* [PATCH] secure_seq: initialize secret at boot instead of at runtime
@ 2017-01-15 14:01 Jason A. Donenfeld
2017-01-15 15:37 ` Daniel Borkmann
0 siblings, 1 reply; 3+ messages in thread
From: Jason A. Donenfeld @ 2017-01-15 14:01 UTC (permalink / raw)
To: netdev, davem; +Cc: Jason A. Donenfeld
While the static key stuff is fast, it's not as fast as simply not
having any code to run. So, this patch generates the secret at
boot, rather than at runtime.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
---
I can imagine this patch not being desirable because:
a) It was done this way in the first place for a reason. (Which?)
b) __initcall is too early for get_random_bytes to return good
randomness. (Is this even true?)
c) late_initcall is too late since packets have already started
to flow. (Is this even true?)
So if one of these holds, feel free to ignore this patch. Otherwise,
it seems like it could be worthwhile.
net/core/secure_seq.c | 13 +++++--------
1 file changed, 5 insertions(+), 8 deletions(-)
diff --git a/net/core/secure_seq.c b/net/core/secure_seq.c
index 758f140b6bed..fd123f3b76c1 100644
--- a/net/core/secure_seq.c
+++ b/net/core/secure_seq.c
@@ -16,15 +16,18 @@
#include <net/secure_seq.h>
#if IS_ENABLED(CONFIG_IPV6) || IS_ENABLED(CONFIG_INET)
+#include <linux/init.h>
#include <linux/in6.h>
#include <net/tcp.h>
static siphash_key_t net_secret __read_mostly;
-static __always_inline void net_secret_init(void)
+static int net_secret_init(void)
{
- net_get_random_once(&net_secret, sizeof(net_secret));
+ get_random_bytes(&net_secret, sizeof(net_secret));
+ return 0;
}
+__initcall(net_secret_init);
#endif
#ifdef CONFIG_INET
@@ -60,7 +63,6 @@ u32 secure_tcpv6_sequence_number(const __be32 *saddr, const __be32 *daddr,
.dport = dport
};
u64 hash;
- net_secret_init();
hash = siphash(&combined, offsetofend(typeof(combined), dport),
&net_secret);
*tsoff = sysctl_tcp_timestamps == 1 ? (hash >> 32) : 0;
@@ -80,7 +82,6 @@ u32 secure_ipv6_port_ephemeral(const __be32 *saddr, const __be32 *daddr,
.daddr = *(struct in6_addr *)daddr,
.dport = dport
};
- net_secret_init();
return siphash(&combined, offsetofend(typeof(combined), dport),
&net_secret);
}
@@ -99,7 +100,6 @@ u32 secure_tcp_sequence_number(__be32 saddr, __be32 daddr,
__be16 sport, __be16 dport, u32 *tsoff)
{
u64 hash;
- net_secret_init();
hash = siphash_3u32((__force u32)saddr, (__force u32)daddr,
(__force u32)sport << 16 | (__force u32)dport,
&net_secret);
@@ -109,7 +109,6 @@ u32 secure_tcp_sequence_number(__be32 saddr, __be32 daddr,
u32 secure_ipv4_port_ephemeral(__be32 saddr, __be32 daddr, __be16 dport)
{
- net_secret_init();
return siphash_3u32((__force u32)saddr, (__force u32)daddr,
(__force u16)dport, &net_secret);
}
@@ -121,7 +120,6 @@ u64 secure_dccp_sequence_number(__be32 saddr, __be32 daddr,
__be16 sport, __be16 dport)
{
u64 seq;
- net_secret_init();
seq = siphash_3u32((__force u32)saddr, (__force u32)daddr,
(__force u32)sport << 16 | (__force u32)dport,
&net_secret);
@@ -147,7 +145,6 @@ u64 secure_dccpv6_sequence_number(__be32 *saddr, __be32 *daddr,
.dport = dport
};
u64 seq;
- net_secret_init();
seq = siphash(&combined, offsetofend(typeof(combined), dport),
&net_secret);
seq += ktime_get_real_ns();
--
2.11.0
^ permalink raw reply related [flat|nested] 3+ messages in thread
* Re: [PATCH] secure_seq: initialize secret at boot instead of at runtime
2017-01-15 14:01 [PATCH] secure_seq: initialize secret at boot instead of at runtime Jason A. Donenfeld
@ 2017-01-15 15:37 ` Daniel Borkmann
2017-01-15 15:43 ` Jason A. Donenfeld
0 siblings, 1 reply; 3+ messages in thread
From: Daniel Borkmann @ 2017-01-15 15:37 UTC (permalink / raw)
To: Jason A. Donenfeld, netdev, davem
On 01/15/2017 03:01 PM, Jason A. Donenfeld wrote:
> While the static key stuff is fast, it's not as fast as simply not
> having any code to run. So, this patch generates the secret at
> boot, rather than at runtime.
>
> Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
> ---
> I can imagine this patch not being desirable because:
>
> a) It was done this way in the first place for a reason. (Which?)
See git log:
commit aebda156a570782a86fc4426842152237a19427d
Author: Eric Dumazet <edumazet@google.com>
Date: Mon Apr 29 05:58:52 2013 +0000
net: defer net_secret[] initialization
Instead of feeding net_secret[] at boot time, defer the init
at the point first socket is created.
This permits some platforms to use better entropy sources than
the ones available at boot time.
Signed-off-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [PATCH] secure_seq: initialize secret at boot instead of at runtime
2017-01-15 15:37 ` Daniel Borkmann
@ 2017-01-15 15:43 ` Jason A. Donenfeld
0 siblings, 0 replies; 3+ messages in thread
From: Jason A. Donenfeld @ 2017-01-15 15:43 UTC (permalink / raw)
To: Daniel Borkmann; +Cc: Netdev, David Miller
On Sun, Jan 15, 2017 at 4:37 PM, Daniel Borkmann <daniel@iogearbox.net> wrote:
> commit aebda156a570782a86fc4426842152237a19427d
> Author: Eric Dumazet <edumazet@google.com>
> Date: Mon Apr 29 05:58:52 2013 +0000
>
> net: defer net_secret[] initialization
Thanks for that. Suspected as much. Should have checked the log first
myself. Makes sense.
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2017-01-15 15:43 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2017-01-15 14:01 [PATCH] secure_seq: initialize secret at boot instead of at runtime Jason A. Donenfeld
2017-01-15 15:37 ` Daniel Borkmann
2017-01-15 15:43 ` Jason A. Donenfeld
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).