aboutsummaryrefslogtreecommitdiffstats
path: root/drivers/net
diff options
context:
space:
mode:
authorMatt Domsch <Matt_Domsch@dell.com>2005-11-08 12:40:47 -0500
committerDavid S. Miller <davem@davemloft.net>2005-11-08 12:40:47 -0500
commitb3f9b92a6ec1a9a5e4b4b36e484f2f62cc73277c (patch)
tree7ca8e019573362620638e14e32bb519770ee6945 /drivers/net
parent6722e78c90054101e6797d5944cdc81af9897a0a (diff)
[PPP]: add PPP MPPE encryption module
From: Matt Domsch <Matt_Domsch@dell.com> The patch below implements the Microsoft Point-to-Point Encryption method as a PPP compressor/decompressor. This is necessary for Linux clients and servers to interoperate with Microsoft Point-to-Point Tunneling Protocol (PPTP) servers (either Microsoft PPTP servers or the poptop project) which use MPPE to encrypt data when creating a VPN. This patch differs from the kernel_ppp_mppe DKMS pacakge at pptpclient.sourceforge.net by utilizing the kernel crypto routines rather than providing its own SHA1 and arcfour implementations. Minor changes to ppp_generic.c try to prevent a link from disabling compression (in our case, the encryption) after it has started using compression (encryption). Feedback to <pptpclient-devel@lists.sourceforge.net> please. Signed-off-by: Matt Domsch <Matt_Domsch@dell.com> Cc: James Cameron <james.cameron@hp.com> Cc: "David S. Miller" <davem@davemloft.net> Signed-off-by: Brice Goglin <Brice.Goglin@ens-lyon.org> Acked-by: Paul Mackerras <paulus@samba.org> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'drivers/net')
-rw-r--r--drivers/net/Kconfig13
-rw-r--r--drivers/net/Makefile1
-rw-r--r--drivers/net/ppp_generic.c88
-rw-r--r--drivers/net/ppp_mppe.c724
-rw-r--r--drivers/net/ppp_mppe.h86
5 files changed, 888 insertions, 24 deletions
diff --git a/drivers/net/Kconfig b/drivers/net/Kconfig
index 1958d9e16a3a..24f1691b84f9 100644
--- a/drivers/net/Kconfig
+++ b/drivers/net/Kconfig
@@ -2523,6 +2523,19 @@ config PPP_BSDCOMP
2523 module; it is called bsd_comp and will show up in the directory 2523 module; it is called bsd_comp and will show up in the directory
2524 modules once you have said "make modules". If unsure, say N. 2524 modules once you have said "make modules". If unsure, say N.
2525 2525
2526config PPP_MPPE
2527 tristate "PPP MPPE compression (encryption) (EXPERIMENTAL)"
2528 depends on PPP && EXPERIMENTAL
2529 select CRYPTO
2530 select CRYPTO_SHA1
2531 select CRYPTO_ARC4
2532 ---help---
2533 Support for the MPPE Encryption protocol, as employed by the
2534 Microsoft Point-to-Point Tunneling Protocol.
2535
2536 See http://pptpclient.sourceforge.net/ for information on
2537 configuring PPTP clients and servers to utilize this method.
2538
2526config PPPOE 2539config PPPOE
2527 tristate "PPP over Ethernet (EXPERIMENTAL)" 2540 tristate "PPP over Ethernet (EXPERIMENTAL)"
2528 depends on EXPERIMENTAL && PPP 2541 depends on EXPERIMENTAL && PPP
diff --git a/drivers/net/Makefile b/drivers/net/Makefile
index 7c313cb341b8..4cffd34442aa 100644
--- a/drivers/net/Makefile
+++ b/drivers/net/Makefile
@@ -112,6 +112,7 @@ obj-$(CONFIG_PPP_ASYNC) += ppp_async.o
112obj-$(CONFIG_PPP_SYNC_TTY) += ppp_synctty.o 112obj-$(CONFIG_PPP_SYNC_TTY) += ppp_synctty.o
113obj-$(CONFIG_PPP_DEFLATE) += ppp_deflate.o 113obj-$(CONFIG_PPP_DEFLATE) += ppp_deflate.o
114obj-$(CONFIG_PPP_BSDCOMP) += bsd_comp.o 114obj-$(CONFIG_PPP_BSDCOMP) += bsd_comp.o
115obj-$(CONFIG_PPP_MPPE) += ppp_mppe.o
115obj-$(CONFIG_PPPOE) += pppox.o pppoe.o 116obj-$(CONFIG_PPPOE) += pppox.o pppoe.o
116 117
117obj-$(CONFIG_SLIP) += slip.o 118obj-$(CONFIG_SLIP) += slip.o
diff --git a/drivers/net/ppp_generic.c b/drivers/net/ppp_generic.c
index d3c9958b00d0..50430f79f8cf 100644
--- a/drivers/net/ppp_generic.c
+++ b/drivers/net/ppp_generic.c
@@ -137,13 +137,14 @@ struct ppp {
137 137
138/* 138/*
139 * Bits in flags: SC_NO_TCP_CCID, SC_CCP_OPEN, SC_CCP_UP, SC_LOOP_TRAFFIC, 139 * Bits in flags: SC_NO_TCP_CCID, SC_CCP_OPEN, SC_CCP_UP, SC_LOOP_TRAFFIC,
140 * SC_MULTILINK, SC_MP_SHORTSEQ, SC_MP_XSHORTSEQ, SC_COMP_TCP, SC_REJ_COMP_TCP. 140 * SC_MULTILINK, SC_MP_SHORTSEQ, SC_MP_XSHORTSEQ, SC_COMP_TCP, SC_REJ_COMP_TCP,
141 * SC_MUST_COMP
141 * Bits in rstate: SC_DECOMP_RUN, SC_DC_ERROR, SC_DC_FERROR. 142 * Bits in rstate: SC_DECOMP_RUN, SC_DC_ERROR, SC_DC_FERROR.
142 * Bits in xstate: SC_COMP_RUN 143 * Bits in xstate: SC_COMP_RUN
143 */ 144 */
144#define SC_FLAG_BITS (SC_NO_TCP_CCID|SC_CCP_OPEN|SC_CCP_UP|SC_LOOP_TRAFFIC \ 145#define SC_FLAG_BITS (SC_NO_TCP_CCID|SC_CCP_OPEN|SC_CCP_UP|SC_LOOP_TRAFFIC \
145 |SC_MULTILINK|SC_MP_SHORTSEQ|SC_MP_XSHORTSEQ \ 146 |SC_MULTILINK|SC_MP_SHORTSEQ|SC_MP_XSHORTSEQ \
146 |SC_COMP_TCP|SC_REJ_COMP_TCP) 147 |SC_COMP_TCP|SC_REJ_COMP_TCP|SC_MUST_COMP)
147 148
148/* 149/*
149 * Private data structure for each channel. 150 * Private data structure for each channel.
@@ -1027,6 +1028,56 @@ ppp_xmit_process(struct ppp *ppp)
1027 ppp_xmit_unlock(ppp); 1028 ppp_xmit_unlock(ppp);
1028} 1029}
1029 1030
1031static inline struct sk_buff *
1032pad_compress_skb(struct ppp *ppp, struct sk_buff *skb)
1033{
1034 struct sk_buff *new_skb;
1035 int len;
1036 int new_skb_size = ppp->dev->mtu +
1037 ppp->xcomp->comp_extra + ppp->dev->hard_header_len;
1038 int compressor_skb_size = ppp->dev->mtu +
1039 ppp->xcomp->comp_extra + PPP_HDRLEN;
1040 new_skb = alloc_skb(new_skb_size, GFP_ATOMIC);
1041 if (!new_skb) {
1042 if (net_ratelimit())
1043 printk(KERN_ERR "PPP: no memory (comp pkt)\n");
1044 return NULL;
1045 }
1046 if (ppp->dev->hard_header_len > PPP_HDRLEN)
1047 skb_reserve(new_skb,
1048 ppp->dev->hard_header_len - PPP_HDRLEN);
1049
1050 /* compressor still expects A/C bytes in hdr */
1051 len = ppp->xcomp->compress(ppp->xc_state, skb->data - 2,
1052 new_skb->data, skb->len + 2,
1053 compressor_skb_size);
1054 if (len > 0 && (ppp->flags & SC_CCP_UP)) {
1055 kfree_skb(skb);
1056 skb = new_skb;
1057 skb_put(skb, len);
1058 skb_pull(skb, 2); /* pull off A/C bytes */
1059 } else if (len == 0) {
1060 /* didn't compress, or CCP not up yet */
1061 kfree_skb(new_skb);
1062 new_skb = skb;
1063 } else {
1064 /*
1065 * (len < 0)
1066 * MPPE requires that we do not send unencrypted
1067 * frames. The compressor will return -1 if we
1068 * should drop the frame. We cannot simply test
1069 * the compress_proto because MPPE and MPPC share
1070 * the same number.
1071 */
1072 if (net_ratelimit())
1073 printk(KERN_ERR "ppp: compressor dropped pkt\n");
1074 kfree_skb(skb);
1075 kfree_skb(new_skb);
1076 new_skb = NULL;
1077 }
1078 return new_skb;
1079}
1080
1030/* 1081/*
1031 * Compress and send a frame. 1082 * Compress and send a frame.
1032 * The caller should have locked the xmit path, 1083 * The caller should have locked the xmit path,
@@ -1113,29 +1164,14 @@ ppp_send_frame(struct ppp *ppp, struct sk_buff *skb)
1113 /* try to do packet compression */ 1164 /* try to do packet compression */
1114 if ((ppp->xstate & SC_COMP_RUN) && ppp->xc_state != 0 1165 if ((ppp->xstate & SC_COMP_RUN) && ppp->xc_state != 0
1115 && proto != PPP_LCP && proto != PPP_CCP) { 1166 && proto != PPP_LCP && proto != PPP_CCP) {
1116 new_skb = alloc_skb(ppp->dev->mtu + ppp->dev->hard_header_len, 1167 if (!(ppp->flags & SC_CCP_UP) && (ppp->flags & SC_MUST_COMP)) {
1117 GFP_ATOMIC); 1168 if (net_ratelimit())
1118 if (new_skb == 0) { 1169 printk(KERN_ERR "ppp: compression required but down - pkt dropped.\n");
1119 printk(KERN_ERR "PPP: no memory (comp pkt)\n");
1120 goto drop; 1170 goto drop;
1121 } 1171 }
1122 if (ppp->dev->hard_header_len > PPP_HDRLEN) 1172 skb = pad_compress_skb(ppp, skb);
1123 skb_reserve(new_skb, 1173 if (!skb)
1124 ppp->dev->hard_header_len - PPP_HDRLEN); 1174 goto drop;
1125
1126 /* compressor still expects A/C bytes in hdr */
1127 len = ppp->xcomp->compress(ppp->xc_state, skb->data - 2,
1128 new_skb->data, skb->len + 2,
1129 ppp->dev->mtu + PPP_HDRLEN);
1130 if (len > 0 && (ppp->flags & SC_CCP_UP)) {
1131 kfree_skb(skb);
1132 skb = new_skb;
1133 skb_put(skb, len);
1134 skb_pull(skb, 2); /* pull off A/C bytes */
1135 } else {
1136 /* didn't compress, or CCP not up yet */
1137 kfree_skb(new_skb);
1138 }
1139 } 1175 }
1140 1176
1141 /* 1177 /*
@@ -1155,7 +1191,8 @@ ppp_send_frame(struct ppp *ppp, struct sk_buff *skb)
1155 return; 1191 return;
1156 1192
1157 drop: 1193 drop:
1158 kfree_skb(skb); 1194 if (skb)
1195 kfree_skb(skb);
1159 ++ppp->stats.tx_errors; 1196 ++ppp->stats.tx_errors;
1160} 1197}
1161 1198
@@ -1552,6 +1589,9 @@ ppp_receive_nonmp_frame(struct ppp *ppp, struct sk_buff *skb)
1552 && (ppp->rstate & (SC_DC_FERROR | SC_DC_ERROR)) == 0) 1589 && (ppp->rstate & (SC_DC_FERROR | SC_DC_ERROR)) == 0)
1553 skb = ppp_decompress_frame(ppp, skb); 1590 skb = ppp_decompress_frame(ppp, skb);
1554 1591
1592 if (ppp->flags & SC_MUST_COMP && ppp->rstate & SC_DC_FERROR)
1593 goto err;
1594
1555 proto = PPP_PROTO(skb); 1595 proto = PPP_PROTO(skb);
1556 switch (proto) { 1596 switch (proto) {
1557 case PPP_VJC_COMP: 1597 case PPP_VJC_COMP:
diff --git a/drivers/net/ppp_mppe.c b/drivers/net/ppp_mppe.c
new file mode 100644
index 000000000000..1985d1b57c45
--- /dev/null
+++ b/drivers/net/ppp_mppe.c
@@ -0,0 +1,724 @@
1/*
2 * ppp_mppe.c - interface MPPE to the PPP code.
3 * This version is for use with Linux kernel 2.6.14+
4 *
5 * By Frank Cusack <fcusack@fcusack.com>.
6 * Copyright (c) 2002,2003,2004 Google, Inc.
7 * All rights reserved.
8 *
9 * License:
10 * Permission to use, copy, modify, and distribute this software and its
11 * documentation is hereby granted, provided that the above copyright
12 * notice appears in all copies. This software is provided without any
13 * warranty, express or implied.
14 *
15 * ALTERNATIVELY, provided that this notice is retained in full, this product
16 * may be distributed under the terms of the GNU General Public License (GPL),
17 * in which case the provisions of the GPL apply INSTEAD OF those given above.
18 *
19 * This program is free software; you can redistribute it and/or modify
20 * it under the terms of the GNU General Public License as published by
21 * the Free Software Foundation; either version 2 of the License, or
22 * (at your option) any later version.
23 *
24 * This program is distributed in the hope that it will be useful,
25 * but WITHOUT ANY WARRANTY; without even the implied warranty of
26 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
27 * GNU General Public License for more details.
28 *
29 * You should have received a copy of the GNU General Public License
30 * along with this program; if not, write to the Free Software
31 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
32 *
33 *
34 * Changelog:
35 * 08/12/05 - Matt Domsch <Matt_Domsch@dell.com>
36 * Only need extra skb padding on transmit, not receive.
37 * 06/18/04 - Matt Domsch <Matt_Domsch@dell.com>, Oleg Makarenko <mole@quadra.ru>
38 * Use Linux kernel 2.6 arc4 and sha1 routines rather than
39 * providing our own.
40 * 2/15/04 - TS: added #include <version.h> and testing for Kernel
41 * version before using
42 * MOD_DEC_USAGE_COUNT/MOD_INC_USAGE_COUNT which are
43 * deprecated in 2.6
44 */
45
46#include <linux/config.h>
47#include <linux/module.h>
48#include <linux/kernel.h>
49#include <linux/version.h>
50#include <linux/init.h>
51#include <linux/types.h>
52#include <linux/slab.h>
53#include <linux/string.h>
54#include <linux/crypto.h>
55#include <linux/mm.h>
56#include <linux/ppp_defs.h>
57#include <linux/ppp-comp.h>
58#include <asm/scatterlist.h>
59
60#include "ppp_mppe.h"
61
62MODULE_AUTHOR("Frank Cusack <fcusack@fcusack.com>");
63MODULE_DESCRIPTION("Point-to-Point Protocol Microsoft Point-to-Point Encryption support");
64MODULE_LICENSE("Dual BSD/GPL");
65MODULE_ALIAS("ppp-compress-" __stringify(CI_MPPE));
66MODULE_VERSION("1.0.2");
67
68static void
69setup_sg(struct scatterlist *sg, const void *address, unsigned int length)
70{
71 sg[0].page = virt_to_page(address);
72 sg[0].offset = offset_in_page(address);
73 sg[0].length = length;
74}
75
76#define SHA1_PAD_SIZE 40
77
78/*
79 * kernel crypto API needs its arguments to be in kmalloc'd memory, not in the module
80 * static data area. That means sha_pad needs to be kmalloc'd.
81 */
82
83struct sha_pad {
84 unsigned char sha_pad1[SHA1_PAD_SIZE];
85 unsigned char sha_pad2[SHA1_PAD_SIZE];
86};
87static struct sha_pad *sha_pad;
88
89static inline void sha_pad_init(struct sha_pad *shapad)
90{
91 memset(shapad->sha_pad1, 0x00, sizeof(shapad->sha_pad1));
92 memset(shapad->sha_pad2, 0xF2, sizeof(shapad->sha_pad2));
93}
94
95/*
96 * State for an MPPE (de)compressor.
97 */
98struct ppp_mppe_state {
99 struct crypto_tfm *arc4;
100 struct crypto_tfm *sha1;
101 unsigned char *sha1_digest;
102 unsigned char master_key[MPPE_MAX_KEY_LEN];
103 unsigned char session_key[MPPE_MAX_KEY_LEN];
104 unsigned keylen; /* key length in bytes */
105 /* NB: 128-bit == 16, 40-bit == 8! */
106 /* If we want to support 56-bit, */
107 /* the unit has to change to bits */
108 unsigned char bits; /* MPPE control bits */
109 unsigned ccount; /* 12-bit coherency count (seqno) */
110 unsigned stateful; /* stateful mode flag */
111 int discard; /* stateful mode packet loss flag */
112 int sanity_errors; /* take down LCP if too many */
113 int unit;
114 int debug;
115 struct compstat stats;
116};
117
118/* struct ppp_mppe_state.bits definitions */
119#define MPPE_BIT_A 0x80 /* Encryption table were (re)inititalized */
120#define MPPE_BIT_B 0x40 /* MPPC only (not implemented) */
121#define MPPE_BIT_C 0x20 /* MPPC only (not implemented) */
122#define MPPE_BIT_D 0x10 /* This is an encrypted frame */
123
124#define MPPE_BIT_FLUSHED MPPE_BIT_A
125#define MPPE_BIT_ENCRYPTED MPPE_BIT_D
126
127#define MPPE_BITS(p) ((p)[4] & 0xf0)
128#define MPPE_CCOUNT(p) ((((p)[4] & 0x0f) << 8) + (p)[5])
129#define MPPE_CCOUNT_SPACE 0x1000 /* The size of the ccount space */
130
131#define MPPE_OVHD 2 /* MPPE overhead/packet */
132#define SANITY_MAX 1600 /* Max bogon factor we will tolerate */
133
134/*
135 * Key Derivation, from RFC 3078, RFC 3079.
136 * Equivalent to Get_Key() for MS-CHAP as described in RFC 3079.
137 */
138static void get_new_key_from_sha(struct ppp_mppe_state * state, unsigned char *InterimKey)
139{
140 struct scatterlist sg[4];
141
142 setup_sg(&sg[0], state->master_key, state->keylen);
143 setup_sg(&sg[1], sha_pad->sha_pad1, sizeof(sha_pad->sha_pad1));
144 setup_sg(&sg[2], state->session_key, state->keylen);
145 setup_sg(&sg[3], sha_pad->sha_pad2, sizeof(sha_pad->sha_pad2));
146
147 crypto_digest_digest (state->sha1, sg, 4, state->sha1_digest);
148
149 memcpy(InterimKey, state->sha1_digest, state->keylen);
150}
151
152/*
153 * Perform the MPPE rekey algorithm, from RFC 3078, sec. 7.3.
154 * Well, not what's written there, but rather what they meant.
155 */
156static void mppe_rekey(struct ppp_mppe_state * state, int initial_key)
157{
158 unsigned char InterimKey[MPPE_MAX_KEY_LEN];
159 struct scatterlist sg_in[1], sg_out[1];
160
161 get_new_key_from_sha(state, InterimKey);
162 if (!initial_key) {
163 crypto_cipher_setkey(state->arc4, InterimKey, state->keylen);
164 setup_sg(sg_in, InterimKey, state->keylen);
165 setup_sg(sg_out, state->session_key, state->keylen);
166 if (crypto_cipher_encrypt(state->arc4, sg_out, sg_in,
167 state->keylen) != 0) {
168 printk(KERN_WARNING "mppe_rekey: cipher_encrypt failed\n");
169 }
170 } else {
171 memcpy(state->session_key, InterimKey, state->keylen);
172 }
173 if (state->keylen == 8) {
174 /* See RFC 3078 */
175 state->session_key[0] = 0xd1;
176 state->session_key[1] = 0x26;
177 state->session_key[2] = 0x9e;
178 }
179 crypto_cipher_setkey(state->arc4, state->session_key, state->keylen);
180}
181
182/*
183 * Allocate space for a (de)compressor.
184 */
185static void *mppe_alloc(unsigned char *options, int optlen)
186{
187 struct ppp_mppe_state *state;
188 unsigned int digestsize;
189
190 if (optlen != CILEN_MPPE + sizeof(state->master_key)
191 || options[0] != CI_MPPE || options[1] != CILEN_MPPE)
192 goto out;
193
194 state = (struct ppp_mppe_state *) kmalloc(sizeof(*state), GFP_KERNEL);
195 if (state == NULL)
196 goto out;
197
198 memset(state, 0, sizeof(*state));
199
200 state->arc4 = crypto_alloc_tfm("arc4", 0);
201 if (!state->arc4)
202 goto out_free;
203
204 state->sha1 = crypto_alloc_tfm("sha1", 0);
205 if (!state->sha1)
206 goto out_free;
207
208 digestsize = crypto_tfm_alg_digestsize(state->sha1);
209 if (digestsize < MPPE_MAX_KEY_LEN)
210 goto out_free;
211
212 state->sha1_digest = kmalloc(digestsize, GFP_KERNEL);
213 if (!state->sha1_digest)
214 goto out_free;
215
216 /* Save keys. */
217 memcpy(state->master_key, &options[CILEN_MPPE],
218 sizeof(state->master_key));
219 memcpy(state->session_key, state->master_key,
220 sizeof(state->master_key));
221
222 /*
223 * We defer initial key generation until mppe_init(), as mppe_alloc()
224 * is called frequently during negotiation.
225 */
226
227 return (void *)state;
228
229 out_free:
230 if (state->sha1_digest)
231 kfree(state->sha1_digest);
232 if (state->sha1)
233 crypto_free_tfm(state->sha1);
234 if (state->arc4)
235 crypto_free_tfm(state->arc4);
236 kfree(state);
237 out:
238 return NULL;
239}
240
241/*
242 * Deallocate space for a (de)compressor.
243 */
244static void mppe_free(void *arg)
245{
246 struct ppp_mppe_state *state = (struct ppp_mppe_state *) arg;
247 if (state) {
248 if (state->sha1_digest)
249 kfree(state->sha1_digest);
250 if (state->sha1)
251 crypto_free_tfm(state->sha1);
252 if (state->arc4)
253 crypto_free_tfm(state->arc4);
254 kfree(state);
255 }
256}
257
258/*
259 * Initialize (de)compressor state.
260 */
261static int
262mppe_init(void *arg, unsigned char *options, int optlen, int unit, int debug,
263 const char *debugstr)
264{
265 struct ppp_mppe_state *state = (struct ppp_mppe_state *) arg;
266 unsigned char mppe_opts;
267
268 if (optlen != CILEN_MPPE
269 || options[0] != CI_MPPE || options[1] != CILEN_MPPE)
270 return 0;
271
272 MPPE_CI_TO_OPTS(&options[2], mppe_opts);
273 if (mppe_opts & MPPE_OPT_128)
274 state->keylen = 16;
275 else if (mppe_opts & MPPE_OPT_40)
276 state->keylen = 8;
277 else {
278 printk(KERN_WARNING "%s[%d]: unknown key length\n", debugstr,
279 unit);
280 return 0;
281 }
282 if (mppe_opts & MPPE_OPT_STATEFUL)
283 state->stateful = 1;
284
285 /* Generate the initial session key. */
286 mppe_rekey(state, 1);
287
288 if (debug) {
289 int i;
290 char mkey[sizeof(state->master_key) * 2 + 1];
291 char skey[sizeof(state->session_key) * 2 + 1];
292
293 printk(KERN_DEBUG "%s[%d]: initialized with %d-bit %s mode\n",
294 debugstr, unit, (state->keylen == 16) ? 128 : 40,
295 (state->stateful) ? "stateful" : "stateless");
296
297 for (i = 0; i < sizeof(state->master_key); i++)
298 sprintf(mkey + i * 2, "%02x", state->master_key[i]);
299 for (i = 0; i < sizeof(state->session_key); i++)
300 sprintf(skey + i * 2, "%02x", state->session_key[i]);
301 printk(KERN_DEBUG
302 "%s[%d]: keys: master: %s initial session: %s\n",
303 debugstr, unit, mkey, skey);
304 }
305
306 /*
307 * Initialize the coherency count. The initial value is not specified
308 * in RFC 3078, but we can make a reasonable assumption that it will
309 * start at 0. Setting it to the max here makes the comp/decomp code
310 * do the right thing (determined through experiment).
311 */
312 state->ccount = MPPE_CCOUNT_SPACE - 1;
313
314 /*
315 * Note that even though we have initialized the key table, we don't
316 * set the FLUSHED bit. This is contrary to RFC 3078, sec. 3.1.
317 */
318 state->bits = MPPE_BIT_ENCRYPTED;
319
320 state->unit = unit;
321 state->debug = debug;
322
323 return 1;
324}
325
326static int
327mppe_comp_init(void *arg, unsigned char *options, int optlen, int unit,
328 int hdrlen, int debug)
329{
330 /* ARGSUSED */
331 return mppe_init(arg, options, optlen, unit, debug, "mppe_comp_init");
332}
333
334/*
335 * We received a CCP Reset-Request (actually, we are sending a Reset-Ack),
336 * tell the compressor to rekey. Note that we MUST NOT rekey for
337 * every CCP Reset-Request; we only rekey on the next xmit packet.
338 * We might get multiple CCP Reset-Requests if our CCP Reset-Ack is lost.
339 * So, rekeying for every CCP Reset-Request is broken as the peer will not
340 * know how many times we've rekeyed. (If we rekey and THEN get another
341 * CCP Reset-Request, we must rekey again.)
342 */
343static void mppe_comp_reset(void *arg)
344{
345 struct ppp_mppe_state *state = (struct ppp_mppe_state *) arg;
346
347 state->bits |= MPPE_BIT_FLUSHED;
348}
349
350/*
351 * Compress (encrypt) a packet.
352 * It's strange to call this a compressor, since the output is always
353 * MPPE_OVHD + 2 bytes larger than the input.
354 */
355static int
356mppe_compress(void *arg, unsigned char *ibuf, unsigned char *obuf,
357 int isize, int osize)
358{
359 struct ppp_mppe_state *state = (struct ppp_mppe_state *) arg;
360 int proto;
361 struct scatterlist sg_in[1], sg_out[1];
362
363 /*
364 * Check that the protocol is in the range we handle.
365 */
366 proto = PPP_PROTOCOL(ibuf);
367 if (proto < 0x0021 || proto > 0x00fa)
368 return 0;
369
370 /* Make sure we have enough room to generate an encrypted packet. */
371 if (osize < isize + MPPE_OVHD + 2) {
372 /* Drop the packet if we should encrypt it, but can't. */
373 printk(KERN_DEBUG "mppe_compress[%d]: osize too small! "
374 "(have: %d need: %d)\n", state->unit,
375 osize, osize + MPPE_OVHD + 2);
376 return -1;
377 }
378
379 osize = isize + MPPE_OVHD + 2;
380
381 /*
382 * Copy over the PPP header and set control bits.
383 */
384 obuf[0] = PPP_ADDRESS(ibuf);
385 obuf[1] = PPP_CONTROL(ibuf);
386 obuf[2] = PPP_COMP >> 8; /* isize + MPPE_OVHD + 1 */
387 obuf[3] = PPP_COMP; /* isize + MPPE_OVHD + 2 */
388 obuf += PPP_HDRLEN;
389
390 state->ccount = (state->ccount + 1) % MPPE_CCOUNT_SPACE;
391 if (state->debug >= 7)
392 printk(KERN_DEBUG "mppe_compress[%d]: ccount %d\n", state->unit,
393 state->ccount);
394 obuf[0] = state->ccount >> 8;
395 obuf[1] = state->ccount & 0xff;
396
397 if (!state->stateful || /* stateless mode */
398 ((state->ccount & 0xff) == 0xff) || /* "flag" packet */
399 (state->bits & MPPE_BIT_FLUSHED)) { /* CCP Reset-Request */
400 /* We must rekey */
401 if (state->debug && state->stateful)
402 printk(KERN_DEBUG "mppe_compress[%d]: rekeying\n",
403 state->unit);
404 mppe_rekey(state, 0);
405 state->bits |= MPPE_BIT_FLUSHED;
406 }
407 obuf[0] |= state->bits;
408 state->bits &= ~MPPE_BIT_FLUSHED; /* reset for next xmit */
409
410 obuf += MPPE_OVHD;
411 ibuf += 2; /* skip to proto field */
412 isize -= 2;
413
414 /* Encrypt packet */
415 setup_sg(sg_in, ibuf, isize);
416 setup_sg(sg_out, obuf, osize);
417 if (crypto_cipher_encrypt(state->arc4, sg_out, sg_in, isize) != 0) {
418 printk(KERN_DEBUG "crypto_cypher_encrypt failed\n");
419 return -1;
420 }
421
422 state->stats.unc_bytes += isize;
423 state->stats.unc_packets++;
424 state->stats.comp_bytes += osize;
425 state->stats.comp_packets++;
426
427 return osize;
428}
429
430/*
431 * Since every frame grows by MPPE_OVHD + 2 bytes, this is always going
432 * to look bad ... and the longer the link is up the worse it will get.
433 */
434static void mppe_comp_stats(void *arg, struct compstat *stats)
435{
436 struct ppp_mppe_state *state = (struct ppp_mppe_state *) arg;
437
438 *stats = state->stats;
439}
440
441static int
442mppe_decomp_init(void *arg, unsigned char *options, int optlen, int unit,
443 int hdrlen, int mru, int debug)
444{
445 /* ARGSUSED */
446 return mppe_init(arg, options, optlen, unit, debug, "mppe_decomp_init");
447}
448
449/*
450 * We received a CCP Reset-Ack. Just ignore it.
451 */
452static void mppe_decomp_reset(void *arg)
453{
454 /* ARGSUSED */
455 return;
456}
457
458/*
459 * Decompress (decrypt) an MPPE packet.
460 */
461static int
462mppe_decompress(void *arg, unsigned char *ibuf, int isize, unsigned char *obuf,
463 int osize)
464{
465 struct ppp_mppe_state *state = (struct ppp_mppe_state *) arg;
466 unsigned ccount;
467 int flushed = MPPE_BITS(ibuf) & MPPE_BIT_FLUSHED;
468 int sanity = 0;
469 struct scatterlist sg_in[1], sg_out[1];
470
471 if (isize <= PPP_HDRLEN + MPPE_OVHD) {
472 if (state->debug)
473 printk(KERN_DEBUG
474 "mppe_decompress[%d]: short pkt (%d)\n",
475 state->unit, isize);
476 return DECOMP_ERROR;
477 }
478
479 /*
480 * Make sure we have enough room to decrypt the packet.
481 * Note that for our test we only subtract 1 byte whereas in
482 * mppe_compress() we added 2 bytes (+MPPE_OVHD);
483 * this is to account for possible PFC.
484 */
485 if (osize < isize - MPPE_OVHD - 1) {
486 printk(KERN_DEBUG "mppe_decompress[%d]: osize too small! "
487 "(have: %d need: %d)\n", state->unit,
488 osize, isize - MPPE_OVHD - 1);
489 return DECOMP_ERROR;
490 }
491 osize = isize - MPPE_OVHD - 2; /* assume no PFC */
492
493 ccount = MPPE_CCOUNT(ibuf);
494 if (state->debug >= 7)
495 printk(KERN_DEBUG "mppe_decompress[%d]: ccount %d\n",
496 state->unit, ccount);
497
498 /* sanity checks -- terminate with extreme prejudice */
499 if (!(MPPE_BITS(ibuf) & MPPE_BIT_ENCRYPTED)) {
500 printk(KERN_DEBUG
501 "mppe_decompress[%d]: ENCRYPTED bit not set!\n",
502 state->unit);
503 state->sanity_errors += 100;
504 sanity = 1;
505 }
506 if (!state->stateful && !flushed) {
507 printk(KERN_DEBUG "mppe_decompress[%d]: FLUSHED bit not set in "
508 "stateless mode!\n", state->unit);
509 state->sanity_errors += 100;
510 sanity = 1;
511 }
512 if (state->stateful && ((ccount & 0xff) == 0xff) && !flushed) {
513 printk(KERN_DEBUG "mppe_decompress[%d]: FLUSHED bit not set on "
514 "flag packet!\n", state->unit);
515 state->sanity_errors += 100;
516 sanity = 1;
517 }
518
519 if (sanity) {
520 if (state->sanity_errors < SANITY_MAX)
521 return DECOMP_ERROR;
522 else
523 /*
524 * Take LCP down if the peer is sending too many bogons.
525 * We don't want to do this for a single or just a few
526 * instances since it could just be due to packet corruption.
527 */
528 return DECOMP_FATALERROR;
529 }
530
531 /*
532 * Check the coherency count.
533 */
534
535 if (!state->stateful) {
536 /* RFC 3078, sec 8.1. Rekey for every packet. */
537 while (state->ccount != ccount) {
538 mppe_rekey(state, 0);
539 state->ccount = (state->ccount + 1) % MPPE_CCOUNT_SPACE;
540 }
541 } else {
542 /* RFC 3078, sec 8.2. */
543 if (!state->discard) {
544 /* normal state */
545 state->ccount = (state->ccount + 1) % MPPE_CCOUNT_SPACE;
546 if (ccount != state->ccount) {
547 /*
548 * (ccount > state->ccount)
549 * Packet loss detected, enter the discard state.
550 * Signal the peer to rekey (by sending a CCP Reset-Request).
551 */
552 state->discard = 1;
553 return DECOMP_ERROR;
554 }
555 } else {
556 /* discard state */
557 if (!flushed) {
558 /* ccp.c will be silent (no additional CCP Reset-Requests). */
559 return DECOMP_ERROR;
560 } else {
561 /* Rekey for every missed "flag" packet. */
562 while ((ccount & ~0xff) !=
563 (state->ccount & ~0xff)) {
564 mppe_rekey(state, 0);
565 state->ccount =
566 (state->ccount +
567 256) % MPPE_CCOUNT_SPACE;
568 }
569
570 /* reset */
571 state->discard = 0;
572 state->ccount = ccount;
573 /*
574 * Another problem with RFC 3078 here. It implies that the
575 * peer need not send a Reset-Ack packet. But RFC 1962
576 * requires it. Hopefully, M$ does send a Reset-Ack; even
577 * though it isn't required for MPPE synchronization, it is
578 * required to reset CCP state.
579 */
580 }
581 }
582 if (flushed)
583 mppe_rekey(state, 0);
584 }
585
586 /*
587 * Fill in the first part of the PPP header. The protocol field
588 * comes from the decrypted data.
589 */
590 obuf[0] = PPP_ADDRESS(ibuf); /* +1 */
591 obuf[1] = PPP_CONTROL(ibuf); /* +1 */
592 obuf += 2;
593 ibuf += PPP_HDRLEN + MPPE_OVHD;
594 isize -= PPP_HDRLEN + MPPE_OVHD; /* -6 */
595 /* net osize: isize-4 */
596
597 /*
598 * Decrypt the first byte in order to check if it is
599 * a compressed or uncompressed protocol field.
600 */
601 setup_sg(sg_in, ibuf, 1);
602 setup_sg(sg_out, obuf, 1);
603 if (crypto_cipher_decrypt(state->arc4, sg_out, sg_in, 1) != 0) {
604 printk(KERN_DEBUG "crypto_cypher_decrypt failed\n");
605 return DECOMP_ERROR;
606 }
607
608 /*
609 * Do PFC decompression.
610 * This would be nicer if we were given the actual sk_buff
611 * instead of a char *.
612 */
613 if ((obuf[0] & 0x01) != 0) {
614 obuf[1] = obuf[0];
615 obuf[0] = 0;
616 obuf++;
617 osize++;
618 }
619
620 /* And finally, decrypt the rest of the packet. */
621 setup_sg(sg_in, ibuf + 1, isize - 1);
622 setup_sg(sg_out, obuf + 1, osize - 1);
623 if (crypto_cipher_decrypt(state->arc4, sg_out, sg_in, isize - 1) != 0) {
624 printk(KERN_DEBUG "crypto_cypher_decrypt failed\n");
625 return DECOMP_ERROR;
626 }
627
628 state->stats.unc_bytes += osize;
629 state->stats.unc_packets++;
630 state->stats.comp_bytes += isize;
631 state->stats.comp_packets++;
632
633 /* good packet credit */
634 state->sanity_errors >>= 1;
635
636 return osize;
637}
638
639/*
640 * Incompressible data has arrived (this should never happen!).
641 * We should probably drop the link if the protocol is in the range
642 * of what should be encrypted. At the least, we should drop this
643 * packet. (How to do this?)
644 */
645static void mppe_incomp(void *arg, unsigned char *ibuf, int icnt)
646{
647 struct ppp_mppe_state *state = (struct ppp_mppe_state *) arg;
648
649 if (state->debug &&
650 (PPP_PROTOCOL(ibuf) >= 0x0021 && PPP_PROTOCOL(ibuf) <= 0x00fa))
651 printk(KERN_DEBUG
652 "mppe_incomp[%d]: incompressible (unencrypted) data! "
653 "(proto %04x)\n", state->unit, PPP_PROTOCOL(ibuf));
654
655 state->stats.inc_bytes += icnt;
656 state->stats.inc_packets++;
657 state->stats.unc_bytes += icnt;
658 state->stats.unc_packets++;
659}
660
661/*************************************************************
662 * Module interface table
663 *************************************************************/
664
665/*
666 * Procedures exported to if_ppp.c.
667 */
668static struct compressor ppp_mppe = {
669 .compress_proto = CI_MPPE,
670 .comp_alloc = mppe_alloc,
671 .comp_free = mppe_free,
672 .comp_init = mppe_comp_init,
673 .comp_reset = mppe_comp_reset,
674 .compress = mppe_compress,
675 .comp_stat = mppe_comp_stats,
676 .decomp_alloc = mppe_alloc,
677 .decomp_free = mppe_free,
678 .decomp_init = mppe_decomp_init,
679 .decomp_reset = mppe_decomp_reset,
680 .decompress = mppe_decompress,
681 .incomp = mppe_incomp,
682 .decomp_stat = mppe_comp_stats,
683 .owner = THIS_MODULE,
684 .comp_extra = MPPE_PAD,
685};
686
687/*
688 * ppp_mppe_init()
689 *
690 * Prior to allowing load, try to load the arc4 and sha1 crypto
691 * libraries. The actual use will be allocated later, but
692 * this way the module will fail to insmod if they aren't available.
693 */
694
695static int __init ppp_mppe_init(void)
696{
697 int answer;
698 if (!(crypto_alg_available("arc4", 0) &&
699 crypto_alg_available("sha1", 0)))
700 return -ENODEV;
701
702 sha_pad = kmalloc(sizeof(struct sha_pad), GFP_KERNEL);
703 if (!sha_pad)
704 return -ENOMEM;
705 sha_pad_init(sha_pad);
706
707 answer = ppp_register_compressor(&ppp_mppe);
708
709 if (answer == 0)
710 printk(KERN_INFO "PPP MPPE Compression module registered\n");
711 else
712 kfree(sha_pad);
713
714 return answer;
715}
716
717static void __exit ppp_mppe_cleanup(void)
718{
719 ppp_unregister_compressor(&ppp_mppe);
720 kfree(sha_pad);
721}
722
723module_init(ppp_mppe_init);
724module_exit(ppp_mppe_cleanup);
diff --git a/drivers/net/ppp_mppe.h b/drivers/net/ppp_mppe.h
new file mode 100644
index 000000000000..7a14e058c668
--- /dev/null
+++ b/drivers/net/ppp_mppe.h
@@ -0,0 +1,86 @@
1#define MPPE_PAD 4 /* MPPE growth per frame */
2#define MPPE_MAX_KEY_LEN 16 /* largest key length (128-bit) */
3
4/* option bits for ccp_options.mppe */
5#define MPPE_OPT_40 0x01 /* 40 bit */
6#define MPPE_OPT_128 0x02 /* 128 bit */
7#define MPPE_OPT_STATEFUL 0x04 /* stateful mode */
8/* unsupported opts */
9#define MPPE_OPT_56 0x08 /* 56 bit */
10#define MPPE_OPT_MPPC 0x10 /* MPPC compression */
11#define MPPE_OPT_D 0x20 /* Unknown */
12#define MPPE_OPT_UNSUPPORTED (MPPE_OPT_56|MPPE_OPT_MPPC|MPPE_OPT_D)
13#define MPPE_OPT_UNKNOWN 0x40 /* Bits !defined in RFC 3078 were set */
14
15/*
16 * This is not nice ... the alternative is a bitfield struct though.
17 * And unfortunately, we cannot share the same bits for the option
18 * names above since C and H are the same bit. We could do a u_int32
19 * but then we have to do a htonl() all the time and/or we still need
20 * to know which octet is which.
21 */
22#define MPPE_C_BIT 0x01 /* MPPC */
23#define MPPE_D_BIT 0x10 /* Obsolete, usage unknown */
24#define MPPE_L_BIT 0x20 /* 40-bit */
25#define MPPE_S_BIT 0x40 /* 128-bit */
26#define MPPE_M_BIT 0x80 /* 56-bit, not supported */
27#define MPPE_H_BIT 0x01 /* Stateless (in a different byte) */
28
29/* Does not include H bit; used for least significant octet only. */
30#define MPPE_ALL_BITS (MPPE_D_BIT|MPPE_L_BIT|MPPE_S_BIT|MPPE_M_BIT|MPPE_H_BIT)
31
32/* Build a CI from mppe opts (see RFC 3078) */
33#define MPPE_OPTS_TO_CI(opts, ci) \
34 do { \
35 u_char *ptr = ci; /* u_char[4] */ \
36 \
37 /* H bit */ \
38 if (opts & MPPE_OPT_STATEFUL) \
39 *ptr++ = 0x0; \
40 else \
41 *ptr++ = MPPE_H_BIT; \
42 *ptr++ = 0; \
43 *ptr++ = 0; \
44 \
45 /* S,L bits */ \
46 *ptr = 0; \
47 if (opts & MPPE_OPT_128) \
48 *ptr |= MPPE_S_BIT; \
49 if (opts & MPPE_OPT_40) \
50 *ptr |= MPPE_L_BIT; \
51 /* M,D,C bits not supported */ \
52 } while (/* CONSTCOND */ 0)
53
54/* The reverse of the above */
55#define MPPE_CI_TO_OPTS(ci, opts) \
56 do { \
57 u_char *ptr = ci; /* u_char[4] */ \
58 \
59 opts = 0; \
60 \
61 /* H bit */ \
62 if (!(ptr[0] & MPPE_H_BIT)) \
63 opts |= MPPE_OPT_STATEFUL; \
64 \
65 /* S,L bits */ \
66 if (ptr[3] & MPPE_S_BIT) \
67 opts |= MPPE_OPT_128; \
68 if (ptr[3] & MPPE_L_BIT) \
69 opts |= MPPE_OPT_40; \
70 \
71 /* M,D,C bits */ \
72 if (ptr[3] & MPPE_M_BIT) \
73 opts |= MPPE_OPT_56; \
74 if (ptr[3] & MPPE_D_BIT) \
75 opts |= MPPE_OPT_D; \
76 if (ptr[3] & MPPE_C_BIT) \
77 opts |= MPPE_OPT_MPPC; \
78 \
79 /* Other bits */ \
80 if (ptr[0] & ~MPPE_H_BIT) \
81 opts |= MPPE_OPT_UNKNOWN; \
82 if (ptr[1] || ptr[2]) \
83 opts |= MPPE_OPT_UNKNOWN; \
84 if (ptr[3] & ~MPPE_ALL_BITS) \
85 opts |= MPPE_OPT_UNKNOWN; \
86 } while (/* CONSTCOND */ 0)