zx2c4
/
wireguard-freebsd
mirror of git://git.zx2c4.com/wireguard-freebsd
1
Fork 0
Code Releases Activity

crypto: return an error code from mbuf crypt routines 

This permits returning different error codes for different conditions.

Signed-off-by: John Baldwin <jhb@FreeBSD.org>
This commit is contained in:
John Baldwin 2022-01-20 15:26:30 -08:00 committed by Jason A. Donenfeld
parent 7658a19cb6
commit 352883bb38
3 changed files with 18 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
src/crypto.c
View File

@ -587,7 +587,7 @@ chacha20poly1305_decrypt(uint8_t *dst, const uint8_t *src, const size_t src_len,
return ret;
}
static inline bool
static inline int
chacha20poly1305_crypt_mbuf(struct mbuf *m0, uint64_t nonce,
const uint8_t key[CHACHA20POLY1305_KEY_SIZE], bool encrypt)
{
@ -596,7 +596,7 @@ chacha20poly1305_crypt_mbuf(struct mbuf *m0, uint64_t nonce,
uint8_t *buf, mbuf_mac[POLY1305_MAC_SIZE];
size_t len, leftover = 0;
struct mbuf *m;
bool ret;
int ret;
union {
uint32_t stream[CHACHA20_BLOCK_WORDS];
uint8_t block0[POLY1305_KEY_SIZE];
@ -606,7 +606,7 @@ chacha20poly1305_crypt_mbuf(struct mbuf *m0, uint64_t nonce,
if (!encrypt) {
if (m0->m_pkthdr.len < POLY1305_MAC_SIZE)
return false;
return EMSGSIZE;
m_copydata(m0, m0->m_pkthdr.len - POLY1305_MAC_SIZE, POLY1305_MAC_SIZE, mbuf_mac);
m_adj(m0, -POLY1305_MAC_SIZE);
}
@ -655,9 +655,9 @@ chacha20poly1305_crypt_mbuf(struct mbuf *m0, uint64_t nonce,
poly1305_final(&poly1305_state, b.mac);
if (encrypt)
ret = m_append(m0, POLY1305_MAC_SIZE, b.mac);
ret = m_append(m0, POLY1305_MAC_SIZE, b.mac) ? 0 : ENOMEM;
else
ret = timingsafe_bcmp(b.mac, mbuf_mac, POLY1305_MAC_SIZE) == 0;
ret = timingsafe_bcmp(b.mac, mbuf_mac, POLY1305_MAC_SIZE) == 0 ? 0 : EBADMSG;
explicit_bzero(&chacha20_state, sizeof(chacha20_state));
explicit_bzero(&b, sizeof(b));
@ -665,14 +665,14 @@ chacha20poly1305_crypt_mbuf(struct mbuf *m0, uint64_t nonce,
return ret;
}
bool
int
chacha20poly1305_encrypt_mbuf(struct mbuf *m, const uint64_t nonce,
const uint8_t key[CHACHA20POLY1305_KEY_SIZE])
{
return chacha20poly1305_crypt_mbuf(m, nonce, key, true);
}
bool
int
chacha20poly1305_decrypt_mbuf(struct mbuf *m, const uint64_t nonce,
const uint8_t key[CHACHA20POLY1305_KEY_SIZE])
{

4
src/crypto.h
View File

@ -27,11 +27,11 @@ chacha20poly1305_decrypt(uint8_t *dst, const uint8_t *src, const size_t src_len,
const uint64_t nonce,
const uint8_t key[CHACHA20POLY1305_KEY_SIZE]);
bool
int
chacha20poly1305_encrypt_mbuf(struct mbuf *, const uint64_t nonce,
const uint8_t key[CHACHA20POLY1305_KEY_SIZE]);
bool
int
chacha20poly1305_decrypt_mbuf(struct mbuf *, const uint64_t nonce,
const uint8_t key[CHACHA20POLY1305_KEY_SIZE]);

13
src/wg_noise.c
View File

@ -903,8 +903,11 @@ noise_keep_key_fresh_recv(struct noise_remote *r)
int
noise_keypair_encrypt(struct noise_keypair *kp, uint32_t *r_idx, uint64_t nonce, struct mbuf *m)
{
if (chacha20poly1305_encrypt_mbuf(m, nonce, kp->kp_send) == 0)
return (ENOMEM);
int ret;
ret = chacha20poly1305_encrypt_mbuf(m, nonce, kp->kp_send);
if (ret)
return (ret);
*r_idx = kp->kp_index.i_remote_index;
return (0);
@ -914,6 +917,7 @@ int
noise_keypair_decrypt(struct noise_keypair *kp, uint64_t nonce, struct mbuf *m)
{
uint64_t cur_nonce;
int ret;
#ifdef __LP64__
cur_nonce = ck_pr_load_64(&kp->kp_nonce_recv);
@ -927,8 +931,9 @@ noise_keypair_decrypt(struct noise_keypair *kp, uint64_t nonce, struct mbuf *m)
noise_timer_expired(kp->kp_birthdate, REJECT_AFTER_TIME, 0))
return (EINVAL);
if (chacha20poly1305_decrypt_mbuf(m, nonce, kp->kp_recv) == 0)
return (EINVAL);
ret = chacha20poly1305_decrypt_mbuf(m, nonce, kp->kp_recv);
if (ret)
return (ret);
return (0);
}