|
@@ -72,27 +72,10 @@ static int ikev2_derive_keys(struct ikev2_responder_data *data)
|
|
|
os_memcpy(pos, data->i_spi, IKEV2_SPI_LEN);
|
|
|
pos += IKEV2_SPI_LEN;
|
|
|
os_memcpy(pos, data->r_spi, IKEV2_SPI_LEN);
|
|
|
-#ifdef CCNS_PL
|
|
|
-#if __BYTE_ORDER == __LITTLE_ENDIAN
|
|
|
- {
|
|
|
- int i;
|
|
|
- u8 *tmp = pos - IKEV2_SPI_LEN;
|
|
|
- /* Incorrect byte re-ordering on little endian hosts.. */
|
|
|
- for (i = 0; i < IKEV2_SPI_LEN; i++)
|
|
|
- *tmp++ = data->i_spi[IKEV2_SPI_LEN - 1 - i];
|
|
|
- for (i = 0; i < IKEV2_SPI_LEN; i++)
|
|
|
- *tmp++ = data->r_spi[IKEV2_SPI_LEN - 1 - i];
|
|
|
- }
|
|
|
-#endif
|
|
|
-#endif /* CCNS_PL */
|
|
|
|
|
|
/* SKEYSEED = prf(Ni | Nr, g^ir) */
|
|
|
/* Use zero-padding per RFC 4306, Sect. 2.14 */
|
|
|
pad_len = data->dh->prime_len - wpabuf_len(shared);
|
|
|
-#ifdef CCNS_PL
|
|
|
- /* Shared secret is not zero-padded correctly */
|
|
|
- pad_len = 0;
|
|
|
-#endif /* CCNS_PL */
|
|
|
pad = os_zalloc(pad_len ? pad_len : 1);
|
|
|
if (pad == NULL) {
|
|
|
wpabuf_free(shared);
|
|
@@ -179,21 +162,12 @@ static int ikev2_parse_transform(struct ikev2_proposal_data *prop,
|
|
|
"Transform Attr for AES");
|
|
|
break;
|
|
|
}
|
|
|
-#ifdef CCNS_PL
|
|
|
- if (WPA_GET_BE16(pos) != 0x001d /* ?? */) {
|
|
|
- wpa_printf(MSG_DEBUG, "IKEV2: Not a "
|
|
|
- "Key Size attribute for "
|
|
|
- "AES");
|
|
|
- break;
|
|
|
- }
|
|
|
-#else /* CCNS_PL */
|
|
|
if (WPA_GET_BE16(pos) != 0x800e) {
|
|
|
wpa_printf(MSG_DEBUG, "IKEV2: Not a "
|
|
|
"Key Size attribute for "
|
|
|
"AES");
|
|
|
break;
|
|
|
}
|
|
|
-#endif /* CCNS_PL */
|
|
|
if (WPA_GET_BE16(pos + 2) != 128) {
|
|
|
wpa_printf(MSG_DEBUG, "IKEV2: "
|
|
|
"Unsupported AES key size "
|
|
@@ -456,14 +430,6 @@ static int ikev2_process_ni(struct ikev2_responder_data *data,
|
|
|
return -1;
|
|
|
}
|
|
|
|
|
|
-#ifdef CCNS_PL
|
|
|
- /* Zeros are removed incorrectly from the beginning of the nonces */
|
|
|
- while (ni_len > 1 && *ni == 0) {
|
|
|
- ni_len--;
|
|
|
- ni++;
|
|
|
- }
|
|
|
-#endif /* CCNS_PL */
|
|
|
-
|
|
|
data->i_nonce_len = ni_len;
|
|
|
os_memcpy(data->i_nonce, ni, ni_len);
|
|
|
wpa_hexdump(MSG_MSGDUMP, "IKEV2: Ni",
|
|
@@ -887,16 +853,7 @@ static int ikev2_build_sar1(struct ikev2_responder_data *data,
|
|
|
phdr->flags = 0;
|
|
|
|
|
|
p = wpabuf_put(msg, sizeof(*p));
|
|
|
-#ifdef CCNS_PL
|
|
|
- /* Seems to require that the Proposal # is 1 even though RFC 4306
|
|
|
- * Sect 3.3.1 has following requirement "When a proposal is accepted,
|
|
|
- * all of the proposal numbers in the SA payload MUST be the same and
|
|
|
- * MUST match the number on the proposal sent that was accepted.".
|
|
|
- */
|
|
|
- p->proposal_num = 1;
|
|
|
-#else /* CCNS_PL */
|
|
|
p->proposal_num = data->proposal.proposal_num;
|
|
|
-#endif /* CCNS_PL */
|
|
|
p->protocol_id = IKEV2_PROTOCOL_IKE;
|
|
|
p->num_transforms = 4;
|
|
|
|
|
@@ -906,11 +863,7 @@ static int ikev2_build_sar1(struct ikev2_responder_data *data,
|
|
|
WPA_PUT_BE16(t->transform_id, data->proposal.encr);
|
|
|
if (data->proposal.encr == ENCR_AES_CBC) {
|
|
|
/* Transform Attribute: Key Len = 128 bits */
|
|
|
-#ifdef CCNS_PL
|
|
|
- wpabuf_put_be16(msg, 0x001d); /* ?? */
|
|
|
-#else /* CCNS_PL */
|
|
|
wpabuf_put_be16(msg, 0x800e); /* AF=1, AttrType=14 */
|
|
|
-#endif /* CCNS_PL */
|
|
|
wpabuf_put_be16(msg, 128); /* 128-bit key */
|
|
|
}
|
|
|
plen = (u8 *) wpabuf_put(msg, 0) - (u8 *) t;
|
|
@@ -1082,11 +1035,7 @@ static int ikev2_build_notification(struct ikev2_responder_data *data,
|
|
|
phdr = wpabuf_put(msg, sizeof(*phdr));
|
|
|
phdr->next_payload = next_payload;
|
|
|
phdr->flags = 0;
|
|
|
-#ifdef CCNS_PL
|
|
|
- wpabuf_put_u8(msg, 1); /* Protocol ID: IKE_SA notification */
|
|
|
-#else /* CCNS_PL */
|
|
|
wpabuf_put_u8(msg, 0); /* Protocol ID: no existing SA */
|
|
|
-#endif /* CCNS_PL */
|
|
|
wpabuf_put_u8(msg, 0); /* SPI Size */
|
|
|
wpabuf_put_be16(msg, data->error_type);
|
|
|
|
|
@@ -1130,13 +1079,6 @@ static struct wpabuf * ikev2_build_sa_init(struct ikev2_responder_data *data)
|
|
|
data->r_nonce_len = IKEV2_NONCE_MIN_LEN;
|
|
|
if (random_get_bytes(data->r_nonce, data->r_nonce_len))
|
|
|
return NULL;
|
|
|
-#ifdef CCNS_PL
|
|
|
- /* Zeros are removed incorrectly from the beginning of the nonces in
|
|
|
- * key derivation; as a workaround, make sure Nr does not start with
|
|
|
- * zero.. */
|
|
|
- if (data->r_nonce[0] == 0)
|
|
|
- data->r_nonce[0] = 1;
|
|
|
-#endif /* CCNS_PL */
|
|
|
wpa_hexdump(MSG_DEBUG, "IKEV2: Nr", data->r_nonce, data->r_nonce_len);
|
|
|
|
|
|
msg = wpabuf_alloc(sizeof(struct ikev2_hdr) + data->IDr_len + 1500);
|