FD.io VPP  v21.01.1
Vector Packet Processing
wireguard_send.c
Go to the documentation of this file.
1 /*
2  * Copyright (c) 2020 Doc.ai and/or its affiliates.
3  * Copyright (c) 2020 Cisco and/or its affiliates.
4  * Licensed under the Apache License, Version 2.0 (the "License");
5  * you may not use this file except in compliance with the License.
6  * You may obtain a copy of the License at:
7  *
8  * http://www.apache.org/licenses/LICENSE-2.0
9  *
10  * Unless required by applicable law or agreed to in writing, software
11  * distributed under the License is distributed on an "AS IS" BASIS,
12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13  * See the License for the specific language governing permissions and
14  * limitations under the License.
15  */
16 
17 #include <vnet/vnet.h>
18 #include <vnet/ip/ip6_link.h>
19 #include <vppinfra/error.h>
20 #include <vlibmemory/api.h>
21 #include <wireguard/wireguard.h>
23 
24 static int
26 {
27  vlib_frame_t *f = 0;
28  u32 lookup_node_index =
29  is_ip6 ? ip6_lookup_node.index : ip4_lookup_node.index;
30 
31  f = vlib_get_frame_to_node (vm, lookup_node_index);
32  /* f can not be NULL here - frame allocation failure causes panic */
33 
34  u32 *to_next = vlib_frame_vector_args (f);
35  f->n_vectors = 1;
36  to_next[0] = bi0;
37 
38  vlib_put_frame_to_node (vm, lookup_node_index, f);
39 
40  return f->n_vectors;
41 }
42 
43 static void
45 {
46  ip4_udp_header_t *hdr;
47 
48  vlib_buffer_advance (b0, -sizeof (*hdr));
49 
50  hdr = vlib_buffer_get_current (b0);
51  clib_memcpy (hdr, peer->rewrite, vec_len (peer->rewrite));
52 
53  hdr->udp.length =
54  clib_host_to_net_u16 (b0->current_length - sizeof (ip4_header_t));
56  clib_host_to_net_u16 (b0->current_length));
57 }
58 
59 static bool
61  const wg_peer_t * peer,
62  const u8 * packet, u32 packet_len, u32 * bi)
63 {
64  u32 n_buf0 = 0;
65  vlib_buffer_t *b0;
66 
67  n_buf0 = vlib_buffer_alloc (vm, bi, 1);
68  if (!n_buf0)
69  return false;
70 
71  b0 = vlib_get_buffer (vm, *bi);
72 
73  u8 *payload = vlib_buffer_get_current (b0);
74  clib_memcpy (payload, packet, packet_len);
75 
76  b0->current_length = packet_len;
77 
78  wg_buffer_prepend_rewrite (b0, peer);
79 
80  return true;
81 }
82 
83 bool
85 {
86  ASSERT (vm->thread_index == 0);
87 
89 
90  if (!is_retry)
91  peer->timer_handshake_attempts = 0;
92 
94  REKEY_TIMEOUT) || peer->is_dead)
95  return true;
96 
98  &peer->remote,
99  &packet.sender_index,
100  packet.unencrypted_ephemeral,
101  packet.encrypted_static,
102  packet.encrypted_timestamp))
103  {
104  packet.header.type = MESSAGE_HANDSHAKE_INITIATION;
105  cookie_maker_mac (&peer->cookie_maker, &packet.macs, &packet,
106  sizeof (packet));
110 
111  peer->last_sent_handshake = vlib_time_now (vm);
112  }
113  else
114  return false;
115 
116  u32 bi0 = 0;
117  if (!wg_create_buffer (vm, peer, (u8 *) & packet, sizeof (packet), &bi0))
118  return false;
119 
120  ip46_enqueue_packet (vm, bi0, false);
121  return true;
122 }
123 
124 typedef struct
125 {
127  bool is_retry;
129 
130 static void *
132 {
133  wg_send_args_t *a = arg;
134 
135  wg_main_t *wmp = &wg_main;
137 
138  wg_send_handshake (wmp->vlib_main, peer, a->is_retry);
139  return 0;
140 }
141 
142 void
143 wg_send_handshake_from_mt (u32 peer_idx, bool is_retry)
144 {
145  wg_send_args_t a = {
146  .peer_idx = peer_idx,
147  .is_retry = is_retry,
148  };
149 
151  (u8 *) & a, sizeof (a));
152 }
153 
154 bool
156 {
157  ASSERT (vm->thread_index == 0);
158 
159  u32 size_of_packet = message_data_len (0);
162  u32 bi0 = 0;
163  bool ret = true;
165 
166  if (!peer->remote.r_current)
167  {
168  wg_send_handshake (vm, peer, false);
169  goto out;
170  }
171 
172  state =
174  &peer->remote,
175  &packet->receiver_index,
176  &packet->counter, NULL, 0, packet->encrypted_data);
177 
179  {
180  wg_send_handshake (vm, peer, false);
181  }
182  else if (PREDICT_FALSE (state == SC_FAILED))
183  {
184  ret = false;
185  goto out;
186  }
187 
188  packet->header.type = MESSAGE_DATA;
189 
190  if (!wg_create_buffer (vm, peer, (u8 *) packet, size_of_packet, &bi0))
191  {
192  ret = false;
193  goto out;
194  }
195 
196  ip46_enqueue_packet (vm, bi0, false);
197 
200 
201 out:
202  return ret;
203 }
204 
205 bool
207 {
209 
210  if (noise_create_response (vm,
211  &peer->remote,
212  &packet.sender_index,
213  &packet.receiver_index,
214  packet.unencrypted_ephemeral,
215  packet.encrypted_nothing))
216  {
217  packet.header.type = MESSAGE_HANDSHAKE_RESPONSE;
218  cookie_maker_mac (&peer->cookie_maker, &packet.macs, &packet,
219  sizeof (packet));
220 
221  if (noise_remote_begin_session (vm, &peer->remote))
222  {
226  peer->last_sent_handshake = vlib_time_now (vm);
227 
228  u32 bi0 = 0;
229  if (!wg_create_buffer (vm, peer, (u8 *) & packet,
230  sizeof (packet), &bi0))
231  return false;
232 
233  ip46_enqueue_packet (vm, bi0, false);
234  }
235  else
236  return false;
237  }
238  else
239  return false;
240  return true;
241 }
242 
243 /*
244  * fd.io coding-style-patch-verification: ON
245  *
246  * Local Variables:
247  * eval: (c-set-style "gnu")
248  * End:
249  */
message_header_t header
wg_per_thread_data_t * per_thread_data
Definition: wireguard.h:43
u8 encrypted_static[noise_encrypted_len(NOISE_PUBLIC_KEY_LEN)]
bool noise_create_initiation(vlib_main_t *vm, noise_remote_t *r, uint32_t *s_idx, uint8_t ue[NOISE_PUBLIC_KEY_LEN], uint8_t es[NOISE_PUBLIC_KEY_LEN+NOISE_AUTHTAG_LEN], uint8_t ets[NOISE_TIMESTAMP_LEN+NOISE_AUTHTAG_LEN])
enum noise_state_crypt noise_remote_encrypt(vlib_main_t *vm, noise_remote_t *r, uint32_t *r_idx, uint64_t *nonce, uint8_t *src, size_t srclen, uint8_t *dst)
a
Definition: bitmap.h:544
noise_state_crypt
static f64 vlib_time_now(vlib_main_t *vm)
Definition: main.h:334
u32 thread_index
Definition: main.h:250
u16 current_length
Nbytes between current data and the end of this buffer.
Definition: buffer.h:113
void wg_timers_any_authenticated_packet_traversal(wg_peer_t *peer)
static void wg_buffer_prepend_rewrite(vlib_buffer_t *b0, const wg_peer_t *peer)
vlib_main_t * vm
Definition: in2out_ed.c:1580
unsigned char u8
Definition: types.h:56
vlib_node_registration_t ip4_lookup_node
(constructor) VLIB_REGISTER_NODE (ip4_lookup_node)
Definition: ip4_forward.c:104
#define clib_memcpy(d, s, n)
Definition: string.h:180
bool noise_remote_begin_session(vlib_main_t *vm, noise_remote_t *r)
ip4_header_t ip4
noise_remote_t remote
bool wg_send_handshake_response(vlib_main_t *vm, wg_peer_t *peer)
vlib_frame_t * vlib_get_frame_to_node(vlib_main_t *vm, u32 to_node_index)
Definition: main.c:182
void vl_api_rpc_call_main_thread(void *fp, u8 *data, u32 data_length)
Definition: vlib_api.c:619
bool noise_create_response(vlib_main_t *vm, noise_remote_t *r, uint32_t *s_idx, uint32_t *r_idx, uint8_t ue[NOISE_PUBLIC_KEY_LEN], uint8_t en[0+NOISE_AUTHTAG_LEN])
void wg_send_handshake_from_mt(u32 peer_idx, bool is_retry)
unsigned int u32
Definition: types.h:88
bool is_ip6
Definition: ip.api:43
static int ip46_enqueue_packet(vlib_main_t *vm, u32 bi0, int is_ip6)
u8 encrypted_nothing[noise_encrypted_len(0)]
static __clib_warn_unused_result u32 vlib_buffer_alloc(vlib_main_t *vm, u32 *buffers, u32 n_buffers)
Allocate buffers into supplied array.
Definition: buffer_funcs.h:677
void vlib_put_frame_to_node(vlib_main_t *vm, u32 to_node_index, vlib_frame_t *f)
Definition: main.c:216
description malformed packet
Definition: map.api:445
static void * vlib_buffer_get_current(vlib_buffer_t *b)
Get pointer to current data to process.
Definition: buffer.h:233
#define PREDICT_FALSE(x)
Definition: clib.h:121
vl_api_address_t peer
Definition: teib.api:28
static bool wg_birthdate_has_expired(f64 birthday_seconds, f64 expiration_seconds)
#define message_data_len(plain_len)
u16 n_vectors
Definition: node.h:397
void wg_timers_any_authenticated_packet_sent(wg_peer_t *peer)
u8 data[WG_DEFAULT_DATA_SIZE]
Definition: wireguard.h:29
cookie_maker_t cookie_maker
bool is_dead
vlib_node_registration_t ip6_lookup_node
(constructor) VLIB_REGISTER_NODE (ip6_lookup_node)
Definition: ip6_forward.c:742
#define ASSERT(truth)
wg_main_t wg_main
Definition: wireguard.c:26
u8 * rewrite
u8 encrypted_timestamp[noise_encrypted_len(NOISE_TIMESTAMP_LEN)]
u8 unencrypted_ephemeral[NOISE_PUBLIC_KEY_LEN]
static void vlib_buffer_advance(vlib_buffer_t *b, word l)
Advance current data pointer by the supplied (signed!) amount.
Definition: buffer.h:252
f64 last_sent_handshake
#define vec_len(v)
Number of elements in vector (rvalue-only, NULL tolerant)
VLIB buffer representation.
Definition: buffer.h:102
static void * vlib_frame_vector_args(vlib_frame_t *f)
Get pointer to frame vector data.
Definition: node_funcs.h:297
vlib_main_t * vlib_main
Definition: wireguard.h:34
udp_header_t udp
noise_keypair_t * r_current
void wg_timers_session_derived(wg_peer_t *peer)
static void ip4_header_set_len_w_chksum(ip4_header_t *ip4, u16 len)
bool wg_send_keepalive(vlib_main_t *vm, wg_peer_t *peer)
vl_api_dhcp_client_state_t state
Definition: dhcp.api:201
message_type_t type
static bool wg_create_buffer(vlib_main_t *vm, const wg_peer_t *peer, const u8 *packet, u32 packet_len, u32 *bi)
static void * wg_send_handshake_thread_fn(void *arg)
u8 unencrypted_ephemeral[NOISE_PUBLIC_KEY_LEN]
void wg_timers_handshake_initiated(wg_peer_t *peer)
static wg_peer_t * wg_peer_get(index_t peeri)
u32 timer_handshake_attempts
bool wg_send_handshake(vlib_main_t *vm, wg_peer_t *peer, bool is_retry)
static vlib_buffer_t * vlib_get_buffer(vlib_main_t *vm, u32 buffer_index)
Translate buffer index into buffer pointer.
Definition: buffer_funcs.h:85