noise.c - OpenGrok cross reference for /linux/drivers/net/wireguard/noise.c

Lines Matching refs:handshake
46 /* Must hold peer->handshake.static_identity->lock */
49 	down_write(&peer->handshake.lock);
50 	if (!peer->handshake.static_identity->has_identity ||
51 	    !curve25519(peer->handshake.precomputed_static_static,
52 			peer->handshake.static_identity->static_private,
53 			peer->handshake.remote_static))
54 		memset(peer->handshake.precomputed_static_static, 0,
56 	up_write(&peer->handshake.lock);
59 void wg_noise_handshake_init(struct noise_handshake *handshake,
65 	memset(handshake, 0, sizeof(*handshake));
66 	init_rwsem(&handshake->lock);
67 	handshake->entry.type = INDEX_HASHTABLE_HANDSHAKE;
68 	handshake->entry.peer = peer;
69 	memcpy(handshake->remote_static, peer_public_key, NOISE_PUBLIC_KEY_LEN);
71 		memcpy(handshake->preshared_key, peer_preshared_key,
73 	handshake->static_identity = static_identity;
74 	handshake->state = HANDSHAKE_ZEROED;
78 static void handshake_zero(struct noise_handshake *handshake)
80 	memset(&handshake->ephemeral_private, 0, NOISE_PUBLIC_KEY_LEN);
81 	memset(&handshake->remote_ephemeral, 0, NOISE_PUBLIC_KEY_LEN);
82 	memset(&handshake->hash, 0, NOISE_HASH_LEN);
83 	memset(&handshake->chaining_key, 0, NOISE_HASH_LEN);
84 	handshake->remote_index = 0;
85 	handshake->state = HANDSHAKE_ZEROED;
88 void wg_noise_handshake_clear(struct noise_handshake *handshake)
90 	down_write(&handshake->lock);
92 			handshake->entry.peer->device->index_hashtable,
93 			&handshake->entry);
94 	handshake_zero(handshake);
95 	up_write(&handshake->lock);
183 	wg_noise_handshake_clear(&peer->handshake);
211 		/* If we're the initiator, it means we've sent a handshake, and
518 				     struct noise_handshake *handshake)
529 	down_read(&handshake->static_identity->lock);
530 	down_write(&handshake->lock);
532 	if (unlikely(!handshake->static_identity->has_identity))
537 	handshake_init(handshake->chaining_key, handshake->hash,
538 		       handshake->remote_static);
541 	curve25519_generate_secret(handshake->ephemeral_private);
543 					handshake->ephemeral_private))
546 			  dst->unencrypted_ephemeral, handshake->chaining_key,
547 			  handshake->hash);
550 	if (!mix_dh(handshake->chaining_key, key, handshake->ephemeral_private,
551 		    handshake->remote_static))
556 			handshake->static_identity->static_public,
557 			NOISE_PUBLIC_KEY_LEN, key, handshake->hash);
560 	if (!mix_precomputed_dh(handshake->chaining_key, key,
561 				handshake->precomputed_static_static))
567 			NOISE_TIMESTAMP_LEN, key, handshake->hash);
570 		handshake->entry.peer->device->index_hashtable,
571 		&handshake->entry);
573 	handshake->state = HANDSHAKE_CREATED_INITIATION;
577 	up_write(&handshake->lock);
578 	up_read(&handshake->static_identity->lock);
588 	struct noise_handshake *handshake;
620 	handshake = &peer->handshake;
624 				handshake->precomputed_static_static))
632 	down_read(&handshake->lock);
633 	replay_attack = memcmp(t, handshake->latest_timestamp,
635 	flood_attack = (s64)handshake->last_initiation_consumption +
638 	up_read(&handshake->lock);
643 	down_write(&handshake->lock);
644 	memcpy(handshake->remote_ephemeral, e, NOISE_PUBLIC_KEY_LEN);
645 	if (memcmp(t, handshake->latest_timestamp, NOISE_TIMESTAMP_LEN) > 0)
646 		memcpy(handshake->latest_timestamp, t, NOISE_TIMESTAMP_LEN);
647 	memcpy(handshake->hash, hash, NOISE_HASH_LEN);
648 	memcpy(handshake->chaining_key, chaining_key, NOISE_HASH_LEN);
649 	handshake->remote_index = src->sender_index;
651 	if ((s64)(handshake->last_initiation_consumption - initiation_consumption) < 0)
652 		handshake->last_initiation_consumption = initiation_consumption;
653 	handshake->state = HANDSHAKE_CONSUMED_INITIATION;
654 	up_write(&handshake->lock);
668 					struct noise_handshake *handshake)
678 	down_read(&handshake->static_identity->lock);
679 	down_write(&handshake->lock);
681 	if (handshake->state != HANDSHAKE_CONSUMED_INITIATION)
685 	dst->receiver_index = handshake->remote_index;
688 	curve25519_generate_secret(handshake->ephemeral_private);
690 					handshake->ephemeral_private))
693 			  dst->unencrypted_ephemeral, handshake->chaining_key,
694 			  handshake->hash);
697 	if (!mix_dh(handshake->chaining_key, NULL, handshake->ephemeral_private,
698 		    handshake->remote_ephemeral))
702 	if (!mix_dh(handshake->chaining_key, NULL, handshake->ephemeral_private,
703 		    handshake->remote_static))
707 	mix_psk(handshake->chaining_key, handshake->hash, key,
708 		handshake->preshared_key);
711 	message_encrypt(dst->encrypted_nothing, NULL, 0, key, handshake->hash);
714 		handshake->entry.peer->device->index_hashtable,
715 		&handshake->entry);
717 	handshake->state = HANDSHAKE_CREATED_RESPONSE;
721 	up_write(&handshake->lock);
722 	up_read(&handshake->static_identity->lock);
733 	struct noise_handshake *handshake;
747 	handshake = (struct noise_handshake *)wg_index_hashtable_lookup(
750 	if (unlikely(!handshake))
753 	down_read(&handshake->lock);
754 	state = handshake->state;
755 	memcpy(hash, handshake->hash, NOISE_HASH_LEN);
756 	memcpy(chaining_key, handshake->chaining_key, NOISE_HASH_LEN);
757 	memcpy(ephemeral_private, handshake->ephemeral_private,
759 	memcpy(preshared_key, handshake->preshared_key,
761 	up_read(&handshake->lock);
786 	down_write(&handshake->lock);
790 	if (handshake->state != state) {
791 		up_write(&handshake->lock);
794 	memcpy(handshake->remote_ephemeral, e, NOISE_PUBLIC_KEY_LEN);
795 	memcpy(handshake->hash, hash, NOISE_HASH_LEN);
796 	memcpy(handshake->chaining_key, chaining_key, NOISE_HASH_LEN);
797 	handshake->remote_index = src->sender_index;
798 	handshake->state = HANDSHAKE_CONSUMED_RESPONSE;
799 	up_write(&handshake->lock);
816 bool wg_noise_handshake_begin_session(struct noise_handshake *handshake,
822 	down_write(&handshake->lock);
823 	if (handshake->state != HANDSHAKE_CREATED_RESPONSE &&
824 	    handshake->state != HANDSHAKE_CONSUMED_RESPONSE)
827 	new_keypair = keypair_create(handshake->entry.peer);
830 	new_keypair->i_am_the_initiator = handshake->state ==
832 	new_keypair->remote_index = handshake->remote_index;
836 			    handshake->chaining_key);
839 			    handshake->chaining_key);
841 	handshake_zero(handshake);
843 	if (likely(!READ_ONCE(container_of(handshake, struct wg_peer,
844 					   handshake)->is_dead))) {
847 				    handshake->entry.peer->device->dev->name,
849 				    handshake->entry.peer->internal_id);
851 			handshake->entry.peer->device->index_hashtable,
852 			&handshake->entry, &new_keypair->entry);
859 	up_write(&handshake->lock);