wg_cookie: add cookie_valid bool

Primarily this commit adds a cookie_valid state, to prevent a recently
booted machine from sending a mac2. We also do a little bit of reworking
on locking and a fixup for int to bool.

There is one slight difference to cookie_valid (latest_cookie.is_valid)
on Linux and that is to set cookie_valid to false when the
cookie_birthdate has expired. The purpose of this is to prevent the
expensive timer check after it has expired.

For the locking, we want to hold a write lock in cookie_maker_mac
because we write to mac1_last, mac1_valid and cookie_valid. This
wouldn't cause too much contention as this is a per peer lock and we
only do so when sending handshake packets. This is different from Linux
as Linux writes all it's variables at the start, then downgrades to a
read lock.

We also match cookie_maker_consume_payload locking to Linux, that is to
read lock while checking mac1_valid and decrypting the cookie then take
a write lock to set the cookie.

Signed-off-by: Matt Dunwoodie <ncon@noconroy.net>

1 files changed, 3 insertions, 2 deletions

diff --git a/src/wg_cookie.h b/src/wg_cookie.h
index 3ffa7aa..3dc1977 100644
--- a/src/wg_cookie.h
+++ b/src/wg_cookie.h
@@ -33,8 +33,9 @@ struct cookie_maker {
 	uint8_t		cp_cookie_key[COOKIE_KEY_SIZE];
 
 	struct rwlock	cp_lock;
+	bool		cp_cookie_valid;
 	uint8_t		cp_cookie[COOKIE_COOKIE_SIZE];
-	sbintime_t	cp_birthdate;	/* sbinuptime */
+	sbintime_t	cp_cookie_birthdate;	/* sbinuptime */
 	bool		cp_mac1_valid;
 	uint8_t		cp_mac1_last[COOKIE_MAC_SIZE];
 };
@@ -63,7 +64,7 @@ int	cookie_maker_consume_payload(struct cookie_maker *,
 void	cookie_maker_mac(struct cookie_maker *, struct cookie_macs *,
 	    void *, size_t);
 int	cookie_checker_validate_macs(struct cookie_checker *,
-	    struct cookie_macs *, void *, size_t, int, struct sockaddr *);
+	    struct cookie_macs *, void *, size_t, bool, struct sockaddr *);
 
 #ifdef SELFTESTS
 void	cookie_selftest(void);