mirror of
https://github.com/vanhoefm/fragattacks.git
synced 2025-01-18 02:44:03 -05:00
WPS: Use pre-configured NFC password token instead of overriding it
"WPS_NFC_TOKEN <WPS/NDEF>" used to generate a new NFC password token regardless of whether there was a pre-configured token in the configuration. Change this to use the pre-configured value, if available, instead. This allows the same command to be used to write the password token to an NFC tag more conveniently. Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
This commit is contained in:
parent
d16531c40c
commit
042ec551d4
@ -2627,15 +2627,19 @@ static int hostapd_config_fill(struct hostapd_config *conf,
|
||||
"wps_nfc_dev_pw_id value", line);
|
||||
errors++;
|
||||
}
|
||||
bss->wps_nfc_pw_from_config = 1;
|
||||
} else if (os_strcmp(buf, "wps_nfc_dh_pubkey") == 0) {
|
||||
wpabuf_free(bss->wps_nfc_dh_pubkey);
|
||||
bss->wps_nfc_dh_pubkey = hostapd_parse_bin(pos);
|
||||
bss->wps_nfc_pw_from_config = 1;
|
||||
} else if (os_strcmp(buf, "wps_nfc_dh_privkey") == 0) {
|
||||
wpabuf_free(bss->wps_nfc_dh_privkey);
|
||||
bss->wps_nfc_dh_privkey = hostapd_parse_bin(pos);
|
||||
bss->wps_nfc_pw_from_config = 1;
|
||||
} else if (os_strcmp(buf, "wps_nfc_dev_pw") == 0) {
|
||||
wpabuf_free(bss->wps_nfc_dev_pw);
|
||||
bss->wps_nfc_dev_pw = hostapd_parse_bin(pos);
|
||||
bss->wps_nfc_pw_from_config = 1;
|
||||
#endif /* CONFIG_WPS_NFC */
|
||||
#endif /* CONFIG_WPS */
|
||||
#ifdef CONFIG_P2P_MANAGER
|
||||
|
@ -365,6 +365,7 @@ struct hostapd_bss_config {
|
||||
char *model_url;
|
||||
char *upc;
|
||||
struct wpabuf *wps_vendor_ext[MAX_WPS_VENDOR_EXTENSIONS];
|
||||
int wps_nfc_pw_from_config;
|
||||
int wps_nfc_dev_pw_id;
|
||||
struct wpabuf *wps_nfc_dh_pubkey;
|
||||
struct wpabuf *wps_nfc_dh_privkey;
|
||||
|
@ -1595,6 +1595,13 @@ struct wpabuf * hostapd_wps_nfc_hs_cr(struct hostapd_data *hapd, int ndef)
|
||||
|
||||
struct wpabuf * hostapd_wps_nfc_token_gen(struct hostapd_data *hapd, int ndef)
|
||||
{
|
||||
if (hapd->conf->wps_nfc_pw_from_config) {
|
||||
return wps_nfc_token_build(ndef,
|
||||
hapd->conf->wps_nfc_dev_pw_id,
|
||||
hapd->conf->wps_nfc_dh_pubkey,
|
||||
hapd->conf->wps_nfc_dev_pw);
|
||||
}
|
||||
|
||||
return wps_nfc_token_gen(ndef, &hapd->conf->wps_nfc_dev_pw_id,
|
||||
&hapd->conf->wps_nfc_dh_pubkey,
|
||||
&hapd->conf->wps_nfc_dh_privkey,
|
||||
|
@ -810,6 +810,8 @@ u16 wps_config_methods_str2bin(const char *str);
|
||||
struct wpabuf * wps_build_nfc_pw_token(u16 dev_pw_id,
|
||||
const struct wpabuf *pubkey,
|
||||
const struct wpabuf *dev_pw);
|
||||
struct wpabuf * wps_nfc_token_build(int ndef, int id, struct wpabuf *pubkey,
|
||||
struct wpabuf *dev_pw);
|
||||
struct wpabuf * wps_nfc_token_gen(int ndef, int *id, struct wpabuf **pubkey,
|
||||
struct wpabuf **privkey,
|
||||
struct wpabuf **dev_pw);
|
||||
|
@ -562,11 +562,34 @@ struct wpabuf * wps_build_wsc_nack(struct wps_data *wps)
|
||||
|
||||
|
||||
#ifdef CONFIG_WPS_NFC
|
||||
|
||||
struct wpabuf * wps_nfc_token_build(int ndef, int id, struct wpabuf *pubkey,
|
||||
struct wpabuf *dev_pw)
|
||||
{
|
||||
struct wpabuf *ret;
|
||||
|
||||
if (pubkey == NULL || dev_pw == NULL)
|
||||
return NULL;
|
||||
|
||||
ret = wps_build_nfc_pw_token(id, pubkey, dev_pw);
|
||||
if (ndef && ret) {
|
||||
struct wpabuf *tmp;
|
||||
tmp = ndef_build_wifi(ret);
|
||||
wpabuf_free(ret);
|
||||
if (tmp == NULL)
|
||||
return NULL;
|
||||
ret = tmp;
|
||||
}
|
||||
|
||||
return ret;
|
||||
}
|
||||
|
||||
|
||||
struct wpabuf * wps_nfc_token_gen(int ndef, int *id, struct wpabuf **pubkey,
|
||||
struct wpabuf **privkey,
|
||||
struct wpabuf **dev_pw)
|
||||
{
|
||||
struct wpabuf *priv = NULL, *pub = NULL, *pw, *ret;
|
||||
struct wpabuf *priv = NULL, *pub = NULL, *pw;
|
||||
void *dh_ctx;
|
||||
u16 val;
|
||||
|
||||
@ -596,16 +619,7 @@ struct wpabuf * wps_nfc_token_gen(int ndef, int *id, struct wpabuf **pubkey,
|
||||
wpabuf_free(*dev_pw);
|
||||
*dev_pw = pw;
|
||||
|
||||
ret = wps_build_nfc_pw_token(*id, *pubkey, *dev_pw);
|
||||
if (ndef && ret) {
|
||||
struct wpabuf *tmp;
|
||||
tmp = ndef_build_wifi(ret);
|
||||
wpabuf_free(ret);
|
||||
if (tmp == NULL)
|
||||
return NULL;
|
||||
ret = tmp;
|
||||
}
|
||||
|
||||
return ret;
|
||||
return wps_nfc_token_build(ndef, *id, *pubkey, *dev_pw);
|
||||
}
|
||||
|
||||
#endif /* CONFIG_WPS_NFC */
|
||||
|
@ -2980,10 +2980,11 @@ static const struct global_parse_data global_fields[] = {
|
||||
{ INT_RANGE(access_network_type, 0, 15), 0 },
|
||||
{ INT_RANGE(pbc_in_m1, 0, 1), 0 },
|
||||
{ STR(autoscan), 0 },
|
||||
{ INT_RANGE(wps_nfc_dev_pw_id, 0x10, 0xffff), 0 },
|
||||
{ BIN(wps_nfc_dh_pubkey), 0 },
|
||||
{ BIN(wps_nfc_dh_privkey), 0 },
|
||||
{ BIN(wps_nfc_dev_pw), 0 },
|
||||
{ INT_RANGE(wps_nfc_dev_pw_id, 0x10, 0xffff),
|
||||
CFG_CHANGED_NFC_PASSWORD_TOKEN },
|
||||
{ BIN(wps_nfc_dh_pubkey), CFG_CHANGED_NFC_PASSWORD_TOKEN },
|
||||
{ BIN(wps_nfc_dh_privkey), CFG_CHANGED_NFC_PASSWORD_TOKEN },
|
||||
{ BIN(wps_nfc_dev_pw), CFG_CHANGED_NFC_PASSWORD_TOKEN },
|
||||
{ STR(ext_password_backend), CFG_CHANGED_EXT_PW_BACKEND },
|
||||
{ INT(p2p_go_max_inactivity), 0 },
|
||||
{ INT_RANGE(auto_interworking, 0, 1), 0 },
|
||||
@ -3020,6 +3021,8 @@ int wpa_config_process_global(struct wpa_config *config, char *pos, int line)
|
||||
"parse '%s'.", line, pos);
|
||||
ret = -1;
|
||||
}
|
||||
if (field->changed_flag == CFG_CHANGED_NFC_PASSWORD_TOKEN)
|
||||
config->wps_nfc_pw_from_config = 1;
|
||||
config->changed_parameters |= field->changed_flag;
|
||||
break;
|
||||
}
|
||||
|
@ -220,6 +220,7 @@ struct wpa_cred {
|
||||
#define CFG_CHANGED_P2P_OPER_CHANNEL BIT(12)
|
||||
#define CFG_CHANGED_P2P_PREF_CHAN BIT(13)
|
||||
#define CFG_CHANGED_EXT_PW_BACKEND BIT(14)
|
||||
#define CFG_CHANGED_NFC_PASSWORD_TOKEN BIT(15)
|
||||
|
||||
/**
|
||||
* struct wpa_config - wpa_supplicant configuration data
|
||||
@ -705,6 +706,15 @@ struct wpa_config {
|
||||
*/
|
||||
char *autoscan;
|
||||
|
||||
/**
|
||||
* wps_nfc_pw_from_config - NFC Device Password was read from config
|
||||
*
|
||||
* This parameter can be determined whether the NFC Device Password was
|
||||
* included in the configuration (1) or generated dynamically (0). Only
|
||||
* the former case is re-written back to the configuration file.
|
||||
*/
|
||||
int wps_nfc_pw_from_config;
|
||||
|
||||
/**
|
||||
* wps_nfc_dev_pw_id - NFC Device Password ID for password token
|
||||
*/
|
||||
|
@ -950,12 +950,16 @@ static void wpa_config_write_global(FILE *f, struct wpa_config *config)
|
||||
#endif /* CONFIG_INTERWORKING */
|
||||
if (config->pbc_in_m1)
|
||||
fprintf(f, "pbc_in_m1=%u\n", config->pbc_in_m1);
|
||||
if (config->wps_nfc_dev_pw_id)
|
||||
fprintf(f, "wps_nfc_dev_pw_id=%d\n",
|
||||
config->wps_nfc_dev_pw_id);
|
||||
write_global_bin(f, "wps_nfc_dh_pubkey", config->wps_nfc_dh_pubkey);
|
||||
write_global_bin(f, "wps_nfc_dh_privkey", config->wps_nfc_dh_privkey);
|
||||
write_global_bin(f, "wps_nfc_dev_pw", config->wps_nfc_dev_pw);
|
||||
if (config->wps_nfc_pw_from_config) {
|
||||
if (config->wps_nfc_dev_pw_id)
|
||||
fprintf(f, "wps_nfc_dev_pw_id=%d\n",
|
||||
config->wps_nfc_dev_pw_id);
|
||||
write_global_bin(f, "wps_nfc_dh_pubkey",
|
||||
config->wps_nfc_dh_pubkey);
|
||||
write_global_bin(f, "wps_nfc_dh_privkey",
|
||||
config->wps_nfc_dh_privkey);
|
||||
write_global_bin(f, "wps_nfc_dev_pw", config->wps_nfc_dev_pw);
|
||||
}
|
||||
|
||||
if (config->ext_password_backend)
|
||||
fprintf(f, "ext_password_backend=%s\n",
|
||||
|
@ -1832,6 +1832,13 @@ void wpas_wps_update_config(struct wpa_supplicant *wpa_s)
|
||||
|
||||
struct wpabuf * wpas_wps_nfc_token(struct wpa_supplicant *wpa_s, int ndef)
|
||||
{
|
||||
if (wpa_s->conf->wps_nfc_pw_from_config) {
|
||||
return wps_nfc_token_build(ndef,
|
||||
wpa_s->conf->wps_nfc_dev_pw_id,
|
||||
wpa_s->conf->wps_nfc_dh_pubkey,
|
||||
wpa_s->conf->wps_nfc_dev_pw);
|
||||
}
|
||||
|
||||
return wps_nfc_token_gen(ndef, &wpa_s->conf->wps_nfc_dev_pw_id,
|
||||
&wpa_s->conf->wps_nfc_dh_pubkey,
|
||||
&wpa_s->conf->wps_nfc_dh_privkey,
|
||||
|
Loading…
Reference in New Issue
Block a user