/* returns -1 on error, 0 on success */
int init_nonce_id()
{
unsigned pool_no, r;
if (nid_crt!=0)
return 0; /* already init */
if (nid_pool_no==0){
nid_pool_no=DEFAULT_NID_POOL_SIZE;
}
if (nid_pool_no>MAX_NID_POOL_SIZE){
WARN("auth: nid_pool_no too big, truncating to %d\n",
MAX_NID_POOL_SIZE);
nid_pool_no=MAX_NID_POOL_SIZE;
}
nid_pool_k=bit_scan_reverse32(nid_pool_no);
nid_pool_mask=(1<<nid_pool_k)-1;
pool_no=1UL<<nid_pool_k; /* ROUNDDOWN to 2^k */
if (pool_no!=nid_pool_no){
INFO("auth: nid_pool_no rounded down to %d\n", pool_no);
}
nid_pool_no=pool_no;
nid_crt=shm_malloc(sizeof(*nid_crt)*nid_pool_no);
if (nid_crt==0){
ERR("auth: init_nonce_id: memory allocation failure\n");
return -1;
}
/* init nc_crt_id with random values */
for (r=0; r<nid_pool_no; r++)
atomic_set(&nid_crt[r].id, random());
return 0;
/*
error:
destroy_nonce_id();
return -1;
*/
}
/* returns -1 on error, 0 on success */
int init_ot_nonce()
{
unsigned long size;
unsigned long max_mem;
unsigned orig_array_size;
if (nid_crt==0){
BUG("auth: init_ot_nonce: nonce index must be "
"initialized first (see init_nonce_id())\n");
return -1;
}
orig_array_size=otn_in_flight_no;
if (otn_in_flight_k==0){
if (otn_in_flight_no==0){
otn_in_flight_no=DEFAULT_OTN_IN_FLIGHT;
}
otn_in_flight_k=bit_scan_reverse32(otn_in_flight_no);
}
size=1UL<<otn_in_flight_k; /* ROUNDDOWN to 2^otn_in_flight_k */
if (size < MIN_OTN_IN_FLIGHT){
WARN("auth: one-time-nonce maximum in-flight nonces is very low (%d),"
" consider increasing otn_in_flight_no to at least %d\n",
orig_array_size, MIN_OTN_IN_FLIGHT);
}
if (size > MAX_OTN_IN_FLIGHT){
WARN("auth: one-time-nonce maximum in-flight nonces is too high (%d),"
" consider decreasing otn_in_flight_no to at least %d\n",
orig_array_size, MAX_OTN_IN_FLIGHT);
}
if (size!=otn_in_flight_no){
if (orig_array_size!=0)
INFO("auth: otn_in_flight_no rounded down to %ld\n", size);
else
INFO("auth: otn_in_flight_no set to %ld\n", size);
}
max_mem=shm_available();
if (size/8 >= max_mem){
ERR("auth: otn_in_flight_no (%ld) is too big for the configured "
"amount of shared memory (%ld bytes)\n", size, max_mem);
return -1;
}else if (size/8 >= max_mem/2){
WARN("auth: the currently configured otn_in_flight_no (%ld) "
"would use more then 50%% of the available shared"
" memory(%ld bytes)\n", size, max_mem);
}
otn_in_flight_no=size;
if (nid_pool_no>=otn_in_flight_no/(8*sizeof(otn_cell_t))){
ERR("auth: nid_pool_no (%d) too high for the configured "
"otn_in_flight_no (%d)\n", nid_pool_no, otn_in_flight_no);
return -1;
}
otn_partition_size=otn_in_flight_no >> nid_pool_k;
otn_partition_k=otn_in_flight_k-nid_pool_k;
otn_partition_mask=(1<<otn_partition_k)-1;
assert(otn_partition_size == otn_in_flight_no/nid_pool_no);
assert(1<<(otn_partition_k+nid_pool_k) == otn_in_flight_no);
if ((nid_t)otn_partition_size >= ((nid_t)(-1)/NID_INC)){
ERR("auth: otn_in_flight_no too big, try decreasing it or increasing"
"the number of pools/partitions, such that "
"otn_in_flight_no/nid_pool_no < %d\n",
(unsigned int)((nid_t)(-1)/NID_INC));
return -1;
}
if (otn_partition_size < MIN_OTN_PARTITION){
WARN("auth: one-time-nonces in-flight nonces very low,"
" consider either decreasing nid_pool_no (%d) or "
" increasing otn_array_size (%d) such that "
"otn_array_size/nid_pool_no >= %d\n",
nid_pool_no, orig_array_size, MIN_OTN_PARTITION);
}
/* array size should be multiple of sizeof(otn_cell_t) since we
* access it as an otn_cell_t array */
otn_array=shm_malloc(ROUND2TYPE((otn_in_flight_no+7)/8, otn_cell_t));
if (otn_array==0){
ERR("auth: init_ot_nonce: memory allocation failure, consider"
" either decreasing otn_in_flight_no of increasing the"
" the shared memory amount\n");
goto error;
}
/* init the otn_array with 1 for each bit, to avoid replay attacks after
* ser restarts ) */
memset(otn_array, 0xff, ROUND2TYPE((otn_in_flight_no+7)/8, otn_cell_t));
return 0;
error:
destroy_ot_nonce();
return -1;
}
/* returns -1 on error, 0 on success */
int init_nonce_count()
{
unsigned long size;
unsigned long max_mem;
unsigned orig_array_size;
if (nid_crt==0){
BUG("auth: init_nonce_count: nonce index must be "
"initialized first (see init_nonce_id())\n");
return -1;
}
orig_array_size=nc_array_size;
if (nc_array_k==0){
if (nc_array_size==0){
nc_array_size=DEFAULT_NC_ARRAY_SIZE;
}
nc_array_k=bit_scan_reverse32(nc_array_size);
}
size=1UL<<nc_array_k; /* ROUNDDOWN to 2^nc_array_k */
if (size < MIN_NC_ARRAY_SIZE){
WARN("auth: nonce-count in.flight nonces is very low (%d),"
" consider increasing nc_array_size to at least %d\n",
orig_array_size, MIN_NC_ARRAY_SIZE);
}
if (size > MAX_NC_ARRAY_SIZE){
WARN("auth: nonce-count in flight nonces is too high (%d),"
" consider decreasing nc_array_size to at least %d\n",
orig_array_size, MAX_NC_ARRAY_SIZE);
}
if (size!=nc_array_size){
if (orig_array_size!=0)
INFO("auth: nc_array_size rounded down to %ld\n", size);
else
INFO("auth: nc_array_size set to %ld\n", size);
}
max_mem=shm_available();
if (size*sizeof(nc_t) >= max_mem){
ERR("auth: nc_array_size (%ld) is too big for the configured "
"amount of shared memory (%ld bytes <= %ld bytes)\n",
size, max_mem, size*sizeof(nc_t));
return -1;
}else if (size*sizeof(nc_t) >= max_mem/2){
WARN("auth: the currently configured nc_array_size (%ld) "
"would use more then 50%% of the available shared"
" memory(%ld bytes)\n", size, max_mem);
}
nc_array_size=size;
if (nid_pool_no>=nc_array_size){
ERR("auth: nid_pool_no (%d) too high for the configured "
"nc_array_size (%d)\n", nid_pool_no, nc_array_size);
return -1;
}
nc_partition_size=nc_array_size >> nid_pool_k;
nc_partition_k=nc_array_k-nid_pool_k;
nc_partition_mask=(1<<nc_partition_k)-1;
assert(nc_partition_size == nc_array_size/nid_pool_no);
assert(1<<(nc_partition_k+nid_pool_k) == nc_array_size);
if ((nid_t)nc_partition_size >= ((nid_t)(-1)/NID_INC)){
ERR("auth: nc_array_size too big, try decreasing it or increasing"
"the number of pools/partitions\n");
return -1;
}
if (nc_partition_size < MIN_NC_ARRAY_PARTITION){
WARN("auth: nonce-count in-flight nonces very low,"
" consider either decreasing nc_pool_no (%d) or "
" increasing nc_array_size (%d) such that "
"nc_array_size/nid_pool_no >= %d\n",
nid_pool_no, orig_array_size, MIN_NC_ARRAY_PARTITION);
}
/* array size should be multiple of sizeof(unsigned int) since we
* access it as an uint array */
nc_array=shm_malloc(sizeof(nc_t)*ROUND_INT(nc_array_size));
if (nc_array==0){
ERR("auth: init_nonce_count: memory allocation failure, consider"
" either decreasing nc_array_size of increasing the"
" the shared memory ammount\n");
goto error;
}
/* int the nc_array with the max nc value to avoid replay attacks after
* ser restarts (because the nc is already maxed out => no received
* nc will be accepted, until the corresponding cell is reset) */
memset(nc_array, 0xff, sizeof(nc_t)*ROUND_INT(nc_array_size));
return 0;
error:
destroy_nonce_count();
return -1;
}