1 | /* SPDX-License-Identifier: GPL-2.0 */ |
2 | /* |
3 | * Copyright (C) 2015-2019 Jason A. Donenfeld <Jason@zx2c4.com>. All Rights Reserved. |
4 | */ |
5 | |
6 | #ifndef _WG_COOKIE_H |
7 | #define _WG_COOKIE_H |
8 | |
9 | #include "messages.h" |
10 | #include <linux/rwsem.h> |
11 | |
12 | struct wg_peer; |
13 | |
14 | struct cookie_checker { |
15 | u8 secret[NOISE_HASH_LEN]; |
16 | u8 cookie_encryption_key[NOISE_SYMMETRIC_KEY_LEN]; |
17 | u8 message_mac1_key[NOISE_SYMMETRIC_KEY_LEN]; |
18 | u64 secret_birthdate; |
19 | struct rw_semaphore secret_lock; |
20 | struct wg_device *device; |
21 | }; |
22 | |
23 | struct cookie { |
24 | u64 birthdate; |
25 | bool is_valid; |
26 | u8 cookie[COOKIE_LEN]; |
27 | bool have_sent_mac1; |
28 | u8 last_mac1_sent[COOKIE_LEN]; |
29 | u8 cookie_decryption_key[NOISE_SYMMETRIC_KEY_LEN]; |
30 | u8 message_mac1_key[NOISE_SYMMETRIC_KEY_LEN]; |
31 | struct rw_semaphore lock; |
32 | }; |
33 | |
34 | enum cookie_mac_state { |
35 | INVALID_MAC, |
36 | VALID_MAC_BUT_NO_COOKIE, |
37 | VALID_MAC_WITH_COOKIE_BUT_RATELIMITED, |
38 | VALID_MAC_WITH_COOKIE |
39 | }; |
40 | |
41 | void wg_cookie_checker_init(struct cookie_checker *checker, |
42 | struct wg_device *wg); |
43 | void wg_cookie_checker_precompute_device_keys(struct cookie_checker *checker); |
44 | void wg_cookie_checker_precompute_peer_keys(struct wg_peer *peer); |
45 | void wg_cookie_init(struct cookie *cookie); |
46 | |
47 | enum cookie_mac_state wg_cookie_validate_packet(struct cookie_checker *checker, |
48 | struct sk_buff *skb, |
49 | bool check_cookie); |
50 | void wg_cookie_add_mac_to_packet(void *message, size_t len, |
51 | struct wg_peer *peer); |
52 | |
53 | void wg_cookie_message_create(struct message_handshake_cookie *src, |
54 | struct sk_buff *skb, __le32 index, |
55 | struct cookie_checker *checker); |
56 | void wg_cookie_message_consume(struct message_handshake_cookie *src, |
57 | struct wg_device *wg); |
58 | |
59 | #endif /* _WG_COOKIE_H */ |
60 | |