sys/dist/pf/netinet/tcp_rndiss.c

   1 /*      $OpenBSD: tcp_subr.c,v 1.98 2007/06/25 12:17:43 markus Exp $    */
   2 /*      $NetBSD$        */
   3
   4 /*
   5  * Copyright (c) 1982, 1986, 1988, 1990, 1993
   6  *      The Regents of the University of California.  All rights reserved.
   7  *
   8  * Redistribution and use in source and binary forms, with or without
   9  * modification, are permitted provided that the following conditions
  10  * are met:
  11  * 1. Redistributions of source code must retain the above copyright
  12  *    notice, this list of conditions and the following disclaimer.
  13  * 2. Redistributions in binary form must reproduce the above copyright
  14  *    notice, this list of conditions and the following disclaimer in the
  15  *    documentation and/or other materials provided with the distribution.
  16  * 3. Neither the name of the University nor the names of its contributors
  17  *    may be used to endorse or promote products derived from this software
  18  *    without specific prior written permission.
  19  *
  20  * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
  21  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  22  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
  23  * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
  24  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
  25  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
  26  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
  27  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
  28  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  29  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  30  * SUCH DAMAGE.
  31  *
  32  *      @(#)COPYRIGHT   1.1 (NRL) 17 January 1995
  33  *
  34  * NRL grants permission for redistribution and use in source and binary
  35  * forms, with or without modification, of the software and documentation
  36  * created at NRL provided that the following conditions are met:
  37  *
  38  * 1. Redistributions of source code must retain the above copyright
  39  *    notice, this list of conditions and the following disclaimer.
  40  * 2. Redistributions in binary form must reproduce the above copyright
  41  *    notice, this list of conditions and the following disclaimer in the
  42  *    documentation and/or other materials provided with the distribution.
  43  * 3. All advertising materials mentioning features or use of this software
  44  *    must display the following acknowledgements:
  45  *      This product includes software developed by the University of
  46  *      California, Berkeley and its contributors.
  47  *      This product includes software developed at the Information
  48  *      Technology Division, US Naval Research Laboratory.
  49  * 4. Neither the name of the NRL nor the names of its contributors
  50  *    may be used to endorse or promote products derived from this software
  51  *    without specific prior written permission.
  52  *
  53  * THE SOFTWARE PROVIDED BY NRL IS PROVIDED BY NRL AND CONTRIBUTORS ``AS
  54  * IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
  55  * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
  56  * PARTICULAR PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL NRL OR
  57  * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
  58  * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
  59  * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
  60  * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
  61  * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
  62  * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
  63  * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  64  *
  65  * The views and conclusions contained in the software and documentation
  66  * are those of the authors and should not be interpreted as representing
  67  * official policies, either expressed or implied, of the US Naval
  68  * Research Laboratory (NRL).
  69  */
  70
  71 #include <sys/cdefs.h>
  72 __KERNEL_RCSID(0, "$NetBSD$");
  73
  74 #include <sys/param.h>
  75 #include <sys/rnd.h>
  76
  77 #include <netinet/tcp.h>
  78 #include <netinet/tcp_seq.h>
  79 #include <netinet/tcp_rndiss.h>
  80
  81 #define TCP_RNDISS_ROUNDS       16
  82 #define TCP_RNDISS_OUT          7200
  83 #define TCP_RNDISS_MAX          30000
  84
  85 u_int8_t tcp_rndiss_sbox[128];
  86 u_int16_t tcp_rndiss_msb;
  87 u_int16_t tcp_rndiss_cnt;
  88 long tcp_rndiss_reseed;
  89
  90 u_int16_t
  91 tcp_rndiss_encrypt(u_int16_t val)
  92 {
  93         u_int16_t sum = 0, i;
  94
  95         for (i = 0; i < TCP_RNDISS_ROUNDS; i++) {
  96                 sum += 0x79b9;
  97                 val ^= ((u_int16_t)tcp_rndiss_sbox[(val^sum) & 0x7f]) << 7;
  98                 val = ((val & 0xff) << 7) | (val >> 8);
  99         }
 100
 101         return val;
 102 }
 103
 104 void
 105 tcp_rndiss_init(void)
 106 {
 107         rnd_extract_data(tcp_rndiss_sbox, sizeof(tcp_rndiss_sbox),
 108             RND_EXTRACT_ANY);
 109
 110         tcp_rndiss_reseed = time_second + TCP_RNDISS_OUT;
 111         tcp_rndiss_msb = tcp_rndiss_msb == 0x8000 ? 0 : 0x8000;
 112         tcp_rndiss_cnt = 0;
 113 }
 114
 115 tcp_seq
 116 tcp_rndiss_next(void)
 117 {
 118         if (tcp_rndiss_cnt >= TCP_RNDISS_MAX ||
 119             time_second > tcp_rndiss_reseed)
 120                 tcp_rndiss_init();
 121
 122         /* (arc4random() & 0x7fff) ensures a 32768 byte gap between ISS */
 123         return ((tcp_rndiss_encrypt(tcp_rndiss_cnt++) | tcp_rndiss_msb) <<16) |
 124                 (arc4random() & 0x7fff);
 125 }