summaryrefslogtreecommitdiffstats
path: root/src/plugins/wireguard/wireguard_noise.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/plugins/wireguard/wireguard_noise.c')
-rwxr-xr-xsrc/plugins/wireguard/wireguard_noise.c16
1 files changed, 10 insertions, 6 deletions
diff --git a/src/plugins/wireguard/wireguard_noise.c b/src/plugins/wireguard/wireguard_noise.c
index dc7d5060fe5..b47bb5747b9 100755
--- a/src/plugins/wireguard/wireguard_noise.c
+++ b/src/plugins/wireguard/wireguard_noise.c
@@ -536,7 +536,7 @@ noise_remote_ready (noise_remote_t * r)
return ret;
}
-static void
+static bool
chacha20poly1305_calc (vlib_main_t * vm,
u8 * src,
u32 src_len,
@@ -580,6 +580,8 @@ chacha20poly1305_calc (vlib_main_t * vm,
{
clib_memcpy (dst + src_len, op->tag, NOISE_AUTHTAG_LEN);
}
+
+ return (op->status == VNET_CRYPTO_OP_STATUS_COMPLETED);
}
enum noise_state_crypt
@@ -668,9 +670,10 @@ noise_remote_decrypt (vlib_main_t * vm, noise_remote_t * r, uint32_t r_idx,
/* Decrypt, then validate the counter. We don't want to validate the
* counter before decrypting as we do not know the message is authentic
* prior to decryption. */
- chacha20poly1305_calc (vm, src, srclen, dst, NULL, 0, nonce,
- VNET_CRYPTO_OP_CHACHA20_POLY1305_DEC,
- kp->kp_recv_index);
+ if (!chacha20poly1305_calc (vm, src, srclen, dst, NULL, 0, nonce,
+ VNET_CRYPTO_OP_CHACHA20_POLY1305_DEC,
+ kp->kp_recv_index))
+ goto error;
if (!noise_counter_recv (&kp->kp_ctr, nonce))
goto error;
@@ -936,8 +939,9 @@ noise_msg_decrypt (vlib_main_t * vm, uint8_t * dst, uint8_t * src,
uint8_t hash[NOISE_HASH_LEN])
{
/* Nonce always zero for Noise_IK */
- chacha20poly1305_calc (vm, src, src_len, dst, hash, NOISE_HASH_LEN, 0,
- VNET_CRYPTO_OP_CHACHA20_POLY1305_DEC, key_idx);
+ if (!chacha20poly1305_calc (vm, src, src_len, dst, hash, NOISE_HASH_LEN, 0,
+ VNET_CRYPTO_OP_CHACHA20_POLY1305_DEC, key_idx))
+ return false;
noise_mix_hash (hash, src, src_len);
return true;
}