2 * mppe.h - Definitions for MPPE
4 * Copyright (c) 2008 Paul Mackerras. All rights reserved.
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in
15 * the documentation and/or other materials provided with the
18 * 3. The name(s) of the authors of this software must not be used to
19 * endorse or promote products derived from this software without
20 * prior written permission.
22 * 4. Redistributions of any form whatsoever must retain the following
24 * "This product includes software developed by Paul Mackerras
25 * <paulus@samba.org>".
27 * THE AUTHORS OF THIS SOFTWARE DISCLAIM ALL WARRANTIES WITH REGARD TO
28 * THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
29 * AND FITNESS, IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY
30 * SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
31 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN
32 * AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING
33 * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
40 #define MPPE_PAD 4 /* MPPE growth per frame */
41 #define MPPE_MAX_KEY_SIZE 32 /* Largest key length */
42 #define MPPE_MAX_KEY_LEN 16 /* Largest key size accepted by the kernel */
44 /* option bits for ccp_options.mppe */
45 #define MPPE_OPT_40 0x01 /* 40 bit */
46 #define MPPE_OPT_128 0x02 /* 128 bit */
47 #define MPPE_OPT_STATEFUL 0x04 /* stateful mode */
48 /* unsupported opts */
49 #define MPPE_OPT_56 0x08 /* 56 bit */
50 #define MPPE_OPT_MPPC 0x10 /* MPPC compression */
51 #define MPPE_OPT_D 0x20 /* Unknown */
52 #define MPPE_OPT_UNSUPPORTED (MPPE_OPT_56|MPPE_OPT_MPPC|MPPE_OPT_D)
53 #define MPPE_OPT_UNKNOWN 0x40 /* Bits !defined in RFC 3078 were set */
56 * This is not nice ... the alternative is a bitfield struct though.
57 * And unfortunately, we cannot share the same bits for the option
58 * names above since C and H are the same bit. We could do a u_int32
59 * but then we have to do a htonl() all the time and/or we still need
60 * to know which octet is which.
62 #define MPPE_C_BIT 0x01 /* MPPC */
63 #define MPPE_D_BIT 0x10 /* Obsolete, usage unknown */
64 #define MPPE_L_BIT 0x20 /* 40-bit */
65 #define MPPE_S_BIT 0x40 /* 128-bit */
66 #define MPPE_M_BIT 0x80 /* 56-bit, not supported */
67 #define MPPE_H_BIT 0x01 /* Stateless (in a different byte) */
69 /* Does not include H bit; used for least significant octet only. */
70 #define MPPE_ALL_BITS (MPPE_D_BIT|MPPE_L_BIT|MPPE_S_BIT|MPPE_M_BIT|MPPE_H_BIT)
72 /* Build a CI from mppe opts (see RFC 3078) */
73 #define MPPE_OPTS_TO_CI(opts, ci) \
75 u_char *ptr = ci; /* u_char[4] */ \
78 if (opts & MPPE_OPT_STATEFUL) \
81 *ptr++ = MPPE_H_BIT; \
87 if (opts & MPPE_OPT_128) \
89 if (opts & MPPE_OPT_40) \
91 /* M,D,C bits not supported */ \
92 } while (/* CONSTCOND */ 0)
94 /* The reverse of the above */
95 #define MPPE_CI_TO_OPTS(ci, opts) \
97 u_char *ptr = ci; /* u_char[4] */ \
102 if (!(ptr[0] & MPPE_H_BIT)) \
103 opts |= MPPE_OPT_STATEFUL; \
106 if (ptr[3] & MPPE_S_BIT) \
107 opts |= MPPE_OPT_128; \
108 if (ptr[3] & MPPE_L_BIT) \
109 opts |= MPPE_OPT_40; \
112 if (ptr[3] & MPPE_M_BIT) \
113 opts |= MPPE_OPT_56; \
114 if (ptr[3] & MPPE_D_BIT) \
115 opts |= MPPE_OPT_D; \
116 if (ptr[3] & MPPE_C_BIT) \
117 opts |= MPPE_OPT_MPPC; \
120 if (ptr[0] & ~MPPE_H_BIT) \
121 opts |= MPPE_OPT_UNKNOWN; \
122 if (ptr[1] || ptr[2]) \
123 opts |= MPPE_OPT_UNKNOWN; \
124 if (ptr[3] & ~MPPE_ALL_BITS) \
125 opts |= MPPE_OPT_UNKNOWN; \
126 } while (/* CONSTCOND */ 0)
133 * Access to these variables directly is discuraged. Please
134 * change your code to use below accessor functions.
137 /* The key material generated which is used for MPPE send key */
138 extern u_char mppe_send_key[MPPE_MAX_KEY_SIZE];
139 /* The key material generated which is used for MPPE recv key */
140 extern u_char mppe_recv_key[MPPE_MAX_KEY_SIZE];
141 /* Keys are set if value is non-zero */
142 extern int mppe_keys_set;
144 /* These values are the RADIUS attribute values--see RFC 2548. */
145 #define MPPE_ENC_POL_ENC_ALLOWED 1
146 #define MPPE_ENC_POL_ENC_REQUIRED 2
147 #define MPPE_ENC_TYPES_RC4_40 2
148 #define MPPE_ENC_TYPES_RC4_128 4
150 /* used by plugins (using above values) */
151 void mppe_set_enc_types (int policy, int types);
154 * Set the MPPE send and recv keys. NULL values for keys are ignored
155 * and input values are cleared to avoid leaving them on the stack
157 void mppe_set_keys(u_char *send_key, u_char *recv_key, int keylen);
160 * Get the MPPE recv key
162 int mppe_get_recv_key(u_char *recv_key, int length);
165 * Get the MPPE send key
167 int mppe_get_send_key(u_char *send_key, int length);
170 * Clear the MPPE keys
172 void mppe_clear_keys(void);
175 * Check if the MPPE keys are set
177 bool mppe_keys_isset(void);
180 * Set mppe_xxxx_key from NT Password Hash Hash (MSCHAPv1), see RFC3079
182 void mppe_set_chapv1(u_char *rchallenge, u_char PasswordHashHash[MD4_SIGNATURE_SIZE]);
185 * Set the mppe_xxxx_key from MS-CHAP-v2 credentials, see RFC3079
187 void mppe_set_chapv2(u_char PasswordHashHash[MD4_SIGNATURE_SIZE],
188 u_char NTResponse[MS_AUTH_NTRESP_LEN], int IsServer);
190 #endif // #ifdef MPPE
191 #endif // #ifdef __MPPE_H__