diff --git a/src/include/netif/ppp/mppe.h b/src/include/netif/ppp/mppe.h index 75aefc18..551a47e5 100644 --- a/src/include/netif/ppp/mppe.h +++ b/src/include/netif/ppp/mppe.h @@ -39,11 +39,7 @@ #ifndef MPPE_H #define MPPE_H -#if LWIP_INCLUDED_POLARSSL_ARC4 -#include "netif/ppp/polarssl/arc4.h" -#else -#include "polarssl/arc4.h" -#endif +#include "netif/ppp/pppcrypt.h" #define MPPE_PAD 4 /* MPPE growth per frame */ #define MPPE_MAX_KEY_LEN 16 /* largest key length (128-bit) */ @@ -152,7 +148,7 @@ static const u8_t mppe_sha1_pad2[SHA1_PAD_SIZE] = { * State for an MPPE (de)compressor. */ typedef struct ppp_mppe_state { - arc4_context arc4; + lwip_arc4_context arc4; u8_t master_key[MPPE_MAX_KEY_LEN]; u8_t session_key[MPPE_MAX_KEY_LEN]; u8_t keylen; /* key length in bytes */ diff --git a/src/include/netif/ppp/ppp_opts.h b/src/include/netif/ppp/ppp_opts.h index 27943df1..7c7e79e9 100644 --- a/src/include/netif/ppp/ppp_opts.h +++ b/src/include/netif/ppp/ppp_opts.h @@ -331,6 +331,7 @@ * LWIP_INCLUDED_POLARSSL_MD5 ; Use lwIP internal PolarSSL for MD5 * LWIP_INCLUDED_POLARSSL_SHA1 ; Use lwIP internal PolarSSL for SHA1 * LWIP_INCLUDED_POLARSSL_DES ; Use lwIP internal PolarSSL for DES + * LWIP_INCLUDED_POLARSSL_ARC4 ; Use lwIP internal PolarSSL for ARC4 * * If set (=1), the default if required by another enabled PPP feature unless * explicitly set to 0, using included lwIP PolarSSL. @@ -344,7 +345,7 @@ /* CHAP, EAP, L2TP AUTH and MD5 Random require MD5 support */ #if CHAP_SUPPORT || EAP_SUPPORT || PPPOL2TP_AUTH_SUPPORT || PPP_MD5_RANDM #ifndef LWIP_INCLUDED_POLARSSL_MD5 -#define LWIP_INCLUDED_POLARSSL_MD5 1 +#define LWIP_INCLUDED_POLARSSL_MD5 1 #endif /* LWIP_INCLUDED_POLARSSL_MD5 */ #endif /* CHAP_SUPPORT || EAP_SUPPORT || PPPOL2TP_AUTH_SUPPORT || PPP_MD5_RANDM */ diff --git a/src/include/netif/ppp/pppcrypt.h b/src/include/netif/ppp/pppcrypt.h index a6cbd3fa..f0eddb07 100644 --- a/src/include/netif/ppp/pppcrypt.h +++ b/src/include/netif/ppp/pppcrypt.h @@ -33,9 +33,48 @@ #include "netif/ppp/ppp_opts.h" #if PPP_SUPPORT && MSCHAP_SUPPORT /* don't build if not configured for use in lwipopts.h */ +/* This header file is included in all PPP modules needing hashes and/or ciphers */ + #ifndef PPPCRYPT_H #define PPPCRYPT_H +/* + * If included PolarSSL copy is not used, user is expected to include + * external libraries in arch/cc.h (which is included by lwip/arch.h). + */ +#include "lwip/arch.h" + +/* + * Map hashes and ciphers functions to PolarSSL + */ +#include "netif/ppp/polarssl/md4.h" +#define lwip_md4_context md4_context +#define lwip_md4_starts md4_starts +#define lwip_md4_update md4_update +#define lwip_md4_finish md4_finish + +#include "netif/ppp/polarssl/md5.h" +#define lwip_md5_context md5_context +#define lwip_md5_starts md5_starts +#define lwip_md5_update md5_update +#define lwip_md5_finish md5_finish + +#include "netif/ppp/polarssl/sha1.h" +#define lwip_sha1_context sha1_context +#define lwip_sha1_starts sha1_starts +#define lwip_sha1_update sha1_update +#define lwip_sha1_finish sha1_finish + +#include "netif/ppp/polarssl/des.h" +#define lwip_des_context des_context +#define lwip_des_setkey_enc des_setkey_enc +#define lwip_des_crypt_ecb des_crypt_ecb + +#include "netif/ppp/polarssl/arc4.h" +#define lwip_arc4_context arc4_context +#define lwip_arc4_setup arc4_setup +#define lwip_arc4_crypt arc4_crypt + void pppcrypt_56_to_64_bit_key(u_char *key, u_char *des_key); #endif /* PPPCRYPT_H */ diff --git a/src/netif/ppp/chap-md5.c b/src/netif/ppp/chap-md5.c index d92838f3..c7c8acff 100644 --- a/src/netif/ppp/chap-md5.c +++ b/src/netif/ppp/chap-md5.c @@ -41,12 +41,7 @@ #include "netif/ppp/chap-new.h" #include "netif/ppp/chap-md5.h" #include "netif/ppp/magic.h" - -#if LWIP_INCLUDED_POLARSSL_MD5 -#include "netif/ppp/polarssl/md5.h" -#else -#include "polarssl/md5.h" -#endif +#include "netif/ppp/pppcrypt.h" #define MD5_HASH_SIZE 16 #define MD5_MIN_CHALLENGE 17 @@ -67,7 +62,7 @@ static int chap_md5_verify_response(ppp_pcb *pcb, int id, const char *name, const unsigned char *secret, int secret_len, const unsigned char *challenge, const unsigned char *response, char *message, int message_space) { - md5_context ctx; + lwip_md5_context ctx; unsigned char idbyte = id; unsigned char hash[MD5_HASH_SIZE]; int challenge_len, response_len; @@ -78,11 +73,11 @@ static int chap_md5_verify_response(ppp_pcb *pcb, int id, const char *name, response_len = *response++; if (response_len == MD5_HASH_SIZE) { /* Generate hash of ID, secret, challenge */ - md5_starts(&ctx); - md5_update(&ctx, &idbyte, 1); - md5_update(&ctx, secret, secret_len); - md5_update(&ctx, challenge, challenge_len); - md5_finish(&ctx, hash); + lwip_md5_starts(&ctx); + lwip_md5_update(&ctx, &idbyte, 1); + lwip_md5_update(&ctx, secret, secret_len); + lwip_md5_update(&ctx, challenge, challenge_len); + lwip_md5_finish(&ctx, hash); /* Test if our hash matches the peer's response */ if (memcmp(hash, response, MD5_HASH_SIZE) == 0) { @@ -98,18 +93,18 @@ static int chap_md5_verify_response(ppp_pcb *pcb, int id, const char *name, static void chap_md5_make_response(ppp_pcb *pcb, unsigned char *response, int id, const char *our_name, const unsigned char *challenge, const char *secret, int secret_len, unsigned char *private_) { - md5_context ctx; + lwip_md5_context ctx; unsigned char idbyte = id; int challenge_len = *challenge++; LWIP_UNUSED_ARG(our_name); LWIP_UNUSED_ARG(private_); LWIP_UNUSED_ARG(pcb); - md5_starts(&ctx); - md5_update(&ctx, &idbyte, 1); - md5_update(&ctx, (const u_char *)secret, secret_len); - md5_update(&ctx, challenge, challenge_len); - md5_finish(&ctx, &response[1]); + lwip_md5_starts(&ctx); + lwip_md5_update(&ctx, &idbyte, 1); + lwip_md5_update(&ctx, (const u_char *)secret, secret_len); + lwip_md5_update(&ctx, challenge, challenge_len); + lwip_md5_finish(&ctx, &response[1]); response[0] = MD5_HASH_SIZE; } diff --git a/src/netif/ppp/chap_ms.c b/src/netif/ppp/chap_ms.c index 065e95a7..82877f8f 100644 --- a/src/netif/ppp/chap_ms.c +++ b/src/netif/ppp/chap_ms.c @@ -97,24 +97,6 @@ #include "netif/ppp/mppe.h" /* For mppe_sha1_pad*, mppe_set_key() */ #endif /* MPPE_SUPPORT */ -#if LWIP_INCLUDED_POLARSSL_MD4 -#include "netif/ppp/polarssl/md4.h" -#else -#include "polarssl/md4.h" -#endif - -#if LWIP_INCLUDED_POLARSSL_SHA1 -#include "netif/ppp/polarssl/sha1.h" -#else -#include "polarssl/sha1.h" -#endif - -#if LWIP_INCLUDED_POLARSSL_DES -#include "netif/ppp/polarssl/des.h" -#else -#include "polarssl/des.h" -#endif - #define SHA1_SIGNATURE_SIZE 20 #define MD4_SIGNATURE_SIZE 16 /* 16 bytes in a MD4 message digest */ #define MAX_NT_PASSWORD 256 /* Max (Unicode) chars in an NT pass */ @@ -515,7 +497,7 @@ static void ChallengeResponse(const u_char *challenge, const u_char PasswordHash[MD4_SIGNATURE_SIZE], u_char response[24]) { u_char ZPasswordHash[21]; - des_context des; + lwip_des_context des; u_char des_key[8]; BZERO(ZPasswordHash, sizeof(ZPasswordHash)); @@ -527,16 +509,16 @@ static void ChallengeResponse(const u_char *challenge, #endif pppcrypt_56_to_64_bit_key(ZPasswordHash + 0, des_key); - des_setkey_enc(&des, des_key); - des_crypt_ecb(&des, challenge, response +0); + lwip_des_setkey_enc(&des, des_key); + lwip_des_crypt_ecb(&des, challenge, response +0); pppcrypt_56_to_64_bit_key(ZPasswordHash + 7, des_key); - des_setkey_enc(&des, des_key); - des_crypt_ecb(&des, challenge, response +8); + lwip_des_setkey_enc(&des, des_key); + lwip_des_crypt_ecb(&des, challenge, response +8); pppcrypt_56_to_64_bit_key(ZPasswordHash + 14, des_key); - des_setkey_enc(&des, des_key); - des_crypt_ecb(&des, challenge, response +16); + lwip_des_setkey_enc(&des, des_key); + lwip_des_crypt_ecb(&des, challenge, response +16); #if 0 dbglog("ChallengeResponse - response %.24B", response); @@ -545,7 +527,7 @@ static void ChallengeResponse(const u_char *challenge, static void ChallengeHash(const u_char PeerChallenge[16], const u_char *rchallenge, const char *username, u_char Challenge[8]) { - sha1_context sha1Context; + lwip_sha1_context sha1Context; u_char sha1Hash[SHA1_SIGNATURE_SIZE]; const char *user; @@ -555,11 +537,11 @@ static void ChallengeHash(const u_char PeerChallenge[16], const u_char *rchallen else user = username; - sha1_starts(&sha1Context); - sha1_update(&sha1Context, PeerChallenge, 16); - sha1_update(&sha1Context, rchallenge, 16); - sha1_update(&sha1Context, (const unsigned char*)user, strlen(user)); - sha1_finish(&sha1Context, sha1Hash); + lwip_sha1_starts(&sha1Context); + lwip_sha1_update(&sha1Context, PeerChallenge, 16); + lwip_sha1_update(&sha1Context, rchallenge, 16); + lwip_sha1_update(&sha1Context, (const unsigned char*)user, strlen(user)); + lwip_sha1_finish(&sha1Context, sha1Hash); MEMCPY(Challenge, sha1Hash, 8); } @@ -580,11 +562,11 @@ static void ascii2unicode(const char ascii[], int ascii_len, u_char unicode[]) { } static void NTPasswordHash(u_char *secret, int secret_len, u_char hash[MD4_SIGNATURE_SIZE]) { - md4_context md4Context; + lwip_md4_context md4Context; - md4_starts(&md4Context); - md4_update(&md4Context, secret, secret_len); - md4_finish(&md4Context, hash); + lwip_md4_starts(&md4Context); + lwip_md4_update(&md4Context, secret, secret_len); + lwip_md4_finish(&md4Context, hash); } static void ChapMS_NT(const u_char *rchallenge, const char *secret, int secret_len, @@ -622,7 +604,7 @@ static void ChapMS_LANMan(u_char *rchallenge, char *secret, int secret_len, int i; u_char UcasePassword[MAX_NT_PASSWORD]; /* max is actually 14 */ u_char PasswordHash[MD4_SIGNATURE_SIZE]; - des_context des; + lwip_des_context des; u_char des_key[8]; /* LANMan password is case insensitive */ @@ -631,12 +613,12 @@ static void ChapMS_LANMan(u_char *rchallenge, char *secret, int secret_len, UcasePassword[i] = (u_char)toupper(secret[i]); pppcrypt_56_to_64_bit_key(UcasePassword +0, des_key); - des_setkey_enc(&des, des_key); - des_crypt_ecb(&des, StdText, PasswordHash +0); + lwip_des_setkey_enc(&des, des_key); + lwip_des_crypt_ecb(&des, StdText, PasswordHash +0); pppcrypt_56_to_64_bit_key(UcasePassword +7, des_key); - des_setkey_enc(&des, des_key); - des_crypt_ecb(&des, StdText, PasswordHash +8); + lwip_des_setkey_enc(&des, des_key); + lwip_des_crypt_ecb(&des, StdText, PasswordHash +8); ChallengeResponse(rchallenge, PasswordHash, &response[MS_CHAP_LANMANRESP]); } @@ -663,23 +645,23 @@ static void GenerateAuthenticatorResponse(const u_char PasswordHashHash[MD4_SIGN 0x6E }; int i; - sha1_context sha1Context; + lwip_sha1_context sha1Context; u_char Digest[SHA1_SIGNATURE_SIZE]; u_char Challenge[8]; - sha1_starts(&sha1Context); - sha1_update(&sha1Context, PasswordHashHash, MD4_SIGNATURE_SIZE); - sha1_update(&sha1Context, NTResponse, 24); - sha1_update(&sha1Context, Magic1, sizeof(Magic1)); - sha1_finish(&sha1Context, Digest); + lwip_sha1_starts(&sha1Context); + lwip_sha1_update(&sha1Context, PasswordHashHash, MD4_SIGNATURE_SIZE); + lwip_sha1_update(&sha1Context, NTResponse, 24); + lwip_sha1_update(&sha1Context, Magic1, sizeof(Magic1)); + lwip_sha1_finish(&sha1Context, Digest); ChallengeHash(PeerChallenge, rchallenge, username, Challenge); - sha1_starts(&sha1Context); - sha1_update(&sha1Context, Digest, sizeof(Digest)); - sha1_update(&sha1Context, Challenge, sizeof(Challenge)); - sha1_update(&sha1Context, Magic2, sizeof(Magic2)); - sha1_finish(&sha1Context, Digest); + lwip_sha1_starts(&sha1Context); + lwip_sha1_update(&sha1Context, Digest, sizeof(Digest)); + lwip_sha1_update(&sha1Context, Challenge, sizeof(Challenge)); + lwip_sha1_update(&sha1Context, Magic2, sizeof(Magic2)); + lwip_sha1_finish(&sha1Context, Digest); /* Convert to ASCII hex string. */ for (i = 0; i < LWIP_MAX((MS_AUTH_RESPONSE_LENGTH / 2), (int)sizeof(Digest)); i++) @@ -715,7 +697,7 @@ static void Set_Start_Key(ppp_pcb *pcb, const u_char *rchallenge, const char *se u_char unicodePassword[MAX_NT_PASSWORD * 2]; u_char PasswordHash[MD4_SIGNATURE_SIZE]; u_char PasswordHashHash[MD4_SIGNATURE_SIZE]; - sha1_context sha1Context; + lwip_sha1_context sha1Context; u_char Digest[SHA1_SIGNATURE_SIZE]; /* >= MPPE_MAX_KEY_LEN */ /* Hash (x2) the Unicode version of the secret (== password). */ @@ -723,11 +705,11 @@ static void Set_Start_Key(ppp_pcb *pcb, const u_char *rchallenge, const char *se NTPasswordHash(unicodePassword, secret_len * 2, PasswordHash); NTPasswordHash(PasswordHash, sizeof(PasswordHash), PasswordHashHash); - sha1_starts(&sha1Context); - sha1_update(&sha1Context, PasswordHashHash, MD4_SIGNATURE_SIZE); - sha1_update(&sha1Context, PasswordHashHash, MD4_SIGNATURE_SIZE); - sha1_update(&sha1Context, rchallenge, 8); - sha1_finish(&sha1Context, Digest); + lwip_sha1_starts(&sha1Context); + lwip_sha1_update(&sha1Context, PasswordHashHash, MD4_SIGNATURE_SIZE); + lwip_sha1_update(&sha1Context, PasswordHashHash, MD4_SIGNATURE_SIZE); + lwip_sha1_update(&sha1Context, rchallenge, 8); + lwip_sha1_finish(&sha1Context, Digest); /* Same key in both directions. */ mppe_set_key(pcb, &pcb->mppe_comp, Digest); @@ -743,7 +725,7 @@ static void SetMasterKeys(ppp_pcb *pcb, const char *secret, int secret_len, u_ch u_char unicodePassword[MAX_NT_PASSWORD * 2]; u_char PasswordHash[MD4_SIGNATURE_SIZE]; u_char PasswordHashHash[MD4_SIGNATURE_SIZE]; - sha1_context sha1Context; + lwip_sha1_context sha1Context; u_char MasterKey[SHA1_SIGNATURE_SIZE]; /* >= MPPE_MAX_KEY_LEN */ u_char Digest[SHA1_SIGNATURE_SIZE]; /* >= MPPE_MAX_KEY_LEN */ const u_char *s; @@ -783,11 +765,11 @@ static void SetMasterKeys(ppp_pcb *pcb, const char *secret, int secret_len, u_ch NTPasswordHash(unicodePassword, secret_len * 2, PasswordHash); NTPasswordHash(PasswordHash, sizeof(PasswordHash), PasswordHashHash); - sha1_starts(&sha1Context); - sha1_update(&sha1Context, PasswordHashHash, MD4_SIGNATURE_SIZE); - sha1_update(&sha1Context, NTResponse, 24); - sha1_update(&sha1Context, Magic1, sizeof(Magic1)); - sha1_finish(&sha1Context, MasterKey); + lwip_sha1_starts(&sha1Context); + lwip_sha1_update(&sha1Context, PasswordHashHash, MD4_SIGNATURE_SIZE); + lwip_sha1_update(&sha1Context, NTResponse, 24); + lwip_sha1_update(&sha1Context, Magic1, sizeof(Magic1)); + lwip_sha1_finish(&sha1Context, MasterKey); /* * generate send key @@ -796,12 +778,12 @@ static void SetMasterKeys(ppp_pcb *pcb, const char *secret, int secret_len, u_ch s = Magic3; else s = Magic2; - sha1_starts(&sha1Context); - sha1_update(&sha1Context, MasterKey, 16); - sha1_update(&sha1Context, mppe_sha1_pad1, SHA1_PAD_SIZE); - sha1_update(&sha1Context, s, 84); - sha1_update(&sha1Context, mppe_sha1_pad2, SHA1_PAD_SIZE); - sha1_finish(&sha1Context, Digest); + lwip_sha1_starts(&sha1Context); + lwip_sha1_update(&sha1Context, MasterKey, 16); + lwip_sha1_update(&sha1Context, mppe_sha1_pad1, SHA1_PAD_SIZE); + lwip_sha1_update(&sha1Context, s, 84); + lwip_sha1_update(&sha1Context, mppe_sha1_pad2, SHA1_PAD_SIZE); + lwip_sha1_finish(&sha1Context, Digest); mppe_set_key(pcb, &pcb->mppe_comp, Digest); @@ -812,12 +794,12 @@ static void SetMasterKeys(ppp_pcb *pcb, const char *secret, int secret_len, u_ch s = Magic2; else s = Magic3; - sha1_starts(&sha1Context); - sha1_update(&sha1Context, MasterKey, 16); - sha1_update(&sha1Context, mppe_sha1_pad1, SHA1_PAD_SIZE); - sha1_update(&sha1Context, s, 84); - sha1_update(&sha1Context, mppe_sha1_pad2, SHA1_PAD_SIZE); - sha1_finish(&sha1Context, Digest); + lwip_sha1_starts(&sha1Context); + lwip_sha1_update(&sha1Context, MasterKey, 16); + lwip_sha1_update(&sha1Context, mppe_sha1_pad1, SHA1_PAD_SIZE); + lwip_sha1_update(&sha1Context, s, 84); + lwip_sha1_update(&sha1Context, mppe_sha1_pad2, SHA1_PAD_SIZE); + lwip_sha1_finish(&sha1Context, Digest); mppe_set_key(pcb, &pcb->mppe_decomp, Digest); diff --git a/src/netif/ppp/eap.c b/src/netif/ppp/eap.c index 6569e16c..917d1e4c 100644 --- a/src/netif/ppp/eap.c +++ b/src/netif/ppp/eap.c @@ -47,21 +47,14 @@ #if PPP_SUPPORT && EAP_SUPPORT /* don't build if not configured for use in lwipopts.h */ #include "netif/ppp/ppp_impl.h" - -#if LWIP_INCLUDED_POLARSSL_MD5 -#include "netif/ppp/polarssl/md5.h" -#else -#include "polarssl/md5.h" -#endif - #include "netif/ppp/eap.h" #include "netif/ppp/magic.h" +#include "netif/ppp/pppcrypt.h" #ifdef USE_SRP #include #include #include -#include "netif/ppp/pppcrypt.h" #endif /* USE_SRP */ #ifndef SHA_DIGESTSIZE @@ -1321,7 +1314,7 @@ static void eap_request(ppp_pcb *pcb, u_char *inp, int id, int len) { int secret_len; char secret[MAXSECRETLEN]; char rhostname[MAXNAMELEN]; - md5_context mdContext; + lwip_md5_context mdContext; u_char hash[MD5_SIGNATURE_SIZE]; #ifdef USE_SRP struct t_client *tc; @@ -1450,13 +1443,13 @@ static void eap_request(ppp_pcb *pcb, u_char *inp, int id, int len) { eap_send_nak(pcb, id, EAPT_SRP); break; } - md5_starts(&mdContext); + lwip_md5_starts(&mdContext); typenum = id; - md5_update(&mdContext, &typenum, 1); - md5_update(&mdContext, (u_char *)secret, secret_len); + lwip_md5_update(&mdContext, &typenum, 1); + lwip_md5_update(&mdContext, (u_char *)secret, secret_len); BZERO(secret, sizeof (secret)); - md5_update(&mdContext, inp, vallen); - md5_finish(&mdContext, hash); + lwip_md5_update(&mdContext, inp, vallen); + lwip_md5_finish(&mdContext, hash); eap_chap_response(pcb, id, hash, pcb->eap.es_client.ea_name, pcb->eap.es_client.ea_namelen); break; @@ -1733,7 +1726,7 @@ static void eap_response(ppp_pcb *pcb, u_char *inp, int id, int len) { int secret_len; char secret[MAXSECRETLEN]; char rhostname[MAXNAMELEN]; - md5_context mdContext; + lwip_md5_context mdContext; u_char hash[MD5_SIGNATURE_SIZE]; #ifdef USE_SRP struct t_server *ts; @@ -1876,12 +1869,12 @@ static void eap_response(ppp_pcb *pcb, u_char *inp, int id, int len) { eap_send_failure(pcb); break; } - md5_starts(&mdContext); - md5_update(&mdContext, &pcb->eap.es_server.ea_id, 1); - md5_update(&mdContext, (u_char *)secret, secret_len); + lwip_md5_starts(&mdContext); + lwip_md5_update(&mdContext, &pcb->eap.es_server.ea_id, 1); + lwip_md5_update(&mdContext, (u_char *)secret, secret_len); BZERO(secret, sizeof (secret)); - md5_update(&mdContext, pcb->eap.es_challenge, pcb->eap.es_challen); - md5_finish(&mdContext, hash); + lwip_md5_update(&mdContext, pcb->eap.es_challenge, pcb->eap.es_challen); + lwip_md5_finish(&mdContext, hash); if (BCMP(hash, inp, MD5_SIGNATURE_SIZE) != 0) { eap_send_failure(pcb); break; diff --git a/src/netif/ppp/magic.c b/src/netif/ppp/magic.c index 1107b4e6..66bf2276 100644 --- a/src/netif/ppp/magic.c +++ b/src/netif/ppp/magic.c @@ -80,11 +80,7 @@ #if PPP_MD5_RANDM /* Using MD5 for better randomness if enabled */ -#if LWIP_INCLUDED_POLARSSL_MD5 -#include "netif/ppp/polarssl/md5.h" -#else -#include "polarssl/md5.h" -#endif +#include "netif/ppp/pppcrypt.h" #define MD5_HASH_SIZE 16 static char magic_randpool[MD5_HASH_SIZE]; /* Pool of randomness. */ @@ -102,13 +98,13 @@ static u32_t magic_randomseed; /* Seed used for random number generation. */ * Ref: Applied Cryptography 2nd Ed. by Bruce Schneier p. 427 */ static void magic_churnrand(char *rand_data, u32_t rand_len) { - md5_context md5_ctx; + lwip_md5_context md5_ctx; /* LWIP_DEBUGF(LOG_INFO, ("magic_churnrand: %u@%P\n", rand_len, rand_data)); */ - md5_starts(&md5_ctx); - md5_update(&md5_ctx, (u_char *)magic_randpool, sizeof(magic_randpool)); + lwip_md5_starts(&md5_ctx); + lwip_md5_update(&md5_ctx, (u_char *)magic_randpool, sizeof(magic_randpool)); if (rand_data) { - md5_update(&md5_ctx, (u_char *)rand_data, rand_len); + lwip_md5_update(&md5_ctx, (u_char *)rand_data, rand_len); } else { struct { /* INCLUDE fields for any system sources of randomness */ @@ -123,9 +119,9 @@ static void magic_churnrand(char *rand_data, u32_t rand_len) { sys_data.rand = LWIP_RAND(); #endif /* LWIP_RAND */ /* Load sys_data fields here. */ - md5_update(&md5_ctx, (u_char *)&sys_data, sizeof(sys_data)); + lwip_md5_update(&md5_ctx, (u_char *)&sys_data, sizeof(sys_data)); } - md5_finish(&md5_ctx, (u_char *)magic_randpool); + lwip_md5_finish(&md5_ctx, (u_char *)magic_randpool); /* LWIP_DEBUGF(LOG_INFO, ("magic_churnrand: -> 0\n")); */ } @@ -162,15 +158,15 @@ void magic_randomize(void) { * it was documented. */ void magic_random_bytes(unsigned char *buf, u32_t buf_len) { - md5_context md5_ctx; + lwip_md5_context md5_ctx; u_char tmp[MD5_HASH_SIZE]; u32_t n; while (buf_len > 0) { - md5_starts(&md5_ctx); - md5_update(&md5_ctx, (u_char *)magic_randpool, sizeof(magic_randpool)); - md5_update(&md5_ctx, (u_char *)&magic_randcount, sizeof(magic_randcount)); - md5_finish(&md5_ctx, tmp); + lwip_md5_starts(&md5_ctx); + lwip_md5_update(&md5_ctx, (u_char *)magic_randpool, sizeof(magic_randpool)); + lwip_md5_update(&md5_ctx, (u_char *)&magic_randcount, sizeof(magic_randcount)); + lwip_md5_finish(&md5_ctx, tmp); magic_randcount++; n = LWIP_MIN(buf_len, MD5_HASH_SIZE); MEMCPY(buf, tmp, n); diff --git a/src/netif/ppp/mppe.c b/src/netif/ppp/mppe.c index 4cdcbb67..216f587b 100644 --- a/src/netif/ppp/mppe.c +++ b/src/netif/ppp/mppe.c @@ -34,18 +34,7 @@ #include "netif/ppp/ccp.h" #include "netif/ppp/mppe.h" #include "netif/ppp/pppdebug.h" - -#if LWIP_INCLUDED_POLARSSL_SHA1 -#include "netif/ppp/polarssl/sha1.h" -#else -#include "polarssl/sha1.h" -#endif - -#if LWIP_INCLUDED_POLARSSL_ARC4 -#include "netif/ppp/polarssl/arc4.h" -#else -#include "polarssl/arc4.h" -#endif +#include "netif/ppp/pppcrypt.h" #define SHA1_SIGNATURE_SIZE 20 @@ -71,24 +60,24 @@ */ static void mppe_rekey(ppp_mppe_state * state, int initial_key) { - sha1_context sha1_ctx; + lwip_sha1_context sha1_ctx; u8_t sha1_digest[SHA1_SIGNATURE_SIZE]; /* * Key Derivation, from RFC 3078, RFC 3079. * Equivalent to Get_Key() for MS-CHAP as described in RFC 3079. */ - sha1_starts(&sha1_ctx); - sha1_update(&sha1_ctx, state->master_key, state->keylen); - sha1_update(&sha1_ctx, mppe_sha1_pad1, SHA1_PAD_SIZE); - sha1_update(&sha1_ctx, state->session_key, state->keylen); - sha1_update(&sha1_ctx, mppe_sha1_pad2, SHA1_PAD_SIZE); - sha1_finish(&sha1_ctx, sha1_digest); + lwip_sha1_starts(&sha1_ctx); + lwip_sha1_update(&sha1_ctx, state->master_key, state->keylen); + lwip_sha1_update(&sha1_ctx, mppe_sha1_pad1, SHA1_PAD_SIZE); + lwip_sha1_update(&sha1_ctx, state->session_key, state->keylen); + lwip_sha1_update(&sha1_ctx, mppe_sha1_pad2, SHA1_PAD_SIZE); + lwip_sha1_finish(&sha1_ctx, sha1_digest); MEMCPY(state->session_key, sha1_digest, state->keylen); if (!initial_key) { - arc4_setup(&state->arc4, sha1_digest, state->keylen); - arc4_crypt(&state->arc4, state->session_key, state->keylen); + lwip_arc4_setup(&state->arc4, sha1_digest, state->keylen); + lwip_arc4_crypt(&state->arc4, state->session_key, state->keylen); } if (state->keylen == 8) { /* See RFC 3078 */ @@ -96,7 +85,7 @@ static void mppe_rekey(ppp_mppe_state * state, int initial_key) state->session_key[1] = 0x26; state->session_key[2] = 0x9e; } - arc4_setup(&state->arc4, state->session_key, state->keylen); + lwip_arc4_setup(&state->arc4, state->session_key, state->keylen); } /* @@ -256,7 +245,7 @@ mppe_compress(ppp_pcb *pcb, ppp_mppe_state *state, struct pbuf **pb, u16_t proto /* Encrypt packet */ for (n = np; n != NULL; n = n->next) { - arc4_crypt(&state->arc4, (u8_t*)n->payload, n->len); + lwip_arc4_crypt(&state->arc4, (u8_t*)n->payload, n->len); if (n->tot_len == n->len) { break; } @@ -392,7 +381,7 @@ mppe_decompress(ppp_pcb *pcb, ppp_mppe_state *state, struct pbuf **pb) /* Decrypt the packet. */ for (n = n0; n != NULL; n = n->next) { - arc4_crypt(&state->arc4, (u8_t*)n->payload, n->len); + lwip_arc4_crypt(&state->arc4, (u8_t*)n->payload, n->len); if (n->tot_len == n->len) { break; } diff --git a/src/netif/ppp/pppol2tp.c b/src/netif/ppp/pppol2tp.c index 1d1ad8e3..de36c6fc 100644 --- a/src/netif/ppp/pppol2tp.c +++ b/src/netif/ppp/pppol2tp.c @@ -63,17 +63,9 @@ #include "netif/ppp/lcp.h" #include "netif/ppp/ipcp.h" #include "netif/ppp/pppol2tp.h" - +#include "netif/ppp/pppcrypt.h" #include "netif/ppp/magic.h" -#if PPPOL2TP_AUTH_SUPPORT -#if LWIP_INCLUDED_POLARSSL_MD5 -#include "netif/ppp/polarssl/md5.h" -#else -#include "polarssl/md5.h" -#endif -#endif /* PPPOL2TP_AUTH_SUPPORT */ - /* Memory pool */ LWIP_MEMPOOL_DECLARE(PPPOL2TP_PCB, MEMP_NUM_PPPOL2TP_INTERFACES, sizeof(pppol2tp_pcb), "PPPOL2TP_PCB") @@ -493,7 +485,7 @@ static void pppol2tp_dispatch_control_packet(pppol2tp_pcb *l2tp, u16_t port, str u16_t avplen, avpflags, vendorid, attributetype, messagetype=0; err_t err; #if PPPOL2TP_AUTH_SUPPORT - md5_context md5_ctx; + lwip_md5_context md5_ctx; u8_t md5_hash[16]; u8_t challenge_id = 0; #endif /* PPPOL2TP_AUTH_SUPPORT */ @@ -600,12 +592,12 @@ static void pppol2tp_dispatch_control_packet(pppol2tp_pcb *l2tp, u16_t port, str return; } /* Generate hash of ID, secret, challenge */ - md5_starts(&md5_ctx); + lwip_md5_starts(&md5_ctx); challenge_id = PPPOL2TP_MESSAGETYPE_SCCCN; - md5_update(&md5_ctx, &challenge_id, 1); - md5_update(&md5_ctx, l2tp->secret, l2tp->secret_len); - md5_update(&md5_ctx, inp, avplen); - md5_finish(&md5_ctx, l2tp->challenge_hash); + lwip_md5_update(&md5_ctx, &challenge_id, 1); + lwip_md5_update(&md5_ctx, l2tp->secret, l2tp->secret_len); + lwip_md5_update(&md5_ctx, inp, avplen); + lwip_md5_finish(&md5_ctx, l2tp->challenge_hash); l2tp->send_challenge = 1; goto skipavp; case PPPOL2TP_AVPTYPE_CHALLENGERESPONSE: @@ -614,12 +606,12 @@ static void pppol2tp_dispatch_control_packet(pppol2tp_pcb *l2tp, u16_t port, str return; } /* Generate hash of ID, secret, challenge */ - md5_starts(&md5_ctx); + lwip_md5_starts(&md5_ctx); challenge_id = PPPOL2TP_MESSAGETYPE_SCCRP; - md5_update(&md5_ctx, &challenge_id, 1); - md5_update(&md5_ctx, l2tp->secret, l2tp->secret_len); - md5_update(&md5_ctx, l2tp->secret_rv, sizeof(l2tp->secret_rv)); - md5_finish(&md5_ctx, md5_hash); + lwip_md5_update(&md5_ctx, &challenge_id, 1); + lwip_md5_update(&md5_ctx, l2tp->secret, l2tp->secret_len); + lwip_md5_update(&md5_ctx, l2tp->secret_rv, sizeof(l2tp->secret_rv)); + lwip_md5_finish(&md5_ctx, md5_hash); if ( memcmp(inp, md5_hash, sizeof(md5_hash)) ) { PPPDEBUG(LOG_DEBUG, ("pppol2tp: Received challenge response from peer and secret key do not match\n")); pppol2tp_abort_connect(l2tp);