2 * Copyright (c) 2020 Doc.ai and/or its affiliates.
3 * Copyright (c) 2015-2020 Jason A. Donenfeld <Jason@zx2c4.com>.
4 * Copyright (c) 2019-2020 Matt Dunwoodie <ncon@noconroy.net>.
5 * Licensed under the Apache License, Version 2.0 (the "License");
6 * you may not use this file except in compliance with the License.
7 * You may obtain a copy of the License at:
9 * http://www.apache.org/licenses/LICENSE-2.0
11 * Unless required by applicable law or agreed to in writing, software
12 * distributed under the License is distributed on an "AS IS" BASIS,
13 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 * See the License for the specific language governing permissions and
15 * limitations under the License.
19 #include <openssl/rand.h>
20 #include <vlib/vlib.h>
22 #include <wireguard/wireguard_cookie.h>
23 #include <wireguard/wireguard_chachapoly.h>
24 #include <wireguard/wireguard.h>
26 static void cookie_precompute_key (uint8_t *,
27 const uint8_t[COOKIE_INPUT_SIZE],
29 static void cookie_macs_mac1 (message_macs_t *, const void *, size_t,
30 const uint8_t[COOKIE_KEY_SIZE]);
31 static void cookie_macs_mac2 (message_macs_t *, const void *, size_t,
32 const uint8_t[COOKIE_COOKIE_SIZE]);
33 static void cookie_checker_make_cookie (vlib_main_t *vm, cookie_checker_t *,
34 uint8_t[COOKIE_COOKIE_SIZE],
35 ip46_address_t *ip, u16 udp_port);
37 /* Public Functions */
39 cookie_maker_init (cookie_maker_t * cp, const uint8_t key[COOKIE_INPUT_SIZE])
41 clib_memset (cp, 0, sizeof (*cp));
42 cookie_precompute_key (cp->cp_mac1_key, key, COOKIE_MAC1_KEY_LABEL);
43 cookie_precompute_key (cp->cp_cookie_key, key, COOKIE_COOKIE_KEY_LABEL);
47 cookie_checker_update (cookie_checker_t * cc, uint8_t key[COOKIE_INPUT_SIZE])
51 cookie_precompute_key (cc->cc_mac1_key, key, COOKIE_MAC1_KEY_LABEL);
52 cookie_precompute_key (cc->cc_cookie_key, key, COOKIE_COOKIE_KEY_LABEL);
56 clib_memset (cc->cc_mac1_key, 0, sizeof (cc->cc_mac1_key));
57 clib_memset (cc->cc_cookie_key, 0, sizeof (cc->cc_cookie_key));
62 cookie_maker_consume_payload (vlib_main_t *vm, cookie_maker_t *cp,
63 uint8_t nonce[COOKIE_NONCE_SIZE],
64 uint8_t ecookie[COOKIE_ENCRYPTED_SIZE])
66 uint8_t cookie[COOKIE_COOKIE_SIZE];
68 if (cp->cp_mac1_valid == 0)
73 if (!wg_xchacha20poly1305_decrypt (vm, ecookie, COOKIE_ENCRYPTED_SIZE,
74 cookie, cp->cp_mac1_last, COOKIE_MAC_SIZE,
75 nonce, cp->cp_cookie_key))
80 clib_memcpy (cp->cp_cookie, cookie, COOKIE_COOKIE_SIZE);
81 cp->cp_birthdate = vlib_time_now (vm);
82 cp->cp_mac1_valid = 0;
88 cookie_maker_mac (cookie_maker_t * cp, message_macs_t * cm, void *buf,
91 len = len - sizeof (message_macs_t);
92 cookie_macs_mac1 (cm, buf, len, cp->cp_mac1_key);
94 clib_memcpy (cp->cp_mac1_last, cm->mac1, COOKIE_MAC_SIZE);
95 cp->cp_mac1_valid = 1;
97 if (!wg_birthdate_has_expired (cp->cp_birthdate,
98 COOKIE_SECRET_MAX_AGE -
99 COOKIE_SECRET_LATENCY))
100 cookie_macs_mac2 (cm, buf, len, cp->cp_cookie);
102 clib_memset (cm->mac2, 0, COOKIE_MAC_SIZE);
105 enum cookie_mac_state
106 cookie_checker_validate_macs (vlib_main_t *vm, cookie_checker_t *cc,
107 message_macs_t *cm, void *buf, size_t len,
108 bool busy, ip46_address_t *ip, u16 udp_port)
110 message_macs_t our_cm;
111 uint8_t cookie[COOKIE_COOKIE_SIZE];
113 len = len - sizeof (message_macs_t);
114 cookie_macs_mac1 (&our_cm, buf, len, cc->cc_mac1_key);
116 /* If mac1 is invalid, we want to drop the packet */
117 if (clib_memcmp (our_cm.mac1, cm->mac1, COOKIE_MAC_SIZE) != 0)
121 return VALID_MAC_BUT_NO_COOKIE;
123 cookie_checker_make_cookie (vm, cc, cookie, ip, udp_port);
124 cookie_macs_mac2 (&our_cm, buf, len, cookie);
126 /* If the mac2 is invalid, we want to send a cookie response */
127 if (clib_memcmp (our_cm.mac2, cm->mac2, COOKIE_MAC_SIZE) != 0)
128 return VALID_MAC_BUT_NO_COOKIE;
130 return VALID_MAC_WITH_COOKIE;
133 /* Private functions */
135 cookie_precompute_key (uint8_t * key, const uint8_t input[COOKIE_INPUT_SIZE],
138 blake2s_state_t blake;
140 blake2s_init (&blake, COOKIE_KEY_SIZE);
141 blake2s_update (&blake, (const uint8_t *) label, strlen (label));
142 blake2s_update (&blake, input, COOKIE_INPUT_SIZE);
143 blake2s_final (&blake, key, COOKIE_KEY_SIZE);
147 cookie_macs_mac1 (message_macs_t * cm, const void *buf, size_t len,
148 const uint8_t key[COOKIE_KEY_SIZE])
150 blake2s_state_t state;
151 blake2s_init_key (&state, COOKIE_MAC_SIZE, key, COOKIE_KEY_SIZE);
152 blake2s_update (&state, buf, len);
153 blake2s_final (&state, cm->mac1, COOKIE_MAC_SIZE);
158 cookie_macs_mac2 (message_macs_t * cm, const void *buf, size_t len,
159 const uint8_t key[COOKIE_COOKIE_SIZE])
161 blake2s_state_t state;
162 blake2s_init_key (&state, COOKIE_MAC_SIZE, key, COOKIE_COOKIE_SIZE);
163 blake2s_update (&state, buf, len);
164 blake2s_update (&state, cm->mac1, COOKIE_MAC_SIZE);
165 blake2s_final (&state, cm->mac2, COOKIE_MAC_SIZE);
169 cookie_checker_make_cookie (vlib_main_t *vm, cookie_checker_t *cc,
170 uint8_t cookie[COOKIE_COOKIE_SIZE],
171 ip46_address_t *ip, u16 udp_port)
173 blake2s_state_t state;
175 if (wg_birthdate_has_expired (cc->cc_secret_birthdate,
176 COOKIE_SECRET_MAX_AGE))
178 cc->cc_secret_birthdate = vlib_time_now (vm);
179 RAND_bytes (cc->cc_secret, COOKIE_SECRET_SIZE);
182 blake2s_init_key (&state, COOKIE_COOKIE_SIZE, cc->cc_secret,
185 if (ip46_address_is_ip4 (ip))
187 blake2s_update (&state, ip->ip4.as_u8, sizeof (ip4_address_t));
191 blake2s_update (&state, ip->ip6.as_u8, sizeof (ip6_address_t));
193 blake2s_update (&state, (u8 *) & udp_port, sizeof (u16));
194 blake2s_final (&state, cookie, COOKIE_COOKIE_SIZE);
198 * fd.io coding-style-patch-verification: ON
201 * eval: (c-set-style "gnu")
Code Review / vpp.git / blob