~mdw / secnet / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Introduce negotiation for Diffie--Hellman groups.
[secnet] / site.c
1 /* site.c - manage communication with a remote network site */
2
3 /*
4 * This file is part of secnet.
5 * See README for full list of copyright holders.
6 *
7 * secnet is free software; you can redistribute it and/or modify it
8 * under the terms of the GNU General Public License as published by
9 * the Free Software Foundation; either version 3 of the License, or
10 * (at your option) any later version.
11 *
12 * secnet is distributed in the hope that it will be useful, but
13 * WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
15 * General Public License for more details.
16 *
17 * You should have received a copy of the GNU General Public License
18 * version 3 along with secnet; if not, see
19 * https://www.gnu.org/licenses/gpl.html.
20 */
21
22 /* The 'site' code doesn't know anything about the structure of the
23 packets it's transmitting. In fact, under the new netlink
24 configuration scheme it doesn't need to know anything at all about
25 IP addresses, except how to contact its peer. This means it could
26 potentially be used to tunnel other protocols too (IPv6, IPX, plain
27 old Ethernet frames) if appropriate netlink code can be written
28 (and that ought not to be too hard, eg. using the TUN/TAP device to
29 pretend to be an Ethernet interface). */
30
31 /* At some point in the future the netlink code will be asked for
32 configuration information to go in the PING/PONG packets at the end
33 of the key exchange. */
34
35 #include "secnet.h"
36 #include <stdio.h>
37 #include <string.h>
38 #include <limits.h>
39 #include <assert.h>
40 #include <sys/socket.h>
41
42 #include <sys/mman.h>
43 #include "util.h"
44 #include "unaligned.h"
45 #include "magic.h"
46
47 #define SETUP_BUFFER_LEN 2048
48
49 #define DEFAULT_KEY_LIFETIME (3600*1000) /* [ms] */
50 #define DEFAULT_KEY_RENEGOTIATE_GAP (5*60*1000) /* [ms] */
51 #define DEFAULT_SETUP_RETRIES 5
52 #define DEFAULT_SETUP_RETRY_INTERVAL (2*1000) /* [ms] */
53 #define DEFAULT_WAIT_TIME (20*1000) /* [ms] */
54
55 #define DEFAULT_MOBILE_KEY_LIFETIME (2*24*3600*1000) /* [ms] */
56 #define DEFAULT_MOBILE_KEY_RENEGOTIATE_GAP (12*3600*1000) /* [ms] */
57 #define DEFAULT_MOBILE_SETUP_RETRIES 30
58 #define DEFAULT_MOBILE_SETUP_RETRY_INTERVAL (1*1000) /* [ms] */
59 #define DEFAULT_MOBILE_WAIT_TIME (10*1000) /* [ms] */
60
61 #define DEFAULT_MOBILE_PEER_EXPIRY (2*60) /* [s] */
62
63 /* Each site can be in one of several possible states. */
64
65 /* States:
66 SITE_STOP - nothing is allowed to happen; tunnel is down;
67 all session keys have been erased
68 -> SITE_RUN upon external instruction
69 SITE_RUN - site up, maybe with valid key
70 -> SITE_RESOLVE upon outgoing packet and no valid key
71 we start name resolution for the other end of the tunnel
72 -> SITE_SENTMSG2 upon valid incoming message 1 and suitable time
73 we send an appropriate message 2
74 SITE_RESOLVE - waiting for name resolution
75 -> SITE_SENTMSG1 upon successful resolution
76 we send an appropriate message 1
77 -> SITE_SENTMSG2 upon valid incoming message 1 (then abort resolution)
78 we abort resolution and
79 -> SITE_WAIT on timeout or resolution failure
80 SITE_SENTMSG1
81 -> SITE_SENTMSG2 upon valid incoming message 1 from higher priority end
82 -> SITE_SENTMSG3 upon valid incoming message 2
83 -> SITE_WAIT on timeout
84 SITE_SENTMSG2
85 -> SITE_SENTMSG4 upon valid incoming message 3
86 -> SITE_WAIT on timeout
87 SITE_SENTMSG3
88 -> SITE_SENTMSG5 upon valid incoming message 4
89 -> SITE_WAIT on timeout
90 SITE_SENTMSG4
91 -> SITE_RUN upon valid incoming message 5
92 -> SITE_WAIT on timeout
93 SITE_SENTMSG5
94 -> SITE_RUN upon valid incoming message 6
95 -> SITE_WAIT on timeout
96 SITE_WAIT - failed to establish key; do nothing for a while
97 -> SITE_RUN on timeout
98 */
99
100 #define SITE_STOP 0
101 #define SITE_RUN 1
102 #define SITE_RESOLVE 2
103 #define SITE_SENTMSG1 3
104 #define SITE_SENTMSG2 4
105 #define SITE_SENTMSG3 5
106 #define SITE_SENTMSG4 6
107 #define SITE_SENTMSG5 7
108 #define SITE_WAIT 8
109
110 #define CASES_MSG3_KNOWN LABEL_MSG3: case LABEL_MSG3BIS: case LABEL_MSG3TER
111
112 int32_t site_max_start_pad = 4*4;
113
114 static cstring_t state_name(uint32_t state)
115 {
116 switch (state) {
117 case 0: return "STOP";
118 case 1: return "RUN";
119 case 2: return "RESOLVE";
120 case 3: return "SENTMSG1";
121 case 4: return "SENTMSG2";
122 case 5: return "SENTMSG3";
123 case 6: return "SENTMSG4";
124 case 7: return "SENTMSG5";
125 case 8: return "WAIT";
126 default: return "*bad state*";
127 }
128 }
129
130 #define NONCELEN 8
131
132 #define LOG_UNEXPECTED 0x00000001
133 #define LOG_SETUP_INIT 0x00000002
134 #define LOG_SETUP_TIMEOUT 0x00000004
135 #define LOG_ACTIVATE_KEY 0x00000008
136 #define LOG_TIMEOUT_KEY 0x00000010
137 #define LOG_SEC 0x00000020
138 #define LOG_STATE 0x00000040
139 #define LOG_DROP 0x00000080
140 #define LOG_DUMP 0x00000100
141 #define LOG_ERROR 0x00000400
142 #define LOG_PEER_ADDRS 0x00000800
143
144 static struct flagstr log_event_table[]={
145 { "unexpected", LOG_UNEXPECTED },
146 { "setup-init", LOG_SETUP_INIT },
147 { "setup-timeout", LOG_SETUP_TIMEOUT },
148 { "activate-key", LOG_ACTIVATE_KEY },
149 { "timeout-key", LOG_TIMEOUT_KEY },
150 { "security", LOG_SEC },
151 { "state-change", LOG_STATE },
152 { "packet-drop", LOG_DROP },
153 { "dump-packets", LOG_DUMP },
154 { "errors", LOG_ERROR },
155 { "peer-addrs", LOG_PEER_ADDRS },
156 { "default", LOG_SETUP_INIT|LOG_SETUP_TIMEOUT|
157 LOG_ACTIVATE_KEY|LOG_TIMEOUT_KEY|LOG_SEC|LOG_ERROR },
158 { "all", 0xffffffff },
159 { NULL, 0 }
160 };
161
162
163 /***** TRANSPORT PEERS declarations *****/
164
165 /* Details of "mobile peer" semantics:
166
167 - We use the same data structure for the different configurations,
168 but manage it with different algorithms.
169
170 - We record up to mobile_peers_max peer address/port numbers
171 ("peers") for key setup, and separately up to mobile_peers_max
172 for data transfer.
173
174 - In general, we make a new set of addrs (see below) when we start
175 a new key exchange; the key setup addrs become the data transport
176 addrs when key setup complets.
177
178 If our peer is mobile:
179
180 - We send to all recent addresses of incoming packets, plus
181 initially all configured addresses (which we also expire).
182
183 - So, we record addrs of good incoming packets, as follows:
184 1. expire any peers last seen >120s ("mobile-peer-expiry") ago
185 2. add the peer of the just received packet to the applicable list
186 (possibly evicting the oldest entries to make room)
187 NB that we do not expire peers until an incoming packet arrives.
188
189 - If the peer has a configured address or name, we record them the
190 same way, but only as a result of our own initiation of key
191 setup. (We might evict some incoming packet addrs to make room.)
192
193 - The default number of addrs to keep is 3, or 4 if we have a
194 configured name or address. That's space for two configured
195 addresses (one IPv6 and one IPv4), plus two received addresses.
196
197 - Outgoing packets are sent to every recorded address in the
198 applicable list. Any unsupported[1] addresses are deleted from
199 the list right away. (This should only happen to configured
200 addresses, of course, but there is no need to check that.)
201
202 - When we successfully complete a key setup, we merge the key setup
203 peers into the data transfer peers.
204
205 [1] An unsupported address is one for whose AF we don't have a
206 socket (perhaps because we got EAFNOSUPPORT or some such) or for
207 which sendto gives ENETUNREACH.
208
209 If neither end is mobile:
210
211 - When peer initiated the key exchange, we use the incoming packet
212 address.
213
214 - When we initiate the key exchange, we try configured addresses
215 until we get one which isn't unsupported then fixate on that.
216
217 - When we complete a key setup, we replace the data transport peers
218 with those from the key setup.
219
220 If we are mobile:
221
222 - We can't tell when local network setup changes so we can't cache
223 the unsupported addrs and completely remove the spurious calls to
224 sendto, but we can optimise things a bit by deprioritising addrs
225 which seem to be unsupported.
226
227 - Use only configured addresses. (Except, that if our peer
228 initiated a key exchange we use the incoming packet address until
229 our name resolution completes.)
230
231 - When we send a packet, try each address in turn; if addr
232 supported, put that address to the end of the list for future
233 packets, and go onto the next address.
234
235 - When we complete a key setup, we replace the data transport peers
236 with those from the key setup.
237
238 */
239
240 typedef struct {
241 struct timeval last;
242 struct comm_addr addr;
243 } transport_peer;
244
245 typedef struct {
246 /* configuration information */
247 /* runtime information */
248 int npeers;
249 transport_peer peers[MAX_PEER_ADDRS];
250 } transport_peers;
251
252 /* Basic operations on transport peer address sets */
253 static void transport_peers_clear(struct site *st, transport_peers *peers);
254 static int transport_peers_valid(transport_peers *peers);
255 static void transport_peers_copy(struct site *st, transport_peers *dst,
256 const transport_peers *src);
257
258 /* Record address of incoming setup packet; resp. data packet. */
259 static void transport_setup_msgok(struct site *st, const struct comm_addr *a);
260 static void transport_data_msgok(struct site *st, const struct comm_addr *a);
261
262 /* Initialise the setup addresses. Called before we send the first
263 * packet in a key exchange. If we are the initiator, as a result of
264 * resolve completing (or being determined not to be relevant) or an
265 * incoming PROD; if we are the responder, as a result of the MSG1. */
266 static bool_t transport_compute_setupinit_peers(struct site *st,
267 const struct comm_addr *configured_addrs /* 0 if none or not found */,
268 int n_configured_addrs /* 0 if none or not found */,
269 const struct comm_addr *incoming_packet_addr /* 0 if none */);
270
271 /* Called if we are the responder in a key setup, when the resolve
272 * completes. transport_compute_setupinit_peers will hvae been called
273 * earlier. If _complete is called, we are still doing the key setup
274 * (and we should use the new values for both the rest of the key
275 * setup and the ongoing data exchange); if _tardy is called, the key
276 * setup is done (either completed or not) and only the data peers are
277 * relevant */
278 static void transport_resolve_complete(struct site *st,
279 const struct comm_addr *addrs, int naddrs);
280 static void transport_resolve_complete_tardy(struct site *st,
281 const struct comm_addr *addrs, int naddrs);
282
283 static void transport_xmit(struct site *st, transport_peers *peers,
284 struct buffer_if *buf, bool_t candebug);
285
286 /***** END of transport peers declarations *****/
287
288
289 struct data_key {
290 struct transform_inst_if *transform;
291 uint64_t key_timeout; /* End of life of current key */
292 uint32_t remote_session_id;
293 };
294
295 struct site {
296 closure_t cl;
297 struct site_if ops;
298 /* configuration information */
299 string_t localname;
300 string_t remotename;
301 bool_t keepalive;
302 bool_t local_mobile, peer_mobile; /* Mobile client support */
303 int32_t transport_peers_max;
304 string_t tunname; /* localname<->remotename by default, used in logs */
305 cstring_t *addresses; /* DNS name or address(es) for bootstrapping, optional */
306 int remoteport; /* Port for bootstrapping, optional */
307 uint32_t mtu_target;
308 struct netlink_if *netlink;
309 struct comm_if **comms;
310 struct comm_clientinfo **commclientinfos;
311 int ncomms;
312 struct resolver_if *resolver;
313 struct log_if *log;
314 struct random_if *random;
315 struct rsaprivkey_if *privkey;
316 struct rsapubkey_if *pubkey;
317 struct transform_if **transforms;
318 int ntransforms;
319 struct dh_if **dhs;
320 int ndhs;
321 struct hash_if *hash;
322
323 uint32_t index; /* Index of this site */
324 uint32_t early_capabilities;
325 uint32_t local_capabilities;
326 int32_t setup_retries; /* How many times to send setup packets */
327 int32_t setup_retry_interval; /* Initial timeout for setup packets */
328 int32_t wait_timeout_mean; /* How long to wait if setup unsuccessful */
329 int32_t mobile_peer_expiry; /* How long to remember 2ary addresses */
330 int32_t key_lifetime; /* How long a key lasts once set up */
331 int32_t key_renegotiate_time; /* If we see traffic (or a keepalive)
332 after this time, initiate a new
333 key exchange */
334
335 bool_t our_name_later; /* our name > peer name */
336 uint32_t log_events;
337
338 /* runtime information */
339 uint32_t state;
340 uint64_t now; /* Most recently seen time */
341 bool_t allow_send_prod;
342 bool_t msg1_crossed_logged;
343 int resolving_count;
344 int resolving_n_results_all;
345 int resolving_n_results_stored;
346 struct comm_addr resolving_results[MAX_PEER_ADDRS];
347
348 /* The currently established session */
349 struct data_key current;
350 struct data_key auxiliary_key;
351 bool_t auxiliary_is_new;
352 uint64_t renegotiate_key_time; /* When we can negotiate a new key */
353 uint64_t auxiliary_renegotiate_key_time;
354 transport_peers peers; /* Current address(es) of peer for data traffic */
355
356 /* The current key setup protocol exchange. We can only be
357 involved in one of these at a time. There's a potential for
358 denial of service here (the attacker keeps sending a setup
359 packet; we keep trying to continue the exchange, and have to
360 timeout before we can listen for another setup packet); perhaps
361 we should keep a list of 'bad' sources for setup packets. */
362 uint32_t remote_capabilities;
363 uint16_t remote_adv_mtu;
364 struct transform_if *chosen_transform;
365 struct dh_if *chosen_dh;
366 uint32_t setup_session_id;
367 transport_peers setup_peers;
368 uint8_t localN[NONCELEN]; /* Nonces for key exchange */
369 uint8_t remoteN[NONCELEN];
370 struct buffer_if buffer; /* Current outgoing key exchange packet */
371 struct buffer_if scratch;
372 int32_t retries; /* Number of retries remaining */
373 uint64_t timeout; /* Timeout for current state */
374 uint8_t *dhsecret;
375 uint8_t *sharedsecret;
376 struct transform_inst_if *new_transform; /* For key setup/verify */
377 };
378
379 static uint32_t event_log_priority(struct site *st, uint32_t event)
380 {
381 if (!(event&st->log_events))
382 return 0;
383 switch(event) {
384 case LOG_UNEXPECTED: return M_INFO;
385 case LOG_SETUP_INIT: return M_INFO;
386 case LOG_SETUP_TIMEOUT: return M_NOTICE;
387 case LOG_ACTIVATE_KEY: return M_INFO;
388 case LOG_TIMEOUT_KEY: return M_INFO;
389 case LOG_SEC: return M_SECURITY;
390 case LOG_STATE: return M_DEBUG;
391 case LOG_DROP: return M_DEBUG;
392 case LOG_DUMP: return M_DEBUG;
393 case LOG_ERROR: return M_ERR;
394 case LOG_PEER_ADDRS: return M_DEBUG;
395 default: return M_ERR;
396 }
397 }
398
399 static void vslog(struct site *st, uint32_t event, cstring_t msg, va_list ap)
400 FORMAT(printf,3,0);
401 static void vslog(struct site *st, uint32_t event, cstring_t msg, va_list ap)
402 {
403 uint32_t class;
404
405 class=event_log_priority(st, event);
406 if (class) {
407 slilog_part(st->log,class,"%s: ",st->tunname);
408 vslilog_part(st->log,class,msg,ap);
409 slilog_part(st->log,class,"\n");
410 }
411 }
412
413 static void slog(struct site *st, uint32_t event, cstring_t msg, ...)
414 FORMAT(printf,3,4);
415 static void slog(struct site *st, uint32_t event, cstring_t msg, ...)
416 {
417 va_list ap;
418 va_start(ap,msg);
419 vslog(st,event,msg,ap);
420 va_end(ap);
421 }
422
423 static void logtimeout(struct site *st, const char *fmt, ...)
424 FORMAT(printf,2,3);
425 static void logtimeout(struct site *st, const char *fmt, ...)
426 {
427 uint32_t class=event_log_priority(st,LOG_SETUP_TIMEOUT);
428 if (!class)
429 return;
430
431 va_list ap;
432 va_start(ap,fmt);
433
434 slilog_part(st->log,class,"%s: ",st->tunname);
435 vslilog_part(st->log,class,fmt,ap);
436
437 const char *delim;
438 int i;
439 for (i=0, delim=" (tried ";
440 i<st->setup_peers.npeers;
441 i++, delim=", ") {
442 transport_peer *peer=&st->setup_peers.peers[i];
443 const char *s=comm_addr_to_string(&peer->addr);
444 slilog_part(st->log,class,"%s%s",delim,s);
445 }
446
447 slilog_part(st->log,class,")\n");
448 va_end(ap);
449 }
450
451 static void set_link_quality(struct site *st);
452 static void delete_keys(struct site *st, cstring_t reason, uint32_t loglevel);
453 static void delete_one_key(struct site *st, struct data_key *key,
454 const char *reason /* may be 0 meaning don't log*/,
455 const char *which /* ignored if !reasonn */,
456 uint32_t loglevel /* ignored if !reasonn */);
457 static bool_t initiate_key_setup(struct site *st, cstring_t reason,
458 const struct comm_addr *prod_hint);
459 static void enter_state_run(struct site *st);
460 static bool_t enter_state_resolve(struct site *st);
461 static void decrement_resolving_count(struct site *st, int by);
462 static bool_t enter_new_state(struct site *st,uint32_t next);
463 static void enter_state_wait(struct site *st);
464 static void activate_new_key(struct site *st);
465
466 static bool_t is_transform_valid(struct transform_inst_if *transform)
467 {
468 return transform && transform->valid(transform->st);
469 }
470
471 static bool_t current_valid(struct site *st)
472 {
473 return is_transform_valid(st->current.transform);
474 }
475
476 #define DEFINE_CALL_TRANSFORM(fwdrev) \
477 static transform_apply_return \
478 call_transform_##fwdrev(struct site *st, \
479 struct transform_inst_if *transform, \
480 struct buffer_if *buf, \
481 const char **errmsg) \
482 { \
483 if (!is_transform_valid(transform)) { \
484 *errmsg="transform not set up"; \
485 return transform_apply_err; \
486 } \
487 return transform->fwdrev(transform->st,buf,errmsg); \
488 }
489
490 DEFINE_CALL_TRANSFORM(forwards)
491 DEFINE_CALL_TRANSFORM(reverse)
492
493 static void dispose_transform(struct transform_inst_if **transform_var)
494 {
495 struct transform_inst_if *transform=*transform_var;
496 if (transform) {
497 transform->delkey(transform->st);
498 transform->destroy(transform->st);
499 }
500 *transform_var = 0;
501 }
502
503 #define CHECK_AVAIL(b,l) do { if ((b)->size<(l)) return False; } while(0)
504 #define CHECK_EMPTY(b) do { if ((b)->size!=0) return False; } while(0)
505 #define CHECK_TYPE(b,t) do { uint32_t type; \
506 CHECK_AVAIL((b),4); \
507 type=buf_unprepend_uint32((b)); \
508 if (type!=(t)) return False; } while(0)
509
510 static _Bool type_is_msg34(uint32_t type)
511 {
512 switch (type) {
513 case CASES_MSG3_KNOWN: case LABEL_MSG4: return True;
514 default: return False;
515 }
516 }
517
518 struct parsedname {
519 int32_t len;
520 uint8_t *name;
521 struct buffer_if extrainfo;
522 };
523
524 struct msg {
525 uint8_t *hashstart;
526 uint32_t dest;
527 uint32_t source;
528 struct parsedname remote;
529 struct parsedname local;
530 uint32_t remote_capabilities;
531 uint16_t remote_mtu;
532 int capab_transformnum;
533 int capab_dhnum;
534 uint8_t *nR;
535 uint8_t *nL;
536 int32_t pklen;
537 char *pk;
538 int32_t hashlen;
539 int32_t siglen;
540 char *sig;
541 };
542
543 static int32_t wait_timeout(struct site *st) {
544 int32_t t = st->wait_timeout_mean;
545 int8_t factor;
546 if (t < INT_MAX/2) {
547 st->random->generate(st->random->st,sizeof(factor),&factor);
548 t += (t / 256) * factor;
549 }
550 return t;
551 }
552
553 static _Bool set_new_transform(struct site *st, char *pk)
554 {
555 _Bool ok;
556
557 /* Generate the shared key */
558 assert(!st->sharedsecret);
559 st->sharedsecret = safe_malloc(st->chosen_dh->shared_len,
560 "site:sharedsecret");
561 if (!st->chosen_dh->makeshared(st->chosen_dh->st,
562 st->dhsecret,st->chosen_dh->secret_len,
563 pk,
564 st->sharedsecret,
565 st->chosen_dh->shared_len))
566 return False;
567
568 /* Set up the transform */
569 struct transform_if *generator=st->chosen_transform;
570 struct transform_inst_if *generated=generator->create(generator->st);
571 ok = generated->setkey(generated->st,st->sharedsecret,
572 st->chosen_dh->shared_len,st->our_name_later);
573
574 dispose_transform(&st->new_transform);
575 if (!ok) return False;
576 st->new_transform=generated;
577
578 slog(st,LOG_SETUP_INIT,"key exchange negotiated transform"
579 " %d (capabilities ours=%#"PRIx32" theirs=%#"PRIx32")",
580 st->chosen_transform->capab_bit,
581 st->local_capabilities, st->remote_capabilities);
582 return True;
583 }
584
585 struct xinfoadd {
586 int32_t lenpos, afternul;
587 };
588 static void append_string_xinfo_start(struct buffer_if *buf,
589 struct xinfoadd *xia,
590 const char *str)
591 /* Helps construct one of the names with additional info as found
592 * in MSG1..4. Call this function first, then append all the
593 * desired extra info (not including the nul byte) to the buffer,
594 * then call append_string_xinfo_done. */
595 {
596 xia->lenpos = buf->size;
597 buf_append_string(buf,str);
598 buf_append_uint8(buf,0);
599 xia->afternul = buf->size;
600 }
601 static void append_string_xinfo_done(struct buffer_if *buf,
602 struct xinfoadd *xia)
603 {
604 /* we just need to adjust the string length */
605 if (buf->size == xia->afternul) {
606 /* no extra info, strip the nul too */
607 buf_unappend_uint8(buf);
608 } else {
609 put_uint16(buf->start+xia->lenpos, buf->size-(xia->lenpos+2));
610 }
611 }
612
613 /* Build any of msg1 to msg4. msg5 and msg6 are built from the inside
614 out using a transform of config data supplied by netlink */
615 static bool_t generate_msg(struct site *st, uint32_t type, cstring_t what)
616 {
617 void *hst;
618 uint8_t *hash;
619 string_t dhpub, sig;
620 unsigned minor;
621
622 st->retries=st->setup_retries;
623 BUF_ALLOC(&st->buffer,what);
624 buffer_init(&st->buffer,0);
625 buf_append_uint32(&st->buffer,
626 (type==LABEL_MSG1?0:st->setup_session_id));
627 buf_append_uint32(&st->buffer,st->index);
628 buf_append_uint32(&st->buffer,type);
629
630 struct xinfoadd xia;
631 append_string_xinfo_start(&st->buffer,&xia,st->localname);
632 if ((st->local_capabilities & st->early_capabilities) ||
633 (type != LABEL_MSG1)) {
634 buf_append_uint32(&st->buffer,st->local_capabilities);
635 }
636 if (type_is_msg34(type)) {
637 buf_append_uint16(&st->buffer,st->mtu_target);
638 }
639 append_string_xinfo_done(&st->buffer,&xia);
640
641 buf_append_string(&st->buffer,st->remotename);
642 BUF_ADD_OBJ(append,&st->buffer,st->localN);
643 if (type==LABEL_MSG1) return True;
644 BUF_ADD_OBJ(append,&st->buffer,st->remoteN);
645 if (type==LABEL_MSG2) return True;
646
647 if (hacky_par_mid_failnow()) return False;
648
649 if (MSGMAJOR(type) == 3) do {
650 minor = MSGMINOR(type);
651 if (minor < 1) break;
652 buf_append_uint8(&st->buffer,st->chosen_transform->capab_bit);
653 if (minor < 2) break;
654 buf_append_uint8(&st->buffer,st->chosen_dh->capab_bit);
655 } while (0);
656
657 dhpub=st->chosen_dh->makepublic(st->chosen_dh->st,
658 st->dhsecret,st->chosen_dh->secret_len);
659 buf_append_string(&st->buffer,dhpub);
660 free(dhpub);
661 hash=safe_malloc(st->hash->len, "generate_msg");
662 hst=st->hash->init();
663 st->hash->update(hst,st->buffer.start,st->buffer.size);
664 st->hash->final(hst,hash);
665 sig=st->privkey->sign(st->privkey->st,hash,st->hash->len);
666 buf_append_string(&st->buffer,sig);
667 free(sig);
668 free(hash);
669 return True;
670 }
671
672 static bool_t unpick_name(struct buffer_if *msg, struct parsedname *nm)
673 {
674 CHECK_AVAIL(msg,2);
675 nm->len=buf_unprepend_uint16(msg);
676 CHECK_AVAIL(msg,nm->len);
677 nm->name=buf_unprepend(msg,nm->len);
678 uint8_t *nul=memchr(nm->name,0,nm->len);
679 if (!nul) {
680 buffer_readonly_view(&nm->extrainfo,0,0);
681 } else {
682 buffer_readonly_view(&nm->extrainfo, nul+1, msg->start-(nul+1));
683 nm->len=nul-nm->name;
684 }
685 return True;
686 }
687
688 static bool_t unpick_msg(struct site *st, uint32_t type,
689 struct buffer_if *msg, struct msg *m)
690 {
691 unsigned minor;
692
693 m->capab_transformnum=m->capab_dhnum=-1;
694 m->hashstart=msg->start;
695 CHECK_AVAIL(msg,4);
696 m->dest=buf_unprepend_uint32(msg);
697 CHECK_AVAIL(msg,4);
698 m->source=buf_unprepend_uint32(msg);
699 CHECK_TYPE(msg,type);
700 if (!unpick_name(msg,&m->remote)) return False;
701 m->remote_capabilities=0;
702 m->remote_mtu=0;
703 if (m->remote.extrainfo.size) {
704 CHECK_AVAIL(&m->remote.extrainfo,4);
705 m->remote_capabilities=buf_unprepend_uint32(&m->remote.extrainfo);
706 }
707 if (type_is_msg34(type) && m->remote.extrainfo.size) {
708 CHECK_AVAIL(&m->remote.extrainfo,2);
709 m->remote_mtu=buf_unprepend_uint16(&m->remote.extrainfo);
710 }
711 if (!unpick_name(msg,&m->local)) return False;
712 if (type==LABEL_PROD) {
713 CHECK_EMPTY(msg);
714 return True;
715 }
716 CHECK_AVAIL(msg,NONCELEN);
717 m->nR=buf_unprepend(msg,NONCELEN);
718 if (type==LABEL_MSG1) {
719 CHECK_EMPTY(msg);
720 return True;
721 }
722 CHECK_AVAIL(msg,NONCELEN);
723 m->nL=buf_unprepend(msg,NONCELEN);
724 if (type==LABEL_MSG2) {
725 CHECK_EMPTY(msg);
726 return True;
727 }
728 if (MSGMAJOR(type) == 3) do {
729 minor = MSGMINOR(type);
730 #define MAYBE_READ_CAP(minminor, kind, dflt) do { \
731 if (minor < (minminor)) \
732 m->capab_##kind##num = (dflt); \
733 else { \
734 CHECK_AVAIL(msg, 1); \
735 m->capab_##kind##num = buf_unprepend_uint8(msg); \
736 } \
737 } while (0)
738 MAYBE_READ_CAP(1, transform, CAPAB_BIT_ANCIENTTRANSFORM);
739 MAYBE_READ_CAP(2, dh, CAPAB_BIT_TRADZP);
740 #undef MAYBE_READ_CAP
741 } while (0);
742 CHECK_AVAIL(msg,2);
743 m->pklen=buf_unprepend_uint16(msg);
744 CHECK_AVAIL(msg,m->pklen);
745 m->pk=buf_unprepend(msg,m->pklen);
746 m->hashlen=msg->start-m->hashstart;
747 CHECK_AVAIL(msg,2);
748 m->siglen=buf_unprepend_uint16(msg);
749 CHECK_AVAIL(msg,m->siglen);
750 m->sig=buf_unprepend(msg,m->siglen);
751 CHECK_EMPTY(msg);
752
753 /* In `process_msg3_msg4' below, we assume that we can write a nul
754 * terminator following the signature. Make sure there's enough space.
755 */
756 if (msg->start >= msg->base + msg->alloclen)
757 return False;
758
759 return True;
760 }
761
762 static bool_t name_matches(const struct parsedname *nm, const char *expected)
763 {
764 int expected_len=strlen(expected);
765 return
766 nm->len == expected_len &&
767 !memcmp(nm->name, expected, expected_len);
768 }
769
770 static bool_t check_msg(struct site *st, uint32_t type, struct msg *m,
771 cstring_t *error)
772 {
773 if (type==LABEL_MSG1) return True;
774
775 /* Check that the site names and our nonce have been sent
776 back correctly, and then store our peer's nonce. */
777 if (!name_matches(&m->remote,st->remotename)) {
778 *error="wrong remote site name";
779 return False;
780 }
781 if (!name_matches(&m->local,st->localname)) {
782 *error="wrong local site name";
783 return False;
784 }
785 if (memcmp(m->nL,st->localN,NONCELEN)!=0) {
786 *error="wrong locally-generated nonce";
787 return False;
788 }
789 if (type==LABEL_MSG2) return True;
790 if (!consttime_memeq(m->nR,st->remoteN,NONCELEN)) {
791 *error="wrong remotely-generated nonce";
792 return False;
793 }
794 /* MSG3 has complicated rules about capabilities, which are
795 * handled in process_msg3. */
796 if (MSGMAJOR(type) == 3) return True;
797 if (m->remote_capabilities!=st->remote_capabilities) {
798 *error="remote capabilities changed";
799 return False;
800 }
801 if (type==LABEL_MSG4) return True;
802 *error="unknown message type";
803 return False;
804 }
805
806 static bool_t generate_msg1(struct site *st)
807 {
808 st->random->generate(st->random->st,NONCELEN,st->localN);
809 return generate_msg(st,LABEL_MSG1,"site:MSG1");
810 }
811
812 static bool_t process_msg1(struct site *st, struct buffer_if *msg1,
813 const struct comm_addr *src, struct msg *m)
814 {
815 /* We've already determined we're in an appropriate state to
816 process an incoming MSG1, and that the MSG1 has correct values
817 of A and B. */
818
819 st->setup_session_id=m->source;
820 st->remote_capabilities=m->remote_capabilities;
821 memcpy(st->remoteN,m->nR,NONCELEN);
822 return True;
823 }
824
825 static bool_t generate_msg2(struct site *st)
826 {
827 st->random->generate(st->random->st,NONCELEN,st->localN);
828 return generate_msg(st,LABEL_MSG2,"site:MSG2");
829 }
830
831 static bool_t process_msg2(struct site *st, struct buffer_if *msg2,
832 const struct comm_addr *src)
833 {
834 struct msg m;
835 cstring_t err;
836
837 if (!unpick_msg(st,LABEL_MSG2,msg2,&m)) return False;
838 if (!check_msg(st,LABEL_MSG2,&m,&err)) {
839 slog(st,LOG_SEC,"msg2: %s",err);
840 return False;
841 }
842 st->setup_session_id=m.source;
843 st->remote_capabilities=m.remote_capabilities;
844
845 /* Select the transform and DH group to use */
846
847 uint32_t remote_crypto_caps = st->remote_capabilities;
848 if (!(remote_crypto_caps & CAPAB_EXPLICIT_TRANSFORM_DH))
849 remote_crypto_caps &= CAPAB_INEXPLICIT_TRANSFORM_MASK;
850 if (!remote_crypto_caps)
851 /* old secnets only had this one transform */
852 remote_crypto_caps = 1UL << CAPAB_BIT_ANCIENTTRANSFORM;
853 if (!(remote_crypto_caps & CAPAB_EXPLICIT_TRANSFORM_DH))
854 /* old secnets only had this one kind of group */
855 remote_crypto_caps |= 1UL << CAPAB_BIT_TRADZP;
856
857 #define CHOOSE_CRYPTO(kind, whats) do { \
858 struct kind##_if *iface; \
859 uint32_t bit, ours = 0; \
860 int i; \
861 for (i= 0; i < st->n##kind##s; i++) { \
862 iface=st->kind##s[i]; \
863 bit = 1UL << iface->capab_bit; \
864 if (bit & remote_crypto_caps) goto kind##_found; \
865 ours |= bit; \
866 } \
867 slog(st,LOG_ERROR,"no " whats " in common" \
868 " (us %#"PRIx32"; them: %#"PRIx32")", \
869 st->local_capabilities & ours, remote_crypto_caps); \
870 return False; \
871 kind##_found: \
872 st->chosen_##kind = iface; \
873 } while (0)
874
875 CHOOSE_CRYPTO(transform, "transforms");
876 CHOOSE_CRYPTO(dh, "Diffie--Hellman groups");
877
878 #undef CHOOSE_CRYPTO
879
880 memcpy(st->remoteN,m.nR,NONCELEN);
881 return True;
882 }
883
884 static void generate_dhsecret(struct site *st)
885 {
886 slog(st,LOG_SETUP_INIT,"key exchange negotiated DH group"
887 " %d (capabilities ours=%#"PRIx32" theirs=%#"PRIx32")",
888 st->chosen_dh->capab_bit,
889 st->local_capabilities, st->remote_capabilities);
890 assert(!st->dhsecret);
891 st->dhsecret = safe_malloc(st->chosen_dh->secret_len, "site:dhsecret");
892 st->random->generate(st->random->st,
893 st->chosen_dh->secret_len,st->dhsecret);
894 }
895
896 static bool_t generate_msg3(struct site *st)
897 {
898 /* Now we have our nonce and their nonce. Think of a secret key,
899 and create message number 3. */
900 generate_dhsecret(st);
901 return generate_msg(st,
902 (st->remote_capabilities &
903 CAPAB_EXPLICIT_TRANSFORM_DH)
904 ? LABEL_MSG3TER
905 : (st->remote_capabilities &
906 CAPAB_INEXPLICIT_TRANSFORM_MASK)
907 ? LABEL_MSG3BIS
908 : LABEL_MSG3,
909 "site:MSG3");
910 }
911
912 static bool_t process_msg3_msg4(struct site *st, struct msg *m)
913 {
914 uint8_t *hash;
915 void *hst;
916
917 /* Check signature and store g^x mod m */
918 hash=safe_malloc(st->hash->len, "process_msg3_msg4");
919 hst=st->hash->init();
920 st->hash->update(hst,m->hashstart,m->hashlen);
921 st->hash->final(hst,hash);
922 /* Terminate signature with a '0' - already checked that this will fit */
923 m->sig[m->siglen]=0;
924 if (!st->pubkey->check(st->pubkey->st,hash,st->hash->len,m->sig)) {
925 slog(st,LOG_SEC,"msg3/msg4 signature failed check!");
926 free(hash);
927 return False;
928 }
929 free(hash);
930
931 st->remote_adv_mtu=m->remote_mtu;
932
933 return True;
934 }
935
936 static bool_t process_msg3(struct site *st, struct buffer_if *msg3,
937 const struct comm_addr *src, uint32_t msgtype)
938 {
939 struct msg m;
940 cstring_t err;
941
942 switch (msgtype) {
943 case CASES_MSG3_KNOWN: break;
944 default: assert(0);
945 }
946
947 if (!unpick_msg(st,msgtype,msg3,&m)) return False;
948 if (!check_msg(st,msgtype,&m,&err)) {
949 slog(st,LOG_SEC,"msg3: %s",err);
950 return False;
951 }
952 uint32_t capab_adv_late = m.remote_capabilities
953 & ~st->remote_capabilities & st->early_capabilities;
954 if (capab_adv_late) {
955 slog(st,LOG_SEC,"msg3 impermissibly adds early capability flag(s)"
956 " %#"PRIx32" (was %#"PRIx32", now %#"PRIx32")",
957 capab_adv_late, st->remote_capabilities, m.remote_capabilities);
958 return False;
959 }
960 st->remote_capabilities|=m.remote_capabilities;
961
962 #define CHOSE_CRYPTO(kind, what) do { \
963 struct kind##_if *iface; \
964 int i; \
965 for (i=0; i<st->n##kind##s; i++) { \
966 iface=st->kind##s[i]; \
967 if (iface->capab_bit == m.capab_##kind##num) \
968 goto kind##_found; \
969 } \
970 slog(st,LOG_SEC,"peer chose unknown-to-us " what " %d!", \
971 m.capab_##kind##num); \
972 return False; \
973 kind##_found: \
974 st->chosen_##kind=iface; \
975 } while (0)
976
977 CHOSE_CRYPTO(transform, "transform");
978 CHOSE_CRYPTO(dh, "Diffie--Hellman group");
979
980 #undef CHOSE_CRYPTO
981
982 if (!process_msg3_msg4(st,&m))
983 return False;
984
985 /* Terminate their DH public key with a '0' */
986 m.pk[m.pklen]=0;
987 /* Invent our DH secret key */
988 generate_dhsecret(st);
989
990 /* Generate the shared key and set up the transform */
991 if (!set_new_transform(st,m.pk)) return False;
992
993 return True;
994 }
995
996 static bool_t generate_msg4(struct site *st)
997 {
998 /* We have both nonces, their public key and our private key. Generate
999 our public key, sign it and send it to them. */
1000 return generate_msg(st,LABEL_MSG4,"site:MSG4");
1001 }
1002
1003 static bool_t process_msg4(struct site *st, struct buffer_if *msg4,
1004 const struct comm_addr *src)
1005 {
1006 struct msg m;
1007 cstring_t err;
1008
1009 if (!unpick_msg(st,LABEL_MSG4,msg4,&m)) return False;
1010 if (!check_msg(st,LABEL_MSG4,&m,&err)) {
1011 slog(st,LOG_SEC,"msg4: %s",err);
1012 return False;
1013 }
1014
1015 if (!process_msg3_msg4(st,&m))
1016 return False;
1017
1018 /* Terminate their DH public key with a '0' */
1019 m.pk[m.pklen]=0;
1020
1021 /* Generate the shared key and set up the transform */
1022 if (!set_new_transform(st,m.pk)) return False;
1023
1024 return True;
1025 }
1026
1027 struct msg0 {
1028 uint32_t dest;
1029 uint32_t source;
1030 uint32_t type;
1031 };
1032
1033 static bool_t unpick_msg0(struct site *st, struct buffer_if *msg0,
1034 struct msg0 *m)
1035 {
1036 CHECK_AVAIL(msg0,4);
1037 m->dest=buf_unprepend_uint32(msg0);
1038 CHECK_AVAIL(msg0,4);
1039 m->source=buf_unprepend_uint32(msg0);
1040 CHECK_AVAIL(msg0,4);
1041 m->type=buf_unprepend_uint32(msg0);
1042 return True;
1043 /* Leaves transformed part of buffer untouched */
1044 }
1045
1046 static bool_t generate_msg5(struct site *st)
1047 {
1048 cstring_t transform_err;
1049
1050 BUF_ALLOC(&st->buffer,"site:MSG5");
1051 /* We are going to add four words to the message */
1052 buffer_init(&st->buffer,calculate_max_start_pad());
1053 /* Give the netlink code an opportunity to put its own stuff in the
1054 message (configuration information, etc.) */
1055 buf_prepend_uint32(&st->buffer,LABEL_MSG5);
1056 if (call_transform_forwards(st,st->new_transform,
1057 &st->buffer,&transform_err))
1058 return False;
1059 buf_prepend_uint32(&st->buffer,LABEL_MSG5);
1060 buf_prepend_uint32(&st->buffer,st->index);
1061 buf_prepend_uint32(&st->buffer,st->setup_session_id);
1062
1063 st->retries=st->setup_retries;
1064 return True;
1065 }
1066
1067 static bool_t process_msg5(struct site *st, struct buffer_if *msg5,
1068 const struct comm_addr *src,
1069 struct transform_inst_if *transform)
1070 {
1071 struct msg0 m;
1072 cstring_t transform_err;
1073
1074 if (!unpick_msg0(st,msg5,&m)) return False;
1075
1076 if (call_transform_reverse(st,transform,msg5,&transform_err)) {
1077 /* There's a problem */
1078 slog(st,LOG_SEC,"process_msg5: transform: %s",transform_err);
1079 return False;
1080 }
1081 /* Buffer should now contain untransformed PING packet data */
1082 CHECK_AVAIL(msg5,4);
1083 if (buf_unprepend_uint32(msg5)!=LABEL_MSG5) {
1084 slog(st,LOG_SEC,"MSG5/PING packet contained wrong label");
1085 return False;
1086 }
1087 /* Older versions of secnet used to write some config data here
1088 * which we ignore. So we don't CHECK_EMPTY */
1089 return True;
1090 }
1091
1092 static void create_msg6(struct site *st, struct transform_inst_if *transform,
1093 uint32_t session_id)
1094 {
1095 cstring_t transform_err;
1096
1097 BUF_ALLOC(&st->buffer,"site:MSG6");
1098 /* We are going to add four words to the message */
1099 buffer_init(&st->buffer,calculate_max_start_pad());
1100 /* Give the netlink code an opportunity to put its own stuff in the
1101 message (configuration information, etc.) */
1102 buf_prepend_uint32(&st->buffer,LABEL_MSG6);
1103 transform_apply_return problem =
1104 call_transform_forwards(st,transform,
1105 &st->buffer,&transform_err);
1106 assert(!problem);
1107 buf_prepend_uint32(&st->buffer,LABEL_MSG6);
1108 buf_prepend_uint32(&st->buffer,st->index);
1109 buf_prepend_uint32(&st->buffer,session_id);
1110 }
1111
1112 static bool_t generate_msg6(struct site *st)
1113 {
1114 if (!is_transform_valid(st->new_transform))
1115 return False;
1116 create_msg6(st,st->new_transform,st->setup_session_id);
1117 st->retries=1; /* Peer will retransmit MSG5 if this packet gets lost */
1118 return True;
1119 }
1120
1121 static bool_t process_msg6(struct site *st, struct buffer_if *msg6,
1122 const struct comm_addr *src)
1123 {
1124 struct msg0 m;
1125 cstring_t transform_err;
1126
1127 if (!unpick_msg0(st,msg6,&m)) return False;
1128
1129 if (call_transform_reverse(st,st->new_transform,msg6,&transform_err)) {
1130 /* There's a problem */
1131 slog(st,LOG_SEC,"process_msg6: transform: %s",transform_err);
1132 return False;
1133 }
1134 /* Buffer should now contain untransformed PING packet data */
1135 CHECK_AVAIL(msg6,4);
1136 if (buf_unprepend_uint32(msg6)!=LABEL_MSG6) {
1137 slog(st,LOG_SEC,"MSG6/PONG packet contained invalid data");
1138 return False;
1139 }
1140 /* Older versions of secnet used to write some config data here
1141 * which we ignore. So we don't CHECK_EMPTY */
1142 return True;
1143 }
1144
1145 static transform_apply_return
1146 decrypt_msg0(struct site *st, struct buffer_if *msg0,
1147 const struct comm_addr *src)
1148 {
1149 cstring_t transform_err, auxkey_err, newkey_err="n/a";
1150 struct msg0 m;
1151 transform_apply_return problem;
1152
1153 if (!unpick_msg0(st,msg0,&m)) return False;
1154
1155 /* Keep a copy so we can try decrypting it with multiple keys */
1156 buffer_copy(&st->scratch, msg0);
1157
1158 problem = call_transform_reverse(st,st->current.transform,
1159 msg0,&transform_err);
1160 if (!problem) {
1161 if (!st->auxiliary_is_new)
1162 delete_one_key(st,&st->auxiliary_key,
1163 "peer has used new key","auxiliary key",LOG_SEC);
1164 return 0;
1165 }
1166 if (transform_apply_return_badseq(problem))
1167 goto badseq;
1168
1169 buffer_copy(msg0, &st->scratch);
1170 problem = call_transform_reverse(st,st->auxiliary_key.transform,
1171 msg0,&auxkey_err);
1172 if (!problem) {
1173 slog(st,LOG_DROP,"processing packet which uses auxiliary key");
1174 if (st->auxiliary_is_new) {
1175 /* We previously timed out in state SENTMSG5 but it turns
1176 * out that our peer did in fact get our MSG5 and is
1177 * using the new key. So we should switch to it too. */
1178 /* This is a bit like activate_new_key. */
1179 struct data_key t;
1180 t=st->current;
1181 st->current=st->auxiliary_key;
1182 st->auxiliary_key=t;
1183
1184 delete_one_key(st,&st->auxiliary_key,"peer has used new key",
1185 "previous key",LOG_SEC);
1186 st->auxiliary_is_new=0;
1187 st->renegotiate_key_time=st->auxiliary_renegotiate_key_time;
1188 }
1189 return 0;
1190 }
1191 if (transform_apply_return_badseq(problem))
1192 goto badseq;
1193
1194 if (st->state==SITE_SENTMSG5) {
1195 buffer_copy(msg0, &st->scratch);
1196 problem = call_transform_reverse(st,st->new_transform,
1197 msg0,&newkey_err);
1198 if (!problem) {
1199 /* It looks like we didn't get the peer's MSG6 */
1200 /* This is like a cut-down enter_new_state(SITE_RUN) */
1201 slog(st,LOG_STATE,"will enter state RUN (MSG0 with new key)");
1202 BUF_FREE(&st->buffer);
1203 st->timeout=0;
1204 activate_new_key(st);
1205 return 0; /* do process the data in this packet */
1206 }
1207 if (transform_apply_return_badseq(problem))
1208 goto badseq;
1209 }
1210
1211 slog(st,LOG_SEC,"transform: %s (aux: %s, new: %s)",
1212 transform_err,auxkey_err,newkey_err);
1213 initiate_key_setup(st,"incoming message would not decrypt",0);
1214 send_nak(src,m.dest,m.source,m.type,msg0,"message would not decrypt");
1215 assert(problem);
1216 return problem;
1217
1218 badseq:
1219 slog(st,LOG_DROP,"transform: %s (bad seq.)",transform_err);
1220 assert(problem);
1221 return problem;
1222 }
1223
1224 static bool_t process_msg0(struct site *st, struct buffer_if *msg0,
1225 const struct comm_addr *src)
1226 {
1227 uint32_t type;
1228 transform_apply_return problem;
1229
1230 problem = decrypt_msg0(st,msg0,src);
1231 if (problem==transform_apply_seqdupe) {
1232 /* We recently received another copy of this packet, maybe due
1233 * to polypath. That's not a problem; indeed, for the
1234 * purposes of transport address management it is a success.
1235 * But we don't want to process the packet. */
1236 transport_data_msgok(st,src);
1237 return False;
1238 }
1239 if (problem)
1240 return False;
1241
1242 CHECK_AVAIL(msg0,4);
1243 type=buf_unprepend_uint32(msg0);
1244 switch(type) {
1245 case LABEL_MSG7:
1246 /* We must forget about the current session. */
1247 delete_keys(st,"request from peer",LOG_SEC);
1248 /* probably, the peer is shutting down, and this is going to fail,
1249 * but we need to be trying to bring the link up again */
1250 if (st->keepalive)
1251 initiate_key_setup(st,"peer requested key teardown",0);
1252 return True;
1253 case LABEL_MSG9:
1254 /* Deliver to netlink layer */
1255 st->netlink->deliver(st->netlink->st,msg0);
1256 transport_data_msgok(st,src);
1257 /* See whether we should start negotiating a new key */
1258 if (st->now > st->renegotiate_key_time)
1259 initiate_key_setup(st,"incoming packet in renegotiation window",0);
1260 return True;
1261 default:
1262 slog(st,LOG_SEC,"incoming encrypted message of type %08x "
1263 "(unknown)",type);
1264 break;
1265 }
1266 return False;
1267 }
1268
1269 static void dump_packet(struct site *st, struct buffer_if *buf,
1270 const struct comm_addr *addr, bool_t incoming,
1271 bool_t ok)
1272 {
1273 uint32_t dest=get_uint32(buf->start);
1274 uint32_t source=get_uint32(buf->start+4);
1275 uint32_t msgtype=get_uint32(buf->start+8);
1276
1277 if (st->log_events & LOG_DUMP)
1278 slilog(st->log,M_DEBUG,"%s: %s: %08x<-%08x: %08x: %s%s",
1279 st->tunname,incoming?"incoming":"outgoing",
1280 dest,source,msgtype,comm_addr_to_string(addr),
1281 ok?"":" - fail");
1282 }
1283
1284 static bool_t comm_addr_sendmsg(struct site *st,
1285 const struct comm_addr *dest,
1286 struct buffer_if *buf)
1287 {
1288 int i;
1289 struct comm_clientinfo *commclientinfo = 0;
1290
1291 for (i=0; i < st->ncomms; i++) {
1292 if (st->comms[i] == dest->comm) {
1293 commclientinfo = st->commclientinfos[i];
1294 break;
1295 }
1296 }
1297 return dest->comm->sendmsg(dest->comm->st, buf, dest, commclientinfo);
1298 }
1299
1300 static uint32_t site_status(void *st)
1301 {
1302 return 0;
1303 }
1304
1305 static bool_t send_msg(struct site *st)
1306 {
1307 if (st->retries>0) {
1308 transport_xmit(st, &st->setup_peers, &st->buffer, True);
1309 st->timeout=st->now+st->setup_retry_interval;
1310 st->retries--;
1311 return True;
1312 } else if (st->state==SITE_SENTMSG5) {
1313 logtimeout(st,"timed out sending MSG5, stashing new key");
1314 /* We stash the key we have produced, in case it turns out that
1315 * our peer did see our MSG5 after all and starts using it. */
1316 /* This is a bit like some of activate_new_key */
1317 struct transform_inst_if *t;
1318 t=st->auxiliary_key.transform;
1319 st->auxiliary_key.transform=st->new_transform;
1320 st->new_transform=t;
1321 dispose_transform(&st->new_transform);
1322
1323 st->auxiliary_is_new=1;
1324 st->auxiliary_key.key_timeout=st->now+st->key_lifetime;
1325 st->auxiliary_renegotiate_key_time=st->now+st->key_renegotiate_time;
1326 st->auxiliary_key.remote_session_id=st->setup_session_id;
1327
1328 enter_state_wait(st);
1329 return False;
1330 } else {
1331 logtimeout(st,"timed out sending key setup packet "
1332 "(in state %s)",state_name(st->state));
1333 enter_state_wait(st);
1334 return False;
1335 }
1336 }
1337
1338 static void site_resolve_callback(void *sst, const struct comm_addr *addrs,
1339 int stored_naddrs, int all_naddrs,
1340 const char *address, const char *failwhy)
1341 {
1342 struct site *st=sst;
1343
1344 if (!stored_naddrs) {
1345 slog(st,LOG_ERROR,"resolution of %s failed: %s",address,failwhy);
1346 } else {
1347 slog(st,LOG_PEER_ADDRS,"resolution of %s completed, %d addrs, eg: %s",
1348 address, all_naddrs, comm_addr_to_string(&addrs[0]));;
1349
1350 int space=st->transport_peers_max-st->resolving_n_results_stored;
1351 int n_tocopy=MIN(stored_naddrs,space);
1352 COPY_ARRAY(st->resolving_results + st->resolving_n_results_stored,
1353 addrs,
1354 n_tocopy);
1355 st->resolving_n_results_stored += n_tocopy;
1356 st->resolving_n_results_all += all_naddrs;
1357 }
1358
1359 decrement_resolving_count(st,1);
1360 }
1361
1362 static void decrement_resolving_count(struct site *st, int by)
1363 {
1364 assert(st->resolving_count>0);
1365 st->resolving_count-=by;
1366
1367 if (st->resolving_count)
1368 return;
1369
1370 /* OK, we are done with them all. Handle combined results. */
1371
1372 const struct comm_addr *addrs=st->resolving_results;
1373 int naddrs=st->resolving_n_results_stored;
1374 assert(naddrs<=st->transport_peers_max);
1375
1376 if (naddrs) {
1377 if (naddrs != st->resolving_n_results_all) {
1378 slog(st,LOG_SETUP_INIT,"resolution of supplied addresses/names"
1379 " yielded too many results (%d > %d), some ignored",
1380 st->resolving_n_results_all, naddrs);
1381 }
1382 slog(st,LOG_STATE,"resolution completed, %d addrs, eg: %s",
1383 naddrs, iaddr_to_string(&addrs[0].ia));;
1384 }
1385
1386 switch (st->state) {
1387 case SITE_RESOLVE:
1388 if (transport_compute_setupinit_peers(st,addrs,naddrs,0)) {
1389 enter_new_state(st,SITE_SENTMSG1);
1390 } else {
1391 /* Can't figure out who to try to to talk to */
1392 slog(st,LOG_SETUP_INIT,
1393 "key exchange failed: cannot find peer address");
1394 enter_state_run(st);
1395 }
1396 break;
1397 case SITE_SENTMSG1: case SITE_SENTMSG2:
1398 case SITE_SENTMSG3: case SITE_SENTMSG4:
1399 case SITE_SENTMSG5:
1400 if (naddrs) {
1401 /* We start using the address immediately for data too.
1402 * It's best to store it in st->peers now because we might
1403 * go via SENTMSG5, WAIT, and a MSG0, straight into using
1404 * the new key (without updating the data peer addrs). */
1405 transport_resolve_complete(st,addrs,naddrs);
1406 } else if (st->local_mobile) {
1407 /* We can't let this rest because we may have a peer
1408 * address which will break in the future. */
1409 slog(st,LOG_SETUP_INIT,"resolution failed: "
1410 "abandoning key exchange");
1411 enter_state_wait(st);
1412 } else {
1413 slog(st,LOG_SETUP_INIT,"resolution failed: "
1414 " continuing to use source address of peer's packets"
1415 " for key exchange and ultimately data");
1416 }
1417 break;
1418 case SITE_RUN:
1419 if (naddrs) {
1420 slog(st,LOG_SETUP_INIT,"resolution completed tardily,"
1421 " updating peer address(es)");
1422 transport_resolve_complete_tardy(st,addrs,naddrs);
1423 } else if (st->local_mobile) {
1424 /* Not very good. We should queue (another) renegotiation
1425 * so that we can update the peer address. */
1426 st->key_renegotiate_time=st->now+wait_timeout(st);
1427 } else {
1428 slog(st,LOG_SETUP_INIT,"resolution failed: "
1429 " continuing to use source address of peer's packets");
1430 }
1431 break;
1432 case SITE_WAIT:
1433 case SITE_STOP:
1434 /* oh well */
1435 break;
1436 }
1437 }
1438
1439 static bool_t initiate_key_setup(struct site *st, cstring_t reason,
1440 const struct comm_addr *prod_hint)
1441 {
1442 /* Reentrancy hazard: can call enter_new_state/enter_state_* */
1443 if (st->state!=SITE_RUN) return False;
1444 slog(st,LOG_SETUP_INIT,"initiating key exchange (%s)",reason);
1445 if (st->addresses) {
1446 slog(st,LOG_SETUP_INIT,"resolving peer address(es)");
1447 return enter_state_resolve(st);
1448 } else if (transport_compute_setupinit_peers(st,0,0,prod_hint)) {
1449 return enter_new_state(st,SITE_SENTMSG1);
1450 }
1451 slog(st,LOG_SETUP_INIT,"key exchange failed: no address for peer");
1452 return False;
1453 }
1454
1455 static void activate_new_key(struct site *st)
1456 {
1457 struct transform_inst_if *t;
1458
1459 /* We have three transform instances, which we swap between old,
1460 active and setup */
1461 t=st->auxiliary_key.transform;
1462 st->auxiliary_key.transform=st->current.transform;
1463 st->current.transform=st->new_transform;
1464 st->new_transform=t;
1465 dispose_transform(&st->new_transform);
1466
1467 st->timeout=0;
1468 st->auxiliary_is_new=0;
1469 st->auxiliary_key.key_timeout=st->current.key_timeout;
1470 st->current.key_timeout=st->now+st->key_lifetime;
1471 st->renegotiate_key_time=st->now+st->key_renegotiate_time;
1472 transport_peers_copy(st,&st->peers,&st->setup_peers);
1473 st->current.remote_session_id=st->setup_session_id;
1474
1475 /* Compute the inter-site MTU. This is min( our_mtu, their_mtu ).
1476 * But their mtu be unspecified, in which case we just use ours. */
1477 uint32_t intersite_mtu=
1478 MIN(st->mtu_target, st->remote_adv_mtu ?: ~(uint32_t)0);
1479 st->netlink->set_mtu(st->netlink->st,intersite_mtu);
1480
1481 slog(st,LOG_ACTIVATE_KEY,"new key activated"
1482 " (mtu ours=%"PRId32" theirs=%"PRId32" intersite=%"PRId32")",
1483 st->mtu_target, st->remote_adv_mtu, intersite_mtu);
1484 enter_state_run(st);
1485 }
1486
1487 static void delete_one_key(struct site *st, struct data_key *key,
1488 cstring_t reason, cstring_t which, uint32_t loglevel)
1489 {
1490 if (!is_transform_valid(key->transform)) return;
1491 if (reason) slog(st,loglevel,"%s deleted (%s)",which,reason);
1492 dispose_transform(&key->transform);
1493 key->key_timeout=0;
1494 }
1495
1496 static void delete_keys(struct site *st, cstring_t reason, uint32_t loglevel)
1497 {
1498 if (current_valid(st)) {
1499 slog(st,loglevel,"session closed (%s)",reason);
1500
1501 delete_one_key(st,&st->current,0,0,0);
1502 set_link_quality(st);
1503 }
1504 delete_one_key(st,&st->auxiliary_key,0,0,0);
1505 }
1506
1507 static void state_assert(struct site *st, bool_t ok)
1508 {
1509 if (!ok) fatal("site:state_assert");
1510 }
1511
1512 static void enter_state_stop(struct site *st)
1513 {
1514 st->state=SITE_STOP;
1515 st->timeout=0;
1516 delete_keys(st,"entering state STOP",LOG_TIMEOUT_KEY);
1517 dispose_transform(&st->new_transform);
1518 }
1519
1520 static void set_link_quality(struct site *st)
1521 {
1522 uint32_t quality;
1523 if (current_valid(st))
1524 quality=LINK_QUALITY_UP;
1525 else if (st->state==SITE_WAIT || st->state==SITE_STOP)
1526 quality=LINK_QUALITY_DOWN;
1527 else if (st->addresses)
1528 quality=LINK_QUALITY_DOWN_CURRENT_ADDRESS;
1529 else if (transport_peers_valid(&st->peers))
1530 quality=LINK_QUALITY_DOWN_STALE_ADDRESS;
1531 else
1532 quality=LINK_QUALITY_DOWN;
1533
1534 st->netlink->set_quality(st->netlink->st,quality);
1535 }
1536
1537 static void enter_state_run(struct site *st)
1538 {
1539 slog(st,LOG_STATE,"entering state RUN%s",
1540 current_valid(st) ? " (keyed)" : " (unkeyed)");
1541 st->state=SITE_RUN;
1542 st->timeout=0;
1543
1544 st->setup_session_id=0;
1545 transport_peers_clear(st,&st->setup_peers);
1546 FILLZERO(st->localN);
1547 FILLZERO(st->remoteN);
1548 dispose_transform(&st->new_transform);
1549 if (st->dhsecret) {
1550 memset(st->dhsecret, 0, st->chosen_dh->secret_len);
1551 free(st->dhsecret);
1552 st->dhsecret = 0;
1553 }
1554 if (st->sharedsecret) {
1555 memset(st->sharedsecret, 0, st->chosen_dh->shared_len);
1556 free(st->sharedsecret);
1557 st->sharedsecret = 0;
1558 }
1559 set_link_quality(st);
1560
1561 if (st->keepalive && !current_valid(st))
1562 initiate_key_setup(st, "keepalive", 0);
1563 }
1564
1565 static bool_t ensure_resolving(struct site *st)
1566 {
1567 /* Reentrancy hazard: may call site_resolve_callback and hence
1568 * enter_new_state, enter_state_* and generate_msg*. */
1569 if (st->resolving_count)
1570 return True;
1571
1572 assert(st->addresses);
1573
1574 /* resolver->request might reentrantly call site_resolve_callback
1575 * which will decrement st->resolving, so we need to increment it
1576 * twice beforehand to prevent decrement from thinking we're
1577 * finished, and decrement it ourselves. Alternatively if
1578 * everything fails then there are no callbacks due and we simply
1579 * set it to 0 and return false.. */
1580 st->resolving_n_results_stored=0;
1581 st->resolving_n_results_all=0;
1582 st->resolving_count+=2;
1583 const char **addrp=st->addresses;
1584 const char *address;
1585 bool_t anyok=False;
1586 for (; (address=*addrp++); ) {
1587 bool_t ok = st->resolver->request(st->resolver->st,address,
1588 st->remoteport,st->comms[0],
1589 site_resolve_callback,st);
1590 if (ok)
1591 st->resolving_count++;
1592 anyok|=ok;
1593 }
1594 if (!anyok) {
1595 st->resolving_count=0;
1596 return False;
1597 }
1598 decrement_resolving_count(st,2);
1599 return True;
1600 }
1601
1602 static bool_t enter_state_resolve(struct site *st)
1603 {
1604 /* Reentrancy hazard! See ensure_resolving. */
1605 state_assert(st,st->state==SITE_RUN);
1606 slog(st,LOG_STATE,"entering state RESOLVE");
1607 st->state=SITE_RESOLVE;
1608 return ensure_resolving(st);
1609 }
1610
1611 static bool_t enter_new_state(struct site *st, uint32_t next)
1612 {
1613 bool_t (*gen)(struct site *st);
1614 int r;
1615
1616 slog(st,LOG_STATE,"entering state %s",state_name(next));
1617 switch(next) {
1618 case SITE_SENTMSG1:
1619 state_assert(st,st->state==SITE_RUN || st->state==SITE_RESOLVE);
1620 gen=generate_msg1;
1621 st->msg1_crossed_logged = False;
1622 break;
1623 case SITE_SENTMSG2:
1624 state_assert(st,st->state==SITE_RUN || st->state==SITE_RESOLVE ||
1625 st->state==SITE_SENTMSG1 || st->state==SITE_WAIT);
1626 gen=generate_msg2;
1627 break;
1628 case SITE_SENTMSG3:
1629 state_assert(st,st->state==SITE_SENTMSG1);
1630 BUF_FREE(&st->buffer);
1631 gen=generate_msg3;
1632 break;
1633 case SITE_SENTMSG4:
1634 state_assert(st,st->state==SITE_SENTMSG2);
1635 BUF_FREE(&st->buffer);
1636 gen=generate_msg4;
1637 break;
1638 case SITE_SENTMSG5:
1639 state_assert(st,st->state==SITE_SENTMSG3);
1640 BUF_FREE(&st->buffer);
1641 gen=generate_msg5;
1642 break;
1643 case SITE_RUN:
1644 state_assert(st,st->state==SITE_SENTMSG4);
1645 BUF_FREE(&st->buffer);
1646 gen=generate_msg6;
1647 break;
1648 default:
1649 gen=NULL;
1650 fatal("enter_new_state(%s): invalid new state",state_name(next));
1651 break;
1652 }
1653
1654 if (hacky_par_start_failnow()) return False;
1655
1656 r= gen(st) && send_msg(st);
1657
1658 hacky_par_end(&r,
1659 st->setup_retries, st->setup_retry_interval,
1660 send_msg, st);
1661
1662 if (r) {
1663 st->state=next;
1664 if (next==SITE_RUN) {
1665 BUF_FREE(&st->buffer); /* Never reused */
1666 st->timeout=0; /* Never retransmit */
1667 activate_new_key(st);
1668 }
1669 return True;
1670 }
1671 slog(st,LOG_ERROR,"error entering state %s",state_name(next));
1672 st->buffer.free=False; /* Unconditionally use the buffer; it may be
1673 in either state, and enter_state_wait() will
1674 do a BUF_FREE() */
1675 enter_state_wait(st);
1676 return False;
1677 }
1678
1679 /* msg7 tells our peer that we're about to forget our key */
1680 static bool_t send_msg7(struct site *st, cstring_t reason)
1681 {
1682 cstring_t transform_err;
1683
1684 if (current_valid(st) && st->buffer.free
1685 && transport_peers_valid(&st->peers)) {
1686 BUF_ALLOC(&st->buffer,"site:MSG7");
1687 buffer_init(&st->buffer,calculate_max_start_pad());
1688 buf_append_uint32(&st->buffer,LABEL_MSG7);
1689 buf_append_string(&st->buffer,reason);
1690 if (call_transform_forwards(st, st->current.transform,
1691 &st->buffer, &transform_err))
1692 goto free_out;
1693 buf_prepend_uint32(&st->buffer,LABEL_MSG0);
1694 buf_prepend_uint32(&st->buffer,st->index);
1695 buf_prepend_uint32(&st->buffer,st->current.remote_session_id);
1696 transport_xmit(st,&st->peers,&st->buffer,True);
1697 BUF_FREE(&st->buffer);
1698 free_out:
1699 return True;
1700 }
1701 return False;
1702 }
1703
1704 /* We go into this state if our peer becomes uncommunicative. Similar to
1705 the "stop" state, we forget all session keys for a while, before
1706 re-entering the "run" state. */
1707 static void enter_state_wait(struct site *st)
1708 {
1709 slog(st,LOG_STATE,"entering state WAIT");
1710 st->timeout=st->now+wait_timeout(st);
1711 st->state=SITE_WAIT;
1712 set_link_quality(st);
1713 BUF_FREE(&st->buffer); /* will have had an outgoing packet in it */
1714 /* XXX Erase keys etc. */
1715 }
1716
1717 static void generate_prod(struct site *st, struct buffer_if *buf)
1718 {
1719 buffer_init(buf,0);
1720 buf_append_uint32(buf,0);
1721 buf_append_uint32(buf,0);
1722 buf_append_uint32(buf,LABEL_PROD);
1723 buf_append_string(buf,st->localname);
1724 buf_append_string(buf,st->remotename);
1725 }
1726
1727 static void generate_send_prod(struct site *st,
1728 const struct comm_addr *source)
1729 {
1730 if (!st->allow_send_prod) return; /* too soon */
1731 if (!(st->state==SITE_RUN || st->state==SITE_RESOLVE ||
1732 st->state==SITE_WAIT)) return; /* we'd ignore peer's MSG1 */
1733
1734 slog(st,LOG_SETUP_INIT,"prodding peer for key exchange");
1735 st->allow_send_prod=0;
1736 generate_prod(st,&st->scratch);
1737 bool_t ok = comm_addr_sendmsg(st, source, &st->scratch);
1738 dump_packet(st,&st->scratch,source,False,ok);
1739 }
1740
1741 static inline void site_settimeout(uint64_t timeout, int *timeout_io)
1742 {
1743 if (timeout) {
1744 int64_t offset=timeout-*now;
1745 if (offset<0) offset=0;
1746 if (offset>INT_MAX) offset=INT_MAX;
1747 if (*timeout_io<0 || offset<*timeout_io)
1748 *timeout_io=offset;
1749 }
1750 }
1751
1752 static int site_beforepoll(void *sst, struct pollfd *fds, int *nfds_io,
1753 int *timeout_io)
1754 {
1755 struct site *st=sst;
1756
1757 BEFOREPOLL_WANT_FDS(0); /* We don't use any file descriptors */
1758 st->now=*now;
1759
1760 /* Work out when our next timeout is. The earlier of 'timeout' or
1761 'current.key_timeout'. A stored value of '0' indicates no timeout
1762 active. */
1763 site_settimeout(st->timeout, timeout_io);
1764 site_settimeout(st->current.key_timeout, timeout_io);
1765 site_settimeout(st->auxiliary_key.key_timeout, timeout_io);
1766
1767 return 0; /* success */
1768 }
1769
1770 static void check_expiry(struct site *st, struct data_key *key,
1771 const char *which)
1772 {
1773 if (key->key_timeout && *now>key->key_timeout) {
1774 delete_one_key(st,key,"maximum life exceeded",which,LOG_TIMEOUT_KEY);
1775 }
1776 }
1777
1778 /* NB site_afterpoll will be called before site_beforepoll is ever called */
1779 static void site_afterpoll(void *sst, struct pollfd *fds, int nfds)
1780 {
1781 struct site *st=sst;
1782
1783 st->now=*now;
1784 if (st->timeout && *now>st->timeout) {
1785 st->timeout=0;
1786 if (st->state>=SITE_SENTMSG1 && st->state<=SITE_SENTMSG5) {
1787 if (!hacky_par_start_failnow())
1788 send_msg(st);
1789 } else if (st->state==SITE_WAIT) {
1790 enter_state_run(st);
1791 } else {
1792 slog(st,LOG_ERROR,"site_afterpoll: unexpected timeout, state=%d",
1793 st->state);
1794 }
1795 }
1796 check_expiry(st,&st->current,"current key");
1797 check_expiry(st,&st->auxiliary_key,"auxiliary key");
1798 }
1799
1800 /* This function is called by the netlink device to deliver packets
1801 intended for the remote network. The packet is in "raw" wire
1802 format, but is guaranteed to be word-aligned. */
1803 static void site_outgoing(void *sst, struct buffer_if *buf)
1804 {
1805 struct site *st=sst;
1806 cstring_t transform_err;
1807
1808 if (st->state==SITE_STOP) {
1809 BUF_FREE(buf);
1810 return;
1811 }
1812
1813 st->allow_send_prod=1;
1814
1815 /* In all other states we consider delivering the packet if we have
1816 a valid key and a valid address to send it to. */
1817 if (current_valid(st) && transport_peers_valid(&st->peers)) {
1818 /* Transform it and send it */
1819 if (buf->size>0) {
1820 buf_prepend_uint32(buf,LABEL_MSG9);
1821 if (call_transform_forwards(st, st->current.transform,
1822 buf, &transform_err))
1823 goto free_out;
1824 buf_prepend_uint32(buf,LABEL_MSG0);
1825 buf_prepend_uint32(buf,st->index);
1826 buf_prepend_uint32(buf,st->current.remote_session_id);
1827 transport_xmit(st,&st->peers,buf,False);
1828 }
1829 free_out:
1830 BUF_FREE(buf);
1831 return;
1832 }
1833
1834 slog(st,LOG_DROP,"discarding outgoing packet of size %d",buf->size);
1835 BUF_FREE(buf);
1836 initiate_key_setup(st,"outgoing packet",0);
1837 }
1838
1839 static bool_t named_for_us(struct site *st, const struct buffer_if *buf_in,
1840 uint32_t type, struct msg *m)
1841 /* For packets which are identified by the local and remote names.
1842 * If it has our name and our peer's name in it it's for us. */
1843 {
1844 struct buffer_if buf[1];
1845 buffer_readonly_clone(buf,buf_in);
1846 return unpick_msg(st,type,buf,m)
1847 && name_matches(&m->remote,st->remotename)
1848 && name_matches(&m->local,st->localname);
1849 }
1850
1851 static bool_t we_have_priority(struct site *st, const struct msg *m) {
1852 if (st->local_capabilities & m->remote_capabilities &
1853 CAPAB_PRIORITY_MOBILE) {
1854 if (st->local_mobile) return True;
1855 if (st-> peer_mobile) return False;
1856 }
1857 return st->our_name_later;
1858 }
1859
1860 static bool_t setup_late_msg_ok(struct site *st,
1861 const struct buffer_if *buf_in,
1862 uint32_t msgtype,
1863 const struct comm_addr *source) {
1864 /* For setup packets which seem from their type like they are
1865 * late. Maybe they came via a different path. All we do is make
1866 * a note of the sending address, iff they look like they are part
1867 * of the current key setup attempt. */
1868 struct msg m;
1869 if (!named_for_us(st,buf_in,msgtype,&m))
1870 /* named_for_us calls unpick_msg which gets the nonces */
1871 return False;
1872 if (!consttime_memeq(m.nR,st->remoteN,NONCELEN) ||
1873 !consttime_memeq(m.nL,st->localN, NONCELEN))
1874 /* spoof ? from stale run ? who knows */
1875 return False;
1876 transport_setup_msgok(st,source);
1877 return True;
1878 }
1879
1880 /* This function is called by the communication device to deliver
1881 packets from our peers.
1882 It should return True if the packet is recognised as being for
1883 this current site instance (and should therefore not be processed
1884 by other sites), even if the packet was otherwise ignored. */
1885 static bool_t site_incoming(void *sst, struct buffer_if *buf,
1886 const struct comm_addr *source)
1887 {
1888 struct site *st=sst;
1889
1890 if (buf->size < 12) return False;
1891
1892 uint32_t dest=get_uint32(buf->start);
1893 uint32_t msgtype=get_uint32(buf->start+8);
1894 struct msg named_msg;
1895
1896 if (msgtype==LABEL_MSG1) {
1897 if (!named_for_us(st,buf,msgtype,&named_msg))
1898 return False;
1899 /* It's a MSG1 addressed to us. Decide what to do about it. */
1900 dump_packet(st,buf,source,True,True);
1901 if (st->state==SITE_RUN || st->state==SITE_RESOLVE ||
1902 st->state==SITE_WAIT) {
1903 /* We should definitely process it */
1904 transport_compute_setupinit_peers(st,0,0,source);
1905 if (process_msg1(st,buf,source,&named_msg)) {
1906 slog(st,LOG_SETUP_INIT,"key setup initiated by peer");
1907 bool_t entered=enter_new_state(st,SITE_SENTMSG2);
1908 if (entered && st->addresses && st->local_mobile)
1909 /* We must do this as the very last thing, because
1910 the resolver callback might reenter us. */
1911 ensure_resolving(st);
1912 } else {
1913 slog(st,LOG_ERROR,"failed to process incoming msg1");
1914 }
1915 BUF_FREE(buf);
1916 return True;
1917 } else if (st->state==SITE_SENTMSG1) {
1918 /* We've just sent a message 1! They may have crossed on
1919 the wire. If we have priority then we ignore the
1920 incoming one, otherwise we process it as usual. */
1921 if (we_have_priority(st,&named_msg)) {
1922 BUF_FREE(buf);
1923 if (!st->msg1_crossed_logged++)
1924 slog(st,LOG_SETUP_INIT,"crossed msg1s; we are higher "
1925 "priority => ignore incoming msg1");
1926 return True;
1927 } else {
1928 slog(st,LOG_SETUP_INIT,"crossed msg1s; we are lower "
1929 "priority => use incoming msg1");
1930 if (process_msg1(st,buf,source,&named_msg)) {
1931 BUF_FREE(&st->buffer); /* Free our old message 1 */
1932 transport_setup_msgok(st,source);
1933 enter_new_state(st,SITE_SENTMSG2);
1934 } else {
1935 slog(st,LOG_ERROR,"failed to process an incoming "
1936 "crossed msg1 (we have low priority)");
1937 }
1938 BUF_FREE(buf);
1939 return True;
1940 }
1941 } else if (st->state==SITE_SENTMSG2 ||
1942 st->state==SITE_SENTMSG4) {
1943 if (consttime_memeq(named_msg.nR,st->remoteN,NONCELEN)) {
1944 /* We are ahead in the protocol, but that msg1 had the
1945 * peer's nonce so presumably it is from this key
1946 * exchange run, via a slower route */
1947 transport_setup_msgok(st,source);
1948 } else {
1949 slog(st,LOG_UNEXPECTED,"competing incoming message 1");
1950 }
1951 BUF_FREE(buf);
1952 return True;
1953 }
1954 /* The message 1 was received at an unexpected stage of the
1955 key setup. Well, they lost the race. */
1956 slog(st,LOG_UNEXPECTED,"unexpected incoming message 1");
1957 BUF_FREE(buf);
1958 return True;
1959 }
1960 if (msgtype==LABEL_PROD) {
1961 if (!named_for_us(st,buf,msgtype,&named_msg))
1962 return False;
1963 dump_packet(st,buf,source,True,True);
1964 if (st->state!=SITE_RUN) {
1965 slog(st,LOG_DROP,"ignoring PROD when not in state RUN");
1966 } else if (current_valid(st)) {
1967 slog(st,LOG_DROP,"ignoring PROD when we think we have a key");
1968 } else {
1969 initiate_key_setup(st,"peer sent PROD packet",source);
1970 }
1971 BUF_FREE(buf);
1972 return True;
1973 }
1974 if (dest==st->index) {
1975 /* Explicitly addressed to us */
1976 if (msgtype!=LABEL_MSG0) dump_packet(st,buf,source,True,True);
1977 switch (msgtype) {
1978 case LABEL_NAK:
1979 /* If the source is our current peer then initiate a key setup,
1980 because our peer's forgotten the key */
1981 if (get_uint32(buf->start+4)==st->current.remote_session_id) {
1982 bool_t initiated;
1983 initiated = initiate_key_setup(st,"received a NAK",source);
1984 if (!initiated) generate_send_prod(st,source);
1985 } else {
1986 slog(st,LOG_SEC,"bad incoming NAK");
1987 }
1988 break;
1989 case LABEL_MSG0:
1990 process_msg0(st,buf,source);
1991 break;
1992 case LABEL_MSG1:
1993 /* Setup packet: should not have been explicitly addressed
1994 to us */
1995 slog(st,LOG_SEC,"incoming explicitly addressed msg1");
1996 break;
1997 case LABEL_MSG2:
1998 /* Setup packet: expected only in state SENTMSG1 */
1999 if (st->state!=SITE_SENTMSG1) {
2000 if ((st->state==SITE_SENTMSG3 ||
2001 st->state==SITE_SENTMSG5) &&
2002 setup_late_msg_ok(st,buf,msgtype,source))
2003 break;
2004 slog(st,LOG_UNEXPECTED,"unexpected MSG2");
2005 } else if (process_msg2(st,buf,source)) {
2006 transport_setup_msgok(st,source);
2007 enter_new_state(st,SITE_SENTMSG3);
2008 } else {
2009 slog(st,LOG_SEC,"invalid MSG2");
2010 }
2011 break;
2012 case CASES_MSG3_KNOWN:
2013 /* Setup packet: expected only in state SENTMSG2 */
2014 if (st->state!=SITE_SENTMSG2) {
2015 if ((st->state==SITE_SENTMSG4) &&
2016 setup_late_msg_ok(st,buf,msgtype,source))
2017 break;
2018 slog(st,LOG_UNEXPECTED,"unexpected MSG3");
2019 } else if (process_msg3(st,buf,source,msgtype)) {
2020 transport_setup_msgok(st,source);
2021 enter_new_state(st,SITE_SENTMSG4);
2022 } else {
2023 slog(st,LOG_SEC,"invalid MSG3");
2024 }
2025 break;
2026 case LABEL_MSG4:
2027 /* Setup packet: expected only in state SENTMSG3 */
2028 if (st->state!=SITE_SENTMSG3) {
2029 if ((st->state==SITE_SENTMSG5) &&
2030 setup_late_msg_ok(st,buf,msgtype,source))
2031 break;
2032 slog(st,LOG_UNEXPECTED,"unexpected MSG4");
2033 } else if (process_msg4(st,buf,source)) {
2034 transport_setup_msgok(st,source);
2035 enter_new_state(st,SITE_SENTMSG5);
2036 } else {
2037 slog(st,LOG_SEC,"invalid MSG4");
2038 }
2039 break;
2040 case LABEL_MSG5:
2041 /* Setup packet: expected only in state SENTMSG4 */
2042 /* (may turn up in state RUN if our return MSG6 was lost
2043 and the new key has already been activated. In that
2044 case we discard it. The peer will realise that we
2045 are using the new key when they see our data packets.
2046 Until then the peer's data packets to us get discarded. */
2047 if (st->state==SITE_SENTMSG4) {
2048 if (process_msg5(st,buf,source,st->new_transform)) {
2049 transport_setup_msgok(st,source);
2050 enter_new_state(st,SITE_RUN);
2051 } else {
2052 slog(st,LOG_SEC,"invalid MSG5");
2053 }
2054 } else if (st->state==SITE_RUN) {
2055 if (process_msg5(st,buf,source,st->current.transform)) {
2056 slog(st,LOG_DROP,"got MSG5, retransmitting MSG6");
2057 transport_setup_msgok(st,source);
2058 create_msg6(st,st->current.transform,
2059 st->current.remote_session_id);
2060 transport_xmit(st,&st->peers,&st->buffer,True);
2061 BUF_FREE(&st->buffer);
2062 } else {
2063 slog(st,LOG_SEC,"invalid MSG5 (in state RUN)");
2064 }
2065 } else {
2066 slog(st,LOG_UNEXPECTED,"unexpected MSG5");
2067 }
2068 break;
2069 case LABEL_MSG6:
2070 /* Setup packet: expected only in state SENTMSG5 */
2071 if (st->state!=SITE_SENTMSG5) {
2072 slog(st,LOG_UNEXPECTED,"unexpected MSG6");
2073 } else if (process_msg6(st,buf,source)) {
2074 BUF_FREE(&st->buffer); /* Free message 5 */
2075 transport_setup_msgok(st,source);
2076 activate_new_key(st);
2077 } else {
2078 slog(st,LOG_SEC,"invalid MSG6");
2079 }
2080 break;
2081 default:
2082 slog(st,LOG_SEC,"received message of unknown type 0x%08x",
2083 msgtype);
2084 break;
2085 }
2086 BUF_FREE(buf);
2087 return True;
2088 }
2089
2090 return False;
2091 }
2092
2093 static void site_control(void *vst, bool_t run)
2094 {
2095 struct site *st=vst;
2096 if (run) enter_state_run(st);
2097 else enter_state_stop(st);
2098 }
2099
2100 static void site_phase_hook(void *sst, uint32_t newphase)
2101 {
2102 struct site *st=sst;
2103
2104 /* The program is shutting down; tell our peer */
2105 send_msg7(st,"shutting down");
2106 }
2107
2108 static void site_childpersist_clearkeys(void *sst, uint32_t newphase)
2109 {
2110 struct site *st=sst;
2111 dispose_transform(&st->current.transform);
2112 dispose_transform(&st->auxiliary_key.transform);
2113 dispose_transform(&st->new_transform);
2114 /* Not much point overwiting the signing key, since we loaded it
2115 from disk, and it is only valid prospectively if at all,
2116 anyway. */
2117 /* XXX it would be best to overwrite the DH state, because that
2118 _is_ relevant to forward secrecy. However we have no
2119 convenient interface for doing that and in practice gmp has
2120 probably dribbled droppings all over the malloc arena. A good
2121 way to fix this would be to have a privsep child for asymmetric
2122 crypto operations, but that's a task for another day. */
2123 }
2124
2125 static list_t *site_apply(closure_t *self, struct cloc loc, dict_t *context,
2126 list_t *args)
2127 {
2128 static uint32_t index_sequence;
2129 struct site *st;
2130 item_t *item;
2131 dict_t *dict;
2132 int i;
2133
2134 NEW(st);
2135
2136 st->cl.description="site";
2137 st->cl.type=CL_SITE;
2138 st->cl.apply=NULL;
2139 st->cl.interface=&st->ops;
2140 st->ops.st=st;
2141 st->ops.control=site_control;
2142 st->ops.status=site_status;
2143
2144 /* First parameter must be a dict */
2145 item=list_elem(args,0);
2146 if (!item || item->type!=t_dict)
2147 cfgfatal(loc,"site","parameter must be a dictionary\n");
2148
2149 dict=item->data.dict;
2150 st->localname=dict_read_string(dict, "local-name", True, "site", loc);
2151 st->remotename=dict_read_string(dict, "name", True, "site", loc);
2152
2153 st->keepalive=dict_read_bool(dict,"keepalive",False,"site",loc,False);
2154
2155 st->peer_mobile=dict_read_bool(dict,"mobile",False,"site",loc,False);
2156 st->local_mobile=
2157 dict_read_bool(dict,"local-mobile",False,"site",loc,False);
2158
2159 /* Sanity check (which also allows the 'sites' file to include
2160 site() closures for all sites including our own): refuse to
2161 talk to ourselves */
2162 if (strcmp(st->localname,st->remotename)==0) {
2163 Message(M_DEBUG,"site %s: local-name==name -> ignoring this site\n",
2164 st->localname);
2165 if (st->peer_mobile != st->local_mobile)
2166 cfgfatal(loc,"site","site %s's peer-mobile=%d"
2167 " but our local-mobile=%d\n",
2168 st->localname, st->peer_mobile, st->local_mobile);
2169 free(st);
2170 return NULL;
2171 }
2172 if (st->peer_mobile && st->local_mobile) {
2173 Message(M_WARNING,"site %s: site is mobile but so are we"
2174 " -> ignoring this site\n", st->remotename);
2175 free(st);
2176 return NULL;
2177 }
2178
2179 assert(index_sequence < 0xffffffffUL);
2180 st->index = ++index_sequence;
2181 st->local_capabilities = CAPAB_EXPLICIT_TRANSFORM_DH;
2182 st->early_capabilities = CAPAB_PRIORITY_MOBILE;
2183 st->netlink=find_cl_if(dict,"link",CL_NETLINK,True,"site",loc);
2184
2185 #define GET_CLOSURE_LIST(dictkey,things,nthings,CL_TYPE) do{ \
2186 list_t *things##_cfg=dict_lookup(dict,dictkey); \
2187 if (!things##_cfg) \
2188 cfgfatal(loc,"site","closure list \"%s\" not found\n",dictkey); \
2189 st->nthings=list_length(things##_cfg); \
2190 NEW_ARY(st->things,st->nthings); \
2191 assert(st->nthings); \
2192 for (i=0; i<st->nthings; i++) { \
2193 item_t *item=list_elem(things##_cfg,i); \
2194 if (item->type!=t_closure) \
2195 cfgfatal(loc,"site","%s is not a closure\n",dictkey); \
2196 closure_t *cl=item->data.closure; \
2197 if (cl->type!=CL_TYPE) \
2198 cfgfatal(loc,"site","%s closure wrong type\n",dictkey); \
2199 st->things[i]=cl->interface; \
2200 } \
2201 }while(0)
2202
2203 GET_CLOSURE_LIST("comm",comms,ncomms,CL_COMM);
2204
2205 NEW_ARY(st->commclientinfos, st->ncomms);
2206 dict_t *comminfo = dict_read_dict(dict,"comm-info",False,"site",loc);
2207 for (i=0; i<st->ncomms; i++) {
2208 st->commclientinfos[i] =
2209 !comminfo ? 0 :
2210 st->comms[i]->clientinfo(st->comms[i],comminfo,loc);
2211 }
2212
2213 st->resolver=find_cl_if(dict,"resolver",CL_RESOLVER,True,"site",loc);
2214 st->log=find_cl_if(dict,"log",CL_LOG,True,"site",loc);
2215 st->random=find_cl_if(dict,"random",CL_RANDOMSRC,True,"site",loc);
2216
2217 st->privkey=find_cl_if(dict,"local-key",CL_RSAPRIVKEY,True,"site",loc);
2218 st->addresses=dict_read_string_array(dict,"address",False,"site",loc,0);
2219 if (st->addresses)
2220 st->remoteport=dict_read_number(dict,"port",True,"site",loc,0);
2221 else st->remoteport=0;
2222 st->pubkey=find_cl_if(dict,"key",CL_RSAPUBKEY,True,"site",loc);
2223
2224 GET_CLOSURE_LIST("transform",transforms,ntransforms,CL_TRANSFORM);
2225 GET_CLOSURE_LIST("dh",dhs,ndhs,CL_DH);
2226
2227 st->hash=find_cl_if(dict,"hash",CL_HASH,True,"site",loc);
2228
2229 #define DEFAULT(D) (st->peer_mobile || st->local_mobile \
2230 ? DEFAULT_MOBILE_##D : DEFAULT_##D)
2231 #define CFG_NUMBER(k,D) dict_read_number(dict,(k),False,"site",loc,DEFAULT(D));
2232
2233 st->key_lifetime= CFG_NUMBER("key-lifetime", KEY_LIFETIME);
2234 st->setup_retries= CFG_NUMBER("setup-retries", SETUP_RETRIES);
2235 st->setup_retry_interval= CFG_NUMBER("setup-timeout", SETUP_RETRY_INTERVAL);
2236 st->wait_timeout_mean= CFG_NUMBER("wait-time", WAIT_TIME);
2237 st->mtu_target= dict_read_number(dict,"mtu-target",False,"site",loc,0);
2238
2239 st->mobile_peer_expiry= dict_read_number(
2240 dict,"mobile-peer-expiry",False,"site",loc,DEFAULT_MOBILE_PEER_EXPIRY);
2241
2242 const char *peerskey= st->peer_mobile
2243 ? "mobile-peers-max" : "static-peers-max";
2244 st->transport_peers_max= dict_read_number(
2245 dict,peerskey,False,"site",loc, st->addresses ? 4 : 3);
2246 if (st->transport_peers_max<1 ||
2247 st->transport_peers_max>MAX_PEER_ADDRS) {
2248 cfgfatal(loc,"site", "%s must be in range 1.."
2249 STRING(MAX_PEER_ADDRS) "\n", peerskey);
2250 }
2251
2252 if (st->key_lifetime < DEFAULT(KEY_RENEGOTIATE_GAP)*2)
2253 st->key_renegotiate_time=st->key_lifetime/2;
2254 else
2255 st->key_renegotiate_time=st->key_lifetime-DEFAULT(KEY_RENEGOTIATE_GAP);
2256 st->key_renegotiate_time=dict_read_number(
2257 dict,"renegotiate-time",False,"site",loc,st->key_renegotiate_time);
2258 if (st->key_renegotiate_time > st->key_lifetime) {
2259 cfgfatal(loc,"site",
2260 "renegotiate-time must be less than key-lifetime\n");
2261 }
2262
2263 st->log_events=string_list_to_word(dict_lookup(dict,"log-events"),
2264 log_event_table,"site");
2265
2266 st->resolving_count=0;
2267 st->allow_send_prod=0;
2268
2269 st->tunname=safe_malloc(strlen(st->localname)+strlen(st->remotename)+5,
2270 "site_apply");
2271 sprintf(st->tunname,"%s<->%s",st->localname,st->remotename);
2272
2273 /* The information we expect to see in incoming messages of type 1 */
2274 /* fixme: lots of unchecked overflows here, but the results are only
2275 corrupted packets rather than undefined behaviour */
2276 st->our_name_later=(strcmp(st->localname,st->remotename)>0);
2277
2278 buffer_new(&st->buffer,SETUP_BUFFER_LEN);
2279
2280 buffer_new(&st->scratch,SETUP_BUFFER_LEN);
2281 BUF_ALLOC(&st->scratch,"site:scratch");
2282
2283 /* We are interested in poll(), but only for timeouts. We don't have
2284 any fds of our own. */
2285 register_for_poll(st, site_beforepoll, site_afterpoll, "site");
2286 st->timeout=0;
2287
2288 st->remote_capabilities=0;
2289 st->chosen_transform=0;
2290 st->chosen_dh=0;
2291 st->current.key_timeout=0;
2292 st->auxiliary_key.key_timeout=0;
2293 transport_peers_clear(st,&st->peers);
2294 transport_peers_clear(st,&st->setup_peers);
2295 st->dhsecret=0;
2296 st->sharedsecret=0;
2297
2298 #define SET_CAPBIT(bit) do { \
2299 uint32_t capflag = 1UL << (bit); \
2300 if (st->local_capabilities & capflag) \
2301 slog(st,LOG_ERROR,"capability bit" \
2302 " %d (%#"PRIx32") reused", (bit), capflag); \
2303 st->local_capabilities |= capflag; \
2304 } while (0)
2305
2306 for (i=0; i<st->ntransforms; i++)
2307 SET_CAPBIT(st->transforms[i]->capab_bit);
2308 for (i=0; i<st->ndhs; i++)
2309 SET_CAPBIT(st->dhs[i]->capab_bit);
2310
2311 #undef SET_CAPBIT
2312
2313 if (st->local_mobile || st->peer_mobile)
2314 st->local_capabilities |= CAPAB_PRIORITY_MOBILE;
2315
2316 /* We need to register the remote networks with the netlink device */
2317 uint32_t netlink_mtu; /* local virtual interface mtu */
2318 st->netlink->reg(st->netlink->st, site_outgoing, st, &netlink_mtu);
2319 if (!st->mtu_target)
2320 st->mtu_target=netlink_mtu;
2321
2322 for (i=0; i<st->ncomms; i++)
2323 st->comms[i]->request_notify(st->comms[i]->st, st, site_incoming);
2324
2325 st->current.transform=0;
2326 st->auxiliary_key.transform=0;
2327 st->new_transform=0;
2328 st->auxiliary_is_new=0;
2329
2330 enter_state_stop(st);
2331
2332 add_hook(PHASE_SHUTDOWN,site_phase_hook,st);
2333 add_hook(PHASE_CHILDPERSIST,site_childpersist_clearkeys,st);
2334
2335 return new_closure(&st->cl);
2336 }
2337
2338 void site_module(dict_t *dict)
2339 {
2340 add_closure(dict,"site",site_apply);
2341 }
2342
2343
2344 /***** TRANSPORT PEERS definitions *****/
2345
2346 static void transport_peers_debug(struct site *st, transport_peers *dst,
2347 const char *didwhat,
2348 int nargs, const struct comm_addr *args,
2349 size_t stride) {
2350 int i;
2351 char *argp;
2352
2353 if (!(st->log_events & LOG_PEER_ADDRS))
2354 return; /* an optimisation */
2355
2356 slog(st, LOG_PEER_ADDRS, "peers (%s) %s nargs=%d => npeers=%d",
2357 (dst==&st->peers ? "data" :
2358 dst==&st->setup_peers ? "setup" : "UNKNOWN"),
2359 didwhat, nargs, dst->npeers);
2360
2361 for (i=0, argp=(void*)args;
2362 i<nargs;
2363 i++, (argp+=stride?stride:sizeof(*args))) {
2364 const struct comm_addr *ca=(void*)argp;
2365 slog(st, LOG_PEER_ADDRS, " args: addrs[%d]=%s",
2366 i, comm_addr_to_string(ca));
2367 }
2368 for (i=0; i<dst->npeers; i++) {
2369 struct timeval diff;
2370 timersub(tv_now,&dst->peers[i].last,&diff);
2371 const struct comm_addr *ca=&dst->peers[i].addr;
2372 slog(st, LOG_PEER_ADDRS, " peers: addrs[%d]=%s T-%ld.%06ld",
2373 i, comm_addr_to_string(ca),
2374 (unsigned long)diff.tv_sec, (unsigned long)diff.tv_usec);
2375 }
2376 }
2377
2378 static void transport_peers_expire(struct site *st, transport_peers *peers) {
2379 /* peers must be sorted first */
2380 int previous_peers=peers->npeers;
2381 struct timeval oldest;
2382 oldest.tv_sec = tv_now->tv_sec - st->mobile_peer_expiry;
2383 oldest.tv_usec = tv_now->tv_usec;
2384 while (peers->npeers>1 &&
2385 timercmp(&peers->peers[peers->npeers-1].last, &oldest, <))
2386 peers->npeers--;
2387 if (peers->npeers != previous_peers)
2388 transport_peers_debug(st,peers,"expire", 0,0,0);
2389 }
2390
2391 static bool_t transport_peer_record_one(struct site *st, transport_peers *peers,
2392 const struct comm_addr *ca,
2393 const struct timeval *tv) {
2394 /* returns false if output is full */
2395 int search;
2396
2397 if (peers->npeers >= st->transport_peers_max)
2398 return 0;
2399
2400 for (search=0; search<peers->npeers; search++)
2401 if (comm_addr_equal(&peers->peers[search].addr, ca))
2402 return 1;
2403
2404 peers->peers[peers->npeers].addr = *ca;
2405 peers->peers[peers->npeers].last = *tv;
2406 peers->npeers++;
2407 return 1;
2408 }
2409
2410 static void transport_record_peers(struct site *st, transport_peers *peers,
2411 const struct comm_addr *addrs, int naddrs,
2412 const char *m) {
2413 /* We add addrs into peers. The new entries end up at the front
2414 * and displace entries towards the end (perhaps even off the
2415 * end). Any existing matching entries are moved up to the front.
2416 *
2417 * Caller must first call transport_peers_expire. */
2418
2419 if (naddrs==1) {
2420 /* avoids debug for uninteresting updates */
2421 int i;
2422 for (i=0; i<peers->npeers; i++) {
2423 if (comm_addr_equal(&addrs[0], &peers->peers[i].addr)) {
2424 memmove(peers->peers+1, peers->peers,
2425 sizeof(peers->peers[0]) * i);
2426 peers->peers[0].addr = addrs[0];
2427 peers->peers[0].last = *tv_now;
2428 return;
2429 }
2430 }
2431 }
2432
2433 int old_npeers=peers->npeers;
2434 transport_peer old_peers[old_npeers];
2435 COPY_ARRAY(old_peers,peers->peers,old_npeers);
2436
2437 peers->npeers=0;
2438 int i;
2439 for (i=0; i<naddrs; i++) {
2440 if (!transport_peer_record_one(st,peers, &addrs[i], tv_now))
2441 break;
2442 }
2443 for (i=0; i<old_npeers; i++) {
2444 const transport_peer *old=&old_peers[i];
2445 if (!transport_peer_record_one(st,peers, &old->addr, &old->last))
2446 break;
2447 }
2448
2449 transport_peers_debug(st,peers,m, naddrs,addrs,0);
2450 }
2451
2452 static void transport_expire_record_peers(struct site *st,
2453 transport_peers *peers,
2454 const struct comm_addr *addrs,
2455 int naddrs, const char *m) {
2456 /* Convenience function */
2457 transport_peers_expire(st,peers);
2458 transport_record_peers(st,peers,addrs,naddrs,m);
2459 }
2460
2461 static bool_t transport_compute_setupinit_peers(struct site *st,
2462 const struct comm_addr *configured_addrs /* 0 if none or not found */,
2463 int n_configured_addrs /* 0 if none or not found */,
2464 const struct comm_addr *incoming_packet_addr /* 0 if none */) {
2465 if (!n_configured_addrs && !incoming_packet_addr &&
2466 !transport_peers_valid(&st->peers))
2467 return False;
2468
2469 slog(st,LOG_SETUP_INIT,
2470 "using: %d configured addr(s);%s %d old peer addrs(es)",
2471 n_configured_addrs,
2472 incoming_packet_addr ? " incoming packet address;" : "",
2473 st->peers.npeers);
2474
2475 /* Non-mobile peers try addresses until one is plausible. The
2476 * effect is that this code always tries first the configured
2477 * address if supplied, or otherwise the address of the incoming
2478 * PROD, or finally the existing data peer if one exists; this is
2479 * as desired. */
2480
2481 transport_peers_copy(st,&st->setup_peers,&st->peers);
2482 transport_peers_expire(st,&st->setup_peers);
2483
2484 if (incoming_packet_addr)
2485 transport_record_peers(st,&st->setup_peers,
2486 incoming_packet_addr,1, "incoming");
2487
2488 if (n_configured_addrs)
2489 transport_record_peers(st,&st->setup_peers,
2490 configured_addrs,n_configured_addrs, "setupinit");
2491
2492 assert(transport_peers_valid(&st->setup_peers));
2493 return True;
2494 }
2495
2496 static void transport_setup_msgok(struct site *st, const struct comm_addr *a) {
2497 if (st->peer_mobile)
2498 transport_expire_record_peers(st,&st->setup_peers,a,1,"setupmsg");
2499 }
2500 static void transport_data_msgok(struct site *st, const struct comm_addr *a) {
2501 if (st->peer_mobile)
2502 transport_expire_record_peers(st,&st->peers,a,1,"datamsg");
2503 }
2504
2505 static int transport_peers_valid(transport_peers *peers) {
2506 return peers->npeers;
2507 }
2508 static void transport_peers_clear(struct site *st, transport_peers *peers) {
2509 peers->npeers= 0;
2510 transport_peers_debug(st,peers,"clear",0,0,0);
2511 }
2512 static void transport_peers_copy(struct site *st, transport_peers *dst,
2513 const transport_peers *src) {
2514 dst->npeers=src->npeers;
2515 COPY_ARRAY(dst->peers, src->peers, dst->npeers);
2516 transport_peers_debug(st,dst,"copy",
2517 src->npeers, &src->peers->addr, sizeof(*src->peers));
2518 }
2519
2520 static void transport_resolve_complete(struct site *st,
2521 const struct comm_addr *addrs,
2522 int naddrs) {
2523 transport_expire_record_peers(st,&st->peers,addrs,naddrs,
2524 "resolved data");
2525 transport_expire_record_peers(st,&st->setup_peers,addrs,naddrs,
2526 "resolved setup");
2527 }
2528
2529 static void transport_resolve_complete_tardy(struct site *st,
2530 const struct comm_addr *addrs,
2531 int naddrs) {
2532 transport_expire_record_peers(st,&st->peers,addrs,naddrs,
2533 "resolved tardily");
2534 }
2535
2536 static void transport_peers__copy_by_mask(transport_peer *out, int *nout_io,
2537 unsigned mask,
2538 const transport_peers *inp) {
2539 /* out and in->peers may be the same region, or nonoverlapping */
2540 const transport_peer *in=inp->peers;
2541 int slot;
2542 for (slot=0; slot<inp->npeers; slot++) {
2543 if (!(mask & (1U << slot)))
2544 continue;
2545 if (!(out==in && slot==*nout_io))
2546 COPY_OBJ(out[*nout_io], in[slot]);
2547 (*nout_io)++;
2548 }
2549 }
2550
2551 void transport_xmit(struct site *st, transport_peers *peers,
2552 struct buffer_if *buf, bool_t candebug) {
2553 int slot;
2554 transport_peers_expire(st, peers);
2555 unsigned failed=0; /* bitmask */
2556 assert(MAX_PEER_ADDRS < sizeof(unsigned)*CHAR_BIT);
2557
2558 int nfailed=0;
2559 for (slot=0; slot<peers->npeers; slot++) {
2560 transport_peer *peer=&peers->peers[slot];
2561 bool_t ok = comm_addr_sendmsg(st, &peer->addr, buf);
2562 if (candebug)
2563 dump_packet(st, buf, &peer->addr, False, ok);
2564 if (!ok) {
2565 failed |= 1U << slot;
2566 nfailed++;
2567 }
2568 if (ok && !st->peer_mobile)
2569 break;
2570 }
2571 /* Now we need to demote/delete failing addrs: if we are mobile we
2572 * merely demote them; otherwise we delete them. */
2573 if (st->local_mobile) {
2574 unsigned expected = ((1U << nfailed)-1) << (peers->npeers-nfailed);
2575 /* `expected' has all the failures at the end already */
2576 if (failed != expected) {
2577 int fslot=0;
2578 transport_peer failedpeers[nfailed];
2579 transport_peers__copy_by_mask(failedpeers, &fslot, failed,peers);
2580 assert(fslot == nfailed);
2581 int wslot=0;
2582 transport_peers__copy_by_mask(peers->peers,&wslot,~failed,peers);
2583 assert(wslot+nfailed == peers->npeers);
2584 COPY_ARRAY(peers->peers+wslot, failedpeers, nfailed);
2585 transport_peers_debug(st,peers,"mobile failure reorder",0,0,0);
2586 }
2587 } else {
2588 if (failed && peers->npeers > 1) {
2589 int wslot=0;
2590 transport_peers__copy_by_mask(peers->peers,&wslot,~failed,peers);
2591 peers->npeers=wslot;
2592 transport_peers_debug(st,peers,"non-mobile failure cleanup",0,0,0);
2593 }
2594 }
2595 }
2596
2597 /***** END of transport peers declarations *****/
Secnet virtual private network: clone of http://www.chiark.greenend.org.uk/ucgi/~ian/git/secnet.git/