1/* $OpenBSD: wg_cookie.h,v 1.2 2020/12/09 05:53:33 tb Exp $ */ 2/* 3 * Copyright (C) 2015-2020 Jason A. Donenfeld <Jason@zx2c4.com>. All Rights Reserved. 4 * Copyright (C) 2019-2020 Matt Dunwoodie <ncon@noconroy.net> 5 * 6 * Permission to use, copy, modify, and distribute this software for any 7 * purpose with or without fee is hereby granted, provided that the above 8 * copyright notice and this permission notice appear in all copies. 9 * 10 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 11 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 12 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 13 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 14 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 15 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 16 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 17 */ 18 19#ifndef __COOKIE_H__ 20#define __COOKIE_H__ 21 22#include <sys/types.h> 23#include <sys/time.h> 24#include <sys/rwlock.h> 25#include <sys/queue.h> 26 27#include <netinet/in.h> 28 29#include <crypto/chachapoly.h> 30#include <crypto/blake2s.h> 31#include <crypto/siphash.h> 32 33#define COOKIE_MAC_SIZE 16 34#define COOKIE_KEY_SIZE 32 35#define COOKIE_NONCE_SIZE XCHACHA20POLY1305_NONCE_SIZE 36#define COOKIE_COOKIE_SIZE 16 37#define COOKIE_SECRET_SIZE 32 38#define COOKIE_INPUT_SIZE 32 39#define COOKIE_ENCRYPTED_SIZE (COOKIE_COOKIE_SIZE + COOKIE_MAC_SIZE) 40 41#define COOKIE_MAC1_KEY_LABEL "mac1----" 42#define COOKIE_COOKIE_KEY_LABEL "cookie--" 43#define COOKIE_SECRET_MAX_AGE 120 44#define COOKIE_SECRET_LATENCY 5 45 46/* Constants for initiation rate limiting */ 47#define RATELIMIT_SIZE (1 << 13) 48#define RATELIMIT_SIZE_MAX (RATELIMIT_SIZE * 8) 49#define NSEC_PER_SEC 1000000000LL 50#define INITIATIONS_PER_SECOND 20 51#define INITIATIONS_BURSTABLE 5 52#define INITIATION_COST (NSEC_PER_SEC / INITIATIONS_PER_SECOND) 53#define TOKEN_MAX (INITIATION_COST * INITIATIONS_BURSTABLE) 54#define ELEMENT_TIMEOUT 1 55#define IPV4_MASK_SIZE 4 /* Use all 4 bytes of IPv4 address */ 56#define IPV6_MASK_SIZE 8 /* Use top 8 bytes (/64) of IPv6 address */ 57 58struct cookie_macs { 59 uint8_t mac1[COOKIE_MAC_SIZE]; 60 uint8_t mac2[COOKIE_MAC_SIZE]; 61}; 62 63struct ratelimit_entry { 64 LIST_ENTRY(ratelimit_entry) r_entry; 65 sa_family_t r_af; 66 union { 67 struct in_addr r_in; 68#ifdef INET6 69 struct in6_addr r_in6; 70#endif 71 }; 72 struct timespec r_last_time; /* nanouptime */ 73 uint64_t r_tokens; 74}; 75 76struct ratelimit { 77 SIPHASH_KEY rl_secret; 78 struct pool *rl_pool; 79 80 struct rwlock rl_lock; 81 LIST_HEAD(, ratelimit_entry) *rl_table; 82 u_long rl_table_mask; 83 size_t rl_table_num; 84 struct timespec rl_last_gc; /* nanouptime */ 85}; 86 87struct cookie_maker { 88 uint8_t cp_mac1_key[COOKIE_KEY_SIZE]; 89 uint8_t cp_cookie_key[COOKIE_KEY_SIZE]; 90 91 struct rwlock cp_lock; 92 uint8_t cp_cookie[COOKIE_COOKIE_SIZE]; 93 struct timespec cp_birthdate; /* nanouptime */ 94 int cp_mac1_valid; 95 uint8_t cp_mac1_last[COOKIE_MAC_SIZE]; 96}; 97 98struct cookie_checker { 99 struct ratelimit cc_ratelimit_v4; 100#ifdef INET6 101 struct ratelimit cc_ratelimit_v6; 102#endif 103 104 struct rwlock cc_key_lock; 105 uint8_t cc_mac1_key[COOKIE_KEY_SIZE]; 106 uint8_t cc_cookie_key[COOKIE_KEY_SIZE]; 107 108 struct rwlock cc_secret_lock; 109 struct timespec cc_secret_birthdate; /* nanouptime */ 110 uint8_t cc_secret[COOKIE_SECRET_SIZE]; 111}; 112 113void cookie_maker_init(struct cookie_maker *, uint8_t[COOKIE_INPUT_SIZE]); 114int cookie_checker_init(struct cookie_checker *, struct pool *); 115void cookie_checker_update(struct cookie_checker *, 116 uint8_t[COOKIE_INPUT_SIZE]); 117void cookie_checker_deinit(struct cookie_checker *); 118void cookie_checker_create_payload(struct cookie_checker *, 119 struct cookie_macs *cm, uint8_t[COOKIE_NONCE_SIZE], 120 uint8_t [COOKIE_ENCRYPTED_SIZE], struct sockaddr *); 121int cookie_maker_consume_payload(struct cookie_maker *, 122 uint8_t[COOKIE_NONCE_SIZE], uint8_t[COOKIE_ENCRYPTED_SIZE]); 123void cookie_maker_mac(struct cookie_maker *, struct cookie_macs *, 124 void *, size_t); 125int cookie_checker_validate_macs(struct cookie_checker *, 126 struct cookie_macs *, void *, size_t, int, struct sockaddr *); 127 128#ifdef WGTEST 129void cookie_test(); 130#endif /* WGTEST */ 131 132#endif /* __COOKIE_H__ */ 133