2014-08-28 07:23:58 +02:00
|
|
|
## @file
|
|
|
|
|
# TCPv4 I/O and TCPv6 I/O services.
|
2010-11-01 07:13:54 +01:00
|
|
|
#
|
2014-08-28 07:23:58 +02:00
|
|
|
# This module provides EFI TCPv4 Protocol and EFI TCPv6 Protocol to send and receive data stream.
|
2018-09-25 05:36:09 +02:00
|
|
|
# It might provide TCPv4 Protocol or TCPv6 Protocol or both of them that depends on which network
|
|
|
|
|
# stack has been loaded in system. This driver supports both IPv4 and IPv6 network stack.
|
2014-08-28 07:23:58 +02:00
|
|
|
#
|
2018-06-27 15:12:32 +02:00
|
|
|
# Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.<BR>
|
NetworkPkg TcpDxe: SECURITY PATCH CVE-2023-45236
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4541
REF: https://www.rfc-editor.org/rfc/rfc1948.txt
REF: https://www.rfc-editor.org/rfc/rfc6528.txt
REF: https://www.rfc-editor.org/rfc/rfc9293.txt
Bug Overview:
PixieFail Bug #8
CVE-2023-45236
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
Updates TCP ISN generation to use a cryptographic hash of the
connection's identifying parameters and a secret key.
This prevents an attacker from guessing the ISN used for some other
connection.
This is follows the guidance in RFC 1948, RFC 6528, and RFC 9293.
RFC: 9293 Section 3.4.1. Initial Sequence Number Selection
A TCP implementation MUST use the above type of "clock" for clock-
driven selection of initial sequence numbers (MUST-8), and SHOULD
generate its initial sequence numbers with the expression:
ISN = M + F(localip, localport, remoteip, remoteport, secretkey)
where M is the 4 microsecond timer, and F() is a pseudorandom
function (PRF) of the connection's identifying parameters ("localip,
localport, remoteip, remoteport") and a secret key ("secretkey")
(SHLD-1). F() MUST NOT be computable from the outside (MUST-9), or
an attacker could still guess at sequence numbers from the ISN used
for some other connection. The PRF could be implemented as a
cryptographic hash of the concatenation of the TCP connection
parameters and some secret data. For discussion of the selection of
a specific hash algorithm and management of the secret key data,
please see Section 3 of [42].
For each connection there is a send sequence number and a receive
sequence number. The initial send sequence number (ISS) is chosen by
the data sending TCP peer, and the initial receive sequence number
(IRS) is learned during the connection-establishing procedure.
For a connection to be established or initialized, the two TCP peers
must synchronize on each other's initial sequence numbers. This is
done in an exchange of connection-establishing segments carrying a
control bit called "SYN" (for synchronize) and the initial sequence
numbers. As a shorthand, segments carrying the SYN bit are also
called "SYNs". Hence, the solution requires a suitable mechanism for
picking an initial sequence number and a slightly involved handshake
to exchange the ISNs.
Cc: Saloni Kasbekar <saloni.kasbekar@intel.com>
Cc: Zachary Clark-williams <zachary.clark-williams@intel.com>
Signed-off-by: Doug Flick [MSFT] <doug.edk2@gmail.com>
Reviewed-by: Saloni Kasbekar <saloni.kasbekar@intel.com>
2024-05-09 07:56:29 +02:00
|
|
|
# Copyright (c) Microsoft Corporation
|
2010-11-01 07:13:54 +01:00
|
|
|
#
|
2019-04-04 01:06:13 +02:00
|
|
|
# SPDX-License-Identifier: BSD-2-Clause-Patent
|
2010-11-01 07:13:54 +01:00
|
|
|
#
|
|
|
|
|
##
|
|
|
|
|
|
|
|
|
|
[Defines]
|
|
|
|
|
INF_VERSION = 0x00010005
|
|
|
|
|
BASE_NAME = TcpDxe
|
|
|
|
|
FILE_GUID = 1A7E4468-2F55-4a56-903C-01265EB7622B
|
|
|
|
|
MODULE_TYPE = UEFI_DRIVER
|
|
|
|
|
VERSION_STRING = 1.0
|
|
|
|
|
ENTRY_POINT = TcpDriverEntryPoint
|
|
|
|
|
UNLOAD_IMAGE = NetLibDefaultUnload
|
2014-08-28 07:23:58 +02:00
|
|
|
MODULE_UNI_FILE = TcpDxe.uni
|
2010-11-01 07:13:54 +01:00
|
|
|
|
|
|
|
|
#
|
|
|
|
|
# The following information is for reference only and not required by the build tools.
|
|
|
|
|
#
|
2018-06-29 05:28:12 +02:00
|
|
|
# VALID_ARCHITECTURES = IA32 X64 EBC
|
2010-11-01 07:13:54 +01:00
|
|
|
#
|
|
|
|
|
|
|
|
|
|
[Sources]
|
|
|
|
|
TcpDriver.c
|
|
|
|
|
SockImpl.c
|
|
|
|
|
SockInterface.c
|
|
|
|
|
TcpDispatcher.c
|
|
|
|
|
TcpOutput.c
|
|
|
|
|
TcpMain.c
|
|
|
|
|
SockImpl.h
|
|
|
|
|
TcpMisc.c
|
|
|
|
|
TcpProto.h
|
|
|
|
|
TcpOption.c
|
|
|
|
|
TcpInput.c
|
|
|
|
|
TcpFunc.h
|
|
|
|
|
TcpOption.h
|
|
|
|
|
TcpTimer.c
|
|
|
|
|
TcpMain.h
|
|
|
|
|
Socket.h
|
|
|
|
|
ComponentName.c
|
|
|
|
|
TcpIo.c
|
|
|
|
|
TcpDriver.h
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
[Packages]
|
|
|
|
|
MdePkg/MdePkg.dec
|
2019-05-15 14:02:19 +02:00
|
|
|
NetworkPkg/NetworkPkg.dec
|
2010-11-01 07:13:54 +01:00
|
|
|
|
|
|
|
|
|
|
|
|
|
[LibraryClasses]
|
|
|
|
|
BaseLib
|
|
|
|
|
BaseMemoryLib
|
|
|
|
|
DevicePathLib
|
|
|
|
|
DebugLib
|
|
|
|
|
MemoryAllocationLib
|
|
|
|
|
UefiLib
|
|
|
|
|
UefiBootServicesTableLib
|
|
|
|
|
UefiDriverEntryPoint
|
|
|
|
|
UefiRuntimeServicesTableLib
|
|
|
|
|
DpcLib
|
|
|
|
|
NetLib
|
|
|
|
|
IpIoLib
|
|
|
|
|
|
|
|
|
|
[Protocols]
|
2014-08-28 07:23:58 +02:00
|
|
|
## SOMETIMES_CONSUMES
|
|
|
|
|
## SOMETIMES_PRODUCES
|
|
|
|
|
gEfiDevicePathProtocolGuid
|
|
|
|
|
gEfiIp4ProtocolGuid ## TO_START
|
|
|
|
|
gEfiIp4ServiceBindingProtocolGuid ## TO_START
|
|
|
|
|
gEfiTcp4ProtocolGuid ## BY_START
|
|
|
|
|
gEfiTcp4ServiceBindingProtocolGuid ## BY_START
|
|
|
|
|
gEfiIp6ProtocolGuid ## TO_START
|
|
|
|
|
gEfiIp6ServiceBindingProtocolGuid ## TO_START
|
|
|
|
|
gEfiTcp6ProtocolGuid ## BY_START
|
|
|
|
|
gEfiTcp6ServiceBindingProtocolGuid ## BY_START
|
NetworkPkg TcpDxe: SECURITY PATCH CVE-2023-45236
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4541
REF: https://www.rfc-editor.org/rfc/rfc1948.txt
REF: https://www.rfc-editor.org/rfc/rfc6528.txt
REF: https://www.rfc-editor.org/rfc/rfc9293.txt
Bug Overview:
PixieFail Bug #8
CVE-2023-45236
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
Updates TCP ISN generation to use a cryptographic hash of the
connection's identifying parameters and a secret key.
This prevents an attacker from guessing the ISN used for some other
connection.
This is follows the guidance in RFC 1948, RFC 6528, and RFC 9293.
RFC: 9293 Section 3.4.1. Initial Sequence Number Selection
A TCP implementation MUST use the above type of "clock" for clock-
driven selection of initial sequence numbers (MUST-8), and SHOULD
generate its initial sequence numbers with the expression:
ISN = M + F(localip, localport, remoteip, remoteport, secretkey)
where M is the 4 microsecond timer, and F() is a pseudorandom
function (PRF) of the connection's identifying parameters ("localip,
localport, remoteip, remoteport") and a secret key ("secretkey")
(SHLD-1). F() MUST NOT be computable from the outside (MUST-9), or
an attacker could still guess at sequence numbers from the ISN used
for some other connection. The PRF could be implemented as a
cryptographic hash of the concatenation of the TCP connection
parameters and some secret data. For discussion of the selection of
a specific hash algorithm and management of the secret key data,
please see Section 3 of [42].
For each connection there is a send sequence number and a receive
sequence number. The initial send sequence number (ISS) is chosen by
the data sending TCP peer, and the initial receive sequence number
(IRS) is learned during the connection-establishing procedure.
For a connection to be established or initialized, the two TCP peers
must synchronize on each other's initial sequence numbers. This is
done in an exchange of connection-establishing segments carrying a
control bit called "SYN" (for synchronize) and the initial sequence
numbers. As a shorthand, segments carrying the SYN bit are also
called "SYNs". Hence, the solution requires a suitable mechanism for
picking an initial sequence number and a slightly involved handshake
to exchange the ISNs.
Cc: Saloni Kasbekar <saloni.kasbekar@intel.com>
Cc: Zachary Clark-williams <zachary.clark-williams@intel.com>
Signed-off-by: Doug Flick [MSFT] <doug.edk2@gmail.com>
Reviewed-by: Saloni Kasbekar <saloni.kasbekar@intel.com>
2024-05-09 07:56:29 +02:00
|
|
|
gEfiHash2ProtocolGuid ## BY_START
|
|
|
|
|
gEfiHash2ServiceBindingProtocolGuid ## BY_START
|
|
|
|
|
|
|
|
|
|
[Guids]
|
|
|
|
|
gEfiHashAlgorithmMD5Guid ## CONSUMES
|
|
|
|
|
gEfiHashAlgorithmSha256Guid ## CONSUMES
|
2010-11-01 07:13:54 +01:00
|
|
|
|
2024-05-09 07:56:28 +02:00
|
|
|
[Depex]
|
|
|
|
|
gEfiHash2ServiceBindingProtocolGuid
|
|
|
|
|
|
2014-08-28 07:23:58 +02:00
|
|
|
[UserExtensions.TianoCore."ExtraFiles"]
|
|
|
|
|
TcpDxeExtra.uni
|
