X-Git-Url: https://git.distorted.org.uk/~mdw/secnet/blobdiff_plain/a620a048db382ace2ab42cfe0f6e832de1197527..3d8d8f4e66600d1a2a80ade8e1df407a18b01ac9:/site.c diff --git a/site.c b/site.c index fcc36d8..5fa173b 100644 --- a/site.c +++ b/site.c @@ -261,7 +261,6 @@ struct site { /* The currently established session */ uint32_t remote_session_id; struct transform_inst_if *current_transform; - bool_t current_valid; uint64_t current_key_timeout; /* End of life of current key */ uint64_t renegotiate_key_time; /* When we can negotiate a new key */ transport_peers peers; /* Current address(es) of peer for data traffic */ @@ -277,6 +276,7 @@ struct site { uint8_t localN[NONCELEN]; /* Nonces for key exchange */ uint8_t remoteN[NONCELEN]; struct buffer_if buffer; /* Current outgoing key exchange packet */ + struct buffer_if scratch; int32_t retries; /* Number of retries remaining */ uint64_t timeout; /* Timeout for current state */ uint8_t *dhsecret; @@ -321,6 +321,12 @@ static void enter_state_run(struct site *st); static bool_t enter_state_resolve(struct site *st); static bool_t enter_new_state(struct site *st,uint32_t next); static void enter_state_wait(struct site *st); +static void activate_new_key(struct site *st); + +static bool_t current_valid(struct site *st) +{ + return st->current_transform->valid(st->current_transform->st); +} #define CHECK_AVAIL(b,l) do { if ((b)->size<(l)) return False; } while(0) #define CHECK_EMPTY(b) do { if ((b)->size!=0) return False; } while(0) @@ -628,7 +634,6 @@ static bool_t generate_msg5(struct site *st) buffer_init(&st->buffer,st->transform->max_start_pad+(4*4)); /* Give the netlink code an opportunity to put its own stuff in the message (configuration information, etc.) */ - st->netlink->output_config(st->netlink->st,&st->buffer); buf_prepend_uint32(&st->buffer,LABEL_MSG5); st->new_transform->forwards(st->new_transform->st,&st->buffer, &transform_err); @@ -641,15 +646,15 @@ static bool_t generate_msg5(struct site *st) } static bool_t process_msg5(struct site *st, struct buffer_if *msg5, - const struct comm_addr *src) + const struct comm_addr *src, + struct transform_inst_if *transform) { struct msg0 m; cstring_t transform_err; if (!unpick_msg0(st,msg5,&m)) return False; - if (st->new_transform->reverse(st->new_transform->st, - msg5,&transform_err)) { + if (transform->reverse(transform->st,msg5,&transform_err)) { /* There's a problem */ slog(st,LOG_SEC,"process_msg5: transform: %s",transform_err); return False; @@ -660,15 +665,13 @@ static bool_t process_msg5(struct site *st, struct buffer_if *msg5, slog(st,LOG_SEC,"MSG5/PING packet contained wrong label"); return False; } - if (!st->netlink->check_config(st->netlink->st,msg5)) { - slog(st,LOG_SEC,"MSG5/PING packet contained bad netlink config"); - return False; - } - CHECK_EMPTY(msg5); + /* Older versions of secnet used to write some config data here + * which we ignore. So we don't CHECK_EMPTY */ return True; } -static bool_t generate_msg6(struct site *st) +static void create_msg6(struct site *st, struct transform_inst_if *transform, + uint32_t session_id) { cstring_t transform_err; @@ -677,14 +680,16 @@ static bool_t generate_msg6(struct site *st) buffer_init(&st->buffer,st->transform->max_start_pad+(4*4)); /* Give the netlink code an opportunity to put its own stuff in the message (configuration information, etc.) */ - st->netlink->output_config(st->netlink->st,&st->buffer); buf_prepend_uint32(&st->buffer,LABEL_MSG6); - st->new_transform->forwards(st->new_transform->st,&st->buffer, - &transform_err); + transform->forwards(transform->st,&st->buffer,&transform_err); buf_prepend_uint32(&st->buffer,LABEL_MSG6); buf_prepend_uint32(&st->buffer,st->index); - buf_prepend_uint32(&st->buffer,st->setup_session_id); + buf_prepend_uint32(&st->buffer,session_id); +} +static bool_t generate_msg6(struct site *st) +{ + create_msg6(st,st->new_transform,st->setup_session_id); st->retries=1; /* Peer will retransmit MSG5 if this packet gets lost */ return True; } @@ -709,34 +714,58 @@ static bool_t process_msg6(struct site *st, struct buffer_if *msg6, slog(st,LOG_SEC,"MSG6/PONG packet contained invalid data"); return False; } - if (!st->netlink->check_config(st->netlink->st,msg6)) { - slog(st,LOG_SEC,"MSG6/PONG packet contained bad netlink config"); + /* Older versions of secnet used to write some config data here + * which we ignore. So we don't CHECK_EMPTY */ + return True; +} + +static bool_t decrypt_msg0(struct site *st, struct buffer_if *msg0) +{ + cstring_t transform_err, newkey_err="n/a"; + struct msg0 m; + uint32_t problem; + + if (!unpick_msg0(st,msg0,&m)) return False; + + /* Keep a copy so we can try decrypting it with multiple keys */ + buffer_copy(&st->scratch, msg0); + + problem = st->current_transform->reverse(st->current_transform->st, + msg0,&transform_err); + if (!problem) return True; + + if (problem==2) { + slog(st,LOG_DROP,"transform: %s (merely skew)",transform_err); return False; } - CHECK_EMPTY(msg6); - return True; + + if (st->state==SITE_SENTMSG5) { + buffer_copy(msg0, &st->scratch); + if (!st->new_transform->reverse(st->new_transform->st, + msg0,&newkey_err)) { + /* It looks like we didn't get the peer's MSG6 */ + /* This is like a cut-down enter_new_state(SITE_RUN) */ + slog(st,LOG_STATE,"will enter state RUN (MSG0 with new key)"); + BUF_FREE(&st->buffer); + st->timeout=0; + activate_new_key(st); + return True; /* do process the data in this packet */ + } + } + + slog(st,LOG_SEC,"transform: %s (new: %s)",transform_err,newkey_err); + initiate_key_setup(st,"incoming message would not decrypt"); + return False; } static bool_t process_msg0(struct site *st, struct buffer_if *msg0, const struct comm_addr *src) { - struct msg0 m; - cstring_t transform_err; uint32_t type; - if (!st->current_valid) { - slog(st,LOG_DROP,"incoming message but no current key -> dropping"); - return initiate_key_setup(st,"incoming message but no current key"); - } - - if (!unpick_msg0(st,msg0,&m)) return False; + if (!decrypt_msg0(st,msg0)) + return False; - if (st->current_transform->reverse(st->current_transform->st, - msg0,&transform_err)) { - /* There's a problem */ - slog(st,LOG_SEC,"transform: %s",transform_err); - return initiate_key_setup(st,"incoming message would not decrypt"); - } CHECK_AVAIL(msg0,4); type=buf_unprepend_uint32(msg0); switch(type) { @@ -848,7 +877,6 @@ static void activate_new_key(struct site *st) t->delkey(t->st); st->timeout=0; - st->current_valid=True; st->current_key_timeout=st->now+st->key_lifetime; st->renegotiate_key_time=st->now+st->key_renegotiate_time; transport_peers_copy(st,&st->peers,&st->setup_peers); @@ -860,10 +888,9 @@ static void activate_new_key(struct site *st) static void delete_key(struct site *st, cstring_t reason, uint32_t loglevel) { - if (st->current_valid) { + if (current_valid(st)) { slog(st,loglevel,"session closed (%s)",reason); - st->current_valid=False; st->current_transform->delkey(st->current_transform->st); st->current_key_timeout=0; set_link_quality(st); @@ -886,7 +913,7 @@ static void enter_state_stop(struct site *st) static void set_link_quality(struct site *st) { uint32_t quality; - if (st->current_valid) + if (current_valid(st)) quality=LINK_QUALITY_UP; else if (st->state==SITE_WAIT || st->state==SITE_STOP) quality=LINK_QUALITY_DOWN; @@ -998,7 +1025,7 @@ static bool_t send_msg7(struct site *st, cstring_t reason) { cstring_t transform_err; - if (st->current_valid && st->buffer.free + if (current_valid(st) && st->buffer.free && transport_peers_valid(&st->peers)) { BUF_ALLOC(&st->buffer,"site:MSG7"); buffer_init(&st->buffer,st->transform->max_start_pad+(4*3)); @@ -1095,7 +1122,7 @@ static void site_outgoing(void *sst, struct buffer_if *buf) /* In all other states we consider delivering the packet if we have a valid key and a valid address to send it to. */ - if (st->current_valid && transport_peers_valid(&st->peers)) { + if (current_valid(st) && transport_peers_valid(&st->peers)) { /* Transform it and send it */ if (buf->size>0) { buf_prepend_uint32(buf,LABEL_MSG9); @@ -1234,16 +1261,28 @@ static bool_t site_incoming(void *sst, struct buffer_if *buf, /* Setup packet: expected only in state SENTMSG4 */ /* (may turn up in state RUN if our return MSG6 was lost and the new key has already been activated. In that - case we should treat it as an ordinary PING packet. We - can't pass it to process_msg5() because the - new_transform will now be unkeyed. XXX) */ - if (st->state!=SITE_SENTMSG4) { - slog(st,LOG_UNEXPECTED,"unexpected MSG5"); - } else if (process_msg5(st,buf,source)) { - transport_setup_msgok(st,source); - enter_new_state(st,SITE_RUN); + case we discard it. The peer will realise that we + are using the new key when they see our data packets. + Until then the peer's data packets to us get discarded. */ + if (st->state==SITE_SENTMSG4) { + if (process_msg5(st,buf,source,st->new_transform)) { + transport_setup_msgok(st,source); + enter_new_state(st,SITE_RUN); + } else { + slog(st,LOG_SEC,"invalid MSG5"); + } + } else if (st->state==SITE_RUN) { + if (process_msg5(st,buf,source,st->current_transform)) { + slog(st,LOG_DROP,"got MSG5, retransmitting MSG6"); + transport_setup_msgok(st,source); + create_msg6(st,st->current_transform,st->remote_session_id); + transport_xmit(st,&st->peers,&st->buffer,True); + BUF_FREE(&st->buffer); + } else { + slog(st,LOG_SEC,"invalid MSG5 (in state RUN)"); + } } else { - slog(st,LOG_SEC,"invalid MSG5"); + slog(st,LOG_UNEXPECTED,"unexpected MSG5"); } break; case LABEL_MSG6: @@ -1425,12 +1464,14 @@ static list_t *site_apply(closure_t *self, struct cloc loc, dict_t *context, buffer_new(&st->buffer,SETUP_BUFFER_LEN); + buffer_new(&st->scratch,0); + BUF_ALLOC(&st->scratch,"site:scratch"); + /* We are interested in poll(), but only for timeouts. We don't have any fds of our own. */ register_for_poll(st, site_beforepoll, site_afterpoll, 0, "site"); st->timeout=0; - st->current_valid=False; st->current_key_timeout=0; transport_peers_clear(st,&st->peers); transport_peers_clear(st,&st->setup_peers);