1 #ifndef REPLAY_PROTECTION_H
2 #define REPLAY_PROTECTION_H
3 
4 #include <stdint.h>
5 #include <stdbool.h>
6 
7 #include "common/oscore_edhoc_error.h"
8 #include "common/byte_array.h"
9 
10 /* Replay window size - it can be defined by the user here or outside of this file. */
11 /* NOTE: window size of 32 is the MINUMUM that is RFC-compliant. */
12 #ifndef OSCORE_SERVER_REPLAY_WINDOW_SIZE
13 #define OSCORE_SERVER_REPLAY_WINDOW_SIZE 32
14 #endif
15 
16 /* Replay window structure, used internally. */
17 struct server_replay_window_t {
18 	uint64_t window[OSCORE_SERVER_REPLAY_WINDOW_SIZE];
19 	bool seq_num_zero_received; /* helper flag used for validation of sequence number 0 */
20 };
21 
22 /**
23  * @brief Initialize given replay window with default values.
24  *
25  * @param replay_window [out] a pointer to replay window structure
26  * @return err
27  */
28 enum err server_replay_window_init(struct server_replay_window_t *replay_window);
29 
30 /**
31  * @brief Re-initialize given replay window based on current sequence number.
32  *
33  * This could be used by the user to restore the session.
34  * After restoring, replay protection will reject any packet with sequence number
35  * that is not greater than the one provided in the argument.
36  *
37  * @param current_sequence_number [in] last sequence number that was received before the session was stored
38  * @param replay_window [out] a pointer to replay window structure
39  * @return err
40  */
41 enum err server_replay_window_reinit(uint64_t current_sequence_number,
42 				     struct server_replay_window_t *replay_window);
43 
44 /**
45  * @brief Check whether given sequence number is valid in terms of server replay protection.
46  *
47  * @param seq_number [in] sequence number of the message received by the server
48  * @param replay_window [in] a pointer to replay window structure
49  * @return true if ok, false otherwise
50  */
51 bool server_is_sequence_number_valid(uint64_t seq_number,
52 				     struct server_replay_window_t *replay_window);
53 
54 /**
55  * @brief Update given replay window with last received sequence number.
56  *
57  * @param seq_number [in] sequence number of the message received by the server
58  * @param replay_window [out] a pointer to replay window structure
59  * @return true if ok, false if sequence number is not valid (this indicates that calling function hasn't check the sequence number before)
60  */
61 bool server_replay_window_update(uint64_t seq_number,
62 				 struct server_replay_window_t *replay_window);
63 
64 /**
65  * @brief	Checks if an notification is replayed
66  * @param	notification_num the notification number
67  * @param	notification_num_initialized flag used to indicated if the
68  * 			notification number was initialized
69  * @param	piv the PIV
70  * @retval	error code or ok
71 */
72 enum err replay_protection_check_notification(uint64_t notification_num,
73 					      bool notification_num_initialized,
74 					      struct byte_array *piv);
75 
76 /**
77  * @brief	Updates the notification number with value of the PIV
78  * @param	notification_num pointer to the notification number
79  * @param	notification_num_initialized flag used to indicated if the
80  * 			notification number was initialized
81  * @param	piv the PIV
82  * @retval	error code or ok
83 */
84 enum err notification_number_update(uint64_t *notification_num,
85 				    bool *notification_num_initialized,
86 				    struct byte_array *piv);
87 #endif
88