ViewVC Help
View File | Revision Log | Show Annotations | Download File
/cvs/gvpe/src/protocol.C
Revision: 1.8
Committed: Mon Mar 17 15:20:18 2003 UTC (21 years, 2 months ago) by pcg
Content type: text/plain
Branch: MAIN
Changes since 1.7: +15 -39 lines
Log Message: 
*** empty log message ***

File Contents

# User Rev Content
1 pcg 1.1 /*
2     protocol.C -- handle the protocol, encryption, handshaking etc.
3    
4     This program is free software; you can redistribute it and/or modify
5     it under the terms of the GNU General Public License as published by
6     the Free Software Foundation; either version 2 of the License, or
7     (at your option) any later version.
8    
9     This program is distributed in the hope that it will be useful,
10     but WITHOUT ANY WARRANTY; without even the implied warranty of
11     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12     GNU General Public License for more details.
13    
14     You should have received a copy of the GNU General Public License
15     along with this program; if not, write to the Free Software
16     Foundation, Inc. 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
17     */
18    
19     #include "config.h"
20    
21     #include <cstdlib>
22     #include <cstring>
23     #include <cstdio>
24    
25     #include <sys/types.h>
26     #include <sys/socket.h>
27     #include <sys/poll.h>
28     #include <sys/wait.h>
29     #include <netinet/in.h>
30     #include <arpa/inet.h>
31     #include <errno.h>
32     #include <time.h>
33     #include <unistd.h>
34    
35     #include <openssl/rand.h>
36     #include <openssl/hmac.h>
37     #include <openssl/evp.h>
38     #include <openssl/rsa.h>
39     #include <openssl/err.h>
40    
41     extern "C" {
42     # include "lzf/lzf.h"
43     }
44    
45     #include "gettext.h"
46     #include "pidfile.h"
47    
48     #include "conf.h"
49     #include "slog.h"
50     #include "device.h"
51     #include "protocol.h"
52    
53     #if !HAVE_RAND_PSEUDO_BYTES
54     # define RAND_pseudo_bytes RAND_bytes
55     #endif
56    
57     static time_t next_timecheck;
58    
59     #define MAGIC "vped\xbd\xc6\xdb\x82" // 8 bytes of magic
60    
61     static const rsachallenge &
62     challenge_bytes ()
63     {
64     static rsachallenge challenge;
65     static time_t challenge_ttl; // time this challenge needs to be recreated
66    
67     if (now > challenge_ttl)
68     {
69     RAND_bytes ((unsigned char *)&challenge, sizeof (challenge));
70     challenge_ttl = now + CHALLENGE_TTL;
71     }
72    
73     return challenge;
74     }
75    
76     // run a script. yes, it's a template function. yes, c++
77     // is not a functional language. yes, this suxx.
78     template<class owner>
79     static void
80     run_script (owner *obj, const char *(owner::*setup)(), bool wait)
81     {
82     int pid;
83    
84     if ((pid = fork ()) == 0)
85     {
86     char *filename;
87     asprintf (&filename, "%s/%s", confbase, (obj->*setup) ());
88     execl (filename, filename, (char *) 0);
89     exit (255);
90     }
91     else if (pid > 0)
92     {
93     if (wait)
94     {
95     waitpid (pid, 0, 0);
96     /* TODO: check status */
97     }
98     }
99     }
100    
101     // xor the socket address into the challenge to ensure different challenges
102     // per host. we could rely on the OAEP padding, but this doesn't hurt.
103     void
104     xor_sa (rsachallenge &k, SOCKADDR *sa)
105     {
106     ((u32 *) k)[(CHG_CIPHER_KEY + 0) / 4] ^= sa->sin_addr.s_addr;
107     ((u16 *) k)[(CHG_CIPHER_KEY + 4) / 2] ^= sa->sin_port;
108     ((u32 *) k)[(CHG_HMAC_KEY + 0) / 4] ^= sa->sin_addr.s_addr;
109     ((u16 *) k)[(CHG_HMAC_KEY + 4) / 2] ^= sa->sin_port;
110     }
111    
112     struct crypto_ctx
113     {
114     EVP_CIPHER_CTX cctx;
115     HMAC_CTX hctx;
116    
117     crypto_ctx (rsachallenge &challenge, int enc);
118     ~crypto_ctx ();
119     };
120    
121     crypto_ctx::crypto_ctx (rsachallenge &challenge, int enc)
122     {
123     EVP_CIPHER_CTX_init (&cctx);
124     EVP_CipherInit_ex (&cctx, CIPHER, 0, &challenge[CHG_CIPHER_KEY], 0, enc);
125     HMAC_CTX_init (&hctx);
126     HMAC_Init_ex (&hctx, &challenge[CHG_HMAC_KEY], HMAC_KEYLEN, DIGEST, 0);
127     }
128    
129     crypto_ctx::~crypto_ctx ()
130     {
131     EVP_CIPHER_CTX_cleanup (&cctx);
132     HMAC_CTX_cleanup (&hctx);
133     }
134    
135     /////////////////////////////////////////////////////////////////////////////
136    
137     static void next_wakeup (time_t next)
138     {
139     if (next_timecheck > next)
140     next_timecheck = next;
141     }
142    
143     static unsigned char hmac_digest[EVP_MAX_MD_SIZE];
144    
145     struct hmac_packet:net_packet
146     {
147     u8 hmac[HMACLENGTH]; // each and every packet has a hmac field, but that is not (yet) checked everywhere
148    
149     void hmac_set (crypto_ctx * ctx);
150     bool hmac_chk (crypto_ctx * ctx);
151    
152     private:
153     void hmac_gen (crypto_ctx * ctx)
154     {
155     unsigned int xlen;
156     HMAC_CTX *hctx = &ctx->hctx;
157    
158     HMAC_Init_ex (hctx, 0, 0, 0, 0);
159     HMAC_Update (hctx, ((unsigned char *) this) + sizeof (hmac_packet),
160     len - sizeof (hmac_packet));
161     HMAC_Final (hctx, (unsigned char *) &hmac_digest, &xlen);
162     }
163     };
164    
165     void
166     hmac_packet::hmac_set (crypto_ctx * ctx)
167     {
168     hmac_gen (ctx);
169    
170     memcpy (hmac, hmac_digest, HMACLENGTH);
171     }
172    
173     bool
174     hmac_packet::hmac_chk (crypto_ctx * ctx)
175     {
176     hmac_gen (ctx);
177    
178     return !memcmp (hmac, hmac_digest, HMACLENGTH);
179     }
180    
181     struct vpn_packet : hmac_packet
182     {
183     enum ptype
184     {
185     PT_RESET = 0,
186     PT_DATA_UNCOMPRESSED,
187     PT_DATA_COMPRESSED,
188     PT_PING, PT_PONG, // wasting namespace space? ;)
189     PT_AUTH, // authentification
190     PT_CONNECT_REQ, // want other host to contact me
191     PT_CONNECT_INFO, // request connection to some node
192     PT_REKEY, // rekeying (not yet implemented)
193     PT_MAX
194     };
195    
196     u8 type;
197     u8 srcdst, src1, dst1;
198    
199     void set_hdr (ptype type, unsigned int dst);
200    
201     unsigned int src ()
202     {
203     return src1 | ((srcdst >> 4) << 8);
204     }
205     unsigned int dst ()
206     {
207     return dst1 | ((srcdst & 0xf) << 8);
208     }
209     ptype typ ()
210     {
211     return (ptype) type;
212     }
213     };
214    
215     void vpn_packet::set_hdr (ptype type, unsigned int dst)
216     {
217     this->type = type;
218    
219     int src = THISNODE->id;
220    
221     src1 = src;
222     srcdst = ((src >> 8) << 4) | (dst >> 8);
223     dst1 = dst;
224     }
225    
226     #define MAXVPNDATA (MAX_MTU - 6 - 6)
227     #define DATAHDR (sizeof (u32) + RAND_SIZE)
228    
229     struct vpndata_packet:vpn_packet
230     {
231     u8 data[MAXVPNDATA + DATAHDR]; // seqno
232    
233     void setup (connection *conn, int dst, u8 *d, u32 len, u32 seqno);
234     tap_packet *unpack (connection *conn, u32 &seqno);
235     private:
236    
237     const u32 data_hdr_size () const
238     {
239     return sizeof (vpndata_packet) - sizeof (net_packet) - MAXVPNDATA - DATAHDR;
240     }
241     };
242    
243     void
244     vpndata_packet::setup (connection *conn, int dst, u8 *d, u32 l, u32 seqno)
245     {
246     EVP_CIPHER_CTX *cctx = &conn->octx->cctx;
247     int outl = 0, outl2;
248     ptype type = PT_DATA_UNCOMPRESSED;
249    
250     #if ENABLE_COMPRESSION
251     u8 cdata[MAX_MTU];
252     u32 cl;
253    
254     cl = lzf_compress (d, l, cdata + 2, (l - 2) & ~7);
255     if (cl)
256     {
257     //printf ("compressed packet, %d => %d\n", l, cl);//D
258     type = PT_DATA_COMPRESSED;
259     d = cdata;
260     l = cl + 2;
261    
262     d[0] = cl >> 8;
263     d[1] = cl;
264     }
265     #endif
266    
267     EVP_EncryptInit_ex (cctx, 0, 0, 0, 0);
268    
269     #if RAND_SIZE
270     struct {
271     u8 rnd[RAND_SIZE];
272     u32 seqno;
273     } datahdr;
274    
275     datahdr.seqno = seqno;
276     RAND_pseudo_bytes ((unsigned char *) datahdr.rnd, RAND_SIZE);
277    
278     EVP_EncryptUpdate (cctx,
279     (unsigned char *) data + outl, &outl2,
280     (unsigned char *) &datahdr, DATAHDR);
281     outl += outl2;
282     #else
283     EVP_EncryptUpdate (cctx,
284     (unsigned char *) data + outl, &outl2,
285     (unsigned char *) &seqno, DATAHDR);
286     outl += outl2;
287     #endif
288    
289     EVP_EncryptUpdate (cctx,
290     (unsigned char *) data + outl, &outl2,
291     (unsigned char *) d, l);
292     outl += outl2;
293    
294     EVP_EncryptFinal_ex (cctx, (unsigned char *) data + outl, &outl2);
295     outl += outl2;
296    
297     len = outl + data_hdr_size ();
298    
299     set_hdr (type, dst);
300    
301     hmac_set (conn->octx);
302     }
303    
304     tap_packet *
305     vpndata_packet::unpack (connection *conn, u32 &seqno)
306     {
307     EVP_CIPHER_CTX *cctx = &conn->ictx->cctx;
308     int outl = 0, outl2;
309     tap_packet *p = new tap_packet;
310     u8 *d;
311     u32 l = len - data_hdr_size ();
312    
313     EVP_DecryptInit_ex (cctx, 0, 0, 0, 0);
314    
315     #if ENABLE_COMPRESSION
316     u8 cdata[MAX_MTU];
317    
318     if (type == PT_DATA_COMPRESSED)
319     d = cdata;
320     else
321     #endif
322     d = &(*p)[6 + 6 - DATAHDR];
323    
324     /* this overwrites part of the src mac, but we fix that later */
325     EVP_DecryptUpdate (cctx,
326     d, &outl2,
327     (unsigned char *)&data, len - data_hdr_size ());
328     outl += outl2;
329    
330     EVP_DecryptFinal_ex (cctx, (unsigned char *)d + outl, &outl2);
331     outl += outl2;
332    
333     seqno = *(u32 *)(d + RAND_SIZE);
334    
335 pcg 1.2 id2mac (dst () ? dst() : THISNODE->id, p->dst);
336     id2mac (src (), p->src);
337 pcg 1.1
338     #if ENABLE_COMPRESSION
339     if (type == PT_DATA_COMPRESSED)
340     {
341     u32 cl = (d[DATAHDR] << 8) | d[DATAHDR + 1];
342     p->len = lzf_decompress (d + DATAHDR + 2, cl, &(*p)[6 + 6], MAX_MTU) + 6 + 6;
343     //printf ("decompressxed %d(%d) => %d\n", cl, len - data_hdr_size (), p->len);//D
344     }
345     else
346     p->len = outl + (6 + 6 - DATAHDR);
347     #endif
348    
349     return p;
350     }
351    
352     struct ping_packet : vpn_packet
353     {
354     void setup (int dst, ptype type)
355     {
356     set_hdr (type, dst);
357     len = sizeof (*this) - sizeof (net_packet);
358     }
359     };
360    
361     struct config_packet : vpn_packet
362     {
363     // actually, hmaclen cannot be checked because the hmac
364     // field comes before this data, so peers with other
365     // hmacs simply will not work.
366     u8 prot_major, prot_minor, randsize, hmaclen;
367     u8 flags, challengelen, pad2, pad3;
368     u32 cipher_nid;
369     u32 digest_nid;
370    
371     const u8 curflags () const
372     {
373     return 0x80
374     | (ENABLE_COMPRESSION ? 0x01 : 0x00)
375     | (ENABLE_TRUST ? 0x02 : 0x00);
376     }
377    
378     void setup (ptype type, int dst)
379     {
380     prot_major = PROTOCOL_MAJOR;
381     prot_minor = PROTOCOL_MINOR;
382     randsize = RAND_SIZE;
383     hmaclen = HMACLENGTH;
384     flags = curflags ();
385     challengelen = sizeof (rsachallenge);
386    
387     cipher_nid = htonl (EVP_CIPHER_nid (CIPHER));
388     digest_nid = htonl (EVP_MD_type (DIGEST));
389    
390     len = sizeof (*this) - sizeof (net_packet);
391     set_hdr (type, dst);
392     }
393    
394     bool chk_config ()
395     {
396     return prot_major == PROTOCOL_MAJOR
397     && randsize == RAND_SIZE
398     && hmaclen == HMACLENGTH
399     && flags == curflags ()
400     && challengelen == sizeof (rsachallenge)
401     && cipher_nid == htonl (EVP_CIPHER_nid (CIPHER))
402     && digest_nid == htonl (EVP_MD_type (DIGEST));
403     }
404     };
405    
406     struct auth_packet : config_packet
407     {
408     char magic[8];
409     u8 subtype;
410     u8 pad1, pad2;
411     rsaencrdata challenge;
412    
413     auth_packet (int dst, auth_subtype stype)
414     {
415     config_packet::setup (PT_AUTH, dst);
416     subtype = stype;
417     len = sizeof (*this) - sizeof (net_packet);
418     strncpy (magic, MAGIC, 8);
419     }
420     };
421    
422     struct connect_req_packet : vpn_packet
423     {
424     u8 id;
425     u8 pad1, pad2, pad3;
426    
427     connect_req_packet (int dst, int id)
428     {
429     this->id = id;
430     set_hdr (PT_CONNECT_REQ, dst);
431     len = sizeof (*this) - sizeof (net_packet);
432     }
433     };
434    
435     struct connect_info_packet : vpn_packet
436     {
437     u8 id;
438     u8 pad1, pad2, pad3;
439     sockinfo si;
440    
441     connect_info_packet (int dst, int id, sockinfo &si)
442     {
443     this->id = id;
444     this->si = si;
445     set_hdr (PT_CONNECT_INFO, dst);
446     len = sizeof (*this) - sizeof (net_packet);
447     }
448     };
449    
450     /////////////////////////////////////////////////////////////////////////////
451    
452     void
453     fill_sa (SOCKADDR *sa, conf_node *conf)
454     {
455     sa->sin_family = AF_INET;
456     sa->sin_port = htons (conf->port);
457     sa->sin_addr.s_addr = 0;
458    
459     if (conf->hostname)
460     {
461     struct hostent *he = gethostbyname (conf->hostname);
462    
463     if (he
464     && he->h_addrtype == AF_INET && he->h_length == 4 && he->h_addr_list[0])
465     {
466     //sa->sin_family = he->h_addrtype;
467     memcpy (&sa->sin_addr, he->h_addr_list[0], 4);
468     }
469     else
470     slog (L_NOTICE, _("unable to resolve host '%s'"), conf->hostname);
471     }
472     }
473    
474     void
475     connection::reset_dstaddr ()
476     {
477     fill_sa (&sa, conf);
478     }
479    
480     void
481     connection::send_ping (SOCKADDR *dsa, u8 pong)
482     {
483     ping_packet *pkt = new ping_packet;
484    
485     pkt->setup (conf->id, pong ? ping_packet::PT_PONG : ping_packet::PT_PING);
486 pcg 1.6 vpn->send_vpn_packet (pkt, dsa, IPTOS_LOWDELAY);
487 pcg 1.1
488     delete pkt;
489     }
490    
491     void
492     connection::send_reset (SOCKADDR *dsa)
493     {
494     static net_rate_limiter limiter(1);
495    
496     if (limiter.can (dsa))
497     {
498     config_packet *pkt = new config_packet;
499    
500     pkt->setup (vpn_packet::PT_RESET, conf->id);
501 pcg 1.6 vpn->send_vpn_packet (pkt, dsa, IPTOS_MINCOST);
502 pcg 1.1
503     delete pkt;
504     }
505     }
506    
507     static rsachallenge *
508     gen_challenge (SOCKADDR *sa)
509     {
510     static rsachallenge k;
511    
512     memcpy (&k, &challenge_bytes (), sizeof (k));
513     RAND_bytes ((unsigned char *)&k[CHG_SEQNO], sizeof (u32));
514     xor_sa (k, sa);
515    
516     return &k;
517     }
518    
519     void
520     connection::send_auth (auth_subtype subtype, SOCKADDR *sa, rsachallenge *k)
521     {
522     static net_rate_limiter limiter(2);
523    
524     if (subtype != AUTH_INIT || limiter.can (sa))
525     {
526     auth_packet *pkt = new auth_packet (conf->id, subtype);
527    
528     //printf ("send auth_packet subtype %d\n", subtype);//D
529    
530     if (!k)
531     k = gen_challenge (sa);
532    
533     #if ENABLE_TRUST
534     if (0 > RSA_public_encrypt (sizeof (*k),
535     (unsigned char *)k, (unsigned char *)&pkt->challenge,
536     conf->rsa_key, RSA_PKCS1_OAEP_PADDING))
537     fatal ("RSA_public_encrypt error");
538     #else
539     # error untrusted mode not yet implemented: programemr does not know how to
540     rsaencrdata enc;
541    
542     if (0 > RSA_private_encrypt (sizeof (*k),
543     (unsigned char *)k, (unsigned char *)&enc,
544     ::conf.rsa_key, RSA_PKCS1_OAEP_PADDING))
545     fatal ("RSA_private_encrypt error");
546    
547     if (0 > RSA_public_encrypt (sizeof (enc),
548     (unsigned char *)enc, (unsigned char *)&pkt->challenge,
549     conf->rsa_key, RSA_NO_PADDING))
550     fatal ("RSA_public_encrypt error");
551     #endif
552    
553     slog (L_TRACE, ">>%d PT_AUTH(%d) [%s]", conf->id, subtype, (const char *)sockinfo (sa));
554    
555 pcg 1.6 vpn->send_vpn_packet (pkt, sa, IPTOS_RELIABILITY);
556 pcg 1.1
557     delete pkt;
558     }
559     }
560    
561     void
562     connection::establish_connection ()
563     {
564 pcg 1.5 if (!ictx && conf != THISNODE && connectmode != conf_node::C_NEVER)
565 pcg 1.1 {
566     if (now >= next_retry)
567     {
568     int retry_int = retry_cnt & 3 ? (retry_cnt & 3) : 1 << (retry_cnt >> 2);
569    
570     if (retry_cnt < (17 << 2) | 3)
571     retry_cnt++;
572    
573 pcg 1.5 if (connectmode == conf_node::C_ONDEMAND
574 pcg 1.1 && retry_int > ::conf.keepalive)
575     retry_int = ::conf.keepalive;
576    
577     next_retry = now + retry_int;
578     next_wakeup (next_retry);
579    
580     if (conf->hostname)
581     {
582     reset_dstaddr ();
583     if (sa.sin_addr.s_addr)
584     if (retry_cnt < 4)
585     send_auth (AUTH_INIT, &sa);
586     else
587     send_ping (&sa, 0);
588     }
589     else
590     vpn->connect_request (conf->id);
591     }
592     }
593     }
594    
595     void
596     connection::reset_connection ()
597     {
598     if (ictx && octx)
599     {
600     slog (L_INFO, _("connection to %d (%s) lost"), conf->id, conf->nodename);
601    
602     if (::conf.script_node_down)
603     run_script (this, &connection::script_node_down, false);
604     }
605    
606     delete ictx;
607     ictx = 0;
608    
609     delete octx;
610     octx = 0;
611    
612     sa.sin_port = 0;
613     sa.sin_addr.s_addr = 0;
614    
615     next_retry = 0;
616     next_rekey = 0;
617     last_activity = 0;
618     }
619    
620     void
621     connection::shutdown ()
622     {
623     if (ictx && octx)
624     send_reset (&sa);
625    
626     reset_connection ();
627     }
628    
629     void
630     connection::rekey ()
631     {
632     reset_connection ();
633     establish_connection ();
634     }
635    
636     void
637     connection::send_data_packet (tap_packet * pkt, bool broadcast)
638     {
639     vpndata_packet *p = new vpndata_packet;
640 pcg 1.6 int tos = 0;
641    
642     if (conf->inherit_tos
643     && (*pkt)[12] == 0x08 && (*pkt)[13] == 0x00 // IP
644     && ((*pkt)[14] & 0xf0) == 0x40) // IPv4
645     tos = (*pkt)[15] & IPTOS_TOS_MASK;
646 pcg 1.1
647     p->setup (this, broadcast ? 0 : conf->id, &((*pkt)[6 + 6]), pkt->len - 6 - 6, ++oseqno); // skip 2 macs
648 pcg 1.6 vpn->send_vpn_packet (p, &sa, tos);
649 pcg 1.1
650     delete p;
651    
652     if (oseqno > MAX_SEQNO)
653     rekey ();
654     }
655    
656     void
657     connection::inject_data_packet (tap_packet *pkt, bool broadcast)
658     {
659     if (ictx && octx)
660     send_data_packet (pkt, broadcast);
661     else
662     {
663     if (!broadcast)//DDDD
664     queue.put (new tap_packet (*pkt));
665    
666     establish_connection ();
667     }
668     }
669    
670     void
671     connection::recv_vpn_packet (vpn_packet *pkt, SOCKADDR *ssa)
672     {
673     last_activity = now;
674    
675     slog (L_NOISE, "<<%d received packet type %d from %d to %d",
676     conf->id, pkt->typ (), pkt->src (), pkt->dst ());
677    
678     switch (pkt->typ ())
679     {
680     case vpn_packet::PT_PING:
681     send_ping (ssa, 1); // pong
682     break;
683    
684     case vpn_packet::PT_PONG:
685     // we send pings instead of auth packets after some retries,
686     // so reset the retry counter and establish a conenction
687     // when we receive a pong.
688     if (!ictx && !octx)
689     {
690     retry_cnt = 0;
691     next_retry = 0;
692     establish_connection ();
693     }
694    
695     break;
696    
697     case vpn_packet::PT_RESET:
698     {
699     reset_connection ();
700    
701     config_packet *p = (config_packet *) pkt;
702     if (p->chk_config ())
703 pcg 1.5 if (connectmode == conf_node::C_ALWAYS)
704 pcg 1.1 establish_connection ();
705    
706     //D slog the protocol mismatch?
707     }
708     break;
709    
710     case vpn_packet::PT_AUTH:
711     {
712     auth_packet *p = (auth_packet *) pkt;
713    
714     slog (L_TRACE, "<<%d PT_AUTH(%d)", conf->id, p->subtype);
715    
716     if (p->chk_config ()
717     && !strncmp (p->magic, MAGIC, 8))
718     {
719     if (p->prot_minor != PROTOCOL_MINOR)
720     slog (L_INFO, _("protocol minor version mismatch: ours is %d, %s's is %d."),
721     PROTOCOL_MINOR, conf->nodename, p->prot_minor);
722    
723     if (p->subtype == AUTH_INIT)
724     send_auth (AUTH_INITREPLY, ssa);
725    
726     rsachallenge k;
727    
728     #if ENABLE_TRUST
729     if (0 > RSA_private_decrypt (sizeof (rsaencrdata),
730     (unsigned char *)&p->challenge, (unsigned char *)&k,
731     ::conf.rsa_key, RSA_PKCS1_OAEP_PADDING))
732     // continued below
733     #else
734     rsaencrdata j;
735    
736     if (0 > RSA_private_decrypt (sizeof (rsaencrdata),
737     (unsigned char *)&p->challenge, (unsigned char *)&j,
738     ::conf.rsa_key, RSA_NO_PADDING))
739     fatal ("RSA_private_decrypt error");
740    
741     if (0 > RSA_public_decrypt (sizeof (k),
742     (unsigned char *)&j, (unsigned char *)&k,
743     conf->rsa_key, RSA_PKCS1_OAEP_PADDING))
744     // continued below
745     #endif
746     {
747     slog (L_ERR, _("challenge from %s (%s) illegal or corrupted"),
748     conf->nodename, (const char *)sockinfo (ssa));
749     break;
750     }
751    
752     retry_cnt = 0;
753     next_retry = now + 8;
754    
755     switch (p->subtype)
756     {
757     case AUTH_INIT:
758     case AUTH_INITREPLY:
759     delete ictx;
760     ictx = 0;
761    
762     delete octx;
763    
764     octx = new crypto_ctx (k, 1);
765     oseqno = *(u32 *)&k[CHG_SEQNO] & 0x7fffffff;
766    
767     send_auth (AUTH_REPLY, ssa, &k);
768     break;
769    
770     case AUTH_REPLY:
771    
772     if (!memcmp ((u8 *)gen_challenge (ssa) + sizeof (u32), (u8 *)&k + sizeof (u32),
773     sizeof (rsachallenge) - sizeof (u32)))
774     {
775     delete ictx;
776    
777 pcg 1.8 ictx = new crypto_ctx (k, 0);
778     iseqno.reset (*(u32 *)&k[CHG_SEQNO] & 0x7fffffff); // at least 2**31 sequence numbers are valid
779 pcg 1.1
780     sa = *ssa;
781    
782     next_rekey = now + ::conf.rekey;
783     next_wakeup (next_rekey);
784    
785     // send queued packets
786     while (tap_packet *p = queue.get ())
787     {
788     send_data_packet (p);
789     delete p;
790     }
791    
792 pcg 1.5 connectmode = conf->connectmode;
793    
794 pcg 1.1 slog (L_INFO, _("connection to %d (%s %s) established"),
795     conf->id, conf->nodename, (const char *)sockinfo (ssa));
796    
797     if (::conf.script_node_up)
798     run_script (this, &connection::script_node_up, false);
799     }
800     else
801     slog (L_ERR, _("sent and received challenge do not match with (%s %s))"),
802     conf->nodename, (const char *)sockinfo (ssa));
803    
804     break;
805     default:
806     slog (L_ERR, _("authentification illegal subtype error (%s %s)"),
807     conf->nodename, (const char *)sockinfo (ssa));
808     break;
809     }
810     }
811     else
812     send_reset (ssa);
813    
814     break;
815     }
816    
817     case vpn_packet::PT_DATA_COMPRESSED:
818     #if !ENABLE_COMPRESSION
819     send_reset (ssa);
820     break;
821     #endif
822     case vpn_packet::PT_DATA_UNCOMPRESSED:
823    
824     if (ictx && octx)
825     {
826     vpndata_packet *p = (vpndata_packet *)pkt;
827    
828     if (*ssa == sa)
829     {
830     if (!p->hmac_chk (ictx))
831     slog (L_ERR, _("hmac authentication error, received invalid packet\n"
832     "could be an attack, or just corruption or an synchronization error"));
833     else
834     {
835     u32 seqno;
836     tap_packet *d = p->unpack (this, seqno);
837    
838 pcg 1.8 if (iseqno.recv_ok (seqno))
839 pcg 1.1 {
840 pcg 1.8 vpn->tap->send (d);
841 pcg 1.1
842 pcg 1.8 if (p->dst () == 0) // re-broadcast
843     for (vpn::conns_vector::iterator i = vpn->conns.begin (); i != vpn->conns.end (); ++i)
844     {
845     connection *c = *i;
846 pcg 1.1
847 pcg 1.8 if (c->conf != THISNODE && c->conf != conf)
848     c->inject_data_packet (d);
849     }
850    
851     delete d;
852    
853     break;
854 pcg 1.1 }
855     }
856     }
857     else
858     slog (L_ERR, _("received data packet from unknown source %s"), (const char *)sockinfo (ssa));//D
859     }
860    
861     send_reset (ssa);
862     break;
863    
864     case vpn_packet::PT_CONNECT_REQ:
865     if (ictx && octx && *ssa == sa && pkt->hmac_chk (ictx))
866     {
867     connect_req_packet *p = (connect_req_packet *) pkt;
868    
869     assert (p->id > 0 && p->id <= vpn->conns.size ()); // hmac-auth does not mean we accept anything
870    
871     connection *c = vpn->conns[p->id - 1];
872    
873     slog (L_TRACE, "<<%d PT_CONNECT_REQ(%d) [%d]\n",
874     conf->id, p->id, c->ictx && c->octx);
875    
876     if (c->ictx && c->octx)
877     {
878 pcg 1.4 // send connect_info packets to both sides, in case one is
879     // behind a nat firewall (or both ;)
880     {
881     sockinfo si(sa);
882    
883     slog (L_TRACE, ">>%d PT_CONNECT_INFO(%d,%s)\n",
884     c->conf->id, conf->id, (const char *)si);
885 pcg 1.1
886 pcg 1.4 connect_info_packet *r = new connect_info_packet (c->conf->id, conf->id, si);
887 pcg 1.1
888 pcg 1.4 r->hmac_set (c->octx);
889     vpn->send_vpn_packet (r, &c->sa);
890 pcg 1.1
891 pcg 1.4 delete r;
892     }
893    
894     {
895     sockinfo si(c->sa);
896    
897     slog (L_TRACE, ">>%d PT_CONNECT_INFO(%d,%s)\n",
898     conf->id, c->conf->id, (const char *)si);
899    
900     connect_info_packet *r = new connect_info_packet (conf->id, c->conf->id, si);
901    
902     r->hmac_set (octx);
903     vpn->send_vpn_packet (r, &sa);
904    
905     delete r;
906     }
907 pcg 1.1 }
908     }
909    
910     break;
911    
912     case vpn_packet::PT_CONNECT_INFO:
913     if (ictx && octx && *ssa == sa && pkt->hmac_chk (ictx))
914     {
915     connect_info_packet *p = (connect_info_packet *) pkt;
916    
917     assert (p->id > 0 && p->id <= vpn->conns.size ()); // hmac-auth does not mean we accept anything
918    
919     connection *c = vpn->conns[p->id - 1];
920    
921     slog (L_TRACE, "<<%d PT_CONNECT_INFO(%d,%s) (%d)",
922     conf->id, p->id, (const char *)p->si, !c->ictx && !c->octx);
923    
924     c->send_auth (AUTH_INIT, p->si.sa ());
925     }
926     break;
927    
928     default:
929     send_reset (ssa);
930     break;
931     }
932     }
933    
934     void connection::timer ()
935     {
936     if (conf != THISNODE)
937     {
938 pcg 1.5 if (now >= next_retry && connectmode == conf_node::C_ALWAYS)
939 pcg 1.1 establish_connection ();
940    
941     if (ictx && octx)
942     {
943     if (now >= next_rekey)
944     rekey ();
945     else if (now >= last_activity + ::conf.keepalive + 30)
946     {
947     reset_connection ();
948     establish_connection ();
949     }
950     else if (now >= last_activity + ::conf.keepalive)
951     if (conf->connectmode != conf_node::C_ONDEMAND
952     || THISNODE->connectmode != conf_node::C_ONDEMAND)
953     send_ping (&sa);
954     else
955     reset_connection ();
956    
957     }
958     }
959     }
960    
961     void connection::connect_request (int id)
962     {
963     connect_req_packet *p = new connect_req_packet (conf->id, id);
964    
965     slog (L_TRACE, ">>%d PT_CONNECT_REQ(%d)", id, conf->id);
966     p->hmac_set (octx);
967     vpn->send_vpn_packet (p, &sa);
968    
969     delete p;
970     }
971    
972     void connection::script_node ()
973     {
974     vpn->script_if_up ();
975    
976     char *env;
977     asprintf (&env, "DESTID=%d", conf->id);
978     putenv (env);
979     asprintf (&env, "DESTNODE=%s", conf->nodename);
980     putenv (env);
981     asprintf (&env, "DESTIP=%s", inet_ntoa (sa.sin_addr));
982     putenv (env);
983     asprintf (&env, "DESTPORT=%d", ntohs (sa.sin_port));
984     putenv (env);
985     }
986    
987     const char *connection::script_node_up ()
988     {
989     script_node ();
990    
991     putenv ("STATE=up");
992    
993     return ::conf.script_node_up ? ::conf.script_node_up : "node-up";
994     }
995    
996     const char *connection::script_node_down ()
997     {
998     script_node ();
999    
1000     putenv ("STATE=down");
1001    
1002     return ::conf.script_node_up ? ::conf.script_node_down : "node-down";
1003     }
1004    
1005     /////////////////////////////////////////////////////////////////////////////
1006    
1007     vpn::vpn (void)
1008     {}
1009    
1010     const char *vpn::script_if_up ()
1011     {
1012     // the tunnel device mtu should be the physical mtu - overhead
1013     // the tricky part is rounding to the cipher key blocksize
1014     int mtu = conf.mtu - ETH_OVERHEAD - VPE_OVERHEAD - UDP_OVERHEAD;
1015     mtu += ETH_OVERHEAD - 6 - 6; // now we have the data portion
1016     mtu -= mtu % EVP_CIPHER_block_size (CIPHER); // round
1017     mtu -= ETH_OVERHEAD - 6 - 6; // and get interface mtu again
1018    
1019     char *env;
1020     asprintf (&env, "CONFBASE=%s", confbase);
1021     putenv (env);
1022     asprintf (&env, "NODENAME=%s", THISNODE->nodename);
1023     putenv (env);
1024     asprintf (&env, "NODEID=%d", THISNODE->id);
1025     putenv (env);
1026     asprintf (&env, "IFNAME=%s", tap->interface ());
1027     putenv (env);
1028     asprintf (&env, "MTU=%d", mtu);
1029     putenv (env);
1030     asprintf (&env, "MAC=%02x:%02x:%02x:%02x:%02x:%02x",
1031     0xfe, 0xfd, 0x80, 0x00, THISNODE->id >> 8,
1032     THISNODE->id & 0xff);
1033     putenv (env);
1034    
1035     return ::conf.script_if_up ? ::conf.script_if_up : "if-up";
1036     }
1037    
1038     int
1039     vpn::setup (void)
1040     {
1041     struct sockaddr_in sa;
1042    
1043     socket_fd = socket (PF_INET, SOCK_DGRAM, IPPROTO_UDP);
1044     if (socket_fd < 0)
1045     return -1;
1046    
1047     fill_sa (&sa, THISNODE);
1048    
1049     if (bind (socket_fd, (sockaddr *)&sa, sizeof (sa)))
1050     {
1051     slog (L_ERR, _("can't bind to %s: %s"), (const char *)sockinfo(sa), strerror (errno));
1052     exit (1);
1053     }
1054    
1055     #ifdef IP_MTU_DISCOVER
1056     // this I really consider a linux bug. I am neither connected
1057     // nor do I fragment myself. Linux still sets DF and doesn't
1058     // fragment for me sometimes.
1059     {
1060     int oval = IP_PMTUDISC_DONT;
1061     setsockopt (socket_fd, SOL_IP, IP_MTU_DISCOVER, &oval, sizeof oval);
1062     }
1063     #endif
1064     {
1065     int oval = 1;
1066     setsockopt (socket_fd, SOL_SOCKET, SO_REUSEADDR, &oval, sizeof oval);
1067     }
1068    
1069     tap = new tap_device ();
1070     if (!tap) //D this, of course, never catches
1071     {
1072     slog (L_ERR, _("cannot create network interface '%s'"), conf.ifname);
1073     exit (1);
1074     }
1075    
1076     run_script (this, &vpn::script_if_up, true);
1077    
1078     return 0;
1079     }
1080    
1081     void
1082 pcg 1.6 vpn::send_vpn_packet (vpn_packet *pkt, SOCKADDR *sa, int tos)
1083 pcg 1.1 {
1084 pcg 1.6 setsockopt (socket_fd, SOL_IP, IP_TOS, &tos, sizeof tos);
1085 pcg 1.1 sendto (socket_fd, &((*pkt)[0]), pkt->len, 0, (sockaddr *)sa, sizeof (*sa));
1086     }
1087    
1088     void
1089     vpn::shutdown_all ()
1090     {
1091     for (conns_vector::iterator c = conns.begin (); c != conns.end (); ++c)
1092     (*c)->shutdown ();
1093     }
1094    
1095     void
1096     vpn::reconnect_all ()
1097     {
1098     for (conns_vector::iterator c = conns.begin (); c != conns.end (); ++c)
1099     delete *c;
1100    
1101     conns.clear ();
1102    
1103     for (configuration::node_vector::iterator i = conf.nodes.begin ();
1104     i != conf.nodes.end (); ++i)
1105     {
1106     connection *conn = new connection (this);
1107    
1108     conn->conf = *i;
1109     conns.push_back (conn);
1110    
1111 pcg 1.5 conn->establish_connection ();
1112 pcg 1.1 }
1113     }
1114    
1115     connection *vpn::find_router ()
1116     {
1117     u32 prio = 0;
1118     connection *router = 0;
1119    
1120     for (conns_vector::iterator i = conns.begin (); i != conns.end (); ++i)
1121     {
1122     connection *c = *i;
1123    
1124     if (c->conf->routerprio > prio
1125 pcg 1.5 && c->connectmode == conf_node::C_ALWAYS
1126 pcg 1.1 && c->conf != THISNODE
1127     && c->ictx && c->octx)
1128     {
1129     prio = c->conf->routerprio;
1130     router = c;
1131     }
1132     }
1133    
1134     return router;
1135     }
1136    
1137     void vpn::connect_request (int id)
1138     {
1139     connection *c = find_router ();
1140    
1141     if (c)
1142     c->connect_request (id);
1143 pcg 1.3 //else // does not work, because all others must connect to the same router
1144     // // no router found, aggressively connect to all routers
1145     // for (conns_vector::iterator i = conns.begin (); i != conns.end (); ++i)
1146     // if ((*i)->conf->routerprio)
1147     // (*i)->establish_connection ();
1148 pcg 1.1 }
1149    
1150     void
1151     vpn::main_loop ()
1152     {
1153     struct pollfd pollfd[2];
1154    
1155     pollfd[0].fd = tap->fd;
1156     pollfd[0].events = POLLIN;
1157     pollfd[1].fd = socket_fd;
1158     pollfd[1].events = POLLIN;
1159    
1160     events = 0;
1161     now = time (0);
1162     next_timecheck = now + 1;
1163    
1164     reconnect_all ();
1165    
1166     for (;;)
1167     {
1168     int npoll = poll (pollfd, 2, (next_timecheck - now) * 1000);
1169    
1170     now = time (0);
1171    
1172     if (npoll > 0)
1173     {
1174     if (pollfd[1].revents)
1175     {
1176     if (pollfd[1].revents & (POLLIN | POLLERR))
1177     {
1178     vpn_packet *pkt = new vpn_packet;
1179     struct sockaddr_in sa;
1180     socklen_t sa_len = sizeof (sa);
1181     int len;
1182    
1183     len = recvfrom (socket_fd, &((*pkt)[0]), MAXSIZE, 0, (sockaddr *)&sa, &sa_len);
1184    
1185     if (len > 0)
1186     {
1187     pkt->len = len;
1188    
1189     unsigned int src = pkt->src ();
1190     unsigned int dst = pkt->dst ();
1191    
1192     slog (L_NOISE, _("<<?/%s received possible vpn packet type %d from %d to %d, length %d"),
1193     (const char *)sockinfo (sa), pkt->typ (), pkt->src (), pkt->dst (), pkt->len);
1194    
1195     if (dst > conns.size () || pkt->typ () >= vpn_packet::PT_MAX)
1196     slog (L_WARN, _("<<? received CORRUPTED packet type %d from %d to %d"),
1197     pkt->typ (), pkt->src (), pkt->dst ());
1198     else if (dst == 0 && !THISNODE->routerprio)
1199     slog (L_WARN, _("<<%d received broadcast, but we are no router"), dst);
1200     else if (dst != 0 && dst != THISNODE->id)
1201     slog (L_WARN,
1202     _("received frame for node %d ('%s') from %s, but this is node %d ('%s')"),
1203     dst, conns[dst - 1]->conf->nodename,
1204     (const char *)sockinfo (sa),
1205     THISNODE->id, THISNODE->nodename);
1206     else if (src == 0 || src > conns.size ())
1207     slog (L_WARN, _("received frame from unknown node %d (%s)"), src, (const char *)sockinfo (sa));
1208     else
1209     conns[src - 1]->recv_vpn_packet (pkt, &sa);
1210     }
1211     else
1212     {
1213     // probably ECONNRESET or somesuch
1214     slog (L_DEBUG, _("%s: %s"), (const char *)sockinfo(sa), strerror (errno));
1215     }
1216    
1217     delete pkt;
1218     }
1219     else if (pollfd[1].revents & POLLHUP)
1220     {
1221     // this cannot ;) happen on udp sockets
1222     slog (L_ERR, _("FATAL: POLLHUP on socket fd, terminating."));
1223     exit (1);
1224     }
1225     else
1226     {
1227     slog (L_ERR,
1228     _("FATAL: unknown revents %08x in socket, terminating\n"),
1229     pollfd[1].revents);
1230     exit (1);
1231     }
1232     }
1233    
1234     // I use else here to give vpn_packets absolute priority
1235     else if (pollfd[0].revents)
1236     {
1237     if (pollfd[0].revents & POLLIN)
1238     {
1239     /* process data */
1240     tap_packet *pkt;
1241    
1242     pkt = tap->recv ();
1243    
1244     int dst = mac2id (pkt->dst);
1245     int src = mac2id (pkt->src);
1246    
1247     if (src != THISNODE->id)
1248     {
1249     slog (L_ERR, _("FATAL: tap packet not originating on current node received, terminating."));
1250     exit (1);
1251     }
1252    
1253     if (dst == THISNODE->id)
1254     {
1255     slog (L_ERR, _("FATAL: tap packet destined for current node received, terminating."));
1256     exit (1);
1257     }
1258    
1259     if (dst > conns.size ())
1260     slog (L_ERR, _("tap packet for unknown node %d received, ignoring."), dst);
1261     else
1262     {
1263     if (dst)
1264     {
1265     // unicast
1266     if (dst != THISNODE->id)
1267     conns[dst - 1]->inject_data_packet (pkt);
1268     }
1269     else
1270     {
1271     // broadcast, first check router, then self, then english
1272     connection *router = find_router ();
1273    
1274     if (router)
1275     router->inject_data_packet (pkt, true);
1276     else
1277     for (conns_vector::iterator c = conns.begin (); c != conns.end (); ++c)
1278     if ((*c)->conf != THISNODE)
1279     (*c)->inject_data_packet (pkt);
1280     }
1281     }
1282    
1283     delete pkt;
1284     }
1285     else if (pollfd[0].revents & (POLLHUP | POLLERR))
1286     {
1287     slog (L_ERR, _("FATAL: POLLHUP or POLLERR on network device fd, terminating."));
1288     exit (1);
1289     }
1290     else
1291     abort ();
1292     }
1293     }
1294    
1295     if (events)
1296     {
1297     if (events & EVENT_SHUTDOWN)
1298     {
1299     shutdown_all ();
1300    
1301     remove_pid (pidfilename);
1302    
1303     slog (L_INFO, _("vped terminating"));
1304    
1305     exit (0);
1306     }
1307    
1308     if (events & EVENT_RECONNECT)
1309     reconnect_all ();
1310    
1311     events = 0;
1312     }
1313    
1314     // very very very dumb and crude and inefficient timer handling, or maybe not?
1315     if (now >= next_timecheck)
1316     {
1317     next_timecheck = now + TIMER_GRANULARITY;
1318    
1319     for (conns_vector::iterator c = conns.begin ();
1320     c != conns.end (); ++c)
1321     (*c)->timer ();
1322     }
1323     }
1324     }
1325    
1326     vpn::~vpn ()
1327     {}
1328