github.com/noisysockets/noisysockets@v0.21.2-0.20240515114641-7f467e651c90/internal/replay/replay.go

github.com/noisysockets/noisysockets@v0.21.2-0.20240515114641-7f467e651c90/internal/replay/replay.go (about)

     1  // SPDX-License-Identifier: MPL-2.0
     2  /*
     3   * Copyright (C) 2024 The Noisy Sockets Authors.
     4   *
     5   * This Source Code Form is subject to the terms of the Mozilla Public
     6   * License, v. 2.0. If a copy of the MPL was not distributed with this
     7   * file, You can obtain one at http://mozilla.org/MPL/2.0/.
     8   *
     9   * Portions of this file are based on code originally from wireguard-go,
    10   *
    11   * Copyright (C) 2017-2023 WireGuard LLC. All Rights Reserved.
    12   *
    13   * Permission is hereby granted, free of charge, to any person obtaining a copy of
    14   * this software and associated documentation files (the "Software"), to deal in
    15   * the Software without restriction, including without limitation the rights to
    16   * use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies
    17   * of the Software, and to permit persons to whom the Software is furnished to do
    18   * so, subject to the following conditions:
    19   *
    20   * The above copyright notice and this permission notice shall be included in all
    21   * copies or substantial portions of the Software.
    22   *
    23   * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
    24   * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
    25   * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
    26   * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
    27   * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
    28   * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
    29   * SOFTWARE.
    30   */
    31  
    32  // Package replay implements an efficient anti-replay algorithm as specified in RFC 6479.
    33  package replay
    34  
    35  type block uint64
    36  
    37  const (
    38  	blockBitLog = 6                // 1<<6 == 64 bits
    39  	blockBits   = 1 << blockBitLog // must be power of 2
    40  	ringBlocks  = 1 << 7           // must be power of 2
    41  	windowSize  = (ringBlocks - 1) * blockBits
    42  	blockMask   = ringBlocks - 1
    43  	bitMask     = blockBits - 1
    44  )
    45  
    46  // A Filter rejects replayed messages by checking if message counter value is
    47  // within a sliding window of previously received messages.
    48  // The zero value for Filter is an empty filter ready to use.
    49  // Filters are unsafe for concurrent use.
    50  type Filter struct {
    51  	last uint64
    52  	ring [ringBlocks]block
    53  }
    54  
    55  // Reset resets the filter to empty state.
    56  func (f *Filter) Reset() {
    57  	f.last = 0
    58  	f.ring[0] = 0
    59  }
    60  
    61  // ValidateCounter checks if the counter should be accepted.
    62  // Overlimit counters (>= limit) are always rejected.
    63  func (f *Filter) ValidateCounter(counter, limit uint64) bool {
    64  	if counter >= limit {
    65  		return false
    66  	}
    67  	indexBlock := counter >> blockBitLog
    68  	if counter > f.last { // move window forward
    69  		current := f.last >> blockBitLog
    70  		diff := indexBlock - current
    71  		if diff > ringBlocks {
    72  			diff = ringBlocks // cap diff to clear the whole ring
    73  		}
    74  		for i := current + 1; i <= current+diff; i++ {
    75  			f.ring[i&blockMask] = 0
    76  		}
    77  		f.last = counter
    78  	} else if f.last-counter > windowSize { // behind current window
    79  		return false
    80  	}
    81  	// check and set bit
    82  	indexBlock &= blockMask
    83  	indexBit := counter & bitMask
    84  	old := f.ring[indexBlock]
    85  	new := old | 1<<indexBit
    86  	f.ring[indexBlock] = new
    87  	return old != new
    88  }