summaryrefslogtreecommitdiff
path: root/include/linux/siphash.h
diff options
context:
space:
mode:
authorEric Dumazet <edumazet@google.com>2019-03-27 22:40:33 +0300
committerDavid S. Miller <davem@davemloft.net>2019-03-28 00:29:26 +0300
commitdf453700e8d81b1bdafdf684365ee2b9431fb702 (patch)
treecb7ea20a23956471c8362fd5d687822fd3ecc5cf /include/linux/siphash.h
parent180a8c3d5dad5862b2f19727b363069bfecb26d8 (diff)
downloadlinux-df453700e8d81b1bdafdf684365ee2b9431fb702.tar.xz
inet: switch IP ID generator to siphash
According to Amit Klein and Benny Pinkas, IP ID generation is too weak and might be used by attackers. Even with recent net_hash_mix() fix (netns: provide pure entropy for net_hash_mix()) having 64bit key and Jenkins hash is risky. It is time to switch to siphash and its 128bit keys. Signed-off-by: Eric Dumazet <edumazet@google.com> Reported-by: Amit Klein <aksecurity@gmail.com> Reported-by: Benny Pinkas <benny@pinkas.net> Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'include/linux/siphash.h')
-rw-r--r--include/linux/siphash.h5
1 files changed, 5 insertions, 0 deletions
diff --git a/include/linux/siphash.h b/include/linux/siphash.h
index fa7a6b9cedbf..bf21591a9e5e 100644
--- a/include/linux/siphash.h
+++ b/include/linux/siphash.h
@@ -21,6 +21,11 @@ typedef struct {
u64 key[2];
} siphash_key_t;
+static inline bool siphash_key_is_zero(const siphash_key_t *key)
+{
+ return !(key->key[0] | key->key[1]);
+}
+
u64 __siphash_aligned(const void *data, size_t len, const siphash_key_t *key);
#ifndef CONFIG_HAVE_EFFICIENT_UNALIGNED_ACCESS
u64 __siphash_unaligned(const void *data, size_t len, const siphash_key_t *key);