From 35ca9a2a19b475a842d7cc9f4ddef11b7a051687 Mon Sep 17 00:00:00 2001
From: Daniel Micay <daniel.micay@grapheneos.org>
Date: Sun, 14 Sep 2025 22:52:00 -0400
Subject: [PATCH] allow server TCP Fast Open and rotate the keys

This needs to be configured by specific services to have any effect. For
now, we're only enabling it for the PowerDNS Authoritative Server and
dnsdist since it's recommended by RFC 9210 and actively used by various
recursive resolver servers when falling back to TCP. TCP Fast Open is
rarely used from end user devices due to it enabling tracking and having
issues with middleboxes. We aren't going to start using it anywhere in
GrapheneOS but may have more server-side uses for it. This functionality
is built into QUIC without the same downsides but QUIC support in the
software we use is not ready for us to enable it, especially the very
primitive support in nginx.

For most servers, a new random TCP Fast Open key is created on a daily
basis and the previous key continues to be accepted. For DNS servers,
the new key is generated via a keyed hash of the current date in order
to keep it consistent across servers providing an anycast IP without it
needing regular synchronization.
---
 etc/sysctl.d/60-local.conf                    |  3 +++
 .../system/tcp-fastopen-rotate-keys.service   |  7 +++++++
 .../system/tcp-fastopen-rotate-keys.timer     |  9 +++++++++
 packages/0.ns1.grapheneos.org                 |  1 +
 packages/0.ns2.grapheneos.org                 |  1 +
 packages/1.ns1.grapheneos.org                 |  1 +
 packages/1.ns2.grapheneos.org                 |  1 +
 packages/2.ns1.grapheneos.org                 |  1 +
 packages/2.ns2.grapheneos.org                 |  1 +
 packages/3.ns1.grapheneos.org                 |  1 +
 packages/ns1.staging.grapheneos.org           |  1 +
 tcp-fastopen-rotate-keys                      | 20 +++++++++++++++++++
 12 files changed, 47 insertions(+)
 create mode 100644 etc/systemd/system/tcp-fastopen-rotate-keys.service
 create mode 100644 etc/systemd/system/tcp-fastopen-rotate-keys.timer
 create mode 100755 tcp-fastopen-rotate-keys

diff --git a/etc/sysctl.d/60-local.conf b/etc/sysctl.d/60-local.conf
index 66fe0a0..7847d85 100644
--- a/etc/sysctl.d/60-local.conf
+++ b/etc/sysctl.d/60-local.conf
@@ -37,6 +37,9 @@ net.ipv4.tcp_retries2 = 8
 # 25.4s with minimum 0.2s RTO
 net.ipv4.tcp_orphan_retries = 6
 
+# keys are rotated by tcp-fastopen-rotate-keys.timer
+net.ipv4.tcp_fastopen = 3
+
 net.mptcp.enabled = 0
 
 net.netfilter.nf_conntrack_tcp_loose = 0
diff --git a/etc/systemd/system/tcp-fastopen-rotate-keys.service b/etc/systemd/system/tcp-fastopen-rotate-keys.service
new file mode 100644
index 0000000..11a3166
--- /dev/null
+++ b/etc/systemd/system/tcp-fastopen-rotate-keys.service
@@ -0,0 +1,7 @@
+[Unit]
+Description=Rotate TCP Fast Open keys
+
+[Service]
+ExecStart=/usr/local/bin/tcp-fastopen-rotate-keys
+Type=oneshot
+UMask=0077
diff --git a/etc/systemd/system/tcp-fastopen-rotate-keys.timer b/etc/systemd/system/tcp-fastopen-rotate-keys.timer
new file mode 100644
index 0000000..c6e4bbf
--- /dev/null
+++ b/etc/systemd/system/tcp-fastopen-rotate-keys.timer
@@ -0,0 +1,9 @@
+[Unit]
+Description=Run tcp-fastopen-rotate-keys daily
+
+[Timer]
+OnCalendar=daily UTC
+Persistent=true
+
+[Install]
+WantedBy=timers.target
diff --git a/packages/0.ns1.grapheneos.org b/packages/0.ns1.grapheneos.org
index 55dd626..9250e5a 100644
--- a/packages/0.ns1.grapheneos.org
+++ b/packages/0.ns1.grapheneos.org
@@ -1,3 +1,4 @@
+b3sum
 base
 bird
 certbot
diff --git a/packages/0.ns2.grapheneos.org b/packages/0.ns2.grapheneos.org
index 7082a33..493059f 100644
--- a/packages/0.ns2.grapheneos.org
+++ b/packages/0.ns2.grapheneos.org
@@ -1,3 +1,4 @@
+b3sum
 base
 certbot
 chrony
diff --git a/packages/1.ns1.grapheneos.org b/packages/1.ns1.grapheneos.org
index b094b2d..c7223d1 100644
--- a/packages/1.ns1.grapheneos.org
+++ b/packages/1.ns1.grapheneos.org
@@ -1,3 +1,4 @@
+b3sum
 base
 bird
 chrony
diff --git a/packages/1.ns2.grapheneos.org b/packages/1.ns2.grapheneos.org
index 60cf59f..81d0975 100644
--- a/packages/1.ns2.grapheneos.org
+++ b/packages/1.ns2.grapheneos.org
@@ -1,3 +1,4 @@
+b3sum
 base
 chrony
 cloud-guest-utils
diff --git a/packages/2.ns1.grapheneos.org b/packages/2.ns1.grapheneos.org
index b094b2d..c7223d1 100644
--- a/packages/2.ns1.grapheneos.org
+++ b/packages/2.ns1.grapheneos.org
@@ -1,3 +1,4 @@
+b3sum
 base
 bird
 chrony
diff --git a/packages/2.ns2.grapheneos.org b/packages/2.ns2.grapheneos.org
index 60cf59f..81d0975 100644
--- a/packages/2.ns2.grapheneos.org
+++ b/packages/2.ns2.grapheneos.org
@@ -1,3 +1,4 @@
+b3sum
 base
 chrony
 cloud-guest-utils
diff --git a/packages/3.ns1.grapheneos.org b/packages/3.ns1.grapheneos.org
index b094b2d..c7223d1 100644
--- a/packages/3.ns1.grapheneos.org
+++ b/packages/3.ns1.grapheneos.org
@@ -1,3 +1,4 @@
+b3sum
 base
 bird
 chrony
diff --git a/packages/ns1.staging.grapheneos.org b/packages/ns1.staging.grapheneos.org
index 55dd626..9250e5a 100644
--- a/packages/ns1.staging.grapheneos.org
+++ b/packages/ns1.staging.grapheneos.org
@@ -1,3 +1,4 @@
+b3sum
 base
 bird
 certbot
diff --git a/tcp-fastopen-rotate-keys b/tcp-fastopen-rotate-keys
new file mode 100755
index 0000000..9e15c34
--- /dev/null
+++ b/tcp-fastopen-rotate-keys
@@ -0,0 +1,20 @@
+#!/bin/bash
+
+set -o errexit -o nounset -o pipefail
+
+umask 077
+
+if [[ -e /etc/tcp_fastopen_seed ]]; then
+    rand=$(b3sum --keyed -l 16 --no-names </etc/tcp_fastopen_seed <(date -uI))
+else
+    rand=$(openssl rand -hex 16)
+fi
+
+new_key=${rand:0:8}-${rand:8:8}-${rand:16:8}-${rand:24:8}
+echo new_key: $new_key
+
+old_key="$(sysctl net.ipv4.tcp_fastopen_key | awk '{ print $3 }' | cut -d ',' -f 1)"
+echo old_key: $old_key
+
+echo "net.ipv4.tcp_fastopen_key=$new_key,$old_key" >/etc/sysctl.d/50-tcp_fastopen_key.conf
+sysctl -p /etc/sysctl.d/50-tcp_fastopen_key.conf