linux/drivers/net/ppp_mppe.c
<<
>>
Prefs
   1/*
   2 * ppp_mppe.c - interface MPPE to the PPP code.
   3 * This version is for use with Linux kernel 2.6.14+
   4 *
   5 * By Frank Cusack <fcusack@fcusack.com>.
   6 * Copyright (c) 2002,2003,2004 Google, Inc.
   7 * All rights reserved.
   8 *
   9 * License:
  10 * Permission to use, copy, modify, and distribute this software and its
  11 * documentation is hereby granted, provided that the above copyright
  12 * notice appears in all copies.  This software is provided without any
  13 * warranty, express or implied.
  14 *
  15 * ALTERNATIVELY, provided that this notice is retained in full, this product
  16 * may be distributed under the terms of the GNU General Public License (GPL),
  17 * in which case the provisions of the GPL apply INSTEAD OF those given above.
  18 *
  19 *   This program is free software; you can redistribute it and/or modify
  20 *   it under the terms of the GNU General Public License as published by
  21 *   the Free Software Foundation; either version 2 of the License, or
  22 *   (at your option) any later version.
  23 *
  24 *   This program is distributed in the hope that it will be useful,
  25 *   but WITHOUT ANY WARRANTY; without even the implied warranty of
  26 *   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  27 *   GNU General Public License for more details.
  28 *
  29 *   You should have received a copy of the GNU General Public License
  30 *   along with this program; if not, write to the Free Software
  31 *   Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
  32 *
  33 *
  34 * Changelog:
  35 *      08/12/05 - Matt Domsch <Matt_Domsch@dell.com>
  36 *                 Only need extra skb padding on transmit, not receive.
  37 *      06/18/04 - Matt Domsch <Matt_Domsch@dell.com>, Oleg Makarenko <mole@quadra.ru>
  38 *                 Use Linux kernel 2.6 arc4 and sha1 routines rather than
  39 *                 providing our own.
  40 *      2/15/04 - TS: added #include <version.h> and testing for Kernel
  41 *                    version before using
  42 *                    MOD_DEC_USAGE_COUNT/MOD_INC_USAGE_COUNT which are
  43 *                    deprecated in 2.6
  44 */
  45
  46#include <linux/err.h>
  47#include <linux/module.h>
  48#include <linux/kernel.h>
  49#include <linux/init.h>
  50#include <linux/types.h>
  51#include <linux/slab.h>
  52#include <linux/string.h>
  53#include <linux/crypto.h>
  54#include <linux/mm.h>
  55#include <linux/ppp_defs.h>
  56#include <linux/ppp-comp.h>
  57#include <linux/scatterlist.h>
  58#include <asm/unaligned.h>
  59
  60#include "ppp_mppe.h"
  61
  62MODULE_AUTHOR("Frank Cusack <fcusack@fcusack.com>");
  63MODULE_DESCRIPTION("Point-to-Point Protocol Microsoft Point-to-Point Encryption support");
  64MODULE_LICENSE("Dual BSD/GPL");
  65MODULE_ALIAS("ppp-compress-" __stringify(CI_MPPE));
  66MODULE_VERSION("1.0.2");
  67
  68static unsigned int
  69setup_sg(struct scatterlist *sg, const void *address, unsigned int length)
  70{
  71        sg_set_buf(sg, address, length);
  72        return length;
  73}
  74
  75#define SHA1_PAD_SIZE 40
  76
  77/*
  78 * kernel crypto API needs its arguments to be in kmalloc'd memory, not in the module
  79 * static data area.  That means sha_pad needs to be kmalloc'd.
  80 */
  81
  82struct sha_pad {
  83        unsigned char sha_pad1[SHA1_PAD_SIZE];
  84        unsigned char sha_pad2[SHA1_PAD_SIZE];
  85};
  86static struct sha_pad *sha_pad;
  87
  88static inline void sha_pad_init(struct sha_pad *shapad)
  89{
  90        memset(shapad->sha_pad1, 0x00, sizeof(shapad->sha_pad1));
  91        memset(shapad->sha_pad2, 0xF2, sizeof(shapad->sha_pad2));
  92}
  93
  94/*
  95 * State for an MPPE (de)compressor.
  96 */
  97struct ppp_mppe_state {
  98        struct crypto_blkcipher *arc4;
  99        struct crypto_hash *sha1;
 100        unsigned char *sha1_digest;
 101        unsigned char master_key[MPPE_MAX_KEY_LEN];
 102        unsigned char session_key[MPPE_MAX_KEY_LEN];
 103        unsigned keylen;        /* key length in bytes             */
 104        /* NB: 128-bit == 16, 40-bit == 8! */
 105        /* If we want to support 56-bit,   */
 106        /* the unit has to change to bits  */
 107        unsigned char bits;     /* MPPE control bits */
 108        unsigned ccount;        /* 12-bit coherency count (seqno)  */
 109        unsigned stateful;      /* stateful mode flag */
 110        int discard;            /* stateful mode packet loss flag */
 111        int sanity_errors;      /* take down LCP if too many */
 112        int unit;
 113        int debug;
 114        struct compstat stats;
 115};
 116
 117/* struct ppp_mppe_state.bits definitions */
 118#define MPPE_BIT_A      0x80    /* Encryption table were (re)inititalized */
 119#define MPPE_BIT_B      0x40    /* MPPC only (not implemented) */
 120#define MPPE_BIT_C      0x20    /* MPPC only (not implemented) */
 121#define MPPE_BIT_D      0x10    /* This is an encrypted frame */
 122
 123#define MPPE_BIT_FLUSHED        MPPE_BIT_A
 124#define MPPE_BIT_ENCRYPTED      MPPE_BIT_D
 125
 126#define MPPE_BITS(p) ((p)[4] & 0xf0)
 127#define MPPE_CCOUNT(p) ((((p)[4] & 0x0f) << 8) + (p)[5])
 128#define MPPE_CCOUNT_SPACE 0x1000        /* The size of the ccount space */
 129
 130#define MPPE_OVHD       2       /* MPPE overhead/packet */
 131#define SANITY_MAX      1600    /* Max bogon factor we will tolerate */
 132
 133/*
 134 * Key Derivation, from RFC 3078, RFC 3079.
 135 * Equivalent to Get_Key() for MS-CHAP as described in RFC 3079.
 136 */
 137static void get_new_key_from_sha(struct ppp_mppe_state * state)
 138{
 139        struct hash_desc desc;
 140        struct scatterlist sg[4];
 141        unsigned int nbytes;
 142
 143        sg_init_table(sg, 4);
 144
 145        nbytes = setup_sg(&sg[0], state->master_key, state->keylen);
 146        nbytes += setup_sg(&sg[1], sha_pad->sha_pad1,
 147                           sizeof(sha_pad->sha_pad1));
 148        nbytes += setup_sg(&sg[2], state->session_key, state->keylen);
 149        nbytes += setup_sg(&sg[3], sha_pad->sha_pad2,
 150                           sizeof(sha_pad->sha_pad2));
 151
 152        desc.tfm = state->sha1;
 153        desc.flags = 0;
 154
 155        crypto_hash_digest(&desc, sg, nbytes, state->sha1_digest);
 156}
 157
 158/*
 159 * Perform the MPPE rekey algorithm, from RFC 3078, sec. 7.3.
 160 * Well, not what's written there, but rather what they meant.
 161 */
 162static void mppe_rekey(struct ppp_mppe_state * state, int initial_key)
 163{
 164        struct scatterlist sg_in[1], sg_out[1];
 165        struct blkcipher_desc desc = { .tfm = state->arc4 };
 166
 167        get_new_key_from_sha(state);
 168        if (!initial_key) {
 169                crypto_blkcipher_setkey(state->arc4, state->sha1_digest,
 170                                        state->keylen);
 171                sg_init_table(sg_in, 1);
 172                sg_init_table(sg_out, 1);
 173                setup_sg(sg_in, state->sha1_digest, state->keylen);
 174                setup_sg(sg_out, state->session_key, state->keylen);
 175                if (crypto_blkcipher_encrypt(&desc, sg_out, sg_in,
 176                                             state->keylen) != 0) {
 177                    printk(KERN_WARNING "mppe_rekey: cipher_encrypt failed\n");
 178                }
 179        } else {
 180                memcpy(state->session_key, state->sha1_digest, state->keylen);
 181        }
 182        if (state->keylen == 8) {
 183                /* See RFC 3078 */
 184                state->session_key[0] = 0xd1;
 185                state->session_key[1] = 0x26;
 186                state->session_key[2] = 0x9e;
 187        }
 188        crypto_blkcipher_setkey(state->arc4, state->session_key, state->keylen);
 189}
 190
 191/*
 192 * Allocate space for a (de)compressor.
 193 */
 194static void *mppe_alloc(unsigned char *options, int optlen)
 195{
 196        struct ppp_mppe_state *state;
 197        unsigned int digestsize;
 198
 199        if (optlen != CILEN_MPPE + sizeof(state->master_key) ||
 200            options[0] != CI_MPPE || options[1] != CILEN_MPPE)
 201                goto out;
 202
 203        state = kzalloc(sizeof(*state), GFP_KERNEL);
 204        if (state == NULL)
 205                goto out;
 206
 207
 208        state->arc4 = crypto_alloc_blkcipher("ecb(arc4)", 0, CRYPTO_ALG_ASYNC);
 209        if (IS_ERR(state->arc4)) {
 210                state->arc4 = NULL;
 211                goto out_free;
 212        }
 213
 214        state->sha1 = crypto_alloc_hash("sha1", 0, CRYPTO_ALG_ASYNC);
 215        if (IS_ERR(state->sha1)) {
 216                state->sha1 = NULL;
 217                goto out_free;
 218        }
 219
 220        digestsize = crypto_hash_digestsize(state->sha1);
 221        if (digestsize < MPPE_MAX_KEY_LEN)
 222                goto out_free;
 223
 224        state->sha1_digest = kmalloc(digestsize, GFP_KERNEL);
 225        if (!state->sha1_digest)
 226                goto out_free;
 227
 228        /* Save keys. */
 229        memcpy(state->master_key, &options[CILEN_MPPE],
 230               sizeof(state->master_key));
 231        memcpy(state->session_key, state->master_key,
 232               sizeof(state->master_key));
 233
 234        /*
 235         * We defer initial key generation until mppe_init(), as mppe_alloc()
 236         * is called frequently during negotiation.
 237         */
 238
 239        return (void *)state;
 240
 241        out_free:
 242            if (state->sha1_digest)
 243                kfree(state->sha1_digest);
 244            if (state->sha1)
 245                crypto_free_hash(state->sha1);
 246            if (state->arc4)
 247                crypto_free_blkcipher(state->arc4);
 248            kfree(state);
 249        out:
 250        return NULL;
 251}
 252
 253/*
 254 * Deallocate space for a (de)compressor.
 255 */
 256static void mppe_free(void *arg)
 257{
 258        struct ppp_mppe_state *state = (struct ppp_mppe_state *) arg;
 259        if (state) {
 260            if (state->sha1_digest)
 261                kfree(state->sha1_digest);
 262            if (state->sha1)
 263                crypto_free_hash(state->sha1);
 264            if (state->arc4)
 265                crypto_free_blkcipher(state->arc4);
 266            kfree(state);
 267        }
 268}
 269
 270/*
 271 * Initialize (de)compressor state.
 272 */
 273static int
 274mppe_init(void *arg, unsigned char *options, int optlen, int unit, int debug,
 275          const char *debugstr)
 276{
 277        struct ppp_mppe_state *state = (struct ppp_mppe_state *) arg;
 278        unsigned char mppe_opts;
 279
 280        if (optlen != CILEN_MPPE ||
 281            options[0] != CI_MPPE || options[1] != CILEN_MPPE)
 282                return 0;
 283
 284        MPPE_CI_TO_OPTS(&options[2], mppe_opts);
 285        if (mppe_opts & MPPE_OPT_128)
 286                state->keylen = 16;
 287        else if (mppe_opts & MPPE_OPT_40)
 288                state->keylen = 8;
 289        else {
 290                printk(KERN_WARNING "%s[%d]: unknown key length\n", debugstr,
 291                       unit);
 292                return 0;
 293        }
 294        if (mppe_opts & MPPE_OPT_STATEFUL)
 295                state->stateful = 1;
 296
 297        /* Generate the initial session key. */
 298        mppe_rekey(state, 1);
 299
 300        if (debug) {
 301                int i;
 302                char mkey[sizeof(state->master_key) * 2 + 1];
 303                char skey[sizeof(state->session_key) * 2 + 1];
 304
 305                printk(KERN_DEBUG "%s[%d]: initialized with %d-bit %s mode\n",
 306                       debugstr, unit, (state->keylen == 16) ? 128 : 40,
 307                       (state->stateful) ? "stateful" : "stateless");
 308
 309                for (i = 0; i < sizeof(state->master_key); i++)
 310                        sprintf(mkey + i * 2, "%02x", state->master_key[i]);
 311                for (i = 0; i < sizeof(state->session_key); i++)
 312                        sprintf(skey + i * 2, "%02x", state->session_key[i]);
 313                printk(KERN_DEBUG
 314                       "%s[%d]: keys: master: %s initial session: %s\n",
 315                       debugstr, unit, mkey, skey);
 316        }
 317
 318        /*
 319         * Initialize the coherency count.  The initial value is not specified
 320         * in RFC 3078, but we can make a reasonable assumption that it will
 321         * start at 0.  Setting it to the max here makes the comp/decomp code
 322         * do the right thing (determined through experiment).
 323         */
 324        state->ccount = MPPE_CCOUNT_SPACE - 1;
 325
 326        /*
 327         * Note that even though we have initialized the key table, we don't
 328         * set the FLUSHED bit.  This is contrary to RFC 3078, sec. 3.1.
 329         */
 330        state->bits = MPPE_BIT_ENCRYPTED;
 331
 332        state->unit = unit;
 333        state->debug = debug;
 334
 335        return 1;
 336}
 337
 338static int
 339mppe_comp_init(void *arg, unsigned char *options, int optlen, int unit,
 340               int hdrlen, int debug)
 341{
 342        /* ARGSUSED */
 343        return mppe_init(arg, options, optlen, unit, debug, "mppe_comp_init");
 344}
 345
 346/*
 347 * We received a CCP Reset-Request (actually, we are sending a Reset-Ack),
 348 * tell the compressor to rekey.  Note that we MUST NOT rekey for
 349 * every CCP Reset-Request; we only rekey on the next xmit packet.
 350 * We might get multiple CCP Reset-Requests if our CCP Reset-Ack is lost.
 351 * So, rekeying for every CCP Reset-Request is broken as the peer will not
 352 * know how many times we've rekeyed.  (If we rekey and THEN get another
 353 * CCP Reset-Request, we must rekey again.)
 354 */
 355static void mppe_comp_reset(void *arg)
 356{
 357        struct ppp_mppe_state *state = (struct ppp_mppe_state *) arg;
 358
 359        state->bits |= MPPE_BIT_FLUSHED;
 360}
 361
 362/*
 363 * Compress (encrypt) a packet.
 364 * It's strange to call this a compressor, since the output is always
 365 * MPPE_OVHD + 2 bytes larger than the input.
 366 */
 367static int
 368mppe_compress(void *arg, unsigned char *ibuf, unsigned char *obuf,
 369              int isize, int osize)
 370{
 371        struct ppp_mppe_state *state = (struct ppp_mppe_state *) arg;
 372        struct blkcipher_desc desc = { .tfm = state->arc4 };
 373        int proto;
 374        struct scatterlist sg_in[1], sg_out[1];
 375
 376        /*
 377         * Check that the protocol is in the range we handle.
 378         */
 379        proto = PPP_PROTOCOL(ibuf);
 380        if (proto < 0x0021 || proto > 0x00fa)
 381                return 0;
 382
 383        /* Make sure we have enough room to generate an encrypted packet. */
 384        if (osize < isize + MPPE_OVHD + 2) {
 385                /* Drop the packet if we should encrypt it, but can't. */
 386                printk(KERN_DEBUG "mppe_compress[%d]: osize too small! "
 387                       "(have: %d need: %d)\n", state->unit,
 388                       osize, osize + MPPE_OVHD + 2);
 389                return -1;
 390        }
 391
 392        osize = isize + MPPE_OVHD + 2;
 393
 394        /*
 395         * Copy over the PPP header and set control bits.
 396         */
 397        obuf[0] = PPP_ADDRESS(ibuf);
 398        obuf[1] = PPP_CONTROL(ibuf);
 399        put_unaligned_be16(PPP_COMP, obuf + 2);
 400        obuf += PPP_HDRLEN;
 401
 402        state->ccount = (state->ccount + 1) % MPPE_CCOUNT_SPACE;
 403        if (state->debug >= 7)
 404                printk(KERN_DEBUG "mppe_compress[%d]: ccount %d\n", state->unit,
 405                       state->ccount);
 406        put_unaligned_be16(state->ccount, obuf);
 407
 408        if (!state->stateful || /* stateless mode     */
 409            ((state->ccount & 0xff) == 0xff) || /* "flag" packet      */
 410            (state->bits & MPPE_BIT_FLUSHED)) { /* CCP Reset-Request  */
 411                /* We must rekey */
 412                if (state->debug && state->stateful)
 413                        printk(KERN_DEBUG "mppe_compress[%d]: rekeying\n",
 414                               state->unit);
 415                mppe_rekey(state, 0);
 416                state->bits |= MPPE_BIT_FLUSHED;
 417        }
 418        obuf[0] |= state->bits;
 419        state->bits &= ~MPPE_BIT_FLUSHED;       /* reset for next xmit */
 420
 421        obuf += MPPE_OVHD;
 422        ibuf += 2;              /* skip to proto field */
 423        isize -= 2;
 424
 425        /* Encrypt packet */
 426        sg_init_table(sg_in, 1);
 427        sg_init_table(sg_out, 1);
 428        setup_sg(sg_in, ibuf, isize);
 429        setup_sg(sg_out, obuf, osize);
 430        if (crypto_blkcipher_encrypt(&desc, sg_out, sg_in, isize) != 0) {
 431                printk(KERN_DEBUG "crypto_cypher_encrypt failed\n");
 432                return -1;
 433        }
 434
 435        state->stats.unc_bytes += isize;
 436        state->stats.unc_packets++;
 437        state->stats.comp_bytes += osize;
 438        state->stats.comp_packets++;
 439
 440        return osize;
 441}
 442
 443/*
 444 * Since every frame grows by MPPE_OVHD + 2 bytes, this is always going
 445 * to look bad ... and the longer the link is up the worse it will get.
 446 */
 447static void mppe_comp_stats(void *arg, struct compstat *stats)
 448{
 449        struct ppp_mppe_state *state = (struct ppp_mppe_state *) arg;
 450
 451        *stats = state->stats;
 452}
 453
 454static int
 455mppe_decomp_init(void *arg, unsigned char *options, int optlen, int unit,
 456                 int hdrlen, int mru, int debug)
 457{
 458        /* ARGSUSED */
 459        return mppe_init(arg, options, optlen, unit, debug, "mppe_decomp_init");
 460}
 461
 462/*
 463 * We received a CCP Reset-Ack.  Just ignore it.
 464 */
 465static void mppe_decomp_reset(void *arg)
 466{
 467        /* ARGSUSED */
 468        return;
 469}
 470
 471/*
 472 * Decompress (decrypt) an MPPE packet.
 473 */
 474static int
 475mppe_decompress(void *arg, unsigned char *ibuf, int isize, unsigned char *obuf,
 476                int osize)
 477{
 478        struct ppp_mppe_state *state = (struct ppp_mppe_state *) arg;
 479        struct blkcipher_desc desc = { .tfm = state->arc4 };
 480        unsigned ccount;
 481        int flushed = MPPE_BITS(ibuf) & MPPE_BIT_FLUSHED;
 482        int sanity = 0;
 483        struct scatterlist sg_in[1], sg_out[1];
 484
 485        if (isize <= PPP_HDRLEN + MPPE_OVHD) {
 486                if (state->debug)
 487                        printk(KERN_DEBUG
 488                               "mppe_decompress[%d]: short pkt (%d)\n",
 489                               state->unit, isize);
 490                return DECOMP_ERROR;
 491        }
 492
 493        /*
 494         * Make sure we have enough room to decrypt the packet.
 495         * Note that for our test we only subtract 1 byte whereas in
 496         * mppe_compress() we added 2 bytes (+MPPE_OVHD);
 497         * this is to account for possible PFC.
 498         */
 499        if (osize < isize - MPPE_OVHD - 1) {
 500                printk(KERN_DEBUG "mppe_decompress[%d]: osize too small! "
 501                       "(have: %d need: %d)\n", state->unit,
 502                       osize, isize - MPPE_OVHD - 1);
 503                return DECOMP_ERROR;
 504        }
 505        osize = isize - MPPE_OVHD - 2;  /* assume no PFC */
 506
 507        ccount = MPPE_CCOUNT(ibuf);
 508        if (state->debug >= 7)
 509                printk(KERN_DEBUG "mppe_decompress[%d]: ccount %d\n",
 510                       state->unit, ccount);
 511
 512        /* sanity checks -- terminate with extreme prejudice */
 513        if (!(MPPE_BITS(ibuf) & MPPE_BIT_ENCRYPTED)) {
 514                printk(KERN_DEBUG
 515                       "mppe_decompress[%d]: ENCRYPTED bit not set!\n",
 516                       state->unit);
 517                state->sanity_errors += 100;
 518                sanity = 1;
 519        }
 520        if (!state->stateful && !flushed) {
 521                printk(KERN_DEBUG "mppe_decompress[%d]: FLUSHED bit not set in "
 522                       "stateless mode!\n", state->unit);
 523                state->sanity_errors += 100;
 524                sanity = 1;
 525        }
 526        if (state->stateful && ((ccount & 0xff) == 0xff) && !flushed) {
 527                printk(KERN_DEBUG "mppe_decompress[%d]: FLUSHED bit not set on "
 528                       "flag packet!\n", state->unit);
 529                state->sanity_errors += 100;
 530                sanity = 1;
 531        }
 532
 533        if (sanity) {
 534                if (state->sanity_errors < SANITY_MAX)
 535                        return DECOMP_ERROR;
 536                else
 537                        /*
 538                         * Take LCP down if the peer is sending too many bogons.
 539                         * We don't want to do this for a single or just a few
 540                         * instances since it could just be due to packet corruption.
 541                         */
 542                        return DECOMP_FATALERROR;
 543        }
 544
 545        /*
 546         * Check the coherency count.
 547         */
 548
 549        if (!state->stateful) {
 550                /* RFC 3078, sec 8.1.  Rekey for every packet. */
 551                while (state->ccount != ccount) {
 552                        mppe_rekey(state, 0);
 553                        state->ccount = (state->ccount + 1) % MPPE_CCOUNT_SPACE;
 554                }
 555        } else {
 556                /* RFC 3078, sec 8.2. */
 557                if (!state->discard) {
 558                        /* normal state */
 559                        state->ccount = (state->ccount + 1) % MPPE_CCOUNT_SPACE;
 560                        if (ccount != state->ccount) {
 561                                /*
 562                                 * (ccount > state->ccount)
 563                                 * Packet loss detected, enter the discard state.
 564                                 * Signal the peer to rekey (by sending a CCP Reset-Request).
 565                                 */
 566                                state->discard = 1;
 567                                return DECOMP_ERROR;
 568                        }
 569                } else {
 570                        /* discard state */
 571                        if (!flushed) {
 572                                /* ccp.c will be silent (no additional CCP Reset-Requests). */
 573                                return DECOMP_ERROR;
 574                        } else {
 575                                /* Rekey for every missed "flag" packet. */
 576                                while ((ccount & ~0xff) !=
 577                                       (state->ccount & ~0xff)) {
 578                                        mppe_rekey(state, 0);
 579                                        state->ccount =
 580                                            (state->ccount +
 581                                             256) % MPPE_CCOUNT_SPACE;
 582                                }
 583
 584                                /* reset */
 585                                state->discard = 0;
 586                                state->ccount = ccount;
 587                                /*
 588                                 * Another problem with RFC 3078 here.  It implies that the
 589                                 * peer need not send a Reset-Ack packet.  But RFC 1962
 590                                 * requires it.  Hopefully, M$ does send a Reset-Ack; even
 591                                 * though it isn't required for MPPE synchronization, it is
 592                                 * required to reset CCP state.
 593                                 */
 594                        }
 595                }
 596                if (flushed)
 597                        mppe_rekey(state, 0);
 598        }
 599
 600        /*
 601         * Fill in the first part of the PPP header.  The protocol field
 602         * comes from the decrypted data.
 603         */
 604        obuf[0] = PPP_ADDRESS(ibuf);    /* +1 */
 605        obuf[1] = PPP_CONTROL(ibuf);    /* +1 */
 606        obuf += 2;
 607        ibuf += PPP_HDRLEN + MPPE_OVHD;
 608        isize -= PPP_HDRLEN + MPPE_OVHD;        /* -6 */
 609        /* net osize: isize-4 */
 610
 611        /*
 612         * Decrypt the first byte in order to check if it is
 613         * a compressed or uncompressed protocol field.
 614         */
 615        sg_init_table(sg_in, 1);
 616        sg_init_table(sg_out, 1);
 617        setup_sg(sg_in, ibuf, 1);
 618        setup_sg(sg_out, obuf, 1);
 619        if (crypto_blkcipher_decrypt(&desc, sg_out, sg_in, 1) != 0) {
 620                printk(KERN_DEBUG "crypto_cypher_decrypt failed\n");
 621                return DECOMP_ERROR;
 622        }
 623
 624        /*
 625         * Do PFC decompression.
 626         * This would be nicer if we were given the actual sk_buff
 627         * instead of a char *.
 628         */
 629        if ((obuf[0] & 0x01) != 0) {
 630                obuf[1] = obuf[0];
 631                obuf[0] = 0;
 632                obuf++;
 633                osize++;
 634        }
 635
 636        /* And finally, decrypt the rest of the packet. */
 637        setup_sg(sg_in, ibuf + 1, isize - 1);
 638        setup_sg(sg_out, obuf + 1, osize - 1);
 639        if (crypto_blkcipher_decrypt(&desc, sg_out, sg_in, isize - 1)) {
 640                printk(KERN_DEBUG "crypto_cypher_decrypt failed\n");
 641                return DECOMP_ERROR;
 642        }
 643
 644        state->stats.unc_bytes += osize;
 645        state->stats.unc_packets++;
 646        state->stats.comp_bytes += isize;
 647        state->stats.comp_packets++;
 648
 649        /* good packet credit */
 650        state->sanity_errors >>= 1;
 651
 652        return osize;
 653}
 654
 655/*
 656 * Incompressible data has arrived (this should never happen!).
 657 * We should probably drop the link if the protocol is in the range
 658 * of what should be encrypted.  At the least, we should drop this
 659 * packet.  (How to do this?)
 660 */
 661static void mppe_incomp(void *arg, unsigned char *ibuf, int icnt)
 662{
 663        struct ppp_mppe_state *state = (struct ppp_mppe_state *) arg;
 664
 665        if (state->debug &&
 666            (PPP_PROTOCOL(ibuf) >= 0x0021 && PPP_PROTOCOL(ibuf) <= 0x00fa))
 667                printk(KERN_DEBUG
 668                       "mppe_incomp[%d]: incompressible (unencrypted) data! "
 669                       "(proto %04x)\n", state->unit, PPP_PROTOCOL(ibuf));
 670
 671        state->stats.inc_bytes += icnt;
 672        state->stats.inc_packets++;
 673        state->stats.unc_bytes += icnt;
 674        state->stats.unc_packets++;
 675}
 676
 677/*************************************************************
 678 * Module interface table
 679 *************************************************************/
 680
 681/*
 682 * Procedures exported to if_ppp.c.
 683 */
 684static struct compressor ppp_mppe = {
 685        .compress_proto = CI_MPPE,
 686        .comp_alloc     = mppe_alloc,
 687        .comp_free      = mppe_free,
 688        .comp_init      = mppe_comp_init,
 689        .comp_reset     = mppe_comp_reset,
 690        .compress       = mppe_compress,
 691        .comp_stat      = mppe_comp_stats,
 692        .decomp_alloc   = mppe_alloc,
 693        .decomp_free    = mppe_free,
 694        .decomp_init    = mppe_decomp_init,
 695        .decomp_reset   = mppe_decomp_reset,
 696        .decompress     = mppe_decompress,
 697        .incomp         = mppe_incomp,
 698        .decomp_stat    = mppe_comp_stats,
 699        .owner          = THIS_MODULE,
 700        .comp_extra     = MPPE_PAD,
 701};
 702
 703/*
 704 * ppp_mppe_init()
 705 *
 706 * Prior to allowing load, try to load the arc4 and sha1 crypto
 707 * libraries.  The actual use will be allocated later, but
 708 * this way the module will fail to insmod if they aren't available.
 709 */
 710
 711static int __init ppp_mppe_init(void)
 712{
 713        int answer;
 714        if (!(crypto_has_blkcipher("ecb(arc4)", 0, CRYPTO_ALG_ASYNC) &&
 715              crypto_has_hash("sha1", 0, CRYPTO_ALG_ASYNC)))
 716                return -ENODEV;
 717
 718        sha_pad = kmalloc(sizeof(struct sha_pad), GFP_KERNEL);
 719        if (!sha_pad)
 720                return -ENOMEM;
 721        sha_pad_init(sha_pad);
 722
 723        answer = ppp_register_compressor(&ppp_mppe);
 724
 725        if (answer == 0)
 726                printk(KERN_INFO "PPP MPPE Compression module registered\n");
 727        else
 728                kfree(sha_pad);
 729
 730        return answer;
 731}
 732
 733static void __exit ppp_mppe_cleanup(void)
 734{
 735        ppp_unregister_compressor(&ppp_mppe);
 736        kfree(sha_pad);
 737}
 738
 739module_init(ppp_mppe_init);
 740module_exit(ppp_mppe_cleanup);
 741