cookie.h (1653B)
1/* SPDX-License-Identifier: GPL-2.0 */ 2/* 3 * Copyright (C) 2015-2019 Jason A. Donenfeld <Jason@zx2c4.com>. All Rights Reserved. 4 */ 5 6#ifndef _WG_COOKIE_H 7#define _WG_COOKIE_H 8 9#include "messages.h" 10#include <linux/rwsem.h> 11 12struct wg_peer; 13 14struct cookie_checker { 15 u8 secret[NOISE_HASH_LEN]; 16 u8 cookie_encryption_key[NOISE_SYMMETRIC_KEY_LEN]; 17 u8 message_mac1_key[NOISE_SYMMETRIC_KEY_LEN]; 18 u64 secret_birthdate; 19 struct rw_semaphore secret_lock; 20 struct wg_device *device; 21}; 22 23struct cookie { 24 u64 birthdate; 25 bool is_valid; 26 u8 cookie[COOKIE_LEN]; 27 bool have_sent_mac1; 28 u8 last_mac1_sent[COOKIE_LEN]; 29 u8 cookie_decryption_key[NOISE_SYMMETRIC_KEY_LEN]; 30 u8 message_mac1_key[NOISE_SYMMETRIC_KEY_LEN]; 31 struct rw_semaphore lock; 32}; 33 34enum cookie_mac_state { 35 INVALID_MAC, 36 VALID_MAC_BUT_NO_COOKIE, 37 VALID_MAC_WITH_COOKIE_BUT_RATELIMITED, 38 VALID_MAC_WITH_COOKIE 39}; 40 41void wg_cookie_checker_init(struct cookie_checker *checker, 42 struct wg_device *wg); 43void wg_cookie_checker_precompute_device_keys(struct cookie_checker *checker); 44void wg_cookie_checker_precompute_peer_keys(struct wg_peer *peer); 45void wg_cookie_init(struct cookie *cookie); 46 47enum cookie_mac_state wg_cookie_validate_packet(struct cookie_checker *checker, 48 struct sk_buff *skb, 49 bool check_cookie); 50void wg_cookie_add_mac_to_packet(void *message, size_t len, 51 struct wg_peer *peer); 52 53void wg_cookie_message_create(struct message_handshake_cookie *src, 54 struct sk_buff *skb, __le32 index, 55 struct cookie_checker *checker); 56void wg_cookie_message_consume(struct message_handshake_cookie *src, 57 struct wg_device *wg); 58 59#endif /* _WG_COOKIE_H */