abc/lwip
1
0
Fork 0
mirror of https://git.savannah.nongnu.org/git/lwip.git synced 2025-08-04 21:44:38 +08:00
Code Issues Packages Projects Releases Wiki Activity

PPP, MSCHAP, CCP, MPPE: reworked key passing from CCP to MPPE

Browse Source 
Removed mutiple copies of keys by pre-setting MPPE keys during MSCHAP
negotiation.

Improved MPPE init so we don't need to pass a buffer formatted in a
special way to MPPE, this is necessary for pppd to talk to the kernel,
we don't need that here.
This commit is contained in:
Sylvain Rochet 2015-04-19 01:20:43 +02:00
parent 045f44c7f9
commit fc7e327d19
5 changed files with 25 additions and 48 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
src/include/netif/ppp/mppe.h
View File

@ -169,8 +169,8 @@ typedef struct ppp_mppe_state {
u8_t unit; u8_t unit;
} ppp_mppe_state; } ppp_mppe_state;
int mppe_init(ppp_mppe_state *state, unsigned char *options, int optlen, void mppe_set_key(ppp_mppe_state *state, u8_t *key);
u8_t unit, u8_t debug, const char *debugstr); void mppe_init(ppp_mppe_state *state, u8_t options, u8_t unit, u8_t debug, const char *debugstr);
void mppe_comp_reset(ppp_mppe_state *state); void mppe_comp_reset(ppp_mppe_state *state);
err_t mppe_compress(ppp_mppe_state *state, struct pbuf **pb, u16_t protocol); err_t mppe_compress(ppp_mppe_state *state, struct pbuf **pb, u16_t protocol);
void mppe_decomp_reset(ppp_mppe_state *state); void mppe_decomp_reset(ppp_mppe_state *state);

2
src/include/netif/ppp/ppp.h
View File

@ -423,8 +423,6 @@ struct ppp_pcb_s {
#if MPPE_SUPPORT #if MPPE_SUPPORT
ppp_mppe_state mppe_comp; /* MPPE "compressor" structure */ ppp_mppe_state mppe_comp; /* MPPE "compressor" structure */
ppp_mppe_state mppe_decomp; /* MPPE "decompressor" structure */ ppp_mppe_state mppe_decomp; /* MPPE "decompressor" structure */
u8_t mppe_send_key[MPPE_MAX_KEY_LEN];
u8_t mppe_recv_key[MPPE_MAX_KEY_LEN];
#endif /* MPPE_SUPPORT */ #endif /* MPPE_SUPPORT */
#endif /* CCP_SUPPORT */ #endif /* CCP_SUPPORT */

26
src/netif/ppp/ccp.c
View File

@ -765,15 +765,10 @@ static void ccp_addci(fsm *f, u_char *p, int *lenp) {
*/ */
#if MPPE_SUPPORT #if MPPE_SUPPORT
if (go->mppe) { if (go->mppe) {
u_char opt_buf[CILEN_MPPE + MPPE_MAX_KEY_LEN]; p[0] = CI_MPPE;
p[1] = CILEN_MPPE;
p[0] = opt_buf[0] = CI_MPPE;
p[1] = opt_buf[1] = CILEN_MPPE;
MPPE_OPTS_TO_CI(go->mppe, &p[2]); MPPE_OPTS_TO_CI(go->mppe, &p[2]);
MPPE_OPTS_TO_CI(go->mppe, &opt_buf[2]); mppe_init(&pcb->mppe_decomp, go->mppe, pcb->netif->num, 1, "mppe_decomp_init");
MEMCPY(&opt_buf[CILEN_MPPE], pcb->mppe_recv_key, MPPE_MAX_KEY_LEN);
mppe_init(&pcb->mppe_decomp, opt_buf, CILEN_MPPE + MPPE_MAX_KEY_LEN,
pcb->netif->num, 1, "mppe_decomp_init");
p += CILEN_MPPE; p += CILEN_MPPE;
} }
#endif /* MPPE_SUPPORT */ #endif /* MPPE_SUPPORT */
@ -1199,20 +1194,9 @@ static int ccp_reqci(fsm *f, u_char *p, int *lenp, int dont_nak) {
/* rebuild the opts */ /* rebuild the opts */
MPPE_OPTS_TO_CI(ho->mppe, &p[2]); MPPE_OPTS_TO_CI(ho->mppe, &p[2]);
if (newret == CONFACK) { if (newret == CONFACK) {
u_char opt_buf[CILEN_MPPE + MPPE_MAX_KEY_LEN];
int mtu; int mtu;
MEMCPY(opt_buf, p, CILEN_MPPE); mppe_init(&pcb->mppe_comp, ho->mppe, pcb->netif->num, 1, "mppe_comp_init");
MEMCPY(&opt_buf[CILEN_MPPE], pcb->mppe_send_key,
MPPE_MAX_KEY_LEN);
if (mppe_init(&pcb->mppe_comp, opt_buf, CILEN_MPPE + MPPE_MAX_KEY_LEN,
pcb->netif->num, 1, "mppe_comp_init") <= 0) {
/* This shouldn't happen, we've already tested it! */
ppp_error("MPPE required, but kernel has no support.");
lcp_close(pcb, "MPPE required but not available");
newret = CONFREJ;
break;
}
/* /*
* We need to decrease the interface MTU by MPPE_PAD * We need to decrease the interface MTU by MPPE_PAD
* because MPPE frames **grow**. The kernel [must] * because MPPE frames **grow**. The kernel [must]
@ -1483,8 +1467,6 @@ static void ccp_up(fsm *f) {
ppp_notice("%s transmit compression enabled", method_name(ho, NULL)); ppp_notice("%s transmit compression enabled", method_name(ho, NULL));
#if MPPE_SUPPORT #if MPPE_SUPPORT
if (go->mppe) { if (go->mppe) {
BZERO(pcb->mppe_recv_key, MPPE_MAX_KEY_LEN);
BZERO(pcb->mppe_send_key, MPPE_MAX_KEY_LEN);
continue_networks(pcb); /* Bring up IP et al */ continue_networks(pcb); /* Bring up IP et al */
} }
#endif /* MPPE_SUPPORT */ #endif /* MPPE_SUPPORT */

10
src/netif/ppp/chap_ms.c
View File

@ -94,7 +94,7 @@
#include "netif/ppp/pppcrypt.h" #include "netif/ppp/pppcrypt.h"
#include "netif/ppp/magic.h" #include "netif/ppp/magic.h"
#if MPPE_SUPPORT #if MPPE_SUPPORT
#include "netif/ppp/mppe.h" /* For mppe_sha1_pad* */ #include "netif/ppp/mppe.h" /* For mppe_sha1_pad*, mppe_set_key() */
#endif /* MPPE_SUPPORT */ #endif /* MPPE_SUPPORT */
#if LWIP_INCLUDED_POLARSSL_MD4 #if LWIP_INCLUDED_POLARSSL_MD4
@ -730,8 +730,8 @@ static void Set_Start_Key(ppp_pcb *pcb, u_char *rchallenge, char *secret, int se
sha1_finish(&sha1Context, Digest); sha1_finish(&sha1Context, Digest);
/* Same key in both directions. */ /* Same key in both directions. */
MEMCPY(pcb->mppe_send_key, Digest, MPPE_MAX_KEY_LEN); mppe_set_key(&pcb->mppe_comp, Digest);
MEMCPY(pcb->mppe_recv_key, Digest, MPPE_MAX_KEY_LEN); mppe_set_key(&pcb->mppe_decomp, Digest);
pcb->mppe_keys_set = 1; pcb->mppe_keys_set = 1;
} }
@ -803,7 +803,7 @@ static void SetMasterKeys(ppp_pcb *pcb, char *secret, int secret_len, u_char NTR
sha1_update(&sha1Context, (unsigned char *)mppe_sha1_pad2, SHA1_PAD_SIZE); sha1_update(&sha1Context, (unsigned char *)mppe_sha1_pad2, SHA1_PAD_SIZE);
sha1_finish(&sha1Context, Digest); sha1_finish(&sha1Context, Digest);
MEMCPY(pcb->mppe_send_key, Digest, MPPE_MAX_KEY_LEN); mppe_set_key(&pcb->mppe_comp, Digest);
/* /*
* generate recv key * generate recv key
@ -819,7 +819,7 @@ static void SetMasterKeys(ppp_pcb *pcb, char *secret, int secret_len, u_char NTR
sha1_update(&sha1Context, (unsigned char *)mppe_sha1_pad2, SHA1_PAD_SIZE); sha1_update(&sha1Context, (unsigned char *)mppe_sha1_pad2, SHA1_PAD_SIZE);
sha1_finish(&sha1Context, Digest); sha1_finish(&sha1Context, Digest);
MEMCPY(pcb->mppe_recv_key, Digest, MPPE_MAX_KEY_LEN); mppe_set_key(&pcb->mppe_decomp, Digest);
pcb->mppe_keys_set = 1; pcb->mppe_keys_set = 1;
} }

31
src/netif/ppp/mppe.c
View File

@ -99,34 +99,33 @@ static void mppe_rekey(ppp_mppe_state * state, int initial_key)
arc4_setup(&state->arc4, state->session_key, state->keylen); arc4_setup(&state->arc4, state->session_key, state->keylen);
} }
/*
* Set key, used by MSCHAP before mppe_init() is actually called by CCP so we
* don't have to keep multiple copies of keys.
*/
void mppe_set_key(ppp_mppe_state *state, u8_t *key) {
MEMCPY(state->master_key, key, MPPE_MAX_KEY_LEN);
}
/* /*
* Initialize (de)compressor state. * Initialize (de)compressor state.
*/ */
int void
mppe_init(ppp_mppe_state *state, unsigned char *options, int optlen, u8_t unit, u8_t debug, mppe_init(ppp_mppe_state *state, u8_t options, u8_t unit, u8_t debug, const char *debugstr)
const char *debugstr)
{ {
unsigned char mppe_opts;
if (optlen != CILEN_MPPE + sizeof(state->master_key) ||
options[0] != CI_MPPE || options[1] != CILEN_MPPE)
return 0;
/* Save keys. */ /* Save keys. */
MEMCPY(state->master_key, &options[CILEN_MPPE], sizeof(state->master_key));
MEMCPY(state->session_key, state->master_key, sizeof(state->master_key)); MEMCPY(state->session_key, state->master_key, sizeof(state->master_key));
MPPE_CI_TO_OPTS(&options[2], mppe_opts); if (options & MPPE_OPT_128)
if (mppe_opts & MPPE_OPT_128)
state->keylen = 16; state->keylen = 16;
else if (mppe_opts & MPPE_OPT_40) else if (options & MPPE_OPT_40)
state->keylen = 8; state->keylen = 8;
else { else {
PPPDEBUG(LOG_DEBUG, ("%s[%d]: unknown key length\n", debugstr, PPPDEBUG(LOG_DEBUG, ("%s[%d]: unknown key length\n", debugstr,
unit)); unit));
return 0; return;
} }
if (mppe_opts & MPPE_OPT_STATEFUL) if (options & MPPE_OPT_STATEFUL)
state->stateful = 1; state->stateful = 1;
/* Generate the initial session key. */ /* Generate the initial session key. */
@ -166,8 +165,6 @@ mppe_init(ppp_mppe_state *state, unsigned char *options, int optlen, u8_t unit,
state->unit = unit; state->unit = unit;
state->debug = debug; state->debug = debug;
return 1;
} }
/* /*