aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorMatt Dunwoodie <ncon@mail.noconroy.net>2019-10-08 17:46:01 +0100
committerMatt Dunwoodie <ncon@mail.noconroy.net>2019-10-08 17:46:01 +0100
commita90e2a99022eaa4e06883a7a8a1393f1e0b3fcfc (patch)
treeb5d1ebc90fb9899e25cd8a707ef60152482ea94e
parentFix a number of bugs (diff)
downloadwireguard-openbsd-a90e2a99022eaa4e06883a7a8a1393f1e0b3fcfc.tar.xz
wireguard-openbsd-a90e2a99022eaa4e06883a7a8a1393f1e0b3fcfc.zip
Move wg_device_make_cookie -> wg_device_tx_cookie
-rw-r--r--src/if_wg.c2
-rw-r--r--src/wireguard.c44
-rw-r--r--src/wireguard.h6
3 files changed, 24 insertions, 28 deletions
diff --git a/src/if_wg.c b/src/if_wg.c
index 8a978e6..2736acf 100644
--- a/src/if_wg.c
+++ b/src/if_wg.c
@@ -335,7 +335,7 @@ wg_mbuf_ratelimit(struct wg_softc *sc, struct mbuf *m)
/* TODO print ip */
DPRINTF(sc, "transmit cookie %d\n", 0);
- wg_device_make_cookie(&sc->sc_dev, &c, sender, mac, cookie);
+ wg_device_tx_cookie(&sc->sc_dev, &c, sender, mac, cookie);
bzero(&peernam, sizeof(struct mbuf));
diff --git a/src/wireguard.c b/src/wireguard.c
index a6e94c5..ac146ad 100644
--- a/src/wireguard.c
+++ b/src/wireguard.c
@@ -761,10 +761,22 @@ leave:
}
enum wg_error
-wg_device_tx_cookie(struct wg_device *dev, struct wg_msg_cookie *cookie,
- uint32_t id, struct wg_session **s)
+wg_device_tx_cookie(struct wg_device *dev, struct wg_cookie *c,
+ uint32_t sender, uint8_t mac[WG_MAC_SIZE], struct wg_msg_cookie *msg)
{
- panic("should not call this yet");
+ uint8_t key[WG_KEY_SIZE]; // Same as WG_HASH_SIZE
+
+ msg->type = WG_MSG_COOKIE;
+ msg->receiver = sender;
+ arc4random_buf(msg->nonce, sizeof(msg->nonce));
+
+ wg_hash2(key, WG_COOKIE, strlen(WG_COOKIE), dev->d_keypair.pub.k,
+ WG_KEY_SIZE);
+ xchacha20poly1305_encrypt(msg->value, c->cookie, WG_MAC_SIZE, mac,
+ WG_MAC_SIZE, msg->nonce, key);
+
+ explicit_bzero(key, sizeof(key));
+ return WG_OK;
}
enum wg_error
@@ -959,21 +971,21 @@ wg_keypair_generate(struct wg_keypair *kp)
}
enum wg_error
-wg_msg_initiation_valid_mac2(struct wg_msg_initiation *m, struct wg_cookie *c)
+wg_msg_initiation_valid_mac2(struct wg_msg_initiation *msg, struct wg_cookie *c)
{
uint8_t mac[WG_MAC_SIZE];
- blake2s(mac, (uint8_t *)m, c->cookie, WG_MAC_SIZE,
+ blake2s(mac, (uint8_t *)msg, c->cookie, WG_MAC_SIZE,
offsetof(struct wg_msg_initiation, mac2), WG_COOKIE_SIZE);
- return timingsafe_bcmp(mac, m->mac2, WG_MAC_SIZE) ? WG_MAC : WG_OK;
+ return timingsafe_bcmp(mac, msg->mac2, WG_MAC_SIZE) ? WG_MAC : WG_OK;
}
enum wg_error
-wg_msg_response_valid_mac2(struct wg_msg_response *m, struct wg_cookie *c)
+wg_msg_response_valid_mac2(struct wg_msg_response *msg, struct wg_cookie *c)
{
uint8_t mac[WG_MAC_SIZE];
- blake2s(mac, (uint8_t *)m, c->cookie, WG_MAC_SIZE,
+ blake2s(mac, (uint8_t *)msg, c->cookie, WG_MAC_SIZE,
offsetof(struct wg_msg_response, mac2), WG_COOKIE_SIZE);
- return timingsafe_bcmp(mac, m->mac2, WG_MAC_SIZE) ? WG_MAC : WG_OK;
+ return timingsafe_bcmp(mac, msg->mac2, WG_MAC_SIZE) ? WG_MAC : WG_OK;
}
void
@@ -988,20 +1000,6 @@ wg_cookie_from_token(struct wg_cookie *c, struct wg_cookie_maker *cm,
blake2s(c->cookie, ip, cm->seed, WG_MAC_SIZE, ip_len, WG_COOKIE_SIZE);
}
-void
-wg_device_make_cookie(struct wg_device *dev, struct wg_cookie *c,
- uint32_t sender, uint8_t mac[WG_MAC_SIZE], struct wg_msg_cookie *m)
-{
- uint8_t key[WG_KEY_SIZE]; // Same as WG_HASH_SIZE
-
- m->type = WG_MSG_COOKIE;
- m->receiver = sender;
- arc4random_buf(m->nonce, sizeof(m->nonce));
-
- wg_hash2(key, WG_COOKIE, strlen(WG_COOKIE), dev->d_keypair.pub.k, WG_KEY_SIZE);
- xchacha20poly1305_encrypt(m->value, c->cookie, WG_MAC_SIZE, mac, WG_MAC_SIZE, m->nonce, key);
-}
-
/* Timer Functions */
void
wg_timer_setup(struct wg_timers *t, void *p, void (*keepalive)(void *),
diff --git a/src/wireguard.h b/src/wireguard.h
index 040ad97..5e4830c 100644
--- a/src/wireguard.h
+++ b/src/wireguard.h
@@ -286,8 +286,8 @@ enum wg_error wg_device_tx_initiation(struct wg_device *,
struct wg_session **);
enum wg_error wg_device_tx_response(struct wg_device *,
struct wg_msg_response *, uint32_t, struct wg_session **);
-enum wg_error wg_device_tx_cookie(struct wg_device *,
- struct wg_msg_cookie *, uint32_t, struct wg_session **);
+enum wg_error wg_device_tx_cookie(struct wg_device *, struct wg_cookie *,
+ uint32_t, uint8_t[WG_MAC_SIZE], struct wg_msg_cookie *);
enum wg_error wg_device_tx_transport(struct wg_device *,
struct wg_msg_transport *, size_t, uint32_t,
struct wg_session **);
@@ -298,8 +298,6 @@ enum wg_error wg_msg_response_valid_mac2(struct wg_msg_response *,
struct wg_cookie *);
void wg_cookie_from_token(struct wg_cookie *,
struct wg_cookie_maker *, uint8_t *, uint8_t);
-void wg_device_make_cookie(struct wg_device *, struct wg_cookie *,
- uint32_t, uint8_t[WG_MAC_SIZE], struct wg_msg_cookie *);
void wg_keypair_from_key(struct wg_keypair *,
const struct wg_privkey *);