summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorlaranjeiro2010-06-17 16:15:12 +0000
committerlaranjeiro2010-06-17 16:15:12 +0000
commitd2b0f92f69dfd08a981d1284193b2bef01f9113d (patch)
tree7745cc25534f22f5eefe2b2c872ef80dc21c79d9
parent629139bf7a0d3d71cfe841ba020fab86350a2afc (diff)
cesar/cp/msg: send null key on cm_get_key.req when not granted, closes #940
git-svn-id: svn+ssh://pessac/svn/cesar/trunk@7238 017c9cb6-072f-447c-8318-d5b54f68fe89
-rw-r--r--cesar/cp/msg/src/msg_cm.c100
-rw-r--r--cesar/cp/msg/test/src/msg_cm.c35
2 files changed, 84 insertions, 51 deletions
diff --git a/cesar/cp/msg/src/msg_cm.c b/cesar/cp/msg/src/msg_cm.c
index 1ae1ad2db7..90d1bd20db 100644
--- a/cesar/cp/msg/src/msg_cm.c
+++ b/cesar/cp/msg/src/msg_cm.c
@@ -486,45 +486,6 @@ cp_msg_cm_get_key_req_receive (cp_t *ctx, cp_mme_rx_t *mme,
return false;
}
-/**
- * CM_GET_KEY_CNF_access.
- * \param stream the bitstream context.
- * \param prun the protocol run context.
- * \param data the structure to use to read or write the data.
- */
-static void
-cp_msg_cm_get_key_cnf_access (bitstream_t *stream,
- cp_secu_protocol_run_t *prun,
- cp_msg_cm_get_key_cnf_t *data)
-{
- uint i;
-
- dbg_assert (stream);
- dbg_assert (prun);
- dbg_assert (data);
-
- bitstream_access (stream, &data->result, 8);
- bitstream_access (stream, &data->key_type, 8);
- bitstream_access (stream, &prun->my_nonce, 32);
- bitstream_access (stream, &prun->your_nonce, 32);
- bitstream_access (stream, &data->nid, 56);
- bitstream_access (stream, &data->eks, 8);
- bitstream_access (stream, &prun->pid, 8);
- bitstream_access (stream, &prun->prn, 16);
- bitstream_access (stream, &prun->pmn, 8);
-
- if (data->key_type == CP_MSG_KEY_HASH_KEY)
- {
- for ( i = 0; i < CP_HASH_KEY_SIZE; i++)
- bitstream_access (stream, &data->hash_key[i], 8);
- }
- else if (data->key_type != CP_MSG_KEY_NONCE_ONLY)
- {
- for ( i = 0; i < COUNT(data->key.key); i++)
- bitstream_access (stream, &data->key.key[i], 32);
- }
-}
-
bool
cp_msg_cm_get_key_cnf_get_pid (cp_t *ctx, cp_mme_rx_t *mme, u8 *pid)
{
@@ -546,7 +507,7 @@ cp_msg_cm_get_key_cnf_send (cp_t *ctx, cp_mme_peer_t *peer,
const cp_msg_cm_get_key_cnf_t *data)
{
cp_mme_tx_t *msg;
-
+ uint i;
dbg_assert (ctx);
dbg_assert (peer);
dbg_assert (prun);
@@ -562,12 +523,33 @@ cp_msg_cm_get_key_cnf_send (cp_t *ctx, cp_mme_peer_t *peer,
/* Encrypted. */
msg = cp_msg_mme_init_encrypted (ctx, peer, CM_GET_KEY_CNF, peks, prun);
dbg_check (msg);
-
- cp_msg_cm_get_key_cnf_access (&msg->bitstream,
- (cp_secu_protocol_run_t *) prun,
- (cp_msg_cm_get_key_cnf_t *) data);
-
-
+ bitstream_write (&msg->bitstream, data->result, 8);
+ bitstream_write (&msg->bitstream, data->key_type, 8);
+ bitstream_write (&msg->bitstream, prun->my_nonce, 32);
+ bitstream_write (&msg->bitstream, prun->your_nonce, 32);
+ bitstream_write_large (&msg->bitstream, data->nid, 56);
+ bitstream_write (&msg->bitstream, data->eks, 8);
+ bitstream_write (&msg->bitstream, prun->pid, 8);
+ bitstream_write (&msg->bitstream, prun->prn, 16);
+ bitstream_write (&msg->bitstream, prun->pmn, 8);
+ if (data->result == CP_MSG_CM_GET_KEY_CNF_RESULT_KEY_GRANTED)
+ {
+ if (data->key_type == CP_MSG_KEY_HASH_KEY)
+ {
+ for ( i = 0; i < CP_HASH_KEY_SIZE; i++)
+ bitstream_write (&msg->bitstream, data->hash_key[i], 8);
+ }
+ else if (data->key_type != CP_MSG_KEY_NONCE_ONLY)
+ {
+ for ( i = 0; i < COUNT(data->key.key); i++)
+ bitstream_write (&msg->bitstream, data->key.key[i], 32);
+ }
+ }
+ else
+ {
+ for (i = 0; i < COUNT (data->key.key); i++)
+ bitstream_write (&msg->bitstream, 0, 32);
+ }
cp_msg_mme_send (ctx, msg);
}
@@ -584,15 +566,35 @@ bool
cp_msg_cm_get_key_cnf_receive (cp_t *ctx, cp_mme_rx_t *mme,
cp_msg_cm_get_key_cnf_t *data)
{
+ uint i;
dbg_assert (ctx);
dbg_assert (mme);
dbg_assert (data);
if (cp_msg_mme_read_error (ctx, mme))
{
- cp_msg_cm_get_key_cnf_access (&mme->bitstream,
- &mme->prun,
- data);
+ data->result = bitstream_read (&mme->bitstream, 8);
+ data->key_type = bitstream_read (&mme->bitstream, 8);
+ mme->prun.my_nonce = bitstream_read (&mme->bitstream, 32);
+ mme->prun.your_nonce = bitstream_read (&mme->bitstream, 32);
+ data->nid = bitstream_read_large (&mme->bitstream, 56);
+ data->eks = bitstream_read (&mme->bitstream, 8);
+ mme->prun.pid = bitstream_read (&mme->bitstream, 8);
+ mme->prun.prn = bitstream_read (&mme->bitstream, 16);
+ mme->prun.pmn = bitstream_read (&mme->bitstream, 8);
+ if (data->key_type == CP_MSG_KEY_HASH_KEY)
+ {
+ for ( i = 0; i < CP_HASH_KEY_SIZE; i++)
+ data->hash_key[i] = bitstream_read (&mme->bitstream, 8);
+ }
+ else if (data->key_type != CP_MSG_KEY_NONCE_ONLY)
+ {
+ for ( i = 0; i < COUNT(data->key.key); i++)
+ data->key.key[i] = bitstream_read (&mme->bitstream, 32);
+ }
+ else
+ for (i = 0; i < COUNT (data->key.key); i++)
+ data->key.key[i] = bitstream_read (&mme->bitstream, 32);
XCH (mme->prun.my_nonce, mme->prun.your_nonce);
/* Does not check if the MME has fully been read, Intellon always send
diff --git a/cesar/cp/msg/test/src/msg_cm.c b/cesar/cp/msg/test/src/msg_cm.c
index c76b7e507e..add5f75a13 100644
--- a/cesar/cp/msg/test/src/msg_cm.c
+++ b/cesar/cp/msg/test/src/msg_cm.c
@@ -515,7 +515,7 @@ test_case_cm_get_key (test_t test)
prun.my_nonce = 0x12;
prun.your_nonce = 0x13;
- cnf.result = CP_MSG_CM_GET_KEY_CNF_RESULT_KEY_GRANTED;
+ cnf.result = CP_MSG_CM_GET_KEY_CNF_RESULT_REQUEST_REFUSED;
cnf.key_type = CP_MSG_KEY_NMK;
cnf.nid = nid;
cnf.eks = 2;
@@ -524,12 +524,43 @@ test_case_cm_get_key (test_t test)
cnf.key.key[2] = 2;
cnf.key.key[3] = 3;
- cp_msg_cm_get_key_cnf_send (&cp, &peer, CP_MME_PEKS_NMK, &prun, &cnf);
+ cp_msg_cm_get_key_cnf_send (&cp, &peer, CP_MME_PEKS_NONE, &prun, &cnf);
+ test_begin (test, "Key refused")
+ {
+ memset (&cnf, 0, sizeof (cp_msg_cm_get_key_cnf_t));
+ msg = cp_msg_mme_read_header (&cp, (u8*)buffer, buffer_len, 0xa, &fmi);
+ ok = cp_msg_cm_get_key_cnf_receive (&cp, msg, &cnf);
+ test_fail_unless (ok == true);
+ test_fail_unless (cnf.result ==
+ CP_MSG_CM_GET_KEY_CNF_RESULT_REQUEST_REFUSED);
+ test_fail_unless (cnf.key_type == CP_MSG_KEY_NMK);
+ test_fail_unless (cnf.nid == nid);
+ test_fail_unless (cnf.eks == 2);
+ test_fail_unless (cnf.key.key[0] == 0);
+ test_fail_unless (cnf.key.key[1] == 0);
+ test_fail_unless (cnf.key.key[2] == 0);
+ test_fail_unless (cnf.key.key[3] == 0);
+ test_fail_unless (msg->prun.pid == prun.pid);
+ test_fail_unless (msg->prun.prn == prun.prn);
+ test_fail_unless (msg->prun.pmn == prun.pmn);
+ test_fail_unless (msg->prun.your_nonce == prun.my_nonce);
+ slab_release (msg);
+ }
+ test_end;
// Read the MME.
own_data = cp_sta_mgr_get_sta_own_data (&cp);
cp_sta_own_data_set_mac_address (&cp, peer.mac);
+ cnf.result = CP_MSG_CM_GET_KEY_CNF_RESULT_KEY_GRANTED;
+ cnf.key_type = CP_MSG_KEY_NMK;
+ cnf.nid = nid;
+ cnf.eks = 2;
+ cnf.key.key[0] = 0;
+ cnf.key.key[1] = 1;
+ cnf.key.key[2] = 2;
+ cnf.key.key[3] = 3;
+ cp_msg_cm_get_key_cnf_send (&cp, &peer, CP_MME_PEKS_NMK, &prun, &cnf);
test_begin (test, "Verify encrypted payload")
{
memset (&cnf, 0, sizeof (cp_msg_cm_get_key_cnf_t));