xref: /freebsd/sys/dev/wg/wg_cookie.h (revision 744bfb213144c63cbaf38d91a1c4f7aebb9b9fbc) 
1 /* SPDX-License-Identifier: ISC
2  *
3  * Copyright (C) 2015-2021 Jason A. Donenfeld <Jason@zx2c4.com>. All Rights Reserved.
4  * Copyright (C) 2019-2021 Matt Dunwoodie <ncon@noconroy.net>
5  */
6 
7 #ifndef __COOKIE_H__
8 #define __COOKIE_H__
9 
10 #include "crypto.h"
11 
12 #define COOKIE_MAC_SIZE		16
13 #define COOKIE_KEY_SIZE		32
14 #define COOKIE_NONCE_SIZE	XCHACHA20POLY1305_NONCE_SIZE
15 #define COOKIE_COOKIE_SIZE	16
16 #define COOKIE_SECRET_SIZE	32
17 #define COOKIE_INPUT_SIZE	32
18 #define COOKIE_ENCRYPTED_SIZE	(COOKIE_COOKIE_SIZE + COOKIE_MAC_SIZE)
19 
20 struct vnet;
21 
22 struct cookie_macs {
23 	uint8_t	mac1[COOKIE_MAC_SIZE];
24 	uint8_t	mac2[COOKIE_MAC_SIZE];
25 };
26 
27 struct cookie_maker {
28 	uint8_t		cm_mac1_key[COOKIE_KEY_SIZE];
29 	uint8_t		cm_cookie_key[COOKIE_KEY_SIZE];
30 
31 	struct rwlock	cm_lock;
32 	bool		cm_cookie_valid;
33 	uint8_t		cm_cookie[COOKIE_COOKIE_SIZE];
34 	sbintime_t	cm_cookie_birthdate;	/* sbinuptime */
35 	bool		cm_mac1_sent;
36 	uint8_t		cm_mac1_last[COOKIE_MAC_SIZE];
37 };
38 
39 struct cookie_checker {
40 	struct rwlock	cc_key_lock;
41 	uint8_t		cc_mac1_key[COOKIE_KEY_SIZE];
42 	uint8_t		cc_cookie_key[COOKIE_KEY_SIZE];
43 
44 	struct mtx	cc_secret_mtx;
45 	sbintime_t	cc_secret_birthdate;	/* sbinuptime */
46 	uint8_t		cc_secret[COOKIE_SECRET_SIZE];
47 };
48 
49 int	cookie_init(void);
50 void	cookie_deinit(void);
51 void	cookie_checker_init(struct cookie_checker *);
52 void	cookie_checker_free(struct cookie_checker *);
53 void	cookie_checker_update(struct cookie_checker *,
54 	    const uint8_t[COOKIE_INPUT_SIZE]);
55 void	cookie_checker_create_payload(struct cookie_checker *,
56 	    struct cookie_macs *cm, uint8_t[COOKIE_NONCE_SIZE],
57 	    uint8_t [COOKIE_ENCRYPTED_SIZE], struct sockaddr *);
58 void	cookie_maker_init(struct cookie_maker *, const uint8_t[COOKIE_INPUT_SIZE]);
59 void	cookie_maker_free(struct cookie_maker *);
60 int	cookie_maker_consume_payload(struct cookie_maker *,
61 	    uint8_t[COOKIE_NONCE_SIZE], uint8_t[COOKIE_ENCRYPTED_SIZE]);
62 void	cookie_maker_mac(struct cookie_maker *, struct cookie_macs *,
63 	    void *, size_t);
64 int	cookie_checker_validate_macs(struct cookie_checker *,
65 	    struct cookie_macs *, void *, size_t, bool, struct sockaddr *,
66 	    struct vnet *);
67 
68 #ifdef SELFTESTS
69 bool	cookie_selftest(void);
70 #endif /* SELFTESTS */
71 
72 #endif /* __COOKIE_H__ */
73