~mdw / secnet / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
site: Prepare for adding more MSG3 variants
[secnet] / site.c
1 /* site.c - manage communication with a remote network site */
2
3 /*
4 * This file is part of secnet.
5 * See README for full list of copyright holders.
6 *
7 * secnet is free software; you can redistribute it and/or modify it
8 * under the terms of the GNU General Public License as published by
9 * the Free Software Foundation; either version 3 of the License, or
10 * (at your option) any later version.
11 *
12 * secnet is distributed in the hope that it will be useful, but
13 * WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
15 * General Public License for more details.
16 *
17 * You should have received a copy of the GNU General Public License
18 * version 3 along with secnet; if not, see
19 * https://www.gnu.org/licenses/gpl.html.
20 */
21
22 /* The 'site' code doesn't know anything about the structure of the
23 packets it's transmitting. In fact, under the new netlink
24 configuration scheme it doesn't need to know anything at all about
25 IP addresses, except how to contact its peer. This means it could
26 potentially be used to tunnel other protocols too (IPv6, IPX, plain
27 old Ethernet frames) if appropriate netlink code can be written
28 (and that ought not to be too hard, eg. using the TUN/TAP device to
29 pretend to be an Ethernet interface). */
30
31 /* At some point in the future the netlink code will be asked for
32 configuration information to go in the PING/PONG packets at the end
33 of the key exchange. */
34
35 #include "secnet.h"
36 #include <stdio.h>
37 #include <string.h>
38 #include <limits.h>
39 #include <assert.h>
40 #include <sys/socket.h>
41
42 #include <sys/mman.h>
43 #include "util.h"
44 #include "unaligned.h"
45 #include "magic.h"
46
47 #define SETUP_BUFFER_LEN 2048
48
49 #define DEFAULT_KEY_LIFETIME (3600*1000) /* [ms] */
50 #define DEFAULT_KEY_RENEGOTIATE_GAP (5*60*1000) /* [ms] */
51 #define DEFAULT_SETUP_RETRIES 5
52 #define DEFAULT_SETUP_RETRY_INTERVAL (2*1000) /* [ms] */
53 #define DEFAULT_WAIT_TIME (20*1000) /* [ms] */
54
55 #define DEFAULT_MOBILE_KEY_LIFETIME (2*24*3600*1000) /* [ms] */
56 #define DEFAULT_MOBILE_KEY_RENEGOTIATE_GAP (12*3600*1000) /* [ms] */
57 #define DEFAULT_MOBILE_SETUP_RETRIES 30
58 #define DEFAULT_MOBILE_SETUP_RETRY_INTERVAL (1*1000) /* [ms] */
59 #define DEFAULT_MOBILE_WAIT_TIME (10*1000) /* [ms] */
60
61 #define DEFAULT_MOBILE_PEER_EXPIRY (2*60) /* [s] */
62
63 /* Each site can be in one of several possible states. */
64
65 /* States:
66 SITE_STOP - nothing is allowed to happen; tunnel is down;
67 all session keys have been erased
68 -> SITE_RUN upon external instruction
69 SITE_RUN - site up, maybe with valid key
70 -> SITE_RESOLVE upon outgoing packet and no valid key
71 we start name resolution for the other end of the tunnel
72 -> SITE_SENTMSG2 upon valid incoming message 1 and suitable time
73 we send an appropriate message 2
74 SITE_RESOLVE - waiting for name resolution
75 -> SITE_SENTMSG1 upon successful resolution
76 we send an appropriate message 1
77 -> SITE_SENTMSG2 upon valid incoming message 1 (then abort resolution)
78 we abort resolution and
79 -> SITE_WAIT on timeout or resolution failure
80 SITE_SENTMSG1
81 -> SITE_SENTMSG2 upon valid incoming message 1 from higher priority end
82 -> SITE_SENTMSG3 upon valid incoming message 2
83 -> SITE_WAIT on timeout
84 SITE_SENTMSG2
85 -> SITE_SENTMSG4 upon valid incoming message 3
86 -> SITE_WAIT on timeout
87 SITE_SENTMSG3
88 -> SITE_SENTMSG5 upon valid incoming message 4
89 -> SITE_WAIT on timeout
90 SITE_SENTMSG4
91 -> SITE_RUN upon valid incoming message 5
92 -> SITE_WAIT on timeout
93 SITE_SENTMSG5
94 -> SITE_RUN upon valid incoming message 6
95 -> SITE_WAIT on timeout
96 SITE_WAIT - failed to establish key; do nothing for a while
97 -> SITE_RUN on timeout
98 */
99
100 #define SITE_STOP 0
101 #define SITE_RUN 1
102 #define SITE_RESOLVE 2
103 #define SITE_SENTMSG1 3
104 #define SITE_SENTMSG2 4
105 #define SITE_SENTMSG3 5
106 #define SITE_SENTMSG4 6
107 #define SITE_SENTMSG5 7
108 #define SITE_WAIT 8
109
110 #define CASES_MSG3_KNOWN LABEL_MSG3: case LABEL_MSG3BIS
111
112 int32_t site_max_start_pad = 4*4;
113
114 static cstring_t state_name(uint32_t state)
115 {
116 switch (state) {
117 case 0: return "STOP";
118 case 1: return "RUN";
119 case 2: return "RESOLVE";
120 case 3: return "SENTMSG1";
121 case 4: return "SENTMSG2";
122 case 5: return "SENTMSG3";
123 case 6: return "SENTMSG4";
124 case 7: return "SENTMSG5";
125 case 8: return "WAIT";
126 default: return "*bad state*";
127 }
128 }
129
130 #define NONCELEN 8
131
132 #define LOG_UNEXPECTED 0x00000001
133 #define LOG_SETUP_INIT 0x00000002
134 #define LOG_SETUP_TIMEOUT 0x00000004
135 #define LOG_ACTIVATE_KEY 0x00000008
136 #define LOG_TIMEOUT_KEY 0x00000010
137 #define LOG_SEC 0x00000020
138 #define LOG_STATE 0x00000040
139 #define LOG_DROP 0x00000080
140 #define LOG_DUMP 0x00000100
141 #define LOG_ERROR 0x00000400
142 #define LOG_PEER_ADDRS 0x00000800
143
144 static struct flagstr log_event_table[]={
145 { "unexpected", LOG_UNEXPECTED },
146 { "setup-init", LOG_SETUP_INIT },
147 { "setup-timeout", LOG_SETUP_TIMEOUT },
148 { "activate-key", LOG_ACTIVATE_KEY },
149 { "timeout-key", LOG_TIMEOUT_KEY },
150 { "security", LOG_SEC },
151 { "state-change", LOG_STATE },
152 { "packet-drop", LOG_DROP },
153 { "dump-packets", LOG_DUMP },
154 { "errors", LOG_ERROR },
155 { "peer-addrs", LOG_PEER_ADDRS },
156 { "default", LOG_SETUP_INIT|LOG_SETUP_TIMEOUT|
157 LOG_ACTIVATE_KEY|LOG_TIMEOUT_KEY|LOG_SEC|LOG_ERROR },
158 { "all", 0xffffffff },
159 { NULL, 0 }
160 };
161
162
163 /***** TRANSPORT PEERS declarations *****/
164
165 /* Details of "mobile peer" semantics:
166
167 - We use the same data structure for the different configurations,
168 but manage it with different algorithms.
169
170 - We record up to mobile_peers_max peer address/port numbers
171 ("peers") for key setup, and separately up to mobile_peers_max
172 for data transfer.
173
174 - In general, we make a new set of addrs (see below) when we start
175 a new key exchange; the key setup addrs become the data transport
176 addrs when key setup complets.
177
178 If our peer is mobile:
179
180 - We send to all recent addresses of incoming packets, plus
181 initially all configured addresses (which we also expire).
182
183 - So, we record addrs of good incoming packets, as follows:
184 1. expire any peers last seen >120s ("mobile-peer-expiry") ago
185 2. add the peer of the just received packet to the applicable list
186 (possibly evicting the oldest entries to make room)
187 NB that we do not expire peers until an incoming packet arrives.
188
189 - If the peer has a configured address or name, we record them the
190 same way, but only as a result of our own initiation of key
191 setup. (We might evict some incoming packet addrs to make room.)
192
193 - The default number of addrs to keep is 3, or 4 if we have a
194 configured name or address. That's space for two configured
195 addresses (one IPv6 and one IPv4), plus two received addresses.
196
197 - Outgoing packets are sent to every recorded address in the
198 applicable list. Any unsupported[1] addresses are deleted from
199 the list right away. (This should only happen to configured
200 addresses, of course, but there is no need to check that.)
201
202 - When we successfully complete a key setup, we merge the key setup
203 peers into the data transfer peers.
204
205 [1] An unsupported address is one for whose AF we don't have a
206 socket (perhaps because we got EAFNOSUPPORT or some such) or for
207 which sendto gives ENETUNREACH.
208
209 If neither end is mobile:
210
211 - When peer initiated the key exchange, we use the incoming packet
212 address.
213
214 - When we initiate the key exchange, we try configured addresses
215 until we get one which isn't unsupported then fixate on that.
216
217 - When we complete a key setup, we replace the data transport peers
218 with those from the key setup.
219
220 If we are mobile:
221
222 - We can't tell when local network setup changes so we can't cache
223 the unsupported addrs and completely remove the spurious calls to
224 sendto, but we can optimise things a bit by deprioritising addrs
225 which seem to be unsupported.
226
227 - Use only configured addresses. (Except, that if our peer
228 initiated a key exchange we use the incoming packet address until
229 our name resolution completes.)
230
231 - When we send a packet, try each address in turn; if addr
232 supported, put that address to the end of the list for future
233 packets, and go onto the next address.
234
235 - When we complete a key setup, we replace the data transport peers
236 with those from the key setup.
237
238 */
239
240 typedef struct {
241 struct timeval last;
242 struct comm_addr addr;
243 } transport_peer;
244
245 typedef struct {
246 /* configuration information */
247 /* runtime information */
248 int npeers;
249 transport_peer peers[MAX_PEER_ADDRS];
250 } transport_peers;
251
252 /* Basic operations on transport peer address sets */
253 static void transport_peers_clear(struct site *st, transport_peers *peers);
254 static int transport_peers_valid(transport_peers *peers);
255 static void transport_peers_copy(struct site *st, transport_peers *dst,
256 const transport_peers *src);
257
258 /* Record address of incoming setup packet; resp. data packet. */
259 static void transport_setup_msgok(struct site *st, const struct comm_addr *a);
260 static void transport_data_msgok(struct site *st, const struct comm_addr *a);
261
262 /* Initialise the setup addresses. Called before we send the first
263 * packet in a key exchange. If we are the initiator, as a result of
264 * resolve completing (or being determined not to be relevant) or an
265 * incoming PROD; if we are the responder, as a result of the MSG1. */
266 static bool_t transport_compute_setupinit_peers(struct site *st,
267 const struct comm_addr *configured_addrs /* 0 if none or not found */,
268 int n_configured_addrs /* 0 if none or not found */,
269 const struct comm_addr *incoming_packet_addr /* 0 if none */);
270
271 /* Called if we are the responder in a key setup, when the resolve
272 * completes. transport_compute_setupinit_peers will hvae been called
273 * earlier. If _complete is called, we are still doing the key setup
274 * (and we should use the new values for both the rest of the key
275 * setup and the ongoing data exchange); if _tardy is called, the key
276 * setup is done (either completed or not) and only the data peers are
277 * relevant */
278 static void transport_resolve_complete(struct site *st,
279 const struct comm_addr *addrs, int naddrs);
280 static void transport_resolve_complete_tardy(struct site *st,
281 const struct comm_addr *addrs, int naddrs);
282
283 static void transport_xmit(struct site *st, transport_peers *peers,
284 struct buffer_if *buf, bool_t candebug);
285
286 /***** END of transport peers declarations *****/
287
288
289 struct data_key {
290 struct transform_inst_if *transform;
291 uint64_t key_timeout; /* End of life of current key */
292 uint32_t remote_session_id;
293 };
294
295 struct site {
296 closure_t cl;
297 struct site_if ops;
298 /* configuration information */
299 string_t localname;
300 string_t remotename;
301 bool_t keepalive;
302 bool_t local_mobile, peer_mobile; /* Mobile client support */
303 int32_t transport_peers_max;
304 string_t tunname; /* localname<->remotename by default, used in logs */
305 cstring_t *addresses; /* DNS name or address(es) for bootstrapping, optional */
306 int remoteport; /* Port for bootstrapping, optional */
307 uint32_t mtu_target;
308 struct netlink_if *netlink;
309 struct comm_if **comms;
310 struct comm_clientinfo **commclientinfos;
311 int ncomms;
312 struct resolver_if *resolver;
313 struct log_if *log;
314 struct random_if *random;
315 struct rsaprivkey_if *privkey;
316 struct rsapubkey_if *pubkey;
317 struct transform_if **transforms;
318 int ntransforms;
319 struct dh_if *dh;
320 struct hash_if *hash;
321
322 uint32_t index; /* Index of this site */
323 uint32_t early_capabilities;
324 uint32_t local_capabilities;
325 int32_t setup_retries; /* How many times to send setup packets */
326 int32_t setup_retry_interval; /* Initial timeout for setup packets */
327 int32_t wait_timeout_mean; /* How long to wait if setup unsuccessful */
328 int32_t mobile_peer_expiry; /* How long to remember 2ary addresses */
329 int32_t key_lifetime; /* How long a key lasts once set up */
330 int32_t key_renegotiate_time; /* If we see traffic (or a keepalive)
331 after this time, initiate a new
332 key exchange */
333
334 bool_t our_name_later; /* our name > peer name */
335 uint32_t log_events;
336
337 /* runtime information */
338 uint32_t state;
339 uint64_t now; /* Most recently seen time */
340 bool_t allow_send_prod;
341 bool_t msg1_crossed_logged;
342 int resolving_count;
343 int resolving_n_results_all;
344 int resolving_n_results_stored;
345 struct comm_addr resolving_results[MAX_PEER_ADDRS];
346
347 /* The currently established session */
348 struct data_key current;
349 struct data_key auxiliary_key;
350 bool_t auxiliary_is_new;
351 uint64_t renegotiate_key_time; /* When we can negotiate a new key */
352 uint64_t auxiliary_renegotiate_key_time;
353 transport_peers peers; /* Current address(es) of peer for data traffic */
354
355 /* The current key setup protocol exchange. We can only be
356 involved in one of these at a time. There's a potential for
357 denial of service here (the attacker keeps sending a setup
358 packet; we keep trying to continue the exchange, and have to
359 timeout before we can listen for another setup packet); perhaps
360 we should keep a list of 'bad' sources for setup packets. */
361 uint32_t remote_capabilities;
362 uint16_t remote_adv_mtu;
363 struct transform_if *chosen_transform;
364 uint32_t setup_session_id;
365 transport_peers setup_peers;
366 uint8_t localN[NONCELEN]; /* Nonces for key exchange */
367 uint8_t remoteN[NONCELEN];
368 struct buffer_if buffer; /* Current outgoing key exchange packet */
369 struct buffer_if scratch;
370 int32_t retries; /* Number of retries remaining */
371 uint64_t timeout; /* Timeout for current state */
372 uint8_t *dhsecret;
373 uint8_t *sharedsecret;
374 uint32_t sharedsecretlen, sharedsecretallocd;
375 struct transform_inst_if *new_transform; /* For key setup/verify */
376 };
377
378 static uint32_t event_log_priority(struct site *st, uint32_t event)
379 {
380 if (!(event&st->log_events))
381 return 0;
382 switch(event) {
383 case LOG_UNEXPECTED: return M_INFO;
384 case LOG_SETUP_INIT: return M_INFO;
385 case LOG_SETUP_TIMEOUT: return M_NOTICE;
386 case LOG_ACTIVATE_KEY: return M_INFO;
387 case LOG_TIMEOUT_KEY: return M_INFO;
388 case LOG_SEC: return M_SECURITY;
389 case LOG_STATE: return M_DEBUG;
390 case LOG_DROP: return M_DEBUG;
391 case LOG_DUMP: return M_DEBUG;
392 case LOG_ERROR: return M_ERR;
393 case LOG_PEER_ADDRS: return M_DEBUG;
394 default: return M_ERR;
395 }
396 }
397
398 static void vslog(struct site *st, uint32_t event, cstring_t msg, va_list ap)
399 FORMAT(printf,3,0);
400 static void vslog(struct site *st, uint32_t event, cstring_t msg, va_list ap)
401 {
402 uint32_t class;
403
404 class=event_log_priority(st, event);
405 if (class) {
406 slilog_part(st->log,class,"%s: ",st->tunname);
407 vslilog_part(st->log,class,msg,ap);
408 slilog_part(st->log,class,"\n");
409 }
410 }
411
412 static void slog(struct site *st, uint32_t event, cstring_t msg, ...)
413 FORMAT(printf,3,4);
414 static void slog(struct site *st, uint32_t event, cstring_t msg, ...)
415 {
416 va_list ap;
417 va_start(ap,msg);
418 vslog(st,event,msg,ap);
419 va_end(ap);
420 }
421
422 static void logtimeout(struct site *st, const char *fmt, ...)
423 FORMAT(printf,2,3);
424 static void logtimeout(struct site *st, const char *fmt, ...)
425 {
426 uint32_t class=event_log_priority(st,LOG_SETUP_TIMEOUT);
427 if (!class)
428 return;
429
430 va_list ap;
431 va_start(ap,fmt);
432
433 slilog_part(st->log,class,"%s: ",st->tunname);
434 vslilog_part(st->log,class,fmt,ap);
435
436 const char *delim;
437 int i;
438 for (i=0, delim=" (tried ";
439 i<st->setup_peers.npeers;
440 i++, delim=", ") {
441 transport_peer *peer=&st->setup_peers.peers[i];
442 const char *s=comm_addr_to_string(&peer->addr);
443 slilog_part(st->log,class,"%s%s",delim,s);
444 }
445
446 slilog_part(st->log,class,")\n");
447 va_end(ap);
448 }
449
450 static void set_link_quality(struct site *st);
451 static void delete_keys(struct site *st, cstring_t reason, uint32_t loglevel);
452 static void delete_one_key(struct site *st, struct data_key *key,
453 const char *reason /* may be 0 meaning don't log*/,
454 const char *which /* ignored if !reasonn */,
455 uint32_t loglevel /* ignored if !reasonn */);
456 static bool_t initiate_key_setup(struct site *st, cstring_t reason,
457 const struct comm_addr *prod_hint);
458 static void enter_state_run(struct site *st);
459 static bool_t enter_state_resolve(struct site *st);
460 static void decrement_resolving_count(struct site *st, int by);
461 static bool_t enter_new_state(struct site *st,uint32_t next);
462 static void enter_state_wait(struct site *st);
463 static void activate_new_key(struct site *st);
464
465 static bool_t is_transform_valid(struct transform_inst_if *transform)
466 {
467 return transform && transform->valid(transform->st);
468 }
469
470 static bool_t current_valid(struct site *st)
471 {
472 return is_transform_valid(st->current.transform);
473 }
474
475 #define DEFINE_CALL_TRANSFORM(fwdrev) \
476 static transform_apply_return \
477 call_transform_##fwdrev(struct site *st, \
478 struct transform_inst_if *transform, \
479 struct buffer_if *buf, \
480 const char **errmsg) \
481 { \
482 if (!is_transform_valid(transform)) { \
483 *errmsg="transform not set up"; \
484 return transform_apply_err; \
485 } \
486 return transform->fwdrev(transform->st,buf,errmsg); \
487 }
488
489 DEFINE_CALL_TRANSFORM(forwards)
490 DEFINE_CALL_TRANSFORM(reverse)
491
492 static void dispose_transform(struct transform_inst_if **transform_var)
493 {
494 struct transform_inst_if *transform=*transform_var;
495 if (transform) {
496 transform->delkey(transform->st);
497 transform->destroy(transform->st);
498 }
499 *transform_var = 0;
500 }
501
502 #define CHECK_AVAIL(b,l) do { if ((b)->size<(l)) return False; } while(0)
503 #define CHECK_EMPTY(b) do { if ((b)->size!=0) return False; } while(0)
504 #define CHECK_TYPE(b,t) do { uint32_t type; \
505 CHECK_AVAIL((b),4); \
506 type=buf_unprepend_uint32((b)); \
507 if (type!=(t)) return False; } while(0)
508
509 static _Bool type_is_msg34(uint32_t type)
510 {
511 switch (type) {
512 case CASES_MSG3_KNOWN: case LABEL_MSG4: return True;
513 default: return False;
514 }
515 }
516
517 struct parsedname {
518 int32_t len;
519 uint8_t *name;
520 struct buffer_if extrainfo;
521 };
522
523 struct msg {
524 uint8_t *hashstart;
525 uint32_t dest;
526 uint32_t source;
527 struct parsedname remote;
528 struct parsedname local;
529 uint32_t remote_capabilities;
530 uint16_t remote_mtu;
531 int capab_transformnum;
532 uint8_t *nR;
533 uint8_t *nL;
534 int32_t pklen;
535 char *pk;
536 int32_t hashlen;
537 int32_t siglen;
538 char *sig;
539 };
540
541 static int32_t wait_timeout(struct site *st) {
542 int32_t t = st->wait_timeout_mean;
543 int8_t factor;
544 if (t < INT_MAX/2) {
545 st->random->generate(st->random->st,sizeof(factor),&factor);
546 t += (t / 256) * factor;
547 }
548 return t;
549 }
550
551 static _Bool set_new_transform(struct site *st, char *pk)
552 {
553 _Bool ok;
554
555 /* Make room for the shared key */
556 st->sharedsecretlen=st->chosen_transform->keylen?:st->dh->ceil_len;
557 assert(st->sharedsecretlen);
558 if (st->sharedsecretlen > st->sharedsecretallocd) {
559 st->sharedsecretallocd=st->sharedsecretlen;
560 st->sharedsecret=safe_realloc_ary(st->sharedsecret,1,
561 st->sharedsecretallocd,
562 "site:sharedsecret");
563 }
564
565 /* Generate the shared key */
566 st->dh->makeshared(st->dh->st,st->dhsecret,st->dh->len,pk,
567 st->sharedsecret,st->sharedsecretlen);
568
569 /* Set up the transform */
570 struct transform_if *generator=st->chosen_transform;
571 struct transform_inst_if *generated=generator->create(generator->st);
572 ok = generated->setkey(generated->st,st->sharedsecret,
573 st->sharedsecretlen,st->our_name_later);
574
575 dispose_transform(&st->new_transform);
576 if (!ok) return False;
577 st->new_transform=generated;
578
579 slog(st,LOG_SETUP_INIT,"key exchange negotiated transform"
580 " %d (capabilities ours=%#"PRIx32" theirs=%#"PRIx32")",
581 st->chosen_transform->capab_bit,
582 st->local_capabilities, st->remote_capabilities);
583 return True;
584 }
585
586 struct xinfoadd {
587 int32_t lenpos, afternul;
588 };
589 static void append_string_xinfo_start(struct buffer_if *buf,
590 struct xinfoadd *xia,
591 const char *str)
592 /* Helps construct one of the names with additional info as found
593 * in MSG1..4. Call this function first, then append all the
594 * desired extra info (not including the nul byte) to the buffer,
595 * then call append_string_xinfo_done. */
596 {
597 xia->lenpos = buf->size;
598 buf_append_string(buf,str);
599 buf_append_uint8(buf,0);
600 xia->afternul = buf->size;
601 }
602 static void append_string_xinfo_done(struct buffer_if *buf,
603 struct xinfoadd *xia)
604 {
605 /* we just need to adjust the string length */
606 if (buf->size == xia->afternul) {
607 /* no extra info, strip the nul too */
608 buf_unappend_uint8(buf);
609 } else {
610 put_uint16(buf->start+xia->lenpos, buf->size-(xia->lenpos+2));
611 }
612 }
613
614 /* Build any of msg1 to msg4. msg5 and msg6 are built from the inside
615 out using a transform of config data supplied by netlink */
616 static bool_t generate_msg(struct site *st, uint32_t type, cstring_t what)
617 {
618 void *hst;
619 uint8_t *hash;
620 string_t dhpub, sig;
621 unsigned minor;
622
623 st->retries=st->setup_retries;
624 BUF_ALLOC(&st->buffer,what);
625 buffer_init(&st->buffer,0);
626 buf_append_uint32(&st->buffer,
627 (type==LABEL_MSG1?0:st->setup_session_id));
628 buf_append_uint32(&st->buffer,st->index);
629 buf_append_uint32(&st->buffer,type);
630
631 struct xinfoadd xia;
632 append_string_xinfo_start(&st->buffer,&xia,st->localname);
633 if ((st->local_capabilities & st->early_capabilities) ||
634 (type != LABEL_MSG1)) {
635 buf_append_uint32(&st->buffer,st->local_capabilities);
636 }
637 if (type_is_msg34(type)) {
638 buf_append_uint16(&st->buffer,st->mtu_target);
639 }
640 append_string_xinfo_done(&st->buffer,&xia);
641
642 buf_append_string(&st->buffer,st->remotename);
643 BUF_ADD_OBJ(append,&st->buffer,st->localN);
644 if (type==LABEL_MSG1) return True;
645 BUF_ADD_OBJ(append,&st->buffer,st->remoteN);
646 if (type==LABEL_MSG2) return True;
647
648 if (hacky_par_mid_failnow()) return False;
649
650 if (MSGMAJOR(type) == 3) do {
651 minor = MSGMINOR(type);
652 if (minor < 1) break;
653 buf_append_uint8(&st->buffer,st->chosen_transform->capab_bit);
654 } while (0);
655
656 dhpub=st->dh->makepublic(st->dh->st,st->dhsecret,st->dh->len);
657 buf_append_string(&st->buffer,dhpub);
658 free(dhpub);
659 hash=safe_malloc(st->hash->len, "generate_msg");
660 hst=st->hash->init();
661 st->hash->update(hst,st->buffer.start,st->buffer.size);
662 st->hash->final(hst,hash);
663 sig=st->privkey->sign(st->privkey->st,hash,st->hash->len);
664 buf_append_string(&st->buffer,sig);
665 free(sig);
666 free(hash);
667 return True;
668 }
669
670 static bool_t unpick_name(struct buffer_if *msg, struct parsedname *nm)
671 {
672 CHECK_AVAIL(msg,2);
673 nm->len=buf_unprepend_uint16(msg);
674 CHECK_AVAIL(msg,nm->len);
675 nm->name=buf_unprepend(msg,nm->len);
676 uint8_t *nul=memchr(nm->name,0,nm->len);
677 if (!nul) {
678 buffer_readonly_view(&nm->extrainfo,0,0);
679 } else {
680 buffer_readonly_view(&nm->extrainfo, nul+1, msg->start-(nul+1));
681 nm->len=nul-nm->name;
682 }
683 return True;
684 }
685
686 static bool_t unpick_msg(struct site *st, uint32_t type,
687 struct buffer_if *msg, struct msg *m)
688 {
689 unsigned minor;
690
691 m->capab_transformnum=-1;
692 m->hashstart=msg->start;
693 CHECK_AVAIL(msg,4);
694 m->dest=buf_unprepend_uint32(msg);
695 CHECK_AVAIL(msg,4);
696 m->source=buf_unprepend_uint32(msg);
697 CHECK_TYPE(msg,type);
698 if (!unpick_name(msg,&m->remote)) return False;
699 m->remote_capabilities=0;
700 m->remote_mtu=0;
701 if (m->remote.extrainfo.size) {
702 CHECK_AVAIL(&m->remote.extrainfo,4);
703 m->remote_capabilities=buf_unprepend_uint32(&m->remote.extrainfo);
704 }
705 if (type_is_msg34(type) && m->remote.extrainfo.size) {
706 CHECK_AVAIL(&m->remote.extrainfo,2);
707 m->remote_mtu=buf_unprepend_uint16(&m->remote.extrainfo);
708 }
709 if (!unpick_name(msg,&m->local)) return False;
710 if (type==LABEL_PROD) {
711 CHECK_EMPTY(msg);
712 return True;
713 }
714 CHECK_AVAIL(msg,NONCELEN);
715 m->nR=buf_unprepend(msg,NONCELEN);
716 if (type==LABEL_MSG1) {
717 CHECK_EMPTY(msg);
718 return True;
719 }
720 CHECK_AVAIL(msg,NONCELEN);
721 m->nL=buf_unprepend(msg,NONCELEN);
722 if (type==LABEL_MSG2) {
723 CHECK_EMPTY(msg);
724 return True;
725 }
726 if (MSGMAJOR(type) == 3) do {
727 minor = MSGMINOR(type);
728 #define MAYBE_READ_CAP(minminor, kind, dflt) do { \
729 if (minor < (minminor)) \
730 m->capab_##kind##num = (dflt); \
731 else { \
732 CHECK_AVAIL(msg, 1); \
733 m->capab_##kind##num = buf_unprepend_uint8(msg); \
734 } \
735 } while (0)
736 MAYBE_READ_CAP(1, transform, CAPAB_BIT_ANCIENTTRANSFORM);
737 #undef MAYBE_READ_CAP
738 } while (0);
739 CHECK_AVAIL(msg,2);
740 m->pklen=buf_unprepend_uint16(msg);
741 CHECK_AVAIL(msg,m->pklen);
742 m->pk=buf_unprepend(msg,m->pklen);
743 m->hashlen=msg->start-m->hashstart;
744 CHECK_AVAIL(msg,2);
745 m->siglen=buf_unprepend_uint16(msg);
746 CHECK_AVAIL(msg,m->siglen);
747 m->sig=buf_unprepend(msg,m->siglen);
748 CHECK_EMPTY(msg);
749
750 /* In `process_msg3_msg4' below, we assume that we can write a nul
751 * terminator following the signature. Make sure there's enough space.
752 */
753 if (msg->start >= msg->base + msg->alloclen)
754 return False;
755
756 return True;
757 }
758
759 static bool_t name_matches(const struct parsedname *nm, const char *expected)
760 {
761 int expected_len=strlen(expected);
762 return
763 nm->len == expected_len &&
764 !memcmp(nm->name, expected, expected_len);
765 }
766
767 static bool_t check_msg(struct site *st, uint32_t type, struct msg *m,
768 cstring_t *error)
769 {
770 if (type==LABEL_MSG1) return True;
771
772 /* Check that the site names and our nonce have been sent
773 back correctly, and then store our peer's nonce. */
774 if (!name_matches(&m->remote,st->remotename)) {
775 *error="wrong remote site name";
776 return False;
777 }
778 if (!name_matches(&m->local,st->localname)) {
779 *error="wrong local site name";
780 return False;
781 }
782 if (memcmp(m->nL,st->localN,NONCELEN)!=0) {
783 *error="wrong locally-generated nonce";
784 return False;
785 }
786 if (type==LABEL_MSG2) return True;
787 if (!consttime_memeq(m->nR,st->remoteN,NONCELEN)) {
788 *error="wrong remotely-generated nonce";
789 return False;
790 }
791 /* MSG3 has complicated rules about capabilities, which are
792 * handled in process_msg3. */
793 if (MSGMAJOR(type) == 3) return True;
794 if (m->remote_capabilities!=st->remote_capabilities) {
795 *error="remote capabilities changed";
796 return False;
797 }
798 if (type==LABEL_MSG4) return True;
799 *error="unknown message type";
800 return False;
801 }
802
803 static bool_t generate_msg1(struct site *st)
804 {
805 st->random->generate(st->random->st,NONCELEN,st->localN);
806 return generate_msg(st,LABEL_MSG1,"site:MSG1");
807 }
808
809 static bool_t process_msg1(struct site *st, struct buffer_if *msg1,
810 const struct comm_addr *src, struct msg *m)
811 {
812 /* We've already determined we're in an appropriate state to
813 process an incoming MSG1, and that the MSG1 has correct values
814 of A and B. */
815
816 st->setup_session_id=m->source;
817 st->remote_capabilities=m->remote_capabilities;
818 memcpy(st->remoteN,m->nR,NONCELEN);
819 return True;
820 }
821
822 static bool_t generate_msg2(struct site *st)
823 {
824 st->random->generate(st->random->st,NONCELEN,st->localN);
825 return generate_msg(st,LABEL_MSG2,"site:MSG2");
826 }
827
828 static bool_t process_msg2(struct site *st, struct buffer_if *msg2,
829 const struct comm_addr *src)
830 {
831 struct msg m;
832 cstring_t err;
833
834 if (!unpick_msg(st,LABEL_MSG2,msg2,&m)) return False;
835 if (!check_msg(st,LABEL_MSG2,&m,&err)) {
836 slog(st,LOG_SEC,"msg2: %s",err);
837 return False;
838 }
839 st->setup_session_id=m.source;
840 st->remote_capabilities=m.remote_capabilities;
841
842 /* Select the transform to use */
843
844 uint32_t remote_crypto_caps = st->remote_capabilities & CAPAB_TRANSFORM_MASK;
845 if (!remote_crypto_caps)
846 /* old secnets only had this one transform */
847 remote_crypto_caps = 1UL << CAPAB_BIT_ANCIENTTRANSFORM;
848
849 #define CHOOSE_CRYPTO(kind, whats) do { \
850 struct kind##_if *iface; \
851 uint32_t bit, ours = 0; \
852 int i; \
853 for (i= 0; i < st->n##kind##s; i++) { \
854 iface=st->kind##s[i]; \
855 bit = 1UL << iface->capab_bit; \
856 if (bit & remote_crypto_caps) goto kind##_found; \
857 ours |= bit; \
858 } \
859 slog(st,LOG_ERROR,"no " whats " in common" \
860 " (us %#"PRIx32"; them: %#"PRIx32")", \
861 st->local_capabilities & ours, remote_crypto_caps); \
862 return False; \
863 kind##_found: \
864 st->chosen_##kind = iface; \
865 } while (0)
866
867 CHOOSE_CRYPTO(transform, "transforms");
868
869 #undef CHOOSE_CRYPTO
870
871 memcpy(st->remoteN,m.nR,NONCELEN);
872 return True;
873 }
874
875 static bool_t generate_msg3(struct site *st)
876 {
877 /* Now we have our nonce and their nonce. Think of a secret key,
878 and create message number 3. */
879 st->random->generate(st->random->st,st->dh->len,st->dhsecret);
880 return generate_msg(st,
881 (st->remote_capabilities & CAPAB_TRANSFORM_MASK)
882 ? LABEL_MSG3BIS
883 : LABEL_MSG3,
884 "site:MSG3");
885 }
886
887 static bool_t process_msg3_msg4(struct site *st, struct msg *m)
888 {
889 uint8_t *hash;
890 void *hst;
891
892 /* Check signature and store g^x mod m */
893 hash=safe_malloc(st->hash->len, "process_msg3_msg4");
894 hst=st->hash->init();
895 st->hash->update(hst,m->hashstart,m->hashlen);
896 st->hash->final(hst,hash);
897 /* Terminate signature with a '0' - already checked that this will fit */
898 m->sig[m->siglen]=0;
899 if (!st->pubkey->check(st->pubkey->st,hash,st->hash->len,m->sig)) {
900 slog(st,LOG_SEC,"msg3/msg4 signature failed check!");
901 free(hash);
902 return False;
903 }
904 free(hash);
905
906 st->remote_adv_mtu=m->remote_mtu;
907
908 return True;
909 }
910
911 static bool_t process_msg3(struct site *st, struct buffer_if *msg3,
912 const struct comm_addr *src, uint32_t msgtype)
913 {
914 struct msg m;
915 cstring_t err;
916
917 switch (msgtype) {
918 case CASES_MSG3_KNOWN: break;
919 default: assert(0);
920 }
921
922 if (!unpick_msg(st,msgtype,msg3,&m)) return False;
923 if (!check_msg(st,msgtype,&m,&err)) {
924 slog(st,LOG_SEC,"msg3: %s",err);
925 return False;
926 }
927 uint32_t capab_adv_late = m.remote_capabilities
928 & ~st->remote_capabilities & st->early_capabilities;
929 if (capab_adv_late) {
930 slog(st,LOG_SEC,"msg3 impermissibly adds early capability flag(s)"
931 " %#"PRIx32" (was %#"PRIx32", now %#"PRIx32")",
932 capab_adv_late, st->remote_capabilities, m.remote_capabilities);
933 return False;
934 }
935
936 #define CHOSE_CRYPTO(kind, what) do { \
937 struct kind##_if *iface; \
938 int i; \
939 for (i=0; i<st->n##kind##s; i++) { \
940 iface=st->kind##s[i]; \
941 if (iface->capab_bit == m.capab_##kind##num) \
942 goto kind##_found; \
943 } \
944 slog(st,LOG_SEC,"peer chose unknown-to-us " what " %d!", \
945 m.capab_##kind##num); \
946 return False; \
947 kind##_found: \
948 st->chosen_##kind=iface; \
949 } while (0)
950
951 CHOSE_CRYPTO(transform, "transform");
952
953 #undef CHOSE_CRYPTO
954
955 if (!process_msg3_msg4(st,&m))
956 return False;
957
958 /* Update our idea of the remote site's capabilities, now that we've
959 * verified that its message was authentic.
960 *
961 * Our previous idea of the remote site's capabilities came from the
962 * unauthenticated MSG1. We've already checked that this new message
963 * doesn't change any of the bits we relied upon in the past, but it may
964 * also have set additional capability bits. We simply throw those away
965 * now, and use the authentic capabilities from this MSG3. */
966 st->remote_capabilities=m.remote_capabilities;
967
968 /* Terminate their DH public key with a '0' */
969 m.pk[m.pklen]=0;
970 /* Invent our DH secret key */
971 st->random->generate(st->random->st,st->dh->len,st->dhsecret);
972
973 /* Generate the shared key and set up the transform */
974 if (!set_new_transform(st,m.pk)) return False;
975
976 return True;
977 }
978
979 static bool_t generate_msg4(struct site *st)
980 {
981 /* We have both nonces, their public key and our private key. Generate
982 our public key, sign it and send it to them. */
983 return generate_msg(st,LABEL_MSG4,"site:MSG4");
984 }
985
986 static bool_t process_msg4(struct site *st, struct buffer_if *msg4,
987 const struct comm_addr *src)
988 {
989 struct msg m;
990 cstring_t err;
991
992 if (!unpick_msg(st,LABEL_MSG4,msg4,&m)) return False;
993 if (!check_msg(st,LABEL_MSG4,&m,&err)) {
994 slog(st,LOG_SEC,"msg4: %s",err);
995 return False;
996 }
997
998 if (!process_msg3_msg4(st,&m))
999 return False;
1000
1001 /* Terminate their DH public key with a '0' */
1002 m.pk[m.pklen]=0;
1003
1004 /* Generate the shared key and set up the transform */
1005 if (!set_new_transform(st,m.pk)) return False;
1006
1007 return True;
1008 }
1009
1010 struct msg0 {
1011 uint32_t dest;
1012 uint32_t source;
1013 uint32_t type;
1014 };
1015
1016 static bool_t unpick_msg0(struct site *st, struct buffer_if *msg0,
1017 struct msg0 *m)
1018 {
1019 CHECK_AVAIL(msg0,4);
1020 m->dest=buf_unprepend_uint32(msg0);
1021 CHECK_AVAIL(msg0,4);
1022 m->source=buf_unprepend_uint32(msg0);
1023 CHECK_AVAIL(msg0,4);
1024 m->type=buf_unprepend_uint32(msg0);
1025 return True;
1026 /* Leaves transformed part of buffer untouched */
1027 }
1028
1029 static bool_t generate_msg5(struct site *st)
1030 {
1031 cstring_t transform_err;
1032
1033 BUF_ALLOC(&st->buffer,"site:MSG5");
1034 /* We are going to add four words to the message */
1035 buffer_init(&st->buffer,calculate_max_start_pad());
1036 /* Give the netlink code an opportunity to put its own stuff in the
1037 message (configuration information, etc.) */
1038 buf_prepend_uint32(&st->buffer,LABEL_MSG5);
1039 if (call_transform_forwards(st,st->new_transform,
1040 &st->buffer,&transform_err))
1041 return False;
1042 buf_prepend_uint32(&st->buffer,LABEL_MSG5);
1043 buf_prepend_uint32(&st->buffer,st->index);
1044 buf_prepend_uint32(&st->buffer,st->setup_session_id);
1045
1046 st->retries=st->setup_retries;
1047 return True;
1048 }
1049
1050 static bool_t process_msg5(struct site *st, struct buffer_if *msg5,
1051 const struct comm_addr *src,
1052 struct transform_inst_if *transform)
1053 {
1054 struct msg0 m;
1055 cstring_t transform_err;
1056
1057 if (!unpick_msg0(st,msg5,&m)) return False;
1058
1059 if (call_transform_reverse(st,transform,msg5,&transform_err)) {
1060 /* There's a problem */
1061 slog(st,LOG_SEC,"process_msg5: transform: %s",transform_err);
1062 return False;
1063 }
1064 /* Buffer should now contain untransformed PING packet data */
1065 CHECK_AVAIL(msg5,4);
1066 if (buf_unprepend_uint32(msg5)!=LABEL_MSG5) {
1067 slog(st,LOG_SEC,"MSG5/PING packet contained wrong label");
1068 return False;
1069 }
1070 /* Older versions of secnet used to write some config data here
1071 * which we ignore. So we don't CHECK_EMPTY */
1072 return True;
1073 }
1074
1075 static void create_msg6(struct site *st, struct transform_inst_if *transform,
1076 uint32_t session_id)
1077 {
1078 cstring_t transform_err;
1079
1080 BUF_ALLOC(&st->buffer,"site:MSG6");
1081 /* We are going to add four words to the message */
1082 buffer_init(&st->buffer,calculate_max_start_pad());
1083 /* Give the netlink code an opportunity to put its own stuff in the
1084 message (configuration information, etc.) */
1085 buf_prepend_uint32(&st->buffer,LABEL_MSG6);
1086 transform_apply_return problem =
1087 call_transform_forwards(st,transform,
1088 &st->buffer,&transform_err);
1089 assert(!problem);
1090 buf_prepend_uint32(&st->buffer,LABEL_MSG6);
1091 buf_prepend_uint32(&st->buffer,st->index);
1092 buf_prepend_uint32(&st->buffer,session_id);
1093 }
1094
1095 static bool_t generate_msg6(struct site *st)
1096 {
1097 if (!is_transform_valid(st->new_transform))
1098 return False;
1099 create_msg6(st,st->new_transform,st->setup_session_id);
1100 st->retries=1; /* Peer will retransmit MSG5 if this packet gets lost */
1101 return True;
1102 }
1103
1104 static bool_t process_msg6(struct site *st, struct buffer_if *msg6,
1105 const struct comm_addr *src)
1106 {
1107 struct msg0 m;
1108 cstring_t transform_err;
1109
1110 if (!unpick_msg0(st,msg6,&m)) return False;
1111
1112 if (call_transform_reverse(st,st->new_transform,msg6,&transform_err)) {
1113 /* There's a problem */
1114 slog(st,LOG_SEC,"process_msg6: transform: %s",transform_err);
1115 return False;
1116 }
1117 /* Buffer should now contain untransformed PING packet data */
1118 CHECK_AVAIL(msg6,4);
1119 if (buf_unprepend_uint32(msg6)!=LABEL_MSG6) {
1120 slog(st,LOG_SEC,"MSG6/PONG packet contained invalid data");
1121 return False;
1122 }
1123 /* Older versions of secnet used to write some config data here
1124 * which we ignore. So we don't CHECK_EMPTY */
1125 return True;
1126 }
1127
1128 static transform_apply_return
1129 decrypt_msg0(struct site *st, struct buffer_if *msg0,
1130 const struct comm_addr *src)
1131 {
1132 cstring_t transform_err, auxkey_err, newkey_err="n/a";
1133 struct msg0 m;
1134 transform_apply_return problem;
1135
1136 if (!unpick_msg0(st,msg0,&m)) return False;
1137
1138 /* Keep a copy so we can try decrypting it with multiple keys */
1139 buffer_copy(&st->scratch, msg0);
1140
1141 problem = call_transform_reverse(st,st->current.transform,
1142 msg0,&transform_err);
1143 if (!problem) {
1144 if (!st->auxiliary_is_new)
1145 delete_one_key(st,&st->auxiliary_key,
1146 "peer has used new key","auxiliary key",LOG_SEC);
1147 return 0;
1148 }
1149 if (transform_apply_return_badseq(problem))
1150 goto badseq;
1151
1152 buffer_copy(msg0, &st->scratch);
1153 problem = call_transform_reverse(st,st->auxiliary_key.transform,
1154 msg0,&auxkey_err);
1155 if (!problem) {
1156 slog(st,LOG_DROP,"processing packet which uses auxiliary key");
1157 if (st->auxiliary_is_new) {
1158 /* We previously timed out in state SENTMSG5 but it turns
1159 * out that our peer did in fact get our MSG5 and is
1160 * using the new key. So we should switch to it too. */
1161 /* This is a bit like activate_new_key. */
1162 struct data_key t;
1163 t=st->current;
1164 st->current=st->auxiliary_key;
1165 st->auxiliary_key=t;
1166
1167 delete_one_key(st,&st->auxiliary_key,"peer has used new key",
1168 "previous key",LOG_SEC);
1169 st->auxiliary_is_new=0;
1170 st->renegotiate_key_time=st->auxiliary_renegotiate_key_time;
1171 }
1172 return 0;
1173 }
1174 if (transform_apply_return_badseq(problem))
1175 goto badseq;
1176
1177 if (st->state==SITE_SENTMSG5) {
1178 buffer_copy(msg0, &st->scratch);
1179 problem = call_transform_reverse(st,st->new_transform,
1180 msg0,&newkey_err);
1181 if (!problem) {
1182 /* It looks like we didn't get the peer's MSG6 */
1183 /* This is like a cut-down enter_new_state(SITE_RUN) */
1184 slog(st,LOG_STATE,"will enter state RUN (MSG0 with new key)");
1185 BUF_FREE(&st->buffer);
1186 st->timeout=0;
1187 activate_new_key(st);
1188 return 0; /* do process the data in this packet */
1189 }
1190 if (transform_apply_return_badseq(problem))
1191 goto badseq;
1192 }
1193
1194 slog(st,LOG_SEC,"transform: %s (aux: %s, new: %s)",
1195 transform_err,auxkey_err,newkey_err);
1196 initiate_key_setup(st,"incoming message would not decrypt",0);
1197 send_nak(src,m.dest,m.source,m.type,msg0,"message would not decrypt");
1198 assert(problem);
1199 return problem;
1200
1201 badseq:
1202 slog(st,LOG_DROP,"transform: %s (bad seq.)",transform_err);
1203 assert(problem);
1204 return problem;
1205 }
1206
1207 static bool_t process_msg0(struct site *st, struct buffer_if *msg0,
1208 const struct comm_addr *src)
1209 {
1210 uint32_t type;
1211 transform_apply_return problem;
1212
1213 problem = decrypt_msg0(st,msg0,src);
1214 if (problem==transform_apply_seqdupe) {
1215 /* We recently received another copy of this packet, maybe due
1216 * to polypath. That's not a problem; indeed, for the
1217 * purposes of transport address management it is a success.
1218 * But we don't want to process the packet. */
1219 transport_data_msgok(st,src);
1220 return False;
1221 }
1222 if (problem)
1223 return False;
1224
1225 CHECK_AVAIL(msg0,4);
1226 type=buf_unprepend_uint32(msg0);
1227 switch(type) {
1228 case LABEL_MSG7:
1229 /* We must forget about the current session. */
1230 delete_keys(st,"request from peer",LOG_SEC);
1231 /* probably, the peer is shutting down, and this is going to fail,
1232 * but we need to be trying to bring the link up again */
1233 if (st->keepalive)
1234 initiate_key_setup(st,"peer requested key teardown",0);
1235 return True;
1236 case LABEL_MSG9:
1237 /* Deliver to netlink layer */
1238 st->netlink->deliver(st->netlink->st,msg0);
1239 transport_data_msgok(st,src);
1240 /* See whether we should start negotiating a new key */
1241 if (st->now > st->renegotiate_key_time)
1242 initiate_key_setup(st,"incoming packet in renegotiation window",0);
1243 return True;
1244 default:
1245 slog(st,LOG_SEC,"incoming encrypted message of type %08x "
1246 "(unknown)",type);
1247 break;
1248 }
1249 return False;
1250 }
1251
1252 static void dump_packet(struct site *st, struct buffer_if *buf,
1253 const struct comm_addr *addr, bool_t incoming,
1254 bool_t ok)
1255 {
1256 uint32_t dest=get_uint32(buf->start);
1257 uint32_t source=get_uint32(buf->start+4);
1258 uint32_t msgtype=get_uint32(buf->start+8);
1259
1260 if (st->log_events & LOG_DUMP)
1261 slilog(st->log,M_DEBUG,"%s: %s: %08x<-%08x: %08x: %s%s",
1262 st->tunname,incoming?"incoming":"outgoing",
1263 dest,source,msgtype,comm_addr_to_string(addr),
1264 ok?"":" - fail");
1265 }
1266
1267 static bool_t comm_addr_sendmsg(struct site *st,
1268 const struct comm_addr *dest,
1269 struct buffer_if *buf)
1270 {
1271 int i;
1272 struct comm_clientinfo *commclientinfo = 0;
1273
1274 for (i=0; i < st->ncomms; i++) {
1275 if (st->comms[i] == dest->comm) {
1276 commclientinfo = st->commclientinfos[i];
1277 break;
1278 }
1279 }
1280 return dest->comm->sendmsg(dest->comm->st, buf, dest, commclientinfo);
1281 }
1282
1283 static uint32_t site_status(void *st)
1284 {
1285 return 0;
1286 }
1287
1288 static bool_t send_msg(struct site *st)
1289 {
1290 if (st->retries>0) {
1291 transport_xmit(st, &st->setup_peers, &st->buffer, True);
1292 st->timeout=st->now+st->setup_retry_interval;
1293 st->retries--;
1294 return True;
1295 } else if (st->state==SITE_SENTMSG5) {
1296 logtimeout(st,"timed out sending MSG5, stashing new key");
1297 /* We stash the key we have produced, in case it turns out that
1298 * our peer did see our MSG5 after all and starts using it. */
1299 /* This is a bit like some of activate_new_key */
1300 struct transform_inst_if *t;
1301 t=st->auxiliary_key.transform;
1302 st->auxiliary_key.transform=st->new_transform;
1303 st->new_transform=t;
1304 dispose_transform(&st->new_transform);
1305
1306 st->auxiliary_is_new=1;
1307 st->auxiliary_key.key_timeout=st->now+st->key_lifetime;
1308 st->auxiliary_renegotiate_key_time=st->now+st->key_renegotiate_time;
1309 st->auxiliary_key.remote_session_id=st->setup_session_id;
1310
1311 enter_state_wait(st);
1312 return False;
1313 } else {
1314 logtimeout(st,"timed out sending key setup packet "
1315 "(in state %s)",state_name(st->state));
1316 enter_state_wait(st);
1317 return False;
1318 }
1319 }
1320
1321 static void site_resolve_callback(void *sst, const struct comm_addr *addrs,
1322 int stored_naddrs, int all_naddrs,
1323 const char *address, const char *failwhy)
1324 {
1325 struct site *st=sst;
1326
1327 if (!stored_naddrs) {
1328 slog(st,LOG_ERROR,"resolution of %s failed: %s",address,failwhy);
1329 } else {
1330 slog(st,LOG_PEER_ADDRS,"resolution of %s completed, %d addrs, eg: %s",
1331 address, all_naddrs, comm_addr_to_string(&addrs[0]));;
1332
1333 int space=st->transport_peers_max-st->resolving_n_results_stored;
1334 int n_tocopy=MIN(stored_naddrs,space);
1335 COPY_ARRAY(st->resolving_results + st->resolving_n_results_stored,
1336 addrs,
1337 n_tocopy);
1338 st->resolving_n_results_stored += n_tocopy;
1339 st->resolving_n_results_all += all_naddrs;
1340 }
1341
1342 decrement_resolving_count(st,1);
1343 }
1344
1345 static void decrement_resolving_count(struct site *st, int by)
1346 {
1347 assert(st->resolving_count>0);
1348 st->resolving_count-=by;
1349
1350 if (st->resolving_count)
1351 return;
1352
1353 /* OK, we are done with them all. Handle combined results. */
1354
1355 const struct comm_addr *addrs=st->resolving_results;
1356 int naddrs=st->resolving_n_results_stored;
1357 assert(naddrs<=st->transport_peers_max);
1358
1359 if (naddrs) {
1360 if (naddrs != st->resolving_n_results_all) {
1361 slog(st,LOG_SETUP_INIT,"resolution of supplied addresses/names"
1362 " yielded too many results (%d > %d), some ignored",
1363 st->resolving_n_results_all, naddrs);
1364 }
1365 slog(st,LOG_STATE,"resolution completed, %d addrs, eg: %s",
1366 naddrs, iaddr_to_string(&addrs[0].ia));;
1367 }
1368
1369 switch (st->state) {
1370 case SITE_RESOLVE:
1371 if (transport_compute_setupinit_peers(st,addrs,naddrs,0)) {
1372 enter_new_state(st,SITE_SENTMSG1);
1373 } else {
1374 /* Can't figure out who to try to to talk to */
1375 slog(st,LOG_SETUP_INIT,
1376 "key exchange failed: cannot find peer address");
1377 enter_state_run(st);
1378 }
1379 break;
1380 case SITE_SENTMSG1: case SITE_SENTMSG2:
1381 case SITE_SENTMSG3: case SITE_SENTMSG4:
1382 case SITE_SENTMSG5:
1383 if (naddrs) {
1384 /* We start using the address immediately for data too.
1385 * It's best to store it in st->peers now because we might
1386 * go via SENTMSG5, WAIT, and a MSG0, straight into using
1387 * the new key (without updating the data peer addrs). */
1388 transport_resolve_complete(st,addrs,naddrs);
1389 } else if (st->local_mobile) {
1390 /* We can't let this rest because we may have a peer
1391 * address which will break in the future. */
1392 slog(st,LOG_SETUP_INIT,"resolution failed: "
1393 "abandoning key exchange");
1394 enter_state_wait(st);
1395 } else {
1396 slog(st,LOG_SETUP_INIT,"resolution failed: "
1397 " continuing to use source address of peer's packets"
1398 " for key exchange and ultimately data");
1399 }
1400 break;
1401 case SITE_RUN:
1402 if (naddrs) {
1403 slog(st,LOG_SETUP_INIT,"resolution completed tardily,"
1404 " updating peer address(es)");
1405 transport_resolve_complete_tardy(st,addrs,naddrs);
1406 } else if (st->local_mobile) {
1407 /* Not very good. We should queue (another) renegotiation
1408 * so that we can update the peer address. */
1409 st->key_renegotiate_time=st->now+wait_timeout(st);
1410 } else {
1411 slog(st,LOG_SETUP_INIT,"resolution failed: "
1412 " continuing to use source address of peer's packets");
1413 }
1414 break;
1415 case SITE_WAIT:
1416 case SITE_STOP:
1417 /* oh well */
1418 break;
1419 }
1420 }
1421
1422 static bool_t initiate_key_setup(struct site *st, cstring_t reason,
1423 const struct comm_addr *prod_hint)
1424 {
1425 /* Reentrancy hazard: can call enter_new_state/enter_state_* */
1426 if (st->state!=SITE_RUN) return False;
1427 slog(st,LOG_SETUP_INIT,"initiating key exchange (%s)",reason);
1428 if (st->addresses) {
1429 slog(st,LOG_SETUP_INIT,"resolving peer address(es)");
1430 return enter_state_resolve(st);
1431 } else if (transport_compute_setupinit_peers(st,0,0,prod_hint)) {
1432 return enter_new_state(st,SITE_SENTMSG1);
1433 }
1434 slog(st,LOG_SETUP_INIT,"key exchange failed: no address for peer");
1435 return False;
1436 }
1437
1438 static void activate_new_key(struct site *st)
1439 {
1440 struct transform_inst_if *t;
1441
1442 /* We have three transform instances, which we swap between old,
1443 active and setup */
1444 t=st->auxiliary_key.transform;
1445 st->auxiliary_key.transform=st->current.transform;
1446 st->current.transform=st->new_transform;
1447 st->new_transform=t;
1448 dispose_transform(&st->new_transform);
1449
1450 st->timeout=0;
1451 st->auxiliary_is_new=0;
1452 st->auxiliary_key.key_timeout=st->current.key_timeout;
1453 st->current.key_timeout=st->now+st->key_lifetime;
1454 st->renegotiate_key_time=st->now+st->key_renegotiate_time;
1455 transport_peers_copy(st,&st->peers,&st->setup_peers);
1456 st->current.remote_session_id=st->setup_session_id;
1457
1458 /* Compute the inter-site MTU. This is min( our_mtu, their_mtu ).
1459 * But their mtu be unspecified, in which case we just use ours. */
1460 uint32_t intersite_mtu=
1461 MIN(st->mtu_target, st->remote_adv_mtu ?: ~(uint32_t)0);
1462 st->netlink->set_mtu(st->netlink->st,intersite_mtu);
1463
1464 slog(st,LOG_ACTIVATE_KEY,"new key activated"
1465 " (mtu ours=%"PRId32" theirs=%"PRId32" intersite=%"PRId32")",
1466 st->mtu_target, st->remote_adv_mtu, intersite_mtu);
1467 enter_state_run(st);
1468 }
1469
1470 static void delete_one_key(struct site *st, struct data_key *key,
1471 cstring_t reason, cstring_t which, uint32_t loglevel)
1472 {
1473 if (!is_transform_valid(key->transform)) return;
1474 if (reason) slog(st,loglevel,"%s deleted (%s)",which,reason);
1475 dispose_transform(&key->transform);
1476 key->key_timeout=0;
1477 }
1478
1479 static void delete_keys(struct site *st, cstring_t reason, uint32_t loglevel)
1480 {
1481 if (current_valid(st)) {
1482 slog(st,loglevel,"session closed (%s)",reason);
1483
1484 delete_one_key(st,&st->current,0,0,0);
1485 set_link_quality(st);
1486 }
1487 delete_one_key(st,&st->auxiliary_key,0,0,0);
1488 }
1489
1490 static void state_assert(struct site *st, bool_t ok)
1491 {
1492 if (!ok) fatal("site:state_assert");
1493 }
1494
1495 static void enter_state_stop(struct site *st)
1496 {
1497 st->state=SITE_STOP;
1498 st->timeout=0;
1499 delete_keys(st,"entering state STOP",LOG_TIMEOUT_KEY);
1500 dispose_transform(&st->new_transform);
1501 }
1502
1503 static void set_link_quality(struct site *st)
1504 {
1505 uint32_t quality;
1506 if (current_valid(st))
1507 quality=LINK_QUALITY_UP;
1508 else if (st->state==SITE_WAIT || st->state==SITE_STOP)
1509 quality=LINK_QUALITY_DOWN;
1510 else if (st->addresses)
1511 quality=LINK_QUALITY_DOWN_CURRENT_ADDRESS;
1512 else if (transport_peers_valid(&st->peers))
1513 quality=LINK_QUALITY_DOWN_STALE_ADDRESS;
1514 else
1515 quality=LINK_QUALITY_DOWN;
1516
1517 st->netlink->set_quality(st->netlink->st,quality);
1518 }
1519
1520 static void enter_state_run(struct site *st)
1521 {
1522 slog(st,LOG_STATE,"entering state RUN%s",
1523 current_valid(st) ? " (keyed)" : " (unkeyed)");
1524 st->state=SITE_RUN;
1525 st->timeout=0;
1526
1527 st->setup_session_id=0;
1528 transport_peers_clear(st,&st->setup_peers);
1529 FILLZERO(st->localN);
1530 FILLZERO(st->remoteN);
1531 dispose_transform(&st->new_transform);
1532 memset(st->dhsecret,0,st->dh->len);
1533 if (st->sharedsecret) memset(st->sharedsecret,0,st->sharedsecretlen);
1534 set_link_quality(st);
1535
1536 if (st->keepalive && !current_valid(st))
1537 initiate_key_setup(st, "keepalive", 0);
1538 }
1539
1540 static bool_t ensure_resolving(struct site *st)
1541 {
1542 /* Reentrancy hazard: may call site_resolve_callback and hence
1543 * enter_new_state, enter_state_* and generate_msg*. */
1544 if (st->resolving_count)
1545 return True;
1546
1547 assert(st->addresses);
1548
1549 /* resolver->request might reentrantly call site_resolve_callback
1550 * which will decrement st->resolving, so we need to increment it
1551 * twice beforehand to prevent decrement from thinking we're
1552 * finished, and decrement it ourselves. Alternatively if
1553 * everything fails then there are no callbacks due and we simply
1554 * set it to 0 and return false.. */
1555 st->resolving_n_results_stored=0;
1556 st->resolving_n_results_all=0;
1557 st->resolving_count+=2;
1558 const char **addrp=st->addresses;
1559 const char *address;
1560 bool_t anyok=False;
1561 for (; (address=*addrp++); ) {
1562 bool_t ok = st->resolver->request(st->resolver->st,address,
1563 st->remoteport,st->comms[0],
1564 site_resolve_callback,st);
1565 if (ok)
1566 st->resolving_count++;
1567 anyok|=ok;
1568 }
1569 if (!anyok) {
1570 st->resolving_count=0;
1571 return False;
1572 }
1573 decrement_resolving_count(st,2);
1574 return True;
1575 }
1576
1577 static bool_t enter_state_resolve(struct site *st)
1578 {
1579 /* Reentrancy hazard! See ensure_resolving. */
1580 state_assert(st,st->state==SITE_RUN);
1581 slog(st,LOG_STATE,"entering state RESOLVE");
1582 st->state=SITE_RESOLVE;
1583 return ensure_resolving(st);
1584 }
1585
1586 static bool_t enter_new_state(struct site *st, uint32_t next)
1587 {
1588 bool_t (*gen)(struct site *st);
1589 int r;
1590
1591 slog(st,LOG_STATE,"entering state %s",state_name(next));
1592 switch(next) {
1593 case SITE_SENTMSG1:
1594 state_assert(st,st->state==SITE_RUN || st->state==SITE_RESOLVE);
1595 gen=generate_msg1;
1596 st->msg1_crossed_logged = False;
1597 break;
1598 case SITE_SENTMSG2:
1599 state_assert(st,st->state==SITE_RUN || st->state==SITE_RESOLVE ||
1600 st->state==SITE_SENTMSG1 || st->state==SITE_WAIT);
1601 gen=generate_msg2;
1602 break;
1603 case SITE_SENTMSG3:
1604 state_assert(st,st->state==SITE_SENTMSG1);
1605 BUF_FREE(&st->buffer);
1606 gen=generate_msg3;
1607 break;
1608 case SITE_SENTMSG4:
1609 state_assert(st,st->state==SITE_SENTMSG2);
1610 BUF_FREE(&st->buffer);
1611 gen=generate_msg4;
1612 break;
1613 case SITE_SENTMSG5:
1614 state_assert(st,st->state==SITE_SENTMSG3);
1615 BUF_FREE(&st->buffer);
1616 gen=generate_msg5;
1617 break;
1618 case SITE_RUN:
1619 state_assert(st,st->state==SITE_SENTMSG4);
1620 BUF_FREE(&st->buffer);
1621 gen=generate_msg6;
1622 break;
1623 default:
1624 gen=NULL;
1625 fatal("enter_new_state(%s): invalid new state",state_name(next));
1626 break;
1627 }
1628
1629 if (hacky_par_start_failnow()) return False;
1630
1631 r= gen(st) && send_msg(st);
1632
1633 hacky_par_end(&r,
1634 st->setup_retries, st->setup_retry_interval,
1635 send_msg, st);
1636
1637 if (r) {
1638 st->state=next;
1639 if (next==SITE_RUN) {
1640 BUF_FREE(&st->buffer); /* Never reused */
1641 st->timeout=0; /* Never retransmit */
1642 activate_new_key(st);
1643 }
1644 return True;
1645 }
1646 slog(st,LOG_ERROR,"error entering state %s",state_name(next));
1647 st->buffer.free=False; /* Unconditionally use the buffer; it may be
1648 in either state, and enter_state_wait() will
1649 do a BUF_FREE() */
1650 enter_state_wait(st);
1651 return False;
1652 }
1653
1654 /* msg7 tells our peer that we're about to forget our key */
1655 static bool_t send_msg7(struct site *st, cstring_t reason)
1656 {
1657 cstring_t transform_err;
1658
1659 if (current_valid(st) && st->buffer.free
1660 && transport_peers_valid(&st->peers)) {
1661 BUF_ALLOC(&st->buffer,"site:MSG7");
1662 buffer_init(&st->buffer,calculate_max_start_pad());
1663 buf_append_uint32(&st->buffer,LABEL_MSG7);
1664 buf_append_string(&st->buffer,reason);
1665 if (call_transform_forwards(st, st->current.transform,
1666 &st->buffer, &transform_err))
1667 goto free_out;
1668 buf_prepend_uint32(&st->buffer,LABEL_MSG0);
1669 buf_prepend_uint32(&st->buffer,st->index);
1670 buf_prepend_uint32(&st->buffer,st->current.remote_session_id);
1671 transport_xmit(st,&st->peers,&st->buffer,True);
1672 BUF_FREE(&st->buffer);
1673 free_out:
1674 return True;
1675 }
1676 return False;
1677 }
1678
1679 /* We go into this state if our peer becomes uncommunicative. Similar to
1680 the "stop" state, we forget all session keys for a while, before
1681 re-entering the "run" state. */
1682 static void enter_state_wait(struct site *st)
1683 {
1684 slog(st,LOG_STATE,"entering state WAIT");
1685 st->timeout=st->now+wait_timeout(st);
1686 st->state=SITE_WAIT;
1687 set_link_quality(st);
1688 BUF_FREE(&st->buffer); /* will have had an outgoing packet in it */
1689 /* XXX Erase keys etc. */
1690 }
1691
1692 static void generate_prod(struct site *st, struct buffer_if *buf)
1693 {
1694 buffer_init(buf,0);
1695 buf_append_uint32(buf,0);
1696 buf_append_uint32(buf,0);
1697 buf_append_uint32(buf,LABEL_PROD);
1698 buf_append_string(buf,st->localname);
1699 buf_append_string(buf,st->remotename);
1700 }
1701
1702 static void generate_send_prod(struct site *st,
1703 const struct comm_addr *source)
1704 {
1705 if (!st->allow_send_prod) return; /* too soon */
1706 if (!(st->state==SITE_RUN || st->state==SITE_RESOLVE ||
1707 st->state==SITE_WAIT)) return; /* we'd ignore peer's MSG1 */
1708
1709 slog(st,LOG_SETUP_INIT,"prodding peer for key exchange");
1710 st->allow_send_prod=0;
1711 generate_prod(st,&st->scratch);
1712 bool_t ok = comm_addr_sendmsg(st, source, &st->scratch);
1713 dump_packet(st,&st->scratch,source,False,ok);
1714 }
1715
1716 static inline void site_settimeout(uint64_t timeout, int *timeout_io)
1717 {
1718 if (timeout) {
1719 int64_t offset=timeout-*now;
1720 if (offset<0) offset=0;
1721 if (offset>INT_MAX) offset=INT_MAX;
1722 if (*timeout_io<0 || offset<*timeout_io)
1723 *timeout_io=offset;
1724 }
1725 }
1726
1727 static int site_beforepoll(void *sst, struct pollfd *fds, int *nfds_io,
1728 int *timeout_io)
1729 {
1730 struct site *st=sst;
1731
1732 BEFOREPOLL_WANT_FDS(0); /* We don't use any file descriptors */
1733 st->now=*now;
1734
1735 /* Work out when our next timeout is. The earlier of 'timeout' or
1736 'current.key_timeout'. A stored value of '0' indicates no timeout
1737 active. */
1738 site_settimeout(st->timeout, timeout_io);
1739 site_settimeout(st->current.key_timeout, timeout_io);
1740 site_settimeout(st->auxiliary_key.key_timeout, timeout_io);
1741
1742 return 0; /* success */
1743 }
1744
1745 static void check_expiry(struct site *st, struct data_key *key,
1746 const char *which)
1747 {
1748 if (key->key_timeout && *now>key->key_timeout) {
1749 delete_one_key(st,key,"maximum life exceeded",which,LOG_TIMEOUT_KEY);
1750 }
1751 }
1752
1753 /* NB site_afterpoll will be called before site_beforepoll is ever called */
1754 static void site_afterpoll(void *sst, struct pollfd *fds, int nfds)
1755 {
1756 struct site *st=sst;
1757
1758 st->now=*now;
1759 if (st->timeout && *now>st->timeout) {
1760 st->timeout=0;
1761 if (st->state>=SITE_SENTMSG1 && st->state<=SITE_SENTMSG5) {
1762 if (!hacky_par_start_failnow())
1763 send_msg(st);
1764 } else if (st->state==SITE_WAIT) {
1765 enter_state_run(st);
1766 } else {
1767 slog(st,LOG_ERROR,"site_afterpoll: unexpected timeout, state=%d",
1768 st->state);
1769 }
1770 }
1771 check_expiry(st,&st->current,"current key");
1772 check_expiry(st,&st->auxiliary_key,"auxiliary key");
1773 }
1774
1775 /* This function is called by the netlink device to deliver packets
1776 intended for the remote network. The packet is in "raw" wire
1777 format, but is guaranteed to be word-aligned. */
1778 static void site_outgoing(void *sst, struct buffer_if *buf)
1779 {
1780 struct site *st=sst;
1781 cstring_t transform_err;
1782
1783 if (st->state==SITE_STOP) {
1784 BUF_FREE(buf);
1785 return;
1786 }
1787
1788 st->allow_send_prod=1;
1789
1790 /* In all other states we consider delivering the packet if we have
1791 a valid key and a valid address to send it to. */
1792 if (current_valid(st) && transport_peers_valid(&st->peers)) {
1793 /* Transform it and send it */
1794 if (buf->size>0) {
1795 buf_prepend_uint32(buf,LABEL_MSG9);
1796 if (call_transform_forwards(st, st->current.transform,
1797 buf, &transform_err))
1798 goto free_out;
1799 buf_prepend_uint32(buf,LABEL_MSG0);
1800 buf_prepend_uint32(buf,st->index);
1801 buf_prepend_uint32(buf,st->current.remote_session_id);
1802 transport_xmit(st,&st->peers,buf,False);
1803 }
1804 free_out:
1805 BUF_FREE(buf);
1806 return;
1807 }
1808
1809 slog(st,LOG_DROP,"discarding outgoing packet of size %d",buf->size);
1810 BUF_FREE(buf);
1811 initiate_key_setup(st,"outgoing packet",0);
1812 }
1813
1814 static bool_t named_for_us(struct site *st, const struct buffer_if *buf_in,
1815 uint32_t type, struct msg *m)
1816 /* For packets which are identified by the local and remote names.
1817 * If it has our name and our peer's name in it it's for us. */
1818 {
1819 struct buffer_if buf[1];
1820 buffer_readonly_clone(buf,buf_in);
1821 return unpick_msg(st,type,buf,m)
1822 && name_matches(&m->remote,st->remotename)
1823 && name_matches(&m->local,st->localname);
1824 }
1825
1826 static bool_t we_have_priority(struct site *st, const struct msg *m) {
1827 if (st->local_capabilities & m->remote_capabilities &
1828 CAPAB_PRIORITY_MOBILE) {
1829 if (st->local_mobile) return True;
1830 if (st-> peer_mobile) return False;
1831 }
1832 return st->our_name_later;
1833 }
1834
1835 static bool_t setup_late_msg_ok(struct site *st,
1836 const struct buffer_if *buf_in,
1837 uint32_t msgtype,
1838 const struct comm_addr *source) {
1839 /* For setup packets which seem from their type like they are
1840 * late. Maybe they came via a different path. All we do is make
1841 * a note of the sending address, iff they look like they are part
1842 * of the current key setup attempt. */
1843 struct msg m;
1844 if (!named_for_us(st,buf_in,msgtype,&m))
1845 /* named_for_us calls unpick_msg which gets the nonces */
1846 return False;
1847 if (!consttime_memeq(m.nR,st->remoteN,NONCELEN) ||
1848 !consttime_memeq(m.nL,st->localN, NONCELEN))
1849 /* spoof ? from stale run ? who knows */
1850 return False;
1851 transport_setup_msgok(st,source);
1852 return True;
1853 }
1854
1855 /* This function is called by the communication device to deliver
1856 packets from our peers.
1857 It should return True if the packet is recognised as being for
1858 this current site instance (and should therefore not be processed
1859 by other sites), even if the packet was otherwise ignored. */
1860 static bool_t site_incoming(void *sst, struct buffer_if *buf,
1861 const struct comm_addr *source)
1862 {
1863 struct site *st=sst;
1864
1865 if (buf->size < 12) return False;
1866
1867 uint32_t dest=get_uint32(buf->start);
1868 uint32_t msgtype=get_uint32(buf->start+8);
1869 struct msg named_msg;
1870
1871 if (msgtype==LABEL_MSG1) {
1872 if (!named_for_us(st,buf,msgtype,&named_msg))
1873 return False;
1874 /* It's a MSG1 addressed to us. Decide what to do about it. */
1875 dump_packet(st,buf,source,True,True);
1876 if (st->state==SITE_RUN || st->state==SITE_RESOLVE ||
1877 st->state==SITE_WAIT) {
1878 /* We should definitely process it */
1879 transport_compute_setupinit_peers(st,0,0,source);
1880 if (process_msg1(st,buf,source,&named_msg)) {
1881 slog(st,LOG_SETUP_INIT,"key setup initiated by peer");
1882 bool_t entered=enter_new_state(st,SITE_SENTMSG2);
1883 if (entered && st->addresses && st->local_mobile)
1884 /* We must do this as the very last thing, because
1885 the resolver callback might reenter us. */
1886 ensure_resolving(st);
1887 } else {
1888 slog(st,LOG_ERROR,"failed to process incoming msg1");
1889 }
1890 BUF_FREE(buf);
1891 return True;
1892 } else if (st->state==SITE_SENTMSG1) {
1893 /* We've just sent a message 1! They may have crossed on
1894 the wire. If we have priority then we ignore the
1895 incoming one, otherwise we process it as usual. */
1896 if (we_have_priority(st,&named_msg)) {
1897 BUF_FREE(buf);
1898 if (!st->msg1_crossed_logged++)
1899 slog(st,LOG_SETUP_INIT,"crossed msg1s; we are higher "
1900 "priority => ignore incoming msg1");
1901 return True;
1902 } else {
1903 slog(st,LOG_SETUP_INIT,"crossed msg1s; we are lower "
1904 "priority => use incoming msg1");
1905 if (process_msg1(st,buf,source,&named_msg)) {
1906 BUF_FREE(&st->buffer); /* Free our old message 1 */
1907 transport_setup_msgok(st,source);
1908 enter_new_state(st,SITE_SENTMSG2);
1909 } else {
1910 slog(st,LOG_ERROR,"failed to process an incoming "
1911 "crossed msg1 (we have low priority)");
1912 }
1913 BUF_FREE(buf);
1914 return True;
1915 }
1916 } else if (st->state==SITE_SENTMSG2 ||
1917 st->state==SITE_SENTMSG4) {
1918 if (consttime_memeq(named_msg.nR,st->remoteN,NONCELEN)) {
1919 /* We are ahead in the protocol, but that msg1 had the
1920 * peer's nonce so presumably it is from this key
1921 * exchange run, via a slower route */
1922 transport_setup_msgok(st,source);
1923 } else {
1924 slog(st,LOG_UNEXPECTED,"competing incoming message 1");
1925 }
1926 BUF_FREE(buf);
1927 return True;
1928 }
1929 /* The message 1 was received at an unexpected stage of the
1930 key setup. Well, they lost the race. */
1931 slog(st,LOG_UNEXPECTED,"unexpected incoming message 1");
1932 BUF_FREE(buf);
1933 return True;
1934 }
1935 if (msgtype==LABEL_PROD) {
1936 if (!named_for_us(st,buf,msgtype,&named_msg))
1937 return False;
1938 dump_packet(st,buf,source,True,True);
1939 if (st->state!=SITE_RUN) {
1940 slog(st,LOG_DROP,"ignoring PROD when not in state RUN");
1941 } else if (current_valid(st)) {
1942 slog(st,LOG_DROP,"ignoring PROD when we think we have a key");
1943 } else {
1944 initiate_key_setup(st,"peer sent PROD packet",source);
1945 }
1946 BUF_FREE(buf);
1947 return True;
1948 }
1949 if (dest==st->index) {
1950 /* Explicitly addressed to us */
1951 if (msgtype!=LABEL_MSG0) dump_packet(st,buf,source,True,True);
1952 switch (msgtype) {
1953 case LABEL_NAK:
1954 /* If the source is our current peer then initiate a key setup,
1955 because our peer's forgotten the key */
1956 if (get_uint32(buf->start+4)==st->current.remote_session_id) {
1957 bool_t initiated;
1958 initiated = initiate_key_setup(st,"received a NAK",source);
1959 if (!initiated) generate_send_prod(st,source);
1960 } else {
1961 slog(st,LOG_SEC,"bad incoming NAK");
1962 }
1963 break;
1964 case LABEL_MSG0:
1965 process_msg0(st,buf,source);
1966 break;
1967 case LABEL_MSG1:
1968 /* Setup packet: should not have been explicitly addressed
1969 to us */
1970 slog(st,LOG_SEC,"incoming explicitly addressed msg1");
1971 break;
1972 case LABEL_MSG2:
1973 /* Setup packet: expected only in state SENTMSG1 */
1974 if (st->state!=SITE_SENTMSG1) {
1975 if ((st->state==SITE_SENTMSG3 ||
1976 st->state==SITE_SENTMSG5) &&
1977 setup_late_msg_ok(st,buf,msgtype,source))
1978 break;
1979 slog(st,LOG_UNEXPECTED,"unexpected MSG2");
1980 } else if (process_msg2(st,buf,source)) {
1981 transport_setup_msgok(st,source);
1982 enter_new_state(st,SITE_SENTMSG3);
1983 } else {
1984 slog(st,LOG_SEC,"invalid MSG2");
1985 }
1986 break;
1987 case CASES_MSG3_KNOWN:
1988 /* Setup packet: expected only in state SENTMSG2 */
1989 if (st->state!=SITE_SENTMSG2) {
1990 if ((st->state==SITE_SENTMSG4) &&
1991 setup_late_msg_ok(st,buf,msgtype,source))
1992 break;
1993 slog(st,LOG_UNEXPECTED,"unexpected MSG3");
1994 } else if (process_msg3(st,buf,source,msgtype)) {
1995 transport_setup_msgok(st,source);
1996 enter_new_state(st,SITE_SENTMSG4);
1997 } else {
1998 slog(st,LOG_SEC,"invalid MSG3");
1999 }
2000 break;
2001 case LABEL_MSG4:
2002 /* Setup packet: expected only in state SENTMSG3 */
2003 if (st->state!=SITE_SENTMSG3) {
2004 if ((st->state==SITE_SENTMSG5) &&
2005 setup_late_msg_ok(st,buf,msgtype,source))
2006 break;
2007 slog(st,LOG_UNEXPECTED,"unexpected MSG4");
2008 } else if (process_msg4(st,buf,source)) {
2009 transport_setup_msgok(st,source);
2010 enter_new_state(st,SITE_SENTMSG5);
2011 } else {
2012 slog(st,LOG_SEC,"invalid MSG4");
2013 }
2014 break;
2015 case LABEL_MSG5:
2016 /* Setup packet: expected only in state SENTMSG4 */
2017 /* (may turn up in state RUN if our return MSG6 was lost
2018 and the new key has already been activated. In that
2019 case we discard it. The peer will realise that we
2020 are using the new key when they see our data packets.
2021 Until then the peer's data packets to us get discarded. */
2022 if (st->state==SITE_SENTMSG4) {
2023 if (process_msg5(st,buf,source,st->new_transform)) {
2024 transport_setup_msgok(st,source);
2025 enter_new_state(st,SITE_RUN);
2026 } else {
2027 slog(st,LOG_SEC,"invalid MSG5");
2028 }
2029 } else if (st->state==SITE_RUN) {
2030 if (process_msg5(st,buf,source,st->current.transform)) {
2031 slog(st,LOG_DROP,"got MSG5, retransmitting MSG6");
2032 transport_setup_msgok(st,source);
2033 create_msg6(st,st->current.transform,
2034 st->current.remote_session_id);
2035 transport_xmit(st,&st->peers,&st->buffer,True);
2036 BUF_FREE(&st->buffer);
2037 } else {
2038 slog(st,LOG_SEC,"invalid MSG5 (in state RUN)");
2039 }
2040 } else {
2041 slog(st,LOG_UNEXPECTED,"unexpected MSG5");
2042 }
2043 break;
2044 case LABEL_MSG6:
2045 /* Setup packet: expected only in state SENTMSG5 */
2046 if (st->state!=SITE_SENTMSG5) {
2047 slog(st,LOG_UNEXPECTED,"unexpected MSG6");
2048 } else if (process_msg6(st,buf,source)) {
2049 BUF_FREE(&st->buffer); /* Free message 5 */
2050 transport_setup_msgok(st,source);
2051 activate_new_key(st);
2052 } else {
2053 slog(st,LOG_SEC,"invalid MSG6");
2054 }
2055 break;
2056 default:
2057 slog(st,LOG_SEC,"received message of unknown type 0x%08x",
2058 msgtype);
2059 break;
2060 }
2061 BUF_FREE(buf);
2062 return True;
2063 }
2064
2065 return False;
2066 }
2067
2068 static void site_control(void *vst, bool_t run)
2069 {
2070 struct site *st=vst;
2071 if (run) enter_state_run(st);
2072 else enter_state_stop(st);
2073 }
2074
2075 static void site_phase_hook(void *sst, uint32_t newphase)
2076 {
2077 struct site *st=sst;
2078
2079 /* The program is shutting down; tell our peer */
2080 send_msg7(st,"shutting down");
2081 }
2082
2083 static void site_childpersist_clearkeys(void *sst, uint32_t newphase)
2084 {
2085 struct site *st=sst;
2086 dispose_transform(&st->current.transform);
2087 dispose_transform(&st->auxiliary_key.transform);
2088 dispose_transform(&st->new_transform);
2089 /* Not much point overwiting the signing key, since we loaded it
2090 from disk, and it is only valid prospectively if at all,
2091 anyway. */
2092 /* XXX it would be best to overwrite the DH state, because that
2093 _is_ relevant to forward secrecy. However we have no
2094 convenient interface for doing that and in practice gmp has
2095 probably dribbled droppings all over the malloc arena. A good
2096 way to fix this would be to have a privsep child for asymmetric
2097 crypto operations, but that's a task for another day. */
2098 }
2099
2100 static list_t *site_apply(closure_t *self, struct cloc loc, dict_t *context,
2101 list_t *args)
2102 {
2103 static uint32_t index_sequence;
2104 struct site *st;
2105 item_t *item;
2106 dict_t *dict;
2107 int i;
2108
2109 NEW(st);
2110
2111 st->cl.description="site";
2112 st->cl.type=CL_SITE;
2113 st->cl.apply=NULL;
2114 st->cl.interface=&st->ops;
2115 st->ops.st=st;
2116 st->ops.control=site_control;
2117 st->ops.status=site_status;
2118
2119 /* First parameter must be a dict */
2120 item=list_elem(args,0);
2121 if (!item || item->type!=t_dict)
2122 cfgfatal(loc,"site","parameter must be a dictionary\n");
2123
2124 dict=item->data.dict;
2125 st->localname=dict_read_string(dict, "local-name", True, "site", loc);
2126 st->remotename=dict_read_string(dict, "name", True, "site", loc);
2127
2128 st->keepalive=dict_read_bool(dict,"keepalive",False,"site",loc,False);
2129
2130 st->peer_mobile=dict_read_bool(dict,"mobile",False,"site",loc,False);
2131 st->local_mobile=
2132 dict_read_bool(dict,"local-mobile",False,"site",loc,False);
2133
2134 /* Sanity check (which also allows the 'sites' file to include
2135 site() closures for all sites including our own): refuse to
2136 talk to ourselves */
2137 if (strcmp(st->localname,st->remotename)==0) {
2138 Message(M_DEBUG,"site %s: local-name==name -> ignoring this site\n",
2139 st->localname);
2140 if (st->peer_mobile != st->local_mobile)
2141 cfgfatal(loc,"site","site %s's peer-mobile=%d"
2142 " but our local-mobile=%d\n",
2143 st->localname, st->peer_mobile, st->local_mobile);
2144 free(st);
2145 return NULL;
2146 }
2147 if (st->peer_mobile && st->local_mobile) {
2148 Message(M_WARNING,"site %s: site is mobile but so are we"
2149 " -> ignoring this site\n", st->remotename);
2150 free(st);
2151 return NULL;
2152 }
2153
2154 assert(index_sequence < 0xffffffffUL);
2155 st->index = ++index_sequence;
2156 st->local_capabilities = 0;
2157 st->early_capabilities = CAPAB_PRIORITY_MOBILE;
2158 st->netlink=find_cl_if(dict,"link",CL_NETLINK,True,"site",loc);
2159
2160 #define GET_CLOSURE_LIST(dictkey,things,nthings,CL_TYPE) do{ \
2161 list_t *things##_cfg=dict_lookup(dict,dictkey); \
2162 if (!things##_cfg) \
2163 cfgfatal(loc,"site","closure list \"%s\" not found\n",dictkey); \
2164 st->nthings=list_length(things##_cfg); \
2165 NEW_ARY(st->things,st->nthings); \
2166 assert(st->nthings); \
2167 for (i=0; i<st->nthings; i++) { \
2168 item_t *item=list_elem(things##_cfg,i); \
2169 if (item->type!=t_closure) \
2170 cfgfatal(loc,"site","%s is not a closure\n",dictkey); \
2171 closure_t *cl=item->data.closure; \
2172 if (cl->type!=CL_TYPE) \
2173 cfgfatal(loc,"site","%s closure wrong type\n",dictkey); \
2174 st->things[i]=cl->interface; \
2175 } \
2176 }while(0)
2177
2178 GET_CLOSURE_LIST("comm",comms,ncomms,CL_COMM);
2179
2180 NEW_ARY(st->commclientinfos, st->ncomms);
2181 dict_t *comminfo = dict_read_dict(dict,"comm-info",False,"site",loc);
2182 for (i=0; i<st->ncomms; i++) {
2183 st->commclientinfos[i] =
2184 !comminfo ? 0 :
2185 st->comms[i]->clientinfo(st->comms[i],comminfo,loc);
2186 }
2187
2188 st->resolver=find_cl_if(dict,"resolver",CL_RESOLVER,True,"site",loc);
2189 st->log=find_cl_if(dict,"log",CL_LOG,True,"site",loc);
2190 st->random=find_cl_if(dict,"random",CL_RANDOMSRC,True,"site",loc);
2191
2192 st->privkey=find_cl_if(dict,"local-key",CL_RSAPRIVKEY,True,"site",loc);
2193 st->addresses=dict_read_string_array(dict,"address",False,"site",loc,0);
2194 if (st->addresses)
2195 st->remoteport=dict_read_number(dict,"port",True,"site",loc,0);
2196 else st->remoteport=0;
2197 st->pubkey=find_cl_if(dict,"key",CL_RSAPUBKEY,True,"site",loc);
2198
2199 GET_CLOSURE_LIST("transform",transforms,ntransforms,CL_TRANSFORM);
2200
2201 st->dh=find_cl_if(dict,"dh",CL_DH,True,"site",loc);
2202 st->hash=find_cl_if(dict,"hash",CL_HASH,True,"site",loc);
2203
2204 #define DEFAULT(D) (st->peer_mobile || st->local_mobile \
2205 ? DEFAULT_MOBILE_##D : DEFAULT_##D)
2206 #define CFG_NUMBER(k,D) dict_read_number(dict,(k),False,"site",loc,DEFAULT(D));
2207
2208 st->key_lifetime= CFG_NUMBER("key-lifetime", KEY_LIFETIME);
2209 st->setup_retries= CFG_NUMBER("setup-retries", SETUP_RETRIES);
2210 st->setup_retry_interval= CFG_NUMBER("setup-timeout", SETUP_RETRY_INTERVAL);
2211 st->wait_timeout_mean= CFG_NUMBER("wait-time", WAIT_TIME);
2212 st->mtu_target= dict_read_number(dict,"mtu-target",False,"site",loc,0);
2213
2214 st->mobile_peer_expiry= dict_read_number(
2215 dict,"mobile-peer-expiry",False,"site",loc,DEFAULT_MOBILE_PEER_EXPIRY);
2216
2217 const char *peerskey= st->peer_mobile
2218 ? "mobile-peers-max" : "static-peers-max";
2219 st->transport_peers_max= dict_read_number(
2220 dict,peerskey,False,"site",loc, st->addresses ? 4 : 3);
2221 if (st->transport_peers_max<1 ||
2222 st->transport_peers_max>MAX_PEER_ADDRS) {
2223 cfgfatal(loc,"site", "%s must be in range 1.."
2224 STRING(MAX_PEER_ADDRS) "\n", peerskey);
2225 }
2226
2227 if (st->key_lifetime < DEFAULT(KEY_RENEGOTIATE_GAP)*2)
2228 st->key_renegotiate_time=st->key_lifetime/2;
2229 else
2230 st->key_renegotiate_time=st->key_lifetime-DEFAULT(KEY_RENEGOTIATE_GAP);
2231 st->key_renegotiate_time=dict_read_number(
2232 dict,"renegotiate-time",False,"site",loc,st->key_renegotiate_time);
2233 if (st->key_renegotiate_time > st->key_lifetime) {
2234 cfgfatal(loc,"site",
2235 "renegotiate-time must be less than key-lifetime\n");
2236 }
2237
2238 st->log_events=string_list_to_word(dict_lookup(dict,"log-events"),
2239 log_event_table,"site");
2240
2241 st->resolving_count=0;
2242 st->allow_send_prod=0;
2243
2244 st->tunname=safe_malloc(strlen(st->localname)+strlen(st->remotename)+5,
2245 "site_apply");
2246 sprintf(st->tunname,"%s<->%s",st->localname,st->remotename);
2247
2248 /* The information we expect to see in incoming messages of type 1 */
2249 /* fixme: lots of unchecked overflows here, but the results are only
2250 corrupted packets rather than undefined behaviour */
2251 st->our_name_later=(strcmp(st->localname,st->remotename)>0);
2252
2253 buffer_new(&st->buffer,SETUP_BUFFER_LEN);
2254
2255 buffer_new(&st->scratch,SETUP_BUFFER_LEN);
2256 BUF_ALLOC(&st->scratch,"site:scratch");
2257
2258 /* We are interested in poll(), but only for timeouts. We don't have
2259 any fds of our own. */
2260 register_for_poll(st, site_beforepoll, site_afterpoll, "site");
2261 st->timeout=0;
2262
2263 st->remote_capabilities=0;
2264 st->chosen_transform=0;
2265 st->current.key_timeout=0;
2266 st->auxiliary_key.key_timeout=0;
2267 transport_peers_clear(st,&st->peers);
2268 transport_peers_clear(st,&st->setup_peers);
2269 /* XXX mlock these */
2270 st->dhsecret=safe_malloc(st->dh->len,"site:dhsecret");
2271 st->sharedsecretlen=st->sharedsecretallocd=0;
2272 st->sharedsecret=0;
2273
2274 #define SET_CAPBIT(bit) do { \
2275 uint32_t capflag = 1UL << (bit); \
2276 if (st->local_capabilities & capflag) \
2277 slog(st,LOG_ERROR,"capability bit" \
2278 " %d (%#"PRIx32") reused", (bit), capflag); \
2279 st->local_capabilities |= capflag; \
2280 } while (0)
2281
2282 for (i=0; i<st->ntransforms; i++)
2283 SET_CAPBIT(st->transforms[i]->capab_bit);
2284
2285 #undef SET_CAPBIT
2286
2287 if (st->local_mobile || st->peer_mobile)
2288 st->local_capabilities |= CAPAB_PRIORITY_MOBILE;
2289
2290 /* We need to register the remote networks with the netlink device */
2291 uint32_t netlink_mtu; /* local virtual interface mtu */
2292 st->netlink->reg(st->netlink->st, site_outgoing, st, &netlink_mtu);
2293 if (!st->mtu_target)
2294 st->mtu_target=netlink_mtu;
2295
2296 for (i=0; i<st->ncomms; i++)
2297 st->comms[i]->request_notify(st->comms[i]->st, st, site_incoming);
2298
2299 st->current.transform=0;
2300 st->auxiliary_key.transform=0;
2301 st->new_transform=0;
2302 st->auxiliary_is_new=0;
2303
2304 enter_state_stop(st);
2305
2306 add_hook(PHASE_SHUTDOWN,site_phase_hook,st);
2307 add_hook(PHASE_CHILDPERSIST,site_childpersist_clearkeys,st);
2308
2309 return new_closure(&st->cl);
2310 }
2311
2312 void site_module(dict_t *dict)
2313 {
2314 add_closure(dict,"site",site_apply);
2315 }
2316
2317
2318 /***** TRANSPORT PEERS definitions *****/
2319
2320 static void transport_peers_debug(struct site *st, transport_peers *dst,
2321 const char *didwhat,
2322 int nargs, const struct comm_addr *args,
2323 size_t stride) {
2324 int i;
2325 char *argp;
2326
2327 if (!(st->log_events & LOG_PEER_ADDRS))
2328 return; /* an optimisation */
2329
2330 slog(st, LOG_PEER_ADDRS, "peers (%s) %s nargs=%d => npeers=%d",
2331 (dst==&st->peers ? "data" :
2332 dst==&st->setup_peers ? "setup" : "UNKNOWN"),
2333 didwhat, nargs, dst->npeers);
2334
2335 for (i=0, argp=(void*)args;
2336 i<nargs;
2337 i++, (argp+=stride?stride:sizeof(*args))) {
2338 const struct comm_addr *ca=(void*)argp;
2339 slog(st, LOG_PEER_ADDRS, " args: addrs[%d]=%s",
2340 i, comm_addr_to_string(ca));
2341 }
2342 for (i=0; i<dst->npeers; i++) {
2343 struct timeval diff;
2344 timersub(tv_now,&dst->peers[i].last,&diff);
2345 const struct comm_addr *ca=&dst->peers[i].addr;
2346 slog(st, LOG_PEER_ADDRS, " peers: addrs[%d]=%s T-%ld.%06ld",
2347 i, comm_addr_to_string(ca),
2348 (unsigned long)diff.tv_sec, (unsigned long)diff.tv_usec);
2349 }
2350 }
2351
2352 static void transport_peers_expire(struct site *st, transport_peers *peers) {
2353 /* peers must be sorted first */
2354 int previous_peers=peers->npeers;
2355 struct timeval oldest;
2356 oldest.tv_sec = tv_now->tv_sec - st->mobile_peer_expiry;
2357 oldest.tv_usec = tv_now->tv_usec;
2358 while (peers->npeers>1 &&
2359 timercmp(&peers->peers[peers->npeers-1].last, &oldest, <))
2360 peers->npeers--;
2361 if (peers->npeers != previous_peers)
2362 transport_peers_debug(st,peers,"expire", 0,0,0);
2363 }
2364
2365 static bool_t transport_peer_record_one(struct site *st, transport_peers *peers,
2366 const struct comm_addr *ca,
2367 const struct timeval *tv) {
2368 /* returns false if output is full */
2369 int search;
2370
2371 if (peers->npeers >= st->transport_peers_max)
2372 return 0;
2373
2374 for (search=0; search<peers->npeers; search++)
2375 if (comm_addr_equal(&peers->peers[search].addr, ca))
2376 return 1;
2377
2378 peers->peers[peers->npeers].addr = *ca;
2379 peers->peers[peers->npeers].last = *tv;
2380 peers->npeers++;
2381 return 1;
2382 }
2383
2384 static void transport_record_peers(struct site *st, transport_peers *peers,
2385 const struct comm_addr *addrs, int naddrs,
2386 const char *m) {
2387 /* We add addrs into peers. The new entries end up at the front
2388 * and displace entries towards the end (perhaps even off the
2389 * end). Any existing matching entries are moved up to the front.
2390 *
2391 * Caller must first call transport_peers_expire. */
2392
2393 if (naddrs==1) {
2394 /* avoids debug for uninteresting updates */
2395 int i;
2396 for (i=0; i<peers->npeers; i++) {
2397 if (comm_addr_equal(&addrs[0], &peers->peers[i].addr)) {
2398 memmove(peers->peers+1, peers->peers,
2399 sizeof(peers->peers[0]) * i);
2400 peers->peers[0].addr = addrs[0];
2401 peers->peers[0].last = *tv_now;
2402 return;
2403 }
2404 }
2405 }
2406
2407 int old_npeers=peers->npeers;
2408 transport_peer old_peers[old_npeers];
2409 COPY_ARRAY(old_peers,peers->peers,old_npeers);
2410
2411 peers->npeers=0;
2412 int i;
2413 for (i=0; i<naddrs; i++) {
2414 if (!transport_peer_record_one(st,peers, &addrs[i], tv_now))
2415 break;
2416 }
2417 for (i=0; i<old_npeers; i++) {
2418 const transport_peer *old=&old_peers[i];
2419 if (!transport_peer_record_one(st,peers, &old->addr, &old->last))
2420 break;
2421 }
2422
2423 transport_peers_debug(st,peers,m, naddrs,addrs,0);
2424 }
2425
2426 static void transport_expire_record_peers(struct site *st,
2427 transport_peers *peers,
2428 const struct comm_addr *addrs,
2429 int naddrs, const char *m) {
2430 /* Convenience function */
2431 transport_peers_expire(st,peers);
2432 transport_record_peers(st,peers,addrs,naddrs,m);
2433 }
2434
2435 static bool_t transport_compute_setupinit_peers(struct site *st,
2436 const struct comm_addr *configured_addrs /* 0 if none or not found */,
2437 int n_configured_addrs /* 0 if none or not found */,
2438 const struct comm_addr *incoming_packet_addr /* 0 if none */) {
2439 if (!n_configured_addrs && !incoming_packet_addr &&
2440 !transport_peers_valid(&st->peers))
2441 return False;
2442
2443 slog(st,LOG_SETUP_INIT,
2444 "using: %d configured addr(s);%s %d old peer addrs(es)",
2445 n_configured_addrs,
2446 incoming_packet_addr ? " incoming packet address;" : "",
2447 st->peers.npeers);
2448
2449 /* Non-mobile peers try addresses until one is plausible. The
2450 * effect is that this code always tries first the configured
2451 * address if supplied, or otherwise the address of the incoming
2452 * PROD, or finally the existing data peer if one exists; this is
2453 * as desired. */
2454
2455 transport_peers_copy(st,&st->setup_peers,&st->peers);
2456 transport_peers_expire(st,&st->setup_peers);
2457
2458 if (incoming_packet_addr)
2459 transport_record_peers(st,&st->setup_peers,
2460 incoming_packet_addr,1, "incoming");
2461
2462 if (n_configured_addrs)
2463 transport_record_peers(st,&st->setup_peers,
2464 configured_addrs,n_configured_addrs, "setupinit");
2465
2466 assert(transport_peers_valid(&st->setup_peers));
2467 return True;
2468 }
2469
2470 static void transport_setup_msgok(struct site *st, const struct comm_addr *a) {
2471 if (st->peer_mobile)
2472 transport_expire_record_peers(st,&st->setup_peers,a,1,"setupmsg");
2473 }
2474 static void transport_data_msgok(struct site *st, const struct comm_addr *a) {
2475 if (st->peer_mobile)
2476 transport_expire_record_peers(st,&st->peers,a,1,"datamsg");
2477 }
2478
2479 static int transport_peers_valid(transport_peers *peers) {
2480 return peers->npeers;
2481 }
2482 static void transport_peers_clear(struct site *st, transport_peers *peers) {
2483 peers->npeers= 0;
2484 transport_peers_debug(st,peers,"clear",0,0,0);
2485 }
2486 static void transport_peers_copy(struct site *st, transport_peers *dst,
2487 const transport_peers *src) {
2488 dst->npeers=src->npeers;
2489 COPY_ARRAY(dst->peers, src->peers, dst->npeers);
2490 transport_peers_debug(st,dst,"copy",
2491 src->npeers, &src->peers->addr, sizeof(*src->peers));
2492 }
2493
2494 static void transport_resolve_complete(struct site *st,
2495 const struct comm_addr *addrs,
2496 int naddrs) {
2497 transport_expire_record_peers(st,&st->peers,addrs,naddrs,
2498 "resolved data");
2499 transport_expire_record_peers(st,&st->setup_peers,addrs,naddrs,
2500 "resolved setup");
2501 }
2502
2503 static void transport_resolve_complete_tardy(struct site *st,
2504 const struct comm_addr *addrs,
2505 int naddrs) {
2506 transport_expire_record_peers(st,&st->peers,addrs,naddrs,
2507 "resolved tardily");
2508 }
2509
2510 static void transport_peers__copy_by_mask(transport_peer *out, int *nout_io,
2511 unsigned mask,
2512 const transport_peers *inp) {
2513 /* out and in->peers may be the same region, or nonoverlapping */
2514 const transport_peer *in=inp->peers;
2515 int slot;
2516 for (slot=0; slot<inp->npeers; slot++) {
2517 if (!(mask & (1U << slot)))
2518 continue;
2519 if (!(out==in && slot==*nout_io))
2520 COPY_OBJ(out[*nout_io], in[slot]);
2521 (*nout_io)++;
2522 }
2523 }
2524
2525 void transport_xmit(struct site *st, transport_peers *peers,
2526 struct buffer_if *buf, bool_t candebug) {
2527 int slot;
2528 transport_peers_expire(st, peers);
2529 unsigned failed=0; /* bitmask */
2530 assert(MAX_PEER_ADDRS < sizeof(unsigned)*CHAR_BIT);
2531
2532 int nfailed=0;
2533 for (slot=0; slot<peers->npeers; slot++) {
2534 transport_peer *peer=&peers->peers[slot];
2535 bool_t ok = comm_addr_sendmsg(st, &peer->addr, buf);
2536 if (candebug)
2537 dump_packet(st, buf, &peer->addr, False, ok);
2538 if (!ok) {
2539 failed |= 1U << slot;
2540 nfailed++;
2541 }
2542 if (ok && !st->peer_mobile)
2543 break;
2544 }
2545 /* Now we need to demote/delete failing addrs: if we are mobile we
2546 * merely demote them; otherwise we delete them. */
2547 if (st->local_mobile) {
2548 unsigned expected = ((1U << nfailed)-1) << (peers->npeers-nfailed);
2549 /* `expected' has all the failures at the end already */
2550 if (failed != expected) {
2551 int fslot=0;
2552 transport_peer failedpeers[nfailed];
2553 transport_peers__copy_by_mask(failedpeers, &fslot, failed,peers);
2554 assert(fslot == nfailed);
2555 int wslot=0;
2556 transport_peers__copy_by_mask(peers->peers,&wslot,~failed,peers);
2557 assert(wslot+nfailed == peers->npeers);
2558 COPY_ARRAY(peers->peers+wslot, failedpeers, nfailed);
2559 transport_peers_debug(st,peers,"mobile failure reorder",0,0,0);
2560 }
2561 } else {
2562 if (failed && peers->npeers > 1) {
2563 int wslot=0;
2564 transport_peers__copy_by_mask(peers->peers,&wslot,~failed,peers);
2565 peers->npeers=wslot;
2566 transport_peers_debug(st,peers,"non-mobile failure cleanup",0,0,0);
2567 }
2568 }
2569 }
2570
2571 /***** END of transport peers declarations *****/
Secnet virtual private network: clone of http://www.chiark.greenend.org.uk/ucgi/~ian/git/secnet.git/