Documentation ¶
Overview ¶
Package datachannel implements packet encryption and decryption over the OpenVPN Data Channel. Encryption Keys are derived after a successful TLS handshake, and they have a limited lifetime.
Index ¶
Constants ¶
This section is empty.
Variables ¶
var ( ErrReplayAttack = errors.New("replay attack") ErrBadHMAC = errors.New("bad hmac") ErrInitError = errors.New("improperly initialized") ErrExpiredKey = errors.New("key is expired") // ErrInvalidKeySize means that the key size is invalid. ErrInvalidKeySize = errors.New("invalid key size") // ErrUnsupportedCipher indicates we don't support the desired cipher. ErrUnsupportedCipher = errors.New("unsupported cipher") // ErrUnsupportedMode indicates that the mode is not uspported. ErrUnsupportedMode = errors.New("unsupported mode") // ErrBadInput indicates invalid inputs to encrypt/decrypt functions. ErrBadInput = errors.New("bad input") ErrSerialization = errors.New("cannot create packet") ErrCannotEncrypt = errors.New("cannot encrypt") ErrCannotDecrypt = errors.New("cannot decrypt") )
var ( ErrTooShort = errors.New("too short") ErrBadRemoteHMAC = errors.New("bad remote hmac") )
var ErrCannotDecode = errors.New("cannot decode")
Functions ¶
This section is empty.
Types ¶
type DataChannel ¶
type DataChannel struct {
// contains filtered or unexported fields
}
DataChannel represents the data "channel", that will encrypt and decrypt the tunnel payloads. data implements the dataHandler interface.
func NewDataChannelFromOptions ¶
func NewDataChannelFromOptions(logger model.Logger, opt *config.OpenVPNOptions, sessionManager *session.Manager) (*DataChannel, error)
NewDataChannelFromOptions returns a new data object, initialized with the options given. it also returns any error raised.
type Service ¶
type Service struct { // MuxerToData moves packets up to us MuxerToData chan *model.Packet // DataOrControlToMuxer is a shared channel to write packets to the muxer layer below DataOrControlToMuxer *chan *model.Packet // TUNToData moves bytes down from the TUN layer above TUNToData chan []byte // DataToTUN moves bytes up from us to the TUN layer above us DataToTUN chan []byte // KeyReady is where the TLSState layer passes us any new keys KeyReady chan *session.DataChannelKey }
Service is the datachannel service. Make sure you initialize the channels before invoking Service.StartWorkers.
func (*Service) StartWorkers ¶
func (s *Service) StartWorkers( config *config.Config, workersManager *workers.Manager, sessionManager *session.Manager, )
StartWorkers starts the data-channel workers.
We start three workers:
1. moveUpWorker BLOCKS on dataPacketUp to read a packet coming from the muxer and eventually BLOCKS on tunUp to deliver it;
2. moveDownWorker BLOCKS on tunDown to read a packet and eventually BLOCKS on dataOrControlToMuxer to deliver it;
3. keyWorker BLOCKS on keyUp to read a dataChannelKey and initializes the internal state with the resulting key;