48ba204861661e43e1815597b77b858b9a1cf2b8
[tinc] / src / protocol_key.c
1 /*
2     protocol_key.c -- handle the meta-protocol, key exchange
3     Copyright (C) 1999-2005 Ivo Timmermans,
4                   2000-2012 Guus Sliepen <guus@tinc-vpn.org>
5
6     This program is free software; you can redistribute it and/or modify
7     it under the terms of the GNU General Public License as published by
8     the Free Software Foundation; either version 2 of the License, or
9     (at your option) any later version.
10
11     This program is distributed in the hope that it will be useful,
12     but WITHOUT ANY WARRANTY; without even the implied warranty of
13     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
14     GNU General Public License for more details.
15
16     You should have received a copy of the GNU General Public License along
17     with this program; if not, write to the Free Software Foundation, Inc.,
18     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
19 */
20
21 #include "system.h"
22
23 #include "splay_tree.h"
24 #include "cipher.h"
25 #include "connection.h"
26 #include "crypto.h"
27 #include "logger.h"
28 #include "net.h"
29 #include "netutl.h"
30 #include "node.h"
31 #include "prf.h"
32 #include "protocol.h"
33 #include "sptps.h"
34 #include "utils.h"
35 #include "xalloc.h"
36
37 static bool mykeyused = false;
38
39 void send_key_changed(void) {
40         splay_node_t *node;
41         connection_t *c;
42
43         send_request(everyone, "%d %x %s", KEY_CHANGED, rand(), myself->name);
44
45         /* Immediately send new keys to directly connected nodes to keep UDP mappings alive */
46
47         for(node = connection_tree->head; node; node = node->next) {
48                 c = node->data;
49                 if(c->status.active && c->node && c->node->status.reachable) {
50                         if(!c->node->status.sptps)
51                                 send_ans_key(c->node);
52                 }
53         }
54
55         /* Force key exchange for connections using SPTPS */
56
57         if(experimental) {
58                 for(node = node_tree->head; node; node = node->next) {
59                         node_t *n = node->data;
60                         if(n->status.reachable && n->status.validkey && n->status.sptps)
61                                 sptps_force_kex(&n->sptps);
62                 }
63         }
64 }
65
66 bool key_changed_h(connection_t *c, const char *request) {
67         char name[MAX_STRING_SIZE];
68         node_t *n;
69
70         if(sscanf(request, "%*d %*x " MAX_STRING, name) != 1) {
71                 logger(DEBUG_ALWAYS, LOG_ERR, "Got bad %s from %s (%s)", "KEY_CHANGED",
72                            c->name, c->hostname);
73                 return false;
74         }
75
76         if(seen_request(request))
77                 return true;
78
79         n = lookup_node(name);
80
81         if(!n) {
82                 logger(DEBUG_ALWAYS, LOG_ERR, "Got %s from %s (%s) origin %s which does not exist",
83                            "KEY_CHANGED", c->name, c->hostname, name);
84                 return true;
85         }
86
87         if(!n->status.sptps) {
88                 n->status.validkey = false;
89                 n->last_req_key = 0;
90         }
91
92         /* Tell the others */
93
94         if(!tunnelserver)
95                 forward_request(c, request);
96
97         return true;
98 }
99
100 static bool send_initial_sptps_data(void *handle, uint8_t type, const char *data, size_t len) {
101         node_t *to = handle;
102         to->sptps.send_data = send_sptps_data;
103         char buf[len * 4 / 3 + 5];
104         b64encode(data, buf, len);
105         return send_request(to->nexthop->connection, "%d %s %s %d %s", REQ_KEY, myself->name, to->name, REQ_KEY, buf);
106 }
107
108 bool send_req_key(node_t *to) {
109         if(to->status.sptps) {
110                 if(!node_read_ecdsa_public_key(to)) {
111                         logger(DEBUG_ALWAYS, LOG_DEBUG, "No ECDSA key known for %s (%s)", to->name, to->hostname);
112                         send_request(to->nexthop->connection, "%d %s %s %d", REQ_KEY, myself->name, to->name, REQ_PUBKEY);
113                         return true;
114                 }
115                 char label[25 + strlen(myself->name) + strlen(to->name)];
116                 snprintf(label, sizeof label, "tinc UDP key expansion %s %s", myself->name, to->name);
117                 sptps_stop(&to->sptps);
118                 to->status.validkey = false;
119                 return sptps_start(&to->sptps, to, true, true, myself->connection->ecdsa, to->ecdsa, label, sizeof label, send_initial_sptps_data, receive_sptps_record); 
120         }
121
122         return send_request(to->nexthop->connection, "%d %s %s", REQ_KEY, myself->name, to->name);
123 }
124
125 /* REQ_KEY is overloaded to allow arbitrary requests to be routed between two nodes. */
126
127 static bool req_key_ext_h(connection_t *c, const char *request, node_t *from, int reqno) {
128         switch(reqno) {
129                 case REQ_PUBKEY: {
130                         char *pubkey = ecdsa_get_base64_public_key(&myself->connection->ecdsa);
131                         send_request(from->nexthop->connection, "%d %s %s %d %s", REQ_KEY, myself->name, from->name, ANS_PUBKEY, pubkey);
132                         free(pubkey);
133                         return true;
134                 }
135
136                 case ANS_PUBKEY: {
137                         if(node_read_ecdsa_public_key(from)) {
138                                 logger(DEBUG_ALWAYS, LOG_WARNING, "Got ANS_PUBKEY from %s (%s) even though we already have his pubkey", from->name, from->hostname);
139                                 return true;
140                         }
141
142                         char pubkey[MAX_STRING_SIZE];
143                         if(sscanf(request, "%*d %*s %*s %*d " MAX_STRING, pubkey) != 1 || !ecdsa_set_base64_public_key(&from->ecdsa, pubkey)) {
144                                 logger(DEBUG_ALWAYS, LOG_ERR, "Got bad %s from %s (%s): %s", "ANS_PUBKEY", from->name, from->hostname, "invalid pubkey");
145                                 return true;
146                         }
147
148                         logger(DEBUG_ALWAYS, LOG_INFO, "Learned ECDSA public key from %s (%s)", from->name, from->hostname);
149                         append_config_file(from->name, "ECDSAPublicKey", pubkey);
150                         return true;
151                 }
152
153                 case REQ_KEY: {
154                         if(!node_read_ecdsa_public_key(from)) {
155                                 logger(DEBUG_ALWAYS, LOG_DEBUG, "No ECDSA key known for %s (%s)", from->name, from->hostname);
156                                 send_request(from->nexthop->connection, "%d %s %s %d", REQ_KEY, myself->name, from->name, REQ_PUBKEY);
157                                 return true;
158                         }
159                 }
160
161                 case REQ_SPTPS: {
162                         char buf[MAX_STRING_SIZE];
163                         if(sscanf(request, "%*d %*s %*s %*d " MAX_STRING, buf) != 1) {
164                                 logger(DEBUG_ALWAYS, LOG_ERR, "Got bad %s from %s (%s): %s", "REQ_KEY", from->name, from->hostname, "invalid SPTPS data");
165                                 return true;
166                         }
167                         int len = b64decode(buf, buf, strlen(buf));
168
169
170                         char label[25 + strlen(from->name) + strlen(myself->name)];
171                         snprintf(label, sizeof label, "tinc UDP key expansion %s %s", from->name, myself->name);
172                         sptps_stop(&from->sptps);
173                         from->status.validkey = false;
174                         sptps_start(&from->sptps, from, false, true, myself->connection->ecdsa, from->ecdsa, label, sizeof label, send_sptps_data, receive_sptps_record); 
175                         sptps_receive_data(&from->sptps, buf, len);
176                         return true;
177                 }
178
179                 default:
180                         logger(DEBUG_ALWAYS, LOG_ERR, "Unknown extended REQ_KEY request from %s (%s): %s", from->name, from->hostname, request);
181                         return true;
182         }
183 }
184
185 bool req_key_h(connection_t *c, const char *request) {
186         char from_name[MAX_STRING_SIZE];
187         char to_name[MAX_STRING_SIZE];
188         node_t *from, *to;
189         int reqno = 0;
190
191         if(sscanf(request, "%*d " MAX_STRING " " MAX_STRING " %d", from_name, to_name, &reqno) < 2) {
192                 logger(DEBUG_ALWAYS, LOG_ERR, "Got bad %s from %s (%s)", "REQ_KEY", c->name,
193                            c->hostname);
194                 return false;
195         }
196
197         if(!check_id(from_name) || !check_id(to_name)) {
198                 logger(DEBUG_ALWAYS, LOG_ERR, "Got bad %s from %s (%s): %s", "REQ_KEY", c->name, c->hostname, "invalid name");
199                 return false;
200         }
201
202         from = lookup_node(from_name);
203
204         if(!from) {
205                 logger(DEBUG_ALWAYS, LOG_ERR, "Got %s from %s (%s) origin %s which does not exist in our connection list",
206                            "REQ_KEY", c->name, c->hostname, from_name);
207                 return true;
208         }
209
210         to = lookup_node(to_name);
211
212         if(!to) {
213                 logger(DEBUG_ALWAYS, LOG_ERR, "Got %s from %s (%s) destination %s which does not exist in our connection list",
214                            "REQ_KEY", c->name, c->hostname, to_name);
215                 return true;
216         }
217
218         /* Check if this key request is for us */
219
220         if(to == myself) {                      /* Yes */
221                 /* Is this an extended REQ_KEY message? */
222                 if(experimental && reqno)
223                         return req_key_ext_h(c, request, from, reqno);
224
225                 /* No, just send our key back */
226                 send_ans_key(from);
227         } else {
228                 if(tunnelserver)
229                         return true;
230
231                 if(!to->status.reachable) {
232                         logger(DEBUG_ALWAYS, LOG_WARNING, "Got %s from %s (%s) destination %s which is not reachable",
233                                 "REQ_KEY", c->name, c->hostname, to_name);
234                         return true;
235                 }
236
237                 send_request(to->nexthop->connection, "%s", request);
238         }
239
240         return true;
241 }
242
243 bool send_ans_key(node_t *to) {
244         if(to->status.sptps)
245                 abort();
246
247         size_t keylen = cipher_keylength(&myself->incipher);
248         char key[keylen * 2 + 1];
249
250         cipher_open_by_nid(&to->incipher, cipher_get_nid(&myself->incipher));
251         digest_open_by_nid(&to->indigest, digest_get_nid(&myself->indigest), digest_length(&myself->indigest));
252         to->incompression = myself->incompression;
253
254         randomize(key, keylen);
255         cipher_set_key(&to->incipher, key, false);
256         digest_set_key(&to->indigest, key, keylen);
257
258         bin2hex(key, key, keylen);
259
260         // Reset sequence number and late packet window
261         mykeyused = true;
262         to->received_seqno = 0;
263         if(replaywin) memset(to->late, 0, replaywin);
264
265         return send_request(to->nexthop->connection, "%d %s %s %s %d %d %d %d", ANS_KEY,
266                                                 myself->name, to->name, key,
267                                                 cipher_get_nid(&to->incipher),
268                                                 digest_get_nid(&to->indigest),
269                                                 (int)digest_length(&to->indigest),
270                                                 to->incompression);
271 }
272
273 bool ans_key_h(connection_t *c, const char *request) {
274         char from_name[MAX_STRING_SIZE];
275         char to_name[MAX_STRING_SIZE];
276         char key[MAX_STRING_SIZE];
277         char address[MAX_STRING_SIZE] = "";
278         char port[MAX_STRING_SIZE] = "";
279         int cipher, digest, maclength, compression, keylen;
280         node_t *from, *to;
281
282         if(sscanf(request, "%*d "MAX_STRING" "MAX_STRING" "MAX_STRING" %d %d %d %d "MAX_STRING" "MAX_STRING,
283                 from_name, to_name, key, &cipher, &digest, &maclength,
284                 &compression, address, port) < 7) {
285                 logger(DEBUG_ALWAYS, LOG_ERR, "Got bad %s from %s (%s)", "ANS_KEY", c->name,
286                            c->hostname);
287                 return false;
288         }
289
290         if(!check_id(from_name) || !check_id(to_name)) {
291                 logger(DEBUG_ALWAYS, LOG_ERR, "Got bad %s from %s (%s): %s", "ANS_KEY", c->name, c->hostname, "invalid name");
292                 return false;
293         }
294
295         from = lookup_node(from_name);
296
297         if(!from) {
298                 logger(DEBUG_ALWAYS, LOG_ERR, "Got %s from %s (%s) origin %s which does not exist in our connection list",
299                            "ANS_KEY", c->name, c->hostname, from_name);
300                 return true;
301         }
302
303         to = lookup_node(to_name);
304
305         if(!to) {
306                 logger(DEBUG_ALWAYS, LOG_ERR, "Got %s from %s (%s) destination %s which does not exist in our connection list",
307                            "ANS_KEY", c->name, c->hostname, to_name);
308                 return true;
309         }
310
311         /* Forward it if necessary */
312
313         if(to != myself) {
314                 if(tunnelserver)
315                         return true;
316
317                 if(!to->status.reachable) {
318                         logger(DEBUG_ALWAYS, LOG_WARNING, "Got %s from %s (%s) destination %s which is not reachable",
319                                    "ANS_KEY", c->name, c->hostname, to_name);
320                         return true;
321                 }
322
323                 if(!*address && from->address.sa.sa_family != AF_UNSPEC) {
324                         char *address, *port;
325                         logger(DEBUG_PROTOCOL, LOG_DEBUG, "Appending reflexive UDP address to ANS_KEY from %s to %s", from->name, to->name);
326                         sockaddr2str(&from->address, &address, &port);
327                         send_request(to->nexthop->connection, "%s %s %s", request, address, port);
328                         free(address);
329                         free(port);
330                         return true;
331                 }
332
333                 return send_request(to->nexthop->connection, "%s", request);
334         }
335
336         /* SPTPS or old-style key exchange? */
337
338         if(from->status.sptps) {
339                 char buf[strlen(key)];
340                 int len = b64decode(key, buf, strlen(key));
341
342                 if(!sptps_receive_data(&from->sptps, buf, len))
343                         logger(DEBUG_ALWAYS, LOG_ERR, "Error processing SPTPS data from %s (%s)", from->name, from->hostname);
344
345                 if(from->status.validkey) {
346                         if(*address && *port) {
347                                 logger(DEBUG_PROTOCOL, LOG_DEBUG, "Using reflexive UDP address from %s: %s port %s", from->name, address, port);
348                                 sockaddr_t sa = str2sockaddr(address, port);
349                                 update_node_udp(from, &sa);
350                         }
351
352                         if(from->options & OPTION_PMTU_DISCOVERY)
353                                 send_mtu_probe(from);
354                 }
355
356                 return true;
357         }
358
359         /* Check and lookup cipher and digest algorithms */
360
361         if(!cipher_open_by_nid(&from->outcipher, cipher)) {
362                 logger(DEBUG_ALWAYS, LOG_ERR, "Node %s (%s) uses unknown cipher!", from->name, from->hostname);
363                 return false;
364         }
365
366         if(!digest_open_by_nid(&from->outdigest, digest, maclength)) {
367                 logger(DEBUG_ALWAYS, LOG_ERR, "Node %s (%s) uses unknown digest!", from->name, from->hostname);
368                 return false;
369         }
370
371         if(maclength != digest_length(&from->outdigest)) {
372                 logger(DEBUG_ALWAYS, LOG_ERR, "Node %s (%s) uses bogus MAC length!", from->name, from->hostname);
373                 return false;
374         }
375
376         if(compression < 0 || compression > 11) {
377                 logger(DEBUG_ALWAYS, LOG_ERR, "Node %s (%s) uses bogus compression level!", from->name, from->hostname);
378                 return true;
379         }
380
381         from->outcompression = compression;
382
383         /* Process key */
384
385         keylen = hex2bin(key, key, sizeof key);
386
387         if(keylen != cipher_keylength(&from->outcipher)) {
388                 logger(DEBUG_ALWAYS, LOG_ERR, "Node %s (%s) uses wrong keylength!", from->name, from->hostname);
389                 return true;
390         }
391
392         /* Update our copy of the origin's packet key */
393
394         cipher_set_key(&from->outcipher, key, true);
395         digest_set_key(&from->outdigest, key, keylen);
396
397         from->status.validkey = true;
398         from->sent_seqno = 0;
399
400         if(*address && *port) {
401                 logger(DEBUG_PROTOCOL, LOG_DEBUG, "Using reflexive UDP address from %s: %s port %s", from->name, address, port);
402                 sockaddr_t sa = str2sockaddr(address, port);
403                 update_node_udp(from, &sa);
404         }
405
406         if(from->options & OPTION_PMTU_DISCOVERY)
407                 send_mtu_probe(from);
408
409         return true;
410 }