Lines Matching full:handshake
46 /* Must hold peer->handshake.static_identity->lock */
49 down_write(&peer->handshake.lock); in wg_noise_precompute_static_static()
50 if (!peer->handshake.static_identity->has_identity || in wg_noise_precompute_static_static()
51 !curve25519(peer->handshake.precomputed_static_static, in wg_noise_precompute_static_static()
52 peer->handshake.static_identity->static_private, in wg_noise_precompute_static_static()
53 peer->handshake.remote_static)) in wg_noise_precompute_static_static()
54 memset(peer->handshake.precomputed_static_static, 0, in wg_noise_precompute_static_static()
56 up_write(&peer->handshake.lock); in wg_noise_precompute_static_static()
59 void wg_noise_handshake_init(struct noise_handshake *handshake, in wg_noise_handshake_init() argument
65 memset(handshake, 0, sizeof(*handshake)); in wg_noise_handshake_init()
66 init_rwsem(&handshake->lock); in wg_noise_handshake_init()
67 handshake->entry.type = INDEX_HASHTABLE_HANDSHAKE; in wg_noise_handshake_init()
68 handshake->entry.peer = peer; in wg_noise_handshake_init()
69 memcpy(handshake->remote_static, peer_public_key, NOISE_PUBLIC_KEY_LEN); in wg_noise_handshake_init()
71 memcpy(handshake->preshared_key, peer_preshared_key, in wg_noise_handshake_init()
73 handshake->static_identity = static_identity; in wg_noise_handshake_init()
74 handshake->state = HANDSHAKE_ZEROED; in wg_noise_handshake_init()
78 static void handshake_zero(struct noise_handshake *handshake) in handshake_zero() argument
80 memset(&handshake->ephemeral_private, 0, NOISE_PUBLIC_KEY_LEN); in handshake_zero()
81 memset(&handshake->remote_ephemeral, 0, NOISE_PUBLIC_KEY_LEN); in handshake_zero()
82 memset(&handshake->hash, 0, NOISE_HASH_LEN); in handshake_zero()
83 memset(&handshake->chaining_key, 0, NOISE_HASH_LEN); in handshake_zero()
84 handshake->remote_index = 0; in handshake_zero()
85 handshake->state = HANDSHAKE_ZEROED; in handshake_zero()
88 void wg_noise_handshake_clear(struct noise_handshake *handshake) in wg_noise_handshake_clear() argument
90 down_write(&handshake->lock); in wg_noise_handshake_clear()
92 handshake->entry.peer->device->index_hashtable, in wg_noise_handshake_clear()
93 &handshake->entry); in wg_noise_handshake_clear()
94 handshake_zero(handshake); in wg_noise_handshake_clear()
95 up_write(&handshake->lock); in wg_noise_handshake_clear()
183 wg_noise_handshake_clear(&peer->handshake); in wg_noise_expire_current_peer_keypairs()
211 /* If we're the initiator, it means we've sent a handshake, and in add_new_keypair()
518 struct noise_handshake *handshake) in wg_noise_handshake_create_initiation() argument
529 down_read(&handshake->static_identity->lock); in wg_noise_handshake_create_initiation()
530 down_write(&handshake->lock); in wg_noise_handshake_create_initiation()
532 if (unlikely(!handshake->static_identity->has_identity)) in wg_noise_handshake_create_initiation()
537 handshake_init(handshake->chaining_key, handshake->hash, in wg_noise_handshake_create_initiation()
538 handshake->remote_static); in wg_noise_handshake_create_initiation()
541 curve25519_generate_secret(handshake->ephemeral_private); in wg_noise_handshake_create_initiation()
543 handshake->ephemeral_private)) in wg_noise_handshake_create_initiation()
546 dst->unencrypted_ephemeral, handshake->chaining_key, in wg_noise_handshake_create_initiation()
547 handshake->hash); in wg_noise_handshake_create_initiation()
550 if (!mix_dh(handshake->chaining_key, key, handshake->ephemeral_private, in wg_noise_handshake_create_initiation()
551 handshake->remote_static)) in wg_noise_handshake_create_initiation()
556 handshake->static_identity->static_public, in wg_noise_handshake_create_initiation()
557 NOISE_PUBLIC_KEY_LEN, key, handshake->hash); in wg_noise_handshake_create_initiation()
560 if (!mix_precomputed_dh(handshake->chaining_key, key, in wg_noise_handshake_create_initiation()
561 handshake->precomputed_static_static)) in wg_noise_handshake_create_initiation()
567 NOISE_TIMESTAMP_LEN, key, handshake->hash); in wg_noise_handshake_create_initiation()
570 handshake->entry.peer->device->index_hashtable, in wg_noise_handshake_create_initiation()
571 &handshake->entry); in wg_noise_handshake_create_initiation()
573 handshake->state = HANDSHAKE_CREATED_INITIATION; in wg_noise_handshake_create_initiation()
577 up_write(&handshake->lock); in wg_noise_handshake_create_initiation()
578 up_read(&handshake->static_identity->lock); in wg_noise_handshake_create_initiation()
588 struct noise_handshake *handshake; in wg_noise_handshake_consume_initiation() local
620 handshake = &peer->handshake; in wg_noise_handshake_consume_initiation()
624 handshake->precomputed_static_static)) in wg_noise_handshake_consume_initiation()
632 down_read(&handshake->lock); in wg_noise_handshake_consume_initiation()
633 replay_attack = memcmp(t, handshake->latest_timestamp, in wg_noise_handshake_consume_initiation()
635 flood_attack = (s64)handshake->last_initiation_consumption + in wg_noise_handshake_consume_initiation()
638 up_read(&handshake->lock); in wg_noise_handshake_consume_initiation()
643 down_write(&handshake->lock); in wg_noise_handshake_consume_initiation()
644 memcpy(handshake->remote_ephemeral, e, NOISE_PUBLIC_KEY_LEN); in wg_noise_handshake_consume_initiation()
645 if (memcmp(t, handshake->latest_timestamp, NOISE_TIMESTAMP_LEN) > 0) in wg_noise_handshake_consume_initiation()
646 memcpy(handshake->latest_timestamp, t, NOISE_TIMESTAMP_LEN); in wg_noise_handshake_consume_initiation()
647 memcpy(handshake->hash, hash, NOISE_HASH_LEN); in wg_noise_handshake_consume_initiation()
648 memcpy(handshake->chaining_key, chaining_key, NOISE_HASH_LEN); in wg_noise_handshake_consume_initiation()
649 handshake->remote_index = src->sender_index; in wg_noise_handshake_consume_initiation()
651 if ((s64)(handshake->last_initiation_consumption - initiation_consumption) < 0) in wg_noise_handshake_consume_initiation()
652 handshake->last_initiation_consumption = initiation_consumption; in wg_noise_handshake_consume_initiation()
653 handshake->state = HANDSHAKE_CONSUMED_INITIATION; in wg_noise_handshake_consume_initiation()
654 up_write(&handshake->lock); in wg_noise_handshake_consume_initiation()
668 struct noise_handshake *handshake) in wg_noise_handshake_create_response() argument
678 down_read(&handshake->static_identity->lock); in wg_noise_handshake_create_response()
679 down_write(&handshake->lock); in wg_noise_handshake_create_response()
681 if (handshake->state != HANDSHAKE_CONSUMED_INITIATION) in wg_noise_handshake_create_response()
685 dst->receiver_index = handshake->remote_index; in wg_noise_handshake_create_response()
688 curve25519_generate_secret(handshake->ephemeral_private); in wg_noise_handshake_create_response()
690 handshake->ephemeral_private)) in wg_noise_handshake_create_response()
693 dst->unencrypted_ephemeral, handshake->chaining_key, in wg_noise_handshake_create_response()
694 handshake->hash); in wg_noise_handshake_create_response()
697 if (!mix_dh(handshake->chaining_key, NULL, handshake->ephemeral_private, in wg_noise_handshake_create_response()
698 handshake->remote_ephemeral)) in wg_noise_handshake_create_response()
702 if (!mix_dh(handshake->chaining_key, NULL, handshake->ephemeral_private, in wg_noise_handshake_create_response()
703 handshake->remote_static)) in wg_noise_handshake_create_response()
707 mix_psk(handshake->chaining_key, handshake->hash, key, in wg_noise_handshake_create_response()
708 handshake->preshared_key); in wg_noise_handshake_create_response()
711 message_encrypt(dst->encrypted_nothing, NULL, 0, key, handshake->hash); in wg_noise_handshake_create_response()
714 handshake->entry.peer->device->index_hashtable, in wg_noise_handshake_create_response()
715 &handshake->entry); in wg_noise_handshake_create_response()
717 handshake->state = HANDSHAKE_CREATED_RESPONSE; in wg_noise_handshake_create_response()
721 up_write(&handshake->lock); in wg_noise_handshake_create_response()
722 up_read(&handshake->static_identity->lock); in wg_noise_handshake_create_response()
733 struct noise_handshake *handshake; in wg_noise_handshake_consume_response() local
747 handshake = (struct noise_handshake *)wg_index_hashtable_lookup( in wg_noise_handshake_consume_response()
750 if (unlikely(!handshake)) in wg_noise_handshake_consume_response()
753 down_read(&handshake->lock); in wg_noise_handshake_consume_response()
754 state = handshake->state; in wg_noise_handshake_consume_response()
755 memcpy(hash, handshake->hash, NOISE_HASH_LEN); in wg_noise_handshake_consume_response()
756 memcpy(chaining_key, handshake->chaining_key, NOISE_HASH_LEN); in wg_noise_handshake_consume_response()
757 memcpy(ephemeral_private, handshake->ephemeral_private, in wg_noise_handshake_consume_response()
759 memcpy(preshared_key, handshake->preshared_key, in wg_noise_handshake_consume_response()
761 up_read(&handshake->lock); in wg_noise_handshake_consume_response()
786 down_write(&handshake->lock); in wg_noise_handshake_consume_response()
790 if (handshake->state != state) { in wg_noise_handshake_consume_response()
791 up_write(&handshake->lock); in wg_noise_handshake_consume_response()
794 memcpy(handshake->remote_ephemeral, e, NOISE_PUBLIC_KEY_LEN); in wg_noise_handshake_consume_response()
795 memcpy(handshake->hash, hash, NOISE_HASH_LEN); in wg_noise_handshake_consume_response()
796 memcpy(handshake->chaining_key, chaining_key, NOISE_HASH_LEN); in wg_noise_handshake_consume_response()
797 handshake->remote_index = src->sender_index; in wg_noise_handshake_consume_response()
798 handshake->state = HANDSHAKE_CONSUMED_RESPONSE; in wg_noise_handshake_consume_response()
799 up_write(&handshake->lock); in wg_noise_handshake_consume_response()
816 bool wg_noise_handshake_begin_session(struct noise_handshake *handshake, in wg_noise_handshake_begin_session() argument
822 down_write(&handshake->lock); in wg_noise_handshake_begin_session()
823 if (handshake->state != HANDSHAKE_CREATED_RESPONSE && in wg_noise_handshake_begin_session()
824 handshake->state != HANDSHAKE_CONSUMED_RESPONSE) in wg_noise_handshake_begin_session()
827 new_keypair = keypair_create(handshake->entry.peer); in wg_noise_handshake_begin_session()
830 new_keypair->i_am_the_initiator = handshake->state == in wg_noise_handshake_begin_session()
832 new_keypair->remote_index = handshake->remote_index; in wg_noise_handshake_begin_session()
836 handshake->chaining_key); in wg_noise_handshake_begin_session()
839 handshake->chaining_key); in wg_noise_handshake_begin_session()
841 handshake_zero(handshake); in wg_noise_handshake_begin_session()
843 if (likely(!READ_ONCE(container_of(handshake, struct wg_peer, in wg_noise_handshake_begin_session()
844 handshake)->is_dead))) { in wg_noise_handshake_begin_session()
847 handshake->entry.peer->device->dev->name, in wg_noise_handshake_begin_session()
849 handshake->entry.peer->internal_id); in wg_noise_handshake_begin_session()
851 handshake->entry.peer->device->index_hashtable, in wg_noise_handshake_begin_session()
852 &handshake->entry, &new_keypair->entry); in wg_noise_handshake_begin_session()
859 up_write(&handshake->lock); in wg_noise_handshake_begin_session()