1 | /**
|
---|
2 | * @file
|
---|
3 | *
|
---|
4 | * Reference implementation of the TCP ISN algorithm standardized in RFC 6528.
|
---|
5 | * Produce TCP Initial Sequence Numbers by combining an MD5-generated hash
|
---|
6 | * based on the new TCP connection's identity and a stable secret, with the
|
---|
7 | * current time at 4-microsecond granularity.
|
---|
8 | *
|
---|
9 | * Specifically, the implementation uses MD5 to compute a hash of the input
|
---|
10 | * buffer, which contains both the four-tuple of the new TCP connection (local
|
---|
11 | * and remote IP address and port), as well as a 16-byte secret to make the
|
---|
12 | * results unpredictable to external parties. The secret must be given at
|
---|
13 | * initialization time and should ideally remain the same across system
|
---|
14 | * reboots. To be sure: the spoofing-resistance of the resulting ISN depends
|
---|
15 | * mainly on the strength of the supplied secret!
|
---|
16 | *
|
---|
17 | * The implementation takes 32 bits from the computed hash, and adds to it the
|
---|
18 | * current time, in 4-microsecond units. The current time is computed from a
|
---|
19 | * boot time given at initialization, and the current uptime as provided by
|
---|
20 | * sys_now(). Thus, it assumes that sys_now() returns a time value that is
|
---|
21 | * relative to the boot time, i.e., that it starts at 0 at system boot, and
|
---|
22 | * only ever increases monotonically.
|
---|
23 | *
|
---|
24 | * For efficiency reasons, a single MD5 input buffer is used, and partially
|
---|
25 | * filled in at initialization time. Specifically, of this 64-byte buffer, the
|
---|
26 | * first 36 bytes are used for the four-way TCP tuple data, followed by the
|
---|
27 | * 16-byte secret, followed by 12-byte zero padding. The 64-byte size of the
|
---|
28 | * buffer should achieve the best performance for the actual MD5 computation.
|
---|
29 | *
|
---|
30 | * Basic usage:
|
---|
31 | *
|
---|
32 | * 1. in your lwipopts.h, add the following lines:
|
---|
33 | *
|
---|
34 | * #include <lwip/arch.h>
|
---|
35 | * struct ip_addr;
|
---|
36 | * u32_t lwip_hook_tcp_isn(const struct ip_addr *local_ip, u16_t local_port,
|
---|
37 | * const struct ip_addr *remote_ip, u16_t remote_port);
|
---|
38 | * "#define LWIP_HOOK_TCP_ISN lwip_hook_tcp_isn";
|
---|
39 | *
|
---|
40 | * 2. from your own code, call lwip_init_tcp_isn() at initialization time, with
|
---|
41 | * appropriate parameters.
|
---|
42 | */
|
---|
43 |
|
---|
44 | /*
|
---|
45 | * Copyright (c) 2016 The MINIX 3 Project.
|
---|
46 | * All rights reserved.
|
---|
47 | *
|
---|
48 | * Redistribution and use in source and binary forms, with or without modification,
|
---|
49 | * are permitted provided that the following conditions are met:
|
---|
50 | *
|
---|
51 | * 1. Redistributions of source code must retain the above copyright notice,
|
---|
52 | * this list of conditions and the following disclaimer.
|
---|
53 | * 2. Redistributions in binary form must reproduce the above copyright notice,
|
---|
54 | * this list of conditions and the following disclaimer in the documentation
|
---|
55 | * and/or other materials provided with the distribution.
|
---|
56 | * 3. The name of the author may not be used to endorse or promote products
|
---|
57 | * derived from this software without specific prior written permission.
|
---|
58 | *
|
---|
59 | * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED
|
---|
60 | * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
|
---|
61 | * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT
|
---|
62 | * SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
|
---|
63 | * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT
|
---|
64 | * OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
|
---|
65 | * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
|
---|
66 | * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING
|
---|
67 | * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY
|
---|
68 | * OF SUCH DAMAGE.
|
---|
69 | *
|
---|
70 | * Author: David van Moolenbroek <david@minix3.org>
|
---|
71 | */
|
---|
72 |
|
---|
73 | #include "tcp_isn.h"
|
---|
74 | #include "lwip/ip_addr.h"
|
---|
75 | #include "lwip/sys.h"
|
---|
76 | #include <string.h>
|
---|
77 |
|
---|
78 | #ifdef LWIP_HOOK_TCP_ISN
|
---|
79 |
|
---|
80 | /* pull in md5 of ppp? */
|
---|
81 | #include "netif/ppp/ppp_opts.h"
|
---|
82 | #if !PPP_SUPPORT || (!LWIP_USE_EXTERNAL_POLARSSL && !LWIP_USE_EXTERNAL_MBEDTLS)
|
---|
83 | #undef LWIP_INCLUDED_POLARSSL_MD5
|
---|
84 | #define LWIP_INCLUDED_POLARSSL_MD5 1
|
---|
85 | #include "netif/ppp/polarssl/md5.h"
|
---|
86 | #endif
|
---|
87 |
|
---|
88 | static u8_t input[64];
|
---|
89 | static u32_t base_time;
|
---|
90 |
|
---|
91 | /**
|
---|
92 | * Initialize the TCP ISN module, with the boot time and a secret.
|
---|
93 | *
|
---|
94 | * @param boot_time Wall clock boot time of the system, in seconds.
|
---|
95 | * @param secret_16_bytes A 16-byte secret used to randomize the TCP ISNs.
|
---|
96 | */
|
---|
97 | void
|
---|
98 | lwip_init_tcp_isn(u32_t boot_time, const u8_t *secret_16_bytes)
|
---|
99 | {
|
---|
100 | /* Initialize the input buffer with the secret and trailing zeroes. */
|
---|
101 | memset(input, 0, sizeof(input));
|
---|
102 |
|
---|
103 | MEMCPY(&input[36], secret_16_bytes, 16);
|
---|
104 |
|
---|
105 | /* Save the boot time in 4-us units. Overflow is no problem here. */
|
---|
106 | base_time = boot_time * 250000;
|
---|
107 | }
|
---|
108 |
|
---|
109 | /**
|
---|
110 | * Hook to generate an Initial Sequence Number (ISN) for a new TCP connection.
|
---|
111 | *
|
---|
112 | * @param local_ip The local IP address.
|
---|
113 | * @param local_port The local port number, in host-byte order.
|
---|
114 | * @param remote_ip The remote IP address.
|
---|
115 | * @param remote_port The remote port number, in host-byte order.
|
---|
116 | * @return The ISN to use for the new TCP connection.
|
---|
117 | */
|
---|
118 | u32_t
|
---|
119 | lwip_hook_tcp_isn(const ip_addr_t *local_ip, u16_t local_port,
|
---|
120 | const ip_addr_t *remote_ip, u16_t remote_port)
|
---|
121 | {
|
---|
122 | md5_context ctx;
|
---|
123 | u8_t output[16];
|
---|
124 | u32_t isn;
|
---|
125 |
|
---|
126 | #if LWIP_IPV4 && LWIP_IPV6
|
---|
127 | if (IP_IS_V6(local_ip))
|
---|
128 | #endif /* LWIP_IPV4 && LWIP_IPV6 */
|
---|
129 | #if LWIP_IPV6
|
---|
130 | {
|
---|
131 | const ip6_addr_t *local_ip6, *remote_ip6;
|
---|
132 |
|
---|
133 | local_ip6 = ip_2_ip6(local_ip);
|
---|
134 | remote_ip6 = ip_2_ip6(remote_ip);
|
---|
135 |
|
---|
136 | SMEMCPY(&input[0], &local_ip6->addr, 16);
|
---|
137 | SMEMCPY(&input[16], &remote_ip6->addr, 16);
|
---|
138 | }
|
---|
139 | #endif /* LWIP_IPV6 */
|
---|
140 | #if LWIP_IPV4 && LWIP_IPV6
|
---|
141 | else
|
---|
142 | #endif /* LWIP_IPV4 && LWIP_IPV6 */
|
---|
143 | #if LWIP_IPV4
|
---|
144 | {
|
---|
145 | const ip4_addr_t *local_ip4, *remote_ip4;
|
---|
146 |
|
---|
147 | local_ip4 = ip_2_ip4(local_ip);
|
---|
148 | remote_ip4 = ip_2_ip4(remote_ip);
|
---|
149 |
|
---|
150 | /* Represent IPv4 addresses as IPv4-mapped IPv6 addresses, to ensure that
|
---|
151 | * the IPv4 and IPv6 address spaces are completely disjoint. */
|
---|
152 | memset(&input[0], 0, 10);
|
---|
153 | input[10] = 0xff;
|
---|
154 | input[11] = 0xff;
|
---|
155 | SMEMCPY(&input[12], &local_ip4->addr, 4);
|
---|
156 | memset(&input[16], 0, 10);
|
---|
157 | input[26] = 0xff;
|
---|
158 | input[27] = 0xff;
|
---|
159 | SMEMCPY(&input[28], &remote_ip4->addr, 4);
|
---|
160 | }
|
---|
161 | #endif /* LWIP_IPV4 */
|
---|
162 |
|
---|
163 | input[32] = (u8_t)(local_port >> 8);
|
---|
164 | input[33] = (u8_t)(local_port & 0xff);
|
---|
165 | input[34] = (u8_t)(remote_port >> 8);
|
---|
166 | input[35] = (u8_t)(remote_port & 0xff);
|
---|
167 |
|
---|
168 | /* The secret and padding are already filled in. */
|
---|
169 |
|
---|
170 | /* Generate the hash, using MD5. */
|
---|
171 | md5_starts(&ctx);
|
---|
172 | md5_update(&ctx, input, sizeof(input));
|
---|
173 | md5_finish(&ctx, output);
|
---|
174 |
|
---|
175 | /* Arbitrarily take the first 32 bits from the generated hash. */
|
---|
176 | MEMCPY(&isn, output, sizeof(isn));
|
---|
177 |
|
---|
178 | /* Add the current time in 4-microsecond units. */
|
---|
179 | return isn + base_time + sys_now() * 250;
|
---|
180 | }
|
---|
181 |
|
---|
182 | #endif /* LWIP_HOOK_TCP_ISN */
|
---|