~mdw / secnet / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
site: Document some reentrancy hazards in comments
[secnet] / site.c
1 /* site.c - manage communication with a remote network site */
2
3 /* The 'site' code doesn't know anything about the structure of the
4 packets it's transmitting. In fact, under the new netlink
5 configuration scheme it doesn't need to know anything at all about
6 IP addresses, except how to contact its peer. This means it could
7 potentially be used to tunnel other protocols too (IPv6, IPX, plain
8 old Ethernet frames) if appropriate netlink code can be written
9 (and that ought not to be too hard, eg. using the TUN/TAP device to
10 pretend to be an Ethernet interface). */
11
12 /* At some point in the future the netlink code will be asked for
13 configuration information to go in the PING/PONG packets at the end
14 of the key exchange. */
15
16 #include "secnet.h"
17 #include <stdio.h>
18 #include <string.h>
19 #include <limits.h>
20 #include <assert.h>
21 #include <sys/socket.h>
22
23 #include <sys/mman.h>
24 #include "util.h"
25 #include "unaligned.h"
26 #include "magic.h"
27
28 #define SETUP_BUFFER_LEN 2048
29
30 #define DEFAULT_KEY_LIFETIME (3600*1000) /* [ms] */
31 #define DEFAULT_KEY_RENEGOTIATE_GAP (5*60*1000) /* [ms] */
32 #define DEFAULT_SETUP_RETRIES 5
33 #define DEFAULT_SETUP_RETRY_INTERVAL (2*1000) /* [ms] */
34 #define DEFAULT_WAIT_TIME (20*1000) /* [ms] */
35
36 #define DEFAULT_MOBILE_KEY_LIFETIME (2*24*3600*1000) /* [ms] */
37 #define DEFAULT_MOBILE_KEY_RENEGOTIATE_GAP (12*3600*1000) /* [ms] */
38 #define DEFAULT_MOBILE_SETUP_RETRIES 30
39 #define DEFAULT_MOBILE_SETUP_RETRY_INTERVAL (1*1000) /* [ms] */
40 #define DEFAULT_MOBILE_WAIT_TIME (10*1000) /* [ms] */
41
42 #define DEFAULT_MOBILE_PEER_EXPIRY (2*60) /* [s] */
43 #define DEFAULT_MOBILE_PEERS_MAX 3 /* send at most this many copies (default) */
44
45 /* Each site can be in one of several possible states. */
46
47 /* States:
48 SITE_STOP - nothing is allowed to happen; tunnel is down;
49 all session keys have been erased
50 -> SITE_RUN upon external instruction
51 SITE_RUN - site up, maybe with valid key
52 -> SITE_RESOLVE upon outgoing packet and no valid key
53 we start name resolution for the other end of the tunnel
54 -> SITE_SENTMSG2 upon valid incoming message 1 and suitable time
55 we send an appropriate message 2
56 SITE_RESOLVE - waiting for name resolution
57 -> SITE_SENTMSG1 upon successful resolution
58 we send an appropriate message 1
59 -> SITE_SENTMSG2 upon valid incoming message 1 (then abort resolution)
60 we abort resolution and
61 -> SITE_WAIT on timeout or resolution failure
62 SITE_SENTMSG1
63 -> SITE_SENTMSG2 upon valid incoming message 1 from higher priority end
64 -> SITE_SENTMSG3 upon valid incoming message 2
65 -> SITE_WAIT on timeout
66 SITE_SENTMSG2
67 -> SITE_SENTMSG4 upon valid incoming message 3
68 -> SITE_WAIT on timeout
69 SITE_SENTMSG3
70 -> SITE_SENTMSG5 upon valid incoming message 4
71 -> SITE_WAIT on timeout
72 SITE_SENTMSG4
73 -> SITE_RUN upon valid incoming message 5
74 -> SITE_WAIT on timeout
75 SITE_SENTMSG5
76 -> SITE_RUN upon valid incoming message 6
77 -> SITE_WAIT on timeout
78 SITE_WAIT - failed to establish key; do nothing for a while
79 -> SITE_RUN on timeout
80 */
81
82 #define SITE_STOP 0
83 #define SITE_RUN 1
84 #define SITE_RESOLVE 2
85 #define SITE_SENTMSG1 3
86 #define SITE_SENTMSG2 4
87 #define SITE_SENTMSG3 5
88 #define SITE_SENTMSG4 6
89 #define SITE_SENTMSG5 7
90 #define SITE_WAIT 8
91
92 int32_t site_max_start_pad = 4*4;
93
94 static cstring_t state_name(uint32_t state)
95 {
96 switch (state) {
97 case 0: return "STOP";
98 case 1: return "RUN";
99 case 2: return "RESOLVE";
100 case 3: return "SENTMSG1";
101 case 4: return "SENTMSG2";
102 case 5: return "SENTMSG3";
103 case 6: return "SENTMSG4";
104 case 7: return "SENTMSG5";
105 case 8: return "WAIT";
106 default: return "*bad state*";
107 }
108 }
109
110 #define NONCELEN 8
111
112 #define LOG_UNEXPECTED 0x00000001
113 #define LOG_SETUP_INIT 0x00000002
114 #define LOG_SETUP_TIMEOUT 0x00000004
115 #define LOG_ACTIVATE_KEY 0x00000008
116 #define LOG_TIMEOUT_KEY 0x00000010
117 #define LOG_SEC 0x00000020
118 #define LOG_STATE 0x00000040
119 #define LOG_DROP 0x00000080
120 #define LOG_DUMP 0x00000100
121 #define LOG_ERROR 0x00000400
122 #define LOG_PEER_ADDRS 0x00000800
123
124 static struct flagstr log_event_table[]={
125 { "unexpected", LOG_UNEXPECTED },
126 { "setup-init", LOG_SETUP_INIT },
127 { "setup-timeout", LOG_SETUP_TIMEOUT },
128 { "activate-key", LOG_ACTIVATE_KEY },
129 { "timeout-key", LOG_TIMEOUT_KEY },
130 { "security", LOG_SEC },
131 { "state-change", LOG_STATE },
132 { "packet-drop", LOG_DROP },
133 { "dump-packets", LOG_DUMP },
134 { "errors", LOG_ERROR },
135 { "peer-addrs", LOG_PEER_ADDRS },
136 { "default", LOG_SETUP_INIT|LOG_SETUP_TIMEOUT|
137 LOG_ACTIVATE_KEY|LOG_TIMEOUT_KEY|LOG_SEC|LOG_ERROR },
138 { "all", 0xffffffff },
139 { NULL, 0 }
140 };
141
142
143 /***** TRANSPORT PEERS declarations *****/
144
145 /* Details of "mobile peer" semantics:
146
147 - We record mobile_peers_max peer address/port numbers ("peers")
148 for key setup, and separately mobile_peers_max for data
149 transfer. If these lists fill up, we retain the newest peers.
150 (For non-mobile peers we only record one of each.)
151
152 - Outgoing packets are sent to every recorded peer in the
153 applicable list.
154
155 - Data transfer peers are straightforward: whenever we successfully
156 process a data packet, we record the peer. Also, whenever we
157 successfully complete a key setup, we merge the key setup
158 peers into the data transfer peers.
159
160 (For "non-mobile" peers we simply copy the peer used for
161 successful key setup, and don't change the peer otherwise.)
162
163 - Key setup peers are slightly more complicated.
164
165 Whenever we receive and successfully process a key exchange
166 packet, we record the peer.
167
168 Whenever we try to initiate a key setup, we copy the list of data
169 transfer peers and use it for key setup. But we also look to see
170 if the config supplies an address and port number and if so we
171 add that as a key setup peer (possibly evicting one of the data
172 transfer peers we just copied).
173
174 (For "non-mobile" peers, if we if we have a configured peer
175 address and port, we always use that; otherwise if we have a
176 current data peer address we use that; otherwise we do not
177 attempt to initiate a key setup for lack of a peer address.)
178
179 "Record the peer" means
180 1. expire any peers last seen >120s ("mobile-peer-expiry") ago
181 2. add the peer of the just received packet to the applicable list
182 (possibly evicting older entries)
183 NB that we do not expire peers until an incoming packet arrives.
184
185 */
186
187 #define MAX_MOBILE_PEERS_MAX 5 /* send at most this many copies, compiled max */
188
189 typedef struct {
190 struct timeval last;
191 struct comm_addr addr;
192 } transport_peer;
193
194 typedef struct {
195 /* configuration information */
196 /* runtime information */
197 int npeers;
198 transport_peer peers[MAX_MOBILE_PEERS_MAX];
199 } transport_peers;
200
201 static void transport_peers_clear(struct site *st, transport_peers *peers);
202 static int transport_peers_valid(transport_peers *peers);
203 static void transport_peers_copy(struct site *st, transport_peers *dst,
204 const transport_peers *src);
205
206 static void transport_setup_msgok(struct site *st, const struct comm_addr *a);
207 static void transport_data_msgok(struct site *st, const struct comm_addr *a);
208 static bool_t transport_compute_setupinit_peers(struct site *st,
209 const struct comm_addr *configured_addr /* 0 if none or not found */,
210 const struct comm_addr *prod_hint_addr /* 0 if none */);
211 static void transport_record_peer(struct site *st, transport_peers *peers,
212 const struct comm_addr *addr, const char *m);
213
214 static void transport_xmit(struct site *st, transport_peers *peers,
215 struct buffer_if *buf, bool_t candebug);
216
217 /***** END of transport peers declarations *****/
218
219
220 struct data_key {
221 struct transform_inst_if *transform;
222 uint64_t key_timeout; /* End of life of current key */
223 uint32_t remote_session_id;
224 };
225
226 struct site {
227 closure_t cl;
228 struct site_if ops;
229 /* configuration information */
230 string_t localname;
231 string_t remotename;
232 bool_t peer_mobile; /* Mobile client support */
233 int32_t transport_peers_max;
234 string_t tunname; /* localname<->remotename by default, used in logs */
235 string_t address; /* DNS name for bootstrapping, optional */
236 int remoteport; /* Port for bootstrapping, optional */
237 uint32_t mtu_target;
238 struct netlink_if *netlink;
239 struct comm_if **comms;
240 int ncomms;
241 struct resolver_if *resolver;
242 struct log_if *log;
243 struct random_if *random;
244 struct rsaprivkey_if *privkey;
245 struct rsapubkey_if *pubkey;
246 struct transform_if **transforms;
247 int ntransforms;
248 struct dh_if *dh;
249 struct hash_if *hash;
250
251 uint32_t index; /* Index of this site */
252 uint32_t local_capabilities;
253 int32_t setup_retries; /* How many times to send setup packets */
254 int32_t setup_retry_interval; /* Initial timeout for setup packets */
255 int32_t wait_timeout; /* How long to wait if setup unsuccessful */
256 int32_t mobile_peer_expiry; /* How long to remember 2ary addresses */
257 int32_t key_lifetime; /* How long a key lasts once set up */
258 int32_t key_renegotiate_time; /* If we see traffic (or a keepalive)
259 after this time, initiate a new
260 key exchange */
261
262 bool_t setup_priority; /* Do we have precedence if both sites emit
263 message 1 simultaneously? */
264 uint32_t log_events;
265
266 /* runtime information */
267 uint32_t state;
268 uint64_t now; /* Most recently seen time */
269 bool_t allow_send_prod;
270
271 /* The currently established session */
272 struct data_key current;
273 struct data_key auxiliary_key;
274 bool_t auxiliary_is_new;
275 uint64_t renegotiate_key_time; /* When we can negotiate a new key */
276 uint64_t auxiliary_renegotiate_key_time;
277 transport_peers peers; /* Current address(es) of peer for data traffic */
278
279 /* The current key setup protocol exchange. We can only be
280 involved in one of these at a time. There's a potential for
281 denial of service here (the attacker keeps sending a setup
282 packet; we keep trying to continue the exchange, and have to
283 timeout before we can listen for another setup packet); perhaps
284 we should keep a list of 'bad' sources for setup packets. */
285 uint32_t remote_capabilities;
286 uint16_t remote_adv_mtu;
287 struct transform_if *chosen_transform;
288 uint32_t setup_session_id;
289 transport_peers setup_peers;
290 uint8_t localN[NONCELEN]; /* Nonces for key exchange */
291 uint8_t remoteN[NONCELEN];
292 struct buffer_if buffer; /* Current outgoing key exchange packet */
293 struct buffer_if scratch;
294 int32_t retries; /* Number of retries remaining */
295 uint64_t timeout; /* Timeout for current state */
296 uint8_t *dhsecret;
297 uint8_t *sharedsecret;
298 uint32_t sharedsecretlen, sharedsecretallocd;
299 struct transform_inst_if *new_transform; /* For key setup/verify */
300 };
301
302 static uint32_t event_log_priority(struct site *st, uint32_t event)
303 {
304 if (!(event&st->log_events))
305 return 0;
306 switch(event) {
307 case LOG_UNEXPECTED: return M_INFO;
308 case LOG_SETUP_INIT: return M_INFO;
309 case LOG_SETUP_TIMEOUT: return M_NOTICE;
310 case LOG_ACTIVATE_KEY: return M_INFO;
311 case LOG_TIMEOUT_KEY: return M_INFO;
312 case LOG_SEC: return M_SECURITY;
313 case LOG_STATE: return M_DEBUG;
314 case LOG_DROP: return M_DEBUG;
315 case LOG_DUMP: return M_DEBUG;
316 case LOG_ERROR: return M_ERR;
317 case LOG_PEER_ADDRS: return M_DEBUG;
318 default: return M_ERR;
319 }
320 }
321
322 static void vslog(struct site *st, uint32_t event, cstring_t msg, va_list ap)
323 FORMAT(printf,3,0);
324 static void vslog(struct site *st, uint32_t event, cstring_t msg, va_list ap)
325 {
326 uint32_t class;
327
328 class=event_log_priority(st, event);
329 if (class) {
330 slilog_part(st->log,class,"%s: ",st->tunname);
331 vslilog_part(st->log,class,msg,ap);
332 slilog_part(st->log,class,"\n");
333 }
334 }
335
336 static void slog(struct site *st, uint32_t event, cstring_t msg, ...)
337 FORMAT(printf,3,4);
338 static void slog(struct site *st, uint32_t event, cstring_t msg, ...)
339 {
340 va_list ap;
341 va_start(ap,msg);
342 vslog(st,event,msg,ap);
343 va_end(ap);
344 }
345
346 static void logtimeout(struct site *st, const char *fmt, ...)
347 FORMAT(printf,2,3);
348 static void logtimeout(struct site *st, const char *fmt, ...)
349 {
350 uint32_t class=event_log_priority(st,LOG_SETUP_TIMEOUT);
351 if (!class)
352 return;
353
354 va_list ap;
355 va_start(ap,fmt);
356
357 slilog_part(st->log,class,"%s: ",st->tunname);
358 vslilog_part(st->log,class,fmt,ap);
359
360 const char *delim;
361 int i;
362 for (i=0, delim=" (tried ";
363 i<st->setup_peers.npeers;
364 i++, delim=", ") {
365 transport_peer *peer=&st->setup_peers.peers[i];
366 const char *s=comm_addr_to_string(&peer->addr);
367 slilog_part(st->log,class,"%s%s",delim,s);
368 }
369
370 slilog_part(st->log,class,")\n");
371 va_end(ap);
372 }
373
374 static void set_link_quality(struct site *st);
375 static void delete_keys(struct site *st, cstring_t reason, uint32_t loglevel);
376 static void delete_one_key(struct site *st, struct data_key *key,
377 const char *reason /* may be 0 meaning don't log*/,
378 const char *which /* ignored if !reasonn */,
379 uint32_t loglevel /* ignored if !reasonn */);
380 static bool_t initiate_key_setup(struct site *st, cstring_t reason,
381 const struct comm_addr *prod_hint);
382 static void enter_state_run(struct site *st);
383 static bool_t enter_state_resolve(struct site *st);
384 static bool_t enter_new_state(struct site *st,uint32_t next);
385 static void enter_state_wait(struct site *st);
386 static void activate_new_key(struct site *st);
387
388 static bool_t is_transform_valid(struct transform_inst_if *transform)
389 {
390 return transform && transform->valid(transform->st);
391 }
392
393 static bool_t current_valid(struct site *st)
394 {
395 return is_transform_valid(st->current.transform);
396 }
397
398 #define DEFINE_CALL_TRANSFORM(fwdrev) \
399 static int call_transform_##fwdrev(struct site *st, \
400 struct transform_inst_if *transform, \
401 struct buffer_if *buf, \
402 const char **errmsg) \
403 { \
404 if (!is_transform_valid(transform)) { \
405 *errmsg="transform not set up"; \
406 return 1; \
407 } \
408 return transform->fwdrev(transform->st,buf,errmsg); \
409 }
410
411 DEFINE_CALL_TRANSFORM(forwards)
412 DEFINE_CALL_TRANSFORM(reverse)
413
414 static void dispose_transform(struct transform_inst_if **transform_var)
415 {
416 struct transform_inst_if *transform=*transform_var;
417 if (transform) {
418 transform->delkey(transform->st);
419 transform->destroy(transform->st);
420 }
421 *transform_var = 0;
422 }
423
424 #define CHECK_AVAIL(b,l) do { if ((b)->size<(l)) return False; } while(0)
425 #define CHECK_EMPTY(b) do { if ((b)->size!=0) return False; } while(0)
426 #define CHECK_TYPE(b,t) do { uint32_t type; \
427 CHECK_AVAIL((b),4); \
428 type=buf_unprepend_uint32((b)); \
429 if (type!=(t)) return False; } while(0)
430
431 static _Bool type_is_msg34(uint32_t type)
432 {
433 return
434 type == LABEL_MSG3 ||
435 type == LABEL_MSG3BIS ||
436 type == LABEL_MSG4;
437 }
438
439 struct parsedname {
440 int32_t len;
441 uint8_t *name;
442 struct buffer_if extrainfo;
443 };
444
445 struct msg {
446 uint8_t *hashstart;
447 uint32_t dest;
448 uint32_t source;
449 struct parsedname remote;
450 struct parsedname local;
451 uint32_t remote_capabilities;
452 uint16_t remote_mtu;
453 int capab_transformnum;
454 uint8_t *nR;
455 uint8_t *nL;
456 int32_t pklen;
457 char *pk;
458 int32_t hashlen;
459 int32_t siglen;
460 char *sig;
461 };
462
463 static void set_new_transform(struct site *st, char *pk)
464 {
465 /* Make room for the shared key */
466 st->sharedsecretlen=st->chosen_transform->keylen?:st->dh->ceil_len;
467 assert(st->sharedsecretlen);
468 if (st->sharedsecretlen > st->sharedsecretallocd) {
469 st->sharedsecretallocd=st->sharedsecretlen;
470 st->sharedsecret=realloc(st->sharedsecret,st->sharedsecretallocd);
471 }
472 if (!st->sharedsecret) fatal_perror("site:sharedsecret");
473
474 /* Generate the shared key */
475 st->dh->makeshared(st->dh->st,st->dhsecret,st->dh->len,pk,
476 st->sharedsecret,st->sharedsecretlen);
477
478 /* Set up the transform */
479 struct transform_if *generator=st->chosen_transform;
480 struct transform_inst_if *generated=generator->create(generator->st);
481 generated->setkey(generated->st,st->sharedsecret,
482 st->sharedsecretlen,st->setup_priority);
483 dispose_transform(&st->new_transform);
484 st->new_transform=generated;
485
486 slog(st,LOG_SETUP_INIT,"key exchange negotiated transform"
487 " %d (capabilities ours=%#"PRIx32" theirs=%#"PRIx32")",
488 st->chosen_transform->capab_transformnum,
489 st->local_capabilities, st->remote_capabilities);
490 }
491
492 struct xinfoadd {
493 int32_t lenpos, afternul;
494 };
495 static void append_string_xinfo_start(struct buffer_if *buf,
496 struct xinfoadd *xia,
497 const char *str)
498 /* Helps construct one of the names with additional info as found
499 * in MSG1..4. Call this function first, then append all the
500 * desired extra info (not including the nul byte) to the buffer,
501 * then call append_string_xinfo_done. */
502 {
503 xia->lenpos = buf->size;
504 buf_append_string(buf,str);
505 buf_append_uint8(buf,0);
506 xia->afternul = buf->size;
507 }
508 static void append_string_xinfo_done(struct buffer_if *buf,
509 struct xinfoadd *xia)
510 {
511 /* we just need to adjust the string length */
512 if (buf->size == xia->afternul) {
513 /* no extra info, strip the nul too */
514 buf_unappend_uint8(buf);
515 } else {
516 put_uint16(buf->start+xia->lenpos, buf->size-(xia->lenpos+2));
517 }
518 }
519
520 /* Build any of msg1 to msg4. msg5 and msg6 are built from the inside
521 out using a transform of config data supplied by netlink */
522 static bool_t generate_msg(struct site *st, uint32_t type, cstring_t what)
523 {
524 void *hst;
525 uint8_t *hash;
526 string_t dhpub, sig;
527
528 st->retries=st->setup_retries;
529 BUF_ALLOC(&st->buffer,what);
530 buffer_init(&st->buffer,0);
531 buf_append_uint32(&st->buffer,
532 (type==LABEL_MSG1?0:st->setup_session_id));
533 buf_append_uint32(&st->buffer,st->index);
534 buf_append_uint32(&st->buffer,type);
535
536 struct xinfoadd xia;
537 append_string_xinfo_start(&st->buffer,&xia,st->localname);
538 if ((st->local_capabilities & CAPAB_EARLY) || (type != LABEL_MSG1)) {
539 buf_append_uint32(&st->buffer,st->local_capabilities);
540 }
541 if (type_is_msg34(type)) {
542 buf_append_uint16(&st->buffer,st->mtu_target);
543 }
544 append_string_xinfo_done(&st->buffer,&xia);
545
546 buf_append_string(&st->buffer,st->remotename);
547 memcpy(buf_append(&st->buffer,NONCELEN),st->localN,NONCELEN);
548 if (type==LABEL_MSG1) return True;
549 memcpy(buf_append(&st->buffer,NONCELEN),st->remoteN,NONCELEN);
550 if (type==LABEL_MSG2) return True;
551
552 if (hacky_par_mid_failnow()) return False;
553
554 if (type==LABEL_MSG3BIS)
555 buf_append_uint8(&st->buffer,st->chosen_transform->capab_transformnum);
556
557 dhpub=st->dh->makepublic(st->dh->st,st->dhsecret,st->dh->len);
558 buf_append_string(&st->buffer,dhpub);
559 free(dhpub);
560 hash=safe_malloc(st->hash->len, "generate_msg");
561 hst=st->hash->init();
562 st->hash->update(hst,st->buffer.start,st->buffer.size);
563 st->hash->final(hst,hash);
564 sig=st->privkey->sign(st->privkey->st,hash,st->hash->len);
565 buf_append_string(&st->buffer,sig);
566 free(sig);
567 free(hash);
568 return True;
569 }
570
571 static bool_t unpick_name(struct buffer_if *msg, struct parsedname *nm)
572 {
573 CHECK_AVAIL(msg,2);
574 nm->len=buf_unprepend_uint16(msg);
575 CHECK_AVAIL(msg,nm->len);
576 nm->name=buf_unprepend(msg,nm->len);
577 uint8_t *nul=memchr(nm->name,0,nm->len);
578 if (!nul) {
579 buffer_readonly_view(&nm->extrainfo,0,0);
580 } else {
581 buffer_readonly_view(&nm->extrainfo, nul+1, msg->start-(nul+1));
582 nm->len=nul-nm->name;
583 }
584 return True;
585 }
586
587 static bool_t unpick_msg(struct site *st, uint32_t type,
588 struct buffer_if *msg, struct msg *m)
589 {
590 m->capab_transformnum=-1;
591 m->hashstart=msg->start;
592 CHECK_AVAIL(msg,4);
593 m->dest=buf_unprepend_uint32(msg);
594 CHECK_AVAIL(msg,4);
595 m->source=buf_unprepend_uint32(msg);
596 CHECK_TYPE(msg,type);
597 if (!unpick_name(msg,&m->remote)) return False;
598 m->remote_capabilities=0;
599 m->remote_mtu=0;
600 if (m->remote.extrainfo.size) {
601 CHECK_AVAIL(&m->remote.extrainfo,4);
602 m->remote_capabilities=buf_unprepend_uint32(&m->remote.extrainfo);
603 }
604 if (type_is_msg34(type) && m->remote.extrainfo.size) {
605 CHECK_AVAIL(&m->remote.extrainfo,2);
606 m->remote_mtu=buf_unprepend_uint16(&m->remote.extrainfo);
607 }
608 if (!unpick_name(msg,&m->local)) return False;
609 if (type==LABEL_PROD) {
610 CHECK_EMPTY(msg);
611 return True;
612 }
613 CHECK_AVAIL(msg,NONCELEN);
614 m->nR=buf_unprepend(msg,NONCELEN);
615 if (type==LABEL_MSG1) {
616 CHECK_EMPTY(msg);
617 return True;
618 }
619 CHECK_AVAIL(msg,NONCELEN);
620 m->nL=buf_unprepend(msg,NONCELEN);
621 if (type==LABEL_MSG2) {
622 CHECK_EMPTY(msg);
623 return True;
624 }
625 if (type==LABEL_MSG3BIS) {
626 CHECK_AVAIL(msg,1);
627 m->capab_transformnum = buf_unprepend_uint8(msg);
628 } else {
629 m->capab_transformnum = CAPAB_TRANSFORMNUM_ANCIENT;
630 }
631 CHECK_AVAIL(msg,2);
632 m->pklen=buf_unprepend_uint16(msg);
633 CHECK_AVAIL(msg,m->pklen);
634 m->pk=buf_unprepend(msg,m->pklen);
635 m->hashlen=msg->start-m->hashstart;
636 CHECK_AVAIL(msg,2);
637 m->siglen=buf_unprepend_uint16(msg);
638 CHECK_AVAIL(msg,m->siglen);
639 m->sig=buf_unprepend(msg,m->siglen);
640 CHECK_EMPTY(msg);
641 return True;
642 }
643
644 static bool_t name_matches(const struct parsedname *nm, const char *expected)
645 {
646 int expected_len=strlen(expected);
647 return
648 nm->len == expected_len &&
649 !memcmp(nm->name, expected, expected_len);
650 }
651
652 static bool_t check_msg(struct site *st, uint32_t type, struct msg *m,
653 cstring_t *error)
654 {
655 if (type==LABEL_MSG1) return True;
656
657 /* Check that the site names and our nonce have been sent
658 back correctly, and then store our peer's nonce. */
659 if (!name_matches(&m->remote,st->remotename)) {
660 *error="wrong remote site name";
661 return False;
662 }
663 if (!name_matches(&m->local,st->localname)) {
664 *error="wrong local site name";
665 return False;
666 }
667 if (memcmp(m->nL,st->localN,NONCELEN)!=0) {
668 *error="wrong locally-generated nonce";
669 return False;
670 }
671 if (type==LABEL_MSG2) return True;
672 if (!consttime_memeq(m->nR,st->remoteN,NONCELEN)!=0) {
673 *error="wrong remotely-generated nonce";
674 return False;
675 }
676 /* MSG3 has complicated rules about capabilities, which are
677 * handled in process_msg3. */
678 if (type==LABEL_MSG3 || type==LABEL_MSG3BIS) return True;
679 if (m->remote_capabilities!=st->remote_capabilities) {
680 *error="remote capabilities changed";
681 return False;
682 }
683 if (type==LABEL_MSG4) return True;
684 *error="unknown message type";
685 return False;
686 }
687
688 static bool_t generate_msg1(struct site *st)
689 {
690 st->random->generate(st->random->st,NONCELEN,st->localN);
691 return generate_msg(st,LABEL_MSG1,"site:MSG1");
692 }
693
694 static bool_t process_msg1(struct site *st, struct buffer_if *msg1,
695 const struct comm_addr *src, struct msg *m)
696 {
697 /* We've already determined we're in an appropriate state to
698 process an incoming MSG1, and that the MSG1 has correct values
699 of A and B. */
700
701 transport_record_peer(st,&st->setup_peers,src,"msg1");
702 st->setup_session_id=m->source;
703 st->remote_capabilities=m->remote_capabilities;
704 memcpy(st->remoteN,m->nR,NONCELEN);
705 return True;
706 }
707
708 static bool_t generate_msg2(struct site *st)
709 {
710 st->random->generate(st->random->st,NONCELEN,st->localN);
711 return generate_msg(st,LABEL_MSG2,"site:MSG2");
712 }
713
714 static bool_t process_msg2(struct site *st, struct buffer_if *msg2,
715 const struct comm_addr *src)
716 {
717 struct msg m;
718 cstring_t err;
719
720 if (!unpick_msg(st,LABEL_MSG2,msg2,&m)) return False;
721 if (!check_msg(st,LABEL_MSG2,&m,&err)) {
722 slog(st,LOG_SEC,"msg2: %s",err);
723 return False;
724 }
725 st->setup_session_id=m.source;
726 st->remote_capabilities=m.remote_capabilities;
727
728 /* Select the transform to use */
729
730 uint32_t remote_transforms = st->remote_capabilities & CAPAB_TRANSFORM_MASK;
731 if (!remote_transforms)
732 /* old secnets only had this one transform */
733 remote_transforms = 1UL << CAPAB_TRANSFORMNUM_ANCIENT;
734
735 struct transform_if *ti;
736 int i;
737 for (i=0; i<st->ntransforms; i++) {
738 ti=st->transforms[i];
739 if ((1UL << ti->capab_transformnum) & remote_transforms)
740 goto transform_found;
741 }
742 slog(st,LOG_ERROR,"no transforms in common"
743 " (us %#"PRIx32"; them: %#"PRIx32")",
744 st->local_capabilities & CAPAB_TRANSFORM_MASK,
745 remote_transforms);
746 return False;
747 transform_found:
748 st->chosen_transform=ti;
749
750 memcpy(st->remoteN,m.nR,NONCELEN);
751 return True;
752 }
753
754 static bool_t generate_msg3(struct site *st)
755 {
756 /* Now we have our nonce and their nonce. Think of a secret key,
757 and create message number 3. */
758 st->random->generate(st->random->st,st->dh->len,st->dhsecret);
759 return generate_msg(st,
760 (st->remote_capabilities & CAPAB_TRANSFORM_MASK
761 ? LABEL_MSG3BIS : LABEL_MSG3),
762 "site:MSG3");
763 }
764
765 static bool_t process_msg3_msg4(struct site *st, struct msg *m)
766 {
767 uint8_t *hash;
768 void *hst;
769
770 /* Check signature and store g^x mod m */
771 hash=safe_malloc(st->hash->len, "process_msg3_msg4");
772 hst=st->hash->init();
773 st->hash->update(hst,m->hashstart,m->hashlen);
774 st->hash->final(hst,hash);
775 /* Terminate signature with a '0' - cheating, but should be ok */
776 m->sig[m->siglen]=0;
777 if (!st->pubkey->check(st->pubkey->st,hash,st->hash->len,m->sig)) {
778 slog(st,LOG_SEC,"msg3/msg4 signature failed check!");
779 free(hash);
780 return False;
781 }
782 free(hash);
783
784 st->remote_adv_mtu=m->remote_mtu;
785
786 return True;
787 }
788
789 static bool_t process_msg3(struct site *st, struct buffer_if *msg3,
790 const struct comm_addr *src, uint32_t msgtype)
791 {
792 struct msg m;
793 cstring_t err;
794
795 assert(msgtype==LABEL_MSG3 || msgtype==LABEL_MSG3BIS);
796
797 if (!unpick_msg(st,msgtype,msg3,&m)) return False;
798 if (!check_msg(st,msgtype,&m,&err)) {
799 slog(st,LOG_SEC,"msg3: %s",err);
800 return False;
801 }
802 uint32_t capab_adv_late = m.remote_capabilities
803 & ~st->remote_capabilities & CAPAB_EARLY;
804 if (capab_adv_late) {
805 slog(st,LOG_SEC,"msg3 impermissibly adds early capability flag(s)"
806 " %#"PRIx32" (was %#"PRIx32", now %#"PRIx32")",
807 capab_adv_late, st->remote_capabilities, m.remote_capabilities);
808 return False;
809 }
810 st->remote_capabilities|=m.remote_capabilities;
811
812 struct transform_if *ti;
813 int i;
814 for (i=0; i<st->ntransforms; i++) {
815 ti=st->transforms[i];
816 if (ti->capab_transformnum == m.capab_transformnum)
817 goto transform_found;
818 }
819 slog(st,LOG_SEC,"peer chose unknown-to-us transform %d!",
820 m.capab_transformnum);
821 return False;
822 transform_found:
823 st->chosen_transform=ti;
824
825 if (!process_msg3_msg4(st,&m))
826 return False;
827
828 /* Terminate their DH public key with a '0' */
829 m.pk[m.pklen]=0;
830 /* Invent our DH secret key */
831 st->random->generate(st->random->st,st->dh->len,st->dhsecret);
832
833 /* Generate the shared key and set up the transform */
834 set_new_transform(st,m.pk);
835
836 return True;
837 }
838
839 static bool_t generate_msg4(struct site *st)
840 {
841 /* We have both nonces, their public key and our private key. Generate
842 our public key, sign it and send it to them. */
843 return generate_msg(st,LABEL_MSG4,"site:MSG4");
844 }
845
846 static bool_t process_msg4(struct site *st, struct buffer_if *msg4,
847 const struct comm_addr *src)
848 {
849 struct msg m;
850 cstring_t err;
851
852 if (!unpick_msg(st,LABEL_MSG4,msg4,&m)) return False;
853 if (!check_msg(st,LABEL_MSG4,&m,&err)) {
854 slog(st,LOG_SEC,"msg4: %s",err);
855 return False;
856 }
857
858 if (!process_msg3_msg4(st,&m))
859 return False;
860
861 /* Terminate their DH public key with a '0' */
862 m.pk[m.pklen]=0;
863
864 /* Generate the shared key and set up the transform */
865 set_new_transform(st,m.pk);
866
867 return True;
868 }
869
870 struct msg0 {
871 uint32_t dest;
872 uint32_t source;
873 uint32_t type;
874 };
875
876 static bool_t unpick_msg0(struct site *st, struct buffer_if *msg0,
877 struct msg0 *m)
878 {
879 CHECK_AVAIL(msg0,4);
880 m->dest=buf_unprepend_uint32(msg0);
881 CHECK_AVAIL(msg0,4);
882 m->source=buf_unprepend_uint32(msg0);
883 CHECK_AVAIL(msg0,4);
884 m->type=buf_unprepend_uint32(msg0);
885 return True;
886 /* Leaves transformed part of buffer untouched */
887 }
888
889 static bool_t generate_msg5(struct site *st)
890 {
891 cstring_t transform_err;
892
893 BUF_ALLOC(&st->buffer,"site:MSG5");
894 /* We are going to add four words to the message */
895 buffer_init(&st->buffer,calculate_max_start_pad());
896 /* Give the netlink code an opportunity to put its own stuff in the
897 message (configuration information, etc.) */
898 buf_prepend_uint32(&st->buffer,LABEL_MSG5);
899 if (call_transform_forwards(st,st->new_transform,
900 &st->buffer,&transform_err))
901 return False;
902 buf_prepend_uint32(&st->buffer,LABEL_MSG5);
903 buf_prepend_uint32(&st->buffer,st->index);
904 buf_prepend_uint32(&st->buffer,st->setup_session_id);
905
906 st->retries=st->setup_retries;
907 return True;
908 }
909
910 static bool_t process_msg5(struct site *st, struct buffer_if *msg5,
911 const struct comm_addr *src,
912 struct transform_inst_if *transform)
913 {
914 struct msg0 m;
915 cstring_t transform_err;
916
917 if (!unpick_msg0(st,msg5,&m)) return False;
918
919 if (call_transform_reverse(st,transform,msg5,&transform_err)) {
920 /* There's a problem */
921 slog(st,LOG_SEC,"process_msg5: transform: %s",transform_err);
922 return False;
923 }
924 /* Buffer should now contain untransformed PING packet data */
925 CHECK_AVAIL(msg5,4);
926 if (buf_unprepend_uint32(msg5)!=LABEL_MSG5) {
927 slog(st,LOG_SEC,"MSG5/PING packet contained wrong label");
928 return False;
929 }
930 /* Older versions of secnet used to write some config data here
931 * which we ignore. So we don't CHECK_EMPTY */
932 return True;
933 }
934
935 static void create_msg6(struct site *st, struct transform_inst_if *transform,
936 uint32_t session_id)
937 {
938 cstring_t transform_err;
939
940 BUF_ALLOC(&st->buffer,"site:MSG6");
941 /* We are going to add four words to the message */
942 buffer_init(&st->buffer,calculate_max_start_pad());
943 /* Give the netlink code an opportunity to put its own stuff in the
944 message (configuration information, etc.) */
945 buf_prepend_uint32(&st->buffer,LABEL_MSG6);
946 int problem = call_transform_forwards(st,transform,
947 &st->buffer,&transform_err);
948 assert(!problem);
949 buf_prepend_uint32(&st->buffer,LABEL_MSG6);
950 buf_prepend_uint32(&st->buffer,st->index);
951 buf_prepend_uint32(&st->buffer,session_id);
952 }
953
954 static bool_t generate_msg6(struct site *st)
955 {
956 if (!is_transform_valid(st->new_transform))
957 return False;
958 create_msg6(st,st->new_transform,st->setup_session_id);
959 st->retries=1; /* Peer will retransmit MSG5 if this packet gets lost */
960 return True;
961 }
962
963 static bool_t process_msg6(struct site *st, struct buffer_if *msg6,
964 const struct comm_addr *src)
965 {
966 struct msg0 m;
967 cstring_t transform_err;
968
969 if (!unpick_msg0(st,msg6,&m)) return False;
970
971 if (call_transform_reverse(st,st->new_transform,msg6,&transform_err)) {
972 /* There's a problem */
973 slog(st,LOG_SEC,"process_msg6: transform: %s",transform_err);
974 return False;
975 }
976 /* Buffer should now contain untransformed PING packet data */
977 CHECK_AVAIL(msg6,4);
978 if (buf_unprepend_uint32(msg6)!=LABEL_MSG6) {
979 slog(st,LOG_SEC,"MSG6/PONG packet contained invalid data");
980 return False;
981 }
982 /* Older versions of secnet used to write some config data here
983 * which we ignore. So we don't CHECK_EMPTY */
984 return True;
985 }
986
987 static bool_t decrypt_msg0(struct site *st, struct buffer_if *msg0,
988 const struct comm_addr *src)
989 {
990 cstring_t transform_err, auxkey_err, newkey_err="n/a";
991 struct msg0 m;
992 uint32_t problem;
993
994 if (!unpick_msg0(st,msg0,&m)) return False;
995
996 /* Keep a copy so we can try decrypting it with multiple keys */
997 buffer_copy(&st->scratch, msg0);
998
999 problem = call_transform_reverse(st,st->current.transform,
1000 msg0,&transform_err);
1001 if (!problem) {
1002 if (!st->auxiliary_is_new)
1003 delete_one_key(st,&st->auxiliary_key,
1004 "peer has used new key","auxiliary key",LOG_SEC);
1005 return True;
1006 }
1007 if (problem==2)
1008 goto skew;
1009
1010 buffer_copy(msg0, &st->scratch);
1011 problem = call_transform_reverse(st,st->auxiliary_key.transform,
1012 msg0,&auxkey_err);
1013 if (problem==0) {
1014 slog(st,LOG_DROP,"processing packet which uses auxiliary key");
1015 if (st->auxiliary_is_new) {
1016 /* We previously timed out in state SENTMSG5 but it turns
1017 * out that our peer did in fact get our MSG5 and is
1018 * using the new key. So we should switch to it too. */
1019 /* This is a bit like activate_new_key. */
1020 struct data_key t;
1021 t=st->current;
1022 st->current=st->auxiliary_key;
1023 st->auxiliary_key=t;
1024
1025 delete_one_key(st,&st->auxiliary_key,"peer has used new key",
1026 "previous key",LOG_SEC);
1027 st->auxiliary_is_new=0;
1028 st->renegotiate_key_time=st->auxiliary_renegotiate_key_time;
1029 }
1030 return True;
1031 }
1032 if (problem==2)
1033 goto skew;
1034
1035 if (st->state==SITE_SENTMSG5) {
1036 buffer_copy(msg0, &st->scratch);
1037 problem = call_transform_reverse(st,st->new_transform,
1038 msg0,&newkey_err);
1039 if (!problem) {
1040 /* It looks like we didn't get the peer's MSG6 */
1041 /* This is like a cut-down enter_new_state(SITE_RUN) */
1042 slog(st,LOG_STATE,"will enter state RUN (MSG0 with new key)");
1043 BUF_FREE(&st->buffer);
1044 st->timeout=0;
1045 activate_new_key(st);
1046 return True; /* do process the data in this packet */
1047 }
1048 if (problem==2)
1049 goto skew;
1050 }
1051
1052 slog(st,LOG_SEC,"transform: %s (aux: %s, new: %s)",
1053 transform_err,auxkey_err,newkey_err);
1054 initiate_key_setup(st,"incoming message would not decrypt",0);
1055 send_nak(src,m.dest,m.source,m.type,msg0,"message would not decrypt");
1056 return False;
1057
1058 skew:
1059 slog(st,LOG_DROP,"transform: %s (merely skew)",transform_err);
1060 return False;
1061 }
1062
1063 static bool_t process_msg0(struct site *st, struct buffer_if *msg0,
1064 const struct comm_addr *src)
1065 {
1066 uint32_t type;
1067
1068 if (!decrypt_msg0(st,msg0,src))
1069 return False;
1070
1071 CHECK_AVAIL(msg0,4);
1072 type=buf_unprepend_uint32(msg0);
1073 switch(type) {
1074 case LABEL_MSG7:
1075 /* We must forget about the current session. */
1076 delete_keys(st,"request from peer",LOG_SEC);
1077 return True;
1078 case LABEL_MSG9:
1079 /* Deliver to netlink layer */
1080 st->netlink->deliver(st->netlink->st,msg0);
1081 transport_data_msgok(st,src);
1082 /* See whether we should start negotiating a new key */
1083 if (st->now > st->renegotiate_key_time)
1084 initiate_key_setup(st,"incoming packet in renegotiation window",0);
1085 return True;
1086 default:
1087 slog(st,LOG_SEC,"incoming encrypted message of type %08x "
1088 "(unknown)",type);
1089 break;
1090 }
1091 return False;
1092 }
1093
1094 static void dump_packet(struct site *st, struct buffer_if *buf,
1095 const struct comm_addr *addr, bool_t incoming)
1096 {
1097 uint32_t dest=get_uint32(buf->start);
1098 uint32_t source=get_uint32(buf->start+4);
1099 uint32_t msgtype=get_uint32(buf->start+8);
1100
1101 if (st->log_events & LOG_DUMP)
1102 slilog(st->log,M_DEBUG,"%s: %s: %08x<-%08x: %08x:",
1103 st->tunname,incoming?"incoming":"outgoing",
1104 dest,source,msgtype);
1105 }
1106
1107 static uint32_t site_status(void *st)
1108 {
1109 return 0;
1110 }
1111
1112 static bool_t send_msg(struct site *st)
1113 {
1114 if (st->retries>0) {
1115 transport_xmit(st, &st->setup_peers, &st->buffer, True);
1116 st->timeout=st->now+st->setup_retry_interval;
1117 st->retries--;
1118 return True;
1119 } else if (st->state==SITE_SENTMSG5) {
1120 logtimeout(st,"timed out sending MSG5, stashing new key");
1121 /* We stash the key we have produced, in case it turns out that
1122 * our peer did see our MSG5 after all and starts using it. */
1123 /* This is a bit like some of activate_new_key */
1124 struct transform_inst_if *t;
1125 t=st->auxiliary_key.transform;
1126 st->auxiliary_key.transform=st->new_transform;
1127 st->new_transform=t;
1128 dispose_transform(&st->new_transform);
1129
1130 st->auxiliary_is_new=1;
1131 st->auxiliary_key.key_timeout=st->now+st->key_lifetime;
1132 st->auxiliary_renegotiate_key_time=st->now+st->key_renegotiate_time;
1133 st->auxiliary_key.remote_session_id=st->setup_session_id;
1134
1135 enter_state_wait(st);
1136 return False;
1137 } else {
1138 logtimeout(st,"timed out sending key setup packet "
1139 "(in state %s)",state_name(st->state));
1140 enter_state_wait(st);
1141 return False;
1142 }
1143 }
1144
1145 static void site_resolve_callback(void *sst, struct in_addr *address)
1146 {
1147 struct site *st=sst;
1148 struct comm_addr ca_buf, *ca_use;
1149
1150 if (st->state!=SITE_RESOLVE) {
1151 slog(st,LOG_UNEXPECTED,"site_resolve_callback called unexpectedly");
1152 return;
1153 }
1154 if (address) {
1155 FILLZERO(ca_buf);
1156 ca_buf.comm=st->comms[0];
1157 ca_buf.sin.sin_family=AF_INET;
1158 ca_buf.sin.sin_port=htons(st->remoteport);
1159 ca_buf.sin.sin_addr=*address;
1160 ca_use=&ca_buf;
1161 } else {
1162 slog(st,LOG_ERROR,"resolution of %s failed",st->address);
1163 ca_use=0;
1164 }
1165 if (transport_compute_setupinit_peers(st,ca_use,0)) {
1166 enter_new_state(st,SITE_SENTMSG1);
1167 } else {
1168 /* Can't figure out who to try to to talk to */
1169 slog(st,LOG_SETUP_INIT,"key exchange failed: cannot find peer address");
1170 enter_state_run(st);
1171 }
1172 }
1173
1174 static bool_t initiate_key_setup(struct site *st, cstring_t reason,
1175 const struct comm_addr *prod_hint)
1176 {
1177 /* Reentrancy hazard: can call enter_new_state/enter_state_* */
1178 if (st->state!=SITE_RUN) return False;
1179 slog(st,LOG_SETUP_INIT,"initiating key exchange (%s)",reason);
1180 if (st->address) {
1181 slog(st,LOG_SETUP_INIT,"resolving peer address");
1182 return enter_state_resolve(st);
1183 } else if (transport_compute_setupinit_peers(st,0,prod_hint)) {
1184 return enter_new_state(st,SITE_SENTMSG1);
1185 }
1186 slog(st,LOG_SETUP_INIT,"key exchange failed: no address for peer");
1187 return False;
1188 }
1189
1190 static void activate_new_key(struct site *st)
1191 {
1192 struct transform_inst_if *t;
1193
1194 /* We have three transform instances, which we swap between old,
1195 active and setup */
1196 t=st->auxiliary_key.transform;
1197 st->auxiliary_key.transform=st->current.transform;
1198 st->current.transform=st->new_transform;
1199 st->new_transform=t;
1200 dispose_transform(&st->new_transform);
1201
1202 st->timeout=0;
1203 st->auxiliary_is_new=0;
1204 st->auxiliary_key.key_timeout=st->current.key_timeout;
1205 st->current.key_timeout=st->now+st->key_lifetime;
1206 st->renegotiate_key_time=st->now+st->key_renegotiate_time;
1207 transport_peers_copy(st,&st->peers,&st->setup_peers);
1208 st->current.remote_session_id=st->setup_session_id;
1209
1210 /* Compute the inter-site MTU. This is min( our_mtu, their_mtu ).
1211 * But their mtu be unspecified, in which case we just use ours. */
1212 uint32_t intersite_mtu=
1213 MIN(st->mtu_target, st->remote_adv_mtu ?: ~(uint32_t)0);
1214 st->netlink->set_mtu(st->netlink->st,intersite_mtu);
1215
1216 slog(st,LOG_ACTIVATE_KEY,"new key activated"
1217 " (mtu ours=%"PRId32" theirs=%"PRId32" intersite=%"PRId32")",
1218 st->mtu_target, st->remote_adv_mtu, intersite_mtu);
1219 enter_state_run(st);
1220 }
1221
1222 static void delete_one_key(struct site *st, struct data_key *key,
1223 cstring_t reason, cstring_t which, uint32_t loglevel)
1224 {
1225 if (!is_transform_valid(key->transform)) return;
1226 if (reason) slog(st,loglevel,"%s deleted (%s)",which,reason);
1227 dispose_transform(&key->transform);
1228 key->key_timeout=0;
1229 }
1230
1231 static void delete_keys(struct site *st, cstring_t reason, uint32_t loglevel)
1232 {
1233 if (current_valid(st)) {
1234 slog(st,loglevel,"session closed (%s)",reason);
1235
1236 delete_one_key(st,&st->current,0,0,0);
1237 set_link_quality(st);
1238 }
1239 delete_one_key(st,&st->auxiliary_key,0,0,0);
1240 }
1241
1242 static void state_assert(struct site *st, bool_t ok)
1243 {
1244 if (!ok) fatal("site:state_assert");
1245 }
1246
1247 static void enter_state_stop(struct site *st)
1248 {
1249 st->state=SITE_STOP;
1250 st->timeout=0;
1251 delete_keys(st,"entering state STOP",LOG_TIMEOUT_KEY);
1252 dispose_transform(&st->new_transform);
1253 }
1254
1255 static void set_link_quality(struct site *st)
1256 {
1257 uint32_t quality;
1258 if (current_valid(st))
1259 quality=LINK_QUALITY_UP;
1260 else if (st->state==SITE_WAIT || st->state==SITE_STOP)
1261 quality=LINK_QUALITY_DOWN;
1262 else if (st->address)
1263 quality=LINK_QUALITY_DOWN_CURRENT_ADDRESS;
1264 else if (transport_peers_valid(&st->peers))
1265 quality=LINK_QUALITY_DOWN_STALE_ADDRESS;
1266 else
1267 quality=LINK_QUALITY_DOWN;
1268
1269 st->netlink->set_quality(st->netlink->st,quality);
1270 }
1271
1272 static void enter_state_run(struct site *st)
1273 {
1274 slog(st,LOG_STATE,"entering state RUN");
1275 st->state=SITE_RUN;
1276 st->timeout=0;
1277
1278 st->setup_session_id=0;
1279 transport_peers_clear(st,&st->setup_peers);
1280 memset(st->localN,0,NONCELEN);
1281 memset(st->remoteN,0,NONCELEN);
1282 dispose_transform(&st->new_transform);
1283 memset(st->dhsecret,0,st->dh->len);
1284 memset(st->sharedsecret,0,st->sharedsecretlen);
1285 set_link_quality(st);
1286 }
1287
1288 static bool_t enter_state_resolve(struct site *st)
1289 {
1290 /* Reentrancy hazard! See ensure_resolving. */
1291 state_assert(st,st->state==SITE_RUN);
1292 slog(st,LOG_STATE,"entering state RESOLVE");
1293 st->state=SITE_RESOLVE;
1294 st->resolver->request(st->resolver->st,st->address,
1295 site_resolve_callback,st);
1296 return True;
1297 }
1298
1299 static bool_t enter_new_state(struct site *st, uint32_t next)
1300 {
1301 bool_t (*gen)(struct site *st);
1302 int r;
1303
1304 slog(st,LOG_STATE,"entering state %s",state_name(next));
1305 switch(next) {
1306 case SITE_SENTMSG1:
1307 state_assert(st,st->state==SITE_RUN || st->state==SITE_RESOLVE);
1308 gen=generate_msg1;
1309 break;
1310 case SITE_SENTMSG2:
1311 state_assert(st,st->state==SITE_RUN || st->state==SITE_RESOLVE ||
1312 st->state==SITE_SENTMSG1 || st->state==SITE_WAIT);
1313 gen=generate_msg2;
1314 break;
1315 case SITE_SENTMSG3:
1316 state_assert(st,st->state==SITE_SENTMSG1);
1317 BUF_FREE(&st->buffer);
1318 gen=generate_msg3;
1319 break;
1320 case SITE_SENTMSG4:
1321 state_assert(st,st->state==SITE_SENTMSG2);
1322 BUF_FREE(&st->buffer);
1323 gen=generate_msg4;
1324 break;
1325 case SITE_SENTMSG5:
1326 state_assert(st,st->state==SITE_SENTMSG3);
1327 BUF_FREE(&st->buffer);
1328 gen=generate_msg5;
1329 break;
1330 case SITE_RUN:
1331 state_assert(st,st->state==SITE_SENTMSG4);
1332 BUF_FREE(&st->buffer);
1333 gen=generate_msg6;
1334 break;
1335 default:
1336 gen=NULL;
1337 fatal("enter_new_state(%s): invalid new state",state_name(next));
1338 break;
1339 }
1340
1341 if (hacky_par_start_failnow()) return False;
1342
1343 r= gen(st) && send_msg(st);
1344
1345 hacky_par_end(&r,
1346 st->setup_retries, st->setup_retry_interval,
1347 send_msg, st);
1348
1349 if (r) {
1350 st->state=next;
1351 if (next==SITE_RUN) {
1352 BUF_FREE(&st->buffer); /* Never reused */
1353 st->timeout=0; /* Never retransmit */
1354 activate_new_key(st);
1355 }
1356 return True;
1357 }
1358 slog(st,LOG_ERROR,"error entering state %s",state_name(next));
1359 st->buffer.free=False; /* Unconditionally use the buffer; it may be
1360 in either state, and enter_state_wait() will
1361 do a BUF_FREE() */
1362 enter_state_wait(st);
1363 return False;
1364 }
1365
1366 /* msg7 tells our peer that we're about to forget our key */
1367 static bool_t send_msg7(struct site *st, cstring_t reason)
1368 {
1369 cstring_t transform_err;
1370
1371 if (current_valid(st) && st->buffer.free
1372 && transport_peers_valid(&st->peers)) {
1373 BUF_ALLOC(&st->buffer,"site:MSG7");
1374 buffer_init(&st->buffer,calculate_max_start_pad());
1375 buf_append_uint32(&st->buffer,LABEL_MSG7);
1376 buf_append_string(&st->buffer,reason);
1377 if (call_transform_forwards(st, st->current.transform,
1378 &st->buffer, &transform_err))
1379 goto free_out;
1380 buf_prepend_uint32(&st->buffer,LABEL_MSG0);
1381 buf_prepend_uint32(&st->buffer,st->index);
1382 buf_prepend_uint32(&st->buffer,st->current.remote_session_id);
1383 transport_xmit(st,&st->peers,&st->buffer,True);
1384 BUF_FREE(&st->buffer);
1385 free_out:
1386 return True;
1387 }
1388 return False;
1389 }
1390
1391 /* We go into this state if our peer becomes uncommunicative. Similar to
1392 the "stop" state, we forget all session keys for a while, before
1393 re-entering the "run" state. */
1394 static void enter_state_wait(struct site *st)
1395 {
1396 slog(st,LOG_STATE,"entering state WAIT");
1397 st->timeout=st->now+st->wait_timeout;
1398 st->state=SITE_WAIT;
1399 set_link_quality(st);
1400 BUF_FREE(&st->buffer); /* will have had an outgoing packet in it */
1401 /* XXX Erase keys etc. */
1402 }
1403
1404 static void generate_prod(struct site *st, struct buffer_if *buf)
1405 {
1406 buffer_init(buf,0);
1407 buf_append_uint32(buf,0);
1408 buf_append_uint32(buf,0);
1409 buf_append_uint32(buf,LABEL_PROD);
1410 buf_append_string(buf,st->localname);
1411 buf_append_string(buf,st->remotename);
1412 }
1413
1414 static void generate_send_prod(struct site *st,
1415 const struct comm_addr *source)
1416 {
1417 if (!st->allow_send_prod) return; /* too soon */
1418 if (!(st->state==SITE_RUN || st->state==SITE_RESOLVE ||
1419 st->state==SITE_WAIT)) return; /* we'd ignore peer's MSG1 */
1420
1421 slog(st,LOG_SETUP_INIT,"prodding peer for key exchange");
1422 st->allow_send_prod=0;
1423 generate_prod(st,&st->scratch);
1424 dump_packet(st,&st->scratch,source,False);
1425 source->comm->sendmsg(source->comm->st, &st->scratch, source);
1426 }
1427
1428 static inline void site_settimeout(uint64_t timeout, int *timeout_io)
1429 {
1430 if (timeout) {
1431 int64_t offset=timeout-*now;
1432 if (offset<0) offset=0;
1433 if (offset>INT_MAX) offset=INT_MAX;
1434 if (*timeout_io<0 || offset<*timeout_io)
1435 *timeout_io=offset;
1436 }
1437 }
1438
1439 static int site_beforepoll(void *sst, struct pollfd *fds, int *nfds_io,
1440 int *timeout_io)
1441 {
1442 struct site *st=sst;
1443
1444 *nfds_io=0; /* We don't use any file descriptors */
1445 st->now=*now;
1446
1447 /* Work out when our next timeout is. The earlier of 'timeout' or
1448 'current.key_timeout'. A stored value of '0' indicates no timeout
1449 active. */
1450 site_settimeout(st->timeout, timeout_io);
1451 site_settimeout(st->current.key_timeout, timeout_io);
1452 site_settimeout(st->auxiliary_key.key_timeout, timeout_io);
1453
1454 return 0; /* success */
1455 }
1456
1457 static void check_expiry(struct site *st, struct data_key *key,
1458 const char *which)
1459 {
1460 if (key->key_timeout && *now>key->key_timeout) {
1461 delete_one_key(st,key,"maximum life exceeded",which,LOG_TIMEOUT_KEY);
1462 }
1463 }
1464
1465 /* NB site_afterpoll will be called before site_beforepoll is ever called */
1466 static void site_afterpoll(void *sst, struct pollfd *fds, int nfds)
1467 {
1468 struct site *st=sst;
1469
1470 st->now=*now;
1471 if (st->timeout && *now>st->timeout) {
1472 st->timeout=0;
1473 if (st->state>=SITE_SENTMSG1 && st->state<=SITE_SENTMSG5) {
1474 if (!hacky_par_start_failnow())
1475 send_msg(st);
1476 } else if (st->state==SITE_WAIT) {
1477 enter_state_run(st);
1478 } else {
1479 slog(st,LOG_ERROR,"site_afterpoll: unexpected timeout, state=%d",
1480 st->state);
1481 }
1482 }
1483 check_expiry(st,&st->current,"current key");
1484 check_expiry(st,&st->auxiliary_key,"auxiliary key");
1485 }
1486
1487 /* This function is called by the netlink device to deliver packets
1488 intended for the remote network. The packet is in "raw" wire
1489 format, but is guaranteed to be word-aligned. */
1490 static void site_outgoing(void *sst, struct buffer_if *buf)
1491 {
1492 struct site *st=sst;
1493 cstring_t transform_err;
1494
1495 if (st->state==SITE_STOP) {
1496 BUF_FREE(buf);
1497 return;
1498 }
1499
1500 st->allow_send_prod=1;
1501
1502 /* In all other states we consider delivering the packet if we have
1503 a valid key and a valid address to send it to. */
1504 if (current_valid(st) && transport_peers_valid(&st->peers)) {
1505 /* Transform it and send it */
1506 if (buf->size>0) {
1507 buf_prepend_uint32(buf,LABEL_MSG9);
1508 if (call_transform_forwards(st, st->current.transform,
1509 buf, &transform_err))
1510 goto free_out;
1511 buf_prepend_uint32(buf,LABEL_MSG0);
1512 buf_prepend_uint32(buf,st->index);
1513 buf_prepend_uint32(buf,st->current.remote_session_id);
1514 transport_xmit(st,&st->peers,buf,False);
1515 }
1516 free_out:
1517 BUF_FREE(buf);
1518 return;
1519 }
1520
1521 slog(st,LOG_DROP,"discarding outgoing packet of size %d",buf->size);
1522 BUF_FREE(buf);
1523 initiate_key_setup(st,"outgoing packet",0);
1524 }
1525
1526 static bool_t named_for_us(struct site *st, const struct buffer_if *buf_in,
1527 uint32_t type, struct msg *m)
1528 /* For packets which are identified by the local and remote names.
1529 * If it has our name and our peer's name in it it's for us. */
1530 {
1531 struct buffer_if buf[1];
1532 buffer_readonly_clone(buf,buf_in);
1533 return unpick_msg(st,type,buf,m)
1534 && name_matches(&m->remote,st->remotename)
1535 && name_matches(&m->local,st->localname);
1536 }
1537
1538 /* This function is called by the communication device to deliver
1539 packets from our peers.
1540 It should return True if the packet is recognised as being for
1541 this current site instance (and should therefore not be processed
1542 by other sites), even if the packet was otherwise ignored. */
1543 static bool_t site_incoming(void *sst, struct buffer_if *buf,
1544 const struct comm_addr *source)
1545 {
1546 struct site *st=sst;
1547
1548 if (buf->size < 12) return False;
1549
1550 uint32_t dest=get_uint32(buf->start);
1551 uint32_t msgtype=get_uint32(buf->start+8);
1552 struct msg named_msg;
1553
1554 if (msgtype==LABEL_MSG1) {
1555 if (!named_for_us(st,buf,msgtype,&named_msg))
1556 return False;
1557 /* It's a MSG1 addressed to us. Decide what to do about it. */
1558 dump_packet(st,buf,source,True);
1559 if (st->state==SITE_RUN || st->state==SITE_RESOLVE ||
1560 st->state==SITE_WAIT) {
1561 /* We should definitely process it */
1562 if (process_msg1(st,buf,source,&named_msg)) {
1563 slog(st,LOG_SETUP_INIT,"key setup initiated by peer");
1564 enter_new_state(st,SITE_SENTMSG2);
1565 } else {
1566 slog(st,LOG_ERROR,"failed to process incoming msg1");
1567 }
1568 BUF_FREE(buf);
1569 return True;
1570 } else if (st->state==SITE_SENTMSG1) {
1571 /* We've just sent a message 1! They may have crossed on
1572 the wire. If we have priority then we ignore the
1573 incoming one, otherwise we process it as usual. */
1574 if (st->setup_priority) {
1575 BUF_FREE(buf);
1576 slog(st,LOG_DUMP,"crossed msg1s; we are higher "
1577 "priority => ignore incoming msg1");
1578 return True;
1579 } else {
1580 slog(st,LOG_DUMP,"crossed msg1s; we are lower "
1581 "priority => use incoming msg1");
1582 if (process_msg1(st,buf,source,&named_msg)) {
1583 BUF_FREE(&st->buffer); /* Free our old message 1 */
1584 enter_new_state(st,SITE_SENTMSG2);
1585 } else {
1586 slog(st,LOG_ERROR,"failed to process an incoming "
1587 "crossed msg1 (we have low priority)");
1588 }
1589 BUF_FREE(buf);
1590 return True;
1591 }
1592 }
1593 /* The message 1 was received at an unexpected stage of the
1594 key setup. XXX POLICY - what do we do? */
1595 slog(st,LOG_UNEXPECTED,"unexpected incoming message 1");
1596 BUF_FREE(buf);
1597 return True;
1598 }
1599 if (msgtype==LABEL_PROD) {
1600 if (!named_for_us(st,buf,msgtype,&named_msg))
1601 return False;
1602 dump_packet(st,buf,source,True);
1603 if (st->state!=SITE_RUN) {
1604 slog(st,LOG_DROP,"ignoring PROD when not in state RUN");
1605 } else if (current_valid(st)) {
1606 slog(st,LOG_DROP,"ignoring PROD when we think we have a key");
1607 } else {
1608 initiate_key_setup(st,"peer sent PROD packet",source);
1609 }
1610 BUF_FREE(buf);
1611 return True;
1612 }
1613 if (dest==st->index) {
1614 /* Explicitly addressed to us */
1615 if (msgtype!=LABEL_MSG0) dump_packet(st,buf,source,True);
1616 switch (msgtype) {
1617 case LABEL_NAK:
1618 /* If the source is our current peer then initiate a key setup,
1619 because our peer's forgotten the key */
1620 if (get_uint32(buf->start+4)==st->current.remote_session_id) {
1621 bool_t initiated;
1622 initiated = initiate_key_setup(st,"received a NAK",0);
1623 if (!initiated) generate_send_prod(st,source);
1624 } else {
1625 slog(st,LOG_SEC,"bad incoming NAK");
1626 }
1627 break;
1628 case LABEL_MSG0:
1629 process_msg0(st,buf,source);
1630 break;
1631 case LABEL_MSG1:
1632 /* Setup packet: should not have been explicitly addressed
1633 to us */
1634 slog(st,LOG_SEC,"incoming explicitly addressed msg1");
1635 break;
1636 case LABEL_MSG2:
1637 /* Setup packet: expected only in state SENTMSG1 */
1638 if (st->state!=SITE_SENTMSG1) {
1639 slog(st,LOG_UNEXPECTED,"unexpected MSG2");
1640 } else if (process_msg2(st,buf,source)) {
1641 transport_setup_msgok(st,source);
1642 enter_new_state(st,SITE_SENTMSG3);
1643 } else {
1644 slog(st,LOG_SEC,"invalid MSG2");
1645 }
1646 break;
1647 case LABEL_MSG3:
1648 case LABEL_MSG3BIS:
1649 /* Setup packet: expected only in state SENTMSG2 */
1650 if (st->state!=SITE_SENTMSG2) {
1651 slog(st,LOG_UNEXPECTED,"unexpected MSG3");
1652 } else if (process_msg3(st,buf,source,msgtype)) {
1653 transport_setup_msgok(st,source);
1654 enter_new_state(st,SITE_SENTMSG4);
1655 } else {
1656 slog(st,LOG_SEC,"invalid MSG3");
1657 }
1658 break;
1659 case LABEL_MSG4:
1660 /* Setup packet: expected only in state SENTMSG3 */
1661 if (st->state!=SITE_SENTMSG3) {
1662 slog(st,LOG_UNEXPECTED,"unexpected MSG4");
1663 } else if (process_msg4(st,buf,source)) {
1664 transport_setup_msgok(st,source);
1665 enter_new_state(st,SITE_SENTMSG5);
1666 } else {
1667 slog(st,LOG_SEC,"invalid MSG4");
1668 }
1669 break;
1670 case LABEL_MSG5:
1671 /* Setup packet: expected only in state SENTMSG4 */
1672 /* (may turn up in state RUN if our return MSG6 was lost
1673 and the new key has already been activated. In that
1674 case we discard it. The peer will realise that we
1675 are using the new key when they see our data packets.
1676 Until then the peer's data packets to us get discarded. */
1677 if (st->state==SITE_SENTMSG4) {
1678 if (process_msg5(st,buf,source,st->new_transform)) {
1679 transport_setup_msgok(st,source);
1680 enter_new_state(st,SITE_RUN);
1681 } else {
1682 slog(st,LOG_SEC,"invalid MSG5");
1683 }
1684 } else if (st->state==SITE_RUN) {
1685 if (process_msg5(st,buf,source,st->current.transform)) {
1686 slog(st,LOG_DROP,"got MSG5, retransmitting MSG6");
1687 transport_setup_msgok(st,source);
1688 create_msg6(st,st->current.transform,
1689 st->current.remote_session_id);
1690 transport_xmit(st,&st->peers,&st->buffer,True);
1691 BUF_FREE(&st->buffer);
1692 } else {
1693 slog(st,LOG_SEC,"invalid MSG5 (in state RUN)");
1694 }
1695 } else {
1696 slog(st,LOG_UNEXPECTED,"unexpected MSG5");
1697 }
1698 break;
1699 case LABEL_MSG6:
1700 /* Setup packet: expected only in state SENTMSG5 */
1701 if (st->state!=SITE_SENTMSG5) {
1702 slog(st,LOG_UNEXPECTED,"unexpected MSG6");
1703 } else if (process_msg6(st,buf,source)) {
1704 BUF_FREE(&st->buffer); /* Free message 5 */
1705 transport_setup_msgok(st,source);
1706 activate_new_key(st);
1707 } else {
1708 slog(st,LOG_SEC,"invalid MSG6");
1709 }
1710 break;
1711 default:
1712 slog(st,LOG_SEC,"received message of unknown type 0x%08x",
1713 msgtype);
1714 break;
1715 }
1716 BUF_FREE(buf);
1717 return True;
1718 }
1719
1720 return False;
1721 }
1722
1723 static void site_control(void *vst, bool_t run)
1724 {
1725 struct site *st=vst;
1726 if (run) enter_state_run(st);
1727 else enter_state_stop(st);
1728 }
1729
1730 static void site_phase_hook(void *sst, uint32_t newphase)
1731 {
1732 struct site *st=sst;
1733
1734 /* The program is shutting down; tell our peer */
1735 send_msg7(st,"shutting down");
1736 }
1737
1738 static list_t *site_apply(closure_t *self, struct cloc loc, dict_t *context,
1739 list_t *args)
1740 {
1741 static uint32_t index_sequence;
1742 struct site *st;
1743 item_t *item;
1744 dict_t *dict;
1745 int i;
1746
1747 st=safe_malloc(sizeof(*st),"site_apply");
1748
1749 st->cl.description="site";
1750 st->cl.type=CL_SITE;
1751 st->cl.apply=NULL;
1752 st->cl.interface=&st->ops;
1753 st->ops.st=st;
1754 st->ops.control=site_control;
1755 st->ops.status=site_status;
1756
1757 /* First parameter must be a dict */
1758 item=list_elem(args,0);
1759 if (!item || item->type!=t_dict)
1760 cfgfatal(loc,"site","parameter must be a dictionary\n");
1761
1762 dict=item->data.dict;
1763 st->localname=dict_read_string(dict, "local-name", True, "site", loc);
1764 st->remotename=dict_read_string(dict, "name", True, "site", loc);
1765
1766 st->peer_mobile=dict_read_bool(dict,"mobile",False,"site",loc,False);
1767 bool_t local_mobile=
1768 dict_read_bool(dict,"local-mobile",False,"site",loc,False);
1769
1770 /* Sanity check (which also allows the 'sites' file to include
1771 site() closures for all sites including our own): refuse to
1772 talk to ourselves */
1773 if (strcmp(st->localname,st->remotename)==0) {
1774 Message(M_DEBUG,"site %s: local-name==name -> ignoring this site\n",
1775 st->localname);
1776 if (st->peer_mobile != local_mobile)
1777 cfgfatal(loc,"site","site %s's peer-mobile=%d"
1778 " but our local-mobile=%d\n",
1779 st->localname, st->peer_mobile, local_mobile);
1780 free(st);
1781 return NULL;
1782 }
1783 if (st->peer_mobile && local_mobile) {
1784 Message(M_WARNING,"site %s: site is mobile but so are we"
1785 " -> ignoring this site\n", st->remotename);
1786 free(st);
1787 return NULL;
1788 }
1789
1790 assert(index_sequence < 0xffffffffUL);
1791 st->index = ++index_sequence;
1792 st->local_capabilities = 0;
1793 st->netlink=find_cl_if(dict,"link",CL_NETLINK,True,"site",loc);
1794
1795 #define GET_CLOSURE_LIST(dictkey,things,nthings,CL_TYPE) do{ \
1796 list_t *things##_cfg=dict_lookup(dict,dictkey); \
1797 if (!things##_cfg) \
1798 cfgfatal(loc,"site","closure list \"%s\" not found\n",dictkey); \
1799 st->nthings=list_length(things##_cfg); \
1800 st->things=safe_malloc_ary(sizeof(*st->things),st->nthings,dictkey "s"); \
1801 assert(st->nthings); \
1802 for (i=0; i<st->nthings; i++) { \
1803 item_t *item=list_elem(things##_cfg,i); \
1804 if (item->type!=t_closure) \
1805 cfgfatal(loc,"site","%s is not a closure\n",dictkey); \
1806 closure_t *cl=item->data.closure; \
1807 if (cl->type!=CL_TYPE) \
1808 cfgfatal(loc,"site","%s closure wrong type\n",dictkey); \
1809 st->things[i]=cl->interface; \
1810 } \
1811 }while(0)
1812
1813 GET_CLOSURE_LIST("comm",comms,ncomms,CL_COMM);
1814
1815 st->resolver=find_cl_if(dict,"resolver",CL_RESOLVER,True,"site",loc);
1816 st->log=find_cl_if(dict,"log",CL_LOG,True,"site",loc);
1817 st->random=find_cl_if(dict,"random",CL_RANDOMSRC,True,"site",loc);
1818
1819 st->privkey=find_cl_if(dict,"local-key",CL_RSAPRIVKEY,True,"site",loc);
1820 st->address=dict_read_string(dict, "address", False, "site", loc);
1821 if (st->address)
1822 st->remoteport=dict_read_number(dict,"port",True,"site",loc,0);
1823 else st->remoteport=0;
1824 st->pubkey=find_cl_if(dict,"key",CL_RSAPUBKEY,True,"site",loc);
1825
1826 GET_CLOSURE_LIST("transform",transforms,ntransforms,CL_TRANSFORM);
1827
1828 st->dh=find_cl_if(dict,"dh",CL_DH,True,"site",loc);
1829 st->hash=find_cl_if(dict,"hash",CL_HASH,True,"site",loc);
1830
1831 #define DEFAULT(D) (st->peer_mobile || local_mobile \
1832 ? DEFAULT_MOBILE_##D : DEFAULT_##D)
1833 #define CFG_NUMBER(k,D) dict_read_number(dict,(k),False,"site",loc,DEFAULT(D));
1834
1835 st->key_lifetime= CFG_NUMBER("key-lifetime", KEY_LIFETIME);
1836 st->setup_retries= CFG_NUMBER("setup-retries", SETUP_RETRIES);
1837 st->setup_retry_interval= CFG_NUMBER("setup-timeout", SETUP_RETRY_INTERVAL);
1838 st->wait_timeout= CFG_NUMBER("wait-time", WAIT_TIME);
1839 st->mtu_target= dict_read_number(dict,"mtu-target",False,"site",loc,0);
1840
1841 st->mobile_peer_expiry= dict_read_number(
1842 dict,"mobile-peer-expiry",False,"site",loc,DEFAULT_MOBILE_PEER_EXPIRY);
1843
1844 st->transport_peers_max= !st->peer_mobile ? 1 : dict_read_number(
1845 dict,"mobile-peers-max",False,"site",loc,DEFAULT_MOBILE_PEERS_MAX);
1846 if (st->transport_peers_max<1 ||
1847 st->transport_peers_max>=MAX_MOBILE_PEERS_MAX) {
1848 cfgfatal(loc,"site","mobile-peers-max must be in range 1.."
1849 STRING(MAX_MOBILE_PEERS_MAX) "\n");
1850 }
1851
1852 if (st->key_lifetime < DEFAULT(KEY_RENEGOTIATE_GAP)*2)
1853 st->key_renegotiate_time=st->key_lifetime/2;
1854 else
1855 st->key_renegotiate_time=st->key_lifetime-DEFAULT(KEY_RENEGOTIATE_GAP);
1856 st->key_renegotiate_time=dict_read_number(
1857 dict,"renegotiate-time",False,"site",loc,st->key_renegotiate_time);
1858 if (st->key_renegotiate_time > st->key_lifetime) {
1859 cfgfatal(loc,"site",
1860 "renegotiate-time must be less than key-lifetime\n");
1861 }
1862
1863 st->log_events=string_list_to_word(dict_lookup(dict,"log-events"),
1864 log_event_table,"site");
1865
1866 st->allow_send_prod=0;
1867
1868 st->tunname=safe_malloc(strlen(st->localname)+strlen(st->remotename)+5,
1869 "site_apply");
1870 sprintf(st->tunname,"%s<->%s",st->localname,st->remotename);
1871
1872 /* The information we expect to see in incoming messages of type 1 */
1873 /* fixme: lots of unchecked overflows here, but the results are only
1874 corrupted packets rather than undefined behaviour */
1875 st->setup_priority=(strcmp(st->localname,st->remotename)>0);
1876
1877 buffer_new(&st->buffer,SETUP_BUFFER_LEN);
1878
1879 buffer_new(&st->scratch,SETUP_BUFFER_LEN);
1880 BUF_ALLOC(&st->scratch,"site:scratch");
1881
1882 /* We are interested in poll(), but only for timeouts. We don't have
1883 any fds of our own. */
1884 register_for_poll(st, site_beforepoll, site_afterpoll, 0, "site");
1885 st->timeout=0;
1886
1887 st->remote_capabilities=0;
1888 st->chosen_transform=0;
1889 st->current.key_timeout=0;
1890 st->auxiliary_key.key_timeout=0;
1891 transport_peers_clear(st,&st->peers);
1892 transport_peers_clear(st,&st->setup_peers);
1893 /* XXX mlock these */
1894 st->dhsecret=safe_malloc(st->dh->len,"site:dhsecret");
1895 st->sharedsecretlen=st->sharedsecretallocd=0;
1896 st->sharedsecret=0;
1897
1898 for (i=0; i<st->ntransforms; i++) {
1899 struct transform_if *ti=st->transforms[i];
1900 uint32_t capbit = 1UL << ti->capab_transformnum;
1901 if (st->local_capabilities & capbit)
1902 slog(st,LOG_ERROR,"transformnum capability bit"
1903 " %d (%#"PRIx32") reused", ti->capab_transformnum, capbit);
1904 st->local_capabilities |= capbit;
1905 }
1906
1907 /* We need to register the remote networks with the netlink device */
1908 uint32_t netlink_mtu; /* local virtual interface mtu */
1909 st->netlink->reg(st->netlink->st, site_outgoing, st, &netlink_mtu);
1910 if (!st->mtu_target)
1911 st->mtu_target=netlink_mtu;
1912
1913 for (i=0; i<st->ncomms; i++)
1914 st->comms[i]->request_notify(st->comms[i]->st, st, site_incoming);
1915
1916 st->current.transform=0;
1917 st->auxiliary_key.transform=0;
1918 st->new_transform=0;
1919 st->auxiliary_is_new=0;
1920
1921 enter_state_stop(st);
1922
1923 add_hook(PHASE_SHUTDOWN,site_phase_hook,st);
1924
1925 return new_closure(&st->cl);
1926 }
1927
1928 void site_module(dict_t *dict)
1929 {
1930 add_closure(dict,"site",site_apply);
1931 }
1932
1933
1934 /***** TRANSPORT PEERS definitions *****/
1935
1936 static void transport_peers_debug(struct site *st, transport_peers *dst,
1937 const char *didwhat,
1938 int nargs, const struct comm_addr *args,
1939 size_t stride) {
1940 int i;
1941 char *argp;
1942
1943 if (!(st->log_events & LOG_PEER_ADDRS))
1944 return; /* an optimisation */
1945
1946 slog(st, LOG_PEER_ADDRS, "peers (%s) %s nargs=%d => npeers=%d",
1947 (dst==&st->peers ? "data" :
1948 dst==&st->setup_peers ? "setup" : "UNKNOWN"),
1949 didwhat, nargs, dst->npeers);
1950
1951 for (i=0, argp=(void*)args;
1952 i<nargs;
1953 i++, (argp+=stride?stride:sizeof(*args))) {
1954 const struct comm_addr *ca=(void*)argp;
1955 slog(st, LOG_PEER_ADDRS, " args: addrs[%d]=%s",
1956 i, comm_addr_to_string(ca));
1957 }
1958 for (i=0; i<dst->npeers; i++) {
1959 struct timeval diff;
1960 timersub(tv_now,&dst->peers[i].last,&diff);
1961 const struct comm_addr *ca=&dst->peers[i].addr;
1962 slog(st, LOG_PEER_ADDRS, " peers: addrs[%d]=%s T-%ld.%06ld",
1963 i, comm_addr_to_string(ca),
1964 (unsigned long)diff.tv_sec, (unsigned long)diff.tv_usec);
1965 }
1966 }
1967
1968 static int transport_peer_compar(const void *av, const void *bv) {
1969 const transport_peer *a=av;
1970 const transport_peer *b=bv;
1971 /* put most recent first in the array */
1972 if (timercmp(&a->last, &b->last, <)) return +1;
1973 if (timercmp(&a->last, &b->last, >)) return -11;
1974 return 0;
1975 }
1976
1977 static void transport_peers_expire(struct site *st, transport_peers *peers) {
1978 /* peers must be sorted first */
1979 int previous_peers=peers->npeers;
1980 struct timeval oldest;
1981 oldest.tv_sec = tv_now->tv_sec - st->mobile_peer_expiry;
1982 oldest.tv_usec = tv_now->tv_usec;
1983 while (peers->npeers>1 &&
1984 timercmp(&peers->peers[peers->npeers-1].last, &oldest, <))
1985 peers->npeers--;
1986 if (peers->npeers != previous_peers)
1987 transport_peers_debug(st,peers,"expire", 0,0,0);
1988 }
1989
1990 static void transport_record_peer(struct site *st, transport_peers *peers,
1991 const struct comm_addr *addr, const char *m) {
1992 int slot, changed=0;
1993
1994 for (slot=0; slot<peers->npeers; slot++)
1995 if (!memcmp(&peers->peers[slot].addr, addr, sizeof(*addr)))
1996 goto found;
1997
1998 changed=1;
1999 if (peers->npeers==st->transport_peers_max)
2000 slot=st->transport_peers_max-1;
2001 else
2002 slot=peers->npeers++;
2003
2004 found:
2005 peers->peers[slot].addr=*addr;
2006 peers->peers[slot].last=*tv_now;
2007
2008 if (peers->npeers>1)
2009 qsort(peers->peers, peers->npeers,
2010 sizeof(*peers->peers), transport_peer_compar);
2011
2012 if (changed || peers->npeers!=1)
2013 transport_peers_debug(st,peers,m, 1,addr,0);
2014 transport_peers_expire(st, peers);
2015 }
2016
2017 static bool_t transport_compute_setupinit_peers(struct site *st,
2018 const struct comm_addr *configured_addr /* 0 if none or not found */,
2019 const struct comm_addr *prod_hint_addr /* 0 if none */) {
2020
2021 if (!configured_addr && !prod_hint_addr &&
2022 !transport_peers_valid(&st->peers))
2023 return False;
2024
2025 slog(st,LOG_SETUP_INIT,
2026 "using:%s%s %d old peer address(es)",
2027 configured_addr ? " configured address;" : "",
2028 prod_hint_addr ? " PROD hint address;" : "",
2029 st->peers.npeers);
2030
2031 /* Non-mobile peers havve st->peers.npeers==0 or ==1, since they
2032 * have transport_peers_max==1. The effect is that this code
2033 * always uses the configured address if supplied, or otherwise
2034 * the address of the incoming PROD, or the existing data peer if
2035 * one exists; this is as desired. */
2036
2037 transport_peers_copy(st,&st->setup_peers,&st->peers);
2038
2039 if (prod_hint_addr)
2040 transport_record_peer(st,&st->setup_peers,prod_hint_addr,"prod");
2041
2042 if (configured_addr)
2043 transport_record_peer(st,&st->setup_peers,configured_addr,"setupinit");
2044
2045 assert(transport_peers_valid(&st->setup_peers));
2046 return True;
2047 }
2048
2049 static void transport_setup_msgok(struct site *st, const struct comm_addr *a) {
2050 if (st->peer_mobile)
2051 transport_record_peer(st,&st->setup_peers,a,"setupmsg");
2052 }
2053 static void transport_data_msgok(struct site *st, const struct comm_addr *a) {
2054 if (st->peer_mobile)
2055 transport_record_peer(st,&st->peers,a,"datamsg");
2056 }
2057
2058 static int transport_peers_valid(transport_peers *peers) {
2059 return peers->npeers;
2060 }
2061 static void transport_peers_clear(struct site *st, transport_peers *peers) {
2062 peers->npeers= 0;
2063 transport_peers_debug(st,peers,"clear",0,0,0);
2064 }
2065 static void transport_peers_copy(struct site *st, transport_peers *dst,
2066 const transport_peers *src) {
2067 dst->npeers=src->npeers;
2068 memcpy(dst->peers, src->peers, sizeof(*dst->peers) * dst->npeers);
2069 transport_peers_debug(st,dst,"copy",
2070 src->npeers, &src->peers->addr, sizeof(*src->peers));
2071 }
2072
2073 void transport_xmit(struct site *st, transport_peers *peers,
2074 struct buffer_if *buf, bool_t candebug) {
2075 int slot;
2076 transport_peers_expire(st, peers);
2077 for (slot=0; slot<peers->npeers; slot++) {
2078 transport_peer *peer=&peers->peers[slot];
2079 if (candebug)
2080 dump_packet(st, buf, &peer->addr, False);
2081 peer->addr.comm->sendmsg(peer->addr.comm->st, buf, &peer->addr);
2082 }
2083 }
2084
2085 /***** END of transport peers declarations *****/
Secnet virtual private network: clone of http://www.chiark.greenend.org.uk/ucgi/~ian/git/secnet.git/