summaryrefslogtreecommitdiffstats
path: root/src/wireguard.h
diff options
context:
space:
mode:
authorMatt Dunwoodie <ncon@mail.noconroy.net>2019-07-16 02:02:32 +1000
committerMatt Dunwoodie <ncon@mail.noconroy.net>2019-07-17 09:59:40 +1000
commit28539d375f18dba72dd56a3affcc5606af319ee5 (patch)
tree5c2135500fb8d68a144e3531233eabdb20596f95 /src/wireguard.h
parentAdd keyset struct, make compilable (diff)
downloadwireguard-openbsd-28539d375f18dba72dd56a3affcc5606af319ee5.tar.xz
wireguard-openbsd-28539d375f18dba72dd56a3affcc5606af319ee5.zip
Reduce coupling between if_wg.c and wireguard.c
High level, this includes a big change with wg_conn, by splitting it into a wg_handshake and wg_session. We can get rid of wg_upcall by using the handshake more effectively. This means we can separate the locking of the handshake and the session structs, allowing full asynchronous handshakes, rather than just locking the wg_conn struct. For the time being, the cookie code isn't really complete. There will need to be another wg_cookie, composed of hs_cookie and hs_cookie_time where we can store a local cookie _and_ a remote cookie.
Diffstat (limited to 'src/wireguard.h')
-rw-r--r--src/wireguard.h125
1 files changed, 60 insertions, 65 deletions
diff --git a/src/wireguard.h b/src/wireguard.h
index 1187eba959f..241a850dee7 100644
--- a/src/wireguard.h
+++ b/src/wireguard.h
@@ -52,70 +52,50 @@ enum wg_pkt_type {
WG_PKT_TRANSPORT,
};
+struct wg_keypair {
+ uint8_t pub[WG_KEY_SIZE];
+ uint8_t priv[WG_KEY_SIZE];
+};
+
struct wg_handshake {
+ struct rwlock hs_lock;
+
enum wg_role hs_role;
uint32_t hs_local_id;
uint32_t hs_remote_id;
uint8_t hs_mac[WG_MAC_SIZE];
- uint8_t hs_hash [WG_HASH_SIZE];
- uint8_t hs_ck [WG_HASH_SIZE];
- uint8_t hs_k [WG_HASH_SIZE];
- uint8_t hs_local_epub[WG_KEY_SIZE];
- uint8_t hs_local_epriv[WG_KEY_SIZE];
- uint8_t hs_remote_epub[WG_KEY_SIZE];
-};
+ uint8_t hs_hash[WG_HASH_SIZE];
+ uint8_t hs_ck[WG_HASH_SIZE];
+ uint8_t hs_k[WG_HASH_SIZE];
+ uint8_t hs_timestamp[WG_TIMESTAMP_SIZE];
+
+ uint8_t hs_epub[WG_KEY_SIZE];
+ struct wg_keypair hs_ekey;
+
+ uint8_t hs_cookie[WG_COOKIE_SIZE];
+ struct timespec hs_cookie_time;
-struct wg_antireplay {
- uint64_t ar_head;
- uint64_t ar_bitmap[WG_ARB_BITS / WG_ARI_BITS];
+ uint8_t hs_shared[WG_KEY_SIZE];
+ uint8_t hs_spub[WG_KEY_SIZE];
+ struct wg_keypair *hs_skey;
};
struct wg_session {
+ struct rwlock s_lock;
enum wg_role s_role;
- struct timespec s_created;
uint64_t s_txcounter;
uint64_t s_rxcounter;
- struct wg_antireplay s_ar;
- uint8_t s_txkey[WG_KEY_SIZE];
- uint8_t s_rxkey[WG_KEY_SIZE];
uint32_t s_local_id;
uint32_t s_remote_id;
-};
-
-struct wg_cookie {
- uint8_t c_value[WG_COOKIE_SIZE];
- struct timespec c_time;
-};
-
-struct wg_timestamp {
- uint8_t ts_bytes[WG_TIMESTAMP_SIZE];
-};
-
-struct wg_conn;
-struct wg_upcall {
- void *u_arg;
- uint32_t (*u_getid)(void *, struct wg_conn *);
- void (*u_dropid)(void *, uint32_t);
- struct wg_conn *(*u_keylookup)(void *, uint8_t *);
- void (*u_connready)(void *, struct wg_conn *);
- uint8_t *u_pubkey, *u_privkey;
-};
-
-struct wg_keyset {
- uint8_t k_psk[WG_KEY_SIZE];
- uint8_t k_pubkey[WG_KEY_SIZE];
- uint8_t k_local_pubkey[WG_KEY_SIZE], k_local_privkey[WG_KEY_SIZE];
-};
+ struct timespec s_created;
-struct wg_conn {
- struct rwlock c_lock;
+ uint8_t s_txkey[WG_KEY_SIZE];
+ uint8_t s_rxkey[WG_KEY_SIZE];
- struct wg_keyset c_ks;
- struct wg_handshake c_hs;
- struct wg_session c_sess, c_sess_old;
- struct wg_cookie c_cookie;
- struct wg_timestamp c_ts;
- struct wg_upcall *c_upcall;
+ struct wg_antireplay {
+ uint64_t ar_head;
+ uint64_t ar_bitmap[WG_ARB_BITS / WG_ARI_BITS];
+ } s_ar;
};
struct wg_msg_unknown {
@@ -156,28 +136,43 @@ struct wg_msg_transport {
uint8_t data [];
} __packed;
-void wg_conn_init(struct wg_conn *, struct wg_upcall *);
-void wg_conn_reset(struct wg_conn *);
-void wg_conn_setkey(struct wg_conn *, enum wg_keytype, uint8_t *);
+enum wg_error {
+ WG_OK = 0,
+ WG_DECRYPT,
+ WG_REPLAY,
+ WG_REJECT,
+ WG_STATE,
+ WG_MAC,
+};
+
+void wg_handshake_init(struct wg_handshake *);
+void wg_session_init(struct wg_session *);
+uint32_t wg_handshake_clean(struct wg_handshake *);
+uint32_t wg_session_clean(struct wg_session *);
-void wg_conn_make_initiation(struct wg_conn *, struct wg_msg_initiation *);
-int wg_conn_make_response(struct wg_conn *, struct wg_msg_response *);
-int wg_conn_make_cookie(struct wg_conn *, struct wg_msg_cookie *);
-int wg_conn_encrypt(struct wg_conn *, struct wg_msg_transport *, size_t);
+enum wg_error wg_handshake_make_initiation(struct wg_handshake *, uint32_t, struct wg_msg_initiation *);
+enum wg_error wg_handshake_make_response(struct wg_handshake *, uint32_t, struct wg_msg_response *);
+enum wg_error wg_handshake_make_cookie(struct wg_handshake *, struct wg_msg_cookie *);
+enum wg_error wg_session_encrypt(struct wg_session *, struct wg_msg_transport *, size_t);
-struct wg_conn *wg_conn_recv_initiation(struct wg_upcall *, struct wg_msg_initiation *);
-int wg_conn_recv_response(struct wg_conn *, struct wg_msg_response *);
-int wg_conn_recv_cookie(struct wg_conn *, struct wg_msg_cookie *);
-int wg_conn_decrypt(struct wg_conn *, struct wg_msg_transport *, size_t);
+enum wg_error wg_handshake_recv_initiation(struct wg_handshake *, struct wg_msg_initiation *);
+enum wg_error wg_handshake_recv_response(struct wg_handshake *, struct wg_msg_response *);
+enum wg_error wg_handshake_recv_cookie(struct wg_handshake *, struct wg_msg_cookie *);
+enum wg_error wg_session_decrypt(struct wg_session *, struct wg_msg_transport *, size_t);
-int wg_conn_handshake_finish(struct wg_conn *);
+void wg_handshake_clone(struct wg_handshake *, struct wg_handshake *);
+void wg_session_from_handshake(struct wg_session *, struct wg_handshake *);
-int wg_conn_reject_tx(struct wg_conn *);
-int wg_conn_rekey_tx(struct wg_conn *);
-int wg_conn_rekey_rx(struct wg_conn *);
+int wg_session_reject_tx(struct wg_session *);
+int wg_session_reject_rx(struct wg_session *);
+int wg_session_rekey_tx(struct wg_session *);
+int wg_session_rekey_rx(struct wg_session *);
-void wg_util_key_privtopub(uint8_t [WG_KEY_SIZE], const uint8_t [WG_KEY_SIZE]);
-enum wg_pkt_type wg_util_pkt_type(uint8_t *, size_t);
+void wg_keypair_from_bytes(struct wg_keypair *, const uint8_t [WG_KEY_SIZE]);
+void wg_keypair_generate(struct wg_keypair *);
+/* TODO make better */
int wg_timespec_timedout(struct timespec *, time_t);
+enum wg_pkt_type wg_pkt_type(uint8_t *, size_t);
+
#endif /* _LIBWG_H_ */