From 625598c1442a76f2a166d90e6b612bfde9bb6def Mon Sep 17 00:00:00 2001 From: damien Date: Tue, 12 Aug 2008 16:14:05 +0000 Subject: [PATCH] get rid of the map_ptk()/map_gtk() functions, just inline them which makes things easier to track. --- sys/net80211/ieee80211_crypto.c | 35 +----------- sys/net80211/ieee80211_crypto.h | 7 +-- sys/net80211/ieee80211_node.c | 12 +++-- sys/net80211/ieee80211_pae_input.c | 87 ++++++++++++++++++++---------- sys/net80211/ieee80211_proto.c | 15 +++--- 5 files changed, 76 insertions(+), 80 deletions(-) diff --git a/sys/net80211/ieee80211_crypto.c b/sys/net80211/ieee80211_crypto.c index 980fc7c6f65..bbc50904b09 100644 --- a/sys/net80211/ieee80211_crypto.c +++ b/sys/net80211/ieee80211_crypto.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ieee80211_crypto.c,v 1.45 2008/08/12 16:05:15 damien Exp $ */ +/* $OpenBSD: ieee80211_crypto.c,v 1.46 2008/08/12 16:14:05 damien Exp $ */ /*- * Copyright (c) 2008 Damien Bergamini @@ -469,36 +469,3 @@ ieee80211_cipher_keylen(enum ieee80211_cipher cipher) return 0; } } - -/* - * Map PTK to IEEE 802.11 key (see 8.6). - */ -void -ieee80211_map_ptk(const struct ieee80211_ptk *ptk, - enum ieee80211_cipher cipher, u_int64_t rsc, struct ieee80211_key *k) -{ - memset(k, 0, sizeof(*k)); - k->k_cipher = cipher; - k->k_flags = IEEE80211_KEY_TX; - k->k_len = ieee80211_cipher_keylen(cipher); - k->k_rsc[0] = rsc; - memcpy(k->k_key, ptk->tk, k->k_len); -} - -/* - * Map GTK to IEEE 802.11 key (see 8.6). - */ -void -ieee80211_map_gtk(const u_int8_t *gtk, enum ieee80211_cipher cipher, int kid, - int txflag, u_int64_t rsc, struct ieee80211_key *k) -{ - memset(k, 0, sizeof(*k)); - k->k_id = kid; - k->k_cipher = cipher; - k->k_flags = IEEE80211_KEY_GROUP; - if (txflag) - k->k_flags |= IEEE80211_KEY_TX; - k->k_len = ieee80211_cipher_keylen(cipher); - k->k_rsc[0] = rsc; - memcpy(k->k_key, gtk, k->k_len); -} diff --git a/sys/net80211/ieee80211_crypto.h b/sys/net80211/ieee80211_crypto.h index 178e7144ead..b752b203ab6 100644 --- a/sys/net80211/ieee80211_crypto.h +++ b/sys/net80211/ieee80211_crypto.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ieee80211_crypto.h,v 1.14 2008/08/12 16:05:15 damien Exp $ */ +/* $OpenBSD: ieee80211_crypto.h,v 1.15 2008/08/12 16:14:05 damien Exp $ */ /* $NetBSD: ieee80211_crypto.h,v 1.2 2003/09/14 01:14:55 dyoung Exp $ */ /*- @@ -144,10 +144,5 @@ extern void ieee80211_derive_ptk(enum ieee80211_akm, const u_int8_t *, const u_int8_t *, const u_int8_t *, const u_int8_t *, const u_int8_t *, struct ieee80211_ptk *); extern int ieee80211_cipher_keylen(enum ieee80211_cipher); -extern void ieee80211_map_ptk(const struct ieee80211_ptk *, - enum ieee80211_cipher, u_int64_t, struct ieee80211_key *); -extern void ieee80211_map_gtk(const u_int8_t *, enum ieee80211_cipher, int, - int, u_int64_t, struct ieee80211_key *); - #endif /* _NET80211_IEEE80211_CRYPTO_H_ */ diff --git a/sys/net80211/ieee80211_node.c b/sys/net80211/ieee80211_node.c index dfbcde24ab2..39dad39363e 100644 --- a/sys/net80211/ieee80211_node.c +++ b/sys/net80211/ieee80211_node.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ieee80211_node.c,v 1.38 2008/08/02 08:20:16 damien Exp $ */ +/* $OpenBSD: ieee80211_node.c,v 1.39 2008/08/12 16:14:05 damien Exp $ */ /* $NetBSD: ieee80211_node.c,v 1.14 2004/05/09 09:18:47 dyoung Exp $ */ /*- @@ -305,7 +305,6 @@ ieee80211_create_ibss(struct ieee80211com* ic, struct ieee80211_channel *chan) ni->ni_capinfo |= IEEE80211_CAPINFO_PRIVACY; if (ic->ic_flags & IEEE80211_F_RSNON) { struct ieee80211_key *k; - u_int8_t gtk[IEEE80211_PMK_LEN]; /* initialize 256-bit global key counter to a random value */ arc4random_buf(ic->ic_globalcnt, EAPOL_KEY_NONCE_LEN); @@ -318,9 +317,12 @@ ieee80211_create_ibss(struct ieee80211com* ic, struct ieee80211_channel *chan) ic->ic_def_txkey = 1; k = &ic->ic_nw_keys[ic->ic_def_txkey]; - arc4random_buf(gtk, sizeof(gtk)); - ieee80211_map_gtk(gtk, ni->ni_rsngroupcipher, - ic->ic_def_txkey, 1, 0, k); + memset(k, 0, sizeof(*k)); + k->k_id = ic->ic_def_txkey; + k->k_cipher = ni->ni_rsngroupcipher; + k->k_flags = IEEE80211_KEY_GROUP | IEEE80211_KEY_TX; + k->k_len = ieee80211_cipher_keylen(k->k_cipher); + arc4random_buf(k->k_key, k->k_len); (*ic->ic_set_key)(ic, ni, k); /* XXX */ /* diff --git a/sys/net80211/ieee80211_pae_input.c b/sys/net80211/ieee80211_pae_input.c index 8dc336e990a..606a088c415 100644 --- a/sys/net80211/ieee80211_pae_input.c +++ b/sys/net80211/ieee80211_pae_input.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ieee80211_pae_input.c,v 1.6 2008/08/12 16:05:15 damien Exp $ */ +/* $OpenBSD: ieee80211_pae_input.c,v 1.7 2008/08/12 16:14:05 damien Exp $ */ /*- * Copyright (c) 2007,2008 Damien Bergamini @@ -299,6 +299,7 @@ ieee80211_recv_4way_msg3(struct ieee80211com *ic, const u_int8_t *rsnie1, *rsnie2, *gtk; const u_int8_t *pmk; u_int16_t info, reason = 0; + int keylen; if (ic->ic_opmode != IEEE80211_M_STA && ic->ic_opmode != IEEE80211_M_IBSS) @@ -445,15 +446,21 @@ ieee80211_recv_4way_msg3(struct ieee80211com *ic, u_int64_t prsc; /* check that key length matches that of pairwise cipher */ - if (BE_READ_2(key->keylen) != - ieee80211_cipher_keylen(ni->ni_rsncipher)) { + keylen = ieee80211_cipher_keylen(ni->ni_rsncipher); + if (BE_READ_2(key->keylen) != keylen) { reason = IEEE80211_REASON_AUTH_LEAVE; goto deauth; } - /* install the PTK */ prsc = (gtk == NULL) ? LE_READ_6(key->rsc) : 0; + + /* map PTK to 802.11 key */ k = &ni->ni_pairwise_key; - ieee80211_map_ptk(&ni->ni_ptk, ni->ni_rsncipher, prsc, k); + memset(k, 0, sizeof(*k)); + k->k_cipher = ni->ni_rsncipher; + k->k_rsc[0] = prsc; + k->k_len = keylen; + memcpy(k->k_key, ni->ni_ptk.tk, k->k_len); + /* install the PTK */ if ((*ic->ic_set_key)(ic, ni, k) != 0) { reason = IEEE80211_REASON_AUTH_LEAVE; goto deauth; @@ -461,7 +468,6 @@ ieee80211_recv_4way_msg3(struct ieee80211com *ic, ni->ni_flags |= IEEE80211_NODE_RXPROT; } if (gtk != NULL) { - u_int64_t rsc; u_int8_t kid; /* check that the GTK KDE is valid */ @@ -470,17 +476,24 @@ ieee80211_recv_4way_msg3(struct ieee80211com *ic, goto deauth; } /* check that key length matches that of group cipher */ - if (gtk[1] - 6 != - ieee80211_cipher_keylen(ni->ni_rsngroupcipher)) { + keylen = ieee80211_cipher_keylen(ni->ni_rsngroupcipher); + if (gtk[1] != 6 + keylen) { reason = IEEE80211_REASON_AUTH_LEAVE; goto deauth; } - /* install the GTK */ + /* map GTK to 802.11 key */ kid = gtk[6] & 3; - rsc = LE_READ_6(key->rsc); k = &ic->ic_nw_keys[kid]; - ieee80211_map_gtk(>k[8], ni->ni_rsngroupcipher, kid, - gtk[6] & (1 << 2), rsc, k); + memset(k, 0, sizeof(*k)); + k->k_id = kid; /* 0-3 */ + k->k_cipher = ni->ni_rsngroupcipher; + k->k_flags = IEEE80211_KEY_GROUP; + if (gtk[6] & (1 << 2)) + k->k_flags |= IEEE80211_KEY_TX; + k->k_rsc[0] = LE_READ_6(key->rsc); + k->k_len = keylen; + memcpy(k->k_key, >k[8], k->k_len); + /* install the GTK */ if ((*ic->ic_set_key)(ic, ni, k) != 0) { reason = IEEE80211_REASON_AUTH_LEAVE; goto deauth; @@ -538,9 +551,15 @@ ieee80211_recv_4way_msg4(struct ieee80211com *ic, ni->ni_rsn_retries = 0; if (ni->ni_rsncipher != IEEE80211_CIPHER_USEGROUP) { + struct ieee80211_key *k; + + /* map PTK to 802.11 key */ + k = &ni->ni_pairwise_key; + memset(k, 0, sizeof(*k)); + k->k_cipher = ni->ni_rsncipher; + k->k_len = ieee80211_cipher_keylen(k->k_cipher); + memcpy(k->k_key, ni->ni_ptk.tk, k->k_len); /* install the PTK */ - struct ieee80211_key *k = &ni->ni_pairwise_key; - ieee80211_map_ptk(&ni->ni_ptk, ni->ni_rsncipher, 0, k); if ((*ic->ic_set_key)(ic, ni, k) != 0) { IEEE80211_SEND_MGMT(ic, ni, IEEE80211_FC0_SUBTYPE_DEAUTH, @@ -626,9 +645,9 @@ ieee80211_recv_rsn_group_msg1(struct ieee80211com *ic, struct ieee80211_key *k; const u_int8_t *frm, *efrm; const u_int8_t *gtk; - u_int64_t rsc; u_int16_t info; u_int8_t kid; + int keylen; if (ic->ic_opmode != IEEE80211_M_STA && ic->ic_opmode != IEEE80211_M_IBSS) @@ -683,15 +702,22 @@ ieee80211_recv_rsn_group_msg1(struct ieee80211com *ic, } /* check that key length matches that of group cipher */ - if (gtk[1] - 6 != ieee80211_cipher_keylen(ni->ni_rsngroupcipher)) + keylen = ieee80211_cipher_keylen(ni->ni_rsngroupcipher); + if (gtk[1] != 6 + keylen) return; - /* install the GTK */ + /* map GTK to 802.11 key */ kid = gtk[6] & 3; - rsc = LE_READ_6(key->rsc); k = &ic->ic_nw_keys[kid]; - ieee80211_map_gtk(>k[8], ni->ni_rsngroupcipher, kid, - gtk[6] & (1 << 2), rsc, k); + memset(k, 0, sizeof(*k)); + k->k_id = kid; /* 0-3 */ + k->k_cipher = ni->ni_rsngroupcipher; + k->k_flags = IEEE80211_KEY_GROUP; + if (gtk[6] & (1 << 2)) + k->k_flags |= IEEE80211_KEY_TX; + k->k_rsc[0] = LE_READ_6(key->rsc); + k->k_len = keylen; + /* install the GTK */ if ((*ic->ic_set_key)(ic, ni, k) != 0) { IEEE80211_SEND_MGMT(ic, ni, IEEE80211_FC0_SUBTYPE_DEAUTH, IEEE80211_REASON_AUTH_LEAVE); @@ -723,8 +749,6 @@ ieee80211_recv_wpa_group_msg1(struct ieee80211com *ic, struct ieee80211_eapol_key *key, struct ieee80211_node *ni) { struct ieee80211_key *k; - const u_int8_t *frm; - u_int64_t rsc; u_int16_t info; u_int8_t kid; int keylen; @@ -762,15 +786,20 @@ ieee80211_recv_wpa_group_msg1(struct ieee80211com *ic, if (BE_READ_2(key->paylen) < keylen) return; - /* key data field contains the GTK */ - frm = (const u_int8_t *)&key[1]; - - /* install the GTK */ + /* map GTK to 802.11 key */ kid = (info >> EAPOL_KEY_WPA_KID_SHIFT) & 3; - rsc = LE_READ_6(key->rsc); k = &ic->ic_nw_keys[kid]; - ieee80211_map_gtk(frm, ni->ni_rsngroupcipher, kid, - info & EAPOL_KEY_WPA_TX, rsc, k); + memset(k, 0, sizeof(*k)); + k->k_id = kid; /* 0-3 */ + k->k_cipher = ni->ni_rsngroupcipher; + k->k_flags = IEEE80211_KEY_GROUP; + if (info & EAPOL_KEY_WPA_TX) + k->k_flags |= IEEE80211_KEY_TX; + k->k_rsc[0] = LE_READ_6(key->rsc); + k->k_len = keylen; + /* key data field contains the GTK */ + memcpy(k->k_key, &key[1], k->k_len); + /* install the GTK */ if ((*ic->ic_set_key)(ic, ni, k) != 0) { IEEE80211_SEND_MGMT(ic, ni, IEEE80211_FC0_SUBTYPE_DEAUTH, IEEE80211_REASON_AUTH_LEAVE); diff --git a/sys/net80211/ieee80211_proto.c b/sys/net80211/ieee80211_proto.c index 14312051a32..5b8e8019b40 100644 --- a/sys/net80211/ieee80211_proto.c +++ b/sys/net80211/ieee80211_proto.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ieee80211_proto.c,v 1.28 2008/07/27 14:21:15 damien Exp $ */ +/* $OpenBSD: ieee80211_proto.c,v 1.29 2008/08/12 16:14:05 damien Exp $ */ /* $NetBSD: ieee80211_proto.c,v 1.8 2004/04/30 23:58:20 dyoung Exp $ */ /*- @@ -386,15 +386,18 @@ ieee80211_node_gtk_rekey(void *arg, struct ieee80211_node *ni) void ieee80211_setkeys(struct ieee80211com *ic) { - u_int8_t gtk[IEEE80211_PMK_LEN]; + struct ieee80211_key *k; u_int8_t kid; /* Swap(GM, GN) */ kid = (ic->ic_def_txkey == 1) ? 2 : 1; - - arc4random_buf(gtk, sizeof(gtk)); - ieee80211_map_gtk(gtk, ic->ic_bss->ni_rsngroupcipher, kid, 1, 0, - &ic->ic_nw_keys[kid]); + k = &ic->ic_nw_keys[kid]; + memset(k, 0, sizeof(*k)); + k->k_id = kid; + k->k_cipher = ic->ic_bss->ni_rsngroupcipher; + k->k_flags = IEEE80211_KEY_GROUP | IEEE80211_KEY_TX; + k->k_len = ieee80211_cipher_keylen(k->k_cipher); + arc4random_buf(k->k_key, k->k_len); ic->ic_rsn_keydonesta = 0; ieee80211_iterate_nodes(ic, ieee80211_node_gtk_rekey, ic); -- 2.20.1