device: give handshake state a type

And unexport handshake constants. Signed-off-by: David Crawshaw <crawshaw@tailscale.com>
2020-03-04 20:58:39 -05:00 · 2020-03-04 20:58:39 -05:00 · de374bfb44
commit de374bfb44
parent 1a1c3d0968
1 changed files with 38 additions and 17 deletions
--- a/device/noise-protocol.go
+++ b/device/noise-protocol.go
@ -7,6 +7,7 @@ package device
 import (
 	"errors"
 	"fmt"
 	"sync"
 	"time"
@ -16,14 +17,34 @@ import (
 	"golang.zx2c4.com/wireguard/tai64n"
 )
 type handshakeState int
 // TODO(crawshaw): add commentary describing each state and the transitions
 const (
-	HandshakeZeroed = iota
+	handshakeZeroed = handshakeState(iota)
-	HandshakeInitiationCreated
+	handshakeInitiationCreated
-	HandshakeInitiationConsumed
+	handshakeInitiationConsumed
-	HandshakeResponseCreated
+	handshakeResponseCreated
-	HandshakeResponseConsumed
+	handshakeResponseConsumed
 )
 func (hs handshakeState) String() string {
 	switch hs {
 	case handshakeZeroed:
 		return "handshakeZeroed"
 	case handshakeInitiationCreated:
 		return "handshakeInitiationCreated"
 	case handshakeInitiationConsumed:
 		return "handshakeInitiationConsumed"
 	case handshakeResponseCreated:
 		return "handshakeResponseCreated"
 	case handshakeResponseConsumed:
 		return "handshakeResponseConsumed"
 	default:
 		return fmt.Sprintf("Handshake(UNKNOWN:%d)", int(hs))
 	}
 }
 const (
 	NoiseConstruction = "Noise_IKpsk2_25519_ChaChaPoly_BLAKE2s"
 	WGIdentifier      = "WireGuard v1 zx2c4 Jason@zx2c4.com"
@ -95,7 +116,7 @@ type MessageCookieReply struct {
 }
 type Handshake struct {
-	state                     int
+	state                     handshakeState
 	mutex                     sync.RWMutex
 	hash                      [blake2s.Size]byte       // hash value
 	chainKey                  [blake2s.Size]byte       // chain key
@ -135,7 +156,7 @@ func (h *Handshake) Clear() {
 	setZero(h.chainKey[:])
 	setZero(h.hash[:])
 	h.localIndex = 0
-	h.state = HandshakeZeroed
+	h.state = handshakeZeroed
 }
 func (h *Handshake) mixHash(data []byte) {
@ -221,7 +242,7 @@ func (device *Device) CreateMessageInitiation(peer *Peer) (*MessageInitiation, e
 	handshake.localIndex = msg.Sender
 	handshake.mixHash(msg.Timestamp[:])
-	handshake.state = HandshakeInitiationCreated
+	handshake.state = handshakeInitiationCreated
 	return &msg, nil
 }
@ -316,7 +337,7 @@ func (device *Device) ConsumeMessageInitiation(msg *MessageInitiation) *Peer {
 	if now.After(handshake.lastInitiationConsumption) {
 		handshake.lastInitiationConsumption = now
 	}
-	handshake.state = HandshakeInitiationConsumed
+	handshake.state = handshakeInitiationConsumed
 	handshake.mutex.Unlock()
@ -331,7 +352,7 @@ func (device *Device) CreateMessageResponse(peer *Peer) (*MessageResponse, error
 	handshake.mutex.Lock()
 	defer handshake.mutex.Unlock()
-	if handshake.state != HandshakeInitiationConsumed {
+	if handshake.state != handshakeInitiationConsumed {
 		return nil, errors.New("handshake initiation must be consumed first")
 	}
@ -387,7 +408,7 @@ func (device *Device) CreateMessageResponse(peer *Peer) (*MessageResponse, error
 		handshake.mixHash(msg.Empty[:])
 	}()
-	handshake.state = HandshakeResponseCreated
+	handshake.state = handshakeResponseCreated
 	return &msg, nil
 }
@ -417,7 +438,7 @@ func (device *Device) ConsumeMessageResponse(msg *MessageResponse) *Peer {
 		handshake.mutex.RLock()
 		defer handshake.mutex.RUnlock()
-		if handshake.state != HandshakeInitiationCreated {
+		if handshake.state != handshakeInitiationCreated {
 			return false
 		}
@ -478,7 +499,7 @@ func (device *Device) ConsumeMessageResponse(msg *MessageResponse) *Peer {
 	handshake.hash = hash
 	handshake.chainKey = chainKey
 	handshake.remoteIndex = msg.Sender
-	handshake.state = HandshakeResponseConsumed
+	handshake.state = handshakeResponseConsumed
 	handshake.mutex.Unlock()
@ -503,7 +524,7 @@ func (peer *Peer) BeginSymmetricSession() error {
 	var sendKey [chacha20poly1305.KeySize]byte
 	var recvKey [chacha20poly1305.KeySize]byte
-	if handshake.state == HandshakeResponseConsumed {
+	if handshake.state == handshakeResponseConsumed {
 		KDF2(
 			&sendKey,
 			&recvKey,
@ -511,7 +532,7 @@ func (peer *Peer) BeginSymmetricSession() error {
 			nil,
 		)
 		isInitiator = true
-	} else if handshake.state == HandshakeResponseCreated {
+	} else if handshake.state == handshakeResponseCreated {
 		KDF2(
 			&recvKey,
 			&sendKey,
@ -520,7 +541,7 @@ func (peer *Peer) BeginSymmetricSession() error {
 		)
 		isInitiator = false
 	} else {
-		return errors.New("invalid state for keypair derivation")
+		return fmt.Errorf("invalid state for keypair derivation: %v", handshake.state)
 	}
 	// zero handshake
@ -528,7 +549,7 @@ func (peer *Peer) BeginSymmetricSession() error {
 	setZero(handshake.chainKey[:])
 	setZero(handshake.hash[:]) // Doesn't necessarily need to be zeroed. Could be used for something interesting down the line.
 	setZero(handshake.localEphemeral[:])
-	peer.handshake.state = HandshakeZeroed
+	peer.handshake.state = handshakeZeroed
 	// create AEAD instances