r1411 - cpu/x86/pc/olpc/via ofw/inet - openfirmware

10 Oct 2009

Author: wmb
Date: 2009-10-10 01:43:00 +0200 (Sat, 10 Oct 2009)
New Revision: 1411
Modified:
   cpu/x86/pc/olpc/via/fw.bth
   cpu/x86/pc/olpc/via/padlock.fth
   ofw/inet/tcp.fth
Log:
Via - randomize TCP sequence number.
Modified: cpu/x86/pc/olpc/via/fw.bth
===================================================================

--- cpu/x86/pc/olpc/via/fw.bth	2009-10-09 23:36:03 UTC (rev 1410)
+++ cpu/x86/pc/olpc/via/fw.bth	2009-10-09 23:43:00 UTC (rev 1411)
@@ -451,6 +451,8 @@
fload ${BP}/forth/lib/selstr.fth
+fload ${BP}/cpu/x86/pc/olpc/via/padlock.fth   \ Via security engine
+
 fload ${BP}/ofw/inet/loadtcp.fth
support-package: http
@@ -481,7 +483,6 @@
 fload ${BP}/cpu/x86/pc/olpc/nandcastui.fth
 fload ${BP}/cpu/x86/pc/olpc/wifichannel.fth
 [then]
-fload ${BP}/cpu/x86/pc/olpc/via/padlock.fth   \ Via security engine
 fload ${BP}/cpu/x86/pc/olpc/via/fsupdate.fth
 fload ${BP}/cpu/x86/pc/olpc/via/fsverify.fth
 devalias fsdisk int:0
Modified: cpu/x86/pc/olpc/via/padlock.fth
===================================================================
--- cpu/x86/pc/olpc/via/padlock.fth	2009-10-09 23:36:03 UTC (rev 1410)
+++ cpu/x86/pc/olpc/via/padlock.fth	2009-10-09 23:43:00 UTC (rev 1411)
@@ -2,7 +2,7 @@
: enable-padlock  ( -- )  cr4@ h# 200 or cr4!  ;  \ SSE enable
-code random-bytes  ( adr len -- )
+code random-bytes  ( adr len -- )  \ The buffer at adr must be at least 8 bytes long
    cr4 ebx mov  ebx eax mov  h# 200 # eax or  eax cr4 mov
    cx pop
    0 [sp] di xchg
@@ -12,6 +12,7 @@
       ax cx sub
    0= until
    0 [sp] di xchg
+   ax pop
    ebx cr4 mov
 c;
 code random-byte  ( -- n )
@@ -27,6 +28,7 @@
    cx di mov
    ebx cr4 mov
 c;
+: random-long  ( -- l )  0 0 sp@ 4 random-bytes  nip  ;
create sha256-constants
 h# 6A09E667 , h# BB67AE85 , h# 3C6EF372 , h# A54FF53A ,
Modified: ofw/inet/tcp.fth
===================================================================
--- ofw/inet/tcp.fth	2009-10-09 23:36:03 UTC (rev 1410)
+++ ofw/inet/tcp.fth	2009-10-09 23:43:00 UTC (rev 1411)
@@ -1390,8 +1390,12 @@
 ;
: next-iss  ( -- )
+[ifdef] random-long
+   random-long to iss
+[else]
    tcp_iss to iss
    issincr 2/  tcp_iss +  to tcp_iss
+[then]
 ;
: do-syn-sent?  ( -- done? )

    