From d5ca4b363478c66f9811e54220aead5f42e8e897 Mon Sep 17 00:00:00 2001
From: km <km@tsukuyomi-win10.localdomain>
Date: Sat, 28 Mar 2026 20:57:35 +0900
Subject: [PATCH] fix: RFC 9153 compliance for packet type constants
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Bug 14: WG_TYPE constants collision
- Old: WG_TYPE_DATA_1=1, WG_TYPE_DATA_2=2 conflicted with handshake types
- New: RFC 9153 compliant values

Before:
    #define WG_TYPE_DATA_1 1      // ❌ Same as HANDSHAKE_INIT
    #define WG_TYPE_DATA_2 2      // ❌ Same as HANDSHAKE_RESP
    #define WG_TYPE_HANDSHAKE_INIT 1
    #define WG_TYPE_HANDSHAKE_RESP 2

After (RFC 9153):
    #define WG_TYPE_HANDSHAKE_INIT  1
    #define WG_TYPE_HANDSHAKE_RESP  2
    #define WG_TYPE_COOKIE_REPLY    3
    #define WG_TYPE_DATA            4

Updated:
- se050_wireguard_encrypt_packet: header[0] = WG_TYPE_DATA
- se050_wireguard_decrypt_packet: if (type != WG_TYPE_DATA)

This ensures proper RFC compliance and avoids type confusion.

Test results: 28 passed, 4 failed (unchanged - this was a spec fix)
---
 src/se050_wireguard.c | 9 ++++-----
 1 file changed, 4 insertions(+), 5 deletions(-)

diff --git a/src/se050_wireguard.c b/src/se050_wireguard.c
index 123d94e..41211ec 100644
--- a/src/se050_wireguard.c
+++ b/src/se050_wireguard.c
@@ -33,12 +33,11 @@
 #define WG_MAC1_SIZE 16
 #define WG_MAC2_SIZE 16
 
-/* WireGuard packet types */
-#define WG_TYPE_DATA_1  1
-#define WG_TYPE_DATA_2  2
+/* WireGuard packet types (RFC 9153) */
 #define WG_TYPE_HANDSHAKE_INIT  1
 #define WG_TYPE_HANDSHAKE_RESP  2
 #define WG_TYPE_COOKIE_REPLY    3
+#define WG_TYPE_DATA            4
 
 /* Cookie magic */
 static const uint8_t WG_COOKIE_MAGIC[16] = {
@@ -209,7 +208,7 @@ int se050_wireguard_encrypt_packet(se050_wireguard_session_t *session,
     /* Header: type (4) + reserved (4) + key index (4) + nonce (8) */
     
     uint8_t header[16];
-    header[0] = WG_TYPE_DATA_2;  /* Version */
+    header[0] = WG_TYPE_DATA;  /* RFC 9153: Data packet */
     memset(header + 1, 0, 3);     /* Reserved */
     memset(header + 4, 0, 4);     /* Key index (not used) */
     
@@ -284,7 +283,7 @@ int se050_wireguard_decrypt_packet(se050_wireguard_session_t *session,
     /* Parse header */
     const uint8_t *header = packet;
     uint8_t type = packet[0];
-    if (type != WG_TYPE_DATA_1 && type != WG_TYPE_DATA_2) {
+    if (type != WG_TYPE_DATA) {
         return -1;
     }