diff --git a/wlantest/gcmp.c b/wlantest/gcmp.c index d1b54cec6..86bb2da0b 100644 --- a/wlantest/gcmp.c +++ b/wlantest/gcmp.c @@ -386,7 +386,7 @@ static void gcmp_aad_nonce(const struct ieee80211_hdr *hdr, const u8 *data, u8 * gcmp_decrypt(const u8 *tk, const struct ieee80211_hdr *hdr, const u8 *data, size_t data_len, size_t *decrypted_len) { - u8 aad[2 + 30], nonce[12], *plain; + u8 aad[30], nonce[12], *plain; size_t aad_len, mlen; const u8 *m; @@ -401,12 +401,11 @@ u8 * gcmp_decrypt(const u8 *tk, const struct ieee80211_hdr *hdr, mlen = data_len - 8 - 16; os_memset(aad, 0, sizeof(aad)); - gcmp_aad_nonce(hdr, data, &aad[2], &aad_len, nonce); - WPA_PUT_BE16(aad, aad_len); - wpa_hexdump(MSG_EXCESSIVE, "GCMP AAD", &aad[2], aad_len); + gcmp_aad_nonce(hdr, data, aad, &aad_len, nonce); + wpa_hexdump(MSG_EXCESSIVE, "GCMP AAD", aad, aad_len); wpa_hexdump(MSG_EXCESSIVE, "GCMP nonce", nonce, sizeof(nonce)); - if (aes_gcm_ad(tk, nonce, m, mlen, &aad[2], aad_len, m + mlen, plain) < + if (aes_gcm_ad(tk, nonce, m, mlen, aad, aad_len, m + mlen, plain) < 0) { u16 seq_ctrl = le_to_host16(hdr->seq_ctrl); wpa_printf(MSG_INFO, "Invalid GCMP frame: A1=" MACSTR @@ -427,7 +426,7 @@ u8 * gcmp_decrypt(const u8 *tk, const struct ieee80211_hdr *hdr, u8 * gcmp_encrypt(const u8 *tk, u8 *frame, size_t len, size_t hdrlen, u8 *qos, u8 *pn, int keyid, size_t *encrypted_len) { - u8 aad[2 + 30], nonce[12], *crypt, *pos; + u8 aad[30], nonce[12], *crypt, *pos; size_t aad_len, plen; struct ieee80211_hdr *hdr; @@ -453,12 +452,11 @@ u8 * gcmp_encrypt(const u8 *tk, u8 *frame, size_t len, size_t hdrlen, u8 *qos, *pos++ = pn[0]; /* PN5 */ os_memset(aad, 0, sizeof(aad)); - gcmp_aad_nonce(hdr, crypt + hdrlen, &aad[2], &aad_len, nonce); - WPA_PUT_BE16(aad, aad_len); - wpa_hexdump(MSG_EXCESSIVE, "GCMP AAD", &aad[2], aad_len); + gcmp_aad_nonce(hdr, crypt + hdrlen, aad, &aad_len, nonce); + wpa_hexdump(MSG_EXCESSIVE, "GCMP AAD", aad, aad_len); wpa_hexdump(MSG_EXCESSIVE, "GCMP nonce", nonce, sizeof(nonce)); - if (aes_gcm_ae(tk, nonce, frame + hdrlen, plen, &aad[2], aad_len, + if (aes_gcm_ae(tk, nonce, frame + hdrlen, plen, aad, aad_len, pos, pos + plen) < 0) { os_free(crypt); return NULL;