diff options
-rw-r--r-- | sys/conf/files | 3 | ||||
-rw-r--r-- | sys/crypto/idgen.c | 137 | ||||
-rw-r--r-- | sys/crypto/idgen.h | 30 | ||||
-rw-r--r-- | sys/netinet6/ip6_id.c | 22 | ||||
-rw-r--r-- | sys/netinet6/ip6_input.c | 3 | ||||
-rw-r--r-- | sys/netinet6/ip6_output.c | 20 | ||||
-rw-r--r-- | sys/netinet6/ip6_var.h | 5 | ||||
-rw-r--r-- | sys/nfs/krpc_subr.c | 25 | ||||
-rw-r--r-- | sys/nfs/nfs_subs.c | 27 | ||||
-rw-r--r-- | sys/nfs/nfs_var.h | 3 |
10 files changed, 237 insertions, 38 deletions
diff --git a/sys/conf/files b/sys/conf/files index 6651bbeb9d9..958ab8fd5fd 100644 --- a/sys/conf/files +++ b/sys/conf/files @@ -1,4 +1,4 @@ -# $OpenBSD: files,v 1.431 2008/05/06 13:33:50 pyr Exp $ +# $OpenBSD: files,v 1.432 2008/06/09 22:47:41 djm Exp $ # $NetBSD: files,v 1.87 1996/05/19 17:17:50 jonathan Exp $ # @(#)files.newconf 7.5 (Berkeley) 5/10/93 @@ -839,6 +839,7 @@ file crypto/xform.c (inet & ipsec) | crypto file crypto/deflate.c (inet & ipsec) | crypto file crypto/arc4.c file crypto/michael.c wlan +file crypto/idgen.c inet6 | nfsclient | nfsserver file netatalk/aarp.c netatalk file netatalk/at_control.c netatalk file netatalk/at_proto.c netatalk diff --git a/sys/crypto/idgen.c b/sys/crypto/idgen.c new file mode 100644 index 00000000000..e96de57c6a0 --- /dev/null +++ b/sys/crypto/idgen.c @@ -0,0 +1,137 @@ +/* + * Copyright (c) 2008 Damien Miller <djm@mindrot.org> + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +/* + * IDGEN32: non-repeating ID generation covering an almost maximal + * 32 bit range. + * Based on public domain SKIP32 by Greg Rose. + */ + +#include <sys/types.h> +#include <sys/systm.h> +#include <dev/rndvar.h> +#include <crypto/idgen.h> + +static u_int16_t idgen32_g(u_int8_t *, int, u_int16_t); +u_int32_t idgen32_permute(u_int8_t key[IDGEN32_KEYLEN], u_int32_t); +void idgen32_rekey(struct idgen32_ctx *); + +static const u_int8_t ftable[256] = { + 0xa3, 0xd7, 0x09, 0x83, 0xf8, 0x48, 0xf6, 0xf4, + 0xb3, 0x21, 0x15, 0x78, 0x99, 0xb1, 0xaf, 0xf9, + 0xe7, 0x2d, 0x4d, 0x8a, 0xce, 0x4c, 0xca, 0x2e, + 0x52, 0x95, 0xd9, 0x1e, 0x4e, 0x38, 0x44, 0x28, + 0x0a, 0xdf, 0x02, 0xa0, 0x17, 0xf1, 0x60, 0x68, + 0x12, 0xb7, 0x7a, 0xc3, 0xe9, 0xfa, 0x3d, 0x53, + 0x96, 0x84, 0x6b, 0xba, 0xf2, 0x63, 0x9a, 0x19, + 0x7c, 0xae, 0xe5, 0xf5, 0xf7, 0x16, 0x6a, 0xa2, + 0x39, 0xb6, 0x7b, 0x0f, 0xc1, 0x93, 0x81, 0x1b, + 0xee, 0xb4, 0x1a, 0xea, 0xd0, 0x91, 0x2f, 0xb8, + 0x55, 0xb9, 0xda, 0x85, 0x3f, 0x41, 0xbf, 0xe0, + 0x5a, 0x58, 0x80, 0x5f, 0x66, 0x0b, 0xd8, 0x90, + 0x35, 0xd5, 0xc0, 0xa7, 0x33, 0x06, 0x65, 0x69, + 0x45, 0x00, 0x94, 0x56, 0x6d, 0x98, 0x9b, 0x76, + 0x97, 0xfc, 0xb2, 0xc2, 0xb0, 0xfe, 0xdb, 0x20, + 0xe1, 0xeb, 0xd6, 0xe4, 0xdd, 0x47, 0x4a, 0x1d, + 0x42, 0xed, 0x9e, 0x6e, 0x49, 0x3c, 0xcd, 0x43, + 0x27, 0xd2, 0x07, 0xd4, 0xde, 0xc7, 0x67, 0x18, + 0x89, 0xcb, 0x30, 0x1f, 0x8d, 0xc6, 0x8f, 0xaa, + 0xc8, 0x74, 0xdc, 0xc9, 0x5d, 0x5c, 0x31, 0xa4, + 0x70, 0x88, 0x61, 0x2c, 0x9f, 0x0d, 0x2b, 0x87, + 0x50, 0x82, 0x54, 0x64, 0x26, 0x7d, 0x03, 0x40, + 0x34, 0x4b, 0x1c, 0x73, 0xd1, 0xc4, 0xfd, 0x3b, + 0xcc, 0xfb, 0x7f, 0xab, 0xe6, 0x3e, 0x5b, 0xa5, + 0xad, 0x04, 0x23, 0x9c, 0x14, 0x51, 0x22, 0xf0, + 0x29, 0x79, 0x71, 0x7e, 0xff, 0x8c, 0x0e, 0xe2, + 0x0c, 0xef, 0xbc, 0x72, 0x75, 0x6f, 0x37, 0xa1, + 0xec, 0xd3, 0x8e, 0x62, 0x8b, 0x86, 0x10, 0xe8, + 0x08, 0x77, 0x11, 0xbe, 0x92, 0x4f, 0x24, 0xc5, + 0x32, 0x36, 0x9d, 0xcf, 0xf3, 0xa6, 0xbb, 0xac, + 0x5e, 0x6c, 0xa9, 0x13, 0x57, 0x25, 0xb5, 0xe3, + 0xbd, 0xa8, 0x3a, 0x01, 0x05, 0x59, 0x2a, 0x46 +}; + +static u_int16_t +idgen32_g(u_int8_t *key, int k, u_int16_t w) +{ + u_int8_t g1, g2, g3, g4, g5, g6; + u_int o = k * 4; + + g1 = (w >> 8) & 0xff; + g2 = w & 0xff; + + g3 = ftable[g2 ^ key[o++ & (IDGEN32_KEYLEN - 1)]] ^ g1; + g4 = ftable[g3 ^ key[o++ & (IDGEN32_KEYLEN - 1)]] ^ g2; + g5 = ftable[g4 ^ key[o++ & (IDGEN32_KEYLEN - 1)]] ^ g3; + g6 = ftable[g5 ^ key[o++ & (IDGEN32_KEYLEN - 1)]] ^ g4; + + return (g5 << 8) | g6; +} + +u_int32_t +idgen32_permute(u_int8_t key[IDGEN32_KEYLEN], u_int32_t in) +{ + u_int i, r; + u_int16_t wl, wr; + + wl = (in >> 16) & 0x7fff; + wr = in & 0xffff; + + /* Doubled up rounds, with an odd round at the end to swap */ + for (i = r = 0; i < IDGEN32_ROUNDS / 2; ++i) { + wr ^= (idgen32_g(key, r, wl) ^ r); + r++; + wl ^= (idgen32_g(key, r, wr) ^ r) & 0x7fff; + r++; + } + wr ^= (idgen32_g(key, r, wl) ^ r); + + return (wl << 16) | wr; +} + +void +idgen32_rekey(struct idgen32_ctx *ctx) +{ + ctx->counter = 0; + ctx->hibit ^= 0x80000000; + arc4random_buf(ctx->key, sizeof(ctx->key)); +} + +void +idgen32_init(struct idgen32_ctx *ctx) +{ + bzero(ctx, sizeof(ctx)); + ctx->hibit = arc4random() & 0x80000000; + idgen32_rekey(ctx); +} + +u_int32_t +idgen32(struct idgen32_ctx *ctx) +{ + u_int32_t ret; + + /* Avoid emitting a zero ID as they often have special meaning */ + do { + ret = idgen32_permute(ctx->key, ctx->counter++) | ctx->hibit; + + /* Rekey a little early to avoid "card counting" attack */ + if (ctx->counter > IDGEN32_REKEY_LIMIT) + idgen32_rekey(ctx); + } while (ret == 0); + + return ret; +} + diff --git a/sys/crypto/idgen.h b/sys/crypto/idgen.h new file mode 100644 index 00000000000..588aa15aa64 --- /dev/null +++ b/sys/crypto/idgen.h @@ -0,0 +1,30 @@ +/* $OpenBSD: idgen.h,v 1.1 2008/06/09 22:47:41 djm Exp $ */ +/* + * Copyright (c) 2008 Damien Miller <djm@mindrot.org> + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#define IDGEN32_ROUNDS 31 +#define IDGEN32_KEYLEN 32 +#define IDGEN32_REKEY_LIMIT 0x7ff00000 + +struct idgen32_ctx { + u_int32_t counter; + u_int32_t hibit; + u_int8_t key[IDGEN32_KEYLEN]; +}; + +void idgen32_init(struct idgen32_ctx *); +u_int32_t idgen32(struct idgen32_ctx *); + diff --git a/sys/netinet6/ip6_id.c b/sys/netinet6/ip6_id.c index db562454533..580d1b72062 100644 --- a/sys/netinet6/ip6_id.c +++ b/sys/netinet6/ip6_id.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ip6_id.c,v 1.6 2008/04/18 06:42:20 djm Exp $ */ +/* $OpenBSD: ip6_id.c,v 1.7 2008/06/09 22:47:42 djm Exp $ */ /* $NetBSD: ip6_id.c,v 1.7 2003/09/13 21:32:59 itojun Exp $ */ /* $KAME: ip6_id.c,v 1.8 2003/09/06 13:41:06 itojun Exp $ */ @@ -113,17 +113,6 @@ struct randomtab { long ru_reseed; }; -static struct randomtab randomtab_32 = { - 32, /* resulting bits */ - 180, /* Time after wich will be reseeded */ - 1000000000, /* Uniq cycle, avoid blackjack prediction */ - 2, /* Starting generator */ - 2147483629, /* RU_N-1 = 2^2*3^2*59652323 */ - 7, /* determine ru_a as RU_AGEN^(2*rand) */ - 1836660096, /* RU_M = 2^7*3^15 - don't change */ - { 2, 3, 59652323, 0 }, /* factors of ru_n */ -}; - static struct randomtab randomtab_20 = { 20, /* resulting bits */ 180, /* Time after wich will be reseeded */ @@ -239,15 +228,8 @@ randomid(struct randomtab *p) } u_int32_t -ip6_randomid(void) -{ - - return randomid(&randomtab_32); -} - -u_int32_t ip6_randomflowlabel(void) { - return randomid(&randomtab_20) & 0xfffff; } + diff --git a/sys/netinet6/ip6_input.c b/sys/netinet6/ip6_input.c index 0e645ad416b..fb99a69a989 100644 --- a/sys/netinet6/ip6_input.c +++ b/sys/netinet6/ip6_input.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ip6_input.c,v 1.84 2008/05/15 19:40:38 markus Exp $ */ +/* $OpenBSD: ip6_input.c,v 1.85 2008/06/09 22:47:42 djm Exp $ */ /* $KAME: ip6_input.c,v 1.188 2001/03/29 05:34:31 itojun Exp $ */ /* @@ -160,6 +160,7 @@ ip6_init() pr->pr_protocol && pr->pr_protocol != IPPROTO_RAW) ip6_protox[pr->pr_protocol] = pr - inet6sw; ip6intrq.ifq_maxlen = ip6qmaxlen; + ip6_randomid_init(); nd6_init(); frag6_init(); ip6_init2((void *)0); diff --git a/sys/netinet6/ip6_output.c b/sys/netinet6/ip6_output.c index cca6865818d..d8faf8bbabf 100644 --- a/sys/netinet6/ip6_output.c +++ b/sys/netinet6/ip6_output.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ip6_output.c,v 1.100 2008/03/31 21:15:20 deraadt Exp $ */ +/* $OpenBSD: ip6_output.c,v 1.101 2008/06/09 22:47:42 djm Exp $ */ /* $KAME: ip6_output.c,v 1.172 2001/03/25 09:55:56 itojun Exp $ */ /* @@ -88,6 +88,8 @@ #include <netinet6/nd6.h> #include <netinet6/ip6protosw.h> +#include <crypto/idgen.h> + #if NPF > 0 #include <net/pfvar.h> #endif @@ -132,6 +134,9 @@ static int ip6_getpmtu(struct route_in6 *, struct route_in6 *, struct ifnet *, struct in6_addr *, u_long *, int *); static int copypktopts(struct ip6_pktopts *, struct ip6_pktopts *, int); +/* Context for non-repeating IDs */ +struct idgen32_ctx ip6_id_ctx; + /* * IP6 output. The packet in mbuf chain m contains a skeletal IP6 * header (with pri, len, nxt, hlim, src, dst). @@ -3225,3 +3230,16 @@ ip6_optlen(inp) return len; #undef elen } + +u_int32_t +ip6_randomid(void) +{ + return idgen32(&ip6_id_ctx); +} + +void +ip6_randomid_init(void) +{ + idgen32_init(&ip6_id_ctx); +} + diff --git a/sys/netinet6/ip6_var.h b/sys/netinet6/ip6_var.h index b560d21ee74..33f35df951d 100644 --- a/sys/netinet6/ip6_var.h +++ b/sys/netinet6/ip6_var.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ip6_var.h,v 1.32 2007/12/14 18:33:41 deraadt Exp $ */ +/* $OpenBSD: ip6_var.h,v 1.33 2008/06/09 22:47:42 djm Exp $ */ /* $KAME: ip6_var.h,v 1.33 2000/06/11 14:59:20 jinmei Exp $ */ /* @@ -297,6 +297,8 @@ int ip6_setpktopts(struct mbuf *, struct ip6_pktopts *, void ip6_clearpktopts(struct ip6_pktopts *, int); struct ip6_pktopts *ip6_copypktopts(struct ip6_pktopts *, int); int ip6_optlen(struct inpcb *); +void ip6_randomid_init(void); +u_int32_t ip6_randomid(void); int route6_input(struct mbuf **, int *, int); @@ -324,7 +326,6 @@ int in6_selectroute(struct sockaddr_in6 *, struct ip6_pktopts *, struct ip6_moptions *, struct route_in6 *, struct ifnet **, struct rtentry **); -u_int32_t ip6_randomid(void); u_int32_t ip6_randomflowlabel(void); #endif /* _KERNEL */ diff --git a/sys/nfs/krpc_subr.c b/sys/nfs/krpc_subr.c index 39dfe6ffa59..363a837d985 100644 --- a/sys/nfs/krpc_subr.c +++ b/sys/nfs/krpc_subr.c @@ -1,4 +1,4 @@ -/* $OpenBSD: krpc_subr.c,v 1.15 2008/05/23 15:51:12 thib Exp $ */ +/* $OpenBSD: krpc_subr.c,v 1.16 2008/06/09 22:47:42 djm Exp $ */ /* $NetBSD: krpc_subr.c,v 1.12.4.1 1996/06/07 00:52:26 cgd Exp $ */ /* @@ -61,6 +61,7 @@ #include <nfs/krpc.h> #include <nfs/xdr_subs.h> #include <dev/rndvar.h> +#include <crypto/idgen.h> /* * Kernel support for Sun RPC @@ -115,6 +116,24 @@ struct rpc_reply { #define MIN_REPLY_HDR 16 /* xid, dir, astat, errno */ +u_int32_t krpc_get_xid(void); + +/* + * Return an unpredictable XID. + */ +u_int32_t +krpc_get_xid(void) +{ + static struct idgen32_ctx krpc_xid_ctx; + static int called = 0; + + if (!called) { + called = 1; + idgen32_init(&krpc_xid_ctx); + } + return idgen32(&krpc_xid_ctx); +} + /* * What is the longest we will wait before re-sending a request? * Note this is also the frequency of "RPC timeout" messages. @@ -201,7 +220,6 @@ krpc_call(sa, prog, vers, func, data, from_p, retries) struct uio auio; int error, rcvflg, timo, secs, len; static u_int32_t xid = 0; - u_int32_t newxid; int *ip; struct timeval *tv; @@ -299,8 +317,7 @@ krpc_call(sa, prog, vers, func, data, from_p, retries) mhead->m_len = sizeof(*call); bzero((caddr_t)call, sizeof(*call)); /* rpc_call part */ - while ((newxid = arc4random()) == xid); - xid = newxid; + xid = krpc_get_xid(); call->rp_xid = txdr_unsigned(xid); /* call->rp_direction = 0; */ call->rp_rpcvers = txdr_unsigned(2); diff --git a/sys/nfs/nfs_subs.c b/sys/nfs/nfs_subs.c index 4a685c0402c..a0388edd5d5 100644 --- a/sys/nfs/nfs_subs.c +++ b/sys/nfs/nfs_subs.c @@ -1,4 +1,4 @@ -/* $OpenBSD: nfs_subs.c,v 1.74 2008/04/22 18:53:34 thib Exp $ */ +/* $OpenBSD: nfs_subs.c,v 1.75 2008/06/09 22:47:42 djm Exp $ */ /* $NetBSD: nfs_subs.c,v 1.27.4.3 1996/07/08 20:34:24 jtc Exp $ */ /* @@ -72,6 +72,7 @@ #include <netinet/in.h> #include <dev/rndvar.h> +#include <crypto/idgen.h> int nfs_attrtimeo(struct nfsnode *np); @@ -547,6 +548,22 @@ nfsm_reqh(vp, procid, hsiz, bposp) } /* + * Return an unpredictable XID. + */ +u_int32_t +nfsm_get_xid(void) +{ + static struct idgen32_ctx nfs_xid_ctx; + static int called = 0; + + if (!called) { + called = 1; + idgen32_init(&nfs_xid_ctx); + } + return idgen32(&nfs_xid_ctx); +} + +/* * Build the RPC header and fill in the authorization info. * Right now we are pretty centric around RPCAUTH_UNIX, in the * future, this function will need some love to be able to handle @@ -558,7 +575,6 @@ nfsm_rpchead(struct nfsreq *req, struct ucred *cr, int auth_type, { struct mbuf *mb; u_int32_t *tl; - u_int32_t xid; caddr_t bpos; int i, authsiz, auth_len, ngroups; @@ -602,12 +618,7 @@ nfsm_rpchead(struct nfsreq *req, struct ucred *cr, int auth_type, tl = nfsm_build(&mb, 6 * NFSX_UNSIGNED, &bpos); /* Get a new (non-zero) xid */ - do { - while ((xid = arc4random() & 0xff) == 0) - ; - nfs_xid += xid; - } while (nfs_xid == 0); - + nfs_xid = nfsm_get_xid(); *tl++ = req->r_xid = txdr_unsigned(nfs_xid); *tl++ = rpc_call; diff --git a/sys/nfs/nfs_var.h b/sys/nfs/nfs_var.h index 7abe9411ce7..19e29c0afa2 100644 --- a/sys/nfs/nfs_var.h +++ b/sys/nfs/nfs_var.h @@ -1,4 +1,4 @@ -/* $OpenBSD: nfs_var.h,v 1.35 2008/04/22 18:53:34 thib Exp $ */ +/* $OpenBSD: nfs_var.h,v 1.36 2008/06/09 22:47:42 djm Exp $ */ /* $NetBSD: nfs_var.h,v 1.3 1996/02/18 11:53:54 fvdl Exp $ */ /* @@ -238,6 +238,7 @@ void nfsrv_cleancache(void); /* nfs_subs.c */ struct mbuf *nfsm_reqh(struct vnode *, u_long, int, caddr_t *); +u_int32_t nfsm_get_xid(void); void nfsm_rpchead(struct nfsreq *, struct ucred *, int, struct mbuf *, int); void *nfsm_build(struct mbuf **, u_int, caddr_t *); int nfsm_mbuftouio(struct mbuf **, struct uio *, int, caddr_t *); |