1 /* site.c - manage communication with a remote network site */
3 /* The 'site' code doesn't know anything about the structure of the
4 packets it's transmitting. In fact, under the new netlink
5 configuration scheme it doesn't need to know anything at all about
6 IP addresses, except how to contact its peer. This means it could
7 potentially be used to tunnel other protocols too (IPv6, IPX, plain
8 old Ethernet frames) if appropriate netlink code can be written
9 (and that ought not to be too hard, eg. using the TUN/TAP device to
10 pretend to be an Ethernet interface). */
12 /* At some point in the future the netlink code will be asked for
13 configuration information to go in the PING/PONG packets at the end
14 of the key exchange. */
21 #include <sys/socket.h>
25 #include "unaligned.h"
28 #define SETUP_BUFFER_LEN 2048
30 #define DEFAULT_KEY_LIFETIME (3600*1000) /* [ms] */
31 #define DEFAULT_KEY_RENEGOTIATE_GAP (5*60*1000) /* [ms] */
32 #define DEFAULT_SETUP_RETRIES 5
33 #define DEFAULT_SETUP_RETRY_INTERVAL (2*1000) /* [ms] */
34 #define DEFAULT_WAIT_TIME (20*1000) /* [ms] */
36 #define DEFAULT_MOBILE_KEY_LIFETIME (2*24*3600*1000) /* [ms] */
37 #define DEFAULT_MOBILE_KEY_RENEGOTIATE_GAP (12*3600*1000) /* [ms] */
38 #define DEFAULT_MOBILE_SETUP_RETRIES 30
39 #define DEFAULT_MOBILE_SETUP_RETRY_INTERVAL (1*1000) /* [ms] */
40 #define DEFAULT_MOBILE_WAIT_TIME (10*1000) /* [ms] */
42 #define DEFAULT_MOBILE_PEER_EXPIRY (2*60) /* [s] */
43 #define DEFAULT_MOBILE_PEERS_MAX 3 /* send at most this many copies (default) */
45 /* Each site can be in one of several possible states. */
48 SITE_STOP - nothing is allowed to happen; tunnel is down;
49 all session keys have been erased
50 -> SITE_RUN upon external instruction
51 SITE_RUN - site up, maybe with valid key
52 -> SITE_RESOLVE upon outgoing packet and no valid key
53 we start name resolution for the other end of the tunnel
54 -> SITE_SENTMSG2 upon valid incoming message 1 and suitable time
55 we send an appropriate message 2
56 SITE_RESOLVE - waiting for name resolution
57 -> SITE_SENTMSG1 upon successful resolution
58 we send an appropriate message 1
59 -> SITE_SENTMSG2 upon valid incoming message 1 (then abort resolution)
60 we abort resolution and
61 -> SITE_WAIT on timeout or resolution failure
63 -> SITE_SENTMSG2 upon valid incoming message 1 from higher priority end
64 -> SITE_SENTMSG3 upon valid incoming message 2
65 -> SITE_WAIT on timeout
67 -> SITE_SENTMSG4 upon valid incoming message 3
68 -> SITE_WAIT on timeout
70 -> SITE_SENTMSG5 upon valid incoming message 4
71 -> SITE_WAIT on timeout
73 -> SITE_RUN upon valid incoming message 5
74 -> SITE_WAIT on timeout
76 -> SITE_RUN upon valid incoming message 6
77 -> SITE_WAIT on timeout
78 SITE_WAIT - failed to establish key; do nothing for a while
79 -> SITE_RUN on timeout
84 #define SITE_RESOLVE 2
85 #define SITE_SENTMSG1 3
86 #define SITE_SENTMSG2 4
87 #define SITE_SENTMSG3 5
88 #define SITE_SENTMSG4 6
89 #define SITE_SENTMSG5 7
92 int32_t site_max_start_pad = 4*4;
94 static cstring_t state_name(uint32_t state)
97 case 0: return "STOP";
99 case 2: return "RESOLVE";
100 case 3: return "SENTMSG1";
101 case 4: return "SENTMSG2";
102 case 5: return "SENTMSG3";
103 case 6: return "SENTMSG4";
104 case 7: return "SENTMSG5";
105 case 8: return "WAIT";
106 default: return "*bad state*";
112 #define LOG_UNEXPECTED 0x00000001
113 #define LOG_SETUP_INIT 0x00000002
114 #define LOG_SETUP_TIMEOUT 0x00000004
115 #define LOG_ACTIVATE_KEY 0x00000008
116 #define LOG_TIMEOUT_KEY 0x00000010
117 #define LOG_SEC 0x00000020
118 #define LOG_STATE 0x00000040
119 #define LOG_DROP 0x00000080
120 #define LOG_DUMP 0x00000100
121 #define LOG_ERROR 0x00000400
122 #define LOG_PEER_ADDRS 0x00000800
124 static struct flagstr log_event_table[]={
125 { "unexpected", LOG_UNEXPECTED },
126 { "setup-init", LOG_SETUP_INIT },
127 { "setup-timeout", LOG_SETUP_TIMEOUT },
128 { "activate-key", LOG_ACTIVATE_KEY },
129 { "timeout-key", LOG_TIMEOUT_KEY },
130 { "security", LOG_SEC },
131 { "state-change", LOG_STATE },
132 { "packet-drop", LOG_DROP },
133 { "dump-packets", LOG_DUMP },
134 { "errors", LOG_ERROR },
135 { "peer-addrs", LOG_PEER_ADDRS },
136 { "default", LOG_SETUP_INIT|LOG_SETUP_TIMEOUT|
137 LOG_ACTIVATE_KEY|LOG_TIMEOUT_KEY|LOG_SEC|LOG_ERROR },
138 { "all", 0xffffffff },
143 /***** TRANSPORT PEERS declarations *****/
145 /* Details of "mobile peer" semantics:
147 - We record mobile_peers_max peer address/port numbers ("peers")
148 for key setup, and separately mobile_peers_max for data
149 transfer. If these lists fill up, we retain the newest peers.
150 (For non-mobile peers we only record one of each.)
152 - Outgoing packets are sent to every recorded peer in the
155 - Data transfer peers are straightforward: whenever we successfully
156 process a data packet, we record the peer. Also, whenever we
157 successfully complete a key setup, we merge the key setup
158 peers into the data transfer peers.
160 (For "non-mobile" peers we simply copy the peer used for
161 successful key setup, and don't change the peer otherwise.)
163 - Key setup peers are slightly more complicated.
165 Whenever we receive and successfully process a key exchange
166 packet, we record the peer.
168 Whenever we try to initiate a key setup, we copy the list of data
169 transfer peers and use it for key setup. But we also look to see
170 if the config supplies an address and port number and if so we
171 add that as a key setup peer (possibly evicting one of the data
172 transfer peers we just copied).
174 (For "non-mobile" peers, if we if we have a configured peer
175 address and port, we always use that; otherwise if we have a
176 current data peer address we use that; otherwise we do not
177 attempt to initiate a key setup for lack of a peer address.)
179 "Record the peer" means
180 1. expire any peers last seen >120s ("mobile-peer-expiry") ago
181 2. add the peer of the just received packet to the applicable list
182 (possibly evicting older entries)
183 NB that we do not expire peers until an incoming packet arrives.
187 #define MAX_MOBILE_PEERS_MAX 5 /* send at most this many copies, compiled max */
191 struct comm_addr addr;
195 /* configuration information */
196 /* runtime information */
198 transport_peer peers[MAX_MOBILE_PEERS_MAX];
201 static void transport_peers_clear(struct site *st, transport_peers *peers);
202 static int transport_peers_valid(transport_peers *peers);
203 static void transport_peers_copy(struct site *st, transport_peers *dst,
204 const transport_peers *src);
206 static void transport_setup_msgok(struct site *st, const struct comm_addr *a);
207 static void transport_data_msgok(struct site *st, const struct comm_addr *a);
208 static bool_t transport_compute_setupinit_peers(struct site *st,
209 const struct comm_addr *configured_addr /* 0 if none or not found */,
210 const struct comm_addr *prod_hint_addr /* 0 if none */);
211 static void transport_record_peer(struct site *st, transport_peers *peers,
212 const struct comm_addr *addr, const char *m);
214 static void transport_xmit(struct site *st, transport_peers *peers,
215 struct buffer_if *buf, bool_t candebug);
217 /***** END of transport peers declarations *****/
221 struct transform_inst_if *transform;
222 uint64_t key_timeout; /* End of life of current key */
223 uint32_t remote_session_id;
229 /* configuration information */
232 bool_t peer_mobile; /* Mobile client support */
233 int32_t transport_peers_max;
234 string_t tunname; /* localname<->remotename by default, used in logs */
235 string_t address; /* DNS name for bootstrapping, optional */
236 int remoteport; /* Port for bootstrapping, optional */
238 struct netlink_if *netlink;
239 struct comm_if **comms;
241 struct resolver_if *resolver;
243 struct random_if *random;
244 struct rsaprivkey_if *privkey;
245 struct rsapubkey_if *pubkey;
246 struct transform_if **transforms;
249 struct hash_if *hash;
251 uint32_t index; /* Index of this site */
252 uint32_t local_capabilities;
253 int32_t setup_retries; /* How many times to send setup packets */
254 int32_t setup_retry_interval; /* Initial timeout for setup packets */
255 int32_t wait_timeout; /* How long to wait if setup unsuccessful */
256 int32_t mobile_peer_expiry; /* How long to remember 2ary addresses */
257 int32_t key_lifetime; /* How long a key lasts once set up */
258 int32_t key_renegotiate_time; /* If we see traffic (or a keepalive)
259 after this time, initiate a new
262 bool_t setup_priority; /* Do we have precedence if both sites emit
263 message 1 simultaneously? */
266 /* runtime information */
268 uint64_t now; /* Most recently seen time */
269 bool_t allow_send_prod;
271 /* The currently established session */
272 struct data_key current;
273 struct data_key auxiliary_key;
274 bool_t auxiliary_is_new;
275 uint64_t renegotiate_key_time; /* When we can negotiate a new key */
276 uint64_t auxiliary_renegotiate_key_time;
277 transport_peers peers; /* Current address(es) of peer for data traffic */
279 /* The current key setup protocol exchange. We can only be
280 involved in one of these at a time. There's a potential for
281 denial of service here (the attacker keeps sending a setup
282 packet; we keep trying to continue the exchange, and have to
283 timeout before we can listen for another setup packet); perhaps
284 we should keep a list of 'bad' sources for setup packets. */
285 uint32_t remote_capabilities;
286 uint16_t remote_adv_mtu;
287 struct transform_if *chosen_transform;
288 uint32_t setup_session_id;
289 transport_peers setup_peers;
290 uint8_t localN[NONCELEN]; /* Nonces for key exchange */
291 uint8_t remoteN[NONCELEN];
292 struct buffer_if buffer; /* Current outgoing key exchange packet */
293 struct buffer_if scratch;
294 int32_t retries; /* Number of retries remaining */
295 uint64_t timeout; /* Timeout for current state */
297 uint8_t *sharedsecret;
298 uint32_t sharedsecretlen, sharedsecretallocd;
299 struct transform_inst_if *new_transform; /* For key setup/verify */
302 static uint32_t event_log_priority(struct site *st, uint32_t event)
304 if (!(event&st->log_events))
307 case LOG_UNEXPECTED: return M_INFO;
308 case LOG_SETUP_INIT: return M_INFO;
309 case LOG_SETUP_TIMEOUT: return M_NOTICE;
310 case LOG_ACTIVATE_KEY: return M_INFO;
311 case LOG_TIMEOUT_KEY: return M_INFO;
312 case LOG_SEC: return M_SECURITY;
313 case LOG_STATE: return M_DEBUG;
314 case LOG_DROP: return M_DEBUG;
315 case LOG_DUMP: return M_DEBUG;
316 case LOG_ERROR: return M_ERR;
317 case LOG_PEER_ADDRS: return M_DEBUG;
318 default: return M_ERR;
322 static void vslog(struct site *st, uint32_t event, cstring_t msg, va_list ap)
324 static void vslog(struct site *st, uint32_t event, cstring_t msg, va_list ap)
328 class=event_log_priority(st, event);
330 slilog_part(st->log,class,"%s: ",st->tunname);
331 vslilog_part(st->log,class,msg,ap);
332 slilog_part(st->log,class,"\n");
336 static void slog(struct site *st, uint32_t event, cstring_t msg, ...)
338 static void slog(struct site *st, uint32_t event, cstring_t msg, ...)
342 vslog(st,event,msg,ap);
346 static void logtimeout(struct site *st, const char *fmt, ...)
348 static void logtimeout(struct site *st, const char *fmt, ...)
352 vslog(st,LOG_SETUP_TIMEOUT,fmt,ap);
356 static void set_link_quality(struct site *st);
357 static void delete_keys(struct site *st, cstring_t reason, uint32_t loglevel);
358 static void delete_one_key(struct site *st, struct data_key *key,
359 const char *reason /* may be 0 meaning don't log*/,
360 const char *which /* ignored if !reasonn */,
361 uint32_t loglevel /* ignored if !reasonn */);
362 static bool_t initiate_key_setup(struct site *st, cstring_t reason,
363 const struct comm_addr *prod_hint);
364 static void enter_state_run(struct site *st);
365 static bool_t enter_state_resolve(struct site *st);
366 static bool_t enter_new_state(struct site *st,uint32_t next);
367 static void enter_state_wait(struct site *st);
368 static void activate_new_key(struct site *st);
370 static bool_t is_transform_valid(struct transform_inst_if *transform)
372 return transform && transform->valid(transform->st);
375 static bool_t current_valid(struct site *st)
377 return is_transform_valid(st->current.transform);
380 #define DEFINE_CALL_TRANSFORM(fwdrev) \
381 static int call_transform_##fwdrev(struct site *st, \
382 struct transform_inst_if *transform, \
383 struct buffer_if *buf, \
384 const char **errmsg) \
386 if (!is_transform_valid(transform)) { \
387 *errmsg="transform not set up"; \
390 return transform->fwdrev(transform->st,buf,errmsg); \
393 DEFINE_CALL_TRANSFORM(forwards)
394 DEFINE_CALL_TRANSFORM(reverse)
396 static void dispose_transform(struct transform_inst_if **transform_var)
398 struct transform_inst_if *transform=*transform_var;
400 transform->delkey(transform->st);
401 transform->destroy(transform->st);
406 #define CHECK_AVAIL(b,l) do { if ((b)->size<(l)) return False; } while(0)
407 #define CHECK_EMPTY(b) do { if ((b)->size!=0) return False; } while(0)
408 #define CHECK_TYPE(b,t) do { uint32_t type; \
409 CHECK_AVAIL((b),4); \
410 type=buf_unprepend_uint32((b)); \
411 if (type!=(t)) return False; } while(0)
413 static _Bool type_is_msg34(uint32_t type)
416 type == LABEL_MSG3 ||
417 type == LABEL_MSG3BIS ||
424 struct buffer_if extrainfo;
431 struct parsedname remote;
432 struct parsedname local;
433 uint32_t remote_capabilities;
435 int capab_transformnum;
445 static void set_new_transform(struct site *st, char *pk)
447 /* Make room for the shared key */
448 st->sharedsecretlen=st->chosen_transform->keylen?:st->dh->ceil_len;
449 assert(st->sharedsecretlen);
450 if (st->sharedsecretlen > st->sharedsecretallocd) {
451 st->sharedsecretallocd=st->sharedsecretlen;
452 st->sharedsecret=realloc(st->sharedsecret,st->sharedsecretallocd);
454 if (!st->sharedsecret) fatal_perror("site:sharedsecret");
456 /* Generate the shared key */
457 st->dh->makeshared(st->dh->st,st->dhsecret,st->dh->len,pk,
458 st->sharedsecret,st->sharedsecretlen);
460 /* Set up the transform */
461 struct transform_if *generator=st->chosen_transform;
462 struct transform_inst_if *generated=generator->create(generator->st);
463 generated->setkey(generated->st,st->sharedsecret,
464 st->sharedsecretlen,st->setup_priority);
465 dispose_transform(&st->new_transform);
466 st->new_transform=generated;
468 slog(st,LOG_SETUP_INIT,"key exchange negotiated transform"
469 " %d (capabilities ours=%#"PRIx32" theirs=%#"PRIx32")",
470 st->chosen_transform->capab_transformnum,
471 st->local_capabilities, st->remote_capabilities);
475 int32_t lenpos, afternul;
477 static void append_string_xinfo_start(struct buffer_if *buf,
478 struct xinfoadd *xia,
480 /* Helps construct one of the names with additional info as found
481 * in MSG1..4. Call this function first, then append all the
482 * desired extra info (not including the nul byte) to the buffer,
483 * then call append_string_xinfo_done. */
485 xia->lenpos = buf->size;
486 buf_append_string(buf,str);
487 buf_append_uint8(buf,0);
488 xia->afternul = buf->size;
490 static void append_string_xinfo_done(struct buffer_if *buf,
491 struct xinfoadd *xia)
493 /* we just need to adjust the string length */
494 if (buf->size == xia->afternul) {
495 /* no extra info, strip the nul too */
496 buf_unappend_uint8(buf);
498 put_uint16(buf->start+xia->lenpos, buf->size-(xia->lenpos+2));
502 /* Build any of msg1 to msg4. msg5 and msg6 are built from the inside
503 out using a transform of config data supplied by netlink */
504 static bool_t generate_msg(struct site *st, uint32_t type, cstring_t what)
510 st->retries=st->setup_retries;
511 BUF_ALLOC(&st->buffer,what);
512 buffer_init(&st->buffer,0);
513 buf_append_uint32(&st->buffer,
514 (type==LABEL_MSG1?0:st->setup_session_id));
515 buf_append_uint32(&st->buffer,st->index);
516 buf_append_uint32(&st->buffer,type);
519 append_string_xinfo_start(&st->buffer,&xia,st->localname);
520 if ((st->local_capabilities & CAPAB_EARLY) || (type != LABEL_MSG1)) {
521 buf_append_uint32(&st->buffer,st->local_capabilities);
523 if (type_is_msg34(type)) {
524 buf_append_uint16(&st->buffer,st->mtu_target);
526 append_string_xinfo_done(&st->buffer,&xia);
528 buf_append_string(&st->buffer,st->remotename);
529 memcpy(buf_append(&st->buffer,NONCELEN),st->localN,NONCELEN);
530 if (type==LABEL_MSG1) return True;
531 memcpy(buf_append(&st->buffer,NONCELEN),st->remoteN,NONCELEN);
532 if (type==LABEL_MSG2) return True;
534 if (hacky_par_mid_failnow()) return False;
536 if (type==LABEL_MSG3BIS)
537 buf_append_uint8(&st->buffer,st->chosen_transform->capab_transformnum);
539 dhpub=st->dh->makepublic(st->dh->st,st->dhsecret,st->dh->len);
540 buf_append_string(&st->buffer,dhpub);
542 hash=safe_malloc(st->hash->len, "generate_msg");
543 hst=st->hash->init();
544 st->hash->update(hst,st->buffer.start,st->buffer.size);
545 st->hash->final(hst,hash);
546 sig=st->privkey->sign(st->privkey->st,hash,st->hash->len);
547 buf_append_string(&st->buffer,sig);
553 static bool_t unpick_name(struct buffer_if *msg, struct parsedname *nm)
556 nm->len=buf_unprepend_uint16(msg);
557 CHECK_AVAIL(msg,nm->len);
558 nm->name=buf_unprepend(msg,nm->len);
559 uint8_t *nul=memchr(nm->name,0,nm->len);
561 buffer_readonly_view(&nm->extrainfo,0,0);
563 buffer_readonly_view(&nm->extrainfo, nul+1, msg->start-(nul+1));
564 nm->len=nul-nm->name;
569 static bool_t unpick_msg(struct site *st, uint32_t type,
570 struct buffer_if *msg, struct msg *m)
572 m->capab_transformnum=-1;
573 m->hashstart=msg->start;
575 m->dest=buf_unprepend_uint32(msg);
577 m->source=buf_unprepend_uint32(msg);
578 CHECK_TYPE(msg,type);
579 if (!unpick_name(msg,&m->remote)) return False;
580 m->remote_capabilities=0;
582 if (m->remote.extrainfo.size) {
583 CHECK_AVAIL(&m->remote.extrainfo,4);
584 m->remote_capabilities=buf_unprepend_uint32(&m->remote.extrainfo);
586 if (type_is_msg34(type) && m->remote.extrainfo.size) {
587 CHECK_AVAIL(&m->remote.extrainfo,2);
588 m->remote_mtu=buf_unprepend_uint16(&m->remote.extrainfo);
590 if (!unpick_name(msg,&m->local)) return False;
591 if (type==LABEL_PROD) {
595 CHECK_AVAIL(msg,NONCELEN);
596 m->nR=buf_unprepend(msg,NONCELEN);
597 if (type==LABEL_MSG1) {
601 CHECK_AVAIL(msg,NONCELEN);
602 m->nL=buf_unprepend(msg,NONCELEN);
603 if (type==LABEL_MSG2) {
607 if (type==LABEL_MSG3BIS) {
609 m->capab_transformnum = buf_unprepend_uint8(msg);
611 m->capab_transformnum = CAPAB_TRANSFORMNUM_ANCIENT;
614 m->pklen=buf_unprepend_uint16(msg);
615 CHECK_AVAIL(msg,m->pklen);
616 m->pk=buf_unprepend(msg,m->pklen);
617 m->hashlen=msg->start-m->hashstart;
619 m->siglen=buf_unprepend_uint16(msg);
620 CHECK_AVAIL(msg,m->siglen);
621 m->sig=buf_unprepend(msg,m->siglen);
626 static bool_t name_matches(const struct parsedname *nm, const char *expected)
628 int expected_len=strlen(expected);
630 nm->len == expected_len &&
631 !memcmp(nm->name, expected, expected_len);
634 static bool_t check_msg(struct site *st, uint32_t type, struct msg *m,
637 if (type==LABEL_MSG1) return True;
639 /* Check that the site names and our nonce have been sent
640 back correctly, and then store our peer's nonce. */
641 if (!name_matches(&m->remote,st->remotename)) {
642 *error="wrong remote site name";
645 if (!name_matches(&m->local,st->localname)) {
646 *error="wrong local site name";
649 if (memcmp(m->nL,st->localN,NONCELEN)!=0) {
650 *error="wrong locally-generated nonce";
653 if (type==LABEL_MSG2) return True;
654 if (!consttime_memeq(m->nR,st->remoteN,NONCELEN)!=0) {
655 *error="wrong remotely-generated nonce";
658 /* MSG3 has complicated rules about capabilities, which are
659 * handled in process_msg3. */
660 if (type==LABEL_MSG3 || type==LABEL_MSG3BIS) return True;
661 if (m->remote_capabilities!=st->remote_capabilities) {
662 *error="remote capabilities changed";
665 if (type==LABEL_MSG4) return True;
666 *error="unknown message type";
670 static bool_t generate_msg1(struct site *st)
672 st->random->generate(st->random->st,NONCELEN,st->localN);
673 return generate_msg(st,LABEL_MSG1,"site:MSG1");
676 static bool_t process_msg1(struct site *st, struct buffer_if *msg1,
677 const struct comm_addr *src, struct msg *m)
679 /* We've already determined we're in an appropriate state to
680 process an incoming MSG1, and that the MSG1 has correct values
683 transport_record_peer(st,&st->setup_peers,src,"msg1");
684 st->setup_session_id=m->source;
685 st->remote_capabilities=m->remote_capabilities;
686 memcpy(st->remoteN,m->nR,NONCELEN);
690 static bool_t generate_msg2(struct site *st)
692 st->random->generate(st->random->st,NONCELEN,st->localN);
693 return generate_msg(st,LABEL_MSG2,"site:MSG2");
696 static bool_t process_msg2(struct site *st, struct buffer_if *msg2,
697 const struct comm_addr *src)
702 if (!unpick_msg(st,LABEL_MSG2,msg2,&m)) return False;
703 if (!check_msg(st,LABEL_MSG2,&m,&err)) {
704 slog(st,LOG_SEC,"msg2: %s",err);
707 st->setup_session_id=m.source;
708 st->remote_capabilities=m.remote_capabilities;
710 /* Select the transform to use */
712 uint32_t remote_transforms = st->remote_capabilities & CAPAB_TRANSFORM_MASK;
713 if (!remote_transforms)
714 /* old secnets only had this one transform */
715 remote_transforms = 1UL << CAPAB_TRANSFORMNUM_ANCIENT;
717 struct transform_if *ti;
719 for (i=0; i<st->ntransforms; i++) {
720 ti=st->transforms[i];
721 if ((1UL << ti->capab_transformnum) & remote_transforms)
722 goto transform_found;
724 slog(st,LOG_ERROR,"no transforms in common"
725 " (us %#"PRIx32"; them: %#"PRIx32")",
726 st->local_capabilities & CAPAB_TRANSFORM_MASK,
730 st->chosen_transform=ti;
732 memcpy(st->remoteN,m.nR,NONCELEN);
736 static bool_t generate_msg3(struct site *st)
738 /* Now we have our nonce and their nonce. Think of a secret key,
739 and create message number 3. */
740 st->random->generate(st->random->st,st->dh->len,st->dhsecret);
741 return generate_msg(st,
742 (st->remote_capabilities & CAPAB_TRANSFORM_MASK
743 ? LABEL_MSG3BIS : LABEL_MSG3),
747 static bool_t process_msg3_msg4(struct site *st, struct msg *m)
752 /* Check signature and store g^x mod m */
753 hash=safe_malloc(st->hash->len, "process_msg3_msg4");
754 hst=st->hash->init();
755 st->hash->update(hst,m->hashstart,m->hashlen);
756 st->hash->final(hst,hash);
757 /* Terminate signature with a '0' - cheating, but should be ok */
759 if (!st->pubkey->check(st->pubkey->st,hash,st->hash->len,m->sig)) {
760 slog(st,LOG_SEC,"msg3/msg4 signature failed check!");
766 st->remote_adv_mtu=m->remote_mtu;
771 static bool_t process_msg3(struct site *st, struct buffer_if *msg3,
772 const struct comm_addr *src, uint32_t msgtype)
777 assert(msgtype==LABEL_MSG3 || msgtype==LABEL_MSG3BIS);
779 if (!unpick_msg(st,msgtype,msg3,&m)) return False;
780 if (!check_msg(st,msgtype,&m,&err)) {
781 slog(st,LOG_SEC,"msg3: %s",err);
784 uint32_t capab_adv_late = m.remote_capabilities
785 & ~st->remote_capabilities & CAPAB_EARLY;
786 if (capab_adv_late) {
787 slog(st,LOG_SEC,"msg3 impermissibly adds early capability flag(s)"
788 " %#"PRIx32" (was %#"PRIx32", now %#"PRIx32")",
789 capab_adv_late, st->remote_capabilities, m.remote_capabilities);
792 st->remote_capabilities|=m.remote_capabilities;
794 struct transform_if *ti;
796 for (i=0; i<st->ntransforms; i++) {
797 ti=st->transforms[i];
798 if (ti->capab_transformnum == m.capab_transformnum)
799 goto transform_found;
801 slog(st,LOG_SEC,"peer chose unknown-to-us transform %d!",
802 m.capab_transformnum);
805 st->chosen_transform=ti;
807 if (!process_msg3_msg4(st,&m))
810 /* Terminate their DH public key with a '0' */
812 /* Invent our DH secret key */
813 st->random->generate(st->random->st,st->dh->len,st->dhsecret);
815 /* Generate the shared key and set up the transform */
816 set_new_transform(st,m.pk);
821 static bool_t generate_msg4(struct site *st)
823 /* We have both nonces, their public key and our private key. Generate
824 our public key, sign it and send it to them. */
825 return generate_msg(st,LABEL_MSG4,"site:MSG4");
828 static bool_t process_msg4(struct site *st, struct buffer_if *msg4,
829 const struct comm_addr *src)
834 if (!unpick_msg(st,LABEL_MSG4,msg4,&m)) return False;
835 if (!check_msg(st,LABEL_MSG4,&m,&err)) {
836 slog(st,LOG_SEC,"msg4: %s",err);
840 if (!process_msg3_msg4(st,&m))
843 /* Terminate their DH public key with a '0' */
846 /* Generate the shared key and set up the transform */
847 set_new_transform(st,m.pk);
858 static bool_t unpick_msg0(struct site *st, struct buffer_if *msg0,
862 m->dest=buf_unprepend_uint32(msg0);
864 m->source=buf_unprepend_uint32(msg0);
866 m->type=buf_unprepend_uint32(msg0);
868 /* Leaves transformed part of buffer untouched */
871 static bool_t generate_msg5(struct site *st)
873 cstring_t transform_err;
875 BUF_ALLOC(&st->buffer,"site:MSG5");
876 /* We are going to add four words to the message */
877 buffer_init(&st->buffer,calculate_max_start_pad());
878 /* Give the netlink code an opportunity to put its own stuff in the
879 message (configuration information, etc.) */
880 buf_prepend_uint32(&st->buffer,LABEL_MSG5);
881 if (call_transform_forwards(st,st->new_transform,
882 &st->buffer,&transform_err))
884 buf_prepend_uint32(&st->buffer,LABEL_MSG5);
885 buf_prepend_uint32(&st->buffer,st->index);
886 buf_prepend_uint32(&st->buffer,st->setup_session_id);
888 st->retries=st->setup_retries;
892 static bool_t process_msg5(struct site *st, struct buffer_if *msg5,
893 const struct comm_addr *src,
894 struct transform_inst_if *transform)
897 cstring_t transform_err;
899 if (!unpick_msg0(st,msg5,&m)) return False;
901 if (call_transform_reverse(st,transform,msg5,&transform_err)) {
902 /* There's a problem */
903 slog(st,LOG_SEC,"process_msg5: transform: %s",transform_err);
906 /* Buffer should now contain untransformed PING packet data */
908 if (buf_unprepend_uint32(msg5)!=LABEL_MSG5) {
909 slog(st,LOG_SEC,"MSG5/PING packet contained wrong label");
912 /* Older versions of secnet used to write some config data here
913 * which we ignore. So we don't CHECK_EMPTY */
917 static void create_msg6(struct site *st, struct transform_inst_if *transform,
920 cstring_t transform_err;
922 BUF_ALLOC(&st->buffer,"site:MSG6");
923 /* We are going to add four words to the message */
924 buffer_init(&st->buffer,calculate_max_start_pad());
925 /* Give the netlink code an opportunity to put its own stuff in the
926 message (configuration information, etc.) */
927 buf_prepend_uint32(&st->buffer,LABEL_MSG6);
928 int problem = call_transform_forwards(st,transform,
929 &st->buffer,&transform_err);
931 buf_prepend_uint32(&st->buffer,LABEL_MSG6);
932 buf_prepend_uint32(&st->buffer,st->index);
933 buf_prepend_uint32(&st->buffer,session_id);
936 static bool_t generate_msg6(struct site *st)
938 if (!is_transform_valid(st->new_transform))
940 create_msg6(st,st->new_transform,st->setup_session_id);
941 st->retries=1; /* Peer will retransmit MSG5 if this packet gets lost */
945 static bool_t process_msg6(struct site *st, struct buffer_if *msg6,
946 const struct comm_addr *src)
949 cstring_t transform_err;
951 if (!unpick_msg0(st,msg6,&m)) return False;
953 if (call_transform_reverse(st,st->new_transform,msg6,&transform_err)) {
954 /* There's a problem */
955 slog(st,LOG_SEC,"process_msg6: transform: %s",transform_err);
958 /* Buffer should now contain untransformed PING packet data */
960 if (buf_unprepend_uint32(msg6)!=LABEL_MSG6) {
961 slog(st,LOG_SEC,"MSG6/PONG packet contained invalid data");
964 /* Older versions of secnet used to write some config data here
965 * which we ignore. So we don't CHECK_EMPTY */
969 static bool_t decrypt_msg0(struct site *st, struct buffer_if *msg0,
970 const struct comm_addr *src)
972 cstring_t transform_err, auxkey_err, newkey_err="n/a";
976 if (!unpick_msg0(st,msg0,&m)) return False;
978 /* Keep a copy so we can try decrypting it with multiple keys */
979 buffer_copy(&st->scratch, msg0);
981 problem = call_transform_reverse(st,st->current.transform,
982 msg0,&transform_err);
984 if (!st->auxiliary_is_new)
985 delete_one_key(st,&st->auxiliary_key,
986 "peer has used new key","auxiliary key",LOG_SEC);
992 buffer_copy(msg0, &st->scratch);
993 problem = call_transform_reverse(st,st->auxiliary_key.transform,
996 slog(st,LOG_DROP,"processing packet which uses auxiliary key");
997 if (st->auxiliary_is_new) {
998 /* We previously timed out in state SENTMSG5 but it turns
999 * out that our peer did in fact get our MSG5 and is
1000 * using the new key. So we should switch to it too. */
1001 /* This is a bit like activate_new_key. */
1004 st->current=st->auxiliary_key;
1005 st->auxiliary_key=t;
1007 delete_one_key(st,&st->auxiliary_key,"peer has used new key",
1008 "previous key",LOG_SEC);
1009 st->auxiliary_is_new=0;
1010 st->renegotiate_key_time=st->auxiliary_renegotiate_key_time;
1017 if (st->state==SITE_SENTMSG5) {
1018 buffer_copy(msg0, &st->scratch);
1019 problem = call_transform_reverse(st,st->new_transform,
1022 /* It looks like we didn't get the peer's MSG6 */
1023 /* This is like a cut-down enter_new_state(SITE_RUN) */
1024 slog(st,LOG_STATE,"will enter state RUN (MSG0 with new key)");
1025 BUF_FREE(&st->buffer);
1027 activate_new_key(st);
1028 return True; /* do process the data in this packet */
1034 slog(st,LOG_SEC,"transform: %s (aux: %s, new: %s)",
1035 transform_err,auxkey_err,newkey_err);
1036 initiate_key_setup(st,"incoming message would not decrypt",0);
1037 send_nak(src,m.dest,m.source,m.type,msg0,"message would not decrypt");
1041 slog(st,LOG_DROP,"transform: %s (merely skew)",transform_err);
1045 static bool_t process_msg0(struct site *st, struct buffer_if *msg0,
1046 const struct comm_addr *src)
1050 if (!decrypt_msg0(st,msg0,src))
1053 CHECK_AVAIL(msg0,4);
1054 type=buf_unprepend_uint32(msg0);
1057 /* We must forget about the current session. */
1058 delete_keys(st,"request from peer",LOG_SEC);
1061 /* Deliver to netlink layer */
1062 st->netlink->deliver(st->netlink->st,msg0);
1063 transport_data_msgok(st,src);
1064 /* See whether we should start negotiating a new key */
1065 if (st->now > st->renegotiate_key_time)
1066 initiate_key_setup(st,"incoming packet in renegotiation window",0);
1069 slog(st,LOG_SEC,"incoming encrypted message of type %08x "
1076 static void dump_packet(struct site *st, struct buffer_if *buf,
1077 const struct comm_addr *addr, bool_t incoming)
1079 uint32_t dest=get_uint32(buf->start);
1080 uint32_t source=get_uint32(buf->start+4);
1081 uint32_t msgtype=get_uint32(buf->start+8);
1083 if (st->log_events & LOG_DUMP)
1084 slilog(st->log,M_DEBUG,"%s: %s: %08x<-%08x: %08x:",
1085 st->tunname,incoming?"incoming":"outgoing",
1086 dest,source,msgtype);
1089 static uint32_t site_status(void *st)
1094 static bool_t send_msg(struct site *st)
1096 if (st->retries>0) {
1097 transport_xmit(st, &st->setup_peers, &st->buffer, True);
1098 st->timeout=st->now+st->setup_retry_interval;
1101 } else if (st->state==SITE_SENTMSG5) {
1102 logtimeout(st,"timed out sending MSG5, stashing new key");
1103 /* We stash the key we have produced, in case it turns out that
1104 * our peer did see our MSG5 after all and starts using it. */
1105 /* This is a bit like some of activate_new_key */
1106 struct transform_inst_if *t;
1107 t=st->auxiliary_key.transform;
1108 st->auxiliary_key.transform=st->new_transform;
1109 st->new_transform=t;
1110 dispose_transform(&st->new_transform);
1112 st->auxiliary_is_new=1;
1113 st->auxiliary_key.key_timeout=st->now+st->key_lifetime;
1114 st->auxiliary_renegotiate_key_time=st->now+st->key_renegotiate_time;
1115 st->auxiliary_key.remote_session_id=st->setup_session_id;
1117 enter_state_wait(st);
1120 logtimeout(st,"timed out sending key setup packet "
1121 "(in state %s)",state_name(st->state));
1122 enter_state_wait(st);
1127 static void site_resolve_callback(void *sst, struct in_addr *address)
1129 struct site *st=sst;
1130 struct comm_addr ca_buf, *ca_use;
1132 if (st->state!=SITE_RESOLVE) {
1133 slog(st,LOG_UNEXPECTED,"site_resolve_callback called unexpectedly");
1138 ca_buf.comm=st->comms[0];
1139 ca_buf.sin.sin_family=AF_INET;
1140 ca_buf.sin.sin_port=htons(st->remoteport);
1141 ca_buf.sin.sin_addr=*address;
1144 slog(st,LOG_ERROR,"resolution of %s failed",st->address);
1147 if (transport_compute_setupinit_peers(st,ca_use,0)) {
1148 enter_new_state(st,SITE_SENTMSG1);
1150 /* Can't figure out who to try to to talk to */
1151 slog(st,LOG_SETUP_INIT,"key exchange failed: cannot find peer address");
1152 enter_state_run(st);
1156 static bool_t initiate_key_setup(struct site *st, cstring_t reason,
1157 const struct comm_addr *prod_hint)
1159 if (st->state!=SITE_RUN) return False;
1160 slog(st,LOG_SETUP_INIT,"initiating key exchange (%s)",reason);
1162 slog(st,LOG_SETUP_INIT,"resolving peer address");
1163 return enter_state_resolve(st);
1164 } else if (transport_compute_setupinit_peers(st,0,prod_hint)) {
1165 return enter_new_state(st,SITE_SENTMSG1);
1167 slog(st,LOG_SETUP_INIT,"key exchange failed: no address for peer");
1171 static void activate_new_key(struct site *st)
1173 struct transform_inst_if *t;
1175 /* We have three transform instances, which we swap between old,
1177 t=st->auxiliary_key.transform;
1178 st->auxiliary_key.transform=st->current.transform;
1179 st->current.transform=st->new_transform;
1180 st->new_transform=t;
1181 dispose_transform(&st->new_transform);
1184 st->auxiliary_is_new=0;
1185 st->auxiliary_key.key_timeout=st->current.key_timeout;
1186 st->current.key_timeout=st->now+st->key_lifetime;
1187 st->renegotiate_key_time=st->now+st->key_renegotiate_time;
1188 transport_peers_copy(st,&st->peers,&st->setup_peers);
1189 st->current.remote_session_id=st->setup_session_id;
1191 /* Compute the inter-site MTU. This is min( our_mtu, their_mtu ).
1192 * But their mtu be unspecified, in which case we just use ours. */
1193 uint32_t intersite_mtu=
1194 MIN(st->mtu_target, st->remote_adv_mtu ?: ~(uint32_t)0);
1195 st->netlink->set_mtu(st->netlink->st,intersite_mtu);
1197 slog(st,LOG_ACTIVATE_KEY,"new key activated"
1198 " (mtu ours=%"PRId32" theirs=%"PRId32" intersite=%"PRId32")",
1199 st->mtu_target, st->remote_adv_mtu, intersite_mtu);
1200 enter_state_run(st);
1203 static void delete_one_key(struct site *st, struct data_key *key,
1204 cstring_t reason, cstring_t which, uint32_t loglevel)
1206 if (!is_transform_valid(key->transform)) return;
1207 if (reason) slog(st,loglevel,"%s deleted (%s)",which,reason);
1208 dispose_transform(&key->transform);
1212 static void delete_keys(struct site *st, cstring_t reason, uint32_t loglevel)
1214 if (current_valid(st)) {
1215 slog(st,loglevel,"session closed (%s)",reason);
1217 delete_one_key(st,&st->current,0,0,0);
1218 set_link_quality(st);
1220 delete_one_key(st,&st->auxiliary_key,0,0,0);
1223 static void state_assert(struct site *st, bool_t ok)
1225 if (!ok) fatal("site:state_assert");
1228 static void enter_state_stop(struct site *st)
1230 st->state=SITE_STOP;
1232 delete_keys(st,"entering state STOP",LOG_TIMEOUT_KEY);
1233 dispose_transform(&st->new_transform);
1236 static void set_link_quality(struct site *st)
1239 if (current_valid(st))
1240 quality=LINK_QUALITY_UP;
1241 else if (st->state==SITE_WAIT || st->state==SITE_STOP)
1242 quality=LINK_QUALITY_DOWN;
1243 else if (st->address)
1244 quality=LINK_QUALITY_DOWN_CURRENT_ADDRESS;
1245 else if (transport_peers_valid(&st->peers))
1246 quality=LINK_QUALITY_DOWN_STALE_ADDRESS;
1248 quality=LINK_QUALITY_DOWN;
1250 st->netlink->set_quality(st->netlink->st,quality);
1253 static void enter_state_run(struct site *st)
1255 slog(st,LOG_STATE,"entering state RUN");
1259 st->setup_session_id=0;
1260 transport_peers_clear(st,&st->setup_peers);
1261 memset(st->localN,0,NONCELEN);
1262 memset(st->remoteN,0,NONCELEN);
1263 dispose_transform(&st->new_transform);
1264 memset(st->dhsecret,0,st->dh->len);
1265 memset(st->sharedsecret,0,st->sharedsecretlen);
1266 set_link_quality(st);
1269 static bool_t enter_state_resolve(struct site *st)
1271 state_assert(st,st->state==SITE_RUN);
1272 slog(st,LOG_STATE,"entering state RESOLVE");
1273 st->state=SITE_RESOLVE;
1274 st->resolver->request(st->resolver->st,st->address,
1275 site_resolve_callback,st);
1279 static bool_t enter_new_state(struct site *st, uint32_t next)
1281 bool_t (*gen)(struct site *st);
1284 slog(st,LOG_STATE,"entering state %s",state_name(next));
1287 state_assert(st,st->state==SITE_RUN || st->state==SITE_RESOLVE);
1291 state_assert(st,st->state==SITE_RUN || st->state==SITE_RESOLVE ||
1292 st->state==SITE_SENTMSG1 || st->state==SITE_WAIT);
1296 state_assert(st,st->state==SITE_SENTMSG1);
1297 BUF_FREE(&st->buffer);
1301 state_assert(st,st->state==SITE_SENTMSG2);
1302 BUF_FREE(&st->buffer);
1306 state_assert(st,st->state==SITE_SENTMSG3);
1307 BUF_FREE(&st->buffer);
1311 state_assert(st,st->state==SITE_SENTMSG4);
1312 BUF_FREE(&st->buffer);
1317 fatal("enter_new_state(%s): invalid new state",state_name(next));
1321 if (hacky_par_start_failnow()) return False;
1323 r= gen(st) && send_msg(st);
1326 st->setup_retries, st->setup_retry_interval,
1331 if (next==SITE_RUN) {
1332 BUF_FREE(&st->buffer); /* Never reused */
1333 st->timeout=0; /* Never retransmit */
1334 activate_new_key(st);
1338 slog(st,LOG_ERROR,"error entering state %s",state_name(next));
1339 st->buffer.free=False; /* Unconditionally use the buffer; it may be
1340 in either state, and enter_state_wait() will
1342 enter_state_wait(st);
1346 /* msg7 tells our peer that we're about to forget our key */
1347 static bool_t send_msg7(struct site *st, cstring_t reason)
1349 cstring_t transform_err;
1351 if (current_valid(st) && st->buffer.free
1352 && transport_peers_valid(&st->peers)) {
1353 BUF_ALLOC(&st->buffer,"site:MSG7");
1354 buffer_init(&st->buffer,calculate_max_start_pad());
1355 buf_append_uint32(&st->buffer,LABEL_MSG7);
1356 buf_append_string(&st->buffer,reason);
1357 if (call_transform_forwards(st, st->current.transform,
1358 &st->buffer, &transform_err))
1360 buf_prepend_uint32(&st->buffer,LABEL_MSG0);
1361 buf_prepend_uint32(&st->buffer,st->index);
1362 buf_prepend_uint32(&st->buffer,st->current.remote_session_id);
1363 transport_xmit(st,&st->peers,&st->buffer,True);
1364 BUF_FREE(&st->buffer);
1371 /* We go into this state if our peer becomes uncommunicative. Similar to
1372 the "stop" state, we forget all session keys for a while, before
1373 re-entering the "run" state. */
1374 static void enter_state_wait(struct site *st)
1376 slog(st,LOG_STATE,"entering state WAIT");
1377 st->timeout=st->now+st->wait_timeout;
1378 st->state=SITE_WAIT;
1379 set_link_quality(st);
1380 BUF_FREE(&st->buffer); /* will have had an outgoing packet in it */
1381 /* XXX Erase keys etc. */
1384 static void generate_prod(struct site *st, struct buffer_if *buf)
1387 buf_append_uint32(buf,0);
1388 buf_append_uint32(buf,0);
1389 buf_append_uint32(buf,LABEL_PROD);
1390 buf_append_string(buf,st->localname);
1391 buf_append_string(buf,st->remotename);
1394 static void generate_send_prod(struct site *st,
1395 const struct comm_addr *source)
1397 if (!st->allow_send_prod) return; /* too soon */
1398 if (!(st->state==SITE_RUN || st->state==SITE_RESOLVE ||
1399 st->state==SITE_WAIT)) return; /* we'd ignore peer's MSG1 */
1401 slog(st,LOG_SETUP_INIT,"prodding peer for key exchange");
1402 st->allow_send_prod=0;
1403 generate_prod(st,&st->scratch);
1404 dump_packet(st,&st->scratch,source,False);
1405 source->comm->sendmsg(source->comm->st, &st->scratch, source);
1408 static inline void site_settimeout(uint64_t timeout, int *timeout_io)
1411 int64_t offset=timeout-*now;
1412 if (offset<0) offset=0;
1413 if (offset>INT_MAX) offset=INT_MAX;
1414 if (*timeout_io<0 || offset<*timeout_io)
1419 static int site_beforepoll(void *sst, struct pollfd *fds, int *nfds_io,
1422 struct site *st=sst;
1424 *nfds_io=0; /* We don't use any file descriptors */
1427 /* Work out when our next timeout is. The earlier of 'timeout' or
1428 'current.key_timeout'. A stored value of '0' indicates no timeout
1430 site_settimeout(st->timeout, timeout_io);
1431 site_settimeout(st->current.key_timeout, timeout_io);
1432 site_settimeout(st->auxiliary_key.key_timeout, timeout_io);
1434 return 0; /* success */
1437 static void check_expiry(struct site *st, struct data_key *key,
1440 if (key->key_timeout && *now>key->key_timeout) {
1441 delete_one_key(st,key,"maximum life exceeded",which,LOG_TIMEOUT_KEY);
1445 /* NB site_afterpoll will be called before site_beforepoll is ever called */
1446 static void site_afterpoll(void *sst, struct pollfd *fds, int nfds)
1448 struct site *st=sst;
1451 if (st->timeout && *now>st->timeout) {
1453 if (st->state>=SITE_SENTMSG1 && st->state<=SITE_SENTMSG5) {
1454 if (!hacky_par_start_failnow())
1456 } else if (st->state==SITE_WAIT) {
1457 enter_state_run(st);
1459 slog(st,LOG_ERROR,"site_afterpoll: unexpected timeout, state=%d",
1463 check_expiry(st,&st->current,"current key");
1464 check_expiry(st,&st->auxiliary_key,"auxiliary key");
1467 /* This function is called by the netlink device to deliver packets
1468 intended for the remote network. The packet is in "raw" wire
1469 format, but is guaranteed to be word-aligned. */
1470 static void site_outgoing(void *sst, struct buffer_if *buf)
1472 struct site *st=sst;
1473 cstring_t transform_err;
1475 if (st->state==SITE_STOP) {
1480 st->allow_send_prod=1;
1482 /* In all other states we consider delivering the packet if we have
1483 a valid key and a valid address to send it to. */
1484 if (current_valid(st) && transport_peers_valid(&st->peers)) {
1485 /* Transform it and send it */
1487 buf_prepend_uint32(buf,LABEL_MSG9);
1488 if (call_transform_forwards(st, st->current.transform,
1489 buf, &transform_err))
1491 buf_prepend_uint32(buf,LABEL_MSG0);
1492 buf_prepend_uint32(buf,st->index);
1493 buf_prepend_uint32(buf,st->current.remote_session_id);
1494 transport_xmit(st,&st->peers,buf,False);
1501 slog(st,LOG_DROP,"discarding outgoing packet of size %d",buf->size);
1503 initiate_key_setup(st,"outgoing packet",0);
1506 static bool_t named_for_us(struct site *st, const struct buffer_if *buf_in,
1507 uint32_t type, struct msg *m)
1508 /* For packets which are identified by the local and remote names.
1509 * If it has our name and our peer's name in it it's for us. */
1511 struct buffer_if buf[1];
1512 buffer_readonly_clone(buf,buf_in);
1513 return unpick_msg(st,type,buf,m)
1514 && name_matches(&m->remote,st->remotename)
1515 && name_matches(&m->local,st->localname);
1518 /* This function is called by the communication device to deliver
1519 packets from our peers.
1520 It should return True if the packet is recognised as being for
1521 this current site instance (and should therefore not be processed
1522 by other sites), even if the packet was otherwise ignored. */
1523 static bool_t site_incoming(void *sst, struct buffer_if *buf,
1524 const struct comm_addr *source)
1526 struct site *st=sst;
1528 if (buf->size < 12) return False;
1530 uint32_t dest=get_uint32(buf->start);
1531 uint32_t msgtype=get_uint32(buf->start+8);
1532 struct msg named_msg;
1534 if (msgtype==LABEL_MSG1) {
1535 if (!named_for_us(st,buf,msgtype,&named_msg))
1537 /* It's a MSG1 addressed to us. Decide what to do about it. */
1538 dump_packet(st,buf,source,True);
1539 if (st->state==SITE_RUN || st->state==SITE_RESOLVE ||
1540 st->state==SITE_WAIT) {
1541 /* We should definitely process it */
1542 if (process_msg1(st,buf,source,&named_msg)) {
1543 slog(st,LOG_SETUP_INIT,"key setup initiated by peer");
1544 enter_new_state(st,SITE_SENTMSG2);
1546 slog(st,LOG_ERROR,"failed to process incoming msg1");
1550 } else if (st->state==SITE_SENTMSG1) {
1551 /* We've just sent a message 1! They may have crossed on
1552 the wire. If we have priority then we ignore the
1553 incoming one, otherwise we process it as usual. */
1554 if (st->setup_priority) {
1556 slog(st,LOG_DUMP,"crossed msg1s; we are higher "
1557 "priority => ignore incoming msg1");
1560 slog(st,LOG_DUMP,"crossed msg1s; we are lower "
1561 "priority => use incoming msg1");
1562 if (process_msg1(st,buf,source,&named_msg)) {
1563 BUF_FREE(&st->buffer); /* Free our old message 1 */
1564 enter_new_state(st,SITE_SENTMSG2);
1566 slog(st,LOG_ERROR,"failed to process an incoming "
1567 "crossed msg1 (we have low priority)");
1573 /* The message 1 was received at an unexpected stage of the
1574 key setup. XXX POLICY - what do we do? */
1575 slog(st,LOG_UNEXPECTED,"unexpected incoming message 1");
1579 if (msgtype==LABEL_PROD) {
1580 if (!named_for_us(st,buf,msgtype,&named_msg))
1582 dump_packet(st,buf,source,True);
1583 if (st->state!=SITE_RUN) {
1584 slog(st,LOG_DROP,"ignoring PROD when not in state RUN");
1585 } else if (current_valid(st)) {
1586 slog(st,LOG_DROP,"ignoring PROD when we think we have a key");
1588 initiate_key_setup(st,"peer sent PROD packet",source);
1593 if (dest==st->index) {
1594 /* Explicitly addressed to us */
1595 if (msgtype!=LABEL_MSG0) dump_packet(st,buf,source,True);
1598 /* If the source is our current peer then initiate a key setup,
1599 because our peer's forgotten the key */
1600 if (get_uint32(buf->start+4)==st->current.remote_session_id) {
1602 initiated = initiate_key_setup(st,"received a NAK",0);
1603 if (!initiated) generate_send_prod(st,source);
1605 slog(st,LOG_SEC,"bad incoming NAK");
1609 process_msg0(st,buf,source);
1612 /* Setup packet: should not have been explicitly addressed
1614 slog(st,LOG_SEC,"incoming explicitly addressed msg1");
1617 /* Setup packet: expected only in state SENTMSG1 */
1618 if (st->state!=SITE_SENTMSG1) {
1619 slog(st,LOG_UNEXPECTED,"unexpected MSG2");
1620 } else if (process_msg2(st,buf,source)) {
1621 transport_setup_msgok(st,source);
1622 enter_new_state(st,SITE_SENTMSG3);
1624 slog(st,LOG_SEC,"invalid MSG2");
1629 /* Setup packet: expected only in state SENTMSG2 */
1630 if (st->state!=SITE_SENTMSG2) {
1631 slog(st,LOG_UNEXPECTED,"unexpected MSG3");
1632 } else if (process_msg3(st,buf,source,msgtype)) {
1633 transport_setup_msgok(st,source);
1634 enter_new_state(st,SITE_SENTMSG4);
1636 slog(st,LOG_SEC,"invalid MSG3");
1640 /* Setup packet: expected only in state SENTMSG3 */
1641 if (st->state!=SITE_SENTMSG3) {
1642 slog(st,LOG_UNEXPECTED,"unexpected MSG4");
1643 } else if (process_msg4(st,buf,source)) {
1644 transport_setup_msgok(st,source);
1645 enter_new_state(st,SITE_SENTMSG5);
1647 slog(st,LOG_SEC,"invalid MSG4");
1651 /* Setup packet: expected only in state SENTMSG4 */
1652 /* (may turn up in state RUN if our return MSG6 was lost
1653 and the new key has already been activated. In that
1654 case we discard it. The peer will realise that we
1655 are using the new key when they see our data packets.
1656 Until then the peer's data packets to us get discarded. */
1657 if (st->state==SITE_SENTMSG4) {
1658 if (process_msg5(st,buf,source,st->new_transform)) {
1659 transport_setup_msgok(st,source);
1660 enter_new_state(st,SITE_RUN);
1662 slog(st,LOG_SEC,"invalid MSG5");
1664 } else if (st->state==SITE_RUN) {
1665 if (process_msg5(st,buf,source,st->current.transform)) {
1666 slog(st,LOG_DROP,"got MSG5, retransmitting MSG6");
1667 transport_setup_msgok(st,source);
1668 create_msg6(st,st->current.transform,
1669 st->current.remote_session_id);
1670 transport_xmit(st,&st->peers,&st->buffer,True);
1671 BUF_FREE(&st->buffer);
1673 slog(st,LOG_SEC,"invalid MSG5 (in state RUN)");
1676 slog(st,LOG_UNEXPECTED,"unexpected MSG5");
1680 /* Setup packet: expected only in state SENTMSG5 */
1681 if (st->state!=SITE_SENTMSG5) {
1682 slog(st,LOG_UNEXPECTED,"unexpected MSG6");
1683 } else if (process_msg6(st,buf,source)) {
1684 BUF_FREE(&st->buffer); /* Free message 5 */
1685 transport_setup_msgok(st,source);
1686 activate_new_key(st);
1688 slog(st,LOG_SEC,"invalid MSG6");
1692 slog(st,LOG_SEC,"received message of unknown type 0x%08x",
1703 static void site_control(void *vst, bool_t run)
1705 struct site *st=vst;
1706 if (run) enter_state_run(st);
1707 else enter_state_stop(st);
1710 static void site_phase_hook(void *sst, uint32_t newphase)
1712 struct site *st=sst;
1714 /* The program is shutting down; tell our peer */
1715 send_msg7(st,"shutting down");
1718 static list_t *site_apply(closure_t *self, struct cloc loc, dict_t *context,
1721 static uint32_t index_sequence;
1727 st=safe_malloc(sizeof(*st),"site_apply");
1729 st->cl.description="site";
1730 st->cl.type=CL_SITE;
1732 st->cl.interface=&st->ops;
1734 st->ops.control=site_control;
1735 st->ops.status=site_status;
1737 /* First parameter must be a dict */
1738 item=list_elem(args,0);
1739 if (!item || item->type!=t_dict)
1740 cfgfatal(loc,"site","parameter must be a dictionary\n");
1742 dict=item->data.dict;
1743 st->localname=dict_read_string(dict, "local-name", True, "site", loc);
1744 st->remotename=dict_read_string(dict, "name", True, "site", loc);
1746 st->peer_mobile=dict_read_bool(dict,"mobile",False,"site",loc,False);
1747 bool_t local_mobile=
1748 dict_read_bool(dict,"local-mobile",False,"site",loc,False);
1750 /* Sanity check (which also allows the 'sites' file to include
1751 site() closures for all sites including our own): refuse to
1752 talk to ourselves */
1753 if (strcmp(st->localname,st->remotename)==0) {
1754 Message(M_DEBUG,"site %s: local-name==name -> ignoring this site\n",
1756 if (st->peer_mobile != local_mobile)
1757 cfgfatal(loc,"site","site %s's peer-mobile=%d"
1758 " but our local-mobile=%d\n",
1759 st->localname, st->peer_mobile, local_mobile);
1763 if (st->peer_mobile && local_mobile) {
1764 Message(M_WARNING,"site %s: site is mobile but so are we"
1765 " -> ignoring this site\n", st->remotename);
1770 assert(index_sequence < 0xffffffffUL);
1771 st->index = ++index_sequence;
1772 st->local_capabilities = 0;
1773 st->netlink=find_cl_if(dict,"link",CL_NETLINK,True,"site",loc);
1775 #define GET_CLOSURE_LIST(dictkey,things,nthings,CL_TYPE) do{ \
1776 list_t *things##_cfg=dict_lookup(dict,dictkey); \
1777 if (!things##_cfg) \
1778 cfgfatal(loc,"site","closure list \"%s\" not found\n",dictkey); \
1779 st->nthings=list_length(things##_cfg); \
1780 st->things=safe_malloc_ary(sizeof(*st->things),st->nthings,dictkey "s"); \
1781 assert(st->nthings); \
1782 for (i=0; i<st->nthings; i++) { \
1783 item_t *item=list_elem(things##_cfg,i); \
1784 if (item->type!=t_closure) \
1785 cfgfatal(loc,"site","%s is not a closure\n",dictkey); \
1786 closure_t *cl=item->data.closure; \
1787 if (cl->type!=CL_TYPE) \
1788 cfgfatal(loc,"site","%s closure wrong type\n",dictkey); \
1789 st->things[i]=cl->interface; \
1793 GET_CLOSURE_LIST("comm",comms,ncomms,CL_COMM);
1795 st->resolver=find_cl_if(dict,"resolver",CL_RESOLVER,True,"site",loc);
1796 st->log=find_cl_if(dict,"log",CL_LOG,True,"site",loc);
1797 st->random=find_cl_if(dict,"random",CL_RANDOMSRC,True,"site",loc);
1799 st->privkey=find_cl_if(dict,"local-key",CL_RSAPRIVKEY,True,"site",loc);
1800 st->address=dict_read_string(dict, "address", False, "site", loc);
1802 st->remoteport=dict_read_number(dict,"port",True,"site",loc,0);
1803 else st->remoteport=0;
1804 st->pubkey=find_cl_if(dict,"key",CL_RSAPUBKEY,True,"site",loc);
1806 GET_CLOSURE_LIST("transform",transforms,ntransforms,CL_TRANSFORM);
1808 st->dh=find_cl_if(dict,"dh",CL_DH,True,"site",loc);
1809 st->hash=find_cl_if(dict,"hash",CL_HASH,True,"site",loc);
1811 #define DEFAULT(D) (st->peer_mobile || local_mobile \
1812 ? DEFAULT_MOBILE_##D : DEFAULT_##D)
1813 #define CFG_NUMBER(k,D) dict_read_number(dict,(k),False,"site",loc,DEFAULT(D));
1815 st->key_lifetime= CFG_NUMBER("key-lifetime", KEY_LIFETIME);
1816 st->setup_retries= CFG_NUMBER("setup-retries", SETUP_RETRIES);
1817 st->setup_retry_interval= CFG_NUMBER("setup-timeout", SETUP_RETRY_INTERVAL);
1818 st->wait_timeout= CFG_NUMBER("wait-time", WAIT_TIME);
1819 st->mtu_target= dict_read_number(dict,"mtu-target",False,"site",loc,0);
1821 st->mobile_peer_expiry= dict_read_number(
1822 dict,"mobile-peer-expiry",False,"site",loc,DEFAULT_MOBILE_PEER_EXPIRY);
1824 st->transport_peers_max= !st->peer_mobile ? 1 : dict_read_number(
1825 dict,"mobile-peers-max",False,"site",loc,DEFAULT_MOBILE_PEERS_MAX);
1826 if (st->transport_peers_max<1 ||
1827 st->transport_peers_max>=MAX_MOBILE_PEERS_MAX) {
1828 cfgfatal(loc,"site","mobile-peers-max must be in range 1.."
1829 STRING(MAX_MOBILE_PEERS_MAX) "\n");
1832 if (st->key_lifetime < DEFAULT(KEY_RENEGOTIATE_GAP)*2)
1833 st->key_renegotiate_time=st->key_lifetime/2;
1835 st->key_renegotiate_time=st->key_lifetime-DEFAULT(KEY_RENEGOTIATE_GAP);
1836 st->key_renegotiate_time=dict_read_number(
1837 dict,"renegotiate-time",False,"site",loc,st->key_renegotiate_time);
1838 if (st->key_renegotiate_time > st->key_lifetime) {
1839 cfgfatal(loc,"site",
1840 "renegotiate-time must be less than key-lifetime\n");
1843 st->log_events=string_list_to_word(dict_lookup(dict,"log-events"),
1844 log_event_table,"site");
1846 st->allow_send_prod=0;
1848 st->tunname=safe_malloc(strlen(st->localname)+strlen(st->remotename)+5,
1850 sprintf(st->tunname,"%s<->%s",st->localname,st->remotename);
1852 /* The information we expect to see in incoming messages of type 1 */
1853 /* fixme: lots of unchecked overflows here, but the results are only
1854 corrupted packets rather than undefined behaviour */
1855 st->setup_priority=(strcmp(st->localname,st->remotename)>0);
1857 buffer_new(&st->buffer,SETUP_BUFFER_LEN);
1859 buffer_new(&st->scratch,SETUP_BUFFER_LEN);
1860 BUF_ALLOC(&st->scratch,"site:scratch");
1862 /* We are interested in poll(), but only for timeouts. We don't have
1863 any fds of our own. */
1864 register_for_poll(st, site_beforepoll, site_afterpoll, 0, "site");
1867 st->remote_capabilities=0;
1868 st->chosen_transform=0;
1869 st->current.key_timeout=0;
1870 st->auxiliary_key.key_timeout=0;
1871 transport_peers_clear(st,&st->peers);
1872 transport_peers_clear(st,&st->setup_peers);
1873 /* XXX mlock these */
1874 st->dhsecret=safe_malloc(st->dh->len,"site:dhsecret");
1875 st->sharedsecretlen=st->sharedsecretallocd=0;
1878 for (i=0; i<st->ntransforms; i++) {
1879 struct transform_if *ti=st->transforms[i];
1880 uint32_t capbit = 1UL << ti->capab_transformnum;
1881 if (st->local_capabilities & capbit)
1882 slog(st,LOG_ERROR,"transformnum capability bit"
1883 " %d (%#"PRIx32") reused", ti->capab_transformnum, capbit);
1884 st->local_capabilities |= capbit;
1887 /* We need to register the remote networks with the netlink device */
1888 uint32_t netlink_mtu; /* local virtual interface mtu */
1889 st->netlink->reg(st->netlink->st, site_outgoing, st, &netlink_mtu);
1890 if (!st->mtu_target)
1891 st->mtu_target=netlink_mtu;
1893 for (i=0; i<st->ncomms; i++)
1894 st->comms[i]->request_notify(st->comms[i]->st, st, site_incoming);
1896 st->current.transform=0;
1897 st->auxiliary_key.transform=0;
1898 st->new_transform=0;
1899 st->auxiliary_is_new=0;
1901 enter_state_stop(st);
1903 add_hook(PHASE_SHUTDOWN,site_phase_hook,st);
1905 return new_closure(&st->cl);
1908 void site_module(dict_t *dict)
1910 add_closure(dict,"site",site_apply);
1914 /***** TRANSPORT PEERS definitions *****/
1916 static void transport_peers_debug(struct site *st, transport_peers *dst,
1917 const char *didwhat,
1918 int nargs, const struct comm_addr *args,
1923 if (!(st->log_events & LOG_PEER_ADDRS))
1924 return; /* an optimisation */
1926 slog(st, LOG_PEER_ADDRS, "peers (%s) %s nargs=%d => npeers=%d",
1927 (dst==&st->peers ? "data" :
1928 dst==&st->setup_peers ? "setup" : "UNKNOWN"),
1929 didwhat, nargs, dst->npeers);
1931 for (i=0, argp=(void*)args;
1933 i++, (argp+=stride?stride:sizeof(*args))) {
1934 const struct comm_addr *ca=(void*)argp;
1935 slog(st, LOG_PEER_ADDRS, " args: addrs[%d]=%s",
1936 i, comm_addr_to_string(ca));
1938 for (i=0; i<dst->npeers; i++) {
1939 struct timeval diff;
1940 timersub(tv_now,&dst->peers[i].last,&diff);
1941 const struct comm_addr *ca=&dst->peers[i].addr;
1942 slog(st, LOG_PEER_ADDRS, " peers: addrs[%d]=%s T-%ld.%06ld",
1943 i, comm_addr_to_string(ca),
1944 (unsigned long)diff.tv_sec, (unsigned long)diff.tv_usec);
1948 static int transport_peer_compar(const void *av, const void *bv) {
1949 const transport_peer *a=av;
1950 const transport_peer *b=bv;
1951 /* put most recent first in the array */
1952 if (timercmp(&a->last, &b->last, <)) return +1;
1953 if (timercmp(&a->last, &b->last, >)) return -11;
1957 static void transport_peers_expire(struct site *st, transport_peers *peers) {
1958 /* peers must be sorted first */
1959 int previous_peers=peers->npeers;
1960 struct timeval oldest;
1961 oldest.tv_sec = tv_now->tv_sec - st->mobile_peer_expiry;
1962 oldest.tv_usec = tv_now->tv_usec;
1963 while (peers->npeers>1 &&
1964 timercmp(&peers->peers[peers->npeers-1].last, &oldest, <))
1966 if (peers->npeers != previous_peers)
1967 transport_peers_debug(st,peers,"expire", 0,0,0);
1970 static void transport_record_peer(struct site *st, transport_peers *peers,
1971 const struct comm_addr *addr, const char *m) {
1972 int slot, changed=0;
1974 for (slot=0; slot<peers->npeers; slot++)
1975 if (!memcmp(&peers->peers[slot].addr, addr, sizeof(*addr)))
1979 if (peers->npeers==st->transport_peers_max)
1980 slot=st->transport_peers_max-1;
1982 slot=peers->npeers++;
1985 peers->peers[slot].addr=*addr;
1986 peers->peers[slot].last=*tv_now;
1988 if (peers->npeers>1)
1989 qsort(peers->peers, peers->npeers,
1990 sizeof(*peers->peers), transport_peer_compar);
1992 if (changed || peers->npeers!=1)
1993 transport_peers_debug(st,peers,m, 1,addr,0);
1994 transport_peers_expire(st, peers);
1997 static bool_t transport_compute_setupinit_peers(struct site *st,
1998 const struct comm_addr *configured_addr /* 0 if none or not found */,
1999 const struct comm_addr *prod_hint_addr /* 0 if none */) {
2001 if (!configured_addr && !prod_hint_addr &&
2002 !transport_peers_valid(&st->peers))
2005 slog(st,LOG_SETUP_INIT,
2006 "using:%s%s %d old peer address(es)",
2007 configured_addr ? " configured address;" : "",
2008 prod_hint_addr ? " PROD hint address;" : "",
2011 /* Non-mobile peers havve st->peers.npeers==0 or ==1, since they
2012 * have transport_peers_max==1. The effect is that this code
2013 * always uses the configured address if supplied, or otherwise
2014 * the address of the incoming PROD, or the existing data peer if
2015 * one exists; this is as desired. */
2017 transport_peers_copy(st,&st->setup_peers,&st->peers);
2020 transport_record_peer(st,&st->setup_peers,prod_hint_addr,"prod");
2022 if (configured_addr)
2023 transport_record_peer(st,&st->setup_peers,configured_addr,"setupinit");
2025 assert(transport_peers_valid(&st->setup_peers));
2029 static void transport_setup_msgok(struct site *st, const struct comm_addr *a) {
2030 if (st->peer_mobile)
2031 transport_record_peer(st,&st->setup_peers,a,"setupmsg");
2033 static void transport_data_msgok(struct site *st, const struct comm_addr *a) {
2034 if (st->peer_mobile)
2035 transport_record_peer(st,&st->peers,a,"datamsg");
2038 static int transport_peers_valid(transport_peers *peers) {
2039 return peers->npeers;
2041 static void transport_peers_clear(struct site *st, transport_peers *peers) {
2043 transport_peers_debug(st,peers,"clear",0,0,0);
2045 static void transport_peers_copy(struct site *st, transport_peers *dst,
2046 const transport_peers *src) {
2047 dst->npeers=src->npeers;
2048 memcpy(dst->peers, src->peers, sizeof(*dst->peers) * dst->npeers);
2049 transport_peers_debug(st,dst,"copy",
2050 src->npeers, &src->peers->addr, sizeof(*src->peers));
2053 void transport_xmit(struct site *st, transport_peers *peers,
2054 struct buffer_if *buf, bool_t candebug) {
2056 transport_peers_expire(st, peers);
2057 for (slot=0; slot<peers->npeers; slot++) {
2058 transport_peer *peer=&peers->peers[slot];
2060 dump_packet(st, buf, &peer->addr, False);
2061 peer->addr.comm->sendmsg(peer->addr.comm->st, buf, &peer->addr);
2065 /***** END of transport peers declarations *****/
~ianmdlvl / secnet.git / blob