xref: /openbmc/linux/net/core/secure_seq.c (revision 8dfb839c)
1 /*
2  * Copyright (C) 2016 Jason A. Donenfeld <Jason@zx2c4.com>. All Rights Reserved.
3  */
4 
5 #include <linux/kernel.h>
6 #include <linux/init.h>
7 #include <linux/cryptohash.h>
8 #include <linux/module.h>
9 #include <linux/cache.h>
10 #include <linux/random.h>
11 #include <linux/hrtimer.h>
12 #include <linux/ktime.h>
13 #include <linux/string.h>
14 #include <linux/net.h>
15 #include <linux/siphash.h>
16 #include <net/secure_seq.h>
17 
18 #if IS_ENABLED(CONFIG_IPV6) || IS_ENABLED(CONFIG_INET)
19 #include <linux/in6.h>
20 #include <net/tcp.h>
21 
22 static siphash_key_t net_secret __read_mostly;
23 static siphash_key_t ts_secret __read_mostly;
24 
25 static __always_inline void net_secret_init(void)
26 {
27 	net_get_random_once(&net_secret, sizeof(net_secret));
28 }
29 
30 static __always_inline void ts_secret_init(void)
31 {
32 	net_get_random_once(&ts_secret, sizeof(ts_secret));
33 }
34 #endif
35 
36 #ifdef CONFIG_INET
37 static u32 seq_scale(u32 seq)
38 {
39 	/*
40 	 *	As close as possible to RFC 793, which
41 	 *	suggests using a 250 kHz clock.
42 	 *	Further reading shows this assumes 2 Mb/s networks.
43 	 *	For 10 Mb/s Ethernet, a 1 MHz clock is appropriate.
44 	 *	For 10 Gb/s Ethernet, a 1 GHz clock should be ok, but
45 	 *	we also need to limit the resolution so that the u32 seq
46 	 *	overlaps less than one time per MSL (2 minutes).
47 	 *	Choosing a clock of 64 ns period is OK. (period of 274 s)
48 	 */
49 	return seq + (ktime_get_real_ns() >> 6);
50 }
51 #endif
52 
53 #if IS_ENABLED(CONFIG_IPV6)
54 u32 secure_tcpv6_ts_off(const struct net *net,
55 			const __be32 *saddr, const __be32 *daddr)
56 {
57 	const struct {
58 		struct in6_addr saddr;
59 		struct in6_addr daddr;
60 	} __aligned(SIPHASH_ALIGNMENT) combined = {
61 		.saddr = *(struct in6_addr *)saddr,
62 		.daddr = *(struct in6_addr *)daddr,
63 	};
64 
65 	if (net->ipv4.sysctl_tcp_timestamps != 1)
66 		return 0;
67 
68 	ts_secret_init();
69 	return siphash(&combined, offsetofend(typeof(combined), daddr),
70 		       &ts_secret);
71 }
72 EXPORT_SYMBOL(secure_tcpv6_ts_off);
73 
74 u32 secure_tcpv6_seq(const __be32 *saddr, const __be32 *daddr,
75 		     __be16 sport, __be16 dport)
76 {
77 	const struct {
78 		struct in6_addr saddr;
79 		struct in6_addr daddr;
80 		__be16 sport;
81 		__be16 dport;
82 	} __aligned(SIPHASH_ALIGNMENT) combined = {
83 		.saddr = *(struct in6_addr *)saddr,
84 		.daddr = *(struct in6_addr *)daddr,
85 		.sport = sport,
86 		.dport = dport
87 	};
88 	u32 hash;
89 
90 	net_secret_init();
91 	hash = siphash(&combined, offsetofend(typeof(combined), dport),
92 		       &net_secret);
93 	return seq_scale(hash);
94 }
95 EXPORT_SYMBOL(secure_tcpv6_seq);
96 
97 u32 secure_ipv6_port_ephemeral(const __be32 *saddr, const __be32 *daddr,
98 			       __be16 dport)
99 {
100 	const struct {
101 		struct in6_addr saddr;
102 		struct in6_addr daddr;
103 		__be16 dport;
104 	} __aligned(SIPHASH_ALIGNMENT) combined = {
105 		.saddr = *(struct in6_addr *)saddr,
106 		.daddr = *(struct in6_addr *)daddr,
107 		.dport = dport
108 	};
109 	net_secret_init();
110 	return siphash(&combined, offsetofend(typeof(combined), dport),
111 		       &net_secret);
112 }
113 EXPORT_SYMBOL(secure_ipv6_port_ephemeral);
114 #endif
115 
116 #ifdef CONFIG_INET
117 u32 secure_tcp_ts_off(const struct net *net, __be32 saddr, __be32 daddr)
118 {
119 	if (net->ipv4.sysctl_tcp_timestamps != 1)
120 		return 0;
121 
122 	ts_secret_init();
123 	return siphash_2u32((__force u32)saddr, (__force u32)daddr,
124 			    &ts_secret);
125 }
126 
127 /* secure_tcp_seq_and_tsoff(a, b, 0, d) == secure_ipv4_port_ephemeral(a, b, d),
128  * but fortunately, `sport' cannot be 0 in any circumstances. If this changes,
129  * it would be easy enough to have the former function use siphash_4u32, passing
130  * the arguments as separate u32.
131  */
132 u32 secure_tcp_seq(__be32 saddr, __be32 daddr,
133 		   __be16 sport, __be16 dport)
134 {
135 	u32 hash;
136 
137 	net_secret_init();
138 	hash = siphash_3u32((__force u32)saddr, (__force u32)daddr,
139 			    (__force u32)sport << 16 | (__force u32)dport,
140 			    &net_secret);
141 	return seq_scale(hash);
142 }
143 EXPORT_SYMBOL_GPL(secure_tcp_seq);
144 
145 u32 secure_ipv4_port_ephemeral(__be32 saddr, __be32 daddr, __be16 dport)
146 {
147 	net_secret_init();
148 	return siphash_3u32((__force u32)saddr, (__force u32)daddr,
149 			    (__force u16)dport, &net_secret);
150 }
151 EXPORT_SYMBOL_GPL(secure_ipv4_port_ephemeral);
152 #endif
153 
154 #if IS_ENABLED(CONFIG_IP_DCCP)
155 u64 secure_dccp_sequence_number(__be32 saddr, __be32 daddr,
156 				__be16 sport, __be16 dport)
157 {
158 	u64 seq;
159 	net_secret_init();
160 	seq = siphash_3u32((__force u32)saddr, (__force u32)daddr,
161 			   (__force u32)sport << 16 | (__force u32)dport,
162 			   &net_secret);
163 	seq += ktime_get_real_ns();
164 	seq &= (1ull << 48) - 1;
165 	return seq;
166 }
167 EXPORT_SYMBOL(secure_dccp_sequence_number);
168 
169 #if IS_ENABLED(CONFIG_IPV6)
170 u64 secure_dccpv6_sequence_number(__be32 *saddr, __be32 *daddr,
171 				  __be16 sport, __be16 dport)
172 {
173 	const struct {
174 		struct in6_addr saddr;
175 		struct in6_addr daddr;
176 		__be16 sport;
177 		__be16 dport;
178 	} __aligned(SIPHASH_ALIGNMENT) combined = {
179 		.saddr = *(struct in6_addr *)saddr,
180 		.daddr = *(struct in6_addr *)daddr,
181 		.sport = sport,
182 		.dport = dport
183 	};
184 	u64 seq;
185 	net_secret_init();
186 	seq = siphash(&combined, offsetofend(typeof(combined), dport),
187 		      &net_secret);
188 	seq += ktime_get_real_ns();
189 	seq &= (1ull << 48) - 1;
190 	return seq;
191 }
192 EXPORT_SYMBOL(secure_dccpv6_sequence_number);
193 #endif
194 #endif
195