mirror of
https://github.com/vanhoefm/fragattacks.git
synced 2024-11-25 00:38:24 -05:00
DPP: Remove devices object from the connector
This was removed from the draft DPP tech spec, so remove it from the implementation as well. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This commit is contained in:
parent
d1888b142e
commit
a4bf007877
@ -1298,9 +1298,6 @@ static int hostapd_ctrl_iface_set(struct hostapd_data *hapd, char *cmd)
|
||||
} else if (os_strcasecmp(cmd, "dpp_groups_override") == 0) {
|
||||
os_free(hapd->dpp_groups_override);
|
||||
hapd->dpp_groups_override = os_strdup(value);
|
||||
} else if (os_strcasecmp(cmd, "dpp_devices_override") == 0) {
|
||||
os_free(hapd->dpp_devices_override);
|
||||
hapd->dpp_devices_override = os_strdup(value);
|
||||
} else if (os_strcasecmp(cmd,
|
||||
"dpp_ignore_netaccesskey_mismatch") == 0) {
|
||||
hapd->dpp_ignore_netaccesskey_mismatch = atoi(value);
|
||||
|
@ -320,8 +320,6 @@ static void hostapd_dpp_set_testing_options(struct hostapd_data *hapd,
|
||||
os_strdup(hapd->dpp_discovery_override);
|
||||
if (hapd->dpp_groups_override)
|
||||
auth->groups_override = os_strdup(hapd->dpp_groups_override);
|
||||
if (hapd->dpp_devices_override)
|
||||
auth->devices_override = os_strdup(hapd->dpp_devices_override);
|
||||
auth->ignore_netaccesskey_mismatch =
|
||||
hapd->dpp_ignore_netaccesskey_mismatch;
|
||||
#endif /* CONFIG_TESTING_OPTIONS */
|
||||
@ -1476,8 +1474,6 @@ void hostapd_dpp_deinit(struct hostapd_data *hapd)
|
||||
hapd->dpp_discovery_override = NULL;
|
||||
os_free(hapd->dpp_groups_override);
|
||||
hapd->dpp_groups_override = NULL;
|
||||
os_free(hapd->dpp_devices_override);
|
||||
hapd->dpp_devices_override = NULL;
|
||||
hapd->dpp_ignore_netaccesskey_mismatch = 0;
|
||||
#endif /* CONFIG_TESTING_OPTIONS */
|
||||
if (!hapd->dpp_init_done)
|
||||
|
@ -344,7 +344,6 @@ struct hostapd_data {
|
||||
char *dpp_config_obj_override;
|
||||
char *dpp_discovery_override;
|
||||
char *dpp_groups_override;
|
||||
char *dpp_devices_override;
|
||||
unsigned int dpp_ignore_netaccesskey_mismatch:1;
|
||||
#endif /* CONFIG_TESTING_OPTIONS */
|
||||
#endif /* CONFIG_DPP */
|
||||
|
178
src/common/dpp.c
178
src/common/dpp.c
@ -2890,7 +2890,6 @@ void dpp_auth_deinit(struct dpp_authentication *auth)
|
||||
os_free(auth->config_obj_override);
|
||||
os_free(auth->discovery_override);
|
||||
os_free(auth->groups_override);
|
||||
os_free(auth->devices_override);
|
||||
#endif /* CONFIG_TESTING_OPTIONS */
|
||||
bin_clear_free(auth, sizeof(*auth));
|
||||
}
|
||||
@ -3028,8 +3027,6 @@ dpp_build_conf_obj_dpp(struct dpp_authentication *auth, int ap,
|
||||
#ifdef CONFIG_TESTING_OPTIONS
|
||||
if (auth->groups_override)
|
||||
extra_len += os_strlen(auth->groups_override);
|
||||
if (auth->devices_override)
|
||||
extra_len += os_strlen(auth->devices_override);
|
||||
#endif /* CONFIG_TESTING_OPTIONS */
|
||||
|
||||
/* Connector (JSON dppCon object) */
|
||||
@ -3037,7 +3034,7 @@ dpp_build_conf_obj_dpp(struct dpp_authentication *auth, int ap,
|
||||
if (!dppcon)
|
||||
goto fail;
|
||||
#ifdef CONFIG_TESTING_OPTIONS
|
||||
if (auth->groups_override || auth->devices_override) {
|
||||
if (auth->groups_override) {
|
||||
wpabuf_put_u8(dppcon, '{');
|
||||
if (auth->groups_override) {
|
||||
wpa_printf(MSG_DEBUG,
|
||||
@ -3047,14 +3044,6 @@ dpp_build_conf_obj_dpp(struct dpp_authentication *auth, int ap,
|
||||
wpabuf_put_str(dppcon, auth->groups_override);
|
||||
wpabuf_put_u8(dppcon, ',');
|
||||
}
|
||||
if (auth->devices_override) {
|
||||
wpa_printf(MSG_DEBUG,
|
||||
"DPP: TESTING - devices override: '%s'",
|
||||
auth->devices_override);
|
||||
wpabuf_put_str(dppcon, "\"devices\":");
|
||||
wpabuf_put_str(dppcon, auth->devices_override);
|
||||
wpabuf_put_u8(dppcon, ',');
|
||||
}
|
||||
goto skip_groups;
|
||||
}
|
||||
#endif /* CONFIG_TESTING_OPTIONS */
|
||||
@ -3743,7 +3732,7 @@ static int dpp_parse_connector(struct dpp_authentication *auth,
|
||||
const unsigned char *payload,
|
||||
u16 payload_len)
|
||||
{
|
||||
struct json_token *root, *groups, *devices, *netkey, *token;
|
||||
struct json_token *root, *groups, *netkey, *token;
|
||||
int ret = -1;
|
||||
EVP_PKEY *key = NULL;
|
||||
const struct dpp_curve_params *curve;
|
||||
@ -3781,44 +3770,9 @@ static int dpp_parse_connector(struct dpp_authentication *auth,
|
||||
}
|
||||
skip_groups:
|
||||
|
||||
devices = json_get_member(root, "devices");
|
||||
if (!devices || devices->type != JSON_ARRAY) {
|
||||
wpa_printf(MSG_DEBUG, "DPP: No devices array found");
|
||||
goto skip_devices;
|
||||
}
|
||||
for (token = devices->child; token; token = token->sibling) {
|
||||
struct wpabuf *id;
|
||||
struct json_token *role;
|
||||
|
||||
id = json_get_member_base64url(token, "deviceId");
|
||||
if (!id) {
|
||||
wpa_printf(MSG_DEBUG,
|
||||
"DPP: Missing or invalid deviceId string");
|
||||
goto fail;
|
||||
}
|
||||
wpa_hexdump_buf(MSG_DEBUG, "DPP: deviceId", id);
|
||||
if (wpabuf_len(id) != SHA256_MAC_LEN) {
|
||||
wpa_printf(MSG_DEBUG,
|
||||
"DPP: Unexpected deviceId length");
|
||||
wpabuf_free(id);
|
||||
goto fail;
|
||||
}
|
||||
wpabuf_free(id);
|
||||
|
||||
role = json_get_member(token, "netRole");
|
||||
if (!role || role->type != JSON_STRING) {
|
||||
wpa_printf(MSG_DEBUG, "DPP: Missing netRole string");
|
||||
goto fail;
|
||||
}
|
||||
wpa_printf(MSG_DEBUG, "DPP: connector device netRole='%s'",
|
||||
role->string);
|
||||
rules++;
|
||||
}
|
||||
|
||||
skip_devices:
|
||||
if (!rules) {
|
||||
wpa_printf(MSG_DEBUG,
|
||||
"DPP: Connector includes no groups or devices");
|
||||
"DPP: Connector includes no groups");
|
||||
goto fail;
|
||||
}
|
||||
|
||||
@ -4552,102 +4506,6 @@ static int dpp_connector_match_groups(struct json_token *own_root,
|
||||
}
|
||||
|
||||
|
||||
static int dpp_connector_compatible_device(struct json_token *root,
|
||||
const char *device_id,
|
||||
const char *net_role)
|
||||
{
|
||||
struct json_token *groups, *token;
|
||||
|
||||
groups = json_get_member(root, "devices");
|
||||
if (!groups || groups->type != JSON_ARRAY)
|
||||
return 0;
|
||||
|
||||
for (token = groups->child; token; token = token->sibling) {
|
||||
struct json_token *id, *role;
|
||||
|
||||
id = json_get_member(token, "deviceId");
|
||||
if (!id || id->type != JSON_STRING)
|
||||
continue;
|
||||
|
||||
role = json_get_member(token, "netRole");
|
||||
if (!role || role->type != JSON_STRING)
|
||||
continue;
|
||||
|
||||
if (os_strcmp(id->string, device_id) != 0)
|
||||
continue;
|
||||
|
||||
if (dpp_compatible_netrole(role->string, net_role))
|
||||
return 1;
|
||||
}
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
|
||||
static int dpp_connector_match_devices(struct json_token *own_root,
|
||||
struct json_token *peer_root,
|
||||
const char *own_deviceid)
|
||||
{
|
||||
struct json_token *devices, *token;
|
||||
|
||||
devices = json_get_member(peer_root, "devices");
|
||||
if (!devices || devices->type != JSON_ARRAY) {
|
||||
wpa_printf(MSG_DEBUG, "DPP: No peer devices array found");
|
||||
return 0;
|
||||
}
|
||||
|
||||
for (token = devices->child; token; token = token->sibling) {
|
||||
struct json_token *id, *role;
|
||||
|
||||
id = json_get_member(token, "deviceId");
|
||||
if (!id || id->type != JSON_STRING) {
|
||||
wpa_printf(MSG_DEBUG,
|
||||
"DPP: Missing or invalid deviceId string");
|
||||
continue;
|
||||
}
|
||||
|
||||
role = json_get_member(token, "netRole");
|
||||
if (!role || role->type != JSON_STRING) {
|
||||
wpa_printf(MSG_DEBUG, "DPP: Missing netRole string");
|
||||
continue;
|
||||
}
|
||||
wpa_printf(MSG_DEBUG,
|
||||
"DPP: connector device deviceId='%s' netRole='%s'",
|
||||
id->string, role->string);
|
||||
if (os_strcmp(id->string, own_deviceid) != 0)
|
||||
continue;
|
||||
|
||||
wpa_printf(MSG_DEBUG,
|
||||
"DPP: Listed deviceId matches own deviceId");
|
||||
/* TODO: Is this next step required? */
|
||||
if (dpp_connector_compatible_device(own_root, id->string,
|
||||
role->string)) {
|
||||
wpa_printf(MSG_DEBUG,
|
||||
"DPP: Compatible device/netRole in own connector");
|
||||
return 1;
|
||||
}
|
||||
/* TODO: For now, accept this for interop testing purposes based
|
||||
* on a simple match of deviceId while ignoring netRole. Once
|
||||
* the spec is clearer on the expected behavior, either this
|
||||
* comment or the following return 1 statement needs to be
|
||||
* removed.
|
||||
*/
|
||||
return 1;
|
||||
}
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
|
||||
static int dpp_connector_match(struct json_token *own_root,
|
||||
struct json_token *peer_root,
|
||||
const char *own_deviceid)
|
||||
{
|
||||
return dpp_connector_match_groups(own_root, peer_root) ||
|
||||
dpp_connector_match_devices(own_root, peer_root, own_deviceid);
|
||||
}
|
||||
|
||||
|
||||
static int dpp_derive_pmk(const u8 *Nx, size_t Nx_len, u8 *pmk,
|
||||
unsigned int hash_len)
|
||||
{
|
||||
@ -4754,7 +4612,6 @@ int dpp_peer_intro(struct dpp_introduction *intro, const char *own_connector,
|
||||
int ret = -1;
|
||||
EVP_PKEY *own_key = NULL, *peer_key = NULL;
|
||||
struct wpabuf *own_key_pub = NULL;
|
||||
char *own_deviceid = NULL;
|
||||
const struct dpp_curve_params *curve, *own_curve;
|
||||
struct dpp_signed_connector_info info;
|
||||
const unsigned char *p;
|
||||
@ -4766,9 +4623,6 @@ int dpp_peer_intro(struct dpp_introduction *intro, const char *own_connector,
|
||||
EVP_PKEY_CTX *ctx = NULL;
|
||||
size_t Nx_len;
|
||||
u8 Nx[DPP_MAX_SHARED_SECRET_LEN];
|
||||
u8 hash[SHA256_MAC_LEN];
|
||||
const u8 *addr[1];
|
||||
size_t len[1];
|
||||
|
||||
os_memset(intro, 0, sizeof(*intro));
|
||||
os_memset(&info, 0, sizeof(info));
|
||||
@ -4789,27 +4643,6 @@ int dpp_peer_intro(struct dpp_introduction *intro, const char *own_connector,
|
||||
wpa_printf(MSG_ERROR, "DPP: Failed to parse own netAccessKey");
|
||||
goto fail;
|
||||
}
|
||||
/* deviceId = SHA256(ANSI X9.63 uncompressed netAccessKey) */
|
||||
own_key_pub = dpp_get_pubkey_point(own_key, 1);
|
||||
if (!own_key_pub)
|
||||
goto fail;
|
||||
wpa_hexdump_buf(MSG_DEBUG,
|
||||
"DPP: ANSI X9.63 uncompressed public key of own netAccessKey",
|
||||
own_key_pub);
|
||||
addr[0] = wpabuf_head(own_key_pub);
|
||||
len[0] = wpabuf_len(own_key_pub);
|
||||
if (sha256_vector(1, addr, len, hash) < 0)
|
||||
goto fail;
|
||||
wpa_hexdump(MSG_DEBUG,
|
||||
"DPP: SHA256 hash of ANSI X9.63 uncompressed form",
|
||||
hash, SHA256_MAC_LEN);
|
||||
|
||||
own_deviceid = (char *) base64_url_encode(hash, sizeof(hash), NULL, 0);
|
||||
if (!own_deviceid)
|
||||
goto fail;
|
||||
wpa_printf(MSG_DEBUG,
|
||||
"DPP: Own deviceId (base64url encoded hash value): %s",
|
||||
own_deviceid);
|
||||
|
||||
pos = os_strchr(own_connector, '.');
|
||||
if (!pos) {
|
||||
@ -4853,9 +4686,9 @@ int dpp_peer_intro(struct dpp_introduction *intro, const char *own_connector,
|
||||
goto fail;
|
||||
}
|
||||
|
||||
if (!dpp_connector_match(own_root, root, own_deviceid)) {
|
||||
if (!dpp_connector_match_groups(own_root, root)) {
|
||||
wpa_printf(MSG_DEBUG,
|
||||
"DPP: Peer connector does not include compatible group/device netrole with own connector");
|
||||
"DPP: Peer connector does not include compatible group netrole with own connector");
|
||||
goto fail;
|
||||
}
|
||||
|
||||
@ -4937,7 +4770,6 @@ fail:
|
||||
os_free(info.payload);
|
||||
EVP_PKEY_free(own_key);
|
||||
wpabuf_free(own_key_pub);
|
||||
os_free(own_deviceid);
|
||||
EVP_PKEY_free(peer_key);
|
||||
EVP_PKEY_free(csign);
|
||||
json_free(root);
|
||||
|
@ -128,7 +128,7 @@ struct dpp_configuration {
|
||||
/* For DPP configuration (connector) */
|
||||
os_time_t netaccesskey_expiry;
|
||||
|
||||
/* TODO: groups, devices */
|
||||
/* TODO: groups */
|
||||
|
||||
/* For legacy configuration */
|
||||
char *passphrase;
|
||||
@ -183,7 +183,6 @@ struct dpp_authentication {
|
||||
char *config_obj_override;
|
||||
char *discovery_override;
|
||||
char *groups_override;
|
||||
char *devices_override;
|
||||
unsigned int ignore_netaccesskey_mismatch:1;
|
||||
#endif /* CONFIG_TESTING_OPTIONS */
|
||||
};
|
||||
|
@ -646,9 +646,6 @@ static int wpa_supplicant_ctrl_iface_set(struct wpa_supplicant *wpa_s,
|
||||
} else if (os_strcasecmp(cmd, "dpp_groups_override") == 0) {
|
||||
os_free(wpa_s->dpp_groups_override);
|
||||
wpa_s->dpp_groups_override = os_strdup(value);
|
||||
} else if (os_strcasecmp(cmd, "dpp_devices_override") == 0) {
|
||||
os_free(wpa_s->dpp_devices_override);
|
||||
wpa_s->dpp_devices_override = os_strdup(value);
|
||||
} else if (os_strcasecmp(cmd,
|
||||
"dpp_ignore_netaccesskey_mismatch") == 0) {
|
||||
wpa_s->dpp_ignore_netaccesskey_mismatch = atoi(value);
|
||||
|
@ -366,9 +366,6 @@ static void wpas_dpp_set_testing_options(struct wpa_supplicant *wpa_s,
|
||||
if (wpa_s->dpp_groups_override)
|
||||
auth->groups_override =
|
||||
os_strdup(wpa_s->dpp_groups_override);
|
||||
if (wpa_s->dpp_devices_override)
|
||||
auth->devices_override =
|
||||
os_strdup(wpa_s->dpp_devices_override);
|
||||
auth->ignore_netaccesskey_mismatch =
|
||||
wpa_s->dpp_ignore_netaccesskey_mismatch;
|
||||
#endif /* CONFIG_TESTING_OPTIONS */
|
||||
@ -2039,8 +2036,6 @@ void wpas_dpp_deinit(struct wpa_supplicant *wpa_s)
|
||||
wpa_s->dpp_discovery_override = NULL;
|
||||
os_free(wpa_s->dpp_groups_override);
|
||||
wpa_s->dpp_groups_override = NULL;
|
||||
os_free(wpa_s->dpp_devices_override);
|
||||
wpa_s->dpp_devices_override = NULL;
|
||||
wpa_s->dpp_ignore_netaccesskey_mismatch = 0;
|
||||
#endif /* CONFIG_TESTING_OPTIONS */
|
||||
if (!wpa_s->dpp_init_done)
|
||||
|
@ -1193,7 +1193,6 @@ struct wpa_supplicant {
|
||||
char *dpp_config_obj_override;
|
||||
char *dpp_discovery_override;
|
||||
char *dpp_groups_override;
|
||||
char *dpp_devices_override;
|
||||
unsigned int dpp_ignore_netaccesskey_mismatch:1;
|
||||
#endif /* CONFIG_TESTING_OPTIONS */
|
||||
#endif /* CONFIG_DPP */
|
||||
|
Loading…
Reference in New Issue
Block a user