1*4882a593Smuzhiyun // SPDX-License-Identifier: GPL-2.0-only
2*4882a593Smuzhiyun /*
3*4882a593Smuzhiyun * Copyright (C) 2016 Jason A. Donenfeld <Jason@zx2c4.com>. All Rights Reserved.
4*4882a593Smuzhiyun */
5*4882a593Smuzhiyun
6*4882a593Smuzhiyun #include <linux/kernel.h>
7*4882a593Smuzhiyun #include <linux/init.h>
8*4882a593Smuzhiyun #include <linux/module.h>
9*4882a593Smuzhiyun #include <linux/cache.h>
10*4882a593Smuzhiyun #include <linux/random.h>
11*4882a593Smuzhiyun #include <linux/hrtimer.h>
12*4882a593Smuzhiyun #include <linux/ktime.h>
13*4882a593Smuzhiyun #include <linux/string.h>
14*4882a593Smuzhiyun #include <linux/net.h>
15*4882a593Smuzhiyun #include <linux/siphash.h>
16*4882a593Smuzhiyun #include <net/secure_seq.h>
17*4882a593Smuzhiyun
18*4882a593Smuzhiyun #if IS_ENABLED(CONFIG_IPV6) || IS_ENABLED(CONFIG_INET)
19*4882a593Smuzhiyun #include <linux/in6.h>
20*4882a593Smuzhiyun #include <net/tcp.h>
21*4882a593Smuzhiyun
22*4882a593Smuzhiyun static siphash_key_t net_secret __read_mostly;
23*4882a593Smuzhiyun static siphash_key_t ts_secret __read_mostly;
24*4882a593Smuzhiyun
25*4882a593Smuzhiyun #define EPHEMERAL_PORT_SHUFFLE_PERIOD (10 * HZ)
26*4882a593Smuzhiyun
net_secret_init(void)27*4882a593Smuzhiyun static __always_inline void net_secret_init(void)
28*4882a593Smuzhiyun {
29*4882a593Smuzhiyun net_get_random_once(&net_secret, sizeof(net_secret));
30*4882a593Smuzhiyun }
31*4882a593Smuzhiyun
ts_secret_init(void)32*4882a593Smuzhiyun static __always_inline void ts_secret_init(void)
33*4882a593Smuzhiyun {
34*4882a593Smuzhiyun net_get_random_once(&ts_secret, sizeof(ts_secret));
35*4882a593Smuzhiyun }
36*4882a593Smuzhiyun #endif
37*4882a593Smuzhiyun
38*4882a593Smuzhiyun #ifdef CONFIG_INET
seq_scale(u32 seq)39*4882a593Smuzhiyun static u32 seq_scale(u32 seq)
40*4882a593Smuzhiyun {
41*4882a593Smuzhiyun /*
42*4882a593Smuzhiyun * As close as possible to RFC 793, which
43*4882a593Smuzhiyun * suggests using a 250 kHz clock.
44*4882a593Smuzhiyun * Further reading shows this assumes 2 Mb/s networks.
45*4882a593Smuzhiyun * For 10 Mb/s Ethernet, a 1 MHz clock is appropriate.
46*4882a593Smuzhiyun * For 10 Gb/s Ethernet, a 1 GHz clock should be ok, but
47*4882a593Smuzhiyun * we also need to limit the resolution so that the u32 seq
48*4882a593Smuzhiyun * overlaps less than one time per MSL (2 minutes).
49*4882a593Smuzhiyun * Choosing a clock of 64 ns period is OK. (period of 274 s)
50*4882a593Smuzhiyun */
51*4882a593Smuzhiyun return seq + (ktime_get_real_ns() >> 6);
52*4882a593Smuzhiyun }
53*4882a593Smuzhiyun #endif
54*4882a593Smuzhiyun
55*4882a593Smuzhiyun #if IS_ENABLED(CONFIG_IPV6)
secure_tcpv6_ts_off(const struct net * net,const __be32 * saddr,const __be32 * daddr)56*4882a593Smuzhiyun u32 secure_tcpv6_ts_off(const struct net *net,
57*4882a593Smuzhiyun const __be32 *saddr, const __be32 *daddr)
58*4882a593Smuzhiyun {
59*4882a593Smuzhiyun const struct {
60*4882a593Smuzhiyun struct in6_addr saddr;
61*4882a593Smuzhiyun struct in6_addr daddr;
62*4882a593Smuzhiyun } __aligned(SIPHASH_ALIGNMENT) combined = {
63*4882a593Smuzhiyun .saddr = *(struct in6_addr *)saddr,
64*4882a593Smuzhiyun .daddr = *(struct in6_addr *)daddr,
65*4882a593Smuzhiyun };
66*4882a593Smuzhiyun
67*4882a593Smuzhiyun if (READ_ONCE(net->ipv4.sysctl_tcp_timestamps) != 1)
68*4882a593Smuzhiyun return 0;
69*4882a593Smuzhiyun
70*4882a593Smuzhiyun ts_secret_init();
71*4882a593Smuzhiyun return siphash(&combined, offsetofend(typeof(combined), daddr),
72*4882a593Smuzhiyun &ts_secret);
73*4882a593Smuzhiyun }
74*4882a593Smuzhiyun EXPORT_SYMBOL(secure_tcpv6_ts_off);
75*4882a593Smuzhiyun
secure_tcpv6_seq(const __be32 * saddr,const __be32 * daddr,__be16 sport,__be16 dport)76*4882a593Smuzhiyun u32 secure_tcpv6_seq(const __be32 *saddr, const __be32 *daddr,
77*4882a593Smuzhiyun __be16 sport, __be16 dport)
78*4882a593Smuzhiyun {
79*4882a593Smuzhiyun const struct {
80*4882a593Smuzhiyun struct in6_addr saddr;
81*4882a593Smuzhiyun struct in6_addr daddr;
82*4882a593Smuzhiyun __be16 sport;
83*4882a593Smuzhiyun __be16 dport;
84*4882a593Smuzhiyun } __aligned(SIPHASH_ALIGNMENT) combined = {
85*4882a593Smuzhiyun .saddr = *(struct in6_addr *)saddr,
86*4882a593Smuzhiyun .daddr = *(struct in6_addr *)daddr,
87*4882a593Smuzhiyun .sport = sport,
88*4882a593Smuzhiyun .dport = dport
89*4882a593Smuzhiyun };
90*4882a593Smuzhiyun u32 hash;
91*4882a593Smuzhiyun
92*4882a593Smuzhiyun net_secret_init();
93*4882a593Smuzhiyun hash = siphash(&combined, offsetofend(typeof(combined), dport),
94*4882a593Smuzhiyun &net_secret);
95*4882a593Smuzhiyun return seq_scale(hash);
96*4882a593Smuzhiyun }
97*4882a593Smuzhiyun EXPORT_SYMBOL(secure_tcpv6_seq);
98*4882a593Smuzhiyun
secure_ipv6_port_ephemeral(const __be32 * saddr,const __be32 * daddr,__be16 dport)99*4882a593Smuzhiyun u64 secure_ipv6_port_ephemeral(const __be32 *saddr, const __be32 *daddr,
100*4882a593Smuzhiyun __be16 dport)
101*4882a593Smuzhiyun {
102*4882a593Smuzhiyun const struct {
103*4882a593Smuzhiyun struct in6_addr saddr;
104*4882a593Smuzhiyun struct in6_addr daddr;
105*4882a593Smuzhiyun unsigned int timeseed;
106*4882a593Smuzhiyun __be16 dport;
107*4882a593Smuzhiyun } __aligned(SIPHASH_ALIGNMENT) combined = {
108*4882a593Smuzhiyun .saddr = *(struct in6_addr *)saddr,
109*4882a593Smuzhiyun .daddr = *(struct in6_addr *)daddr,
110*4882a593Smuzhiyun .timeseed = jiffies / EPHEMERAL_PORT_SHUFFLE_PERIOD,
111*4882a593Smuzhiyun .dport = dport,
112*4882a593Smuzhiyun };
113*4882a593Smuzhiyun net_secret_init();
114*4882a593Smuzhiyun return siphash(&combined, offsetofend(typeof(combined), dport),
115*4882a593Smuzhiyun &net_secret);
116*4882a593Smuzhiyun }
117*4882a593Smuzhiyun EXPORT_SYMBOL(secure_ipv6_port_ephemeral);
118*4882a593Smuzhiyun #endif
119*4882a593Smuzhiyun
120*4882a593Smuzhiyun #ifdef CONFIG_INET
secure_tcp_ts_off(const struct net * net,__be32 saddr,__be32 daddr)121*4882a593Smuzhiyun u32 secure_tcp_ts_off(const struct net *net, __be32 saddr, __be32 daddr)
122*4882a593Smuzhiyun {
123*4882a593Smuzhiyun if (READ_ONCE(net->ipv4.sysctl_tcp_timestamps) != 1)
124*4882a593Smuzhiyun return 0;
125*4882a593Smuzhiyun
126*4882a593Smuzhiyun ts_secret_init();
127*4882a593Smuzhiyun return siphash_2u32((__force u32)saddr, (__force u32)daddr,
128*4882a593Smuzhiyun &ts_secret);
129*4882a593Smuzhiyun }
130*4882a593Smuzhiyun
131*4882a593Smuzhiyun /* secure_tcp_seq_and_tsoff(a, b, 0, d) == secure_ipv4_port_ephemeral(a, b, d),
132*4882a593Smuzhiyun * but fortunately, `sport' cannot be 0 in any circumstances. If this changes,
133*4882a593Smuzhiyun * it would be easy enough to have the former function use siphash_4u32, passing
134*4882a593Smuzhiyun * the arguments as separate u32.
135*4882a593Smuzhiyun */
secure_tcp_seq(__be32 saddr,__be32 daddr,__be16 sport,__be16 dport)136*4882a593Smuzhiyun u32 secure_tcp_seq(__be32 saddr, __be32 daddr,
137*4882a593Smuzhiyun __be16 sport, __be16 dport)
138*4882a593Smuzhiyun {
139*4882a593Smuzhiyun u32 hash;
140*4882a593Smuzhiyun
141*4882a593Smuzhiyun net_secret_init();
142*4882a593Smuzhiyun hash = siphash_3u32((__force u32)saddr, (__force u32)daddr,
143*4882a593Smuzhiyun (__force u32)sport << 16 | (__force u32)dport,
144*4882a593Smuzhiyun &net_secret);
145*4882a593Smuzhiyun return seq_scale(hash);
146*4882a593Smuzhiyun }
147*4882a593Smuzhiyun EXPORT_SYMBOL_GPL(secure_tcp_seq);
148*4882a593Smuzhiyun
secure_ipv4_port_ephemeral(__be32 saddr,__be32 daddr,__be16 dport)149*4882a593Smuzhiyun u64 secure_ipv4_port_ephemeral(__be32 saddr, __be32 daddr, __be16 dport)
150*4882a593Smuzhiyun {
151*4882a593Smuzhiyun net_secret_init();
152*4882a593Smuzhiyun return siphash_4u32((__force u32)saddr, (__force u32)daddr,
153*4882a593Smuzhiyun (__force u16)dport,
154*4882a593Smuzhiyun jiffies / EPHEMERAL_PORT_SHUFFLE_PERIOD,
155*4882a593Smuzhiyun &net_secret);
156*4882a593Smuzhiyun }
157*4882a593Smuzhiyun EXPORT_SYMBOL_GPL(secure_ipv4_port_ephemeral);
158*4882a593Smuzhiyun #endif
159*4882a593Smuzhiyun
160*4882a593Smuzhiyun #if IS_ENABLED(CONFIG_IP_DCCP)
secure_dccp_sequence_number(__be32 saddr,__be32 daddr,__be16 sport,__be16 dport)161*4882a593Smuzhiyun u64 secure_dccp_sequence_number(__be32 saddr, __be32 daddr,
162*4882a593Smuzhiyun __be16 sport, __be16 dport)
163*4882a593Smuzhiyun {
164*4882a593Smuzhiyun u64 seq;
165*4882a593Smuzhiyun net_secret_init();
166*4882a593Smuzhiyun seq = siphash_3u32((__force u32)saddr, (__force u32)daddr,
167*4882a593Smuzhiyun (__force u32)sport << 16 | (__force u32)dport,
168*4882a593Smuzhiyun &net_secret);
169*4882a593Smuzhiyun seq += ktime_get_real_ns();
170*4882a593Smuzhiyun seq &= (1ull << 48) - 1;
171*4882a593Smuzhiyun return seq;
172*4882a593Smuzhiyun }
173*4882a593Smuzhiyun EXPORT_SYMBOL(secure_dccp_sequence_number);
174*4882a593Smuzhiyun
175*4882a593Smuzhiyun #if IS_ENABLED(CONFIG_IPV6)
secure_dccpv6_sequence_number(__be32 * saddr,__be32 * daddr,__be16 sport,__be16 dport)176*4882a593Smuzhiyun u64 secure_dccpv6_sequence_number(__be32 *saddr, __be32 *daddr,
177*4882a593Smuzhiyun __be16 sport, __be16 dport)
178*4882a593Smuzhiyun {
179*4882a593Smuzhiyun const struct {
180*4882a593Smuzhiyun struct in6_addr saddr;
181*4882a593Smuzhiyun struct in6_addr daddr;
182*4882a593Smuzhiyun __be16 sport;
183*4882a593Smuzhiyun __be16 dport;
184*4882a593Smuzhiyun } __aligned(SIPHASH_ALIGNMENT) combined = {
185*4882a593Smuzhiyun .saddr = *(struct in6_addr *)saddr,
186*4882a593Smuzhiyun .daddr = *(struct in6_addr *)daddr,
187*4882a593Smuzhiyun .sport = sport,
188*4882a593Smuzhiyun .dport = dport
189*4882a593Smuzhiyun };
190*4882a593Smuzhiyun u64 seq;
191*4882a593Smuzhiyun net_secret_init();
192*4882a593Smuzhiyun seq = siphash(&combined, offsetofend(typeof(combined), dport),
193*4882a593Smuzhiyun &net_secret);
194*4882a593Smuzhiyun seq += ktime_get_real_ns();
195*4882a593Smuzhiyun seq &= (1ull << 48) - 1;
196*4882a593Smuzhiyun return seq;
197*4882a593Smuzhiyun }
198*4882a593Smuzhiyun EXPORT_SYMBOL(secure_dccpv6_sequence_number);
199*4882a593Smuzhiyun #endif
200*4882a593Smuzhiyun #endif
201