netwerk/srtp/src/crypto/replay/rdb.c@6474c204b198 (annotated)
netwerk/srtp/src/crypto/replay/rdb.c
Wed, 31 Dec 2014 06:09:35 +0100
- author
- Michael Schloh von Bennewitz <michael@schloh.com>
- date
- Wed, 31 Dec 2014 06:09:35 +0100
- changeset 0
- 6474c204b198
- permissions
- -rw-r--r--
Cloned upstream origin tor-browser at tor-browser-31.3.0esr-4.5-1-build1
revision ID fc1c9ff7c1b2defdbc039f12214767608f46423f for hacking purpose.
| michael@0 | 1 | /* |
| michael@0 | 2 | * rdb.c |
| michael@0 | 3 | * |
| michael@0 | 4 | * Implements a replay database for packet security |
| michael@0 | 5 | * |
| michael@0 | 6 | * David A. McGrew |
| michael@0 | 7 | * Cisco Systems, Inc. |
| michael@0 | 8 | */ |
| michael@0 | 9 | |
| michael@0 | 10 | /* |
| michael@0 | 11 | * |
| michael@0 | 12 | * Copyright (c) 2001-2006, Cisco Systems, Inc. |
| michael@0 | 13 | * All rights reserved. |
| michael@0 | 14 | * |
| michael@0 | 15 | * Redistribution and use in source and binary forms, with or without |
| michael@0 | 16 | * modification, are permitted provided that the following conditions |
| michael@0 | 17 | * are met: |
| michael@0 | 18 | * |
| michael@0 | 19 | * Redistributions of source code must retain the above copyright |
| michael@0 | 20 | * notice, this list of conditions and the following disclaimer. |
| michael@0 | 21 | * |
| michael@0 | 22 | * Redistributions in binary form must reproduce the above |
| michael@0 | 23 | * copyright notice, this list of conditions and the following |
| michael@0 | 24 | * disclaimer in the documentation and/or other materials provided |
| michael@0 | 25 | * with the distribution. |
| michael@0 | 26 | * |
| michael@0 | 27 | * Neither the name of the Cisco Systems, Inc. nor the names of its |
| michael@0 | 28 | * contributors may be used to endorse or promote products derived |
| michael@0 | 29 | * from this software without specific prior written permission. |
| michael@0 | 30 | * |
| michael@0 | 31 | * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS |
| michael@0 | 32 | * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT |
| michael@0 | 33 | * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS |
| michael@0 | 34 | * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE |
| michael@0 | 35 | * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, |
| michael@0 | 36 | * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES |
| michael@0 | 37 | * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR |
| michael@0 | 38 | * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) |
| michael@0 | 39 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, |
| michael@0 | 40 | * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) |
| michael@0 | 41 | * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED |
| michael@0 | 42 | * OF THE POSSIBILITY OF SUCH DAMAGE. |
| michael@0 | 43 | * |
| michael@0 | 44 | */ |
| michael@0 | 45 | |
| michael@0 | 46 | |
| michael@0 | 47 | #include "rdb.h" |
| michael@0 | 48 | |
| michael@0 | 49 | |
| michael@0 | 50 | /* |
| michael@0 | 51 | * this implementation of a replay database works as follows: |
| michael@0 | 52 | * |
| michael@0 | 53 | * window_start is the index of the first packet in the window |
| michael@0 | 54 | * bitmask a bit-buffer, containing the most recently entered |
| michael@0 | 55 | * index as the leftmost bit |
| michael@0 | 56 | * |
| michael@0 | 57 | */ |
| michael@0 | 58 | |
| michael@0 | 59 | /* rdb_init initalizes rdb */ |
| michael@0 | 60 | |
| michael@0 | 61 | err_status_t |
| michael@0 | 62 | rdb_init(rdb_t *rdb) { |
| michael@0 | 63 | v128_set_to_zero(&rdb->bitmask); |
| michael@0 | 64 | rdb->window_start = 0; |
| michael@0 | 65 | return err_status_ok; |
| michael@0 | 66 | } |
| michael@0 | 67 | |
| michael@0 | 68 | /* |
| michael@0 | 69 | * rdb_check checks to see if index appears in rdb |
| michael@0 | 70 | */ |
| michael@0 | 71 | |
| michael@0 | 72 | err_status_t |
| michael@0 | 73 | rdb_check(const rdb_t *rdb, uint32_t p_index) { |
| michael@0 | 74 | |
| michael@0 | 75 | /* if the index appears after (or at very end of) the window, its good */ |
| michael@0 | 76 | if (p_index >= rdb->window_start + rdb_bits_in_bitmask) |
| michael@0 | 77 | return err_status_ok; |
| michael@0 | 78 | |
| michael@0 | 79 | /* if the index appears before the window, its bad */ |
| michael@0 | 80 | if (p_index < rdb->window_start) |
| michael@0 | 81 | return err_status_replay_old; |
| michael@0 | 82 | |
| michael@0 | 83 | /* otherwise, the index appears within the window, so check the bitmask */ |
| michael@0 | 84 | if (v128_get_bit(&rdb->bitmask, (p_index - rdb->window_start)) == 1) |
| michael@0 | 85 | return err_status_replay_fail; |
| michael@0 | 86 | |
| michael@0 | 87 | /* otherwise, the index is okay */ |
| michael@0 | 88 | return err_status_ok; |
| michael@0 | 89 | } |
| michael@0 | 90 | |
| michael@0 | 91 | /* |
| michael@0 | 92 | * rdb_add_index adds index to rdb_t (and does *not* check if |
| michael@0 | 93 | * index appears in db) |
| michael@0 | 94 | * |
| michael@0 | 95 | * this function should be called only after rdb_check has |
| michael@0 | 96 | * indicated that the index does not appear in the rdb, e.g., a mutex |
| michael@0 | 97 | * should protect the rdb between these calls |
| michael@0 | 98 | */ |
| michael@0 | 99 | |
| michael@0 | 100 | err_status_t |
| michael@0 | 101 | rdb_add_index(rdb_t *rdb, uint32_t p_index) { |
| michael@0 | 102 | int delta; |
| michael@0 | 103 | |
| michael@0 | 104 | /* here we *assume* that p_index > rdb->window_start */ |
| michael@0 | 105 | |
| michael@0 | 106 | delta = (p_index - rdb->window_start); |
| michael@0 | 107 | if (delta < (int)rdb_bits_in_bitmask) { |
| michael@0 | 108 | |
| michael@0 | 109 | /* if the p_index is within the window, set the appropriate bit */ |
| michael@0 | 110 | v128_set_bit(&rdb->bitmask, delta); |
| michael@0 | 111 | |
| michael@0 | 112 | } else { |
| michael@0 | 113 | |
| michael@0 | 114 | delta -= rdb_bits_in_bitmask - 1; |
| michael@0 | 115 | |
| michael@0 | 116 | /* shift the window forward by delta bits*/ |
| michael@0 | 117 | v128_left_shift(&rdb->bitmask, delta); |
| michael@0 | 118 | v128_set_bit(&rdb->bitmask, rdb_bits_in_bitmask-1); |
| michael@0 | 119 | rdb->window_start += delta; |
| michael@0 | 120 | |
| michael@0 | 121 | } |
| michael@0 | 122 | |
| michael@0 | 123 | return err_status_ok; |
| michael@0 | 124 | } |
| michael@0 | 125 | |
| michael@0 | 126 | err_status_t |
| michael@0 | 127 | rdb_increment(rdb_t *rdb) { |
| michael@0 | 128 | |
| michael@0 | 129 | if (rdb->window_start++ > 0x7fffffff) |
| michael@0 | 130 | return err_status_key_expired; |
| michael@0 | 131 | return err_status_ok; |
| michael@0 | 132 | } |
| michael@0 | 133 | |
| michael@0 | 134 | uint32_t |
| michael@0 | 135 | rdb_get_value(const rdb_t *rdb) { |
| michael@0 | 136 | return rdb->window_start; |
| michael@0 | 137 | } |
