/* $OpenBSD: wg_cookie.h,v 1.2 2020/12/09 05:53:33 tb Exp $ */ /* * Copyright (C) 2015-2020 Jason A. Donenfeld . All Rights Reserved. * Copyright (C) 2019-2020 Matt Dunwoodie * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ #ifndef __COOKIE_H__ #define __COOKIE_H__ #include #include #include #include #include #include #include #include #define COOKIE_MAC_SIZE 16 #define COOKIE_KEY_SIZE 32 #define COOKIE_NONCE_SIZE XCHACHA20POLY1305_NONCE_SIZE #define COOKIE_COOKIE_SIZE 16 #define COOKIE_SECRET_SIZE 32 #define COOKIE_INPUT_SIZE 32 #define COOKIE_ENCRYPTED_SIZE (COOKIE_COOKIE_SIZE + COOKIE_MAC_SIZE) #define COOKIE_MAC1_KEY_LABEL "mac1----" #define COOKIE_COOKIE_KEY_LABEL "cookie--" #define COOKIE_SECRET_MAX_AGE 120 #define COOKIE_SECRET_LATENCY 5 /* Constants for initiation rate limiting */ #define RATELIMIT_SIZE (1 << 13) #define RATELIMIT_SIZE_MAX (RATELIMIT_SIZE * 8) #define NSEC_PER_SEC 1000000000LL #define INITIATIONS_PER_SECOND 20 #define INITIATIONS_BURSTABLE 5 #define INITIATION_COST (NSEC_PER_SEC / INITIATIONS_PER_SECOND) #define TOKEN_MAX (INITIATION_COST * INITIATIONS_BURSTABLE) #define ELEMENT_TIMEOUT 1 #define IPV4_MASK_SIZE 4 /* Use all 4 bytes of IPv4 address */ #define IPV6_MASK_SIZE 8 /* Use top 8 bytes (/64) of IPv6 address */ struct cookie_macs { uint8_t mac1[COOKIE_MAC_SIZE]; uint8_t mac2[COOKIE_MAC_SIZE]; }; struct ratelimit_entry { LIST_ENTRY(ratelimit_entry) r_entry; sa_family_t r_af; union { struct in_addr r_in; #ifdef INET6 struct in6_addr r_in6; #endif }; struct timespec r_last_time; /* nanouptime */ uint64_t r_tokens; }; struct ratelimit { SIPHASH_KEY rl_secret; struct pool *rl_pool; struct rwlock rl_lock; LIST_HEAD(, ratelimit_entry) *rl_table; u_long rl_table_mask; size_t rl_table_num; struct timespec rl_last_gc; /* nanouptime */ }; struct cookie_maker { uint8_t cp_mac1_key[COOKIE_KEY_SIZE]; uint8_t cp_cookie_key[COOKIE_KEY_SIZE]; struct rwlock cp_lock; uint8_t cp_cookie[COOKIE_COOKIE_SIZE]; struct timespec cp_birthdate; /* nanouptime */ int cp_mac1_valid; uint8_t cp_mac1_last[COOKIE_MAC_SIZE]; }; struct cookie_checker { struct ratelimit cc_ratelimit_v4; #ifdef INET6 struct ratelimit cc_ratelimit_v6; #endif struct rwlock cc_key_lock; uint8_t cc_mac1_key[COOKIE_KEY_SIZE]; uint8_t cc_cookie_key[COOKIE_KEY_SIZE]; struct rwlock cc_secret_lock; struct timespec cc_secret_birthdate; /* nanouptime */ uint8_t cc_secret[COOKIE_SECRET_SIZE]; }; void cookie_maker_init(struct cookie_maker *, uint8_t[COOKIE_INPUT_SIZE]); int cookie_checker_init(struct cookie_checker *, struct pool *); void cookie_checker_update(struct cookie_checker *, uint8_t[COOKIE_INPUT_SIZE]); void cookie_checker_deinit(struct cookie_checker *); void cookie_checker_create_payload(struct cookie_checker *, struct cookie_macs *cm, uint8_t[COOKIE_NONCE_SIZE], uint8_t [COOKIE_ENCRYPTED_SIZE], struct sockaddr *); int cookie_maker_consume_payload(struct cookie_maker *, uint8_t[COOKIE_NONCE_SIZE], uint8_t[COOKIE_ENCRYPTED_SIZE]); void cookie_maker_mac(struct cookie_maker *, struct cookie_macs *, void *, size_t); int cookie_checker_validate_macs(struct cookie_checker *, struct cookie_macs *, void *, size_t, int, struct sockaddr *); #ifdef WGTEST void cookie_test(); #endif /* WGTEST */ #endif /* __COOKIE_H__ */