summaryrefslogtreecommitdiffstats
path: root/src/wireguard.h
diff options
context:
space:
mode:
authorMatt Dunwoodie <ncon@mail.noconroy.net>2019-07-18 22:31:13 +1000
committerMatt Dunwoodie <ncon@mail.noconroy.net>2019-07-22 00:48:35 +1000
commit3229fa04360b4f242bdaeecae033ef43b6f75483 (patch)
tree63614c525e8e62ebc10307d0dd20aec84f55c152 /src/wireguard.h
parentReduce coupling between if_wg.c and wireguard.c (diff)
downloadwireguard-openbsd-3229fa04360b4f242bdaeecae033ef43b6f75483.tar.xz
wireguard-openbsd-3229fa04360b4f242bdaeecae033ef43b6f75483.zip
Add more cookie functionality
Add two cookies, hs_cookie and sc_cookie.
Diffstat (limited to 'src/wireguard.h')
-rw-r--r--src/wireguard.h18
1 files changed, 12 insertions, 6 deletions
diff --git a/src/wireguard.h b/src/wireguard.h
index 241a850dee7..0be4645345d 100644
--- a/src/wireguard.h
+++ b/src/wireguard.h
@@ -30,6 +30,7 @@
#define WG_REKEY_ATTEMPT_COUNT 20
#define WG_REKEY_TIMEOUT 5
#define WG_KEEPALIVE_TIMEOUT 10
+#define WG_COOKIE_VALID_TIME 120
#define WG_REKEY_AFTER_TIME_RECV (WG_REJECT_AFTER_TIME - WG_KEEPALIVE_TIMEOUT - WG_REKEY_TIMEOUT)
enum wg_role {
@@ -57,6 +58,11 @@ struct wg_keypair {
uint8_t priv[WG_KEY_SIZE];
};
+struct wg_cookie {
+ uint8_t cookie[WG_COOKIE_SIZE];
+ struct timespec time;
+};
+
struct wg_handshake {
struct rwlock hs_lock;
@@ -70,14 +76,12 @@ struct wg_handshake {
uint8_t hs_timestamp[WG_TIMESTAMP_SIZE];
uint8_t hs_epub[WG_KEY_SIZE];
- struct wg_keypair hs_ekey;
-
- uint8_t hs_cookie[WG_COOKIE_SIZE];
- struct timespec hs_cookie_time;
+ struct wg_keypair hs_ekey;
+ struct wg_cookie hs_cookie;
uint8_t hs_shared[WG_KEY_SIZE];
uint8_t hs_spub[WG_KEY_SIZE];
- struct wg_keypair *hs_skey;
+ struct wg_keypair *hs_skey;
};
struct wg_session {
@@ -152,9 +156,11 @@ uint32_t wg_session_clean(struct wg_session *);
enum wg_error wg_handshake_make_initiation(struct wg_handshake *, uint32_t, struct wg_msg_initiation *);
enum wg_error wg_handshake_make_response(struct wg_handshake *, uint32_t, struct wg_msg_response *);
-enum wg_error wg_handshake_make_cookie(struct wg_handshake *, struct wg_msg_cookie *);
+enum wg_error wg_handshake_make_cookie(struct wg_keypair *kp, struct wg_cookie *, uint32_t, uint8_t *, uint8_t, uint8_t mac[WG_MAC_SIZE], struct wg_msg_cookie *);
enum wg_error wg_session_encrypt(struct wg_session *, struct wg_msg_transport *, size_t);
+enum wg_error wg_handshake_valid_mac2(struct wg_cookie *, uint8_t *, uint8_t);
+
enum wg_error wg_handshake_recv_initiation(struct wg_handshake *, struct wg_msg_initiation *);
enum wg_error wg_handshake_recv_response(struct wg_handshake *, struct wg_msg_response *);
enum wg_error wg_handshake_recv_cookie(struct wg_handshake *, struct wg_msg_cookie *);