[PATCH 2/6] mka: cleanups, part 2
Sabrina Dubroca
sd at queasysnail.net
Fri Aug 12 06:07:33 PDT 2016
- add some helpers (MKA_ALIGN_LENGTH macro, reset_participant_mi)
- reorganize loops in i_in_peerlist, decode_mkpdu,
decode_live_peer_body
- clean up printf formats
- use named initializers for static structs
Signed-off-by: Sabrina Dubroca <sd at queasysnail.net>
---
src/pae/ieee802_1x_kay.c | 270 +++++++++++++++++++++--------------------------
1 file changed, 119 insertions(+), 151 deletions(-)
diff --git a/src/pae/ieee802_1x_kay.c b/src/pae/ieee802_1x_kay.c
index 65c3eff9a009..d10eb9fa1e16 100644
--- a/src/pae/ieee802_1x_kay.c
+++ b/src/pae/ieee802_1x_kay.c
@@ -29,6 +29,8 @@
#define PENDING_PN_EXHAUSTION 0xC0000000
+#define MKA_ALIGN_LENGTH(len) (((len) + 0x3) & ~0x3)
+
/* IEEE Std 802.1X-2010, Table 9-1 - MKA Algorithm Agility */
#define MKA_ALGO_AGILITY_2009 { 0x00, 0x80, 0xC2, 0x01 }
static u8 mka_algo_agility[4] = MKA_ALGO_AGILITY_2009;
@@ -37,12 +39,11 @@ static u8 mka_algo_agility[4] = MKA_ALGO_AGILITY_2009;
static struct macsec_ciphersuite cipher_suite_tbl[] = {
/* GCM-AES-128 */
{
- CS_ID_GCM_AES_128,
- CS_NAME_GCM_AES_128,
- MACSEC_CAP_INTEG_AND_CONF_0_30_50,
- 16,
-
- 0 /* index */
+ .id = CS_ID_GCM_AES_128,
+ .name = CS_NAME_GCM_AES_128,
+ .capable = MACSEC_CAP_INTEG_AND_CONF_0_30_50,
+ .sak_len = DEFAULT_SA_KEY_LEN,
+ .index = 0,
},
};
#define CS_TABLE_SIZE (ARRAY_SIZE(cipher_suite_tbl))
@@ -50,16 +51,21 @@ static struct macsec_ciphersuite cipher_suite_tbl[] = {
static struct mka_alg mka_alg_tbl[] = {
{
- MKA_ALGO_AGILITY_2009,
+ .parameter = MKA_ALGO_AGILITY_2009,
+
/* 128-bit CAK, KEK, ICK, ICV */
- 16, 16, 16, 16,
- ieee802_1x_cak_128bits_aes_cmac,
- ieee802_1x_ckn_128bits_aes_cmac,
- ieee802_1x_kek_128bits_aes_cmac,
- ieee802_1x_ick_128bits_aes_cmac,
- ieee802_1x_icv_128bits_aes_cmac,
-
- 1, /* index */
+ .cak_len = DEFAULT_ICV_LEN,
+ .kek_len = DEFAULT_ICV_LEN,
+ .ick_len = DEFAULT_ICV_LEN,
+ .icv_len = DEFAULT_ICV_LEN,
+
+ .cak_trfm = ieee802_1x_cak_128bits_aes_cmac,
+ .ckn_trfm = ieee802_1x_ckn_128bits_aes_cmac,
+ .kek_trfm = ieee802_1x_kek_128bits_aes_cmac,
+ .ick_trfm = ieee802_1x_ick_128bits_aes_cmac,
+ .icv_hash = ieee802_1x_icv_128bits_aes_cmac,
+
+ .index = 1,
},
};
#define MKA_ALG_TABLE_SIZE (ARRAY_SIZE(mka_alg_tbl))
@@ -123,7 +129,7 @@ ieee802_1x_mka_dump_basic_body(struct ieee802_1x_mka_basic_body *body)
wpa_printf(MSG_DEBUG, "\tKeySvr........: %d", body->key_server);
wpa_printf(MSG_DEBUG, "\tMACSecDesired.: %d", body->macsec_desired);
wpa_printf(MSG_DEBUG, "\tMACSecCapable.: %d", body->macsec_capability);
- wpa_printf(MSG_DEBUG, "\tBody Length...: %d", (int) body_len);
+ wpa_printf(MSG_DEBUG, "\tBody Length...: %zu", body_len);
wpa_printf(MSG_DEBUG, "\tSCI MAC.......: " MACSTR,
MAC2STR(body->actor_sci.addr));
wpa_printf(MSG_DEBUG, "\tSCI Port .....: %d",
@@ -156,10 +162,10 @@ ieee802_1x_mka_dump_peer_body(struct ieee802_1x_mka_peer_body *body)
body_len = get_mka_param_body_len(body);
if (body->type == MKA_LIVE_PEER_LIST) {
wpa_printf(MSG_DEBUG, "*** Live Peer List ***");
- wpa_printf(MSG_DEBUG, "\tBody Length...: %d", (int) body_len);
+ wpa_printf(MSG_DEBUG, "\tBody Length...: %zu", body_len);
} else if (body->type == MKA_POTENTIAL_PEER_LIST) {
wpa_printf(MSG_DEBUG, "*** Potential Live Peer List ***");
- wpa_printf(MSG_DEBUG, "\tBody Length...: %d", (int) body_len);
+ wpa_printf(MSG_DEBUG, "\tBody Length...: %zu", body_len);
}
for (i = 0; i < body_len; i += MI_LEN + sizeof(mn)) {
@@ -187,7 +193,7 @@ ieee802_1x_mka_dump_dist_sak_body(struct ieee802_1x_mka_dist_sak_body *body)
wpa_printf(MSG_INFO, "\tDistributed AN........: %d", body->dan);
wpa_printf(MSG_INFO, "\tConfidentiality Offset: %d",
body->confid_offset);
- wpa_printf(MSG_INFO, "\tBody Length...........: %d", (int) body_len);
+ wpa_printf(MSG_INFO, "\tBody Length...........: %zu", body_len);
if (!body_len)
return;
@@ -280,7 +286,7 @@ ieee802_1x_kay_get_principal_participant(struct ieee802_1x_kay *kay)
return participant;
}
- wpa_printf(MSG_DEBUG, "KaY: principal participant is not founded");
+ wpa_printf(MSG_DEBUG, "KaY: principal participant is not found");
return NULL;
}
@@ -449,8 +455,8 @@ ieee802_1x_kay_init_receive_sa(struct receive_sc *psc, u8 an, u32 lowest_pn,
dl_list_add(&psc->sa_list, &psa->list);
wpa_printf(MSG_DEBUG,
- "KaY: Create receive SA(AN: %d lowest_pn: %u of SC(channel: %d)",
- (int) an, lowest_pn, psc->channel);
+ "KaY: Create receive SA(AN: %hhu lowest_pn: %u of SC(channel: %d)",
+ an, lowest_pn, psc->channel);
return psa;
}
@@ -463,8 +469,8 @@ static void ieee802_1x_kay_deinit_receive_sa(struct receive_sa *psa)
{
psa->pkey = NULL;
wpa_printf(MSG_DEBUG,
- "KaY: Delete receive SA(an: %d) of SC(channel: %d)",
- psa->an, psa->sc->channel);
+ "KaY: Delete receive SA(an: %hhu) of SC",
+ psa->an);
dl_list_del(&psa->list);
os_free(psa);
}
@@ -664,7 +670,7 @@ ieee802_1x_mka_basic_body_length(struct ieee802_1x_mka_participant *participant)
length = sizeof(struct ieee802_1x_mka_basic_body);
length += participant->ckn.len;
- return (length + 0x3) & ~0x3;
+ return MKA_ALIGN_LENGTH(length);
}
@@ -711,6 +717,16 @@ ieee802_1x_mka_encode_basic_body(
}
+static Boolean reset_participant_mi(struct ieee802_1x_mka_participant *participant)
+{
+ if (os_get_random(participant->mi, sizeof(participant->mi)) < 0)
+ return FALSE;
+ participant->mn = 0;
+
+ return TRUE;
+}
+
+
/**
* ieee802_1x_mka_decode_basic_body -
*/
@@ -742,9 +758,8 @@ ieee802_1x_mka_decode_basic_body(struct ieee802_1x_kay *kay, const u8 *mka_msg,
/* If the peer's MI is my MI, I will choose new MI */
if (os_memcmp(body->actor_mi, participant->mi, MI_LEN) == 0) {
- if (os_get_random(participant->mi, sizeof(participant->mi)) < 0)
+ if (!reset_participant_mi(participant))
return NULL;
- participant->mn = 0;
}
os_memcpy(participant->current_peer_id.mi, body->actor_mi, MI_LEN);
@@ -820,7 +835,7 @@ ieee802_1x_mka_get_live_peer_length(
struct ieee802_1x_kay_peer, list)
len += sizeof(struct ieee802_1x_mka_peer_id);
- return (len + 0x3) & ~0x3;
+ return MKA_ALIGN_LENGTH(len);
}
@@ -849,7 +864,6 @@ ieee802_1x_mka_encode_live_peer_body(
sizeof(struct ieee802_1x_mka_peer_id));
os_memcpy(body_peer->mi, peer->mi, MI_LEN);
body_peer->mn = host_to_be32(peer->mn);
- body_peer++;
}
ieee802_1x_mka_dump_peer_body(body);
@@ -881,7 +895,7 @@ ieee802_1x_mka_get_potential_peer_length(
struct ieee802_1x_kay_peer, list)
len += sizeof(struct ieee802_1x_mka_peer_id);
- return (len + 0x3) & ~0x3;
+ return MKA_ALIGN_LENGTH(len);
}
@@ -910,7 +924,6 @@ ieee802_1x_mka_encode_potential_peer_body(
sizeof(struct ieee802_1x_mka_peer_id));
os_memcpy(body_peer->mi, peer->mi, MI_LEN);
body_peer->mn = host_to_be32(peer->mn);
- body_peer++;
}
ieee802_1x_mka_dump_peer_body(body);
@@ -925,64 +938,52 @@ static Boolean
ieee802_1x_mka_i_in_peerlist(struct ieee802_1x_mka_participant *participant,
const u8 *mka_msg, size_t msg_len)
{
- Boolean included = FALSE;
struct ieee802_1x_mka_hdr *hdr;
size_t body_len;
size_t left_len;
u8 body_type;
- u32 peer_mn;
- be32 _peer_mn;
- const u8 *peer_mi;
const u8 *pos;
size_t i;
- pos = mka_msg;
- left_len = msg_len;
- while (left_len > (MKA_HDR_LEN + DEFAULT_ICV_LEN)) {
+ for (pos = mka_msg, left_len = msg_len ;
+ left_len > (MKA_HDR_LEN + DEFAULT_ICV_LEN) ;
+ left_len -= body_len + MKA_HDR_LEN,
+ pos += body_len + MKA_HDR_LEN) {
hdr = (struct ieee802_1x_mka_hdr *) pos;
body_len = get_mka_param_body_len(hdr);
body_type = get_mka_param_body_type(hdr);
if (body_type != MKA_LIVE_PEER_LIST &&
body_type != MKA_POTENTIAL_PEER_LIST)
- goto SKIP_PEER;
+ continue;
ieee802_1x_mka_dump_peer_body(
(struct ieee802_1x_mka_peer_body *)pos);
if (left_len < (MKA_HDR_LEN + body_len + DEFAULT_ICV_LEN)) {
wpa_printf(MSG_ERROR,
- "KaY: MKA Peer Packet Body Length (%d bytes) is less than the Parameter Set Header Length (%d bytes) + the Parameter Set Body Length (%d bytes) + %d bytes of ICV",
- (int) left_len, (int) MKA_HDR_LEN,
- (int) body_len, DEFAULT_ICV_LEN);
- goto SKIP_PEER;
+ "KaY: MKA Peer Packet Body Length (%zu bytes) is less than the Parameter Set Header Length (%zu bytes) + the Parameter Set Body Length (%zu bytes) + %d bytes of ICV",
+ left_len, MKA_HDR_LEN,
+ body_len, DEFAULT_ICV_LEN);
+ continue;
}
if ((body_len % 16) != 0) {
wpa_printf(MSG_ERROR,
- "KaY: MKA Peer Packet Body Length (%d bytes) should multiple of 16 octets",
- (int) body_len);
- goto SKIP_PEER;
+ "KaY: MKA Peer Packet Body Length (%zu bytes) should be a multiple of 16 octets",
+ body_len);
+ continue;
}
- for (i = 0; i < body_len; i += MI_LEN + sizeof(peer_mn)) {
- peer_mi = MKA_HDR_LEN + pos + i;
- os_memcpy(&_peer_mn, peer_mi + MI_LEN,
- sizeof(_peer_mn));
- peer_mn = be_to_host32(_peer_mn);
- if (os_memcmp(peer_mi, participant->mi, MI_LEN) == 0 &&
- peer_mn == participant->mn) {
- included = TRUE;
- break;
+ for (i = 0; i < body_len;
+ i += sizeof(struct ieee802_1x_mka_peer_id)) {
+ const struct ieee802_1x_mka_peer_id *peer_mi =
+ (struct ieee802_1x_mka_peer_id *)(pos + MKA_HDR_LEN + i);
+ if (os_memcmp(peer_mi->mi, participant->mi, MI_LEN) == 0 &&
+ be_to_host32(peer_mi->mn) == participant->mn) {
+ return TRUE;
}
}
-
- if (included)
- return TRUE;
-
-SKIP_PEER:
- left_len -= body_len + MKA_HDR_LEN;
- pos += body_len + MKA_HDR_LEN;
}
return FALSE;
@@ -999,9 +1000,6 @@ static int ieee802_1x_mka_decode_live_peer_body(
const struct ieee802_1x_mka_hdr *hdr;
struct ieee802_1x_kay_peer *peer;
size_t body_len;
- u32 peer_mn;
- be32 _peer_mn;
- const u8 *peer_mi;
size_t i;
Boolean is_included;
@@ -1017,35 +1015,30 @@ static int ieee802_1x_mka_decode_live_peer_body(
return -1;
}
- for (i = 0; i < body_len; i += MI_LEN + sizeof(peer_mn)) {
- peer_mi = MKA_HDR_LEN + peer_msg + i;
- os_memcpy(&_peer_mn, peer_mi + MI_LEN, sizeof(_peer_mn));
- peer_mn = be_to_host32(_peer_mn);
+ for (i = 0; i < body_len; i += sizeof(struct ieee802_1x_mka_peer_id)) {
+ const struct ieee802_1x_mka_peer_id *peer_mi =
+ (struct ieee802_1x_mka_peer_id *)(peer_msg + MKA_HDR_LEN + i);
+ u32 peer_mn = be_to_host32(peer_mi->mn);
/* it is myself */
if (os_memcmp(peer_mi, participant->mi, MI_LEN) == 0) {
/* My message id is used by other participant */
- if (peer_mn > participant->mn) {
- if (os_get_random(participant->mi,
- sizeof(participant->mi)) < 0)
- wpa_printf(MSG_DEBUG,
- "KaY: Could not update mi");
- participant->mn = 0;
- }
+ if (peer_mn > participant->mn &&
+ !reset_participant_mi(participant))
+ wpa_printf(MSG_DEBUG, "KaY: Could not update mi");
continue;
}
+
if (!is_included)
continue;
- peer = ieee802_1x_kay_get_peer(participant, peer_mi);
- if (NULL != peer) {
+ peer = ieee802_1x_kay_get_peer(participant, peer_mi->mi);
+ if (peer) {
peer->mn = peer_mn;
peer->expire = time(NULL) + MKA_LIFE_TIME / 1000;
- } else {
- if (!ieee802_1x_kay_create_potential_peer(
- participant, peer_mi, peer_mn)) {
- return -1;
- }
+ } else if (!ieee802_1x_kay_create_potential_peer(
+ participant, peer_mi->mi, peer_mn)) {
+ return -1;
}
}
@@ -1061,14 +1054,11 @@ ieee802_1x_mka_decode_potential_peer_body(
struct ieee802_1x_mka_participant *participant,
const u8 *peer_msg, size_t msg_len)
{
- struct ieee802_1x_mka_hdr *hdr;
+ const struct ieee802_1x_mka_hdr *hdr;
size_t body_len;
- u32 peer_mn;
- be32 _peer_mn;
- const u8 *peer_mi;
size_t i;
- hdr = (struct ieee802_1x_mka_hdr *) peer_msg;
+ hdr = (const struct ieee802_1x_mka_hdr *) peer_msg;
body_len = get_mka_param_body_len(hdr);
if (body_len % 16 != 0) {
wpa_printf(MSG_ERROR,
@@ -1077,21 +1067,17 @@ ieee802_1x_mka_decode_potential_peer_body(
return -1;
}
- for (i = 0; i < body_len; i += MI_LEN + sizeof(peer_mn)) {
- peer_mi = MKA_HDR_LEN + peer_msg + i;
- os_memcpy(&_peer_mn, peer_mi + MI_LEN, sizeof(_peer_mn));
- peer_mn = be_to_host32(_peer_mn);
+ for (i = 0; i < body_len; i += sizeof(struct ieee802_1x_mka_peer_id)) {
+ const struct ieee802_1x_mka_peer_id *peer_mi =
+ (struct ieee802_1x_mka_peer_id *)(peer_msg + MKA_HDR_LEN + i);
+ u32 peer_mn = be_to_host32(peer_mi->mn);
/* it is myself */
if (os_memcmp(peer_mi, participant->mi, MI_LEN) == 0) {
/* My message id is used by other participant */
- if (peer_mn > participant->mn) {
- if (os_get_random(participant->mi,
- sizeof(participant->mi)) < 0)
- wpa_printf(MSG_DEBUG,
- "KaY: Could not update mi");
- participant->mn = 0;
- }
+ if (peer_mn > participant->mn &&
+ !reset_participant_mi(participant))
+ wpa_printf(MSG_DEBUG, "KaY: Could not update mi");
continue;
}
}
@@ -1107,10 +1093,7 @@ static Boolean
ieee802_1x_mka_sak_use_body_present(
struct ieee802_1x_mka_participant *participant)
{
- if (participant->to_use_sak)
- return TRUE;
- else
- return FALSE;
+ return participant->to_use_sak;
}
@@ -1125,12 +1108,8 @@ ieee802_1x_mka_get_sak_use_length(
if (participant->kay->macsec_desired && participant->advised_desired)
length = sizeof(struct ieee802_1x_mka_sak_use_body);
- else
- length = MKA_HDR_LEN;
-
- length = (length + 0x3) & ~0x3;
- return length;
+ return MKA_ALIGN_LENGTH(length);
}
@@ -1295,8 +1274,8 @@ ieee802_1x_mka_decode_sak_use_body(
if ((body_len != 0) && (body_len < 40)) {
wpa_printf(MSG_ERROR,
- "KaY: MKA Use SAK Packet Body Length (%d bytes) should be 0, 40, or more octets",
- (int) body_len);
+ "KaY: MKA Use SAK Packet Body Length (%zu bytes) should be 0, 40, or more octets",
+ body_len);
return -1;
}
@@ -1434,7 +1413,7 @@ static int
ieee802_1x_mka_get_dist_sak_length(
struct ieee802_1x_mka_participant *participant)
{
- int length;
+ int length = MKA_HDR_LEN;
int cs_index = participant->kay->macsec_csindex;
if (participant->advised_desired) {
@@ -1443,12 +1422,9 @@ ieee802_1x_mka_get_dist_sak_length(
length += CS_ID_LEN;
length += cipher_suite_tbl[cs_index].sak_len + 8;
- } else {
- length = MKA_HDR_LEN;
}
- length = (length + 0x3) & ~0x3;
- return length;
+ return MKA_ALIGN_LENGTH(length);
}
@@ -1562,8 +1538,8 @@ ieee802_1x_mka_decode_dist_sak_body(
body_len = get_mka_param_body_len(hdr);
if ((body_len != 0) && (body_len != 28) && (body_len < 36)) {
wpa_printf(MSG_ERROR,
- "KaY: MKA Use SAK Packet Body Length (%d bytes) should be 0, 28, 36, or more octets",
- (int) body_len);
+ "KaY: MKA Use SAK Packet Body Length (%zu bytes) should be 0, 28, 36, or more octets",
+ body_len);
return -1;
}
@@ -1729,12 +1705,10 @@ ieee802_1x_mka_icv_body_present(struct ieee802_1x_mka_participant *participant)
static int
ieee802_1x_mka_get_icv_length(struct ieee802_1x_mka_participant *participant)
{
- int length;
-
- length = sizeof(struct ieee802_1x_mka_icv_body);
+ int length = sizeof(struct ieee802_1x_mka_icv_body);
length += mka_alg_tbl[participant->kay->mka_algindex].icv_len;
- return (length + 0x3) & ~0x3;
+ return MKA_ALIGN_LENGTH(length);
}
@@ -1762,12 +1736,9 @@ ieee802_1x_mka_encode_icv_body(struct ieee802_1x_mka_participant *participant,
return -1;
}
- if (length != DEFAULT_ICV_LEN) {
- os_memcpy(wpabuf_put(buf, length - MKA_HDR_LEN), cmac,
- length - MKA_HDR_LEN);
- } else {
- os_memcpy(wpabuf_put(buf, length), cmac, length);
- }
+ if (length != DEFAULT_ICV_LEN)
+ length -= MKA_HDR_LEN;
+ os_memcpy(wpabuf_put(buf, length), cmac, length);
return 0;
}
@@ -1830,8 +1801,8 @@ ieee802_1x_mka_decode_dist_cak_body(
body_len = get_mka_param_body_len(hdr);
if (body_len < 28) {
wpa_printf(MSG_ERROR,
- "KaY: MKA Use SAK Packet Body Length (%d bytes) should be 28 or more octets",
- (int) body_len);
+ "KaY: MKA Use SAK Packet Body Length (%zu bytes) should be 28 or more octets",
+ body_len);
return -1;
}
@@ -1854,8 +1825,8 @@ ieee802_1x_mka_decode_kmd_body(
body_len = get_mka_param_body_len(hdr);
if (body_len < 5) {
wpa_printf(MSG_ERROR,
- "KaY: MKA Use SAK Packet Body Length (%d bytes) should be 5 or more octets",
- (int) body_len);
+ "KaY: MKA Use SAK Packet Body Length (%zu bytes) should be 5 or more octets",
+ body_len);
return -1;
}
@@ -2523,8 +2494,8 @@ ieee802_1x_kay_init_transmit_sa(struct transmit_sc *psc, u8 an, u32 next_PN,
dl_list_add(&psc->sa_list, &psa->list);
wpa_printf(MSG_DEBUG,
- "KaY: Create transmit SA(an: %d, next_PN: %u) of SC(channel: %d)",
- (int) an, next_PN, psc->channel);
+ "KaY: Create transmit SA(an: %hhu, next_PN: %u) of SC(channel: %d)",
+ an, next_PN, psc->channel);
return psa;
}
@@ -2537,8 +2508,8 @@ static void ieee802_1x_kay_deinit_transmit_sa(struct transmit_sa *psa)
{
psa->pkey = NULL;
wpa_printf(MSG_DEBUG,
- "KaY: Delete transmit SA(an: %d) of SC(channel: %d)",
- psa->an, psa->sc->channel);
+ "KaY: Delete transmit SA(an: %hhu) of SC",
+ psa->an);
dl_list_del(&psa->list);
os_free(psa);
}
@@ -2932,9 +2903,9 @@ static int ieee802_1x_kay_mkpdu_sanity_check(struct ieee802_1x_kay *kay,
/* EAPOL-MKA body should comprise basic parameter set and ICV */
if (mka_msg_len < MKA_HDR_LEN + body_len + DEFAULT_ICV_LEN) {
wpa_printf(MSG_ERROR,
- "KaY: Received EAPOL-MKA Packet Body Length (%d bytes) is less than the Basic Parameter Set Header Length (%d bytes) + the Basic Parameter Set Body Length (%d bytes) + %d bytes of ICV",
- (int) mka_msg_len, (int) MKA_HDR_LEN,
- (int) body_len, DEFAULT_ICV_LEN);
+ "KaY: Received EAPOL-MKA Packet Body Length (%zu bytes) is less than the Basic Parameter Set Header Length (%zu bytes) + the Basic Parameter Set Body Length (%zu bytes) + %d bytes of ICV",
+ mka_msg_len, MKA_HDR_LEN,
+ body_len, DEFAULT_ICV_LEN);
return -1;
}
@@ -3055,7 +3026,9 @@ static int ieee802_1x_kay_decode_mkpdu(struct ieee802_1x_kay *kay,
handled[i] = FALSE;
handled[0] = TRUE;
- while (left_len > MKA_HDR_LEN + DEFAULT_ICV_LEN) {
+ for (; left_len > MKA_HDR_LEN + DEFAULT_ICV_LEN;
+ pos += body_len + MKA_HDR_LEN,
+ left_len -= body_len + MKA_HDR_LEN) {
hdr = (struct ieee802_1x_mka_hdr *) pos;
body_len = get_mka_param_body_len(hdr);
body_type = get_mka_param_body_type(hdr);
@@ -3065,14 +3038,14 @@ static int ieee802_1x_kay_decode_mkpdu(struct ieee802_1x_kay *kay,
if (left_len < (MKA_HDR_LEN + body_len + DEFAULT_ICV_LEN)) {
wpa_printf(MSG_ERROR,
- "KaY: MKA Peer Packet Body Length (%d bytes) is less than the Parameter Set Header Length (%d bytes) + the Parameter Set Body Length (%d bytes) + %d bytes of ICV",
- (int) left_len, (int) MKA_HDR_LEN,
- (int) body_len, DEFAULT_ICV_LEN);
- goto next_para_set;
+ "KaY: MKA Peer Packet Body Length (%zu bytes) is less than the Parameter Set Header Length (%zu bytes) + the Parameter Set Body Length (%zu bytes) + %d bytes of ICV",
+ left_len, MKA_HDR_LEN,
+ body_len, DEFAULT_ICV_LEN);
+ continue;
}
if (handled[body_type])
- goto next_para_set;
+ continue;
handled[body_type] = TRUE;
if (body_type < ARRAY_SIZE(mka_body_handler) &&
@@ -3081,13 +3054,9 @@ static int ieee802_1x_kay_decode_mkpdu(struct ieee802_1x_kay *kay,
(participant, pos, left_len);
} else {
wpa_printf(MSG_ERROR,
- "The type %d not supported in this MKA version %d",
+ "The type %d is not supported in this MKA version %d",
body_type, MKA_VERSION_ID);
}
-
-next_para_set:
- pos += body_len + MKA_HDR_LEN;
- left_len -= body_len + MKA_HDR_LEN;
}
kay->active = TRUE;
@@ -3357,9 +3326,8 @@ ieee802_1x_kay_create_mka(struct ieee802_1x_kay *kay, struct mka_key_name *ckn,
participant->retry_count = 0;
participant->kay = kay;
- if (os_get_random(participant->mi, sizeof(participant->mi)) < 0)
+ if (!reset_participant_mi(participant))
goto fail;
- participant->mn = 0;
participant->lrx = FALSE;
participant->ltx = FALSE;
--
2.9.2
More information about the Hostap
mailing list