mirror of https://github.com/sipwise/kamailio.git
You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
252 lines
8.1 KiB
252 lines
8.1 KiB
/*
|
|
* $Id$
|
|
*
|
|
* nonce-count (nc) tracking
|
|
*
|
|
* Copyright (C) 2008 iptelorg GmbH
|
|
*
|
|
* This file is part of ser, a free SIP server.
|
|
*
|
|
* ser is free software; you can redistribute it and/or modify
|
|
* it under the terms of the GNU General Public License as published by
|
|
* the Free Software Foundation; either version 2 of the License, or
|
|
* (at your option) any later version
|
|
*
|
|
* ser is distributed in the hope that it will be useful,
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
* GNU General Public License for more details.
|
|
*
|
|
* You should have received a copy of the GNU General Public License
|
|
* along with this program; if not, write to the Free Software
|
|
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
|
|
*/
|
|
/*
|
|
* History:
|
|
* --------
|
|
* 2008-07-04 initial version (andrei)
|
|
*/
|
|
|
|
int nc_enabled=0;
|
|
unsigned nc_array_k; /* array size bits (k in 2^k) */
|
|
unsigned nc_array_size; /* 2^k == 1<<nc_array_bits (in nc_t and not
|
|
unsigned ints)*/
|
|
|
|
#ifdef USE_NC
|
|
|
|
#include "nc.h"
|
|
#include "nid.h"
|
|
#include "../../dprint.h"
|
|
#include "../../bit_scan.h"
|
|
#include "../../atomic_ops.h"
|
|
#include "../../ut.h" /* ROUNDUP...*/
|
|
#include "../../mem/shm_mem.h" /* shm_available() */
|
|
#include <stdlib.h> /* random() */
|
|
#include <string.h> /* memset() */
|
|
#include <assert.h>
|
|
|
|
static unsigned int* nc_array=0;
|
|
|
|
|
|
unsigned nc_partition_size; /* array partition == nc_array_size/nc_pool_no*/
|
|
unsigned nc_partition_k; /* k such that 2^k==nc_partition_size */
|
|
unsigned nc_partition_mask; /* mask for computing the real idx. inside
|
|
one partition */
|
|
|
|
|
|
/* returns -1 on error, 0 on success */
|
|
int init_nonce_count()
|
|
{
|
|
unsigned long size;
|
|
unsigned long max_mem;
|
|
unsigned orig_array_size;
|
|
|
|
|
|
if (nid_crt==0){
|
|
BUG("auth: init_nonce_count: nonce index must be "
|
|
"initialized first (see init_nonce_id())\n");
|
|
return -1;
|
|
}
|
|
orig_array_size=nc_array_size;
|
|
if (nc_array_k==0){
|
|
if (nc_array_size==0){
|
|
nc_array_size=DEFAULT_NC_ARRAY_SIZE;
|
|
}
|
|
nc_array_k=bit_scan_reverse32(nc_array_size);
|
|
}
|
|
size=1UL<<nc_array_k; /* ROUNDDOWN to 2^nc_array_k */
|
|
if (size < MIN_NC_ARRAY_SIZE){
|
|
WARN("auth: nonce-count in.flight nonces is very low (%d),"
|
|
" consider increasing nc_array_size to at least %d\n",
|
|
orig_array_size, MIN_NC_ARRAY_SIZE);
|
|
}
|
|
if (size > MAX_NC_ARRAY_SIZE){
|
|
WARN("auth: nonce-count in flight nonces is too high (%d),"
|
|
" consider decreasing nc_array_size to at least %d\n",
|
|
orig_array_size, MAX_NC_ARRAY_SIZE);
|
|
}
|
|
if (size!=nc_array_size){
|
|
if (orig_array_size!=0)
|
|
INFO("auth: nc_array_size rounded down to %ld\n", size);
|
|
else
|
|
INFO("auth: nc_array_size set to %ld\n", size);
|
|
}
|
|
max_mem=shm_available();
|
|
if (size*sizeof(nc_t) >= max_mem){
|
|
ERR("auth: nc_array_size (%ld) is too big for the configured "
|
|
"amount of shared memory (%ld bytes <= %ld bytes)\n",
|
|
size, max_mem, size*sizeof(nc_t));
|
|
return -1;
|
|
}else if (size*sizeof(nc_t) >= max_mem/2){
|
|
WARN("auth: the currently configured nc_array_size (%ld) "
|
|
"would use more then 50%% of the available shared"
|
|
" memory(%ld bytes)\n", size, max_mem);
|
|
}
|
|
nc_array_size=size;
|
|
|
|
if (nid_pool_no>=nc_array_size){
|
|
ERR("auth: nid_pool_no (%d) too high for the configured "
|
|
"nc_array_size (%d)\n", nid_pool_no, nc_array_size);
|
|
return -1;
|
|
}
|
|
nc_partition_size=nc_array_size >> nid_pool_k;
|
|
nc_partition_k=nc_array_k-nid_pool_k;
|
|
nc_partition_mask=(1<<nc_partition_k)-1;
|
|
assert(nc_partition_size == nc_array_size/nid_pool_no);
|
|
assert(1<<(nc_partition_k+nid_pool_k) == nc_array_size);
|
|
|
|
if ((nid_t)nc_partition_size >= ((nid_t)(-1)/NID_INC)){
|
|
ERR("auth: nc_array_size too big, try decreasing it or increasing"
|
|
"the number of pools/partitions\n");
|
|
return -1;
|
|
}
|
|
if (nc_partition_size < MIN_NC_ARRAY_PARTITION){
|
|
WARN("auth: nonce-count in-flight nonces very low,"
|
|
" consider either decreasing nc_pool_no (%d) or "
|
|
" increasing nc_array_size (%d) such that "
|
|
"nc_array_size/nid_pool_no >= %d\n",
|
|
nid_pool_no, orig_array_size, MIN_NC_ARRAY_PARTITION);
|
|
}
|
|
|
|
|
|
/* array size should be multiple of sizeof(unsigned int) since we
|
|
* access it as an uint array */
|
|
nc_array=shm_malloc(sizeof(nc_t)*ROUND_INT(nc_array_size));
|
|
if (nc_array==0){
|
|
ERR("auth: init_nonce_count: memory allocation failure, consider"
|
|
" either decreasing nc_array_size of increasing the"
|
|
" the shared memory ammount\n");
|
|
goto error;
|
|
}
|
|
/* int the nc_array with the max nc value to avoid replay attacks after
|
|
* ser restarts (because the nc is already maxed out => no received
|
|
* nc will be accepted, until the corresponding cell is reset) */
|
|
memset(nc_array, 0xff, sizeof(nc_t)*ROUND_INT(nc_array_size));
|
|
return 0;
|
|
error:
|
|
destroy_nonce_count();
|
|
return -1;
|
|
}
|
|
|
|
|
|
|
|
void destroy_nonce_count()
|
|
{
|
|
if (nc_array){
|
|
shm_free(nc_array);
|
|
nc_array=0;
|
|
}
|
|
}
|
|
|
|
/* given the nonce id i and pool/partition p, produces an index in the
|
|
* nc array corresponding to p.
|
|
* WARNING: the result is an index in the nc_array converted to nc_t
|
|
* (unsigned char by default), to get the index of the unsigned int in which
|
|
* nc is packed, call get_nc_array_uint_idx(get_nc_array_raw_idx(i,p))).
|
|
*/
|
|
#define get_nc_array_raw_idx(i,p) \
|
|
(((i)&nc_partition_mask)+((p)<<nc_partition_k))
|
|
|
|
/* get the real array cell corresponding to a certain index
|
|
* (the index refers to stored nc, but several ncs are stored
|
|
* inside an int => several nc_t values inside and array cell;
|
|
* for example if nc_t is uchar => each real array cell holds 4 nc_t).
|
|
* pos is the "raw" index (e.g. obtained by get_nc_array_raw_idx(i,p)))
|
|
* and the result is the index of the unsigned int cell in which the pos nc
|
|
* is packed.
|
|
*/
|
|
#define get_nc_array_uint_idx(pos) \
|
|
((pos)/(sizeof(unsigned int)/sizeof(nc_t)))
|
|
|
|
/* get position inside an int nc_array cell for the raw index pos
|
|
* (pos can be obtained from a nonce id with get_nc_array_raw_idx(i, p),
|
|
* see above) */
|
|
#define get_nc_int_pos(pos) \
|
|
((pos)%(sizeof(unsigned int)/sizeof(nc_t)))
|
|
|
|
/* returns true if the crt_idx > idx with at least nc_partition_size
|
|
* WARNING: NID_INC * nc_partition_size must fit inside an nidx_t*/
|
|
#define nc_id_check_overflow(id, pool) \
|
|
((nid_t)(nid_get((pool))-(id)) >= \
|
|
((nid_t)NID_INC*nc_partition_size))
|
|
|
|
/* re-init the stored nc for nonce id in pool p */
|
|
nid_t nc_new(nid_t id, unsigned char p)
|
|
{
|
|
unsigned int i;
|
|
unsigned n, r;
|
|
unsigned int v, new_v;
|
|
|
|
n=get_nc_array_raw_idx(id, p); /* n-th nc_t */
|
|
i=get_nc_array_uint_idx(n); /* aray index i, corresponding to n */
|
|
r=get_nc_int_pos(n); /* byte/short inside the uint corresponding to n */
|
|
/* reset corresponding value to 0 */
|
|
do{
|
|
v=atomic_get_int(&nc_array[i]);
|
|
/* new_value = old_int with the corresponding byte or short zeroed*/
|
|
new_v=v & ~(((1<<(sizeof(nc_t)*8))-1)<< (r*sizeof(nc_t)*8));
|
|
}while(atomic_cmpxchg_int((int*)&nc_array[i], v, new_v)!=v);
|
|
return id;
|
|
}
|
|
|
|
|
|
|
|
/* check if nonce-count nc w/ index i is expected/valid and if so it
|
|
* updated the stored nonce-count
|
|
* returns: 0 - ok, < 0 some error:
|
|
* NC_INV_POOL (pool number is invalid/corrupted)
|
|
* NC_ID_OVERFLOW (crt_id has overflowed with partition size since the
|
|
* id was generated)
|
|
* NC_TOO_BIG (nc value got too big and cannot be held anymore)
|
|
* NC_REPLAY (nc value is <= the current stored one)
|
|
*/
|
|
enum nc_check_ret nc_check_val(nid_t id, unsigned pool, unsigned int nc)
|
|
{
|
|
unsigned int i;
|
|
unsigned n, r;
|
|
unsigned int v, crt_nc, new_v;
|
|
|
|
if (unlikely(pool>=nid_pool_no))
|
|
return NC_INV_POOL;
|
|
if (unlikely(nc_id_check_overflow(id, pool)))
|
|
return NC_ID_OVERFLOW;
|
|
if (unlikely(nc>=(1U<<(sizeof(nc_t)*8))))
|
|
return NC_TOO_BIG;
|
|
n=get_nc_array_raw_idx(id, pool); /* n-th nc_t */
|
|
i=get_nc_array_uint_idx(n); /* aray index i, corresponding to n */
|
|
r=get_nc_int_pos(n); /* byte/short inside the uint corresponding to n */
|
|
do{
|
|
v=atomic_get_int(&nc_array[i]);
|
|
/* get current (stored) nc value */
|
|
crt_nc=(v>>(r*8)) & ((1U<<(sizeof(nc_t)*8))-1);
|
|
if (crt_nc>=nc)
|
|
return NC_REPLAY;
|
|
/* set corresponding array cell byte/short to new nc */
|
|
new_v=(v & ~(((1U<<(sizeof(nc_t)*8))-1)<< (r*8)) )|
|
|
(nc << (r*8));
|
|
}while(atomic_cmpxchg_int((int*)&nc_array[i], v, new_v)!=v);
|
|
return 0;
|
|
}
|
|
|
|
#endif /* USE_NC */
|