if_wg: import latest wg_noise.{c,h}

Note: this is a partial diff, introducing temporary bugs that will be
resolved in following commits, detailed below.

This commit brings wg_noise.{c,h} up to date with wireguard-openbsd. The
primary motivator for this large patchset is to allow checking nonces
serial, requiring a reference to the receiving keypair across noise_*
calls. Due to requiring reference counting on the keypairs, we also take
this opportunity to throw away the old locking and bring in EPOCH
(roughly equivalent to SMR on OpenBSD and RCU on Linux).

The changes to if_wg.c are purely to allow it to compile, there are most
certainly refcount leaks present (to be addressed in the following
commits). Readers should review wg_noise.{c,h} in their entirety rather
than the diffs, as there are significant changes. if_wg.c can be
reviewed, but must be contextualised with the following commits
(repace wg_tag with wg_packet, encrypt mbuf in place).

Signed-off-by: Matt Dunwoodie <ncon@noconroy.net>

1 files changed, 0 insertions, 2 deletions

diff --git a/TODO.md b/TODO.md
index b525083..0f4e634 100644
--- a/TODO.md
+++ b/TODO.md
@@ -12,8 +12,6 @@
 - Resize mbufs once at the beginning, and then encrypt/decrypt in place, rather
   than making a new mbuf and copying. (Remember to clear the tags and other
   pieces of metadata before passing it off to udp sending or netisr receiving.)
-- Check nonces in serial, rather than in parallel. (This requires taking a
-  keypair reference; ncon is working on it.)
 - Audit allowedips / radix tree checks, and make sure it's actually behaving as
   expected. (It might be useful to port [this selftest](https://git.zx2c4.com/wireguard-linux/tree/drivers/net/wireguard/selftest/allowedips.c).)
 - Make code style consistent with one FreeBSD way, rather than a mix of styles.