ViewVC Help
View File | Revision Log | Show Annotations | Download File
/cvs/gvpe/src/protocol.C
(Generate patch)

Comparing gvpe/src/protocol.C (file contents):
Revision 1.11 by pcg, Sat Mar 22 21:35:07 2003 UTC vs.
Revision 1.18 by pcg, Wed Mar 26 02:15:38 2003 UTC

58 58
59static time_t next_timecheck; 59static time_t next_timecheck;
60 60
61#define MAGIC "vped\xbd\xc6\xdb\x82" // 8 bytes of magic 61#define MAGIC "vped\xbd\xc6\xdb\x82" // 8 bytes of magic
62 62
63static const rsachallenge & 63struct crypto_ctx
64challenge_bytes ()
65{
66 static rsachallenge challenge;
67 static double challenge_ttl; // time this challenge needs to be recreated
68
69 if (NOW > challenge_ttl)
70 { 64 {
71 RAND_bytes ((unsigned char *)&challenge, sizeof (challenge)); 65 EVP_CIPHER_CTX cctx;
72 challenge_ttl = NOW + CHALLENGE_TTL; 66 HMAC_CTX hctx;
73 }
74 67
75 return challenge; 68 crypto_ctx (const rsachallenge &challenge, int enc);
76} 69 ~crypto_ctx ();
70 };
77 71
78// caching of rsa operations really helps slow computers 72crypto_ctx::crypto_ctx (const rsachallenge &challenge, int enc)
73{
74 EVP_CIPHER_CTX_init (&cctx);
75 EVP_CipherInit_ex (&cctx, CIPHER, 0, &challenge[CHG_CIPHER_KEY], 0, enc);
76 HMAC_CTX_init (&hctx);
77 HMAC_Init_ex (&hctx, &challenge[CHG_HMAC_KEY], HMAC_KEYLEN, DIGEST, 0);
78}
79
80crypto_ctx::~crypto_ctx ()
81{
82 EVP_CIPHER_CTX_cleanup (&cctx);
83 HMAC_CTX_cleanup (&hctx);
84}
85
86static void
87rsa_hash (const rsachallenge &chg, rsaresponse &h)
88{
89 EVP_MD_CTX ctx;
90
91 EVP_MD_CTX_init (&ctx);
92 EVP_DigestInit (&ctx, RSA_HASH);
93 EVP_DigestUpdate(&ctx, &chg, sizeof chg);
94 EVP_DigestFinal (&ctx, (unsigned char *)&h, 0);
95 EVP_MD_CTX_cleanup (&ctx);
96}
97
79struct rsa_entry { 98struct rsa_entry {
80 tstamp expire; 99 tstamp expire;
100 rsaid id;
81 rsachallenge chg; 101 rsachallenge chg;
82 RSA *key; // which key
83 rsaencrdata encr;
84
85 rsa_entry ()
86 {
87 expire = NOW + CHALLENGE_TTL;
88 }
89}; 102};
90 103
91struct rsa_cache : list<rsa_entry> 104struct rsa_cache : list<rsa_entry>
92{ 105{
93 void cleaner_cb (tstamp &ts); time_watcher cleaner; 106 void cleaner_cb (tstamp &ts); time_watcher cleaner;
94 107
95 const rsaencrdata *public_encrypt (RSA *key, const rsachallenge &chg) 108 bool find (const rsaid &id, rsachallenge &chg)
96 { 109 {
97 for (iterator i = begin (); i != end (); ++i) 110 for (iterator i = begin (); i != end (); ++i)
98 { 111 {
99 if (i->key == key && !memcmp (&chg, &i->chg, sizeof chg)) 112 if (!memcmp (&id, &i->id, sizeof id) && i->expire > NOW)
100 return &i->encr; 113 {
114 memcpy (&chg, &i->chg, sizeof chg);
115
116 erase (i);
117 return true;
118 }
101 } 119 }
102 120
103 if (cleaner.at < NOW) 121 if (cleaner.at < NOW)
104 cleaner.start (NOW + CHALLENGE_TTL); 122 cleaner.start (NOW + RSA_TTL);
105 123
106 resize (size () + 1); 124 return false;
107 rsa_entry *e = &(*rbegin ()); 125 }
108 126
109 e->key = key; 127 void gen (rsaid &id, rsachallenge &chg)
128 {
129 rsa_entry e;
130
131 RAND_bytes ((unsigned char *)&id, sizeof id);
132 RAND_bytes ((unsigned char *)&chg, sizeof chg);
133
134 e.expire = NOW + RSA_TTL;
135 e.id = id;
110 memcpy (&e->chg, &chg, sizeof chg); 136 memcpy (&e.chg, &chg, sizeof chg);
111 137
112 if (0 > RSA_public_encrypt (sizeof chg, 138 push_back (e);
113 (unsigned char *)&chg, (unsigned char *)&e->encr,
114 key, RSA_PKCS1_OAEP_PADDING))
115 fatal ("RSA_public_encrypt error");
116
117 return &e->encr;
118 }
119
120 const rsachallenge *private_decrypt (RSA *key, const rsaencrdata &encr)
121 {
122 for (iterator i = begin (); i != end (); ++i)
123 if (i->key == key && !memcmp (&encr, &i->encr, sizeof encr))
124 return &i->chg;
125 139
126 if (cleaner.at < NOW) 140 if (cleaner.at < NOW)
127 cleaner.start (NOW + CHALLENGE_TTL); 141 cleaner.start (NOW + RSA_TTL);
128
129 resize (size () + 1);
130 rsa_entry *e = &(*rbegin ());
131
132 e->key = key;
133 memcpy (&e->encr, &encr, sizeof encr);
134
135 if (0 > RSA_private_decrypt (sizeof encr,
136 (unsigned char *)&encr, (unsigned char *)&e->chg,
137 key, RSA_PKCS1_OAEP_PADDING))
138 {
139 pop_back ();
140 return 0;
141 }
142
143 return &e->chg;
144 } 142 }
145 143
146 rsa_cache () 144 rsa_cache ()
147 : cleaner (this, &rsa_cache::cleaner_cb) 145 : cleaner (this, &rsa_cache::cleaner_cb)
148 { } 146 { }
153{ 151{
154 if (empty ()) 152 if (empty ())
155 ts = TSTAMP_CANCEL; 153 ts = TSTAMP_CANCEL;
156 else 154 else
157 { 155 {
158 ts = NOW + 3; 156 ts = NOW + RSA_TTL;
157
159 for (iterator i = begin (); i != end (); ) 158 for (iterator i = begin (); i != end (); )
160 {
161 if (i->expire >= NOW) 159 if (i->expire <= NOW)
162 i = erase (i); 160 i = erase (i);
163 else 161 else
164 ++i; 162 ++i;
165 }
166 } 163 }
167} 164}
168 165
169// run a script. yes, it's a template function. yes, c++ 166typedef callback<const char *, int> run_script_cb;
170// is not a functional language. yes, this suxx. 167
171template<class owner> 168// run a shell script (or actually an external program).
172static void 169static void
173run_script (owner *obj, const char *(owner::*setup)(), bool wait) 170run_script (const run_script_cb &cb, bool wait)
174{ 171{
175 int pid; 172 int pid;
176 173
177 if ((pid = fork ()) == 0) 174 if ((pid = fork ()) == 0)
178 { 175 {
179 char *filename; 176 char *filename;
180 asprintf (&filename, "%s/%s", confbase, (obj->*setup) ()); 177 asprintf (&filename, "%s/%s", confbase, cb(0));
181 execl (filename, filename, (char *) 0); 178 execl (filename, filename, (char *) 0);
182 exit (255); 179 exit (255);
183 } 180 }
184 else if (pid > 0) 181 else if (pid > 0)
185 { 182 {
189 /* TODO: check status */ 186 /* TODO: check status */
190 } 187 }
191 } 188 }
192} 189}
193 190
194// xor the socket address into the challenge to ensure different challenges
195// per host. we could rely on the OAEP padding, but this doesn't hurt.
196void
197xor_sa (rsachallenge &k, SOCKADDR *sa)
198{
199 ((u32 *) k)[(CHG_CIPHER_KEY + 0) / 4] ^= sa->sin_addr.s_addr;
200 ((u16 *) k)[(CHG_CIPHER_KEY + 4) / 2] ^= sa->sin_port;
201 ((u32 *) k)[(CHG_HMAC_KEY + 0) / 4] ^= sa->sin_addr.s_addr;
202 ((u16 *) k)[(CHG_HMAC_KEY + 4) / 2] ^= sa->sin_port;
203}
204
205struct crypto_ctx
206 {
207 EVP_CIPHER_CTX cctx;
208 HMAC_CTX hctx;
209
210 crypto_ctx (const rsachallenge &challenge, int enc);
211 ~crypto_ctx ();
212 };
213
214crypto_ctx::crypto_ctx (const rsachallenge &challenge, int enc)
215{
216 EVP_CIPHER_CTX_init (&cctx);
217 EVP_CipherInit_ex (&cctx, CIPHER, 0, &challenge[CHG_CIPHER_KEY], 0, enc);
218 HMAC_CTX_init (&hctx);
219 HMAC_Init_ex (&hctx, &challenge[CHG_HMAC_KEY], HMAC_KEYLEN, DIGEST, 0);
220}
221
222crypto_ctx::~crypto_ctx ()
223{
224 EVP_CIPHER_CTX_cleanup (&cctx);
225 HMAC_CTX_cleanup (&hctx);
226}
227
228////////////////////////////////////////////////////////////////////////////// 191//////////////////////////////////////////////////////////////////////////////
229 192
230void pkt_queue::put (tap_packet *p) 193void pkt_queue::put (tap_packet *p)
231{ 194{
232 if (queue[i]) 195 if (queue[i])
264{ 227{
265 for (i = QUEUEDEPTH; --i > 0; ) 228 for (i = QUEUEDEPTH; --i > 0; )
266 delete queue[i]; 229 delete queue[i];
267} 230}
268 231
232struct net_rateinfo {
233 u32 host;
234 double pcnt, diff;
235 tstamp last;
236};
237
269// only do action once every x seconds per host. 238// only do action once every x seconds per host whole allowing bursts.
270// currently this is quite a slow implementation, 239// this implementation ("splay list" ;) is inefficient,
271// but suffices for normal operation. 240// but low on resources.
272struct u32_rate_limiter : private map<u32, tstamp> 241struct net_rate_limiter : private list<net_rateinfo>
273 { 242{
274 tstamp every; 243 static const double ALPHA = 1. - 1. / 90.; // allow bursts
244 static const double CUTOFF = 20.; // one event every CUTOFF seconds
245 static const double EXPIRE = CUTOFF * 30.; // expire entries after this time
275 246
276 bool can (u32 host); 247 bool can (u32 host);
277
278 u32_rate_limiter (tstamp every = 1)
279 {
280 this->every = every;
281 }
282 };
283
284struct net_rate_limiter : u32_rate_limiter
285 {
286 bool can (SOCKADDR *sa) { return u32_rate_limiter::can((u32)sa->sin_addr.s_addr); } 248 bool can (SOCKADDR *sa) { return can((u32)sa->sin_addr.s_addr); }
287 bool can (sockinfo &si) { return u32_rate_limiter::can((u32)si.host); } 249 bool can (sockinfo &si) { return can((u32)si.host); }
250};
288 251
289 net_rate_limiter (tstamp every) : u32_rate_limiter (every) {} 252net_rate_limiter auth_rate_limiter, reset_rate_limiter;
290 };
291 253
292bool u32_rate_limiter::can (u32 host) 254bool net_rate_limiter::can (u32 host)
293{ 255{
294 iterator i; 256 iterator i;
295 257
296 for (i = begin (); i != end (); ) 258 for (i = begin (); i != end (); )
297 if (i->second <= NOW) 259 if (i->host == host)
298 { 260 break;
261 else if (i->last < NOW - EXPIRE)
299 erase (i); 262 i = erase (i);
300 i = begin ();
301 }
302 else 263 else
303 ++i; 264 i++;
304 265
305 i = find (host);
306
307 if (i != end ()) 266 if (i == end ())
308 return false; 267 {
268 net_rateinfo ri;
309 269
310 insert (value_type (host, NOW + every)); 270 ri.host = host;
271 ri.pcnt = 1.;
272 ri.diff = CUTOFF * (1. / (1. - ALPHA));
273 ri.last = NOW;
311 274
275 push_front (ri);
276
312 return true; 277 return true;
278 }
279 else
280 {
281 net_rateinfo ri (*i);
282 erase (i);
283
284 ri.pcnt = ri.pcnt * ALPHA;
285 ri.diff = ri.diff * ALPHA + (NOW - ri.last);
286
287 ri.last = NOW;
288
289 bool send = ri.diff / ri.pcnt > CUTOFF;
290
291 if (send)
292 ri.pcnt++;
293
294 push_front (ri);
295
296 return send;
297 }
313} 298}
314 299
315///////////////////////////////////////////////////////////////////////////// 300/////////////////////////////////////////////////////////////////////////////
316 301
317static void next_wakeup (time_t next) 302static void next_wakeup (time_t next)
321} 306}
322 307
323static unsigned char hmac_digest[EVP_MAX_MD_SIZE]; 308static unsigned char hmac_digest[EVP_MAX_MD_SIZE];
324 309
325struct hmac_packet:net_packet 310struct hmac_packet:net_packet
311{
312 u8 hmac[HMACLENGTH]; // each and every packet has a hmac field, but that is not (yet) checked everywhere
313
314 void hmac_set (crypto_ctx * ctx);
315 bool hmac_chk (crypto_ctx * ctx);
316
317private:
318 void hmac_gen (crypto_ctx * ctx)
326 { 319 {
327 u8 hmac[HMACLENGTH]; // each and every packet has a hmac field, but that is not (yet) checked everywhere
328
329 void hmac_set (crypto_ctx * ctx);
330 bool hmac_chk (crypto_ctx * ctx);
331
332private:
333 void hmac_gen (crypto_ctx * ctx)
334 {
335 unsigned int xlen; 320 unsigned int xlen;
336 HMAC_CTX *hctx = &ctx->hctx; 321 HMAC_CTX *hctx = &ctx->hctx;
337 322
338 HMAC_Init_ex (hctx, 0, 0, 0, 0); 323 HMAC_Init_ex (hctx, 0, 0, 0, 0);
339 HMAC_Update (hctx, ((unsigned char *) this) + sizeof (hmac_packet), 324 HMAC_Update (hctx, ((unsigned char *) this) + sizeof (hmac_packet),
340 len - sizeof (hmac_packet)); 325 len - sizeof (hmac_packet));
341 HMAC_Final (hctx, (unsigned char *) &hmac_digest, &xlen); 326 HMAC_Final (hctx, (unsigned char *) &hmac_digest, &xlen);
342 }
343 }; 327 }
328};
344 329
345void 330void
346hmac_packet::hmac_set (crypto_ctx * ctx) 331hmac_packet::hmac_set (crypto_ctx * ctx)
347{ 332{
348 hmac_gen (ctx); 333 hmac_gen (ctx);
364 { 349 {
365 PT_RESET = 0, 350 PT_RESET = 0,
366 PT_DATA_UNCOMPRESSED, 351 PT_DATA_UNCOMPRESSED,
367 PT_DATA_COMPRESSED, 352 PT_DATA_COMPRESSED,
368 PT_PING, PT_PONG, // wasting namespace space? ;) 353 PT_PING, PT_PONG, // wasting namespace space? ;)
369 PT_AUTH, // authentification 354 PT_AUTH_REQ, // authentification request
355 PT_AUTH_RES, // authentification response
370 PT_CONNECT_REQ, // want other host to contact me 356 PT_CONNECT_REQ, // want other host to contact me
371 PT_CONNECT_INFO, // request connection to some node 357 PT_CONNECT_INFO, // request connection to some node
372 PT_REKEY, // rekeying (not yet implemented)
373 PT_MAX 358 PT_MAX
374 }; 359 };
375 360
376 u8 type; 361 u8 type;
377 u8 srcdst, src1, dst1; 362 u8 srcdst, src1, dst1;
445 } 430 }
446#endif 431#endif
447 432
448 EVP_EncryptInit_ex (cctx, 0, 0, 0, 0); 433 EVP_EncryptInit_ex (cctx, 0, 0, 0, 0);
449 434
435 struct {
450#if RAND_SIZE 436#if RAND_SIZE
451 struct {
452 u8 rnd[RAND_SIZE]; 437 u8 rnd[RAND_SIZE];
438#endif
453 u32 seqno; 439 u32 seqno;
454 } datahdr; 440 } datahdr;
455 441
456 datahdr.seqno = seqno; 442 datahdr.seqno = ntohl (seqno);
443#if RAND_SIZE
457 RAND_pseudo_bytes ((unsigned char *) datahdr.rnd, RAND_SIZE); 444 RAND_pseudo_bytes ((unsigned char *) datahdr.rnd, RAND_SIZE);
445#endif
458 446
459 EVP_EncryptUpdate (cctx, 447 EVP_EncryptUpdate (cctx,
460 (unsigned char *) data + outl, &outl2, 448 (unsigned char *) data + outl, &outl2,
461 (unsigned char *) &datahdr, DATAHDR); 449 (unsigned char *) &datahdr, DATAHDR);
462 outl += outl2; 450 outl += outl2;
463#else
464 EVP_EncryptUpdate (cctx,
465 (unsigned char *) data + outl, &outl2,
466 (unsigned char *) &seqno, DATAHDR);
467 outl += outl2;
468#endif
469 451
470 EVP_EncryptUpdate (cctx, 452 EVP_EncryptUpdate (cctx,
471 (unsigned char *) data + outl, &outl2, 453 (unsigned char *) data + outl, &outl2,
472 (unsigned char *) d, l); 454 (unsigned char *) d, l);
473 outl += outl2; 455 outl += outl2;
509 outl += outl2; 491 outl += outl2;
510 492
511 EVP_DecryptFinal_ex (cctx, (unsigned char *)d + outl, &outl2); 493 EVP_DecryptFinal_ex (cctx, (unsigned char *)d + outl, &outl2);
512 outl += outl2; 494 outl += outl2;
513 495
514 seqno = *(u32 *)(d + RAND_SIZE); 496 seqno = ntohl (*(u32 *)(d + RAND_SIZE));
515 497
516 id2mac (dst () ? dst() : THISNODE->id, p->dst); 498 id2mac (dst () ? dst() : THISNODE->id, p->dst);
517 id2mac (src (), p->src); 499 id2mac (src (), p->src);
518 500
519#if ENABLE_COMPRESSION 501#if ENABLE_COMPRESSION
528 510
529 return p; 511 return p;
530} 512}
531 513
532struct ping_packet : vpn_packet 514struct ping_packet : vpn_packet
515{
516 void setup (int dst, ptype type)
533 { 517 {
534 void setup (int dst, ptype type)
535 {
536 set_hdr (type, dst); 518 set_hdr (type, dst);
537 len = sizeof (*this) - sizeof (net_packet); 519 len = sizeof (*this) - sizeof (net_packet);
538 }
539 }; 520 }
521};
540 522
541struct config_packet : vpn_packet 523struct config_packet : vpn_packet
524{
525 // actually, hmaclen cannot be checked because the hmac
526 // field comes before this data, so peers with other
527 // hmacs simply will not work.
528 u8 prot_major, prot_minor, randsize, hmaclen;
529 u8 flags, challengelen, pad2, pad3;
530 u32 cipher_nid, digest_nid, hmac_nid;
531
532 const u8 curflags () const
542 { 533 {
543 // actually, hmaclen cannot be checked because the hmac
544 // field comes before this data, so peers with other
545 // hmacs simply will not work.
546 u8 prot_major, prot_minor, randsize, hmaclen;
547 u8 flags, challengelen, pad2, pad3;
548 u32 cipher_nid;
549 u32 digest_nid;
550
551 const u8 curflags () const
552 {
553 return 0x80 534 return 0x80
554 | 0x02
555#if PROTOCOL_MAJOR != 2
556#error hi
557#endif
558 | (ENABLE_COMPRESSION ? 0x01 : 0x00); 535 | (ENABLE_COMPRESSION ? 0x01 : 0x00);
559 } 536 }
560 537
561 void setup (ptype type, int dst) 538 void setup (ptype type, int dst)
562 {
563 prot_major = PROTOCOL_MAJOR;
564 prot_minor = PROTOCOL_MINOR;
565 randsize = RAND_SIZE;
566 hmaclen = HMACLENGTH;
567 flags = curflags ();
568 challengelen = sizeof (rsachallenge);
569
570 cipher_nid = htonl (EVP_CIPHER_nid (CIPHER));
571 digest_nid = htonl (EVP_MD_type (DIGEST));
572
573 len = sizeof (*this) - sizeof (net_packet);
574 set_hdr (type, dst);
575 }
576
577 bool chk_config ()
578 {
579 return prot_major == PROTOCOL_MAJOR
580 && randsize == RAND_SIZE
581 && hmaclen == HMACLENGTH
582 && flags == curflags ()
583 && challengelen == sizeof (rsachallenge)
584 && cipher_nid == htonl (EVP_CIPHER_nid (CIPHER))
585 && digest_nid == htonl (EVP_MD_type (DIGEST));
586 }
587 };
588
589struct auth_packet : config_packet
590 { 539 {
591 char magic[8]; 540 prot_major = PROTOCOL_MAJOR;
592 u8 subtype; 541 prot_minor = PROTOCOL_MINOR;
593 u8 pad1, pad2; 542 randsize = RAND_SIZE;
594 rsaencrdata challenge; 543 hmaclen = HMACLENGTH;
544 flags = curflags ();
545 challengelen = sizeof (rsachallenge);
595 546
596 auth_packet (int dst, auth_subtype stype) 547 cipher_nid = htonl (EVP_CIPHER_nid (CIPHER));
597 { 548 digest_nid = htonl (EVP_MD_type (RSA_HASH));
598 config_packet::setup (PT_AUTH, dst); 549 hmac_nid = htonl (EVP_MD_type (DIGEST));
599 subtype = stype; 550
600 len = sizeof (*this) - sizeof (net_packet); 551 len = sizeof (*this) - sizeof (net_packet);
552 set_hdr (type, dst);
553 }
554
555 bool chk_config ()
556 {
557 return prot_major == PROTOCOL_MAJOR
558 && randsize == RAND_SIZE
559 && hmaclen == HMACLENGTH
560 && flags == curflags ()
561 && challengelen == sizeof (rsachallenge)
562 && cipher_nid == htonl (EVP_CIPHER_nid (CIPHER))
563 && digest_nid == htonl (EVP_MD_type (RSA_HASH))
564 && hmac_nid == htonl (EVP_MD_type (DIGEST));
565 }
566};
567
568struct auth_req_packet : config_packet
569{
570 char magic[8];
571 u8 initiate; // false if this is just an automatic reply
572 u8 pad1, pad2, pad3;
573 rsaid id;
574 rsaencrdata encr;
575
576 auth_req_packet (int dst, bool initiate_)
577 {
578 config_packet::setup (PT_AUTH_REQ, dst);
579 initiate = !!initiate_;
601 strncpy (magic, MAGIC, 8); 580 strncpy (magic, MAGIC, 8);
602 } 581 len = sizeof (*this) - sizeof (net_packet);
603 }; 582 }
583};
584
585struct auth_res_packet : config_packet
586{
587 rsaid id;
588 rsaresponse response;
589
590 auth_res_packet (int dst)
591 {
592 config_packet::setup (PT_AUTH_RES, dst);
593 len = sizeof (*this) - sizeof (net_packet);
594 }
595};
604 596
605struct connect_req_packet : vpn_packet 597struct connect_req_packet : vpn_packet
598{
599 u8 id;
600 u8 pad1, pad2, pad3;
601
602 connect_req_packet (int dst, int id_)
606 { 603 {
607 u8 id; 604 id = id_;
608 u8 pad1, pad2, pad3;
609
610 connect_req_packet (int dst, int id)
611 {
612 this->id = id;
613 set_hdr (PT_CONNECT_REQ, dst); 605 set_hdr (PT_CONNECT_REQ, dst);
614 len = sizeof (*this) - sizeof (net_packet); 606 len = sizeof (*this) - sizeof (net_packet);
615 }
616 }; 607 }
608};
617 609
618struct connect_info_packet : vpn_packet 610struct connect_info_packet : vpn_packet
611{
612 u8 id;
613 u8 pad1, pad2, pad3;
614 sockinfo si;
615
616 connect_info_packet (int dst, int id_, sockinfo &si_)
619 { 617 {
620 u8 id; 618 id = id_;
621 u8 pad1, pad2, pad3; 619 si = si_;
622 sockinfo si;
623
624 connect_info_packet (int dst, int id, sockinfo &si)
625 {
626 this->id = id;
627 this->si = si;
628 set_hdr (PT_CONNECT_INFO, dst); 620 set_hdr (PT_CONNECT_INFO, dst);
629 len = sizeof (*this) - sizeof (net_packet); 621 len = sizeof (*this) - sizeof (net_packet);
630 }
631 }; 622 }
623};
632 624
633///////////////////////////////////////////////////////////////////////////// 625/////////////////////////////////////////////////////////////////////////////
634 626
635void 627void
636fill_sa (SOCKADDR *sa, conf_node *conf) 628fill_sa (SOCKADDR *sa, conf_node *conf)
672} 664}
673 665
674void 666void
675connection::send_reset (SOCKADDR *dsa) 667connection::send_reset (SOCKADDR *dsa)
676{ 668{
677 static net_rate_limiter limiter(1);
678
679 if (limiter.can (dsa) && connectmode != conf_node::C_DISABLED) 669 if (reset_rate_limiter.can (dsa) && connectmode != conf_node::C_DISABLED)
680 { 670 {
681 config_packet *pkt = new config_packet; 671 config_packet *pkt = new config_packet;
682 672
683 pkt->setup (vpn_packet::PT_RESET, conf->id); 673 pkt->setup (vpn_packet::PT_RESET, conf->id);
684 vpn->send_vpn_packet (pkt, dsa, IPTOS_MINCOST); 674 vpn->send_vpn_packet (pkt, dsa, IPTOS_MINCOST);
685 675
686 delete pkt; 676 delete pkt;
687 } 677 }
688} 678}
689 679
690static rsachallenge *
691gen_challenge (u32 seqrand, SOCKADDR *sa)
692{
693 static rsachallenge k;
694
695 memcpy (&k, &challenge_bytes (), sizeof (k));
696 *(u32 *)&k[CHG_SEQNO] ^= seqrand;
697 xor_sa (k, sa);
698
699 return &k;
700}
701
702void 680void
703connection::send_auth (auth_subtype subtype, SOCKADDR *sa, const rsachallenge *k) 681connection::send_auth_request (SOCKADDR *sa, bool initiate)
704{ 682{
705 static net_rate_limiter limiter(0.2); 683 if (auth_rate_limiter.can (sa))
706
707 if (subtype != AUTH_INIT || limiter.can (sa))
708 { 684 {
709 if (!k)
710 k = gen_challenge (seqrand, sa);
711
712 auth_packet *pkt = new auth_packet (conf->id, subtype); 685 auth_req_packet *pkt = new auth_req_packet (conf->id, initiate);
713 686
714 memcpy (pkt->challenge, rsa_cache.public_encrypt (conf->rsa_key, *k), sizeof (rsaencrdata)); 687 rsachallenge chg;
715 688
689 rsa_cache.gen (pkt->id, chg);
690
691 if (0 > RSA_public_encrypt (sizeof chg,
692 (unsigned char *)&chg, (unsigned char *)&pkt->encr,
693 conf->rsa_key, RSA_PKCS1_OAEP_PADDING))
694 fatal ("RSA_public_encrypt error");
695
716 slog (L_TRACE, ">>%d PT_AUTH(%d) [%s]", conf->id, subtype, (const char *)sockinfo (sa)); 696 slog (L_TRACE, ">>%d PT_AUTH_REQ [%s]", conf->id, (const char *)sockinfo (sa));
717 697
718 vpn->send_vpn_packet (pkt, sa, IPTOS_RELIABILITY); 698 vpn->send_vpn_packet (pkt, sa, IPTOS_RELIABILITY); // rsa is very very costly
719 699
720 delete pkt; 700 delete pkt;
721 } 701 }
722} 702}
723 703
724void 704void
705connection::send_auth_response (SOCKADDR *sa, const rsaid &id, const rsachallenge &chg)
706{
707 if (auth_rate_limiter.can (sa))
708 {
709 auth_res_packet *pkt = new auth_res_packet (conf->id);
710
711 pkt->id = id;
712 rsa_hash (chg, pkt->response);
713
714 slog (L_TRACE, ">>%d PT_AUTH_RES [%s]", conf->id, (const char *)sockinfo (sa));
715
716 vpn->send_vpn_packet (pkt, sa, IPTOS_RELIABILITY); // rsa is very very costly
717
718 delete pkt;
719 }
720}
721
722void
725connection::establish_connection_cb (tstamp &ts) 723connection::establish_connection_cb (tstamp &ts)
726{ 724{
727 if (ictx || conf == THISNODE || connectmode == conf_node::C_NEVER) 725 if (ictx || conf == THISNODE
726 || connectmode == conf_node::C_NEVER
727 || connectmode == conf_node::C_DISABLED)
728 ts = TSTAMP_CANCEL; 728 ts = TSTAMP_CANCEL;
729 else if (ts <= NOW) 729 else if (ts <= NOW)
730 { 730 {
731 double retry_int = double (retry_cnt & 3 ? (retry_cnt & 3) : 1 << (retry_cnt >> 2)) * 0.25; 731 double retry_int = double (retry_cnt & 3 ? (retry_cnt & 3) : 1 << (retry_cnt >> 2)) * 0.6;
732 732
733 if (retry_int < 3600 * 8) 733 if (retry_int < 3600 * 8)
734 retry_cnt++; 734 retry_cnt++;
735
736 if (connectmode == conf_node::C_ONDEMAND
737 && retry_int > ::conf.keepalive)
738 retry_int = ::conf.keepalive;
739 735
740 ts = NOW + retry_int; 736 ts = NOW + retry_int;
741 737
742 if (conf->hostname) 738 if (conf->hostname)
743 { 739 {
744 reset_dstaddr (); 740 reset_dstaddr ();
745 if (sa.sin_addr.s_addr) 741 if (sa.sin_addr.s_addr)
746 if (retry_cnt < 4) 742 if (retry_cnt < 4)
747 send_auth (AUTH_INIT, &sa); 743 send_auth_request (&sa, true);
748 else 744 else if (auth_rate_limiter.can (&sa))
749 send_ping (&sa, 0); 745 send_ping (&sa, 0);
750 } 746 }
751 else 747 else
752 vpn->connect_request (conf->id); 748 vpn->connect_request (conf->id);
753 } 749 }
759 if (ictx && octx) 755 if (ictx && octx)
760 { 756 {
761 slog (L_INFO, _("connection to %d (%s) lost"), conf->id, conf->nodename); 757 slog (L_INFO, _("connection to %d (%s) lost"), conf->id, conf->nodename);
762 758
763 if (::conf.script_node_down) 759 if (::conf.script_node_down)
764 run_script (this, &connection::script_node_down, false); 760 run_script (run_script_cb (this, &connection::script_node_down), false);
765 } 761 }
766 762
767 delete ictx; ictx = 0; 763 delete ictx; ictx = 0;
768 delete octx; octx = 0; 764 delete octx; octx = 0;
769
770 RAND_bytes ((unsigned char *)&seqrand, sizeof (u32));
771 765
772 sa.sin_port = 0; 766 sa.sin_port = 0;
773 sa.sin_addr.s_addr = 0; 767 sa.sin_addr.s_addr = 0;
774 768
775 last_activity = 0; 769 last_activity = 0;
840 conf->id, pkt->typ (), pkt->src (), pkt->dst ()); 834 conf->id, pkt->typ (), pkt->src (), pkt->dst ());
841 835
842 switch (pkt->typ ()) 836 switch (pkt->typ ())
843 { 837 {
844 case vpn_packet::PT_PING: 838 case vpn_packet::PT_PING:
845 send_ping (ssa, 1); // pong
846 break;
847
848 case vpn_packet::PT_PONG:
849 // we send pings instead of auth packets after some retries, 839 // we send pings instead of auth packets after some retries,
850 // so reset the retry counter and establish a conenction 840 // so reset the retry counter and establish a conenction
851 // when we receive a pong. 841 // when we receive a pong.
852 if (!ictx && !octx) 842 if (!ictx && !octx)
853 { 843 {
854 retry_cnt = 0; 844 retry_cnt = 0;
855 establish_connection.at = 0; 845 establish_connection.at = 0;
856 establish_connection (); 846 establish_connection ();
857 } 847 }
848 else
849 send_ping (ssa, 1); // pong
858 850
851 break;
852
853 case vpn_packet::PT_PONG:
859 break; 854 break;
860 855
861 case vpn_packet::PT_RESET: 856 case vpn_packet::PT_RESET:
862 { 857 {
863 reset_connection (); 858 reset_connection ();
864 859
865 config_packet *p = (config_packet *) pkt; 860 config_packet *p = (config_packet *) pkt;
861
866 if (!p->chk_config ()) 862 if (!p->chk_config ())
867 { 863 {
868 slog (L_WARN, _("protocol mismatch, disabling node '%s'"), conf->nodename); 864 slog (L_WARN, _("protocol mismatch, disabling node '%s'"), conf->nodename);
869 connectmode = conf_node::C_DISABLED; 865 connectmode = conf_node::C_DISABLED;
870 } 866 }
871 else if (connectmode == conf_node::C_ALWAYS) 867 else if (connectmode == conf_node::C_ALWAYS)
872 establish_connection (); 868 establish_connection ();
873 } 869 }
874 break; 870 break;
875 871
876 case vpn_packet::PT_AUTH: 872 case vpn_packet::PT_AUTH_REQ:
877 { 873 {
878 auth_packet *p = (auth_packet *) pkt; 874 auth_req_packet *p = (auth_req_packet *) pkt;
879 875
880 slog (L_TRACE, "<<%d PT_AUTH(%d)", conf->id, p->subtype); 876 slog (L_TRACE, "<<%d PT_AUTH_REQ(%d)", conf->id, p->initiate);
881 877
882 if (p->chk_config ()
883 && !strncmp (p->magic, MAGIC, 8)) 878 if (p->chk_config () && !strncmp (p->magic, MAGIC, 8))
884 { 879 {
885 if (p->prot_minor != PROTOCOL_MINOR) 880 if (p->prot_minor != PROTOCOL_MINOR)
886 slog (L_INFO, _("protocol minor version mismatch: ours is %d, %s's is %d."), 881 slog (L_INFO, _("protocol minor version mismatch: ours is %d, %s's is %d."),
887 PROTOCOL_MINOR, conf->nodename, p->prot_minor); 882 PROTOCOL_MINOR, conf->nodename, p->prot_minor);
888 883
889 if (p->subtype == AUTH_INIT) 884 if (p->initiate)
890 send_auth (AUTH_INITREPLY, ssa); 885 send_auth_request (ssa, false);
891 886
892 const rsachallenge *k = rsa_cache.private_decrypt (::conf.rsa_key, p->challenge); 887 rsachallenge k;
893 888
894 if (!k) 889 if (0 > RSA_private_decrypt (sizeof (p->encr),
890 (unsigned char *)&p->encr, (unsigned char *)&k,
891 ::conf.rsa_key, RSA_PKCS1_OAEP_PADDING))
892 slog (L_ERR, _("challenge from %s (%s) illegal or corrupted"),
893 conf->nodename, (const char *)sockinfo (ssa));
894 else
895 { 895 {
896 slog (L_ERR, _("challenge from %s (%s) illegal or corrupted, disabling node"), 896 retry_cnt = 0;
897 conf->nodename, (const char *)sockinfo (ssa)); 897 establish_connection.set (NOW + 8); //? ;)
898 connectmode = conf_node::C_DISABLED; 898 keepalive.reset ();
899 rekey.reset ();
900
901 delete ictx;
902 ictx = 0;
903
904 delete octx;
905
906 octx = new crypto_ctx (k, 1);
907 oseqno = ntohl (*(u32 *)&k[CHG_SEQNO]) & 0x7fffffff;
908
909 send_auth_response (ssa, p->id, k);
910
899 break; 911 break;
900 } 912 }
913 }
914 }
901 915
902 retry_cnt = 0; 916 send_reset (ssa);
903 establish_connection.set (NOW + 8); //? ;) 917 break;
904 keepalive.reset ();
905 rekey.reset ();
906 918
907 switch (p->subtype) 919 case vpn_packet::PT_AUTH_RES:
920 {
921 auth_res_packet *p = (auth_res_packet *) pkt;
922
923 slog (L_TRACE, "<<%d PT_AUTH_RES", conf->id);
924
925 if (p->chk_config ())
926 {
927 if (p->prot_minor != PROTOCOL_MINOR)
928 slog (L_INFO, _("protocol minor version mismatch: ours is %d, %s's is %d."),
929 PROTOCOL_MINOR, conf->nodename, p->prot_minor);
930
931 rsachallenge chg;
932
933 if (!rsa_cache.find (p->id, chg))
934 slog (L_ERR, _("unrequested auth response from %s (%s)"),
935 conf->nodename, (const char *)sockinfo (ssa));
936 else
908 { 937 {
909 case AUTH_INIT: 938 rsaresponse h;
910 case AUTH_INITREPLY:
911 delete ictx;
912 ictx = 0;
913 939
914 delete octx; 940 rsa_hash (chg, h);
915 941
916 octx = new crypto_ctx (*k, 1); 942 if (!memcmp ((u8 *)&h, (u8 *)p->response, sizeof h))
917 oseqno = *(u32 *)&k[CHG_SEQNO] & 0x7fffffff;
918
919 send_auth (AUTH_REPLY, ssa, k);
920 break;
921
922 case AUTH_REPLY:
923
924 if (!memcmp ((u8 *)gen_challenge (seqrand, ssa), (u8 *)k, sizeof (rsachallenge)))
925 { 943 {
926 delete ictx; 944 delete ictx;
927 945
928 ictx = new crypto_ctx (*k, 0); 946 ictx = new crypto_ctx (chg, 0);
929 iseqno.reset (*(u32 *)&k[CHG_SEQNO] & 0x7fffffff); // at least 2**31 sequence numbers are valid 947 iseqno.reset (ntohl (*(u32 *)&chg[CHG_SEQNO]) & 0x7fffffff); // at least 2**31 sequence numbers are valid
930 948
931 sa = *ssa; 949 sa = *ssa;
932 950
933 rekey.set (NOW + ::conf.rekey); 951 rekey.set (NOW + ::conf.rekey);
934 keepalive.set (NOW + ::conf.keepalive); 952 keepalive.set (NOW + ::conf.keepalive);
944 962
945 slog (L_INFO, _("connection to %d (%s %s) established"), 963 slog (L_INFO, _("connection to %d (%s %s) established"),
946 conf->id, conf->nodename, (const char *)sockinfo (ssa)); 964 conf->id, conf->nodename, (const char *)sockinfo (ssa));
947 965
948 if (::conf.script_node_up) 966 if (::conf.script_node_up)
949 run_script (this, &connection::script_node_up, false); 967 run_script (run_script_cb (this, &connection::script_node_up), false);
968
969 break;
950 } 970 }
951 else 971 else
952 slog (L_ERR, _("sent and received challenge do not match with (%s %s))"), 972 slog (L_ERR, _("sent and received challenge do not match with (%s %s))"),
953 conf->nodename, (const char *)sockinfo (ssa)); 973 conf->nodename, (const char *)sockinfo (ssa));
954
955 break;
956 default:
957 slog (L_ERR, _("authentification illegal subtype error (%s %s)"),
958 conf->nodename, (const char *)sockinfo (ssa));
959 break;
960 } 974 }
961 } 975 }
962 else
963 send_reset (ssa);
964
965 break;
966 } 976 }
977
978 send_reset (ssa);
979 break;
967 980
968 case vpn_packet::PT_DATA_COMPRESSED: 981 case vpn_packet::PT_DATA_COMPRESSED:
969#if !ENABLE_COMPRESSION 982#if !ENABLE_COMPRESSION
970 send_reset (ssa); 983 send_reset (ssa);
971 break; 984 break;
972#endif 985#endif
986
973 case vpn_packet::PT_DATA_UNCOMPRESSED: 987 case vpn_packet::PT_DATA_UNCOMPRESSED:
974 988
975 if (ictx && octx) 989 if (ictx && octx)
976 { 990 {
977 vpndata_packet *p = (vpndata_packet *)pkt; 991 vpndata_packet *p = (vpndata_packet *)pkt;
1070 connection *c = vpn->conns[p->id - 1]; 1084 connection *c = vpn->conns[p->id - 1];
1071 1085
1072 slog (L_TRACE, "<<%d PT_CONNECT_INFO(%d,%s) (%d)", 1086 slog (L_TRACE, "<<%d PT_CONNECT_INFO(%d,%s) (%d)",
1073 conf->id, p->id, (const char *)p->si, !c->ictx && !c->octx); 1087 conf->id, p->id, (const char *)p->si, !c->ictx && !c->octx);
1074 1088
1075 c->send_auth (AUTH_INIT, p->si.sa ()); 1089 c->send_auth_request (p->si.sa (), true);
1076 } 1090 }
1091
1077 break; 1092 break;
1078 1093
1079 default: 1094 default:
1080 send_reset (ssa); 1095 send_reset (ssa);
1081 break; 1096 break;
1097
1082 } 1098 }
1083} 1099}
1084 1100
1085void connection::keepalive_cb (tstamp &ts) 1101void connection::keepalive_cb (tstamp &ts)
1086{ 1102{
1113 delete p; 1129 delete p;
1114} 1130}
1115 1131
1116void connection::script_node () 1132void connection::script_node ()
1117{ 1133{
1118 vpn->script_if_up (); 1134 vpn->script_if_up (0);
1119 1135
1120 char *env; 1136 char *env;
1121 asprintf (&env, "DESTID=%d", conf->id); 1137 asprintf (&env, "DESTID=%d", conf->id);
1122 putenv (env); 1138 putenv (env);
1123 asprintf (&env, "DESTNODE=%s", conf->nodename); 1139 asprintf (&env, "DESTNODE=%s", conf->nodename);
1126 putenv (env); 1142 putenv (env);
1127 asprintf (&env, "DESTPORT=%d", ntohs (sa.sin_port)); 1143 asprintf (&env, "DESTPORT=%d", ntohs (sa.sin_port));
1128 putenv (env); 1144 putenv (env);
1129} 1145}
1130 1146
1131const char *connection::script_node_up () 1147const char *connection::script_node_up (int)
1132{ 1148{
1133 script_node (); 1149 script_node ();
1134 1150
1135 putenv ("STATE=up"); 1151 putenv ("STATE=up");
1136 1152
1137 return ::conf.script_node_up ? ::conf.script_node_up : "node-up"; 1153 return ::conf.script_node_up ? ::conf.script_node_up : "node-up";
1138} 1154}
1139 1155
1140const char *connection::script_node_down () 1156const char *connection::script_node_down (int)
1141{ 1157{
1142 script_node (); 1158 script_node ();
1143 1159
1144 putenv ("STATE=down"); 1160 putenv ("STATE=down");
1145 1161
1164 shutdown (); 1180 shutdown ();
1165} 1181}
1166 1182
1167///////////////////////////////////////////////////////////////////////////// 1183/////////////////////////////////////////////////////////////////////////////
1168 1184
1169const char *vpn::script_if_up () 1185const char *vpn::script_if_up (int)
1170{ 1186{
1171 // the tunnel device mtu should be the physical mtu - overhead 1187 // the tunnel device mtu should be the physical mtu - overhead
1172 // the tricky part is rounding to the cipher key blocksize 1188 // the tricky part is rounding to the cipher key blocksize
1173 int mtu = conf.mtu - ETH_OVERHEAD - VPE_OVERHEAD - UDP_OVERHEAD; 1189 int mtu = conf.mtu - ETH_OVERHEAD - VPE_OVERHEAD - MAX_OVERHEAD;
1174 mtu += ETH_OVERHEAD - 6 - 6; // now we have the data portion 1190 mtu += ETH_OVERHEAD - 6 - 6; // now we have the data portion
1175 mtu -= mtu % EVP_CIPHER_block_size (CIPHER); // round 1191 mtu -= mtu % EVP_CIPHER_block_size (CIPHER); // round
1176 mtu -= ETH_OVERHEAD - 6 - 6; // and get interface mtu again 1192 mtu -= ETH_OVERHEAD - 6 - 6; // and get interface mtu again
1177 1193
1178 char *env; 1194 char *env;
1232 { 1248 {
1233 slog (L_ERR, _("cannot create network interface '%s'"), conf.ifname); 1249 slog (L_ERR, _("cannot create network interface '%s'"), conf.ifname);
1234 exit (1); 1250 exit (1);
1235 } 1251 }
1236 1252
1237 run_script (this, &vpn::script_if_up, true); 1253 run_script (run_script_cb (this, &vpn::script_if_up), true);
1238 1254
1239 vpn_ev_watcher.start (tap->fd, POLLIN); 1255 vpn_ev_watcher.start (tap->fd, POLLIN);
1240 1256
1241 reconnect_all (); 1257 reconnect_all ();
1242 1258

Diff Legend

Removed lines
+ Added lines
< Changed lines
> Changed lines