Add ChaCha20-Poly1305 cipher algorithm

Latest WDK includes compile-time support for it,
and it is available in runtime starting from Windows 11.

While on it, add missing BCryptCloseAlorighmProvider calls.

Bump version to 0.6.7.

Signed-off-by: Lev Stipakov <[email protected]>

Author: lstipakov

PropertySheet.props

@@ -4,7 +4,7 @@
   <PropertyGroup Label="UserMacros">
     <OVPN_DCO_VERSION_MAJOR>0</OVPN_DCO_VERSION_MAJOR>
     <OVPN_DCO_VERSION_MINOR>6</OVPN_DCO_VERSION_MINOR>
-    <OVPN_DCO_VERSION_PATCH>6</OVPN_DCO_VERSION_PATCH>
+    <OVPN_DCO_VERSION_PATCH>7</OVPN_DCO_VERSION_PATCH>
     <NETADAPTER_INC_PATH>$(DDK_INC_PATH)\netcx\kmdf\adapter\2.0\</NETADAPTER_INC_PATH>
     <NETADAPTER_LIB_PATH>$(DDK_LIB_PATH)\netcx\kmdf\adapter\2.0\</NETADAPTER_LIB_PATH>
   </PropertyGroup>

crypto.cpp

@@ -86,16 +86,31 @@ OvpnCryptoEncryptNone(OvpnCryptoKeySlot* keySlot, UCHAR* buf, SIZE_T len)
 
 _Use_decl_annotations_
 NTSTATUS
-OvpnCryptoInitAlgHandle(BCRYPT_ALG_HANDLE* algHandle)
+OvpnCryptoInitAlgHandles(BCRYPT_ALG_HANDLE* aesAlgHandle, BCRYPT_ALG_HANDLE* chachaAlgHandle)
 {
     NTSTATUS status;
-    GOTO_IF_NOT_NT_SUCCESS(done, status, BCryptOpenAlgorithmProvider(algHandle, BCRYPT_AES_ALGORITHM, NULL, BCRYPT_PROV_DISPATCH));
-    GOTO_IF_NOT_NT_SUCCESS(done, status, BCryptSetProperty(*algHandle, BCRYPT_CHAINING_MODE, (PUCHAR)BCRYPT_CHAIN_MODE_GCM, sizeof(BCRYPT_CHAIN_MODE_GCM), 0));
+    GOTO_IF_NOT_NT_SUCCESS(done, status, BCryptOpenAlgorithmProvider(aesAlgHandle, BCRYPT_AES_ALGORITHM, NULL, BCRYPT_PROV_DISPATCH));
+    GOTO_IF_NOT_NT_SUCCESS(done, status, BCryptSetProperty(*aesAlgHandle, BCRYPT_CHAINING_MODE, (PUCHAR)BCRYPT_CHAIN_MODE_GCM, sizeof(BCRYPT_CHAIN_MODE_GCM), 0));
 
+    // available starting from Windows 11
+    LOG_IF_NOT_NT_SUCCESS(BCryptOpenAlgorithmProvider(chachaAlgHandle, BCRYPT_CHACHA20_POLY1305_ALGORITHM, NULL, BCRYPT_PROV_DISPATCH));
 done:
     return status;
 }
 
+_Use_decl_annotations_
+VOID
+OvpnCryptoUninitAlgHandles(_In_ BCRYPT_ALG_HANDLE aesAlgHandle, BCRYPT_ALG_HANDLE chachaAlgHandle)
+{
+    if (aesAlgHandle) {
+        LOG_IF_NOT_NT_SUCCESS(BCryptCloseAlgorithmProvider(aesAlgHandle, 0));
+    }
+
+    if (chachaAlgHandle) {
+        LOG_IF_NOT_NT_SUCCESS(BCryptCloseAlgorithmProvider(chachaAlgHandle, 0));
+    }
+}
+
 #define GET_SYSTEM_ADDRESS_MDL(buf, mdl) { \
     buf = (PUCHAR)MmGetSystemAddressForMdlSafe(mdl, LowPagePriority | MdlMappingNoExecute); \
     if (buf == NULL) { \
@@ -222,7 +237,7 @@ OvpnCryptoNewKey(OvpnCryptoContext* cryptoContext, POVPN_CRYPTO_DATA cryptoData)
         return STATUS_INVALID_DEVICE_REQUEST;
     }
 
-    if (cryptoData->CipherAlg == OVPN_CIPHER_ALG_AES_GCM) {
+    if ((cryptoData->CipherAlg == OVPN_CIPHER_ALG_AES_GCM) || (cryptoData->CipherAlg == OVPN_CIPHER_ALG_CHACHA20_POLY1305)) {
         // destroy previous keys
         if (keySlot->EncKey) {
             BCryptDestroyKey(keySlot->EncKey);
@@ -234,9 +249,22 @@ OvpnCryptoNewKey(OvpnCryptoContext* cryptoContext, POVPN_CRYPTO_DATA cryptoData)
             keySlot->DecKey = NULL;
         }
 
+        BCRYPT_ALG_HANDLE algHandle = NULL;
+        if (cryptoData->CipherAlg == OVPN_CIPHER_ALG_AES_GCM) {
+            algHandle = cryptoContext->AesAlgHandle;
+        }
+        else {
+            if (cryptoContext->ChachaAlgHandle == NULL) {
+                LOG_ERROR("CHACHA20-POLY1305 is not available");
+                status = STATUS_INVALID_DEVICE_REQUEST;
+                goto done;
+            }
+            algHandle = cryptoContext->ChachaAlgHandle;
+        }
+
         // generate keys from key materials
-        GOTO_IF_NOT_NT_SUCCESS(done, status, BCryptGenerateSymmetricKey(cryptoContext->AlgHandle, &keySlot->EncKey, NULL, 0, cryptoData->Encrypt.Key, cryptoData->Encrypt.KeyLen, 0));
-        GOTO_IF_NOT_NT_SUCCESS(done, status, BCryptGenerateSymmetricKey(cryptoContext->AlgHandle, &keySlot->DecKey, NULL, 0, cryptoData->Decrypt.Key, cryptoData->Decrypt.KeyLen, 0));
+        GOTO_IF_NOT_NT_SUCCESS(done, status, BCryptGenerateSymmetricKey(algHandle, &keySlot->EncKey, NULL, 0, cryptoData->Encrypt.Key, cryptoData->Encrypt.KeyLen, 0));
+        GOTO_IF_NOT_NT_SUCCESS(done, status, BCryptGenerateSymmetricKey(algHandle, &keySlot->DecKey, NULL, 0, cryptoData->Decrypt.Key, cryptoData->Decrypt.KeyLen, 0));
 
         // copy nonce tails
         RtlCopyMemory(keySlot->EncNonceTail, cryptoData->Encrypt.NonceTail, sizeof(cryptoData->Encrypt.NonceTail));
@@ -250,7 +278,8 @@ OvpnCryptoNewKey(OvpnCryptoContext* cryptoContext, POVPN_CRYPTO_DATA cryptoData)
 
         cryptoContext->CryptoOverhead = AEAD_CRYPTO_OVERHEAD;
 
-        LOG_INFO("Key installed", TraceLoggingValue(cryptoData->KeyId, "KeyId"), TraceLoggingValue(cryptoData->KeyId, "PeerId"));
+        LOG_INFO("New key", TraceLoggingValue(cryptoData->CipherAlg == OVPN_CIPHER_ALG_AES_GCM ? "aes-gcm" : "chacha20-poly1305", "alg"),
+            TraceLoggingValue(cryptoData->KeyId, "KeyId"), TraceLoggingValue(cryptoData->KeyId, "PeerId"));
     }
     else if (cryptoData->CipherAlg == OVPN_CIPHER_ALG_NONE) {
         cryptoContext->Encrypt = OvpnCryptoEncryptNone;

crypto.h

@@ -75,7 +75,8 @@ typedef OVPN_CRYPTO_DECRYPT* POVPN_CRYPTO_DECRYPT;
 
 struct OvpnCryptoContext
 {
-    BCRYPT_ALG_HANDLE AlgHandle;
+    BCRYPT_ALG_HANDLE AesAlgHandle;
+    BCRYPT_ALG_HANDLE ChachaAlgHandle;
 
     OvpnCryptoKeySlot Primary;
     OvpnCryptoKeySlot Secondary;
@@ -89,7 +90,11 @@ struct OvpnCryptoContext
 _Must_inspect_result_
 _IRQL_requires_(PASSIVE_LEVEL)
 NTSTATUS
-OvpnCryptoInitAlgHandle(_Outptr_ BCRYPT_ALG_HANDLE* algHandle);
+OvpnCryptoInitAlgHandles(_Outptr_ BCRYPT_ALG_HANDLE* aesAlgHandle, _Outptr_ BCRYPT_ALG_HANDLE* chachaAlgHandle);
+
+_IRQL_requires_(PASSIVE_LEVEL)
+VOID
+OvpnCryptoUninitAlgHandles(_In_ BCRYPT_ALG_HANDLE aesAlgHandle, BCRYPT_ALG_HANDLE chachaAlgHandle);
 
 VOID
 OvpnCryptoUninit(_In_ OvpnCryptoContext* cryptoContext);

peer.cpp

@@ -72,12 +72,13 @@ OvpnPeerNew(POVPN_DEVICE device, WDFREQUEST request)
     GOTO_IF_NOT_NT_SUCCESS(done, status, OvpnSocketInit(&driver->WskProviderNpi, peer->Local.Addr4.sin_family, proto_tcp, (PSOCKADDR)&peer->Local,
         (PSOCKADDR)&peer->Remote, remoteAddrSize, device, &socket));
 
-    BCRYPT_ALG_HANDLE algHandle;
-    GOTO_IF_NOT_NT_SUCCESS(done, status, OvpnCryptoInitAlgHandle(&algHandle));
+    BCRYPT_ALG_HANDLE aesAlgHandle = NULL, chachaAlgHandle = NULL;
+    GOTO_IF_NOT_NT_SUCCESS(done, status, OvpnCryptoInitAlgHandles(&aesAlgHandle, &chachaAlgHandle));
 
     KIRQL kirql = ExAcquireSpinLockExclusive(&device->SpinLock);
     RtlZeroMemory(&device->CryptoContext, sizeof(OvpnCryptoContext));
-    device->CryptoContext.AlgHandle = algHandle;
+    device->CryptoContext.AesAlgHandle = aesAlgHandle;
+    device->CryptoContext.ChachaAlgHandle = chachaAlgHandle;
     device->Socket.Socket = socket;
     device->Socket.Tcp = proto_tcp;
     RtlZeroMemory(&device->Socket.TcpState, sizeof(OvpnSocketTcpState));
@@ -221,6 +222,8 @@ OvpnPeerUninit(POVPN_DEVICE device)
 
     LOG_INFO("Uninitializing peer");
 
+    BCRYPT_ALG_HANDLE aesAlgHandle = NULL, chachaAlgHandle = NULL;
+
     KIRQL kirql = ExAcquireSpinLockExclusive(&device->SpinLock);
 
     PWSK_SOCKET socket = device->Socket.Socket;
@@ -229,13 +232,18 @@ OvpnPeerUninit(POVPN_DEVICE device)
     OvpnTimerDestroy(&device->KeepaliveXmitTimer);
     OvpnTimerDestroy(&device->KeepaliveRecvTimer);
 
+    aesAlgHandle = device->CryptoContext.AesAlgHandle;
+    chachaAlgHandle = device->CryptoContext.ChachaAlgHandle;
+
     OvpnCryptoUninit(&device->CryptoContext);
 
     InterlockedExchange(&device->UserspacePid, 0);
 
     // OvpnAdapterDestroy and OvpnUdpCloseSocket require PASSIVE_LEVEL, so must release lock
     ExReleaseSpinLockExclusive(&device->SpinLock, kirql);
 
+    OvpnCryptoUninitAlgHandles(aesAlgHandle, chachaAlgHandle);
+
     LOG_IF_NOT_NT_SUCCESS(OvpnSocketClose(socket));
 
     OvpnAdapterDestroy(device->Adapter);