wireguard-freebsd/src/wg_cookie.h

/* SPDX-License-Identifier: ISC
 *
 * Copyright (C) 2015-2021 Jason A. Donenfeld <Jason@zx2c4.com>. All Rights Reserved.
 * Copyright (C) 2019-2021 Matt Dunwoodie <ncon@noconroy.net>
 */

#ifndef __COOKIE_H__
#define __COOKIE_H__

#include <sys/types.h>
#include <sys/time.h>
#include <sys/rwlock.h>
#include <sys/queue.h>
#include <netinet/in.h>
#include <crypto/siphash/siphash.h>
#include "crypto.h"

#define COOKIE_MAC_SIZE		16
#define COOKIE_KEY_SIZE		32
#define COOKIE_NONCE_SIZE	XCHACHA20POLY1305_NONCE_SIZE
#define COOKIE_COOKIE_SIZE	16
#define COOKIE_SECRET_SIZE	32
#define COOKIE_INPUT_SIZE	32
#define COOKIE_ENCRYPTED_SIZE	(COOKIE_COOKIE_SIZE + COOKIE_MAC_SIZE)

struct cookie_macs {
	uint8_t	mac1[COOKIE_MAC_SIZE];
	uint8_t	mac2[COOKIE_MAC_SIZE];
};

struct cookie_maker {
	uint8_t		cm_mac1_key[COOKIE_KEY_SIZE];
	uint8_t		cm_cookie_key[COOKIE_KEY_SIZE];

	struct rwlock	cm_lock;
	bool		cm_cookie_valid;
	uint8_t		cm_cookie[COOKIE_COOKIE_SIZE];
	sbintime_t	cm_cookie_birthdate;	/* sbinuptime */
	bool		cm_mac1_sent;
	uint8_t		cm_mac1_last[COOKIE_MAC_SIZE];
};

struct cookie_checker {
	struct rwlock	cc_key_lock;
	uint8_t		cc_mac1_key[COOKIE_KEY_SIZE];
	uint8_t		cc_cookie_key[COOKIE_KEY_SIZE];

	struct mtx	cc_secret_mtx;
	sbintime_t	cc_secret_birthdate;	/* sbinuptime */
	uint8_t		cc_secret[COOKIE_SECRET_SIZE];
};

int	cookie_init(void);
void	cookie_deinit(void);
void	cookie_checker_init(struct cookie_checker *);
void	cookie_checker_free(struct cookie_checker *);
void	cookie_checker_update(struct cookie_checker *,
	    const uint8_t[COOKIE_INPUT_SIZE]);
void	cookie_checker_create_payload(struct cookie_checker *,
	    struct cookie_macs *cm, uint8_t[COOKIE_NONCE_SIZE],
	    uint8_t [COOKIE_ENCRYPTED_SIZE], struct sockaddr *);
void	cookie_maker_init(struct cookie_maker *, const uint8_t[COOKIE_INPUT_SIZE]);
void	cookie_maker_free(struct cookie_maker *);
int	cookie_maker_consume_payload(struct cookie_maker *,
	    uint8_t[COOKIE_NONCE_SIZE], uint8_t[COOKIE_ENCRYPTED_SIZE]);
void	cookie_maker_mac(struct cookie_maker *, struct cookie_macs *,
	    void *, size_t);
int	cookie_checker_validate_macs(struct cookie_checker *,
	    struct cookie_macs *, void *, size_t, bool, struct sockaddr *,
	    struct vnet *);

#ifdef SELFTESTS
bool	cookie_selftest(void);
#endif /* SELFTESTS */

#endif /* __COOKIE_H__ */
Initial import There's still more to do with wiring this up properly. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com> 2021-03-17 16:34:21 +01:00			`/* SPDX-License-Identifier: ISC`
			`*`
			`* Copyright (C) 2015-2021 Jason A. Donenfeld <Jason@zx2c4.com>. All Rights Reserved.`
			`* Copyright (C) 2019-2021 Matt Dunwoodie <ncon@noconroy.net>`
			`*/`

			`#ifndef __COOKIE_H__`
			`#define __COOKIE_H__`

			`#include <sys/types.h>`
			`#include <sys/time.h>`
			`#include <sys/rwlock.h>`
			`#include <sys/queue.h>`
			`#include <netinet/in.h>`
global: move siphash helper out of support Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com> 2021-04-20 23:10:16 +02:00			`#include <crypto/siphash/siphash.h>`
Initial import There's still more to do with wiring this up properly. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com> 2021-03-17 16:34:21 +01:00			`#include "crypto.h"`

			`#define COOKIE_MAC_SIZE 16`
			`#define COOKIE_KEY_SIZE 32`
			`#define COOKIE_NONCE_SIZE XCHACHA20POLY1305_NONCE_SIZE`
			`#define COOKIE_COOKIE_SIZE 16`
			`#define COOKIE_SECRET_SIZE 32`
			`#define COOKIE_INPUT_SIZE 32`
			`#define COOKIE_ENCRYPTED_SIZE (COOKIE_COOKIE_SIZE + COOKIE_MAC_SIZE)`

			`struct cookie_macs {`
			`uint8_t mac1[COOKIE_MAC_SIZE];`
			`uint8_t mac2[COOKIE_MAC_SIZE];`
			`};`

			`struct cookie_maker {`
wg_cookie: cleanup internal code The two main changes here are: * Remove cookie_ prefix from static functions. This is a leftover from OpenBSD where they don't want static functions. * Rename cm to macs, and cp to cm. Not sure where this came from but it didn't really make much sense to leave it as is. The reset are whitespace changes. Overall there is no modification to functionality here, just appearances. Signed-off-by: Matt Dunwoodie <ncon@noconroy.net> 2021-04-23 04:00:08 +02:00			`uint8_t cm_mac1_key[COOKIE_KEY_SIZE];`
			`uint8_t cm_cookie_key[COOKIE_KEY_SIZE];`
Initial import There's still more to do with wiring this up properly. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com> 2021-03-17 16:34:21 +01:00
wg_cookie: cleanup internal code The two main changes here are: * Remove cookie_ prefix from static functions. This is a leftover from OpenBSD where they don't want static functions. * Rename cm to macs, and cp to cm. Not sure where this came from but it didn't really make much sense to leave it as is. The reset are whitespace changes. Overall there is no modification to functionality here, just appearances. Signed-off-by: Matt Dunwoodie <ncon@noconroy.net> 2021-04-23 04:00:08 +02:00			`struct rwlock cm_lock;`
			`bool cm_cookie_valid;`
			`uint8_t cm_cookie[COOKIE_COOKIE_SIZE];`
			`sbintime_t cm_cookie_birthdate; /* sbinuptime */`
			`bool cm_mac1_sent;`
			`uint8_t cm_mac1_last[COOKIE_MAC_SIZE];`
Initial import There's still more to do with wiring this up properly. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com> 2021-03-17 16:34:21 +01:00			`};`

			`struct cookie_checker {`
wg_cookie: make ratelimiter global Signed-off-by: Matt Dunwoodie <ncon@noconroy.net> 2021-04-23 03:22:59 +02:00			`struct rwlock cc_key_lock;`
			`uint8_t cc_mac1_key[COOKIE_KEY_SIZE];`
			`uint8_t cc_cookie_key[COOKIE_KEY_SIZE];`
Initial import There's still more to do with wiring this up properly. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com> 2021-03-17 16:34:21 +01:00
global: replace rwlock with mtx if never rlocked There were multiple places where a rwlock was used despite never rlocking, so just change these into mtxs. This was done with the aid of Coccinelle's spatch, using this input: #spatch -j 4 --recursive-includes --include-headers-for-types --include-headers --in-place --macro-file <seebelow.h> virtual after_start @initialize:ocaml@ @@ let has_write_table = Hashtbl.create 101 let has_read_table = Hashtbl.create 101 let ok i m = let entry = (i,m) in Hashtbl.mem has_write_table entry && not(Hashtbl.mem has_read_table entry) @hasw depends on !after_start@ identifier i,m; struct i x; @@ ( rw_wlock(&x.m) \| rw_wunlock(&x.m) ) @script:ocaml@ i << hasw.i; m << hasw.m; @@ Hashtbl.replace has_write_table (i,m) () @hasr depends on !after_start@ identifier i,m; struct i x; @@ ( rw_rlock(&x.m) \| rw_runlock(&x.m) ) @script:ocaml@ i << hasr.i; m << hasr.m; @@ Hashtbl.replace has_read_table (i,m) () @finalize:ocaml depends on !after_start@ wt << merge.has_write_table; rt << merge.has_read_table; @@ let redo ts dst = List.iter (Hashtbl.iter (fun k _ -> Hashtbl.add dst k ())) ts in redo wt has_write_table; redo rt has_read_table; let it = new iteration() in it#add_virtual_rule After_start; it#register() (* ----------------------------------------------------------- ) @depends on after_start@ identifier i; identifier m : script:ocaml(i) { ok i m }; @@ struct i { ... - struct rwlock m; + struct mtx m; ... } @depends on after_start disable fld_to_ptr@ identifier m; identifier i : script:ocaml(m) { ok i m }; struct i x; @@ - rw_wlock + mtx_lock (&x.m) @depends on after_start disable fld_to_ptr@ identifier m; identifier i : script:ocaml(m) { ok i m }; struct i x; @@ - rw_wunlock + mtx_unlock (&x.m) @depends on after_start disable fld_to_ptr@ identifier m; expression e; identifier i : script:ocaml(m) { ok i m }; struct i x; @@ - rw_init(&x.m, e); + mtx_init(&x.m, e, NULL, MTX_DEF); @depends on after_start disable fld_to_ptr@ identifier m; identifier i : script:ocaml(m) { ok i m }; struct i x; @@ - rw_destroy + mtx_destroy (&x.m) @depends on after_start disable fld_to_ptr, ptr_to_array@ identifier m; identifier i : script:ocaml(m) { ok i m }; struct i x; @@ - rw_wlock + mtx_lock (&x->m) @depends on after_start disable fld_to_ptr, ptr_to_array@ identifier m; identifier i : script:ocaml(m) { ok i m }; struct i x; @@ - rw_wunlock + mtx_unlock (&x->m) @depends on after_start disable fld_to_ptr, ptr_to_array@ identifier m; expression e; identifier i : script:ocaml(m) { ok i m }; struct i x; @@ - rw_init(&x->m, e); + mtx_init(&x->m, e, NULL, MTX_DEF); @depends on after_start disable fld_to_ptr, ptr_to_array@ identifier m; identifier i : script:ocaml(m) { ok i m }; struct i *x; @@ - rw_destroy + mtx_destroy (&x->m) A few macros needed to be provided manually for the parser to work: #define LIST_HEAD(x,y) int #define TAILQ_HEAD(x,y) int #define STAILQ_HEAD(x,y) int #define CK_LIST_HEAD(x,y) int #define CK_LIST_ENTRY(x) int #define LIST_ENTRY(x) int #define TAILQ_ENTRY(x) int #define STAILQ_ENTRY(x) int Co-authored-by: Julia Lawall <julia.lawall@inria.fr> Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com> 2021-06-05 23:15:14 +02:00			`struct mtx cc_secret_mtx;`
wg_cookie: make ratelimiter global Signed-off-by: Matt Dunwoodie <ncon@noconroy.net> 2021-04-23 03:22:59 +02:00			`sbintime_t cc_secret_birthdate; /* sbinuptime */`
			`uint8_t cc_secret[COOKIE_SECRET_SIZE];`
Initial import There's still more to do with wiring this up properly. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com> 2021-03-17 16:34:21 +01:00			`};`

wg_cookie: make ratelimiter global Signed-off-by: Matt Dunwoodie <ncon@noconroy.net> 2021-04-23 03:22:59 +02:00			`int cookie_init(void);`
			`void cookie_deinit(void);`
			`void cookie_checker_init(struct cookie_checker *);`
global: destroy rwlocks and mtxs Before, most uses of rwlock and mtx never called the destroy method, which might cause problems for witness. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com> 2021-06-05 23:02:14 +02:00			`void cookie_checker_free(struct cookie_checker *);`
Initial import There's still more to do with wiring this up properly. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com> 2021-03-17 16:34:21 +01:00			`void cookie_checker_update(struct cookie_checker *,`
			`const uint8_t[COOKIE_INPUT_SIZE]);`
			`void cookie_checker_create_payload(struct cookie_checker *,`
			`struct cookie_macs *cm, uint8_t[COOKIE_NONCE_SIZE],`
			`uint8_t [COOKIE_ENCRYPTED_SIZE], struct sockaddr *);`
wg_cookie: make ratelimiter global Signed-off-by: Matt Dunwoodie <ncon@noconroy.net> 2021-04-23 03:22:59 +02:00			`void cookie_maker_init(struct cookie_maker *, const uint8_t[COOKIE_INPUT_SIZE]);`
global: destroy rwlocks and mtxs Before, most uses of rwlock and mtx never called the destroy method, which might cause problems for witness. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com> 2021-06-05 23:02:14 +02:00			`void cookie_maker_free(struct cookie_maker *);`
Initial import There's still more to do with wiring this up properly. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com> 2021-03-17 16:34:21 +01:00			`int cookie_maker_consume_payload(struct cookie_maker *,`
			`uint8_t[COOKIE_NONCE_SIZE], uint8_t[COOKIE_ENCRYPTED_SIZE]);`
			`void cookie_maker_mac(struct cookie_maker , struct cookie_macs ,`
			`void *, size_t);`
			`int cookie_checker_validate_macs(struct cookie_checker *,`
wg_cookie: hash vnet into ratelimiter entry IPs mean different things per-vnet. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com> 2021-04-23 05:53:13 +02:00			`struct cookie_macs , void , size_t, bool, struct sockaddr *,`
			`struct vnet *);`
Initial import There's still more to do with wiring this up properly. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com> 2021-03-17 16:34:21 +01:00
wg_cookie: add selftest Signed-off-by: Matt Dunwoodie <ncon@noconroy.net> 2021-04-22 04:09:19 +02:00			`#ifdef SELFTESTS`
if_wg: pass back result of selftests and enable in CI Hopefully bad tests will cause the module to not insert, so the CI picks this up. It looks like a failure to insert the module at the moment actually causes another crash, though: Kernel page fault with the following non-sleepable locks held: exclusive sleep mutex if_cloners lock (if_cloners lock) r = 0 (0xffffffff81d9a9b8) locked @ /usr/src/sys/net/if_clone.c:447 stack backtrace: #0 0xffffffff80c66181 at witness_debugger+0x71 #1 0xffffffff80c6729d at witness_warn+0x40d #2 0xffffffff8109499e at trap_pfault+0x7e #3 0xffffffff81093fab at trap+0x2ab #4 0xffffffff810687f8 at calltrap+0x8 #5 0xffffffff82925610 at wg_module_event_handler+0x120 #6 0xffffffff80bd53c3 at module_register_init+0xd3 #7 0xffffffff80bc5c61 at linker_load_module+0xc01 #8 0xffffffff80bc73b9 at kern_kldload+0xe9 #9 0xffffffff80bc74db at sys_kldload+0x5b #10 0xffffffff810952f7 at amd64_syscall+0x147 #11 0xffffffff8106911e at fast_syscall_common+0xf8 Fatal trap 12: page fault while in kernel mode cpuid = 9; apic id = 09 fault virtual address = 0x70 fault code = supervisor read data, page not present instruction pointer = 0x20:0xffffffff80d18e37 stack pointer = 0x28:0xfffffe0115fb35a0 frame pointer = 0x28:0xfffffe0115fb35c0 code segment = base 0x0, limit 0xfffff, type 0x1b = DPL 0, pres 1, long 1, def32 0, gran 1 processor eflags = interrupt enabled, resume, IOPL = 0 current process = 1587 (kldload) trap number = 12 panic: page fault cpuid = 9 time = 1621380034 KDB: stack backtrace: #0 0xffffffff80c44695 at kdb_backtrace+0x65 #1 0xffffffff80bf9d01 at vpanic+0x181 #2 0xffffffff80bf9ad3 at panic+0x43 #3 0xffffffff81094917 at trap_fatal+0x387 #4 0xffffffff810949b7 at trap_pfault+0x97 #5 0xffffffff81093fab at trap+0x2ab #6 0xffffffff810687f8 at calltrap+0x8 #7 0xffffffff82925610 at wg_module_event_handler+0x120 #8 0xffffffff80bd53c3 at module_register_init+0xd3 #9 0xffffffff80bc5c61 at linker_load_module+0xc01 #10 0xffffffff80bc73b9 at kern_kldload+0xe9 #11 0xffffffff80bc74db at sys_kldload+0x5b #12 0xffffffff810952f7 at amd64_syscall+0x147 #13 0xffffffff8106911e at fast_syscall_common+0xf8 Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com> 2021-05-19 01:02:43 +02:00			`bool cookie_selftest(void);`
wg_cookie: add selftest Signed-off-by: Matt Dunwoodie <ncon@noconroy.net> 2021-04-22 04:09:19 +02:00			`#endif /* SELFTESTS */`

Initial import There's still more to do with wiring this up properly. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com> 2021-03-17 16:34:21 +01:00			`#endif /* __COOKIE_H__ */`