Lines Matching defs:wgs
1299 struct wg_session *wgs;
1302 wgs = atomic_load_consume(&wgp->wgp_session_stable);
1303 if (__predict_false(atomic_load_relaxed(&wgs->wgs_state) !=
1305 wgs = NULL;
1307 psref_acquire(psref, &wgs->wgs_psref, wg_psref_class);
1310 return wgs;
1314 wg_put_session(struct wg_session *wgs, struct psref *psref)
1317 psref_release(psref, &wgs->wgs_psref, wg_psref_class);
1321 wg_destroy_session(struct wg_softc *wg, struct wg_session *wgs)
1323 struct wg_peer *wgp = wgs->wgs_peer;
1328 KASSERT(wgs->wgs_state != WGS_STATE_UNKNOWN);
1332 &wgs->wgs_local_index, sizeof(wgs->wgs_local_index));
1333 KASSERT(wgs0 == wgs);
1338 psref_target_destroy(&wgs->wgs_psref, wg_psref_class);
1347 wgs->wgs_local_index, wgs->wgs_remote_index);
1348 wgs->wgs_local_index = 0;
1349 wgs->wgs_remote_index = 0;
1350 wg_clear_states(wgs);
1351 wgs->wgs_state = WGS_STATE_UNKNOWN;
1352 wgs->wgs_force_rekey = false;
1356 * wg_get_session_index(wg, wgs)
1358 * Choose a session index for wgs->wgs_local_index, and store it
1361 * wgs must be the unstable session of its peer, and must be
1365 wg_get_session_index(struct wg_softc *wg, struct wg_session *wgs)
1367 struct wg_peer *wgp __diagused = wgs->wgs_peer;
1372 KASSERT(wgs == wgp->wgp_session_unstable);
1373 KASSERTMSG(wgs->wgs_state == WGS_STATE_UNKNOWN, "state=%d",
1374 wgs->wgs_state);
1381 wgs->wgs_local_index = index;
1383 &wgs->wgs_local_index, sizeof wgs->wgs_local_index, wgs);
1386 } while (__predict_false(wgs0 != wgs));
1390 * wg_put_session_index(wg, wgs)
1392 * Remove wgs from the table of sessions by index, wait for any
1396 * wgs must be the unstable session of its peer, and must not be
1400 wg_put_session_index(struct wg_softc *wg, struct wg_session *wgs)
1402 struct wg_peer *wgp __diagused = wgs->wgs_peer;
1405 KASSERT(wgs->wgs_state != WGS_STATE_UNKNOWN);
1406 KASSERT(wgs->wgs_state != WGS_STATE_ESTABLISHED);
1408 wg_destroy_session(wg, wgs);
1409 psref_target_init(&wgs->wgs_psref, wg_psref_class);
1436 struct wg_session *wgs, struct wg_msg_init *wgmi)
1445 KASSERT(wgs == wgp->wgp_session_unstable);
1446 KASSERTMSG(wgs->wgs_state == WGS_STATE_INIT_ACTIVE, "state=%d",
1447 wgs->wgs_state);
1450 wgmi->wgmi_sender = wgs->wgs_local_index;
1521 memcpy(wgs->wgs_ephemeral_key_pub, pubkey, sizeof(pubkey));
1522 memcpy(wgs->wgs_ephemeral_key_priv, privkey, sizeof(privkey));
1523 memcpy(wgs->wgs_handshake_hash, hash, sizeof(hash));
1524 memcpy(wgs->wgs_chaining_key, ckey, sizeof(ckey));
1525 WG_DLOG("%s: sender=%x\n", __func__, wgs->wgs_local_index);
1601 struct wg_session *wgs;
1751 wgs = wgp->wgp_session_unstable;
1752 switch (wgs->wgs_state) {
1762 wg_put_session_index(wg, wgs);
1763 KASSERTMSG(wgs->wgs_state == WGS_STATE_UNKNOWN, "state=%d",
1764 wgs->wgs_state);
1772 wg_put_session_index(wg, wgs);
1773 KASSERTMSG(wgs->wgs_state == WGS_STATE_UNKNOWN, "state=%d",
1774 wgs->wgs_state);
1780 wg_put_session_index(wg, wgs);
1781 KASSERTMSG(wgs->wgs_state == WGS_STATE_UNKNOWN, "state=%d",
1782 wgs->wgs_state);
1785 panic("invalid session state: %d", wgs->wgs_state);
1791 KASSERTMSG(wgs->wgs_state == WGS_STATE_UNKNOWN, "state=%d",
1792 wgs->wgs_state);
1793 wg_get_session_index(wg, wgs);
1795 memcpy(wgs->wgs_handshake_hash, hash, sizeof(hash));
1796 memcpy(wgs->wgs_chaining_key, ckey, sizeof(ckey));
1797 memcpy(wgs->wgs_ephemeral_key_peer, wgmi->wgmi_ephemeral,
1817 wgs->wgs_time_established = time_uptime32;
1823 wg_send_handshake_msg_resp(wg, wgp, wgs, wgmi);
1827 wgs->wgs_local_index, wgs->wgs_remote_index);
1828 wg_calculate_keys(wgs, false);
1829 wg_clear_states(wgs);
1846 wgs->wgs_local_index, wgs->wgs_remote_index);
1847 atomic_store_release(&wgs->wgs_state, WGS_STATE_INIT_PASSIVE);
1928 struct wg_session *wgs;
1932 wgs = wgp->wgp_session_unstable;
1934 switch (wgs->wgs_state) {
1947 wg_put_session_index(wg, wgs);
1948 KASSERTMSG(wgs->wgs_state == WGS_STATE_UNKNOWN, "state=%d",
1949 wgs->wgs_state);
1956 KASSERTMSG(wgs->wgs_state == WGS_STATE_UNKNOWN, "state=%d",
1957 wgs->wgs_state);
1958 wg_get_session_index(wg, wgs);
1969 wgs->wgs_local_index);
1970 atomic_store_relaxed(&wgs->wgs_state, WGS_STATE_INIT_ACTIVE);
1979 wg_fill_msg_init(wg, wgp, wgs, wgmi);
1991 wg_put_session_index(wg, wgs);
2007 struct wg_session *wgs, struct wg_msg_resp *wgmr,
2017 KASSERT(wgs == wgp->wgp_session_unstable);
2018 KASSERTMSG(wgs->wgs_state == WGS_STATE_UNKNOWN, "state=%d",
2019 wgs->wgs_state);
2021 memcpy(hash, wgs->wgs_handshake_hash, sizeof(hash));
2022 memcpy(ckey, wgs->wgs_chaining_key, sizeof(ckey));
2025 wgmr->wgmr_sender = wgs->wgs_local_index;
2045 wg_algo_dh_kdf(ckey, NULL, privkey, wgs->wgs_ephemeral_key_peer);
2092 memcpy(wgs->wgs_handshake_hash, hash, sizeof(hash));
2093 memcpy(wgs->wgs_chaining_key, ckey, sizeof(ckey));
2094 memcpy(wgs->wgs_ephemeral_key_pub, pubkey, sizeof(pubkey));
2095 memcpy(wgs->wgs_ephemeral_key_priv, privkey, sizeof(privkey));
2096 wgs->wgs_remote_index = wgmi->wgmi_sender;
2097 WG_DLOG("sender=%x\n", wgs->wgs_local_index);
2098 WG_DLOG("receiver=%x\n", wgs->wgs_remote_index);
2113 struct wg_session *wgs, *wgs_prev;
2124 wgs = wgp->wgp_session_unstable;
2125 KASSERTMSG(wgs->wgs_state == WGS_STATE_ESTABLISHED, "state=%d",
2126 wgs->wgs_state);
2145 atomic_store_release(&wgp->wgp_session_stable, wgs);
2165 wg_send_data_msg(wgp, wgs, m); /* consumes m */
2167 } else if (wgs->wgs_is_initiator) {
2168 wg_send_keepalive_msg(wgp, wgs);
2205 struct wg_session *wgs;
2225 wgs = wg_lookup_session_by_index(wg, wgmr->wgmr_receiver, &psref);
2226 if (wgs == NULL) {
2231 wgp = wgs->wgs_peer;
2236 if (wgs->wgs_state != WGS_STATE_INIT_ACTIVE) {
2275 memcpy(hash, wgs->wgs_handshake_hash, sizeof(hash));
2276 memcpy(ckey, wgs->wgs_chaining_key, sizeof(ckey));
2300 wg_algo_dh_kdf(ckey, NULL, wgs->wgs_ephemeral_key_priv,
2333 memcpy(wgs->wgs_handshake_hash, hash, sizeof(wgs->wgs_handshake_hash));
2334 memcpy(wgs->wgs_chaining_key, ckey, sizeof(wgs->wgs_chaining_key));
2335 wgs->wgs_remote_index = wgmr->wgmr_sender;
2336 WG_DLOG("receiver=%x\n", wgs->wgs_remote_index);
2347 KASSERTMSG(wgs->wgs_state == WGS_STATE_INIT_ACTIVE, "state=%d",
2348 wgs->wgs_state);
2349 wgs->wgs_time_established = time_uptime32;
2351 wgs->wgs_time_last_data_sent = 0;
2352 wgs->wgs_is_initiator = true;
2355 wgs->wgs_local_index, wgs->wgs_remote_index);
2356 wg_calculate_keys(wgs, true);
2357 wg_clear_states(wgs);
2367 wgs->wgs_local_index, wgs->wgs_remote_index);
2368 atomic_store_release(&wgs->wgs_state, WGS_STATE_ESTABLISHED);
2381 KASSERT(wgs == wgp->wgp_session_stable);
2385 wg_put_session(wgs, &psref);
2390 struct wg_session *wgs, const struct wg_msg_init *wgmi)
2397 KASSERT(wgs == wgp->wgp_session_unstable);
2398 KASSERTMSG(wgs->wgs_state == WGS_STATE_UNKNOWN, "state=%d",
2399 wgs->wgs_state);
2408 wg_fill_msg_resp(wg, wgp, wgs, wgmr, wgmi);
2548 wg_calculate_keys(struct wg_session *wgs, const bool initiator)
2551 KASSERT(mutex_owned(wgs->wgs_peer->wgp_lock));
2557 wg_algo_kdf(wgs->wgs_tkey_send, wgs->wgs_tkey_recv, NULL,
2558 wgs->wgs_chaining_key, NULL, 0);
2560 wg_algo_kdf(wgs->wgs_tkey_recv, wgs->wgs_tkey_send, NULL,
2561 wgs->wgs_chaining_key, NULL, 0);
2563 WG_DUMP_HASH("wgs_tkey_send", wgs->wgs_tkey_send);
2564 WG_DUMP_HASH("wgs_tkey_recv", wgs->wgs_tkey_recv);
2568 wg_session_get_send_counter(struct wg_session *wgs)
2571 return atomic_load_relaxed(&wgs->wgs_send_counter);
2575 mutex_enter(&wgs->wgs_send_counter_lock);
2576 send_counter = wgs->wgs_send_counter;
2577 mutex_exit(&wgs->wgs_send_counter_lock);
2584 wg_session_inc_send_counter(struct wg_session *wgs)
2587 return atomic_inc_64_nv(&wgs->wgs_send_counter) - 1;
2591 mutex_enter(&wgs->wgs_send_counter_lock);
2592 send_counter = wgs->wgs_send_counter++;
2593 mutex_exit(&wgs->wgs_send_counter_lock);
2600 wg_clear_states(struct wg_session *wgs)
2603 KASSERT(mutex_owned(wgs->wgs_peer->wgp_lock));
2605 wgs->wgs_send_counter = 0;
2606 sliwin_reset(&wgs->wgs_recvwin->window);
2608 #define wgs_clear(v) explicit_memset(wgs->wgs_##v, 0, sizeof(wgs->wgs_##v))
2621 struct wg_session *wgs;
2624 wgs = thmap_get(wg->wg_sessions_byindex, &index, sizeof index);
2625 if (wgs != NULL) {
2626 KASSERTMSG(index == wgs->wgs_local_index,
2627 "index=%"PRIx32" wgs->wgs_local_index=%"PRIx32,
2628 index, wgs->wgs_local_index);
2629 psref_acquire(psref, &wgs->wgs_psref, wg_psref_class);
2633 return wgs;
2637 wg_send_keepalive_msg(struct wg_peer *wgp, struct wg_session *wgs)
2648 wg_send_data_msg(wgp, wgs, m);
2652 wg_need_to_send_init_message(struct wg_session *wgs)
2663 return wgs->wgs_is_initiator &&
2664 atomic_load_relaxed(&wgs->wgs_time_last_data_sent) == 0 &&
2665 (time_uptime32 - wgs->wgs_time_established >=
2899 struct wg_session *wgs;
2916 wgs = wg_lookup_session_by_index(wg, wgmd->wgmd_receiver, &psref);
2917 if (wgs == NULL) {
2933 state = atomic_load_acquire(&wgs->wgs_state);
2948 age = time_uptime32 - wgs->wgs_time_established;
2959 wgp = wgs->wgs_peer;
2965 error = sliwin_check_fast(&wgs->wgs_recvwin->window,
3020 wgs->wgs_tkey_recv, le64toh(wgmd->wgmd_counter), encrypted_buf,
3032 mutex_enter(&wgs->wgs_recvwin->lock);
3033 error = sliwin_update(&wgs->wgs_recvwin->window,
3035 mutex_exit(&wgs->wgs_recvwin->lock);
3116 if (__predict_false(wg_need_to_send_init_message(wgs))) {
3128 atomic_load_relaxed(&wgs->wgs_time_last_data_sent);
3144 wg_put_session(wgs, &psref);
3153 struct wg_session *wgs;
3163 wgs = wg_lookup_session_by_index(wg, wgmc->wgmc_receiver, &psref);
3164 if (wgs == NULL) {
3170 wgp = wgs->wgs_peer;
3183 KASSERTMSG((wgs->wgs_state == WGS_STATE_INIT_ACTIVE ||
3184 wgs->wgs_state == WGS_STATE_INIT_PASSIVE),
3185 "state=%d", wgs->wgs_state);
3210 wg_put_session(wgs, &psref);
3356 struct wg_session *wgs;
3374 wgs = wgp->wgp_session_stable;
3375 if (wgs->wgs_state == WGS_STATE_ESTABLISHED &&
3376 !atomic_load_relaxed(&wgs->wgs_force_rekey))
3390 struct wg_session *wgs;
3396 wgs = wgp->wgp_session_unstable;
3397 if (wgs->wgs_state != WGS_STATE_INIT_ACTIVE)
3406 wg_put_session_index(wg, wgs);
3430 struct wg_session *wgs;
3434 wgs = wgp->wgp_session_unstable;
3435 if (wgs->wgs_state != WGS_STATE_INIT_PASSIVE)
3439 wgs->wgs_time_last_data_sent = 0;
3440 wgs->wgs_is_initiator = false;
3454 wgs->wgs_local_index, wgs->wgs_remote_index);
3455 atomic_store_relaxed(&wgs->wgs_state, WGS_STATE_ESTABLISHED);
3466 KASSERT(wgs == wgp->wgp_session_stable);
3492 struct wg_session *wgs;
3498 wgs = wgp->wgp_session_stable;
3499 if (wgs->wgs_state != WGS_STATE_ESTABLISHED)
3502 wg_send_keepalive_msg(wgp, wgs);
3508 struct wg_session *wgs;
3521 wgs = wgp->wgp_session_unstable;
3522 KASSERT(wgs->wgs_state != WGS_STATE_ESTABLISHED);
3523 if (wgs->wgs_state == WGS_STATE_DESTROYING &&
3524 ((age = (time_uptime32 - wgs->wgs_time_established)) >=
3527 wg_put_session_index(wg, wgs);
3528 KASSERTMSG(wgs->wgs_state == WGS_STATE_UNKNOWN, "state=%d",
3529 wgs->wgs_state);
3537 wgs = wgp->wgp_session_stable;
3538 KASSERT(wgs->wgs_state != WGS_STATE_INIT_ACTIVE);
3539 KASSERT(wgs->wgs_state != WGS_STATE_INIT_PASSIVE);
3540 KASSERT(wgs->wgs_state != WGS_STATE_DESTROYING);
3541 if (wgs->wgs_state == WGS_STATE_ESTABLISHED &&
3542 ((age = (time_uptime32 - wgs->wgs_time_established)) >=
3545 atomic_store_relaxed(&wgs->wgs_state, WGS_STATE_DESTROYING);
3546 wg_put_session_index(wg, wgs);
3547 KASSERTMSG(wgs->wgs_state == WGS_STATE_UNKNOWN, "state=%d",
3548 wgs->wgs_state);
3772 wg_session_hit_limits(struct wg_session *wgs)
3782 KASSERT(wgs->wgs_time_established != 0 || time_uptime > UINT32_MAX);
3783 if (time_uptime32 - wgs->wgs_time_established > wg_reject_after_time) {
3786 } else if (wg_session_get_send_counter(wgs) >
3799 struct wg_session *wgs;
3805 if ((wgs = wg_get_stable_session(wgp, &psref)) == NULL) {
3830 if (__predict_false(wg_session_hit_limits(wgs))) {
3837 atomic_store_relaxed(&wgs->wgs_force_rekey,
3848 wg_send_data_msg(wgp, wgs, m);
3850 next1: wg_put_session(wgs, &psref);
3907 struct wg_session *wgs;
3912 wgs = wgp->wgp_session_stable;
3913 wgs->wgs_peer = wgp;
3914 wgs->wgs_state = WGS_STATE_UNKNOWN;
3915 psref_target_init(&wgs->wgs_psref, wg_psref_class);
3917 mutex_init(&wgs->wgs_send_counter_lock, MUTEX_DEFAULT, IPL_SOFTNET);
3919 wgs->wgs_recvwin = kmem_zalloc(sizeof(*wgs->wgs_recvwin), KM_SLEEP);
3920 mutex_init(&wgs->wgs_recvwin->lock, MUTEX_DEFAULT, IPL_SOFTNET);
3922 wgs = wgp->wgp_session_unstable;
3923 wgs->wgs_peer = wgp;
3924 wgs->wgs_state = WGS_STATE_UNKNOWN;
3925 psref_target_init(&wgs->wgs_psref, wg_psref_class);
3927 mutex_init(&wgs->wgs_send_counter_lock, MUTEX_DEFAULT, IPL_SOFTNET);
3929 wgs->wgs_recvwin = kmem_zalloc(sizeof(*wgs->wgs_recvwin), KM_SLEEP);
3930 mutex_init(&wgs->wgs_recvwin->lock, MUTEX_DEFAULT, IPL_SOFTNET);
3938 struct wg_session *wgs;
3971 wgs = wgp->wgp_session_unstable;
3972 if (wgs->wgs_state != WGS_STATE_UNKNOWN) {
3974 wg_destroy_session(wg, wgs);
3977 mutex_destroy(&wgs->wgs_recvwin->lock);
3978 kmem_free(wgs->wgs_recvwin, sizeof(*wgs->wgs_recvwin));
3980 mutex_destroy(&wgs->wgs_send_counter_lock);
3982 kmem_free(wgs, sizeof(*wgs));
3984 wgs = wgp->wgp_session_stable;
3985 if (wgs->wgs_state != WGS_STATE_UNKNOWN) {
3987 wg_destroy_session(wg, wgs);
3990 mutex_destroy(&wgs->wgs_recvwin->lock);
3991 kmem_free(wgs->wgs_recvwin, sizeof(*wgs->wgs_recvwin));
3993 mutex_destroy(&wgs->wgs_send_counter_lock);
3995 kmem_free(wgs, sizeof(*wgs));
4314 struct wg_session *wgs, struct wg_msg_data *wgmd)
4319 wgmd->wgmd_receiver = wgs->wgs_remote_index;
4322 wgmd->wgmd_counter = htole64(wg_session_inc_send_counter(wgs));
4466 wg_send_data_msg(struct wg_peer *wgp, struct wg_session *wgs, struct mbuf *m)
4508 wg_fill_msg_data(wg, wgp, wgs, wgmd);
4512 wgs->wgs_tkey_send, le64toh(wgmd->wgmd_counter),
4545 atomic_store_relaxed(&wgs->wgs_time_last_data_sent, MAX(now, 1));
4550 if (wgs->wgs_is_initiator &&
4551 now - wgs->wgs_time_established >= wg_rekey_after_time) {
4561 atomic_store_relaxed(&wgs->wgs_force_rekey, true);
4568 if (wg_session_get_send_counter(wgs) >= wg_rekey_after_messages) {
4577 atomic_store_relaxed(&wgs->wgs_force_rekey, true);