1 /* site.c - manage communication with a remote network site */
3 /* The 'site' code doesn't know anything about the structure of the
4 packets it's transmitting. In fact, under the new netlink
5 configuration scheme it doesn't need to know anything at all about
6 IP addresses, except how to contact its peer. This means it could
7 potentially be used to tunnel other protocols too (IPv6, IPX, plain
8 old Ethernet frames) if appropriate netlink code can be written
9 (and that ought not to be too hard, eg. using the TUN/TAP device to
10 pretend to be an Ethernet interface). */
12 /* At some point in the future the netlink code will be asked for
13 configuration information to go in the PING/PONG packets at the end
14 of the key exchange. */
21 #include <sys/socket.h>
25 #include "unaligned.h"
28 #define SETUP_BUFFER_LEN 2048
30 #define DEFAULT_KEY_LIFETIME (3600*1000) /* [ms] */
31 #define DEFAULT_KEY_RENEGOTIATE_GAP (5*60*1000) /* [ms] */
32 #define DEFAULT_SETUP_RETRIES 5
33 #define DEFAULT_SETUP_RETRY_INTERVAL (2*1000) /* [ms] */
34 #define DEFAULT_WAIT_TIME (20*1000) /* [ms] */
36 #define DEFAULT_MOBILE_KEY_LIFETIME (2*24*3600*1000) /* [ms] */
37 #define DEFAULT_MOBILE_KEY_RENEGOTIATE_GAP (12*3600*1000) /* [ms] */
38 #define DEFAULT_MOBILE_SETUP_RETRIES 30
39 #define DEFAULT_MOBILE_SETUP_RETRY_INTERVAL (1*1000) /* [ms] */
40 #define DEFAULT_MOBILE_WAIT_TIME (10*1000) /* [ms] */
42 #define DEFAULT_MOBILE_PEER_EXPIRY (2*60) /* [s] */
43 #define DEFAULT_MOBILE_PEERS_MAX 3 /* send at most this many copies (default) */
45 /* Each site can be in one of several possible states. */
48 SITE_STOP - nothing is allowed to happen; tunnel is down;
49 all session keys have been erased
50 -> SITE_RUN upon external instruction
51 SITE_RUN - site up, maybe with valid key
52 -> SITE_RESOLVE upon outgoing packet and no valid key
53 we start name resolution for the other end of the tunnel
54 -> SITE_SENTMSG2 upon valid incoming message 1 and suitable time
55 we send an appropriate message 2
56 SITE_RESOLVE - waiting for name resolution
57 -> SITE_SENTMSG1 upon successful resolution
58 we send an appropriate message 1
59 -> SITE_SENTMSG2 upon valid incoming message 1 (then abort resolution)
60 we abort resolution and
61 -> SITE_WAIT on timeout or resolution failure
63 -> SITE_SENTMSG2 upon valid incoming message 1 from higher priority end
64 -> SITE_SENTMSG3 upon valid incoming message 2
65 -> SITE_WAIT on timeout
67 -> SITE_SENTMSG4 upon valid incoming message 3
68 -> SITE_WAIT on timeout
70 -> SITE_SENTMSG5 upon valid incoming message 4
71 -> SITE_WAIT on timeout
73 -> SITE_RUN upon valid incoming message 5
74 -> SITE_WAIT on timeout
76 -> SITE_RUN upon valid incoming message 6
77 -> SITE_WAIT on timeout
78 SITE_WAIT - failed to establish key; do nothing for a while
79 -> SITE_RUN on timeout
84 #define SITE_RESOLVE 2
85 #define SITE_SENTMSG1 3
86 #define SITE_SENTMSG2 4
87 #define SITE_SENTMSG3 5
88 #define SITE_SENTMSG4 6
89 #define SITE_SENTMSG5 7
92 static cstring_t
state_name(uint32_t state
)
95 case 0: return "STOP";
97 case 2: return "RESOLVE";
98 case 3: return "SENTMSG1";
99 case 4: return "SENTMSG2";
100 case 5: return "SENTMSG3";
101 case 6: return "SENTMSG4";
102 case 7: return "SENTMSG5";
103 case 8: return "WAIT";
104 default: return "*bad state*";
110 #define LOG_UNEXPECTED 0x00000001
111 #define LOG_SETUP_INIT 0x00000002
112 #define LOG_SETUP_TIMEOUT 0x00000004
113 #define LOG_ACTIVATE_KEY 0x00000008
114 #define LOG_TIMEOUT_KEY 0x00000010
115 #define LOG_SEC 0x00000020
116 #define LOG_STATE 0x00000040
117 #define LOG_DROP 0x00000080
118 #define LOG_DUMP 0x00000100
119 #define LOG_ERROR 0x00000400
120 #define LOG_PEER_ADDRS 0x00000800
122 static struct flagstr log_event_table
[]={
123 { "unexpected", LOG_UNEXPECTED
},
124 { "setup-init", LOG_SETUP_INIT
},
125 { "setup-timeout", LOG_SETUP_TIMEOUT
},
126 { "activate-key", LOG_ACTIVATE_KEY
},
127 { "timeout-key", LOG_TIMEOUT_KEY
},
128 { "security", LOG_SEC
},
129 { "state-change", LOG_STATE
},
130 { "packet-drop", LOG_DROP
},
131 { "dump-packets", LOG_DUMP
},
132 { "errors", LOG_ERROR
},
133 { "peer-addrs", LOG_PEER_ADDRS
},
134 { "default", LOG_SETUP_INIT
|LOG_SETUP_TIMEOUT
|
135 LOG_ACTIVATE_KEY
|LOG_TIMEOUT_KEY
|LOG_SEC
|LOG_ERROR
},
136 { "all", 0xffffffff },
141 /***** TRANSPORT PEERS declarations *****/
143 /* Details of "mobile peer" semantics:
145 - We record mobile_peers_max peer address/port numbers ("peers")
146 for key setup, and separately mobile_peers_max for data
147 transfer. If these lists fill up, we retain the newest peers.
148 (For non-mobile peers we only record one of each.)
150 - Outgoing packets are sent to every recorded peer in the
153 - Data transfer peers are straightforward: whenever we successfully
154 process a data packet, we record the peer. Also, whenever we
155 successfully complete a key setup, we merge the key setup
156 peers into the data transfer peers.
158 (For "non-mobile" peers we simply copy the peer used for
159 successful key setup, and don't change the peer otherwise.)
161 - Key setup peers are slightly more complicated.
163 Whenever we receive and successfully process a key exchange
164 packet, we record the peer.
166 Whenever we try to initiate a key setup, we copy the list of data
167 transfer peers and use it for key setup. But we also look to see
168 if the config supplies an address and port number and if so we
169 add that as a key setup peer (possibly evicting one of the data
170 transfer peers we just copied).
172 (For "non-mobile" peers, if we if we have a configured peer
173 address and port, we always use that; otherwise if we have a
174 current data peer address we use that; otherwise we do not
175 attempt to initiate a key setup for lack of a peer address.)
177 "Record the peer" means
178 1. expire any peers last seen >120s ("mobile-peer-expiry") ago
179 2. add the peer of the just received packet to the applicable list
180 (possibly evicting older entries)
181 NB that we do not expire peers until an incoming packet arrives.
185 #define MAX_MOBILE_PEERS_MAX 5 /* send at most this many copies, compiled max */
189 struct comm_addr addr
;
193 /* configuration information */
194 /* runtime information */
196 transport_peer peers
[MAX_MOBILE_PEERS_MAX
];
199 static void transport_peers_clear(struct site
*st
, transport_peers
*peers
);
200 static int transport_peers_valid(transport_peers
*peers
);
201 static void transport_peers_copy(struct site
*st
, transport_peers
*dst
,
202 const transport_peers
*src
);
204 static void transport_setup_msgok(struct site
*st
, const struct comm_addr
*a
);
205 static void transport_data_msgok(struct site
*st
, const struct comm_addr
*a
);
206 static bool_t
transport_compute_setupinit_peers(struct site
*st
,
207 const struct comm_addr
*configured_addr
/* 0 if none or not found */);
208 static void transport_record_peer(struct site
*st
, transport_peers
*peers
,
209 const struct comm_addr
*addr
, const char *m
);
211 static void transport_xmit(struct site
*st
, transport_peers
*peers
,
212 struct buffer_if
*buf
, bool_t candebug
);
214 /***** END of transport peers declarations *****/
218 struct transform_inst_if
*transform
;
219 uint64_t key_timeout
; /* End of life of current key */
220 uint32_t remote_session_id
;
226 /* configuration information */
229 bool_t peer_mobile
; /* Mobile client support */
230 int32_t transport_peers_max
;
231 string_t tunname
; /* localname<->remotename by default, used in logs */
232 string_t address
; /* DNS name for bootstrapping, optional */
233 int remoteport
; /* Port for bootstrapping, optional */
234 struct netlink_if
*netlink
;
235 struct comm_if
**comms
;
237 struct resolver_if
*resolver
;
239 struct random_if
*random
;
240 struct rsaprivkey_if
*privkey
;
241 struct rsapubkey_if
*pubkey
;
242 struct transform_if
*transform
;
244 struct hash_if
*hash
;
246 uint32_t index
; /* Index of this site */
247 int32_t setup_retries
; /* How many times to send setup packets */
248 int32_t setup_retry_interval
; /* Initial timeout for setup packets */
249 int32_t wait_timeout
; /* How long to wait if setup unsuccessful */
250 int32_t mobile_peer_expiry
; /* How long to remember 2ary addresses */
251 int32_t key_lifetime
; /* How long a key lasts once set up */
252 int32_t key_renegotiate_time
; /* If we see traffic (or a keepalive)
253 after this time, initiate a new
256 bool_t setup_priority
; /* Do we have precedence if both sites emit
257 message 1 simultaneously? */
260 /* runtime information */
262 uint64_t now
; /* Most recently seen time */
264 /* The currently established session */
265 struct data_key current
;
266 struct data_key auxiliary_key
;
267 bool_t auxiliary_is_new
;
268 uint64_t renegotiate_key_time
; /* When we can negotiate a new key */
269 uint64_t auxiliary_renegotiate_key_time
;
270 transport_peers peers
; /* Current address(es) of peer for data traffic */
272 /* The current key setup protocol exchange. We can only be
273 involved in one of these at a time. There's a potential for
274 denial of service here (the attacker keeps sending a setup
275 packet; we keep trying to continue the exchange, and have to
276 timeout before we can listen for another setup packet); perhaps
277 we should keep a list of 'bad' sources for setup packets. */
278 uint32_t setup_session_id
;
279 transport_peers setup_peers
;
280 uint8_t localN
[NONCELEN
]; /* Nonces for key exchange */
281 uint8_t remoteN
[NONCELEN
];
282 struct buffer_if buffer
; /* Current outgoing key exchange packet */
283 struct buffer_if scratch
;
284 int32_t retries
; /* Number of retries remaining */
285 uint64_t timeout
; /* Timeout for current state */
287 uint8_t *sharedsecret
;
288 uint32_t sharedsecretlen
;
289 struct transform_inst_if
*new_transform
; /* For key setup/verify */
292 static void slog(struct site
*st
, uint32_t event
, cstring_t msg
, ...)
300 if (event
&st
->log_events
) {
302 case LOG_UNEXPECTED
: class=M_INFO
; break;
303 case LOG_SETUP_INIT
: class=M_INFO
; break;
304 case LOG_SETUP_TIMEOUT
: class=M_NOTICE
; break;
305 case LOG_ACTIVATE_KEY
: class=M_INFO
; break;
306 case LOG_TIMEOUT_KEY
: class=M_INFO
; break;
307 case LOG_SEC
: class=M_SECURITY
; break;
308 case LOG_STATE
: class=M_DEBUG
; break;
309 case LOG_DROP
: class=M_DEBUG
; break;
310 case LOG_DUMP
: class=M_DEBUG
; break;
311 case LOG_ERROR
: class=M_ERR
; break;
312 case LOG_PEER_ADDRS
: class=M_DEBUG
; break;
313 default: class=M_ERR
; break;
316 vsnprintf(buf
,sizeof(buf
),msg
,ap
);
317 st
->log
->log(st
->log
->st
,class,"%s: %s",st
->tunname
,buf
);
322 static void set_link_quality(struct site
*st
);
323 static void delete_keys(struct site
*st
, cstring_t reason
, uint32_t loglevel
);
324 static void delete_one_key(struct site
*st
, struct data_key
*key
,
325 const char *reason
/* may be 0 meaning don't log*/,
326 const char *which
/* ignored if !reasonn */,
327 uint32_t loglevel
/* ignored if !reasonn */);
328 static bool_t
initiate_key_setup(struct site
*st
, cstring_t reason
);
329 static void enter_state_run(struct site
*st
);
330 static bool_t
enter_state_resolve(struct site
*st
);
331 static bool_t
enter_new_state(struct site
*st
,uint32_t next
);
332 static void enter_state_wait(struct site
*st
);
333 static void activate_new_key(struct site
*st
);
335 static bool_t
current_valid(struct site
*st
)
337 return st
->current
.transform
->valid(st
->current
.transform
->st
);
340 #define CHECK_AVAIL(b,l) do { if ((b)->size<(l)) return False; } while(0)
341 #define CHECK_EMPTY(b) do { if ((b)->size!=0) return False; } while(0)
342 #define CHECK_TYPE(b,t) do { uint32_t type; \
343 CHECK_AVAIL((b),4); \
344 type=buf_unprepend_uint32((b)); \
345 if (type!=(t)) return False; } while(0)
350 int32_t extrainfo_len
;
358 struct parsedname remote
;
359 struct parsedname local
;
369 /* Build any of msg1 to msg4. msg5 and msg6 are built from the inside
370 out using a transform of config data supplied by netlink */
371 static bool_t
generate_msg(struct site
*st
, uint32_t type
, cstring_t what
)
377 st
->retries
=st
->setup_retries
;
378 BUF_ALLOC(&st
->buffer
,what
);
379 buffer_init(&st
->buffer
,0);
380 buf_append_uint32(&st
->buffer
,
381 (type
==LABEL_MSG1?
0:st
->setup_session_id
));
382 buf_append_uint32(&st
->buffer
,st
->index
);
383 buf_append_uint32(&st
->buffer
,type
);
384 buf_append_string(&st
->buffer
,st
->localname
);
385 buf_append_string(&st
->buffer
,st
->remotename
);
386 memcpy(buf_append(&st
->buffer
,NONCELEN
),st
->localN
,NONCELEN
);
387 if (type
==LABEL_MSG1
) return True
;
388 memcpy(buf_append(&st
->buffer
,NONCELEN
),st
->remoteN
,NONCELEN
);
389 if (type
==LABEL_MSG2
) return True
;
391 if (hacky_par_mid_failnow()) return False
;
393 dhpub
=st
->dh
->makepublic(st
->dh
->st
,st
->dhsecret
,st
->dh
->len
);
394 buf_append_string(&st
->buffer
,dhpub
);
396 hash
=safe_malloc(st
->hash
->len
, "generate_msg");
397 hst
=st
->hash
->init();
398 st
->hash
->update(hst
,st
->buffer
.start
,st
->buffer
.size
);
399 st
->hash
->final(hst
,hash
);
400 sig
=st
->privkey
->sign(st
->privkey
->st
,hash
,st
->hash
->len
);
401 buf_append_string(&st
->buffer
,sig
);
407 static bool_t
unpick_name(struct buffer_if
*msg
, struct parsedname
*nm
)
410 nm
->len
=buf_unprepend_uint16(msg
);
411 CHECK_AVAIL(msg
,nm
->len
);
412 nm
->name
=buf_unprepend(msg
,nm
->len
);
413 uint8_t *nul
=memchr(nm
->name
,0,nm
->len
);
419 nm
->extrainfo_len
=msg
->start
-nm
->extrainfo
;
420 nm
->len
=nul
-nm
->name
;
425 static bool_t
unpick_msg(struct site
*st
, uint32_t type
,
426 struct buffer_if
*msg
, struct msg
*m
)
428 m
->hashstart
=msg
->start
;
430 m
->dest
=buf_unprepend_uint32(msg
);
432 m
->source
=buf_unprepend_uint32(msg
);
433 CHECK_TYPE(msg
,type
);
434 if (!unpick_name(msg
,&m
->remote
)) return False
;
435 if (!unpick_name(msg
,&m
->local
)) return False
;
436 CHECK_AVAIL(msg
,NONCELEN
);
437 m
->nR
=buf_unprepend(msg
,NONCELEN
);
438 if (type
==LABEL_MSG1
) {
442 CHECK_AVAIL(msg
,NONCELEN
);
443 m
->nL
=buf_unprepend(msg
,NONCELEN
);
444 if (type
==LABEL_MSG2
) {
449 m
->pklen
=buf_unprepend_uint16(msg
);
450 CHECK_AVAIL(msg
,m
->pklen
);
451 m
->pk
=buf_unprepend(msg
,m
->pklen
);
452 m
->hashlen
=msg
->start
-m
->hashstart
;
454 m
->siglen
=buf_unprepend_uint16(msg
);
455 CHECK_AVAIL(msg
,m
->siglen
);
456 m
->sig
=buf_unprepend(msg
,m
->siglen
);
461 static bool_t
name_matches(const struct parsedname
*nm
, const char *expected
)
463 int expected_len
=strlen(expected
);
465 nm
->len
== expected_len
&&
466 !memcmp(nm
->name
, expected
, expected_len
);
469 static bool_t
check_msg(struct site
*st
, uint32_t type
, struct msg
*m
,
472 if (type
==LABEL_MSG1
) return True
;
474 /* Check that the site names and our nonce have been sent
475 back correctly, and then store our peer's nonce. */
476 if (!name_matches(&m
->remote
,st
->remotename
)) {
477 *error
="wrong remote site name";
480 if (!name_matches(&m
->local
,st
->localname
)) {
481 *error
="wrong local site name";
484 if (memcmp(m
->nL
,st
->localN
,NONCELEN
)!=0) {
485 *error
="wrong locally-generated nonce";
488 if (type
==LABEL_MSG2
) return True
;
489 if (!consttime_memeq(m
->nR
,st
->remoteN
,NONCELEN
)!=0) {
490 *error
="wrong remotely-generated nonce";
493 if (type
==LABEL_MSG3
) return True
;
494 if (type
==LABEL_MSG4
) return True
;
495 *error
="unknown message type";
499 static bool_t
generate_msg1(struct site
*st
)
501 st
->random
->generate(st
->random
->st
,NONCELEN
,st
->localN
);
502 return generate_msg(st
,LABEL_MSG1
,"site:MSG1");
505 static bool_t
process_msg1(struct site
*st
, struct buffer_if
*msg1
,
506 const struct comm_addr
*src
, struct msg
*m
)
508 /* We've already determined we're in an appropriate state to
509 process an incoming MSG1, and that the MSG1 has correct values
512 transport_record_peer(st
,&st
->setup_peers
,src
,"msg1");
513 st
->setup_session_id
=m
->source
;
514 memcpy(st
->remoteN
,m
->nR
,NONCELEN
);
518 static bool_t
generate_msg2(struct site
*st
)
520 st
->random
->generate(st
->random
->st
,NONCELEN
,st
->localN
);
521 return generate_msg(st
,LABEL_MSG2
,"site:MSG2");
524 static bool_t
process_msg2(struct site
*st
, struct buffer_if
*msg2
,
525 const struct comm_addr
*src
)
530 if (!unpick_msg(st
,LABEL_MSG2
,msg2
,&m
)) return False
;
531 if (!check_msg(st
,LABEL_MSG2
,&m
,&err
)) {
532 slog(st
,LOG_SEC
,"msg2: %s",err
);
535 st
->setup_session_id
=m
.source
;
536 memcpy(st
->remoteN
,m
.nR
,NONCELEN
);
540 static bool_t
generate_msg3(struct site
*st
)
542 /* Now we have our nonce and their nonce. Think of a secret key,
543 and create message number 3. */
544 st
->random
->generate(st
->random
->st
,st
->dh
->len
,st
->dhsecret
);
545 return generate_msg(st
,LABEL_MSG3
,"site:MSG3");
548 static bool_t
process_msg3(struct site
*st
, struct buffer_if
*msg3
,
549 const struct comm_addr
*src
)
556 if (!unpick_msg(st
,LABEL_MSG3
,msg3
,&m
)) return False
;
557 if (!check_msg(st
,LABEL_MSG3
,&m
,&err
)) {
558 slog(st
,LOG_SEC
,"msg3: %s",err
);
562 /* Check signature and store g^x mod m */
563 hash
=safe_malloc(st
->hash
->len
, "process_msg3");
564 hst
=st
->hash
->init();
565 st
->hash
->update(hst
,m
.hashstart
,m
.hashlen
);
566 st
->hash
->final(hst
,hash
);
567 /* Terminate signature with a '0' - cheating, but should be ok */
569 if (!st
->pubkey
->check(st
->pubkey
->st
,hash
,st
->hash
->len
,m
.sig
)) {
570 slog(st
,LOG_SEC
,"msg3 signature failed check!");
576 /* Terminate their DH public key with a '0' */
578 /* Invent our DH secret key */
579 st
->random
->generate(st
->random
->st
,st
->dh
->len
,st
->dhsecret
);
581 /* Generate the shared key */
582 st
->dh
->makeshared(st
->dh
->st
,st
->dhsecret
,st
->dh
->len
,m
.pk
,
583 st
->sharedsecret
,st
->sharedsecretlen
);
585 /* Set up the transform */
586 st
->new_transform
->setkey(st
->new_transform
->st
,st
->sharedsecret
,
587 st
->sharedsecretlen
,st
->setup_priority
);
592 static bool_t
generate_msg4(struct site
*st
)
594 /* We have both nonces, their public key and our private key. Generate
595 our public key, sign it and send it to them. */
596 return generate_msg(st
,LABEL_MSG4
,"site:MSG4");
599 static bool_t
process_msg4(struct site
*st
, struct buffer_if
*msg4
,
600 const struct comm_addr
*src
)
607 if (!unpick_msg(st
,LABEL_MSG4
,msg4
,&m
)) return False
;
608 if (!check_msg(st
,LABEL_MSG4
,&m
,&err
)) {
609 slog(st
,LOG_SEC
,"msg4: %s",err
);
613 /* Check signature and store g^x mod m */
614 hash
=safe_malloc(st
->hash
->len
, "process_msg4");
615 hst
=st
->hash
->init();
616 st
->hash
->update(hst
,m
.hashstart
,m
.hashlen
);
617 st
->hash
->final(hst
,hash
);
618 /* Terminate signature with a '0' - cheating, but should be ok */
620 if (!st
->pubkey
->check(st
->pubkey
->st
,hash
,st
->hash
->len
,m
.sig
)) {
621 slog(st
,LOG_SEC
,"msg4 signature failed check!");
627 /* Terminate their DH public key with a '0' */
629 /* Generate the shared key */
630 st
->dh
->makeshared(st
->dh
->st
,st
->dhsecret
,st
->dh
->len
,m
.pk
,
631 st
->sharedsecret
,st
->sharedsecretlen
);
632 /* Set up the transform */
633 st
->new_transform
->setkey(st
->new_transform
->st
,st
->sharedsecret
,
634 st
->sharedsecretlen
,st
->setup_priority
);
645 static bool_t
unpick_msg0(struct site
*st
, struct buffer_if
*msg0
,
649 m
->dest
=buf_unprepend_uint32(msg0
);
651 m
->source
=buf_unprepend_uint32(msg0
);
653 m
->type
=buf_unprepend_uint32(msg0
);
655 /* Leaves transformed part of buffer untouched */
658 static bool_t
generate_msg5(struct site
*st
)
660 cstring_t transform_err
;
662 BUF_ALLOC(&st
->buffer
,"site:MSG5");
663 /* We are going to add four words to the message */
664 buffer_init(&st
->buffer
,st
->transform
->max_start_pad
+(4*4));
665 /* Give the netlink code an opportunity to put its own stuff in the
666 message (configuration information, etc.) */
667 buf_prepend_uint32(&st
->buffer
,LABEL_MSG5
);
668 st
->new_transform
->forwards(st
->new_transform
->st
,&st
->buffer
,
670 buf_prepend_uint32(&st
->buffer
,LABEL_MSG5
);
671 buf_prepend_uint32(&st
->buffer
,st
->index
);
672 buf_prepend_uint32(&st
->buffer
,st
->setup_session_id
);
674 st
->retries
=st
->setup_retries
;
678 static bool_t
process_msg5(struct site
*st
, struct buffer_if
*msg5
,
679 const struct comm_addr
*src
,
680 struct transform_inst_if
*transform
)
683 cstring_t transform_err
;
685 if (!unpick_msg0(st
,msg5
,&m
)) return False
;
687 if (transform
->reverse(transform
->st
,msg5
,&transform_err
)) {
688 /* There's a problem */
689 slog(st
,LOG_SEC
,"process_msg5: transform: %s",transform_err
);
692 /* Buffer should now contain untransformed PING packet data */
694 if (buf_unprepend_uint32(msg5
)!=LABEL_MSG5
) {
695 slog(st
,LOG_SEC
,"MSG5/PING packet contained wrong label");
698 /* Older versions of secnet used to write some config data here
699 * which we ignore. So we don't CHECK_EMPTY */
703 static void create_msg6(struct site
*st
, struct transform_inst_if
*transform
,
706 cstring_t transform_err
;
708 BUF_ALLOC(&st
->buffer
,"site:MSG6");
709 /* We are going to add four words to the message */
710 buffer_init(&st
->buffer
,st
->transform
->max_start_pad
+(4*4));
711 /* Give the netlink code an opportunity to put its own stuff in the
712 message (configuration information, etc.) */
713 buf_prepend_uint32(&st
->buffer
,LABEL_MSG6
);
714 transform
->forwards(transform
->st
,&st
->buffer
,&transform_err
);
715 buf_prepend_uint32(&st
->buffer
,LABEL_MSG6
);
716 buf_prepend_uint32(&st
->buffer
,st
->index
);
717 buf_prepend_uint32(&st
->buffer
,session_id
);
720 static bool_t
generate_msg6(struct site
*st
)
722 create_msg6(st
,st
->new_transform
,st
->setup_session_id
);
723 st
->retries
=1; /* Peer will retransmit MSG5 if this packet gets lost */
727 static bool_t
process_msg6(struct site
*st
, struct buffer_if
*msg6
,
728 const struct comm_addr
*src
)
731 cstring_t transform_err
;
733 if (!unpick_msg0(st
,msg6
,&m
)) return False
;
735 if (st
->new_transform
->reverse(st
->new_transform
->st
,
736 msg6
,&transform_err
)) {
737 /* There's a problem */
738 slog(st
,LOG_SEC
,"process_msg6: transform: %s",transform_err
);
741 /* Buffer should now contain untransformed PING packet data */
743 if (buf_unprepend_uint32(msg6
)!=LABEL_MSG6
) {
744 slog(st
,LOG_SEC
,"MSG6/PONG packet contained invalid data");
747 /* Older versions of secnet used to write some config data here
748 * which we ignore. So we don't CHECK_EMPTY */
752 static bool_t
decrypt_msg0(struct site
*st
, struct buffer_if
*msg0
,
753 const struct comm_addr
*src
)
755 cstring_t transform_err
, auxkey_err
, newkey_err
="n/a";
759 if (!unpick_msg0(st
,msg0
,&m
)) return False
;
761 /* Keep a copy so we can try decrypting it with multiple keys */
762 buffer_copy(&st
->scratch
, msg0
);
764 problem
= st
->current
.transform
->reverse(st
->current
.transform
->st
,
765 msg0
,&transform_err
);
767 if (!st
->auxiliary_is_new
)
768 delete_one_key(st
,&st
->auxiliary_key
,
769 "peer has used new key","auxiliary key",LOG_SEC
);
775 buffer_copy(msg0
, &st
->scratch
);
776 problem
= st
->auxiliary_key
.transform
->reverse
777 (st
->auxiliary_key
.transform
->st
,msg0
,&auxkey_err
);
779 slog(st
,LOG_DROP
,"processing packet which uses auxiliary key");
780 if (st
->auxiliary_is_new
) {
781 /* We previously timed out in state SENTMSG5 but it turns
782 * out that our peer did in fact get our MSG5 and is
783 * using the new key. So we should switch to it too. */
784 /* This is a bit like activate_new_key. */
787 st
->current
=st
->auxiliary_key
;
790 delete_one_key(st
,&st
->auxiliary_key
,"peer has used new key",
791 "previous key",LOG_SEC
);
792 st
->auxiliary_is_new
=0;
793 st
->renegotiate_key_time
=st
->auxiliary_renegotiate_key_time
;
800 if (st
->state
==SITE_SENTMSG5
) {
801 buffer_copy(msg0
, &st
->scratch
);
802 problem
= st
->new_transform
->reverse(st
->new_transform
->st
,
805 /* It looks like we didn't get the peer's MSG6 */
806 /* This is like a cut-down enter_new_state(SITE_RUN) */
807 slog(st
,LOG_STATE
,"will enter state RUN (MSG0 with new key)");
808 BUF_FREE(&st
->buffer
);
810 activate_new_key(st
);
811 return True
; /* do process the data in this packet */
817 slog(st
,LOG_SEC
,"transform: %s (aux: %s, new: %s)",
818 transform_err
,auxkey_err
,newkey_err
);
819 initiate_key_setup(st
,"incoming message would not decrypt");
820 send_nak(src
,m
.dest
,m
.source
,m
.type
,msg0
,"message would not decrypt");
824 slog(st
,LOG_DROP
,"transform: %s (merely skew)",transform_err
);
828 static bool_t
process_msg0(struct site
*st
, struct buffer_if
*msg0
,
829 const struct comm_addr
*src
)
833 if (!decrypt_msg0(st
,msg0
,src
))
837 type
=buf_unprepend_uint32(msg0
);
840 /* We must forget about the current session. */
841 delete_keys(st
,"request from peer",LOG_SEC
);
844 /* Deliver to netlink layer */
845 st
->netlink
->deliver(st
->netlink
->st
,msg0
);
846 transport_data_msgok(st
,src
);
847 /* See whether we should start negotiating a new key */
848 if (st
->now
> st
->renegotiate_key_time
)
849 initiate_key_setup(st
,"incoming packet in renegotiation window");
852 slog(st
,LOG_SEC
,"incoming encrypted message of type %08x "
859 static void dump_packet(struct site
*st
, struct buffer_if
*buf
,
860 const struct comm_addr
*addr
, bool_t incoming
)
862 uint32_t dest
=get_uint32(buf
->start
);
863 uint32_t source
=get_uint32(buf
->start
+4);
864 uint32_t msgtype
=get_uint32(buf
->start
+8);
866 if (st
->log_events
& LOG_DUMP
)
867 slilog(st
->log
,M_DEBUG
,"%s: %s: %08x<-%08x: %08x:",
868 st
->tunname
,incoming?
"incoming":"outgoing",
869 dest
,source
,msgtype
);
872 static uint32_t site_status(void *st
)
877 static bool_t
send_msg(struct site
*st
)
880 transport_xmit(st
, &st
->setup_peers
, &st
->buffer
, True
);
881 st
->timeout
=st
->now
+st
->setup_retry_interval
;
884 } else if (st
->state
==SITE_SENTMSG5
) {
885 slog(st
,LOG_SETUP_TIMEOUT
,"timed out sending MSG5, stashing new key");
886 /* We stash the key we have produced, in case it turns out that
887 * our peer did see our MSG5 after all and starts using it. */
888 /* This is a bit like some of activate_new_key */
889 struct transform_inst_if
*t
;
890 t
=st
->auxiliary_key
.transform
;
891 st
->auxiliary_key
.transform
=st
->new_transform
;
895 st
->auxiliary_is_new
=1;
896 st
->auxiliary_key
.key_timeout
=st
->now
+st
->key_lifetime
;
897 st
->auxiliary_renegotiate_key_time
=st
->now
+st
->key_renegotiate_time
;
898 st
->auxiliary_key
.remote_session_id
=st
->setup_session_id
;
900 enter_state_wait(st
);
903 slog(st
,LOG_SETUP_TIMEOUT
,"timed out sending key setup packet "
904 "(in state %s)",state_name(st
->state
));
905 enter_state_wait(st
);
910 static void site_resolve_callback(void *sst
, struct in_addr
*address
)
913 struct comm_addr ca_buf
, *ca_use
;
915 if (st
->state
!=SITE_RESOLVE
) {
916 slog(st
,LOG_UNEXPECTED
,"site_resolve_callback called unexpectedly");
921 ca_buf
.comm
=st
->comms
[0];
922 ca_buf
.sin
.sin_family
=AF_INET
;
923 ca_buf
.sin
.sin_port
=htons(st
->remoteport
);
924 ca_buf
.sin
.sin_addr
=*address
;
927 slog(st
,LOG_ERROR
,"resolution of %s failed",st
->address
);
930 if (transport_compute_setupinit_peers(st
,ca_use
)) {
931 enter_new_state(st
,SITE_SENTMSG1
);
933 /* Can't figure out who to try to to talk to */
934 slog(st
,LOG_SETUP_INIT
,"key exchange failed: cannot find peer address");
939 static bool_t
initiate_key_setup(struct site
*st
, cstring_t reason
)
941 if (st
->state
!=SITE_RUN
) return False
;
942 slog(st
,LOG_SETUP_INIT
,"initiating key exchange (%s)",reason
);
944 slog(st
,LOG_SETUP_INIT
,"resolving peer address");
945 return enter_state_resolve(st
);
946 } else if (transport_compute_setupinit_peers(st
,0)) {
947 return enter_new_state(st
,SITE_SENTMSG1
);
949 slog(st
,LOG_SETUP_INIT
,"key exchange failed: no address for peer");
953 static void activate_new_key(struct site
*st
)
955 struct transform_inst_if
*t
;
957 /* We have three transform instances, which we swap between old,
959 t
=st
->auxiliary_key
.transform
;
960 st
->auxiliary_key
.transform
=st
->current
.transform
;
961 st
->current
.transform
=st
->new_transform
;
966 st
->auxiliary_is_new
=0;
967 st
->auxiliary_key
.key_timeout
=st
->current
.key_timeout
;
968 st
->current
.key_timeout
=st
->now
+st
->key_lifetime
;
969 st
->renegotiate_key_time
=st
->now
+st
->key_renegotiate_time
;
970 transport_peers_copy(st
,&st
->peers
,&st
->setup_peers
);
971 st
->current
.remote_session_id
=st
->setup_session_id
;
973 slog(st
,LOG_ACTIVATE_KEY
,"new key activated");
977 static void delete_one_key(struct site
*st
, struct data_key
*key
,
978 cstring_t reason
, cstring_t which
, uint32_t loglevel
)
980 if (!key
->transform
->valid(key
->transform
->st
)) return;
981 if (reason
) slog(st
,loglevel
,"%s deleted (%s)",which
,reason
);
982 key
->transform
->delkey(key
->transform
->st
);
986 static void delete_keys(struct site
*st
, cstring_t reason
, uint32_t loglevel
)
988 if (current_valid(st
)) {
989 slog(st
,loglevel
,"session closed (%s)",reason
);
991 delete_one_key(st
,&st
->current
,0,0,0);
992 set_link_quality(st
);
994 delete_one_key(st
,&st
->auxiliary_key
,0,0,0);
997 static void state_assert(struct site
*st
, bool_t ok
)
999 if (!ok
) fatal("site:state_assert");
1002 static void enter_state_stop(struct site
*st
)
1004 st
->state
=SITE_STOP
;
1006 delete_keys(st
,"entering state STOP",LOG_TIMEOUT_KEY
);
1007 st
->new_transform
->delkey(st
->new_transform
->st
);
1010 static void set_link_quality(struct site
*st
)
1013 if (current_valid(st
))
1014 quality
=LINK_QUALITY_UP
;
1015 else if (st
->state
==SITE_WAIT
|| st
->state
==SITE_STOP
)
1016 quality
=LINK_QUALITY_DOWN
;
1017 else if (st
->address
)
1018 quality
=LINK_QUALITY_DOWN_CURRENT_ADDRESS
;
1019 else if (transport_peers_valid(&st
->peers
))
1020 quality
=LINK_QUALITY_DOWN_STALE_ADDRESS
;
1022 quality
=LINK_QUALITY_DOWN
;
1024 st
->netlink
->set_quality(st
->netlink
->st
,quality
);
1027 static void enter_state_run(struct site
*st
)
1029 slog(st
,LOG_STATE
,"entering state RUN");
1033 st
->setup_session_id
=0;
1034 transport_peers_clear(st
,&st
->setup_peers
);
1035 memset(st
->localN
,0,NONCELEN
);
1036 memset(st
->remoteN
,0,NONCELEN
);
1037 st
->new_transform
->delkey(st
->new_transform
->st
);
1038 memset(st
->dhsecret
,0,st
->dh
->len
);
1039 memset(st
->sharedsecret
,0,st
->sharedsecretlen
);
1040 set_link_quality(st
);
1043 static bool_t
enter_state_resolve(struct site
*st
)
1045 state_assert(st
,st
->state
==SITE_RUN
);
1046 slog(st
,LOG_STATE
,"entering state RESOLVE");
1047 st
->state
=SITE_RESOLVE
;
1048 st
->resolver
->request(st
->resolver
->st
,st
->address
,
1049 site_resolve_callback
,st
);
1053 static bool_t
enter_new_state(struct site
*st
, uint32_t next
)
1055 bool_t (*gen
)(struct site
*st
);
1058 slog(st
,LOG_STATE
,"entering state %s",state_name(next
));
1061 state_assert(st
,st
->state
==SITE_RUN
|| st
->state
==SITE_RESOLVE
);
1065 state_assert(st
,st
->state
==SITE_RUN
|| st
->state
==SITE_RESOLVE
||
1066 st
->state
==SITE_SENTMSG1
|| st
->state
==SITE_WAIT
);
1070 state_assert(st
,st
->state
==SITE_SENTMSG1
);
1071 BUF_FREE(&st
->buffer
);
1075 state_assert(st
,st
->state
==SITE_SENTMSG2
);
1076 BUF_FREE(&st
->buffer
);
1080 state_assert(st
,st
->state
==SITE_SENTMSG3
);
1081 BUF_FREE(&st
->buffer
);
1085 state_assert(st
,st
->state
==SITE_SENTMSG4
);
1086 BUF_FREE(&st
->buffer
);
1091 fatal("enter_new_state(%s): invalid new state",state_name(next
));
1095 if (hacky_par_start_failnow()) return False
;
1097 r
= gen(st
) && send_msg(st
);
1100 st
->setup_retries
, st
->setup_retry_interval
,
1105 if (next
==SITE_RUN
) {
1106 BUF_FREE(&st
->buffer
); /* Never reused */
1107 st
->timeout
=0; /* Never retransmit */
1108 activate_new_key(st
);
1112 slog(st
,LOG_ERROR
,"error entering state %s",state_name(next
));
1113 st
->buffer
.free
=False
; /* Unconditionally use the buffer; it may be
1114 in either state, and enter_state_wait() will
1116 enter_state_wait(st
);
1120 /* msg7 tells our peer that we're about to forget our key */
1121 static bool_t
send_msg7(struct site
*st
, cstring_t reason
)
1123 cstring_t transform_err
;
1125 if (current_valid(st
) && st
->buffer
.free
1126 && transport_peers_valid(&st
->peers
)) {
1127 BUF_ALLOC(&st
->buffer
,"site:MSG7");
1128 buffer_init(&st
->buffer
,st
->transform
->max_start_pad
+(4*3));
1129 buf_append_uint32(&st
->buffer
,LABEL_MSG7
);
1130 buf_append_string(&st
->buffer
,reason
);
1131 st
->current
.transform
->forwards(st
->current
.transform
->st
,
1132 &st
->buffer
, &transform_err
);
1133 buf_prepend_uint32(&st
->buffer
,LABEL_MSG0
);
1134 buf_prepend_uint32(&st
->buffer
,st
->index
);
1135 buf_prepend_uint32(&st
->buffer
,st
->current
.remote_session_id
);
1136 transport_xmit(st
,&st
->peers
,&st
->buffer
,True
);
1137 BUF_FREE(&st
->buffer
);
1143 /* We go into this state if our peer becomes uncommunicative. Similar to
1144 the "stop" state, we forget all session keys for a while, before
1145 re-entering the "run" state. */
1146 static void enter_state_wait(struct site
*st
)
1148 slog(st
,LOG_STATE
,"entering state WAIT");
1149 st
->timeout
=st
->now
+st
->wait_timeout
;
1150 st
->state
=SITE_WAIT
;
1151 set_link_quality(st
);
1152 BUF_FREE(&st
->buffer
); /* will have had an outgoing packet in it */
1153 /* XXX Erase keys etc. */
1156 static inline void site_settimeout(uint64_t timeout
, int *timeout_io
)
1159 int64_t offset
=timeout
-*now
;
1160 if (offset
<0) offset
=0;
1161 if (offset
>INT_MAX
) offset
=INT_MAX
;
1162 if (*timeout_io
<0 || offset
<*timeout_io
)
1167 static int site_beforepoll(void *sst
, struct pollfd
*fds
, int *nfds_io
,
1170 struct site
*st
=sst
;
1172 *nfds_io
=0; /* We don't use any file descriptors */
1175 /* Work out when our next timeout is. The earlier of 'timeout' or
1176 'current.key_timeout'. A stored value of '0' indicates no timeout
1178 site_settimeout(st
->timeout
, timeout_io
);
1179 site_settimeout(st
->current
.key_timeout
, timeout_io
);
1180 site_settimeout(st
->auxiliary_key
.key_timeout
, timeout_io
);
1182 return 0; /* success */
1185 static void check_expiry(struct site
*st
, struct data_key
*key
,
1188 if (key
->key_timeout
&& *now
>key
->key_timeout
) {
1189 delete_one_key(st
,key
,"maximum life exceeded",which
,LOG_TIMEOUT_KEY
);
1193 /* NB site_afterpoll will be called before site_beforepoll is ever called */
1194 static void site_afterpoll(void *sst
, struct pollfd
*fds
, int nfds
)
1196 struct site
*st
=sst
;
1199 if (st
->timeout
&& *now
>st
->timeout
) {
1201 if (st
->state
>=SITE_SENTMSG1
&& st
->state
<=SITE_SENTMSG5
) {
1202 if (!hacky_par_start_failnow())
1204 } else if (st
->state
==SITE_WAIT
) {
1205 enter_state_run(st
);
1207 slog(st
,LOG_ERROR
,"site_afterpoll: unexpected timeout, state=%d",
1211 check_expiry(st
,&st
->current
,"current key");
1212 check_expiry(st
,&st
->auxiliary_key
,"auxiliary key");
1215 /* This function is called by the netlink device to deliver packets
1216 intended for the remote network. The packet is in "raw" wire
1217 format, but is guaranteed to be word-aligned. */
1218 static void site_outgoing(void *sst
, struct buffer_if
*buf
)
1220 struct site
*st
=sst
;
1221 cstring_t transform_err
;
1223 if (st
->state
==SITE_STOP
) {
1228 /* In all other states we consider delivering the packet if we have
1229 a valid key and a valid address to send it to. */
1230 if (current_valid(st
) && transport_peers_valid(&st
->peers
)) {
1231 /* Transform it and send it */
1233 buf_prepend_uint32(buf
,LABEL_MSG9
);
1234 st
->current
.transform
->forwards(st
->current
.transform
->st
,
1235 buf
, &transform_err
);
1236 buf_prepend_uint32(buf
,LABEL_MSG0
);
1237 buf_prepend_uint32(buf
,st
->index
);
1238 buf_prepend_uint32(buf
,st
->current
.remote_session_id
);
1239 transport_xmit(st
,&st
->peers
,buf
,False
);
1245 slog(st
,LOG_DROP
,"discarding outgoing packet of size %d",buf
->size
);
1247 initiate_key_setup(st
,"outgoing packet");
1250 static bool_t
named_for_us(struct site
*st
, const struct buffer_if
*buf_in
,
1251 uint32_t type
, struct msg
*m
)
1252 /* For packets which are identified by the local and remote names.
1253 * If it has our name and our peer's name in it it's for us. */
1255 struct buffer_if buf
[1];
1256 buffer_readonly_clone(buf
,buf_in
);
1257 return unpick_msg(st
,type
,buf
,m
)
1258 && name_matches(&m
->remote
,st
->remotename
)
1259 && name_matches(&m
->local
,st
->localname
);
1262 /* This function is called by the communication device to deliver
1263 packets from our peers. */
1264 static bool_t
site_incoming(void *sst
, struct buffer_if
*buf
,
1265 const struct comm_addr
*source
)
1267 struct site
*st
=sst
;
1269 if (buf
->size
< 12) return False
;
1271 uint32_t dest
=get_uint32(buf
->start
);
1272 uint32_t msgtype
=get_uint32(buf
->start
+8);
1273 struct msg named_msg
;
1275 if (msgtype
==LABEL_MSG1
) {
1276 if (!named_for_us(st
,buf
,msgtype
,&named_msg
))
1278 /* It's a MSG1 addressed to us. Decide what to do about it. */
1279 dump_packet(st
,buf
,source
,True
);
1280 if (st
->state
==SITE_RUN
|| st
->state
==SITE_RESOLVE
||
1281 st
->state
==SITE_WAIT
) {
1282 /* We should definitely process it */
1283 if (process_msg1(st
,buf
,source
,&named_msg
)) {
1284 slog(st
,LOG_SETUP_INIT
,"key setup initiated by peer");
1285 enter_new_state(st
,SITE_SENTMSG2
);
1287 slog(st
,LOG_ERROR
,"failed to process incoming msg1");
1291 } else if (st
->state
==SITE_SENTMSG1
) {
1292 /* We've just sent a message 1! They may have crossed on
1293 the wire. If we have priority then we ignore the
1294 incoming one, otherwise we process it as usual. */
1295 if (st
->setup_priority
) {
1297 slog(st
,LOG_DUMP
,"crossed msg1s; we are higher "
1298 "priority => ignore incoming msg1");
1301 slog(st
,LOG_DUMP
,"crossed msg1s; we are lower "
1302 "priority => use incoming msg1");
1303 if (process_msg1(st
,buf
,source
,&named_msg
)) {
1304 BUF_FREE(&st
->buffer
); /* Free our old message 1 */
1305 enter_new_state(st
,SITE_SENTMSG2
);
1307 slog(st
,LOG_ERROR
,"failed to process an incoming "
1308 "crossed msg1 (we have low priority)");
1314 /* The message 1 was received at an unexpected stage of the
1315 key setup. XXX POLICY - what do we do? */
1316 slog(st
,LOG_UNEXPECTED
,"unexpected incoming message 1");
1320 if (dest
==st
->index
) {
1321 /* Explicitly addressed to us */
1322 if (msgtype
!=LABEL_MSG0
) dump_packet(st
,buf
,source
,True
);
1325 /* If the source is our current peer then initiate a key setup,
1326 because our peer's forgotten the key */
1327 if (get_uint32(buf
->start
+4)==st
->current
.remote_session_id
) {
1328 initiate_key_setup(st
,"received a NAK");
1330 slog(st
,LOG_SEC
,"bad incoming NAK");
1334 process_msg0(st
,buf
,source
);
1337 /* Setup packet: should not have been explicitly addressed
1339 slog(st
,LOG_SEC
,"incoming explicitly addressed msg1");
1342 /* Setup packet: expected only in state SENTMSG1 */
1343 if (st
->state
!=SITE_SENTMSG1
) {
1344 slog(st
,LOG_UNEXPECTED
,"unexpected MSG2");
1345 } else if (process_msg2(st
,buf
,source
)) {
1346 transport_setup_msgok(st
,source
);
1347 enter_new_state(st
,SITE_SENTMSG3
);
1349 slog(st
,LOG_SEC
,"invalid MSG2");
1353 /* Setup packet: expected only in state SENTMSG2 */
1354 if (st
->state
!=SITE_SENTMSG2
) {
1355 slog(st
,LOG_UNEXPECTED
,"unexpected MSG3");
1356 } else if (process_msg3(st
,buf
,source
)) {
1357 transport_setup_msgok(st
,source
);
1358 enter_new_state(st
,SITE_SENTMSG4
);
1360 slog(st
,LOG_SEC
,"invalid MSG3");
1364 /* Setup packet: expected only in state SENTMSG3 */
1365 if (st
->state
!=SITE_SENTMSG3
) {
1366 slog(st
,LOG_UNEXPECTED
,"unexpected MSG4");
1367 } else if (process_msg4(st
,buf
,source
)) {
1368 transport_setup_msgok(st
,source
);
1369 enter_new_state(st
,SITE_SENTMSG5
);
1371 slog(st
,LOG_SEC
,"invalid MSG4");
1375 /* Setup packet: expected only in state SENTMSG4 */
1376 /* (may turn up in state RUN if our return MSG6 was lost
1377 and the new key has already been activated. In that
1378 case we discard it. The peer will realise that we
1379 are using the new key when they see our data packets.
1380 Until then the peer's data packets to us get discarded. */
1381 if (st
->state
==SITE_SENTMSG4
) {
1382 if (process_msg5(st
,buf
,source
,st
->new_transform
)) {
1383 transport_setup_msgok(st
,source
);
1384 enter_new_state(st
,SITE_RUN
);
1386 slog(st
,LOG_SEC
,"invalid MSG5");
1388 } else if (st
->state
==SITE_RUN
) {
1389 if (process_msg5(st
,buf
,source
,st
->current
.transform
)) {
1390 slog(st
,LOG_DROP
,"got MSG5, retransmitting MSG6");
1391 transport_setup_msgok(st
,source
);
1392 create_msg6(st
,st
->current
.transform
,
1393 st
->current
.remote_session_id
);
1394 transport_xmit(st
,&st
->peers
,&st
->buffer
,True
);
1395 BUF_FREE(&st
->buffer
);
1397 slog(st
,LOG_SEC
,"invalid MSG5 (in state RUN)");
1400 slog(st
,LOG_UNEXPECTED
,"unexpected MSG5");
1404 /* Setup packet: expected only in state SENTMSG5 */
1405 if (st
->state
!=SITE_SENTMSG5
) {
1406 slog(st
,LOG_UNEXPECTED
,"unexpected MSG6");
1407 } else if (process_msg6(st
,buf
,source
)) {
1408 BUF_FREE(&st
->buffer
); /* Free message 5 */
1409 transport_setup_msgok(st
,source
);
1410 activate_new_key(st
);
1412 slog(st
,LOG_SEC
,"invalid MSG6");
1416 slog(st
,LOG_SEC
,"received message of unknown type 0x%08x",
1427 static void site_control(void *vst
, bool_t run
)
1429 struct site
*st
=vst
;
1430 if (run
) enter_state_run(st
);
1431 else enter_state_stop(st
);
1434 static void site_phase_hook(void *sst
, uint32_t newphase
)
1436 struct site
*st
=sst
;
1438 /* The program is shutting down; tell our peer */
1439 send_msg7(st
,"shutting down");
1442 static list_t
*site_apply(closure_t
*self
, struct cloc loc
, dict_t
*context
,
1445 static uint32_t index_sequence
;
1451 st
=safe_malloc(sizeof(*st
),"site_apply");
1453 st
->cl
.description
="site";
1454 st
->cl
.type
=CL_SITE
;
1456 st
->cl
.interface
=&st
->ops
;
1458 st
->ops
.control
=site_control
;
1459 st
->ops
.status
=site_status
;
1461 /* First parameter must be a dict */
1462 item
=list_elem(args
,0);
1463 if (!item
|| item
->type
!=t_dict
)
1464 cfgfatal(loc
,"site","parameter must be a dictionary\n");
1466 dict
=item
->data
.dict
;
1467 st
->localname
=dict_read_string(dict
, "local-name", True
, "site", loc
);
1468 st
->remotename
=dict_read_string(dict
, "name", True
, "site", loc
);
1470 st
->peer_mobile
=dict_read_bool(dict
,"mobile",False
,"site",loc
,False
);
1471 bool_t local_mobile
=
1472 dict_read_bool(dict
,"local-mobile",False
,"site",loc
,False
);
1474 /* Sanity check (which also allows the 'sites' file to include
1475 site() closures for all sites including our own): refuse to
1476 talk to ourselves */
1477 if (strcmp(st
->localname
,st
->remotename
)==0) {
1478 Message(M_DEBUG
,"site %s: local-name==name -> ignoring this site\n",
1480 if (st
->peer_mobile
!= local_mobile
)
1481 cfgfatal(loc
,"site","site %s's peer-mobile=%d"
1482 " but our local-mobile=%d\n",
1483 st
->localname
, st
->peer_mobile
, local_mobile
);
1487 if (st
->peer_mobile
&& local_mobile
) {
1488 Message(M_WARNING
,"site %s: site is mobile but so are we"
1489 " -> ignoring this site\n", st
->remotename
);
1494 assert(index_sequence
< 0xffffffffUL
);
1495 st
->index
= ++index_sequence
;
1496 st
->netlink
=find_cl_if(dict
,"link",CL_NETLINK
,True
,"site",loc
);
1498 list_t
*comms_cfg
=dict_lookup(dict
,"comm");
1499 if (!comms_cfg
) cfgfatal(loc
,"site","closure list \"comm\" not found\n");
1500 st
->ncomms
=list_length(comms_cfg
);
1501 st
->comms
=safe_malloc_ary(sizeof(*st
->comms
),st
->ncomms
,"comms");
1503 for (i
=0; i
<st
->ncomms
; i
++) {
1504 item_t
*item
=list_elem(comms_cfg
,i
);
1505 if (item
->type
!=t_closure
)
1506 cfgfatal(loc
,"site","comm is not a closure\n");
1507 closure_t
*cl
=item
->data
.closure
;
1508 if (cl
->type
!=CL_COMM
) cfgfatal(loc
,"site","comm closure wrong type\n");
1509 st
->comms
[i
]=cl
->interface
;
1512 st
->resolver
=find_cl_if(dict
,"resolver",CL_RESOLVER
,True
,"site",loc
);
1513 st
->log
=find_cl_if(dict
,"log",CL_LOG
,True
,"site",loc
);
1514 st
->random
=find_cl_if(dict
,"random",CL_RANDOMSRC
,True
,"site",loc
);
1516 st
->privkey
=find_cl_if(dict
,"local-key",CL_RSAPRIVKEY
,True
,"site",loc
);
1517 st
->address
=dict_read_string(dict
, "address", False
, "site", loc
);
1519 st
->remoteport
=dict_read_number(dict
,"port",True
,"site",loc
,0);
1520 else st
->remoteport
=0;
1521 st
->pubkey
=find_cl_if(dict
,"key",CL_RSAPUBKEY
,True
,"site",loc
);
1524 find_cl_if(dict
,"transform",CL_TRANSFORM
,True
,"site",loc
);
1526 st
->dh
=find_cl_if(dict
,"dh",CL_DH
,True
,"site",loc
);
1527 st
->hash
=find_cl_if(dict
,"hash",CL_HASH
,True
,"site",loc
);
1529 #define DEFAULT(D) (st->peer_mobile || local_mobile \
1530 ? DEFAULT_MOBILE_##D : DEFAULT_##D)
1531 #define CFG_NUMBER(k,D) dict_read_number(dict,(k),False,"site",loc,DEFAULT(D));
1533 st
->key_lifetime
= CFG_NUMBER("key-lifetime", KEY_LIFETIME
);
1534 st
->setup_retries
= CFG_NUMBER("setup-retries", SETUP_RETRIES
);
1535 st
->setup_retry_interval
= CFG_NUMBER("setup-timeout", SETUP_RETRY_INTERVAL
);
1536 st
->wait_timeout
= CFG_NUMBER("wait-time", WAIT_TIME
);
1538 st
->mobile_peer_expiry
= dict_read_number(
1539 dict
,"mobile-peer-expiry",False
,"site",loc
,DEFAULT_MOBILE_PEER_EXPIRY
);
1541 st
->transport_peers_max
= !st
->peer_mobile ?
1 : dict_read_number(
1542 dict
,"mobile-peers-max",False
,"site",loc
,DEFAULT_MOBILE_PEERS_MAX
);
1543 if (st
->transport_peers_max
<1 ||
1544 st
->transport_peers_max
>=MAX_MOBILE_PEERS_MAX
) {
1545 cfgfatal(loc
,"site","mobile-peers-max must be in range 1.."
1546 STRING(MAX_MOBILE_PEERS_MAX
) "\n");
1549 if (st
->key_lifetime
< DEFAULT(KEY_RENEGOTIATE_GAP
)*2)
1550 st
->key_renegotiate_time
=st
->key_lifetime
/2;
1552 st
->key_renegotiate_time
=st
->key_lifetime
-DEFAULT(KEY_RENEGOTIATE_GAP
);
1553 st
->key_renegotiate_time
=dict_read_number(
1554 dict
,"renegotiate-time",False
,"site",loc
,st
->key_renegotiate_time
);
1555 if (st
->key_renegotiate_time
> st
->key_lifetime
) {
1556 cfgfatal(loc
,"site",
1557 "renegotiate-time must be less than key-lifetime\n");
1560 st
->log_events
=string_list_to_word(dict_lookup(dict
,"log-events"),
1561 log_event_table
,"site");
1563 st
->tunname
=safe_malloc(strlen(st
->localname
)+strlen(st
->remotename
)+5,
1565 sprintf(st
->tunname
,"%s<->%s",st
->localname
,st
->remotename
);
1567 /* The information we expect to see in incoming messages of type 1 */
1568 /* fixme: lots of unchecked overflows here, but the results are only
1569 corrupted packets rather than undefined behaviour */
1570 st
->setup_priority
=(strcmp(st
->localname
,st
->remotename
)>0);
1572 buffer_new(&st
->buffer
,SETUP_BUFFER_LEN
);
1574 buffer_new(&st
->scratch
,0);
1575 BUF_ALLOC(&st
->scratch
,"site:scratch");
1577 /* We are interested in poll(), but only for timeouts. We don't have
1578 any fds of our own. */
1579 register_for_poll(st
, site_beforepoll
, site_afterpoll
, 0, "site");
1582 st
->current
.key_timeout
=0;
1583 st
->auxiliary_key
.key_timeout
=0;
1584 transport_peers_clear(st
,&st
->peers
);
1585 transport_peers_clear(st
,&st
->setup_peers
);
1586 /* XXX mlock these */
1587 st
->dhsecret
=safe_malloc(st
->dh
->len
,"site:dhsecret");
1588 st
->sharedsecretlen
=st
->transform
->keylen?
:st
->dh
->ceil_len
;
1589 st
->sharedsecret
=safe_malloc(st
->sharedsecretlen
,"site:sharedsecret");
1591 /* We need to compute some properties of our comms */
1592 #define COMPUTE_WORST(pad) \
1593 int worst_##pad=0; \
1594 for (i=0; i<st->ncomms; i++) { \
1595 int thispad=st->comms[i]->pad; \
1596 if (thispad > worst_##pad) \
1597 worst_##pad=thispad; \
1599 COMPUTE_WORST(min_start_pad
)
1600 COMPUTE_WORST(min_end_pad
)
1602 /* We need to register the remote networks with the netlink device */
1603 st
->netlink
->reg(st
->netlink
->st
, site_outgoing
, st
,
1604 st
->transform
->max_start_pad
+(4*4)+
1605 worst_min_start_pad
,
1606 st
->transform
->max_end_pad
+worst_min_end_pad
);
1608 for (i
=0; i
<st
->ncomms
; i
++)
1609 st
->comms
[i
]->request_notify(st
->comms
[i
]->st
, st
, site_incoming
);
1611 st
->current
.transform
=st
->transform
->create(st
->transform
->st
);
1612 st
->auxiliary_key
.transform
=st
->transform
->create(st
->transform
->st
);
1613 st
->new_transform
=st
->transform
->create(st
->transform
->st
);
1614 st
->auxiliary_is_new
=0;
1616 enter_state_stop(st
);
1618 add_hook(PHASE_SHUTDOWN
,site_phase_hook
,st
);
1620 return new_closure(&st
->cl
);
1623 void site_module(dict_t
*dict
)
1625 add_closure(dict
,"site",site_apply
);
1629 /***** TRANSPORT PEERS definitions *****/
1631 static void transport_peers_debug(struct site
*st
, transport_peers
*dst
,
1632 const char *didwhat
,
1633 int nargs
, const struct comm_addr
*args
,
1638 if (!(st
->log_events
& LOG_PEER_ADDRS
))
1639 return; /* an optimisation */
1641 slog(st
, LOG_PEER_ADDRS
, "peers (%s) %s nargs=%d => npeers=%d",
1642 (dst
==&st
->peers ?
"data" :
1643 dst
==&st
->setup_peers ?
"setup" : "UNKNOWN"),
1644 didwhat
, nargs
, dst
->npeers
);
1646 for (i
=0, argp
=(void*)args
;
1648 i
++, (argp
+=stride?stride
:sizeof(*args
))) {
1649 const struct comm_addr
*ca
=(void*)argp
;
1650 slog(st
, LOG_PEER_ADDRS
, " args: addrs[%d]=%s",
1651 i
, ca
->comm
->addr_to_string(ca
->comm
->st
,ca
));
1653 for (i
=0; i
<dst
->npeers
; i
++) {
1654 struct timeval diff
;
1655 timersub(tv_now
,&dst
->peers
[i
].last
,&diff
);
1656 const struct comm_addr
*ca
=&dst
->peers
[i
].addr
;
1657 slog(st
, LOG_PEER_ADDRS
, " peers: addrs[%d]=%s T-%ld.%06ld",
1658 i
, ca
->comm
->addr_to_string(ca
->comm
->st
,ca
),
1659 (unsigned long)diff
.tv_sec
, (unsigned long)diff
.tv_usec
);
1663 static int transport_peer_compar(const void *av
, const void *bv
) {
1664 const transport_peer
*a
=av
;
1665 const transport_peer
*b
=bv
;
1666 /* put most recent first in the array */
1667 if (timercmp(&a
->last
, &b
->last
, <)) return +1;
1668 if (timercmp(&a
->last
, &b
->last
, >)) return -11;
1672 static void transport_peers_expire(struct site
*st
, transport_peers
*peers
) {
1673 /* peers must be sorted first */
1674 int previous_peers
=peers
->npeers
;
1675 struct timeval oldest
;
1676 oldest
.tv_sec
= tv_now
->tv_sec
- st
->mobile_peer_expiry
;
1677 oldest
.tv_usec
= tv_now
->tv_usec
;
1678 while (peers
->npeers
>1 &&
1679 timercmp(&peers
->peers
[peers
->npeers
-1].last
, &oldest
, <))
1681 if (peers
->npeers
!= previous_peers
)
1682 transport_peers_debug(st
,peers
,"expire", 0,0,0);
1685 static void transport_record_peer(struct site
*st
, transport_peers
*peers
,
1686 const struct comm_addr
*addr
, const char *m
) {
1687 int slot
, changed
=0;
1689 for (slot
=0; slot
<peers
->npeers
; slot
++)
1690 if (!memcmp(&peers
->peers
[slot
].addr
, addr
, sizeof(*addr
)))
1694 if (peers
->npeers
==st
->transport_peers_max
)
1695 slot
=st
->transport_peers_max
;
1697 slot
=peers
->npeers
++;
1700 peers
->peers
[slot
].addr
=*addr
;
1701 peers
->peers
[slot
].last
=*tv_now
;
1703 if (peers
->npeers
>1)
1704 qsort(peers
->peers
, peers
->npeers
,
1705 sizeof(*peers
->peers
), transport_peer_compar
);
1707 if (changed
|| peers
->npeers
!=1)
1708 transport_peers_debug(st
,peers
,m
, 1,addr
,0);
1709 transport_peers_expire(st
, peers
);
1712 static bool_t
transport_compute_setupinit_peers(struct site
*st
,
1713 const struct comm_addr
*configured_addr
/* 0 if none or not found */) {
1715 if (!configured_addr
&& !transport_peers_valid(&st
->peers
))
1718 slog(st
,LOG_SETUP_INIT
,
1719 (!configured_addr ?
"using only %d old peer address(es)"
1720 : "using configured address, and/or perhaps %d old peer address(es)"),
1723 /* Non-mobile peers havve st->peers.npeers==0 or ==1, since they
1724 * have transport_peers_max==1. The effect is that this code
1725 * always uses the configured address if supplied, or otherwise
1726 * the existing data peer if one exists; this is as desired. */
1728 transport_peers_copy(st
,&st
->setup_peers
,&st
->peers
);
1730 if (configured_addr
)
1731 transport_record_peer(st
,&st
->setup_peers
,configured_addr
,"setupinit");
1733 assert(transport_peers_valid(&st
->setup_peers
));
1737 static void transport_setup_msgok(struct site
*st
, const struct comm_addr
*a
) {
1738 if (st
->peer_mobile
)
1739 transport_record_peer(st
,&st
->setup_peers
,a
,"setupmsg");
1741 static void transport_data_msgok(struct site
*st
, const struct comm_addr
*a
) {
1742 if (st
->peer_mobile
)
1743 transport_record_peer(st
,&st
->peers
,a
,"datamsg");
1746 static int transport_peers_valid(transport_peers
*peers
) {
1747 return peers
->npeers
;
1749 static void transport_peers_clear(struct site
*st
, transport_peers
*peers
) {
1751 transport_peers_debug(st
,peers
,"clear",0,0,0);
1753 static void transport_peers_copy(struct site
*st
, transport_peers
*dst
,
1754 const transport_peers
*src
) {
1755 dst
->npeers
=src
->npeers
;
1756 memcpy(dst
->peers
, src
->peers
, sizeof(*dst
->peers
) * dst
->npeers
);
1757 transport_peers_debug(st
,dst
,"copy",
1758 src
->npeers
, &src
->peers
->addr
, sizeof(*src
->peers
));
1761 void transport_xmit(struct site
*st
, transport_peers
*peers
,
1762 struct buffer_if
*buf
, bool_t candebug
) {
1764 transport_peers_expire(st
, peers
);
1765 for (slot
=0; slot
<peers
->npeers
; slot
++) {
1766 transport_peer
*peer
=&peers
->peers
[slot
];
1768 dump_packet(st
, buf
, &peer
->addr
, False
);
1769 peer
->addr
.comm
->sendmsg(peer
->addr
.comm
->st
, buf
, &peer
->addr
);
1773 /***** END of transport peers declarations *****/