]>
git.saurik.com Git - apple/xnu.git/blob - bsd/netinet/ip_id.c
1 /* $OpenBSD: ip_id.c,v 1.2 1999/08/26 13:37:01 provos Exp $ */
4 * Copyright 1998 Niels Provos <provos@citi.umich.edu>
7 * Theo de Raadt <deraadt@openbsd.org> came up with the idea of using
8 * such a mathematical system to generate more random (yet non-repeating)
9 * ids to solve the resolver/named problem. But Niels designed the
10 * actual system based on the constraints.
12 * Redistribution and use in source and binary forms, with or without
13 * modification, are permitted provided that the following conditions
15 * 1. Redistributions of source code must retain the above copyright
16 * notice, this list of conditions and the following disclaimer.
17 * 2. Redistributions in binary form must reproduce the above copyright
18 * notice, this list of conditions and the following disclaimer in the
19 * documentation and/or other materials provided with the distribution.
20 * 3. All advertising materials mentioning features or use of this software
21 * must display the following acknowledgement:
22 * This product includes software developed by Niels Provos.
23 * 4. The name of the author may not be used to endorse or promote products
24 * derived from this software without specific prior written permission.
26 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
27 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
28 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
29 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
30 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
31 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
32 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
33 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
34 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
35 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
37 * $FreeBSD: src/sys/netinet/ip_id.c,v 1.1.2.1 2001/07/19 06:37:26 kris Exp $
42 * n = prime, g0 = generator to n,
43 * j = random so that gcd(j,n-1) == 1
44 * g = g0^j mod n will be a generator again.
47 * X[n] = a*X[n-1]+b mod m is a Linear Congruential Generator
48 * with a = 7^(even random) mod m,
49 * b = random with gcd(b,m) == 1
50 * m = 31104 and a maximal period of m-1.
52 * The transaction id is determined by:
53 * id[n] = seed xor (g^X[n] mod n)
55 * Effectivly the id is restricted to the lower 15 bits, thus
56 * yielding two different cycles by toggling the msb on and off.
57 * This avoids reuse issues caused by reseeding.
60 #include "opt_random_ip_id.h"
61 #include <sys/param.h>
63 #include <sys/kernel.h>
64 #include <sys/random.h>
67 #define RU_OUT 180 /* Time after wich will be reseeded */
68 #define RU_MAX 30000 /* Uniq cycle, avoid blackjack prediction */
69 #define RU_GEN 2 /* Starting generator */
70 #define RU_N 32749 /* RU_N-1 = 2*2*3*2729 */
71 #define RU_AGEN 7 /* determine ru_a as RU_AGEN^(2*rand) */
72 #define RU_M 31104 /* RU_M = 2^7*3^5 - don't change */
75 const static u_int16_t pfacts
[PFAC_N
] = {
81 static u_int16_t ru_x
;
82 static u_int16_t ru_seed
, ru_seed2
;
83 static u_int16_t ru_a
, ru_b
;
84 static u_int16_t ru_g
;
85 static u_int16_t ru_counter
= 0;
86 static u_int16_t ru_msb
= 0;
87 static long ru_reseed
;
88 static u_int32_t tmp
; /* Storage for unused random */
90 static u_int16_t
pmod(u_int16_t
, u_int16_t
, u_int16_t
);
91 static void ip_initid(void);
92 u_int16_t
ip_randomid(void);
95 * Do a fast modular exponation, returned value will be in the range
101 pmod(u_int16_t gen
, u_int16_t exp
, u_int16_t mod
)
105 u_int16_t gen
, exp
, mod
;
124 * Initalizes the seed and chooses a suitable generator. Also toggles
125 * the msb flag. The msb flag is used to generate two distinct
126 * cycles of random numbers and thus avoiding reuse of ids.
128 * This function is called from id_randomid() when needed, an
129 * application does not have to worry about it.
138 getmicrouptime(&time
);
139 read_random((void *) &tmp
, sizeof(tmp
));
140 ru_x
= (tmp
& 0xFFFF) % RU_M
;
142 /* 15 bits of random seed */
143 ru_seed
= (tmp
>> 16) & 0x7FFF;
144 read_random((void *) &tmp
, sizeof(tmp
));
145 ru_seed2
= tmp
& 0x7FFF;
147 read_random((void *) &tmp
, sizeof(tmp
));
149 /* Determine the LCG we use */
150 ru_b
= (tmp
& 0xfffe) | 1;
151 ru_a
= pmod(RU_AGEN
, (tmp
>> 16) & 0xfffe, RU_M
);
152 while (ru_b
% 3 == 0)
155 read_random((void *) &tmp
, sizeof(tmp
));
160 * Do a fast gcd(j,RU_N-1), so we can find a j with
161 * gcd(j, RU_N-1) == 1, giving a new generator for
166 for (i
=0; i
<PFAC_N
; i
++)
167 if (j%pfacts
[i
] == 0)
176 ru_g
= pmod(RU_GEN
,j
,RU_N
);
179 ru_reseed
= time
.tv_sec
+ RU_OUT
;
180 ru_msb
= ru_msb
== 0x8000 ? 0 : 0x8000;
189 getmicrouptime(&time
);
190 if (ru_counter
>= RU_MAX
|| time
.tv_sec
> ru_reseed
)
194 read_random((void *) &tmp
, sizeof(tmp
));
196 /* Skip a random number of ids */
197 n
= tmp
& 0x3; tmp
= tmp
>> 2;
198 if (ru_counter
+ n
>= RU_MAX
)
201 for (i
= 0; i
<= n
; i
++)
202 /* Linear Congruential Generator */
203 ru_x
= (ru_a
*ru_x
+ ru_b
) % RU_M
;
207 return (ru_seed
^ pmod(ru_g
,ru_seed2
^ ru_x
,RU_N
)) | ru_msb
;
210 #endif /* RANDOM_IP_ID */