github.com/google/syzkaller@v0.0.0-20240517125934-c0f1611a36d6/sys/linux/socket_netlink_generic_wireguard.txt (about) 1 # Copyright 2020 syzkaller project authors. All rights reserved. 2 # Use of this source code is governed by Apache 2 LICENSE that can be found in the LICENSE file. 3 4 include <linux/net.h> 5 include <linux/socket.h> 6 include <uapi/asm-generic/socket.h> 7 include <uapi/linux/if.h> 8 include <uapi/linux/netlink.h> 9 include <uapi/linux/genetlink.h> 10 include <uapi/linux/wireguard.h> 11 include <drivers/net/wireguard/messages.h> 12 13 resource wireguard_ifindex[ifindex] 14 resource genl_wireguard_family_id[int16] 15 16 type msghdr_wireguard[CMD] msghdr_netlink[netlink_msg_t[genl_wireguard_family_id, genlmsghdr_t[CMD], device_policy]] 17 18 syz_genetlink_get_family_id$wireguard(name ptr[in, string["wireguard"]], fd sock_nl_generic) genl_wireguard_family_id 19 20 sendmsg$WG_CMD_GET_DEVICE(fd sock_nl_generic, msg ptr[in, msghdr_wireguard[WG_CMD_GET_DEVICE]], f flags[send_flags]) 21 sendmsg$WG_CMD_SET_DEVICE(fd sock_nl_generic, msg ptr[in, msghdr_wireguard[WG_CMD_SET_DEVICE]], f flags[send_flags]) 22 23 setsockopt$SO_BINDTODEVICE_wg(fd sock, level const[SOL_SOCKET], optname const[SO_BINDTODEVICE], optval ptr[in, string[wireguard_devname]], optlen len[optval]) 24 25 ioctl$ifreq_SIOCGIFINDEX_wireguard(fd sock, cmd const[SIOCGIFINDEX], arg ptr[out, ifreq_dev_t[wireguard_devname, wireguard_ifindex]]) 26 27 device_policy [ 28 WGDEVICE_A_IFINDEX nlattr[WGDEVICE_A_IFINDEX, wireguard_ifindex] 29 WGDEVICE_A_IFNAME nlattr[WGDEVICE_A_IFNAME, string[wireguard_devname, IFNAMSIZ]] 30 WGDEVICE_A_PRIVATE_KEY nlattr[WGDEVICE_A_PRIVATE_KEY, wireguard_private_key] 31 WGDEVICE_A_FLAGS nlattr[WGDEVICE_A_FLAGS, flags[wgdevice_flag, int32]] 32 WGDEVICE_A_LISTEN_PORT nlattr[WGDEVICE_A_LISTEN_PORT, sock_port] 33 WGDEVICE_A_FWMARK nlattr[WGDEVICE_A_FWMARK, int32] 34 WGDEVICE_A_PEERS nlnest[WGDEVICE_A_PEERS, array[nlnest[0, array[peer_policy]]]] 35 ] [varlen] 36 37 peer_policy [ 38 WGPEER_A_PUBLIC_KEY nlattr[WGPEER_A_PUBLIC_KEY, wireguard_public_key] 39 WGPEER_A_PRESHARED_KEY nlattr[WGPEER_A_PRESHARED_KEY, array[int8, NOISE_SYMMETRIC_KEY_LEN]] 40 WGPEER_A_FLAGS nlattr[WGPEER_A_FLAGS, flags[wgpeer_flag, int32]] 41 WGPEER_A_ENDPOINT4 nlattr[WGPEER_A_ENDPOINT, sockaddr_in] 42 WGPEER_A_ENDPOINT6 nlattr[WGPEER_A_ENDPOINT, sockaddr_in6] 43 WGPEER_A_PERSISTENT_KEEPALIVE_INTERVAL nlattr[WGPEER_A_PERSISTENT_KEEPALIVE_INTERVAL, int16] 44 WGPEER_A_ALLOWEDIPS nlnest[WGPEER_A_ALLOWEDIPS, array[nlnest[0, array[allowedip_policy]]]] 45 WGPEER_A_PROTOCOL_VERSION nlattr[WGPEER_A_PROTOCOL_VERSION, const[1, int32]] 46 ] [varlen] 47 48 allowedip_policy [ 49 ipv4 allowedip_policy$ipv4 50 ipv6 allowedip_policy$ipv6 51 ] [varlen] 52 53 allowedip_policy$ipv4 { 54 WGALLOWEDIP_A_FAMILY nlattr[WGALLOWEDIP_A_FAMILY, const[AF_INET, int16]] 55 WGALLOWEDIP_A_IPADDR nlattr[WGALLOWEDIP_A_IPADDR, ipv4_addr] 56 WGALLOWEDIP_A_CIDR_MASK nlattr[WGALLOWEDIP_A_CIDR_MASK, int8[0:3]] 57 } [packed] 58 59 allowedip_policy$ipv6 { 60 WGALLOWEDIP_A_FAMILY nlattr[WGALLOWEDIP_A_FAMILY, const[AF_INET6, int16]] 61 WGALLOWEDIP_A_IPADDR nlattr[WGALLOWEDIP_A_IPADDR, ipv6_addr] 62 WGALLOWEDIP_A_CIDR_MASK nlattr[WGALLOWEDIP_A_CIDR_MASK, int8[0:3]] 63 } [packed] 64 65 wireguard_private_key [ 66 zero stringnoz[`0000000000000000000000000000000000000000000000000000000000000000`] 67 a stringnoz[`a05ca84f6c9c8e3853e2fd7a70ae0fb20fa152600cb00845174f08076f8d7843`] 68 b stringnoz[`b08073e8d44e91e3da922c22438244bb885c69e269c8e9d835b114293a4ddc6e`] 69 c stringnoz[`a0cb879a47f5bc644c0e693fa6d031c74a1553b6e901b9ff2f518c78042fb542`] 70 ] 71 72 wireguard_public_key [ 73 zero stringnoz[`0000000000000000000000000000000000000000000000000000000000000000`] 74 neg stringnoz[`dbffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff`] 75 a_g stringnoz[`975c9d81c983c8209ee781254b899f8ed925ae9f0923c23c62f53c57cdbf691c`] 76 b_g stringnoz[`d1732899f611cd8994034d7f413dc957630e5493c285aca40065cb6311be696b`] 77 c_g stringnoz[`f44da367a88ee6564f020211456727082f5cebee8b1bf5eb7337341b459b3922`] 78 ] 79 80 wgdevice_flag = WGDEVICE_F_REPLACE_PEERS 81 wgpeer_flag = WGPEER_F_REMOVE_ME, WGPEER_F_REPLACE_ALLOWEDIPS, WGPEER_F_UPDATE_ONLY 82 wireguard_devname = "wg0", "wg1", "wg2" 83 84 wg_packet [ 85 initiation message_handshake_initiation 86 response message_handshake_response 87 cookie message_handshake_cookie 88 data message_data 89 ] [varlen] 90 91 message_handshake_initiation { 92 type const[MESSAGE_HANDSHAKE_INITIATION, int32] 93 # Not clear if these indexes are also generated randomly and we need to guess them or not. 94 sender_index int32[0:4] 95 unencrypted_ephemeral array[int8, NOISE_PUBLIC_KEY_LEN] 96 encrypted_static array[int8, NOISE_PUBLIC_KEY_ENCRYPTED_LEN] 97 encrypted_timestamp array[int8, NOISE_TIMESTAMP_ENCRYPTED_LEN] 98 macs message_macs 99 } 100 101 message_handshake_response { 102 type const[MESSAGE_HANDSHAKE_RESPONSE, int32] 103 sender_index int32[0:4] 104 receiver_index int32[0:4] 105 unencrypted_ephemeral array[int8, NOISE_PUBLIC_KEY_LEN] 106 encrypted_nothing array[int8, NOISE_NOTHING_ENCRYPTED_LEN] 107 macs message_macs 108 } 109 110 message_handshake_cookie { 111 type const[MESSAGE_HANDSHAKE_COOKIE, int32] 112 receiver_index int32[0:4] 113 nonce array[int8, COOKIE_NONCE_LEN] 114 encrypted_cookie array[int8, NOISE_COOKIE_ENCRYPTED_LEN] 115 } 116 117 message_data { 118 type const[MESSAGE_DATA, int32] 119 # These are allocated randomly, so little chances guessing. 120 key_idx int32 121 # This is used as chacha20poly1305 decryption nonce. 122 counter int64 123 encrypted_data array[int8] 124 } 125 126 message_macs { 127 mac1 array[int8, COOKIE_LEN] 128 mac2 array[int8, COOKIE_LEN] 129 } 130 131 define NOISE_PUBLIC_KEY_ENCRYPTED_LEN noise_encrypted_len(NOISE_PUBLIC_KEY_LEN) 132 define NOISE_TIMESTAMP_ENCRYPTED_LEN noise_encrypted_len(NOISE_TIMESTAMP_LEN) 133 define NOISE_COOKIE_ENCRYPTED_LEN noise_encrypted_len(COOKIE_LEN) 134 define NOISE_NOTHING_ENCRYPTED_LEN noise_encrypted_len(0)