summaryrefslogtreecommitdiff
path: root/usr.sbin
diff options
context:
space:
mode:
authorbrian <brian@cvs.openbsd.org>2001-07-07 03:08:50 +0000
committerbrian <brian@cvs.openbsd.org>2001-07-07 03:08:50 +0000
commitf99ac08a5a186f1069dd3f4e35729477b9c7e97b (patch)
treee010cab31fb2b7e890625e50dcf1701525418a2c /usr.sbin
parent0bb5bb9e171deb5fe91c171576e79139596f3958 (diff)
When we miss one or more packets in stateful mode *and* need to
perform a key change, *and* our sequence numbers have wrapped, ensure that the number of key changes is calculated correctly. The previous code counted down from a negative number to zero, re-encrypting the current key on each iteration - this took some time and strangely enough got the answer wrong !!! Spell stateful correctly while I'm here.
Diffstat (limited to 'usr.sbin')
-rw-r--r--usr.sbin/ppp/ppp/ccp.c4
-rw-r--r--usr.sbin/ppp/ppp/command.c6
-rw-r--r--usr.sbin/ppp/ppp/mppe.c19
-rw-r--r--usr.sbin/ppp/ppp/ppp.810
4 files changed, 21 insertions, 18 deletions
diff --git a/usr.sbin/ppp/ppp/ccp.c b/usr.sbin/ppp/ppp/ccp.c
index 08127c5a1d7..d8c8120ff9c 100644
--- a/usr.sbin/ppp/ppp/ccp.c
+++ b/usr.sbin/ppp/ppp/ccp.c
@@ -25,7 +25,7 @@
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
- * $OpenBSD: ccp.c,v 1.21 2001/07/03 22:23:56 brian Exp $
+ * $OpenBSD: ccp.c,v 1.22 2001/07/07 03:08:49 brian Exp $
*/
#include <sys/param.h>
@@ -197,7 +197,7 @@ ccp_ReportStatus(struct cmdargs const *arg)
prompt_Printf(arg->prompt, "any bits, ");
switch (ccp->cfg.mppe.state) {
case MPPE_STATEFUL:
- prompt_Printf(arg->prompt, "statefull");
+ prompt_Printf(arg->prompt, "stateful");
break;
case MPPE_STATELESS:
prompt_Printf(arg->prompt, "stateless");
diff --git a/usr.sbin/ppp/ppp/command.c b/usr.sbin/ppp/ppp/command.c
index a97e5ede111..49b2e64e854 100644
--- a/usr.sbin/ppp/ppp/command.c
+++ b/usr.sbin/ppp/ppp/command.c
@@ -25,7 +25,7 @@
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
- * $OpenBSD: command.c,v 1.61 2001/07/03 22:23:52 brian Exp $
+ * $OpenBSD: command.c,v 1.62 2001/07/07 03:08:49 brian Exp $
*/
#include <sys/param.h>
@@ -1636,7 +1636,7 @@ SetVariable(struct cmdargs const *arg)
l->ccp.cfg.mppe.state = MPPE_ANYSTATE;
else if (!strcasecmp(arg->argv[arg->argn + 1], "stateless"))
l->ccp.cfg.mppe.state = MPPE_STATELESS;
- else if (!strcasecmp(arg->argv[arg->argn + 1], "statefull"))
+ else if (!strcasecmp(arg->argv[arg->argn + 1], "stateful"))
l->ccp.cfg.mppe.state = MPPE_STATEFUL;
else {
log_Printf(LogWARN, "%s: Invalid state value\n",
@@ -2108,7 +2108,7 @@ static struct cmdtab const SetCommands[] = {
(const void *) VAR_WINSIZE},
#ifdef HAVE_DES
{"mppe", NULL, SetVariable, LOCAL_AUTH | LOCAL_CX_OPT,
- "MPPE key size and state", "set mppe [40|56|128|* [statefull|stateless|*]]",
+ "MPPE key size and state", "set mppe [40|56|128|* [stateful|stateless|*]]",
(const void *) VAR_MPPE},
#endif
{"device", "line", SetVariable, LOCAL_AUTH | LOCAL_CX,
diff --git a/usr.sbin/ppp/ppp/mppe.c b/usr.sbin/ppp/ppp/mppe.c
index a1b0a246058..2f6cf6d3ad2 100644
--- a/usr.sbin/ppp/ppp/mppe.c
+++ b/usr.sbin/ppp/ppp/mppe.c
@@ -23,7 +23,7 @@
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
- * $OpenBSD: mppe.c,v 1.7 2001/07/03 22:23:56 brian Exp $
+ * $OpenBSD: mppe.c,v 1.8 2001/07/07 03:08:49 brian Exp $
*/
#include <sys/types.h>
@@ -70,12 +70,13 @@
#define MPPE_OPT_BITMASK 0xe0
#define MPPE_OPT_MASK (MPPE_OPT_STATELESS | MPPE_OPT_BITMASK)
-#define MPPE_FLUSHED 0x8000
-#define MPPE_ENCRYPTED 0x1000
-#define MPPE_HEADER_BITMASK 0xf000
-#define MPPE_HEADER_FLAG 0x00ff
-#define MPPE_HEADER_FLAGMASK 0x00ff
-#define MPPE_HEADER_FLAGSHIFT 8
+#define MPPE_FLUSHED 0x8000
+#define MPPE_ENCRYPTED 0x1000
+#define MPPE_HEADER_BITMASK 0xf000
+#define MPPE_HEADER_FLAG 0x00ff
+#define MPPE_HEADER_FLAGMASK 0x00ff
+#define MPPE_HEADER_FLAGSHIFT 8
+#define MPPE_HEADER_STATEFUL_KEYCHANGES 16
struct mppe_state {
unsigned stateless : 1;
@@ -276,6 +277,8 @@ MPPEInput(void *v, struct ccp *ccp, u_short *proto, struct mbuf *mp)
*/
n = (prefix >> MPPE_HEADER_FLAGSHIFT) -
(mip->cohnum >> MPPE_HEADER_FLAGSHIFT);
+ if (n < 0)
+ n += MPPE_HEADER_STATEFUL_KEYCHANGES;
while (n--) {
log_Printf(LogDEBUG, "MPPEInput: Key changed during catchup [%u]\n",
prefix);
@@ -388,7 +391,7 @@ MPPEDispOpts(struct lcp_opt *o)
}
snprintf(buf + len, sizeof buf - len, " bits, state%s",
- (val & MPPE_OPT_STATELESS) ? "less" : "full");
+ (val & MPPE_OPT_STATELESS) ? "less" : "ful");
len += strlen(buf + len);
if (val & MPPE_OPT_COMPRESSED) {
diff --git a/usr.sbin/ppp/ppp/ppp.8 b/usr.sbin/ppp/ppp/ppp.8
index 289c82b3fe2..f1b048055c9 100644
--- a/usr.sbin/ppp/ppp/ppp.8
+++ b/usr.sbin/ppp/ppp/ppp.8
@@ -23,7 +23,7 @@
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
.\" SUCH DAMAGE.
.\"
-.\" $OpenBSD: ppp.8,v 1.113 2001/06/20 19:55:35 brian Exp $
+.\" $OpenBSD: ppp.8,v 1.114 2001/07/07 03:08:49 brian Exp $
.\"
.Dd September 20, 1995
.Dt PPP 8
@@ -4910,14 +4910,14 @@ This will allow
to do the necessary address translations to enable the process that
triggers the connection to connect once the link is up despite the
peer assigning us a new (dynamic) IP address.
-.It set mppe Op 40|56|128|* Op stateless|statefull|*
+.It set mppe Op 40|56|128|* Op stateless|stateful|*
This option selects the encryption parameters used when negotiation
MPPE. MPPE can be disabled entirely with the
.Dq disable mppe
command.
If no arguments are given,
.Nm
-will attempt to negotiate a statefull link with a 128 bit key, but
+will attempt to negotiate a stateful link with a 128 bit key, but
will agree to whatever the peer requests (including no encryption
at all).
.Pp
@@ -4931,9 +4931,9 @@ The first argument specifies the number of bits that
.Nm
should insist on during negotiations and the second specifies whether
.Nm
-should insist on statefull or stateless mode. In stateless mode, the
+should insist on stateful or stateless mode. In stateless mode, the
encryption dictionary is re-initialised with every packet according to
-an encryption key that is changed with every packet. In statefull mode,
+an encryption key that is changed with every packet. In stateful mode,
the encryption dictionary is re-initialised every 256 packets or after
the loss of any data and the key is changed every 256 packets.
Stateless mode is less efficient but is better for unreliable transport