path: root/src/wireguard.h (follow)
Commit message (Collapse)AuthorAgeFilesLines
* Remove refcnt from fixedmapMatt Dunwoodie2019-10-021-1/+3
* BugfixesMatt Dunwoodie2019-10-021-1/+0
| | | | | | | | | | Fix a number of bugs, including: * If a transport packet arrived before the response during a handshake, it would panic with invalid state in session_promote. * p_rx_bytes/p_tx_bytes was not updated * p_lock should be exit_read, not exit_write in wg_device_tx_initiation * "want rekey" error str was not removed along with WG_REKEY
* I don't have a good commit message for thisMatt Dunwoodie2019-10-021-11/+9
| | | | | | | | | | | Changes: * Move fixedmap lock to fixedmap struct, rather than relying on d_lock. * Adjust outq to supply the ID to lookup later. This requires the caller to know the standard convention, peer id on initiation, session id otherwise. * Added fixed number session management, that is one handshake session, one current session and one old session. * Fix some ref counting
* Big re-work of wireguard.cMatt Dunwoodie2019-09-301-323/+195
* Move antireplay to it's own headerMatt Dunwoodie2019-09-221-8/+3
| | | | | For the time being, this is going to require static functions as antireplay.h is included in multiple source files.
* Add documentation to wireguard.h, TODOs to correct wireguard.cMatt Dunwoodie2019-09-181-5/+170
* Rename *_clean to *_resetMatt Dunwoodie2019-09-181-2/+2
* sed /u_int/uint/Matt Dunwoodie2019-09-171-0/+2
* Fix lock bug in wg_handshake_merge, cleanupMatt Dunwoodie2019-09-111-2/+2
* Check handshake state before preparing initiation packetMatt Dunwoodie2019-09-111-0/+1
* Abstract all handshake access to wireguard.cMatt Dunwoodie2019-09-101-3/+11
* Update debug messagesMatt Dunwoodie2019-09-101-0/+14
* Move handshake rate limiting to wireguard.cMatt Dunwoodie2019-09-091-5/+7
* Move session confirmation to transport decryptMatt Dunwoodie2019-08-231-0/+1
| | | | | | This avoids a difficult, but possible attack. We don't want to send packets to the peer before having verified they can send packets to us, when we are a responder.
* Add extra wg_session_confirmMatt Dunwoodie2019-08-221-0/+1
| | | | | This will assist when fixing up the session being created before receiving traffic, when being a responder.
* Add bloombucket.h for ratelimiting.Matt Dunwoodie2019-08-221-3/+2
| | | | | | | | | | | | | | | In my perpetual quest for allocationless datastructures, this bloombucket attempts to rate limit an arbitrary number of peers during initiation. It works on a mix of a bloom filter and a token bucket, and has configurable parameters for size and number of hashes. The hashes are kept independent by using unique siphash keys. The idea is that a unique input, in this case the peer ip will be hashed into multiple buckets, and each of those buckets incremented. When evaluating if a packet should be rate limited, it sees if at least one of those buckets is not at the threshold. I don't have any good mathematical notes behind this, but will need to sit down and do some tests to get some sane defaults for the values.
* Separate timers from cryptoMatt Dunwoodie2019-08-221-4/+6
| | | | | Actually, these probably belong in if_wg.c, but will leave them here for now because it's still neat.
* Add ID checks for incoming messagesMatt Dunwoodie2019-08-221-0/+1
| | | | | | | | | On the off chance that an error occurs in if_wg.c, then we should check that the incoming packet is intended to be for us. This may have been abused in the handshake recv response function. It doesn't (and can't) be checked in the recv initiation, because there is no ID on our end yet.
* Split ID removal and cleaningMatt Dunwoodie2019-08-221-2/+4
| | | | | | | I don't think there would have been any impact, as we check the handshake/session state before using it, but it is more clear to remove the ID from the hashmap and then to clean the struct. This may also come in handy if the cleaning process ends up having to free memory.
* Simplify handshake and session structsMatt Dunwoodie2019-08-201-28/+53
* Start rework of cookiesMatt Dunwoodie2019-08-201-2/+10
| | | | Cookies were horribly broken, so this is our new way of handling them.
* Simplify initiation timeoutMatt Dunwoodie2019-08-181-6/+2
* Refactor wg_timers*Matt Dunwoodie2019-08-111-3/+1
* Add proper copyright messages to all relevant filesMatt Dunwoodie2019-08-101-0/+16
* Add wg_timer_persistent_keepalive_getMatt Dunwoodie2019-08-091-0/+1
* Move rest of timers to wireguard.cMatt Dunwoodie2019-08-081-2/+5
* Move timers to wireguard.cMatt Dunwoodie2019-08-081-0/+27
| | | | | | It makes more sense for the timers to be in wireguard.c, it still has work to do as there are still references to t_last_handshake in if_wg.c, but this is the first step.
* Decrease coupling between if_wg.c and wireguard.c moreMatt Dunwoodie2019-08-081-25/+21
* Add more cookie functionalityMatt Dunwoodie2019-07-221-6/+12
| | | | Add two cookies, hs_cookie and sc_cookie.
* Reduce coupling between if_wg.c and wireguard.cMatt Dunwoodie2019-07-171-65/+60
| | | | | | | | | | | | | | High level, this includes a big change with wg_conn, by splitting it into a wg_handshake and wg_session. We can get rid of wg_upcall by using the handshake more effectively. This means we can separate the locking of the handshake and the session structs, allowing full asynchronous handshakes, rather than just locking the wg_conn struct. For the time being, the cookie code isn't really complete. There will need to be another wg_cookie, composed of hs_cookie and hs_cookie_time where we can store a local cookie _and_ a remote cookie.
* Add keyset struct, make compilableMatt Dunwoodie2019-07-141-3/+7
* staging19Matt Dunwoodie2019-06-251-45/+54
* staging12Matt Dunwoodie2019-06-171-1/+1
* staging7Matt Dunwoodie2019-06-161-0/+1
* staging6Matt Dunwoodie2019-06-161-10/+10
* staging5Matt Dunwoodie2019-06-161-1/+2
* staging4Matt Dunwoodie2019-06-141-0/+2
* staging3Matt Dunwoodie2019-06-121-2/+3
* staging2Matt Dunwoodie2019-06-121-1/+27
* stagingMatt Dunwoodie2019-06-111-122/+113
* Add check to peer keyMatt Dunwoodie2019-05-281-1/+1
| | | | | | The security of WireGuard relies on peers not establishing a connection with the same key. i.e peer a public key == peer b public key. Currently we don't check this in if_wg.c as that will require some refactoring.
* Make timeouts more idiomaticMatt Dunwoodie2019-05-221-3/+3
| | | | | | | | This is going to be a simpler way to manage timeouts, where they are created and deleted as needed. For the time being, if_wg.c just removes them from the timeout list, however that is unnecessarily inefficient. That will eventually use a flag on the wg_timeout to indicate if it should run or not.
* Limit initiation retriesMatt Dunwoodie2019-05-211-0/+1
| | | | The interface will stop attempting to connect to the peer after 90 seconds.
* Add persistent keepalive support to kernelMatt Dunwoodie2019-05-211-0/+2
| | | | | | | The persistent keepalive piggybacks on the regular keepalive timeout. I'm not exactly sure how keepalives work in the linux kernel module, however in this situation we send the regular keepalive after 10 seconds, and then every p_persistent_keepalive seconds after that.
* Set peer arg in wg_peer_initMatt Dunwoodie2019-05-211-1/+1
| | | | | This is the first in a number of commits that will solidify the wireguard.h interface. wg_peer should be treated as an opaque data type.
* Update cookie calculationMatt Dunwoodie2019-05-191-2/+10
| | | | | | | | | | | | Previously, the cookie system was never used, while that is still the case, this is a step closer to having IP based cookies. There is a new type added, `wg_cookie_param` which stores the parameters to calculate a cookie value. In this case, there is: * rval - the random value, changes every 2 minutes (to be controlled by if_wg.c) * ival - the identifier value, usually going to be an IP address + port * ilen - the length of the identifier value
* Refactor handshake initialisationMatt Dunwoodie2019-05-011-16/+6
| | | | | | Again, reducing code duplication and hopefully making register_id more reliable. The calls to register_id have been consolidated into the init and clear functions.
* Allow wireguard.h to reply initiation with cookieMatt Dunwoodie2019-05-011-20/+12
| | | | | | | | | | | | | | | Due to the design prior, it was not easy to send a cookie message in reply to an initiation. This is because the cookie value was stored in the peer (wg_peer) struct and could not be retrieved until the pubkey was decrypted in the initiation packet, defeating the purpose of the cookie. The biggest change this required was merging wg_upcall and wg_peer_lookup structs into one, as well as removing the plain wg_peer_rx and replace it with wg_peer_rx_lookup. This is to simplify the interface, and comes at no cost. A p2p device can still limit itself to one peer.
* Remove unecessary references to p_local_cookieMatt Dunwoodie2019-05-011-1/+1
* Fixup buggy timeoutsMatt Dunwoodie2019-05-011-2/+3
| | | | | | This should be a more robust, and efficient way of tracking timeouts. Instead of storing the lastsent/lastrecv time and comparing them, we have flags that get toggled when receiving these packets.