)
const (
- HandshakeReset = iota
- HandshakeInitialCreated
- HandshakeInitialConsumed
+ HandshakeZeroed = iota
+ HandshakeInitiationCreated
+ HandshakeInitiationConsumed
HandshakeResponseCreated
HandshakeResponseConsumed
)
)
const (
- MessageInitalType = 1
+ MessageInitiationType = 1
MessageResponseType = 2
MessageCookieResponseType = 3
MessageTransportType = 4
)
-type MessageInital struct {
+/* Type is an 8-bit field, followed by 3 nul bytes,
+ * by marshalling the messages in little-endian byteorder
+ * we can treat these as a 32-bit int
+ *
+ */
+
+type MessageInitiation struct {
Type uint32
Sender uint32
Ephemeral NoisePublicKey
}
var (
- ZeroNonce [chacha20poly1305.NonceSize]byte
InitalChainKey [blake2s.Size]byte
InitalHash [blake2s.Size]byte
+ ZeroNonce [chacha20poly1305.NonceSize]byte
)
func init() {
InitalHash = blake2s.Sum256(append(InitalChainKey[:], []byte(WGIdentifier)...))
}
-func addToChainKey(c [blake2s.Size]byte, data []byte) [blake2s.Size]byte {
+func mixKey(c [blake2s.Size]byte, data []byte) [blake2s.Size]byte {
return KDF1(c[:], data)
}
-func addToHash(h [blake2s.Size]byte, data []byte) [blake2s.Size]byte {
+func mixHash(h [blake2s.Size]byte, data []byte) [blake2s.Size]byte {
return blake2s.Sum256(append(h[:], data...))
}
-func (h *Handshake) addToHash(data []byte) {
- h.hash = addToHash(h.hash, data)
+func (h *Handshake) mixHash(data []byte) {
+ h.hash = mixHash(h.hash, data)
}
-func (h *Handshake) addToChainKey(data []byte) {
- h.chainKey = addToChainKey(h.chainKey, data)
+func (h *Handshake) mixKey(data []byte) {
+ h.chainKey = mixKey(h.chainKey, data)
}
-func (device *Device) CreateMessageInitial(peer *Peer) (*MessageInital, error) {
+func (device *Device) CreateMessageInitiation(peer *Peer) (*MessageInitiation, error) {
handshake := &peer.handshake
handshake.mutex.Lock()
defer handshake.mutex.Unlock()
var err error
handshake.chainKey = InitalChainKey
- handshake.hash = addToHash(InitalHash, handshake.remoteStatic[:])
+ handshake.hash = mixHash(InitalHash, handshake.remoteStatic[:])
handshake.localEphemeral, err = newPrivateKey()
if err != nil {
return nil, err
// assign index
- var msg MessageInital
+ var msg MessageInitiation
- msg.Type = MessageInitalType
+ msg.Type = MessageInitiationType
msg.Ephemeral = handshake.localEphemeral.publicKey()
handshake.localIndex, err = device.indices.NewIndex(peer)
}
msg.Sender = handshake.localIndex
- handshake.addToChainKey(msg.Ephemeral[:])
- handshake.addToHash(msg.Ephemeral[:])
+ handshake.mixKey(msg.Ephemeral[:])
+ handshake.mixHash(msg.Ephemeral[:])
- // encrypt identity key
+ // encrypt static key
func() {
var key [chacha20poly1305.KeySize]byte
aead, _ := chacha20poly1305.New(key[:])
aead.Seal(msg.Static[:0], ZeroNonce[:], device.publicKey[:], handshake.hash[:])
}()
- handshake.addToHash(msg.Static[:])
+ handshake.mixHash(msg.Static[:])
// encrypt timestamp
aead.Seal(msg.Timestamp[:0], ZeroNonce[:], timestamp[:], handshake.hash[:])
}()
- handshake.addToHash(msg.Timestamp[:])
- handshake.state = HandshakeInitialCreated
+ handshake.mixHash(msg.Timestamp[:])
+ handshake.state = HandshakeInitiationCreated
return &msg, nil
}
-func (device *Device) ConsumeMessageInitial(msg *MessageInital) *Peer {
- if msg.Type != MessageInitalType {
- panic(errors.New("bug: invalid inital message type"))
+func (device *Device) ConsumeMessageInitiation(msg *MessageInitiation) *Peer {
+ if msg.Type != MessageInitiationType {
+ return nil
}
- hash := addToHash(InitalHash, device.publicKey[:])
- hash = addToHash(hash, msg.Ephemeral[:])
- chainKey := addToChainKey(InitalChainKey, msg.Ephemeral[:])
+ hash := mixHash(InitalHash, device.publicKey[:])
+ hash = mixHash(hash, msg.Ephemeral[:])
+ chainKey := mixKey(InitalChainKey, msg.Ephemeral[:])
- // decrypt identity key
+ // decrypt static key
var err error
var peerPK NoisePublicKey
if err != nil {
return nil
}
- hash = addToHash(hash, msg.Static[:])
+ hash = mixHash(hash, msg.Static[:])
// find peer
if err != nil {
return nil
}
- hash = addToHash(hash, msg.Timestamp[:])
+ hash = mixHash(hash, msg.Timestamp[:])
// check for replay attack
return nil
}
- // check for flood attack
+ // TODO: check for flood attack
// update handshake state
handshake.remoteIndex = msg.Sender
handshake.remoteEphemeral = msg.Ephemeral
handshake.lastTimestamp = timestamp
- handshake.state = HandshakeInitialConsumed
+ handshake.state = HandshakeInitiationConsumed
return peer
}
handshake.mutex.Lock()
defer handshake.mutex.Unlock()
- if handshake.state != HandshakeInitialConsumed {
- panic(errors.New("bug: handshake initation must be consumed first"))
+ if handshake.state != HandshakeInitiationConsumed {
+ return nil, errors.New("handshake initation must be consumed first")
}
// assign index
return nil, err
}
msg.Ephemeral = handshake.localEphemeral.publicKey()
- handshake.addToHash(msg.Ephemeral[:])
+ handshake.mixHash(msg.Ephemeral[:])
func() {
ss := handshake.localEphemeral.sharedSecret(handshake.remoteEphemeral)
- handshake.addToChainKey(ss[:])
+ handshake.mixKey(ss[:])
ss = handshake.localEphemeral.sharedSecret(handshake.remoteStatic)
- handshake.addToChainKey(ss[:])
+ handshake.mixKey(ss[:])
}()
// add preshared key (psk)
var tau [blake2s.Size]byte
var key [chacha20poly1305.KeySize]byte
handshake.chainKey, tau, key = KDF3(handshake.chainKey[:], handshake.presharedKey[:])
- handshake.addToHash(tau[:])
+ handshake.mixHash(tau[:])
func() {
aead, _ := chacha20poly1305.New(key[:])
aead.Seal(msg.Empty[:0], ZeroNonce[:], nil, handshake.hash[:])
- handshake.addToHash(msg.Empty[:])
+ handshake.mixHash(msg.Empty[:])
}()
handshake.state = HandshakeResponseCreated
func (device *Device) ConsumeMessageResponse(msg *MessageResponse) *Peer {
if msg.Type != MessageResponseType {
- panic(errors.New("bug: invalid message type"))
+ return nil
}
// lookup handshake by reciever
handshake := &peer.handshake
handshake.mutex.Lock()
defer handshake.mutex.Unlock()
- if handshake.state != HandshakeInitialCreated {
+ if handshake.state != HandshakeInitiationCreated {
return nil
}
// finish 3-way DH
- hash := addToHash(handshake.hash, msg.Ephemeral[:])
+ hash := mixHash(handshake.hash, msg.Ephemeral[:])
chainKey := handshake.chainKey
func() {
ss := handshake.localEphemeral.sharedSecret(msg.Ephemeral)
- chainKey = addToChainKey(chainKey, ss[:])
+ chainKey = mixKey(chainKey, ss[:])
ss = device.privateKey.sharedSecret(msg.Ephemeral)
- chainKey = addToChainKey(chainKey, ss[:])
+ chainKey = mixKey(chainKey, ss[:])
}()
// add preshared key (psk)
var tau [blake2s.Size]byte
var key [chacha20poly1305.KeySize]byte
chainKey, tau, key = KDF3(chainKey[:], handshake.presharedKey[:])
- hash = addToHash(hash, tau[:])
+ hash = mixHash(hash, tau[:])
// authenticate
if err != nil {
return nil
}
- hash = addToHash(hash, msg.Empty[:])
+ hash = mixHash(hash, msg.Empty[:])
// update handshake state
keyPair.sendNonce = 0
keyPair.recvNonce = 0
- peer.handshake.state = HandshakeReset
+ // zero handshake
+
+ handshake.chainKey = [blake2s.Size]byte{}
+ handshake.localEphemeral = NoisePrivateKey{}
+ peer.handshake.state = HandshakeZeroed
return &keyPair
}
--- /dev/null
+package main
+
+import (
+ "net"
+ "sync"
+ "sync/atomic"
+)
+
+/* Handles outbound flow
+ *
+ * 1. TUN queue
+ * 2. Routing
+ * 3. Per peer queuing
+ * 4. (work queuing)
+ *
+ */
+
+type OutboundWorkQueueElement struct {
+ wg sync.WaitGroup
+ packet []byte
+ nonce uint64
+ keyPair *KeyPair
+}
+
+func (device *Device) SendPacket(packet []byte) {
+
+ // lookup peer
+
+ var peer *Peer
+ switch packet[0] >> 4 {
+ case IPv4version:
+ dst := packet[IPv4offsetDst : IPv4offsetDst+net.IPv4len]
+ peer = device.routingTable.LookupIPv4(dst)
+
+ case IPv6version:
+ dst := packet[IPv6offsetDst : IPv6offsetDst+net.IPv6len]
+ peer = device.routingTable.LookupIPv6(dst)
+
+ default:
+ device.logger.Println("unknown IP version")
+ return
+ }
+
+ if peer == nil {
+ return
+ }
+
+ // insert into peer queue
+
+ for {
+ select {
+ case peer.queueOutboundRouting <- packet:
+ default:
+ select {
+ case <-peer.queueOutboundRouting:
+ default:
+ }
+ continue
+ }
+ break
+ }
+}
+
+/* Go routine
+ *
+ *
+ * 1. waits for handshake.
+ * 2. assigns key pair & nonce
+ * 3. inserts to working queue
+ *
+ * TODO: avoid dynamic allocation of work queue elements
+ */
+func (peer *Peer) ConsumeOutboundPackets() {
+ for {
+ // wait for key pair
+ keyPair := func() *KeyPair {
+ peer.keyPairs.mutex.RLock()
+ defer peer.keyPairs.mutex.RUnlock()
+ return peer.keyPairs.current
+ }()
+ if keyPair == nil {
+ if len(peer.queueOutboundRouting) > 0 {
+ // TODO: start handshake
+ <-peer.keyPairs.newKeyPair
+ }
+ continue
+ }
+
+ // assign packets key pair
+ for {
+ select {
+ case <-peer.keyPairs.newKeyPair:
+ default:
+ case <-peer.keyPairs.newKeyPair:
+ case packet := <-peer.queueOutboundRouting:
+
+ // create new work element
+
+ work := new(OutboundWorkQueueElement)
+ work.wg.Add(1)
+ work.keyPair = keyPair
+ work.packet = packet
+ work.nonce = atomic.AddUint64(&keyPair.sendNonce, 1) - 1
+
+ peer.queueOutbound <- work
+
+ // drop packets until there is room
+
+ for {
+ select {
+ case peer.device.queueWorkOutbound <- work:
+ break
+ default:
+ drop := <-peer.device.queueWorkOutbound
+ drop.packet = nil
+ drop.wg.Done()
+ }
+ }
+ }
+ }
+ }
+}
+
+func (peer *Peer) RoutineSequential() {
+ for work := range peer.queueOutbound {
+ work.wg.Wait()
+ if work.packet == nil {
+ continue
+ }
+ }
+}
+
+func (device *Device) EncryptionWorker() {
+ for {
+ work := <-device.queueWorkOutbound
+
+ func() {
+ defer work.wg.Done()
+
+ // pad packet
+ padding := device.mtu - len(work.packet)
+ if padding < 0 {
+ work.packet = nil
+ return
+ }
+ for n := 0; n < padding; n += 1 {
+ work.packet = append(work.packet, 0) // TODO: gotta be a faster way
+ }
+
+ //
+
+ }()
+ }
+}
projects / thirdparty / wireguard-go.git / commitdiff
