lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Date:   Thu, 16 May 2019 22:43:33 -0600
From:   Cyrus Sh <sirus.shahini@...il.com>
To:     davem@...emloft.net
Cc:     shiraz.saleem@...el.com, jgg@...pe.ca, arnd@...db.de,
        netdev@...r.kernel.org, sirus@...utah.edu
Subject: [PATCH] Hirman: Clock-independent TCP ISN generation

This patch addresses the privacy issue of TCP ISN generation in Linux
kernel. Currently an adversary can deanonymize a user behind an anonymity
network by inducing a load pattern on the target machine and correlating
its clock skew with the pattern. Since the kernel adds a clock-based
counter to generated ISNs, the adversary can observe SYN packets with
similar IP and port numbers to find out the clock skew of the target
machine and this can help them identify the user.  To resolve this problem
I have changed the related function to generate the initial sequence
numbers randomly and independent from the cpu clock. This feature is
controlled by a new sysctl option called "tcp_random_isn" which I've added
to the kernel. Once enabled the initial sequence numbers are guaranteed to
be generated independently from each other and from the hardware clock of
the machine. If the option is off, ISNs are generated as before.  To get
more information about this patch and its effectiveness you can refer to my
post here:
https://cyrussh.com/?p=285
and to see a discussion about the issue you can read this:
https://trac.torproject.org/projects/tor/ticket/16659

Signed-off-by: Sirus Shahini <sirus.shahini@...il.com>
---
diff -uprN -X dontdiff a/include/net/tcp.h b/include/net/tcp.h
--- a/include/net/tcp.h	
+++ b/include/net/tcp.h	
@@ -242,6 +242,7 @@ void tcp_time_wait(struct sock *sk, int
 
 /* sysctl variables for tcp */
 extern int sysctl_tcp_max_orphans;
+extern int sysctl_tcp_random_isn;
 extern long sysctl_tcp_mem[3];
 
 #define TCP_RACK_LOSS_DETECTION  0x1 /* Use RACK to detect losses */
diff -uprN -X dontdiff a/include/uapi/linux/sysctl.h b/include/uapi/linux/sysctl.h
--- a/include/uapi/linux/sysctl.h	
+++ b/include/uapi/linux/sysctl.h	
@@ -426,6 +426,7 @@ enum
 	NET_TCP_ALLOWED_CONG_CONTROL=123,
 	NET_TCP_MAX_SSTHRESH=124,
 	NET_TCP_FRTO_RESPONSE=125,
+	NET_IPV4_TCP_RANDOM_ISN=130,
 };
 
 enum {
diff -uprN -X dontdiff a/kernel/sysctl_binary.c b/kernel/sysctl_binary.c
--- a/kernel/sysctl_binary.c	
+++ b/kernel/sysctl_binary.c	
@@ -332,6 +332,7 @@ static const struct bin_table bin_net_ip
 };
 
 static const struct bin_table bin_net_ipv4_table[] = {
+    {CTL_INT,   NET_IPV4_TCP_RANDOM_ISN     "tcp_random_isn"}
 	{CTL_INT,	NET_IPV4_FORWARD,			"ip_forward" },
 
 	{ CTL_DIR,	NET_IPV4_CONF,		"conf",		bin_net_ipv4_conf_table },
diff -uprN -X dontdiff a/net/core/secure_seq.c b/net/core/secure_seq.c
--- a/net/core/secure_seq.c	
+++ b/net/core/secure_seq.c	
@@ -22,6 +22,8 @@
 static siphash_key_t net_secret __read_mostly;
 static siphash_key_t ts_secret __read_mostly;
 
+static siphash_key_t last_secret = {{0,0}} ; 
+
 static __always_inline void net_secret_init(void)
 {
 	net_get_random_once(&net_secret, sizeof(net_secret));
@@ -133,12 +135,33 @@ u32 secure_tcp_seq(__be32 saddr, __be32
 		   __be16 sport, __be16 dport)
 {
 	u32 hash;
-
+	u32 temp;
+	
 	net_secret_init();
+	
+	if (sysctl_tcp_random_isn){
+		if (!last_secret.key[0] && !last_secret.key[1]){
+			memcpy(&last_secret,&net_secret,sizeof(last_secret));	
+					
+		}else{
+			temp = *((u32*)&(net_secret.key[0]));
+			temp >>= 8;
+			last_secret.key[0]+=temp;
+			temp = *((u32*)&(net_secret.key[1]));
+			temp >>= 8;
+			last_secret.key[1]+=temp;
+		}
+		hash = siphash_3u32((__force u32)saddr, (__force u32)daddr,
+			        (__force u32)sport << 16 | (__force u32)dport,
+			        &last_secret);
+		return hash;
+	}
+		
 	hash = siphash_3u32((__force u32)saddr, (__force u32)daddr,
 			    (__force u32)sport << 16 | (__force u32)dport,
 			    &net_secret);
 	return seq_scale(hash);
+		
 }
 EXPORT_SYMBOL_GPL(secure_tcp_seq);
 
diff -uprN -X dontdiff a/net/ipv4/sysctl_net_ipv4.c b/net/ipv4/sysctl_net_ipv4.c
--- a/net/ipv4/sysctl_net_ipv4.c	
+++ b/net/ipv4/sysctl_net_ipv4.c	
@@ -437,6 +437,13 @@ static int proc_fib_multipath_hash_polic
 #endif
 
 static struct ctl_table ipv4_table[] = {
+    {
+    	.procname	= "tcp_random_isn",
+		.data		= &sysctl_tcp_random_isn,
+		.maxlen		= sizeof(int),
+		.mode		= 0644,
+		.proc_handler	= proc_dointvec  
+    },
 	{
 		.procname	= "tcp_max_orphans",
 		.data		= &sysctl_tcp_max_orphans,
diff -uprN -X dontdiff a/net/ipv4/tcp_input.c b/net/ipv4/tcp_input.c
--- a/net/ipv4/tcp_input.c	
+++ b/net/ipv4/tcp_input.c	
@@ -80,6 +80,7 @@
 #include <linux/static_key.h>
 #include <net/busy_poll.h>
 
+int sysctl_tcp_random_isn __read_mostly = 0;
 int sysctl_tcp_max_orphans __read_mostly = NR_FILE;
 
 #define FLAG_DATA		0x01 /* Incoming frame contained data.		*/

Powered by blists - more mailing lists