| 1 | /* SPDX-License-Identifier: GPL-2.0 */ |
|---|
| 2 | /* |
|---|
| 3 | * Copyright (C) 2015-2019 Jason A. Donenfeld <Jason@zx2c4.com>. All Rights Reserved. |
|---|
| 4 | */ |
|---|
| 5 | #ifndef _WG_NOISE_H |
|---|
| 6 | #define _WG_NOISE_H |
|---|
| 7 | |
|---|
| 8 | #include "messages.h" |
|---|
| 9 | #include "peerlookup.h" |
|---|
| 10 | |
|---|
| 11 | #include <linux/types.h> |
|---|
| 12 | #include <linux/spinlock.h> |
|---|
| 13 | #include <linux/atomic.h> |
|---|
| 14 | #include <linux/rwsem.h> |
|---|
| 15 | #include <linux/mutex.h> |
|---|
| 16 | #include <linux/kref.h> |
|---|
| 17 | |
|---|
| 18 | struct noise_replay_counter { |
|---|
| 19 | u64 counter; |
|---|
| 20 | spinlock_t lock; |
|---|
| 21 | unsigned long backtrack[COUNTER_BITS_TOTAL / BITS_PER_LONG]; |
|---|
| 22 | }; |
|---|
| 23 | |
|---|
| 24 | struct noise_symmetric_key { |
|---|
| 25 | u8 key[NOISE_SYMMETRIC_KEY_LEN]; |
|---|
| 26 | u64 birthdate; |
|---|
| 27 | bool is_valid; |
|---|
| 28 | }; |
|---|
| 29 | |
|---|
| 30 | struct noise_keypair { |
|---|
| 31 | struct index_hashtable_entry entry; |
|---|
| 32 | struct noise_symmetric_key sending; |
|---|
| 33 | atomic64_t sending_counter; |
|---|
| 34 | struct noise_symmetric_key receiving; |
|---|
| 35 | struct noise_replay_counter receiving_counter; |
|---|
| 36 | __le32 remote_index; |
|---|
| 37 | bool i_am_the_initiator; |
|---|
| 38 | struct kref refcount; |
|---|
| 39 | struct rcu_head rcu; |
|---|
| 40 | u64 internal_id; |
|---|
| 41 | }; |
|---|
| 42 | |
|---|
| 43 | struct noise_keypairs { |
|---|
| 44 | struct noise_keypair __rcu *current_keypair; |
|---|
| 45 | struct noise_keypair __rcu *previous_keypair; |
|---|
| 46 | struct noise_keypair __rcu *next_keypair; |
|---|
| 47 | spinlock_t keypair_update_lock; |
|---|
| 48 | }; |
|---|
| 49 | |
|---|
| 50 | struct noise_static_identity { |
|---|
| 51 | u8 static_public[NOISE_PUBLIC_KEY_LEN]; |
|---|
| 52 | u8 static_private[NOISE_PUBLIC_KEY_LEN]; |
|---|
| 53 | struct rw_semaphore lock; |
|---|
| 54 | bool has_identity; |
|---|
| 55 | }; |
|---|
| 56 | |
|---|
| 57 | enum noise_handshake_state { |
|---|
| 58 | HANDSHAKE_ZEROED, |
|---|
| 59 | HANDSHAKE_CREATED_INITIATION, |
|---|
| 60 | HANDSHAKE_CONSUMED_INITIATION, |
|---|
| 61 | HANDSHAKE_CREATED_RESPONSE, |
|---|
| 62 | HANDSHAKE_CONSUMED_RESPONSE |
|---|
| 63 | }; |
|---|
| 64 | |
|---|
| 65 | struct noise_handshake { |
|---|
| 66 | struct index_hashtable_entry entry; |
|---|
| 67 | |
|---|
| 68 | enum noise_handshake_state state; |
|---|
| 69 | u64 last_initiation_consumption; |
|---|
| 70 | |
|---|
| 71 | struct noise_static_identity *static_identity; |
|---|
| 72 | |
|---|
| 73 | u8 ephemeral_private[NOISE_PUBLIC_KEY_LEN]; |
|---|
| 74 | u8 remote_static[NOISE_PUBLIC_KEY_LEN]; |
|---|
| 75 | u8 remote_ephemeral[NOISE_PUBLIC_KEY_LEN]; |
|---|
| 76 | u8 precomputed_static_static[NOISE_PUBLIC_KEY_LEN]; |
|---|
| 77 | |
|---|
| 78 | u8 preshared_key[NOISE_SYMMETRIC_KEY_LEN]; |
|---|
| 79 | |
|---|
| 80 | u8 hash[NOISE_HASH_LEN]; |
|---|
| 81 | u8 chaining_key[NOISE_HASH_LEN]; |
|---|
| 82 | |
|---|
| 83 | u8 latest_timestamp[NOISE_TIMESTAMP_LEN]; |
|---|
| 84 | __le32 remote_index; |
|---|
| 85 | |
|---|
| 86 | /* Protects all members except the immutable (after noise_handshake_ |
|---|
| 87 | * init): remote_static, precomputed_static_static, static_identity. |
|---|
| 88 | */ |
|---|
| 89 | struct rw_semaphore lock; |
|---|
| 90 | }; |
|---|
| 91 | |
|---|
| 92 | struct wg_device; |
|---|
| 93 | |
|---|
| 94 | void wg_noise_init(void); |
|---|
| 95 | void wg_noise_handshake_init(struct noise_handshake *handshake, |
|---|
| 96 | struct noise_static_identity *static_identity, |
|---|
| 97 | const u8 peer_public_key[NOISE_PUBLIC_KEY_LEN], |
|---|
| 98 | const u8 peer_preshared_key[NOISE_SYMMETRIC_KEY_LEN], |
|---|
| 99 | struct wg_peer *peer); |
|---|
| 100 | void wg_noise_handshake_clear(struct noise_handshake *handshake); |
|---|
| 101 | static inline void wg_noise_reset_last_sent_handshake(atomic64_t *handshake_ns) |
|---|
| 102 | { |
|---|
| 103 | atomic64_set(v: handshake_ns, i: ktime_get_coarse_boottime_ns() - |
|---|
| 104 | (u64)(REKEY_TIMEOUT + 1) * NSEC_PER_SEC); |
|---|
| 105 | } |
|---|
| 106 | |
|---|
| 107 | void wg_noise_keypair_put(struct noise_keypair *keypair, bool unreference_now); |
|---|
| 108 | struct noise_keypair *wg_noise_keypair_get(struct noise_keypair *keypair); |
|---|
| 109 | void wg_noise_keypairs_clear(struct noise_keypairs *keypairs); |
|---|
| 110 | bool wg_noise_received_with_keypair(struct noise_keypairs *keypairs, |
|---|
| 111 | struct noise_keypair *received_keypair); |
|---|
| 112 | void wg_noise_expire_current_peer_keypairs(struct wg_peer *peer); |
|---|
| 113 | |
|---|
| 114 | void wg_noise_set_static_identity_private_key( |
|---|
| 115 | struct noise_static_identity *static_identity, |
|---|
| 116 | const u8 private_key[NOISE_PUBLIC_KEY_LEN]); |
|---|
| 117 | void wg_noise_precompute_static_static(struct wg_peer *peer); |
|---|
| 118 | |
|---|
| 119 | bool |
|---|
| 120 | wg_noise_handshake_create_initiation(struct message_handshake_initiation *dst, |
|---|
| 121 | struct noise_handshake *handshake); |
|---|
| 122 | struct wg_peer * |
|---|
| 123 | wg_noise_handshake_consume_initiation(struct message_handshake_initiation *src, |
|---|
| 124 | struct wg_device *wg); |
|---|
| 125 | |
|---|
| 126 | bool wg_noise_handshake_create_response(struct message_handshake_response *dst, |
|---|
| 127 | struct noise_handshake *handshake); |
|---|
| 128 | struct wg_peer * |
|---|
| 129 | wg_noise_handshake_consume_response(struct message_handshake_response *src, |
|---|
| 130 | struct wg_device *wg); |
|---|
| 131 | |
|---|
| 132 | bool wg_noise_handshake_begin_session(struct noise_handshake *handshake, |
|---|
| 133 | struct noise_keypairs *keypairs); |
|---|
| 134 | |
|---|
| 135 | #endif /* _WG_NOISE_H */ |
|---|
| 136 | |
|---|
