diff options
author | Jason A. Donenfeld <Jason@zx2c4.com> | 2015-06-05 15:58:00 +0200 |
---|---|---|
committer | Jason A. Donenfeld <Jason@zx2c4.com> | 2016-06-25 16:48:39 +0200 |
commit | 99d303ac2739e65a02fbbc325b74ad6fcac63cc2 (patch) | |
tree | 6f4095f42d3d298cdd5ab8bc6f8ed89d9673b38b /src/cookie.h | |
download | wireguard-monolithic-historical-99d303ac2739e65a02fbbc325b74ad6fcac63cc2.tar.xz wireguard-monolithic-historical-99d303ac2739e65a02fbbc325b74ad6fcac63cc2.zip |
Initial commit
Diffstat (limited to 'src/cookie.h')
-rw-r--r-- | src/cookie.h | 55 |
1 files changed, 55 insertions, 0 deletions
diff --git a/src/cookie.h b/src/cookie.h new file mode 100644 index 0000000..b9524e6 --- /dev/null +++ b/src/cookie.h @@ -0,0 +1,55 @@ +/* Copyright 2015-2016 Jason A. Donenfeld <Jason@zx2c4.com>. All Rights Reserved. */ + +#ifndef WGCOOKIE +#define WGCOOKIE + +#include "noise.h" +#include "peer.h" +#include "ratelimiter.h" +#include <linux/rwsem.h> + +enum { + COOKIE_SECRET_MAX_AGE = 2 * 60 * HZ, + COOKIE_SECRET_LATENCY = 5 * HZ, + COOKIE_SALT_LEN = 32, + COOKIE_LEN = 16 +}; + +struct wireguard_device; +struct sk_buff; + +struct cookie_checker { + u8 secret[NOISE_HASH_LEN]; + uint64_t secret_birthdate; + struct rw_semaphore secret_lock; + struct ratelimiter ratelimiter; + struct wireguard_device *device; +}; + +struct cookie { + uint64_t birthdate; + bool is_valid; + u8 cookie[COOKIE_LEN]; + bool have_sent_mac1; + u8 last_mac1_sent[COOKIE_LEN]; + struct rw_semaphore lock; +}; + +enum cookie_mac_state { + INVALID_MAC, + VALID_MAC_BUT_NO_COOKIE, + VALID_MAC_WITH_COOKIE_BUT_RATELIMITED, + VALID_MAC_WITH_COOKIE +}; + +int cookie_checker_init(struct cookie_checker *checker, struct wireguard_device *wg); +void cookie_checker_uninit(struct cookie_checker *checker); +void cookie_init(struct cookie *cookie); + +enum cookie_mac_state cookie_validate_packet(struct cookie_checker *checker, struct sk_buff *skb, void *data_start, size_t data_len, bool check_cookie); +void cookie_add_mac_to_packet(void *message, size_t len, struct wireguard_peer *peer); + +void cookie_message_create(struct message_handshake_cookie *src, struct sk_buff *skb, void *data_start, size_t data_len, __le32 index, struct cookie_checker *checker); +void cookie_message_consume(struct message_handshake_cookie *src, struct wireguard_device *wg); + +#endif |