#define CASES_MSG3_KNOWN LABEL_MSG3: case LABEL_MSG3BIS
+struct msg;
+
int32_t site_max_start_pad = 4*4;
static cstring_t state_name(uint32_t state)
struct transform_if **transforms;
int ntransforms;
struct dh_if *dh;
- struct hash_if *hash;
uint32_t index; /* Index of this site */
uint32_t early_capabilities;
static void enter_state_run(struct site *st);
static bool_t enter_state_resolve(struct site *st);
static void decrement_resolving_count(struct site *st, int by);
-static bool_t enter_new_state(struct site *st,uint32_t next);
+static bool_t enter_new_state(struct site *st,uint32_t next,
+ const struct msg *prompt
+ /* may be 0 for SENTMSG1 */);
static void enter_state_wait(struct site *st);
static void activate_new_key(struct site *st);
out using a transform of config data supplied by netlink */
static bool_t generate_msg(struct site *st, uint32_t type, cstring_t what)
{
- void *hst;
- uint8_t *hash;
string_t dhpub;
unsigned minor;
dhpub=st->dh->makepublic(st->dh->st,st->dhsecret,st->dh->len);
buf_append_string(&st->buffer,dhpub);
free(dhpub);
- hash=safe_malloc(st->hash->len, "generate_msg");
- hst=st->hash->init();
- st->hash->update(hst,st->buffer.start,st->buffer.size);
- st->hash->final(hst,hash);
- bool_t ok=st->privkey->sign(st->privkey->st,hash,st->hash->len,
+
+ bool_t ok=st->privkey->sign(st->privkey->st,
+ st->buffer.start,
+ st->buffer.size,
&st->buffer);
if (!ok) goto fail;
- free(hash);
return True;
fail:
- free(hash);
return False;
}
}
static bool_t process_msg1(struct site *st, struct buffer_if *msg1,
- const struct comm_addr *src, struct msg *m)
+ const struct comm_addr *src,
+ const struct msg *m)
{
/* We've already determined we're in an appropriate state to
process an incoming MSG1, and that the MSG1 has correct values
}
static bool_t process_msg2(struct site *st, struct buffer_if *msg2,
- const struct comm_addr *src)
+ const struct comm_addr *src,
+ struct msg *m /* returned */)
{
- struct msg m;
cstring_t err;
- if (!unpick_msg(st,LABEL_MSG2,msg2,&m)) return False;
- if (!check_msg(st,LABEL_MSG2,&m,&err)) {
+ if (!unpick_msg(st,LABEL_MSG2,msg2,m)) return False;
+ if (!check_msg(st,LABEL_MSG2,m,&err)) {
slog(st,LOG_SEC,"msg2: %s",err);
return False;
}
- st->setup_session_id=m.source;
- st->remote_capabilities=m.remote_capabilities;
+ st->setup_session_id=m->source;
+ st->remote_capabilities=m->remote_capabilities;
/* Select the transform to use */
#undef CHOOSE_CRYPTO
- memcpy(st->remoteN,m.nR,NONCELEN);
+ memcpy(st->remoteN,m->nR,NONCELEN);
return True;
}
static bool_t process_msg3_msg4(struct site *st, struct msg *m)
{
- uint8_t *hash;
- void *hst;
-
/* Check signature and store g^x mod m */
- hash=safe_malloc(st->hash->len, "process_msg3_msg4");
- hst=st->hash->init();
- st->hash->update(hst,m->hashstart,m->hashlen);
- st->hash->final(hst,hash);
if (!st->pubkey->check(st->pubkey->st,
- hash,st->hash->len,
+ m->hashstart,m->hashlen,
&m->sig)) {
slog(st,LOG_SEC,"msg3/msg4 signature failed check!");
- free(hash);
return False;
}
- free(hash);
st->remote_adv_mtu=m->remote_mtu;
}
static bool_t process_msg3(struct site *st, struct buffer_if *msg3,
- const struct comm_addr *src, uint32_t msgtype)
+ const struct comm_addr *src, uint32_t msgtype,
+ struct msg *m /* returned */)
{
- struct msg m;
cstring_t err;
switch (msgtype) {
default: assert(0);
}
- if (!unpick_msg(st,msgtype,msg3,&m)) return False;
- if (!check_msg(st,msgtype,&m,&err)) {
+ if (!unpick_msg(st,msgtype,msg3,m)) return False;
+ if (!check_msg(st,msgtype,m,&err)) {
slog(st,LOG_SEC,"msg3: %s",err);
return False;
}
- uint32_t capab_adv_late = m.remote_capabilities
+ uint32_t capab_adv_late = m->remote_capabilities
& ~st->remote_capabilities & st->early_capabilities;
if (capab_adv_late) {
slog(st,LOG_SEC,"msg3 impermissibly adds early capability flag(s)"
" %#"PRIx32" (was %#"PRIx32", now %#"PRIx32")",
- capab_adv_late, st->remote_capabilities, m.remote_capabilities);
+ capab_adv_late, st->remote_capabilities, m->remote_capabilities);
return False;
}
int i; \
for (i=0; i<st->n##kind##s; i++) { \
iface=st->kind##s[i]; \
- if (iface->capab_bit == m.capab_##kind##num) \
+ if (iface->capab_bit == m->capab_##kind##num) \
goto kind##_found; \
} \
slog(st,LOG_SEC,"peer chose unknown-to-us " what " %d!", \
- m.capab_##kind##num); \
+ m->capab_##kind##num); \
return False; \
kind##_found: \
st->chosen_##kind=iface; \
#undef CHOSE_CRYPTO
- if (!process_msg3_msg4(st,&m))
+ if (!process_msg3_msg4(st,m))
return False;
/* Update our idea of the remote site's capabilities, now that we've
* doesn't change any of the bits we relied upon in the past, but it may
* also have set additional capability bits. We simply throw those away
* now, and use the authentic capabilities from this MSG3. */
- st->remote_capabilities=m.remote_capabilities;
+ st->remote_capabilities=m->remote_capabilities;
/* Terminate their DH public key with a '0' */
- m.pk[m.pklen]=0;
+ m->pk[m->pklen]=0;
/* Invent our DH secret key */
st->random->generate(st->random->st,st->dh->len,st->dhsecret);
/* Generate the shared key and set up the transform */
- if (!set_new_transform(st,m.pk)) return False;
+ if (!set_new_transform(st,m->pk)) return False;
return True;
}
}
static bool_t process_msg4(struct site *st, struct buffer_if *msg4,
- const struct comm_addr *src)
+ const struct comm_addr *src,
+ struct msg *m /* returned */)
{
- struct msg m;
cstring_t err;
- if (!unpick_msg(st,LABEL_MSG4,msg4,&m)) return False;
- if (!check_msg(st,LABEL_MSG4,&m,&err)) {
+ if (!unpick_msg(st,LABEL_MSG4,msg4,m)) return False;
+ if (!check_msg(st,LABEL_MSG4,m,&err)) {
slog(st,LOG_SEC,"msg4: %s",err);
return False;
}
- if (!process_msg3_msg4(st,&m))
+ if (!process_msg3_msg4(st,m))
return False;
/* Terminate their DH public key with a '0' */
- m.pk[m.pklen]=0;
+ m->pk[m->pklen]=0;
/* Generate the shared key and set up the transform */
- if (!set_new_transform(st,m.pk)) return False;
+ if (!set_new_transform(st,m->pk)) return False;
return True;
}
switch (st->state) {
case SITE_RESOLVE:
if (transport_compute_setupinit_peers(st,addrs,naddrs,0)) {
- enter_new_state(st,SITE_SENTMSG1);
+ enter_new_state(st,SITE_SENTMSG1,0);
} else {
/* Can't figure out who to try to to talk to */
slog(st,LOG_SETUP_INIT,
slog(st,LOG_SETUP_INIT,"resolving peer address(es)");
return enter_state_resolve(st);
} else if (transport_compute_setupinit_peers(st,0,0,prod_hint)) {
- return enter_new_state(st,SITE_SENTMSG1);
+ return enter_new_state(st,SITE_SENTMSG1,0);
}
slog(st,LOG_SETUP_INIT,"key exchange failed: no address for peer");
return False;
return ensure_resolving(st);
}
-static bool_t enter_new_state(struct site *st, uint32_t next)
+static bool_t enter_new_state(struct site *st, uint32_t next,
+ const struct msg *prompt
+ /* may be 0 for SENTMSG1 */)
{
- bool_t (*gen)(struct site *st);
+ bool_t (*gen)(struct site *st, struct msg *prompt);
int r;
slog(st,LOG_STATE,"entering state %s",state_name(next));
static bool_t setup_late_msg_ok(struct site *st,
const struct buffer_if *buf_in,
uint32_t msgtype,
- const struct comm_addr *source) {
+ const struct comm_addr *source,
+ struct msg *m /* returned */) {
/* For setup packets which seem from their type like they are
* late. Maybe they came via a different path. All we do is make
* a note of the sending address, iff they look like they are part
* of the current key setup attempt. */
- struct msg m;
- if (!named_for_us(st,buf_in,msgtype,&m))
+ if (!named_for_us(st,buf_in,msgtype,m))
/* named_for_us calls unpick_msg which gets the nonces */
return False;
- if (!consttime_memeq(m.nR,st->remoteN,NONCELEN) ||
- !consttime_memeq(m.nL,st->localN, NONCELEN))
+ if (!consttime_memeq(m->nR,st->remoteN,NONCELEN) ||
+ !consttime_memeq(m->nL,st->localN, NONCELEN))
/* spoof ? from stale run ? who knows */
return False;
transport_setup_msgok(st,source);
uint32_t dest=get_uint32(buf->start);
uint32_t msgtype=get_uint32(buf->start+8);
- struct msg named_msg;
+ struct msg msg;
+ /* initialised by named_for_us, or process_msgN for N!=1 */
if (msgtype==LABEL_MSG1) {
- if (!named_for_us(st,buf,msgtype,&named_msg))
+ if (!named_for_us(st,buf,msgtype,&msg))
return False;
/* It's a MSG1 addressed to us. Decide what to do about it. */
dump_packet(st,buf,source,True,True);
st->state==SITE_WAIT) {
/* We should definitely process it */
transport_compute_setupinit_peers(st,0,0,source);
- if (process_msg1(st,buf,source,&named_msg)) {
+ if (process_msg1(st,buf,source,&msg)) {
slog(st,LOG_SETUP_INIT,"key setup initiated by peer");
- bool_t entered=enter_new_state(st,SITE_SENTMSG2);
+ bool_t entered=enter_new_state(st,SITE_SENTMSG2,&msg);
if (entered && st->addresses && st->local_mobile)
/* We must do this as the very last thing, because
the resolver callback might reenter us. */
/* We've just sent a message 1! They may have crossed on
the wire. If we have priority then we ignore the
incoming one, otherwise we process it as usual. */
- if (we_have_priority(st,&named_msg)) {
+ if (we_have_priority(st,&msg)) {
BUF_FREE(buf);
if (!st->msg1_crossed_logged++)
slog(st,LOG_SETUP_INIT,"crossed msg1s; we are higher "
} else {
slog(st,LOG_SETUP_INIT,"crossed msg1s; we are lower "
"priority => use incoming msg1");
- if (process_msg1(st,buf,source,&named_msg)) {
+ if (process_msg1(st,buf,source,&msg)) {
BUF_FREE(&st->buffer); /* Free our old message 1 */
transport_setup_msgok(st,source);
- enter_new_state(st,SITE_SENTMSG2);
+ enter_new_state(st,SITE_SENTMSG2,&msg);
} else {
slog(st,LOG_ERROR,"failed to process an incoming "
"crossed msg1 (we have low priority)");
}
} else if (st->state==SITE_SENTMSG2 ||
st->state==SITE_SENTMSG4) {
- if (consttime_memeq(named_msg.nR,st->remoteN,NONCELEN)) {
+ if (consttime_memeq(msg.nR,st->remoteN,NONCELEN)) {
/* We are ahead in the protocol, but that msg1 had the
* peer's nonce so presumably it is from this key
* exchange run, via a slower route */
return True;
}
if (msgtype==LABEL_PROD) {
- if (!named_for_us(st,buf,msgtype,&named_msg))
+ if (!named_for_us(st,buf,msgtype,&msg))
return False;
dump_packet(st,buf,source,True,True);
if (st->state!=SITE_RUN) {
if (st->state!=SITE_SENTMSG1) {
if ((st->state==SITE_SENTMSG3 ||
st->state==SITE_SENTMSG5) &&
- setup_late_msg_ok(st,buf,msgtype,source))
+ setup_late_msg_ok(st,buf,msgtype,source,&msg))
break;
slog(st,LOG_UNEXPECTED,"unexpected MSG2");
- } else if (process_msg2(st,buf,source)) {
+ } else if (process_msg2(st,buf,source,&msg)) {
transport_setup_msgok(st,source);
- enter_new_state(st,SITE_SENTMSG3);
+ enter_new_state(st,SITE_SENTMSG3,&msg);
} else {
slog(st,LOG_SEC,"invalid MSG2");
}
/* Setup packet: expected only in state SENTMSG2 */
if (st->state!=SITE_SENTMSG2) {
if ((st->state==SITE_SENTMSG4) &&
- setup_late_msg_ok(st,buf,msgtype,source))
+ setup_late_msg_ok(st,buf,msgtype,source,&msg))
break;
slog(st,LOG_UNEXPECTED,"unexpected MSG3");
- } else if (process_msg3(st,buf,source,msgtype)) {
+ } else if (process_msg3(st,buf,source,msgtype,&msg)) {
transport_setup_msgok(st,source);
- enter_new_state(st,SITE_SENTMSG4);
+ enter_new_state(st,SITE_SENTMSG4,&msg);
} else {
slog(st,LOG_SEC,"invalid MSG3");
}
/* Setup packet: expected only in state SENTMSG3 */
if (st->state!=SITE_SENTMSG3) {
if ((st->state==SITE_SENTMSG5) &&
- setup_late_msg_ok(st,buf,msgtype,source))
+ setup_late_msg_ok(st,buf,msgtype,source,&msg))
break;
slog(st,LOG_UNEXPECTED,"unexpected MSG4");
- } else if (process_msg4(st,buf,source)) {
+ } else if (process_msg4(st,buf,source,&msg)) {
transport_setup_msgok(st,source);
- enter_new_state(st,SITE_SENTMSG5);
+ enter_new_state(st,SITE_SENTMSG5,&msg);
} else {
slog(st,LOG_SEC,"invalid MSG4");
}
if (st->state==SITE_SENTMSG4) {
if (process_msg5(st,buf,source,st->new_transform)) {
transport_setup_msgok(st,source);
- enter_new_state(st,SITE_RUN);
+ enter_new_state(st,SITE_RUN,&msg);
} else {
slog(st,LOG_SEC,"invalid MSG5");
}
GET_CLOSURE_LIST("transform",transforms,ntransforms,CL_TRANSFORM);
st->dh=find_cl_if(dict,"dh",CL_DH,True,"site",loc);
- st->hash=find_cl_if(dict,"hash",CL_HASH,True,"site",loc);
+
+ if (st->privkey->sethash || st->pubkey->sethash) {
+ struct hash_if *hash=find_cl_if(dict,"hash",CL_HASH,True,"site",loc);
+ if (st->privkey->sethash) st->privkey->sethash(st->privkey->st,hash);
+ if (st->pubkey->sethash) st->pubkey->sethash(st->pubkey->st,hash);
+ }
#define DEFAULT(D) (st->peer_mobile || st->local_mobile \
? DEFAULT_MOBILE_##D : DEFAULT_##D)