ViewVC Help
View File | Revision Log | Show Annotations | Download File
/cvs/gvpe/src/connection.C
(Generate patch)

Comparing gvpe/src/connection.C (file contents):
Revision 1.82 by pcg, Fri Aug 15 18:35:24 2008 UTC vs.
Revision 1.113 by root, Thu Jan 29 00:21:39 2015 UTC

1/* 1/*
2 connection.C -- manage a single connection 2 connection.C -- manage a single connection
3 Copyright (C) 2003-2008 Marc Lehmann <gvpe@schmorp.de> 3 Copyright (C) 2003-2008,2010,2011,2013 Marc Lehmann <gvpe@schmorp.de>
4 4
5 This file is part of GVPE. 5 This file is part of GVPE.
6 6
7 GVPE is free software; you can redistribute it and/or modify it 7 GVPE is free software; you can redistribute it and/or modify it
8 under the terms of the GNU General Public License as published by the 8 under the terms of the GNU General Public License as published by the
33 33
34#include <list> 34#include <list>
35#include <queue> 35#include <queue>
36#include <utility> 36#include <utility>
37 37
38#include <openssl/opensslv.h>
38#include <openssl/rand.h> 39#include <openssl/rand.h>
39#include <openssl/evp.h> 40#include <openssl/evp.h>
40#include <openssl/rsa.h> 41#include <openssl/rsa.h>
41#include <openssl/err.h> 42#include <openssl/err.h>
43
44// openssl 0.9.8 compatibility
45#if OPENSSL_VERSION_NUMBER < 0x10100000
46 #define require101(exp) exp
47#else
48 #define require101(exp) require (exp)
49#endif
42 50
43#include "conf.h" 51#include "conf.h"
44#include "slog.h" 52#include "slog.h"
45#include "device.h" 53#include "device.h"
46#include "vpn.h" 54#include "vpn.h"
47#include "connection.h" 55#include "connection.h"
56#include "hkdf.h"
48 57
49#include "netcompat.h" 58#include "netcompat.h"
50 59
51#if !HAVE_RAND_PSEUDO_BYTES
52# define RAND_pseudo_bytes RAND_bytes
53#endif
54
55#define MAGIC "vped\xbd\xc6\xdb\x82" // 8 bytes of magic 60#define MAGIC "gvpe\xbd\xc6\xdb\x82" // 8 bytes of magic
56 61
57#define ULTRA_FAST 1 62#define ULTRA_FAST 1
58#define HLOG 15 63#define HLOG 15
59#include "lzf/lzf.h" 64#include "lzf/lzf.h"
60#include "lzf/lzf_c.c" 65#include "lzf/lzf_c.c"
63////////////////////////////////////////////////////////////////////////////// 68//////////////////////////////////////////////////////////////////////////////
64 69
65static std::queue< std::pair<run_script_cb *, const char *> > rs_queue; 70static std::queue< std::pair<run_script_cb *, const char *> > rs_queue;
66static ev::child rs_child_ev; 71static ev::child rs_child_ev;
67 72
73namespace
74{
68void // c++ requires external linkage here, apparently :( 75 void // c++ requires external linkage here, apparently :(
69rs_child_cb (ev::child &w, int revents) 76 rs_child_cb (ev::child &w, int revents)
70{ 77 {
71 w.stop (); 78 w.stop ();
72 79
73 if (rs_queue.empty ()) 80 if (rs_queue.empty ())
74 return; 81 return;
75 82
76 pid_t pid = run_script (*rs_queue.front ().first, false); 83 pid_t pid = run_script (*rs_queue.front ().first, false);
77 if (pid) 84 if (pid)
78 { 85 {
79 w.set (pid); 86 w.set (pid);
80 w.start (); 87 w.start ();
81 } 88 }
82 else 89 else
83 slog (L_WARN, rs_queue.front ().second); 90 slog (L_WARN, rs_queue.front ().second);
84 91
85 delete rs_queue.front ().first; 92 delete rs_queue.front ().first;
86 rs_queue.pop (); 93 rs_queue.pop ();
87} 94 }
95};
88 96
89// despite the fancy name, this is quite a hack 97// despite the fancy name, this is quite a hack
90static void 98static void
91run_script_queued (run_script_cb *cb, const char *warnmsg) 99run_script_queued (run_script_cb *cb, const char *warnmsg)
92{ 100{
104struct crypto_ctx 112struct crypto_ctx
105{ 113{
106 EVP_CIPHER_CTX cctx; 114 EVP_CIPHER_CTX cctx;
107 HMAC_CTX hctx; 115 HMAC_CTX hctx;
108 116
109 crypto_ctx (const rsachallenge &challenge, int enc); 117 crypto_ctx (const auth_data &auth1, const auth_data &auth2, const ecdh_key &a, const ecdh_key &b, int enc);
110 ~crypto_ctx (); 118 ~crypto_ctx ();
111}; 119};
112 120
113crypto_ctx::crypto_ctx (const rsachallenge &challenge, int enc) 121crypto_ctx::crypto_ctx (const auth_data &auth1, const auth_data &auth2, const ecdh_key &a, const ecdh_key &b, int enc)
114{ 122{
123 ecdh_key s;
124
125 curve25519_combine (a, b, s);
126
127 {
128 u8 mac_key[MAC_KEYSIZE];
129 static const unsigned char mac_info[] = "gvpe mac key";
130
131 hkdf kdf (auth2.rsa.hkdf_salt, sizeof (auth2.rsa.hkdf_salt), HKDF_XTR_HASH ());
132 kdf.extract (auth1.rsa.mac_key, sizeof (auth1.rsa.mac_key));
133 kdf.extract (s, sizeof (s));
134 kdf.extract_done (HKDF_PRF_HASH ());
135 kdf.expand (mac_key, sizeof (mac_key), mac_info, sizeof (mac_info));
136
137 HMAC_CTX_init (&hctx);
138 require101 (HMAC_Init_ex (&hctx, mac_key, MAC_KEYSIZE, MAC_DIGEST (), 0));
139 }
140
141 {
142 u8 cipher_key[CIPHER_KEYSIZE];
143 static const unsigned char cipher_info[] = "gvpe cipher key";
144
145 hkdf kdf (auth2.rsa.hkdf_salt, sizeof (auth2.rsa.hkdf_salt), HKDF_XTR_HASH ());
146 kdf.extract (auth1.rsa.cipher_key, sizeof (auth1.rsa.cipher_key));
147 kdf.extract (s, sizeof (s));
148 kdf.extract_done (HKDF_PRF_HASH ());
149 kdf.expand (cipher_key, sizeof (cipher_key), cipher_info, sizeof (cipher_info));
150
115 EVP_CIPHER_CTX_init (&cctx); 151 EVP_CIPHER_CTX_init (&cctx);
116 require (EVP_CipherInit_ex (&cctx, CIPHER, 0, &challenge[CHG_CIPHER_KEY], 0, enc)); 152 require (EVP_CipherInit_ex (&cctx, CIPHER (), 0, cipher_key, 0, enc));
117 HMAC_CTX_init (&hctx); 153 }
118 HMAC_Init_ex (&hctx, &challenge[CHG_HMAC_KEY], HMAC_KEYLEN, DIGEST, 0);
119} 154}
120 155
121crypto_ctx::~crypto_ctx () 156crypto_ctx::~crypto_ctx ()
122{ 157{
123 require (EVP_CIPHER_CTX_cleanup (&cctx)); 158 require (EVP_CIPHER_CTX_cleanup (&cctx));
124 HMAC_CTX_cleanup (&hctx); 159 HMAC_CTX_cleanup (&hctx);
125} 160}
126 161
162static inline void
163auth_encrypt (RSA *key, const auth_data &auth, auth_encr &encr)
164{
165 if (RSA_public_encrypt (sizeof (auth.rsa),
166 (unsigned char *)&auth.rsa, (unsigned char *)&encr.rsa,
167 key, RSA_PKCS1_OAEP_PADDING) < 0)
168 fatal ("RSA_public_encrypt error");
169
170 memcpy (&encr.ecdh, &auth.ecdh, sizeof (encr.ecdh));
171}
172
173static inline bool
174auth_decrypt (RSA *key, const auth_encr &encr, auth_data &auth)
175{
176 u8 rsa_decrypt[RSA_KEYLEN];
177
178 if (RSA_private_decrypt (sizeof (encr.rsa),
179 (const unsigned char *)&encr.rsa, (unsigned char *)rsa_decrypt,
180 key, RSA_PKCS1_OAEP_PADDING) != sizeof (auth.rsa))
181 return 0;
182
183 memcpy (&auth.rsa, rsa_decrypt, sizeof (auth.rsa));
184 memcpy (&auth.ecdh, &encr.ecdh, sizeof (auth.ecdh));
185
186 return 1;
187}
188
127static void 189static void
128rsa_hash (const rsaid &id, const rsachallenge &chg, rsaresponse &h) 190auth_hash (const auth_data &auth, const ecdh_key &b, auth_mac &mac)
129{ 191{
130 EVP_MD_CTX ctx; 192 hkdf kdf (b, sizeof b, AUTH_DIGEST ()); // use response ecdh b as salt
131 193 kdf.extract (&auth.rsa, sizeof (auth.rsa));
132 EVP_MD_CTX_init (&ctx); 194 kdf.extract_done ();
133 require (EVP_DigestInit (&ctx, RSA_HASH)); 195 kdf.expand (mac, sizeof mac, auth.ecdh, sizeof (auth.ecdh)); // use challenge ecdh b as info
134 require (EVP_DigestUpdate(&ctx, &chg, sizeof chg));
135 require (EVP_DigestUpdate(&ctx, &id, sizeof id));
136 require (EVP_DigestFinal (&ctx, (unsigned char *)&h, 0));
137 EVP_MD_CTX_cleanup (&ctx);
138} 196}
139 197
140struct rsa_entry 198void
199connection::generate_auth_data ()
141{ 200{
142 tstamp expire; 201 if (auth_expire < ev_now ())
143 rsaid id;
144 rsachallenge chg;
145};
146
147struct rsa_cache : list<rsa_entry>
148{
149 inline void cleaner_cb (ev::timer &w, int revents); ev::timer cleaner;
150
151 bool find (const rsaid &id, rsachallenge &chg)
152 {
153 for (iterator i = begin (); i != end (); ++i)
154 { 202 {
155 if (!memcmp (&id, &i->id, sizeof id) && i->expire > ev_now ()) 203 // request data
156 { 204 rand_fill (snd_auth.rsa);
157 memcpy (&chg, &i->chg, sizeof chg); 205 curve25519_generate (snd_ecdh_a, snd_auth.ecdh);
158 206
159 erase (i); 207 // eventual response data
160 return true; 208 curve25519_generate (rcv_ecdh_a, rcv_ecdh_b);
161 }
162 } 209 }
163 210
164 if (!cleaner.is_active ()) 211 // every use prolongs the expiry
165 cleaner.again ();
166
167 return false;
168 }
169
170 void gen (rsaid &id, rsachallenge &chg)
171 {
172 rsa_entry e;
173
174 RAND_bytes ((unsigned char *)&id, sizeof id);
175 RAND_bytes ((unsigned char *)&chg, sizeof chg);
176
177 e.expire = ev_now () + RSA_TTL; 212 auth_expire = ev_now () + AUTH_TTL;
178 e.id = id;
179 memcpy (&e.chg, &chg, sizeof chg);
180
181 push_back (e);
182
183 if (!cleaner.is_active ())
184 cleaner.again ();
185 }
186
187 rsa_cache ()
188 {
189 cleaner.set<rsa_cache, &rsa_cache::cleaner_cb> (this);
190 cleaner.set (RSA_TTL, RSA_TTL);
191 }
192
193} rsa_cache;
194
195void rsa_cache::cleaner_cb (ev::timer &w, int revents)
196{
197 if (empty ())
198 w.stop ();
199 else
200 {
201 for (iterator i = begin (); i != end (); )
202 if (i->expire <= ev_now ())
203 i = erase (i);
204 else
205 ++i;
206 }
207} 213}
208 214
209////////////////////////////////////////////////////////////////////////////// 215//////////////////////////////////////////////////////////////////////////////
210 216
211pkt_queue::pkt_queue (double max_ttl, int max_queue) 217pkt_queue::pkt_queue (double max_ttl, int max_queue)
225 delete p; 231 delete p;
226 232
227 delete [] queue; 233 delete [] queue;
228} 234}
229 235
236void
230void pkt_queue::expire_cb (ev::timer &w, int revents) 237pkt_queue::expire_cb (ev::timer &w, int revents)
231{ 238{
232 ev_tstamp expire = ev_now () - max_ttl; 239 ev_tstamp expire = ev_now () - max_ttl;
233 240
234 for (;;) 241 for (;;)
235 { 242 {
246 253
247 delete get (); 254 delete get ();
248 } 255 }
249} 256}
250 257
258void
251void pkt_queue::put (net_packet *p) 259pkt_queue::put (net_packet *p)
252{ 260{
253 ev_tstamp now = ev_now (); 261 ev_tstamp now = ev_now ();
254 262
255 // start expiry timer 263 // start expiry timer
256 if (empty ()) 264 if (empty ())
265 queue[i].tstamp = now; 273 queue[i].tstamp = now;
266 274
267 i = ni; 275 i = ni;
268} 276}
269 277
270net_packet *pkt_queue::get () 278net_packet *
279pkt_queue::get ()
271{ 280{
272 if (empty ()) 281 if (empty ())
273 return 0; 282 return 0;
274 283
275 net_packet *p = queue[j].pkt; 284 net_packet *p = queue[j].pkt;
299 308
300 bool can (const sockinfo &si) { return can((u32)si.host); } 309 bool can (const sockinfo &si) { return can((u32)si.host); }
301 bool can (u32 host); 310 bool can (u32 host);
302}; 311};
303 312
304net_rate_limiter auth_rate_limiter, reset_rate_limiter; 313static net_rate_limiter auth_rate_limiter, reset_rate_limiter;
305 314
315bool
306bool net_rate_limiter::can (u32 host) 316net_rate_limiter::can (u32 host)
307{ 317{
308 iterator i; 318 iterator i;
309 319
310 for (i = begin (); i != end (); ) 320 for (i = begin (); i != end (); )
311 if (i->host == host) 321 if (i->host == host)
356 } 366 }
357} 367}
358 368
359///////////////////////////////////////////////////////////////////////////// 369/////////////////////////////////////////////////////////////////////////////
360 370
361unsigned char hmac_packet::hmac_digest[EVP_MAX_MD_SIZE]; 371void
362
363void hmac_packet::hmac_gen (crypto_ctx *ctx) 372hmac_packet::hmac_gen (crypto_ctx *ctx, u8 *hmac_digest)
364{ 373{
365 unsigned int xlen;
366
367 HMAC_CTX *hctx = &ctx->hctx; 374 HMAC_CTX *hctx = &ctx->hctx;
368 375
369 HMAC_Init_ex (hctx, 0, 0, 0, 0); 376 require101 (HMAC_Init_ex (hctx, 0, 0, 0, 0));
370 HMAC_Update (hctx, ((unsigned char *) this) + sizeof (hmac_packet), 377 require101 (HMAC_Update (hctx, ((unsigned char *) this) + sizeof (hmac_packet), len - sizeof (hmac_packet)));
371 len - sizeof (hmac_packet)); 378 require101 (HMAC_Final (hctx, hmac_digest, 0));
372 HMAC_Final (hctx, (unsigned char *) &hmac_digest, &xlen);
373} 379}
374 380
375void 381void
376hmac_packet::hmac_set (crypto_ctx *ctx) 382hmac_packet::hmac_set (crypto_ctx *ctx)
377{ 383{
378 hmac_gen (ctx); 384 unsigned char hmac_digest[EVP_MAX_MD_SIZE];
379 385 hmac_gen (ctx, hmac_digest);
380 memcpy (hmac, hmac_digest, HMACLENGTH); 386 memcpy (hmac, hmac_digest, HMACLENGTH);
381} 387}
382 388
383bool 389bool
384hmac_packet::hmac_chk (crypto_ctx *ctx) 390hmac_packet::hmac_chk (crypto_ctx *ctx)
385{ 391{
386 hmac_gen (ctx); 392 unsigned char hmac_digest[EVP_MAX_MD_SIZE];
387 393 hmac_gen (ctx, hmac_digest);
388 return !memcmp (hmac, hmac_digest, HMACLENGTH); 394 return slow_memeq (hmac, hmac_digest, HMACLENGTH);
389} 395}
390 396
397void
391void vpn_packet::set_hdr (ptype type_, unsigned int dst) 398vpn_packet::set_hdr (ptype type_, unsigned int dst)
392{ 399{
393 type = type_; 400 type = type_;
394 401
395 int src = THISNODE->id; 402 int src = THISNODE->id;
396 403
398 srcdst = ((src >> 8) << 4) | (dst >> 8); 405 srcdst = ((src >> 8) << 4) | (dst >> 8);
399 dst1 = dst; 406 dst1 = dst;
400} 407}
401 408
402#define MAXVPNDATA (MAX_MTU - 6 - 6) 409#define MAXVPNDATA (MAX_MTU - 6 - 6)
403#define DATAHDR (sizeof (u32) + RAND_SIZE)
404 410
405struct vpndata_packet : vpn_packet 411struct vpndata_packet : vpn_packet
412{
413 u32 ctr; // seqno
414 u8 data[MAXVPNDATA];
415
416 void setup (connection *conn, int dst, u8 *d, u32 len, u32 seqno);
417 tap_packet *unpack (connection *conn, u32 &seqno);
418
419private:
420 const u32 data_hdr_size () const
406 { 421 {
407 u8 data[MAXVPNDATA + DATAHDR]; // seqno 422 // the distance from beginning of packet to data member
408 423 return data - at (0);
409 void setup (connection *conn, int dst, u8 *d, u32 len, u32 seqno);
410 tap_packet *unpack (connection *conn, u32 &seqno);
411private:
412
413 const u32 data_hdr_size () const
414 {
415 return sizeof (vpndata_packet) - sizeof (net_packet) - MAXVPNDATA - DATAHDR;
416 }
417 }; 424 }
425};
426
427// expands packet counter (unlike seqno, in network byte order) to counter mode IV
428static unsigned char *
429expand_iv (u32 ctr)
430{
431 static u32 iv[IV_SIZE (CIPHER) / 4];
432
433 require (sizeof (iv) == 4 * 4);
434 require (IV_SIZE (CIPHER) % 4 == 0);
435
436 iv[0] =
437 iv[1] =
438 iv[2] = ctr;
439
440 // I would reuse ctr here to to avoid potential endianness issues,
441 // but it seems openssl wraps around. While this would be still ok,
442 // and I don't even know if its true, let's play safe and initialise
443 // to 0.
444 iv[3] = 0;
445
446 return (unsigned char *)iv;
447}
418 448
419void 449void
420vpndata_packet::setup (connection *conn, int dst, u8 *d, u32 l, u32 seqno) 450vpndata_packet::setup (connection *conn, int dst, u8 *d, u32 l, u32 seqno)
421{ 451{
422 EVP_CIPHER_CTX *cctx = &conn->octx->cctx; 452 EVP_CIPHER_CTX *cctx = &conn->octx->cctx;
424 ptype type = PT_DATA_UNCOMPRESSED; 454 ptype type = PT_DATA_UNCOMPRESSED;
425 455
426#if ENABLE_COMPRESSION 456#if ENABLE_COMPRESSION
427 u8 cdata[MAX_MTU]; 457 u8 cdata[MAX_MTU];
428 458
429 if (conn->features & ENABLE_COMPRESSION) 459 if (conn->features & FEATURE_COMPRESSION)
430 { 460 {
431 u32 cl = lzf_compress (d, l, cdata + 2, (l - 2) & ~7); 461 u32 cl = lzf_compress (d, l, cdata + 2, (l - 2) & ~7);
432 462
433 if (cl) 463 if (cl)
434 { 464 {
440 d[1] = cl; 470 d[1] = cl;
441 } 471 }
442 } 472 }
443#endif 473#endif
444 474
475 ctr = htonl (seqno);
476
445 require (EVP_EncryptInit_ex (cctx, 0, 0, 0, 0)); 477 require (EVP_EncryptInit_ex (cctx, 0, 0, 0, expand_iv (ctr)));
446
447 struct {
448#if RAND_SIZE
449 u8 rnd[RAND_SIZE];
450#endif
451 u32 seqno;
452 } datahdr;
453
454 datahdr.seqno = ntohl (seqno);
455#if RAND_SIZE
456 RAND_pseudo_bytes ((unsigned char *) datahdr.rnd, RAND_SIZE);
457#endif
458 478
459 require (EVP_EncryptUpdate (cctx, 479 require (EVP_EncryptUpdate (cctx,
460 (unsigned char *) data + outl, &outl2, 480 (unsigned char *)data + outl, &outl2,
461 (unsigned char *) &datahdr, DATAHDR)); 481 (unsigned char *)d, l));
462 outl += outl2; 482 outl += outl2;
463 483
464 require (EVP_EncryptUpdate (cctx, 484 // it seems this is a nop for us, but we do it anyways
465 (unsigned char *) data + outl, &outl2, 485 require (EVP_EncryptFinal_ex (cctx, (unsigned char *)data + outl, &outl2));
466 (unsigned char *) d, l));
467 outl += outl2; 486 outl += outl2;
468 487
469 require (EVP_EncryptFinal_ex (cctx, (unsigned char *) data + outl, &outl2));
470 outl += outl2;
471
472 len = outl + data_hdr_size (); 488 len = data_hdr_size () + outl;
473 489
474 set_hdr (type, dst); 490 set_hdr (type, dst);
475 491
476 hmac_set (conn->octx); 492 hmac_set (conn->octx);
477} 493}
481{ 497{
482 EVP_CIPHER_CTX *cctx = &conn->ictx->cctx; 498 EVP_CIPHER_CTX *cctx = &conn->ictx->cctx;
483 int outl = 0, outl2; 499 int outl = 0, outl2;
484 tap_packet *p = new tap_packet; 500 tap_packet *p = new tap_packet;
485 u8 *d; 501 u8 *d;
486 u32 l = len - data_hdr_size ();
487 502
503 seqno = ntohl (ctr);
504
488 require (EVP_DecryptInit_ex (cctx, 0, 0, 0, 0)); 505 require (EVP_DecryptInit_ex (cctx, 0, 0, 0, expand_iv (ctr)));
489 506
490#if ENABLE_COMPRESSION 507#if ENABLE_COMPRESSION
491 u8 cdata[MAX_MTU]; 508 u8 cdata[MAX_MTU];
492 509
493 if (type == PT_DATA_COMPRESSED) 510 if (type == PT_DATA_COMPRESSED)
494 d = cdata; 511 d = cdata;
495 else 512 else
496#endif 513#endif
497 d = &(*p)[6 + 6 - DATAHDR]; 514 d = &(*p)[6 + 6];
498 515
499 /* this overwrites part of the src mac, but we fix that later */ 516 // this can overwrite the len/dst/src fields
500 require (EVP_DecryptUpdate (cctx, 517 require (EVP_DecryptUpdate (cctx,
501 d, &outl2, 518 d, &outl2,
502 (unsigned char *)&data, len - data_hdr_size ())); 519 (unsigned char *)&data, len - data_hdr_size ()));
503 outl += outl2; 520 outl += outl2;
504 521
522 // it seems this is a nop for us, but we do it anyways
505 require (EVP_DecryptFinal_ex (cctx, (unsigned char *)d + outl, &outl2)); 523 require (EVP_DecryptFinal_ex (cctx, (unsigned char *)d + outl, &outl2));
506 outl += outl2; 524 outl += outl2;
507 525
508 seqno = ntohl (*(u32 *)(d + RAND_SIZE));
509
510 id2mac (dst () ? dst() : THISNODE->id, p->dst); 526 id2mac (dst () ? dst() : THISNODE->id, p->dst);
511 id2mac (src (), p->src); 527 id2mac (src (), p->src);
512 528
513#if ENABLE_COMPRESSION 529#if ENABLE_COMPRESSION
514 if (type == PT_DATA_COMPRESSED) 530 if (type == PT_DATA_COMPRESSED)
515 { 531 {
516 u32 cl = (d[DATAHDR] << 8) | d[DATAHDR + 1]; 532 u32 cl = (d[0] << 8) | d[1];
517 533
518 p->len = lzf_decompress (d + DATAHDR + 2, cl < MAX_MTU ? cl : 0, 534 p->len = lzf_decompress (d + 2, cl < MAX_MTU - 2 ? cl : 0,
519 &(*p)[6 + 6], MAX_MTU) 535 &(*p)[6 + 6], MAX_MTU)
520 + 6 + 6; 536 + 6 + 6;
521 } 537 }
522 else 538 else
523 p->len = outl + (6 + 6 - DATAHDR); 539 p->len = outl + (6 + 6);
524#endif 540#endif
525 541
526 return p; 542 return p;
527} 543}
528 544
535 } 551 }
536}; 552};
537 553
538struct config_packet : vpn_packet 554struct config_packet : vpn_packet
539{ 555{
540 // actually, hmaclen cannot be checked because the hmac 556 u8 serial[SERIAL_SIZE];
541 // field comes before this data, so peers with other
542 // hmacs simply will not work.
543 u8 prot_major, prot_minor, randsize, hmaclen; 557 u8 prot_major, prot_minor, randsize;
544 u8 flags, challengelen, features, pad3; 558 u8 flags, features, pad6, pad7, pad8;
545 u32 cipher_nid, digest_nid, hmac_nid; 559 u32 cipher_nid, mac_nid, auth_nid;
546 560
547 void setup (ptype type, int dst); 561 void setup (ptype type, int dst);
548 bool chk_config () const; 562 bool chk_config (const conf_node *conf, const sockinfo &rsi) const;
549 563
550 static u8 get_features () 564 static u8 get_features ()
551 { 565 {
552 u8 f = 0; 566 u8 f = 0;
553#if ENABLE_COMPRESSION 567#if ENABLE_COMPRESSION
561#endif 575#endif
562 return f; 576 return f;
563 } 577 }
564}; 578};
565 579
580void
566void config_packet::setup (ptype type, int dst) 581config_packet::setup (ptype type, int dst)
567{ 582{
568 prot_major = PROTOCOL_MAJOR; 583 prot_major = PROTOCOL_MAJOR;
569 prot_minor = PROTOCOL_MINOR; 584 prot_minor = PROTOCOL_MINOR;
570 randsize = RAND_SIZE;
571 hmaclen = HMACLENGTH;
572 flags = 0; 585 flags = 0;
573 challengelen = sizeof (rsachallenge);
574 features = get_features (); 586 features = get_features ();
575 587
588 strncpy ((char *)serial, conf.serial, sizeof (serial));
589
576 cipher_nid = htonl (EVP_CIPHER_nid (CIPHER)); 590 cipher_nid = htonl (EVP_CIPHER_nid (CIPHER ()));
577 digest_nid = htonl (EVP_MD_type (RSA_HASH));
578 hmac_nid = htonl (EVP_MD_type (DIGEST)); 591 mac_nid = htonl (EVP_MD_type (MAC_DIGEST ()));
592 auth_nid = htonl (EVP_MD_type (AUTH_DIGEST ()));
579 593
580 len = sizeof (*this) - sizeof (net_packet); 594 len = sizeof (*this) - sizeof (net_packet);
581 set_hdr (type, dst); 595 set_hdr (type, dst);
582} 596}
583 597
584bool config_packet::chk_config () const 598bool
599config_packet::chk_config (const conf_node *conf, const sockinfo &rsi) const
585{ 600{
586 if (prot_major != PROTOCOL_MAJOR) 601 if (prot_major != PROTOCOL_MAJOR)
587 slog (L_WARN, _("major version mismatch (remote %d <=> local %d)"), prot_major, PROTOCOL_MAJOR); 602 slog (L_WARN, _("%s(%s): major version mismatch (remote %d <=> local %d)"),
588 else if (randsize != RAND_SIZE) 603 conf->nodename, (const char *)rsi, prot_major, PROTOCOL_MAJOR);
589 slog (L_WARN, _("rand size mismatch (remote %d <=> local %d)"), randsize, RAND_SIZE);
590 else if (hmaclen != HMACLENGTH)
591 slog (L_WARN, _("hmac length mismatch (remote %d <=> local %d)"), hmaclen, HMACLENGTH);
592 else if (challengelen != sizeof (rsachallenge))
593 slog (L_WARN, _("challenge length mismatch (remote %d <=> local %d)"), challengelen, sizeof (rsachallenge));
594 else if (cipher_nid != htonl (EVP_CIPHER_nid (CIPHER))) 604 else if (cipher_nid != htonl (EVP_CIPHER_nid (CIPHER ())))
595 slog (L_WARN, _("cipher mismatch (remote %x <=> local %x)"), ntohl (cipher_nid), EVP_CIPHER_nid (CIPHER)); 605 slog (L_WARN, _("%s(%s): cipher algo mismatch (remote %x <=> local %x)"),
596 else if (digest_nid != htonl (EVP_MD_type (RSA_HASH))) 606 conf->nodename, (const char *)rsi, ntohl (cipher_nid), EVP_CIPHER_nid (CIPHER ()));
597 slog (L_WARN, _("digest mismatch (remote %x <=> local %x)"), ntohl (digest_nid), EVP_MD_type (RSA_HASH));
598 else if (hmac_nid != htonl (EVP_MD_type (DIGEST))) 607 else if (mac_nid != htonl (EVP_MD_type (MAC_DIGEST ())))
599 slog (L_WARN, _("hmac mismatch (remote %x <=> local %x)"), ntohl (hmac_nid), EVP_MD_type (DIGEST)); 608 slog (L_WARN, _("%s(%s): mac algo mismatch (remote %x <=> local %x)"),
609 conf->nodename, (const char *)rsi, ntohl (mac_nid), EVP_MD_type (MAC_DIGEST ()));
610 else if (auth_nid != htonl (EVP_MD_type (AUTH_DIGEST ())))
611 slog (L_WARN, _("%s(%s): auth algo mismatch (remote %x <=> local %x)"),
612 conf->nodename, (const char *)rsi, ntohl (auth_nid), EVP_MD_type (AUTH_DIGEST ()));
600 else 613 else
614 {
615 int cmp = memcmp (serial, ::conf.serial, sizeof (serial));
616
617 if (cmp > 0)
618 slog (L_WARN, _("%s(%s): remote serial newer than local serial - outdated config?"),
619 conf->nodename, (const char *)rsi);
620 else if (cmp == 0)
601 return true; 621 return true;
622 }
602 623
603 return false; 624 return false;
604} 625}
605 626
606struct auth_req_packet : config_packet 627struct auth_req_packet : config_packet // UNPROTECTED
607{ 628{
608 char magic[8]; 629 char magic[8];
609 u8 initiate; // false if this is just an automatic reply 630 u8 initiate; // false if this is just an automatic reply
610 u8 protocols; // supported protocols (will be patched on forward) 631 u8 protocols; // supported protocols (will be patched on forward)
611 u8 pad2, pad3; 632 u8 pad2, pad3;
612 rsaid id; 633 auth_encr encr;
613 rsaencrdata encr;
614 634
615 auth_req_packet (int dst, bool initiate_, u8 protocols_) 635 auth_req_packet (int dst, bool initiate_, u8 protocols_)
616 { 636 {
617 config_packet::setup (PT_AUTH_REQ, dst); 637 config_packet::setup (PT_AUTH_REQ, dst);
618 strncpy (magic, MAGIC, 8); 638 memcpy (magic, MAGIC, 8);
619 initiate = !!initiate_; 639 initiate = !!initiate_;
620 protocols = protocols_; 640 protocols = protocols_;
621 641
622 len = sizeof (*this) - sizeof (net_packet); 642 len = sizeof (*this) - sizeof (net_packet);
623 } 643 }
624}; 644};
625 645
626struct auth_res_packet : config_packet 646struct auth_res_packet : vpn_packet // UNPROTECTED
627{ 647{
628 rsaid id;
629 u8 pad1, pad2, pad3;
630 u8 response_len; // encrypted length
631 rsaresponse response; 648 auth_response response;
632 649
633 auth_res_packet (int dst) 650 auth_res_packet (int dst)
634 { 651 {
635 config_packet::setup (PT_AUTH_RES, dst); 652 set_hdr (PT_AUTH_RES, dst);
636 653
637 len = sizeof (*this) - sizeof (net_packet); 654 len = sizeof (*this) - sizeof (net_packet);
638 } 655 }
639}; 656};
640 657
670}; 687};
671 688
672///////////////////////////////////////////////////////////////////////////// 689/////////////////////////////////////////////////////////////////////////////
673 690
674void 691void
675connection::connection_established () 692connection::connection_established (const sockinfo &rsi)
676{ 693{
677 slog (L_NOISE, _("%s: possible connection establish (ictx %d, octx %d)"), conf->nodename, !!ictx, !!octx); 694 if (!have_snd_auth || !have_rcv_auth)
695 return;
678 696
679 if (ictx && octx) 697 si = rsi;
698 protocol = rsi.prot;
699
700 slog (L_INFO, _("%s(%s): connection established (%s), protocol version %d.%d."),
701 conf->nodename, (const char *)rsi,
702 vpn->can_direct (THISNODE, conf) ? "direct" : "forwarded",
703 PROTOCOL_MAJOR, prot_minor);
704
705 if (::conf.script_node_up)
706 {
707 run_script_cb *cb = new run_script_cb;
708 cb->set<connection, &connection::script_node_up> (this);
709 run_script_queued (cb, _("node-up command execution failed, continuing."));
680 { 710 }
711
712 delete ictx; ictx = new crypto_ctx (rcv_auth, snd_auth, rcv_ecdh_a, rcv_auth.ecdh, 0);
713 iseqno.reset (ntohl (rcv_auth.rsa.seqno) & 0x7fffffff);
714
715 delete octx; octx = new crypto_ctx (snd_auth, rcv_auth, snd_ecdh_a, snd_ecdh_b , 1);
716 oseqno = ntohl (snd_auth.rsa.seqno) & 0x7fffffff;
717
681 // make sure rekeying timeouts are slightly asymmetric 718 // make sure rekeying timeouts are slightly asymmetric
682 ev::tstamp rekey_interval = ::conf.rekey + (conf->id > THISNODE->id ? 10 : 0); 719 ev::tstamp rekey_interval = ::conf.rekey + (conf->id > THISNODE->id ? 10 : 0);
683 rekey.start (rekey_interval, rekey_interval); 720 rekey.start (rekey_interval, rekey_interval);
721
722 hmac_error = 0.;
723
684 keepalive.start (::conf.keepalive); 724 keepalive.start (::conf.keepalive);
685 725
686 // send queued packets 726 // send queued packets
687 if (ictx && octx)
688 {
689 while (tap_packet *p = (tap_packet *)data_queue.get ()) 727 while (tap_packet *p = (tap_packet *)data_queue.get ())
690 { 728 {
691 if (p->len) send_data_packet (p); 729 if (p->len) send_data_packet (p);
692 delete p; 730 delete p;
693 } 731 }
694 732
695 while (vpn_packet *p = (vpn_packet *)vpn_queue.get ()) 733 while (vpn_packet *p = (vpn_packet *)vpn_queue.get ())
696 { 734 {
697 if (p->len) send_vpn_packet (p, si, IPTOS_RELIABILITY); 735 if (p->len) send_vpn_packet (p, si, IPTOS_RELIABILITY);
698 delete p; 736 delete p;
699 } 737 }
700 }
701 738
702 vpn->connection_established (this); 739 vpn->connection_established (this);
703 }
704 else
705 {
706 retry_cnt = 0;
707 establish_connection.start (5);
708 keepalive.stop ();
709 rekey.stop ();
710 }
711} 740}
712 741
713void 742void
714connection::reset_si () 743connection::reset_si ()
715{ 744{
720 slog (L_TRACE, _("%s: direct connection denied by config."), conf->nodename); 749 slog (L_TRACE, _("%s: direct connection denied by config."), conf->nodename);
721 protocol = 0; 750 protocol = 0;
722 } 751 }
723 752
724 si.set (conf, protocol); 753 si.set (conf, protocol);
725
726 is_direct = si.valid ();
727} 754}
728 755
729// ensure sockinfo is valid, forward if necessary 756// ensure sockinfo is valid, forward if necessary
730const sockinfo & 757const sockinfo &
731connection::forward_si (const sockinfo &si) const 758connection::forward_si (const sockinfo &si) const
750 777
751void 778void
752connection::send_vpn_packet (vpn_packet *pkt, const sockinfo &si, int tos) 779connection::send_vpn_packet (vpn_packet *pkt, const sockinfo &si, int tos)
753{ 780{
754 if (!vpn->send_vpn_packet (pkt, si, tos)) 781 if (!vpn->send_vpn_packet (pkt, si, tos))
755 reset_connection (); 782 reset_connection ("packet send error");
756} 783}
757 784
758void 785void
759connection::send_ping (const sockinfo &si, u8 pong) 786connection::send_ping (const sockinfo &si, u8 pong)
760{ 787{
761 ping_packet *pkt = new ping_packet; 788 ping_packet *pkt = new ping_packet;
762 789
763 pkt->setup (conf->id, pong ? ping_packet::PT_PONG : ping_packet::PT_PING); 790 pkt->setup (conf->id, pong ? ping_packet::PT_PONG : ping_packet::PT_PING);
764 791
765 slog (L_TRACE, "%s << %s [%s]", conf->nodename, pong ? "PT_PONG" : "PT_PING", (const char *)si); 792 slog (L_TRACE, "%s << %s [%s]", conf->nodename, pong ? "PT_PONG" : "PT_PING", (const char *)si);
766
767 send_vpn_packet (pkt, si, IPTOS_LOWDELAY); 793 send_vpn_packet (pkt, si, IPTOS_LOWDELAY);
768 794
769 delete pkt; 795 delete pkt;
770} 796}
771 797
786void 812void
787connection::send_auth_request (const sockinfo &si, bool initiate) 813connection::send_auth_request (const sockinfo &si, bool initiate)
788{ 814{
789 auth_req_packet *pkt = new auth_req_packet (conf->id, initiate, THISNODE->protocols); 815 auth_req_packet *pkt = new auth_req_packet (conf->id, initiate, THISNODE->protocols);
790 816
791 rsachallenge chg; 817 generate_auth_data ();
792 rsa_cache.gen (pkt->id, chg);
793 rsa_encrypt (conf->rsa_key, chg, pkt->encr); 818 auth_encrypt (conf->rsa_key, snd_auth, pkt->encr);
794 819
795 slog (L_TRACE, "%s << PT_AUTH_REQ [%s]", conf->nodename, (const char *)si); 820 slog (L_TRACE, "%s << PT_AUTH_REQ [%s]", conf->nodename, (const char *)si);
796
797 send_vpn_packet (pkt, si, IPTOS_RELIABILITY | IPTOS_LOWDELAY); // rsa is very very costly 821 send_vpn_packet (pkt, si, IPTOS_RELIABILITY | IPTOS_LOWDELAY); // rsa is very very costly
798 822
799 delete pkt; 823 delete pkt;
800} 824}
801 825
802void 826void
803connection::send_auth_response (const sockinfo &si, const rsaid &id, const rsachallenge &chg) 827connection::send_auth_response (const sockinfo &si)
804{ 828{
805 auth_res_packet *pkt = new auth_res_packet (conf->id); 829 auth_res_packet *pkt = new auth_res_packet (conf->id);
806 830
807 pkt->id = id; 831 memcpy (pkt->response.ecdh, rcv_ecdh_b, sizeof rcv_ecdh_b);
808 832 auth_hash (rcv_auth, rcv_ecdh_b, pkt->response.mac);
809 rsa_hash (id, chg, pkt->response);
810
811 pkt->hmac_set (octx);
812 833
813 slog (L_TRACE, "%s << PT_AUTH_RES [%s]", conf->nodename, (const char *)si); 834 slog (L_TRACE, "%s << PT_AUTH_RES [%s]", conf->nodename, (const char *)si);
814
815 send_vpn_packet (pkt, si, IPTOS_RELIABILITY); // rsa is very very costly 835 send_vpn_packet (pkt, si, IPTOS_RELIABILITY); // rsa is very very costly
816 836
817 delete pkt; 837 delete pkt;
818} 838}
819 839
820void 840void
821connection::send_connect_info (int rid, const sockinfo &rsi, u8 rprotocols) 841connection::send_connect_info (int rid, const sockinfo &rsi, u8 rprotocols)
822{ 842{
823 slog (L_TRACE, "%s << PT_CONNECT_INFO(%s,%s)", conf->nodename, 843 slog (L_TRACE, "%s << PT_CONNECT_INFO(%s,%s,p%02x)", conf->nodename,
824 vpn->conns[rid - 1]->conf->nodename, (const char *)rsi); 844 vpn->conns[rid - 1]->conf->nodename, (const char *)rsi,
845 conf->protocols);
825 846
826 connect_info_packet *r = new connect_info_packet (conf->id, rid, rsi, rprotocols); 847 connect_info_packet *r = new connect_info_packet (conf->id, rid, rsi, rprotocols);
827 848
828 r->hmac_set (octx); 849 r->hmac_set (octx);
829 send_vpn_packet (r, si); 850 send_vpn_packet (r, si);
832} 853}
833 854
834inline void 855inline void
835connection::establish_connection_cb (ev::timer &w, int revents) 856connection::establish_connection_cb (ev::timer &w, int revents)
836{ 857{
837 if (!ictx 858 if (!(ictx && octx)
838 && conf != THISNODE 859 && conf != THISNODE
839 && connectmode != conf_node::C_NEVER 860 && connectmode != conf_node::C_NEVER
840 && connectmode != conf_node::C_DISABLED 861 && connectmode != conf_node::C_DISABLED
841 && !w.is_active ()) 862 && !w.is_active ())
842 { 863 {
843 // a bit hacky, if ondemand, and packets are no longer queued, then reset the connection 864 // a bit hacky, if ondemand, and packets are no longer queued, then reset the connection
844 // and stop trying. should probably be handled by a per-connection expire handler. 865 // and stop trying. should probably be handled by a per-connection expire handler.
845 if (connectmode == conf_node::C_ONDEMAND && vpn_queue.empty () && data_queue.empty ()) 866 if (connectmode == conf_node::C_ONDEMAND && vpn_queue.empty () && data_queue.empty ())
846 { 867 {
847 reset_connection (); 868 reset_connection ("no demand");
848 return; 869 return;
849 } 870 }
850 871
851 last_establish_attempt = ev_now (); 872 last_establish_attempt = ev_now ();
852 873
854 ? (retry_cnt & 3) + 1 875 ? (retry_cnt & 3) + 1
855 : 1 << (retry_cnt >> 2)); 876 : 1 << (retry_cnt >> 2));
856 877
857 reset_si (); 878 reset_si ();
858 879
859 bool slow = si.prot & PROT_SLOW; 880 bool slow = (si.prot & PROT_SLOW) || (conf->low_power || THISNODE->low_power);
860 881
861 if (si.prot && !si.host && vpn->can_direct (THISNODE, conf)) 882 if (si.prot && !si.host && vpn->can_direct (THISNODE, conf))
862 { 883 {
863 /*TODO*/ /* start the timer so we don't recurse endlessly */ 884 /*TODO*/ /* start the timer so we don't recurse endlessly */
864 w.start (1); 885 w.start (1);
874 895
875 slow = slow || (dsi.prot & PROT_SLOW); 896 slow = slow || (dsi.prot & PROT_SLOW);
876 897
877 if (dsi.valid () && auth_rate_limiter.can (dsi)) 898 if (dsi.valid () && auth_rate_limiter.can (dsi))
878 { 899 {
879 if (retry_cnt < 4) 900 // use ping after the first few retries
901 // TODO: on rekeys, the other node might not interpret ping correctly,
902 // TODO: as it will still have a valid connection
903 if (retry_cnt < 4 && (!conf->low_power || THISNODE->low_power))
880 send_auth_request (dsi, true); 904 send_auth_request (dsi, true);
881 else 905 else
882 send_ping (dsi, 0); 906 send_ping (dsi, 0);
883 } 907 }
884 } 908 }
885 909
886 retry_int *= slow ? 8. : 0.9; 910 retry_int *= slow ? 4. : 0.9;
887 911
888 if (retry_int < conf->max_retry) 912 if (retry_int < conf->max_retry)
889 retry_cnt++; 913 retry_cnt++;
890 else 914 else
891 retry_int = conf->max_retry; 915 retry_int = conf->max_retry;
893 w.start (retry_int); 917 w.start (retry_int);
894 } 918 }
895} 919}
896 920
897void 921void
898connection::reset_connection () 922connection::reset_connection (const char *reason)
899{ 923{
900 if (ictx && octx) 924 if (ictx && octx)
901 { 925 {
902 slog (L_INFO, _("%s(%s): connection lost"), 926 slog (L_INFO, _("%s(%s): connection lost (%s)"),
903 conf->nodename, (const char *)si); 927 conf->nodename, (const char *)si, reason);
904 928
905 if (::conf.script_node_down) 929 if (::conf.script_node_down)
906 { 930 {
907 run_script_cb *cb = new run_script_cb; 931 run_script_cb *cb = new run_script_cb;
908 cb->set<connection, &connection::script_node_down> (this); 932 cb->set<connection, &connection::script_node_down> (this);
910 } 934 }
911 } 935 }
912 936
913 delete ictx; ictx = 0; 937 delete ictx; ictx = 0;
914 delete octx; octx = 0; 938 delete octx; octx = 0;
915#if ENABLE_DNS
916 dnsv4_reset_connection ();
917#endif
918 939
919 si.host = 0; 940 si.host = 0;
941
942 have_snd_auth = false;
943 have_rcv_auth = false;
944 auth_expire = 0.;
920 945
921 last_activity = 0.; 946 last_activity = 0.;
922 //last_si_change = 0.; 947 //last_si_change = 0.;
923 retry_cnt = 0; 948 retry_cnt = 0;
924 949
931connection::shutdown () 956connection::shutdown ()
932{ 957{
933 if (ictx && octx) 958 if (ictx && octx)
934 send_reset (si); 959 send_reset (si);
935 960
936 reset_connection (); 961 reset_connection ("shutdown");
937} 962}
938 963
939// poor-man's rekeying 964// poor-man's rekeying
940inline void 965inline void
941connection::rekey_cb (ev::timer &w, int revents) 966connection::rekey_cb (ev::timer &w, int revents)
942{ 967{
943 reset_connection (); 968 reset_connection ("rekeying");
944 establish_connection (); 969 establish_connection ();
945} 970}
946 971
947void 972void
948connection::send_data_packet (tap_packet *pkt) 973connection::send_data_packet (tap_packet *pkt)
965 990
966void 991void
967connection::post_inject_queue () 992connection::post_inject_queue ()
968{ 993{
969 // force a connection every now and when when packets are sent (max 1/s) 994 // force a connection every now and when when packets are sent (max 1/s)
970 if (ev_now () - last_establish_attempt >= 0.95) // arbitrary 995 if (ev_now () - last_establish_attempt >= (conf->low_power || THISNODE->low_power ? 2.95 : 0.95)) // arbitrary
971 establish_connection.stop (); 996 establish_connection.stop ();
972 997
973 establish_connection (); 998 establish_connection ();
974} 999}
975 1000
983 data_queue.put (new tap_packet (*pkt)); 1008 data_queue.put (new tap_packet (*pkt));
984 post_inject_queue (); 1009 post_inject_queue ();
985 } 1010 }
986} 1011}
987 1012
1013void
988void connection::inject_vpn_packet (vpn_packet *pkt, int tos) 1014connection::inject_vpn_packet (vpn_packet *pkt, int tos)
989{ 1015{
990 if (ictx && octx) 1016 if (ictx && octx)
991 send_vpn_packet (pkt, si, tos); 1017 send_vpn_packet (pkt, si, tos);
992 else 1018 else
993 { 1019 {
999void 1025void
1000connection::recv_vpn_packet (vpn_packet *pkt, const sockinfo &rsi) 1026connection::recv_vpn_packet (vpn_packet *pkt, const sockinfo &rsi)
1001{ 1027{
1002 last_activity = ev_now (); 1028 last_activity = ev_now ();
1003 1029
1004 slog (L_NOISE, "%s >> received packet type %d from %d to %d.", 1030 slog (L_NOISE, "%s >> received packet type %d from %d to %d.",
1005 conf->nodename, pkt->typ (), pkt->src (), pkt->dst ()); 1031 conf->nodename, pkt->typ (), pkt->src (), pkt->dst ());
1006 1032
1007 if (connectmode == conf_node::C_DISABLED) 1033 if (connectmode == conf_node::C_DISABLED)
1008 return; 1034 return;
1009 1035
1019 { 1045 {
1020 if (auth_rate_limiter.can (rsi)) 1046 if (auth_rate_limiter.can (rsi))
1021 send_auth_request (rsi, true); 1047 send_auth_request (rsi, true);
1022 } 1048 }
1023 else 1049 else
1024 // we would love to change thre socket address here, but ping's aren't 1050 // we would love to change the socket address here, but ping's aren't
1025 // authenticated, so we best ignore it. 1051 // authenticated, so we best ignore it.
1026 send_ping (rsi, 1); // pong 1052 send_ping (rsi, 1); // pong
1027 1053
1028 break; 1054 break;
1029 1055
1030 case vpn_packet::PT_PONG: 1056 case vpn_packet::PT_PONG:
1031 slog (L_TRACE, "%s >> PT_PONG", conf->nodename); 1057 slog (L_TRACE, "%s >> PT_PONG", conf->nodename);
1058
1059 // a PONG might mean that the other side doesn't really know
1060 // about our desire for communication.
1061 establish_connection ();
1032 break; 1062 break;
1033 1063
1034 case vpn_packet::PT_RESET: 1064 case vpn_packet::PT_RESET:
1065 slog (L_TRACE, "%s >> PT_RESET", conf->nodename);
1066
1067 if (ictx && octx)
1035 { 1068 {
1036 reset_connection (); 1069 reset_connection ("remote reset");
1037 1070
1038 config_packet *p = (config_packet *) pkt; 1071 config_packet *p = (config_packet *) pkt;
1039 1072
1040 if (!p->chk_config ()) 1073 if (p->chk_config (conf, rsi) && connectmode == conf_node::C_ALWAYS)
1041 {
1042 slog (L_WARN, _("%s(%s): protocol mismatch, disabling node."),
1043 conf->nodename, (const char *)rsi);
1044 connectmode = conf_node::C_DISABLED;
1045 }
1046 else if (connectmode == conf_node::C_ALWAYS)
1047 establish_connection (); 1074 establish_connection ();
1048 } 1075 }
1076
1049 break; 1077 break;
1050 1078
1051 case vpn_packet::PT_AUTH_REQ: 1079 case vpn_packet::PT_AUTH_REQ:
1052 if (auth_rate_limiter.can (rsi)) 1080 if (auth_rate_limiter.can (rsi))
1053 { 1081 {
1054 auth_req_packet *p = (auth_req_packet *) pkt; 1082 auth_req_packet *p = (auth_req_packet *)pkt;
1055 1083
1056 slog (L_TRACE, "%s >> PT_AUTH_REQ(%s)", conf->nodename, p->initiate ? "initiate" : "reply"); 1084 slog (L_TRACE, "%s >> PT_AUTH_REQ(%s,p%02x,f%02x)",
1085 conf->nodename, p->initiate ? "initiate" : "reply",
1086 p->protocols, p->features);
1057 1087
1058 if (p->chk_config () && !strncmp (p->magic, MAGIC, 8)) 1088 if (memcmp (p->magic, MAGIC, 8))
1089 {
1090 slog (L_WARN, _("%s(%s): protocol magic mismatch - stray packet?"),
1091 conf->nodename, (const char *)rsi);
1092 }
1093 else if (p->chk_config (conf, rsi))
1059 { 1094 {
1060 if (p->prot_minor != PROTOCOL_MINOR) 1095 if (p->prot_minor != PROTOCOL_MINOR)
1061 slog (L_INFO, _("%s(%s): protocol minor version mismatch: ours is %d, %s's is %d."), 1096 slog (L_INFO, _("%s(%s): protocol minor version mismatch: ours is %d, %s's is %d."),
1062 conf->nodename, (const char *)rsi, 1097 conf->nodename, (const char *)rsi,
1063 PROTOCOL_MINOR, conf->nodename, p->prot_minor); 1098 PROTOCOL_MINOR, conf->nodename, p->prot_minor);
1064 1099
1065 if (p->initiate) 1100 if (p->initiate)
1101 {
1066 send_auth_request (rsi, false); 1102 send_auth_request (rsi, false);
1067 1103
1068 rsachallenge k; 1104 if (ictx && octx)
1105 reset_connection ("reconnect");
1106 }
1069 1107
1108 auth_data auth;
1109
1070 if (!rsa_decrypt (::conf.rsa_key, p->encr, k)) 1110 if (!auth_decrypt (::conf.rsa_key, p->encr, auth))
1071 { 1111 {
1072 slog (L_ERR, _("%s(%s): challenge illegal or corrupted (%s). mismatched key or config file?"), 1112 slog (L_ERR, _("%s(%s): challenge illegal or corrupted (%s). mismatched key or config file?"),
1073 conf->nodename, (const char *)rsi, ERR_error_string (ERR_get_error (), 0)); 1113 conf->nodename, (const char *)rsi, ERR_error_string (ERR_get_error (), 0));
1074 break;
1075 } 1114 }
1076 else 1115 else
1077 { 1116 {
1078 delete octx; 1117 bool chg = !have_rcv_auth || !slow_memeq (&rcv_auth, &auth, sizeof auth);
1079 1118
1080 octx = new crypto_ctx (k, 1); 1119 rcv_auth = auth;
1081 oseqno = ntohl (*(u32 *)&k[CHG_SEQNO]) & 0x7fffffff; 1120 have_rcv_auth = true;
1082 1121
1122 send_auth_response (rsi);
1123
1124 if (chg)
1125 {
1083 conf->protocols = p->protocols; 1126 conf->protocols = p->protocols;
1084 features = p->features & config_packet::get_features (); 1127 features = p->features & config_packet::get_features ();
1085 1128
1086 send_auth_response (rsi, p->id, k);
1087
1088 connection_established (); 1129 connection_established (rsi);
1089
1090 break; 1130 }
1091 } 1131 }
1132
1133 break;
1092 } 1134 }
1093 else
1094 slog (L_WARN, _("%s(%s): protocol mismatch."),
1095 conf->nodename, (const char *)rsi);
1096 1135
1097 send_reset (rsi); 1136 send_reset (rsi);
1098 } 1137 }
1099 1138
1100 break; 1139 break;
1103 { 1142 {
1104 auth_res_packet *p = (auth_res_packet *)pkt; 1143 auth_res_packet *p = (auth_res_packet *)pkt;
1105 1144
1106 slog (L_TRACE, "%s >> PT_AUTH_RES", conf->nodename); 1145 slog (L_TRACE, "%s >> PT_AUTH_RES", conf->nodename);
1107 1146
1108 if (p->chk_config ()) 1147 auth_mac local_mac;
1148 auth_hash (snd_auth, p->response.ecdh, local_mac);
1149
1150 if (!slow_memeq (&p->response.mac, local_mac, sizeof local_mac))
1109 { 1151 {
1110 if (p->prot_minor != PROTOCOL_MINOR)
1111 slog (L_INFO, _("%s(%s): protocol minor version mismatch: ours is %d, %s's is %d."),
1112 conf->nodename, (const char *)rsi,
1113 PROTOCOL_MINOR, conf->nodename, p->prot_minor);
1114
1115 rsachallenge chg;
1116
1117 if (!rsa_cache.find (p->id, chg))
1118 {
1119 slog (L_ERR, _("%s(%s): unrequested auth response, ignoring."), 1152 slog (L_ERR, _("%s(%s): unrequested or outdated auth response, ignoring."),
1120 conf->nodename, (const char *)rsi); 1153 conf->nodename, (const char *)rsi);
1121 break;
1122 } 1154 }
1123 else 1155 else if (!have_snd_auth)
1124 { 1156 {
1125 crypto_ctx *cctx = new crypto_ctx (chg, 0); 1157 memcpy (snd_ecdh_b, p->response.ecdh, sizeof snd_ecdh_b);
1126 1158
1127 if (!p->hmac_chk (cctx)) 1159 have_snd_auth = true;
1128 {
1129 slog (L_ERR, _("%s(%s): hmac authentication error on auth response, received invalid packet\n"
1130 "could be an attack, or just corruption or a synchronization error."),
1131 conf->nodename, (const char *)rsi);
1132 break;
1133 }
1134 else
1135 {
1136 rsaresponse h;
1137
1138 rsa_hash (p->id, chg, h);
1139
1140 if (!memcmp ((u8 *)&h, (u8 *)p->response, sizeof h))
1141 {
1142 prot_minor = p->prot_minor;
1143
1144 delete ictx; ictx = cctx;
1145
1146 iseqno.reset (ntohl (*(u32 *)&chg[CHG_SEQNO]) & 0x7fffffff); // at least 2**31 sequence numbers are valid
1147
1148 si = rsi;
1149 protocol = rsi.prot;
1150
1151 slog (L_INFO, _("%s(%s): connection established (%s), protocol version %d.%d."),
1152 conf->nodename, (const char *)rsi,
1153 is_direct ? "direct" : "forwarded",
1154 p->prot_major, p->prot_minor);
1155
1156 connection_established (); 1160 connection_established (rsi);
1157
1158 if (::conf.script_node_up)
1159 {
1160 run_script_cb *cb = new run_script_cb;
1161 cb->set<connection, &connection::script_node_up> (this);
1162 run_script_queued (cb, _("node-up command execution failed, continuing."));
1163 }
1164
1165 break;
1166 }
1167 else
1168 slog (L_ERR, _("%s(%s): sent and received challenge do not match."),
1169 conf->nodename, (const char *)rsi);
1170 }
1171
1172 delete cctx;
1173 }
1174 } 1161 }
1175 } 1162 }
1176
1177 send_reset (rsi);
1178 break; 1163 break;
1179 1164
1180 case vpn_packet::PT_DATA_COMPRESSED: 1165 case vpn_packet::PT_DATA_COMPRESSED:
1181#if !ENABLE_COMPRESSION 1166#if !ENABLE_COMPRESSION
1182 send_reset (rsi); 1167 send_reset (rsi);
1188 if (ictx && octx) 1173 if (ictx && octx)
1189 { 1174 {
1190 vpndata_packet *p = (vpndata_packet *)pkt; 1175 vpndata_packet *p = (vpndata_packet *)pkt;
1191 1176
1192 if (!p->hmac_chk (ictx)) 1177 if (!p->hmac_chk (ictx))
1178 {
1179 // rekeying often creates temporary hmac auth floods
1180 // we assume they don't take longer than a few seconds normally,
1181 // and suppress messages and resets during that time.
1182 //TODO: should be done per source address
1183 if (!hmac_error)
1184 {
1185 hmac_error = ev_now () + 3;
1186 break;
1187 }
1188 else if (hmac_error >= ev_now ())
1189 break; // silently suppress
1190 else
1191 {
1193 slog (L_ERR, _("%s(%s): hmac authentication error, received invalid packet\n" 1192 slog (L_ERR, _("%s(%s): hmac authentication error, received invalid packet\n"
1194 "could be an attack, or just corruption or a synchronization error."), 1193 "could be an attack, or just corruption or a synchronization error."),
1195 conf->nodename, (const char *)rsi); 1194 conf->nodename, (const char *)rsi);
1195 // reset
1196 }
1197 }
1196 else 1198 else
1197 { 1199 {
1198 u32 seqno; 1200 u32 seqno;
1199 tap_packet *d = p->unpack (this, seqno); 1201 tap_packet *d = p->unpack (this, seqno);
1200 int seqclass = iseqno.seqno_classify (seqno); 1202 int seqclass = iseqno.seqno_classify (seqno);
1203
1204 hmac_error = 0;
1201 1205
1202 if (seqclass == 0) // ok 1206 if (seqclass == 0) // ok
1203 { 1207 {
1204 vpn->tap->send (d); 1208 vpn->tap->send (d);
1205 1209
1210 // { 1214 // {
1211 slog (L_INFO, _("%s(%s): changing socket address to %s."), 1215 slog (L_INFO, _("%s(%s): changing socket address to %s."),
1212 conf->nodename, (const char *)si, (const char *)rsi); 1216 conf->nodename, (const char *)si, (const char *)rsi);
1213 1217
1214 si = rsi; 1218 si = rsi;
1219
1220 if (::conf.script_node_change)
1221 {
1222 run_script_cb *cb = new run_script_cb;
1223 cb->set<connection, &connection::script_node_change> (this);
1224 run_script_queued (cb, _("node-change command execution failed, continuing."));
1225 }
1226
1215 // } 1227 // }
1216 //else 1228 //else
1217 // slog (L_INFO, _("%s(%s): accepted packet from %s, not (yet) redirecting traffic."), 1229 // slog (L_INFO, _("%s(%s): accepted packet from %s, not (yet) redirecting traffic."),
1218 // conf->nodename, (const char *)si, (const char *)rsi); 1230 // conf->nodename, (const char *)si, (const char *)rsi);
1219 } 1231 }
1240 break; 1252 break;
1241 1253
1242 case vpn_packet::PT_CONNECT_REQ: 1254 case vpn_packet::PT_CONNECT_REQ:
1243 if (ictx && octx && rsi == si && pkt->hmac_chk (ictx)) 1255 if (ictx && octx && rsi == si && pkt->hmac_chk (ictx))
1244 { 1256 {
1245 connect_req_packet *p = (connect_req_packet *) pkt; 1257 connect_req_packet *p = (connect_req_packet *)pkt;
1246 1258
1247 if (p->id > 0 && p->id <= vpn->conns.size ()) 1259 if (p->id > 0 && p->id <= vpn->conns.size ())
1248 { 1260 {
1249 connection *c = vpn->conns[p->id - 1]; 1261 connection *c = vpn->conns[p->id - 1];
1250 conf->protocols = p->protocols; 1262 conf->protocols = p->protocols;
1251 1263
1252 slog (L_TRACE, "%s >> PT_CONNECT_REQ(%s) [%d]", 1264 slog (L_TRACE, "%s >> PT_CONNECT_REQ(%s,p%02x) [%d]",
1253 conf->nodename, vpn->conns[p->id - 1]->conf->nodename, c->ictx && c->octx); 1265 conf->nodename, vpn->conns[p->id - 1]->conf->nodename,
1266 p->protocols,
1267 c->ictx && c->octx);
1254 1268
1255 if (c->ictx && c->octx) 1269 if (c->ictx && c->octx)
1256 { 1270 {
1257 // send connect_info packets to both sides, in case one is 1271 // send connect_info packets to both sides, in case one is
1258 // behind a nat firewall (or both ;) 1272 // behind a nat firewall (or both ;)
1281 1295
1282 c->conf->protocols = p->protocols; 1296 c->conf->protocols = p->protocols;
1283 protocol = best_protocol (c->conf->protocols & THISNODE->protocols & p->si.supported_protocols (c->conf)); 1297 protocol = best_protocol (c->conf->protocols & THISNODE->protocols & p->si.supported_protocols (c->conf));
1284 p->si.upgrade_protocol (protocol, c->conf); 1298 p->si.upgrade_protocol (protocol, c->conf);
1285 1299
1286 slog (L_TRACE, "%s >> PT_CONNECT_INFO(%s,%s) [%d]", 1300 slog (L_TRACE, "%s >> PT_CONNECT_INFO(%s,%s,protocols=%02x,protocol=%02x,upgradable=%02x) [%d]",
1301 conf->nodename,
1287 conf->nodename, vpn->conns[p->id - 1]->conf->nodename, 1302 vpn->conns[p->id - 1]->conf->nodename,
1303 (const char *)p->si,
1304 p->protocols,
1305 protocol,
1306 p->si.supported_protocols (c->conf),
1288 (const char *)p->si, !c->ictx && !c->octx); 1307 !c->ictx && !c->octx);
1289 1308
1290 const sockinfo &dsi = forward_si (p->si); 1309 const sockinfo &dsi = forward_si (p->si);
1291 1310
1292 if (dsi.valid ()) 1311 if (dsi.valid ())
1293 c->send_auth_request (dsi, true); 1312 c->send_auth_request (dsi, true);
1313 else
1314 slog (L_INFO, "connect info for %s received (%s), but still unable to contact.",
1315 vpn->conns[p->id - 1]->conf->nodename,
1316 (const char *)p->si);
1294 } 1317 }
1295 else 1318 else
1296 slog (L_WARN, 1319 slog (L_WARN,
1297 _("received authenticated connection request from unknown node #%d, config file mismatch?"), 1320 _("received authenticated connection request from unknown node #%d, config file mismatch?"),
1298 p->id); 1321 p->id);
1307} 1330}
1308 1331
1309inline void 1332inline void
1310connection::keepalive_cb (ev::timer &w, int revents) 1333connection::keepalive_cb (ev::timer &w, int revents)
1311{ 1334{
1312 if (ev_now () >= last_activity + ::conf.keepalive + 30) 1335 ev_tstamp when = last_activity + ::conf.keepalive - ev::now ();
1336
1337 if (when >= 0)
1338 w.start (when);
1339 else if (when < -15)
1313 { 1340 {
1314 reset_connection (); 1341 reset_connection ("keepalive overdue");
1315 establish_connection (); 1342 establish_connection ();
1316 } 1343 }
1317 else if (ev_now () < last_activity + ::conf.keepalive)
1318 w.start (last_activity + ::conf.keepalive - ev::now ());
1319 else if (conf->connectmode != conf_node::C_ONDEMAND 1344 else if (conf->connectmode != conf_node::C_ONDEMAND
1320 || THISNODE->connectmode != conf_node::C_ONDEMAND) 1345 || THISNODE->connectmode != conf_node::C_ONDEMAND)
1321 { 1346 {
1347 w.start (3);
1322 send_ping (si); 1348 send_ping (si);
1323 w.start (5);
1324 } 1349 }
1325 else if (ev_now () < last_activity + ::conf.keepalive + 10) 1350 else if (when >= -10)
1326 // hold ondemand connections implicitly a few seconds longer 1351 // hold ondemand connections implicitly a few seconds longer
1327 // should delete octx, though, or something like that ;) 1352 // should delete octx, though, or something like that ;)
1328 w.start (last_activity + ::conf.keepalive + 10 - ev::now ()); 1353 w.start (when + 10);
1329 else 1354 else
1330 reset_connection (); 1355 reset_connection ("keepalive timeout");
1331} 1356}
1332 1357
1358void
1333void connection::send_connect_request (int id) 1359connection::send_connect_request (int id)
1334{ 1360{
1335 connect_req_packet *p = new connect_req_packet (conf->id, id, conf->protocols); 1361 connect_req_packet *p = new connect_req_packet (conf->id, id, THISNODE->protocols);
1336 1362
1337 slog (L_TRACE, "%s << PT_CONNECT_REQ(%s)", 1363 slog (L_TRACE, "%s << PT_CONNECT_REQ(%s,p%02x)",
1338 conf->nodename, vpn->conns[id - 1]->conf->nodename); 1364 conf->nodename, vpn->conns[id - 1]->conf->nodename,
1365 THISNODE->protocols);
1339 p->hmac_set (octx); 1366 p->hmac_set (octx);
1340 send_vpn_packet (p, si); 1367 send_vpn_packet (p, si);
1341 1368
1342 delete p; 1369 delete p;
1343} 1370}
1344 1371
1372void
1345void connection::script_init_env (const char *ext) 1373connection::script_init_env (const char *ext)
1346{ 1374{
1347 char *env; 1375 char *env;
1348 asprintf (&env, "IFUPDATA%s=%s", ext, conf->if_up_data); putenv (env); 1376 asprintf (&env, "IFUPDATA%s=%s", ext, conf->if_up_data); putenv (env);
1349 asprintf (&env, "NODENAME%s=%s", ext, conf->nodename); putenv (env); 1377 asprintf (&env, "NODENAME%s=%s", ext, conf->nodename); putenv (env);
1350 asprintf (&env, "MAC%s=%02x:%02x:%02x:%02x:%02x:%02x", ext, 1378 asprintf (&env, "MAC%s=%02x:%02x:%02x:%02x:%02x:%02x", ext,
1351 0xfe, 0xfd, 0x80, 0x00, conf->id >> 8, 1379 0xfe, 0xfd, 0x80, 0x00, conf->id >> 8,
1352 conf->id & 0xff); putenv (env); 1380 conf->id & 0xff); putenv (env);
1353} 1381}
1354 1382
1383void
1355void connection::script_init_connect_env () 1384connection::script_init_connect_env ()
1356{ 1385{
1357 vpn->script_init_env (); 1386 vpn->script_init_env ();
1358 1387
1359 char *env; 1388 char *env;
1360 asprintf (&env, "DESTID=%d", conf->id); putenv (env); 1389 asprintf (&env, "DESTID=%d", conf->id); putenv (env);
1390 asprintf (&env, "DESTSI=%s", (const char *)si); putenv (env);
1361 asprintf (&env, "DESTNODE=%s", conf->nodename); putenv (env); 1391 asprintf (&env, "DESTNODE=%s", conf->nodename); putenv (env);
1362 asprintf (&env, "DESTIP=%s", si.ntoa ()); putenv (env); 1392 asprintf (&env, "DESTIP=%s", si.ntoa ()); putenv (env);
1363 asprintf (&env, "DESTPORT=%d", ntohs (si.port)); putenv (env); 1393 asprintf (&env, "DESTPORT=%d", ntohs (si.port)); putenv (env);
1364} 1394}
1365 1395
1366inline const char * 1396inline const char *
1367connection::script_node_up () 1397connection::script_node_up ()
1368{ 1398{
1373 char *filename; 1403 char *filename;
1374 asprintf (&filename, 1404 asprintf (&filename,
1375 "%s/%s", 1405 "%s/%s",
1376 confbase, 1406 confbase,
1377 ::conf.script_node_up ? ::conf.script_node_up : "node-up"); 1407 ::conf.script_node_up ? ::conf.script_node_up : "node-up");
1408
1409 return filename;
1410}
1411
1412inline const char *
1413connection::script_node_change ()
1414{
1415 script_init_connect_env ();
1416
1417 putenv ((char *)"STATE=change");
1418
1419 char *filename;
1420 asprintf (&filename,
1421 "%s/%s",
1422 confbase,
1423 ::conf.script_node_change ? ::conf.script_node_change : "node-change");
1378 1424
1379 return filename; 1425 return filename;
1380} 1426}
1381 1427
1382inline const char * 1428inline const char *
1408 establish_connection.set<connection, &connection::establish_connection_cb> (this); 1454 establish_connection.set<connection, &connection::establish_connection_cb> (this);
1409 1455
1410 last_establish_attempt = 0.; 1456 last_establish_attempt = 0.;
1411 octx = ictx = 0; 1457 octx = ictx = 0;
1412 1458
1413 if (!conf->protocols) // make sure some protocol is enabled
1414 conf->protocols = PROT_UDPv4;
1415
1416 connectmode = conf->connectmode; 1459 connectmode = conf->connectmode;
1417 1460
1418 // queue a dummy packet to force an initial connection attempt 1461 // queue a dummy packet to force an initial connection attempt
1419 if (connectmode != conf_node::C_ALWAYS && connectmode != conf_node::C_DISABLED) 1462 if (connectmode != conf_node::C_ALWAYS && connectmode != conf_node::C_DISABLED)
1420 vpn_queue.put (new net_packet); 1463 vpn_queue.put (new net_packet);
1421 1464
1422 reset_connection (); 1465 reset_connection ("startup");
1423} 1466}
1424 1467
1425connection::~connection () 1468connection::~connection ()
1426{ 1469{
1427 shutdown (); 1470 shutdown ();
1428} 1471}
1429 1472
1473void
1430void connection_init () 1474connection_init ()
1431{ 1475{
1432 auth_rate_limiter.clear (); 1476 auth_rate_limiter.clear ();
1433 reset_rate_limiter.clear (); 1477 reset_rate_limiter.clear ();
1434} 1478}
1435 1479

Diff Legend

Removed lines
+ Added lines
< Changed lines
> Changed lines