From owner-svn-src-head@freebsd.org  Sun Aug 19 17:08:30 2018
Return-Path: <owner-svn-src-head@freebsd.org>
Delivered-To: svn-src-head@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 8FD061070B57;
 Sun, 19 Aug 2018 17:08:30 +0000 (UTC)
 (envelope-from tuexen@freebsd.org)
Received: from drew.franken.de (drew.ipv6.franken.de
 [IPv6:2001:638:a02:a001:20e:cff:fe4a:feaa])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client CN "*.franken.de",
 Issuer "COMODO RSA Domain Validation Secure Server CA" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id 67CAD807BC;
 Sun, 19 Aug 2018 17:08:29 +0000 (UTC)
 (envelope-from tuexen@freebsd.org)
Received: from [192.168.1.6] (p57BB437A.dip0.t-ipconnect.de [87.187.67.122])
 (Authenticated sender: macmic)
 by mail-n.franken.de (Postfix) with ESMTPSA id 180D0721E281A;
 Sun, 19 Aug 2018 19:08:25 +0200 (CEST)
Content-Type: text/plain;
	charset=utf-8
Mime-Version: 1.0 (Mac OS X Mail 11.5 \(3445.9.1\))
Subject: Re: svn commit: r338053 - head/sys/netinet
From: Michael Tuexen <tuexen@freebsd.org>
In-Reply-To: <CAG6CVpW6GyS-xV1xBnMsiFiKPvTX9Xe4EXkyhfXXGdBUvfko8w@mail.gmail.com>
Date: Sun, 19 Aug 2018 19:08:23 +0200
Cc: src-committers <src-committers@freebsd.org>, svn-src-all@freebsd.org,
 svn-src-head@freebsd.org
Content-Transfer-Encoding: quoted-printable
Message-Id: <97661C9D-9C25-4DE0-89A8-FE1C40DAFB81@freebsd.org>
References: <201808191456.w7JEuAZE069780@repo.freebsd.org>
 <CAG6CVpW6GyS-xV1xBnMsiFiKPvTX9Xe4EXkyhfXXGdBUvfko8w@mail.gmail.com>
To: cem@freebsd.org
X-Mailer: Apple Mail (2.3445.9.1)
X-Spam-Status: No, score=-2.9 required=5.0 tests=ALL_TRUSTED,BAYES_00
 autolearn=disabled version=3.4.1
X-Spam-Checker-Version: SpamAssassin 3.4.1 (2015-04-28) on mail-n.franken.de
X-BeenThere: svn-src-head@freebsd.org
X-Mailman-Version: 2.1.27
Precedence: list
List-Id: SVN commit messages for the src tree for head/-current
 <svn-src-head.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/svn-src-head>,
 <mailto:svn-src-head-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-src-head/>
List-Post: <mailto:svn-src-head@freebsd.org>
List-Help: <mailto:svn-src-head-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/svn-src-head>,
 <mailto:svn-src-head-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 19 Aug 2018 17:08:31 -0000

> On 19. Aug 2018, at 18:35, Conrad Meyer <cem@FreeBSD.org> wrote:
>=20
> On Sun, Aug 19, 2018 at 7:56 AM, Michael Tuexen <tuexen@freebsd.org> =
wrote:
>> Author: tuexen
>> Date: Sun Aug 19 14:56:10 2018
>> New Revision: 338053
>> URL: https://svnweb.freebsd.org/changeset/base/338053
>>=20
>> Log:
>>  =E2=80=A6 a keyed hash function taking
>>  the source and destination addresses and port numbers into account.
>>  The keyed hash function is the same a used for the initial TSN.
>> ...
>> Modified: head/sys/netinet/tcp_subr.c
>> =
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D
>> --- head/sys/netinet/tcp_subr.c Sun Aug 19 14:48:32 2018        =
(r338052)
>> +++ head/sys/netinet/tcp_subr.c Sun Aug 19 14:56:10 2018        =
(r338053)
>> @@ -233,6 +233,9 @@ VNET_DEFINE(uma_zone_t, sack_hole_zone);
>> ...
>>=20
>> +static uint32_t
>> +tcp_keyed_hash(struct in_conninfo *inc, u_char *key)
>> +{
>> +       MD5_CTX ctx;
>> +       uint32_t hash[4];
>>=20
>> +       MD5Init(&ctx);
>> +       MD5Update(&ctx, &inc->inc_fport, sizeof(uint16_t));
>> +       MD5Update(&ctx, &inc->inc_lport, sizeof(uint16_t));
>> +       switch (inc->inc_flags & INC_ISIPV6) {
>> +#ifdef INET
>> +       case 0:
>> +               MD5Update(&ctx, &inc->inc_faddr, sizeof(struct =
in_addr));
>> +               MD5Update(&ctx, &inc->inc_laddr, sizeof(struct =
in_addr));
>> +               break;
>> +#endif
>> +#ifdef INET6
>> +       case INC_ISIPV6:
>> +               MD5Update(&ctx, &inc->inc6_faddr, sizeof(struct =
in6_addr));
>> +               MD5Update(&ctx, &inc->inc6_laddr, sizeof(struct =
in6_addr));
>> +               break;
>> +#endif
>> +       }
>> +       MD5Update(&ctx, key, 32);
>> +       MD5Final((unsigned char *)hash, &ctx);
>> +
>> +       return (hash[0]);
>=20
> Hi Michael,
>=20
> How was this particular keyed hash function construction chosen?
> (Yes, I see it is the same initial TSN, but how was that selected?)
You mean:

Why is FreeBSD using the MD5 with secret suffix as the keyed hash =
function?

I don't know, I have not implemented that.

However, https://tools.ietf.org/html/rfc6528#section-3 suggests this,
OpenBSD uses a similar computation, but uses SHA512 instead of MD5, =
NetBSD
seem to use the same computation as FreeBSD.
I guess using MD5 was an acceptable choice at the time the choice was =
made.

When preparing this patch I was about to choose a different keyed hash =
function,
but decided to separate
* Using a keyed has functions as the offset for the TCP time stamp.
* Choose a good keyed hash function.

That is why I isolated the keyed hash function. So it is simple to =
replace
it with a different one.

I think it would be good to change this keyed hash function to SIP-HASH =
(both
for the initial sequence number and the time stamp). Opinions?

Best regards
Michael
>=20
> Thanks,
> Conrad