1a6bca3d2SAaron LI /* SPDX-License-Identifier: ISC 2a6bca3d2SAaron LI * 3a6bca3d2SAaron LI * Copyright (C) 2015-2021 Jason A. Donenfeld <Jason@zx2c4.com>. All Rights Reserved. 4a6bca3d2SAaron LI * Copyright (C) 2019-2021 Matt Dunwoodie <ncon@noconroy.net> 5a6bca3d2SAaron LI */ 6a6bca3d2SAaron LI 7a6bca3d2SAaron LI #ifndef __COOKIE_H__ 8a6bca3d2SAaron LI #define __COOKIE_H__ 9a6bca3d2SAaron LI 10*cfdd69bcSAaron LI #include <crypto/chachapoly.h> 11d94868ddSAaron LI #include <crypto/blake2/blake2s.h> 12a6bca3d2SAaron LI 13a6bca3d2SAaron LI #define COOKIE_MAC_SIZE 16 14d94868ddSAaron LI #define COOKIE_KEY_SIZE BLAKE2S_KEY_SIZE 15a6bca3d2SAaron LI #define COOKIE_NONCE_SIZE XCHACHA20POLY1305_NONCE_SIZE 16a6bca3d2SAaron LI #define COOKIE_COOKIE_SIZE 16 17a6bca3d2SAaron LI #define COOKIE_SECRET_SIZE 32 18a6bca3d2SAaron LI #define COOKIE_INPUT_SIZE 32 19a6bca3d2SAaron LI #define COOKIE_ENCRYPTED_SIZE (COOKIE_COOKIE_SIZE + COOKIE_MAC_SIZE) 20a6bca3d2SAaron LI 21a6bca3d2SAaron LI struct cookie_macs { 22a6bca3d2SAaron LI uint8_t mac1[COOKIE_MAC_SIZE]; 23a6bca3d2SAaron LI uint8_t mac2[COOKIE_MAC_SIZE]; 24a6bca3d2SAaron LI }; 25a6bca3d2SAaron LI 26a6bca3d2SAaron LI struct cookie_maker { 27a6bca3d2SAaron LI uint8_t cm_mac1_key[COOKIE_KEY_SIZE]; 28a6bca3d2SAaron LI uint8_t cm_cookie_key[COOKIE_KEY_SIZE]; 29a6bca3d2SAaron LI 307ef217feSAaron LI struct lock cm_lock; 31a6bca3d2SAaron LI bool cm_cookie_valid; 32a6bca3d2SAaron LI uint8_t cm_cookie[COOKIE_COOKIE_SIZE]; 332bed72b3SAaron LI struct timespec cm_cookie_birthdate; /* nanouptime */ 34a6bca3d2SAaron LI bool cm_mac1_sent; 35a6bca3d2SAaron LI uint8_t cm_mac1_last[COOKIE_MAC_SIZE]; 36a6bca3d2SAaron LI }; 37a6bca3d2SAaron LI 38a6bca3d2SAaron LI struct cookie_checker { 397ef217feSAaron LI struct lock cc_key_lock; 40a6bca3d2SAaron LI uint8_t cc_mac1_key[COOKIE_KEY_SIZE]; 41a6bca3d2SAaron LI uint8_t cc_cookie_key[COOKIE_KEY_SIZE]; 42a6bca3d2SAaron LI 43139109cdSAaron LI struct lock cc_secret_mtx; 442bed72b3SAaron LI struct timespec cc_secret_birthdate; /* nanouptime */ 45a6bca3d2SAaron LI uint8_t cc_secret[COOKIE_SECRET_SIZE]; 46a6bca3d2SAaron LI }; 47a6bca3d2SAaron LI 48a6bca3d2SAaron LI int cookie_init(void); 49a6bca3d2SAaron LI void cookie_deinit(void); 50a6bca3d2SAaron LI void cookie_checker_init(struct cookie_checker *); 51a6bca3d2SAaron LI void cookie_checker_free(struct cookie_checker *); 52a6bca3d2SAaron LI void cookie_checker_update(struct cookie_checker *, 53a6bca3d2SAaron LI const uint8_t[COOKIE_INPUT_SIZE]); 54a6bca3d2SAaron LI void cookie_checker_create_payload(struct cookie_checker *, 55a6bca3d2SAaron LI struct cookie_macs *cm, uint8_t[COOKIE_NONCE_SIZE], 56a6bca3d2SAaron LI uint8_t [COOKIE_ENCRYPTED_SIZE], struct sockaddr *); 57a6bca3d2SAaron LI void cookie_maker_init(struct cookie_maker *, const uint8_t[COOKIE_INPUT_SIZE]); 58a6bca3d2SAaron LI void cookie_maker_free(struct cookie_maker *); 59a6bca3d2SAaron LI int cookie_maker_consume_payload(struct cookie_maker *, 60a6bca3d2SAaron LI uint8_t[COOKIE_NONCE_SIZE], uint8_t[COOKIE_ENCRYPTED_SIZE]); 61a6bca3d2SAaron LI void cookie_maker_mac(struct cookie_maker *, struct cookie_macs *, 62a6bca3d2SAaron LI void *, size_t); 63a6bca3d2SAaron LI int cookie_checker_validate_macs(struct cookie_checker *, 643b7831f6SAaron LI struct cookie_macs *, void *, size_t, bool, struct sockaddr *); 65a6bca3d2SAaron LI 66a6bca3d2SAaron LI #ifdef SELFTESTS 67a6bca3d2SAaron LI bool cookie_selftest(void); 68a6bca3d2SAaron LI #endif /* SELFTESTS */ 69a6bca3d2SAaron LI 70a6bca3d2SAaron LI #endif /* __COOKIE_H__ */ 71