~mdw / secnet / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
comm: Introduce comm_addr_to_string
[secnet] / site.c
1 /* site.c - manage communication with a remote network site */
2
3 /* The 'site' code doesn't know anything about the structure of the
4 packets it's transmitting. In fact, under the new netlink
5 configuration scheme it doesn't need to know anything at all about
6 IP addresses, except how to contact its peer. This means it could
7 potentially be used to tunnel other protocols too (IPv6, IPX, plain
8 old Ethernet frames) if appropriate netlink code can be written
9 (and that ought not to be too hard, eg. using the TUN/TAP device to
10 pretend to be an Ethernet interface). */
11
12 /* At some point in the future the netlink code will be asked for
13 configuration information to go in the PING/PONG packets at the end
14 of the key exchange. */
15
16 #include "secnet.h"
17 #include <stdio.h>
18 #include <string.h>
19 #include <limits.h>
20 #include <assert.h>
21 #include <sys/socket.h>
22
23 #include <sys/mman.h>
24 #include "util.h"
25 #include "unaligned.h"
26 #include "magic.h"
27
28 #define SETUP_BUFFER_LEN 2048
29
30 #define DEFAULT_KEY_LIFETIME (3600*1000) /* [ms] */
31 #define DEFAULT_KEY_RENEGOTIATE_GAP (5*60*1000) /* [ms] */
32 #define DEFAULT_SETUP_RETRIES 5
33 #define DEFAULT_SETUP_RETRY_INTERVAL (2*1000) /* [ms] */
34 #define DEFAULT_WAIT_TIME (20*1000) /* [ms] */
35
36 #define DEFAULT_MOBILE_KEY_LIFETIME (2*24*3600*1000) /* [ms] */
37 #define DEFAULT_MOBILE_KEY_RENEGOTIATE_GAP (12*3600*1000) /* [ms] */
38 #define DEFAULT_MOBILE_SETUP_RETRIES 30
39 #define DEFAULT_MOBILE_SETUP_RETRY_INTERVAL (1*1000) /* [ms] */
40 #define DEFAULT_MOBILE_WAIT_TIME (10*1000) /* [ms] */
41
42 #define DEFAULT_MOBILE_PEER_EXPIRY (2*60) /* [s] */
43 #define DEFAULT_MOBILE_PEERS_MAX 3 /* send at most this many copies (default) */
44
45 /* Each site can be in one of several possible states. */
46
47 /* States:
48 SITE_STOP - nothing is allowed to happen; tunnel is down;
49 all session keys have been erased
50 -> SITE_RUN upon external instruction
51 SITE_RUN - site up, maybe with valid key
52 -> SITE_RESOLVE upon outgoing packet and no valid key
53 we start name resolution for the other end of the tunnel
54 -> SITE_SENTMSG2 upon valid incoming message 1 and suitable time
55 we send an appropriate message 2
56 SITE_RESOLVE - waiting for name resolution
57 -> SITE_SENTMSG1 upon successful resolution
58 we send an appropriate message 1
59 -> SITE_SENTMSG2 upon valid incoming message 1 (then abort resolution)
60 we abort resolution and
61 -> SITE_WAIT on timeout or resolution failure
62 SITE_SENTMSG1
63 -> SITE_SENTMSG2 upon valid incoming message 1 from higher priority end
64 -> SITE_SENTMSG3 upon valid incoming message 2
65 -> SITE_WAIT on timeout
66 SITE_SENTMSG2
67 -> SITE_SENTMSG4 upon valid incoming message 3
68 -> SITE_WAIT on timeout
69 SITE_SENTMSG3
70 -> SITE_SENTMSG5 upon valid incoming message 4
71 -> SITE_WAIT on timeout
72 SITE_SENTMSG4
73 -> SITE_RUN upon valid incoming message 5
74 -> SITE_WAIT on timeout
75 SITE_SENTMSG5
76 -> SITE_RUN upon valid incoming message 6
77 -> SITE_WAIT on timeout
78 SITE_WAIT - failed to establish key; do nothing for a while
79 -> SITE_RUN on timeout
80 */
81
82 #define SITE_STOP 0
83 #define SITE_RUN 1
84 #define SITE_RESOLVE 2
85 #define SITE_SENTMSG1 3
86 #define SITE_SENTMSG2 4
87 #define SITE_SENTMSG3 5
88 #define SITE_SENTMSG4 6
89 #define SITE_SENTMSG5 7
90 #define SITE_WAIT 8
91
92 int32_t site_max_start_pad = 4*4;
93
94 static cstring_t state_name(uint32_t state)
95 {
96 switch (state) {
97 case 0: return "STOP";
98 case 1: return "RUN";
99 case 2: return "RESOLVE";
100 case 3: return "SENTMSG1";
101 case 4: return "SENTMSG2";
102 case 5: return "SENTMSG3";
103 case 6: return "SENTMSG4";
104 case 7: return "SENTMSG5";
105 case 8: return "WAIT";
106 default: return "*bad state*";
107 }
108 }
109
110 #define NONCELEN 8
111
112 #define LOG_UNEXPECTED 0x00000001
113 #define LOG_SETUP_INIT 0x00000002
114 #define LOG_SETUP_TIMEOUT 0x00000004
115 #define LOG_ACTIVATE_KEY 0x00000008
116 #define LOG_TIMEOUT_KEY 0x00000010
117 #define LOG_SEC 0x00000020
118 #define LOG_STATE 0x00000040
119 #define LOG_DROP 0x00000080
120 #define LOG_DUMP 0x00000100
121 #define LOG_ERROR 0x00000400
122 #define LOG_PEER_ADDRS 0x00000800
123
124 static struct flagstr log_event_table[]={
125 { "unexpected", LOG_UNEXPECTED },
126 { "setup-init", LOG_SETUP_INIT },
127 { "setup-timeout", LOG_SETUP_TIMEOUT },
128 { "activate-key", LOG_ACTIVATE_KEY },
129 { "timeout-key", LOG_TIMEOUT_KEY },
130 { "security", LOG_SEC },
131 { "state-change", LOG_STATE },
132 { "packet-drop", LOG_DROP },
133 { "dump-packets", LOG_DUMP },
134 { "errors", LOG_ERROR },
135 { "peer-addrs", LOG_PEER_ADDRS },
136 { "default", LOG_SETUP_INIT|LOG_SETUP_TIMEOUT|
137 LOG_ACTIVATE_KEY|LOG_TIMEOUT_KEY|LOG_SEC|LOG_ERROR },
138 { "all", 0xffffffff },
139 { NULL, 0 }
140 };
141
142
143 /***** TRANSPORT PEERS declarations *****/
144
145 /* Details of "mobile peer" semantics:
146
147 - We record mobile_peers_max peer address/port numbers ("peers")
148 for key setup, and separately mobile_peers_max for data
149 transfer. If these lists fill up, we retain the newest peers.
150 (For non-mobile peers we only record one of each.)
151
152 - Outgoing packets are sent to every recorded peer in the
153 applicable list.
154
155 - Data transfer peers are straightforward: whenever we successfully
156 process a data packet, we record the peer. Also, whenever we
157 successfully complete a key setup, we merge the key setup
158 peers into the data transfer peers.
159
160 (For "non-mobile" peers we simply copy the peer used for
161 successful key setup, and don't change the peer otherwise.)
162
163 - Key setup peers are slightly more complicated.
164
165 Whenever we receive and successfully process a key exchange
166 packet, we record the peer.
167
168 Whenever we try to initiate a key setup, we copy the list of data
169 transfer peers and use it for key setup. But we also look to see
170 if the config supplies an address and port number and if so we
171 add that as a key setup peer (possibly evicting one of the data
172 transfer peers we just copied).
173
174 (For "non-mobile" peers, if we if we have a configured peer
175 address and port, we always use that; otherwise if we have a
176 current data peer address we use that; otherwise we do not
177 attempt to initiate a key setup for lack of a peer address.)
178
179 "Record the peer" means
180 1. expire any peers last seen >120s ("mobile-peer-expiry") ago
181 2. add the peer of the just received packet to the applicable list
182 (possibly evicting older entries)
183 NB that we do not expire peers until an incoming packet arrives.
184
185 */
186
187 #define MAX_MOBILE_PEERS_MAX 5 /* send at most this many copies, compiled max */
188
189 typedef struct {
190 struct timeval last;
191 struct comm_addr addr;
192 } transport_peer;
193
194 typedef struct {
195 /* configuration information */
196 /* runtime information */
197 int npeers;
198 transport_peer peers[MAX_MOBILE_PEERS_MAX];
199 } transport_peers;
200
201 static void transport_peers_clear(struct site *st, transport_peers *peers);
202 static int transport_peers_valid(transport_peers *peers);
203 static void transport_peers_copy(struct site *st, transport_peers *dst,
204 const transport_peers *src);
205
206 static void transport_setup_msgok(struct site *st, const struct comm_addr *a);
207 static void transport_data_msgok(struct site *st, const struct comm_addr *a);
208 static bool_t transport_compute_setupinit_peers(struct site *st,
209 const struct comm_addr *configured_addr /* 0 if none or not found */,
210 const struct comm_addr *prod_hint_addr /* 0 if none */);
211 static void transport_record_peer(struct site *st, transport_peers *peers,
212 const struct comm_addr *addr, const char *m);
213
214 static void transport_xmit(struct site *st, transport_peers *peers,
215 struct buffer_if *buf, bool_t candebug);
216
217 /***** END of transport peers declarations *****/
218
219
220 struct data_key {
221 struct transform_inst_if *transform;
222 uint64_t key_timeout; /* End of life of current key */
223 uint32_t remote_session_id;
224 };
225
226 struct site {
227 closure_t cl;
228 struct site_if ops;
229 /* configuration information */
230 string_t localname;
231 string_t remotename;
232 bool_t peer_mobile; /* Mobile client support */
233 int32_t transport_peers_max;
234 string_t tunname; /* localname<->remotename by default, used in logs */
235 string_t address; /* DNS name for bootstrapping, optional */
236 int remoteport; /* Port for bootstrapping, optional */
237 uint32_t mtu_target;
238 struct netlink_if *netlink;
239 struct comm_if **comms;
240 int ncomms;
241 struct resolver_if *resolver;
242 struct log_if *log;
243 struct random_if *random;
244 struct rsaprivkey_if *privkey;
245 struct rsapubkey_if *pubkey;
246 struct transform_if **transforms;
247 int ntransforms;
248 struct dh_if *dh;
249 struct hash_if *hash;
250
251 uint32_t index; /* Index of this site */
252 uint32_t local_capabilities;
253 int32_t setup_retries; /* How many times to send setup packets */
254 int32_t setup_retry_interval; /* Initial timeout for setup packets */
255 int32_t wait_timeout; /* How long to wait if setup unsuccessful */
256 int32_t mobile_peer_expiry; /* How long to remember 2ary addresses */
257 int32_t key_lifetime; /* How long a key lasts once set up */
258 int32_t key_renegotiate_time; /* If we see traffic (or a keepalive)
259 after this time, initiate a new
260 key exchange */
261
262 bool_t setup_priority; /* Do we have precedence if both sites emit
263 message 1 simultaneously? */
264 uint32_t log_events;
265
266 /* runtime information */
267 uint32_t state;
268 uint64_t now; /* Most recently seen time */
269 bool_t allow_send_prod;
270
271 /* The currently established session */
272 struct data_key current;
273 struct data_key auxiliary_key;
274 bool_t auxiliary_is_new;
275 uint64_t renegotiate_key_time; /* When we can negotiate a new key */
276 uint64_t auxiliary_renegotiate_key_time;
277 transport_peers peers; /* Current address(es) of peer for data traffic */
278
279 /* The current key setup protocol exchange. We can only be
280 involved in one of these at a time. There's a potential for
281 denial of service here (the attacker keeps sending a setup
282 packet; we keep trying to continue the exchange, and have to
283 timeout before we can listen for another setup packet); perhaps
284 we should keep a list of 'bad' sources for setup packets. */
285 uint32_t remote_capabilities;
286 uint16_t remote_adv_mtu;
287 struct transform_if *chosen_transform;
288 uint32_t setup_session_id;
289 transport_peers setup_peers;
290 uint8_t localN[NONCELEN]; /* Nonces for key exchange */
291 uint8_t remoteN[NONCELEN];
292 struct buffer_if buffer; /* Current outgoing key exchange packet */
293 struct buffer_if scratch;
294 int32_t retries; /* Number of retries remaining */
295 uint64_t timeout; /* Timeout for current state */
296 uint8_t *dhsecret;
297 uint8_t *sharedsecret;
298 uint32_t sharedsecretlen, sharedsecretallocd;
299 struct transform_inst_if *new_transform; /* For key setup/verify */
300 };
301
302 static uint32_t event_log_priority(struct site *st, uint32_t event)
303 {
304 if (!(event&st->log_events))
305 return 0;
306 switch(event) {
307 case LOG_UNEXPECTED: return M_INFO;
308 case LOG_SETUP_INIT: return M_INFO;
309 case LOG_SETUP_TIMEOUT: return M_NOTICE;
310 case LOG_ACTIVATE_KEY: return M_INFO;
311 case LOG_TIMEOUT_KEY: return M_INFO;
312 case LOG_SEC: return M_SECURITY;
313 case LOG_STATE: return M_DEBUG;
314 case LOG_DROP: return M_DEBUG;
315 case LOG_DUMP: return M_DEBUG;
316 case LOG_ERROR: return M_ERR;
317 case LOG_PEER_ADDRS: return M_DEBUG;
318 default: return M_ERR;
319 }
320 }
321
322 static void vslog(struct site *st, uint32_t event, cstring_t msg, va_list ap)
323 FORMAT(printf,3,0);
324 static void vslog(struct site *st, uint32_t event, cstring_t msg, va_list ap)
325 {
326 uint32_t class;
327
328 class=event_log_priority(st, event);
329 if (class) {
330 slilog_part(st->log,class,"%s: ",st->tunname);
331 vslilog_part(st->log,class,msg,ap);
332 slilog_part(st->log,class,"\n");
333 }
334 }
335
336 static void slog(struct site *st, uint32_t event, cstring_t msg, ...)
337 FORMAT(printf,3,4);
338 static void slog(struct site *st, uint32_t event, cstring_t msg, ...)
339 {
340 va_list ap;
341 va_start(ap,msg);
342 vslog(st,event,msg,ap);
343 va_end(ap);
344 }
345
346 static void logtimeout(struct site *st, const char *fmt, ...)
347 FORMAT(printf,2,3);
348 static void logtimeout(struct site *st, const char *fmt, ...)
349 {
350 va_list ap;
351 va_start(ap,fmt);
352 vslog(st,LOG_SETUP_TIMEOUT,fmt,ap);
353 va_end(ap);
354 }
355
356 static void set_link_quality(struct site *st);
357 static void delete_keys(struct site *st, cstring_t reason, uint32_t loglevel);
358 static void delete_one_key(struct site *st, struct data_key *key,
359 const char *reason /* may be 0 meaning don't log*/,
360 const char *which /* ignored if !reasonn */,
361 uint32_t loglevel /* ignored if !reasonn */);
362 static bool_t initiate_key_setup(struct site *st, cstring_t reason,
363 const struct comm_addr *prod_hint);
364 static void enter_state_run(struct site *st);
365 static bool_t enter_state_resolve(struct site *st);
366 static bool_t enter_new_state(struct site *st,uint32_t next);
367 static void enter_state_wait(struct site *st);
368 static void activate_new_key(struct site *st);
369
370 static bool_t is_transform_valid(struct transform_inst_if *transform)
371 {
372 return transform && transform->valid(transform->st);
373 }
374
375 static bool_t current_valid(struct site *st)
376 {
377 return is_transform_valid(st->current.transform);
378 }
379
380 #define DEFINE_CALL_TRANSFORM(fwdrev) \
381 static int call_transform_##fwdrev(struct site *st, \
382 struct transform_inst_if *transform, \
383 struct buffer_if *buf, \
384 const char **errmsg) \
385 { \
386 if (!is_transform_valid(transform)) { \
387 *errmsg="transform not set up"; \
388 return 1; \
389 } \
390 return transform->fwdrev(transform->st,buf,errmsg); \
391 }
392
393 DEFINE_CALL_TRANSFORM(forwards)
394 DEFINE_CALL_TRANSFORM(reverse)
395
396 static void dispose_transform(struct transform_inst_if **transform_var)
397 {
398 struct transform_inst_if *transform=*transform_var;
399 if (transform) {
400 transform->delkey(transform->st);
401 transform->destroy(transform->st);
402 }
403 *transform_var = 0;
404 }
405
406 #define CHECK_AVAIL(b,l) do { if ((b)->size<(l)) return False; } while(0)
407 #define CHECK_EMPTY(b) do { if ((b)->size!=0) return False; } while(0)
408 #define CHECK_TYPE(b,t) do { uint32_t type; \
409 CHECK_AVAIL((b),4); \
410 type=buf_unprepend_uint32((b)); \
411 if (type!=(t)) return False; } while(0)
412
413 static _Bool type_is_msg34(uint32_t type)
414 {
415 return
416 type == LABEL_MSG3 ||
417 type == LABEL_MSG3BIS ||
418 type == LABEL_MSG4;
419 }
420
421 struct parsedname {
422 int32_t len;
423 uint8_t *name;
424 struct buffer_if extrainfo;
425 };
426
427 struct msg {
428 uint8_t *hashstart;
429 uint32_t dest;
430 uint32_t source;
431 struct parsedname remote;
432 struct parsedname local;
433 uint32_t remote_capabilities;
434 uint16_t remote_mtu;
435 int capab_transformnum;
436 uint8_t *nR;
437 uint8_t *nL;
438 int32_t pklen;
439 char *pk;
440 int32_t hashlen;
441 int32_t siglen;
442 char *sig;
443 };
444
445 static void set_new_transform(struct site *st, char *pk)
446 {
447 /* Make room for the shared key */
448 st->sharedsecretlen=st->chosen_transform->keylen?:st->dh->ceil_len;
449 assert(st->sharedsecretlen);
450 if (st->sharedsecretlen > st->sharedsecretallocd) {
451 st->sharedsecretallocd=st->sharedsecretlen;
452 st->sharedsecret=realloc(st->sharedsecret,st->sharedsecretallocd);
453 }
454 if (!st->sharedsecret) fatal_perror("site:sharedsecret");
455
456 /* Generate the shared key */
457 st->dh->makeshared(st->dh->st,st->dhsecret,st->dh->len,pk,
458 st->sharedsecret,st->sharedsecretlen);
459
460 /* Set up the transform */
461 struct transform_if *generator=st->chosen_transform;
462 struct transform_inst_if *generated=generator->create(generator->st);
463 generated->setkey(generated->st,st->sharedsecret,
464 st->sharedsecretlen,st->setup_priority);
465 dispose_transform(&st->new_transform);
466 st->new_transform=generated;
467
468 slog(st,LOG_SETUP_INIT,"key exchange negotiated transform"
469 " %d (capabilities ours=%#"PRIx32" theirs=%#"PRIx32")",
470 st->chosen_transform->capab_transformnum,
471 st->local_capabilities, st->remote_capabilities);
472 }
473
474 struct xinfoadd {
475 int32_t lenpos, afternul;
476 };
477 static void append_string_xinfo_start(struct buffer_if *buf,
478 struct xinfoadd *xia,
479 const char *str)
480 /* Helps construct one of the names with additional info as found
481 * in MSG1..4. Call this function first, then append all the
482 * desired extra info (not including the nul byte) to the buffer,
483 * then call append_string_xinfo_done. */
484 {
485 xia->lenpos = buf->size;
486 buf_append_string(buf,str);
487 buf_append_uint8(buf,0);
488 xia->afternul = buf->size;
489 }
490 static void append_string_xinfo_done(struct buffer_if *buf,
491 struct xinfoadd *xia)
492 {
493 /* we just need to adjust the string length */
494 if (buf->size == xia->afternul) {
495 /* no extra info, strip the nul too */
496 buf_unappend_uint8(buf);
497 } else {
498 put_uint16(buf->start+xia->lenpos, buf->size-(xia->lenpos+2));
499 }
500 }
501
502 /* Build any of msg1 to msg4. msg5 and msg6 are built from the inside
503 out using a transform of config data supplied by netlink */
504 static bool_t generate_msg(struct site *st, uint32_t type, cstring_t what)
505 {
506 void *hst;
507 uint8_t *hash;
508 string_t dhpub, sig;
509
510 st->retries=st->setup_retries;
511 BUF_ALLOC(&st->buffer,what);
512 buffer_init(&st->buffer,0);
513 buf_append_uint32(&st->buffer,
514 (type==LABEL_MSG1?0:st->setup_session_id));
515 buf_append_uint32(&st->buffer,st->index);
516 buf_append_uint32(&st->buffer,type);
517
518 struct xinfoadd xia;
519 append_string_xinfo_start(&st->buffer,&xia,st->localname);
520 if ((st->local_capabilities & CAPAB_EARLY) || (type != LABEL_MSG1)) {
521 buf_append_uint32(&st->buffer,st->local_capabilities);
522 }
523 if (type_is_msg34(type)) {
524 buf_append_uint16(&st->buffer,st->mtu_target);
525 }
526 append_string_xinfo_done(&st->buffer,&xia);
527
528 buf_append_string(&st->buffer,st->remotename);
529 memcpy(buf_append(&st->buffer,NONCELEN),st->localN,NONCELEN);
530 if (type==LABEL_MSG1) return True;
531 memcpy(buf_append(&st->buffer,NONCELEN),st->remoteN,NONCELEN);
532 if (type==LABEL_MSG2) return True;
533
534 if (hacky_par_mid_failnow()) return False;
535
536 if (type==LABEL_MSG3BIS)
537 buf_append_uint8(&st->buffer,st->chosen_transform->capab_transformnum);
538
539 dhpub=st->dh->makepublic(st->dh->st,st->dhsecret,st->dh->len);
540 buf_append_string(&st->buffer,dhpub);
541 free(dhpub);
542 hash=safe_malloc(st->hash->len, "generate_msg");
543 hst=st->hash->init();
544 st->hash->update(hst,st->buffer.start,st->buffer.size);
545 st->hash->final(hst,hash);
546 sig=st->privkey->sign(st->privkey->st,hash,st->hash->len);
547 buf_append_string(&st->buffer,sig);
548 free(sig);
549 free(hash);
550 return True;
551 }
552
553 static bool_t unpick_name(struct buffer_if *msg, struct parsedname *nm)
554 {
555 CHECK_AVAIL(msg,2);
556 nm->len=buf_unprepend_uint16(msg);
557 CHECK_AVAIL(msg,nm->len);
558 nm->name=buf_unprepend(msg,nm->len);
559 uint8_t *nul=memchr(nm->name,0,nm->len);
560 if (!nul) {
561 buffer_readonly_view(&nm->extrainfo,0,0);
562 } else {
563 buffer_readonly_view(&nm->extrainfo, nul+1, msg->start-(nul+1));
564 nm->len=nul-nm->name;
565 }
566 return True;
567 }
568
569 static bool_t unpick_msg(struct site *st, uint32_t type,
570 struct buffer_if *msg, struct msg *m)
571 {
572 m->capab_transformnum=-1;
573 m->hashstart=msg->start;
574 CHECK_AVAIL(msg,4);
575 m->dest=buf_unprepend_uint32(msg);
576 CHECK_AVAIL(msg,4);
577 m->source=buf_unprepend_uint32(msg);
578 CHECK_TYPE(msg,type);
579 if (!unpick_name(msg,&m->remote)) return False;
580 m->remote_capabilities=0;
581 m->remote_mtu=0;
582 if (m->remote.extrainfo.size) {
583 CHECK_AVAIL(&m->remote.extrainfo,4);
584 m->remote_capabilities=buf_unprepend_uint32(&m->remote.extrainfo);
585 }
586 if (type_is_msg34(type) && m->remote.extrainfo.size) {
587 CHECK_AVAIL(&m->remote.extrainfo,2);
588 m->remote_mtu=buf_unprepend_uint16(&m->remote.extrainfo);
589 }
590 if (!unpick_name(msg,&m->local)) return False;
591 if (type==LABEL_PROD) {
592 CHECK_EMPTY(msg);
593 return True;
594 }
595 CHECK_AVAIL(msg,NONCELEN);
596 m->nR=buf_unprepend(msg,NONCELEN);
597 if (type==LABEL_MSG1) {
598 CHECK_EMPTY(msg);
599 return True;
600 }
601 CHECK_AVAIL(msg,NONCELEN);
602 m->nL=buf_unprepend(msg,NONCELEN);
603 if (type==LABEL_MSG2) {
604 CHECK_EMPTY(msg);
605 return True;
606 }
607 if (type==LABEL_MSG3BIS) {
608 CHECK_AVAIL(msg,1);
609 m->capab_transformnum = buf_unprepend_uint8(msg);
610 } else {
611 m->capab_transformnum = CAPAB_TRANSFORMNUM_ANCIENT;
612 }
613 CHECK_AVAIL(msg,2);
614 m->pklen=buf_unprepend_uint16(msg);
615 CHECK_AVAIL(msg,m->pklen);
616 m->pk=buf_unprepend(msg,m->pklen);
617 m->hashlen=msg->start-m->hashstart;
618 CHECK_AVAIL(msg,2);
619 m->siglen=buf_unprepend_uint16(msg);
620 CHECK_AVAIL(msg,m->siglen);
621 m->sig=buf_unprepend(msg,m->siglen);
622 CHECK_EMPTY(msg);
623 return True;
624 }
625
626 static bool_t name_matches(const struct parsedname *nm, const char *expected)
627 {
628 int expected_len=strlen(expected);
629 return
630 nm->len == expected_len &&
631 !memcmp(nm->name, expected, expected_len);
632 }
633
634 static bool_t check_msg(struct site *st, uint32_t type, struct msg *m,
635 cstring_t *error)
636 {
637 if (type==LABEL_MSG1) return True;
638
639 /* Check that the site names and our nonce have been sent
640 back correctly, and then store our peer's nonce. */
641 if (!name_matches(&m->remote,st->remotename)) {
642 *error="wrong remote site name";
643 return False;
644 }
645 if (!name_matches(&m->local,st->localname)) {
646 *error="wrong local site name";
647 return False;
648 }
649 if (memcmp(m->nL,st->localN,NONCELEN)!=0) {
650 *error="wrong locally-generated nonce";
651 return False;
652 }
653 if (type==LABEL_MSG2) return True;
654 if (!consttime_memeq(m->nR,st->remoteN,NONCELEN)!=0) {
655 *error="wrong remotely-generated nonce";
656 return False;
657 }
658 /* MSG3 has complicated rules about capabilities, which are
659 * handled in process_msg3. */
660 if (type==LABEL_MSG3 || type==LABEL_MSG3BIS) return True;
661 if (m->remote_capabilities!=st->remote_capabilities) {
662 *error="remote capabilities changed";
663 return False;
664 }
665 if (type==LABEL_MSG4) return True;
666 *error="unknown message type";
667 return False;
668 }
669
670 static bool_t generate_msg1(struct site *st)
671 {
672 st->random->generate(st->random->st,NONCELEN,st->localN);
673 return generate_msg(st,LABEL_MSG1,"site:MSG1");
674 }
675
676 static bool_t process_msg1(struct site *st, struct buffer_if *msg1,
677 const struct comm_addr *src, struct msg *m)
678 {
679 /* We've already determined we're in an appropriate state to
680 process an incoming MSG1, and that the MSG1 has correct values
681 of A and B. */
682
683 transport_record_peer(st,&st->setup_peers,src,"msg1");
684 st->setup_session_id=m->source;
685 st->remote_capabilities=m->remote_capabilities;
686 memcpy(st->remoteN,m->nR,NONCELEN);
687 return True;
688 }
689
690 static bool_t generate_msg2(struct site *st)
691 {
692 st->random->generate(st->random->st,NONCELEN,st->localN);
693 return generate_msg(st,LABEL_MSG2,"site:MSG2");
694 }
695
696 static bool_t process_msg2(struct site *st, struct buffer_if *msg2,
697 const struct comm_addr *src)
698 {
699 struct msg m;
700 cstring_t err;
701
702 if (!unpick_msg(st,LABEL_MSG2,msg2,&m)) return False;
703 if (!check_msg(st,LABEL_MSG2,&m,&err)) {
704 slog(st,LOG_SEC,"msg2: %s",err);
705 return False;
706 }
707 st->setup_session_id=m.source;
708 st->remote_capabilities=m.remote_capabilities;
709
710 /* Select the transform to use */
711
712 uint32_t remote_transforms = st->remote_capabilities & CAPAB_TRANSFORM_MASK;
713 if (!remote_transforms)
714 /* old secnets only had this one transform */
715 remote_transforms = 1UL << CAPAB_TRANSFORMNUM_ANCIENT;
716
717 struct transform_if *ti;
718 int i;
719 for (i=0; i<st->ntransforms; i++) {
720 ti=st->transforms[i];
721 if ((1UL << ti->capab_transformnum) & remote_transforms)
722 goto transform_found;
723 }
724 slog(st,LOG_ERROR,"no transforms in common"
725 " (us %#"PRIx32"; them: %#"PRIx32")",
726 st->local_capabilities & CAPAB_TRANSFORM_MASK,
727 remote_transforms);
728 return False;
729 transform_found:
730 st->chosen_transform=ti;
731
732 memcpy(st->remoteN,m.nR,NONCELEN);
733 return True;
734 }
735
736 static bool_t generate_msg3(struct site *st)
737 {
738 /* Now we have our nonce and their nonce. Think of a secret key,
739 and create message number 3. */
740 st->random->generate(st->random->st,st->dh->len,st->dhsecret);
741 return generate_msg(st,
742 (st->remote_capabilities & CAPAB_TRANSFORM_MASK
743 ? LABEL_MSG3BIS : LABEL_MSG3),
744 "site:MSG3");
745 }
746
747 static bool_t process_msg3_msg4(struct site *st, struct msg *m)
748 {
749 uint8_t *hash;
750 void *hst;
751
752 /* Check signature and store g^x mod m */
753 hash=safe_malloc(st->hash->len, "process_msg3_msg4");
754 hst=st->hash->init();
755 st->hash->update(hst,m->hashstart,m->hashlen);
756 st->hash->final(hst,hash);
757 /* Terminate signature with a '0' - cheating, but should be ok */
758 m->sig[m->siglen]=0;
759 if (!st->pubkey->check(st->pubkey->st,hash,st->hash->len,m->sig)) {
760 slog(st,LOG_SEC,"msg3/msg4 signature failed check!");
761 free(hash);
762 return False;
763 }
764 free(hash);
765
766 st->remote_adv_mtu=m->remote_mtu;
767
768 return True;
769 }
770
771 static bool_t process_msg3(struct site *st, struct buffer_if *msg3,
772 const struct comm_addr *src, uint32_t msgtype)
773 {
774 struct msg m;
775 cstring_t err;
776
777 assert(msgtype==LABEL_MSG3 || msgtype==LABEL_MSG3BIS);
778
779 if (!unpick_msg(st,msgtype,msg3,&m)) return False;
780 if (!check_msg(st,msgtype,&m,&err)) {
781 slog(st,LOG_SEC,"msg3: %s",err);
782 return False;
783 }
784 uint32_t capab_adv_late = m.remote_capabilities
785 & ~st->remote_capabilities & CAPAB_EARLY;
786 if (capab_adv_late) {
787 slog(st,LOG_SEC,"msg3 impermissibly adds early capability flag(s)"
788 " %#"PRIx32" (was %#"PRIx32", now %#"PRIx32")",
789 capab_adv_late, st->remote_capabilities, m.remote_capabilities);
790 return False;
791 }
792 st->remote_capabilities|=m.remote_capabilities;
793
794 struct transform_if *ti;
795 int i;
796 for (i=0; i<st->ntransforms; i++) {
797 ti=st->transforms[i];
798 if (ti->capab_transformnum == m.capab_transformnum)
799 goto transform_found;
800 }
801 slog(st,LOG_SEC,"peer chose unknown-to-us transform %d!",
802 m.capab_transformnum);
803 return False;
804 transform_found:
805 st->chosen_transform=ti;
806
807 if (!process_msg3_msg4(st,&m))
808 return False;
809
810 /* Terminate their DH public key with a '0' */
811 m.pk[m.pklen]=0;
812 /* Invent our DH secret key */
813 st->random->generate(st->random->st,st->dh->len,st->dhsecret);
814
815 /* Generate the shared key and set up the transform */
816 set_new_transform(st,m.pk);
817
818 return True;
819 }
820
821 static bool_t generate_msg4(struct site *st)
822 {
823 /* We have both nonces, their public key and our private key. Generate
824 our public key, sign it and send it to them. */
825 return generate_msg(st,LABEL_MSG4,"site:MSG4");
826 }
827
828 static bool_t process_msg4(struct site *st, struct buffer_if *msg4,
829 const struct comm_addr *src)
830 {
831 struct msg m;
832 cstring_t err;
833
834 if (!unpick_msg(st,LABEL_MSG4,msg4,&m)) return False;
835 if (!check_msg(st,LABEL_MSG4,&m,&err)) {
836 slog(st,LOG_SEC,"msg4: %s",err);
837 return False;
838 }
839
840 if (!process_msg3_msg4(st,&m))
841 return False;
842
843 /* Terminate their DH public key with a '0' */
844 m.pk[m.pklen]=0;
845
846 /* Generate the shared key and set up the transform */
847 set_new_transform(st,m.pk);
848
849 return True;
850 }
851
852 struct msg0 {
853 uint32_t dest;
854 uint32_t source;
855 uint32_t type;
856 };
857
858 static bool_t unpick_msg0(struct site *st, struct buffer_if *msg0,
859 struct msg0 *m)
860 {
861 CHECK_AVAIL(msg0,4);
862 m->dest=buf_unprepend_uint32(msg0);
863 CHECK_AVAIL(msg0,4);
864 m->source=buf_unprepend_uint32(msg0);
865 CHECK_AVAIL(msg0,4);
866 m->type=buf_unprepend_uint32(msg0);
867 return True;
868 /* Leaves transformed part of buffer untouched */
869 }
870
871 static bool_t generate_msg5(struct site *st)
872 {
873 cstring_t transform_err;
874
875 BUF_ALLOC(&st->buffer,"site:MSG5");
876 /* We are going to add four words to the message */
877 buffer_init(&st->buffer,calculate_max_start_pad());
878 /* Give the netlink code an opportunity to put its own stuff in the
879 message (configuration information, etc.) */
880 buf_prepend_uint32(&st->buffer,LABEL_MSG5);
881 if (call_transform_forwards(st,st->new_transform,
882 &st->buffer,&transform_err))
883 return False;
884 buf_prepend_uint32(&st->buffer,LABEL_MSG5);
885 buf_prepend_uint32(&st->buffer,st->index);
886 buf_prepend_uint32(&st->buffer,st->setup_session_id);
887
888 st->retries=st->setup_retries;
889 return True;
890 }
891
892 static bool_t process_msg5(struct site *st, struct buffer_if *msg5,
893 const struct comm_addr *src,
894 struct transform_inst_if *transform)
895 {
896 struct msg0 m;
897 cstring_t transform_err;
898
899 if (!unpick_msg0(st,msg5,&m)) return False;
900
901 if (call_transform_reverse(st,transform,msg5,&transform_err)) {
902 /* There's a problem */
903 slog(st,LOG_SEC,"process_msg5: transform: %s",transform_err);
904 return False;
905 }
906 /* Buffer should now contain untransformed PING packet data */
907 CHECK_AVAIL(msg5,4);
908 if (buf_unprepend_uint32(msg5)!=LABEL_MSG5) {
909 slog(st,LOG_SEC,"MSG5/PING packet contained wrong label");
910 return False;
911 }
912 /* Older versions of secnet used to write some config data here
913 * which we ignore. So we don't CHECK_EMPTY */
914 return True;
915 }
916
917 static void create_msg6(struct site *st, struct transform_inst_if *transform,
918 uint32_t session_id)
919 {
920 cstring_t transform_err;
921
922 BUF_ALLOC(&st->buffer,"site:MSG6");
923 /* We are going to add four words to the message */
924 buffer_init(&st->buffer,calculate_max_start_pad());
925 /* Give the netlink code an opportunity to put its own stuff in the
926 message (configuration information, etc.) */
927 buf_prepend_uint32(&st->buffer,LABEL_MSG6);
928 int problem = call_transform_forwards(st,transform,
929 &st->buffer,&transform_err);
930 assert(!problem);
931 buf_prepend_uint32(&st->buffer,LABEL_MSG6);
932 buf_prepend_uint32(&st->buffer,st->index);
933 buf_prepend_uint32(&st->buffer,session_id);
934 }
935
936 static bool_t generate_msg6(struct site *st)
937 {
938 if (!is_transform_valid(st->new_transform))
939 return False;
940 create_msg6(st,st->new_transform,st->setup_session_id);
941 st->retries=1; /* Peer will retransmit MSG5 if this packet gets lost */
942 return True;
943 }
944
945 static bool_t process_msg6(struct site *st, struct buffer_if *msg6,
946 const struct comm_addr *src)
947 {
948 struct msg0 m;
949 cstring_t transform_err;
950
951 if (!unpick_msg0(st,msg6,&m)) return False;
952
953 if (call_transform_reverse(st,st->new_transform,msg6,&transform_err)) {
954 /* There's a problem */
955 slog(st,LOG_SEC,"process_msg6: transform: %s",transform_err);
956 return False;
957 }
958 /* Buffer should now contain untransformed PING packet data */
959 CHECK_AVAIL(msg6,4);
960 if (buf_unprepend_uint32(msg6)!=LABEL_MSG6) {
961 slog(st,LOG_SEC,"MSG6/PONG packet contained invalid data");
962 return False;
963 }
964 /* Older versions of secnet used to write some config data here
965 * which we ignore. So we don't CHECK_EMPTY */
966 return True;
967 }
968
969 static bool_t decrypt_msg0(struct site *st, struct buffer_if *msg0,
970 const struct comm_addr *src)
971 {
972 cstring_t transform_err, auxkey_err, newkey_err="n/a";
973 struct msg0 m;
974 uint32_t problem;
975
976 if (!unpick_msg0(st,msg0,&m)) return False;
977
978 /* Keep a copy so we can try decrypting it with multiple keys */
979 buffer_copy(&st->scratch, msg0);
980
981 problem = call_transform_reverse(st,st->current.transform,
982 msg0,&transform_err);
983 if (!problem) {
984 if (!st->auxiliary_is_new)
985 delete_one_key(st,&st->auxiliary_key,
986 "peer has used new key","auxiliary key",LOG_SEC);
987 return True;
988 }
989 if (problem==2)
990 goto skew;
991
992 buffer_copy(msg0, &st->scratch);
993 problem = call_transform_reverse(st,st->auxiliary_key.transform,
994 msg0,&auxkey_err);
995 if (problem==0) {
996 slog(st,LOG_DROP,"processing packet which uses auxiliary key");
997 if (st->auxiliary_is_new) {
998 /* We previously timed out in state SENTMSG5 but it turns
999 * out that our peer did in fact get our MSG5 and is
1000 * using the new key. So we should switch to it too. */
1001 /* This is a bit like activate_new_key. */
1002 struct data_key t;
1003 t=st->current;
1004 st->current=st->auxiliary_key;
1005 st->auxiliary_key=t;
1006
1007 delete_one_key(st,&st->auxiliary_key,"peer has used new key",
1008 "previous key",LOG_SEC);
1009 st->auxiliary_is_new=0;
1010 st->renegotiate_key_time=st->auxiliary_renegotiate_key_time;
1011 }
1012 return True;
1013 }
1014 if (problem==2)
1015 goto skew;
1016
1017 if (st->state==SITE_SENTMSG5) {
1018 buffer_copy(msg0, &st->scratch);
1019 problem = call_transform_reverse(st,st->new_transform,
1020 msg0,&newkey_err);
1021 if (!problem) {
1022 /* It looks like we didn't get the peer's MSG6 */
1023 /* This is like a cut-down enter_new_state(SITE_RUN) */
1024 slog(st,LOG_STATE,"will enter state RUN (MSG0 with new key)");
1025 BUF_FREE(&st->buffer);
1026 st->timeout=0;
1027 activate_new_key(st);
1028 return True; /* do process the data in this packet */
1029 }
1030 if (problem==2)
1031 goto skew;
1032 }
1033
1034 slog(st,LOG_SEC,"transform: %s (aux: %s, new: %s)",
1035 transform_err,auxkey_err,newkey_err);
1036 initiate_key_setup(st,"incoming message would not decrypt",0);
1037 send_nak(src,m.dest,m.source,m.type,msg0,"message would not decrypt");
1038 return False;
1039
1040 skew:
1041 slog(st,LOG_DROP,"transform: %s (merely skew)",transform_err);
1042 return False;
1043 }
1044
1045 static bool_t process_msg0(struct site *st, struct buffer_if *msg0,
1046 const struct comm_addr *src)
1047 {
1048 uint32_t type;
1049
1050 if (!decrypt_msg0(st,msg0,src))
1051 return False;
1052
1053 CHECK_AVAIL(msg0,4);
1054 type=buf_unprepend_uint32(msg0);
1055 switch(type) {
1056 case LABEL_MSG7:
1057 /* We must forget about the current session. */
1058 delete_keys(st,"request from peer",LOG_SEC);
1059 return True;
1060 case LABEL_MSG9:
1061 /* Deliver to netlink layer */
1062 st->netlink->deliver(st->netlink->st,msg0);
1063 transport_data_msgok(st,src);
1064 /* See whether we should start negotiating a new key */
1065 if (st->now > st->renegotiate_key_time)
1066 initiate_key_setup(st,"incoming packet in renegotiation window",0);
1067 return True;
1068 default:
1069 slog(st,LOG_SEC,"incoming encrypted message of type %08x "
1070 "(unknown)",type);
1071 break;
1072 }
1073 return False;
1074 }
1075
1076 static void dump_packet(struct site *st, struct buffer_if *buf,
1077 const struct comm_addr *addr, bool_t incoming)
1078 {
1079 uint32_t dest=get_uint32(buf->start);
1080 uint32_t source=get_uint32(buf->start+4);
1081 uint32_t msgtype=get_uint32(buf->start+8);
1082
1083 if (st->log_events & LOG_DUMP)
1084 slilog(st->log,M_DEBUG,"%s: %s: %08x<-%08x: %08x:",
1085 st->tunname,incoming?"incoming":"outgoing",
1086 dest,source,msgtype);
1087 }
1088
1089 static uint32_t site_status(void *st)
1090 {
1091 return 0;
1092 }
1093
1094 static bool_t send_msg(struct site *st)
1095 {
1096 if (st->retries>0) {
1097 transport_xmit(st, &st->setup_peers, &st->buffer, True);
1098 st->timeout=st->now+st->setup_retry_interval;
1099 st->retries--;
1100 return True;
1101 } else if (st->state==SITE_SENTMSG5) {
1102 logtimeout(st,"timed out sending MSG5, stashing new key");
1103 /* We stash the key we have produced, in case it turns out that
1104 * our peer did see our MSG5 after all and starts using it. */
1105 /* This is a bit like some of activate_new_key */
1106 struct transform_inst_if *t;
1107 t=st->auxiliary_key.transform;
1108 st->auxiliary_key.transform=st->new_transform;
1109 st->new_transform=t;
1110 dispose_transform(&st->new_transform);
1111
1112 st->auxiliary_is_new=1;
1113 st->auxiliary_key.key_timeout=st->now+st->key_lifetime;
1114 st->auxiliary_renegotiate_key_time=st->now+st->key_renegotiate_time;
1115 st->auxiliary_key.remote_session_id=st->setup_session_id;
1116
1117 enter_state_wait(st);
1118 return False;
1119 } else {
1120 logtimeout(st,"timed out sending key setup packet "
1121 "(in state %s)",state_name(st->state));
1122 enter_state_wait(st);
1123 return False;
1124 }
1125 }
1126
1127 static void site_resolve_callback(void *sst, struct in_addr *address)
1128 {
1129 struct site *st=sst;
1130 struct comm_addr ca_buf, *ca_use;
1131
1132 if (st->state!=SITE_RESOLVE) {
1133 slog(st,LOG_UNEXPECTED,"site_resolve_callback called unexpectedly");
1134 return;
1135 }
1136 if (address) {
1137 FILLZERO(ca_buf);
1138 ca_buf.comm=st->comms[0];
1139 ca_buf.sin.sin_family=AF_INET;
1140 ca_buf.sin.sin_port=htons(st->remoteport);
1141 ca_buf.sin.sin_addr=*address;
1142 ca_use=&ca_buf;
1143 } else {
1144 slog(st,LOG_ERROR,"resolution of %s failed",st->address);
1145 ca_use=0;
1146 }
1147 if (transport_compute_setupinit_peers(st,ca_use,0)) {
1148 enter_new_state(st,SITE_SENTMSG1);
1149 } else {
1150 /* Can't figure out who to try to to talk to */
1151 slog(st,LOG_SETUP_INIT,"key exchange failed: cannot find peer address");
1152 enter_state_run(st);
1153 }
1154 }
1155
1156 static bool_t initiate_key_setup(struct site *st, cstring_t reason,
1157 const struct comm_addr *prod_hint)
1158 {
1159 if (st->state!=SITE_RUN) return False;
1160 slog(st,LOG_SETUP_INIT,"initiating key exchange (%s)",reason);
1161 if (st->address) {
1162 slog(st,LOG_SETUP_INIT,"resolving peer address");
1163 return enter_state_resolve(st);
1164 } else if (transport_compute_setupinit_peers(st,0,prod_hint)) {
1165 return enter_new_state(st,SITE_SENTMSG1);
1166 }
1167 slog(st,LOG_SETUP_INIT,"key exchange failed: no address for peer");
1168 return False;
1169 }
1170
1171 static void activate_new_key(struct site *st)
1172 {
1173 struct transform_inst_if *t;
1174
1175 /* We have three transform instances, which we swap between old,
1176 active and setup */
1177 t=st->auxiliary_key.transform;
1178 st->auxiliary_key.transform=st->current.transform;
1179 st->current.transform=st->new_transform;
1180 st->new_transform=t;
1181 dispose_transform(&st->new_transform);
1182
1183 st->timeout=0;
1184 st->auxiliary_is_new=0;
1185 st->auxiliary_key.key_timeout=st->current.key_timeout;
1186 st->current.key_timeout=st->now+st->key_lifetime;
1187 st->renegotiate_key_time=st->now+st->key_renegotiate_time;
1188 transport_peers_copy(st,&st->peers,&st->setup_peers);
1189 st->current.remote_session_id=st->setup_session_id;
1190
1191 /* Compute the inter-site MTU. This is min( our_mtu, their_mtu ).
1192 * But their mtu be unspecified, in which case we just use ours. */
1193 uint32_t intersite_mtu=
1194 MIN(st->mtu_target, st->remote_adv_mtu ?: ~(uint32_t)0);
1195 st->netlink->set_mtu(st->netlink->st,intersite_mtu);
1196
1197 slog(st,LOG_ACTIVATE_KEY,"new key activated"
1198 " (mtu ours=%"PRId32" theirs=%"PRId32" intersite=%"PRId32")",
1199 st->mtu_target, st->remote_adv_mtu, intersite_mtu);
1200 enter_state_run(st);
1201 }
1202
1203 static void delete_one_key(struct site *st, struct data_key *key,
1204 cstring_t reason, cstring_t which, uint32_t loglevel)
1205 {
1206 if (!is_transform_valid(key->transform)) return;
1207 if (reason) slog(st,loglevel,"%s deleted (%s)",which,reason);
1208 dispose_transform(&key->transform);
1209 key->key_timeout=0;
1210 }
1211
1212 static void delete_keys(struct site *st, cstring_t reason, uint32_t loglevel)
1213 {
1214 if (current_valid(st)) {
1215 slog(st,loglevel,"session closed (%s)",reason);
1216
1217 delete_one_key(st,&st->current,0,0,0);
1218 set_link_quality(st);
1219 }
1220 delete_one_key(st,&st->auxiliary_key,0,0,0);
1221 }
1222
1223 static void state_assert(struct site *st, bool_t ok)
1224 {
1225 if (!ok) fatal("site:state_assert");
1226 }
1227
1228 static void enter_state_stop(struct site *st)
1229 {
1230 st->state=SITE_STOP;
1231 st->timeout=0;
1232 delete_keys(st,"entering state STOP",LOG_TIMEOUT_KEY);
1233 dispose_transform(&st->new_transform);
1234 }
1235
1236 static void set_link_quality(struct site *st)
1237 {
1238 uint32_t quality;
1239 if (current_valid(st))
1240 quality=LINK_QUALITY_UP;
1241 else if (st->state==SITE_WAIT || st->state==SITE_STOP)
1242 quality=LINK_QUALITY_DOWN;
1243 else if (st->address)
1244 quality=LINK_QUALITY_DOWN_CURRENT_ADDRESS;
1245 else if (transport_peers_valid(&st->peers))
1246 quality=LINK_QUALITY_DOWN_STALE_ADDRESS;
1247 else
1248 quality=LINK_QUALITY_DOWN;
1249
1250 st->netlink->set_quality(st->netlink->st,quality);
1251 }
1252
1253 static void enter_state_run(struct site *st)
1254 {
1255 slog(st,LOG_STATE,"entering state RUN");
1256 st->state=SITE_RUN;
1257 st->timeout=0;
1258
1259 st->setup_session_id=0;
1260 transport_peers_clear(st,&st->setup_peers);
1261 memset(st->localN,0,NONCELEN);
1262 memset(st->remoteN,0,NONCELEN);
1263 dispose_transform(&st->new_transform);
1264 memset(st->dhsecret,0,st->dh->len);
1265 memset(st->sharedsecret,0,st->sharedsecretlen);
1266 set_link_quality(st);
1267 }
1268
1269 static bool_t enter_state_resolve(struct site *st)
1270 {
1271 state_assert(st,st->state==SITE_RUN);
1272 slog(st,LOG_STATE,"entering state RESOLVE");
1273 st->state=SITE_RESOLVE;
1274 st->resolver->request(st->resolver->st,st->address,
1275 site_resolve_callback,st);
1276 return True;
1277 }
1278
1279 static bool_t enter_new_state(struct site *st, uint32_t next)
1280 {
1281 bool_t (*gen)(struct site *st);
1282 int r;
1283
1284 slog(st,LOG_STATE,"entering state %s",state_name(next));
1285 switch(next) {
1286 case SITE_SENTMSG1:
1287 state_assert(st,st->state==SITE_RUN || st->state==SITE_RESOLVE);
1288 gen=generate_msg1;
1289 break;
1290 case SITE_SENTMSG2:
1291 state_assert(st,st->state==SITE_RUN || st->state==SITE_RESOLVE ||
1292 st->state==SITE_SENTMSG1 || st->state==SITE_WAIT);
1293 gen=generate_msg2;
1294 break;
1295 case SITE_SENTMSG3:
1296 state_assert(st,st->state==SITE_SENTMSG1);
1297 BUF_FREE(&st->buffer);
1298 gen=generate_msg3;
1299 break;
1300 case SITE_SENTMSG4:
1301 state_assert(st,st->state==SITE_SENTMSG2);
1302 BUF_FREE(&st->buffer);
1303 gen=generate_msg4;
1304 break;
1305 case SITE_SENTMSG5:
1306 state_assert(st,st->state==SITE_SENTMSG3);
1307 BUF_FREE(&st->buffer);
1308 gen=generate_msg5;
1309 break;
1310 case SITE_RUN:
1311 state_assert(st,st->state==SITE_SENTMSG4);
1312 BUF_FREE(&st->buffer);
1313 gen=generate_msg6;
1314 break;
1315 default:
1316 gen=NULL;
1317 fatal("enter_new_state(%s): invalid new state",state_name(next));
1318 break;
1319 }
1320
1321 if (hacky_par_start_failnow()) return False;
1322
1323 r= gen(st) && send_msg(st);
1324
1325 hacky_par_end(&r,
1326 st->setup_retries, st->setup_retry_interval,
1327 send_msg, st);
1328
1329 if (r) {
1330 st->state=next;
1331 if (next==SITE_RUN) {
1332 BUF_FREE(&st->buffer); /* Never reused */
1333 st->timeout=0; /* Never retransmit */
1334 activate_new_key(st);
1335 }
1336 return True;
1337 }
1338 slog(st,LOG_ERROR,"error entering state %s",state_name(next));
1339 st->buffer.free=False; /* Unconditionally use the buffer; it may be
1340 in either state, and enter_state_wait() will
1341 do a BUF_FREE() */
1342 enter_state_wait(st);
1343 return False;
1344 }
1345
1346 /* msg7 tells our peer that we're about to forget our key */
1347 static bool_t send_msg7(struct site *st, cstring_t reason)
1348 {
1349 cstring_t transform_err;
1350
1351 if (current_valid(st) && st->buffer.free
1352 && transport_peers_valid(&st->peers)) {
1353 BUF_ALLOC(&st->buffer,"site:MSG7");
1354 buffer_init(&st->buffer,calculate_max_start_pad());
1355 buf_append_uint32(&st->buffer,LABEL_MSG7);
1356 buf_append_string(&st->buffer,reason);
1357 if (call_transform_forwards(st, st->current.transform,
1358 &st->buffer, &transform_err))
1359 goto free_out;
1360 buf_prepend_uint32(&st->buffer,LABEL_MSG0);
1361 buf_prepend_uint32(&st->buffer,st->index);
1362 buf_prepend_uint32(&st->buffer,st->current.remote_session_id);
1363 transport_xmit(st,&st->peers,&st->buffer,True);
1364 BUF_FREE(&st->buffer);
1365 free_out:
1366 return True;
1367 }
1368 return False;
1369 }
1370
1371 /* We go into this state if our peer becomes uncommunicative. Similar to
1372 the "stop" state, we forget all session keys for a while, before
1373 re-entering the "run" state. */
1374 static void enter_state_wait(struct site *st)
1375 {
1376 slog(st,LOG_STATE,"entering state WAIT");
1377 st->timeout=st->now+st->wait_timeout;
1378 st->state=SITE_WAIT;
1379 set_link_quality(st);
1380 BUF_FREE(&st->buffer); /* will have had an outgoing packet in it */
1381 /* XXX Erase keys etc. */
1382 }
1383
1384 static void generate_prod(struct site *st, struct buffer_if *buf)
1385 {
1386 buffer_init(buf,0);
1387 buf_append_uint32(buf,0);
1388 buf_append_uint32(buf,0);
1389 buf_append_uint32(buf,LABEL_PROD);
1390 buf_append_string(buf,st->localname);
1391 buf_append_string(buf,st->remotename);
1392 }
1393
1394 static void generate_send_prod(struct site *st,
1395 const struct comm_addr *source)
1396 {
1397 if (!st->allow_send_prod) return; /* too soon */
1398 if (!(st->state==SITE_RUN || st->state==SITE_RESOLVE ||
1399 st->state==SITE_WAIT)) return; /* we'd ignore peer's MSG1 */
1400
1401 slog(st,LOG_SETUP_INIT,"prodding peer for key exchange");
1402 st->allow_send_prod=0;
1403 generate_prod(st,&st->scratch);
1404 dump_packet(st,&st->scratch,source,False);
1405 source->comm->sendmsg(source->comm->st, &st->scratch, source);
1406 }
1407
1408 static inline void site_settimeout(uint64_t timeout, int *timeout_io)
1409 {
1410 if (timeout) {
1411 int64_t offset=timeout-*now;
1412 if (offset<0) offset=0;
1413 if (offset>INT_MAX) offset=INT_MAX;
1414 if (*timeout_io<0 || offset<*timeout_io)
1415 *timeout_io=offset;
1416 }
1417 }
1418
1419 static int site_beforepoll(void *sst, struct pollfd *fds, int *nfds_io,
1420 int *timeout_io)
1421 {
1422 struct site *st=sst;
1423
1424 *nfds_io=0; /* We don't use any file descriptors */
1425 st->now=*now;
1426
1427 /* Work out when our next timeout is. The earlier of 'timeout' or
1428 'current.key_timeout'. A stored value of '0' indicates no timeout
1429 active. */
1430 site_settimeout(st->timeout, timeout_io);
1431 site_settimeout(st->current.key_timeout, timeout_io);
1432 site_settimeout(st->auxiliary_key.key_timeout, timeout_io);
1433
1434 return 0; /* success */
1435 }
1436
1437 static void check_expiry(struct site *st, struct data_key *key,
1438 const char *which)
1439 {
1440 if (key->key_timeout && *now>key->key_timeout) {
1441 delete_one_key(st,key,"maximum life exceeded",which,LOG_TIMEOUT_KEY);
1442 }
1443 }
1444
1445 /* NB site_afterpoll will be called before site_beforepoll is ever called */
1446 static void site_afterpoll(void *sst, struct pollfd *fds, int nfds)
1447 {
1448 struct site *st=sst;
1449
1450 st->now=*now;
1451 if (st->timeout && *now>st->timeout) {
1452 st->timeout=0;
1453 if (st->state>=SITE_SENTMSG1 && st->state<=SITE_SENTMSG5) {
1454 if (!hacky_par_start_failnow())
1455 send_msg(st);
1456 } else if (st->state==SITE_WAIT) {
1457 enter_state_run(st);
1458 } else {
1459 slog(st,LOG_ERROR,"site_afterpoll: unexpected timeout, state=%d",
1460 st->state);
1461 }
1462 }
1463 check_expiry(st,&st->current,"current key");
1464 check_expiry(st,&st->auxiliary_key,"auxiliary key");
1465 }
1466
1467 /* This function is called by the netlink device to deliver packets
1468 intended for the remote network. The packet is in "raw" wire
1469 format, but is guaranteed to be word-aligned. */
1470 static void site_outgoing(void *sst, struct buffer_if *buf)
1471 {
1472 struct site *st=sst;
1473 cstring_t transform_err;
1474
1475 if (st->state==SITE_STOP) {
1476 BUF_FREE(buf);
1477 return;
1478 }
1479
1480 st->allow_send_prod=1;
1481
1482 /* In all other states we consider delivering the packet if we have
1483 a valid key and a valid address to send it to. */
1484 if (current_valid(st) && transport_peers_valid(&st->peers)) {
1485 /* Transform it and send it */
1486 if (buf->size>0) {
1487 buf_prepend_uint32(buf,LABEL_MSG9);
1488 if (call_transform_forwards(st, st->current.transform,
1489 buf, &transform_err))
1490 goto free_out;
1491 buf_prepend_uint32(buf,LABEL_MSG0);
1492 buf_prepend_uint32(buf,st->index);
1493 buf_prepend_uint32(buf,st->current.remote_session_id);
1494 transport_xmit(st,&st->peers,buf,False);
1495 }
1496 free_out:
1497 BUF_FREE(buf);
1498 return;
1499 }
1500
1501 slog(st,LOG_DROP,"discarding outgoing packet of size %d",buf->size);
1502 BUF_FREE(buf);
1503 initiate_key_setup(st,"outgoing packet",0);
1504 }
1505
1506 static bool_t named_for_us(struct site *st, const struct buffer_if *buf_in,
1507 uint32_t type, struct msg *m)
1508 /* For packets which are identified by the local and remote names.
1509 * If it has our name and our peer's name in it it's for us. */
1510 {
1511 struct buffer_if buf[1];
1512 buffer_readonly_clone(buf,buf_in);
1513 return unpick_msg(st,type,buf,m)
1514 && name_matches(&m->remote,st->remotename)
1515 && name_matches(&m->local,st->localname);
1516 }
1517
1518 /* This function is called by the communication device to deliver
1519 packets from our peers.
1520 It should return True if the packet is recognised as being for
1521 this current site instance (and should therefore not be processed
1522 by other sites), even if the packet was otherwise ignored. */
1523 static bool_t site_incoming(void *sst, struct buffer_if *buf,
1524 const struct comm_addr *source)
1525 {
1526 struct site *st=sst;
1527
1528 if (buf->size < 12) return False;
1529
1530 uint32_t dest=get_uint32(buf->start);
1531 uint32_t msgtype=get_uint32(buf->start+8);
1532 struct msg named_msg;
1533
1534 if (msgtype==LABEL_MSG1) {
1535 if (!named_for_us(st,buf,msgtype,&named_msg))
1536 return False;
1537 /* It's a MSG1 addressed to us. Decide what to do about it. */
1538 dump_packet(st,buf,source,True);
1539 if (st->state==SITE_RUN || st->state==SITE_RESOLVE ||
1540 st->state==SITE_WAIT) {
1541 /* We should definitely process it */
1542 if (process_msg1(st,buf,source,&named_msg)) {
1543 slog(st,LOG_SETUP_INIT,"key setup initiated by peer");
1544 enter_new_state(st,SITE_SENTMSG2);
1545 } else {
1546 slog(st,LOG_ERROR,"failed to process incoming msg1");
1547 }
1548 BUF_FREE(buf);
1549 return True;
1550 } else if (st->state==SITE_SENTMSG1) {
1551 /* We've just sent a message 1! They may have crossed on
1552 the wire. If we have priority then we ignore the
1553 incoming one, otherwise we process it as usual. */
1554 if (st->setup_priority) {
1555 BUF_FREE(buf);
1556 slog(st,LOG_DUMP,"crossed msg1s; we are higher "
1557 "priority => ignore incoming msg1");
1558 return True;
1559 } else {
1560 slog(st,LOG_DUMP,"crossed msg1s; we are lower "
1561 "priority => use incoming msg1");
1562 if (process_msg1(st,buf,source,&named_msg)) {
1563 BUF_FREE(&st->buffer); /* Free our old message 1 */
1564 enter_new_state(st,SITE_SENTMSG2);
1565 } else {
1566 slog(st,LOG_ERROR,"failed to process an incoming "
1567 "crossed msg1 (we have low priority)");
1568 }
1569 BUF_FREE(buf);
1570 return True;
1571 }
1572 }
1573 /* The message 1 was received at an unexpected stage of the
1574 key setup. XXX POLICY - what do we do? */
1575 slog(st,LOG_UNEXPECTED,"unexpected incoming message 1");
1576 BUF_FREE(buf);
1577 return True;
1578 }
1579 if (msgtype==LABEL_PROD) {
1580 if (!named_for_us(st,buf,msgtype,&named_msg))
1581 return False;
1582 dump_packet(st,buf,source,True);
1583 if (st->state!=SITE_RUN) {
1584 slog(st,LOG_DROP,"ignoring PROD when not in state RUN");
1585 } else if (current_valid(st)) {
1586 slog(st,LOG_DROP,"ignoring PROD when we think we have a key");
1587 } else {
1588 initiate_key_setup(st,"peer sent PROD packet",source);
1589 }
1590 BUF_FREE(buf);
1591 return True;
1592 }
1593 if (dest==st->index) {
1594 /* Explicitly addressed to us */
1595 if (msgtype!=LABEL_MSG0) dump_packet(st,buf,source,True);
1596 switch (msgtype) {
1597 case LABEL_NAK:
1598 /* If the source is our current peer then initiate a key setup,
1599 because our peer's forgotten the key */
1600 if (get_uint32(buf->start+4)==st->current.remote_session_id) {
1601 bool_t initiated;
1602 initiated = initiate_key_setup(st,"received a NAK",0);
1603 if (!initiated) generate_send_prod(st,source);
1604 } else {
1605 slog(st,LOG_SEC,"bad incoming NAK");
1606 }
1607 break;
1608 case LABEL_MSG0:
1609 process_msg0(st,buf,source);
1610 break;
1611 case LABEL_MSG1:
1612 /* Setup packet: should not have been explicitly addressed
1613 to us */
1614 slog(st,LOG_SEC,"incoming explicitly addressed msg1");
1615 break;
1616 case LABEL_MSG2:
1617 /* Setup packet: expected only in state SENTMSG1 */
1618 if (st->state!=SITE_SENTMSG1) {
1619 slog(st,LOG_UNEXPECTED,"unexpected MSG2");
1620 } else if (process_msg2(st,buf,source)) {
1621 transport_setup_msgok(st,source);
1622 enter_new_state(st,SITE_SENTMSG3);
1623 } else {
1624 slog(st,LOG_SEC,"invalid MSG2");
1625 }
1626 break;
1627 case LABEL_MSG3:
1628 case LABEL_MSG3BIS:
1629 /* Setup packet: expected only in state SENTMSG2 */
1630 if (st->state!=SITE_SENTMSG2) {
1631 slog(st,LOG_UNEXPECTED,"unexpected MSG3");
1632 } else if (process_msg3(st,buf,source,msgtype)) {
1633 transport_setup_msgok(st,source);
1634 enter_new_state(st,SITE_SENTMSG4);
1635 } else {
1636 slog(st,LOG_SEC,"invalid MSG3");
1637 }
1638 break;
1639 case LABEL_MSG4:
1640 /* Setup packet: expected only in state SENTMSG3 */
1641 if (st->state!=SITE_SENTMSG3) {
1642 slog(st,LOG_UNEXPECTED,"unexpected MSG4");
1643 } else if (process_msg4(st,buf,source)) {
1644 transport_setup_msgok(st,source);
1645 enter_new_state(st,SITE_SENTMSG5);
1646 } else {
1647 slog(st,LOG_SEC,"invalid MSG4");
1648 }
1649 break;
1650 case LABEL_MSG5:
1651 /* Setup packet: expected only in state SENTMSG4 */
1652 /* (may turn up in state RUN if our return MSG6 was lost
1653 and the new key has already been activated. In that
1654 case we discard it. The peer will realise that we
1655 are using the new key when they see our data packets.
1656 Until then the peer's data packets to us get discarded. */
1657 if (st->state==SITE_SENTMSG4) {
1658 if (process_msg5(st,buf,source,st->new_transform)) {
1659 transport_setup_msgok(st,source);
1660 enter_new_state(st,SITE_RUN);
1661 } else {
1662 slog(st,LOG_SEC,"invalid MSG5");
1663 }
1664 } else if (st->state==SITE_RUN) {
1665 if (process_msg5(st,buf,source,st->current.transform)) {
1666 slog(st,LOG_DROP,"got MSG5, retransmitting MSG6");
1667 transport_setup_msgok(st,source);
1668 create_msg6(st,st->current.transform,
1669 st->current.remote_session_id);
1670 transport_xmit(st,&st->peers,&st->buffer,True);
1671 BUF_FREE(&st->buffer);
1672 } else {
1673 slog(st,LOG_SEC,"invalid MSG5 (in state RUN)");
1674 }
1675 } else {
1676 slog(st,LOG_UNEXPECTED,"unexpected MSG5");
1677 }
1678 break;
1679 case LABEL_MSG6:
1680 /* Setup packet: expected only in state SENTMSG5 */
1681 if (st->state!=SITE_SENTMSG5) {
1682 slog(st,LOG_UNEXPECTED,"unexpected MSG6");
1683 } else if (process_msg6(st,buf,source)) {
1684 BUF_FREE(&st->buffer); /* Free message 5 */
1685 transport_setup_msgok(st,source);
1686 activate_new_key(st);
1687 } else {
1688 slog(st,LOG_SEC,"invalid MSG6");
1689 }
1690 break;
1691 default:
1692 slog(st,LOG_SEC,"received message of unknown type 0x%08x",
1693 msgtype);
1694 break;
1695 }
1696 BUF_FREE(buf);
1697 return True;
1698 }
1699
1700 return False;
1701 }
1702
1703 static void site_control(void *vst, bool_t run)
1704 {
1705 struct site *st=vst;
1706 if (run) enter_state_run(st);
1707 else enter_state_stop(st);
1708 }
1709
1710 static void site_phase_hook(void *sst, uint32_t newphase)
1711 {
1712 struct site *st=sst;
1713
1714 /* The program is shutting down; tell our peer */
1715 send_msg7(st,"shutting down");
1716 }
1717
1718 static list_t *site_apply(closure_t *self, struct cloc loc, dict_t *context,
1719 list_t *args)
1720 {
1721 static uint32_t index_sequence;
1722 struct site *st;
1723 item_t *item;
1724 dict_t *dict;
1725 int i;
1726
1727 st=safe_malloc(sizeof(*st),"site_apply");
1728
1729 st->cl.description="site";
1730 st->cl.type=CL_SITE;
1731 st->cl.apply=NULL;
1732 st->cl.interface=&st->ops;
1733 st->ops.st=st;
1734 st->ops.control=site_control;
1735 st->ops.status=site_status;
1736
1737 /* First parameter must be a dict */
1738 item=list_elem(args,0);
1739 if (!item || item->type!=t_dict)
1740 cfgfatal(loc,"site","parameter must be a dictionary\n");
1741
1742 dict=item->data.dict;
1743 st->localname=dict_read_string(dict, "local-name", True, "site", loc);
1744 st->remotename=dict_read_string(dict, "name", True, "site", loc);
1745
1746 st->peer_mobile=dict_read_bool(dict,"mobile",False,"site",loc,False);
1747 bool_t local_mobile=
1748 dict_read_bool(dict,"local-mobile",False,"site",loc,False);
1749
1750 /* Sanity check (which also allows the 'sites' file to include
1751 site() closures for all sites including our own): refuse to
1752 talk to ourselves */
1753 if (strcmp(st->localname,st->remotename)==0) {
1754 Message(M_DEBUG,"site %s: local-name==name -> ignoring this site\n",
1755 st->localname);
1756 if (st->peer_mobile != local_mobile)
1757 cfgfatal(loc,"site","site %s's peer-mobile=%d"
1758 " but our local-mobile=%d\n",
1759 st->localname, st->peer_mobile, local_mobile);
1760 free(st);
1761 return NULL;
1762 }
1763 if (st->peer_mobile && local_mobile) {
1764 Message(M_WARNING,"site %s: site is mobile but so are we"
1765 " -> ignoring this site\n", st->remotename);
1766 free(st);
1767 return NULL;
1768 }
1769
1770 assert(index_sequence < 0xffffffffUL);
1771 st->index = ++index_sequence;
1772 st->local_capabilities = 0;
1773 st->netlink=find_cl_if(dict,"link",CL_NETLINK,True,"site",loc);
1774
1775 #define GET_CLOSURE_LIST(dictkey,things,nthings,CL_TYPE) do{ \
1776 list_t *things##_cfg=dict_lookup(dict,dictkey); \
1777 if (!things##_cfg) \
1778 cfgfatal(loc,"site","closure list \"%s\" not found\n",dictkey); \
1779 st->nthings=list_length(things##_cfg); \
1780 st->things=safe_malloc_ary(sizeof(*st->things),st->nthings,dictkey "s"); \
1781 assert(st->nthings); \
1782 for (i=0; i<st->nthings; i++) { \
1783 item_t *item=list_elem(things##_cfg,i); \
1784 if (item->type!=t_closure) \
1785 cfgfatal(loc,"site","%s is not a closure\n",dictkey); \
1786 closure_t *cl=item->data.closure; \
1787 if (cl->type!=CL_TYPE) \
1788 cfgfatal(loc,"site","%s closure wrong type\n",dictkey); \
1789 st->things[i]=cl->interface; \
1790 } \
1791 }while(0)
1792
1793 GET_CLOSURE_LIST("comm",comms,ncomms,CL_COMM);
1794
1795 st->resolver=find_cl_if(dict,"resolver",CL_RESOLVER,True,"site",loc);
1796 st->log=find_cl_if(dict,"log",CL_LOG,True,"site",loc);
1797 st->random=find_cl_if(dict,"random",CL_RANDOMSRC,True,"site",loc);
1798
1799 st->privkey=find_cl_if(dict,"local-key",CL_RSAPRIVKEY,True,"site",loc);
1800 st->address=dict_read_string(dict, "address", False, "site", loc);
1801 if (st->address)
1802 st->remoteport=dict_read_number(dict,"port",True,"site",loc,0);
1803 else st->remoteport=0;
1804 st->pubkey=find_cl_if(dict,"key",CL_RSAPUBKEY,True,"site",loc);
1805
1806 GET_CLOSURE_LIST("transform",transforms,ntransforms,CL_TRANSFORM);
1807
1808 st->dh=find_cl_if(dict,"dh",CL_DH,True,"site",loc);
1809 st->hash=find_cl_if(dict,"hash",CL_HASH,True,"site",loc);
1810
1811 #define DEFAULT(D) (st->peer_mobile || local_mobile \
1812 ? DEFAULT_MOBILE_##D : DEFAULT_##D)
1813 #define CFG_NUMBER(k,D) dict_read_number(dict,(k),False,"site",loc,DEFAULT(D));
1814
1815 st->key_lifetime= CFG_NUMBER("key-lifetime", KEY_LIFETIME);
1816 st->setup_retries= CFG_NUMBER("setup-retries", SETUP_RETRIES);
1817 st->setup_retry_interval= CFG_NUMBER("setup-timeout", SETUP_RETRY_INTERVAL);
1818 st->wait_timeout= CFG_NUMBER("wait-time", WAIT_TIME);
1819 st->mtu_target= dict_read_number(dict,"mtu-target",False,"site",loc,0);
1820
1821 st->mobile_peer_expiry= dict_read_number(
1822 dict,"mobile-peer-expiry",False,"site",loc,DEFAULT_MOBILE_PEER_EXPIRY);
1823
1824 st->transport_peers_max= !st->peer_mobile ? 1 : dict_read_number(
1825 dict,"mobile-peers-max",False,"site",loc,DEFAULT_MOBILE_PEERS_MAX);
1826 if (st->transport_peers_max<1 ||
1827 st->transport_peers_max>=MAX_MOBILE_PEERS_MAX) {
1828 cfgfatal(loc,"site","mobile-peers-max must be in range 1.."
1829 STRING(MAX_MOBILE_PEERS_MAX) "\n");
1830 }
1831
1832 if (st->key_lifetime < DEFAULT(KEY_RENEGOTIATE_GAP)*2)
1833 st->key_renegotiate_time=st->key_lifetime/2;
1834 else
1835 st->key_renegotiate_time=st->key_lifetime-DEFAULT(KEY_RENEGOTIATE_GAP);
1836 st->key_renegotiate_time=dict_read_number(
1837 dict,"renegotiate-time",False,"site",loc,st->key_renegotiate_time);
1838 if (st->key_renegotiate_time > st->key_lifetime) {
1839 cfgfatal(loc,"site",
1840 "renegotiate-time must be less than key-lifetime\n");
1841 }
1842
1843 st->log_events=string_list_to_word(dict_lookup(dict,"log-events"),
1844 log_event_table,"site");
1845
1846 st->allow_send_prod=0;
1847
1848 st->tunname=safe_malloc(strlen(st->localname)+strlen(st->remotename)+5,
1849 "site_apply");
1850 sprintf(st->tunname,"%s<->%s",st->localname,st->remotename);
1851
1852 /* The information we expect to see in incoming messages of type 1 */
1853 /* fixme: lots of unchecked overflows here, but the results are only
1854 corrupted packets rather than undefined behaviour */
1855 st->setup_priority=(strcmp(st->localname,st->remotename)>0);
1856
1857 buffer_new(&st->buffer,SETUP_BUFFER_LEN);
1858
1859 buffer_new(&st->scratch,SETUP_BUFFER_LEN);
1860 BUF_ALLOC(&st->scratch,"site:scratch");
1861
1862 /* We are interested in poll(), but only for timeouts. We don't have
1863 any fds of our own. */
1864 register_for_poll(st, site_beforepoll, site_afterpoll, 0, "site");
1865 st->timeout=0;
1866
1867 st->remote_capabilities=0;
1868 st->chosen_transform=0;
1869 st->current.key_timeout=0;
1870 st->auxiliary_key.key_timeout=0;
1871 transport_peers_clear(st,&st->peers);
1872 transport_peers_clear(st,&st->setup_peers);
1873 /* XXX mlock these */
1874 st->dhsecret=safe_malloc(st->dh->len,"site:dhsecret");
1875 st->sharedsecretlen=st->sharedsecretallocd=0;
1876 st->sharedsecret=0;
1877
1878 for (i=0; i<st->ntransforms; i++) {
1879 struct transform_if *ti=st->transforms[i];
1880 uint32_t capbit = 1UL << ti->capab_transformnum;
1881 if (st->local_capabilities & capbit)
1882 slog(st,LOG_ERROR,"transformnum capability bit"
1883 " %d (%#"PRIx32") reused", ti->capab_transformnum, capbit);
1884 st->local_capabilities |= capbit;
1885 }
1886
1887 /* We need to register the remote networks with the netlink device */
1888 uint32_t netlink_mtu; /* local virtual interface mtu */
1889 st->netlink->reg(st->netlink->st, site_outgoing, st, &netlink_mtu);
1890 if (!st->mtu_target)
1891 st->mtu_target=netlink_mtu;
1892
1893 for (i=0; i<st->ncomms; i++)
1894 st->comms[i]->request_notify(st->comms[i]->st, st, site_incoming);
1895
1896 st->current.transform=0;
1897 st->auxiliary_key.transform=0;
1898 st->new_transform=0;
1899 st->auxiliary_is_new=0;
1900
1901 enter_state_stop(st);
1902
1903 add_hook(PHASE_SHUTDOWN,site_phase_hook,st);
1904
1905 return new_closure(&st->cl);
1906 }
1907
1908 void site_module(dict_t *dict)
1909 {
1910 add_closure(dict,"site",site_apply);
1911 }
1912
1913
1914 /***** TRANSPORT PEERS definitions *****/
1915
1916 static void transport_peers_debug(struct site *st, transport_peers *dst,
1917 const char *didwhat,
1918 int nargs, const struct comm_addr *args,
1919 size_t stride) {
1920 int i;
1921 char *argp;
1922
1923 if (!(st->log_events & LOG_PEER_ADDRS))
1924 return; /* an optimisation */
1925
1926 slog(st, LOG_PEER_ADDRS, "peers (%s) %s nargs=%d => npeers=%d",
1927 (dst==&st->peers ? "data" :
1928 dst==&st->setup_peers ? "setup" : "UNKNOWN"),
1929 didwhat, nargs, dst->npeers);
1930
1931 for (i=0, argp=(void*)args;
1932 i<nargs;
1933 i++, (argp+=stride?stride:sizeof(*args))) {
1934 const struct comm_addr *ca=(void*)argp;
1935 slog(st, LOG_PEER_ADDRS, " args: addrs[%d]=%s",
1936 i, comm_addr_to_string(ca));
1937 }
1938 for (i=0; i<dst->npeers; i++) {
1939 struct timeval diff;
1940 timersub(tv_now,&dst->peers[i].last,&diff);
1941 const struct comm_addr *ca=&dst->peers[i].addr;
1942 slog(st, LOG_PEER_ADDRS, " peers: addrs[%d]=%s T-%ld.%06ld",
1943 i, comm_addr_to_string(ca),
1944 (unsigned long)diff.tv_sec, (unsigned long)diff.tv_usec);
1945 }
1946 }
1947
1948 static int transport_peer_compar(const void *av, const void *bv) {
1949 const transport_peer *a=av;
1950 const transport_peer *b=bv;
1951 /* put most recent first in the array */
1952 if (timercmp(&a->last, &b->last, <)) return +1;
1953 if (timercmp(&a->last, &b->last, >)) return -11;
1954 return 0;
1955 }
1956
1957 static void transport_peers_expire(struct site *st, transport_peers *peers) {
1958 /* peers must be sorted first */
1959 int previous_peers=peers->npeers;
1960 struct timeval oldest;
1961 oldest.tv_sec = tv_now->tv_sec - st->mobile_peer_expiry;
1962 oldest.tv_usec = tv_now->tv_usec;
1963 while (peers->npeers>1 &&
1964 timercmp(&peers->peers[peers->npeers-1].last, &oldest, <))
1965 peers->npeers--;
1966 if (peers->npeers != previous_peers)
1967 transport_peers_debug(st,peers,"expire", 0,0,0);
1968 }
1969
1970 static void transport_record_peer(struct site *st, transport_peers *peers,
1971 const struct comm_addr *addr, const char *m) {
1972 int slot, changed=0;
1973
1974 for (slot=0; slot<peers->npeers; slot++)
1975 if (!memcmp(&peers->peers[slot].addr, addr, sizeof(*addr)))
1976 goto found;
1977
1978 changed=1;
1979 if (peers->npeers==st->transport_peers_max)
1980 slot=st->transport_peers_max-1;
1981 else
1982 slot=peers->npeers++;
1983
1984 found:
1985 peers->peers[slot].addr=*addr;
1986 peers->peers[slot].last=*tv_now;
1987
1988 if (peers->npeers>1)
1989 qsort(peers->peers, peers->npeers,
1990 sizeof(*peers->peers), transport_peer_compar);
1991
1992 if (changed || peers->npeers!=1)
1993 transport_peers_debug(st,peers,m, 1,addr,0);
1994 transport_peers_expire(st, peers);
1995 }
1996
1997 static bool_t transport_compute_setupinit_peers(struct site *st,
1998 const struct comm_addr *configured_addr /* 0 if none or not found */,
1999 const struct comm_addr *prod_hint_addr /* 0 if none */) {
2000
2001 if (!configured_addr && !prod_hint_addr &&
2002 !transport_peers_valid(&st->peers))
2003 return False;
2004
2005 slog(st,LOG_SETUP_INIT,
2006 "using:%s%s %d old peer address(es)",
2007 configured_addr ? " configured address;" : "",
2008 prod_hint_addr ? " PROD hint address;" : "",
2009 st->peers.npeers);
2010
2011 /* Non-mobile peers havve st->peers.npeers==0 or ==1, since they
2012 * have transport_peers_max==1. The effect is that this code
2013 * always uses the configured address if supplied, or otherwise
2014 * the address of the incoming PROD, or the existing data peer if
2015 * one exists; this is as desired. */
2016
2017 transport_peers_copy(st,&st->setup_peers,&st->peers);
2018
2019 if (prod_hint_addr)
2020 transport_record_peer(st,&st->setup_peers,prod_hint_addr,"prod");
2021
2022 if (configured_addr)
2023 transport_record_peer(st,&st->setup_peers,configured_addr,"setupinit");
2024
2025 assert(transport_peers_valid(&st->setup_peers));
2026 return True;
2027 }
2028
2029 static void transport_setup_msgok(struct site *st, const struct comm_addr *a) {
2030 if (st->peer_mobile)
2031 transport_record_peer(st,&st->setup_peers,a,"setupmsg");
2032 }
2033 static void transport_data_msgok(struct site *st, const struct comm_addr *a) {
2034 if (st->peer_mobile)
2035 transport_record_peer(st,&st->peers,a,"datamsg");
2036 }
2037
2038 static int transport_peers_valid(transport_peers *peers) {
2039 return peers->npeers;
2040 }
2041 static void transport_peers_clear(struct site *st, transport_peers *peers) {
2042 peers->npeers= 0;
2043 transport_peers_debug(st,peers,"clear",0,0,0);
2044 }
2045 static void transport_peers_copy(struct site *st, transport_peers *dst,
2046 const transport_peers *src) {
2047 dst->npeers=src->npeers;
2048 memcpy(dst->peers, src->peers, sizeof(*dst->peers) * dst->npeers);
2049 transport_peers_debug(st,dst,"copy",
2050 src->npeers, &src->peers->addr, sizeof(*src->peers));
2051 }
2052
2053 void transport_xmit(struct site *st, transport_peers *peers,
2054 struct buffer_if *buf, bool_t candebug) {
2055 int slot;
2056 transport_peers_expire(st, peers);
2057 for (slot=0; slot<peers->npeers; slot++) {
2058 transport_peer *peer=&peers->peers[slot];
2059 if (candebug)
2060 dump_packet(st, buf, &peer->addr, False);
2061 peer->addr.comm->sendmsg(peer->addr.comm->st, buf, &peer->addr);
2062 }
2063 }
2064
2065 /***** END of transport peers declarations *****/
Secnet virtual private network: clone of http://www.chiark.greenend.org.uk/ucgi/~ian/git/secnet.git/