[lwip-users] Re: [lwip] Module for secure TCP sequence number generation

[John C. Toman]

Paul,

Thanks, I'll take a good look at this. One problem I can see right now 
is that some compilers (the Rabbit 2k/3k one included) don't support the 
"long long", but that can emulated with more code.

I do think this or something like this should be in lwIP, particularly 
if devices are exposed to the internet.

Regards,

John

Paul Sheer wrote:

>Here is some code that uses a Galois Field as a hash
>function. These envolve calculation of ((g**n) mod p),
>and are hence very slow. but the code is really simple
>and small. The ISN algorithm is very close to Linux's.
>
>comments welcome
>
>--
>
>Summary:
>
>extern u32_t MHz_clock_counter;
>
>static u32_t qe2 (u32_t x, u32_t y, u32_t n)
>{
>    long long s = 1, t = x, u = y;
>    while (u) {
>       if (u & 1) s = (s * t) % n;
>       u >>= 1;
>       t = (t * t) % n; }
>    return (u32_t) s;
>}
>
>#define hash1(x)       qe2 (MY_G1, (x), MY_PRIME1)
>#define hash2(x)       qe2 (MY_G2, (x), MY_PRIME2)
>#define hash3(x)       qe2 (MY_G3, (x), MY_PRIME3)
>
>/* local_addr ignored for now */
>u32_t tcp_next_iss (u16_t port1, u16_t port2, u32_t local_addr,
>                   u32_t remote_addr)
>{
>    static u32_t last_clock = 0, local_clock = 0, spurt_clock =
>       0, random_increment = 0;
>    u32_t clock = MHz_clock_counter;
>    local_clock += clock - last_clock;
>    spurt_clock += clock - last_clock;
>    last_clock = clock;
>    if (spurt_clock > (random_increment >> 7)) {
>       local_clock += random_increment & 0xFFFFFF;
>       spurt_clock = 0;
>       random_increment = hash1 (clock); }
>    return local_clock + (hash2 ((u32_t) ((u32_t) port1 << 16) | port2)
>                         ^ hash3 (remote_addr) ^ PER_HOST_RANDOM_KEY);
>}
>
>-paul
>
>begin 644 tcp_isn_generator.c.gz
>M'XL(`-Z(7CT``Y58:U/;R!+];/V*WDTE2,082\X%@@-;>4"6NH10$&HWE4U<
>M0AK;address@hidden(MF0[2:VK$J29[IE^G#G=H^U->IE-9WDR&FMR
>M7WH4=+M!F\[#(J7+L1!YQZ%->IZF9$04Y4*)_%;$'>()_G<IHB(7].[E.24R
>MT4F8DA(WA9"1(%E,KD5.49A&11KJ))/*+.AL;address@hidden&:1$+>J9TG&2=\6%]
>M:*:V=3(1/.IL;]*[<:(HA!U1-A&*AGDVH>?3:9J(F%[FLZG.1GDX'<\HD#$=
>MP3R8Q?N1[W=ZQ-LY>C85L1A2(54RDM!3XRS75/@[`]U?G4TDYGH!S[$!%\<O
>M284S1842%/RG^_G/+^0^H4F2IHD2429C#[854HN\[5P7FDX36=RS-.PF_PW$
>MRVFV1MSC0=KU"7.#*,VBSX-2PN[X/BL0.4DC(44>:D%Y*&.X_5G`BF&6DPBC
>M,4WP7R(%W25ZC'S@)Z)Q1EN2-A[`'YXZ/[H8_/address@hidden>D_=
>M^PWJD\YI*XIIX_G6<7?KZ0;]8Q9X1MNQN-TNROV^41Q;VP_VZ%H=^!0<&@%9
>M(!]]N]_5*>?TYSON]%[XN_Z3)Y!E_^Z$<8_C&<H9C4,%1T8T+*3)7(?&`KB"
>ME)&@UV&:`0/#1*0Q(BRBD,<address@hidden;%H8]&8;D6."8/0#KDL
>M'*8J<RJ--+OSJ&8WV^"address@hidden>.VW">]MPO/YQ<F;(]]K"`<-X6!)
>M.&@*]QK"O27AGF>BPE,),=BKQ"/3DRR>address@hidden(;S'YG=TC/#6IE_S5._X
>MR5%SV-KW8RV>"G:>!FNT>G.MXQ=+6CSU8N_8YPPKC0,?E1`W7MO'^W8Y-JL>
>MI.=\-<!+,address@hidden&Y&R?(L5MX]-5I)4,\T2/R/:/@*E"+
>address@hidden;[3*NCP$(address@hidden<J$+G$%K%E;H.]]-!A![;:#'J)QFS`/`
>M5*$8G)B`@>`S"N,87*C^6!UR#%/=,5?PG`K!8G1"=UF1QAA)Y&>:YF)K3HI8
>M-J2IR+?&F=+E(7=PR-D050R'290(J=O$I))LX,B=BO"VW'/`>V*Y3&>&P,!:
>M.%0*&P(address@hidden&:0*`5GF>address@hidden:X1WL5+4.5BL6K;:;4X3'8\%Y-,"S-1
>M9:N1X#14VI(address@hidden<address@hidden,!*!^+PT.6LTFV2U;*:address@hidden
>address@hidden&&_>6XK3L"7)N"*#A/M6.9)E],0:-L:*E^0_%"&FPH
>M$Y2_-D,U&L/-K!B-4X"=<971PET&A]F)address@hidden)4H$G5R>E?54
>M>;"BQ`E4PPF'A:Z%OA-"4O=_RE"?O[.[NQOX._RJN9JA;H/\V-Y>M\N*MFRI
>address@hidden(address@hidden,^("XL`T-AIN!D!5_`W3(WJA&NQB2U#CNVNV6>Q*C--
>M0K+WUA&XQ*IWJ--3;-$I*R3T-E3I-;8:F\;![W1[7#(17V`]#T?"I$ES%Y!)
>M8Y-*N2,!BT^RW.*=\\B44$_Y(;DK.#L\I%W/$,@2AE8D'\VI#C320#!#M;4&
>MP::"D&ND/&8:8.B$XDQNH)N0,8*C.3EWZ%2L^W$FE)E$,>,P#E%4V9->L'7-
>M]0KIXF$^I.KQR;DR.\S=+3FLX0>YIC*16S';_,$<>WKV#-CP4-;-P?=PS''.
>M/]D*A6C5#CI&UU1RSQ`E>K4A=1WGQRU,address@hidden&address@hidden@(S+C^%
>M^2AJ4S0.T15MXN5V02YY$>&,H`4$:DG?UID!,<Q!B.8/:$W:N9'0+)X-XW!&
>M[B-]VZ:SJ]-3KU^Q5:[7L0FST3Q2^K:C;P?(180XVA=^WB2_:WY7U7+3'.8#
>M:[\_+/Z1OY>VE'/<F[G]OD&8-=C8V"I4*L247+,69%L8AD5-@@address@hidden"
>M6ZQ:O%5Z<SB/[<)"LVO30C_HI-9*EXLKW,3&'B_?D(N3X1#FK!>O]ARL5>4S
>M/5=5K%L6CW*%><-P3-NKR\'XRH]JY6MT:&address@hidden>``)_%?NSS?&C;;U&"?
>M'\.GM18SQKU_C9M&Z]$U)^F!D`B]L[[<\-E_.Q7RQ>4KF(address@hidden)T/80C0:>
>MQMP)R,S!K0FM,M,X%&9+1!YG^V0O7/;address@hidden;J8&ZSNX_^,'>Q[Z=
>M-HU!;7ZBKG\P$TE<D$S/5AOD6Z*(^\Y"Q:address@hidden'YQN;B8(-]%JOBO>]\K8^H
>M8F*[AX2CY[3,R4H,^U*">PHNG8.+LU<GEY>#B[=79Z\N,?SXL<%#BW7!Z=W[
>MW:?73Y'$%O/(IP-FPVI];SD";-(G*'J&^7>''SUFR]U*FY7Y+T\.AW:.B=0,
>MHJKL>09**`PVO\8AO-]F25P/address@hidden"+7,RV4NV01B"7Y`DPNCS.4
>address@hidden"_-)?P>UP/T]NI=OZ&"G);address@hidden'=6F_?.E30S.JFC7X
>MQL.X[]?=8S*S[M40,YG"8BI_?*:7UD.O7C/VS?._Z=LW>\CJ'AVNHLR;KUK]
>M5B(-O]>$^A%L6L1W,K4QQ2'DEQ(`G&4A%:Z/W/address@hidden(&A32,07M5QP6`^
>M7U7677<-UIO>,D:_+86>X63J,L#6M.`7+'$^TV/T27SIQ>T8#=WBXJC,9P''
>M4B-_-S',9V[9_`'%#3[U`F_+M[=['HZS.VFX8GL36_ZV7:A\^SJ1VU.SA^,8
>MM4FHQX3+-G\]43>YMJ.<IFJ4GQUG!)`P,[C\ZGJ>$_&MSG'L'<[?MU4;8]/L
>address@hidden:H_;B7GG*-S7[>FK$^-/,,(RT*[W]><+!P_3AX_S5KBNA&1@<[S>0D7?0
>M=R*(;M!$#!<!B;(4S$?39)(PP-DW5^(4^0L-)I_>address@hidden@.KU-P1*&=CDC7&
>M-`Q*5B%<&96LS/S,./Z)5(G5O=CL!,)address@hidden;(GKW)Y?+O3^
>M*7-?+W!J=_+:0BL#E=X4==MW'N"6A)LN+(`G:address@hidden>5`*9"NB;O.)X<
>M1W_5-],KS$=OL(U5X+UJB5.#<+#XHL)`K*:XJMP,$K[(W.RO8(/!.4(?8==#
>M3B#:IJFWFNKUYJULW/V%!QR7ALY2'+G)67S<J[[*/(SIH;address@hidden&/
>ED'W8W_(_>K]0?[U&=;1.E8\O%Q6_,6J--U]T_P^O(YJW3A8`````
>`
>end
>
>
>Paul Sheer Consulting IT Services . . Tel . . . +27 (0)21 6869634
>Email . . . address@hidden . . . . . . Pager . . . 088 0057245
>Linux development, cryptography, recruitment,  support,  training
>http://www.icon.co.za/~psheer . . . . http://rute.sourceforge.net
>L I N U X . . . . . . . . . . . .  The Choice of a GNU Generation
>
>[This message was sent through the lwip discussion list.]
>  
>




[This message was sent through the lwip discussion list.]