1
0
mirror of https://git.zx2c4.com/wireguard-go synced 2024-11-15 01:05:15 +01:00
wireguard-go/receive.go

698 lines
14 KiB
Go
Raw Normal View History

/* SPDX-License-Identifier: GPL-2.0
*
* Copyright (C) 2017-2018 Jason A. Donenfeld <Jason@zx2c4.com>. All Rights Reserved.
*/
2017-07-01 23:29:22 +02:00
package main
import (
"bytes"
"encoding/binary"
"golang.org/x/crypto/chacha20poly1305"
"golang.org/x/net/ipv4"
"golang.org/x/net/ipv6"
2017-07-01 23:29:22 +02:00
"net"
"strconv"
2017-07-01 23:29:22 +02:00
"sync"
"sync/atomic"
"time"
)
type QueueHandshakeElement struct {
msgType uint32
packet []byte
endpoint Endpoint
buffer *[MaxMessageSize]byte
2017-07-01 23:29:22 +02:00
}
type QueueInboundElement struct {
2017-11-14 16:27:53 +01:00
dropped int32
mutex sync.Mutex
buffer *[MaxMessageSize]byte
packet []byte
counter uint64
2018-05-13 18:23:40 +02:00
keypair *Keypair
2017-11-14 16:27:53 +01:00
endpoint Endpoint
2017-07-01 23:29:22 +02:00
}
func (elem *QueueInboundElement) Drop() {
2017-07-08 23:51:26 +02:00
atomic.StoreInt32(&elem.dropped, AtomicTrue)
}
func (elem *QueueInboundElement) IsDropped() bool {
2017-07-08 23:51:26 +02:00
return atomic.LoadInt32(&elem.dropped) == AtomicTrue
}
func (device *Device) addToInboundQueue(
queue chan *QueueInboundElement,
element *QueueInboundElement,
) {
for {
select {
case queue <- element:
return
default:
select {
case old := <-queue:
old.Drop()
default:
}
}
}
2017-07-01 23:29:22 +02:00
}
2017-08-25 14:53:23 +02:00
func (device *Device) addToDecryptionQueue(
queue chan *QueueInboundElement,
element *QueueInboundElement,
) {
for {
select {
case queue <- element:
return
default:
select {
case old := <-queue:
// drop & release to potential consumer
old.Drop()
old.mutex.Unlock()
default:
}
}
}
}
func (device *Device) addToHandshakeQueue(
2017-07-07 13:47:09 +02:00
queue chan QueueHandshakeElement,
element QueueHandshakeElement,
) {
for {
select {
case queue <- element:
return
default:
select {
case elem := <-queue:
device.PutMessageBuffer(elem.buffer)
2017-07-07 13:47:09 +02:00
default:
}
}
}
}
/* Called when a new authenticated message has been received
*
* NOTE: Not thread safe, but called by sequential receiver!
*/
func (peer *Peer) keepKeyFreshReceiving() {
if peer.timers.sentLastMinuteHandshake {
return
}
2018-05-13 18:23:40 +02:00
kp := peer.keypairs.Current()
if kp != nil && kp.isInitiator && time.Now().Sub(kp.created) > (RejectAfterTime-KeepaliveTimeout-RekeyTimeout) {
peer.timers.sentLastMinuteHandshake = true
peer.SendHandshakeInitiation(false)
}
}
2017-12-01 23:37:26 +01:00
/* Receives incoming datagrams for the device
*
* Every time the bind is updated a new routine is started for
* IPv4 and IPv6 (separately)
*/
func (device *Device) RoutineReceiveIncoming(IP int, bind Bind) {
2017-07-01 23:29:22 +02:00
2017-07-08 09:23:10 +02:00
logDebug := device.log.Debug
defer func() {
logDebug.Println("Routine: receive incoming IPv" + strconv.Itoa(IP) + " - stopped")
}()
logDebug.Println("Routine: receive incoming IPv" + strconv.Itoa(IP) + " - starting")
2017-07-01 23:29:22 +02:00
2017-12-01 00:03:06 +01:00
// receive datagrams until conn is closed
2017-07-01 23:29:22 +02:00
2017-12-01 00:03:06 +01:00
buffer := device.GetMessageBuffer()
2017-07-01 23:29:22 +02:00
2017-12-01 00:03:06 +01:00
var (
err error
size int
endpoint Endpoint
)
2017-12-01 00:03:06 +01:00
for {
2017-07-01 23:29:22 +02:00
2017-12-01 00:03:06 +01:00
// read next datagram
2017-07-01 23:29:22 +02:00
2017-12-01 00:03:06 +01:00
switch IP {
case ipv4.Version:
size, endpoint, err = bind.ReceiveIPv4(buffer[:])
case ipv6.Version:
size, endpoint, err = bind.ReceiveIPv6(buffer[:])
default:
panic("invalid IP version")
2017-12-01 00:03:06 +01:00
}
2017-08-04 16:15:53 +02:00
2017-12-01 00:03:06 +01:00
if err != nil {
return
}
2017-07-01 23:29:22 +02:00
2017-12-01 00:03:06 +01:00
if size < MinMessageSize {
continue
}
2017-07-01 23:29:22 +02:00
2017-12-01 00:03:06 +01:00
// check size of packet
2017-07-01 23:29:22 +02:00
2017-12-01 00:03:06 +01:00
packet := buffer[:size]
msgType := binary.LittleEndian.Uint32(packet[:4])
2017-08-04 16:15:53 +02:00
2017-12-01 00:03:06 +01:00
var okay bool
2017-07-01 23:29:22 +02:00
2017-12-01 00:03:06 +01:00
switch msgType {
2017-07-01 23:29:22 +02:00
2017-12-01 00:03:06 +01:00
// check if transport
2017-07-01 23:29:22 +02:00
2017-12-01 00:03:06 +01:00
case MessageTransportType:
2017-07-01 23:29:22 +02:00
2017-12-01 00:03:06 +01:00
// check size
2017-07-01 23:29:22 +02:00
2017-12-01 00:03:06 +01:00
if len(packet) < MessageTransportType {
continue
}
2017-07-01 23:29:22 +02:00
2017-12-01 00:03:06 +01:00
// lookup key pair
2017-12-01 00:03:06 +01:00
receiver := binary.LittleEndian.Uint32(
packet[MessageTransportOffsetReceiver:MessageTransportOffsetCounter],
)
2018-05-13 18:23:40 +02:00
value := device.indexTable.Lookup(receiver)
keypair := value.keypair
if keypair == nil {
2017-12-01 00:03:06 +01:00
continue
}
2017-07-01 23:29:22 +02:00
2018-05-13 19:50:58 +02:00
// check keypair expiry
2017-07-01 23:29:22 +02:00
2018-05-13 18:23:40 +02:00
if keypair.created.Add(RejectAfterTime).Before(time.Now()) {
2017-12-01 00:03:06 +01:00
continue
}
2017-07-01 23:29:22 +02:00
2017-12-01 00:03:06 +01:00
// create work element
2017-07-01 23:29:22 +02:00
2017-12-01 00:03:06 +01:00
peer := value.peer
elem := &QueueInboundElement{
packet: packet,
buffer: buffer,
2018-05-13 18:23:40 +02:00
keypair: keypair,
2017-12-01 00:03:06 +01:00
dropped: AtomicFalse,
endpoint: endpoint,
}
elem.mutex.Lock()
2017-07-01 23:29:22 +02:00
2017-12-01 00:03:06 +01:00
// add to decryption queues
if peer.isRunning.Get() {
device.addToDecryptionQueue(device.queue.decryption, elem)
device.addToInboundQueue(peer.queue.inbound, elem)
buffer = device.GetMessageBuffer()
}
2017-12-01 23:37:26 +01:00
2017-12-01 00:03:06 +01:00
continue
2017-07-01 23:29:22 +02:00
2017-12-01 00:03:06 +01:00
// otherwise it is a fixed size & handshake related packet
2017-12-01 00:03:06 +01:00
case MessageInitiationType:
okay = len(packet) == MessageInitiationSize
2017-12-01 00:03:06 +01:00
case MessageResponseType:
okay = len(packet) == MessageResponseSize
2017-12-01 00:03:06 +01:00
case MessageCookieReplyType:
okay = len(packet) == MessageCookieReplySize
default:
logDebug.Println("Received message with unknown type")
2017-12-01 00:03:06 +01:00
}
2017-12-01 00:03:06 +01:00
if okay {
device.addToHandshakeQueue(
device.queue.handshake,
QueueHandshakeElement{
msgType: msgType,
buffer: buffer,
packet: packet,
endpoint: endpoint,
},
)
buffer = device.GetMessageBuffer()
}
2017-07-01 23:29:22 +02:00
}
}
func (device *Device) RoutineDecryption() {
2017-07-01 23:29:22 +02:00
var nonce [chacha20poly1305.NonceSize]byte
logDebug := device.log.Debug
defer func() {
logDebug.Println("Routine: decryption worker - stopped")
device.state.stopping.Done()
}()
logDebug.Println("Routine: decryption worker - started")
2017-07-01 23:29:22 +02:00
for {
select {
case <-device.signals.stop:
2017-07-01 23:29:22 +02:00
return
case elem, ok := <-device.queue.decryption:
if !ok {
return
}
2017-07-01 23:29:22 +02:00
// check if dropped
2017-07-01 23:29:22 +02:00
if elem.IsDropped() {
continue
}
// split message into fields
counter := elem.packet[MessageTransportOffsetCounter:MessageTransportOffsetContent]
content := elem.packet[MessageTransportOffsetContent:]
// expand nonce
nonce[0x4] = counter[0x0]
nonce[0x5] = counter[0x1]
nonce[0x6] = counter[0x2]
nonce[0x7] = counter[0x3]
nonce[0x8] = counter[0x4]
nonce[0x9] = counter[0x5]
nonce[0xa] = counter[0x6]
nonce[0xb] = counter[0x7]
// decrypt and release to consumer
var err error
elem.counter = binary.LittleEndian.Uint64(counter)
2018-05-13 18:23:40 +02:00
elem.packet, err = elem.keypair.receive.Open(
content[:0],
nonce[:],
content,
nil,
)
if err != nil {
2017-09-01 14:21:53 +02:00
elem.Drop()
}
elem.mutex.Unlock()
2017-07-01 23:29:22 +02:00
}
}
}
2017-12-01 23:37:26 +01:00
/* Handles incoming packets related to handshake
2017-07-01 23:29:22 +02:00
*/
func (device *Device) RoutineHandshake() {
logInfo := device.log.Info
logError := device.log.Error
logDebug := device.log.Debug
defer func() {
logDebug.Println("Routine: handshake worker - stopped")
device.state.stopping.Done()
}()
logDebug.Println("Routine: handshake worker - started")
2017-07-01 23:29:22 +02:00
2017-08-25 14:53:23 +02:00
var temp [MessageHandshakeSize]byte
2017-07-01 23:29:22 +02:00
var elem QueueHandshakeElement
var ok bool
2017-07-01 23:29:22 +02:00
for {
select {
case elem, ok = <-device.queue.handshake:
case <-device.signals.stop:
2017-07-01 23:29:22 +02:00
return
}
if !ok {
return
}
// handle cookie fields and ratelimiting
2017-07-01 23:29:22 +02:00
switch elem.msgType {
2017-07-08 09:23:10 +02:00
case MessageCookieReplyType:
2017-08-14 17:09:25 +02:00
// unmarshal packet
var reply MessageCookieReply
reader := bytes.NewReader(elem.packet)
err := binary.Read(reader, binary.LittleEndian, &reply)
if err != nil {
logDebug.Println("Failed to decode cookie reply")
2017-07-08 09:23:10 +02:00
return
}
2017-08-14 17:09:25 +02:00
// lookup peer from index
2017-08-14 17:09:25 +02:00
2018-05-13 18:23:40 +02:00
entry := device.indexTable.Lookup(reply.Receiver)
2017-08-14 17:09:25 +02:00
if entry.peer == nil {
2018-01-16 14:57:12 +01:00
continue
2017-08-14 17:09:25 +02:00
}
// consume reply
if peer := entry.peer; peer.isRunning.Get() {
peer.mac.ConsumeReply(&reply)
}
continue
2017-07-08 09:23:10 +02:00
case MessageInitiationType, MessageResponseType:
2017-07-08 09:23:10 +02:00
// check mac fields and ratelimit
2017-07-08 09:23:10 +02:00
if !device.mac.CheckMAC1(elem.packet) {
logDebug.Println("Received packet with invalid mac1")
2018-01-16 14:57:12 +01:00
continue
2017-07-08 09:23:10 +02:00
}
// endpoints destination address is the source of the datagram
srcBytes := elem.endpoint.DstToBytes()
if device.IsUnderLoad() {
2017-10-08 22:03:32 +02:00
// verify MAC2 field
if !device.mac.CheckMAC2(elem.packet, srcBytes) {
// construct cookie reply
logDebug.Println(
"Sending cookie reply to:",
elem.endpoint.DstToString(),
)
sender := binary.LittleEndian.Uint32(elem.packet[4:8])
2017-10-08 22:03:32 +02:00
reply, err := device.mac.CreateReply(elem.packet, sender, srcBytes)
if err != nil {
logError.Println("Failed to create cookie reply:", err)
2018-01-16 14:57:12 +01:00
continue
}
2017-08-14 17:09:25 +02:00
// marshal and send reply
writer := bytes.NewBuffer(temp[:0])
binary.Write(writer, binary.LittleEndian, reply)
device.net.bind.Send(writer.Bytes(), elem.endpoint)
if err != nil {
logDebug.Println("Failed to send cookie reply:", err)
}
continue
}
2017-10-08 22:03:32 +02:00
// check ratelimiter
if !device.rate.limiter.Allow(elem.endpoint.DstIP()) {
continue
}
}
default:
logError.Println("Invalid packet ended up in the handshake queue")
continue
}
2017-07-08 09:23:10 +02:00
2017-12-01 23:37:26 +01:00
// handle handshake initiation/response content
2017-07-01 23:29:22 +02:00
switch elem.msgType {
case MessageInitiationType:
2017-07-01 23:29:22 +02:00
// unmarshal
2017-07-01 23:29:22 +02:00
var msg MessageInitiation
reader := bytes.NewReader(elem.packet)
err := binary.Read(reader, binary.LittleEndian, &msg)
if err != nil {
logError.Println("Failed to decode initiation message")
continue
}
2017-07-01 23:29:22 +02:00
// consume initiation
2017-07-01 23:29:22 +02:00
peer := device.ConsumeMessageInitiation(&msg)
if peer == nil {
logInfo.Println(
2017-12-01 23:37:26 +01:00
"Received invalid initiation message from",
elem.endpoint.DstToString(),
)
continue
}
2017-08-04 16:15:53 +02:00
// update timers
2017-08-04 16:15:53 +02:00
peer.timersAnyAuthenticatedPacketTraversal()
peer.timersAnyAuthenticatedPacketReceived()
2017-07-07 13:47:09 +02:00
// update endpoint
peer.mutex.Lock()
peer.endpoint = elem.endpoint
peer.mutex.Unlock()
logDebug.Println(peer, ": Received handshake initiation")
2018-04-20 07:13:40 +02:00
// create response
2017-07-07 13:47:09 +02:00
response, err := device.CreateMessageResponse(peer)
if err != nil {
logError.Println("Failed to create response message:", err)
continue
}
2017-07-08 09:23:10 +02:00
2018-05-13 19:50:58 +02:00
if peer.DeriveNewKeypair() != nil {
continue
}
2017-07-27 23:45:37 +02:00
logDebug.Println(peer, ": Sending handshake response")
2017-07-10 17:20:43 +02:00
writer := bytes.NewBuffer(temp[:0])
binary.Write(writer, binary.LittleEndian, response)
packet := writer.Bytes()
peer.mac.AddMacs(packet)
2017-07-01 23:29:22 +02:00
// send response
peer.timers.lastSentHandshake = time.Now()
err = peer.SendBuffer(packet)
if err == nil {
peer.timersAnyAuthenticatedPacketTraversal()
2017-11-11 23:26:44 +01:00
} else {
logError.Println(peer, ": Failed to send handshake response", err)
}
case MessageResponseType:
2017-07-01 23:29:22 +02:00
// unmarshal
2017-07-01 23:29:22 +02:00
var msg MessageResponse
reader := bytes.NewReader(elem.packet)
err := binary.Read(reader, binary.LittleEndian, &msg)
if err != nil {
logError.Println("Failed to decode response message")
continue
}
2017-07-01 23:29:22 +02:00
// consume response
2017-07-01 23:29:22 +02:00
peer := device.ConsumeMessageResponse(&msg)
if peer == nil {
logInfo.Println(
"Recieved invalid response message from",
elem.endpoint.DstToString(),
)
continue
}
2017-07-27 23:45:37 +02:00
2017-11-14 16:27:53 +01:00
// update endpoint
peer.mutex.Lock()
peer.endpoint = elem.endpoint
2017-11-14 16:27:53 +01:00
peer.mutex.Unlock()
logDebug.Println(peer, ": Received handshake response")
// update timers
2017-08-04 16:15:53 +02:00
peer.timersAnyAuthenticatedPacketTraversal()
peer.timersAnyAuthenticatedPacketReceived()
2017-08-04 16:15:53 +02:00
2018-05-13 19:50:58 +02:00
// derive keypair
2017-07-01 23:29:22 +02:00
2018-05-13 19:50:58 +02:00
if peer.DeriveNewKeypair() != nil {
continue
}
peer.timersHandshakeComplete()
peer.SendKeepalive()
select {
case peer.signals.newKeypairArrived <- struct{}{}:
default:
}
}
2017-07-01 23:29:22 +02:00
}
}
func (peer *Peer) RoutineSequentialReceiver() {
device := peer.device
logInfo := device.log.Info
logError := device.log.Error
2017-07-01 23:29:22 +02:00
logDebug := device.log.Debug
2018-02-04 19:18:44 +01:00
defer func() {
logDebug.Println(peer, ": Routine: sequential receiver - stopped")
peer.routines.stopping.Done()
2018-02-04 19:18:44 +01:00
}()
logDebug.Println(peer, ": Routine: sequential receiver - started")
peer.routines.starting.Done()
2017-07-01 23:29:22 +02:00
for {
select {
2017-11-30 23:22:40 +01:00
case <-peer.routines.stop:
2017-07-01 23:29:22 +02:00
return
case elem, ok := <-peer.queue.inbound:
if !ok {
return
}
2017-07-07 13:47:09 +02:00
// wait for decryption
elem.mutex.Lock()
if elem.IsDropped() {
continue
}
2017-07-10 12:09:19 +02:00
// check for replay
2017-07-08 23:51:26 +02:00
2018-05-13 18:23:40 +02:00
if !elem.keypair.replayFilter.ValidateCounter(elem.counter) {
continue
}
2017-07-08 23:51:26 +02:00
// update endpoint
peer.mutex.Lock()
peer.endpoint = elem.endpoint
peer.mutex.Unlock()
2017-07-01 23:29:22 +02:00
2018-05-13 19:50:58 +02:00
// check if using new keypair
if peer.ReceivedWithKeypair(elem.keypair) {
peer.timersHandshakeComplete()
select {
case peer.signals.newKeypairArrived <- struct{}{}:
default:
}
2017-09-01 14:21:53 +02:00
}
2017-07-01 23:29:22 +02:00
peer.keepKeyFreshReceiving()
peer.timersAnyAuthenticatedPacketTraversal()
peer.timersAnyAuthenticatedPacketReceived()
2017-11-14 16:27:53 +01:00
// check for keepalive
2017-07-01 23:29:22 +02:00
if len(elem.packet) == 0 {
logDebug.Println(peer, ": Receiving keepalive packet")
continue
}
peer.timersDataReceived()
2017-07-08 09:23:10 +02:00
// verify source and strip padding
2017-07-08 09:23:10 +02:00
switch elem.packet[0] >> 4 {
case ipv4.Version:
2017-07-08 09:23:10 +02:00
// strip padding
2017-07-07 13:47:09 +02:00
if len(elem.packet) < ipv4.HeaderLen {
continue
}
2017-07-08 09:23:10 +02:00
field := elem.packet[IPv4offsetTotalLength : IPv4offsetTotalLength+2]
length := binary.BigEndian.Uint16(field)
if int(length) > len(elem.packet) || int(length) < ipv4.HeaderLen {
continue
}
2017-07-08 09:23:10 +02:00
elem.packet = elem.packet[:length]
2017-07-08 09:23:10 +02:00
// verify IPv4 source
2017-07-08 09:23:10 +02:00
src := elem.packet[IPv4offsetSrc : IPv4offsetSrc+net.IPv4len]
if device.routing.table.LookupIPv4(src) != peer {
logInfo.Println(
2017-12-01 23:37:26 +01:00
"IPv4 packet with disallowed source address from",
peer,
)
continue
}
2017-07-08 09:23:10 +02:00
case ipv6.Version:
2017-07-07 13:47:09 +02:00
// strip padding
2017-07-08 09:23:10 +02:00
if len(elem.packet) < ipv6.HeaderLen {
continue
}
2017-07-08 09:23:10 +02:00
field := elem.packet[IPv6offsetPayloadLength : IPv6offsetPayloadLength+2]
length := binary.BigEndian.Uint16(field)
length += ipv6.HeaderLen
if int(length) > len(elem.packet) {
continue
}
2017-07-08 09:23:10 +02:00
elem.packet = elem.packet[:length]
2017-08-04 16:15:53 +02:00
// verify IPv6 source
src := elem.packet[IPv6offsetSrc : IPv6offsetSrc+net.IPv6len]
if device.routing.table.LookupIPv6(src) != peer {
logInfo.Println(
peer,
"sent packet with disallowed IPv6 source",
)
continue
}
2017-07-01 23:29:22 +02:00
default:
logInfo.Println("Packet with invalid IP version from", peer)
continue
}
// write to tun device
offset := MessageTransportOffsetContent
atomic.AddUint64(&peer.stats.rxBytes, uint64(len(elem.packet)))
_, err := device.tun.device.Write(
elem.buffer[:offset+len(elem.packet)],
offset)
device.PutMessageBuffer(elem.buffer)
if err != nil {
logError.Println("Failed to write packet to TUN device:", err)
}
2017-07-01 23:29:22 +02:00
}
}
}