From 99d303ac2739e65a02fbbc325b74ad6fcac63cc2 Mon Sep 17 00:00:00 2001 From: "Jason A. Donenfeld" Date: Fri, 5 Jun 2015 15:58:00 +0200 Subject: Initial commit --- src/cookie.h | 55 +++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 55 insertions(+) create mode 100644 src/cookie.h (limited to 'src/cookie.h') diff --git a/src/cookie.h b/src/cookie.h new file mode 100644 index 0000000..b9524e6 --- /dev/null +++ b/src/cookie.h @@ -0,0 +1,55 @@ +/* Copyright 2015-2016 Jason A. Donenfeld . All Rights Reserved. */ + +#ifndef WGCOOKIE +#define WGCOOKIE + +#include "noise.h" +#include "peer.h" +#include "ratelimiter.h" +#include + +enum { + COOKIE_SECRET_MAX_AGE = 2 * 60 * HZ, + COOKIE_SECRET_LATENCY = 5 * HZ, + COOKIE_SALT_LEN = 32, + COOKIE_LEN = 16 +}; + +struct wireguard_device; +struct sk_buff; + +struct cookie_checker { + u8 secret[NOISE_HASH_LEN]; + uint64_t secret_birthdate; + struct rw_semaphore secret_lock; + struct ratelimiter ratelimiter; + struct wireguard_device *device; +}; + +struct cookie { + uint64_t birthdate; + bool is_valid; + u8 cookie[COOKIE_LEN]; + bool have_sent_mac1; + u8 last_mac1_sent[COOKIE_LEN]; + struct rw_semaphore lock; +}; + +enum cookie_mac_state { + INVALID_MAC, + VALID_MAC_BUT_NO_COOKIE, + VALID_MAC_WITH_COOKIE_BUT_RATELIMITED, + VALID_MAC_WITH_COOKIE +}; + +int cookie_checker_init(struct cookie_checker *checker, struct wireguard_device *wg); +void cookie_checker_uninit(struct cookie_checker *checker); +void cookie_init(struct cookie *cookie); + +enum cookie_mac_state cookie_validate_packet(struct cookie_checker *checker, struct sk_buff *skb, void *data_start, size_t data_len, bool check_cookie); +void cookie_add_mac_to_packet(void *message, size_t len, struct wireguard_peer *peer); + +void cookie_message_create(struct message_handshake_cookie *src, struct sk_buff *skb, void *data_start, size_t data_len, __le32 index, struct cookie_checker *checker); +void cookie_message_consume(struct message_handshake_cookie *src, struct wireguard_device *wg); + +#endif -- cgit v1.2.3-59-g8ed1b