projects / mech_eap.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
mka: Fix a typo in mka_body_handler (mak to mka)
[mech_eap.git] / src / pae / ieee802_1x_kay.c
diff --git a/src/pae/ieee802_1x_kay.c b/src/pae/ieee802_1x_kay.c
index d0c3125..7a31069 100644 (file)
--- a/src/pae/ieee802_1x_kay.c
+++ b/src/pae/ieee802_1x_kay.c
@@ -98,7 +98,7 @@ static unsigned int get_mka_param_body_len(const void *body)
 }
 
 
-static int get_mka_param_body_type(const void *body)
+static u8 get_mka_param_body_type(const void *body)
 {
        const struct ieee802_1x_mka_hdr *hdr = body;
        return hdr->type;
@@ -122,7 +122,7 @@ ieee802_1x_mka_dump_basic_body(struct ieee802_1x_mka_basic_body *body)
        wpa_printf(MSG_DEBUG, "\tPriority......: %d", body->priority);
        wpa_printf(MSG_DEBUG, "\tKeySvr........: %d", body->key_server);
        wpa_printf(MSG_DEBUG, "\tMACSecDesired.: %d", body->macsec_desired);
-       wpa_printf(MSG_DEBUG, "\tMACSecCapable.: %d", body->macsec_capbility);
+       wpa_printf(MSG_DEBUG, "\tMACSecCapable.: %d", body->macsec_capability);
        wpa_printf(MSG_DEBUG, "\tBody Length...: %d", (int) body_len);
        wpa_printf(MSG_DEBUG, "\tSCI MAC.......: " MACSTR,
                   MAC2STR(body->actor_sci.addr));
@@ -381,6 +381,13 @@ ieee802_1x_kay_get_cipher_suite(struct ieee802_1x_mka_participant *participant,
 }
 
 
+static Boolean sci_equal(const struct ieee802_1x_mka_sci *a,
+                        const struct ieee802_1x_mka_sci *b)
+{
+       return os_memcmp(a, b, sizeof(struct ieee802_1x_mka_sci)) == 0;
+}
+
+
 /**
  * ieee802_1x_kay_get_peer_sci
  */
@@ -392,13 +399,13 @@ ieee802_1x_kay_get_peer_sci(struct ieee802_1x_mka_participant *participant,
 
        dl_list_for_each(peer, &participant->live_peers,
                         struct ieee802_1x_kay_peer, list) {
-               if (os_memcmp(&peer->sci, sci, sizeof(peer->sci)) == 0)
+               if (sci_equal(&peer->sci, sci))
                        return peer;
        }
 
        dl_list_for_each(peer, &participant->potential_peers,
                         struct ieee802_1x_kay_peer, list) {
-               if (os_memcmp(&peer->sci, sci, sizeof(peer->sci)) == 0)
+               if (sci_equal(&peer->sci, sci))
                        return peer;
        }
 
@@ -604,6 +611,11 @@ ieee802_1x_kay_move_live_peer(struct ieee802_1x_mka_participant *participant,
                        break;
        }
 
+       rxsc = ieee802_1x_kay_init_receive_sc(&participant->current_peer_sci,
+                                             sc_ch);
+       if (!rxsc)
+               return NULL;
+
        os_memcpy(&peer->sci, &participant->current_peer_sci,
                  sizeof(peer->sci));
        peer->mn = mn;
@@ -620,10 +632,6 @@ ieee802_1x_kay_move_live_peer(struct ieee802_1x_mka_participant *participant,
 
        secy_get_available_receive_sc(participant->kay, &sc_ch);
 
-       rxsc = ieee802_1x_kay_init_receive_sc(&peer->sci, sc_ch);
-       if (!rxsc)
-               return NULL;
-
        dl_list_add(&participant->rxsc_list, &rxsc->list);
        secy_create_receive_sc(participant->kay, rxsc);
 
@@ -679,7 +687,7 @@ ieee802_1x_mka_encode_basic_body(
                body->key_server = participant->can_be_key_server;
 
        body->macsec_desired = kay->macsec_desired;
-       body->macsec_capbility = kay->macsec_capable;
+       body->macsec_capability = kay->macsec_capable;
        set_mka_param_body_len(body, length - MKA_HDR_LEN);
 
        os_memcpy(body->actor_sci.addr, kay->actor_sci.addr,
@@ -765,14 +773,14 @@ ieee802_1x_mka_decode_basic_body(struct ieee802_1x_kay *kay, const u8 *mka_msg,
                        return NULL;
 
                peer->macsec_desired = body->macsec_desired;
-               peer->macsec_capbility = body->macsec_capbility;
+               peer->macsec_capability = body->macsec_capability;
                peer->is_key_server = (Boolean) body->key_server;
                peer->key_server_priority = body->priority;
        } else if (peer->mn < be_to_host32(body->actor_mn)) {
                peer->mn = be_to_host32(body->actor_mn);
                peer->expire = time(NULL) + MKA_LIFE_TIME / 1000;
                peer->macsec_desired = body->macsec_desired;
-               peer->macsec_capbility = body->macsec_capbility;
+               peer->macsec_capability = body->macsec_capability;
                peer->is_key_server = (Boolean) body->key_server;
                peer->key_server_priority = body->priority;
        } else {
@@ -918,7 +926,7 @@ ieee802_1x_mka_i_in_peerlist(struct ieee802_1x_mka_participant *participant,
        struct ieee802_1x_mka_hdr *hdr;
        size_t body_len;
        size_t left_len;
-       int body_type;
+       u8 body_type;
        u32 peer_mn;
        be32 _peer_mn;
        const u8 *peer_mi;
@@ -999,6 +1007,12 @@ static int ieee802_1x_mka_decode_live_peer_body(
 
        hdr = (const struct ieee802_1x_mka_hdr *) peer_msg;
        body_len = get_mka_param_body_len(hdr);
+       if (body_len % 16 != 0) {
+               wpa_printf(MSG_ERROR,
+                          "KaY: MKA Peer Packet Body Length (%zu bytes) should be a multiple of 16 octets",
+                          body_len);
+               return -1;
+       }
 
        for (i = 0; i < body_len; i += MI_LEN + sizeof(peer_mn)) {
                peer_mi = MKA_HDR_LEN + peer_msg + i;
@@ -1053,6 +1067,12 @@ ieee802_1x_mka_decode_potential_peer_body(
 
        hdr = (struct ieee802_1x_mka_hdr *) peer_msg;
        body_len = get_mka_param_body_len(hdr);
+       if (body_len % 16 != 0) {
+               wpa_printf(MSG_ERROR,
+                          "KaY: MKA Peer Packet Body Length (%zu bytes) should be a multiple of 16 octets",
+                          body_len);
+               return -1;
+       }
 
        for (i = 0; i < body_len; i += MI_LEN + sizeof(peer_mn)) {
                peer_mi = MKA_HDR_LEN + peer_msg + i;
@@ -1568,8 +1588,7 @@ ieee802_1x_mka_decode_dist_sak_body(
                           "KaY: The key server is not in my live peers list");
                return -1;
        }
-       if (os_memcmp(&participant->kay->key_server_sci,
-                     &peer->sci, sizeof(struct ieee802_1x_mka_sci)) != 0) {
+       if (!sci_equal(&participant->kay->key_server_sci, &peer->sci)) {
                wpa_printf(MSG_ERROR, "KaY: The key server is not elected");
                return -1;
        }
@@ -1761,7 +1780,7 @@ ieee802_1x_mka_decode_icv_body(struct ieee802_1x_mka_participant *participant,
        struct ieee802_1x_mka_icv_body *body;
        size_t body_len;
        size_t left_len;
-       int body_type;
+       u8 body_type;
        const u8 *pos;
 
        pos = mka_msg;
@@ -1852,7 +1871,7 @@ static int ieee802_1x_mka_decode_announce_body(
 }
 
 
-static struct mka_param_body_handler mak_body_handler[] = {
+static struct mka_param_body_handler mka_body_handler[] = {
        /* basic parameter set */
        {
                ieee802_1x_mka_encode_basic_body,
@@ -2147,8 +2166,7 @@ ieee802_1x_kay_elect_key_server(struct ieee802_1x_mka_participant *participant)
 
        if (i_is_key_server) {
                ieee802_1x_cp_set_electedself(kay->cp, TRUE);
-               if (os_memcmp(&kay->key_server_sci, &kay->actor_sci,
-                             sizeof(kay->key_server_sci))) {
+               if (!sci_equal(&kay->key_server_sci, &kay->actor_sci)) {
                        ieee802_1x_cp_signal_chgdserver(kay->cp);
                        ieee802_1x_cp_sm_step(kay->cp);
                }
@@ -2165,8 +2183,7 @@ ieee802_1x_kay_elect_key_server(struct ieee802_1x_mka_participant *participant)
                kay->key_server_priority = kay->actor_priority;
        } else if (key_server) {
                ieee802_1x_cp_set_electedself(kay->cp, FALSE);
-               if (os_memcmp(&kay->key_server_sci, &key_server->sci,
-                             sizeof(kay->key_server_sci))) {
+               if (!sci_equal(&kay->key_server_sci, &key_server->sci)) {
                        ieee802_1x_cp_signal_chgdserver(kay->cp);
                        ieee802_1x_cp_sm_step(kay->cp);
                }
@@ -2224,11 +2241,11 @@ ieee802_1x_kay_decide_macsec_use(
                if (!peer->macsec_desired)
                        continue;
 
-               if (peer->macsec_capbility == MACSEC_CAP_NOT_IMPLEMENTED)
+               if (peer->macsec_capability == MACSEC_CAP_NOT_IMPLEMENTED)
                        continue;
 
-               less_capability = (less_capability < peer->macsec_capbility) ?
-                       less_capability : peer->macsec_capbility;
+               less_capability = (less_capability < peer->macsec_capability) ?
+                       less_capability : peer->macsec_capability;
                has_peer = TRUE;
        }
 
@@ -2289,10 +2306,10 @@ ieee802_1x_kay_encode_mkpdu(struct ieee802_1x_mka_participant *participant,
        eapol_hdr->type = IEEE802_1X_TYPE_EAPOL_MKA;
        eapol_hdr->length = host_to_be16(pbuf->size - pbuf->used);
 
-       for (i = 0; i < ARRAY_SIZE(mak_body_handler); i++) {
-               if (mak_body_handler[i].body_present &&
-                   mak_body_handler[i].body_present(participant)) {
-                       if (mak_body_handler[i].body_tx(participant, pbuf))
+       for (i = 0; i < ARRAY_SIZE(mka_body_handler); i++) {
+               if (mka_body_handler[i].body_present &&
+                   mka_body_handler[i].body_present(participant)) {
+                       if (mka_body_handler[i].body_tx(participant, pbuf))
                                return -1;
                }
        }
@@ -2314,10 +2331,10 @@ ieee802_1x_participant_send_mkpdu(
 
        wpa_printf(MSG_DEBUG, "KaY: to enpacket and send the MKPDU");
        length += sizeof(struct ieee802_1x_hdr) + sizeof(struct ieee8023_hdr);
-       for (i = 0; i < ARRAY_SIZE(mak_body_handler); i++) {
-               if (mak_body_handler[i].body_present &&
-                   mak_body_handler[i].body_present(participant))
-                       length += mak_body_handler[i].body_length(participant);
+       for (i = 0; i < ARRAY_SIZE(mka_body_handler); i++) {
+               if (mka_body_handler[i].body_present &&
+                   mka_body_handler[i].body_present(participant))
+                       length += mka_body_handler[i].body_length(participant);
        }
 
        buf = wpabuf_alloc(length);
@@ -2395,8 +2412,7 @@ static void ieee802_1x_participant_timer(void *eloop_ctx, void *timeout_ctx)
                        dl_list_for_each_safe(rxsc, pre_rxsc,
                                              &participant->rxsc_list,
                                              struct receive_sc, list) {
-                               if (os_memcmp(&rxsc->sci, &peer->sci,
-                                             sizeof(rxsc->sci)) == 0) {
+                               if (sci_equal(&rxsc->sci, &peer->sci)) {
                                        secy_delete_receive_sc(kay, rxsc);
                                        ieee802_1x_kay_deinit_receive_sc(
                                                participant, rxsc);
@@ -2976,7 +2992,7 @@ static int ieee802_1x_kay_decode_mkpdu(struct ieee802_1x_kay *kay,
        struct ieee802_1x_mka_hdr *hdr;
        size_t body_len;
        size_t left_len;
-       int body_type;
+       u8 body_type;
        int i;
        const u8 *pos;
        Boolean my_included;
@@ -3017,9 +3033,12 @@ static int ieee802_1x_kay_decode_mkpdu(struct ieee802_1x_kay *kay,
                }
                if (ieee802_1x_kay_is_in_potential_peer(
                            participant, participant->current_peer_id.mi)) {
-                       ieee802_1x_kay_move_live_peer(
-                               participant, participant->current_peer_id.mi,
-                               be_to_host32(participant->current_peer_id.mn));
+                       if (!ieee802_1x_kay_move_live_peer(
+                                   participant,
+                                   participant->current_peer_id.mi,
+                                   be_to_host32(participant->
+                                                current_peer_id.mn)))
+                               return -1;
                        ieee802_1x_kay_elect_key_server(participant);
                        ieee802_1x_kay_decide_macsec_use(participant);
                }
@@ -3053,8 +3072,9 @@ static int ieee802_1x_kay_decode_mkpdu(struct ieee802_1x_kay *kay,
                        goto next_para_set;
 
                handled[body_type] = TRUE;
-               if (mak_body_handler[body_type].body_rx) {
-                       mak_body_handler[body_type].body_rx
+               if (body_type < ARRAY_SIZE(mka_body_handler) &&
+                   mka_body_handler[body_type].body_rx) {
+                       mka_body_handler[body_type].body_rx
                                (participant, pos, left_len);
                } else {
                        wpa_printf(MSG_ERROR,
@@ -3421,6 +3441,7 @@ ieee802_1x_kay_delete_mka(struct ieee802_1x_kay *kay, struct mka_key_name *ckn)
                return;
        }
 
+       eloop_cancel_timeout(ieee802_1x_participant_timer, participant, NULL);
        dl_list_del(&participant->list);
 
        /* remove live peer */
Moonshot GSS-API mechanism