MPPE protocol introduced

2011-01-10  来源:本站原创  分类:Internet  人气:106 

This document Copyleft owned yfydz all use under the GPL, can be freely copied, reproduced, reprinted, please maintain the integrity of the document,
Be used for any commercial purposes is strictly prohibited.
msn: [email protected]
Source: http://yfydz.cublog.cn
References: RFC3078

1.   Foreword  

MPPE(Microsoft Point-To-Point Encryption,   Microsoft Point to Point Encryption  )  Protocol RFC3078, 3079 as defined in  ,   Description
  In the PPP protocol for data encryption method  ,  Usually its implementation PPTP mode  VPN.

MPPE  The encryption algorithm is fixed, use  RC4  Encryption algorithm and other algorithms can not be  .

2. CCP  Options  

  Is whether to support MPPE  PPP  Communication both in  CCP(Compression Control Protocol)  Identified in the consultation process, CCP number of consultation
  According to the following format  :

       0                   1                   2                   3
       0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
      |      Type     |    Length     |        Supported Bits         |
      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
      |        Supported Bits         |
      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

   Type
      18
   Length
      6
   Supported Bits
        This is a 32-digit  ,   Format, the bulk mode  :
         3                   2                   1
       1 0 9 8 7 6 5 4 3 2 1 0 9 8 7 6 5 4 3 2 1 0 9 8 7 6 5 4 3 2 1 0
      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
      |             |H|                               |M|S|L|D|     |C|
      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
  Members are as follows  :
C :   Defined in the MPPC
D :   This bit defines the function has been set aside
L :   Use 40-bit encryption
S :   128-bit encryption
M :   56-bit encryption
H :   That the use of stateless  (stateless)  Mode, each packet is encrypted separately
  Other bits must be zero, in the negotiation  ,   Initiator to set all bits to support encryption  (M, S, L),   Response to choose a side in which
,   If the responder supports more than one bit encryption, the strongest encryption that should be chosen  (S > M > L).

3. MPPE  Package  

3.1   Outline  

MPPE  Packet before transmission, PPP must have entered the network layer protocol phase  ,CPP  Control protocol must be "Opened" state  .
  Each message can carry a PPP  MPPE  Package for encrypted  PPP  Package, the  PPP  Type  0x00FD.
  Each MPPE packet length is equal to the maximum  PPP  Maximum message length that can be encapsulated  .
  Only from 0x0021 to  0x00FA  Type of PPP packet is encrypted  ,  Encrypted PPP packets into the type of  0x00FD,  Other types of PPP packets barrier
  MPPE processing over  .

3.2   Packet format
       0                   1                   2                   3
       0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
      |          PPP Protocol         |A|B|C|D|    Coherency Count    |
      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
      |      Encrypted Data...
      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
  Parameters as follows  :
      PPP Protocol :   MPPE is is  0x00FD,  If the support PPP compression  ,  This value can be compressed  :

      Bit A :  This bit indicates whether the encryption table is initialized, the stateless mode  ,  This bit is set in each package 1
      Bit B :  MPPE is not considered in
      Bit C :  MPPE is not considered in
      Bit D :1  Indicates that the packet is encrypted, 0 is not encrypted
      Coherency Count : 12  Digits, that  PPP  Packet sequence number, one-way growth  ,  After the return to 0xfff  0  New count  :
      Encrypted Data :  Encrypted data
  And at the same time use MPPE  MPPC(  Microsoft PPP compression protocol  )  Situation, the issue of data  ,  First compressed and then encrypted for the receiving
  Data, and then extract the first decryption  .
  Note that the first four bytes of the packet is the most explicit  ,  Not encrypted, otherwise the key update is the first, the chicken or the egg problem  .

4.   Encryption  

4.1   Initialize session key  

 General session key initialization is to use both sides of the certificate to the consultation, of course, other ways to generate  ,  By
  PSK pre-shared key to generate  .

4.2   Initialize the RC4 algorithm with a session key  

  Generated session key, use the  rc4_set_key  To set the RC4 key  :
      rc4_set_key(RC4Key, Length_Of_Key, Initial_Session_Key)
  This function can be found from the openssl  .

4.3   Encrypted data  

  Encryption and decryption of data processing functions available rc4  :
      EncryptedData = rc4(RC4Key, Length_Of_Data, Data)
  This function can be found from the openssl  .

5.   Key processing
  Key is always encrypted communication processing core of only guarantee that the two keys are synchronized  ,  Recipient can decrypt the sender of the correct
  Data, or data received from just some junk  .

5.1   Key changes
  If you use a stateless mode, for each package needs to exchange a session key  ,   The sender must encrypt and send data
  Change before the session key, the receiver must receive data  ,   Session key to decrypt the data before the change  .

  For the disk mode, the sender must be in the package after the serial number  8  Bit session key is updated when 0xff  ,  Also in encryption and data before sending
;   After the recipient receives the 8-bit serial number is  0xff  The package, before the change in the session key to decrypt  .

MPPE  Key change algorithm  :

      /*
       * SessionKeyLength is 8 for 40-bit keys, 16 for 128-bit keys.
       *
       * SessionKey is the same as StartKey in the first call for
       * a given session.
       */
  Three parameters as input  :   Initial key, the old session key  ,   Length of session key
  A parameter as output  :   Intermediate key
  Is the initial key using the SHA1 algorithm  ,   HASH current session key for the new session key obtained
  First use, the old session key is also used initial key
      void
      GetNewKeyFromSHA(
      IN  unsigned char *StartKey,
      IN  unsigned char *SessionKey,
      IN  unsigned long SessionKeyLength
      OUT unsigned char *InterimKey )
      {
// SHA1  Output is 160  ,   That is, 20 bytes
         unsigned char  Digest[20];
         ZeroMemory(Digest, 20);
         /*
          * SHAInit(), SHAUpdate() and SHAFinal()
          * are an implementation of the Secure
          * Hash Algorithm [7]
          */
         SHAInit(Context);
// SHA1(  Initial key  )
         SHAUpdate(Context, StartKey, SessionKeyLength);
// SHA1(40  Bytes of padding data  1)
         SHAUpdate(Context, SHApad1, 40);
// SHA1(  The original session key  )
         SHAUpdate(Context, SessionKey, SessionKeyLength);
// SHA1(40  Bytes of padding data  2)
         SHAUpdate(Context, SHApad2, 40);
         SHAFinal(Context, Digest);
//   Copy the results of the final SH1 to the intermediate key space
         MoveMemory(InterimKey, Digest, SessionKeyLength);
      }
  To be the middle key, then use the middle key  rc4  Intermediate key encryption algorithm to get a new session key  :
//   Set of intermediate key RC4 key
      rc4_set_key(RC4Key, Length_Of_Key, InterimKey)
//   RC4 encryption keys with the middle
      SessionKey = rc4(RC4Key, Length_Of_Key, InterimKey)

  Can be seen, if the initial key fixed  ,   Calculated after each update is the same session key  .
  If it is not 128-bit encryption  ,   Some of the new session key will be to take a fixed value byte to reduce the intensity  :
  For 40-bit encryption  ,   Generated a new session key is fixed to the first 3 bytes  : 0xD1, 0x26, 0x9E
  For 56-bit encryption  ,   Generated before the new session key is fixed to 1 byte  : 0xD1

5.2   Key Sync  

5.2.1   Stateless mode  

  Stateless mode packets encrypted key for each is different, each package must be re-calculated session key  ,   Each packet will set  "A"
  Sign when the receiver receives packet number  (C1)  Greater than the last received packet sequence number  (C2)  , The receiver must be performed before decryption  N=C1-
C2  Sub-keys to change the terms, under normal circumstances, when no packet loss  N  1, exceptional circumstances  N  Would be greater than  1.

5.2.2   State hold mode  

  In the state of the hold mode, the sender after the serial number found  8  Spaces for the key update 0xff  ,  After re-encrypt and send the update, package design
  Set "A" logo  :  Receiver receives the "A" logo package to update key  ,  Decrypts  .

  If discarded "A" logo package of  ,  The recipient will find the number of packets received after the 8-bit smaller than the previous package  ,  At this time the receiver
  Update operation to the keys and send a CCP's reset request packet  .  If you lose more than 256 packages of more than  ,  Be sent
  Can be a key has been updated twice, the recipient should  (SHOULD)  Can detect this situation and the related key update, but not necessary
  To be of, RFC does not specify how testing  ,  I think it is correct according to whether the decrypted data packet to determine the right  .

  Mode in the state to keep the receiver to detect packet loss, the receiver MUST discard the packet  ,  CCP's reset request and send packets  ,  In closing
  To "A" mark packets before discarding all other packets received  .  When you receive the "A" logo package  ,  The package serial number as the recipient of new
  The packet sequence number and update with the current session key  RC4,  As mentioned earlier, this session key is updated after the  ,  And sender
  Remain the same. Reset  RC4  Key  :
      rc4_set_key(RC4Key, Length_Of_Key, SessionKey)
  Sender receives a reset request packet CCP  ,  But also with the current session key  (  The same session key and the recipient  )  Update RC4, and then
  The next package set "A" logo  ,  This will continue to ensure that key synchronization  .
  As the PPP is not very reliable with the lines of communication  ,  Therefore, the most common or stateless mode  .

6.   Achieve  

  Provided under Linux  MPPE  Implementation, where the encryption part of the kernel processing  ,PPP  Consultation is a user space process, is required before
  To patch can be achieved, but  2.6.14  Version has no MPPE patch into the kernel  ,  However, in 2.6  MPPE  Implementation  ,
  But not the RC4 encryption algorithm ARC4,ARC4  Just a very simple XOR processing stream, almost can not tell what strength  ,  RC4 is worse than
  Many do not know what kind of energy and their clients through  :  The original 2.4 kernel  MPPE  The patch is to support the RC4  ,  You can use 128-bit high
  Strength of encryption for  win2K,  Must be played to support after SP2  128  Bit PPTP, or only support  56  Position .

7.   Conclusion  

MPPE  PPP provides the confidentiality of communications  ,  Using a fixed encryption algorithm, not using authentication  ,  So a lot simpler than IPSEC  ,  Generally
  It is best to use the stateless mode, so that each packet is encrypted by different keys  .
MPPE  The realization of a Linux patch  ,  Also support the new 2.6 kernel  MPPE,  However, the encryption algorithm doubt  .
相关文章
  • MPPE protocol introduced 2011-01-10

    This document Copyleft owned yfydz all use under the GPL, can be freely copied, reproduced, reprinted, please maintain the integrity of the document, Be used for any commercial purposes is strictly prohibited. msn: [email protected] Source: http:

  • Syslog protocol introduced 2010-11-28

    Search the web article, written by a very wide almost. Excerpt below for your reference learning 1 Introduction In Unix-like operating systems, syslog is widely used in the system log. syslog log messages can be recorded both in the local paper can a

  • pppoe protocol introduced 2011-01-10

    Copyleft this document owned by yfydz all, the use of GPL, free to copy, reprint, reproduced keep the documents for completeness, for any commercial purposes is strictly prohibited. msn: [email protected] Source: http://yfydz.cublog.cn 1. Preface

  • PAP and CHAP protocol introduced 2011-01-10

    This document Copyleft owned yfydz all use under the GPL, can be freely copied, reproduced, reprinted, please maintain the integrity of the document, for any commercial purposes is strictly prohibited. msn: [email protected] Source: http://yfydz.

  • e mule protocol introduced 2011-01-10

    This document Copyleft owned yfydz all use under the GPL, can be freely copied, reproduced, reprinted, please maintain the integrity of the document, for any commercial purposes is strictly prohibited. msn: [email protected] Source: http://yfydz.

  • VRRP protocol introduced 2011-01-10

    This document Copyleft owned yfydz all use under the GPL, can be freely copied, reproduced, reprinted, please maintain the integrity of the document, for any commercial purposes is strictly prohibited. msn: [email protected] Source: http://yfydz.

  • HSRP protocol introduced 2011-01-10

    This document Copyleft owned yfydz all use under the GPL, can be freely copied, reproduced, reprinted, please maintain the integrity of the document, for any commercial purposes is strictly prohibited. msn: [email protected] Source: http://yfydz.

  • Hadoop system communication protocol introduced 2011-02-21

    This agreement: DN: DataNode TT: TaskTracker NN: NameNode SNN: Secondry NameNode JT: JobTracker This article describes the Hadoop communication between the nodes and Client protocols. Communication is built on Hadoop RPC based on the Detailed Descrip

  • About the HTTP protocol 2011-04-01

    One, TCP / IP protocol introduced Introducing the HTTP protocol, before briefly about the TCP / IP protocol-related content. TCP / IP protocol is layered, from the bottom to the application layer are: the physical layer, link layer, network layer, tr

  • A. TCP / IP protocol introduction - transferred 2011-06-16

    One, TCP / IP protocol introduced Introducing the HTTP protocol, before briefly about the TCP / IP protocol-related content. TCP / IP protocol is layered, from the bottom to the application layer are: the physical layer, link layer, network layer, tr

  • Stratus service for developing end2end applications using RTMFP in Flash Play 10 2010-10-08

    Personal learning purposes only http://www.adobe.com/devnet/flashplayer/articles/rtmfp_stratus_app.html Site reference: http://labs.adobe.com/technologies/cirrus/ YOU CAN GETTING START FROM THE LINKS ON THE BOTTOM "Getting Started", LIKE "R

  • 通过Stratus 服务器在Flash Player中使用RTMFP 开发P2P应用 2014-08-16

    通过Stratus 服务器在Flash Player中使用RTMFP 开发 点对点应用(网文转摘) 作者:Jozsef Vass 译者:巴巴鲁 (请转载时注明和改编时出处,谢谢) Adobe Flash Player 10 and Adobe AIR 1.5 introduce a new communications protocol, Real-Time Media Flow Protocol (RTMFP), whose low latency, end-to-end peering ca

  • First (first introduced what is XMPP protocol) 2010-07-22

    Reprinted: Extensible Messaging and Presence Protocol (eXtensible Messaging and Presence Protocol, XMPP ) is based on extensible markup language (eXtensible Markup Language, XML) of the proximal Streaming real-time communication protocol. It will mar

  • Robots.txt protocol standards introduced 2011-05-03

    Robots.txt is located in the site root directory of a plain text file. Although its setting is simple, but the role is very powerful. It can specify the search engine spiders crawl only specific content, or the prohibition of the search engine spider

  • google protocol buffer introduced 2011-08-05

    Developer Guide Welcome to the developer documentation for protocol buffers - a language-neutral, platform-neutral, extensible way of serializing structured data for use in communications protocols, data storage, and more. Welcome to the development

  • In-depth study of SSL [Chapter II part-1]-SSL handshake protocol for 2010-03-29

    First chapter. For SSL, the basic concept and framework of the introduction of Chapter II. For SSL handshake protocol of the study (part-1) Chapter III. Pairs of SSL handshake protocol of the study (part-2) Chapter IV. For details of the SSL handshak

  • Rtmp protocol based on using java nio to write a summary of a small game server 2 2009-02-17

    Rtmp today tell us about the learning process, first of all, baidu and google search on, the result is a lot, but all and red5, of which introduced the rtmp protocol that better point is that the two web sites (because I have to learn when can only s

  • Rtmp protocol based on using java nio to write a summary of three small game server 2009-03-26

    In the flex to connect using the rtmp protocol when there handshake process, the details of what baidu or google, or refer to "http://fmfl.javaeye.com/blog/589162 attachments," introduced in front of them, others to provide The source and demo o

  • oSIP protocol stack (and eXoSIP, Ortp, etc.) Getting Started (change) 2010-02-03

    No detailed studies have been empty oSIP, recently has come to see its version of the 3.x version, see the online help instruction manuals are too many old, and many suspected of document content a bit fraught ~ ~ Linux, compile oSIP use should be ve

  • Classification and Description of existing p2p protocol 2010-03-09

    (A) the agreement of a common p2p, napster: the world's first application of large-scale p2p networks; central centralized, closed down. napster, this is a fire at that time sharing service, mainly used for search mp3, it has a server to store mp3 fi