1 /* $NetBSD: mppe.h,v 1.5 2025/01/08 19:59:39 christos Exp $ */ 2 3 /* 4 * mppe.h - Definitions for MPPE 5 * 6 * Copyright (c) 2008-2024 Paul Mackerras. All rights reserved. 7 * 8 * Redistribution and use in source and binary forms, with or without 9 * modification, are permitted provided that the following conditions 10 * are met: 11 * 12 * 1. Redistributions of source code must retain the above copyright 13 * notice, this list of conditions and the following disclaimer. 14 * 15 * 2. Redistributions in binary form must reproduce the above copyright 16 * notice, this list of conditions and the following disclaimer in 17 * the documentation and/or other materials provided with the 18 * distribution. 19 * 20 * THE AUTHORS OF THIS SOFTWARE DISCLAIM ALL WARRANTIES WITH REGARD TO 21 * THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY 22 * AND FITNESS, IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY 23 * SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 24 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN 25 * AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING 26 * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 27 */ 28 #ifndef PPP_MPPE_H 29 #define PPP_MPPE_H 30 31 #include "pppdconf.h" 32 33 #ifdef __cplusplus 34 extern "C" { 35 #endif 36 37 38 #define MPPE_PAD 4 /* MPPE growth per frame */ 39 #define MPPE_MAX_KEY_SIZE 32 /* Largest key length */ 40 #define MPPE_MAX_KEY_LEN 16 /* Largest key size accepted by the kernel */ 41 42 /* option bits for ccp_options.mppe */ 43 #define MPPE_OPT_40 0x01 /* 40 bit */ 44 #define MPPE_OPT_128 0x02 /* 128 bit */ 45 #define MPPE_OPT_STATEFUL 0x04 /* stateful mode */ 46 /* unsupported opts */ 47 #define MPPE_OPT_56 0x08 /* 56 bit */ 48 #define MPPE_OPT_MPPC 0x10 /* MPPC compression */ 49 #define MPPE_OPT_D 0x20 /* Unknown */ 50 #define MPPE_OPT_UNSUPPORTED (MPPE_OPT_56|MPPE_OPT_MPPC|MPPE_OPT_D) 51 #define MPPE_OPT_UNKNOWN 0x40 /* Bits !defined in RFC 3078 were set */ 52 53 /* 54 * This is not nice ... the alternative is a bitfield struct though. 55 * And unfortunately, we cannot share the same bits for the option 56 * names above since C and H are the same bit. We could do a u_int32 57 * but then we have to do a htonl() all the time and/or we still need 58 * to know which octet is which. 59 */ 60 #define MPPE_C_BIT 0x01 /* MPPC */ 61 #define MPPE_D_BIT 0x10 /* Obsolete, usage unknown */ 62 #define MPPE_L_BIT 0x20 /* 40-bit */ 63 #define MPPE_S_BIT 0x40 /* 128-bit */ 64 #define MPPE_M_BIT 0x80 /* 56-bit, not supported */ 65 #define MPPE_H_BIT 0x01 /* Stateless (in a different byte) */ 66 67 /* Does not include H bit; used for least significant octet only. */ 68 #define MPPE_ALL_BITS (MPPE_D_BIT|MPPE_L_BIT|MPPE_S_BIT|MPPE_M_BIT|MPPE_H_BIT) 69 70 /* Build a CI from mppe opts (see RFC 3078) */ 71 #ifndef MPPE_OPTS_TO_CI 72 #define MPPE_OPTS_TO_CI(opts, ci) \ 73 do { \ 74 unsigned char *ptr = ci; /* unsigned char[4] */ \ 75 \ 76 /* H bit */ \ 77 if (opts & MPPE_OPT_STATEFUL) \ 78 *ptr++ = 0x0; \ 79 else \ 80 *ptr++ = MPPE_H_BIT; \ 81 *ptr++ = 0; \ 82 *ptr++ = 0; \ 83 \ 84 /* S,L bits */ \ 85 *ptr = 0; \ 86 if (opts & MPPE_OPT_128) \ 87 *ptr |= MPPE_S_BIT; \ 88 if (opts & MPPE_OPT_40) \ 89 *ptr |= MPPE_L_BIT; \ 90 /* M,D,C bits not supported */ \ 91 } while (/* CONSTCOND */ 0) 92 93 /* The reverse of the above */ 94 #define MPPE_CI_TO_OPTS(ci, opts) \ 95 do { \ 96 unsigned char *ptr = ci; /* unsigned char[4] */ \ 97 \ 98 opts = 0; \ 99 \ 100 /* H bit */ \ 101 if (!(ptr[0] & MPPE_H_BIT)) \ 102 opts |= MPPE_OPT_STATEFUL; \ 103 \ 104 /* S,L bits */ \ 105 if (ptr[3] & MPPE_S_BIT) \ 106 opts |= MPPE_OPT_128; \ 107 if (ptr[3] & MPPE_L_BIT) \ 108 opts |= MPPE_OPT_40; \ 109 \ 110 /* M,D,C bits */ \ 111 if (ptr[3] & MPPE_M_BIT) \ 112 opts |= MPPE_OPT_56; \ 113 if (ptr[3] & MPPE_D_BIT) \ 114 opts |= MPPE_OPT_D; \ 115 if (ptr[3] & MPPE_C_BIT) \ 116 opts |= MPPE_OPT_MPPC; \ 117 \ 118 /* Other bits */ \ 119 if (ptr[0] & ~MPPE_H_BIT) \ 120 opts |= MPPE_OPT_UNKNOWN; \ 121 if (ptr[1] || ptr[2]) \ 122 opts |= MPPE_OPT_UNKNOWN; \ 123 if (ptr[3] & ~MPPE_ALL_BITS) \ 124 opts |= MPPE_OPT_UNKNOWN; \ 125 } while (/* CONSTCOND */ 0) 126 #endif 127 128 129 #if PPP_WITH_MPPE 130 131 /* These values are the RADIUS attribute values--see RFC 2548. */ 132 #define MPPE_ENC_POL_ENC_ALLOWED 1 133 #define MPPE_ENC_POL_ENC_REQUIRED 2 134 #define MPPE_ENC_TYPES_RC4_40 2 135 #define MPPE_ENC_TYPES_RC4_128 4 136 137 /* used by plugins (using above values) */ 138 void mppe_set_enc_types (int policy, int types); 139 140 /* 141 * Set the MPPE send and recv keys. NULL values for keys are ignored 142 * and input values are cleared to avoid leaving them on the stack 143 */ 144 void mppe_set_keys(unsigned char *send_key, unsigned char *recv_key, int keylen); 145 146 /* 147 * Get the MPPE recv key 148 */ 149 int mppe_get_recv_key(unsigned char *recv_key, int length); 150 151 /* 152 * Get the MPPE send key 153 */ 154 int mppe_get_send_key(unsigned char *send_key, int length); 155 156 /* 157 * Clear the MPPE keys 158 */ 159 void mppe_clear_keys(void); 160 161 /* 162 * Check if the MPPE keys are set 163 */ 164 bool mppe_keys_isset(void); 165 166 /* 167 * Set mppe_xxxx_key from NT Password Hash Hash (MSCHAPv1), see RFC3079 168 */ 169 void mppe_set_chapv1(unsigned char *rchallenge, unsigned char *PasswordHashHash); 170 171 /* 172 * Set the mppe_xxxx_key from MS-CHAP-v2 credentials, see RFC3079 173 */ 174 void mppe_set_chapv2(unsigned char *PasswordHashHash, 175 unsigned char *NTResponse, int IsServer); 176 177 #endif // #ifdef PPP_WITH_MPPE 178 179 #ifdef __cplusplus 180 } 181 #endif 182 183 #endif // #ifdef PPP_MPPE_H 184