jeltz
/
hostap
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

PAE: Use be16/be32 instead of u16/u32 for spartse

Browse Source 
This converts some of the PAE code to use a design that gets rid
unnecessary warnings from sparse and allows more thorough validation of
byte order operations.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
master
Jouni Malinen 8 years ago committed by Jouni Malinen
parent ac36b133aa
commit 4e7f5a4a2a
4 changed files with 29 additions and 24 deletions
Show Stats Download Patch File Download Diff File

2
src/common/eapol_common.h
Unescape Escape View File

@ -25,7 +25,7 @@ struct ieee802_1x_hdr {
struct ieee8023_hdr { struct ieee8023_hdr {
u8 dest[ETH_ALEN]; u8 dest[ETH_ALEN];
u8 src[ETH_ALEN]; u8 src[ETH_ALEN];
u16 ethertype; be16 ethertype;
} STRUCT_PACKED; } STRUCT_PACKED;
#ifdef _MSC_VER #ifdef _MSC_VER

35
src/pae/ieee802_1x_kay.c
Unescape Escape View File

@ -148,7 +148,7 @@ ieee802_1x_mka_dump_peer_body(struct ieee802_1x_mka_peer_body *body)
size_t body_len; size_t body_len;
size_t i; size_t i;
u8 *mi; u8 *mi;
u32 mn; be32 mn;
if (body == NULL) if (body == NULL)
return; return;
@ -918,6 +918,7 @@ ieee802_1x_mka_i_in_peerlist(struct ieee802_1x_mka_participant *participant,
size_t left_len; size_t left_len;
int body_type; int body_type;
u32 peer_mn; u32 peer_mn;
be32 _peer_mn;
const u8 *peer_mi; const u8 *peer_mi;
const u8 *pos; const u8 *pos;
size_t i; size_t i;
@ -953,8 +954,9 @@ ieee802_1x_mka_i_in_peerlist(struct ieee802_1x_mka_participant *participant,
for (i = 0; i < body_len; i += MI_LEN + sizeof(peer_mn)) { for (i = 0; i < body_len; i += MI_LEN + sizeof(peer_mn)) {
peer_mi = MKA_HDR_LEN + pos + i; peer_mi = MKA_HDR_LEN + pos + i;
os_memcpy(&peer_mn, peer_mi + MI_LEN, sizeof(peer_mn)); os_memcpy(&_peer_mn, peer_mi + MI_LEN,
peer_mn = be_to_host32(peer_mn); sizeof(_peer_mn));
peer_mn = be_to_host32(_peer_mn);
if (os_memcmp(peer_mi, participant->mi, MI_LEN) == 0 && if (os_memcmp(peer_mi, participant->mi, MI_LEN) == 0 &&
peer_mn == participant->mn) { peer_mn == participant->mn) {
included = TRUE; included = TRUE;
@ -985,6 +987,7 @@ static int ieee802_1x_mka_decode_live_peer_body(
struct ieee802_1x_kay_peer *peer; struct ieee802_1x_kay_peer *peer;
size_t body_len; size_t body_len;
u32 peer_mn; u32 peer_mn;
be32 _peer_mn;
const u8 *peer_mi; const u8 *peer_mi;
size_t i; size_t i;
Boolean is_included; Boolean is_included;
@ -997,8 +1000,8 @@ static int ieee802_1x_mka_decode_live_peer_body(
for (i = 0; i < body_len; i += MI_LEN + sizeof(peer_mn)) { for (i = 0; i < body_len; i += MI_LEN + sizeof(peer_mn)) {
peer_mi = MKA_HDR_LEN + peer_msg + i; peer_mi = MKA_HDR_LEN + peer_msg + i;
os_memcpy(&peer_mn, peer_mi + MI_LEN, sizeof(peer_mn)); os_memcpy(&_peer_mn, peer_mi + MI_LEN, sizeof(_peer_mn));
peer_mn = be_to_host32(peer_mn); peer_mn = be_to_host32(_peer_mn);
/* it is myself */ /* it is myself */
if (os_memcmp(peer_mi, participant->mi, MI_LEN) == 0) { if (os_memcmp(peer_mi, participant->mi, MI_LEN) == 0) {
@ -1042,6 +1045,7 @@ ieee802_1x_mka_decode_potential_peer_body(
struct ieee802_1x_mka_hdr *hdr; struct ieee802_1x_mka_hdr *hdr;
size_t body_len; size_t body_len;
u32 peer_mn; u32 peer_mn;
be32 _peer_mn;
const u8 *peer_mi; const u8 *peer_mi;
size_t i; size_t i;
@ -1050,8 +1054,8 @@ ieee802_1x_mka_decode_potential_peer_body(
for (i = 0; i < body_len; i += MI_LEN + sizeof(peer_mn)) { for (i = 0; i < body_len; i += MI_LEN + sizeof(peer_mn)) {
peer_mi = MKA_HDR_LEN + peer_msg + i; peer_mi = MKA_HDR_LEN + peer_msg + i;
os_memcpy(&peer_mn, peer_mi + MI_LEN, sizeof(peer_mn)); os_memcpy(&_peer_mn, peer_mi + MI_LEN, sizeof(_peer_mn));
peer_mn = be_to_host32(peer_mn); peer_mn = be_to_host32(_peer_mn);
/* it is myself */ /* it is myself */
if (os_memcmp(peer_mi, participant->mi, MI_LEN) == 0) { if (os_memcmp(peer_mi, participant->mi, MI_LEN) == 0) {
@ -1290,7 +1294,7 @@ ieee802_1x_mka_decode_sak_use_body(
if (body->ltx || body->lrx) { if (body->ltx || body->lrx) {
founded = FALSE; founded = FALSE;
os_memcpy(ki.mi, body->lsrv_mi, sizeof(ki.mi)); os_memcpy(ki.mi, body->lsrv_mi, sizeof(ki.mi));
ki.kn = ntohl(body->lkn); ki.kn = be_to_host32(body->lkn);
dl_list_for_each(sa_key, &participant->sak_list, dl_list_for_each(sa_key, &participant->sak_list,
struct data_key, list) { struct data_key, list) {
if (is_ki_equal(&sa_key->key_identifier, &ki)) { if (is_ki_equal(&sa_key->key_identifier, &ki)) {
@ -1304,7 +1308,7 @@ ieee802_1x_mka_decode_sak_use_body(
} }
if (os_memcmp(participant->lki.mi, body->lsrv_mi, if (os_memcmp(participant->lki.mi, body->lsrv_mi,
sizeof(participant->lki.mi)) == 0 && sizeof(participant->lki.mi)) == 0 &&
ntohl(body->lkn) == participant->lki.kn && be_to_host32(body->lkn) == participant->lki.kn &&
body->lan == participant->lan) { body->lan == participant->lan) {
peer->sak_used = TRUE; peer->sak_used = TRUE;
} }
@ -1319,7 +1323,7 @@ ieee802_1x_mka_decode_sak_use_body(
if (body->otx || body->orx) { if (body->otx || body->orx) {
if (os_memcmp(participant->oki.mi, body->osrv_mi, if (os_memcmp(participant->oki.mi, body->osrv_mi,
sizeof(participant->oki.mi)) != 0 || sizeof(participant->oki.mi)) != 0 ||
ntohl(body->okn) != participant->oki.kn || be_to_host32(body->okn) != participant->oki.kn ||
body->oan != participant->oan) { body->oan != participant->oan) {
wpa_printf(MSG_WARNING, "KaY: Old key is invalid"); wpa_printf(MSG_WARNING, "KaY: Old key is invalid");
return -1; return -1;
@ -1327,7 +1331,8 @@ ieee802_1x_mka_decode_sak_use_body(
} }
/* TODO: how to set the MACsec hardware when delay_protect is true */ /* TODO: how to set the MACsec hardware when delay_protect is true */
if (body->delay_protect && (!ntohl(body->llpn) || !ntohl(body->olpn))) { if (body->delay_protect &&
(!be_to_host32(body->llpn) || !be_to_host32(body->olpn))) {
wpa_printf(MSG_WARNING, wpa_printf(MSG_WARNING,
"KaY: Lowest packet number should greater than 0 when delay_protect is TRUE"); "KaY: Lowest packet number should greater than 0 when delay_protect is TRUE");
return -1; return -1;
@ -1349,7 +1354,7 @@ ieee802_1x_mka_decode_sak_use_body(
} }
/* if i'm key server, and detects peer member pn exhaustion, rekey.*/ /* if i'm key server, and detects peer member pn exhaustion, rekey.*/
lpn = ntohl(body->llpn); lpn = be_to_host32(body->llpn);
if (lpn > participant->kay->pn_exhaustion) { if (lpn > participant->kay->pn_exhaustion) {
if (participant->is_key_server) { if (participant->is_key_server) {
participant->new_sak = TRUE; participant->new_sak = TRUE;
@ -3094,10 +3099,10 @@ static void kay_l2_receive(void *ctx, const u8 *src_addr, const u8 *buf,
eth_hdr = (struct ieee8023_hdr *) buf; eth_hdr = (struct ieee8023_hdr *) buf;
eapol_hdr = (struct ieee802_1x_hdr *) (eth_hdr + 1); eapol_hdr = (struct ieee802_1x_hdr *) (eth_hdr + 1);
if (len != sizeof(*eth_hdr) + sizeof(*eapol_hdr) + if (len != sizeof(*eth_hdr) + sizeof(*eapol_hdr) +
ntohs(eapol_hdr->length)) { be_to_host16(eapol_hdr->length)) {
wpa_printf(MSG_MSGDUMP, "KAY: EAPOL MPDU is invalid: (%lu-%lu)", wpa_printf(MSG_MSGDUMP, "KAY: EAPOL MPDU is invalid: (%lu-%lu)",
(unsigned long) len, (unsigned long) len,
(unsigned long) ntohs(eapol_hdr->length)); (unsigned long) be_to_host16(eapol_hdr->length));
return; return;
} }
@ -3106,7 +3111,7 @@ static void kay_l2_receive(void *ctx, const u8 *src_addr, const u8 *buf,
eapol_hdr->version); eapol_hdr->version);
return; return;
} }
if (ntohs(eth_hdr->ethertype) != ETH_P_PAE || if (be_to_host16(eth_hdr->ethertype) != ETH_P_PAE ||
eapol_hdr->type != IEEE802_1X_TYPE_EAPOL_MKA) eapol_hdr->type != IEEE802_1X_TYPE_EAPOL_MKA)
return; return;

2
src/pae/ieee802_1x_kay.h
Unescape Escape View File

@ -32,7 +32,7 @@ struct ieee802_1x_mka_ki {
struct ieee802_1x_mka_sci { struct ieee802_1x_mka_sci {
u8 addr[ETH_ALEN]; u8 addr[ETH_ALEN];
u16 port; be16 port;
}; };
struct mka_key { struct mka_key {

14
src/pae/ieee802_1x_kay_i.h
Unescape Escape View File

@ -38,7 +38,7 @@ struct ieee802_1x_kay;
struct ieee802_1x_mka_peer_id { struct ieee802_1x_mka_peer_id {
u8 mi[MI_LEN]; u8 mi[MI_LEN];
u32 mn; be32 mn;
}; };
struct ieee802_1x_kay_peer { struct ieee802_1x_kay_peer {
@ -282,7 +282,7 @@ struct ieee802_1x_mka_basic_body {
struct ieee802_1x_mka_sci actor_sci; struct ieee802_1x_mka_sci actor_sci;
u8 actor_mi[MI_LEN]; u8 actor_mi[MI_LEN];
u32 actor_mn; be32 actor_mn;
u8 algo_agility[4]; u8 algo_agility[4];
/* followed by CAK Name*/ /* followed by CAK Name*/
@ -350,16 +350,16 @@ struct ieee802_1x_mka_sak_use_body {
/* octet 5 - 16 */ /* octet 5 - 16 */
u8 lsrv_mi[MI_LEN]; u8 lsrv_mi[MI_LEN];
/* octet 17 - 20 */ /* octet 17 - 20 */
u32 lkn; be32 lkn;
/* octet 21 - 24 */ /* octet 21 - 24 */
u32 llpn; be32 llpn;
/* octet 25 - 36 */ /* octet 25 - 36 */
u8 osrv_mi[MI_LEN]; u8 osrv_mi[MI_LEN];
/* octet 37 - 40 */ /* octet 37 - 40 */
u32 okn; be32 okn;
/* octet 41 - 44 */ /* octet 41 - 44 */
u32 olpn; be32 olpn;
}; };
@ -387,7 +387,7 @@ struct ieee802_1x_mka_dist_sak_body {
/* octet 4 */ /* octet 4 */
u32 length1:8; u32 length1:8;
/* octet 5 - 8 */ /* octet 5 - 8 */
u32 kn; be32 kn;
/* for GCM-AES-128: octet 9-32: SAK /* for GCM-AES-128: octet 9-32: SAK
* for other cipher suite: octet 9-16: cipher suite id, octet 17-: SAK * for other cipher suite: octet 9-16: cipher suite id, octet 17-: SAK

Write Preview
Loading…
Cancel
Save