Attachment #36623 for bug #58795

View | Details | Raw Unified | Return to bug 58795
Collapse All | Expand All

Lines 2410-2415 Link Here

(-)linux/drivers/net/Kconfig (+6 lines)
2410	module; it is called bsd_comp and will show up in the directory	2410	module; it is called bsd_comp and will show up in the directory
2411	modules once you have said "make modules". If unsure, say N.	2411	modules once you have said "make modules". If unsure, say N.
2412		2412
		2413	config PPP_MPPE
		2414	tristate "PPP MPPE compression (encryption)"
		2415	depends on PPP
		2416	---help---
		2417	Support for the MPPE Encryption protocol.
		2418
2413	config PPPOE	2419	config PPPOE
2414	tristate "PPP over Ethernet (EXPERIMENTAL)"	2420	tristate "PPP over Ethernet (EXPERIMENTAL)"
2415	depends on EXPERIMENTAL && PPP	2421	depends on EXPERIMENTAL && PPP

Lines 100-105 Link Here

(-)linux/drivers/net/Makefile (+2 lines)
100	obj-$(CONFIG_PPP_SYNC_TTY) += ppp_synctty.o	100	obj-$(CONFIG_PPP_SYNC_TTY) += ppp_synctty.o
101	obj-$(CONFIG_PPP_DEFLATE) += ppp_deflate.o	101	obj-$(CONFIG_PPP_DEFLATE) += ppp_deflate.o
102	obj-$(CONFIG_PPP_BSDCOMP) += bsd_comp.o	102	obj-$(CONFIG_PPP_BSDCOMP) += bsd_comp.o
		103	obj-$(CONFIG_PPP_MPPE) += ppp_mppe.o
		104	ppp_mppe-objs := ppp_mppe_compress.o sha1.o arcfour.o
103	obj-$(CONFIG_PPPOE) += pppox.o pppoe.o	105	obj-$(CONFIG_PPPOE) += pppox.o pppoe.o
104		106
105	obj-$(CONFIG_SLIP) += slip.o	107	obj-$(CONFIG_SLIP) += slip.o




/*
 * arcfour.c
 * by Frank Cusack <frank@google.com>
 * 100% public domain
 *
 * Implemented from the description in _Applied Cryptography_, 2nd ed.
 *
 * ** Distribution ** of this software is unlimited and unrestricted.
 *
 * ** Use ** of this software is almost certainly legal; however, refer
 * to <http://theory.lcs.mit.edu/~rivest/faq.html>.
 */

#include "arcfour.h"
#if defined(__linux__)
#include <linux/string.h>
#endif

#define swap(a, b)		\
{				\
    unsigned char t = b;	\
    b = a;			\
    a = t;			\
}

/*
 * Initialize arcfour from a key.
 */
void
arcfour_setkey(arcfour_context *context, const unsigned char *key,
	       unsigned keylen)
{
    unsigned i, j;
    unsigned char K[256];

    context->i = context->j = 0;

    for (i = 0; i < 256; i++) {
	context->S[i] = i;
	K[i] = key[i % keylen];
    }

    j = 0;
    for (i = 0; i < 256; i++) {
	j = (j + context->S[i] + K[i]) % 256;
	swap(context->S[i], context->S[j]);
    }

    memset(K, 0, sizeof(K));
}

/*
 * plaintext -> ciphertext (or vice versa)
 */
void
arcfour_encrypt(arcfour_context *context, const unsigned char *in, unsigned len,
		unsigned char *out)
{
    unsigned i = context->i;
    unsigned j = context->j;
    unsigned char *S = context->S;
    unsigned char K;

    while (len--) {
	i = (i + 1) % 256;
	j = (j + S[i]) % 256;
	swap(S[i], S[j]);
	K = S[(S[i] + S[j]) % 256];
	*out++ = *in++ ^ K;
    }

    context->i = i;
    context->j = j;
}





/* arcfour.h */

#ifndef _ARCFOUR_H
#define _ARCFOUR_H

typedef struct {
    unsigned i;
    unsigned j;
    unsigned char S[256];
} arcfour_context;

extern void arcfour_setkey(arcfour_context *, const unsigned char *, unsigned);
extern void arcfour_encrypt(arcfour_context *, const unsigned char *, unsigned,
			    unsigned char *);
#define arcfour_decrypt arcfour_encrypt

#endif /* _ARCFOUR_H */




 /*
 * Definitions for MPPE.
 */

#define CI_MPPE                        18      /* config option for MPPE */
#define CILEN_MPPE             6       /* length of config option */

#define MPPE_PAD               8       /* MPPE growth per frame */
#define MPPE_MAX_KEY_LEN       16      /* largest key length (128-bit) */

/* option bits for ccp_options.mppe */
#define MPPE_OPT_40            0x01    /* 40 bit */
#define MPPE_OPT_128           0x02    /* 128 bit */
#define MPPE_OPT_STATEFUL      0x04    /* stateful mode */
/* unsupported opts */
#define MPPE_OPT_56            0x08    /* 56 bit */
#define MPPE_OPT_MPPC          0x10    /* MPPC compression */
#define MPPE_OPT_D             0x20    /* Unknown */
#define MPPE_OPT_UNSUPPORTED (MPPE_OPT_56|MPPE_OPT_MPPC|MPPE_OPT_D)
#define MPPE_OPT_UNKNOWN       0x40    /* Bits !defined in RFC 3078 were set */

/*
 * This is not nice ... the alternative is a bitfield struct though.
 * And unfortunately, we cannot share the same bits for the option
 * names above since C and H are the same bit.  We could do a u_int32
 * but then we have to do a htonl() all the time and/or we still need
 * to know which octet is which.
 */
#define MPPE_C_BIT             0x01    /* MPPC */
#define MPPE_D_BIT             0x10    /* Obsolete, usage unknown */
#define MPPE_L_BIT             0x20    /* 40-bit */
#define MPPE_S_BIT             0x40    /* 128-bit */
#define MPPE_M_BIT             0x80    /* 56-bit, not supported */
#define MPPE_H_BIT             0x01    /* Stateless (in a different byte) */

/* Does not include H bit; used for least significant octet only. */
#define MPPE_ALL_BITS (MPPE_D_BIT|MPPE_L_BIT|MPPE_S_BIT|MPPE_M_BIT|MPPE_H_BIT)

/* Build a CI from mppe opts (see RFC 3078) */
#define MPPE_OPTS_TO_CI(opts, ci)              \
    do {                                       \
       u_char *ptr = ci; /* u_char[4] */       \
                                               \
       /* H bit */                             \
       if (opts & MPPE_OPT_STATEFUL)           \
           *ptr++ = 0x0;                       \
       else                                    \
           *ptr++ = MPPE_H_BIT;                \
       *ptr++ = 0;                             \
       *ptr++ = 0;                             \
                                               \
       /* S,L bits */                          \
       *ptr = 0;                               \
       if (opts & MPPE_OPT_128)                \
           *ptr |= MPPE_S_BIT;                 \
       if (opts & MPPE_OPT_40)                 \
           *ptr |= MPPE_L_BIT;                 \
       /* M,D,C bits not supported */          \
    } while (/* CONSTCOND */ 0)

/* The reverse of the above */
#define MPPE_CI_TO_OPTS(ci, opts)              \
    do {                                       \
       u_char *ptr = ci; /* u_char[4] */       \
                                               \
       opts = 0;                               \
                                               \
       /* H bit */                             \
       if (!(ptr[0] & MPPE_H_BIT))             \
           opts |= MPPE_OPT_STATEFUL;          \
                                               \
       /* S,L bits */                          \
       if (ptr[3] & MPPE_S_BIT)                \
           opts |= MPPE_OPT_128;               \
       if (ptr[3] & MPPE_L_BIT)                \
           opts |= MPPE_OPT_40;                \
                                               \
       /* M,D,C bits */                        \
       if (ptr[3] & MPPE_M_BIT)                \
           opts |= MPPE_OPT_56;                \
       if (ptr[3] & MPPE_D_BIT)                \
           opts |= MPPE_OPT_D;                 \
       if (ptr[3] & MPPE_C_BIT)                \
           opts |= MPPE_OPT_MPPC;              \
                                               \
       /* Other bits */                        \
       if (ptr[0] & ~MPPE_H_BIT)               \
           opts |= MPPE_OPT_UNKNOWN;           \
       if (ptr[1] || ptr[2])                   \
           opts |= MPPE_OPT_UNKNOWN;           \
       if (ptr[3] & ~MPPE_ALL_BITS)            \
           opts |= MPPE_OPT_UNKNOWN;           \
    } while (/* CONSTCOND */ 0)

Lines 36-41 Link Here

(-)linux/drivers/net/ppp_generic.c (-5 / +25 lines)
36	#include <linux/if_ppp.h>	36	#include <linux/if_ppp.h>
37	#include <linux/ppp_channel.h>	37	#include <linux/ppp_channel.h>
38	#include <linux/ppp-comp.h>	38	#include <linux/ppp-comp.h>
		39	#include "ppp-comp-local.h"
39	#include <linux/skbuff.h>	40	#include <linux/skbuff.h>
40	#include <linux/rtnetlink.h>	41	#include <linux/rtnetlink.h>
41	#include <linux/if_arp.h>	42	#include <linux/if_arp.h>
Lines 1066-1073 Link Here
1066	/* try to do packet compression */	1067	/* try to do packet compression */
1067	if ((ppp->xstate & SC_COMP_RUN) && ppp->xc_state != 0	1068	if ((ppp->xstate & SC_COMP_RUN) && ppp->xc_state != 0
1068	&& proto != PPP_LCP && proto != PPP_CCP) {	1069	&& proto != PPP_LCP && proto != PPP_CCP) {
1069	new_skb = alloc_skb(ppp->dev->mtu + ppp->dev->hard_header_len,	1070	int new_skb_size = ppp->dev->mtu + ppp->dev->hard_header_len;
1070	GFP_ATOMIC);	1071	int compressor_skb_size = ppp->dev->mtu + PPP_HDRLEN;
		1072
		1073	if (ppp->xcomp->compress_proto == CI_MPPE) {
		1074	/* CCP [must have] reduced MTU by MPPE_PAD. */
		1075	new_skb_size += MPPE_PAD;
		1076	compressor_skb_size += MPPE_PAD;
		1077	}
		1078	new_skb = alloc_skb(new_skb_size, GFP_ATOMIC);
1071	if (new_skb == 0) {	1079	if (new_skb == 0) {
1072	printk(KERN_ERR "PPP: no memory (comp pkt)\n");	1080	printk(KERN_ERR "PPP: no memory (comp pkt)\n");
1073	goto drop;	1081	goto drop;
Lines 1079-1093 Link Here
1079	/* compressor still expects A/C bytes in hdr */	1087	/* compressor still expects A/C bytes in hdr */
1080	len = ppp->xcomp->compress(ppp->xc_state, skb->data - 2,	1088	len = ppp->xcomp->compress(ppp->xc_state, skb->data - 2,
1081	new_skb->data, skb->len + 2,	1089	new_skb->data, skb->len + 2,
1082	ppp->dev->mtu + PPP_HDRLEN);	1090	compressor_skb_size);
1083	if (len > 0 && (ppp->flags & SC_CCP_UP)) {	1091	if (len > 0 && (ppp->flags & SC_CCP_UP)) {
1084	kfree_skb(skb);	1092	kfree_skb(skb);
1085	skb = new_skb;	1093	skb = new_skb;
1086	skb_put(skb, len);	1094	skb_put(skb, len);
1087	skb_pull(skb, 2); /* pull off A/C bytes */	1095	skb_pull(skb, 2); /* pull off A/C bytes */
1088	} else {	1096	} else if (len == 0) {
1089	/* didn't compress, or CCP not up yet */	1097	/* didn't compress, or CCP not up yet */
1090	kfree_skb(new_skb);	1098	kfree_skb(new_skb);
		1099	} else {
		1100	/*
		1101	* (len < 0)
		1102	* MPPE requires that we do not send unencrypted
		1103	* frames. The compressor will return -1 if we
		1104	* should drop the frame. We cannot simply test
		1105	* the compress_proto because MPPE and MPPC share
		1106	* the same number.
		1107	*/
		1108	printk(KERN_ERR "ppp: compressor dropped pkt\n");
		1109	kfree_skb(new_skb);
		1110	goto drop;
1091	}	1111	}
1092	}	1112	}
1093		1113
Lines 1596-1602 Link Here
1596	goto err;	1616	goto err;
1597		1617
1598	if (proto == PPP_COMP) {	1618	if (proto == PPP_COMP) {
1599	ns = dev_alloc_skb(ppp->mru + PPP_HDRLEN);	1619	ns = dev_alloc_skb(ppp->mru + 128 + PPP_HDRLEN);
1600	if (ns == 0) {	1620	if (ns == 0) {
1601	printk(KERN_ERR "ppp_decompress_frame: no memory\n");	1621	printk(KERN_ERR "ppp_decompress_frame: no memory\n");
1602	goto err;	1622	goto err;




/*
 * ppp_mppe_compress.c - interface MPPE to the PPP code.
 * This version is for use with Linux kernel 2.2.19+, 2.4.18+ and 2.6.2+.
 *
 * By Frank Cusack <frank@google.com>.
 * Copyright (c) 2002,2003,2004 Google, Inc.
 * All rights reserved.
 *
 * Permission to use, copy, modify, and distribute this software and its
 * documentation is hereby granted, provided that the above copyright
 * notice appears in all copies.  This software is provided without any
 * warranty, express or implied.
 *
 * Changelog:
 *      2/15/04 - TS: added #include <version.h> and testing for Kernel
 *                    version before using 
 *                    MOD_DEC_USAGE_COUNT/MOD_INC_USAGE_COUNT which are
 *                    deprecated in 2.6
 */

#include <linux/module.h>
#include <linux/kernel.h>
#include <linux/version.h>
#include <linux/init.h>
#include <linux/types.h>
#include <linux/slab.h>
#include <linux/string.h>

#include <linux/ppp_defs.h>
#include <linux/ppp-comp.h>
#include "ppp-comp-local.h"

#include "arcfour.h"
#include "sha1.h"

/*
 * State for an MPPE (de)compressor.
 */
typedef struct ppp_mppe_state {
    unsigned char	master_key[MPPE_MAX_KEY_LEN];
    unsigned char	session_key[MPPE_MAX_KEY_LEN];
    arcfour_context	arcfour_context; /* encryption state */
    unsigned		keylen;		/* key length in bytes             */
					/* NB: 128-bit == 16, 40-bit == 8! */
					/* If we want to support 56-bit,   */
					/* the unit has to change to bits  */
    unsigned char	bits;		/* MPPE control bits */
    unsigned		ccount;		/* 12-bit coherency count (seqno)  */
    unsigned		stateful;	/* stateful mode flag */
    int			discard;	/* stateful mode packet loss flag */
    int			sanity_errors;	/* take down LCP if too many */
    int			unit;
    int			debug;
    struct compstat	stats;
} ppp_mppe_state;

/* ppp_mppe_state.bits definitions */
#define MPPE_BIT_A	0x80	/* Encryption table were (re)inititalized */
#define MPPE_BIT_B	0x40	/* MPPC only (not implemented) */
#define MPPE_BIT_C	0x20	/* MPPC only (not implemented) */
#define MPPE_BIT_D	0x10	/* This is an encrypted frame */

#define MPPE_BIT_FLUSHED	MPPE_BIT_A
#define MPPE_BIT_ENCRYPTED	MPPE_BIT_D

#define MPPE_BITS(p) ((p)[4] & 0xf0)
#define MPPE_CCOUNT(p) ((((p)[4] & 0x0f) << 8) + (p)[5])
#define MPPE_CCOUNT_SPACE 0x1000	/* The size of the ccount space */

#define MPPE_OVHD	2		/* MPPE overhead/packet */
#define SANITY_MAX	1600		/* Max bogon factor we will tolerate */

static void	GetNewKeyFromSHA __P((unsigned char *StartKey,
				      unsigned char *SessionKey,
				      unsigned SessionKeyLength,
				      unsigned char *InterimKey));
static void	mppe_rekey __P((ppp_mppe_state *state, int));
static void	*mppe_alloc __P((unsigned char *options, int optlen));
static void	mppe_free __P((void *state));
static int	mppe_init __P((void *state, unsigned char *options,
			       int optlen, int unit, int debug, const char *));
static int	mppe_comp_init __P((void *state, unsigned char *options,
				    int optlen,
				    int unit, int hdrlen, int debug));
static int	mppe_decomp_init __P((void *state, unsigned char *options,
				      int optlen, int unit,
				      int hdrlen, int mru, int debug));
static int	mppe_compress __P((void *state, unsigned char *ibuf,
				   unsigned char *obuf,
				   int isize, int osize));
static void	mppe_incomp __P((void *state, unsigned char *ibuf, int icnt));
static int	mppe_decompress __P((void *state, unsigned char *ibuf,
				     int isize, unsigned char *obuf,int osize));
static void	mppe_comp_reset __P((void *state));
static void	mppe_decomp_reset __P((void *state));
static void	mppe_comp_stats __P((void *state, struct compstat *stats));


/*
 * Key Derivation, from RFC 3078, RFC 3079.
 * Equivalent to Get_Key() for MS-CHAP as described in RFC 3079.
 */
static void
GetNewKeyFromSHA(unsigned char *MasterKey, unsigned char *SessionKey,
		 unsigned SessionKeyLength, unsigned char *InterimKey)
{
    SHA1_CTX Context;
    unsigned char Digest[SHA1_SIGNATURE_SIZE];

    unsigned char SHApad1[40] =
    { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
      0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
      0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
      0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 };
    unsigned char SHApad2[40] =
    { 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2,
      0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2,
      0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2,
      0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2 };

    /* assert(SessionKeyLength <= SHA1_SIGNATURE_SIZE); */

    SHA1_Init(&Context);
    SHA1_Update(&Context, MasterKey, SessionKeyLength);
    SHA1_Update(&Context, SHApad1, sizeof(SHApad1));
    SHA1_Update(&Context, SessionKey, SessionKeyLength);
    SHA1_Update(&Context, SHApad2, sizeof(SHApad2));
    SHA1_Final(Digest, &Context);

    memcpy(InterimKey, Digest, SessionKeyLength);
}

/*
 * Perform the MPPE rekey algorithm, from RFC 3078, sec. 7.3.
 * Well, not what's written there, but rather what they meant.
 */
static void
mppe_rekey(ppp_mppe_state *state, int initial_key)
{
    unsigned char InterimKey[MPPE_MAX_KEY_LEN];

    GetNewKeyFromSHA(state->master_key, state->session_key,
		     state->keylen, InterimKey);
    if (!initial_key) {
	arcfour_setkey(&state->arcfour_context, InterimKey, state->keylen);
	arcfour_encrypt(&state->arcfour_context, InterimKey, state->keylen,
			state->session_key);
    } else {
	memcpy(state->session_key, InterimKey, state->keylen);
    }
    if (state->keylen == 8) {
	/* See RFC 3078 */
	state->session_key[0] = 0xd1;
	state->session_key[1] = 0x26;
	state->session_key[2] = 0x9e;
    }
    arcfour_setkey(&state->arcfour_context, state->session_key, state->keylen);
}


/*
 * Allocate space for a (de)compressor.
 */
static void *
mppe_alloc(unsigned char *options, int optlen)
{
    ppp_mppe_state *state;

    if (optlen != CILEN_MPPE + sizeof(state->master_key)
	|| options[0] != CI_MPPE
	|| options[1] != CILEN_MPPE)
	return NULL;

    state = (ppp_mppe_state *) kmalloc(sizeof(*state), GFP_KERNEL);
    if (state == NULL)
	return NULL;

#if (LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0))
    try_module_get(THIS_MODULE);
#else
    MOD_INC_USE_COUNT;
#endif
    memset(state, 0, sizeof(*state));

    /* Save keys. */
    memcpy(state->master_key, &options[CILEN_MPPE], sizeof(state->master_key));
    memcpy(state->session_key, state->master_key, sizeof(state->master_key));
    /*
     * We defer initial key generation until mppe_init(), as mppe_alloc()
     * is called frequently during negotiation.
     */

    return (void *) state;
}

/*
 * Deallocate space for a (de)compressor.
 */
static void
mppe_free(void *arg)
{
    ppp_mppe_state *state = (ppp_mppe_state *) arg;

    if (state) {
	kfree(state);
#if (LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0))
	module_put(THIS_MODULE);
#else
	MOD_DEC_USE_COUNT;
#endif
    }
}


/* 
 * Initialize (de)compressor state.
 */
static int
mppe_init(void *arg, unsigned char *options, int optlen, int unit, int debug,
	  const char *debugstr)
{
    ppp_mppe_state *state = (ppp_mppe_state *) arg;
    unsigned char mppe_opts;

    if (optlen != CILEN_MPPE
	|| options[0] != CI_MPPE
	|| options[1] != CILEN_MPPE)
	return 0;

    MPPE_CI_TO_OPTS(&options[2], mppe_opts);
    if (mppe_opts & MPPE_OPT_128)
	state->keylen = 16;
    else if (mppe_opts & MPPE_OPT_40)
	state->keylen = 8;
    else {
	printk(KERN_WARNING "%s[%d]: unknown key length\n", debugstr, unit);
	return 0;
    }
    if (mppe_opts & MPPE_OPT_STATEFUL)
	state->stateful = 1;

    /* Generate the initial session key. */
    mppe_rekey(state, 1);

    if (debug) {
	int i;
	char mkey[sizeof(state->master_key) * 2 + 1];
	char skey[sizeof(state->session_key) * 2 + 1];

	printk(KERN_DEBUG "%s[%d]: initialized with %d-bit %s mode\n", debugstr,
	       unit, (state->keylen == 16)? 128: 40,
	       (state->stateful)? "stateful": "stateless");

	for (i = 0; i < sizeof(state->master_key); i++)
	    sprintf(mkey + i * 2, "%.2x", state->master_key[i]);
	for (i = 0; i < sizeof(state->session_key); i++)
	    sprintf(skey + i * 2, "%.2x", state->session_key[i]);
	printk(KERN_DEBUG "%s[%d]: keys: master: %s initial session: %s\n",
	       debugstr, unit, mkey, skey);
    }

    /*
     * Initialize the coherency count.  The initial value is not specified
     * in RFC 3078, but we can make a reasonable assumption that it will
     * start at 0.  Setting it to the max here makes the comp/decomp code
     * do the right thing (determined through experiment).
     */
    state->ccount = MPPE_CCOUNT_SPACE - 1;

    /*
     * Note that even though we have initialized the key table, we don't
     * set the FLUSHED bit.  This is contrary to RFC 3078, sec. 3.1.
     */
    state->bits = MPPE_BIT_ENCRYPTED;

    state->unit  = unit;
    state->debug = debug;

    return 1;
}



static int
mppe_comp_init(void *arg, unsigned char *options, int optlen, int unit,
	       int hdrlen, int debug)
{
    /* ARGSUSED */
    return mppe_init(arg, options, optlen, unit, debug, "mppe_comp_init");
}

/*
 * We received a CCP Reset-Request (actually, we are sending a Reset-Ack),
 * tell the compressor to rekey.  Note that we MUST NOT rekey for
 * every CCP Reset-Request; we only rekey on the next xmit packet.
 * We might get multiple CCP Reset-Requests if our CCP Reset-Ack is lost.
 * So, rekeying for every CCP Reset-Request is broken as the peer will not
 * know how many times we've rekeyed.  (If we rekey and THEN get another
 * CCP Reset-Request, we must rekey again.)
 */
static void
mppe_comp_reset(void *arg)
{
    ppp_mppe_state *state = (ppp_mppe_state *) arg;

    state->bits |= MPPE_BIT_FLUSHED;
}

/*
 * Compress (encrypt) a packet.
 * It's strange to call this a compressor, since the output is always
 * MPPE_OVHD + 2 bytes larger than the input.
 */
int
mppe_compress(void *arg, unsigned char *ibuf, unsigned char *obuf,
	      int isize, int osize)
{
    ppp_mppe_state *state = (ppp_mppe_state *) arg;
    int proto;

    /*
     * Check that the protocol is in the range we handle.
     */
    proto = PPP_PROTOCOL(ibuf);
    if (proto < 0x0021 || proto > 0x00fa)
	return 0;

    /* Make sure we have enough room to generate an encrypted packet. */
    if (osize < isize + MPPE_OVHD + 2) {
	/* Drop the packet if we should encrypt it, but can't. */
	printk(KERN_DEBUG "mppe_compress[%d]: osize too small! "
	       "(have: %d need: %d)\n", state->unit,
	       osize, osize + MPPE_OVHD + 2);
	return -1;
    }

    osize = isize + MPPE_OVHD + 2;

    /*
     * Copy over the PPP header and set control bits.
     */
    obuf[0] = PPP_ADDRESS(ibuf);
    obuf[1] = PPP_CONTROL(ibuf);
    obuf[2] = PPP_COMP >> 8;		/* isize + MPPE_OVHD + 1 */
    obuf[3] = PPP_COMP;			/* isize + MPPE_OVHD + 2 */
    obuf += PPP_HDRLEN;

    state->ccount = (state->ccount + 1) % MPPE_CCOUNT_SPACE;
    if (state->debug >= 7)
	printk(KERN_DEBUG "mppe_compress[%d]: ccount %d\n", state->unit,
	       state->ccount);
    obuf[0] = state->ccount >> 8;
    obuf[1] = state->ccount & 0xff;

    if (!state->stateful ||			/* stateless mode     */
	((state->ccount & 0xff) == 0xff) ||	/* "flag" packet      */
	(state->bits & MPPE_BIT_FLUSHED)) {	/* CCP Reset-Request  */
	/* We must rekey */
	if (state->debug && state->stateful)
	    printk(KERN_DEBUG "mppe_compress[%d]: rekeying\n", state->unit);
	mppe_rekey(state, 0);
	state->bits |= MPPE_BIT_FLUSHED;
    }
    obuf[0] |= state->bits;
    state->bits &= ~MPPE_BIT_FLUSHED;	/* reset for next xmit */

    obuf  += MPPE_OVHD;
    ibuf  += 2;	/* skip to proto field */
    isize -= 2;

    /* Encrypt packet */
    arcfour_encrypt(&state->arcfour_context, ibuf, isize, obuf);

    state->stats.unc_bytes += isize;
    state->stats.unc_packets++;
    state->stats.comp_bytes += osize;
    state->stats.comp_packets++;

    return osize;
}

/*
 * Since every frame grows by MPPE_OVHD + 2 bytes, this is always going
 * to look bad ... and the longer the link is up the worse it will get.
 */
static void
mppe_comp_stats(void *arg, struct compstat *stats)
{
    ppp_mppe_state *state = (ppp_mppe_state *) arg;

    *stats = state->stats;
}


static int
mppe_decomp_init(void *arg, unsigned char *options, int optlen, int unit,
		 int hdrlen, int mru, int debug)
{
    /* ARGSUSED */
    return mppe_init(arg, options, optlen, unit, debug, "mppe_decomp_init");
}

/*
 * We received a CCP Reset-Ack.  Just ignore it.
 */
static void
mppe_decomp_reset(void *arg)
{
    /* ARGSUSED */
    return;
}

/*
 * Decompress (decrypt) an MPPE packet.
 */
int
mppe_decompress(void *arg, unsigned char *ibuf, int isize, unsigned char *obuf,
		int osize)
{
    ppp_mppe_state *state = (ppp_mppe_state *) arg;
    unsigned ccount;
    int flushed = MPPE_BITS(ibuf) & MPPE_BIT_FLUSHED;
    int sanity = 0;

    if (isize <= PPP_HDRLEN + MPPE_OVHD) {
	if (state->debug)
	    printk(KERN_DEBUG "mppe_decompress[%d]: short pkt (%d)\n",
		   state->unit, isize);
	return DECOMP_ERROR;
    }

    /*
     * Make sure we have enough room to decrypt the packet.
     * Note that for our test we only subtract 1 byte whereas in
     * mppe_compress() we added 2 bytes (+MPPE_OVHD);
     * this is to account for possible PFC.
     */
    if (osize < isize - MPPE_OVHD - 1) {
	printk(KERN_DEBUG "mppe_decompress[%d]: osize too small! "
	       "(have: %d need: %d)\n", state->unit,
	       osize, isize - MPPE_OVHD - 1);
	return DECOMP_ERROR;
    }
    osize = isize - MPPE_OVHD - 2;	/* assume no PFC */

    ccount = MPPE_CCOUNT(ibuf);
    if (state->debug >= 7)
	printk(KERN_DEBUG "mppe_decompress[%d]: ccount %d\n", state->unit,
	       ccount);

    /* sanity checks -- terminate with extreme prejudice */
    if (!(MPPE_BITS(ibuf) & MPPE_BIT_ENCRYPTED)) {
	printk(KERN_DEBUG "mppe_decompress[%d]: ENCRYPTED bit not set!\n",
	       state->unit);
	state->sanity_errors += 100;
	sanity = 1;
    }
    if (!state->stateful && !flushed) {
	printk(KERN_DEBUG "mppe_decompress[%d]: FLUSHED bit not set in "
	       "stateless mode!\n", state->unit);
	state->sanity_errors += 100;
	sanity = 1;
    }
    if (state->stateful && ((ccount & 0xff) == 0xff) && !flushed) {
	printk(KERN_DEBUG "mppe_decompress[%d]: FLUSHED bit not set on "
	       "flag packet!\n", state->unit);
	state->sanity_errors += 100;
	sanity = 1;
    }

    if (sanity) {
	if (state->sanity_errors < SANITY_MAX)
	    return DECOMP_ERROR;
	else
	    /*
	     * Take LCP down if the peer is sending too many bogons.
	     * We don't want to do this for a single or just a few
	     * instances since it could just be due to packet corruption.
	     */
	    return DECOMP_FATALERROR;
    }

    /*
     * Check the coherency count.
     */

    if (!state->stateful) {
	/* RFC 3078, sec 8.1.  Rekey for every packet. */
	while (state->ccount != ccount) {
	    mppe_rekey(state, 0);
	    state->ccount = (state->ccount + 1) % MPPE_CCOUNT_SPACE;
	}
    } else {
	/* RFC 3078, sec 8.2. */
	if (!state->discard) {
	    /* normal state */
	    state->ccount = (state->ccount + 1) % MPPE_CCOUNT_SPACE;
	    if (ccount != state->ccount) {
		/*
		 * (ccount > state->ccount)
		 * Packet loss detected, enter the discard state.
		 * Signal the peer to rekey (by sending a CCP Reset-Request).
		 */
		state->discard = 1;
		return DECOMP_ERROR;
	    }
	} else {
	    /* discard state */
	   if (!flushed) {
		/* ccp.c will be silent (no additional CCP Reset-Requests). */
		return DECOMP_ERROR;
	    } else {
		/* Rekey for every missed "flag" packet. */
		while ((ccount & ~0xff) != (state->ccount & ~0xff)) {
		    mppe_rekey(state, 0);
		    state->ccount = (state->ccount + 256) % MPPE_CCOUNT_SPACE;
		}

		/* reset */
		state->discard = 0;
		state->ccount = ccount;
		/*
		 * Another problem with RFC 3078 here.  It implies that the
		 * peer need not send a Reset-Ack packet.  But RFC 1962
		 * requires it.  Hopefully, M$ does send a Reset-Ack; even
		 * though it isn't required for MPPE synchronization, it is
		 * required to reset CCP state.
		 */
	    }
	}
	if (flushed)
	    mppe_rekey(state, 0);
    }

    /*
     * Fill in the first part of the PPP header.  The protocol field
     * comes from the decrypted data.
     */
    obuf[0] = PPP_ADDRESS(ibuf);	/* +1 */
    obuf[1] = PPP_CONTROL(ibuf);	/* +1 */
    obuf  += 2;
    ibuf  += PPP_HDRLEN + MPPE_OVHD;
    isize -= PPP_HDRLEN + MPPE_OVHD;	/* -6 */
					/* net osize: isize-4 */

    /*
     * Decrypt the first byte in order to check if it is
     * a compressed or uncompressed protocol field.
     */
    arcfour_decrypt(&state->arcfour_context, ibuf, 1, obuf);

    /*
     * Do PFC decompression.
     * This would be nicer if we were given the actual sk_buff
     * instead of a char *.
     */
    if ((obuf[0] & 0x01) != 0) {
	obuf[1] = obuf[0];
	obuf[0] = 0;
	obuf++;
	osize++;
    }

    /* And finally, decrypt the rest of the packet. */
    arcfour_decrypt(&state->arcfour_context, ibuf + 1, isize - 1, obuf + 1);

    state->stats.unc_bytes += osize;
    state->stats.unc_packets++;
    state->stats.comp_bytes += isize;
    state->stats.comp_packets++;

    /* good packet credit */
    state->sanity_errors >>= 1;

    return osize;
}

/*
 * Incompressible data has arrived (this should never happen!).
 * We should probably drop the link if the protocol is in the range
 * of what should be encrypted.  At the least, we should drop this
 * packet.  (How to do this?)
 */
static void
mppe_incomp(void *arg, unsigned char *ibuf, int icnt)
{
    ppp_mppe_state *state = (ppp_mppe_state *) arg;

    if (state->debug &&
	(PPP_PROTOCOL(ibuf) >= 0x0021 && PPP_PROTOCOL(ibuf) <= 0x00fa))
	printk(KERN_DEBUG "mppe_incomp[%d]: incompressible (unencrypted) data! "
	       "(proto %04x)\n", state->unit, PPP_PROTOCOL(ibuf));

    state->stats.inc_bytes += icnt;
    state->stats.inc_packets++;
    state->stats.unc_bytes += icnt;
    state->stats.unc_packets++;
}

/*************************************************************
 * Module interface table
 *************************************************************/

/* These are in ppp.c (2.2.x) or ppp_generic.c (2.4.x) */
extern int  ppp_register_compressor   (struct compressor *cp);
extern void ppp_unregister_compressor (struct compressor *cp);

/*
 * Procedures exported to if_ppp.c.
 */
struct compressor ppp_mppe = {
    CI_MPPE,		/* compress_proto */
    mppe_alloc,		/* comp_alloc */
    mppe_free,		/* comp_free */
    mppe_comp_init,	/* comp_init */
    mppe_comp_reset,	/* comp_reset */
    mppe_compress,	/* compress */
    mppe_comp_stats,	/* comp_stat */
    mppe_alloc,		/* decomp_alloc */
    mppe_free,		/* decomp_free */
    mppe_decomp_init,	/* decomp_init */
    mppe_decomp_reset,	/* decomp_reset */
    mppe_decompress,	/* decompress */
    mppe_incomp,	/* incomp */
    mppe_comp_stats,	/* decomp_stat */
};

/* 2.2 compatibility defines */
#ifndef __init
#define __init
#endif
#ifndef __exit
#define __exit
#endif
#ifndef MODULE_LICENSE
#define MODULE_LICENSE(license)
#endif

int __init
ppp_mppe_init(void)
{  
    int answer = ppp_register_compressor(&ppp_mppe);

    if (answer == 0)
	printk(KERN_INFO "PPP MPPE Compression module registered\n");
    return answer;
}

void __exit
ppp_mppe_cleanup(void)
{
    ppp_unregister_compressor(&ppp_mppe);
}

module_init(ppp_mppe_init);
module_exit(ppp_mppe_cleanup);
MODULE_LICENSE("BSD without advertisement clause");

Line 0 Link Here

(-)linux/drivers/net/sha1.c (+185 lines)
		1	/*
		2	* ftp://ftp.funet.fi/pub/crypt/hash/sha/sha1.c
		3	*
		4	* SHA-1 in C
		5	* By Steve Reid <steve@edmweb.com>
		6	* 100% Public Domain
		7	*
		8	* Test Vectors (from FIPS PUB 180-1)
		9	* "abc"
		10	* A9993E36 4706816A BA3E2571 7850C26C 9CD0D89D
		11	* "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq"
		12	* 84983E44 1C3BD26E BAAE4AA1 F95129E5 E54670F1
		13	* A million repetitions of "a"
		14	* 34AA973C D4C4DAA4 F61EEB2B DBAD2731 6534016F
		15	*/
		16
		17	/* #define SHA1HANDSOFF * Copies data before messing with it. */
		18
		19	#if defined(__linux__)
		20	#include <asm/byteorder.h>
		21	#include <linux/string.h>
		22	#elif defined(__solaris__)
		23	#include <sys/isa_defs.h>
		24	#include <sys/ddi.h>
		25	#include <sys/sunddi.h>
		26	#define memcpy(d, s, c) bcopy(s, d, c)
		27	#define memset(d, b, c) bzero(d, c)
		28	#endif
		29
		30	#include "sha1.h"
		31
		32	static void SHA1_Transform(unsigned long[5], const unsigned char[64]);
		33
		34	#define rol(value, bits) (((value) << (bits)) \| ((value) >> (32 - (bits))))
		35
		36	/* blk0() and blk() perform the initial expand. */
		37	/* I got the idea of expanding during the round function from SSLeay */
		38	#if defined(__LITTLE_ENDIAN) \|\| defined(_LITTLE_ENDIAN)
		39	#define blk0(i) (block->l[i] = (rol(block->l[i],24)&0xFF00FF00) \
		40	\|(rol(block->l[i],8)&0x00FF00FF))
		41	#elif defined(__BIG_ENDIAN) \|\| defined(_BIG_ENDIAN)
		42	#define blk0(i) block->l[i]
		43	#else
		44	#error Endianness not defined
		45	#endif
		46	#define blk(i) (block->l[i&15] = rol(block->l[(i+13)&15]^block->l[(i+8)&15] \
		47	^block->l[(i+2)&15]^block->l[i&15],1))
		48
		49	/* (R0+R1), R2, R3, R4 are the different operations used in SHA1 */
		50	#define R0(v,w,x,y,z,i) z+=((w&(x^y))^y)+blk0(i)+0x5A827999+rol(v,5);w=rol(w,30);
		51	#define R1(v,w,x,y,z,i) z+=((w&(x^y))^y)+blk(i)+0x5A827999+rol(v,5);w=rol(w,30);
		52	#define R2(v,w,x,y,z,i) z+=(w^x^y)+blk(i)+0x6ED9EBA1+rol(v,5);w=rol(w,30);
		53	#define R3(v,w,x,y,z,i) z+=(((w\|x)&y)\|(w&x))+blk(i)+0x8F1BBCDC+rol(v,5);w=rol(w,30);
		54	#define R4(v,w,x,y,z,i) z+=(w^x^y)+blk(i)+0xCA62C1D6+rol(v,5);w=rol(w,30);
		55
		56
		57	/* Hash a single 512-bit block. This is the core of the algorithm. */
		58
		59	static void
		60	SHA1_Transform(unsigned long state[5], const unsigned char buffer[64])
		61	{
		62	unsigned long a, b, c, d, e;
		63	typedef union {
		64	unsigned char c[64];
65	unsigned long l[16];
66	} CHAR64LONG16;
67	CHAR64LONG16 *block;
68
69	#ifdef SHA1HANDSOFF
70	static unsigned char workspace[64];
71	block = (CHAR64LONG16 *) workspace;
72	memcpy(block, buffer, 64);
73	#else
74	block = (CHAR64LONG16 *) buffer;
75	#endif
76	/* Copy context->state[] to working vars */
77	a = state[0];
78	b = state[1];
79	c = state[2];
80	d = state[3];
81	e = state[4];
82	/* 4 rounds of 20 operations each. Loop unrolled. */
83	R0(a,b,c,d,e, 0); R0(e,a,b,c,d, 1); R0(d,e,a,b,c, 2); R0(c,d,e,a,b, 3);
84	R0(b,c,d,e,a, 4); R0(a,b,c,d,e, 5); R0(e,a,b,c,d, 6); R0(d,e,a,b,c, 7);
85	R0(c,d,e,a,b, 8); R0(b,c,d,e,a, 9); R0(a,b,c,d,e,10); R0(e,a,b,c,d,11);
86	R0(d,e,a,b,c,12); R0(c,d,e,a,b,13); R0(b,c,d,e,a,14); R0(a,b,c,d,e,15);
87	R1(e,a,b,c,d,16); R1(d,e,a,b,c,17); R1(c,d,e,a,b,18); R1(b,c,d,e,a,19);
88	R2(a,b,c,d,e,20); R2(e,a,b,c,d,21); R2(d,e,a,b,c,22); R2(c,d,e,a,b,23);
89	R2(b,c,d,e,a,24); R2(a,b,c,d,e,25); R2(e,a,b,c,d,26); R2(d,e,a,b,c,27);
90	R2(c,d,e,a,b,28); R2(b,c,d,e,a,29); R2(a,b,c,d,e,30); R2(e,a,b,c,d,31);
91	R2(d,e,a,b,c,32); R2(c,d,e,a,b,33); R2(b,c,d,e,a,34); R2(a,b,c,d,e,35);
92	R2(e,a,b,c,d,36); R2(d,e,a,b,c,37); R2(c,d,e,a,b,38); R2(b,c,d,e,a,39);
93	R3(a,b,c,d,e,40); R3(e,a,b,c,d,41); R3(d,e,a,b,c,42); R3(c,d,e,a,b,43);
94	R3(b,c,d,e,a,44); R3(a,b,c,d,e,45); R3(e,a,b,c,d,46); R3(d,e,a,b,c,47);
95	R3(c,d,e,a,b,48); R3(b,c,d,e,a,49); R3(a,b,c,d,e,50); R3(e,a,b,c,d,51);
96	R3(d,e,a,b,c,52); R3(c,d,e,a,b,53); R3(b,c,d,e,a,54); R3(a,b,c,d,e,55);
97	R3(e,a,b,c,d,56); R3(d,e,a,b,c,57); R3(c,d,e,a,b,58); R3(b,c,d,e,a,59);
98	R4(a,b,c,d,e,60); R4(e,a,b,c,d,61); R4(d,e,a,b,c,62); R4(c,d,e,a,b,63);
99	R4(b,c,d,e,a,64); R4(a,b,c,d,e,65); R4(e,a,b,c,d,66); R4(d,e,a,b,c,67);
100	R4(c,d,e,a,b,68); R4(b,c,d,e,a,69); R4(a,b,c,d,e,70); R4(e,a,b,c,d,71);
101	R4(d,e,a,b,c,72); R4(c,d,e,a,b,73); R4(b,c,d,e,a,74); R4(a,b,c,d,e,75);
102	R4(e,a,b,c,d,76); R4(d,e,a,b,c,77); R4(c,d,e,a,b,78); R4(b,c,d,e,a,79);
103	/* Add the working vars back into context.state[] */
104	state[0] += a;
105	state[1] += b;
106	state[2] += c;
107	state[3] += d;
108	state[4] += e;
109	/* Wipe variables */
110	a = b = c = d = e = 0;
111	}
112
113
114	/* SHA1Init - Initialize new context */
115
116	void
117	SHA1_Init(SHA1_CTX *context)
118	{
119	/* SHA1 initialization constants */
120	context->state[0] = 0x67452301;
121	context->state[1] = 0xEFCDAB89;
122	context->state[2] = 0x98BADCFE;
123	context->state[3] = 0x10325476;
124	context->state[4] = 0xC3D2E1F0;
125	context->count[0] = context->count[1] = 0;
126	}
127
128
129	/* Run your data through this. */
130
131	void
132	SHA1_Update(SHA1_CTX context, const unsigned char data, unsigned int len)
133	{
134	unsigned int i, j;
135
136	j = (context->count[0] >> 3) & 63;
137	if ((context->count[0] += len << 3) < (len << 3)) context->count[1]++;
138	context->count[1] += (len >> 29);
139	if ((j + len) > 63) {
140	memcpy(&context->buffer[j], data, (i = 64-j));
141	SHA1_Transform(context->state, context->buffer);
142	for ( ; i + 63 < len; i += 64) {
143	SHA1_Transform(context->state, &data[i]);
144	}
145	j = 0;
146	}
147	else
148	i = 0;
149
150	memcpy(&context->buffer[j], &data[i], len - i);
151	}
152
153
154	/* Add padding and return the message digest. */
155
156	void
157	SHA1_Final(unsigned char digest[20], SHA1_CTX *context)
158	{
159	unsigned long i, j;
160	unsigned char finalcount[8];
161
162	for (i = 0; i < 8; i++) {
163	finalcount[i] = (unsigned char)((context->count[(i >= 4 ? 0 : 1)]
164	>> ((3-(i & 3)) * 8) ) & 255); /* Endian independent */
165	}
166	SHA1_Update(context, (unsigned char *) "\200", 1);
167	while ((context->count[0] & 504) != 448) {
168	SHA1_Update(context, (unsigned char *) "\0", 1);
169	}
170	SHA1_Update(context, finalcount, 8); /* Should cause a SHA1Transform() */
171	for (i = 0; i < 20; i++) {
172	digest[i] = (unsigned char)
173	((context->state[i>>2] >> ((3-(i & 3)) * 8) ) & 255);
174	}
175	/* Wipe variables */
176	i = j = 0;
177	memset(context->buffer, 0, 64);
178	memset(context->state, 0, 20);
179	memset(context->count, 0, 8);
180	memset(&finalcount, 0, 8);
181	#ifdef SHA1HANDSOFF /* make SHA1Transform overwrite it's own static vars */
182	SHA1Transform(context->state, context->buffer);
183	#endif
184	}
185




/* sha1.h */

#ifndef _SHA1_H
#define _SHA1_H

typedef struct {
    unsigned long state[5];
    unsigned long count[2];
    unsigned char buffer[64];
} SHA1_CTX;

#define SHA1_SIGNATURE_SIZE 20

extern void SHA1_Init(SHA1_CTX *);
extern void SHA1_Update(SHA1_CTX *, const unsigned char *, unsigned int);
extern void SHA1_Final(unsigned char[SHA1_SIGNATURE_SIZE], SHA1_CTX *);

#endif /* _SHA1_H */




#define DEFLATE_CHK_SEQUENCE	0

/*
 * Definitions for MPPE.
 */

#define CI_MPPE                        18      /* config option for MPPE */
#define CILEN_MPPE             6       /* length of config option */

#define MPPE_PAD               8       /* MPPE growth per frame */
#define MPPE_MAX_KEY_LEN       16      /* largest key length (128-bit) */

/* option bits for ccp_options.mppe */
#define MPPE_OPT_40            0x01    /* 40 bit */
#define MPPE_OPT_128           0x02    /* 128 bit */
#define MPPE_OPT_STATEFUL      0x04    /* stateful mode */
/* unsupported opts */
#define MPPE_OPT_56            0x08    /* 56 bit */
#define MPPE_OPT_MPPC          0x10    /* MPPC compression */
#define MPPE_OPT_D             0x20    /* Unknown */
#define MPPE_OPT_UNSUPPORTED (MPPE_OPT_56|MPPE_OPT_MPPC|MPPE_OPT_D)
#define MPPE_OPT_UNKNOWN       0x40    /* Bits !defined in RFC 3078 were set */

/*
 * This is not nice ... the alternative is a bitfield struct though.
 * And unfortunately, we cannot share the same bits for the option
 * names above since C and H are the same bit.  We could do a u_int32
 * but then we have to do a htonl() all the time and/or we still need
 * to know which octet is which.
 */
#define MPPE_C_BIT             0x01    /* MPPC */
#define MPPE_D_BIT             0x10    /* Obsolete, usage unknown */
#define MPPE_L_BIT             0x20    /* 40-bit */
#define MPPE_S_BIT             0x40    /* 128-bit */
#define MPPE_M_BIT             0x80    /* 56-bit, not supported */
#define MPPE_H_BIT             0x01    /* Stateless (in a different byte) */

/* Does not include H bit; used for least significant octet only. */
#define MPPE_ALL_BITS (MPPE_D_BIT|MPPE_L_BIT|MPPE_S_BIT|MPPE_M_BIT|MPPE_H_BIT)

/* Build a CI from mppe opts (see RFC 3078) */
#define MPPE_OPTS_TO_CI(opts, ci)              \
    do {                                       \
       u_char *ptr = ci; /* u_char[4] */       \
                                               \
       /* H bit */                             \
       if (opts & MPPE_OPT_STATEFUL)           \
           *ptr++ = 0x0;                       \
       else                                    \
           *ptr++ = MPPE_H_BIT;                \
       *ptr++ = 0;                             \
       *ptr++ = 0;                             \
                                               \
       /* S,L bits */                          \
       *ptr = 0;                               \
       if (opts & MPPE_OPT_128)                \
           *ptr |= MPPE_S_BIT;                 \
       if (opts & MPPE_OPT_40)                 \
           *ptr |= MPPE_L_BIT;                 \
       /* M,D,C bits not supported */          \
    } while (/* CONSTCOND */ 0)

/* The reverse of the above */
#define MPPE_CI_TO_OPTS(ci, opts)              \
    do {                                       \
       u_char *ptr = ci; /* u_char[4] */       \
                                               \
       opts = 0;                               \
                                               \
       /* H bit */                             \
       if (!(ptr[0] & MPPE_H_BIT))             \
           opts |= MPPE_OPT_STATEFUL;          \
                                               \
       /* S,L bits */                          \
       if (ptr[3] & MPPE_S_BIT)                \
           opts |= MPPE_OPT_128;               \
       if (ptr[3] & MPPE_L_BIT)                \
           opts |= MPPE_OPT_40;                \
                                               \
       /* M,D,C bits */                        \
       if (ptr[3] & MPPE_M_BIT)                \
           opts |= MPPE_OPT_56;                \
       if (ptr[3] & MPPE_D_BIT)                \
           opts |= MPPE_OPT_D;                 \
       if (ptr[3] & MPPE_C_BIT)                \
           opts |= MPPE_OPT_MPPC;              \
                                               \
       /* Other bits */                        \
       if (ptr[0] & ~MPPE_H_BIT)               \
           opts |= MPPE_OPT_UNKNOWN;           \
       if (ptr[1] || ptr[2])                   \
           opts |= MPPE_OPT_UNKNOWN;           \
       if (ptr[3] & ~MPPE_ALL_BITS)            \
           opts |= MPPE_OPT_UNKNOWN;           \
    } while (/* CONSTCOND */ 0)

/*
 * Definitions for other, as yet unsupported, compression methods.
 */


Return to bug 58795

Line 0 Link Here

(-)linux/drivers/net/arcfour.c (+75 lines)
		1	/*
		2	* arcfour.c
		3	* by Frank Cusack <frank@google.com>
		4	* 100% public domain
		5	*
		6	* Implemented from the description in _Applied Cryptography_, 2nd ed.
		7	*
		8	* Distribution of this software is unlimited and unrestricted.
		9	*
		10	* Use of this software is almost certainly legal; however, refer
		11	* to <http://theory.lcs.mit.edu/~rivest/faq.html>.
		12	*/
		13
		14	#include "arcfour.h"
		15	#if defined(__linux__)
		16	#include <linux/string.h>
		17	#endif
		18
		19	#define swap(a, b) \
		20	{ \
		21	unsigned char t = b; \
		22	b = a; \
		23	a = t; \
		24	}
		25
		26	/*
		27	* Initialize arcfour from a key.
		28	*/
		29	void
		30	arcfour_setkey(arcfour_context context, const unsigned char key,
		31	unsigned keylen)
		32	{
		33	unsigned i, j;
		34	unsigned char K[256];
		35
		36	context->i = context->j = 0;
		37
		38	for (i = 0; i < 256; i++) {
		39	context->S[i] = i;
		40	K[i] = key[i % keylen];
		41	}
		42
		43	j = 0;
		44	for (i = 0; i < 256; i++) {
		45	j = (j + context->S[i] + K[i]) % 256;
		46	swap(context->S[i], context->S[j]);
		47	}
		48
		49	memset(K, 0, sizeof(K));
		50	}
		51
		52	/*
		53	* plaintext -> ciphertext (or vice versa)
		54	*/
		55	void
		56	arcfour_encrypt(arcfour_context context, const unsigned char in, unsigned len,
		57	unsigned char *out)
		58	{
		59	unsigned i = context->i;
		60	unsigned j = context->j;
		61	unsigned char *S = context->S;
		62	unsigned char K;
		63
		64	while (len--) {
65	i = (i + 1) % 256;
66	j = (j + S[i]) % 256;
67	swap(S[i], S[j]);
68	K = S[(S[i] + S[j]) % 256];
69	out++ = in++ ^ K;
70	}
71
72	context->i = i;
73	context->j = j;
74	}
75

Line 0 Link Here

(-)linux/drivers/net/arcfour.h (+17 lines)
	1	/* arcfour.h */
	2
	3	#ifndef _ARCFOUR_H
	4	#define _ARCFOUR_H
	5
	6	typedef struct {
	7	unsigned i;
	8	unsigned j;
	9	unsigned char S[256];
	10	} arcfour_context;
	11
	12	extern void arcfour_setkey(arcfour_context , const unsigned char , unsigned);
	13	extern void arcfour_encrypt(arcfour_context , const unsigned char , unsigned,
	14	unsigned char *);
	15	#define arcfour_decrypt arcfour_encrypt
	16
	17	#endif /* _ARCFOUR_H */

Line 0 Link Here

(-)linux/drivers/net/ppp-comp-local.h (+93 lines)
		1	/*
		2	* Definitions for MPPE.
		3	*/
		4
		5	#define CI_MPPE 18 /* config option for MPPE */
		6	#define CILEN_MPPE 6 /* length of config option */
		7
		8	#define MPPE_PAD 8 /* MPPE growth per frame */
		9	#define MPPE_MAX_KEY_LEN 16 /* largest key length (128-bit) */
		10
		11	/* option bits for ccp_options.mppe */
		12	#define MPPE_OPT_40 0x01 /* 40 bit */
		13	#define MPPE_OPT_128 0x02 /* 128 bit */
		14	#define MPPE_OPT_STATEFUL 0x04 /* stateful mode */
		15	/* unsupported opts */
		16	#define MPPE_OPT_56 0x08 /* 56 bit */
		17	#define MPPE_OPT_MPPC 0x10 /* MPPC compression */
		18	#define MPPE_OPT_D 0x20 /* Unknown */
		19	#define MPPE_OPT_UNSUPPORTED (MPPE_OPT_56\|MPPE_OPT_MPPC\|MPPE_OPT_D)
		20	#define MPPE_OPT_UNKNOWN 0x40 /* Bits !defined in RFC 3078 were set */
		21
		22	/*
		23	* This is not nice ... the alternative is a bitfield struct though.
		24	* And unfortunately, we cannot share the same bits for the option
		25	* names above since C and H are the same bit. We could do a u_int32
		26	* but then we have to do a htonl() all the time and/or we still need
		27	* to know which octet is which.
		28	*/
		29	#define MPPE_C_BIT 0x01 /* MPPC */
		30	#define MPPE_D_BIT 0x10 /* Obsolete, usage unknown */
		31	#define MPPE_L_BIT 0x20 /* 40-bit */
		32	#define MPPE_S_BIT 0x40 /* 128-bit */
		33	#define MPPE_M_BIT 0x80 /* 56-bit, not supported */
		34	#define MPPE_H_BIT 0x01 /* Stateless (in a different byte) */
		35
		36	/* Does not include H bit; used for least significant octet only. */
		37	#define MPPE_ALL_BITS (MPPE_D_BIT\|MPPE_L_BIT\|MPPE_S_BIT\|MPPE_M_BIT\|MPPE_H_BIT)
		38
		39	/* Build a CI from mppe opts (see RFC 3078) */
		40	#define MPPE_OPTS_TO_CI(opts, ci) \
		41	do { \
		42	u_char ptr = ci; / u_char[4] */ \
		43	\
		44	/* H bit */ \
		45	if (opts & MPPE_OPT_STATEFUL) \
		46	*ptr++ = 0x0; \
		47	else \
		48	*ptr++ = MPPE_H_BIT; \
		49	*ptr++ = 0; \
		50	*ptr++ = 0; \
		51	\
		52	/* S,L bits */ \
		53	*ptr = 0; \
		54	if (opts & MPPE_OPT_128) \
		55	*ptr \|= MPPE_S_BIT; \
		56	if (opts & MPPE_OPT_40) \
		57	*ptr \|= MPPE_L_BIT; \
		58	/* M,D,C bits not supported */ \
		59	} while (/* CONSTCOND */ 0)
		60
		61	/* The reverse of the above */
		62	#define MPPE_CI_TO_OPTS(ci, opts) \
		63	do { \
		64	u_char ptr = ci; / u_char[4] */ \
65	\
66	opts = 0; \
67	\
68	/* H bit */ \
69	if (!(ptr[0] & MPPE_H_BIT)) \
70	opts \|= MPPE_OPT_STATEFUL; \
71	\
72	/* S,L bits */ \
73	if (ptr[3] & MPPE_S_BIT) \
74	opts \|= MPPE_OPT_128; \
75	if (ptr[3] & MPPE_L_BIT) \
76	opts \|= MPPE_OPT_40; \
77	\
78	/* M,D,C bits */ \
79	if (ptr[3] & MPPE_M_BIT) \
80	opts \|= MPPE_OPT_56; \
81	if (ptr[3] & MPPE_D_BIT) \
82	opts \|= MPPE_OPT_D; \
83	if (ptr[3] & MPPE_C_BIT) \
84	opts \|= MPPE_OPT_MPPC; \
85	\
86	/* Other bits */ \
87	if (ptr[0] & ~MPPE_H_BIT) \
88	opts \|= MPPE_OPT_UNKNOWN; \
89	if (ptr[1] \|\| ptr[2]) \
90	opts \|= MPPE_OPT_UNKNOWN; \
91	if (ptr[3] & ~MPPE_ALL_BITS) \
92	opts \|= MPPE_OPT_UNKNOWN; \
93	} while (/* CONSTCOND */ 0)

Line 0 Link Here

(-)linux/drivers/net/ppp_mppe_compress.c (+657 lines)
		1	/*
		2	* ppp_mppe_compress.c - interface MPPE to the PPP code.
		3	* This version is for use with Linux kernel 2.2.19+, 2.4.18+ and 2.6.2+.
		4	*
		5	* By Frank Cusack <frank@google.com>.
		6	* Copyright (c) 2002,2003,2004 Google, Inc.
		7	* All rights reserved.
		8	*
		9	* Permission to use, copy, modify, and distribute this software and its
		10	* documentation is hereby granted, provided that the above copyright
		11	* notice appears in all copies. This software is provided without any
		12	* warranty, express or implied.
		13	*
		14	* Changelog:
		15	* 2/15/04 - TS: added #include <version.h> and testing for Kernel
		16	* version before using
		17	* MOD_DEC_USAGE_COUNT/MOD_INC_USAGE_COUNT which are
		18	* deprecated in 2.6
		19	*/
		20
		21	#include <linux/module.h>
		22	#include <linux/kernel.h>
		23	#include <linux/version.h>
		24	#include <linux/init.h>
		25	#include <linux/types.h>
		26	#include <linux/slab.h>
		27	#include <linux/string.h>
		28
		29	#include <linux/ppp_defs.h>
		30	#include <linux/ppp-comp.h>
		31	#include "ppp-comp-local.h"
		32
		33	#include "arcfour.h"
		34	#include "sha1.h"
		35
		36	/*
		37	* State for an MPPE (de)compressor.
		38	*/
		39	typedef struct ppp_mppe_state {
		40	unsigned char master_key[MPPE_MAX_KEY_LEN];
		41	unsigned char session_key[MPPE_MAX_KEY_LEN];
		42	arcfour_context arcfour_context; /* encryption state */
		43	unsigned keylen; /* key length in bytes */
		44	/* NB: 128-bit == 16, 40-bit == 8! */
		45	/* If we want to support 56-bit, */
		46	/* the unit has to change to bits */
		47	unsigned char bits; /* MPPE control bits */
		48	unsigned ccount; /* 12-bit coherency count (seqno) */
		49	unsigned stateful; /* stateful mode flag */
		50	int discard; /* stateful mode packet loss flag */
		51	int sanity_errors; /* take down LCP if too many */
		52	int unit;
		53	int debug;
		54	struct compstat stats;
		55	} ppp_mppe_state;
		56
		57	/* ppp_mppe_state.bits definitions */
		58	#define MPPE_BIT_A 0x80 /* Encryption table were (re)inititalized */
		59	#define MPPE_BIT_B 0x40 /* MPPC only (not implemented) */
		60	#define MPPE_BIT_C 0x20 /* MPPC only (not implemented) */
		61	#define MPPE_BIT_D 0x10 /* This is an encrypted frame */
		62
		63	#define MPPE_BIT_FLUSHED MPPE_BIT_A
		64	#define MPPE_BIT_ENCRYPTED MPPE_BIT_D
65
66	#define MPPE_BITS(p) ((p)[4] & 0xf0)
67	#define MPPE_CCOUNT(p) ((((p)[4] & 0x0f) << 8) + (p)[5])
68	#define MPPE_CCOUNT_SPACE 0x1000 /* The size of the ccount space */
69
70	#define MPPE_OVHD 2 /* MPPE overhead/packet */
71	#define SANITY_MAX 1600 /* Max bogon factor we will tolerate */
72
73	static void GetNewKeyFromSHA __P((unsigned char *StartKey,
74	unsigned char *SessionKey,
75	unsigned SessionKeyLength,
76	unsigned char *InterimKey));
77	static void mppe_rekey __P((ppp_mppe_state *state, int));
78	static void mppe_alloc __P((unsigned char options, int optlen));
79	static void mppe_free __P((void *state));
80	static int mppe_init __P((void state, unsigned char options,
81	int optlen, int unit, int debug, const char *));
82	static int mppe_comp_init __P((void state, unsigned char options,
83	int optlen,
84	int unit, int hdrlen, int debug));
85	static int mppe_decomp_init __P((void state, unsigned char options,
86	int optlen, int unit,
87	int hdrlen, int mru, int debug));
88	static int mppe_compress __P((void state, unsigned char ibuf,
89	unsigned char *obuf,
90	int isize, int osize));
91	static void mppe_incomp __P((void state, unsigned char ibuf, int icnt));
92	static int mppe_decompress __P((void state, unsigned char ibuf,
93	int isize, unsigned char *obuf,int osize));
94	static void mppe_comp_reset __P((void *state));
95	static void mppe_decomp_reset __P((void *state));
96	static void mppe_comp_stats __P((void state, struct compstat stats));
97
98
99	/*
100	* Key Derivation, from RFC 3078, RFC 3079.
101	* Equivalent to Get_Key() for MS-CHAP as described in RFC 3079.
102	*/
103	static void
104	GetNewKeyFromSHA(unsigned char MasterKey, unsigned char SessionKey,
105	unsigned SessionKeyLength, unsigned char *InterimKey)
106	{
107	SHA1_CTX Context;
108	unsigned char Digest[SHA1_SIGNATURE_SIZE];
109
110	unsigned char SHApad1[40] =
111	{ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
112	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
113	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
114	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 };
115	unsigned char SHApad2[40] =
116	{ 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2,
117	0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2,
118	0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2,
119	0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2 };
120
121	/* assert(SessionKeyLength <= SHA1_SIGNATURE_SIZE); */
122
123	SHA1_Init(&Context);
124	SHA1_Update(&Context, MasterKey, SessionKeyLength);
125	SHA1_Update(&Context, SHApad1, sizeof(SHApad1));
126	SHA1_Update(&Context, SessionKey, SessionKeyLength);
127	SHA1_Update(&Context, SHApad2, sizeof(SHApad2));
128	SHA1_Final(Digest, &Context);
129
130	memcpy(InterimKey, Digest, SessionKeyLength);
131	}
132
133	/*
134	* Perform the MPPE rekey algorithm, from RFC 3078, sec. 7.3.
135	* Well, not what's written there, but rather what they meant.
136	*/
137	static void
138	mppe_rekey(ppp_mppe_state *state, int initial_key)
139	{
140	unsigned char InterimKey[MPPE_MAX_KEY_LEN];
141
142	GetNewKeyFromSHA(state->master_key, state->session_key,
143	state->keylen, InterimKey);
144	if (!initial_key) {
145	arcfour_setkey(&state->arcfour_context, InterimKey, state->keylen);
146	arcfour_encrypt(&state->arcfour_context, InterimKey, state->keylen,
147	state->session_key);
148	} else {
149	memcpy(state->session_key, InterimKey, state->keylen);
150	}
151	if (state->keylen == 8) {
152	/* See RFC 3078 */
153	state->session_key[0] = 0xd1;
154	state->session_key[1] = 0x26;
155	state->session_key[2] = 0x9e;
156	}
157	arcfour_setkey(&state->arcfour_context, state->session_key, state->keylen);
158	}
159
160
161	/*
162	* Allocate space for a (de)compressor.
163	*/
164	static void *
165	mppe_alloc(unsigned char *options, int optlen)
166	{
167	ppp_mppe_state *state;
168
169	if (optlen != CILEN_MPPE + sizeof(state->master_key)
170	\|\| options[0] != CI_MPPE
171	\|\| options[1] != CILEN_MPPE)
172	return NULL;
173
174	state = (ppp_mppe_state ) kmalloc(sizeof(state), GFP_KERNEL);
175	if (state == NULL)
176	return NULL;
177
178	#if (LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0))
179	try_module_get(THIS_MODULE);
180	#else
181	MOD_INC_USE_COUNT;
182	#endif
183	memset(state, 0, sizeof(*state));
184
185	/* Save keys. */
186	memcpy(state->master_key, &options[CILEN_MPPE], sizeof(state->master_key));
187	memcpy(state->session_key, state->master_key, sizeof(state->master_key));
188	/*
189	* We defer initial key generation until mppe_init(), as mppe_alloc()
190	* is called frequently during negotiation.
191	*/
192
193	return (void *) state;
194	}
195
196	/*
197	* Deallocate space for a (de)compressor.
198	*/
199	static void
200	mppe_free(void *arg)
201	{
202	ppp_mppe_state state = (ppp_mppe_state ) arg;
203
204	if (state) {
205	kfree(state);
206	#if (LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0))
207	module_put(THIS_MODULE);
208	#else
209	MOD_DEC_USE_COUNT;
210	#endif
211	}
212	}
213
214
215	/*
216	* Initialize (de)compressor state.
217	*/
218	static int
219	mppe_init(void arg, unsigned char options, int optlen, int unit, int debug,
220	const char *debugstr)
221	{
222	ppp_mppe_state state = (ppp_mppe_state ) arg;
223	unsigned char mppe_opts;
224
225	if (optlen != CILEN_MPPE
226	\|\| options[0] != CI_MPPE
227	\|\| options[1] != CILEN_MPPE)
228	return 0;
229
230	MPPE_CI_TO_OPTS(&options[2], mppe_opts);
231	if (mppe_opts & MPPE_OPT_128)
232	state->keylen = 16;
233	else if (mppe_opts & MPPE_OPT_40)
234	state->keylen = 8;
235	else {
236	printk(KERN_WARNING "%s[%d]: unknown key length\n", debugstr, unit);
237	return 0;
238	}
239	if (mppe_opts & MPPE_OPT_STATEFUL)
240	state->stateful = 1;
241
242	/* Generate the initial session key. */
243	mppe_rekey(state, 1);
244
245	if (debug) {
246	int i;
247	char mkey[sizeof(state->master_key) * 2 + 1];
248	char skey[sizeof(state->session_key) * 2 + 1];
249
250	printk(KERN_DEBUG "%s[%d]: initialized with %d-bit %s mode\n", debugstr,
251	unit, (state->keylen == 16)? 128: 40,
252	(state->stateful)? "stateful": "stateless");
253
254	for (i = 0; i < sizeof(state->master_key); i++)
255	sprintf(mkey + i * 2, "%.2x", state->master_key[i]);
256	for (i = 0; i < sizeof(state->session_key); i++)
257	sprintf(skey + i * 2, "%.2x", state->session_key[i]);
258	printk(KERN_DEBUG "%s[%d]: keys: master: %s initial session: %s\n",
259	debugstr, unit, mkey, skey);
260	}
261
262	/*
263	* Initialize the coherency count. The initial value is not specified
264	* in RFC 3078, but we can make a reasonable assumption that it will
265	* start at 0. Setting it to the max here makes the comp/decomp code
266	* do the right thing (determined through experiment).
267	*/
268	state->ccount = MPPE_CCOUNT_SPACE - 1;
269
270	/*
271	* Note that even though we have initialized the key table, we don't
272	* set the FLUSHED bit. This is contrary to RFC 3078, sec. 3.1.
273	*/
274	state->bits = MPPE_BIT_ENCRYPTED;
275
276	state->unit = unit;
277	state->debug = debug;
278
279	return 1;
280	}
281
282
283
284	static int
285	mppe_comp_init(void arg, unsigned char options, int optlen, int unit,
286	int hdrlen, int debug)
287	{
288	/* ARGSUSED */
289	return mppe_init(arg, options, optlen, unit, debug, "mppe_comp_init");
290	}
291
292	/*
293	* We received a CCP Reset-Request (actually, we are sending a Reset-Ack),
294	* tell the compressor to rekey. Note that we MUST NOT rekey for
295	* every CCP Reset-Request; we only rekey on the next xmit packet.
296	* We might get multiple CCP Reset-Requests if our CCP Reset-Ack is lost.
297	* So, rekeying for every CCP Reset-Request is broken as the peer will not
298	* know how many times we've rekeyed. (If we rekey and THEN get another
299	* CCP Reset-Request, we must rekey again.)
300	*/
301	static void
302	mppe_comp_reset(void *arg)
303	{
304	ppp_mppe_state state = (ppp_mppe_state ) arg;
305
306	state->bits \|= MPPE_BIT_FLUSHED;
307	}
308
309	/*
310	* Compress (encrypt) a packet.
311	* It's strange to call this a compressor, since the output is always
312	* MPPE_OVHD + 2 bytes larger than the input.
313	*/
314	int
315	mppe_compress(void arg, unsigned char ibuf, unsigned char *obuf,
316	int isize, int osize)
317	{
318	ppp_mppe_state state = (ppp_mppe_state ) arg;
319	int proto;
320
321	/*
322	* Check that the protocol is in the range we handle.
323	*/
324	proto = PPP_PROTOCOL(ibuf);
325	if (proto < 0x0021 \|\| proto > 0x00fa)
326	return 0;
327
328	/* Make sure we have enough room to generate an encrypted packet. */
329	if (osize < isize + MPPE_OVHD + 2) {
330	/* Drop the packet if we should encrypt it, but can't. */
331	printk(KERN_DEBUG "mppe_compress[%d]: osize too small! "
332	"(have: %d need: %d)\n", state->unit,
333	osize, osize + MPPE_OVHD + 2);
334	return -1;
335	}
336
337	osize = isize + MPPE_OVHD + 2;
338
339	/*
340	* Copy over the PPP header and set control bits.
341	*/
342	obuf[0] = PPP_ADDRESS(ibuf);
343	obuf[1] = PPP_CONTROL(ibuf);
344	obuf[2] = PPP_COMP >> 8; /* isize + MPPE_OVHD + 1 */
345	obuf[3] = PPP_COMP; /* isize + MPPE_OVHD + 2 */
346	obuf += PPP_HDRLEN;
347
348	state->ccount = (state->ccount + 1) % MPPE_CCOUNT_SPACE;
349	if (state->debug >= 7)
350	printk(KERN_DEBUG "mppe_compress[%d]: ccount %d\n", state->unit,
351	state->ccount);
352	obuf[0] = state->ccount >> 8;
353	obuf[1] = state->ccount & 0xff;
354
355	if (!state->stateful \|\| /* stateless mode */
356	((state->ccount & 0xff) == 0xff) \|\| /* "flag" packet */
357	(state->bits & MPPE_BIT_FLUSHED)) { /* CCP Reset-Request */
358	/* We must rekey */
359	if (state->debug && state->stateful)
360	printk(KERN_DEBUG "mppe_compress[%d]: rekeying\n", state->unit);
361	mppe_rekey(state, 0);
362	state->bits \|= MPPE_BIT_FLUSHED;
363	}
364	obuf[0] \|= state->bits;
365	state->bits &= ~MPPE_BIT_FLUSHED; /* reset for next xmit */
366
367	obuf += MPPE_OVHD;
368	ibuf += 2; /* skip to proto field */
369	isize -= 2;
370
371	/* Encrypt packet */
372	arcfour_encrypt(&state->arcfour_context, ibuf, isize, obuf);
373
374	state->stats.unc_bytes += isize;
375	state->stats.unc_packets++;
376	state->stats.comp_bytes += osize;
377	state->stats.comp_packets++;
378
379	return osize;
380	}
381
382	/*
383	* Since every frame grows by MPPE_OVHD + 2 bytes, this is always going
384	* to look bad ... and the longer the link is up the worse it will get.
385	*/
386	static void
387	mppe_comp_stats(void arg, struct compstat stats)
388	{
389	ppp_mppe_state state = (ppp_mppe_state ) arg;
390
391	*stats = state->stats;
392	}
393
394
395	static int
396	mppe_decomp_init(void arg, unsigned char options, int optlen, int unit,
397	int hdrlen, int mru, int debug)
398	{
399	/* ARGSUSED */
400	return mppe_init(arg, options, optlen, unit, debug, "mppe_decomp_init");
401	}
402
403	/*
404	* We received a CCP Reset-Ack. Just ignore it.
405	*/
406	static void
407	mppe_decomp_reset(void *arg)
408	{
409	/* ARGSUSED */
410	return;
411	}
412
413	/*
414	* Decompress (decrypt) an MPPE packet.
415	*/
416	int
417	mppe_decompress(void arg, unsigned char ibuf, int isize, unsigned char *obuf,
418	int osize)
419	{
420	ppp_mppe_state state = (ppp_mppe_state ) arg;
421	unsigned ccount;
422	int flushed = MPPE_BITS(ibuf) & MPPE_BIT_FLUSHED;
423	int sanity = 0;
424
425	if (isize <= PPP_HDRLEN + MPPE_OVHD) {
426	if (state->debug)
427	printk(KERN_DEBUG "mppe_decompress[%d]: short pkt (%d)\n",
428	state->unit, isize);
429	return DECOMP_ERROR;
430	}
431
432	/*
433	* Make sure we have enough room to decrypt the packet.
434	* Note that for our test we only subtract 1 byte whereas in
435	* mppe_compress() we added 2 bytes (+MPPE_OVHD);
436	* this is to account for possible PFC.
437	*/
438	if (osize < isize - MPPE_OVHD - 1) {
439	printk(KERN_DEBUG "mppe_decompress[%d]: osize too small! "
440	"(have: %d need: %d)\n", state->unit,
441	osize, isize - MPPE_OVHD - 1);
442	return DECOMP_ERROR;
443	}
444	osize = isize - MPPE_OVHD - 2; /* assume no PFC */
445
446	ccount = MPPE_CCOUNT(ibuf);
447	if (state->debug >= 7)
448	printk(KERN_DEBUG "mppe_decompress[%d]: ccount %d\n", state->unit,
449	ccount);
450
451	/* sanity checks -- terminate with extreme prejudice */
452	if (!(MPPE_BITS(ibuf) & MPPE_BIT_ENCRYPTED)) {
453	printk(KERN_DEBUG "mppe_decompress[%d]: ENCRYPTED bit not set!\n",
454	state->unit);
455	state->sanity_errors += 100;
456	sanity = 1;
457	}
458	if (!state->stateful && !flushed) {
459	printk(KERN_DEBUG "mppe_decompress[%d]: FLUSHED bit not set in "
460	"stateless mode!\n", state->unit);
461	state->sanity_errors += 100;
462	sanity = 1;
463	}
464	if (state->stateful && ((ccount & 0xff) == 0xff) && !flushed) {
465	printk(KERN_DEBUG "mppe_decompress[%d]: FLUSHED bit not set on "
466	"flag packet!\n", state->unit);
467	state->sanity_errors += 100;
468	sanity = 1;
469	}
470
471	if (sanity) {
472	if (state->sanity_errors < SANITY_MAX)
473	return DECOMP_ERROR;
474	else
475	/*
476	* Take LCP down if the peer is sending too many bogons.
477	* We don't want to do this for a single or just a few
478	* instances since it could just be due to packet corruption.
479	*/
480	return DECOMP_FATALERROR;
481	}
482
483	/*
484	* Check the coherency count.
485	*/
486
487	if (!state->stateful) {
488	/* RFC 3078, sec 8.1. Rekey for every packet. */
489	while (state->ccount != ccount) {
490	mppe_rekey(state, 0);
491	state->ccount = (state->ccount + 1) % MPPE_CCOUNT_SPACE;
492	}
493	} else {
494	/* RFC 3078, sec 8.2. */
495	if (!state->discard) {
496	/* normal state */
497	state->ccount = (state->ccount + 1) % MPPE_CCOUNT_SPACE;
498	if (ccount != state->ccount) {
499	/*
500	* (ccount > state->ccount)
501	* Packet loss detected, enter the discard state.
502	* Signal the peer to rekey (by sending a CCP Reset-Request).
503	*/
504	state->discard = 1;
505	return DECOMP_ERROR;
506	}
507	} else {
508	/* discard state */
509	if (!flushed) {
510	/* ccp.c will be silent (no additional CCP Reset-Requests). */
511	return DECOMP_ERROR;
512	} else {
513	/* Rekey for every missed "flag" packet. */
514	while ((ccount & ~0xff) != (state->ccount & ~0xff)) {
515	mppe_rekey(state, 0);
516	state->ccount = (state->ccount + 256) % MPPE_CCOUNT_SPACE;
517	}
518
519	/* reset */
520	state->discard = 0;
521	state->ccount = ccount;
522	/*
523	* Another problem with RFC 3078 here. It implies that the
524	* peer need not send a Reset-Ack packet. But RFC 1962
525	* requires it. Hopefully, M$ does send a Reset-Ack; even
526	* though it isn't required for MPPE synchronization, it is
527	* required to reset CCP state.
528	*/
529	}
530	}
531	if (flushed)
532	mppe_rekey(state, 0);
533	}
534
535	/*
536	* Fill in the first part of the PPP header. The protocol field
537	* comes from the decrypted data.
538	*/
539	obuf[0] = PPP_ADDRESS(ibuf); /* +1 */
540	obuf[1] = PPP_CONTROL(ibuf); /* +1 */
541	obuf += 2;
542	ibuf += PPP_HDRLEN + MPPE_OVHD;
543	isize -= PPP_HDRLEN + MPPE_OVHD; /* -6 */
544	/* net osize: isize-4 */
545
546	/*
547	* Decrypt the first byte in order to check if it is
548	* a compressed or uncompressed protocol field.
549	*/
550	arcfour_decrypt(&state->arcfour_context, ibuf, 1, obuf);
551
552	/*
553	* Do PFC decompression.
554	* This would be nicer if we were given the actual sk_buff
555	* instead of a char *.
556	*/
557	if ((obuf[0] & 0x01) != 0) {
558	obuf[1] = obuf[0];
559	obuf[0] = 0;
560	obuf++;
561	osize++;
562	}
563
564	/* And finally, decrypt the rest of the packet. */
565	arcfour_decrypt(&state->arcfour_context, ibuf + 1, isize - 1, obuf + 1);
566
567	state->stats.unc_bytes += osize;
568	state->stats.unc_packets++;
569	state->stats.comp_bytes += isize;
570	state->stats.comp_packets++;
571
572	/* good packet credit */
573	state->sanity_errors >>= 1;
574
575	return osize;
576	}
577
578	/*
579	* Incompressible data has arrived (this should never happen!).
580	* We should probably drop the link if the protocol is in the range
581	* of what should be encrypted. At the least, we should drop this
582	* packet. (How to do this?)
583	*/
584	static void
585	mppe_incomp(void arg, unsigned char ibuf, int icnt)
586	{
587	ppp_mppe_state state = (ppp_mppe_state ) arg;
588
589	if (state->debug &&
590	(PPP_PROTOCOL(ibuf) >= 0x0021 && PPP_PROTOCOL(ibuf) <= 0x00fa))
591	printk(KERN_DEBUG "mppe_incomp[%d]: incompressible (unencrypted) data! "
592	"(proto %04x)\n", state->unit, PPP_PROTOCOL(ibuf));
593
594	state->stats.inc_bytes += icnt;
595	state->stats.inc_packets++;
596	state->stats.unc_bytes += icnt;
597	state->stats.unc_packets++;
598	}
599
600	/*************************************************************
601	* Module interface table
602	*************************************************************/
603
604	/* These are in ppp.c (2.2.x) or ppp_generic.c (2.4.x) */
605	extern int ppp_register_compressor (struct compressor *cp);
606	extern void ppp_unregister_compressor (struct compressor *cp);
607
608	/*
609	* Procedures exported to if_ppp.c.
610	*/
611	struct compressor ppp_mppe = {
612	CI_MPPE, /* compress_proto */
613	mppe_alloc, /* comp_alloc */
614	mppe_free, /* comp_free */
615	mppe_comp_init, /* comp_init */
616	mppe_comp_reset, /* comp_reset */
617	mppe_compress, /* compress */
618	mppe_comp_stats, /* comp_stat */
619	mppe_alloc, /* decomp_alloc */
620	mppe_free, /* decomp_free */
621	mppe_decomp_init, /* decomp_init */
622	mppe_decomp_reset, /* decomp_reset */
623	mppe_decompress, /* decompress */
624	mppe_incomp, /* incomp */
625	mppe_comp_stats, /* decomp_stat */
626	};
627
628	/* 2.2 compatibility defines */
629	#ifndef __init
630	#define __init
631	#endif
632	#ifndef __exit
633	#define __exit
634	#endif
635	#ifndef MODULE_LICENSE
636	#define MODULE_LICENSE(license)
637	#endif
638
639	int __init
640	ppp_mppe_init(void)
641	{
642	int answer = ppp_register_compressor(&ppp_mppe);
643
644	if (answer == 0)
645	printk(KERN_INFO "PPP MPPE Compression module registered\n");
646	return answer;
647	}
648
649	void __exit
650	ppp_mppe_cleanup(void)
651	{
652	ppp_unregister_compressor(&ppp_mppe);
653	}
654
655	module_init(ppp_mppe_init);
656	module_exit(ppp_mppe_cleanup);
657	MODULE_LICENSE("BSD without advertisement clause");

Line 0 Link Here

(-)linux/drivers/net/sha1.h (+18 lines)
	1	/* sha1.h */
	2
	3	#ifndef _SHA1_H
	4	#define _SHA1_H
	5
	6	typedef struct {
	7	unsigned long state[5];
	8	unsigned long count[2];
	9	unsigned char buffer[64];
	10	} SHA1_CTX;
	11
	12	#define SHA1_SIGNATURE_SIZE 20
	13
	14	extern void SHA1_Init(SHA1_CTX *);
	15	extern void SHA1_Update(SHA1_CTX , const unsigned char , unsigned int);
	16	extern void SHA1_Final(unsigned char[SHA1_SIGNATURE_SIZE], SHA1_CTX *);
	17
	18	#endif /* _SHA1_H */

Lines 191-196 Link Here

(-)linux/include/linux/ppp-comp.h (+94 lines)
191	#define DEFLATE_CHK_SEQUENCE 0	191	#define DEFLATE_CHK_SEQUENCE 0
192		192
193	/*	193	/*
		194	* Definitions for MPPE.
		195	*/
		196
		197	#define CI_MPPE 18 /* config option for MPPE */
		198	#define CILEN_MPPE 6 /* length of config option */
		199
		200	#define MPPE_PAD 8 /* MPPE growth per frame */
		201	#define MPPE_MAX_KEY_LEN 16 /* largest key length (128-bit) */
		202
		203	/* option bits for ccp_options.mppe */
		204	#define MPPE_OPT_40 0x01 /* 40 bit */
		205	#define MPPE_OPT_128 0x02 /* 128 bit */
		206	#define MPPE_OPT_STATEFUL 0x04 /* stateful mode */
		207	/* unsupported opts */
		208	#define MPPE_OPT_56 0x08 /* 56 bit */
		209	#define MPPE_OPT_MPPC 0x10 /* MPPC compression */
		210	#define MPPE_OPT_D 0x20 /* Unknown */
		211	#define MPPE_OPT_UNSUPPORTED (MPPE_OPT_56\|MPPE_OPT_MPPC\|MPPE_OPT_D)
		212	#define MPPE_OPT_UNKNOWN 0x40 /* Bits !defined in RFC 3078 were set */
		213
		214	/*
		215	* This is not nice ... the alternative is a bitfield struct though.
		216	* And unfortunately, we cannot share the same bits for the option
		217	* names above since C and H are the same bit. We could do a u_int32
		218	* but then we have to do a htonl() all the time and/or we still need
		219	* to know which octet is which.
		220	*/
		221	#define MPPE_C_BIT 0x01 /* MPPC */
		222	#define MPPE_D_BIT 0x10 /* Obsolete, usage unknown */
		223	#define MPPE_L_BIT 0x20 /* 40-bit */
		224	#define MPPE_S_BIT 0x40 /* 128-bit */
		225	#define MPPE_M_BIT 0x80 /* 56-bit, not supported */
		226	#define MPPE_H_BIT 0x01 /* Stateless (in a different byte) */
		227
		228	/* Does not include H bit; used for least significant octet only. */
		229	#define MPPE_ALL_BITS (MPPE_D_BIT\|MPPE_L_BIT\|MPPE_S_BIT\|MPPE_M_BIT\|MPPE_H_BIT)
		230
		231	/* Build a CI from mppe opts (see RFC 3078) */
		232	#define MPPE_OPTS_TO_CI(opts, ci) \
		233	do { \
		234	u_char ptr = ci; / u_char[4] */ \
		235	\
		236	/* H bit */ \
		237	if (opts & MPPE_OPT_STATEFUL) \
		238	*ptr++ = 0x0; \
		239	else \
		240	*ptr++ = MPPE_H_BIT; \
		241	*ptr++ = 0; \
		242	*ptr++ = 0; \
		243	\
		244	/* S,L bits */ \
		245	*ptr = 0; \
		246	if (opts & MPPE_OPT_128) \
		247	*ptr \|= MPPE_S_BIT; \
		248	if (opts & MPPE_OPT_40) \
		249	*ptr \|= MPPE_L_BIT; \
		250	/* M,D,C bits not supported */ \
		251	} while (/* CONSTCOND */ 0)
		252
		253	/* The reverse of the above */
		254	#define MPPE_CI_TO_OPTS(ci, opts) \
		255	do { \
		256	u_char ptr = ci; / u_char[4] */ \
		257	\
258	opts = 0; \
259	\
260	/* H bit */ \
261	if (!(ptr[0] & MPPE_H_BIT)) \
262	opts \|= MPPE_OPT_STATEFUL; \
263	\
264	/* S,L bits */ \
265	if (ptr[3] & MPPE_S_BIT) \
266	opts \|= MPPE_OPT_128; \
267	if (ptr[3] & MPPE_L_BIT) \
268	opts \|= MPPE_OPT_40; \
269	\
270	/* M,D,C bits */ \
271	if (ptr[3] & MPPE_M_BIT) \
272	opts \|= MPPE_OPT_56; \
273	if (ptr[3] & MPPE_D_BIT) \
274	opts \|= MPPE_OPT_D; \
275	if (ptr[3] & MPPE_C_BIT) \
276	opts \|= MPPE_OPT_MPPC; \
277	\
278	/* Other bits */ \
279	if (ptr[0] & ~MPPE_H_BIT) \
280	opts \|= MPPE_OPT_UNKNOWN; \
281	if (ptr[1] \|\| ptr[2]) \
282	opts \|= MPPE_OPT_UNKNOWN; \
283	if (ptr[3] & ~MPPE_ALL_BITS) \
284	opts \|= MPPE_OPT_UNKNOWN; \
285	} while (/* CONSTCOND */ 0)
286
287	/*
194	* Definitions for other, as yet unsupported, compression methods.	288	* Definitions for other, as yet unsupported, compression methods.
195	*/	289	*/
196		290