Home Explore Help
Register Sign In
wareck
/
krackattacks
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

PAE: Use be16/be32 instead of u16/u32 for spartse

This converts some of the PAE code to use a design that gets rid
unnecessary warnings from sparse and allows more thorough validation of
byte order operations.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen 8 years ago
parent
ac36b133aa
commit
4e7f5a4a2a
4 changed files with 29 additions and 24 deletions
Split View Show Diff Stats
  1. 1 1
      src/common/eapol_common.h
  2. 20 15
      src/pae/ieee802_1x_kay.c
  3. 1 1
      src/pae/ieee802_1x_kay.h
  4. 7 7
      src/pae/ieee802_1x_kay_i.h

+ 1 - 1
src/common/eapol_common.h
View File 

@@ -25,7 +25,7 @@ struct ieee802_1x_hdr {
 
 struct ieee8023_hdr {
 
 	u8 dest[ETH_ALEN];
 
 	u8 src[ETH_ALEN];
 
-	u16 ethertype;
 
+	be16 ethertype;
 
 } STRUCT_PACKED;
 
 
 #ifdef _MSC_VER

+ 20 - 15
src/pae/ieee802_1x_kay.c
View File 

@@ -148,7 +148,7 @@ ieee802_1x_mka_dump_peer_body(struct ieee802_1x_mka_peer_body *body)
 
 	size_t body_len;
 
 	size_t i;
 
 	u8 *mi;
 
-	u32 mn;
 
+	be32 mn;
 
 
 	if (body == NULL)
 
 		return;
 
@@ -918,6 +918,7 @@ ieee802_1x_mka_i_in_peerlist(struct ieee802_1x_mka_participant *participant,
 
 	size_t left_len;
 
 	int body_type;
 
 	u32 peer_mn;
 
+	be32 _peer_mn;
 
 	const u8 *peer_mi;
 
 	const u8 *pos;
 
 	size_t i;
 
@@ -953,8 +954,9 @@ ieee802_1x_mka_i_in_peerlist(struct ieee802_1x_mka_participant *participant,
 
 
 		for (i = 0; i < body_len; i += MI_LEN + sizeof(peer_mn)) {
 
 			peer_mi = MKA_HDR_LEN + pos + i;
 
-			os_memcpy(&peer_mn, peer_mi + MI_LEN, sizeof(peer_mn));
 
-			peer_mn = be_to_host32(peer_mn);
 
+			os_memcpy(&_peer_mn, peer_mi + MI_LEN,
 
+				  sizeof(_peer_mn));
 
+			peer_mn = be_to_host32(_peer_mn);
 
 			if (os_memcmp(peer_mi, participant->mi, MI_LEN) == 0 &&
 
 			    peer_mn == participant->mn) {
 
 				included = TRUE;
 
@@ -985,6 +987,7 @@ static int ieee802_1x_mka_decode_live_peer_body(
 
 	struct ieee802_1x_kay_peer *peer;
 
 	size_t body_len;
 
 	u32 peer_mn;
 
+	be32 _peer_mn;
 
 	const u8 *peer_mi;
 
 	size_t i;
 
 	Boolean is_included;
 
@@ -997,8 +1000,8 @@ static int ieee802_1x_mka_decode_live_peer_body(
 
 
 	for (i = 0; i < body_len; i += MI_LEN + sizeof(peer_mn)) {
 
 		peer_mi = MKA_HDR_LEN + peer_msg + i;
 
-		os_memcpy(&peer_mn, peer_mi + MI_LEN, sizeof(peer_mn));
 
-		peer_mn = be_to_host32(peer_mn);
 
+		os_memcpy(&_peer_mn, peer_mi + MI_LEN, sizeof(_peer_mn));
 
+		peer_mn = be_to_host32(_peer_mn);
 
 
 		/* it is myself */
 
 		if (os_memcmp(peer_mi, participant->mi, MI_LEN) == 0) {
 
@@ -1042,6 +1045,7 @@ ieee802_1x_mka_decode_potential_peer_body(
 
 	struct ieee802_1x_mka_hdr *hdr;
 
 	size_t body_len;
 
 	u32 peer_mn;
 
+	be32 _peer_mn;
 
 	const u8 *peer_mi;
 
 	size_t i;
 
 
@@ -1050,8 +1054,8 @@ ieee802_1x_mka_decode_potential_peer_body(
 
 
 	for (i = 0; i < body_len; i += MI_LEN + sizeof(peer_mn)) {
 
 		peer_mi = MKA_HDR_LEN + peer_msg + i;
 
-		os_memcpy(&peer_mn, peer_mi + MI_LEN, sizeof(peer_mn));
 
-		peer_mn = be_to_host32(peer_mn);
 
+		os_memcpy(&_peer_mn, peer_mi + MI_LEN, sizeof(_peer_mn));
 
+		peer_mn = be_to_host32(_peer_mn);
 
 
 		/* it is myself */
 
 		if (os_memcmp(peer_mi, participant->mi, MI_LEN) == 0) {
 
@@ -1290,7 +1294,7 @@ ieee802_1x_mka_decode_sak_use_body(
 
 	if (body->ltx || body->lrx) {
 
 		founded = FALSE;
 
 		os_memcpy(ki.mi, body->lsrv_mi, sizeof(ki.mi));
 
-		ki.kn = ntohl(body->lkn);
 
+		ki.kn = be_to_host32(body->lkn);
 
 		dl_list_for_each(sa_key, &participant->sak_list,
 
 				 struct data_key, list) {
 
 			if (is_ki_equal(&sa_key->key_identifier, &ki)) {
 
@@ -1304,7 +1308,7 @@ ieee802_1x_mka_decode_sak_use_body(
 
 		}
 
 		if (os_memcmp(participant->lki.mi, body->lsrv_mi,
 
 			      sizeof(participant->lki.mi)) == 0 &&
 
-		    ntohl(body->lkn) == participant->lki.kn &&
 
+		    be_to_host32(body->lkn) == participant->lki.kn &&
 
 		    body->lan == participant->lan) {
 
 			peer->sak_used = TRUE;
 
 		}
 
@@ -1319,7 +1323,7 @@ ieee802_1x_mka_decode_sak_use_body(
 
 	if (body->otx || body->orx) {
 
 		if (os_memcmp(participant->oki.mi, body->osrv_mi,
 
 			      sizeof(participant->oki.mi)) != 0 ||
 
-		    ntohl(body->okn) != participant->oki.kn ||
 
+		    be_to_host32(body->okn) != participant->oki.kn ||
 
 		    body->oan != participant->oan) {
 
 			wpa_printf(MSG_WARNING, "KaY: Old key is invalid");
 
 			return -1;
 
@@ -1327,7 +1331,8 @@ ieee802_1x_mka_decode_sak_use_body(
 
 	}
 
 
 	/* TODO: how to set the MACsec hardware when delay_protect is true */
 
-	if (body->delay_protect && (!ntohl(body->llpn) || !ntohl(body->olpn))) {
 
+	if (body->delay_protect &&
 
+	    (!be_to_host32(body->llpn) || !be_to_host32(body->olpn))) {
 
 		wpa_printf(MSG_WARNING,
 
 			   "KaY: Lowest packet number should greater than 0 when delay_protect is TRUE");
 
 		return -1;
 
@@ -1349,7 +1354,7 @@ ieee802_1x_mka_decode_sak_use_body(
 
 	}
 
 
 	/* if i'm key server, and detects peer member pn exhaustion, rekey.*/
 
-	lpn = ntohl(body->llpn);
 
+	lpn = be_to_host32(body->llpn);
 
 	if (lpn > participant->kay->pn_exhaustion) {
 
 		if (participant->is_key_server) {
 
 			participant->new_sak = TRUE;
 
@@ -3094,10 +3099,10 @@ static void kay_l2_receive(void *ctx, const u8 *src_addr, const u8 *buf,
 
 	eth_hdr = (struct ieee8023_hdr *) buf;
 
 	eapol_hdr = (struct ieee802_1x_hdr *) (eth_hdr + 1);
 
 	if (len != sizeof(*eth_hdr) + sizeof(*eapol_hdr) +
 
-	    ntohs(eapol_hdr->length)) {
 
+	    be_to_host16(eapol_hdr->length)) {
 
 		wpa_printf(MSG_MSGDUMP, "KAY: EAPOL MPDU is invalid: (%lu-%lu)",
 
 			   (unsigned long) len,
 
-			   (unsigned long) ntohs(eapol_hdr->length));
 
+			   (unsigned long) be_to_host16(eapol_hdr->length));
 
 		return;
 
 	}
 
 
@@ -3106,7 +3111,7 @@ static void kay_l2_receive(void *ctx, const u8 *src_addr, const u8 *buf,
 
 			   eapol_hdr->version);
 
 		return;
 
 	}
 
-	if (ntohs(eth_hdr->ethertype) != ETH_P_PAE ||
 
+	if (be_to_host16(eth_hdr->ethertype) != ETH_P_PAE ||
 
 	    eapol_hdr->type != IEEE802_1X_TYPE_EAPOL_MKA)
 
 		return;

+ 1 - 1
src/pae/ieee802_1x_kay.h
View File 

@@ -32,7 +32,7 @@ struct ieee802_1x_mka_ki {
 
 
 struct ieee802_1x_mka_sci {
 
 	u8 addr[ETH_ALEN];
 
-	u16 port;
 
+	be16 port;
 
 };
 
 
 struct mka_key {

+ 7 - 7
src/pae/ieee802_1x_kay_i.h
View File 

@@ -38,7 +38,7 @@ struct ieee802_1x_kay;
 
 
 struct ieee802_1x_mka_peer_id {
 
 	u8 mi[MI_LEN];
 
-	u32 mn;
 
+	be32 mn;
 
 };
 
 
 struct ieee802_1x_kay_peer {
 
@@ -282,7 +282,7 @@ struct ieee802_1x_mka_basic_body {
 
 
 	struct ieee802_1x_mka_sci actor_sci;
 
 	u8 actor_mi[MI_LEN];
 
-	u32 actor_mn;
 
+	be32 actor_mn;
 
 	u8 algo_agility[4];
 
 
 	/* followed by CAK Name*/
 
@@ -350,16 +350,16 @@ struct ieee802_1x_mka_sak_use_body {
 
 	/* octet 5 - 16 */
 
 	u8 lsrv_mi[MI_LEN];
 
 	/* octet 17 - 20 */
 
-	u32 lkn;
 
+	be32 lkn;
 
 	/* octet 21 - 24 */
 
-	u32 llpn;
 
+	be32 llpn;
 
 
 	/* octet 25 - 36 */
 
 	u8 osrv_mi[MI_LEN];
 
 	/* octet 37 - 40 */
 
-	u32 okn;
 
+	be32 okn;
 
 	/* octet 41 - 44 */
 
-	u32 olpn;
 
+	be32 olpn;
 
 };
 
 
 
@@ -387,7 +387,7 @@ struct ieee802_1x_mka_dist_sak_body {
 
 	/* octet 4 */
 
 	u32 length1:8;
 
 	/* octet 5 - 8 */
 
-	u32 kn;
 
+	be32 kn;
 
 
 	/* for GCM-AES-128: octet 9-32: SAK
 
 	 * for other cipher suite: octet 9-16: cipher suite id, octet 17-: SAK