[PATCH 10/12] random pt4: Simplify and shrink syncookie code

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Matt Mackall <mpm@selenic.com>
To: Andrew Morton <akpm@osdl.org>, "Theodore Ts'o" <tytso@mit.edu>
Cc: linux-kernel@vger.kernel.org
Subject: [PATCH 10/12] random pt4: Simplify and shrink syncookie code
Date: Fri, 21 Jan 2005 15:41:08 -0600	[thread overview]
Message-ID: <11.314297600@selenic.com> (raw)
In-Reply-To: <10.314297600@selenic.com>

Simplify syncookie initialization
Refactor syncookie code with separate hash function

Signed-off-by: Matt Mackall <mpm@selenic.com>

Index: rnd2/drivers/char/random.c
===================================================================
--- rnd2.orig/drivers/char/random.c	2005-01-20 10:12:26.633652402 -0800
+++ rnd2/drivers/char/random.c	2005-01-20 10:16:13.830687244 -0800
@@ -366,6 +366,10 @@
  * hash; hash collisions will occur no more often than chance.
  */
 
+#ifdef CONFIG_SYN_COOKIES
+static __u32 syncookie_secret[2][16-3+SHA_WORKSPACE_WORDS];
+#endif
+
 /*
  * Static global variables
  */
@@ -897,6 +901,9 @@
 	init_std_data(&input_pool);
 	init_std_data(&blocking_pool);
 	init_std_data(&nonblocking_pool);
+#ifdef CONFIG_SYN_COOKIES
+	get_random_bytes(syncookie_secret, sizeof(syncookie_secret));
+#endif
 	return 0;
 }
 module_init(rand_initialize);
@@ -1583,23 +1590,24 @@
 #define COOKIEBITS 24	/* Upper bits store count */
 #define COOKIEMASK (((__u32)1 << COOKIEBITS) - 1)
 
-static int syncookie_init;
-static __u32 syncookie_secret[2][16-3+SHA_DIGEST_WORDS];
-
-__u32 secure_tcp_syn_cookie(__u32 saddr, __u32 daddr, __u16 sport,
-		__u16 dport, __u32 sseq, __u32 count, __u32 data)
+static u32 cookie_hash(u32 saddr, u32 daddr, u32 sport, u32 dport,
+		       u32 count, int c)
 {
 	__u32 tmp[16 + 5 + SHA_WORKSPACE_WORDS];
-	__u32 seq;
 
-	/*
-	 * Pick two random secrets the first time we need a cookie.
-	 */
-	if (syncookie_init == 0) {
-		get_random_bytes(syncookie_secret, sizeof(syncookie_secret));
-		syncookie_init = 1;
-	}
+	memcpy(tmp + 3, syncookie_secret[c], sizeof(syncookie_secret[c]));
+	tmp[0] = saddr;
+	tmp[1] = daddr;
+	tmp[2] = (sport << 16) + dport;
+	tmp[3] = count;
+	sha_transform(tmp + 16, tmp);
 
+	return tmp[17];
+}
+
+__u32 secure_tcp_syn_cookie(__u32 saddr, __u32 daddr, __u16 sport,
+		__u16 dport, __u32 sseq, __u32 count, __u32 data)
+{
 	/*
 	 * Compute the secure sequence number.
 	 * The output should be:
@@ -1611,22 +1619,10 @@
 	 * MSS into the second hash value.
 	 */
 
-	memcpy(tmp + 3, syncookie_secret[0], sizeof(syncookie_secret[0]));
-	tmp[0]=saddr;
-	tmp[1]=daddr;
-	tmp[2]=(sport << 16) + dport;
-	sha_transform(tmp+16, (__u8 *)tmp, tmp + 16 + 5);
-	seq = tmp[17] + sseq + (count << COOKIEBITS);
-
-	memcpy(tmp + 3, syncookie_secret[1], sizeof(syncookie_secret[1]));
-	tmp[0]=saddr;
-	tmp[1]=daddr;
-	tmp[2]=(sport << 16) + dport;
-	tmp[3] = count;	/* minute counter */
-	sha_transform(tmp + 16, (__u8 *)tmp, tmp + 16 + 5);
-
-	/* Add in the second hash and the data */
-	return seq + ((tmp[17] + data) & COOKIEMASK);
+	return (cookie_hash(saddr, daddr, sport, dport, 0, 0) +
+		sseq + (count << COOKIEBITS) +
+		((cookie_hash(saddr, daddr, sport, dport, count, 1) + data)
+		 & COOKIEMASK));
 }
 
 /*
@@ -1641,33 +1637,19 @@
 __u32 check_tcp_syn_cookie(__u32 cookie, __u32 saddr, __u32 daddr, __u16 sport,
 		__u16 dport, __u32 sseq, __u32 count, __u32 maxdiff)
 {
-	__u32 tmp[16 + 5 + SHA_WORKSPACE_WORDS];
 	__u32 diff;
 
-	if (syncookie_init == 0)
-		return (__u32)-1; /* Well, duh! */
-
 	/* Strip away the layers from the cookie */
-	memcpy(tmp + 3, syncookie_secret[0], sizeof(syncookie_secret[0]));
-	tmp[0]=saddr;
-	tmp[1]=daddr;
-	tmp[2]=(sport << 16) + dport;
-	sha_transform(tmp + 16, (__u8 *)tmp, tmp + 16 + 5);
-	cookie -= tmp[17] + sseq;
-	/* Cookie is now reduced to (count * 2^24) ^ (hash % 2^24) */
+	cookie -= cookie_hash(saddr, daddr, sport, dport, 0, 0) + sseq;
 
+	/* Cookie is now reduced to (count * 2^24) ^ (hash % 2^24) */
 	diff = (count - (cookie >> COOKIEBITS)) & ((__u32)-1 >> COOKIEBITS);
 	if (diff >= maxdiff)
 		return (__u32)-1;
 
-	memcpy(tmp+3, syncookie_secret[1], sizeof(syncookie_secret[1]));
-	tmp[0] = saddr;
-	tmp[1] = daddr;
-	tmp[2] = (sport << 16) + dport;
-	tmp[3] = count - diff;	/* minute counter */
-	sha_transform(tmp + 16, tmp);
-
-	return (cookie - tmp[17]) & COOKIEMASK;	/* Leaving the data behind */
+	return (cookie -
+		cookie_hash(saddr, daddr, sport, dport, count - diff, 1))
+		& COOKIEMASK;	/* Leaving the data behind */
 }
 #endif
 #endif /* CONFIG_INET */

next prev parent reply	other threads:[~2005-01-21 22:02 UTC|newest]

Thread overview: 24+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2005-01-21 21:41 [PATCH 0/12] random pt4: Moving and sharing code Matt Mackall
2005-01-21 21:41 ` [PATCH 1/12] random pt4: Create new rol32/ror32 bitops Matt Mackall
2005-01-21 21:41   ` [PATCH 2/12] random pt4: Use them throughout the tree Matt Mackall
2005-01-21 21:41     ` [PATCH 3/12] random pt4: Kill the SHA variants Matt Mackall
2005-01-21 21:41       ` [PATCH 4/12] random pt4: Cleanup SHA interface Matt Mackall
2005-01-21 21:41         ` [PATCH 5/12] random pt4: Move SHA code to lib/ Matt Mackall
2005-01-21 21:41           ` [PATCH 6/12] random pt4: Replace SHA with faster version Matt Mackall
2005-01-21 21:41             ` [PATCH 7/12] random pt4: Update cryptolib to use SHA fro lib Matt Mackall
2005-01-21 21:41               ` [PATCH 8/12] random pt4: Move halfmd4 to lib Matt Mackall
2005-01-21 21:41                 ` [PATCH 9/12] random pt4: Kill duplicate halfmd4 in ext3 htree Matt Mackall
2005-01-21 21:41                   ` Matt Mackall [this message]
2005-01-21 21:41                     ` [PATCH 11/12] random pt4: Move syncookies to net/ Matt Mackall
2005-01-21 21:41                       ` [PATCH 12/12] random pt4: Move other tcp/ip bits " Matt Mackall
2005-01-26  1:33               ` [PATCH 7/12] random pt4: Update cryptolib to use SHA fro lib Lee Revell
2005-01-26  1:42                 ` Matt Mackall
2005-01-25 21:07             ` [PATCH 6/12] random pt4: Replace SHA with faster version Denis Vlasenko
2005-01-25 21:14               ` Matt Mackall
2005-01-25 21:31                 ` Denis Vlasenko
2005-01-25 21:50                   ` [PATCH] SHA1 clarify kerneldoc Matt Mackall
2005-01-27 18:22                     ` Bill Davidsen
2005-01-27 19:28                       ` Matt Mackall
2005-01-25 20:49         ` [PATCH 4/12] random pt4: Cleanup SHA interface Denis Vlasenko
2005-01-25 21:01           ` Matt Mackall
2005-01-25 21:02   ` [PATCH 1/12] random pt4: Create new rol32/ror32 bitops Denis Vlasenko

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=11.314297600@selenic.com \
    --to=mpm@selenic.com \
    --cc=akpm@osdl.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=tytso@mit.edu \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.