PAE: Use be16/be32 instead of u16/u32 for spartse
This converts some of the PAE code to use a design that gets rid unnecessary warnings from sparse and allows more thorough validation of byte order operations. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This commit is contained in:
Jouni Malinen
Jouni Malinen
parent
ac36b133aa
commit
4e7f5a4a2a
4 changed files with 29 additions and 24 deletions
|
|
@ -25,7 +25,7 @@ struct ieee802_1x_hdr {
|
|||
struct ieee8023_hdr {
|
||||
u8 dest[ETH_ALEN];
|
||||
u8 src[ETH_ALEN];
|
||||
u16 ethertype;
|
||||
be16 ethertype;
|
||||
} STRUCT_PACKED;
|
||||
|
||||
#ifdef _MSC_VER
|
||||
|
|
|
|||
|
|
@ -148,7 +148,7 @@ ieee802_1x_mka_dump_peer_body(struct ieee802_1x_mka_peer_body *body)
|
|||
size_t body_len;
|
||||
size_t i;
|
||||
u8 *mi;
|
||||
u32 mn;
|
||||
be32 mn;
|
||||
|
||||
if (body == NULL)
|
||||
return;
|
||||
|
|
@ -918,6 +918,7 @@ ieee802_1x_mka_i_in_peerlist(struct ieee802_1x_mka_participant *participant,
|
|||
size_t left_len;
|
||||
int body_type;
|
||||
u32 peer_mn;
|
||||
be32 _peer_mn;
|
||||
const u8 *peer_mi;
|
||||
const u8 *pos;
|
||||
size_t i;
|
||||
|
|
@ -953,8 +954,9 @@ ieee802_1x_mka_i_in_peerlist(struct ieee802_1x_mka_participant *participant,
|
|||
|
||||
for (i = 0; i < body_len; i += MI_LEN + sizeof(peer_mn)) {
|
||||
peer_mi = MKA_HDR_LEN + pos + i;
|
||||
os_memcpy(&peer_mn, peer_mi + MI_LEN, sizeof(peer_mn));
|
||||
peer_mn = be_to_host32(peer_mn);
|
||||
os_memcpy(&_peer_mn, peer_mi + MI_LEN,
|
||||
sizeof(_peer_mn));
|
||||
peer_mn = be_to_host32(_peer_mn);
|
||||
if (os_memcmp(peer_mi, participant->mi, MI_LEN) == 0 &&
|
||||
peer_mn == participant->mn) {
|
||||
included = TRUE;
|
||||
|
|
@ -985,6 +987,7 @@ static int ieee802_1x_mka_decode_live_peer_body(
|
|||
struct ieee802_1x_kay_peer *peer;
|
||||
size_t body_len;
|
||||
u32 peer_mn;
|
||||
be32 _peer_mn;
|
||||
const u8 *peer_mi;
|
||||
size_t i;
|
||||
Boolean is_included;
|
||||
|
|
@ -997,8 +1000,8 @@ static int ieee802_1x_mka_decode_live_peer_body(
|
|||
|
||||
for (i = 0; i < body_len; i += MI_LEN + sizeof(peer_mn)) {
|
||||
peer_mi = MKA_HDR_LEN + peer_msg + i;
|
||||
os_memcpy(&peer_mn, peer_mi + MI_LEN, sizeof(peer_mn));
|
||||
peer_mn = be_to_host32(peer_mn);
|
||||
os_memcpy(&_peer_mn, peer_mi + MI_LEN, sizeof(_peer_mn));
|
||||
peer_mn = be_to_host32(_peer_mn);
|
||||
|
||||
/* it is myself */
|
||||
if (os_memcmp(peer_mi, participant->mi, MI_LEN) == 0) {
|
||||
|
|
@ -1042,6 +1045,7 @@ ieee802_1x_mka_decode_potential_peer_body(
|
|||
struct ieee802_1x_mka_hdr *hdr;
|
||||
size_t body_len;
|
||||
u32 peer_mn;
|
||||
be32 _peer_mn;
|
||||
const u8 *peer_mi;
|
||||
size_t i;
|
||||
|
||||
|
|
@ -1050,8 +1054,8 @@ ieee802_1x_mka_decode_potential_peer_body(
|
|||
|
||||
for (i = 0; i < body_len; i += MI_LEN + sizeof(peer_mn)) {
|
||||
peer_mi = MKA_HDR_LEN + peer_msg + i;
|
||||
os_memcpy(&peer_mn, peer_mi + MI_LEN, sizeof(peer_mn));
|
||||
peer_mn = be_to_host32(peer_mn);
|
||||
os_memcpy(&_peer_mn, peer_mi + MI_LEN, sizeof(_peer_mn));
|
||||
peer_mn = be_to_host32(_peer_mn);
|
||||
|
||||
/* it is myself */
|
||||
if (os_memcmp(peer_mi, participant->mi, MI_LEN) == 0) {
|
||||
|
|
@ -1290,7 +1294,7 @@ ieee802_1x_mka_decode_sak_use_body(
|
|||
if (body->ltx || body->lrx) {
|
||||
founded = FALSE;
|
||||
os_memcpy(ki.mi, body->lsrv_mi, sizeof(ki.mi));
|
||||
ki.kn = ntohl(body->lkn);
|
||||
ki.kn = be_to_host32(body->lkn);
|
||||
dl_list_for_each(sa_key, &participant->sak_list,
|
||||
struct data_key, list) {
|
||||
if (is_ki_equal(&sa_key->key_identifier, &ki)) {
|
||||
|
|
@ -1304,7 +1308,7 @@ ieee802_1x_mka_decode_sak_use_body(
|
|||
}
|
||||
if (os_memcmp(participant->lki.mi, body->lsrv_mi,
|
||||
sizeof(participant->lki.mi)) == 0 &&
|
||||
ntohl(body->lkn) == participant->lki.kn &&
|
||||
be_to_host32(body->lkn) == participant->lki.kn &&
|
||||
body->lan == participant->lan) {
|
||||
peer->sak_used = TRUE;
|
||||
}
|
||||
|
|
@ -1319,7 +1323,7 @@ ieee802_1x_mka_decode_sak_use_body(
|
|||
if (body->otx || body->orx) {
|
||||
if (os_memcmp(participant->oki.mi, body->osrv_mi,
|
||||
sizeof(participant->oki.mi)) != 0 ||
|
||||
ntohl(body->okn) != participant->oki.kn ||
|
||||
be_to_host32(body->okn) != participant->oki.kn ||
|
||||
body->oan != participant->oan) {
|
||||
wpa_printf(MSG_WARNING, "KaY: Old key is invalid");
|
||||
return -1;
|
||||
|
|
@ -1327,7 +1331,8 @@ ieee802_1x_mka_decode_sak_use_body(
|
|||
}
|
||||
|
||||
/* TODO: how to set the MACsec hardware when delay_protect is true */
|
||||
if (body->delay_protect && (!ntohl(body->llpn) || !ntohl(body->olpn))) {
|
||||
if (body->delay_protect &&
|
||||
(!be_to_host32(body->llpn) || !be_to_host32(body->olpn))) {
|
||||
wpa_printf(MSG_WARNING,
|
||||
"KaY: Lowest packet number should greater than 0 when delay_protect is TRUE");
|
||||
return -1;
|
||||
|
|
@ -1349,7 +1354,7 @@ ieee802_1x_mka_decode_sak_use_body(
|
|||
}
|
||||
|
||||
/* if i'm key server, and detects peer member pn exhaustion, rekey.*/
|
||||
lpn = ntohl(body->llpn);
|
||||
lpn = be_to_host32(body->llpn);
|
||||
if (lpn > participant->kay->pn_exhaustion) {
|
||||
if (participant->is_key_server) {
|
||||
participant->new_sak = TRUE;
|
||||
|
|
@ -3094,10 +3099,10 @@ static void kay_l2_receive(void *ctx, const u8 *src_addr, const u8 *buf,
|
|||
eth_hdr = (struct ieee8023_hdr *) buf;
|
||||
eapol_hdr = (struct ieee802_1x_hdr *) (eth_hdr + 1);
|
||||
if (len != sizeof(*eth_hdr) + sizeof(*eapol_hdr) +
|
||||
ntohs(eapol_hdr->length)) {
|
||||
be_to_host16(eapol_hdr->length)) {
|
||||
wpa_printf(MSG_MSGDUMP, "KAY: EAPOL MPDU is invalid: (%lu-%lu)",
|
||||
(unsigned long) len,
|
||||
(unsigned long) ntohs(eapol_hdr->length));
|
||||
(unsigned long) be_to_host16(eapol_hdr->length));
|
||||
return;
|
||||
}
|
||||
|
||||
|
|
@ -3106,7 +3111,7 @@ static void kay_l2_receive(void *ctx, const u8 *src_addr, const u8 *buf,
|
|||
eapol_hdr->version);
|
||||
return;
|
||||
}
|
||||
if (ntohs(eth_hdr->ethertype) != ETH_P_PAE ||
|
||||
if (be_to_host16(eth_hdr->ethertype) != ETH_P_PAE ||
|
||||
eapol_hdr->type != IEEE802_1X_TYPE_EAPOL_MKA)
|
||||
return;
|
||||
|
||||
|
|
|
|||
|
|
@ -32,7 +32,7 @@ struct ieee802_1x_mka_ki {
|
|||
|
||||
struct ieee802_1x_mka_sci {
|
||||
u8 addr[ETH_ALEN];
|
||||
u16 port;
|
||||
be16 port;
|
||||
};
|
||||
|
||||
struct mka_key {
|
||||
|
|
|
|||
|
|
@ -38,7 +38,7 @@ struct ieee802_1x_kay;
|
|||
|
||||
struct ieee802_1x_mka_peer_id {
|
||||
u8 mi[MI_LEN];
|
||||
u32 mn;
|
||||
be32 mn;
|
||||
};
|
||||
|
||||
struct ieee802_1x_kay_peer {
|
||||
|
|
@ -282,7 +282,7 @@ struct ieee802_1x_mka_basic_body {
|
|||
|
||||
struct ieee802_1x_mka_sci actor_sci;
|
||||
u8 actor_mi[MI_LEN];
|
||||
u32 actor_mn;
|
||||
be32 actor_mn;
|
||||
u8 algo_agility[4];
|
||||
|
||||
/* followed by CAK Name*/
|
||||
|
|
@ -350,16 +350,16 @@ struct ieee802_1x_mka_sak_use_body {
|
|||
/* octet 5 - 16 */
|
||||
u8 lsrv_mi[MI_LEN];
|
||||
/* octet 17 - 20 */
|
||||
u32 lkn;
|
||||
be32 lkn;
|
||||
/* octet 21 - 24 */
|
||||
u32 llpn;
|
||||
be32 llpn;
|
||||
|
||||
/* octet 25 - 36 */
|
||||
u8 osrv_mi[MI_LEN];
|
||||
/* octet 37 - 40 */
|
||||
u32 okn;
|
||||
be32 okn;
|
||||
/* octet 41 - 44 */
|
||||
u32 olpn;
|
||||
be32 olpn;
|
||||
};
|
||||
|
||||
|
||||
|
|
@ -387,7 +387,7 @@ struct ieee802_1x_mka_dist_sak_body {
|
|||
/* octet 4 */
|
||||
u32 length1:8;
|
||||
/* octet 5 - 8 */
|
||||
u32 kn;
|
||||
be32 kn;
|
||||
|
||||
/* for GCM-AES-128: octet 9-32: SAK
|
||||
* for other cipher suite: octet 9-16: cipher suite id, octet 17-: SAK
|
||||
|
|
|
|||
Loading…
Reference in a new issue