EtherGuard-VPN/timers.go

347 lines
7.7 KiB
Go
Raw Normal View History

2017-08-27 15:41:00 +02:00
package main
import (
"bytes"
"encoding/binary"
"math/rand"
"sync/atomic"
"time"
)
2017-12-29 17:42:09 +01:00
/* NOTE:
* Notion of validity
*
*
*/
2017-08-27 15:41:00 +02:00
/* Called when a new authenticated message has been send
*
*/
func (peer *Peer) KeepKeyFreshSending() {
kp := peer.keyPairs.Current()
if kp == nil {
return
}
nonce := atomic.LoadUint64(&kp.sendNonce)
if nonce > RekeyAfterMessages {
2017-11-30 23:22:40 +01:00
peer.signal.handshakeBegin.Send()
2017-08-27 15:41:00 +02:00
}
if kp.isInitiator && time.Now().Sub(kp.created) > RekeyAfterTime {
2017-11-30 23:22:40 +01:00
peer.signal.handshakeBegin.Send()
2017-08-27 15:41:00 +02:00
}
}
2017-11-29 21:12:09 +01:00
/* Called when a new authenticated message has been received
2017-08-27 15:41:00 +02:00
*
2017-12-01 23:37:26 +01:00
* NOTE: Not thread safe, but called by sequential receiver!
2017-08-27 15:41:00 +02:00
*/
func (peer *Peer) KeepKeyFreshReceiving() {
if peer.timer.sendLastMinuteHandshake {
return
}
2017-08-27 15:41:00 +02:00
kp := peer.keyPairs.Current()
if kp == nil {
return
}
if !kp.isInitiator {
return
}
nonce := atomic.LoadUint64(&kp.sendNonce)
send := nonce > RekeyAfterMessages || time.Now().Sub(kp.created) > RekeyAfterTimeReceiving
if send {
// do a last minute attempt at initiating a new handshake
peer.timer.sendLastMinuteHandshake = true
2017-12-29 17:42:09 +01:00
peer.signal.handshakeBegin.Send()
2017-08-27 15:41:00 +02:00
}
}
/* Queues a keep-alive if no packets are queued for peer
*/
func (peer *Peer) SendKeepAlive() bool {
2017-12-29 17:42:09 +01:00
if len(peer.queue.nonce) != 0 {
return false
}
2017-08-27 15:41:00 +02:00
elem := peer.device.NewOutboundElement()
elem.packet = nil
2017-12-29 17:42:09 +01:00
select {
case peer.queue.nonce <- elem:
return true
default:
return false
2017-08-27 15:41:00 +02:00
}
}
/* Event:
* Sent non-empty (authenticated) transport message
*/
func (peer *Peer) TimerDataSent() {
2017-11-30 23:22:40 +01:00
peer.timer.keepalivePassive.Stop()
2017-12-29 17:42:09 +01:00
peer.timer.handshakeNew.Start(NewHandshakeTime)
2017-08-27 15:41:00 +02:00
}
/* Event:
* Received non-empty (authenticated) transport message
2017-11-30 23:22:40 +01:00
*
* Action:
* Set a timer to confirm the message using a keep-alive (if not already set)
2017-08-27 15:41:00 +02:00
*/
func (peer *Peer) TimerDataReceived() {
2017-11-30 23:22:40 +01:00
if !peer.timer.keepalivePassive.Start(KeepaliveTimeout) {
2017-08-27 15:41:00 +02:00
peer.timer.needAnotherKeepalive = true
}
}
/* Event:
* Any (authenticated) packet received
*/
func (peer *Peer) TimerAnyAuthenticatedPacketReceived() {
2017-12-29 17:42:09 +01:00
peer.timer.handshakeNew.Stop()
2017-08-27 15:41:00 +02:00
}
/* Event:
* Any authenticated packet send / received.
2017-11-30 23:22:40 +01:00
*
* Action:
* Push persistent keep-alive into the future
2017-08-27 15:41:00 +02:00
*/
func (peer *Peer) TimerAnyAuthenticatedPacketTraversal() {
interval := atomic.LoadUint64(&peer.persistentKeepaliveInterval)
if interval > 0 {
duration := time.Duration(interval) * time.Second
peer.timer.keepalivePersistent.Reset(duration)
}
}
2017-11-29 21:12:09 +01:00
/* Called after successfully completing a handshake.
2017-08-27 15:41:00 +02:00
* i.e. after:
*
* - Valid handshake response
* - First transport message under the "next" key
*/
func (peer *Peer) TimerHandshakeComplete() {
2017-11-30 23:22:40 +01:00
peer.signal.handshakeCompleted.Send()
2017-08-27 15:41:00 +02:00
peer.device.log.Info.Println("Negotiated new handshake for", peer.String())
}
/* Event:
* An ephemeral key is generated
*
2017-11-29 21:12:09 +01:00
* i.e. after:
2017-08-27 15:41:00 +02:00
*
* CreateMessageInitiation
* CreateMessageResponse
*
2017-11-30 23:22:40 +01:00
* Action:
* Schedule the deletion of all key material
2017-08-27 15:41:00 +02:00
* upon failure to complete a handshake
*/
func (peer *Peer) TimerEphemeralKeyCreated() {
peer.timer.zeroAllKeys.Reset(RejectAfterTime * 3)
}
2017-12-29 17:42:09 +01:00
/* Sends a new handshake initiation message to the peer (endpoint)
*/
func (peer *Peer) sendNewHandshake() error {
// temporarily disable the handshake complete signal
peer.signal.handshakeCompleted.Disable()
// create initiation message
msg, err := peer.device.CreateMessageInitiation(peer)
if err != nil {
return err
}
// marshal handshake message
var buff [MessageInitiationSize]byte
writer := bytes.NewBuffer(buff[:0])
binary.Write(writer, binary.LittleEndian, msg)
packet := writer.Bytes()
peer.mac.AddMacs(packet)
// send to endpoint
peer.TimerAnyAuthenticatedPacketTraversal()
err = peer.SendBuffer(packet)
if err == nil {
peer.signal.handshakeCompleted.Enable()
}
// set timeout
jitter := time.Millisecond * time.Duration(rand.Uint32()%334)
peer.timer.keepalivePassive.Stop()
peer.timer.handshakeTimeout.Reset(RekeyTimeout + jitter)
return err
}
func (peer *Peer) RoutineTimerHandler() {
defer peer.routines.stopping.Done()
2017-08-27 15:41:00 +02:00
device := peer.device
2017-11-30 23:22:40 +01:00
logInfo := device.log.Info
2017-08-27 15:41:00 +02:00
logDebug := device.log.Debug
logDebug.Println("Routine, timer handler, started for peer", peer.String())
2017-12-29 17:42:09 +01:00
// reset all timers
peer.timer.keepalivePassive.Stop()
peer.timer.handshakeDeadline.Stop()
peer.timer.handshakeTimeout.Stop()
peer.timer.handshakeNew.Stop()
peer.timer.zeroAllKeys.Stop()
interval := atomic.LoadUint64(&peer.persistentKeepaliveInterval)
if interval > 0 {
duration := time.Duration(interval) * time.Second
peer.timer.keepalivePersistent.Reset(duration)
}
// signal synchronised setup complete
2017-12-29 17:42:09 +01:00
peer.routines.starting.Done()
2017-12-29 17:42:09 +01:00
// handle timer events
2017-08-27 15:41:00 +02:00
for {
select {
/* stopping */
case <-peer.routines.stop.Wait():
return
2017-11-30 23:22:40 +01:00
/* timers */
2017-08-27 15:41:00 +02:00
2017-11-30 23:22:40 +01:00
// keep-alive
2017-08-27 15:41:00 +02:00
2017-11-30 23:22:40 +01:00
case <-peer.timer.keepalivePersistent.Wait():
2017-08-27 15:41:00 +02:00
interval := atomic.LoadUint64(&peer.persistentKeepaliveInterval)
if interval > 0 {
logDebug.Println("Sending keep-alive to", peer.String())
2017-12-29 17:42:09 +01:00
peer.timer.keepalivePassive.Stop()
2017-08-27 15:41:00 +02:00
peer.SendKeepAlive()
}
2017-11-30 23:22:40 +01:00
case <-peer.timer.keepalivePassive.Wait():
2017-08-27 15:41:00 +02:00
logDebug.Println("Sending keep-alive to", peer.String())
peer.SendKeepAlive()
if peer.timer.needAnotherKeepalive {
peer.timer.needAnotherKeepalive = false
2017-12-29 17:42:09 +01:00
peer.timer.keepalivePassive.Reset(KeepaliveTimeout)
2017-08-27 15:41:00 +02:00
}
2017-11-30 23:22:40 +01:00
// clear key material timer
2017-08-27 15:41:00 +02:00
2017-11-30 23:22:40 +01:00
case <-peer.timer.zeroAllKeys.Wait():
2017-08-27 15:41:00 +02:00
logDebug.Println("Clearing all key material for", peer.String())
hs := &peer.handshake
hs.mutex.Lock()
kp := &peer.keyPairs
kp.mutex.Lock()
2017-09-01 14:21:53 +02:00
// remove key-pairs
2017-08-27 15:41:00 +02:00
if kp.previous != nil {
2017-09-01 14:21:53 +02:00
device.DeleteKeyPair(kp.previous)
kp.previous = nil
2017-08-27 15:41:00 +02:00
}
if kp.current != nil {
2017-09-01 14:21:53 +02:00
device.DeleteKeyPair(kp.current)
kp.current = nil
2017-08-27 15:41:00 +02:00
}
if kp.next != nil {
2017-09-01 14:21:53 +02:00
device.DeleteKeyPair(kp.next)
kp.next = nil
2017-08-27 15:41:00 +02:00
}
kp.mutex.Unlock()
// zero out handshake
2017-09-01 14:21:53 +02:00
device.indices.Delete(hs.localIndex)
hs.Clear()
2017-08-27 15:41:00 +02:00
hs.mutex.Unlock()
2017-11-30 23:22:40 +01:00
// handshake timers
2017-08-27 15:41:00 +02:00
2017-12-29 17:42:09 +01:00
case <-peer.timer.handshakeNew.Wait():
2017-11-30 23:22:40 +01:00
logInfo.Println("Retrying handshake with", peer.String())
peer.signal.handshakeBegin.Send()
2017-08-27 15:41:00 +02:00
2017-11-30 23:22:40 +01:00
case <-peer.timer.handshakeTimeout.Wait():
2017-08-27 15:41:00 +02:00
2017-11-30 23:22:40 +01:00
// clear source (in case this is causing problems)
2017-08-27 15:41:00 +02:00
2017-11-30 23:22:40 +01:00
peer.mutex.Lock()
if peer.endpoint != nil {
peer.endpoint.ClearSrc()
}
peer.mutex.Unlock()
2017-08-27 15:41:00 +02:00
2017-11-30 23:22:40 +01:00
// send new handshake
2017-08-27 15:41:00 +02:00
2017-11-30 23:22:40 +01:00
err := peer.sendNewHandshake()
if err != nil {
logInfo.Println(
"Failed to send handshake to peer:", peer.String(), "(", err, ")")
2017-11-30 23:22:40 +01:00
}
2017-08-27 15:41:00 +02:00
2017-11-30 23:22:40 +01:00
case <-peer.timer.handshakeDeadline.Wait():
2017-08-27 15:41:00 +02:00
2017-11-30 23:22:40 +01:00
// clear all queued packets and stop keep-alive
2017-08-27 15:41:00 +02:00
2017-11-30 23:22:40 +01:00
logInfo.Println(
"Handshake negotiation timed out for:", peer.String())
2017-08-27 15:41:00 +02:00
2017-11-30 23:22:40 +01:00
peer.signal.flushNonceQueue.Send()
peer.timer.keepalivePersistent.Stop()
peer.signal.handshakeBegin.Enable()
2017-08-27 15:41:00 +02:00
2017-11-30 23:22:40 +01:00
/* signals */
2017-08-27 15:41:00 +02:00
2017-11-30 23:22:40 +01:00
case <-peer.signal.handshakeBegin.Wait():
2017-08-27 15:41:00 +02:00
2017-11-30 23:22:40 +01:00
peer.signal.handshakeBegin.Disable()
2017-08-27 15:41:00 +02:00
2017-11-30 23:22:40 +01:00
err := peer.sendNewHandshake()
2017-08-27 15:41:00 +02:00
if err != nil {
2017-11-30 23:22:40 +01:00
logInfo.Println(
"Failed to send handshake to peer:", peer.String(), "(", err, ")")
2017-08-27 15:41:00 +02:00
}
2017-11-30 23:22:40 +01:00
peer.timer.handshakeDeadline.Reset(RekeyAttemptTime)
2017-08-27 15:41:00 +02:00
2017-11-30 23:22:40 +01:00
case <-peer.signal.handshakeCompleted.Wait():
2017-08-27 15:41:00 +02:00
2017-11-30 23:22:40 +01:00
logInfo.Println(
"Handshake completed for:", peer.String())
2017-08-27 15:41:00 +02:00
2017-12-29 17:42:09 +01:00
atomic.StoreInt64(
&peer.stats.lastHandshakeNano,
time.Now().UnixNano(),
)
2017-11-30 23:22:40 +01:00
peer.timer.handshakeTimeout.Stop()
peer.timer.handshakeDeadline.Stop()
peer.signal.handshakeBegin.Enable()
2017-12-29 17:42:09 +01:00
peer.timer.sendLastMinuteHandshake = false
}
2017-08-27 15:41:00 +02:00
}
}