~mdw / secnet / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
site logging: Break out logtimeout
[secnet] / site.c
CommitLineData
2fe58dfd
SE		 1/* site.c - manage communication with a remote network site */
2
469fd1d9
SE		 3/* The 'site' code doesn't know anything about the structure of the
4 packets it's transmitting. In fact, under the new netlink
5 configuration scheme it doesn't need to know anything at all about
6 IP addresses, except how to contact its peer. This means it could
7 potentially be used to tunnel other protocols too (IPv6, IPX, plain
8 old Ethernet frames) if appropriate netlink code can be written
9 (and that ought not to be too hard, eg. using the TUN/TAP device to
10 pretend to be an Ethernet interface). */
11
ff05a229
SE		 12/* At some point in the future the netlink code will be asked for
13 configuration information to go in the PING/PONG packets at the end
14 of the key exchange. */
15
8689b3a9 16#include "secnet.h"
2fe58dfd 17#include <stdio.h>
469fd1d9 18#include <string.h>
fe5e9cc4 19#include <limits.h>
58650a70 20#include <assert.h>
8689b3a9 21#include <sys/socket.h>
2fe58dfd 22
8689b3a9 23#include <sys/mman.h>
2fe58dfd 24#include "util.h"
59635212 25#include "unaligned.h"
ff05a229 26#include "magic.h"
2fe58dfd
SE		 27
28#define SETUP_BUFFER_LEN 2048
29
e7f8ec2a
IJ		 30#define DEFAULT_KEY_LIFETIME (3600*1000) /* [ms] */
31#define DEFAULT_KEY_RENEGOTIATE_GAP (5*60*1000) /* [ms] */
2fe58dfd 32#define DEFAULT_SETUP_RETRIES 5
e7f8ec2a
IJ		 33#define DEFAULT_SETUP_RETRY_INTERVAL (2*1000) /* [ms] */
34#define DEFAULT_WAIT_TIME (20*1000) /* [ms] */
e57264d6
IJ		 35
36#define DEFAULT_MOBILE_KEY_LIFETIME (2*24*3600*1000) /* [ms] */
37#define DEFAULT_MOBILE_KEY_RENEGOTIATE_GAP (12*3600*1000) /* [ms] */
38#define DEFAULT_MOBILE_SETUP_RETRIES 30
39#define DEFAULT_MOBILE_SETUP_RETRY_INTERVAL (1*1000) /* [ms] */
40#define DEFAULT_MOBILE_WAIT_TIME (10*1000) /* [ms] */
41
446353cd
IJ		 42#define DEFAULT_MOBILE_PEER_EXPIRY (2*60) /* [s] */
43#define DEFAULT_MOBILE_PEERS_MAX 3 /* send at most this many copies (default) */
2fe58dfd
SE		 44
45/* Each site can be in one of several possible states. */
46
47/* States:
48 SITE_STOP - nothing is allowed to happen; tunnel is down;
49 all session keys have been erased
50 -> SITE_RUN upon external instruction
51 SITE_RUN - site up, maybe with valid key
52 -> SITE_RESOLVE upon outgoing packet and no valid key
53 we start name resolution for the other end of the tunnel
54 -> SITE_SENTMSG2 upon valid incoming message 1 and suitable time
55 we send an appropriate message 2
56 SITE_RESOLVE - waiting for name resolution
57 -> SITE_SENTMSG1 upon successful resolution
58 we send an appropriate message 1
59 -> SITE_SENTMSG2 upon valid incoming message 1 (then abort resolution)
60 we abort resolution and
61 -> SITE_WAIT on timeout or resolution failure
62 SITE_SENTMSG1
63 -> SITE_SENTMSG2 upon valid incoming message 1 from higher priority end
64 -> SITE_SENTMSG3 upon valid incoming message 2
65 -> SITE_WAIT on timeout
66 SITE_SENTMSG2
67 -> SITE_SENTMSG4 upon valid incoming message 3
68 -> SITE_WAIT on timeout
69 SITE_SENTMSG3
70 -> SITE_SENTMSG5 upon valid incoming message 4
71 -> SITE_WAIT on timeout
72 SITE_SENTMSG4
73 -> SITE_RUN upon valid incoming message 5
74 -> SITE_WAIT on timeout
75 SITE_SENTMSG5
76 -> SITE_RUN upon valid incoming message 6
77 -> SITE_WAIT on timeout
78 SITE_WAIT - failed to establish key; do nothing for a while
79 -> SITE_RUN on timeout
80 */
81
82#define SITE_STOP 0
83#define SITE_RUN 1
84#define SITE_RESOLVE 2
85#define SITE_SENTMSG1 3
86#define SITE_SENTMSG2 4
87#define SITE_SENTMSG3 5
88#define SITE_SENTMSG4 6
89#define SITE_SENTMSG5 7
90#define SITE_WAIT 8
91
3abd18e8
IJ		 92int32_t site_max_start_pad = 4*4;
93
fe5e9cc4 94static cstring_t state_name(uint32_t state)
2fe58dfd
SE		 95{
96 switch (state) {
3454dce4
SE		 97 case 0: return "STOP";
98 case 1: return "RUN";
99 case 2: return "RESOLVE";
100 case 3: return "SENTMSG1";
101 case 4: return "SENTMSG2";
102 case 5: return "SENTMSG3";
103 case 6: return "SENTMSG4";
104 case 7: return "SENTMSG5";
105 case 8: return "WAIT";
2fe58dfd
SE		 106 default: return "*bad state*";
107 }
108}
109
2fe58dfd
SE		 110#define NONCELEN 8
111
112#define LOG_UNEXPECTED 0x00000001
113#define LOG_SETUP_INIT 0x00000002
114#define LOG_SETUP_TIMEOUT 0x00000004
115#define LOG_ACTIVATE_KEY 0x00000008
116#define LOG_TIMEOUT_KEY 0x00000010
9d3a4132 117#define LOG_SEC 0x00000020
2fe58dfd
SE		 118#define LOG_STATE 0x00000040
119#define LOG_DROP 0x00000080
120#define LOG_DUMP 0x00000100
121#define LOG_ERROR 0x00000400
446353cd 122#define LOG_PEER_ADDRS 0x00000800
2fe58dfd 123
9d3a4132
SE		 124static struct flagstr log_event_table[]={
125 { "unexpected", LOG_UNEXPECTED },
126 { "setup-init", LOG_SETUP_INIT },
127 { "setup-timeout", LOG_SETUP_TIMEOUT },
128 { "activate-key", LOG_ACTIVATE_KEY },
129 { "timeout-key", LOG_TIMEOUT_KEY },
130 { "security", LOG_SEC },
131 { "state-change", LOG_STATE },
132 { "packet-drop", LOG_DROP },
133 { "dump-packets", LOG_DUMP },
134 { "errors", LOG_ERROR },
446353cd 135 { "peer-addrs", LOG_PEER_ADDRS },
ff05a229
SE		 136 { "default", LOG_SETUP_INIT|LOG_SETUP_TIMEOUT|
137 LOG_ACTIVATE_KEY|LOG_TIMEOUT_KEY|LOG_SEC|LOG_ERROR },
9d3a4132
SE		 138 { "all", 0xffffffff },
139 { NULL, 0 }
140};
141
446353cd
IJ		 142
143/***** TRANSPORT PEERS declarations *****/
144
145/* Details of "mobile peer" semantics:
146
147 - We record mobile_peers_max peer address/port numbers ("peers")
148 for key setup, and separately mobile_peers_max for data
149 transfer. If these lists fill up, we retain the newest peers.
150 (For non-mobile peers we only record one of each.)
151
152 - Outgoing packets are sent to every recorded peer in the
153 applicable list.
154
155 - Data transfer peers are straightforward: whenever we successfully
156 process a data packet, we record the peer. Also, whenever we
157 successfully complete a key setup, we merge the key setup
158 peers into the data transfer peers.
159
160 (For "non-mobile" peers we simply copy the peer used for
161 successful key setup, and don't change the peer otherwise.)
162
163 - Key setup peers are slightly more complicated.
164
165 Whenever we receive and successfully process a key exchange
166 packet, we record the peer.
167
168 Whenever we try to initiate a key setup, we copy the list of data
169 transfer peers and use it for key setup. But we also look to see
170 if the config supplies an address and port number and if so we
171 add that as a key setup peer (possibly evicting one of the data
172 transfer peers we just copied).
173
174 (For "non-mobile" peers, if we if we have a configured peer
175 address and port, we always use that; otherwise if we have a
176 current data peer address we use that; otherwise we do not
177 attempt to initiate a key setup for lack of a peer address.)
178
179 "Record the peer" means
180 1. expire any peers last seen >120s ("mobile-peer-expiry") ago
181 2. add the peer of the just received packet to the applicable list
182 (possibly evicting older entries)
183 NB that we do not expire peers until an incoming packet arrives.
184
185 */
186
187#define MAX_MOBILE_PEERS_MAX 5 /* send at most this many copies, compiled max */
188
189typedef struct {
190 struct timeval last;
191 struct comm_addr addr;
192} transport_peer;
193
194typedef struct {
195/* configuration information */
196/* runtime information */
197 int npeers;
198 transport_peer peers[MAX_MOBILE_PEERS_MAX];
199} transport_peers;
200
201static void transport_peers_clear(struct site *st, transport_peers *peers);
202static int transport_peers_valid(transport_peers *peers);
203static void transport_peers_copy(struct site *st, transport_peers *dst,
204 const transport_peers *src);
205
206static void transport_setup_msgok(struct site *st, const struct comm_addr *a);
207static void transport_data_msgok(struct site *st, const struct comm_addr *a);
208static bool_t transport_compute_setupinit_peers(struct site *st,
dd9209d1
IJ		 209 const struct comm_addr *configured_addr /* 0 if none or not found */,
210 const struct comm_addr *prod_hint_addr /* 0 if none */);
446353cd
IJ		 211static void transport_record_peer(struct site *st, transport_peers *peers,
212 const struct comm_addr *addr, const char *m);
213
214static void transport_xmit(struct site *st, transport_peers *peers,
215 struct buffer_if *buf, bool_t candebug);
216
217 /***** END of transport peers declarations *****/
218
219
19e9a588
IJ		 220struct data_key {
221 struct transform_inst_if *transform;
222 uint64_t key_timeout; /* End of life of current key */
223 uint32_t remote_session_id;
224};
225
2fe58dfd
SE		 226struct site {
227 closure_t cl;
228 struct site_if ops;
229/* configuration information */
230 string_t localname;
231 string_t remotename;
446353cd
IJ		 232 bool_t peer_mobile; /* Mobile client support */
233 int32_t transport_peers_max;
ff05a229 234 string_t tunname; /* localname<->remotename by default, used in logs */
2fe58dfd 235 string_t address; /* DNS name for bootstrapping, optional */
ff05a229 236 int remoteport; /* Port for bootstrapping, optional */
3ed1846a 237 uint32_t mtu_target;
2fe58dfd 238 struct netlink_if *netlink;
59533c16
IJ		 239 struct comm_if **comms;
240 int ncomms;
2fe58dfd
SE		 241 struct resolver_if *resolver;
242 struct log_if *log;
243 struct random_if *random;
244 struct rsaprivkey_if *privkey;
2fe58dfd 245 struct rsapubkey_if *pubkey;
5b5f297f
IJ		 246 struct transform_if **transforms;
247 int ntransforms;
2fe58dfd
SE		 248 struct dh_if *dh;
249 struct hash_if *hash;
2fe58dfd 250
58650a70 251 uint32_t index; /* Index of this site */
09a385fb 252 uint32_t local_capabilities;
1caa23ff 253 int32_t setup_retries; /* How many times to send setup packets */
e7f8ec2a 254 int32_t setup_retry_interval; /* Initial timeout for setup packets */
4a8aed08 255 int32_t wait_timeout; /* How long to wait if setup unsuccessful */
446353cd 256 int32_t mobile_peer_expiry; /* How long to remember 2ary addresses */
4a8aed08
IJ		 257 int32_t key_lifetime; /* How long a key lasts once set up */
258 int32_t key_renegotiate_time; /* If we see traffic (or a keepalive)
9d3a4132
SE		 259 after this time, initiate a new
260 key exchange */
2fe58dfd 261
2fe58dfd
SE		 262 bool_t setup_priority; /* Do we have precedence if both sites emit
263 message 1 simultaneously? */
264 uint32_t log_events;
265
266/* runtime information */
267 uint32_t state;
268 uint64_t now; /* Most recently seen time */
dd9209d1 269 bool_t allow_send_prod;
2fe58dfd 270
ff05a229 271 /* The currently established session */
19e9a588 272 struct data_key current;
02b0959b 273 struct data_key auxiliary_key;
bd98cd6b 274 bool_t auxiliary_is_new;
ff05a229 275 uint64_t renegotiate_key_time; /* When we can negotiate a new key */
bd98cd6b 276 uint64_t auxiliary_renegotiate_key_time;
446353cd 277 transport_peers peers; /* Current address(es) of peer for data traffic */
2fe58dfd 278
ff05a229
SE		 279 /* The current key setup protocol exchange. We can only be
280 involved in one of these at a time. There's a potential for
281 denial of service here (the attacker keeps sending a setup
282 packet; we keep trying to continue the exchange, and have to
283 timeout before we can listen for another setup packet); perhaps
284 we should keep a list of 'bad' sources for setup packets. */
09a385fb 285 uint32_t remote_capabilities;
3ed1846a 286 uint16_t remote_adv_mtu;
5b5f297f 287 struct transform_if *chosen_transform;
2fe58dfd 288 uint32_t setup_session_id;
446353cd 289 transport_peers setup_peers;
2fe58dfd
SE		 290 uint8_t localN[NONCELEN]; /* Nonces for key exchange */
291 uint8_t remoteN[NONCELEN];
292 struct buffer_if buffer; /* Current outgoing key exchange packet */
05f39b4d 293 struct buffer_if scratch;
4a8aed08 294 int32_t retries; /* Number of retries remaining */
2fe58dfd
SE		 295 uint64_t timeout; /* Timeout for current state */
296 uint8_t *dhsecret;
297 uint8_t *sharedsecret;
5b5f297f 298 uint32_t sharedsecretlen, sharedsecretallocd;
2fe58dfd
SE		 299 struct transform_inst_if *new_transform; /* For key setup/verify */
300};
301
8368df34
IJ		 302static uint32_t event_log_priority(struct site *st, uint32_t event)
303{
304 if (!(event&st->log_events))
305 return 0;
306 switch(event) {
307 case LOG_UNEXPECTED: return M_INFO;
308 case LOG_SETUP_INIT: return M_INFO;
309 case LOG_SETUP_TIMEOUT: return M_NOTICE;
310 case LOG_ACTIVATE_KEY: return M_INFO;
311 case LOG_TIMEOUT_KEY: return M_INFO;
312 case LOG_SEC: return M_SECURITY;
313 case LOG_STATE: return M_DEBUG;
314 case LOG_DROP: return M_DEBUG;
315 case LOG_DUMP: return M_DEBUG;
316 case LOG_ERROR: return M_ERR;
317 case LOG_PEER_ADDRS: return M_DEBUG;
318 default: return M_ERR;
319 }
320}
321
0237c848
IJ		 322static void vslog(struct site *st, uint32_t event, cstring_t msg, va_list ap)
323FORMAT(printf,3,0);
324static void vslog(struct site *st, uint32_t event, cstring_t msg, va_list ap)
2fe58dfd 325{
b2a56f7c 326 uint32_t class;
2fe58dfd 327
8368df34
IJ		 328 class=event_log_priority(st, event);
329 if (class) {
e5d8c16e
IJ		 330 slilog_part(st->log,class,"%s: ",st->tunname);
331 vslilog_part(st->log,class,msg,ap);
332 slilog_part(st->log,class,"\n");
2fe58dfd 333 }
2fe58dfd
SE		 334}
335
0237c848
IJ		 336static void slog(struct site *st, uint32_t event, cstring_t msg, ...)
337FORMAT(printf,3,4);
338static void slog(struct site *st, uint32_t event, cstring_t msg, ...)
339{
340 va_list ap;
341 va_start(ap,msg);
342 vslog(st,event,msg,ap);
343 va_end(ap);
344}
345
4f3c75ac
IJ		 346static void logtimeout(struct site *st, const char *fmt, ...)
347FORMAT(printf,2,3);
348static void logtimeout(struct site *st, const char *fmt, ...)
349{
350 va_list ap;
351 va_start(ap,fmt);
352 vslog(st,LOG_SETUP_TIMEOUT,fmt,ap);
353 va_end(ap);
354}
355
9d3a4132 356static void set_link_quality(struct site *st);
1d388569
IJ		 357static void delete_keys(struct site *st, cstring_t reason, uint32_t loglevel);
358static void delete_one_key(struct site *st, struct data_key *key,
359 const char *reason /* may be 0 meaning don't log*/,
360 const char *which /* ignored if !reasonn */,
361 uint32_t loglevel /* ignored if !reasonn */);
dd9209d1
IJ		 362static bool_t initiate_key_setup(struct site *st, cstring_t reason,
363 const struct comm_addr *prod_hint);
2fe58dfd
SE		 364static void enter_state_run(struct site *st);
365static bool_t enter_state_resolve(struct site *st);
ff05a229 366static bool_t enter_new_state(struct site *st,uint32_t next);
2fe58dfd 367static void enter_state_wait(struct site *st);
05f39b4d 368static void activate_new_key(struct site *st);
2fe58dfd 369
0afd257e
IJ		 370static bool_t is_transform_valid(struct transform_inst_if *transform)
371{
fcad4b0b 372 return transform && transform->valid(transform->st);
0afd257e
IJ		 373}
374
3d8d8f4e
IJ		 375static bool_t current_valid(struct site *st)
376{
0afd257e
IJ		 377 return is_transform_valid(st->current.transform);
378}
379
380#define DEFINE_CALL_TRANSFORM(fwdrev) \
381static int call_transform_##fwdrev(struct site *st, \
382 struct transform_inst_if *transform, \
383 struct buffer_if *buf, \
384 const char **errmsg) \
385{ \
fcad4b0b
IJ		 386 if (!is_transform_valid(transform)) { \
387 *errmsg="transform not set up"; \
388 return 1; \
389 } \
0afd257e 390 return transform->fwdrev(transform->st,buf,errmsg); \
3d8d8f4e
IJ		 391}
392
0afd257e
IJ		 393DEFINE_CALL_TRANSFORM(forwards)
394DEFINE_CALL_TRANSFORM(reverse)
395
396static void dispose_transform(struct transform_inst_if **transform_var)
397{
0afd257e 398 struct transform_inst_if *transform=*transform_var;
fcad4b0b
IJ		 399 if (transform) {
400 transform->delkey(transform->st);
401 transform->destroy(transform->st);
402 }
403 *transform_var = 0;
0afd257e
IJ		 404}
405
2fe58dfd
SE		 406#define CHECK_AVAIL(b,l) do { if ((b)->size<(l)) return False; } while(0)
407#define CHECK_EMPTY(b) do { if ((b)->size!=0) return False; } while(0)
408#define CHECK_TYPE(b,t) do { uint32_t type; \
409 CHECK_AVAIL((b),4); \
59635212 410 type=buf_unprepend_uint32((b)); \
2fe58dfd
SE		 411 if (type!=(t)) return False; } while(0)
412
3ed1846a
IJ		 413static _Bool type_is_msg34(uint32_t type)
414{
415 return
416 type == LABEL_MSG3 ||
417 type == LABEL_MSG3BIS ||
418 type == LABEL_MSG4;
419}
420
1737eeef
IJ		 421struct parsedname {
422 int32_t len;
423 uint8_t *name;
09a385fb 424 struct buffer_if extrainfo;
1737eeef
IJ		 425};
426
2fe58dfd
SE		 427struct msg {
428 uint8_t *hashstart;
429 uint32_t dest;
430 uint32_t source;
1737eeef
IJ		 431 struct parsedname remote;
432 struct parsedname local;
09a385fb 433 uint32_t remote_capabilities;
3ed1846a 434 uint16_t remote_mtu;
5b5f297f 435 int capab_transformnum;
2fe58dfd
SE		 436 uint8_t *nR;
437 uint8_t *nL;
1caa23ff 438 int32_t pklen;
3e8addad 439 char *pk;
1caa23ff
IJ		 440 int32_t hashlen;
441 int32_t siglen;
3e8addad 442 char *sig;
2fe58dfd
SE		 443};
444
5b5f297f 445static void set_new_transform(struct site *st, char *pk)
0afd257e 446{
5b5f297f
IJ		 447 /* Make room for the shared key */
448 st->sharedsecretlen=st->chosen_transform->keylen?:st->dh->ceil_len;
449 assert(st->sharedsecretlen);
450 if (st->sharedsecretlen > st->sharedsecretallocd) {
451 st->sharedsecretallocd=st->sharedsecretlen;
452 st->sharedsecret=realloc(st->sharedsecret,st->sharedsecretallocd);
453 }
454 if (!st->sharedsecret) fatal_perror("site:sharedsecret");
455
456 /* Generate the shared key */
457 st->dh->makeshared(st->dh->st,st->dhsecret,st->dh->len,pk,
458 st->sharedsecret,st->sharedsecretlen);
459
460 /* Set up the transform */
461 struct transform_if *generator=st->chosen_transform;
fcad4b0b
IJ		 462 struct transform_inst_if *generated=generator->create(generator->st);
463 generated->setkey(generated->st,st->sharedsecret,
464 st->sharedsecretlen,st->setup_priority);
465 dispose_transform(&st->new_transform);
466 st->new_transform=generated;
5b5f297f
IJ		 467
468 slog(st,LOG_SETUP_INIT,"key exchange negotiated transform"
469 " %d (capabilities ours=%#"PRIx32" theirs=%#"PRIx32")",
470 st->chosen_transform->capab_transformnum,
471 st->local_capabilities, st->remote_capabilities);
0afd257e
IJ		 472}
473
09a385fb
IJ		 474struct xinfoadd {
475 int32_t lenpos, afternul;
476};
477static void append_string_xinfo_start(struct buffer_if *buf,
478 struct xinfoadd *xia,
479 const char *str)
480 /* Helps construct one of the names with additional info as found
481 * in MSG1..4. Call this function first, then append all the
482 * desired extra info (not including the nul byte) to the buffer,
483 * then call append_string_xinfo_done. */
484{
485 xia->lenpos = buf->size;
486 buf_append_string(buf,str);
487 buf_append_uint8(buf,0);
488 xia->afternul = buf->size;
489}
490static void append_string_xinfo_done(struct buffer_if *buf,
491 struct xinfoadd *xia)
492{
493 /* we just need to adjust the string length */
494 if (buf->size == xia->afternul) {
495 /* no extra info, strip the nul too */
496 buf_unappend_uint8(buf);
497 } else {
498 put_uint16(buf->start+xia->lenpos, buf->size-(xia->lenpos+2));
499 }
500}
501
ff05a229
SE		 502/* Build any of msg1 to msg4. msg5 and msg6 are built from the inside
503 out using a transform of config data supplied by netlink */
fe5e9cc4 504static bool_t generate_msg(struct site *st, uint32_t type, cstring_t what)
2fe58dfd
SE		 505{
506 void *hst;
3b83c932 507 uint8_t *hash;
2fe58dfd
SE		 508 string_t dhpub, sig;
509
510 st->retries=st->setup_retries;
511 BUF_ALLOC(&st->buffer,what);
512 buffer_init(&st->buffer,0);
59635212
SE		 513 buf_append_uint32(&st->buffer,
514 (type==LABEL_MSG1?0:st->setup_session_id));
58650a70 515 buf_append_uint32(&st->buffer,st->index);
59635212 516 buf_append_uint32(&st->buffer,type);
09a385fb
IJ		 517
518 struct xinfoadd xia;
519 append_string_xinfo_start(&st->buffer,&xia,st->localname);
520 if ((st->local_capabilities & CAPAB_EARLY) || (type != LABEL_MSG1)) {
521 buf_append_uint32(&st->buffer,st->local_capabilities);
522 }
3ed1846a
IJ		 523 if (type_is_msg34(type)) {
524 buf_append_uint16(&st->buffer,st->mtu_target);
525 }
09a385fb
IJ		 526 append_string_xinfo_done(&st->buffer,&xia);
527
2fe58dfd
SE		 528 buf_append_string(&st->buffer,st->remotename);
529 memcpy(buf_append(&st->buffer,NONCELEN),st->localN,NONCELEN);
530 if (type==LABEL_MSG1) return True;
531 memcpy(buf_append(&st->buffer,NONCELEN),st->remoteN,NONCELEN);
532 if (type==LABEL_MSG2) return True;
3b83c932
SE		 533
534 if (hacky_par_mid_failnow()) return False;
535
5b5f297f
IJ		 536 if (type==LABEL_MSG3BIS)
537 buf_append_uint8(&st->buffer,st->chosen_transform->capab_transformnum);
538
2fe58dfd
SE		 539 dhpub=st->dh->makepublic(st->dh->st,st->dhsecret,st->dh->len);
540 buf_append_string(&st->buffer,dhpub);
541 free(dhpub);
3b83c932 542 hash=safe_malloc(st->hash->len, "generate_msg");
2fe58dfd
SE		 543 hst=st->hash->init();
544 st->hash->update(hst,st->buffer.start,st->buffer.size);
545 st->hash->final(hst,hash);
546 sig=st->privkey->sign(st->privkey->st,hash,st->hash->len);
547 buf_append_string(&st->buffer,sig);
548 free(sig);
3b83c932 549 free(hash);
2fe58dfd
SE		 550 return True;
551}
552
1737eeef
IJ		 553static bool_t unpick_name(struct buffer_if *msg, struct parsedname *nm)
554{
555 CHECK_AVAIL(msg,2);
556 nm->len=buf_unprepend_uint16(msg);
557 CHECK_AVAIL(msg,nm->len);
558 nm->name=buf_unprepend(msg,nm->len);
559 uint8_t *nul=memchr(nm->name,0,nm->len);
560 if (!nul) {
09a385fb 561 buffer_readonly_view(&nm->extrainfo,0,0);
1737eeef 562 } else {
09a385fb 563 buffer_readonly_view(&nm->extrainfo, nul+1, msg->start-(nul+1));
1737eeef
IJ		 564 nm->len=nul-nm->name;
565 }
566 return True;
567}
568
2fe58dfd
SE		 569static bool_t unpick_msg(struct site *st, uint32_t type,
570 struct buffer_if *msg, struct msg *m)
571{
5b5f297f 572 m->capab_transformnum=-1;
2fe58dfd
SE		 573 m->hashstart=msg->start;
574 CHECK_AVAIL(msg,4);
59635212 575 m->dest=buf_unprepend_uint32(msg);
2fe58dfd 576 CHECK_AVAIL(msg,4);
59635212 577 m->source=buf_unprepend_uint32(msg);
2fe58dfd 578 CHECK_TYPE(msg,type);
1737eeef 579 if (!unpick_name(msg,&m->remote)) return False;
09a385fb 580 m->remote_capabilities=0;
3ed1846a 581 m->remote_mtu=0;
09a385fb
IJ		 582 if (m->remote.extrainfo.size) {
583 CHECK_AVAIL(&m->remote.extrainfo,4);
584 m->remote_capabilities=buf_unprepend_uint32(&m->remote.extrainfo);
585 }
3ed1846a
IJ		 586 if (type_is_msg34(type) && m->remote.extrainfo.size) {
587 CHECK_AVAIL(&m->remote.extrainfo,2);
588 m->remote_mtu=buf_unprepend_uint16(&m->remote.extrainfo);
589 }
1737eeef 590 if (!unpick_name(msg,&m->local)) return False;
dd9209d1
IJ		 591 if (type==LABEL_PROD) {
592 CHECK_EMPTY(msg);
593 return True;
594 }
2fe58dfd
SE		 595 CHECK_AVAIL(msg,NONCELEN);
596 m->nR=buf_unprepend(msg,NONCELEN);
597 if (type==LABEL_MSG1) {
598 CHECK_EMPTY(msg);
599 return True;
600 }
601 CHECK_AVAIL(msg,NONCELEN);
602 m->nL=buf_unprepend(msg,NONCELEN);
603 if (type==LABEL_MSG2) {
604 CHECK_EMPTY(msg);
605 return True;
606 }
5b5f297f
IJ		 607 if (type==LABEL_MSG3BIS) {
608 CHECK_AVAIL(msg,1);
609 m->capab_transformnum = buf_unprepend_uint8(msg);
610 } else {
611 m->capab_transformnum = CAPAB_TRANSFORMNUM_ANCIENT;
612 }
2fe58dfd 613 CHECK_AVAIL(msg,2);
59635212 614 m->pklen=buf_unprepend_uint16(msg);
2fe58dfd
SE		 615 CHECK_AVAIL(msg,m->pklen);
616 m->pk=buf_unprepend(msg,m->pklen);
617 m->hashlen=msg->start-m->hashstart;
618 CHECK_AVAIL(msg,2);
59635212 619 m->siglen=buf_unprepend_uint16(msg);
2fe58dfd
SE		 620 CHECK_AVAIL(msg,m->siglen);
621 m->sig=buf_unprepend(msg,m->siglen);
622 CHECK_EMPTY(msg);
623 return True;
624}
625
1737eeef
IJ		 626static bool_t name_matches(const struct parsedname *nm, const char *expected)
627{
628 int expected_len=strlen(expected);
629 return
630 nm->len == expected_len &&
631 !memcmp(nm->name, expected, expected_len);
632}
633
ff05a229 634static bool_t check_msg(struct site *st, uint32_t type, struct msg *m,
fe5e9cc4 635 cstring_t *error)
ff05a229
SE		 636{
637 if (type==LABEL_MSG1) return True;
638
639 /* Check that the site names and our nonce have been sent
640 back correctly, and then store our peer's nonce. */
1737eeef 641 if (!name_matches(&m->remote,st->remotename)) {
ff05a229
SE		 642 *error="wrong remote site name";
643 return False;
644 }
1737eeef 645 if (!name_matches(&m->local,st->localname)) {
ff05a229
SE		 646 *error="wrong local site name";
647 return False;
648 }
649 if (memcmp(m->nL,st->localN,NONCELEN)!=0) {
650 *error="wrong locally-generated nonce";
651 return False;
652 }
653 if (type==LABEL_MSG2) return True;
5ad34db2 654 if (!consttime_memeq(m->nR,st->remoteN,NONCELEN)!=0) {
ff05a229
SE		 655 *error="wrong remotely-generated nonce";
656 return False;
657 }
09a385fb
IJ		 658 /* MSG3 has complicated rules about capabilities, which are
659 * handled in process_msg3. */
5b5f297f 660 if (type==LABEL_MSG3 || type==LABEL_MSG3BIS) return True;
09a385fb
IJ		 661 if (m->remote_capabilities!=st->remote_capabilities) {
662 *error="remote capabilities changed";
663 return False;
664 }
ff05a229
SE		 665 if (type==LABEL_MSG4) return True;
666 *error="unknown message type";
667 return False;
668}
669
2fe58dfd
SE		 670static bool_t generate_msg1(struct site *st)
671{
672 st->random->generate(st->random->st,NONCELEN,st->localN);
673 return generate_msg(st,LABEL_MSG1,"site:MSG1");
674}
675
676static bool_t process_msg1(struct site *st, struct buffer_if *msg1,
7e29719e 677 const struct comm_addr *src, struct msg *m)
2fe58dfd 678{
2fe58dfd
SE		 679 /* We've already determined we're in an appropriate state to
680 process an incoming MSG1, and that the MSG1 has correct values
681 of A and B. */
682
446353cd 683 transport_record_peer(st,&st->setup_peers,src,"msg1");
7e29719e 684 st->setup_session_id=m->source;
09a385fb 685 st->remote_capabilities=m->remote_capabilities;
7e29719e 686 memcpy(st->remoteN,m->nR,NONCELEN);
2fe58dfd
SE		 687 return True;
688}
689
690static bool_t generate_msg2(struct site *st)
691{
692 st->random->generate(st->random->st,NONCELEN,st->localN);
693 return generate_msg(st,LABEL_MSG2,"site:MSG2");
694}
695
696static bool_t process_msg2(struct site *st, struct buffer_if *msg2,
a15faeb2 697 const struct comm_addr *src)
2fe58dfd
SE		 698{
699 struct msg m;
fe5e9cc4 700 cstring_t err;
2fe58dfd
SE		 701
702 if (!unpick_msg(st,LABEL_MSG2,msg2,&m)) return False;
ff05a229
SE		 703 if (!check_msg(st,LABEL_MSG2,&m,&err)) {
704 slog(st,LOG_SEC,"msg2: %s",err);
2fe58dfd
SE		 705 return False;
706 }
707 st->setup_session_id=m.source;
09a385fb 708 st->remote_capabilities=m.remote_capabilities;
5b5f297f
IJ		 709
710 /* Select the transform to use */
711
712 uint32_t remote_transforms = st->remote_capabilities & CAPAB_TRANSFORM_MASK;
713 if (!remote_transforms)
714 /* old secnets only had this one transform */
715 remote_transforms = 1UL << CAPAB_TRANSFORMNUM_ANCIENT;
716
717 struct transform_if *ti;
718 int i;
719 for (i=0; i<st->ntransforms; i++) {
720 ti=st->transforms[i];
721 if ((1UL << ti->capab_transformnum) & remote_transforms)
722 goto transform_found;
723 }
724 slog(st,LOG_ERROR,"no transforms in common"
725 " (us %#"PRIx32"; them: %#"PRIx32")",
726 st->local_capabilities & CAPAB_TRANSFORM_MASK,
727 remote_transforms);
728 return False;
729 transform_found:
730 st->chosen_transform=ti;
731
2fe58dfd
SE		 732 memcpy(st->remoteN,m.nR,NONCELEN);
733 return True;
734}
735
736static bool_t generate_msg3(struct site *st)
737{
738 /* Now we have our nonce and their nonce. Think of a secret key,
739 and create message number 3. */
740 st->random->generate(st->random->st,st->dh->len,st->dhsecret);
5b5f297f
IJ		 741 return generate_msg(st,
742 (st->remote_capabilities & CAPAB_TRANSFORM_MASK
743 ? LABEL_MSG3BIS : LABEL_MSG3),
744 "site:MSG3");
2fe58dfd
SE		 745}
746
e001e8c0
IJ		 747static bool_t process_msg3_msg4(struct site *st, struct msg *m)
748{
749 uint8_t *hash;
750 void *hst;
751
752 /* Check signature and store g^x mod m */
753 hash=safe_malloc(st->hash->len, "process_msg3_msg4");
754 hst=st->hash->init();
755 st->hash->update(hst,m->hashstart,m->hashlen);
756 st->hash->final(hst,hash);
757 /* Terminate signature with a '0' - cheating, but should be ok */
758 m->sig[m->siglen]=0;
759 if (!st->pubkey->check(st->pubkey->st,hash,st->hash->len,m->sig)) {
760 slog(st,LOG_SEC,"msg3/msg4 signature failed check!");
761 free(hash);
762 return False;
763 }
764 free(hash);
765
3ed1846a
IJ		 766 st->remote_adv_mtu=m->remote_mtu;
767
e001e8c0
IJ		 768 return True;
769}
770
2fe58dfd 771static bool_t process_msg3(struct site *st, struct buffer_if *msg3,
5b5f297f 772 const struct comm_addr *src, uint32_t msgtype)
2fe58dfd
SE		 773{
774 struct msg m;
fe5e9cc4 775 cstring_t err;
2fe58dfd 776
5b5f297f
IJ		 777 assert(msgtype==LABEL_MSG3 || msgtype==LABEL_MSG3BIS);
778
779 if (!unpick_msg(st,msgtype,msg3,&m)) return False;
780 if (!check_msg(st,msgtype,&m,&err)) {
ff05a229 781 slog(st,LOG_SEC,"msg3: %s",err);
2fe58dfd
SE		 782 return False;
783 }
09a385fb
IJ		 784 uint32_t capab_adv_late = m.remote_capabilities
785 & ~st->remote_capabilities & CAPAB_EARLY;
786 if (capab_adv_late) {
787 slog(st,LOG_SEC,"msg3 impermissibly adds early capability flag(s)"
788 " %#"PRIx32" (was %#"PRIx32", now %#"PRIx32")",
789 capab_adv_late, st->remote_capabilities, m.remote_capabilities);
790 return False;
791 }
792 st->remote_capabilities|=m.remote_capabilities;
ff05a229 793
5b5f297f
IJ		 794 struct transform_if *ti;
795 int i;
796 for (i=0; i<st->ntransforms; i++) {
797 ti=st->transforms[i];
798 if (ti->capab_transformnum == m.capab_transformnum)
799 goto transform_found;
800 }
801 slog(st,LOG_SEC,"peer chose unknown-to-us transform %d!",
802 m.capab_transformnum);
803 return False;
804 transform_found:
805 st->chosen_transform=ti;
806
e001e8c0 807 if (!process_msg3_msg4(st,&m))
2fe58dfd 808 return False;
2fe58dfd
SE		 809
810 /* Terminate their DH public key with a '0' */
811 m.pk[m.pklen]=0;
812 /* Invent our DH secret key */
813 st->random->generate(st->random->st,st->dh->len,st->dhsecret);
814
5b5f297f
IJ		 815 /* Generate the shared key and set up the transform */
816 set_new_transform(st,m.pk);
2fe58dfd
SE		 817
818 return True;
819}
820
821static bool_t generate_msg4(struct site *st)
822{
823 /* We have both nonces, their public key and our private key. Generate
824 our public key, sign it and send it to them. */
825 return generate_msg(st,LABEL_MSG4,"site:MSG4");
826}
827
828static bool_t process_msg4(struct site *st, struct buffer_if *msg4,
a15faeb2 829 const struct comm_addr *src)
2fe58dfd
SE		 830{
831 struct msg m;
fe5e9cc4 832 cstring_t err;
2fe58dfd
SE		 833
834 if (!unpick_msg(st,LABEL_MSG4,msg4,&m)) return False;
ff05a229
SE		 835 if (!check_msg(st,LABEL_MSG4,&m,&err)) {
836 slog(st,LOG_SEC,"msg4: %s",err);
2fe58dfd
SE		 837 return False;
838 }
839
e001e8c0 840 if (!process_msg3_msg4(st,&m))
2fe58dfd 841 return False;
2fe58dfd
SE		 842
843 /* Terminate their DH public key with a '0' */
844 m.pk[m.pklen]=0;
5b5f297f
IJ		 845
846 /* Generate the shared key and set up the transform */
847 set_new_transform(st,m.pk);
2fe58dfd
SE		 848
849 return True;
850}
851
2fe58dfd
SE		 852struct msg0 {
853 uint32_t dest;
854 uint32_t source;
855 uint32_t type;
856};
857
858static bool_t unpick_msg0(struct site *st, struct buffer_if *msg0,
859 struct msg0 *m)
860{
861 CHECK_AVAIL(msg0,4);
59635212 862 m->dest=buf_unprepend_uint32(msg0);
2fe58dfd 863 CHECK_AVAIL(msg0,4);
59635212 864 m->source=buf_unprepend_uint32(msg0);
2fe58dfd 865 CHECK_AVAIL(msg0,4);
59635212 866 m->type=buf_unprepend_uint32(msg0);
2fe58dfd
SE		 867 return True;
868 /* Leaves transformed part of buffer untouched */
869}
870
ff05a229
SE		 871static bool_t generate_msg5(struct site *st)
872{
fe5e9cc4 873 cstring_t transform_err;
ff05a229
SE		 874
875 BUF_ALLOC(&st->buffer,"site:MSG5");
876 /* We are going to add four words to the message */
3abd18e8 877 buffer_init(&st->buffer,calculate_max_start_pad());
ff05a229
SE		 878 /* Give the netlink code an opportunity to put its own stuff in the
879 message (configuration information, etc.) */
ff05a229 880 buf_prepend_uint32(&st->buffer,LABEL_MSG5);
0afd257e
IJ		 881 if (call_transform_forwards(st,st->new_transform,
882 &st->buffer,&transform_err))
883 return False;
ff05a229 884 buf_prepend_uint32(&st->buffer,LABEL_MSG5);
58650a70 885 buf_prepend_uint32(&st->buffer,st->index);
ff05a229
SE		 886 buf_prepend_uint32(&st->buffer,st->setup_session_id);
887
888 st->retries=st->setup_retries;
889 return True;
890}
891
2fe58dfd 892static bool_t process_msg5(struct site *st, struct buffer_if *msg5,
c90cc2a7
IJ		 893 const struct comm_addr *src,
894 struct transform_inst_if *transform)
2fe58dfd
SE		 895{
896 struct msg0 m;
fe5e9cc4 897 cstring_t transform_err;
2fe58dfd
SE		 898
899 if (!unpick_msg0(st,msg5,&m)) return False;
900
0afd257e 901 if (call_transform_reverse(st,transform,msg5,&transform_err)) {
2fe58dfd 902 /* There's a problem */
59635212 903 slog(st,LOG_SEC,"process_msg5: transform: %s",transform_err);
2fe58dfd
SE		 904 return False;
905 }
906 /* Buffer should now contain untransformed PING packet data */
907 CHECK_AVAIL(msg5,4);
59635212 908 if (buf_unprepend_uint32(msg5)!=LABEL_MSG5) {
ff05a229 909 slog(st,LOG_SEC,"MSG5/PING packet contained wrong label");
2fe58dfd
SE		 910 return False;
911 }
ff7cdc9e
IJ		 912 /* Older versions of secnet used to write some config data here
913 * which we ignore. So we don't CHECK_EMPTY */
2fe58dfd
SE		 914 return True;
915}
916
c90cc2a7
IJ		 917static void create_msg6(struct site *st, struct transform_inst_if *transform,
918 uint32_t session_id)
2fe58dfd 919{
fe5e9cc4 920 cstring_t transform_err;
2fe58dfd
SE		 921
922 BUF_ALLOC(&st->buffer,"site:MSG6");
ff05a229 923 /* We are going to add four words to the message */
3abd18e8 924 buffer_init(&st->buffer,calculate_max_start_pad());
794f2398
SE		 925 /* Give the netlink code an opportunity to put its own stuff in the
926 message (configuration information, etc.) */
ff05a229 927 buf_prepend_uint32(&st->buffer,LABEL_MSG6);
0afd257e
IJ		 928 int problem = call_transform_forwards(st,transform,
929 &st->buffer,&transform_err);
930 assert(!problem);
59635212 931 buf_prepend_uint32(&st->buffer,LABEL_MSG6);
58650a70 932 buf_prepend_uint32(&st->buffer,st->index);
c90cc2a7
IJ		 933 buf_prepend_uint32(&st->buffer,session_id);
934}
2fe58dfd 935
c90cc2a7
IJ		 936static bool_t generate_msg6(struct site *st)
937{
0afd257e
IJ		 938 if (!is_transform_valid(st->new_transform))
939 return False;
c90cc2a7 940 create_msg6(st,st->new_transform,st->setup_session_id);
ff05a229 941 st->retries=1; /* Peer will retransmit MSG5 if this packet gets lost */
2fe58dfd
SE		 942 return True;
943}
944
945static bool_t process_msg6(struct site *st, struct buffer_if *msg6,
a15faeb2 946 const struct comm_addr *src)
2fe58dfd
SE		 947{
948 struct msg0 m;
fe5e9cc4 949 cstring_t transform_err;
2fe58dfd
SE		 950
951 if (!unpick_msg0(st,msg6,&m)) return False;
952
0afd257e 953 if (call_transform_reverse(st,st->new_transform,msg6,&transform_err)) {
2fe58dfd 954 /* There's a problem */
59635212 955 slog(st,LOG_SEC,"process_msg6: transform: %s",transform_err);
2fe58dfd
SE		 956 return False;
957 }
958 /* Buffer should now contain untransformed PING packet data */
959 CHECK_AVAIL(msg6,4);
59635212
SE		 960 if (buf_unprepend_uint32(msg6)!=LABEL_MSG6) {
961 slog(st,LOG_SEC,"MSG6/PONG packet contained invalid data");
2fe58dfd
SE		 962 return False;
963 }
ff7cdc9e
IJ		 964 /* Older versions of secnet used to write some config data here
965 * which we ignore. So we don't CHECK_EMPTY */
2fe58dfd
SE		 966 return True;
967}
968
48b97423
IJ		 969static bool_t decrypt_msg0(struct site *st, struct buffer_if *msg0,
970 const struct comm_addr *src)
2fe58dfd 971{
02b0959b 972 cstring_t transform_err, auxkey_err, newkey_err="n/a";
065e1922
IJ		 973 struct msg0 m;
974 uint32_t problem;
2fe58dfd 975
2fe58dfd
SE		 976 if (!unpick_msg0(st,msg0,&m)) return False;
977
05f39b4d
IJ		 978 /* Keep a copy so we can try decrypting it with multiple keys */
979 buffer_copy(&st->scratch, msg0);
980
0afd257e
IJ		 981 problem = call_transform_reverse(st,st->current.transform,
982 msg0,&transform_err);
02b0959b 983 if (!problem) {
bd98cd6b
IJ		 984 if (!st->auxiliary_is_new)
985 delete_one_key(st,&st->auxiliary_key,
986 "peer has used new key","auxiliary key",LOG_SEC);
02b0959b
IJ		 987 return True;
988 }
48b97423
IJ		 989 if (problem==2)
990 goto skew;
07e4774c 991
02b0959b 992 buffer_copy(msg0, &st->scratch);
fcad4b0b
IJ		 993 problem = call_transform_reverse(st,st->auxiliary_key.transform,
994 msg0,&auxkey_err);
02b0959b
IJ		 995 if (problem==0) {
996 slog(st,LOG_DROP,"processing packet which uses auxiliary key");
bd98cd6b
IJ		 997 if (st->auxiliary_is_new) {
998 /* We previously timed out in state SENTMSG5 but it turns
999 * out that our peer did in fact get our MSG5 and is
1000 * using the new key. So we should switch to it too. */
1001 /* This is a bit like activate_new_key. */
1002 struct data_key t;
1003 t=st->current;
1004 st->current=st->auxiliary_key;
1005 st->auxiliary_key=t;
1006
1007 delete_one_key(st,&st->auxiliary_key,"peer has used new key",
1008 "previous key",LOG_SEC);
1009 st->auxiliary_is_new=0;
1010 st->renegotiate_key_time=st->auxiliary_renegotiate_key_time;
1011 }
02b0959b
IJ		 1012 return True;
1013 }
48b97423
IJ		 1014 if (problem==2)
1015 goto skew;
02b0959b 1016
05f39b4d
IJ		 1017 if (st->state==SITE_SENTMSG5) {
1018 buffer_copy(msg0, &st->scratch);
0afd257e
IJ		 1019 problem = call_transform_reverse(st,st->new_transform,
1020 msg0,&newkey_err);
48b97423 1021 if (!problem) {
05f39b4d
IJ		 1022 /* It looks like we didn't get the peer's MSG6 */
1023 /* This is like a cut-down enter_new_state(SITE_RUN) */
1024 slog(st,LOG_STATE,"will enter state RUN (MSG0 with new key)");
1025 BUF_FREE(&st->buffer);
1026 st->timeout=0;
1027 activate_new_key(st);
1028 return True; /* do process the data in this packet */
1029 }
48b97423
IJ		 1030 if (problem==2)
1031 goto skew;
05f39b4d
IJ		 1032 }
1033
02b0959b
IJ		 1034 slog(st,LOG_SEC,"transform: %s (aux: %s, new: %s)",
1035 transform_err,auxkey_err,newkey_err);
dd9209d1 1036 initiate_key_setup(st,"incoming message would not decrypt",0);
48b97423
IJ		 1037 send_nak(src,m.dest,m.source,m.type,msg0,"message would not decrypt");
1038 return False;
1039
1040 skew:
1041 slog(st,LOG_DROP,"transform: %s (merely skew)",transform_err);
065e1922
IJ		 1042 return False;
1043}
1044
1045static bool_t process_msg0(struct site *st, struct buffer_if *msg0,
1046 const struct comm_addr *src)
1047{
1048 uint32_t type;
1049
48b97423 1050 if (!decrypt_msg0(st,msg0,src))
065e1922
IJ		 1051 return False;
1052
2fe58dfd 1053 CHECK_AVAIL(msg0,4);
59635212 1054 type=buf_unprepend_uint32(msg0);
2fe58dfd 1055 switch(type) {
794f2398
SE		 1056 case LABEL_MSG7:
1057 /* We must forget about the current session. */
1d388569 1058 delete_keys(st,"request from peer",LOG_SEC);
794f2398 1059 return True;
2fe58dfd
SE		 1060 case LABEL_MSG9:
1061 /* Deliver to netlink layer */
469fd1d9 1062 st->netlink->deliver(st->netlink->st,msg0);
446353cd 1063 transport_data_msgok(st,src);
837cf01e
IJ		 1064 /* See whether we should start negotiating a new key */
1065 if (st->now > st->renegotiate_key_time)
dd9209d1 1066 initiate_key_setup(st,"incoming packet in renegotiation window",0);
2fe58dfd 1067 return True;
2fe58dfd 1068 default:
ff05a229
SE		 1069 slog(st,LOG_SEC,"incoming encrypted message of type %08x "
1070 "(unknown)",type);
2fe58dfd
SE		 1071 break;
1072 }
1073 return False;
1074}
1075
1076static void dump_packet(struct site *st, struct buffer_if *buf,
a15faeb2 1077 const struct comm_addr *addr, bool_t incoming)
2fe58dfd 1078{
0a6cbade
IJ		 1079 uint32_t dest=get_uint32(buf->start);
1080 uint32_t source=get_uint32(buf->start+4);
1081 uint32_t msgtype=get_uint32(buf->start+8);
2fe58dfd
SE		 1082
1083 if (st->log_events & LOG_DUMP)
040ee979
SE		 1084 slilog(st->log,M_DEBUG,"%s: %s: %08x<-%08x: %08x:",
1085 st->tunname,incoming?"incoming":"outgoing",
1086 dest,source,msgtype);
2fe58dfd
SE		 1087}
1088
1089static uint32_t site_status(void *st)
1090{
1091 return 0;
1092}
1093
1094static bool_t send_msg(struct site *st)
1095{
1096 if (st->retries>0) {
446353cd 1097 transport_xmit(st, &st->setup_peers, &st->buffer, True);
e7f8ec2a 1098 st->timeout=st->now+st->setup_retry_interval;
2fe58dfd
SE		 1099 st->retries--;
1100 return True;
bd98cd6b 1101 } else if (st->state==SITE_SENTMSG5) {
4f3c75ac 1102 logtimeout(st,"timed out sending MSG5, stashing new key");
bd98cd6b
IJ		 1103 /* We stash the key we have produced, in case it turns out that
1104 * our peer did see our MSG5 after all and starts using it. */
1105 /* This is a bit like some of activate_new_key */
1106 struct transform_inst_if *t;
1107 t=st->auxiliary_key.transform;
1108 st->auxiliary_key.transform=st->new_transform;
1109 st->new_transform=t;
0afd257e 1110 dispose_transform(&st->new_transform);
bd98cd6b 1111
bd98cd6b
IJ		 1112 st->auxiliary_is_new=1;
1113 st->auxiliary_key.key_timeout=st->now+st->key_lifetime;
1114 st->auxiliary_renegotiate_key_time=st->now+st->key_renegotiate_time;
1115 st->auxiliary_key.remote_session_id=st->setup_session_id;
1116
1117 enter_state_wait(st);
1118 return False;
2fe58dfd 1119 } else {
4f3c75ac 1120 logtimeout(st,"timed out sending key setup packet "
3454dce4 1121 "(in state %s)",state_name(st->state));
2fe58dfd
SE		 1122 enter_state_wait(st);
1123 return False;
1124 }
1125}
1126
1127static void site_resolve_callback(void *sst, struct in_addr *address)
1128{
1129 struct site *st=sst;
446353cd 1130 struct comm_addr ca_buf, *ca_use;
2fe58dfd
SE		 1131
1132 if (st->state!=SITE_RESOLVE) {
1133 slog(st,LOG_UNEXPECTED,"site_resolve_callback called unexpectedly");
1134 return;
1135 }
1136 if (address) {
446353cd 1137 FILLZERO(ca_buf);
59533c16 1138 ca_buf.comm=st->comms[0];
446353cd
IJ		 1139 ca_buf.sin.sin_family=AF_INET;
1140 ca_buf.sin.sin_port=htons(st->remoteport);
1141 ca_buf.sin.sin_addr=*address;
1142 ca_use=&ca_buf;
2fe58dfd 1143 } else {
2fe58dfd 1144 slog(st,LOG_ERROR,"resolution of %s failed",st->address);
446353cd
IJ		 1145 ca_use=0;
1146 }
dd9209d1 1147 if (transport_compute_setupinit_peers(st,ca_use,0)) {
446353cd
IJ		 1148 enter_new_state(st,SITE_SENTMSG1);
1149 } else {
1150 /* Can't figure out who to try to to talk to */
1151 slog(st,LOG_SETUP_INIT,"key exchange failed: cannot find peer address");
2fe58dfd
SE		 1152 enter_state_run(st);
1153 }
1154}
1155
dd9209d1
IJ		 1156static bool_t initiate_key_setup(struct site *st, cstring_t reason,
1157 const struct comm_addr *prod_hint)
9d3a4132
SE		 1158{
1159 if (st->state!=SITE_RUN) return False;
794f2398 1160 slog(st,LOG_SETUP_INIT,"initiating key exchange (%s)",reason);
9d3a4132 1161 if (st->address) {
794f2398 1162 slog(st,LOG_SETUP_INIT,"resolving peer address");
9d3a4132 1163 return enter_state_resolve(st);
dd9209d1 1164 } else if (transport_compute_setupinit_peers(st,0,prod_hint)) {
ff05a229 1165 return enter_new_state(st,SITE_SENTMSG1);
9d3a4132 1166 }
ff05a229 1167 slog(st,LOG_SETUP_INIT,"key exchange failed: no address for peer");
9d3a4132
SE		 1168 return False;
1169}
1170
2fe58dfd
SE		 1171static void activate_new_key(struct site *st)
1172{
1173 struct transform_inst_if *t;
1174
02b0959b
IJ		 1175 /* We have three transform instances, which we swap between old,
1176 active and setup */
1177 t=st->auxiliary_key.transform;
1178 st->auxiliary_key.transform=st->current.transform;
19e9a588 1179 st->current.transform=st->new_transform;
2fe58dfd 1180 st->new_transform=t;
0afd257e 1181 dispose_transform(&st->new_transform);
2fe58dfd 1182
2fe58dfd 1183 st->timeout=0;
bd98cd6b 1184 st->auxiliary_is_new=0;
02b0959b 1185 st->auxiliary_key.key_timeout=st->current.key_timeout;
19e9a588 1186 st->current.key_timeout=st->now+st->key_lifetime;
ff05a229 1187 st->renegotiate_key_time=st->now+st->key_renegotiate_time;
446353cd 1188 transport_peers_copy(st,&st->peers,&st->setup_peers);
19e9a588 1189 st->current.remote_session_id=st->setup_session_id;
2fe58dfd 1190
3ed1846a
IJ		 1191 /* Compute the inter-site MTU. This is min( our_mtu, their_mtu ).
1192 * But their mtu be unspecified, in which case we just use ours. */
1193 uint32_t intersite_mtu=
1194 MIN(st->mtu_target, st->remote_adv_mtu ?: ~(uint32_t)0);
1195 st->netlink->set_mtu(st->netlink->st,intersite_mtu);
1196
1197 slog(st,LOG_ACTIVATE_KEY,"new key activated"
1198 " (mtu ours=%"PRId32" theirs=%"PRId32" intersite=%"PRId32")",
1199 st->mtu_target, st->remote_adv_mtu, intersite_mtu);
9d3a4132 1200 enter_state_run(st);
2fe58dfd
SE		 1201}
1202
1d388569
IJ		 1203static void delete_one_key(struct site *st, struct data_key *key,
1204 cstring_t reason, cstring_t which, uint32_t loglevel)
1205{
0afd257e 1206 if (!is_transform_valid(key->transform)) return;
1d388569 1207 if (reason) slog(st,loglevel,"%s deleted (%s)",which,reason);
0afd257e 1208 dispose_transform(&key->transform);
1d388569
IJ		 1209 key->key_timeout=0;
1210}
1211
1212static void delete_keys(struct site *st, cstring_t reason, uint32_t loglevel)
794f2398 1213{
3d8d8f4e 1214 if (current_valid(st)) {
794f2398
SE		 1215 slog(st,loglevel,"session closed (%s)",reason);
1216
1d388569 1217 delete_one_key(st,&st->current,0,0,0);
794f2398
SE		 1218 set_link_quality(st);
1219 }
02b0959b 1220 delete_one_key(st,&st->auxiliary_key,0,0,0);
794f2398
SE		 1221}
1222
2fe58dfd
SE		 1223static void state_assert(struct site *st, bool_t ok)
1224{
4f5e39ec 1225 if (!ok) fatal("site:state_assert");
2fe58dfd
SE		 1226}
1227
1228static void enter_state_stop(struct site *st)
1229{
1230 st->state=SITE_STOP;
1231 st->timeout=0;
1d388569 1232 delete_keys(st,"entering state STOP",LOG_TIMEOUT_KEY);
0afd257e 1233 dispose_transform(&st->new_transform);
2fe58dfd
SE		 1234}
1235
9d3a4132
SE		 1236static void set_link_quality(struct site *st)
1237{
1238 uint32_t quality;
3d8d8f4e 1239 if (current_valid(st))
9d3a4132
SE		 1240 quality=LINK_QUALITY_UP;
1241 else if (st->state==SITE_WAIT || st->state==SITE_STOP)
1242 quality=LINK_QUALITY_DOWN;
1243 else if (st->address)
1244 quality=LINK_QUALITY_DOWN_CURRENT_ADDRESS;
446353cd 1245 else if (transport_peers_valid(&st->peers))
9d3a4132
SE		 1246 quality=LINK_QUALITY_DOWN_STALE_ADDRESS;
1247 else
1248 quality=LINK_QUALITY_DOWN;
1249
469fd1d9 1250 st->netlink->set_quality(st->netlink->st,quality);
9d3a4132
SE		 1251}
1252
2fe58dfd
SE		 1253static void enter_state_run(struct site *st)
1254{
1255 slog(st,LOG_STATE,"entering state RUN");
1256 st->state=SITE_RUN;
1257 st->timeout=0;
9d3a4132 1258
ff05a229 1259 st->setup_session_id=0;
446353cd 1260 transport_peers_clear(st,&st->setup_peers);
ff05a229
SE		 1261 memset(st->localN,0,NONCELEN);
1262 memset(st->remoteN,0,NONCELEN);
0afd257e 1263 dispose_transform(&st->new_transform);
ff05a229 1264 memset(st->dhsecret,0,st->dh->len);
7c9ca4bd 1265 memset(st->sharedsecret,0,st->sharedsecretlen);
9d3a4132 1266 set_link_quality(st);
2fe58dfd
SE		 1267}
1268
1269static bool_t enter_state_resolve(struct site *st)
1270{
1271 state_assert(st,st->state==SITE_RUN);
1272 slog(st,LOG_STATE,"entering state RESOLVE");
1273 st->state=SITE_RESOLVE;
1274 st->resolver->request(st->resolver->st,st->address,
1275 site_resolve_callback,st);
1276 return True;
1277}
1278
ff05a229 1279static bool_t enter_new_state(struct site *st, uint32_t next)
2fe58dfd 1280{
ff05a229 1281 bool_t (*gen)(struct site *st);
3b83c932
SE		 1282 int r;
1283
ff05a229
SE		 1284 slog(st,LOG_STATE,"entering state %s",state_name(next));
1285 switch(next) {
1286 case SITE_SENTMSG1:
1287 state_assert(st,st->state==SITE_RUN || st->state==SITE_RESOLVE);
1288 gen=generate_msg1;
1289 break;
1290 case SITE_SENTMSG2:
1291 state_assert(st,st->state==SITE_RUN || st->state==SITE_RESOLVE ||
1292 st->state==SITE_SENTMSG1 || st->state==SITE_WAIT);
1293 gen=generate_msg2;
1294 break;
1295 case SITE_SENTMSG3:
1296 state_assert(st,st->state==SITE_SENTMSG1);
1297 BUF_FREE(&st->buffer);
1298 gen=generate_msg3;
1299 break;
1300 case SITE_SENTMSG4:
1301 state_assert(st,st->state==SITE_SENTMSG2);
1302 BUF_FREE(&st->buffer);
1303 gen=generate_msg4;
1304 break;
1305 case SITE_SENTMSG5:
1306 state_assert(st,st->state==SITE_SENTMSG3);
1307 BUF_FREE(&st->buffer);
1308 gen=generate_msg5;
1309 break;
1310 case SITE_RUN:
1311 state_assert(st,st->state==SITE_SENTMSG4);
1312 BUF_FREE(&st->buffer);
1313 gen=generate_msg6;
1314 break;
1315 default:
1316 gen=NULL;
4f5e39ec 1317 fatal("enter_new_state(%s): invalid new state",state_name(next));
ff05a229 1318 break;
2fe58dfd 1319 }
2fe58dfd 1320
3b83c932
SE		 1321 if (hacky_par_start_failnow()) return False;
1322
1323 r= gen(st) && send_msg(st);
1324
1325 hacky_par_end(&r,
e7f8ec2a 1326 st->setup_retries, st->setup_retry_interval,
3b83c932
SE		 1327 send_msg, st);
1328
1329 if (r) {
ff05a229
SE		 1330 st->state=next;
1331 if (next==SITE_RUN) {
1332 BUF_FREE(&st->buffer); /* Never reused */
1333 st->timeout=0; /* Never retransmit */
1334 activate_new_key(st);
1335 }
2fe58dfd
SE		 1336 return True;
1337 }
ff05a229
SE		 1338 slog(st,LOG_ERROR,"error entering state %s",state_name(next));
1339 st->buffer.free=False; /* Unconditionally use the buffer; it may be
1340 in either state, and enter_state_wait() will
1341 do a BUF_FREE() */
2fe58dfd
SE		 1342 enter_state_wait(st);
1343 return False;
1344}
1345
ff05a229 1346/* msg7 tells our peer that we're about to forget our key */
fe5e9cc4 1347static bool_t send_msg7(struct site *st, cstring_t reason)
794f2398 1348{
fe5e9cc4 1349 cstring_t transform_err;
794f2398 1350
3d8d8f4e 1351 if (current_valid(st) && st->buffer.free
446353cd 1352 && transport_peers_valid(&st->peers)) {
794f2398 1353 BUF_ALLOC(&st->buffer,"site:MSG7");
3abd18e8 1354 buffer_init(&st->buffer,calculate_max_start_pad());
794f2398
SE		 1355 buf_append_uint32(&st->buffer,LABEL_MSG7);
1356 buf_append_string(&st->buffer,reason);
0afd257e
IJ		 1357 if (call_transform_forwards(st, st->current.transform,
1358 &st->buffer, &transform_err))
1359 goto free_out;
794f2398 1360 buf_prepend_uint32(&st->buffer,LABEL_MSG0);
58650a70 1361 buf_prepend_uint32(&st->buffer,st->index);
19e9a588 1362 buf_prepend_uint32(&st->buffer,st->current.remote_session_id);
446353cd 1363 transport_xmit(st,&st->peers,&st->buffer,True);
794f2398 1364 BUF_FREE(&st->buffer);
0afd257e 1365 free_out:
794f2398
SE		 1366 return True;
1367 }
1368 return False;
1369}
1370
2fe58dfd
SE		 1371/* We go into this state if our peer becomes uncommunicative. Similar to
1372 the "stop" state, we forget all session keys for a while, before
1373 re-entering the "run" state. */
1374static void enter_state_wait(struct site *st)
1375{
1376 slog(st,LOG_STATE,"entering state WAIT");
1377 st->timeout=st->now+st->wait_timeout;
1378 st->state=SITE_WAIT;
9d3a4132 1379 set_link_quality(st);
2fe58dfd
SE		 1380 BUF_FREE(&st->buffer); /* will have had an outgoing packet in it */
1381 /* XXX Erase keys etc. */
1382}
1383
dd9209d1
IJ		 1384static void generate_prod(struct site *st, struct buffer_if *buf)
1385{
1386 buffer_init(buf,0);
1387 buf_append_uint32(buf,0);
1388 buf_append_uint32(buf,0);
1389 buf_append_uint32(buf,LABEL_PROD);
1390 buf_append_string(buf,st->localname);
1391 buf_append_string(buf,st->remotename);
1392}
1393
1394static void generate_send_prod(struct site *st,
1395 const struct comm_addr *source)
1396{
1397 if (!st->allow_send_prod) return; /* too soon */
1398 if (!(st->state==SITE_RUN || st->state==SITE_RESOLVE ||
1399 st->state==SITE_WAIT)) return; /* we'd ignore peer's MSG1 */
1400
1401 slog(st,LOG_SETUP_INIT,"prodding peer for key exchange");
1402 st->allow_send_prod=0;
1403 generate_prod(st,&st->scratch);
1404 dump_packet(st,&st->scratch,source,False);
1405 source->comm->sendmsg(source->comm->st, &st->scratch, source);
1406}
1407
16f73fa6 1408static inline void site_settimeout(uint64_t timeout, int *timeout_io)
fe5e9cc4
SE		 1409{
1410 if (timeout) {
0009e60a
IJ		 1411 int64_t offset=timeout-*now;
1412 if (offset<0) offset=0;
fe5e9cc4
SE		 1413 if (offset>INT_MAX) offset=INT_MAX;
1414 if (*timeout_io<0 || offset<*timeout_io)
1415 *timeout_io=offset;
1416 }
1417}
1418
2fe58dfd 1419static int site_beforepoll(void *sst, struct pollfd *fds, int *nfds_io,
90a39563 1420 int *timeout_io)
2fe58dfd
SE		 1421{
1422 struct site *st=sst;
1423
1424 *nfds_io=0; /* We don't use any file descriptors */
1425 st->now=*now;
1426
1427 /* Work out when our next timeout is. The earlier of 'timeout' or
19e9a588 1428 'current.key_timeout'. A stored value of '0' indicates no timeout
2fe58dfd 1429 active. */
16f73fa6 1430 site_settimeout(st->timeout, timeout_io);
19e9a588 1431 site_settimeout(st->current.key_timeout, timeout_io);
02b0959b 1432 site_settimeout(st->auxiliary_key.key_timeout, timeout_io);
2fe58dfd
SE		 1433
1434 return 0; /* success */
1435}
1436
1d388569
IJ		 1437static void check_expiry(struct site *st, struct data_key *key,
1438 const char *which)
1439{
1440 if (key->key_timeout && *now>key->key_timeout) {
1441 delete_one_key(st,key,"maximum life exceeded",which,LOG_TIMEOUT_KEY);
1442 }
1443}
1444
2fe58dfd 1445/* NB site_afterpoll will be called before site_beforepoll is ever called */
90a39563 1446static void site_afterpoll(void *sst, struct pollfd *fds, int nfds)
2fe58dfd
SE		 1447{
1448 struct site *st=sst;
1449
1450 st->now=*now;
1451 if (st->timeout && *now>st->timeout) {
2fe58dfd 1452 st->timeout=0;
3b83c932
SE		 1453 if (st->state>=SITE_SENTMSG1 && st->state<=SITE_SENTMSG5) {
1454 if (!hacky_par_start_failnow())
1455 send_msg(st);
1456 } else if (st->state==SITE_WAIT) {
2fe58dfd
SE		 1457 enter_state_run(st);
1458 } else {
1459 slog(st,LOG_ERROR,"site_afterpoll: unexpected timeout, state=%d",
1460 st->state);
1461 }
1462 }
1d388569 1463 check_expiry(st,&st->current,"current key");
02b0959b 1464 check_expiry(st,&st->auxiliary_key,"auxiliary key");
2fe58dfd
SE		 1465}
1466
1467/* This function is called by the netlink device to deliver packets
1468 intended for the remote network. The packet is in "raw" wire
1469 format, but is guaranteed to be word-aligned. */
469fd1d9 1470static void site_outgoing(void *sst, struct buffer_if *buf)
2fe58dfd
SE		 1471{
1472 struct site *st=sst;
fe5e9cc4 1473 cstring_t transform_err;
2fe58dfd
SE		 1474
1475 if (st->state==SITE_STOP) {
1476 BUF_FREE(buf);
1477 return;
1478 }
1479
dd9209d1
IJ		 1480 st->allow_send_prod=1;
1481
2fe58dfd
SE		 1482 /* In all other states we consider delivering the packet if we have
1483 a valid key and a valid address to send it to. */
3d8d8f4e 1484 if (current_valid(st) && transport_peers_valid(&st->peers)) {
2fe58dfd 1485 /* Transform it and send it */
70dc107b
SE		 1486 if (buf->size>0) {
1487 buf_prepend_uint32(buf,LABEL_MSG9);
0afd257e
IJ		 1488 if (call_transform_forwards(st, st->current.transform,
1489 buf, &transform_err))
1490 goto free_out;
70dc107b 1491 buf_prepend_uint32(buf,LABEL_MSG0);
58650a70 1492 buf_prepend_uint32(buf,st->index);
19e9a588 1493 buf_prepend_uint32(buf,st->current.remote_session_id);
446353cd 1494 transport_xmit(st,&st->peers,buf,False);
70dc107b 1495 }
0afd257e 1496 free_out:
2fe58dfd
SE		 1497 BUF_FREE(buf);
1498 return;
1499 }
1500
70dc107b 1501 slog(st,LOG_DROP,"discarding outgoing packet of size %d",buf->size);
2fe58dfd 1502 BUF_FREE(buf);
dd9209d1 1503 initiate_key_setup(st,"outgoing packet",0);
2fe58dfd
SE		 1504}
1505
7e29719e
IJ		 1506static bool_t named_for_us(struct site *st, const struct buffer_if *buf_in,
1507 uint32_t type, struct msg *m)
1508 /* For packets which are identified by the local and remote names.
1509 * If it has our name and our peer's name in it it's for us. */
1510{
1511 struct buffer_if buf[1];
1512 buffer_readonly_clone(buf,buf_in);
1513 return unpick_msg(st,type,buf,m)
1514 && name_matches(&m->remote,st->remotename)
1515 && name_matches(&m->local,st->localname);
1516}
1517
2fe58dfd 1518/* This function is called by the communication device to deliver
dd9209d1
IJ		 1519 packets from our peers.
1520 It should return True if the packet is recognised as being for
1521 this current site instance (and should therefore not be processed
1522 by other sites), even if the packet was otherwise ignored. */
2fe58dfd 1523static bool_t site_incoming(void *sst, struct buffer_if *buf,
a15faeb2 1524 const struct comm_addr *source)
2fe58dfd
SE		 1525{
1526 struct site *st=sst;
20138876
IJ		 1527
1528 if (buf->size < 12) return False;
1529
0a6cbade
IJ		 1530 uint32_t dest=get_uint32(buf->start);
1531 uint32_t msgtype=get_uint32(buf->start+8);
7e29719e
IJ		 1532 struct msg named_msg;
1533
1534 if (msgtype==LABEL_MSG1) {
1535 if (!named_for_us(st,buf,msgtype,&named_msg))
1536 return False;
1537 /* It's a MSG1 addressed to us. Decide what to do about it. */
1538 dump_packet(st,buf,source,True);
1539 if (st->state==SITE_RUN || st->state==SITE_RESOLVE ||
1540 st->state==SITE_WAIT) {
1541 /* We should definitely process it */
1542 if (process_msg1(st,buf,source,&named_msg)) {
1543 slog(st,LOG_SETUP_INIT,"key setup initiated by peer");
1544 enter_new_state(st,SITE_SENTMSG2);
1545 } else {
1546 slog(st,LOG_ERROR,"failed to process incoming msg1");
1547 }
1548 BUF_FREE(buf);
1549 return True;
1550 } else if (st->state==SITE_SENTMSG1) {
1551 /* We've just sent a message 1! They may have crossed on
1552 the wire. If we have priority then we ignore the
1553 incoming one, otherwise we process it as usual. */
1554 if (st->setup_priority) {
1555 BUF_FREE(buf);
1556 slog(st,LOG_DUMP,"crossed msg1s; we are higher "
1557 "priority => ignore incoming msg1");
1558 return True;
1559 } else {
1560 slog(st,LOG_DUMP,"crossed msg1s; we are lower "
1561 "priority => use incoming msg1");
1562 if (process_msg1(st,buf,source,&named_msg)) {
1563 BUF_FREE(&st->buffer); /* Free our old message 1 */
ff05a229 1564 enter_new_state(st,SITE_SENTMSG2);
2fe58dfd 1565 } else {
7e29719e
IJ		 1566 slog(st,LOG_ERROR,"failed to process an incoming "
1567 "crossed msg1 (we have low priority)");
2fe58dfd
SE		 1568 }
1569 BUF_FREE(buf);
1570 return True;
2fe58dfd 1571 }
2fe58dfd 1572 }
7e29719e
IJ		 1573 /* The message 1 was received at an unexpected stage of the
1574 key setup. XXX POLICY - what do we do? */
1575 slog(st,LOG_UNEXPECTED,"unexpected incoming message 1");
1576 BUF_FREE(buf);
1577 return True;
2fe58dfd 1578 }
dd9209d1
IJ		 1579 if (msgtype==LABEL_PROD) {
1580 if (!named_for_us(st,buf,msgtype,&named_msg))
1581 return False;
1582 dump_packet(st,buf,source,True);
1583 if (st->state!=SITE_RUN) {
1584 slog(st,LOG_DROP,"ignoring PROD when not in state RUN");
1585 } else if (current_valid(st)) {
1586 slog(st,LOG_DROP,"ignoring PROD when we think we have a key");
1587 } else {
1588 initiate_key_setup(st,"peer sent PROD packet",source);
1589 }
1590 BUF_FREE(buf);
1591 return True;
1592 }
58650a70 1593 if (dest==st->index) {
2fe58dfd
SE		 1594 /* Explicitly addressed to us */
1595 if (msgtype!=LABEL_MSG0) dump_packet(st,buf,source,True);
1596 switch (msgtype) {
136740e6 1597 case LABEL_NAK:
794f2398
SE		 1598 /* If the source is our current peer then initiate a key setup,
1599 because our peer's forgotten the key */
19e9a588 1600 if (get_uint32(buf->start+4)==st->current.remote_session_id) {
dd9209d1
IJ		 1601 bool_t initiated;
1602 initiated = initiate_key_setup(st,"received a NAK",0);
1603 if (!initiated) generate_send_prod(st,source);
794f2398
SE		 1604 } else {
1605 slog(st,LOG_SEC,"bad incoming NAK");
1606 }
1607 break;
2fe58dfd
SE		 1608 case LABEL_MSG0:
1609 process_msg0(st,buf,source);
1610 break;
1611 case LABEL_MSG1:
1612 /* Setup packet: should not have been explicitly addressed
1613 to us */
59635212 1614 slog(st,LOG_SEC,"incoming explicitly addressed msg1");
2fe58dfd
SE		 1615 break;
1616 case LABEL_MSG2:
1617 /* Setup packet: expected only in state SENTMSG1 */
1618 if (st->state!=SITE_SENTMSG1) {
1619 slog(st,LOG_UNEXPECTED,"unexpected MSG2");
446353cd
IJ		 1620 } else if (process_msg2(st,buf,source)) {
1621 transport_setup_msgok(st,source);
ff05a229 1622 enter_new_state(st,SITE_SENTMSG3);
446353cd 1623 } else {
59635212 1624 slog(st,LOG_SEC,"invalid MSG2");
2fe58dfd
SE		 1625 }
1626 break;
1627 case LABEL_MSG3:
5b5f297f 1628 case LABEL_MSG3BIS:
2fe58dfd
SE		 1629 /* Setup packet: expected only in state SENTMSG2 */
1630 if (st->state!=SITE_SENTMSG2) {
1631 slog(st,LOG_UNEXPECTED,"unexpected MSG3");
5b5f297f 1632 } else if (process_msg3(st,buf,source,msgtype)) {
446353cd 1633 transport_setup_msgok(st,source);
ff05a229 1634 enter_new_state(st,SITE_SENTMSG4);
446353cd 1635 } else {
59635212 1636 slog(st,LOG_SEC,"invalid MSG3");
2fe58dfd
SE		 1637 }
1638 break;
1639 case LABEL_MSG4:
1640 /* Setup packet: expected only in state SENTMSG3 */
1641 if (st->state!=SITE_SENTMSG3) {
1642 slog(st,LOG_UNEXPECTED,"unexpected MSG4");
446353cd
IJ		 1643 } else if (process_msg4(st,buf,source)) {
1644 transport_setup_msgok(st,source);
ff05a229 1645 enter_new_state(st,SITE_SENTMSG5);
446353cd 1646 } else {
59635212 1647 slog(st,LOG_SEC,"invalid MSG4");
2fe58dfd
SE		 1648 }
1649 break;
1650 case LABEL_MSG5:
4efd681a
SE		 1651 /* Setup packet: expected only in state SENTMSG4 */
1652 /* (may turn up in state RUN if our return MSG6 was lost
1653 and the new key has already been activated. In that
05f39b4d
IJ		 1654 case we discard it. The peer will realise that we
1655 are using the new key when they see our data packets.
1656 Until then the peer's data packets to us get discarded. */
c90cc2a7
IJ		 1657 if (st->state==SITE_SENTMSG4) {
1658 if (process_msg5(st,buf,source,st->new_transform)) {
1659 transport_setup_msgok(st,source);
1660 enter_new_state(st,SITE_RUN);
1661 } else {
1662 slog(st,LOG_SEC,"invalid MSG5");
1663 }
1664 } else if (st->state==SITE_RUN) {
19e9a588 1665 if (process_msg5(st,buf,source,st->current.transform)) {
c90cc2a7
IJ		 1666 slog(st,LOG_DROP,"got MSG5, retransmitting MSG6");
1667 transport_setup_msgok(st,source);
19e9a588
IJ		 1668 create_msg6(st,st->current.transform,
1669 st->current.remote_session_id);
c90cc2a7
IJ		 1670 transport_xmit(st,&st->peers,&st->buffer,True);
1671 BUF_FREE(&st->buffer);
1672 } else {
1673 slog(st,LOG_SEC,"invalid MSG5 (in state RUN)");
1674 }
2fe58dfd 1675 } else {
c90cc2a7 1676 slog(st,LOG_UNEXPECTED,"unexpected MSG5");
2fe58dfd
SE		 1677 }
1678 break;
1679 case LABEL_MSG6:
1680 /* Setup packet: expected only in state SENTMSG5 */
1681 if (st->state!=SITE_SENTMSG5) {
1682 slog(st,LOG_UNEXPECTED,"unexpected MSG6");
1683 } else if (process_msg6(st,buf,source)) {
1684 BUF_FREE(&st->buffer); /* Free message 5 */
446353cd 1685 transport_setup_msgok(st,source);
2fe58dfd
SE		 1686 activate_new_key(st);
1687 } else {
59635212 1688 slog(st,LOG_SEC,"invalid MSG6");
2fe58dfd
SE		 1689 }
1690 break;
2fe58dfd 1691 default:
59635212 1692 slog(st,LOG_SEC,"received message of unknown type 0x%08x",
2fe58dfd
SE		 1693 msgtype);
1694 break;
1695 }
1696 BUF_FREE(buf);
1697 return True;
1698 }
1699
1700 return False;
1701}
1702
1703static void site_control(void *vst, bool_t run)
1704{
1705 struct site *st=vst;
1706 if (run) enter_state_run(st);
1707 else enter_state_stop(st);
1708}
1709
794f2398
SE		 1710static void site_phase_hook(void *sst, uint32_t newphase)
1711{
1712 struct site *st=sst;
1713
1714 /* The program is shutting down; tell our peer */
1715 send_msg7(st,"shutting down");
1716}
1717
2fe58dfd
SE		 1718static list_t *site_apply(closure_t *self, struct cloc loc, dict_t *context,
1719 list_t *args)
1720{
58650a70 1721 static uint32_t index_sequence;
2fe58dfd
SE		 1722 struct site *st;
1723 item_t *item;
1724 dict_t *dict;
59533c16 1725 int i;
2fe58dfd
SE		 1726
1727 st=safe_malloc(sizeof(*st),"site_apply");
1728
1729 st->cl.description="site";
1730 st->cl.type=CL_SITE;
1731 st->cl.apply=NULL;
1732 st->cl.interface=&st->ops;
1733 st->ops.st=st;
1734 st->ops.control=site_control;
1735 st->ops.status=site_status;
1736
1737 /* First parameter must be a dict */
1738 item=list_elem(args,0);
1739 if (!item || item->type!=t_dict)
1740 cfgfatal(loc,"site","parameter must be a dictionary\n");
1741
1742 dict=item->data.dict;
558fa3fb
SE		 1743 st->localname=dict_read_string(dict, "local-name", True, "site", loc);
1744 st->remotename=dict_read_string(dict, "name", True, "site", loc);
dba19f84
IJ		 1745
1746 st->peer_mobile=dict_read_bool(dict,"mobile",False,"site",loc,False);
1747 bool_t local_mobile=
1748 dict_read_bool(dict,"local-mobile",False,"site",loc,False);
1749
558fa3fb
SE		 1750 /* Sanity check (which also allows the 'sites' file to include
1751 site() closures for all sites including our own): refuse to
1752 talk to ourselves */
1753 if (strcmp(st->localname,st->remotename)==0) {
b2a56f7c 1754 Message(M_DEBUG,"site %s: local-name==name -> ignoring this site\n",
baa06aeb 1755 st->localname);
dba19f84
IJ		 1756 if (st->peer_mobile != local_mobile)
1757 cfgfatal(loc,"site","site %s's peer-mobile=%d"
1758 " but our local-mobile=%d\n",
1759 st->localname, st->peer_mobile, local_mobile);
1760 free(st);
1761 return NULL;
1762 }
1763 if (st->peer_mobile && local_mobile) {
1764 Message(M_WARNING,"site %s: site is mobile but so are we"
1765 " -> ignoring this site\n", st->remotename);
558fa3fb
SE		 1766 free(st);
1767 return NULL;
1768 }
dba19f84 1769
58650a70
RK		 1770 assert(index_sequence < 0xffffffffUL);
1771 st->index = ++index_sequence;
09a385fb 1772 st->local_capabilities = 0;
469fd1d9 1773 st->netlink=find_cl_if(dict,"link",CL_NETLINK,True,"site",loc);
59533c16 1774
5b5f297f
IJ		 1775#define GET_CLOSURE_LIST(dictkey,things,nthings,CL_TYPE) do{ \
1776 list_t *things##_cfg=dict_lookup(dict,dictkey); \
1777 if (!things##_cfg) \
1778 cfgfatal(loc,"site","closure list \"%s\" not found\n",dictkey); \
1779 st->nthings=list_length(things##_cfg); \
1780 st->things=safe_malloc_ary(sizeof(*st->things),st->nthings,dictkey "s"); \
1781 assert(st->nthings); \
1782 for (i=0; i<st->nthings; i++) { \
1783 item_t *item=list_elem(things##_cfg,i); \
1784 if (item->type!=t_closure) \
1785 cfgfatal(loc,"site","%s is not a closure\n",dictkey); \
1786 closure_t *cl=item->data.closure; \
1787 if (cl->type!=CL_TYPE) \
1788 cfgfatal(loc,"site","%s closure wrong type\n",dictkey); \
1789 st->things[i]=cl->interface; \
1790 } \
1791}while(0)
1792
1793 GET_CLOSURE_LIST("comm",comms,ncomms,CL_COMM);
59533c16 1794
2fe58dfd
SE		 1795 st->resolver=find_cl_if(dict,"resolver",CL_RESOLVER,True,"site",loc);
1796 st->log=find_cl_if(dict,"log",CL_LOG,True,"site",loc);
1797 st->random=find_cl_if(dict,"random",CL_RANDOMSRC,True,"site",loc);
1798
2fe58dfd 1799 st->privkey=find_cl_if(dict,"local-key",CL_RSAPRIVKEY,True,"site",loc);
2fe58dfd 1800 st->address=dict_read_string(dict, "address", False, "site", loc);
3454dce4
SE		 1801 if (st->address)
1802 st->remoteport=dict_read_number(dict,"port",True,"site",loc,0);
1803 else st->remoteport=0;
2fe58dfd
SE		 1804 st->pubkey=find_cl_if(dict,"key",CL_RSAPUBKEY,True,"site",loc);
1805
5b5f297f 1806 GET_CLOSURE_LIST("transform",transforms,ntransforms,CL_TRANSFORM);
2fe58dfd
SE		 1807
1808 st->dh=find_cl_if(dict,"dh",CL_DH,True,"site",loc);
1809 st->hash=find_cl_if(dict,"hash",CL_HASH,True,"site",loc);
1810
e57264d6
IJ		 1811#define DEFAULT(D) (st->peer_mobile || local_mobile \
1812 ? DEFAULT_MOBILE_##D : DEFAULT_##D)
e7f8ec2a 1813#define CFG_NUMBER(k,D) dict_read_number(dict,(k),False,"site",loc,DEFAULT(D));
c27ca22f 1814
e7f8ec2a
IJ		 1815 st->key_lifetime= CFG_NUMBER("key-lifetime", KEY_LIFETIME);
1816 st->setup_retries= CFG_NUMBER("setup-retries", SETUP_RETRIES);
1817 st->setup_retry_interval= CFG_NUMBER("setup-timeout", SETUP_RETRY_INTERVAL);
1818 st->wait_timeout= CFG_NUMBER("wait-time", WAIT_TIME);
3ed1846a 1819 st->mtu_target= dict_read_number(dict,"mtu-target",False,"site",loc,0);
e7f8ec2a 1820
446353cd
IJ		 1821 st->mobile_peer_expiry= dict_read_number(
1822 dict,"mobile-peer-expiry",False,"site",loc,DEFAULT_MOBILE_PEER_EXPIRY);
1823
1824 st->transport_peers_max= !st->peer_mobile ? 1 : dict_read_number(
1825 dict,"mobile-peers-max",False,"site",loc,DEFAULT_MOBILE_PEERS_MAX);
1826 if (st->transport_peers_max<1 ||
1827 st->transport_peers_max>=MAX_MOBILE_PEERS_MAX) {
1828 cfgfatal(loc,"site","mobile-peers-max must be in range 1.."
1829 STRING(MAX_MOBILE_PEERS_MAX) "\n");
1830 }
1831
e7f8ec2a 1832 if (st->key_lifetime < DEFAULT(KEY_RENEGOTIATE_GAP)*2)
c27ca22f
IJ		 1833 st->key_renegotiate_time=st->key_lifetime/2;
1834 else
e7f8ec2a 1835 st->key_renegotiate_time=st->key_lifetime-DEFAULT(KEY_RENEGOTIATE_GAP);
9d3a4132 1836 st->key_renegotiate_time=dict_read_number(
cce0051f 1837 dict,"renegotiate-time",False,"site",loc,st->key_renegotiate_time);
9d3a4132
SE		 1838 if (st->key_renegotiate_time > st->key_lifetime) {
1839 cfgfatal(loc,"site",
1840 "renegotiate-time must be less than key-lifetime\n");
1841 }
9d3a4132
SE		 1842
1843 st->log_events=string_list_to_word(dict_lookup(dict,"log-events"),
1844 log_event_table,"site");
2fe58dfd 1845
dd9209d1
IJ		 1846 st->allow_send_prod=0;
1847
4efd681a
SE		 1848 st->tunname=safe_malloc(strlen(st->localname)+strlen(st->remotename)+5,
1849 "site_apply");
1850 sprintf(st->tunname,"%s<->%s",st->localname,st->remotename);
1851
2fe58dfd 1852 /* The information we expect to see in incoming messages of type 1 */
59230b9b
IJ		 1853 /* fixme: lots of unchecked overflows here, but the results are only
1854 corrupted packets rather than undefined behaviour */
2fe58dfd
SE		 1855 st->setup_priority=(strcmp(st->localname,st->remotename)>0);
1856
1857 buffer_new(&st->buffer,SETUP_BUFFER_LEN);
1858
8aaaa634 1859 buffer_new(&st->scratch,SETUP_BUFFER_LEN);
05f39b4d
IJ		 1860 BUF_ALLOC(&st->scratch,"site:scratch");
1861
2fe58dfd
SE		 1862 /* We are interested in poll(), but only for timeouts. We don't have
1863 any fds of our own. */
1864 register_for_poll(st, site_beforepoll, site_afterpoll, 0, "site");
1865 st->timeout=0;
1866
09a385fb 1867 st->remote_capabilities=0;
5b5f297f 1868 st->chosen_transform=0;
19e9a588 1869 st->current.key_timeout=0;
02b0959b 1870 st->auxiliary_key.key_timeout=0;
446353cd
IJ		 1871 transport_peers_clear(st,&st->peers);
1872 transport_peers_clear(st,&st->setup_peers);
2fe58dfd
SE		 1873 /* XXX mlock these */
1874 st->dhsecret=safe_malloc(st->dh->len,"site:dhsecret");
5b5f297f
IJ		 1875 st->sharedsecretlen=st->sharedsecretallocd=0;
1876 st->sharedsecret=0;
1877
5b5f297f
IJ		 1878 for (i=0; i<st->ntransforms; i++) {
1879 struct transform_if *ti=st->transforms[i];
1880 uint32_t capbit = 1UL << ti->capab_transformnum;
1881 if (st->local_capabilities & capbit)
1882 slog(st,LOG_ERROR,"transformnum capability bit"
1883 " %d (%#"PRIx32") reused", ti->capab_transformnum, capbit);
1884 st->local_capabilities |= capbit;
59533c16 1885 }
59533c16 1886
2fe58dfd 1887 /* We need to register the remote networks with the netlink device */
3ed1846a
IJ		 1888 uint32_t netlink_mtu; /* local virtual interface mtu */
1889 st->netlink->reg(st->netlink->st, site_outgoing, st, &netlink_mtu);
1890 if (!st->mtu_target)
1891 st->mtu_target=netlink_mtu;
ff05a229 1892
59533c16
IJ		 1893 for (i=0; i<st->ncomms; i++)
1894 st->comms[i]->request_notify(st->comms[i]->st, st, site_incoming);
2fe58dfd 1895
fcad4b0b
IJ		 1896 st->current.transform=0;
1897 st->auxiliary_key.transform=0;
1898 st->new_transform=0;
bd98cd6b 1899 st->auxiliary_is_new=0;
2fe58dfd
SE		 1900
1901 enter_state_stop(st);
1902
794f2398
SE		 1903 add_hook(PHASE_SHUTDOWN,site_phase_hook,st);
1904
2fe58dfd
SE		 1905 return new_closure(&st->cl);
1906}
1907
2fe58dfd
SE		 1908void site_module(dict_t *dict)
1909{
1910 add_closure(dict,"site",site_apply);
1911}
446353cd
IJ		 1912
1913
1914/***** TRANSPORT PEERS definitions *****/
1915
1916static void transport_peers_debug(struct site *st, transport_peers *dst,
1917 const char *didwhat,
1918 int nargs, const struct comm_addr *args,
1919 size_t stride) {
1920 int i;
1921 char *argp;
1922
1923 if (!(st->log_events & LOG_PEER_ADDRS))
1924 return; /* an optimisation */
1925
1926 slog(st, LOG_PEER_ADDRS, "peers (%s) %s nargs=%d => npeers=%d",
1927 (dst==&st->peers ? "data" :
1928 dst==&st->setup_peers ? "setup" : "UNKNOWN"),
1929 didwhat, nargs, dst->npeers);
1930
1931 for (i=0, argp=(void*)args;
1932 i<nargs;
1933 i++, (argp+=stride?stride:sizeof(*args))) {
1934 const struct comm_addr *ca=(void*)argp;
1935 slog(st, LOG_PEER_ADDRS, " args: addrs[%d]=%s",
1936 i, ca->comm->addr_to_string(ca->comm->st,ca));
1937 }
1938 for (i=0; i<dst->npeers; i++) {
1939 struct timeval diff;
1940 timersub(tv_now,&dst->peers[i].last,&diff);
1941 const struct comm_addr *ca=&dst->peers[i].addr;
1942 slog(st, LOG_PEER_ADDRS, " peers: addrs[%d]=%s T-%ld.%06ld",
1943 i, ca->comm->addr_to_string(ca->comm->st,ca),
1944 (unsigned long)diff.tv_sec, (unsigned long)diff.tv_usec);
1945 }
1946}
1947
1948static int transport_peer_compar(const void *av, const void *bv) {
1949 const transport_peer *a=av;
1950 const transport_peer *b=bv;
1951 /* put most recent first in the array */
1952 if (timercmp(&a->last, &b->last, <)) return +1;
1953 if (timercmp(&a->last, &b->last, >)) return -11;
1954 return 0;
1955}
1956
1957static void transport_peers_expire(struct site *st, transport_peers *peers) {
1958 /* peers must be sorted first */
1959 int previous_peers=peers->npeers;
1960 struct timeval oldest;
1961 oldest.tv_sec = tv_now->tv_sec - st->mobile_peer_expiry;
1962 oldest.tv_usec = tv_now->tv_usec;
1963 while (peers->npeers>1 &&
1964 timercmp(&peers->peers[peers->npeers-1].last, &oldest, <))
1965 peers->npeers--;
1966 if (peers->npeers != previous_peers)
1967 transport_peers_debug(st,peers,"expire", 0,0,0);
1968}
1969
1970static void transport_record_peer(struct site *st, transport_peers *peers,
1971 const struct comm_addr *addr, const char *m) {
1972 int slot, changed=0;
1973
1974 for (slot=0; slot<peers->npeers; slot++)
1975 if (!memcmp(&peers->peers[slot].addr, addr, sizeof(*addr)))
1976 goto found;
1977
1978 changed=1;
1979 if (peers->npeers==st->transport_peers_max)
925c5ca8 1980 slot=st->transport_peers_max-1;
446353cd
IJ		 1981 else
1982 slot=peers->npeers++;
1983
1984 found:
1985 peers->peers[slot].addr=*addr;
1986 peers->peers[slot].last=*tv_now;
1987
1988 if (peers->npeers>1)
1989 qsort(peers->peers, peers->npeers,
1990 sizeof(*peers->peers), transport_peer_compar);
1991
1992 if (changed || peers->npeers!=1)
1993 transport_peers_debug(st,peers,m, 1,addr,0);
1994 transport_peers_expire(st, peers);
1995}
1996
1997static bool_t transport_compute_setupinit_peers(struct site *st,
dd9209d1
IJ		 1998 const struct comm_addr *configured_addr /* 0 if none or not found */,
1999 const struct comm_addr *prod_hint_addr /* 0 if none */) {
446353cd 2000
dd9209d1
IJ		 2001 if (!configured_addr && !prod_hint_addr &&
2002 !transport_peers_valid(&st->peers))
446353cd
IJ		 2003 return False;
2004
2005 slog(st,LOG_SETUP_INIT,
dd9209d1
IJ		 2006 "using:%s%s %d old peer address(es)",
2007 configured_addr ? " configured address;" : "",
2008 prod_hint_addr ? " PROD hint address;" : "",
779837e1 2009 st->peers.npeers);
446353cd
IJ		 2010
2011 /* Non-mobile peers havve st->peers.npeers==0 or ==1, since they
2012 * have transport_peers_max==1. The effect is that this code
2013 * always uses the configured address if supplied, or otherwise
dd9209d1
IJ		 2014 * the address of the incoming PROD, or the existing data peer if
2015 * one exists; this is as desired. */
446353cd
IJ		 2016
2017 transport_peers_copy(st,&st->setup_peers,&st->peers);
2018
dd9209d1
IJ		 2019 if (prod_hint_addr)
2020 transport_record_peer(st,&st->setup_peers,prod_hint_addr,"prod");
2021
446353cd
IJ		 2022 if (configured_addr)
2023 transport_record_peer(st,&st->setup_peers,configured_addr,"setupinit");
2024
2025 assert(transport_peers_valid(&st->setup_peers));
2026 return True;
2027}
2028
2029static void transport_setup_msgok(struct site *st, const struct comm_addr *a) {
2030 if (st->peer_mobile)
2031 transport_record_peer(st,&st->setup_peers,a,"setupmsg");
2032}
2033static void transport_data_msgok(struct site *st, const struct comm_addr *a) {
2034 if (st->peer_mobile)
2035 transport_record_peer(st,&st->peers,a,"datamsg");
2036}
2037
2038static int transport_peers_valid(transport_peers *peers) {
2039 return peers->npeers;
2040}
2041static void transport_peers_clear(struct site *st, transport_peers *peers) {
2042 peers->npeers= 0;
2043 transport_peers_debug(st,peers,"clear",0,0,0);
2044}
2045static void transport_peers_copy(struct site *st, transport_peers *dst,
2046 const transport_peers *src) {
2047 dst->npeers=src->npeers;
2048 memcpy(dst->peers, src->peers, sizeof(*dst->peers) * dst->npeers);
2049 transport_peers_debug(st,dst,"copy",
a620a048 2050 src->npeers, &src->peers->addr, sizeof(*src->peers));
446353cd
IJ		 2051}
2052
2053void transport_xmit(struct site *st, transport_peers *peers,
2054 struct buffer_if *buf, bool_t candebug) {
2055 int slot;
2056 transport_peers_expire(st, peers);
2057 for (slot=0; slot<peers->npeers; slot++) {
2058 transport_peer *peer=&peers->peers[slot];
2059 if (candebug)
2060 dump_packet(st, buf, &peer->addr, False);
2061 peer->addr.comm->sendmsg(peer->addr.comm->st, buf, &peer->addr);
2062 }
2063}
2064
2065/***** END of transport peers declarations *****/
Secnet virtual private network: clone of http://www.chiark.greenend.org.uk/ucgi/~ian/git/secnet.git/