1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
|
/*
* OpenVPN -- An application to securely tunnel IP networks
* over a single TCP/UDP port, with support for SSL/TLS-based
* session authentication and key exchange,
* packet encryption, packet authentication, and
* packet compression.
*
* Copyright (C) 2010-2018 Fox Crypto B.V. <openvpn@fox-it.com>
*
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2
* as published by the Free Software Foundation.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License along
* with this program; if not, write to the Free Software Foundation, Inc.,
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*/
/**
* @file
* Control Channel Processor module documentation file.
*/
/**
* @defgroup control_processor Control Channel Processor module
*
* This module controls the setup and maintenance of VPN tunnels and the
* associated security parameters.
*
* @par This module's role
* The Control Channel Processor module lies at the core of OpenVPN's
* activities. It handles the setup of new VPN tunnels, the negotiation
* of data channel security parameters, the managing of active VPN
* tunnels, and finally the cleanup of expired VPN tunnels.
*
* @par State structures
* A large amount of VPN tunnel state information must be stored within an
* OpenVPN process. A wide variety of container structures are used by
* this module for that purpose. Several of these structures are listed
* below, and the function of the first three VPN tunnel state containers
* is described in more detail later.
* - VPN tunnel state containers:
* - \c tls_multi, security parameter state for a single VPN tunnel.
* Contains three instances of the \c tls_session structure.
* - \c tls_session, security parameter state of a single session
* within a VPN tunnel. Contains two instances of the \c key_state
* structure.
* - \c key_state, security parameter state of one TLS and data
* channel %key set.
* - Data channel security parameter containers:
* - \c key_ctx_bi, container for two sets of OpenSSL cipher and/or
* HMAC context (both directions). Contains two instances of the \c
* key_ctx structure.
* - \c key_ctx, container for one set of OpenSSL cipher and/or HMAC
* context (one directions.
* - Key material containers:
* - \c key2, container for two sets of cipher and/or HMAC %key
* material (both directions). Contains two instances of the \c key
* structure.
* - \c key, container for one set of cipher and/or HMAC %key material
* (one direction).
* - \c key_direction_state, ordering of %key material within the \c
* key2.key array.
* - Key method 2 random material containers:
* - \c key_source2, container for both halves of random material used
* for %key method 2. Contains two instances of the \c key_source
* structure.
* - \c key_source, container for one half of random material used for
* %key method 2.
*
* @par The life of a \c tls_multi object
* A \c tls_multi structure contains all the security parameter state
* information related to the control and data channels of one VPN tunnel.
* Its life cycle can be summarized as follows:
* -# Initialization: \c tls_multi_init() and \c
* tls_multi_init_finalize(), which are called (indirectly) from \c
* init_instance() when initializing a new \c context structure.
* - Initializes a \c tls_multi structure.
* - Allocates the three \c tls_session objects contained by the \c
* tls_multi structure, and initializes as appropriate.
* -# Management: \c tls_multi_process() and \c tls_pre_decrypt()
* - If a new session is initiated by the remote peer, then \c
* tls_pre_decrypt() starts the new session negotiation in the
* un-trusted \c tls_session.
* - If the, as yet, un-trusted \c tls_session authenticates
* successfully, then \c tls_multi_process() moves it so as to be
* the active \c tls_session.
* - If an error occurs during processing of a \c key_state object,
* then \c tls_multi_process() cleans up and initializes the
* associated \c tls_session object. If the error occurred in the
* active \c key_state of the active \c tls_session and the
* lame-duck \c key_state of that \c tls_session has not yet
* expired, it is preserved as fallback.
* -# Cleanup: \c tls_multi_free(), which is called (indirectly) from \c
* close_instance() when cleaning up a \c context structure.
* - Cleans up a \c tls_multi structure.
* - Cleans up the three \c tls_session objects contained by the \c
* tls_multi structure.
*
* @par The life of a \c tls_session object
* A \c tls_session structure contains the state information related to an
* active and a lame-duck \c key_state. Its life cycle can be summarized
* as follows:
* -# Initialization: \c tls_session_init()
* - Initializes a \c tls_session structure.
* - Initializes the primary \c key_state by calling \c
* key_state_init().
* -# Renegotiation: \c key_state_soft_reset()
* - Cleans up the old lame-duck \c key_state by calling \c
* key_state_free().
* - Moves the old primary \c key_state to be the new lame-duck \c
* key_state.
* - Initializes a new primary \c key_state by calling \c
* key_state_init().
* -# Cleanup: \c tls_session_free()
* - Cleans up a \c tls_session structure.
* - Cleans up all \c key_state objects associated with the session by
* calling \c key_state_free() for each.
*
* @par The life of a \c key_state object
* A \c key_state structure represents one control and data channel %key
* set. It contains an OpenSSL TLS object that encapsulates the control
* channel, and the data channel security parameters needed by the \link
* data_crypto Data Channel Crypto module\endlink to perform cryptographic
* operations on data channel packets. Its life cycle can be summarized
* as follows:
* -# Initialization: \c key_state_init()
* - Initializes a \c key_state structure.
* - Creates a new OpenSSL TLS object to encapsulate this new control
* channel session.
* - Sets \c key_state.state to \c S_INITIAL.
* - Allocates several internal buffers.
* - Initializes new reliability layer structures for this key set.
* -# Negotiation: \c tls_process()
* - The OpenSSL TLS object negotiates a TLS session between itself
* and the remote peer's TLS object.
* - Key material is generated and exchanged through the TLS session
* between OpenVPN peers.
* - Both peers initialize their data channel cipher and HMAC key
* contexts.
* - On successful negotiation, the \c key_state.state will progress
* from \c S_INITIAL to \c S_ACTIVE and \c S_NORMAL.
* -# Active tunneling: \link data_crypto Data Channel Crypto
* module\endlink
* - Data channel packet to be sent to a remote OpenVPN peer:
* - \c tls_pre_encrypt() loads the security parameters from the \c
* key_state into a \c crypto_options structure.
* - \c openvpn_encrypt() uses the \c crypto_options to an encrypt
* and HMAC sign the data channel packet.
* - Data channel packet received from a remote OpenVPN peer:
* - \c tls_pre_decrypt() loads the security parameters from the \c
* key_state into a \c crypto_options structure.
* - \c openvpn_encrypt() uses the \c crypto_options to
* authenticate and decrypt the data channel packet.
* -# Cleanup: \c key_state_free()
* - Cleans up a \c key_state structure together with its OpenSSL TLS
* object, key material, internal buffers, and reliability layer
* structures.
*
* @par Control functions
* The following two functions drive the Control Channel Processor's
* activities.
* - \c tls_multi_process(), iterates through the \c tls_session objects
* within a given \c tls_multi of a VPN tunnel, and calls \c
* tls_process() for each \c tls_session which is being set up, is
* already active, or is busy expiring.
* - \c tls_process(), performs the Control Channel Processor module's
* core handling of received control channel messages, and generates
* appropriate messages to be sent.
*
* @par Functions which control data channel key generation
* - Key method 1 key exchange functions were removed from OpenVPN 2.5
* - Key method 2 key exchange functions:
* - \c key_method_2_write(), generates and processes key material to
* be sent to the remote OpenVPN peer.
* - \c key_method_2_read(), processes key material received from the
* remote OpenVPN peer.
*/
|