wg_noise: check keypair recvwith after nonce

Signed-off-by: Matt Dunwoodie <ncon@noconroy.net>
author: Matt Dunwoodie <ncon@noconroy.net> 2021-04-20 10:28:17 +1000
committer: Matt Dunwoodie <ncon@noconroy.net> 2021-04-20 10:52:36 +1000
commit: a0261bb3935de89ba8a8218e83eefcc5f54b567b (patch)
tree: 1f0cc05ef2fd6b18e1b87a55107ed96100479be0 /src/wg_noise.c
parent: wg_noise: use sbintime_t instead of timespec (diff)
download: wireguard-freebsd-a0261bb3935de89ba8a8218e83eefcc5f54b567b.tar.xz
wireguard-freebsd-a0261bb3935de89ba8a8218e83eefcc5f54b567b.zip
1 files changed, 25 insertions, 29 deletions
diff --git a/src/wg_noise.c b/src/wg_noise.c
index f12c557..4ecc368 100644
--- a/src/wg_noise.c
+++ b/src/wg_noise.c
@@ -130,7 +130,6 @@ static int	noise_remote_index_remove(struct noise_local *, struct noise_remote *
 static void	noise_remote_expire_current(struct noise_remote *);
 
 static void	noise_add_new_keypair(struct noise_local *, struct noise_remote *, struct noise_keypair *);
-static int	noise_received_with(struct noise_keypair *);
 static int	noise_begin_session(struct noise_remote *);
 static void	noise_keypair_drop(struct noise_keypair *);
 
@@ -608,31 +607,6 @@ noise_add_new_keypair(struct noise_local *l, struct noise_remote *r,
 }
 
 static int
-noise_received_with(struct noise_keypair *kp)
-{
-	struct noise_keypair *old;
-	struct noise_remote *r = kp->kp_remote;
-
-	if (kp != epoch_ptr_read(&r->r_next))
-		return (0);
-
-	rw_wlock(&r->r_keypair_lock);
-	if (kp != epoch_ptr_read(&r->r_next)) {
-		rw_wunlock(&r->r_keypair_lock);
-		return (0);
-	}
-
-	old = epoch_ptr_read(&r->r_previous);
-	epoch_ptr_write(&r->r_previous, epoch_ptr_read(&r->r_current));
-	noise_keypair_drop(old);
-	epoch_ptr_write(&r->r_current, kp);
-	epoch_ptr_write(&r->r_next, NULL);
-	rw_wunlock(&r->r_keypair_lock);
-
-	return (ECONNRESET);
-}
-
-static int
 noise_begin_session(struct noise_remote *r)
 {
 	struct noise_keypair *kp;
@@ -713,6 +687,31 @@ noise_keypair_ref(struct noise_keypair *kp)
 	return (kp);
 }
 
+int
+noise_keypair_received_with(struct noise_keypair *kp)
+{
+	struct noise_keypair *old;
+	struct noise_remote *r = kp->kp_remote;
+
+	if (kp != epoch_ptr_read(&r->r_next))
+		return (0);
+
+	rw_wlock(&r->r_keypair_lock);
+	if (kp != epoch_ptr_read(&r->r_next)) {
+		rw_wunlock(&r->r_keypair_lock);
+		return (0);
+	}
+
+	old = epoch_ptr_read(&r->r_previous);
+	epoch_ptr_write(&r->r_previous, epoch_ptr_read(&r->r_current));
+	noise_keypair_drop(old);
+	epoch_ptr_write(&r->r_current, kp);
+	epoch_ptr_write(&r->r_next, NULL);
+	rw_wunlock(&r->r_keypair_lock);
+
+	return (ECONNRESET);
+}
+
 static void
 noise_keypair_smr_free(struct epoch_context *smr)
 {
@@ -876,9 +875,6 @@ noise_keypair_decrypt(struct noise_keypair *kp, uint64_t nonce, struct mbuf *m)
 	if (chacha20poly1305_decrypt_mbuf(m, nonce, kp->kp_recv) == 0)
 		return (EINVAL);
 
-	if (noise_received_with(kp) != 0)
-		return (ECONNRESET);
-
 	return (0);
 }
author	Matt Dunwoodie <ncon@noconroy.net>	2021-04-20 10:28:17 +1000
committer	Matt Dunwoodie <ncon@noconroy.net>	2021-04-20 10:52:36 +1000
commit	a0261bb3935de89ba8a8218e83eefcc5f54b567b (patch)
tree	1f0cc05ef2fd6b18e1b87a55107ed96100479be0 /src/wg_noise.c
parent	wg_noise: use sbintime_t instead of timespec (diff)
download	wireguard-freebsd-a0261bb3935de89ba8a8218e83eefcc5f54b567b.tar.xz wireguard-freebsd-a0261bb3935de89ba8a8218e83eefcc5f54b567b.zip