diff options
| author |   Neale Ranns <nranns@cisco.com> | 2020-09-10 08:49:10 +0000 |
|---|---|---|
| committer |   Damjan Marion <dmarion@me.com> | 2020-09-12 08:20:59 +0000 |
| commit | d75a2d12c431fcffba2a2b4d59f18c9cec483ed9 (patch) | |
| tree | ac99425efe96e7a6a88e9cc25c7479e64e4c5ea1 /src/plugins/wireguard/wireguard_noise.c | |
| parent | 8c6ba2957c985a1670e9fca6bc869008e6722364 (diff) | |
wireguard: Fix for tunnel encap
Type: fix
add UT for sneding handshale init and transport packets
Signed-off-by: Neale Ranns <nranns@cisco.com>
Change-Id: Iab1ed8864c666d5a0ae0b2364a9ca4de3c8770dc
Diffstat (limited to 'src/plugins/wireguard/wireguard_noise.c')
| -rwxr-xr-x | src/plugins/wireguard/wireguard_noise.c | 16 |
1 files changed, 10 insertions, 6 deletions
diff --git a/src/plugins/wireguard/wireguard_noise.c b/src/plugins/wireguard/wireguard_noise.c index dc7d5060fe5..b47bb5747b9 100755 --- a/src/plugins/wireguard/wireguard_noise.c +++ b/src/plugins/wireguard/wireguard_noise.c @@ -536,7 +536,7 @@ noise_remote_ready (noise_remote_t * r) return ret; } -static void +static bool chacha20poly1305_calc (vlib_main_t * vm, u8 * src, u32 src_len, @@ -580,6 +580,8 @@ chacha20poly1305_calc (vlib_main_t * vm, { clib_memcpy (dst + src_len, op->tag, NOISE_AUTHTAG_LEN); } + + return (op->status == VNET_CRYPTO_OP_STATUS_COMPLETED); } enum noise_state_crypt @@ -668,9 +670,10 @@ noise_remote_decrypt (vlib_main_t * vm, noise_remote_t * r, uint32_t r_idx, /* Decrypt, then validate the counter. We don't want to validate the * counter before decrypting as we do not know the message is authentic * prior to decryption. */ - chacha20poly1305_calc (vm, src, srclen, dst, NULL, 0, nonce, - VNET_CRYPTO_OP_CHACHA20_POLY1305_DEC, - kp->kp_recv_index); + if (!chacha20poly1305_calc (vm, src, srclen, dst, NULL, 0, nonce, + VNET_CRYPTO_OP_CHACHA20_POLY1305_DEC, + kp->kp_recv_index)) + goto error; if (!noise_counter_recv (&kp->kp_ctr, nonce)) goto error; @@ -936,8 +939,9 @@ noise_msg_decrypt (vlib_main_t * vm, uint8_t * dst, uint8_t * src, uint8_t hash[NOISE_HASH_LEN]) { /* Nonce always zero for Noise_IK */ - chacha20poly1305_calc (vm, src, src_len, dst, hash, NOISE_HASH_LEN, 0, - VNET_CRYPTO_OP_CHACHA20_POLY1305_DEC, key_idx); + if (!chacha20poly1305_calc (vm, src, src_len, dst, hash, NOISE_HASH_LEN, 0, + VNET_CRYPTO_OP_CHACHA20_POLY1305_DEC, key_idx)) + return false; noise_mix_hash (hash, src, src_len); return true; } |