Lines Matching defs:replay
225 * This allows to verify if the other side has proper replay attacks detection.
230 "Emulate replay attack");
1205 check_window(const struct secreplay *replay, uint64_t seq)
1209 SECREPLAY_ASSERT(replay);
1213 & IPSEC_BITMAP_INDEX_MASK(replay->bitmap_size);
1216 return ((replay->bitmap)[index] & (1 << bit_location));
1220 advance_window(const struct secreplay *replay, uint64_t seq)
1225 SECREPLAY_ASSERT(replay);
1227 index_cur = replay->last >> IPSEC_REDUNDANT_BIT_SHIFTS;
1231 if (diff > replay->bitmap_size) {
1233 diff = replay->bitmap_size;
1237 replay->bitmap[(i + index_cur + 1)
1238 & IPSEC_BITMAP_INDEX_MASK(replay->bitmap_size)] = 0;
1243 set_window(const struct secreplay *replay, uint64_t seq)
1247 SECREPLAY_ASSERT(replay);
1251 & IPSEC_BITMAP_INDEX_MASK(replay->bitmap_size);
1253 replay->bitmap[index] |= (1 << bit_location);
1257 * Check the variable replay window.
1258 * ipsec_chkreplay() performs replay check before ICV verification.
1259 * ipsec_updatereplay() updates replay bitmap. This must be called after
1260 * ICV verification (it also performs replay check, which is usually done
1271 struct secreplay *replay;
1277 IPSEC_ASSERT(sav->replay != NULL, ("Null replay state"));
1279 replay = sav->replay;
1281 /* No need to check replay if disabled. */
1282 if (replay->wsize == 0) {
1286 SECREPLAY_LOCK(replay);
1289 if (seq == 0 && replay->last == 0) {
1290 SECREPLAY_UNLOCK(replay);
1294 window = replay->wsize << 3; /* Size of window */
1295 tl = (uint32_t)replay->last; /* Top of window, lower part */
1296 th = (uint32_t)(replay->last >> 32); /* Top of window, high part */
1309 /* Sequence number inside window - check against replay */
1310 if (check_window(replay, seq)) {
1311 SECREPLAY_UNLOCK(replay);
1316 SECREPLAY_UNLOCK(replay);
1327 replay->overflow++;
1334 SECREPLAY_UNLOCK(replay);
1338 ipseclog((LOG_WARNING, "%s: replay counter made %d cycle. %s\n",
1339 __func__, replay->overflow,
1346 * which is within our replay window, but in the previous
1354 if (check_window(replay, seq)) {
1355 SECREPLAY_UNLOCK(replay);
1358 SECREPLAY_UNLOCK(replay);
1372 replay->overflow++;
1379 SECREPLAY_UNLOCK(replay);
1383 ipseclog((LOG_WARNING, "%s: replay counter made %d cycle. %s\n",
1384 __func__, replay->overflow,
1388 SECREPLAY_UNLOCK(replay);
1393 * Check replay counter whether to update or not.
1400 struct secreplay *replay;
1406 IPSEC_ASSERT(sav->replay != NULL, ("Null replay state"));
1408 replay = sav->replay;
1410 /* No need to check replay if disabled. */
1411 if (replay->wsize == 0)
1414 SECREPLAY_LOCK(replay);
1417 if (seq == 0 && replay->last == 0) {
1418 SECREPLAY_UNLOCK(replay);
1422 window = replay->wsize << 3; /* Size of window */
1423 tl = (uint32_t)replay->last; /* Top of window, lower part */
1424 th = (uint32_t)(replay->last >> 32); /* Top of window, high part */
1437 /* Sequence number inside window - check against replay */
1438 if (check_window(replay, seq)) {
1439 SECREPLAY_UNLOCK(replay);
1442 set_window(replay, seq);
1444 advance_window(replay, ((uint64_t)seqh << 32) | seq);
1445 set_window(replay, seq);
1446 replay->last = ((uint64_t)seqh << 32) | seq;
1450 replay->count++;
1451 SECREPLAY_UNLOCK(replay);
1456 SECREPLAY_UNLOCK(replay);
1463 * which is within our replay window, but in the previous
1468 SECREPLAY_UNLOCK(replay);
1471 if (check_window(replay, seq)) {
1472 SECREPLAY_UNLOCK(replay);
1476 set_window(replay, seq);
1477 replay->count++;
1478 SECREPLAY_UNLOCK(replay);
1490 SECREPLAY_UNLOCK(replay);
1494 advance_window(replay, ((uint64_t)seqh << 32) | seq);
1495 set_window(replay, seq);
1496 replay->last = ((uint64_t)seqh << 32) | seq;
1497 replay->count++;
1499 SECREPLAY_UNLOCK(replay);