1 diff -urN linux.orig/drivers/net/Makefile linux/drivers/net/Makefile
2 --- linux.orig/drivers/net/Makefile Tue Jun 11 19:39:20 2002
3 +++ linux/drivers/net/Makefile Wed Jul 31 12:41:10 2002
5 CONFIG_BSDCOMP_MODULE :=
6 CONFIG_PPPDEF_BUILTIN :=
7 CONFIG_PPPDEF_MODULE :=
8 +CONFIG_PPPMPPE_BUILTIN :=
9 +CONFIG_PPPMPPE_MODULE :=
10 CONFIG_7990_BUILTIN :=
12 CONFIG_82596_BUILTIN :=
14 CONFIG_BSDCOMP_BUILTIN = y
15 CONFIG_SLHC_BUILTIN = y
16 CONFIG_PPPDEF_BUILTIN = y
17 + CONFIG_PPPMPPE_BUILTIN = y
20 ifeq ($(CONFIG_ISDN),m)
22 CONFIG_BSDCOMP_MODULE = y
23 CONFIG_SLHC_MODULE = y
24 CONFIG_PPPDEF_MODULE = y
25 + CONFIG_PPPMPPE_MODULE = y
30 CONFIG_BSDCOMP_BUILTIN = y
31 CONFIG_SLHC_BUILTIN = y
32 CONFIG_PPPDEF_BUILTIN = y
33 +CONFIG_PPPMPPE_BUILTIN = y
35 ifeq ($(CONFIG_PPP),m)
36 CONFIG_BSDCOMP_MODULE = y
37 CONFIG_SLHC_MODULE = y
38 CONFIG_PPPDEF_MODULE = y
39 + CONFIG_PPPMPPE_MODULE = y
43 @@ -1110,6 +1116,17 @@
47 +# If anything built-in uses ppp_mppe, then build it into the kernel also.
48 +# If not, but a module uses it, build as a module.
49 +ifdef CONFIG_PPPMPPE_BUILTIN
50 +L_OBJS += ppp_mppe_compress.o arcfour.o sha1.o
52 + ifdef CONFIG_PPPMPPE_MODULE
53 + PPPMPPE_OBJS = ppp_mppe_compress.o arcfour.o sha1.o
54 + M_OBJS += ppp_mppe.o
58 ifeq ($(CONFIG_ARIADNE2),y)
60 CONFIG_8390_BUILTIN = y
63 rcpci.o: rcpci45.o rclanmtl.o
64 $(LD) -r -o rcpci.o rcpci45.o rclanmtl.o
66 +ppp_mppe.o: $(PPPMPPE_OBJS)
67 + $(LD) -r -o $@ $(PPPMPPE_OBJS)
68 diff -urN linux.orig/drivers/net/arcfour.c linux/drivers/net/arcfour.c
69 --- linux.orig/drivers/net/arcfour.c Thu Jan 1 01:00:00 1970
70 +++ linux/drivers/net/arcfour.c Wed Jul 31 12:41:00 2002
74 + * by Frank Cusack <frank@google.com>
75 + * 100% public domain
77 + * Implemented from the description in _Applied Cryptography_, 2nd ed.
79 + * ** Distribution ** of this software is unlimited and unrestricted.
81 + * ** Use ** of this software is almost certainly legal; however, refer
82 + * to <http://theory.lcs.mit.edu/~rivest/faq.html>.
89 + unsigned char t = b; \
95 + * Initialize arcfour from a key.
98 +arcfour_setkey(arcfour_context *context, const unsigned char *key,
102 + unsigned char K[256];
104 + context->i = context->j = 0;
106 + for (i = 0; i < 256; i++) {
108 + K[i] = key[i % keylen];
112 + for (i = 0; i < 256; i++) {
113 + j = (j + context->S[i] + K[i]) % 256;
114 + swap(context->S[i], context->S[j]);
117 + memset(K, 0, sizeof(K));
121 + * plaintext -> ciphertext (or vice versa)
124 +arcfour_encrypt(arcfour_context *context, const unsigned char *in, unsigned len,
125 + unsigned char *out)
127 + unsigned i = context->i;
128 + unsigned j = context->j;
129 + unsigned char *S = context->S;
134 + j = (j + S[i]) % 256;
136 + K = S[(S[i] + S[j]) % 256];
137 + *out++ = *in++ ^ K;
144 diff -urN linux.orig/drivers/net/arcfour.h linux/drivers/net/arcfour.h
145 --- linux.orig/drivers/net/arcfour.h Thu Jan 1 01:00:00 1970
146 +++ linux/drivers/net/arcfour.h Wed Jul 31 12:41:00 2002
156 + unsigned char S[256];
159 +extern void arcfour_setkey(arcfour_context *, const unsigned char *, unsigned);
160 +extern void arcfour_encrypt(arcfour_context *, const unsigned char *, unsigned,
162 +#define arcfour_decrypt arcfour_encrypt
164 +#endif /* _ARCFOUR_H */
165 diff -urN linux.orig/drivers/net/ppp.c linux/drivers/net/ppp.c
166 --- linux.orig/drivers/net/ppp.c Sun Mar 25 18:31:15 2001
167 +++ linux/drivers/net/ppp.c Wed Jul 31 12:41:13 2002
168 @@ -2468,10 +2468,14 @@
169 (proto != PPP_LCP) &&
170 (proto != PPP_CCP)) {
171 struct sk_buff *new_skb;
172 + int new_skb_size = ppp->mtu + PPP_HDRLEN;
175 /* Allocate an skb for the compressed frame. */
176 - new_skb = alloc_skb(ppp->mtu + PPP_HDRLEN, GFP_ATOMIC);
177 + if (ppp->sc_xcomp->compress_proto == CI_MPPE)
178 + /* CCP [must have] reduced MTU by MPPE_PAD. */
179 + new_skb_size += MPPE_PAD;
180 + new_skb = alloc_skb(new_skb_size, GFP_ATOMIC);
181 if (new_skb == NULL) {
182 printk(KERN_ERR "ppp_send_frame: no memory\n");
184 @@ -2482,19 +2486,32 @@
185 /* Compress the frame. */
186 new_count = (*ppp->sc_xcomp->compress)
187 (ppp->sc_xc_state, data, new_skb->data,
188 - count, ppp->mtu + PPP_HDRLEN);
189 + count, new_skb_size);
191 /* Did it compress? */
192 if (new_count > 0 && (ppp->flags & SC_CCP_UP)) {
193 skb_put(new_skb, new_count);
197 + } else if (new_count == 0) {
199 * The frame could not be compressed, or it could not
200 * be sent in compressed form because CCP is down.
206 + * MPPE requires that we do not send unencrypted
207 + * frames. The compressor will return -1 if we
208 + * should drop the frame. We cannot simply test
209 + * the compress_proto because MPPE and MPPC share
212 + printk(KERN_ERR "ppp: compressor dropped pkt\n");
213 + kfree_skb(new_skb);
214 + ppp->xmit_busy = 0;
219 diff -urN linux.orig/drivers/net/ppp_mppe_compress.c linux/drivers/net/ppp_mppe_compress.c
220 --- linux.orig/drivers/net/ppp_mppe_compress.c Thu Jan 1 01:00:00 1970
221 +++ linux/drivers/net/ppp_mppe_compress.c Wed Jul 31 12:41:00 2002
224 + * ==FILEVERSION 20020320==
226 + * ppp_mppe_compress.c - interface MPPE to the PPP code.
227 + * This version is for use with Linux kernel 2.2.19+ and 2.4.x.
229 + * By Frank Cusack <frank@google.com>.
230 + * Copyright (c) 2002 Google, Inc.
231 + * All rights reserved.
233 + * Permission to use, copy, modify, and distribute this software and its
234 + * documentation is hereby granted, provided that the above copyright
235 + * notice appears in all copies. This software is provided without any
236 + * warranty, express or implied.
240 +#include <linux/module.h>
241 +#include <linux/kernel.h>
242 +#include <linux/init.h>
243 +#include <linux/types.h>
244 +#include <linux/slab.h>
245 +#include <linux/string.h>
247 +#include <linux/ppp_defs.h>
248 +#include <linux/ppp-comp.h>
250 +#include "arcfour.h"
254 + * State for an MPPE (de)compressor.
256 +typedef struct ppp_mppe_state {
257 + unsigned char master_key[MPPE_MAX_KEY_LEN];
258 + unsigned char session_key[MPPE_MAX_KEY_LEN];
259 + arcfour_context arcfour_context; /* encryption state */
260 + unsigned keylen; /* key length in bytes */
261 + /* NB: 128-bit == 16, 40-bit == 8! */
262 + /* If we want to support 56-bit, */
263 + /* the unit has to change to bits */
264 + unsigned char bits; /* MPPE control bits */
265 + unsigned ccount; /* 12-bit coherency count (seqno) */
266 + unsigned stateful; /* stateful mode flag */
267 + int discard; /* stateful mode packet loss flag */
268 + int sanity_errors; /* take down LCP if too many */
271 + struct compstat stats;
274 +/* ppp_mppe_state.bits definitions */
275 +#define MPPE_BIT_A 0x80 /* Encryption table were (re)inititalized */
276 +#define MPPE_BIT_B 0x40 /* MPPC only (not implemented) */
277 +#define MPPE_BIT_C 0x20 /* MPPC only (not implemented) */
278 +#define MPPE_BIT_D 0x10 /* This is an encrypted frame */
280 +#define MPPE_BIT_FLUSHED MPPE_BIT_A
281 +#define MPPE_BIT_ENCRYPTED MPPE_BIT_D
283 +#define MPPE_BITS(p) ((p)[4] & 0xf0)
284 +#define MPPE_CCOUNT(p) ((((p)[4] & 0x0f) << 8) + (p)[5])
285 +#define MPPE_CCOUNT_SPACE 0x1000 /* The size of the ccount space */
288 + * MPPE overhead/packet.
289 + * Note that we use this differently than other compressors.
291 +#define MPPE_OVHD 2 /* MPPE overhead/packet */
292 +/* Max bogon factor we will tolerate */
293 +#define SANITY_MAX 1600
295 +static void GetNewKeyFromSHA __P((unsigned char *StartKey,
296 + unsigned char *SessionKey,
297 + unsigned SessionKeyLength,
298 + unsigned char *InterimKey));
299 +static void mppe_rekey __P((ppp_mppe_state *state, int));
300 +static void *mppe_alloc __P((unsigned char *options, int optlen));
301 +static void mppe_free __P((void *state));
302 +static int mppe_init __P((void *state, unsigned char *options,
303 + int optlen, int unit, int debug, const char *));
304 +static int mppe_comp_init __P((void *state, unsigned char *options,
306 + int unit, int hdrlen, int debug));
307 +static int mppe_decomp_init __P((void *state, unsigned char *options,
308 + int optlen, int unit,
309 + int hdrlen, int mru, int debug));
310 +static int mppe_compress __P((void *state, unsigned char *ibuf,
311 + unsigned char *obuf,
312 + int isize, int osize));
313 +static void mppe_incomp __P((void *state, unsigned char *ibuf, int icnt));
314 +static int mppe_decompress __P((void *state, unsigned char *ibuf,
315 + int isize, unsigned char *obuf,int osize));
316 +static void mppe_comp_reset __P((void *state));
317 +static void mppe_decomp_reset __P((void *state));
318 +static void mppe_comp_stats __P((void *state, struct compstat *stats));
322 + * Key Derivation, from RFC 3078, RFC 3079.
323 + * Equivalent to Get_Key() for MS-CHAP as described in RFC 3079.
326 +GetNewKeyFromSHA(unsigned char *MasterKey, unsigned char *SessionKey,
327 + unsigned SessionKeyLength, unsigned char *InterimKey)
330 + unsigned char Digest[SHA1_SIGNATURE_SIZE];
332 + unsigned char SHApad1[40] =
333 + { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
334 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
335 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
336 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 };
337 + unsigned char SHApad2[40] =
338 + { 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2,
339 + 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2,
340 + 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2,
341 + 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2 };
343 + /* assert(SessionKeyLength <= SHA1_SIGNATURE_SIZE); */
345 + SHA1_Init(&Context);
346 + SHA1_Update(&Context, MasterKey, SessionKeyLength);
347 + SHA1_Update(&Context, SHApad1, sizeof(SHApad1));
348 + SHA1_Update(&Context, SessionKey, SessionKeyLength);
349 + SHA1_Update(&Context, SHApad2, sizeof(SHApad2));
350 + SHA1_Final(Digest, &Context);
352 + memcpy(InterimKey, Digest, SessionKeyLength);
356 + * Perform the MPPE rekey algorithm, from RFC 3078, sec. 7.3.
357 + * Well, not what's written there, but rather what they meant.
360 +mppe_rekey(ppp_mppe_state *state, int initial_key)
362 + unsigned char InterimKey[MPPE_MAX_KEY_LEN];
364 + GetNewKeyFromSHA(state->master_key, state->session_key,
365 + state->keylen, InterimKey);
366 + if (!initial_key) {
367 + arcfour_setkey(&state->arcfour_context, InterimKey, state->keylen);
368 + arcfour_encrypt(&state->arcfour_context, InterimKey, state->keylen,
369 + state->session_key);
371 + memcpy(state->session_key, InterimKey, state->keylen);
373 + if (state->keylen == 8) {
375 + state->session_key[0] = 0xd1;
376 + state->session_key[1] = 0x26;
377 + state->session_key[2] = 0x9e;
379 + arcfour_setkey(&state->arcfour_context, state->session_key, state->keylen);
384 + * Allocate space for a (de)compressor.
387 +mppe_alloc(unsigned char *options, int optlen)
389 + ppp_mppe_state *state;
391 + if (optlen != CILEN_MPPE + sizeof(state->master_key)
392 + || options[0] != CI_MPPE
393 + || options[1] != CILEN_MPPE)
396 + state = (ppp_mppe_state *) kmalloc(sizeof(*state), GFP_KERNEL);
401 + memset(state, 0, sizeof(*state));
404 + memcpy(state->master_key, &options[CILEN_MPPE], sizeof(state->master_key));
405 + memcpy(state->session_key, state->master_key, sizeof(state->master_key));
407 + * We defer initial key generation until mppe_init(), as mppe_alloc()
408 + * is called frequently during negotiation.
411 + return (void *) state;
415 + * Deallocate space for a (de)compressor.
418 +mppe_free(void *arg)
420 + ppp_mppe_state *state = (ppp_mppe_state *) arg;
430 + * Initialize (de)compressor state.
433 +mppe_init(void *arg, unsigned char *options, int optlen, int unit, int debug,
434 + const char *debugstr)
436 + ppp_mppe_state *state = (ppp_mppe_state *) arg;
437 + unsigned char mppe_opts;
439 + if (optlen != CILEN_MPPE
440 + || options[0] != CI_MPPE
441 + || options[1] != CILEN_MPPE)
444 + MPPE_CI_TO_OPTS(&options[2], mppe_opts);
445 + if (mppe_opts & MPPE_OPT_128)
446 + state->keylen = 16;
447 + else if (mppe_opts & MPPE_OPT_40)
450 + printk(KERN_WARNING "%s[%d]: unknown key length\n", debugstr, unit);
453 + if (mppe_opts & MPPE_OPT_STATEFUL)
454 + state->stateful = 1;
456 + /* Generate the initial session key. */
457 + mppe_rekey(state, 1);
461 + char mkey[sizeof(state->master_key) * 3 + 1];
462 + char skey[sizeof(state->session_key) * 3 + 1];
464 + printk(KERN_DEBUG "%s[%d]: initialized with %d-bit %s mode\n", debugstr,
465 + unit, (state->keylen == 16)? 128: 40,
466 + (state->stateful)? "stateful": "stateless");
468 + for (i = 0; i < sizeof(state->master_key); i++)
469 + sprintf(mkey + i * 2, "%.2x ", state->master_key[i]);
470 + for (i = 0; i < sizeof(state->session_key); i++)
471 + sprintf(skey + i * 2, "%.2x ", state->session_key[i]);
472 + printk(KERN_DEBUG "%s[%d]: keys: master: %s initial session: %s\n",
473 + debugstr, unit, mkey, skey);
477 + * Initialize the coherency count. The initial value is not specified
478 + * in RFC 3078, but we can make a reasonable assumption that it will
479 + * start at 0. Setting it to the max here makes the comp/decomp code
480 + * do the right thing (determined through experiment).
482 + state->ccount = MPPE_CCOUNT_SPACE - 1;
485 + * Note that even though we have initialized the key table, we don't
486 + * set the FLUSHED bit. This is contrary to RFC 3078, sec. 3.1.
488 + state->bits = MPPE_BIT_ENCRYPTED;
490 + state->unit = unit;
491 + state->debug = debug;
499 +mppe_comp_init(void *arg, unsigned char *options, int optlen, int unit,
500 + int hdrlen, int debug)
503 + return mppe_init(arg, options, optlen, unit, debug, "mppe_comp_init");
507 + * We received a CCP Reset-Request (actually, we are sending a Reset-Ack),
508 + * tell the compressor to rekey. Note that we MUST NOT rekey for
509 + * every CCP Reset-Request; we only rekey on the next xmit packet.
510 + * We might get multiple CCP Reset-Requests if our CCP Reset-Ack is lost.
511 + * So, rekeying for every CCP Reset-Request is broken as the peer will not
512 + * know how many times we've rekeyed. (If we rekey and THEN get another
513 + * CCP Reset-Request, we must rekey again.)
516 +mppe_comp_reset(void *arg)
518 + ppp_mppe_state *state = (ppp_mppe_state *) arg;
520 + state->bits |= MPPE_BIT_FLUSHED;
524 + * Compress (encrypt) a packet.
525 + * It's strange to call this a compressor, since the output is always
526 + * MPPE_OVHD + 2 bytes larger than the input.
529 +mppe_compress(void *arg, unsigned char *ibuf, unsigned char *obuf,
530 + int isize, int osize)
532 + ppp_mppe_state *state = (ppp_mppe_state *) arg;
536 + * Check that the protocol is in the range we handle.
538 + proto = PPP_PROTOCOL(ibuf);
539 + if (proto < 0x0021 || proto > 0x00fa)
542 + /* Make sure we have enough room to generate an encrypted packet. */
543 + if (osize < isize + MPPE_OVHD + 2) {
544 + /* Drop the packet if we should encrypt it, but can't. */
545 + printk(KERN_DEBUG "mppe_compress[%d]: osize too small! "
546 + "(have: %d need: %d)\n", state->unit,
547 + osize, osize + MPPE_OVHD + 2);
551 + osize = isize + MPPE_OVHD + 2;
554 + * Copy over the PPP header and set control bits.
556 + obuf[0] = PPP_ADDRESS(ibuf);
557 + obuf[1] = PPP_CONTROL(ibuf);
558 + obuf[2] = PPP_COMP >> 8; /* isize + MPPE_OVHD + 1 */
559 + obuf[3] = PPP_COMP; /* isize + MPPE_OVHD + 2 */
560 + obuf += PPP_HDRLEN;
562 + state->ccount = (state->ccount + 1) % MPPE_CCOUNT_SPACE;
563 + obuf[0] = state->ccount >> 8;
564 + obuf[1] = state->ccount & 0xff;
566 + if (!state->stateful || /* stateless mode */
567 + ((state->ccount & 0xff) == 0xff) || /* "flag" packet */
568 + (state->bits & MPPE_BIT_FLUSHED)) { /* CCP Reset-Request */
569 + /* We must rekey */
570 + if (state->debug && state->stateful)
571 + printk(KERN_DEBUG "mppe_compress[%d]: rekeying\n", state->unit);
572 + mppe_rekey(state, 0);
573 + state->bits |= MPPE_BIT_FLUSHED;
575 + obuf[0] |= state->bits;
576 + state->bits &= ~MPPE_BIT_FLUSHED; /* reset for next xmit */
579 + ibuf += 2; /* skip to proto field */
582 + /* Encrypt packet */
583 + arcfour_encrypt(&state->arcfour_context, ibuf, isize, obuf);
585 + state->stats.unc_bytes += isize;
586 + state->stats.unc_packets++;
587 + state->stats.comp_bytes += osize;
588 + state->stats.comp_packets++;
594 + * Since every frame grows by MPPE_OVHD + 2 bytes, this is always going
595 + * to look bad ... and the longer the link is up the worse it will get.
598 +mppe_comp_stats(void *arg, struct compstat *stats)
600 + ppp_mppe_state *state = (ppp_mppe_state *) arg;
602 + *stats = state->stats;
607 +mppe_decomp_init(void *arg, unsigned char *options, int optlen, int unit,
608 + int hdrlen, int mru, int debug)
611 + return mppe_init(arg, options, optlen, unit, debug, "mppe_decomp_init");
615 + * We received a CCP Reset-Ack. Just ignore it.
618 +mppe_decomp_reset(void *arg)
625 + * Decompress (decrypt) an MPPE packet.
628 +mppe_decompress(void *arg, unsigned char *ibuf, int isize, unsigned char *obuf,
631 + ppp_mppe_state *state = (ppp_mppe_state *) arg;
633 + int flushed = MPPE_BITS(ibuf) & MPPE_BIT_FLUSHED;
636 + if (isize <= PPP_HDRLEN + MPPE_OVHD) {
638 + printk(KERN_DEBUG "mppe_decompress[%d]: short pkt (%d)\n",
639 + state->unit, isize);
640 + return DECOMP_ERROR;
642 + /* Strange ... our output size is always LESS than the input size. */
643 + /* assert(osize >= isize - MPPE_OVHD - 2); */
645 + osize = isize - MPPE_OVHD - 2;
647 + ccount = MPPE_CCOUNT(ibuf);
649 + /* sanity checks -- terminate with extreme prejudice */
650 + if (!(MPPE_BITS(ibuf) & MPPE_BIT_ENCRYPTED)) {
651 + printk(KERN_DEBUG "mppe_decompress[%d]: ENCRYPTED bit not set!\n",
653 + state->sanity_errors += 100;
656 + if (!state->stateful && !flushed) {
657 + printk(KERN_DEBUG "mppe_decompress[%d]: FLUSHED bit not set in "
658 + "stateless mode!\n", state->unit);
659 + state->sanity_errors += 100;
662 + if (state->stateful && ((ccount & 0xff) == 0xff) && !flushed) {
663 + printk(KERN_DEBUG "mppe_decompress[%d]: FLUSHED bit not set on "
664 + "flag packet!\n", state->unit);
665 + state->sanity_errors += 100;
670 + if (state->sanity_errors < SANITY_MAX)
671 + return DECOMP_ERROR;
674 + * Take LCP down if the peer is sending too many bogons.
675 + * We don't want to do this for a single or just a few
676 + * instances since it could just be due to packet corruption.
678 + return DECOMP_FATALERROR;
682 + * Check the coherency count.
685 + if (!state->stateful) {
686 + /* RFC 3078, sec 8.1. Rekey for every packet. */
687 + while (state->ccount != ccount) {
688 + mppe_rekey(state, 0);
689 + state->ccount = (state->ccount + 1) % MPPE_CCOUNT_SPACE;
692 + /* RFC 3078, sec 8.2. */
693 + if (!state->discard) {
695 + state->ccount = (state->ccount + 1) % MPPE_CCOUNT_SPACE;
696 + if (ccount != state->ccount) {
698 + * (ccount > state->ccount)
699 + * Packet loss detected, enter the discard state.
700 + * Signal the peer to rekey (by sending a CCP Reset-Request).
702 + state->discard = 1;
703 + return DECOMP_ERROR;
706 + /* discard state */
708 + /* ccp.c will be silent (no additional CCP Reset-Requests). */
709 + return DECOMP_ERROR;
711 + /* Rekey for every missed "flag" packet. */
712 + while ((ccount & ~0xff) != (state->ccount & ~0xff)) {
713 + mppe_rekey(state, 0);
714 + state->ccount = (state->ccount + 256) % MPPE_CCOUNT_SPACE;
718 + state->discard = 0;
719 + state->ccount = ccount;
721 + * Another problem with RFC 3078 here. It implies that the
722 + * peer need not send a Reset-Ack packet. But RFC 1962
723 + * requires it. Hopefully, M$ does send a Reset-Ack; even
724 + * though it isn't required for MPPE synchronization, it is
725 + * required to reset CCP state.
730 + mppe_rekey(state, 0);
734 + * Fill in the first part of the PPP header. The protocol field
735 + * comes from the decrypted data.
737 + obuf[0] = PPP_ADDRESS(ibuf); /* +1 */
738 + obuf[1] = PPP_CONTROL(ibuf); /* +2 */
740 + ibuf += PPP_HDRLEN + MPPE_OVHD;
741 + isize -= PPP_HDRLEN + MPPE_OVHD; /* -6 */
744 + /* And finally, decrypt the packet. */
745 + arcfour_decrypt(&state->arcfour_context, ibuf, isize, obuf);
747 + state->stats.unc_bytes += osize;
748 + state->stats.unc_packets++;
749 + state->stats.comp_bytes += isize;
750 + state->stats.comp_packets++;
752 + /* good packet credit */
753 + state->sanity_errors >>= 1;
759 + * Incompressible data has arrived (this should never happen!).
760 + * We should probably drop the link if the protocol is in the range
761 + * of what should be encrypted. At the least, we should drop this
762 + * packet. (How to do this?)
765 +mppe_incomp(void *arg, unsigned char *ibuf, int icnt)
767 + ppp_mppe_state *state = (ppp_mppe_state *) arg;
769 + if (state->debug &&
770 + (PPP_PROTOCOL(ibuf) >= 0x0021 && PPP_PROTOCOL(ibuf) <= 0x00fa))
771 + printk(KERN_DEBUG "mppe_incomp[%d]: incompressible (unencrypted) data! "
772 + "(proto %04x)\n", state->unit, PPP_PROTOCOL(ibuf));
774 + state->stats.inc_bytes += icnt;
775 + state->stats.inc_packets++;
776 + state->stats.unc_bytes += icnt;
777 + state->stats.unc_packets++;
780 +/*************************************************************
781 + * Module interface table
782 + *************************************************************/
784 +/* These are in ppp.c (2.2.x) or ppp_generic.c (2.4.x) */
785 +extern int ppp_register_compressor (struct compressor *cp);
786 +extern void ppp_unregister_compressor (struct compressor *cp);
789 + * Procedures exported to if_ppp.c.
791 +struct compressor ppp_mppe = {
792 + CI_MPPE, /* compress_proto */
793 + mppe_alloc, /* comp_alloc */
794 + mppe_free, /* comp_free */
795 + mppe_comp_init, /* comp_init */
796 + mppe_comp_reset, /* comp_reset */
797 + mppe_compress, /* compress */
798 + mppe_comp_stats, /* comp_stat */
799 + mppe_alloc, /* decomp_alloc */
800 + mppe_free, /* decomp_free */
801 + mppe_decomp_init, /* decomp_init */
802 + mppe_decomp_reset, /* decomp_reset */
803 + mppe_decompress, /* decompress */
804 + mppe_incomp, /* incomp */
805 + mppe_comp_stats, /* decomp_stat */
808 +/* 2.2 compatibility defines */
815 +#ifndef MODULE_LICENSE
816 +#define MODULE_LICENSE(license)
822 + int answer = ppp_register_compressor(&ppp_mppe);
825 + printk(KERN_INFO "PPP MPPE Compression module registered\n");
830 +ppp_mppe_cleanup(void)
832 + ppp_unregister_compressor(&ppp_mppe);
835 +module_init(ppp_mppe_init);
836 +module_exit(ppp_mppe_cleanup);
837 +MODULE_LICENSE("BSD without advertisement clause");
838 diff -urN linux.orig/drivers/net/sha1.c linux/drivers/net/sha1.c
839 --- linux.orig/drivers/net/sha1.c Thu Jan 1 01:00:00 1970
840 +++ linux/drivers/net/sha1.c Wed Jul 31 12:41:00 2002
843 + * ftp://ftp.funet.fi/pub/crypt/hash/sha/sha1.c
846 + * By Steve Reid <steve@edmweb.com>
847 + * 100% Public Domain
849 + * Test Vectors (from FIPS PUB 180-1)
851 + * A9993E36 4706816A BA3E2571 7850C26C 9CD0D89D
852 + * "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq"
853 + * 84983E44 1C3BD26E BAAE4AA1 F95129E5 E54670F1
854 + * A million repetitions of "a"
855 + * 34AA973C D4C4DAA4 F61EEB2B DBAD2731 6534016F
858 +/* #define SHA1HANDSOFF * Copies data before messing with it. */
860 +#if defined(__linux__)
861 +#include <asm/byteorder.h>
862 +#include <linux/string.h>
863 +#else if defined(__solaris__)
864 +#include <sys/isa_defs.h>
865 +#include <sys/ddi.h>
866 +#include <sys/sunddi.h>
867 +#define memcpy(d, s, c) bcopy(s, d, c)
868 +#define memset(d, b, c) bzero(d, c)
873 +static void SHA1_Transform(unsigned long[5], const unsigned char[64]);
875 +#define rol(value, bits) (((value) << (bits)) | ((value) >> (32 - (bits))))
877 +/* blk0() and blk() perform the initial expand. */
878 +/* I got the idea of expanding during the round function from SSLeay */
879 +#if defined(__LITTLE_ENDIAN) || defined(_LITTLE_ENDIAN)
880 +#define blk0(i) (block->l[i] = (rol(block->l[i],24)&0xFF00FF00) \
881 + |(rol(block->l[i],8)&0x00FF00FF))
882 +#elif defined(__BIG_ENDIAN) || defined(_BIG_ENDIAN)
883 +#define blk0(i) block->l[i]
885 +#error Endianness not defined
887 +#define blk(i) (block->l[i&15] = rol(block->l[(i+13)&15]^block->l[(i+8)&15] \
888 + ^block->l[(i+2)&15]^block->l[i&15],1))
890 +/* (R0+R1), R2, R3, R4 are the different operations used in SHA1 */
891 +#define R0(v,w,x,y,z,i) z+=((w&(x^y))^y)+blk0(i)+0x5A827999+rol(v,5);w=rol(w,30);
892 +#define R1(v,w,x,y,z,i) z+=((w&(x^y))^y)+blk(i)+0x5A827999+rol(v,5);w=rol(w,30);
893 +#define R2(v,w,x,y,z,i) z+=(w^x^y)+blk(i)+0x6ED9EBA1+rol(v,5);w=rol(w,30);
894 +#define R3(v,w,x,y,z,i) z+=(((w|x)&y)|(w&x))+blk(i)+0x8F1BBCDC+rol(v,5);w=rol(w,30);
895 +#define R4(v,w,x,y,z,i) z+=(w^x^y)+blk(i)+0xCA62C1D6+rol(v,5);w=rol(w,30);
898 +/* Hash a single 512-bit block. This is the core of the algorithm. */
901 +SHA1_Transform(unsigned long state[5], const unsigned char buffer[64])
903 + unsigned long a, b, c, d, e;
905 + unsigned char c[64];
906 + unsigned long l[16];
908 + CHAR64LONG16 *block;
911 + static unsigned char workspace[64];
912 + block = (CHAR64LONG16 *) workspace;
913 + memcpy(block, buffer, 64);
915 + block = (CHAR64LONG16 *) buffer;
917 + /* Copy context->state[] to working vars */
923 + /* 4 rounds of 20 operations each. Loop unrolled. */
924 + R0(a,b,c,d,e, 0); R0(e,a,b,c,d, 1); R0(d,e,a,b,c, 2); R0(c,d,e,a,b, 3);
925 + R0(b,c,d,e,a, 4); R0(a,b,c,d,e, 5); R0(e,a,b,c,d, 6); R0(d,e,a,b,c, 7);
926 + R0(c,d,e,a,b, 8); R0(b,c,d,e,a, 9); R0(a,b,c,d,e,10); R0(e,a,b,c,d,11);
927 + R0(d,e,a,b,c,12); R0(c,d,e,a,b,13); R0(b,c,d,e,a,14); R0(a,b,c,d,e,15);
928 + R1(e,a,b,c,d,16); R1(d,e,a,b,c,17); R1(c,d,e,a,b,18); R1(b,c,d,e,a,19);
929 + R2(a,b,c,d,e,20); R2(e,a,b,c,d,21); R2(d,e,a,b,c,22); R2(c,d,e,a,b,23);
930 + R2(b,c,d,e,a,24); R2(a,b,c,d,e,25); R2(e,a,b,c,d,26); R2(d,e,a,b,c,27);
931 + R2(c,d,e,a,b,28); R2(b,c,d,e,a,29); R2(a,b,c,d,e,30); R2(e,a,b,c,d,31);
932 + R2(d,e,a,b,c,32); R2(c,d,e,a,b,33); R2(b,c,d,e,a,34); R2(a,b,c,d,e,35);
933 + R2(e,a,b,c,d,36); R2(d,e,a,b,c,37); R2(c,d,e,a,b,38); R2(b,c,d,e,a,39);
934 + R3(a,b,c,d,e,40); R3(e,a,b,c,d,41); R3(d,e,a,b,c,42); R3(c,d,e,a,b,43);
935 + R3(b,c,d,e,a,44); R3(a,b,c,d,e,45); R3(e,a,b,c,d,46); R3(d,e,a,b,c,47);
936 + R3(c,d,e,a,b,48); R3(b,c,d,e,a,49); R3(a,b,c,d,e,50); R3(e,a,b,c,d,51);
937 + R3(d,e,a,b,c,52); R3(c,d,e,a,b,53); R3(b,c,d,e,a,54); R3(a,b,c,d,e,55);
938 + R3(e,a,b,c,d,56); R3(d,e,a,b,c,57); R3(c,d,e,a,b,58); R3(b,c,d,e,a,59);
939 + R4(a,b,c,d,e,60); R4(e,a,b,c,d,61); R4(d,e,a,b,c,62); R4(c,d,e,a,b,63);
940 + R4(b,c,d,e,a,64); R4(a,b,c,d,e,65); R4(e,a,b,c,d,66); R4(d,e,a,b,c,67);
941 + R4(c,d,e,a,b,68); R4(b,c,d,e,a,69); R4(a,b,c,d,e,70); R4(e,a,b,c,d,71);
942 + R4(d,e,a,b,c,72); R4(c,d,e,a,b,73); R4(b,c,d,e,a,74); R4(a,b,c,d,e,75);
943 + R4(e,a,b,c,d,76); R4(d,e,a,b,c,77); R4(c,d,e,a,b,78); R4(b,c,d,e,a,79);
944 + /* Add the working vars back into context.state[] */
950 + /* Wipe variables */
951 + a = b = c = d = e = 0;
955 +/* SHA1Init - Initialize new context */
958 +SHA1_Init(SHA1_CTX *context)
960 + /* SHA1 initialization constants */
961 + context->state[0] = 0x67452301;
962 + context->state[1] = 0xEFCDAB89;
963 + context->state[2] = 0x98BADCFE;
964 + context->state[3] = 0x10325476;
965 + context->state[4] = 0xC3D2E1F0;
966 + context->count[0] = context->count[1] = 0;
970 +/* Run your data through this. */
973 +SHA1_Update(SHA1_CTX *context, const unsigned char *data, unsigned int len)
977 + j = (context->count[0] >> 3) & 63;
978 + if ((context->count[0] += len << 3) < (len << 3)) context->count[1]++;
979 + context->count[1] += (len >> 29);
980 + if ((j + len) > 63) {
981 + memcpy(&context->buffer[j], data, (i = 64-j));
982 + SHA1_Transform(context->state, context->buffer);
983 + for ( ; i + 63 < len; i += 64) {
984 + SHA1_Transform(context->state, &data[i]);
991 + memcpy(&context->buffer[j], &data[i], len - i);
995 +/* Add padding and return the message digest. */
998 +SHA1_Final(unsigned char digest[20], SHA1_CTX *context)
1000 + unsigned long i, j;
1001 + unsigned char finalcount[8];
1003 + for (i = 0; i < 8; i++) {
1004 + finalcount[i] = (unsigned char)((context->count[(i >= 4 ? 0 : 1)]
1005 + >> ((3-(i & 3)) * 8) ) & 255); /* Endian independent */
1007 + SHA1_Update(context, (unsigned char *) "\200", 1);
1008 + while ((context->count[0] & 504) != 448) {
1009 + SHA1_Update(context, (unsigned char *) "\0", 1);
1011 + SHA1_Update(context, finalcount, 8); /* Should cause a SHA1Transform() */
1012 + for (i = 0; i < 20; i++) {
1013 + digest[i] = (unsigned char)
1014 + ((context->state[i>>2] >> ((3-(i & 3)) * 8) ) & 255);
1016 + /* Wipe variables */
1018 + memset(context->buffer, 0, 64);
1019 + memset(context->state, 0, 20);
1020 + memset(context->count, 0, 8);
1021 + memset(&finalcount, 0, 8);
1022 +#ifdef SHA1HANDSOFF /* make SHA1Transform overwrite it's own static vars */
1023 + SHA1Transform(context->state, context->buffer);
1027 diff -urN linux.orig/drivers/net/sha1.h linux/drivers/net/sha1.h
1028 --- linux.orig/drivers/net/sha1.h Thu Jan 1 01:00:00 1970
1029 +++ linux/drivers/net/sha1.h Wed Jul 31 12:41:00 2002
1037 + unsigned long state[5];
1038 + unsigned long count[2];
1039 + unsigned char buffer[64];
1042 +#define SHA1_SIGNATURE_SIZE 20
1044 +extern void SHA1_Init(SHA1_CTX *);
1045 +extern void SHA1_Update(SHA1_CTX *, const unsigned char *, unsigned int);
1046 +extern void SHA1_Final(unsigned char[SHA1_SIGNATURE_SIZE], SHA1_CTX *);
1048 +#endif /* _SHA1_H */
1049 diff -urN linux.orig/include/linux/ppp-comp.h linux/include/linux/ppp-comp.h
1050 --- linux.orig/include/linux/ppp-comp.h Sun Mar 25 18:31:04 2001
1051 +++ linux/include/linux/ppp-comp.h Wed Jul 31 12:41:06 2002
1052 @@ -187,6 +187,100 @@
1053 #define DEFLATE_CHK_SEQUENCE 0
1056 + * Definitions for MPPE.
1059 +#define CI_MPPE 18 /* config option for MPPE */
1060 +#define CILEN_MPPE 6 /* length of config option */
1062 +#define MPPE_PAD 4 /* MPPE growth per frame */
1063 +#define MPPE_MAX_KEY_LEN 16 /* largest key length (128-bit) */
1065 +/* option bits for ccp_options.mppe */
1066 +#define MPPE_OPT_40 0x01 /* 40 bit */
1067 +#define MPPE_OPT_128 0x02 /* 128 bit */
1068 +#define MPPE_OPT_STATEFUL 0x04 /* stateful mode */
1069 +/* unsupported opts */
1070 +#define MPPE_OPT_56 0x08 /* 56 bit */
1071 +#define MPPE_OPT_MPPC 0x10 /* MPPC compression */
1072 +#define MPPE_OPT_D 0x20 /* Unknown */
1073 +#define MPPE_OPT_UNSUPPORTED (MPPE_OPT_56|MPPE_OPT_MPPC|MPPE_OPT_D)
1074 +#define MPPE_OPT_UNKNOWN 0x40 /* Bits !defined in RFC 3078 were set */
1077 + * This is not nice ... the alternative is a bitfield struct though.
1078 + * And unfortunately, we cannot share the same bits for the option
1079 + * names above since C and H are the same bit. We could do a u_int32
1080 + * but then we have to do a htonl() all the time and/or we still need
1081 + * to know which octet is which.
1083 +#define MPPE_C_BIT 0x01 /* MPPC */
1084 +#define MPPE_D_BIT 0x10 /* Obsolete, usage unknown */
1085 +#define MPPE_L_BIT 0x20 /* 40-bit */
1086 +#define MPPE_S_BIT 0x40 /* 128-bit */
1087 +#define MPPE_M_BIT 0x80 /* 56-bit, not supported */
1088 +#define MPPE_H_BIT 0x01 /* Stateless (in a different byte) */
1090 +/* Does not include H bit; used for least significant octet only. */
1091 +#define MPPE_ALL_BITS (MPPE_D_BIT|MPPE_L_BIT|MPPE_S_BIT|MPPE_M_BIT|MPPE_H_BIT)
1093 +/* Build a CI from mppe opts (see RFC 3078) */
1094 +#define MPPE_OPTS_TO_CI(opts, ci) \
1096 + u_char *ptr = ci; /* u_char[4] */ \
1099 + if (opts & MPPE_OPT_STATEFUL) \
1102 + *ptr++ = MPPE_H_BIT; \
1108 + if (opts & MPPE_OPT_128) \
1109 + *ptr |= MPPE_S_BIT; \
1110 + if (opts & MPPE_OPT_40) \
1111 + *ptr |= MPPE_L_BIT; \
1112 + /* M,D,C bits not supported */ \
1113 + } while (/* CONSTCOND */ 0)
1115 +/* The reverse of the above */
1116 +#define MPPE_CI_TO_OPTS(ci, opts) \
1118 + u_char *ptr = ci; /* u_char[4] */ \
1123 + if (!(ptr[0] & MPPE_H_BIT)) \
1124 + opts |= MPPE_OPT_STATEFUL; \
1127 + if (ptr[3] & MPPE_S_BIT) \
1128 + opts |= MPPE_OPT_128; \
1129 + if (ptr[3] & MPPE_L_BIT) \
1130 + opts |= MPPE_OPT_40; \
1132 + /* M,D,C bits */ \
1133 + if (ptr[3] & MPPE_M_BIT) \
1134 + opts |= MPPE_OPT_56; \
1135 + if (ptr[3] & MPPE_D_BIT) \
1136 + opts |= MPPE_OPT_D; \
1137 + if (ptr[3] & MPPE_C_BIT) \
1138 + opts |= MPPE_OPT_MPPC; \
1140 + /* Other bits */ \
1141 + if (ptr[0] & ~MPPE_H_BIT) \
1142 + opts |= MPPE_OPT_UNKNOWN; \
1143 + if (ptr[1] || ptr[2]) \
1144 + opts |= MPPE_OPT_UNKNOWN; \
1145 + if (ptr[3] & ~MPPE_ALL_BITS) \
1146 + opts |= MPPE_OPT_UNKNOWN; \
1147 + } while (/* CONSTCOND */ 0)
1150 * Definitions for other, as yet unsupported, compression methods.