diff options
author | Mathias Hall-Andersen <mathias@hall-andersen.dk> | 2020-02-01 14:39:19 +0100 |
---|---|---|
committer | Mathias Hall-Andersen <mathias@hall-andersen.dk> | 2020-02-01 14:39:19 +0100 |
commit | dcd567c08f126b09548a98df0468ef1fe86d9f0a (patch) | |
tree | 2786e76e656739d4f6cdc260a0378751735265ee /src/wireguard/handshake/noise.rs | |
parent | Fixed typo in under load code (diff) | |
download | wireguard-rs-dcd567c08f126b09548a98df0468ef1fe86d9f0a.tar.xz wireguard-rs-dcd567c08f126b09548a98df0468ef1fe86d9f0a.zip |
Squashed commit of the following:
commit 1e26a0bef44e65023a97a16ecf3b123e688d19f7
Author: Mathias Hall-Andersen <mathias@hall-andersen.dk>
Date: Sat Feb 1 14:36:50 2020 +0100
Initial version of sticky sockets for Linux
commit 605cc656ad235d09ba6cd12d03dee2c5e0a9a80a
Author: Mathias Hall-Andersen <mathias@hall-andersen.dk>
Date: Thu Jan 30 14:57:00 2020 +0100
Clear src when sendmsg fails with EINVAL
commit dffd2b228af70f681e2a161642bbdaa348419bf3
Author: Mathias Hall-Andersen <mathias@hall-andersen.dk>
Date: Sun Jan 26 14:01:28 2020 +0100
Fix typoes
commit 2015663706fbe15ed1ac443a31de86b3e6c643c7
Author: Mathias Hall-Andersen <mathias@hall-andersen.dk>
Date: Sun Jan 26 13:51:59 2020 +0100
Restructure of public key -> peer state
Restructured the mapping of public keys to peer state in the project.
The handshake device is now generic over an opaque type,
which enables it to be the sole place where public keys are mapped to
the peer states.
This gets rid of the "peer" map in the WireGuard devices
and avoids having to include the public key in the handshake peer state.
commit bbcfaad4bcc5cf16bacdef0cefe7d29ba1519a23
Author: Mathias Hall-Andersen <mathias@hall-andersen.dk>
Date: Fri Jan 10 21:10:27 2020 +0100
Fixed bind6 also binding on IPv4
commit acbca236b70598c20c24de474690bcad883241d4
Author: Mathias Hall-Andersen <mathias@hall-andersen.dk>
Date: Thu Jan 9 11:24:13 2020 +0100
Work on sticky sockets
Diffstat (limited to 'src/wireguard/handshake/noise.rs')
-rw-r--r-- | src/wireguard/handshake/noise.rs | 46 |
1 files changed, 26 insertions, 20 deletions
diff --git a/src/wireguard/handshake/noise.rs b/src/wireguard/handshake/noise.rs index 072ac13..9e431cf 100644 --- a/src/wireguard/handshake/noise.rs +++ b/src/wireguard/handshake/noise.rs @@ -10,7 +10,7 @@ use hmac::Hmac; use aead::{Aead, NewAead, Payload}; use chacha20poly1305::ChaCha20Poly1305; -use rand::{CryptoRng, RngCore}; +use rand_core::{CryptoRng, RngCore}; use log::debug; @@ -215,20 +215,21 @@ mod tests { } } -pub fn create_initiation<R: RngCore + CryptoRng>( +pub(super) fn create_initiation<R: RngCore + CryptoRng, O>( rng: &mut R, keyst: &KeyState, - peer: &Peer, + peer: &Peer<O>, + pk: &PublicKey, local: u32, msg: &mut NoiseInitiation, ) -> Result<(), HandshakeError> { - debug!("create initation"); + debug!("create initiation"); clear_stack_on_return(CLEAR_PAGES, || { // initialize state let ck = INITIAL_CK; let hs = INITIAL_HS; - let hs = HASH!(&hs, peer.pk.as_bytes()); + let hs = HASH!(&hs, pk.as_bytes()); msg.f_type.set(TYPE_INITIATION as u32); msg.f_sender.set(local); // from us @@ -252,7 +253,7 @@ pub fn create_initiation<R: RngCore + CryptoRng>( // (C, k) := Kdf2(C, DH(E_priv, S_pub)) - let (ck, key) = KDF2!(&ck, eph_sk.diffie_hellman(&peer.pk).as_bytes()); + let (ck, key) = KDF2!(&ck, eph_sk.diffie_hellman(&pk).as_bytes()); // msg.static := Aead(k, 0, S_pub, H) @@ -297,12 +298,12 @@ pub fn create_initiation<R: RngCore + CryptoRng>( }) } -pub fn consume_initiation<'a>( - device: &'a Device, +pub(super) fn consume_initiation<'a, O>( + device: &'a Device<O>, keyst: &KeyState, msg: &NoiseInitiation, -) -> Result<(&'a Peer, TemporaryState), HandshakeError> { - debug!("consume initation"); +) -> Result<(&'a Peer<O>, PublicKey, TemporaryState), HandshakeError> { + debug!("consume initiation"); clear_stack_on_return(CLEAR_PAGES, || { // initialize new state @@ -369,13 +370,18 @@ pub fn consume_initiation<'a>( // return state (to create response) - Ok((peer, (msg.f_sender.get(), eph_r_pk, hs, ck))) + Ok(( + peer, + PublicKey::from(pk), + (msg.f_sender.get(), eph_r_pk, hs, ck), + )) }) } -pub fn create_response<R: RngCore + CryptoRng>( +pub(super) fn create_response<R: RngCore + CryptoRng, O>( rng: &mut R, - peer: &Peer, + peer: &Peer<O>, + pk: &PublicKey, local: u32, // sending identifier state: TemporaryState, // state from "consume_initiation" msg: &mut NoiseResponse, // resulting response @@ -388,7 +394,7 @@ pub fn create_response<R: RngCore + CryptoRng>( msg.f_type.set(TYPE_RESPONSE as u32); msg.f_sender.set(local); // from us - msg.f_receiver.set(receiver); // to the sender of the initation + msg.f_receiver.set(receiver); // to the sender of the initiation // (E_priv, E_pub) := DH-Generate() @@ -413,7 +419,7 @@ pub fn create_response<R: RngCore + CryptoRng>( // C := Kdf1(C, DH(E_priv, S_pub)) - let ck = KDF1!(&ck, eph_sk.diffie_hellman(&peer.pk).as_bytes()); + let ck = KDF1!(&ck, eph_sk.diffie_hellman(&pk).as_bytes()); // (C, tau, k) := Kdf3(C, Q) @@ -460,15 +466,15 @@ pub fn create_response<R: RngCore + CryptoRng>( * allow concurrent processing of potential responses to the initiation, * in order to better mitigate DoS from malformed response messages. */ -pub fn consume_response( - device: &Device, +pub(super) fn consume_response<'a, O>( + device: &'a Device<O>, keyst: &KeyState, msg: &NoiseResponse, -) -> Result<Output, HandshakeError> { +) -> Result<Output<'a, O>, HandshakeError> { debug!("consume response"); clear_stack_on_return(CLEAR_PAGES, || { // retrieve peer and copy initiation state - let peer = device.lookup_id(msg.f_receiver.get())?; + let (peer, _) = device.lookup_id(msg.f_receiver.get())?; let (hs, ck, local, eph_sk) = match *peer.state.lock() { State::InitiationSent { @@ -537,7 +543,7 @@ pub fn consume_response( // return confirmed key-pair Ok(( - Some(peer.pk), + Some(&peer.opaque), None, Some(KeyPair { birth, |