FD.io VPP  v21.10.1-2-g0a485f517
Vector Packet Processing
wireguard_cookie.h File Reference
+ Include dependency graph for wireguard_cookie.h:
+ This graph shows which files directly or indirectly include this file:

Go to the source code of this file.

Data Structures

struct  cookie_macs
 
struct  cookie_maker
 
struct  cookie_checker
 

Macros

#define COOKIE_MAC_SIZE   16
 
#define COOKIE_KEY_SIZE   32
 
#define COOKIE_NONCE_SIZE   24
 
#define COOKIE_COOKIE_SIZE   16
 
#define COOKIE_SECRET_SIZE   32
 
#define COOKIE_INPUT_SIZE   32
 
#define COOKIE_ENCRYPTED_SIZE   (COOKIE_COOKIE_SIZE + COOKIE_MAC_SIZE)
 
#define COOKIE_MAC1_KEY_LABEL   "mac1----"
 
#define COOKIE_COOKIE_KEY_LABEL   "cookie--"
 
#define COOKIE_SECRET_MAX_AGE   120
 
#define COOKIE_SECRET_LATENCY   5
 
#define RATELIMIT_SIZE   (1 << 13)
 
#define RATELIMIT_SIZE_MAX   (RATELIMIT_SIZE * 8)
 
#define NSEC_PER_SEC   1000000000LL
 
#define INITIATIONS_PER_SECOND   20
 
#define INITIATIONS_BURSTABLE   5
 
#define INITIATION_COST   (NSEC_PER_SEC / INITIATIONS_PER_SECOND)
 
#define TOKEN_MAX   (INITIATION_COST * INITIATIONS_BURSTABLE)
 
#define ELEMENT_TIMEOUT   1
 
#define IPV4_MASK_SIZE   4 /* Use all 4 bytes of IPv4 address */
 
#define IPV6_MASK_SIZE   8 /* Use top 8 bytes (/64) of IPv6 address */
 

Typedefs

typedef struct cookie_macs message_macs_t
 
typedef struct cookie_maker cookie_maker_t
 
typedef struct cookie_checker cookie_checker_t
 

Enumerations

enum  cookie_mac_state { INVALID_MAC, VALID_MAC_BUT_NO_COOKIE, VALID_MAC_WITH_COOKIE }
 

Functions

void cookie_maker_init (cookie_maker_t *, const uint8_t[COOKIE_INPUT_SIZE])
 
void cookie_checker_update (cookie_checker_t *, uint8_t[COOKIE_INPUT_SIZE])
 
void cookie_maker_mac (cookie_maker_t *, message_macs_t *, void *, size_t)
 
enum cookie_mac_state cookie_checker_validate_macs (vlib_main_t *vm, cookie_checker_t *, message_macs_t *, void *, size_t, bool, ip4_address_t ip4, u16 udp_port)
 

Macro Definition Documentation

◆ COOKIE_COOKIE_KEY_LABEL

#define COOKIE_COOKIE_KEY_LABEL   "cookie--"

Definition at line 40 of file wireguard_cookie.h.

◆ COOKIE_COOKIE_SIZE

#define COOKIE_COOKIE_SIZE   16

Definition at line 34 of file wireguard_cookie.h.

◆ COOKIE_ENCRYPTED_SIZE

#define COOKIE_ENCRYPTED_SIZE   (COOKIE_COOKIE_SIZE + COOKIE_MAC_SIZE)

Definition at line 37 of file wireguard_cookie.h.

◆ COOKIE_INPUT_SIZE

#define COOKIE_INPUT_SIZE   32

Definition at line 36 of file wireguard_cookie.h.

◆ COOKIE_KEY_SIZE

#define COOKIE_KEY_SIZE   32

Definition at line 32 of file wireguard_cookie.h.

◆ COOKIE_MAC1_KEY_LABEL

#define COOKIE_MAC1_KEY_LABEL   "mac1----"

Definition at line 39 of file wireguard_cookie.h.

◆ COOKIE_MAC_SIZE

#define COOKIE_MAC_SIZE   16

Definition at line 31 of file wireguard_cookie.h.

◆ COOKIE_NONCE_SIZE

#define COOKIE_NONCE_SIZE   24

Definition at line 33 of file wireguard_cookie.h.

◆ COOKIE_SECRET_LATENCY

#define COOKIE_SECRET_LATENCY   5

Definition at line 42 of file wireguard_cookie.h.

◆ COOKIE_SECRET_MAX_AGE

#define COOKIE_SECRET_MAX_AGE   120

Definition at line 41 of file wireguard_cookie.h.

◆ COOKIE_SECRET_SIZE

#define COOKIE_SECRET_SIZE   32

Definition at line 35 of file wireguard_cookie.h.

◆ ELEMENT_TIMEOUT

#define ELEMENT_TIMEOUT   1

Definition at line 52 of file wireguard_cookie.h.

◆ INITIATION_COST

#define INITIATION_COST   (NSEC_PER_SEC / INITIATIONS_PER_SECOND)

Definition at line 50 of file wireguard_cookie.h.

◆ INITIATIONS_BURSTABLE

#define INITIATIONS_BURSTABLE   5

Definition at line 49 of file wireguard_cookie.h.

◆ INITIATIONS_PER_SECOND

#define INITIATIONS_PER_SECOND   20

Definition at line 48 of file wireguard_cookie.h.

◆ IPV4_MASK_SIZE

#define IPV4_MASK_SIZE   4 /* Use all 4 bytes of IPv4 address */

Definition at line 53 of file wireguard_cookie.h.

◆ IPV6_MASK_SIZE

#define IPV6_MASK_SIZE   8 /* Use top 8 bytes (/64) of IPv6 address */

Definition at line 54 of file wireguard_cookie.h.

◆ NSEC_PER_SEC

#define NSEC_PER_SEC   1000000000LL

Definition at line 47 of file wireguard_cookie.h.

◆ RATELIMIT_SIZE

#define RATELIMIT_SIZE   (1 << 13)

Definition at line 45 of file wireguard_cookie.h.

◆ RATELIMIT_SIZE_MAX

#define RATELIMIT_SIZE_MAX   (RATELIMIT_SIZE * 8)

Definition at line 46 of file wireguard_cookie.h.

◆ TOKEN_MAX

#define TOKEN_MAX   (INITIATION_COST * INITIATIONS_BURSTABLE)

Definition at line 51 of file wireguard_cookie.h.

Typedef Documentation

◆ cookie_checker_t

◆ cookie_maker_t

typedef struct cookie_maker cookie_maker_t

◆ message_macs_t

typedef struct cookie_macs message_macs_t

Enumeration Type Documentation

◆ cookie_mac_state

Enumerator
INVALID_MAC 
VALID_MAC_BUT_NO_COOKIE 
VALID_MAC_WITH_COOKIE 

Definition at line 24 of file wireguard_cookie.h.

Function Documentation

◆ cookie_checker_update()

void cookie_checker_update ( cookie_checker_t ,
uint8_t  [COOKIE_INPUT_SIZE] 
)

Definition at line 46 of file wireguard_cookie.c.

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ cookie_checker_validate_macs()

enum cookie_mac_state cookie_checker_validate_macs ( vlib_main_t vm,
cookie_checker_t ,
message_macs_t ,
void *  ,
size_t  ,
bool  ,
ip4_address_t  ip4,
u16  udp_port 
)

Definition at line 79 of file wireguard_cookie.c.

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ cookie_maker_init()

void cookie_maker_init ( cookie_maker_t ,
const uint8_t  [COOKIE_INPUT_SIZE] 
)

Definition at line 38 of file wireguard_cookie.c.

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ cookie_maker_mac()

void cookie_maker_mac ( cookie_maker_t ,
message_macs_t ,
void *  ,
size_t   
)

Definition at line 61 of file wireguard_cookie.c.

+ Here is the call graph for this function:
+ Here is the caller graph for this function: