aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorMatt Dunwoodie <ncon@mail.noconroy.net>2019-10-09 13:50:24 +0100
committerMatt Dunwoodie <ncon@mail.noconroy.net>2019-10-09 14:29:30 +0100
commit920f18e344d28a7c5cc139e2b11d33b0d35cef86 (patch)
tree120ee2c6c04d2e0d3b38c9a0957f27856df1bb77
parentMove wg_device_make_cookie -> wg_device_tx_cookie (diff)
downloadwireguard-openbsd-920f18e344d28a7c5cc139e2b11d33b0d35cef86.tar.xz
wireguard-openbsd-920f18e344d28a7c5cc139e2b11d33b0d35cef86.zip
Permission checks on keys probably don't belong here
-rw-r--r--src/if_wg.c15
-rw-r--r--src/wireguard.c12
-rw-r--r--src/wireguard.h4
3 files changed, 14 insertions, 17 deletions
diff --git a/src/if_wg.c b/src/if_wg.c
index 2736acf..3f1a1c2 100644
--- a/src/if_wg.c
+++ b/src/if_wg.c
@@ -154,7 +154,7 @@ int wg_ioctl_peer_set(struct wg_softc *, u_long,
struct wg_peer_set *);
int wg_ioctl_serv_set(struct wg_softc *, u_long,
struct wg_serv_set *);
-void wg_ioctl_serv_get(struct wg_softc *, struct wg_serv_get *);
+int wg_ioctl_serv_get(struct wg_softc *, struct wg_serv_get *);
int wg_ioctl_peer_get(struct wg_softc *, struct wg_peer_get *);
int wg_ioctl(struct ifnet *, u_long, caddr_t);
@@ -1181,16 +1181,15 @@ wg_ioctl_serv_set(struct wg_softc *sc, u_long cmd, struct wg_serv_set *wss)
return 0;
}
-void
+int
wg_ioctl_serv_get(struct wg_softc *sc, struct wg_serv_get *wgs)
{
struct map_item *item;
struct wg_peer *peer;
size_t num = 0;
- /* TODO We only want to pass the private key to root */
wgs->gs_port = sc->sc_port;
- wg_device_getkey(&sc->sc_dev, &wgs->gs_keypair, 1);
+ wg_device_getkey(&sc->sc_dev, &wgs->gs_keypair);
/* For the time being, no lock as we hold kernel lock in ioctl */
FM_FOREACH_FILLED(item, &sc->sc_dev.d_peers) {
@@ -1201,6 +1200,7 @@ wg_ioctl_serv_get(struct wg_softc *sc, struct wg_serv_get *wgs)
num++;
}
wgs->gs_num_peers = num;
+ return 0;
}
int
@@ -1215,8 +1215,7 @@ wg_ioctl_peer_get(struct wg_softc *sc, struct wg_peer_get *wgp)
route = peer->p_arg;
- /* TODO We only want to pass the preshared key to root */
- wg_peer_getshared(peer, &wgp->gp_shared, 1);
+ wg_peer_getshared(peer, &wgp->gp_shared);
wgp->gp_last_handshake = wg_peer_last_handshake(peer);
wgp->gp_pka = wg_timer_persistent_keepalive_get(&peer->p_timers);
@@ -1260,10 +1259,10 @@ wg_ioctl(struct ifnet * ifp, u_long cmd, caddr_t data)
ret = wg_ioctl_peer_set(sc, cmd, (struct wg_peer_set *) data);
break;
case SIOCGWGSERV: /* Get WireGuard server configuration */
- wg_ioctl_serv_get(sc, (struct wg_serv_get *) data);
+ ret = wg_ioctl_serv_get(sc, (struct wg_serv_get *) data);
break;
case SIOCGWGPEER: /* Get WireGuard peer status */
- wg_ioctl_peer_get(sc, (struct wg_peer_get *) data);
+ ret = wg_ioctl_peer_get(sc, (struct wg_peer_get *) data);
break;
/* Interface IOCTLs */
diff --git a/src/wireguard.c b/src/wireguard.c
index ac146ad..53bfeba 100644
--- a/src/wireguard.c
+++ b/src/wireguard.c
@@ -110,9 +110,8 @@ wg_device_setkey(struct wg_device *dev, struct wg_privkey *key)
}
void
-wg_device_getkey(struct wg_device *dev, struct wg_keypair *kp, int priv)
+wg_device_getkey(struct wg_device *dev, struct wg_keypair *kp)
{
- /* TODO mask key based on priv */
mtx_enter(&dev->d_mtx);
*kp = dev->d_keypair;
mtx_leave(&dev->d_mtx);
@@ -322,9 +321,8 @@ wg_peer_setshared(struct wg_peer *peer, struct wg_privkey *key)
}
void
-wg_peer_getshared(struct wg_peer *peer, struct wg_privkey *key, int priv)
+wg_peer_getshared(struct wg_peer *peer, struct wg_privkey *key)
{
- /* TODO check priv */
mtx_enter(&peer->p_mtx);
*key = peer->p_shared;
mtx_leave(&peer->p_mtx);
@@ -382,7 +380,7 @@ wg_device_rx_initiation(struct wg_device *dev, struct wg_msg_initiation *init,
/* We want to ensure that the keypair is not modified during the
* handshake, so we take a local copy here and bzero it before
* returning */
- wg_device_getkey(dev, &kp, 1);
+ wg_device_getkey(dev, &kp);
/* Noise handshake */
memcpy(hs.h_remote.k, init->ephemeral, WG_KEY_SIZE);
@@ -466,7 +464,7 @@ wg_device_rx_response(struct wg_device *dev, struct wg_msg_response *resp,
return WG_ID;
/* Load requried values */
- wg_device_getkey(dev, &kp, 1);
+ wg_device_getkey(dev, &kp);
mtx_enter(&session->s_mtx);
hs = session->s_handshake;
@@ -642,7 +640,7 @@ wg_device_tx_initiation(struct wg_device *dev, struct wg_msg_initiation *init,
* have to lock the session. */
session = wg_device_new_session(dev);
- wg_device_getkey(dev, &kp, 1);
+ wg_device_getkey(dev, &kp);
wg_keypair_generate(&hs.h_local);
/* Noise handshake */
diff --git a/src/wireguard.h b/src/wireguard.h
index 5e4830c..ec3dc06 100644
--- a/src/wireguard.h
+++ b/src/wireguard.h
@@ -254,7 +254,7 @@ void wg_device_init(struct wg_device *, int,
void (*)(struct wg_peer *, enum wg_pkt_type, uint32_t),
void (*)(struct wg_peer *), void *);
void wg_device_setkey(struct wg_device *, struct wg_privkey *);
-void wg_device_getkey(struct wg_device *, struct wg_keypair *, int);
+void wg_device_getkey(struct wg_device *, struct wg_keypair *);
void wg_device_destroy(struct wg_device *);
struct wg_peer *wg_device_new_peer(struct wg_device *, struct wg_pubkey *, void *);
@@ -266,7 +266,7 @@ void wg_peer_drop(struct wg_peer *);
void wg_peer_reset_attempts(struct wg_peer *);
void wg_peer_clean(struct wg_peer *);
void wg_peer_setshared(struct wg_peer *, struct wg_privkey *);
-void wg_peer_getshared(struct wg_peer *, struct wg_privkey *, int);
+void wg_peer_getshared(struct wg_peer *, struct wg_privkey *);
struct timespec wg_peer_last_handshake(struct wg_peer *);
struct wg_session *wg_peer_last_session(struct wg_peer *);