aboutsummaryrefslogtreecommitdiff
path: root/sys/dev/if_wg/include
diff options
context:
space:
mode:
Diffstat (limited to 'sys/dev/if_wg/include')
-rw-r--r--sys/dev/if_wg/include/crypto/blake2s.h56
-rw-r--r--sys/dev/if_wg/include/crypto/curve25519.h74
-rw-r--r--sys/dev/if_wg/include/crypto/zinc.h15
-rw-r--r--sys/dev/if_wg/include/sys/if_wg_session.h89
-rw-r--r--sys/dev/if_wg/include/sys/if_wg_session_vars.h319
-rw-r--r--sys/dev/if_wg/include/sys/simd-x86_64.h74
-rw-r--r--sys/dev/if_wg/include/sys/support.h342
-rw-r--r--sys/dev/if_wg/include/sys/wg_cookie.h174
-rw-r--r--sys/dev/if_wg/include/sys/wg_module.h121
-rw-r--r--sys/dev/if_wg/include/sys/wg_noise.h286
-rw-r--r--sys/dev/if_wg/include/zinc/blake2s.h50
-rw-r--r--sys/dev/if_wg/include/zinc/chacha20.h68
-rw-r--r--sys/dev/if_wg/include/zinc/chacha20poly1305.h48
-rw-r--r--sys/dev/if_wg/include/zinc/curve25519.h28
-rw-r--r--sys/dev/if_wg/include/zinc/poly1305.h29
15 files changed, 0 insertions, 1773 deletions
diff --git a/sys/dev/if_wg/include/crypto/blake2s.h b/sys/dev/if_wg/include/crypto/blake2s.h
deleted file mode 100644
index 17e6447ebcd8..000000000000
--- a/sys/dev/if_wg/include/crypto/blake2s.h
+++ /dev/null
@@ -1,56 +0,0 @@
-/* SPDX-License-Identifier: GPL-2.0 OR MIT */
-/*
- * Copyright (C) 2015-2019 Jason A. Donenfeld <Jason@zx2c4.com>. All Rights Reserved.
- */
-
-#include <sys/types.h>
-
-#ifndef _BLAKE2S_H_
-#define _BLAKE2S_H_
-
-
-enum blake2s_lengths {
- BLAKE2S_BLOCK_SIZE = 64,
- BLAKE2S_HASH_SIZE = 32,
- BLAKE2S_KEY_SIZE = 32
-};
-
-struct blake2s_state {
- uint32_t h[8];
- uint32_t t[2];
- uint32_t f[2];
- uint8_t buf[BLAKE2S_BLOCK_SIZE];
- size_t buflen;
- uint8_t last_node;
-};
-
-void blake2s_init(struct blake2s_state *state, const size_t outlen);
-void blake2s_init_key(struct blake2s_state *state, const size_t outlen,
- const void *key, const size_t keylen);
-void blake2s_update(struct blake2s_state *state, const uint8_t *in, size_t inlen);
-void blake2s_final(struct blake2s_state *state, uint8_t *out, const size_t outlen);
-
-static inline void blake2s(uint8_t *out, const uint8_t *in, const uint8_t *key,
- const size_t outlen, const size_t inlen,
- const size_t keylen)
-{
- struct blake2s_state state;
-#ifdef __linux___
- WARN_ON(IS_ENABLED(DEBUG) && ((!in && inlen > 0) || !out || !outlen ||
- outlen > BLAKE2S_HASH_SIZE || keylen > BLAKE2S_KEY_SIZE ||
- (!key && keylen)));
-#endif
-
- if (keylen)
- blake2s_init_key(&state, outlen, key, keylen);
- else
- blake2s_init(&state, outlen);
-
- blake2s_update(&state, in, inlen);
- blake2s_final(&state, out, outlen);
-}
-
-void blake2s_hmac(uint8_t *out, const uint8_t *in, const uint8_t *key,
- const size_t outlen, const size_t inlen, const size_t keylen);
-
-#endif /* _BLAKE2S_H_ */
diff --git a/sys/dev/if_wg/include/crypto/curve25519.h b/sys/dev/if_wg/include/crypto/curve25519.h
deleted file mode 100644
index 3e90d1b270fe..000000000000
--- a/sys/dev/if_wg/include/crypto/curve25519.h
+++ /dev/null
@@ -1,74 +0,0 @@
-/*-
- * SPDX-License-Identifier: BSD-2-Clause-FreeBSD
- *
- * Copyright (c) 2019-2020 Rubicon Communications, LLC (Netgate)
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- *
- * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * $FreeBSD$
- */
-
-#ifndef _CURVE25519_H_
-#define _CURVE25519_H_
-
-#include <sys/systm.h>
-
-#define CURVE25519_KEY_SIZE 32
-
-void curve25519_generic(u8 [CURVE25519_KEY_SIZE],
- const u8 [CURVE25519_KEY_SIZE],
- const u8 [CURVE25519_KEY_SIZE]);
-
-static inline void curve25519_clamp_secret(u8 secret[CURVE25519_KEY_SIZE])
-{
- secret[0] &= 248;
- secret[31] = (secret[31] & 127) | 64;
-}
-
-static const u8 null_point[CURVE25519_KEY_SIZE] = { 0 };
-
-static inline int curve25519(u8 mypublic[CURVE25519_KEY_SIZE],
- const u8 secret[CURVE25519_KEY_SIZE],
- const u8 basepoint[CURVE25519_KEY_SIZE])
-{
- curve25519_generic(mypublic, secret, basepoint);
- return timingsafe_bcmp(mypublic, null_point, CURVE25519_KEY_SIZE);
-}
-
-static inline int curve25519_generate_public(u8 pub[CURVE25519_KEY_SIZE],
- const u8 secret[CURVE25519_KEY_SIZE])
-{
- static const u8 basepoint[CURVE25519_KEY_SIZE] __aligned(32) = { 9 };
-
- if (timingsafe_bcmp(secret, null_point, CURVE25519_KEY_SIZE) == 0)
- return 0;
-
- return curve25519(pub, secret, basepoint);
-}
-
-static inline void curve25519_generate_secret(u8 secret[CURVE25519_KEY_SIZE])
-{
- arc4random_buf(secret, CURVE25519_KEY_SIZE);
- curve25519_clamp_secret(secret);
-}
-
-#endif /* _CURVE25519_H_ */
diff --git a/sys/dev/if_wg/include/crypto/zinc.h b/sys/dev/if_wg/include/crypto/zinc.h
deleted file mode 100644
index 9aa1e8d59bf5..000000000000
--- a/sys/dev/if_wg/include/crypto/zinc.h
+++ /dev/null
@@ -1,15 +0,0 @@
-/* SPDX-License-Identifier: GPL-2.0 OR MIT */
-/*
- * Copyright (C) 2015-2019 Jason A. Donenfeld <Jason@zx2c4.com>. All Rights Reserved.
- */
-
-#ifndef _WG_ZINC_H
-#define _WG_ZINC_H
-
-int chacha20_mod_init(void);
-int poly1305_mod_init(void);
-int chacha20poly1305_mod_init(void);
-int blake2s_mod_init(void);
-int curve25519_mod_init(void);
-
-#endif
diff --git a/sys/dev/if_wg/include/sys/if_wg_session.h b/sys/dev/if_wg/include/sys/if_wg_session.h
deleted file mode 100644
index 45399e534364..000000000000
--- a/sys/dev/if_wg/include/sys/if_wg_session.h
+++ /dev/null
@@ -1,89 +0,0 @@
-/*
- * Copyright (c) 2019 Matt Dunwoodie <ncon@noconroy.net>
- *
- * Permission to use, copy, modify, and distribute this software for any
- * purpose with or without fee is hereby granted, provided that the above
- * copyright notice and this permission notice appear in all copies.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
- * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
- * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
- * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
- * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
- * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
- * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
- *
- * $FreeBSD$
- */
-
-#ifndef __IF_WG_H__
-#define __IF_WG_H__
-
-#include <net/if.h>
-#include <netinet/in.h>
-
-/*
- * This is the public interface to the WireGuard network interface.
- *
- * It is designed to be used by tools such as ifconfig(8) and wg(4).
- */
-
-#define WG_KEY_SIZE 32
-
-#define WG_DEVICE_HAS_PUBKEY (1 << 0)
-#define WG_DEVICE_HAS_PRIVKEY (1 << 1)
-#define WG_DEVICE_HAS_MASKED_PRIVKEY (1 << 2)
-#define WG_DEVICE_HAS_PORT (1 << 3)
-#define WG_DEVICE_HAS_RDOMAIN (1 << 4)
-#define WG_DEVICE_REPLACE_PEERS (1 << 5)
-
-#define WG_PEER_HAS_PUBKEY (1 << 0)
-#define WG_PEER_HAS_SHAREDKEY (1 << 1)
-#define WG_PEER_HAS_MASKED_SHAREDKEY (1 << 2)
-#define WG_PEER_HAS_ENDPOINT (1 << 3)
-#define WG_PEER_HAS_PERSISTENTKEEPALIVE (1 << 4)
-#define WG_PEER_REPLACE_CIDRS (1 << 5)
-#define WG_PEER_REMOVE (1 << 6)
-
-#define SIOCSWG _IOWR('i', 200, struct wg_device_io)
-#define SIOCGWG _IOWR('i', 201, struct wg_device_io)
-
-#define WG_PEERS_FOREACH(p, d) \
- for (p = (d)->d_peers; p < (d)->d_peers + (d)->d_num_peers; p++)
-#define WG_CIDRS_FOREACH(c, p) \
- for (c = (p)->p_cidrs; c < (p)->p_cidrs + (p)->p_num_cidrs; c++)
-
-struct wg_allowedip {
- struct sockaddr_storage a_addr;
- struct sockaddr_storage a_mask;
-};
-
-enum {
- WG_PEER_CTR_TX_BYTES,
- WG_PEER_CTR_RX_BYTES,
- WG_PEER_CTR_NUM,
-};
-
-struct wg_device_io {
- char d_name[IFNAMSIZ];
- uint8_t d_flags;
- in_port_t d_port;
- int d_rdomain;
- uint8_t d_pubkey[WG_KEY_SIZE];
- uint8_t d_privkey[WG_KEY_SIZE];
- size_t d_num_peers;
- size_t d_num_cidrs;
- struct wg_peer_io *d_peers;
-};
-
-
-#ifndef ENOKEY
-#define ENOKEY ENOTCAPABLE
-#endif
-
-typedef enum {
- WGC_GET = 0x5,
- WGC_SET = 0x6,
-} wg_cmd_t;
-
-#endif /* __IF_WG_H__ */
diff --git a/sys/dev/if_wg/include/sys/if_wg_session_vars.h b/sys/dev/if_wg/include/sys/if_wg_session_vars.h
deleted file mode 100644
index 5fd85d3b7162..000000000000
--- a/sys/dev/if_wg/include/sys/if_wg_session_vars.h
+++ /dev/null
@@ -1,319 +0,0 @@
-/*
- * Copyright (c) 2019 Matt Dunwoodie <ncon@noconroy.net>
- * Copyright (c) 2019-2020 Rubicon Communications, LLC (Netgate)
- *
- * Permission to use, copy, modify, and distribute this software for any
- * purpose with or without fee is hereby granted, provided that the above
- * copyright notice and this permission notice appear in all copies.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
- * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
- * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
- * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
- * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
- * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
- * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
- *
- * $FreeBSD$
- */
-
-#ifndef _IF_WG_VARS_H_
-#define _IF_WG_VARS_H_
-
-#include <sys/types.h>
-#include <sys/param.h>
-#include <sys/time.h>
-
-#include <sys/lock.h>
-#include <sys/mutex.h>
-#include <crypto/siphash/siphash.h>
-
-
-#include <net/if.h>
-#include <net/if_var.h>
-#include <net/if_types.h>
-#include <net/ethernet.h>
-#include <net/pfvar.h>
-#include <net/iflib.h>
-
-#include <sys/wg_noise.h>
-#include <sys/wg_cookie.h>
-/* This is only needed for wg_keypair. */
-#include <sys/if_wg_session.h>
-
-#define UNIMPLEMENTED() panic("%s not implemented\n", __func__)
-
-#define WG_KEY_SIZE 32
-#define WG_MSG_PADDING_SIZE 16
-
-
-/* Constant for session */
-#define REKEY_TIMEOUT 5
-#define REKEY_TIMEOUT_JITTER 500 /* TODO ok? jason */
-#define REJECT_AFTER_TIME 180
-#define KEEPALIVE_TIMEOUT 10
-#define MAX_TIMER_HANDSHAKES (90 / REKEY_TIMEOUT)
-#define NEW_HANDSHAKE_TIMEOUT (REKEY_TIMEOUT + KEEPALIVE_TIMEOUT)
-
-#define MAX_QUEUED_INCOMING_HANDSHAKES 4096 /* TODO: replace this with DQL */
-#define MAX_QUEUED_PACKETS 1024 /* TODO: replace this with DQL */
-
-#define HASHTABLE_PEER_SIZE (1 << 6) //1 << 11
-#define HASHTABLE_INDEX_SIZE (HASHTABLE_PEER_SIZE * 3) //1 << 13
-
-#define PEER_MAGIC1 0xCAFEBABEB00FDADDULL
-#define PEER_MAGIC2 0xCAAFD0D0D00DBABEULL
-#define PEER_MAGIC3 0xD00DBABEF00DFADEULL
-
-
-enum message_type {
- MESSAGE_INVALID = 0,
- MESSAGE_HANDSHAKE_INITIATION = 1,
- MESSAGE_HANDSHAKE_RESPONSE = 2,
- MESSAGE_HANDSHAKE_COOKIE = 3,
- MESSAGE_DATA = 4
-};
-
-struct wg_softc;
-
-#if __FreeBSD_version > 1300000
-typedef void timeout_t (void *);
-#endif
-
-/* Socket */
-struct wg_endpoint {
- union wg_remote {
- struct sockaddr r_sa;
- struct sockaddr_in r_sin;
- struct sockaddr_in6 r_sin6;
- } e_remote;
- union wg_source {
- struct in_addr l_in;
- struct in6_pktinfo l_pktinfo6;
-#define l_in6 l_pktinfo6.ipi6_addr
- } e_local;
-};
-
-struct wg_socket {
- struct mtx so_mtx;
- in_port_t so_port;
- struct socket *so_so4;
- struct socket *so_so6;
-};
-
-struct wg_queue {
- struct mtx q_mtx;
- struct mbufq q;
-};
-
-struct wg_index {
- LIST_ENTRY(wg_index) i_entry;
- SLIST_ENTRY(wg_index) i_unused_entry;
- uint32_t i_key;
- struct noise_remote *i_value;
-};
-
-struct wg_timers {
- /* t_lock is for blocking wg_timers_event_* when setting t_disabled. */
- struct rwlock t_lock;
-
- int t_disabled;
- int t_need_another_keepalive;
- uint16_t t_persistent_keepalive_interval;
- struct callout t_new_handshake;
- struct callout t_send_keepalive;
- struct callout t_retry_handshake;
- struct callout t_zero_key_material;
- struct callout t_persistent_keepalive;
-
- struct mtx t_handshake_mtx;
- struct timespec t_handshake_last_sent;
- struct timespec t_handshake_complete;
- volatile int t_handshake_retries;
-
-};
-
-struct wg_peer {
- uint64_t p_magic_1;
- CK_LIST_ENTRY(wg_peer) p_hash_entry;
- CK_LIST_ENTRY(wg_peer) p_entry;
- uint64_t p_id;
- struct wg_softc *p_sc;
-
- struct noise_remote p_remote;
- struct cookie_maker p_cookie;
- struct wg_timers p_timers;
-
- struct rwlock p_endpoint_lock;
- struct wg_endpoint p_endpoint;
-
- uint64_t p_magic_2;
-
- SLIST_HEAD(,wg_index) p_unused_index;
- struct wg_index p_index[3];
-
- struct wg_queue p_encap_queue;
- struct wg_queue p_decap_queue;
-
- struct grouptask p_clear_secrets;
- struct grouptask p_send_initiation;
- struct grouptask p_send_keepalive;
- struct grouptask p_send;
- struct grouptask p_recv;
-
- counter_u64_t p_tx_bytes;
- counter_u64_t p_rx_bytes;
-
- CK_LIST_HEAD(, wg_route) p_routes;
- uint64_t p_magic_3;
- struct mtx p_lock;
- struct epoch_context p_ctx;
-};
-
-
-
-/* Packet */
-
-void wg_softc_decrypt(struct wg_softc *);
-void wg_softc_encrypt(struct wg_softc *);
-
-/* Queue */
-void wg_queue_init(struct wg_queue *, const char *);
-void wg_queue_deinit(struct wg_queue *);
-
-/* Counter */
-
-/* Timers */
-
-/* Route */
-enum route_direction {
- IN,
- OUT,
-};
-
-struct wg_route_table {
- size_t t_count;
- struct radix_node_head *t_ip;
- struct radix_node_head *t_ip6;
-};
-struct wg_peer;
-
-struct wg_route {
- struct radix_node r_nodes[2];
- struct wg_allowedip r_cidr;
- CK_LIST_ENTRY(wg_route) r_entry;
- struct wg_peer *r_peer;
-};
-
-
-int wg_route_add(struct wg_route_table *, struct wg_peer *,
- const struct wg_allowedip *);
-int wg_route_delete(struct wg_route_table *, struct wg_peer *);
-
-/* Noise */
-
-/*
- * Peer
- *
- *
- *
- */
-
-struct wg_softc;
-
-struct wg_hashtable {
- struct mtx h_mtx;
- SIPHASH_KEY h_secret;
- CK_LIST_HEAD(, wg_peer) h_peers_list;
- CK_LIST_HEAD(, wg_peer) *h_peers;
- u_long h_peers_mask;
- size_t h_num_peers;
- LIST_HEAD(, noise_keypair) *h_keys;
- u_long h_keys_mask;
- size_t h_num_keys;
-};
-
-/* Softc */
-struct wg_softc {
- if_softc_ctx_t shared;
- if_ctx_t wg_ctx;
- struct ifnet *sc_ifp;
- uint16_t sc_incoming_port;
- uint32_t sc_user_cookie;
-
- struct wg_socket sc_socket;
- struct wg_hashtable sc_hashtable;
- struct wg_route_table sc_routes;
-
- struct mbufq sc_handshake_queue;
- struct grouptask sc_handshake;
-
- struct noise_local sc_local;
- struct cookie_checker sc_cookie;
-
- struct buf_ring *sc_encap_ring;
- struct buf_ring *sc_decap_ring;
-
- struct grouptask *sc_encrypt;
- struct grouptask *sc_decrypt;
-
- struct rwlock sc_index_lock;
- LIST_HEAD(,wg_index) *sc_index;
- u_long sc_index_mask;
-
- struct mtx sc_mtx;
-};
-
-struct wg_tag {
- struct m_tag wt_tag;
- struct wg_endpoint t_endpoint;
- struct wg_peer *t_peer;
- struct mbuf *t_mbuf;
- sa_family_t t_family;
- int t_done;
- int t_mtu;
-};
-
-struct wg_peer *wg_route_lookup(struct wg_route_table *, struct mbuf *,
- enum route_direction);
-
-void wg_peer_remove_all(struct wg_softc *);
-struct wg_peer *wg_peer_alloc(struct wg_softc *);
-void wg_peer_destroy(struct wg_peer *);
-
-void wg_hashtable_init(struct wg_hashtable *);
-void wg_hashtable_destroy(struct wg_hashtable *);
-void wg_hashtable_peer_insert(struct wg_hashtable *, struct wg_peer *);
-struct wg_peer *wg_peer_lookup(struct wg_softc *,
- const uint8_t [WG_KEY_SIZE]);
-void wg_hashtable_peer_remove(struct wg_hashtable *, struct wg_peer *);
-
-
-int wg_queue_out(struct wg_peer *peer, struct mbuf *m);
-
-int wg_route_init(struct wg_route_table *);
-void wg_route_destroy(struct wg_route_table *);
-
-int wg_socket_init(struct wg_softc *sc);
-void wg_socket_reinit(struct wg_softc *, struct socket *so4,
- struct socket *so6);
-int wg_socket_close(struct wg_socket *so);
-
-void wg_softc_handshake_receive(struct wg_softc *sc);
-
-int wg_timers_get_persistent_keepalive(struct wg_timers *, uint16_t *);
-void wg_timers_set_persistent_keepalive(struct wg_timers *t, uint16_t);
-void wg_timers_get_last_handshake(struct wg_timers *, struct timespec *);
-
-
-struct noise_remote *wg_remote_get(struct wg_softc *, uint8_t [NOISE_KEY_SIZE]);
-uint32_t wg_index_set(struct wg_softc *, struct noise_remote *);
-struct noise_remote *wg_index_get(struct wg_softc *, uint32_t);
-void wg_index_drop(struct wg_softc *, uint32_t);
-void wg_encrypt_dispatch(struct wg_softc *);
-void wg_decrypt_dispatch(struct wg_softc *);
-
-struct wg_tag *wg_tag_get(struct mbuf *m);
-
-
-#endif /* _IF_WG_VARS_H_ */
diff --git a/sys/dev/if_wg/include/sys/simd-x86_64.h b/sys/dev/if_wg/include/sys/simd-x86_64.h
deleted file mode 100644
index 1453083aa273..000000000000
--- a/sys/dev/if_wg/include/sys/simd-x86_64.h
+++ /dev/null
@@ -1,74 +0,0 @@
-/*-
- * SPDX-License-Identifier: BSD-2-Clause-FreeBSD
- *
- * Copyright (c) 2019-2020 Rubicon Communications, LLC (Netgate)
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- *
- * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * $FreeBSD$
- */
-
-#ifndef _SIMD_X86_64_H_
-#define _SIMD_X86_64_H_
-
-
-#include <x86/x86_var.h>
-#include <x86/specialreg.h>
-
-static inline uint64_t
-xgetbv(uint32_t index)
-{
- uint32_t eax, edx;
- /* xgetbv - instruction byte code */
- __asm__ __volatile__(".byte 0x0f; .byte 0x01; .byte 0xd0"
- : "=a" (eax), "=d" (edx)
- : "c" (index));
-
- return ((((uint64_t)edx)<<32) | (uint64_t)eax);
-}
-
-
-/*
- * Detect register set support
- */
-static inline boolean_t
-__simd_state_enabled(const uint64_t state)
-{
- boolean_t has_osxsave;
- uint64_t xcr0;
-
- has_osxsave = !!(cpu_feature2 & CPUID2_OSXSAVE);
-
- if (!has_osxsave)
- return (0);
-
- xcr0 = xgetbv(0);
- return ((xcr0 & state) == state);
-}
-
-#define _XSTATE_SSE_AVX (0x2 | 0x4)
-#define _XSTATE_AVX512 (0xE0 | _XSTATE_SSE_AVX)
-
-#define __ymm_enabled() __simd_state_enabled(_XSTATE_SSE_AVX)
-#define __zmm_enabled() __simd_state_enabled(_XSTATE_AVX512)
-#endif
-
diff --git a/sys/dev/if_wg/include/sys/support.h b/sys/dev/if_wg/include/sys/support.h
deleted file mode 100644
index 7874fd9b1524..000000000000
--- a/sys/dev/if_wg/include/sys/support.h
+++ /dev/null
@@ -1,342 +0,0 @@
-/*-
- * SPDX-License-Identifier: BSD-2-Clause-FreeBSD
- *
- * Copyright (c) 2019-2020 Rubicon Communications, LLC (Netgate)
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- *
- * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * $FreeBSD$
- */
-
-#ifndef SYS_SUPPORT_H_
-#define SYS_SUPPORT_H_
-#ifdef __LOCORE
-#include <machine/asm.h>
-#define SYM_FUNC_START ENTRY
-#define SYM_FUNC_END END
-
-#else
-#include <sys/types.h>
-#include <sys/limits.h>
-#include <sys/endian.h>
-#include <sys/libkern.h>
-#include <sys/malloc.h>
-#include <sys/proc.h>
-#include <sys/lock.h>
-#include <vm/uma.h>
-
-#if defined(__aarch64__) || defined(__amd64__) || defined(__i386__)
-#include <machine/fpu.h>
-#endif
-#include <crypto/siphash/siphash.h>
-
-
-#define COMPAT_ZINC_IS_A_MODULE
-MALLOC_DECLARE(M_WG);
-
-#define BUILD_BUG_ON(x) CTASSERT(!(x))
-
-#define BIT(nr) (1UL << (nr))
-#define BIT_ULL(nr) (1ULL << (nr))
-#ifdef __LP64__
-#define BITS_PER_LONG 64
-#else
-#define BITS_PER_LONG 32
-#endif
-
-#define rw_enter_write rw_wlock
-#define rw_exit_write rw_wunlock
-#define rw_enter_read rw_rlock
-#define rw_exit_read rw_runlock
-#define rw_exit rw_unlock
-
-#define ASSERT(x) MPASS(x)
-
-#define ___PASTE(a,b) a##b
-#define __PASTE(a,b) ___PASTE(a,b)
-#define __UNIQUE_ID(prefix) __PASTE(__PASTE(__UNIQUE_ID_, prefix), __COUNTER__)
-
-#define typeof(x) __typeof__(x)
-
-
-#define min_t(t, a, b) ({ t __a = (a); t __b = (b); __a > __b ? __b : __a; })
-
-typedef uint8_t u8;
-typedef uint16_t u16;
-typedef uint32_t u32;
-typedef uint32_t __le32;
-typedef uint64_t u64;
-typedef uint64_t __le64;
-
-#define __must_check __attribute__((__warn_unused_result__))
-#define asmlinkage
-#define __ro_after_init __read_mostly
-
-#define get_unaligned_le32(x) le32dec(x)
-#define get_unaligned_le64(x) le64dec(x)
-
-#define cpu_to_le64(x) htole64(x)
-#define cpu_to_le32(x) htole32(x)
-#define letoh64(x) le64toh(x)
-
-#define need_resched() \
- ((curthread->td_flags & (TDF_NEEDRESCHED|TDF_ASTPENDING)) || \
- curthread->td_owepreempt)
-
-
-#define CONTAINER_OF(a, b, c) __containerof((a), b, c)
-
-typedef struct {
- uint64_t k0;
- uint64_t k1;
-} SIPHASH_KEY;
-
-static inline uint64_t
-siphash24(const SIPHASH_KEY *key, const void *src, size_t len)
-{
- SIPHASH_CTX ctx;
-
- return (SipHashX(&ctx, 2, 4, (const uint8_t *)key, src, len));
-}
-
-static inline void
-put_unaligned_le32(u32 val, void *p)
-{
- *((__le32 *)p) = cpu_to_le32(val);
-}
-
-
-#define rol32(i32, n) ((i32) << (n) | (i32) >> (32 - (n)))
-
-#define memzero_explicit(p, s) explicit_bzero(p, s)
-
-#define EXPORT_SYMBOL(x)
-
-#define U32_MAX ((u32)~0U)
-#if defined(__aarch64__) || defined(__amd64__) || defined(__i386__)
-#define kfpu_begin(ctx) { \
- if (ctx->sc_fpu_ctx == NULL) { \
- ctx->sc_fpu_ctx = fpu_kern_alloc_ctx(0); \
- } \
- critical_enter(); \
- fpu_kern_enter(curthread, ctx->sc_fpu_ctx, FPU_KERN_NORMAL); \
-}
-
-#define kfpu_end(ctx) { \
- MPASS(ctx->sc_fpu_ctx != NULL); \
- fpu_kern_leave(curthread, ctx->sc_fpu_ctx); \
- critical_exit(); \
-}
-#else
-#define kfpu_begin(ctx)
-#define kfpu_end(ctx)
-#define fpu_kern_free_ctx(p)
-#endif
-
-typedef enum {
- HAVE_NO_SIMD = 1 << 0,
- HAVE_FULL_SIMD = 1 << 1,
- HAVE_SIMD_IN_USE = 1 << 31
-} simd_context_state_t;
-
-typedef struct {
- simd_context_state_t sc_state;
- struct fpu_kern_ctx *sc_fpu_ctx;
-} simd_context_t;
-
-
-#define DONT_USE_SIMD NULL
-
-static __must_check inline bool
-may_use_simd(void)
-{
-#if defined(__amd64__)
- return true;
-#else
- return false;
-#endif
-}
-
-static inline void
-simd_get(simd_context_t *ctx)
-{
- ctx->sc_state = may_use_simd() ? HAVE_FULL_SIMD : HAVE_NO_SIMD;
-}
-
-static inline void
-simd_put(simd_context_t *ctx)
-{
-#if defined(__aarch64__) || defined(__amd64__) || defined(__i386__)
- if (is_fpu_kern_thread(0))
- return;
-#endif
- if (ctx->sc_state & HAVE_SIMD_IN_USE)
- kfpu_end(ctx);
- ctx->sc_state = HAVE_NO_SIMD;
-}
-
-static __must_check inline bool
-simd_use(simd_context_t *ctx)
-{
-#if defined(__aarch64__) || defined(__amd64__) || defined(__i386__)
- if (is_fpu_kern_thread(0))
- return true;
-#else
- return false;
-#endif
- if (ctx == NULL)
- return false;
- if (!(ctx->sc_state & HAVE_FULL_SIMD))
- return false;
- if (ctx->sc_state & HAVE_SIMD_IN_USE)
- return true;
- kfpu_begin(ctx);
- ctx->sc_state |= HAVE_SIMD_IN_USE;
- return true;
-}
-
-static inline bool
-simd_relax(simd_context_t *ctx)
-{
- if ((ctx->sc_state & HAVE_SIMD_IN_USE) && need_resched()) {
- simd_put(ctx);
- simd_get(ctx);
- return simd_use(ctx);
- }
- return false;
-}
-
-#define unlikely(x) __predict_false(x)
-#define likely(x) __predict_true(x)
-/* Generic path for arbitrary size */
-
-
-static inline unsigned long
-__crypto_memneq_generic(const void *a, const void *b, size_t size)
-{
- unsigned long neq = 0;
-
- while (size >= sizeof(unsigned long)) {
- neq |= *(const unsigned long *)a ^ *(const unsigned long *)b;
- __compiler_membar();
- a = ((const char *)a + sizeof(unsigned long));
- b = ((const char *)b + sizeof(unsigned long));
- size -= sizeof(unsigned long);
- }
- while (size > 0) {
- neq |= *(const unsigned char *)a ^ *(const unsigned char *)b;
- __compiler_membar();
- a = (const char *)a + 1;
- b = (const char *)b + 1;
- size -= 1;
- }
- return neq;
-}
-
-#define crypto_memneq(a, b, c) __crypto_memneq_generic((a), (b), (c))
-
-static inline void
-__cpu_to_le32s(uint32_t *buf)
-{
- *buf = htole32(*buf);
-}
-
-static inline void cpu_to_le32_array(u32 *buf, unsigned int words)
-{
- while (words--) {
- __cpu_to_le32s(buf);
- buf++;
- }
-}
-
-#define CONFIG_HAVE_EFFICIENT_UNALIGNED_ACCESS 1
-void __crypto_xor(u8 *dst, const u8 *src1, const u8 *src2, unsigned int len);
-
-static inline void crypto_xor_cpy(u8 *dst, const u8 *src1, const u8 *src2,
- unsigned int size)
-{
- if (CONFIG_HAVE_EFFICIENT_UNALIGNED_ACCESS &&
- __builtin_constant_p(size) &&
- (size % sizeof(unsigned long)) == 0) {
- unsigned long *d = (unsigned long *)dst;
- const unsigned long *s1 = (const unsigned long *)src1;
- const unsigned long *s2 = (const unsigned long *)src2;
-
- while (size > 0) {
- *d++ = *s1++ ^ *s2++;
- size -= sizeof(unsigned long);
- }
- } else {
- __crypto_xor(dst, src1, src2, size);
- }
-}
-#include <sys/kernel.h>
-#define module_init(fn) \
-static void \
-wrap_ ## fn(void *dummy __unused) \
-{ \
- fn(); \
-} \
-SYSINIT(if_wg_ ## fn, SI_SUB_LAST, SI_ORDER_FIRST, wrap_ ## fn, NULL)
-
-
-#define module_exit(fn) \
-static void \
-wrap_ ## fn(void *dummy __unused) \
-{ \
- fn(); \
-} \
-SYSUNINIT(if_wg_ ## fn, SI_SUB_LAST, SI_ORDER_FIRST, wrap_ ## fn, NULL)
-
-#define module_param(a, b, c)
-#define MODULE_LICENSE(x)
-#define MODULE_DESCRIPTION(x)
-#define MODULE_AUTHOR(x)
-
-#define ARRAY_SIZE(x) (sizeof(x) / sizeof((x)[0]))
-
-#define __initconst
-#define __initdata
-#define __init
-#define __exit
-#define BUG() panic("%s:%d bug hit!\n", __FILE__, __LINE__)
-
-#define WARN_ON(cond) ({ \
- bool __ret = (cond); \
- if (__ret) { \
- printf("WARNING %s failed at %s:%d\n", \
- __stringify(cond), __FILE__, __LINE__); \
- } \
- unlikely(__ret); \
-})
-
-#define pr_err printf
-#define pr_info printf
-#define IS_ENABLED(x) 0
-#define ___stringify(...) #__VA_ARGS__
-#define __stringify(...) ___stringify(__VA_ARGS__)
-#define kmalloc(size, flag) malloc((size), M_WG, M_WAITOK)
-#define kfree(p) free(p, M_WG)
-#define vzalloc(size) malloc((size), M_WG, M_WAITOK|M_ZERO)
-#define vfree(p) free(p, M_WG)
-#endif
-#endif
diff --git a/sys/dev/if_wg/include/sys/wg_cookie.h b/sys/dev/if_wg/include/sys/wg_cookie.h
deleted file mode 100644
index 0bac8fefaf42..000000000000
--- a/sys/dev/if_wg/include/sys/wg_cookie.h
+++ /dev/null
@@ -1,174 +0,0 @@
-/*
- * Copyright (C) 2015-2020 Jason A. Donenfeld <Jason@zx2c4.com>. All Rights Reserved.
- * Copyright (C) 2019-2020 Matt Dunwoodie <ncon@noconroy.net>
- *
- * Permission to use, copy, modify, and distribute this software for any
- * purpose with or without fee is hereby granted, provided that the above
- * copyright notice and this permission notice appear in all copies.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
- * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
- * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
- * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
- * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
- * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
- * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
- *
- * ======== wg_cookie.h ========
- *
- * This file provides a thread safe interface to the WireGuard cookie
- * mechanism. It is split into three parts:
- *
- * * cookie_maker
- * Used to create MACs for messages.
- * * cookie_checker
- * Used to validate MACs for messages.
- * * cookie_macs
- * The MACs that authenticate the message.
- *
- * The MACs provide two properties:
- * * mac1 - That the remote end knows a value.
- * * mac2 - That the remote end has a specific IP address.
- *
- * void cookie_maker_init(cookie_maker, ipl, input)
- * - Initialise cookie_maker, should only be called once and before use.
- * input is the shared value used for mac1.
- *
- * int cookie_checker_init(cookie_checker, ipl)
- * - Initialise cookie_checker, should only be called once and before use. It
- * will return ENOBUFS if it cannot allocate required memory.
- *
- * void cookie_checker_update(cookie_checker, input)
- * - Set the input value to check mac1 against.
- *
- * void cookie_checker_deinit(cookie_checker)
- * - Destroy all values associated with cookie_checker. cookie_checker must
- * not be used after calling this function.
- *
- * void cookie_checker_create_payload(cookie_checker, cookie_macs, nonce,
- * payload, sockaddr)
- * - Create a specific payload derived from the sockaddr. The payload is an
- * encrypted shared secret, that the cookie_maker will decrypt and used to
- * key the mac2 value.
- *
- * int cookie_maker_consume_payload(cookie_maker, nonce, payload)
- * - Have cookie_maker consume the payload.
- *
- * void cookie_maker_mac(cookie_maker, cookie_macs, message, len)
- * - Create cookie_macs for the message of length len. It will always compute
- * mac1, however will only compute mac2 if we have recently received a
- * payload to key it with.
- *
- * int cookie_checker_validate_macs(cookie_checker, cookie_macs, message, len,
- * busy, sockaddr)
- * - Use cookie_checker to validate the cookie_macs of message with length
- * len. If busy, then ratelimiting will be applied to the sockaddr.
- *
- * ==========================
- * $FreeBSD$
- */
-
-#ifndef __COOKIE_H__
-#define __COOKIE_H__
-
-#include <sys/types.h>
-#include <sys/time.h>
-#include <sys/rwlock.h>
-#include <sys/queue.h>
-#include <sys/support.h>
-
-#include <netinet/in.h>
-
-#include <crypto/blake2s.h>
-
-#define COOKIE_MAC_SIZE 16
-#define COOKIE_KEY_SIZE 32
-#define COOKIE_XNONCE_SIZE 24
-#define COOKIE_COOKIE_SIZE 16
-#define COOKIE_SECRET_SIZE 32
-#define COOKIE_INPUT_SIZE 32
-#define COOKIE_ENCRYPTED_SIZE (COOKIE_COOKIE_SIZE + COOKIE_MAC_SIZE)
-
-#define COOKIE_MAC1_KEY_LABEL "mac1----"
-#define COOKIE_COOKIE_KEY_LABEL "cookie--"
-#define COOKIE_SECRET_MAX_AGE 120
-#define COOKIE_SECRET_LATENCY 5
-
-/* Constants for initiation rate limiting */
-#define RATELIMIT_SIZE (1 << 10)
-#define RATELIMIT_SIZE_MAX (RATELIMIT_SIZE * 8)
-#define NSEC_PER_SEC 1000000000LL
-#define INITIATIONS_PER_SECOND 50
-#define INITIATIONS_BURSTABLE 10
-#define INITIATION_COST (NSEC_PER_SEC / INITIATIONS_PER_SECOND)
-#define TOKEN_MAX (INITIATION_COST * INITIATIONS_BURSTABLE)
-#define ELEMENT_TIMEOUT 1
-#define IPV4_MASK_SIZE 4 /* Use all 4 bytes of IPv4 address */
-#define IPV6_MASK_SIZE 8 /* Use top 8 bytes (/64) of IPv6 address */
-
-struct cookie_macs {
- uint8_t mac1[COOKIE_MAC_SIZE];
- uint8_t mac2[COOKIE_MAC_SIZE];
-} __packed;
-
-struct ratelimit_entry {
- LIST_ENTRY(ratelimit_entry) r_entry;
- sa_family_t r_af;
- union {
- struct in_addr r_in;
- struct in6_addr r_in6;
- };
- struct timespec r_last_time; /* nanouptime */
- uint64_t r_tokens;
-};
-
-struct ratelimit {
- SIPHASH_KEY rl_secret;
- uma_zone_t rl_zone;
-
- struct rwlock rl_lock;
- LIST_HEAD(, ratelimit_entry) *rl_table;
- u_long rl_table_mask;
- size_t rl_table_num;
- struct timespec rl_last_gc; /* nanouptime */
-};
-
-struct cookie_maker {
- uint8_t cp_mac1_key[COOKIE_KEY_SIZE];
- uint8_t cp_cookie_key[COOKIE_KEY_SIZE];
-
- struct rwlock cp_lock;
- uint8_t cp_cookie[COOKIE_COOKIE_SIZE];
- struct timespec cp_birthdate; /* nanouptime */
- int cp_mac1_valid;
- uint8_t cp_mac1_last[COOKIE_MAC_SIZE];
-};
-
-struct cookie_checker {
- struct ratelimit cc_ratelimit;
-
- struct rwlock cc_key_lock;
- uint8_t cc_mac1_key[COOKIE_KEY_SIZE];
- uint8_t cc_cookie_key[COOKIE_KEY_SIZE];
-
- struct rwlock cc_secret_lock;
- struct timespec cc_secret_birthdate; /* nanouptime */
- uint8_t cc_secret[COOKIE_SECRET_SIZE];
-};
-
-void cookie_maker_init(struct cookie_maker *, const uint8_t[COOKIE_INPUT_SIZE]);
-int cookie_checker_init(struct cookie_checker *, uma_zone_t);
-void cookie_checker_update(struct cookie_checker *,
- uint8_t[COOKIE_INPUT_SIZE]);
-void cookie_checker_deinit(struct cookie_checker *);
-void cookie_checker_create_payload(struct cookie_checker *,
- struct cookie_macs *cm, uint8_t[COOKIE_XNONCE_SIZE],
- uint8_t [COOKIE_ENCRYPTED_SIZE], struct sockaddr *);
-int cookie_maker_consume_payload(struct cookie_maker *,
- uint8_t[COOKIE_XNONCE_SIZE], uint8_t[COOKIE_ENCRYPTED_SIZE]);
-void cookie_maker_mac(struct cookie_maker *, struct cookie_macs *,
- void *, size_t);
-int cookie_checker_validate_macs(struct cookie_checker *,
- struct cookie_macs *, void *, size_t, int, struct sockaddr *);
-
-#endif /* __COOKIE_H__ */
diff --git a/sys/dev/if_wg/include/sys/wg_module.h b/sys/dev/if_wg/include/sys/wg_module.h
deleted file mode 100644
index cc662104d640..000000000000
--- a/sys/dev/if_wg/include/sys/wg_module.h
+++ /dev/null
@@ -1,121 +0,0 @@
-/*-
- * SPDX-License-Identifier: BSD-2-Clause-FreeBSD
- *
- * Copyright (c) 2019-2020 Rubicon Communications, LLC (Netgate)
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- *
- * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * $FreeBSD$
- */
-#ifndef MODULE_H_
-#define MODULE_H_
-
-#include <sys/mbuf.h>
-#include <sys/socket.h>
-#include <net/if.h>
-#include <net/if_var.h>
-#include <sys/support.h>
-
-
-#include <sys/types.h>
-#include <sys/epoch.h>
-#include <sys/lock.h>
-#include <sys/mutex.h>
-
-
-
-#include <crypto/curve25519.h>
-#include <zinc/chacha20poly1305.h>
-#include <crypto/blake2s.h>
-
-
-enum noise_lengths {
- NOISE_PUBLIC_KEY_LEN = CURVE25519_KEY_SIZE,
- NOISE_SYMMETRIC_KEY_LEN = CHACHA20POLY1305_KEY_SIZE,
- NOISE_TIMESTAMP_LEN = sizeof(uint64_t) + sizeof(uint32_t),
- NOISE_AUTHTAG_LEN = CHACHA20POLY1305_AUTHTAG_SIZE,
- NOISE_HASH_LEN = BLAKE2S_HASH_SIZE
-};
-
-#define noise_encrypted_len(plain_len) ((plain_len) + NOISE_AUTHTAG_LEN)
-
-enum cookie_values {
- COOKIE_SECRET_MAX_AGE = 2 * 60,
- COOKIE_SECRET_LATENCY = 5,
- COOKIE_NONCE_LEN = XCHACHA20POLY1305_NONCE_SIZE,
- COOKIE_LEN = 16
-};
-
-enum limits {
- REKEY_TIMEOUT = 5,
- INITIATIONS_PER_SECOND = 50,
- MAX_PEERS_PER_DEVICE = 1U << 20,
- KEEPALIVE_TIMEOUT = 10,
- MAX_TIMER_HANDSHAKES = 90 / REKEY_TIMEOUT,
- MAX_QUEUED_INCOMING_HANDSHAKES = 4096, /* TODO: replace this with DQL */
- MAX_STAGED_PACKETS = 128,
- MAX_QUEUED_PACKETS = 1024 /* TODO: replace this with DQL */
-};
-
-#define zfree(addr, type) \
- do { \
- explicit_bzero(addr, sizeof(*addr)); \
- free(addr, type); \
- } while (0)
-
-struct crypt_queue {
- union {
- struct {
- int last_cpu;
- };
- };
-};
-
-#define __ATOMIC_LOAD_SIZE \
- ({ \
- switch (size) { \
- case 1: *(uint8_t *)res = *(volatile uint8_t *)p; break; \
- case 2: *(uint16_t *)res = *(volatile uint16_t *)p; break; \
- case 4: *(uint32_t *)res = *(volatile uint32_t *)p; break; \
- case 8: *(uint64_t *)res = *(volatile uint64_t *)p; break; \
- } \
-})
-
-static inline void
-__atomic_load_acq_size(volatile void *p, void *res, int size)
-{
- __ATOMIC_LOAD_SIZE;
-}
-
-#define atomic_load_acq(x) \
- ({ \
- union { __typeof(x) __val; char __c[1]; } __u; \
- __atomic_load_acq_size(&(x), __u.__c, sizeof(x)); \
- __u.__val; \
-})
-
-
-int wg_ctx_init(void);
-void wg_ctx_uninit(void);
-
-
-#endif
diff --git a/sys/dev/if_wg/include/sys/wg_noise.h b/sys/dev/if_wg/include/sys/wg_noise.h
deleted file mode 100644
index 40bdab515bc7..000000000000
--- a/sys/dev/if_wg/include/sys/wg_noise.h
+++ /dev/null
@@ -1,286 +0,0 @@
-/*
- * Copyright (C) 2015-2020 Jason A. Donenfeld <Jason@zx2c4.com>. All Rights Reserved.
- * Copyright (C) 2019-2020 Matt Dunwoodie <ncon@noconroy.net>
- *
- * Permission to use, copy, modify, and distribute this software for any
- * purpose with or without fee is hereby granted, provided that the above
- * copyright notice and this permission notice appear in all copies.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
- * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
- * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
- * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
- * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
- * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
- * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
- *
- * ======== wg_noise.h ========
- *
- * This file provides a thread safe interface to the Noise protocol as used in
- * WireGuard. The three user facing components are:
- *
- * * noise_local
- * Stores the local state for a noise peer.
- * * noise_remote
- * Stores the remote state for a noise peer.
- * * noise_upcall
- * Stores callback routines for index and peers
- *
- * Additionally a noise_counter, which is invsible to the user is used to track
- * message nonces, to prevent message replay.
- *
- * This module uses Curve25519 for asymmetric crypto, and ChaCha20Poly1305 for
- * symmetric crypto. The handshake uses ephemeral keys, which provide perfect
- * forward secrecy. Keys are NOISE_KEY_SIZE (32) bytes long and can be
- * generated with a CSRNG. While this module will clamp the key to form a valid
- * Curve25519 key, it is recommended that keys are stored in Curve25519 form to
- * preserve interoperability with other systems. Additionally, there is an
- * optional PresharedKey of length NOISE_PSK_SIZE (also 32 bytes), which when
- * used, will provide protection against known quantum attacks. Without it,
- * Curve25519 is broken by Shor's algorithm.
- *
- * -------- noise_local --------
- *
- * void noise_local_init(noise_local *, noise_upcall *)
- * - Initialise noise_local, should only be called once and before use.
- *
- * int noise_local_set_private(noise_local *, uint8_t *private)
- * - Set the local private key. This will also calculate the corresponding
- * public key.
- *
- * int noise_local_keys(noise_local *, uint8_t *public, uint8_t *private)
- * - Get the local keys. It will ensure that a key has been set and if
- * not, will return ENXIO.
- *
- * -------- noise_remote --------
- *
- * void noise_remote_init(noise_remote *, uint8_t *public)
- * - Initialise noise_local, should only be called once and before use. Key
- * must be provided and it cannot be changed once set.
- *
- * void noise_remote_set_psk(noise_remote *, uint8_t *psk)
- * - Set the shared key. To remove the shared key, set a key of all 0x00.
- *
- * void noise_remote_keys(noise_remote *, uint8_t *public, uint8_t *psk)
- * - Get the remote keys.
- *
- * -------- noise_upcall --------
- *
- * The noise_upcall struct is used to lookup incoming public keys, as well as
- * allocate and deallocate index for a remote. The allocation and deallocation
- * are serialised per noise_remote and guaranteed to only have 3 allocated
- * indexes at once.
- *
- * u_arg - passed to callback functions as void *
- * u_get_remote - lookup noise_remote based on public key.
- * u_set_index - allocate index for noise_remote. any further packets that
- * arrive with this index should be passed to noise_* functions
- * with the corresponding noise_remote.
- * u_drop_index - dealloate index passed to callback.
- *
- * -------- crypto --------
- *
- * The following functions are used for the crypto side of things:
- *
- * int noise_create_initiation(noise_remote *, noise_initiation *)
- * int noise_consume_initiation(noise_local *, noise_remote **, noise_initiation *)
- * int noise_create_response(noise_remote *, noise_response *)
- * int noise_consume_response(noise_remote *, noise_response *)
- *
- * int noise_remote_promote(noise_remote *)
- * void noise_remote_clear(noise_remote *)
- * void noise_remote_expire_current(noise_remote *)
- * int noise_remote_encrypt(noise_remote *, noise_data *, size_t)
- * int noise_remote_decrypt(noise_remote *, noise_data *, size_t)
- *
- * $FreeBSD$
- */
-
-#ifndef __NOISE_H__
-#define __NOISE_H__
-
-#include <sys/types.h>
-#include <sys/time.h>
-#include <sys/rwlock.h>
-#include <sys/support.h>
-
-#include <crypto/blake2s.h>
-#include <zinc/chacha20poly1305.h>
-#include <crypto/curve25519.h>
-
-#define NOISE_KEY_SIZE CURVE25519_KEY_SIZE
-#define NOISE_PSK_SIZE 32
-#define NOISE_MAC_SIZE CHACHA20POLY1305_AUTHTAG_SIZE
-#define NOISE_HASH_SIZE BLAKE2S_HASH_SIZE
-#define NOISE_SYMMETRIC_SIZE CHACHA20POLY1305_KEY_SIZE
-#define NOISE_TIMESTAMP_SIZE 12
-
-/* Protocol string constants */
-#define NOISE_HANDSHAKE_NAME "Noise_IKpsk2_25519_ChaChaPoly_BLAKE2s"
-#define NOISE_IDENTIFIER_NAME "WireGuard v1 zx2c4 Jason@zx2c4.com"
-
-/* Constants for the counter */
-#define COUNTER_TYPE size_t
-#define COUNTER_BITS_TOTAL 512
-#define COUNTER_TYPE_BITS (sizeof(COUNTER_TYPE) * 8)
-#define COUNTER_TYPE_NUM (COUNTER_BITS_TOTAL / COUNTER_TYPE_BITS)
-#define COUNTER_WINDOW_SIZE (COUNTER_BITS_TOTAL - COUNTER_TYPE_BITS)
-
-/* Constants for the keypair */
-#define REKEY_AFTER_MESSAGES (1ull << 60)
-#define REJECT_AFTER_MESSAGES (UINT64_MAX - COUNTER_WINDOW_SIZE - 1)
-#define REKEY_AFTER_TIME 120
-#define REKEY_AFTER_TIME_RECV 165
-#define REJECT_AFTER_TIME 180
-#define REJECT_INTERVAL (1000000000 / 50) /* fifty times per sec */
-/* 24 = floor(log2(REJECT_INTERVAL)) */
-#define REJECT_INTERVAL_MASK (~((1ull<<24)-1))
-
-enum noise_state_hs {
- HS_ZEROED = 0,
- CREATED_INITIATION,
- CONSUMED_INITIATION,
- CREATED_RESPONSE,
- CONSUMED_RESPONSE,
-};
-
-struct noise_handshake {
- enum noise_state_hs hs_state;
- uint32_t hs_local_index;
- uint32_t hs_remote_index;
- uint8_t hs_e[NOISE_KEY_SIZE];
- uint8_t hs_hash[NOISE_HASH_SIZE];
- uint8_t hs_ck[NOISE_HASH_SIZE];
-};
-
-struct noise_counter {
- struct rwlock c_lock;
- uint64_t c_send;
- uint64_t c_recv;
- COUNTER_TYPE c_backtrack[COUNTER_TYPE_NUM];
-};
-
-enum noise_state_kp {
- KP_ZEROED = 0,
- INITIATOR,
- RESPONDER,
-};
-
-struct noise_keypair {
- SLIST_ENTRY(noise_keypair) kp_entry;
- int kp_valid;
- int kp_is_initiator;
- uint32_t kp_local_index;
- uint32_t kp_remote_index;
- uint8_t kp_send[NOISE_SYMMETRIC_SIZE];
- uint8_t kp_recv[NOISE_SYMMETRIC_SIZE];
- struct timespec kp_birthdate; /* nanouptime */
- struct noise_counter kp_ctr;
-};
-
-struct noise_remote {
- uint8_t r_public[NOISE_KEY_SIZE];
- struct noise_local *r_local;
- uint8_t r_ss[NOISE_KEY_SIZE];
-
- struct rwlock r_handshake_lock;
- struct noise_handshake r_handshake;
- uint8_t r_psk[NOISE_PSK_SIZE];
- uint8_t r_timestamp[NOISE_TIMESTAMP_SIZE];
- struct timespec r_last_init; /* nanouptime */
-
- struct rwlock r_keypair_lock;
- SLIST_HEAD(,noise_keypair) r_unused_keypairs;
- struct noise_keypair *r_next, *r_current, *r_previous;
- struct noise_keypair r_keypair[3]; /* 3: next, current, previous. */
-
-};
-
-struct noise_local {
- struct rwlock l_identity_lock;
- int l_has_identity;
- uint8_t l_public[NOISE_KEY_SIZE];
- uint8_t l_private[NOISE_KEY_SIZE];
-
- struct noise_upcall {
- void *u_arg;
- struct noise_remote *
- (*u_remote_get)(void *, uint8_t[NOISE_KEY_SIZE]);
- uint32_t
- (*u_index_set)(void *, struct noise_remote *);
- void (*u_index_drop)(void *, uint32_t);
- } l_upcall;
-};
-
-struct noise_initiation {
- uint32_t s_idx;
- uint8_t ue[NOISE_KEY_SIZE];
- uint8_t es[NOISE_KEY_SIZE + NOISE_MAC_SIZE];
- uint8_t ets[NOISE_TIMESTAMP_SIZE + NOISE_MAC_SIZE];
-} __packed;
-
-struct noise_response {
- uint32_t s_idx;
- uint32_t r_idx;
- uint8_t ue[NOISE_KEY_SIZE];
- uint8_t en[0 + NOISE_MAC_SIZE];
-} __packed;
-
-struct noise_data {
- uint32_t r_idx;
- uint64_t nonce;
- uint8_t buf[];
-} __packed;
-
-
-/* Set/Get noise parameters */
-void noise_local_init(struct noise_local *, struct noise_upcall *);
-void noise_local_lock_identity(struct noise_local *);
-void noise_local_unlock_identity(struct noise_local *);
-int noise_local_set_private(struct noise_local *, uint8_t[NOISE_KEY_SIZE]);
-int noise_local_keys(struct noise_local *, uint8_t[NOISE_KEY_SIZE],
- uint8_t[NOISE_KEY_SIZE]);
-
-void noise_remote_init(struct noise_remote *, const uint8_t[NOISE_KEY_SIZE],
- struct noise_local *);
-int noise_remote_set_psk(struct noise_remote *, const uint8_t[NOISE_PSK_SIZE]);
-int noise_remote_keys(struct noise_remote *, uint8_t[NOISE_KEY_SIZE],
- uint8_t[NOISE_PSK_SIZE]);
-
-/* Should be called anytime noise_local_set_private is called */
-void noise_remote_precompute(struct noise_remote *);
-
-/* Cryptographic functions */
-int noise_create_initiation(
- struct noise_remote *,
- struct noise_initiation *);
-
-int noise_consume_initiation(
- struct noise_local *,
- struct noise_remote **,
- struct noise_initiation *);
-
-int noise_create_response(
- struct noise_remote *,
- struct noise_response *);
-
-int noise_consume_response(
- struct noise_remote *,
- struct noise_response *);
-
- int noise_remote_begin_session(struct noise_remote *);
-void noise_remote_clear(struct noise_remote *);
-void noise_remote_expire_current(struct noise_remote *);
-
-int noise_remote_ready(struct noise_remote *);
-
-int noise_remote_encrypt(
- struct noise_remote *,
- struct noise_data *,
- size_t);
-int noise_remote_decrypt(
- struct noise_remote *,
- struct noise_data *,
- size_t);
-
-#endif /* __NOISE_H__ */
diff --git a/sys/dev/if_wg/include/zinc/blake2s.h b/sys/dev/if_wg/include/zinc/blake2s.h
deleted file mode 100644
index e87bfdbc9f6d..000000000000
--- a/sys/dev/if_wg/include/zinc/blake2s.h
+++ /dev/null
@@ -1,50 +0,0 @@
-/* SPDX-License-Identifier: GPL-2.0 OR MIT */
-/*
- * Copyright (C) 2015-2019 Jason A. Donenfeld <Jason@zx2c4.com>. All Rights Reserved.
- */
-
-#ifndef _ZINC_BLAKE2S_H
-#define _ZINC_BLAKE2S_H
-
-#include <sys/types.h>
-
-enum blake2s_lengths {
- BLAKE2S_BLOCK_SIZE = 64,
- BLAKE2S_HASH_SIZE = 32,
- BLAKE2S_KEY_SIZE = 32
-};
-
-struct blake2s_state {
- uint32_t h[8];
- uint32_t t[2];
- uint32_t f[2];
- uint8_t buf[BLAKE2S_BLOCK_SIZE];
- unsigned int buflen;
- unsigned int outlen;
-};
-
-void blake2s_init(struct blake2s_state *state, const size_t outlen);
-void blake2s_init_key(struct blake2s_state *state, const size_t outlen,
- const void *key, const size_t keylen);
-void blake2s_update(struct blake2s_state *state, const uint8_t *in, size_t inlen);
-//void blake2s_final(struct blake2s_state *state, uint8_t *out);
-
-static inline void blake2s(uint8_t *out, const uint8_t *in, const uint8_t *key,
- const size_t outlen, const size_t inlen,
- const size_t keylen)
-{
- struct blake2s_state state;
-
- if (keylen)
- blake2s_init_key(&state, outlen, key, keylen);
- else
- blake2s_init(&state, outlen);
-
- blake2s_update(&state, in, inlen);
- blake2s_final(&state, out);
-}
-
-void blake2s_hmac(uint8_t *out, const uint8_t *in, const uint8_t *key, const size_t outlen,
- const size_t inlen, const size_t keylen);
-
-#endif /* _ZINC_BLAKE2S_H */
diff --git a/sys/dev/if_wg/include/zinc/chacha20.h b/sys/dev/if_wg/include/zinc/chacha20.h
deleted file mode 100644
index 1a9524bdfe85..000000000000
--- a/sys/dev/if_wg/include/zinc/chacha20.h
+++ /dev/null
@@ -1,68 +0,0 @@
-/* SPDX-License-Identifier: GPL-2.0 OR MIT */
-/*
- * Copyright (C) 2015-2019 Jason A. Donenfeld <Jason@zx2c4.com>. All Rights Reserved.
- */
-
-#ifndef _ZINC_CHACHA20_H
-#define _ZINC_CHACHA20_H
-
-#include <sys/param.h>
-#include <sys/support.h>
-
-enum chacha20_lengths {
- CHACHA20_NONCE_SIZE = 16,
- CHACHA20_KEY_SIZE = 32,
- CHACHA20_KEY_WORDS = CHACHA20_KEY_SIZE / sizeof(u32),
- CHACHA20_BLOCK_SIZE = 64,
- CHACHA20_BLOCK_WORDS = CHACHA20_BLOCK_SIZE / sizeof(u32),
- HCHACHA20_NONCE_SIZE = CHACHA20_NONCE_SIZE,
- HCHACHA20_KEY_SIZE = CHACHA20_KEY_SIZE
-};
-
-enum chacha20_constants { /* expand 32-byte k */
- CHACHA20_CONSTANT_EXPA = 0x61707865U,
- CHACHA20_CONSTANT_ND_3 = 0x3320646eU,
- CHACHA20_CONSTANT_2_BY = 0x79622d32U,
- CHACHA20_CONSTANT_TE_K = 0x6b206574U
-};
-
-struct chacha20_ctx {
- union {
- u32 state[16];
- struct {
- u32 constant[4];
- u32 key[8];
- u32 counter[4];
- };
- };
-};
-
-static inline void chacha20_init(struct chacha20_ctx *ctx,
- const u8 key[CHACHA20_KEY_SIZE],
- const u64 nonce)
-{
- ctx->constant[0] = CHACHA20_CONSTANT_EXPA;
- ctx->constant[1] = CHACHA20_CONSTANT_ND_3;
- ctx->constant[2] = CHACHA20_CONSTANT_2_BY;
- ctx->constant[3] = CHACHA20_CONSTANT_TE_K;
- ctx->key[0] = get_unaligned_le32(key + 0);
- ctx->key[1] = get_unaligned_le32(key + 4);
- ctx->key[2] = get_unaligned_le32(key + 8);
- ctx->key[3] = get_unaligned_le32(key + 12);
- ctx->key[4] = get_unaligned_le32(key + 16);
- ctx->key[5] = get_unaligned_le32(key + 20);
- ctx->key[6] = get_unaligned_le32(key + 24);
- ctx->key[7] = get_unaligned_le32(key + 28);
- ctx->counter[0] = 0;
- ctx->counter[1] = 0;
- ctx->counter[2] = nonce & U32_MAX;
- ctx->counter[3] = nonce >> 32;
-}
-void chacha20(struct chacha20_ctx *ctx, u8 *dst, const u8 *src, u32 len,
- simd_context_t *simd_context);
-
-void hchacha20(u32 derived_key[CHACHA20_KEY_WORDS],
- const u8 nonce[HCHACHA20_NONCE_SIZE],
- const u8 key[HCHACHA20_KEY_SIZE], simd_context_t *simd_context);
-
-#endif /* _ZINC_CHACHA20_H */
diff --git a/sys/dev/if_wg/include/zinc/chacha20poly1305.h b/sys/dev/if_wg/include/zinc/chacha20poly1305.h
deleted file mode 100644
index 2d18b0fc3e82..000000000000
--- a/sys/dev/if_wg/include/zinc/chacha20poly1305.h
+++ /dev/null
@@ -1,48 +0,0 @@
-/* SPDX-License-Identifier: GPL-2.0 OR MIT */
-/*
- * Copyright (C) 2015-2019 Jason A. Donenfeld <Jason@zx2c4.com>. All Rights Reserved.
- */
-
-#ifndef _ZINC_CHACHA20POLY1305_H
-#define _ZINC_CHACHA20POLY1305_H
-
-#include <sys/types.h>
-
-struct scatterlist;
-
-enum chacha20poly1305_lengths {
- XCHACHA20POLY1305_NONCE_SIZE = 24,
- CHACHA20POLY1305_KEY_SIZE = 32,
- CHACHA20POLY1305_AUTHTAG_SIZE = 16
-};
-
-void chacha20poly1305_encrypt(uint8_t *dst, const uint8_t *src, const size_t src_len,
- const uint8_t *ad, const size_t ad_len,
- const uint64_t nonce,
- const uint8_t key[CHACHA20POLY1305_KEY_SIZE]);
-
-bool chacha20poly1305_encrypt_sg_inplace(
- struct scatterlist *src, const size_t src_len, const uint8_t *ad,
- const size_t ad_len, const uint64_t nonce,
- const uint8_t key[CHACHA20POLY1305_KEY_SIZE], simd_context_t *simd_context);
-
-bool chacha20poly1305_decrypt(uint8_t *dst, const uint8_t *src, const size_t src_len,
- const uint8_t *ad, const size_t ad_len, const uint64_t nonce,
- const uint8_t key[CHACHA20POLY1305_KEY_SIZE]);
-
-bool chacha20poly1305_decrypt_sg_inplace(
- struct scatterlist *src, size_t src_len, const uint8_t *ad,
- const size_t ad_len, const uint64_t nonce,
- const uint8_t key[CHACHA20POLY1305_KEY_SIZE], simd_context_t *simd_context);
-
-void xchacha20poly1305_encrypt(uint8_t *dst, const uint8_t *src, const size_t src_len,
- const uint8_t *ad, const size_t ad_len,
- const uint8_t nonce[XCHACHA20POLY1305_NONCE_SIZE],
- const uint8_t key[CHACHA20POLY1305_KEY_SIZE]);
-
-bool xchacha20poly1305_decrypt(
- uint8_t *dst, const uint8_t *src, const size_t src_len, const uint8_t *ad,
- const size_t ad_len, const uint8_t nonce[XCHACHA20POLY1305_NONCE_SIZE],
- const uint8_t key[CHACHA20POLY1305_KEY_SIZE]);
-
-#endif /* _ZINC_CHACHA20POLY1305_H */
diff --git a/sys/dev/if_wg/include/zinc/curve25519.h b/sys/dev/if_wg/include/zinc/curve25519.h
deleted file mode 100644
index aa32359462da..000000000000
--- a/sys/dev/if_wg/include/zinc/curve25519.h
+++ /dev/null
@@ -1,28 +0,0 @@
-/* SPDX-License-Identifier: GPL-2.0 OR MIT */
-/*
- * Copyright (C) 2015-2019 Jason A. Donenfeld <Jason@zx2c4.com>. All Rights Reserved.
- */
-
-#ifndef _ZINC_CURVE25519_H
-#define _ZINC_CURVE25519_H
-
-#include <sys/types.h>
-
-enum curve25519_lengths {
- CURVE25519_KEY_SIZE = 32
-};
-
-bool curve25519(uint8_t mypublic[CURVE25519_KEY_SIZE],
- const uint8_t secret[CURVE25519_KEY_SIZE],
- const uint8_t basepoint[CURVE25519_KEY_SIZE]);
-void curve25519_generate_secret(uint8_t secret[CURVE25519_KEY_SIZE]);
-bool curve25519_generate_public(
- uint8_t pub[CURVE25519_KEY_SIZE], const uint8_t secret[CURVE25519_KEY_SIZE]);
-
-static inline void curve25519_clamp_secret(uint8_t secret[CURVE25519_KEY_SIZE])
-{
- secret[0] &= 248;
- secret[31] = (secret[31] & 127) | 64;
-}
-
-#endif /* _ZINC_CURVE25519_H */
diff --git a/sys/dev/if_wg/include/zinc/poly1305.h b/sys/dev/if_wg/include/zinc/poly1305.h
deleted file mode 100644
index ca4cc60b41b3..000000000000
--- a/sys/dev/if_wg/include/zinc/poly1305.h
+++ /dev/null
@@ -1,29 +0,0 @@
-/* SPDX-License-Identifier: GPL-2.0 OR MIT */
-/*
- * Copyright (C) 2015-2019 Jason A. Donenfeld <Jason@zx2c4.com>. All Rights Reserved.
- */
-
-#ifndef _ZINC_POLY1305_H
-#define _ZINC_POLY1305_H
-
-
-enum poly1305_lengths {
- POLY1305_BLOCK_SIZE = 16,
- POLY1305_KEY_SIZE = 32,
- POLY1305_MAC_SIZE = 16
-};
-
-struct poly1305_ctx {
- u8 opaque[24 * sizeof(u64)];
- u32 nonce[4];
- u8 data[POLY1305_BLOCK_SIZE];
- size_t num;
-} __aligned(8);
-
-void poly1305_init(struct poly1305_ctx *ctx, const u8 key[POLY1305_KEY_SIZE]);
-void poly1305_update(struct poly1305_ctx *ctx, const u8 *input, size_t len,
- simd_context_t *simd_context);
-void poly1305_final(struct poly1305_ctx *ctx, u8 mac[POLY1305_MAC_SIZE],
- simd_context_t *simd_context);
-
-#endif /* _ZINC_POLY1305_H */