2018-05-03 13:04:00 +00:00
|
|
|
/* SPDX-License-Identifier: GPL-2.0
|
|
|
|
*
|
2018-09-05 21:54:31 +00:00
|
|
|
* Copyright (C) 2017-2018 WireGuard LLC. All Rights Reserved.
|
2018-05-03 13:04:00 +00:00
|
|
|
*/
|
|
|
|
|
2018-05-23 00:32:02 +00:00
|
|
|
package replay
|
2017-07-12 21:11:49 +00:00
|
|
|
|
2017-07-10 10:09:19 +00:00
|
|
|
/* Implementation of RFC6479
|
|
|
|
* https://tools.ietf.org/html/rfc6479
|
|
|
|
*
|
|
|
|
* The implementation is not safe for concurrent use!
|
|
|
|
*/
|
|
|
|
|
|
|
|
const (
|
|
|
|
// See: https://golang.org/src/math/big/arith.go
|
|
|
|
_Wordm = ^uintptr(0)
|
|
|
|
_WordLogSize = _Wordm>>8&1 + _Wordm>>16&1 + _Wordm>>32&1
|
|
|
|
_WordSize = 1 << _WordLogSize
|
|
|
|
)
|
|
|
|
|
|
|
|
const (
|
|
|
|
CounterRedundantBitsLog = _WordLogSize + 3
|
|
|
|
CounterRedundantBits = _WordSize * 8
|
|
|
|
CounterBitsTotal = 2048
|
|
|
|
CounterWindowSize = uint64(CounterBitsTotal - CounterRedundantBits)
|
|
|
|
)
|
|
|
|
|
|
|
|
const (
|
|
|
|
BacktrackWords = CounterBitsTotal / _WordSize
|
|
|
|
)
|
|
|
|
|
2018-05-23 00:32:02 +00:00
|
|
|
func minUint64(a uint64, b uint64) uint64 {
|
|
|
|
if a > b {
|
|
|
|
return b
|
|
|
|
}
|
|
|
|
return a
|
|
|
|
}
|
|
|
|
|
2017-07-10 10:09:19 +00:00
|
|
|
type ReplayFilter struct {
|
|
|
|
counter uint64
|
|
|
|
backtrack [BacktrackWords]uintptr
|
|
|
|
}
|
|
|
|
|
|
|
|
func (filter *ReplayFilter) Init() {
|
|
|
|
filter.counter = 0
|
|
|
|
filter.backtrack[0] = 0
|
|
|
|
}
|
|
|
|
|
2018-05-23 00:32:02 +00:00
|
|
|
func (filter *ReplayFilter) ValidateCounter(counter uint64, limit uint64) bool {
|
|
|
|
if counter >= limit {
|
2017-07-10 10:09:19 +00:00
|
|
|
return false
|
|
|
|
}
|
|
|
|
|
|
|
|
indexWord := counter >> CounterRedundantBitsLog
|
|
|
|
|
|
|
|
if counter > filter.counter {
|
|
|
|
|
|
|
|
// move window forward
|
|
|
|
|
|
|
|
current := filter.counter >> CounterRedundantBitsLog
|
|
|
|
diff := minUint64(indexWord-current, BacktrackWords)
|
|
|
|
for i := uint64(1); i <= diff; i++ {
|
|
|
|
filter.backtrack[(current+i)%BacktrackWords] = 0
|
|
|
|
}
|
|
|
|
filter.counter = counter
|
|
|
|
|
|
|
|
} else if filter.counter-counter > CounterWindowSize {
|
|
|
|
|
|
|
|
// behind current window
|
|
|
|
|
|
|
|
return false
|
|
|
|
}
|
|
|
|
|
|
|
|
indexWord %= BacktrackWords
|
|
|
|
indexBit := counter & uint64(CounterRedundantBits-1)
|
|
|
|
|
|
|
|
// check and set bit
|
|
|
|
|
|
|
|
oldValue := filter.backtrack[indexWord]
|
|
|
|
newValue := oldValue | (1 << indexBit)
|
|
|
|
filter.backtrack[indexWord] = newValue
|
|
|
|
return oldValue != newValue
|
|
|
|
}
|