diff options
author | Matt Domsch <Matt_Domsch@dell.com> | 2005-11-08 12:40:47 -0500 |
---|---|---|
committer | David S. Miller <davem@davemloft.net> | 2005-11-08 12:40:47 -0500 |
commit | b3f9b92a6ec1a9a5e4b4b36e484f2f62cc73277c (patch) | |
tree | 7ca8e019573362620638e14e32bb519770ee6945 /drivers/net | |
parent | 6722e78c90054101e6797d5944cdc81af9897a0a (diff) |
[PPP]: add PPP MPPE encryption module
From: Matt Domsch <Matt_Domsch@dell.com>
The patch below implements the Microsoft Point-to-Point Encryption method
as a PPP compressor/decompressor. This is necessary for Linux clients and
servers to interoperate with Microsoft Point-to-Point Tunneling Protocol
(PPTP) servers (either Microsoft PPTP servers or the poptop project) which
use MPPE to encrypt data when creating a VPN.
This patch differs from the kernel_ppp_mppe DKMS pacakge at
pptpclient.sourceforge.net by utilizing the kernel crypto routines rather
than providing its own SHA1 and arcfour implementations.
Minor changes to ppp_generic.c try to prevent a link from disabling
compression (in our case, the encryption) after it has started using
compression (encryption).
Feedback to <pptpclient-devel@lists.sourceforge.net> please.
Signed-off-by: Matt Domsch <Matt_Domsch@dell.com>
Cc: James Cameron <james.cameron@hp.com>
Cc: "David S. Miller" <davem@davemloft.net>
Signed-off-by: Brice Goglin <Brice.Goglin@ens-lyon.org>
Acked-by: Paul Mackerras <paulus@samba.org>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'drivers/net')
-rw-r--r-- | drivers/net/Kconfig | 13 | ||||
-rw-r--r-- | drivers/net/Makefile | 1 | ||||
-rw-r--r-- | drivers/net/ppp_generic.c | 88 | ||||
-rw-r--r-- | drivers/net/ppp_mppe.c | 724 | ||||
-rw-r--r-- | drivers/net/ppp_mppe.h | 86 |
5 files changed, 888 insertions, 24 deletions
diff --git a/drivers/net/Kconfig b/drivers/net/Kconfig index 1958d9e16a3a..24f1691b84f9 100644 --- a/drivers/net/Kconfig +++ b/drivers/net/Kconfig | |||
@@ -2523,6 +2523,19 @@ config PPP_BSDCOMP | |||
2523 | module; it is called bsd_comp and will show up in the directory | 2523 | module; it is called bsd_comp and will show up in the directory |
2524 | modules once you have said "make modules". If unsure, say N. | 2524 | modules once you have said "make modules". If unsure, say N. |
2525 | 2525 | ||
2526 | config PPP_MPPE | ||
2527 | tristate "PPP MPPE compression (encryption) (EXPERIMENTAL)" | ||
2528 | depends on PPP && EXPERIMENTAL | ||
2529 | select CRYPTO | ||
2530 | select CRYPTO_SHA1 | ||
2531 | select CRYPTO_ARC4 | ||
2532 | ---help--- | ||
2533 | Support for the MPPE Encryption protocol, as employed by the | ||
2534 | Microsoft Point-to-Point Tunneling Protocol. | ||
2535 | |||
2536 | See http://pptpclient.sourceforge.net/ for information on | ||
2537 | configuring PPTP clients and servers to utilize this method. | ||
2538 | |||
2526 | config PPPOE | 2539 | config PPPOE |
2527 | tristate "PPP over Ethernet (EXPERIMENTAL)" | 2540 | tristate "PPP over Ethernet (EXPERIMENTAL)" |
2528 | depends on EXPERIMENTAL && PPP | 2541 | depends on EXPERIMENTAL && PPP |
diff --git a/drivers/net/Makefile b/drivers/net/Makefile index 7c313cb341b8..4cffd34442aa 100644 --- a/drivers/net/Makefile +++ b/drivers/net/Makefile | |||
@@ -112,6 +112,7 @@ obj-$(CONFIG_PPP_ASYNC) += ppp_async.o | |||
112 | obj-$(CONFIG_PPP_SYNC_TTY) += ppp_synctty.o | 112 | obj-$(CONFIG_PPP_SYNC_TTY) += ppp_synctty.o |
113 | obj-$(CONFIG_PPP_DEFLATE) += ppp_deflate.o | 113 | obj-$(CONFIG_PPP_DEFLATE) += ppp_deflate.o |
114 | obj-$(CONFIG_PPP_BSDCOMP) += bsd_comp.o | 114 | obj-$(CONFIG_PPP_BSDCOMP) += bsd_comp.o |
115 | obj-$(CONFIG_PPP_MPPE) += ppp_mppe.o | ||
115 | obj-$(CONFIG_PPPOE) += pppox.o pppoe.o | 116 | obj-$(CONFIG_PPPOE) += pppox.o pppoe.o |
116 | 117 | ||
117 | obj-$(CONFIG_SLIP) += slip.o | 118 | obj-$(CONFIG_SLIP) += slip.o |
diff --git a/drivers/net/ppp_generic.c b/drivers/net/ppp_generic.c index d3c9958b00d0..50430f79f8cf 100644 --- a/drivers/net/ppp_generic.c +++ b/drivers/net/ppp_generic.c | |||
@@ -137,13 +137,14 @@ struct ppp { | |||
137 | 137 | ||
138 | /* | 138 | /* |
139 | * Bits in flags: SC_NO_TCP_CCID, SC_CCP_OPEN, SC_CCP_UP, SC_LOOP_TRAFFIC, | 139 | * Bits in flags: SC_NO_TCP_CCID, SC_CCP_OPEN, SC_CCP_UP, SC_LOOP_TRAFFIC, |
140 | * SC_MULTILINK, SC_MP_SHORTSEQ, SC_MP_XSHORTSEQ, SC_COMP_TCP, SC_REJ_COMP_TCP. | 140 | * SC_MULTILINK, SC_MP_SHORTSEQ, SC_MP_XSHORTSEQ, SC_COMP_TCP, SC_REJ_COMP_TCP, |
141 | * SC_MUST_COMP | ||
141 | * Bits in rstate: SC_DECOMP_RUN, SC_DC_ERROR, SC_DC_FERROR. | 142 | * Bits in rstate: SC_DECOMP_RUN, SC_DC_ERROR, SC_DC_FERROR. |
142 | * Bits in xstate: SC_COMP_RUN | 143 | * Bits in xstate: SC_COMP_RUN |
143 | */ | 144 | */ |
144 | #define SC_FLAG_BITS (SC_NO_TCP_CCID|SC_CCP_OPEN|SC_CCP_UP|SC_LOOP_TRAFFIC \ | 145 | #define SC_FLAG_BITS (SC_NO_TCP_CCID|SC_CCP_OPEN|SC_CCP_UP|SC_LOOP_TRAFFIC \ |
145 | |SC_MULTILINK|SC_MP_SHORTSEQ|SC_MP_XSHORTSEQ \ | 146 | |SC_MULTILINK|SC_MP_SHORTSEQ|SC_MP_XSHORTSEQ \ |
146 | |SC_COMP_TCP|SC_REJ_COMP_TCP) | 147 | |SC_COMP_TCP|SC_REJ_COMP_TCP|SC_MUST_COMP) |
147 | 148 | ||
148 | /* | 149 | /* |
149 | * Private data structure for each channel. | 150 | * Private data structure for each channel. |
@@ -1027,6 +1028,56 @@ ppp_xmit_process(struct ppp *ppp) | |||
1027 | ppp_xmit_unlock(ppp); | 1028 | ppp_xmit_unlock(ppp); |
1028 | } | 1029 | } |
1029 | 1030 | ||
1031 | static inline struct sk_buff * | ||
1032 | pad_compress_skb(struct ppp *ppp, struct sk_buff *skb) | ||
1033 | { | ||
1034 | struct sk_buff *new_skb; | ||
1035 | int len; | ||
1036 | int new_skb_size = ppp->dev->mtu + | ||
1037 | ppp->xcomp->comp_extra + ppp->dev->hard_header_len; | ||
1038 | int compressor_skb_size = ppp->dev->mtu + | ||
1039 | ppp->xcomp->comp_extra + PPP_HDRLEN; | ||
1040 | new_skb = alloc_skb(new_skb_size, GFP_ATOMIC); | ||
1041 | if (!new_skb) { | ||
1042 | if (net_ratelimit()) | ||
1043 | printk(KERN_ERR "PPP: no memory (comp pkt)\n"); | ||
1044 | return NULL; | ||
1045 | } | ||
1046 | if (ppp->dev->hard_header_len > PPP_HDRLEN) | ||
1047 | skb_reserve(new_skb, | ||
1048 | ppp->dev->hard_header_len - PPP_HDRLEN); | ||
1049 | |||
1050 | /* compressor still expects A/C bytes in hdr */ | ||
1051 | len = ppp->xcomp->compress(ppp->xc_state, skb->data - 2, | ||
1052 | new_skb->data, skb->len + 2, | ||
1053 | compressor_skb_size); | ||
1054 | if (len > 0 && (ppp->flags & SC_CCP_UP)) { | ||
1055 | kfree_skb(skb); | ||
1056 | skb = new_skb; | ||
1057 | skb_put(skb, len); | ||
1058 | skb_pull(skb, 2); /* pull off A/C bytes */ | ||
1059 | } else if (len == 0) { | ||
1060 | /* didn't compress, or CCP not up yet */ | ||
1061 | kfree_skb(new_skb); | ||
1062 | new_skb = skb; | ||
1063 | } else { | ||
1064 | /* | ||
1065 | * (len < 0) | ||
1066 | * MPPE requires that we do not send unencrypted | ||
1067 | * frames. The compressor will return -1 if we | ||
1068 | * should drop the frame. We cannot simply test | ||
1069 | * the compress_proto because MPPE and MPPC share | ||
1070 | * the same number. | ||
1071 | */ | ||
1072 | if (net_ratelimit()) | ||
1073 | printk(KERN_ERR "ppp: compressor dropped pkt\n"); | ||
1074 | kfree_skb(skb); | ||
1075 | kfree_skb(new_skb); | ||
1076 | new_skb = NULL; | ||
1077 | } | ||
1078 | return new_skb; | ||
1079 | } | ||
1080 | |||
1030 | /* | 1081 | /* |
1031 | * Compress and send a frame. | 1082 | * Compress and send a frame. |
1032 | * The caller should have locked the xmit path, | 1083 | * The caller should have locked the xmit path, |
@@ -1113,29 +1164,14 @@ ppp_send_frame(struct ppp *ppp, struct sk_buff *skb) | |||
1113 | /* try to do packet compression */ | 1164 | /* try to do packet compression */ |
1114 | if ((ppp->xstate & SC_COMP_RUN) && ppp->xc_state != 0 | 1165 | if ((ppp->xstate & SC_COMP_RUN) && ppp->xc_state != 0 |
1115 | && proto != PPP_LCP && proto != PPP_CCP) { | 1166 | && proto != PPP_LCP && proto != PPP_CCP) { |
1116 | new_skb = alloc_skb(ppp->dev->mtu + ppp->dev->hard_header_len, | 1167 | if (!(ppp->flags & SC_CCP_UP) && (ppp->flags & SC_MUST_COMP)) { |
1117 | GFP_ATOMIC); | 1168 | if (net_ratelimit()) |
1118 | if (new_skb == 0) { | 1169 | printk(KERN_ERR "ppp: compression required but down - pkt dropped.\n"); |
1119 | printk(KERN_ERR "PPP: no memory (comp pkt)\n"); | ||
1120 | goto drop; | 1170 | goto drop; |
1121 | } | 1171 | } |
1122 | if (ppp->dev->hard_header_len > PPP_HDRLEN) | 1172 | skb = pad_compress_skb(ppp, skb); |
1123 | skb_reserve(new_skb, | 1173 | if (!skb) |
1124 | ppp->dev->hard_header_len - PPP_HDRLEN); | 1174 | goto drop; |
1125 | |||
1126 | /* compressor still expects A/C bytes in hdr */ | ||
1127 | len = ppp->xcomp->compress(ppp->xc_state, skb->data - 2, | ||
1128 | new_skb->data, skb->len + 2, | ||
1129 | ppp->dev->mtu + PPP_HDRLEN); | ||
1130 | if (len > 0 && (ppp->flags & SC_CCP_UP)) { | ||
1131 | kfree_skb(skb); | ||
1132 | skb = new_skb; | ||
1133 | skb_put(skb, len); | ||
1134 | skb_pull(skb, 2); /* pull off A/C bytes */ | ||
1135 | } else { | ||
1136 | /* didn't compress, or CCP not up yet */ | ||
1137 | kfree_skb(new_skb); | ||
1138 | } | ||
1139 | } | 1175 | } |
1140 | 1176 | ||
1141 | /* | 1177 | /* |
@@ -1155,7 +1191,8 @@ ppp_send_frame(struct ppp *ppp, struct sk_buff *skb) | |||
1155 | return; | 1191 | return; |
1156 | 1192 | ||
1157 | drop: | 1193 | drop: |
1158 | kfree_skb(skb); | 1194 | if (skb) |
1195 | kfree_skb(skb); | ||
1159 | ++ppp->stats.tx_errors; | 1196 | ++ppp->stats.tx_errors; |
1160 | } | 1197 | } |
1161 | 1198 | ||
@@ -1552,6 +1589,9 @@ ppp_receive_nonmp_frame(struct ppp *ppp, struct sk_buff *skb) | |||
1552 | && (ppp->rstate & (SC_DC_FERROR | SC_DC_ERROR)) == 0) | 1589 | && (ppp->rstate & (SC_DC_FERROR | SC_DC_ERROR)) == 0) |
1553 | skb = ppp_decompress_frame(ppp, skb); | 1590 | skb = ppp_decompress_frame(ppp, skb); |
1554 | 1591 | ||
1592 | if (ppp->flags & SC_MUST_COMP && ppp->rstate & SC_DC_FERROR) | ||
1593 | goto err; | ||
1594 | |||
1555 | proto = PPP_PROTO(skb); | 1595 | proto = PPP_PROTO(skb); |
1556 | switch (proto) { | 1596 | switch (proto) { |
1557 | case PPP_VJC_COMP: | 1597 | case PPP_VJC_COMP: |
diff --git a/drivers/net/ppp_mppe.c b/drivers/net/ppp_mppe.c new file mode 100644 index 000000000000..1985d1b57c45 --- /dev/null +++ b/drivers/net/ppp_mppe.c | |||
@@ -0,0 +1,724 @@ | |||
1 | /* | ||
2 | * ppp_mppe.c - interface MPPE to the PPP code. | ||
3 | * This version is for use with Linux kernel 2.6.14+ | ||
4 | * | ||
5 | * By Frank Cusack <fcusack@fcusack.com>. | ||
6 | * Copyright (c) 2002,2003,2004 Google, Inc. | ||
7 | * All rights reserved. | ||
8 | * | ||
9 | * License: | ||
10 | * Permission to use, copy, modify, and distribute this software and its | ||
11 | * documentation is hereby granted, provided that the above copyright | ||
12 | * notice appears in all copies. This software is provided without any | ||
13 | * warranty, express or implied. | ||
14 | * | ||
15 | * ALTERNATIVELY, provided that this notice is retained in full, this product | ||
16 | * may be distributed under the terms of the GNU General Public License (GPL), | ||
17 | * in which case the provisions of the GPL apply INSTEAD OF those given above. | ||
18 | * | ||
19 | * This program is free software; you can redistribute it and/or modify | ||
20 | * it under the terms of the GNU General Public License as published by | ||
21 | * the Free Software Foundation; either version 2 of the License, or | ||
22 | * (at your option) any later version. | ||
23 | * | ||
24 | * This program is distributed in the hope that it will be useful, | ||
25 | * but WITHOUT ANY WARRANTY; without even the implied warranty of | ||
26 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | ||
27 | * GNU General Public License for more details. | ||
28 | * | ||
29 | * You should have received a copy of the GNU General Public License | ||
30 | * along with this program; if not, write to the Free Software | ||
31 | * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA | ||
32 | * | ||
33 | * | ||
34 | * Changelog: | ||
35 | * 08/12/05 - Matt Domsch <Matt_Domsch@dell.com> | ||
36 | * Only need extra skb padding on transmit, not receive. | ||
37 | * 06/18/04 - Matt Domsch <Matt_Domsch@dell.com>, Oleg Makarenko <mole@quadra.ru> | ||
38 | * Use Linux kernel 2.6 arc4 and sha1 routines rather than | ||
39 | * providing our own. | ||
40 | * 2/15/04 - TS: added #include <version.h> and testing for Kernel | ||
41 | * version before using | ||
42 | * MOD_DEC_USAGE_COUNT/MOD_INC_USAGE_COUNT which are | ||
43 | * deprecated in 2.6 | ||
44 | */ | ||
45 | |||
46 | #include <linux/config.h> | ||
47 | #include <linux/module.h> | ||
48 | #include <linux/kernel.h> | ||
49 | #include <linux/version.h> | ||
50 | #include <linux/init.h> | ||
51 | #include <linux/types.h> | ||
52 | #include <linux/slab.h> | ||
53 | #include <linux/string.h> | ||
54 | #include <linux/crypto.h> | ||
55 | #include <linux/mm.h> | ||
56 | #include <linux/ppp_defs.h> | ||
57 | #include <linux/ppp-comp.h> | ||
58 | #include <asm/scatterlist.h> | ||
59 | |||
60 | #include "ppp_mppe.h" | ||
61 | |||
62 | MODULE_AUTHOR("Frank Cusack <fcusack@fcusack.com>"); | ||
63 | MODULE_DESCRIPTION("Point-to-Point Protocol Microsoft Point-to-Point Encryption support"); | ||
64 | MODULE_LICENSE("Dual BSD/GPL"); | ||
65 | MODULE_ALIAS("ppp-compress-" __stringify(CI_MPPE)); | ||
66 | MODULE_VERSION("1.0.2"); | ||
67 | |||
68 | static void | ||
69 | setup_sg(struct scatterlist *sg, const void *address, unsigned int length) | ||
70 | { | ||
71 | sg[0].page = virt_to_page(address); | ||
72 | sg[0].offset = offset_in_page(address); | ||
73 | sg[0].length = length; | ||
74 | } | ||
75 | |||
76 | #define SHA1_PAD_SIZE 40 | ||
77 | |||
78 | /* | ||
79 | * kernel crypto API needs its arguments to be in kmalloc'd memory, not in the module | ||
80 | * static data area. That means sha_pad needs to be kmalloc'd. | ||
81 | */ | ||
82 | |||
83 | struct sha_pad { | ||
84 | unsigned char sha_pad1[SHA1_PAD_SIZE]; | ||
85 | unsigned char sha_pad2[SHA1_PAD_SIZE]; | ||
86 | }; | ||
87 | static struct sha_pad *sha_pad; | ||
88 | |||
89 | static inline void sha_pad_init(struct sha_pad *shapad) | ||
90 | { | ||
91 | memset(shapad->sha_pad1, 0x00, sizeof(shapad->sha_pad1)); | ||
92 | memset(shapad->sha_pad2, 0xF2, sizeof(shapad->sha_pad2)); | ||
93 | } | ||
94 | |||
95 | /* | ||
96 | * State for an MPPE (de)compressor. | ||
97 | */ | ||
98 | struct ppp_mppe_state { | ||
99 | struct crypto_tfm *arc4; | ||
100 | struct crypto_tfm *sha1; | ||
101 | unsigned char *sha1_digest; | ||
102 | unsigned char master_key[MPPE_MAX_KEY_LEN]; | ||
103 | unsigned char session_key[MPPE_MAX_KEY_LEN]; | ||
104 | unsigned keylen; /* key length in bytes */ | ||
105 | /* NB: 128-bit == 16, 40-bit == 8! */ | ||
106 | /* If we want to support 56-bit, */ | ||
107 | /* the unit has to change to bits */ | ||
108 | unsigned char bits; /* MPPE control bits */ | ||
109 | unsigned ccount; /* 12-bit coherency count (seqno) */ | ||
110 | unsigned stateful; /* stateful mode flag */ | ||
111 | int discard; /* stateful mode packet loss flag */ | ||
112 | int sanity_errors; /* take down LCP if too many */ | ||
113 | int unit; | ||
114 | int debug; | ||
115 | struct compstat stats; | ||
116 | }; | ||
117 | |||
118 | /* struct ppp_mppe_state.bits definitions */ | ||
119 | #define MPPE_BIT_A 0x80 /* Encryption table were (re)inititalized */ | ||
120 | #define MPPE_BIT_B 0x40 /* MPPC only (not implemented) */ | ||
121 | #define MPPE_BIT_C 0x20 /* MPPC only (not implemented) */ | ||
122 | #define MPPE_BIT_D 0x10 /* This is an encrypted frame */ | ||
123 | |||
124 | #define MPPE_BIT_FLUSHED MPPE_BIT_A | ||
125 | #define MPPE_BIT_ENCRYPTED MPPE_BIT_D | ||
126 | |||
127 | #define MPPE_BITS(p) ((p)[4] & 0xf0) | ||
128 | #define MPPE_CCOUNT(p) ((((p)[4] & 0x0f) << 8) + (p)[5]) | ||
129 | #define MPPE_CCOUNT_SPACE 0x1000 /* The size of the ccount space */ | ||
130 | |||
131 | #define MPPE_OVHD 2 /* MPPE overhead/packet */ | ||
132 | #define SANITY_MAX 1600 /* Max bogon factor we will tolerate */ | ||
133 | |||
134 | /* | ||
135 | * Key Derivation, from RFC 3078, RFC 3079. | ||
136 | * Equivalent to Get_Key() for MS-CHAP as described in RFC 3079. | ||
137 | */ | ||
138 | static void get_new_key_from_sha(struct ppp_mppe_state * state, unsigned char *InterimKey) | ||
139 | { | ||
140 | struct scatterlist sg[4]; | ||
141 | |||
142 | setup_sg(&sg[0], state->master_key, state->keylen); | ||
143 | setup_sg(&sg[1], sha_pad->sha_pad1, sizeof(sha_pad->sha_pad1)); | ||
144 | setup_sg(&sg[2], state->session_key, state->keylen); | ||
145 | setup_sg(&sg[3], sha_pad->sha_pad2, sizeof(sha_pad->sha_pad2)); | ||
146 | |||
147 | crypto_digest_digest (state->sha1, sg, 4, state->sha1_digest); | ||
148 | |||
149 | memcpy(InterimKey, state->sha1_digest, state->keylen); | ||
150 | } | ||
151 | |||
152 | /* | ||
153 | * Perform the MPPE rekey algorithm, from RFC 3078, sec. 7.3. | ||
154 | * Well, not what's written there, but rather what they meant. | ||
155 | */ | ||
156 | static void mppe_rekey(struct ppp_mppe_state * state, int initial_key) | ||
157 | { | ||
158 | unsigned char InterimKey[MPPE_MAX_KEY_LEN]; | ||
159 | struct scatterlist sg_in[1], sg_out[1]; | ||
160 | |||
161 | get_new_key_from_sha(state, InterimKey); | ||
162 | if (!initial_key) { | ||
163 | crypto_cipher_setkey(state->arc4, InterimKey, state->keylen); | ||
164 | setup_sg(sg_in, InterimKey, state->keylen); | ||
165 | setup_sg(sg_out, state->session_key, state->keylen); | ||
166 | if (crypto_cipher_encrypt(state->arc4, sg_out, sg_in, | ||
167 | state->keylen) != 0) { | ||
168 | printk(KERN_WARNING "mppe_rekey: cipher_encrypt failed\n"); | ||
169 | } | ||
170 | } else { | ||
171 | memcpy(state->session_key, InterimKey, state->keylen); | ||
172 | } | ||
173 | if (state->keylen == 8) { | ||
174 | /* See RFC 3078 */ | ||
175 | state->session_key[0] = 0xd1; | ||
176 | state->session_key[1] = 0x26; | ||
177 | state->session_key[2] = 0x9e; | ||
178 | } | ||
179 | crypto_cipher_setkey(state->arc4, state->session_key, state->keylen); | ||
180 | } | ||
181 | |||
182 | /* | ||
183 | * Allocate space for a (de)compressor. | ||
184 | */ | ||
185 | static void *mppe_alloc(unsigned char *options, int optlen) | ||
186 | { | ||
187 | struct ppp_mppe_state *state; | ||
188 | unsigned int digestsize; | ||
189 | |||
190 | if (optlen != CILEN_MPPE + sizeof(state->master_key) | ||
191 | || options[0] != CI_MPPE || options[1] != CILEN_MPPE) | ||
192 | goto out; | ||
193 | |||
194 | state = (struct ppp_mppe_state *) kmalloc(sizeof(*state), GFP_KERNEL); | ||
195 | if (state == NULL) | ||
196 | goto out; | ||
197 | |||
198 | memset(state, 0, sizeof(*state)); | ||
199 | |||
200 | state->arc4 = crypto_alloc_tfm("arc4", 0); | ||
201 | if (!state->arc4) | ||
202 | goto out_free; | ||
203 | |||
204 | state->sha1 = crypto_alloc_tfm("sha1", 0); | ||
205 | if (!state->sha1) | ||
206 | goto out_free; | ||
207 | |||
208 | digestsize = crypto_tfm_alg_digestsize(state->sha1); | ||
209 | if (digestsize < MPPE_MAX_KEY_LEN) | ||
210 | goto out_free; | ||
211 | |||
212 | state->sha1_digest = kmalloc(digestsize, GFP_KERNEL); | ||
213 | if (!state->sha1_digest) | ||
214 | goto out_free; | ||
215 | |||
216 | /* Save keys. */ | ||
217 | memcpy(state->master_key, &options[CILEN_MPPE], | ||
218 | sizeof(state->master_key)); | ||
219 | memcpy(state->session_key, state->master_key, | ||
220 | sizeof(state->master_key)); | ||
221 | |||
222 | /* | ||
223 | * We defer initial key generation until mppe_init(), as mppe_alloc() | ||
224 | * is called frequently during negotiation. | ||
225 | */ | ||
226 | |||
227 | return (void *)state; | ||
228 | |||
229 | out_free: | ||
230 | if (state->sha1_digest) | ||
231 | kfree(state->sha1_digest); | ||
232 | if (state->sha1) | ||
233 | crypto_free_tfm(state->sha1); | ||
234 | if (state->arc4) | ||
235 | crypto_free_tfm(state->arc4); | ||
236 | kfree(state); | ||
237 | out: | ||
238 | return NULL; | ||
239 | } | ||
240 | |||
241 | /* | ||
242 | * Deallocate space for a (de)compressor. | ||
243 | */ | ||
244 | static void mppe_free(void *arg) | ||
245 | { | ||
246 | struct ppp_mppe_state *state = (struct ppp_mppe_state *) arg; | ||
247 | if (state) { | ||
248 | if (state->sha1_digest) | ||
249 | kfree(state->sha1_digest); | ||
250 | if (state->sha1) | ||
251 | crypto_free_tfm(state->sha1); | ||
252 | if (state->arc4) | ||
253 | crypto_free_tfm(state->arc4); | ||
254 | kfree(state); | ||
255 | } | ||
256 | } | ||
257 | |||
258 | /* | ||
259 | * Initialize (de)compressor state. | ||
260 | */ | ||
261 | static int | ||
262 | mppe_init(void *arg, unsigned char *options, int optlen, int unit, int debug, | ||
263 | const char *debugstr) | ||
264 | { | ||
265 | struct ppp_mppe_state *state = (struct ppp_mppe_state *) arg; | ||
266 | unsigned char mppe_opts; | ||
267 | |||
268 | if (optlen != CILEN_MPPE | ||
269 | || options[0] != CI_MPPE || options[1] != CILEN_MPPE) | ||
270 | return 0; | ||
271 | |||
272 | MPPE_CI_TO_OPTS(&options[2], mppe_opts); | ||
273 | if (mppe_opts & MPPE_OPT_128) | ||
274 | state->keylen = 16; | ||
275 | else if (mppe_opts & MPPE_OPT_40) | ||
276 | state->keylen = 8; | ||
277 | else { | ||
278 | printk(KERN_WARNING "%s[%d]: unknown key length\n", debugstr, | ||
279 | unit); | ||
280 | return 0; | ||
281 | } | ||
282 | if (mppe_opts & MPPE_OPT_STATEFUL) | ||
283 | state->stateful = 1; | ||
284 | |||
285 | /* Generate the initial session key. */ | ||
286 | mppe_rekey(state, 1); | ||
287 | |||
288 | if (debug) { | ||
289 | int i; | ||
290 | char mkey[sizeof(state->master_key) * 2 + 1]; | ||
291 | char skey[sizeof(state->session_key) * 2 + 1]; | ||
292 | |||
293 | printk(KERN_DEBUG "%s[%d]: initialized with %d-bit %s mode\n", | ||
294 | debugstr, unit, (state->keylen == 16) ? 128 : 40, | ||
295 | (state->stateful) ? "stateful" : "stateless"); | ||
296 | |||
297 | for (i = 0; i < sizeof(state->master_key); i++) | ||
298 | sprintf(mkey + i * 2, "%02x", state->master_key[i]); | ||
299 | for (i = 0; i < sizeof(state->session_key); i++) | ||
300 | sprintf(skey + i * 2, "%02x", state->session_key[i]); | ||
301 | printk(KERN_DEBUG | ||
302 | "%s[%d]: keys: master: %s initial session: %s\n", | ||
303 | debugstr, unit, mkey, skey); | ||
304 | } | ||
305 | |||
306 | /* | ||
307 | * Initialize the coherency count. The initial value is not specified | ||
308 | * in RFC 3078, but we can make a reasonable assumption that it will | ||
309 | * start at 0. Setting it to the max here makes the comp/decomp code | ||
310 | * do the right thing (determined through experiment). | ||
311 | */ | ||
312 | state->ccount = MPPE_CCOUNT_SPACE - 1; | ||
313 | |||
314 | /* | ||
315 | * Note that even though we have initialized the key table, we don't | ||
316 | * set the FLUSHED bit. This is contrary to RFC 3078, sec. 3.1. | ||
317 | */ | ||
318 | state->bits = MPPE_BIT_ENCRYPTED; | ||
319 | |||
320 | state->unit = unit; | ||
321 | state->debug = debug; | ||
322 | |||
323 | return 1; | ||
324 | } | ||
325 | |||
326 | static int | ||
327 | mppe_comp_init(void *arg, unsigned char *options, int optlen, int unit, | ||
328 | int hdrlen, int debug) | ||
329 | { | ||
330 | /* ARGSUSED */ | ||
331 | return mppe_init(arg, options, optlen, unit, debug, "mppe_comp_init"); | ||
332 | } | ||
333 | |||
334 | /* | ||
335 | * We received a CCP Reset-Request (actually, we are sending a Reset-Ack), | ||
336 | * tell the compressor to rekey. Note that we MUST NOT rekey for | ||
337 | * every CCP Reset-Request; we only rekey on the next xmit packet. | ||
338 | * We might get multiple CCP Reset-Requests if our CCP Reset-Ack is lost. | ||
339 | * So, rekeying for every CCP Reset-Request is broken as the peer will not | ||
340 | * know how many times we've rekeyed. (If we rekey and THEN get another | ||
341 | * CCP Reset-Request, we must rekey again.) | ||
342 | */ | ||
343 | static void mppe_comp_reset(void *arg) | ||
344 | { | ||
345 | struct ppp_mppe_state *state = (struct ppp_mppe_state *) arg; | ||
346 | |||
347 | state->bits |= MPPE_BIT_FLUSHED; | ||
348 | } | ||
349 | |||
350 | /* | ||
351 | * Compress (encrypt) a packet. | ||
352 | * It's strange to call this a compressor, since the output is always | ||
353 | * MPPE_OVHD + 2 bytes larger than the input. | ||
354 | */ | ||
355 | static int | ||
356 | mppe_compress(void *arg, unsigned char *ibuf, unsigned char *obuf, | ||
357 | int isize, int osize) | ||
358 | { | ||
359 | struct ppp_mppe_state *state = (struct ppp_mppe_state *) arg; | ||
360 | int proto; | ||
361 | struct scatterlist sg_in[1], sg_out[1]; | ||
362 | |||
363 | /* | ||
364 | * Check that the protocol is in the range we handle. | ||
365 | */ | ||
366 | proto = PPP_PROTOCOL(ibuf); | ||
367 | if (proto < 0x0021 || proto > 0x00fa) | ||
368 | return 0; | ||
369 | |||
370 | /* Make sure we have enough room to generate an encrypted packet. */ | ||
371 | if (osize < isize + MPPE_OVHD + 2) { | ||
372 | /* Drop the packet if we should encrypt it, but can't. */ | ||
373 | printk(KERN_DEBUG "mppe_compress[%d]: osize too small! " | ||
374 | "(have: %d need: %d)\n", state->unit, | ||
375 | osize, osize + MPPE_OVHD + 2); | ||
376 | return -1; | ||
377 | } | ||
378 | |||
379 | osize = isize + MPPE_OVHD + 2; | ||
380 | |||
381 | /* | ||
382 | * Copy over the PPP header and set control bits. | ||
383 | */ | ||
384 | obuf[0] = PPP_ADDRESS(ibuf); | ||
385 | obuf[1] = PPP_CONTROL(ibuf); | ||
386 | obuf[2] = PPP_COMP >> 8; /* isize + MPPE_OVHD + 1 */ | ||
387 | obuf[3] = PPP_COMP; /* isize + MPPE_OVHD + 2 */ | ||
388 | obuf += PPP_HDRLEN; | ||
389 | |||
390 | state->ccount = (state->ccount + 1) % MPPE_CCOUNT_SPACE; | ||
391 | if (state->debug >= 7) | ||
392 | printk(KERN_DEBUG "mppe_compress[%d]: ccount %d\n", state->unit, | ||
393 | state->ccount); | ||
394 | obuf[0] = state->ccount >> 8; | ||
395 | obuf[1] = state->ccount & 0xff; | ||
396 | |||
397 | if (!state->stateful || /* stateless mode */ | ||
398 | ((state->ccount & 0xff) == 0xff) || /* "flag" packet */ | ||
399 | (state->bits & MPPE_BIT_FLUSHED)) { /* CCP Reset-Request */ | ||
400 | /* We must rekey */ | ||
401 | if (state->debug && state->stateful) | ||
402 | printk(KERN_DEBUG "mppe_compress[%d]: rekeying\n", | ||
403 | state->unit); | ||
404 | mppe_rekey(state, 0); | ||
405 | state->bits |= MPPE_BIT_FLUSHED; | ||
406 | } | ||
407 | obuf[0] |= state->bits; | ||
408 | state->bits &= ~MPPE_BIT_FLUSHED; /* reset for next xmit */ | ||
409 | |||
410 | obuf += MPPE_OVHD; | ||
411 | ibuf += 2; /* skip to proto field */ | ||
412 | isize -= 2; | ||
413 | |||
414 | /* Encrypt packet */ | ||
415 | setup_sg(sg_in, ibuf, isize); | ||
416 | setup_sg(sg_out, obuf, osize); | ||
417 | if (crypto_cipher_encrypt(state->arc4, sg_out, sg_in, isize) != 0) { | ||
418 | printk(KERN_DEBUG "crypto_cypher_encrypt failed\n"); | ||
419 | return -1; | ||
420 | } | ||
421 | |||
422 | state->stats.unc_bytes += isize; | ||
423 | state->stats.unc_packets++; | ||
424 | state->stats.comp_bytes += osize; | ||
425 | state->stats.comp_packets++; | ||
426 | |||
427 | return osize; | ||
428 | } | ||
429 | |||
430 | /* | ||
431 | * Since every frame grows by MPPE_OVHD + 2 bytes, this is always going | ||
432 | * to look bad ... and the longer the link is up the worse it will get. | ||
433 | */ | ||
434 | static void mppe_comp_stats(void *arg, struct compstat *stats) | ||
435 | { | ||
436 | struct ppp_mppe_state *state = (struct ppp_mppe_state *) arg; | ||
437 | |||
438 | *stats = state->stats; | ||
439 | } | ||
440 | |||
441 | static int | ||
442 | mppe_decomp_init(void *arg, unsigned char *options, int optlen, int unit, | ||
443 | int hdrlen, int mru, int debug) | ||
444 | { | ||
445 | /* ARGSUSED */ | ||
446 | return mppe_init(arg, options, optlen, unit, debug, "mppe_decomp_init"); | ||
447 | } | ||
448 | |||
449 | /* | ||
450 | * We received a CCP Reset-Ack. Just ignore it. | ||
451 | */ | ||
452 | static void mppe_decomp_reset(void *arg) | ||
453 | { | ||
454 | /* ARGSUSED */ | ||
455 | return; | ||
456 | } | ||
457 | |||
458 | /* | ||
459 | * Decompress (decrypt) an MPPE packet. | ||
460 | */ | ||
461 | static int | ||
462 | mppe_decompress(void *arg, unsigned char *ibuf, int isize, unsigned char *obuf, | ||
463 | int osize) | ||
464 | { | ||
465 | struct ppp_mppe_state *state = (struct ppp_mppe_state *) arg; | ||
466 | unsigned ccount; | ||
467 | int flushed = MPPE_BITS(ibuf) & MPPE_BIT_FLUSHED; | ||
468 | int sanity = 0; | ||
469 | struct scatterlist sg_in[1], sg_out[1]; | ||
470 | |||
471 | if (isize <= PPP_HDRLEN + MPPE_OVHD) { | ||
472 | if (state->debug) | ||
473 | printk(KERN_DEBUG | ||
474 | "mppe_decompress[%d]: short pkt (%d)\n", | ||
475 | state->unit, isize); | ||
476 | return DECOMP_ERROR; | ||
477 | } | ||
478 | |||
479 | /* | ||
480 | * Make sure we have enough room to decrypt the packet. | ||
481 | * Note that for our test we only subtract 1 byte whereas in | ||
482 | * mppe_compress() we added 2 bytes (+MPPE_OVHD); | ||
483 | * this is to account for possible PFC. | ||
484 | */ | ||
485 | if (osize < isize - MPPE_OVHD - 1) { | ||
486 | printk(KERN_DEBUG "mppe_decompress[%d]: osize too small! " | ||
487 | "(have: %d need: %d)\n", state->unit, | ||
488 | osize, isize - MPPE_OVHD - 1); | ||
489 | return DECOMP_ERROR; | ||
490 | } | ||
491 | osize = isize - MPPE_OVHD - 2; /* assume no PFC */ | ||
492 | |||
493 | ccount = MPPE_CCOUNT(ibuf); | ||
494 | if (state->debug >= 7) | ||
495 | printk(KERN_DEBUG "mppe_decompress[%d]: ccount %d\n", | ||
496 | state->unit, ccount); | ||
497 | |||
498 | /* sanity checks -- terminate with extreme prejudice */ | ||
499 | if (!(MPPE_BITS(ibuf) & MPPE_BIT_ENCRYPTED)) { | ||
500 | printk(KERN_DEBUG | ||
501 | "mppe_decompress[%d]: ENCRYPTED bit not set!\n", | ||
502 | state->unit); | ||
503 | state->sanity_errors += 100; | ||
504 | sanity = 1; | ||
505 | } | ||
506 | if (!state->stateful && !flushed) { | ||
507 | printk(KERN_DEBUG "mppe_decompress[%d]: FLUSHED bit not set in " | ||
508 | "stateless mode!\n", state->unit); | ||
509 | state->sanity_errors += 100; | ||
510 | sanity = 1; | ||
511 | } | ||
512 | if (state->stateful && ((ccount & 0xff) == 0xff) && !flushed) { | ||
513 | printk(KERN_DEBUG "mppe_decompress[%d]: FLUSHED bit not set on " | ||
514 | "flag packet!\n", state->unit); | ||
515 | state->sanity_errors += 100; | ||
516 | sanity = 1; | ||
517 | } | ||
518 | |||
519 | if (sanity) { | ||
520 | if (state->sanity_errors < SANITY_MAX) | ||
521 | return DECOMP_ERROR; | ||
522 | else | ||
523 | /* | ||
524 | * Take LCP down if the peer is sending too many bogons. | ||
525 | * We don't want to do this for a single or just a few | ||
526 | * instances since it could just be due to packet corruption. | ||
527 | */ | ||
528 | return DECOMP_FATALERROR; | ||
529 | } | ||
530 | |||
531 | /* | ||
532 | * Check the coherency count. | ||
533 | */ | ||
534 | |||
535 | if (!state->stateful) { | ||
536 | /* RFC 3078, sec 8.1. Rekey for every packet. */ | ||
537 | while (state->ccount != ccount) { | ||
538 | mppe_rekey(state, 0); | ||
539 | state->ccount = (state->ccount + 1) % MPPE_CCOUNT_SPACE; | ||
540 | } | ||
541 | } else { | ||
542 | /* RFC 3078, sec 8.2. */ | ||
543 | if (!state->discard) { | ||
544 | /* normal state */ | ||
545 | state->ccount = (state->ccount + 1) % MPPE_CCOUNT_SPACE; | ||
546 | if (ccount != state->ccount) { | ||
547 | /* | ||
548 | * (ccount > state->ccount) | ||
549 | * Packet loss detected, enter the discard state. | ||
550 | * Signal the peer to rekey (by sending a CCP Reset-Request). | ||
551 | */ | ||
552 | state->discard = 1; | ||
553 | return DECOMP_ERROR; | ||
554 | } | ||
555 | } else { | ||
556 | /* discard state */ | ||
557 | if (!flushed) { | ||
558 | /* ccp.c will be silent (no additional CCP Reset-Requests). */ | ||
559 | return DECOMP_ERROR; | ||
560 | } else { | ||
561 | /* Rekey for every missed "flag" packet. */ | ||
562 | while ((ccount & ~0xff) != | ||
563 | (state->ccount & ~0xff)) { | ||
564 | mppe_rekey(state, 0); | ||
565 | state->ccount = | ||
566 | (state->ccount + | ||
567 | 256) % MPPE_CCOUNT_SPACE; | ||
568 | } | ||
569 | |||
570 | /* reset */ | ||
571 | state->discard = 0; | ||
572 | state->ccount = ccount; | ||
573 | /* | ||
574 | * Another problem with RFC 3078 here. It implies that the | ||
575 | * peer need not send a Reset-Ack packet. But RFC 1962 | ||
576 | * requires it. Hopefully, M$ does send a Reset-Ack; even | ||
577 | * though it isn't required for MPPE synchronization, it is | ||
578 | * required to reset CCP state. | ||
579 | */ | ||
580 | } | ||
581 | } | ||
582 | if (flushed) | ||
583 | mppe_rekey(state, 0); | ||
584 | } | ||
585 | |||
586 | /* | ||
587 | * Fill in the first part of the PPP header. The protocol field | ||
588 | * comes from the decrypted data. | ||
589 | */ | ||
590 | obuf[0] = PPP_ADDRESS(ibuf); /* +1 */ | ||
591 | obuf[1] = PPP_CONTROL(ibuf); /* +1 */ | ||
592 | obuf += 2; | ||
593 | ibuf += PPP_HDRLEN + MPPE_OVHD; | ||
594 | isize -= PPP_HDRLEN + MPPE_OVHD; /* -6 */ | ||
595 | /* net osize: isize-4 */ | ||
596 | |||
597 | /* | ||
598 | * Decrypt the first byte in order to check if it is | ||
599 | * a compressed or uncompressed protocol field. | ||
600 | */ | ||
601 | setup_sg(sg_in, ibuf, 1); | ||
602 | setup_sg(sg_out, obuf, 1); | ||
603 | if (crypto_cipher_decrypt(state->arc4, sg_out, sg_in, 1) != 0) { | ||
604 | printk(KERN_DEBUG "crypto_cypher_decrypt failed\n"); | ||
605 | return DECOMP_ERROR; | ||
606 | } | ||
607 | |||
608 | /* | ||
609 | * Do PFC decompression. | ||
610 | * This would be nicer if we were given the actual sk_buff | ||
611 | * instead of a char *. | ||
612 | */ | ||
613 | if ((obuf[0] & 0x01) != 0) { | ||
614 | obuf[1] = obuf[0]; | ||
615 | obuf[0] = 0; | ||
616 | obuf++; | ||
617 | osize++; | ||
618 | } | ||
619 | |||
620 | /* And finally, decrypt the rest of the packet. */ | ||
621 | setup_sg(sg_in, ibuf + 1, isize - 1); | ||
622 | setup_sg(sg_out, obuf + 1, osize - 1); | ||
623 | if (crypto_cipher_decrypt(state->arc4, sg_out, sg_in, isize - 1) != 0) { | ||
624 | printk(KERN_DEBUG "crypto_cypher_decrypt failed\n"); | ||
625 | return DECOMP_ERROR; | ||
626 | } | ||
627 | |||
628 | state->stats.unc_bytes += osize; | ||
629 | state->stats.unc_packets++; | ||
630 | state->stats.comp_bytes += isize; | ||
631 | state->stats.comp_packets++; | ||
632 | |||
633 | /* good packet credit */ | ||
634 | state->sanity_errors >>= 1; | ||
635 | |||
636 | return osize; | ||
637 | } | ||
638 | |||
639 | /* | ||
640 | * Incompressible data has arrived (this should never happen!). | ||
641 | * We should probably drop the link if the protocol is in the range | ||
642 | * of what should be encrypted. At the least, we should drop this | ||
643 | * packet. (How to do this?) | ||
644 | */ | ||
645 | static void mppe_incomp(void *arg, unsigned char *ibuf, int icnt) | ||
646 | { | ||
647 | struct ppp_mppe_state *state = (struct ppp_mppe_state *) arg; | ||
648 | |||
649 | if (state->debug && | ||
650 | (PPP_PROTOCOL(ibuf) >= 0x0021 && PPP_PROTOCOL(ibuf) <= 0x00fa)) | ||
651 | printk(KERN_DEBUG | ||
652 | "mppe_incomp[%d]: incompressible (unencrypted) data! " | ||
653 | "(proto %04x)\n", state->unit, PPP_PROTOCOL(ibuf)); | ||
654 | |||
655 | state->stats.inc_bytes += icnt; | ||
656 | state->stats.inc_packets++; | ||
657 | state->stats.unc_bytes += icnt; | ||
658 | state->stats.unc_packets++; | ||
659 | } | ||
660 | |||
661 | /************************************************************* | ||
662 | * Module interface table | ||
663 | *************************************************************/ | ||
664 | |||
665 | /* | ||
666 | * Procedures exported to if_ppp.c. | ||
667 | */ | ||
668 | static struct compressor ppp_mppe = { | ||
669 | .compress_proto = CI_MPPE, | ||
670 | .comp_alloc = mppe_alloc, | ||
671 | .comp_free = mppe_free, | ||
672 | .comp_init = mppe_comp_init, | ||
673 | .comp_reset = mppe_comp_reset, | ||
674 | .compress = mppe_compress, | ||
675 | .comp_stat = mppe_comp_stats, | ||
676 | .decomp_alloc = mppe_alloc, | ||
677 | .decomp_free = mppe_free, | ||
678 | .decomp_init = mppe_decomp_init, | ||
679 | .decomp_reset = mppe_decomp_reset, | ||
680 | .decompress = mppe_decompress, | ||
681 | .incomp = mppe_incomp, | ||
682 | .decomp_stat = mppe_comp_stats, | ||
683 | .owner = THIS_MODULE, | ||
684 | .comp_extra = MPPE_PAD, | ||
685 | }; | ||
686 | |||
687 | /* | ||
688 | * ppp_mppe_init() | ||
689 | * | ||
690 | * Prior to allowing load, try to load the arc4 and sha1 crypto | ||
691 | * libraries. The actual use will be allocated later, but | ||
692 | * this way the module will fail to insmod if they aren't available. | ||
693 | */ | ||
694 | |||
695 | static int __init ppp_mppe_init(void) | ||
696 | { | ||
697 | int answer; | ||
698 | if (!(crypto_alg_available("arc4", 0) && | ||
699 | crypto_alg_available("sha1", 0))) | ||
700 | return -ENODEV; | ||
701 | |||
702 | sha_pad = kmalloc(sizeof(struct sha_pad), GFP_KERNEL); | ||
703 | if (!sha_pad) | ||
704 | return -ENOMEM; | ||
705 | sha_pad_init(sha_pad); | ||
706 | |||
707 | answer = ppp_register_compressor(&ppp_mppe); | ||
708 | |||
709 | if (answer == 0) | ||
710 | printk(KERN_INFO "PPP MPPE Compression module registered\n"); | ||
711 | else | ||
712 | kfree(sha_pad); | ||
713 | |||
714 | return answer; | ||
715 | } | ||
716 | |||
717 | static void __exit ppp_mppe_cleanup(void) | ||
718 | { | ||
719 | ppp_unregister_compressor(&ppp_mppe); | ||
720 | kfree(sha_pad); | ||
721 | } | ||
722 | |||
723 | module_init(ppp_mppe_init); | ||
724 | module_exit(ppp_mppe_cleanup); | ||
diff --git a/drivers/net/ppp_mppe.h b/drivers/net/ppp_mppe.h new file mode 100644 index 000000000000..7a14e058c668 --- /dev/null +++ b/drivers/net/ppp_mppe.h | |||
@@ -0,0 +1,86 @@ | |||
1 | #define MPPE_PAD 4 /* MPPE growth per frame */ | ||
2 | #define MPPE_MAX_KEY_LEN 16 /* largest key length (128-bit) */ | ||
3 | |||
4 | /* option bits for ccp_options.mppe */ | ||
5 | #define MPPE_OPT_40 0x01 /* 40 bit */ | ||
6 | #define MPPE_OPT_128 0x02 /* 128 bit */ | ||
7 | #define MPPE_OPT_STATEFUL 0x04 /* stateful mode */ | ||
8 | /* unsupported opts */ | ||
9 | #define MPPE_OPT_56 0x08 /* 56 bit */ | ||
10 | #define MPPE_OPT_MPPC 0x10 /* MPPC compression */ | ||
11 | #define MPPE_OPT_D 0x20 /* Unknown */ | ||
12 | #define MPPE_OPT_UNSUPPORTED (MPPE_OPT_56|MPPE_OPT_MPPC|MPPE_OPT_D) | ||
13 | #define MPPE_OPT_UNKNOWN 0x40 /* Bits !defined in RFC 3078 were set */ | ||
14 | |||
15 | /* | ||
16 | * This is not nice ... the alternative is a bitfield struct though. | ||
17 | * And unfortunately, we cannot share the same bits for the option | ||
18 | * names above since C and H are the same bit. We could do a u_int32 | ||
19 | * but then we have to do a htonl() all the time and/or we still need | ||
20 | * to know which octet is which. | ||
21 | */ | ||
22 | #define MPPE_C_BIT 0x01 /* MPPC */ | ||
23 | #define MPPE_D_BIT 0x10 /* Obsolete, usage unknown */ | ||
24 | #define MPPE_L_BIT 0x20 /* 40-bit */ | ||
25 | #define MPPE_S_BIT 0x40 /* 128-bit */ | ||
26 | #define MPPE_M_BIT 0x80 /* 56-bit, not supported */ | ||
27 | #define MPPE_H_BIT 0x01 /* Stateless (in a different byte) */ | ||
28 | |||
29 | /* Does not include H bit; used for least significant octet only. */ | ||
30 | #define MPPE_ALL_BITS (MPPE_D_BIT|MPPE_L_BIT|MPPE_S_BIT|MPPE_M_BIT|MPPE_H_BIT) | ||
31 | |||
32 | /* Build a CI from mppe opts (see RFC 3078) */ | ||
33 | #define MPPE_OPTS_TO_CI(opts, ci) \ | ||
34 | do { \ | ||
35 | u_char *ptr = ci; /* u_char[4] */ \ | ||
36 | \ | ||
37 | /* H bit */ \ | ||
38 | if (opts & MPPE_OPT_STATEFUL) \ | ||
39 | *ptr++ = 0x0; \ | ||
40 | else \ | ||
41 | *ptr++ = MPPE_H_BIT; \ | ||
42 | *ptr++ = 0; \ | ||
43 | *ptr++ = 0; \ | ||
44 | \ | ||
45 | /* S,L bits */ \ | ||
46 | *ptr = 0; \ | ||
47 | if (opts & MPPE_OPT_128) \ | ||
48 | *ptr |= MPPE_S_BIT; \ | ||
49 | if (opts & MPPE_OPT_40) \ | ||
50 | *ptr |= MPPE_L_BIT; \ | ||
51 | /* M,D,C bits not supported */ \ | ||
52 | } while (/* CONSTCOND */ 0) | ||
53 | |||
54 | /* The reverse of the above */ | ||
55 | #define MPPE_CI_TO_OPTS(ci, opts) \ | ||
56 | do { \ | ||
57 | u_char *ptr = ci; /* u_char[4] */ \ | ||
58 | \ | ||
59 | opts = 0; \ | ||
60 | \ | ||
61 | /* H bit */ \ | ||
62 | if (!(ptr[0] & MPPE_H_BIT)) \ | ||
63 | opts |= MPPE_OPT_STATEFUL; \ | ||
64 | \ | ||
65 | /* S,L bits */ \ | ||
66 | if (ptr[3] & MPPE_S_BIT) \ | ||
67 | opts |= MPPE_OPT_128; \ | ||
68 | if (ptr[3] & MPPE_L_BIT) \ | ||
69 | opts |= MPPE_OPT_40; \ | ||
70 | \ | ||
71 | /* M,D,C bits */ \ | ||
72 | if (ptr[3] & MPPE_M_BIT) \ | ||
73 | opts |= MPPE_OPT_56; \ | ||
74 | if (ptr[3] & MPPE_D_BIT) \ | ||
75 | opts |= MPPE_OPT_D; \ | ||
76 | if (ptr[3] & MPPE_C_BIT) \ | ||
77 | opts |= MPPE_OPT_MPPC; \ | ||
78 | \ | ||
79 | /* Other bits */ \ | ||
80 | if (ptr[0] & ~MPPE_H_BIT) \ | ||
81 | opts |= MPPE_OPT_UNKNOWN; \ | ||
82 | if (ptr[1] || ptr[2]) \ | ||
83 | opts |= MPPE_OPT_UNKNOWN; \ | ||
84 | if (ptr[3] & ~MPPE_ALL_BITS) \ | ||
85 | opts |= MPPE_OPT_UNKNOWN; \ | ||
86 | } while (/* CONSTCOND */ 0) | ||