/*- * SPDX-License-Identifier: BSD-2-Clause-FreeBSD * * Copyright (c) 2019-2020 Rubicon Communications, LLC (Netgate) * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * * $FreeBSD$ */ #ifndef MODULE_H_ #define MODULE_H_ #include #include #include #include #include #include #include #include #include #include #include #include enum noise_lengths { NOISE_PUBLIC_KEY_LEN = CURVE25519_KEY_SIZE, NOISE_SYMMETRIC_KEY_LEN = CHACHA20POLY1305_KEY_SIZE, NOISE_TIMESTAMP_LEN = sizeof(uint64_t) + sizeof(uint32_t), NOISE_AUTHTAG_LEN = CHACHA20POLY1305_AUTHTAG_SIZE, NOISE_HASH_LEN = BLAKE2S_HASH_SIZE }; #define noise_encrypted_len(plain_len) ((plain_len) + NOISE_AUTHTAG_LEN) enum cookie_values { COOKIE_SECRET_MAX_AGE = 2 * 60, COOKIE_SECRET_LATENCY = 5, COOKIE_NONCE_LEN = XCHACHA20POLY1305_NONCE_SIZE, COOKIE_LEN = 16 }; enum limits { REKEY_TIMEOUT = 5, INITIATIONS_PER_SECOND = 50, MAX_PEERS_PER_DEVICE = 1U << 20, KEEPALIVE_TIMEOUT = 10, MAX_TIMER_HANDSHAKES = 90 / REKEY_TIMEOUT, MAX_QUEUED_INCOMING_HANDSHAKES = 4096, /* TODO: replace this with DQL */ MAX_STAGED_PACKETS = 128, MAX_QUEUED_PACKETS = 1024 /* TODO: replace this with DQL */ }; #define zfree(addr, type) \ do { \ explicit_bzero(addr, sizeof(*addr)); \ free(addr, type); \ } while (0) struct crypt_queue { union { struct { int last_cpu; }; }; }; #define __ATOMIC_LOAD_SIZE \ ({ \ switch (size) { \ case 1: *(uint8_t *)res = *(volatile uint8_t *)p; break; \ case 2: *(uint16_t *)res = *(volatile uint16_t *)p; break; \ case 4: *(uint32_t *)res = *(volatile uint32_t *)p; break; \ case 8: *(uint64_t *)res = *(volatile uint64_t *)p; break; \ } \ }) static inline void __atomic_load_acq_size(volatile void *p, void *res, int size) { __ATOMIC_LOAD_SIZE; } #define atomic_load_acq(x) \ ({ \ union { __typeof(x) __val; char __c[1]; } __u; \ __atomic_load_acq_size(&(x), __u.__c, sizeof(x)); \ __u.__val; \ }) int wg_ctx_init(void); void wg_ctx_uninit(void); #endif