744bfb2131
This commit brings back the driver from FreeBSD commit
f187d6dfbf
plus subsequent fixes from
upstream.
Relative to upstream this commit includes a few other small fixes such
as additional INET and INET6 #ifdef's, #include cleanups, and updates
for recent API changes in main.
Reviewed by: pauamma, gbe, kevans, emaste
Obtained from: git@git.zx2c4.com:wireguard-freebsd @ 3cc22b2
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D36909
73 lines
2.1 KiB
C
73 lines
2.1 KiB
C
/* SPDX-License-Identifier: ISC
|
|
*
|
|
* Copyright (C) 2015-2021 Jason A. Donenfeld <Jason@zx2c4.com>. All Rights Reserved.
|
|
* Copyright (C) 2019-2021 Matt Dunwoodie <ncon@noconroy.net>
|
|
*/
|
|
|
|
#ifndef __COOKIE_H__
|
|
#define __COOKIE_H__
|
|
|
|
#include "crypto.h"
|
|
|
|
#define COOKIE_MAC_SIZE 16
|
|
#define COOKIE_KEY_SIZE 32
|
|
#define COOKIE_NONCE_SIZE XCHACHA20POLY1305_NONCE_SIZE
|
|
#define COOKIE_COOKIE_SIZE 16
|
|
#define COOKIE_SECRET_SIZE 32
|
|
#define COOKIE_INPUT_SIZE 32
|
|
#define COOKIE_ENCRYPTED_SIZE (COOKIE_COOKIE_SIZE + COOKIE_MAC_SIZE)
|
|
|
|
struct vnet;
|
|
|
|
struct cookie_macs {
|
|
uint8_t mac1[COOKIE_MAC_SIZE];
|
|
uint8_t mac2[COOKIE_MAC_SIZE];
|
|
};
|
|
|
|
struct cookie_maker {
|
|
uint8_t cm_mac1_key[COOKIE_KEY_SIZE];
|
|
uint8_t cm_cookie_key[COOKIE_KEY_SIZE];
|
|
|
|
struct rwlock cm_lock;
|
|
bool cm_cookie_valid;
|
|
uint8_t cm_cookie[COOKIE_COOKIE_SIZE];
|
|
sbintime_t cm_cookie_birthdate; /* sbinuptime */
|
|
bool cm_mac1_sent;
|
|
uint8_t cm_mac1_last[COOKIE_MAC_SIZE];
|
|
};
|
|
|
|
struct cookie_checker {
|
|
struct rwlock cc_key_lock;
|
|
uint8_t cc_mac1_key[COOKIE_KEY_SIZE];
|
|
uint8_t cc_cookie_key[COOKIE_KEY_SIZE];
|
|
|
|
struct mtx cc_secret_mtx;
|
|
sbintime_t cc_secret_birthdate; /* sbinuptime */
|
|
uint8_t cc_secret[COOKIE_SECRET_SIZE];
|
|
};
|
|
|
|
int cookie_init(void);
|
|
void cookie_deinit(void);
|
|
void cookie_checker_init(struct cookie_checker *);
|
|
void cookie_checker_free(struct cookie_checker *);
|
|
void cookie_checker_update(struct cookie_checker *,
|
|
const uint8_t[COOKIE_INPUT_SIZE]);
|
|
void cookie_checker_create_payload(struct cookie_checker *,
|
|
struct cookie_macs *cm, uint8_t[COOKIE_NONCE_SIZE],
|
|
uint8_t [COOKIE_ENCRYPTED_SIZE], struct sockaddr *);
|
|
void cookie_maker_init(struct cookie_maker *, const uint8_t[COOKIE_INPUT_SIZE]);
|
|
void cookie_maker_free(struct cookie_maker *);
|
|
int cookie_maker_consume_payload(struct cookie_maker *,
|
|
uint8_t[COOKIE_NONCE_SIZE], uint8_t[COOKIE_ENCRYPTED_SIZE]);
|
|
void cookie_maker_mac(struct cookie_maker *, struct cookie_macs *,
|
|
void *, size_t);
|
|
int cookie_checker_validate_macs(struct cookie_checker *,
|
|
struct cookie_macs *, void *, size_t, bool, struct sockaddr *,
|
|
struct vnet *);
|
|
|
|
#ifdef SELFTESTS
|
|
bool cookie_selftest(void);
|
|
#endif /* SELFTESTS */
|
|
|
|
#endif /* __COOKIE_H__ */
|