]> git.baikalelectronics.ru Git - kernel.git/commit
wireguard: noise: error out precomputed DH during handshake rather than config
authorJason A. Donenfeld <Jason@zx2c4.com>
Thu, 19 Mar 2020 00:30:47 +0000 (18:30 -0600)
committerDavid S. Miller <davem@davemloft.net>
Thu, 19 Mar 2020 01:51:43 +0000 (18:51 -0700)
commit54b812a91af19254152507b3bf4a8a80f071888a
tree94cc7594f7e7251436916ef36ffd87430fd8e3d7
parent8b95096b26491ef6a8b0b66c3c1ef0c90fc13a78
wireguard: noise: error out precomputed DH during handshake rather than config

We precompute the static-static ECDH during configuration time, in order
to save an expensive computation later when receiving network packets.
However, not all ECDH computations yield a contributory result. Prior,
we were just not letting those peers be added to the interface. However,
this creates a strange inconsistency, since it was still possible to add
other weird points, like a valid public key plus a low-order point, and,
like points that result in zeros, a handshake would not complete. In
order to make the behavior more uniform and less surprising, simply
allow all peers to be added. Then, we'll error out later when doing the
crypto if there's an issue. This also adds more separation between the
crypto layer and the configuration layer.

Discussed-with: Mathias Hall-Andersen <mathias@hall-andersen.dk>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
drivers/net/wireguard/netlink.c
drivers/net/wireguard/noise.c
drivers/net/wireguard/noise.h
drivers/net/wireguard/peer.c
tools/testing/selftests/wireguard/netns.sh