aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorMatt Dunwoodie <ncon@mail.noconroy.net>2019-09-22 23:15:08 +0200
committerMatt Dunwoodie <ncon@mail.noconroy.net>2019-09-22 23:16:26 +0200
commit3123c4ec9cc80882256ea405a4d0e0ffcbb745c7 (patch)
treec7a15c2cd86a673f2b0c17ad7b31605b7907c73f
parentRename WG_PKT_STATE_PASS to WG_PKT_STATE_REQUEUED (diff)
downloadwireguard-openbsd-3123c4ec9cc80882256ea405a4d0e0ffcbb745c7.tar.xz
wireguard-openbsd-3123c4ec9cc80882256ea405a4d0e0ffcbb745c7.zip
Move antireplay to it's own header
For the time being, this is going to require static functions as antireplay.h is included in multiple source files.
-rw-r--r--src/Makefile5
-rw-r--r--src/antireplay.h71
-rwxr-xr-xsrc/clean_patch.sh1
-rw-r--r--src/wireguard.c45
-rw-r--r--src/wireguard.h11
5 files changed, 82 insertions, 51 deletions
diff --git a/src/Makefile b/src/Makefile
index aa825dd..785bb6d 100644
--- a/src/Makefile
+++ b/src/Makefile
@@ -60,6 +60,9 @@ sysctl: patch_sysctl
/usr/src/sys/sys/bloombucket.h: bloombucket.h
cp bloombucket.h /usr/src/sys/sys/bloombucket.h
+/usr/src/sys/sys/antireplay.h: antireplay.h
+ cp antireplay.h /usr/src/sys/sys/antireplay.h
+
/usr/src/sys/sys/fixedmap.h: fixedmap.h
cp fixedmap.h /usr/src/sys/sys/fixedmap.h
@@ -107,7 +110,7 @@ sysctl: patch_sysctl
patch -uN /usr/src/distrib/sets/lists/man/mi < patches/man_mi.patch || touch /usr/src/distrib/sets/lists/man/mi
.PHONY:
-patch_kernel: /usr/src/sys/net/wireguard.c /usr/src/sys/net/wireguard.h /usr/src/sys/crypto/blake2s.c /usr/src/sys/crypto/blake2s.h /usr/src/sys/crypto/curve25519.c /usr/src/sys/crypto/curve25519.h /usr/src/sys/crypto/chacha_private.h /usr/src/sys/crypto/chachapoly.h /usr/src/sys/crypto/chachapoly.c /usr/src/sys/conf/files /usr/src/sys/conf/GENERIC /usr/src/sys/netinet/in_pcb.h /usr/src/sys/netinet/udp_usrreq.c /usr/src/sys/net/if_wg.c /usr/src/sys/net/if_wg.h /usr/src/sys/sys/bloombucket.h /usr/src/sys/sys/fixedmap.h /usr/src/sys/kern/uipc_mbuf.c /usr/src/sys/sys/mpq.h
+patch_kernel: /usr/src/sys/net/wireguard.c /usr/src/sys/net/wireguard.h /usr/src/sys/crypto/blake2s.c /usr/src/sys/crypto/blake2s.h /usr/src/sys/crypto/curve25519.c /usr/src/sys/crypto/curve25519.h /usr/src/sys/crypto/chacha_private.h /usr/src/sys/crypto/chachapoly.h /usr/src/sys/crypto/chachapoly.c /usr/src/sys/conf/files /usr/src/sys/conf/GENERIC /usr/src/sys/netinet/in_pcb.h /usr/src/sys/netinet/udp_usrreq.c /usr/src/sys/net/if_wg.c /usr/src/sys/net/if_wg.h /usr/src/sys/sys/bloombucket.h /usr/src/sys/sys/fixedmap.h /usr/src/sys/kern/uipc_mbuf.c /usr/src/sys/sys/mpq.h /usr/src/sys/sys/antireplay.h
.PHONY:
patch_userspace: /usr/src/usr.bin/kdump/mkioctls /usr/src/usr.bin/kdump/Makefile /usr/src/distrib/sets/lists/comp/mi
diff --git a/src/antireplay.h b/src/antireplay.h
new file mode 100644
index 0000000..0df6a5f
--- /dev/null
+++ b/src/antireplay.h
@@ -0,0 +1,71 @@
+/*
+ * Copyright (c) 2019 Matt Dunwoodie <ncon@noconroy.net>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#ifndef __ANTIREPLAY_H__
+#define __ANTIREPLAY_H__
+
+#define ARI_BITS (sizeof(uint64_t) * 8)
+#define ARB_BITS (1<<10) /* 1024 bitmap (960 usable) */
+
+struct antireplay {
+ uint64_t ar_head;
+ uint64_t ar_bitmap[ARB_BITS / ARI_BITS];
+};
+
+static void antireplay_init(struct antireplay *);
+static int antireplay_update(struct antireplay *, uint64_t);
+
+/*
+ * The following defines assist the antireplay_check function. *
+ * ANTIREPLAY_INTEGER: the integer in the bitmap corresponding to num *
+ * ANTIREPLAY_INTEGERBIT: the integer with corresponding single bit set
+ */
+#define ANTIREPLAY_INTEGER(ctx, num) (ctx->ar_bitmap[num % ARB_BITS / ARI_BITS])
+#define ANTIREPLAY_INTEGERBIT(num) (1llu << (num & (ARI_BITS - 1)))
+
+static void
+antireplay_init(struct antireplay *ctx)
+{
+ /* We just zero out the struct, expecting that then ctx->ar_head == 0 */
+ explicit_bzero(ctx, sizeof(struct antireplay));
+}
+
+static int
+antireplay_update(struct antireplay *ctx, uint64_t num)
+{
+ /* Bits after ctx->ar_head need to be zeroed. This is called when num is
+ * in front of ctx->ar_head, and those bits need to be set to 0 */
+ if (num < ctx->ar_head + ARB_BITS / ARI_BITS) {
+ for (; ctx->ar_head <= num; ctx->ar_head += ARI_BITS) {
+ ANTIREPLAY_INTEGER(ctx, (ctx->ar_head + 1)) = 0;
+ }
+ } else {
+ bzero(ctx->ar_bitmap, ARB_BITS / ARI_BITS);
+ }
+
+ if (ctx->ar_head > (num + ARB_BITS - ARI_BITS)) {
+ /* Expired */
+ return 1;
+ } else if (ANTIREPLAY_INTEGER(ctx, num) & ANTIREPLAY_INTEGERBIT(num)) {
+ /* Replayed */
+ return 1;
+ } else {
+ /* Unseen */
+ return 0;
+ }
+}
+
+#endif /* __ANTIREPLAY_H__ */
diff --git a/src/clean_patch.sh b/src/clean_patch.sh
index fa51209..fadc5b9 100755
--- a/src/clean_patch.sh
+++ b/src/clean_patch.sh
@@ -28,6 +28,7 @@ cp $DIR/wg.4 /usr/src/share/man/man4/
cp $DIR/mpq.h /usr/src/sys/sys/
cp $DIR/fixedmap.h /usr/src/sys/sys/
+cp $DIR/antireplay.h /usr/src/sys/sys/
cp $DIR/bloombucket.h /usr/src/sys/sys/
cp $DIR/if_wg.* $DIR/wireguard.* /usr/src/sys/net/
cp $DIR/blake2s.* $DIR/curve25519.* /usr/src/sys/crypto/
diff --git a/src/wireguard.c b/src/wireguard.c
index 9c49465..f8b9fb4 100644
--- a/src/wireguard.c
+++ b/src/wireguard.c
@@ -18,6 +18,7 @@
#include <sys/systm.h>
#include <sys/rwlock.h>
#include <sys/time.h>
+#include <sys/antireplay.h>
#include <crypto/blake2s.h>
#include <crypto/curve25519.h>
@@ -158,46 +159,6 @@ wg_timespec_timedout(struct timespec * start, time_t timeout)
now.tv_sec > start->tv_sec + timeout;
}
-/*
- * The following defines assist the wg_antireplay_check function. *
- * WG_ANTIREPLAY_INTEGER: the integer in the bitmap corresponding to num *
- * WG_ANTIREPLAY_INTEGERBIT: the integer with corresponding single bit set
- */
-#define WG_ANTIREPLAY_INTEGER(ctx, num) (ctx->ar_bitmap[num % WG_ARB_BITS / WG_ARI_BITS])
-#define WG_ANTIREPLAY_INTEGERBIT(num) (1llu << (num & (WG_ARI_BITS - 1)))
-
-void
-wg_antireplay_init(struct wg_antireplay * ctx)
-{
- /* We just zero out the struct, expecting that then ctx->ar_head == 0 */
- explicit_bzero(ctx, sizeof(struct wg_antireplay));
-}
-
-int
-wg_antireplay_check(struct wg_antireplay * ctx, uint64_t num)
-{
- /* Bits after ctx->ar_head need to be zeroed. This is called when num is
- * in front of ctx->ar_head, and those bits need to be set to 0 */
- if (num < ctx->ar_head + WG_ARB_BITS / WG_ARI_BITS) {
- for (; ctx->ar_head <= num; ctx->ar_head += WG_ARI_BITS) {
- WG_ANTIREPLAY_INTEGER(ctx, (ctx->ar_head + 1)) = 0;
- }
- } else {
- bzero(ctx->ar_bitmap, WG_ARB_BITS / WG_ARI_BITS);
- }
-
- if (ctx->ar_head > (num + WG_ARB_BITS - WG_ARI_BITS)) {
- /* Expired */
- return 1;
- } else if (WG_ANTIREPLAY_INTEGER(ctx, num) & WG_ANTIREPLAY_INTEGERBIT(num)) {
- /* Replayed */
- return 1;
- } else {
- /* Unseen */
- return 0;
- }
-}
-
void
wg_handshake_init(struct wg_handshake *hs)
{
@@ -369,7 +330,7 @@ wg_session_from_handshake(struct wg_session *s, struct wg_handshake *hs)
else
ret_error(WG_STATE);
- wg_antireplay_init(&s->s_ar);
+ antireplay_init(&s->s_ar);
s->s_txcounter = s->s_rxcounter = 0;
s->s_local_id = hs->hs_local_id;
s->s_remote_id = hs->hs_remote_id;
@@ -771,7 +732,7 @@ wg_session_decrypt(struct wg_session *s, struct wg_msg_transport *m, size_t len)
ret_error(WG_DECRYPT);
/* Check for replay */
- if (wg_antireplay_check(&s->s_ar, counter))
+ if (antireplay_update(&s->s_ar, counter))
ret_error(WG_REPLAY);
s->s_rxcounter = counter;
diff --git a/src/wireguard.h b/src/wireguard.h
index efef1ce..7bedbef 100644
--- a/src/wireguard.h
+++ b/src/wireguard.h
@@ -21,6 +21,7 @@
#include <sys/time.h>
#include <sys/timeout.h>
#include <sys/rwlock.h>
+#include <sys/antireplay.h>
#define WG_KEY_SIZE 32
#define WG_MAC_SIZE 16
@@ -32,9 +33,6 @@
#define WG_COOKIE_ID_VAL_MAXSIZE 32
#define WG_TIMESTAMP_SIZE 12
-#define WG_ARI_BITS (sizeof(uint64_t) * 8)
-#define WG_ARB_BITS (1<<10) /* 1024 bitmap (960 usable) */
-
#define WG_ENCRYPTED_SIZE(n) ((n) + WG_MAC_SIZE)
#define WG_PADDING_SIZE(n) ((WG_MSG_PADDING_SIZE - (n)) % WG_MSG_PADDING_SIZE)
#define WG_ENCRYPTED_PADDED_SIZE(n) WG_ENCRYPTED_SIZE(WG_PADDED_SIZE(n)) //unused
@@ -133,11 +131,8 @@ struct wg_session {
uint8_t ss_txkey[WG_KEY_SIZE];
uint8_t ss_rxkey[WG_KEY_SIZE];
-
- struct wg_antireplay {
- uint64_t ar_head;
- uint64_t ar_bitmap[WG_ARB_BITS / WG_ARI_BITS];
- } ss_ar;
+
+ struct antireplay ss_ar;
} s_ss;
};