@@ -541,7 +541,8 @@
#define PROTO_DUMP(buf, gc) protocol_dump((buf), \
PROTO_DUMP_FLAGS \
|(c->c2.tls_multi ? PD_TLS : 0) \
- |(c->options.tls_auth_file ? md_kt_size(c->c1.ks.key_type.digest) : 0), \
+ |(c->options.tls_auth_file ? md_kt_size(c->c1.ks.key_type.digest) : 0) \
+ |(c->options.tls_crypt_file || c->options.tls_crypt_v2_file ? PD_TLS_CRYPT : 0), \
gc)
/* this represents "disabled peer-id" */
@@ -4272,6 +4272,32 @@
}
buf_printf(&out, " pid=%s", packet_id_net_print(&pin, (flags & PD_VERBOSE), gc));
}
+ /*
+ * packet_id + tls-crypt hmac
+ */
+ if (flags & PD_TLS_CRYPT)
+ {
+ struct packet_id_net pin;
+ uint8_t tls_crypt_hmac[TLS_CRYPT_TAG_SIZE];
+
+ if (!packet_id_read(&pin, &buf, true))
+ {
+ goto done;
+ }
+ buf_printf(&out, " pid=%s", packet_id_net_print(&pin, (flags & PD_VERBOSE), gc));
+ if (!buf_read(&buf, tls_crypt_hmac, TLS_CRYPT_TAG_SIZE))
+ {
+ goto done;
+ }
+ if (flags & PD_VERBOSE)
+ {
+ buf_printf(&out, " tls_crypt_hmac=%s", format_hex(tls_crypt_hmac, TLS_CRYPT_TAG_SIZE, 0, gc));
+ }
+ /*
+ * Remainder is encrypted and optional wKc
+ */
+ goto done;
+ }
/*
* ACK list
@@ -525,6 +525,7 @@
#define PD_SHOW_DATA (1<<8)
#define PD_TLS (1<<9)
#define PD_VERBOSE (1<<10)
+#define PD_TLS_CRYPT (1<<11)
const char *protocol_dump(struct buffer *buffer,
unsigned int flags,
Attention is currently required from: flichtenheld. Hello flichtenheld, I'd like you to do a code review. Please visit http://gerrit.openvpn.net/c/openvpn/+/442?usp=email to review the following change. Change subject: protocol_dump: tls-crypt support ...................................................................... protocol_dump: tls-crypt support Change-Id: Ie25aa287f3534090c1d93fc3bb69727dd20fc6fe --- M src/openvpn/openvpn.h M src/openvpn/ssl.c M src/openvpn/ssl.h 3 files changed, 29 insertions(+), 1 deletion(-) git pull ssh://gerrit.openvpn.net:29418/openvpn refs/changes/42/442/1