aboutsummaryrefslogtreecommitdiffstats
path: root/src/vppinfra/random.h
blob: bceab41956712d6cef225efe7862adadb5e7428b (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
/*
 * Copyright (c) 2015 Cisco and/or its affiliates.
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at:
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
/*
  Copyright (c) 2001, 2002, 2003 Eliot Dresselhaus

  Permission is hereby granted, free of charge, to any person obtaining
  a copy of this software and associated documentation files (the
  "Software"), to deal in the Software without restriction, including
  without limitation the rights to use, copy, modify, merge, publish,
  distribute, sublicense, and/or sell copies of the Software, and to
  permit persons to whom the Software is furnished to do so, subject to
  the following conditions:

  The above copyright notice and this permission notice shall be
  included in all copies or substantial portions of the Software.

  THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
  EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
  MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
  NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
  LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
  OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
  WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
*/

#ifndef included_random_h
#define included_random_h

#include <vppinfra/clib.h>
#include <vppinfra/vec.h>	/* for vec_resize */
#include <vppinfra/format.h>	/* for unformat_input_t */

/** \file
    Linear Congruential Random Number Generator

    This specific random number generator is described in
    "Numerical Recipes in C", 2nd edition, page 284. If you need
    random numbers with really excellent statistics, take a look
    at Chapter 7...

    By definition, a linear congruential random number generator
    is of the form: rand[i+1] = a*rand[i] + c (mod m) for specific
    values of (a,c,m).

    In this case, choose m = 2**32 and use the low-order 32-bits of
    the 64-bit product a*N[i]. Knuth suggests the use of a=1664525,
    H.W. Lewis has tested C=1013904223 extensively. This routine is
    reputedly as good as any 32-bit LCRN, and costs only a single
    multiply-add.

    Several variants: 32/64-bit, machine word width,
    f64 on the closed interval [0,1].
*/

/** \brief 32-bit random number generator */
always_inline u32
random_u32 (u32 * seed)
{
  *seed = (1664525 * *seed) + 1013904223;
  return *seed;
}

/* External test routine. */
int test_random_main (unformat_input_t * input);

/** \brief Maximum value returned by random_u32() */
always_inline u32
random_u32_max (void)
{
  return 0xffffffff;
}

#ifdef CLIB_UNIX

#include <unistd.h>		/* for getpid */

/** \brief Default random seed (unix/linux user-mode) */
always_inline uword
random_default_seed (void)
{
  return getpid ();
}

#endif

#ifdef CLIB_LINUX_KERNEL

#include <linux/sched.h>	/* for jiffies */

/** \brief Default random seed (Linux kernel) */
always_inline uword
random_default_seed (void)
{
  return jiffies;
}

#endif

#ifdef CLIB_STANDALONE
extern u32 standalone_random_default_seed;

always_inline u32
random_default_seed (void)
{
  return standalone_random_default_seed;
}
#endif

/** \brief 64-bit random number generator
 * Again, constants courtesy of Donald Knuth.
 *
 */
always_inline u64
random_u64 (u64 * seed)
{
  *seed = 6364136223846793005ULL * *seed + 1442695040888963407ULL;
  return *seed;
}

/** \brief machine word size random number generator */

always_inline uword
random_uword (u32 * seed)
{
  if (sizeof (uword) == sizeof (u64))
    return random_u64 ((u64 *) seed);
  else
    return random_u32 (seed);
}

/** \brief Generate f64 random number in the interval [0,1] */
always_inline f64
random_f64 (u32 * seed)
{
  return (f64) random_u32 (seed) / (f64) random_u32_max ();
}

/** \brief Generate random character vector

    From the alphabet a-z, lower case.
    Returns a vector of the supplied length which is NOT guaranteed to be
    NULL-terminated. FIXME?
*/
always_inline u8 *
random_string (u32 * seed, uword len)
{
  u8 *alphabet = (u8 *) "abcdefghijklmnopqrstuvwxyz";
  u8 *s = 0;
  word i;

  vec_resize (s, len);
  for (i = 0; i < len; i++)
    s[i] = alphabet[random_u32 (seed) % 26];

  return s;
}

f64 clib_chisquare (u64 * values);

#endif /* included_random_h */

/*
 * fd.io coding-style-patch-verification: ON
 *
 * Local Variables:
 * eval: (c-set-style "gnu")
 * End:
 */
n class="n">port)) ; else if (unformat (line_input, "generate-key")) generate_key = 1; else if (unformat (line_input, "src %U", unformat_ip_address, &src_ip)) ; else { error = clib_error_return (0, "unknown input: %U", format_unformat_error, line_input); break; } } unformat_free (line_input); if (error) return error; } if (generate_key) curve25519_gen_secret (private_key); rv = wg_if_create (instance, private_key, port, &src_ip, &sw_if_index); if (rv) return clib_error_return (0, "wireguard interface create failed"); vlib_cli_output (vm, "%U\n", format_vnet_sw_if_index_name, vnet_get_main (), sw_if_index); return 0; } /*? * Create a Wireguard interface. ?*/ /* *INDENT-OFF* */ VLIB_CLI_COMMAND (wg_if_create_command, static) = { .path = "wireguard create", .short_help = "wireguard create listen-port <port> " "private-key <key> src <IP> [generate-key]", .function = wg_if_create_cli, }; /* *INDENT-ON* */ static clib_error_t * wg_if_delete_cli (vlib_main_t * vm, unformat_input_t * input, vlib_cli_command_t * cmd) { wg_main_t *wmp = &wg_main; vnet_main_t *vnm; u32 sw_if_index; int rv; wg_feature_init (wmp); vnm = vnet_get_main (); sw_if_index = ~0; while (unformat_check_input (input) != UNFORMAT_END_OF_INPUT) { if (unformat (input, "%U", unformat_vnet_sw_interface, vnm, &sw_if_index)) ; else break; } if (~0 != sw_if_index) { rv = wg_if_delete (sw_if_index); if (rv) return clib_error_return (0, "wireguard interface delete failed"); } else return clib_error_return (0, "no such interface: %U", format_unformat_error, input); return 0; } /*? * Delete a Wireguard interface. ?*/ /* *INDENT-OFF* */ VLIB_CLI_COMMAND (wg_if_delete_command, static) = { .path = "wireguard delete", .short_help = "wireguard delete <interface>", .function = wg_if_delete_cli, }; /* *INDENT-ON* */ static clib_error_t * wg_peer_add_command_fn (vlib_main_t * vm, unformat_input_t * input, vlib_cli_command_t * cmd) { vnet_main_t *vnm = vnet_get_main (); wg_main_t *wmp = &wg_main; clib_error_t *error = NULL; unformat_input_t _line_input, *line_input = &_line_input; u8 *public_key_64 = 0; u8 public_key[NOISE_PUBLIC_KEY_LEN]; fib_prefix_t allowed_ip, *allowed_ips = NULL; ip_prefix_t pfx; ip_address_t ip; u32 portDst = 0, table_id = 0; u32 persistent_keepalive = 0; u32 tun_sw_if_index = ~0; u32 peer_index; int rv; if (!unformat_user (input, unformat_line_input, line_input)) return 0; wg_feature_init (wmp); while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT) { if (unformat (line_input, "public-key %s", &public_key_64)) { if (!(key_from_base64 (public_key_64, NOISE_KEY_LEN_BASE64, public_key))) { error = clib_error_return (0, "Error parsing private key"); goto done; } } else if (unformat (line_input, "endpoint %U", unformat_ip_address, &ip)) ; else if (unformat (line_input, "table-id %d", &table_id)) ; else if (unformat (line_input, "port %d", &portDst)) ; else if (unformat (line_input, "persistent-keepalive %d", &persistent_keepalive)) ; else if (unformat (line_input, "allowed-ip %U", unformat_ip_prefix, &pfx)) { ip_prefix_to_fib_prefix (&pfx, &allowed_ip); vec_add1 (allowed_ips, allowed_ip); } else if (unformat (line_input, "%U", unformat_vnet_sw_interface, vnm, &tun_sw_if_index)) ; else { error = clib_error_return (0, "Input error"); goto done; } } if (AF_IP6 == ip_addr_version (&ip) || FIB_PROTOCOL_IP6 == allowed_ip.fp_proto) rv = VNET_API_ERROR_INVALID_PROTOCOL; else rv = wg_peer_add (tun_sw_if_index, public_key, table_id, &ip_addr_46 (&ip), allowed_ips, portDst, persistent_keepalive, &peer_index); switch (rv) { case VNET_API_ERROR_KEY_LENGTH: error = clib_error_return (0, "Error parsing public key"); break; case VNET_API_ERROR_ENTRY_ALREADY_EXISTS: error = clib_error_return (0, "Peer already exist"); break; case VNET_API_ERROR_INVALID_SW_IF_INDEX: error = clib_error_return (0, "Tunnel is not specified"); break; case VNET_API_ERROR_LIMIT_EXCEEDED: error = clib_error_return (0, "Max peers limit"); break; case VNET_API_ERROR_INIT_FAILED: error = clib_error_return (0, "wireguard device parameters is not set"); break; case VNET_API_ERROR_INVALID_PROTOCOL: error = clib_error_return (0, "ipv6 not supported yet"); break; } done: vec_free (public_key_64); vec_free (allowed_ips); unformat_free (line_input); return error; } /* *INDENT-OFF* */ VLIB_CLI_COMMAND (wg_peer_add_command, static) = { .path = "wireguard peer add", .short_help = "wireguard peer add <wg_int> public-key <pub_key_other>" "endpoint <ip4_dst> allowed-ip <prefix>" "dst-port [port_dst] persistent-keepalive [keepalive_interval]", .function = wg_peer_add_command_fn, }; /* *INDENT-ON* */ static clib_error_t * wg_peer_remove_command_fn (vlib_main_t * vm, unformat_input_t * input, vlib_cli_command_t * cmd) { wg_main_t *wmp = &wg_main; clib_error_t *error = NULL; u32 peer_index; int rv; unformat_input_t _line_input, *line_input = &_line_input; if (!unformat_user (input, unformat_line_input, line_input)) return 0; wg_feature_init (wmp); if (unformat (line_input, "%d", &peer_index)) ; else { error = clib_error_return (0, "Input error"); goto done; } rv = wg_peer_remove (peer_index); switch (rv) { case VNET_API_ERROR_KEY_LENGTH: error = clib_error_return (0, "Error parsing public key"); break; } done: unformat_free (line_input); return error; } /* *INDENT-OFF* */ VLIB_CLI_COMMAND (wg_peer_remove_command, static) = { .path = "wireguard peer remove", .short_help = "wireguard peer remove <index>", .function = wg_peer_remove_command_fn, }; /* *INDENT-ON* */ static walk_rc_t wg_peer_show_one (index_t peeri, void *arg) { vlib_cli_output (arg, "%U", format_wg_peer, peeri); return (WALK_CONTINUE); } static clib_error_t * wg_show_peer_command_fn (vlib_main_t * vm, unformat_input_t * input, vlib_cli_command_t * cmd) { wg_peer_walk (wg_peer_show_one, vm); return NULL; } /* *INDENT-OFF* */ VLIB_CLI_COMMAND (wg_show_peers_command, static) = { .path = "show wireguard peer", .short_help = "show wireguard peer", .function = wg_show_peer_command_fn, }; /* *INDENT-ON* */ static walk_rc_t wg_if_show_one (index_t itfi, void *arg) { vlib_cli_output (arg, "%U", format_wg_if, itfi); return (WALK_CONTINUE); } static clib_error_t * wg_show_if_command_fn (vlib_main_t * vm, unformat_input_t * input, vlib_cli_command_t * cmd) { wg_main_t *wmp = &wg_main; wg_feature_init (wmp); wg_if_walk (wg_if_show_one, vm); return NULL; } /* *INDENT-OFF* */ VLIB_CLI_COMMAND (wg_show_itfs_command, static) = { .path = "show wireguard interface", .short_help = "show wireguard", .function = wg_show_if_command_fn, }; /* *INDENT-ON* */ /* * fd.io coding-style-patch-verification: ON * * Local Variables: * eval: (c-set-style "gnu") * End: */