xref: /OK3568_Linux_fs/kernel/drivers/net/wireguard/cookie.h (revision 4882a59341e53eb6f0b4789bf948001014eff981) 
1*4882a593Smuzhiyun /* SPDX-License-Identifier: GPL-2.0 */
2*4882a593Smuzhiyun /*
3*4882a593Smuzhiyun  * Copyright (C) 2015-2019 Jason A. Donenfeld <Jason@zx2c4.com>. All Rights Reserved.
4*4882a593Smuzhiyun  */
5*4882a593Smuzhiyun 
6*4882a593Smuzhiyun #ifndef _WG_COOKIE_H
7*4882a593Smuzhiyun #define _WG_COOKIE_H
8*4882a593Smuzhiyun 
9*4882a593Smuzhiyun #include "messages.h"
10*4882a593Smuzhiyun #include <linux/rwsem.h>
11*4882a593Smuzhiyun 
12*4882a593Smuzhiyun struct wg_peer;
13*4882a593Smuzhiyun 
14*4882a593Smuzhiyun struct cookie_checker {
15*4882a593Smuzhiyun 	u8 secret[NOISE_HASH_LEN];
16*4882a593Smuzhiyun 	u8 cookie_encryption_key[NOISE_SYMMETRIC_KEY_LEN];
17*4882a593Smuzhiyun 	u8 message_mac1_key[NOISE_SYMMETRIC_KEY_LEN];
18*4882a593Smuzhiyun 	u64 secret_birthdate;
19*4882a593Smuzhiyun 	struct rw_semaphore secret_lock;
20*4882a593Smuzhiyun 	struct wg_device *device;
21*4882a593Smuzhiyun };
22*4882a593Smuzhiyun 
23*4882a593Smuzhiyun struct cookie {
24*4882a593Smuzhiyun 	u64 birthdate;
25*4882a593Smuzhiyun 	bool is_valid;
26*4882a593Smuzhiyun 	u8 cookie[COOKIE_LEN];
27*4882a593Smuzhiyun 	bool have_sent_mac1;
28*4882a593Smuzhiyun 	u8 last_mac1_sent[COOKIE_LEN];
29*4882a593Smuzhiyun 	u8 cookie_decryption_key[NOISE_SYMMETRIC_KEY_LEN];
30*4882a593Smuzhiyun 	u8 message_mac1_key[NOISE_SYMMETRIC_KEY_LEN];
31*4882a593Smuzhiyun 	struct rw_semaphore lock;
32*4882a593Smuzhiyun };
33*4882a593Smuzhiyun 
34*4882a593Smuzhiyun enum cookie_mac_state {
35*4882a593Smuzhiyun 	INVALID_MAC,
36*4882a593Smuzhiyun 	VALID_MAC_BUT_NO_COOKIE,
37*4882a593Smuzhiyun 	VALID_MAC_WITH_COOKIE_BUT_RATELIMITED,
38*4882a593Smuzhiyun 	VALID_MAC_WITH_COOKIE
39*4882a593Smuzhiyun };
40*4882a593Smuzhiyun 
41*4882a593Smuzhiyun void wg_cookie_checker_init(struct cookie_checker *checker,
42*4882a593Smuzhiyun 			    struct wg_device *wg);
43*4882a593Smuzhiyun void wg_cookie_checker_precompute_device_keys(struct cookie_checker *checker);
44*4882a593Smuzhiyun void wg_cookie_checker_precompute_peer_keys(struct wg_peer *peer);
45*4882a593Smuzhiyun void wg_cookie_init(struct cookie *cookie);
46*4882a593Smuzhiyun 
47*4882a593Smuzhiyun enum cookie_mac_state wg_cookie_validate_packet(struct cookie_checker *checker,
48*4882a593Smuzhiyun 						struct sk_buff *skb,
49*4882a593Smuzhiyun 						bool check_cookie);
50*4882a593Smuzhiyun void wg_cookie_add_mac_to_packet(void *message, size_t len,
51*4882a593Smuzhiyun 				 struct wg_peer *peer);
52*4882a593Smuzhiyun 
53*4882a593Smuzhiyun void wg_cookie_message_create(struct message_handshake_cookie *src,
54*4882a593Smuzhiyun 			      struct sk_buff *skb, __le32 index,
55*4882a593Smuzhiyun 			      struct cookie_checker *checker);
56*4882a593Smuzhiyun void wg_cookie_message_consume(struct message_handshake_cookie *src,
57*4882a593Smuzhiyun 			       struct wg_device *wg);
58*4882a593Smuzhiyun 
59*4882a593Smuzhiyun #endif /* _WG_COOKIE_H */
60