1 /* site.c - manage communication with a remote network site */
3 /* The 'site' code doesn't know anything about the structure of the
4 packets it's transmitting. In fact, under the new netlink
5 configuration scheme it doesn't need to know anything at all about
6 IP addresses, except how to contact its peer. This means it could
7 potentially be used to tunnel other protocols too (IPv6, IPX, plain
8 old Ethernet frames) if appropriate netlink code can be written
9 (and that ought not to be too hard, eg. using the TUN/TAP device to
10 pretend to be an Ethernet interface). */
15 /* MBM asserts the next one is needed for compilation under BSD. */
16 #include <sys/socket.h>
20 #include "unaligned.h"
22 #define SETUP_BUFFER_LEN 2048
24 #define DEFAULT_KEY_LIFETIME 3600000 /* One hour */
25 #define DEFAULT_KEY_RENEGOTIATE_GAP 300000 /* Five minutes */
26 #define DEFAULT_SETUP_RETRIES 5
27 #define DEFAULT_SETUP_TIMEOUT 1000
28 #define DEFAULT_WAIT_TIME 20000
30 /* Each site can be in one of several possible states. */
33 SITE_STOP - nothing is allowed to happen; tunnel is down;
34 all session keys have been erased
35 -> SITE_RUN upon external instruction
36 SITE_RUN - site up, maybe with valid key
37 -> SITE_RESOLVE upon outgoing packet and no valid key
38 we start name resolution for the other end of the tunnel
39 -> SITE_SENTMSG2 upon valid incoming message 1 and suitable time
40 we send an appropriate message 2
41 SITE_RESOLVE - waiting for name resolution
42 -> SITE_SENTMSG1 upon successful resolution
43 we send an appropriate message 1
44 -> SITE_SENTMSG2 upon valid incoming message 1 (then abort resolution)
45 we abort resolution and
46 -> SITE_WAIT on timeout or resolution failure
48 -> SITE_SENTMSG2 upon valid incoming message 1 from higher priority end
49 -> SITE_SENTMSG3 upon valid incoming message 2
50 -> SITE_WAIT on timeout
52 -> SITE_SENTMSG4 upon valid incoming message 3
53 -> SITE_WAIT on timeout
55 -> SITE_SENTMSG5 upon valid incoming message 4
56 -> SITE_WAIT on timeout
58 -> SITE_RUN upon valid incoming message 5
59 -> SITE_WAIT on timeout
61 -> SITE_RUN upon valid incoming message 6
62 -> SITE_WAIT on timeout
63 SITE_WAIT - failed to establish key; do nothing for a while
64 -> SITE_RUN on timeout
69 #define SITE_RESOLVE 2
70 #define SITE_SENTMSG1 3
71 #define SITE_SENTMSG2 4
72 #define SITE_SENTMSG3 5
73 #define SITE_SENTMSG4 6
74 #define SITE_SENTMSG5 7
77 static string_t state_name(uint32_t state)
80 case 0: return "STOP";
82 case 2: return "RESOLVE";
83 case 3: return "SENTMSG1";
84 case 4: return "SENTMSG2";
85 case 5: return "SENTMSG3";
86 case 6: return "SENTMSG4";
87 case 7: return "SENTMSG5";
88 case 8: return "WAIT";
89 default: return "*bad state*";
93 #define LABEL_MSG0 0x00020200
94 #define LABEL_MSG1 0x01010101
95 #define LABEL_MSG2 0x02020202
96 #define LABEL_MSG3 0x03030303
97 #define LABEL_MSG4 0x04040404
98 #define LABEL_MSG5 0x05050505
99 #define LABEL_MSG6 0x06060606
100 #define LABEL_MSG7 0x07070707
101 #define LABEL_MSG8 0x08080808
102 #define LABEL_MSG9 0x09090909
106 #define LOG_UNEXPECTED 0x00000001
107 #define LOG_SETUP_INIT 0x00000002
108 #define LOG_SETUP_TIMEOUT 0x00000004
109 #define LOG_ACTIVATE_KEY 0x00000008
110 #define LOG_TIMEOUT_KEY 0x00000010
111 #define LOG_SEC 0x00000020
112 #define LOG_STATE 0x00000040
113 #define LOG_DROP 0x00000080
114 #define LOG_DUMP 0x00000100
115 #define LOG_ERROR 0x00000400
117 static struct flagstr log_event_table[]={
118 { "unexpected", LOG_UNEXPECTED },
119 { "setup-init", LOG_SETUP_INIT },
120 { "setup-timeout", LOG_SETUP_TIMEOUT },
121 { "activate-key", LOG_ACTIVATE_KEY },
122 { "timeout-key", LOG_TIMEOUT_KEY },
123 { "security", LOG_SEC },
124 { "state-change", LOG_STATE },
125 { "packet-drop", LOG_DROP },
126 { "dump-packets", LOG_DUMP },
127 { "errors", LOG_ERROR },
128 { "all", 0xffffffff },
135 /* configuration information */
138 string_t tunname; /* localname<->remotename by default */
139 string_t address; /* DNS name for bootstrapping, optional */
141 struct netlink_if *netlink;
142 struct comm_if *comm;
143 struct resolver_if *resolver;
145 struct random_if *random;
146 struct rsaprivkey_if *privkey;
147 struct rsapubkey_if *pubkey;
148 struct transform_if *transform;
150 struct hash_if *hash;
152 uint32_t setup_retries; /* How many times to send setup packets */
153 uint32_t setup_timeout; /* Initial timeout for setup packets */
154 uint32_t wait_timeout; /* How long to wait if setup unsuccessful */
155 uint32_t key_lifetime; /* How long a key lasts once set up */
156 uint32_t key_renegotiate_time; /* If we see traffic (or a keepalive)
157 after this time, initiate a new
160 bool_t keepalive; /* Always keep the tunnel up */
162 uint8_t *setupsig; /* Expected signature of incoming MSG1 packets */
163 uint32_t setupsiglen; /* Allows us to discard packets quickly if
164 they are not for us */
165 bool_t setup_priority; /* Do we have precedence if both sites emit
166 message 1 simultaneously? */
169 /* runtime information */
171 uint64_t now; /* Most recently seen time */
173 uint32_t remote_session_id;
174 struct transform_inst_if *current_transform;
175 bool_t current_valid;
176 uint64_t current_key_timeout; /* End of life of current key */
177 struct sockaddr_in peer; /* Current address of peer */
178 bool_t peer_valid; /* Peer address becomes invalid when key times out,
179 but only if we have a DNS name for our peer */
181 uint32_t setup_session_id;
182 struct sockaddr_in setup_peer;
183 uint8_t localN[NONCELEN]; /* Nonces for key exchange */
184 uint8_t remoteN[NONCELEN];
185 struct buffer_if buffer; /* Current outgoing key exchange packet */
186 uint32_t retries; /* Number of retries remaining */
187 uint64_t timeout; /* Timeout for current state */
189 uint8_t *sharedsecret;
191 struct transform_inst_if *new_transform; /* For key setup/verify */
194 static void slog(struct site *st, uint32_t event, string_t msg, ...)
202 if (event&st->log_events) {
204 case LOG_UNEXPECTED: class=M_INFO; break;
205 case LOG_SETUP_INIT: class=M_INFO; break;
206 case LOG_SETUP_TIMEOUT: class=M_NOTICE; break;
207 case LOG_ACTIVATE_KEY: class=M_INFO; break;
208 case LOG_TIMEOUT_KEY: class=M_INFO; break;
209 case LOG_SEC: class=M_SECURITY; break;
210 case LOG_STATE: class=M_DEBUG; break;
211 case LOG_DROP: class=M_DEBUG; break;
212 case LOG_DUMP: class=M_DEBUG; break;
213 case LOG_ERROR: class=M_ERR; break;
214 default: class=M_ERR; break;
217 vsnprintf(buf,240,msg,ap);
218 st->log->log(st->log->st,class,"%s: %s",st->tunname,buf);
223 static void set_link_quality(struct site *st);
224 static void delete_key(struct site *st, string_t reason, uint32_t loglevel);
225 static bool_t initiate_key_setup(struct site *st, string_t reason);
226 static void enter_state_run(struct site *st);
227 static bool_t enter_state_resolve(struct site *st);
228 static bool_t enter_state_sentmsg1(struct site *st);
229 static bool_t enter_state_sentmsg2(struct site *st);
230 static bool_t enter_state_sentmsg3(struct site *st);
231 static bool_t enter_state_sentmsg4(struct site *st);
232 static bool_t enter_state_sentmsg5(struct site *st);
233 static void enter_state_wait(struct site *st);
235 #define CHECK_AVAIL(b,l) do { if ((b)->size<(l)) return False; } while(0)
236 #define CHECK_EMPTY(b) do { if ((b)->size!=0) return False; } while(0)
237 #define CHECK_TYPE(b,t) do { uint32_t type; \
238 CHECK_AVAIL((b),4); \
239 type=buf_unprepend_uint32((b)); \
240 if (type!=(t)) return False; } while(0)
259 /* Build any of msg1 to msg4. msg5 and msg6 are built from the inside out
260 using a transform. */
261 static bool_t generate_msg(struct site *st, uint32_t type, string_t what)
264 uint8_t *hash=alloca(st->hash->len);
267 st->retries=st->setup_retries;
268 BUF_ALLOC(&st->buffer,what);
269 buffer_init(&st->buffer,0);
270 buf_append_uint32(&st->buffer,
271 (type==LABEL_MSG1?0:st->setup_session_id));
272 buf_append_uint32(&st->buffer,(uint32_t)st);
273 buf_append_uint32(&st->buffer,type);
274 buf_append_string(&st->buffer,st->localname);
275 buf_append_string(&st->buffer,st->remotename);
276 memcpy(buf_append(&st->buffer,NONCELEN),st->localN,NONCELEN);
277 if (type==LABEL_MSG1) return True;
278 memcpy(buf_append(&st->buffer,NONCELEN),st->remoteN,NONCELEN);
279 if (type==LABEL_MSG2) return True;
280 dhpub=st->dh->makepublic(st->dh->st,st->dhsecret,st->dh->len);
281 buf_append_string(&st->buffer,dhpub);
283 hst=st->hash->init();
284 st->hash->update(hst,st->buffer.start,st->buffer.size);
285 st->hash->final(hst,hash);
286 sig=st->privkey->sign(st->privkey->st,hash,st->hash->len);
287 buf_append_string(&st->buffer,sig);
292 static bool_t unpick_msg(struct site *st, uint32_t type,
293 struct buffer_if *msg, struct msg *m)
295 m->hashstart=msg->start;
297 m->dest=buf_unprepend_uint32(msg);
299 m->source=buf_unprepend_uint32(msg);
300 CHECK_TYPE(msg,type);
302 m->remlen=buf_unprepend_uint16(msg);
303 CHECK_AVAIL(msg,m->remlen);
304 m->remote=buf_unprepend(msg,m->remlen);
306 m->loclen=buf_unprepend_uint16(msg);
307 CHECK_AVAIL(msg,m->loclen);
308 m->local=buf_unprepend(msg,m->loclen);
309 CHECK_AVAIL(msg,NONCELEN);
310 m->nR=buf_unprepend(msg,NONCELEN);
311 if (type==LABEL_MSG1) {
315 CHECK_AVAIL(msg,NONCELEN);
316 m->nL=buf_unprepend(msg,NONCELEN);
317 if (type==LABEL_MSG2) {
322 m->pklen=buf_unprepend_uint16(msg);
323 CHECK_AVAIL(msg,m->pklen);
324 m->pk=buf_unprepend(msg,m->pklen);
325 m->hashlen=msg->start-m->hashstart;
327 m->siglen=buf_unprepend_uint16(msg);
328 CHECK_AVAIL(msg,m->siglen);
329 m->sig=buf_unprepend(msg,m->siglen);
334 static bool_t generate_msg1(struct site *st)
336 st->random->generate(st->random->st,NONCELEN,st->localN);
337 return generate_msg(st,LABEL_MSG1,"site:MSG1");
340 static bool_t process_msg1(struct site *st, struct buffer_if *msg1,
341 struct sockaddr_in *src)
345 /* We've already determined we're in an appropriate state to
346 process an incoming MSG1, and that the MSG1 has correct values
349 if (!unpick_msg(st,LABEL_MSG1,msg1,&m)) return False;
351 /* XXX save src as our peer address here? */
354 st->setup_session_id=m.source;
355 memcpy(st->remoteN,m.nR,NONCELEN);
359 static bool_t generate_msg2(struct site *st)
361 st->random->generate(st->random->st,NONCELEN,st->localN);
362 return generate_msg(st,LABEL_MSG2,"site:MSG2");
365 static bool_t process_msg2(struct site *st, struct buffer_if *msg2,
366 struct sockaddr_in *src)
370 if (!unpick_msg(st,LABEL_MSG2,msg2,&m)) return False;
372 /* Check that the site names and our nonce have been sent
373 back correctly, and then store our peer's nonce. */
374 if (memcmp(m.remote,st->remotename,strlen(st->remotename)!=0)) {
375 slog(st,LOG_SEC,"msg2: bad B (remote site name)");
378 if (memcmp(m.local,st->localname,strlen(st->localname)!=0)) {
379 slog(st,LOG_SEC,"msg2: bad A (local site name)");
382 if (memcmp(m.nL,st->localN,NONCELEN)!=0) {
383 slog(st,LOG_SEC,"msg2: bad nA (locally generated nonce)");
386 st->setup_session_id=m.source;
387 memcpy(st->remoteN,m.nR,NONCELEN);
391 static bool_t generate_msg3(struct site *st)
393 /* Now we have our nonce and their nonce. Think of a secret key,
394 and create message number 3. */
395 st->random->generate(st->random->st,st->dh->len,st->dhsecret);
396 return generate_msg(st,LABEL_MSG3,"site:MSG3");
399 static bool_t process_msg3(struct site *st, struct buffer_if *msg3,
400 struct sockaddr_in *src)
403 uint8_t *hash=alloca(st->hash->len);
406 if (!unpick_msg(st,LABEL_MSG3,msg3,&m)) return False;
408 /* Check that the site names and nonces have been sent back
410 if (memcmp(m.remote,st->remotename,strlen(st->remotename)!=0)) {
411 slog(st,LOG_SEC,"msg3: bad A (remote site name)");
414 if (memcmp(m.local,st->localname,strlen(st->localname)!=0)) {
415 slog(st,LOG_SEC,"msg3: bad B (local site name)");
418 if (memcmp(m.nR,st->remoteN,NONCELEN)!=0) {
419 slog(st,LOG_SEC,"msg3: bad nA (remotely generated nonce)");
422 if (memcmp(m.nL,st->localN,NONCELEN)!=0) {
423 slog(st,LOG_SEC,"msg3: bad nB (locally generated nonce)");
427 /* Check signature and store g^x mod m */
428 hst=st->hash->init();
429 st->hash->update(hst,m.hashstart,m.hashlen);
430 st->hash->final(hst,hash);
431 /* Terminate signature with a '0' - cheating, but should be ok */
433 if (!st->pubkey->check(st->pubkey->st,hash,st->hash->len,m.sig)) {
434 slog(st,LOG_SEC,"msg3 signature failed check!");
438 /* Terminate their DH public key with a '0' */
440 /* Invent our DH secret key */
441 st->random->generate(st->random->st,st->dh->len,st->dhsecret);
443 /* Generate the shared key */
444 st->dh->makeshared(st->dh->st,st->dhsecret,st->dh->len,m.pk,
445 st->sharedsecret,st->transform->keylen);
447 /* Set up the transform */
448 st->new_transform->setkey(st->new_transform->st,st->sharedsecret,
449 st->transform->keylen);
454 static bool_t generate_msg4(struct site *st)
456 /* We have both nonces, their public key and our private key. Generate
457 our public key, sign it and send it to them. */
458 return generate_msg(st,LABEL_MSG4,"site:MSG4");
461 static bool_t process_msg4(struct site *st, struct buffer_if *msg4,
462 struct sockaddr_in *src)
465 uint8_t *hash=alloca(st->hash->len);
468 if (!unpick_msg(st,LABEL_MSG4,msg4,&m)) return False;
470 /* Check that the site names and nonces have been sent back
472 if (memcmp(m.remote,st->remotename,strlen(st->remotename)!=0)) {
473 slog(st,LOG_SEC,"msg4: bad B (remote site name)");
476 if (memcmp(m.local,st->localname,strlen(st->localname)!=0)) {
477 slog(st,LOG_SEC,"msg4: bad A (local site name)");
480 if (memcmp(m.nR,st->remoteN,NONCELEN)!=0) {
481 slog(st,LOG_SEC,"msg4: bad nB (remotely generated nonce)");
484 if (memcmp(m.nL,st->localN,NONCELEN)!=0) {
485 slog(st,LOG_SEC,"msg4: bad nA (locally generated nonce)");
489 /* Check signature and store g^x mod m */
490 hst=st->hash->init();
491 st->hash->update(hst,m.hashstart,m.hashlen);
492 st->hash->final(hst,hash);
493 /* Terminate signature with a '0' - cheating, but should be ok */
495 if (!st->pubkey->check(st->pubkey->st,hash,st->hash->len,m.sig)) {
496 slog(st,LOG_SEC,"msg4 signature failed check!");
500 /* Terminate their DH public key with a '0' */
502 /* Generate the shared key */
503 st->dh->makeshared(st->dh->st,st->dhsecret,st->dh->len,m.pk,
504 st->sharedsecret,st->transform->keylen);
505 /* Set up the transform */
506 st->new_transform->setkey(st->new_transform->st,st->sharedsecret,
507 st->transform->keylen);
512 static bool_t generate_msg5(struct site *st)
514 string_t transform_err;
516 BUF_ALLOC(&st->buffer,"site:MSG5");
517 /* We are going to add three words to the transformed message */
518 buffer_init(&st->buffer,st->transform->max_start_pad+(4*3));
519 buf_append_uint32(&st->buffer,LABEL_MSG5);
520 /* Give the netlink code an opportunity to put its own stuff in the
521 message (configuration information, etc.) */
522 st->netlink->output_config(st->netlink->st,&st->buffer);
523 st->new_transform->forwards(st->new_transform->st,&st->buffer,
525 buf_prepend_uint32(&st->buffer,LABEL_MSG5);
526 buf_prepend_uint32(&st->buffer,(uint32_t)st);
527 buf_prepend_uint32(&st->buffer,st->setup_session_id);
529 st->retries=st->setup_retries;
539 static bool_t unpick_msg0(struct site *st, struct buffer_if *msg0,
543 m->dest=buf_unprepend_uint32(msg0);
545 m->source=buf_unprepend_uint32(msg0);
547 m->type=buf_unprepend_uint32(msg0);
549 /* Leaves transformed part of buffer untouched */
552 static bool_t process_msg5(struct site *st, struct buffer_if *msg5,
553 struct sockaddr_in *src)
556 string_t transform_err;
558 if (!unpick_msg0(st,msg5,&m)) return False;
560 if (st->new_transform->reverse(st->new_transform->st,
561 msg5,&transform_err)) {
562 /* There's a problem */
563 slog(st,LOG_SEC,"process_msg5: transform: %s",transform_err);
566 /* Buffer should now contain untransformed PING packet data */
568 if (buf_unprepend_uint32(msg5)!=LABEL_MSG5) {
569 slog(st,LOG_SEC,"MSG5/PING packet contained invalid data");
572 if (!st->netlink->check_config(st->netlink->st,msg5)) {
573 slog(st,LOG_SEC,"MSG5/PING packet contained bad netlink config");
580 static bool_t generate_msg6(struct site *st)
582 string_t transform_err;
584 BUF_ALLOC(&st->buffer,"site:MSG6");
585 /* We are going to add three words to the transformed message */
586 buffer_init(&st->buffer,st->transform->max_start_pad+(4*3));
587 buf_append_uint32(&st->buffer,LABEL_MSG6);
588 /* Give the netlink code an opportunity to put its own stuff in the
589 message (configuration information, etc.) */
590 st->netlink->output_config(st->netlink->st,&st->buffer);
591 st->new_transform->forwards(st->new_transform->st,&st->buffer,
593 buf_prepend_uint32(&st->buffer,LABEL_MSG6);
594 buf_prepend_uint32(&st->buffer,(uint32_t)st);
595 buf_prepend_uint32(&st->buffer,st->setup_session_id);
597 st->retries=1; /* Peer will retransmit MSG5 if necessary */
601 static bool_t process_msg6(struct site *st, struct buffer_if *msg6,
602 struct sockaddr_in *src)
605 string_t transform_err;
607 if (!unpick_msg0(st,msg6,&m)) return False;
609 if (st->new_transform->reverse(st->new_transform->st,
610 msg6,&transform_err)) {
611 /* There's a problem */
612 slog(st,LOG_SEC,"process_msg6: transform: %s",transform_err);
615 /* Buffer should now contain untransformed PING packet data */
617 if (buf_unprepend_uint32(msg6)!=LABEL_MSG6) {
618 slog(st,LOG_SEC,"MSG6/PONG packet contained invalid data");
621 if (!st->netlink->check_config(st->netlink->st,msg6)) {
622 slog(st,LOG_SEC,"MSG6/PONG packet contained bad netlink config");
629 static bool_t process_msg0(struct site *st, struct buffer_if *msg0,
630 struct sockaddr_in *src)
633 string_t transform_err;
636 if (!st->current_valid) {
637 slog(st,LOG_DROP,"incoming message but no current key -> dropping");
638 return initiate_key_setup(st,"incoming message but no current key");
641 if (!unpick_msg0(st,msg0,&m)) return False;
643 if (st->current_transform->reverse(st->current_transform->st,
644 msg0,&transform_err)) {
645 /* There's a problem */
646 slog(st,LOG_SEC,"transform: %s",transform_err);
647 return initiate_key_setup(st,"incoming message would not decrypt");
650 type=buf_unprepend_uint32(msg0);
653 /* We must forget about the current session. */
654 delete_key(st,"request from peer",LOG_SEC);
658 /* Deliver to netlink layer */
659 st->netlink->deliver(st->netlink->st,msg0);
663 slog(st,LOG_SEC,"incoming message of type %08x (unknown)",type);
669 static void dump_packet(struct site *st, struct buffer_if *buf,
670 struct sockaddr_in *addr, bool_t incoming)
672 uint32_t dest=ntohl(*(uint32_t *)buf->start);
673 uint32_t source=ntohl(*(uint32_t *)(buf->start+4));
674 uint32_t msgtype=ntohl(*(uint32_t *)(buf->start+8));
676 if (st->log_events & LOG_DUMP)
677 log(st->log,M_DEBUG,"%s: %s: %08x<-%08x: %08x:",
678 st->tunname,incoming?"incoming":"outgoing",
679 dest,source,msgtype);
682 static uint32_t site_status(void *st)
687 static bool_t send_msg(struct site *st)
690 dump_packet(st,&st->buffer,&st->setup_peer,False);
691 st->comm->sendmsg(st->comm->st,&st->buffer,&st->setup_peer);
692 st->timeout=st->now+st->setup_timeout;
696 slog(st,LOG_SETUP_TIMEOUT,"timed out sending key setup packet "
697 "(in state %s)",state_name(st->state));
698 enter_state_wait(st);
703 static void site_resolve_callback(void *sst, struct in_addr *address)
707 if (st->state!=SITE_RESOLVE) {
708 slog(st,LOG_UNEXPECTED,"site_resolve_callback called unexpectedly");
712 memset(&st->setup_peer,0,sizeof(st->setup_peer));
713 st->setup_peer.sin_family=AF_INET;
714 st->setup_peer.sin_port=htons(st->remoteport);
715 st->setup_peer.sin_addr=*address;
716 enter_state_sentmsg1(st);
718 /* Resolution failed */
719 slog(st,LOG_ERROR,"resolution of %s failed",st->address);
724 static bool_t initiate_key_setup(struct site *st,string_t reason)
726 if (st->state!=SITE_RUN) return False;
727 slog(st,LOG_SETUP_INIT,"initiating key exchange (%s)",reason);
729 slog(st,LOG_SETUP_INIT,"resolving peer address");
730 return enter_state_resolve(st);
731 } else if (st->peer_valid) {
732 slog(st,LOG_SETUP_INIT,"using old peer address");
733 st->setup_peer=st->peer;
734 return enter_state_sentmsg1(st);
739 static void activate_new_key(struct site *st)
741 struct transform_inst_if *t;
743 t=st->current_transform;
744 st->current_transform=st->new_transform;
749 st->current_valid=True;
750 st->current_key_timeout=st->now+st->key_lifetime;
751 st->peer=st->setup_peer;
753 st->remote_session_id=st->setup_session_id;
755 slog(st,LOG_ACTIVATE_KEY,"new key activated");
759 static void delete_key(struct site *st, string_t reason, uint32_t loglevel)
761 if (st->current_valid) {
762 slog(st,loglevel,"session closed (%s)",reason);
764 st->current_valid=False;
765 st->current_transform->delkey(st->current_transform->st);
766 st->current_key_timeout=0;
767 set_link_quality(st);
771 static void state_assert(struct site *st, bool_t ok)
773 if (!ok) fatal("state_assert\n");
776 static void enter_state_stop(struct site *st)
780 delete_key(st,"entering state STOP",LOG_TIMEOUT_KEY);
781 st->new_transform->delkey(st->new_transform->st);
784 static void set_link_quality(struct site *st)
787 if (st->current_valid)
788 quality=LINK_QUALITY_UP;
789 else if (st->state==SITE_WAIT || st->state==SITE_STOP)
790 quality=LINK_QUALITY_DOWN;
791 else if (st->address)
792 quality=LINK_QUALITY_DOWN_CURRENT_ADDRESS;
793 else if (st->peer_valid)
794 quality=LINK_QUALITY_DOWN_STALE_ADDRESS;
796 quality=LINK_QUALITY_DOWN;
798 st->netlink->set_quality(st->netlink->st,quality);
801 static void enter_state_run(struct site *st)
803 slog(st,LOG_STATE,"entering state RUN");
807 set_link_quality(st);
808 /* XXX get rid of key setup data */
811 static bool_t enter_state_resolve(struct site *st)
813 state_assert(st,st->state==SITE_RUN);
814 slog(st,LOG_STATE,"entering state RESOLVE");
815 st->state=SITE_RESOLVE;
816 st->resolver->request(st->resolver->st,st->address,
817 site_resolve_callback,st);
821 static bool_t enter_state_sentmsg1(struct site *st)
823 state_assert(st,st->state==SITE_RUN || st->state==SITE_RESOLVE);
824 slog(st,LOG_STATE,"entering state SENTMSG1");
825 if (generate_msg1(st) && send_msg(st)) {
826 st->state=SITE_SENTMSG1;
829 slog(st,LOG_ERROR,"error entering state SENTMSG1");
830 st->buffer.free=False; /* Can't tell which it was, but enter_state_wait()
831 will do a BUF_FREE() */
832 enter_state_wait(st);
836 static bool_t enter_state_sentmsg2(struct site *st)
838 state_assert(st,st->state==SITE_RUN || st->state==SITE_RESOLVE ||
839 st->state==SITE_SENTMSG1 || st->state==SITE_WAIT);
840 slog(st,LOG_STATE,"entering state SENTMSG2");
841 if (generate_msg2(st) && send_msg(st)) {
842 st->state=SITE_SENTMSG2;
845 slog(st,LOG_ERROR,"error entering state SENTMSG2");
846 st->buffer.free=False;
847 enter_state_wait(st);
851 static bool_t enter_state_sentmsg3(struct site *st)
853 state_assert(st,st->state==SITE_SENTMSG1);
854 slog(st,LOG_STATE,"entering state SENTMSG3");
855 BUF_FREE(&st->buffer); /* Free message 1 */
856 if (generate_msg3(st) && send_msg(st)) {
857 st->state=SITE_SENTMSG3;
860 slog(st,LOG_ERROR,"error entering state SENTMSG3");
861 st->buffer.free=False;
862 enter_state_wait(st);
866 static bool_t enter_state_sentmsg4(struct site *st)
868 state_assert(st,st->state==SITE_SENTMSG2);
869 slog(st,LOG_STATE,"entering state SENTMSG4");
870 BUF_FREE(&st->buffer); /* Free message 2 */
871 if (generate_msg4(st) && send_msg(st)) {
872 st->state=SITE_SENTMSG4;
875 slog(st,LOG_ERROR,"error entering state SENTMSG4");
876 st->buffer.free=False;
877 enter_state_wait(st);
881 static bool_t enter_state_sentmsg5(struct site *st)
883 state_assert(st,st->state==SITE_SENTMSG3);
884 slog(st,LOG_STATE,"entering state SENTMSG5");
885 BUF_FREE(&st->buffer); /* Free message 3 */
887 if (generate_msg5(st) && send_msg(st)) {
888 st->state=SITE_SENTMSG5;
891 slog(st,LOG_ERROR,"error entering state SENTMSG5");
892 st->buffer.free=False;
893 enter_state_wait(st);
898 static bool_t send_msg6(struct site *st)
900 state_assert(st,st->state==SITE_SENTMSG4);
901 slog(st,LOG_STATE,"entering state RUN after sending msg6");
902 BUF_FREE(&st->buffer); /* Free message 4 */
903 if (generate_msg6(st) && send_msg(st)) {
904 BUF_FREE(&st->buffer); /* Never reused */
905 st->timeout=0; /* Never retransmit */
906 activate_new_key(st);
909 slog(st,LOG_ERROR,"error entering state RUN after sending msg6");
910 st->buffer.free=False;
911 enter_state_wait(st);
915 static bool_t send_msg7(struct site *st,string_t reason)
917 string_t transform_err;
919 if (st->current_valid && st->peer_valid && st->buffer.free) {
920 BUF_ALLOC(&st->buffer,"site:MSG7");
921 buffer_init(&st->buffer,st->transform->max_start_pad+(4*3));
922 buf_append_uint32(&st->buffer,LABEL_MSG7);
923 buf_append_string(&st->buffer,reason);
924 st->current_transform->forwards(st->current_transform->st,
925 &st->buffer, &transform_err);
926 buf_prepend_uint32(&st->buffer,LABEL_MSG0);
927 buf_prepend_uint32(&st->buffer,(uint32_t)st);
928 buf_prepend_uint32(&st->buffer,st->remote_session_id);
929 st->comm->sendmsg(st->comm->st,&st->buffer,&st->peer);
930 BUF_FREE(&st->buffer);
936 /* We go into this state if our peer becomes uncommunicative. Similar to
937 the "stop" state, we forget all session keys for a while, before
938 re-entering the "run" state. */
939 static void enter_state_wait(struct site *st)
941 slog(st,LOG_STATE,"entering state WAIT");
942 st->timeout=st->now+st->wait_timeout;
944 st->peer_valid=False;
945 set_link_quality(st);
946 BUF_FREE(&st->buffer); /* will have had an outgoing packet in it */
947 /* XXX Erase keys etc. */
950 static int site_beforepoll(void *sst, struct pollfd *fds, int *nfds_io,
951 int *timeout_io, const struct timeval *tv_now,
956 *nfds_io=0; /* We don't use any file descriptors */
959 /* Work out when our next timeout is. The earlier of 'timeout' or
960 'current_key_timeout'. A stored value of '0' indicates no timeout
962 if (st->timeout && st->timeout-*now < *timeout_io) {
963 *timeout_io=st->timeout-*now;
966 if (st->current_key_timeout && st->current_key_timeout-*now < *timeout_io)
967 *timeout_io=st->current_key_timeout-*now;
969 return 0; /* success */
972 /* NB site_afterpoll will be called before site_beforepoll is ever called */
973 static void site_afterpoll(void *sst, struct pollfd *fds, int nfds,
974 const struct timeval *tv_now, uint64_t *now)
979 if (st->timeout && *now>st->timeout) {
982 if (st->state>=SITE_SENTMSG1 && st->state<=SITE_SENTMSG5)
984 else if (st->state==SITE_WAIT) {
987 slog(st,LOG_ERROR,"site_afterpoll: unexpected timeout, state=%d",
991 if (st->current_key_timeout && *now>st->current_key_timeout) {
992 delete_key(st,"maximum key life exceeded",LOG_TIMEOUT_KEY);
996 /* This function is called by the netlink device to deliver packets
997 intended for the remote network. The packet is in "raw" wire
998 format, but is guaranteed to be word-aligned. */
999 static void site_outgoing(void *sst, struct buffer_if *buf)
1001 struct site *st=sst;
1002 string_t transform_err;
1004 if (st->state==SITE_STOP) {
1009 /* In all other states we consider delivering the packet if we have
1010 a valid key and a valid address to send it to. */
1011 if (st->current_valid && st->peer_valid) {
1012 /* Transform it and send it */
1014 buf_prepend_uint32(buf,LABEL_MSG9);
1015 st->current_transform->forwards(st->current_transform->st,
1016 buf, &transform_err);
1017 buf_prepend_uint32(buf,LABEL_MSG0);
1018 buf_prepend_uint32(buf,(uint32_t)st);
1019 buf_prepend_uint32(buf,st->remote_session_id);
1020 st->comm->sendmsg(st->comm->st,buf,&st->peer);
1026 slog(st,LOG_DROP,"discarding outgoing packet of size %d",buf->size);
1028 initiate_key_setup(st,"outgoing packet");
1031 /* This function is called by the communication device to deliver
1032 packets from our peers. */
1033 static bool_t site_incoming(void *sst, struct buffer_if *buf,
1034 struct sockaddr_in *source)
1036 struct site *st=sst;
1037 uint32_t dest=ntohl(*(uint32_t *)buf->start);
1040 if (buf->size<(st->setupsiglen+8+NONCELEN)) return False;
1041 /* It could be for any site - it should have LABEL_MSG1 and
1042 might have our name and our peer's name in it */
1043 if (memcmp(buf->start+8,st->setupsig,st->setupsiglen)==0) {
1044 dump_packet(st,buf,source,True);
1045 /* It's addressed to us. Decide what to do about it. */
1046 if (st->state==SITE_RUN || st->state==SITE_RESOLVE ||
1047 st->state==SITE_WAIT) {
1048 /* We should definitely process it */
1049 if (process_msg1(st,buf,source)) {
1050 slog(st,LOG_SETUP_INIT,"key setup initiated by peer");
1051 enter_state_sentmsg2(st);
1053 slog(st,LOG_ERROR,"failed to process incoming msg1");
1058 if (st->state==SITE_SENTMSG1) {
1059 /* We've just sent a message 1! They may have crossed on
1060 the wire. If we have priority then we ignore the
1061 incoming one, otherwise we process it as usual. */
1062 if (st->setup_priority) {
1064 slog(st,LOG_DUMP,"crossed msg1s; we are higher "
1065 "priority => ignore incoming msg1");
1068 slog(st,LOG_DUMP,"crossed msg1s; we are lower "
1069 "priority => use incoming msg1");
1070 if (process_msg1(st,buf,source)) {
1071 BUF_FREE(&st->buffer); /* Free our old message 1 */
1072 enter_state_sentmsg2(st);
1074 slog(st,LOG_ERROR,"failed to process an incoming "
1075 "crossed msg1 (we have low priority)");
1081 /* The message 1 was received at an unexpected stage of the
1082 key setup. XXX POLICY - what do we do? */
1083 slog(st,LOG_UNEXPECTED,"unexpected incoming message 1");
1087 return False; /* Not for us. */
1089 if (dest==(uint32_t)st) {
1090 uint32_t msgtype=ntohl(get_uint32(buf->start+8));
1091 /* Explicitly addressed to us */
1092 if (msgtype!=LABEL_MSG0) dump_packet(st,buf,source,True);
1095 /* If the source is our current peer then initiate a key setup,
1096 because our peer's forgotten the key */
1097 if (get_uint32(buf->start+4)==st->remote_session_id) {
1098 initiate_key_setup(st,"received a NAK");
1100 slog(st,LOG_SEC,"bad incoming NAK");
1104 process_msg0(st,buf,source);
1107 /* Setup packet: should not have been explicitly addressed
1109 slog(st,LOG_SEC,"incoming explicitly addressed msg1");
1112 /* Setup packet: expected only in state SENTMSG1 */
1113 if (st->state!=SITE_SENTMSG1) {
1114 slog(st,LOG_UNEXPECTED,"unexpected MSG2");
1115 } else if (process_msg2(st,buf,source))
1116 enter_state_sentmsg3(st);
1118 slog(st,LOG_SEC,"invalid MSG2");
1122 /* Setup packet: expected only in state SENTMSG2 */
1123 if (st->state!=SITE_SENTMSG2) {
1124 slog(st,LOG_UNEXPECTED,"unexpected MSG3");
1125 } else if (process_msg3(st,buf,source))
1126 enter_state_sentmsg4(st);
1128 slog(st,LOG_SEC,"invalid MSG3");
1132 /* Setup packet: expected only in state SENTMSG3 */
1133 if (st->state!=SITE_SENTMSG3) {
1134 slog(st,LOG_UNEXPECTED,"unexpected MSG4");
1135 } else if (process_msg4(st,buf,source))
1136 enter_state_sentmsg5(st);
1138 slog(st,LOG_SEC,"invalid MSG4");
1142 /* Setup packet: expected only in state SENTMSG4 */
1143 /* (may turn up in state RUN if our return MSG6 was lost
1144 and the new key has already been activated. In that
1145 case we should treat it as an ordinary PING packet. We
1146 can't pass it to process_msg5() because the
1147 new_transform will now be null. XXX) */
1148 if (st->state!=SITE_SENTMSG4) {
1149 slog(st,LOG_UNEXPECTED,"unexpected MSG5");
1150 } else if (process_msg5(st,buf,source)) {
1153 slog(st,LOG_SEC,"invalid MSG5");
1157 /* Setup packet: expected only in state SENTMSG5 */
1158 if (st->state!=SITE_SENTMSG5) {
1159 slog(st,LOG_UNEXPECTED,"unexpected MSG6");
1160 } else if (process_msg6(st,buf,source)) {
1161 BUF_FREE(&st->buffer); /* Free message 5 */
1162 activate_new_key(st);
1164 slog(st,LOG_SEC,"invalid MSG6");
1168 slog(st,LOG_SEC,"received message of unknown type 0x%08x",
1179 static void site_control(void *vst, bool_t run)
1181 struct site *st=vst;
1182 if (run) enter_state_run(st);
1183 else enter_state_stop(st);
1186 static void site_phase_hook(void *sst, uint32_t newphase)
1188 struct site *st=sst;
1190 /* The program is shutting down; tell our peer */
1191 send_msg7(st,"shutting down");
1194 static list_t *site_apply(closure_t *self, struct cloc loc, dict_t *context,
1201 st=safe_malloc(sizeof(*st),"site_apply");
1203 st->cl.description="site";
1204 st->cl.type=CL_SITE;
1206 st->cl.interface=&st->ops;
1208 st->ops.control=site_control;
1209 st->ops.status=site_status;
1211 /* First parameter must be a dict */
1212 item=list_elem(args,0);
1213 if (!item || item->type!=t_dict)
1214 cfgfatal(loc,"site","parameter must be a dictionary\n");
1216 dict=item->data.dict;
1217 st->localname=dict_read_string(dict, "local-name", True, "site", loc);
1218 st->remotename=dict_read_string(dict, "name", True, "site", loc);
1219 /* Sanity check (which also allows the 'sites' file to include
1220 site() closures for all sites including our own): refuse to
1221 talk to ourselves */
1222 if (strcmp(st->localname,st->remotename)==0) {
1223 Message(M_DEBUG,"site %s: local-name==name -> ignoring this site\n",
1228 st->netlink=find_cl_if(dict,"link",CL_NETLINK,True,"site",loc);
1229 st->comm=find_cl_if(dict,"comm",CL_COMM,True,"site",loc);
1230 st->resolver=find_cl_if(dict,"resolver",CL_RESOLVER,True,"site",loc);
1231 st->log=find_cl_if(dict,"log",CL_LOG,True,"site",loc);
1232 st->random=find_cl_if(dict,"random",CL_RANDOMSRC,True,"site",loc);
1234 st->privkey=find_cl_if(dict,"local-key",CL_RSAPRIVKEY,True,"site",loc);
1235 st->address=dict_read_string(dict, "address", False, "site", loc);
1237 st->remoteport=dict_read_number(dict,"port",True,"site",loc,0);
1238 else st->remoteport=0;
1239 st->pubkey=find_cl_if(dict,"key",CL_RSAPUBKEY,True,"site",loc);
1242 find_cl_if(dict,"transform",CL_TRANSFORM,True,"site",loc);
1244 st->dh=find_cl_if(dict,"dh",CL_DH,True,"site",loc);
1245 st->hash=find_cl_if(dict,"hash",CL_HASH,True,"site",loc);
1247 st->key_lifetime=dict_read_number(
1248 dict,"key-lifetime",False,"site",loc,DEFAULT_KEY_LIFETIME);
1249 if (st->key_lifetime < DEFAULT_KEY_RENEGOTIATE_GAP)
1250 st->key_renegotiate_time=st->key_lifetime/2;
1252 st->key_renegotiate_time=st->key_lifetime-DEFAULT_KEY_RENEGOTIATE_GAP;
1253 st->setup_retries=dict_read_number(
1254 dict,"setup-retries",False,"site",loc,DEFAULT_SETUP_RETRIES);
1255 st->setup_timeout=dict_read_number(
1256 dict,"setup-timeout",False,"site",loc,DEFAULT_SETUP_TIMEOUT);
1257 st->wait_timeout=dict_read_number(
1258 dict,"wait-time",False,"site",loc,DEFAULT_WAIT_TIME);
1259 st->key_renegotiate_time=dict_read_number(
1260 dict,"renegotiate-time",False,"site",loc,st->key_lifetime);
1261 if (st->key_renegotiate_time > st->key_lifetime) {
1262 cfgfatal(loc,"site",
1263 "renegotiate-time must be less than key-lifetime\n");
1265 /* XXX keepalive will eventually default to True */
1266 st->keepalive=dict_read_bool(dict,"keepalive",False,"site",loc,False);
1268 st->log_events=string_list_to_word(dict_lookup(dict,"log-events"),
1269 log_event_table,"site");
1271 st->tunname=safe_malloc(strlen(st->localname)+strlen(st->remotename)+5,
1273 sprintf(st->tunname,"%s<->%s",st->localname,st->remotename);
1275 /* The information we expect to see in incoming messages of type 1 */
1276 st->setupsiglen=strlen(st->remotename)+strlen(st->localname)+8;
1277 st->setupsig=safe_malloc(st->setupsiglen,"site_apply");
1278 put_uint32(st->setupsig+0,LABEL_MSG1);
1279 put_uint16(st->setupsig+4,strlen(st->remotename));
1280 memcpy(&st->setupsig[6],st->remotename,strlen(st->remotename));
1281 put_uint16(st->setupsig+(6+strlen(st->remotename)),strlen(st->localname));
1282 memcpy(&st->setupsig[8+strlen(st->remotename)],st->localname,
1283 strlen(st->localname));
1284 st->setup_priority=(strcmp(st->localname,st->remotename)>0);
1286 buffer_new(&st->buffer,SETUP_BUFFER_LEN);
1288 /* We are interested in poll(), but only for timeouts. We don't have
1289 any fds of our own. */
1290 register_for_poll(st, site_beforepoll, site_afterpoll, 0, "site");
1293 st->current_valid=False;
1294 st->current_key_timeout=0;
1295 st->peer_valid=False;
1296 /* XXX mlock these */
1297 st->dhsecret=safe_malloc(st->dh->len,"site:dhsecret");
1298 st->sharedsecret=safe_malloc(st->transform->keylen,"site:sharedsecret");
1300 /* We need to register the remote networks with the netlink device */
1301 st->netlink->reg(st->netlink->st, site_outgoing, st,
1302 st->transform->max_start_pad+(4*4),
1303 st->transform->max_end_pad);
1305 st->comm->request_notify(st->comm->st, st, site_incoming);
1307 st->current_transform=st->transform->create(st->transform->st);
1308 st->new_transform=st->transform->create(st->transform->st);
1310 enter_state_stop(st);
1312 add_hook(PHASE_SHUTDOWN,site_phase_hook,st);
1314 return new_closure(&st->cl);
1317 init_module site_module;
1318 void site_module(dict_t *dict)
1320 add_closure(dict,"site",site_apply);
~ianmdlvl / secnet.git / blob