Commit graph

412 commits

Author SHA1 Message Date
Jason A. Donenfeld 0e6fe9a548 contrib: embedded-wg-library: add key generation functions
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-03-02 16:42:29 +01:00
Jason A. Donenfeld 295c9ff274 contrib: embedded-wg-library: add ability to add and del interfaces
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-02-21 02:53:06 +01:00
Jason A. Donenfeld d29e0bad7d wg: fixup errno handling
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-02-17 20:15:49 +01:00
Jason A. Donenfeld ca5d2708e0 wg: FreeBSD doesn't have EAI_NODATA
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-02-17 19:30:05 +01:00
Jason A. Donenfeld 5ecc49a62f wg: do not collide types with libc clashes
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-02-17 18:58:31 +01:00
Jason A. Donenfeld 2f42abeb56 contrib: add embeddable wireguard library
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-02-17 05:55:03 +01:00
Jason A. Donenfeld 186df55998 wg(8): clarify phrasing
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-02-17 05:55:03 +01:00
Jason A. Donenfeld 437116f238 wg: allow in-line comments
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-02-17 05:55:03 +01:00
Jason A. Donenfeld cc8a25e2f6 external-tests: update go version
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-02-15 13:12:28 +01:00
Jason A. Donenfeld 186272048d wg: normalize strncpy/snprintf usage
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-02-14 23:21:11 +01:00
Jason A. Donenfeld 725258b9e3 wg-quick: match from beginning rather than shift right
Before, this meant that it simply took the last 15 characters, instead
of erroring out when there's more than 15 chars.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-02-06 12:52:09 +01:00
Jason A. Donenfeld 5be1ce2aab wg: endian.h is not portable
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-02-05 12:26:28 +01:00
Jason A. Donenfeld 7b0fc75a17 keygen-html: fix up copyright
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-02-02 22:03:11 +01:00
Jason A. Donenfeld bee5bbb6f3 curve25519: replace fiat64 with faster hacl64
This reverts commit da4ff396cc5d5e0ff21f9ecbc2f951c048c63fff and adds
some optimizations to hacl64.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-02-01 19:51:50 +01:00
Jason A. Donenfeld 40ae0e0bba curve25519: replace hacl64 with fiat64
For now, it's faster:

hacl64: 109782 cycles per call
fiat64: 108984 cycles per call

It's quite possible this commit will be reverted with nice changes from
INRIA, though.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-02-01 19:51:50 +01:00
Jason A. Donenfeld bc3f283148 wg: dedup secret normalization
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-01-31 15:58:17 +01:00
Jason A. Donenfeld 1e5d6b9a66 wg: fread doesn't change errno
Thus we might be responding to an old errno, which could cause this to
unnecessarily fail.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-01-30 14:46:34 +01:00
Jason A. Donenfeld 17e7c34d38 contrib: keygen-html: share curve25519 implementation with kernel
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-01-23 11:55:44 +01:00
Jason A. Donenfeld b0d41e8b10 wg: share curve25519 implementations with kernel
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-01-23 11:55:44 +01:00
Jason A. Donenfeld 5306604aa5 curve25519-fiat32: uninline certain functions
While this has a negative performance impact on x86_64, it has a
positive performance impact on smaller machines, which is where we're
actually using this code. For example, an A53:

Before: fiat32: 228605 cycles per call
After: fiat32: 188307 cycles per call
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-01-18 20:14:27 +01:00
Jason A. Donenfeld d68293b8a3 contrib: keygen-html: update curve25519 implementation
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-01-18 13:28:16 +01:00
Jason A. Donenfeld feea1e6f30 wg: import new curve25519 implementations
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-01-18 13:28:16 +01:00
Jason A. Donenfeld 723abc5098 wg: plug memleak in config error path
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-01-18 11:26:09 +01:00
Piotr Lizończyk b0d5a8d27c external-tests: add python implementation
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-01-11 14:54:30 +01:00
Jason A. Donenfeld 7fc4c0af45 wg-quick: ifnames have max len of 15
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-01-10 02:51:01 +01:00
Jason A. Donenfeld 9207dec08f global: year bump
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-01-03 21:58:00 +01:00
Jason A. Donenfeld 5536e6de46 wg-quick: dumber matching for default routes
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2017-12-13 16:28:39 +01:00
Luis Ressel 31d8ebcd2a wg-quick: add the "Table" config option
* Table=auto (default) selects the current behaviour
* Table=off disables creation of routes altogether
* All other values are passed through to "ip route add"'s table option

Signed-off-by: Luis Ressel <aranea@aixah.de>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2017-12-13 16:28:39 +01:00
Jason A. Donenfeld 89b983fa22 keygen-html: remove prebuilt file
We also reduce the optimization level, just in case, but add closure
compiler into the mix.

Suggested-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2017-12-12 01:18:30 +01:00
Greg Kroah-Hartman 01d00bc035 global: add SPDX tags to all files
It's good to have SPDX identifiers in all files as the Linux kernel
developers are working to add these identifiers to all files.

Update all files with the correct SPDX license identifier based on the license
text of the project or based on the license in the file itself.  The SPDX
identifier is a legally binding shorthand, which can be used instead of the
full boiler plate text.

Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Modified-by: Jason A. Donenfeld <Jason@zx2c4.com>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2017-12-09 22:29:28 +01:00
Jason A. Donenfeld f583209935 wg: no need to put this on the stack
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2017-12-03 15:07:52 +01:00
Jason A. Donenfeld 8bf100a25b wg: remove undocumented unused syntax
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2017-12-03 15:07:52 +01:00
Jason A. Donenfeld bee819f289 contrib: keygen-html for generating keys in the browser
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2017-12-03 15:07:52 +01:00
Jason A. Donenfeld 30cf5eb883 wg: fix removing preshared keys
Also clean up related logic quite a bit and add unit tests.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2017-11-23 11:09:12 +01:00
Jason A. Donenfeld bc1f6be5db global: switch from timeval to timespec
This gets us nanoseconds instead of microseconds, which is better, and
we can do this pretty much without freaking out existing userspace,
which doesn't actually make use of the nano/micro seconds field:

zx2c4@thinkpad ~ $ cat a.c
void main()
{
        puts(sizeof(struct timeval) == sizeof(struct timespec) ? "success" : "failure");
}
zx2c4@thinkpad ~ $ gcc a.c -m64 && ./a.out
success
zx2c4@thinkpad ~ $ gcc a.c -m32 && ./a.out
success

This doesn't solve y2038 problem, but timespec64 isn't yet a thing in
userspace.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2017-11-22 18:32:48 +01:00
Jason A. Donenfeld 08ce3b2426 wg: tighten up strtoul parsing
Reported-by: Cedric Buxin <cedric.buxin@izri.org>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2017-11-17 14:06:18 +01:00
Jason A. Donenfeld be4597e10f wg-quick: document localhost exception and v6 rule
Reported-by: Hermann Lienstromberg <nurtic-vibe@grmml.net>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2017-11-12 00:57:44 +09:00
Jason A. Donenfeld e77a77a805 wg: allow for NULL keys everywhere
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2017-11-11 12:30:49 +09:00
Jason A. Donenfeld e7923ba775 wg: remove ioctl cruft
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2017-11-11 12:19:55 +09:00
Jason A. Donenfeld e0775354bd wg-quick: allow for tabs in keys
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2017-11-10 16:20:09 +09:00
Jason A. Donenfeld d8ad40da25 wg-quick: stat the correct enclosing folder of config file
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2017-11-10 16:20:09 +09:00
Jason A. Donenfeld 753dc179b6 wg-quick: save all hooks on save
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2017-11-01 00:55:19 +01:00
Jason A. Donenfeld 6e313371cc wg-quick: fsync the temporary file before renaming
This ensures that on an unclean shutdown, we either see the old content
or the new content, but not empty content.

Suggested-by: Ka Ho Ng <ngkaho1234@gmail.com>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2017-10-31 18:13:31 +01:00
Jason A. Donenfeld eb181e811c wg-quick: allow for saving existing interface
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2017-10-31 17:51:38 +01:00
Jason A. Donenfeld 225882ccc4 contrib: add reresolve-dns
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2017-10-31 17:25:23 +01:00
Jason A. Donenfeld 2207025c2f wg: correct type for CTRL_ATTR_FAMILY_ID
Suggested-by: Jörg Thalheim <joerg@thalheim.io>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2017-10-31 17:25:23 +01:00
Jason A. Donenfeld d30d9630b6 wg-quick: allow for the hatchet, but not by default
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2017-10-31 17:25:23 +01:00
Jason A. Donenfeld 9bcb48eacd wg-quick: remember to rewind DNS settings on failure
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2017-10-31 17:25:23 +01:00
Jason A. Donenfeld 17f9548182 wg-quick: allow specifiying multiple hooks
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2017-10-31 17:25:23 +01:00
Jason A. Donenfeld b1dd8d711e global: style nits
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2017-10-31 17:25:23 +01:00