wg_cookie: add cookie_valid bool

Primarily this commit adds a cookie_valid state, to prevent a recently
booted machine from sending a mac2. We also do a little bit of reworking
on locking and a fixup for int to bool.

There is one slight difference to cookie_valid (latest_cookie.is_valid)
on Linux and that is to set cookie_valid to false when the
cookie_birthdate has expired. The purpose of this is to prevent the
expensive timer check after it has expired.

For the locking, we want to hold a write lock in cookie_maker_mac
because we write to mac1_last, mac1_valid and cookie_valid. This
wouldn't cause too much contention as this is a per peer lock and we
only do so when sending handshake packets. This is different from Linux
as Linux writes all it's variables at the start, then downgrades to a
read lock.

We also match cookie_maker_consume_payload locking to Linux, that is to
read lock while checking mac1_valid and decrypting the cookie then take
a write lock to set the cookie.

Signed-off-by: Matt Dunwoodie <ncon@noconroy.net>

1 files changed, 0 insertions, 3 deletions

diff --git a/TODO.md b/TODO.md
index 5f68380..3d13a8f 100644
--- a/TODO.md
+++ b/TODO.md
@@ -9,9 +9,6 @@
   permissions in another.)
 - Make code style consistent with one FreeBSD way, rather than a mix of styles.
 - Make sure noise state machine is correct.
-- The cookie logic appears to be broken in unusual ways, in particular right
-  after boot up. Audit and compare all `is_valid` checks, as well as
-  `have_sent_mac1` guards.
 - Investigate whether the allowed ips lookup structure needs reference
   counting.
 - Handle failures of `rn_inithead` and remember to call `rn_detachhead`