~mdw / secnet / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
site: Remove pointless check from decrypt_msg0
[secnet] / site.c
1 /* site.c - manage communication with a remote network site */
2
3 /* The 'site' code doesn't know anything about the structure of the
4 packets it's transmitting. In fact, under the new netlink
5 configuration scheme it doesn't need to know anything at all about
6 IP addresses, except how to contact its peer. This means it could
7 potentially be used to tunnel other protocols too (IPv6, IPX, plain
8 old Ethernet frames) if appropriate netlink code can be written
9 (and that ought not to be too hard, eg. using the TUN/TAP device to
10 pretend to be an Ethernet interface). */
11
12 /* At some point in the future the netlink code will be asked for
13 configuration information to go in the PING/PONG packets at the end
14 of the key exchange. */
15
16 #include "secnet.h"
17 #include <stdio.h>
18 #include <string.h>
19 #include <limits.h>
20 #include <assert.h>
21 #include <sys/socket.h>
22
23 #include <sys/mman.h>
24 #include "util.h"
25 #include "unaligned.h"
26 #include "magic.h"
27
28 #define SETUP_BUFFER_LEN 2048
29
30 #define DEFAULT_KEY_LIFETIME (3600*1000) /* [ms] */
31 #define DEFAULT_KEY_RENEGOTIATE_GAP (5*60*1000) /* [ms] */
32 #define DEFAULT_SETUP_RETRIES 5
33 #define DEFAULT_SETUP_RETRY_INTERVAL (2*1000) /* [ms] */
34 #define DEFAULT_WAIT_TIME (20*1000) /* [ms] */
35
36 #define DEFAULT_MOBILE_KEY_LIFETIME (2*24*3600*1000) /* [ms] */
37 #define DEFAULT_MOBILE_KEY_RENEGOTIATE_GAP (12*3600*1000) /* [ms] */
38 #define DEFAULT_MOBILE_SETUP_RETRIES 30
39 #define DEFAULT_MOBILE_SETUP_RETRY_INTERVAL (1*1000) /* [ms] */
40 #define DEFAULT_MOBILE_WAIT_TIME (10*1000) /* [ms] */
41
42 #define DEFAULT_MOBILE_PEER_EXPIRY (2*60) /* [s] */
43 #define DEFAULT_MOBILE_PEERS_MAX 3 /* send at most this many copies (default) */
44
45 /* Each site can be in one of several possible states. */
46
47 /* States:
48 SITE_STOP - nothing is allowed to happen; tunnel is down;
49 all session keys have been erased
50 -> SITE_RUN upon external instruction
51 SITE_RUN - site up, maybe with valid key
52 -> SITE_RESOLVE upon outgoing packet and no valid key
53 we start name resolution for the other end of the tunnel
54 -> SITE_SENTMSG2 upon valid incoming message 1 and suitable time
55 we send an appropriate message 2
56 SITE_RESOLVE - waiting for name resolution
57 -> SITE_SENTMSG1 upon successful resolution
58 we send an appropriate message 1
59 -> SITE_SENTMSG2 upon valid incoming message 1 (then abort resolution)
60 we abort resolution and
61 -> SITE_WAIT on timeout or resolution failure
62 SITE_SENTMSG1
63 -> SITE_SENTMSG2 upon valid incoming message 1 from higher priority end
64 -> SITE_SENTMSG3 upon valid incoming message 2
65 -> SITE_WAIT on timeout
66 SITE_SENTMSG2
67 -> SITE_SENTMSG4 upon valid incoming message 3
68 -> SITE_WAIT on timeout
69 SITE_SENTMSG3
70 -> SITE_SENTMSG5 upon valid incoming message 4
71 -> SITE_WAIT on timeout
72 SITE_SENTMSG4
73 -> SITE_RUN upon valid incoming message 5
74 -> SITE_WAIT on timeout
75 SITE_SENTMSG5
76 -> SITE_RUN upon valid incoming message 6
77 -> SITE_WAIT on timeout
78 SITE_WAIT - failed to establish key; do nothing for a while
79 -> SITE_RUN on timeout
80 */
81
82 #define SITE_STOP 0
83 #define SITE_RUN 1
84 #define SITE_RESOLVE 2
85 #define SITE_SENTMSG1 3
86 #define SITE_SENTMSG2 4
87 #define SITE_SENTMSG3 5
88 #define SITE_SENTMSG4 6
89 #define SITE_SENTMSG5 7
90 #define SITE_WAIT 8
91
92 static cstring_t state_name(uint32_t state)
93 {
94 switch (state) {
95 case 0: return "STOP";
96 case 1: return "RUN";
97 case 2: return "RESOLVE";
98 case 3: return "SENTMSG1";
99 case 4: return "SENTMSG2";
100 case 5: return "SENTMSG3";
101 case 6: return "SENTMSG4";
102 case 7: return "SENTMSG5";
103 case 8: return "WAIT";
104 default: return "*bad state*";
105 }
106 }
107
108 #define NONCELEN 8
109
110 #define LOG_UNEXPECTED 0x00000001
111 #define LOG_SETUP_INIT 0x00000002
112 #define LOG_SETUP_TIMEOUT 0x00000004
113 #define LOG_ACTIVATE_KEY 0x00000008
114 #define LOG_TIMEOUT_KEY 0x00000010
115 #define LOG_SEC 0x00000020
116 #define LOG_STATE 0x00000040
117 #define LOG_DROP 0x00000080
118 #define LOG_DUMP 0x00000100
119 #define LOG_ERROR 0x00000400
120 #define LOG_PEER_ADDRS 0x00000800
121
122 static struct flagstr log_event_table[]={
123 { "unexpected", LOG_UNEXPECTED },
124 { "setup-init", LOG_SETUP_INIT },
125 { "setup-timeout", LOG_SETUP_TIMEOUT },
126 { "activate-key", LOG_ACTIVATE_KEY },
127 { "timeout-key", LOG_TIMEOUT_KEY },
128 { "security", LOG_SEC },
129 { "state-change", LOG_STATE },
130 { "packet-drop", LOG_DROP },
131 { "dump-packets", LOG_DUMP },
132 { "errors", LOG_ERROR },
133 { "peer-addrs", LOG_PEER_ADDRS },
134 { "default", LOG_SETUP_INIT|LOG_SETUP_TIMEOUT|
135 LOG_ACTIVATE_KEY|LOG_TIMEOUT_KEY|LOG_SEC|LOG_ERROR },
136 { "all", 0xffffffff },
137 { NULL, 0 }
138 };
139
140
141 /***** TRANSPORT PEERS declarations *****/
142
143 /* Details of "mobile peer" semantics:
144
145 - We record mobile_peers_max peer address/port numbers ("peers")
146 for key setup, and separately mobile_peers_max for data
147 transfer. If these lists fill up, we retain the newest peers.
148 (For non-mobile peers we only record one of each.)
149
150 - Outgoing packets are sent to every recorded peer in the
151 applicable list.
152
153 - Data transfer peers are straightforward: whenever we successfully
154 process a data packet, we record the peer. Also, whenever we
155 successfully complete a key setup, we merge the key setup
156 peers into the data transfer peers.
157
158 (For "non-mobile" peers we simply copy the peer used for
159 successful key setup, and don't change the peer otherwise.)
160
161 - Key setup peers are slightly more complicated.
162
163 Whenever we receive and successfully process a key exchange
164 packet, we record the peer.
165
166 Whenever we try to initiate a key setup, we copy the list of data
167 transfer peers and use it for key setup. But we also look to see
168 if the config supplies an address and port number and if so we
169 add that as a key setup peer (possibly evicting one of the data
170 transfer peers we just copied).
171
172 (For "non-mobile" peers, if we if we have a configured peer
173 address and port, we always use that; otherwise if we have a
174 current data peer address we use that; otherwise we do not
175 attempt to initiate a key setup for lack of a peer address.)
176
177 "Record the peer" means
178 1. expire any peers last seen >120s ("mobile-peer-expiry") ago
179 2. add the peer of the just received packet to the applicable list
180 (possibly evicting older entries)
181 NB that we do not expire peers until an incoming packet arrives.
182
183 */
184
185 #define MAX_MOBILE_PEERS_MAX 5 /* send at most this many copies, compiled max */
186
187 typedef struct {
188 struct timeval last;
189 struct comm_addr addr;
190 } transport_peer;
191
192 typedef struct {
193 /* configuration information */
194 /* runtime information */
195 int npeers;
196 transport_peer peers[MAX_MOBILE_PEERS_MAX];
197 } transport_peers;
198
199 static void transport_peers_clear(struct site *st, transport_peers *peers);
200 static int transport_peers_valid(transport_peers *peers);
201 static void transport_peers_copy(struct site *st, transport_peers *dst,
202 const transport_peers *src);
203
204 static void transport_setup_msgok(struct site *st, const struct comm_addr *a);
205 static void transport_data_msgok(struct site *st, const struct comm_addr *a);
206 static bool_t transport_compute_setupinit_peers(struct site *st,
207 const struct comm_addr *configured_addr /* 0 if none or not found */);
208 static void transport_record_peer(struct site *st, transport_peers *peers,
209 const struct comm_addr *addr, const char *m);
210
211 static void transport_xmit(struct site *st, transport_peers *peers,
212 struct buffer_if *buf, bool_t candebug);
213
214 /***** END of transport peers declarations *****/
215
216
217 struct site {
218 closure_t cl;
219 struct site_if ops;
220 /* configuration information */
221 string_t localname;
222 string_t remotename;
223 bool_t peer_mobile; /* Mobile client support */
224 int32_t transport_peers_max;
225 string_t tunname; /* localname<->remotename by default, used in logs */
226 string_t address; /* DNS name for bootstrapping, optional */
227 int remoteport; /* Port for bootstrapping, optional */
228 struct netlink_if *netlink;
229 struct comm_if **comms;
230 int ncomms;
231 struct resolver_if *resolver;
232 struct log_if *log;
233 struct random_if *random;
234 struct rsaprivkey_if *privkey;
235 struct rsapubkey_if *pubkey;
236 struct transform_if *transform;
237 struct dh_if *dh;
238 struct hash_if *hash;
239
240 uint32_t index; /* Index of this site */
241 int32_t setup_retries; /* How many times to send setup packets */
242 int32_t setup_retry_interval; /* Initial timeout for setup packets */
243 int32_t wait_timeout; /* How long to wait if setup unsuccessful */
244 int32_t mobile_peer_expiry; /* How long to remember 2ary addresses */
245 int32_t key_lifetime; /* How long a key lasts once set up */
246 int32_t key_renegotiate_time; /* If we see traffic (or a keepalive)
247 after this time, initiate a new
248 key exchange */
249
250 uint8_t *setupsig; /* Expected signature of incoming MSG1 packets */
251 int32_t setupsiglen; /* Allows us to discard packets quickly if
252 they are not for us */
253 bool_t setup_priority; /* Do we have precedence if both sites emit
254 message 1 simultaneously? */
255 uint32_t log_events;
256
257 /* runtime information */
258 uint32_t state;
259 uint64_t now; /* Most recently seen time */
260
261 /* The currently established session */
262 uint32_t remote_session_id;
263 struct transform_inst_if *current_transform;
264 bool_t current_valid;
265 uint64_t current_key_timeout; /* End of life of current key */
266 uint64_t renegotiate_key_time; /* When we can negotiate a new key */
267 transport_peers peers; /* Current address(es) of peer for data traffic */
268
269 /* The current key setup protocol exchange. We can only be
270 involved in one of these at a time. There's a potential for
271 denial of service here (the attacker keeps sending a setup
272 packet; we keep trying to continue the exchange, and have to
273 timeout before we can listen for another setup packet); perhaps
274 we should keep a list of 'bad' sources for setup packets. */
275 uint32_t setup_session_id;
276 transport_peers setup_peers;
277 uint8_t localN[NONCELEN]; /* Nonces for key exchange */
278 uint8_t remoteN[NONCELEN];
279 struct buffer_if buffer; /* Current outgoing key exchange packet */
280 int32_t retries; /* Number of retries remaining */
281 uint64_t timeout; /* Timeout for current state */
282 uint8_t *dhsecret;
283 uint8_t *sharedsecret;
284 struct transform_inst_if *new_transform; /* For key setup/verify */
285 };
286
287 static void slog(struct site *st, uint32_t event, cstring_t msg, ...)
288 {
289 va_list ap;
290 char buf[240];
291 uint32_t class;
292
293 va_start(ap,msg);
294
295 if (event&st->log_events) {
296 switch(event) {
297 case LOG_UNEXPECTED: class=M_INFO; break;
298 case LOG_SETUP_INIT: class=M_INFO; break;
299 case LOG_SETUP_TIMEOUT: class=M_NOTICE; break;
300 case LOG_ACTIVATE_KEY: class=M_INFO; break;
301 case LOG_TIMEOUT_KEY: class=M_INFO; break;
302 case LOG_SEC: class=M_SECURITY; break;
303 case LOG_STATE: class=M_DEBUG; break;
304 case LOG_DROP: class=M_DEBUG; break;
305 case LOG_DUMP: class=M_DEBUG; break;
306 case LOG_ERROR: class=M_ERR; break;
307 case LOG_PEER_ADDRS: class=M_DEBUG; break;
308 default: class=M_ERR; break;
309 }
310
311 vsnprintf(buf,sizeof(buf),msg,ap);
312 st->log->log(st->log->st,class,"%s: %s",st->tunname,buf);
313 }
314 va_end(ap);
315 }
316
317 static void set_link_quality(struct site *st);
318 static void delete_key(struct site *st, cstring_t reason, uint32_t loglevel);
319 static bool_t initiate_key_setup(struct site *st, cstring_t reason);
320 static void enter_state_run(struct site *st);
321 static bool_t enter_state_resolve(struct site *st);
322 static bool_t enter_new_state(struct site *st,uint32_t next);
323 static void enter_state_wait(struct site *st);
324
325 #define CHECK_AVAIL(b,l) do { if ((b)->size<(l)) return False; } while(0)
326 #define CHECK_EMPTY(b) do { if ((b)->size!=0) return False; } while(0)
327 #define CHECK_TYPE(b,t) do { uint32_t type; \
328 CHECK_AVAIL((b),4); \
329 type=buf_unprepend_uint32((b)); \
330 if (type!=(t)) return False; } while(0)
331
332 struct msg {
333 uint8_t *hashstart;
334 uint32_t dest;
335 uint32_t source;
336 int32_t remlen;
337 uint8_t *remote;
338 int32_t loclen;
339 uint8_t *local;
340 uint8_t *nR;
341 uint8_t *nL;
342 int32_t pklen;
343 char *pk;
344 int32_t hashlen;
345 int32_t siglen;
346 char *sig;
347 };
348
349 /* Build any of msg1 to msg4. msg5 and msg6 are built from the inside
350 out using a transform of config data supplied by netlink */
351 static bool_t generate_msg(struct site *st, uint32_t type, cstring_t what)
352 {
353 void *hst;
354 uint8_t *hash;
355 string_t dhpub, sig;
356
357 st->retries=st->setup_retries;
358 BUF_ALLOC(&st->buffer,what);
359 buffer_init(&st->buffer,0);
360 buf_append_uint32(&st->buffer,
361 (type==LABEL_MSG1?0:st->setup_session_id));
362 buf_append_uint32(&st->buffer,st->index);
363 buf_append_uint32(&st->buffer,type);
364 buf_append_string(&st->buffer,st->localname);
365 buf_append_string(&st->buffer,st->remotename);
366 memcpy(buf_append(&st->buffer,NONCELEN),st->localN,NONCELEN);
367 if (type==LABEL_MSG1) return True;
368 memcpy(buf_append(&st->buffer,NONCELEN),st->remoteN,NONCELEN);
369 if (type==LABEL_MSG2) return True;
370
371 if (hacky_par_mid_failnow()) return False;
372
373 dhpub=st->dh->makepublic(st->dh->st,st->dhsecret,st->dh->len);
374 buf_append_string(&st->buffer,dhpub);
375 free(dhpub);
376 hash=safe_malloc(st->hash->len, "generate_msg");
377 hst=st->hash->init();
378 st->hash->update(hst,st->buffer.start,st->buffer.size);
379 st->hash->final(hst,hash);
380 sig=st->privkey->sign(st->privkey->st,hash,st->hash->len);
381 buf_append_string(&st->buffer,sig);
382 free(sig);
383 free(hash);
384 return True;
385 }
386
387 static bool_t unpick_msg(struct site *st, uint32_t type,
388 struct buffer_if *msg, struct msg *m)
389 {
390 m->hashstart=msg->start;
391 CHECK_AVAIL(msg,4);
392 m->dest=buf_unprepend_uint32(msg);
393 CHECK_AVAIL(msg,4);
394 m->source=buf_unprepend_uint32(msg);
395 CHECK_TYPE(msg,type);
396 CHECK_AVAIL(msg,2);
397 m->remlen=buf_unprepend_uint16(msg);
398 CHECK_AVAIL(msg,m->remlen);
399 m->remote=buf_unprepend(msg,m->remlen);
400 CHECK_AVAIL(msg,2);
401 m->loclen=buf_unprepend_uint16(msg);
402 CHECK_AVAIL(msg,m->loclen);
403 m->local=buf_unprepend(msg,m->loclen);
404 CHECK_AVAIL(msg,NONCELEN);
405 m->nR=buf_unprepend(msg,NONCELEN);
406 if (type==LABEL_MSG1) {
407 CHECK_EMPTY(msg);
408 return True;
409 }
410 CHECK_AVAIL(msg,NONCELEN);
411 m->nL=buf_unprepend(msg,NONCELEN);
412 if (type==LABEL_MSG2) {
413 CHECK_EMPTY(msg);
414 return True;
415 }
416 CHECK_AVAIL(msg,2);
417 m->pklen=buf_unprepend_uint16(msg);
418 CHECK_AVAIL(msg,m->pklen);
419 m->pk=buf_unprepend(msg,m->pklen);
420 m->hashlen=msg->start-m->hashstart;
421 CHECK_AVAIL(msg,2);
422 m->siglen=buf_unprepend_uint16(msg);
423 CHECK_AVAIL(msg,m->siglen);
424 m->sig=buf_unprepend(msg,m->siglen);
425 CHECK_EMPTY(msg);
426 return True;
427 }
428
429 static bool_t check_msg(struct site *st, uint32_t type, struct msg *m,
430 cstring_t *error)
431 {
432 if (type==LABEL_MSG1) return True;
433
434 /* Check that the site names and our nonce have been sent
435 back correctly, and then store our peer's nonce. */
436 if (memcmp(m->remote,st->remotename,strlen(st->remotename)!=0)) {
437 *error="wrong remote site name";
438 return False;
439 }
440 if (memcmp(m->local,st->localname,strlen(st->localname)!=0)) {
441 *error="wrong local site name";
442 return False;
443 }
444 if (memcmp(m->nL,st->localN,NONCELEN)!=0) {
445 *error="wrong locally-generated nonce";
446 return False;
447 }
448 if (type==LABEL_MSG2) return True;
449 if (memcmp(m->nR,st->remoteN,NONCELEN)!=0) {
450 *error="wrong remotely-generated nonce";
451 return False;
452 }
453 if (type==LABEL_MSG3) return True;
454 if (type==LABEL_MSG4) return True;
455 *error="unknown message type";
456 return False;
457 }
458
459 static bool_t generate_msg1(struct site *st)
460 {
461 st->random->generate(st->random->st,NONCELEN,st->localN);
462 return generate_msg(st,LABEL_MSG1,"site:MSG1");
463 }
464
465 static bool_t process_msg1(struct site *st, struct buffer_if *msg1,
466 const struct comm_addr *src)
467 {
468 struct msg m;
469
470 /* We've already determined we're in an appropriate state to
471 process an incoming MSG1, and that the MSG1 has correct values
472 of A and B. */
473
474 if (!unpick_msg(st,LABEL_MSG1,msg1,&m)) return False;
475
476 transport_record_peer(st,&st->setup_peers,src,"msg1");
477 st->setup_session_id=m.source;
478 memcpy(st->remoteN,m.nR,NONCELEN);
479 return True;
480 }
481
482 static bool_t generate_msg2(struct site *st)
483 {
484 st->random->generate(st->random->st,NONCELEN,st->localN);
485 return generate_msg(st,LABEL_MSG2,"site:MSG2");
486 }
487
488 static bool_t process_msg2(struct site *st, struct buffer_if *msg2,
489 const struct comm_addr *src)
490 {
491 struct msg m;
492 cstring_t err;
493
494 if (!unpick_msg(st,LABEL_MSG2,msg2,&m)) return False;
495 if (!check_msg(st,LABEL_MSG2,&m,&err)) {
496 slog(st,LOG_SEC,"msg2: %s",err);
497 return False;
498 }
499 st->setup_session_id=m.source;
500 memcpy(st->remoteN,m.nR,NONCELEN);
501 return True;
502 }
503
504 static bool_t generate_msg3(struct site *st)
505 {
506 /* Now we have our nonce and their nonce. Think of a secret key,
507 and create message number 3. */
508 st->random->generate(st->random->st,st->dh->len,st->dhsecret);
509 return generate_msg(st,LABEL_MSG3,"site:MSG3");
510 }
511
512 static bool_t process_msg3(struct site *st, struct buffer_if *msg3,
513 const struct comm_addr *src)
514 {
515 struct msg m;
516 uint8_t *hash;
517 void *hst;
518 cstring_t err;
519
520 if (!unpick_msg(st,LABEL_MSG3,msg3,&m)) return False;
521 if (!check_msg(st,LABEL_MSG3,&m,&err)) {
522 slog(st,LOG_SEC,"msg3: %s",err);
523 return False;
524 }
525
526 /* Check signature and store g^x mod m */
527 hash=safe_malloc(st->hash->len, "process_msg3");
528 hst=st->hash->init();
529 st->hash->update(hst,m.hashstart,m.hashlen);
530 st->hash->final(hst,hash);
531 /* Terminate signature with a '0' - cheating, but should be ok */
532 m.sig[m.siglen]=0;
533 if (!st->pubkey->check(st->pubkey->st,hash,st->hash->len,m.sig)) {
534 slog(st,LOG_SEC,"msg3 signature failed check!");
535 free(hash);
536 return False;
537 }
538 free(hash);
539
540 /* Terminate their DH public key with a '0' */
541 m.pk[m.pklen]=0;
542 /* Invent our DH secret key */
543 st->random->generate(st->random->st,st->dh->len,st->dhsecret);
544
545 /* Generate the shared key */
546 st->dh->makeshared(st->dh->st,st->dhsecret,st->dh->len,m.pk,
547 st->sharedsecret,st->transform->keylen);
548
549 /* Set up the transform */
550 st->new_transform->setkey(st->new_transform->st,st->sharedsecret,
551 st->transform->keylen);
552
553 return True;
554 }
555
556 static bool_t generate_msg4(struct site *st)
557 {
558 /* We have both nonces, their public key and our private key. Generate
559 our public key, sign it and send it to them. */
560 return generate_msg(st,LABEL_MSG4,"site:MSG4");
561 }
562
563 static bool_t process_msg4(struct site *st, struct buffer_if *msg4,
564 const struct comm_addr *src)
565 {
566 struct msg m;
567 uint8_t *hash;
568 void *hst;
569 cstring_t err;
570
571 if (!unpick_msg(st,LABEL_MSG4,msg4,&m)) return False;
572 if (!check_msg(st,LABEL_MSG4,&m,&err)) {
573 slog(st,LOG_SEC,"msg4: %s",err);
574 return False;
575 }
576
577 /* Check signature and store g^x mod m */
578 hash=safe_malloc(st->hash->len, "process_msg4");
579 hst=st->hash->init();
580 st->hash->update(hst,m.hashstart,m.hashlen);
581 st->hash->final(hst,hash);
582 /* Terminate signature with a '0' - cheating, but should be ok */
583 m.sig[m.siglen]=0;
584 if (!st->pubkey->check(st->pubkey->st,hash,st->hash->len,m.sig)) {
585 slog(st,LOG_SEC,"msg4 signature failed check!");
586 free(hash);
587 return False;
588 }
589 free(hash);
590
591 /* Terminate their DH public key with a '0' */
592 m.pk[m.pklen]=0;
593 /* Generate the shared key */
594 st->dh->makeshared(st->dh->st,st->dhsecret,st->dh->len,m.pk,
595 st->sharedsecret,st->transform->keylen);
596 /* Set up the transform */
597 st->new_transform->setkey(st->new_transform->st,st->sharedsecret,
598 st->transform->keylen);
599
600 return True;
601 }
602
603 struct msg0 {
604 uint32_t dest;
605 uint32_t source;
606 uint32_t type;
607 };
608
609 static bool_t unpick_msg0(struct site *st, struct buffer_if *msg0,
610 struct msg0 *m)
611 {
612 CHECK_AVAIL(msg0,4);
613 m->dest=buf_unprepend_uint32(msg0);
614 CHECK_AVAIL(msg0,4);
615 m->source=buf_unprepend_uint32(msg0);
616 CHECK_AVAIL(msg0,4);
617 m->type=buf_unprepend_uint32(msg0);
618 return True;
619 /* Leaves transformed part of buffer untouched */
620 }
621
622 static bool_t generate_msg5(struct site *st)
623 {
624 cstring_t transform_err;
625
626 BUF_ALLOC(&st->buffer,"site:MSG5");
627 /* We are going to add four words to the message */
628 buffer_init(&st->buffer,st->transform->max_start_pad+(4*4));
629 /* Give the netlink code an opportunity to put its own stuff in the
630 message (configuration information, etc.) */
631 buf_prepend_uint32(&st->buffer,LABEL_MSG5);
632 st->new_transform->forwards(st->new_transform->st,&st->buffer,
633 &transform_err);
634 buf_prepend_uint32(&st->buffer,LABEL_MSG5);
635 buf_prepend_uint32(&st->buffer,st->index);
636 buf_prepend_uint32(&st->buffer,st->setup_session_id);
637
638 st->retries=st->setup_retries;
639 return True;
640 }
641
642 static bool_t process_msg5(struct site *st, struct buffer_if *msg5,
643 const struct comm_addr *src)
644 {
645 struct msg0 m;
646 cstring_t transform_err;
647
648 if (!unpick_msg0(st,msg5,&m)) return False;
649
650 if (st->new_transform->reverse(st->new_transform->st,
651 msg5,&transform_err)) {
652 /* There's a problem */
653 slog(st,LOG_SEC,"process_msg5: transform: %s",transform_err);
654 return False;
655 }
656 /* Buffer should now contain untransformed PING packet data */
657 CHECK_AVAIL(msg5,4);
658 if (buf_unprepend_uint32(msg5)!=LABEL_MSG5) {
659 slog(st,LOG_SEC,"MSG5/PING packet contained wrong label");
660 return False;
661 }
662 /* Older versions of secnet used to write some config data here
663 * which we ignore. So we don't CHECK_EMPTY */
664 return True;
665 }
666
667 static bool_t generate_msg6(struct site *st)
668 {
669 cstring_t transform_err;
670
671 BUF_ALLOC(&st->buffer,"site:MSG6");
672 /* We are going to add four words to the message */
673 buffer_init(&st->buffer,st->transform->max_start_pad+(4*4));
674 /* Give the netlink code an opportunity to put its own stuff in the
675 message (configuration information, etc.) */
676 buf_prepend_uint32(&st->buffer,LABEL_MSG6);
677 st->new_transform->forwards(st->new_transform->st,&st->buffer,
678 &transform_err);
679 buf_prepend_uint32(&st->buffer,LABEL_MSG6);
680 buf_prepend_uint32(&st->buffer,st->index);
681 buf_prepend_uint32(&st->buffer,st->setup_session_id);
682
683 st->retries=1; /* Peer will retransmit MSG5 if this packet gets lost */
684 return True;
685 }
686
687 static bool_t process_msg6(struct site *st, struct buffer_if *msg6,
688 const struct comm_addr *src)
689 {
690 struct msg0 m;
691 cstring_t transform_err;
692
693 if (!unpick_msg0(st,msg6,&m)) return False;
694
695 if (st->new_transform->reverse(st->new_transform->st,
696 msg6,&transform_err)) {
697 /* There's a problem */
698 slog(st,LOG_SEC,"process_msg6: transform: %s",transform_err);
699 return False;
700 }
701 /* Buffer should now contain untransformed PING packet data */
702 CHECK_AVAIL(msg6,4);
703 if (buf_unprepend_uint32(msg6)!=LABEL_MSG6) {
704 slog(st,LOG_SEC,"MSG6/PONG packet contained invalid data");
705 return False;
706 }
707 /* Older versions of secnet used to write some config data here
708 * which we ignore. So we don't CHECK_EMPTY */
709 return True;
710 }
711
712 static bool_t decrypt_msg0(struct site *st, struct buffer_if *msg0)
713 {
714 cstring_t transform_err;
715 struct msg0 m;
716 uint32_t problem;
717
718 if (!unpick_msg0(st,msg0,&m)) return False;
719
720 problem = st->current_transform->reverse(st->current_transform->st,
721 msg0,&transform_err);
722 if (!problem) return True;
723
724 slog(st,LOG_SEC,"transform: %s",transform_err);
725 initiate_key_setup(st,"incoming message would not decrypt");
726 return False;
727 }
728
729 static bool_t process_msg0(struct site *st, struct buffer_if *msg0,
730 const struct comm_addr *src)
731 {
732 uint32_t type;
733
734 if (!decrypt_msg0(st,msg0))
735 return False;
736
737 CHECK_AVAIL(msg0,4);
738 type=buf_unprepend_uint32(msg0);
739 switch(type) {
740 case LABEL_MSG7:
741 /* We must forget about the current session. */
742 delete_key(st,"request from peer",LOG_SEC);
743 return True;
744 case LABEL_MSG9:
745 /* Deliver to netlink layer */
746 st->netlink->deliver(st->netlink->st,msg0);
747 transport_data_msgok(st,src);
748 /* See whether we should start negotiating a new key */
749 if (st->now > st->renegotiate_key_time)
750 initiate_key_setup(st,"incoming packet in renegotiation window");
751 return True;
752 default:
753 slog(st,LOG_SEC,"incoming encrypted message of type %08x "
754 "(unknown)",type);
755 break;
756 }
757 return False;
758 }
759
760 static void dump_packet(struct site *st, struct buffer_if *buf,
761 const struct comm_addr *addr, bool_t incoming)
762 {
763 uint32_t dest=ntohl(*(uint32_t *)buf->start);
764 uint32_t source=ntohl(*(uint32_t *)(buf->start+4));
765 uint32_t msgtype=ntohl(*(uint32_t *)(buf->start+8));
766
767 if (st->log_events & LOG_DUMP)
768 slilog(st->log,M_DEBUG,"%s: %s: %08x<-%08x: %08x:",
769 st->tunname,incoming?"incoming":"outgoing",
770 dest,source,msgtype);
771 }
772
773 static uint32_t site_status(void *st)
774 {
775 return 0;
776 }
777
778 static bool_t send_msg(struct site *st)
779 {
780 if (st->retries>0) {
781 transport_xmit(st, &st->setup_peers, &st->buffer, True);
782 st->timeout=st->now+st->setup_retry_interval;
783 st->retries--;
784 return True;
785 } else {
786 slog(st,LOG_SETUP_TIMEOUT,"timed out sending key setup packet "
787 "(in state %s)",state_name(st->state));
788 enter_state_wait(st);
789 return False;
790 }
791 }
792
793 static void site_resolve_callback(void *sst, struct in_addr *address)
794 {
795 struct site *st=sst;
796 struct comm_addr ca_buf, *ca_use;
797
798 if (st->state!=SITE_RESOLVE) {
799 slog(st,LOG_UNEXPECTED,"site_resolve_callback called unexpectedly");
800 return;
801 }
802 if (address) {
803 FILLZERO(ca_buf);
804 ca_buf.comm=st->comms[0];
805 ca_buf.sin.sin_family=AF_INET;
806 ca_buf.sin.sin_port=htons(st->remoteport);
807 ca_buf.sin.sin_addr=*address;
808 ca_use=&ca_buf;
809 } else {
810 slog(st,LOG_ERROR,"resolution of %s failed",st->address);
811 ca_use=0;
812 }
813 if (transport_compute_setupinit_peers(st,ca_use)) {
814 enter_new_state(st,SITE_SENTMSG1);
815 } else {
816 /* Can't figure out who to try to to talk to */
817 slog(st,LOG_SETUP_INIT,"key exchange failed: cannot find peer address");
818 enter_state_run(st);
819 }
820 }
821
822 static bool_t initiate_key_setup(struct site *st, cstring_t reason)
823 {
824 if (st->state!=SITE_RUN) return False;
825 slog(st,LOG_SETUP_INIT,"initiating key exchange (%s)",reason);
826 if (st->address) {
827 slog(st,LOG_SETUP_INIT,"resolving peer address");
828 return enter_state_resolve(st);
829 } else if (transport_compute_setupinit_peers(st,0)) {
830 return enter_new_state(st,SITE_SENTMSG1);
831 }
832 slog(st,LOG_SETUP_INIT,"key exchange failed: no address for peer");
833 return False;
834 }
835
836 static void activate_new_key(struct site *st)
837 {
838 struct transform_inst_if *t;
839
840 /* We have two transform instances, which we swap between active
841 and setup */
842 t=st->current_transform;
843 st->current_transform=st->new_transform;
844 st->new_transform=t;
845
846 t->delkey(t->st);
847 st->timeout=0;
848 st->current_valid=True;
849 st->current_key_timeout=st->now+st->key_lifetime;
850 st->renegotiate_key_time=st->now+st->key_renegotiate_time;
851 transport_peers_copy(st,&st->peers,&st->setup_peers);
852 st->remote_session_id=st->setup_session_id;
853
854 slog(st,LOG_ACTIVATE_KEY,"new key activated");
855 enter_state_run(st);
856 }
857
858 static void delete_key(struct site *st, cstring_t reason, uint32_t loglevel)
859 {
860 if (st->current_valid) {
861 slog(st,loglevel,"session closed (%s)",reason);
862
863 st->current_valid=False;
864 st->current_transform->delkey(st->current_transform->st);
865 st->current_key_timeout=0;
866 set_link_quality(st);
867 }
868 }
869
870 static void state_assert(struct site *st, bool_t ok)
871 {
872 if (!ok) fatal("site:state_assert");
873 }
874
875 static void enter_state_stop(struct site *st)
876 {
877 st->state=SITE_STOP;
878 st->timeout=0;
879 delete_key(st,"entering state STOP",LOG_TIMEOUT_KEY);
880 st->new_transform->delkey(st->new_transform->st);
881 }
882
883 static void set_link_quality(struct site *st)
884 {
885 uint32_t quality;
886 if (st->current_valid)
887 quality=LINK_QUALITY_UP;
888 else if (st->state==SITE_WAIT || st->state==SITE_STOP)
889 quality=LINK_QUALITY_DOWN;
890 else if (st->address)
891 quality=LINK_QUALITY_DOWN_CURRENT_ADDRESS;
892 else if (transport_peers_valid(&st->peers))
893 quality=LINK_QUALITY_DOWN_STALE_ADDRESS;
894 else
895 quality=LINK_QUALITY_DOWN;
896
897 st->netlink->set_quality(st->netlink->st,quality);
898 }
899
900 static void enter_state_run(struct site *st)
901 {
902 slog(st,LOG_STATE,"entering state RUN");
903 st->state=SITE_RUN;
904 st->timeout=0;
905
906 st->setup_session_id=0;
907 transport_peers_clear(st,&st->setup_peers);
908 memset(st->localN,0,NONCELEN);
909 memset(st->remoteN,0,NONCELEN);
910 st->new_transform->delkey(st->new_transform->st);
911 memset(st->dhsecret,0,st->dh->len);
912 memset(st->sharedsecret,0,st->transform->keylen);
913 set_link_quality(st);
914 }
915
916 static bool_t enter_state_resolve(struct site *st)
917 {
918 state_assert(st,st->state==SITE_RUN);
919 slog(st,LOG_STATE,"entering state RESOLVE");
920 st->state=SITE_RESOLVE;
921 st->resolver->request(st->resolver->st,st->address,
922 site_resolve_callback,st);
923 return True;
924 }
925
926 static bool_t enter_new_state(struct site *st, uint32_t next)
927 {
928 bool_t (*gen)(struct site *st);
929 int r;
930
931 slog(st,LOG_STATE,"entering state %s",state_name(next));
932 switch(next) {
933 case SITE_SENTMSG1:
934 state_assert(st,st->state==SITE_RUN || st->state==SITE_RESOLVE);
935 gen=generate_msg1;
936 break;
937 case SITE_SENTMSG2:
938 state_assert(st,st->state==SITE_RUN || st->state==SITE_RESOLVE ||
939 st->state==SITE_SENTMSG1 || st->state==SITE_WAIT);
940 gen=generate_msg2;
941 break;
942 case SITE_SENTMSG3:
943 state_assert(st,st->state==SITE_SENTMSG1);
944 BUF_FREE(&st->buffer);
945 gen=generate_msg3;
946 break;
947 case SITE_SENTMSG4:
948 state_assert(st,st->state==SITE_SENTMSG2);
949 BUF_FREE(&st->buffer);
950 gen=generate_msg4;
951 break;
952 case SITE_SENTMSG5:
953 state_assert(st,st->state==SITE_SENTMSG3);
954 BUF_FREE(&st->buffer);
955 gen=generate_msg5;
956 break;
957 case SITE_RUN:
958 state_assert(st,st->state==SITE_SENTMSG4);
959 BUF_FREE(&st->buffer);
960 gen=generate_msg6;
961 break;
962 default:
963 gen=NULL;
964 fatal("enter_new_state(%s): invalid new state",state_name(next));
965 break;
966 }
967
968 if (hacky_par_start_failnow()) return False;
969
970 r= gen(st) && send_msg(st);
971
972 hacky_par_end(&r,
973 st->setup_retries, st->setup_retry_interval,
974 send_msg, st);
975
976 if (r) {
977 st->state=next;
978 if (next==SITE_RUN) {
979 BUF_FREE(&st->buffer); /* Never reused */
980 st->timeout=0; /* Never retransmit */
981 activate_new_key(st);
982 }
983 return True;
984 }
985 slog(st,LOG_ERROR,"error entering state %s",state_name(next));
986 st->buffer.free=False; /* Unconditionally use the buffer; it may be
987 in either state, and enter_state_wait() will
988 do a BUF_FREE() */
989 enter_state_wait(st);
990 return False;
991 }
992
993 /* msg7 tells our peer that we're about to forget our key */
994 static bool_t send_msg7(struct site *st, cstring_t reason)
995 {
996 cstring_t transform_err;
997
998 if (st->current_valid && st->buffer.free
999 && transport_peers_valid(&st->peers)) {
1000 BUF_ALLOC(&st->buffer,"site:MSG7");
1001 buffer_init(&st->buffer,st->transform->max_start_pad+(4*3));
1002 buf_append_uint32(&st->buffer,LABEL_MSG7);
1003 buf_append_string(&st->buffer,reason);
1004 st->current_transform->forwards(st->current_transform->st,
1005 &st->buffer, &transform_err);
1006 buf_prepend_uint32(&st->buffer,LABEL_MSG0);
1007 buf_prepend_uint32(&st->buffer,st->index);
1008 buf_prepend_uint32(&st->buffer,st->remote_session_id);
1009 transport_xmit(st,&st->peers,&st->buffer,True);
1010 BUF_FREE(&st->buffer);
1011 return True;
1012 }
1013 return False;
1014 }
1015
1016 /* We go into this state if our peer becomes uncommunicative. Similar to
1017 the "stop" state, we forget all session keys for a while, before
1018 re-entering the "run" state. */
1019 static void enter_state_wait(struct site *st)
1020 {
1021 slog(st,LOG_STATE,"entering state WAIT");
1022 st->timeout=st->now+st->wait_timeout;
1023 st->state=SITE_WAIT;
1024 set_link_quality(st);
1025 BUF_FREE(&st->buffer); /* will have had an outgoing packet in it */
1026 /* XXX Erase keys etc. */
1027 }
1028
1029 static inline void site_settimeout(uint64_t timeout, int *timeout_io)
1030 {
1031 if (timeout) {
1032 int64_t offset=timeout-*now;
1033 if (offset<0) offset=0;
1034 if (offset>INT_MAX) offset=INT_MAX;
1035 if (*timeout_io<0 || offset<*timeout_io)
1036 *timeout_io=offset;
1037 }
1038 }
1039
1040 static int site_beforepoll(void *sst, struct pollfd *fds, int *nfds_io,
1041 int *timeout_io)
1042 {
1043 struct site *st=sst;
1044
1045 *nfds_io=0; /* We don't use any file descriptors */
1046 st->now=*now;
1047
1048 /* Work out when our next timeout is. The earlier of 'timeout' or
1049 'current_key_timeout'. A stored value of '0' indicates no timeout
1050 active. */
1051 site_settimeout(st->timeout, timeout_io);
1052 site_settimeout(st->current_key_timeout, timeout_io);
1053
1054 return 0; /* success */
1055 }
1056
1057 /* NB site_afterpoll will be called before site_beforepoll is ever called */
1058 static void site_afterpoll(void *sst, struct pollfd *fds, int nfds)
1059 {
1060 struct site *st=sst;
1061
1062 st->now=*now;
1063 if (st->timeout && *now>st->timeout) {
1064 st->timeout=0;
1065 if (st->state>=SITE_SENTMSG1 && st->state<=SITE_SENTMSG5) {
1066 if (!hacky_par_start_failnow())
1067 send_msg(st);
1068 } else if (st->state==SITE_WAIT) {
1069 enter_state_run(st);
1070 } else {
1071 slog(st,LOG_ERROR,"site_afterpoll: unexpected timeout, state=%d",
1072 st->state);
1073 }
1074 }
1075 if (st->current_key_timeout && *now>st->current_key_timeout) {
1076 delete_key(st,"maximum key life exceeded",LOG_TIMEOUT_KEY);
1077 }
1078 }
1079
1080 /* This function is called by the netlink device to deliver packets
1081 intended for the remote network. The packet is in "raw" wire
1082 format, but is guaranteed to be word-aligned. */
1083 static void site_outgoing(void *sst, struct buffer_if *buf)
1084 {
1085 struct site *st=sst;
1086 cstring_t transform_err;
1087
1088 if (st->state==SITE_STOP) {
1089 BUF_FREE(buf);
1090 return;
1091 }
1092
1093 /* In all other states we consider delivering the packet if we have
1094 a valid key and a valid address to send it to. */
1095 if (st->current_valid && transport_peers_valid(&st->peers)) {
1096 /* Transform it and send it */
1097 if (buf->size>0) {
1098 buf_prepend_uint32(buf,LABEL_MSG9);
1099 st->current_transform->forwards(st->current_transform->st,
1100 buf, &transform_err);
1101 buf_prepend_uint32(buf,LABEL_MSG0);
1102 buf_prepend_uint32(buf,st->index);
1103 buf_prepend_uint32(buf,st->remote_session_id);
1104 transport_xmit(st,&st->peers,buf,False);
1105 }
1106 BUF_FREE(buf);
1107 return;
1108 }
1109
1110 slog(st,LOG_DROP,"discarding outgoing packet of size %d",buf->size);
1111 BUF_FREE(buf);
1112 initiate_key_setup(st,"outgoing packet");
1113 }
1114
1115 /* This function is called by the communication device to deliver
1116 packets from our peers. */
1117 static bool_t site_incoming(void *sst, struct buffer_if *buf,
1118 const struct comm_addr *source)
1119 {
1120 struct site *st=sst;
1121
1122 if (buf->size < 12) return False;
1123
1124 uint32_t dest=ntohl(*(uint32_t *)buf->start);
1125
1126 if (dest==0) {
1127 /* It could be for any site - it should have LABEL_MSG1 and
1128 might have our name and our peer's name in it */
1129 if (buf->size<(st->setupsiglen+8+NONCELEN)) return False;
1130 if (memcmp(buf->start+8,st->setupsig,st->setupsiglen)==0) {
1131 /* It's addressed to us. Decide what to do about it. */
1132 dump_packet(st,buf,source,True);
1133 if (st->state==SITE_RUN || st->state==SITE_RESOLVE ||
1134 st->state==SITE_WAIT) {
1135 /* We should definitely process it */
1136 if (process_msg1(st,buf,source)) {
1137 slog(st,LOG_SETUP_INIT,"key setup initiated by peer");
1138 enter_new_state(st,SITE_SENTMSG2);
1139 } else {
1140 slog(st,LOG_ERROR,"failed to process incoming msg1");
1141 }
1142 BUF_FREE(buf);
1143 return True;
1144 } else if (st->state==SITE_SENTMSG1) {
1145 /* We've just sent a message 1! They may have crossed on
1146 the wire. If we have priority then we ignore the
1147 incoming one, otherwise we process it as usual. */
1148 if (st->setup_priority) {
1149 BUF_FREE(buf);
1150 slog(st,LOG_DUMP,"crossed msg1s; we are higher "
1151 "priority => ignore incoming msg1");
1152 return True;
1153 } else {
1154 slog(st,LOG_DUMP,"crossed msg1s; we are lower "
1155 "priority => use incoming msg1");
1156 if (process_msg1(st,buf,source)) {
1157 BUF_FREE(&st->buffer); /* Free our old message 1 */
1158 enter_new_state(st,SITE_SENTMSG2);
1159 } else {
1160 slog(st,LOG_ERROR,"failed to process an incoming "
1161 "crossed msg1 (we have low priority)");
1162 }
1163 BUF_FREE(buf);
1164 return True;
1165 }
1166 }
1167 /* The message 1 was received at an unexpected stage of the
1168 key setup. XXX POLICY - what do we do? */
1169 slog(st,LOG_UNEXPECTED,"unexpected incoming message 1");
1170 BUF_FREE(buf);
1171 return True;
1172 }
1173 return False; /* Not for us. */
1174 }
1175 if (dest==st->index) {
1176 /* Explicitly addressed to us */
1177 uint32_t msgtype=ntohl(get_uint32(buf->start+8));
1178 if (msgtype!=LABEL_MSG0) dump_packet(st,buf,source,True);
1179 switch (msgtype) {
1180 case 0: /* NAK */
1181 /* If the source is our current peer then initiate a key setup,
1182 because our peer's forgotten the key */
1183 if (get_uint32(buf->start+4)==st->remote_session_id) {
1184 initiate_key_setup(st,"received a NAK");
1185 } else {
1186 slog(st,LOG_SEC,"bad incoming NAK");
1187 }
1188 break;
1189 case LABEL_MSG0:
1190 process_msg0(st,buf,source);
1191 break;
1192 case LABEL_MSG1:
1193 /* Setup packet: should not have been explicitly addressed
1194 to us */
1195 slog(st,LOG_SEC,"incoming explicitly addressed msg1");
1196 break;
1197 case LABEL_MSG2:
1198 /* Setup packet: expected only in state SENTMSG1 */
1199 if (st->state!=SITE_SENTMSG1) {
1200 slog(st,LOG_UNEXPECTED,"unexpected MSG2");
1201 } else if (process_msg2(st,buf,source)) {
1202 transport_setup_msgok(st,source);
1203 enter_new_state(st,SITE_SENTMSG3);
1204 } else {
1205 slog(st,LOG_SEC,"invalid MSG2");
1206 }
1207 break;
1208 case LABEL_MSG3:
1209 /* Setup packet: expected only in state SENTMSG2 */
1210 if (st->state!=SITE_SENTMSG2) {
1211 slog(st,LOG_UNEXPECTED,"unexpected MSG3");
1212 } else if (process_msg3(st,buf,source)) {
1213 transport_setup_msgok(st,source);
1214 enter_new_state(st,SITE_SENTMSG4);
1215 } else {
1216 slog(st,LOG_SEC,"invalid MSG3");
1217 }
1218 break;
1219 case LABEL_MSG4:
1220 /* Setup packet: expected only in state SENTMSG3 */
1221 if (st->state!=SITE_SENTMSG3) {
1222 slog(st,LOG_UNEXPECTED,"unexpected MSG4");
1223 } else if (process_msg4(st,buf,source)) {
1224 transport_setup_msgok(st,source);
1225 enter_new_state(st,SITE_SENTMSG5);
1226 } else {
1227 slog(st,LOG_SEC,"invalid MSG4");
1228 }
1229 break;
1230 case LABEL_MSG5:
1231 /* Setup packet: expected only in state SENTMSG4 */
1232 /* (may turn up in state RUN if our return MSG6 was lost
1233 and the new key has already been activated. In that
1234 case we should treat it as an ordinary PING packet. We
1235 can't pass it to process_msg5() because the
1236 new_transform will now be unkeyed. XXX) */
1237 if (st->state!=SITE_SENTMSG4) {
1238 slog(st,LOG_UNEXPECTED,"unexpected MSG5");
1239 } else if (process_msg5(st,buf,source)) {
1240 transport_setup_msgok(st,source);
1241 enter_new_state(st,SITE_RUN);
1242 } else {
1243 slog(st,LOG_SEC,"invalid MSG5");
1244 }
1245 break;
1246 case LABEL_MSG6:
1247 /* Setup packet: expected only in state SENTMSG5 */
1248 if (st->state!=SITE_SENTMSG5) {
1249 slog(st,LOG_UNEXPECTED,"unexpected MSG6");
1250 } else if (process_msg6(st,buf,source)) {
1251 BUF_FREE(&st->buffer); /* Free message 5 */
1252 transport_setup_msgok(st,source);
1253 activate_new_key(st);
1254 } else {
1255 slog(st,LOG_SEC,"invalid MSG6");
1256 }
1257 break;
1258 default:
1259 slog(st,LOG_SEC,"received message of unknown type 0x%08x",
1260 msgtype);
1261 break;
1262 }
1263 BUF_FREE(buf);
1264 return True;
1265 }
1266
1267 return False;
1268 }
1269
1270 static void site_control(void *vst, bool_t run)
1271 {
1272 struct site *st=vst;
1273 if (run) enter_state_run(st);
1274 else enter_state_stop(st);
1275 }
1276
1277 static void site_phase_hook(void *sst, uint32_t newphase)
1278 {
1279 struct site *st=sst;
1280
1281 /* The program is shutting down; tell our peer */
1282 send_msg7(st,"shutting down");
1283 }
1284
1285 static list_t *site_apply(closure_t *self, struct cloc loc, dict_t *context,
1286 list_t *args)
1287 {
1288 static uint32_t index_sequence;
1289 struct site *st;
1290 item_t *item;
1291 dict_t *dict;
1292 int i;
1293
1294 st=safe_malloc(sizeof(*st),"site_apply");
1295
1296 st->cl.description="site";
1297 st->cl.type=CL_SITE;
1298 st->cl.apply=NULL;
1299 st->cl.interface=&st->ops;
1300 st->ops.st=st;
1301 st->ops.control=site_control;
1302 st->ops.status=site_status;
1303
1304 /* First parameter must be a dict */
1305 item=list_elem(args,0);
1306 if (!item || item->type!=t_dict)
1307 cfgfatal(loc,"site","parameter must be a dictionary\n");
1308
1309 dict=item->data.dict;
1310 st->localname=dict_read_string(dict, "local-name", True, "site", loc);
1311 st->remotename=dict_read_string(dict, "name", True, "site", loc);
1312
1313 st->peer_mobile=dict_read_bool(dict,"mobile",False,"site",loc,False);
1314 bool_t local_mobile=
1315 dict_read_bool(dict,"local-mobile",False,"site",loc,False);
1316
1317 /* Sanity check (which also allows the 'sites' file to include
1318 site() closures for all sites including our own): refuse to
1319 talk to ourselves */
1320 if (strcmp(st->localname,st->remotename)==0) {
1321 Message(M_DEBUG,"site %s: local-name==name -> ignoring this site\n",
1322 st->localname);
1323 if (st->peer_mobile != local_mobile)
1324 cfgfatal(loc,"site","site %s's peer-mobile=%d"
1325 " but our local-mobile=%d\n",
1326 st->localname, st->peer_mobile, local_mobile);
1327 free(st);
1328 return NULL;
1329 }
1330 if (st->peer_mobile && local_mobile) {
1331 Message(M_WARNING,"site %s: site is mobile but so are we"
1332 " -> ignoring this site\n", st->remotename);
1333 free(st);
1334 return NULL;
1335 }
1336
1337 assert(index_sequence < 0xffffffffUL);
1338 st->index = ++index_sequence;
1339 st->netlink=find_cl_if(dict,"link",CL_NETLINK,True,"site",loc);
1340
1341 list_t *comms_cfg=dict_lookup(dict,"comm");
1342 if (!comms_cfg) cfgfatal(loc,"site","closure list \"comm\" not found\n");
1343 st->ncomms=list_length(comms_cfg);
1344 st->comms=safe_malloc_ary(sizeof(*st->comms),st->ncomms,"comms");
1345 assert(st->ncomms);
1346 for (i=0; i<st->ncomms; i++) {
1347 item_t *item=list_elem(comms_cfg,i);
1348 if (item->type!=t_closure)
1349 cfgfatal(loc,"site","comm is not a closure\n");
1350 closure_t *cl=item->data.closure;
1351 if (cl->type!=CL_COMM) cfgfatal(loc,"site","comm closure wrong type\n");
1352 st->comms[i]=cl->interface;
1353 }
1354
1355 st->resolver=find_cl_if(dict,"resolver",CL_RESOLVER,True,"site",loc);
1356 st->log=find_cl_if(dict,"log",CL_LOG,True,"site",loc);
1357 st->random=find_cl_if(dict,"random",CL_RANDOMSRC,True,"site",loc);
1358
1359 st->privkey=find_cl_if(dict,"local-key",CL_RSAPRIVKEY,True,"site",loc);
1360 st->address=dict_read_string(dict, "address", False, "site", loc);
1361 if (st->address)
1362 st->remoteport=dict_read_number(dict,"port",True,"site",loc,0);
1363 else st->remoteport=0;
1364 st->pubkey=find_cl_if(dict,"key",CL_RSAPUBKEY,True,"site",loc);
1365
1366 st->transform=
1367 find_cl_if(dict,"transform",CL_TRANSFORM,True,"site",loc);
1368
1369 st->dh=find_cl_if(dict,"dh",CL_DH,True,"site",loc);
1370 st->hash=find_cl_if(dict,"hash",CL_HASH,True,"site",loc);
1371
1372 #define DEFAULT(D) (st->peer_mobile || local_mobile \
1373 ? DEFAULT_MOBILE_##D : DEFAULT_##D)
1374 #define CFG_NUMBER(k,D) dict_read_number(dict,(k),False,"site",loc,DEFAULT(D));
1375
1376 st->key_lifetime= CFG_NUMBER("key-lifetime", KEY_LIFETIME);
1377 st->setup_retries= CFG_NUMBER("setup-retries", SETUP_RETRIES);
1378 st->setup_retry_interval= CFG_NUMBER("setup-timeout", SETUP_RETRY_INTERVAL);
1379 st->wait_timeout= CFG_NUMBER("wait-time", WAIT_TIME);
1380
1381 st->mobile_peer_expiry= dict_read_number(
1382 dict,"mobile-peer-expiry",False,"site",loc,DEFAULT_MOBILE_PEER_EXPIRY);
1383
1384 st->transport_peers_max= !st->peer_mobile ? 1 : dict_read_number(
1385 dict,"mobile-peers-max",False,"site",loc,DEFAULT_MOBILE_PEERS_MAX);
1386 if (st->transport_peers_max<1 ||
1387 st->transport_peers_max>=MAX_MOBILE_PEERS_MAX) {
1388 cfgfatal(loc,"site","mobile-peers-max must be in range 1.."
1389 STRING(MAX_MOBILE_PEERS_MAX) "\n");
1390 }
1391
1392 if (st->key_lifetime < DEFAULT(KEY_RENEGOTIATE_GAP)*2)
1393 st->key_renegotiate_time=st->key_lifetime/2;
1394 else
1395 st->key_renegotiate_time=st->key_lifetime-DEFAULT(KEY_RENEGOTIATE_GAP);
1396 st->key_renegotiate_time=dict_read_number(
1397 dict,"renegotiate-time",False,"site",loc,st->key_renegotiate_time);
1398 if (st->key_renegotiate_time > st->key_lifetime) {
1399 cfgfatal(loc,"site",
1400 "renegotiate-time must be less than key-lifetime\n");
1401 }
1402
1403 st->log_events=string_list_to_word(dict_lookup(dict,"log-events"),
1404 log_event_table,"site");
1405
1406 st->tunname=safe_malloc(strlen(st->localname)+strlen(st->remotename)+5,
1407 "site_apply");
1408 sprintf(st->tunname,"%s<->%s",st->localname,st->remotename);
1409
1410 /* The information we expect to see in incoming messages of type 1 */
1411 /* fixme: lots of unchecked overflows here, but the results are only
1412 corrupted packets rather than undefined behaviour */
1413 st->setupsiglen=strlen(st->remotename)+strlen(st->localname)+8;
1414 st->setupsig=safe_malloc(st->setupsiglen,"site_apply");
1415 put_uint32(st->setupsig+0,LABEL_MSG1);
1416 put_uint16(st->setupsig+4,strlen(st->remotename));
1417 memcpy(&st->setupsig[6],st->remotename,strlen(st->remotename));
1418 put_uint16(st->setupsig+(6+strlen(st->remotename)),strlen(st->localname));
1419 memcpy(&st->setupsig[8+strlen(st->remotename)],st->localname,
1420 strlen(st->localname));
1421 st->setup_priority=(strcmp(st->localname,st->remotename)>0);
1422
1423 buffer_new(&st->buffer,SETUP_BUFFER_LEN);
1424
1425 /* We are interested in poll(), but only for timeouts. We don't have
1426 any fds of our own. */
1427 register_for_poll(st, site_beforepoll, site_afterpoll, 0, "site");
1428 st->timeout=0;
1429
1430 st->current_valid=False;
1431 st->current_key_timeout=0;
1432 transport_peers_clear(st,&st->peers);
1433 transport_peers_clear(st,&st->setup_peers);
1434 /* XXX mlock these */
1435 st->dhsecret=safe_malloc(st->dh->len,"site:dhsecret");
1436 st->sharedsecret=safe_malloc(st->transform->keylen,"site:sharedsecret");
1437
1438 /* We need to compute some properties of our comms */
1439 #define COMPUTE_WORST(pad) \
1440 int worst_##pad=0; \
1441 for (i=0; i<st->ncomms; i++) { \
1442 int thispad=st->comms[i]->pad; \
1443 if (thispad > worst_##pad) \
1444 worst_##pad=thispad; \
1445 }
1446 COMPUTE_WORST(min_start_pad)
1447 COMPUTE_WORST(min_end_pad)
1448
1449 /* We need to register the remote networks with the netlink device */
1450 st->netlink->reg(st->netlink->st, site_outgoing, st,
1451 st->transform->max_start_pad+(4*4)+
1452 worst_min_start_pad,
1453 st->transform->max_end_pad+worst_min_end_pad);
1454
1455 for (i=0; i<st->ncomms; i++)
1456 st->comms[i]->request_notify(st->comms[i]->st, st, site_incoming);
1457
1458 st->current_transform=st->transform->create(st->transform->st);
1459 st->new_transform=st->transform->create(st->transform->st);
1460
1461 enter_state_stop(st);
1462
1463 add_hook(PHASE_SHUTDOWN,site_phase_hook,st);
1464
1465 return new_closure(&st->cl);
1466 }
1467
1468 void site_module(dict_t *dict)
1469 {
1470 add_closure(dict,"site",site_apply);
1471 }
1472
1473
1474 /***** TRANSPORT PEERS definitions *****/
1475
1476 static void transport_peers_debug(struct site *st, transport_peers *dst,
1477 const char *didwhat,
1478 int nargs, const struct comm_addr *args,
1479 size_t stride) {
1480 int i;
1481 char *argp;
1482
1483 if (!(st->log_events & LOG_PEER_ADDRS))
1484 return; /* an optimisation */
1485
1486 slog(st, LOG_PEER_ADDRS, "peers (%s) %s nargs=%d => npeers=%d",
1487 (dst==&st->peers ? "data" :
1488 dst==&st->setup_peers ? "setup" : "UNKNOWN"),
1489 didwhat, nargs, dst->npeers);
1490
1491 for (i=0, argp=(void*)args;
1492 i<nargs;
1493 i++, (argp+=stride?stride:sizeof(*args))) {
1494 const struct comm_addr *ca=(void*)argp;
1495 slog(st, LOG_PEER_ADDRS, " args: addrs[%d]=%s",
1496 i, ca->comm->addr_to_string(ca->comm->st,ca));
1497 }
1498 for (i=0; i<dst->npeers; i++) {
1499 struct timeval diff;
1500 timersub(tv_now,&dst->peers[i].last,&diff);
1501 const struct comm_addr *ca=&dst->peers[i].addr;
1502 slog(st, LOG_PEER_ADDRS, " peers: addrs[%d]=%s T-%ld.%06ld",
1503 i, ca->comm->addr_to_string(ca->comm->st,ca),
1504 (unsigned long)diff.tv_sec, (unsigned long)diff.tv_usec);
1505 }
1506 }
1507
1508 static int transport_peer_compar(const void *av, const void *bv) {
1509 const transport_peer *a=av;
1510 const transport_peer *b=bv;
1511 /* put most recent first in the array */
1512 if (timercmp(&a->last, &b->last, <)) return +1;
1513 if (timercmp(&a->last, &b->last, >)) return -11;
1514 return 0;
1515 }
1516
1517 static void transport_peers_expire(struct site *st, transport_peers *peers) {
1518 /* peers must be sorted first */
1519 int previous_peers=peers->npeers;
1520 struct timeval oldest;
1521 oldest.tv_sec = tv_now->tv_sec - st->mobile_peer_expiry;
1522 oldest.tv_usec = tv_now->tv_usec;
1523 while (peers->npeers>1 &&
1524 timercmp(&peers->peers[peers->npeers-1].last, &oldest, <))
1525 peers->npeers--;
1526 if (peers->npeers != previous_peers)
1527 transport_peers_debug(st,peers,"expire", 0,0,0);
1528 }
1529
1530 static void transport_record_peer(struct site *st, transport_peers *peers,
1531 const struct comm_addr *addr, const char *m) {
1532 int slot, changed=0;
1533
1534 for (slot=0; slot<peers->npeers; slot++)
1535 if (!memcmp(&peers->peers[slot].addr, addr, sizeof(*addr)))
1536 goto found;
1537
1538 changed=1;
1539 if (peers->npeers==st->transport_peers_max)
1540 slot=st->transport_peers_max;
1541 else
1542 slot=peers->npeers++;
1543
1544 found:
1545 peers->peers[slot].addr=*addr;
1546 peers->peers[slot].last=*tv_now;
1547
1548 if (peers->npeers>1)
1549 qsort(peers->peers, peers->npeers,
1550 sizeof(*peers->peers), transport_peer_compar);
1551
1552 if (changed || peers->npeers!=1)
1553 transport_peers_debug(st,peers,m, 1,addr,0);
1554 transport_peers_expire(st, peers);
1555 }
1556
1557 static bool_t transport_compute_setupinit_peers(struct site *st,
1558 const struct comm_addr *configured_addr /* 0 if none or not found */) {
1559
1560 if (!configured_addr && !transport_peers_valid(&st->peers))
1561 return False;
1562
1563 slog(st,LOG_SETUP_INIT,
1564 (!configured_addr ? "using only %d old peer address(es)"
1565 : "using configured address, and/or perhaps %d old peer address(es)"),
1566 st->peers);
1567
1568 /* Non-mobile peers havve st->peers.npeers==0 or ==1, since they
1569 * have transport_peers_max==1. The effect is that this code
1570 * always uses the configured address if supplied, or otherwise
1571 * the existing data peer if one exists; this is as desired. */
1572
1573 transport_peers_copy(st,&st->setup_peers,&st->peers);
1574
1575 if (configured_addr)
1576 transport_record_peer(st,&st->setup_peers,configured_addr,"setupinit");
1577
1578 assert(transport_peers_valid(&st->setup_peers));
1579 return True;
1580 }
1581
1582 static void transport_setup_msgok(struct site *st, const struct comm_addr *a) {
1583 if (st->peer_mobile)
1584 transport_record_peer(st,&st->setup_peers,a,"setupmsg");
1585 }
1586 static void transport_data_msgok(struct site *st, const struct comm_addr *a) {
1587 if (st->peer_mobile)
1588 transport_record_peer(st,&st->peers,a,"datamsg");
1589 }
1590
1591 static int transport_peers_valid(transport_peers *peers) {
1592 return peers->npeers;
1593 }
1594 static void transport_peers_clear(struct site *st, transport_peers *peers) {
1595 peers->npeers= 0;
1596 transport_peers_debug(st,peers,"clear",0,0,0);
1597 }
1598 static void transport_peers_copy(struct site *st, transport_peers *dst,
1599 const transport_peers *src) {
1600 dst->npeers=src->npeers;
1601 memcpy(dst->peers, src->peers, sizeof(*dst->peers) * dst->npeers);
1602 transport_peers_debug(st,dst,"copy",
1603 src->npeers, &src->peers->addr, sizeof(*src->peers));
1604 }
1605
1606 void transport_xmit(struct site *st, transport_peers *peers,
1607 struct buffer_if *buf, bool_t candebug) {
1608 int slot;
1609 transport_peers_expire(st, peers);
1610 for (slot=0; slot<peers->npeers; slot++) {
1611 transport_peer *peer=&peers->peers[slot];
1612 if (candebug)
1613 dump_packet(st, buf, &peer->addr, False);
1614 peer->addr.comm->sendmsg(peer->addr.comm->st, buf, &peer->addr);
1615 }
1616 }
1617
1618 /***** END of transport peers declarations *****/
Secnet virtual private network: clone of http://www.chiark.greenend.org.uk/ucgi/~ian/git/secnet.git/