mirror of
https://github.com/vanhoefm/fragattacks.git
synced 2025-01-18 10:54:03 -05:00
DPP: Use Transaction ID in Peer Discovery Request/Response frames
DPP tech spec changed the contents of these frames by replacing the public key hash attributes with a Transaction ID attribute that gets copied from the request to the response to identify the transaction in a simpler manner. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This commit is contained in:
parent
a28675da23
commit
85fd8263a5
@ -895,8 +895,8 @@ static void hostapd_dpp_rx_peer_disc_req(struct hostapd_data *hapd,
|
||||
const u8 *buf, size_t len,
|
||||
unsigned int freq)
|
||||
{
|
||||
const u8 *connector;
|
||||
u16 connector_len;
|
||||
const u8 *connector, *trans_id;
|
||||
u16 connector_len, trans_id_len;
|
||||
struct os_time now;
|
||||
struct dpp_introduction intro;
|
||||
os_time_t expire;
|
||||
@ -931,6 +931,14 @@ static void hostapd_dpp_rx_peer_disc_req(struct hostapd_data *hapd,
|
||||
return;
|
||||
}
|
||||
|
||||
trans_id = dpp_get_attr(buf, len, DPP_ATTR_TRANSACTION_ID,
|
||||
&trans_id_len);
|
||||
if (!trans_id || trans_id_len != 1) {
|
||||
wpa_printf(MSG_DEBUG,
|
||||
"DPP: Peer did not include Transaction ID");
|
||||
return;
|
||||
}
|
||||
|
||||
connector = dpp_get_attr(buf, len, DPP_ATTR_CONNECTOR, &connector_len);
|
||||
if (!connector) {
|
||||
wpa_printf(MSG_DEBUG,
|
||||
@ -966,20 +974,14 @@ static void hostapd_dpp_rx_peer_disc_req(struct hostapd_data *hapd,
|
||||
}
|
||||
|
||||
msg = dpp_alloc_msg(DPP_PA_PEER_DISCOVERY_RESP,
|
||||
2 * (4 + SHA256_MAC_LEN) +
|
||||
4 + os_strlen(hapd->conf->dpp_connector));
|
||||
5 + 4 + os_strlen(hapd->conf->dpp_connector));
|
||||
if (!msg)
|
||||
return;
|
||||
|
||||
/* SHA256(PK) */
|
||||
wpabuf_put_le16(msg, DPP_ATTR_PEER_NET_PK_HASH);
|
||||
wpabuf_put_le16(msg, SHA256_MAC_LEN);
|
||||
wpabuf_put_data(msg, intro.pk_hash, SHA256_MAC_LEN);
|
||||
|
||||
/* SHA256(NK) */
|
||||
wpabuf_put_le16(msg, DPP_ATTR_OWN_NET_NK_HASH);
|
||||
wpabuf_put_le16(msg, SHA256_MAC_LEN);
|
||||
wpabuf_put_data(msg, intro.nk_hash, SHA256_MAC_LEN);
|
||||
/* Transaction ID */
|
||||
wpabuf_put_le16(msg, DPP_ATTR_TRANSACTION_ID);
|
||||
wpabuf_put_le16(msg, 1);
|
||||
wpabuf_put_u8(msg, trans_id[0]);
|
||||
|
||||
/* DPP Connector */
|
||||
wpabuf_put_le16(msg, DPP_ATTR_CONNECTOR);
|
||||
|
@ -4577,30 +4577,6 @@ fail:
|
||||
}
|
||||
|
||||
|
||||
static int dpp_netkey_hash(EVP_PKEY *key, u8 *hash)
|
||||
{
|
||||
EC_KEY *eckey;
|
||||
unsigned char *der = NULL;
|
||||
int ret, der_len;
|
||||
const u8 *addr[1];
|
||||
size_t len[1];
|
||||
|
||||
eckey = EVP_PKEY_get1_EC_KEY(key);
|
||||
if (!eckey)
|
||||
return -1;
|
||||
EC_KEY_set_conv_form(eckey, POINT_CONVERSION_COMPRESSED);
|
||||
der_len = i2d_EC_PUBKEY(eckey, &der);
|
||||
EC_KEY_free(eckey);
|
||||
if (der_len <= 0)
|
||||
return -1;
|
||||
addr[0] = der;
|
||||
len[0] = der_len;
|
||||
ret = sha256_vector(1, addr, len, hash);
|
||||
OPENSSL_free(der);
|
||||
return ret;
|
||||
}
|
||||
|
||||
|
||||
int dpp_peer_intro(struct dpp_introduction *intro, const char *own_connector,
|
||||
const u8 *net_access_key, size_t net_access_key_len,
|
||||
const u8 *csign_key, size_t csign_key_len,
|
||||
@ -4753,12 +4729,6 @@ int dpp_peer_intro(struct dpp_introduction *intro, const char *own_connector,
|
||||
goto fail;
|
||||
}
|
||||
|
||||
if (dpp_netkey_hash(own_key, intro->nk_hash) < 0 ||
|
||||
dpp_netkey_hash(peer_key, intro->pk_hash) < 0) {
|
||||
wpa_printf(MSG_ERROR, "DPP: Failed to derive NK/PK hash");
|
||||
goto fail;
|
||||
}
|
||||
|
||||
ret = 0;
|
||||
fail:
|
||||
if (ret < 0)
|
||||
|
@ -44,12 +44,12 @@ enum dpp_attribute_id {
|
||||
DPP_ATTR_CONNECTOR = 0x100D,
|
||||
DPP_ATTR_CONFIG_ATTR_OBJ = 0x100E,
|
||||
DPP_ATTR_BOOTSTRAP_KEY = 0x100F,
|
||||
DPP_ATTR_PEER_NET_PK_HASH = 0x1010,
|
||||
DPP_ATTR_OWN_NET_NK_HASH = 0x1011,
|
||||
DPP_ATTR_FINITE_CYCLIC_GROUP = 0x1012,
|
||||
DPP_ATTR_ENCRYPTED_KEY = 0x1013,
|
||||
DPP_ATTR_ENROLLEE_NONCE = 0x1014,
|
||||
DPP_ATTR_CODE_IDENTIFIER = 0x1015,
|
||||
DPP_ATTR_TRANSACTION_ID = 0x1016,
|
||||
};
|
||||
|
||||
enum dpp_status_error {
|
||||
@ -201,8 +201,6 @@ struct dpp_introduction {
|
||||
u8 pmkid[PMKID_LEN];
|
||||
u8 pmk[PMK_LEN_MAX];
|
||||
size_t pmk_len;
|
||||
u8 pk_hash[SHA256_MAC_LEN];
|
||||
u8 nk_hash[SHA256_MAC_LEN];
|
||||
};
|
||||
|
||||
void dpp_bootstrap_info_free(struct dpp_bootstrap_info *info);
|
||||
|
@ -38,6 +38,10 @@ static void wpas_dpp_tx_status(struct wpa_supplicant *wpa_s,
|
||||
|
||||
static const u8 broadcast[ETH_ALEN] = { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff };
|
||||
|
||||
/* Use a hardcoded Transaction ID 1 in Peer Discovery frames since there is only
|
||||
* a single transaction in progress at any point in time. */
|
||||
static const u8 TRANSACTION_ID = 1;
|
||||
|
||||
|
||||
static struct dpp_configurator *
|
||||
dpp_configurator_get_id(struct wpa_supplicant *wpa_s, unsigned int id)
|
||||
@ -1256,8 +1260,8 @@ static void wpas_dpp_rx_peer_disc_resp(struct wpa_supplicant *wpa_s,
|
||||
const u8 *buf, size_t len)
|
||||
{
|
||||
struct wpa_ssid *ssid;
|
||||
const u8 *connector, *pk_hash, *nk_hash;
|
||||
u16 connector_len, pk_hash_len, nk_hash_len;
|
||||
const u8 *connector, *trans_id;
|
||||
u16 connector_len, trans_id_len;
|
||||
struct dpp_introduction intro;
|
||||
struct rsn_pmksa_cache_entry *entry;
|
||||
struct os_time now;
|
||||
@ -1286,6 +1290,20 @@ static void wpas_dpp_rx_peer_disc_resp(struct wpa_supplicant *wpa_s,
|
||||
return;
|
||||
}
|
||||
|
||||
trans_id = dpp_get_attr(buf, len, DPP_ATTR_TRANSACTION_ID,
|
||||
&trans_id_len);
|
||||
if (!trans_id || trans_id_len != 1) {
|
||||
wpa_printf(MSG_DEBUG,
|
||||
"DPP: Peer did not include Transaction ID");
|
||||
goto fail;
|
||||
}
|
||||
if (trans_id[0] != TRANSACTION_ID) {
|
||||
wpa_printf(MSG_DEBUG,
|
||||
"DPP: Ignore frame with unexpected Transaction ID %u",
|
||||
trans_id[0]);
|
||||
goto fail;
|
||||
}
|
||||
|
||||
connector = dpp_get_attr(buf, len, DPP_ATTR_CONNECTOR, &connector_len);
|
||||
if (!connector) {
|
||||
wpa_printf(MSG_DEBUG,
|
||||
@ -1304,36 +1322,6 @@ static void wpas_dpp_rx_peer_disc_resp(struct wpa_supplicant *wpa_s,
|
||||
goto fail;
|
||||
}
|
||||
|
||||
pk_hash = dpp_get_attr(buf, len, DPP_ATTR_PEER_NET_PK_HASH,
|
||||
&pk_hash_len);
|
||||
if (!pk_hash || pk_hash_len != SHA256_MAC_LEN) {
|
||||
wpa_printf(MSG_DEBUG, "DPP: Peer did not include SHA256(PK)");
|
||||
goto fail;
|
||||
}
|
||||
if (os_memcmp(pk_hash, intro.nk_hash, SHA256_MAC_LEN) != 0) {
|
||||
wpa_printf(MSG_DEBUG, "DPP: SHA256(PK) mismatch");
|
||||
wpa_hexdump(MSG_DEBUG, "DPP: Received SHA256(PK)",
|
||||
pk_hash, pk_hash_len);
|
||||
wpa_hexdump(MSG_DEBUG, "DPP: Calculated SHA256(PK)",
|
||||
intro.nk_hash, SHA256_MAC_LEN);
|
||||
goto fail;
|
||||
}
|
||||
|
||||
nk_hash = dpp_get_attr(buf, len, DPP_ATTR_OWN_NET_NK_HASH,
|
||||
&nk_hash_len);
|
||||
if (!nk_hash || nk_hash_len != SHA256_MAC_LEN) {
|
||||
wpa_printf(MSG_DEBUG, "DPP: Peer did not include SHA256(NK)");
|
||||
goto fail;
|
||||
}
|
||||
if (os_memcmp(nk_hash, intro.pk_hash, SHA256_MAC_LEN) != 0) {
|
||||
wpa_printf(MSG_DEBUG, "DPP: SHA256(NK) mismatch");
|
||||
wpa_hexdump(MSG_DEBUG, "DPP: Received SHA256(NK)",
|
||||
nk_hash, nk_hash_len);
|
||||
wpa_hexdump(MSG_DEBUG, "DPP: Calculated SHA256(NK)",
|
||||
intro.pk_hash, SHA256_MAC_LEN);
|
||||
goto fail;
|
||||
}
|
||||
|
||||
entry = os_zalloc(sizeof(*entry));
|
||||
if (!entry)
|
||||
goto fail;
|
||||
@ -1872,10 +1860,15 @@ int wpas_dpp_check_connect(struct wpa_supplicant *wpa_s, struct wpa_ssid *ssid,
|
||||
MACSTR, MAC2STR(bss->bssid));
|
||||
|
||||
msg = dpp_alloc_msg(DPP_PA_PEER_DISCOVERY_REQ,
|
||||
4 + os_strlen(ssid->dpp_connector));
|
||||
5 + 4 + os_strlen(ssid->dpp_connector));
|
||||
if (!msg)
|
||||
return -1;
|
||||
|
||||
/* Transaction ID */
|
||||
wpabuf_put_le16(msg, DPP_ATTR_TRANSACTION_ID);
|
||||
wpabuf_put_le16(msg, 1);
|
||||
wpabuf_put_u8(msg, TRANSACTION_ID);
|
||||
|
||||
/* DPP Connector */
|
||||
wpabuf_put_le16(msg, DPP_ATTR_CONNECTOR);
|
||||
wpabuf_put_le16(msg, os_strlen(ssid->dpp_connector));
|
||||
|
Loading…
Reference in New Issue
Block a user