+++ /dev/null
-From 1904a64bcc18199738e5be183d28887ac5d837d7 Mon Sep 17 00:00:00 2001
-From: Doug Flick <dougflick@microsoft.com>
-Date: Wed, 8 May 2024 22:56:29 -0700
-Subject: [PATCH] NetworkPkg TcpDxe: SECURITY PATCH CVE-2023-45236
-
-REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4541
-REF: https://www.rfc-editor.org/rfc/rfc1948.txt
-REF: https://www.rfc-editor.org/rfc/rfc6528.txt
-REF: https://www.rfc-editor.org/rfc/rfc9293.txt
-
-Bug Overview:
-PixieFail Bug #8
-CVE-2023-45236
-CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
-CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
-
-Updates TCP ISN generation to use a cryptographic hash of the
-connection's identifying parameters and a secret key.
-This prevents an attacker from guessing the ISN used for some other
-connection.
-
-This is follows the guidance in RFC 1948, RFC 6528, and RFC 9293.
-
-RFC: 9293 Section 3.4.1. Initial Sequence Number Selection
-
- A TCP implementation MUST use the above type of "clock" for clock-
- driven selection of initial sequence numbers (MUST-8), and SHOULD
- generate its initial sequence numbers with the expression:
-
- ISN = M + F(localip, localport, remoteip, remoteport, secretkey)
-
- where M is the 4 microsecond timer, and F() is a pseudorandom
- function (PRF) of the connection's identifying parameters ("localip,
- localport, remoteip, remoteport") and a secret key ("secretkey")
- (SHLD-1). F() MUST NOT be computable from the outside (MUST-9), or
- an attacker could still guess at sequence numbers from the ISN used
- for some other connection. The PRF could be implemented as a
- cryptographic hash of the concatenation of the TCP connection
- parameters and some secret data. For discussion of the selection of
- a specific hash algorithm and management of the secret key data,
- please see Section 3 of [42].
-
- For each connection there is a send sequence number and a receive
- sequence number. The initial send sequence number (ISS) is chosen by
- the data sending TCP peer, and the initial receive sequence number
- (IRS) is learned during the connection-establishing procedure.
-
- For a connection to be established or initialized, the two TCP peers
- must synchronize on each other's initial sequence numbers. This is
- done in an exchange of connection-establishing segments carrying a
- control bit called "SYN" (for synchronize) and the initial sequence
- numbers. As a shorthand, segments carrying the SYN bit are also
- called "SYNs". Hence, the solution requires a suitable mechanism for
- picking an initial sequence number and a slightly involved handshake
- to exchange the ISNs.
-
-Cc: Saloni Kasbekar <saloni.kasbekar@intel.com>
-Cc: Zachary Clark-williams <zachary.clark-williams@intel.com>
-
-Signed-off-by: Doug Flick [MSFT] <doug.edk2@gmail.com>
-Reviewed-by: Saloni Kasbekar <saloni.kasbekar@intel.com>
-
-CVE: CVE-2023-45236
-
-Upstream-Status: Backport [https://github.com/tianocore/edk2/commit/1904a64bcc18199738e5be183d28887ac5d837d7]
-
-Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com>
----
- NetworkPkg/SecurityFixes.yaml | 22 +++
- NetworkPkg/TcpDxe/TcpDriver.c | 92 ++++++++++++-
- NetworkPkg/TcpDxe/TcpDxe.inf | 8 +-
- NetworkPkg/TcpDxe/TcpFunc.h | 23 ++--
- NetworkPkg/TcpDxe/TcpInput.c | 13 +-
- NetworkPkg/TcpDxe/TcpMain.h | 59 ++++++--
- NetworkPkg/TcpDxe/TcpMisc.c | 244 ++++++++++++++++++++++++++++++++--
- NetworkPkg/TcpDxe/TcpTimer.c | 3 +-
- 8 files changed, 415 insertions(+), 49 deletions(-)
-
-diff --git a/NetworkPkg/SecurityFixes.yaml b/NetworkPkg/SecurityFixes.yaml
-index 2b2c794697..ab355419cc 100644
---- a/NetworkPkg/SecurityFixes.yaml
-+++ b/NetworkPkg/SecurityFixes.yaml
-@@ -121,6 +121,28 @@ CVE_2023_45235:
- - http://www.openwall.com/lists/oss-security/2024/01/16/2\r
- - http://packetstormsecurity.com/files/176574/PixieFail-Proof-Of-Concepts.html\r
- - https://blog.quarkslab.com/pixiefail-nine-vulnerabilities-in-tianocores-edk-ii-ipv6-network-stack.html\r
-+CVE_2023_45236:\r
-+ commit_titles:\r
-+ - "NetworkPkg: TcpDxe: SECURITY PATCH CVE-2023-45236 Patch"\r
-+ cve: CVE-2023-45236\r
-+ date_reported: 2023-08-28 13:56 UTC\r
-+ description: "Bug 08 - edk2/NetworkPkg: Predictable TCP Initial Sequence Numbers"\r
-+ note:\r
-+ files_impacted:\r
-+ - NetworkPkg/Include/Library/NetLib.h\r
-+ - NetworkPkg/TcpDxe/TcpDriver.c\r
-+ - NetworkPkg/TcpDxe/TcpDxe.inf\r
-+ - NetworkPkg/TcpDxe/TcpFunc.h\r
-+ - NetworkPkg/TcpDxe/TcpInput.c\r
-+ - NetworkPkg/TcpDxe/TcpMain.h\r
-+ - NetworkPkg/TcpDxe/TcpMisc.c\r
-+ - NetworkPkg/TcpDxe/TcpTimer.c\r
-+ links:\r
-+ - https://bugzilla.tianocore.org/show_bug.cgi?id=4541\r
-+ - https://nvd.nist.gov/vuln/detail/CVE-2023-45236\r
-+ - http://www.openwall.com/lists/oss-security/2024/01/16/2\r
-+ - http://packetstormsecurity.com/files/176574/PixieFail-Proof-Of-Concepts.html\r
-+ - https://blog.quarkslab.com/pixiefail-nine-vulnerabilities-in-tianocores-edk-ii-ipv6-network-stack.html\r
- CVE_2023_45237:\r
- commit_titles:\r
- - "NetworkPkg:: SECURITY PATCH CVE 2023-45237"\r
-diff --git a/NetworkPkg/TcpDxe/TcpDriver.c b/NetworkPkg/TcpDxe/TcpDriver.c
-index 8fe6badd68..40bba4080c 100644
---- a/NetworkPkg/TcpDxe/TcpDriver.c
-+++ b/NetworkPkg/TcpDxe/TcpDriver.c
-@@ -83,6 +83,12 @@ EFI_SERVICE_BINDING_PROTOCOL gTcpServiceBinding = {
- TcpServiceBindingDestroyChild\r
- };\r
- \r
-+//\r
-+// This is the handle for the Hash2ServiceBinding Protocol instance this driver produces\r
-+// if the platform does not provide one.\r
-+//\r
-+EFI_HANDLE mHash2ServiceHandle = NULL;\r
-+\r
- /**\r
- Create and start the heartbeat timer for the TCP driver.\r
- \r
-@@ -165,6 +171,23 @@ TcpDriverEntryPoint (
- EFI_STATUS Status;\r
- UINT32 Random;\r
- \r
-+ //\r
-+ // Initialize the Secret used for hashing TCP sequence numbers\r
-+ //\r
-+ // Normally this should be regenerated periodically, but since\r
-+ // this is only used for UEFI networking and not a general purpose\r
-+ // operating system, it is not necessary to regenerate it.\r
-+ //\r
-+ Status = PseudoRandomU32 (&mTcpGlobalSecret);\r
-+ if (EFI_ERROR (Status)) {\r
-+ DEBUG ((DEBUG_ERROR, "%a failed to generate random number: %r\n", __func__, Status));\r
-+ return Status;\r
-+ }\r
-+\r
-+ //\r
-+ // Get a random number used to generate a random port number\r
-+ // Intentionally not linking this to mTcpGlobalSecret to avoid leaking information about the secret\r
-+ //\r
- Status = PseudoRandomU32 (&Random);\r
- if (EFI_ERROR (Status)) {\r
- DEBUG ((DEBUG_ERROR, "%a Failed to generate random number: %r\n", __func__, Status));\r
-@@ -207,9 +230,8 @@ TcpDriverEntryPoint (
- }\r
- \r
- //\r
-- // Initialize ISS and random port.\r
-+ // Initialize the random port.\r
- //\r
-- mTcpGlobalIss = Random % mTcpGlobalIss;\r
- mTcp4RandomPort = (UINT16)(TCP_PORT_KNOWN + (Random % TCP_PORT_KNOWN));\r
- mTcp6RandomPort = mTcp4RandomPort;\r
- \r
-@@ -224,6 +246,8 @@ TcpDriverEntryPoint (
- @param[in] IpVersion IP_VERSION_4 or IP_VERSION_6.\r
- \r
- @retval EFI_OUT_OF_RESOURCES Failed to allocate some resources.\r
-+ @retval EFI_UNSUPPORTED Service Binding Protocols are unavailable.\r
-+ @retval EFI_ALREADY_STARTED The TCP driver is already started on the controller.\r
- @retval EFI_SUCCESS A new IP6 service binding private was created.\r
- \r
- **/\r
-@@ -234,11 +258,13 @@ TcpCreateService (
- IN UINT8 IpVersion\r
- )\r
- {\r
-- EFI_STATUS Status;\r
-- EFI_GUID *IpServiceBindingGuid;\r
-- EFI_GUID *TcpServiceBindingGuid;\r
-- TCP_SERVICE_DATA *TcpServiceData;\r
-- IP_IO_OPEN_DATA OpenData;\r
-+ EFI_STATUS Status;\r
-+ EFI_GUID *IpServiceBindingGuid;\r
-+ EFI_GUID *TcpServiceBindingGuid;\r
-+ TCP_SERVICE_DATA *TcpServiceData;\r
-+ IP_IO_OPEN_DATA OpenData;\r
-+ EFI_SERVICE_BINDING_PROTOCOL *Hash2ServiceBinding;\r
-+ EFI_HASH2_PROTOCOL *Hash2Protocol;\r
- \r
- if (IpVersion == IP_VERSION_4) {\r
- IpServiceBindingGuid = &gEfiIp4ServiceBindingProtocolGuid;\r
-@@ -272,6 +298,33 @@ TcpCreateService (
- return EFI_UNSUPPORTED;\r
- }\r
- \r
-+ Status = gBS->LocateProtocol (&gEfiHash2ProtocolGuid, NULL, (VOID **)&Hash2Protocol);\r
-+ if (EFI_ERROR (Status)) {\r
-+ //\r
-+ // If we can't find the Hashing protocol, then we need to create one.\r
-+ //\r
-+\r
-+ //\r
-+ // Platform is expected to publish the hash service binding protocol to support TCP.\r
-+ //\r
-+ Status = gBS->LocateProtocol (\r
-+ &gEfiHash2ServiceBindingProtocolGuid,\r
-+ NULL,\r
-+ (VOID **)&Hash2ServiceBinding\r
-+ );\r
-+ if (EFI_ERROR (Status) || (Hash2ServiceBinding == NULL) || (Hash2ServiceBinding->CreateChild == NULL)) {\r
-+ return EFI_UNSUPPORTED;\r
-+ }\r
-+\r
-+ //\r
-+ // Create an instance of the hash protocol for this controller.\r
-+ //\r
-+ Status = Hash2ServiceBinding->CreateChild (Hash2ServiceBinding, &mHash2ServiceHandle);\r
-+ if (EFI_ERROR (Status)) {\r
-+ return EFI_UNSUPPORTED;\r
-+ }\r
-+ }\r
-+\r
- //\r
- // Create the TCP service data.\r
- //\r
-@@ -423,6 +476,7 @@ TcpDestroyService (
- EFI_STATUS Status;\r
- LIST_ENTRY *List;\r
- TCP_DESTROY_CHILD_IN_HANDLE_BUF_CONTEXT Context;\r
-+ EFI_SERVICE_BINDING_PROTOCOL *Hash2ServiceBinding;\r
- \r
- ASSERT ((IpVersion == IP_VERSION_4) || (IpVersion == IP_VERSION_6));\r
- \r
-@@ -439,6 +493,30 @@ TcpDestroyService (
- return EFI_SUCCESS;\r
- }\r
- \r
-+ //\r
-+ // Destroy the Hash2ServiceBinding instance if it is created by Tcp driver.\r
-+ //\r
-+ if (mHash2ServiceHandle != NULL) {\r
-+ Status = gBS->LocateProtocol (\r
-+ &gEfiHash2ServiceBindingProtocolGuid,\r
-+ NULL,\r
-+ (VOID **)&Hash2ServiceBinding\r
-+ );\r
-+ if (EFI_ERROR (Status) || (Hash2ServiceBinding == NULL) || (Hash2ServiceBinding->DestroyChild == NULL)) {\r
-+ return EFI_UNSUPPORTED;\r
-+ }\r
-+\r
-+ //\r
-+ // Destroy the instance of the hashing protocol for this controller.\r
-+ //\r
-+ Status = Hash2ServiceBinding->DestroyChild (Hash2ServiceBinding, &mHash2ServiceHandle);\r
-+ if (EFI_ERROR (Status)) {\r
-+ return EFI_UNSUPPORTED;\r
-+ }\r
-+\r
-+ mHash2ServiceHandle = NULL;\r
-+ }\r
-+\r
- Status = gBS->OpenProtocol (\r
- NicHandle,\r
- ServiceBindingGuid,\r
-diff --git a/NetworkPkg/TcpDxe/TcpDxe.inf b/NetworkPkg/TcpDxe/TcpDxe.inf
-index cf5423f4c5..76de4cf9ec 100644
---- a/NetworkPkg/TcpDxe/TcpDxe.inf
-+++ b/NetworkPkg/TcpDxe/TcpDxe.inf
-@@ -6,6 +6,7 @@
- # stack has been loaded in system. This driver supports both IPv4 and IPv6 network stack.\r
- #\r
- # Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.<BR>\r
-+# Copyright (c) Microsoft Corporation\r
- #\r
- # SPDX-License-Identifier: BSD-2-Clause-Patent\r
- #\r
-@@ -68,7 +69,6 @@
- NetLib\r
- IpIoLib\r
- \r
--\r
- [Protocols]\r
- ## SOMETIMES_CONSUMES\r
- ## SOMETIMES_PRODUCES\r
-@@ -81,6 +81,12 @@
- gEfiIp6ServiceBindingProtocolGuid ## TO_START\r
- gEfiTcp6ProtocolGuid ## BY_START\r
- gEfiTcp6ServiceBindingProtocolGuid ## BY_START\r
-+ gEfiHash2ProtocolGuid ## BY_START\r
-+ gEfiHash2ServiceBindingProtocolGuid ## BY_START\r
-+\r
-+[Guids]\r
-+ gEfiHashAlgorithmMD5Guid ## CONSUMES\r
-+ gEfiHashAlgorithmSha256Guid ## CONSUMES\r
- \r
- [Depex]\r
- gEfiHash2ServiceBindingProtocolGuid\r
-diff --git a/NetworkPkg/TcpDxe/TcpFunc.h b/NetworkPkg/TcpDxe/TcpFunc.h
-index a7af01fff2..c707bee3e5 100644
---- a/NetworkPkg/TcpDxe/TcpFunc.h
-+++ b/NetworkPkg/TcpDxe/TcpFunc.h
-@@ -2,7 +2,7 @@
- Declaration of external functions shared in TCP driver.\r
- \r
- Copyright (c) 2009 - 2014, Intel Corporation. All rights reserved.<BR>\r
--\r
-+ Copyright (c) Microsoft Corporation\r
- SPDX-License-Identifier: BSD-2-Clause-Patent\r
- \r
- **/\r
-@@ -36,8 +36,11 @@ VOID
- \r
- @param[in, out] Tcb Pointer to the TCP_CB of this TCP instance.\r
- \r
-+ @retval EFI_SUCCESS The operation completed successfully\r
-+ @retval others The underlying functions failed and could not complete the operation\r
-+\r
- **/\r
--VOID\r
-+EFI_STATUS\r
- TcpInitTcbLocal (\r
- IN OUT TCP_CB *Tcb\r
- );\r
-@@ -128,17 +131,6 @@ TcpCloneTcb (
- IN TCP_CB *Tcb\r
- );\r
- \r
--/**\r
-- Compute an ISS to be used by a new connection.\r
--\r
-- @return The result ISS.\r
--\r
--**/\r
--TCP_SEQNO\r
--TcpGetIss (\r
-- VOID\r
-- );\r
--\r
- /**\r
- Get the local mss.\r
- \r
-@@ -202,8 +194,11 @@ TcpFormatNetbuf (
- @param[in, out] Tcb Pointer to the TCP_CB that wants to initiate a\r
- connection.\r
- \r
-+ @retval EFI_SUCCESS The operation completed successfully\r
-+ @retval others The underlying functions failed and could not complete the operation\r
-+\r
- **/\r
--VOID\r
-+EFI_STATUS\r
- TcpOnAppConnect (\r
- IN OUT TCP_CB *Tcb\r
- );\r
-diff --git a/NetworkPkg/TcpDxe/TcpInput.c b/NetworkPkg/TcpDxe/TcpInput.c
-index fb1aa827f8..0477a15d0c 100644
---- a/NetworkPkg/TcpDxe/TcpInput.c
-+++ b/NetworkPkg/TcpDxe/TcpInput.c
-@@ -724,6 +724,7 @@ TcpInput (
- TCP_SEQNO Urg;\r
- UINT16 Checksum;\r
- INT32 Usable;\r
-+ EFI_STATUS Status;\r
- \r
- ASSERT ((Version == IP_VERSION_4) || (Version == IP_VERSION_6));\r
- \r
-@@ -872,7 +873,17 @@ TcpInput (
- Tcb->LocalEnd.Port = Head->DstPort;\r
- Tcb->RemoteEnd.Port = Head->SrcPort;\r
- \r
-- TcpInitTcbLocal (Tcb);\r
-+ Status = TcpInitTcbLocal (Tcb);\r
-+ if (EFI_ERROR (Status)) {\r
-+ DEBUG (\r
-+ (DEBUG_ERROR,\r
-+ "TcpInput: discard a segment because failed to init local end for TCB %p\n",\r
-+ Tcb)\r
-+ );\r
-+\r
-+ goto DISCARD;\r
-+ }\r
-+\r
- TcpInitTcbPeer (Tcb, Seg, &Option);\r
- \r
- TcpSetState (Tcb, TCP_SYN_RCVD);\r
-diff --git a/NetworkPkg/TcpDxe/TcpMain.h b/NetworkPkg/TcpDxe/TcpMain.h
-index c0c9b7f46e..4d5566ab93 100644
---- a/NetworkPkg/TcpDxe/TcpMain.h
-+++ b/NetworkPkg/TcpDxe/TcpMain.h
-@@ -3,7 +3,7 @@
- It is the common head file for all Tcp*.c in TCP driver.\r
- \r
- Copyright (c) 2009 - 2016, Intel Corporation. All rights reserved.<BR>\r
--\r
-+ Copyright (c) Microsoft Corporation\r
- SPDX-License-Identifier: BSD-2-Clause-Patent\r
- \r
- **/\r
-@@ -13,6 +13,7 @@
- \r
- #include <Protocol/ServiceBinding.h>\r
- #include <Protocol/DriverBinding.h>\r
-+#include <Protocol/Hash2.h>\r
- #include <Library/IpIoLib.h>\r
- #include <Library/DevicePathLib.h>\r
- #include <Library/PrintLib.h>\r
-@@ -31,7 +32,7 @@ extern EFI_UNICODE_STRING_TABLE *gTcpControllerNameTable;
- \r
- extern LIST_ENTRY mTcpRunQue;\r
- extern LIST_ENTRY mTcpListenQue;\r
--extern TCP_SEQNO mTcpGlobalIss;\r
-+extern TCP_SEQNO mTcpGlobalSecret;\r
- extern UINT32 mTcpTick;\r
- \r
- ///\r
-@@ -45,14 +46,6 @@ extern UINT32 mTcpTick;
- \r
- #define TCP_EXPIRE_TIME 65535\r
- \r
--///\r
--/// The implementation selects the initial send sequence number and the unit to\r
--/// be added when it is increased.\r
--///\r
--#define TCP_BASE_ISS 0x4d7e980b\r
--#define TCP_ISS_INCREMENT_1 2048\r
--#define TCP_ISS_INCREMENT_2 100\r
--\r
- typedef union {\r
- EFI_TCP4_CONFIG_DATA Tcp4CfgData;\r
- EFI_TCP6_CONFIG_DATA Tcp6CfgData;\r
-@@ -774,4 +767,50 @@ Tcp6Poll (
- IN EFI_TCP6_PROTOCOL *This\r
- );\r
- \r
-+/**\r
-+ Retrieves the Initial Sequence Number (ISN) for a TCP connection identified by local\r
-+ and remote IP addresses and ports.\r
-+\r
-+ This method is based on https://datatracker.ietf.org/doc/html/rfc9293#section-3.4.1\r
-+ Where the ISN is computed as follows:\r
-+ ISN = TimeStamp + MD5(LocalIP, LocalPort, RemoteIP, RemotePort, Secret)\r
-+\r
-+ Otherwise:\r
-+ ISN = M + F(localip, localport, remoteip, remoteport, secretkey)\r
-+\r
-+ "Here M is the 4 microsecond timer, and F() is a pseudorandom function (PRF) of the\r
-+ connection's identifying parameters ("localip, localport, remoteip, remoteport")\r
-+ and a secret key ("secretkey") (SHLD-1). F() MUST NOT be computable from the\r
-+ outside (MUST-9), or an attacker could still guess at sequence numbers from the\r
-+ ISN used for some other connection. The PRF could be implemented as a\r
-+ cryptographic hash of the concatenation of the TCP connection parameters and some\r
-+ secret data. For discussion of the selection of a specific hash algorithm and\r
-+ management of the secret key data."\r
-+\r
-+ @param[in] LocalIp A pointer to the local IP address of the TCP connection.\r
-+ @param[in] LocalIpSize The size, in bytes, of the LocalIp buffer.\r
-+ @param[in] LocalPort The local port number of the TCP connection.\r
-+ @param[in] RemoteIp A pointer to the remote IP address of the TCP connection.\r
-+ @param[in] RemoteIpSize The size, in bytes, of the RemoteIp buffer.\r
-+ @param[in] RemotePort The remote port number of the TCP connection.\r
-+ @param[out] Isn A pointer to the variable that will receive the Initial\r
-+ Sequence Number (ISN).\r
-+\r
-+ @retval EFI_SUCCESS The operation completed successfully, and the ISN was\r
-+ retrieved.\r
-+ @retval EFI_INVALID_PARAMETER One or more of the input parameters are invalid.\r
-+ @retval EFI_UNSUPPORTED The operation is not supported.\r
-+\r
-+**/\r
-+EFI_STATUS\r
-+TcpGetIsn (\r
-+ IN UINT8 *LocalIp,\r
-+ IN UINTN LocalIpSize,\r
-+ IN UINT16 LocalPort,\r
-+ IN UINT8 *RemoteIp,\r
-+ IN UINTN RemoteIpSize,\r
-+ IN UINT16 RemotePort,\r
-+ OUT TCP_SEQNO *Isn\r
-+ );\r
-+\r
- #endif\r
-diff --git a/NetworkPkg/TcpDxe/TcpMisc.c b/NetworkPkg/TcpDxe/TcpMisc.c
-index c93212d47d..3310306f63 100644
---- a/NetworkPkg/TcpDxe/TcpMisc.c
-+++ b/NetworkPkg/TcpDxe/TcpMisc.c
-@@ -3,7 +3,7 @@
- \r
- (C) Copyright 2014 Hewlett-Packard Development Company, L.P.<BR>\r
- Copyright (c) 2009 - 2017, Intel Corporation. All rights reserved.<BR>\r
--\r
-+ Copyright (c) Microsoft Corporation\r
- SPDX-License-Identifier: BSD-2-Clause-Patent\r
- \r
- **/\r
-@@ -20,7 +20,34 @@ LIST_ENTRY mTcpListenQue = {
- &mTcpListenQue\r
- };\r
- \r
--TCP_SEQNO mTcpGlobalIss = TCP_BASE_ISS;\r
-+//\r
-+// The Session secret\r
-+// This must be initialized to a random value at boot time\r
-+//\r
-+TCP_SEQNO mTcpGlobalSecret;\r
-+\r
-+//\r
-+// Union to hold either an IPv4 or IPv6 address\r
-+// This is used to simplify the ISN hash computation\r
-+//\r
-+typedef union {\r
-+ UINT8 IPv4[4];\r
-+ UINT8 IPv6[16];\r
-+} NETWORK_ADDRESS;\r
-+\r
-+//\r
-+// The ISN is computed by hashing this structure\r
-+// It is initialized with the local and remote IP addresses and ports\r
-+// and the secret\r
-+//\r
-+//\r
-+typedef struct {\r
-+ UINT16 LocalPort;\r
-+ UINT16 RemotePort;\r
-+ NETWORK_ADDRESS LocalAddress;\r
-+ NETWORK_ADDRESS RemoteAddress;\r
-+ TCP_SEQNO Secret;\r
-+} ISN_HASH_CTX;\r
- \r
- CHAR16 *mTcpStateName[] = {\r
- L"TCP_CLOSED",\r
-@@ -41,12 +68,18 @@ CHAR16 *mTcpStateName[] = {
- \r
- @param[in, out] Tcb Pointer to the TCP_CB of this TCP instance.\r
- \r
-+ @retval EFI_SUCCESS The operation completed successfully\r
-+ @retval others The underlying functions failed and could not complete the operation\r
-+\r
- **/\r
--VOID\r
-+EFI_STATUS\r
- TcpInitTcbLocal (\r
- IN OUT TCP_CB *Tcb\r
- )\r
- {\r
-+ TCP_SEQNO Isn;\r
-+ EFI_STATUS Status;\r
-+\r
- //\r
- // Compute the checksum of the fixed parts of pseudo header\r
- //\r
-@@ -57,6 +90,16 @@ TcpInitTcbLocal (
- 0x06,\r
- 0\r
- );\r
-+\r
-+ Status = TcpGetIsn (\r
-+ Tcb->LocalEnd.Ip.v4.Addr,\r
-+ sizeof (IPv4_ADDRESS),\r
-+ Tcb->LocalEnd.Port,\r
-+ Tcb->RemoteEnd.Ip.v4.Addr,\r
-+ sizeof (IPv4_ADDRESS),\r
-+ Tcb->RemoteEnd.Port,\r
-+ &Isn\r
-+ );\r
- } else {\r
- Tcb->HeadSum = NetIp6PseudoHeadChecksum (\r
- &Tcb->LocalEnd.Ip.v6,\r
-@@ -64,9 +107,25 @@ TcpInitTcbLocal (
- 0x06,\r
- 0\r
- );\r
-+\r
-+ Status = TcpGetIsn (\r
-+ Tcb->LocalEnd.Ip.v6.Addr,\r
-+ sizeof (IPv6_ADDRESS),\r
-+ Tcb->LocalEnd.Port,\r
-+ Tcb->RemoteEnd.Ip.v6.Addr,\r
-+ sizeof (IPv6_ADDRESS),\r
-+ Tcb->RemoteEnd.Port,\r
-+ &Isn\r
-+ );\r
-+ }\r
-+\r
-+ if (EFI_ERROR (Status)) {\r
-+ DEBUG ((DEBUG_ERROR, "TcpInitTcbLocal: failed to get isn\n"));\r
-+ ASSERT (FALSE);\r
-+ return Status;\r
- }\r
- \r
-- Tcb->Iss = TcpGetIss ();\r
-+ Tcb->Iss = Isn;\r
- Tcb->SndUna = Tcb->Iss;\r
- Tcb->SndNxt = Tcb->Iss;\r
- \r
-@@ -82,6 +141,8 @@ TcpInitTcbLocal (
- Tcb->RetxmitSeqMax = 0;\r
- \r
- Tcb->ProbeTimerOn = FALSE;\r
-+\r
-+ return EFI_SUCCESS;\r
- }\r
- \r
- /**\r
-@@ -506,18 +567,162 @@ TcpCloneTcb (
- }\r
- \r
- /**\r
-- Compute an ISS to be used by a new connection.\r
--\r
-- @return The resulting ISS.\r
-+ Retrieves the Initial Sequence Number (ISN) for a TCP connection identified by local\r
-+ and remote IP addresses and ports.\r
-+\r
-+ This method is based on https://datatracker.ietf.org/doc/html/rfc9293#section-3.4.1\r
-+ Where the ISN is computed as follows:\r
-+ ISN = TimeStamp + MD5(LocalIP, LocalPort, RemoteIP, RemotePort, Secret)\r
-+\r
-+ Otherwise:\r
-+ ISN = M + F(localip, localport, remoteip, remoteport, secretkey)\r
-+\r
-+ "Here M is the 4 microsecond timer, and F() is a pseudorandom function (PRF) of the\r
-+ connection's identifying parameters ("localip, localport, remoteip, remoteport")\r
-+ and a secret key ("secretkey") (SHLD-1). F() MUST NOT be computable from the\r
-+ outside (MUST-9), or an attacker could still guess at sequence numbers from the\r
-+ ISN used for some other connection. The PRF could be implemented as a\r
-+ cryptographic hash of the concatenation of the TCP connection parameters and some\r
-+ secret data. For discussion of the selection of a specific hash algorithm and\r
-+ management of the secret key data."\r
-+\r
-+ @param[in] LocalIp A pointer to the local IP address of the TCP connection.\r
-+ @param[in] LocalIpSize The size, in bytes, of the LocalIp buffer.\r
-+ @param[in] LocalPort The local port number of the TCP connection.\r
-+ @param[in] RemoteIp A pointer to the remote IP address of the TCP connection.\r
-+ @param[in] RemoteIpSize The size, in bytes, of the RemoteIp buffer.\r
-+ @param[in] RemotePort The remote port number of the TCP connection.\r
-+ @param[out] Isn A pointer to the variable that will receive the Initial\r
-+ Sequence Number (ISN).\r
-+\r
-+ @retval EFI_SUCCESS The operation completed successfully, and the ISN was\r
-+ retrieved.\r
-+ @retval EFI_INVALID_PARAMETER One or more of the input parameters are invalid.\r
-+ @retval EFI_UNSUPPORTED The operation is not supported.\r
- \r
- **/\r
--TCP_SEQNO\r
--TcpGetIss (\r
-- VOID\r
-+EFI_STATUS\r
-+TcpGetIsn (\r
-+ IN UINT8 *LocalIp,\r
-+ IN UINTN LocalIpSize,\r
-+ IN UINT16 LocalPort,\r
-+ IN UINT8 *RemoteIp,\r
-+ IN UINTN RemoteIpSize,\r
-+ IN UINT16 RemotePort,\r
-+ OUT TCP_SEQNO *Isn\r
- )\r
- {\r
-- mTcpGlobalIss += TCP_ISS_INCREMENT_1;\r
-- return mTcpGlobalIss;\r
-+ EFI_STATUS Status;\r
-+ EFI_HASH2_PROTOCOL *Hash2Protocol;\r
-+ EFI_HASH2_OUTPUT HashResult;\r
-+ ISN_HASH_CTX IsnHashCtx;\r
-+ EFI_TIME TimeStamp;\r
-+\r
-+ //\r
-+ // Check that the ISN pointer is valid\r
-+ //\r
-+ if (Isn == NULL) {\r
-+ return EFI_INVALID_PARAMETER;\r
-+ }\r
-+\r
-+ //\r
-+ // The local ip may be a v4 or v6 address and may not be NULL\r
-+ //\r
-+ if ((LocalIp == NULL) || (LocalIpSize == 0) || (RemoteIp == NULL) || (RemoteIpSize == 0)) {\r
-+ return EFI_INVALID_PARAMETER;\r
-+ }\r
-+\r
-+ //\r
-+ // the local ip may be a v4 or v6 address\r
-+ //\r
-+ if ((LocalIpSize != sizeof (EFI_IPv4_ADDRESS)) && (LocalIpSize != sizeof (EFI_IPv6_ADDRESS))) {\r
-+ return EFI_INVALID_PARAMETER;\r
-+ }\r
-+\r
-+ //\r
-+ // Locate the Hash Protocol\r
-+ //\r
-+ Status = gBS->LocateProtocol (&gEfiHash2ProtocolGuid, NULL, (VOID **)&Hash2Protocol);\r
-+ if (EFI_ERROR (Status)) {\r
-+ DEBUG ((DEBUG_NET, "Failed to locate Hash Protocol: %r\n", Status));\r
-+\r
-+ //\r
-+ // TcpCreateService(..) is expected to be called prior to this function\r
-+ //\r
-+ ASSERT_EFI_ERROR (Status);\r
-+ return Status;\r
-+ }\r
-+\r
-+ //\r
-+ // Initialize the hash algorithm\r
-+ //\r
-+ Status = Hash2Protocol->HashInit (Hash2Protocol, &gEfiHashAlgorithmSha256Guid);\r
-+ if (EFI_ERROR (Status)) {\r
-+ DEBUG ((DEBUG_NET, "Failed to initialize sha256 hash algorithm: %r\n", Status));\r
-+ return Status;\r
-+ }\r
-+\r
-+ IsnHashCtx.LocalPort = LocalPort;\r
-+ IsnHashCtx.RemotePort = RemotePort;\r
-+ IsnHashCtx.Secret = mTcpGlobalSecret;\r
-+\r
-+ //\r
-+ // Check the IP address family and copy accordingly\r
-+ //\r
-+ if (LocalIpSize == sizeof (EFI_IPv4_ADDRESS)) {\r
-+ CopyMem (&IsnHashCtx.LocalAddress.IPv4, LocalIp, LocalIpSize);\r
-+ } else if (LocalIpSize == sizeof (EFI_IPv6_ADDRESS)) {\r
-+ CopyMem (&IsnHashCtx.LocalAddress.IPv6, LocalIp, LocalIpSize);\r
-+ } else {\r
-+ return EFI_INVALID_PARAMETER; // Unsupported address size\r
-+ }\r
-+\r
-+ //\r
-+ // Repeat the process for the remote IP address\r
-+ //\r
-+ if (RemoteIpSize == sizeof (EFI_IPv4_ADDRESS)) {\r
-+ CopyMem (&IsnHashCtx.RemoteAddress.IPv4, RemoteIp, RemoteIpSize);\r
-+ } else if (RemoteIpSize == sizeof (EFI_IPv6_ADDRESS)) {\r
-+ CopyMem (&IsnHashCtx.RemoteAddress.IPv6, RemoteIp, RemoteIpSize);\r
-+ } else {\r
-+ return EFI_INVALID_PARAMETER; // Unsupported address size\r
-+ }\r
-+\r
-+ //\r
-+ // Compute the hash\r
-+ // Update the hash with the data\r
-+ //\r
-+ Status = Hash2Protocol->HashUpdate (Hash2Protocol, (UINT8 *)&IsnHashCtx, sizeof (IsnHashCtx));\r
-+ if (EFI_ERROR (Status)) {\r
-+ DEBUG ((DEBUG_NET, "Failed to update hash: %r\n", Status));\r
-+ return Status;\r
-+ }\r
-+\r
-+ //\r
-+ // Finalize the hash and retrieve the result\r
-+ //\r
-+ Status = Hash2Protocol->HashFinal (Hash2Protocol, &HashResult);\r
-+ if (EFI_ERROR (Status)) {\r
-+ DEBUG ((DEBUG_NET, "Failed to finalize hash: %r\n", Status));\r
-+ return Status;\r
-+ }\r
-+\r
-+ Status = gRT->GetTime (&TimeStamp, NULL);\r
-+ if (EFI_ERROR (Status)) {\r
-+ return Status;\r
-+ }\r
-+\r
-+ //\r
-+ // copy the first 4 bytes of the hash result into the ISN\r
-+ //\r
-+ CopyMem (Isn, HashResult.Md5Hash, sizeof (*Isn));\r
-+\r
-+ //\r
-+ // now add the timestamp to the ISN as 4 microseconds units (1000 / 4 = 250)\r
-+ //\r
-+ *Isn += (TCP_SEQNO)TimeStamp.Nanosecond * 250;\r
-+\r
-+ return Status;\r
- }\r
- \r
- /**\r
-@@ -721,17 +926,28 @@ TcpFormatNetbuf (
- @param[in, out] Tcb Pointer to the TCP_CB that wants to initiate a\r
- connection.\r
- \r
-+ @retval EFI_SUCCESS The operation completed successfully\r
-+ @retval others The underlying functions failed and could not complete the operation\r
-+\r
- **/\r
--VOID\r
-+EFI_STATUS\r
- TcpOnAppConnect (\r
- IN OUT TCP_CB *Tcb\r
- )\r
- {\r
-- TcpInitTcbLocal (Tcb);\r
-+ EFI_STATUS Status;\r
-+\r
-+ Status = TcpInitTcbLocal (Tcb);\r
-+ if (EFI_ERROR (Status)) {\r
-+ return Status;\r
-+ }\r
-+\r
- TcpSetState (Tcb, TCP_SYN_SENT);\r
- \r
- TcpSetTimer (Tcb, TCP_TIMER_CONNECT, Tcb->ConnectTimeout);\r
- TcpToSendData (Tcb, 1);\r
-+\r
-+ return EFI_SUCCESS;\r
- }\r
- \r
- /**\r
-diff --git a/NetworkPkg/TcpDxe/TcpTimer.c b/NetworkPkg/TcpDxe/TcpTimer.c
-index 5d2e124977..065b1bdf5f 100644
---- a/NetworkPkg/TcpDxe/TcpTimer.c
-+++ b/NetworkPkg/TcpDxe/TcpTimer.c
-@@ -2,7 +2,7 @@
- TCP timer related functions.\r
- \r
- Copyright (c) 2009 - 2010, Intel Corporation. All rights reserved.<BR>\r
--\r
-+ Copyright (c) Microsoft Corporation\r
- SPDX-License-Identifier: BSD-2-Clause-Patent\r
- \r
- **/\r
-@@ -483,7 +483,6 @@ TcpTickingDpc (
- INT16 Index;\r
- \r
- mTcpTick++;\r
-- mTcpGlobalIss += TCP_ISS_INCREMENT_2;\r
- \r
- //\r
- // Don't use LIST_FOR_EACH, which isn't delete safe.\r
---
-2.40.0
-
projects / thirdparty / openembedded / openembedded-core-contrib.git / commitdiff
