ligang/vpp
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

wireguard: fix handshake procedure

Browse Source 
Type: fix

Change-Id: I96e8c5c9c792b1d9aefd39ce3e240d220827b7d1
Signed-off-by: Artem Glazychev <artem.glazychev@xored.com>
(cherry picked from commit cf527882e2)
This commit is contained in:
Artem Glazychev
2020-09-10 13:13:29 +07:00
committed by Andrew Yourtchenko
parent 58db34c2ca
commit 911d7563cb
2 changed files with 17 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

25
src/plugins/wireguard/wireguard_noise.c
View File

@ -547,29 +547,34 @@ chacha20poly1305_calc (vlib_main_t * vm,
vnet_crypto_op_id_t op_id, vnet_crypto_op_id_t op_id,
vnet_crypto_key_index_t key_index) vnet_crypto_key_index_t key_index)
{ {
vnet_crypto_op_t _op, *op = &_op;
u8 iv[12]; u8 iv[12];
u8 tag_[NOISE_AUTHTAG_LEN] = { };
u8 src_[] = { };
clib_memset (iv, 0, 12); clib_memset (iv, 0, 12);
clib_memcpy (iv + 4, &nonce, sizeof (nonce)); clib_memcpy (iv + 4, &nonce, sizeof (nonce));
vnet_crypto_op_t _op, *op = &_op; vnet_crypto_op_init (op, op_id);
u8 _tag[16] = { }; op->tag_len = NOISE_AUTHTAG_LEN;
if (op_id == VNET_CRYPTO_OP_CHACHA20_POLY1305_DEC) if (op_id == VNET_CRYPTO_OP_CHACHA20_POLY1305_DEC)
{ {
clib_memcpy (_tag, src + src_len - NOISE_AUTHTAG_LEN, op->tag = src + src_len - NOISE_AUTHTAG_LEN;
NOISE_AUTHTAG_LEN);
src_len -= NOISE_AUTHTAG_LEN; src_len -= NOISE_AUTHTAG_LEN;
} }
vnet_crypto_op_init (op, op_id); else
op->key_index = key_index; op->tag = tag_;
op->src = src;
op->dst = dst; op->src = !src ? src_ : src;
op->len = src_len; op->len = src_len;
op->dst = dst;
op->key_index = key_index;
op->aad = aad; op->aad = aad;
op->aad_len = aad_len; op->aad_len = aad_len;
op->iv = iv; op->iv = iv;
op->tag_len = NOISE_AUTHTAG_LEN;
op->tag = _tag;
vnet_crypto_process_ops (vm, op, 1); vnet_crypto_process_ops (vm, op, 1);
if (op_id == VNET_CRYPTO_OP_CHACHA20_POLY1305_ENC) if (op_id == VNET_CRYPTO_OP_CHACHA20_POLY1305_ENC)
{ {

4
src/plugins/wireguard/wireguard_send.h
View File

@ -26,8 +26,8 @@ always_inline void
ip4_header_set_len_w_chksum (ip4_header_t * ip4, u16 len) ip4_header_set_len_w_chksum (ip4_header_t * ip4, u16 len)
{ {
ip_csum_t sum = ip4->checksum; ip_csum_t sum = ip4->checksum;
u8 old = ip4->length; u16 old = ip4->length;
u8 new = len; u16 new = len;
sum = ip_csum_update (sum, old, new, ip4_header_t, length); sum = ip_csum_update (sum, old, new, ip4_header_t, length);
ip4->checksum = ip_csum_fold (sum); ip4->checksum = ip_csum_fold (sum);