Amazing-Mirror/fragattacks
1
0
Fork 0
mirror of https://github.com/vanhoefm/fragattacks.git synced 2025-01-19 03:14:05 -05:00
Code Issues Projects Releases Wiki Activity

mka: Derive MACsec cipher suite and MKA algorithm table index

Browse Source 
Instead of using a specifically set index value from table definition,
use the actual real index of the table entry. This removes need for
maintaining these index values separately. Furthermore, the
mka_alg_tbl[] index was already off-by-one (but not used anywhere).

Signed-off-by: Jouni Malinen <j@w1.fi>
This commit is contained in:
Jouni Malinen 2018-12-27 16:37:57 +02:00
parent 594b7fbdde
commit 4d91d4a7cc
2 changed files with 9 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
src/pae/ieee802_1x_kay.c
View File

@ -46,7 +46,6 @@ static struct macsec_ciphersuite cipher_suite_tbl[] = {
.name = CS_NAME_GCM_AES_128, .name = CS_NAME_GCM_AES_128,
.capable = MACSEC_CAP_INTEG_AND_CONF_0_30_50, .capable = MACSEC_CAP_INTEG_AND_CONF_0_30_50,
.sak_len = DEFAULT_SA_KEY_LEN, .sak_len = DEFAULT_SA_KEY_LEN,
.index = 0,
}, },
/* GCM-AES-256 */ /* GCM-AES-256 */
{ {
@ -54,7 +53,6 @@ static struct macsec_ciphersuite cipher_suite_tbl[] = {
.name = CS_NAME_GCM_AES_256, .name = CS_NAME_GCM_AES_256,
.capable = MACSEC_CAP_INTEG_AND_CONF_0_30_50, .capable = MACSEC_CAP_INTEG_AND_CONF_0_30_50,
.sak_len = 32, .sak_len = 32,
.index = 1 /* index */
}, },
}; };
#define CS_TABLE_SIZE (ARRAY_SIZE(cipher_suite_tbl)) #define CS_TABLE_SIZE (ARRAY_SIZE(cipher_suite_tbl))
@ -71,8 +69,6 @@ static struct mka_alg mka_alg_tbl[] = {
.kek_trfm = ieee802_1x_kek_aes_cmac, .kek_trfm = ieee802_1x_kek_aes_cmac,
.ick_trfm = ieee802_1x_ick_aes_cmac, .ick_trfm = ieee802_1x_ick_aes_cmac,
.icv_hash = ieee802_1x_icv_aes_cmac, .icv_hash = ieee802_1x_icv_aes_cmac,
.index = 1,
}, },
}; };
#define MKA_ALG_TABLE_SIZE (ARRAY_SIZE(mka_alg_tbl)) #define MKA_ALG_TABLE_SIZE (ARRAY_SIZE(mka_alg_tbl))
@ -370,7 +366,7 @@ ieee802_1x_kay_get_peer(struct ieee802_1x_mka_participant *participant,
*/ */
static struct macsec_ciphersuite * static struct macsec_ciphersuite *
ieee802_1x_kay_get_cipher_suite(struct ieee802_1x_mka_participant *participant, ieee802_1x_kay_get_cipher_suite(struct ieee802_1x_mka_participant *participant,
const u8 *cs_id) const u8 *cs_id, unsigned int *idx)
{ {
unsigned int i; unsigned int i;
u64 cs; u64 cs;
@ -380,8 +376,10 @@ ieee802_1x_kay_get_cipher_suite(struct ieee802_1x_mka_participant *participant,
cs = be_to_host64(_cs); cs = be_to_host64(_cs);
for (i = 0; i < CS_TABLE_SIZE; i++) { for (i = 0; i < CS_TABLE_SIZE; i++) {
if (cipher_suite_tbl[i].id == cs) if (cipher_suite_tbl[i].id == cs) {
*idx = i;
return &cipher_suite_tbl[i]; return &cipher_suite_tbl[i];
}
} }
return NULL; return NULL;
@ -1673,7 +1671,10 @@ ieee802_1x_mka_decode_dist_sak_body(
kay->macsec_csindex = DEFAULT_CS_INDEX; kay->macsec_csindex = DEFAULT_CS_INDEX;
cs = &cipher_suite_tbl[kay->macsec_csindex]; cs = &cipher_suite_tbl[kay->macsec_csindex];
} else { } else {
cs = ieee802_1x_kay_get_cipher_suite(participant, body->sak); unsigned int idx;
cs = ieee802_1x_kay_get_cipher_suite(participant, body->sak,
&idx);
if (!cs) { if (!cs) {
wpa_printf(MSG_ERROR, wpa_printf(MSG_ERROR,
"KaY: I can't support the Cipher Suite advised by key server"); "KaY: I can't support the Cipher Suite advised by key server");
@ -1681,7 +1682,7 @@ ieee802_1x_mka_decode_dist_sak_body(
} }
sak_len = cs->sak_len; sak_len = cs->sak_len;
wrap_sak = body->sak + CS_ID_LEN; wrap_sak = body->sak + CS_ID_LEN;
kay->macsec_csindex = cs->index; kay->macsec_csindex = idx;
} }
unwrap_sak = os_zalloc(sak_len); unwrap_sak = os_zalloc(sak_len);

4
src/pae/ieee802_1x_kay_i.h
View File

@ -60,8 +60,6 @@ struct macsec_ciphersuite {
char name[32]; char name[32];
enum macsec_cap capable; enum macsec_cap capable;
int sak_len; /* unit: byte */ int sak_len; /* unit: byte */
u32 index;
}; };
struct mka_alg { struct mka_alg {
@ -80,8 +78,6 @@ struct mka_alg {
u8 *ick, size_t ick_bytes); u8 *ick, size_t ick_bytes);
int (*icv_hash)(const u8 *ick, size_t ick_bytes, int (*icv_hash)(const u8 *ick, size_t ick_bytes,
const u8 *msg, size_t msg_len, u8 *icv); const u8 *msg, size_t msg_len, u8 *icv);
int index; /* index for configuring */
}; };
#define DEFAULT_MKA_ALG_INDEX 0 #define DEFAULT_MKA_ALG_INDEX 0