1 /*        $OpenBSD: tcp_subr.c,v 1.98 2007/06/25 12:17:43 markus Exp $          */
2 /*        $NetBSD: tcp_rndiss.c,v 1.4 2011/12/17 20:05:39 tls Exp $   */
3 
4 /*
5  * Copyright (c) 1982, 1986, 1988, 1990, 1993
6  *        The Regents of the University of California.  All rights reserved.
7  *
8  * Redistribution and use in source and binary forms, with or without
9  * modification, are permitted provided that the following conditions
10  * are met:
11  * 1. Redistributions of source code must retain the above copyright
12  *    notice, this list of conditions and the following disclaimer.
13  * 2. Redistributions in binary form must reproduce the above copyright
14  *    notice, this list of conditions and the following disclaimer in the
15  *    documentation and/or other materials provided with the distribution.
16  * 3. Neither the name of the University nor the names of its contributors
17  *    may be used to endorse or promote products derived from this software
18  *    without specific prior written permission.
19  *
20  * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
21  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
22  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
23  * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
24  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
25  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
26  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
27  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
28  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
29  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
30  * SUCH DAMAGE.
31  *
32  *        @(#)COPYRIGHT       1.1 (NRL) 17 January 1995
33  *
34  * NRL grants permission for redistribution and use in source and binary
35  * forms, with or without modification, of the software and documentation
36  * created at NRL provided that the following conditions are met:
37  *
38  * 1. Redistributions of source code must retain the above copyright
39  *    notice, this list of conditions and the following disclaimer.
40  * 2. Redistributions in binary form must reproduce the above copyright
41  *    notice, this list of conditions and the following disclaimer in the
42  *    documentation and/or other materials provided with the distribution.
43  * 3. All advertising materials mentioning features or use of this software
44  *    must display the following acknowledgements:
45  *        This product includes software developed by the University of
46  *        California, Berkeley and its contributors.
47  *        This product includes software developed at the Information
48  *        Technology Division, US Naval Research Laboratory.
49  * 4. Neither the name of the NRL nor the names of its contributors
50  *    may be used to endorse or promote products derived from this software
51  *    without specific prior written permission.
52  *
53  * THE SOFTWARE PROVIDED BY NRL IS PROVIDED BY NRL AND CONTRIBUTORS ``AS
54  * IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
55  * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
56  * PARTICULAR PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL NRL OR
57  * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
58  * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
59  * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
60  * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
61  * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
62  * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
63  * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
64  *
65  * The views and conclusions contained in the software and documentation
66  * are those of the authors and should not be interpreted as representing
67  * official policies, either expressed or implied, of the US Naval
68  * Research Laboratory (NRL).
69  */
70 
71 #include <sys/cdefs.h>
72 __KERNEL_RCSID(0, "$NetBSD: tcp_rndiss.c,v 1.4 2011/12/17 20:05:39 tls Exp $");
73 
74 #include <sys/param.h>
75 #include <sys/cprng.h>
76 
77 #include <netinet/tcp.h>
78 #include <netinet/tcp_seq.h>
79 #include <netinet/tcp_rndiss.h>
80 
81 #define TCP_RNDISS_ROUNDS     16
82 #define TCP_RNDISS_OUT                  7200
83 #define TCP_RNDISS_MAX                  30000
84 
85 u_int8_t tcp_rndiss_sbox[128];
86 u_int16_t tcp_rndiss_msb;
87 u_int16_t tcp_rndiss_cnt;
88 long tcp_rndiss_reseed;
89 
90 u_int16_t
tcp_rndiss_encrypt(u_int16_t val)91 tcp_rndiss_encrypt(u_int16_t val)
92 {
93           u_int16_t sum = 0, i;
94 
95           for (i = 0; i < TCP_RNDISS_ROUNDS; i++) {
96                     sum += 0x79b9;
97                     val ^= ((u_int16_t)tcp_rndiss_sbox[(val^sum) & 0x7f]) << 7;
98                     val = ((val & 0xff) << 7) | (val >> 8);
99           }
100 
101           return val;
102 }
103 
104 void
tcp_rndiss_init(void)105 tcp_rndiss_init(void)
106 {
107           cprng_strong(kern_cprng, tcp_rndiss_sbox, sizeof(tcp_rndiss_sbox), 0);
108 
109           tcp_rndiss_reseed = time_second + TCP_RNDISS_OUT;
110           tcp_rndiss_msb = tcp_rndiss_msb == 0x8000 ? 0 : 0x8000;
111           tcp_rndiss_cnt = 0;
112 }
113 
114 tcp_seq
tcp_rndiss_next(void)115 tcp_rndiss_next(void)
116 {
117         if (tcp_rndiss_cnt >= TCP_RNDISS_MAX ||
118               time_second > tcp_rndiss_reseed)
119                     tcp_rndiss_init();
120 
121           /* (arc4random() & 0x7fff) ensures a 32768 byte gap between ISS */
122           return ((tcp_rndiss_encrypt(tcp_rndiss_cnt++) | tcp_rndiss_msb) <<16) |
123                     (cprng_fast32() & 0x7fff);
124 }
125