tyler.durden/audk
1
0
Fork 0
mirror of https://github.com/acidanthera/audk.git synced 2025-04-08 17:05:09 +02:00
Code Issues Packages Projects Releases Wiki Activity
audk/NetworkPkg/TcpDxe/TcpDxe.inf
Doug Flick 1904a64bcc NetworkPkg TcpDxe: SECURITY PATCH CVE-2023-45236 
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4541
REF: https://www.rfc-editor.org/rfc/rfc1948.txt
REF: https://www.rfc-editor.org/rfc/rfc6528.txt
REF: https://www.rfc-editor.org/rfc/rfc9293.txt

Bug Overview:
PixieFail Bug #8
CVE-2023-45236
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

Updates TCP ISN generation to use a cryptographic hash of the
connection's identifying parameters and a secret key.
This prevents an attacker from guessing the ISN used for some other
connection.

This is follows the guidance in RFC 1948, RFC 6528, and RFC 9293.

RFC: 9293 Section 3.4.1.  Initial Sequence Number Selection

   A TCP implementation MUST use the above type of "clock" for clock-
   driven selection of initial sequence numbers (MUST-8), and SHOULD
   generate its initial sequence numbers with the expression:

   ISN = M + F(localip, localport, remoteip, remoteport, secretkey)

   where M is the 4 microsecond timer, and F() is a pseudorandom
   function (PRF) of the connection's identifying parameters ("localip,
   localport, remoteip, remoteport") and a secret key ("secretkey")
   (SHLD-1).  F() MUST NOT be computable from the outside (MUST-9), or
   an attacker could still guess at sequence numbers from the ISN used
   for some other connection.  The PRF could be implemented as a
   cryptographic hash of the concatenation of the TCP connection
   parameters and some secret data.  For discussion of the selection of
   a specific hash algorithm and management of the secret key data,
   please see Section 3 of [42].

   For each connection there is a send sequence number and a receive
   sequence number.  The initial send sequence number (ISS) is chosen by
   the data sending TCP peer, and the initial receive sequence number
   (IRS) is learned during the connection-establishing procedure.

   For a connection to be established or initialized, the two TCP peers
   must synchronize on each other's initial sequence numbers.  This is
   done in an exchange of connection-establishing segments carrying a
   control bit called "SYN" (for synchronize) and the initial sequence
   numbers.  As a shorthand, segments carrying the SYN bit are also
   called "SYNs".  Hence, the solution requires a suitable mechanism for
   picking an initial sequence number and a slightly involved handshake
   to exchange the ISNs.

Cc: Saloni Kasbekar <saloni.kasbekar@intel.com>
Cc: Zachary Clark-williams <zachary.clark-williams@intel.com>

Signed-off-by: Doug Flick [MSFT] <doug.edk2@gmail.com>
Reviewed-by: Saloni Kasbekar <saloni.kasbekar@intel.com>
2024-05-24 15:48:52 +00:00

96 lines
2.6 KiB
INI
Raw Permalink Blame History

## @file
# TCPv4 I/O and TCPv6 I/O services.
#
# This module provides EFI TCPv4 Protocol and EFI TCPv6 Protocol to send and receive data stream.
# It might provide TCPv4 Protocol or TCPv6 Protocol or both of them that depends on which network
# stack has been loaded in system. This driver supports both IPv4 and IPv6 network stack.
#
# Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.<BR>
# Copyright (c) Microsoft Corporation
#
# SPDX-License-Identifier: BSD-2-Clause-Patent
#
##
[Defines]
INF_VERSION = 0x00010005
BASE_NAME = TcpDxe
FILE_GUID = 1A7E4468-2F55-4a56-903C-01265EB7622B
MODULE_TYPE = UEFI_DRIVER
VERSION_STRING = 1.0
ENTRY_POINT = TcpDriverEntryPoint
UNLOAD_IMAGE = NetLibDefaultUnload
MODULE_UNI_FILE = TcpDxe.uni
#
# The following information is for reference only and not required by the build tools.
#
# VALID_ARCHITECTURES = IA32 X64 EBC
#
[Sources]
TcpDriver.c
SockImpl.c
SockInterface.c
TcpDispatcher.c
TcpOutput.c
TcpMain.c
SockImpl.h
TcpMisc.c
TcpProto.h
TcpOption.c
TcpInput.c
TcpFunc.h
TcpOption.h
TcpTimer.c
TcpMain.h
Socket.h
ComponentName.c
TcpIo.c
TcpDriver.h
[Packages]
MdePkg/MdePkg.dec
NetworkPkg/NetworkPkg.dec
[LibraryClasses]
BaseLib
BaseMemoryLib
DevicePathLib
DebugLib
MemoryAllocationLib
UefiLib
UefiBootServicesTableLib
UefiDriverEntryPoint
UefiRuntimeServicesTableLib
DpcLib
NetLib
IpIoLib
[Protocols]
## SOMETIMES_CONSUMES
## SOMETIMES_PRODUCES
gEfiDevicePathProtocolGuid
gEfiIp4ProtocolGuid ## TO_START
gEfiIp4ServiceBindingProtocolGuid ## TO_START
gEfiTcp4ProtocolGuid ## BY_START
gEfiTcp4ServiceBindingProtocolGuid ## BY_START
gEfiIp6ProtocolGuid ## TO_START
gEfiIp6ServiceBindingProtocolGuid ## TO_START
gEfiTcp6ProtocolGuid ## BY_START
gEfiTcp6ServiceBindingProtocolGuid ## BY_START
gEfiHash2ProtocolGuid ## BY_START
gEfiHash2ServiceBindingProtocolGuid ## BY_START
[Guids]
gEfiHashAlgorithmMD5Guid ## CONSUMES
gEfiHashAlgorithmSha256Guid ## CONSUMES
[Depex]
gEfiHash2ServiceBindingProtocolGuid
[UserExtensions.TianoCore."ExtraFiles"]
TcpDxeExtra.uni
Reference in New Issue View Git Blame Copy Permalink