PeerKey: Clean up EAPOL-Key Key Data processing
This extends the earlier commit e6270129f6
('Clean up EAPOL-Key Key Data processing') design to be used with
PeerKey EAPOL-key processing as well. This avoids false warnings from
static analyzer (CID 62860, CID 62861, CID 62862).
Signed-off-by: Jouni Malinen <j@w1.fi>
This commit is contained in:
Jouni Malinen
parent
010fc5f507
commit
f107d00cf6
3 changed files with 29 additions and 28 deletions
|
|
@ -653,11 +653,11 @@ static int wpa_supplicant_process_smk_error(
|
||||||
static void wpa_supplicant_process_stk_1_of_4(struct wpa_sm *sm,
|
static void wpa_supplicant_process_stk_1_of_4(struct wpa_sm *sm,
|
||||||
struct wpa_peerkey *peerkey,
|
struct wpa_peerkey *peerkey,
|
||||||
const struct wpa_eapol_key *key,
|
const struct wpa_eapol_key *key,
|
||||||
u16 ver)
|
u16 ver, const u8 *key_data,
|
||||||
|
size_t key_data_len)
|
||||||
{
|
{
|
||||||
struct wpa_eapol_ie_parse ie;
|
struct wpa_eapol_ie_parse ie;
|
||||||
const u8 *kde;
|
size_t kde_buf_len;
|
||||||
size_t len, kde_buf_len;
|
|
||||||
struct wpa_ptk *stk;
|
struct wpa_ptk *stk;
|
||||||
u8 buf[8], *kde_buf, *pos;
|
u8 buf[8], *kde_buf, *pos;
|
||||||
be32 lifetime;
|
be32 lifetime;
|
||||||
|
|
@ -668,10 +668,9 @@ static void wpa_supplicant_process_stk_1_of_4(struct wpa_sm *sm,
|
||||||
os_memset(&ie, 0, sizeof(ie));
|
os_memset(&ie, 0, sizeof(ie));
|
||||||
|
|
||||||
/* RSN: msg 1/4 should contain SMKID for the selected SMK */
|
/* RSN: msg 1/4 should contain SMKID for the selected SMK */
|
||||||
kde = (const u8 *) (key + 1);
|
wpa_hexdump(MSG_DEBUG, "RSN: msg 1/4 key data", key_data, key_data_len);
|
||||||
len = WPA_GET_BE16(key->key_data_length);
|
if (wpa_supplicant_parse_ies(key_data, key_data_len, &ie) < 0 ||
|
||||||
wpa_hexdump(MSG_DEBUG, "RSN: msg 1/4 key data", kde, len);
|
ie.pmkid == NULL) {
|
||||||
if (wpa_supplicant_parse_ies(kde, len, &ie) < 0 || ie.pmkid == NULL) {
|
|
||||||
wpa_printf(MSG_DEBUG, "RSN: No SMKID in STK 1/4");
|
wpa_printf(MSG_DEBUG, "RSN: No SMKID in STK 1/4");
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
@ -760,11 +759,10 @@ static void wpa_supplicant_update_smk_lifetime(struct wpa_sm *sm,
|
||||||
static void wpa_supplicant_process_stk_2_of_4(struct wpa_sm *sm,
|
static void wpa_supplicant_process_stk_2_of_4(struct wpa_sm *sm,
|
||||||
struct wpa_peerkey *peerkey,
|
struct wpa_peerkey *peerkey,
|
||||||
const struct wpa_eapol_key *key,
|
const struct wpa_eapol_key *key,
|
||||||
u16 ver)
|
u16 ver, const u8 *key_data,
|
||||||
|
size_t key_data_len)
|
||||||
{
|
{
|
||||||
struct wpa_eapol_ie_parse kde;
|
struct wpa_eapol_ie_parse kde;
|
||||||
const u8 *keydata;
|
|
||||||
size_t len;
|
|
||||||
|
|
||||||
wpa_printf(MSG_DEBUG, "RSN: RX message 2 of STK 4-Way Handshake from "
|
wpa_printf(MSG_DEBUG, "RSN: RX message 2 of STK 4-Way Handshake from "
|
||||||
MACSTR " (ver=%d)", MAC2STR(peerkey->addr), ver);
|
MACSTR " (ver=%d)", MAC2STR(peerkey->addr), ver);
|
||||||
|
|
@ -773,10 +771,8 @@ static void wpa_supplicant_process_stk_2_of_4(struct wpa_sm *sm,
|
||||||
|
|
||||||
/* RSN: msg 2/4 should contain SMKID for the selected SMK and RSN IE
|
/* RSN: msg 2/4 should contain SMKID for the selected SMK and RSN IE
|
||||||
* from the peer. It may also include Lifetime KDE. */
|
* from the peer. It may also include Lifetime KDE. */
|
||||||
keydata = (const u8 *) (key + 1);
|
wpa_hexdump(MSG_DEBUG, "RSN: msg 2/4 key data", key_data, key_data_len);
|
||||||
len = WPA_GET_BE16(key->key_data_length);
|
if (wpa_supplicant_parse_ies(key_data, key_data_len, &kde) < 0 ||
|
||||||
wpa_hexdump(MSG_DEBUG, "RSN: msg 2/4 key data", keydata, len);
|
|
||||||
if (wpa_supplicant_parse_ies(keydata, len, &kde) < 0 ||
|
|
||||||
kde.pmkid == NULL || kde.rsn_ie == NULL) {
|
kde.pmkid == NULL || kde.rsn_ie == NULL) {
|
||||||
wpa_printf(MSG_DEBUG, "RSN: No SMKID or RSN IE in STK 2/4");
|
wpa_printf(MSG_DEBUG, "RSN: No SMKID or RSN IE in STK 2/4");
|
||||||
return;
|
return;
|
||||||
|
|
@ -809,11 +805,11 @@ static void wpa_supplicant_process_stk_2_of_4(struct wpa_sm *sm,
|
||||||
static void wpa_supplicant_process_stk_3_of_4(struct wpa_sm *sm,
|
static void wpa_supplicant_process_stk_3_of_4(struct wpa_sm *sm,
|
||||||
struct wpa_peerkey *peerkey,
|
struct wpa_peerkey *peerkey,
|
||||||
const struct wpa_eapol_key *key,
|
const struct wpa_eapol_key *key,
|
||||||
u16 ver)
|
u16 ver, const u8 *key_data,
|
||||||
|
size_t key_data_len)
|
||||||
{
|
{
|
||||||
struct wpa_eapol_ie_parse kde;
|
struct wpa_eapol_ie_parse kde;
|
||||||
const u8 *keydata;
|
size_t key_len;
|
||||||
size_t len, key_len;
|
|
||||||
const u8 *_key;
|
const u8 *_key;
|
||||||
u8 key_buf[32], rsc[6];
|
u8 key_buf[32], rsc[6];
|
||||||
|
|
||||||
|
|
@ -824,10 +820,8 @@ static void wpa_supplicant_process_stk_3_of_4(struct wpa_sm *sm,
|
||||||
|
|
||||||
/* RSN: msg 3/4 should contain Initiator RSN IE. It may also include
|
/* RSN: msg 3/4 should contain Initiator RSN IE. It may also include
|
||||||
* Lifetime KDE. */
|
* Lifetime KDE. */
|
||||||
keydata = (const u8 *) (key + 1);
|
wpa_hexdump(MSG_DEBUG, "RSN: msg 3/4 key data", key_data, key_data_len);
|
||||||
len = WPA_GET_BE16(key->key_data_length);
|
if (wpa_supplicant_parse_ies(key_data, key_data_len, &kde) < 0) {
|
||||||
wpa_hexdump(MSG_DEBUG, "RSN: msg 3/4 key data", keydata, len);
|
|
||||||
if (wpa_supplicant_parse_ies(keydata, len, &kde) < 0) {
|
|
||||||
wpa_printf(MSG_DEBUG, "RSN: Failed to parse key data in "
|
wpa_printf(MSG_DEBUG, "RSN: Failed to parse key data in "
|
||||||
"STK 3/4");
|
"STK 3/4");
|
||||||
return;
|
return;
|
||||||
|
|
@ -1117,21 +1111,25 @@ void peerkey_deinit(struct wpa_sm *sm)
|
||||||
|
|
||||||
|
|
||||||
void peerkey_rx_eapol_4way(struct wpa_sm *sm, struct wpa_peerkey *peerkey,
|
void peerkey_rx_eapol_4way(struct wpa_sm *sm, struct wpa_peerkey *peerkey,
|
||||||
struct wpa_eapol_key *key, u16 key_info, u16 ver)
|
struct wpa_eapol_key *key, u16 key_info, u16 ver,
|
||||||
|
const u8 *key_data, size_t key_data_len)
|
||||||
{
|
{
|
||||||
if ((key_info & (WPA_KEY_INFO_MIC | WPA_KEY_INFO_ACK)) ==
|
if ((key_info & (WPA_KEY_INFO_MIC | WPA_KEY_INFO_ACK)) ==
|
||||||
(WPA_KEY_INFO_MIC | WPA_KEY_INFO_ACK)) {
|
(WPA_KEY_INFO_MIC | WPA_KEY_INFO_ACK)) {
|
||||||
/* 3/4 STK 4-Way Handshake */
|
/* 3/4 STK 4-Way Handshake */
|
||||||
wpa_supplicant_process_stk_3_of_4(sm, peerkey, key, ver);
|
wpa_supplicant_process_stk_3_of_4(sm, peerkey, key, ver,
|
||||||
|
key_data, key_data_len);
|
||||||
} else if (key_info & WPA_KEY_INFO_ACK) {
|
} else if (key_info & WPA_KEY_INFO_ACK) {
|
||||||
/* 1/4 STK 4-Way Handshake */
|
/* 1/4 STK 4-Way Handshake */
|
||||||
wpa_supplicant_process_stk_1_of_4(sm, peerkey, key, ver);
|
wpa_supplicant_process_stk_1_of_4(sm, peerkey, key, ver,
|
||||||
|
key_data, key_data_len);
|
||||||
} else if (key_info & WPA_KEY_INFO_SECURE) {
|
} else if (key_info & WPA_KEY_INFO_SECURE) {
|
||||||
/* 4/4 STK 4-Way Handshake */
|
/* 4/4 STK 4-Way Handshake */
|
||||||
wpa_supplicant_process_stk_4_of_4(sm, peerkey, key, ver);
|
wpa_supplicant_process_stk_4_of_4(sm, peerkey, key, ver);
|
||||||
} else {
|
} else {
|
||||||
/* 2/4 STK 4-Way Handshake */
|
/* 2/4 STK 4-Way Handshake */
|
||||||
wpa_supplicant_process_stk_2_of_4(sm, peerkey, key, ver);
|
wpa_supplicant_process_stk_2_of_4(sm, peerkey, key, ver,
|
||||||
|
key_data, key_data_len);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -41,7 +41,8 @@ int peerkey_verify_eapol_key_mic(struct wpa_sm *sm,
|
||||||
struct wpa_eapol_key *key, u16 ver,
|
struct wpa_eapol_key *key, u16 ver,
|
||||||
const u8 *buf, size_t len);
|
const u8 *buf, size_t len);
|
||||||
void peerkey_rx_eapol_4way(struct wpa_sm *sm, struct wpa_peerkey *peerkey,
|
void peerkey_rx_eapol_4way(struct wpa_sm *sm, struct wpa_peerkey *peerkey,
|
||||||
struct wpa_eapol_key *key, u16 key_info, u16 ver);
|
struct wpa_eapol_key *key, u16 key_info, u16 ver,
|
||||||
|
const u8 *key_data, size_t key_data_len);
|
||||||
void peerkey_rx_eapol_smk(struct wpa_sm *sm, const u8 *src_addr,
|
void peerkey_rx_eapol_smk(struct wpa_sm *sm, const u8 *src_addr,
|
||||||
struct wpa_eapol_key *key, size_t extra_len,
|
struct wpa_eapol_key *key, size_t extra_len,
|
||||||
u16 key_info, u16 ver);
|
u16 key_info, u16 ver);
|
||||||
|
|
@ -60,7 +61,8 @@ peerkey_verify_eapol_key_mic(struct wpa_sm *sm,
|
||||||
|
|
||||||
static inline void
|
static inline void
|
||||||
peerkey_rx_eapol_4way(struct wpa_sm *sm, struct wpa_peerkey *peerkey,
|
peerkey_rx_eapol_4way(struct wpa_sm *sm, struct wpa_peerkey *peerkey,
|
||||||
struct wpa_eapol_key *key, u16 key_info, u16 ver)
|
struct wpa_eapol_key *key, u16 key_info, u16 ver,
|
||||||
|
const u8 *key_data, size_t key_data_len)
|
||||||
{
|
{
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -1833,7 +1833,8 @@ int wpa_sm_rx_eapol(struct wpa_sm *sm, const u8 *src_addr,
|
||||||
}
|
}
|
||||||
if (peerkey) {
|
if (peerkey) {
|
||||||
/* PeerKey 4-Way Handshake */
|
/* PeerKey 4-Way Handshake */
|
||||||
peerkey_rx_eapol_4way(sm, peerkey, key, key_info, ver);
|
peerkey_rx_eapol_4way(sm, peerkey, key, key_info, ver,
|
||||||
|
key_data, key_data_len);
|
||||||
} else if (key_info & WPA_KEY_INFO_MIC) {
|
} else if (key_info & WPA_KEY_INFO_MIC) {
|
||||||
/* 3/4 4-Way Handshake */
|
/* 3/4 4-Way Handshake */
|
||||||
wpa_supplicant_process_3_of_4(sm, key, ver, key_data,
|
wpa_supplicant_process_3_of_4(sm, key, ver, key_data,
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue