xref: /dragonfly/sys/net/wg/wg_noise.h (revision 7485684f) 
1 /*-
2  * SPDX-License-Identifier: ISC
3  *
4  * Copyright (C) 2015-2021 Jason A. Donenfeld <Jason@zx2c4.com>. All Rights Reserved.
5  * Copyright (C) 2019-2021 Matt Dunwoodie <ncon@noconroy.net>
6  *
7  * Permission to use, copy, modify, and distribute this software for any
8  * purpose with or without fee is hereby granted, provided that the above
9  * copyright notice and this permission notice appear in all copies.
10  *
11  * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
12  * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
13  * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
14  * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
15  * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
16  * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
17  * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
18  */
19 
20 #ifndef _NET_WG_NOISE_H_
21 #define _NET_WG_NOISE_H_
22 
23 #ifndef _KERNEL
24 #error "This file should not be included by userland programs."
25 #endif
26 
27 #include <crypto/chachapoly.h>
28 #include <crypto/blake2/blake2s.h>
29 #include <crypto/curve25519/curve25519.h>
30 
31 #define NOISE_PUBLIC_KEY_LEN	CURVE25519_KEY_SIZE
32 #define NOISE_SYMMETRIC_KEY_LEN	CHACHA20POLY1305_KEY_SIZE
33 #define NOISE_AUTHTAG_LEN	CHACHA20POLY1305_AUTHTAG_SIZE
34 #define NOISE_HASH_LEN		BLAKE2S_HASH_SIZE
35 #define NOISE_TIMESTAMP_LEN	(sizeof(uint64_t) + sizeof(uint32_t))
36 
37 #define REJECT_AFTER_TIME	180
38 #define REKEY_TIMEOUT		5
39 #define KEEPALIVE_TIMEOUT	10
40 
41 struct noise_local;
42 struct noise_remote;
43 struct noise_keypair;
44 
45 int	noise_init(void);
46 void	noise_deinit(void);
47 
48 /* Local configuration */
49 struct noise_local *
50 	noise_local_alloc(void);
51 void	noise_local_free(struct noise_local *);
52 
53 bool	noise_local_set_private(struct noise_local *,
54 				const uint8_t[NOISE_PUBLIC_KEY_LEN]);
55 bool	noise_local_keys(struct noise_local *,
56 			 uint8_t[NOISE_PUBLIC_KEY_LEN],
57 			 uint8_t[NOISE_PUBLIC_KEY_LEN]);
58 
59 /* Remote configuration */
60 struct noise_remote *
61 	noise_remote_alloc(struct noise_local *,
62 			   const uint8_t[NOISE_PUBLIC_KEY_LEN], void *);
63 int	noise_remote_enable(struct noise_remote *);
64 void	noise_remote_disable(struct noise_remote *);
65 struct noise_remote *
66 	noise_remote_lookup(struct noise_local *,
67 			    const uint8_t[NOISE_PUBLIC_KEY_LEN]);
68 struct noise_remote *
69 	noise_remote_index(struct noise_local *, uint32_t);
70 struct noise_remote *
71 	noise_remote_ref(struct noise_remote *);
72 void	noise_remote_put(struct noise_remote *);
73 void	noise_remote_free(struct noise_remote *);
74 void *	noise_remote_arg(struct noise_remote *);
75 
76 void	noise_remote_set_psk(struct noise_remote *,
77 			     const uint8_t[NOISE_SYMMETRIC_KEY_LEN]);
78 bool	noise_remote_keys(struct noise_remote *,
79 			  uint8_t[NOISE_PUBLIC_KEY_LEN],
80 			  uint8_t[NOISE_SYMMETRIC_KEY_LEN]);
81 bool	noise_remote_initiation_expired(struct noise_remote *);
82 void	noise_remote_handshake_clear(struct noise_remote *);
83 void	noise_remote_keypairs_clear(struct noise_remote *);
84 
85 /* Keypair functions */
86 struct noise_keypair *
87 	noise_keypair_lookup(struct noise_local *, uint32_t);
88 struct noise_keypair *
89 	noise_keypair_current(struct noise_remote *);
90 struct noise_keypair *
91 	noise_keypair_ref(struct noise_keypair *);
92 void	noise_keypair_put(struct noise_keypair *);
93 struct noise_remote *
94 	noise_keypair_remote(struct noise_keypair *);
95 bool	noise_keypair_received_with(struct noise_keypair *);
96 bool	noise_keypair_should_refresh(struct noise_remote *, bool);
97 bool	noise_keypair_counter_next(struct noise_keypair *, uint64_t *);
98 int	noise_keypair_counter_check(struct noise_keypair *, uint64_t);
99 int	noise_keypair_encrypt(struct noise_keypair *, uint32_t *r_idx,
100 			      uint64_t counter, struct mbuf *);
101 int	noise_keypair_decrypt(struct noise_keypair *, uint64_t counter,
102 			      struct mbuf *);
103 
104 /* Handshake functions */
105 bool	noise_create_initiation(
106 	    struct noise_remote *,
107 	    uint32_t *s_idx,
108 	    uint8_t ue[NOISE_PUBLIC_KEY_LEN],
109 	    uint8_t es[NOISE_PUBLIC_KEY_LEN + NOISE_AUTHTAG_LEN],
110 	    uint8_t ets[NOISE_TIMESTAMP_LEN + NOISE_AUTHTAG_LEN]);
111 struct noise_remote *
112 	noise_consume_initiation(
113 	    struct noise_local *,
114 	    uint32_t s_idx,
115 	    uint8_t ue[NOISE_PUBLIC_KEY_LEN],
116 	    uint8_t es[NOISE_PUBLIC_KEY_LEN + NOISE_AUTHTAG_LEN],
117 	    uint8_t ets[NOISE_TIMESTAMP_LEN + NOISE_AUTHTAG_LEN]);
118 bool	noise_create_response(
119 	    struct noise_remote *,
120 	    uint32_t *s_idx,
121 	    uint32_t *r_idx,
122 	    uint8_t ue[NOISE_PUBLIC_KEY_LEN],
123 	    uint8_t en[0 + NOISE_AUTHTAG_LEN]);
124 struct noise_remote *
125 	noise_consume_response(
126 	    struct noise_local *,
127 	    uint32_t s_idx,
128 	    uint32_t r_idx,
129 	    uint8_t ue[NOISE_PUBLIC_KEY_LEN],
130 	    uint8_t en[0 + NOISE_AUTHTAG_LEN]);
131 
132 #ifdef WG_SELFTESTS
133 bool	noise_counter_selftest(void);
134 #endif /* WG_SELFTESTS */
135 
136 #endif /* _NET_WG_NOISE_H_ */
137