mirror of
https://github.com/vanhoefm/fragattacks.git
synced 2025-01-18 02:44:03 -05:00
EAP-IKEv2: Remove obsolete ccns.pl project workarounds
It does not look like there is going to be any additional use for this old build option that could be used to build the EAP-IKEv2 peer implementation in a way that interoperates with the eap-ikev2.ccns.pl project. Remove the workarounds that matches incorrect implementation in that project to clean up implementation. Signed-off-by: Jouni Malinen <j@w1.fi>
This commit is contained in:
parent
aa6bf6dabc
commit
737754dc2b
@ -52,22 +52,12 @@ struct wpabuf * eap_ikev2_build_frag_ack(u8 id, u8 code)
|
||||
{
|
||||
struct wpabuf *msg;
|
||||
|
||||
#ifdef CCNS_PL
|
||||
msg = eap_msg_alloc(EAP_VENDOR_IETF, EAP_TYPE_IKEV2, 1, code, id);
|
||||
if (msg == NULL) {
|
||||
wpa_printf(MSG_ERROR, "EAP-IKEV2: Failed to allocate memory "
|
||||
"for fragment ack");
|
||||
return NULL;
|
||||
}
|
||||
wpabuf_put_u8(msg, 0); /* Flags */
|
||||
#else /* CCNS_PL */
|
||||
msg = eap_msg_alloc(EAP_VENDOR_IETF, EAP_TYPE_IKEV2, 0, code, id);
|
||||
if (msg == NULL) {
|
||||
wpa_printf(MSG_ERROR, "EAP-IKEV2: Failed to allocate memory "
|
||||
"for fragment ack");
|
||||
return NULL;
|
||||
}
|
||||
#endif /* CCNS_PL */
|
||||
|
||||
wpa_printf(MSG_DEBUG, "EAP-IKEV2: Send fragment ack");
|
||||
|
||||
|
@ -9,16 +9,9 @@
|
||||
#ifndef EAP_IKEV2_COMMON_H
|
||||
#define EAP_IKEV2_COMMON_H
|
||||
|
||||
#ifdef CCNS_PL
|
||||
/* incorrect bit order */
|
||||
#define IKEV2_FLAGS_LENGTH_INCLUDED 0x01
|
||||
#define IKEV2_FLAGS_MORE_FRAGMENTS 0x02
|
||||
#define IKEV2_FLAGS_ICV_INCLUDED 0x04
|
||||
#else /* CCNS_PL */
|
||||
#define IKEV2_FLAGS_LENGTH_INCLUDED 0x80
|
||||
#define IKEV2_FLAGS_MORE_FRAGMENTS 0x40
|
||||
#define IKEV2_FLAGS_ICV_INCLUDED 0x20
|
||||
#endif /* CCNS_PL */
|
||||
|
||||
#define IKEV2_FRAGMENT_SIZE 1400
|
||||
|
||||
|
@ -173,46 +173,12 @@ const struct ikev2_encr_alg * ikev2_get_encr(int id)
|
||||
}
|
||||
|
||||
|
||||
#ifdef CCNS_PL
|
||||
/* from des.c */
|
||||
struct des3_key_s {
|
||||
u32 ek[3][32];
|
||||
u32 dk[3][32];
|
||||
};
|
||||
|
||||
void des3_key_setup(const u8 *key, struct des3_key_s *dkey);
|
||||
void des3_encrypt(const u8 *plain, const struct des3_key_s *key, u8 *crypt);
|
||||
void des3_decrypt(const u8 *crypt, const struct des3_key_s *key, u8 *plain);
|
||||
#endif /* CCNS_PL */
|
||||
|
||||
|
||||
int ikev2_encr_encrypt(int alg, const u8 *key, size_t key_len, const u8 *iv,
|
||||
const u8 *plain, u8 *crypt, size_t len)
|
||||
{
|
||||
struct crypto_cipher *cipher;
|
||||
int encr_alg;
|
||||
|
||||
#ifdef CCNS_PL
|
||||
if (alg == ENCR_3DES) {
|
||||
struct des3_key_s des3key;
|
||||
size_t i, blocks;
|
||||
u8 *pos;
|
||||
|
||||
/* ECB mode is used incorrectly for 3DES!? */
|
||||
if (key_len != 24) {
|
||||
wpa_printf(MSG_INFO, "IKEV2: Invalid encr key length");
|
||||
return -1;
|
||||
}
|
||||
des3_key_setup(key, &des3key);
|
||||
|
||||
blocks = len / 8;
|
||||
pos = crypt;
|
||||
for (i = 0; i < blocks; i++) {
|
||||
des3_encrypt(pos, &des3key, pos);
|
||||
pos += 8;
|
||||
}
|
||||
} else {
|
||||
#endif /* CCNS_PL */
|
||||
switch (alg) {
|
||||
case ENCR_3DES:
|
||||
encr_alg = CRYPTO_CIPHER_ALG_3DES;
|
||||
@ -237,9 +203,6 @@ int ikev2_encr_encrypt(int alg, const u8 *key, size_t key_len, const u8 *iv,
|
||||
return -1;
|
||||
}
|
||||
crypto_cipher_deinit(cipher);
|
||||
#ifdef CCNS_PL
|
||||
}
|
||||
#endif /* CCNS_PL */
|
||||
|
||||
return 0;
|
||||
}
|
||||
@ -251,31 +214,6 @@ int ikev2_encr_decrypt(int alg, const u8 *key, size_t key_len, const u8 *iv,
|
||||
struct crypto_cipher *cipher;
|
||||
int encr_alg;
|
||||
|
||||
#ifdef CCNS_PL
|
||||
if (alg == ENCR_3DES) {
|
||||
struct des3_key_s des3key;
|
||||
size_t i, blocks;
|
||||
|
||||
/* ECB mode is used incorrectly for 3DES!? */
|
||||
if (key_len != 24) {
|
||||
wpa_printf(MSG_INFO, "IKEV2: Invalid encr key length");
|
||||
return -1;
|
||||
}
|
||||
des3_key_setup(key, &des3key);
|
||||
|
||||
if (len % 8) {
|
||||
wpa_printf(MSG_INFO, "IKEV2: Invalid encrypted "
|
||||
"length");
|
||||
return -1;
|
||||
}
|
||||
blocks = len / 8;
|
||||
for (i = 0; i < blocks; i++) {
|
||||
des3_decrypt(crypt, &des3key, plain);
|
||||
plain += 8;
|
||||
crypt += 8;
|
||||
}
|
||||
} else {
|
||||
#endif /* CCNS_PL */
|
||||
switch (alg) {
|
||||
case ENCR_3DES:
|
||||
encr_alg = CRYPTO_CIPHER_ALG_3DES;
|
||||
@ -300,9 +238,6 @@ int ikev2_encr_decrypt(int alg, const u8 *key, size_t key_len, const u8 *iv,
|
||||
return -1;
|
||||
}
|
||||
crypto_cipher_deinit(cipher);
|
||||
#ifdef CCNS_PL
|
||||
}
|
||||
#endif /* CCNS_PL */
|
||||
|
||||
return 0;
|
||||
}
|
||||
@ -706,10 +641,6 @@ int ikev2_derive_sk_keys(const struct ikev2_prf_alg *prf,
|
||||
keys->SK_integ_len = integ->key_len;
|
||||
keys->SK_encr_len = encr->key_len;
|
||||
keys->SK_prf_len = prf->key_len;
|
||||
#ifdef CCNS_PL
|
||||
/* Uses encryption key length for SK_d; should be PRF length */
|
||||
keys->SK_d_len = keys->SK_encr_len;
|
||||
#endif /* CCNS_PL */
|
||||
|
||||
keybuf_len = keys->SK_d_len + 2 * keys->SK_integ_len +
|
||||
2 * keys->SK_encr_len + 2 * keys->SK_prf_len;
|
||||
|
@ -70,11 +70,7 @@ struct ikev2_transform {
|
||||
/* Current IKEv2 version from RFC 4306 */
|
||||
#define IKEV2_MjVer 2
|
||||
#define IKEV2_MnVer 0
|
||||
#ifdef CCNS_PL
|
||||
#define IKEV2_VERSION ((IKEV2_MjVer) | ((IKEV2_MnVer) << 4))
|
||||
#else /* CCNS_PL */
|
||||
#define IKEV2_VERSION (((IKEV2_MjVer) << 4) | (IKEV2_MnVer))
|
||||
#endif /* CCNS_PL */
|
||||
|
||||
/* IKEv2 Exchange Types */
|
||||
enum {
|
||||
|
@ -154,12 +154,6 @@ static struct wpabuf * eap_ikev2_build_msg(struct eap_ikev2_data *data,
|
||||
send_len -= 4;
|
||||
}
|
||||
}
|
||||
#ifdef CCNS_PL
|
||||
/* Some issues figuring out the length of the message if Message Length
|
||||
* field not included?! */
|
||||
if (!(flags & IKEV2_FLAGS_LENGTH_INCLUDED))
|
||||
flags |= IKEV2_FLAGS_LENGTH_INCLUDED;
|
||||
#endif /* CCNS_PL */
|
||||
|
||||
plen = 1 + send_len;
|
||||
if (flags & IKEV2_FLAGS_LENGTH_INCLUDED)
|
||||
@ -381,12 +375,7 @@ static struct wpabuf * eap_ikev2_process(struct eap_sm *sm, void *priv,
|
||||
"Message Length %u", flags, message_length);
|
||||
|
||||
if (data->state == WAIT_FRAG_ACK) {
|
||||
#ifdef CCNS_PL
|
||||
if (len > 1) /* Empty Flags field included in ACK */
|
||||
#else /* CCNS_PL */
|
||||
if (len != 0)
|
||||
#endif /* CCNS_PL */
|
||||
{
|
||||
if (len != 0) {
|
||||
wpa_printf(MSG_DEBUG, "EAP-IKEV2: Unexpected payload "
|
||||
"in WAIT_FRAG_ACK state");
|
||||
ret->ignore = TRUE;
|
||||
|
@ -72,27 +72,10 @@ static int ikev2_derive_keys(struct ikev2_responder_data *data)
|
||||
os_memcpy(pos, data->i_spi, IKEV2_SPI_LEN);
|
||||
pos += IKEV2_SPI_LEN;
|
||||
os_memcpy(pos, data->r_spi, IKEV2_SPI_LEN);
|
||||
#ifdef CCNS_PL
|
||||
#if __BYTE_ORDER == __LITTLE_ENDIAN
|
||||
{
|
||||
int i;
|
||||
u8 *tmp = pos - IKEV2_SPI_LEN;
|
||||
/* Incorrect byte re-ordering on little endian hosts.. */
|
||||
for (i = 0; i < IKEV2_SPI_LEN; i++)
|
||||
*tmp++ = data->i_spi[IKEV2_SPI_LEN - 1 - i];
|
||||
for (i = 0; i < IKEV2_SPI_LEN; i++)
|
||||
*tmp++ = data->r_spi[IKEV2_SPI_LEN - 1 - i];
|
||||
}
|
||||
#endif
|
||||
#endif /* CCNS_PL */
|
||||
|
||||
/* SKEYSEED = prf(Ni | Nr, g^ir) */
|
||||
/* Use zero-padding per RFC 4306, Sect. 2.14 */
|
||||
pad_len = data->dh->prime_len - wpabuf_len(shared);
|
||||
#ifdef CCNS_PL
|
||||
/* Shared secret is not zero-padded correctly */
|
||||
pad_len = 0;
|
||||
#endif /* CCNS_PL */
|
||||
pad = os_zalloc(pad_len ? pad_len : 1);
|
||||
if (pad == NULL) {
|
||||
wpabuf_free(shared);
|
||||
@ -179,21 +162,12 @@ static int ikev2_parse_transform(struct ikev2_proposal_data *prop,
|
||||
"Transform Attr for AES");
|
||||
break;
|
||||
}
|
||||
#ifdef CCNS_PL
|
||||
if (WPA_GET_BE16(pos) != 0x001d /* ?? */) {
|
||||
wpa_printf(MSG_DEBUG, "IKEV2: Not a "
|
||||
"Key Size attribute for "
|
||||
"AES");
|
||||
break;
|
||||
}
|
||||
#else /* CCNS_PL */
|
||||
if (WPA_GET_BE16(pos) != 0x800e) {
|
||||
wpa_printf(MSG_DEBUG, "IKEV2: Not a "
|
||||
"Key Size attribute for "
|
||||
"AES");
|
||||
break;
|
||||
}
|
||||
#endif /* CCNS_PL */
|
||||
if (WPA_GET_BE16(pos + 2) != 128) {
|
||||
wpa_printf(MSG_DEBUG, "IKEV2: "
|
||||
"Unsupported AES key size "
|
||||
@ -456,14 +430,6 @@ static int ikev2_process_ni(struct ikev2_responder_data *data,
|
||||
return -1;
|
||||
}
|
||||
|
||||
#ifdef CCNS_PL
|
||||
/* Zeros are removed incorrectly from the beginning of the nonces */
|
||||
while (ni_len > 1 && *ni == 0) {
|
||||
ni_len--;
|
||||
ni++;
|
||||
}
|
||||
#endif /* CCNS_PL */
|
||||
|
||||
data->i_nonce_len = ni_len;
|
||||
os_memcpy(data->i_nonce, ni, ni_len);
|
||||
wpa_hexdump(MSG_MSGDUMP, "IKEV2: Ni",
|
||||
@ -887,16 +853,7 @@ static int ikev2_build_sar1(struct ikev2_responder_data *data,
|
||||
phdr->flags = 0;
|
||||
|
||||
p = wpabuf_put(msg, sizeof(*p));
|
||||
#ifdef CCNS_PL
|
||||
/* Seems to require that the Proposal # is 1 even though RFC 4306
|
||||
* Sect 3.3.1 has following requirement "When a proposal is accepted,
|
||||
* all of the proposal numbers in the SA payload MUST be the same and
|
||||
* MUST match the number on the proposal sent that was accepted.".
|
||||
*/
|
||||
p->proposal_num = 1;
|
||||
#else /* CCNS_PL */
|
||||
p->proposal_num = data->proposal.proposal_num;
|
||||
#endif /* CCNS_PL */
|
||||
p->protocol_id = IKEV2_PROTOCOL_IKE;
|
||||
p->num_transforms = 4;
|
||||
|
||||
@ -906,11 +863,7 @@ static int ikev2_build_sar1(struct ikev2_responder_data *data,
|
||||
WPA_PUT_BE16(t->transform_id, data->proposal.encr);
|
||||
if (data->proposal.encr == ENCR_AES_CBC) {
|
||||
/* Transform Attribute: Key Len = 128 bits */
|
||||
#ifdef CCNS_PL
|
||||
wpabuf_put_be16(msg, 0x001d); /* ?? */
|
||||
#else /* CCNS_PL */
|
||||
wpabuf_put_be16(msg, 0x800e); /* AF=1, AttrType=14 */
|
||||
#endif /* CCNS_PL */
|
||||
wpabuf_put_be16(msg, 128); /* 128-bit key */
|
||||
}
|
||||
plen = (u8 *) wpabuf_put(msg, 0) - (u8 *) t;
|
||||
@ -1082,11 +1035,7 @@ static int ikev2_build_notification(struct ikev2_responder_data *data,
|
||||
phdr = wpabuf_put(msg, sizeof(*phdr));
|
||||
phdr->next_payload = next_payload;
|
||||
phdr->flags = 0;
|
||||
#ifdef CCNS_PL
|
||||
wpabuf_put_u8(msg, 1); /* Protocol ID: IKE_SA notification */
|
||||
#else /* CCNS_PL */
|
||||
wpabuf_put_u8(msg, 0); /* Protocol ID: no existing SA */
|
||||
#endif /* CCNS_PL */
|
||||
wpabuf_put_u8(msg, 0); /* SPI Size */
|
||||
wpabuf_put_be16(msg, data->error_type);
|
||||
|
||||
@ -1130,13 +1079,6 @@ static struct wpabuf * ikev2_build_sa_init(struct ikev2_responder_data *data)
|
||||
data->r_nonce_len = IKEV2_NONCE_MIN_LEN;
|
||||
if (random_get_bytes(data->r_nonce, data->r_nonce_len))
|
||||
return NULL;
|
||||
#ifdef CCNS_PL
|
||||
/* Zeros are removed incorrectly from the beginning of the nonces in
|
||||
* key derivation; as a workaround, make sure Nr does not start with
|
||||
* zero.. */
|
||||
if (data->r_nonce[0] == 0)
|
||||
data->r_nonce[0] = 1;
|
||||
#endif /* CCNS_PL */
|
||||
wpa_hexdump(MSG_DEBUG, "IKEV2: Nr", data->r_nonce, data->r_nonce_len);
|
||||
|
||||
msg = wpabuf_alloc(sizeof(struct ikev2_hdr) + data->IDr_len + 1500);
|
||||
|
Loading…
Reference in New Issue
Block a user