# HG changeset patch
# User Taylor R Campbell <riastradh@NetBSD.org>
# Date 1721870583 0
#      Thu Jul 25 01:23:03 2024 +0000
# Branch trunk
# Node ID 585d6fafefbdab70ca380c2c594b0479ffe25f4b
# Parent  4a3c60e2670257b74054ae48fe6017940fd8eeb4
# EXP-Topic riastradh-pr58463-wgidle
WIP: wg(4): Verify decryption after encryption.

diff -r 4a3c60e26702 -r 585d6fafefbd sys/net/if_wg.c
--- a/sys/net/if_wg.c	Wed Jul 24 21:09:18 2024 +0000
+++ b/sys/net/if_wg.c	Thu Jul 25 01:23:03 2024 +0000
@@ -4046,6 +4046,31 @@ wg_send_data_msg(struct wg_peer *wgp, st
 	    padded_buf, padded_len,
 	    NULL, 0);
 
+	{
+		size_t decrypted_len = encrypted_len - WG_AUTHTAG_LEN;
+		char *decrypted_buf = kmem_intr_alloc((decrypted_len +
+			WG_AUTHTAG_LEN/*XXX*/), KM_NOSLEEP);
+		if (decrypted_buf != NULL) {
+			error = wg_algo_aead_dec(
+			    1 + decrypted_buf /* force misalignment */,
+			    encrypted_len - WG_AUTHTAG_LEN /* XXX */,
+			    wgs->wgs_tkey_send, le64toh(wgmd->wgmd_counter),
+			    (char *)wgmd + sizeof(*wgmd), encrypted_len,
+			    NULL, 0);
+			if (error) {
+				WG_DLOG("wg_algo_aead_dec failed: %d\n",
+				    error);
+			}
+			if (!consttime_memequal(1 + decrypted_buf,
+				(char *)wgmd + sizeof(*wgmd),
+				decrypted_len)) {
+				WG_DLOG("wg_algo_aead_dec returned garbage\n");
+			}
+			kmem_intr_free(decrypted_buf, (decrypted_len +
+				WG_AUTHTAG_LEN/*XXX*/));
+		}
+	}
+
 	error = wg->wg_ops->send_data_msg(wgp, n);
 	if (error == 0) {
 		struct ifnet *ifp = &wg->wg_if;