lwip_tcp_isn.c

00001 /**
00002  * @file
00003  *
00004  * Reference implementation of the TCP ISN algorithm standardized in RFC 6528.
00005  * Produce TCP Initial Sequence Numbers by combining an MD5-generated hash
00006  * based on the new TCP connection's identity and a stable secret, with the
00007  * current time at 4-microsecond granularity.
00008  *
00009  * Specifically, the implementation uses MD5 to compute a hash of the input
00010  * buffer, which contains both the four-tuple of the new TCP connection (local
00011  * and remote IP address and port), as well as a 16-byte secret to make the
00012  * results unpredictable to external parties.  The secret must be given at
00013  * initialization time and should ideally remain the same across system
00014  * reboots.  To be sure: the spoofing-resistance of the resulting ISN depends
00015  * mainly on the strength of the supplied secret!
00016  *
00017  * The implementation takes 32 bits from the computed hash, and adds to it the
00018  * current time, in 4-microsecond units.  The current time is computed from a
00019  * boot time given at initialization, and the current uptime as provided by
00020  * sys_now().  Thus, it assumes that sys_now() returns a time value that is
00021  * relative to the boot time, i.e., that it starts at 0 at system boot, and
00022  * only ever increases monotonically.
00023  *
00024  * For efficiency reasons, a single MD5 input buffer is used, and partially
00025  * filled in at initialization time.  Specifically, of this 64-byte buffer, the
00026  * first 36 bytes are used for the four-way TCP tuple data, followed by the
00027  * 16-byte secret, followed by 12-byte zero padding.  The 64-byte size of the
00028  * buffer should achieve the best performance for the actual MD5 computation.
00029  *
00030  * Basic usage:
00031  *
00032  * 1. in your lwipopts.h, add the following lines:
00033  *
00034  *    #include <lwip/arch.h>
00035  *    struct ip_addr;
00036  *    u32_t lwip_hook_tcp_isn(const struct ip_addr *local_ip, u16_t local_port,
00037  *      const struct ip_addr *remote_ip, u16_t remote_port);
00038  *   "#define LWIP_HOOK_TCP_ISN lwip_hook_tcp_isn";
00039  *
00040  * 2. from your own code, call lwip_init_tcp_isn() at initialization time, with
00041  *    appropriate parameters.
00042  */
00043 
00044 /*
00045  * Copyright (c) 2016 The MINIX 3 Project.
00046  * All rights reserved.
00047  *
00048  * Redistribution and use in source and binary forms, with or without modification,
00049  * are permitted provided that the following conditions are met:
00050  *
00051  * 1. Redistributions of source code must retain the above copyright notice,
00052  *    this list of conditions and the following disclaimer.
00053  * 2. Redistributions in binary form must reproduce the above copyright notice,
00054  *    this list of conditions and the following disclaimer in the documentation
00055  *    and/or other materials provided with the distribution.
00056  * 3. The name of the author may not be used to endorse or promote products
00057  *    derived from this software without specific prior written permission.
00058  *
00059  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED
00060  * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
00061  * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT
00062  * SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
00063  * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT
00064  * OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
00065  * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
00066  * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING
00067  * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY
00068  * OF SUCH DAMAGE.
00069  *
00070  * Author: David van Moolenbroek <david@minix3.org>
00071  */
00072 
00073 #include "lwip/opt.h"
00074 #include "lwip/ip_addr.h"
00075 #include "lwip/sys.h"
00076 #include <string.h>
00077 
00078 #if !LWIP_USE_EXTERNAL_MBEDTLS
00079 
00080 #include "polarssl/md5.h"
00081 
00082 #define MD5_context md5_context
00083 #define MD5_init(context)
00084 #define MD5_starts md5_starts
00085 #define MD5_update md5_update
00086 #define MD5_finish md5_finish
00087 #define MD5_free(context)
00088 
00089 #endif /* !LWIP_USE_EXTERNAL_MBEDTLS */
00090 
00091 /*
00092  * Map hashes and ciphers functions to mbed TLS
00093  */
00094 #if LWIP_USE_EXTERNAL_MBEDTLS
00095 
00096 #include "mbedtls/md5.h"
00097 
00098 #define MD5_context mbedtls_md5_context
00099 #define MD5_init mbedtls_md5_init
00100 #define MD5_starts mbedtls_md5_starts
00101 #define MD5_update mbedtls_md5_update
00102 #define MD5_finish mbedtls_md5_finish
00103 #define MD5_free mbedtls_md5_free
00104 
00105 #endif /* LWIP_USE_EXTERNAL_MBEDTLS */
00106 
00107 static u8_t input[64];
00108 static u32_t base_time;
00109 
00110 /**
00111  * Initialize the TCP ISN module, with the boot time and a secret.
00112  *
00113  * @param boot_time Wall clock boot time of the system, in seconds.
00114  * @param secret_16_bytes A 16-byte secret used to randomize the TCP ISNs.
00115  */
00116 void
00117 lwip_init_tcp_isn(u32_t boot_time, const u8_t *secret_16_bytes)
00118 {
00119   /* Initialize the input buffer with the secret and trailing zeroes. */
00120   memset(input, 0, sizeof(input));
00121 
00122   MEMCPY(&input[36], secret_16_bytes, 16);
00123 
00124   /* Save the boot time in 4-us units. Overflow is no problem here. */
00125   base_time = boot_time * 250000;
00126 }
00127 
00128 /**
00129  * Hook to generate an Initial Sequence Number (ISN) for a new TCP connection.
00130  *
00131  * @param local_ip The local IP address.
00132  * @param local_port The local port number, in host-byte order.
00133  * @param remote_ip The remote IP address.
00134  * @param remote_port The remote port number, in host-byte order.
00135  * @return The ISN to use for the new TCP connection.
00136  */
00137 
00138 u32_t
00139 lwip_hook_tcp_isn(const void *local_ip_ptr, u16_t local_port,
00140         const void *remote_ip_ptr, u16_t remote_port)
00141 {
00142   MD5_context ctx;
00143   u8_t output[16];
00144   u32_t isn;
00145   const ip_addr_t *local_ip = local_ip_ptr;
00146   const ip_addr_t *remote_ip = remote_ip_ptr;
00147 
00148 #if LWIP_IPV4 && LWIP_IPV6
00149   if (IP_IS_V6(local_ip))
00150 #endif /* LWIP_IPV4 && LWIP_IPV6 */
00151 #if LWIP_IPV6
00152   {
00153     const ip6_addr_t *local_ip6, *remote_ip6;
00154 
00155     local_ip6  = ip_2_ip6(local_ip);
00156     remote_ip6 = ip_2_ip6(remote_ip);
00157 
00158     SMEMCPY(&input[0],  &local_ip6->addr,  16);
00159     SMEMCPY(&input[16], &remote_ip6->addr, 16);
00160   }
00161 #endif /* LWIP_IPV6 */
00162 #if LWIP_IPV4 && LWIP_IPV6
00163   else
00164 #endif /* LWIP_IPV4 && LWIP_IPV6 */
00165 #if LWIP_IPV4
00166   {
00167     const ip4_addr_t *local_ip4, *remote_ip4;
00168 
00169     local_ip4  = ip_2_ip4(local_ip);
00170     remote_ip4 = ip_2_ip4(remote_ip);
00171 
00172     /* Represent IPv4 addresses as IPv4-mapped IPv6 addresses, to ensure that
00173      * the IPv4 and IPv6 address spaces are completely disjoint. */
00174     memset(&input[0], 0, 10);
00175     input[10] = 0xff;
00176     input[11] = 0xff;
00177     SMEMCPY(&input[12], &local_ip4->addr, 4);
00178     memset(&input[16], 0, 10);
00179     input[26] = 0xff;
00180     input[27] = 0xff;
00181     SMEMCPY(&input[28], &remote_ip4->addr, 4);
00182   }
00183 #endif /* LWIP_IPV4 */
00184 
00185   input[32] = local_port >> 8;
00186   input[33] = local_port & 0xff;
00187   input[34] = remote_port >> 8;
00188   input[35] = remote_port & 0xff;
00189 
00190   /* The secret and padding are already filled in. */
00191   /* Generate the hash, using MD5. */
00192   MD5_init(&ctx);
00193   MD5_starts(&ctx);
00194   MD5_update(&ctx, input, sizeof(input));
00195   MD5_finish(&ctx, output);
00196   MD5_free(&ctx);
00197 
00198   /* Arbitrarily take the first 32 bits from the generated hash. */
00199   MEMCPY(&isn, output, sizeof(isn));
00200 
00201   /* Add the current time in 4-microsecond units. */
00202   return isn + base_time + sys_now() * 250;
00203 }