1 // SPDX-License-Identifier: GPL-2.0
2 /*
3  * Copyright (C) 2015-2019 Jason A. Donenfeld <Jason@zx2c4.com>. All Rights Reserved.
4  */
5 
6 #include "timers.h"
7 #include "device.h"
8 #include "peer.h"
9 #include "queueing.h"
10 #include "socket.h"
11 
12 /*
13  * - Timer for retransmitting the handshake if we don't hear back after
14  * `REKEY_TIMEOUT + jitter` ms.
15  *
16  * - Timer for sending empty packet if we have received a packet but after have
17  * not sent one for `KEEPALIVE_TIMEOUT` ms.
18  *
19  * - Timer for initiating new handshake if we have sent a packet but after have
20  * not received one (even empty) for `(KEEPALIVE_TIMEOUT + REKEY_TIMEOUT) +
21  * jitter` ms.
22  *
23  * - Timer for zeroing out all ephemeral keys after `(REJECT_AFTER_TIME * 3)` ms
24  * if no new keys have been received.
25  *
26  * - Timer for, if enabled, sending an empty authenticated packet every user-
27  * specified seconds.
28  */
29 
mod_peer_timer(struct wg_peer * peer,struct timer_list * timer,unsigned long expires)30 static inline void mod_peer_timer(struct wg_peer *peer,
31 				  struct timer_list *timer,
32 				  unsigned long expires)
33 {
34 	rcu_read_lock_bh();
35 	if (likely(netif_running(peer->device->dev) &&
36 		   !READ_ONCE(peer->is_dead)))
37 		mod_timer(timer, expires);
38 	rcu_read_unlock_bh();
39 }
40 
wg_expired_retransmit_handshake(struct timer_list * timer)41 static void wg_expired_retransmit_handshake(struct timer_list *timer)
42 {
43 	struct wg_peer *peer = from_timer(peer, timer,
44 					  timer_retransmit_handshake);
45 
46 	if (peer->timer_handshake_attempts > MAX_TIMER_HANDSHAKES) {
47 		pr_debug("%s: Handshake for peer %llu (%pISpfsc) did not complete after %d attempts, giving up\n",
48 			 peer->device->dev->name, peer->internal_id,
49 			 &peer->endpoint.addr, MAX_TIMER_HANDSHAKES + 2);
50 
51 		del_timer(&peer->timer_send_keepalive);
52 		/* We drop all packets without a keypair and don't try again,
53 		 * if we try unsuccessfully for too long to make a handshake.
54 		 */
55 		wg_packet_purge_staged_packets(peer);
56 
57 		/* We set a timer for destroying any residue that might be left
58 		 * of a partial exchange.
59 		 */
60 		if (!timer_pending(&peer->timer_zero_key_material))
61 			mod_peer_timer(peer, &peer->timer_zero_key_material,
62 				       jiffies + REJECT_AFTER_TIME * 3 * HZ);
63 	} else {
64 		++peer->timer_handshake_attempts;
65 		pr_debug("%s: Handshake for peer %llu (%pISpfsc) did not complete after %d seconds, retrying (try %d)\n",
66 			 peer->device->dev->name, peer->internal_id,
67 			 &peer->endpoint.addr, REKEY_TIMEOUT,
68 			 peer->timer_handshake_attempts + 1);
69 
70 		/* We clear the endpoint address src address, in case this is
71 		 * the cause of trouble.
72 		 */
73 		wg_socket_clear_peer_endpoint_src(peer);
74 
75 		wg_packet_send_queued_handshake_initiation(peer, true);
76 	}
77 }
78 
wg_expired_send_keepalive(struct timer_list * timer)79 static void wg_expired_send_keepalive(struct timer_list *timer)
80 {
81 	struct wg_peer *peer = from_timer(peer, timer, timer_send_keepalive);
82 
83 	wg_packet_send_keepalive(peer);
84 	if (peer->timer_need_another_keepalive) {
85 		peer->timer_need_another_keepalive = false;
86 		mod_peer_timer(peer, &peer->timer_send_keepalive,
87 			       jiffies + KEEPALIVE_TIMEOUT * HZ);
88 	}
89 }
90 
wg_expired_new_handshake(struct timer_list * timer)91 static void wg_expired_new_handshake(struct timer_list *timer)
92 {
93 	struct wg_peer *peer = from_timer(peer, timer, timer_new_handshake);
94 
95 	pr_debug("%s: Retrying handshake with peer %llu (%pISpfsc) because we stopped hearing back after %d seconds\n",
96 		 peer->device->dev->name, peer->internal_id,
97 		 &peer->endpoint.addr, KEEPALIVE_TIMEOUT + REKEY_TIMEOUT);
98 	/* We clear the endpoint address src address, in case this is the cause
99 	 * of trouble.
100 	 */
101 	wg_socket_clear_peer_endpoint_src(peer);
102 	wg_packet_send_queued_handshake_initiation(peer, false);
103 }
104 
wg_expired_zero_key_material(struct timer_list * timer)105 static void wg_expired_zero_key_material(struct timer_list *timer)
106 {
107 	struct wg_peer *peer = from_timer(peer, timer, timer_zero_key_material);
108 
109 	rcu_read_lock_bh();
110 	if (!READ_ONCE(peer->is_dead)) {
111 		wg_peer_get(peer);
112 		if (!queue_work(peer->device->handshake_send_wq,
113 				&peer->clear_peer_work))
114 			/* If the work was already on the queue, we want to drop
115 			 * the extra reference.
116 			 */
117 			wg_peer_put(peer);
118 	}
119 	rcu_read_unlock_bh();
120 }
121 
wg_queued_expired_zero_key_material(struct work_struct * work)122 static void wg_queued_expired_zero_key_material(struct work_struct *work)
123 {
124 	struct wg_peer *peer = container_of(work, struct wg_peer,
125 					    clear_peer_work);
126 
127 	pr_debug("%s: Zeroing out all keys for peer %llu (%pISpfsc), since we haven't received a new one in %d seconds\n",
128 		 peer->device->dev->name, peer->internal_id,
129 		 &peer->endpoint.addr, REJECT_AFTER_TIME * 3);
130 	wg_noise_handshake_clear(&peer->handshake);
131 	wg_noise_keypairs_clear(&peer->keypairs);
132 	wg_peer_put(peer);
133 }
134 
wg_expired_send_persistent_keepalive(struct timer_list * timer)135 static void wg_expired_send_persistent_keepalive(struct timer_list *timer)
136 {
137 	struct wg_peer *peer = from_timer(peer, timer,
138 					  timer_persistent_keepalive);
139 
140 	if (likely(peer->persistent_keepalive_interval))
141 		wg_packet_send_keepalive(peer);
142 }
143 
144 /* Should be called after an authenticated data packet is sent. */
wg_timers_data_sent(struct wg_peer * peer)145 void wg_timers_data_sent(struct wg_peer *peer)
146 {
147 	if (!timer_pending(&peer->timer_new_handshake))
148 		mod_peer_timer(peer, &peer->timer_new_handshake,
149 			jiffies + (KEEPALIVE_TIMEOUT + REKEY_TIMEOUT) * HZ +
150 			prandom_u32_max(REKEY_TIMEOUT_JITTER_MAX_JIFFIES));
151 }
152 
153 /* Should be called after an authenticated data packet is received. */
wg_timers_data_received(struct wg_peer * peer)154 void wg_timers_data_received(struct wg_peer *peer)
155 {
156 	if (likely(netif_running(peer->device->dev))) {
157 		if (!timer_pending(&peer->timer_send_keepalive))
158 			mod_peer_timer(peer, &peer->timer_send_keepalive,
159 				       jiffies + KEEPALIVE_TIMEOUT * HZ);
160 		else
161 			peer->timer_need_another_keepalive = true;
162 	}
163 }
164 
165 /* Should be called after any type of authenticated packet is sent, whether
166  * keepalive, data, or handshake.
167  */
wg_timers_any_authenticated_packet_sent(struct wg_peer * peer)168 void wg_timers_any_authenticated_packet_sent(struct wg_peer *peer)
169 {
170 	del_timer(&peer->timer_send_keepalive);
171 }
172 
173 /* Should be called after any type of authenticated packet is received, whether
174  * keepalive, data, or handshake.
175  */
wg_timers_any_authenticated_packet_received(struct wg_peer * peer)176 void wg_timers_any_authenticated_packet_received(struct wg_peer *peer)
177 {
178 	del_timer(&peer->timer_new_handshake);
179 }
180 
181 /* Should be called after a handshake initiation message is sent. */
wg_timers_handshake_initiated(struct wg_peer * peer)182 void wg_timers_handshake_initiated(struct wg_peer *peer)
183 {
184 	mod_peer_timer(peer, &peer->timer_retransmit_handshake,
185 		       jiffies + REKEY_TIMEOUT * HZ +
186 		       prandom_u32_max(REKEY_TIMEOUT_JITTER_MAX_JIFFIES));
187 }
188 
189 /* Should be called after a handshake response message is received and processed
190  * or when getting key confirmation via the first data message.
191  */
wg_timers_handshake_complete(struct wg_peer * peer)192 void wg_timers_handshake_complete(struct wg_peer *peer)
193 {
194 	del_timer(&peer->timer_retransmit_handshake);
195 	peer->timer_handshake_attempts = 0;
196 	peer->sent_lastminute_handshake = false;
197 	ktime_get_real_ts64(&peer->walltime_last_handshake);
198 }
199 
200 /* Should be called after an ephemeral key is created, which is before sending a
201  * handshake response or after receiving a handshake response.
202  */
wg_timers_session_derived(struct wg_peer * peer)203 void wg_timers_session_derived(struct wg_peer *peer)
204 {
205 	mod_peer_timer(peer, &peer->timer_zero_key_material,
206 		       jiffies + REJECT_AFTER_TIME * 3 * HZ);
207 }
208 
209 /* Should be called before a packet with authentication, whether
210  * keepalive, data, or handshakem is sent, or after one is received.
211  */
wg_timers_any_authenticated_packet_traversal(struct wg_peer * peer)212 void wg_timers_any_authenticated_packet_traversal(struct wg_peer *peer)
213 {
214 	if (peer->persistent_keepalive_interval)
215 		mod_peer_timer(peer, &peer->timer_persistent_keepalive,
216 			jiffies + peer->persistent_keepalive_interval * HZ);
217 }
218 
wg_timers_init(struct wg_peer * peer)219 void wg_timers_init(struct wg_peer *peer)
220 {
221 	timer_setup(&peer->timer_retransmit_handshake,
222 		    wg_expired_retransmit_handshake, 0);
223 	timer_setup(&peer->timer_send_keepalive, wg_expired_send_keepalive, 0);
224 	timer_setup(&peer->timer_new_handshake, wg_expired_new_handshake, 0);
225 	timer_setup(&peer->timer_zero_key_material,
226 		    wg_expired_zero_key_material, 0);
227 	timer_setup(&peer->timer_persistent_keepalive,
228 		    wg_expired_send_persistent_keepalive, 0);
229 	INIT_WORK(&peer->clear_peer_work, wg_queued_expired_zero_key_material);
230 	peer->timer_handshake_attempts = 0;
231 	peer->sent_lastminute_handshake = false;
232 	peer->timer_need_another_keepalive = false;
233 }
234 
wg_timers_stop(struct wg_peer * peer)235 void wg_timers_stop(struct wg_peer *peer)
236 {
237 	del_timer_sync(&peer->timer_retransmit_handshake);
238 	del_timer_sync(&peer->timer_send_keepalive);
239 	del_timer_sync(&peer->timer_new_handshake);
240 	del_timer_sync(&peer->timer_zero_key_material);
241 	del_timer_sync(&peer->timer_persistent_keepalive);
242 	flush_work(&peer->clear_peer_work);
243 }
244