xref: /openbsd/sys/net/wg_cookie.h (revision f8148103) 
1 /*	$OpenBSD: wg_cookie.h,v 1.2 2020/12/09 05:53:33 tb Exp $ */
2 /*
3  * Copyright (C) 2015-2020 Jason A. Donenfeld <Jason@zx2c4.com>. All Rights Reserved.
4  * Copyright (C) 2019-2020 Matt Dunwoodie <ncon@noconroy.net>
5  *
6  * Permission to use, copy, modify, and distribute this software for any
7  * purpose with or without fee is hereby granted, provided that the above
8  * copyright notice and this permission notice appear in all copies.
9  *
10  * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
11  * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
12  * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
13  * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
14  * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
15  * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
16  * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
17  */
18 
19 #ifndef __COOKIE_H__
20 #define __COOKIE_H__
21 
22 #include <sys/types.h>
23 #include <sys/time.h>
24 #include <sys/rwlock.h>
25 #include <sys/queue.h>
26 
27 #include <netinet/in.h>
28 
29 #include <crypto/chachapoly.h>
30 #include <crypto/blake2s.h>
31 #include <crypto/siphash.h>
32 
33 #define COOKIE_MAC_SIZE		16
34 #define COOKIE_KEY_SIZE		32
35 #define COOKIE_NONCE_SIZE	XCHACHA20POLY1305_NONCE_SIZE
36 #define COOKIE_COOKIE_SIZE	16
37 #define COOKIE_SECRET_SIZE	32
38 #define COOKIE_INPUT_SIZE	32
39 #define COOKIE_ENCRYPTED_SIZE	(COOKIE_COOKIE_SIZE + COOKIE_MAC_SIZE)
40 
41 #define COOKIE_MAC1_KEY_LABEL	"mac1----"
42 #define COOKIE_COOKIE_KEY_LABEL	"cookie--"
43 #define COOKIE_SECRET_MAX_AGE	120
44 #define COOKIE_SECRET_LATENCY	5
45 
46 /* Constants for initiation rate limiting */
47 #define RATELIMIT_SIZE		(1 << 13)
48 #define RATELIMIT_SIZE_MAX	(RATELIMIT_SIZE * 8)
49 #define NSEC_PER_SEC		1000000000LL
50 #define INITIATIONS_PER_SECOND	20
51 #define INITIATIONS_BURSTABLE	5
52 #define INITIATION_COST		(NSEC_PER_SEC / INITIATIONS_PER_SECOND)
53 #define TOKEN_MAX		(INITIATION_COST * INITIATIONS_BURSTABLE)
54 #define ELEMENT_TIMEOUT		1
55 #define IPV4_MASK_SIZE		4 /* Use all 4 bytes of IPv4 address */
56 #define IPV6_MASK_SIZE		8 /* Use top 8 bytes (/64) of IPv6 address */
57 
58 struct cookie_macs {
59 	uint8_t	mac1[COOKIE_MAC_SIZE];
60 	uint8_t	mac2[COOKIE_MAC_SIZE];
61 };
62 
63 struct ratelimit_entry {
64 	LIST_ENTRY(ratelimit_entry)	 r_entry;
65 	sa_family_t			 r_af;
66 	union {
67 		struct in_addr		 r_in;
68 #ifdef INET6
69 		struct in6_addr		 r_in6;
70 #endif
71 	};
72 	struct timespec			 r_last_time;	/* nanouptime */
73 	uint64_t			 r_tokens;
74 };
75 
76 struct ratelimit {
77 	SIPHASH_KEY			 rl_secret;
78 	struct pool			*rl_pool;
79 
80 	struct rwlock			 rl_lock;
81 	LIST_HEAD(, ratelimit_entry)	*rl_table;
82 	u_long				 rl_table_mask;
83 	size_t				 rl_table_num;
84 	struct timespec			 rl_last_gc;	/* nanouptime */
85 };
86 
87 struct cookie_maker {
88 	uint8_t		cp_mac1_key[COOKIE_KEY_SIZE];
89 	uint8_t		cp_cookie_key[COOKIE_KEY_SIZE];
90 
91 	struct rwlock	cp_lock;
92 	uint8_t		cp_cookie[COOKIE_COOKIE_SIZE];
93 	struct timespec	cp_birthdate;	/* nanouptime */
94 	int		cp_mac1_valid;
95 	uint8_t		cp_mac1_last[COOKIE_MAC_SIZE];
96 };
97 
98 struct cookie_checker {
99 	struct ratelimit	cc_ratelimit_v4;
100 #ifdef INET6
101 	struct ratelimit	cc_ratelimit_v6;
102 #endif
103 
104 	struct rwlock		cc_key_lock;
105 	uint8_t			cc_mac1_key[COOKIE_KEY_SIZE];
106 	uint8_t			cc_cookie_key[COOKIE_KEY_SIZE];
107 
108 	struct rwlock		cc_secret_lock;
109 	struct timespec		cc_secret_birthdate;	/* nanouptime */
110 	uint8_t			cc_secret[COOKIE_SECRET_SIZE];
111 };
112 
113 void	cookie_maker_init(struct cookie_maker *, uint8_t[COOKIE_INPUT_SIZE]);
114 int	cookie_checker_init(struct cookie_checker *, struct pool *);
115 void	cookie_checker_update(struct cookie_checker *,
116 	    uint8_t[COOKIE_INPUT_SIZE]);
117 void	cookie_checker_deinit(struct cookie_checker *);
118 void	cookie_checker_create_payload(struct cookie_checker *,
119 	    struct cookie_macs *cm, uint8_t[COOKIE_NONCE_SIZE],
120 	    uint8_t [COOKIE_ENCRYPTED_SIZE], struct sockaddr *);
121 int	cookie_maker_consume_payload(struct cookie_maker *,
122 	    uint8_t[COOKIE_NONCE_SIZE], uint8_t[COOKIE_ENCRYPTED_SIZE]);
123 void	cookie_maker_mac(struct cookie_maker *, struct cookie_macs *,
124 	    void *, size_t);
125 int	cookie_checker_validate_macs(struct cookie_checker *,
126 	    struct cookie_macs *, void *, size_t, int, struct sockaddr *);
127 
128 #ifdef WGTEST
129 void	cookie_test();
130 #endif /* WGTEST */
131 
132 #endif /* __COOKIE_H__ */
133