1 /* SPDX-License-Identifier: ISC
3 * Copyright (C) 2015-2021 Jason A. Donenfeld <Jason@zx2c4.com>. All Rights Reserved.
4 * Copyright (C) 2019-2021 Matt Dunwoodie <ncon@noconroy.net>
12 #define COOKIE_MAC_SIZE 16
13 #define COOKIE_KEY_SIZE 32
14 #define COOKIE_NONCE_SIZE XCHACHA20POLY1305_NONCE_SIZE
15 #define COOKIE_COOKIE_SIZE 16
16 #define COOKIE_SECRET_SIZE 32
17 #define COOKIE_INPUT_SIZE 32
18 #define COOKIE_ENCRYPTED_SIZE (COOKIE_COOKIE_SIZE + COOKIE_MAC_SIZE)
23 uint8_t mac1[COOKIE_MAC_SIZE];
24 uint8_t mac2[COOKIE_MAC_SIZE];
28 uint8_t cm_mac1_key[COOKIE_KEY_SIZE];
29 uint8_t cm_cookie_key[COOKIE_KEY_SIZE];
31 struct rwlock cm_lock;
33 uint8_t cm_cookie[COOKIE_COOKIE_SIZE];
34 sbintime_t cm_cookie_birthdate; /* sbinuptime */
36 uint8_t cm_mac1_last[COOKIE_MAC_SIZE];
39 struct cookie_checker {
40 struct rwlock cc_key_lock;
41 uint8_t cc_mac1_key[COOKIE_KEY_SIZE];
42 uint8_t cc_cookie_key[COOKIE_KEY_SIZE];
44 struct mtx cc_secret_mtx;
45 sbintime_t cc_secret_birthdate; /* sbinuptime */
46 uint8_t cc_secret[COOKIE_SECRET_SIZE];
49 int cookie_init(void);
50 void cookie_deinit(void);
51 void cookie_checker_init(struct cookie_checker *);
52 void cookie_checker_free(struct cookie_checker *);
53 void cookie_checker_update(struct cookie_checker *,
54 const uint8_t[COOKIE_INPUT_SIZE]);
55 void cookie_checker_create_payload(struct cookie_checker *,
56 struct cookie_macs *cm, uint8_t[COOKIE_NONCE_SIZE],
57 uint8_t [COOKIE_ENCRYPTED_SIZE], struct sockaddr *);
58 void cookie_maker_init(struct cookie_maker *, const uint8_t[COOKIE_INPUT_SIZE]);
59 void cookie_maker_free(struct cookie_maker *);
60 int cookie_maker_consume_payload(struct cookie_maker *,
61 uint8_t[COOKIE_NONCE_SIZE], uint8_t[COOKIE_ENCRYPTED_SIZE]);
62 void cookie_maker_mac(struct cookie_maker *, struct cookie_macs *,
64 int cookie_checker_validate_macs(struct cookie_checker *,
65 struct cookie_macs *, void *, size_t, bool, struct sockaddr *,
69 bool cookie_selftest(void);
70 #endif /* SELFTESTS */
72 #endif /* __COOKIE_H__ */