Jason A. Donenfeld | e7096c1 | 2019-12-09 00:27:34 +0100 | [diff] [blame] | 1 | /* SPDX-License-Identifier: GPL-2.0 */ |
| 2 | /* |
| 3 | * Copyright (C) 2015-2019 Jason A. Donenfeld <Jason@zx2c4.com>. All Rights Reserved. |
| 4 | */ |
| 5 | |
| 6 | #ifndef _WG_COOKIE_H |
| 7 | #define _WG_COOKIE_H |
| 8 | |
| 9 | #include "messages.h" |
| 10 | #include <linux/rwsem.h> |
| 11 | |
| 12 | struct wg_peer; |
| 13 | |
| 14 | struct cookie_checker { |
| 15 | u8 secret[NOISE_HASH_LEN]; |
| 16 | u8 cookie_encryption_key[NOISE_SYMMETRIC_KEY_LEN]; |
| 17 | u8 message_mac1_key[NOISE_SYMMETRIC_KEY_LEN]; |
| 18 | u64 secret_birthdate; |
| 19 | struct rw_semaphore secret_lock; |
| 20 | struct wg_device *device; |
| 21 | }; |
| 22 | |
| 23 | struct cookie { |
| 24 | u64 birthdate; |
| 25 | bool is_valid; |
| 26 | u8 cookie[COOKIE_LEN]; |
| 27 | bool have_sent_mac1; |
| 28 | u8 last_mac1_sent[COOKIE_LEN]; |
| 29 | u8 cookie_decryption_key[NOISE_SYMMETRIC_KEY_LEN]; |
| 30 | u8 message_mac1_key[NOISE_SYMMETRIC_KEY_LEN]; |
| 31 | struct rw_semaphore lock; |
| 32 | }; |
| 33 | |
| 34 | enum cookie_mac_state { |
| 35 | INVALID_MAC, |
| 36 | VALID_MAC_BUT_NO_COOKIE, |
| 37 | VALID_MAC_WITH_COOKIE_BUT_RATELIMITED, |
| 38 | VALID_MAC_WITH_COOKIE |
| 39 | }; |
| 40 | |
| 41 | void wg_cookie_checker_init(struct cookie_checker *checker, |
| 42 | struct wg_device *wg); |
| 43 | void wg_cookie_checker_precompute_device_keys(struct cookie_checker *checker); |
| 44 | void wg_cookie_checker_precompute_peer_keys(struct wg_peer *peer); |
| 45 | void wg_cookie_init(struct cookie *cookie); |
| 46 | |
| 47 | enum cookie_mac_state wg_cookie_validate_packet(struct cookie_checker *checker, |
| 48 | struct sk_buff *skb, |
| 49 | bool check_cookie); |
| 50 | void wg_cookie_add_mac_to_packet(void *message, size_t len, |
| 51 | struct wg_peer *peer); |
| 52 | |
| 53 | void wg_cookie_message_create(struct message_handshake_cookie *src, |
| 54 | struct sk_buff *skb, __le32 index, |
| 55 | struct cookie_checker *checker); |
| 56 | void wg_cookie_message_consume(struct message_handshake_cookie *src, |
| 57 | struct wg_device *wg); |
| 58 | |
| 59 | #endif /* _WG_COOKIE_H */ |