Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Newer
Older
100644 975 lines (822 sloc) 32.256 kb
6fbf66f This is the start of the BETA21 branch.
james authored
1 /*
2 * OpenVPN -- An application to securely tunnel IP networks
3 * over a single TCP/UDP port, with support for SSL/TLS-based
4 * session authentication and key exchange,
5 * packet encryption, packet authentication, and
6 * packet compression.
7 *
564a210 @jamesyonan Updated copyright date to 2010.
jamesyonan authored
8 * Copyright (C) 2002-2010 OpenVPN Technologies, Inc. <sales@openvpn.net>
ad858d7 @andj Refactored SSL initialisation functions
authored
9 * Copyright (C) 2010 Fox Crypto B.V. <openvpn@fox-it.com>
6fbf66f This is the start of the BETA21 branch.
james authored
10 *
11 * This program is free software; you can redistribute it and/or modify
12 * it under the terms of the GNU General Public License version 2
13 * as published by the Free Software Foundation.
14 *
15 * This program is distributed in the hope that it will be useful,
16 * but WITHOUT ANY WARRANTY; without even the implied warranty of
17 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 * GNU General Public License for more details.
19 *
20 * You should have received a copy of the GNU General Public License
21 * along with this program (see the file COPYING included with this
22 * distribution); if not, write to the Free Software Foundation, Inc.,
23 * 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
24 */
25
a0bdbdc @andj Added control channel crypto docs
authored
26 /**
ad858d7 @andj Refactored SSL initialisation functions
authored
27 * @file Control Channel SSL/Data channel negotiation module
a0bdbdc @andj Added control channel crypto docs
authored
28 */
29
6fbf66f This is the start of the BETA21 branch.
james authored
30 #ifndef OPENVPN_SSL_H
31 #define OPENVPN_SSL_H
32
33 #if defined(USE_CRYPTO) && defined(USE_SSL)
34
35 #include <openssl/ssl.h>
36 #include <openssl/bio.h>
37 #include <openssl/rand.h>
38 #include <openssl/err.h>
39 #include <openssl/pkcs12.h>
40 #include <openssl/x509v3.h>
41
42 #include "basic.h"
43 #include "common.h"
44 #include "crypto.h"
45 #include "packet_id.h"
46 #include "session_id.h"
47 #include "reliable.h"
48 #include "socket.h"
49 #include "mtu.h"
50 #include "options.h"
51 #include "plugin.h"
52
ad858d7 @andj Refactored SSL initialisation functions
authored
53 #include "ssl_common.h"
54 #include "ssl_verify.h"
55 #include "ssl_backend.h"
6fbf66f This is the start of the BETA21 branch.
james authored
56
57 /* Used in the TLS PRF function */
58 #define KEY_EXPANSION_ID "OpenVPN"
59
60 /* passwords */
61 #define UP_TYPE_AUTH "Auth"
62 #define UP_TYPE_PRIVATE_KEY "Private Key"
63
64 /* packet opcode (high 5 bits) and key-id (low 3 bits) are combined in one byte */
65 #define P_KEY_ID_MASK 0x07
66 #define P_OPCODE_SHIFT 3
67
68 /* packet opcodes -- the V1 is intended to allow protocol changes in the future */
69 #define P_CONTROL_HARD_RESET_CLIENT_V1 1 /* initial key from client, forget previous state */
70 #define P_CONTROL_HARD_RESET_SERVER_V1 2 /* initial key from server, forget previous state */
71 #define P_CONTROL_SOFT_RESET_V1 3 /* new key, graceful transition from old to new key */
72 #define P_CONTROL_V1 4 /* control channel packet (usually TLS ciphertext) */
73 #define P_ACK_V1 5 /* acknowledgement for packets received */
74 #define P_DATA_V1 6 /* data channel packet */
75
76 /* indicates key_method >= 2 */
77 #define P_CONTROL_HARD_RESET_CLIENT_V2 7 /* initial key from client, forget previous state */
78 #define P_CONTROL_HARD_RESET_SERVER_V2 8 /* initial key from server, forget previous state */
79
80 /* define the range of legal opcodes */
81 #define P_FIRST_OPCODE 1
82 #define P_LAST_OPCODE 8
83
a0bdbdc @andj Added control channel crypto docs
authored
84 /** @addtogroup control_processor
85 * @{ */
86 /**
87 * @name Control channel negotiation states
88 *
89 * These states represent the different phases of control channel
90 * negotiation between OpenVPN peers. OpenVPN servers and clients
91 * progress through the states in a different order, because of their
92 * different roles during exchange of random material. The references to
93 * the \c key_source2 structure in the list below is only valid if %key
94 * method 2 is being used. See the \link key_generation data channel key
95 * generation\endlink related page for more information.
96 *
97 * Clients follow this order:
98 * -# \c S_INITIAL, ready to begin three-way handshake and control
99 * channel negotiation.
100 * -# \c S_PRE_START, have started three-way handshake, waiting for
101 * acknowledgment from remote.
102 * -# \c S_START, initial three-way handshake complete.
103 * -# \c S_SENT_KEY, have sent local part of \c key_source2 random
104 * material.
105 * -# \c S_GOT_KEY, have received remote part of \c key_source2 random
106 * material.
107 * -# \c S_ACTIVE, normal operation during remaining handshake window.
108 * -# \c S_NORMAL_OP, normal operation.
109 *
110 * Servers follow the same order, except for \c S_SENT_KEY and \c
111 * S_GOT_KEY being reversed, because the server first receives the
112 * client's \c key_source2 random material before generating and sending
113 * its own.
114 *
115 * @{
6fbf66f This is the start of the BETA21 branch.
james authored
116 */
a0bdbdc @andj Added control channel crypto docs
authored
117 #define S_ERROR -1 /**< Error state. */
118 #define S_UNDEF 0 /**< Undefined state, used after a \c
119 * key_state is cleaned up. */
120 #define S_INITIAL 1 /**< Initial \c key_state state after
121 * initialization by \c key_state_init()
122 * before start of three-way handshake. */
123 #define S_PRE_START 2 /**< Waiting for the remote OpenVPN peer
124 * to acknowledge during the initial
125 * three-way handshake. */
126 #define S_START 3 /**< Three-way handshake is complete,
127 * start of key exchange. */
128 #define S_SENT_KEY 4 /**< Local OpenVPN process has sent its
129 * part of the key material. */
130 #define S_GOT_KEY 5 /**< Local OpenVPN process has received
131 * the remote's part of the key
132 * material. */
133 #define S_ACTIVE 6 /**< Operational \c key_state state
134 * immediately after negotiation has
135 * completed while still within the
136 * handshake window. */
137 /* ready to exchange data channel packets */
138 #define S_NORMAL_OP 7 /**< Normal operational \c key_state
139 * state. */
140 /** @} name Control channel negotiation states */
141 /** @} addtogroup control_processor */
142
6fbf66f This is the start of the BETA21 branch.
james authored
143
a0bdbdc @andj Added control channel crypto docs
authored
144 #define DECRYPT_KEY_ENABLED(multi, ks) ((ks)->state >= (S_GOT_KEY - (multi)->opt.server))
145 /**< Check whether the \a ks \c key_state
146 * is ready to receive data channel
147 * packets.
148 * @ingroup data_crypto
149 *
150 * If true, it is safe to assume that
151 * this session has been authenticated
152 * by TLS.
153 *
154 * @note This macro only works if
155 * S_SENT_KEY + 1 == S_GOT_KEY. */
156
157 /* Should we aggregate TLS
158 * acknowledgements, and tack them onto
159 * control packets? */
6fbf66f This is the start of the BETA21 branch.
james authored
160 #define TLS_AGGREGATE_ACK
161
162 /*
163 * If TLS_AGGREGATE_ACK, set the
164 * max number of acknowledgments that
165 * can "hitch a ride" on an outgoing
166 * non-P_ACK_V1 control packet.
167 */
168 #define CONTROL_SEND_ACK_MAX 4
169
170 /*
171 * Define number of buffers for send and receive in the reliability layer.
172 */
173 #define TLS_RELIABLE_N_SEND_BUFFERS 4 /* also window size for reliablity layer */
174 #define TLS_RELIABLE_N_REC_BUFFERS 8
175
176 /*
177 * Various timeouts
178 */
179
180 #define TLS_MULTI_REFRESH 15 /* call tls_multi_process once every n seconds */
181 #define TLS_MULTI_HORIZON 2 /* call tls_multi_process frequently for n seconds after
182 every packet sent/received action */
183
184 /* The SSL/TLS worker thread will wait at most this many seconds for the interprocess
185 communication pipe to the main thread to be ready to accept writes. */
186 #define TLS_MULTI_THREAD_SEND_TIMEOUT 5
187
344ee91 Support asynchronous/deferred authentication in
james authored
188 /* Interval that tls_multi_process should call tls_authentication_status */
189 #define TLS_MULTI_AUTH_STATUS_INTERVAL 10
190
6fbf66f This is the start of the BETA21 branch.
james authored
191 /*
192 * Buffer sizes (also see mtu.h).
193 */
194
2e8337d Choose a different field in X509 to be username
Emilien Mantel authored
195 /* Maximum length of the username in cert */
196 #define TLS_USERNAME_LEN 64
6fbf66f This is the start of the BETA21 branch.
james authored
197
198 /* Legal characters in an X509 or common name */
199 #define X509_NAME_CHAR_CLASS (CC_ALNUM|CC_UNDERBAR|CC_DASH|CC_DOT|CC_AT|CC_COLON|CC_SLASH|CC_EQUAL)
7686b1c Rewrote extract_x509_field and modified COMMON_NAME_CHAR_CLASS
james authored
200 #define COMMON_NAME_CHAR_CLASS (CC_ALNUM|CC_UNDERBAR|CC_DASH|CC_DOT|CC_AT|CC_SLASH)
6fbf66f This is the start of the BETA21 branch.
james authored
201
202 /* Maximum length of OCC options string passed as part of auth handshake */
203 #define TLS_OPTIONS_LEN 512
204
2e8337d Choose a different field in X509 to be username
Emilien Mantel authored
205 /* Default field in X509 to be username */
206 #define X509_USERNAME_FIELD_DEFAULT "CN"
207
6fbf66f This is the start of the BETA21 branch.
james authored
208 /*
209 * Range of key exchange methods
210 */
211 #define KEY_METHOD_MIN 1
212 #define KEY_METHOD_MAX 2
213
214 /* key method taken from lower 4 bits */
215 #define KEY_METHOD_MASK 0x0F
216
217 /*
218 * Measure success rate of TLS handshakes, for debugging only
219 */
220 /* #define MEASURE_TLS_HANDSHAKE_STATS */
221
222 /*
ec4a500 On server, lock client-provided certs against mid-session TLS
james authored
223 * Keep track of certificate hashes at various depths
224 */
225
226 /* Maximum certificate depth we will allow */
b9437c6 Increase MAX_CERT_DEPTH to 16 (from 8), and when exceeded,
james authored
227 #define MAX_CERT_DEPTH 16
ec4a500 On server, lock client-provided certs against mid-session TLS
james authored
228
229 struct cert_hash {
230 unsigned char sha1_hash[SHA_DIGEST_LENGTH];
231 };
232
233 struct cert_hash_set {
234 struct cert_hash *ch[MAX_CERT_DEPTH];
235 };
ad858d7 @andj Refactored SSL initialisation functions
authored
236 /*
237 * Prepare the SSL library for use
238 */
239 void init_ssl_lib (void);
240
241 /*
242 * Free any internal state that the SSL library might have
243 */
244 void free_ssl_lib (void);
ec4a500 On server, lock client-provided certs against mid-session TLS
james authored
245
a0bdbdc @andj Added control channel crypto docs
authored
246 /**
247 * Container for one half of random material to be used in %key method 2
248 * \ref key_generation "data channel key generation".
249 * @ingroup control_processor
6fbf66f This is the start of the BETA21 branch.
james authored
250 */
251 struct key_source {
a0bdbdc @andj Added control channel crypto docs
authored
252 uint8_t pre_master[48]; /**< Random used for master secret
253 * generation, provided only by client
254 * OpenVPN peer. */
255 uint8_t random1[32]; /**< Seed used for master secret
256 * generation, provided by both client
257 * and server. */
258 uint8_t random2[32]; /**< Seed used for key expansion, provided
259 * by both client and server. */
6fbf66f This is the start of the BETA21 branch.
james authored
260 };
261
a0bdbdc @andj Added control channel crypto docs
authored
262
263 /**
264 * Container for both halves of random material to be used in %key method
265 * 2 \ref key_generation "data channel key generation".
266 * @ingroup control_processor
267 */
6fbf66f This is the start of the BETA21 branch.
james authored
268 struct key_source2 {
a0bdbdc @andj Added control channel crypto docs
authored
269 struct key_source client; /**< Random provided by client. */
270 struct key_source server; /**< Random provided by server. */
6fbf66f This is the start of the BETA21 branch.
james authored
271 };
272
a0bdbdc @andj Added control channel crypto docs
authored
273 /**
274 * Security parameter state of one TLS and data channel %key session.
275 * @ingroup control_processor
276 *
277 * This structure represents one security parameter session between
278 * OpenVPN peers. It includes the control channel TLS state and the data
279 * channel crypto state. It also contains the reliability layer
280 * structures used for control channel messages.
281 *
282 * A new \c key_state structure is initialized for each hard or soft
283 * reset.
284 *
285 * @see
286 * - This structure should be initialized using the \c key_state_init()
287 * function.
288 * - This structure should be cleaned up using the \c key_state_free()
289 * function.
6fbf66f This is the start of the BETA21 branch.
james authored
290 */
291 struct key_state
292 {
293 int state;
294 int key_id; /* inherited from struct tls_session below */
295
296 SSL *ssl; /* SSL object -- new obj created for each new key */
297 BIO *ssl_bio; /* read/write plaintext from here */
298 BIO *ct_in; /* write ciphertext to here */
299 BIO *ct_out; /* read ciphertext from here */
300
301 time_t established; /* when our state went S_ACTIVE */
302 time_t must_negotiate; /* key negotiation times out if not finished before this time */
303 time_t must_die; /* this object is destroyed at this time */
304
305 int initial_opcode; /* our initial P_ opcode */
8bc93d7 svn merge -r 618:619 $SO/patches/openvpn-2-0_rc16-mh/openvpn
james authored
306 struct session_id session_id_remote; /* peer's random session ID */
307 struct link_socket_actual remote_addr; /* peer's IP addr */
6fbf66f This is the start of the BETA21 branch.
james authored
308 struct packet_id packet_id; /* for data channel, to prevent replay attacks */
309
310 struct key_ctx_bi key; /* data channel keys for encrypt/decrypt/hmac */
311
312 struct key_source2 *key_src; /* source entropy for key expansion */
313
314 struct buffer plaintext_read_buf;
315 struct buffer plaintext_write_buf;
316 struct buffer ack_write_buf;
317
318 struct reliable *send_reliable; /* holds a copy of outgoing packets until ACK received */
319 struct reliable *rec_reliable; /* order incoming ciphertext packets before we pass to TLS */
320 struct reliable_ack *rec_ack; /* buffers all packet IDs we want to ACK back to sender */
321
dc85dae @jamesyonan Fixed an issue where application payload transmissions on the
jamesyonan authored
322 struct buffer_list *paybuf;
323
41104b4 @dsommers Make use of counter_type instead of int when counting bytes and network ...
dsommers authored
324 counter_type n_bytes; /* how many bytes sent/recvd since last key exchange */
325 counter_type n_packets; /* how many packets sent/recvd since last key exchange */
6fbf66f This is the start of the BETA21 branch.
james authored
326
327 /*
328 * If bad username/password, TLS connection will come up but 'authenticated' will be false.
329 */
330 bool authenticated;
47ae845 Incremented version to 2.1_rc7d.
james authored
331 time_t auth_deferred_expire;
344ee91 Support asynchronous/deferred authentication in
james authored
332
47ae845 Incremented version to 2.1_rc7d.
james authored
333 #ifdef ENABLE_DEF_AUTH
344ee91 Support asynchronous/deferred authentication in
james authored
334 /* If auth_deferred is true, authentication is being deferred */
335 bool auth_deferred;
90efcac Updated version to 2.1_rc7e.
james authored
336 #ifdef MANAGEMENT_DEF_AUTH
337 unsigned int mda_key_id;
338 unsigned int mda_status;
339 #endif
340 #ifdef PLUGIN_DEF_AUTH
341 unsigned int auth_control_status;
47ae845 Incremented version to 2.1_rc7d.
james authored
342 time_t acf_last_mod;
343 char *auth_control_file;
90efcac Updated version to 2.1_rc7e.
james authored
344 #endif
47ae845 Incremented version to 2.1_rc7d.
james authored
345 #endif
6fbf66f This is the start of the BETA21 branch.
james authored
346 };
347
9356bae @jamesyonan Added --x509-track option.
jamesyonan authored
348 #ifdef ENABLE_X509_TRACK
349
350 struct x509_track
351 {
352 const struct x509_track *next;
353 const char *name;
354 # define XT_FULL_CHAIN (1<<0)
355 unsigned int flags;
356 int nid;
357 };
358
359 void x509_track_add (const struct x509_track **ll_head, const char *name, int msglevel, struct gc_arena *gc);
360
361 #endif
362
6fbf66f This is the start of the BETA21 branch.
james authored
363 /*
364 * Our const options, obtained directly or derived from
365 * command line options.
366 */
367 struct tls_options
368 {
369 /* our master SSL_CTX from which all SSL objects derived */
370 SSL_CTX *ssl_ctx;
371
372 /* data channel cipher, hmac, and key lengths */
373 struct key_type key_type;
374
375 /* true if we are a TLS server, client otherwise */
376 bool server;
377
6add6b2 Added --port-share option for allowing OpenVPN and HTTPS
james authored
378 /* if true, don't xmit until first packet from peer is received */
379 bool xmit_hold;
380
6fbf66f This is the start of the BETA21 branch.
james authored
381 #ifdef ENABLE_OCC
382 /* local and remote options strings
383 that must match between client and server */
384 const char *local_options;
385 const char *remote_options;
386 #endif
387
388 /* from command line */
389 int key_method;
390 bool replay;
391 bool single_session;
392 #ifdef ENABLE_OCC
393 bool disable_occ;
394 #endif
aaf7297 @jamesyonan Implemented a key/value auth channel from client to server.
jamesyonan authored
395 #ifdef ENABLE_PUSH_PEER_INFO
396 bool push_peer_info;
397 #endif
6fbf66f This is the start of the BETA21 branch.
james authored
398 int transition_window;
399 int handshake_window;
400 interval_t packet_timeout;
401 int renegotiate_bytes;
402 int renegotiate_packets;
403 interval_t renegotiate_seconds;
404
405 /* cert verification parms */
406 const char *verify_command;
39238d1 enhance tls-verify possibility
Mathieu GIANNECCHINI authored
407 const char *verify_export_cert;
6fbf66f This is the start of the BETA21 branch.
james authored
408 const char *verify_x509name;
409 const char *crl_file;
410 int ns_cert_type;
411e89a Merged --remote-cert-ku, --remote-cert-eku, and
james authored
411 unsigned remote_cert_ku[MAX_PARMS];
412 const char *remote_cert_eku;
7966d75 @jamesyonan Added new "extra-certs" and "verify-hash" options (see man page for
jamesyonan authored
413 uint8_t *verify_hash;
6fbf66f This is the start of the BETA21 branch.
james authored
414
415 /* allow openvpn config info to be
416 passed over control channel */
417 bool pass_config_info;
418
419 /* struct crypto_option flags */
420 unsigned int crypto_flags_and;
421 unsigned int crypto_flags_or;
422
423 int replay_window; /* --replay-window parm */
424 int replay_time; /* --replay-window parm */
4d453a1 @jamesyonan Fixed bug that incorrectly placed stricter TCP packet replay rules on
jamesyonan authored
425 bool tcp_mode;
6fbf66f This is the start of the BETA21 branch.
james authored
426
427 /* packet authentication for TLS handshake */
428 struct crypto_options tls_auth;
429 struct key_ctx_bi tls_auth_key;
430
431 /* frame parameters for TLS control channel */
432 struct frame frame;
433
434 /* used for username/password authentication */
435 const char *auth_user_pass_verify_script;
436 bool auth_user_pass_verify_script_via_file;
437 const char *tmp_dir;
438
439 /* use the client-config-dir as a positive authenticator */
440 const char *client_config_dir_exclusive;
441
442 /* instance-wide environment variable set */
443 struct env_set *es;
444 const struct plugin_list *plugins;
445
24ce3b2 Added server-side --auth-user-pass-optional directive, to allow
james authored
446 /* configuration file boolean options */
447 # define SSLF_CLIENT_CERT_NOT_REQUIRED (1<<0)
448 # define SSLF_USERNAME_AS_COMMON_NAME (1<<1)
449 # define SSLF_AUTH_USER_PASS_OPTIONAL (1<<2)
ed30424 Added --no-name-remapping option to allow Common Name, X509 Subject,
james authored
450 # define SSLF_NO_NAME_REMAPPING (1<<3)
09cc9c8 Added server-side --opt-verify option: clients that connect
james authored
451 # define SSLF_OPT_VERIFY (1<<4)
d549726 @jamesyonan Added 'dir' flag to "crl-verify" (see man page for info).
jamesyonan authored
452 # define SSLF_CRL_VERIFY_DIR (1<<5)
24ce3b2 Added server-side --auth-user-pass-optional directive, to allow
james authored
453 unsigned int ssl_flags;
454
90efcac Updated version to 2.1_rc7e.
james authored
455 #ifdef MANAGEMENT_DEF_AUTH
456 struct man_def_auth_context *mda_context;
457 #endif
458
9356bae @jamesyonan Added --x509-track option.
jamesyonan authored
459 #ifdef ENABLE_X509_TRACK
460 const struct x509_track *x509_track;
461 #endif
462
6fbf66f This is the start of the BETA21 branch.
james authored
463 /* --gremlin bits */
464 int gremlin;
465 };
466
467
a0bdbdc @andj Added control channel crypto docs
authored
468 /** @addtogroup control_processor
469 * @{ */
470 /** @name Index of key_state objects within a tls_session structure
471 *
472 * This is the index of \c tls_session.key
473 *
474 * @{ */
475 #define KS_PRIMARY 0 /**< Primary %key state index. */
476 #define KS_LAME_DUCK 1 /**< %Key state index that will retire
477 * soon. */
478 #define KS_SIZE 2 /**< Size of the \c tls_session.key array. */
479 /** @} name Index of key_state objects within a tls_session structure */
480 /** @} addtogroup control_processor */
481
482
483 /**
484 * Security parameter state of a single session within a VPN tunnel.
485 * @ingroup control_processor
486 *
487 * This structure represents an OpenVPN peer-to-peer control channel
488 * session.
489 *
490 * A \c tls_session remains over soft resets, but a new instance is
491 * initialized for each hard reset.
492 *
493 * @see
494 * - This structure should be initialized using the \c tls_session_init()
495 * function.
496 * - This structure should be cleaned up using the \c tls_session_free()
497 * function.
6fbf66f This is the start of the BETA21 branch.
james authored
498 */
499 struct tls_session
500 {
501 /* const options and config info */
502 const struct tls_options *opt;
503
504 /* during hard reset used to control burst retransmit */
505 bool burst;
506
507 /* authenticate control packets */
508 struct crypto_options tls_auth;
509 struct packet_id tls_auth_pid;
510
511 int initial_opcode; /* our initial P_ opcode */
512 struct session_id session_id; /* our random session ID */
513 int key_id; /* increments with each soft reset (for key renegotiation) */
514
515 int limit_next; /* used for traffic shaping on the control channel */
516
517 int verify_maxlevel;
518
519 char *common_name;
47ae845 Incremented version to 2.1_rc7d.
james authored
520
ec4a500 On server, lock client-provided certs against mid-session TLS
james authored
521 struct cert_hash_set *cert_hash_set;
522
47ae845 Incremented version to 2.1_rc7d.
james authored
523 #ifdef ENABLE_PF
524 uint32_t common_name_hashval;
525 #endif
526
6fbf66f This is the start of the BETA21 branch.
james authored
527 bool verified; /* true if peer certificate was verified against CA */
528
529 /* not-yet-authenticated incoming client */
8bc93d7 svn merge -r 618:619 $SO/patches/openvpn-2-0_rc16-mh/openvpn
james authored
530 struct link_socket_actual untrusted_addr;
6fbf66f This is the start of the BETA21 branch.
james authored
531
532 struct key_state key[KS_SIZE];
533 };
534
a0bdbdc @andj Added control channel crypto docs
authored
535
536
537 /** @addtogroup control_processor
538 * @{ */
539 /** @name Index of tls_session objects within a tls_multi structure
540 *
541 * This is the index of \c tls_multi.session
542 *
543 * Normally three tls_session objects are maintained by an active openvpn
544 * session. The first is the current, TLS authenticated session, the
545 * second is used to process connection requests from a new client that
546 * would usurp the current session if successfully authenticated, and the
547 * third is used as a repository for a "lame-duck" %key in the event that
548 * the primary session resets due to error while the lame-duck %key still
549 * has time left before its expiration. Lame duck keys are used to
550 * maintain the continuity of the data channel connection while a new %key
551 * is being negotiated.
552 *
553 * @{ */
554 #define TM_ACTIVE 0 /**< Active \c tls_session. */
555 #define TM_UNTRUSTED 1 /**< As yet un-trusted \c tls_session
556 * being negotiated. */
557 #define TM_LAME_DUCK 2 /**< Old \c tls_session. */
558 #define TM_SIZE 3 /**< Size of the \c tls_multi.session
559 * array. */
560 /** @} name Index of tls_session objects within a tls_multi structure */
561 /** @} addtogroup control_processor */
562
6fbf66f This is the start of the BETA21 branch.
james authored
563
564 /*
565 * The number of keys we will scan on encrypt or decrypt. The first
566 * is the "active" key. The second is the lame_duck or retiring key
567 * associated with the active key's session ID. The third is a detached
568 * lame duck session that only occurs in situations where a key renegotiate
569 * failed on the active key, but a lame duck key was still valid. By
570 * preserving the lame duck session, we can be assured of having a data
571 * channel key available even when network conditions are so bad that
572 * we can't negotiate a new key within the time allotted.
573 */
574 #define KEY_SCAN_SIZE 3
575
a0bdbdc @andj Added control channel crypto docs
authored
576
577 /**
578 * Security parameter state for a single VPN tunnel.
579 * @ingroup control_processor
580 *
581 * An active VPN tunnel running with TLS enabled has one \c tls_multi
582 * object, in which it stores all control channel and data channel
583 * security parameter state. This structure can contain multiple,
584 * possibly simultaneously active, \c tls_context objects to allow for
585 * interruption-less transitions during session renegotiations. Each \c
586 * tls_context represents one control channel session, which can span
587 * multiple data channel security parameter sessions stored in \c
588 * key_state structures.
6fbf66f This is the start of the BETA21 branch.
james authored
589 */
590 struct tls_multi
591 {
592 /* const options and config info */
593 struct tls_options opt;
594
595 struct key_state* key_scan[KEY_SCAN_SIZE];
a0bdbdc @andj Added control channel crypto docs
authored
596 /**< List of \c key_state objects in the
597 * order they should be scanned by data
598 * channel modules. */
6fbf66f This is the start of the BETA21 branch.
james authored
599
600 /*
601 * used by tls_pre_encrypt to communicate the encrypt key
602 * to tls_post_encrypt()
603 */
604 struct key_state *save_ks; /* temporary pointer used between pre/post routines */
605
606 /*
8bc93d7 svn merge -r 618:619 $SO/patches/openvpn-2-0_rc16-mh/openvpn
james authored
607 * Used to return outgoing address from
608 * tls_multi_process.
609 */
610 struct link_socket_actual to_link_addr;
611
a0bdbdc @andj Added control channel crypto docs
authored
612 int n_sessions; /**< Number of sessions negotiated thus
613 * far. */
6fbf66f This is the start of the BETA21 branch.
james authored
614
615 /*
616 * Number of errors.
617 */
618 int n_hard_errors; /* errors due to TLS negotiation failure */
619 int n_soft_errors; /* errors due to unrecognized or failed-to-authenticate incoming packets */
620
621 /*
ec4a500 On server, lock client-provided certs against mid-session TLS
james authored
622 * Our locked common name, username, and cert hashes (cannot change during the life of this tls_multi object)
6fbf66f This is the start of the BETA21 branch.
james authored
623 */
624 char *locked_cn;
71b557b On server, lock session username against changes in mid-session TLS
james authored
625 char *locked_username;
ec4a500 On server, lock client-provided certs against mid-session TLS
james authored
626 struct cert_hash_set *locked_cert_hash_set;
6fbf66f This is the start of the BETA21 branch.
james authored
627
47ae845 Incremented version to 2.1_rc7d.
james authored
628 #ifdef ENABLE_DEF_AUTH
5733ef6 Added the ability for the server to provide a custom reason string
james authored
629 /*
630 * An error message to send to client on AUTH_FAILED
631 */
632 char *client_reason;
633
aaf7297 @jamesyonan Implemented a key/value auth channel from client to server.
jamesyonan authored
634 /*
635 * A multi-line string of general-purpose info received from peer
636 * over control channel.
637 */
638 char *peer_info;
639
344ee91 Support asynchronous/deferred authentication in
james authored
640 /* Time of last call to tls_authentication_status */
641 time_t tas_last;
47ae845 Incremented version to 2.1_rc7d.
james authored
642 #endif
344ee91 Support asynchronous/deferred authentication in
james authored
643
6fbf66f This is the start of the BETA21 branch.
james authored
644 /*
645 * Our session objects.
646 */
647 struct tls_session session[TM_SIZE];
a0bdbdc @andj Added control channel crypto docs
authored
648 /**< Array of \c tls_session objects
649 * representing control channel
650 * sessions with the remote peer. */
6fbf66f This is the start of the BETA21 branch.
james authored
651 };
652
653 /*
654 * Used in --mode server mode to check tls-auth signature on initial
655 * packets received from new clients.
656 */
657 struct tls_auth_standalone
658 {
659 struct key_ctx_bi tls_auth_key;
660 struct crypto_options tls_auth_options;
661 struct frame frame;
662 };
663
664 void init_ssl_lib (void);
665 void free_ssl_lib (void);
666
7b0aaa1 @andj Refactored root SSL context initialisation
authored
667 /**
668 * Build master SSL context object that serves for the whole of OpenVPN
669 * instantiation
670 */
671 void init_ssl (const struct options *options, struct tls_root_ctx *ctx);
6fbf66f This is the start of the BETA21 branch.
james authored
672
673 struct tls_multi *tls_multi_init (struct tls_options *tls_options);
674
675 struct tls_auth_standalone *tls_auth_standalone_init (struct tls_options *tls_options,
676 struct gc_arena *gc);
677
678 void tls_auth_standalone_finalize (struct tls_auth_standalone *tas,
679 const struct frame *frame);
680
681 void tls_multi_init_finalize(struct tls_multi *multi,
682 const struct frame *frame);
683
684 void tls_multi_init_set_options(struct tls_multi* multi,
685 const char *local,
686 const char *remote);
687
344ee91 Support asynchronous/deferred authentication in
james authored
688 #define TLSMP_INACTIVE 0
689 #define TLSMP_ACTIVE 1
690 #define TLSMP_KILL 2
691 int tls_multi_process (struct tls_multi *multi,
692 struct buffer *to_link,
693 struct link_socket_actual **to_link_addr,
694 struct link_socket_info *to_link_socket_info,
695 interval_t *wakeup);
6fbf66f This is the start of the BETA21 branch.
james authored
696
697 void tls_multi_free (struct tls_multi *multi, bool clear);
698
a0bdbdc @andj Added control channel crypto docs
authored
699
700 /**************************************************************************/
701 /**
702 * Determine whether an incoming packet is a data channel or control
703 * channel packet, and process accordingly.
704 * @ingroup external_multiplexer
705 *
706 * When OpenVPN is in TLS mode, this is the first function to process an
707 * incoming packet. It inspects the packet's one-byte header which
708 * contains the packet's opcode and key ID. Depending on the opcode, the
709 * packet is processed as a data channel or as a control channel packet.
710 *
711 * @par Data channel packets
712 *
713 * If the opcode indicates the packet is a data channel packet, then the
714 * packet's key ID is used to find the local TLS state it is associated
715 * with. This state is checked whether it is active, authenticated, and
716 * its remote peer is the source of this packet. If these checks passed,
717 * the state's security parameters are loaded into the \a opt crypto
718 * options so that \p openvpn_decrypt() can later use them to authenticate
719 * and decrypt the packet.
720 *
721 * This function then returns false. The \a buf buffer has not been
722 * modified, except for removing the header.
723 *
724 * @par Control channel packets
725 *
726 * If the opcode indicates the packet is a control channel packet, then
727 * this function will process it based on its plaintext header. depending
728 * on the packet's opcode and session ID this function determines if it is
729 * destined for an active TLS session, or whether a new TLS session should
730 * be started. This function also initiates data channel session key
731 * renegotiation if the received opcode requests that.
732 *
733 * If the incoming packet is destined for an active TLS session, then the
734 * packet is inserted into the Reliability Layer and will be handled
735 * later.
736 *
737 * @param multi - The TLS multi structure associated with the VPN tunnel
738 * of this packet.
739 * @param from - The source address of the packet.
740 * @param buf - A buffer structure containing the incoming packet.
741 * @param opt - A crypto options structure that will be loaded with the
742 * appropriate security parameters to handle the packet if it is a
743 * data channel packet.
744 *
745 * @return
746 * @li True if the packet is a control channel packet that has been
747 * processed successfully.
748 * @li False if the packet is a data channel packet, or if an error
749 * occurred during processing of a control channel packet.
750 */
6fbf66f This is the start of the BETA21 branch.
james authored
751 bool tls_pre_decrypt (struct tls_multi *multi,
8bc93d7 svn merge -r 618:619 $SO/patches/openvpn-2-0_rc16-mh/openvpn
james authored
752 const struct link_socket_actual *from,
6fbf66f This is the start of the BETA21 branch.
james authored
753 struct buffer *buf,
754 struct crypto_options *opt);
755
a0bdbdc @andj Added control channel crypto docs
authored
756
757 /**************************************************************************/
758 /** @name Functions for managing security parameter state for data channel packets
759 * @{ */
760
761 /**
762 * Inspect an incoming packet for which no VPN tunnel is active, and
763 * determine whether a new VPN tunnel should be created.
764 * @ingroup data_crypto
765 *
766 * This function receives the initial incoming packet from a client that
767 * wishes to establish a new VPN tunnel, and determines the packet is a
768 * valid initial packet. It is only used when OpenVPN is running in
769 * server mode.
770 *
771 * The tests performed by this function are whether the packet's opcode is
772 * correct for establishing a new VPN tunnel, whether its key ID is 0, and
773 * whether its size is not too large. This function also performs the
774 * initial HMAC firewall test, if configured to do so.
775 *
776 * The incoming packet and the local VPN tunnel state are not modified by
777 * this function. Its sole purpose is to inspect the packet and determine
778 * whether a new VPN tunnel should be created. If so, that new VPN tunnel
779 * instance will handle processing of the packet.
780 *
781 * @param tas - The standalone TLS authentication setting structure for
782 * this process.
783 * @param from - The source address of the packet.
784 * @param buf - A buffer structure containing the incoming packet.
785 *
786 * @return
787 * @li True if the packet is valid and a new VPN tunnel should be created
788 * for this client.
789 * @li False if the packet is not valid, did not pass the HMAC firewall
790 * test, or some other error occurred.
791 */
6fbf66f This is the start of the BETA21 branch.
james authored
792 bool tls_pre_decrypt_lite (const struct tls_auth_standalone *tas,
8bc93d7 svn merge -r 618:619 $SO/patches/openvpn-2-0_rc16-mh/openvpn
james authored
793 const struct link_socket_actual *from,
6fbf66f This is the start of the BETA21 branch.
james authored
794 const struct buffer *buf);
795
a0bdbdc @andj Added control channel crypto docs
authored
796
797 /**
798 * Choose the appropriate security parameters with which to process an
799 * outgoing packet.
800 * @ingroup data_crypto
801 *
802 * If no appropriate security parameters can be found, or if some other
803 * error occurs, then the buffer is set to empty.
804 *
805 * @param multi - The TLS state for this packet's destination VPN tunnel.
806 * @param buf - The buffer containing the outgoing packet.
807 * @param opt - The crypto options structure into which the appropriate
808 * security parameters should be loaded.
809 */
6fbf66f This is the start of the BETA21 branch.
james authored
810 void tls_pre_encrypt (struct tls_multi *multi,
811 struct buffer *buf, struct crypto_options *opt);
812
a0bdbdc @andj Added control channel crypto docs
authored
813
814 /**
815 * Prepend the one-byte OpenVPN header to the packet, and perform some
816 * accounting for the key state used.
817 * @ingroup data_crypto
818 *
819 * @param multi - The TLS state for this packet's destination VPN tunnel.
820 * @param buf - The buffer containing the outgoing packet.
821 */
6fbf66f This is the start of the BETA21 branch.
james authored
822 void tls_post_encrypt (struct tls_multi *multi, struct buffer *buf);
823
a0bdbdc @andj Added control channel crypto docs
authored
824 /** @} name Functions for managing security parameter state for data channel packets */
825
6fbf66f This is the start of the BETA21 branch.
james authored
826 void pem_password_setup (const char *auth_file);
827 int pem_password_callback (char *buf, int size, int rwflag, void *u);
828 void auth_user_pass_setup (const char *auth_file);
829 void ssl_set_auth_nocache (void);
0db046f @jamesyonan Added "auth-token" client directive, which is intended to be
jamesyonan authored
830 void ssl_set_auth_token (const char *token);
831 void ssl_purge_auth (const bool auth_user_pass_only);
6fbf66f This is the start of the BETA21 branch.
james authored
832
3cf9dd8 @jamesyonan Implement challenge/response authentication support in client mode,
jamesyonan authored
833
834 #ifdef ENABLE_CLIENT_CR
835 /*
836 * ssl_get_auth_challenge will parse the server-pushed auth-failed
837 * reason string and return a dynamically allocated
838 * auth_challenge_info struct.
839 */
840 void ssl_purge_auth_challenge (void);
841 void ssl_put_auth_challenge (const char *cr_str);
842 #endif
843
6fbf66f This is the start of the BETA21 branch.
james authored
844 void tls_set_verify_command (const char *cmd);
845 void tls_set_crl_verify (const char *crl);
846 void tls_set_verify_x509name (const char *x509name);
847
848 void tls_adjust_frame_parameters(struct frame *frame);
849
850 bool tls_send_payload (struct tls_multi *multi,
851 const uint8_t *data,
852 int size);
853
854 bool tls_rec_payload (struct tls_multi *multi,
855 struct buffer *buf);
856
47ae845 Incremented version to 2.1_rc7d.
james authored
857 const char *tls_common_name (const struct tls_multi* multi, const bool null);
6fbf66f This is the start of the BETA21 branch.
james authored
858 void tls_set_common_name (struct tls_multi *multi, const char *common_name);
859 void tls_lock_common_name (struct tls_multi *multi);
ec4a500 On server, lock client-provided certs against mid-session TLS
james authored
860 void tls_lock_cert_hash_set (struct tls_multi *multi);
6fbf66f This is the start of the BETA21 branch.
james authored
861
344ee91 Support asynchronous/deferred authentication in
james authored
862 #define TLS_AUTHENTICATION_SUCCEEDED 0
863 #define TLS_AUTHENTICATION_FAILED 1
864 #define TLS_AUTHENTICATION_DEFERRED 2
865 #define TLS_AUTHENTICATION_UNDEFINED 3
866 int tls_authentication_status (struct tls_multi *multi, const int latency);
6fbf66f This is the start of the BETA21 branch.
james authored
867 void tls_deauthenticate (struct tls_multi *multi);
868
90efcac Updated version to 2.1_rc7e.
james authored
869 #ifdef MANAGEMENT_DEF_AUTH
5733ef6 Added the ability for the server to provide a custom reason string
james authored
870 bool tls_authenticate_key (struct tls_multi *multi, const unsigned int mda_key_id, const bool auth, const char *client_reason);
aaf7297 @jamesyonan Implemented a key/value auth channel from client to server.
jamesyonan authored
871
872 static inline char *
873 tls_get_peer_info(const struct tls_multi *multi)
874 {
875 return multi->peer_info;
876 }
90efcac Updated version to 2.1_rc7e.
james authored
877 #endif
878
6fbf66f This is the start of the BETA21 branch.
james authored
879 /*
880 * inline functions
881 */
882
47ae845 Incremented version to 2.1_rc7d.
james authored
883 static inline bool
e1e977f Added --server-poll-timeout option : when polling possible remote
james authored
884 tls_initial_packet_received (const struct tls_multi *multi)
885 {
886 return multi->n_sessions > 0;
887 }
888
889 static inline bool
47ae845 Incremented version to 2.1_rc7d.
james authored
890 tls_test_auth_deferred_interval (const struct tls_multi *multi)
891 {
892 if (multi)
893 {
894 const struct key_state *ks = &multi->session[TM_ACTIVE].key[KS_PRIMARY];
895 return now < ks->auth_deferred_expire;
896 }
897 return false;
898 }
899
6fbf66f This is the start of the BETA21 branch.
james authored
900 static inline int
901 tls_test_payload_len (const struct tls_multi *multi)
902 {
903 if (multi)
904 {
905 const struct key_state *ks = &multi->session[TM_ACTIVE].key[KS_PRIMARY];
906 if (ks->state >= S_ACTIVE)
907 return BLEN (&ks->plaintext_read_buf);
908 }
909 return 0;
910 }
911
92bbb06 svn merge -r 845:854 $SO/trunk/openvpn .
james authored
912 static inline void
913 tls_set_single_session (struct tls_multi *multi)
914 {
915 if (multi)
916 multi->opt.single_session = true;
917 }
918
5733ef6 Added the ability for the server to provide a custom reason string
james authored
919 static inline const char *
920 tls_client_reason (struct tls_multi *multi)
921 {
922 #ifdef ENABLE_DEF_AUTH
923 return multi->client_reason;
924 #else
925 return NULL;
926 #endif
927 }
928
47ae845 Incremented version to 2.1_rc7d.
james authored
929 #ifdef ENABLE_PF
930
931 static inline bool
932 tls_common_name_hash (const struct tls_multi *multi, const char **cn, uint32_t *cn_hash)
933 {
934 if (multi)
935 {
936 const struct tls_session *s = &multi->session[TM_ACTIVE];
937 if (s->common_name && s->common_name[0] != '\0')
938 {
939 *cn = s->common_name;
940 *cn_hash = s->common_name_hashval;
941 return true;
942 }
943 }
944 return false;
945 }
946
947 #endif
948
6fbf66f This is the start of the BETA21 branch.
james authored
949 /*
950 * protocol_dump() flags
951 */
952 #define PD_TLS_AUTH_HMAC_SIZE_MASK 0xFF
953 #define PD_SHOW_DATA (1<<8)
954 #define PD_TLS (1<<9)
955 #define PD_VERBOSE (1<<10)
956
957 const char *protocol_dump (struct buffer *buffer,
958 unsigned int flags,
959 struct gc_arena *gc);
960
961 /*
962 * debugging code
963 */
964
965 #ifdef MEASURE_TLS_HANDSHAKE_STATS
966 void show_tls_performance_stats(void);
967 #endif
968
969 /*#define EXTRACT_X509_FIELD_TEST*/
970 void extract_x509_field_test (void);
971
972 #endif /* USE_CRYPTO && USE_SSL */
973
974 #endif
Something went wrong with that request. Please try again.