * This program is free software; you can redistribute it and/or modify
12 * it under the terms of the GNU General Public License version 2
13 * as published by the Free Software Foundation.
14 *
15 * This program is distributed in the hope that it will be useful,
16 * but WITHOUT ANY WARRANTY; without even the implied warranty of
17 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 * GNU General Public License for more details.
19 *
caa54ac3
DS		 20 * You should have received a copy of the GNU General Public License along
21 * with this program; if not, write to the Free Software Foundation, Inc.,
22 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
9a160b79
AJ		 23 */
24
25/**
26 * @file Control Channel Common Data Structures
27 */
28
29#ifndef SSL_COMMON_H_
30#define SSL_COMMON_H_
31
32#include "session_id.h"
33#include "socket.h"
34#include "packet_id.h"
35#include "crypto.h"
36#include "options.h"
37
38#include "ssl_backend.h"
39
289a8bb8
AJ		 40/* passwords */
41#define UP_TYPE_AUTH "Auth"
42#define UP_TYPE_PRIVATE_KEY "Private Key"
43
d0811e64
AJ		 44/** @addtogroup control_processor
45 * @{ */
46/**
47 * @name Control channel negotiation states
48 *
49 * These states represent the different phases of control channel
50 * negotiation between OpenVPN peers. OpenVPN servers and clients
51 * progress through the states in a different order, because of their
52 * different roles during exchange of random material. The references to
53 * the \c key_source2 structure in the list below is only valid if %key
54 * method 2 is being used. See the \link key_generation data channel key
55 * generation\endlink related page for more information.
56 *
57 * Clients follow this order:
58 * -# \c S_INITIAL, ready to begin three-way handshake and control
59 * channel negotiation.
60 * -# \c S_PRE_START, have started three-way handshake, waiting for
61 * acknowledgment from remote.
62 * -# \c S_START, initial three-way handshake complete.
63 * -# \c S_SENT_KEY, have sent local part of \c key_source2 random
64 * material.
65 * -# \c S_GOT_KEY, have received remote part of \c key_source2 random
66 * material.
67 * -# \c S_ACTIVE, normal operation during remaining handshake window.
68 * -# \c S_NORMAL_OP, normal operation.
69 *
70 * Servers follow the same order, except for \c S_SENT_KEY and \c
71 * S_GOT_KEY being reversed, because the server first receives the
72 * client's \c key_source2 random material before generating and sending
73 * its own.
74 *
75 * @{
76 */
77#define S_ERROR -1 /**< Error state. */
78#define S_UNDEF 0 /**< Undefined state, used after a \c
79 * key_state is cleaned up. */
80#define S_INITIAL 1 /**< Initial \c key_state state after
81 * initialization by \c key_state_init()
82 * before start of three-way handshake. */
83#define S_PRE_START 2 /**< Waiting for the remote OpenVPN peer
84 * to acknowledge during the initial
85 * three-way handshake. */
86#define S_START 3 /**< Three-way handshake is complete,
87 * start of key exchange. */
88#define S_SENT_KEY 4 /**< Local OpenVPN process has sent its
89 * part of the key material. */
90#define S_GOT_KEY 5 /**< Local OpenVPN process has received
91 * the remote's part of the key
92 * material. */
93#define S_ACTIVE 6 /**< Operational \c key_state state
94 * immediately after negotiation has
95 * completed while still within the
96 * handshake window. */
97/* ready to exchange data channel packets */
98#define S_NORMAL_OP 7 /**< Normal operational \c key_state
99 * state. */
100/** @} name Control channel negotiation states */
101/** @} addtogroup control_processor */
102
67d8a0d4
AJ		 103/**
104 * Container for one half of random material to be used in %key method 2
105 * \ref key_generation "data channel key generation".
106 * @ingroup control_processor
107 */
108struct key_source {
81d882d5 109 uint8_t pre_master[48]; /**< Random used for master secret
67d8a0d4
AJ		 110 * generation, provided only by client
111 * OpenVPN peer. */
81d882d5 112 uint8_t random1[32]; /**< Seed used for master secret
67d8a0d4
AJ		 113 * generation, provided by both client
114 * and server. */
81d882d5 115 uint8_t random2[32]; /**< Seed used for key expansion, provided
67d8a0d4
AJ		 116 * by both client and server. */
117};
118
119
120/**
121 * Container for both halves of random material to be used in %key method
122 * 2 \ref key_generation "data channel key generation".
123 * @ingroup control_processor
124 */
125struct key_source2 {
81d882d5
DS		 126 struct key_source client; /**< Random provided by client. */
127 struct key_source server; /**< Random provided by server. */
67d8a0d4
AJ		 128};
129
130/**
131 * Security parameter state of one TLS and data channel %key session.
132 * @ingroup control_processor
133 *
134 * This structure represents one security parameter session between
135 * OpenVPN peers. It includes the control channel TLS state and the data
136 * channel crypto state. It also contains the reliability layer
137 * structures used for control channel messages.
138 *
139 * A new \c key_state structure is initialized for each hard or soft
140 * reset.
141 *
142 * @see
143 * - This structure should be initialized using the \c key_state_init()
144 * function.
145 * - This structure should be cleaned up using the \c key_state_free()
146 * function.
147 */
148struct key_state
149{
81d882d5 150 int state;
97894360 151
81d882d5
DS		 152 /**
153 * Key id for this key_state, inherited from struct tls_session.
154 * @see tls_session::key_id.
155 */
156 int key_id;
67d8a0d4 157
81d882d5 158 struct key_state_ssl ks_ssl; /* contains SSL object and BIOs for the control channel */
67d8a0d4 159
81d882d5
DS		 160 time_t established; /* when our state went S_ACTIVE */
161 time_t must_negotiate; /* key negotiation times out if not finished before this time */
162 time_t must_die; /* this object is destroyed at this time */
67d8a0d4 163
81d882d5
DS		 164 int initial_opcode; /* our initial P_ opcode */
165 struct session_id session_id_remote; /* peer's random session ID */
166 struct link_socket_actual remote_addr; /* peer's IP addr */
67d8a0d4 167
81d882d5 168 struct crypto_options crypto_options;/* data channel crypto options */
67d8a0d4 169
81d882d5 170 struct key_source2 *key_src; /* source entropy for key expansion */
67d8a0d4 171
81d882d5
DS		 172 struct buffer plaintext_read_buf;
173 struct buffer plaintext_write_buf;
174 struct buffer ack_write_buf;
67d8a0d4 175
81d882d5
DS		 176 struct reliable *send_reliable; /* holds a copy of outgoing packets until ACK received */
177 struct reliable *rec_reliable; /* order incoming ciphertext packets before we pass to TLS */
178 struct reliable_ack *rec_ack; /* buffers all packet IDs we want to ACK back to sender */
67d8a0d4 179
81d882d5 180 struct buffer_list *paybuf;
67d8a0d4 181
81d882d5
DS		 182 counter_type n_bytes; /* how many bytes sent/recvd since last key exchange */
183 counter_type n_packets; /* how many packets sent/recvd since last key exchange */
67d8a0d4 184
81d882d5
DS		 185 /*
186 * If bad username/password, TLS connection will come up but 'authenticated' will be false.
187 */
188 bool authenticated;
189 time_t auth_deferred_expire;
67d8a0d4
AJ		 190
191#ifdef ENABLE_DEF_AUTH
81d882d5
DS		 192 /* If auth_deferred is true, authentication is being deferred */
193 bool auth_deferred;
67d8a0d4 194#ifdef MANAGEMENT_DEF_AUTH
81d882d5
DS		 195 unsigned int mda_key_id;
196 unsigned int mda_status;
67d8a0d4
AJ		 197#endif
198#ifdef PLUGIN_DEF_AUTH
81d882d5
DS		 199 unsigned int auth_control_status;
200 time_t acf_last_mod;
201 char *auth_control_file;
67d8a0d4
AJ		 202#endif
203#endif
204};
205
c6e24fa3
SK		 206/** Control channel wrapping (--tls-auth/--tls-crypt) context */
207struct tls_wrap_ctx
208{
81d882d5
DS		 209 enum {
210 TLS_WRAP_NONE = 0, /**< No control channel wrapping */
211 TLS_WRAP_AUTH, /**< Control channel authentication */
212 TLS_WRAP_CRYPT, /**< Control channel encryption and authentication */
213 } mode; /**< Control channel wrapping mode */
214 struct crypto_options opt; /**< Crypto state */
215 struct buffer work; /**< Work buffer (only for --tls-crypt) */
19dffdbd
SK		 216 struct key_ctx tls_crypt_v2_server_key; /**< Decrypts client keys */
217 const struct buffer *tls_crypt_v2_wkc; /**< Wrapped client key,
218 sent to server */
219 struct buffer tls_crypt_v2_metadata; /**< Received from client */
220 bool cleanup_key_ctx; /**< opt.key_ctx_bi is owned by
221 this context */
c6e24fa3
SK		 222};
223
67d8a0d4
AJ		 224/*
225 * Our const options, obtained directly or derived from
226 * command line options.
227 */
228struct tls_options
229{
81d882d5
DS		 230 /* our master TLS context from which all SSL objects derived */
231 struct tls_root_ctx ssl_ctx;
67d8a0d4 232
81d882d5
DS		 233 /* data channel cipher, hmac, and key lengths */
234 struct key_type key_type;
67d8a0d4 235
81d882d5
DS		 236 /* true if we are a TLS server, client otherwise */
237 bool server;
67d8a0d4 238
81d882d5
DS		 239 /* if true, don't xmit until first packet from peer is received */
240 bool xmit_hold;
67d8a0d4
AJ		 241
242#ifdef ENABLE_OCC
81d882d5
DS		 243 /* local and remote options strings
244 * that must match between client and server */
245 const char *local_options;
246 const char *remote_options;
67d8a0d4
AJ		 247#endif
248
81d882d5
DS		 249 /* from command line */
250 int key_method;
251 bool replay;
252 bool single_session;
67d8a0d4 253#ifdef ENABLE_OCC
81d882d5 254 bool disable_occ;
67d8a0d4 255#endif
81d882d5
DS		 256 int mode;
257 bool pull;
81d882d5 258 int push_peer_info_detail;
81d882d5
DS		 259 int transition_window;
260 int handshake_window;
261 interval_t packet_timeout;
262 int renegotiate_bytes;
263 int renegotiate_packets;
264 interval_t renegotiate_seconds;
265
266 /* cert verification parms */
267 const char *verify_command;
268 const char *verify_export_cert;
269 int verify_x509_type;
270 const char *verify_x509_name;
271 const char *crl_file;
272 const char *crl_file_inline;
273 int ns_cert_type;
274 unsigned remote_cert_ku[MAX_PARMS];
275 const char *remote_cert_eku;
276 uint8_t *verify_hash;
2193d7c0 277 hash_algo_type verify_hash_algo;
81d882d5
DS		 278 char *x509_username_field;
279
280 /* allow openvpn config info to be
281 * passed over control channel */
282 bool pass_config_info;
283
284 /* struct crypto_option flags */
285 unsigned int crypto_flags;
286
287 int replay_window; /* --replay-window parm */
288 int replay_time; /* --replay-window parm */
289 bool tcp_mode;
290
291 const char *config_ciphername;
292 const char *config_authname;
293 bool ncp_enabled;
294
283290bf 295 bool tls_crypt_v2;
ff931c5e 296 const char *tls_crypt_v2_verify_script;
283290bf 297
81d882d5
DS		 298 /** TLS handshake wrapping state */
299 struct tls_wrap_ctx tls_wrap;
300
301 /* frame parameters for TLS control channel */
302 struct frame frame;
303
304 /* used for username/password authentication */
305 const char *auth_user_pass_verify_script;
306 bool auth_user_pass_verify_script_via_file;
307 const char *tmp_dir;
308 const char *auth_user_pass_file;
309 bool auth_token_generate; /**< Generate auth-tokens on successful user/pass auth,
58066d04 310 * set via options->auth_token_generate. */
81d882d5 311 unsigned int auth_token_lifetime;
67d8a0d4 312
81d882d5
DS		 313 /* use the client-config-dir as a positive authenticator */
314 const char *client_config_dir_exclusive;
67d8a0d4 315
81d882d5
DS		 316 /* instance-wide environment variable set */
317 struct env_set *es;
318 const struct plugin_list *plugins;
67d8a0d4 319
81d882d5 320 /* compression parms */
38d96bd7 321#ifdef USE_COMP
81d882d5 322 struct compress_options comp_options;
38d96bd7
JY		 323#endif
324
81d882d5
DS		 325 /* configuration file SSL-related boolean and low-permutation options */
326#define SSLF_CLIENT_CERT_NOT_REQUIRED (1<<0)
327#define SSLF_CLIENT_CERT_OPTIONAL (1<<1)
328#define SSLF_USERNAME_AS_COMMON_NAME (1<<2)
329#define SSLF_AUTH_USER_PASS_OPTIONAL (1<<3)
330#define SSLF_OPT_VERIFY (1<<4)
331#define SSLF_CRL_VERIFY_DIR (1<<5)
332#define SSLF_TLS_VERSION_MIN_SHIFT 6
333#define SSLF_TLS_VERSION_MIN_MASK 0xF /* (uses bit positions 6 to 9) */
334#define SSLF_TLS_VERSION_MAX_SHIFT 10
335#define SSLF_TLS_VERSION_MAX_MASK 0xF /* (uses bit positions 10 to 13) */
336 unsigned int ssl_flags;
67d8a0d4
AJ		 337
338#ifdef MANAGEMENT_DEF_AUTH
81d882d5 339 struct man_def_auth_context *mda_context;
67d8a0d4
AJ		 340#endif
341
81d882d5 342 const struct x509_track *x509_track;
67d8a0d4 343
66b9409b 344#ifdef ENABLE_MANAGEMENT
81d882d5 345 const struct static_challenge_info *sci;
67d8a0d4
AJ		 346#endif
347
81d882d5
DS		 348 /* --gremlin bits */
349 int gremlin;
685e486e 350
81d882d5
DS		 351 /* Keying Material Exporter [RFC 5705] parameters */
352 const char *ekm_label;
353 size_t ekm_label_size;
354 size_t ekm_size;
67d8a0d4
AJ		 355};
356
49620510
AJ		 357/** @addtogroup control_processor
358 * @{ */
359/** @name Index of key_state objects within a tls_session structure
360 *
361 * This is the index of \c tls_session.key
362 *
363 * @{ */
364#define KS_PRIMARY 0 /**< Primary %key state index. */
365#define KS_LAME_DUCK 1 /**< %Key state index that will retire
366 * soon. */
367#define KS_SIZE 2 /**< Size of the \c tls_session.key array. */
368/** @} name Index of key_state objects within a tls_session structure */
369/** @} addtogroup control_processor */
370
270dc911
DS		 371#define AUTH_TOKEN_SIZE 32 /**< Size of server side generated auth tokens.
372 * 32 bytes == 256 bits
373 */
49620510
AJ		 374
375/**
376 * Security parameter state of a single session within a VPN tunnel.
377 * @ingroup control_processor
378 *
379 * This structure represents an OpenVPN peer-to-peer control channel
380 * session.
381 *
382 * A \c tls_session remains over soft resets, but a new instance is
383 * initialized for each hard reset.
384 *
385 * @see
386 * - This structure should be initialized using the \c tls_session_init()
387 * function.
388 * - This structure should be cleaned up using the \c tls_session_free()
389 * function.
390 */
391struct tls_session
392{
81d882d5
DS		 393 /* const options and config info */
394 struct tls_options *opt;
49620510 395
81d882d5
DS		 396 /* during hard reset used to control burst retransmit */
397 bool burst;
49620510 398
81d882d5
DS		 399 /* authenticate control packets */
400 struct tls_wrap_ctx tls_wrap;
49620510 401
81d882d5
DS		 402 int initial_opcode; /* our initial P_ opcode */
403 struct session_id session_id; /* our random session ID */
97894360 404
81d882d5
DS		 405 /**
406 * The current active key id, used to keep track of renegotiations.
407 * key_id increments with each soft reset to KEY_ID_MASK then recycles back
408 * to 1. This way you know that if key_id is 0, it is the first key.
409 */
410 int key_id;
49620510 411
81d882d5 412 int limit_next; /* used for traffic shaping on the control channel */
49620510 413
81d882d5 414 int verify_maxlevel;
49620510 415
81d882d5 416 char *common_name;
49620510 417
81d882d5 418 struct cert_hash_set *cert_hash_set;
49620510
AJ		 419
420#ifdef ENABLE_PF
81d882d5 421 uint32_t common_name_hashval;
49620510
AJ		 422#endif
423
81d882d5 424 bool verified; /* true if peer certificate was verified against CA */
49620510 425
81d882d5
DS		 426 /* not-yet-authenticated incoming client */
427 struct link_socket_actual untrusted_addr;
49620510 428
81d882d5 429 struct key_state key[KS_SIZE];
49620510
AJ		 430};
431
432/** @addtogroup control_processor
433 * @{ */
434/** @name Index of tls_session objects within a tls_multi structure
435 *
436 * This is the index of \c tls_multi.session
437 *
438 * Normally three tls_session objects are maintained by an active openvpn
439 * session. The first is the current, TLS authenticated session, the
440 * second is used to process connection requests from a new client that
441 * would usurp the current session if successfully authenticated, and the
442 * third is used as a repository for a "lame-duck" %key in the event that
443 * the primary session resets due to error while the lame-duck %key still
444 * has time left before its expiration. Lame duck keys are used to
445 * maintain the continuity of the data channel connection while a new %key
446 * is being negotiated.
447 *
448 * @{ */
449#define TM_ACTIVE 0 /**< Active \c tls_session. */
450#define TM_UNTRUSTED 1 /**< As yet un-trusted \c tls_session
451 * being negotiated. */
452#define TM_LAME_DUCK 2 /**< Old \c tls_session. */
453#define TM_SIZE 3 /**< Size of the \c tls_multi.session
454 * array. */
455/** @} name Index of tls_session objects within a tls_multi structure */
456/** @} addtogroup control_processor */
457
458
459/*
460 * The number of keys we will scan on encrypt or decrypt. The first
461 * is the "active" key. The second is the lame_duck or retiring key
462 * associated with the active key's session ID. The third is a detached
463 * lame duck session that only occurs in situations where a key renegotiate
464 * failed on the active key, but a lame duck key was still valid. By
465 * preserving the lame duck session, we can be assured of having a data
466 * channel key available even when network conditions are so bad that
467 * we can't negotiate a new key within the time allotted.
468 */
469#define KEY_SCAN_SIZE 3
470
471
472/**
473 * Security parameter state for a single VPN tunnel.
474 * @ingroup control_processor
475 *
476 * An active VPN tunnel running with TLS enabled has one \c tls_multi
477 * object, in which it stores all control channel and data channel
478 * security parameter state. This structure can contain multiple,
479 * possibly simultaneously active, \c tls_context objects to allow for
480 * interruption-less transitions during session renegotiations. Each \c
481 * tls_context represents one control channel session, which can span
482 * multiple data channel security parameter sessions stored in \c
483 * key_state structures.
484 */
485struct tls_multi
486{
81d882d5
DS		 487 /* used to coordinate access between main thread and TLS thread */
488 /*MUTEX_PTR_DEFINE (mutex);*/
489
490 /* const options and config info */
491 struct tls_options opt;
492
493 struct key_state *key_scan[KEY_SCAN_SIZE];
494 /**< List of \c key_state objects in the
495 * order they should be scanned by data
496 * channel modules. */
497
498 /*
499 * used by tls_pre_encrypt to communicate the encrypt key
500 * to tls_post_encrypt()
501 */
502 struct key_state *save_ks; /* temporary pointer used between pre/post routines */
503
504 /*
505 * Used to return outgoing address from
506 * tls_multi_process.
507 */
508 struct link_socket_actual to_link_addr;
509
510 int n_sessions; /**< Number of sessions negotiated thus
49620510
AJ		 511 * far. */
512
81d882d5
DS		 513 /*
514 * Number of errors.
515 */
516 int n_hard_errors; /* errors due to TLS negotiation failure */
517 int n_soft_errors; /* errors due to unrecognized or failed-to-authenticate incoming packets */
49620510 518
81d882d5
DS		 519 /*
520 * Our locked common name, username, and cert hashes (cannot change during the life of this tls_multi object)
521 */
522 char *locked_cn;
523 char *locked_username;
524 struct cert_hash_set *locked_cert_hash_set;
49620510
AJ		 525
526#ifdef ENABLE_DEF_AUTH
81d882d5
DS		 527 /*
528 * An error message to send to client on AUTH_FAILED
529 */
530 char *client_reason;
49620510 531
81d882d5
DS		 532 /* Time of last call to tls_authentication_status */
533 time_t tas_last;
a8be7379
GD		 534#endif
535
1eb9a127 536#if P2MP_SERVER
81d882d5
DS		 537 /*
538 * A multi-line string of general-purpose info received from peer
539 * over control channel.
540 */
541 char *peer_info;
49620510
AJ		 542#endif
543
81d882d5
DS		 544 /* For P_DATA_V2 */
545 uint32_t peer_id;
546 bool use_peer_id;
65eedc35 547
81d882d5 548 char *remote_ciphername; /**< cipher specified in peer's config file */
6e5ad2fa 549
81d882d5 550 char *auth_token; /**< If server sends a generated auth-token,
270dc911
DS		 551 * this is the token to use for future
552 * user/pass authentications in this session.
553 */
81d882d5
DS		 554 time_t auth_token_tstamp; /**< timestamp of the generated token */
555 bool auth_token_sent; /**< If server uses --auth-gen-token and
556 * token has been sent to client */
557 /*
558 * Our session objects.
559 */
560 struct tls_session session[TM_SIZE];
561 /**< Array of \c tls_session objects
562 * representing control channel
563 * sessions with the remote peer. */
49620510
AJ		 564};
565
9a160b79 566#endif /* SSL_COMMON_H_ */
Mirror of https://github.com/OpenVPN/openvpn.git