| blob | 051213273970fa4affb73b00d68c0c1bafe1945e |
1 /*
2 * ppp_mppe_compress.c - interface MPPE to the PPP code.
3 * This version is for use with Linux kernel 2.2.19+, 2.4.18+ and 2.6.2+.
4 *
5 * By Frank Cusack <frank@google.com>.
6 * Copyright (c) 2002,2003,2004 Google, Inc.
7 * All rights reserved.
8 *
9 * Permission to use, copy, modify, and distribute this software and its
10 * documentation is hereby granted, provided that the above copyright
11 * notice appears in all copies. This software is provided without any
12 * warranty, express or implied.
13 *
14 * Changelog:
15 * 2/15/04 - TS: added #include <version.h> and testing for Kernel
16 * version before using
17 * MOD_DEC_USAGE_COUNT/MOD_INC_USAGE_COUNT which are
18 * deprecated in 2.6
19 */
21 #include <linux/module.h>
22 #include <linux/kernel.h>
23 #include <linux/version.h>
24 #include <linux/init.h>
25 #include <linux/types.h>
26 #include <linux/slab.h>
27 #include <linux/string.h>
29 #include <linux/ppp_defs.h>
30 #include <linux/ppp-comp.h>
35 /*
36 * State for an MPPE (de)compressor.
37 */
43 /* NB: 128-bit == 16, 40-bit == 8! */
44 /* If we want to support 56-bit, */
45 /* the unit has to change to bits */
56 /* ppp_mppe_state.bits definitions */
62 #define MPPE_BIT_FLUSHED MPPE_BIT_A
63 #define MPPE_BIT_ENCRYPTED MPPE_BIT_D
65 #define MPPE_BITS(p) ((p)[4] & 0xf0)
66 #define MPPE_CCOUNT(p) ((((p)[4] & 0x0f) << 8) + (p)[5])
98 /*
99 * Key Derivation, from RFC 3078, RFC 3079.
100 * Equivalent to Get_Key() for MS-CHAP as described in RFC 3079.
101 */
102 static void
105 {
106 SHA1_CTX Context;
120 /* assert(SessionKeyLength <= SHA1_SIGNATURE_SIZE); */
130 }
132 /*
133 * Perform the MPPE rekey algorithm, from RFC 3078, sec. 7.3.
134 * Well, not what's written there, but rather what they meant.
135 */
136 static void
138 {
149 }
151 /* See RFC 3078 */
155 }
157 }
160 /*
161 * Allocate space for a (de)compressor.
162 */
165 {
177 #if (LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0))
179 #else
180 MOD_INC_USE_COUNT;
181 #endif
184 /* Save keys. */
187 /*
188 * We defer initial key generation until mppe_init(), as mppe_alloc()
189 * is called frequently during negotiation.
190 */
193 }
195 /*
196 * Deallocate space for a (de)compressor.
197 */
198 static void
200 {
205 #if (LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0))
207 #else
208 MOD_DEC_USE_COUNT;
209 #endif
210 }
211 }
214 /*
215 * Initialize (de)compressor state.
216 */
217 static int
220 {
237 }
241 /* Generate the initial session key. */
259 }
261 /*
262 * Initialize the coherency count. The initial value is not specified
263 * in RFC 3078, but we can make a reasonable assumption that it will
264 * start at 0. Setting it to the max here makes the comp/decomp code
265 * do the right thing (determined through experiment).
266 */
269 /*
270 * Note that even though we have initialized the key table, we don't
271 * set the FLUSHED bit. This is contrary to RFC 3078, sec. 3.1.
272 */
279 }
283 static int
286 {
287 /* ARGSUSED */
289 }
291 /*
292 * We received a CCP Reset-Request (actually, we are sending a Reset-Ack),
293 * tell the compressor to rekey. Note that we MUST NOT rekey for
294 * every CCP Reset-Request; we only rekey on the next xmit packet.
295 * We might get multiple CCP Reset-Requests if our CCP Reset-Ack is lost.
296 * So, rekeying for every CCP Reset-Request is broken as the peer will not
297 * know how many times we've rekeyed. (If we rekey and THEN get another
298 * CCP Reset-Request, we must rekey again.)
299 */
300 static void
302 {
306 }
308 /*
309 * Compress (encrypt) a packet.
310 * It's strange to call this a compressor, since the output is always
311 * MPPE_OVHD + 2 bytes larger than the input.
312 */
313 int
316 {
320 /*
321 * Check that the protocol is in the range we handle.
322 */
327 /* Make sure we have enough room to generate an encrypted packet. */
329 /* Drop the packet if we should encrypt it, but can't. */
334 }
338 /*
339 * Copy over the PPP header and set control bits.
340 */
357 /* We must rekey */
362 }
370 /* Encrypt packet */
379 }
381 /*
382 * Since every frame grows by MPPE_OVHD + 2 bytes, this is always going
383 * to look bad ... and the longer the link is up the worse it will get.
384 */
385 static void
387 {
391 }
394 static int
397 {
398 /* ARGSUSED */
400 }
402 /*
403 * We received a CCP Reset-Ack. Just ignore it.
404 */
405 static void
407 {
408 /* ARGSUSED */
410 }
412 /*
413 * Decompress (decrypt) an MPPE packet.
414 */
415 int
418 {
429 }
431 /*
432 * Make sure we have enough room to decrypt the packet.
433 * Note that for our test we only subtract 1 byte whereas in
434 * mppe_compress() we added 2 bytes (+MPPE_OVHD);
435 * this is to account for possible PFC.
436 */
442 }
448 ccount);
450 /* sanity checks -- terminate with extreme prejudice */
456 }
462 }
468 }
473 else
474 /*
475 * Take LCP down if the peer is sending too many bogons.
476 * We don't want to do this for a single or just a few
477 * instances since it could just be due to packet corruption.
478 */
480 }
482 /*
483 * Check the coherency count.
484 */
487 /* RFC 3078, sec 8.1. Rekey for every packet. */
491 }
493 /* RFC 3078, sec 8.2. */
495 /* normal state */
498 /*
499 * (ccount > state->ccount)
500 * Packet loss detected, enter the discard state.
501 * Signal the peer to rekey (by sending a CCP Reset-Request).
502 */
505 }
507 /* discard state */
509 /* ccp.c will be silent (no additional CCP Reset-Requests). */
512 /* Rekey for every missed "flag" packet. */
516 }
518 /* reset */
521 /*
522 * Another problem with RFC 3078 here. It implies that the
523 * peer need not send a Reset-Ack packet. But RFC 1962
524 * requires it. Hopefully, M$ does send a Reset-Ack; even
525 * though it isn't required for MPPE synchronization, it is
526 * required to reset CCP state.
527 */
528 }
529 }
532 }
534 /*
535 * Fill in the first part of the PPP header. The protocol field
536 * comes from the decrypted data.
537 */
543 /* net osize: isize-4 */
545 /*
546 * Decrypt the first byte in order to check if it is
547 * a compressed or uncompressed protocol field.
548 */
551 /*
552 * Do PFC decompression.
553 * This would be nicer if we were given the actual sk_buff
554 * instead of a char *.
555 */
559 obuf++;
560 osize++;
561 }
563 /* And finally, decrypt the rest of the packet. */
571 /* good packet credit */
575 }
577 /*
578 * Incompressible data has arrived (this should never happen!).
579 * We should probably drop the link if the protocol is in the range
580 * of what should be encrypted. At the least, we should drop this
581 * packet. (How to do this?)
582 */
583 static void
585 {
597 }
599 /*************************************************************
600 * Module interface table
601 *************************************************************/
603 /* These are in ppp.c (2.2.x) or ppp_generic.c (2.4.x) */
607 /*
608 * Procedures exported to if_ppp.c.
609 */
625 };
627 /* 2.2 compatibility defines */
628 #ifndef __init
629 #define __init
630 #endif
631 #ifndef __exit
632 #define __exit
633 #endif
634 #ifndef MODULE_LICENSE
635 #define MODULE_LICENSE(license)
636 #endif
638 int __init
640 {
646 }
648 void __exit
650 {
652 }