1 /*- 2 * SPDX-License-Identifier: ISC 3 * 4 * Copyright (C) 2015-2021 Jason A. Donenfeld <Jason@zx2c4.com>. All Rights Reserved. 5 * Copyright (C) 2019-2021 Matt Dunwoodie <ncon@noconroy.net> 6 * 7 * Permission to use, copy, modify, and distribute this software for any 8 * purpose with or without fee is hereby granted, provided that the above 9 * copyright notice and this permission notice appear in all copies. 10 * 11 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 12 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 13 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 14 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 15 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 16 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 17 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 18 */ 19 20 #ifndef _NET_WG_COOKIE_H_ 21 #define _NET_WG_COOKIE_H_ 22 23 #ifndef _KERNEL 24 #error "This file should not be included by userland programs." 25 #endif 26 27 #include <crypto/chachapoly.h> 28 29 #define COOKIE_MAC_SIZE 16 30 #define COOKIE_COOKIE_SIZE 16 31 #define COOKIE_INPUT_SIZE 32 32 #define COOKIE_NONCE_SIZE XCHACHA20POLY1305_NONCE_SIZE 33 #define COOKIE_ENCRYPTED_SIZE (COOKIE_COOKIE_SIZE + COOKIE_MAC_SIZE) 34 35 struct cookie_macs { 36 uint8_t mac1[COOKIE_MAC_SIZE]; 37 uint8_t mac2[COOKIE_MAC_SIZE]; 38 }; 39 40 struct cookie_maker; 41 struct cookie_checker; 42 43 int cookie_init(void); 44 void cookie_deinit(void); 45 46 struct cookie_checker * 47 cookie_checker_alloc(void); 48 void cookie_checker_free(struct cookie_checker *); 49 void cookie_checker_update(struct cookie_checker *, 50 const uint8_t[COOKIE_INPUT_SIZE]); 51 void cookie_checker_create_payload(struct cookie_checker *, 52 const struct cookie_macs *, 53 uint8_t[COOKIE_NONCE_SIZE], 54 uint8_t[COOKIE_ENCRYPTED_SIZE], 55 const struct sockaddr *); 56 int cookie_checker_validate_macs(struct cookie_checker *, 57 const struct cookie_macs *, const void *, 58 size_t, bool, const struct sockaddr *); 59 60 struct cookie_maker * 61 cookie_maker_alloc(const uint8_t[COOKIE_INPUT_SIZE]); 62 void cookie_maker_free(struct cookie_maker *); 63 int cookie_maker_consume_payload(struct cookie_maker *, 64 const uint8_t[COOKIE_NONCE_SIZE], 65 const uint8_t[COOKIE_ENCRYPTED_SIZE]); 66 void cookie_maker_mac(struct cookie_maker *, struct cookie_macs *, 67 const void *, size_t); 68 69 #ifdef WG_SELFTESTS 70 bool cookie_selftest(void); 71 #endif /* WG_SELFTESTS */ 72 73 #endif /* _NET_WG_COOKIE_H_ */ 74