~mdw / secnet / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
comm, site: pass a new "struct comm_addr" rather than sockaddr_in
[secnet] / site.c
CommitLineData
2fe58dfd
SE		 1/* site.c - manage communication with a remote network site */
2
469fd1d9
SE		 3/* The 'site' code doesn't know anything about the structure of the
4 packets it's transmitting. In fact, under the new netlink
5 configuration scheme it doesn't need to know anything at all about
6 IP addresses, except how to contact its peer. This means it could
7 potentially be used to tunnel other protocols too (IPv6, IPX, plain
8 old Ethernet frames) if appropriate netlink code can be written
9 (and that ought not to be too hard, eg. using the TUN/TAP device to
10 pretend to be an Ethernet interface). */
11
ff05a229
SE		 12/* At some point in the future the netlink code will be asked for
13 configuration information to go in the PING/PONG packets at the end
14 of the key exchange. */
15
8689b3a9 16#include "secnet.h"
2fe58dfd 17#include <stdio.h>
469fd1d9 18#include <string.h>
fe5e9cc4 19#include <limits.h>
58650a70 20#include <assert.h>
8689b3a9 21#include <sys/socket.h>
2fe58dfd 22
8689b3a9 23#include <sys/mman.h>
2fe58dfd 24#include "util.h"
59635212 25#include "unaligned.h"
ff05a229 26#include "magic.h"
2fe58dfd
SE		 27
28#define SETUP_BUFFER_LEN 2048
29
9d3a4132
SE		 30#define DEFAULT_KEY_LIFETIME 3600000 /* One hour */
31#define DEFAULT_KEY_RENEGOTIATE_GAP 300000 /* Five minutes */
2fe58dfd 32#define DEFAULT_SETUP_RETRIES 5
4f5e39ec 33#define DEFAULT_SETUP_TIMEOUT 2000
3454dce4 34#define DEFAULT_WAIT_TIME 20000
2fe58dfd
SE		 35
36/* Each site can be in one of several possible states. */
37
38/* States:
39 SITE_STOP - nothing is allowed to happen; tunnel is down;
40 all session keys have been erased
41 -> SITE_RUN upon external instruction
42 SITE_RUN - site up, maybe with valid key
43 -> SITE_RESOLVE upon outgoing packet and no valid key
44 we start name resolution for the other end of the tunnel
45 -> SITE_SENTMSG2 upon valid incoming message 1 and suitable time
46 we send an appropriate message 2
47 SITE_RESOLVE - waiting for name resolution
48 -> SITE_SENTMSG1 upon successful resolution
49 we send an appropriate message 1
50 -> SITE_SENTMSG2 upon valid incoming message 1 (then abort resolution)
51 we abort resolution and
52 -> SITE_WAIT on timeout or resolution failure
53 SITE_SENTMSG1
54 -> SITE_SENTMSG2 upon valid incoming message 1 from higher priority end
55 -> SITE_SENTMSG3 upon valid incoming message 2
56 -> SITE_WAIT on timeout
57 SITE_SENTMSG2
58 -> SITE_SENTMSG4 upon valid incoming message 3
59 -> SITE_WAIT on timeout
60 SITE_SENTMSG3
61 -> SITE_SENTMSG5 upon valid incoming message 4
62 -> SITE_WAIT on timeout
63 SITE_SENTMSG4
64 -> SITE_RUN upon valid incoming message 5
65 -> SITE_WAIT on timeout
66 SITE_SENTMSG5
67 -> SITE_RUN upon valid incoming message 6
68 -> SITE_WAIT on timeout
69 SITE_WAIT - failed to establish key; do nothing for a while
70 -> SITE_RUN on timeout
71 */
72
73#define SITE_STOP 0
74#define SITE_RUN 1
75#define SITE_RESOLVE 2
76#define SITE_SENTMSG1 3
77#define SITE_SENTMSG2 4
78#define SITE_SENTMSG3 5
79#define SITE_SENTMSG4 6
80#define SITE_SENTMSG5 7
81#define SITE_WAIT 8
82
fe5e9cc4 83static cstring_t state_name(uint32_t state)
2fe58dfd
SE		 84{
85 switch (state) {
3454dce4
SE		 86 case 0: return "STOP";
87 case 1: return "RUN";
88 case 2: return "RESOLVE";
89 case 3: return "SENTMSG1";
90 case 4: return "SENTMSG2";
91 case 5: return "SENTMSG3";
92 case 6: return "SENTMSG4";
93 case 7: return "SENTMSG5";
94 case 8: return "WAIT";
2fe58dfd
SE		 95 default: return "*bad state*";
96 }
97}
98
2fe58dfd
SE		 99#define NONCELEN 8
100
101#define LOG_UNEXPECTED 0x00000001
102#define LOG_SETUP_INIT 0x00000002
103#define LOG_SETUP_TIMEOUT 0x00000004
104#define LOG_ACTIVATE_KEY 0x00000008
105#define LOG_TIMEOUT_KEY 0x00000010
9d3a4132 106#define LOG_SEC 0x00000020
2fe58dfd
SE		 107#define LOG_STATE 0x00000040
108#define LOG_DROP 0x00000080
109#define LOG_DUMP 0x00000100
110#define LOG_ERROR 0x00000400
111
9d3a4132
SE		 112static struct flagstr log_event_table[]={
113 { "unexpected", LOG_UNEXPECTED },
114 { "setup-init", LOG_SETUP_INIT },
115 { "setup-timeout", LOG_SETUP_TIMEOUT },
116 { "activate-key", LOG_ACTIVATE_KEY },
117 { "timeout-key", LOG_TIMEOUT_KEY },
118 { "security", LOG_SEC },
119 { "state-change", LOG_STATE },
120 { "packet-drop", LOG_DROP },
121 { "dump-packets", LOG_DUMP },
122 { "errors", LOG_ERROR },
ff05a229
SE		 123 { "default", LOG_SETUP_INIT|LOG_SETUP_TIMEOUT|
124 LOG_ACTIVATE_KEY|LOG_TIMEOUT_KEY|LOG_SEC|LOG_ERROR },
9d3a4132
SE		 125 { "all", 0xffffffff },
126 { NULL, 0 }
127};
128
2fe58dfd
SE		 129struct site {
130 closure_t cl;
131 struct site_if ops;
132/* configuration information */
133 string_t localname;
134 string_t remotename;
ff05a229 135 string_t tunname; /* localname<->remotename by default, used in logs */
2fe58dfd 136 string_t address; /* DNS name for bootstrapping, optional */
ff05a229 137 int remoteport; /* Port for bootstrapping, optional */
2fe58dfd
SE		 138 struct netlink_if *netlink;
139 struct comm_if *comm;
140 struct resolver_if *resolver;
141 struct log_if *log;
142 struct random_if *random;
143 struct rsaprivkey_if *privkey;
2fe58dfd
SE		 144 struct rsapubkey_if *pubkey;
145 struct transform_if *transform;
146 struct dh_if *dh;
147 struct hash_if *hash;
2fe58dfd 148
58650a70 149 uint32_t index; /* Index of this site */
1caa23ff 150 int32_t setup_retries; /* How many times to send setup packets */
4a8aed08
IJ		 151 int32_t setup_timeout; /* Initial timeout for setup packets */
152 int32_t wait_timeout; /* How long to wait if setup unsuccessful */
153 int32_t key_lifetime; /* How long a key lasts once set up */
154 int32_t key_renegotiate_time; /* If we see traffic (or a keepalive)
9d3a4132
SE		 155 after this time, initiate a new
156 key exchange */
2fe58dfd
SE		 157
158 uint8_t *setupsig; /* Expected signature of incoming MSG1 packets */
1caa23ff
IJ		 159 int32_t setupsiglen; /* Allows us to discard packets quickly if
160 they are not for us */
2fe58dfd
SE		 161 bool_t setup_priority; /* Do we have precedence if both sites emit
162 message 1 simultaneously? */
163 uint32_t log_events;
164
165/* runtime information */
166 uint32_t state;
167 uint64_t now; /* Most recently seen time */
168
ff05a229 169 /* The currently established session */
2fe58dfd
SE		 170 uint32_t remote_session_id;
171 struct transform_inst_if *current_transform;
172 bool_t current_valid;
173 uint64_t current_key_timeout; /* End of life of current key */
ff05a229 174 uint64_t renegotiate_key_time; /* When we can negotiate a new key */
a15faeb2 175 struct comm_addr peer; /* Current address of peer */
2fe58dfd
SE		 176 bool_t peer_valid; /* Peer address becomes invalid when key times out,
177 but only if we have a DNS name for our peer */
178
ff05a229
SE		 179 /* The current key setup protocol exchange. We can only be
180 involved in one of these at a time. There's a potential for
181 denial of service here (the attacker keeps sending a setup
182 packet; we keep trying to continue the exchange, and have to
183 timeout before we can listen for another setup packet); perhaps
184 we should keep a list of 'bad' sources for setup packets. */
2fe58dfd 185 uint32_t setup_session_id;
a15faeb2 186 struct comm_addr setup_peer;
2fe58dfd
SE		 187 uint8_t localN[NONCELEN]; /* Nonces for key exchange */
188 uint8_t remoteN[NONCELEN];
189 struct buffer_if buffer; /* Current outgoing key exchange packet */
4a8aed08 190 int32_t retries; /* Number of retries remaining */
2fe58dfd
SE		 191 uint64_t timeout; /* Timeout for current state */
192 uint8_t *dhsecret;
193 uint8_t *sharedsecret;
2fe58dfd
SE		 194 struct transform_inst_if *new_transform; /* For key setup/verify */
195};
196
fe5e9cc4 197static void slog(struct site *st, uint32_t event, cstring_t msg, ...)
2fe58dfd
SE		 198{
199 va_list ap;
7c006408 200 char buf[240];
b2a56f7c 201 uint32_t class;
2fe58dfd
SE		 202
203 va_start(ap,msg);
204
205 if (event&st->log_events) {
b2a56f7c
SE		 206 switch(event) {
207 case LOG_UNEXPECTED: class=M_INFO; break;
208 case LOG_SETUP_INIT: class=M_INFO; break;
209 case LOG_SETUP_TIMEOUT: class=M_NOTICE; break;
210 case LOG_ACTIVATE_KEY: class=M_INFO; break;
211 case LOG_TIMEOUT_KEY: class=M_INFO; break;
212 case LOG_SEC: class=M_SECURITY; break;
213 case LOG_STATE: class=M_DEBUG; break;
214 case LOG_DROP: class=M_DEBUG; break;
215 case LOG_DUMP: class=M_DEBUG; break;
469fd1d9
SE		 216 case LOG_ERROR: class=M_ERR; break;
217 default: class=M_ERR; break;
b2a56f7c
SE		 218 }
219
c1d2109a 220 vsnprintf(buf,sizeof(buf),msg,ap);
b2a56f7c 221 st->log->log(st->log->st,class,"%s: %s",st->tunname,buf);
2fe58dfd
SE		 222 }
223 va_end(ap);
224}
225
9d3a4132 226static void set_link_quality(struct site *st);
fe5e9cc4
SE		 227static void delete_key(struct site *st, cstring_t reason, uint32_t loglevel);
228static bool_t initiate_key_setup(struct site *st, cstring_t reason);
2fe58dfd
SE		 229static void enter_state_run(struct site *st);
230static bool_t enter_state_resolve(struct site *st);
ff05a229 231static bool_t enter_new_state(struct site *st,uint32_t next);
2fe58dfd
SE		 232static void enter_state_wait(struct site *st);
233
234#define CHECK_AVAIL(b,l) do { if ((b)->size<(l)) return False; } while(0)
235#define CHECK_EMPTY(b) do { if ((b)->size!=0) return False; } while(0)
236#define CHECK_TYPE(b,t) do { uint32_t type; \
237 CHECK_AVAIL((b),4); \
59635212 238 type=buf_unprepend_uint32((b)); \
2fe58dfd
SE		 239 if (type!=(t)) return False; } while(0)
240
241struct msg {
242 uint8_t *hashstart;
243 uint32_t dest;
244 uint32_t source;
1caa23ff 245 int32_t remlen;
2fe58dfd 246 uint8_t *remote;
1caa23ff 247 int32_t loclen;
2fe58dfd
SE		 248 uint8_t *local;
249 uint8_t *nR;
250 uint8_t *nL;
1caa23ff 251 int32_t pklen;
3e8addad 252 char *pk;
1caa23ff
IJ		 253 int32_t hashlen;
254 int32_t siglen;
3e8addad 255 char *sig;
2fe58dfd
SE		 256};
257
ff05a229
SE		 258/* Build any of msg1 to msg4. msg5 and msg6 are built from the inside
259 out using a transform of config data supplied by netlink */
fe5e9cc4 260static bool_t generate_msg(struct site *st, uint32_t type, cstring_t what)
2fe58dfd
SE		 261{
262 void *hst;
3b83c932 263 uint8_t *hash;
2fe58dfd
SE		 264 string_t dhpub, sig;
265
266 st->retries=st->setup_retries;
267 BUF_ALLOC(&st->buffer,what);
268 buffer_init(&st->buffer,0);
59635212
SE		 269 buf_append_uint32(&st->buffer,
270 (type==LABEL_MSG1?0:st->setup_session_id));
58650a70 271 buf_append_uint32(&st->buffer,st->index);
59635212 272 buf_append_uint32(&st->buffer,type);
2fe58dfd
SE		 273 buf_append_string(&st->buffer,st->localname);
274 buf_append_string(&st->buffer,st->remotename);
275 memcpy(buf_append(&st->buffer,NONCELEN),st->localN,NONCELEN);
276 if (type==LABEL_MSG1) return True;
277 memcpy(buf_append(&st->buffer,NONCELEN),st->remoteN,NONCELEN);
278 if (type==LABEL_MSG2) return True;
3b83c932
SE		 279
280 if (hacky_par_mid_failnow()) return False;
281
2fe58dfd
SE		 282 dhpub=st->dh->makepublic(st->dh->st,st->dhsecret,st->dh->len);
283 buf_append_string(&st->buffer,dhpub);
284 free(dhpub);
3b83c932 285 hash=safe_malloc(st->hash->len, "generate_msg");
2fe58dfd
SE		 286 hst=st->hash->init();
287 st->hash->update(hst,st->buffer.start,st->buffer.size);
288 st->hash->final(hst,hash);
289 sig=st->privkey->sign(st->privkey->st,hash,st->hash->len);
290 buf_append_string(&st->buffer,sig);
291 free(sig);
3b83c932 292 free(hash);
2fe58dfd
SE		 293 return True;
294}
295
296static bool_t unpick_msg(struct site *st, uint32_t type,
297 struct buffer_if *msg, struct msg *m)
298{
299 m->hashstart=msg->start;
300 CHECK_AVAIL(msg,4);
59635212 301 m->dest=buf_unprepend_uint32(msg);
2fe58dfd 302 CHECK_AVAIL(msg,4);
59635212 303 m->source=buf_unprepend_uint32(msg);
2fe58dfd
SE		 304 CHECK_TYPE(msg,type);
305 CHECK_AVAIL(msg,2);
59635212 306 m->remlen=buf_unprepend_uint16(msg);
2fe58dfd
SE		 307 CHECK_AVAIL(msg,m->remlen);
308 m->remote=buf_unprepend(msg,m->remlen);
309 CHECK_AVAIL(msg,2);
59635212 310 m->loclen=buf_unprepend_uint16(msg);
2fe58dfd
SE		 311 CHECK_AVAIL(msg,m->loclen);
312 m->local=buf_unprepend(msg,m->loclen);
313 CHECK_AVAIL(msg,NONCELEN);
314 m->nR=buf_unprepend(msg,NONCELEN);
315 if (type==LABEL_MSG1) {
316 CHECK_EMPTY(msg);
317 return True;
318 }
319 CHECK_AVAIL(msg,NONCELEN);
320 m->nL=buf_unprepend(msg,NONCELEN);
321 if (type==LABEL_MSG2) {
322 CHECK_EMPTY(msg);
323 return True;
324 }
325 CHECK_AVAIL(msg,2);
59635212 326 m->pklen=buf_unprepend_uint16(msg);
2fe58dfd
SE		 327 CHECK_AVAIL(msg,m->pklen);
328 m->pk=buf_unprepend(msg,m->pklen);
329 m->hashlen=msg->start-m->hashstart;
330 CHECK_AVAIL(msg,2);
59635212 331 m->siglen=buf_unprepend_uint16(msg);
2fe58dfd
SE		 332 CHECK_AVAIL(msg,m->siglen);
333 m->sig=buf_unprepend(msg,m->siglen);
334 CHECK_EMPTY(msg);
335 return True;
336}
337
ff05a229 338static bool_t check_msg(struct site *st, uint32_t type, struct msg *m,
fe5e9cc4 339 cstring_t *error)
ff05a229
SE		 340{
341 if (type==LABEL_MSG1) return True;
342
343 /* Check that the site names and our nonce have been sent
344 back correctly, and then store our peer's nonce. */
345 if (memcmp(m->remote,st->remotename,strlen(st->remotename)!=0)) {
346 *error="wrong remote site name";
347 return False;
348 }
349 if (memcmp(m->local,st->localname,strlen(st->localname)!=0)) {
350 *error="wrong local site name";
351 return False;
352 }
353 if (memcmp(m->nL,st->localN,NONCELEN)!=0) {
354 *error="wrong locally-generated nonce";
355 return False;
356 }
357 if (type==LABEL_MSG2) return True;
358 if (memcmp(m->nR,st->remoteN,NONCELEN)!=0) {
359 *error="wrong remotely-generated nonce";
360 return False;
361 }
362 if (type==LABEL_MSG3) return True;
363 if (type==LABEL_MSG4) return True;
364 *error="unknown message type";
365 return False;
366}
367
2fe58dfd
SE		 368static bool_t generate_msg1(struct site *st)
369{
370 st->random->generate(st->random->st,NONCELEN,st->localN);
371 return generate_msg(st,LABEL_MSG1,"site:MSG1");
372}
373
374static bool_t process_msg1(struct site *st, struct buffer_if *msg1,
a15faeb2 375 const struct comm_addr *src)
2fe58dfd
SE		 376{
377 struct msg m;
378
379 /* We've already determined we're in an appropriate state to
380 process an incoming MSG1, and that the MSG1 has correct values
381 of A and B. */
382
383 if (!unpick_msg(st,LABEL_MSG1,msg1,&m)) return False;
384
2fe58dfd 385 st->setup_peer=*src;
2fe58dfd
SE		 386 st->setup_session_id=m.source;
387 memcpy(st->remoteN,m.nR,NONCELEN);
388 return True;
389}
390
391static bool_t generate_msg2(struct site *st)
392{
393 st->random->generate(st->random->st,NONCELEN,st->localN);
394 return generate_msg(st,LABEL_MSG2,"site:MSG2");
395}
396
397static bool_t process_msg2(struct site *st, struct buffer_if *msg2,
a15faeb2 398 const struct comm_addr *src)
2fe58dfd
SE		 399{
400 struct msg m;
fe5e9cc4 401 cstring_t err;
2fe58dfd
SE		 402
403 if (!unpick_msg(st,LABEL_MSG2,msg2,&m)) return False;
ff05a229
SE		 404 if (!check_msg(st,LABEL_MSG2,&m,&err)) {
405 slog(st,LOG_SEC,"msg2: %s",err);
2fe58dfd
SE		 406 return False;
407 }
408 st->setup_session_id=m.source;
409 memcpy(st->remoteN,m.nR,NONCELEN);
410 return True;
411}
412
413static bool_t generate_msg3(struct site *st)
414{
415 /* Now we have our nonce and their nonce. Think of a secret key,
416 and create message number 3. */
417 st->random->generate(st->random->st,st->dh->len,st->dhsecret);
418 return generate_msg(st,LABEL_MSG3,"site:MSG3");
419}
420
421static bool_t process_msg3(struct site *st, struct buffer_if *msg3,
a15faeb2 422 const struct comm_addr *src)
2fe58dfd
SE		 423{
424 struct msg m;
3b83c932 425 uint8_t *hash;
2fe58dfd 426 void *hst;
fe5e9cc4 427 cstring_t err;
2fe58dfd
SE		 428
429 if (!unpick_msg(st,LABEL_MSG3,msg3,&m)) return False;
ff05a229
SE		 430 if (!check_msg(st,LABEL_MSG3,&m,&err)) {
431 slog(st,LOG_SEC,"msg3: %s",err);
2fe58dfd
SE		 432 return False;
433 }
ff05a229 434
2fe58dfd 435 /* Check signature and store g^x mod m */
3b83c932 436 hash=safe_malloc(st->hash->len, "process_msg3");
2fe58dfd
SE		 437 hst=st->hash->init();
438 st->hash->update(hst,m.hashstart,m.hashlen);
439 st->hash->final(hst,hash);
440 /* Terminate signature with a '0' - cheating, but should be ok */
441 m.sig[m.siglen]=0;
442 if (!st->pubkey->check(st->pubkey->st,hash,st->hash->len,m.sig)) {
59635212 443 slog(st,LOG_SEC,"msg3 signature failed check!");
3b83c932 444 free(hash);
2fe58dfd
SE		 445 return False;
446 }
3b83c932 447 free(hash);
2fe58dfd
SE		 448
449 /* Terminate their DH public key with a '0' */
450 m.pk[m.pklen]=0;
451 /* Invent our DH secret key */
452 st->random->generate(st->random->st,st->dh->len,st->dhsecret);
453
454 /* Generate the shared key */
455 st->dh->makeshared(st->dh->st,st->dhsecret,st->dh->len,m.pk,
456 st->sharedsecret,st->transform->keylen);
457
458 /* Set up the transform */
459 st->new_transform->setkey(st->new_transform->st,st->sharedsecret,
460 st->transform->keylen);
461
462 return True;
463}
464
465static bool_t generate_msg4(struct site *st)
466{
467 /* We have both nonces, their public key and our private key. Generate
468 our public key, sign it and send it to them. */
469 return generate_msg(st,LABEL_MSG4,"site:MSG4");
470}
471
472static bool_t process_msg4(struct site *st, struct buffer_if *msg4,
a15faeb2 473 const struct comm_addr *src)
2fe58dfd
SE		 474{
475 struct msg m;
3b83c932 476 uint8_t *hash;
2fe58dfd 477 void *hst;
fe5e9cc4 478 cstring_t err;
2fe58dfd
SE		 479
480 if (!unpick_msg(st,LABEL_MSG4,msg4,&m)) return False;
ff05a229
SE		 481 if (!check_msg(st,LABEL_MSG4,&m,&err)) {
482 slog(st,LOG_SEC,"msg4: %s",err);
2fe58dfd
SE		 483 return False;
484 }
485
486 /* Check signature and store g^x mod m */
3b83c932 487 hash=safe_malloc(st->hash->len, "process_msg4");
2fe58dfd
SE		 488 hst=st->hash->init();
489 st->hash->update(hst,m.hashstart,m.hashlen);
490 st->hash->final(hst,hash);
491 /* Terminate signature with a '0' - cheating, but should be ok */
492 m.sig[m.siglen]=0;
493 if (!st->pubkey->check(st->pubkey->st,hash,st->hash->len,m.sig)) {
59635212 494 slog(st,LOG_SEC,"msg4 signature failed check!");
3b83c932 495 free(hash);
2fe58dfd
SE		 496 return False;
497 }
3b83c932 498 free(hash);
2fe58dfd
SE		 499
500 /* Terminate their DH public key with a '0' */
501 m.pk[m.pklen]=0;
502 /* Generate the shared key */
503 st->dh->makeshared(st->dh->st,st->dhsecret,st->dh->len,m.pk,
504 st->sharedsecret,st->transform->keylen);
505 /* Set up the transform */
506 st->new_transform->setkey(st->new_transform->st,st->sharedsecret,
507 st->transform->keylen);
508
509 return True;
510}
511
2fe58dfd
SE		 512struct msg0 {
513 uint32_t dest;
514 uint32_t source;
515 uint32_t type;
516};
517
518static bool_t unpick_msg0(struct site *st, struct buffer_if *msg0,
519 struct msg0 *m)
520{
521 CHECK_AVAIL(msg0,4);
59635212 522 m->dest=buf_unprepend_uint32(msg0);
2fe58dfd 523 CHECK_AVAIL(msg0,4);
59635212 524 m->source=buf_unprepend_uint32(msg0);
2fe58dfd 525 CHECK_AVAIL(msg0,4);
59635212 526 m->type=buf_unprepend_uint32(msg0);
2fe58dfd
SE		 527 return True;
528 /* Leaves transformed part of buffer untouched */
529}
530
ff05a229
SE		 531static bool_t generate_msg5(struct site *st)
532{
fe5e9cc4 533 cstring_t transform_err;
ff05a229
SE		 534
535 BUF_ALLOC(&st->buffer,"site:MSG5");
536 /* We are going to add four words to the message */
537 buffer_init(&st->buffer,st->transform->max_start_pad+(4*4));
538 /* Give the netlink code an opportunity to put its own stuff in the
539 message (configuration information, etc.) */
540 st->netlink->output_config(st->netlink->st,&st->buffer);
541 buf_prepend_uint32(&st->buffer,LABEL_MSG5);
542 st->new_transform->forwards(st->new_transform->st,&st->buffer,
543 &transform_err);
544 buf_prepend_uint32(&st->buffer,LABEL_MSG5);
58650a70 545 buf_prepend_uint32(&st->buffer,st->index);
ff05a229
SE		 546 buf_prepend_uint32(&st->buffer,st->setup_session_id);
547
548 st->retries=st->setup_retries;
549 return True;
550}
551
2fe58dfd 552static bool_t process_msg5(struct site *st, struct buffer_if *msg5,
a15faeb2 553 const struct comm_addr *src)
2fe58dfd
SE		 554{
555 struct msg0 m;
fe5e9cc4 556 cstring_t transform_err;
2fe58dfd
SE		 557
558 if (!unpick_msg0(st,msg5,&m)) return False;
559
560 if (st->new_transform->reverse(st->new_transform->st,
561 msg5,&transform_err)) {
562 /* There's a problem */
59635212 563 slog(st,LOG_SEC,"process_msg5: transform: %s",transform_err);
2fe58dfd
SE		 564 return False;
565 }
566 /* Buffer should now contain untransformed PING packet data */
567 CHECK_AVAIL(msg5,4);
59635212 568 if (buf_unprepend_uint32(msg5)!=LABEL_MSG5) {
ff05a229 569 slog(st,LOG_SEC,"MSG5/PING packet contained wrong label");
2fe58dfd
SE		 570 return False;
571 }
794f2398
SE		 572 if (!st->netlink->check_config(st->netlink->st,msg5)) {
573 slog(st,LOG_SEC,"MSG5/PING packet contained bad netlink config");
574 return False;
575 }
2fe58dfd
SE		 576 CHECK_EMPTY(msg5);
577 return True;
578}
579
580static bool_t generate_msg6(struct site *st)
581{
fe5e9cc4 582 cstring_t transform_err;
2fe58dfd
SE		 583
584 BUF_ALLOC(&st->buffer,"site:MSG6");
ff05a229
SE		 585 /* We are going to add four words to the message */
586 buffer_init(&st->buffer,st->transform->max_start_pad+(4*4));
794f2398
SE		 587 /* Give the netlink code an opportunity to put its own stuff in the
588 message (configuration information, etc.) */
589 st->netlink->output_config(st->netlink->st,&st->buffer);
ff05a229 590 buf_prepend_uint32(&st->buffer,LABEL_MSG6);
2fe58dfd
SE		 591 st->new_transform->forwards(st->new_transform->st,&st->buffer,
592 &transform_err);
59635212 593 buf_prepend_uint32(&st->buffer,LABEL_MSG6);
58650a70 594 buf_prepend_uint32(&st->buffer,st->index);
59635212 595 buf_prepend_uint32(&st->buffer,st->setup_session_id);
2fe58dfd 596
ff05a229 597 st->retries=1; /* Peer will retransmit MSG5 if this packet gets lost */
2fe58dfd
SE		 598 return True;
599}
600
601static bool_t process_msg6(struct site *st, struct buffer_if *msg6,
a15faeb2 602 const struct comm_addr *src)
2fe58dfd
SE		 603{
604 struct msg0 m;
fe5e9cc4 605 cstring_t transform_err;
2fe58dfd
SE		 606
607 if (!unpick_msg0(st,msg6,&m)) return False;
608
609 if (st->new_transform->reverse(st->new_transform->st,
610 msg6,&transform_err)) {
611 /* There's a problem */
59635212 612 slog(st,LOG_SEC,"process_msg6: transform: %s",transform_err);
2fe58dfd
SE		 613 return False;
614 }
615 /* Buffer should now contain untransformed PING packet data */
616 CHECK_AVAIL(msg6,4);
59635212
SE		 617 if (buf_unprepend_uint32(msg6)!=LABEL_MSG6) {
618 slog(st,LOG_SEC,"MSG6/PONG packet contained invalid data");
2fe58dfd
SE		 619 return False;
620 }
794f2398
SE		 621 if (!st->netlink->check_config(st->netlink->st,msg6)) {
622 slog(st,LOG_SEC,"MSG6/PONG packet contained bad netlink config");
623 return False;
624 }
2fe58dfd
SE		 625 CHECK_EMPTY(msg6);
626 return True;
627}
628
629static bool_t process_msg0(struct site *st, struct buffer_if *msg0,
a15faeb2 630 const struct comm_addr *src)
2fe58dfd
SE		 631{
632 struct msg0 m;
fe5e9cc4 633 cstring_t transform_err;
2fe58dfd
SE		 634 uint32_t type;
635
636 if (!st->current_valid) {
637 slog(st,LOG_DROP,"incoming message but no current key -> dropping");
794f2398 638 return initiate_key_setup(st,"incoming message but no current key");
2fe58dfd
SE		 639 }
640
641 if (!unpick_msg0(st,msg0,&m)) return False;
642
643 if (st->current_transform->reverse(st->current_transform->st,
644 msg0,&transform_err)) {
645 /* There's a problem */
59635212 646 slog(st,LOG_SEC,"transform: %s",transform_err);
794f2398 647 return initiate_key_setup(st,"incoming message would not decrypt");
2fe58dfd
SE		 648 }
649 CHECK_AVAIL(msg0,4);
59635212 650 type=buf_unprepend_uint32(msg0);
2fe58dfd 651 switch(type) {
794f2398
SE		 652 case LABEL_MSG7:
653 /* We must forget about the current session. */
654 delete_key(st,"request from peer",LOG_SEC);
655 return True;
2fe58dfd
SE		 656 case LABEL_MSG9:
657 /* Deliver to netlink layer */
469fd1d9 658 st->netlink->deliver(st->netlink->st,msg0);
2fe58dfd 659 return True;
2fe58dfd 660 default:
ff05a229
SE		 661 slog(st,LOG_SEC,"incoming encrypted message of type %08x "
662 "(unknown)",type);
2fe58dfd
SE		 663 break;
664 }
665 return False;
666}
667
668static void dump_packet(struct site *st, struct buffer_if *buf,
a15faeb2 669 const struct comm_addr *addr, bool_t incoming)
2fe58dfd 670{
59635212
SE		 671 uint32_t dest=ntohl(*(uint32_t *)buf->start);
672 uint32_t source=ntohl(*(uint32_t *)(buf->start+4));
673 uint32_t msgtype=ntohl(*(uint32_t *)(buf->start+8));
2fe58dfd
SE		 674
675 if (st->log_events & LOG_DUMP)
040ee979
SE		 676 slilog(st->log,M_DEBUG,"%s: %s: %08x<-%08x: %08x:",
677 st->tunname,incoming?"incoming":"outgoing",
678 dest,source,msgtype);
2fe58dfd
SE		 679}
680
681static uint32_t site_status(void *st)
682{
683 return 0;
684}
685
686static bool_t send_msg(struct site *st)
687{
688 if (st->retries>0) {
689 dump_packet(st,&st->buffer,&st->setup_peer,False);
690 st->comm->sendmsg(st->comm->st,&st->buffer,&st->setup_peer);
691 st->timeout=st->now+st->setup_timeout;
692 st->retries--;
693 return True;
694 } else {
3454dce4
SE		 695 slog(st,LOG_SETUP_TIMEOUT,"timed out sending key setup packet "
696 "(in state %s)",state_name(st->state));
2fe58dfd
SE		 697 enter_state_wait(st);
698 return False;
699 }
700}
701
702static void site_resolve_callback(void *sst, struct in_addr *address)
703{
704 struct site *st=sst;
705
706 if (st->state!=SITE_RESOLVE) {
707 slog(st,LOG_UNEXPECTED,"site_resolve_callback called unexpectedly");
708 return;
709 }
710 if (address) {
711 memset(&st->setup_peer,0,sizeof(st->setup_peer));
a15faeb2
IJ		 712 st->setup_peer.comm=st->comm;
713 st->setup_peer.sin.sin_family=AF_INET;
714 st->setup_peer.sin.sin_port=htons(st->remoteport);
715 st->setup_peer.sin.sin_addr=*address;
ff05a229 716 enter_new_state(st,SITE_SENTMSG1);
2fe58dfd
SE		 717 } else {
718 /* Resolution failed */
719 slog(st,LOG_ERROR,"resolution of %s failed",st->address);
720 enter_state_run(st);
721 }
722}
723
fe5e9cc4 724static bool_t initiate_key_setup(struct site *st, cstring_t reason)
9d3a4132
SE		 725{
726 if (st->state!=SITE_RUN) return False;
794f2398 727 slog(st,LOG_SETUP_INIT,"initiating key exchange (%s)",reason);
9d3a4132 728 if (st->address) {
794f2398 729 slog(st,LOG_SETUP_INIT,"resolving peer address");
9d3a4132
SE		 730 return enter_state_resolve(st);
731 } else if (st->peer_valid) {
794f2398 732 slog(st,LOG_SETUP_INIT,"using old peer address");
9d3a4132 733 st->setup_peer=st->peer;
ff05a229 734 return enter_new_state(st,SITE_SENTMSG1);
9d3a4132 735 }
ff05a229 736 slog(st,LOG_SETUP_INIT,"key exchange failed: no address for peer");
9d3a4132
SE		 737 return False;
738}
739
2fe58dfd
SE		 740static void activate_new_key(struct site *st)
741{
742 struct transform_inst_if *t;
743
ff05a229
SE		 744 /* We have two transform instances, which we swap between active
745 and setup */
2fe58dfd
SE		 746 t=st->current_transform;
747 st->current_transform=st->new_transform;
748 st->new_transform=t;
749
750 t->delkey(t->st);
2fe58dfd
SE		 751 st->timeout=0;
752 st->current_valid=True;
753 st->current_key_timeout=st->now+st->key_lifetime;
ff05a229 754 st->renegotiate_key_time=st->now+st->key_renegotiate_time;
2fe58dfd
SE		 755 st->peer=st->setup_peer;
756 st->peer_valid=True;
757 st->remote_session_id=st->setup_session_id;
758
759 slog(st,LOG_ACTIVATE_KEY,"new key activated");
9d3a4132 760 enter_state_run(st);
2fe58dfd
SE		 761}
762
fe5e9cc4 763static void delete_key(struct site *st, cstring_t reason, uint32_t loglevel)
794f2398
SE		 764{
765 if (st->current_valid) {
766 slog(st,loglevel,"session closed (%s)",reason);
767
768 st->current_valid=False;
769 st->current_transform->delkey(st->current_transform->st);
770 st->current_key_timeout=0;
771 set_link_quality(st);
772 }
773}
774
2fe58dfd
SE		 775static void state_assert(struct site *st, bool_t ok)
776{
4f5e39ec 777 if (!ok) fatal("site:state_assert");
2fe58dfd
SE		 778}
779
780static void enter_state_stop(struct site *st)
781{
782 st->state=SITE_STOP;
783 st->timeout=0;
794f2398 784 delete_key(st,"entering state STOP",LOG_TIMEOUT_KEY);
2fe58dfd
SE		 785 st->new_transform->delkey(st->new_transform->st);
786}
787
9d3a4132
SE		 788static void set_link_quality(struct site *st)
789{
790 uint32_t quality;
791 if (st->current_valid)
792 quality=LINK_QUALITY_UP;
793 else if (st->state==SITE_WAIT || st->state==SITE_STOP)
794 quality=LINK_QUALITY_DOWN;
795 else if (st->address)
796 quality=LINK_QUALITY_DOWN_CURRENT_ADDRESS;
797 else if (st->peer_valid)
798 quality=LINK_QUALITY_DOWN_STALE_ADDRESS;
799 else
800 quality=LINK_QUALITY_DOWN;
801
469fd1d9 802 st->netlink->set_quality(st->netlink->st,quality);
9d3a4132
SE		 803}
804
2fe58dfd
SE		 805static void enter_state_run(struct site *st)
806{
807 slog(st,LOG_STATE,"entering state RUN");
808 st->state=SITE_RUN;
809 st->timeout=0;
9d3a4132 810
ff05a229
SE		 811 st->setup_session_id=0;
812 memset(&st->setup_peer,0,sizeof(st->setup_peer));
813 memset(st->localN,0,NONCELEN);
814 memset(st->remoteN,0,NONCELEN);
815 st->new_transform->delkey(st->new_transform->st);
816 memset(st->dhsecret,0,st->dh->len);
817 memset(st->sharedsecret,0,st->transform->keylen);
9d3a4132 818 set_link_quality(st);
2fe58dfd
SE		 819}
820
821static bool_t enter_state_resolve(struct site *st)
822{
823 state_assert(st,st->state==SITE_RUN);
824 slog(st,LOG_STATE,"entering state RESOLVE");
825 st->state=SITE_RESOLVE;
826 st->resolver->request(st->resolver->st,st->address,
827 site_resolve_callback,st);
828 return True;
829}
830
ff05a229 831static bool_t enter_new_state(struct site *st, uint32_t next)
2fe58dfd 832{
ff05a229 833 bool_t (*gen)(struct site *st);
3b83c932
SE		 834 int r;
835
ff05a229
SE		 836 slog(st,LOG_STATE,"entering state %s",state_name(next));
837 switch(next) {
838 case SITE_SENTMSG1:
839 state_assert(st,st->state==SITE_RUN || st->state==SITE_RESOLVE);
840 gen=generate_msg1;
841 break;
842 case SITE_SENTMSG2:
843 state_assert(st,st->state==SITE_RUN || st->state==SITE_RESOLVE ||
844 st->state==SITE_SENTMSG1 || st->state==SITE_WAIT);
845 gen=generate_msg2;
846 break;
847 case SITE_SENTMSG3:
848 state_assert(st,st->state==SITE_SENTMSG1);
849 BUF_FREE(&st->buffer);
850 gen=generate_msg3;
851 break;
852 case SITE_SENTMSG4:
853 state_assert(st,st->state==SITE_SENTMSG2);
854 BUF_FREE(&st->buffer);
855 gen=generate_msg4;
856 break;
857 case SITE_SENTMSG5:
858 state_assert(st,st->state==SITE_SENTMSG3);
859 BUF_FREE(&st->buffer);
860 gen=generate_msg5;
861 break;
862 case SITE_RUN:
863 state_assert(st,st->state==SITE_SENTMSG4);
864 BUF_FREE(&st->buffer);
865 gen=generate_msg6;
866 break;
867 default:
868 gen=NULL;
4f5e39ec 869 fatal("enter_new_state(%s): invalid new state",state_name(next));
ff05a229 870 break;
2fe58dfd 871 }
2fe58dfd 872
3b83c932
SE		 873 if (hacky_par_start_failnow()) return False;
874
875 r= gen(st) && send_msg(st);
876
877 hacky_par_end(&r,
878 st->setup_retries, st->setup_timeout,
879 send_msg, st);
880
881 if (r) {
ff05a229
SE		 882 st->state=next;
883 if (next==SITE_RUN) {
884 BUF_FREE(&st->buffer); /* Never reused */
885 st->timeout=0; /* Never retransmit */
886 activate_new_key(st);
887 }
2fe58dfd
SE		 888 return True;
889 }
ff05a229
SE		 890 slog(st,LOG_ERROR,"error entering state %s",state_name(next));
891 st->buffer.free=False; /* Unconditionally use the buffer; it may be
892 in either state, and enter_state_wait() will
893 do a BUF_FREE() */
2fe58dfd
SE		 894 enter_state_wait(st);
895 return False;
896}
897
ff05a229 898/* msg7 tells our peer that we're about to forget our key */
fe5e9cc4 899static bool_t send_msg7(struct site *st, cstring_t reason)
794f2398 900{
fe5e9cc4 901 cstring_t transform_err;
794f2398
SE		 902
903 if (st->current_valid && st->peer_valid && st->buffer.free) {
904 BUF_ALLOC(&st->buffer,"site:MSG7");
905 buffer_init(&st->buffer,st->transform->max_start_pad+(4*3));
906 buf_append_uint32(&st->buffer,LABEL_MSG7);
907 buf_append_string(&st->buffer,reason);
908 st->current_transform->forwards(st->current_transform->st,
909 &st->buffer, &transform_err);
910 buf_prepend_uint32(&st->buffer,LABEL_MSG0);
58650a70 911 buf_prepend_uint32(&st->buffer,st->index);
794f2398 912 buf_prepend_uint32(&st->buffer,st->remote_session_id);
16045f8d 913 dump_packet(st,&st->buffer,&st->peer,False);
794f2398
SE		 914 st->comm->sendmsg(st->comm->st,&st->buffer,&st->peer);
915 BUF_FREE(&st->buffer);
916 return True;
917 }
918 return False;
919}
920
2fe58dfd
SE		 921/* We go into this state if our peer becomes uncommunicative. Similar to
922 the "stop" state, we forget all session keys for a while, before
923 re-entering the "run" state. */
924static void enter_state_wait(struct site *st)
925{
926 slog(st,LOG_STATE,"entering state WAIT");
927 st->timeout=st->now+st->wait_timeout;
928 st->state=SITE_WAIT;
9d3a4132 929 set_link_quality(st);
2fe58dfd
SE		 930 BUF_FREE(&st->buffer); /* will have had an outgoing packet in it */
931 /* XXX Erase keys etc. */
932}
933
16f73fa6 934static inline void site_settimeout(uint64_t timeout, int *timeout_io)
fe5e9cc4
SE		 935{
936 if (timeout) {
0009e60a
IJ		 937 int64_t offset=timeout-*now;
938 if (offset<0) offset=0;
fe5e9cc4
SE		 939 if (offset>INT_MAX) offset=INT_MAX;
940 if (*timeout_io<0 || offset<*timeout_io)
941 *timeout_io=offset;
942 }
943}
944
2fe58dfd 945static int site_beforepoll(void *sst, struct pollfd *fds, int *nfds_io,
90a39563 946 int *timeout_io)
2fe58dfd
SE		 947{
948 struct site *st=sst;
949
950 *nfds_io=0; /* We don't use any file descriptors */
951 st->now=*now;
952
953 /* Work out when our next timeout is. The earlier of 'timeout' or
954 'current_key_timeout'. A stored value of '0' indicates no timeout
955 active. */
16f73fa6
IJ		 956 site_settimeout(st->timeout, timeout_io);
957 site_settimeout(st->current_key_timeout, timeout_io);
2fe58dfd
SE		 958
959 return 0; /* success */
960}
961
962/* NB site_afterpoll will be called before site_beforepoll is ever called */
90a39563 963static void site_afterpoll(void *sst, struct pollfd *fds, int nfds)
2fe58dfd
SE		 964{
965 struct site *st=sst;
966
967 st->now=*now;
968 if (st->timeout && *now>st->timeout) {
2fe58dfd 969 st->timeout=0;
3b83c932
SE		 970 if (st->state>=SITE_SENTMSG1 && st->state<=SITE_SENTMSG5) {
971 if (!hacky_par_start_failnow())
972 send_msg(st);
973 } else if (st->state==SITE_WAIT) {
2fe58dfd
SE		 974 enter_state_run(st);
975 } else {
976 slog(st,LOG_ERROR,"site_afterpoll: unexpected timeout, state=%d",
977 st->state);
978 }
979 }
980 if (st->current_key_timeout && *now>st->current_key_timeout) {
794f2398 981 delete_key(st,"maximum key life exceeded",LOG_TIMEOUT_KEY);
2fe58dfd
SE		 982 }
983}
984
985/* This function is called by the netlink device to deliver packets
986 intended for the remote network. The packet is in "raw" wire
987 format, but is guaranteed to be word-aligned. */
469fd1d9 988static void site_outgoing(void *sst, struct buffer_if *buf)
2fe58dfd
SE		 989{
990 struct site *st=sst;
fe5e9cc4 991 cstring_t transform_err;
2fe58dfd
SE		 992
993 if (st->state==SITE_STOP) {
994 BUF_FREE(buf);
995 return;
996 }
997
998 /* In all other states we consider delivering the packet if we have
999 a valid key and a valid address to send it to. */
1000 if (st->current_valid && st->peer_valid) {
1001 /* Transform it and send it */
70dc107b
SE		 1002 if (buf->size>0) {
1003 buf_prepend_uint32(buf,LABEL_MSG9);
1004 st->current_transform->forwards(st->current_transform->st,
1005 buf, &transform_err);
1006 buf_prepend_uint32(buf,LABEL_MSG0);
58650a70 1007 buf_prepend_uint32(buf,st->index);
70dc107b
SE		 1008 buf_prepend_uint32(buf,st->remote_session_id);
1009 st->comm->sendmsg(st->comm->st,buf,&st->peer);
1010 }
2fe58dfd 1011 BUF_FREE(buf);
ff05a229
SE		 1012 /* See whether we should start negotiating a new key */
1013 if (st->now > st->renegotiate_key_time)
1014 initiate_key_setup(st,"outgoing packet in renegotiation window");
2fe58dfd
SE		 1015 return;
1016 }
1017
70dc107b 1018 slog(st,LOG_DROP,"discarding outgoing packet of size %d",buf->size);
2fe58dfd 1019 BUF_FREE(buf);
794f2398 1020 initiate_key_setup(st,"outgoing packet");
2fe58dfd
SE		 1021}
1022
1023/* This function is called by the communication device to deliver
1024 packets from our peers. */
1025static bool_t site_incoming(void *sst, struct buffer_if *buf,
a15faeb2 1026 const struct comm_addr *source)
2fe58dfd
SE		 1027{
1028 struct site *st=sst;
59635212 1029 uint32_t dest=ntohl(*(uint32_t *)buf->start);
2fe58dfd
SE		 1030
1031 if (dest==0) {
2fe58dfd
SE		 1032 /* It could be for any site - it should have LABEL_MSG1 and
1033 might have our name and our peer's name in it */
ff05a229 1034 if (buf->size<(st->setupsiglen+8+NONCELEN)) return False;
2fe58dfd 1035 if (memcmp(buf->start+8,st->setupsig,st->setupsiglen)==0) {
2fe58dfd 1036 /* It's addressed to us. Decide what to do about it. */
ff05a229 1037 dump_packet(st,buf,source,True);
2fe58dfd
SE		 1038 if (st->state==SITE_RUN || st->state==SITE_RESOLVE ||
1039 st->state==SITE_WAIT) {
1040 /* We should definitely process it */
1041 if (process_msg1(st,buf,source)) {
1042 slog(st,LOG_SETUP_INIT,"key setup initiated by peer");
ff05a229 1043 enter_new_state(st,SITE_SENTMSG2);
2fe58dfd
SE		 1044 } else {
1045 slog(st,LOG_ERROR,"failed to process incoming msg1");
1046 }
1047 BUF_FREE(buf);
1048 return True;
ff05a229 1049 } else if (st->state==SITE_SENTMSG1) {
2fe58dfd
SE		 1050 /* We've just sent a message 1! They may have crossed on
1051 the wire. If we have priority then we ignore the
1052 incoming one, otherwise we process it as usual. */
1053 if (st->setup_priority) {
1054 BUF_FREE(buf);
1055 slog(st,LOG_DUMP,"crossed msg1s; we are higher "
1056 "priority => ignore incoming msg1");
1057 return True;
1058 } else {
1059 slog(st,LOG_DUMP,"crossed msg1s; we are lower "
1060 "priority => use incoming msg1");
1061 if (process_msg1(st,buf,source)) {
1062 BUF_FREE(&st->buffer); /* Free our old message 1 */
ff05a229 1063 enter_new_state(st,SITE_SENTMSG2);
2fe58dfd
SE		 1064 } else {
1065 slog(st,LOG_ERROR,"failed to process an incoming "
1066 "crossed msg1 (we have low priority)");
1067 }
1068 BUF_FREE(buf);
1069 return True;
1070 }
1071 }
1072 /* The message 1 was received at an unexpected stage of the
1073 key setup. XXX POLICY - what do we do? */
1074 slog(st,LOG_UNEXPECTED,"unexpected incoming message 1");
1075 BUF_FREE(buf);
1076 return True;
1077 }
1078 return False; /* Not for us. */
1079 }
58650a70 1080 if (dest==st->index) {
2fe58dfd 1081 /* Explicitly addressed to us */
ff05a229 1082 uint32_t msgtype=ntohl(get_uint32(buf->start+8));
2fe58dfd
SE		 1083 if (msgtype!=LABEL_MSG0) dump_packet(st,buf,source,True);
1084 switch (msgtype) {
794f2398
SE		 1085 case 0: /* NAK */
1086 /* If the source is our current peer then initiate a key setup,
1087 because our peer's forgotten the key */
1088 if (get_uint32(buf->start+4)==st->remote_session_id) {
1089 initiate_key_setup(st,"received a NAK");
1090 } else {
1091 slog(st,LOG_SEC,"bad incoming NAK");
1092 }
1093 break;
2fe58dfd
SE		 1094 case LABEL_MSG0:
1095 process_msg0(st,buf,source);
1096 break;
1097 case LABEL_MSG1:
1098 /* Setup packet: should not have been explicitly addressed
1099 to us */
59635212 1100 slog(st,LOG_SEC,"incoming explicitly addressed msg1");
2fe58dfd
SE		 1101 break;
1102 case LABEL_MSG2:
1103 /* Setup packet: expected only in state SENTMSG1 */
1104 if (st->state!=SITE_SENTMSG1) {
1105 slog(st,LOG_UNEXPECTED,"unexpected MSG2");
1106 } else if (process_msg2(st,buf,source))
ff05a229 1107 enter_new_state(st,SITE_SENTMSG3);
2fe58dfd 1108 else {
59635212 1109 slog(st,LOG_SEC,"invalid MSG2");
2fe58dfd
SE		 1110 }
1111 break;
1112 case LABEL_MSG3:
1113 /* Setup packet: expected only in state SENTMSG2 */
1114 if (st->state!=SITE_SENTMSG2) {
1115 slog(st,LOG_UNEXPECTED,"unexpected MSG3");
1116 } else if (process_msg3(st,buf,source))
ff05a229 1117 enter_new_state(st,SITE_SENTMSG4);
2fe58dfd 1118 else {
59635212 1119 slog(st,LOG_SEC,"invalid MSG3");
2fe58dfd
SE		 1120 }
1121 break;
1122 case LABEL_MSG4:
1123 /* Setup packet: expected only in state SENTMSG3 */
1124 if (st->state!=SITE_SENTMSG3) {
1125 slog(st,LOG_UNEXPECTED,"unexpected MSG4");
1126 } else if (process_msg4(st,buf,source))
ff05a229 1127 enter_new_state(st,SITE_SENTMSG5);
2fe58dfd 1128 else {
59635212 1129 slog(st,LOG_SEC,"invalid MSG4");
2fe58dfd
SE		 1130 }
1131 break;
1132 case LABEL_MSG5:
4efd681a
SE		 1133 /* Setup packet: expected only in state SENTMSG4 */
1134 /* (may turn up in state RUN if our return MSG6 was lost
1135 and the new key has already been activated. In that
1136 case we should treat it as an ordinary PING packet. We
1137 can't pass it to process_msg5() because the
ff05a229 1138 new_transform will now be unkeyed. XXX) */
4efd681a 1139 if (st->state!=SITE_SENTMSG4) {
2fe58dfd
SE		 1140 slog(st,LOG_UNEXPECTED,"unexpected MSG5");
1141 } else if (process_msg5(st,buf,source)) {
ff05a229 1142 enter_new_state(st,SITE_RUN);
2fe58dfd 1143 } else {
59635212 1144 slog(st,LOG_SEC,"invalid MSG5");
2fe58dfd
SE		 1145 }
1146 break;
1147 case LABEL_MSG6:
1148 /* Setup packet: expected only in state SENTMSG5 */
1149 if (st->state!=SITE_SENTMSG5) {
1150 slog(st,LOG_UNEXPECTED,"unexpected MSG6");
1151 } else if (process_msg6(st,buf,source)) {
1152 BUF_FREE(&st->buffer); /* Free message 5 */
1153 activate_new_key(st);
1154 } else {
59635212 1155 slog(st,LOG_SEC,"invalid MSG6");
2fe58dfd
SE		 1156 }
1157 break;
2fe58dfd 1158 default:
59635212 1159 slog(st,LOG_SEC,"received message of unknown type 0x%08x",
2fe58dfd
SE		 1160 msgtype);
1161 break;
1162 }
1163 BUF_FREE(buf);
1164 return True;
1165 }
1166
1167 return False;
1168}
1169
1170static void site_control(void *vst, bool_t run)
1171{
1172 struct site *st=vst;
1173 if (run) enter_state_run(st);
1174 else enter_state_stop(st);
1175}
1176
794f2398
SE		 1177static void site_phase_hook(void *sst, uint32_t newphase)
1178{
1179 struct site *st=sst;
1180
1181 /* The program is shutting down; tell our peer */
1182 send_msg7(st,"shutting down");
1183}
1184
2fe58dfd
SE		 1185static list_t *site_apply(closure_t *self, struct cloc loc, dict_t *context,
1186 list_t *args)
1187{
58650a70 1188 static uint32_t index_sequence;
2fe58dfd
SE		 1189 struct site *st;
1190 item_t *item;
1191 dict_t *dict;
1192
1193 st=safe_malloc(sizeof(*st),"site_apply");
1194
1195 st->cl.description="site";
1196 st->cl.type=CL_SITE;
1197 st->cl.apply=NULL;
1198 st->cl.interface=&st->ops;
1199 st->ops.st=st;
1200 st->ops.control=site_control;
1201 st->ops.status=site_status;
1202
1203 /* First parameter must be a dict */
1204 item=list_elem(args,0);
1205 if (!item || item->type!=t_dict)
1206 cfgfatal(loc,"site","parameter must be a dictionary\n");
1207
1208 dict=item->data.dict;
558fa3fb
SE		 1209 st->localname=dict_read_string(dict, "local-name", True, "site", loc);
1210 st->remotename=dict_read_string(dict, "name", True, "site", loc);
1211 /* Sanity check (which also allows the 'sites' file to include
1212 site() closures for all sites including our own): refuse to
1213 talk to ourselves */
1214 if (strcmp(st->localname,st->remotename)==0) {
b2a56f7c 1215 Message(M_DEBUG,"site %s: local-name==name -> ignoring this site\n",
baa06aeb 1216 st->localname);
558fa3fb
SE		 1217 free(st);
1218 return NULL;
1219 }
58650a70
RK		 1220 assert(index_sequence < 0xffffffffUL);
1221 st->index = ++index_sequence;
469fd1d9 1222 st->netlink=find_cl_if(dict,"link",CL_NETLINK,True,"site",loc);
2fe58dfd
SE		 1223 st->comm=find_cl_if(dict,"comm",CL_COMM,True,"site",loc);
1224 st->resolver=find_cl_if(dict,"resolver",CL_RESOLVER,True,"site",loc);
1225 st->log=find_cl_if(dict,"log",CL_LOG,True,"site",loc);
1226 st->random=find_cl_if(dict,"random",CL_RANDOMSRC,True,"site",loc);
1227
2fe58dfd 1228 st->privkey=find_cl_if(dict,"local-key",CL_RSAPRIVKEY,True,"site",loc);
2fe58dfd 1229 st->address=dict_read_string(dict, "address", False, "site", loc);
3454dce4
SE		 1230 if (st->address)
1231 st->remoteport=dict_read_number(dict,"port",True,"site",loc,0);
1232 else st->remoteport=0;
2fe58dfd
SE		 1233 st->pubkey=find_cl_if(dict,"key",CL_RSAPUBKEY,True,"site",loc);
1234
1235 st->transform=
1236 find_cl_if(dict,"transform",CL_TRANSFORM,True,"site",loc);
1237
1238 st->dh=find_cl_if(dict,"dh",CL_DH,True,"site",loc);
1239 st->hash=find_cl_if(dict,"hash",CL_HASH,True,"site",loc);
1240
9d3a4132
SE		 1241 st->key_lifetime=dict_read_number(
1242 dict,"key-lifetime",False,"site",loc,DEFAULT_KEY_LIFETIME);
9d3a4132
SE		 1243 st->setup_retries=dict_read_number(
1244 dict,"setup-retries",False,"site",loc,DEFAULT_SETUP_RETRIES);
1245 st->setup_timeout=dict_read_number(
1246 dict,"setup-timeout",False,"site",loc,DEFAULT_SETUP_TIMEOUT);
1247 st->wait_timeout=dict_read_number(
1248 dict,"wait-time",False,"site",loc,DEFAULT_WAIT_TIME);
c27ca22f
IJ		 1249
1250 if (st->key_lifetime < DEFAULT_KEY_RENEGOTIATE_GAP*2)
1251 st->key_renegotiate_time=st->key_lifetime/2;
1252 else
1253 st->key_renegotiate_time=st->key_lifetime-DEFAULT_KEY_RENEGOTIATE_GAP;
9d3a4132 1254 st->key_renegotiate_time=dict_read_number(
cce0051f 1255 dict,"renegotiate-time",False,"site",loc,st->key_renegotiate_time);
9d3a4132
SE		 1256 if (st->key_renegotiate_time > st->key_lifetime) {
1257 cfgfatal(loc,"site",
1258 "renegotiate-time must be less than key-lifetime\n");
1259 }
9d3a4132
SE		 1260
1261 st->log_events=string_list_to_word(dict_lookup(dict,"log-events"),
1262 log_event_table,"site");
2fe58dfd 1263
4efd681a
SE		 1264 st->tunname=safe_malloc(strlen(st->localname)+strlen(st->remotename)+5,
1265 "site_apply");
1266 sprintf(st->tunname,"%s<->%s",st->localname,st->remotename);
1267
2fe58dfd 1268 /* The information we expect to see in incoming messages of type 1 */
59230b9b
IJ		 1269 /* fixme: lots of unchecked overflows here, but the results are only
1270 corrupted packets rather than undefined behaviour */
2fe58dfd
SE		 1271 st->setupsiglen=strlen(st->remotename)+strlen(st->localname)+8;
1272 st->setupsig=safe_malloc(st->setupsiglen,"site_apply");
8689b3a9
SE		 1273 put_uint32(st->setupsig+0,LABEL_MSG1);
1274 put_uint16(st->setupsig+4,strlen(st->remotename));
2fe58dfd 1275 memcpy(&st->setupsig[6],st->remotename,strlen(st->remotename));
8689b3a9 1276 put_uint16(st->setupsig+(6+strlen(st->remotename)),strlen(st->localname));
2fe58dfd
SE		 1277 memcpy(&st->setupsig[8+strlen(st->remotename)],st->localname,
1278 strlen(st->localname));
1279 st->setup_priority=(strcmp(st->localname,st->remotename)>0);
1280
1281 buffer_new(&st->buffer,SETUP_BUFFER_LEN);
1282
1283 /* We are interested in poll(), but only for timeouts. We don't have
1284 any fds of our own. */
1285 register_for_poll(st, site_beforepoll, site_afterpoll, 0, "site");
1286 st->timeout=0;
1287
1288 st->current_valid=False;
1289 st->current_key_timeout=0;
1290 st->peer_valid=False;
1291 /* XXX mlock these */
1292 st->dhsecret=safe_malloc(st->dh->len,"site:dhsecret");
1293 st->sharedsecret=safe_malloc(st->transform->keylen,"site:sharedsecret");
1294
1295 /* We need to register the remote networks with the netlink device */
469fd1d9 1296 st->netlink->reg(st->netlink->st, site_outgoing, st,
ff05a229
SE		 1297 st->transform->max_start_pad+(4*4)+
1298 st->comm->min_start_pad,
1299 st->transform->max_end_pad+st->comm->min_end_pad);
1300
2fe58dfd
SE		 1301 st->comm->request_notify(st->comm->st, st, site_incoming);
1302
1303 st->current_transform=st->transform->create(st->transform->st);
1304 st->new_transform=st->transform->create(st->transform->st);
1305
1306 enter_state_stop(st);
1307
794f2398
SE		 1308 add_hook(PHASE_SHUTDOWN,site_phase_hook,st);
1309
2fe58dfd
SE		 1310 return new_closure(&st->cl);
1311}
1312
2fe58dfd
SE		 1313void site_module(dict_t *dict)
1314{
1315 add_closure(dict,"site",site_apply);
1316}
Secnet virtual private network: clone of http://www.chiark.greenend.org.uk/ucgi/~ian/git/secnet.git/