~mdw / secnet / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
site: Extra info in name fields for MSG1, clearer processing
[secnet] / site.c
CommitLineData
2fe58dfd
SE		 1/* site.c - manage communication with a remote network site */
2
469fd1d9
SE		 3/* The 'site' code doesn't know anything about the structure of the
4 packets it's transmitting. In fact, under the new netlink
5 configuration scheme it doesn't need to know anything at all about
6 IP addresses, except how to contact its peer. This means it could
7 potentially be used to tunnel other protocols too (IPv6, IPX, plain
8 old Ethernet frames) if appropriate netlink code can be written
9 (and that ought not to be too hard, eg. using the TUN/TAP device to
10 pretend to be an Ethernet interface). */
11
ff05a229
SE		 12/* At some point in the future the netlink code will be asked for
13 configuration information to go in the PING/PONG packets at the end
14 of the key exchange. */
15
8689b3a9 16#include "secnet.h"
2fe58dfd 17#include <stdio.h>
469fd1d9 18#include <string.h>
fe5e9cc4 19#include <limits.h>
58650a70 20#include <assert.h>
8689b3a9 21#include <sys/socket.h>
2fe58dfd 22
8689b3a9 23#include <sys/mman.h>
2fe58dfd 24#include "util.h"
59635212 25#include "unaligned.h"
ff05a229 26#include "magic.h"
2fe58dfd
SE		 27
28#define SETUP_BUFFER_LEN 2048
29
e7f8ec2a
IJ		 30#define DEFAULT_KEY_LIFETIME (3600*1000) /* [ms] */
31#define DEFAULT_KEY_RENEGOTIATE_GAP (5*60*1000) /* [ms] */
2fe58dfd 32#define DEFAULT_SETUP_RETRIES 5
e7f8ec2a
IJ		 33#define DEFAULT_SETUP_RETRY_INTERVAL (2*1000) /* [ms] */
34#define DEFAULT_WAIT_TIME (20*1000) /* [ms] */
e57264d6
IJ		 35
36#define DEFAULT_MOBILE_KEY_LIFETIME (2*24*3600*1000) /* [ms] */
37#define DEFAULT_MOBILE_KEY_RENEGOTIATE_GAP (12*3600*1000) /* [ms] */
38#define DEFAULT_MOBILE_SETUP_RETRIES 30
39#define DEFAULT_MOBILE_SETUP_RETRY_INTERVAL (1*1000) /* [ms] */
40#define DEFAULT_MOBILE_WAIT_TIME (10*1000) /* [ms] */
41
446353cd
IJ		 42#define DEFAULT_MOBILE_PEER_EXPIRY (2*60) /* [s] */
43#define DEFAULT_MOBILE_PEERS_MAX 3 /* send at most this many copies (default) */
2fe58dfd
SE		 44
45/* Each site can be in one of several possible states. */
46
47/* States:
48 SITE_STOP - nothing is allowed to happen; tunnel is down;
49 all session keys have been erased
50 -> SITE_RUN upon external instruction
51 SITE_RUN - site up, maybe with valid key
52 -> SITE_RESOLVE upon outgoing packet and no valid key
53 we start name resolution for the other end of the tunnel
54 -> SITE_SENTMSG2 upon valid incoming message 1 and suitable time
55 we send an appropriate message 2
56 SITE_RESOLVE - waiting for name resolution
57 -> SITE_SENTMSG1 upon successful resolution
58 we send an appropriate message 1
59 -> SITE_SENTMSG2 upon valid incoming message 1 (then abort resolution)
60 we abort resolution and
61 -> SITE_WAIT on timeout or resolution failure
62 SITE_SENTMSG1
63 -> SITE_SENTMSG2 upon valid incoming message 1 from higher priority end
64 -> SITE_SENTMSG3 upon valid incoming message 2
65 -> SITE_WAIT on timeout
66 SITE_SENTMSG2
67 -> SITE_SENTMSG4 upon valid incoming message 3
68 -> SITE_WAIT on timeout
69 SITE_SENTMSG3
70 -> SITE_SENTMSG5 upon valid incoming message 4
71 -> SITE_WAIT on timeout
72 SITE_SENTMSG4
73 -> SITE_RUN upon valid incoming message 5
74 -> SITE_WAIT on timeout
75 SITE_SENTMSG5
76 -> SITE_RUN upon valid incoming message 6
77 -> SITE_WAIT on timeout
78 SITE_WAIT - failed to establish key; do nothing for a while
79 -> SITE_RUN on timeout
80 */
81
82#define SITE_STOP 0
83#define SITE_RUN 1
84#define SITE_RESOLVE 2
85#define SITE_SENTMSG1 3
86#define SITE_SENTMSG2 4
87#define SITE_SENTMSG3 5
88#define SITE_SENTMSG4 6
89#define SITE_SENTMSG5 7
90#define SITE_WAIT 8
91
fe5e9cc4 92static cstring_t state_name(uint32_t state)
2fe58dfd
SE		 93{
94 switch (state) {
3454dce4
SE		 95 case 0: return "STOP";
96 case 1: return "RUN";
97 case 2: return "RESOLVE";
98 case 3: return "SENTMSG1";
99 case 4: return "SENTMSG2";
100 case 5: return "SENTMSG3";
101 case 6: return "SENTMSG4";
102 case 7: return "SENTMSG5";
103 case 8: return "WAIT";
2fe58dfd
SE		 104 default: return "*bad state*";
105 }
106}
107
2fe58dfd
SE		 108#define NONCELEN 8
109
110#define LOG_UNEXPECTED 0x00000001
111#define LOG_SETUP_INIT 0x00000002
112#define LOG_SETUP_TIMEOUT 0x00000004
113#define LOG_ACTIVATE_KEY 0x00000008
114#define LOG_TIMEOUT_KEY 0x00000010
9d3a4132 115#define LOG_SEC 0x00000020
2fe58dfd
SE		 116#define LOG_STATE 0x00000040
117#define LOG_DROP 0x00000080
118#define LOG_DUMP 0x00000100
119#define LOG_ERROR 0x00000400
446353cd 120#define LOG_PEER_ADDRS 0x00000800
2fe58dfd 121
9d3a4132
SE		 122static struct flagstr log_event_table[]={
123 { "unexpected", LOG_UNEXPECTED },
124 { "setup-init", LOG_SETUP_INIT },
125 { "setup-timeout", LOG_SETUP_TIMEOUT },
126 { "activate-key", LOG_ACTIVATE_KEY },
127 { "timeout-key", LOG_TIMEOUT_KEY },
128 { "security", LOG_SEC },
129 { "state-change", LOG_STATE },
130 { "packet-drop", LOG_DROP },
131 { "dump-packets", LOG_DUMP },
132 { "errors", LOG_ERROR },
446353cd 133 { "peer-addrs", LOG_PEER_ADDRS },
ff05a229
SE		 134 { "default", LOG_SETUP_INIT|LOG_SETUP_TIMEOUT|
135 LOG_ACTIVATE_KEY|LOG_TIMEOUT_KEY|LOG_SEC|LOG_ERROR },
9d3a4132
SE		 136 { "all", 0xffffffff },
137 { NULL, 0 }
138};
139
446353cd
IJ		 140
141/***** TRANSPORT PEERS declarations *****/
142
143/* Details of "mobile peer" semantics:
144
145 - We record mobile_peers_max peer address/port numbers ("peers")
146 for key setup, and separately mobile_peers_max for data
147 transfer. If these lists fill up, we retain the newest peers.
148 (For non-mobile peers we only record one of each.)
149
150 - Outgoing packets are sent to every recorded peer in the
151 applicable list.
152
153 - Data transfer peers are straightforward: whenever we successfully
154 process a data packet, we record the peer. Also, whenever we
155 successfully complete a key setup, we merge the key setup
156 peers into the data transfer peers.
157
158 (For "non-mobile" peers we simply copy the peer used for
159 successful key setup, and don't change the peer otherwise.)
160
161 - Key setup peers are slightly more complicated.
162
163 Whenever we receive and successfully process a key exchange
164 packet, we record the peer.
165
166 Whenever we try to initiate a key setup, we copy the list of data
167 transfer peers and use it for key setup. But we also look to see
168 if the config supplies an address and port number and if so we
169 add that as a key setup peer (possibly evicting one of the data
170 transfer peers we just copied).
171
172 (For "non-mobile" peers, if we if we have a configured peer
173 address and port, we always use that; otherwise if we have a
174 current data peer address we use that; otherwise we do not
175 attempt to initiate a key setup for lack of a peer address.)
176
177 "Record the peer" means
178 1. expire any peers last seen >120s ("mobile-peer-expiry") ago
179 2. add the peer of the just received packet to the applicable list
180 (possibly evicting older entries)
181 NB that we do not expire peers until an incoming packet arrives.
182
183 */
184
185#define MAX_MOBILE_PEERS_MAX 5 /* send at most this many copies, compiled max */
186
187typedef struct {
188 struct timeval last;
189 struct comm_addr addr;
190} transport_peer;
191
192typedef struct {
193/* configuration information */
194/* runtime information */
195 int npeers;
196 transport_peer peers[MAX_MOBILE_PEERS_MAX];
197} transport_peers;
198
199static void transport_peers_clear(struct site *st, transport_peers *peers);
200static int transport_peers_valid(transport_peers *peers);
201static void transport_peers_copy(struct site *st, transport_peers *dst,
202 const transport_peers *src);
203
204static void transport_setup_msgok(struct site *st, const struct comm_addr *a);
205static void transport_data_msgok(struct site *st, const struct comm_addr *a);
206static bool_t transport_compute_setupinit_peers(struct site *st,
207 const struct comm_addr *configured_addr /* 0 if none or not found */);
208static void transport_record_peer(struct site *st, transport_peers *peers,
209 const struct comm_addr *addr, const char *m);
210
211static void transport_xmit(struct site *st, transport_peers *peers,
212 struct buffer_if *buf, bool_t candebug);
213
214 /***** END of transport peers declarations *****/
215
216
19e9a588
IJ		 217struct data_key {
218 struct transform_inst_if *transform;
219 uint64_t key_timeout; /* End of life of current key */
220 uint32_t remote_session_id;
221};
222
2fe58dfd
SE		 223struct site {
224 closure_t cl;
225 struct site_if ops;
226/* configuration information */
227 string_t localname;
228 string_t remotename;
446353cd
IJ		 229 bool_t peer_mobile; /* Mobile client support */
230 int32_t transport_peers_max;
ff05a229 231 string_t tunname; /* localname<->remotename by default, used in logs */
2fe58dfd 232 string_t address; /* DNS name for bootstrapping, optional */
ff05a229 233 int remoteport; /* Port for bootstrapping, optional */
2fe58dfd 234 struct netlink_if *netlink;
59533c16
IJ		 235 struct comm_if **comms;
236 int ncomms;
2fe58dfd
SE		 237 struct resolver_if *resolver;
238 struct log_if *log;
239 struct random_if *random;
240 struct rsaprivkey_if *privkey;
2fe58dfd
SE		 241 struct rsapubkey_if *pubkey;
242 struct transform_if *transform;
243 struct dh_if *dh;
244 struct hash_if *hash;
2fe58dfd 245
58650a70 246 uint32_t index; /* Index of this site */
1caa23ff 247 int32_t setup_retries; /* How many times to send setup packets */
e7f8ec2a 248 int32_t setup_retry_interval; /* Initial timeout for setup packets */
4a8aed08 249 int32_t wait_timeout; /* How long to wait if setup unsuccessful */
446353cd 250 int32_t mobile_peer_expiry; /* How long to remember 2ary addresses */
4a8aed08
IJ		 251 int32_t key_lifetime; /* How long a key lasts once set up */
252 int32_t key_renegotiate_time; /* If we see traffic (or a keepalive)
9d3a4132
SE		 253 after this time, initiate a new
254 key exchange */
2fe58dfd 255
2fe58dfd
SE		 256 bool_t setup_priority; /* Do we have precedence if both sites emit
257 message 1 simultaneously? */
258 uint32_t log_events;
259
260/* runtime information */
261 uint32_t state;
262 uint64_t now; /* Most recently seen time */
263
ff05a229 264 /* The currently established session */
19e9a588 265 struct data_key current;
02b0959b 266 struct data_key auxiliary_key;
bd98cd6b 267 bool_t auxiliary_is_new;
ff05a229 268 uint64_t renegotiate_key_time; /* When we can negotiate a new key */
bd98cd6b 269 uint64_t auxiliary_renegotiate_key_time;
446353cd 270 transport_peers peers; /* Current address(es) of peer for data traffic */
2fe58dfd 271
ff05a229
SE		 272 /* The current key setup protocol exchange. We can only be
273 involved in one of these at a time. There's a potential for
274 denial of service here (the attacker keeps sending a setup
275 packet; we keep trying to continue the exchange, and have to
276 timeout before we can listen for another setup packet); perhaps
277 we should keep a list of 'bad' sources for setup packets. */
2fe58dfd 278 uint32_t setup_session_id;
446353cd 279 transport_peers setup_peers;
2fe58dfd
SE		 280 uint8_t localN[NONCELEN]; /* Nonces for key exchange */
281 uint8_t remoteN[NONCELEN];
282 struct buffer_if buffer; /* Current outgoing key exchange packet */
05f39b4d 283 struct buffer_if scratch;
4a8aed08 284 int32_t retries; /* Number of retries remaining */
2fe58dfd
SE		 285 uint64_t timeout; /* Timeout for current state */
286 uint8_t *dhsecret;
287 uint8_t *sharedsecret;
7c9ca4bd 288 uint32_t sharedsecretlen;
2fe58dfd
SE		 289 struct transform_inst_if *new_transform; /* For key setup/verify */
290};
291
fe5e9cc4 292static void slog(struct site *st, uint32_t event, cstring_t msg, ...)
2fe58dfd
SE		 293{
294 va_list ap;
7c006408 295 char buf[240];
b2a56f7c 296 uint32_t class;
2fe58dfd
SE		 297
298 va_start(ap,msg);
299
300 if (event&st->log_events) {
b2a56f7c
SE		 301 switch(event) {
302 case LOG_UNEXPECTED: class=M_INFO; break;
303 case LOG_SETUP_INIT: class=M_INFO; break;
304 case LOG_SETUP_TIMEOUT: class=M_NOTICE; break;
305 case LOG_ACTIVATE_KEY: class=M_INFO; break;
306 case LOG_TIMEOUT_KEY: class=M_INFO; break;
307 case LOG_SEC: class=M_SECURITY; break;
308 case LOG_STATE: class=M_DEBUG; break;
309 case LOG_DROP: class=M_DEBUG; break;
310 case LOG_DUMP: class=M_DEBUG; break;
469fd1d9 311 case LOG_ERROR: class=M_ERR; break;
446353cd 312 case LOG_PEER_ADDRS: class=M_DEBUG; break;
469fd1d9 313 default: class=M_ERR; break;
b2a56f7c
SE		 314 }
315
c1d2109a 316 vsnprintf(buf,sizeof(buf),msg,ap);
b2a56f7c 317 st->log->log(st->log->st,class,"%s: %s",st->tunname,buf);
2fe58dfd
SE		 318 }
319 va_end(ap);
320}
321
9d3a4132 322static void set_link_quality(struct site *st);
1d388569
IJ		 323static void delete_keys(struct site *st, cstring_t reason, uint32_t loglevel);
324static void delete_one_key(struct site *st, struct data_key *key,
325 const char *reason /* may be 0 meaning don't log*/,
326 const char *which /* ignored if !reasonn */,
327 uint32_t loglevel /* ignored if !reasonn */);
fe5e9cc4 328static bool_t initiate_key_setup(struct site *st, cstring_t reason);
2fe58dfd
SE		 329static void enter_state_run(struct site *st);
330static bool_t enter_state_resolve(struct site *st);
ff05a229 331static bool_t enter_new_state(struct site *st,uint32_t next);
2fe58dfd 332static void enter_state_wait(struct site *st);
05f39b4d 333static void activate_new_key(struct site *st);
2fe58dfd 334
3d8d8f4e
IJ		 335static bool_t current_valid(struct site *st)
336{
19e9a588 337 return st->current.transform->valid(st->current.transform->st);
3d8d8f4e
IJ		 338}
339
2fe58dfd
SE		 340#define CHECK_AVAIL(b,l) do { if ((b)->size<(l)) return False; } while(0)
341#define CHECK_EMPTY(b) do { if ((b)->size!=0) return False; } while(0)
342#define CHECK_TYPE(b,t) do { uint32_t type; \
343 CHECK_AVAIL((b),4); \
59635212 344 type=buf_unprepend_uint32((b)); \
2fe58dfd
SE		 345 if (type!=(t)) return False; } while(0)
346
1737eeef
IJ		 347struct parsedname {
348 int32_t len;
349 uint8_t *name;
350 int32_t extrainfo_len;
351 uint8_t *extrainfo;
352};
353
2fe58dfd
SE		 354struct msg {
355 uint8_t *hashstart;
356 uint32_t dest;
357 uint32_t source;
1737eeef
IJ		 358 struct parsedname remote;
359 struct parsedname local;
2fe58dfd
SE		 360 uint8_t *nR;
361 uint8_t *nL;
1caa23ff 362 int32_t pklen;
3e8addad 363 char *pk;
1caa23ff
IJ		 364 int32_t hashlen;
365 int32_t siglen;
3e8addad 366 char *sig;
2fe58dfd
SE		 367};
368
ff05a229
SE		 369/* Build any of msg1 to msg4. msg5 and msg6 are built from the inside
370 out using a transform of config data supplied by netlink */
fe5e9cc4 371static bool_t generate_msg(struct site *st, uint32_t type, cstring_t what)
2fe58dfd
SE		 372{
373 void *hst;
3b83c932 374 uint8_t *hash;
2fe58dfd
SE		 375 string_t dhpub, sig;
376
377 st->retries=st->setup_retries;
378 BUF_ALLOC(&st->buffer,what);
379 buffer_init(&st->buffer,0);
59635212
SE		 380 buf_append_uint32(&st->buffer,
381 (type==LABEL_MSG1?0:st->setup_session_id));
58650a70 382 buf_append_uint32(&st->buffer,st->index);
59635212 383 buf_append_uint32(&st->buffer,type);
2fe58dfd
SE		 384 buf_append_string(&st->buffer,st->localname);
385 buf_append_string(&st->buffer,st->remotename);
386 memcpy(buf_append(&st->buffer,NONCELEN),st->localN,NONCELEN);
387 if (type==LABEL_MSG1) return True;
388 memcpy(buf_append(&st->buffer,NONCELEN),st->remoteN,NONCELEN);
389 if (type==LABEL_MSG2) return True;
3b83c932
SE		 390
391 if (hacky_par_mid_failnow()) return False;
392
2fe58dfd
SE		 393 dhpub=st->dh->makepublic(st->dh->st,st->dhsecret,st->dh->len);
394 buf_append_string(&st->buffer,dhpub);
395 free(dhpub);
3b83c932 396 hash=safe_malloc(st->hash->len, "generate_msg");
2fe58dfd
SE		 397 hst=st->hash->init();
398 st->hash->update(hst,st->buffer.start,st->buffer.size);
399 st->hash->final(hst,hash);
400 sig=st->privkey->sign(st->privkey->st,hash,st->hash->len);
401 buf_append_string(&st->buffer,sig);
402 free(sig);
3b83c932 403 free(hash);
2fe58dfd
SE		 404 return True;
405}
406
1737eeef
IJ		 407static bool_t unpick_name(struct buffer_if *msg, struct parsedname *nm)
408{
409 CHECK_AVAIL(msg,2);
410 nm->len=buf_unprepend_uint16(msg);
411 CHECK_AVAIL(msg,nm->len);
412 nm->name=buf_unprepend(msg,nm->len);
413 uint8_t *nul=memchr(nm->name,0,nm->len);
414 if (!nul) {
415 nm->extrainfo_len=0;
416 nm->extrainfo=0;
417 } else {
418 nm->extrainfo=nul+1;
419 nm->extrainfo_len=msg->start-nm->extrainfo;
420 nm->len=nul-nm->name;
421 }
422 return True;
423}
424
2fe58dfd
SE		 425static bool_t unpick_msg(struct site *st, uint32_t type,
426 struct buffer_if *msg, struct msg *m)
427{
428 m->hashstart=msg->start;
429 CHECK_AVAIL(msg,4);
59635212 430 m->dest=buf_unprepend_uint32(msg);
2fe58dfd 431 CHECK_AVAIL(msg,4);
59635212 432 m->source=buf_unprepend_uint32(msg);
2fe58dfd 433 CHECK_TYPE(msg,type);
1737eeef
IJ		 434 if (!unpick_name(msg,&m->remote)) return False;
435 if (!unpick_name(msg,&m->local)) return False;
2fe58dfd
SE		 436 CHECK_AVAIL(msg,NONCELEN);
437 m->nR=buf_unprepend(msg,NONCELEN);
438 if (type==LABEL_MSG1) {
439 CHECK_EMPTY(msg);
440 return True;
441 }
442 CHECK_AVAIL(msg,NONCELEN);
443 m->nL=buf_unprepend(msg,NONCELEN);
444 if (type==LABEL_MSG2) {
445 CHECK_EMPTY(msg);
446 return True;
447 }
448 CHECK_AVAIL(msg,2);
59635212 449 m->pklen=buf_unprepend_uint16(msg);
2fe58dfd
SE		 450 CHECK_AVAIL(msg,m->pklen);
451 m->pk=buf_unprepend(msg,m->pklen);
452 m->hashlen=msg->start-m->hashstart;
453 CHECK_AVAIL(msg,2);
59635212 454 m->siglen=buf_unprepend_uint16(msg);
2fe58dfd
SE		 455 CHECK_AVAIL(msg,m->siglen);
456 m->sig=buf_unprepend(msg,m->siglen);
457 CHECK_EMPTY(msg);
458 return True;
459}
460
1737eeef
IJ		 461static bool_t name_matches(const struct parsedname *nm, const char *expected)
462{
463 int expected_len=strlen(expected);
464 return
465 nm->len == expected_len &&
466 !memcmp(nm->name, expected, expected_len);
467}
468
ff05a229 469static bool_t check_msg(struct site *st, uint32_t type, struct msg *m,
fe5e9cc4 470 cstring_t *error)
ff05a229
SE		 471{
472 if (type==LABEL_MSG1) return True;
473
474 /* Check that the site names and our nonce have been sent
475 back correctly, and then store our peer's nonce. */
1737eeef 476 if (!name_matches(&m->remote,st->remotename)) {
ff05a229
SE		 477 *error="wrong remote site name";
478 return False;
479 }
1737eeef 480 if (!name_matches(&m->local,st->localname)) {
ff05a229
SE		 481 *error="wrong local site name";
482 return False;
483 }
484 if (memcmp(m->nL,st->localN,NONCELEN)!=0) {
485 *error="wrong locally-generated nonce";
486 return False;
487 }
488 if (type==LABEL_MSG2) return True;
5ad34db2 489 if (!consttime_memeq(m->nR,st->remoteN,NONCELEN)!=0) {
ff05a229
SE		 490 *error="wrong remotely-generated nonce";
491 return False;
492 }
493 if (type==LABEL_MSG3) return True;
494 if (type==LABEL_MSG4) return True;
495 *error="unknown message type";
496 return False;
497}
498
2fe58dfd
SE		 499static bool_t generate_msg1(struct site *st)
500{
501 st->random->generate(st->random->st,NONCELEN,st->localN);
502 return generate_msg(st,LABEL_MSG1,"site:MSG1");
503}
504
505static bool_t process_msg1(struct site *st, struct buffer_if *msg1,
7e29719e 506 const struct comm_addr *src, struct msg *m)
2fe58dfd 507{
2fe58dfd
SE		 508 /* We've already determined we're in an appropriate state to
509 process an incoming MSG1, and that the MSG1 has correct values
510 of A and B. */
511
446353cd 512 transport_record_peer(st,&st->setup_peers,src,"msg1");
7e29719e
IJ		 513 st->setup_session_id=m->source;
514 memcpy(st->remoteN,m->nR,NONCELEN);
2fe58dfd
SE		 515 return True;
516}
517
518static bool_t generate_msg2(struct site *st)
519{
520 st->random->generate(st->random->st,NONCELEN,st->localN);
521 return generate_msg(st,LABEL_MSG2,"site:MSG2");
522}
523
524static bool_t process_msg2(struct site *st, struct buffer_if *msg2,
a15faeb2 525 const struct comm_addr *src)
2fe58dfd
SE		 526{
527 struct msg m;
fe5e9cc4 528 cstring_t err;
2fe58dfd
SE		 529
530 if (!unpick_msg(st,LABEL_MSG2,msg2,&m)) return False;
ff05a229
SE		 531 if (!check_msg(st,LABEL_MSG2,&m,&err)) {
532 slog(st,LOG_SEC,"msg2: %s",err);
2fe58dfd
SE		 533 return False;
534 }
535 st->setup_session_id=m.source;
536 memcpy(st->remoteN,m.nR,NONCELEN);
537 return True;
538}
539
540static bool_t generate_msg3(struct site *st)
541{
542 /* Now we have our nonce and their nonce. Think of a secret key,
543 and create message number 3. */
544 st->random->generate(st->random->st,st->dh->len,st->dhsecret);
545 return generate_msg(st,LABEL_MSG3,"site:MSG3");
546}
547
548static bool_t process_msg3(struct site *st, struct buffer_if *msg3,
a15faeb2 549 const struct comm_addr *src)
2fe58dfd
SE		 550{
551 struct msg m;
3b83c932 552 uint8_t *hash;
2fe58dfd 553 void *hst;
fe5e9cc4 554 cstring_t err;
2fe58dfd
SE		 555
556 if (!unpick_msg(st,LABEL_MSG3,msg3,&m)) return False;
ff05a229
SE		 557 if (!check_msg(st,LABEL_MSG3,&m,&err)) {
558 slog(st,LOG_SEC,"msg3: %s",err);
2fe58dfd
SE		 559 return False;
560 }
ff05a229 561
2fe58dfd 562 /* Check signature and store g^x mod m */
3b83c932 563 hash=safe_malloc(st->hash->len, "process_msg3");
2fe58dfd
SE		 564 hst=st->hash->init();
565 st->hash->update(hst,m.hashstart,m.hashlen);
566 st->hash->final(hst,hash);
567 /* Terminate signature with a '0' - cheating, but should be ok */
568 m.sig[m.siglen]=0;
569 if (!st->pubkey->check(st->pubkey->st,hash,st->hash->len,m.sig)) {
59635212 570 slog(st,LOG_SEC,"msg3 signature failed check!");
3b83c932 571 free(hash);
2fe58dfd
SE		 572 return False;
573 }
3b83c932 574 free(hash);
2fe58dfd
SE		 575
576 /* Terminate their DH public key with a '0' */
577 m.pk[m.pklen]=0;
578 /* Invent our DH secret key */
579 st->random->generate(st->random->st,st->dh->len,st->dhsecret);
580
581 /* Generate the shared key */
582 st->dh->makeshared(st->dh->st,st->dhsecret,st->dh->len,m.pk,
7c9ca4bd 583 st->sharedsecret,st->sharedsecretlen);
2fe58dfd
SE		 584
585 /* Set up the transform */
586 st->new_transform->setkey(st->new_transform->st,st->sharedsecret,
0118121a 587 st->sharedsecretlen,st->setup_priority);
2fe58dfd
SE		 588
589 return True;
590}
591
592static bool_t generate_msg4(struct site *st)
593{
594 /* We have both nonces, their public key and our private key. Generate
595 our public key, sign it and send it to them. */
596 return generate_msg(st,LABEL_MSG4,"site:MSG4");
597}
598
599static bool_t process_msg4(struct site *st, struct buffer_if *msg4,
a15faeb2 600 const struct comm_addr *src)
2fe58dfd
SE		 601{
602 struct msg m;
3b83c932 603 uint8_t *hash;
2fe58dfd 604 void *hst;
fe5e9cc4 605 cstring_t err;
2fe58dfd
SE		 606
607 if (!unpick_msg(st,LABEL_MSG4,msg4,&m)) return False;
ff05a229
SE		 608 if (!check_msg(st,LABEL_MSG4,&m,&err)) {
609 slog(st,LOG_SEC,"msg4: %s",err);
2fe58dfd
SE		 610 return False;
611 }
612
613 /* Check signature and store g^x mod m */
3b83c932 614 hash=safe_malloc(st->hash->len, "process_msg4");
2fe58dfd
SE		 615 hst=st->hash->init();
616 st->hash->update(hst,m.hashstart,m.hashlen);
617 st->hash->final(hst,hash);
618 /* Terminate signature with a '0' - cheating, but should be ok */
619 m.sig[m.siglen]=0;
620 if (!st->pubkey->check(st->pubkey->st,hash,st->hash->len,m.sig)) {
59635212 621 slog(st,LOG_SEC,"msg4 signature failed check!");
3b83c932 622 free(hash);
2fe58dfd
SE		 623 return False;
624 }
3b83c932 625 free(hash);
2fe58dfd
SE		 626
627 /* Terminate their DH public key with a '0' */
628 m.pk[m.pklen]=0;
629 /* Generate the shared key */
630 st->dh->makeshared(st->dh->st,st->dhsecret,st->dh->len,m.pk,
7c9ca4bd 631 st->sharedsecret,st->sharedsecretlen);
2fe58dfd
SE		 632 /* Set up the transform */
633 st->new_transform->setkey(st->new_transform->st,st->sharedsecret,
0118121a 634 st->sharedsecretlen,st->setup_priority);
2fe58dfd
SE		 635
636 return True;
637}
638
2fe58dfd
SE		 639struct msg0 {
640 uint32_t dest;
641 uint32_t source;
642 uint32_t type;
643};
644
645static bool_t unpick_msg0(struct site *st, struct buffer_if *msg0,
646 struct msg0 *m)
647{
648 CHECK_AVAIL(msg0,4);
59635212 649 m->dest=buf_unprepend_uint32(msg0);
2fe58dfd 650 CHECK_AVAIL(msg0,4);
59635212 651 m->source=buf_unprepend_uint32(msg0);
2fe58dfd 652 CHECK_AVAIL(msg0,4);
59635212 653 m->type=buf_unprepend_uint32(msg0);
2fe58dfd
SE		 654 return True;
655 /* Leaves transformed part of buffer untouched */
656}
657
ff05a229
SE		 658static bool_t generate_msg5(struct site *st)
659{
fe5e9cc4 660 cstring_t transform_err;
ff05a229
SE		 661
662 BUF_ALLOC(&st->buffer,"site:MSG5");
663 /* We are going to add four words to the message */
664 buffer_init(&st->buffer,st->transform->max_start_pad+(4*4));
665 /* Give the netlink code an opportunity to put its own stuff in the
666 message (configuration information, etc.) */
ff05a229
SE		 667 buf_prepend_uint32(&st->buffer,LABEL_MSG5);
668 st->new_transform->forwards(st->new_transform->st,&st->buffer,
669 &transform_err);
670 buf_prepend_uint32(&st->buffer,LABEL_MSG5);
58650a70 671 buf_prepend_uint32(&st->buffer,st->index);
ff05a229
SE		 672 buf_prepend_uint32(&st->buffer,st->setup_session_id);
673
674 st->retries=st->setup_retries;
675 return True;
676}
677
2fe58dfd 678static bool_t process_msg5(struct site *st, struct buffer_if *msg5,
c90cc2a7
IJ		 679 const struct comm_addr *src,
680 struct transform_inst_if *transform)
2fe58dfd
SE		 681{
682 struct msg0 m;
fe5e9cc4 683 cstring_t transform_err;
2fe58dfd
SE		 684
685 if (!unpick_msg0(st,msg5,&m)) return False;
686
c90cc2a7 687 if (transform->reverse(transform->st,msg5,&transform_err)) {
2fe58dfd 688 /* There's a problem */
59635212 689 slog(st,LOG_SEC,"process_msg5: transform: %s",transform_err);
2fe58dfd
SE		 690 return False;
691 }
692 /* Buffer should now contain untransformed PING packet data */
693 CHECK_AVAIL(msg5,4);
59635212 694 if (buf_unprepend_uint32(msg5)!=LABEL_MSG5) {
ff05a229 695 slog(st,LOG_SEC,"MSG5/PING packet contained wrong label");
2fe58dfd
SE		 696 return False;
697 }
ff7cdc9e
IJ		 698 /* Older versions of secnet used to write some config data here
699 * which we ignore. So we don't CHECK_EMPTY */
2fe58dfd
SE		 700 return True;
701}
702
c90cc2a7
IJ		 703static void create_msg6(struct site *st, struct transform_inst_if *transform,
704 uint32_t session_id)
2fe58dfd 705{
fe5e9cc4 706 cstring_t transform_err;
2fe58dfd
SE		 707
708 BUF_ALLOC(&st->buffer,"site:MSG6");
ff05a229
SE		 709 /* We are going to add four words to the message */
710 buffer_init(&st->buffer,st->transform->max_start_pad+(4*4));
794f2398
SE		 711 /* Give the netlink code an opportunity to put its own stuff in the
712 message (configuration information, etc.) */
ff05a229 713 buf_prepend_uint32(&st->buffer,LABEL_MSG6);
c90cc2a7 714 transform->forwards(transform->st,&st->buffer,&transform_err);
59635212 715 buf_prepend_uint32(&st->buffer,LABEL_MSG6);
58650a70 716 buf_prepend_uint32(&st->buffer,st->index);
c90cc2a7
IJ		 717 buf_prepend_uint32(&st->buffer,session_id);
718}
2fe58dfd 719
c90cc2a7
IJ		 720static bool_t generate_msg6(struct site *st)
721{
722 create_msg6(st,st->new_transform,st->setup_session_id);
ff05a229 723 st->retries=1; /* Peer will retransmit MSG5 if this packet gets lost */
2fe58dfd
SE		 724 return True;
725}
726
727static bool_t process_msg6(struct site *st, struct buffer_if *msg6,
a15faeb2 728 const struct comm_addr *src)
2fe58dfd
SE		 729{
730 struct msg0 m;
fe5e9cc4 731 cstring_t transform_err;
2fe58dfd
SE		 732
733 if (!unpick_msg0(st,msg6,&m)) return False;
734
735 if (st->new_transform->reverse(st->new_transform->st,
736 msg6,&transform_err)) {
737 /* There's a problem */
59635212 738 slog(st,LOG_SEC,"process_msg6: transform: %s",transform_err);
2fe58dfd
SE		 739 return False;
740 }
741 /* Buffer should now contain untransformed PING packet data */
742 CHECK_AVAIL(msg6,4);
59635212
SE		 743 if (buf_unprepend_uint32(msg6)!=LABEL_MSG6) {
744 slog(st,LOG_SEC,"MSG6/PONG packet contained invalid data");
2fe58dfd
SE		 745 return False;
746 }
ff7cdc9e
IJ		 747 /* Older versions of secnet used to write some config data here
748 * which we ignore. So we don't CHECK_EMPTY */
2fe58dfd
SE		 749 return True;
750}
751
48b97423
IJ		 752static bool_t decrypt_msg0(struct site *st, struct buffer_if *msg0,
753 const struct comm_addr *src)
2fe58dfd 754{
02b0959b 755 cstring_t transform_err, auxkey_err, newkey_err="n/a";
065e1922
IJ		 756 struct msg0 m;
757 uint32_t problem;
2fe58dfd 758
2fe58dfd
SE		 759 if (!unpick_msg0(st,msg0,&m)) return False;
760
05f39b4d
IJ		 761 /* Keep a copy so we can try decrypting it with multiple keys */
762 buffer_copy(&st->scratch, msg0);
763
19e9a588 764 problem = st->current.transform->reverse(st->current.transform->st,
065e1922 765 msg0,&transform_err);
02b0959b 766 if (!problem) {
bd98cd6b
IJ		 767 if (!st->auxiliary_is_new)
768 delete_one_key(st,&st->auxiliary_key,
769 "peer has used new key","auxiliary key",LOG_SEC);
02b0959b
IJ		 770 return True;
771 }
48b97423
IJ		 772 if (problem==2)
773 goto skew;
07e4774c 774
02b0959b
IJ		 775 buffer_copy(msg0, &st->scratch);
776 problem = st->auxiliary_key.transform->reverse
777 (st->auxiliary_key.transform->st,msg0,&auxkey_err);
778 if (problem==0) {
779 slog(st,LOG_DROP,"processing packet which uses auxiliary key");
bd98cd6b
IJ		 780 if (st->auxiliary_is_new) {
781 /* We previously timed out in state SENTMSG5 but it turns
782 * out that our peer did in fact get our MSG5 and is
783 * using the new key. So we should switch to it too. */
784 /* This is a bit like activate_new_key. */
785 struct data_key t;
786 t=st->current;
787 st->current=st->auxiliary_key;
788 st->auxiliary_key=t;
789
790 delete_one_key(st,&st->auxiliary_key,"peer has used new key",
791 "previous key",LOG_SEC);
792 st->auxiliary_is_new=0;
793 st->renegotiate_key_time=st->auxiliary_renegotiate_key_time;
794 }
02b0959b
IJ		 795 return True;
796 }
48b97423
IJ		 797 if (problem==2)
798 goto skew;
02b0959b 799
05f39b4d
IJ		 800 if (st->state==SITE_SENTMSG5) {
801 buffer_copy(msg0, &st->scratch);
48b97423
IJ		 802 problem = st->new_transform->reverse(st->new_transform->st,
803 msg0,&newkey_err);
804 if (!problem) {
05f39b4d
IJ		 805 /* It looks like we didn't get the peer's MSG6 */
806 /* This is like a cut-down enter_new_state(SITE_RUN) */
807 slog(st,LOG_STATE,"will enter state RUN (MSG0 with new key)");
808 BUF_FREE(&st->buffer);
809 st->timeout=0;
810 activate_new_key(st);
811 return True; /* do process the data in this packet */
812 }
48b97423
IJ		 813 if (problem==2)
814 goto skew;
05f39b4d
IJ		 815 }
816
02b0959b
IJ		 817 slog(st,LOG_SEC,"transform: %s (aux: %s, new: %s)",
818 transform_err,auxkey_err,newkey_err);
065e1922 819 initiate_key_setup(st,"incoming message would not decrypt");
48b97423
IJ		 820 send_nak(src,m.dest,m.source,m.type,msg0,"message would not decrypt");
821 return False;
822
823 skew:
824 slog(st,LOG_DROP,"transform: %s (merely skew)",transform_err);
065e1922
IJ		 825 return False;
826}
827
828static bool_t process_msg0(struct site *st, struct buffer_if *msg0,
829 const struct comm_addr *src)
830{
831 uint32_t type;
832
48b97423 833 if (!decrypt_msg0(st,msg0,src))
065e1922
IJ		 834 return False;
835
2fe58dfd 836 CHECK_AVAIL(msg0,4);
59635212 837 type=buf_unprepend_uint32(msg0);
2fe58dfd 838 switch(type) {
794f2398
SE		 839 case LABEL_MSG7:
840 /* We must forget about the current session. */
1d388569 841 delete_keys(st,"request from peer",LOG_SEC);
794f2398 842 return True;
2fe58dfd
SE		 843 case LABEL_MSG9:
844 /* Deliver to netlink layer */
469fd1d9 845 st->netlink->deliver(st->netlink->st,msg0);
446353cd 846 transport_data_msgok(st,src);
837cf01e
IJ		 847 /* See whether we should start negotiating a new key */
848 if (st->now > st->renegotiate_key_time)
849 initiate_key_setup(st,"incoming packet in renegotiation window");
2fe58dfd 850 return True;
2fe58dfd 851 default:
ff05a229
SE		 852 slog(st,LOG_SEC,"incoming encrypted message of type %08x "
853 "(unknown)",type);
2fe58dfd
SE		 854 break;
855 }
856 return False;
857}
858
859static void dump_packet(struct site *st, struct buffer_if *buf,
a15faeb2 860 const struct comm_addr *addr, bool_t incoming)
2fe58dfd 861{
59635212
SE		 862 uint32_t dest=ntohl(*(uint32_t *)buf->start);
863 uint32_t source=ntohl(*(uint32_t *)(buf->start+4));
864 uint32_t msgtype=ntohl(*(uint32_t *)(buf->start+8));
2fe58dfd
SE		 865
866 if (st->log_events & LOG_DUMP)
040ee979
SE		 867 slilog(st->log,M_DEBUG,"%s: %s: %08x<-%08x: %08x:",
868 st->tunname,incoming?"incoming":"outgoing",
869 dest,source,msgtype);
2fe58dfd
SE		 870}
871
872static uint32_t site_status(void *st)
873{
874 return 0;
875}
876
877static bool_t send_msg(struct site *st)
878{
879 if (st->retries>0) {
446353cd 880 transport_xmit(st, &st->setup_peers, &st->buffer, True);
e7f8ec2a 881 st->timeout=st->now+st->setup_retry_interval;
2fe58dfd
SE		 882 st->retries--;
883 return True;
bd98cd6b
IJ		 884 } else if (st->state==SITE_SENTMSG5) {
885 slog(st,LOG_SETUP_TIMEOUT,"timed out sending MSG5, stashing new key");
886 /* We stash the key we have produced, in case it turns out that
887 * our peer did see our MSG5 after all and starts using it. */
888 /* This is a bit like some of activate_new_key */
889 struct transform_inst_if *t;
890 t=st->auxiliary_key.transform;
891 st->auxiliary_key.transform=st->new_transform;
892 st->new_transform=t;
893
894 t->delkey(t->st);
895 st->auxiliary_is_new=1;
896 st->auxiliary_key.key_timeout=st->now+st->key_lifetime;
897 st->auxiliary_renegotiate_key_time=st->now+st->key_renegotiate_time;
898 st->auxiliary_key.remote_session_id=st->setup_session_id;
899
900 enter_state_wait(st);
901 return False;
2fe58dfd 902 } else {
3454dce4
SE		 903 slog(st,LOG_SETUP_TIMEOUT,"timed out sending key setup packet "
904 "(in state %s)",state_name(st->state));
2fe58dfd
SE		 905 enter_state_wait(st);
906 return False;
907 }
908}
909
910static void site_resolve_callback(void *sst, struct in_addr *address)
911{
912 struct site *st=sst;
446353cd 913 struct comm_addr ca_buf, *ca_use;
2fe58dfd
SE		 914
915 if (st->state!=SITE_RESOLVE) {
916 slog(st,LOG_UNEXPECTED,"site_resolve_callback called unexpectedly");
917 return;
918 }
919 if (address) {
446353cd 920 FILLZERO(ca_buf);
59533c16 921 ca_buf.comm=st->comms[0];
446353cd
IJ		 922 ca_buf.sin.sin_family=AF_INET;
923 ca_buf.sin.sin_port=htons(st->remoteport);
924 ca_buf.sin.sin_addr=*address;
925 ca_use=&ca_buf;
2fe58dfd 926 } else {
2fe58dfd 927 slog(st,LOG_ERROR,"resolution of %s failed",st->address);
446353cd
IJ		 928 ca_use=0;
929 }
930 if (transport_compute_setupinit_peers(st,ca_use)) {
931 enter_new_state(st,SITE_SENTMSG1);
932 } else {
933 /* Can't figure out who to try to to talk to */
934 slog(st,LOG_SETUP_INIT,"key exchange failed: cannot find peer address");
2fe58dfd
SE		 935 enter_state_run(st);
936 }
937}
938
fe5e9cc4 939static bool_t initiate_key_setup(struct site *st, cstring_t reason)
9d3a4132
SE		 940{
941 if (st->state!=SITE_RUN) return False;
794f2398 942 slog(st,LOG_SETUP_INIT,"initiating key exchange (%s)",reason);
9d3a4132 943 if (st->address) {
794f2398 944 slog(st,LOG_SETUP_INIT,"resolving peer address");
9d3a4132 945 return enter_state_resolve(st);
446353cd 946 } else if (transport_compute_setupinit_peers(st,0)) {
ff05a229 947 return enter_new_state(st,SITE_SENTMSG1);
9d3a4132 948 }
ff05a229 949 slog(st,LOG_SETUP_INIT,"key exchange failed: no address for peer");
9d3a4132
SE		 950 return False;
951}
952
2fe58dfd
SE		 953static void activate_new_key(struct site *st)
954{
955 struct transform_inst_if *t;
956
02b0959b
IJ		 957 /* We have three transform instances, which we swap between old,
958 active and setup */
959 t=st->auxiliary_key.transform;
960 st->auxiliary_key.transform=st->current.transform;
19e9a588 961 st->current.transform=st->new_transform;
2fe58dfd
SE		 962 st->new_transform=t;
963
964 t->delkey(t->st);
2fe58dfd 965 st->timeout=0;
bd98cd6b 966 st->auxiliary_is_new=0;
02b0959b 967 st->auxiliary_key.key_timeout=st->current.key_timeout;
19e9a588 968 st->current.key_timeout=st->now+st->key_lifetime;
ff05a229 969 st->renegotiate_key_time=st->now+st->key_renegotiate_time;
446353cd 970 transport_peers_copy(st,&st->peers,&st->setup_peers);
19e9a588 971 st->current.remote_session_id=st->setup_session_id;
2fe58dfd
SE		 972
973 slog(st,LOG_ACTIVATE_KEY,"new key activated");
9d3a4132 974 enter_state_run(st);
2fe58dfd
SE		 975}
976
1d388569
IJ		 977static void delete_one_key(struct site *st, struct data_key *key,
978 cstring_t reason, cstring_t which, uint32_t loglevel)
979{
980 if (!key->transform->valid(key->transform->st)) return;
981 if (reason) slog(st,loglevel,"%s deleted (%s)",which,reason);
982 key->transform->delkey(key->transform->st);
983 key->key_timeout=0;
984}
985
986static void delete_keys(struct site *st, cstring_t reason, uint32_t loglevel)
794f2398 987{
3d8d8f4e 988 if (current_valid(st)) {
794f2398
SE		 989 slog(st,loglevel,"session closed (%s)",reason);
990
1d388569 991 delete_one_key(st,&st->current,0,0,0);
794f2398
SE		 992 set_link_quality(st);
993 }
02b0959b 994 delete_one_key(st,&st->auxiliary_key,0,0,0);
794f2398
SE		 995}
996
2fe58dfd
SE		 997static void state_assert(struct site *st, bool_t ok)
998{
4f5e39ec 999 if (!ok) fatal("site:state_assert");
2fe58dfd
SE		 1000}
1001
1002static void enter_state_stop(struct site *st)
1003{
1004 st->state=SITE_STOP;
1005 st->timeout=0;
1d388569 1006 delete_keys(st,"entering state STOP",LOG_TIMEOUT_KEY);
2fe58dfd
SE		 1007 st->new_transform->delkey(st->new_transform->st);
1008}
1009
9d3a4132
SE		 1010static void set_link_quality(struct site *st)
1011{
1012 uint32_t quality;
3d8d8f4e 1013 if (current_valid(st))
9d3a4132
SE		 1014 quality=LINK_QUALITY_UP;
1015 else if (st->state==SITE_WAIT || st->state==SITE_STOP)
1016 quality=LINK_QUALITY_DOWN;
1017 else if (st->address)
1018 quality=LINK_QUALITY_DOWN_CURRENT_ADDRESS;
446353cd 1019 else if (transport_peers_valid(&st->peers))
9d3a4132
SE		 1020 quality=LINK_QUALITY_DOWN_STALE_ADDRESS;
1021 else
1022 quality=LINK_QUALITY_DOWN;
1023
469fd1d9 1024 st->netlink->set_quality(st->netlink->st,quality);
9d3a4132
SE		 1025}
1026
2fe58dfd
SE		 1027static void enter_state_run(struct site *st)
1028{
1029 slog(st,LOG_STATE,"entering state RUN");
1030 st->state=SITE_RUN;
1031 st->timeout=0;
9d3a4132 1032
ff05a229 1033 st->setup_session_id=0;
446353cd 1034 transport_peers_clear(st,&st->setup_peers);
ff05a229
SE		 1035 memset(st->localN,0,NONCELEN);
1036 memset(st->remoteN,0,NONCELEN);
1037 st->new_transform->delkey(st->new_transform->st);
1038 memset(st->dhsecret,0,st->dh->len);
7c9ca4bd 1039 memset(st->sharedsecret,0,st->sharedsecretlen);
9d3a4132 1040 set_link_quality(st);
2fe58dfd
SE		 1041}
1042
1043static bool_t enter_state_resolve(struct site *st)
1044{
1045 state_assert(st,st->state==SITE_RUN);
1046 slog(st,LOG_STATE,"entering state RESOLVE");
1047 st->state=SITE_RESOLVE;
1048 st->resolver->request(st->resolver->st,st->address,
1049 site_resolve_callback,st);
1050 return True;
1051}
1052
ff05a229 1053static bool_t enter_new_state(struct site *st, uint32_t next)
2fe58dfd 1054{
ff05a229 1055 bool_t (*gen)(struct site *st);
3b83c932
SE		 1056 int r;
1057
ff05a229
SE		 1058 slog(st,LOG_STATE,"entering state %s",state_name(next));
1059 switch(next) {
1060 case SITE_SENTMSG1:
1061 state_assert(st,st->state==SITE_RUN || st->state==SITE_RESOLVE);
1062 gen=generate_msg1;
1063 break;
1064 case SITE_SENTMSG2:
1065 state_assert(st,st->state==SITE_RUN || st->state==SITE_RESOLVE ||
1066 st->state==SITE_SENTMSG1 || st->state==SITE_WAIT);
1067 gen=generate_msg2;
1068 break;
1069 case SITE_SENTMSG3:
1070 state_assert(st,st->state==SITE_SENTMSG1);
1071 BUF_FREE(&st->buffer);
1072 gen=generate_msg3;
1073 break;
1074 case SITE_SENTMSG4:
1075 state_assert(st,st->state==SITE_SENTMSG2);
1076 BUF_FREE(&st->buffer);
1077 gen=generate_msg4;
1078 break;
1079 case SITE_SENTMSG5:
1080 state_assert(st,st->state==SITE_SENTMSG3);
1081 BUF_FREE(&st->buffer);
1082 gen=generate_msg5;
1083 break;
1084 case SITE_RUN:
1085 state_assert(st,st->state==SITE_SENTMSG4);
1086 BUF_FREE(&st->buffer);
1087 gen=generate_msg6;
1088 break;
1089 default:
1090 gen=NULL;
4f5e39ec 1091 fatal("enter_new_state(%s): invalid new state",state_name(next));
ff05a229 1092 break;
2fe58dfd 1093 }
2fe58dfd 1094
3b83c932
SE		 1095 if (hacky_par_start_failnow()) return False;
1096
1097 r= gen(st) && send_msg(st);
1098
1099 hacky_par_end(&r,
e7f8ec2a 1100 st->setup_retries, st->setup_retry_interval,
3b83c932
SE		 1101 send_msg, st);
1102
1103 if (r) {
ff05a229
SE		 1104 st->state=next;
1105 if (next==SITE_RUN) {
1106 BUF_FREE(&st->buffer); /* Never reused */
1107 st->timeout=0; /* Never retransmit */
1108 activate_new_key(st);
1109 }
2fe58dfd
SE		 1110 return True;
1111 }
ff05a229
SE		 1112 slog(st,LOG_ERROR,"error entering state %s",state_name(next));
1113 st->buffer.free=False; /* Unconditionally use the buffer; it may be
1114 in either state, and enter_state_wait() will
1115 do a BUF_FREE() */
2fe58dfd
SE		 1116 enter_state_wait(st);
1117 return False;
1118}
1119
ff05a229 1120/* msg7 tells our peer that we're about to forget our key */
fe5e9cc4 1121static bool_t send_msg7(struct site *st, cstring_t reason)
794f2398 1122{
fe5e9cc4 1123 cstring_t transform_err;
794f2398 1124
3d8d8f4e 1125 if (current_valid(st) && st->buffer.free
446353cd 1126 && transport_peers_valid(&st->peers)) {
794f2398
SE		 1127 BUF_ALLOC(&st->buffer,"site:MSG7");
1128 buffer_init(&st->buffer,st->transform->max_start_pad+(4*3));
1129 buf_append_uint32(&st->buffer,LABEL_MSG7);
1130 buf_append_string(&st->buffer,reason);
19e9a588 1131 st->current.transform->forwards(st->current.transform->st,
794f2398
SE		 1132 &st->buffer, &transform_err);
1133 buf_prepend_uint32(&st->buffer,LABEL_MSG0);
58650a70 1134 buf_prepend_uint32(&st->buffer,st->index);
19e9a588 1135 buf_prepend_uint32(&st->buffer,st->current.remote_session_id);
446353cd 1136 transport_xmit(st,&st->peers,&st->buffer,True);
794f2398
SE		 1137 BUF_FREE(&st->buffer);
1138 return True;
1139 }
1140 return False;
1141}
1142
2fe58dfd
SE		 1143/* We go into this state if our peer becomes uncommunicative. Similar to
1144 the "stop" state, we forget all session keys for a while, before
1145 re-entering the "run" state. */
1146static void enter_state_wait(struct site *st)
1147{
1148 slog(st,LOG_STATE,"entering state WAIT");
1149 st->timeout=st->now+st->wait_timeout;
1150 st->state=SITE_WAIT;
9d3a4132 1151 set_link_quality(st);
2fe58dfd
SE		 1152 BUF_FREE(&st->buffer); /* will have had an outgoing packet in it */
1153 /* XXX Erase keys etc. */
1154}
1155
16f73fa6 1156static inline void site_settimeout(uint64_t timeout, int *timeout_io)
fe5e9cc4
SE		 1157{
1158 if (timeout) {
0009e60a
IJ		 1159 int64_t offset=timeout-*now;
1160 if (offset<0) offset=0;
fe5e9cc4
SE		 1161 if (offset>INT_MAX) offset=INT_MAX;
1162 if (*timeout_io<0 || offset<*timeout_io)
1163 *timeout_io=offset;
1164 }
1165}
1166
2fe58dfd 1167static int site_beforepoll(void *sst, struct pollfd *fds, int *nfds_io,
90a39563 1168 int *timeout_io)
2fe58dfd
SE		 1169{
1170 struct site *st=sst;
1171
1172 *nfds_io=0; /* We don't use any file descriptors */
1173 st->now=*now;
1174
1175 /* Work out when our next timeout is. The earlier of 'timeout' or
19e9a588 1176 'current.key_timeout'. A stored value of '0' indicates no timeout
2fe58dfd 1177 active. */
16f73fa6 1178 site_settimeout(st->timeout, timeout_io);
19e9a588 1179 site_settimeout(st->current.key_timeout, timeout_io);
02b0959b 1180 site_settimeout(st->auxiliary_key.key_timeout, timeout_io);
2fe58dfd
SE		 1181
1182 return 0; /* success */
1183}
1184
1d388569
IJ		 1185static void check_expiry(struct site *st, struct data_key *key,
1186 const char *which)
1187{
1188 if (key->key_timeout && *now>key->key_timeout) {
1189 delete_one_key(st,key,"maximum life exceeded",which,LOG_TIMEOUT_KEY);
1190 }
1191}
1192
2fe58dfd 1193/* NB site_afterpoll will be called before site_beforepoll is ever called */
90a39563 1194static void site_afterpoll(void *sst, struct pollfd *fds, int nfds)
2fe58dfd
SE		 1195{
1196 struct site *st=sst;
1197
1198 st->now=*now;
1199 if (st->timeout && *now>st->timeout) {
2fe58dfd 1200 st->timeout=0;
3b83c932
SE		 1201 if (st->state>=SITE_SENTMSG1 && st->state<=SITE_SENTMSG5) {
1202 if (!hacky_par_start_failnow())
1203 send_msg(st);
1204 } else if (st->state==SITE_WAIT) {
2fe58dfd
SE		 1205 enter_state_run(st);
1206 } else {
1207 slog(st,LOG_ERROR,"site_afterpoll: unexpected timeout, state=%d",
1208 st->state);
1209 }
1210 }
1d388569 1211 check_expiry(st,&st->current,"current key");
02b0959b 1212 check_expiry(st,&st->auxiliary_key,"auxiliary key");
2fe58dfd
SE		 1213}
1214
1215/* This function is called by the netlink device to deliver packets
1216 intended for the remote network. The packet is in "raw" wire
1217 format, but is guaranteed to be word-aligned. */
469fd1d9 1218static void site_outgoing(void *sst, struct buffer_if *buf)
2fe58dfd
SE		 1219{
1220 struct site *st=sst;
fe5e9cc4 1221 cstring_t transform_err;
2fe58dfd
SE		 1222
1223 if (st->state==SITE_STOP) {
1224 BUF_FREE(buf);
1225 return;
1226 }
1227
1228 /* In all other states we consider delivering the packet if we have
1229 a valid key and a valid address to send it to. */
3d8d8f4e 1230 if (current_valid(st) && transport_peers_valid(&st->peers)) {
2fe58dfd 1231 /* Transform it and send it */
70dc107b
SE		 1232 if (buf->size>0) {
1233 buf_prepend_uint32(buf,LABEL_MSG9);
19e9a588 1234 st->current.transform->forwards(st->current.transform->st,
70dc107b
SE		 1235 buf, &transform_err);
1236 buf_prepend_uint32(buf,LABEL_MSG0);
58650a70 1237 buf_prepend_uint32(buf,st->index);
19e9a588 1238 buf_prepend_uint32(buf,st->current.remote_session_id);
446353cd 1239 transport_xmit(st,&st->peers,buf,False);
70dc107b 1240 }
2fe58dfd
SE		 1241 BUF_FREE(buf);
1242 return;
1243 }
1244
70dc107b 1245 slog(st,LOG_DROP,"discarding outgoing packet of size %d",buf->size);
2fe58dfd 1246 BUF_FREE(buf);
794f2398 1247 initiate_key_setup(st,"outgoing packet");
2fe58dfd
SE		 1248}
1249
7e29719e
IJ		 1250static bool_t named_for_us(struct site *st, const struct buffer_if *buf_in,
1251 uint32_t type, struct msg *m)
1252 /* For packets which are identified by the local and remote names.
1253 * If it has our name and our peer's name in it it's for us. */
1254{
1255 struct buffer_if buf[1];
1256 buffer_readonly_clone(buf,buf_in);
1257 return unpick_msg(st,type,buf,m)
1258 && name_matches(&m->remote,st->remotename)
1259 && name_matches(&m->local,st->localname);
1260}
1261
2fe58dfd
SE		 1262/* This function is called by the communication device to deliver
1263 packets from our peers. */
1264static bool_t site_incoming(void *sst, struct buffer_if *buf,
a15faeb2 1265 const struct comm_addr *source)
2fe58dfd
SE		 1266{
1267 struct site *st=sst;
20138876
IJ		 1268
1269 if (buf->size < 12) return False;
1270
7e29719e 1271 uint32_t msgtype=ntohl(get_uint32(buf->start+8));
59635212 1272 uint32_t dest=ntohl(*(uint32_t *)buf->start);
7e29719e
IJ		 1273 struct msg named_msg;
1274
1275 if (msgtype==LABEL_MSG1) {
1276 if (!named_for_us(st,buf,msgtype,&named_msg))
1277 return False;
1278 /* It's a MSG1 addressed to us. Decide what to do about it. */
1279 dump_packet(st,buf,source,True);
1280 if (st->state==SITE_RUN || st->state==SITE_RESOLVE ||
1281 st->state==SITE_WAIT) {
1282 /* We should definitely process it */
1283 if (process_msg1(st,buf,source,&named_msg)) {
1284 slog(st,LOG_SETUP_INIT,"key setup initiated by peer");
1285 enter_new_state(st,SITE_SENTMSG2);
1286 } else {
1287 slog(st,LOG_ERROR,"failed to process incoming msg1");
1288 }
1289 BUF_FREE(buf);
1290 return True;
1291 } else if (st->state==SITE_SENTMSG1) {
1292 /* We've just sent a message 1! They may have crossed on
1293 the wire. If we have priority then we ignore the
1294 incoming one, otherwise we process it as usual. */
1295 if (st->setup_priority) {
1296 BUF_FREE(buf);
1297 slog(st,LOG_DUMP,"crossed msg1s; we are higher "
1298 "priority => ignore incoming msg1");
1299 return True;
1300 } else {
1301 slog(st,LOG_DUMP,"crossed msg1s; we are lower "
1302 "priority => use incoming msg1");
1303 if (process_msg1(st,buf,source,&named_msg)) {
1304 BUF_FREE(&st->buffer); /* Free our old message 1 */
ff05a229 1305 enter_new_state(st,SITE_SENTMSG2);
2fe58dfd 1306 } else {
7e29719e
IJ		 1307 slog(st,LOG_ERROR,"failed to process an incoming "
1308 "crossed msg1 (we have low priority)");
2fe58dfd
SE		 1309 }
1310 BUF_FREE(buf);
1311 return True;
2fe58dfd 1312 }
2fe58dfd 1313 }
7e29719e
IJ		 1314 /* The message 1 was received at an unexpected stage of the
1315 key setup. XXX POLICY - what do we do? */
1316 slog(st,LOG_UNEXPECTED,"unexpected incoming message 1");
1317 BUF_FREE(buf);
1318 return True;
2fe58dfd 1319 }
58650a70 1320 if (dest==st->index) {
2fe58dfd
SE		 1321 /* Explicitly addressed to us */
1322 if (msgtype!=LABEL_MSG0) dump_packet(st,buf,source,True);
1323 switch (msgtype) {
136740e6 1324 case LABEL_NAK:
794f2398
SE		 1325 /* If the source is our current peer then initiate a key setup,
1326 because our peer's forgotten the key */
19e9a588 1327 if (get_uint32(buf->start+4)==st->current.remote_session_id) {
794f2398
SE		 1328 initiate_key_setup(st,"received a NAK");
1329 } else {
1330 slog(st,LOG_SEC,"bad incoming NAK");
1331 }
1332 break;
2fe58dfd
SE		 1333 case LABEL_MSG0:
1334 process_msg0(st,buf,source);
1335 break;
1336 case LABEL_MSG1:
1337 /* Setup packet: should not have been explicitly addressed
1338 to us */
59635212 1339 slog(st,LOG_SEC,"incoming explicitly addressed msg1");
2fe58dfd
SE		 1340 break;
1341 case LABEL_MSG2:
1342 /* Setup packet: expected only in state SENTMSG1 */
1343 if (st->state!=SITE_SENTMSG1) {
1344 slog(st,LOG_UNEXPECTED,"unexpected MSG2");
446353cd
IJ		 1345 } else if (process_msg2(st,buf,source)) {
1346 transport_setup_msgok(st,source);
ff05a229 1347 enter_new_state(st,SITE_SENTMSG3);
446353cd 1348 } else {
59635212 1349 slog(st,LOG_SEC,"invalid MSG2");
2fe58dfd
SE		 1350 }
1351 break;
1352 case LABEL_MSG3:
1353 /* Setup packet: expected only in state SENTMSG2 */
1354 if (st->state!=SITE_SENTMSG2) {
1355 slog(st,LOG_UNEXPECTED,"unexpected MSG3");
446353cd
IJ		 1356 } else if (process_msg3(st,buf,source)) {
1357 transport_setup_msgok(st,source);
ff05a229 1358 enter_new_state(st,SITE_SENTMSG4);
446353cd 1359 } else {
59635212 1360 slog(st,LOG_SEC,"invalid MSG3");
2fe58dfd
SE		 1361 }
1362 break;
1363 case LABEL_MSG4:
1364 /* Setup packet: expected only in state SENTMSG3 */
1365 if (st->state!=SITE_SENTMSG3) {
1366 slog(st,LOG_UNEXPECTED,"unexpected MSG4");
446353cd
IJ		 1367 } else if (process_msg4(st,buf,source)) {
1368 transport_setup_msgok(st,source);
ff05a229 1369 enter_new_state(st,SITE_SENTMSG5);
446353cd 1370 } else {
59635212 1371 slog(st,LOG_SEC,"invalid MSG4");
2fe58dfd
SE		 1372 }
1373 break;
1374 case LABEL_MSG5:
4efd681a
SE		 1375 /* Setup packet: expected only in state SENTMSG4 */
1376 /* (may turn up in state RUN if our return MSG6 was lost
1377 and the new key has already been activated. In that
05f39b4d
IJ		 1378 case we discard it. The peer will realise that we
1379 are using the new key when they see our data packets.
1380 Until then the peer's data packets to us get discarded. */
c90cc2a7
IJ		 1381 if (st->state==SITE_SENTMSG4) {
1382 if (process_msg5(st,buf,source,st->new_transform)) {
1383 transport_setup_msgok(st,source);
1384 enter_new_state(st,SITE_RUN);
1385 } else {
1386 slog(st,LOG_SEC,"invalid MSG5");
1387 }
1388 } else if (st->state==SITE_RUN) {
19e9a588 1389 if (process_msg5(st,buf,source,st->current.transform)) {
c90cc2a7
IJ		 1390 slog(st,LOG_DROP,"got MSG5, retransmitting MSG6");
1391 transport_setup_msgok(st,source);
19e9a588
IJ		 1392 create_msg6(st,st->current.transform,
1393 st->current.remote_session_id);
c90cc2a7
IJ		 1394 transport_xmit(st,&st->peers,&st->buffer,True);
1395 BUF_FREE(&st->buffer);
1396 } else {
1397 slog(st,LOG_SEC,"invalid MSG5 (in state RUN)");
1398 }
2fe58dfd 1399 } else {
c90cc2a7 1400 slog(st,LOG_UNEXPECTED,"unexpected MSG5");
2fe58dfd
SE		 1401 }
1402 break;
1403 case LABEL_MSG6:
1404 /* Setup packet: expected only in state SENTMSG5 */
1405 if (st->state!=SITE_SENTMSG5) {
1406 slog(st,LOG_UNEXPECTED,"unexpected MSG6");
1407 } else if (process_msg6(st,buf,source)) {
1408 BUF_FREE(&st->buffer); /* Free message 5 */
446353cd 1409 transport_setup_msgok(st,source);
2fe58dfd
SE		 1410 activate_new_key(st);
1411 } else {
59635212 1412 slog(st,LOG_SEC,"invalid MSG6");
2fe58dfd
SE		 1413 }
1414 break;
2fe58dfd 1415 default:
59635212 1416 slog(st,LOG_SEC,"received message of unknown type 0x%08x",
2fe58dfd
SE		 1417 msgtype);
1418 break;
1419 }
1420 BUF_FREE(buf);
1421 return True;
1422 }
1423
1424 return False;
1425}
1426
1427static void site_control(void *vst, bool_t run)
1428{
1429 struct site *st=vst;
1430 if (run) enter_state_run(st);
1431 else enter_state_stop(st);
1432}
1433
794f2398
SE		 1434static void site_phase_hook(void *sst, uint32_t newphase)
1435{
1436 struct site *st=sst;
1437
1438 /* The program is shutting down; tell our peer */
1439 send_msg7(st,"shutting down");
1440}
1441
2fe58dfd
SE		 1442static list_t *site_apply(closure_t *self, struct cloc loc, dict_t *context,
1443 list_t *args)
1444{
58650a70 1445 static uint32_t index_sequence;
2fe58dfd
SE		 1446 struct site *st;
1447 item_t *item;
1448 dict_t *dict;
59533c16 1449 int i;
2fe58dfd
SE		 1450
1451 st=safe_malloc(sizeof(*st),"site_apply");
1452
1453 st->cl.description="site";
1454 st->cl.type=CL_SITE;
1455 st->cl.apply=NULL;
1456 st->cl.interface=&st->ops;
1457 st->ops.st=st;
1458 st->ops.control=site_control;
1459 st->ops.status=site_status;
1460
1461 /* First parameter must be a dict */
1462 item=list_elem(args,0);
1463 if (!item || item->type!=t_dict)
1464 cfgfatal(loc,"site","parameter must be a dictionary\n");
1465
1466 dict=item->data.dict;
558fa3fb
SE		 1467 st->localname=dict_read_string(dict, "local-name", True, "site", loc);
1468 st->remotename=dict_read_string(dict, "name", True, "site", loc);
dba19f84
IJ		 1469
1470 st->peer_mobile=dict_read_bool(dict,"mobile",False,"site",loc,False);
1471 bool_t local_mobile=
1472 dict_read_bool(dict,"local-mobile",False,"site",loc,False);
1473
558fa3fb
SE		 1474 /* Sanity check (which also allows the 'sites' file to include
1475 site() closures for all sites including our own): refuse to
1476 talk to ourselves */
1477 if (strcmp(st->localname,st->remotename)==0) {
b2a56f7c 1478 Message(M_DEBUG,"site %s: local-name==name -> ignoring this site\n",
baa06aeb 1479 st->localname);
dba19f84
IJ		 1480 if (st->peer_mobile != local_mobile)
1481 cfgfatal(loc,"site","site %s's peer-mobile=%d"
1482 " but our local-mobile=%d\n",
1483 st->localname, st->peer_mobile, local_mobile);
1484 free(st);
1485 return NULL;
1486 }
1487 if (st->peer_mobile && local_mobile) {
1488 Message(M_WARNING,"site %s: site is mobile but so are we"
1489 " -> ignoring this site\n", st->remotename);
558fa3fb
SE		 1490 free(st);
1491 return NULL;
1492 }
dba19f84 1493
58650a70
RK		 1494 assert(index_sequence < 0xffffffffUL);
1495 st->index = ++index_sequence;
469fd1d9 1496 st->netlink=find_cl_if(dict,"link",CL_NETLINK,True,"site",loc);
59533c16
IJ		 1497
1498 list_t *comms_cfg=dict_lookup(dict,"comm");
39a6b1e2 1499 if (!comms_cfg) cfgfatal(loc,"site","closure list \"comm\" not found\n");
59533c16
IJ		 1500 st->ncomms=list_length(comms_cfg);
1501 st->comms=safe_malloc_ary(sizeof(*st->comms),st->ncomms,"comms");
1502 assert(st->ncomms);
1503 for (i=0; i<st->ncomms; i++) {
1504 item_t *item=list_elem(comms_cfg,i);
39a6b1e2
IJ		 1505 if (item->type!=t_closure)
1506 cfgfatal(loc,"site","comm is not a closure\n");
59533c16 1507 closure_t *cl=item->data.closure;
39a6b1e2 1508 if (cl->type!=CL_COMM) cfgfatal(loc,"site","comm closure wrong type\n");
59533c16
IJ		 1509 st->comms[i]=cl->interface;
1510 }
1511
2fe58dfd
SE		 1512 st->resolver=find_cl_if(dict,"resolver",CL_RESOLVER,True,"site",loc);
1513 st->log=find_cl_if(dict,"log",CL_LOG,True,"site",loc);
1514 st->random=find_cl_if(dict,"random",CL_RANDOMSRC,True,"site",loc);
1515
2fe58dfd 1516 st->privkey=find_cl_if(dict,"local-key",CL_RSAPRIVKEY,True,"site",loc);
2fe58dfd 1517 st->address=dict_read_string(dict, "address", False, "site", loc);
3454dce4
SE		 1518 if (st->address)
1519 st->remoteport=dict_read_number(dict,"port",True,"site",loc,0);
1520 else st->remoteport=0;
2fe58dfd
SE		 1521 st->pubkey=find_cl_if(dict,"key",CL_RSAPUBKEY,True,"site",loc);
1522
1523 st->transform=
1524 find_cl_if(dict,"transform",CL_TRANSFORM,True,"site",loc);
1525
1526 st->dh=find_cl_if(dict,"dh",CL_DH,True,"site",loc);
1527 st->hash=find_cl_if(dict,"hash",CL_HASH,True,"site",loc);
1528
e57264d6
IJ		 1529#define DEFAULT(D) (st->peer_mobile || local_mobile \
1530 ? DEFAULT_MOBILE_##D : DEFAULT_##D)
e7f8ec2a 1531#define CFG_NUMBER(k,D) dict_read_number(dict,(k),False,"site",loc,DEFAULT(D));
c27ca22f 1532
e7f8ec2a
IJ		 1533 st->key_lifetime= CFG_NUMBER("key-lifetime", KEY_LIFETIME);
1534 st->setup_retries= CFG_NUMBER("setup-retries", SETUP_RETRIES);
1535 st->setup_retry_interval= CFG_NUMBER("setup-timeout", SETUP_RETRY_INTERVAL);
1536 st->wait_timeout= CFG_NUMBER("wait-time", WAIT_TIME);
1537
446353cd
IJ		 1538 st->mobile_peer_expiry= dict_read_number(
1539 dict,"mobile-peer-expiry",False,"site",loc,DEFAULT_MOBILE_PEER_EXPIRY);
1540
1541 st->transport_peers_max= !st->peer_mobile ? 1 : dict_read_number(
1542 dict,"mobile-peers-max",False,"site",loc,DEFAULT_MOBILE_PEERS_MAX);
1543 if (st->transport_peers_max<1 ||
1544 st->transport_peers_max>=MAX_MOBILE_PEERS_MAX) {
1545 cfgfatal(loc,"site","mobile-peers-max must be in range 1.."
1546 STRING(MAX_MOBILE_PEERS_MAX) "\n");
1547 }
1548
e7f8ec2a 1549 if (st->key_lifetime < DEFAULT(KEY_RENEGOTIATE_GAP)*2)
c27ca22f
IJ		 1550 st->key_renegotiate_time=st->key_lifetime/2;
1551 else
e7f8ec2a 1552 st->key_renegotiate_time=st->key_lifetime-DEFAULT(KEY_RENEGOTIATE_GAP);
9d3a4132 1553 st->key_renegotiate_time=dict_read_number(
cce0051f 1554 dict,"renegotiate-time",False,"site",loc,st->key_renegotiate_time);
9d3a4132
SE		 1555 if (st->key_renegotiate_time > st->key_lifetime) {
1556 cfgfatal(loc,"site",
1557 "renegotiate-time must be less than key-lifetime\n");
1558 }
9d3a4132
SE		 1559
1560 st->log_events=string_list_to_word(dict_lookup(dict,"log-events"),
1561 log_event_table,"site");
2fe58dfd 1562
4efd681a
SE		 1563 st->tunname=safe_malloc(strlen(st->localname)+strlen(st->remotename)+5,
1564 "site_apply");
1565 sprintf(st->tunname,"%s<->%s",st->localname,st->remotename);
1566
2fe58dfd 1567 /* The information we expect to see in incoming messages of type 1 */
59230b9b
IJ		 1568 /* fixme: lots of unchecked overflows here, but the results are only
1569 corrupted packets rather than undefined behaviour */
2fe58dfd
SE		 1570 st->setup_priority=(strcmp(st->localname,st->remotename)>0);
1571
1572 buffer_new(&st->buffer,SETUP_BUFFER_LEN);
1573
05f39b4d
IJ		 1574 buffer_new(&st->scratch,0);
1575 BUF_ALLOC(&st->scratch,"site:scratch");
1576
2fe58dfd
SE		 1577 /* We are interested in poll(), but only for timeouts. We don't have
1578 any fds of our own. */
1579 register_for_poll(st, site_beforepoll, site_afterpoll, 0, "site");
1580 st->timeout=0;
1581
19e9a588 1582 st->current.key_timeout=0;
02b0959b 1583 st->auxiliary_key.key_timeout=0;
446353cd
IJ		 1584 transport_peers_clear(st,&st->peers);
1585 transport_peers_clear(st,&st->setup_peers);
2fe58dfd
SE		 1586 /* XXX mlock these */
1587 st->dhsecret=safe_malloc(st->dh->len,"site:dhsecret");
7c9ca4bd
IJ		 1588 st->sharedsecretlen=st->transform->keylen?:st->dh->ceil_len;
1589 st->sharedsecret=safe_malloc(st->sharedsecretlen,"site:sharedsecret");
2fe58dfd 1590
59533c16
IJ		 1591 /* We need to compute some properties of our comms */
1592#define COMPUTE_WORST(pad) \
1593 int worst_##pad=0; \
1594 for (i=0; i<st->ncomms; i++) { \
1595 int thispad=st->comms[i]->pad; \
1596 if (thispad > worst_##pad) \
1597 worst_##pad=thispad; \
1598 }
1599 COMPUTE_WORST(min_start_pad)
1600 COMPUTE_WORST(min_end_pad)
1601
2fe58dfd 1602 /* We need to register the remote networks with the netlink device */
469fd1d9 1603 st->netlink->reg(st->netlink->st, site_outgoing, st,
ff05a229 1604 st->transform->max_start_pad+(4*4)+
59533c16
IJ		 1605 worst_min_start_pad,
1606 st->transform->max_end_pad+worst_min_end_pad);
ff05a229 1607
59533c16
IJ		 1608 for (i=0; i<st->ncomms; i++)
1609 st->comms[i]->request_notify(st->comms[i]->st, st, site_incoming);
2fe58dfd 1610
19e9a588 1611 st->current.transform=st->transform->create(st->transform->st);
02b0959b 1612 st->auxiliary_key.transform=st->transform->create(st->transform->st);
2fe58dfd 1613 st->new_transform=st->transform->create(st->transform->st);
bd98cd6b 1614 st->auxiliary_is_new=0;
2fe58dfd
SE		 1615
1616 enter_state_stop(st);
1617
794f2398
SE		 1618 add_hook(PHASE_SHUTDOWN,site_phase_hook,st);
1619
2fe58dfd
SE		 1620 return new_closure(&st->cl);
1621}
1622
2fe58dfd
SE		 1623void site_module(dict_t *dict)
1624{
1625 add_closure(dict,"site",site_apply);
1626}
446353cd
IJ		 1627
1628
1629/***** TRANSPORT PEERS definitions *****/
1630
1631static void transport_peers_debug(struct site *st, transport_peers *dst,
1632 const char *didwhat,
1633 int nargs, const struct comm_addr *args,
1634 size_t stride) {
1635 int i;
1636 char *argp;
1637
1638 if (!(st->log_events & LOG_PEER_ADDRS))
1639 return; /* an optimisation */
1640
1641 slog(st, LOG_PEER_ADDRS, "peers (%s) %s nargs=%d => npeers=%d",
1642 (dst==&st->peers ? "data" :
1643 dst==&st->setup_peers ? "setup" : "UNKNOWN"),
1644 didwhat, nargs, dst->npeers);
1645
1646 for (i=0, argp=(void*)args;
1647 i<nargs;
1648 i++, (argp+=stride?stride:sizeof(*args))) {
1649 const struct comm_addr *ca=(void*)argp;
1650 slog(st, LOG_PEER_ADDRS, " args: addrs[%d]=%s",
1651 i, ca->comm->addr_to_string(ca->comm->st,ca));
1652 }
1653 for (i=0; i<dst->npeers; i++) {
1654 struct timeval diff;
1655 timersub(tv_now,&dst->peers[i].last,&diff);
1656 const struct comm_addr *ca=&dst->peers[i].addr;
1657 slog(st, LOG_PEER_ADDRS, " peers: addrs[%d]=%s T-%ld.%06ld",
1658 i, ca->comm->addr_to_string(ca->comm->st,ca),
1659 (unsigned long)diff.tv_sec, (unsigned long)diff.tv_usec);
1660 }
1661}
1662
1663static int transport_peer_compar(const void *av, const void *bv) {
1664 const transport_peer *a=av;
1665 const transport_peer *b=bv;
1666 /* put most recent first in the array */
1667 if (timercmp(&a->last, &b->last, <)) return +1;
1668 if (timercmp(&a->last, &b->last, >)) return -11;
1669 return 0;
1670}
1671
1672static void transport_peers_expire(struct site *st, transport_peers *peers) {
1673 /* peers must be sorted first */
1674 int previous_peers=peers->npeers;
1675 struct timeval oldest;
1676 oldest.tv_sec = tv_now->tv_sec - st->mobile_peer_expiry;
1677 oldest.tv_usec = tv_now->tv_usec;
1678 while (peers->npeers>1 &&
1679 timercmp(&peers->peers[peers->npeers-1].last, &oldest, <))
1680 peers->npeers--;
1681 if (peers->npeers != previous_peers)
1682 transport_peers_debug(st,peers,"expire", 0,0,0);
1683}
1684
1685static void transport_record_peer(struct site *st, transport_peers *peers,
1686 const struct comm_addr *addr, const char *m) {
1687 int slot, changed=0;
1688
1689 for (slot=0; slot<peers->npeers; slot++)
1690 if (!memcmp(&peers->peers[slot].addr, addr, sizeof(*addr)))
1691 goto found;
1692
1693 changed=1;
1694 if (peers->npeers==st->transport_peers_max)
1695 slot=st->transport_peers_max;
1696 else
1697 slot=peers->npeers++;
1698
1699 found:
1700 peers->peers[slot].addr=*addr;
1701 peers->peers[slot].last=*tv_now;
1702
1703 if (peers->npeers>1)
1704 qsort(peers->peers, peers->npeers,
1705 sizeof(*peers->peers), transport_peer_compar);
1706
1707 if (changed || peers->npeers!=1)
1708 transport_peers_debug(st,peers,m, 1,addr,0);
1709 transport_peers_expire(st, peers);
1710}
1711
1712static bool_t transport_compute_setupinit_peers(struct site *st,
1713 const struct comm_addr *configured_addr /* 0 if none or not found */) {
1714
1715 if (!configured_addr && !transport_peers_valid(&st->peers))
1716 return False;
1717
1718 slog(st,LOG_SETUP_INIT,
1719 (!configured_addr ? "using only %d old peer address(es)"
1720 : "using configured address, and/or perhaps %d old peer address(es)"),
1721 st->peers);
1722
1723 /* Non-mobile peers havve st->peers.npeers==0 or ==1, since they
1724 * have transport_peers_max==1. The effect is that this code
1725 * always uses the configured address if supplied, or otherwise
1726 * the existing data peer if one exists; this is as desired. */
1727
1728 transport_peers_copy(st,&st->setup_peers,&st->peers);
1729
1730 if (configured_addr)
1731 transport_record_peer(st,&st->setup_peers,configured_addr,"setupinit");
1732
1733 assert(transport_peers_valid(&st->setup_peers));
1734 return True;
1735}
1736
1737static void transport_setup_msgok(struct site *st, const struct comm_addr *a) {
1738 if (st->peer_mobile)
1739 transport_record_peer(st,&st->setup_peers,a,"setupmsg");
1740}
1741static void transport_data_msgok(struct site *st, const struct comm_addr *a) {
1742 if (st->peer_mobile)
1743 transport_record_peer(st,&st->peers,a,"datamsg");
1744}
1745
1746static int transport_peers_valid(transport_peers *peers) {
1747 return peers->npeers;
1748}
1749static void transport_peers_clear(struct site *st, transport_peers *peers) {
1750 peers->npeers= 0;
1751 transport_peers_debug(st,peers,"clear",0,0,0);
1752}
1753static void transport_peers_copy(struct site *st, transport_peers *dst,
1754 const transport_peers *src) {
1755 dst->npeers=src->npeers;
1756 memcpy(dst->peers, src->peers, sizeof(*dst->peers) * dst->npeers);
1757 transport_peers_debug(st,dst,"copy",
a620a048 1758 src->npeers, &src->peers->addr, sizeof(*src->peers));
446353cd
IJ		 1759}
1760
1761void transport_xmit(struct site *st, transport_peers *peers,
1762 struct buffer_if *buf, bool_t candebug) {
1763 int slot;
1764 transport_peers_expire(st, peers);
1765 for (slot=0; slot<peers->npeers; slot++) {
1766 transport_peer *peer=&peers->peers[slot];
1767 if (candebug)
1768 dump_packet(st, buf, &peer->addr, False);
1769 peer->addr.comm->sendmsg(peer->addr.comm->st, buf, &peer->addr);
1770 }
1771}
1772
1773/***** END of transport peers declarations *****/
Secnet virtual private network: clone of http://www.chiark.greenend.org.uk/ucgi/~ian/git/secnet.git/