1 // SoftEther VPN Source Code - Developer Edition Master Branch 2 // Cedar Communication Module 3 4 5 // Proto_PPP.h 6 // Header of Proto_PPP.c 7 8 #ifndef PROTO_PPP_H 9 #define PROTO_PPP_H 10 11 #include "CedarType.h" 12 13 #include "Mayaqua/TcpIp.h" 14 15 //// Macro 16 #define PPP_LCP_CODE_IS_NEGATIVE(c) ((c) == PPP_LCP_CODE_NAK || (c) == PPP_LCP_CODE_REJECT || (c) == PPP_LCP_CODE_CODE_REJECT || (c) == PPP_LCP_CODE_PROTOCOL_REJECT) 17 #define PPP_LCP_CODE_IS_REQUEST(c) ((c) == PPP_LCP_CODE_REQ) 18 #define PPP_LCP_CODE_IS_RESPONSE(c) ((c) == PPP_LCP_CODE_ACK || (c) == PPP_LCP_CODE_NAK || (c) == PPP_LCP_CODE_REJECT || (c) == PPP_LCP_CODE_PROTOCOL_REJECT) 19 #define PPP_LCP_CODE_IS_WITH_OPTION_LIST(c) ((c) == PPP_LCP_CODE_REQ || (c) == PPP_LCP_CODE_ACK || (c) == PPP_LCP_CODE_NAK || (c) == PPP_LCP_CODE_REJECT) 20 21 #define PPP_PAP_CODE_IS_REQUEST(c) ((c) == PPP_PAP_CODE_REQ) 22 #define PPP_PAP_CODE_IS_RESPONSE(c) ((c) == PPP_PAP_CODE_ACK || (c) == PPP_PAP_CODE_NAK) 23 24 #define PPP_CHAP_CODE_IS_REQUEST(c) ((c) == PPP_CHAP_CODE_CHALLENGE || (c) == PPP_CHAP_CODE_SUCCESS || (c) == PPP_CHAP_CODE_FAILURE) 25 #define PPP_CHAP_CODE_IS_RESPONSE(c) ((c) == PPP_CHAP_CODE_RESPONSE) 26 27 #define PPP_EAP_CODE_IS_REQUEST(c) ((c) == PPP_EAP_CODE_REQUEST) 28 #define PPP_EAP_CODE_IS_RESPONSE(c) ((c) == PPP_EAP_CODE_RESPONSE || (c) == PPP_EAP_CODE_SUCCESS || (c) == PPP_EAP_CODE_FAILURE) 29 30 #define PPP_CODE_IS_RESPONSE(protocol, c) ((((protocol) == PPP_PROTOCOL_LCP || (protocol) == PPP_PROTOCOL_IPCP || (protocol) == PPP_PROTOCOL_IPV6CP) && PPP_LCP_CODE_IS_RESPONSE(c)) || (((protocol) == PPP_PROTOCOL_PAP) && PPP_PAP_CODE_IS_RESPONSE(c)) || (((protocol) == PPP_PROTOCOL_CHAP) && PPP_CHAP_CODE_IS_RESPONSE(c)) || (((protocol) == PPP_PROTOCOL_EAP) && PPP_EAP_CODE_IS_RESPONSE(c))) 31 #define PPP_CODE_IS_REQUEST(protocol, c) ((((protocol) == PPP_PROTOCOL_LCP || (protocol) == PPP_PROTOCOL_IPCP || (protocol) == PPP_PROTOCOL_IPV6CP) && PPP_LCP_CODE_IS_REQUEST(c)) || (((protocol) == PPP_PROTOCOL_PAP) && PPP_PAP_CODE_IS_REQUEST(c)) || (((protocol) == PPP_PROTOCOL_CHAP) && PPP_CHAP_CODE_IS_REQUEST(c)) || (((protocol) == PPP_PROTOCOL_EAP) && PPP_EAP_CODE_IS_REQUEST(c))) 32 #define PPP_CODE_IS_WITH_OPTION_LIST(protocol, c) ((((protocol) == PPP_PROTOCOL_LCP || (protocol) == PPP_PROTOCOL_IPCP || (protocol) == PPP_PROTOCOL_IPV6CP) && PPP_LCP_CODE_IS_WITH_OPTION_LIST(c)) || false) 33 34 #define PPP_IS_SUPPORTED_PROTOCOL(p) ((p) == PPP_PROTOCOL_LCP || (p) == PPP_PROTOCOL_PAP || (p) == PPP_PROTOCOL_CHAP || (p) == PPP_PROTOCOL_IPCP || (p) == PPP_PROTOCOL_IPV6CP || (p) == PPP_PROTOCOL_IP || (p) == PPP_PROTOCOL_IPV6 || (p) == PPP_PROTOCOL_EAP ) 35 36 #define PPP_STATUS_IS_UNAVAILABLE(c) ((c) == PPP_STATUS_FAIL || (c) == PPP_STATUS_AUTH_FAIL || (c) == PPP_STATUS_CLOSING || (c) == PPP_STATUS_CLOSING_WAIT || (c) == PPP_STATUS_CLOSED) 37 38 //// Constants 39 40 // Time-out value 41 #define PPP_PACKET_RECV_TIMEOUT (15 * 1000) // Timeout until the next packet is received (3/4 of default policy) 42 #define PPP_PACKET_RESEND_INTERVAL (3 * 1000) // Retransmission interval of the last packet 43 #define PPP_TERMINATE_TIMEOUT 2000 // Timeout value to complete disconnection after requesting to disconnect in the PPP 44 #define PPP_ECHO_SEND_INTERVAL 4792 // Transmission interval of PPP Echo Request 45 #define PPP_DATA_TIMEOUT (20 * 1000) // Communication time-out (from default policy) 46 47 // MRU 48 #define PPP_MRU_DEFAULT 1500 // Default value 49 #define PPP_MRU_MIN 100 // Minimum value 50 #define PPP_MRU_MAX 1500 // Maximum value 51 52 // PPP protocol (for control) 53 #define PPP_PROTOCOL_LCP 0xc021 54 #define PPP_PROTOCOL_PAP 0xc023 55 #define PPP_PROTOCOL_IPCP 0x8021 56 #define PPP_PROTOCOL_CHAP 0xc223 57 #define PPP_PROTOCOL_EAP 0xc227 58 #define PPP_PROTOCOL_IPV6CP 0x8057 59 60 // PPP protocol (for transfer) 61 #define PPP_PROTOCOL_IP 0x0021 62 #define PPP_PROTOCOL_IPV6 0x0057 63 64 // LCP code 65 #define PPP_LCP_CODE_REQ 1 66 #define PPP_LCP_CODE_ACK 2 67 #define PPP_LCP_CODE_NAK 3 68 #define PPP_LCP_CODE_REJECT 4 69 #define PPP_LCP_CODE_TERMINATE_REQ 5 70 #define PPP_LCP_CODE_TERMINATE_ACK 6 71 #define PPP_LCP_CODE_CODE_REJECT 7 72 #define PPP_LCP_CODE_PROTOCOL_REJECT 8 73 #define PPP_LCP_CODE_ECHO_REQUEST 9 74 #define PPP_LCP_CODE_ECHO_RESPONSE 10 75 #define PPP_LCP_CODE_DROP 11 76 #define PPP_LCP_CODE_IDENTIFICATION 12 77 78 // PAP Code 79 #define PPP_PAP_CODE_REQ 1 80 #define PPP_PAP_CODE_ACK 2 81 #define PPP_PAP_CODE_NAK 3 82 83 // CHAP code 84 #define PPP_CHAP_CODE_CHALLENGE 1 85 #define PPP_CHAP_CODE_RESPONSE 2 86 #define PPP_CHAP_CODE_SUCCESS 3 87 #define PPP_CHAP_CODE_FAILURE 4 88 89 // LCP Option Type 90 #define PPP_LCP_OPTION_MRU 1 91 #define PPP_LCP_OPTION_AUTH 3 92 93 // IPCP option type 94 #define PPP_IPCP_OPTION_IP 3 95 #define PPP_IPCP_OPTION_DNS1 129 96 #define PPP_IPCP_OPTION_DNS2 131 97 #define PPP_IPCP_OPTION_WINS1 130 98 #define PPP_IPCP_OPTION_WINS2 132 99 100 // IPV6CP option type 101 #define PPP_IPV6CP_OPTION_EUI 1 102 103 // EAP codes 104 #define PPP_EAP_CODE_REQUEST 1 105 #define PPP_EAP_CODE_RESPONSE 2 106 #define PPP_EAP_CODE_SUCCESS 3 107 #define PPP_EAP_CODE_FAILURE 4 108 109 // EAP types 110 #define PPP_EAP_TYPE_IDENTITY 1 111 #define PPP_EAP_TYPE_NOTIFICATION 2 112 #define PPP_EAP_TYPE_NAK 3 113 #define PPP_EAP_TYPE_TLS 13 114 115 // EAP-TLS Flags 116 #define PPP_EAP_TLS_FLAG_NONE 0 117 #define PPP_EAP_TLS_FLAG_TLS_LENGTH 1 << 7 118 #define PPP_EAP_TLS_FLAG_FRAGMENTED 1 << 6 119 #define PPP_EAP_TLS_FLAG_SSLSTARTED 1 << 5 120 121 // Authentication protocol 122 #define PPP_LCP_AUTH_PAP PPP_PROTOCOL_PAP 123 #define PPP_LCP_AUTH_CHAP PPP_PROTOCOL_CHAP 124 #define PPP_LCP_AUTH_EAP PPP_PROTOCOL_EAP 125 126 // Algorithm of CHAP 127 #define PPP_CHAP_ALG_MS_CHAP_V2 0x81 128 129 // Link status 130 #define PPP_STATUS_CONNECTED 0x1 131 #define PPP_STATUS_BEFORE_AUTH 0x10 132 #define PPP_STATUS_AUTHENTICATING 0x11 133 #define PPP_STATUS_AUTH_SUCCESS 0x19 134 #define PPP_STATUS_NETWORK_LAYER 0x20 135 #define PPP_STATUS_CLOSING 0x100 136 #define PPP_STATUS_CLOSING_WAIT 0x101 137 #define PPP_STATUS_CLOSED 0x110 138 #define PPP_STATUS_FAIL 0x1000 139 #define PPP_STATUS_AUTH_FAIL 0x1010 140 141 #define PPP_UNSPECIFIED 0xFFFF 142 143 //// Type 144 145 // IP options used in the PPP 146 struct PPP_IPOPTION 147 { 148 IP IpAddress; // IP address 149 IP DnsServer1, DnsServer2; // DNS server address 150 IP WinsServer1, WinsServer2; // WINS server address 151 }; 152 153 // PPP packet 154 struct PPP_PACKET 155 { 156 USHORT Protocol; // Protocol 157 bool IsControl; // Whether or not the control packet 158 PPP_LCP *Lcp; // LCP packet data 159 UINT DataSize; // Data size 160 void *Data; // Data body 161 }; 162 163 // PPP LCP packet 164 struct PPP_LCP 165 { 166 UCHAR Code; // Code 167 UCHAR Id; // ID 168 UCHAR MagicNumber[4]; // Magic number 169 LIST *OptionList; // PPP options list 170 void *Data; // Data 171 UINT DataSize; // Data size 172 }; 173 174 // PPP Options 175 struct PPP_OPTION 176 { 177 UCHAR Type; // Type of option 178 UINT DataSize; // Data size 179 UCHAR Data[254]; // Data 180 bool IsSupported; // Flag of whether it is supported 181 bool IsAccepted; // Flag for whether accepted 182 UCHAR AltData[254]; // Alternate data when it isn't accepted 183 UINT AltDataSize; // Alternate data size 184 }; 185 186 #ifdef OS_WIN32 187 #pragma pack(push, 1) 188 #else // OS_WIN32 189 #pragma pack(1) 190 #endif 191 192 193 // PPP EAP packet 194 // EAP is a subset of LCP, sharing Code and Id. The Data field is then mapped to this structure 195 // We got 8 bytes of size before this structure 196 struct PPP_EAP 197 { 198 UCHAR Type; 199 union { 200 UCHAR Data[0]; 201 struct PPP_EAP_TLS 202 { 203 UCHAR Flags; 204 union { 205 UCHAR TlsDataWithoutLength[0]; 206 struct 207 { 208 UINT TlsLength; 209 UCHAR Data[0]; 210 } TlsDataWithLength; 211 }; 212 } Tls; 213 }; 214 } GCC_PACKED; 215 216 #ifdef OS_WIN32 217 #pragma pack(pop) 218 #else // OS_WIN32 219 #pragma pack() 220 #endif 221 222 struct PPP_EAP_TLS_CONTEXT 223 { 224 SSL_PIPE *SslPipe; 225 DH_CTX *Dh; 226 struct SslClientCertInfo ClientCert; 227 UCHAR *CachedBufferRecv; 228 UCHAR *CachedBufferRecvPntr; 229 UCHAR *CachedBufferSend; 230 UCHAR *CachedBufferSendPntr; 231 }; 232 233 // PPP request resend 234 struct PPP_REQUEST_RESEND 235 { 236 PPP_PACKET *Packet; 237 UCHAR Id; 238 UINT64 ResendTime; 239 UINT64 TimeoutTime; 240 }; 241 242 // PPP next packet struct 243 struct PPP_DELAYED_PACKET 244 { 245 PPP_PACKET *Packet; 246 UINT DelayTicks; 247 }; 248 249 // PPP session 250 struct PPP_SESSION 251 { 252 CEDAR *Cedar; // Cedar 253 IP ClientIP; // Client IP address 254 UINT ClientPort; // Client port 255 IP ServerIP; // Server IP address 256 UINT ServerPort; // Server port 257 TUBE *TubeSend; // Sending tube 258 TUBE *TubeRecv; // Receiving tube 259 UCHAR NextId; // ID to be used next 260 UINT Mru1; // MRU (server -> client) 261 UINT Mru2; // MRU (client -> server) 262 LIST *RecvPacketList; // Received packet list 263 bool IsTerminateReceived; // Whether a Terminate has been received 264 UINT DisconnectCauseCode; // L2TP disconnect cause code 265 UINT DisconnectCauseDirection; // L2TP disconnect cause direction code 266 IPC *Ipc; // IPC 267 bool ClientLCPOptionDetermined; // LCP option from the client has been determined 268 char Postfix[MAX_SIZE]; // Postfix of the session name 269 char ClientHostname[MAX_SIZE]; // Client host name 270 char ClientSoftwareName[MAX_SIZE]; // Client software name 271 UINT64 NextEchoSendTime; // Time to send Echo Request next 272 UINT64 LastRecvTime; // Time which the data has been received last 273 DHCP_OPTION_LIST ClientAddressOption; // Client address option 274 bool DhcpIpAllocTried; // Whether the request for an IP address is already attempted by DHCP 275 bool DhcpIpInformTried; // Whether the acquirement for an IP information is already attempted by DHCP 276 bool DhcpAllocated; // IP address is assigned by DHCP 277 bool UseStaticIPAddress; // Use a static IP address that is specified by the client 278 UINT64 DhcpRenewInterval; // DHCP update interval 279 UINT64 DhcpNextRenewTime; // DHCP renewal time of the next 280 char CryptName[MAX_SIZE]; // Cipher algorithm name 281 UINT AdjustMss; // MSS value 282 TUBE_FLUSH_LIST *FlushList; // Tube Flush List 283 bool EnableMSCHAPv2; // Enable the MS-CHAP v2 284 USHORT AuthProtocol; // Authentication protocol 285 bool AuthOk; // Flag for whether the authentication was successful 286 UCHAR MsChapV2_ServerChallenge[16]; // MS-CHAPv2 Server Challenge 287 UCHAR MsChapV2_ClientChallenge[16]; // MS-CHAPv2 Client Challenge 288 UCHAR MsChapV2_ClientResponse[24]; // MS-CHAPv2 Client Response 289 UCHAR MsChapV2_ServerResponse[20]; // MS-CHAPv2 Server Response 290 UINT MsChapV2_ErrorCode; // Authentication failure error code of MS-CHAPv2 291 UINT MsChapV2_PacketId; // MS-CHAPv2 Packet ID 292 293 bool MsChapV2_UseDoubleMsChapV2; // Use the double-MSCHAPv2 technique 294 EAP_CLIENT *EapClient; // EAP client 295 296 UCHAR ServerInterfaceId[8]; // Server IPv6CP Interface Identifier 297 UCHAR ClientInterfaceId[8]; // Client IPv6CP Interface Identifier 298 299 UINT PPPStatus; 300 301 // EAP contexts 302 UINT Eap_Protocol; // Current EAP Protocol used 303 UINT Eap_PacketId; // EAP Packet ID; 304 UCHAR Eap_Identity[MAX_SIZE]; // Received from client identity 305 PPP_EAP_TLS_CONTEXT Eap_TlsCtx; // Context information for EAP TLS. May be possibly reused for EAP TTLS? 306 307 LIST *SentReqPacketList; // Sent requests list 308 309 PPP_PACKET *CurrentPacket; 310 LIST *DelayedPackets; 311 312 UINT64 PacketRecvTimeout; 313 UINT64 DataTimeout; 314 UINT64 UserConnectionTimeout; 315 UINT64 UserConnectionTick; 316 317 THREAD *SessionThread; // Thread of the PPP session 318 }; 319 320 321 322 // Function prototype 323 324 // Main dataloop 325 void PPPThread(THREAD *thread, void *param); 326 327 // Entry point 328 PPP_SESSION *NewPPPSession(CEDAR *cedar, IP *client_ip, UINT client_port, IP *server_ip, UINT server_port, TUBE *send_tube, TUBE *recv_tube, char *postfix, char *client_software_name, char *client_hostname, char *crypt_name, UINT adjust_mss); 329 330 // PPP processing functions 331 bool PPPRejectUnsupportedPacket(PPP_SESSION *p, PPP_PACKET *pp); 332 bool PPPRejectUnsupportedPacketEx(PPP_SESSION *p, PPP_PACKET *pp, bool force); 333 bool PPPProcessRetransmissions(PPP_SESSION *p); 334 bool PPPSendEchoRequest(PPP_SESSION *p); 335 // Response packets 336 bool PPPProcessResponsePacket(PPP_SESSION *p, PPP_PACKET *pp, PPP_PACKET *req); 337 bool PPPProcessLCPResponsePacket(PPP_SESSION *p, PPP_PACKET *pp, PPP_PACKET *req); 338 bool PPPProcessCHAPResponsePacket(PPP_SESSION *p, PPP_PACKET *pp, PPP_PACKET *req); 339 bool PPPProcessIPCPResponsePacket(PPP_SESSION *p, PPP_PACKET *pp, PPP_PACKET *req); 340 bool PPPProcessEAPResponsePacket(PPP_SESSION *p, PPP_PACKET *pp, PPP_PACKET *req); 341 bool PPPProcessIPv6CPResponsePacket(PPP_SESSION *p, PPP_PACKET *pp, PPP_PACKET *req); 342 // Request packets 343 bool PPPProcessRequestPacket(PPP_SESSION *p, PPP_PACKET *pp); 344 bool PPPProcessLCPRequestPacket(PPP_SESSION *p, PPP_PACKET *pp); 345 bool PPPProcessPAPRequestPacket(PPP_SESSION *p, PPP_PACKET *pp); 346 bool PPPProcessIPCPRequestPacket(PPP_SESSION *p, PPP_PACKET *pp); 347 bool PPPProcessEAPRequestPacket(PPP_SESSION *p, PPP_PACKET *pp); 348 bool PPPProcessIPv6CPRequestPacket(PPP_SESSION *p, PPP_PACKET *pp); 349 350 // LCP option based packets utility 351 bool PPPRejectLCPOptions(PPP_SESSION *p, PPP_PACKET *pp); 352 bool PPPRejectLCPOptionsEx(PPP_SESSION *p, PPP_PACKET *pp, bool simulate); 353 bool PPPNackLCPOptions(PPP_SESSION *p, PPP_PACKET *pp); 354 bool PPPNackLCPOptionsEx(PPP_SESSION *p, PPP_PACKET *pp, bool simulate); 355 bool PPPAckLCPOptions(PPP_SESSION *p, PPP_PACKET *pp); 356 bool PPPAckLCPOptionsEx(PPP_SESSION *p, PPP_PACKET *pp, bool simulate); 357 358 // PPP networking functions 359 // Send packets 360 bool PPPSendAndRetransmitRequest(PPP_SESSION *p, USHORT protocol, PPP_LCP *c); 361 bool PPPSendPacketAndFree(PPP_SESSION *p, PPP_PACKET *pp); 362 bool PPPSendPacketEx(PPP_SESSION *p, PPP_PACKET *pp, bool no_flush); 363 // Receive packets 364 PPP_PACKET *PPPRecvPacket(PPP_SESSION *p, bool async); 365 // Helpers for delaying packets 366 PPP_PACKET *PPPGetNextPacket(PPP_SESSION *p); 367 void PPPAddNextPacket(PPP_SESSION *p, PPP_PACKET *pp, UINT delay); 368 int PPPDelayedPacketsComparator(void *a, void *b); 369 char PPPRelatedPacketComparator(PPP_PACKET *a, PPP_PACKET *b); 370 371 // PPP utility functions 372 // Packet structures creation utilities 373 PPP_LCP *NewPPPLCP(UCHAR code, UCHAR id); 374 PPP_OPTION *NewPPPOption(UCHAR type, void *data, UINT size); 375 // Packet parse utilities 376 PPP_PACKET *ParsePPPPacket(void *data, UINT size); 377 PPP_LCP *PPPParseLCP(USHORT protocol, void *data, UINT size); 378 bool PPPParseMSCHAP2ResponsePacket(PPP_SESSION *p, PPP_PACKET *req); 379 // Packet building utilities 380 BUF *BuildPPPPacketData(PPP_PACKET *pp); 381 BUF *BuildLCPData(PPP_LCP *c); 382 PPP_LCP *BuildMSCHAP2ChallengePacket(PPP_SESSION *p); 383 // IPCP packet utilities 384 bool PPPGetIPOptionFromLCP(PPP_IPOPTION *o, PPP_LCP *c); 385 bool PPPSetIPOptionToLCP(PPP_IPOPTION *o, PPP_LCP *c, bool only_modify); 386 bool PPPGetIPAddressValueFromLCP(PPP_LCP *c, UINT type, IP *ip); 387 bool PPPSetIPAddressValueToLCP(PPP_LCP *c, UINT type, IP *ip, bool only_modify); 388 // EAP packet utilities 389 bool PPPProcessEAPTlsResponse(PPP_SESSION *p, PPP_EAP *eap_packet, UINT eapTlsSize); 390 PPP_LCP *BuildEAPPacketEx(UCHAR code, UCHAR id, UCHAR type, UINT datasize); 391 PPP_LCP *BuildEAPTlsPacketEx(UCHAR code, UCHAR id, UCHAR type, UINT datasize, UCHAR flags); 392 PPP_LCP *BuildEAPTlsRequest(UCHAR id, UINT datasize, UCHAR flags); 393 // Other packet utilities 394 PPP_OPTION *PPPGetOptionValue(PPP_LCP *c, UCHAR type); 395 bool IsHubExistsWithLock(CEDAR *cedar, char *hubname); 396 void PPPSetStatus(PPP_SESSION *p, UINT status); 397 398 // Memory freeing functions 399 void FreePPPSession(PPP_SESSION *p); 400 void FreePPPLCP(PPP_LCP *c); 401 void FreePPPOptionList(LIST *o); 402 void FreePPPPacket(PPP_PACKET *pp); 403 void FreePPPPacketEx(PPP_PACKET *pp, bool no_free_struct); 404 void PPPFreeEapClient(PPP_SESSION *p); 405 406 // Utility functions used not only in PPP stack 407 bool PPPParseUsername(CEDAR *cedar, char *src, ETHERIP_ID *dst); 408 void GenerateNtPasswordHash(UCHAR *dst, char *password); 409 void GenerateNtPasswordHashHash(UCHAR *dst_hash, UCHAR *src_hash); 410 void MsChapV2Server_GenerateChallenge(UCHAR *dst); 411 void MsChapV2_GenerateChallenge8(UCHAR *dst, UCHAR *client_challenge, UCHAR *server_challenge, char *username); 412 void MsChapV2Client_GenerateResponse(UCHAR *dst, UCHAR *challenge8, UCHAR *nt_password_hash); 413 void MsChapV2Server_GenerateResponse(UCHAR *dst, UCHAR *nt_password_hash_hash, UCHAR *client_response, UCHAR *challenge8); 414 bool MsChapV2VerityPassword(IPC_MSCHAP_V2_AUTHINFO *d, char *password); 415 char *MsChapV2DoBruteForce(IPC_MSCHAP_V2_AUTHINFO *d, LIST *password_list); 416 417 #endif // PROTO_PPP_H 418