1/* SPDX-License-Identifier: ISC 2 * 3 * Copyright (C) 2015-2021 Jason A. Donenfeld <Jason@zx2c4.com>. All Rights Reserved. 4 * Copyright (C) 2019-2021 Matt Dunwoodie <ncon@noconroy.net> 5 */ 6 7#ifndef __COOKIE_H__ 8#define __COOKIE_H__ 9 10#include "crypto.h" 11 12#define COOKIE_MAC_SIZE 16 13#define COOKIE_KEY_SIZE 32 14#define COOKIE_NONCE_SIZE XCHACHA20POLY1305_NONCE_SIZE 15#define COOKIE_COOKIE_SIZE 16 16#define COOKIE_SECRET_SIZE 32 17#define COOKIE_INPUT_SIZE 32 18#define COOKIE_ENCRYPTED_SIZE (COOKIE_COOKIE_SIZE + COOKIE_MAC_SIZE) 19 20struct vnet; 21 22struct cookie_macs { 23 uint8_t mac1[COOKIE_MAC_SIZE]; 24 uint8_t mac2[COOKIE_MAC_SIZE]; 25}; 26 27struct cookie_maker { 28 uint8_t cm_mac1_key[COOKIE_KEY_SIZE]; 29 uint8_t cm_cookie_key[COOKIE_KEY_SIZE]; 30 31 struct rwlock cm_lock; 32 bool cm_cookie_valid; 33 uint8_t cm_cookie[COOKIE_COOKIE_SIZE]; 34 sbintime_t cm_cookie_birthdate; /* sbinuptime */ 35 bool cm_mac1_sent; 36 uint8_t cm_mac1_last[COOKIE_MAC_SIZE]; 37}; 38 39struct cookie_checker { 40 struct rwlock cc_key_lock; 41 uint8_t cc_mac1_key[COOKIE_KEY_SIZE]; 42 uint8_t cc_cookie_key[COOKIE_KEY_SIZE]; 43 44 struct mtx cc_secret_mtx; 45 sbintime_t cc_secret_birthdate; /* sbinuptime */ 46 uint8_t cc_secret[COOKIE_SECRET_SIZE]; 47}; 48 49int cookie_init(void); 50void cookie_deinit(void); 51void cookie_checker_init(struct cookie_checker *); 52void cookie_checker_free(struct cookie_checker *); 53void cookie_checker_update(struct cookie_checker *, 54 const uint8_t[COOKIE_INPUT_SIZE]); 55void cookie_checker_create_payload(struct cookie_checker *, 56 struct cookie_macs *cm, uint8_t[COOKIE_NONCE_SIZE], 57 uint8_t [COOKIE_ENCRYPTED_SIZE], struct sockaddr *); 58void cookie_maker_init(struct cookie_maker *, const uint8_t[COOKIE_INPUT_SIZE]); 59void cookie_maker_free(struct cookie_maker *); 60int cookie_maker_consume_payload(struct cookie_maker *, 61 uint8_t[COOKIE_NONCE_SIZE], uint8_t[COOKIE_ENCRYPTED_SIZE]); 62void cookie_maker_mac(struct cookie_maker *, struct cookie_macs *, 63 void *, size_t); 64int cookie_checker_validate_macs(struct cookie_checker *, 65 struct cookie_macs *, void *, size_t, bool, struct sockaddr *, 66 struct vnet *); 67 68#ifdef SELFTESTS 69bool cookie_selftest(void); 70#endif /* SELFTESTS */ 71 72#endif /* __COOKIE_H__ */ 73