FD.io VPP  v20.09-64-g4f7b92f0a
Vector Packet Processing
wireguard_cookie.c
Go to the documentation of this file.
1 /*
2  * Copyright (c) 2020 Doc.ai and/or its affiliates.
3  * Copyright (c) 2015-2020 Jason A. Donenfeld <Jason@zx2c4.com>.
4  * Copyright (c) 2019-2020 Matt Dunwoodie <ncon@noconroy.net>.
5  * Licensed under the Apache License, Version 2.0 (the "License");
6  * you may not use this file except in compliance with the License.
7  * You may obtain a copy of the License at:
8  *
9  * http://www.apache.org/licenses/LICENSE-2.0
10  *
11  * Unless required by applicable law or agreed to in writing, software
12  * distributed under the License is distributed on an "AS IS" BASIS,
13  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14  * See the License for the specific language governing permissions and
15  * limitations under the License.
16  */
17 
18 #include <stddef.h>
19 #include <openssl/rand.h>
20 #include <vlib/vlib.h>
21 
23 #include <wireguard/wireguard.h>
24 
25 static void cookie_precompute_key (uint8_t *,
26  const uint8_t[COOKIE_INPUT_SIZE],
27  const char *);
28 static void cookie_macs_mac1 (message_macs_t *, const void *, size_t,
29  const uint8_t[COOKIE_KEY_SIZE]);
30 static void cookie_macs_mac2 (message_macs_t *, const void *, size_t,
31  const uint8_t[COOKIE_COOKIE_SIZE]);
33  uint8_t[COOKIE_COOKIE_SIZE],
34  ip4_address_t ip4, u16 udp_port);
35 
36 /* Public Functions */
37 void
39 {
40  clib_memset (cp, 0, sizeof (*cp));
43 }
44 
45 void
47 {
48  if (key)
49  {
52  }
53  else
54  {
55  clib_memset (cc->cc_mac1_key, 0, sizeof (cc->cc_mac1_key));
56  clib_memset (cc->cc_cookie_key, 0, sizeof (cc->cc_cookie_key));
57  }
58 }
59 
60 void
62  size_t len)
63 {
64  len = len - sizeof (message_macs_t);
65  cookie_macs_mac1 (cm, buf, len, cp->cp_mac1_key);
66 
68  cp->cp_mac1_valid = 1;
69 
73  cookie_macs_mac2 (cm, buf, len, cp->cp_cookie);
74  else
76 }
77 
80  message_macs_t * cm, void *buf, size_t len,
81  bool busy, ip4_address_t ip4, u16 udp_port)
82 {
83  message_macs_t our_cm;
84  uint8_t cookie[COOKIE_COOKIE_SIZE];
85 
86  len = len - sizeof (message_macs_t);
87  cookie_macs_mac1 (&our_cm, buf, len, cc->cc_mac1_key);
88 
89  /* If mac1 is invalid, we want to drop the packet */
90  if (clib_memcmp (our_cm.mac1, cm->mac1, COOKIE_MAC_SIZE) != 0)
91  return INVALID_MAC;
92 
93  if (!busy)
95 
96  cookie_checker_make_cookie (vm, cc, cookie, ip4, udp_port);
97  cookie_macs_mac2 (&our_cm, buf, len, cookie);
98 
99  /* If the mac2 is invalid, we want to send a cookie response */
100  if (clib_memcmp (our_cm.mac2, cm->mac2, COOKIE_MAC_SIZE) != 0)
102 
103  return VALID_MAC_WITH_COOKIE;
104 }
105 
106 /* Private functions */
107 static void
108 cookie_precompute_key (uint8_t * key, const uint8_t input[COOKIE_INPUT_SIZE],
109  const char *label)
110 {
111  blake2s_state_t blake;
112 
113  blake2s_init (&blake, COOKIE_KEY_SIZE);
114  blake2s_update (&blake, (const uint8_t *) label, strlen (label));
115  blake2s_update (&blake, input, COOKIE_INPUT_SIZE);
116  blake2s_final (&blake, key, COOKIE_KEY_SIZE);
117 }
118 
119 static void
120 cookie_macs_mac1 (message_macs_t * cm, const void *buf, size_t len,
121  const uint8_t key[COOKIE_KEY_SIZE])
122 {
124  blake2s_init_key (&state, COOKIE_MAC_SIZE, key, COOKIE_KEY_SIZE);
125  blake2s_update (&state, buf, len);
126  blake2s_final (&state, cm->mac1, COOKIE_MAC_SIZE);
127 
128 }
129 
130 static void
131 cookie_macs_mac2 (message_macs_t * cm, const void *buf, size_t len,
132  const uint8_t key[COOKIE_COOKIE_SIZE])
133 {
135  blake2s_init_key (&state, COOKIE_MAC_SIZE, key, COOKIE_COOKIE_SIZE);
136  blake2s_update (&state, buf, len);
137  blake2s_update (&state, cm->mac1, COOKIE_MAC_SIZE);
138  blake2s_final (&state, cm->mac2, COOKIE_MAC_SIZE);
139 }
140 
141 static void
143  uint8_t cookie[COOKIE_COOKIE_SIZE],
144  ip4_address_t ip4, u16 udp_port)
145 {
147 
150  {
152  RAND_bytes (cc->cc_secret, COOKIE_SECRET_SIZE);
153  }
154 
155  blake2s_init_key (&state, COOKIE_COOKIE_SIZE, cc->cc_secret,
157 
158  blake2s_update (&state, ip4.as_u8, sizeof (ip4_address_t)); //TODO: IP6
159  blake2s_update (&state, (u8 *) & udp_port, sizeof (u16));
160  blake2s_final (&state, cookie, COOKIE_COOKIE_SIZE);
161 }
162 
163 /*
164  * fd.io coding-style-patch-verification: ON
165  *
166  * Local Variables:
167  * eval: (c-set-style "gnu")
168  * End:
169  */
clib_memset(h->entries, 0, sizeof(h->entries[0]) *entries)
static f64 vlib_time_now(vlib_main_t *vm)
Definition: main.h:333
uint8_t cp_mac1_last[COOKIE_MAC_SIZE]
vlib_main_t * vm
Definition: in2out_ed.c:1582
unsigned char u8
Definition: types.h:56
#define clib_memcpy(d, s, n)
Definition: string.h:180
int blake2s_init_key(blake2s_state_t *S, size_t outlen, const void *key, size_t keylen)
Definition: blake2s.c:129
vnet_crypto_main_t * cm
Definition: quic_crypto.c:53
uint8_t cp_mac1_key[COOKIE_KEY_SIZE]
uint8_t mac1[COOKIE_MAC_SIZE]
unsigned short u16
Definition: types.h:57
vl_api_ip4_address_t ip4
Definition: one.api:376
u32 label
Definition: fib_types.api:25
u8 len
Definition: ip_types.api:92
static bool wg_birthdate_has_expired(f64 birthday_seconds, f64 expiration_seconds)
#define clib_memcmp(s1, s2, m1)
Definition: string.h:720
uint8_t mac2[COOKIE_MAC_SIZE]
uint8_t cc_cookie_key[COOKIE_KEY_SIZE]
typedef key
Definition: ipsec_types.api:85
uint8_t cp_cookie[COOKIE_COOKIE_SIZE]
int blake2s_final(blake2s_state_t *S, void *out, size_t outlen)
Definition: blake2s.c:267
int blake2s_update(blake2s_state_t *S, const void *pin, size_t inlen)
Definition: blake2s.c:237
vl_api_dhcp_client_state_t state
Definition: dhcp.api:201
int blake2s_init(blake2s_state_t *S, size_t outlen)
Definition: blake2s.c:105
uint8_t cp_cookie_key[COOKIE_KEY_SIZE]
uint8_t cc_mac1_key[COOKIE_KEY_SIZE]
uint8_t cc_secret[COOKIE_SECRET_SIZE]