From 61f9f27f801ab81f199fd7fcb4ec060db839b6f9 Mon Sep 17 00:00:00 2001
From: Jouni Malinen <jouni@qca.qualcomm.com>
Date: Thu, 2 Nov 2017 23:53:55 +0200
Subject: [PATCH] DPP: Extend protocol testing to cover missing attributes in
 PKEX

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
---
 src/common/dpp.c | 89 +++++++++++++++++++++++++++++++++++++++++++++++-
 src/common/dpp.h | 10 ++++++
 2 files changed, 98 insertions(+), 1 deletion(-)

diff --git a/src/common/dpp.c b/src/common/dpp.c
index 5aededd03..206793a7b 100644
--- a/src/common/dpp.c
+++ b/src/common/dpp.c
@@ -5522,11 +5522,22 @@ static struct wpabuf * dpp_pkex_build_exchange_req(struct dpp_pkex *pkex)
 	if (!msg)
 		goto fail;
 
+#ifdef CONFIG_TESTING_OPTIONS
+	if (dpp_test == DPP_TEST_NO_FINITE_CYCLIC_GROUP_PKEX_EXCHANGE_REQ) {
+		wpa_printf(MSG_INFO, "DPP: TESTING - no Finite Cyclic Group");
+		goto skip_finite_cyclic_group;
+	}
+#endif /* CONFIG_TESTING_OPTIONS */
+
 	/* Finite Cyclic Group attribute */
 	wpabuf_put_le16(msg, DPP_ATTR_FINITE_CYCLIC_GROUP);
 	wpabuf_put_le16(msg, 2);
 	wpabuf_put_le16(msg, curve->ike_group);
 
+#ifdef CONFIG_TESTING_OPTIONS
+skip_finite_cyclic_group:
+#endif /* CONFIG_TESTING_OPTIONS */
+
 	/* Code Identifier attribute */
 	if (pkex->identifier) {
 		wpabuf_put_le16(msg, DPP_ATTR_CODE_IDENTIFIER);
@@ -5534,6 +5545,13 @@ static struct wpabuf * dpp_pkex_build_exchange_req(struct dpp_pkex *pkex)
 		wpabuf_put_str(msg, pkex->identifier);
 	}
 
+#ifdef CONFIG_TESTING_OPTIONS
+	if (dpp_test == DPP_TEST_NO_ENCRYPTED_KEY_PKEX_EXCHANGE_REQ) {
+		wpa_printf(MSG_INFO, "DPP: TESTING - no Encrypted Key");
+		goto out;
+	}
+#endif /* CONFIG_TESTING_OPTIONS */
+
 	/* M in Encrypted Key attribute */
 	wpabuf_put_le16(msg, DPP_ATTR_ENCRYPTED_KEY);
 	wpabuf_put_le16(msg, 2 * curve->prime_len);
@@ -5634,11 +5652,22 @@ static struct wpabuf * dpp_pkex_build_exchange_resp(struct dpp_pkex *pkex,
 	if (!msg)
 		goto fail;
 
+#ifdef CONFIG_TESTING_OPTIONS
+	if (dpp_test == DPP_TEST_NO_STATUS_PKEX_EXCHANGE_RESP) {
+		wpa_printf(MSG_INFO, "DPP: TESTING - no Status");
+		goto skip_status;
+	}
+#endif /* CONFIG_TESTING_OPTIONS */
+
 	/* DPP Status */
 	wpabuf_put_le16(msg, DPP_ATTR_STATUS);
 	wpabuf_put_le16(msg, 1);
 	wpabuf_put_u8(msg, DPP_STATUS_OK);
 
+#ifdef CONFIG_TESTING_OPTIONS
+skip_status:
+#endif /* CONFIG_TESTING_OPTIONS */
+
 	/* Code Identifier attribute */
 	if (pkex->identifier) {
 		wpabuf_put_le16(msg, DPP_ATTR_CODE_IDENTIFIER);
@@ -5646,6 +5675,13 @@ static struct wpabuf * dpp_pkex_build_exchange_resp(struct dpp_pkex *pkex,
 		wpabuf_put_str(msg, pkex->identifier);
 	}
 
+#ifdef CONFIG_TESTING_OPTIONS
+	if (dpp_test == DPP_TEST_NO_ENCRYPTED_KEY_PKEX_EXCHANGE_RESP) {
+		wpa_printf(MSG_INFO, "DPP: TESTING - no Encrypted Key");
+		goto skip_encrypted_key;
+	}
+#endif /* CONFIG_TESTING_OPTIONS */
+
 	/* N in Encrypted Key attribute */
 	wpabuf_put_le16(msg, DPP_ATTR_ENCRYPTED_KEY);
 	wpabuf_put_le16(msg, 2 * curve->prime_len);
@@ -5672,6 +5708,9 @@ static struct wpabuf * dpp_pkex_build_exchange_resp(struct dpp_pkex *pkex,
 	os_memset(wpabuf_put(msg, offset), 0, offset);
 	BN_bn2bin(Ny, wpabuf_put(msg, num_bytes));
 
+#ifdef CONFIG_TESTING_OPTIONS
+skip_encrypted_key:
+#endif /* CONFIG_TESTING_OPTIONS */
 	return msg;
 fail:
 	wpabuf_free(msg);
@@ -5930,16 +5969,39 @@ dpp_pkex_build_commit_reveal_req(struct dpp_pkex *pkex,
 	if (!clear || !msg)
 		goto fail;
 
+#ifdef CONFIG_TESTING_OPTIONS
+	if (dpp_test == DPP_TEST_NO_BOOTSTRAP_KEY_PKEX_CR_REQ) {
+		wpa_printf(MSG_INFO, "DPP: TESTING - no Bootstrap Key");
+		goto skip_bootstrap_key;
+	}
+#endif /* CONFIG_TESTING_OPTIONS */
+
 	/* A in Bootstrap Key attribute */
 	wpabuf_put_le16(clear, DPP_ATTR_BOOTSTRAP_KEY);
 	wpabuf_put_le16(clear, wpabuf_len(A_pub));
 	wpabuf_put_buf(clear, A_pub);
 
+#ifdef CONFIG_TESTING_OPTIONS
+skip_bootstrap_key:
+	if (dpp_test == DPP_TEST_NO_I_AUTH_TAG_PKEX_CR_REQ) {
+		wpa_printf(MSG_INFO, "DPP: TESTING - no I-Auth tag");
+		goto skip_i_auth_tag;
+	}
+#endif /* CONFIG_TESTING_OPTIONS */
+
 	/* u in I-Auth tag attribute */
 	wpabuf_put_le16(clear, DPP_ATTR_I_AUTH_TAG);
 	wpabuf_put_le16(clear, curve->hash_len);
 	wpabuf_put_data(clear, u, curve->hash_len);
 
+#ifdef CONFIG_TESTING_OPTIONS
+skip_i_auth_tag:
+	if (dpp_test == DPP_TEST_NO_WRAPPED_DATA_PKEX_CR_REQ) {
+		wpa_printf(MSG_INFO, "DPP: TESTING - no Wrapped Data");
+		goto skip_wrapped_data;
+	}
+#endif /* CONFIG_TESTING_OPTIONS */
+
 	addr[0] = wpabuf_head_u8(msg) + 2;
 	len[0] = DPP_HDR_LEN;
 	octet = 0;
@@ -5966,6 +6028,7 @@ dpp_pkex_build_commit_reveal_req(struct dpp_pkex *pkex,
 		wpabuf_put_le16(msg, DPP_ATTR_TESTING);
 		wpabuf_put_le16(msg, 0);
 	}
+skip_wrapped_data:
 #endif /* CONFIG_TESTING_OPTIONS */
 
 out:
@@ -6180,16 +6243,39 @@ dpp_pkex_build_commit_reveal_resp(struct dpp_pkex *pkex,
 	if (!clear || !msg)
 		goto fail;
 
-	/* A in Bootstrap Key attribute */
+#ifdef CONFIG_TESTING_OPTIONS
+	if (dpp_test == DPP_TEST_NO_BOOTSTRAP_KEY_PKEX_CR_RESP) {
+		wpa_printf(MSG_INFO, "DPP: TESTING - no Bootstrap Key");
+		goto skip_bootstrap_key;
+	}
+#endif /* CONFIG_TESTING_OPTIONS */
+
+	/* B in Bootstrap Key attribute */
 	wpabuf_put_le16(clear, DPP_ATTR_BOOTSTRAP_KEY);
 	wpabuf_put_le16(clear, wpabuf_len(B_pub));
 	wpabuf_put_buf(clear, B_pub);
 
+#ifdef CONFIG_TESTING_OPTIONS
+skip_bootstrap_key:
+	if (dpp_test == DPP_TEST_NO_R_AUTH_TAG_PKEX_CR_RESP) {
+		wpa_printf(MSG_INFO, "DPP: TESTING - no R-Auth tag");
+		goto skip_r_auth_tag;
+	}
+#endif /* CONFIG_TESTING_OPTIONS */
+
 	/* v in R-Auth tag attribute */
 	wpabuf_put_le16(clear, DPP_ATTR_R_AUTH_TAG);
 	wpabuf_put_le16(clear, curve->hash_len);
 	wpabuf_put_data(clear, v, curve->hash_len);
 
+#ifdef CONFIG_TESTING_OPTIONS
+skip_r_auth_tag:
+	if (dpp_test == DPP_TEST_NO_WRAPPED_DATA_PKEX_CR_RESP) {
+		wpa_printf(MSG_INFO, "DPP: TESTING - no Wrapped Data");
+		goto skip_wrapped_data;
+	}
+#endif /* CONFIG_TESTING_OPTIONS */
+
 	addr[0] = wpabuf_head_u8(msg) + 2;
 	len[0] = DPP_HDR_LEN;
 	octet = 1;
@@ -6216,6 +6302,7 @@ dpp_pkex_build_commit_reveal_resp(struct dpp_pkex *pkex,
 		wpabuf_put_le16(msg, DPP_ATTR_TESTING);
 		wpabuf_put_le16(msg, 0);
 	}
+skip_wrapped_data:
 #endif /* CONFIG_TESTING_OPTIONS */
 
 out:
diff --git a/src/common/dpp.h b/src/common/dpp.h
index 7d073db5a..f50948b9e 100644
--- a/src/common/dpp.h
+++ b/src/common/dpp.h
@@ -246,6 +246,16 @@ enum dpp_test_behavior {
 	DPP_TEST_INCOMPATIBLE_R_CAPAB_AUTH_RESP = 31,
 	DPP_TEST_R_AUTH_MISMATCH_AUTH_RESP = 32,
 	DPP_TEST_I_AUTH_MISMATCH_AUTH_CONF = 33,
+	DPP_TEST_NO_FINITE_CYCLIC_GROUP_PKEX_EXCHANGE_REQ = 34,
+	DPP_TEST_NO_ENCRYPTED_KEY_PKEX_EXCHANGE_REQ = 35,
+	DPP_TEST_NO_STATUS_PKEX_EXCHANGE_RESP = 36,
+	DPP_TEST_NO_ENCRYPTED_KEY_PKEX_EXCHANGE_RESP = 37,
+	DPP_TEST_NO_BOOTSTRAP_KEY_PKEX_CR_REQ = 38,
+	DPP_TEST_NO_I_AUTH_TAG_PKEX_CR_REQ = 39,
+	DPP_TEST_NO_WRAPPED_DATA_PKEX_CR_REQ = 40,
+	DPP_TEST_NO_BOOTSTRAP_KEY_PKEX_CR_RESP = 41,
+	DPP_TEST_NO_R_AUTH_TAG_PKEX_CR_RESP = 42,
+	DPP_TEST_NO_WRAPPED_DATA_PKEX_CR_RESP = 43,
 };
 
 extern enum dpp_test_behavior dpp_test;