1 /**************************************************************************/ 2 /* */ 3 /* Copyright (c) Microsoft Corporation. All rights reserved. */ 4 /* */ 5 /* This software is licensed under the Microsoft Software License */ 6 /* Terms for Microsoft Azure RTOS. Full text of the license can be */ 7 /* found in the LICENSE file at https://aka.ms/AzureRTOS_EULA */ 8 /* and in the root directory of this software. */ 9 /* */ 10 /**************************************************************************/ 11 12 13 /**************************************************************************/ 14 /**************************************************************************/ 15 /** */ 16 /** NetX Secure Component */ 17 /** */ 18 /** Datagram Transport Layer Security (DTLS) */ 19 /** */ 20 /**************************************************************************/ 21 /**************************************************************************/ 22 23 #define NX_SECURE_SOURCE_CODE 24 25 #include "nx_secure_dtls.h" 26 27 28 #ifdef NX_SECURE_ENABLE_DTLS 29 /**************************************************************************/ 30 /* */ 31 /* FUNCTION RELEASE */ 32 /* */ 33 /* _nx_secure_dtls_session_sliding_window_update PORTABLE C */ 34 /* 6.1.10 */ 35 /* AUTHOR */ 36 /* */ 37 /* Timothy Stapko, Microsoft Corporation */ 38 /* */ 39 /* DESCRIPTION */ 40 /* */ 41 /* This function updates the DTLS sliding window used to validate */ 42 /* incoming DTLS application records. If the sequence number of a */ 43 /* received DTLS record is less than the "right" side of the window but*/ 44 /* greater than the "left" side and not a repeat of another record, the*/ 45 /* record is accepted (RFC 6347 Section 4.1.2.6). */ 46 /* */ 47 /* INPUT */ 48 /* */ 49 /* dtls_session Pointer to DTLS control block */ 50 /* sequence_number New "right" side of window */ 51 /* */ 52 /* OUTPUT */ 53 /* */ 54 /* status Completion status */ 55 /* */ 56 /* CALLS */ 57 /* */ 58 /* */ 59 /* CALLED BY */ 60 /* */ 61 /* */ 62 /* RELEASE HISTORY */ 63 /* */ 64 /* DATE NAME DESCRIPTION */ 65 /* */ 66 /* 01-31-2022 Timothy Stapko Initial Version 6.1.10 */ 67 /* */ 68 /**************************************************************************/ 69 _nx_secure_dtls_session_sliding_window_update(NX_SECURE_DTLS_SESSION * dtls_session,ULONG * sequence_number)70UINT _nx_secure_dtls_session_sliding_window_update(NX_SECURE_DTLS_SESSION *dtls_session, ULONG *sequence_number) 71 { 72 ULONG delta; 73 ULONG mask; 74 NX_SECURE_TLS_SESSION *tls_session; 75 76 /* Extract TLS session for sequence numbers from DTLS session. */ 77 tls_session = &dtls_session -> nx_secure_dtls_tls_session; 78 79 /* The incoming sequence number is assumed to be OK, so update window accordingly. */ 80 81 82 /* Double check new sequence number. */ 83 if (sequence_number[0] == tls_session -> nx_secure_tls_remote_sequence_number[0] && 84 sequence_number[1] == tls_session -> nx_secure_tls_remote_sequence_number[1]) 85 { 86 /* Equal to our current - this is a repeat. */ 87 return(NX_SECURE_TLS_OUT_OF_ORDER_MESSAGE); 88 } 89 90 /* See if the incoming number is smaller than the last one we saw. */ 91 if (sequence_number[0] < tls_session -> nx_secure_tls_remote_sequence_number[0] || 92 (sequence_number[0] == tls_session -> nx_secure_tls_remote_sequence_number[0] && 93 sequence_number[1] < tls_session -> nx_secure_tls_remote_sequence_number[1])) 94 { 95 delta = 0; 96 if(sequence_number[0] == tls_session -> nx_secure_tls_remote_sequence_number[0]) 97 { 98 /* Upper halves match so just subtract. */ 99 delta = tls_session -> nx_secure_tls_remote_sequence_number[1] - sequence_number[1]; 100 } 101 else 102 { 103 /* Top halves don't match, adjust before subtract. */ 104 delta = (0xFFFFFFFFul - sequence_number[1]) + tls_session -> nx_secure_tls_remote_sequence_number[1]; 105 } 106 107 /* Incoming sequence number is smaller than last seen. Update the bitfield without shifting. */ 108 mask = 0x1ul << delta; 109 dtls_session -> nx_secure_dtls_sliding_window = dtls_session -> nx_secure_dtls_sliding_window | mask; 110 } 111 else 112 { 113 /* Compare sequence numbers. At this point, the incoming number is greater than the last seen 114 so we can update the window. */ 115 if(sequence_number[0] > tls_session -> nx_secure_tls_remote_sequence_number[0]) 116 { 117 /* Upper halves don't match so adjust delta accordingly. */ 118 delta = (0xFFFFFFFFul - tls_session -> nx_secure_tls_remote_sequence_number[1]) + sequence_number[1]; 119 } 120 else 121 { 122 /* Top halves match, just subtract. */ 123 delta = sequence_number[1] - tls_session -> nx_secure_tls_remote_sequence_number[1]; 124 } 125 126 /* Now we can update the window. (delta represents a *bit* position in the window). */ 127 if(delta > (sizeof(dtls_session -> nx_secure_dtls_sliding_window) * 8)) 128 { 129 /* Delta is larger than window size - just clear it out. */ 130 dtls_session -> nx_secure_dtls_sliding_window = 1; 131 } 132 else 133 { 134 /* Delta is within the window size, just left-shift to new position. */ 135 dtls_session -> nx_secure_dtls_sliding_window <<= delta; 136 dtls_session -> nx_secure_dtls_sliding_window |= 0x1; 137 } 138 139 /* Update the sequence number to reflect the window change. */ 140 tls_session -> nx_secure_tls_remote_sequence_number[1] = sequence_number[1]; 141 tls_session -> nx_secure_tls_remote_sequence_number[0] = sequence_number[0]; 142 } 143 144 145 return(NX_SUCCESS); 146 } 147 #endif
