Kernel/iwd
3
0
Fork 0
mirror of https://git.kernel.org/pub/scm/network/wireless/iwd.git synced 2025-01-03 10:32:33 +01:00
Code Releases Activity

eapol: Refactor verification functions

Browse Source 
Use a macro for common checks.  Assume that the validate step will be
done separately.
This commit is contained in:
Denis Kenzior 2015-02-23 15:39:26 -06:00
parent 62bfb6f8c8
commit a0bf16c5ca
2 changed files with 46 additions and 105 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

139
src/eapol.c
View File

@ -212,42 +212,35 @@ const struct eapol_key *eapol_key_validate(const uint8_t *frame, size_t len)
return ek; return ek;
} }
const struct eapol_key *eapol_verify_ptk_1_of_4(const uint8_t *frame, #define VERIFY_PTK_COMMON(ek) \
size_t len) if (!ek->key_type) \
return false; \
if (ek->smk_message) \
return false; \
if (ek->request) \
return false; \
if (ek->error) \
return false \
bool eapol_verify_ptk_1_of_4(const struct eapol_key *ek)
{ {
const struct eapol_key *ek;
ek = eapol_key_validate(frame, len);
if (!ek)
return NULL;
/* Verify according to 802.11, Section 11.6.6.2 */ /* Verify according to 802.11, Section 11.6.6.2 */
if (!ek->key_type) VERIFY_PTK_COMMON(ek);
return NULL;
if (ek->smk_message)
return NULL;
if (ek->install) if (ek->install)
return NULL; return false;
if (!ek->key_ack) if (!ek->key_ack)
return NULL; return false;
if (ek->key_mic) if (ek->key_mic)
return NULL; return false;
if (ek->secure) if (ek->secure)
return NULL; return false;
if (ek->error)
return NULL;
if (ek->request)
return NULL;
if (ek->encrypted_key_data) if (ek->encrypted_key_data)
return NULL; return false;
VERIFY_IS_ZERO(ek->eapol_key_iv); VERIFY_IS_ZERO(ek->eapol_key_iv);
VERIFY_IS_ZERO(ek->key_rsc); VERIFY_IS_ZERO(ek->key_rsc);
@ -257,93 +250,61 @@ const struct eapol_key *eapol_verify_ptk_1_of_4(const uint8_t *frame,
return ek; return ek;
} }
const struct eapol_key *eapol_verify_ptk_2_of_4(const uint8_t *frame, bool eapol_verify_ptk_2_of_4(const struct eapol_key *ek)
size_t len)
{ {
const struct eapol_key *ek;
uint16_t key_len; uint16_t key_len;
ek = eapol_key_validate(frame, len);
if (!ek)
return NULL;
/* Verify according to 802.11, Section 11.6.6.3 */ /* Verify according to 802.11, Section 11.6.6.3 */
if (!ek->key_type) VERIFY_PTK_COMMON(ek);
return NULL;
if (ek->smk_message)
return NULL;
if (ek->install) if (ek->install)
return NULL; return false;
if (ek->key_ack) if (ek->key_ack)
return NULL; return false;
if (!ek->key_mic) if (!ek->key_mic)
return NULL; return false;
if (ek->secure) if (ek->secure)
return NULL; return false;
if (ek->error)
return NULL;
if (ek->request)
return NULL;
if (ek->encrypted_key_data) if (ek->encrypted_key_data)
return NULL; return false;
key_len = L_BE16_TO_CPU(ek->key_length); key_len = L_BE16_TO_CPU(ek->key_length);
if (key_len != 0) if (key_len != 0)
return NULL; return false;
VERIFY_IS_ZERO(ek->eapol_key_iv); VERIFY_IS_ZERO(ek->eapol_key_iv);
VERIFY_IS_ZERO(ek->key_rsc); VERIFY_IS_ZERO(ek->key_rsc);
VERIFY_IS_ZERO(ek->reserved); VERIFY_IS_ZERO(ek->reserved);
return ek; return true;
} }
const struct eapol_key *eapol_verify_ptk_3_of_4(const uint8_t *frame, bool eapol_verify_ptk_3_of_4(const struct eapol_key *ek)
size_t len)
{ {
const struct eapol_key *ek;
uint16_t key_len; uint16_t key_len;
ek = eapol_key_validate(frame, len);
if (!ek)
return NULL;
/* Verify according to 802.11, Section 11.6.6.4 */ /* Verify according to 802.11, Section 11.6.6.4 */
if (!ek->key_type) VERIFY_PTK_COMMON(ek);
return NULL;
if (ek->smk_message)
return NULL;
if (!ek->key_ack) if (!ek->key_ack)
return NULL; return false;
if (!ek->key_mic) if (!ek->key_mic)
return NULL; return false;
if (!ek->secure) if (!ek->secure)
return NULL; return false;
if (ek->error)
return NULL;
if (ek->request)
return NULL;
if (!ek->encrypted_key_data) if (!ek->encrypted_key_data)
return NULL; return false;
key_len = L_BE16_TO_CPU(ek->key_length); key_len = L_BE16_TO_CPU(ek->key_length);
if (key_len != 16) if (key_len != 16)
return NULL; return false;
VERIFY_IS_ZERO(ek->reserved); VERIFY_IS_ZERO(ek->reserved);
@ -352,54 +313,38 @@ const struct eapol_key *eapol_verify_ptk_3_of_4(const uint8_t *frame,
EAPOL_KEY_DESCRIPTOR_VERSION_HMAC_MD5_ARC4) EAPOL_KEY_DESCRIPTOR_VERSION_HMAC_MD5_ARC4)
VERIFY_IS_ZERO(ek->eapol_key_iv); VERIFY_IS_ZERO(ek->eapol_key_iv);
return ek; return true;
} }
const struct eapol_key *eapol_verify_ptk_4_of_4(const uint8_t *frame, bool eapol_verify_ptk_4_of_4(const struct eapol_key *ek)
size_t len)
{ {
const struct eapol_key *ek;
uint16_t key_len; uint16_t key_len;
ek = eapol_key_validate(frame, len);
if (!ek)
return NULL;
/* Verify according to 802.11, Section 11.6.6.5 */ /* Verify according to 802.11, Section 11.6.6.5 */
if (!ek->key_type) VERIFY_PTK_COMMON(ek);
return NULL;
if (ek->smk_message)
return NULL;
if (ek->key_ack) if (ek->key_ack)
return NULL; return false;
if (!ek->key_mic) if (!ek->key_mic)
return NULL; return false;
if (!ek->secure) if (!ek->secure)
return NULL; return false;
if (ek->error)
return NULL;
if (ek->request)
return NULL;
if (ek->encrypted_key_data) if (ek->encrypted_key_data)
return NULL; return false;
key_len = L_BE16_TO_CPU(ek->key_length); key_len = L_BE16_TO_CPU(ek->key_length);
if (key_len != 0) if (key_len != 0)
return NULL; return false;
VERIFY_IS_ZERO(ek->key_nonce); VERIFY_IS_ZERO(ek->key_nonce);
VERIFY_IS_ZERO(ek->eapol_key_iv); VERIFY_IS_ZERO(ek->eapol_key_iv);
VERIFY_IS_ZERO(ek->key_rsc); VERIFY_IS_ZERO(ek->key_rsc);
VERIFY_IS_ZERO(ek->reserved); VERIFY_IS_ZERO(ek->reserved);
return ek; return true;
} }
static struct eapol_key *eapol_create_common( static struct eapol_key *eapol_create_common(

12
src/eapol.h
View File

@ -102,14 +102,10 @@ uint8_t *eapol_decrypt_key_data(const uint8_t *kek,
const struct eapol_key *eapol_key_validate(const uint8_t *frame, size_t len); const struct eapol_key *eapol_key_validate(const uint8_t *frame, size_t len);
const struct eapol_key *eapol_verify_ptk_1_of_4(const uint8_t *frame, bool eapol_verify_ptk_1_of_4(const struct eapol_key *ek);
size_t len); bool eapol_verify_ptk_2_of_4(const struct eapol_key *ek);
const struct eapol_key *eapol_verify_ptk_2_of_4(const uint8_t *frame, bool eapol_verify_ptk_3_of_4(const struct eapol_key *ek);
size_t len); bool eapol_verify_ptk_4_of_4(const struct eapol_key *ek);
const struct eapol_key *eapol_verify_ptk_3_of_4(const uint8_t *frame,
size_t len);
const struct eapol_key *eapol_verify_ptk_4_of_4(const uint8_t *frame,
size_t len);
struct eapol_key *eapol_create_ptk_2_of_4( struct eapol_key *eapol_create_ptk_2_of_4(
enum eapol_protocol_version protocol, enum eapol_protocol_version protocol,