diff options
Diffstat (limited to 'drivers/net/wireguard/receive.c')
-rw-r--r-- | drivers/net/wireguard/receive.c | 66 |
1 files changed, 0 insertions, 66 deletions
diff --git a/drivers/net/wireguard/receive.c b/drivers/net/wireguard/receive.c index da3b782..4daa1b7 100644 --- a/drivers/net/wireguard/receive.c +++ b/drivers/net/wireguard/receive.c @@ -246,58 +246,6 @@ static void keep_key_fresh(struct wg_peer *peer) } } -static bool decrypt_packet(struct sk_buff *skb, struct noise_symmetric_key *key) -{ - struct scatterlist sg[MAX_SKB_FRAGS + 8]; - struct sk_buff *trailer; - unsigned int offset; - int num_frags; - - if (unlikely(!key)) - return false; - - if (unlikely(!READ_ONCE(key->is_valid) || - wg_birthdate_has_expired(key->birthdate, REJECT_AFTER_TIME) || - key->counter.receive.counter >= REJECT_AFTER_MESSAGES)) { - WRITE_ONCE(key->is_valid, false); - return false; - } - - PACKET_CB(skb)->nonce = - le64_to_cpu(((struct message_data *)skb->data)->counter); - - /* We ensure that the network header is part of the packet before we - * call skb_cow_data, so that there's no chance that data is removed - * from the skb, so that later we can extract the original endpoint. - */ - offset = skb->data - skb_network_header(skb); - skb_push(skb, offset); - num_frags = skb_cow_data(skb, 0, &trailer); - offset += sizeof(struct message_data); - skb_pull(skb, offset); - if (unlikely(num_frags < 0 || num_frags > ARRAY_SIZE(sg))) - return false; - - sg_init_table(sg, num_frags); - if (skb_to_sgvec(skb, sg, 0, skb->len) <= 0) - return false; - - if (!chacha20poly1305_decrypt_sg_inplace(sg, skb->len, NULL, 0, - PACKET_CB(skb)->nonce, - key->key)) - return false; - - /* Another ugly situation of pushing and pulling the header so as to - * keep endpoint information intact. - */ - skb_push(skb, offset); - if (pskb_trim(skb, skb->len - noise_encrypted_len(0))) - return false; - skb_pull(skb, offset); - - return true; -} - /* This is RFC6479, a replay detection bitmap algorithm that avoids bitshifts */ static bool counter_validate(union noise_counter *counter, u64 their_counter) { @@ -507,20 +455,6 @@ next: return work_done; } -void wg_packet_decrypt_worker(struct work_struct *work) -{ - struct crypt_queue *queue = container_of(work, struct multicore_worker, - work)->ptr; - struct sk_buff *skb; - - while ((skb = ptr_ring_consume_bh(&queue->ring)) != NULL) { - enum packet_state state = likely(decrypt_packet(skb, - &PACKET_CB(skb)->keypair->receiving)) ? - PACKET_STATE_CRYPTED : PACKET_STATE_DEAD; - wg_queue_enqueue_per_peer_napi(skb, state); - } -} - static void wg_packet_consume_data(struct wg_device *wg, struct sk_buff *skb) { __le32 idx = ((struct message_data *)skb->data)->key_idx; |