summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authordufour2009-11-03 14:32:14 +0000
committerdufour2009-11-03 14:32:14 +0000
commit7c55065f0ee124e74254d5aba08233d0b5a7bb35 (patch)
treec08290823f0b8be348ebe8cbe8aa10da29679af7
parentc7ff098f67039172fcddbc9ce8a35f9c0384f1fc (diff)
cesar/cp/secu: make expected result of PRUN check as argument, closes #722
In order to prevent wrong checking of the returned result of cp_secu_protocol_check, we now must give the expected result. It then returns a boolean to know if the check failed or succeed. Replace CP_SECU_PROTOCOL_RUN_CHECK_RESULT_FAILURE by CP_SECU_PROTOCOL_RUN_CHECK_RESULT_NB to know the size of the enum. Add a typedef for enum cp_secu_protocol_run_check_result_t. git-svn-id: svn+ssh://pessac/svn/cesar/trunk@6315 017c9cb6-072f-447c-8318-d5b54f68fe89
-rw-r--r--cesar/cp/cco/action/src/cco_action.c11
-rw-r--r--cesar/cp/cco/action/test/src/secu_stub.c7
-rw-r--r--cesar/cp/cco/action/test/utest/src/secu.c7
-rw-r--r--cesar/cp/secu/secu.h16
-rw-r--r--cesar/cp/secu/src/secu.c20
-rw-r--r--cesar/cp/secu/stub/src/secu.c14
-rw-r--r--cesar/cp/secu/test/src/test-prun.c56
-rw-r--r--cesar/cp/sta/action/src/assoc.c25
-rw-r--r--cesar/cp/sta/action/src/sc.c10
9 files changed, 96 insertions, 70 deletions
diff --git a/cesar/cp/cco/action/src/cco_action.c b/cesar/cp/cco/action/src/cco_action.c
index 92dea33ff8..cce7b8cf1e 100644
--- a/cesar/cp/cco/action/src/cco_action.c
+++ b/cesar/cp/cco/action/src/cco_action.c
@@ -639,8 +639,9 @@ cp_cco_action__cco__cm_get_key_req_pid0 (cp_t *ctx, cp_mme_rx_t * get_key_req)
// get the data in the payload of the mme.
if (cp_msg_cm_get_key_req_receive (ctx, get_key_req, &req)
- && (cp_secu_protocol_check (NULL, &get_key_req->prun)
- == CP_SECU_PROTOCOL_RUN_CHECK_RESULT_NEW)
+ && (cp_secu_protocol_check
+ (NULL, &get_key_req->prun,
+ CP_SECU_PROTOCOL_RUN_CHECK_RESULT_NEW))
&& (req.key_type == CP_MSG_KEY_NEK)
&& MAC_TEI_IS_STA (get_key_req->peer.tei))
{
@@ -1338,9 +1339,9 @@ cp_cco_action_cm_set_key_cnf_receive (cp_t *ctx, cp_mme_rx_t *mme)
cp_sta_core_stop_timed_or_cyclic_event (ctx, &ctx->cco_action.eks_timer);
if ((cp_msg_cm_set_key_cnf_receive (ctx, mme, &data)
- && (cp_secu_protocol_check (&ctx->cco_action.eks_prun,
- &mme->prun) ==
- CP_SECU_PROTOCOL_RUN_CHECK_RESULT_NEXT))
+ && (cp_secu_protocol_check
+ (&ctx->cco_action.eks_prun, &mme->prun,
+ CP_SECU_PROTOCOL_RUN_CHECK_RESULT_NEXT)))
&& ((mme->prun.pid == 1) && (mme->prun.pmn == 2)))
{
uint i;
diff --git a/cesar/cp/cco/action/test/src/secu_stub.c b/cesar/cp/cco/action/test/src/secu_stub.c
index cb33c14c89..afcdc3fbe1 100644
--- a/cesar/cp/cco/action/test/src/secu_stub.c
+++ b/cesar/cp/cco/action/test/src/secu_stub.c
@@ -31,11 +31,12 @@ cp_secu_generate_key (cp_t*ctx, uint num,
output->key[i] = num;
}
-enum cp_secu_protocol_run_check_result_t
+bool
cp_secu_protocol_check (const cp_secu_protocol_run_t *prun,
- const cp_secu_protocol_run_t *prun_recv)
+ const cp_secu_protocol_run_t *prun_recv,
+ const cp_secu_protocol_run_check_result_t expected_result)
{
- return CP_SECU_PROTOCOL_RUN_CHECK_RESULT_NEW;
+ return true;
}
void
diff --git a/cesar/cp/cco/action/test/utest/src/secu.c b/cesar/cp/cco/action/test/utest/src/secu.c
index 197e02e46c..67e4db2a87 100644
--- a/cesar/cp/cco/action/test/utest/src/secu.c
+++ b/cesar/cp/cco/action/test/utest/src/secu.c
@@ -43,12 +43,13 @@ cp_secu_protocol_next (cp_secu_protocol_run_t *prun, lib_rnd_t *rnd,
}
}
-enum cp_secu_protocol_run_check_result_t
+bool
cp_secu_protocol_check (const cp_secu_protocol_run_t *prun,
- const cp_secu_protocol_run_t *prun_recv)
+ const cp_secu_protocol_run_t *prun_recv,
+ const cp_secu_protocol_run_check_result_t expected_result)
{
dbg_assert (prun_recv);
- return CP_SECU_PROTOCOL_RUN_CHECK_RESULT_NEXT;
+ return true;
}
diff --git a/cesar/cp/secu/secu.h b/cesar/cp/secu/secu.h
index 809bd33c7e..8e72b43098 100644
--- a/cesar/cp/secu/secu.h
+++ b/cesar/cp/secu/secu.h
@@ -65,9 +65,11 @@ enum cp_secu_protocol_run_check_result_t
CP_SECU_PROTOCOL_RUN_CHECK_RESULT_NEW,
/** Last message of the protocol run. */
CP_SECU_PROTOCOL_RUN_CHECK_RESULT_LAST,
- /** Does not correspond to anything, should drop this message. */
- CP_SECU_PROTOCOL_RUN_CHECK_RESULT_FAILURE,
+ /** To know the size of enum. */
+ CP_SECU_PROTOCOL_RUN_CHECK_RESULT_NB,
};
+typedef enum cp_secu_protocol_run_check_result_t
+cp_secu_protocol_run_check_result_t;
BEGIN_DECLS
@@ -85,15 +87,19 @@ cp_secu_protocol_run_new (cp_secu_protocol_run_t *prun, u8 pid,
* Check a received protocol run against the current one.
* \param prun current protocol run
* \param prun_recv received protocol run
- * \return whether this is a new, old protocol run, last or garbage
+ * \param expected_result the expected result (i.e.: the current mode of the
+ * PRUN exchange). See cp_secu_protocol_run_check_result_t.
+ * \return true if the PRUN exchange is currently in the expected mode, false
+ * otherwise.
*
* The current protocol run can be NULL if there is no current protocol run.
* You can also use a pointer to an initialised protocol run if it is more
* convenient.
*/
-enum cp_secu_protocol_run_check_result_t
+bool
cp_secu_protocol_check (const cp_secu_protocol_run_t *prun,
- const cp_secu_protocol_run_t *prun_recv);
+ const cp_secu_protocol_run_t *prun_recv,
+ const cp_secu_protocol_run_check_result_t expected_result);
/**
* Update a protocol run for the next message.
diff --git a/cesar/cp/secu/src/secu.c b/cesar/cp/secu/src/secu.c
index 58a1535584..490260119f 100644
--- a/cesar/cp/secu/src/secu.c
+++ b/cesar/cp/secu/src/secu.c
@@ -40,28 +40,36 @@ cp_secu_protocol_run_new (cp_secu_protocol_run_t *prun, u8 pid,
prun->my_nonce = lib_rnd32 (rnd);
}
-enum cp_secu_protocol_run_check_result_t
+bool
cp_secu_protocol_check (const cp_secu_protocol_run_t *prun,
- const cp_secu_protocol_run_t *prun_recv)
+ const cp_secu_protocol_run_t *prun_recv,
+ const cp_secu_protocol_run_check_result_t expected_result)
{
+ /* Check parameters. */
dbg_assert (prun_recv);
+ dbg_assert (expected_result < CP_SECU_PROTOCOL_RUN_CHECK_RESULT_NB);
+ /* First exchange of PRUN. */
if (prun_recv->pmn == 1)
- return CP_SECU_PROTOCOL_RUN_CHECK_RESULT_NEW;
+ return expected_result == CP_SECU_PROTOCOL_RUN_CHECK_RESULT_NEW;
else if (prun)
{
+ /* Check PRN, PID and nonce. */
if (prun->prn == prun_recv->prn
&& prun->pmn != 0xff
&& prun->pid == prun_recv->pid
&& prun->my_nonce == prun_recv->my_nonce)
{
+ /* Not first nor last exchange. */
if (prun->pmn + 1 == prun_recv->pmn)
- return CP_SECU_PROTOCOL_RUN_CHECK_RESULT_NEXT;
+ return expected_result == CP_SECU_PROTOCOL_RUN_CHECK_RESULT_NEXT;
+ /* Last exchange. */
else if (prun_recv->pmn == 0xff)
- return CP_SECU_PROTOCOL_RUN_CHECK_RESULT_LAST;
+ return expected_result == CP_SECU_PROTOCOL_RUN_CHECK_RESULT_LAST;
}
}
- return CP_SECU_PROTOCOL_RUN_CHECK_RESULT_FAILURE;
+ /* Error while checking. */
+ return false;
}
void
diff --git a/cesar/cp/secu/stub/src/secu.c b/cesar/cp/secu/stub/src/secu.c
index 2f82b76689..9739b882f1 100644
--- a/cesar/cp/secu/stub/src/secu.c
+++ b/cesar/cp/secu/stub/src/secu.c
@@ -19,9 +19,11 @@ void
cp_secu_protocol_run_new (cp_secu_protocol_run_t *prun, u8 pid,
lib_rnd_t *rnd) __attribute__((weak));
-enum cp_secu_protocol_run_check_result_t
+bool
cp_secu_protocol_check (const cp_secu_protocol_run_t *prun,
- const cp_secu_protocol_run_t *prun_recv) __attribute__((weak));
+ const cp_secu_protocol_run_t *prun_recv,
+ const cp_secu_protocol_run_check_result_t
+ expected_result) __attribute__((weak));
void
cp_secu_protocol_next (cp_secu_protocol_run_t *prun, lib_rnd_t *rnd,
@@ -37,11 +39,13 @@ void
cp_secu_protocol_run_new (cp_secu_protocol_run_t *prun, u8 pid,
lib_rnd_t *rnd) {}
-enum cp_secu_protocol_run_check_result_t
+bool
cp_secu_protocol_check (const cp_secu_protocol_run_t *prun,
- const cp_secu_protocol_run_t *prun_recv)
+ const cp_secu_protocol_run_t *prun_recv,
+ const cp_secu_protocol_run_check_result_t
+ expected_result)
{
- return CP_SECU_PROTOCOL_RUN_CHECK_RESULT_NEW;
+ return true;
}
void
diff --git a/cesar/cp/secu/test/src/test-prun.c b/cesar/cp/secu/test/src/test-prun.c
index 49aca1ebc3..fe4a75fa7b 100644
--- a/cesar/cp/secu/test/src/test-prun.c
+++ b/cesar/cp/secu/test/src/test-prun.c
@@ -42,7 +42,7 @@ test_case_secu_prun_init (test_t test)
void
test_case_secu_protocol_check (test_t test)
{
- uint result;
+ bool result;
cp_secu_protocol_run_t prun;
cp_secu_protocol_run_t prun_recv;
lib_rnd_t rnd;
@@ -62,21 +62,21 @@ test_case_secu_protocol_check (test_t test)
test_case_begin (test, "Protocol Run check");
- result = cp_secu_protocol_check (&prun, &prun_recv);
+ result = cp_secu_protocol_check (&prun, &prun_recv,
+ CP_SECU_PROTOCOL_RUN_CHECK_RESULT_NEXT);
test_begin (test, "Success")
{
- test_fail_if (result != CP_SECU_PROTOCOL_RUN_CHECK_RESULT_NEXT,
- "Wrong Result");
+ test_fail_if (result != true, "Wrong Result");
}
test_end;
prun_recv.pmn = 0xff;
- result = cp_secu_protocol_check (&prun, &prun_recv);
+ result = cp_secu_protocol_check (&prun, &prun_recv,
+ CP_SECU_PROTOCOL_RUN_CHECK_RESULT_LAST);
test_begin (test, "Success, last message")
{
- test_fail_if (result != CP_SECU_PROTOCOL_RUN_CHECK_RESULT_LAST,
- "Wrong Result");
+ test_fail_if (result != true, "Wrong Result");
}
test_end;
@@ -87,11 +87,11 @@ test_case_secu_protocol_check (test_t test)
prun_recv.my_nonce = 0x3456;
prun_recv.pmn = prun.pmn + 1;
- result = cp_secu_protocol_check (&prun, &prun_recv);
+ result = cp_secu_protocol_check (&prun, &prun_recv,
+ CP_SECU_PROTOCOL_RUN_CHECK_RESULT_NEXT);
test_begin (test, "Failure, Nonce not correct")
{
- test_fail_if (result != CP_SECU_PROTOCOL_RUN_CHECK_RESULT_FAILURE,
- "Wrong Result");
+ test_fail_if (result != false, "Wrong Result");
}
test_end;
@@ -102,11 +102,11 @@ test_case_secu_protocol_check (test_t test)
prun_recv.your_nonce = 0x3456;
prun_recv.pmn = 42;
- result = cp_secu_protocol_check (&prun, &prun_recv);
+ result = cp_secu_protocol_check (&prun, &prun_recv,
+ CP_SECU_PROTOCOL_RUN_CHECK_RESULT_NEXT);
test_begin (test, "Failure, PMN not correct")
{
- test_fail_if (result != CP_SECU_PROTOCOL_RUN_CHECK_RESULT_FAILURE,
- "Wrong Result");
+ test_fail_if (result != false, "Wrong Result");
}
test_end;
@@ -117,11 +117,11 @@ test_case_secu_protocol_check (test_t test)
prun_recv.your_nonce = 0x3456;
prun_recv.pmn = 1;
- result = cp_secu_protocol_check (&prun, &prun_recv);
+ result = cp_secu_protocol_check (&prun, &prun_recv,
+ CP_SECU_PROTOCOL_RUN_CHECK_RESULT_NEW);
test_begin (test, "Restart")
{
- test_fail_if (result != CP_SECU_PROTOCOL_RUN_CHECK_RESULT_NEW,
- "Wrong Result");
+ test_fail_if (result != true, "Wrong Result");
}
test_end;
@@ -134,11 +134,11 @@ test_case_secu_protocol_check (test_t test)
prun_recv.pmn = prun.pmn + 1;
prun_recv.pid = 2;
- result = cp_secu_protocol_check (&prun, &prun_recv);
+ result = cp_secu_protocol_check (&prun, &prun_recv,
+ CP_SECU_PROTOCOL_RUN_CHECK_RESULT_NEXT);
test_begin (test, "Failure, PID not correct")
{
- test_fail_if (result != CP_SECU_PROTOCOL_RUN_CHECK_RESULT_FAILURE,
- "Wrong Result");
+ test_fail_if (result != false, "Wrong Result");
}
test_end;
@@ -152,28 +152,28 @@ test_case_secu_protocol_check (test_t test)
prun_recv.pid = 1;
prun_recv.prn = prun.prn + 1;
- result = cp_secu_protocol_check (&prun, &prun_recv);
+ result = cp_secu_protocol_check (&prun, &prun_recv,
+ CP_SECU_PROTOCOL_RUN_CHECK_RESULT_NEXT);
test_begin (test, "Failure, PRN not correct")
{
- test_fail_if (result != CP_SECU_PROTOCOL_RUN_CHECK_RESULT_FAILURE,
- "Wrong Result");
+ test_fail_if (result != false, "Wrong Result");
}
test_end;
- result = cp_secu_protocol_check (NULL, &prun);
+ result = cp_secu_protocol_check (NULL, &prun,
+ CP_SECU_PROTOCOL_RUN_CHECK_RESULT_NEW);
test_begin (test, "Success, first message")
{
- test_fail_if (result != CP_SECU_PROTOCOL_RUN_CHECK_RESULT_NEW,
- "Wrong Result");
+ test_fail_if (result != true, "Wrong Result");
}
test_end;
prun.pmn ++;
- result = cp_secu_protocol_check (NULL, &prun);
+ result = cp_secu_protocol_check (NULL, &prun,
+ CP_SECU_PROTOCOL_RUN_CHECK_RESULT_NEXT);
test_begin (test, "FAILURE, NOT message")
{
- test_fail_if (result != CP_SECU_PROTOCOL_RUN_CHECK_RESULT_FAILURE,
- "Wrong Result");
+ test_fail_if (result != false, "Wrong Result");
}
test_end;
}
diff --git a/cesar/cp/sta/action/src/assoc.c b/cesar/cp/sta/action/src/assoc.c
index b3b24422f8..1ceb32f2ba 100644
--- a/cesar/cp/sta/action/src/assoc.c
+++ b/cesar/cp/sta/action/src/assoc.c
@@ -294,8 +294,9 @@ cp_sta_action_assoc__cm_get_key_cnf__common (cp_t *ctx, cp_mme_rx_t
/* Check response. */
if (!cp_mme_peer_cmp (&mme->peer, &ctx->sta_action.assoc.peer)
|| !cp_msg_cm_get_key_cnf_receive (ctx, mme, &cnf)
- || (cp_secu_protocol_check (&ctx->sta_action.assoc.prun, &mme->prun)
- != CP_SECU_PROTOCOL_RUN_CHECK_RESULT_LAST)
+ || (!cp_secu_protocol_check
+ (&ctx->sta_action.assoc.prun, &mme->prun,
+ CP_SECU_PROTOCOL_RUN_CHECK_RESULT_LAST))
|| cnf.nid != cp_sta_own_data_get_nid (ctx)
|| cnf.key_type != CP_MSG_KEY_NEK
|| (sc && mme->peks != CP_MME_PEKS_NMK))
@@ -376,8 +377,9 @@ cp_sta_action_assoc__sc_associated__cm_get_key_req_pid_3 (cp_t *ctx,
* doing the SC (it can be different from the CCo); */
if (!cp_mme_peer_cmp (&mme->peer, &ctx->sta_action.sc.peer)
|| !cp_msg_cm_get_key_req_receive (ctx, mme, &req)
- || (cp_secu_protocol_check (NULL, &mme->prun)
- != CP_SECU_PROTOCOL_RUN_CHECK_RESULT_NEW)
+ || (!cp_secu_protocol_check
+ (NULL, &mme->prun,
+ CP_SECU_PROTOCOL_RUN_CHECK_RESULT_NEW))
|| (req.nid != cp_sta_own_data_get_nid (ctx))
|| (req.key_type != CP_MSG_KEY_HASH_KEY)
|| (mme->peks != CP_MME_PEKS_SPC_NOT_EMBEDDED)
@@ -429,8 +431,9 @@ cp_sta_action_assoc__sc_tek_exchanged__cm_set_key_req_pid_3 (cp_t *ctx,
* doing the SC (it can be different from the CCo); */
if (!cp_mme_peer_cmp (&mme->peer, &ctx->sta_action.sc.peer)
|| !cp_msg_cm_set_key_req_receive (ctx, mme, &req)
- || (cp_secu_protocol_check (&ctx->sta_action.assoc.prun, &mme->prun)
- != CP_SECU_PROTOCOL_RUN_CHECK_RESULT_NEXT)
+ || (!cp_secu_protocol_check
+ (&ctx->sta_action.assoc.prun, &mme->prun,
+ CP_SECU_PROTOCOL_RUN_CHECK_RESULT_NEXT))
|| (req.nid != cp_sta_own_data_get_nid (ctx))
|| (req.key_type != CP_MSG_KEY_NMK)
)
@@ -550,9 +553,9 @@ cp_sta_action_assoc__authenticated__cm_set_key_req_pid_1 (cp_t *ctx,
{
if ((req.key_type == CP_MSG_KEY_NEK)
&& (mme->peks == CP_MME_PEKS_NMK)
- && (cp_secu_protocol_check (&ctx->sta_action.nek_prun,
- &mme->prun) ==
- CP_SECU_PROTOCOL_RUN_CHECK_RESULT_NEXT))
+ && (cp_secu_protocol_check
+ (&ctx->sta_action.nek_prun, &mme->prun,
+ CP_SECU_PROTOCOL_RUN_CHECK_RESULT_NEXT)))
{
ctx->sta_action.nek_prun = mme->prun;
/* Send response. */
@@ -569,8 +572,8 @@ cp_sta_action_assoc__authenticated__cm_set_key_req_pid_1 (cp_t *ctx,
}
else if ((req.key_type == CP_MSG_KEY_NONCE_ONLY)
&& (mme->peks == CP_MME_PEKS_NONE)
- && (cp_secu_protocol_check (NULL, &mme->prun)
- == CP_SECU_PROTOCOL_RUN_CHECK_RESULT_NEW))
+ && (cp_secu_protocol_check
+ (NULL, &mme->prun, CP_SECU_PROTOCOL_RUN_CHECK_RESULT_NEW)))
{
/* Send response. */
cp_msg_cm_set_key_cnf_t cnf = {
diff --git a/cesar/cp/sta/action/src/sc.c b/cesar/cp/sta/action/src/sc.c
index 06ece66af2..d0c8bcdc69 100644
--- a/cesar/cp/sta/action/src/sc.c
+++ b/cesar/cp/sta/action/src/sc.c
@@ -451,8 +451,9 @@ cp_sta_action_sc__sc_building_tek__cm_get_key_cnf_pid3 (cp_t *ctx,
/* Check received MME. */
if (!cp_mme_peer_cmp (&mme->peer, &ctx->sta_action.sc.peer)
|| !cp_msg_cm_get_key_cnf_receive (ctx, mme, &cnf)
- || (cp_secu_protocol_check (&ctx->sta_action.sc.prun, &mme->prun)
- != CP_SECU_PROTOCOL_RUN_CHECK_RESULT_NEXT)
+ || (!cp_secu_protocol_check
+ (&ctx->sta_action.sc.prun, &mme->prun,
+ CP_SECU_PROTOCOL_RUN_CHECK_RESULT_NEXT))
|| (cnf.eks < CP_MME_PEKS_TEK_MIN)
|| (cnf.eks > CP_MME_PEKS_TEK_MAX))
@@ -509,8 +510,9 @@ cp_sta_action_sc__sc_nmk_exchange__cm_set_key_cnf_pid3 (cp_t *ctx,
/* Check received MME. */
if (!cp_mme_peer_cmp (&mme->peer, &ctx->sta_action.sc.peer)
|| !cp_msg_cm_set_key_cnf_receive (ctx, mme, &cnf)
- || (cp_secu_protocol_check (&ctx->sta_action.sc.prun, &mme->prun)
- != CP_SECU_PROTOCOL_RUN_CHECK_RESULT_LAST))
+ || (!cp_secu_protocol_check
+ (&ctx->sta_action.sc.prun, &mme->prun,
+ CP_SECU_PROTOCOL_RUN_CHECK_RESULT_LAST)))
{
/* Error in MME. */
cp_fsm_branch (ctx, SC_NMK_EXCHANGE, CM_SET_KEY_CNF_PID3, unrelated);