summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--sys/conf/files3
-rw-r--r--sys/crypto/idgen.c137
-rw-r--r--sys/crypto/idgen.h30
-rw-r--r--sys/netinet6/ip6_id.c22
-rw-r--r--sys/netinet6/ip6_input.c3
-rw-r--r--sys/netinet6/ip6_output.c20
-rw-r--r--sys/netinet6/ip6_var.h5
-rw-r--r--sys/nfs/krpc_subr.c25
-rw-r--r--sys/nfs/nfs_subs.c27
-rw-r--r--sys/nfs/nfs_var.h3
10 files changed, 237 insertions, 38 deletions
diff --git a/sys/conf/files b/sys/conf/files
index 6651bbeb9d9..958ab8fd5fd 100644
--- a/sys/conf/files
+++ b/sys/conf/files
@@ -1,4 +1,4 @@
-# $OpenBSD: files,v 1.431 2008/05/06 13:33:50 pyr Exp $
+# $OpenBSD: files,v 1.432 2008/06/09 22:47:41 djm Exp $
# $NetBSD: files,v 1.87 1996/05/19 17:17:50 jonathan Exp $
# @(#)files.newconf 7.5 (Berkeley) 5/10/93
@@ -839,6 +839,7 @@ file crypto/xform.c (inet & ipsec) | crypto
file crypto/deflate.c (inet & ipsec) | crypto
file crypto/arc4.c
file crypto/michael.c wlan
+file crypto/idgen.c inet6 | nfsclient | nfsserver
file netatalk/aarp.c netatalk
file netatalk/at_control.c netatalk
file netatalk/at_proto.c netatalk
diff --git a/sys/crypto/idgen.c b/sys/crypto/idgen.c
new file mode 100644
index 00000000000..e96de57c6a0
--- /dev/null
+++ b/sys/crypto/idgen.c
@@ -0,0 +1,137 @@
+/*
+ * Copyright (c) 2008 Damien Miller <djm@mindrot.org>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/*
+ * IDGEN32: non-repeating ID generation covering an almost maximal
+ * 32 bit range.
+ * Based on public domain SKIP32 by Greg Rose.
+ */
+
+#include <sys/types.h>
+#include <sys/systm.h>
+#include <dev/rndvar.h>
+#include <crypto/idgen.h>
+
+static u_int16_t idgen32_g(u_int8_t *, int, u_int16_t);
+u_int32_t idgen32_permute(u_int8_t key[IDGEN32_KEYLEN], u_int32_t);
+void idgen32_rekey(struct idgen32_ctx *);
+
+static const u_int8_t ftable[256] = {
+ 0xa3, 0xd7, 0x09, 0x83, 0xf8, 0x48, 0xf6, 0xf4,
+ 0xb3, 0x21, 0x15, 0x78, 0x99, 0xb1, 0xaf, 0xf9,
+ 0xe7, 0x2d, 0x4d, 0x8a, 0xce, 0x4c, 0xca, 0x2e,
+ 0x52, 0x95, 0xd9, 0x1e, 0x4e, 0x38, 0x44, 0x28,
+ 0x0a, 0xdf, 0x02, 0xa0, 0x17, 0xf1, 0x60, 0x68,
+ 0x12, 0xb7, 0x7a, 0xc3, 0xe9, 0xfa, 0x3d, 0x53,
+ 0x96, 0x84, 0x6b, 0xba, 0xf2, 0x63, 0x9a, 0x19,
+ 0x7c, 0xae, 0xe5, 0xf5, 0xf7, 0x16, 0x6a, 0xa2,
+ 0x39, 0xb6, 0x7b, 0x0f, 0xc1, 0x93, 0x81, 0x1b,
+ 0xee, 0xb4, 0x1a, 0xea, 0xd0, 0x91, 0x2f, 0xb8,
+ 0x55, 0xb9, 0xda, 0x85, 0x3f, 0x41, 0xbf, 0xe0,
+ 0x5a, 0x58, 0x80, 0x5f, 0x66, 0x0b, 0xd8, 0x90,
+ 0x35, 0xd5, 0xc0, 0xa7, 0x33, 0x06, 0x65, 0x69,
+ 0x45, 0x00, 0x94, 0x56, 0x6d, 0x98, 0x9b, 0x76,
+ 0x97, 0xfc, 0xb2, 0xc2, 0xb0, 0xfe, 0xdb, 0x20,
+ 0xe1, 0xeb, 0xd6, 0xe4, 0xdd, 0x47, 0x4a, 0x1d,
+ 0x42, 0xed, 0x9e, 0x6e, 0x49, 0x3c, 0xcd, 0x43,
+ 0x27, 0xd2, 0x07, 0xd4, 0xde, 0xc7, 0x67, 0x18,
+ 0x89, 0xcb, 0x30, 0x1f, 0x8d, 0xc6, 0x8f, 0xaa,
+ 0xc8, 0x74, 0xdc, 0xc9, 0x5d, 0x5c, 0x31, 0xa4,
+ 0x70, 0x88, 0x61, 0x2c, 0x9f, 0x0d, 0x2b, 0x87,
+ 0x50, 0x82, 0x54, 0x64, 0x26, 0x7d, 0x03, 0x40,
+ 0x34, 0x4b, 0x1c, 0x73, 0xd1, 0xc4, 0xfd, 0x3b,
+ 0xcc, 0xfb, 0x7f, 0xab, 0xe6, 0x3e, 0x5b, 0xa5,
+ 0xad, 0x04, 0x23, 0x9c, 0x14, 0x51, 0x22, 0xf0,
+ 0x29, 0x79, 0x71, 0x7e, 0xff, 0x8c, 0x0e, 0xe2,
+ 0x0c, 0xef, 0xbc, 0x72, 0x75, 0x6f, 0x37, 0xa1,
+ 0xec, 0xd3, 0x8e, 0x62, 0x8b, 0x86, 0x10, 0xe8,
+ 0x08, 0x77, 0x11, 0xbe, 0x92, 0x4f, 0x24, 0xc5,
+ 0x32, 0x36, 0x9d, 0xcf, 0xf3, 0xa6, 0xbb, 0xac,
+ 0x5e, 0x6c, 0xa9, 0x13, 0x57, 0x25, 0xb5, 0xe3,
+ 0xbd, 0xa8, 0x3a, 0x01, 0x05, 0x59, 0x2a, 0x46
+};
+
+static u_int16_t
+idgen32_g(u_int8_t *key, int k, u_int16_t w)
+{
+ u_int8_t g1, g2, g3, g4, g5, g6;
+ u_int o = k * 4;
+
+ g1 = (w >> 8) & 0xff;
+ g2 = w & 0xff;
+
+ g3 = ftable[g2 ^ key[o++ & (IDGEN32_KEYLEN - 1)]] ^ g1;
+ g4 = ftable[g3 ^ key[o++ & (IDGEN32_KEYLEN - 1)]] ^ g2;
+ g5 = ftable[g4 ^ key[o++ & (IDGEN32_KEYLEN - 1)]] ^ g3;
+ g6 = ftable[g5 ^ key[o++ & (IDGEN32_KEYLEN - 1)]] ^ g4;
+
+ return (g5 << 8) | g6;
+}
+
+u_int32_t
+idgen32_permute(u_int8_t key[IDGEN32_KEYLEN], u_int32_t in)
+{
+ u_int i, r;
+ u_int16_t wl, wr;
+
+ wl = (in >> 16) & 0x7fff;
+ wr = in & 0xffff;
+
+ /* Doubled up rounds, with an odd round at the end to swap */
+ for (i = r = 0; i < IDGEN32_ROUNDS / 2; ++i) {
+ wr ^= (idgen32_g(key, r, wl) ^ r);
+ r++;
+ wl ^= (idgen32_g(key, r, wr) ^ r) & 0x7fff;
+ r++;
+ }
+ wr ^= (idgen32_g(key, r, wl) ^ r);
+
+ return (wl << 16) | wr;
+}
+
+void
+idgen32_rekey(struct idgen32_ctx *ctx)
+{
+ ctx->counter = 0;
+ ctx->hibit ^= 0x80000000;
+ arc4random_buf(ctx->key, sizeof(ctx->key));
+}
+
+void
+idgen32_init(struct idgen32_ctx *ctx)
+{
+ bzero(ctx, sizeof(ctx));
+ ctx->hibit = arc4random() & 0x80000000;
+ idgen32_rekey(ctx);
+}
+
+u_int32_t
+idgen32(struct idgen32_ctx *ctx)
+{
+ u_int32_t ret;
+
+ /* Avoid emitting a zero ID as they often have special meaning */
+ do {
+ ret = idgen32_permute(ctx->key, ctx->counter++) | ctx->hibit;
+
+ /* Rekey a little early to avoid "card counting" attack */
+ if (ctx->counter > IDGEN32_REKEY_LIMIT)
+ idgen32_rekey(ctx);
+ } while (ret == 0);
+
+ return ret;
+}
+
diff --git a/sys/crypto/idgen.h b/sys/crypto/idgen.h
new file mode 100644
index 00000000000..588aa15aa64
--- /dev/null
+++ b/sys/crypto/idgen.h
@@ -0,0 +1,30 @@
+/* $OpenBSD: idgen.h,v 1.1 2008/06/09 22:47:41 djm Exp $ */
+/*
+ * Copyright (c) 2008 Damien Miller <djm@mindrot.org>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#define IDGEN32_ROUNDS 31
+#define IDGEN32_KEYLEN 32
+#define IDGEN32_REKEY_LIMIT 0x7ff00000
+
+struct idgen32_ctx {
+ u_int32_t counter;
+ u_int32_t hibit;
+ u_int8_t key[IDGEN32_KEYLEN];
+};
+
+void idgen32_init(struct idgen32_ctx *);
+u_int32_t idgen32(struct idgen32_ctx *);
+
diff --git a/sys/netinet6/ip6_id.c b/sys/netinet6/ip6_id.c
index db562454533..580d1b72062 100644
--- a/sys/netinet6/ip6_id.c
+++ b/sys/netinet6/ip6_id.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ip6_id.c,v 1.6 2008/04/18 06:42:20 djm Exp $ */
+/* $OpenBSD: ip6_id.c,v 1.7 2008/06/09 22:47:42 djm Exp $ */
/* $NetBSD: ip6_id.c,v 1.7 2003/09/13 21:32:59 itojun Exp $ */
/* $KAME: ip6_id.c,v 1.8 2003/09/06 13:41:06 itojun Exp $ */
@@ -113,17 +113,6 @@ struct randomtab {
long ru_reseed;
};
-static struct randomtab randomtab_32 = {
- 32, /* resulting bits */
- 180, /* Time after wich will be reseeded */
- 1000000000, /* Uniq cycle, avoid blackjack prediction */
- 2, /* Starting generator */
- 2147483629, /* RU_N-1 = 2^2*3^2*59652323 */
- 7, /* determine ru_a as RU_AGEN^(2*rand) */
- 1836660096, /* RU_M = 2^7*3^15 - don't change */
- { 2, 3, 59652323, 0 }, /* factors of ru_n */
-};
-
static struct randomtab randomtab_20 = {
20, /* resulting bits */
180, /* Time after wich will be reseeded */
@@ -239,15 +228,8 @@ randomid(struct randomtab *p)
}
u_int32_t
-ip6_randomid(void)
-{
-
- return randomid(&randomtab_32);
-}
-
-u_int32_t
ip6_randomflowlabel(void)
{
-
return randomid(&randomtab_20) & 0xfffff;
}
+
diff --git a/sys/netinet6/ip6_input.c b/sys/netinet6/ip6_input.c
index 0e645ad416b..fb99a69a989 100644
--- a/sys/netinet6/ip6_input.c
+++ b/sys/netinet6/ip6_input.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ip6_input.c,v 1.84 2008/05/15 19:40:38 markus Exp $ */
+/* $OpenBSD: ip6_input.c,v 1.85 2008/06/09 22:47:42 djm Exp $ */
/* $KAME: ip6_input.c,v 1.188 2001/03/29 05:34:31 itojun Exp $ */
/*
@@ -160,6 +160,7 @@ ip6_init()
pr->pr_protocol && pr->pr_protocol != IPPROTO_RAW)
ip6_protox[pr->pr_protocol] = pr - inet6sw;
ip6intrq.ifq_maxlen = ip6qmaxlen;
+ ip6_randomid_init();
nd6_init();
frag6_init();
ip6_init2((void *)0);
diff --git a/sys/netinet6/ip6_output.c b/sys/netinet6/ip6_output.c
index cca6865818d..d8faf8bbabf 100644
--- a/sys/netinet6/ip6_output.c
+++ b/sys/netinet6/ip6_output.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ip6_output.c,v 1.100 2008/03/31 21:15:20 deraadt Exp $ */
+/* $OpenBSD: ip6_output.c,v 1.101 2008/06/09 22:47:42 djm Exp $ */
/* $KAME: ip6_output.c,v 1.172 2001/03/25 09:55:56 itojun Exp $ */
/*
@@ -88,6 +88,8 @@
#include <netinet6/nd6.h>
#include <netinet6/ip6protosw.h>
+#include <crypto/idgen.h>
+
#if NPF > 0
#include <net/pfvar.h>
#endif
@@ -132,6 +134,9 @@ static int ip6_getpmtu(struct route_in6 *, struct route_in6 *,
struct ifnet *, struct in6_addr *, u_long *, int *);
static int copypktopts(struct ip6_pktopts *, struct ip6_pktopts *, int);
+/* Context for non-repeating IDs */
+struct idgen32_ctx ip6_id_ctx;
+
/*
* IP6 output. The packet in mbuf chain m contains a skeletal IP6
* header (with pri, len, nxt, hlim, src, dst).
@@ -3225,3 +3230,16 @@ ip6_optlen(inp)
return len;
#undef elen
}
+
+u_int32_t
+ip6_randomid(void)
+{
+ return idgen32(&ip6_id_ctx);
+}
+
+void
+ip6_randomid_init(void)
+{
+ idgen32_init(&ip6_id_ctx);
+}
+
diff --git a/sys/netinet6/ip6_var.h b/sys/netinet6/ip6_var.h
index b560d21ee74..33f35df951d 100644
--- a/sys/netinet6/ip6_var.h
+++ b/sys/netinet6/ip6_var.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ip6_var.h,v 1.32 2007/12/14 18:33:41 deraadt Exp $ */
+/* $OpenBSD: ip6_var.h,v 1.33 2008/06/09 22:47:42 djm Exp $ */
/* $KAME: ip6_var.h,v 1.33 2000/06/11 14:59:20 jinmei Exp $ */
/*
@@ -297,6 +297,8 @@ int ip6_setpktopts(struct mbuf *, struct ip6_pktopts *,
void ip6_clearpktopts(struct ip6_pktopts *, int);
struct ip6_pktopts *ip6_copypktopts(struct ip6_pktopts *, int);
int ip6_optlen(struct inpcb *);
+void ip6_randomid_init(void);
+u_int32_t ip6_randomid(void);
int route6_input(struct mbuf **, int *, int);
@@ -324,7 +326,6 @@ int in6_selectroute(struct sockaddr_in6 *, struct ip6_pktopts *,
struct ip6_moptions *, struct route_in6 *, struct ifnet **,
struct rtentry **);
-u_int32_t ip6_randomid(void);
u_int32_t ip6_randomflowlabel(void);
#endif /* _KERNEL */
diff --git a/sys/nfs/krpc_subr.c b/sys/nfs/krpc_subr.c
index 39dfe6ffa59..363a837d985 100644
--- a/sys/nfs/krpc_subr.c
+++ b/sys/nfs/krpc_subr.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: krpc_subr.c,v 1.15 2008/05/23 15:51:12 thib Exp $ */
+/* $OpenBSD: krpc_subr.c,v 1.16 2008/06/09 22:47:42 djm Exp $ */
/* $NetBSD: krpc_subr.c,v 1.12.4.1 1996/06/07 00:52:26 cgd Exp $ */
/*
@@ -61,6 +61,7 @@
#include <nfs/krpc.h>
#include <nfs/xdr_subs.h>
#include <dev/rndvar.h>
+#include <crypto/idgen.h>
/*
* Kernel support for Sun RPC
@@ -115,6 +116,24 @@ struct rpc_reply {
#define MIN_REPLY_HDR 16 /* xid, dir, astat, errno */
+u_int32_t krpc_get_xid(void);
+
+/*
+ * Return an unpredictable XID.
+ */
+u_int32_t
+krpc_get_xid(void)
+{
+ static struct idgen32_ctx krpc_xid_ctx;
+ static int called = 0;
+
+ if (!called) {
+ called = 1;
+ idgen32_init(&krpc_xid_ctx);
+ }
+ return idgen32(&krpc_xid_ctx);
+}
+
/*
* What is the longest we will wait before re-sending a request?
* Note this is also the frequency of "RPC timeout" messages.
@@ -201,7 +220,6 @@ krpc_call(sa, prog, vers, func, data, from_p, retries)
struct uio auio;
int error, rcvflg, timo, secs, len;
static u_int32_t xid = 0;
- u_int32_t newxid;
int *ip;
struct timeval *tv;
@@ -299,8 +317,7 @@ krpc_call(sa, prog, vers, func, data, from_p, retries)
mhead->m_len = sizeof(*call);
bzero((caddr_t)call, sizeof(*call));
/* rpc_call part */
- while ((newxid = arc4random()) == xid);
- xid = newxid;
+ xid = krpc_get_xid();
call->rp_xid = txdr_unsigned(xid);
/* call->rp_direction = 0; */
call->rp_rpcvers = txdr_unsigned(2);
diff --git a/sys/nfs/nfs_subs.c b/sys/nfs/nfs_subs.c
index 4a685c0402c..a0388edd5d5 100644
--- a/sys/nfs/nfs_subs.c
+++ b/sys/nfs/nfs_subs.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: nfs_subs.c,v 1.74 2008/04/22 18:53:34 thib Exp $ */
+/* $OpenBSD: nfs_subs.c,v 1.75 2008/06/09 22:47:42 djm Exp $ */
/* $NetBSD: nfs_subs.c,v 1.27.4.3 1996/07/08 20:34:24 jtc Exp $ */
/*
@@ -72,6 +72,7 @@
#include <netinet/in.h>
#include <dev/rndvar.h>
+#include <crypto/idgen.h>
int nfs_attrtimeo(struct nfsnode *np);
@@ -547,6 +548,22 @@ nfsm_reqh(vp, procid, hsiz, bposp)
}
/*
+ * Return an unpredictable XID.
+ */
+u_int32_t
+nfsm_get_xid(void)
+{
+ static struct idgen32_ctx nfs_xid_ctx;
+ static int called = 0;
+
+ if (!called) {
+ called = 1;
+ idgen32_init(&nfs_xid_ctx);
+ }
+ return idgen32(&nfs_xid_ctx);
+}
+
+/*
* Build the RPC header and fill in the authorization info.
* Right now we are pretty centric around RPCAUTH_UNIX, in the
* future, this function will need some love to be able to handle
@@ -558,7 +575,6 @@ nfsm_rpchead(struct nfsreq *req, struct ucred *cr, int auth_type,
{
struct mbuf *mb;
u_int32_t *tl;
- u_int32_t xid;
caddr_t bpos;
int i, authsiz, auth_len, ngroups;
@@ -602,12 +618,7 @@ nfsm_rpchead(struct nfsreq *req, struct ucred *cr, int auth_type,
tl = nfsm_build(&mb, 6 * NFSX_UNSIGNED, &bpos);
/* Get a new (non-zero) xid */
- do {
- while ((xid = arc4random() & 0xff) == 0)
- ;
- nfs_xid += xid;
- } while (nfs_xid == 0);
-
+ nfs_xid = nfsm_get_xid();
*tl++ = req->r_xid = txdr_unsigned(nfs_xid);
*tl++ = rpc_call;
diff --git a/sys/nfs/nfs_var.h b/sys/nfs/nfs_var.h
index 7abe9411ce7..19e29c0afa2 100644
--- a/sys/nfs/nfs_var.h
+++ b/sys/nfs/nfs_var.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: nfs_var.h,v 1.35 2008/04/22 18:53:34 thib Exp $ */
+/* $OpenBSD: nfs_var.h,v 1.36 2008/06/09 22:47:42 djm Exp $ */
/* $NetBSD: nfs_var.h,v 1.3 1996/02/18 11:53:54 fvdl Exp $ */
/*
@@ -238,6 +238,7 @@ void nfsrv_cleancache(void);
/* nfs_subs.c */
struct mbuf *nfsm_reqh(struct vnode *, u_long, int, caddr_t *);
+u_int32_t nfsm_get_xid(void);
void nfsm_rpchead(struct nfsreq *, struct ucred *, int, struct mbuf *, int);
void *nfsm_build(struct mbuf **, u_int, caddr_t *);
int nfsm_mbuftouio(struct mbuf **, struct uio *, int, caddr_t *);