mirror of
https://github.com/OpenVPN/openvpn3.git
synced 2024-09-19 19:52:15 +02:00
Remove UDP/TCP mode from PacketIDReceiveType
This mode is only relevant for old OpenVPN 2.3.x clients in CBC mode ciphers when using kovpn. Remove the mode from PID control and move logic to kovpn key logic. Signed-off-by: Arne Schwabe <arne@openvpn.net>
This commit is contained in:
parent
3d3e333c0e
commit
16b2c4afe0
@ -333,8 +333,7 @@ class Crypto : public CryptoDCInstance
|
||||
d.nonce.set_tail(decrypt_key, dc_settings.use64bitPktCounter());
|
||||
}
|
||||
|
||||
void init_pid(const int recv_mode,
|
||||
const char *recv_name,
|
||||
void init_pid(const char *recv_name,
|
||||
const int recv_unit,
|
||||
const SessionStats::Ptr &recv_stats_arg) override
|
||||
{
|
||||
|
@ -85,8 +85,7 @@ class CryptoCHM : public CryptoDCInstance
|
||||
decrypt_.hmac.init(dc_settings.digest(), decrypt_key);
|
||||
}
|
||||
|
||||
void init_pid(const int recv_mode,
|
||||
const char *recv_name,
|
||||
void init_pid(const char *recv_name,
|
||||
const int recv_unit,
|
||||
const SessionStats::Ptr &recv_stats_arg) override
|
||||
{
|
||||
@ -94,7 +93,7 @@ class CryptoCHM : public CryptoDCInstance
|
||||
auto pid_form = PacketID::SHORT_FORM;
|
||||
|
||||
encrypt_.pid_send.init(pid_form);
|
||||
decrypt_.pid_recv.init(recv_mode, pid_form, recv_name, recv_unit, recv_stats_arg);
|
||||
decrypt_.pid_recv.init(pid_form, recv_name, recv_unit, recv_stats_arg);
|
||||
}
|
||||
|
||||
bool consider_compression(const CompressContext &comp_ctx) override
|
||||
|
@ -73,8 +73,7 @@ class CryptoDCInstance : public RC<thread_unsafe_refcount>
|
||||
StaticKey &&decrypt_key)
|
||||
= 0;
|
||||
|
||||
virtual void init_pid(const int recv_mode,
|
||||
const char *recv_name,
|
||||
virtual void init_pid(const char *recv_name,
|
||||
const int recv_unit,
|
||||
const SessionStats::Ptr &recv_stats_arg)
|
||||
= 0;
|
||||
|
@ -249,13 +249,6 @@ class PacketIDReceiveType
|
||||
static constexpr unsigned int REPLAY_WINDOW_BYTES = 1 << REPLAY_WINDOW_ORDER;
|
||||
static constexpr unsigned int REPLAY_WINDOW_SIZE = REPLAY_WINDOW_BYTES * 8;
|
||||
|
||||
// mode
|
||||
enum
|
||||
{
|
||||
UDP_MODE = 0,
|
||||
TCP_MODE = 1
|
||||
};
|
||||
|
||||
OPENVPN_SIMPLE_EXCEPTION(packet_id_not_initialized);
|
||||
|
||||
// TODO: [OVPN3-933] Consider RAII'ifying this code
|
||||
@ -264,8 +257,7 @@ class PacketIDReceiveType
|
||||
{
|
||||
}
|
||||
|
||||
void init(const int mode_arg,
|
||||
const int form_arg,
|
||||
void init(const int form_arg,
|
||||
const char *name_arg,
|
||||
const int unit_arg,
|
||||
const SessionStats::Ptr &stats_arg)
|
||||
@ -278,7 +270,6 @@ class PacketIDReceiveType
|
||||
time_high = 0;
|
||||
id_floor = 0;
|
||||
max_backtrack = 0;
|
||||
mode = mode_arg;
|
||||
form = form_arg;
|
||||
unit = unit_arg;
|
||||
name = name_arg;
|
||||
@ -443,7 +434,6 @@ class PacketIDReceiveType
|
||||
PacketID::id_t id_floor; // we will only accept backtrack IDs > id_floor
|
||||
unsigned int max_backtrack;
|
||||
|
||||
int mode; // UDP_MODE or TCP_MODE
|
||||
int form; // PacketID::LONG_FORM or PacketID::SHORT_FORM
|
||||
int unit; // unit number of this object (for debugging)
|
||||
std::string name; // name of this object (for debugging)
|
||||
|
@ -56,7 +56,6 @@ struct Info
|
||||
CompressContext comp_ctx;
|
||||
unsigned int key_id = 0;
|
||||
int remote_peer_id = -1;
|
||||
bool tcp_linear = false;
|
||||
StaticKey encrypt_cipher;
|
||||
StaticKey encrypt_hmac;
|
||||
StaticKey decrypt_cipher;
|
||||
|
@ -75,12 +75,10 @@ class Instance : public CryptoDCInstance
|
||||
info.decrypt_hmac = std::move(decrypt_key);
|
||||
}
|
||||
|
||||
void init_pid(const int recv_mode,
|
||||
const char *recv_name,
|
||||
void init_pid(const char *recv_name,
|
||||
const int recv_unit,
|
||||
const SessionStats::Ptr &recv_stats_arg) override
|
||||
{
|
||||
info.tcp_linear = (recv_mode == PacketIDReceive::TCP_MODE);
|
||||
}
|
||||
|
||||
void init_remote_peer_id(const int remote_peer_id) override
|
||||
|
@ -408,9 +408,6 @@ class ProtoContext : public logging::LoggingMixin<OPENVPN_DEBUG_PROTO,
|
||||
|
||||
TLSCryptMetadataFactory::Ptr tls_crypt_metadata_factory;
|
||||
|
||||
// packet_id parms for both data and control channels
|
||||
int pid_mode = 0; // PacketIDReceive::UDP_MODE or PacketIDReceive::TCP_MODE
|
||||
|
||||
// timeout parameters, relative to construction of KeyContext object
|
||||
Time::Duration handshake_window; // SSL/TLS negotiation must complete by this time
|
||||
Time::Duration become_primary; // KeyContext (that is ACTIVE) becomes primary at this time
|
||||
@ -468,7 +465,6 @@ class ProtoContext : public logging::LoggingMixin<OPENVPN_DEBUG_PROTO,
|
||||
keepalive_timeout_early = keepalive_timeout;
|
||||
comp_ctx = CompressContext(CompressContext::NONE, false);
|
||||
protocol = Protocol();
|
||||
pid_mode = PacketIDReceive::UDP_MODE;
|
||||
key_direction = default_key_direction;
|
||||
|
||||
// layer
|
||||
@ -967,21 +963,10 @@ class ProtoContext : public logging::LoggingMixin<OPENVPN_DEBUG_PROTO,
|
||||
return os.str();
|
||||
}
|
||||
|
||||
void set_pid_mode(const bool tcp_linear)
|
||||
{
|
||||
if (protocol.is_udp() || !tcp_linear)
|
||||
pid_mode = PacketIDReceive::UDP_MODE;
|
||||
else if (protocol.is_tcp())
|
||||
pid_mode = PacketIDReceive::TCP_MODE;
|
||||
else
|
||||
throw proto_option_error(ERR_INVALID_OPTION_VAL, "transport protocol undefined");
|
||||
}
|
||||
|
||||
void set_protocol(const Protocol &p)
|
||||
{
|
||||
// adjust options for new transport protocol
|
||||
protocol = p;
|
||||
set_pid_mode(false);
|
||||
}
|
||||
|
||||
void set_tls_auth_digest(const CryptoAlgs::Type digest)
|
||||
@ -2321,8 +2306,7 @@ class ProtoContext : public logging::LoggingMixin<OPENVPN_DEBUG_PROTO,
|
||||
crypto->init_hmac(key.slice(OpenVPNStaticKey::HMAC | OpenVPNStaticKey::ENCRYPT | key_dir),
|
||||
key.slice(OpenVPNStaticKey::HMAC | OpenVPNStaticKey::DECRYPT | key_dir));
|
||||
|
||||
crypto->init_pid(c.pid_mode,
|
||||
"DATA",
|
||||
crypto->init_pid("DATA",
|
||||
int(key_id_),
|
||||
proto.stats);
|
||||
|
||||
@ -3842,7 +3826,7 @@ class ProtoContext : public logging::LoggingMixin<OPENVPN_DEBUG_PROTO,
|
||||
hmac_size = c.tls_crypt_context->digest_size();
|
||||
|
||||
ta_pid_send.init(PacketID::LONG_FORM);
|
||||
ta_pid_recv.init(c.pid_mode, PacketID::LONG_FORM, "SSL-CC", 0, stats);
|
||||
ta_pid_recv.init(PacketID::LONG_FORM, "SSL-CC", 0, stats);
|
||||
|
||||
reset_tls_crypt(c, dyn_key);
|
||||
}
|
||||
@ -3900,7 +3884,7 @@ class ProtoContext : public logging::LoggingMixin<OPENVPN_DEBUG_PROTO,
|
||||
reset_tls_crypt(c, c.tls_key);
|
||||
// init tls_crypt packet ID
|
||||
ta_pid_send.init(PacketID::LONG_FORM);
|
||||
ta_pid_recv.init(c.pid_mode, PacketID::LONG_FORM, "SSL-CC", 0, stats);
|
||||
ta_pid_recv.init(PacketID::LONG_FORM, "SSL-CC", 0, stats);
|
||||
break;
|
||||
case TLS_CRYPT_V2:
|
||||
if (is_server())
|
||||
@ -3914,7 +3898,7 @@ class ProtoContext : public logging::LoggingMixin<OPENVPN_DEBUG_PROTO,
|
||||
* to indicate EARLY_NEG_START/CONTROL_WKC_V1 support */
|
||||
// init tls_crypt packet ID
|
||||
ta_pid_send.init(PacketID::LONG_FORM, EARLY_NEG_START);
|
||||
ta_pid_recv.init(c.pid_mode, PacketID::LONG_FORM, "SSL-CC", 0, stats);
|
||||
ta_pid_recv.init(PacketID::LONG_FORM, "SSL-CC", 0, stats);
|
||||
break;
|
||||
case TLS_AUTH:
|
||||
// init OvpnHMACInstance
|
||||
@ -3946,7 +3930,7 @@ class ProtoContext : public logging::LoggingMixin<OPENVPN_DEBUG_PROTO,
|
||||
*
|
||||
*/
|
||||
ta_pid_send.init(PacketID::LONG_FORM, cookie_psid.defined() ? 1 : 0);
|
||||
ta_pid_recv.init(c.pid_mode, PacketID::LONG_FORM, "SSL-CC", 0, stats);
|
||||
ta_pid_recv.init(PacketID::LONG_FORM, "SSL-CC", 0, stats);
|
||||
break;
|
||||
case TLS_PLAIN:
|
||||
break;
|
||||
|
@ -136,8 +136,7 @@ void test_datachannel_crypto(bool tag_at_the_end, bool longpktcounter = false)
|
||||
cryptodc.init_cipher(static_key.slice(openvpn::OpenVPNStaticKey::CIPHER | openvpn::OpenVPNStaticKey::ENCRYPT | key_dir),
|
||||
static_key.slice(openvpn::OpenVPNStaticKey::CIPHER | openvpn::OpenVPNStaticKey::ENCRYPT | key_dir));
|
||||
|
||||
cryptodc.init_pid(0,
|
||||
"DATA",
|
||||
cryptodc.init_pid("DATA",
|
||||
0,
|
||||
statsptr);
|
||||
|
||||
|
@ -1,6 +1,7 @@
|
||||
#include "test_common.h"
|
||||
|
||||
#include <openvpn/crypto/packet_id.hpp>
|
||||
#include <openvpn/crypto/packet_id_aead.hpp>
|
||||
|
||||
using namespace openvpn;
|
||||
|
||||
@ -17,12 +18,12 @@ void testcase(PIDRecv &pr,
|
||||
ASSERT_EQ(status, expected_status);
|
||||
}
|
||||
|
||||
void test()
|
||||
template <typename PIDRecv>
|
||||
void do_packet_id_recv_test()
|
||||
{
|
||||
typedef PacketIDReceiveType<3, 5> PIDRecv;
|
||||
SessionStats::Ptr stats(new SessionStats());
|
||||
PIDRecv pr;
|
||||
pr.init(PIDRecv::UDP_MODE, PacketID::SHORT_FORM, "test", 0, stats);
|
||||
pr.init(PacketID::SHORT_FORM, "test", 0, stats);
|
||||
|
||||
testcase(pr, 0, 0, 0, Error::PKTID_INVALID);
|
||||
testcase(pr, 1, 0, 1, Error::SUCCESS);
|
||||
@ -77,6 +78,12 @@ void test()
|
||||
testcase(pr, 85, 15, 66, Error::SUCCESS);
|
||||
}
|
||||
|
||||
TEST(misc, pktid_test_normal)
|
||||
{
|
||||
do_packet_id_recv_test<PacketIDReceiveType<3, 5>>();
|
||||
}
|
||||
|
||||
|
||||
template <unsigned int ORDER, unsigned int EXPIRE>
|
||||
void perfiter(const long n,
|
||||
const long range,
|
||||
@ -97,7 +104,7 @@ void perfiter(const long n,
|
||||
long high = 0;
|
||||
SessionStats::Ptr stats(new SessionStats());
|
||||
PIDRecv pr;
|
||||
pr.init(PIDRecv::UDP_MODE, PacketID::SHORT_FORM, "test", 0, stats);
|
||||
pr.init(PacketID::SHORT_FORM, "test", 0, stats);
|
||||
|
||||
for (long i = 1; i < n; i += step)
|
||||
{
|
||||
@ -144,7 +151,7 @@ void perf(long &count)
|
||||
perfiter<ORDER, EXPIRE>(20000, 4, PIDRecv::REPLAY_WINDOW_SIZE / 2, 10, count);
|
||||
}
|
||||
|
||||
TEST(misc, pktid)
|
||||
TEST(misc, pktid_perf)
|
||||
{
|
||||
{
|
||||
long count = 0;
|
||||
@ -153,5 +160,4 @@ TEST(misc, pktid)
|
||||
perf<8, 5>(count);
|
||||
// ASSERT_EQ(4746439, count);
|
||||
}
|
||||
test();
|
||||
}
|
||||
|
@ -958,7 +958,6 @@ int test(const int thread_num, bool use_tls_ekm)
|
||||
}
|
||||
cp->tls_crypt_ = ClientProtoContext::ProtoConfig::TLSCrypt::V2;
|
||||
#endif
|
||||
cp->pid_mode = PacketIDReceive::UDP_MODE;
|
||||
#if defined(HANDSHAKE_WINDOW)
|
||||
cp->handshake_window = Time::Duration::seconds(HANDSHAKE_WINDOW);
|
||||
#elif SITER > 1
|
||||
@ -1046,7 +1045,6 @@ int test(const int thread_num, bool use_tls_ekm)
|
||||
sp->tls_crypt_metadata_factory.reset(new CryptoTLSCryptMetadataFactory());
|
||||
sp->tls_crypt_ = ClientProtoContext::ProtoConfig::TLSCrypt::V2;
|
||||
#endif
|
||||
sp->pid_mode = PacketIDReceive::UDP_MODE;
|
||||
#if defined(HANDSHAKE_WINDOW)
|
||||
sp->handshake_window = Time::Duration::seconds(HANDSHAKE_WINDOW);
|
||||
#elif SITER > 1
|
||||
|
Loading…
Reference in New Issue
Block a user