2017-07-08 23:51:26 +02:00
|
|
|
package main
|
|
|
|
|
|
|
|
|
|
import (
|
|
|
|
|
"bytes"
|
|
|
|
|
"encoding/binary"
|
|
|
|
|
"golang.org/x/crypto/blake2s"
|
2017-08-07 15:25:04 +02:00
|
|
|
"math/rand"
|
2017-07-08 23:51:26 +02:00
|
|
|
"sync/atomic"
|
|
|
|
|
"time"
|
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
/* Called when a new authenticated message has been send
|
|
|
|
|
*
|
|
|
|
|
*/
|
|
|
|
|
func (peer *Peer) KeepKeyFreshSending() {
|
2017-07-10 12:09:19 +02:00
|
|
|
kp := peer.keyPairs.Current()
|
|
|
|
|
if kp == nil {
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
nonce := atomic.LoadUint64(&kp.sendNonce)
|
2017-08-07 15:25:04 +02:00
|
|
|
if nonce > RekeyAfterMessages {
|
|
|
|
|
signalSend(peer.signal.handshakeBegin)
|
|
|
|
|
}
|
|
|
|
|
if kp.isInitiator && time.Now().Sub(kp.created) > RekeyAfterTime {
|
2017-07-08 23:51:26 +02:00
|
|
|
signalSend(peer.signal.handshakeBegin)
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* Called when a new authenticated message has been recevied
|
|
|
|
|
*
|
|
|
|
|
*/
|
|
|
|
|
func (peer *Peer) KeepKeyFreshReceiving() {
|
2017-08-07 15:25:04 +02:00
|
|
|
// TODO: Add a guard, clear on handshake complete (clear in TimerHandshakeComplete)
|
2017-07-10 12:09:19 +02:00
|
|
|
kp := peer.keyPairs.Current()
|
|
|
|
|
if kp == nil {
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
if !kp.isInitiator {
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
nonce := atomic.LoadUint64(&kp.sendNonce)
|
|
|
|
|
send := nonce > RekeyAfterMessages || time.Now().Sub(kp.created) > RekeyAfterTimeReceiving
|
2017-07-08 23:51:26 +02:00
|
|
|
if send {
|
|
|
|
|
signalSend(peer.signal.handshakeBegin)
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* Queues a keep-alive if no packets are queued for peer
|
|
|
|
|
*/
|
|
|
|
|
func (peer *Peer) SendKeepAlive() bool {
|
|
|
|
|
elem := peer.device.NewOutboundElement()
|
|
|
|
|
elem.packet = nil
|
|
|
|
|
if len(peer.queue.nonce) == 0 {
|
|
|
|
|
select {
|
|
|
|
|
case peer.queue.nonce <- elem:
|
|
|
|
|
return true
|
|
|
|
|
default:
|
|
|
|
|
return false
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
return true
|
|
|
|
|
}
|
|
|
|
|
|
2017-08-04 16:15:53 +02:00
|
|
|
/* Event:
|
|
|
|
|
* Sent non-empty (authenticated) transport message
|
2017-07-08 23:51:26 +02:00
|
|
|
*/
|
2017-07-27 23:45:37 +02:00
|
|
|
func (peer *Peer) TimerDataSent() {
|
|
|
|
|
timerStop(peer.timer.keepalivePassive)
|
|
|
|
|
if !peer.timer.pendingNewHandshake {
|
|
|
|
|
peer.timer.pendingNewHandshake = true
|
|
|
|
|
peer.timer.newHandshake.Reset(NewHandshakeTime)
|
|
|
|
|
}
|
|
|
|
|
}
|
2017-07-08 23:51:26 +02:00
|
|
|
|
2017-07-27 23:45:37 +02:00
|
|
|
/* Event:
|
|
|
|
|
* Received non-empty (authenticated) transport message
|
|
|
|
|
*/
|
|
|
|
|
func (peer *Peer) TimerDataReceived() {
|
|
|
|
|
if peer.timer.pendingKeepalivePassive {
|
|
|
|
|
peer.timer.needAnotherKeepalive = true
|
2017-07-08 23:51:26 +02:00
|
|
|
return
|
|
|
|
|
}
|
2017-07-27 23:45:37 +02:00
|
|
|
peer.timer.pendingKeepalivePassive = false
|
|
|
|
|
peer.timer.keepalivePassive.Reset(KeepaliveTimeout)
|
|
|
|
|
}
|
2017-07-08 23:51:26 +02:00
|
|
|
|
2017-07-27 23:45:37 +02:00
|
|
|
/* Event:
|
2017-08-04 16:15:53 +02:00
|
|
|
* Any (authenticated) packet received
|
2017-07-27 23:45:37 +02:00
|
|
|
*/
|
2017-08-04 16:15:53 +02:00
|
|
|
func (peer *Peer) TimerAnyAuthenticatedPacketReceived() {
|
2017-07-27 23:45:37 +02:00
|
|
|
timerStop(peer.timer.newHandshake)
|
|
|
|
|
}
|
2017-07-08 23:51:26 +02:00
|
|
|
|
2017-07-27 23:45:37 +02:00
|
|
|
/* Event:
|
2017-08-04 16:15:53 +02:00
|
|
|
* Any authenticated packet send / received.
|
2017-07-27 23:45:37 +02:00
|
|
|
*/
|
2017-08-04 16:15:53 +02:00
|
|
|
func (peer *Peer) TimerAnyAuthenticatedPacketTraversal() {
|
2017-07-08 23:51:26 +02:00
|
|
|
interval := atomic.LoadUint64(&peer.persistentKeepaliveInterval)
|
|
|
|
|
if interval > 0 {
|
|
|
|
|
duration := time.Duration(interval) * time.Second
|
2017-07-27 23:45:37 +02:00
|
|
|
peer.timer.keepalivePersistent.Reset(duration)
|
2017-07-08 23:51:26 +02:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2017-07-27 23:45:37 +02:00
|
|
|
/* Called after succesfully completing a handshake.
|
|
|
|
|
* i.e. after:
|
|
|
|
|
*
|
|
|
|
|
* - Valid handshake response
|
|
|
|
|
* - First transport message under the "next" key
|
|
|
|
|
*/
|
|
|
|
|
func (peer *Peer) TimerHandshakeComplete() {
|
|
|
|
|
atomic.StoreInt64(
|
|
|
|
|
&peer.stats.lastHandshakeNano,
|
|
|
|
|
time.Now().UnixNano(),
|
|
|
|
|
)
|
|
|
|
|
signalSend(peer.signal.handshakeCompleted)
|
|
|
|
|
peer.device.log.Info.Println("Negotiated new handshake for", peer.String())
|
|
|
|
|
}
|
2017-07-08 23:51:26 +02:00
|
|
|
|
2017-08-04 16:15:53 +02:00
|
|
|
/* Event:
|
|
|
|
|
* An ephemeral key is generated
|
|
|
|
|
*
|
2017-07-27 23:45:37 +02:00
|
|
|
* i.e after:
|
|
|
|
|
*
|
|
|
|
|
* CreateMessageInitiation
|
|
|
|
|
* CreateMessageResponse
|
|
|
|
|
*
|
|
|
|
|
* Schedules the deletion of all key material
|
|
|
|
|
* upon failure to complete a handshake
|
|
|
|
|
*/
|
|
|
|
|
func (peer *Peer) TimerEphemeralKeyCreated() {
|
2017-08-07 15:25:04 +02:00
|
|
|
peer.timer.zeroAllKeys.Reset(RejectAfterTime * 3)
|
2017-07-08 23:51:26 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func (peer *Peer) RoutineTimerHandler() {
|
|
|
|
|
device := peer.device
|
2017-07-17 16:16:18 +02:00
|
|
|
indices := &device.indices
|
2017-07-08 23:51:26 +02:00
|
|
|
|
|
|
|
|
logDebug := device.log.Debug
|
2017-07-13 14:32:40 +02:00
|
|
|
logDebug.Println("Routine, timer handler, started for peer", peer.String())
|
2017-07-08 23:51:26 +02:00
|
|
|
|
|
|
|
|
for {
|
|
|
|
|
select {
|
|
|
|
|
|
|
|
|
|
case <-peer.signal.stop:
|
|
|
|
|
return
|
|
|
|
|
|
|
|
|
|
// keep-alives
|
|
|
|
|
|
|
|
|
|
case <-peer.timer.keepalivePersistent.C:
|
|
|
|
|
|
2017-07-27 23:45:37 +02:00
|
|
|
interval := atomic.LoadUint64(&peer.persistentKeepaliveInterval)
|
|
|
|
|
if interval > 0 {
|
2017-08-07 15:25:04 +02:00
|
|
|
logDebug.Println("Sending keep-alive to", peer.String())
|
2017-07-27 23:45:37 +02:00
|
|
|
peer.SendKeepAlive()
|
|
|
|
|
}
|
2017-07-08 23:51:26 +02:00
|
|
|
|
2017-07-13 14:32:40 +02:00
|
|
|
case <-peer.timer.keepalivePassive.C:
|
2017-07-08 23:51:26 +02:00
|
|
|
|
2017-08-07 15:25:04 +02:00
|
|
|
logDebug.Println("Sending keep-alive to", peer.String())
|
2017-07-08 23:51:26 +02:00
|
|
|
|
|
|
|
|
peer.SendKeepAlive()
|
2017-07-27 23:45:37 +02:00
|
|
|
|
|
|
|
|
if peer.timer.needAnotherKeepalive {
|
|
|
|
|
peer.timer.keepalivePassive.Reset(KeepaliveTimeout)
|
2017-08-07 15:25:04 +02:00
|
|
|
peer.timer.needAnotherKeepalive = false
|
2017-07-27 23:45:37 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// unresponsive session
|
|
|
|
|
|
|
|
|
|
case <-peer.timer.newHandshake.C:
|
|
|
|
|
|
|
|
|
|
logDebug.Println("Retrying handshake with", peer.String(), "due to lack of reply")
|
|
|
|
|
|
|
|
|
|
signalSend(peer.signal.handshakeBegin)
|
2017-07-08 23:51:26 +02:00
|
|
|
|
|
|
|
|
// clear key material
|
|
|
|
|
|
|
|
|
|
case <-peer.timer.zeroAllKeys.C:
|
|
|
|
|
|
2017-07-13 14:32:40 +02:00
|
|
|
logDebug.Println("Clearing all key material for", peer.String())
|
2017-07-08 23:51:26 +02:00
|
|
|
|
2017-07-17 16:16:18 +02:00
|
|
|
hs := &peer.handshake
|
|
|
|
|
hs.mutex.Lock()
|
|
|
|
|
|
2017-07-27 23:45:37 +02:00
|
|
|
kp := &peer.keyPairs
|
|
|
|
|
kp.mutex.Lock()
|
|
|
|
|
|
|
|
|
|
// unmap indecies
|
2017-07-17 16:16:18 +02:00
|
|
|
|
|
|
|
|
indices.mutex.Lock()
|
|
|
|
|
if kp.previous != nil {
|
|
|
|
|
delete(indices.table, kp.previous.localIndex)
|
|
|
|
|
}
|
|
|
|
|
if kp.current != nil {
|
|
|
|
|
delete(indices.table, kp.current.localIndex)
|
|
|
|
|
}
|
|
|
|
|
if kp.next != nil {
|
|
|
|
|
delete(indices.table, kp.next.localIndex)
|
|
|
|
|
}
|
|
|
|
|
delete(indices.table, hs.localIndex)
|
|
|
|
|
indices.mutex.Unlock()
|
|
|
|
|
|
|
|
|
|
// zero out key pairs (TODO: better than wait for GC)
|
|
|
|
|
|
|
|
|
|
kp.current = nil
|
|
|
|
|
kp.previous = nil
|
|
|
|
|
kp.next = nil
|
|
|
|
|
kp.mutex.Unlock()
|
2017-07-08 23:51:26 +02:00
|
|
|
|
|
|
|
|
// zero out handshake
|
|
|
|
|
|
2017-07-17 16:16:18 +02:00
|
|
|
hs.localIndex = 0
|
|
|
|
|
hs.localEphemeral = NoisePrivateKey{}
|
|
|
|
|
hs.remoteEphemeral = NoisePublicKey{}
|
|
|
|
|
hs.chainKey = [blake2s.Size]byte{}
|
|
|
|
|
hs.hash = [blake2s.Size]byte{}
|
|
|
|
|
hs.mutex.Unlock()
|
2017-07-08 23:51:26 +02:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* This is the state machine for handshake initiation
|
|
|
|
|
*
|
|
|
|
|
* Associated with this routine is the signal "handshakeBegin"
|
|
|
|
|
* The routine will read from the "handshakeBegin" channel
|
|
|
|
|
* at most every RekeyTimeout seconds
|
|
|
|
|
*/
|
|
|
|
|
func (peer *Peer) RoutineHandshakeInitiator() {
|
|
|
|
|
device := peer.device
|
|
|
|
|
|
2017-07-13 14:32:40 +02:00
|
|
|
logInfo := device.log.Info
|
2017-07-08 23:51:26 +02:00
|
|
|
logError := device.log.Error
|
|
|
|
|
logDebug := device.log.Debug
|
2017-07-13 14:32:40 +02:00
|
|
|
logDebug.Println("Routine, handshake initator, started for", peer.String())
|
2017-07-08 23:51:26 +02:00
|
|
|
|
2017-07-27 23:45:37 +02:00
|
|
|
var temp [256]byte
|
|
|
|
|
|
2017-07-13 14:32:40 +02:00
|
|
|
for {
|
2017-07-08 23:51:26 +02:00
|
|
|
|
|
|
|
|
// wait for signal
|
|
|
|
|
|
|
|
|
|
select {
|
|
|
|
|
case <-peer.signal.handshakeBegin:
|
|
|
|
|
case <-peer.signal.stop:
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
2017-08-07 15:25:04 +02:00
|
|
|
// set deadline
|
2017-07-08 23:51:26 +02:00
|
|
|
|
2017-08-07 15:25:04 +02:00
|
|
|
BeginHandshakes:
|
|
|
|
|
|
|
|
|
|
signalClear(peer.signal.handshakeReset)
|
|
|
|
|
deadline := time.NewTimer(RekeyAttemptTime)
|
|
|
|
|
|
|
|
|
|
AttemptHandshakes:
|
2017-07-11 22:48:58 +02:00
|
|
|
|
2017-07-27 23:45:37 +02:00
|
|
|
for attempts := uint(1); ; attempts++ {
|
2017-07-08 23:51:26 +02:00
|
|
|
|
2017-08-07 15:25:04 +02:00
|
|
|
// check if deadline reached
|
2017-07-08 23:51:26 +02:00
|
|
|
|
2017-07-27 23:45:37 +02:00
|
|
|
select {
|
2017-08-07 15:25:04 +02:00
|
|
|
case <-deadline.C:
|
|
|
|
|
logInfo.Println("Handshake negotiation timed out for:", peer.String())
|
|
|
|
|
signalSend(peer.signal.flushNonceQueue)
|
|
|
|
|
timerStop(peer.timer.keepalivePersistent)
|
|
|
|
|
break
|
2017-07-27 23:45:37 +02:00
|
|
|
case <-peer.signal.stop:
|
|
|
|
|
return
|
|
|
|
|
default:
|
2017-07-08 23:51:26 +02:00
|
|
|
}
|
2017-07-27 23:45:37 +02:00
|
|
|
|
2017-08-07 15:25:04 +02:00
|
|
|
signalClear(peer.signal.handshakeCompleted)
|
2017-07-27 23:45:37 +02:00
|
|
|
|
|
|
|
|
// create initiation message
|
|
|
|
|
|
|
|
|
|
msg, err := peer.device.CreateMessageInitiation(peer)
|
|
|
|
|
if err != nil {
|
|
|
|
|
logError.Println("Failed to create handshake initiation message:", err)
|
2017-08-07 15:25:04 +02:00
|
|
|
break AttemptHandshakes
|
2017-07-27 23:45:37 +02:00
|
|
|
}
|
2017-08-07 15:25:04 +02:00
|
|
|
|
|
|
|
|
jitter := time.Millisecond * time.Duration(rand.Uint32()%334)
|
2017-07-27 23:45:37 +02:00
|
|
|
|
|
|
|
|
// marshal and send
|
|
|
|
|
|
|
|
|
|
writer := bytes.NewBuffer(temp[:0])
|
|
|
|
|
binary.Write(writer, binary.LittleEndian, msg)
|
|
|
|
|
packet := writer.Bytes()
|
|
|
|
|
peer.mac.AddMacs(packet)
|
|
|
|
|
|
|
|
|
|
_, err = peer.SendBuffer(packet)
|
|
|
|
|
if err != nil {
|
|
|
|
|
logError.Println(
|
|
|
|
|
"Failed to send handshake initiation message to",
|
|
|
|
|
peer.String(), ":", err,
|
|
|
|
|
)
|
2017-08-07 15:25:04 +02:00
|
|
|
break
|
2017-07-27 23:45:37 +02:00
|
|
|
}
|
|
|
|
|
|
2017-08-04 16:15:53 +02:00
|
|
|
peer.TimerAnyAuthenticatedPacketTraversal()
|
|
|
|
|
|
2017-08-07 15:25:04 +02:00
|
|
|
// set handshake timeout
|
2017-07-27 23:45:37 +02:00
|
|
|
|
2017-08-07 15:25:04 +02:00
|
|
|
timeout := time.NewTimer(RekeyTimeout + jitter)
|
2017-07-27 23:45:37 +02:00
|
|
|
logDebug.Println(
|
|
|
|
|
"Handshake initiation attempt",
|
|
|
|
|
attempts, "sent to", peer.String(),
|
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
// wait for handshake or timeout
|
|
|
|
|
|
|
|
|
|
select {
|
|
|
|
|
|
|
|
|
|
case <-peer.signal.stop:
|
|
|
|
|
return
|
|
|
|
|
|
|
|
|
|
case <-peer.signal.handshakeCompleted:
|
|
|
|
|
<-timeout.C
|
2017-08-07 15:25:04 +02:00
|
|
|
break AttemptHandshakes
|
|
|
|
|
|
|
|
|
|
case <-peer.signal.handshakeReset:
|
|
|
|
|
<-timeout.C
|
|
|
|
|
goto BeginHandshakes
|
2017-07-27 23:45:37 +02:00
|
|
|
|
|
|
|
|
case <-timeout.C:
|
2017-08-07 15:25:04 +02:00
|
|
|
// TODO: Clear source address for peer
|
2017-07-27 23:45:37 +02:00
|
|
|
continue
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2017-08-07 15:25:04 +02:00
|
|
|
// clear signal set in the meantime
|
2017-07-08 23:51:26 +02:00
|
|
|
|
|
|
|
|
signalClear(peer.signal.handshakeBegin)
|
|
|
|
|
}
|
|
|
|
|
}
|
