Gitiles
Code Review Sign In
gerrit-public.fairphone.software / kernel / msm-4.9 / 34d92d5315b64a3e5292b7e9511c1bb617227fb6 / . / net / core / secure_seq.c
blob: 90e8a825025595c2340ee86af0af67ab6e5bc638 [file] [log] [blame]
David S. Miller6e5714e2011-08-03 20:50:44 -0700[diff] [blame]1#include <linux/kernel.h>
2#include <linux/init.h>
3#include <linux/cryptohash.h>
4#include <linux/module.h>
5#include <linux/cache.h>
6#include <linux/random.h>
7#include <linux/hrtimer.h>
8#include <linux/ktime.h>
9#include <linux/string.h>
Hannes Frederic Sowae34c9a62013-10-19 21:48:59 +0200[diff] [blame]10#include <linux/net.h>
David S. Miller6e5714e2011-08-03 20:50:44 -0700[diff] [blame]11
12#include <net/secure_seq.h>
13
Eric Dumazet9a3bab62013-09-24 06:19:57 -0700[diff] [blame]14#define NET_SECRET_SIZE (MD5_MESSAGE_BYTES / 4)
David S. Miller6e5714e2011-08-03 20:50:44 -0700[diff] [blame]15
Eric Dumazet9a3bab62013-09-24 06:19:57 -0700[diff] [blame]16static u32 net_secret[NET_SECRET_SIZE] ____cacheline_aligned;
17
Hannes Frederic Sowa34d92d52013-10-23 08:44:50 +0200[diff] [blame^]18static __always_inline void net_secret_init(void)
David S. Miller6e5714e2011-08-03 20:50:44 -0700[diff] [blame]19{
Hannes Frederic Sowae34c9a62013-10-19 21:48:59 +0200[diff] [blame]20 net_get_random_once(net_secret, sizeof(net_secret));
David S. Miller6e5714e2011-08-03 20:50:44 -0700[diff] [blame]21}
David S. Miller6e5714e2011-08-03 20:50:44 -0700[diff] [blame]22
Stephen Boyd681090902011-12-06 08:04:40 +0000[diff] [blame]23#ifdef CONFIG_INET
David S. Miller6e5714e2011-08-03 20:50:44 -0700[diff] [blame]24static u32 seq_scale(u32 seq)
25{
26 /*
27 * As close as possible to RFC 793, which
28 * suggests using a 250 kHz clock.
29 * Further reading shows this assumes 2 Mb/s networks.
30 * For 10 Mb/s Ethernet, a 1 MHz clock is appropriate.
31 * For 10 Gb/s Ethernet, a 1 GHz clock should be ok, but
32 * we also need to limit the resolution so that the u32 seq
33 * overlaps less than one time per MSL (2 minutes).
34 * Choosing a clock of 64 ns period is OK. (period of 274 s)
35 */
36 return seq + (ktime_to_ns(ktime_get_real()) >> 6);
37}
Stephen Boyd681090902011-12-06 08:04:40 +0000[diff] [blame]38#endif
David S. Miller6e5714e2011-08-03 20:50:44 -0700[diff] [blame]39
Eric Dumazetdfd56b82011-12-10 09:48:31 +0000[diff] [blame]40#if IS_ENABLED(CONFIG_IPV6)
Eric Dumazetcf533ea2011-10-21 05:22:42 -0400[diff] [blame]41__u32 secure_tcpv6_sequence_number(const __be32 *saddr, const __be32 *daddr,
David S. Miller6e5714e2011-08-03 20:50:44 -0700[diff] [blame]42 __be16 sport, __be16 dport)
43{
44 u32 secret[MD5_MESSAGE_BYTES / 4];
45 u32 hash[MD5_DIGEST_WORDS];
46 u32 i;
47
Eric Dumazet9a3bab62013-09-24 06:19:57 -0700[diff] [blame]48 net_secret_init();
David S. Miller6e5714e2011-08-03 20:50:44 -0700[diff] [blame]49 memcpy(hash, saddr, 16);
50 for (i = 0; i < 4; i++)
Eric Dumazet747465e2012-01-16 19:27:39 +0000[diff] [blame]51 secret[i] = net_secret[i] + (__force u32)daddr[i];
David S. Miller6e5714e2011-08-03 20:50:44 -0700[diff] [blame]52 secret[4] = net_secret[4] +
53 (((__force u16)sport << 16) + (__force u16)dport);
54 for (i = 5; i < MD5_MESSAGE_BYTES / 4; i++)
55 secret[i] = net_secret[i];
56
57 md5_transform(hash, secret);
58
59 return seq_scale(hash[0]);
60}
61EXPORT_SYMBOL(secure_tcpv6_sequence_number);
62
63u32 secure_ipv6_port_ephemeral(const __be32 *saddr, const __be32 *daddr,
64 __be16 dport)
65{
66 u32 secret[MD5_MESSAGE_BYTES / 4];
67 u32 hash[MD5_DIGEST_WORDS];
68 u32 i;
69
Eric Dumazet9a3bab62013-09-24 06:19:57 -0700[diff] [blame]70 net_secret_init();
David S. Miller6e5714e2011-08-03 20:50:44 -0700[diff] [blame]71 memcpy(hash, saddr, 16);
72 for (i = 0; i < 4; i++)
73 secret[i] = net_secret[i] + (__force u32) daddr[i];
74 secret[4] = net_secret[4] + (__force u32)dport;
75 for (i = 5; i < MD5_MESSAGE_BYTES / 4; i++)
76 secret[i] = net_secret[i];
77
78 md5_transform(hash, secret);
79
80 return hash[0];
81}
Patrick McHardy58a317f2012-08-26 19:14:12 +0200[diff] [blame]82EXPORT_SYMBOL(secure_ipv6_port_ephemeral);
David S. Miller6e5714e2011-08-03 20:50:44 -0700[diff] [blame]83#endif
84
85#ifdef CONFIG_INET
86__u32 secure_ip_id(__be32 daddr)
87{
88 u32 hash[MD5_DIGEST_WORDS];
89
Eric Dumazet9a3bab62013-09-24 06:19:57 -0700[diff] [blame]90 net_secret_init();
David S. Miller6e5714e2011-08-03 20:50:44 -0700[diff] [blame]91 hash[0] = (__force __u32) daddr;
92 hash[1] = net_secret[13];
93 hash[2] = net_secret[14];
94 hash[3] = net_secret[15];
95
96 md5_transform(hash, net_secret);
97
98 return hash[0];
99}
100
101__u32 secure_ipv6_id(const __be32 daddr[4])
102{
103 __u32 hash[4];
104
Eric Dumazet9a3bab62013-09-24 06:19:57 -0700[diff] [blame]105 net_secret_init();
David S. Miller6e5714e2011-08-03 20:50:44 -0700[diff] [blame]106 memcpy(hash, daddr, 16);
107 md5_transform(hash, net_secret);
108
109 return hash[0];
110}
111
112__u32 secure_tcp_sequence_number(__be32 saddr, __be32 daddr,
113 __be16 sport, __be16 dport)
114{
115 u32 hash[MD5_DIGEST_WORDS];
116
Eric Dumazet9a3bab62013-09-24 06:19:57 -0700[diff] [blame]117 net_secret_init();
David S. Miller6e5714e2011-08-03 20:50:44 -0700[diff] [blame]118 hash[0] = (__force u32)saddr;
119 hash[1] = (__force u32)daddr;
120 hash[2] = ((__force u16)sport << 16) + (__force u16)dport;
121 hash[3] = net_secret[15];
122
123 md5_transform(hash, net_secret);
124
125 return seq_scale(hash[0]);
126}
127
128u32 secure_ipv4_port_ephemeral(__be32 saddr, __be32 daddr, __be16 dport)
129{
130 u32 hash[MD5_DIGEST_WORDS];
131
Eric Dumazet9a3bab62013-09-24 06:19:57 -0700[diff] [blame]132 net_secret_init();
David S. Miller6e5714e2011-08-03 20:50:44 -0700[diff] [blame]133 hash[0] = (__force u32)saddr;
134 hash[1] = (__force u32)daddr;
135 hash[2] = (__force u32)dport ^ net_secret[14];
136 hash[3] = net_secret[15];
137
138 md5_transform(hash, net_secret);
139
140 return hash[0];
141}
142EXPORT_SYMBOL_GPL(secure_ipv4_port_ephemeral);
143#endif
144
Igor Maravića3bf7ae2011-12-12 02:58:22 +0000[diff] [blame]145#if IS_ENABLED(CONFIG_IP_DCCP)
David S. Miller6e5714e2011-08-03 20:50:44 -0700[diff] [blame]146u64 secure_dccp_sequence_number(__be32 saddr, __be32 daddr,
147 __be16 sport, __be16 dport)
148{
149 u32 hash[MD5_DIGEST_WORDS];
150 u64 seq;
151
Eric Dumazet9a3bab62013-09-24 06:19:57 -0700[diff] [blame]152 net_secret_init();
David S. Miller6e5714e2011-08-03 20:50:44 -0700[diff] [blame]153 hash[0] = (__force u32)saddr;
154 hash[1] = (__force u32)daddr;
155 hash[2] = ((__force u16)sport << 16) + (__force u16)dport;
156 hash[3] = net_secret[15];
157
158 md5_transform(hash, net_secret);
159
160 seq = hash[0] | (((u64)hash[1]) << 32);
161 seq += ktime_to_ns(ktime_get_real());
162 seq &= (1ull << 48) - 1;
163
164 return seq;
165}
166EXPORT_SYMBOL(secure_dccp_sequence_number);
167
Eric Dumazetdfd56b82011-12-10 09:48:31 +0000[diff] [blame]168#if IS_ENABLED(CONFIG_IPV6)
David S. Miller6e5714e2011-08-03 20:50:44 -0700[diff] [blame]169u64 secure_dccpv6_sequence_number(__be32 *saddr, __be32 *daddr,
170 __be16 sport, __be16 dport)
171{
172 u32 secret[MD5_MESSAGE_BYTES / 4];
173 u32 hash[MD5_DIGEST_WORDS];
174 u64 seq;
175 u32 i;
176
Eric Dumazet9a3bab62013-09-24 06:19:57 -0700[diff] [blame]177 net_secret_init();
David S. Miller6e5714e2011-08-03 20:50:44 -0700[diff] [blame]178 memcpy(hash, saddr, 16);
179 for (i = 0; i < 4; i++)
180 secret[i] = net_secret[i] + daddr[i];
181 secret[4] = net_secret[4] +
182 (((__force u16)sport << 16) + (__force u16)dport);
183 for (i = 5; i < MD5_MESSAGE_BYTES / 4; i++)
184 secret[i] = net_secret[i];
185
186 md5_transform(hash, secret);
187
188 seq = hash[0] | (((u64)hash[1]) << 32);
189 seq += ktime_to_ns(ktime_get_real());
190 seq &= (1ull << 48) - 1;
191
192 return seq;
193}
194EXPORT_SYMBOL(secure_dccpv6_sequence_number);
195#endif
196#endif