1 /* site.c - manage communication with a remote network site */
10 #define SETUP_BUFFER_LEN 2048
12 #define DEFAULT_KEY_LIFETIME 3600000
13 #define DEFAULT_SETUP_RETRIES 5
14 #define DEFAULT_SETUP_TIMEOUT 1000
15 #define DEFAULT_WAIT_TIME 10000
17 /* Each site can be in one of several possible states. */
20 SITE_STOP - nothing is allowed to happen; tunnel is down;
21 all session keys have been erased
22 -> SITE_RUN upon external instruction
23 SITE_RUN - site up, maybe with valid key
24 -> SITE_RESOLVE upon outgoing packet and no valid key
25 we start name resolution for the other end of the tunnel
26 -> SITE_SENTMSG2 upon valid incoming message 1 and suitable time
27 we send an appropriate message 2
28 SITE_RESOLVE - waiting for name resolution
29 -> SITE_SENTMSG1 upon successful resolution
30 we send an appropriate message 1
31 -> SITE_SENTMSG2 upon valid incoming message 1 (then abort resolution)
32 we abort resolution and
33 -> SITE_WAIT on timeout or resolution failure
35 -> SITE_SENTMSG2 upon valid incoming message 1 from higher priority end
36 -> SITE_SENTMSG3 upon valid incoming message 2
37 -> SITE_WAIT on timeout
39 -> SITE_SENTMSG4 upon valid incoming message 3
40 -> SITE_WAIT on timeout
42 -> SITE_SENTMSG5 upon valid incoming message 4
43 -> SITE_WAIT on timeout
45 -> SITE_RUN upon valid incoming message 5
46 -> SITE_WAIT on timeout
48 -> SITE_RUN upon valid incoming message 6
49 -> SITE_WAIT on timeout
50 SITE_WAIT - failed to establish key; do nothing for a while
51 -> SITE_RUN on timeout
56 #define SITE_RESOLVE 2
57 #define SITE_SENTMSG1 3
58 #define SITE_SENTMSG2 4
59 #define SITE_SENTMSG3 5
60 #define SITE_SENTMSG4 6
61 #define SITE_SENTMSG5 7
64 static string_t state_name(uint32_t state)
67 case 0: return "SITE_STOP";
68 case 1: return "SITE_RUN";
69 case 2: return "SITE_RESOLVE";
70 case 3: return "SITE_SENTMSG1";
71 case 4: return "SITE_SENTMSG2";
72 case 5: return "SITE_SENTMSG3";
73 case 6: return "SITE_SENTMSG4";
74 case 7: return "SITE_SENTMSG5";
75 case 8: return "SITE_WAIT";
76 default: return "*bad state*";
80 #define LABEL_MSG0 0x00020200
81 #define LABEL_MSG1 0x01010101
82 #define LABEL_MSG2 0x02020202
83 #define LABEL_MSG3 0x03030303
84 #define LABEL_MSG4 0x04040404
85 #define LABEL_MSG5 0x05050505
86 #define LABEL_MSG6 0x06060606
87 #define LABEL_MSG7 0x07070707
88 #define LABEL_MSG8 0x08080808
89 #define LABEL_MSG9 0x09090909
93 #define LOG_UNEXPECTED 0x00000001
94 #define LOG_SETUP_INIT 0x00000002
95 #define LOG_SETUP_TIMEOUT 0x00000004
96 #define LOG_ACTIVATE_KEY 0x00000008
97 #define LOG_TIMEOUT_KEY 0x00000010
98 #define LOG_SEC 0x00000020
99 #define LOG_STATE 0x00000040
100 #define LOG_DROP 0x00000080
101 #define LOG_DUMP 0x00000100
102 #define LOG_ERROR 0x00000400
107 /* configuration information */
110 string_t tunname; /* localname<->remotename by default */
111 string_t address; /* DNS name for bootstrapping, optional */
113 struct netlink_if *netlink;
114 struct comm_if *comm;
115 struct resolver_if *resolver;
117 struct random_if *random;
118 struct rsaprivkey_if *privkey;
119 struct subnet_list remotenets;
120 struct rsapubkey_if *pubkey;
121 struct transform_if *transform;
123 struct hash_if *hash;
126 uint32_t setup_retries; /* How many times to send setup packets */
127 uint32_t setup_timeout; /* Initial timeout for setup packets */
128 uint32_t wait_timeout; /* How long to wait if setup unsuccessful */
129 uint32_t key_lifetime; /* How long a key lasts once set up */
131 uint8_t *setupsig; /* Expected signature of incoming MSG1 packets */
132 uint32_t setupsiglen; /* Allows us to discard packets quickly if
133 they are not for us */
134 bool_t setup_priority; /* Do we have precedence if both sites emit
135 message 1 simultaneously? */
138 /* runtime information */
140 uint64_t now; /* Most recently seen time */
142 uint32_t remote_session_id;
143 struct transform_inst_if *current_transform;
144 bool_t current_valid;
145 uint64_t current_key_timeout; /* End of life of current key */
146 struct sockaddr_in peer; /* Current address of peer */
147 bool_t peer_valid; /* Peer address becomes invalid when key times out,
148 but only if we have a DNS name for our peer */
150 uint32_t setup_session_id;
151 struct sockaddr_in setup_peer;
152 uint8_t localN[NONCELEN]; /* Nonces for key exchange */
153 uint8_t remoteN[NONCELEN];
154 struct buffer_if buffer; /* Current outgoing key exchange packet */
155 uint32_t retries; /* Number of retries remaining */
156 uint64_t timeout; /* Timeout for current state */
158 uint8_t *sharedsecret;
160 struct transform_inst_if *new_transform; /* For key setup/verify */
163 static void slog(struct site *st, uint32_t event, string_t msg, ...)
170 if (event&st->log_events) {
171 vsnprintf(buf,240,msg,ap);
172 st->log->log(st->log->st,0,"%s: %s",st->tunname,buf);
177 static void enter_state_run(struct site *st);
178 static bool_t enter_state_resolve(struct site *st);
179 static bool_t enter_state_sentmsg1(struct site *st);
180 static bool_t enter_state_sentmsg2(struct site *st);
181 static bool_t enter_state_sentmsg3(struct site *st);
182 static bool_t enter_state_sentmsg4(struct site *st);
183 static bool_t enter_state_sentmsg5(struct site *st);
184 static void enter_state_wait(struct site *st);
186 #define CHECK_AVAIL(b,l) do { if ((b)->size<(l)) return False; } while(0)
187 #define CHECK_EMPTY(b) do { if ((b)->size!=0) return False; } while(0)
188 #define CHECK_TYPE(b,t) do { uint32_t type; \
189 CHECK_AVAIL((b),4); \
190 type=buf_unprepend_uint32((b)); \
191 if (type!=(t)) return False; } while(0)
210 /* Build any of msg1 to msg4. msg5 and msg6 are built from the inside out
211 using a transform. */
212 static bool_t generate_msg(struct site *st, uint32_t type, string_t what)
215 uint8_t *hash=alloca(st->hash->len);
218 st->retries=st->setup_retries;
219 BUF_ALLOC(&st->buffer,what);
220 buffer_init(&st->buffer,0);
221 buf_append_uint32(&st->buffer,
222 (type==LABEL_MSG1?0:st->setup_session_id));
223 buf_append_uint32(&st->buffer,(uint32_t)st);
224 buf_append_uint32(&st->buffer,type);
225 buf_append_string(&st->buffer,st->localname);
226 buf_append_string(&st->buffer,st->remotename);
227 memcpy(buf_append(&st->buffer,NONCELEN),st->localN,NONCELEN);
228 if (type==LABEL_MSG1) return True;
229 memcpy(buf_append(&st->buffer,NONCELEN),st->remoteN,NONCELEN);
230 if (type==LABEL_MSG2) return True;
231 dhpub=st->dh->makepublic(st->dh->st,st->dhsecret,st->dh->len);
232 buf_append_string(&st->buffer,dhpub);
234 hst=st->hash->init();
235 st->hash->update(hst,st->buffer.start,st->buffer.size);
236 st->hash->final(hst,hash);
237 sig=st->privkey->sign(st->privkey->st,hash,st->hash->len);
238 buf_append_string(&st->buffer,sig);
243 static bool_t unpick_msg(struct site *st, uint32_t type,
244 struct buffer_if *msg, struct msg *m)
246 m->hashstart=msg->start;
248 m->dest=buf_unprepend_uint32(msg);
250 m->source=buf_unprepend_uint32(msg);
251 CHECK_TYPE(msg,type);
253 m->remlen=buf_unprepend_uint16(msg);
254 CHECK_AVAIL(msg,m->remlen);
255 m->remote=buf_unprepend(msg,m->remlen);
257 m->loclen=buf_unprepend_uint16(msg);
258 CHECK_AVAIL(msg,m->loclen);
259 m->local=buf_unprepend(msg,m->loclen);
260 CHECK_AVAIL(msg,NONCELEN);
261 m->nR=buf_unprepend(msg,NONCELEN);
262 if (type==LABEL_MSG1) {
266 CHECK_AVAIL(msg,NONCELEN);
267 m->nL=buf_unprepend(msg,NONCELEN);
268 if (type==LABEL_MSG2) {
273 m->pklen=buf_unprepend_uint16(msg);
274 CHECK_AVAIL(msg,m->pklen);
275 m->pk=buf_unprepend(msg,m->pklen);
276 m->hashlen=msg->start-m->hashstart;
278 m->siglen=buf_unprepend_uint16(msg);
279 CHECK_AVAIL(msg,m->siglen);
280 m->sig=buf_unprepend(msg,m->siglen);
285 static bool_t generate_msg1(struct site *st)
287 st->random->generate(st->random->st,NONCELEN,st->localN);
288 return generate_msg(st,LABEL_MSG1,"site:MSG1");
291 static bool_t process_msg1(struct site *st, struct buffer_if *msg1,
292 struct sockaddr_in *src)
296 /* We've already determined we're in an appropriate state to
297 process an incoming MSG1, and that the MSG1 has correct values
300 if (!unpick_msg(st,LABEL_MSG1,msg1,&m)) return False;
302 /* XXX save src as our peer address here? */
305 st->setup_session_id=m.source;
306 memcpy(st->remoteN,m.nR,NONCELEN);
310 static bool_t generate_msg2(struct site *st)
312 st->random->generate(st->random->st,NONCELEN,st->localN);
313 return generate_msg(st,LABEL_MSG2,"site:MSG2");
316 static bool_t process_msg2(struct site *st, struct buffer_if *msg2,
317 struct sockaddr_in *src)
321 if (!unpick_msg(st,LABEL_MSG2,msg2,&m)) return False;
323 /* Check that the site names and our nonce have been sent
324 back correctly, and then store our peer's nonce. */
325 if (memcmp(m.remote,st->remotename,strlen(st->remotename)!=0)) {
326 slog(st,LOG_SEC,"msg2: bad B (remote site name)");
329 if (memcmp(m.local,st->localname,strlen(st->localname)!=0)) {
330 slog(st,LOG_SEC,"msg2: bad A (local site name)");
333 if (memcmp(m.nL,st->localN,NONCELEN)!=0) {
334 slog(st,LOG_SEC,"msg2: bad nA (locally generated nonce)");
337 st->setup_session_id=m.source;
338 memcpy(st->remoteN,m.nR,NONCELEN);
342 static bool_t generate_msg3(struct site *st)
344 /* Now we have our nonce and their nonce. Think of a secret key,
345 and create message number 3. */
346 st->random->generate(st->random->st,st->dh->len,st->dhsecret);
347 return generate_msg(st,LABEL_MSG3,"site:MSG3");
350 static bool_t process_msg3(struct site *st, struct buffer_if *msg3,
351 struct sockaddr_in *src)
354 uint8_t *hash=alloca(st->hash->len);
357 if (!unpick_msg(st,LABEL_MSG3,msg3,&m)) return False;
359 /* Check that the site names and nonces have been sent back
361 if (memcmp(m.remote,st->remotename,strlen(st->remotename)!=0)) {
362 slog(st,LOG_SEC,"msg3: bad A (remote site name)");
365 if (memcmp(m.local,st->localname,strlen(st->localname)!=0)) {
366 slog(st,LOG_SEC,"msg3: bad B (local site name)");
369 if (memcmp(m.nR,st->remoteN,NONCELEN)!=0) {
370 slog(st,LOG_SEC,"msg3: bad nA (remotely generated nonce)");
373 if (memcmp(m.nL,st->localN,NONCELEN)!=0) {
374 slog(st,LOG_SEC,"msg3: bad nB (locally generated nonce)");
378 /* Check signature and store g^x mod m */
379 hst=st->hash->init();
380 st->hash->update(hst,m.hashstart,m.hashlen);
381 st->hash->final(hst,hash);
382 /* Terminate signature with a '0' - cheating, but should be ok */
384 if (!st->pubkey->check(st->pubkey->st,hash,st->hash->len,m.sig)) {
385 slog(st,LOG_SEC,"msg3 signature failed check!");
389 /* Terminate their DH public key with a '0' */
391 /* Invent our DH secret key */
392 st->random->generate(st->random->st,st->dh->len,st->dhsecret);
394 /* Generate the shared key */
395 st->dh->makeshared(st->dh->st,st->dhsecret,st->dh->len,m.pk,
396 st->sharedsecret,st->transform->keylen);
398 /* Set up the transform */
399 st->new_transform->setkey(st->new_transform->st,st->sharedsecret,
400 st->transform->keylen);
405 static bool_t generate_msg4(struct site *st)
407 /* We have both nonces, their public key and our private key. Generate
408 our public key, sign it and send it to them. */
409 return generate_msg(st,LABEL_MSG4,"site:MSG4");
412 static bool_t process_msg4(struct site *st, struct buffer_if *msg4,
413 struct sockaddr_in *src)
416 uint8_t *hash=alloca(st->hash->len);
419 if (!unpick_msg(st,LABEL_MSG4,msg4,&m)) return False;
421 /* Check that the site names and nonces have been sent back
423 if (memcmp(m.remote,st->remotename,strlen(st->remotename)!=0)) {
424 slog(st,LOG_SEC,"msg4: bad B (remote site name)");
427 if (memcmp(m.local,st->localname,strlen(st->localname)!=0)) {
428 slog(st,LOG_SEC,"msg4: bad A (local site name)");
431 if (memcmp(m.nR,st->remoteN,NONCELEN)!=0) {
432 slog(st,LOG_SEC,"msg4: bad nB (remotely generated nonce)");
435 if (memcmp(m.nL,st->localN,NONCELEN)!=0) {
436 slog(st,LOG_SEC,"msg4: bad nA (locally generated nonce)");
440 /* Check signature and store g^x mod m */
441 hst=st->hash->init();
442 st->hash->update(hst,m.hashstart,m.hashlen);
443 st->hash->final(hst,hash);
444 /* Terminate signature with a '0' - cheating, but should be ok */
446 if (!st->pubkey->check(st->pubkey->st,hash,st->hash->len,m.sig)) {
447 slog(st,LOG_SEC,"msg4 signature failed check!");
451 /* Terminate their DH public key with a '0' */
453 /* Generate the shared key */
454 st->dh->makeshared(st->dh->st,st->dhsecret,st->dh->len,m.pk,
455 st->sharedsecret,st->transform->keylen);
456 /* Set up the transform */
457 st->new_transform->setkey(st->new_transform->st,st->sharedsecret,
458 st->transform->keylen);
463 static bool_t generate_msg5(struct site *st)
465 string_t transform_err;
467 BUF_ALLOC(&st->buffer,"site:MSG5");
468 /* We are going to add three words to the transformed message */
469 buffer_init(&st->buffer,st->transform->max_start_pad+(4*3));
470 buf_append_uint32(&st->buffer,LABEL_MSG5);
471 st->new_transform->forwards(st->new_transform->st,&st->buffer,
473 buf_prepend_uint32(&st->buffer,LABEL_MSG5);
474 buf_prepend_uint32(&st->buffer,(uint32_t)st);
475 buf_prepend_uint32(&st->buffer,st->setup_session_id);
477 st->retries=st->setup_retries;
487 static bool_t unpick_msg0(struct site *st, struct buffer_if *msg0,
491 m->dest=buf_unprepend_uint32(msg0);
493 m->source=buf_unprepend_uint32(msg0);
495 m->type=buf_unprepend_uint32(msg0);
497 /* Leaves transformed part of buffer untouched */
500 static bool_t process_msg5(struct site *st, struct buffer_if *msg5,
501 struct sockaddr_in *src)
504 string_t transform_err;
506 if (!unpick_msg0(st,msg5,&m)) return False;
508 if (st->new_transform->reverse(st->new_transform->st,
509 msg5,&transform_err)) {
510 /* There's a problem */
511 slog(st,LOG_SEC,"process_msg5: transform: %s",transform_err);
514 /* Buffer should now contain untransformed PING packet data */
516 if (buf_unprepend_uint32(msg5)!=LABEL_MSG5) {
517 slog(st,LOG_SEC,"MSG5/PING packet contained invalid data");
524 static bool_t generate_msg6(struct site *st)
526 string_t transform_err;
528 BUF_ALLOC(&st->buffer,"site:MSG6");
529 /* We are going to add three words to the transformed message */
530 buffer_init(&st->buffer,st->transform->max_start_pad+(4*3));
531 buf_append_uint32(&st->buffer,LABEL_MSG6);
532 st->new_transform->forwards(st->new_transform->st,&st->buffer,
534 buf_prepend_uint32(&st->buffer,LABEL_MSG6);
535 buf_prepend_uint32(&st->buffer,(uint32_t)st);
536 buf_prepend_uint32(&st->buffer,st->setup_session_id);
538 st->retries=1; /* Peer will retransmit MSG5 if necessary */
542 static bool_t process_msg6(struct site *st, struct buffer_if *msg6,
543 struct sockaddr_in *src)
546 string_t transform_err;
548 if (!unpick_msg0(st,msg6,&m)) return False;
550 if (st->new_transform->reverse(st->new_transform->st,
551 msg6,&transform_err)) {
552 /* There's a problem */
553 slog(st,LOG_SEC,"process_msg6: transform: %s",transform_err);
556 /* Buffer should now contain untransformed PING packet data */
558 if (buf_unprepend_uint32(msg6)!=LABEL_MSG6) {
559 slog(st,LOG_SEC,"MSG6/PONG packet contained invalid data");
566 static bool_t process_msg0(struct site *st, struct buffer_if *msg0,
567 struct sockaddr_in *src)
570 string_t transform_err;
573 if (!st->current_valid) {
574 slog(st,LOG_DROP,"incoming message but no current key -> dropping");
575 if (st->state==SITE_RUN) {
576 slog(st,LOG_SETUP_INIT|LOG_STATE,
577 "now initiating setup of new key");
578 return enter_state_resolve(st);
583 if (!unpick_msg0(st,msg0,&m)) return False;
585 if (st->current_transform->reverse(st->current_transform->st,
586 msg0,&transform_err)) {
587 /* There's a problem */
588 slog(st,LOG_SEC,"transform: %s",transform_err);
592 type=buf_unprepend_uint32(msg0);
595 /* Deliver to netlink layer */
596 st->netlink->deliver(st->netlink->st,st->netlink_cid,msg0);
600 slog(st,LOG_SEC,"incoming message of type %08x (unknown)",type);
606 static void dump_packet(struct site *st, struct buffer_if *buf,
607 struct sockaddr_in *addr, bool_t incoming)
609 uint32_t dest=ntohl(*(uint32_t *)buf->start);
610 uint32_t source=ntohl(*(uint32_t *)(buf->start+4));
611 uint32_t msgtype=ntohl(*(uint32_t *)(buf->start+8));
613 if (st->log_events & LOG_DUMP)
614 log(st->log,0,"(%s,%s): %s: %08x<-%08x: %08x:",
615 st->localname,st->remotename,incoming?"incoming":"outgoing",
616 dest,source,msgtype);
619 static uint32_t site_status(void *st)
624 static bool_t send_msg(struct site *st)
627 dump_packet(st,&st->buffer,&st->setup_peer,False);
628 st->comm->sendmsg(st->comm->st,&st->buffer,&st->setup_peer);
629 st->timeout=st->now+st->setup_timeout;
633 slog(st,LOG_SETUP_TIMEOUT,"timed out sending key setup packet");
634 enter_state_wait(st);
639 static void site_resolve_callback(void *sst, struct in_addr *address)
643 if (st->state!=SITE_RESOLVE) {
644 slog(st,LOG_UNEXPECTED,"site_resolve_callback called unexpectedly");
648 memset(&st->setup_peer,0,sizeof(st->setup_peer));
649 st->setup_peer.sin_family=AF_INET;
650 st->setup_peer.sin_port=htons(st->remoteport);
651 st->setup_peer.sin_addr=*address;
652 enter_state_sentmsg1(st);
654 /* Resolution failed */
655 slog(st,LOG_ERROR,"resolution of %s failed",st->address);
660 static void activate_new_key(struct site *st)
662 struct transform_inst_if *t;
664 t=st->current_transform;
665 st->current_transform=st->new_transform;
671 st->current_valid=True;
672 st->current_key_timeout=st->now+st->key_lifetime;
673 st->peer=st->setup_peer;
675 st->remote_session_id=st->setup_session_id;
677 slog(st,LOG_ACTIVATE_KEY,"new key activated");
680 static void state_assert(struct site *st, bool_t ok)
682 if (!ok) fatal("state_assert\n");
685 static void enter_state_stop(struct site *st)
689 st->current_transform->delkey(st->current_transform->st);
690 st->current_valid=False;
691 st->current_key_timeout=0;
693 st->peer_valid=False;
695 st->new_transform->delkey(st->new_transform->st);
698 static void enter_state_run(struct site *st)
700 slog(st,LOG_STATE,"entering state RUN");
703 st->netlink->set_delivery(st->netlink->st,st->netlink_cid,True);
704 /* XXX get rid of key setup data */
707 static bool_t enter_state_resolve(struct site *st)
709 state_assert(st,st->state==SITE_RUN);
710 slog(st,LOG_STATE,"entering state RESOLVE");
711 st->state=SITE_RESOLVE;
712 st->resolver->request(st->resolver->st,st->address,
713 site_resolve_callback,st);
717 static bool_t enter_state_sentmsg1(struct site *st)
719 state_assert(st,st->state==SITE_RUN || st->state==SITE_RESOLVE);
720 slog(st,LOG_STATE,"entering state SENTMSG1");
721 if (generate_msg1(st) && send_msg(st)) {
722 st->state=SITE_SENTMSG1;
725 slog(st,LOG_ERROR,"error entering state SENTMSG1");
726 st->buffer.free=False; /* Can't tell which it was, but enter_state_wait()
727 will do a BUF_FREE() */
728 enter_state_wait(st);
732 static bool_t enter_state_sentmsg2(struct site *st)
734 state_assert(st,st->state==SITE_RUN || st->state==SITE_RESOLVE ||
735 st->state==SITE_SENTMSG1 || st->state==SITE_WAIT);
736 slog(st,LOG_STATE,"entering state SENTMSG2");
737 if (generate_msg2(st) && send_msg(st)) {
738 st->state=SITE_SENTMSG2;
741 slog(st,LOG_ERROR,"error entering state SENTMSG2");
742 st->buffer.free=False;
743 enter_state_wait(st);
747 static bool_t enter_state_sentmsg3(struct site *st)
749 state_assert(st,st->state==SITE_SENTMSG1);
750 slog(st,LOG_STATE,"entering state SENTMSG3");
751 BUF_FREE(&st->buffer); /* Free message 1 */
752 if (generate_msg3(st) && send_msg(st)) {
753 st->state=SITE_SENTMSG3;
756 slog(st,LOG_ERROR,"error entering state SENTMSG3");
757 st->buffer.free=False;
758 enter_state_wait(st);
762 static bool_t enter_state_sentmsg4(struct site *st)
764 state_assert(st,st->state==SITE_SENTMSG2);
765 slog(st,LOG_STATE,"entering state SENTMSG4");
766 BUF_FREE(&st->buffer); /* Free message 2 */
767 if (generate_msg4(st) && send_msg(st)) {
768 st->state=SITE_SENTMSG4;
771 slog(st,LOG_ERROR,"error entering state SENTMSG4");
772 st->buffer.free=False;
773 enter_state_wait(st);
777 static bool_t enter_state_sentmsg5(struct site *st)
779 state_assert(st,st->state==SITE_SENTMSG3);
780 slog(st,LOG_STATE,"entering state SENTMSG5");
781 BUF_FREE(&st->buffer); /* Free message 3 */
783 if (generate_msg5(st) && send_msg(st)) {
784 st->state=SITE_SENTMSG5;
787 slog(st,LOG_ERROR,"error entering state SENTMSG5");
788 st->buffer.free=False;
789 enter_state_wait(st);
794 static bool_t send_msg6(struct site *st)
796 state_assert(st,st->state==SITE_SENTMSG4);
797 slog(st,LOG_STATE,"entering state RUN after sending msg6");
798 BUF_FREE(&st->buffer); /* Free message 4 */
799 if (generate_msg6(st) && send_msg(st)) {
800 BUF_FREE(&st->buffer); /* Never reused */
801 st->timeout=0; /* Never retransmit */
802 activate_new_key(st);
805 slog(st,LOG_ERROR,"error entering state RUN after sending msg6");
806 st->buffer.free=False;
807 enter_state_wait(st);
811 /* We go into this state if our peer becomes uncommunicative. Similar to
812 the "stop" state, we forget all session keys for a while, before
813 re-entering the "run" state. */
814 static void enter_state_wait(struct site *st)
816 slog(st,LOG_STATE,"entering state WAIT");
817 st->timeout=st->now+st->wait_timeout;
819 st->peer_valid=False;
820 st->netlink->set_delivery(st->netlink->st,st->netlink_cid,False);
821 BUF_FREE(&st->buffer); /* will have had an outgoing packet in it */
822 /* XXX Erase keys etc. */
825 static int site_beforepoll(void *sst, struct pollfd *fds, int *nfds_io,
826 int *timeout_io, const struct timeval *tv_now,
831 *nfds_io=0; /* We don't use any file descriptors */
834 /* Work out when our next timeout is. The earlier of 'timeout' or
835 'current_key_timeout'. A stored value of '0' indicates no timeout
837 if (st->timeout && st->timeout-*now < *timeout_io) {
838 *timeout_io=st->timeout-*now;
841 if (st->current_key_timeout && st->current_key_timeout-*now < *timeout_io)
842 *timeout_io=st->current_key_timeout-*now;
844 return 0; /* success */
847 /* NB site_afterpoll will be called before site_beforepoll is ever called */
848 static void site_afterpoll(void *sst, struct pollfd *fds, int nfds,
849 const struct timeval *tv_now, uint64_t *now)
854 if (st->timeout && *now>st->timeout) {
857 if (st->state>=SITE_SENTMSG1 && st->state<=SITE_SENTMSG5)
859 else if (st->state==SITE_WAIT) {
862 slog(st,LOG_ERROR,"site_afterpoll: unexpected timeout, state=%d",
866 if (st->current_key_timeout && *now>st->current_key_timeout) {
867 slog(st,LOG_TIMEOUT_KEY,"maximum key life exceeded; session closed");
868 st->current_valid=False;
869 st->current_transform->delkey(st->current_transform->st);
870 st->current_key_timeout=0;
874 /* This function is called by the netlink device to deliver packets
875 intended for the remote network. The packet is in "raw" wire
876 format, but is guaranteed to be word-aligned. */
877 static void site_outgoing(void *sst, void *cid, struct buffer_if *buf)
880 string_t transform_err;
882 if (st->state==SITE_STOP) {
887 /* In all other states we consider delivering the packet if we have
888 a valid key and a valid address to send it to. */
889 if (st->current_valid && st->peer_valid) {
890 /* Transform it and send it */
891 buf_prepend_uint32(buf,LABEL_MSG9);
892 st->current_transform->forwards(st->current_transform->st,
893 buf, &transform_err);
894 buf_prepend_uint32(buf,LABEL_MSG0);
895 buf_prepend_uint32(buf,(uint32_t)st);
896 buf_prepend_uint32(buf,st->remote_session_id);
897 st->comm->sendmsg(st->comm->st,buf,&st->peer);
902 if (st->state==SITE_RUN) {
903 BUF_FREE(buf); /* We throw the outgoing packet away */
904 slog(st,LOG_SETUP_INIT,"initiating key exchange");
905 enter_state_resolve(st);
909 /* Otherwise we're in the middle of key setup or a wait - just
910 throw the outgoing packet away */
911 slog(st,LOG_DROP,"discarding outgoing packet");
916 /* This function is called by the communication device to deliver
917 packets from our peers. */
918 static bool_t site_incoming(void *sst, struct buffer_if *buf,
919 struct sockaddr_in *source)
922 uint32_t dest=ntohl(*(uint32_t *)buf->start);
925 if (buf->size<(st->setupsiglen+8+NONCELEN)) return False;
926 /* It could be for any site - it should have LABEL_MSG1 and
927 might have our name and our peer's name in it */
928 if (memcmp(buf->start+8,st->setupsig,st->setupsiglen)==0) {
929 dump_packet(st,buf,source,True);
930 /* It's addressed to us. Decide what to do about it. */
931 if (st->state==SITE_RUN || st->state==SITE_RESOLVE ||
932 st->state==SITE_WAIT) {
933 /* We should definitely process it */
934 if (process_msg1(st,buf,source)) {
935 slog(st,LOG_SETUP_INIT,"key setup initiated by peer");
936 enter_state_sentmsg2(st);
938 slog(st,LOG_ERROR,"failed to process incoming msg1");
943 if (st->state==SITE_SENTMSG1) {
944 /* We've just sent a message 1! They may have crossed on
945 the wire. If we have priority then we ignore the
946 incoming one, otherwise we process it as usual. */
947 if (st->setup_priority) {
949 slog(st,LOG_DUMP,"crossed msg1s; we are higher "
950 "priority => ignore incoming msg1");
953 slog(st,LOG_DUMP,"crossed msg1s; we are lower "
954 "priority => use incoming msg1");
955 if (process_msg1(st,buf,source)) {
956 BUF_FREE(&st->buffer); /* Free our old message 1 */
957 enter_state_sentmsg2(st);
959 slog(st,LOG_ERROR,"failed to process an incoming "
960 "crossed msg1 (we have low priority)");
966 /* The message 1 was received at an unexpected stage of the
967 key setup. XXX POLICY - what do we do? */
968 slog(st,LOG_UNEXPECTED,"unexpected incoming message 1");
972 return False; /* Not for us. */
974 if (dest==(uint32_t)st) {
975 uint32_t msgtype=ntohl(*(uint32_t *)(buf->start+8));
976 /* Explicitly addressed to us */
977 if (msgtype!=LABEL_MSG0) dump_packet(st,buf,source,True);
980 process_msg0(st,buf,source);
983 /* Setup packet: should not have been explicitly addressed
985 slog(st,LOG_SEC,"incoming explicitly addressed msg1");
988 /* Setup packet: expected only in state SENTMSG1 */
989 if (st->state!=SITE_SENTMSG1) {
990 slog(st,LOG_UNEXPECTED,"unexpected MSG2");
991 } else if (process_msg2(st,buf,source))
992 enter_state_sentmsg3(st);
994 slog(st,LOG_SEC,"invalid MSG2");
998 /* Setup packet: expected only in state SENTMSG2 */
999 if (st->state!=SITE_SENTMSG2) {
1000 slog(st,LOG_UNEXPECTED,"unexpected MSG3");
1001 } else if (process_msg3(st,buf,source))
1002 enter_state_sentmsg4(st);
1004 slog(st,LOG_SEC,"invalid MSG3");
1008 /* Setup packet: expected only in state SENTMSG3 */
1009 if (st->state!=SITE_SENTMSG3) {
1010 slog(st,LOG_UNEXPECTED,"unexpected MSG4");
1011 } else if (process_msg4(st,buf,source))
1012 enter_state_sentmsg5(st);
1014 slog(st,LOG_SEC,"invalid MSG4");
1018 /* Setup packet: expected only in state SENTMSG4 */
1019 /* (may turn up in state RUN if our return MSG6 was lost
1020 and the new key has already been activated. In that
1021 case we should treat it as an ordinary PING packet. We
1022 can't pass it to process_msg5() because the
1023 new_transform will now be null. XXX) */
1024 if (st->state!=SITE_SENTMSG4) {
1025 slog(st,LOG_UNEXPECTED,"unexpected MSG5");
1026 } else if (process_msg5(st,buf,source)) {
1029 slog(st,LOG_SEC,"invalid MSG5");
1033 /* Setup packet: expected only in state SENTMSG5 */
1034 if (st->state!=SITE_SENTMSG5) {
1035 slog(st,LOG_UNEXPECTED,"unexpected MSG6");
1036 } else if (process_msg6(st,buf,source)) {
1037 BUF_FREE(&st->buffer); /* Free message 5 */
1038 activate_new_key(st);
1040 slog(st,LOG_SEC,"invalid MSG6");
1044 /* NAK packet: enter state where we ping and check for response */
1045 slog(st,LOG_ERROR,"received a NAK");
1048 slog(st,LOG_SEC,"received message of unknown type 0x%08x",
1059 static void site_control(void *vst, bool_t run)
1061 struct site *st=vst;
1062 if (run) enter_state_run(st);
1063 else enter_state_stop(st);
1066 static list_t *site_apply(closure_t *self, struct cloc loc, dict_t *context,
1073 st=safe_malloc(sizeof(*st),"site_apply");
1075 st->cl.description="site";
1076 st->cl.type=CL_SITE;
1078 st->cl.interface=&st->ops;
1080 st->ops.control=site_control;
1081 st->ops.status=site_status;
1083 /* First parameter must be a dict */
1084 item=list_elem(args,0);
1085 if (!item || item->type!=t_dict)
1086 cfgfatal(loc,"site","parameter must be a dictionary\n");
1088 dict=item->data.dict;
1089 st->netlink=find_cl_if(dict,"netlink",CL_NETLINK,True,"site",loc);
1090 st->comm=find_cl_if(dict,"comm",CL_COMM,True,"site",loc);
1091 st->resolver=find_cl_if(dict,"resolver",CL_RESOLVER,True,"site",loc);
1092 st->log=find_cl_if(dict,"log",CL_LOG,True,"site",loc);
1093 st->random=find_cl_if(dict,"random",CL_RANDOMSRC,True,"site",loc);
1095 st->localname=dict_read_string(dict, "local-name", True, "site", loc);
1096 st->privkey=find_cl_if(dict,"local-key",CL_RSAPRIVKEY,True,"site",loc);
1097 st->remoteport=dict_read_number(dict,"port",True,"site",loc,0);
1099 st->remotename=dict_read_string(dict, "name", True, "site", loc);
1100 st->address=dict_read_string(dict, "address", False, "site", loc);
1101 dict_read_subnet_list(dict, "networks", True, "site", loc,
1103 st->pubkey=find_cl_if(dict,"key",CL_RSAPUBKEY,True,"site",loc);
1106 find_cl_if(dict,"transform",CL_TRANSFORM,True,"site",loc);
1108 st->dh=find_cl_if(dict,"dh",CL_DH,True,"site",loc);
1109 st->hash=find_cl_if(dict,"hash",CL_HASH,True,"site",loc);
1111 st->key_lifetime=dict_read_number(dict,"key-lifetime",
1112 False,"site",loc,DEFAULT_KEY_LIFETIME);
1113 st->setup_retries=dict_read_number(dict,"setup-retries",
1114 False,"site",loc,DEFAULT_SETUP_RETRIES);
1115 st->setup_timeout=dict_read_number(dict,"setup-timeout",
1116 False,"site",loc,DEFAULT_SETUP_TIMEOUT);
1117 st->wait_timeout=dict_read_number(dict,"wait-time",
1118 False,"site",loc,DEFAULT_WAIT_TIME);
1119 /* XXX should be configurable */
1120 st->log_events=LOG_SEC|LOG_ERROR|
1121 LOG_ACTIVATE_KEY|LOG_TIMEOUT_KEY|LOG_SETUP_INIT|LOG_SETUP_TIMEOUT;
1123 st->tunname=safe_malloc(strlen(st->localname)+strlen(st->remotename)+5,
1125 sprintf(st->tunname,"%s<->%s",st->localname,st->remotename);
1127 /* The information we expect to see in incoming messages of type 1 */
1128 /* XXX fix this bit for unaligned access */
1129 st->setupsiglen=strlen(st->remotename)+strlen(st->localname)+8;
1130 st->setupsig=safe_malloc(st->setupsiglen,"site_apply");
1131 *(uint32_t *)&(st->setupsig[0])=LABEL_MSG1;
1132 *(uint16_t *)&(st->setupsig[4])=htons(strlen(st->remotename));
1133 memcpy(&st->setupsig[6],st->remotename,strlen(st->remotename));
1134 *(uint16_t *)&(st->setupsig[6+strlen(st->remotename)])=
1135 htons(strlen(st->localname));
1136 memcpy(&st->setupsig[8+strlen(st->remotename)],st->localname,
1137 strlen(st->localname));
1138 st->setup_priority=(strcmp(st->localname,st->remotename)>0);
1140 buffer_new(&st->buffer,SETUP_BUFFER_LEN);
1142 /* We are interested in poll(), but only for timeouts. We don't have
1143 any fds of our own. */
1144 register_for_poll(st, site_beforepoll, site_afterpoll, 0, "site");
1147 st->current_valid=False;
1148 st->current_key_timeout=0;
1149 st->peer_valid=False;
1150 /* XXX mlock these */
1151 st->dhsecret=safe_malloc(st->dh->len,"site:dhsecret");
1152 st->sharedsecret=safe_malloc(st->transform->keylen,"site:sharedsecret");
1154 /* We need to register the remote networks with the netlink device */
1155 st->netlink_cid=st->netlink->regnets(st->netlink->st, &st->remotenets,
1157 st->transform->max_start_pad+(4*4),
1158 st->transform->max_end_pad,
1161 st->comm->request_notify(st->comm->st, st, site_incoming);
1163 st->current_transform=st->transform->create(st->transform->st);
1164 st->new_transform=st->transform->create(st->transform->st);
1166 enter_state_stop(st);
1168 return new_closure(&st->cl);
1171 init_module site_module;
1172 void site_module(dict_t *dict)
1174 add_closure(dict,"site",site_apply);