Documentation ¶
Overview ¶
Package session keeps state for the application, including internal state transitions for the OpenVPN protocol, data channel keys, and all the state pertaining to the different packet counters.
Index ¶
- Variables
- type DataChannelKey
- type KeySource
- type Manager
- func (m *Manager) ActiveKey() (*DataChannelKey, error)
- func (m *Manager) CurrentKeyID() uint8
- func (m *Manager) InitTunnelInfo(remoteOption string) error
- func (m *Manager) IsRemoteSessionIDSet() bool
- func (m *Manager) LocalDataPacketID() (model.PacketID, error)
- func (m *Manager) LocalSessionID() []byte
- func (m *Manager) NegotiationState() model.NegotiationState
- func (m *Manager) NewACKForPacketIDs(ids []model.PacketID) (*model.Packet, error)
- func (m *Manager) NewHardResetPacket() *model.Packet
- func (m *Manager) NewPacket(opcode model.Opcode, payload []byte) (*model.Packet, error)
- func (m *Manager) RemoteSessionID() []byte
- func (m *Manager) SetNegotiationState(sns model.NegotiationState)
- func (m *Manager) SetRemoteSessionID(remoteSessionID model.SessionID)
- func (m *Manager) TunnelInfo() model.TunnelInfo
- func (m *Manager) UpdateTunnelInfo(ti *model.TunnelInfo)
Constants ¶
This section is empty.
Variables ¶
var ( // ErrExpiredKey is the error we raise when we have an expired key. ErrExpiredKey = errors.New("expired key") // ErrNoRemoteSessionID indicates we are missing the remote session ID. ErrNoRemoteSessionID = errors.New("missing remote session ID") )
var ( // ErrDataChannelKey is a [DataChannelKey] error. ErrDataChannelKey = errors.New("bad data-channel key") )
Functions ¶
This section is empty.
Types ¶
type DataChannelKey ¶
type DataChannelKey struct {
// contains filtered or unexported fields
}
DataChannelKey represents a pair of key sources that have been negotiated over the control channel, and from which we will derive local and remote keys for encryption and decrption over the data channel. The index refers to the short key_id that is passed in the lower 3 bits if a packet header. The setup of the keys for a given data channel (that is, for every key_id) is made by expanding the keysources using the prf function.
Do note that we are not yet implementing key renegotiation - but the index is provided for convenience when/if we support that in the future.
func (*DataChannelKey) AddLocalKey ¶
func (dck *DataChannelKey) AddLocalKey(k *KeySource) error
AddLocalKey adds the local keySource to our dataChannelKey.
func (*DataChannelKey) AddRemoteKey ¶
func (dck *DataChannelKey) AddRemoteKey(k *KeySource) error
AddRemoteKey adds the server keySource to our dataChannelKey. This makes the dataChannelKey ready to be used.
func (*DataChannelKey) Local ¶
func (dck *DataChannelKey) Local() *KeySource
Local returns the local KeySource
func (*DataChannelKey) Ready ¶
func (dck *DataChannelKey) Ready() bool
Ready returns whether the DataChannelKey is ready.
func (*DataChannelKey) Remote ¶
func (dck *DataChannelKey) Remote() *KeySource
Remote returns the local KeySource
type KeySource ¶
KeySource contains random data to generate keys.
func NewKeySource ¶
NewKeySource constructs a new KeySource.
type Manager ¶
type Manager struct { // Ready is a channel where we signal that we can start accepting data, because we've // successfully generated key material for the data channel. Ready chan any // Failure is a channel where we receive any unrecoverable error. Failure chan error // contains filtered or unexported fields }
Manager manages the session. The zero value is invalid. Please, construct using NewManager. This struct is concurrency safe.
func NewManager ¶
NewManager returns a Manager ready to be used.
func (*Manager) ActiveKey ¶
func (m *Manager) ActiveKey() (*DataChannelKey, error)
ActiveKey returns the dataChannelKey that is actively being used.
func (*Manager) CurrentKeyID ¶
CurrentKeyID returns the key ID currently in use.
func (*Manager) InitTunnelInfo ¶
InitTunnelInfo initializes TunnelInfo from data obtained from the auth response.
func (*Manager) IsRemoteSessionIDSet ¶
IsRemoteSessionIDSet returns whether we've set the remote session ID.
func (*Manager) LocalDataPacketID ¶
LocalDataPacketID returns an unique Packet ID for the Data Channel. It increments the counter for the local data packet ID.
func (*Manager) LocalSessionID ¶
LocalSessionID gets the local session ID as bytes.
func (*Manager) NegotiationState ¶
func (m *Manager) NegotiationState() model.NegotiationState
NegotiationState returns the state of the negotiation.
func (*Manager) NewACKForPacketIDs ¶
NewACKForPacketIDs creates a new ACK for the given packet IDs.
func (*Manager) NewHardResetPacket ¶
NewHardResetPacket creates a new hard reset packet for this session. This packet is a special case because, if we resend, we must not bump its packet ID. Normally retransmission is handled at the reliabletransport layer, but we send hard resets at the muxer.
func (*Manager) RemoteSessionID ¶
RemoteSessionID gets the remote session ID as bytes.
func (*Manager) SetNegotiationState ¶
func (m *Manager) SetNegotiationState(sns model.NegotiationState)
SetNegotiationState sets the state of the negotiation.
func (*Manager) SetRemoteSessionID ¶
SetRemoteSessionID sets the remote session ID.
func (*Manager) TunnelInfo ¶
func (m *Manager) TunnelInfo() model.TunnelInfo
TunnelInfo returns a copy the current TunnelInfo
func (*Manager) UpdateTunnelInfo ¶
func (m *Manager) UpdateTunnelInfo(ti *model.TunnelInfo)
UpdateTunnelInfo updates the internal tunnel info from the push response message