*
* This file is part of Trivial IP Encryption (TrIPE).
*
- * TrIPE is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
+ * TrIPE is free software: you can redistribute it and/or modify it under
+ * the terms of the GNU General Public License as published by the Free
+ * Software Foundation; either version 3 of the License, or (at your
+ * option) any later version.
*
- * TrIPE is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
+ * TrIPE is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
*
* You should have received a copy of the GNU General Public License
- * along with TrIPE; if not, write to the Free Software Foundation,
- * Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
+ * along with TrIPE. If not, see <https://www.gnu.org/licenses/>.
*/
/*----- Header files ------------------------------------------------------*/
/*----- Global variables --------------------------------------------------*/
-octet buf_i[PKBUFSZ], buf_o[PKBUFSZ], buf_t[PKBUFSZ];
+octet buf_i[PKBUFSZ], buf_o[PKBUFSZ], buf_t[PKBUFSZ], buf_u[PKBUFSZ];
-/*----- Main code ---------------------------------------------------------*/
+/*----- Sequence numbers --------------------------------------------------*/
-/* --- @mpstr@ --- *
+/* --- @seq_reset@ --- *
+ *
+ * Arguments: @seqwin *s@ = sequence-checking window
+ *
+ * Returns: ---
+ *
+ * Use: Resets a sequence number window.
+ */
+
+void seq_reset(seqwin *s) { s->seq = 0; s->win = 0; }
+
+/* --- @seq_check@ --- *
*
- * Arguments: @mp *m@ = a multiprecision integer
+ * Arguments: @seqwin *s@ = sequence-checking window
+ * @uint32 q@ = sequence number to check
+ * @const char *service@ = service to report message from
*
- * Returns: A pointer to the integer's textual representation.
+ * Returns: Zero on success, nonzero if the sequence number was bad.
*
- * Use: Converts a multiprecision integer to a string. Corrupts
- * @buf_t@.
+ * Use: Checks a sequence number against the window, updating things
+ * as necessary.
*/
-const char *mpstr(mp *m)
+int seq_check(seqwin *s, uint32 q, const char *service)
{
- if (mp_writestring(m, (char *)buf_t, sizeof(buf_t), 10))
- return ("<failed>");
- return ((const char *)buf_t);
+ uint32 qbit;
+ uint32 n;
+
+ if (q < s->seq) {
+ a_warn(service, "replay", "old-sequence", A_END);
+ return (-1);
+ }
+ if (q >= s->seq + SEQ_WINSZ) {
+ n = q - (s->seq + SEQ_WINSZ - 1);
+ if (n < SEQ_WINSZ)
+ s->win >>= n;
+ else
+ s->win = 0;
+ s->seq += n;
+ }
+ qbit = 1 << (q - s->seq);
+ if (s->win & qbit) {
+ a_warn(service, "replay", "duplicated-sequence", A_END);
+ return (-1);
+ }
+ s->win |= qbit;
+ return (0);
}
-/* --- @gestr@ --- *
+/*----- Rate limiting -----------------------------------------------------*/
+
+/* --- @ratelim_init@ --- *
*
- * Arguments: @group *g@ = a group
- * @ge *x@ = a group element
+ * Arguments: @ratelim *r@ = rate-limiting state to fill in
+ * @unsigned persec@ = credit to accumulate per second
+ * @unsigned max@ = maximum credit to retain
*
- * Returns: A pointer to the element's textual representation.
+ * Returns: ---
*
- * Use: Converts a group element to a string. Corrupts
- * @buf_t@.
+ * Use: Initialize a rate-limiting state.
*/
-const char *gestr(group *g, ge *x)
+void ratelim_init(ratelim *r, unsigned persec, unsigned max)
{
- if (group_writestring(g, x, (char *)buf_t, sizeof(buf_t)))
- return ("<failed>");
- return ((const char *)buf_t);
+ r->n = r->max = max;
+ r->persec = persec;
+ gettimeofday(&r->when, 0);
}
+/* --- @ratelim_withdraw@ --- *
+ *
+ * Arguments: @ratelim *r@ = rate-limiting state
+ * @unsigned n@ = credit to withdraw
+ *
+ * Returns: Zero if successful; @-1@ if there is unsufficient credit
+ *
+ * Use: Updates the state with any accumulated credit. Then, if
+ * there there are more than @n@ credits available, withdraw @n@
+ * and return successfully; otherwise, report failure.
+ */
+
+int ratelim_withdraw(ratelim *r, unsigned n)
+{
+ struct timeval now, delta;
+ unsigned long d;
+
+ gettimeofday(&now, 0);
+ TV_SUB(&delta, &now, &r->when);
+ d = (unsigned long)r->persec*delta.tv_sec +
+ (unsigned long)r->persec*delta.tv_usec/MILLION;
+ if (d < r->max - r->n) r->n += d;
+ else r->n = r->max;
+ r->when = now;
+
+ if (n > r->n) return (-1);
+ else { r->n -= n; return (0); }
+}
+
+/*----- Random odds and sods ----------------------------------------------*/
+
/* --- @timestr@ --- *
*
* Arguments: @time_t t@ = a time to convert
* Returns: A pointer to a textual representation of the time.
*
* Use: Converts a time to a textual representation. Corrupts
- * @buf_t@.
+ * @buf_u@.
*/
const char *timestr(time_t t)
if (!t)
return ("NEVER");
tm = localtime(&t);
- strftime((char *)buf_t, sizeof(buf_t), "%Y-%m-%dT%H:%M:%S", tm);
- return ((const char *)buf_t);
+ strftime((char *)buf_u, sizeof(buf_u), "%Y-%m-%dT%H:%M:%S", tm);
+ return ((const char *)buf_u);
}
/* --- @mystrieq@ --- *
}
}
-/* --- @seq_reset@ --- *
+/* --- @addrsz@ --- *
*
- * Arguments: @seqwin *s@ = sequence-checking window
- *
- * Returns: ---
+ * Arguments: @const addr *a@ = a network address
*
- * Use: Resets a sequence number window.
- */
-
-void seq_reset(seqwin *s) { s->seq = 0; s->win = 0; }
-
-/* --- @seq_check@ --- *
- *
- * Arguments: @seqwin *s@ = sequence-checking window
- * @uint32 q@ = sequence number to check
- * @const char *service@ = service to report message from
- *
- * Returns: Zero on success, nonzero if the sequence number was bad.
- *
- * Use: Checks a sequence number against the window, updating things
- * as necessary.
+ * Returns: The size of the address, for passing into the sockets API.
*/
-int seq_check(seqwin *s, uint32 q, const char *service)
+socklen_t addrsz(const addr *a)
{
- uint32 qbit;
- uint32 n;
-
- if (q < s->seq) {
- a_warn(service, "replay", "old-sequence", A_END);
- return (-1);
+ switch (a->sa.sa_family) {
+ case AF_INET: return (sizeof(a->sin));
+ default: abort();
}
- if (q >= s->seq + SEQ_WINSZ) {
- n = q - (s->seq + SEQ_WINSZ - 1);
- if (n < SEQ_WINSZ)
- s->win >>= n;
- else
- s->win = 0;
- s->seq += n;
- }
- qbit = 1 << (q - s->seq);
- if (s->win & qbit) {
- a_warn(service, "replay", "duplicated-sequence", A_END);
- return (-1);
- }
- s->win |= qbit;
- return (0);
}
/*----- That's all, folks -------------------------------------------------*/
~mdw / tripe / blobdiff