1 diff -Nur linux-2.6.2.org/drivers/net/Kconfig linux-2.6.2/drivers/net/Kconfig
2 --- linux-2.6.2.org/drivers/net/Kconfig 2004-02-04 03:44:28.000000000 +0000
3 +++ linux-2.6.2/drivers/net/Kconfig 2004-02-05 09:45:21.000000000 +0000
5 module; it is called bsd_comp and will show up in the directory
6 modules once you have said "make modules". If unsure, say N.
9 + tristate "PPP MPPE commpression (encrypted) (EXPERIMENTAL)"
10 + depends on EXPERIMENTAL && PPP
14 tristate "PPP over Ethernet (EXPERIMENTAL)"
15 depends on EXPERIMENTAL && PPP
16 diff -Nur linux-2.6.2.org/drivers/net/Makefile linux-2.6.2/drivers/net/Makefile
17 --- linux-2.6.2.org/drivers/net/Makefile 2004-02-04 03:43:34.000000000 +0000
18 +++ linux-2.6.2/drivers/net/Makefile 2004-02-05 10:36:30.000000000 +0000
21 rcpci-objs := rcpci45.o rclanmtl.o
23 +ppp_mppe-objs := ppp_mppe_compress.o sha1.o arcfour.o
25 ifeq ($(CONFIG_ISDN_PPP),y)
26 obj-$(CONFIG_ISDN) += slhc.o
29 obj-$(CONFIG_PPP) += ppp_generic.o slhc.o
30 obj-$(CONFIG_PPP_ASYNC) += ppp_async.o
31 obj-$(CONFIG_PPP_SYNC_TTY) += ppp_synctty.o
32 +obj-$(CONFIG_PPP_MPPE) += ppp_mppe.o
33 obj-$(CONFIG_PPP_DEFLATE) += ppp_deflate.o
34 obj-$(CONFIG_PPP_BSDCOMP) += bsd_comp.o
35 obj-$(CONFIG_PPPOE) += pppox.o pppoe.o
36 diff -Nur linux-2.6.2.org/drivers/net/arcfour.c linux-2.6.2/drivers/net/arcfour.c
37 --- linux-2.6.2.org/drivers/net/arcfour.c 1970-01-01 00:00:00.000000000 +0000
38 +++ linux-2.6.2/drivers/net/arcfour.c 2003-07-07 02:25:13.000000000 +0000
42 + * by Frank Cusack <frank@google.com>
43 + * 100% public domain
45 + * Implemented from the description in _Applied Cryptography_, 2nd ed.
47 + * ** Distribution ** of this software is unlimited and unrestricted.
49 + * ** Use ** of this software is almost certainly legal; however, refer
50 + * to <http://theory.lcs.mit.edu/~rivest/faq.html>.
54 +#if defined(__linux__)
55 +#include <linux/string.h>
60 + unsigned char t = b; \
66 + * Initialize arcfour from a key.
69 +arcfour_setkey(arcfour_context *context, const unsigned char *key,
73 + unsigned char K[256];
75 + context->i = context->j = 0;
77 + for (i = 0; i < 256; i++) {
79 + K[i] = key[i % keylen];
83 + for (i = 0; i < 256; i++) {
84 + j = (j + context->S[i] + K[i]) % 256;
85 + swap(context->S[i], context->S[j]);
88 + memset(K, 0, sizeof(K));
92 + * plaintext -> ciphertext (or vice versa)
95 +arcfour_encrypt(arcfour_context *context, const unsigned char *in, unsigned len,
98 + unsigned i = context->i;
99 + unsigned j = context->j;
100 + unsigned char *S = context->S;
105 + j = (j + S[i]) % 256;
107 + K = S[(S[i] + S[j]) % 256];
108 + *out++ = *in++ ^ K;
115 diff -Nur linux-2.6.2.org/drivers/net/arcfour.h linux-2.6.2/drivers/net/arcfour.h
116 --- linux-2.6.2.org/drivers/net/arcfour.h 1970-01-01 00:00:00.000000000 +0000
117 +++ linux-2.6.2/drivers/net/arcfour.h 2002-04-02 07:01:37.000000000 +0000
127 + unsigned char S[256];
130 +extern void arcfour_setkey(arcfour_context *, const unsigned char *, unsigned);
131 +extern void arcfour_encrypt(arcfour_context *, const unsigned char *, unsigned,
133 +#define arcfour_decrypt arcfour_encrypt
135 +#endif /* _ARCFOUR_H */
136 diff -Nur linux-2.6.2.org/drivers/net/ppp_generic.c linux-2.6.2/drivers/net/ppp_generic.c
137 --- linux-2.6.2.org/drivers/net/ppp_generic.c 2004-02-04 03:44:44.000000000 +0000
138 +++ linux-2.6.2/drivers/net/ppp_generic.c 2004-02-05 10:33:41.000000000 +0000
140 spinlock_t rlock; /* lock for receive side 58 */
141 spinlock_t wlock; /* lock for transmit side 5c */
142 int mru; /* max receive unit 60 */
143 + int mru_alloc; /* MAX(1500,MRU) for dev_alloc_skb() */
144 unsigned int flags; /* control bits 64 */
145 unsigned int xstate; /* transmit state bits 68 */
146 unsigned int rstate; /* receive state bits 6c */
148 struct sock_fprog pass_filter; /* filter for packets to pass */
149 struct sock_fprog active_filter;/* filter for pkts to reset idle */
150 #endif /* CONFIG_PPP_FILTER */
151 + int xpad; /* ECP or CCP (MPPE) transmit padding */
157 if (get_user(val, (int *) arg))
160 + ppp->mru_alloc = ppp->mru = val;
161 + if (ppp->mru_alloc < PPP_MRU)
162 + ppp->mru_alloc = PPP_MRU; /* increase for broken peers */
166 @@ -1045,8 +1049,8 @@
167 /* try to do packet compression */
168 if ((ppp->xstate & SC_COMP_RUN) && ppp->xc_state != 0
169 && proto != PPP_LCP && proto != PPP_CCP) {
170 - new_skb = alloc_skb(ppp->dev->mtu + ppp->dev->hard_header_len,
172 + new_skb = alloc_skb(ppp->dev->mtu + ppp->dev->hard_header_len
173 + + ppp->xpad, GFP_ATOMIC);
175 printk(KERN_ERR "PPP: no memory (comp pkt)\n");
177 @@ -1058,15 +1062,28 @@
178 /* compressor still expects A/C bytes in hdr */
179 len = ppp->xcomp->compress(ppp->xc_state, skb->data - 2,
180 new_skb->data, skb->len + 2,
181 - ppp->dev->mtu + PPP_HDRLEN);
182 + ppp->dev->mtu + ppp->xpad
184 if (len > 0 && (ppp->flags & SC_CCP_UP)) {
188 skb_pull(skb, 2); /* pull off A/C bytes */
190 + } else if (len == 0) {
191 /* didn't compress, or CCP not up yet */
196 + * MPPE requires that we do not send unencrypted
197 + * frames. The compressor will return -1 if we
198 + * should drop the frame. We cannot simply test
199 + * the compress_proto because MPPE and MPPC share
202 + printk(KERN_ERR "ppp: compressor dropped pkt\n");
203 + kfree_skb(new_skb);
208 @@ -1571,14 +1588,15 @@
211 if (proto == PPP_COMP) {
212 - ns = dev_alloc_skb(ppp->mru + PPP_HDRLEN);
213 + ns = dev_alloc_skb(ppp->mru_alloc + PPP_HDRLEN);
215 printk(KERN_ERR "ppp_decompress_frame: no memory\n");
218 /* the decompressor still expects the A/C bytes in the hdr */
219 len = ppp->rcomp->decompress(ppp->rc_state, skb->data - 2,
220 - skb->len + 2, ns->data, ppp->mru + PPP_HDRLEN);
221 + skb->len + 2, ns->data,
222 + ppp->mru_alloc + PPP_HDRLEN);
224 /* Pass the compressed frame to pppd as an
226 @@ -1736,6 +1754,7 @@
227 struct sk_buff *head, *tail;
228 struct sk_buff *skb = NULL;
229 int lost = 0, len = 0;
230 + unsigned char ccp_option[CCP_MAX_OPTION_LENGTH];
232 if (ppp->mrru == 0) /* do nothing until mrru is set */
234 @@ -1824,6 +1843,20 @@
235 ++ppp->stats.rx_dropped;
236 ppp_receive_error(ppp);
238 + if (ccp_option[0] == CI_MPPE)
240 + * pppd (userland) has reduced the MTU by MPPE_PAD,
241 + * to accomodate "compressor" growth. We must
242 + * increase the space allocated for compressor
243 + * output in ppp_send_frame() accordingly. Note
244 + * that from a purist's view, it may be more correct
245 + * to require multilink and fragment large packets,
246 + * but that seems inefficient compared to this
249 + ppp->xpad = MPPE_PAD;
254 /* copy to a single skb */
255 @@ -2290,6 +2323,7 @@
256 /* Initialize the new ppp unit */
257 ppp->file.index = unit;
259 + ppp->mru_alloc = PPP_MRU;
260 init_ppp_file(&ppp->file, INTERFACE);
261 ppp->file.hdrlen = PPP_HDRLEN - 2; /* don't count proto bytes */
262 for (i = 0; i < NUM_NP; ++i)
263 diff -Nur linux-2.6.2.org/drivers/net/ppp_mppe_compress.c linux-2.6.2/drivers/net/ppp_mppe_compress.c
264 --- linux-2.6.2.org/drivers/net/ppp_mppe_compress.c 1970-01-01 00:00:00.000000000 +0000
265 +++ linux-2.6.2/drivers/net/ppp_mppe_compress.c 2003-03-06 23:55:15.000000000 +0000
268 + * ==FILEVERSION 20020521==
270 + * ppp_mppe_compress.c - interface MPPE to the PPP code.
271 + * This version is for use with Linux kernel 2.2.19+ and 2.4.x.
273 + * By Frank Cusack <frank@google.com>.
274 + * Copyright (c) 2002 Google, Inc.
275 + * All rights reserved.
277 + * Permission to use, copy, modify, and distribute this software and its
278 + * documentation is hereby granted, provided that the above copyright
279 + * notice appears in all copies. This software is provided without any
280 + * warranty, express or implied.
284 +#include <linux/module.h>
285 +#include <linux/kernel.h>
286 +#include <linux/init.h>
287 +#include <linux/types.h>
288 +#include <linux/slab.h>
289 +#include <linux/string.h>
291 +#include <linux/ppp_defs.h>
292 +#include <linux/ppp-comp.h>
294 +#include "arcfour.h"
298 + * State for an MPPE (de)compressor.
300 +typedef struct ppp_mppe_state {
301 + unsigned char master_key[MPPE_MAX_KEY_LEN];
302 + unsigned char session_key[MPPE_MAX_KEY_LEN];
303 + arcfour_context arcfour_context; /* encryption state */
304 + unsigned keylen; /* key length in bytes */
305 + /* NB: 128-bit == 16, 40-bit == 8! */
306 + /* If we want to support 56-bit, */
307 + /* the unit has to change to bits */
308 + unsigned char bits; /* MPPE control bits */
309 + unsigned ccount; /* 12-bit coherency count (seqno) */
310 + unsigned stateful; /* stateful mode flag */
311 + int discard; /* stateful mode packet loss flag */
312 + int sanity_errors; /* take down LCP if too many */
315 + struct compstat stats;
318 +/* ppp_mppe_state.bits definitions */
319 +#define MPPE_BIT_A 0x80 /* Encryption table were (re)inititalized */
320 +#define MPPE_BIT_B 0x40 /* MPPC only (not implemented) */
321 +#define MPPE_BIT_C 0x20 /* MPPC only (not implemented) */
322 +#define MPPE_BIT_D 0x10 /* This is an encrypted frame */
324 +#define MPPE_BIT_FLUSHED MPPE_BIT_A
325 +#define MPPE_BIT_ENCRYPTED MPPE_BIT_D
327 +#define MPPE_BITS(p) ((p)[4] & 0xf0)
328 +#define MPPE_CCOUNT(p) ((((p)[4] & 0x0f) << 8) + (p)[5])
329 +#define MPPE_CCOUNT_SPACE 0x1000 /* The size of the ccount space */
331 +#define MPPE_OVHD 2 /* MPPE overhead/packet */
332 +#define SANITY_MAX 1600 /* Max bogon factor we will tolerate */
334 +static void GetNewKeyFromSHA __P((unsigned char *StartKey,
335 + unsigned char *SessionKey,
336 + unsigned SessionKeyLength,
337 + unsigned char *InterimKey));
338 +static void mppe_rekey __P((ppp_mppe_state *state, int));
339 +static void *mppe_alloc __P((unsigned char *options, int optlen));
340 +static void mppe_free __P((void *state));
341 +static int mppe_init __P((void *state, unsigned char *options,
342 + int optlen, int unit, int debug, const char *));
343 +static int mppe_comp_init __P((void *state, unsigned char *options,
345 + int unit, int hdrlen, int debug));
346 +static int mppe_decomp_init __P((void *state, unsigned char *options,
347 + int optlen, int unit,
348 + int hdrlen, int mru, int debug));
349 +static int mppe_compress __P((void *state, unsigned char *ibuf,
350 + unsigned char *obuf,
351 + int isize, int osize));
352 +static void mppe_incomp __P((void *state, unsigned char *ibuf, int icnt));
353 +static int mppe_decompress __P((void *state, unsigned char *ibuf,
354 + int isize, unsigned char *obuf,int osize));
355 +static void mppe_comp_reset __P((void *state));
356 +static void mppe_decomp_reset __P((void *state));
357 +static void mppe_comp_stats __P((void *state, struct compstat *stats));
361 + * Key Derivation, from RFC 3078, RFC 3079.
362 + * Equivalent to Get_Key() for MS-CHAP as described in RFC 3079.
365 +GetNewKeyFromSHA(unsigned char *MasterKey, unsigned char *SessionKey,
366 + unsigned SessionKeyLength, unsigned char *InterimKey)
369 + unsigned char Digest[SHA1_SIGNATURE_SIZE];
371 + unsigned char SHApad1[40] =
372 + { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
373 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
374 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
375 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 };
376 + unsigned char SHApad2[40] =
377 + { 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2,
378 + 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2,
379 + 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2,
380 + 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2 };
382 + /* assert(SessionKeyLength <= SHA1_SIGNATURE_SIZE); */
384 + SHA1_Init(&Context);
385 + SHA1_Update(&Context, MasterKey, SessionKeyLength);
386 + SHA1_Update(&Context, SHApad1, sizeof(SHApad1));
387 + SHA1_Update(&Context, SessionKey, SessionKeyLength);
388 + SHA1_Update(&Context, SHApad2, sizeof(SHApad2));
389 + SHA1_Final(Digest, &Context);
391 + memcpy(InterimKey, Digest, SessionKeyLength);
395 + * Perform the MPPE rekey algorithm, from RFC 3078, sec. 7.3.
396 + * Well, not what's written there, but rather what they meant.
399 +mppe_rekey(ppp_mppe_state *state, int initial_key)
401 + unsigned char InterimKey[MPPE_MAX_KEY_LEN];
403 + GetNewKeyFromSHA(state->master_key, state->session_key,
404 + state->keylen, InterimKey);
405 + if (!initial_key) {
406 + arcfour_setkey(&state->arcfour_context, InterimKey, state->keylen);
407 + arcfour_encrypt(&state->arcfour_context, InterimKey, state->keylen,
408 + state->session_key);
410 + memcpy(state->session_key, InterimKey, state->keylen);
412 + if (state->keylen == 8) {
414 + state->session_key[0] = 0xd1;
415 + state->session_key[1] = 0x26;
416 + state->session_key[2] = 0x9e;
418 + arcfour_setkey(&state->arcfour_context, state->session_key, state->keylen);
423 + * Allocate space for a (de)compressor.
426 +mppe_alloc(unsigned char *options, int optlen)
428 + ppp_mppe_state *state;
430 + if (optlen != CILEN_MPPE + sizeof(state->master_key)
431 + || options[0] != CI_MPPE
432 + || options[1] != CILEN_MPPE)
435 + state = (ppp_mppe_state *) kmalloc(sizeof(*state), GFP_KERNEL);
440 + memset(state, 0, sizeof(*state));
443 + memcpy(state->master_key, &options[CILEN_MPPE], sizeof(state->master_key));
444 + memcpy(state->session_key, state->master_key, sizeof(state->master_key));
446 + * We defer initial key generation until mppe_init(), as mppe_alloc()
447 + * is called frequently during negotiation.
450 + return (void *) state;
454 + * Deallocate space for a (de)compressor.
457 +mppe_free(void *arg)
459 + ppp_mppe_state *state = (ppp_mppe_state *) arg;
469 + * Initialize (de)compressor state.
472 +mppe_init(void *arg, unsigned char *options, int optlen, int unit, int debug,
473 + const char *debugstr)
475 + ppp_mppe_state *state = (ppp_mppe_state *) arg;
476 + unsigned char mppe_opts;
478 + if (optlen != CILEN_MPPE
479 + || options[0] != CI_MPPE
480 + || options[1] != CILEN_MPPE)
483 + MPPE_CI_TO_OPTS(&options[2], mppe_opts);
484 + if (mppe_opts & MPPE_OPT_128)
485 + state->keylen = 16;
486 + else if (mppe_opts & MPPE_OPT_40)
489 + printk(KERN_WARNING "%s[%d]: unknown key length\n", debugstr, unit);
492 + if (mppe_opts & MPPE_OPT_STATEFUL)
493 + state->stateful = 1;
495 + /* Generate the initial session key. */
496 + mppe_rekey(state, 1);
500 + char mkey[sizeof(state->master_key) * 2 + 1];
501 + char skey[sizeof(state->session_key) * 2 + 1];
503 + printk(KERN_DEBUG "%s[%d]: initialized with %d-bit %s mode\n", debugstr,
504 + unit, (state->keylen == 16)? 128: 40,
505 + (state->stateful)? "stateful": "stateless");
507 + for (i = 0; i < sizeof(state->master_key); i++)
508 + sprintf(mkey + i * 2, "%.2x", state->master_key[i]);
509 + for (i = 0; i < sizeof(state->session_key); i++)
510 + sprintf(skey + i * 2, "%.2x", state->session_key[i]);
511 + printk(KERN_DEBUG "%s[%d]: keys: master: %s initial session: %s\n",
512 + debugstr, unit, mkey, skey);
516 + * Initialize the coherency count. The initial value is not specified
517 + * in RFC 3078, but we can make a reasonable assumption that it will
518 + * start at 0. Setting it to the max here makes the comp/decomp code
519 + * do the right thing (determined through experiment).
521 + state->ccount = MPPE_CCOUNT_SPACE - 1;
524 + * Note that even though we have initialized the key table, we don't
525 + * set the FLUSHED bit. This is contrary to RFC 3078, sec. 3.1.
527 + state->bits = MPPE_BIT_ENCRYPTED;
529 + state->unit = unit;
530 + state->debug = debug;
538 +mppe_comp_init(void *arg, unsigned char *options, int optlen, int unit,
539 + int hdrlen, int debug)
542 + return mppe_init(arg, options, optlen, unit, debug, "mppe_comp_init");
546 + * We received a CCP Reset-Request (actually, we are sending a Reset-Ack),
547 + * tell the compressor to rekey. Note that we MUST NOT rekey for
548 + * every CCP Reset-Request; we only rekey on the next xmit packet.
549 + * We might get multiple CCP Reset-Requests if our CCP Reset-Ack is lost.
550 + * So, rekeying for every CCP Reset-Request is broken as the peer will not
551 + * know how many times we've rekeyed. (If we rekey and THEN get another
552 + * CCP Reset-Request, we must rekey again.)
555 +mppe_comp_reset(void *arg)
557 + ppp_mppe_state *state = (ppp_mppe_state *) arg;
559 + state->bits |= MPPE_BIT_FLUSHED;
563 + * Compress (encrypt) a packet.
564 + * It's strange to call this a compressor, since the output is always
565 + * MPPE_OVHD + 2 bytes larger than the input.
568 +mppe_compress(void *arg, unsigned char *ibuf, unsigned char *obuf,
569 + int isize, int osize)
571 + ppp_mppe_state *state = (ppp_mppe_state *) arg;
575 + * Check that the protocol is in the range we handle.
577 + proto = PPP_PROTOCOL(ibuf);
578 + if (proto < 0x0021 || proto > 0x00fa)
581 + /* Make sure we have enough room to generate an encrypted packet. */
582 + if (osize < isize + MPPE_OVHD + 2) {
583 + /* Drop the packet if we should encrypt it, but can't. */
584 + printk(KERN_DEBUG "mppe_compress[%d]: osize too small! "
585 + "(have: %d need: %d)\n", state->unit,
586 + osize, osize + MPPE_OVHD + 2);
590 + osize = isize + MPPE_OVHD + 2;
593 + * Copy over the PPP header and set control bits.
595 + obuf[0] = PPP_ADDRESS(ibuf);
596 + obuf[1] = PPP_CONTROL(ibuf);
597 + obuf[2] = PPP_COMP >> 8; /* isize + MPPE_OVHD + 1 */
598 + obuf[3] = PPP_COMP; /* isize + MPPE_OVHD + 2 */
599 + obuf += PPP_HDRLEN;
601 + state->ccount = (state->ccount + 1) % MPPE_CCOUNT_SPACE;
602 + if (state->debug >= 7)
603 + printk(KERN_DEBUG "mppe_compress[%d]: ccount %d\n", state->unit,
605 + obuf[0] = state->ccount >> 8;
606 + obuf[1] = state->ccount & 0xff;
608 + if (!state->stateful || /* stateless mode */
609 + ((state->ccount & 0xff) == 0xff) || /* "flag" packet */
610 + (state->bits & MPPE_BIT_FLUSHED)) { /* CCP Reset-Request */
611 + /* We must rekey */
612 + if (state->debug && state->stateful)
613 + printk(KERN_DEBUG "mppe_compress[%d]: rekeying\n", state->unit);
614 + mppe_rekey(state, 0);
615 + state->bits |= MPPE_BIT_FLUSHED;
617 + obuf[0] |= state->bits;
618 + state->bits &= ~MPPE_BIT_FLUSHED; /* reset for next xmit */
621 + ibuf += 2; /* skip to proto field */
624 + /* Encrypt packet */
625 + arcfour_encrypt(&state->arcfour_context, ibuf, isize, obuf);
627 + state->stats.unc_bytes += isize;
628 + state->stats.unc_packets++;
629 + state->stats.comp_bytes += osize;
630 + state->stats.comp_packets++;
636 + * Since every frame grows by MPPE_OVHD + 2 bytes, this is always going
637 + * to look bad ... and the longer the link is up the worse it will get.
640 +mppe_comp_stats(void *arg, struct compstat *stats)
642 + ppp_mppe_state *state = (ppp_mppe_state *) arg;
644 + *stats = state->stats;
649 +mppe_decomp_init(void *arg, unsigned char *options, int optlen, int unit,
650 + int hdrlen, int mru, int debug)
653 + return mppe_init(arg, options, optlen, unit, debug, "mppe_decomp_init");
657 + * We received a CCP Reset-Ack. Just ignore it.
660 +mppe_decomp_reset(void *arg)
667 + * Decompress (decrypt) an MPPE packet.
670 +mppe_decompress(void *arg, unsigned char *ibuf, int isize, unsigned char *obuf,
673 + ppp_mppe_state *state = (ppp_mppe_state *) arg;
675 + int flushed = MPPE_BITS(ibuf) & MPPE_BIT_FLUSHED;
678 + if (isize <= PPP_HDRLEN + MPPE_OVHD) {
680 + printk(KERN_DEBUG "mppe_decompress[%d]: short pkt (%d)\n",
681 + state->unit, isize);
682 + return DECOMP_ERROR;
685 + /* Make sure we have enough room to decrypt the packet. */
686 + if (osize < isize - MPPE_OVHD - 2) {
687 + printk(KERN_DEBUG "mppe_decompress[%d]: osize too small! "
688 + "(have: %d need: %d)\n", state->unit,
689 + osize, isize - MPPE_OVHD - 2);
690 + return DECOMP_ERROR;
692 + osize = isize - MPPE_OVHD - 2;
694 + ccount = MPPE_CCOUNT(ibuf);
695 + if (state->debug >= 7)
696 + printk(KERN_DEBUG "mppe_decompress[%d]: ccount %d\n", state->unit,
699 + /* sanity checks -- terminate with extreme prejudice */
700 + if (!(MPPE_BITS(ibuf) & MPPE_BIT_ENCRYPTED)) {
701 + printk(KERN_DEBUG "mppe_decompress[%d]: ENCRYPTED bit not set!\n",
703 + state->sanity_errors += 100;
706 + if (!state->stateful && !flushed) {
707 + printk(KERN_DEBUG "mppe_decompress[%d]: FLUSHED bit not set in "
708 + "stateless mode!\n", state->unit);
709 + state->sanity_errors += 100;
712 + if (state->stateful && ((ccount & 0xff) == 0xff) && !flushed) {
713 + printk(KERN_DEBUG "mppe_decompress[%d]: FLUSHED bit not set on "
714 + "flag packet!\n", state->unit);
715 + state->sanity_errors += 100;
720 + if (state->sanity_errors < SANITY_MAX)
721 + return DECOMP_ERROR;
724 + * Take LCP down if the peer is sending too many bogons.
725 + * We don't want to do this for a single or just a few
726 + * instances since it could just be due to packet corruption.
728 + return DECOMP_FATALERROR;
732 + * Check the coherency count.
735 + if (!state->stateful) {
736 + /* RFC 3078, sec 8.1. Rekey for every packet. */
737 + while (state->ccount != ccount) {
738 + mppe_rekey(state, 0);
739 + state->ccount = (state->ccount + 1) % MPPE_CCOUNT_SPACE;
742 + /* RFC 3078, sec 8.2. */
743 + if (!state->discard) {
745 + state->ccount = (state->ccount + 1) % MPPE_CCOUNT_SPACE;
746 + if (ccount != state->ccount) {
748 + * (ccount > state->ccount)
749 + * Packet loss detected, enter the discard state.
750 + * Signal the peer to rekey (by sending a CCP Reset-Request).
752 + state->discard = 1;
753 + return DECOMP_ERROR;
756 + /* discard state */
758 + /* ccp.c will be silent (no additional CCP Reset-Requests). */
759 + return DECOMP_ERROR;
761 + /* Rekey for every missed "flag" packet. */
762 + while ((ccount & ~0xff) != (state->ccount & ~0xff)) {
763 + mppe_rekey(state, 0);
764 + state->ccount = (state->ccount + 256) % MPPE_CCOUNT_SPACE;
768 + state->discard = 0;
769 + state->ccount = ccount;
771 + * Another problem with RFC 3078 here. It implies that the
772 + * peer need not send a Reset-Ack packet. But RFC 1962
773 + * requires it. Hopefully, M$ does send a Reset-Ack; even
774 + * though it isn't required for MPPE synchronization, it is
775 + * required to reset CCP state.
780 + mppe_rekey(state, 0);
784 + * Fill in the first part of the PPP header. The protocol field
785 + * comes from the decrypted data.
787 + obuf[0] = PPP_ADDRESS(ibuf); /* +1 */
788 + obuf[1] = PPP_CONTROL(ibuf); /* +1 */
790 + ibuf += PPP_HDRLEN + MPPE_OVHD;
791 + isize -= PPP_HDRLEN + MPPE_OVHD; /* -6 */
792 + /* net osize: isize-4 */
794 + /* And finally, decrypt the packet. */
795 + arcfour_decrypt(&state->arcfour_context, ibuf, isize, obuf);
797 + state->stats.unc_bytes += osize;
798 + state->stats.unc_packets++;
799 + state->stats.comp_bytes += isize;
800 + state->stats.comp_packets++;
802 + /* good packet credit */
803 + state->sanity_errors >>= 1;
809 + * Incompressible data has arrived (this should never happen!).
810 + * We should probably drop the link if the protocol is in the range
811 + * of what should be encrypted. At the least, we should drop this
812 + * packet. (How to do this?)
815 +mppe_incomp(void *arg, unsigned char *ibuf, int icnt)
817 + ppp_mppe_state *state = (ppp_mppe_state *) arg;
819 + if (state->debug &&
820 + (PPP_PROTOCOL(ibuf) >= 0x0021 && PPP_PROTOCOL(ibuf) <= 0x00fa))
821 + printk(KERN_DEBUG "mppe_incomp[%d]: incompressible (unencrypted) data! "
822 + "(proto %04x)\n", state->unit, PPP_PROTOCOL(ibuf));
824 + state->stats.inc_bytes += icnt;
825 + state->stats.inc_packets++;
826 + state->stats.unc_bytes += icnt;
827 + state->stats.unc_packets++;
830 +/*************************************************************
831 + * Module interface table
832 + *************************************************************/
834 +/* These are in ppp.c (2.2.x) or ppp_generic.c (2.4.x) */
835 +extern int ppp_register_compressor (struct compressor *cp);
836 +extern void ppp_unregister_compressor (struct compressor *cp);
839 + * Procedures exported to if_ppp.c.
841 +struct compressor ppp_mppe = {
842 + CI_MPPE, /* compress_proto */
843 + mppe_alloc, /* comp_alloc */
844 + mppe_free, /* comp_free */
845 + mppe_comp_init, /* comp_init */
846 + mppe_comp_reset, /* comp_reset */
847 + mppe_compress, /* compress */
848 + mppe_comp_stats, /* comp_stat */
849 + mppe_alloc, /* decomp_alloc */
850 + mppe_free, /* decomp_free */
851 + mppe_decomp_init, /* decomp_init */
852 + mppe_decomp_reset, /* decomp_reset */
853 + mppe_decompress, /* decompress */
854 + mppe_incomp, /* incomp */
855 + mppe_comp_stats, /* decomp_stat */
858 +/* 2.2 compatibility defines */
865 +#ifndef MODULE_LICENSE
866 +#define MODULE_LICENSE(license)
872 + int answer = ppp_register_compressor(&ppp_mppe);
875 + printk(KERN_INFO "PPP MPPE Compression module registered\n");
880 +ppp_mppe_cleanup(void)
882 + ppp_unregister_compressor(&ppp_mppe);
885 +module_init(ppp_mppe_init);
886 +module_exit(ppp_mppe_cleanup);
887 +MODULE_LICENSE("BSD without advertisement clause");
888 diff -Nur linux-2.6.2.org/drivers/net/sha1.c linux-2.6.2/drivers/net/sha1.c
889 --- linux-2.6.2.org/drivers/net/sha1.c 1970-01-01 00:00:00.000000000 +0000
890 +++ linux-2.6.2/drivers/net/sha1.c 2003-07-07 02:25:13.000000000 +0000
893 + * ftp://ftp.funet.fi/pub/crypt/hash/sha/sha1.c
896 + * By Steve Reid <steve@edmweb.com>
897 + * 100% Public Domain
899 + * Test Vectors (from FIPS PUB 180-1)
901 + * A9993E36 4706816A BA3E2571 7850C26C 9CD0D89D
902 + * "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq"
903 + * 84983E44 1C3BD26E BAAE4AA1 F95129E5 E54670F1
904 + * A million repetitions of "a"
905 + * 34AA973C D4C4DAA4 F61EEB2B DBAD2731 6534016F
908 +/* #define SHA1HANDSOFF * Copies data before messing with it. */
910 +#if defined(__linux__)
911 +#include <asm/byteorder.h>
912 +#include <linux/string.h>
913 +#elif defined(__solaris__)
914 +#include <sys/isa_defs.h>
915 +#include <sys/ddi.h>
916 +#include <sys/sunddi.h>
917 +#define memcpy(d, s, c) bcopy(s, d, c)
918 +#define memset(d, b, c) bzero(d, c)
923 +static void SHA1_Transform(unsigned long[5], const unsigned char[64]);
925 +#define rol(value, bits) (((value) << (bits)) | ((value) >> (32 - (bits))))
927 +/* blk0() and blk() perform the initial expand. */
928 +/* I got the idea of expanding during the round function from SSLeay */
929 +#if defined(__LITTLE_ENDIAN) || defined(_LITTLE_ENDIAN)
930 +#define blk0(i) (block->l[i] = (rol(block->l[i],24)&0xFF00FF00) \
931 + |(rol(block->l[i],8)&0x00FF00FF))
932 +#elif defined(__BIG_ENDIAN) || defined(_BIG_ENDIAN)
933 +#define blk0(i) block->l[i]
935 +#error Endianness not defined
937 +#define blk(i) (block->l[i&15] = rol(block->l[(i+13)&15]^block->l[(i+8)&15] \
938 + ^block->l[(i+2)&15]^block->l[i&15],1))
940 +/* (R0+R1), R2, R3, R4 are the different operations used in SHA1 */
941 +#define R0(v,w,x,y,z,i) z+=((w&(x^y))^y)+blk0(i)+0x5A827999+rol(v,5);w=rol(w,30);
942 +#define R1(v,w,x,y,z,i) z+=((w&(x^y))^y)+blk(i)+0x5A827999+rol(v,5);w=rol(w,30);
943 +#define R2(v,w,x,y,z,i) z+=(w^x^y)+blk(i)+0x6ED9EBA1+rol(v,5);w=rol(w,30);
944 +#define R3(v,w,x,y,z,i) z+=(((w|x)&y)|(w&x))+blk(i)+0x8F1BBCDC+rol(v,5);w=rol(w,30);
945 +#define R4(v,w,x,y,z,i) z+=(w^x^y)+blk(i)+0xCA62C1D6+rol(v,5);w=rol(w,30);
948 +/* Hash a single 512-bit block. This is the core of the algorithm. */
951 +SHA1_Transform(unsigned long state[5], const unsigned char buffer[64])
953 + unsigned long a, b, c, d, e;
955 + unsigned char c[64];
956 + unsigned long l[16];
958 + CHAR64LONG16 *block;
961 + static unsigned char workspace[64];
962 + block = (CHAR64LONG16 *) workspace;
963 + memcpy(block, buffer, 64);
965 + block = (CHAR64LONG16 *) buffer;
967 + /* Copy context->state[] to working vars */
973 + /* 4 rounds of 20 operations each. Loop unrolled. */
974 + R0(a,b,c,d,e, 0); R0(e,a,b,c,d, 1); R0(d,e,a,b,c, 2); R0(c,d,e,a,b, 3);
975 + R0(b,c,d,e,a, 4); R0(a,b,c,d,e, 5); R0(e,a,b,c,d, 6); R0(d,e,a,b,c, 7);
976 + R0(c,d,e,a,b, 8); R0(b,c,d,e,a, 9); R0(a,b,c,d,e,10); R0(e,a,b,c,d,11);
977 + R0(d,e,a,b,c,12); R0(c,d,e,a,b,13); R0(b,c,d,e,a,14); R0(a,b,c,d,e,15);
978 + R1(e,a,b,c,d,16); R1(d,e,a,b,c,17); R1(c,d,e,a,b,18); R1(b,c,d,e,a,19);
979 + R2(a,b,c,d,e,20); R2(e,a,b,c,d,21); R2(d,e,a,b,c,22); R2(c,d,e,a,b,23);
980 + R2(b,c,d,e,a,24); R2(a,b,c,d,e,25); R2(e,a,b,c,d,26); R2(d,e,a,b,c,27);
981 + R2(c,d,e,a,b,28); R2(b,c,d,e,a,29); R2(a,b,c,d,e,30); R2(e,a,b,c,d,31);
982 + R2(d,e,a,b,c,32); R2(c,d,e,a,b,33); R2(b,c,d,e,a,34); R2(a,b,c,d,e,35);
983 + R2(e,a,b,c,d,36); R2(d,e,a,b,c,37); R2(c,d,e,a,b,38); R2(b,c,d,e,a,39);
984 + R3(a,b,c,d,e,40); R3(e,a,b,c,d,41); R3(d,e,a,b,c,42); R3(c,d,e,a,b,43);
985 + R3(b,c,d,e,a,44); R3(a,b,c,d,e,45); R3(e,a,b,c,d,46); R3(d,e,a,b,c,47);
986 + R3(c,d,e,a,b,48); R3(b,c,d,e,a,49); R3(a,b,c,d,e,50); R3(e,a,b,c,d,51);
987 + R3(d,e,a,b,c,52); R3(c,d,e,a,b,53); R3(b,c,d,e,a,54); R3(a,b,c,d,e,55);
988 + R3(e,a,b,c,d,56); R3(d,e,a,b,c,57); R3(c,d,e,a,b,58); R3(b,c,d,e,a,59);
989 + R4(a,b,c,d,e,60); R4(e,a,b,c,d,61); R4(d,e,a,b,c,62); R4(c,d,e,a,b,63);
990 + R4(b,c,d,e,a,64); R4(a,b,c,d,e,65); R4(e,a,b,c,d,66); R4(d,e,a,b,c,67);
991 + R4(c,d,e,a,b,68); R4(b,c,d,e,a,69); R4(a,b,c,d,e,70); R4(e,a,b,c,d,71);
992 + R4(d,e,a,b,c,72); R4(c,d,e,a,b,73); R4(b,c,d,e,a,74); R4(a,b,c,d,e,75);
993 + R4(e,a,b,c,d,76); R4(d,e,a,b,c,77); R4(c,d,e,a,b,78); R4(b,c,d,e,a,79);
994 + /* Add the working vars back into context.state[] */
1000 + /* Wipe variables */
1001 + a = b = c = d = e = 0;
1005 +/* SHA1Init - Initialize new context */
1008 +SHA1_Init(SHA1_CTX *context)
1010 + /* SHA1 initialization constants */
1011 + context->state[0] = 0x67452301;
1012 + context->state[1] = 0xEFCDAB89;
1013 + context->state[2] = 0x98BADCFE;
1014 + context->state[3] = 0x10325476;
1015 + context->state[4] = 0xC3D2E1F0;
1016 + context->count[0] = context->count[1] = 0;
1020 +/* Run your data through this. */
1023 +SHA1_Update(SHA1_CTX *context, const unsigned char *data, unsigned int len)
1025 + unsigned int i, j;
1027 + j = (context->count[0] >> 3) & 63;
1028 + if ((context->count[0] += len << 3) < (len << 3)) context->count[1]++;
1029 + context->count[1] += (len >> 29);
1030 + if ((j + len) > 63) {
1031 + memcpy(&context->buffer[j], data, (i = 64-j));
1032 + SHA1_Transform(context->state, context->buffer);
1033 + for ( ; i + 63 < len; i += 64) {
1034 + SHA1_Transform(context->state, &data[i]);
1041 + memcpy(&context->buffer[j], &data[i], len - i);
1045 +/* Add padding and return the message digest. */
1048 +SHA1_Final(unsigned char digest[20], SHA1_CTX *context)
1050 + unsigned long i, j;
1051 + unsigned char finalcount[8];
1053 + for (i = 0; i < 8; i++) {
1054 + finalcount[i] = (unsigned char)((context->count[(i >= 4 ? 0 : 1)]
1055 + >> ((3-(i & 3)) * 8) ) & 255); /* Endian independent */
1057 + SHA1_Update(context, (unsigned char *) "\200", 1);
1058 + while ((context->count[0] & 504) != 448) {
1059 + SHA1_Update(context, (unsigned char *) "\0", 1);
1061 + SHA1_Update(context, finalcount, 8); /* Should cause a SHA1Transform() */
1062 + for (i = 0; i < 20; i++) {
1063 + digest[i] = (unsigned char)
1064 + ((context->state[i>>2] >> ((3-(i & 3)) * 8) ) & 255);
1066 + /* Wipe variables */
1068 + memset(context->buffer, 0, 64);
1069 + memset(context->state, 0, 20);
1070 + memset(context->count, 0, 8);
1071 + memset(&finalcount, 0, 8);
1072 +#ifdef SHA1HANDSOFF /* make SHA1Transform overwrite it's own static vars */
1073 + SHA1Transform(context->state, context->buffer);
1077 diff -Nur linux-2.6.2.org/drivers/net/sha1.h linux-2.6.2/drivers/net/sha1.h
1078 --- linux-2.6.2.org/drivers/net/sha1.h 1970-01-01 00:00:00.000000000 +0000
1079 +++ linux-2.6.2/drivers/net/sha1.h 2002-04-02 07:01:37.000000000 +0000
1087 + unsigned long state[5];
1088 + unsigned long count[2];
1089 + unsigned char buffer[64];
1092 +#define SHA1_SIGNATURE_SIZE 20
1094 +extern void SHA1_Init(SHA1_CTX *);
1095 +extern void SHA1_Update(SHA1_CTX *, const unsigned char *, unsigned int);
1096 +extern void SHA1_Final(unsigned char[SHA1_SIGNATURE_SIZE], SHA1_CTX *);
1098 +#endif /* _SHA1_H */
1099 diff -Nur linux-2.6.2.org/include/linux/ppp-comp.h linux-2.6.2/include/linux/ppp-comp.h
1100 --- linux-2.6.2.org/include/linux/ppp-comp.h 2004-02-04 03:43:03.000000000 +0000
1101 +++ linux-2.6.2/include/linux/ppp-comp.h 2004-02-05 09:48:34.000000000 +0000
1102 @@ -191,6 +191,100 @@
1103 #define DEFLATE_CHK_SEQUENCE 0
1106 + * Definitions for MPPE.
1109 +#define CI_MPPE 18 /* config option for MPPE */
1110 +#define CILEN_MPPE 6 /* length of config option */
1112 +#define MPPE_PAD 4 /* MPPE growth per frame */
1113 +#define MPPE_MAX_KEY_LEN 16 /* largest key length (128-bit) */
1115 +/* option bits for ccp_options.mppe */
1116 +#define MPPE_OPT_40 0x01 /* 40 bit */
1117 +#define MPPE_OPT_128 0x02 /* 128 bit */
1118 +#define MPPE_OPT_STATEFUL 0x04 /* stateful mode */
1119 +/* unsupported opts */
1120 +#define MPPE_OPT_56 0x08 /* 56 bit */
1121 +#define MPPE_OPT_MPPC 0x10 /* MPPC compression */
1122 +#define MPPE_OPT_D 0x20 /* Unknown */
1123 +#define MPPE_OPT_UNSUPPORTED (MPPE_OPT_56|MPPE_OPT_MPPC|MPPE_OPT_D)
1124 +#define MPPE_OPT_UNKNOWN 0x40 /* Bits !defined in RFC 3078 were set */
1127 + * This is not nice ... the alternative is a bitfield struct though.
1128 + * And unfortunately, we cannot share the same bits for the option
1129 + * names above since C and H are the same bit. We could do a u_int32
1130 + * but then we have to do a htonl() all the time and/or we still need
1131 + * to know which octet is which.
1133 +#define MPPE_C_BIT 0x01 /* MPPC */
1134 +#define MPPE_D_BIT 0x10 /* Obsolete, usage unknown */
1135 +#define MPPE_L_BIT 0x20 /* 40-bit */
1136 +#define MPPE_S_BIT 0x40 /* 128-bit */
1137 +#define MPPE_M_BIT 0x80 /* 56-bit, not supported */
1138 +#define MPPE_H_BIT 0x01 /* Stateless (in a different byte) */
1140 +/* Does not include H bit; used for least significant octet only. */
1141 +#define MPPE_ALL_BITS (MPPE_D_BIT|MPPE_L_BIT|MPPE_S_BIT|MPPE_M_BIT|MPPE_H_BIT)
1143 +/* Build a CI from mppe opts (see RFC 3078) */
1144 +#define MPPE_OPTS_TO_CI(opts, ci) \
1146 + u_char *ptr = ci; /* u_char[4] */ \
1149 + if (opts & MPPE_OPT_STATEFUL) \
1152 + *ptr++ = MPPE_H_BIT; \
1158 + if (opts & MPPE_OPT_128) \
1159 + *ptr |= MPPE_S_BIT; \
1160 + if (opts & MPPE_OPT_40) \
1161 + *ptr |= MPPE_L_BIT; \
1162 + /* M,D,C bits not supported */ \
1163 + } while (/* CONSTCOND */ 0)
1165 +/* The reverse of the above */
1166 +#define MPPE_CI_TO_OPTS(ci, opts) \
1168 + u_char *ptr = ci; /* u_char[4] */ \
1173 + if (!(ptr[0] & MPPE_H_BIT)) \
1174 + opts |= MPPE_OPT_STATEFUL; \
1177 + if (ptr[3] & MPPE_S_BIT) \
1178 + opts |= MPPE_OPT_128; \
1179 + if (ptr[3] & MPPE_L_BIT) \
1180 + opts |= MPPE_OPT_40; \
1182 + /* M,D,C bits */ \
1183 + if (ptr[3] & MPPE_M_BIT) \
1184 + opts |= MPPE_OPT_56; \
1185 + if (ptr[3] & MPPE_D_BIT) \
1186 + opts |= MPPE_OPT_D; \
1187 + if (ptr[3] & MPPE_C_BIT) \
1188 + opts |= MPPE_OPT_MPPC; \
1190 + /* Other bits */ \
1191 + if (ptr[0] & ~MPPE_H_BIT) \
1192 + opts |= MPPE_OPT_UNKNOWN; \
1193 + if (ptr[1] || ptr[2]) \
1194 + opts |= MPPE_OPT_UNKNOWN; \
1195 + if (ptr[3] & ~MPPE_ALL_BITS) \
1196 + opts |= MPPE_OPT_UNKNOWN; \
1197 + } while (/* CONSTCOND */ 0)
1200 * Definitions for other, as yet unsupported, compression methods.