Incorporate the LGPL v2.1 licensed implementation of ARC4, taken from
the Nettle project (https://git.lysator.liu.se/nettle/nettle.git,
commit 3e7a480a1e351884), and tweak it a bit so we don't have to
operate on a skip buffer to fast forward the stream cipher, but can
simply invoke it with NULL dst or src arguments to achieve the same.
This removes the dependency [via libell] on the OS's implementation of
ecb(arc4), which may be going away, and which is not usually accelerated
in the first place.
There's are two changes to the example raw data in m8_encrypted_settings,
one is to change the Network Index value to 1 and the other is to drop
the Network Key Index attribute:
Network Index R Deprecated - use fixed value 1 for
backwards compatibility.
Network Key O Deprecated. Only included by WSC 1.0
Index devices. Ignored by WSC 2.0 or newer
devices.
test-eapol was passing zero as the MTU, so this simply needed to be
updated to remove that parameter.
test-wsc was actually setting a MTU value so when building the
settings we now add the proper value so the MTU can be set with
__eap_set_config.
Refactored eapol_sm_test_tls to take a l_settings object rather than
a settings string. This lets the caller either load from data or
from file (the new test loads the build time generated tls-settings
file).
The SAE unit test needed to be updated to use the handshake_driver,
but in addition all the packet building needed a major overhaul. SAE
was changed to behave more like OWE/FILS, in that netdev passes the
raw mpdu frame into the RX callbacks. Before, only the authentication
data was passed. This requires the unit tests to now build up the
entire authentication frame, and in some cases append the header
to the data coming from the TX functions.
FILS authentication does away with the MIC, so checking for key_mic
in the eapol key frame does not allow FILS to work. Now we pass in
the mic_len to eapol_verify_gtk_1_of_2, and if it is non-zero we can
check that the MIC is present in the frame.
When this test was written only group 19 was supported. The 'bad_group'
test used, at the time, unsupported group 20. Now group 20 is supported
so this test was expecting a failure. This updates the test to use group
0xff, which is not a valid ECC group and should always fail.
==24642==ERROR: AddressSanitizer: stack-buffer-overflow on address 0x7ffe00450850 at pc 0x7f2043eef5e3 bp 0x7ffe00450660 sp 0x7ffe0044fdf0
WRITE of size 3 at 0x7ffe00450850 thread T0
#0 0x7f2043eef5e2 in __interceptor_vsprintf /var/tmp/portage/sys-devel/gcc-8.2.0-r2/work/gcc-8.2.0/libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc:1522
#1 0x7f2043eef956 in __interceptor_sprintf /var/tmp/portage/sys-devel/gcc-8.2.0-r2/work/gcc-8.2.0/libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc:1553
#2 0x4026f1 in prf_test unit/test-prf-sha1.c:64
#3 0x407478 in l_test_run ell/test.c:83
#4 0x4029e3 in main unit/test-prf-sha1.c:130
#5 0x7f2042dd9ed9 in __libc_start_main (/lib64/libc.so.6+0x20ed9)
#6 0x401f79 in _start (/home/denkenz/iwd-master/unit/test-prf-sha1+0x401f79)
Now that the peer element is validated we must send valid point data.
This should have been done in the beginning anyways, but since the
point data was not previously validated this test still passed.
Since this particular unit test is really testing timeouts we can just
use the commit buffer for other tests since it contains a valid scalar
and point.
Using the gcc wrap feature, l_getrandom was redefined to use a known
good, hardcoded random value. The two other tests were also disabled
if l_getrandom is not supported since these do require randomness
for proper testing.
Single AVP should not be padded with zeros as padding is only
used to separate AVPs in a sequence.
RFC 5281 Section 10.2. AVP Sequences
Data encapsulated within the TLS record layer must consist entirely
of a sequence of zero or more AVPs. Each AVP must begin on a four-
octet boundary relative to the first AVP in the sequence. If an AVP
is not a multiple of four octets, it must be padded with zeros to the
next four-octet boundary.
Note that the AVP Length does not include the padding.
Some compilers complained that:
../unit/test-ecc.c: In function ‘run_test’:
../unit/test-ecc.c:295:38: warning: ‘lres’ may be used uninitialized in
this function [-Wmaybe-uninitialized]
assert(data->lres == lres);
^
Since aes_wrap & aes_unwrap advertise support for overlapped in/out
buffers, make sure that the unit test actually tests this as well.
valgrind will complain if the memory is overlapped and memcpy is used
instead of memmove.