Context Navigation

← Previous Revision
Latest Revision
Next Revision →
Blame
Revision Log

mppe.c@ 457

Last change on this file since 457 was 457, checked in by coas-nagasima, 4 years ago
ファイルを追加
Property svn:eol-style set to `native` Property svn:mime-type set to `text/x-csrc;charset=UTF-8`
File size: 11.6 KB

Line
1	/*
2	* mppe.c - interface MPPE to the PPP code.
3	*
4	* By Frank Cusack <fcusack@fcusack.com>.
5	* Copyright (c) 2002,2003,2004 Google, Inc.
6	* All rights reserved.
7	*
8	* License:
9	* Permission to use, copy, modify, and distribute this software and its
10	* documentation is hereby granted, provided that the above copyright
11	* notice appears in all copies. This software is provided without any
12	* warranty, express or implied.
13	*
14	* Changelog:
15	* 08/12/05 - Matt Domsch <Matt_Domsch@dell.com>
16	* Only need extra skb padding on transmit, not receive.
17	* 06/18/04 - Matt Domsch <Matt_Domsch@dell.com>, Oleg Makarenko <mole@quadra.ru>
18	* Use Linux kernel 2.6 arc4 and sha1 routines rather than
19	* providing our own.
20	* 2/15/04 - TS: added #include <version.h> and testing for Kernel
21	* version before using
22	* MOD_DEC_USAGE_COUNT/MOD_INC_USAGE_COUNT which are
23	* deprecated in 2.6
24	*/
25
26	#include "netif/ppp/ppp_opts.h"
27	#if PPP_SUPPORT && MPPE_SUPPORT /* don't build if not configured for use in lwipopts.h */
28
29	#include <string.h>
30
31	#include "lwip/err.h"
32
33	#include "netif/ppp/ppp_impl.h"
34	#include "netif/ppp/ccp.h"
35	#include "netif/ppp/mppe.h"
36	#include "netif/ppp/pppdebug.h"
37	#include "netif/ppp/pppcrypt.h"
38
39	#define SHA1_SIGNATURE_SIZE 20
40
41	/* ppp_mppe_state.bits definitions */
42	#define MPPE_BIT_A 0x80 /* Encryption table were (re)inititalized */
43	#define MPPE_BIT_B 0x40 /* MPPC only (not implemented) */
44	#define MPPE_BIT_C 0x20 /* MPPC only (not implemented) */
45	#define MPPE_BIT_D 0x10 /* This is an encrypted frame */
46
47	#define MPPE_BIT_FLUSHED MPPE_BIT_A
48	#define MPPE_BIT_ENCRYPTED MPPE_BIT_D
49
50	#define MPPE_BITS(p) ((p)[0] & 0xf0)
51	#define MPPE_CCOUNT(p) ((((p)[0] & 0x0f) << 8) + (p)[1])
52	#define MPPE_CCOUNT_SPACE 0x1000 /* The size of the ccount space */
53
54	#define MPPE_OVHD 2 /* MPPE overhead/packet */
55	#define SANITY_MAX 1600 /* Max bogon factor we will tolerate */
56
57	/*
58	* Perform the MPPE rekey algorithm, from RFC 3078, sec. 7.3.
59	* Well, not what's written there, but rather what they meant.
60	*/
61	static void mppe_rekey(ppp_mppe_state * state, int initial_key)
62	{
63	lwip_sha1_context sha1_ctx;
64	u8_t sha1_digest[SHA1_SIGNATURE_SIZE];
65
66	/*
67	* Key Derivation, from RFC 3078, RFC 3079.
68	* Equivalent to Get_Key() for MS-CHAP as described in RFC 3079.
69	*/
70	lwip_sha1_init(&sha1_ctx);
71	lwip_sha1_starts(&sha1_ctx);
72	lwip_sha1_update(&sha1_ctx, state->master_key, state->keylen);
73	lwip_sha1_update(&sha1_ctx, mppe_sha1_pad1, SHA1_PAD_SIZE);
74	lwip_sha1_update(&sha1_ctx, state->session_key, state->keylen);
75	lwip_sha1_update(&sha1_ctx, mppe_sha1_pad2, SHA1_PAD_SIZE);
76	lwip_sha1_finish(&sha1_ctx, sha1_digest);
77	lwip_sha1_free(&sha1_ctx);
78	MEMCPY(state->session_key, sha1_digest, state->keylen);
79
80	if (!initial_key) {
81	lwip_arc4_init(&state->arc4);
82	lwip_arc4_setup(&state->arc4, sha1_digest, state->keylen);
83	lwip_arc4_crypt(&state->arc4, state->session_key, state->keylen);
84	lwip_arc4_free(&state->arc4);
85	}
86	if (state->keylen == 8) {
87	/* See RFC 3078 */
88	state->session_key[0] = 0xd1;
89	state->session_key[1] = 0x26;
90	state->session_key[2] = 0x9e;
91	}
92	lwip_arc4_init(&state->arc4);
93	lwip_arc4_setup(&state->arc4, state->session_key, state->keylen);
94	}
95
96	/*
97	* Set key, used by MSCHAP before mppe_init() is actually called by CCP so we
98	* don't have to keep multiple copies of keys.
99	*/
100	void mppe_set_key(ppp_pcb pcb, ppp_mppe_state state, u8_t *key) {
101	LWIP_UNUSED_ARG(pcb);
102	MEMCPY(state->master_key, key, MPPE_MAX_KEY_LEN);
103	}
104
105	/*
106	* Initialize (de)compressor state.
107	*/
108	void
109	mppe_init(ppp_pcb pcb, ppp_mppe_state state, u8_t options)
110	{
111	#if PPP_DEBUG
112	const u8_t debugstr = (const u8_t)"mppe_comp_init";
113	if (&pcb->mppe_decomp == state) {
114	debugstr = (const u8_t*)"mppe_decomp_init";
115	}
116	#endif /* PPP_DEBUG */
117
118	/* Save keys. */
119	MEMCPY(state->session_key, state->master_key, sizeof(state->master_key));
120
121	if (options & MPPE_OPT_128)
122	state->keylen = 16;
123	else if (options & MPPE_OPT_40)
124	state->keylen = 8;
125	else {
126	PPPDEBUG(LOG_DEBUG, ("%s[%d]: unknown key length\n", debugstr,
127	pcb->netif->num));
128	lcp_close(pcb, "MPPE required but peer negotiation failed");
129	return;
130	}
131	if (options & MPPE_OPT_STATEFUL)
132	state->stateful = 1;
133
134	/* Generate the initial session key. */
135	mppe_rekey(state, 1);
136
137	#if PPP_DEBUG
138	{
139	int i;
140	char mkey[sizeof(state->master_key) * 2 + 1];
141	char skey[sizeof(state->session_key) * 2 + 1];
142
143	PPPDEBUG(LOG_DEBUG, ("%s[%d]: initialized with %d-bit %s mode\n",
144	debugstr, pcb->netif->num, (state->keylen == 16) ? 128 : 40,
145	(state->stateful) ? "stateful" : "stateless"));
146
147	for (i = 0; i < (int)sizeof(state->master_key); i++)
148	sprintf(mkey + i * 2, "%02x", state->master_key[i]);
149	for (i = 0; i < (int)sizeof(state->session_key); i++)
150	sprintf(skey + i * 2, "%02x", state->session_key[i]);
151	PPPDEBUG(LOG_DEBUG,
152	("%s[%d]: keys: master: %s initial session: %s\n",
153	debugstr, pcb->netif->num, mkey, skey));
154	}
155	#endif /* PPP_DEBUG */
156
157	/*
158	* Initialize the coherency count. The initial value is not specified
159	* in RFC 3078, but we can make a reasonable assumption that it will
160	* start at 0. Setting it to the max here makes the comp/decomp code
161	* do the right thing (determined through experiment).
162	*/
163	state->ccount = MPPE_CCOUNT_SPACE - 1;
164
165	/*
166	* Note that even though we have initialized the key table, we don't
167	* set the FLUSHED bit. This is contrary to RFC 3078, sec. 3.1.
168	*/
169	state->bits = MPPE_BIT_ENCRYPTED;
170	}
171
172	/*
173	* We received a CCP Reset-Request (actually, we are sending a Reset-Ack),
174	* tell the compressor to rekey. Note that we MUST NOT rekey for
175	* every CCP Reset-Request; we only rekey on the next xmit packet.
176	* We might get multiple CCP Reset-Requests if our CCP Reset-Ack is lost.
177	* So, rekeying for every CCP Reset-Request is broken as the peer will not
178	* know how many times we've rekeyed. (If we rekey and THEN get another
179	* CCP Reset-Request, we must rekey again.)
180	*/
181	void mppe_comp_reset(ppp_pcb pcb, ppp_mppe_state state)
182	{
183	LWIP_UNUSED_ARG(pcb);
184	state->bits \|= MPPE_BIT_FLUSHED;
185	}
186
187	/*
188	* Compress (encrypt) a packet.
189	* It's strange to call this a compressor, since the output is always
190	* MPPE_OVHD + 2 bytes larger than the input.
191	*/
192	err_t
193	mppe_compress(ppp_pcb pcb, ppp_mppe_state state, struct pbuf **pb, u16_t protocol)
194	{
195	struct pbuf n, np;
196	u8_t *pl;
197	err_t err;
198
199	LWIP_UNUSED_ARG(pcb);
200
201	/* TCP stack requires that we don't change the packet payload, therefore we copy
202	* the whole packet before encryption.
203	*/
204	np = pbuf_alloc(PBUF_RAW, MPPE_OVHD + sizeof(protocol) + (*pb)->tot_len, PBUF_RAM);
205	if (!np) {
206	return ERR_MEM;
207	}
208
209	/* Hide MPPE header + protocol */
210	pbuf_remove_header(np, MPPE_OVHD + sizeof(protocol));
211
212	if ((err = pbuf_copy(np, *pb)) != ERR_OK) {
213	pbuf_free(np);
214	return err;
215	}
216
217	/* Reveal MPPE header + protocol */
218	pbuf_add_header(np, MPPE_OVHD + sizeof(protocol));
219
220	*pb = np;
221	pl = (u8_t*)np->payload;
222
223	state->ccount = (state->ccount + 1) % MPPE_CCOUNT_SPACE;
224	PPPDEBUG(LOG_DEBUG, ("mppe_compress[%d]: ccount %d\n", pcb->netif->num, state->ccount));
225	/* FIXME: use PUT* macros */
226	pl[0] = state->ccount>>8;
227	pl[1] = state->ccount;
228
229	if (!state->stateful \|\| /* stateless mode */
230	((state->ccount & 0xff) == 0xff) \|\| /* "flag" packet */
231	(state->bits & MPPE_BIT_FLUSHED)) { /* CCP Reset-Request */
232	/* We must rekey */
233	if (state->stateful) {
234	PPPDEBUG(LOG_DEBUG, ("mppe_compress[%d]: rekeying\n", pcb->netif->num));
235	}
236	mppe_rekey(state, 0);
237	state->bits \|= MPPE_BIT_FLUSHED;
238	}
239	pl[0] \|= state->bits;
240	state->bits &= ~MPPE_BIT_FLUSHED; /* reset for next xmit */
241	pl += MPPE_OVHD;
242
243	/* Add protocol */
244	/* FIXME: add PFC support */
245	pl[0] = protocol >> 8;
246	pl[1] = protocol;
247
248	/* Hide MPPE header */
249	pbuf_remove_header(np, MPPE_OVHD);
250
251	/* Encrypt packet */
252	for (n = np; n != NULL; n = n->next) {
253	lwip_arc4_crypt(&state->arc4, (u8_t*)n->payload, n->len);
254	if (n->tot_len == n->len) {
255	break;
256	}
257	}
258
259	/* Reveal MPPE header */
260	pbuf_add_header(np, MPPE_OVHD);
261
262	return ERR_OK;
263	}
264
265	/*
266	* We received a CCP Reset-Ack. Just ignore it.
267	*/
268	void mppe_decomp_reset(ppp_pcb pcb, ppp_mppe_state state)
269	{
270	LWIP_UNUSED_ARG(pcb);
271	LWIP_UNUSED_ARG(state);
272	return;
273	}
274
275	/*
276	* Decompress (decrypt) an MPPE packet.
277	*/
278	err_t
279	mppe_decompress(ppp_pcb pcb, ppp_mppe_state state, struct pbuf **pb)
280	{
281	struct pbuf n0 = pb, *n;
282	u8_t *pl;
283	u16_t ccount;
284	u8_t flushed;
285
286	/* MPPE Header */
287	if (n0->len < MPPE_OVHD) {
288	PPPDEBUG(LOG_DEBUG,
289	("mppe_decompress[%d]: short pkt (%d)\n",
290	pcb->netif->num, n0->len));
291	state->sanity_errors += 100;
292	goto sanity_error;
293	}
294
295	pl = (u8_t*)n0->payload;
296	flushed = MPPE_BITS(pl) & MPPE_BIT_FLUSHED;
297	ccount = MPPE_CCOUNT(pl);
298	PPPDEBUG(LOG_DEBUG, ("mppe_decompress[%d]: ccount %d\n",
299	pcb->netif->num, ccount));
300
301	/* sanity checks -- terminate with extreme prejudice */
302	if (!(MPPE_BITS(pl) & MPPE_BIT_ENCRYPTED)) {
303	PPPDEBUG(LOG_DEBUG,
304	("mppe_decompress[%d]: ENCRYPTED bit not set!\n",
305	pcb->netif->num));
306	state->sanity_errors += 100;
307	goto sanity_error;
308	}
309	if (!state->stateful && !flushed) {
310	PPPDEBUG(LOG_DEBUG, ("mppe_decompress[%d]: FLUSHED bit not set in "
311	"stateless mode!\n", pcb->netif->num));
312	state->sanity_errors += 100;
313	goto sanity_error;
314	}
315	if (state->stateful && ((ccount & 0xff) == 0xff) && !flushed) {
316	PPPDEBUG(LOG_DEBUG, ("mppe_decompress[%d]: FLUSHED bit not set on "
317	"flag packet!\n", pcb->netif->num));
318	state->sanity_errors += 100;
319	goto sanity_error;
320	}
321
322	/*
323	* Check the coherency count.
324	*/
325
326	if (!state->stateful) {
327	/* Discard late packet */
328	if ((ccount - state->ccount) % MPPE_CCOUNT_SPACE > MPPE_CCOUNT_SPACE / 2) {
329	state->sanity_errors++;
330	goto sanity_error;
331	}
332
333	/* RFC 3078, sec 8.1. Rekey for every packet. */
334	while (state->ccount != ccount) {
335	mppe_rekey(state, 0);
336	state->ccount = (state->ccount + 1) % MPPE_CCOUNT_SPACE;
337	}
338	} else {
339	/* RFC 3078, sec 8.2. */
340	if (!state->discard) {
341	/* normal state */
342	state->ccount = (state->ccount + 1) % MPPE_CCOUNT_SPACE;
343	if (ccount != state->ccount) {
344	/*
345	* (ccount > state->ccount)
346	* Packet loss detected, enter the discard state.
347	* Signal the peer to rekey (by sending a CCP Reset-Request).
348	*/
349	state->discard = 1;
350	ccp_resetrequest(pcb);
351	return ERR_BUF;
352	}
353	} else {
354	/* discard state */
355	if (!flushed) {
356	/* ccp.c will be silent (no additional CCP Reset-Requests). */
357	return ERR_BUF;
358	} else {
359	/* Rekey for every missed "flag" packet. */
360	while ((ccount & ~0xff) !=
361	(state->ccount & ~0xff)) {
362	mppe_rekey(state, 0);
363	state->ccount =
364	(state->ccount +
365	256) % MPPE_CCOUNT_SPACE;
366	}
367
368	/* reset */
369	state->discard = 0;
370	state->ccount = ccount;
371	/*
372	* Another problem with RFC 3078 here. It implies that the
373	* peer need not send a Reset-Ack packet. But RFC 1962
374	* requires it. Hopefully, M$ does send a Reset-Ack; even
375	* though it isn't required for MPPE synchronization, it is
376	* required to reset CCP state.
377	*/
378	}
379	}
380	if (flushed)
381	mppe_rekey(state, 0);
382	}
383
384	/* Hide MPPE header */
385	pbuf_remove_header(n0, MPPE_OVHD);
386
387	/* Decrypt the packet. */
388	for (n = n0; n != NULL; n = n->next) {
389	lwip_arc4_crypt(&state->arc4, (u8_t*)n->payload, n->len);
390	if (n->tot_len == n->len) {
391	break;
392	}
393	}
394
395	/* good packet credit */
396	state->sanity_errors >>= 1;
397
398	return ERR_OK;
399
400	sanity_error:
401	if (state->sanity_errors >= SANITY_MAX) {
402	/*
403	* Take LCP down if the peer is sending too many bogons.
404	* We don't want to do this for a single or just a few
405	* instances since it could just be due to packet corruption.
406	*/
407	lcp_close(pcb, "Too many MPPE errors");
408	}
409	return ERR_BUF;
410	}
411
412	#endif /* PPP_SUPPORT && MPPE_SUPPORT */

Note: See TracBrowser for help on using the repository browser.

Context Navigation

source: azure_iot_hub_f767zi/trunk/asp_baseplatform/lwip/lwip-2.1.2/src/netif/ppp/mppe.c@ 457

Download in other formats: