1 // SPDX-License-Identifier: GPL-2.0-only
3 * xfrm_replay.c - xfrm replay detection, derived from xfrm_state.c.
5 * Copyright (C) 2010 secunet Security Networks AG
6 * Copyright (C) 2010 Steffen Klassert <steffen.klassert@secunet.com>
9 #include <linux/export.h>
12 u32 xfrm_replay_seqhi(struct xfrm_state *x, __be32 net_seq)
14 u32 seq, seq_hi, bottom;
15 struct xfrm_replay_state_esn *replay_esn = x->replay_esn;
17 if (!(x->props.flags & XFRM_STATE_ESN))
21 seq_hi = replay_esn->seq_hi;
22 bottom = replay_esn->seq - replay_esn->replay_window + 1;
24 if (likely(replay_esn->seq >= replay_esn->replay_window - 1)) {
25 /* A. same subspace */
26 if (unlikely(seq < bottom))
29 /* B. window spans two subspaces */
30 if (unlikely(seq >= bottom))
36 EXPORT_SYMBOL(xfrm_replay_seqhi);
38 static void xfrm_replay_notify(struct xfrm_state *x, int event)
41 /* we send notify messages in case
42 * 1. we updated on of the sequence numbers, and the seqno difference
43 * is at least x->replay_maxdiff, in this case we also update the
44 * timeout of our timer function
45 * 2. if x->replay_maxage has elapsed since last update,
46 * and there were changes
48 * The state structure must be locked!
52 case XFRM_REPLAY_UPDATE:
53 if (!x->replay_maxdiff ||
54 ((x->replay.seq - x->preplay.seq < x->replay_maxdiff) &&
55 (x->replay.oseq - x->preplay.oseq < x->replay_maxdiff))) {
56 if (x->xflags & XFRM_TIME_DEFER)
57 event = XFRM_REPLAY_TIMEOUT;
64 case XFRM_REPLAY_TIMEOUT:
65 if (memcmp(&x->replay, &x->preplay,
66 sizeof(struct xfrm_replay_state)) == 0) {
67 x->xflags |= XFRM_TIME_DEFER;
74 memcpy(&x->preplay, &x->replay, sizeof(struct xfrm_replay_state));
75 c.event = XFRM_MSG_NEWAE;
76 c.data.aevent = event;
77 km_state_notify(x, &c);
79 if (x->replay_maxage &&
80 !mod_timer(&x->rtimer, jiffies + x->replay_maxage))
81 x->xflags &= ~XFRM_TIME_DEFER;
84 static int xfrm_replay_overflow(struct xfrm_state *x, struct sk_buff *skb)
87 struct net *net = xs_net(x);
89 if (x->type->flags & XFRM_TYPE_REPLAY_PROT) {
90 XFRM_SKB_CB(skb)->seq.output.low = ++x->replay.oseq;
91 XFRM_SKB_CB(skb)->seq.output.hi = 0;
92 if (unlikely(x->replay.oseq == 0) &&
93 !(x->props.extra_flags & XFRM_SA_XFLAG_OSEQ_MAY_WRAP)) {
95 xfrm_audit_state_replay_overflow(x, skb);
100 if (xfrm_aevent_is_on(net))
101 x->repl->notify(x, XFRM_REPLAY_UPDATE);
107 static int xfrm_replay_check(struct xfrm_state *x,
108 struct sk_buff *skb, __be32 net_seq)
111 u32 seq = ntohl(net_seq);
113 if (!x->props.replay_window)
116 if (unlikely(seq == 0))
119 if (likely(seq > x->replay.seq))
122 diff = x->replay.seq - seq;
123 if (diff >= x->props.replay_window) {
124 x->stats.replay_window++;
128 if (x->replay.bitmap & (1U << diff)) {
135 xfrm_audit_state_replay(x, skb, net_seq);
139 static void xfrm_replay_advance(struct xfrm_state *x, __be32 net_seq)
142 u32 seq = ntohl(net_seq);
144 if (!x->props.replay_window)
147 if (seq > x->replay.seq) {
148 diff = seq - x->replay.seq;
149 if (diff < x->props.replay_window)
150 x->replay.bitmap = ((x->replay.bitmap) << diff) | 1;
152 x->replay.bitmap = 1;
155 diff = x->replay.seq - seq;
156 x->replay.bitmap |= (1U << diff);
159 if (xfrm_aevent_is_on(xs_net(x)))
160 x->repl->notify(x, XFRM_REPLAY_UPDATE);
163 static int xfrm_replay_overflow_bmp(struct xfrm_state *x, struct sk_buff *skb)
166 struct xfrm_replay_state_esn *replay_esn = x->replay_esn;
167 struct net *net = xs_net(x);
169 if (x->type->flags & XFRM_TYPE_REPLAY_PROT) {
170 XFRM_SKB_CB(skb)->seq.output.low = ++replay_esn->oseq;
171 XFRM_SKB_CB(skb)->seq.output.hi = 0;
172 if (unlikely(replay_esn->oseq == 0) &&
173 !(x->props.extra_flags & XFRM_SA_XFLAG_OSEQ_MAY_WRAP)) {
175 xfrm_audit_state_replay_overflow(x, skb);
180 if (xfrm_aevent_is_on(net))
181 x->repl->notify(x, XFRM_REPLAY_UPDATE);
187 static int xfrm_replay_check_bmp(struct xfrm_state *x,
188 struct sk_buff *skb, __be32 net_seq)
190 unsigned int bitnr, nr;
191 struct xfrm_replay_state_esn *replay_esn = x->replay_esn;
193 u32 seq = ntohl(net_seq);
194 u32 diff = replay_esn->seq - seq;
196 if (!replay_esn->replay_window)
199 if (unlikely(seq == 0))
202 if (likely(seq > replay_esn->seq))
205 if (diff >= replay_esn->replay_window) {
206 x->stats.replay_window++;
210 pos = (replay_esn->seq - 1) % replay_esn->replay_window;
213 bitnr = (pos - diff) % replay_esn->replay_window;
215 bitnr = replay_esn->replay_window - (diff - pos);
218 bitnr = bitnr & 0x1F;
219 if (replay_esn->bmp[nr] & (1U << bitnr))
227 xfrm_audit_state_replay(x, skb, net_seq);
231 static void xfrm_replay_advance_bmp(struct xfrm_state *x, __be32 net_seq)
233 unsigned int bitnr, nr, i;
235 struct xfrm_replay_state_esn *replay_esn = x->replay_esn;
236 u32 seq = ntohl(net_seq);
239 if (!replay_esn->replay_window)
242 pos = (replay_esn->seq - 1) % replay_esn->replay_window;
244 if (seq > replay_esn->seq) {
245 diff = seq - replay_esn->seq;
247 if (diff < replay_esn->replay_window) {
248 for (i = 1; i < diff; i++) {
249 bitnr = (pos + i) % replay_esn->replay_window;
251 bitnr = bitnr & 0x1F;
252 replay_esn->bmp[nr] &= ~(1U << bitnr);
255 nr = (replay_esn->replay_window - 1) >> 5;
256 for (i = 0; i <= nr; i++)
257 replay_esn->bmp[i] = 0;
260 bitnr = (pos + diff) % replay_esn->replay_window;
261 replay_esn->seq = seq;
263 diff = replay_esn->seq - seq;
266 bitnr = (pos - diff) % replay_esn->replay_window;
268 bitnr = replay_esn->replay_window - (diff - pos);
272 bitnr = bitnr & 0x1F;
273 replay_esn->bmp[nr] |= (1U << bitnr);
275 if (xfrm_aevent_is_on(xs_net(x)))
276 x->repl->notify(x, XFRM_REPLAY_UPDATE);
279 static void xfrm_replay_notify_bmp(struct xfrm_state *x, int event)
282 struct xfrm_replay_state_esn *replay_esn = x->replay_esn;
283 struct xfrm_replay_state_esn *preplay_esn = x->preplay_esn;
285 /* we send notify messages in case
286 * 1. we updated on of the sequence numbers, and the seqno difference
287 * is at least x->replay_maxdiff, in this case we also update the
288 * timeout of our timer function
289 * 2. if x->replay_maxage has elapsed since last update,
290 * and there were changes
292 * The state structure must be locked!
296 case XFRM_REPLAY_UPDATE:
297 if (!x->replay_maxdiff ||
298 ((replay_esn->seq - preplay_esn->seq < x->replay_maxdiff) &&
299 (replay_esn->oseq - preplay_esn->oseq
300 < x->replay_maxdiff))) {
301 if (x->xflags & XFRM_TIME_DEFER)
302 event = XFRM_REPLAY_TIMEOUT;
309 case XFRM_REPLAY_TIMEOUT:
310 if (memcmp(x->replay_esn, x->preplay_esn,
311 xfrm_replay_state_esn_len(replay_esn)) == 0) {
312 x->xflags |= XFRM_TIME_DEFER;
319 memcpy(x->preplay_esn, x->replay_esn,
320 xfrm_replay_state_esn_len(replay_esn));
321 c.event = XFRM_MSG_NEWAE;
322 c.data.aevent = event;
323 km_state_notify(x, &c);
325 if (x->replay_maxage &&
326 !mod_timer(&x->rtimer, jiffies + x->replay_maxage))
327 x->xflags &= ~XFRM_TIME_DEFER;
330 static void xfrm_replay_notify_esn(struct xfrm_state *x, int event)
332 u32 seq_diff, oseq_diff;
334 struct xfrm_replay_state_esn *replay_esn = x->replay_esn;
335 struct xfrm_replay_state_esn *preplay_esn = x->preplay_esn;
337 /* we send notify messages in case
338 * 1. we updated on of the sequence numbers, and the seqno difference
339 * is at least x->replay_maxdiff, in this case we also update the
340 * timeout of our timer function
341 * 2. if x->replay_maxage has elapsed since last update,
342 * and there were changes
344 * The state structure must be locked!
348 case XFRM_REPLAY_UPDATE:
349 if (x->replay_maxdiff) {
350 if (replay_esn->seq_hi == preplay_esn->seq_hi)
351 seq_diff = replay_esn->seq - preplay_esn->seq;
353 seq_diff = ~preplay_esn->seq + replay_esn->seq
356 if (replay_esn->oseq_hi == preplay_esn->oseq_hi)
357 oseq_diff = replay_esn->oseq
360 oseq_diff = ~preplay_esn->oseq
361 + replay_esn->oseq + 1;
363 if (seq_diff >= x->replay_maxdiff ||
364 oseq_diff >= x->replay_maxdiff)
368 if (x->xflags & XFRM_TIME_DEFER)
369 event = XFRM_REPLAY_TIMEOUT;
375 case XFRM_REPLAY_TIMEOUT:
376 if (memcmp(x->replay_esn, x->preplay_esn,
377 xfrm_replay_state_esn_len(replay_esn)) == 0) {
378 x->xflags |= XFRM_TIME_DEFER;
385 memcpy(x->preplay_esn, x->replay_esn,
386 xfrm_replay_state_esn_len(replay_esn));
387 c.event = XFRM_MSG_NEWAE;
388 c.data.aevent = event;
389 km_state_notify(x, &c);
391 if (x->replay_maxage &&
392 !mod_timer(&x->rtimer, jiffies + x->replay_maxage))
393 x->xflags &= ~XFRM_TIME_DEFER;
396 static int xfrm_replay_overflow_esn(struct xfrm_state *x, struct sk_buff *skb)
399 struct xfrm_replay_state_esn *replay_esn = x->replay_esn;
400 struct net *net = xs_net(x);
402 if (x->type->flags & XFRM_TYPE_REPLAY_PROT) {
403 XFRM_SKB_CB(skb)->seq.output.low = ++replay_esn->oseq;
404 XFRM_SKB_CB(skb)->seq.output.hi = replay_esn->oseq_hi;
406 if (unlikely(replay_esn->oseq == 0)) {
407 XFRM_SKB_CB(skb)->seq.output.hi = ++replay_esn->oseq_hi;
409 if (replay_esn->oseq_hi == 0) {
411 replay_esn->oseq_hi--;
412 xfrm_audit_state_replay_overflow(x, skb);
418 if (xfrm_aevent_is_on(net))
419 x->repl->notify(x, XFRM_REPLAY_UPDATE);
425 static int xfrm_replay_check_esn(struct xfrm_state *x,
426 struct sk_buff *skb, __be32 net_seq)
428 unsigned int bitnr, nr;
430 struct xfrm_replay_state_esn *replay_esn = x->replay_esn;
432 u32 seq = ntohl(net_seq);
433 u32 wsize = replay_esn->replay_window;
434 u32 top = replay_esn->seq;
435 u32 bottom = top - wsize + 1;
440 if (unlikely(seq == 0 && replay_esn->seq_hi == 0 &&
441 (replay_esn->seq < replay_esn->replay_window - 1)))
446 if (likely(top >= wsize - 1)) {
447 /* A. same subspace */
448 if (likely(seq > top) || seq < bottom)
451 /* B. window spans two subspaces */
452 if (likely(seq > top && seq < bottom))
455 diff = ~seq + top + 1;
458 if (diff >= replay_esn->replay_window) {
459 x->stats.replay_window++;
463 pos = (replay_esn->seq - 1) % replay_esn->replay_window;
466 bitnr = (pos - diff) % replay_esn->replay_window;
468 bitnr = replay_esn->replay_window - (diff - pos);
471 bitnr = bitnr & 0x1F;
472 if (replay_esn->bmp[nr] & (1U << bitnr))
480 xfrm_audit_state_replay(x, skb, net_seq);
484 static int xfrm_replay_recheck_esn(struct xfrm_state *x,
485 struct sk_buff *skb, __be32 net_seq)
487 if (unlikely(XFRM_SKB_CB(skb)->seq.input.hi !=
488 htonl(xfrm_replay_seqhi(x, net_seq)))) {
489 x->stats.replay_window++;
493 return xfrm_replay_check_esn(x, skb, net_seq);
496 static void xfrm_replay_advance_esn(struct xfrm_state *x, __be32 net_seq)
498 unsigned int bitnr, nr, i;
500 u32 diff, pos, seq, seq_hi;
501 struct xfrm_replay_state_esn *replay_esn = x->replay_esn;
503 if (!replay_esn->replay_window)
506 seq = ntohl(net_seq);
507 pos = (replay_esn->seq - 1) % replay_esn->replay_window;
508 seq_hi = xfrm_replay_seqhi(x, net_seq);
509 wrap = seq_hi - replay_esn->seq_hi;
511 if ((!wrap && seq > replay_esn->seq) || wrap > 0) {
513 diff = seq - replay_esn->seq;
515 diff = ~replay_esn->seq + seq + 1;
517 if (diff < replay_esn->replay_window) {
518 for (i = 1; i < diff; i++) {
519 bitnr = (pos + i) % replay_esn->replay_window;
521 bitnr = bitnr & 0x1F;
522 replay_esn->bmp[nr] &= ~(1U << bitnr);
525 nr = (replay_esn->replay_window - 1) >> 5;
526 for (i = 0; i <= nr; i++)
527 replay_esn->bmp[i] = 0;
530 bitnr = (pos + diff) % replay_esn->replay_window;
531 replay_esn->seq = seq;
533 if (unlikely(wrap > 0))
534 replay_esn->seq_hi++;
536 diff = replay_esn->seq - seq;
539 bitnr = (pos - diff) % replay_esn->replay_window;
541 bitnr = replay_esn->replay_window - (diff - pos);
544 xfrm_dev_state_advance_esn(x);
547 bitnr = bitnr & 0x1F;
548 replay_esn->bmp[nr] |= (1U << bitnr);
550 if (xfrm_aevent_is_on(xs_net(x)))
551 x->repl->notify(x, XFRM_REPLAY_UPDATE);
554 #ifdef CONFIG_XFRM_OFFLOAD
555 static int xfrm_replay_overflow_offload(struct xfrm_state *x, struct sk_buff *skb)
558 struct net *net = xs_net(x);
559 struct xfrm_offload *xo = xfrm_offload(skb);
560 __u32 oseq = x->replay.oseq;
563 return xfrm_replay_overflow(x, skb);
565 if (x->type->flags & XFRM_TYPE_REPLAY_PROT) {
566 if (!skb_is_gso(skb)) {
567 XFRM_SKB_CB(skb)->seq.output.low = ++oseq;
570 XFRM_SKB_CB(skb)->seq.output.low = oseq + 1;
571 xo->seq.low = oseq + 1;
572 oseq += skb_shinfo(skb)->gso_segs;
575 XFRM_SKB_CB(skb)->seq.output.hi = 0;
577 if (unlikely(oseq < x->replay.oseq) &&
578 !(x->props.extra_flags & XFRM_SA_XFLAG_OSEQ_MAY_WRAP)) {
579 xfrm_audit_state_replay_overflow(x, skb);
585 x->replay.oseq = oseq;
587 if (xfrm_aevent_is_on(net))
588 x->repl->notify(x, XFRM_REPLAY_UPDATE);
594 static int xfrm_replay_overflow_offload_bmp(struct xfrm_state *x, struct sk_buff *skb)
597 struct xfrm_offload *xo = xfrm_offload(skb);
598 struct xfrm_replay_state_esn *replay_esn = x->replay_esn;
599 struct net *net = xs_net(x);
600 __u32 oseq = replay_esn->oseq;
603 return xfrm_replay_overflow_bmp(x, skb);
605 if (x->type->flags & XFRM_TYPE_REPLAY_PROT) {
606 if (!skb_is_gso(skb)) {
607 XFRM_SKB_CB(skb)->seq.output.low = ++oseq;
610 XFRM_SKB_CB(skb)->seq.output.low = oseq + 1;
611 xo->seq.low = oseq + 1;
612 oseq += skb_shinfo(skb)->gso_segs;
615 XFRM_SKB_CB(skb)->seq.output.hi = 0;
617 if (unlikely(oseq < replay_esn->oseq) &&
618 !(x->props.extra_flags & XFRM_SA_XFLAG_OSEQ_MAY_WRAP)) {
619 xfrm_audit_state_replay_overflow(x, skb);
624 replay_esn->oseq = oseq;
627 if (xfrm_aevent_is_on(net))
628 x->repl->notify(x, XFRM_REPLAY_UPDATE);
634 static int xfrm_replay_overflow_offload_esn(struct xfrm_state *x, struct sk_buff *skb)
637 struct xfrm_offload *xo = xfrm_offload(skb);
638 struct xfrm_replay_state_esn *replay_esn = x->replay_esn;
639 struct net *net = xs_net(x);
640 __u32 oseq = replay_esn->oseq;
641 __u32 oseq_hi = replay_esn->oseq_hi;
644 return xfrm_replay_overflow_esn(x, skb);
646 if (x->type->flags & XFRM_TYPE_REPLAY_PROT) {
647 if (!skb_is_gso(skb)) {
648 XFRM_SKB_CB(skb)->seq.output.low = ++oseq;
649 XFRM_SKB_CB(skb)->seq.output.hi = oseq_hi;
651 xo->seq.hi = oseq_hi;
653 XFRM_SKB_CB(skb)->seq.output.low = oseq + 1;
654 XFRM_SKB_CB(skb)->seq.output.hi = oseq_hi;
655 xo->seq.low = oseq + 1;
656 xo->seq.hi = oseq_hi;
657 oseq += skb_shinfo(skb)->gso_segs;
660 if (unlikely(oseq < replay_esn->oseq)) {
661 XFRM_SKB_CB(skb)->seq.output.hi = ++oseq_hi;
662 xo->seq.hi = oseq_hi;
663 replay_esn->oseq_hi = oseq_hi;
664 if (replay_esn->oseq_hi == 0) {
666 replay_esn->oseq_hi--;
667 xfrm_audit_state_replay_overflow(x, skb);
674 replay_esn->oseq = oseq;
676 if (xfrm_aevent_is_on(net))
677 x->repl->notify(x, XFRM_REPLAY_UPDATE);
683 static const struct xfrm_replay xfrm_replay_legacy = {
684 .advance = xfrm_replay_advance,
685 .check = xfrm_replay_check,
686 .recheck = xfrm_replay_check,
687 .notify = xfrm_replay_notify,
688 .overflow = xfrm_replay_overflow_offload,
691 static const struct xfrm_replay xfrm_replay_bmp = {
692 .advance = xfrm_replay_advance_bmp,
693 .check = xfrm_replay_check_bmp,
694 .recheck = xfrm_replay_check_bmp,
695 .notify = xfrm_replay_notify_bmp,
696 .overflow = xfrm_replay_overflow_offload_bmp,
699 static const struct xfrm_replay xfrm_replay_esn = {
700 .advance = xfrm_replay_advance_esn,
701 .check = xfrm_replay_check_esn,
702 .recheck = xfrm_replay_recheck_esn,
703 .notify = xfrm_replay_notify_esn,
704 .overflow = xfrm_replay_overflow_offload_esn,
707 static const struct xfrm_replay xfrm_replay_legacy = {
708 .advance = xfrm_replay_advance,
709 .check = xfrm_replay_check,
710 .recheck = xfrm_replay_check,
711 .notify = xfrm_replay_notify,
712 .overflow = xfrm_replay_overflow,
715 static const struct xfrm_replay xfrm_replay_bmp = {
716 .advance = xfrm_replay_advance_bmp,
717 .check = xfrm_replay_check_bmp,
718 .recheck = xfrm_replay_check_bmp,
719 .notify = xfrm_replay_notify_bmp,
720 .overflow = xfrm_replay_overflow_bmp,
723 static const struct xfrm_replay xfrm_replay_esn = {
724 .advance = xfrm_replay_advance_esn,
725 .check = xfrm_replay_check_esn,
726 .recheck = xfrm_replay_recheck_esn,
727 .notify = xfrm_replay_notify_esn,
728 .overflow = xfrm_replay_overflow_esn,
732 int xfrm_init_replay(struct xfrm_state *x)
734 struct xfrm_replay_state_esn *replay_esn = x->replay_esn;
737 if (replay_esn->replay_window >
738 replay_esn->bmp_len * sizeof(__u32) * 8)
741 if (x->props.flags & XFRM_STATE_ESN) {
742 if (replay_esn->replay_window == 0)
744 x->repl = &xfrm_replay_esn;
746 x->repl = &xfrm_replay_bmp;
749 x->repl = &xfrm_replay_legacy;
754 EXPORT_SYMBOL(xfrm_init_replay);
projects / linux-2.6-microblaze.git / blob