mirror of
https://github.com/vanhoefm/fragattacks.git
synced 2024-11-28 18:28:23 -05:00
WPS: Fetch only the carrier record from wpa_supplicant for NFC
Since there could be multiple carrier records, it is cleaner to build only the WPS carrier record instead of full NFC connection handover request within wpa_supplicant. Signed-hostap: Jouni Malinen <j@w1.fi>
This commit is contained in:
parent
51e985dd84
commit
bbaaaee171
@ -170,10 +170,30 @@ struct wpabuf * ndef_build_wifi(const struct wpabuf *buf)
|
||||
}
|
||||
|
||||
|
||||
struct wpabuf * ndef_build_wifi_hc(int begin)
|
||||
{
|
||||
struct wpabuf *hc, *carrier;
|
||||
|
||||
carrier = wpabuf_alloc(2 + os_strlen(wifi_handover_type));
|
||||
if (carrier == NULL)
|
||||
return NULL;
|
||||
wpabuf_put_u8(carrier, 0x02); /* Carrier Type Format */
|
||||
wpabuf_put_u8(carrier, os_strlen(wifi_handover_type));
|
||||
wpabuf_put_str(carrier, wifi_handover_type);
|
||||
|
||||
hc = ndef_build_record((begin ? FLAG_MESSAGE_BEGIN : 0) |
|
||||
FLAG_MESSAGE_END | FLAG_TNF_NFC_FORUM, "Hc", 2,
|
||||
"0", 1, carrier);
|
||||
wpabuf_free(carrier);
|
||||
|
||||
return hc;
|
||||
}
|
||||
|
||||
|
||||
struct wpabuf * ndef_build_wifi_hr(void)
|
||||
{
|
||||
struct wpabuf *rn, *cr, *ac_payload, *ac, *hr_payload, *hr;
|
||||
struct wpabuf *carrier, *hc;
|
||||
struct wpabuf *hc;
|
||||
|
||||
rn = wpabuf_alloc(2);
|
||||
if (rn == NULL)
|
||||
@ -224,18 +244,7 @@ struct wpabuf * ndef_build_wifi_hr(void)
|
||||
if (hr == NULL)
|
||||
return NULL;
|
||||
|
||||
carrier = wpabuf_alloc(2 + os_strlen(wifi_handover_type));
|
||||
if (carrier == NULL) {
|
||||
wpabuf_free(hr);
|
||||
return NULL;
|
||||
}
|
||||
wpabuf_put_u8(carrier, 0x02); /* Carrier Type Format */
|
||||
wpabuf_put_u8(carrier, os_strlen(wifi_handover_type));
|
||||
wpabuf_put_str(carrier, wifi_handover_type);
|
||||
|
||||
hc = ndef_build_record(FLAG_MESSAGE_END | FLAG_TNF_NFC_FORUM, "Hc", 2,
|
||||
"0", 1, carrier);
|
||||
wpabuf_free(carrier);
|
||||
hc = ndef_build_wifi_hc(0);
|
||||
if (hc == NULL) {
|
||||
wpabuf_free(hr);
|
||||
return NULL;
|
||||
|
@ -817,6 +817,7 @@ struct wpabuf * wps_nfc_token_gen(int ndef, int *id, struct wpabuf **pubkey,
|
||||
/* ndef.c */
|
||||
struct wpabuf * ndef_parse_wifi(const struct wpabuf *buf);
|
||||
struct wpabuf * ndef_build_wifi(const struct wpabuf *buf);
|
||||
struct wpabuf * ndef_build_wifi_hc(int begin);
|
||||
struct wpabuf * ndef_build_wifi_hr(void);
|
||||
|
||||
#ifdef CONFIG_WPS_STRICT
|
||||
|
@ -835,12 +835,13 @@ static int wpa_supplicant_ctrl_iface_wps_nfc_tag_read(
|
||||
|
||||
|
||||
static int wpas_ctrl_nfc_get_handover_req_wps(struct wpa_supplicant *wpa_s,
|
||||
char *reply, size_t max_len)
|
||||
char *reply, size_t max_len,
|
||||
int cr)
|
||||
{
|
||||
struct wpabuf *buf;
|
||||
int res;
|
||||
|
||||
buf = wpas_wps_nfc_handover_req(wpa_s);
|
||||
buf = wpas_wps_nfc_handover_req(wpa_s, cr);
|
||||
if (buf == NULL)
|
||||
return -1;
|
||||
|
||||
@ -869,9 +870,9 @@ static int wpas_ctrl_nfc_get_handover_req(struct wpa_supplicant *wpa_s,
|
||||
if (os_strcmp(cmd, "NDEF") != 0)
|
||||
return -1;
|
||||
|
||||
if (os_strcmp(pos, "WPS") == 0) {
|
||||
return wpas_ctrl_nfc_get_handover_req_wps(wpa_s, reply,
|
||||
max_len);
|
||||
if (os_strcmp(pos, "WPS") == 0 || os_strcmp(pos, "WPS-CR") == 0) {
|
||||
return wpas_ctrl_nfc_get_handover_req_wps(
|
||||
wpa_s, reply, max_len, os_strcmp(pos, "WPS-CR") == 0);
|
||||
}
|
||||
|
||||
return -1;
|
||||
|
@ -9,6 +9,8 @@
|
||||
import os
|
||||
import sys
|
||||
import time
|
||||
import random
|
||||
import StringIO
|
||||
|
||||
import nfc
|
||||
import nfc.ndef
|
||||
@ -56,7 +58,7 @@ def wpas_get_handover_req():
|
||||
wpas = wpas_connect()
|
||||
if (wpas == None):
|
||||
return None
|
||||
return wpas.request("NFC_GET_HANDOVER_REQ NDEF WPS").rstrip().decode("hex")
|
||||
return wpas.request("NFC_GET_HANDOVER_REQ NDEF WPS-CR").rstrip().decode("hex")
|
||||
|
||||
|
||||
def wpas_put_handover_sel(message):
|
||||
@ -71,11 +73,21 @@ def wps_handover_init(peer):
|
||||
|
||||
data = wpas_get_handover_req()
|
||||
if (data == None):
|
||||
print "Could not get handover request message from wpa_supplicant"
|
||||
print "Could not get handover request carrier record from wpa_supplicant"
|
||||
return
|
||||
print "Handover request from wpa_supplicant: " + data.encode("hex")
|
||||
message = nfc.ndef.Message(data)
|
||||
print "Parsed handover request:"
|
||||
print "Handover request carrier record from wpa_supplicant: " + data.encode("hex")
|
||||
record = nfc.ndef.Record()
|
||||
f = StringIO.StringIO(data)
|
||||
record._read(f)
|
||||
record = nfc.ndef.HandoverCarrierRecord(record)
|
||||
print "Parsed handover request carrier record:"
|
||||
print record.pretty()
|
||||
|
||||
message = nfc.ndef.HandoverRequestMessage(version="1.2")
|
||||
message.nonce = random.randint(0, 0xffff)
|
||||
message.add_carrier(record, "active")
|
||||
|
||||
print "Handover request:"
|
||||
print message.pretty()
|
||||
|
||||
nfc.llcp.activate(peer);
|
||||
|
@ -1977,8 +1977,10 @@ int wpas_wps_nfc_tag_read(struct wpa_supplicant *wpa_s,
|
||||
}
|
||||
|
||||
|
||||
struct wpabuf * wpas_wps_nfc_handover_req(struct wpa_supplicant *wpa_s)
|
||||
struct wpabuf * wpas_wps_nfc_handover_req(struct wpa_supplicant *wpa_s, int cr)
|
||||
{
|
||||
if (cr)
|
||||
return ndef_build_wifi_hc(1);
|
||||
return ndef_build_wifi_hr();
|
||||
}
|
||||
|
||||
|
@ -66,7 +66,7 @@ struct wpabuf * wpas_wps_nfc_token(struct wpa_supplicant *wpa_s, int ndef);
|
||||
int wpas_wps_start_nfc(struct wpa_supplicant *wpa_s, const u8 *bssid);
|
||||
int wpas_wps_nfc_tag_read(struct wpa_supplicant *wpa_s,
|
||||
const struct wpabuf *data);
|
||||
struct wpabuf * wpas_wps_nfc_handover_req(struct wpa_supplicant *wpa_s);
|
||||
struct wpabuf * wpas_wps_nfc_handover_req(struct wpa_supplicant *wpa_s, int cr);
|
||||
struct wpabuf * wpas_wps_nfc_handover_sel(struct wpa_supplicant *wpa_s);
|
||||
int wpas_wps_nfc_rx_handover_req(struct wpa_supplicant *wpa_s,
|
||||
const struct wpabuf *data);
|
||||
|
Loading…
Reference in New Issue
Block a user