mirror of
https://github.com/lwip-tcpip/lwip.git
synced 2024-10-05 22:29:49 +00:00
PPP, MSCHAP, CCP, MPPE: reworked key passing from CCP to MPPE
Removed mutiple copies of keys by pre-setting MPPE keys during MSCHAP negotiation. Improved MPPE init so we don't need to pass a buffer formatted in a special way to MPPE, this is necessary for pppd to talk to the kernel, we don't need that here.
This commit is contained in:
Sylvain Rochet
parent
045f44c7f9
commit
fc7e327d19
@ -169,8 +169,8 @@ typedef struct ppp_mppe_state {
|
||||
u8_t unit;
|
||||
} ppp_mppe_state;
|
||||
|
||||
int mppe_init(ppp_mppe_state *state, unsigned char *options, int optlen,
|
||||
u8_t unit, u8_t debug, const char *debugstr);
|
||||
void mppe_set_key(ppp_mppe_state *state, u8_t *key);
|
||||
void mppe_init(ppp_mppe_state *state, u8_t options, u8_t unit, u8_t debug, const char *debugstr);
|
||||
void mppe_comp_reset(ppp_mppe_state *state);
|
||||
err_t mppe_compress(ppp_mppe_state *state, struct pbuf **pb, u16_t protocol);
|
||||
void mppe_decomp_reset(ppp_mppe_state *state);
|
||||
|
||||
@ -423,8 +423,6 @@ struct ppp_pcb_s {
|
||||
#if MPPE_SUPPORT
|
||||
ppp_mppe_state mppe_comp; /* MPPE "compressor" structure */
|
||||
ppp_mppe_state mppe_decomp; /* MPPE "decompressor" structure */
|
||||
u8_t mppe_send_key[MPPE_MAX_KEY_LEN];
|
||||
u8_t mppe_recv_key[MPPE_MAX_KEY_LEN];
|
||||
#endif /* MPPE_SUPPORT */
|
||||
#endif /* CCP_SUPPORT */
|
||||
|
||||
|
||||
@ -765,15 +765,10 @@ static void ccp_addci(fsm *f, u_char *p, int *lenp) {
|
||||
*/
|
||||
#if MPPE_SUPPORT
|
||||
if (go->mppe) {
|
||||
u_char opt_buf[CILEN_MPPE + MPPE_MAX_KEY_LEN];
|
||||
|
||||
p[0] = opt_buf[0] = CI_MPPE;
|
||||
p[1] = opt_buf[1] = CILEN_MPPE;
|
||||
p[0] = CI_MPPE;
|
||||
p[1] = CILEN_MPPE;
|
||||
MPPE_OPTS_TO_CI(go->mppe, &p[2]);
|
||||
MPPE_OPTS_TO_CI(go->mppe, &opt_buf[2]);
|
||||
MEMCPY(&opt_buf[CILEN_MPPE], pcb->mppe_recv_key, MPPE_MAX_KEY_LEN);
|
||||
mppe_init(&pcb->mppe_decomp, opt_buf, CILEN_MPPE + MPPE_MAX_KEY_LEN,
|
||||
pcb->netif->num, 1, "mppe_decomp_init");
|
||||
mppe_init(&pcb->mppe_decomp, go->mppe, pcb->netif->num, 1, "mppe_decomp_init");
|
||||
p += CILEN_MPPE;
|
||||
}
|
||||
#endif /* MPPE_SUPPORT */
|
||||
@ -1199,20 +1194,9 @@ static int ccp_reqci(fsm *f, u_char *p, int *lenp, int dont_nak) {
|
||||
/* rebuild the opts */
|
||||
MPPE_OPTS_TO_CI(ho->mppe, &p[2]);
|
||||
if (newret == CONFACK) {
|
||||
u_char opt_buf[CILEN_MPPE + MPPE_MAX_KEY_LEN];
|
||||
int mtu;
|
||||
|
||||
MEMCPY(opt_buf, p, CILEN_MPPE);
|
||||
MEMCPY(&opt_buf[CILEN_MPPE], pcb->mppe_send_key,
|
||||
MPPE_MAX_KEY_LEN);
|
||||
if (mppe_init(&pcb->mppe_comp, opt_buf, CILEN_MPPE + MPPE_MAX_KEY_LEN,
|
||||
pcb->netif->num, 1, "mppe_comp_init") <= 0) {
|
||||
/* This shouldn't happen, we've already tested it! */
|
||||
ppp_error("MPPE required, but kernel has no support.");
|
||||
lcp_close(pcb, "MPPE required but not available");
|
||||
newret = CONFREJ;
|
||||
break;
|
||||
}
|
||||
mppe_init(&pcb->mppe_comp, ho->mppe, pcb->netif->num, 1, "mppe_comp_init");
|
||||
/*
|
||||
* We need to decrease the interface MTU by MPPE_PAD
|
||||
* because MPPE frames **grow**. The kernel [must]
|
||||
@ -1483,8 +1467,6 @@ static void ccp_up(fsm *f) {
|
||||
ppp_notice("%s transmit compression enabled", method_name(ho, NULL));
|
||||
#if MPPE_SUPPORT
|
||||
if (go->mppe) {
|
||||
BZERO(pcb->mppe_recv_key, MPPE_MAX_KEY_LEN);
|
||||
BZERO(pcb->mppe_send_key, MPPE_MAX_KEY_LEN);
|
||||
continue_networks(pcb); /* Bring up IP et al */
|
||||
}
|
||||
#endif /* MPPE_SUPPORT */
|
||||
|
||||
@ -94,7 +94,7 @@
|
||||
#include "netif/ppp/pppcrypt.h"
|
||||
#include "netif/ppp/magic.h"
|
||||
#if MPPE_SUPPORT
|
||||
#include "netif/ppp/mppe.h" /* For mppe_sha1_pad* */
|
||||
#include "netif/ppp/mppe.h" /* For mppe_sha1_pad*, mppe_set_key() */
|
||||
#endif /* MPPE_SUPPORT */
|
||||
|
||||
#if LWIP_INCLUDED_POLARSSL_MD4
|
||||
@ -730,8 +730,8 @@ static void Set_Start_Key(ppp_pcb *pcb, u_char *rchallenge, char *secret, int se
|
||||
sha1_finish(&sha1Context, Digest);
|
||||
|
||||
/* Same key in both directions. */
|
||||
MEMCPY(pcb->mppe_send_key, Digest, MPPE_MAX_KEY_LEN);
|
||||
MEMCPY(pcb->mppe_recv_key, Digest, MPPE_MAX_KEY_LEN);
|
||||
mppe_set_key(&pcb->mppe_comp, Digest);
|
||||
mppe_set_key(&pcb->mppe_decomp, Digest);
|
||||
|
||||
pcb->mppe_keys_set = 1;
|
||||
}
|
||||
@ -803,7 +803,7 @@ static void SetMasterKeys(ppp_pcb *pcb, char *secret, int secret_len, u_char NTR
|
||||
sha1_update(&sha1Context, (unsigned char *)mppe_sha1_pad2, SHA1_PAD_SIZE);
|
||||
sha1_finish(&sha1Context, Digest);
|
||||
|
||||
MEMCPY(pcb->mppe_send_key, Digest, MPPE_MAX_KEY_LEN);
|
||||
mppe_set_key(&pcb->mppe_comp, Digest);
|
||||
|
||||
/*
|
||||
* generate recv key
|
||||
@ -819,7 +819,7 @@ static void SetMasterKeys(ppp_pcb *pcb, char *secret, int secret_len, u_char NTR
|
||||
sha1_update(&sha1Context, (unsigned char *)mppe_sha1_pad2, SHA1_PAD_SIZE);
|
||||
sha1_finish(&sha1Context, Digest);
|
||||
|
||||
MEMCPY(pcb->mppe_recv_key, Digest, MPPE_MAX_KEY_LEN);
|
||||
mppe_set_key(&pcb->mppe_decomp, Digest);
|
||||
|
||||
pcb->mppe_keys_set = 1;
|
||||
}
|
||||
|
||||
@ -99,34 +99,33 @@ static void mppe_rekey(ppp_mppe_state * state, int initial_key)
|
||||
arc4_setup(&state->arc4, state->session_key, state->keylen);
|
||||
}
|
||||
|
||||
/*
|
||||
* Set key, used by MSCHAP before mppe_init() is actually called by CCP so we
|
||||
* don't have to keep multiple copies of keys.
|
||||
*/
|
||||
void mppe_set_key(ppp_mppe_state *state, u8_t *key) {
|
||||
MEMCPY(state->master_key, key, MPPE_MAX_KEY_LEN);
|
||||
}
|
||||
|
||||
/*
|
||||
* Initialize (de)compressor state.
|
||||
*/
|
||||
int
|
||||
mppe_init(ppp_mppe_state *state, unsigned char *options, int optlen, u8_t unit, u8_t debug,
|
||||
const char *debugstr)
|
||||
void
|
||||
mppe_init(ppp_mppe_state *state, u8_t options, u8_t unit, u8_t debug, const char *debugstr)
|
||||
{
|
||||
unsigned char mppe_opts;
|
||||
|
||||
if (optlen != CILEN_MPPE + sizeof(state->master_key) ||
|
||||
options[0] != CI_MPPE || options[1] != CILEN_MPPE)
|
||||
return 0;
|
||||
|
||||
/* Save keys. */
|
||||
MEMCPY(state->master_key, &options[CILEN_MPPE], sizeof(state->master_key));
|
||||
MEMCPY(state->session_key, state->master_key, sizeof(state->master_key));
|
||||
|
||||
MPPE_CI_TO_OPTS(&options[2], mppe_opts);
|
||||
if (mppe_opts & MPPE_OPT_128)
|
||||
if (options & MPPE_OPT_128)
|
||||
state->keylen = 16;
|
||||
else if (mppe_opts & MPPE_OPT_40)
|
||||
else if (options & MPPE_OPT_40)
|
||||
state->keylen = 8;
|
||||
else {
|
||||
PPPDEBUG(LOG_DEBUG, ("%s[%d]: unknown key length\n", debugstr,
|
||||
unit));
|
||||
return 0;
|
||||
return;
|
||||
}
|
||||
if (mppe_opts & MPPE_OPT_STATEFUL)
|
||||
if (options & MPPE_OPT_STATEFUL)
|
||||
state->stateful = 1;
|
||||
|
||||
/* Generate the initial session key. */
|
||||
@ -166,8 +165,6 @@ mppe_init(ppp_mppe_state *state, unsigned char *options, int optlen, u8_t unit,
|
||||
|
||||
state->unit = unit;
|
||||
state->debug = debug;
|
||||
|
||||
return 1;
|
||||
}
|
||||
|
||||
/*
|
||||
|
||||
Loading…
Reference in New Issue
Block a user