X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~ian/git?p=secnet.git;a=blobdiff_plain;f=site.c;h=db65bd80d7ad93d9d22e19d83a7a4b2321fbd088;hp=5fa173b03f05244ec86516bf4629c498687e44c1;hb=f23763998505b60352a2395bfae16da5cac2a978;hpb=3d8d8f4e66600d1a2a80ade8e1df407a18b01ac9 diff --git a/site.c b/site.c index 5fa173b..db65bd8 100644 --- a/site.c +++ b/site.c @@ -214,6 +214,12 @@ static void transport_xmit(struct site *st, transport_peers *peers, /***** END of transport peers declarations *****/ +struct data_key { + struct transform_inst_if *transform; + uint64_t key_timeout; /* End of life of current key */ + uint32_t remote_session_id; +}; + struct site { closure_t cl; struct site_if ops; @@ -259,10 +265,11 @@ struct site { uint64_t now; /* Most recently seen time */ /* The currently established session */ - uint32_t remote_session_id; - struct transform_inst_if *current_transform; - uint64_t current_key_timeout; /* End of life of current key */ + struct data_key current; + struct data_key auxiliary_key; + bool_t auxiliary_is_new; uint64_t renegotiate_key_time; /* When we can negotiate a new key */ + uint64_t auxiliary_renegotiate_key_time; transport_peers peers; /* Current address(es) of peer for data traffic */ /* The current key setup protocol exchange. We can only be @@ -315,7 +322,11 @@ static void slog(struct site *st, uint32_t event, cstring_t msg, ...) } static void set_link_quality(struct site *st); -static void delete_key(struct site *st, cstring_t reason, uint32_t loglevel); +static void delete_keys(struct site *st, cstring_t reason, uint32_t loglevel); +static void delete_one_key(struct site *st, struct data_key *key, + const char *reason /* may be 0 meaning don't log*/, + const char *which /* ignored if !reasonn */, + uint32_t loglevel /* ignored if !reasonn */); static bool_t initiate_key_setup(struct site *st, cstring_t reason); static void enter_state_run(struct site *st); static bool_t enter_state_resolve(struct site *st); @@ -325,7 +336,7 @@ static void activate_new_key(struct site *st); static bool_t current_valid(struct site *st) { - return st->current_transform->valid(st->current_transform->st); + return st->current.transform->valid(st->current.transform->st); } #define CHECK_AVAIL(b,l) do { if ((b)->size<(l)) return False; } while(0) @@ -721,7 +732,7 @@ static bool_t process_msg6(struct site *st, struct buffer_if *msg6, static bool_t decrypt_msg0(struct site *st, struct buffer_if *msg0) { - cstring_t transform_err, newkey_err="n/a"; + cstring_t transform_err, auxkey_err, newkey_err="n/a"; struct msg0 m; uint32_t problem; @@ -730,15 +741,43 @@ static bool_t decrypt_msg0(struct site *st, struct buffer_if *msg0) /* Keep a copy so we can try decrypting it with multiple keys */ buffer_copy(&st->scratch, msg0); - problem = st->current_transform->reverse(st->current_transform->st, + problem = st->current.transform->reverse(st->current.transform->st, msg0,&transform_err); - if (!problem) return True; + if (!problem) { + if (!st->auxiliary_is_new) + delete_one_key(st,&st->auxiliary_key, + "peer has used new key","auxiliary key",LOG_SEC); + return True; + } if (problem==2) { slog(st,LOG_DROP,"transform: %s (merely skew)",transform_err); return False; } + buffer_copy(msg0, &st->scratch); + problem = st->auxiliary_key.transform->reverse + (st->auxiliary_key.transform->st,msg0,&auxkey_err); + if (problem==0) { + slog(st,LOG_DROP,"processing packet which uses auxiliary key"); + if (st->auxiliary_is_new) { + /* We previously timed out in state SENTMSG5 but it turns + * out that our peer did in fact get our MSG5 and is + * using the new key. So we should switch to it too. */ + /* This is a bit like activate_new_key. */ + struct data_key t; + t=st->current; + st->current=st->auxiliary_key; + st->auxiliary_key=t; + + delete_one_key(st,&st->auxiliary_key,"peer has used new key", + "previous key",LOG_SEC); + st->auxiliary_is_new=0; + st->renegotiate_key_time=st->auxiliary_renegotiate_key_time; + } + return True; + } + if (st->state==SITE_SENTMSG5) { buffer_copy(msg0, &st->scratch); if (!st->new_transform->reverse(st->new_transform->st, @@ -753,7 +792,8 @@ static bool_t decrypt_msg0(struct site *st, struct buffer_if *msg0) } } - slog(st,LOG_SEC,"transform: %s (new: %s)",transform_err,newkey_err); + slog(st,LOG_SEC,"transform: %s (aux: %s, new: %s)", + transform_err,auxkey_err,newkey_err); initiate_key_setup(st,"incoming message would not decrypt"); return False; } @@ -771,7 +811,7 @@ static bool_t process_msg0(struct site *st, struct buffer_if *msg0, switch(type) { case LABEL_MSG7: /* We must forget about the current session. */ - delete_key(st,"request from peer",LOG_SEC); + delete_keys(st,"request from peer",LOG_SEC); return True; case LABEL_MSG9: /* Deliver to netlink layer */ @@ -814,6 +854,24 @@ static bool_t send_msg(struct site *st) st->timeout=st->now+st->setup_retry_interval; st->retries--; return True; + } else if (st->state==SITE_SENTMSG5) { + slog(st,LOG_SETUP_TIMEOUT,"timed out sending MSG5, stashing new key"); + /* We stash the key we have produced, in case it turns out that + * our peer did see our MSG5 after all and starts using it. */ + /* This is a bit like some of activate_new_key */ + struct transform_inst_if *t; + t=st->auxiliary_key.transform; + st->auxiliary_key.transform=st->new_transform; + st->new_transform=t; + + t->delkey(t->st); + st->auxiliary_is_new=1; + st->auxiliary_key.key_timeout=st->now+st->key_lifetime; + st->auxiliary_renegotiate_key_time=st->now+st->key_renegotiate_time; + st->auxiliary_key.remote_session_id=st->setup_session_id; + + enter_state_wait(st); + return False; } else { slog(st,LOG_SETUP_TIMEOUT,"timed out sending key setup packet " "(in state %s)",state_name(st->state)); @@ -869,32 +927,44 @@ static void activate_new_key(struct site *st) { struct transform_inst_if *t; - /* We have two transform instances, which we swap between active - and setup */ - t=st->current_transform; - st->current_transform=st->new_transform; + /* We have three transform instances, which we swap between old, + active and setup */ + t=st->auxiliary_key.transform; + st->auxiliary_key.transform=st->current.transform; + st->current.transform=st->new_transform; st->new_transform=t; t->delkey(t->st); st->timeout=0; - st->current_key_timeout=st->now+st->key_lifetime; + st->auxiliary_is_new=0; + st->auxiliary_key.key_timeout=st->current.key_timeout; + st->current.key_timeout=st->now+st->key_lifetime; st->renegotiate_key_time=st->now+st->key_renegotiate_time; transport_peers_copy(st,&st->peers,&st->setup_peers); - st->remote_session_id=st->setup_session_id; + st->current.remote_session_id=st->setup_session_id; slog(st,LOG_ACTIVATE_KEY,"new key activated"); enter_state_run(st); } -static void delete_key(struct site *st, cstring_t reason, uint32_t loglevel) +static void delete_one_key(struct site *st, struct data_key *key, + cstring_t reason, cstring_t which, uint32_t loglevel) +{ + if (!key->transform->valid(key->transform->st)) return; + if (reason) slog(st,loglevel,"%s deleted (%s)",which,reason); + key->transform->delkey(key->transform->st); + key->key_timeout=0; +} + +static void delete_keys(struct site *st, cstring_t reason, uint32_t loglevel) { if (current_valid(st)) { slog(st,loglevel,"session closed (%s)",reason); - st->current_transform->delkey(st->current_transform->st); - st->current_key_timeout=0; + delete_one_key(st,&st->current,0,0,0); set_link_quality(st); } + delete_one_key(st,&st->auxiliary_key,0,0,0); } static void state_assert(struct site *st, bool_t ok) @@ -906,7 +976,7 @@ static void enter_state_stop(struct site *st) { st->state=SITE_STOP; st->timeout=0; - delete_key(st,"entering state STOP",LOG_TIMEOUT_KEY); + delete_keys(st,"entering state STOP",LOG_TIMEOUT_KEY); st->new_transform->delkey(st->new_transform->st); } @@ -1031,11 +1101,11 @@ static bool_t send_msg7(struct site *st, cstring_t reason) buffer_init(&st->buffer,st->transform->max_start_pad+(4*3)); buf_append_uint32(&st->buffer,LABEL_MSG7); buf_append_string(&st->buffer,reason); - st->current_transform->forwards(st->current_transform->st, + st->current.transform->forwards(st->current.transform->st, &st->buffer, &transform_err); buf_prepend_uint32(&st->buffer,LABEL_MSG0); buf_prepend_uint32(&st->buffer,st->index); - buf_prepend_uint32(&st->buffer,st->remote_session_id); + buf_prepend_uint32(&st->buffer,st->current.remote_session_id); transport_xmit(st,&st->peers,&st->buffer,True); BUF_FREE(&st->buffer); return True; @@ -1076,14 +1146,23 @@ static int site_beforepoll(void *sst, struct pollfd *fds, int *nfds_io, st->now=*now; /* Work out when our next timeout is. The earlier of 'timeout' or - 'current_key_timeout'. A stored value of '0' indicates no timeout + 'current.key_timeout'. A stored value of '0' indicates no timeout active. */ site_settimeout(st->timeout, timeout_io); - site_settimeout(st->current_key_timeout, timeout_io); + site_settimeout(st->current.key_timeout, timeout_io); + site_settimeout(st->auxiliary_key.key_timeout, timeout_io); return 0; /* success */ } +static void check_expiry(struct site *st, struct data_key *key, + const char *which) +{ + if (key->key_timeout && *now>key->key_timeout) { + delete_one_key(st,key,"maximum life exceeded",which,LOG_TIMEOUT_KEY); + } +} + /* NB site_afterpoll will be called before site_beforepoll is ever called */ static void site_afterpoll(void *sst, struct pollfd *fds, int nfds) { @@ -1102,9 +1181,8 @@ static void site_afterpoll(void *sst, struct pollfd *fds, int nfds) st->state); } } - if (st->current_key_timeout && *now>st->current_key_timeout) { - delete_key(st,"maximum key life exceeded",LOG_TIMEOUT_KEY); - } + check_expiry(st,&st->current,"current key"); + check_expiry(st,&st->auxiliary_key,"auxiliary key"); } /* This function is called by the netlink device to deliver packets @@ -1126,11 +1204,11 @@ static void site_outgoing(void *sst, struct buffer_if *buf) /* Transform it and send it */ if (buf->size>0) { buf_prepend_uint32(buf,LABEL_MSG9); - st->current_transform->forwards(st->current_transform->st, + st->current.transform->forwards(st->current.transform->st, buf, &transform_err); buf_prepend_uint32(buf,LABEL_MSG0); buf_prepend_uint32(buf,st->index); - buf_prepend_uint32(buf,st->remote_session_id); + buf_prepend_uint32(buf,st->current.remote_session_id); transport_xmit(st,&st->peers,buf,False); } BUF_FREE(buf); @@ -1210,7 +1288,7 @@ static bool_t site_incoming(void *sst, struct buffer_if *buf, case 0: /* NAK */ /* If the source is our current peer then initiate a key setup, because our peer's forgotten the key */ - if (get_uint32(buf->start+4)==st->remote_session_id) { + if (get_uint32(buf->start+4)==st->current.remote_session_id) { initiate_key_setup(st,"received a NAK"); } else { slog(st,LOG_SEC,"bad incoming NAK"); @@ -1272,10 +1350,11 @@ static bool_t site_incoming(void *sst, struct buffer_if *buf, slog(st,LOG_SEC,"invalid MSG5"); } } else if (st->state==SITE_RUN) { - if (process_msg5(st,buf,source,st->current_transform)) { + if (process_msg5(st,buf,source,st->current.transform)) { slog(st,LOG_DROP,"got MSG5, retransmitting MSG6"); transport_setup_msgok(st,source); - create_msg6(st,st->current_transform,st->remote_session_id); + create_msg6(st,st->current.transform, + st->current.remote_session_id); transport_xmit(st,&st->peers,&st->buffer,True); BUF_FREE(&st->buffer); } else { @@ -1472,7 +1551,8 @@ static list_t *site_apply(closure_t *self, struct cloc loc, dict_t *context, register_for_poll(st, site_beforepoll, site_afterpoll, 0, "site"); st->timeout=0; - st->current_key_timeout=0; + st->current.key_timeout=0; + st->auxiliary_key.key_timeout=0; transport_peers_clear(st,&st->peers); transport_peers_clear(st,&st->setup_peers); /* XXX mlock these */ @@ -1499,8 +1579,10 @@ static list_t *site_apply(closure_t *self, struct cloc loc, dict_t *context, for (i=0; incomms; i++) st->comms[i]->request_notify(st->comms[i]->st, st, site_incoming); - st->current_transform=st->transform->create(st->transform->st); + st->current.transform=st->transform->create(st->transform->st); + st->auxiliary_key.transform=st->transform->create(st->transform->st); st->new_transform=st->transform->create(st->transform->st); + st->auxiliary_is_new=0; enter_state_stop(st);