1 // SPDX-License-Identifier: GPL-2.0
2 /*
3 * Copyright (C) 2015-2019 Jason A. Donenfeld <Jason@zx2c4.com>. All Rights Reserved.
4 */
5
6 #include "timers.h"
7 #include "device.h"
8 #include "peer.h"
9 #include "queueing.h"
10 #include "socket.h"
11
12 /*
13 * - Timer for retransmitting the handshake if we don't hear back after
14 * `REKEY_TIMEOUT + jitter` ms.
15 *
16 * - Timer for sending empty packet if we have received a packet but after have
17 * not sent one for `KEEPALIVE_TIMEOUT` ms.
18 *
19 * - Timer for initiating new handshake if we have sent a packet but after have
20 * not received one (even empty) for `(KEEPALIVE_TIMEOUT + REKEY_TIMEOUT) +
21 * jitter` ms.
22 *
23 * - Timer for zeroing out all ephemeral keys after `(REJECT_AFTER_TIME * 3)` ms
24 * if no new keys have been received.
25 *
26 * - Timer for, if enabled, sending an empty authenticated packet every user-
27 * specified seconds.
28 */
29
mod_peer_timer(struct wg_peer * peer,struct timer_list * timer,unsigned long expires)30 static inline void mod_peer_timer(struct wg_peer *peer,
31 struct timer_list *timer,
32 unsigned long expires)
33 {
34 rcu_read_lock_bh();
35 if (likely(netif_running(peer->device->dev) &&
36 !READ_ONCE(peer->is_dead)))
37 mod_timer(timer, expires);
38 rcu_read_unlock_bh();
39 }
40
wg_expired_retransmit_handshake(struct timer_list * timer)41 static void wg_expired_retransmit_handshake(struct timer_list *timer)
42 {
43 struct wg_peer *peer = timer_container_of(peer, timer,
44 timer_retransmit_handshake);
45
46 if (peer->timer_handshake_attempts > MAX_TIMER_HANDSHAKES) {
47 pr_debug("%s: Handshake for peer %llu (%pISpfsc) did not complete after %d attempts, giving up\n",
48 peer->device->dev->name, peer->internal_id,
49 &peer->endpoint.addr, (int)MAX_TIMER_HANDSHAKES + 2);
50
51 timer_delete(&peer->timer_send_keepalive);
52 /* We drop all packets without a keypair and don't try again,
53 * if we try unsuccessfully for too long to make a handshake.
54 */
55 wg_packet_purge_staged_packets(peer);
56
57 /* We set a timer for destroying any residue that might be left
58 * of a partial exchange.
59 */
60 if (!timer_pending(&peer->timer_zero_key_material))
61 mod_peer_timer(peer, &peer->timer_zero_key_material,
62 jiffies + REJECT_AFTER_TIME * 3 * HZ);
63 } else {
64 ++peer->timer_handshake_attempts;
65 pr_debug("%s: Handshake for peer %llu (%pISpfsc) did not complete after %d seconds, retrying (try %d)\n",
66 peer->device->dev->name, peer->internal_id,
67 &peer->endpoint.addr, (int)REKEY_TIMEOUT,
68 peer->timer_handshake_attempts + 1);
69
70 /* We clear the endpoint address src address, in case this is
71 * the cause of trouble.
72 */
73 wg_socket_clear_peer_endpoint_src(peer);
74
75 wg_packet_send_queued_handshake_initiation(peer, true);
76 }
77 }
78
wg_expired_send_keepalive(struct timer_list * timer)79 static void wg_expired_send_keepalive(struct timer_list *timer)
80 {
81 struct wg_peer *peer = timer_container_of(peer, timer,
82 timer_send_keepalive);
83
84 wg_packet_send_keepalive(peer);
85 if (peer->timer_need_another_keepalive) {
86 peer->timer_need_another_keepalive = false;
87 mod_peer_timer(peer, &peer->timer_send_keepalive,
88 jiffies + KEEPALIVE_TIMEOUT * HZ);
89 }
90 }
91
wg_expired_new_handshake(struct timer_list * timer)92 static void wg_expired_new_handshake(struct timer_list *timer)
93 {
94 struct wg_peer *peer = timer_container_of(peer, timer,
95 timer_new_handshake);
96
97 pr_debug("%s: Retrying handshake with peer %llu (%pISpfsc) because we stopped hearing back after %d seconds\n",
98 peer->device->dev->name, peer->internal_id,
99 &peer->endpoint.addr, (int)(KEEPALIVE_TIMEOUT + REKEY_TIMEOUT));
100 /* We clear the endpoint address src address, in case this is the cause
101 * of trouble.
102 */
103 wg_socket_clear_peer_endpoint_src(peer);
104 wg_packet_send_queued_handshake_initiation(peer, false);
105 }
106
wg_expired_zero_key_material(struct timer_list * timer)107 static void wg_expired_zero_key_material(struct timer_list *timer)
108 {
109 struct wg_peer *peer = timer_container_of(peer, timer,
110 timer_zero_key_material);
111
112 rcu_read_lock_bh();
113 if (!READ_ONCE(peer->is_dead)) {
114 wg_peer_get(peer);
115 if (!queue_work(peer->device->handshake_send_wq,
116 &peer->clear_peer_work))
117 /* If the work was already on the queue, we want to drop
118 * the extra reference.
119 */
120 wg_peer_put(peer);
121 }
122 rcu_read_unlock_bh();
123 }
124
wg_queued_expired_zero_key_material(struct work_struct * work)125 static void wg_queued_expired_zero_key_material(struct work_struct *work)
126 {
127 struct wg_peer *peer = container_of(work, struct wg_peer,
128 clear_peer_work);
129
130 pr_debug("%s: Zeroing out all keys for peer %llu (%pISpfsc), since we haven't received a new one in %d seconds\n",
131 peer->device->dev->name, peer->internal_id,
132 &peer->endpoint.addr, (int)REJECT_AFTER_TIME * 3);
133 wg_noise_handshake_clear(&peer->handshake);
134 wg_noise_keypairs_clear(&peer->keypairs);
135 wg_peer_put(peer);
136 }
137
wg_expired_send_persistent_keepalive(struct timer_list * timer)138 static void wg_expired_send_persistent_keepalive(struct timer_list *timer)
139 {
140 struct wg_peer *peer = timer_container_of(peer, timer,
141 timer_persistent_keepalive);
142
143 if (likely(peer->persistent_keepalive_interval))
144 wg_packet_send_keepalive(peer);
145 }
146
147 /* Should be called after an authenticated data packet is sent. */
wg_timers_data_sent(struct wg_peer * peer)148 void wg_timers_data_sent(struct wg_peer *peer)
149 {
150 if (!timer_pending(&peer->timer_new_handshake))
151 mod_peer_timer(peer, &peer->timer_new_handshake,
152 jiffies + (KEEPALIVE_TIMEOUT + REKEY_TIMEOUT) * HZ +
153 get_random_u32_below(REKEY_TIMEOUT_JITTER_MAX_JIFFIES));
154 }
155
156 /* Should be called after an authenticated data packet is received. */
wg_timers_data_received(struct wg_peer * peer)157 void wg_timers_data_received(struct wg_peer *peer)
158 {
159 if (likely(netif_running(peer->device->dev))) {
160 if (!timer_pending(&peer->timer_send_keepalive))
161 mod_peer_timer(peer, &peer->timer_send_keepalive,
162 jiffies + KEEPALIVE_TIMEOUT * HZ);
163 else
164 peer->timer_need_another_keepalive = true;
165 }
166 }
167
168 /* Should be called after any type of authenticated packet is sent, whether
169 * keepalive, data, or handshake.
170 */
wg_timers_any_authenticated_packet_sent(struct wg_peer * peer)171 void wg_timers_any_authenticated_packet_sent(struct wg_peer *peer)
172 {
173 timer_delete(&peer->timer_send_keepalive);
174 }
175
176 /* Should be called after any type of authenticated packet is received, whether
177 * keepalive, data, or handshake.
178 */
wg_timers_any_authenticated_packet_received(struct wg_peer * peer)179 void wg_timers_any_authenticated_packet_received(struct wg_peer *peer)
180 {
181 timer_delete(&peer->timer_new_handshake);
182 }
183
184 /* Should be called after a handshake initiation message is sent. */
wg_timers_handshake_initiated(struct wg_peer * peer)185 void wg_timers_handshake_initiated(struct wg_peer *peer)
186 {
187 mod_peer_timer(peer, &peer->timer_retransmit_handshake,
188 jiffies + REKEY_TIMEOUT * HZ +
189 get_random_u32_below(REKEY_TIMEOUT_JITTER_MAX_JIFFIES));
190 }
191
192 /* Should be called after a handshake response message is received and processed
193 * or when getting key confirmation via the first data message.
194 */
wg_timers_handshake_complete(struct wg_peer * peer)195 void wg_timers_handshake_complete(struct wg_peer *peer)
196 {
197 timer_delete(&peer->timer_retransmit_handshake);
198 peer->timer_handshake_attempts = 0;
199 peer->sent_lastminute_handshake = false;
200 ktime_get_real_ts64(&peer->walltime_last_handshake);
201 }
202
203 /* Should be called after an ephemeral key is created, which is before sending a
204 * handshake response or after receiving a handshake response.
205 */
wg_timers_session_derived(struct wg_peer * peer)206 void wg_timers_session_derived(struct wg_peer *peer)
207 {
208 mod_peer_timer(peer, &peer->timer_zero_key_material,
209 jiffies + REJECT_AFTER_TIME * 3 * HZ);
210 }
211
212 /* Should be called before a packet with authentication, whether
213 * keepalive, data, or handshakem is sent, or after one is received.
214 */
wg_timers_any_authenticated_packet_traversal(struct wg_peer * peer)215 void wg_timers_any_authenticated_packet_traversal(struct wg_peer *peer)
216 {
217 if (peer->persistent_keepalive_interval)
218 mod_peer_timer(peer, &peer->timer_persistent_keepalive,
219 jiffies + peer->persistent_keepalive_interval * HZ);
220 }
221
wg_timers_init(struct wg_peer * peer)222 void wg_timers_init(struct wg_peer *peer)
223 {
224 timer_setup(&peer->timer_retransmit_handshake,
225 wg_expired_retransmit_handshake, 0);
226 timer_setup(&peer->timer_send_keepalive, wg_expired_send_keepalive, 0);
227 timer_setup(&peer->timer_new_handshake, wg_expired_new_handshake, 0);
228 timer_setup(&peer->timer_zero_key_material,
229 wg_expired_zero_key_material, 0);
230 timer_setup(&peer->timer_persistent_keepalive,
231 wg_expired_send_persistent_keepalive, 0);
232 INIT_WORK(&peer->clear_peer_work, wg_queued_expired_zero_key_material);
233 peer->timer_handshake_attempts = 0;
234 peer->sent_lastminute_handshake = false;
235 peer->timer_need_another_keepalive = false;
236 }
237
wg_timers_stop(struct wg_peer * peer)238 void wg_timers_stop(struct wg_peer *peer)
239 {
240 timer_delete_sync(&peer->timer_retransmit_handshake);
241 timer_delete_sync(&peer->timer_send_keepalive);
242 timer_delete_sync(&peer->timer_new_handshake);
243 timer_delete_sync(&peer->timer_zero_key_material);
244 timer_delete_sync(&peer->timer_persistent_keepalive);
245 flush_work(&peer->clear_peer_work);
246 }
247