opensourcemirror
/
WireGuard
mirror of https://git.zx2c4.com/WireGuard
1
0
Fork 0
Code Issues Releases Wiki Activity

noise: compute timestamps from a given base time

This commit is contained in:
Jason A. Donenfeld 2019-02-04 04:38:28 +01:00
parent 897548e927
commit b783d49467
2 changed files with 18 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

27
src/noise.c
View File

@ -447,23 +447,30 @@ static void message_ephemeral(u8 ephemeral_dst[NOISE_PUBLIC_KEY_LEN],
NOISE_PUBLIC_KEY_LEN, chaining_key);
}
static void tai64n_now(u8 output[NOISE_TIMESTAMP_LEN])
static void time_or_monotonic(u8 output[NOISE_TIMESTAMP_LEN],
struct noise_handshake *handshake)
{
struct timespec64 now;
ktime_get_real_ts64(&now);
/* In order to prevent some sort of infoleak from precise timers, we
* round down the nanoseconds part to the closest rounded-down power of
* two to the maximum initiations per second allowed anyway by the
* implementation.
*/
now.tv_nsec = ALIGN_DOWN(now.tv_nsec,
rounddown_pow_of_two(NSEC_PER_SEC / INITIATIONS_PER_SECOND));
ktime_t now = ns_to_ktime(ALIGN_DOWN(ktime_get_real_ns(),
rounddown_pow_of_two(NSEC_PER_SEC / INITIATIONS_PER_SECOND)));
struct timespec64 stamp;
if (unlikely(!handshake->base_time)) {
handshake->base_time = now;
} else {
handshake->base_time = ktime_add_ns(handshake->base_time, 1);
if (unlikely(ktime_after(handshake->base_time, now)))
handshake->base_time = now;
}
stamp = ktime_to_timespec64(handshake->base_time);
/* https://cr.yp.to/libtai/tai64.html */
*(__be64 *)output = cpu_to_be64(0x400000000000000aULL + now.tv_sec);
*(__be32 *)(output + sizeof(__be64)) = cpu_to_be32(now.tv_nsec);
*(__be64 *)output = cpu_to_be64(0x400000000000000aULL + stamp.tv_sec);
*(__be32 *)(output + sizeof(__be64)) = cpu_to_be32(stamp.tv_nsec);
}
bool
@ -516,7 +523,7 @@ wg_noise_handshake_create_initiation(struct message_handshake_initiation *dst,
handshake->chaining_key);
/* {t} */
tai64n_now(timestamp);
time_or_monotonic(timestamp, handshake);
message_encrypt(dst->encrypted_timestamp, timestamp,
NOISE_TIMESTAMP_LEN, key, handshake->hash);

1
src/noise.h
View File

@ -83,6 +83,7 @@ struct noise_handshake {
u8 hash[NOISE_HASH_LEN];
u8 chaining_key[NOISE_HASH_LEN];
ktime_t base_time;
u8 latest_timestamp[NOISE_TIMESTAMP_LEN];
__le32 remote_index;