~mdw / secnet / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
site: fix site name checking leaving room for expansion
[secnet] / site.c
CommitLineData
2fe58dfd
SE		 1/* site.c - manage communication with a remote network site */
2
469fd1d9
SE		 3/* The 'site' code doesn't know anything about the structure of the
4 packets it's transmitting. In fact, under the new netlink
5 configuration scheme it doesn't need to know anything at all about
6 IP addresses, except how to contact its peer. This means it could
7 potentially be used to tunnel other protocols too (IPv6, IPX, plain
8 old Ethernet frames) if appropriate netlink code can be written
9 (and that ought not to be too hard, eg. using the TUN/TAP device to
10 pretend to be an Ethernet interface). */
11
ff05a229
SE		 12/* At some point in the future the netlink code will be asked for
13 configuration information to go in the PING/PONG packets at the end
14 of the key exchange. */
15
8689b3a9 16#include "secnet.h"
2fe58dfd 17#include <stdio.h>
469fd1d9 18#include <string.h>
fe5e9cc4 19#include <limits.h>
58650a70 20#include <assert.h>
8689b3a9 21#include <sys/socket.h>
2fe58dfd 22
8689b3a9 23#include <sys/mman.h>
2fe58dfd 24#include "util.h"
59635212 25#include "unaligned.h"
ff05a229 26#include "magic.h"
2fe58dfd
SE		 27
28#define SETUP_BUFFER_LEN 2048
29
e7f8ec2a
IJ		 30#define DEFAULT_KEY_LIFETIME (3600*1000) /* [ms] */
31#define DEFAULT_KEY_RENEGOTIATE_GAP (5*60*1000) /* [ms] */
2fe58dfd 32#define DEFAULT_SETUP_RETRIES 5
e7f8ec2a
IJ		 33#define DEFAULT_SETUP_RETRY_INTERVAL (2*1000) /* [ms] */
34#define DEFAULT_WAIT_TIME (20*1000) /* [ms] */
e57264d6
IJ		 35
36#define DEFAULT_MOBILE_KEY_LIFETIME (2*24*3600*1000) /* [ms] */
37#define DEFAULT_MOBILE_KEY_RENEGOTIATE_GAP (12*3600*1000) /* [ms] */
38#define DEFAULT_MOBILE_SETUP_RETRIES 30
39#define DEFAULT_MOBILE_SETUP_RETRY_INTERVAL (1*1000) /* [ms] */
40#define DEFAULT_MOBILE_WAIT_TIME (10*1000) /* [ms] */
41
446353cd
IJ		 42#define DEFAULT_MOBILE_PEER_EXPIRY (2*60) /* [s] */
43#define DEFAULT_MOBILE_PEERS_MAX 3 /* send at most this many copies (default) */
2fe58dfd
SE		 44
45/* Each site can be in one of several possible states. */
46
47/* States:
48 SITE_STOP - nothing is allowed to happen; tunnel is down;
49 all session keys have been erased
50 -> SITE_RUN upon external instruction
51 SITE_RUN - site up, maybe with valid key
52 -> SITE_RESOLVE upon outgoing packet and no valid key
53 we start name resolution for the other end of the tunnel
54 -> SITE_SENTMSG2 upon valid incoming message 1 and suitable time
55 we send an appropriate message 2
56 SITE_RESOLVE - waiting for name resolution
57 -> SITE_SENTMSG1 upon successful resolution
58 we send an appropriate message 1
59 -> SITE_SENTMSG2 upon valid incoming message 1 (then abort resolution)
60 we abort resolution and
61 -> SITE_WAIT on timeout or resolution failure
62 SITE_SENTMSG1
63 -> SITE_SENTMSG2 upon valid incoming message 1 from higher priority end
64 -> SITE_SENTMSG3 upon valid incoming message 2
65 -> SITE_WAIT on timeout
66 SITE_SENTMSG2
67 -> SITE_SENTMSG4 upon valid incoming message 3
68 -> SITE_WAIT on timeout
69 SITE_SENTMSG3
70 -> SITE_SENTMSG5 upon valid incoming message 4
71 -> SITE_WAIT on timeout
72 SITE_SENTMSG4
73 -> SITE_RUN upon valid incoming message 5
74 -> SITE_WAIT on timeout
75 SITE_SENTMSG5
76 -> SITE_RUN upon valid incoming message 6
77 -> SITE_WAIT on timeout
78 SITE_WAIT - failed to establish key; do nothing for a while
79 -> SITE_RUN on timeout
80 */
81
82#define SITE_STOP 0
83#define SITE_RUN 1
84#define SITE_RESOLVE 2
85#define SITE_SENTMSG1 3
86#define SITE_SENTMSG2 4
87#define SITE_SENTMSG3 5
88#define SITE_SENTMSG4 6
89#define SITE_SENTMSG5 7
90#define SITE_WAIT 8
91
fe5e9cc4 92static cstring_t state_name(uint32_t state)
2fe58dfd
SE		 93{
94 switch (state) {
3454dce4
SE		 95 case 0: return "STOP";
96 case 1: return "RUN";
97 case 2: return "RESOLVE";
98 case 3: return "SENTMSG1";
99 case 4: return "SENTMSG2";
100 case 5: return "SENTMSG3";
101 case 6: return "SENTMSG4";
102 case 7: return "SENTMSG5";
103 case 8: return "WAIT";
2fe58dfd
SE		 104 default: return "*bad state*";
105 }
106}
107
2fe58dfd
SE		 108#define NONCELEN 8
109
110#define LOG_UNEXPECTED 0x00000001
111#define LOG_SETUP_INIT 0x00000002
112#define LOG_SETUP_TIMEOUT 0x00000004
113#define LOG_ACTIVATE_KEY 0x00000008
114#define LOG_TIMEOUT_KEY 0x00000010
9d3a4132 115#define LOG_SEC 0x00000020
2fe58dfd
SE		 116#define LOG_STATE 0x00000040
117#define LOG_DROP 0x00000080
118#define LOG_DUMP 0x00000100
119#define LOG_ERROR 0x00000400
446353cd 120#define LOG_PEER_ADDRS 0x00000800
2fe58dfd 121
9d3a4132
SE		 122static struct flagstr log_event_table[]={
123 { "unexpected", LOG_UNEXPECTED },
124 { "setup-init", LOG_SETUP_INIT },
125 { "setup-timeout", LOG_SETUP_TIMEOUT },
126 { "activate-key", LOG_ACTIVATE_KEY },
127 { "timeout-key", LOG_TIMEOUT_KEY },
128 { "security", LOG_SEC },
129 { "state-change", LOG_STATE },
130 { "packet-drop", LOG_DROP },
131 { "dump-packets", LOG_DUMP },
132 { "errors", LOG_ERROR },
446353cd 133 { "peer-addrs", LOG_PEER_ADDRS },
ff05a229
SE		 134 { "default", LOG_SETUP_INIT|LOG_SETUP_TIMEOUT|
135 LOG_ACTIVATE_KEY|LOG_TIMEOUT_KEY|LOG_SEC|LOG_ERROR },
9d3a4132
SE		 136 { "all", 0xffffffff },
137 { NULL, 0 }
138};
139
446353cd
IJ		 140
141/***** TRANSPORT PEERS declarations *****/
142
143/* Details of "mobile peer" semantics:
144
145 - We record mobile_peers_max peer address/port numbers ("peers")
146 for key setup, and separately mobile_peers_max for data
147 transfer. If these lists fill up, we retain the newest peers.
148 (For non-mobile peers we only record one of each.)
149
150 - Outgoing packets are sent to every recorded peer in the
151 applicable list.
152
153 - Data transfer peers are straightforward: whenever we successfully
154 process a data packet, we record the peer. Also, whenever we
155 successfully complete a key setup, we merge the key setup
156 peers into the data transfer peers.
157
158 (For "non-mobile" peers we simply copy the peer used for
159 successful key setup, and don't change the peer otherwise.)
160
161 - Key setup peers are slightly more complicated.
162
163 Whenever we receive and successfully process a key exchange
164 packet, we record the peer.
165
166 Whenever we try to initiate a key setup, we copy the list of data
167 transfer peers and use it for key setup. But we also look to see
168 if the config supplies an address and port number and if so we
169 add that as a key setup peer (possibly evicting one of the data
170 transfer peers we just copied).
171
172 (For "non-mobile" peers, if we if we have a configured peer
173 address and port, we always use that; otherwise if we have a
174 current data peer address we use that; otherwise we do not
175 attempt to initiate a key setup for lack of a peer address.)
176
177 "Record the peer" means
178 1. expire any peers last seen >120s ("mobile-peer-expiry") ago
179 2. add the peer of the just received packet to the applicable list
180 (possibly evicting older entries)
181 NB that we do not expire peers until an incoming packet arrives.
182
183 */
184
185#define MAX_MOBILE_PEERS_MAX 5 /* send at most this many copies, compiled max */
186
187typedef struct {
188 struct timeval last;
189 struct comm_addr addr;
190} transport_peer;
191
192typedef struct {
193/* configuration information */
194/* runtime information */
195 int npeers;
196 transport_peer peers[MAX_MOBILE_PEERS_MAX];
197} transport_peers;
198
199static void transport_peers_clear(struct site *st, transport_peers *peers);
200static int transport_peers_valid(transport_peers *peers);
201static void transport_peers_copy(struct site *st, transport_peers *dst,
202 const transport_peers *src);
203
204static void transport_setup_msgok(struct site *st, const struct comm_addr *a);
205static void transport_data_msgok(struct site *st, const struct comm_addr *a);
206static bool_t transport_compute_setupinit_peers(struct site *st,
207 const struct comm_addr *configured_addr /* 0 if none or not found */);
208static void transport_record_peer(struct site *st, transport_peers *peers,
209 const struct comm_addr *addr, const char *m);
210
211static void transport_xmit(struct site *st, transport_peers *peers,
212 struct buffer_if *buf, bool_t candebug);
213
214 /***** END of transport peers declarations *****/
215
216
19e9a588
IJ		 217struct data_key {
218 struct transform_inst_if *transform;
219 uint64_t key_timeout; /* End of life of current key */
220 uint32_t remote_session_id;
221};
222
2fe58dfd
SE		 223struct site {
224 closure_t cl;
225 struct site_if ops;
226/* configuration information */
227 string_t localname;
228 string_t remotename;
446353cd
IJ		 229 bool_t peer_mobile; /* Mobile client support */
230 int32_t transport_peers_max;
ff05a229 231 string_t tunname; /* localname<->remotename by default, used in logs */
2fe58dfd 232 string_t address; /* DNS name for bootstrapping, optional */
ff05a229 233 int remoteport; /* Port for bootstrapping, optional */
2fe58dfd 234 struct netlink_if *netlink;
59533c16
IJ		 235 struct comm_if **comms;
236 int ncomms;
2fe58dfd
SE		 237 struct resolver_if *resolver;
238 struct log_if *log;
239 struct random_if *random;
240 struct rsaprivkey_if *privkey;
2fe58dfd
SE		 241 struct rsapubkey_if *pubkey;
242 struct transform_if *transform;
243 struct dh_if *dh;
244 struct hash_if *hash;
2fe58dfd 245
58650a70 246 uint32_t index; /* Index of this site */
1caa23ff 247 int32_t setup_retries; /* How many times to send setup packets */
e7f8ec2a 248 int32_t setup_retry_interval; /* Initial timeout for setup packets */
4a8aed08 249 int32_t wait_timeout; /* How long to wait if setup unsuccessful */
446353cd 250 int32_t mobile_peer_expiry; /* How long to remember 2ary addresses */
4a8aed08
IJ		 251 int32_t key_lifetime; /* How long a key lasts once set up */
252 int32_t key_renegotiate_time; /* If we see traffic (or a keepalive)
9d3a4132
SE		 253 after this time, initiate a new
254 key exchange */
2fe58dfd
SE		 255
256 uint8_t *setupsig; /* Expected signature of incoming MSG1 packets */
1caa23ff
IJ		 257 int32_t setupsiglen; /* Allows us to discard packets quickly if
258 they are not for us */
2fe58dfd
SE		 259 bool_t setup_priority; /* Do we have precedence if both sites emit
260 message 1 simultaneously? */
261 uint32_t log_events;
262
263/* runtime information */
264 uint32_t state;
265 uint64_t now; /* Most recently seen time */
266
ff05a229 267 /* The currently established session */
19e9a588 268 struct data_key current;
02b0959b 269 struct data_key auxiliary_key;
bd98cd6b 270 bool_t auxiliary_is_new;
ff05a229 271 uint64_t renegotiate_key_time; /* When we can negotiate a new key */
bd98cd6b 272 uint64_t auxiliary_renegotiate_key_time;
446353cd 273 transport_peers peers; /* Current address(es) of peer for data traffic */
2fe58dfd 274
ff05a229
SE		 275 /* The current key setup protocol exchange. We can only be
276 involved in one of these at a time. There's a potential for
277 denial of service here (the attacker keeps sending a setup
278 packet; we keep trying to continue the exchange, and have to
279 timeout before we can listen for another setup packet); perhaps
280 we should keep a list of 'bad' sources for setup packets. */
2fe58dfd 281 uint32_t setup_session_id;
446353cd 282 transport_peers setup_peers;
2fe58dfd
SE		 283 uint8_t localN[NONCELEN]; /* Nonces for key exchange */
284 uint8_t remoteN[NONCELEN];
285 struct buffer_if buffer; /* Current outgoing key exchange packet */
05f39b4d 286 struct buffer_if scratch;
4a8aed08 287 int32_t retries; /* Number of retries remaining */
2fe58dfd
SE		 288 uint64_t timeout; /* Timeout for current state */
289 uint8_t *dhsecret;
290 uint8_t *sharedsecret;
7c9ca4bd 291 uint32_t sharedsecretlen;
2fe58dfd
SE		 292 struct transform_inst_if *new_transform; /* For key setup/verify */
293};
294
fe5e9cc4 295static void slog(struct site *st, uint32_t event, cstring_t msg, ...)
2fe58dfd
SE		 296{
297 va_list ap;
7c006408 298 char buf[240];
b2a56f7c 299 uint32_t class;
2fe58dfd
SE		 300
301 va_start(ap,msg);
302
303 if (event&st->log_events) {
b2a56f7c
SE		 304 switch(event) {
305 case LOG_UNEXPECTED: class=M_INFO; break;
306 case LOG_SETUP_INIT: class=M_INFO; break;
307 case LOG_SETUP_TIMEOUT: class=M_NOTICE; break;
308 case LOG_ACTIVATE_KEY: class=M_INFO; break;
309 case LOG_TIMEOUT_KEY: class=M_INFO; break;
310 case LOG_SEC: class=M_SECURITY; break;
311 case LOG_STATE: class=M_DEBUG; break;
312 case LOG_DROP: class=M_DEBUG; break;
313 case LOG_DUMP: class=M_DEBUG; break;
469fd1d9 314 case LOG_ERROR: class=M_ERR; break;
446353cd 315 case LOG_PEER_ADDRS: class=M_DEBUG; break;
469fd1d9 316 default: class=M_ERR; break;
b2a56f7c
SE		 317 }
318
c1d2109a 319 vsnprintf(buf,sizeof(buf),msg,ap);
b2a56f7c 320 st->log->log(st->log->st,class,"%s: %s",st->tunname,buf);
2fe58dfd
SE		 321 }
322 va_end(ap);
323}
324
9d3a4132 325static void set_link_quality(struct site *st);
1d388569
IJ		 326static void delete_keys(struct site *st, cstring_t reason, uint32_t loglevel);
327static void delete_one_key(struct site *st, struct data_key *key,
328 const char *reason /* may be 0 meaning don't log*/,
329 const char *which /* ignored if !reasonn */,
330 uint32_t loglevel /* ignored if !reasonn */);
fe5e9cc4 331static bool_t initiate_key_setup(struct site *st, cstring_t reason);
2fe58dfd
SE		 332static void enter_state_run(struct site *st);
333static bool_t enter_state_resolve(struct site *st);
ff05a229 334static bool_t enter_new_state(struct site *st,uint32_t next);
2fe58dfd 335static void enter_state_wait(struct site *st);
05f39b4d 336static void activate_new_key(struct site *st);
2fe58dfd 337
3d8d8f4e
IJ		 338static bool_t current_valid(struct site *st)
339{
19e9a588 340 return st->current.transform->valid(st->current.transform->st);
3d8d8f4e
IJ		 341}
342
2fe58dfd
SE		 343#define CHECK_AVAIL(b,l) do { if ((b)->size<(l)) return False; } while(0)
344#define CHECK_EMPTY(b) do { if ((b)->size!=0) return False; } while(0)
345#define CHECK_TYPE(b,t) do { uint32_t type; \
346 CHECK_AVAIL((b),4); \
59635212 347 type=buf_unprepend_uint32((b)); \
2fe58dfd
SE		 348 if (type!=(t)) return False; } while(0)
349
1737eeef
IJ		 350struct parsedname {
351 int32_t len;
352 uint8_t *name;
353 int32_t extrainfo_len;
354 uint8_t *extrainfo;
355};
356
2fe58dfd
SE		 357struct msg {
358 uint8_t *hashstart;
359 uint32_t dest;
360 uint32_t source;
1737eeef
IJ		 361 struct parsedname remote;
362 struct parsedname local;
2fe58dfd
SE		 363 uint8_t *nR;
364 uint8_t *nL;
1caa23ff 365 int32_t pklen;
3e8addad 366 char *pk;
1caa23ff
IJ		 367 int32_t hashlen;
368 int32_t siglen;
3e8addad 369 char *sig;
2fe58dfd
SE		 370};
371
ff05a229
SE		 372/* Build any of msg1 to msg4. msg5 and msg6 are built from the inside
373 out using a transform of config data supplied by netlink */
fe5e9cc4 374static bool_t generate_msg(struct site *st, uint32_t type, cstring_t what)
2fe58dfd
SE		 375{
376 void *hst;
3b83c932 377 uint8_t *hash;
2fe58dfd
SE		 378 string_t dhpub, sig;
379
380 st->retries=st->setup_retries;
381 BUF_ALLOC(&st->buffer,what);
382 buffer_init(&st->buffer,0);
59635212
SE		 383 buf_append_uint32(&st->buffer,
384 (type==LABEL_MSG1?0:st->setup_session_id));
58650a70 385 buf_append_uint32(&st->buffer,st->index);
59635212 386 buf_append_uint32(&st->buffer,type);
2fe58dfd
SE		 387 buf_append_string(&st->buffer,st->localname);
388 buf_append_string(&st->buffer,st->remotename);
389 memcpy(buf_append(&st->buffer,NONCELEN),st->localN,NONCELEN);
390 if (type==LABEL_MSG1) return True;
391 memcpy(buf_append(&st->buffer,NONCELEN),st->remoteN,NONCELEN);
392 if (type==LABEL_MSG2) return True;
3b83c932
SE		 393
394 if (hacky_par_mid_failnow()) return False;
395
2fe58dfd
SE		 396 dhpub=st->dh->makepublic(st->dh->st,st->dhsecret,st->dh->len);
397 buf_append_string(&st->buffer,dhpub);
398 free(dhpub);
3b83c932 399 hash=safe_malloc(st->hash->len, "generate_msg");
2fe58dfd
SE		 400 hst=st->hash->init();
401 st->hash->update(hst,st->buffer.start,st->buffer.size);
402 st->hash->final(hst,hash);
403 sig=st->privkey->sign(st->privkey->st,hash,st->hash->len);
404 buf_append_string(&st->buffer,sig);
405 free(sig);
3b83c932 406 free(hash);
2fe58dfd
SE		 407 return True;
408}
409
1737eeef
IJ		 410static bool_t unpick_name(struct buffer_if *msg, struct parsedname *nm)
411{
412 CHECK_AVAIL(msg,2);
413 nm->len=buf_unprepend_uint16(msg);
414 CHECK_AVAIL(msg,nm->len);
415 nm->name=buf_unprepend(msg,nm->len);
416 uint8_t *nul=memchr(nm->name,0,nm->len);
417 if (!nul) {
418 nm->extrainfo_len=0;
419 nm->extrainfo=0;
420 } else {
421 nm->extrainfo=nul+1;
422 nm->extrainfo_len=msg->start-nm->extrainfo;
423 nm->len=nul-nm->name;
424 }
425 return True;
426}
427
2fe58dfd
SE		 428static bool_t unpick_msg(struct site *st, uint32_t type,
429 struct buffer_if *msg, struct msg *m)
430{
431 m->hashstart=msg->start;
432 CHECK_AVAIL(msg,4);
59635212 433 m->dest=buf_unprepend_uint32(msg);
2fe58dfd 434 CHECK_AVAIL(msg,4);
59635212 435 m->source=buf_unprepend_uint32(msg);
2fe58dfd 436 CHECK_TYPE(msg,type);
1737eeef
IJ		 437 if (!unpick_name(msg,&m->remote)) return False;
438 if (!unpick_name(msg,&m->local)) return False;
2fe58dfd
SE		 439 CHECK_AVAIL(msg,NONCELEN);
440 m->nR=buf_unprepend(msg,NONCELEN);
441 if (type==LABEL_MSG1) {
442 CHECK_EMPTY(msg);
443 return True;
444 }
445 CHECK_AVAIL(msg,NONCELEN);
446 m->nL=buf_unprepend(msg,NONCELEN);
447 if (type==LABEL_MSG2) {
448 CHECK_EMPTY(msg);
449 return True;
450 }
451 CHECK_AVAIL(msg,2);
59635212 452 m->pklen=buf_unprepend_uint16(msg);
2fe58dfd
SE		 453 CHECK_AVAIL(msg,m->pklen);
454 m->pk=buf_unprepend(msg,m->pklen);
455 m->hashlen=msg->start-m->hashstart;
456 CHECK_AVAIL(msg,2);
59635212 457 m->siglen=buf_unprepend_uint16(msg);
2fe58dfd
SE		 458 CHECK_AVAIL(msg,m->siglen);
459 m->sig=buf_unprepend(msg,m->siglen);
460 CHECK_EMPTY(msg);
461 return True;
462}
463
1737eeef
IJ		 464static bool_t name_matches(const struct parsedname *nm, const char *expected)
465{
466 int expected_len=strlen(expected);
467 return
468 nm->len == expected_len &&
469 !memcmp(nm->name, expected, expected_len);
470}
471
ff05a229 472static bool_t check_msg(struct site *st, uint32_t type, struct msg *m,
fe5e9cc4 473 cstring_t *error)
ff05a229
SE		 474{
475 if (type==LABEL_MSG1) return True;
476
477 /* Check that the site names and our nonce have been sent
478 back correctly, and then store our peer's nonce. */
1737eeef 479 if (!name_matches(&m->remote,st->remotename)) {
ff05a229
SE		 480 *error="wrong remote site name";
481 return False;
482 }
1737eeef 483 if (!name_matches(&m->local,st->localname)) {
ff05a229
SE		 484 *error="wrong local site name";
485 return False;
486 }
487 if (memcmp(m->nL,st->localN,NONCELEN)!=0) {
488 *error="wrong locally-generated nonce";
489 return False;
490 }
491 if (type==LABEL_MSG2) return True;
5ad34db2 492 if (!consttime_memeq(m->nR,st->remoteN,NONCELEN)!=0) {
ff05a229
SE		 493 *error="wrong remotely-generated nonce";
494 return False;
495 }
496 if (type==LABEL_MSG3) return True;
497 if (type==LABEL_MSG4) return True;
498 *error="unknown message type";
499 return False;
500}
501
2fe58dfd
SE		 502static bool_t generate_msg1(struct site *st)
503{
504 st->random->generate(st->random->st,NONCELEN,st->localN);
505 return generate_msg(st,LABEL_MSG1,"site:MSG1");
506}
507
508static bool_t process_msg1(struct site *st, struct buffer_if *msg1,
a15faeb2 509 const struct comm_addr *src)
2fe58dfd
SE		 510{
511 struct msg m;
512
513 /* We've already determined we're in an appropriate state to
514 process an incoming MSG1, and that the MSG1 has correct values
515 of A and B. */
516
517 if (!unpick_msg(st,LABEL_MSG1,msg1,&m)) return False;
518
446353cd 519 transport_record_peer(st,&st->setup_peers,src,"msg1");
2fe58dfd
SE		 520 st->setup_session_id=m.source;
521 memcpy(st->remoteN,m.nR,NONCELEN);
522 return True;
523}
524
525static bool_t generate_msg2(struct site *st)
526{
527 st->random->generate(st->random->st,NONCELEN,st->localN);
528 return generate_msg(st,LABEL_MSG2,"site:MSG2");
529}
530
531static bool_t process_msg2(struct site *st, struct buffer_if *msg2,
a15faeb2 532 const struct comm_addr *src)
2fe58dfd
SE		 533{
534 struct msg m;
fe5e9cc4 535 cstring_t err;
2fe58dfd
SE		 536
537 if (!unpick_msg(st,LABEL_MSG2,msg2,&m)) return False;
ff05a229
SE		 538 if (!check_msg(st,LABEL_MSG2,&m,&err)) {
539 slog(st,LOG_SEC,"msg2: %s",err);
2fe58dfd
SE		 540 return False;
541 }
542 st->setup_session_id=m.source;
543 memcpy(st->remoteN,m.nR,NONCELEN);
544 return True;
545}
546
547static bool_t generate_msg3(struct site *st)
548{
549 /* Now we have our nonce and their nonce. Think of a secret key,
550 and create message number 3. */
551 st->random->generate(st->random->st,st->dh->len,st->dhsecret);
552 return generate_msg(st,LABEL_MSG3,"site:MSG3");
553}
554
555static bool_t process_msg3(struct site *st, struct buffer_if *msg3,
a15faeb2 556 const struct comm_addr *src)
2fe58dfd
SE		 557{
558 struct msg m;
3b83c932 559 uint8_t *hash;
2fe58dfd 560 void *hst;
fe5e9cc4 561 cstring_t err;
2fe58dfd
SE		 562
563 if (!unpick_msg(st,LABEL_MSG3,msg3,&m)) return False;
ff05a229
SE		 564 if (!check_msg(st,LABEL_MSG3,&m,&err)) {
565 slog(st,LOG_SEC,"msg3: %s",err);
2fe58dfd
SE		 566 return False;
567 }
ff05a229 568
2fe58dfd 569 /* Check signature and store g^x mod m */
3b83c932 570 hash=safe_malloc(st->hash->len, "process_msg3");
2fe58dfd
SE		 571 hst=st->hash->init();
572 st->hash->update(hst,m.hashstart,m.hashlen);
573 st->hash->final(hst,hash);
574 /* Terminate signature with a '0' - cheating, but should be ok */
575 m.sig[m.siglen]=0;
576 if (!st->pubkey->check(st->pubkey->st,hash,st->hash->len,m.sig)) {
59635212 577 slog(st,LOG_SEC,"msg3 signature failed check!");
3b83c932 578 free(hash);
2fe58dfd
SE		 579 return False;
580 }
3b83c932 581 free(hash);
2fe58dfd
SE		 582
583 /* Terminate their DH public key with a '0' */
584 m.pk[m.pklen]=0;
585 /* Invent our DH secret key */
586 st->random->generate(st->random->st,st->dh->len,st->dhsecret);
587
588 /* Generate the shared key */
589 st->dh->makeshared(st->dh->st,st->dhsecret,st->dh->len,m.pk,
7c9ca4bd 590 st->sharedsecret,st->sharedsecretlen);
2fe58dfd
SE		 591
592 /* Set up the transform */
593 st->new_transform->setkey(st->new_transform->st,st->sharedsecret,
0118121a 594 st->sharedsecretlen,st->setup_priority);
2fe58dfd
SE		 595
596 return True;
597}
598
599static bool_t generate_msg4(struct site *st)
600{
601 /* We have both nonces, their public key and our private key. Generate
602 our public key, sign it and send it to them. */
603 return generate_msg(st,LABEL_MSG4,"site:MSG4");
604}
605
606static bool_t process_msg4(struct site *st, struct buffer_if *msg4,
a15faeb2 607 const struct comm_addr *src)
2fe58dfd
SE		 608{
609 struct msg m;
3b83c932 610 uint8_t *hash;
2fe58dfd 611 void *hst;
fe5e9cc4 612 cstring_t err;
2fe58dfd
SE		 613
614 if (!unpick_msg(st,LABEL_MSG4,msg4,&m)) return False;
ff05a229
SE		 615 if (!check_msg(st,LABEL_MSG4,&m,&err)) {
616 slog(st,LOG_SEC,"msg4: %s",err);
2fe58dfd
SE		 617 return False;
618 }
619
620 /* Check signature and store g^x mod m */
3b83c932 621 hash=safe_malloc(st->hash->len, "process_msg4");
2fe58dfd
SE		 622 hst=st->hash->init();
623 st->hash->update(hst,m.hashstart,m.hashlen);
624 st->hash->final(hst,hash);
625 /* Terminate signature with a '0' - cheating, but should be ok */
626 m.sig[m.siglen]=0;
627 if (!st->pubkey->check(st->pubkey->st,hash,st->hash->len,m.sig)) {
59635212 628 slog(st,LOG_SEC,"msg4 signature failed check!");
3b83c932 629 free(hash);
2fe58dfd
SE		 630 return False;
631 }
3b83c932 632 free(hash);
2fe58dfd
SE		 633
634 /* Terminate their DH public key with a '0' */
635 m.pk[m.pklen]=0;
636 /* Generate the shared key */
637 st->dh->makeshared(st->dh->st,st->dhsecret,st->dh->len,m.pk,
7c9ca4bd 638 st->sharedsecret,st->sharedsecretlen);
2fe58dfd
SE		 639 /* Set up the transform */
640 st->new_transform->setkey(st->new_transform->st,st->sharedsecret,
0118121a 641 st->sharedsecretlen,st->setup_priority);
2fe58dfd
SE		 642
643 return True;
644}
645
2fe58dfd
SE		 646struct msg0 {
647 uint32_t dest;
648 uint32_t source;
649 uint32_t type;
650};
651
652static bool_t unpick_msg0(struct site *st, struct buffer_if *msg0,
653 struct msg0 *m)
654{
655 CHECK_AVAIL(msg0,4);
59635212 656 m->dest=buf_unprepend_uint32(msg0);
2fe58dfd 657 CHECK_AVAIL(msg0,4);
59635212 658 m->source=buf_unprepend_uint32(msg0);
2fe58dfd 659 CHECK_AVAIL(msg0,4);
59635212 660 m->type=buf_unprepend_uint32(msg0);
2fe58dfd
SE		 661 return True;
662 /* Leaves transformed part of buffer untouched */
663}
664
ff05a229
SE		 665static bool_t generate_msg5(struct site *st)
666{
fe5e9cc4 667 cstring_t transform_err;
ff05a229
SE		 668
669 BUF_ALLOC(&st->buffer,"site:MSG5");
670 /* We are going to add four words to the message */
671 buffer_init(&st->buffer,st->transform->max_start_pad+(4*4));
672 /* Give the netlink code an opportunity to put its own stuff in the
673 message (configuration information, etc.) */
ff05a229
SE		 674 buf_prepend_uint32(&st->buffer,LABEL_MSG5);
675 st->new_transform->forwards(st->new_transform->st,&st->buffer,
676 &transform_err);
677 buf_prepend_uint32(&st->buffer,LABEL_MSG5);
58650a70 678 buf_prepend_uint32(&st->buffer,st->index);
ff05a229
SE		 679 buf_prepend_uint32(&st->buffer,st->setup_session_id);
680
681 st->retries=st->setup_retries;
682 return True;
683}
684
2fe58dfd 685static bool_t process_msg5(struct site *st, struct buffer_if *msg5,
c90cc2a7
IJ		 686 const struct comm_addr *src,
687 struct transform_inst_if *transform)
2fe58dfd
SE		 688{
689 struct msg0 m;
fe5e9cc4 690 cstring_t transform_err;
2fe58dfd
SE		 691
692 if (!unpick_msg0(st,msg5,&m)) return False;
693
c90cc2a7 694 if (transform->reverse(transform->st,msg5,&transform_err)) {
2fe58dfd 695 /* There's a problem */
59635212 696 slog(st,LOG_SEC,"process_msg5: transform: %s",transform_err);
2fe58dfd
SE		 697 return False;
698 }
699 /* Buffer should now contain untransformed PING packet data */
700 CHECK_AVAIL(msg5,4);
59635212 701 if (buf_unprepend_uint32(msg5)!=LABEL_MSG5) {
ff05a229 702 slog(st,LOG_SEC,"MSG5/PING packet contained wrong label");
2fe58dfd
SE		 703 return False;
704 }
ff7cdc9e
IJ		 705 /* Older versions of secnet used to write some config data here
706 * which we ignore. So we don't CHECK_EMPTY */
2fe58dfd
SE		 707 return True;
708}
709
c90cc2a7
IJ		 710static void create_msg6(struct site *st, struct transform_inst_if *transform,
711 uint32_t session_id)
2fe58dfd 712{
fe5e9cc4 713 cstring_t transform_err;
2fe58dfd
SE		 714
715 BUF_ALLOC(&st->buffer,"site:MSG6");
ff05a229
SE		 716 /* We are going to add four words to the message */
717 buffer_init(&st->buffer,st->transform->max_start_pad+(4*4));
794f2398
SE		 718 /* Give the netlink code an opportunity to put its own stuff in the
719 message (configuration information, etc.) */
ff05a229 720 buf_prepend_uint32(&st->buffer,LABEL_MSG6);
c90cc2a7 721 transform->forwards(transform->st,&st->buffer,&transform_err);
59635212 722 buf_prepend_uint32(&st->buffer,LABEL_MSG6);
58650a70 723 buf_prepend_uint32(&st->buffer,st->index);
c90cc2a7
IJ		 724 buf_prepend_uint32(&st->buffer,session_id);
725}
2fe58dfd 726
c90cc2a7
IJ		 727static bool_t generate_msg6(struct site *st)
728{
729 create_msg6(st,st->new_transform,st->setup_session_id);
ff05a229 730 st->retries=1; /* Peer will retransmit MSG5 if this packet gets lost */
2fe58dfd
SE		 731 return True;
732}
733
734static bool_t process_msg6(struct site *st, struct buffer_if *msg6,
a15faeb2 735 const struct comm_addr *src)
2fe58dfd
SE		 736{
737 struct msg0 m;
fe5e9cc4 738 cstring_t transform_err;
2fe58dfd
SE		 739
740 if (!unpick_msg0(st,msg6,&m)) return False;
741
742 if (st->new_transform->reverse(st->new_transform->st,
743 msg6,&transform_err)) {
744 /* There's a problem */
59635212 745 slog(st,LOG_SEC,"process_msg6: transform: %s",transform_err);
2fe58dfd
SE		 746 return False;
747 }
748 /* Buffer should now contain untransformed PING packet data */
749 CHECK_AVAIL(msg6,4);
59635212
SE		 750 if (buf_unprepend_uint32(msg6)!=LABEL_MSG6) {
751 slog(st,LOG_SEC,"MSG6/PONG packet contained invalid data");
2fe58dfd
SE		 752 return False;
753 }
ff7cdc9e
IJ		 754 /* Older versions of secnet used to write some config data here
755 * which we ignore. So we don't CHECK_EMPTY */
2fe58dfd
SE		 756 return True;
757}
758
48b97423
IJ		 759static bool_t decrypt_msg0(struct site *st, struct buffer_if *msg0,
760 const struct comm_addr *src)
2fe58dfd 761{
02b0959b 762 cstring_t transform_err, auxkey_err, newkey_err="n/a";
065e1922
IJ		 763 struct msg0 m;
764 uint32_t problem;
2fe58dfd 765
2fe58dfd
SE		 766 if (!unpick_msg0(st,msg0,&m)) return False;
767
05f39b4d
IJ		 768 /* Keep a copy so we can try decrypting it with multiple keys */
769 buffer_copy(&st->scratch, msg0);
770
19e9a588 771 problem = st->current.transform->reverse(st->current.transform->st,
065e1922 772 msg0,&transform_err);
02b0959b 773 if (!problem) {
bd98cd6b
IJ		 774 if (!st->auxiliary_is_new)
775 delete_one_key(st,&st->auxiliary_key,
776 "peer has used new key","auxiliary key",LOG_SEC);
02b0959b
IJ		 777 return True;
778 }
48b97423
IJ		 779 if (problem==2)
780 goto skew;
07e4774c 781
02b0959b
IJ		 782 buffer_copy(msg0, &st->scratch);
783 problem = st->auxiliary_key.transform->reverse
784 (st->auxiliary_key.transform->st,msg0,&auxkey_err);
785 if (problem==0) {
786 slog(st,LOG_DROP,"processing packet which uses auxiliary key");
bd98cd6b
IJ		 787 if (st->auxiliary_is_new) {
788 /* We previously timed out in state SENTMSG5 but it turns
789 * out that our peer did in fact get our MSG5 and is
790 * using the new key. So we should switch to it too. */
791 /* This is a bit like activate_new_key. */
792 struct data_key t;
793 t=st->current;
794 st->current=st->auxiliary_key;
795 st->auxiliary_key=t;
796
797 delete_one_key(st,&st->auxiliary_key,"peer has used new key",
798 "previous key",LOG_SEC);
799 st->auxiliary_is_new=0;
800 st->renegotiate_key_time=st->auxiliary_renegotiate_key_time;
801 }
02b0959b
IJ		 802 return True;
803 }
48b97423
IJ		 804 if (problem==2)
805 goto skew;
02b0959b 806
05f39b4d
IJ		 807 if (st->state==SITE_SENTMSG5) {
808 buffer_copy(msg0, &st->scratch);
48b97423
IJ		 809 problem = st->new_transform->reverse(st->new_transform->st,
810 msg0,&newkey_err);
811 if (!problem) {
05f39b4d
IJ		 812 /* It looks like we didn't get the peer's MSG6 */
813 /* This is like a cut-down enter_new_state(SITE_RUN) */
814 slog(st,LOG_STATE,"will enter state RUN (MSG0 with new key)");
815 BUF_FREE(&st->buffer);
816 st->timeout=0;
817 activate_new_key(st);
818 return True; /* do process the data in this packet */
819 }
48b97423
IJ		 820 if (problem==2)
821 goto skew;
05f39b4d
IJ		 822 }
823
02b0959b
IJ		 824 slog(st,LOG_SEC,"transform: %s (aux: %s, new: %s)",
825 transform_err,auxkey_err,newkey_err);
065e1922 826 initiate_key_setup(st,"incoming message would not decrypt");
48b97423
IJ		 827 send_nak(src,m.dest,m.source,m.type,msg0,"message would not decrypt");
828 return False;
829
830 skew:
831 slog(st,LOG_DROP,"transform: %s (merely skew)",transform_err);
065e1922
IJ		 832 return False;
833}
834
835static bool_t process_msg0(struct site *st, struct buffer_if *msg0,
836 const struct comm_addr *src)
837{
838 uint32_t type;
839
48b97423 840 if (!decrypt_msg0(st,msg0,src))
065e1922
IJ		 841 return False;
842
2fe58dfd 843 CHECK_AVAIL(msg0,4);
59635212 844 type=buf_unprepend_uint32(msg0);
2fe58dfd 845 switch(type) {
794f2398
SE		 846 case LABEL_MSG7:
847 /* We must forget about the current session. */
1d388569 848 delete_keys(st,"request from peer",LOG_SEC);
794f2398 849 return True;
2fe58dfd
SE		 850 case LABEL_MSG9:
851 /* Deliver to netlink layer */
469fd1d9 852 st->netlink->deliver(st->netlink->st,msg0);
446353cd 853 transport_data_msgok(st,src);
837cf01e
IJ		 854 /* See whether we should start negotiating a new key */
855 if (st->now > st->renegotiate_key_time)
856 initiate_key_setup(st,"incoming packet in renegotiation window");
2fe58dfd 857 return True;
2fe58dfd 858 default:
ff05a229
SE		 859 slog(st,LOG_SEC,"incoming encrypted message of type %08x "
860 "(unknown)",type);
2fe58dfd
SE		 861 break;
862 }
863 return False;
864}
865
866static void dump_packet(struct site *st, struct buffer_if *buf,
a15faeb2 867 const struct comm_addr *addr, bool_t incoming)
2fe58dfd 868{
59635212
SE		 869 uint32_t dest=ntohl(*(uint32_t *)buf->start);
870 uint32_t source=ntohl(*(uint32_t *)(buf->start+4));
871 uint32_t msgtype=ntohl(*(uint32_t *)(buf->start+8));
2fe58dfd
SE		 872
873 if (st->log_events & LOG_DUMP)
040ee979
SE		 874 slilog(st->log,M_DEBUG,"%s: %s: %08x<-%08x: %08x:",
875 st->tunname,incoming?"incoming":"outgoing",
876 dest,source,msgtype);
2fe58dfd
SE		 877}
878
879static uint32_t site_status(void *st)
880{
881 return 0;
882}
883
884static bool_t send_msg(struct site *st)
885{
886 if (st->retries>0) {
446353cd 887 transport_xmit(st, &st->setup_peers, &st->buffer, True);
e7f8ec2a 888 st->timeout=st->now+st->setup_retry_interval;
2fe58dfd
SE		 889 st->retries--;
890 return True;
bd98cd6b
IJ		 891 } else if (st->state==SITE_SENTMSG5) {
892 slog(st,LOG_SETUP_TIMEOUT,"timed out sending MSG5, stashing new key");
893 /* We stash the key we have produced, in case it turns out that
894 * our peer did see our MSG5 after all and starts using it. */
895 /* This is a bit like some of activate_new_key */
896 struct transform_inst_if *t;
897 t=st->auxiliary_key.transform;
898 st->auxiliary_key.transform=st->new_transform;
899 st->new_transform=t;
900
901 t->delkey(t->st);
902 st->auxiliary_is_new=1;
903 st->auxiliary_key.key_timeout=st->now+st->key_lifetime;
904 st->auxiliary_renegotiate_key_time=st->now+st->key_renegotiate_time;
905 st->auxiliary_key.remote_session_id=st->setup_session_id;
906
907 enter_state_wait(st);
908 return False;
2fe58dfd 909 } else {
3454dce4
SE		 910 slog(st,LOG_SETUP_TIMEOUT,"timed out sending key setup packet "
911 "(in state %s)",state_name(st->state));
2fe58dfd
SE		 912 enter_state_wait(st);
913 return False;
914 }
915}
916
917static void site_resolve_callback(void *sst, struct in_addr *address)
918{
919 struct site *st=sst;
446353cd 920 struct comm_addr ca_buf, *ca_use;
2fe58dfd
SE		 921
922 if (st->state!=SITE_RESOLVE) {
923 slog(st,LOG_UNEXPECTED,"site_resolve_callback called unexpectedly");
924 return;
925 }
926 if (address) {
446353cd 927 FILLZERO(ca_buf);
59533c16 928 ca_buf.comm=st->comms[0];
446353cd
IJ		 929 ca_buf.sin.sin_family=AF_INET;
930 ca_buf.sin.sin_port=htons(st->remoteport);
931 ca_buf.sin.sin_addr=*address;
932 ca_use=&ca_buf;
2fe58dfd 933 } else {
2fe58dfd 934 slog(st,LOG_ERROR,"resolution of %s failed",st->address);
446353cd
IJ		 935 ca_use=0;
936 }
937 if (transport_compute_setupinit_peers(st,ca_use)) {
938 enter_new_state(st,SITE_SENTMSG1);
939 } else {
940 /* Can't figure out who to try to to talk to */
941 slog(st,LOG_SETUP_INIT,"key exchange failed: cannot find peer address");
2fe58dfd
SE		 942 enter_state_run(st);
943 }
944}
945
fe5e9cc4 946static bool_t initiate_key_setup(struct site *st, cstring_t reason)
9d3a4132
SE		 947{
948 if (st->state!=SITE_RUN) return False;
794f2398 949 slog(st,LOG_SETUP_INIT,"initiating key exchange (%s)",reason);
9d3a4132 950 if (st->address) {
794f2398 951 slog(st,LOG_SETUP_INIT,"resolving peer address");
9d3a4132 952 return enter_state_resolve(st);
446353cd 953 } else if (transport_compute_setupinit_peers(st,0)) {
ff05a229 954 return enter_new_state(st,SITE_SENTMSG1);
9d3a4132 955 }
ff05a229 956 slog(st,LOG_SETUP_INIT,"key exchange failed: no address for peer");
9d3a4132
SE		 957 return False;
958}
959
2fe58dfd
SE		 960static void activate_new_key(struct site *st)
961{
962 struct transform_inst_if *t;
963
02b0959b
IJ		 964 /* We have three transform instances, which we swap between old,
965 active and setup */
966 t=st->auxiliary_key.transform;
967 st->auxiliary_key.transform=st->current.transform;
19e9a588 968 st->current.transform=st->new_transform;
2fe58dfd
SE		 969 st->new_transform=t;
970
971 t->delkey(t->st);
2fe58dfd 972 st->timeout=0;
bd98cd6b 973 st->auxiliary_is_new=0;
02b0959b 974 st->auxiliary_key.key_timeout=st->current.key_timeout;
19e9a588 975 st->current.key_timeout=st->now+st->key_lifetime;
ff05a229 976 st->renegotiate_key_time=st->now+st->key_renegotiate_time;
446353cd 977 transport_peers_copy(st,&st->peers,&st->setup_peers);
19e9a588 978 st->current.remote_session_id=st->setup_session_id;
2fe58dfd
SE		 979
980 slog(st,LOG_ACTIVATE_KEY,"new key activated");
9d3a4132 981 enter_state_run(st);
2fe58dfd
SE		 982}
983
1d388569
IJ		 984static void delete_one_key(struct site *st, struct data_key *key,
985 cstring_t reason, cstring_t which, uint32_t loglevel)
986{
987 if (!key->transform->valid(key->transform->st)) return;
988 if (reason) slog(st,loglevel,"%s deleted (%s)",which,reason);
989 key->transform->delkey(key->transform->st);
990 key->key_timeout=0;
991}
992
993static void delete_keys(struct site *st, cstring_t reason, uint32_t loglevel)
794f2398 994{
3d8d8f4e 995 if (current_valid(st)) {
794f2398
SE		 996 slog(st,loglevel,"session closed (%s)",reason);
997
1d388569 998 delete_one_key(st,&st->current,0,0,0);
794f2398
SE		 999 set_link_quality(st);
1000 }
02b0959b 1001 delete_one_key(st,&st->auxiliary_key,0,0,0);
794f2398
SE		 1002}
1003
2fe58dfd
SE		 1004static void state_assert(struct site *st, bool_t ok)
1005{
4f5e39ec 1006 if (!ok) fatal("site:state_assert");
2fe58dfd
SE		 1007}
1008
1009static void enter_state_stop(struct site *st)
1010{
1011 st->state=SITE_STOP;
1012 st->timeout=0;
1d388569 1013 delete_keys(st,"entering state STOP",LOG_TIMEOUT_KEY);
2fe58dfd
SE		 1014 st->new_transform->delkey(st->new_transform->st);
1015}
1016
9d3a4132
SE		 1017static void set_link_quality(struct site *st)
1018{
1019 uint32_t quality;
3d8d8f4e 1020 if (current_valid(st))
9d3a4132
SE		 1021 quality=LINK_QUALITY_UP;
1022 else if (st->state==SITE_WAIT || st->state==SITE_STOP)
1023 quality=LINK_QUALITY_DOWN;
1024 else if (st->address)
1025 quality=LINK_QUALITY_DOWN_CURRENT_ADDRESS;
446353cd 1026 else if (transport_peers_valid(&st->peers))
9d3a4132
SE		 1027 quality=LINK_QUALITY_DOWN_STALE_ADDRESS;
1028 else
1029 quality=LINK_QUALITY_DOWN;
1030
469fd1d9 1031 st->netlink->set_quality(st->netlink->st,quality);
9d3a4132
SE		 1032}
1033
2fe58dfd
SE		 1034static void enter_state_run(struct site *st)
1035{
1036 slog(st,LOG_STATE,"entering state RUN");
1037 st->state=SITE_RUN;
1038 st->timeout=0;
9d3a4132 1039
ff05a229 1040 st->setup_session_id=0;
446353cd 1041 transport_peers_clear(st,&st->setup_peers);
ff05a229
SE		 1042 memset(st->localN,0,NONCELEN);
1043 memset(st->remoteN,0,NONCELEN);
1044 st->new_transform->delkey(st->new_transform->st);
1045 memset(st->dhsecret,0,st->dh->len);
7c9ca4bd 1046 memset(st->sharedsecret,0,st->sharedsecretlen);
9d3a4132 1047 set_link_quality(st);
2fe58dfd
SE		 1048}
1049
1050static bool_t enter_state_resolve(struct site *st)
1051{
1052 state_assert(st,st->state==SITE_RUN);
1053 slog(st,LOG_STATE,"entering state RESOLVE");
1054 st->state=SITE_RESOLVE;
1055 st->resolver->request(st->resolver->st,st->address,
1056 site_resolve_callback,st);
1057 return True;
1058}
1059
ff05a229 1060static bool_t enter_new_state(struct site *st, uint32_t next)
2fe58dfd 1061{
ff05a229 1062 bool_t (*gen)(struct site *st);
3b83c932
SE		 1063 int r;
1064
ff05a229
SE		 1065 slog(st,LOG_STATE,"entering state %s",state_name(next));
1066 switch(next) {
1067 case SITE_SENTMSG1:
1068 state_assert(st,st->state==SITE_RUN || st->state==SITE_RESOLVE);
1069 gen=generate_msg1;
1070 break;
1071 case SITE_SENTMSG2:
1072 state_assert(st,st->state==SITE_RUN || st->state==SITE_RESOLVE ||
1073 st->state==SITE_SENTMSG1 || st->state==SITE_WAIT);
1074 gen=generate_msg2;
1075 break;
1076 case SITE_SENTMSG3:
1077 state_assert(st,st->state==SITE_SENTMSG1);
1078 BUF_FREE(&st->buffer);
1079 gen=generate_msg3;
1080 break;
1081 case SITE_SENTMSG4:
1082 state_assert(st,st->state==SITE_SENTMSG2);
1083 BUF_FREE(&st->buffer);
1084 gen=generate_msg4;
1085 break;
1086 case SITE_SENTMSG5:
1087 state_assert(st,st->state==SITE_SENTMSG3);
1088 BUF_FREE(&st->buffer);
1089 gen=generate_msg5;
1090 break;
1091 case SITE_RUN:
1092 state_assert(st,st->state==SITE_SENTMSG4);
1093 BUF_FREE(&st->buffer);
1094 gen=generate_msg6;
1095 break;
1096 default:
1097 gen=NULL;
4f5e39ec 1098 fatal("enter_new_state(%s): invalid new state",state_name(next));
ff05a229 1099 break;
2fe58dfd 1100 }
2fe58dfd 1101
3b83c932
SE		 1102 if (hacky_par_start_failnow()) return False;
1103
1104 r= gen(st) && send_msg(st);
1105
1106 hacky_par_end(&r,
e7f8ec2a 1107 st->setup_retries, st->setup_retry_interval,
3b83c932
SE		 1108 send_msg, st);
1109
1110 if (r) {
ff05a229
SE		 1111 st->state=next;
1112 if (next==SITE_RUN) {
1113 BUF_FREE(&st->buffer); /* Never reused */
1114 st->timeout=0; /* Never retransmit */
1115 activate_new_key(st);
1116 }
2fe58dfd
SE		 1117 return True;
1118 }
ff05a229
SE		 1119 slog(st,LOG_ERROR,"error entering state %s",state_name(next));
1120 st->buffer.free=False; /* Unconditionally use the buffer; it may be
1121 in either state, and enter_state_wait() will
1122 do a BUF_FREE() */
2fe58dfd
SE		 1123 enter_state_wait(st);
1124 return False;
1125}
1126
ff05a229 1127/* msg7 tells our peer that we're about to forget our key */
fe5e9cc4 1128static bool_t send_msg7(struct site *st, cstring_t reason)
794f2398 1129{
fe5e9cc4 1130 cstring_t transform_err;
794f2398 1131
3d8d8f4e 1132 if (current_valid(st) && st->buffer.free
446353cd 1133 && transport_peers_valid(&st->peers)) {
794f2398
SE		 1134 BUF_ALLOC(&st->buffer,"site:MSG7");
1135 buffer_init(&st->buffer,st->transform->max_start_pad+(4*3));
1136 buf_append_uint32(&st->buffer,LABEL_MSG7);
1137 buf_append_string(&st->buffer,reason);
19e9a588 1138 st->current.transform->forwards(st->current.transform->st,
794f2398
SE		 1139 &st->buffer, &transform_err);
1140 buf_prepend_uint32(&st->buffer,LABEL_MSG0);
58650a70 1141 buf_prepend_uint32(&st->buffer,st->index);
19e9a588 1142 buf_prepend_uint32(&st->buffer,st->current.remote_session_id);
446353cd 1143 transport_xmit(st,&st->peers,&st->buffer,True);
794f2398
SE		 1144 BUF_FREE(&st->buffer);
1145 return True;
1146 }
1147 return False;
1148}
1149
2fe58dfd
SE		 1150/* We go into this state if our peer becomes uncommunicative. Similar to
1151 the "stop" state, we forget all session keys for a while, before
1152 re-entering the "run" state. */
1153static void enter_state_wait(struct site *st)
1154{
1155 slog(st,LOG_STATE,"entering state WAIT");
1156 st->timeout=st->now+st->wait_timeout;
1157 st->state=SITE_WAIT;
9d3a4132 1158 set_link_quality(st);
2fe58dfd
SE		 1159 BUF_FREE(&st->buffer); /* will have had an outgoing packet in it */
1160 /* XXX Erase keys etc. */
1161}
1162
16f73fa6 1163static inline void site_settimeout(uint64_t timeout, int *timeout_io)
fe5e9cc4
SE		 1164{
1165 if (timeout) {
0009e60a
IJ		 1166 int64_t offset=timeout-*now;
1167 if (offset<0) offset=0;
fe5e9cc4
SE		 1168 if (offset>INT_MAX) offset=INT_MAX;
1169 if (*timeout_io<0 || offset<*timeout_io)
1170 *timeout_io=offset;
1171 }
1172}
1173
2fe58dfd 1174static int site_beforepoll(void *sst, struct pollfd *fds, int *nfds_io,
90a39563 1175 int *timeout_io)
2fe58dfd
SE		 1176{
1177 struct site *st=sst;
1178
1179 *nfds_io=0; /* We don't use any file descriptors */
1180 st->now=*now;
1181
1182 /* Work out when our next timeout is. The earlier of 'timeout' or
19e9a588 1183 'current.key_timeout'. A stored value of '0' indicates no timeout
2fe58dfd 1184 active. */
16f73fa6 1185 site_settimeout(st->timeout, timeout_io);
19e9a588 1186 site_settimeout(st->current.key_timeout, timeout_io);
02b0959b 1187 site_settimeout(st->auxiliary_key.key_timeout, timeout_io);
2fe58dfd
SE		 1188
1189 return 0; /* success */
1190}
1191
1d388569
IJ		 1192static void check_expiry(struct site *st, struct data_key *key,
1193 const char *which)
1194{
1195 if (key->key_timeout && *now>key->key_timeout) {
1196 delete_one_key(st,key,"maximum life exceeded",which,LOG_TIMEOUT_KEY);
1197 }
1198}
1199
2fe58dfd 1200/* NB site_afterpoll will be called before site_beforepoll is ever called */
90a39563 1201static void site_afterpoll(void *sst, struct pollfd *fds, int nfds)
2fe58dfd
SE		 1202{
1203 struct site *st=sst;
1204
1205 st->now=*now;
1206 if (st->timeout && *now>st->timeout) {
2fe58dfd 1207 st->timeout=0;
3b83c932
SE		 1208 if (st->state>=SITE_SENTMSG1 && st->state<=SITE_SENTMSG5) {
1209 if (!hacky_par_start_failnow())
1210 send_msg(st);
1211 } else if (st->state==SITE_WAIT) {
2fe58dfd
SE		 1212 enter_state_run(st);
1213 } else {
1214 slog(st,LOG_ERROR,"site_afterpoll: unexpected timeout, state=%d",
1215 st->state);
1216 }
1217 }
1d388569 1218 check_expiry(st,&st->current,"current key");
02b0959b 1219 check_expiry(st,&st->auxiliary_key,"auxiliary key");
2fe58dfd
SE		 1220}
1221
1222/* This function is called by the netlink device to deliver packets
1223 intended for the remote network. The packet is in "raw" wire
1224 format, but is guaranteed to be word-aligned. */
469fd1d9 1225static void site_outgoing(void *sst, struct buffer_if *buf)
2fe58dfd
SE		 1226{
1227 struct site *st=sst;
fe5e9cc4 1228 cstring_t transform_err;
2fe58dfd
SE		 1229
1230 if (st->state==SITE_STOP) {
1231 BUF_FREE(buf);
1232 return;
1233 }
1234
1235 /* In all other states we consider delivering the packet if we have
1236 a valid key and a valid address to send it to. */
3d8d8f4e 1237 if (current_valid(st) && transport_peers_valid(&st->peers)) {
2fe58dfd 1238 /* Transform it and send it */
70dc107b
SE		 1239 if (buf->size>0) {
1240 buf_prepend_uint32(buf,LABEL_MSG9);
19e9a588 1241 st->current.transform->forwards(st->current.transform->st,
70dc107b
SE		 1242 buf, &transform_err);
1243 buf_prepend_uint32(buf,LABEL_MSG0);
58650a70 1244 buf_prepend_uint32(buf,st->index);
19e9a588 1245 buf_prepend_uint32(buf,st->current.remote_session_id);
446353cd 1246 transport_xmit(st,&st->peers,buf,False);
70dc107b 1247 }
2fe58dfd
SE		 1248 BUF_FREE(buf);
1249 return;
1250 }
1251
70dc107b 1252 slog(st,LOG_DROP,"discarding outgoing packet of size %d",buf->size);
2fe58dfd 1253 BUF_FREE(buf);
794f2398 1254 initiate_key_setup(st,"outgoing packet");
2fe58dfd
SE		 1255}
1256
1257/* This function is called by the communication device to deliver
1258 packets from our peers. */
1259static bool_t site_incoming(void *sst, struct buffer_if *buf,
a15faeb2 1260 const struct comm_addr *source)
2fe58dfd
SE		 1261{
1262 struct site *st=sst;
20138876
IJ		 1263
1264 if (buf->size < 12) return False;
1265
59635212 1266 uint32_t dest=ntohl(*(uint32_t *)buf->start);
2fe58dfd
SE		 1267
1268 if (dest==0) {
2fe58dfd
SE		 1269 /* It could be for any site - it should have LABEL_MSG1 and
1270 might have our name and our peer's name in it */
ff05a229 1271 if (buf->size<(st->setupsiglen+8+NONCELEN)) return False;
2fe58dfd 1272 if (memcmp(buf->start+8,st->setupsig,st->setupsiglen)==0) {
2fe58dfd 1273 /* It's addressed to us. Decide what to do about it. */
ff05a229 1274 dump_packet(st,buf,source,True);
2fe58dfd
SE		 1275 if (st->state==SITE_RUN || st->state==SITE_RESOLVE ||
1276 st->state==SITE_WAIT) {
1277 /* We should definitely process it */
1278 if (process_msg1(st,buf,source)) {
1279 slog(st,LOG_SETUP_INIT,"key setup initiated by peer");
ff05a229 1280 enter_new_state(st,SITE_SENTMSG2);
2fe58dfd
SE		 1281 } else {
1282 slog(st,LOG_ERROR,"failed to process incoming msg1");
1283 }
1284 BUF_FREE(buf);
1285 return True;
ff05a229 1286 } else if (st->state==SITE_SENTMSG1) {
2fe58dfd
SE		 1287 /* We've just sent a message 1! They may have crossed on
1288 the wire. If we have priority then we ignore the
1289 incoming one, otherwise we process it as usual. */
1290 if (st->setup_priority) {
1291 BUF_FREE(buf);
1292 slog(st,LOG_DUMP,"crossed msg1s; we are higher "
1293 "priority => ignore incoming msg1");
1294 return True;
1295 } else {
1296 slog(st,LOG_DUMP,"crossed msg1s; we are lower "
1297 "priority => use incoming msg1");
1298 if (process_msg1(st,buf,source)) {
1299 BUF_FREE(&st->buffer); /* Free our old message 1 */
ff05a229 1300 enter_new_state(st,SITE_SENTMSG2);
2fe58dfd
SE		 1301 } else {
1302 slog(st,LOG_ERROR,"failed to process an incoming "
1303 "crossed msg1 (we have low priority)");
1304 }
1305 BUF_FREE(buf);
1306 return True;
1307 }
1308 }
1309 /* The message 1 was received at an unexpected stage of the
1310 key setup. XXX POLICY - what do we do? */
1311 slog(st,LOG_UNEXPECTED,"unexpected incoming message 1");
1312 BUF_FREE(buf);
1313 return True;
1314 }
1315 return False; /* Not for us. */
1316 }
58650a70 1317 if (dest==st->index) {
2fe58dfd 1318 /* Explicitly addressed to us */
ff05a229 1319 uint32_t msgtype=ntohl(get_uint32(buf->start+8));
2fe58dfd
SE		 1320 if (msgtype!=LABEL_MSG0) dump_packet(st,buf,source,True);
1321 switch (msgtype) {
136740e6 1322 case LABEL_NAK:
794f2398
SE		 1323 /* If the source is our current peer then initiate a key setup,
1324 because our peer's forgotten the key */
19e9a588 1325 if (get_uint32(buf->start+4)==st->current.remote_session_id) {
794f2398
SE		 1326 initiate_key_setup(st,"received a NAK");
1327 } else {
1328 slog(st,LOG_SEC,"bad incoming NAK");
1329 }
1330 break;
2fe58dfd
SE		 1331 case LABEL_MSG0:
1332 process_msg0(st,buf,source);
1333 break;
1334 case LABEL_MSG1:
1335 /* Setup packet: should not have been explicitly addressed
1336 to us */
59635212 1337 slog(st,LOG_SEC,"incoming explicitly addressed msg1");
2fe58dfd
SE		 1338 break;
1339 case LABEL_MSG2:
1340 /* Setup packet: expected only in state SENTMSG1 */
1341 if (st->state!=SITE_SENTMSG1) {
1342 slog(st,LOG_UNEXPECTED,"unexpected MSG2");
446353cd
IJ		 1343 } else if (process_msg2(st,buf,source)) {
1344 transport_setup_msgok(st,source);
ff05a229 1345 enter_new_state(st,SITE_SENTMSG3);
446353cd 1346 } else {
59635212 1347 slog(st,LOG_SEC,"invalid MSG2");
2fe58dfd
SE		 1348 }
1349 break;
1350 case LABEL_MSG3:
1351 /* Setup packet: expected only in state SENTMSG2 */
1352 if (st->state!=SITE_SENTMSG2) {
1353 slog(st,LOG_UNEXPECTED,"unexpected MSG3");
446353cd
IJ		 1354 } else if (process_msg3(st,buf,source)) {
1355 transport_setup_msgok(st,source);
ff05a229 1356 enter_new_state(st,SITE_SENTMSG4);
446353cd 1357 } else {
59635212 1358 slog(st,LOG_SEC,"invalid MSG3");
2fe58dfd
SE		 1359 }
1360 break;
1361 case LABEL_MSG4:
1362 /* Setup packet: expected only in state SENTMSG3 */
1363 if (st->state!=SITE_SENTMSG3) {
1364 slog(st,LOG_UNEXPECTED,"unexpected MSG4");
446353cd
IJ		 1365 } else if (process_msg4(st,buf,source)) {
1366 transport_setup_msgok(st,source);
ff05a229 1367 enter_new_state(st,SITE_SENTMSG5);
446353cd 1368 } else {
59635212 1369 slog(st,LOG_SEC,"invalid MSG4");
2fe58dfd
SE		 1370 }
1371 break;
1372 case LABEL_MSG5:
4efd681a
SE		 1373 /* Setup packet: expected only in state SENTMSG4 */
1374 /* (may turn up in state RUN if our return MSG6 was lost
1375 and the new key has already been activated. In that
05f39b4d
IJ		 1376 case we discard it. The peer will realise that we
1377 are using the new key when they see our data packets.
1378 Until then the peer's data packets to us get discarded. */
c90cc2a7
IJ		 1379 if (st->state==SITE_SENTMSG4) {
1380 if (process_msg5(st,buf,source,st->new_transform)) {
1381 transport_setup_msgok(st,source);
1382 enter_new_state(st,SITE_RUN);
1383 } else {
1384 slog(st,LOG_SEC,"invalid MSG5");
1385 }
1386 } else if (st->state==SITE_RUN) {
19e9a588 1387 if (process_msg5(st,buf,source,st->current.transform)) {
c90cc2a7
IJ		 1388 slog(st,LOG_DROP,"got MSG5, retransmitting MSG6");
1389 transport_setup_msgok(st,source);
19e9a588
IJ		 1390 create_msg6(st,st->current.transform,
1391 st->current.remote_session_id);
c90cc2a7
IJ		 1392 transport_xmit(st,&st->peers,&st->buffer,True);
1393 BUF_FREE(&st->buffer);
1394 } else {
1395 slog(st,LOG_SEC,"invalid MSG5 (in state RUN)");
1396 }
2fe58dfd 1397 } else {
c90cc2a7 1398 slog(st,LOG_UNEXPECTED,"unexpected MSG5");
2fe58dfd
SE		 1399 }
1400 break;
1401 case LABEL_MSG6:
1402 /* Setup packet: expected only in state SENTMSG5 */
1403 if (st->state!=SITE_SENTMSG5) {
1404 slog(st,LOG_UNEXPECTED,"unexpected MSG6");
1405 } else if (process_msg6(st,buf,source)) {
1406 BUF_FREE(&st->buffer); /* Free message 5 */
446353cd 1407 transport_setup_msgok(st,source);
2fe58dfd
SE		 1408 activate_new_key(st);
1409 } else {
59635212 1410 slog(st,LOG_SEC,"invalid MSG6");
2fe58dfd
SE		 1411 }
1412 break;
2fe58dfd 1413 default:
59635212 1414 slog(st,LOG_SEC,"received message of unknown type 0x%08x",
2fe58dfd
SE		 1415 msgtype);
1416 break;
1417 }
1418 BUF_FREE(buf);
1419 return True;
1420 }
1421
1422 return False;
1423}
1424
1425static void site_control(void *vst, bool_t run)
1426{
1427 struct site *st=vst;
1428 if (run) enter_state_run(st);
1429 else enter_state_stop(st);
1430}
1431
794f2398
SE		 1432static void site_phase_hook(void *sst, uint32_t newphase)
1433{
1434 struct site *st=sst;
1435
1436 /* The program is shutting down; tell our peer */
1437 send_msg7(st,"shutting down");
1438}
1439
2fe58dfd
SE		 1440static list_t *site_apply(closure_t *self, struct cloc loc, dict_t *context,
1441 list_t *args)
1442{
58650a70 1443 static uint32_t index_sequence;
2fe58dfd
SE		 1444 struct site *st;
1445 item_t *item;
1446 dict_t *dict;
59533c16 1447 int i;
2fe58dfd
SE		 1448
1449 st=safe_malloc(sizeof(*st),"site_apply");
1450
1451 st->cl.description="site";
1452 st->cl.type=CL_SITE;
1453 st->cl.apply=NULL;
1454 st->cl.interface=&st->ops;
1455 st->ops.st=st;
1456 st->ops.control=site_control;
1457 st->ops.status=site_status;
1458
1459 /* First parameter must be a dict */
1460 item=list_elem(args,0);
1461 if (!item || item->type!=t_dict)
1462 cfgfatal(loc,"site","parameter must be a dictionary\n");
1463
1464 dict=item->data.dict;
558fa3fb
SE		 1465 st->localname=dict_read_string(dict, "local-name", True, "site", loc);
1466 st->remotename=dict_read_string(dict, "name", True, "site", loc);
dba19f84
IJ		 1467
1468 st->peer_mobile=dict_read_bool(dict,"mobile",False,"site",loc,False);
1469 bool_t local_mobile=
1470 dict_read_bool(dict,"local-mobile",False,"site",loc,False);
1471
558fa3fb
SE		 1472 /* Sanity check (which also allows the 'sites' file to include
1473 site() closures for all sites including our own): refuse to
1474 talk to ourselves */
1475 if (strcmp(st->localname,st->remotename)==0) {
b2a56f7c 1476 Message(M_DEBUG,"site %s: local-name==name -> ignoring this site\n",
baa06aeb 1477 st->localname);
dba19f84
IJ		 1478 if (st->peer_mobile != local_mobile)
1479 cfgfatal(loc,"site","site %s's peer-mobile=%d"
1480 " but our local-mobile=%d\n",
1481 st->localname, st->peer_mobile, local_mobile);
1482 free(st);
1483 return NULL;
1484 }
1485 if (st->peer_mobile && local_mobile) {
1486 Message(M_WARNING,"site %s: site is mobile but so are we"
1487 " -> ignoring this site\n", st->remotename);
558fa3fb
SE		 1488 free(st);
1489 return NULL;
1490 }
dba19f84 1491
58650a70
RK		 1492 assert(index_sequence < 0xffffffffUL);
1493 st->index = ++index_sequence;
469fd1d9 1494 st->netlink=find_cl_if(dict,"link",CL_NETLINK,True,"site",loc);
59533c16
IJ		 1495
1496 list_t *comms_cfg=dict_lookup(dict,"comm");
39a6b1e2 1497 if (!comms_cfg) cfgfatal(loc,"site","closure list \"comm\" not found\n");
59533c16
IJ		 1498 st->ncomms=list_length(comms_cfg);
1499 st->comms=safe_malloc_ary(sizeof(*st->comms),st->ncomms,"comms");
1500 assert(st->ncomms);
1501 for (i=0; i<st->ncomms; i++) {
1502 item_t *item=list_elem(comms_cfg,i);
39a6b1e2
IJ		 1503 if (item->type!=t_closure)
1504 cfgfatal(loc,"site","comm is not a closure\n");
59533c16 1505 closure_t *cl=item->data.closure;
39a6b1e2 1506 if (cl->type!=CL_COMM) cfgfatal(loc,"site","comm closure wrong type\n");
59533c16
IJ		 1507 st->comms[i]=cl->interface;
1508 }
1509
2fe58dfd
SE		 1510 st->resolver=find_cl_if(dict,"resolver",CL_RESOLVER,True,"site",loc);
1511 st->log=find_cl_if(dict,"log",CL_LOG,True,"site",loc);
1512 st->random=find_cl_if(dict,"random",CL_RANDOMSRC,True,"site",loc);
1513
2fe58dfd 1514 st->privkey=find_cl_if(dict,"local-key",CL_RSAPRIVKEY,True,"site",loc);
2fe58dfd 1515 st->address=dict_read_string(dict, "address", False, "site", loc);
3454dce4
SE		 1516 if (st->address)
1517 st->remoteport=dict_read_number(dict,"port",True,"site",loc,0);
1518 else st->remoteport=0;
2fe58dfd
SE		 1519 st->pubkey=find_cl_if(dict,"key",CL_RSAPUBKEY,True,"site",loc);
1520
1521 st->transform=
1522 find_cl_if(dict,"transform",CL_TRANSFORM,True,"site",loc);
1523
1524 st->dh=find_cl_if(dict,"dh",CL_DH,True,"site",loc);
1525 st->hash=find_cl_if(dict,"hash",CL_HASH,True,"site",loc);
1526
e57264d6
IJ		 1527#define DEFAULT(D) (st->peer_mobile || local_mobile \
1528 ? DEFAULT_MOBILE_##D : DEFAULT_##D)
e7f8ec2a 1529#define CFG_NUMBER(k,D) dict_read_number(dict,(k),False,"site",loc,DEFAULT(D));
c27ca22f 1530
e7f8ec2a
IJ		 1531 st->key_lifetime= CFG_NUMBER("key-lifetime", KEY_LIFETIME);
1532 st->setup_retries= CFG_NUMBER("setup-retries", SETUP_RETRIES);
1533 st->setup_retry_interval= CFG_NUMBER("setup-timeout", SETUP_RETRY_INTERVAL);
1534 st->wait_timeout= CFG_NUMBER("wait-time", WAIT_TIME);
1535
446353cd
IJ		 1536 st->mobile_peer_expiry= dict_read_number(
1537 dict,"mobile-peer-expiry",False,"site",loc,DEFAULT_MOBILE_PEER_EXPIRY);
1538
1539 st->transport_peers_max= !st->peer_mobile ? 1 : dict_read_number(
1540 dict,"mobile-peers-max",False,"site",loc,DEFAULT_MOBILE_PEERS_MAX);
1541 if (st->transport_peers_max<1 ||
1542 st->transport_peers_max>=MAX_MOBILE_PEERS_MAX) {
1543 cfgfatal(loc,"site","mobile-peers-max must be in range 1.."
1544 STRING(MAX_MOBILE_PEERS_MAX) "\n");
1545 }
1546
e7f8ec2a 1547 if (st->key_lifetime < DEFAULT(KEY_RENEGOTIATE_GAP)*2)
c27ca22f
IJ		 1548 st->key_renegotiate_time=st->key_lifetime/2;
1549 else
e7f8ec2a 1550 st->key_renegotiate_time=st->key_lifetime-DEFAULT(KEY_RENEGOTIATE_GAP);
9d3a4132 1551 st->key_renegotiate_time=dict_read_number(
cce0051f 1552 dict,"renegotiate-time",False,"site",loc,st->key_renegotiate_time);
9d3a4132
SE		 1553 if (st->key_renegotiate_time > st->key_lifetime) {
1554 cfgfatal(loc,"site",
1555 "renegotiate-time must be less than key-lifetime\n");
1556 }
9d3a4132
SE		 1557
1558 st->log_events=string_list_to_word(dict_lookup(dict,"log-events"),
1559 log_event_table,"site");
2fe58dfd 1560
4efd681a
SE		 1561 st->tunname=safe_malloc(strlen(st->localname)+strlen(st->remotename)+5,
1562 "site_apply");
1563 sprintf(st->tunname,"%s<->%s",st->localname,st->remotename);
1564
2fe58dfd 1565 /* The information we expect to see in incoming messages of type 1 */
59230b9b
IJ		 1566 /* fixme: lots of unchecked overflows here, but the results are only
1567 corrupted packets rather than undefined behaviour */
2fe58dfd
SE		 1568 st->setupsiglen=strlen(st->remotename)+strlen(st->localname)+8;
1569 st->setupsig=safe_malloc(st->setupsiglen,"site_apply");
8689b3a9
SE		 1570 put_uint32(st->setupsig+0,LABEL_MSG1);
1571 put_uint16(st->setupsig+4,strlen(st->remotename));
2fe58dfd 1572 memcpy(&st->setupsig[6],st->remotename,strlen(st->remotename));
8689b3a9 1573 put_uint16(st->setupsig+(6+strlen(st->remotename)),strlen(st->localname));
2fe58dfd
SE		 1574 memcpy(&st->setupsig[8+strlen(st->remotename)],st->localname,
1575 strlen(st->localname));
1576 st->setup_priority=(strcmp(st->localname,st->remotename)>0);
1577
1578 buffer_new(&st->buffer,SETUP_BUFFER_LEN);
1579
05f39b4d
IJ		 1580 buffer_new(&st->scratch,0);
1581 BUF_ALLOC(&st->scratch,"site:scratch");
1582
2fe58dfd
SE		 1583 /* We are interested in poll(), but only for timeouts. We don't have
1584 any fds of our own. */
1585 register_for_poll(st, site_beforepoll, site_afterpoll, 0, "site");
1586 st->timeout=0;
1587
19e9a588 1588 st->current.key_timeout=0;
02b0959b 1589 st->auxiliary_key.key_timeout=0;
446353cd
IJ		 1590 transport_peers_clear(st,&st->peers);
1591 transport_peers_clear(st,&st->setup_peers);
2fe58dfd
SE		 1592 /* XXX mlock these */
1593 st->dhsecret=safe_malloc(st->dh->len,"site:dhsecret");
7c9ca4bd
IJ		 1594 st->sharedsecretlen=st->transform->keylen?:st->dh->ceil_len;
1595 st->sharedsecret=safe_malloc(st->sharedsecretlen,"site:sharedsecret");
2fe58dfd 1596
59533c16
IJ		 1597 /* We need to compute some properties of our comms */
1598#define COMPUTE_WORST(pad) \
1599 int worst_##pad=0; \
1600 for (i=0; i<st->ncomms; i++) { \
1601 int thispad=st->comms[i]->pad; \
1602 if (thispad > worst_##pad) \
1603 worst_##pad=thispad; \
1604 }
1605 COMPUTE_WORST(min_start_pad)
1606 COMPUTE_WORST(min_end_pad)
1607
2fe58dfd 1608 /* We need to register the remote networks with the netlink device */
469fd1d9 1609 st->netlink->reg(st->netlink->st, site_outgoing, st,
ff05a229 1610 st->transform->max_start_pad+(4*4)+
59533c16
IJ		 1611 worst_min_start_pad,
1612 st->transform->max_end_pad+worst_min_end_pad);
ff05a229 1613
59533c16
IJ		 1614 for (i=0; i<st->ncomms; i++)
1615 st->comms[i]->request_notify(st->comms[i]->st, st, site_incoming);
2fe58dfd 1616
19e9a588 1617 st->current.transform=st->transform->create(st->transform->st);
02b0959b 1618 st->auxiliary_key.transform=st->transform->create(st->transform->st);
2fe58dfd 1619 st->new_transform=st->transform->create(st->transform->st);
bd98cd6b 1620 st->auxiliary_is_new=0;
2fe58dfd
SE		 1621
1622 enter_state_stop(st);
1623
794f2398
SE		 1624 add_hook(PHASE_SHUTDOWN,site_phase_hook,st);
1625
2fe58dfd
SE		 1626 return new_closure(&st->cl);
1627}
1628
2fe58dfd
SE		 1629void site_module(dict_t *dict)
1630{
1631 add_closure(dict,"site",site_apply);
1632}
446353cd
IJ		 1633
1634
1635/***** TRANSPORT PEERS definitions *****/
1636
1637static void transport_peers_debug(struct site *st, transport_peers *dst,
1638 const char *didwhat,
1639 int nargs, const struct comm_addr *args,
1640 size_t stride) {
1641 int i;
1642 char *argp;
1643
1644 if (!(st->log_events & LOG_PEER_ADDRS))
1645 return; /* an optimisation */
1646
1647 slog(st, LOG_PEER_ADDRS, "peers (%s) %s nargs=%d => npeers=%d",
1648 (dst==&st->peers ? "data" :
1649 dst==&st->setup_peers ? "setup" : "UNKNOWN"),
1650 didwhat, nargs, dst->npeers);
1651
1652 for (i=0, argp=(void*)args;
1653 i<nargs;
1654 i++, (argp+=stride?stride:sizeof(*args))) {
1655 const struct comm_addr *ca=(void*)argp;
1656 slog(st, LOG_PEER_ADDRS, " args: addrs[%d]=%s",
1657 i, ca->comm->addr_to_string(ca->comm->st,ca));
1658 }
1659 for (i=0; i<dst->npeers; i++) {
1660 struct timeval diff;
1661 timersub(tv_now,&dst->peers[i].last,&diff);
1662 const struct comm_addr *ca=&dst->peers[i].addr;
1663 slog(st, LOG_PEER_ADDRS, " peers: addrs[%d]=%s T-%ld.%06ld",
1664 i, ca->comm->addr_to_string(ca->comm->st,ca),
1665 (unsigned long)diff.tv_sec, (unsigned long)diff.tv_usec);
1666 }
1667}
1668
1669static int transport_peer_compar(const void *av, const void *bv) {
1670 const transport_peer *a=av;
1671 const transport_peer *b=bv;
1672 /* put most recent first in the array */
1673 if (timercmp(&a->last, &b->last, <)) return +1;
1674 if (timercmp(&a->last, &b->last, >)) return -11;
1675 return 0;
1676}
1677
1678static void transport_peers_expire(struct site *st, transport_peers *peers) {
1679 /* peers must be sorted first */
1680 int previous_peers=peers->npeers;
1681 struct timeval oldest;
1682 oldest.tv_sec = tv_now->tv_sec - st->mobile_peer_expiry;
1683 oldest.tv_usec = tv_now->tv_usec;
1684 while (peers->npeers>1 &&
1685 timercmp(&peers->peers[peers->npeers-1].last, &oldest, <))
1686 peers->npeers--;
1687 if (peers->npeers != previous_peers)
1688 transport_peers_debug(st,peers,"expire", 0,0,0);
1689}
1690
1691static void transport_record_peer(struct site *st, transport_peers *peers,
1692 const struct comm_addr *addr, const char *m) {
1693 int slot, changed=0;
1694
1695 for (slot=0; slot<peers->npeers; slot++)
1696 if (!memcmp(&peers->peers[slot].addr, addr, sizeof(*addr)))
1697 goto found;
1698
1699 changed=1;
1700 if (peers->npeers==st->transport_peers_max)
1701 slot=st->transport_peers_max;
1702 else
1703 slot=peers->npeers++;
1704
1705 found:
1706 peers->peers[slot].addr=*addr;
1707 peers->peers[slot].last=*tv_now;
1708
1709 if (peers->npeers>1)
1710 qsort(peers->peers, peers->npeers,
1711 sizeof(*peers->peers), transport_peer_compar);
1712
1713 if (changed || peers->npeers!=1)
1714 transport_peers_debug(st,peers,m, 1,addr,0);
1715 transport_peers_expire(st, peers);
1716}
1717
1718static bool_t transport_compute_setupinit_peers(struct site *st,
1719 const struct comm_addr *configured_addr /* 0 if none or not found */) {
1720
1721 if (!configured_addr && !transport_peers_valid(&st->peers))
1722 return False;
1723
1724 slog(st,LOG_SETUP_INIT,
1725 (!configured_addr ? "using only %d old peer address(es)"
1726 : "using configured address, and/or perhaps %d old peer address(es)"),
1727 st->peers);
1728
1729 /* Non-mobile peers havve st->peers.npeers==0 or ==1, since they
1730 * have transport_peers_max==1. The effect is that this code
1731 * always uses the configured address if supplied, or otherwise
1732 * the existing data peer if one exists; this is as desired. */
1733
1734 transport_peers_copy(st,&st->setup_peers,&st->peers);
1735
1736 if (configured_addr)
1737 transport_record_peer(st,&st->setup_peers,configured_addr,"setupinit");
1738
1739 assert(transport_peers_valid(&st->setup_peers));
1740 return True;
1741}
1742
1743static void transport_setup_msgok(struct site *st, const struct comm_addr *a) {
1744 if (st->peer_mobile)
1745 transport_record_peer(st,&st->setup_peers,a,"setupmsg");
1746}
1747static void transport_data_msgok(struct site *st, const struct comm_addr *a) {
1748 if (st->peer_mobile)
1749 transport_record_peer(st,&st->peers,a,"datamsg");
1750}
1751
1752static int transport_peers_valid(transport_peers *peers) {
1753 return peers->npeers;
1754}
1755static void transport_peers_clear(struct site *st, transport_peers *peers) {
1756 peers->npeers= 0;
1757 transport_peers_debug(st,peers,"clear",0,0,0);
1758}
1759static void transport_peers_copy(struct site *st, transport_peers *dst,
1760 const transport_peers *src) {
1761 dst->npeers=src->npeers;
1762 memcpy(dst->peers, src->peers, sizeof(*dst->peers) * dst->npeers);
1763 transport_peers_debug(st,dst,"copy",
a620a048 1764 src->npeers, &src->peers->addr, sizeof(*src->peers));
446353cd
IJ		 1765}
1766
1767void transport_xmit(struct site *st, transport_peers *peers,
1768 struct buffer_if *buf, bool_t candebug) {
1769 int slot;
1770 transport_peers_expire(st, peers);
1771 for (slot=0; slot<peers->npeers; slot++) {
1772 transport_peer *peer=&peers->peers[slot];
1773 if (candebug)
1774 dump_packet(st, buf, &peer->addr, False);
1775 peer->addr.comm->sendmsg(peer->addr.comm->st, buf, &peer->addr);
1776 }
1777}
1778
1779/***** END of transport peers declarations *****/
Secnet virtual private network: clone of http://www.chiark.greenend.org.uk/ucgi/~ian/git/secnet.git/