AK: Use secure SipHash-4-8 for IP addresses

Routing tables formed with IP address hashes should be DoS-resistant.
This commit is contained in:
kleines Filmröllchen 2023-09-21 12:22:05 +02:00 committed by Ali Mohammad Pur
parent 9a026fc8d5
commit 4cefb02324
Notes: sideshowbarker 2024-07-17 06:51:10 +09:00
2 changed files with 4 additions and 13 deletions

View file

@ -9,6 +9,7 @@
#include <AK/Endian.h> #include <AK/Endian.h>
#include <AK/Format.h> #include <AK/Format.h>
#include <AK/Optional.h> #include <AK/Optional.h>
#include <AK/SipHash.h>
#include <AK/StringView.h> #include <AK/StringView.h>
#include <AK/Vector.h> #include <AK/Vector.h>
@ -162,7 +163,7 @@ static_assert(sizeof(IPv4Address) == 4);
template<> template<>
struct Traits<IPv4Address> : public GenericTraits<IPv4Address> { struct Traits<IPv4Address> : public GenericTraits<IPv4Address> {
static constexpr unsigned hash(IPv4Address const& address) { return int_hash(address.to_u32()); } static unsigned hash(IPv4Address const& address) { return secure_sip_hash(static_cast<u64>(address.to_u32())); }
}; };
#ifdef KERNEL #ifdef KERNEL

View file

@ -270,18 +270,8 @@ static_assert(sizeof(IPv6Address) == 16);
template<> template<>
struct Traits<IPv6Address> : public GenericTraits<IPv6Address> { struct Traits<IPv6Address> : public GenericTraits<IPv6Address> {
static constexpr unsigned hash(IPv6Address const& address) // SipHash-4-8 is considered conservatively secure, even if not cryptographically secure.
{ static unsigned hash(IPv6Address const& address) { return sip_hash_bytes<4, 8>({ &address.to_in6_addr_t(), sizeof(address.to_in6_addr_t()) }); }
unsigned h = 0;
for (int group = 0; group < 8; group += 2) {
u32 two_groups = ((u32)address[group] << 16) | (u32)address[group + 1];
if (group == 0)
h = int_hash(two_groups);
else
h = pair_int_hash(h, two_groups);
}
return h;
}
}; };
#ifdef KERNEL #ifdef KERNEL