mirror/lwip
1
0
Fork 0
mirror of https://github.com/lwip-tcpip/lwip.git synced 2025-01-15 22:49:16 +00:00
Code Issues Packages Projects Releases Wiki Activity

PPP, MPPE, improved SHA1 padding

Browse Source 
Don't allocate 512 bytes of RAM for padding. Reduce overall padding
size to 64, therefore using stack instead of RAM or ROM.
This commit is contained in:
Sylvain Rochet 2015-03-29 01:25:58 +01:00
parent c759639603
commit 57e3e7f150
1 changed files with 17 additions and 27 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

44
src/netif/ppp/mppe.c
View File

@ -50,23 +50,6 @@
#define SHA1_SIGNATURE_SIZE 20 #define SHA1_SIGNATURE_SIZE 20
#define SHA1_PAD_SIZE 40 #define SHA1_PAD_SIZE 40
/*
* kernel crypto API needs its arguments to be in kmalloc'd memory, not in the module
* static data area. That means sha_pad needs to be kmalloc'd.
*/
struct sha_pad {
unsigned char sha_pad1[SHA1_PAD_SIZE];
unsigned char sha_pad2[SHA1_PAD_SIZE];
};
static struct sha_pad *sha_pad;
static inline void sha_pad_init(struct sha_pad *shapad)
{
memset(shapad->sha_pad1, 0x00, sizeof(shapad->sha_pad1));
memset(shapad->sha_pad2, 0xF2, sizeof(shapad->sha_pad2));
}
/* /*
* State for an MPPE (de)compressor. * State for an MPPE (de)compressor.
*/ */
@ -111,12 +94,27 @@ struct ppp_mppe_state {
static void get_new_key_from_sha(struct ppp_mppe_state * state) static void get_new_key_from_sha(struct ppp_mppe_state * state)
{ {
sha1_context sha1; sha1_context sha1;
/* sha1 is faster when using 64 byte chunks */
u8_t pad[64];
u8_t i;
sha1_starts(&sha1); sha1_starts(&sha1);
sha1_update(&sha1, state->master_key, state->master_key); sha1_update(&sha1, state->master_key, state->master_key);
sha1_update(&sha1, sha_pad->sha_pad1, sizeof(sha_pad->sha_pad1));
/* first padding, 256 bytes of 0x00 */
memset(pad, 0x00, sizeof(pad));
for (i = 0; i < 4; i++) {
sha1_update(&sha1, pad, sizeof(pad));
}
sha1_update(&sha1, state->session_key, state->keylen); sha1_update(&sha1, state->session_key, state->keylen);
sha1_update(&sha1, sha_pad->sha_pad2, sizeof(sha_pad->sha_pad2));
/* second padding, 256 bytes of 0xf2 */
memset(pad, 0xf2, sizeof(pad));
for (i = 0; i < 4; i++) {
sha1_update(&sha1, pad, sizeof(pad));
}
sha1_finish(&sha1, state->sha1_digest); sha1_finish(&sha1, state->sha1_digest);
} }
@ -586,17 +584,10 @@ static int ppp_mppe_init(void)
{ {
int answer; int answer;
sha_pad = kmalloc(sizeof(struct sha_pad), GFP_KERNEL);
if (!sha_pad)
return -ENOMEM;
sha_pad_init(sha_pad);
answer = ppp_register_compressor(&ppp_mppe); answer = ppp_register_compressor(&ppp_mppe);
if (answer == 0) if (answer == 0)
PPPDEBUG(LOG_DEBUG, ("PPP MPPE Compression module registered\n")); PPPDEBUG(LOG_DEBUG, ("PPP MPPE Compression module registered\n"));
else
kfree(sha_pad);
return answer; return answer;
} }
@ -604,7 +595,6 @@ static int ppp_mppe_init(void)
static void ppp_mppe_cleanup(void) static void ppp_mppe_cleanup(void)
{ {
ppp_unregister_compressor(&ppp_mppe); ppp_unregister_compressor(&ppp_mppe);
kfree(sha_pad);
} }
#endif /* PPP_SUPPORT && MPPE_SUPPORT */ #endif /* PPP_SUPPORT && MPPE_SUPPORT */