1 | /* SPDX-License-Identifier: GPL-2.0 */ |
2 | /* |
3 | * Copyright (C) 2015-2019 Jason A. Donenfeld <Jason@zx2c4.com>. All Rights Reserved. |
4 | */ |
5 | |
6 | #ifndef _WG_MESSAGES_H |
7 | #define _WG_MESSAGES_H |
8 | |
9 | #include <crypto/curve25519.h> |
10 | #include <crypto/chacha20poly1305.h> |
11 | #include <crypto/blake2s.h> |
12 | |
13 | #include <linux/kernel.h> |
14 | #include <linux/param.h> |
15 | #include <linux/skbuff.h> |
16 | |
17 | enum noise_lengths { |
18 | NOISE_PUBLIC_KEY_LEN = CURVE25519_KEY_SIZE, |
19 | NOISE_SYMMETRIC_KEY_LEN = CHACHA20POLY1305_KEY_SIZE, |
20 | NOISE_TIMESTAMP_LEN = sizeof(u64) + sizeof(u32), |
21 | NOISE_AUTHTAG_LEN = CHACHA20POLY1305_AUTHTAG_SIZE, |
22 | NOISE_HASH_LEN = BLAKE2S_HASH_SIZE |
23 | }; |
24 | |
25 | #define noise_encrypted_len(plain_len) ((plain_len) + NOISE_AUTHTAG_LEN) |
26 | |
27 | enum cookie_values { |
28 | COOKIE_SECRET_MAX_AGE = 2 * 60, |
29 | COOKIE_SECRET_LATENCY = 5, |
30 | COOKIE_NONCE_LEN = XCHACHA20POLY1305_NONCE_SIZE, |
31 | COOKIE_LEN = 16 |
32 | }; |
33 | |
34 | enum counter_values { |
35 | COUNTER_BITS_TOTAL = 8192, |
36 | COUNTER_REDUNDANT_BITS = BITS_PER_LONG, |
37 | COUNTER_WINDOW_SIZE = COUNTER_BITS_TOTAL - COUNTER_REDUNDANT_BITS |
38 | }; |
39 | |
40 | enum limits { |
41 | REKEY_AFTER_MESSAGES = 1ULL << 60, |
42 | REJECT_AFTER_MESSAGES = U64_MAX - COUNTER_WINDOW_SIZE - 1, |
43 | REKEY_TIMEOUT = 5, |
44 | REKEY_TIMEOUT_JITTER_MAX_JIFFIES = HZ / 3, |
45 | REKEY_AFTER_TIME = 120, |
46 | REJECT_AFTER_TIME = 180, |
47 | INITIATIONS_PER_SECOND = 50, |
48 | MAX_PEERS_PER_DEVICE = 1U << 20, |
49 | KEEPALIVE_TIMEOUT = 10, |
50 | MAX_TIMER_HANDSHAKES = 90 / REKEY_TIMEOUT, |
51 | MAX_QUEUED_INCOMING_HANDSHAKES = 4096, /* TODO: replace this with DQL */ |
52 | MAX_STAGED_PACKETS = 128, |
53 | MAX_QUEUED_PACKETS = 1024 /* TODO: replace this with DQL */ |
54 | }; |
55 | |
56 | enum message_type { |
57 | MESSAGE_INVALID = 0, |
58 | MESSAGE_HANDSHAKE_INITIATION = 1, |
59 | MESSAGE_HANDSHAKE_RESPONSE = 2, |
60 | MESSAGE_HANDSHAKE_COOKIE = 3, |
61 | MESSAGE_DATA = 4 |
62 | }; |
63 | |
64 | struct { |
65 | /* The actual layout of this that we want is: |
66 | * u8 type |
67 | * u8 reserved_zero[3] |
68 | * |
69 | * But it turns out that by encoding this as little endian, |
70 | * we achieve the same thing, and it makes checking faster. |
71 | */ |
72 | __le32 ; |
73 | }; |
74 | |
75 | struct message_macs { |
76 | u8 mac1[COOKIE_LEN]; |
77 | u8 mac2[COOKIE_LEN]; |
78 | }; |
79 | |
80 | struct message_handshake_initiation { |
81 | struct message_header header; |
82 | __le32 sender_index; |
83 | u8 unencrypted_ephemeral[NOISE_PUBLIC_KEY_LEN]; |
84 | u8 encrypted_static[noise_encrypted_len(NOISE_PUBLIC_KEY_LEN)]; |
85 | u8 encrypted_timestamp[noise_encrypted_len(NOISE_TIMESTAMP_LEN)]; |
86 | struct message_macs macs; |
87 | }; |
88 | |
89 | struct message_handshake_response { |
90 | struct message_header header; |
91 | __le32 sender_index; |
92 | __le32 receiver_index; |
93 | u8 unencrypted_ephemeral[NOISE_PUBLIC_KEY_LEN]; |
94 | u8 encrypted_nothing[noise_encrypted_len(0)]; |
95 | struct message_macs macs; |
96 | }; |
97 | |
98 | struct message_handshake_cookie { |
99 | struct message_header header; |
100 | __le32 receiver_index; |
101 | u8 nonce[COOKIE_NONCE_LEN]; |
102 | u8 encrypted_cookie[noise_encrypted_len(COOKIE_LEN)]; |
103 | }; |
104 | |
105 | struct message_data { |
106 | struct message_header ; |
107 | __le32 key_idx; |
108 | __le64 counter; |
109 | u8 encrypted_data[]; |
110 | }; |
111 | |
112 | #define message_data_len(plain_len) \ |
113 | (noise_encrypted_len(plain_len) + sizeof(struct message_data)) |
114 | |
115 | enum message_alignments { |
116 | MESSAGE_PADDING_MULTIPLE = 16, |
117 | MESSAGE_MINIMUM_LENGTH = message_data_len(0) |
118 | }; |
119 | |
120 | #define \ |
121 | (max(sizeof(struct iphdr), sizeof(struct ipv6hdr)) + \ |
122 | sizeof(struct udphdr) + NET_SKB_PAD) |
123 | #define DATA_PACKET_HEAD_ROOM \ |
124 | ALIGN(sizeof(struct message_data) + SKB_HEADER_LEN, 4) |
125 | |
126 | enum { HANDSHAKE_DSCP = 0x88 /* AF41, plus 00 ECN */ }; |
127 | |
128 | #endif /* _WG_MESSAGES_H */ |
129 | |