xref: /dflybsd-src/sys/net/wg/wg_noise.h (revision 41fc5cd7cb344bd75d6e057cabea692f7f95102c) 
1a364ee04SAaron LI /*-
2a364ee04SAaron LI  * SPDX-License-Identifier: ISC
3a6bca3d2SAaron LI  *
4a6bca3d2SAaron LI  * Copyright (C) 2015-2021 Jason A. Donenfeld <Jason@zx2c4.com>. All Rights Reserved.
5a6bca3d2SAaron LI  * Copyright (C) 2019-2021 Matt Dunwoodie <ncon@noconroy.net>
6a364ee04SAaron LI  *
7a364ee04SAaron LI  * Permission to use, copy, modify, and distribute this software for any
8a364ee04SAaron LI  * purpose with or without fee is hereby granted, provided that the above
9a364ee04SAaron LI  * copyright notice and this permission notice appear in all copies.
10a364ee04SAaron LI  *
11a364ee04SAaron LI  * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
12a364ee04SAaron LI  * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
13a364ee04SAaron LI  * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
14a364ee04SAaron LI  * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
15a364ee04SAaron LI  * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
16a364ee04SAaron LI  * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
17a364ee04SAaron LI  * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
18a6bca3d2SAaron LI  */
19a6bca3d2SAaron LI 
20a364ee04SAaron LI #ifndef _NET_WG_NOISE_H_
21a364ee04SAaron LI #define _NET_WG_NOISE_H_
22a6bca3d2SAaron LI 
235aabec17SAaron LI #ifndef _KERNEL
245aabec17SAaron LI #error "This file should not be included by userland programs."
255aabec17SAaron LI #endif
265aabec17SAaron LI 
27d94868ddSAaron LI #include <crypto/chachapoly.h>
28d94868ddSAaron LI #include <crypto/blake2/blake2s.h>
29d94868ddSAaron LI #include <crypto/curve25519/curve25519.h>
30d94868ddSAaron LI 
31a6bca3d2SAaron LI #define NOISE_PUBLIC_KEY_LEN	CURVE25519_KEY_SIZE
32a6bca3d2SAaron LI #define NOISE_SYMMETRIC_KEY_LEN	CHACHA20POLY1305_KEY_SIZE
33a6bca3d2SAaron LI #define NOISE_AUTHTAG_LEN	CHACHA20POLY1305_AUTHTAG_SIZE
34a6bca3d2SAaron LI #define NOISE_HASH_LEN		BLAKE2S_HASH_SIZE
35a7f975c0SAaron LI #define NOISE_TIMESTAMP_LEN	(sizeof(uint64_t) + sizeof(uint32_t))
36a6bca3d2SAaron LI 
37a6bca3d2SAaron LI #define REJECT_AFTER_TIME	180
38a6bca3d2SAaron LI #define REKEY_TIMEOUT		5
39a6bca3d2SAaron LI #define KEEPALIVE_TIMEOUT	10
40a6bca3d2SAaron LI 
41a6bca3d2SAaron LI struct noise_local;
42a6bca3d2SAaron LI struct noise_remote;
43a6bca3d2SAaron LI struct noise_keypair;
44a6bca3d2SAaron LI 
45*41fc5cd7SAaron LI int	noise_init(void);
46*41fc5cd7SAaron LI void	noise_deinit(void);
47*41fc5cd7SAaron LI 
48a6bca3d2SAaron LI /* Local configuration */
49a6bca3d2SAaron LI struct noise_local *
5029a085f5SAaron LI 	noise_local_alloc(void);
5129a085f5SAaron LI void	noise_local_free(struct noise_local *);
52a6bca3d2SAaron LI 
53682f87c9SAaron LI bool	noise_local_set_private(struct noise_local *,
54a6bca3d2SAaron LI 				const uint8_t[NOISE_PUBLIC_KEY_LEN]);
55682f87c9SAaron LI bool	noise_local_keys(struct noise_local *,
56a6bca3d2SAaron LI 			 uint8_t[NOISE_PUBLIC_KEY_LEN],
57a6bca3d2SAaron LI 			 uint8_t[NOISE_PUBLIC_KEY_LEN]);
58a6bca3d2SAaron LI 
59a6bca3d2SAaron LI /* Remote configuration */
60a6bca3d2SAaron LI struct noise_remote *
61a7f975c0SAaron LI 	noise_remote_alloc(struct noise_local *,
62a7f975c0SAaron LI 			   const uint8_t[NOISE_PUBLIC_KEY_LEN], void *);
63a6bca3d2SAaron LI int	noise_remote_enable(struct noise_remote *);
64a6bca3d2SAaron LI void	noise_remote_disable(struct noise_remote *);
65a6bca3d2SAaron LI struct noise_remote *
66a7f975c0SAaron LI 	noise_remote_lookup(struct noise_local *,
67a7f975c0SAaron LI 			    const uint8_t[NOISE_PUBLIC_KEY_LEN]);
68a6bca3d2SAaron LI struct noise_remote *
69a6bca3d2SAaron LI 	noise_remote_index(struct noise_local *, uint32_t);
70a6bca3d2SAaron LI struct noise_remote *
71a6bca3d2SAaron LI 	noise_remote_ref(struct noise_remote *);
72a6bca3d2SAaron LI void	noise_remote_put(struct noise_remote *);
73ef7d48a7SAaron LI void	noise_remote_free(struct noise_remote *);
74a6bca3d2SAaron LI void *	noise_remote_arg(struct noise_remote *);
75a6bca3d2SAaron LI 
76a6bca3d2SAaron LI void	noise_remote_set_psk(struct noise_remote *,
77a6bca3d2SAaron LI 			     const uint8_t[NOISE_SYMMETRIC_KEY_LEN]);
78682f87c9SAaron LI bool	noise_remote_keys(struct noise_remote *,
79a6bca3d2SAaron LI 			  uint8_t[NOISE_PUBLIC_KEY_LEN],
80a6bca3d2SAaron LI 			  uint8_t[NOISE_SYMMETRIC_KEY_LEN]);
81682f87c9SAaron LI bool	noise_remote_initiation_expired(struct noise_remote *);
82a6bca3d2SAaron LI void	noise_remote_handshake_clear(struct noise_remote *);
83a6bca3d2SAaron LI void	noise_remote_keypairs_clear(struct noise_remote *);
84a6bca3d2SAaron LI 
85a6bca3d2SAaron LI /* Keypair functions */
86a6bca3d2SAaron LI struct noise_keypair *
87a6bca3d2SAaron LI 	noise_keypair_lookup(struct noise_local *, uint32_t);
88a6bca3d2SAaron LI struct noise_keypair *
89a6bca3d2SAaron LI 	noise_keypair_current(struct noise_remote *);
90a6bca3d2SAaron LI struct noise_keypair *
91a6bca3d2SAaron LI 	noise_keypair_ref(struct noise_keypair *);
92a6bca3d2SAaron LI void	noise_keypair_put(struct noise_keypair *);
93a6bca3d2SAaron LI struct noise_remote *
94a6bca3d2SAaron LI 	noise_keypair_remote(struct noise_keypair *);
9570a0d19bSAaron LI bool	noise_keypair_received_with(struct noise_keypair *);
9670a0d19bSAaron LI bool	noise_keypair_should_refresh(struct noise_remote *, bool);
97682f87c9SAaron LI bool	noise_keypair_counter_next(struct noise_keypair *, uint64_t *);
9879d60aa0SAaron LI int	noise_keypair_counter_check(struct noise_keypair *, uint64_t);
99a7f975c0SAaron LI int	noise_keypair_encrypt(struct noise_keypair *, uint32_t *r_idx,
100a7f975c0SAaron LI 			      uint64_t counter, struct mbuf *);
101a7f975c0SAaron LI int	noise_keypair_decrypt(struct noise_keypair *, uint64_t counter,
102a6bca3d2SAaron LI 			      struct mbuf *);
103a6bca3d2SAaron LI 
104a6bca3d2SAaron LI /* Handshake functions */
105e44138a7SAaron LI bool	noise_create_initiation(
106a6bca3d2SAaron LI 	    struct noise_remote *,
107a6bca3d2SAaron LI 	    uint32_t *s_idx,
108a6bca3d2SAaron LI 	    uint8_t ue[NOISE_PUBLIC_KEY_LEN],
109a6bca3d2SAaron LI 	    uint8_t es[NOISE_PUBLIC_KEY_LEN + NOISE_AUTHTAG_LEN],
110a6bca3d2SAaron LI 	    uint8_t ets[NOISE_TIMESTAMP_LEN + NOISE_AUTHTAG_LEN]);
111e44138a7SAaron LI struct noise_remote *
112e44138a7SAaron LI 	noise_consume_initiation(
113a6bca3d2SAaron LI 	    struct noise_local *,
114a6bca3d2SAaron LI 	    uint32_t s_idx,
115a6bca3d2SAaron LI 	    uint8_t ue[NOISE_PUBLIC_KEY_LEN],
116a6bca3d2SAaron LI 	    uint8_t es[NOISE_PUBLIC_KEY_LEN + NOISE_AUTHTAG_LEN],
117a6bca3d2SAaron LI 	    uint8_t ets[NOISE_TIMESTAMP_LEN + NOISE_AUTHTAG_LEN]);
118e44138a7SAaron LI bool	noise_create_response(
119a6bca3d2SAaron LI 	    struct noise_remote *,
120a6bca3d2SAaron LI 	    uint32_t *s_idx,
121a6bca3d2SAaron LI 	    uint32_t *r_idx,
122a6bca3d2SAaron LI 	    uint8_t ue[NOISE_PUBLIC_KEY_LEN],
123a6bca3d2SAaron LI 	    uint8_t en[0 + NOISE_AUTHTAG_LEN]);
124e44138a7SAaron LI struct noise_remote *
125e44138a7SAaron LI 	noise_consume_response(
126a6bca3d2SAaron LI 	    struct noise_local *,
127a6bca3d2SAaron LI 	    uint32_t s_idx,
128a6bca3d2SAaron LI 	    uint32_t r_idx,
129a6bca3d2SAaron LI 	    uint8_t ue[NOISE_PUBLIC_KEY_LEN],
130a6bca3d2SAaron LI 	    uint8_t en[0 + NOISE_AUTHTAG_LEN]);
131a6bca3d2SAaron LI 
132e6c44b2eSAaron LI #ifdef WG_SELFTESTS
133a6bca3d2SAaron LI bool	noise_counter_selftest(void);
134e6c44b2eSAaron LI #endif /* WG_SELFTESTS */
135a6bca3d2SAaron LI 
136a364ee04SAaron LI #endif /* _NET_WG_NOISE_H_ */
137