Home Explore Help
Register Sign In
wareck
/
krackattacks
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

PeerKey: Clean up EAPOL-Key Key Data processing

This extends the earlier commit e6270129f6ac06c319480c409ee7013a1ad33127
('Clean up EAPOL-Key Key Data processing') design to be used with
PeerKey EAPOL-key processing as well. This avoids false warnings from
static analyzer (CID 62860, CID 62861, CID 62862).

Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen 10 years ago
parent
010fc5f507
commit
f107d00cf6
3 changed files with 29 additions and 28 deletions
Split View Show Diff Stats
  1. 23 25
      src/rsn_supp/peerkey.c
  2. 4 2
      src/rsn_supp/peerkey.h
  3. 2 1
      src/rsn_supp/wpa.c

+ 23 - 25
src/rsn_supp/peerkey.c
View File 

@@ -653,11 +653,11 @@ static int wpa_supplicant_process_smk_error(
 
 static void wpa_supplicant_process_stk_1_of_4(struct wpa_sm *sm,
 
 					      struct wpa_peerkey *peerkey,
 
 					      const struct wpa_eapol_key *key,
 
-					      u16 ver)
 
+					      u16 ver, const u8 *key_data,
 
+					      size_t key_data_len)
 
 {
 
 	struct wpa_eapol_ie_parse ie;
 
-	const u8 *kde;
 
-	size_t len, kde_buf_len;
 
+	size_t kde_buf_len;
 
 	struct wpa_ptk *stk;
 
 	u8 buf[8], *kde_buf, *pos;
 
 	be32 lifetime;
 
@@ -668,10 +668,9 @@ static void wpa_supplicant_process_stk_1_of_4(struct wpa_sm *sm,
 
 	os_memset(&ie, 0, sizeof(ie));
 
 
 	/* RSN: msg 1/4 should contain SMKID for the selected SMK */
 
-	kde = (const u8 *) (key + 1);
 
-	len = WPA_GET_BE16(key->key_data_length);
 
-	wpa_hexdump(MSG_DEBUG, "RSN: msg 1/4 key data", kde, len);
 
-	if (wpa_supplicant_parse_ies(kde, len, &ie) < 0 || ie.pmkid == NULL) {
 
+	wpa_hexdump(MSG_DEBUG, "RSN: msg 1/4 key data", key_data, key_data_len);
 
+	if (wpa_supplicant_parse_ies(key_data, key_data_len, &ie) < 0 ||
 
+	    ie.pmkid == NULL) {
 
 		wpa_printf(MSG_DEBUG, "RSN: No SMKID in STK 1/4");
 
 		return;
 
 	}
 
@@ -760,11 +759,10 @@ static void wpa_supplicant_update_smk_lifetime(struct wpa_sm *sm,
 
 static void wpa_supplicant_process_stk_2_of_4(struct wpa_sm *sm,
 
 					      struct wpa_peerkey *peerkey,
 
 					      const struct wpa_eapol_key *key,
 
-					      u16 ver)
 
+					      u16 ver, const u8 *key_data,
 
+					      size_t key_data_len)
 
 {
 
 	struct wpa_eapol_ie_parse kde;
 
-	const u8 *keydata;
 
-	size_t len;
 
 
 	wpa_printf(MSG_DEBUG, "RSN: RX message 2 of STK 4-Way Handshake from "
 
 		   MACSTR " (ver=%d)", MAC2STR(peerkey->addr), ver);
 
@@ -773,10 +771,8 @@ static void wpa_supplicant_process_stk_2_of_4(struct wpa_sm *sm,
 
 
 	/* RSN: msg 2/4 should contain SMKID for the selected SMK and RSN IE
 
 	 * from the peer. It may also include Lifetime KDE. */
 
-	keydata = (const u8 *) (key + 1);
 
-	len = WPA_GET_BE16(key->key_data_length);
 
-	wpa_hexdump(MSG_DEBUG, "RSN: msg 2/4 key data", keydata, len);
 
-	if (wpa_supplicant_parse_ies(keydata, len, &kde) < 0 ||
 
+	wpa_hexdump(MSG_DEBUG, "RSN: msg 2/4 key data", key_data, key_data_len);
 
+	if (wpa_supplicant_parse_ies(key_data, key_data_len, &kde) < 0 ||
 
 	    kde.pmkid == NULL || kde.rsn_ie == NULL) {
 
 		wpa_printf(MSG_DEBUG, "RSN: No SMKID or RSN IE in STK 2/4");
 
 		return;
 
@@ -809,11 +805,11 @@ static void wpa_supplicant_process_stk_2_of_4(struct wpa_sm *sm,
 
 static void wpa_supplicant_process_stk_3_of_4(struct wpa_sm *sm,
 
 					      struct wpa_peerkey *peerkey,
 
 					      const struct wpa_eapol_key *key,
 
-					      u16 ver)
 
+					      u16 ver, const u8 *key_data,
 
+					      size_t key_data_len)
 
 {
 
 	struct wpa_eapol_ie_parse kde;
 
-	const u8 *keydata;
 
-	size_t len, key_len;
 
+	size_t key_len;
 
 	const u8 *_key;
 
 	u8 key_buf[32], rsc[6];
 
 
@@ -824,10 +820,8 @@ static void wpa_supplicant_process_stk_3_of_4(struct wpa_sm *sm,
 
 
 	/* RSN: msg 3/4 should contain Initiator RSN IE. It may also include
 
 	 * Lifetime KDE. */
 
-	keydata = (const u8 *) (key + 1);
 
-	len = WPA_GET_BE16(key->key_data_length);
 
-	wpa_hexdump(MSG_DEBUG, "RSN: msg 3/4 key data", keydata, len);
 
-	if (wpa_supplicant_parse_ies(keydata, len, &kde) < 0) {
 
+	wpa_hexdump(MSG_DEBUG, "RSN: msg 3/4 key data", key_data, key_data_len);
 
+	if (wpa_supplicant_parse_ies(key_data, key_data_len, &kde) < 0) {
 
 		wpa_printf(MSG_DEBUG, "RSN: Failed to parse key data in "
 
 			   "STK 3/4");
 
 		return;
 
@@ -1117,21 +1111,25 @@ void peerkey_deinit(struct wpa_sm *sm)
 
 
 
 void peerkey_rx_eapol_4way(struct wpa_sm *sm, struct wpa_peerkey *peerkey,
 
-			   struct wpa_eapol_key *key, u16 key_info, u16 ver)
 
+			   struct wpa_eapol_key *key, u16 key_info, u16 ver,
 
+			   const u8 *key_data, size_t key_data_len)
 
 {
 
 	if ((key_info & (WPA_KEY_INFO_MIC | WPA_KEY_INFO_ACK)) ==
 
 	    (WPA_KEY_INFO_MIC | WPA_KEY_INFO_ACK)) {
 
 		/* 3/4 STK 4-Way Handshake */
 
-		wpa_supplicant_process_stk_3_of_4(sm, peerkey, key, ver);
 
+		wpa_supplicant_process_stk_3_of_4(sm, peerkey, key, ver,
 
+						  key_data, key_data_len);
 
 	} else if (key_info & WPA_KEY_INFO_ACK) {
 
 		/* 1/4 STK 4-Way Handshake */
 
-		wpa_supplicant_process_stk_1_of_4(sm, peerkey, key, ver);
 
+		wpa_supplicant_process_stk_1_of_4(sm, peerkey, key, ver,
 
+						  key_data, key_data_len);
 
 	} else if (key_info & WPA_KEY_INFO_SECURE) {
 
 		/* 4/4 STK 4-Way Handshake */
 
 		wpa_supplicant_process_stk_4_of_4(sm, peerkey, key, ver);
 
 	} else {
 
 		/* 2/4 STK 4-Way Handshake */
 
-		wpa_supplicant_process_stk_2_of_4(sm, peerkey, key, ver);
 
+		wpa_supplicant_process_stk_2_of_4(sm, peerkey, key, ver,
 
+						  key_data, key_data_len);
 
 	}
 
 }

+ 4 - 2
src/rsn_supp/peerkey.h
View File 

@@ -41,7 +41,8 @@ int peerkey_verify_eapol_key_mic(struct wpa_sm *sm,
 
 				 struct wpa_eapol_key *key, u16 ver,
 
 				 const u8 *buf, size_t len);
 
 void peerkey_rx_eapol_4way(struct wpa_sm *sm, struct wpa_peerkey *peerkey,
 
-			   struct wpa_eapol_key *key, u16 key_info, u16 ver);
 
+			   struct wpa_eapol_key *key, u16 key_info, u16 ver,
 
+			   const u8 *key_data, size_t key_data_len);
 
 void peerkey_rx_eapol_smk(struct wpa_sm *sm, const u8 *src_addr,
 
 			  struct wpa_eapol_key *key, size_t extra_len,
 
 			  u16 key_info, u16 ver);
 
@@ -60,7 +61,8 @@ peerkey_verify_eapol_key_mic(struct wpa_sm *sm,
 
 
 static inline void
 
 peerkey_rx_eapol_4way(struct wpa_sm *sm, struct wpa_peerkey *peerkey,
 
-		      struct wpa_eapol_key *key, u16 key_info, u16 ver)
 
+		      struct wpa_eapol_key *key, u16 key_info, u16 ver,
 
+		      const u8 *key_data, size_t key_data_len)
 
 {
 
 }

+ 2 - 1
src/rsn_supp/wpa.c
View File 

@@ -1833,7 +1833,8 @@ int wpa_sm_rx_eapol(struct wpa_sm *sm, const u8 *src_addr,
 
 		}
 
 		if (peerkey) {
 
 			/* PeerKey 4-Way Handshake */
 
-			peerkey_rx_eapol_4way(sm, peerkey, key, key_info, ver);
 
+			peerkey_rx_eapol_4way(sm, peerkey, key, key_info, ver,
 
+					      key_data, key_data_len);
 
 		} else if (key_info & WPA_KEY_INFO_MIC) {
 
 			/* 3/4 4-Way Handshake */
 
 			wpa_supplicant_process_3_of_4(sm, key, ver, key_data,