1 /* 2 * ng_mppc.c 3 */ 4 5 /*- 6 * Copyright (c) 1996-2000 Whistle Communications, Inc. 7 * All rights reserved. 8 * 9 * Subject to the following obligations and disclaimer of warranty, use and 10 * redistribution of this software, in source or object code forms, with or 11 * without modifications are expressly permitted by Whistle Communications; 12 * provided, however, that: 13 * 1. Any and all reproductions of the source or object code must include the 14 * copyright notice above and the following disclaimer of warranties; and 15 * 2. No rights are granted, in any manner or form, to use Whistle 16 * Communications, Inc. trademarks, including the mark "WHISTLE 17 * COMMUNICATIONS" on advertising, endorsements, or otherwise except as 18 * such appears in the above copyright notice or in the software. 19 * 20 * THIS SOFTWARE IS BEING PROVIDED BY WHISTLE COMMUNICATIONS "AS IS", AND 21 * TO THE MAXIMUM EXTENT PERMITTED BY LAW, WHISTLE COMMUNICATIONS MAKES NO 22 * REPRESENTATIONS OR WARRANTIES, EXPRESS OR IMPLIED, REGARDING THIS SOFTWARE, 23 * INCLUDING WITHOUT LIMITATION, ANY AND ALL IMPLIED WARRANTIES OF 24 * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR NON-INFRINGEMENT. 25 * WHISTLE COMMUNICATIONS DOES NOT WARRANT, GUARANTEE, OR MAKE ANY 26 * REPRESENTATIONS REGARDING THE USE OF, OR THE RESULTS OF THE USE OF THIS 27 * SOFTWARE IN TERMS OF ITS CORRECTNESS, ACCURACY, RELIABILITY OR OTHERWISE. 28 * IN NO EVENT SHALL WHISTLE COMMUNICATIONS BE LIABLE FOR ANY DAMAGES 29 * RESULTING FROM OR ARISING OUT OF ANY USE OF THIS SOFTWARE, INCLUDING 30 * WITHOUT LIMITATION, ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, 31 * PUNITIVE, OR CONSEQUENTIAL DAMAGES, PROCUREMENT OF SUBSTITUTE GOODS OR 32 * SERVICES, LOSS OF USE, DATA OR PROFITS, HOWEVER CAUSED AND UNDER ANY 33 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 34 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 35 * THIS SOFTWARE, EVEN IF WHISTLE COMMUNICATIONS IS ADVISED OF THE POSSIBILITY 36 * OF SUCH DAMAGE. 37 * 38 * Author: Archie Cobbs <archie@freebsd.org> 39 * 40 * $Whistle: ng_mppc.c,v 1.4 1999/11/25 00:10:12 archie Exp $ 41 * $FreeBSD$ 42 */ 43 44 /* 45 * Microsoft PPP compression (MPPC) and encryption (MPPE) netgraph node type. 46 * 47 * You must define one or both of the NETGRAPH_MPPC_COMPRESSION and/or 48 * NETGRAPH_MPPC_ENCRYPTION options for this node type to be useful. 49 */ 50 51 #include <sys/param.h> 52 #include <sys/systm.h> 53 #include <sys/kernel.h> 54 #include <sys/mbuf.h> 55 #include <sys/malloc.h> 56 #include <sys/endian.h> 57 #include <sys/errno.h> 58 #include <sys/sysctl.h> 59 #include <sys/syslog.h> 60 61 #include <netgraph/ng_message.h> 62 #include <netgraph/netgraph.h> 63 #include <netgraph/ng_mppc.h> 64 65 #include "opt_netgraph.h" 66 67 #if !defined(NETGRAPH_MPPC_COMPRESSION) && !defined(NETGRAPH_MPPC_ENCRYPTION) 68 #ifdef KLD_MODULE 69 /* XXX NETGRAPH_MPPC_COMPRESSION isn't functional yet */ 70 #define NETGRAPH_MPPC_ENCRYPTION 71 #else 72 /* This case is indicative of an error in sys/conf files */ 73 #error Need either NETGRAPH_MPPC_COMPRESSION or NETGRAPH_MPPC_ENCRYPTION 74 #endif 75 #endif 76 77 #ifdef NG_SEPARATE_MALLOC 78 static MALLOC_DEFINE(M_NETGRAPH_MPPC, "netgraph_mppc", "netgraph mppc node"); 79 #else 80 #define M_NETGRAPH_MPPC M_NETGRAPH 81 #endif 82 83 #ifdef NETGRAPH_MPPC_COMPRESSION 84 /* XXX this file doesn't exist yet, but hopefully someday it will... */ 85 #include <net/mppc.h> 86 #endif 87 #ifdef NETGRAPH_MPPC_ENCRYPTION 88 #include <crypto/rc4/rc4.h> 89 #endif 90 #include <crypto/sha1.h> 91 92 /* Decompression blowup */ 93 #define MPPC_DECOMP_BUFSIZE 8092 /* allocate buffer this big */ 94 #define MPPC_DECOMP_SAFETY 100 /* plus this much margin */ 95 96 /* MPPC/MPPE header length */ 97 #define MPPC_HDRLEN 2 98 99 /* Key length */ 100 #define KEYLEN(b) (((b) & MPPE_128) ? 16 : 8) 101 102 /* 103 * When packets are lost with MPPE, we may have to re-key arbitrarily 104 * many times to 'catch up' to the new jumped-ahead sequence number. 105 * Since this can be expensive, we pose a limit on how many re-keyings 106 * we will do at one time to avoid a possible D.O.S. vulnerability. 107 * This should instead be a configurable parameter. 108 */ 109 #define MPPE_MAX_REKEY 1000 110 111 SYSCTL_NODE(_net_graph, OID_AUTO, mppe, CTLFLAG_RW, 0, "MPPE"); 112 113 static int mppe_block_on_max_rekey = 0; 114 SYSCTL_INT(_net_graph_mppe, OID_AUTO, block_on_max_rekey, CTLFLAG_RWTUN, 115 &mppe_block_on_max_rekey, 0, "Block node on max MPPE key re-calculations"); 116 117 static int mppe_log_max_rekey = 1; 118 SYSCTL_INT(_net_graph_mppe, OID_AUTO, log_max_rekey, CTLFLAG_RWTUN, 119 &mppe_log_max_rekey, 0, "Log max MPPE key re-calculations event"); 120 121 static int mppe_max_rekey = MPPE_MAX_REKEY; 122 SYSCTL_INT(_net_graph_mppe, OID_AUTO, max_rekey, CTLFLAG_RWTUN, 123 &mppe_max_rekey, 0, "Maximum number of MPPE key re-calculations"); 124 125 /* MPPC packet header bits */ 126 #define MPPC_FLAG_FLUSHED 0x8000 /* xmitter reset state */ 127 #define MPPC_FLAG_RESTART 0x4000 /* compress history restart */ 128 #define MPPC_FLAG_COMPRESSED 0x2000 /* packet is compresed */ 129 #define MPPC_FLAG_ENCRYPTED 0x1000 /* packet is encrypted */ 130 #define MPPC_CCOUNT_MASK 0x0fff /* sequence number mask */ 131 132 #define MPPC_CCOUNT_INC(d) ((d) = (((d) + 1) & MPPC_CCOUNT_MASK)) 133 134 #define MPPE_UPDATE_MASK 0xff /* coherency count when we're */ 135 #define MPPE_UPDATE_FLAG 0xff /* supposed to update key */ 136 137 #define MPPC_COMP_OK 0x05 138 #define MPPC_DECOMP_OK 0x05 139 140 /* Per direction info */ 141 struct ng_mppc_dir { 142 struct ng_mppc_config cfg; /* configuration */ 143 hook_p hook; /* netgraph hook */ 144 u_int16_t cc:12; /* coherency count */ 145 u_char flushed; /* clean history (xmit only) */ 146 #ifdef NETGRAPH_MPPC_COMPRESSION 147 u_char *history; /* compression history */ 148 #endif 149 #ifdef NETGRAPH_MPPC_ENCRYPTION 150 u_char key[MPPE_KEY_LEN]; /* session key */ 151 struct rc4_state rc4; /* rc4 state */ 152 #endif 153 }; 154 155 /* Node private data */ 156 struct ng_mppc_private { 157 struct ng_mppc_dir xmit; /* compress/encrypt config */ 158 struct ng_mppc_dir recv; /* decompress/decrypt config */ 159 ng_ID_t ctrlnode; /* path to controlling node */ 160 }; 161 typedef struct ng_mppc_private *priv_p; 162 163 /* Netgraph node methods */ 164 static ng_constructor_t ng_mppc_constructor; 165 static ng_rcvmsg_t ng_mppc_rcvmsg; 166 static ng_shutdown_t ng_mppc_shutdown; 167 static ng_newhook_t ng_mppc_newhook; 168 static ng_rcvdata_t ng_mppc_rcvdata; 169 static ng_disconnect_t ng_mppc_disconnect; 170 171 /* Helper functions */ 172 static int ng_mppc_compress(node_p node, 173 struct mbuf **datap); 174 static int ng_mppc_decompress(node_p node, 175 struct mbuf **datap); 176 #ifdef NETGRAPH_MPPC_ENCRYPTION 177 static void ng_mppc_getkey(const u_char *h, u_char *h2, int len); 178 static void ng_mppc_updatekey(u_int32_t bits, 179 u_char *key0, u_char *key, struct rc4_state *rc4); 180 #endif 181 static void ng_mppc_reset_req(node_p node); 182 183 /* Node type descriptor */ 184 static struct ng_type ng_mppc_typestruct = { 185 .version = NG_ABI_VERSION, 186 .name = NG_MPPC_NODE_TYPE, 187 .constructor = ng_mppc_constructor, 188 .rcvmsg = ng_mppc_rcvmsg, 189 .shutdown = ng_mppc_shutdown, 190 .newhook = ng_mppc_newhook, 191 .rcvdata = ng_mppc_rcvdata, 192 .disconnect = ng_mppc_disconnect, 193 }; 194 NETGRAPH_INIT(mppc, &ng_mppc_typestruct); 195 196 #ifdef NETGRAPH_MPPC_ENCRYPTION 197 /* Depend on separate rc4 module */ 198 MODULE_DEPEND(ng_mppc, rc4, 1, 1, 1); 199 #endif 200 201 /* Fixed bit pattern to weaken keysize down to 40 or 56 bits */ 202 static const u_char ng_mppe_weakenkey[3] = { 0xd1, 0x26, 0x9e }; 203 204 #define ERROUT(x) do { error = (x); goto done; } while (0) 205 206 /************************************************************************ 207 NETGRAPH NODE STUFF 208 ************************************************************************/ 209 210 /* 211 * Node type constructor 212 */ 213 static int 214 ng_mppc_constructor(node_p node) 215 { 216 priv_p priv; 217 218 /* Allocate private structure */ 219 priv = malloc(sizeof(*priv), M_NETGRAPH_MPPC, M_WAITOK | M_ZERO); 220 221 NG_NODE_SET_PRIVATE(node, priv); 222 223 /* This node is not thread safe. */ 224 NG_NODE_FORCE_WRITER(node); 225 226 /* Done */ 227 return (0); 228 } 229 230 /* 231 * Give our OK for a hook to be added 232 */ 233 static int 234 ng_mppc_newhook(node_p node, hook_p hook, const char *name) 235 { 236 const priv_p priv = NG_NODE_PRIVATE(node); 237 hook_p *hookPtr; 238 239 /* Check hook name */ 240 if (strcmp(name, NG_MPPC_HOOK_COMP) == 0) 241 hookPtr = &priv->xmit.hook; 242 else if (strcmp(name, NG_MPPC_HOOK_DECOMP) == 0) 243 hookPtr = &priv->recv.hook; 244 else 245 return (EINVAL); 246 247 /* See if already connected */ 248 if (*hookPtr != NULL) 249 return (EISCONN); 250 251 /* OK */ 252 *hookPtr = hook; 253 return (0); 254 } 255 256 /* 257 * Receive a control message 258 */ 259 static int 260 ng_mppc_rcvmsg(node_p node, item_p item, hook_p lasthook) 261 { 262 const priv_p priv = NG_NODE_PRIVATE(node); 263 struct ng_mesg *resp = NULL; 264 int error = 0; 265 struct ng_mesg *msg; 266 267 NGI_GET_MSG(item, msg); 268 switch (msg->header.typecookie) { 269 case NGM_MPPC_COOKIE: 270 switch (msg->header.cmd) { 271 case NGM_MPPC_CONFIG_COMP: 272 case NGM_MPPC_CONFIG_DECOMP: 273 { 274 struct ng_mppc_config *const cfg 275 = (struct ng_mppc_config *)msg->data; 276 const int isComp = 277 msg->header.cmd == NGM_MPPC_CONFIG_COMP; 278 struct ng_mppc_dir *const d = isComp ? 279 &priv->xmit : &priv->recv; 280 281 /* Check configuration */ 282 if (msg->header.arglen != sizeof(*cfg)) 283 ERROUT(EINVAL); 284 if (cfg->enable) { 285 if ((cfg->bits & ~MPPC_VALID_BITS) != 0) 286 ERROUT(EINVAL); 287 #ifndef NETGRAPH_MPPC_COMPRESSION 288 if ((cfg->bits & MPPC_BIT) != 0) 289 ERROUT(EPROTONOSUPPORT); 290 #endif 291 #ifndef NETGRAPH_MPPC_ENCRYPTION 292 if ((cfg->bits & MPPE_BITS) != 0) 293 ERROUT(EPROTONOSUPPORT); 294 #endif 295 } else 296 cfg->bits = 0; 297 298 /* Save return address so we can send reset-req's */ 299 if (!isComp) 300 priv->ctrlnode = NGI_RETADDR(item); 301 302 /* Configuration is OK, reset to it */ 303 d->cfg = *cfg; 304 305 #ifdef NETGRAPH_MPPC_COMPRESSION 306 /* Initialize state buffers for compression */ 307 if (d->history != NULL) { 308 free(d->history, M_NETGRAPH_MPPC); 309 d->history = NULL; 310 } 311 if ((cfg->bits & MPPC_BIT) != 0) { 312 d->history = malloc(isComp ? 313 MPPC_SizeOfCompressionHistory() : 314 MPPC_SizeOfDecompressionHistory(), 315 M_NETGRAPH_MPPC, M_NOWAIT); 316 if (d->history == NULL) 317 ERROUT(ENOMEM); 318 if (isComp) 319 MPPC_InitCompressionHistory(d->history); 320 else { 321 MPPC_InitDecompressionHistory( 322 d->history); 323 } 324 } 325 #endif 326 327 #ifdef NETGRAPH_MPPC_ENCRYPTION 328 /* Generate initial session keys for encryption */ 329 if ((cfg->bits & MPPE_BITS) != 0) { 330 const int keylen = KEYLEN(cfg->bits); 331 332 bcopy(cfg->startkey, d->key, keylen); 333 ng_mppc_getkey(cfg->startkey, d->key, keylen); 334 if ((cfg->bits & MPPE_40) != 0) 335 bcopy(&ng_mppe_weakenkey, d->key, 3); 336 else if ((cfg->bits & MPPE_56) != 0) 337 bcopy(&ng_mppe_weakenkey, d->key, 1); 338 rc4_init(&d->rc4, d->key, keylen); 339 } 340 #endif 341 342 /* Initialize other state */ 343 d->cc = 0; 344 d->flushed = 0; 345 break; 346 } 347 348 case NGM_MPPC_RESETREQ: 349 ng_mppc_reset_req(node); 350 break; 351 352 default: 353 error = EINVAL; 354 break; 355 } 356 break; 357 default: 358 error = EINVAL; 359 break; 360 } 361 done: 362 NG_RESPOND_MSG(error, node, item, resp); 363 NG_FREE_MSG(msg); 364 return (error); 365 } 366 367 /* 368 * Receive incoming data on our hook. 369 */ 370 static int 371 ng_mppc_rcvdata(hook_p hook, item_p item) 372 { 373 const node_p node = NG_HOOK_NODE(hook); 374 const priv_p priv = NG_NODE_PRIVATE(node); 375 int error; 376 struct mbuf *m; 377 378 NGI_GET_M(item, m); 379 /* Compress and/or encrypt */ 380 if (hook == priv->xmit.hook) { 381 if (!priv->xmit.cfg.enable) { 382 NG_FREE_M(m); 383 NG_FREE_ITEM(item); 384 return (ENXIO); 385 } 386 if ((error = ng_mppc_compress(node, &m)) != 0) { 387 NG_FREE_ITEM(item); 388 return(error); 389 } 390 NG_FWD_NEW_DATA(error, item, priv->xmit.hook, m); 391 return (error); 392 } 393 394 /* Decompress and/or decrypt */ 395 if (hook == priv->recv.hook) { 396 if (!priv->recv.cfg.enable) { 397 NG_FREE_M(m); 398 NG_FREE_ITEM(item); 399 return (ENXIO); 400 } 401 if ((error = ng_mppc_decompress(node, &m)) != 0) { 402 NG_FREE_ITEM(item); 403 if (error == EINVAL && priv->ctrlnode != 0) { 404 struct ng_mesg *msg; 405 406 /* Need to send a reset-request */ 407 NG_MKMESSAGE(msg, NGM_MPPC_COOKIE, 408 NGM_MPPC_RESETREQ, 0, M_NOWAIT); 409 if (msg == NULL) 410 return (error); 411 NG_SEND_MSG_ID(error, node, msg, 412 priv->ctrlnode, 0); 413 } 414 return (error); 415 } 416 NG_FWD_NEW_DATA(error, item, priv->recv.hook, m); 417 return (error); 418 } 419 420 /* Oops */ 421 panic("%s: unknown hook", __func__); 422 } 423 424 /* 425 * Destroy node 426 */ 427 static int 428 ng_mppc_shutdown(node_p node) 429 { 430 const priv_p priv = NG_NODE_PRIVATE(node); 431 432 /* Take down netgraph node */ 433 #ifdef NETGRAPH_MPPC_COMPRESSION 434 if (priv->xmit.history != NULL) 435 free(priv->xmit.history, M_NETGRAPH_MPPC); 436 if (priv->recv.history != NULL) 437 free(priv->recv.history, M_NETGRAPH_MPPC); 438 #endif 439 bzero(priv, sizeof(*priv)); 440 free(priv, M_NETGRAPH_MPPC); 441 NG_NODE_SET_PRIVATE(node, NULL); 442 NG_NODE_UNREF(node); /* let the node escape */ 443 return (0); 444 } 445 446 /* 447 * Hook disconnection 448 */ 449 static int 450 ng_mppc_disconnect(hook_p hook) 451 { 452 const node_p node = NG_HOOK_NODE(hook); 453 const priv_p priv = NG_NODE_PRIVATE(node); 454 455 /* Zero out hook pointer */ 456 if (hook == priv->xmit.hook) 457 priv->xmit.hook = NULL; 458 if (hook == priv->recv.hook) 459 priv->recv.hook = NULL; 460 461 /* Go away if no longer connected */ 462 if ((NG_NODE_NUMHOOKS(node) == 0) 463 && NG_NODE_IS_VALID(node)) 464 ng_rmnode_self(node); 465 return (0); 466 } 467 468 /************************************************************************ 469 HELPER STUFF 470 ************************************************************************/ 471 472 /* 473 * Compress/encrypt a packet and put the result in a new mbuf at *resultp. 474 * The original mbuf is not free'd. 475 */ 476 static int 477 ng_mppc_compress(node_p node, struct mbuf **datap) 478 { 479 const priv_p priv = NG_NODE_PRIVATE(node); 480 struct ng_mppc_dir *const d = &priv->xmit; 481 u_int16_t header; 482 struct mbuf *m = *datap; 483 484 /* We must own the mbuf chain exclusively to modify it. */ 485 m = m_unshare(m, M_NOWAIT); 486 if (m == NULL) 487 return (ENOMEM); 488 489 /* Initialize */ 490 header = d->cc; 491 492 /* Always set the flushed bit in stateless mode */ 493 if (d->flushed || ((d->cfg.bits & MPPE_STATELESS) != 0)) { 494 header |= MPPC_FLAG_FLUSHED; 495 d->flushed = 0; 496 } 497 498 /* Compress packet (if compression enabled) */ 499 #ifdef NETGRAPH_MPPC_COMPRESSION 500 if ((d->cfg.bits & MPPC_BIT) != 0) { 501 u_short flags = MPPC_MANDATORY_COMPRESS_FLAGS; 502 u_char *inbuf, *outbuf; 503 int outlen, inlen, ina; 504 u_char *source, *dest; 505 u_long sourceCnt, destCnt; 506 int rtn; 507 508 /* Work with contiguous regions of memory. */ 509 inlen = m->m_pkthdr.len; 510 if (m->m_next == NULL) { 511 inbuf = mtod(m, u_char *); 512 ina = 0; 513 } else { 514 inbuf = malloc(inlen, M_NETGRAPH_MPPC, M_NOWAIT); 515 if (inbuf == NULL) 516 goto err1; 517 m_copydata(m, 0, inlen, (caddr_t)inbuf); 518 ina = 1; 519 } 520 521 outlen = MPPC_MAX_BLOWUP(inlen); 522 outbuf = malloc(outlen, M_NETGRAPH_MPPC, M_NOWAIT); 523 if (outbuf == NULL) { 524 if (ina) 525 free(inbuf, M_NETGRAPH_MPPC); 526 err1: 527 m_freem(m); 528 MPPC_InitCompressionHistory(d->history); 529 d->flushed = 1; 530 return (ENOMEM); 531 } 532 533 /* Prepare to compress */ 534 source = inbuf; 535 sourceCnt = inlen; 536 dest = outbuf; 537 destCnt = outlen; 538 if ((d->cfg.bits & MPPE_STATELESS) == 0) 539 flags |= MPPC_SAVE_HISTORY; 540 541 /* Compress */ 542 rtn = MPPC_Compress(&source, &dest, &sourceCnt, 543 &destCnt, d->history, flags, 0); 544 545 /* Check return value */ 546 KASSERT(rtn != MPPC_INVALID, ("%s: invalid", __func__)); 547 if ((rtn & MPPC_EXPANDED) == 0 548 && (rtn & MPPC_COMP_OK) == MPPC_COMP_OK) { 549 outlen -= destCnt; 550 header |= MPPC_FLAG_COMPRESSED; 551 if ((rtn & MPPC_RESTART_HISTORY) != 0) 552 header |= MPPC_FLAG_RESTART; 553 554 /* Replace m by the compresed one. */ 555 m_copyback(m, 0, outlen, (caddr_t)outbuf); 556 if (m->m_pkthdr.len < outlen) { 557 m_freem(m); 558 m = NULL; 559 } else if (outlen < m->m_pkthdr.len) 560 m_adj(m, outlen - m->m_pkthdr.len); 561 } 562 d->flushed = (rtn & MPPC_EXPANDED) != 0 563 || (flags & MPPC_SAVE_HISTORY) == 0; 564 565 if (ina) 566 free(inbuf, M_NETGRAPH_MPPC); 567 free(outbuf, M_NETGRAPH_MPPC); 568 569 /* Check mbuf chain reload result. */ 570 if (m == NULL) { 571 if (!d->flushed) { 572 MPPC_InitCompressionHistory(d->history); 573 d->flushed = 1; 574 } 575 return (ENOMEM); 576 } 577 } 578 #endif 579 580 /* Now encrypt packet (if encryption enabled) */ 581 #ifdef NETGRAPH_MPPC_ENCRYPTION 582 if ((d->cfg.bits & MPPE_BITS) != 0) { 583 struct mbuf *m1; 584 585 /* Set header bits */ 586 header |= MPPC_FLAG_ENCRYPTED; 587 588 /* Update key if it's time */ 589 if ((d->cfg.bits & MPPE_STATELESS) != 0 590 || (d->cc & MPPE_UPDATE_MASK) == MPPE_UPDATE_FLAG) { 591 ng_mppc_updatekey(d->cfg.bits, 592 d->cfg.startkey, d->key, &d->rc4); 593 } else if ((header & MPPC_FLAG_FLUSHED) != 0) { 594 /* Need to reset key if we say we did 595 and ng_mppc_updatekey wasn't called to do it also. */ 596 rc4_init(&d->rc4, d->key, KEYLEN(d->cfg.bits)); 597 } 598 599 /* Encrypt packet */ 600 m1 = m; 601 while (m1) { 602 rc4_crypt(&d->rc4, mtod(m1, u_char *), 603 mtod(m1, u_char *), m1->m_len); 604 m1 = m1->m_next; 605 } 606 } 607 #endif 608 609 /* Update coherency count for next time (12 bit arithmetic) */ 610 MPPC_CCOUNT_INC(d->cc); 611 612 /* Install header */ 613 M_PREPEND(m, MPPC_HDRLEN, M_NOWAIT); 614 if (m != NULL) 615 be16enc(mtod(m, void *), header); 616 617 *datap = m; 618 return (*datap == NULL ? ENOBUFS : 0); 619 } 620 621 /* 622 * Decompress/decrypt packet and put the result in a new mbuf at *resultp. 623 * The original mbuf is not free'd. 624 */ 625 static int 626 ng_mppc_decompress(node_p node, struct mbuf **datap) 627 { 628 const priv_p priv = NG_NODE_PRIVATE(node); 629 struct ng_mppc_dir *const d = &priv->recv; 630 u_int16_t header, cc; 631 u_int numLost; 632 struct mbuf *m = *datap; 633 634 /* We must own the mbuf chain exclusively to modify it. */ 635 m = m_unshare(m, M_NOWAIT); 636 if (m == NULL) 637 return (ENOMEM); 638 639 /* Pull off header */ 640 if (m->m_pkthdr.len < MPPC_HDRLEN) { 641 m_freem(m); 642 return (EINVAL); 643 } 644 header = be16dec(mtod(m, void *)); 645 cc = (header & MPPC_CCOUNT_MASK); 646 m_adj(m, MPPC_HDRLEN); 647 648 /* Check for an unexpected jump in the sequence number */ 649 numLost = ((cc - d->cc) & MPPC_CCOUNT_MASK); 650 651 /* If flushed bit set, we can always handle packet */ 652 if ((header & MPPC_FLAG_FLUSHED) != 0) { 653 #ifdef NETGRAPH_MPPC_COMPRESSION 654 if (d->history != NULL) 655 MPPC_InitDecompressionHistory(d->history); 656 #endif 657 #ifdef NETGRAPH_MPPC_ENCRYPTION 658 if ((d->cfg.bits & MPPE_BITS) != 0) { 659 u_int rekey; 660 661 /* How many times are we going to have to re-key? */ 662 rekey = ((d->cfg.bits & MPPE_STATELESS) != 0) ? 663 numLost : (numLost / (MPPE_UPDATE_MASK + 1)); 664 if (rekey > mppe_max_rekey) { 665 if (mppe_block_on_max_rekey) { 666 if (mppe_log_max_rekey) { 667 log(LOG_ERR, "%s: too many (%d) packets" 668 " dropped, disabling node %p!\n", 669 __func__, numLost, node); 670 } 671 priv->recv.cfg.enable = 0; 672 goto failed; 673 } else { 674 if (mppe_log_max_rekey) { 675 log(LOG_ERR, "%s: %d packets" 676 " dropped, node %p\n", 677 __func__, numLost, node); 678 } 679 goto failed; 680 } 681 } 682 683 /* Re-key as necessary to catch up to peer */ 684 while (d->cc != cc) { 685 if ((d->cfg.bits & MPPE_STATELESS) != 0 686 || (d->cc & MPPE_UPDATE_MASK) 687 == MPPE_UPDATE_FLAG) { 688 ng_mppc_updatekey(d->cfg.bits, 689 d->cfg.startkey, d->key, &d->rc4); 690 } 691 MPPC_CCOUNT_INC(d->cc); 692 } 693 694 /* Reset key (except in stateless mode, see below) */ 695 if ((d->cfg.bits & MPPE_STATELESS) == 0) 696 rc4_init(&d->rc4, d->key, KEYLEN(d->cfg.bits)); 697 } 698 #endif 699 d->cc = cc; /* skip over lost seq numbers */ 700 numLost = 0; /* act like no packets were lost */ 701 } 702 703 /* Can't decode non-sequential packets without a flushed bit */ 704 if (numLost != 0) 705 goto failed; 706 707 /* Decrypt packet */ 708 if ((header & MPPC_FLAG_ENCRYPTED) != 0) { 709 #ifdef NETGRAPH_MPPC_ENCRYPTION 710 struct mbuf *m1; 711 #endif 712 713 /* Are we not expecting encryption? */ 714 if ((d->cfg.bits & MPPE_BITS) == 0) { 715 log(LOG_ERR, "%s: rec'd unexpectedly %s packet", 716 __func__, "encrypted"); 717 goto failed; 718 } 719 720 #ifdef NETGRAPH_MPPC_ENCRYPTION 721 /* Update key if it's time (always in stateless mode) */ 722 if ((d->cfg.bits & MPPE_STATELESS) != 0 723 || (d->cc & MPPE_UPDATE_MASK) == MPPE_UPDATE_FLAG) { 724 ng_mppc_updatekey(d->cfg.bits, 725 d->cfg.startkey, d->key, &d->rc4); 726 } 727 728 /* Decrypt packet */ 729 m1 = m; 730 while (m1 != NULL) { 731 rc4_crypt(&d->rc4, mtod(m1, u_char *), 732 mtod(m1, u_char *), m1->m_len); 733 m1 = m1->m_next; 734 } 735 #endif 736 } else { 737 738 /* Are we expecting encryption? */ 739 if ((d->cfg.bits & MPPE_BITS) != 0) { 740 log(LOG_ERR, "%s: rec'd unexpectedly %s packet", 741 __func__, "unencrypted"); 742 goto failed; 743 } 744 } 745 746 /* Update coherency count for next time (12 bit arithmetic) */ 747 MPPC_CCOUNT_INC(d->cc); 748 749 /* Check for unexpected compressed packet */ 750 if ((header & MPPC_FLAG_COMPRESSED) != 0 751 && (d->cfg.bits & MPPC_BIT) == 0) { 752 log(LOG_ERR, "%s: rec'd unexpectedly %s packet", 753 __func__, "compressed"); 754 failed: 755 m_freem(m); 756 return (EINVAL); 757 } 758 759 #ifdef NETGRAPH_MPPC_COMPRESSION 760 /* Decompress packet */ 761 if ((header & MPPC_FLAG_COMPRESSED) != 0) { 762 int flags = MPPC_MANDATORY_DECOMPRESS_FLAGS; 763 u_char *inbuf, *outbuf; 764 int inlen, outlen, ina; 765 u_char *source, *dest; 766 u_long sourceCnt, destCnt; 767 int rtn; 768 769 /* Copy payload into a contiguous region of memory. */ 770 inlen = m->m_pkthdr.len; 771 if (m->m_next == NULL) { 772 inbuf = mtod(m, u_char *); 773 ina = 0; 774 } else { 775 inbuf = malloc(inlen, M_NETGRAPH_MPPC, M_NOWAIT); 776 if (inbuf == NULL) { 777 m_freem(m); 778 return (ENOMEM); 779 } 780 m_copydata(m, 0, inlen, (caddr_t)inbuf); 781 ina = 1; 782 } 783 784 /* Allocate a buffer for decompressed data */ 785 outbuf = malloc(MPPC_DECOMP_BUFSIZE + MPPC_DECOMP_SAFETY, 786 M_NETGRAPH_MPPC, M_NOWAIT); 787 if (outbuf == NULL) { 788 m_freem(m); 789 if (ina) 790 free(inbuf, M_NETGRAPH_MPPC); 791 return (ENOMEM); 792 } 793 outlen = MPPC_DECOMP_BUFSIZE; 794 795 /* Prepare to decompress */ 796 source = inbuf; 797 sourceCnt = inlen; 798 dest = outbuf; 799 destCnt = outlen; 800 if ((header & MPPC_FLAG_RESTART) != 0) 801 flags |= MPPC_RESTART_HISTORY; 802 803 /* Decompress */ 804 rtn = MPPC_Decompress(&source, &dest, 805 &sourceCnt, &destCnt, d->history, flags); 806 807 /* Check return value */ 808 KASSERT(rtn != MPPC_INVALID, ("%s: invalid", __func__)); 809 if ((rtn & MPPC_DEST_EXHAUSTED) != 0 810 || (rtn & MPPC_DECOMP_OK) != MPPC_DECOMP_OK) { 811 log(LOG_ERR, "%s: decomp returned 0x%x", 812 __func__, rtn); 813 if (ina) 814 free(inbuf, M_NETGRAPH_MPPC); 815 free(outbuf, M_NETGRAPH_MPPC); 816 goto failed; 817 } 818 819 /* Replace compressed data with decompressed data */ 820 if (ina) 821 free(inbuf, M_NETGRAPH_MPPC); 822 outlen -= destCnt; 823 824 m_copyback(m, 0, outlen, (caddr_t)outbuf); 825 if (m->m_pkthdr.len < outlen) { 826 m_freem(m); 827 m = NULL; 828 } else if (outlen < m->m_pkthdr.len) 829 m_adj(m, outlen - m->m_pkthdr.len); 830 free(outbuf, M_NETGRAPH_MPPC); 831 } 832 #endif 833 834 /* Return result in an mbuf */ 835 *datap = m; 836 return (*datap == NULL ? ENOBUFS : 0); 837 } 838 839 /* 840 * The peer has sent us a CCP ResetRequest, so reset our transmit state. 841 */ 842 static void 843 ng_mppc_reset_req(node_p node) 844 { 845 const priv_p priv = NG_NODE_PRIVATE(node); 846 struct ng_mppc_dir *const d = &priv->xmit; 847 848 #ifdef NETGRAPH_MPPC_COMPRESSION 849 if (d->history != NULL) 850 MPPC_InitCompressionHistory(d->history); 851 #endif 852 #ifdef NETGRAPH_MPPC_ENCRYPTION 853 if ((d->cfg.bits & MPPE_STATELESS) == 0) 854 rc4_init(&d->rc4, d->key, KEYLEN(d->cfg.bits)); 855 #endif 856 d->flushed = 1; 857 } 858 859 #ifdef NETGRAPH_MPPC_ENCRYPTION 860 /* 861 * Generate a new encryption key 862 */ 863 static void 864 ng_mppc_getkey(const u_char *h, u_char *h2, int len) 865 { 866 static const u_char pad1[40] = 867 { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 868 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 869 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 870 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }; 871 static const u_char pad2[40] = 872 { 0xF2, 0xF2, 0xF2, 0xF2, 0xF2, 0xF2, 0xF2, 0xF2, 0xF2, 0xF2, 873 0xF2, 0xF2, 0xF2, 0xF2, 0xF2, 0xF2, 0xF2, 0xF2, 0xF2, 0xF2, 874 0xF2, 0xF2, 0xF2, 0xF2, 0xF2, 0xF2, 0xF2, 0xF2, 0xF2, 0xF2, 875 0xF2, 0xF2, 0xF2, 0xF2, 0xF2, 0xF2, 0xF2, 0xF2, 0xF2, 0xF2 }; 876 u_char hash[20]; 877 SHA1_CTX c; 878 879 SHA1Init(&c); 880 SHA1Update(&c, h, len); 881 SHA1Update(&c, pad1, sizeof(pad1)); 882 SHA1Update(&c, h2, len); 883 SHA1Update(&c, pad2, sizeof(pad2)); 884 SHA1Final(hash, &c); 885 bcopy(hash, h2, len); 886 } 887 888 /* 889 * Update the encryption key 890 */ 891 static void 892 ng_mppc_updatekey(u_int32_t bits, 893 u_char *key0, u_char *key, struct rc4_state *rc4) 894 { 895 const int keylen = KEYLEN(bits); 896 897 ng_mppc_getkey(key0, key, keylen); 898 rc4_init(rc4, key, keylen); 899 rc4_crypt(rc4, key, key, keylen); 900 if ((bits & MPPE_40) != 0) 901 bcopy(&ng_mppe_weakenkey, key, 3); 902 else if ((bits & MPPE_56) != 0) 903 bcopy(&ng_mppe_weakenkey, key, 1); 904 rc4_init(rc4, key, keylen); 905 } 906 #endif 907 908