summaryrefslogtreecommitdiffstats
path: root/src/antireplay.h
diff options
context:
space:
mode:
authorMatt Dunwoodie <ncon@mail.noconroy.net>2019-09-22 23:15:08 +0200
committerMatt Dunwoodie <ncon@mail.noconroy.net>2019-09-22 23:16:26 +0200
commit3123c4ec9cc80882256ea405a4d0e0ffcbb745c7 (patch)
treec7a15c2cd86a673f2b0c17ad7b31605b7907c73f /src/antireplay.h
parentRename WG_PKT_STATE_PASS to WG_PKT_STATE_REQUEUED (diff)
downloadwireguard-openbsd-3123c4ec9cc80882256ea405a4d0e0ffcbb745c7.tar.xz
wireguard-openbsd-3123c4ec9cc80882256ea405a4d0e0ffcbb745c7.zip
Move antireplay to it's own header
For the time being, this is going to require static functions as antireplay.h is included in multiple source files.
Diffstat (limited to 'src/antireplay.h')
-rw-r--r--src/antireplay.h71
1 files changed, 71 insertions, 0 deletions
diff --git a/src/antireplay.h b/src/antireplay.h
new file mode 100644
index 00000000000..0df6a5f8e06
--- /dev/null
+++ b/src/antireplay.h
@@ -0,0 +1,71 @@
+/*
+ * Copyright (c) 2019 Matt Dunwoodie <ncon@noconroy.net>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#ifndef __ANTIREPLAY_H__
+#define __ANTIREPLAY_H__
+
+#define ARI_BITS (sizeof(uint64_t) * 8)
+#define ARB_BITS (1<<10) /* 1024 bitmap (960 usable) */
+
+struct antireplay {
+ uint64_t ar_head;
+ uint64_t ar_bitmap[ARB_BITS / ARI_BITS];
+};
+
+static void antireplay_init(struct antireplay *);
+static int antireplay_update(struct antireplay *, uint64_t);
+
+/*
+ * The following defines assist the antireplay_check function. *
+ * ANTIREPLAY_INTEGER: the integer in the bitmap corresponding to num *
+ * ANTIREPLAY_INTEGERBIT: the integer with corresponding single bit set
+ */
+#define ANTIREPLAY_INTEGER(ctx, num) (ctx->ar_bitmap[num % ARB_BITS / ARI_BITS])
+#define ANTIREPLAY_INTEGERBIT(num) (1llu << (num & (ARI_BITS - 1)))
+
+static void
+antireplay_init(struct antireplay *ctx)
+{
+ /* We just zero out the struct, expecting that then ctx->ar_head == 0 */
+ explicit_bzero(ctx, sizeof(struct antireplay));
+}
+
+static int
+antireplay_update(struct antireplay *ctx, uint64_t num)
+{
+ /* Bits after ctx->ar_head need to be zeroed. This is called when num is
+ * in front of ctx->ar_head, and those bits need to be set to 0 */
+ if (num < ctx->ar_head + ARB_BITS / ARI_BITS) {
+ for (; ctx->ar_head <= num; ctx->ar_head += ARI_BITS) {
+ ANTIREPLAY_INTEGER(ctx, (ctx->ar_head + 1)) = 0;
+ }
+ } else {
+ bzero(ctx->ar_bitmap, ARB_BITS / ARI_BITS);
+ }
+
+ if (ctx->ar_head > (num + ARB_BITS - ARI_BITS)) {
+ /* Expired */
+ return 1;
+ } else if (ANTIREPLAY_INTEGER(ctx, num) & ANTIREPLAY_INTEGERBIT(num)) {
+ /* Replayed */
+ return 1;
+ } else {
+ /* Unseen */
+ return 0;
+ }
+}
+
+#endif /* __ANTIREPLAY_H__ */