18c2ecf20Sopenharmony_ci/* SPDX-License-Identifier: GPL-2.0 */ 28c2ecf20Sopenharmony_ci/* 38c2ecf20Sopenharmony_ci * Copyright (C) 2015-2019 Jason A. Donenfeld <Jason@zx2c4.com>. All Rights Reserved. 48c2ecf20Sopenharmony_ci */ 58c2ecf20Sopenharmony_ci 68c2ecf20Sopenharmony_ci#ifndef _WG_COOKIE_H 78c2ecf20Sopenharmony_ci#define _WG_COOKIE_H 88c2ecf20Sopenharmony_ci 98c2ecf20Sopenharmony_ci#include "messages.h" 108c2ecf20Sopenharmony_ci#include <linux/rwsem.h> 118c2ecf20Sopenharmony_ci 128c2ecf20Sopenharmony_cistruct wg_peer; 138c2ecf20Sopenharmony_ci 148c2ecf20Sopenharmony_cistruct cookie_checker { 158c2ecf20Sopenharmony_ci u8 secret[NOISE_HASH_LEN]; 168c2ecf20Sopenharmony_ci u8 cookie_encryption_key[NOISE_SYMMETRIC_KEY_LEN]; 178c2ecf20Sopenharmony_ci u8 message_mac1_key[NOISE_SYMMETRIC_KEY_LEN]; 188c2ecf20Sopenharmony_ci u64 secret_birthdate; 198c2ecf20Sopenharmony_ci struct rw_semaphore secret_lock; 208c2ecf20Sopenharmony_ci struct wg_device *device; 218c2ecf20Sopenharmony_ci}; 228c2ecf20Sopenharmony_ci 238c2ecf20Sopenharmony_cistruct cookie { 248c2ecf20Sopenharmony_ci u64 birthdate; 258c2ecf20Sopenharmony_ci bool is_valid; 268c2ecf20Sopenharmony_ci u8 cookie[COOKIE_LEN]; 278c2ecf20Sopenharmony_ci bool have_sent_mac1; 288c2ecf20Sopenharmony_ci u8 last_mac1_sent[COOKIE_LEN]; 298c2ecf20Sopenharmony_ci u8 cookie_decryption_key[NOISE_SYMMETRIC_KEY_LEN]; 308c2ecf20Sopenharmony_ci u8 message_mac1_key[NOISE_SYMMETRIC_KEY_LEN]; 318c2ecf20Sopenharmony_ci struct rw_semaphore lock; 328c2ecf20Sopenharmony_ci}; 338c2ecf20Sopenharmony_ci 348c2ecf20Sopenharmony_cienum cookie_mac_state { 358c2ecf20Sopenharmony_ci INVALID_MAC, 368c2ecf20Sopenharmony_ci VALID_MAC_BUT_NO_COOKIE, 378c2ecf20Sopenharmony_ci VALID_MAC_WITH_COOKIE_BUT_RATELIMITED, 388c2ecf20Sopenharmony_ci VALID_MAC_WITH_COOKIE 398c2ecf20Sopenharmony_ci}; 408c2ecf20Sopenharmony_ci 418c2ecf20Sopenharmony_civoid wg_cookie_checker_init(struct cookie_checker *checker, 428c2ecf20Sopenharmony_ci struct wg_device *wg); 438c2ecf20Sopenharmony_civoid wg_cookie_checker_precompute_device_keys(struct cookie_checker *checker); 448c2ecf20Sopenharmony_civoid wg_cookie_checker_precompute_peer_keys(struct wg_peer *peer); 458c2ecf20Sopenharmony_civoid wg_cookie_init(struct cookie *cookie); 468c2ecf20Sopenharmony_ci 478c2ecf20Sopenharmony_cienum cookie_mac_state wg_cookie_validate_packet(struct cookie_checker *checker, 488c2ecf20Sopenharmony_ci struct sk_buff *skb, 498c2ecf20Sopenharmony_ci bool check_cookie); 508c2ecf20Sopenharmony_civoid wg_cookie_add_mac_to_packet(void *message, size_t len, 518c2ecf20Sopenharmony_ci struct wg_peer *peer); 528c2ecf20Sopenharmony_ci 538c2ecf20Sopenharmony_civoid wg_cookie_message_create(struct message_handshake_cookie *src, 548c2ecf20Sopenharmony_ci struct sk_buff *skb, __le32 index, 558c2ecf20Sopenharmony_ci struct cookie_checker *checker); 568c2ecf20Sopenharmony_civoid wg_cookie_message_consume(struct message_handshake_cookie *src, 578c2ecf20Sopenharmony_ci struct wg_device *wg); 588c2ecf20Sopenharmony_ci 598c2ecf20Sopenharmony_ci#endif /* _WG_COOKIE_H */ 60