summaryrefslogtreecommitdiffstats
path: root/src/wireguard.h
diff options
context:
space:
mode:
authorMatt Dunwoodie <ncon@mail.noconroy.net>2019-09-28 21:50:20 +0100
committerMatt Dunwoodie <ncon@mail.noconroy.net>2019-09-30 22:56:35 +0100
commit10d253dadaca40fd8b2abce4dc8e5565b46e2510 (patch)
treec54c0857b0feca96a5373c82e44a77ff2470f209 /src/wireguard.h
parentAdd more verbose messages (diff)
downloadwireguard-openbsd-10d253dadaca40fd8b2abce4dc8e5565b46e2510.tar.xz
wireguard-openbsd-10d253dadaca40fd8b2abce4dc8e5565b46e2510.zip
Big re-work of wireguard.c
Diffstat (limited to 'src/wireguard.h')
-rw-r--r--src/wireguard.h518
1 files changed, 195 insertions, 323 deletions
diff --git a/src/wireguard.h b/src/wireguard.h
index 7bedbef7c2b..ecd26e2dfa9 100644
--- a/src/wireguard.h
+++ b/src/wireguard.h
@@ -21,6 +21,7 @@
#include <sys/time.h>
#include <sys/timeout.h>
#include <sys/rwlock.h>
+#include <sys/fixedmap.h>
#include <sys/antireplay.h>
#define WG_KEY_SIZE 32
@@ -48,12 +49,49 @@
#define WG_COOKIE_VALID_TIME 120
#define WG_REKEY_AFTER_TIME_RECV (WG_REJECT_AFTER_TIME - WG_KEEPALIVE_TIMEOUT - WG_REKEY_TIMEOUT)
+struct wg_msg_unknown {
+ uint32_t type;
+} __packed;
+
+struct wg_msg_initiation {
+ uint32_t type;
+ uint32_t sender;
+ uint8_t ephemeral[WG_KEY_SIZE];
+ uint8_t static_pub[WG_ENCRYPTED_SIZE(WG_KEY_SIZE)];
+ uint8_t timestamp[WG_ENCRYPTED_SIZE(WG_TIMESTAMP_SIZE)];
+ uint8_t mac1 [WG_MAC_SIZE];
+ uint8_t mac2 [WG_MAC_SIZE];
+} __packed;
+
+struct wg_msg_response {
+ uint32_t type;
+ uint32_t sender;
+ uint32_t receiver;
+ uint8_t ephemeral[WG_KEY_SIZE];
+ uint8_t empty [WG_ENCRYPTED_SIZE(0)];
+ uint8_t mac1 [WG_MAC_SIZE];
+ uint8_t mac2 [WG_MAC_SIZE];
+} __packed;
+
+struct wg_msg_cookie {
+ uint32_t type;
+ uint32_t receiver;
+ uint8_t nonce [WG_XNONCE_SIZE];
+ uint8_t value[WG_ENCRYPTED_SIZE(WG_COOKIE_SIZE)];
+} __packed;
+
+struct wg_msg_transport {
+ uint32_t type;
+ uint32_t receiver;
+ uint64_t counter;
+ uint8_t data [];
+} __packed;
+
enum wg_state {
- WG_STATE_CLEAN = 0,
+ WG_STATE_NEW = 0,
WG_STATE_MADE_INITIATION,
- WG_STATE_MADE_RESPONSE,
WG_STATE_RECV_INITIATION,
- WG_STATE_RECV_RESPONSE,
+ WG_STATE_WAIT_CONFIRM,
WG_STATE_INITIATOR,
WG_STATE_RESPONDER,
};
@@ -66,9 +104,25 @@ enum wg_pkt_type {
WG_PKT_TRANSPORT,
};
+static int wg_pkt_len[] = {
+ sizeof(struct wg_msg_unknown),
+ sizeof(struct wg_msg_initiation),
+ sizeof(struct wg_msg_response),
+ sizeof(struct wg_msg_cookie),
+ WG_ENCRYPTED_SIZE(sizeof(struct wg_msg_transport)),
+};
+
+static char *wg_pkt_str[] = {
+ "unknown",
+ "initiation",
+ "response",
+ "cookie",
+ "transport",
+};
+
struct wg_keypair {
- uint8_t pub[WG_KEY_SIZE];
- uint8_t priv[WG_KEY_SIZE];
+ struct wg_pubkey { uint8_t k[WG_KEY_SIZE]; } pub;
+ struct wg_privkey { uint8_t k[WG_KEY_SIZE]; } priv;
};
struct wg_cookie {
@@ -81,71 +135,6 @@ struct wg_cookie_maker {
struct timespec time;
};
-struct wg_handshake {
- struct rwlock hs_lock;
-
- uint8_t hs_attempts;
- uint8_t hs_spub[WG_KEY_SIZE];
- uint8_t hs_shared[WG_KEY_SIZE];
- struct wg_cookie hs_cookie;
- struct wg_keypair hs_skey;
- struct timespec hs_last_initiation;
- void *hs_arg;
-
- struct {
- enum wg_state ss_state;
- uint32_t ss_local_id;
- uint32_t ss_remote_id;
- uint8_t ss_mac[WG_MAC_SIZE];
- uint8_t ss_hash[WG_HASH_SIZE];
- uint8_t ss_ck[WG_HASH_SIZE];
- uint8_t ss_k[WG_HASH_SIZE];
- uint8_t ss_timestamp[WG_TIMESTAMP_SIZE];
-
- uint8_t ss_epub[WG_KEY_SIZE];
- struct wg_keypair ss_ekey;
- } hs_ss;
-};
-
-#define hs_state hs_ss.ss_state
-#define hs_local_id hs_ss.ss_local_id
-#define hs_remote_id hs_ss.ss_remote_id
-#define hs_mac hs_ss.ss_mac
-#define hs_hash hs_ss.ss_hash
-#define hs_ck hs_ss.ss_ck
-#define hs_k hs_ss.ss_k
-#define hs_timestamp hs_ss.ss_timestamp
-#define hs_epub hs_ss.ss_epub
-#define hs_ekey hs_ss.ss_ekey
-
-struct wg_session {
- struct rwlock s_lock;
- void *s_arg;
- struct {
- enum wg_state ss_state;
- uint64_t ss_txcounter;
- uint64_t ss_rxcounter;
- uint32_t ss_local_id;
- uint32_t ss_remote_id;
- struct timespec ss_created;
-
- uint8_t ss_txkey[WG_KEY_SIZE];
- uint8_t ss_rxkey[WG_KEY_SIZE];
-
- struct antireplay ss_ar;
- } s_ss;
-};
-
-#define s_state s_ss.ss_state
-#define s_txcounter s_ss.ss_txcounter
-#define s_rxcounter s_ss.ss_rxcounter
-#define s_local_id s_ss.ss_local_id
-#define s_remote_id s_ss.ss_remote_id
-#define s_created s_ss.ss_created
-#define s_txkey s_ss.ss_txkey
-#define s_rxkey s_ss.ss_rxkey
-#define s_ar s_ss.ss_ar
-
struct wg_timers {
struct timeout t_ka;
struct timeout t_pka;
@@ -156,52 +145,77 @@ struct wg_timers {
uint16_t t_pka_interval;
};
-struct wg_msg_unknown {
- uint32_t type;
-} __packed;
-
-struct wg_msg_initiation {
- uint32_t type;
- uint32_t sender;
- uint8_t ephemeral[WG_KEY_SIZE];
- uint8_t static_pub[WG_ENCRYPTED_SIZE(WG_KEY_SIZE)];
- uint8_t timestamp[WG_ENCRYPTED_SIZE(WG_TIMESTAMP_SIZE)];
- uint8_t mac1 [WG_MAC_SIZE];
- uint8_t mac2 [WG_MAC_SIZE];
-} __packed;
-
-struct wg_msg_response {
- uint32_t type;
- uint32_t sender;
- uint32_t receiver;
- uint8_t ephemeral[WG_KEY_SIZE];
- uint8_t empty [WG_ENCRYPTED_SIZE(0)];
- uint8_t mac1 [WG_MAC_SIZE];
- uint8_t mac2 [WG_MAC_SIZE];
-} __packed;
+struct wg_session {
+ uint32_t s_local_id; /* Static */
+ uint32_t s_remote_id; /* Static */
+ struct wg_peer *s_peer; /* Static */
+ struct timespec s_created;
+ SLIST_ENTRY(wg_session) s_entry; /* Protected by p_lock */
+
+ /* All protected by s_lock */
+ struct rwlock s_lock;
+ enum wg_state s_state;
+
+ struct wg_handshake {
+ uint8_t h_mac[WG_MAC_SIZE];
+ uint8_t h_hash[WG_HASH_SIZE];
+ uint8_t h_ck[WG_HASH_SIZE];
+ uint8_t h_k[WG_HASH_SIZE];
+ struct wg_pubkey h_remote;
+ struct wg_keypair h_local;
+ } s_handshake;
+
+ struct wg_keyset {
+ uint64_t k_txcounter;
+ uint64_t k_rxcounter;
+ struct wg_privkey k_txkey;
+ struct wg_privkey k_rxkey;
+ struct antireplay k_ar;
+ } s_keyset;
+};
-struct wg_msg_cookie {
- uint32_t type;
- uint32_t receiver;
- uint8_t nonce [WG_XNONCE_SIZE];
- uint8_t cookie[WG_ENCRYPTED_SIZE(WG_COOKIE_SIZE)];
-} __packed;
+struct wg_peer {
+ uint32_t p_id;
+ void *p_arg;
+ struct wg_device *p_device;
+ struct wg_pubkey p_remote;
+ SLIST_ENTRY(wg_peer) p_entry;
+
+ /* All protected by p_lock */
+ struct rwlock p_lock;
+ struct wg_cookie p_cookie;
+ struct wg_timers p_timers;
+ struct timespec p_last_handshake;
+ struct timespec p_last_initiation;
+ uint64_t p_tx_bytes;
+ uint64_t p_rx_bytes;
+ struct wg_privkey p_shared;
+ uint8_t p_attempts;
+ SLIST_HEAD(,wg_session) p_sessions;
+ struct wg_timestamp { uint8_t t[WG_TIMESTAMP_SIZE]; } p_timestamp;
+};
-struct wg_msg_transport {
- uint32_t type;
- uint32_t receiver;
- uint64_t counter;
- uint8_t data [];
-} __packed;
+struct wg_device {
+ void (*d_outq)(struct wg_peer *, enum wg_pkt_type);
+ struct fixed_map d_peers;
+ struct fixed_map d_sessions;
+ struct rwlock d_lock;
+ struct wg_cookie_maker d_cookie_maker;
+ struct wg_keypair d_keypair;
+};
enum wg_error {
WG_OK = 0,
WG_TIMESTAMP,
WG_HS_ATTEMPTS,
WG_HS_RATE,
+ WG_UNKNOWN_PEER,
+ WG_ALLOWED_IP_FAIL,
+ WG_RATELIMIT,
WG_DECRYPT,
WG_REPLAY,
WG_REJECT,
+ WG_INVALID_PKT,
WG_REKEY,
WG_STATE,
WG_MAC,
@@ -213,235 +227,93 @@ static char *wg_error_str[] = {
"invalid timestamp",
"exceeded initiation attemts",
"exceeded initiation transmit rate",
+ "unknown peer",
+ "non-allowed ip",
+ "ratelimit",
"unable to decrypt",
"replay detected",
"packet rejected",
+ "packet invalid",
"want rekey",
"invalid state",
"invalid mac",
"invalid ID",
};
-/* wg_handshake_init:
- * Will zero out all memory and setup lock on handshake.
- *
- * wg_handshake_reset:
- * Will zero out all the individual handshake data such as ephemeral keys, and
- * the internal Noise state. It will leave the static keys and counters as is.
- * The state follows:
- * WG_STATE_* -> WG_STATE_CLEAN
- */
-void wg_handshake_init(struct wg_handshake *);
-void wg_handshake_reset(struct wg_handshake *);
-
-/* wg_session_init:
- * Will zero out all memory and setup lock on session.
- *
- * wg_session_reset:
- * Will zero out all the individual session data except the lock, ready for
- * passing the session to wg_session_from_handshake. The state follows:
- * WG_STATE_* -> WG_STATE_CLEAN
- */
-void wg_session_init(struct wg_session *);
-void wg_session_reset(struct wg_session *);
-
-/* wg_handshake_make_initiation:
- * Given a clean wg_handshake and id, fill the wg_msg_initiation with a
- * prepared packet.
- * Error (else WG_OK):
- * WG_STATE: wg_handshake is not WG_STATE_CLEAN.
- * WG_HS_ATTEMPTS: wg_handshake has exceeded WG_REKEY_ATTEMT_COUNT.
- * The state follows:
- * WG_STATE_CLEAN -> WG_STATE_MADE_INITIATION
- *
- * wg_handshake_make_response:
- * Given a wg_handshake that has received an initiation and id, fill the
- * wg_msg_response with a prepared packet.
- * Error (else WG_OK);
- * WG_STATE: wg_handshake is not WG_STATE_RECV_INITIATION
- * The state follows:
- * WG_STATE_RECV_INITIATION -> WG_STATE_MADE_RESPONSE
- *
- * wg_handshake_make_cookie:
- * wg_keypair: local keypair to tie cookie to.
- * wg_cookie: cookie to encrypt
- * uint32_t: sender id that will be placed in cookie.
- * uint8_t[WG_MAG_SIZE]: mac of packet in response to
- * wg_msg_cookie: packet to fill
- */
-enum wg_error wg_handshake_make_initiation(struct wg_handshake *, uint32_t, struct wg_msg_initiation *);
-enum wg_error wg_handshake_make_response(struct wg_handshake *, uint32_t, struct wg_msg_response *);
-enum wg_error wg_handshake_make_cookie(struct wg_keypair *, struct wg_cookie *, uint32_t, uint8_t [WG_MAC_SIZE], struct wg_msg_cookie *);
-
-/*
- * wg_handshake_recv_initiation:
- * Given a temporary wg_handshake that will be merged with an actual
- * wg_handshake, decrypt the wg_msg_initiation with the wg_keypair and store
- * the parameters in the temporary wg_handshake. the hs_spub (handshake static
- * public key) will be set.
- * Error (else WG_OK);
- * WG_DECRYPT: could not decrypt static_pub or timestamp in packet.
- * WG_MAC: invalid mac on packet.
- * The state follows:
- * * -> WG_STATE_RECV_INITIATION
- *
- * wg_handshake_recv_response:
- * Given a wg_handshake that has made an initiation, process the incoming
- * response packet. A temporary handshake is made so that the original is not
- * tainted while processing the incoming packet.
- * Error (else WG_OK);
- * WG_STATE: wg_handshake is not WG_STATE_MADE_INITIATION.
- * WG_ID: the receiver ID (local) doesn't match the stored ID in handshake.
- * WG_DECRYPT: could not decrypt the response packet.
- * WG_MAC: the packet mac was invalid.
- * The state follows:
- * WG_STATE_MADE_INITIATION -> WG_STATE_RECV_RESPONSE
- *
- * wg_handshake_recv_cookie:
- * Given a wg_handshake that has made an initiation or response, ingest a
- * cookie packet and if successful, save the cookie in the handshake. The
- * cookie will automatically be used when calling the next make_initiation or
- * make_response.
- * Error (else WG_OK);
- * WG_STATE: wg_handshake not in WG_STATE_MADE_INITIATION
- * WG_STATE: wg_handshake not in WG_STATE_MADE_RESPONSE
- * WG_ID: the receiver ID (local) doesn't match the stored ID in handshake.
- * WG_DECRYPT: could not decrypt the cookie packet.
- */
-enum wg_error wg_handshake_recv_initiation(struct wg_handshake *, struct wg_keypair *, struct wg_msg_initiation *);
-enum wg_error wg_handshake_recv_response(struct wg_handshake *, struct wg_msg_response *);
-enum wg_error wg_handshake_recv_cookie(struct wg_handshake *, struct wg_msg_cookie *);
-
-/* wg_handshake_merge:
- * Copy the src wg_handshake to the dst wg_handshake. The only purpose of this
- * is to merge a temporary wg_handshake generated from an incoming
- * wg_msg_initiation. It will clear the src handshake before returning.
- * Error (else WG_OK);
- * WG_STATE: wg_handshake (dst) is not WG_STATE_CLEAN.
- * WG_STATE: wg_handshake (src) is not WG_STATE_RECV_INITIATION.
- * WG_STATE: wg_handshake keys do not match.
- * WG_TIMESTAMP: wg_handshake (dst) has a newer timestamp.
- * The state follows:
- * WG_STATE_CLEAN -> WG_STATE_RECV_INITIATION
- */
-enum wg_error wg_handshake_merge(struct wg_handshake *, struct wg_handshake *);
-
-/* wg_handshake_initiation_valid_mac2:
- * Validate mac2 (the IP binding MAC) in a wg_msg_initiation. The wg_cookie
- * must be supplied. It will return WG_MAC if invalid mac or WG_OK if ok.
- *
- * wg_handshake_response_valid_mac2:
- * Validate mac2 (the IP binding MAC) in a wg_msg_initiation. The wg_cookie
- * must be supplied. It will return WG_MAC if invalid mac or WG_OK if ok.
- *
- * wg_handshake_initiation_ready:
- * Check if minimum time has elapsed before sending new initiation. It will
- * return WG_HS_RATE if the caller should wait, or WG_OK if the minimum time
- * has elapsed.
- *
- * wg_handshake_reset_attempts:
- * Reset the handshake attempt count to 0.
- */
-enum wg_error wg_handshake_initiation_valid_mac2(struct wg_cookie *, struct wg_msg_initiation *);
-enum wg_error wg_handshake_response_valid_mac2(struct wg_cookie *, struct wg_msg_response *);
-enum wg_error wg_handshake_initiation_ready(struct wg_handshake *);
-void wg_handshake_reset_attempts(struct wg_handshake *);
-
-/* Get handshake parameters.
- * wg_handshake_id:
- * Return the local handshake ID.
- *
- * wg_handshake_shortkey:
- * Return the first 4 bytes of the handshake remote static public key.
- *
- * wg_session_id:
- * Return the local session ID.
- */
-uint32_t wg_handshake_id(struct wg_handshake *);
-uint32_t wg_handshake_shortkey(struct wg_handshake *);
-uint32_t wg_session_id(struct wg_session *);
-
-/* Set handshake parameters */
-void wg_handshake_setkeypair(struct wg_handshake *, struct wg_keypair *);
-void wg_handshake_setkey(struct wg_handshake *, uint8_t[WG_KEY_SIZE]);
-void wg_handshake_setshared(struct wg_handshake *, uint8_t[WG_KEY_SIZE]);
-void wg_handshake_getkey(struct wg_handshake *, uint8_t[WG_KEY_SIZE]);
-void wg_handshake_getshared(struct wg_handshake *, uint8_t[WG_KEY_SIZE]);
-int wg_handshake_keycmp(struct wg_handshake *, struct wg_handshake *);
-
-/* wg_session_from_handshake:
- * Populate wg_session based on wg_handshake. wg_handshake must be in either
- * WG_STATE_RECV_RESPONSE or WG_STATE_MADE_RESPONSE. The handshake will be
- * zeroed out before returning. The wg_session must be passed to
- * wg_session_confirm before it can be used to encrypt/decrypt messages.
- * Error (else WG_OK);
- * WG_STATE: wg_handshake is not in state WG_STATE_RECV_RESPONSE.
- * WG_STATE: wg_handshake is not in state WG_STATE_MADE_RESPONSE.
- * WG_STATE: wg_session is not in state WG_STATE_CLEAN.
- * The state follows (depending on wg_handshake):
- * WG_STATE_CLEAN -> WG_STATE_RECV_RESPONSE
- * WG_STATE_CLEAN -> WG_STATE_MADE_RESPONSE
- *
- * wg_session_confirm:
- * Confirm a session is ready to be used.
- * Error (else WG_OK);
- * WG_STATE: wg_session is not in state WG_STATE_RECV_RESPONSE.
- * WG_STATE: wg_session is not in state WG_STATE_MADE_RESPONSE.
- * The state follows (depending on wg_handshake):
- * WG_STATE_RECV_RESPONSE -> WG_STATE_INITIATOR
- * WG_STATE_MADE_RESPONSE -> WG_STATE_RESPONDER
- *
- * wg_session_ready:
- * Return weather wg_session_confirm has been called on wg_session. Return
- * WG_STATE if not, and WG_OK if it has.
- */
-enum wg_error wg_session_from_handshake(struct wg_session *, struct wg_handshake *);
-enum wg_error wg_session_confirm(struct wg_session *);
-enum wg_error wg_session_ready(struct wg_session *);
-
-/* wg_session_encrypt:
- * Encrypt a wg_msg_transport of size size_t (data len, not including header).
- * Error (else WG_OK);
- * WG_REJECT: wg_session is not allowed to encrypt, too old.
- * WG_STATE: wg_session is not in state WG_STATE_INITIATOR.
- * WG_STATE: wg_session is not in state WG_STATE_RESPONDER.
- * WG_REKEY: wg_session successfully encrypted, but wants a new session.
- *
- * wg_session_decrypt:
- * Decrypt a wg_msg_transport of size size_t (data len, not including header).
- * Error (else WG_OK);
- * WG_REJECT: wg_session is not allowed to decrypt, too old.
- * WG_STATE: wg_session is not in state WG_STATE_INITIATOR.
- * WG_STATE: wg_session is not in state WG_STATE_RESPONDER.
- * WG_ID: wg_session ID doesn't match incoming packet ID.
- * WG_DECRYPT: wg_session could not decrypt message (bad MAC).
- * WG_REPLAY: wg_session detected replay of packet.
- * WG_REKEY: wg_session successfully decrypted, but wants a new session.
- */
-enum wg_error wg_session_encrypt(struct wg_session *, struct wg_msg_transport *, size_t);
-enum wg_error wg_session_decrypt(struct wg_session *, struct wg_msg_transport *, size_t);
+/* WireGuard functions */
+
+void wg_device_init(struct wg_device *,
+ void (*)(struct wg_peer *, enum wg_pkt_type));
+void wg_device_setkey(struct wg_device *, struct wg_privkey *);
+struct wg_peer *wg_device_new_peer(struct wg_device *, struct wg_pubkey *, void *);
+struct wg_peer *wg_device_ref_peerkey(struct wg_device *, struct wg_pubkey *);
+struct wg_peer *wg_device_ref_peerid(struct wg_device *, uint32_t);
+
+void wg_peer_ref(struct wg_peer *);
+void wg_peer_put(struct wg_peer *);
+void wg_peer_drop(struct wg_peer *);
+void wg_peer_attach_session(struct wg_peer *, struct wg_session *);
+void wg_peer_setshared(struct wg_peer *, struct wg_privkey *);
+void wg_peer_getshared(struct wg_peer *, struct wg_privkey *);
+void wg_peer_clean(struct wg_peer *);
+struct timespec wg_peer_last_handshake(struct wg_peer *);
+enum wg_error wg_peer_has_transport_session(struct wg_peer *);
+
+struct wg_session *wg_device_new_session(struct wg_device *);
+struct wg_session *wg_device_ref_session(struct wg_device *, uint32_t);
+void wg_session_ref(struct wg_session *);
+void wg_session_put(struct wg_session *);
+void wg_session_drop(struct wg_session *);
+
+enum wg_error wg_device_rx_initiation(struct wg_device *,
+ struct wg_msg_initiation *, struct wg_session **);
+enum wg_error wg_device_rx_response(struct wg_device *,
+ struct wg_msg_response *, struct wg_session **);
+enum wg_error wg_device_rx_cookie(struct wg_device *,
+ struct wg_msg_cookie *, struct wg_session **);
+enum wg_error wg_device_rx_transport(struct wg_device *,
+ struct wg_msg_transport *, size_t, struct wg_session **);
+
+enum wg_error wg_device_tx_initiation(struct wg_device *,
+ struct wg_msg_initiation *, uint32_t,
+ struct wg_session **);
+enum wg_error wg_device_tx_response(struct wg_device *,
+ struct wg_msg_response *, uint32_t, struct wg_session **);
+enum wg_error wg_device_tx_cookie(struct wg_device *,
+ struct wg_msg_cookie *, uint32_t, struct wg_session **);
+enum wg_error wg_device_tx_transport(struct wg_device *,
+ struct wg_msg_transport *, size_t, uint32_t,
+ struct wg_session **);
+
+
+enum wg_error wg_msg_initiation_valid_mac2(struct wg_msg_initiation *,
+ struct wg_cookie *);
+enum wg_error wg_msg_response_valid_mac2(struct wg_msg_response *,
+ struct wg_cookie *);
+void wg_cookie_from_token(struct wg_cookie *,
+ struct wg_cookie_maker *, uint8_t *, uint8_t);
+void wg_device_make_cookie(struct wg_device *, struct wg_cookie *,
+ uint32_t, uint8_t[WG_MAC_SIZE], struct wg_msg_cookie *);
+
+void wg_keypair_from_key(struct wg_keypair *,
+ const struct wg_privkey *);
+void wg_keypair_generate(struct wg_keypair *);
+enum wg_pkt_type wg_pkt_type(uint8_t *, size_t);
-/* Minor helper functions */
-void wg_keypair_from_bytes(struct wg_keypair *, const uint8_t [WG_KEY_SIZE]);
-void wg_keypair_generate(struct wg_keypair *);
-enum wg_pkt_type wg_pkt_type(uint8_t *, size_t);
-void wg_cookie_from_token(struct wg_cookie *, struct wg_cookie_maker *, uint8_t *, uint8_t);
/* Timer functions */
-void wg_timer_setup(struct wg_timers *, void *, void (*)(void *),
- void (*)(void *), void (*)(void *), void (*)(void *));
-void wg_timer_stop(struct wg_timers *);
-void wg_timer_persistent_keepalive_tick(struct wg_timers *);
-void wg_timer_persistent_keepalive_set(struct wg_timers *, uint16_t);
-uint16_t wg_timer_persistent_keepalive_get(struct wg_timers *);
-void wg_timer_cleanup_tick(struct wg_timers *);
-void wg_timer_keepalive_flag(struct wg_timers *);
-void wg_timer_keepalive_unflag(struct wg_timers *);
-void wg_timer_broken_flag(struct wg_timers *);
-void wg_timer_broken_unflag(struct wg_timers *);
-void wg_timer_reinit_flag(struct wg_timers *);
-void wg_timer_reinit_unflag(struct wg_timers *);
-void wg_timer_session_made(struct wg_timers *);
-struct timespec wg_timer_session_last(struct wg_timers *);
+void wg_timer_setup(struct wg_timers *, void *, void (*)(void *),
+ void (*)(void *), void (*)(void *), void (*)(void *));
+void wg_timer_stop(struct wg_timers *);
+void wg_timer_persistent_keepalive_tick(struct wg_timers *);
+void wg_timer_persistent_keepalive_set(struct wg_timers *, uint16_t);
+uint16_t wg_timer_persistent_keepalive_get(struct wg_timers *);
+void wg_timer_cleanup_tick(struct wg_timers *);
+void wg_timer_keepalive_flag(struct wg_timers *);
+void wg_timer_keepalive_unflag(struct wg_timers *);
+void wg_timer_broken_flag(struct wg_timers *);
+void wg_timer_broken_unflag(struct wg_timers *);
+void wg_timer_reinit_flag(struct wg_timers *);
+void wg_timer_reinit_unflag(struct wg_timers *);
#endif /* _LIBWG_H_ */