Amazing-Mirror/fragattacks
1
0
Fork 0
mirror of https://github.com/vanhoefm/fragattacks.git synced 2024-11-29 02:38:22 -05:00
Code Issues Projects Releases Wiki Activity

DPP: Extend protocol testing to cover missing attributes in PKEX

Browse Source 
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This commit is contained in:
Jouni Malinen 2017-11-02 23:53:55 +02:00 committed by Jouni Malinen
parent b3e4cc5cbb
commit 61f9f27f80
2 changed files with 98 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

89
src/common/dpp.c
View File

@ -5522,11 +5522,22 @@ static struct wpabuf * dpp_pkex_build_exchange_req(struct dpp_pkex *pkex)
if (!msg) if (!msg)
goto fail; goto fail;
#ifdef CONFIG_TESTING_OPTIONS
if (dpp_test == DPP_TEST_NO_FINITE_CYCLIC_GROUP_PKEX_EXCHANGE_REQ) {
wpa_printf(MSG_INFO, "DPP: TESTING - no Finite Cyclic Group");
goto skip_finite_cyclic_group;
}
#endif /* CONFIG_TESTING_OPTIONS */
/* Finite Cyclic Group attribute */ /* Finite Cyclic Group attribute */
wpabuf_put_le16(msg, DPP_ATTR_FINITE_CYCLIC_GROUP); wpabuf_put_le16(msg, DPP_ATTR_FINITE_CYCLIC_GROUP);
wpabuf_put_le16(msg, 2); wpabuf_put_le16(msg, 2);
wpabuf_put_le16(msg, curve->ike_group); wpabuf_put_le16(msg, curve->ike_group);
#ifdef CONFIG_TESTING_OPTIONS
skip_finite_cyclic_group:
#endif /* CONFIG_TESTING_OPTIONS */
/* Code Identifier attribute */ /* Code Identifier attribute */
if (pkex->identifier) { if (pkex->identifier) {
wpabuf_put_le16(msg, DPP_ATTR_CODE_IDENTIFIER); wpabuf_put_le16(msg, DPP_ATTR_CODE_IDENTIFIER);
@ -5534,6 +5545,13 @@ static struct wpabuf * dpp_pkex_build_exchange_req(struct dpp_pkex *pkex)
wpabuf_put_str(msg, pkex->identifier); wpabuf_put_str(msg, pkex->identifier);
} }
#ifdef CONFIG_TESTING_OPTIONS
if (dpp_test == DPP_TEST_NO_ENCRYPTED_KEY_PKEX_EXCHANGE_REQ) {
wpa_printf(MSG_INFO, "DPP: TESTING - no Encrypted Key");
goto out;
}
#endif /* CONFIG_TESTING_OPTIONS */
/* M in Encrypted Key attribute */ /* M in Encrypted Key attribute */
wpabuf_put_le16(msg, DPP_ATTR_ENCRYPTED_KEY); wpabuf_put_le16(msg, DPP_ATTR_ENCRYPTED_KEY);
wpabuf_put_le16(msg, 2 * curve->prime_len); wpabuf_put_le16(msg, 2 * curve->prime_len);
@ -5634,11 +5652,22 @@ static struct wpabuf * dpp_pkex_build_exchange_resp(struct dpp_pkex *pkex,
if (!msg) if (!msg)
goto fail; goto fail;
#ifdef CONFIG_TESTING_OPTIONS
if (dpp_test == DPP_TEST_NO_STATUS_PKEX_EXCHANGE_RESP) {
wpa_printf(MSG_INFO, "DPP: TESTING - no Status");
goto skip_status;
}
#endif /* CONFIG_TESTING_OPTIONS */
/* DPP Status */ /* DPP Status */
wpabuf_put_le16(msg, DPP_ATTR_STATUS); wpabuf_put_le16(msg, DPP_ATTR_STATUS);
wpabuf_put_le16(msg, 1); wpabuf_put_le16(msg, 1);
wpabuf_put_u8(msg, DPP_STATUS_OK); wpabuf_put_u8(msg, DPP_STATUS_OK);
#ifdef CONFIG_TESTING_OPTIONS
skip_status:
#endif /* CONFIG_TESTING_OPTIONS */
/* Code Identifier attribute */ /* Code Identifier attribute */
if (pkex->identifier) { if (pkex->identifier) {
wpabuf_put_le16(msg, DPP_ATTR_CODE_IDENTIFIER); wpabuf_put_le16(msg, DPP_ATTR_CODE_IDENTIFIER);
@ -5646,6 +5675,13 @@ static struct wpabuf * dpp_pkex_build_exchange_resp(struct dpp_pkex *pkex,
wpabuf_put_str(msg, pkex->identifier); wpabuf_put_str(msg, pkex->identifier);
} }
#ifdef CONFIG_TESTING_OPTIONS
if (dpp_test == DPP_TEST_NO_ENCRYPTED_KEY_PKEX_EXCHANGE_RESP) {
wpa_printf(MSG_INFO, "DPP: TESTING - no Encrypted Key");
goto skip_encrypted_key;
}
#endif /* CONFIG_TESTING_OPTIONS */
/* N in Encrypted Key attribute */ /* N in Encrypted Key attribute */
wpabuf_put_le16(msg, DPP_ATTR_ENCRYPTED_KEY); wpabuf_put_le16(msg, DPP_ATTR_ENCRYPTED_KEY);
wpabuf_put_le16(msg, 2 * curve->prime_len); wpabuf_put_le16(msg, 2 * curve->prime_len);
@ -5672,6 +5708,9 @@ static struct wpabuf * dpp_pkex_build_exchange_resp(struct dpp_pkex *pkex,
os_memset(wpabuf_put(msg, offset), 0, offset); os_memset(wpabuf_put(msg, offset), 0, offset);
BN_bn2bin(Ny, wpabuf_put(msg, num_bytes)); BN_bn2bin(Ny, wpabuf_put(msg, num_bytes));
#ifdef CONFIG_TESTING_OPTIONS
skip_encrypted_key:
#endif /* CONFIG_TESTING_OPTIONS */
return msg; return msg;
fail: fail:
wpabuf_free(msg); wpabuf_free(msg);
@ -5930,16 +5969,39 @@ dpp_pkex_build_commit_reveal_req(struct dpp_pkex *pkex,
if (!clear || !msg) if (!clear || !msg)
goto fail; goto fail;
#ifdef CONFIG_TESTING_OPTIONS
if (dpp_test == DPP_TEST_NO_BOOTSTRAP_KEY_PKEX_CR_REQ) {
wpa_printf(MSG_INFO, "DPP: TESTING - no Bootstrap Key");
goto skip_bootstrap_key;
}
#endif /* CONFIG_TESTING_OPTIONS */
/* A in Bootstrap Key attribute */ /* A in Bootstrap Key attribute */
wpabuf_put_le16(clear, DPP_ATTR_BOOTSTRAP_KEY); wpabuf_put_le16(clear, DPP_ATTR_BOOTSTRAP_KEY);
wpabuf_put_le16(clear, wpabuf_len(A_pub)); wpabuf_put_le16(clear, wpabuf_len(A_pub));
wpabuf_put_buf(clear, A_pub); wpabuf_put_buf(clear, A_pub);
#ifdef CONFIG_TESTING_OPTIONS
skip_bootstrap_key:
if (dpp_test == DPP_TEST_NO_I_AUTH_TAG_PKEX_CR_REQ) {
wpa_printf(MSG_INFO, "DPP: TESTING - no I-Auth tag");
goto skip_i_auth_tag;
}
#endif /* CONFIG_TESTING_OPTIONS */
/* u in I-Auth tag attribute */ /* u in I-Auth tag attribute */
wpabuf_put_le16(clear, DPP_ATTR_I_AUTH_TAG); wpabuf_put_le16(clear, DPP_ATTR_I_AUTH_TAG);
wpabuf_put_le16(clear, curve->hash_len); wpabuf_put_le16(clear, curve->hash_len);
wpabuf_put_data(clear, u, curve->hash_len); wpabuf_put_data(clear, u, curve->hash_len);
#ifdef CONFIG_TESTING_OPTIONS
skip_i_auth_tag:
if (dpp_test == DPP_TEST_NO_WRAPPED_DATA_PKEX_CR_REQ) {
wpa_printf(MSG_INFO, "DPP: TESTING - no Wrapped Data");
goto skip_wrapped_data;
}
#endif /* CONFIG_TESTING_OPTIONS */
addr[0] = wpabuf_head_u8(msg) + 2; addr[0] = wpabuf_head_u8(msg) + 2;
len[0] = DPP_HDR_LEN; len[0] = DPP_HDR_LEN;
octet = 0; octet = 0;
@ -5966,6 +6028,7 @@ dpp_pkex_build_commit_reveal_req(struct dpp_pkex *pkex,
wpabuf_put_le16(msg, DPP_ATTR_TESTING); wpabuf_put_le16(msg, DPP_ATTR_TESTING);
wpabuf_put_le16(msg, 0); wpabuf_put_le16(msg, 0);
} }
skip_wrapped_data:
#endif /* CONFIG_TESTING_OPTIONS */ #endif /* CONFIG_TESTING_OPTIONS */
out: out:
@ -6180,16 +6243,39 @@ dpp_pkex_build_commit_reveal_resp(struct dpp_pkex *pkex,
if (!clear || !msg) if (!clear || !msg)
goto fail; goto fail;
/* A in Bootstrap Key attribute */ #ifdef CONFIG_TESTING_OPTIONS
if (dpp_test == DPP_TEST_NO_BOOTSTRAP_KEY_PKEX_CR_RESP) {
wpa_printf(MSG_INFO, "DPP: TESTING - no Bootstrap Key");
goto skip_bootstrap_key;
}
#endif /* CONFIG_TESTING_OPTIONS */
/* B in Bootstrap Key attribute */
wpabuf_put_le16(clear, DPP_ATTR_BOOTSTRAP_KEY); wpabuf_put_le16(clear, DPP_ATTR_BOOTSTRAP_KEY);
wpabuf_put_le16(clear, wpabuf_len(B_pub)); wpabuf_put_le16(clear, wpabuf_len(B_pub));
wpabuf_put_buf(clear, B_pub); wpabuf_put_buf(clear, B_pub);
#ifdef CONFIG_TESTING_OPTIONS
skip_bootstrap_key:
if (dpp_test == DPP_TEST_NO_R_AUTH_TAG_PKEX_CR_RESP) {
wpa_printf(MSG_INFO, "DPP: TESTING - no R-Auth tag");
goto skip_r_auth_tag;
}
#endif /* CONFIG_TESTING_OPTIONS */
/* v in R-Auth tag attribute */ /* v in R-Auth tag attribute */
wpabuf_put_le16(clear, DPP_ATTR_R_AUTH_TAG); wpabuf_put_le16(clear, DPP_ATTR_R_AUTH_TAG);
wpabuf_put_le16(clear, curve->hash_len); wpabuf_put_le16(clear, curve->hash_len);
wpabuf_put_data(clear, v, curve->hash_len); wpabuf_put_data(clear, v, curve->hash_len);
#ifdef CONFIG_TESTING_OPTIONS
skip_r_auth_tag:
if (dpp_test == DPP_TEST_NO_WRAPPED_DATA_PKEX_CR_RESP) {
wpa_printf(MSG_INFO, "DPP: TESTING - no Wrapped Data");
goto skip_wrapped_data;
}
#endif /* CONFIG_TESTING_OPTIONS */
addr[0] = wpabuf_head_u8(msg) + 2; addr[0] = wpabuf_head_u8(msg) + 2;
len[0] = DPP_HDR_LEN; len[0] = DPP_HDR_LEN;
octet = 1; octet = 1;
@ -6216,6 +6302,7 @@ dpp_pkex_build_commit_reveal_resp(struct dpp_pkex *pkex,
wpabuf_put_le16(msg, DPP_ATTR_TESTING); wpabuf_put_le16(msg, DPP_ATTR_TESTING);
wpabuf_put_le16(msg, 0); wpabuf_put_le16(msg, 0);
} }
skip_wrapped_data:
#endif /* CONFIG_TESTING_OPTIONS */ #endif /* CONFIG_TESTING_OPTIONS */
out: out:

10
src/common/dpp.h
View File

@ -246,6 +246,16 @@ enum dpp_test_behavior {
DPP_TEST_INCOMPATIBLE_R_CAPAB_AUTH_RESP = 31, DPP_TEST_INCOMPATIBLE_R_CAPAB_AUTH_RESP = 31,
DPP_TEST_R_AUTH_MISMATCH_AUTH_RESP = 32, DPP_TEST_R_AUTH_MISMATCH_AUTH_RESP = 32,
DPP_TEST_I_AUTH_MISMATCH_AUTH_CONF = 33, DPP_TEST_I_AUTH_MISMATCH_AUTH_CONF = 33,
DPP_TEST_NO_FINITE_CYCLIC_GROUP_PKEX_EXCHANGE_REQ = 34,
DPP_TEST_NO_ENCRYPTED_KEY_PKEX_EXCHANGE_REQ = 35,
DPP_TEST_NO_STATUS_PKEX_EXCHANGE_RESP = 36,
DPP_TEST_NO_ENCRYPTED_KEY_PKEX_EXCHANGE_RESP = 37,
DPP_TEST_NO_BOOTSTRAP_KEY_PKEX_CR_REQ = 38,
DPP_TEST_NO_I_AUTH_TAG_PKEX_CR_REQ = 39,
DPP_TEST_NO_WRAPPED_DATA_PKEX_CR_REQ = 40,
DPP_TEST_NO_BOOTSTRAP_KEY_PKEX_CR_RESP = 41,
DPP_TEST_NO_R_AUTH_TAG_PKEX_CR_RESP = 42,
DPP_TEST_NO_WRAPPED_DATA_PKEX_CR_RESP = 43,
}; };
extern enum dpp_test_behavior dpp_test; extern enum dpp_test_behavior dpp_test;