global: move siphash helper out of support
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
This commit is contained in:
parent
4222f1171a
commit
36e259a6e0
|
@ -45,28 +45,6 @@
|
|||
|
||||
MALLOC_DECLARE(M_WG);
|
||||
|
||||
#include <crypto/siphash/siphash.h>
|
||||
typedef struct {
|
||||
uint64_t k0;
|
||||
uint64_t k1;
|
||||
} SIPHASH_KEY;
|
||||
|
||||
static inline uint64_t
|
||||
siphash24(const SIPHASH_KEY *key, const void *src, size_t len)
|
||||
{
|
||||
SIPHASH_CTX ctx;
|
||||
|
||||
return (SipHashX(&ctx, 2, 4, (const uint8_t *)key, src, len));
|
||||
}
|
||||
|
||||
static inline uint64_t
|
||||
siphash13(const SIPHASH_KEY *key, const void *src, size_t len)
|
||||
{
|
||||
SIPHASH_CTX ctx;
|
||||
|
||||
return (SipHashX(&ctx, 1, 3, (const uint8_t *)key, src, len));
|
||||
}
|
||||
|
||||
#ifndef ARRAY_SIZE
|
||||
#define ARRAY_SIZE(x) (sizeof(x) / sizeof((x)[0]))
|
||||
#endif
|
||||
|
|
|
@ -28,6 +28,7 @@ static int ratelimit_init(struct ratelimit *, uma_zone_t);
|
|||
static void ratelimit_deinit(struct ratelimit *);
|
||||
static void ratelimit_gc(struct ratelimit *, int);
|
||||
static int ratelimit_allow(struct ratelimit *, struct sockaddr *);
|
||||
static uint64_t siphash13(const uint8_t [SIPHASH_KEY_LENGTH], const void *, size_t);
|
||||
|
||||
/* Public Functions */
|
||||
void
|
||||
|
@ -272,7 +273,7 @@ static int
|
|||
ratelimit_init(struct ratelimit *rl, uma_zone_t zone)
|
||||
{
|
||||
rw_init(&rl->rl_lock, "ratelimit_lock");
|
||||
arc4random_buf(&rl->rl_secret, sizeof(rl->rl_secret));
|
||||
arc4random_buf(rl->rl_secret, sizeof(rl->rl_secret));
|
||||
rl->rl_table = hashinit_flags(RATELIMIT_SIZE, M_DEVBUF,
|
||||
&rl->rl_table_mask, M_NOWAIT);
|
||||
rl->rl_zone = zone;
|
||||
|
@ -336,11 +337,11 @@ ratelimit_allow(struct ratelimit *rl, struct sockaddr *sa)
|
|||
int ret = ECONNREFUSED;
|
||||
|
||||
if (sa->sa_family == AF_INET)
|
||||
key = siphash13(&rl->rl_secret, &satosin(sa)->sin_addr,
|
||||
key = siphash13(rl->rl_secret, &satosin(sa)->sin_addr,
|
||||
IPV4_MASK_SIZE);
|
||||
#ifdef INET6
|
||||
else if (sa->sa_family == AF_INET6)
|
||||
key = siphash13(&rl->rl_secret, &satosin6(sa)->sin6_addr,
|
||||
key = siphash13(rl->rl_secret, &satosin6(sa)->sin6_addr,
|
||||
IPV6_MASK_SIZE);
|
||||
#endif
|
||||
else
|
||||
|
@ -418,3 +419,9 @@ error:
|
|||
rw_exit_write(&rl->rl_lock);
|
||||
return ret;
|
||||
}
|
||||
|
||||
static uint64_t siphash13(const uint8_t key[SIPHASH_KEY_LENGTH], const void *src, size_t len)
|
||||
{
|
||||
SIPHASH_CTX ctx;
|
||||
return (SipHashX(&ctx, 1, 3, key, src, len));
|
||||
}
|
||||
|
|
|
@ -11,9 +11,8 @@
|
|||
#include <sys/time.h>
|
||||
#include <sys/rwlock.h>
|
||||
#include <sys/queue.h>
|
||||
|
||||
#include <netinet/in.h>
|
||||
|
||||
#include <crypto/siphash/siphash.h>
|
||||
#include "crypto.h"
|
||||
|
||||
#define COOKIE_MAC_SIZE 16
|
||||
|
@ -59,7 +58,7 @@ struct ratelimit_entry {
|
|||
};
|
||||
|
||||
struct ratelimit {
|
||||
SIPHASH_KEY rl_secret;
|
||||
uint8_t rl_secret[SIPHASH_KEY_LENGTH];
|
||||
uma_zone_t rl_zone;
|
||||
|
||||
struct rwlock rl_lock;
|
||||
|
|
|
@ -13,6 +13,7 @@
|
|||
#include <sys/refcount.h>
|
||||
#include <sys/epoch.h>
|
||||
#include <sys/ck.h>
|
||||
#include <crypto/siphash/siphash.h>
|
||||
|
||||
#include "crypto.h"
|
||||
#include "wg_noise.h"
|
||||
|
@ -117,7 +118,7 @@ struct noise_local {
|
|||
uint8_t l_private[NOISE_PUBLIC_KEY_LEN];
|
||||
|
||||
u_int l_refcnt;
|
||||
SIPHASH_KEY l_hash_key;
|
||||
uint8_t l_hash_key[SIPHASH_KEY_LENGTH];
|
||||
void *l_arg;
|
||||
void (*l_cleanup)(struct noise_local *);
|
||||
|
||||
|
@ -162,6 +163,7 @@ static void noise_msg_ephemeral(uint8_t [NOISE_HASH_LEN], uint8_t [NOISE_HASH_LE
|
|||
const uint8_t [NOISE_PUBLIC_KEY_LEN]);
|
||||
static void noise_tai64n_now(uint8_t [NOISE_TIMESTAMP_LEN]);
|
||||
static int noise_timer_expired(sbintime_t, uint32_t, uint32_t);
|
||||
static uint64_t siphash24(const uint8_t [SIPHASH_KEY_LENGTH], const void *, size_t);
|
||||
|
||||
/* I can't find where FreeBSD defines such behaviours, so that is temporarily here. */
|
||||
#define epoch_ptr_read(p) ck_pr_load_ptr(p)
|
||||
|
@ -186,7 +188,7 @@ noise_local_alloc(void *arg)
|
|||
bzero(l->l_private, NOISE_PUBLIC_KEY_LEN);
|
||||
|
||||
refcount_init(&l->l_refcnt, 1);
|
||||
arc4random_buf(&l->l_hash_key, sizeof(l->l_hash_key));
|
||||
arc4random_buf(l->l_hash_key, sizeof(l->l_hash_key));
|
||||
l->l_arg = arg;
|
||||
l->l_cleanup = NULL;
|
||||
|
||||
|
@ -326,7 +328,7 @@ noise_remote_enable(struct noise_remote *r)
|
|||
int ret = 0;
|
||||
|
||||
/* Insert to hashtable */
|
||||
idx = siphash24(&l->l_hash_key, r->r_public, NOISE_PUBLIC_KEY_LEN) & HT_REMOTE_MASK;
|
||||
idx = siphash24(l->l_hash_key, r->r_public, NOISE_PUBLIC_KEY_LEN) & HT_REMOTE_MASK;
|
||||
|
||||
rw_wlock(&l->l_remote_lock);
|
||||
if (!r->r_entry_inserted) {
|
||||
|
@ -364,7 +366,7 @@ noise_remote_lookup(struct noise_local *l, const uint8_t public[NOISE_PUBLIC_KEY
|
|||
struct noise_remote *r, *ret = NULL;
|
||||
uint64_t idx;
|
||||
|
||||
idx = siphash24(&l->l_hash_key, public, NOISE_PUBLIC_KEY_LEN) & HT_REMOTE_MASK;
|
||||
idx = siphash24(l->l_hash_key, public, NOISE_PUBLIC_KEY_LEN) & HT_REMOTE_MASK;
|
||||
|
||||
NET_EPOCH_ENTER(et);
|
||||
CK_LIST_FOREACH(r, &l->l_remote_hash[idx], r_entry) {
|
||||
|
@ -1337,3 +1339,9 @@ noise_timer_expired(sbintime_t timer, uint32_t sec, uint32_t nsec)
|
|||
sbintime_t now = getsbinuptime();
|
||||
return (now > (timer + sec * SBT_1S + nstosbt(nsec))) ? ETIMEDOUT : 0;
|
||||
}
|
||||
|
||||
static uint64_t siphash24(const uint8_t key[SIPHASH_KEY_LENGTH], const void *src, size_t len)
|
||||
{
|
||||
SIPHASH_CTX ctx;
|
||||
return (SipHashX(&ctx, 2, 4, key, src, len));
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue