2 * Copyright (c) 2011-2012 The DragonFly Project. All rights reserved.
4 * This code is derived from software contributed to The DragonFly Project
5 * by Matthew Dillon <dillon@dragonflybsd.org>
6 * by Venkatesh Srinivas <vsrinivas@dragonflybsd.org>
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 * 2. Redistributions in binary form must reproduce the above copyright
15 * notice, this list of conditions and the following disclaimer in
16 * the documentation and/or other materials provided with the
18 * 3. Neither the name of The DragonFly Project nor the names of its
19 * contributors may be used to endorse or promote products derived
20 * from this software without specific, prior written permission.
22 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
23 * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
24 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
25 * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
26 * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
27 * INCIDENTAL, SPECIAL, EXEMPLARY OR CONSEQUENTIAL DAMAGES (INCLUDING,
28 * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
29 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
30 * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
31 * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
32 * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
36 #include <openssl/rsa.h> /* public/private key functions */
37 #include <openssl/pem.h> /* public/private key file load */
38 #include <openssl/err.h>
39 #include <openssl/evp.h> /* aes_256_cbc functions */
41 /***************************************************************************
43 ***************************************************************************
45 * The initial public-key exchange is implementing by transmitting a
46 * 512-byte buffer to the other side in a symmetrical fashion. This
47 * buffer contains the following:
49 * (1) A random session key. 512 bits is specified. We use aes_256_cbc()
50 * and initialize the key with the first 256 bits and the iv[] with
51 * the second. Note that the transmitted and received session
52 * keys are XOR'd together to create the session key used for
53 * communications (so even if the verifier is compromised the session
54 * will still be gobbly gook if the public key has not been completely
57 * (2) A verifier to determine that the decode was successful. It encodes
58 * an XOR of each group of 4 bytes from the session key.
60 * (3) Additional configuration and additional random data.
62 * - The hammer2 message header magic for endian detect
64 * - The hammer2 protocol version. The two sides agree on the
67 * - All unused fields (junk*) are filled with random data.
69 * This structure must be exactly 512 bytes and expects to use 256-byte
72 struct hammer2_handshake {
73 char pad1[8]; /* 000 */
74 uint16_t magic; /* 008 HAMMER2_MSGHDR_MAGIC for endian detect */
75 uint16_t version; /* 00A hammer2 protocol version */
76 uint32_t flags; /* 00C protocol extension flags */
77 uint8_t sess[64]; /* 010 512-bit session key */
78 uint8_t verf[16]; /* 050 verifier = ~sess */
79 char quickmsg[32]; /* 060 reason for connecting */
80 char junk080[128]; /* 080-0FF */
81 char pad2[8]; /* 100-107 */
82 char junk100[256-8]; /* 108-1FF */
85 typedef struct hammer2_handshake hammer2_handshake_t;
88 * NOTE: HAMMER2_MSG_ALIGN (64) must be a multiple of HAMMER2_AES_KEY_SIZE.
90 #define HAMMER2_AES_KEY_SIZE 32
91 #define HAMMER2_AES_KEY_MASK (HAMMER2_AES_KEY_SIZE - 1)
92 #define HAMMER2_AES_TYPE aes_256_cbc
93 #define HAMMER2_AES_TYPE_EVP EVP_aes_256_cbc()
94 #define HAMMER2_AES_TYPE_STR #HAMMER2_AES_TYPE
95 #define HAMMER2_CRYPTO_IV_SIZE 12
96 #define HAMMER2_CRYPTO_IV_FIXED_SIZE 4
97 #define HAMMER2_CRYPTO_CHUNK_SIZE 64
98 #define HAMMER2_CRYPTO_TAG_SIZE 16
100 /***************************************************************************
101 * LOW LEVEL MESSAGING *
102 ***************************************************************************
104 * hammer2_msg - A standalone copy of a message, typically referenced by
105 * or embedded in other structures, or used with I/O queues.
107 * These structures are strictly temporary, so they do not have to be
108 * particularly optimized for size. All possible message headers are
109 * directly embedded (any), and the message may contain a reference
110 * to allocated auxillary data. The structure is recycled quite often
113 * This structure is typically not used for storing persistent message
114 * state (see hammer2_persist for that).
116 struct hammer2_iocom;
117 struct hammer2_persist;
118 struct hammer2_state;
119 struct hammer2_address;
122 TAILQ_HEAD(hammer2_state_queue, hammer2_state);
123 TAILQ_HEAD(hammer2_msg_queue, hammer2_msg);
124 TAILQ_HEAD(hammer2_address_queue, hammer2_address);
125 RB_HEAD(hammer2_state_tree, hammer2_state);
128 struct h2span_connect;
130 struct hammer2_state {
131 RB_ENTRY(hammer2_state) rbnode; /* indexed by msgid */
132 TAILQ_ENTRY(hammer2_state) source_entry;/* if routed */
133 TAILQ_ENTRY(hammer2_state) target_entry;/* if routed */
134 struct hammer2_iocom *iocom;
135 struct hammer2_address_t *source_addr; /* if routed */
136 struct hammer2_address_t *target_addr; /* if routed */
137 uint32_t txcmd; /* mostly for CMDF flags */
138 uint32_t rxcmd; /* mostly for CMDF flags */
139 uint64_t spanid; /* routing id */
140 uint64_t msgid; /* {spanid,msgid} uniq */
143 struct hammer2_msg *msg;
144 void (*func)(struct hammer2_msg *);
147 struct h2span_link *link;
148 struct h2span_connect *conn;
149 struct h2span_relay *relay;
153 struct hammer2_address {
154 TAILQ_ENTRY(hammer2_address) entry; /* on-iocom */
155 struct hammer2_iocom *iocom; /* related iocom */
156 struct hammer2_state_queue sourceq; /* states on source queue */
157 struct hammer2_state_queue targetq; /* states on target queue */
161 #define HAMMER2_STATE_INSERTED 0x0001
162 #define HAMMER2_STATE_DYNAMIC 0x0002
163 #define HAMMER2_STATE_NODEID 0x0004 /* manages a node id */
166 TAILQ_ENTRY(hammer2_msg) qentry;
167 struct hammer2_router *router;
168 struct hammer2_state *state;
172 hammer2_msg_any_t any;
175 typedef struct hammer2_state hammer2_state_t;
176 typedef struct hammer2_address hammer2_address_t;
177 typedef struct hammer2_msg hammer2_msg_t;
178 typedef struct hammer2_msg_queue hammer2_msg_queue_t;
180 int hammer2_state_cmp(hammer2_state_t *state1, hammer2_state_t *state2);
181 RB_PROTOTYPE(hammer2_state_tree, hammer2_state, rbnode, hammer2_state_cmp);
184 * hammer2_ioq - An embedded component of hammer2_connect, holds state
185 * for the buffering and parsing of incoming and outgoing messages.
187 * cdx - beg - processed buffer data, encrypted or decrypted
188 * end - cdn - unprocessed buffer data not yet encrypted or decrypted
191 enum { HAMMER2_MSGQ_STATE_HEADER1,
192 HAMMER2_MSGQ_STATE_HEADER2,
193 HAMMER2_MSGQ_STATE_AUXDATA1,
194 HAMMER2_MSGQ_STATE_AUXDATA2,
195 HAMMER2_MSGQ_STATE_ERROR } state;
196 size_t fifo_beg; /* buffered data */
197 size_t fifo_cdx; /* cdx-beg processed */
198 size_t fifo_cdn; /* end-cdn unprocessed */
200 size_t hbytes; /* header size */
201 size_t abytes; /* aux_data size */
203 int seq; /* salt sequencer */
206 char iv[HAMMER2_AES_KEY_SIZE]; /* encrypt or decrypt iv[] */
208 hammer2_msg_queue_t msgq;
209 char buf[HAMMER2_MSGBUF_SIZE]; /* staging buffer */
212 typedef struct hammer2_ioq hammer2_ioq_t;
214 #define HAMMER2_IOQ_ERROR_SYNC 1 /* bad magic / out of sync */
215 #define HAMMER2_IOQ_ERROR_EOF 2 /* unexpected EOF */
216 #define HAMMER2_IOQ_ERROR_SOCK 3 /* read() error on socket */
217 #define HAMMER2_IOQ_ERROR_FIELD 4 /* invalid field */
218 #define HAMMER2_IOQ_ERROR_HCRC 5 /* core header crc bad */
219 #define HAMMER2_IOQ_ERROR_XCRC 6 /* ext header crc bad */
220 #define HAMMER2_IOQ_ERROR_ACRC 7 /* aux data crc bad */
221 #define HAMMER2_IOQ_ERROR_STATE 8 /* bad state */
222 #define HAMMER2_IOQ_ERROR_NOPEER 9 /* bad socket peer */
223 #define HAMMER2_IOQ_ERROR_NORKEY 10 /* no remote keyfile found */
224 #define HAMMER2_IOQ_ERROR_NOLKEY 11 /* no local keyfile found */
225 #define HAMMER2_IOQ_ERROR_KEYXCHGFAIL 12 /* key exchange failed */
226 #define HAMMER2_IOQ_ERROR_KEYFMT 13 /* key file format problem */
227 #define HAMMER2_IOQ_ERROR_BADURANDOM 14 /* /dev/urandom is bad */
228 #define HAMMER2_IOQ_ERROR_MSGSEQ 15 /* message sequence error */
229 #define HAMMER2_IOQ_ERROR_EALREADY 16 /* ignore this message */
230 #define HAMMER2_IOQ_ERROR_TRANS 17 /* state transaction issue */
232 #define HAMMER2_IOQ_MAXIOVEC 16
235 * hammer2_router - governs the routing of a message. Passed into
238 * The router is either connected to an iocom (socket) directly, or
239 * connected to a SPAN transaction (h2span_link structure).
241 struct hammer2_router {
242 struct hammer2_iocom *iocom;
243 struct h2span_link *link; /* non-NULL if indirect */
244 void (*signal_callback)(struct hammer2_router *);
245 void (*rcvmsg_callback)(struct hammer2_msg *);
246 void (*altmsg_callback)(struct hammer2_iocom *);
247 struct hammer2_state_tree staterd_tree; /* active messages */
248 struct hammer2_state_tree statewr_tree; /* active messages */
249 hammer2_msg_queue_t txmsgq; /* tx msgq from remote */
250 int refs; /* refs prevent destruction */
253 typedef struct hammer2_router hammer2_router_t;
256 * hammer2_iocom - governs a messaging stream connection
258 struct hammer2_iocom {
259 hammer2_ioq_t ioq_rx;
260 hammer2_ioq_t ioq_tx;
261 hammer2_msg_queue_t freeq; /* free msgs hdr only */
262 hammer2_msg_queue_t freeq_aux; /* free msgs w/aux_data */
263 struct hammer2_address_queue addrq; /* source/target addrs */
264 int sock_fd; /* comm socket or pipe */
265 int alt_fd; /* thread signal, tty, etc */
266 int wakeupfds[2]; /* pipe wakes up iocom thread */
270 char sess[HAMMER2_AES_KEY_SIZE]; /* aes_256_cbc key */
271 struct hammer2_router router;
272 pthread_mutex_t mtx; /* mutex for state*tree/rmsgq */
275 typedef struct hammer2_iocom hammer2_iocom_t;
277 #define HAMMER2_IOCOMF_EOF 0x00000001 /* EOF or ERROR on desc */
278 #define HAMMER2_IOCOMF_RREQ 0x00000002 /* request read-data event */
279 #define HAMMER2_IOCOMF_WREQ 0x00000004 /* request write-avail event */
280 #define HAMMER2_IOCOMF_RWORK 0x00000008 /* immediate work pending */
281 #define HAMMER2_IOCOMF_WWORK 0x00000010 /* immediate work pending */
282 #define HAMMER2_IOCOMF_PWORK 0x00000020 /* immediate work pending */
283 #define HAMMER2_IOCOMF_ARWORK 0x00000040 /* immediate work pending */
284 #define HAMMER2_IOCOMF_AWWORK 0x00000080 /* immediate work pending */
285 #define HAMMER2_IOCOMF_SWORK 0x00000100 /* immediate work pending */
286 #define HAMMER2_IOCOMF_CRYPTED 0x00000200 /* encrypt enabled */