snow/wireguard-go
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

Improved timer code

Browse source
This commit is contained in:
Mathias Hall-Andersen 2017-07-27 23:45:37 +02:00
parent 47f8a3d89a
commit fb3fa4f915
6 changed files with 240 additions and 187 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
src/constants.go
View file

@ -20,6 +20,7 @@ const (
const ( const (
RekeyAfterTimeReceiving = RekeyAfterTime - KeepaliveTimeout - RekeyTimeout RekeyAfterTimeReceiving = RekeyAfterTime - KeepaliveTimeout - RekeyTimeout
NewHandshakeTime = KeepaliveTimeout + RekeyTimeout // upon failure to acknowledge transport message
) )
/* Implementation specific constants */ /* Implementation specific constants */

3
src/noise_protocol.go
View file

@ -37,6 +37,7 @@ const (
MessageCookieReplySize = 64 MessageCookieReplySize = 64
MessageTransportHeaderSize = 16 MessageTransportHeaderSize = 16
MessageTransportSize = MessageTransportHeaderSize + poly1305.TagSize // size of empty transport MessageTransportSize = MessageTransportHeaderSize + poly1305.TagSize // size of empty transport
MessageKeepaliveSize = MessageTransportSize
) )
const ( const (
@ -253,8 +254,6 @@ func (device *Device) ConsumeMessageInitiation(msg *MessageInitiation) *Peer {
} }
hash = mixHash(hash, msg.Timestamp[:]) hash = mixHash(hash, msg.Timestamp[:])
// TODO: check for flood attack
// check for replay attack // check for replay attack
return timestamp.After(handshake.lastTimestamp) return timestamp.After(handshake.lastTimestamp)

20
src/peer.go
View file

@ -40,21 +40,22 @@ type Peer struct {
stop chan struct{} // (size 0) : close to stop all goroutines for peer stop chan struct{} // (size 0) : close to stop all goroutines for peer
} }
timer struct { timer struct {
/* Both keep-alive timers acts as one (see timers.go)
* They are kept seperate to simplify the implementation.
*/
keepalivePersistent *time.Timer // set for persistent keepalives keepalivePersistent *time.Timer // set for persistent keepalives
keepalivePassive *time.Timer // set upon recieving messages keepalivePassive *time.Timer // set upon recieving messages
zeroAllKeys *time.Timer // zero all key material after RejectAfterTime*3 newHandshake *time.Timer // begin a new handshake (after Keepalive + RekeyTimeout)
zeroAllKeys *time.Timer // zero all key material (after RejectAfterTime*3)
pendingKeepalivePassive bool
pendingNewHandshake bool
pendingZeroAllKeys bool
needAnotherKeepalive bool
} }
queue struct { queue struct {
nonce chan *QueueOutboundElement // nonce / pre-handshake queue nonce chan *QueueOutboundElement // nonce / pre-handshake queue
outbound chan *QueueOutboundElement // sequential ordering of work outbound chan *QueueOutboundElement // sequential ordering of work
inbound chan *QueueInboundElement // sequential ordering of work inbound chan *QueueInboundElement // sequential ordering of work
} }
flags struct {
keepaliveWaiting int32
}
mac MACStatePeer mac MACStatePeer
} }
@ -68,12 +69,11 @@ func (device *Device) NewPeer(pk NoisePublicKey) *Peer {
peer.mac.Init(pk) peer.mac.Init(pk)
peer.device = device peer.device = device
peer.timer.keepalivePassive = NewStoppedTimer()
peer.timer.keepalivePersistent = NewStoppedTimer() peer.timer.keepalivePersistent = NewStoppedTimer()
peer.timer.keepalivePassive = NewStoppedTimer()
peer.timer.newHandshake = NewStoppedTimer()
peer.timer.zeroAllKeys = NewStoppedTimer() peer.timer.zeroAllKeys = NewStoppedTimer()
peer.flags.keepaliveWaiting = AtomicFalse
// assign id for debugging // assign id for debugging
device.mutex.Lock() device.mutex.Lock()

36
src/receive.go
View file

@ -288,6 +288,7 @@ func (device *Device) RoutineHandshake() {
logDebug := device.log.Debug logDebug := device.log.Debug
logDebug.Println("Routine, handshake routine, started for device") logDebug.Println("Routine, handshake routine, started for device")
var temp [256]byte
var elem QueueHandshakeElement var elem QueueHandshakeElement
for { for {
@ -363,6 +364,7 @@ func (device *Device) RoutineHandshake() {
) )
return return
} }
peer.TimerPacketReceived()
// update endpoint // update endpoint
@ -378,17 +380,19 @@ func (device *Device) RoutineHandshake() {
return return
} }
peer.TimerEphemeralKeyCreated()
logDebug.Println("Creating response message for", peer.String()) logDebug.Println("Creating response message for", peer.String())
outElem := device.NewOutboundElement() writer := bytes.NewBuffer(temp[:0])
writer := bytes.NewBuffer(outElem.buffer[:0])
binary.Write(writer, binary.LittleEndian, response) binary.Write(writer, binary.LittleEndian, response)
outElem.packet = writer.Bytes() packet := writer.Bytes()
peer.mac.AddMacs(outElem.packet) peer.mac.AddMacs(packet)
addToOutboundQueue(peer.queue.outbound, outElem)
// create new keypair // send response
peer.SendBuffer(packet)
peer.TimerPacketSent()
peer.NewKeyPair() peer.NewKeyPair()
case MessageResponseType: case MessageResponseType:
@ -418,12 +422,11 @@ func (device *Device) RoutineHandshake() {
) )
return return
} }
kp := peer.NewKeyPair()
if kp == nil { peer.TimerPacketReceived()
logDebug.Println("Failed to derieve key-pair") peer.TimerHandshakeComplete()
} peer.NewKeyPair()
peer.SendKeepAlive() peer.SendKeepAlive()
peer.EventHandshakeComplete()
default: default:
logError.Println("Invalid message type in handshake queue") logError.Println("Invalid message type in handshake queue")
@ -464,12 +467,8 @@ func (peer *Peer) RoutineSequentialReceiver() {
return return
} }
// time (passive) keep-alive peer.TimerPacketReceived()
peer.TimerTransportReceived()
peer.TimerStartKeepalive()
// refresh key material (rekey)
peer.KeepKeyFreshReceiving() peer.KeepKeyFreshReceiving()
// check if using new key-pair // check if using new key-pair
@ -477,7 +476,7 @@ func (peer *Peer) RoutineSequentialReceiver() {
kp := &peer.keyPairs kp := &peer.keyPairs
kp.mutex.Lock() kp.mutex.Lock()
if kp.next == elem.keyPair { if kp.next == elem.keyPair {
peer.EventHandshakeComplete() peer.TimerHandshakeComplete()
kp.previous = kp.current kp.previous = kp.current
kp.current = kp.next kp.current = kp.next
kp.next = nil kp.next = nil
@ -490,6 +489,7 @@ func (peer *Peer) RoutineSequentialReceiver() {
logDebug.Println("Received keep-alive from", peer.String()) logDebug.Println("Received keep-alive from", peer.String())
return return
} }
peer.TimerDataReceived()
// verify source and strip padding // verify source and strip padding

76
src/send.go
View file

@ -2,6 +2,7 @@ package main
import ( import (
"encoding/binary" "encoding/binary"
"errors"
"golang.org/x/crypto/chacha20poly1305" "golang.org/x/crypto/chacha20poly1305"
"golang.org/x/net/ipv4" "golang.org/x/net/ipv4"
"golang.org/x/net/ipv6" "golang.org/x/net/ipv6"
@ -51,6 +52,11 @@ func (peer *Peer) FlushNonceQueue() {
} }
} }
var (
ErrorNoEndpoint = errors.New("No known endpoint for peer")
ErrorNoConnection = errors.New("No UDP socket for device")
)
func (device *Device) NewOutboundElement() *QueueOutboundElement { func (device *Device) NewOutboundElement() *QueueOutboundElement {
return &QueueOutboundElement{ return &QueueOutboundElement{
dropped: AtomicFalse, dropped: AtomicFalse,
@ -103,6 +109,25 @@ func addToEncryptionQueue(
} }
} }
func (peer *Peer) SendBuffer(buffer []byte) (int, error) {
peer.mutex.RLock()
endpoint := peer.endpoint
peer.mutex.RUnlock()
if endpoint == nil {
return 0, ErrorNoEndpoint
}
peer.device.net.mutex.RLock()
conn := peer.device.net.conn
peer.device.net.mutex.RUnlock()
if conn == nil {
return 0, ErrorNoConnection
}
return conn.WriteToUDP(buffer, endpoint)
}
/* Reads packets from the TUN and inserts /* Reads packets from the TUN and inserts
* into nonce queue for peer * into nonce queue for peer
* *
@ -349,42 +374,27 @@ func (peer *Peer) RoutineSequentialSender() {
case elem := <-peer.queue.outbound: case elem := <-peer.queue.outbound:
elem.mutex.Lock() elem.mutex.Lock()
if elem.IsDropped() {
continue
}
func() { // send message and return buffer to pool
if elem.IsDropped() {
return
}
// get endpoint and connection
peer.mutex.RLock()
endpoint := peer.endpoint
peer.mutex.RUnlock()
if endpoint == nil {
logDebug.Println("No endpoint for", peer.String())
return
}
device.net.mutex.RLock()
conn := device.net.conn
device.net.mutex.RUnlock()
if conn == nil {
logDebug.Println("No source for device")
return
}
// send message and refresh keys
_, err := conn.WriteToUDP(elem.packet, endpoint)
if err != nil {
return
}
atomic.AddUint64(&peer.stats.txBytes, uint64(len(elem.packet)))
peer.TimerResetKeepalive()
}()
length := uint64(len(elem.packet))
_, err := peer.SendBuffer(elem.packet)
device.PutMessageBuffer(elem.buffer) device.PutMessageBuffer(elem.buffer)
if err != nil {
continue
}
atomic.AddUint64(&peer.stats.txBytes, length)
// update timers
peer.TimerPacketSent()
if len(elem.packet) != MessageKeepaliveSize {
peer.TimerDataSent()
}
peer.KeepKeyFreshSending()
} }
} }
} }

291
src/timers.go
View file

@ -44,21 +44,6 @@ func (peer *Peer) KeepKeyFreshReceiving() {
} }
} }
/* Called after succesfully completing a handshake.
* i.e. after:
* - Valid handshake response
* - First transport message under the "next" key
*/
func (peer *Peer) EventHandshakeComplete() {
peer.device.log.Info.Println("Negotiated new handshake for", peer.String())
peer.timer.zeroAllKeys.Reset(RejectAfterTime * 3)
atomic.StoreInt64(
&peer.stats.lastHandshakeNano,
time.Now().UnixNano(),
)
signalSend(peer.signal.handshakeCompleted)
}
/* Queues a keep-alive if no packets are queued for peer /* Queues a keep-alive if no packets are queued for peer
*/ */
func (peer *Peer) SendKeepAlive() bool { func (peer *Peer) SendKeepAlive() bool {
@ -75,69 +60,89 @@ func (peer *Peer) SendKeepAlive() bool {
return true return true
} }
/* Starts the "keep-alive" timer /* Authenticated data packet send
* (if not already running), * Always called together with peer.EventPacketSend
* in response to incomming messages *
* - Start new handshake timer
*/ */
func (peer *Peer) TimerStartKeepalive() { func (peer *Peer) TimerDataSent() {
timerStop(peer.timer.keepalivePassive)
if !peer.timer.pendingNewHandshake {
peer.timer.pendingNewHandshake = true
peer.timer.newHandshake.Reset(NewHandshakeTime)
}
}
// check if acknowledgement timer set yet /* Event:
* Received non-empty (authenticated) transport message
var waiting int32 = AtomicTrue *
waiting = atomic.SwapInt32(&peer.flags.keepaliveWaiting, waiting) * - Start passive keep-alive timer
if waiting == AtomicTrue { */
func (peer *Peer) TimerDataReceived() {
if peer.timer.pendingKeepalivePassive {
peer.timer.needAnotherKeepalive = true
return return
} }
peer.timer.pendingKeepalivePassive = false
peer.timer.keepalivePassive.Reset(KeepaliveTimeout)
}
// timer not yet set, start it /* Event:
* Any (authenticated) transport message received
* (keep-alive or data)
*/
func (peer *Peer) TimerTransportReceived() {
timerStop(peer.timer.newHandshake)
}
wait := KeepaliveTimeout /* Event:
* Any packet send to the peer.
*/
func (peer *Peer) TimerPacketSent() {
interval := atomic.LoadUint64(&peer.persistentKeepaliveInterval) interval := atomic.LoadUint64(&peer.persistentKeepaliveInterval)
if interval > 0 { if interval > 0 {
duration := time.Duration(interval) * time.Second duration := time.Duration(interval) * time.Second
if duration < wait { peer.timer.keepalivePersistent.Reset(duration)
wait = duration
}
} }
} }
/* Resets both keep-alive timers /* Event:
* Any authenticated packet received from peer
*/ */
func (peer *Peer) TimerResetKeepalive() { func (peer *Peer) TimerPacketReceived() {
peer.TimerPacketSent()
// reset persistent timer
interval := atomic.LoadUint64(&peer.persistentKeepaliveInterval)
if interval > 0 {
peer.timer.keepalivePersistent.Reset(
time.Duration(interval) * time.Second,
)
}
// stop acknowledgement timer
timerStop(peer.timer.keepalivePassive)
atomic.StoreInt32(&peer.flags.keepaliveWaiting, AtomicFalse)
} }
func (peer *Peer) BeginHandshakeInitiation() (*QueueOutboundElement, error) { /* Called after succesfully completing a handshake.
* i.e. after:
*
* - Valid handshake response
* - First transport message under the "next" key
*/
func (peer *Peer) TimerHandshakeComplete() {
timerStop(peer.timer.zeroAllKeys)
atomic.StoreInt64(
&peer.stats.lastHandshakeNano,
time.Now().UnixNano(),
)
signalSend(peer.signal.handshakeCompleted)
peer.device.log.Info.Println("Negotiated new handshake for", peer.String())
}
// create initiation /* Called whenever an ephemeral key is generated
* i.e after:
elem := peer.device.NewOutboundElement() *
msg, err := peer.device.CreateMessageInitiation(peer) * CreateMessageInitiation
if err != nil { * CreateMessageResponse
return nil, err *
* Schedules the deletion of all key material
* upon failure to complete a handshake
*/
func (peer *Peer) TimerEphemeralKeyCreated() {
if !peer.timer.pendingZeroAllKeys {
peer.timer.pendingZeroAllKeys = true
peer.timer.zeroAllKeys.Reset(RejectAfterTime * 3)
} }
// marshal & schedule for sending
writer := bytes.NewBuffer(elem.buffer[:0])
binary.Write(writer, binary.LittleEndian, msg)
elem.packet = writer.Bytes()
peer.mac.AddMacs(elem.packet)
addToOutboundQueue(peer.queue.outbound, elem)
return elem, err
} }
func (peer *Peer) RoutineTimerHandler() { func (peer *Peer) RoutineTimerHandler() {
@ -157,17 +162,30 @@ func (peer *Peer) RoutineTimerHandler() {
case <-peer.timer.keepalivePersistent.C: case <-peer.timer.keepalivePersistent.C:
logDebug.Println("Sending persistent keep-alive to", peer.String()) interval := atomic.LoadUint64(&peer.persistentKeepaliveInterval)
if interval > 0 {
peer.SendKeepAlive() logDebug.Println("Sending persistent keep-alive to", peer.String())
peer.TimerResetKeepalive() peer.SendKeepAlive()
}
case <-peer.timer.keepalivePassive.C: case <-peer.timer.keepalivePassive.C:
logDebug.Println("Sending passive persistent keep-alive to", peer.String()) logDebug.Println("Sending passive keep-alive to", peer.String())
peer.SendKeepAlive() peer.SendKeepAlive()
peer.TimerResetKeepalive()
if peer.timer.needAnotherKeepalive {
peer.timer.keepalivePassive.Reset(KeepaliveTimeout)
peer.timer.needAnotherKeepalive = true
}
// unresponsive session
case <-peer.timer.newHandshake.C:
logDebug.Println("Retrying handshake with", peer.String(), "due to lack of reply")
signalSend(peer.signal.handshakeBegin)
// clear key material // clear key material
@ -175,13 +193,15 @@ func (peer *Peer) RoutineTimerHandler() {
logDebug.Println("Clearing all key material for", peer.String()) logDebug.Println("Clearing all key material for", peer.String())
kp := &peer.keyPairs
kp.mutex.Lock()
hs := &peer.handshake hs := &peer.handshake
hs.mutex.Lock() hs.mutex.Lock()
// unmap local indecies kp := &peer.keyPairs
kp.mutex.Lock()
peer.timer.pendingZeroAllKeys = false
// unmap indecies
indices.mutex.Lock() indices.mutex.Lock()
if kp.previous != nil { if kp.previous != nil {
@ -224,80 +244,103 @@ func (peer *Peer) RoutineTimerHandler() {
func (peer *Peer) RoutineHandshakeInitiator() { func (peer *Peer) RoutineHandshakeInitiator() {
device := peer.device device := peer.device
var elem *QueueOutboundElement
logInfo := device.log.Info logInfo := device.log.Info
logError := device.log.Error logError := device.log.Error
logDebug := device.log.Debug logDebug := device.log.Debug
logDebug.Println("Routine, handshake initator, started for", peer.String()) logDebug.Println("Routine, handshake initator, started for", peer.String())
var temp [256]byte
for { for {
// wait for signal // wait for signal
select { select {
case <-peer.signal.handshakeBegin: case <-peer.signal.handshakeBegin:
signalSend(peer.signal.handshakeBegin)
case <-peer.signal.stop: case <-peer.signal.stop:
return return
} }
// wait for handshake // wait for handshake
func() { deadline := time.Now().Add(MaxHandshakeAttemptTime)
var err error
var deadline time.Time
for attempts := uint(1); ; attempts++ {
// clear completed signal Loop:
for attempts := uint(1); ; attempts++ {
select { // clear completed signal
case <-peer.signal.handshakeCompleted:
case <-peer.signal.stop:
return
default:
}
// create initiation select {
case <-peer.signal.handshakeCompleted:
if elem != nil { case <-peer.signal.stop:
elem.Drop() return
} default:
elem, err = peer.BeginHandshakeInitiation()
if err != nil {
logError.Println("Failed to create initiation message", err, "for", peer.String())
return
}
// set timeout
if attempts == 1 {
deadline = time.Now().Add(MaxHandshakeAttemptTime)
}
timeout := time.NewTimer(RekeyTimeout)
logDebug.Println("Handshake initiation attempt", attempts, "queued for", peer.String())
// wait for handshake or timeout
select {
case <-peer.signal.stop:
return
case <-peer.signal.handshakeCompleted:
<-timeout.C
return
case <-timeout.C:
if deadline.Before(time.Now().Add(RekeyTimeout)) {
logInfo.Println("Handshake negotiation timed out for", peer.String())
signalSend(peer.signal.flushNonceQueue)
timerStop(peer.timer.keepalivePersistent)
timerStop(peer.timer.keepalivePassive)
return
}
}
} }
}()
// check if sufficient time for retry
if deadline.Before(time.Now().Add(RekeyTimeout)) {
logInfo.Println("Handshake negotiation timed out for", peer.String())
signalSend(peer.signal.flushNonceQueue)
timerStop(peer.timer.keepalivePersistent)
timerStop(peer.timer.keepalivePassive)
break Loop
}
// create initiation message
msg, err := peer.device.CreateMessageInitiation(peer)
if err != nil {
logError.Println("Failed to create handshake initiation message:", err)
break Loop
}
peer.TimerEphemeralKeyCreated()
// marshal and send
writer := bytes.NewBuffer(temp[:0])
binary.Write(writer, binary.LittleEndian, msg)
packet := writer.Bytes()
peer.mac.AddMacs(packet)
peer.TimerPacketSent()
_, err = peer.SendBuffer(packet)
if err != nil {
logError.Println(
"Failed to send handshake initiation message to",
peer.String(), ":", err,
)
continue
}
// set timeout
timeout := time.NewTimer(RekeyTimeout)
logDebug.Println(
"Handshake initiation attempt",
attempts, "sent to", peer.String(),
)
// wait for handshake or timeout
select {
case <-peer.signal.stop:
return
case <-peer.signal.handshakeCompleted:
<-timeout.C
break Loop
case <-timeout.C:
continue
}
}
// allow new signal to be set
signalClear(peer.signal.handshakeBegin) signalClear(peer.signal.handshakeBegin)
} }