X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?a=blobdiff_plain;f=site.c;h=0db109f239ebf9bab6ae84b163e6ce864aa3fd94;hb=14f78812a935c8f050f12112c19f359eb12f0686;hp=b83919c3b4467bc484a5a18fbea78373d6920044;hpb=e0d2e637f0931a4a3c897abbc4e38a3f357ba3d4;p=secnet.git diff --git a/site.c b/site.c index b83919c..0db109f 100644 --- a/site.c +++ b/site.c @@ -6,7 +6,7 @@ * * secnet is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version d of the License, or + * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * secnet is distributed in the hope that it will be useful, but @@ -305,6 +305,7 @@ struct site { uint32_t mtu_target; struct netlink_if *netlink; struct comm_if **comms; + struct comm_clientinfo **commclientinfos; int ncomms; struct resolver_if *resolver; struct log_if *log; @@ -327,14 +328,14 @@ struct site { after this time, initiate a new key exchange */ - bool_t setup_priority; /* Do we have precedence if both sites emit - message 1 simultaneously? */ + bool_t our_name_later; /* our name > peer name */ uint32_t log_events; /* runtime information */ uint32_t state; uint64_t now; /* Most recently seen time */ bool_t allow_send_prod; + bool_t msg1_crossed_logged; int resolving_count; int resolving_n_results_all; int resolving_n_results_stored; @@ -469,14 +470,15 @@ static bool_t current_valid(struct site *st) } #define DEFINE_CALL_TRANSFORM(fwdrev) \ -static int call_transform_##fwdrev(struct site *st, \ +static transform_apply_return \ +call_transform_##fwdrev(struct site *st, \ struct transform_inst_if *transform, \ struct buffer_if *buf, \ const char **errmsg) \ { \ if (!is_transform_valid(transform)) { \ *errmsg="transform not set up"; \ - return 1; \ + return transform_apply_err; \ } \ return transform->fwdrev(transform->st,buf,errmsg); \ } @@ -533,8 +535,10 @@ struct msg { char *sig; }; -static void set_new_transform(struct site *st, char *pk) +static _Bool set_new_transform(struct site *st, char *pk) { + _Bool ok; + /* Make room for the shared key */ st->sharedsecretlen=st->chosen_transform->keylen?:st->dh->ceil_len; assert(st->sharedsecretlen); @@ -552,15 +556,18 @@ static void set_new_transform(struct site *st, char *pk) /* Set up the transform */ struct transform_if *generator=st->chosen_transform; struct transform_inst_if *generated=generator->create(generator->st); - generated->setkey(generated->st,st->sharedsecret, - st->sharedsecretlen,st->setup_priority); + ok = generated->setkey(generated->st,st->sharedsecret, + st->sharedsecretlen,st->our_name_later); + dispose_transform(&st->new_transform); + if (!ok) return False; st->new_transform=generated; slog(st,LOG_SETUP_INIT,"key exchange negotiated transform" " %d (capabilities ours=%#"PRIx32" theirs=%#"PRIx32")", st->chosen_transform->capab_transformnum, st->local_capabilities, st->remote_capabilities); + return True; } struct xinfoadd { @@ -712,6 +719,13 @@ static bool_t unpick_msg(struct site *st, uint32_t type, CHECK_AVAIL(msg,m->siglen); m->sig=buf_unprepend(msg,m->siglen); CHECK_EMPTY(msg); + + /* In `process_msg3_msg4' below, we assume that we can write a nul + * terminator following the signature. Make sure there's enough space. + */ + if (msg->start >= msg->base + msg->alloclen) + return False; + return True; } @@ -845,7 +859,7 @@ static bool_t process_msg3_msg4(struct site *st, struct msg *m) hst=st->hash->init(); st->hash->update(hst,m->hashstart,m->hashlen); st->hash->final(hst,hash); - /* Terminate signature with a '0' - cheating, but should be ok */ + /* Terminate signature with a '0' - already checked that this will fit */ m->sig[m->siglen]=0; if (!st->pubkey->check(st->pubkey->st,hash,st->hash->len,m->sig)) { slog(st,LOG_SEC,"msg3/msg4 signature failed check!"); @@ -904,7 +918,7 @@ static bool_t process_msg3(struct site *st, struct buffer_if *msg3, st->random->generate(st->random->st,st->dh->len,st->dhsecret); /* Generate the shared key and set up the transform */ - set_new_transform(st,m.pk); + if (!set_new_transform(st,m.pk)) return False; return True; } @@ -935,7 +949,7 @@ static bool_t process_msg4(struct site *st, struct buffer_if *msg4, m.pk[m.pklen]=0; /* Generate the shared key and set up the transform */ - set_new_transform(st,m.pk); + if (!set_new_transform(st,m.pk)) return False; return True; } @@ -1016,8 +1030,9 @@ static void create_msg6(struct site *st, struct transform_inst_if *transform, /* Give the netlink code an opportunity to put its own stuff in the message (configuration information, etc.) */ buf_prepend_uint32(&st->buffer,LABEL_MSG6); - int problem = call_transform_forwards(st,transform, - &st->buffer,&transform_err); + transform_apply_return problem = + call_transform_forwards(st,transform, + &st->buffer,&transform_err); assert(!problem); buf_prepend_uint32(&st->buffer,LABEL_MSG6); buf_prepend_uint32(&st->buffer,st->index); @@ -1062,7 +1077,7 @@ static bool_t decrypt_msg0(struct site *st, struct buffer_if *msg0, { cstring_t transform_err, auxkey_err, newkey_err="n/a"; struct msg0 m; - uint32_t problem; + transform_apply_return problem; if (!unpick_msg0(st,msg0,&m)) return False; @@ -1077,13 +1092,13 @@ static bool_t decrypt_msg0(struct site *st, struct buffer_if *msg0, "peer has used new key","auxiliary key",LOG_SEC); return True; } - if (problem==2) + if (problem==transform_apply_seqrange) goto skew; buffer_copy(msg0, &st->scratch); problem = call_transform_reverse(st,st->auxiliary_key.transform, msg0,&auxkey_err); - if (problem==0) { + if (!problem) { slog(st,LOG_DROP,"processing packet which uses auxiliary key"); if (st->auxiliary_is_new) { /* We previously timed out in state SENTMSG5 but it turns @@ -1102,7 +1117,7 @@ static bool_t decrypt_msg0(struct site *st, struct buffer_if *msg0, } return True; } - if (problem==2) + if (problem==transform_apply_seqrange) goto skew; if (st->state==SITE_SENTMSG5) { @@ -1118,7 +1133,7 @@ static bool_t decrypt_msg0(struct site *st, struct buffer_if *msg0, activate_new_key(st); return True; /* do process the data in this packet */ } - if (problem==2) + if (problem==transform_apply_seqrange) goto skew; } @@ -1130,7 +1145,8 @@ static bool_t decrypt_msg0(struct site *st, struct buffer_if *msg0, skew: slog(st,LOG_DROP,"transform: %s (merely skew)",transform_err); - return False; + assert(problem); + return problem; } static bool_t process_msg0(struct site *st, struct buffer_if *msg0, @@ -1183,6 +1199,22 @@ static void dump_packet(struct site *st, struct buffer_if *buf, ok?"":" - fail"); } +static bool_t comm_addr_sendmsg(struct site *st, + const struct comm_addr *dest, + struct buffer_if *buf) +{ + int i; + struct comm_clientinfo *commclientinfo = 0; + + for (i=0; i < st->ncomms; i++) { + if (st->comms[i] == dest->comm) { + commclientinfo = st->commclientinfos[i]; + break; + } + } + return dest->comm->sendmsg(dest->comm->st, buf, dest, commclientinfo); +} + static uint32_t site_status(void *st) { return 0; @@ -1432,7 +1464,7 @@ static void enter_state_run(struct site *st) FILLZERO(st->remoteN); dispose_transform(&st->new_transform); memset(st->dhsecret,0,st->dh->len); - memset(st->sharedsecret,0,st->sharedsecretlen); + if (st->sharedsecret) memset(st->sharedsecret,0,st->sharedsecretlen); set_link_quality(st); if (st->keepalive && !current_valid(st)) @@ -1495,6 +1527,7 @@ static bool_t enter_new_state(struct site *st, uint32_t next) case SITE_SENTMSG1: state_assert(st,st->state==SITE_RUN || st->state==SITE_RESOLVE); gen=generate_msg1; + st->msg1_crossed_logged = False; break; case SITE_SENTMSG2: state_assert(st,st->state==SITE_RUN || st->state==SITE_RESOLVE || @@ -1610,7 +1643,7 @@ static void generate_send_prod(struct site *st, slog(st,LOG_SETUP_INIT,"prodding peer for key exchange"); st->allow_send_prod=0; generate_prod(st,&st->scratch); - bool_t ok = source->comm->sendmsg(source->comm->st, &st->scratch, source); + bool_t ok = comm_addr_sendmsg(st, source, &st->scratch); dump_packet(st,&st->scratch,source,False,ok); } @@ -1724,6 +1757,15 @@ static bool_t named_for_us(struct site *st, const struct buffer_if *buf_in, && name_matches(&m->local,st->localname); } +static bool_t we_have_priority(struct site *st, const struct msg *m) { + if ((st->local_capabilities & m->remote_capabilities) + && CAPAB_PRIORITY_MOBILE) { + if (st->local_mobile) return True; + if (st-> peer_mobile) return False; + } + return st->our_name_later; +} + /* This function is called by the communication device to deliver packets from our peers. It should return True if the packet is recognised as being for @@ -1765,13 +1807,14 @@ static bool_t site_incoming(void *sst, struct buffer_if *buf, /* We've just sent a message 1! They may have crossed on the wire. If we have priority then we ignore the incoming one, otherwise we process it as usual. */ - if (st->setup_priority) { + if (we_have_priority(st,&named_msg)) { BUF_FREE(buf); - slog(st,LOG_DUMP,"crossed msg1s; we are higher " - "priority => ignore incoming msg1"); + if (!st->msg1_crossed_logged++) + slog(st,LOG_SETUP_INIT,"crossed msg1s; we are higher " + "priority => ignore incoming msg1"); return True; } else { - slog(st,LOG_DUMP,"crossed msg1s; we are lower " + slog(st,LOG_SETUP_INIT,"crossed msg1s; we are lower " "priority => use incoming msg1"); if (process_msg1(st,buf,source,&named_msg)) { BUF_FREE(&st->buffer); /* Free our old message 1 */ @@ -2026,6 +2069,14 @@ static list_t *site_apply(closure_t *self, struct cloc loc, dict_t *context, GET_CLOSURE_LIST("comm",comms,ncomms,CL_COMM); + NEW_ARY(st->commclientinfos, st->ncomms); + dict_t *comminfo = dict_read_dict(dict,"comm-info",False,"site",loc); + for (i=0; incomms; i++) { + st->commclientinfos[i] = + !comminfo ? 0 : + st->comms[i]->clientinfo(st->comms[i],comminfo,loc); + } + st->resolver=find_cl_if(dict,"resolver",CL_RESOLVER,True,"site",loc); st->log=find_cl_if(dict,"log",CL_LOG,True,"site",loc); st->random=find_cl_if(dict,"random",CL_RANDOMSRC,True,"site",loc); @@ -2089,7 +2140,7 @@ static list_t *site_apply(closure_t *self, struct cloc loc, dict_t *context, /* The information we expect to see in incoming messages of type 1 */ /* fixme: lots of unchecked overflows here, but the results are only corrupted packets rather than undefined behaviour */ - st->setup_priority=(strcmp(st->localname,st->remotename)>0); + st->our_name_later=(strcmp(st->localname,st->remotename)>0); buffer_new(&st->buffer,SETUP_BUFFER_LEN); @@ -2121,6 +2172,9 @@ static list_t *site_apply(closure_t *self, struct cloc loc, dict_t *context, st->local_capabilities |= capbit; } + if (st->local_mobile || st->peer_mobile) + st->local_capabilities |= CAPAB_PRIORITY_MOBILE; + /* We need to register the remote networks with the netlink device */ uint32_t netlink_mtu; /* local virtual interface mtu */ st->netlink->reg(st->netlink->st, site_outgoing, st, &netlink_mtu); @@ -2224,11 +2278,18 @@ static void transport_record_peers(struct site *st, transport_peers *peers, * * Caller must first call transport_peers_expire. */ - if (naddrs==1 && peers->npeers>=1 && - comm_addr_equal(&addrs[0], &peers->peers[0].addr)) { - /* optimisation, also avoids debug for trivial updates */ - peers->peers[0].last = *tv_now; - return; + if (naddrs==1) { + /* avoids debug for uninteresting updates */ + int i; + for (i=0; inpeers; i++) { + if (comm_addr_equal(&addrs[0], &peers->peers[i].addr)) { + memmove(peers->peers+1, peers->peers, + sizeof(peers->peers[0]) * i); + peers->peers[0].addr = addrs[0]; + peers->peers[0].last = *tv_now; + return; + } + } } int old_npeers=peers->npeers; @@ -2359,8 +2420,7 @@ void transport_xmit(struct site *st, transport_peers *peers, int nfailed=0; for (slot=0; slotnpeers; slot++) { transport_peer *peer=&peers->peers[slot]; - bool_t ok = - peer->addr.comm->sendmsg(peer->addr.comm->st, buf, &peer->addr); + bool_t ok = comm_addr_sendmsg(st, &peer->addr, buf); if (candebug) dump_packet(st, buf, &peer->addr, False, ok); if (!ok) {