summaryrefslogtreecommitdiff
path: root/cesar/cp
diff options
context:
space:
mode:
authorJérémy Dufour2010-09-14 18:16:58 +0200
committerJérémy Dufour2010-09-24 13:11:06 +0200
commitd947dc093f280f7d9b4b79afd1470dc41d8462fe (patch)
tree18b3da8b5387b8b3c5e5f97629de1f2504e4bb25 /cesar/cp
parentf3529c2b0f783cf808a0f0bc818da45aedeec7c5 (diff)
cesar/cp/msg: when reading CM_GET_KEY.CNF, correctly check EKS, closes #1889
The EKS field can be a PEKS one.
Diffstat (limited to 'cesar/cp')
-rw-r--r--cesar/cp/msg/src/msg_cm.c29
-rw-r--r--cesar/cp/msg/test/src/msg_cm.c151
2 files changed, 174 insertions, 6 deletions
diff --git a/cesar/cp/msg/src/msg_cm.c b/cesar/cp/msg/src/msg_cm.c
index 5e678a73b2..f042547e87 100644
--- a/cesar/cp/msg/src/msg_cm.c
+++ b/cesar/cp/msg/src/msg_cm.c
@@ -601,9 +601,34 @@ cp_msg_cm_get_key_cnf_receive (cp_t *ctx, cp_mme_rx_t *mme,
* HASH even if not necessary. */
if ((data->result >= CP_MSG_CM_GET_KEY_CNF_RESULT_NB)
|| (data->nid >> CP_NID_SIZE_BITS)
- || (data->key_type >= CP_MSG_KEY_NB)
- || (data->eks > MAC_EKS_MAX))
+ || (data->eks >> 4))
+ return false;
+
+ /* Check EKS field is correctly set according to KEY_TYPE. */
+ switch (data->key_type)
+ {
+ /* DAK, TEK, Nonce are not permitted. */
+ case CP_MSG_KEY_DAK:
+ case CP_MSG_KEY_NONCE_ONLY:
+ case CP_MSG_KEY_TEK:
return false;
+ break;
+ case CP_MSG_KEY_NEK:
+ /* EKS field is considered as EKS. */
+ if ((data->eks > MAC_EKS_MAX)
+ && (data->eks != MAC_EKS_CLEAR))
+ return false;
+ break;
+ case CP_MSG_KEY_NMK:
+ case CP_MSG_KEY_HASH_KEY:
+ /* EKS field is considered as PEKS. */
+ if ((data->eks < CP_MME_PEKS_TEK_MIN)
+ || (data->eks > CP_MME_PEKS_TEK_MAX))
+ return false;
+ break;
+ default:
+ return false;
+ }
return true;
}
return false;
diff --git a/cesar/cp/msg/test/src/msg_cm.c b/cesar/cp/msg/test/src/msg_cm.c
index 8c1bb89e6a..23fa9761e3 100644
--- a/cesar/cp/msg/test/src/msg_cm.c
+++ b/cesar/cp/msg/test/src/msg_cm.c
@@ -723,21 +723,109 @@ test_case_cm_get_key (test_t test)
}
test_end;
- test_begin (test, "Wrong eks wrong")
+ test_begin (test, "Good EKS (can be PEKS with HASH key)")
+ {
+ cnf.result = CP_MSG_CM_GET_KEY_CNF_RESULT_KEY_GRANTED;
+ cnf.key_type = CP_MSG_KEY_HASH_KEY;
+ cnf.nid = nid;
+ cnf.eks = 2;
+ cnf.key.key[0] = 0;
+ cnf.key.key[1] = 1;
+ cnf.key.key[2] = 2;
+ cnf.key.key[3] = 3;
+ cp_msg_cm_get_key_cnf_send (&cp, &peer, CP_MME_PEKS_NONE, &prun, &cnf);
+ memset (&cnf, 0, sizeof (cp_msg_cm_get_key_cnf_t));
+ /* Overwrite key type. */
+ bitstream_direct_write (buffer, 20 * 8, CP_MSG_KEY_HASH_KEY,
+ 8);
+ /* Overwrite EKS. */
+ bitstream_direct_write (buffer, 36 * 8, CP_MME_PEKS_TEK_MAX, 8);
+
+ msg = cp_msg_mme_read_header (&cp, (u8*)buffer, buffer_len, 0xa, &fmi,
+ false);
+ ok = cp_msg_cm_get_key_cnf_receive (&cp, msg, &cnf);
+
+ test_fail_unless (ok == true);
+ test_fail_unless (cnf.result ==
+ CP_MSG_CM_GET_KEY_CNF_RESULT_KEY_GRANTED);
+ test_fail_unless (cnf.key_type == CP_MSG_KEY_HASH_KEY);
+ test_fail_unless (cnf.nid == nid);
+ test_fail_unless (cnf.eks == CP_MME_PEKS_TEK_MAX);
+ test_fail_unless (cnf.key.key[0] == 0);
+ test_fail_unless (cnf.key.key[1] == 1);
+ test_fail_unless (cnf.key.key[2] == 2);
+ test_fail_unless (cnf.key.key[3] == 3);
+ test_fail_unless (msg->prun.pid == prun.pid);
+ test_fail_unless (msg->prun.prn == prun.prn);
+ test_fail_unless (msg->prun.pmn == prun.pmn);
+ test_fail_unless (msg->prun.your_nonce == prun.my_nonce);
+
+ bitstream_direct_write (buffer, 36 * 8, 0x2, 8);
+ bitstream_direct_write (buffer, 20 * 8, CP_MSG_KEY_NMK,
+ 8);
+ slab_release (msg);
+ }
+ test_end;
+
+ test_begin (test, "NEK, EKS ok")
{
+ cnf.result = CP_MSG_CM_GET_KEY_CNF_RESULT_KEY_GRANTED;
+ cnf.key_type = CP_MSG_KEY_NEK;
+ cnf.nid = nid;
+ cnf.eks = 2;
+ cnf.key.key[0] = 0;
+ cnf.key.key[1] = 1;
+ cnf.key.key[2] = 2;
+ cnf.key.key[3] = 3;
+ cp_msg_cm_get_key_cnf_send (&cp, &peer, CP_MME_PEKS_NONE, &prun, &cnf);
memset (&cnf, 0, sizeof (cp_msg_cm_get_key_cnf_t));
- bitstream_direct_write (buffer, 36 * 8, MAC_EKS_MAX + 1, 8);
msg = cp_msg_mme_read_header (&cp, (u8*)buffer, buffer_len, 0xa, &fmi,
false);
ok = cp_msg_cm_get_key_cnf_receive (&cp, msg, &cnf);
- test_fail_unless (ok == false);
+ test_fail_unless (ok == true);
+ test_fail_unless (cnf.result ==
+ CP_MSG_CM_GET_KEY_CNF_RESULT_KEY_GRANTED);
+ test_fail_unless (cnf.key_type == CP_MSG_KEY_NEK);
+ test_fail_unless (cnf.nid == nid);
+ test_fail_unless (cnf.eks == 2);
+ test_fail_unless (cnf.key.key[0] == 0);
+ test_fail_unless (cnf.key.key[1] == 1);
+ test_fail_unless (cnf.key.key[2] == 2);
+ test_fail_unless (cnf.key.key[3] == 3);
+ test_fail_unless (msg->prun.pid == prun.pid);
+ test_fail_unless (msg->prun.prn == prun.prn);
+ test_fail_unless (msg->prun.pmn == prun.pmn);
+ test_fail_unless (msg->prun.your_nonce == prun.my_nonce);
+
+ slab_release (msg);
+ }
+ test_end;
+
+ test_begin (test, "NMK, PEKS ok")
+ {
+ cnf.result = CP_MSG_CM_GET_KEY_CNF_RESULT_KEY_GRANTED;
+ cnf.key_type = CP_MSG_KEY_NMK;
+ cnf.nid = nid;
+ cnf.eks = CP_MME_PEKS_TEK_MIN;
+ cnf.key.key[0] = 0;
+ cnf.key.key[1] = 1;
+ cnf.key.key[2] = 2;
+ cnf.key.key[3] = 3;
+ cp_msg_cm_get_key_cnf_send (&cp, &peer, CP_MME_PEKS_NONE, &prun, &cnf);
+ memset (&cnf, 0, sizeof (cp_msg_cm_get_key_cnf_t));
+
+ msg = cp_msg_mme_read_header (&cp, (u8*)buffer, buffer_len, 0xa, &fmi,
+ false);
+ ok = cp_msg_cm_get_key_cnf_receive (&cp, msg, &cnf);
+
+ test_fail_unless (ok == true);
test_fail_unless (cnf.result ==
CP_MSG_CM_GET_KEY_CNF_RESULT_KEY_GRANTED);
test_fail_unless (cnf.key_type == CP_MSG_KEY_NMK);
test_fail_unless (cnf.nid == nid);
- test_fail_unless (cnf.eks == MAC_EKS_MAX + 1);
+ test_fail_unless (cnf.eks == CP_MME_PEKS_TEK_MIN);
test_fail_unless (cnf.key.key[0] == 0);
test_fail_unless (cnf.key.key[1] == 1);
test_fail_unless (cnf.key.key[2] == 2);
@@ -747,6 +835,61 @@ test_case_cm_get_key (test_t test)
test_fail_unless (msg->prun.pmn == prun.pmn);
test_fail_unless (msg->prun.your_nonce == prun.my_nonce);
+ slab_release (msg);
+ }
+ test_end;
+
+ test_begin (test, "NEK, EKS clear")
+ {
+ cnf.result = CP_MSG_CM_GET_KEY_CNF_RESULT_KEY_GRANTED;
+ cnf.key_type = CP_MSG_KEY_NEK;
+ cnf.nid = nid;
+ cnf.eks = 2;
+ cnf.key.key[0] = 0;
+ cnf.key.key[1] = 1;
+ cnf.key.key[2] = 2;
+ cnf.key.key[3] = 3;
+ cp_msg_cm_get_key_cnf_send (&cp, &peer, CP_MME_PEKS_NONE, &prun, &cnf);
+ memset (&cnf, 0, sizeof (cp_msg_cm_get_key_cnf_t));
+ /* Overwrite EKS. */
+ bitstream_direct_write (buffer, 36 * 8, MAC_EKS_CLEAR, 8);
+
+ msg = cp_msg_mme_read_header (&cp, (u8*)buffer, buffer_len, 0xa, &fmi,
+ false);
+ ok = cp_msg_cm_get_key_cnf_receive (&cp, msg, &cnf);
+
+ test_fail_unless (ok == true);
+ test_fail_unless (cnf.result ==
+ CP_MSG_CM_GET_KEY_CNF_RESULT_KEY_GRANTED);
+ test_fail_unless (cnf.key_type == CP_MSG_KEY_NEK);
+ test_fail_unless (cnf.nid == nid);
+ test_fail_unless (cnf.eks == MAC_EKS_CLEAR);
+ test_fail_unless (cnf.key.key[0] == 0);
+ test_fail_unless (cnf.key.key[1] == 1);
+ test_fail_unless (cnf.key.key[2] == 2);
+ test_fail_unless (cnf.key.key[3] == 3);
+ test_fail_unless (msg->prun.pid == prun.pid);
+ test_fail_unless (msg->prun.prn == prun.prn);
+ test_fail_unless (msg->prun.pmn == prun.pmn);
+ test_fail_unless (msg->prun.your_nonce == prun.my_nonce);
+
+ bitstream_direct_write (buffer, 36 * 8, 0x2, 8);
+ slab_release (msg);
+ }
+ test_end;
+
+ test_begin (test, "NEK, wrong EKS")
+ {
+ /* Overwrite EKS in the received MME. */
+ bitstream_direct_write (buffer, 36 * 8, MAC_EKS_MAX + 1, 8);
+ msg = cp_msg_mme_read_header (&cp, (u8*)buffer, buffer_len, 0xa, &fmi,
+ false);
+ ok = cp_msg_cm_get_key_cnf_receive (&cp, msg, &cnf);
+
+ /* Decode should failed. */
+ test_fail_unless (ok == false);
+
+ /* Reset old value in MME. */
bitstream_direct_write (buffer, 36 * 8, 0x2, 8);
slab_release (msg);
}