diff options
| author | Jason A. Donenfeld <Jason@zx2c4.com> | 2020-03-18 18:30:47 -0600 |
|---|---|---|
| committer | David S. Miller <davem@davemloft.net> | 2020-03-18 18:51:43 -0700 |
| commit | c5e5f40e27f6b87324ae89d175879cf35498632c (patch) | |
| tree | cbe8424419b8eca14736eb0ab02ce5f9c509915a /drivers/net/wireguard/netlink.c | |
| parent | b3ab061a424b6e0639b0b09b147cad3083c53adb (diff) | |
| download | wireguard-linux-trimmed-c5e5f40e27f6b87324ae89d175879cf35498632c.tar.gz wireguard-linux-trimmed-c5e5f40e27f6b87324ae89d175879cf35498632c.zip | |
wireguard: noise: error out precomputed DH during handshake rather than config
We precompute the static-static ECDH during configuration time, in order
to save an expensive computation later when receiving network packets.
However, not all ECDH computations yield a contributory result. Prior,
we were just not letting those peers be added to the interface. However,
this creates a strange inconsistency, since it was still possible to add
other weird points, like a valid public key plus a low-order point, and,
like points that result in zeros, a handshake would not complete. In
order to make the behavior more uniform and less surprising, simply
allow all peers to be added. Then, we'll error out later when doing the
crypto if there's an issue. This also adds more separation between the
crypto layer and the configuration layer.
Discussed-with: Mathias Hall-Andersen <mathias@hall-andersen.dk>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'drivers/net/wireguard/netlink.c')
| -rw-r--r-- | drivers/net/wireguard/netlink.c | 8 |
1 files changed, 2 insertions, 6 deletions
diff --git a/drivers/net/wireguard/netlink.c b/drivers/net/wireguard/netlink.c index bda2640..802099c 100644 --- a/drivers/net/wireguard/netlink.c +++ b/drivers/net/wireguard/netlink.c @@ -411,11 +411,7 @@ static int set_peer(struct wg_device *wg, struct nlattr **attrs) peer = wg_peer_create(wg, public_key, preshared_key); if (IS_ERR(peer)) { - /* Similar to the above, if the key is invalid, we skip - * it without fanfare, so that services don't need to - * worry about doing key validation themselves. - */ - ret = PTR_ERR(peer) == -EKEYREJECTED ? 0 : PTR_ERR(peer); + ret = PTR_ERR(peer); peer = NULL; goto out; } @@ -569,7 +565,7 @@ static int wg_set_device(struct sk_buff *skb, struct genl_info *info) private_key); list_for_each_entry_safe(peer, temp, &wg->peer_list, peer_list) { - BUG_ON(!wg_noise_precompute_static_static(peer)); + wg_noise_precompute_static_static(peer); wg_noise_expire_current_peer_keypairs(peer); } wg_cookie_checker_precompute_device_keys(&wg->cookie_checker); |