net: wg: Make getting current time extensible

jukkar · jukkar · commit c71c299173f3 · 2025-03-23T16:20:06.000+02:00
Allow user to provide a function that will need to get
the current time from a RTC or SNTP or similar.
Wireguard handshake replay prevention needs a monotonic
time so the application should get it from somewhere.

Signed-off-by: Jukka Rissanen &lt;jukka.rissanen@nordicsemi.no&gt;
diff --git a/include/zephyr/net/wireguard.h b/include/zephyr/net/wireguard.h
@@ -201,6 +201,22 @@ int wireguard_peer_remove(int peer_id);
  */
 int wireguard_peer_keepalive(int peer_id);
 
+/**
+ * @brief Get current time in seconds and nanoseconds from Unix epoch
+ *
+ * @details This function is used to get the current time in seconds
+ *          and nanoseconds. The time is used to calculate the timestamp
+ *          in the Wireguard handshake. User can override this function
+ *          to provide the current time. The default implementation uses
+ *          k_uptime_get() to get the current time.
+ *
+ * @param seconds Pointer to store the current time in seconds.
+ * @param nanoseconds Pointer to store the current time in nanoseconds.
+ *
+ * @return 0 on success, a negative errno otherwise.
+ */
+int wireguard_get_current_time(uint64_t *seconds, uint32_t *nanoseconds);
+
 #ifdef __cplusplus
 }
 #endif
diff --git a/subsys/net/lib/wireguard/wg.c b/subsys/net/lib/wireguard/wg.c
@@ -2209,3 +2209,16 @@ static int wg_stats_get(uint32_t mgmt_request, struct net_if *iface,
 NET_MGMT_REGISTER_REQUEST_HANDLER(NET_REQUEST_STATS_GET_VPN, wg_stats_get);
 
 #endif /* CONFIG_NET_STATISTICS_USER_API && CONFIG_NET_STATISTICS_VPN */
+
+static int get_current_time(uint64_t *seconds, uint32_t *nanoseconds)
+{
+	uint64_t millis = k_uptime_get();
+
+	*seconds = millis / MSEC_PER_SEC;
+	*nanoseconds = (millis % MSEC_PER_SEC) * NSEC_PER_MSEC;
+
+	return 0;
+}
+
+/* Declare a default function but allow the user to override it */
+__weak FUNC_ALIAS(get_current_time, wireguard_get_current_time, int);
diff --git a/subsys/net/lib/wireguard/wg_crypto.c b/subsys/net/lib/wireguard/wg_crypto.c
@@ -46,14 +46,21 @@ void wg_tai64n_now(uint8_t *output)
 	 * 64 bit seconds from 1970 = 8 bytes
 	 * 32 bit nano seconds from current second
 	 */
-	uint64_t millis = k_ticks_to_ms_floor64(sys_clock_tick_get());
+	uint64_t seconds;
+	uint32_t nanoseconds;
+	int ret;
+
+	ret = wireguard_get_current_time(&seconds, &nanoseconds);
+	if (ret < 0) {
+		NET_DBG("Failed to get current time");
+		return;
+	}
 
-	/* Split into seconds offset + nanos */
-	uint64_t seconds = 0x400000000000000aULL + (millis / 1000);
-	uint32_t nanos = (millis % 1000) * 1000;
+	/* Seconds in TAI64N format */
+	seconds += 0x400000000000000aULL;
 
 	sys_put_be64(seconds, output);
-	sys_put_be32(nanos, output + 8U);
+	sys_put_be32(nanoseconds, output + 8U);
 }
 
 static void wg_mac(uint8_t *dst, const void *message, size_t len,
