kmwebnet/se050-wireguard
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: Additional WireGuard bugs

Browse Source 
Bug 3: wg_hkdf_3 implementation
- Added proper T(3) = HMAC(PRK, T(2) || 0x03)

Bug 4: Nonce construction - verified correct
- Encrypt: memcpy(nonce_buf + 4, header + 8, 8) ✓
- Decrypt: memcpy(nonce_buf + 4, packet + 8, 8) ✓
- Both use little-endian nonce bytes from header[8..15]

Bug 5: Replay detection logic
- Fixed: if (session->packets_received > 0 && nonce <= session->receiving_nonce)
- Added packets_received counter to session struct
- Now strictly rejects any nonce <= last received nonce

Test results: 29 passed, 3 failed
Remaining failures in packet encryption/decryption need further investigation.
This commit is contained in:
km
2026-03-28 20:45:00 +09:00
parent cbcfba7347
commit 63bc460db4
2 changed files with 28 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files
include/se050_wireguard.h
+1
View File
@@ -51,6 +51,7 @@ typedef struct se050_wireguard_session {
/* State flags */
int is_initiator;
int handshake_complete;
int packets_received; /* Number of packets received (for replay detection) */
} se050_wireguard_session_t;
/* =========================================================================