jeltz/hostap
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity
hostap/src/common/dpp.c

7361 lines
199 KiB
C
Raw Normal View History

DPP: Bootstrap information management Add wpa_supplicant control interface commands for parsing the bootstrap info URI from a QR Code (get peer public key) and to generate a new bootstrap info with private key for local use. The optional key=<hexdump> argument to the DPP_BOOTSTRAP_GEN command can be used to specify the bootstrapping private key in OpenSSL ECPrivateKey DER encoding format. This results in the local bootstrapping information entry being created with the specified key instead of generating a new random one. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-06-15 20:18:10 +02:00
/*
* DPP functionality shared between hostapd and wpa_supplicant
* Copyright (c) 2017, Qualcomm Atheros, Inc.
*
* This software may be distributed under the terms of the BSD license.
* See README for more details.
*/
#include "utils/includes.h"
DPP: Configuration exchange This adds support for DPP Configuration Protocol using GAS. Full generation and processing of the configuration object is not included in this commit. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-06-15 20:18:15 +02:00
#include <openssl/opensslv.h>
DPP: Bootstrap information management Add wpa_supplicant control interface commands for parsing the bootstrap info URI from a QR Code (get peer public key) and to generate a new bootstrap info with private key for local use. The optional key=<hexdump> argument to the DPP_BOOTSTRAP_GEN command can be used to specify the bootstrapping private key in OpenSSL ECPrivateKey DER encoding format. This results in the local bootstrapping information entry being created with the specified key instead of generating a new random one. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-06-15 20:18:10 +02:00
#include <openssl/err.h>
DPP: Build bootstrapping key DER encoding using custom routine While the OpenSSL version of i2d_EC_PUBKEY() seemed to be able to use the POINT_CONVERSION_COMPRESSED setting on the EC key, that did not seem to work with BoringSSL. Since this is not exactly robust design, replace use of i2d_EC_PUBKEY() with a custom routine that enforces the DPP rules on SubjectPublicKeyInfo (compressed format of the public key, ecPublicKey OID, parameters present and indicating the curve by OID). Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-18 11:19:43 +01:00
#include <openssl/asn1.h>
#include <openssl/asn1t.h>
DPP: Bootstrap information management Add wpa_supplicant control interface commands for parsing the bootstrap info URI from a QR Code (get peer public key) and to generate a new bootstrap info with private key for local use. The optional key=<hexdump> argument to the DPP_BOOTSTRAP_GEN command can be used to specify the bootstrapping private key in OpenSSL ECPrivateKey DER encoding format. This results in the local bootstrapping information entry being created with the specified key instead of generating a new random one. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-06-15 20:18:10 +02:00
#include "utils/common.h"
#include "utils/base64.h"
DPP: Configuration exchange This adds support for DPP Configuration Protocol using GAS. Full generation and processing of the configuration object is not included in this commit. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-06-15 20:18:15 +02:00
#include "utils/json.h"
DPP: Bootstrap information management Add wpa_supplicant control interface commands for parsing the bootstrap info URI from a QR Code (get peer public key) and to generate a new bootstrap info with private key for local use. The optional key=<hexdump> argument to the DPP_BOOTSTRAP_GEN command can be used to specify the bootstrapping private key in OpenSSL ECPrivateKey DER encoding format. This results in the local bootstrapping information entry being created with the specified key instead of generating a new random one. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-06-15 20:18:10 +02:00
#include "common/ieee802_11_common.h"
DPP: Authentication exchange Add wpa_supplicant control interface commands for managing DPP Authentication exchange. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-06-15 20:18:12 +02:00
#include "common/ieee802_11_defs.h"
#include "common/wpa_ctrl.h"
DPP: Bootstrap information management Add wpa_supplicant control interface commands for parsing the bootstrap info URI from a QR Code (get peer public key) and to generate a new bootstrap info with private key for local use. The optional key=<hexdump> argument to the DPP_BOOTSTRAP_GEN command can be used to specify the bootstrapping private key in OpenSSL ECPrivateKey DER encoding format. This results in the local bootstrapping information entry being created with the specified key instead of generating a new random one. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-06-15 20:18:10 +02:00
#include "crypto/crypto.h"
DPP: Authentication exchange Add wpa_supplicant control interface commands for managing DPP Authentication exchange. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-06-15 20:18:12 +02:00
#include "crypto/random.h"
#include "crypto/aes.h"
#include "crypto/aes_siv.h"
#include "crypto/sha384.h"
#include "crypto/sha512.h"
DPP: Support multiple channels for initiating DPP Authentication This extends wpa_supplicant to iterate over all available channels from the intersection of what the peer indicates and the local device supports when initiating DPP Authentication. In addition, retry DPP Authentication Request frame up to five times if no response is received. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-12 11:17:54 +01:00
#include "drivers/driver.h"
DPP: Bootstrap information management Add wpa_supplicant control interface commands for parsing the bootstrap info URI from a QR Code (get peer public key) and to generate a new bootstrap info with private key for local use. The optional key=<hexdump> argument to the DPP_BOOTSTRAP_GEN command can be used to specify the bootstrapping private key in OpenSSL ECPrivateKey DER encoding format. This results in the local bootstrapping information entry being created with the specified key instead of generating a new random one. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-06-15 20:18:10 +02:00
#include "dpp.h"
DPP: Protocol testing framework Add a generic mechanism for configuring the DPP implementation to behave in particular different (mostly incorrect) ways for protocol testing purposes. The new dpp_test parameter can be set to a non-zero integer to indicate a specific behavior. This is only available in CONFIG_TESTING_OPTIONS=y builds. This commit include cases for an extra attribute being added after the Wrapped Data attribute and Initiator/Responder capabilities having an unexpected zero capability. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-10-22 10:15:21 +02:00
#ifdef CONFIG_TESTING_OPTIONS
enum dpp_test_behavior dpp_test = DPP_TEST_DISABLED;
DPP: Protocol testing capability to generate invalid Protocol Key This extends dpp_test to allow invalid Initiator/Responder Protocol Key to be written into the Authentication Request/Response frame. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-18 23:11:44 +01:00
static int dpp_test_gen_invalid_key(struct wpabuf *msg,
const struct dpp_curve_params *curve);
DPP: Protocol testing framework Add a generic mechanism for configuring the DPP implementation to behave in particular different (mostly incorrect) ways for protocol testing purposes. The new dpp_test parameter can be set to a non-zero integer to indicate a specific behavior. This is only available in CONFIG_TESTING_OPTIONS=y builds. This commit include cases for an extra attribute being added after the Wrapped Data attribute and Initiator/Responder capabilities having an unexpected zero capability. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-10-22 10:15:21 +02:00
#endif /* CONFIG_TESTING_OPTIONS */
BoringSSL: Add DPP special cases regardless of claimed version number It looks like BoringSSL claims to have OPENSSL_VERSION_NUMBER for a 1.1.0 version, but it does not provide ECDSA_SIG_set0() or ECDSA_SIG_get0(). For now, add the helper functions regardless of the version BoringSSL claims to be. Similarly, include the X509_ALGOR_get0() workaround unconditionally for BoringSSL. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-17 19:44:42 +01:00
#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(OPENSSL_IS_BORINGSSL)
DPP: Configuration exchange This adds support for DPP Configuration Protocol using GAS. Full generation and processing of the configuration object is not included in this commit. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-06-15 20:18:15 +02:00
/* Compatibility wrappers for older versions. */
static int ECDSA_SIG_set0(ECDSA_SIG *sig, BIGNUM *r, BIGNUM *s)
{
sig->r = r;
sig->s = s;
return 1;
}
static void ECDSA_SIG_get0(const ECDSA_SIG *sig, const BIGNUM **pr,
const BIGNUM **ps)
{
if (pr)
*pr = sig->r;
if (ps)
*ps = sig->s;
}
#endif
DPP: Bootstrap information management Add wpa_supplicant control interface commands for parsing the bootstrap info URI from a QR Code (get peer public key) and to generate a new bootstrap info with private key for local use. The optional key=<hexdump> argument to the DPP_BOOTSTRAP_GEN command can be used to specify the bootstrapping private key in OpenSSL ECPrivateKey DER encoding format. This results in the local bootstrapping information entry being created with the specified key instead of generating a new random one. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-06-15 20:18:10 +02:00
static const struct dpp_curve_params dpp_curves[] = {
/* The mandatory to support and the default NIST P-256 curve needs to
* be the first entry on this list. */
DPP: Update JWS algorithm strings for Brainpool curves Instead of trying to share the existing definitions for NIST curves, start using unique strings for Brainpool curves. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-07-02 11:36:31 +02:00
{ "prime256v1", 32, 32, 16, 32, "P-256", 19, "ES256" },
{ "secp384r1", 48, 48, 24, 48, "P-384", 20, "ES384" },
{ "secp521r1", 64, 64, 32, 66, "P-521", 21, "ES512" },
{ "brainpoolP256r1", 32, 32, 16, 32, "BP-256", 28, "BS256" },
{ "brainpoolP384r1", 48, 48, 24, 48, "BP-384", 29, "BS384" },
{ "brainpoolP512r1", 64, 64, 32, 64, "BP-512", 30, "BS512" },
{ NULL, 0, 0, 0, 0, NULL, 0, NULL }
DPP: PKEX bootstrapping This implements genric PKEX functionality in src/common/dpp.c and glue code to use this in wpa_supplicant (i.e, hostapd DPP implementation does not yet support PKEX). Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-07-02 11:36:23 +02:00
};
/* Role-specific elements for PKEX */
/* NIST P-256 */
static const u8 pkex_init_x_p256[32] = {
0x56, 0x26, 0x12, 0xcf, 0x36, 0x48, 0xfe, 0x0b,
0x07, 0x04, 0xbb, 0x12, 0x22, 0x50, 0xb2, 0x54,
0xb1, 0x94, 0x64, 0x7e, 0x54, 0xce, 0x08, 0x07,
0x2e, 0xec, 0xca, 0x74, 0x5b, 0x61, 0x2d, 0x25
};
static const u8 pkex_init_y_p256[32] = {
0x3e, 0x44, 0xc7, 0xc9, 0x8c, 0x1c, 0xa1, 0x0b,
0x20, 0x09, 0x93, 0xb2, 0xfd, 0xe5, 0x69, 0xdc,
0x75, 0xbc, 0xad, 0x33, 0xc1, 0xe7, 0xc6, 0x45,
0x4d, 0x10, 0x1e, 0x6a, 0x3d, 0x84, 0x3c, 0xa4
};
static const u8 pkex_resp_x_p256[32] = {
0x1e, 0xa4, 0x8a, 0xb1, 0xa4, 0xe8, 0x42, 0x39,
0xad, 0x73, 0x07, 0xf2, 0x34, 0xdf, 0x57, 0x4f,
0xc0, 0x9d, 0x54, 0xbe, 0x36, 0x1b, 0x31, 0x0f,
0x59, 0x91, 0x52, 0x33, 0xac, 0x19, 0x9d, 0x76
};
static const u8 pkex_resp_y_p256[32] = {
0x26, 0x04, 0x09, 0x45, 0x0a, 0x05, 0x20, 0xe7,
0xa7, 0x27, 0xc1, 0x36, 0x76, 0x85, 0xca, 0x3e,
0x42, 0x16, 0xf4, 0x89, 0x85, 0x34, 0x6e, 0xd5,
0x17, 0xde, 0xc0, 0xb8, 0xad, 0xfd, 0xb2, 0x98
};
/* NIST P-384 */
static const u8 pkex_init_x_p384[48] = {
0x95, 0x3f, 0x42, 0x9e, 0x50, 0x7f, 0xf9, 0xaa,
0xac, 0x1a, 0xf2, 0x85, 0x2e, 0x64, 0x91, 0x68,
0x64, 0xc4, 0x3c, 0xb7, 0x5c, 0xf8, 0xc9, 0x53,
0x6e, 0x58, 0x4c, 0x7f, 0xc4, 0x64, 0x61, 0xac,
0x51, 0x8a, 0x6f, 0xfe, 0xab, 0x74, 0xe6, 0x12,
0x81, 0xac, 0x38, 0x5d, 0x41, 0xe6, 0xb9, 0xa3
};
static const u8 pkex_init_y_p384[48] = {
0x89, 0xd0, 0x97, 0x7b, 0x59, 0x4f, 0xa6, 0xd6,
0x7c, 0x5d, 0x93, 0x5b, 0x93, 0xc4, 0x07, 0xa9,
0x89, 0xee, 0xd5, 0xcd, 0x6f, 0x42, 0xf8, 0x38,
0xc8, 0xc6, 0x62, 0x24, 0x69, 0x0c, 0xd4, 0x48,
0xd8, 0x44, 0xd6, 0xc2, 0xe8, 0xcc, 0x62, 0x6b,
0x3c, 0x25, 0x53, 0xba, 0x4f, 0x71, 0xf8, 0xe7
};
static const u8 pkex_resp_x_p384[48] = {
0xad, 0xbe, 0xd7, 0x1d, 0x3a, 0x71, 0x64, 0x98,
0x5f, 0xb4, 0xd6, 0x4b, 0x50, 0xd0, 0x84, 0x97,
0x4b, 0x7e, 0x57, 0x70, 0xd2, 0xd9, 0xf4, 0x92,
0x2a, 0x3f, 0xce, 0x99, 0xc5, 0x77, 0x33, 0x44,
0x14, 0x56, 0x92, 0xcb, 0xae, 0x46, 0x64, 0xdf,
0xe0, 0xbb, 0xd7, 0xb1, 0x29, 0x20, 0x72, 0xdf
};
static const u8 pkex_resp_y_p384[48] = {
0x54, 0x58, 0x20, 0xad, 0x55, 0x1d, 0xca, 0xf3,
0x1c, 0x8a, 0xcd, 0x19, 0x40, 0xf9, 0x37, 0x83,
0xc7, 0xd6, 0xb3, 0x13, 0x7d, 0x53, 0x28, 0x5c,
0xf6, 0x2d, 0xf1, 0xdd, 0xa5, 0x8b, 0xad, 0x5d,
0x81, 0xab, 0xb1, 0x00, 0x39, 0xd6, 0xcc, 0x9c,
0xea, 0x1e, 0x84, 0x1d, 0xbf, 0xe3, 0x35, 0xf9
};
/* NIST P-521 */
static const u8 pkex_init_x_p521[66] = {
0x00, 0x16, 0x20, 0x45, 0x19, 0x50, 0x95, 0x23,
0x0d, 0x24, 0xbe, 0x00, 0x87, 0xdc, 0xfa, 0xf0,
0x58, 0x9a, 0x01, 0x60, 0x07, 0x7a, 0xca, 0x76,
0x01, 0xab, 0x2d, 0x5a, 0x46, 0xcd, 0x2c, 0xb5,
0x11, 0x9a, 0xff, 0xaa, 0x48, 0x04, 0x91, 0x38,
0xcf, 0x86, 0xfc, 0xa4, 0xa5, 0x0f, 0x47, 0x01,
0x80, 0x1b, 0x30, 0xa3, 0xae, 0xe8, 0x1c, 0x2e,
0xea, 0xcc, 0xf0, 0x03, 0x9f, 0x77, 0x4c, 0x8d,
0x97, 0x76
};
static const u8 pkex_init_y_p521[66] = {
0x01, 0x4c, 0x71, 0xfd, 0x1b, 0xd5, 0x9c, 0xa6,
0xed, 0x39, 0xef, 0x45, 0xc5, 0x06, 0xfd, 0x66,
0xc0, 0xeb, 0x0f, 0xbf, 0x21, 0xa3, 0x36, 0x74,
0xfd, 0xaa, 0x05, 0x6e, 0x4e, 0x33, 0x95, 0x42,
0x1a, 0x9d, 0x3f, 0x3a, 0x1c, 0x5e, 0xa8, 0x60,
0xf7, 0xe5, 0x59, 0x1d, 0x07, 0xaa, 0x6f, 0x40,
0x0a, 0x59, 0x3c, 0x27, 0xad, 0xe0, 0x48, 0xfd,
0xd1, 0x83, 0x37, 0x4c, 0xdf, 0xe1, 0x86, 0x72,
0xfc, 0x57
};
static const u8 pkex_resp_x_p521[66] = {
0x00, 0x79, 0xe4, 0x4d, 0x6b, 0x5e, 0x12, 0x0a,
0x18, 0x2c, 0xb3, 0x05, 0x77, 0x0f, 0xc3, 0x44,
0x1a, 0xcd, 0x78, 0x46, 0x14, 0xee, 0x46, 0x3f,
0xab, 0xc9, 0x59, 0x7c, 0x85, 0xa0, 0xc2, 0xfb,
0x02, 0x32, 0x99, 0xde, 0x5d, 0xe1, 0x0d, 0x48,
0x2d, 0x71, 0x7d, 0x8d, 0x3f, 0x61, 0x67, 0x9e,
0x2b, 0x8b, 0x12, 0xde, 0x10, 0x21, 0x55, 0x0a,
0x5b, 0x2d, 0xe8, 0x05, 0x09, 0xf6, 0x20, 0x97,
0x84, 0xb4
};
static const u8 pkex_resp_y_p521[66] = {
0x01, 0xb9, 0x9c, 0xc6, 0x41, 0x32, 0x5b, 0xd2,
0x35, 0xd8, 0x8b, 0x2b, 0xe4, 0x6e, 0xcc, 0xdf,
0x7c, 0x38, 0xc4, 0x5b, 0xf6, 0x74, 0x71, 0x5c,
0x77, 0x16, 0x8a, 0x80, 0xa9, 0x84, 0xc7, 0x7b,
0x9d, 0xfd, 0x83, 0x6f, 0xae, 0xf8, 0x24, 0x16,
0x2f, 0x21, 0x25, 0x65, 0xa2, 0x1a, 0x6b, 0x2d,
0x30, 0x62, 0xb3, 0xcc, 0x6e, 0x59, 0x3c, 0x7f,
0x58, 0x91, 0x81, 0x72, 0x07, 0x8c, 0x91, 0xac,
0x31, 0x1e
};
/* Brainpool P-256r1 */
static const u8 pkex_init_x_bp_p256r1[32] = {
0x46, 0x98, 0x18, 0x6c, 0x27, 0xcd, 0x4b, 0x10,
0x7d, 0x55, 0xa3, 0xdd, 0x89, 0x1f, 0x9f, 0xca,
0xc7, 0x42, 0x5b, 0x8a, 0x23, 0xed, 0xf8, 0x75,
0xac, 0xc7, 0xe9, 0x8d, 0xc2, 0x6f, 0xec, 0xd8
};
static const u8 pkex_init_y_bp_p256r1[32] = {
0x16, 0x30, 0x68, 0x32, 0x3b, 0xb0, 0x21, 0xee,
0xeb, 0xf7, 0xb6, 0x7c, 0xae, 0x52, 0x26, 0x42,
0x59, 0x28, 0x58, 0xb6, 0x14, 0x90, 0xed, 0x69,
0xd0, 0x67, 0xea, 0x25, 0x60, 0x0f, 0xa9, 0x6c
};
static const u8 pkex_resp_x_bp_p256r1[32] = {
0x90, 0x18, 0x84, 0xc9, 0xdc, 0xcc, 0xb5, 0x2f,
0x4a, 0x3f, 0x4f, 0x18, 0x0a, 0x22, 0x56, 0x6a,
0xa9, 0xef, 0xd4, 0xe6, 0xc3, 0x53, 0xc2, 0x1a,
0x23, 0x54, 0xdd, 0x08, 0x7e, 0x10, 0xd8, 0xe3
};
static const u8 pkex_resp_y_bp_p256r1[32] = {
0x2a, 0xfa, 0x98, 0x9b, 0xe3, 0xda, 0x30, 0xfd,
0x32, 0x28, 0xcb, 0x66, 0xfb, 0x40, 0x7f, 0xf2,
0xb2, 0x25, 0x80, 0x82, 0x44, 0x85, 0x13, 0x7e,
0x4b, 0xb5, 0x06, 0xc0, 0x03, 0x69, 0x23, 0x64
};
/* Brainpool P-384r1 */
static const u8 pkex_init_x_bp_p384r1[48] = {
0x0a, 0x2c, 0xeb, 0x49, 0x5e, 0xb7, 0x23, 0xbd,
0x20, 0x5b, 0xe0, 0x49, 0xdf, 0xcf, 0xcf, 0x19,
0x37, 0x36, 0xe1, 0x2f, 0x59, 0xdb, 0x07, 0x06,
0xb5, 0xeb, 0x2d, 0xae, 0xc2, 0xb2, 0x38, 0x62,
0xa6, 0x73, 0x09, 0xa0, 0x6c, 0x0a, 0xa2, 0x30,
0x99, 0xeb, 0xf7, 0x1e, 0x47, 0xb9, 0x5e, 0xbe
};
static const u8 pkex_init_y_bp_p384r1[48] = {
0x54, 0x76, 0x61, 0x65, 0x75, 0x5a, 0x2f, 0x99,
0x39, 0x73, 0xca, 0x6c, 0xf9, 0xf7, 0x12, 0x86,
0x54, 0xd5, 0xd4, 0xad, 0x45, 0x7b, 0xbf, 0x32,
0xee, 0x62, 0x8b, 0x9f, 0x52, 0xe8, 0xa0, 0xc9,
0xb7, 0x9d, 0xd1, 0x09, 0xb4, 0x79, 0x1c, 0x3e,
0x1a, 0xbf, 0x21, 0x45, 0x66, 0x6b, 0x02, 0x52
};
static const u8 pkex_resp_x_bp_p384r1[48] = {
0x03, 0xa2, 0x57, 0xef, 0xe8, 0x51, 0x21, 0xa0,
0xc8, 0x9e, 0x21, 0x02, 0xb5, 0x9a, 0x36, 0x25,
0x74, 0x22, 0xd1, 0xf2, 0x1b, 0xa8, 0x9a, 0x9b,
0x97, 0xbc, 0x5a, 0xeb, 0x26, 0x15, 0x09, 0x71,
0x77, 0x59, 0xec, 0x8b, 0xb7, 0xe1, 0xe8, 0xce,
0x65, 0xb8, 0xaf, 0xf8, 0x80, 0xae, 0x74, 0x6c
};
static const u8 pkex_resp_y_bp_p384r1[48] = {
0x2f, 0xd9, 0x6a, 0xc7, 0x3e, 0xec, 0x76, 0x65,
0x2d, 0x38, 0x7f, 0xec, 0x63, 0x26, 0x3f, 0x04,
0xd8, 0x4e, 0xff, 0xe1, 0x0a, 0x51, 0x74, 0x70,
0xe5, 0x46, 0x63, 0x7f, 0x5c, 0xc0, 0xd1, 0x7c,
0xfb, 0x2f, 0xea, 0xe2, 0xd8, 0x0f, 0x84, 0xcb,
0xe9, 0x39, 0x5c, 0x64, 0xfe, 0xcb, 0x2f, 0xf1
};
/* Brainpool P-512r1 */
static const u8 pkex_init_x_bp_p512r1[64] = {
0x4c, 0xe9, 0xb6, 0x1c, 0xe2, 0x00, 0x3c, 0x9c,
0xa9, 0xc8, 0x56, 0x52, 0xaf, 0x87, 0x3e, 0x51,
0x9c, 0xbb, 0x15, 0x31, 0x1e, 0xc1, 0x05, 0xfc,
0x7c, 0x77, 0xd7, 0x37, 0x61, 0x27, 0xd0, 0x95,
0x98, 0xee, 0x5d, 0xa4, 0x3d, 0x09, 0xdb, 0x3d,
0xfa, 0x89, 0x9e, 0x7f, 0xa6, 0xa6, 0x9c, 0xff,
0x83, 0x5c, 0x21, 0x6c, 0x3e, 0xf2, 0xfe, 0xdc,
0x63, 0xe4, 0xd1, 0x0e, 0x75, 0x45, 0x69, 0x0f
};
static const u8 pkex_init_y_bp_p512r1[64] = {
0x5a, 0x28, 0x01, 0xbe, 0x96, 0x82, 0x4e, 0xf6,
0xfa, 0xed, 0x7d, 0xfd, 0x48, 0x8b, 0x48, 0x4e,
0xd1, 0x97, 0x87, 0xc4, 0x05, 0x5d, 0x15, 0x2a,
0xf4, 0x91, 0x4b, 0x75, 0x90, 0xd9, 0x34, 0x2c,
0x3c, 0x12, 0xf2, 0xf5, 0x25, 0x94, 0x24, 0x34,
0xa7, 0x6d, 0x66, 0xbc, 0x27, 0xa4, 0xa0, 0x8d,
0xd5, 0xe1, 0x54, 0xa3, 0x55, 0x26, 0xd4, 0x14,
0x17, 0x0f, 0xc1, 0xc7, 0x3d, 0x68, 0x7f, 0x5a
};
static const u8 pkex_resp_x_bp_p512r1[64] = {
0x2a, 0x60, 0x32, 0x27, 0xa1, 0xe6, 0x94, 0x72,
0x1c, 0x48, 0xbe, 0xc5, 0x77, 0x14, 0x30, 0x76,
0xe4, 0xbf, 0xf7, 0x7b, 0xc5, 0xfd, 0xdf, 0x19,
0x1e, 0x0f, 0xdf, 0x1c, 0x40, 0xfa, 0x34, 0x9e,
0x1f, 0x42, 0x24, 0xa3, 0x2c, 0xd5, 0xc7, 0xc9,
0x7b, 0x47, 0x78, 0x96, 0xf1, 0x37, 0x0e, 0x88,
0xcb, 0xa6, 0x52, 0x29, 0xd7, 0xa8, 0x38, 0x29,
0x8e, 0x6e, 0x23, 0x47, 0xd4, 0x4b, 0x70, 0x3e
};
static const u8 pkex_resp_y_bp_p512r1[64] = {
0x2a, 0xbe, 0x59, 0xe6, 0xc4, 0xb3, 0xd8, 0x09,
0x66, 0x89, 0x0a, 0x2d, 0x19, 0xf0, 0x9c, 0x9f,
0xb4, 0xab, 0x8f, 0x50, 0x68, 0x3c, 0x74, 0x64,
0x4e, 0x19, 0x55, 0x81, 0x9b, 0x48, 0x5c, 0xf4,
0x12, 0x8d, 0xb9, 0xd8, 0x02, 0x5b, 0xe1, 0x26,
0x7e, 0x19, 0x5c, 0xfd, 0x70, 0xf7, 0x4b, 0xdc,
0xb5, 0x5d, 0xc1, 0x7a, 0xe9, 0xd1, 0x05, 0x2e,
0xd1, 0xfd, 0x2f, 0xce, 0x63, 0x77, 0x48, 0x2c
DPP: Bootstrap information management Add wpa_supplicant control interface commands for parsing the bootstrap info URI from a QR Code (get peer public key) and to generate a new bootstrap info with private key for local use. The optional key=<hexdump> argument to the DPP_BOOTSTRAP_GEN command can be used to specify the bootstrapping private key in OpenSSL ECPrivateKey DER encoding format. This results in the local bootstrapping information entry being created with the specified key instead of generating a new random one. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-06-15 20:18:10 +02:00
};
DPP: Add helper functions for running hash operations Use helper functions to cover all three different hash algorithm options for DPP operations instead of having separate calls to each function at every location a hash operation based on the curve is needed. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-07-02 11:36:20 +02:00
static int dpp_hash_vector(const struct dpp_curve_params *curve,
size_t num_elem, const u8 *addr[], const size_t *len,
u8 *mac)
{
if (curve->hash_len == 32)
return sha256_vector(num_elem, addr, len, mac);
if (curve->hash_len == 48)
return sha384_vector(num_elem, addr, len, mac);
if (curve->hash_len == 64)
return sha512_vector(num_elem, addr, len, mac);
return -1;
}
static int dpp_hkdf_expand(size_t hash_len, const u8 *secret, size_t secret_len,
const char *label, u8 *out, size_t outlen)
{
if (hash_len == 32)
return hmac_sha256_kdf(secret, secret_len, NULL,
(const u8 *) label, os_strlen(label),
out, outlen);
if (hash_len == 48)
return hmac_sha384_kdf(secret, secret_len, NULL,
(const u8 *) label, os_strlen(label),
out, outlen);
if (hash_len == 64)
return hmac_sha512_kdf(secret, secret_len, NULL,
(const u8 *) label, os_strlen(label),
out, outlen);
return -1;
}
static int dpp_hmac_vector(size_t hash_len, const u8 *key, size_t key_len,
size_t num_elem, const u8 *addr[],
const size_t *len, u8 *mac)
{
if (hash_len == 32)
return hmac_sha256_vector(key, key_len, num_elem, addr, len,
mac);
if (hash_len == 48)
return hmac_sha384_vector(key, key_len, num_elem, addr, len,
mac);
if (hash_len == 64)
return hmac_sha512_vector(key, key_len, num_elem, addr, len,
mac);
return -1;
}
static int dpp_hmac(size_t hash_len, const u8 *key, size_t key_len,
const u8 *data, size_t data_len, u8 *mac)
{
if (hash_len == 32)
return hmac_sha256(key, key_len, data, data_len, mac);
if (hash_len == 48)
return hmac_sha384(key, key_len, data, data_len, mac);
if (hash_len == 64)
return hmac_sha512(key, key_len, data, data_len, mac);
return -1;
}
DPP: Use dpp_bn2bin_pad() helper to simplify code Number of places writing BIGNUM values with left-padding were open coding this helper functionality unnecessarily. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-03 15:49:48 +01:00
static int dpp_bn2bin_pad(const BIGNUM *bn, u8 *pos, size_t len)
{
int num_bytes, offset;
num_bytes = BN_num_bytes(bn);
if ((size_t) num_bytes > len)
return -1;
offset = len - num_bytes;
os_memset(pos, 0, offset);
BN_bn2bin(bn, pos + offset);
return 0;
}
DPP: Authentication exchange Add wpa_supplicant control interface commands for managing DPP Authentication exchange. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-06-15 20:18:12 +02:00
static struct wpabuf * dpp_get_pubkey_point(EVP_PKEY *pkey, int prefix)
{
int len, res;
EC_KEY *eckey;
struct wpabuf *buf;
unsigned char *pos;
eckey = EVP_PKEY_get1_EC_KEY(pkey);
if (!eckey)
return NULL;
EC_KEY_set_conv_form(eckey, POINT_CONVERSION_UNCOMPRESSED);
len = i2o_ECPublicKey(eckey, NULL);
if (len <= 0) {
wpa_printf(MSG_ERROR,
"DDP: Failed to determine public key encoding length");
EC_KEY_free(eckey);
return NULL;
}
buf = wpabuf_alloc(len);
if (!buf) {
EC_KEY_free(eckey);
return NULL;
}
pos = wpabuf_put(buf, len);
res = i2o_ECPublicKey(eckey, &pos);
EC_KEY_free(eckey);
if (res != len) {
wpa_printf(MSG_ERROR,
"DDP: Failed to encode public key (res=%d/%d)",
res, len);
wpabuf_free(buf);
return NULL;
}
if (!prefix) {
/* Remove 0x04 prefix to match DPP definition */
pos = wpabuf_mhead(buf);
os_memmove(pos, pos + 1, len - 1);
buf->used--;
}
return buf;
}
static EVP_PKEY * dpp_set_pubkey_point_group(const EC_GROUP *group,
const u8 *buf_x, const u8 *buf_y,
size_t len)
{
EC_KEY *eckey = NULL;
BN_CTX *ctx;
EC_POINT *point = NULL;
BIGNUM *x = NULL, *y = NULL;
EVP_PKEY *pkey = NULL;
ctx = BN_CTX_new();
if (!ctx) {
wpa_printf(MSG_ERROR, "DPP: Out of memory");
return NULL;
}
point = EC_POINT_new(group);
x = BN_bin2bn(buf_x, len, NULL);
y = BN_bin2bn(buf_y, len, NULL);
if (!point || !x || !y) {
wpa_printf(MSG_ERROR, "DPP: Out of memory");
goto fail;
}
if (!EC_POINT_set_affine_coordinates_GFp(group, point, x, y, ctx)) {
wpa_printf(MSG_ERROR,
"DPP: OpenSSL: EC_POINT_set_affine_coordinates_GFp failed: %s",
ERR_error_string(ERR_get_error(), NULL));
goto fail;
}
if (!EC_POINT_is_on_curve(group, point, ctx) ||
EC_POINT_is_at_infinity(group, point)) {
wpa_printf(MSG_ERROR, "DPP: Invalid point");
goto fail;
}
eckey = EC_KEY_new();
if (!eckey ||
EC_KEY_set_group(eckey, group) != 1 ||
EC_KEY_set_public_key(eckey, point) != 1) {
wpa_printf(MSG_ERROR,
"DPP: Failed to set EC_KEY: %s",
ERR_error_string(ERR_get_error(), NULL));
goto fail;
}
EC_KEY_set_asn1_flag(eckey, OPENSSL_EC_NAMED_CURVE);
pkey = EVP_PKEY_new();
if (!pkey || EVP_PKEY_set1_EC_KEY(pkey, eckey) != 1) {
wpa_printf(MSG_ERROR, "DPP: Could not create EVP_PKEY");
goto fail;
}
out:
BN_free(x);
BN_free(y);
EC_KEY_free(eckey);
EC_POINT_free(point);
BN_CTX_free(ctx);
return pkey;
fail:
EVP_PKEY_free(pkey);
pkey = NULL;
goto out;
}
static EVP_PKEY * dpp_set_pubkey_point(EVP_PKEY *group_key,
const u8 *buf, size_t len)
{
EC_KEY *eckey;
const EC_GROUP *group;
EVP_PKEY *pkey = NULL;
if (len & 1)
return NULL;
eckey = EVP_PKEY_get1_EC_KEY(group_key);
if (!eckey) {
wpa_printf(MSG_ERROR,
"DPP: Could not get EC_KEY from group_key");
return NULL;
}
group = EC_KEY_get0_group(eckey);
if (group)
pkey = dpp_set_pubkey_point_group(group, buf, buf + len / 2,
len / 2);
else
wpa_printf(MSG_ERROR, "DPP: Could not get EC group");
EC_KEY_free(eckey);
return pkey;
}
DPP: Report invalid messages and failure conditions in control interface This is useful for protocol testing purposes and UI needs to display more detailed information about DPP exchanges. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-10-22 16:24:38 +02:00
static void dpp_auth_fail(struct dpp_authentication *auth, const char *txt)
{
wpa_msg(auth->msg_ctx, MSG_INFO, DPP_EVENT_FAIL "%s", txt);
}
DPP: Authentication exchange Add wpa_supplicant control interface commands for managing DPP Authentication exchange. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-06-15 20:18:12 +02:00
struct wpabuf * dpp_alloc_msg(enum dpp_public_action_frame_type type,
size_t len)
{
struct wpabuf *msg;
DPP: Add the crypto suite field to the frames This additional field was added to DPP Public Action frames in DPP tech spec v0.2.3 to support cryptographic agility in the future. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-10-10 00:30:08 +02:00
msg = wpabuf_alloc(8 + len);
DPP: Authentication exchange Add wpa_supplicant control interface commands for managing DPP Authentication exchange. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-06-15 20:18:12 +02:00
if (!msg)
return NULL;
wpabuf_put_u8(msg, WLAN_ACTION_PUBLIC);
wpabuf_put_u8(msg, WLAN_PA_VENDOR_SPECIFIC);
wpabuf_put_be24(msg, OUI_WFA);
wpabuf_put_u8(msg, DPP_OUI_TYPE);
DPP: Add the crypto suite field to the frames This additional field was added to DPP Public Action frames in DPP tech spec v0.2.3 to support cryptographic agility in the future. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-10-10 00:30:08 +02:00
wpabuf_put_u8(msg, 1); /* Crypto Suite */
DPP: Authentication exchange Add wpa_supplicant control interface commands for managing DPP Authentication exchange. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-06-15 20:18:12 +02:00
wpabuf_put_u8(msg, type);
return msg;
}
const u8 * dpp_get_attr(const u8 *buf, size_t len, u16 req_id, u16 *ret_len)
{
u16 id, alen;
const u8 *pos = buf, *end = buf + len;
while (end - pos >= 4) {
id = WPA_GET_LE16(pos);
pos += 2;
alen = WPA_GET_LE16(pos);
pos += 2;
if (alen > end - pos)
return NULL;
if (id == req_id) {
*ret_len = alen;
return pos;
}
pos += alen;
}
return NULL;
}
int dpp_check_attrs(const u8 *buf, size_t len)
{
const u8 *pos, *end;
DPP: Verify that Wrapped Data attribute is the last one in the message Do not allow any additional attributes to be included after the Wrapped Data attribute. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-10-22 10:37:56 +02:00
int wrapped_data = 0;
DPP: Authentication exchange Add wpa_supplicant control interface commands for managing DPP Authentication exchange. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-06-15 20:18:12 +02:00
pos = buf;
end = buf + len;
while (end - pos >= 4) {
u16 id, alen;
id = WPA_GET_LE16(pos);
pos += 2;
alen = WPA_GET_LE16(pos);
pos += 2;
wpa_printf(MSG_MSGDUMP, "DPP: Attribute ID %04x len %u",
id, alen);
if (alen > end - pos) {
wpa_printf(MSG_DEBUG,
"DPP: Truncated message - not enough room for the attribute - dropped");
return -1;
}
DPP: Verify that Wrapped Data attribute is the last one in the message Do not allow any additional attributes to be included after the Wrapped Data attribute. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-10-22 10:37:56 +02:00
if (wrapped_data) {
wpa_printf(MSG_DEBUG,
"DPP: An unexpected attribute included after the Wrapped Data attribute");
return -1;
}
if (id == DPP_ATTR_WRAPPED_DATA)
wrapped_data = 1;
DPP: Authentication exchange Add wpa_supplicant control interface commands for managing DPP Authentication exchange. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-06-15 20:18:12 +02:00
pos += alen;
}
if (end != pos) {
wpa_printf(MSG_DEBUG,
"DPP: Unexpected octets (%d) after the last attribute",
(int) (end - pos));
return -1;
}
return 0;
}
DPP: Bootstrap information management Add wpa_supplicant control interface commands for parsing the bootstrap info URI from a QR Code (get peer public key) and to generate a new bootstrap info with private key for local use. The optional key=<hexdump> argument to the DPP_BOOTSTRAP_GEN command can be used to specify the bootstrapping private key in OpenSSL ECPrivateKey DER encoding format. This results in the local bootstrapping information entry being created with the specified key instead of generating a new random one. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-06-15 20:18:10 +02:00
void dpp_bootstrap_info_free(struct dpp_bootstrap_info *info)
{
if (!info)
return;
os_free(info->uri);
os_free(info->info);
EVP_PKEY_free(info->pubkey);
os_free(info);
}
DPP: Share bootstrap type to string helper function This can be used in hostapd as well. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-07-04 14:45:03 +02:00
const char * dpp_bootstrap_type_txt(enum dpp_bootstrap_type type)
{
switch (type) {
case DPP_BOOTSTRAP_QR_CODE:
return "QRCODE";
case DPP_BOOTSTRAP_PKEX:
return "PKEX";
}
return "??";
}
DPP: Bootstrap information management Add wpa_supplicant control interface commands for parsing the bootstrap info URI from a QR Code (get peer public key) and to generate a new bootstrap info with private key for local use. The optional key=<hexdump> argument to the DPP_BOOTSTRAP_GEN command can be used to specify the bootstrapping private key in OpenSSL ECPrivateKey DER encoding format. This results in the local bootstrapping information entry being created with the specified key instead of generating a new random one. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-06-15 20:18:10 +02:00
static int dpp_uri_valid_info(const char *info)
{
while (*info) {
unsigned char val = *info++;
if (val < 0x20 || val > 0x7e || val == 0x3b)
return 0;
}
return 1;
}
static int dpp_clone_uri(struct dpp_bootstrap_info *bi, const char *uri)
{
bi->uri = os_strdup(uri);
return bi->uri ? 0 : -1;
}
int dpp_parse_uri_chan_list(struct dpp_bootstrap_info *bi,
const char *chan_list)
{
const char *pos = chan_list;
int opclass, channel, freq;
while (pos && *pos && *pos != ';') {
opclass = atoi(pos);
if (opclass <= 0)
goto fail;
pos = os_strchr(pos, '/');
if (!pos)
goto fail;
pos++;
channel = atoi(pos);
if (channel <= 0)
goto fail;
while (*pos >= '0' && *pos <= '9')
pos++;
freq = ieee80211_chan_to_freq(NULL, opclass, channel);
wpa_printf(MSG_DEBUG,
"DPP: URI channel-list: opclass=%d channel=%d ==> freq=%d",
opclass, channel, freq);
if (freq < 0) {
wpa_printf(MSG_DEBUG,
"DPP: Ignore unknown URI channel-list channel (opclass=%d channel=%d)",
opclass, channel);
} else if (bi->num_freq == DPP_BOOTSTRAP_MAX_FREQ) {
wpa_printf(MSG_DEBUG,
"DPP: Too many channels in URI channel-list - ignore list");
bi->num_freq = 0;
break;
} else {
bi->freq[bi->num_freq++] = freq;
}
if (*pos == ';' || *pos == '\0')
break;
if (*pos != ',')
goto fail;
pos++;
}
return 0;
fail:
wpa_printf(MSG_DEBUG, "DPP: Invalid URI channel-list");
return -1;
}
int dpp_parse_uri_mac(struct dpp_bootstrap_info *bi, const char *mac)
{
if (!mac)
return 0;
if (hwaddr_aton2(mac, bi->mac_addr) < 0) {
wpa_printf(MSG_DEBUG, "DPP: Invalid URI mac");
return -1;
}
wpa_printf(MSG_DEBUG, "DPP: URI mac: " MACSTR, MAC2STR(bi->mac_addr));
return 0;
}
int dpp_parse_uri_info(struct dpp_bootstrap_info *bi, const char *info)
{
const char *end;
if (!info)
return 0;
end = os_strchr(info, ';');
if (!end)
end = info + os_strlen(info);
bi->info = os_malloc(end - info + 1);
if (!bi->info)
return -1;
os_memcpy(bi->info, info, end - info);
bi->info[end - info] = '\0';
wpa_printf(MSG_DEBUG, "DPP: URI(information): %s", bi->info);
if (!dpp_uri_valid_info(bi->info)) {
wpa_printf(MSG_DEBUG, "DPP: Invalid URI information payload");
return -1;
}
return 0;
}
static const struct dpp_curve_params *
dpp_get_curve_oid(const ASN1_OBJECT *poid)
{
ASN1_OBJECT *oid;
int i;
for (i = 0; dpp_curves[i].name; i++) {
oid = OBJ_txt2obj(dpp_curves[i].name, 0);
if (oid && OBJ_cmp(poid, oid) == 0)
return &dpp_curves[i];
}
return NULL;
}
static const struct dpp_curve_params * dpp_get_curve_nid(int nid)
{
int i, tmp;
if (!nid)
return NULL;
for (i = 0; dpp_curves[i].name; i++) {
tmp = OBJ_txt2nid(dpp_curves[i].name);
if (tmp == nid)
return &dpp_curves[i];
}
return NULL;
}
static int dpp_parse_uri_pk(struct dpp_bootstrap_info *bi, const char *info)
{
const char *end;
u8 *data;
size_t data_len;
EVP_PKEY *pkey;
const unsigned char *p;
int res;
X509_PUBKEY *pub = NULL;
ASN1_OBJECT *ppkalg;
const unsigned char *pk;
int ppklen;
X509_ALGOR *pa;
BoringSSL: Add DPP special cases regardless of claimed version number It looks like BoringSSL claims to have OPENSSL_VERSION_NUMBER for a 1.1.0 version, but it does not provide ECDSA_SIG_set0() or ECDSA_SIG_get0(). For now, add the helper functions regardless of the version BoringSSL claims to be. Similarly, include the X509_ALGOR_get0() workaround unconditionally for BoringSSL. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-17 19:44:42 +01:00
#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(OPENSSL_IS_BORINGSSL)
DPP: Bootstrap information management Add wpa_supplicant control interface commands for parsing the bootstrap info URI from a QR Code (get peer public key) and to generate a new bootstrap info with private key for local use. The optional key=<hexdump> argument to the DPP_BOOTSTRAP_GEN command can be used to specify the bootstrapping private key in OpenSSL ECPrivateKey DER encoding format. This results in the local bootstrapping information entry being created with the specified key instead of generating a new random one. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-06-15 20:18:10 +02:00
ASN1_OBJECT *pa_oid;
DPP: Fix build with OpenSSL 1.1.0 X509_ALGOR_get0() was modified to use const ** pointer as the first argument in OpenSSL 1.1.0, so need to use different type here to avoid compilation issues. Signed-off-by: Jouni Malinen <j@w1.fi>
2017-07-17 11:26:44 +02:00
#else
const ASN1_OBJECT *pa_oid;
#endif
DPP: Bootstrap information management Add wpa_supplicant control interface commands for parsing the bootstrap info URI from a QR Code (get peer public key) and to generate a new bootstrap info with private key for local use. The optional key=<hexdump> argument to the DPP_BOOTSTRAP_GEN command can be used to specify the bootstrapping private key in OpenSSL ECPrivateKey DER encoding format. This results in the local bootstrapping information entry being created with the specified key instead of generating a new random one. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-06-15 20:18:10 +02:00
const void *pval;
int ptype;
const ASN1_OBJECT *poid;
char buf[100];
end = os_strchr(info, ';');
if (!end)
return -1;
data = base64_decode((const unsigned char *) info, end - info,
&data_len);
if (!data) {
wpa_printf(MSG_DEBUG,
"DPP: Invalid base64 encoding on URI public-key");
return -1;
}
wpa_hexdump(MSG_DEBUG, "DPP: Base64 decoded URI public-key",
data, data_len);
if (sha256_vector(1, (const u8 **) &data, &data_len,
bi->pubkey_hash) < 0) {
wpa_printf(MSG_DEBUG, "DPP: Failed to hash public key");
return -1;
}
DPP: Authentication exchange Add wpa_supplicant control interface commands for managing DPP Authentication exchange. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-06-15 20:18:12 +02:00
wpa_hexdump(MSG_DEBUG, "DPP: Public key hash",
bi->pubkey_hash, SHA256_MAC_LEN);
DPP: Bootstrap information management Add wpa_supplicant control interface commands for parsing the bootstrap info URI from a QR Code (get peer public key) and to generate a new bootstrap info with private key for local use. The optional key=<hexdump> argument to the DPP_BOOTSTRAP_GEN command can be used to specify the bootstrapping private key in OpenSSL ECPrivateKey DER encoding format. This results in the local bootstrapping information entry being created with the specified key instead of generating a new random one. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-06-15 20:18:10 +02:00
/* DER encoded ASN.1 SubjectPublicKeyInfo
*
* SubjectPublicKeyInfo ::= SEQUENCE {
* algorithm AlgorithmIdentifier,
* subjectPublicKey BIT STRING }
*
* AlgorithmIdentifier ::= SEQUENCE {
* algorithm OBJECT IDENTIFIER,
* parameters ANY DEFINED BY algorithm OPTIONAL }
*
* subjectPublicKey = compressed format public key per ANSI X9.63
* algorithm = ecPublicKey (1.2.840.10045.2.1)
* parameters = shall be present and shall be OBJECT IDENTIFIER; e.g.,
* prime256v1 (1.2.840.10045.3.1.7)
*/
p = data;
pkey = d2i_PUBKEY(NULL, &p, data_len);
os_free(data);
if (!pkey) {
wpa_printf(MSG_DEBUG,
"DPP: Could not parse URI public-key SubjectPublicKeyInfo");
return -1;
}
if (EVP_PKEY_type(EVP_PKEY_id(pkey)) != EVP_PKEY_EC) {
wpa_printf(MSG_DEBUG,
"DPP: SubjectPublicKeyInfo does not describe an EC key");
EVP_PKEY_free(pkey);
return -1;
}
res = X509_PUBKEY_set(&pub, pkey);
if (res != 1) {
wpa_printf(MSG_DEBUG, "DPP: Could not set pubkey");
goto fail;
}
res = X509_PUBKEY_get0_param(&ppkalg, &pk, &ppklen, &pa, pub);
if (res != 1) {
wpa_printf(MSG_DEBUG,
"DPP: Could not extract SubjectPublicKeyInfo parameters");
goto fail;
}
res = OBJ_obj2txt(buf, sizeof(buf), ppkalg, 0);
if (res < 0 || (size_t) res >= sizeof(buf)) {
wpa_printf(MSG_DEBUG,
"DPP: Could not extract SubjectPublicKeyInfo algorithm");
goto fail;
}
wpa_printf(MSG_DEBUG, "DPP: URI subjectPublicKey algorithm: %s", buf);
if (os_strcmp(buf, "id-ecPublicKey") != 0) {
wpa_printf(MSG_DEBUG,
"DPP: Unsupported SubjectPublicKeyInfo algorithm");
goto fail;
}
X509_ALGOR_get0(&pa_oid, &ptype, (void *) &pval, pa);
if (ptype != V_ASN1_OBJECT) {
wpa_printf(MSG_DEBUG,
"DPP: SubjectPublicKeyInfo parameters did not contain an OID");
goto fail;
}
poid = pval;
res = OBJ_obj2txt(buf, sizeof(buf), poid, 0);
if (res < 0 || (size_t) res >= sizeof(buf)) {
wpa_printf(MSG_DEBUG,
"DPP: Could not extract SubjectPublicKeyInfo parameters OID");
goto fail;
}
wpa_printf(MSG_DEBUG, "DPP: URI subjectPublicKey parameters: %s", buf);
bi->curve = dpp_get_curve_oid(poid);
if (!bi->curve) {
wpa_printf(MSG_DEBUG,
"DPP: Unsupported SubjectPublicKeyInfo curve: %s",
buf);
goto fail;
}
wpa_hexdump(MSG_DEBUG, "DPP: URI subjectPublicKey", pk, ppklen);
X509_PUBKEY_free(pub);
bi->pubkey = pkey;
return 0;
fail:
X509_PUBKEY_free(pub);
EVP_PKEY_free(pkey);
return -1;
}
static struct dpp_bootstrap_info * dpp_parse_uri(const char *uri)
{
const char *pos = uri;
const char *end;
const char *chan_list = NULL, *mac = NULL, *info = NULL, *pk = NULL;
struct dpp_bootstrap_info *bi;
wpa_hexdump_ascii(MSG_DEBUG, "DPP: URI", uri, os_strlen(uri));
if (os_strncmp(pos, "DPP:", 4) != 0) {
wpa_printf(MSG_INFO, "DPP: Not a DPP URI");
return NULL;
}
pos += 4;
for (;;) {
end = os_strchr(pos, ';');
if (!end)
break;
if (end == pos) {
/* Handle terminating ";;" and ignore unexpected ";"
* for parsing robustness. */
pos++;
continue;
}
if (pos[0] == 'C' && pos[1] == ':' && !chan_list)
chan_list = pos + 2;
else if (pos[0] == 'M' && pos[1] == ':' && !mac)
mac = pos + 2;
else if (pos[0] == 'I' && pos[1] == ':' && !info)
info = pos + 2;
else if (pos[0] == 'K' && pos[1] == ':' && !pk)
pk = pos + 2;
else
wpa_hexdump_ascii(MSG_DEBUG,
"DPP: Ignore unrecognized URI parameter",
pos, end - pos);
pos = end + 1;
}
if (!pk) {
wpa_printf(MSG_INFO, "DPP: URI missing public-key");
return NULL;
}
bi = os_zalloc(sizeof(*bi));
if (!bi)
return NULL;
if (dpp_clone_uri(bi, uri) < 0 ||
dpp_parse_uri_chan_list(bi, chan_list) < 0 ||
dpp_parse_uri_mac(bi, mac) < 0 ||
dpp_parse_uri_info(bi, info) < 0 ||
dpp_parse_uri_pk(bi, pk) < 0) {
dpp_bootstrap_info_free(bi);
bi = NULL;
}
return bi;
}
struct dpp_bootstrap_info * dpp_parse_qr_code(const char *uri)
{
struct dpp_bootstrap_info *bi;
bi = dpp_parse_uri(uri);
if (bi)
bi->type = DPP_BOOTSTRAP_QR_CODE;
return bi;
}
static void dpp_debug_print_key(const char *title, EVP_PKEY *key)
{
EC_KEY *eckey;
BIO *out;
size_t rlen;
char *txt;
int res;
unsigned char *der = NULL;
int der_len;
out = BIO_new(BIO_s_mem());
if (!out)
return;
EVP_PKEY_print_private(out, key, 0, NULL);
rlen = BIO_ctrl_pending(out);
txt = os_malloc(rlen + 1);
if (txt) {
res = BIO_read(out, txt, rlen);
if (res > 0) {
txt[res] = '\0';
wpa_printf(MSG_DEBUG, "%s: %s", title, txt);
}
os_free(txt);
}
BIO_free(out);
eckey = EVP_PKEY_get1_EC_KEY(key);
if (!eckey)
return;
der_len = i2d_ECPrivateKey(eckey, &der);
if (der_len > 0)
wpa_hexdump_key(MSG_DEBUG, "DPP: ECPrivateKey", der, der_len);
OPENSSL_free(der);
if (der_len <= 0) {
der = NULL;
der_len = i2d_EC_PUBKEY(eckey, &der);
if (der_len > 0)
wpa_hexdump(MSG_DEBUG, "DPP: EC_PUBKEY", der, der_len);
OPENSSL_free(der);
}
EC_KEY_free(eckey);
}
static EVP_PKEY * dpp_gen_keypair(const struct dpp_curve_params *curve)
{
#ifdef OPENSSL_IS_BORINGSSL
EVP_PKEY_CTX *kctx = NULL;
const EC_GROUP *group;
EC_KEY *ec_params;
#else
EVP_PKEY_CTX *pctx, *kctx = NULL;
#endif
EVP_PKEY *params = NULL, *key = NULL;
int nid;
wpa_printf(MSG_DEBUG, "DPP: Generating a keypair");
nid = OBJ_txt2nid(curve->name);
if (nid == NID_undef) {
wpa_printf(MSG_INFO, "DPP: Unsupported curve %s", curve->name);
return NULL;
}
#ifdef OPENSSL_IS_BORINGSSL
group = EC_GROUP_new_by_curve_name(nid);
ec_params = EC_KEY_new();
if (!ec_params || EC_KEY_set_group(ec_params, group) != 1) {
wpa_printf(MSG_ERROR,
"DPP: Failed to generate EC_KEY parameters");
goto fail;
}
EC_KEY_set_asn1_flag(ec_params, OPENSSL_EC_NAMED_CURVE);
params = EVP_PKEY_new();
if (!params || EVP_PKEY_set1_EC_KEY(params, ec_params) != 1) {
wpa_printf(MSG_ERROR,
"DPP: Failed to generate EVP_PKEY parameters");
goto fail;
}
#else
pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_EC, NULL);
if (!pctx ||
EVP_PKEY_paramgen_init(pctx) != 1 ||
EVP_PKEY_CTX_set_ec_paramgen_curve_nid(pctx, nid) != 1 ||
EVP_PKEY_CTX_set_ec_param_enc(pctx, OPENSSL_EC_NAMED_CURVE) != 1 ||
EVP_PKEY_paramgen(pctx, &params) != 1) {
wpa_printf(MSG_ERROR,
"DPP: Failed to generate EVP_PKEY parameters");
EVP_PKEY_CTX_free(pctx);
goto fail;
}
EVP_PKEY_CTX_free(pctx);
#endif
kctx = EVP_PKEY_CTX_new(params, NULL);
if (!kctx ||
EVP_PKEY_keygen_init(kctx) != 1 ||
EVP_PKEY_keygen(kctx, &key) != 1) {
wpa_printf(MSG_ERROR, "DPP: Failed to generate EC key");
goto fail;
}
if (wpa_debug_show_keys)
dpp_debug_print_key("Own generated key", key);
EVP_PKEY_free(params);
EVP_PKEY_CTX_free(kctx);
return key;
fail:
EVP_PKEY_CTX_free(kctx);
EVP_PKEY_free(params);
return NULL;
}
static const struct dpp_curve_params *
dpp_get_curve_name(const char *name)
{
int i;
for (i = 0; dpp_curves[i].name; i++) {
if (os_strcmp(name, dpp_curves[i].name) == 0 ||
(dpp_curves[i].jwk_crv &&
os_strcmp(name, dpp_curves[i].jwk_crv) == 0))
return &dpp_curves[i];
}
return NULL;
}
DPP: Configuration exchange This adds support for DPP Configuration Protocol using GAS. Full generation and processing of the configuration object is not included in this commit. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-06-15 20:18:15 +02:00
static const struct dpp_curve_params *
dpp_get_curve_jwk_crv(const char *name)
{
int i;
for (i = 0; dpp_curves[i].name; i++) {
if (dpp_curves[i].jwk_crv &&
os_strcmp(name, dpp_curves[i].jwk_crv) == 0)
return &dpp_curves[i];
}
return NULL;
}
DPP: Bootstrap information management Add wpa_supplicant control interface commands for parsing the bootstrap info URI from a QR Code (get peer public key) and to generate a new bootstrap info with private key for local use. The optional key=<hexdump> argument to the DPP_BOOTSTRAP_GEN command can be used to specify the bootstrapping private key in OpenSSL ECPrivateKey DER encoding format. This results in the local bootstrapping information entry being created with the specified key instead of generating a new random one. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-06-15 20:18:10 +02:00
static EVP_PKEY * dpp_set_keypair(const struct dpp_curve_params **curve,
const u8 *privkey, size_t privkey_len)
{
EVP_PKEY *pkey;
EC_KEY *eckey;
const EC_GROUP *group;
int nid;
pkey = EVP_PKEY_new();
if (!pkey)
return NULL;
eckey = d2i_ECPrivateKey(NULL, &privkey, privkey_len);
if (!eckey) {
wpa_printf(MSG_INFO,
"DPP: OpenSSL: d2i_ECPrivateKey() failed: %s",
ERR_error_string(ERR_get_error(), NULL));
EVP_PKEY_free(pkey);
return NULL;
}
group = EC_KEY_get0_group(eckey);
if (!group) {
EC_KEY_free(eckey);
EVP_PKEY_free(pkey);
return NULL;
}
nid = EC_GROUP_get_curve_name(group);
*curve = dpp_get_curve_nid(nid);
if (!*curve) {
wpa_printf(MSG_INFO,
"DPP: Unsupported curve (nid=%d) in pre-assigned key",
nid);
EC_KEY_free(eckey);
EVP_PKEY_free(pkey);
return NULL;
}
if (EVP_PKEY_assign_EC_KEY(pkey, eckey) != 1) {
EC_KEY_free(eckey);
EVP_PKEY_free(pkey);
return NULL;
}
return pkey;
}
DPP: Build bootstrapping key DER encoding using custom routine While the OpenSSL version of i2d_EC_PUBKEY() seemed to be able to use the POINT_CONVERSION_COMPRESSED setting on the EC key, that did not seem to work with BoringSSL. Since this is not exactly robust design, replace use of i2d_EC_PUBKEY() with a custom routine that enforces the DPP rules on SubjectPublicKeyInfo (compressed format of the public key, ecPublicKey OID, parameters present and indicating the curve by OID). Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-18 11:19:43 +01:00
typedef struct {
/* AlgorithmIdentifier ecPublicKey with optional parameters present
* as an OID identifying the curve */
X509_ALGOR *alg;
/* Compressed format public key per ANSI X9.63 */
ASN1_BIT_STRING *pub_key;
} DPP_BOOTSTRAPPING_KEY;
ASN1_SEQUENCE(DPP_BOOTSTRAPPING_KEY) = {
ASN1_SIMPLE(DPP_BOOTSTRAPPING_KEY, alg, X509_ALGOR),
ASN1_SIMPLE(DPP_BOOTSTRAPPING_KEY, pub_key, ASN1_BIT_STRING)
} ASN1_SEQUENCE_END(DPP_BOOTSTRAPPING_KEY);
IMPLEMENT_ASN1_FUNCTIONS(DPP_BOOTSTRAPPING_KEY);
DPP: Use a helper function to DER encode bootstrapping key This routine was previously implemented twice using i2d_EC_PUBKEY(). There is no need to duplicate that implementation and especially since it looks like this implementation needs to be replaced for BoringSSL, start by using a shared helper function for both locations so that there is only a single place that uses i2d_EC_PUBKEY() to build the special DPP bootstrapping key DER encoding. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-18 11:14:21 +01:00
static struct wpabuf * dpp_bootstrap_key_der(EVP_PKEY *key)
DPP: PKEX bootstrapping This implements genric PKEX functionality in src/common/dpp.c and glue code to use this in wpa_supplicant (i.e, hostapd DPP implementation does not yet support PKEX). Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-07-02 11:36:23 +02:00
{
unsigned char *der = NULL;
int der_len;
EC_KEY *eckey;
DPP: Build bootstrapping key DER encoding using custom routine While the OpenSSL version of i2d_EC_PUBKEY() seemed to be able to use the POINT_CONVERSION_COMPRESSED setting on the EC key, that did not seem to work with BoringSSL. Since this is not exactly robust design, replace use of i2d_EC_PUBKEY() with a custom routine that enforces the DPP rules on SubjectPublicKeyInfo (compressed format of the public key, ecPublicKey OID, parameters present and indicating the curve by OID). Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-18 11:19:43 +01:00
struct wpabuf *ret = NULL;
size_t len;
const EC_GROUP *group;
const EC_POINT *point;
BN_CTX *ctx;
DPP_BOOTSTRAPPING_KEY *bootstrap = NULL;
int nid;
DPP: PKEX bootstrapping This implements genric PKEX functionality in src/common/dpp.c and glue code to use this in wpa_supplicant (i.e, hostapd DPP implementation does not yet support PKEX). Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-07-02 11:36:23 +02:00
DPP: Build bootstrapping key DER encoding using custom routine While the OpenSSL version of i2d_EC_PUBKEY() seemed to be able to use the POINT_CONVERSION_COMPRESSED setting on the EC key, that did not seem to work with BoringSSL. Since this is not exactly robust design, replace use of i2d_EC_PUBKEY() with a custom routine that enforces the DPP rules on SubjectPublicKeyInfo (compressed format of the public key, ecPublicKey OID, parameters present and indicating the curve by OID). Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-18 11:19:43 +01:00
ctx = BN_CTX_new();
DPP: Use a helper function to DER encode bootstrapping key This routine was previously implemented twice using i2d_EC_PUBKEY(). There is no need to duplicate that implementation and especially since it looks like this implementation needs to be replaced for BoringSSL, start by using a shared helper function for both locations so that there is only a single place that uses i2d_EC_PUBKEY() to build the special DPP bootstrapping key DER encoding. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-18 11:14:21 +01:00
eckey = EVP_PKEY_get1_EC_KEY(key);
DPP: Build bootstrapping key DER encoding using custom routine While the OpenSSL version of i2d_EC_PUBKEY() seemed to be able to use the POINT_CONVERSION_COMPRESSED setting on the EC key, that did not seem to work with BoringSSL. Since this is not exactly robust design, replace use of i2d_EC_PUBKEY() with a custom routine that enforces the DPP rules on SubjectPublicKeyInfo (compressed format of the public key, ecPublicKey OID, parameters present and indicating the curve by OID). Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-18 11:19:43 +01:00
if (!ctx || !eckey)
goto fail;
group = EC_KEY_get0_group(eckey);
point = EC_KEY_get0_public_key(eckey);
if (!group || !point)
goto fail;
nid = EC_GROUP_get_curve_name(group);
bootstrap = DPP_BOOTSTRAPPING_KEY_new();
if (!bootstrap ||
X509_ALGOR_set0(bootstrap->alg, OBJ_nid2obj(EVP_PKEY_EC),
V_ASN1_OBJECT, (void *) OBJ_nid2obj(nid)) != 1)
goto fail;
len = EC_POINT_point2oct(group, point, POINT_CONVERSION_COMPRESSED,
NULL, 0, ctx);
if (len == 0)
goto fail;
der = OPENSSL_malloc(len);
if (!der)
goto fail;
len = EC_POINT_point2oct(group, point, POINT_CONVERSION_COMPRESSED,
der, len, ctx);
OPENSSL_free(bootstrap->pub_key->data);
bootstrap->pub_key->data = der;
der = NULL;
bootstrap->pub_key->length = len;
/* No unused bits */
bootstrap->pub_key->flags &= ~(ASN1_STRING_FLAG_BITS_LEFT | 0x07);
bootstrap->pub_key->flags |= ASN1_STRING_FLAG_BITS_LEFT;
der_len = i2d_DPP_BOOTSTRAPPING_KEY(bootstrap, &der);
DPP: PKEX bootstrapping This implements genric PKEX functionality in src/common/dpp.c and glue code to use this in wpa_supplicant (i.e, hostapd DPP implementation does not yet support PKEX). Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-07-02 11:36:23 +02:00
if (der_len <= 0) {
wpa_printf(MSG_ERROR,
"DDP: Failed to build DER encoded public key");
DPP: Build bootstrapping key DER encoding using custom routine While the OpenSSL version of i2d_EC_PUBKEY() seemed to be able to use the POINT_CONVERSION_COMPRESSED setting on the EC key, that did not seem to work with BoringSSL. Since this is not exactly robust design, replace use of i2d_EC_PUBKEY() with a custom routine that enforces the DPP rules on SubjectPublicKeyInfo (compressed format of the public key, ecPublicKey OID, parameters present and indicating the curve by OID). Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-18 11:19:43 +01:00
goto fail;
DPP: PKEX bootstrapping This implements genric PKEX functionality in src/common/dpp.c and glue code to use this in wpa_supplicant (i.e, hostapd DPP implementation does not yet support PKEX). Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-07-02 11:36:23 +02:00
}
DPP: Use a helper function to DER encode bootstrapping key This routine was previously implemented twice using i2d_EC_PUBKEY(). There is no need to duplicate that implementation and especially since it looks like this implementation needs to be replaced for BoringSSL, start by using a shared helper function for both locations so that there is only a single place that uses i2d_EC_PUBKEY() to build the special DPP bootstrapping key DER encoding. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-18 11:14:21 +01:00
ret = wpabuf_alloc_copy(der, der_len);
DPP: Build bootstrapping key DER encoding using custom routine While the OpenSSL version of i2d_EC_PUBKEY() seemed to be able to use the POINT_CONVERSION_COMPRESSED setting on the EC key, that did not seem to work with BoringSSL. Since this is not exactly robust design, replace use of i2d_EC_PUBKEY() with a custom routine that enforces the DPP rules on SubjectPublicKeyInfo (compressed format of the public key, ecPublicKey OID, parameters present and indicating the curve by OID). Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-18 11:19:43 +01:00
fail:
DPP_BOOTSTRAPPING_KEY_free(bootstrap);
DPP: PKEX bootstrapping This implements genric PKEX functionality in src/common/dpp.c and glue code to use this in wpa_supplicant (i.e, hostapd DPP implementation does not yet support PKEX). Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-07-02 11:36:23 +02:00
OPENSSL_free(der);
DPP: Build bootstrapping key DER encoding using custom routine While the OpenSSL version of i2d_EC_PUBKEY() seemed to be able to use the POINT_CONVERSION_COMPRESSED setting on the EC key, that did not seem to work with BoringSSL. Since this is not exactly robust design, replace use of i2d_EC_PUBKEY() with a custom routine that enforces the DPP rules on SubjectPublicKeyInfo (compressed format of the public key, ecPublicKey OID, parameters present and indicating the curve by OID). Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-18 11:19:43 +01:00
EC_KEY_free(eckey);
BN_CTX_free(ctx);
DPP: Use a helper function to DER encode bootstrapping key This routine was previously implemented twice using i2d_EC_PUBKEY(). There is no need to duplicate that implementation and especially since it looks like this implementation needs to be replaced for BoringSSL, start by using a shared helper function for both locations so that there is only a single place that uses i2d_EC_PUBKEY() to build the special DPP bootstrapping key DER encoding. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-18 11:14:21 +01:00
return ret;
}
int dpp_bootstrap_key_hash(struct dpp_bootstrap_info *bi)
{
struct wpabuf *der;
int res;
const u8 *addr[1];
size_t len[1];
der = dpp_bootstrap_key_der(bi->pubkey);
if (!der)
return -1;
wpa_hexdump_buf(MSG_DEBUG, "DPP: Compressed public key (DER)",
der);
addr[0] = wpabuf_head(der);
len[0] = wpabuf_len(der);
res = sha256_vector(1, addr, len, bi->pubkey_hash);
DPP: PKEX bootstrapping This implements genric PKEX functionality in src/common/dpp.c and glue code to use this in wpa_supplicant (i.e, hostapd DPP implementation does not yet support PKEX). Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-07-02 11:36:23 +02:00
if (res < 0)
wpa_printf(MSG_DEBUG, "DPP: Failed to hash public key");
DPP: Use a helper function to DER encode bootstrapping key This routine was previously implemented twice using i2d_EC_PUBKEY(). There is no need to duplicate that implementation and especially since it looks like this implementation needs to be replaced for BoringSSL, start by using a shared helper function for both locations so that there is only a single place that uses i2d_EC_PUBKEY() to build the special DPP bootstrapping key DER encoding. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-18 11:14:21 +01:00
else
wpa_hexdump(MSG_DEBUG, "DPP: Public key hash", bi->pubkey_hash,
SHA256_MAC_LEN);
wpabuf_free(der);
DPP: PKEX bootstrapping This implements genric PKEX functionality in src/common/dpp.c and glue code to use this in wpa_supplicant (i.e, hostapd DPP implementation does not yet support PKEX). Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-07-02 11:36:23 +02:00
return res;
}
DPP: Bootstrap information management Add wpa_supplicant control interface commands for parsing the bootstrap info URI from a QR Code (get peer public key) and to generate a new bootstrap info with private key for local use. The optional key=<hexdump> argument to the DPP_BOOTSTRAP_GEN command can be used to specify the bootstrapping private key in OpenSSL ECPrivateKey DER encoding format. This results in the local bootstrapping information entry being created with the specified key instead of generating a new random one. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-06-15 20:18:10 +02:00
char * dpp_keygen(struct dpp_bootstrap_info *bi, const char *curve,
const u8 *privkey, size_t privkey_len)
{
unsigned char *base64 = NULL;
char *pos, *end;
size_t len;
DPP: Use a helper function to DER encode bootstrapping key This routine was previously implemented twice using i2d_EC_PUBKEY(). There is no need to duplicate that implementation and especially since it looks like this implementation needs to be replaced for BoringSSL, start by using a shared helper function for both locations so that there is only a single place that uses i2d_EC_PUBKEY() to build the special DPP bootstrapping key DER encoding. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-18 11:14:21 +01:00
struct wpabuf *der = NULL;
const u8 *addr[1];
int res;
DPP: Bootstrap information management Add wpa_supplicant control interface commands for parsing the bootstrap info URI from a QR Code (get peer public key) and to generate a new bootstrap info with private key for local use. The optional key=<hexdump> argument to the DPP_BOOTSTRAP_GEN command can be used to specify the bootstrapping private key in OpenSSL ECPrivateKey DER encoding format. This results in the local bootstrapping information entry being created with the specified key instead of generating a new random one. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-06-15 20:18:10 +02:00
if (!curve) {
bi->curve = &dpp_curves[0];
} else {
bi->curve = dpp_get_curve_name(curve);
if (!bi->curve) {
wpa_printf(MSG_INFO, "DPP: Unsupported curve: %s",
curve);
return NULL;
}
}
if (privkey)
bi->pubkey = dpp_set_keypair(&bi->curve, privkey, privkey_len);
else
bi->pubkey = dpp_gen_keypair(bi->curve);
if (!bi->pubkey)
goto fail;
bi->own = 1;
DPP: Use a helper function to DER encode bootstrapping key This routine was previously implemented twice using i2d_EC_PUBKEY(). There is no need to duplicate that implementation and especially since it looks like this implementation needs to be replaced for BoringSSL, start by using a shared helper function for both locations so that there is only a single place that uses i2d_EC_PUBKEY() to build the special DPP bootstrapping key DER encoding. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-18 11:14:21 +01:00
der = dpp_bootstrap_key_der(bi->pubkey);
if (!der)
DPP: Bootstrap information management Add wpa_supplicant control interface commands for parsing the bootstrap info URI from a QR Code (get peer public key) and to generate a new bootstrap info with private key for local use. The optional key=<hexdump> argument to the DPP_BOOTSTRAP_GEN command can be used to specify the bootstrapping private key in OpenSSL ECPrivateKey DER encoding format. This results in the local bootstrapping information entry being created with the specified key instead of generating a new random one. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-06-15 20:18:10 +02:00
goto fail;
DPP: Use a helper function to DER encode bootstrapping key This routine was previously implemented twice using i2d_EC_PUBKEY(). There is no need to duplicate that implementation and especially since it looks like this implementation needs to be replaced for BoringSSL, start by using a shared helper function for both locations so that there is only a single place that uses i2d_EC_PUBKEY() to build the special DPP bootstrapping key DER encoding. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-18 11:14:21 +01:00
wpa_hexdump_buf(MSG_DEBUG, "DPP: Compressed public key (DER)",
der);
DPP: Bootstrap information management Add wpa_supplicant control interface commands for parsing the bootstrap info URI from a QR Code (get peer public key) and to generate a new bootstrap info with private key for local use. The optional key=<hexdump> argument to the DPP_BOOTSTRAP_GEN command can be used to specify the bootstrapping private key in OpenSSL ECPrivateKey DER encoding format. This results in the local bootstrapping information entry being created with the specified key instead of generating a new random one. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-06-15 20:18:10 +02:00
DPP: Use a helper function to DER encode bootstrapping key This routine was previously implemented twice using i2d_EC_PUBKEY(). There is no need to duplicate that implementation and especially since it looks like this implementation needs to be replaced for BoringSSL, start by using a shared helper function for both locations so that there is only a single place that uses i2d_EC_PUBKEY() to build the special DPP bootstrapping key DER encoding. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-18 11:14:21 +01:00
addr[0] = wpabuf_head(der);
len = wpabuf_len(der);
res = sha256_vector(1, addr, &len, bi->pubkey_hash);
if (res < 0)
DPP: Bootstrap information management Add wpa_supplicant control interface commands for parsing the bootstrap info URI from a QR Code (get peer public key) and to generate a new bootstrap info with private key for local use. The optional key=<hexdump> argument to the DPP_BOOTSTRAP_GEN command can be used to specify the bootstrapping private key in OpenSSL ECPrivateKey DER encoding format. This results in the local bootstrapping information entry being created with the specified key instead of generating a new random one. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-06-15 20:18:10 +02:00
wpa_printf(MSG_DEBUG, "DPP: Failed to hash public key");
DPP: Use a helper function to DER encode bootstrapping key This routine was previously implemented twice using i2d_EC_PUBKEY(). There is no need to duplicate that implementation and especially since it looks like this implementation needs to be replaced for BoringSSL, start by using a shared helper function for both locations so that there is only a single place that uses i2d_EC_PUBKEY() to build the special DPP bootstrapping key DER encoding. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-18 11:14:21 +01:00
else
wpa_hexdump(MSG_DEBUG, "DPP: Public key hash", bi->pubkey_hash,
SHA256_MAC_LEN);
DPP: Bootstrap information management Add wpa_supplicant control interface commands for parsing the bootstrap info URI from a QR Code (get peer public key) and to generate a new bootstrap info with private key for local use. The optional key=<hexdump> argument to the DPP_BOOTSTRAP_GEN command can be used to specify the bootstrapping private key in OpenSSL ECPrivateKey DER encoding format. This results in the local bootstrapping information entry being created with the specified key instead of generating a new random one. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-06-15 20:18:10 +02:00
DPP: Use a helper function to DER encode bootstrapping key This routine was previously implemented twice using i2d_EC_PUBKEY(). There is no need to duplicate that implementation and especially since it looks like this implementation needs to be replaced for BoringSSL, start by using a shared helper function for both locations so that there is only a single place that uses i2d_EC_PUBKEY() to build the special DPP bootstrapping key DER encoding. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-18 11:14:21 +01:00
base64 = base64_encode(wpabuf_head(der), wpabuf_len(der), &len);
wpabuf_free(der);
DPP: Fix static analyzer warnings in key generation and JWK construction Memory allocation failures could have resulted in error paths that dereference a NULL pointer or double-freeing memory. Fix this by explicitly clearing the freed pointer and checking allocation results. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-10-11 17:19:03 +02:00
der = NULL;
DPP: Bootstrap information management Add wpa_supplicant control interface commands for parsing the bootstrap info URI from a QR Code (get peer public key) and to generate a new bootstrap info with private key for local use. The optional key=<hexdump> argument to the DPP_BOOTSTRAP_GEN command can be used to specify the bootstrapping private key in OpenSSL ECPrivateKey DER encoding format. This results in the local bootstrapping information entry being created with the specified key instead of generating a new random one. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-06-15 20:18:10 +02:00
if (!base64)
goto fail;
pos = (char *) base64;
end = pos + len;
for (;;) {
pos = os_strchr(pos, '\n');
if (!pos)
break;
os_memmove(pos, pos + 1, end - pos);
}
return (char *) base64;
fail:
os_free(base64);
DPP: Use a helper function to DER encode bootstrapping key This routine was previously implemented twice using i2d_EC_PUBKEY(). There is no need to duplicate that implementation and especially since it looks like this implementation needs to be replaced for BoringSSL, start by using a shared helper function for both locations so that there is only a single place that uses i2d_EC_PUBKEY() to build the special DPP bootstrapping key DER encoding. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-18 11:14:21 +01:00
wpabuf_free(der);
DPP: Bootstrap information management Add wpa_supplicant control interface commands for parsing the bootstrap info URI from a QR Code (get peer public key) and to generate a new bootstrap info with private key for local use. The optional key=<hexdump> argument to the DPP_BOOTSTRAP_GEN command can be used to specify the bootstrapping private key in OpenSSL ECPrivateKey DER encoding format. This results in the local bootstrapping information entry being created with the specified key instead of generating a new random one. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-06-15 20:18:10 +02:00
return NULL;
}
DPP: Authentication exchange Add wpa_supplicant control interface commands for managing DPP Authentication exchange. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-06-15 20:18:12 +02:00
static int dpp_derive_k1(const u8 *Mx, size_t Mx_len, u8 *k1,
unsigned int hash_len)
{
u8 salt[DPP_MAX_HASH_LEN], prk[DPP_MAX_HASH_LEN];
const char *info = "first intermediate key";
DPP: Add helper functions for running hash operations Use helper functions to cover all three different hash algorithm options for DPP operations instead of having separate calls to each function at every location a hash operation based on the curve is needed. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-07-02 11:36:20 +02:00
int res;
DPP: Authentication exchange Add wpa_supplicant control interface commands for managing DPP Authentication exchange. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-06-15 20:18:12 +02:00
/* k1 = HKDF(<>, "first intermediate key", M.x) */
/* HKDF-Extract(<>, M.x) */
os_memset(salt, 0, hash_len);
DPP: Add helper functions for running hash operations Use helper functions to cover all three different hash algorithm options for DPP operations instead of having separate calls to each function at every location a hash operation based on the curve is needed. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-07-02 11:36:20 +02:00
if (dpp_hmac(hash_len, salt, hash_len, Mx, Mx_len, prk) < 0)
DPP: Authentication exchange Add wpa_supplicant control interface commands for managing DPP Authentication exchange. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-06-15 20:18:12 +02:00
return -1;
wpa_hexdump_key(MSG_DEBUG, "DPP: PRK = HKDF-Extract(<>, IKM=M.x)",
prk, hash_len);
/* HKDF-Expand(PRK, info, L) */
DPP: Add helper functions for running hash operations Use helper functions to cover all three different hash algorithm options for DPP operations instead of having separate calls to each function at every location a hash operation based on the curve is needed. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-07-02 11:36:20 +02:00
res = dpp_hkdf_expand(hash_len, prk, hash_len, info, k1, hash_len);
DPP: Authentication exchange Add wpa_supplicant control interface commands for managing DPP Authentication exchange. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-06-15 20:18:12 +02:00
os_memset(prk, 0, hash_len);
if (res < 0)
return -1;
wpa_hexdump_key(MSG_DEBUG, "DPP: k1 = HKDF-Expand(PRK, info, L)",
k1, hash_len);
return 0;
}
static int dpp_derive_k2(const u8 *Nx, size_t Nx_len, u8 *k2,
unsigned int hash_len)
{
u8 salt[DPP_MAX_HASH_LEN], prk[DPP_MAX_HASH_LEN];
const char *info = "second intermediate key";
int res;
/* k2 = HKDF(<>, "second intermediate key", N.x) */
/* HKDF-Extract(<>, N.x) */
os_memset(salt, 0, hash_len);
DPP: Add helper functions for running hash operations Use helper functions to cover all three different hash algorithm options for DPP operations instead of having separate calls to each function at every location a hash operation based on the curve is needed. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-07-02 11:36:20 +02:00
res = dpp_hmac(hash_len, salt, hash_len, Nx, Nx_len, prk);
DPP: Authentication exchange Add wpa_supplicant control interface commands for managing DPP Authentication exchange. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-06-15 20:18:12 +02:00
if (res < 0)
return -1;
wpa_hexdump_key(MSG_DEBUG, "DPP: PRK = HKDF-Extract(<>, IKM=N.x)",
prk, hash_len);
/* HKDF-Expand(PRK, info, L) */
DPP: Add helper functions for running hash operations Use helper functions to cover all three different hash algorithm options for DPP operations instead of having separate calls to each function at every location a hash operation based on the curve is needed. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-07-02 11:36:20 +02:00
res = dpp_hkdf_expand(hash_len, prk, hash_len, info, k2, hash_len);
DPP: Authentication exchange Add wpa_supplicant control interface commands for managing DPP Authentication exchange. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-06-15 20:18:12 +02:00
os_memset(prk, 0, hash_len);
if (res < 0)
return -1;
wpa_hexdump_key(MSG_DEBUG, "DPP: k2 = HKDF-Expand(PRK, info, L)",
k2, hash_len);
return 0;
}
static int dpp_derive_ke(struct dpp_authentication *auth, u8 *ke,
unsigned int hash_len)
{
size_t nonce_len;
u8 nonces[2 * DPP_MAX_NONCE_LEN];
const char *info_ke = "DPP Key";
u8 prk[DPP_MAX_HASH_LEN];
int res;
const u8 *addr[3];
size_t len[3];
size_t num_elem = 0;
/* ke = HKDF(I-nonce | R-nonce, "DPP Key", M.x | N.x [| L.x]) */
/* HKDF-Extract(I-nonce | R-nonce, M.x | N.x [| L.x]) */
nonce_len = auth->curve->nonce_len;
os_memcpy(nonces, auth->i_nonce, nonce_len);
os_memcpy(&nonces[nonce_len], auth->r_nonce, nonce_len);
addr[num_elem] = auth->Mx;
len[num_elem] = auth->secret_len;
num_elem++;
addr[num_elem] = auth->Nx;
len[num_elem] = auth->secret_len;
num_elem++;
if (auth->peer_bi && auth->own_bi) {
addr[num_elem] = auth->Lx;
len[num_elem] = auth->secret_len;
num_elem++;
}
DPP: Add helper functions for running hash operations Use helper functions to cover all three different hash algorithm options for DPP operations instead of having separate calls to each function at every location a hash operation based on the curve is needed. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-07-02 11:36:20 +02:00
res = dpp_hmac_vector(hash_len, nonces, 2 * nonce_len,
num_elem, addr, len, prk);
DPP: Authentication exchange Add wpa_supplicant control interface commands for managing DPP Authentication exchange. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-06-15 20:18:12 +02:00
if (res < 0)
return -1;
wpa_hexdump_key(MSG_DEBUG, "DPP: PRK = HKDF-Extract(<>, IKM)",
prk, hash_len);
/* HKDF-Expand(PRK, info, L) */
DPP: Add helper functions for running hash operations Use helper functions to cover all three different hash algorithm options for DPP operations instead of having separate calls to each function at every location a hash operation based on the curve is needed. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-07-02 11:36:20 +02:00
res = dpp_hkdf_expand(hash_len, prk, hash_len, info_ke, ke, hash_len);
DPP: Authentication exchange Add wpa_supplicant control interface commands for managing DPP Authentication exchange. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-06-15 20:18:12 +02:00
os_memset(prk, 0, hash_len);
if (res < 0)
return -1;
wpa_hexdump_key(MSG_DEBUG, "DPP: ke = HKDF-Expand(PRK, info, L)",
ke, hash_len);
return 0;
}
DPP: Use a helper function to build DPP Status attribute Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-19 11:27:14 +01:00
static void dpp_build_attr_status(struct wpabuf *msg,
enum dpp_status_error status)
{
wpa_printf(MSG_DEBUG, "DPP: Status %d", status);
wpabuf_put_le16(msg, DPP_ATTR_STATUS);
wpabuf_put_le16(msg, 1);
wpabuf_put_u8(msg, status);
}
DPP: Use helper functions to build Bootstrap Key Hash attributes Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-19 11:41:57 +01:00
static void dpp_build_attr_r_bootstrap_key_hash(struct wpabuf *msg,
const u8 *hash)
{
if (hash) {
wpa_printf(MSG_DEBUG, "DPP: R-Bootstrap Key Hash");
wpabuf_put_le16(msg, DPP_ATTR_R_BOOTSTRAP_KEY_HASH);
wpabuf_put_le16(msg, SHA256_MAC_LEN);
wpabuf_put_data(msg, hash, SHA256_MAC_LEN);
}
}
static void dpp_build_attr_i_bootstrap_key_hash(struct wpabuf *msg,
const u8 *hash)
{
if (hash) {
wpa_printf(MSG_DEBUG, "DPP: I-Bootstrap Key Hash");
wpabuf_put_le16(msg, DPP_ATTR_I_BOOTSTRAP_KEY_HASH);
wpabuf_put_le16(msg, SHA256_MAC_LEN);
wpabuf_put_data(msg, hash, SHA256_MAC_LEN);
}
}
DPP: Move Authentication Request building into a separate function This cleans up dpp_auth_init() a bit by separating initialization steps for a DPP authentication session from the code needed to build the frame. In addition, this makes it easier to remove some of the attributes for protocol testing purposes. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-10-22 16:08:25 +02:00
static struct wpabuf * dpp_auth_build_req(struct dpp_authentication *auth,
const struct wpabuf *pi,
size_t nonce_len,
const u8 *r_pubkey_hash,
DPP: Negotiation channel change request from Initiator Allow the Initiator to request a different channel to be used for DPP Authentication and DPP Configuration exchanges. This commit adds support for this in wpa_supplicant with the optional neg_freq=<freq in MHz> parameter in DPP_AUTH_INIT. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-10-29 15:08:02 +01:00
const u8 *i_pubkey_hash,
unsigned int neg_freq)
DPP: Authentication exchange Add wpa_supplicant control interface commands for managing DPP Authentication exchange. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-06-15 20:18:12 +02:00
{
DPP: Move Authentication Request building into a separate function This cleans up dpp_auth_init() a bit by separating initialization steps for a DPP authentication session from the code needed to build the frame. In addition, this makes it easier to remove some of the attributes for protocol testing purposes. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-10-22 16:08:25 +02:00
struct wpabuf *msg;
DPP: Authentication exchange Add wpa_supplicant control interface commands for managing DPP Authentication exchange. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-06-15 20:18:12 +02:00
u8 clear[4 + DPP_MAX_NONCE_LEN + 4 + 1];
u8 wrapped_data[4 + DPP_MAX_NONCE_LEN + 4 + 1 + AES_BLOCK_SIZE];
u8 *pos;
DPP: Update AES-SIV AD for DPP Authentication frames The protocol design was updated to protect the six octets in the header before the attributes. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-10-18 21:51:30 +02:00
const u8 *addr[2];
size_t len[2], siv_len, attr_len;
u8 *attr_start, *attr_end;
DPP: Authentication exchange Add wpa_supplicant control interface commands for managing DPP Authentication exchange. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-06-15 20:18:12 +02:00
/* Build DPP Authentication Request frame attributes */
DPP: Move Authentication Request building into a separate function This cleans up dpp_auth_init() a bit by separating initialization steps for a DPP authentication session from the code needed to build the frame. In addition, this makes it easier to remove some of the attributes for protocol testing purposes. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-10-22 16:08:25 +02:00
attr_len = 2 * (4 + SHA256_MAC_LEN) + 4 + (pi ? wpabuf_len(pi) : 0) +
DPP: Update AES-SIV AD for DPP Authentication frames The protocol design was updated to protect the six octets in the header before the attributes. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-10-18 21:51:30 +02:00
4 + sizeof(wrapped_data);
DPP: Negotiation channel change request from Initiator Allow the Initiator to request a different channel to be used for DPP Authentication and DPP Configuration exchanges. This commit adds support for this in wpa_supplicant with the optional neg_freq=<freq in MHz> parameter in DPP_AUTH_INIT. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-10-29 15:08:02 +01:00
if (neg_freq > 0)
attr_len += 4 + 2;
DPP: Protocol testing framework Add a generic mechanism for configuring the DPP implementation to behave in particular different (mostly incorrect) ways for protocol testing purposes. The new dpp_test parameter can be set to a non-zero integer to indicate a specific behavior. This is only available in CONFIG_TESTING_OPTIONS=y builds. This commit include cases for an extra attribute being added after the Wrapped Data attribute and Initiator/Responder capabilities having an unexpected zero capability. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-10-22 10:15:21 +02:00
#ifdef CONFIG_TESTING_OPTIONS
if (dpp_test == DPP_TEST_AFTER_WRAPPED_DATA_AUTH_REQ)
DPP: Replace custom undefined attr with DPP Status in after-wrapped data This has the same impact and is needed for some testing needs. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-19 11:32:00 +01:00
attr_len += 5;
DPP: Protocol testing framework Add a generic mechanism for configuring the DPP implementation to behave in particular different (mostly incorrect) ways for protocol testing purposes. The new dpp_test parameter can be set to a non-zero integer to indicate a specific behavior. This is only available in CONFIG_TESTING_OPTIONS=y builds. This commit include cases for an extra attribute being added after the Wrapped Data attribute and Initiator/Responder capabilities having an unexpected zero capability. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-10-22 10:15:21 +02:00
#endif /* CONFIG_TESTING_OPTIONS */
DPP: Update AES-SIV AD for DPP Authentication frames The protocol design was updated to protect the six octets in the header before the attributes. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-10-18 21:51:30 +02:00
msg = dpp_alloc_msg(DPP_PA_AUTHENTICATION_REQ, attr_len);
DPP: Authentication exchange Add wpa_supplicant control interface commands for managing DPP Authentication exchange. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-06-15 20:18:12 +02:00
if (!msg)
DPP: Move Authentication Request building into a separate function This cleans up dpp_auth_init() a bit by separating initialization steps for a DPP authentication session from the code needed to build the frame. In addition, this makes it easier to remove some of the attributes for protocol testing purposes. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-10-22 16:08:25 +02:00
return NULL;
DPP: Update AES-SIV AD for DPP Authentication frames The protocol design was updated to protect the six octets in the header before the attributes. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-10-18 21:51:30 +02:00
attr_start = wpabuf_put(msg, 0);
DPP: Authentication exchange Add wpa_supplicant control interface commands for managing DPP Authentication exchange. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-06-15 20:18:12 +02:00
/* Responder Bootstrapping Key Hash */
DPP: Use helper functions to build Bootstrap Key Hash attributes Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-19 11:41:57 +01:00
dpp_build_attr_r_bootstrap_key_hash(msg, r_pubkey_hash);
DPP: Authentication exchange Add wpa_supplicant control interface commands for managing DPP Authentication exchange. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-06-15 20:18:12 +02:00
/* Initiator Bootstrapping Key Hash */
DPP: Use helper functions to build Bootstrap Key Hash attributes Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-19 11:41:57 +01:00
dpp_build_attr_i_bootstrap_key_hash(msg, i_pubkey_hash);
DPP: Authentication exchange Add wpa_supplicant control interface commands for managing DPP Authentication exchange. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-06-15 20:18:12 +02:00
/* Initiator Protocol Key */
DPP: Move Authentication Request building into a separate function This cleans up dpp_auth_init() a bit by separating initialization steps for a DPP authentication session from the code needed to build the frame. In addition, this makes it easier to remove some of the attributes for protocol testing purposes. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-10-22 16:08:25 +02:00
if (pi) {
wpabuf_put_le16(msg, DPP_ATTR_I_PROTOCOL_KEY);
wpabuf_put_le16(msg, wpabuf_len(pi));
wpabuf_put_buf(msg, pi);
}
DPP: Authentication exchange Add wpa_supplicant control interface commands for managing DPP Authentication exchange. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-06-15 20:18:12 +02:00
DPP: Negotiation channel change request from Initiator Allow the Initiator to request a different channel to be used for DPP Authentication and DPP Configuration exchanges. This commit adds support for this in wpa_supplicant with the optional neg_freq=<freq in MHz> parameter in DPP_AUTH_INIT. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-10-29 15:08:02 +01:00
/* Channel */
if (neg_freq > 0) {
u8 op_class, channel;
if (ieee80211_freq_to_channel_ext(neg_freq, 0, 0, &op_class,
&channel) ==
NUM_HOSTAPD_MODES) {
wpa_printf(MSG_INFO,
"DPP: Unsupported negotiation frequency request: %d",
neg_freq);
wpabuf_free(msg);
return NULL;
}
wpabuf_put_le16(msg, DPP_ATTR_CHANNEL);
wpabuf_put_le16(msg, 2);
wpabuf_put_u8(msg, op_class);
wpabuf_put_u8(msg, channel);
}
DPP: Omission of Auth Req attributes for protocol testing This extends the dpp_test mechanism to allow each of the required attributes in Authentication Request to be omitted. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-10-22 16:20:24 +02:00
#ifdef CONFIG_TESTING_OPTIONS
if (dpp_test == DPP_TEST_NO_WRAPPED_DATA_AUTH_REQ) {
wpa_printf(MSG_INFO, "DPP: TESTING - no Wrapped Data");
goto skip_wrapped_data;
}
#endif /* CONFIG_TESTING_OPTIONS */
DPP: Authentication exchange Add wpa_supplicant control interface commands for managing DPP Authentication exchange. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-06-15 20:18:12 +02:00
/* Wrapped data ({I-nonce, I-capabilities}k1) */
pos = clear;
DPP: Move Authentication Request building into a separate function This cleans up dpp_auth_init() a bit by separating initialization steps for a DPP authentication session from the code needed to build the frame. In addition, this makes it easier to remove some of the attributes for protocol testing purposes. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-10-22 16:08:25 +02:00
DPP: Omission of Auth Req attributes for protocol testing This extends the dpp_test mechanism to allow each of the required attributes in Authentication Request to be omitted. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-10-22 16:20:24 +02:00
#ifdef CONFIG_TESTING_OPTIONS
if (dpp_test == DPP_TEST_NO_I_NONCE_AUTH_REQ) {
wpa_printf(MSG_INFO, "DPP: TESTING - no I-nonce");
goto skip_i_nonce;
}
DPP: Protocol testing capability to send invalid I-Nonce in Auth Req Extend dpp_test to cover one more invalid behavior. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-22 15:23:42 +01:00
if (dpp_test == DPP_TEST_INVALID_I_NONCE_AUTH_REQ) {
wpa_printf(MSG_INFO, "DPP: TESTING - invalid I-nonce");
WPA_PUT_LE16(pos, DPP_ATTR_I_NONCE);
pos += 2;
WPA_PUT_LE16(pos, nonce_len - 1);
pos += 2;
os_memcpy(pos, auth->i_nonce, nonce_len - 1);
pos += nonce_len - 1;
goto skip_i_nonce;
}
DPP: Omission of Auth Req attributes for protocol testing This extends the dpp_test mechanism to allow each of the required attributes in Authentication Request to be omitted. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-10-22 16:20:24 +02:00
#endif /* CONFIG_TESTING_OPTIONS */
DPP: Authentication exchange Add wpa_supplicant control interface commands for managing DPP Authentication exchange. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-06-15 20:18:12 +02:00
/* I-nonce */
WPA_PUT_LE16(pos, DPP_ATTR_I_NONCE);
pos += 2;
WPA_PUT_LE16(pos, nonce_len);
pos += 2;
os_memcpy(pos, auth->i_nonce, nonce_len);
pos += nonce_len;
DPP: Move Authentication Request building into a separate function This cleans up dpp_auth_init() a bit by separating initialization steps for a DPP authentication session from the code needed to build the frame. In addition, this makes it easier to remove some of the attributes for protocol testing purposes. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-10-22 16:08:25 +02:00
DPP: Omission of Auth Req attributes for protocol testing This extends the dpp_test mechanism to allow each of the required attributes in Authentication Request to be omitted. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-10-22 16:20:24 +02:00
#ifdef CONFIG_TESTING_OPTIONS
skip_i_nonce:
if (dpp_test == DPP_TEST_NO_I_CAPAB_AUTH_REQ) {
wpa_printf(MSG_INFO, "DPP: TESTING - no I-capab");
goto skip_i_capab;
}
#endif /* CONFIG_TESTING_OPTIONS */
DPP: Authentication exchange Add wpa_supplicant control interface commands for managing DPP Authentication exchange. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-06-15 20:18:12 +02:00
/* I-capabilities */
WPA_PUT_LE16(pos, DPP_ATTR_I_CAPABILITIES);
pos += 2;
WPA_PUT_LE16(pos, 1);
pos += 2;
DPP: Allowed initiator to indicate either role The new role=either parameter can now be used with DPP_AUTH_INIT to indicate that the initiator can take either the Configurator or Enrollee role. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-13 10:29:45 +01:00
auth->i_capab = auth->allowed_roles;
DPP: Authentication exchange Add wpa_supplicant control interface commands for managing DPP Authentication exchange. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-06-15 20:18:12 +02:00
*pos++ = auth->i_capab;
DPP: Protocol testing framework Add a generic mechanism for configuring the DPP implementation to behave in particular different (mostly incorrect) ways for protocol testing purposes. The new dpp_test parameter can be set to a non-zero integer to indicate a specific behavior. This is only available in CONFIG_TESTING_OPTIONS=y builds. This commit include cases for an extra attribute being added after the Wrapped Data attribute and Initiator/Responder capabilities having an unexpected zero capability. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-10-22 10:15:21 +02:00
#ifdef CONFIG_TESTING_OPTIONS
if (dpp_test == DPP_TEST_ZERO_I_CAPAB) {
wpa_printf(MSG_INFO, "DPP: TESTING - zero I-capabilities");
pos[-1] = 0;
}
DPP: Omission of Auth Req attributes for protocol testing This extends the dpp_test mechanism to allow each of the required attributes in Authentication Request to be omitted. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-10-22 16:20:24 +02:00
skip_i_capab:
DPP: Protocol testing framework Add a generic mechanism for configuring the DPP implementation to behave in particular different (mostly incorrect) ways for protocol testing purposes. The new dpp_test parameter can be set to a non-zero integer to indicate a specific behavior. This is only available in CONFIG_TESTING_OPTIONS=y builds. This commit include cases for an extra attribute being added after the Wrapped Data attribute and Initiator/Responder capabilities having an unexpected zero capability. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-10-22 10:15:21 +02:00
#endif /* CONFIG_TESTING_OPTIONS */
DPP: Authentication exchange Add wpa_supplicant control interface commands for managing DPP Authentication exchange. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-06-15 20:18:12 +02:00
DPP: Update AES-SIV AD for DPP Authentication frames The protocol design was updated to protect the six octets in the header before the attributes. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-10-18 21:51:30 +02:00
attr_end = wpabuf_put(msg, 0);
/* OUI, OUI type, Crypto Suite, DPP frame type */
addr[0] = wpabuf_head_u8(msg) + 2;
len[0] = 3 + 1 + 1 + 1;
wpa_hexdump(MSG_DEBUG, "DDP: AES-SIV AD[0]", addr[0], len[0]);
/* Attributes before Wrapped Data */
addr[1] = attr_start;
len[1] = attr_end - attr_start;
wpa_hexdump(MSG_DEBUG, "DDP: AES-SIV AD[1]", addr[1], len[1]);
DPP: Authentication exchange Add wpa_supplicant control interface commands for managing DPP Authentication exchange. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-06-15 20:18:12 +02:00
siv_len = pos - clear;
wpa_hexdump(MSG_DEBUG, "DPP: AES-SIV cleartext", clear, siv_len);
if (aes_siv_encrypt(auth->k1, auth->curve->hash_len, clear, siv_len,
DPP: Move Authentication Request building into a separate function This cleans up dpp_auth_init() a bit by separating initialization steps for a DPP authentication session from the code needed to build the frame. In addition, this makes it easier to remove some of the attributes for protocol testing purposes. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-10-22 16:08:25 +02:00
2, addr, len, wrapped_data) < 0) {
wpabuf_free(msg);
return NULL;
}
DPP: Authentication exchange Add wpa_supplicant control interface commands for managing DPP Authentication exchange. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-06-15 20:18:12 +02:00
siv_len += AES_BLOCK_SIZE;
wpa_hexdump(MSG_DEBUG, "DPP: AES-SIV ciphertext",
wrapped_data, siv_len);
wpabuf_put_le16(msg, DPP_ATTR_WRAPPED_DATA);
wpabuf_put_le16(msg, siv_len);
wpabuf_put_data(msg, wrapped_data, siv_len);
DPP: Protocol testing framework Add a generic mechanism for configuring the DPP implementation to behave in particular different (mostly incorrect) ways for protocol testing purposes. The new dpp_test parameter can be set to a non-zero integer to indicate a specific behavior. This is only available in CONFIG_TESTING_OPTIONS=y builds. This commit include cases for an extra attribute being added after the Wrapped Data attribute and Initiator/Responder capabilities having an unexpected zero capability. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-10-22 10:15:21 +02:00
#ifdef CONFIG_TESTING_OPTIONS
if (dpp_test == DPP_TEST_AFTER_WRAPPED_DATA_AUTH_REQ) {
wpa_printf(MSG_INFO, "DPP: TESTING - attr after Wrapped Data");
DPP: Replace custom undefined attr with DPP Status in after-wrapped data This has the same impact and is needed for some testing needs. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-19 11:32:00 +01:00
dpp_build_attr_status(msg, DPP_STATUS_OK);
DPP: Protocol testing framework Add a generic mechanism for configuring the DPP implementation to behave in particular different (mostly incorrect) ways for protocol testing purposes. The new dpp_test parameter can be set to a non-zero integer to indicate a specific behavior. This is only available in CONFIG_TESTING_OPTIONS=y builds. This commit include cases for an extra attribute being added after the Wrapped Data attribute and Initiator/Responder capabilities having an unexpected zero capability. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-10-22 10:15:21 +02:00
}
DPP: Omission of Auth Req attributes for protocol testing This extends the dpp_test mechanism to allow each of the required attributes in Authentication Request to be omitted. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-10-22 16:20:24 +02:00
skip_wrapped_data:
DPP: Protocol testing framework Add a generic mechanism for configuring the DPP implementation to behave in particular different (mostly incorrect) ways for protocol testing purposes. The new dpp_test parameter can be set to a non-zero integer to indicate a specific behavior. This is only available in CONFIG_TESTING_OPTIONS=y builds. This commit include cases for an extra attribute being added after the Wrapped Data attribute and Initiator/Responder capabilities having an unexpected zero capability. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-10-22 10:15:21 +02:00
#endif /* CONFIG_TESTING_OPTIONS */
DPP: Authentication exchange Add wpa_supplicant control interface commands for managing DPP Authentication exchange. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-06-15 20:18:12 +02:00
wpa_hexdump_buf(MSG_DEBUG,
"DPP: Authentication Request frame attributes", msg);
DPP: Move Authentication Request building into a separate function This cleans up dpp_auth_init() a bit by separating initialization steps for a DPP authentication session from the code needed to build the frame. In addition, this makes it easier to remove some of the attributes for protocol testing purposes. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-10-22 16:08:25 +02:00
return msg;
}
DPP: Move Authentication Response building into a separate function This cleans up old dpp_auth_build_resp() (now dpp_auth_build_resp_ok()) a bit by separating initialization steps for a DPP authentication session from the code needed to build the frame. This allows dpp_auth_build_resp_status() to share the helper function instead of having to maintain a duplicated message construction implementation. In addition, this makes it easier to remove some of the attributes for protocol testing purposes. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-10-22 18:03:23 +02:00
static struct wpabuf * dpp_auth_build_resp(struct dpp_authentication *auth,
enum dpp_status_error status,
const struct wpabuf *pr,
size_t nonce_len,
const u8 *r_pubkey_hash,
const u8 *i_pubkey_hash,
const u8 *r_nonce, const u8 *i_nonce,
const u8 *wrapped_r_auth,
size_t wrapped_r_auth_len,
const u8 *siv_key)
{
struct wpabuf *msg;
#define DPP_AUTH_RESP_CLEAR_LEN 2 * (4 + DPP_MAX_NONCE_LEN) + 4 + 1 + \
4 + 4 + DPP_MAX_HASH_LEN + AES_BLOCK_SIZE
u8 clear[DPP_AUTH_RESP_CLEAR_LEN];
u8 wrapped_data[DPP_AUTH_RESP_CLEAR_LEN + AES_BLOCK_SIZE];
const u8 *addr[2];
size_t len[2], siv_len, attr_len;
u8 *attr_start, *attr_end, *pos;
DPP: Retransmit DPP Authentication Response frame if it is not ACKed This extends wpa_supplicant DPP implementation to retransmit DPP Authentication Response frame every 10 seconds up to 5 times if the peer does not reply with DPP Authentication Confirm frame. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-13 11:34:17 +01:00
auth->waiting_auth_conf = 1;
auth->auth_resp_tries = 0;
DPP: Move Authentication Response building into a separate function This cleans up old dpp_auth_build_resp() (now dpp_auth_build_resp_ok()) a bit by separating initialization steps for a DPP authentication session from the code needed to build the frame. This allows dpp_auth_build_resp_status() to share the helper function instead of having to maintain a duplicated message construction implementation. In addition, this makes it easier to remove some of the attributes for protocol testing purposes. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-10-22 18:03:23 +02:00
/* Build DPP Authentication Response frame attributes */
attr_len = 4 + 1 + 2 * (4 + SHA256_MAC_LEN) +
4 + (pr ? wpabuf_len(pr) : 0) + 4 + sizeof(wrapped_data);
#ifdef CONFIG_TESTING_OPTIONS
if (dpp_test == DPP_TEST_AFTER_WRAPPED_DATA_AUTH_RESP)
DPP: Replace custom undefined attr with DPP Status in after-wrapped data This has the same impact and is needed for some testing needs. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-19 11:32:00 +01:00
attr_len += 5;
DPP: Move Authentication Response building into a separate function This cleans up old dpp_auth_build_resp() (now dpp_auth_build_resp_ok()) a bit by separating initialization steps for a DPP authentication session from the code needed to build the frame. This allows dpp_auth_build_resp_status() to share the helper function instead of having to maintain a duplicated message construction implementation. In addition, this makes it easier to remove some of the attributes for protocol testing purposes. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-10-22 18:03:23 +02:00
#endif /* CONFIG_TESTING_OPTIONS */
msg = dpp_alloc_msg(DPP_PA_AUTHENTICATION_RESP, attr_len);
if (!msg)
return NULL;
attr_start = wpabuf_put(msg, 0);
/* DPP Status */
DPP: Use a helper function to build DPP Status attribute Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-19 11:27:14 +01:00
if (status != 255)
dpp_build_attr_status(msg, status);
DPP: Move Authentication Response building into a separate function This cleans up old dpp_auth_build_resp() (now dpp_auth_build_resp_ok()) a bit by separating initialization steps for a DPP authentication session from the code needed to build the frame. This allows dpp_auth_build_resp_status() to share the helper function instead of having to maintain a duplicated message construction implementation. In addition, this makes it easier to remove some of the attributes for protocol testing purposes. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-10-22 18:03:23 +02:00
/* Responder Bootstrapping Key Hash */
DPP: Use helper functions to build Bootstrap Key Hash attributes Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-19 11:41:57 +01:00
dpp_build_attr_r_bootstrap_key_hash(msg, r_pubkey_hash);
DPP: Move Authentication Response building into a separate function This cleans up old dpp_auth_build_resp() (now dpp_auth_build_resp_ok()) a bit by separating initialization steps for a DPP authentication session from the code needed to build the frame. This allows dpp_auth_build_resp_status() to share the helper function instead of having to maintain a duplicated message construction implementation. In addition, this makes it easier to remove some of the attributes for protocol testing purposes. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-10-22 18:03:23 +02:00
DPP: Use helper functions to build Bootstrap Key Hash attributes Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-19 11:41:57 +01:00
/* Initiator Bootstrapping Key Hash (mutual authentication) */
dpp_build_attr_i_bootstrap_key_hash(msg, i_pubkey_hash);
DPP: Move Authentication Response building into a separate function This cleans up old dpp_auth_build_resp() (now dpp_auth_build_resp_ok()) a bit by separating initialization steps for a DPP authentication session from the code needed to build the frame. This allows dpp_auth_build_resp_status() to share the helper function instead of having to maintain a duplicated message construction implementation. In addition, this makes it easier to remove some of the attributes for protocol testing purposes. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-10-22 18:03:23 +02:00
/* Responder Protocol Key */
if (pr) {
wpabuf_put_le16(msg, DPP_ATTR_R_PROTOCOL_KEY);
wpabuf_put_le16(msg, wpabuf_len(pr));
wpabuf_put_buf(msg, pr);
}
attr_end = wpabuf_put(msg, 0);
DPP: Omission of Auth Resp attributes for protocol testing This extends the dpp_test mechanism to allow each of the required attributes in Authentication Response to be omitted. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-10-22 21:17:55 +02:00
#ifdef CONFIG_TESTING_OPTIONS
if (dpp_test == DPP_TEST_NO_WRAPPED_DATA_AUTH_RESP) {
wpa_printf(MSG_INFO, "DPP: TESTING - no Wrapped Data");
goto skip_wrapped_data;
}
#endif /* CONFIG_TESTING_OPTIONS */
DPP: Move Authentication Response building into a separate function This cleans up old dpp_auth_build_resp() (now dpp_auth_build_resp_ok()) a bit by separating initialization steps for a DPP authentication session from the code needed to build the frame. This allows dpp_auth_build_resp_status() to share the helper function instead of having to maintain a duplicated message construction implementation. In addition, this makes it easier to remove some of the attributes for protocol testing purposes. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-10-22 18:03:23 +02:00
/* Wrapped data ({R-nonce, I-nonce, R-capabilities, {R-auth}ke}k2) */
pos = clear;
if (r_nonce) {
/* R-nonce */
WPA_PUT_LE16(pos, DPP_ATTR_R_NONCE);
pos += 2;
WPA_PUT_LE16(pos, nonce_len);
pos += 2;
os_memcpy(pos, r_nonce, nonce_len);
pos += nonce_len;
}
if (i_nonce) {
/* I-nonce */
WPA_PUT_LE16(pos, DPP_ATTR_I_NONCE);
pos += 2;
WPA_PUT_LE16(pos, nonce_len);
pos += 2;
os_memcpy(pos, i_nonce, nonce_len);
DPP: Auth Resp/Conf incorrect attribute values for protocol testing This extends the dpp_test mechanism to allow I-nonce, R-capab, R-auth, and I-auth values in Authentication Response/Confirm to use incorrect values. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-10-28 10:23:22 +02:00
#ifdef CONFIG_TESTING_OPTIONS
if (dpp_test == DPP_TEST_I_NONCE_MISMATCH_AUTH_RESP) {
wpa_printf(MSG_INFO, "DPP: TESTING - I-nonce mismatch");
pos[nonce_len / 2] ^= 0x01;
}
#endif /* CONFIG_TESTING_OPTIONS */
DPP: Move Authentication Response building into a separate function This cleans up old dpp_auth_build_resp() (now dpp_auth_build_resp_ok()) a bit by separating initialization steps for a DPP authentication session from the code needed to build the frame. This allows dpp_auth_build_resp_status() to share the helper function instead of having to maintain a duplicated message construction implementation. In addition, this makes it easier to remove some of the attributes for protocol testing purposes. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-10-22 18:03:23 +02:00
pos += nonce_len;
}
DPP: Omission of Auth Resp attributes for protocol testing This extends the dpp_test mechanism to allow each of the required attributes in Authentication Response to be omitted. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-10-22 21:17:55 +02:00
#ifdef CONFIG_TESTING_OPTIONS
if (dpp_test == DPP_TEST_NO_R_CAPAB_AUTH_RESP) {
wpa_printf(MSG_INFO, "DPP: TESTING - no R-capab");
goto skip_r_capab;
}
#endif /* CONFIG_TESTING_OPTIONS */
DPP: Move Authentication Response building into a separate function This cleans up old dpp_auth_build_resp() (now dpp_auth_build_resp_ok()) a bit by separating initialization steps for a DPP authentication session from the code needed to build the frame. This allows dpp_auth_build_resp_status() to share the helper function instead of having to maintain a duplicated message construction implementation. In addition, this makes it easier to remove some of the attributes for protocol testing purposes. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-10-22 18:03:23 +02:00
/* R-capabilities */
WPA_PUT_LE16(pos, DPP_ATTR_R_CAPABILITIES);
pos += 2;
WPA_PUT_LE16(pos, 1);
pos += 2;
auth->r_capab = auth->configurator ? DPP_CAPAB_CONFIGURATOR :
DPP_CAPAB_ENROLLEE;
*pos++ = auth->r_capab;
#ifdef CONFIG_TESTING_OPTIONS
if (dpp_test == DPP_TEST_ZERO_R_CAPAB) {
wpa_printf(MSG_INFO, "DPP: TESTING - zero R-capabilities");
pos[-1] = 0;
DPP: Auth Resp/Conf incorrect attribute values for protocol testing This extends the dpp_test mechanism to allow I-nonce, R-capab, R-auth, and I-auth values in Authentication Response/Confirm to use incorrect values. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-10-28 10:23:22 +02:00
} else if (dpp_test == DPP_TEST_INCOMPATIBLE_R_CAPAB_AUTH_RESP) {
wpa_printf(MSG_INFO,
"DPP: TESTING - incompatible R-capabilities");
DPP: Allowed initiator to indicate either role The new role=either parameter can now be used with DPP_AUTH_INIT to indicate that the initiator can take either the Configurator or Enrollee role. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-13 10:29:45 +01:00
if ((auth->i_capab & DPP_CAPAB_ROLE_MASK) ==
(DPP_CAPAB_CONFIGURATOR | DPP_CAPAB_ENROLLEE))
pos[-1] = 0;
else
pos[-1] = auth->configurator ? DPP_CAPAB_ENROLLEE :
DPP_CAPAB_CONFIGURATOR;
DPP: Move Authentication Response building into a separate function This cleans up old dpp_auth_build_resp() (now dpp_auth_build_resp_ok()) a bit by separating initialization steps for a DPP authentication session from the code needed to build the frame. This allows dpp_auth_build_resp_status() to share the helper function instead of having to maintain a duplicated message construction implementation. In addition, this makes it easier to remove some of the attributes for protocol testing purposes. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-10-22 18:03:23 +02:00
}
DPP: Omission of Auth Resp attributes for protocol testing This extends the dpp_test mechanism to allow each of the required attributes in Authentication Response to be omitted. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-10-22 21:17:55 +02:00
skip_r_capab:
DPP: Move Authentication Response building into a separate function This cleans up old dpp_auth_build_resp() (now dpp_auth_build_resp_ok()) a bit by separating initialization steps for a DPP authentication session from the code needed to build the frame. This allows dpp_auth_build_resp_status() to share the helper function instead of having to maintain a duplicated message construction implementation. In addition, this makes it easier to remove some of the attributes for protocol testing purposes. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-10-22 18:03:23 +02:00
#endif /* CONFIG_TESTING_OPTIONS */
if (wrapped_r_auth) {
/* {R-auth}ke */
WPA_PUT_LE16(pos, DPP_ATTR_WRAPPED_DATA);
pos += 2;
WPA_PUT_LE16(pos, wrapped_r_auth_len);
pos += 2;
os_memcpy(pos, wrapped_r_auth, wrapped_r_auth_len);
pos += wrapped_r_auth_len;
}
/* OUI, OUI type, Crypto Suite, DPP frame type */
addr[0] = wpabuf_head_u8(msg) + 2;
len[0] = 3 + 1 + 1 + 1;
wpa_hexdump(MSG_DEBUG, "DDP: AES-SIV AD[0]", addr[0], len[0]);
/* Attributes before Wrapped Data */
addr[1] = attr_start;
len[1] = attr_end - attr_start;
wpa_hexdump(MSG_DEBUG, "DDP: AES-SIV AD[1]", addr[1], len[1]);
siv_len = pos - clear;
wpa_hexdump(MSG_DEBUG, "DPP: AES-SIV cleartext", clear, siv_len);
if (aes_siv_encrypt(siv_key, auth->curve->hash_len, clear, siv_len,
2, addr, len, wrapped_data) < 0) {
wpabuf_free(msg);
return NULL;
}
siv_len += AES_BLOCK_SIZE;
wpa_hexdump(MSG_DEBUG, "DPP: AES-SIV ciphertext",
wrapped_data, siv_len);
wpabuf_put_le16(msg, DPP_ATTR_WRAPPED_DATA);
wpabuf_put_le16(msg, siv_len);
wpabuf_put_data(msg, wrapped_data, siv_len);
#ifdef CONFIG_TESTING_OPTIONS
if (dpp_test == DPP_TEST_AFTER_WRAPPED_DATA_AUTH_RESP) {
wpa_printf(MSG_INFO, "DPP: TESTING - attr after Wrapped Data");
DPP: Replace custom undefined attr with DPP Status in after-wrapped data This has the same impact and is needed for some testing needs. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-19 11:32:00 +01:00
dpp_build_attr_status(msg, DPP_STATUS_OK);
DPP: Move Authentication Response building into a separate function This cleans up old dpp_auth_build_resp() (now dpp_auth_build_resp_ok()) a bit by separating initialization steps for a DPP authentication session from the code needed to build the frame. This allows dpp_auth_build_resp_status() to share the helper function instead of having to maintain a duplicated message construction implementation. In addition, this makes it easier to remove some of the attributes for protocol testing purposes. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-10-22 18:03:23 +02:00
}
DPP: Omission of Auth Resp attributes for protocol testing This extends the dpp_test mechanism to allow each of the required attributes in Authentication Response to be omitted. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-10-22 21:17:55 +02:00
skip_wrapped_data:
DPP: Move Authentication Response building into a separate function This cleans up old dpp_auth_build_resp() (now dpp_auth_build_resp_ok()) a bit by separating initialization steps for a DPP authentication session from the code needed to build the frame. This allows dpp_auth_build_resp_status() to share the helper function instead of having to maintain a duplicated message construction implementation. In addition, this makes it easier to remove some of the attributes for protocol testing purposes. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-10-22 18:03:23 +02:00
#endif /* CONFIG_TESTING_OPTIONS */
wpa_hexdump_buf(MSG_DEBUG,
"DPP: Authentication Response frame attributes", msg);
return msg;
}
DPP: Support multiple channels for initiating DPP Authentication This extends wpa_supplicant to iterate over all available channels from the intersection of what the peer indicates and the local device supports when initiating DPP Authentication. In addition, retry DPP Authentication Request frame up to five times if no response is received. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-12 11:17:54 +01:00
static int dpp_channel_ok_init(struct hostapd_hw_modes *own_modes,
u16 num_modes, unsigned int freq)
{
u16 m;
int c, flag;
if (!own_modes || !num_modes)
return 1;
for (m = 0; m < num_modes; m++) {
for (c = 0; c < own_modes[m].num_channels; c++) {
if ((unsigned int) own_modes[m].channels[c].freq !=
freq)
continue;
flag = own_modes[m].channels[c].flag;
if (!(flag & (HOSTAPD_CHAN_DISABLED |
HOSTAPD_CHAN_NO_IR |
HOSTAPD_CHAN_RADAR)))
return 1;
}
}
wpa_printf(MSG_DEBUG, "DPP: Peer channel %u MHz not supported", freq);
return 0;
}
static int freq_included(const unsigned int freqs[], unsigned int num,
unsigned int freq)
{
while (num > 0) {
if (freqs[--num] == freq)
return 1;
}
return 0;
}
static void freq_to_start(unsigned int freqs[], unsigned int num,
unsigned int freq)
{
unsigned int i;
for (i = 0; i < num; i++) {
if (freqs[i] == freq)
break;
}
if (i == 0 || i >= num)
return;
os_memmove(&freqs[1], &freqs[0], i * sizeof(freqs[0]));
freqs[0] = freq;
}
static int dpp_channel_intersect(struct dpp_authentication *auth,
struct hostapd_hw_modes *own_modes,
u16 num_modes)
{
struct dpp_bootstrap_info *peer_bi = auth->peer_bi;
unsigned int i, freq;
for (i = 0; i < peer_bi->num_freq; i++) {
freq = peer_bi->freq[i];
if (freq_included(auth->freq, auth->num_freq, freq))
continue;
if (dpp_channel_ok_init(own_modes, num_modes, freq))
auth->freq[auth->num_freq++] = freq;
}
if (!auth->num_freq) {
wpa_printf(MSG_INFO,
"DPP: No available channels for initiating DPP Authentication");
return -1;
}
auth->curr_freq = auth->freq[0];
return 0;
}
static int dpp_channel_local_list(struct dpp_authentication *auth,
struct hostapd_hw_modes *own_modes,
u16 num_modes)
{
u16 m;
int c, flag;
unsigned int freq;
auth->num_freq = 0;
if (!own_modes || !num_modes) {
auth->freq[0] = 2412;
auth->freq[1] = 2437;
auth->freq[2] = 2462;
auth->num_freq = 3;
return 0;
}
for (m = 0; m < num_modes; m++) {
for (c = 0; c < own_modes[m].num_channels; c++) {
freq = own_modes[m].channels[c].freq;
flag = own_modes[m].channels[c].flag;
if (flag & (HOSTAPD_CHAN_DISABLED |
HOSTAPD_CHAN_NO_IR |
HOSTAPD_CHAN_RADAR))
continue;
if (freq_included(auth->freq, auth->num_freq, freq))
continue;
auth->freq[auth->num_freq++] = freq;
if (auth->num_freq == DPP_BOOTSTRAP_MAX_FREQ) {
m = num_modes;
break;
}
}
}
return auth->num_freq == 0 ? -1 : 0;
}
static int dpp_prepare_channel_list(struct dpp_authentication *auth,
struct hostapd_hw_modes *own_modes,
u16 num_modes)
{
int res;
char freqs[DPP_BOOTSTRAP_MAX_FREQ * 6 + 10], *pos, *end;
unsigned int i;
if (auth->peer_bi->num_freq > 0)
res = dpp_channel_intersect(auth, own_modes, num_modes);
else
res = dpp_channel_local_list(auth, own_modes, num_modes);
if (res < 0)
return res;
/* Prioritize 2.4 GHz channels 6, 1, 11 (in this order) to hit the most
* likely channels first. */
freq_to_start(auth->freq, auth->num_freq, 2462);
freq_to_start(auth->freq, auth->num_freq, 2412);
freq_to_start(auth->freq, auth->num_freq, 2437);
auth->freq_idx = 0;
auth->curr_freq = auth->freq[0];
pos = freqs;
end = pos + sizeof(freqs);
for (i = 0; i < auth->num_freq; i++) {
res = os_snprintf(pos, end - pos, " %u", auth->freq[i]);
if (os_snprintf_error(end - pos, res))
break;
pos += res;
}
*pos = '\0';
wpa_printf(MSG_DEBUG, "DPP: Possible frequencies for initiating:%s",
freqs);
return 0;
}
DPP: Move Authentication Request building into a separate function This cleans up dpp_auth_init() a bit by separating initialization steps for a DPP authentication session from the code needed to build the frame. In addition, this makes it easier to remove some of the attributes for protocol testing purposes. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-10-22 16:08:25 +02:00
struct dpp_authentication * dpp_auth_init(void *msg_ctx,
struct dpp_bootstrap_info *peer_bi,
struct dpp_bootstrap_info *own_bi,
DPP: Allowed initiator to indicate either role The new role=either parameter can now be used with DPP_AUTH_INIT to indicate that the initiator can take either the Configurator or Enrollee role. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-13 10:29:45 +01:00
u8 dpp_allowed_roles,
DPP: Support multiple channels for initiating DPP Authentication This extends wpa_supplicant to iterate over all available channels from the intersection of what the peer indicates and the local device supports when initiating DPP Authentication. In addition, retry DPP Authentication Request frame up to five times if no response is received. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-12 11:17:54 +01:00
unsigned int neg_freq,
struct hostapd_hw_modes *own_modes,
u16 num_modes)
DPP: Move Authentication Request building into a separate function This cleans up dpp_auth_init() a bit by separating initialization steps for a DPP authentication session from the code needed to build the frame. In addition, this makes it easier to remove some of the attributes for protocol testing purposes. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-10-22 16:08:25 +02:00
{
struct dpp_authentication *auth;
size_t nonce_len;
EVP_PKEY_CTX *ctx = NULL;
size_t secret_len;
struct wpabuf *pi = NULL;
u8 zero[SHA256_MAC_LEN];
const u8 *r_pubkey_hash, *i_pubkey_hash;
DPP: Protocol testing for writing invalid I/R Bootstrap Key Hash Extend dpp_test to cover cases where Initiator/Responder Bootstrap Key Hash value in DPP Authentication frames is invalid (flip one bit). Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-19 10:32:02 +01:00
#ifdef CONFIG_TESTING_OPTIONS
u8 test_hash[SHA256_MAC_LEN];
#endif /* CONFIG_TESTING_OPTIONS */
DPP: Move Authentication Request building into a separate function This cleans up dpp_auth_init() a bit by separating initialization steps for a DPP authentication session from the code needed to build the frame. In addition, this makes it easier to remove some of the attributes for protocol testing purposes. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-10-22 16:08:25 +02:00
auth = os_zalloc(sizeof(*auth));
if (!auth)
return NULL;
auth->msg_ctx = msg_ctx;
auth->initiator = 1;
DPP: Support multiple channels for initiating DPP Authentication This extends wpa_supplicant to iterate over all available channels from the intersection of what the peer indicates and the local device supports when initiating DPP Authentication. In addition, retry DPP Authentication Request frame up to five times if no response is received. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-12 11:17:54 +01:00
auth->waiting_auth_resp = 1;
DPP: Allowed initiator to indicate either role The new role=either parameter can now be used with DPP_AUTH_INIT to indicate that the initiator can take either the Configurator or Enrollee role. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-13 10:29:45 +01:00
auth->allowed_roles = dpp_allowed_roles;
auth->configurator = !!(dpp_allowed_roles & DPP_CAPAB_CONFIGURATOR);
DPP: Move Authentication Request building into a separate function This cleans up dpp_auth_init() a bit by separating initialization steps for a DPP authentication session from the code needed to build the frame. In addition, this makes it easier to remove some of the attributes for protocol testing purposes. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-10-22 16:08:25 +02:00
auth->peer_bi = peer_bi;
auth->own_bi = own_bi;
auth->curve = peer_bi->curve;
DPP: Support multiple channels for initiating DPP Authentication This extends wpa_supplicant to iterate over all available channels from the intersection of what the peer indicates and the local device supports when initiating DPP Authentication. In addition, retry DPP Authentication Request frame up to five times if no response is received. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-12 11:17:54 +01:00
if (dpp_prepare_channel_list(auth, own_modes, num_modes) < 0)
goto fail;
DPP: Move Authentication Request building into a separate function This cleans up dpp_auth_init() a bit by separating initialization steps for a DPP authentication session from the code needed to build the frame. In addition, this makes it easier to remove some of the attributes for protocol testing purposes. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-10-22 16:08:25 +02:00
nonce_len = auth->curve->nonce_len;
if (random_get_bytes(auth->i_nonce, nonce_len)) {
wpa_printf(MSG_ERROR, "DPP: Failed to generate I-nonce");
goto fail;
}
wpa_hexdump(MSG_DEBUG, "DPP: I-nonce", auth->i_nonce, nonce_len);
auth->own_protocol_key = dpp_gen_keypair(auth->curve);
if (!auth->own_protocol_key)
goto fail;
pi = dpp_get_pubkey_point(auth->own_protocol_key, 0);
if (!pi)
goto fail;
/* ECDH: M = pI * BR */
ctx = EVP_PKEY_CTX_new(auth->own_protocol_key, NULL);
if (!ctx ||
EVP_PKEY_derive_init(ctx) != 1 ||
EVP_PKEY_derive_set_peer(ctx, auth->peer_bi->pubkey) != 1 ||
EVP_PKEY_derive(ctx, NULL, &secret_len) != 1 ||
secret_len > DPP_MAX_SHARED_SECRET_LEN ||
EVP_PKEY_derive(ctx, auth->Mx, &secret_len) != 1) {
wpa_printf(MSG_ERROR,
"DPP: Failed to derive ECDH shared secret: %s",
ERR_error_string(ERR_get_error(), NULL));
goto fail;
}
auth->secret_len = secret_len;
EVP_PKEY_CTX_free(ctx);
ctx = NULL;
wpa_hexdump_key(MSG_DEBUG, "DPP: ECDH shared secret (M.x)",
auth->Mx, auth->secret_len);
if (dpp_derive_k1(auth->Mx, auth->secret_len, auth->k1,
auth->curve->hash_len) < 0)
goto fail;
r_pubkey_hash = auth->peer_bi->pubkey_hash;
if (auth->own_bi) {
i_pubkey_hash = auth->own_bi->pubkey_hash;
} else {
os_memset(zero, 0, SHA256_MAC_LEN);
i_pubkey_hash = zero;
}
DPP: Omission of Auth Req attributes for protocol testing This extends the dpp_test mechanism to allow each of the required attributes in Authentication Request to be omitted. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-10-22 16:20:24 +02:00
#ifdef CONFIG_TESTING_OPTIONS
if (dpp_test == DPP_TEST_NO_R_BOOTSTRAP_KEY_HASH_AUTH_REQ) {
wpa_printf(MSG_INFO, "DPP: TESTING - no R-Bootstrap Key Hash");
r_pubkey_hash = NULL;
DPP: Protocol testing for writing invalid I/R Bootstrap Key Hash Extend dpp_test to cover cases where Initiator/Responder Bootstrap Key Hash value in DPP Authentication frames is invalid (flip one bit). Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-19 10:32:02 +01:00
} else if (dpp_test == DPP_TEST_INVALID_R_BOOTSTRAP_KEY_HASH_AUTH_REQ) {
wpa_printf(MSG_INFO,
"DPP: TESTING - invalid R-Bootstrap Key Hash");
os_memcpy(test_hash, r_pubkey_hash, SHA256_MAC_LEN);
test_hash[SHA256_MAC_LEN - 1] ^= 0x01;
r_pubkey_hash = test_hash;
DPP: Omission of Auth Req attributes for protocol testing This extends the dpp_test mechanism to allow each of the required attributes in Authentication Request to be omitted. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-10-22 16:20:24 +02:00
} else if (dpp_test == DPP_TEST_NO_I_BOOTSTRAP_KEY_HASH_AUTH_REQ) {
wpa_printf(MSG_INFO, "DPP: TESTING - no I-Bootstrap Key Hash");
i_pubkey_hash = NULL;
DPP: Protocol testing for writing invalid I/R Bootstrap Key Hash Extend dpp_test to cover cases where Initiator/Responder Bootstrap Key Hash value in DPP Authentication frames is invalid (flip one bit). Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-19 10:32:02 +01:00
} else if (dpp_test == DPP_TEST_INVALID_I_BOOTSTRAP_KEY_HASH_AUTH_REQ) {
wpa_printf(MSG_INFO,
"DPP: TESTING - invalid I-Bootstrap Key Hash");
os_memcpy(test_hash, i_pubkey_hash, SHA256_MAC_LEN);
test_hash[SHA256_MAC_LEN - 1] ^= 0x01;
i_pubkey_hash = test_hash;
DPP: Omission of Auth Req attributes for protocol testing This extends the dpp_test mechanism to allow each of the required attributes in Authentication Request to be omitted. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-10-22 16:20:24 +02:00
} else if (dpp_test == DPP_TEST_NO_I_PROTO_KEY_AUTH_REQ) {
wpa_printf(MSG_INFO, "DPP: TESTING - no I-Proto Key");
wpabuf_free(pi);
pi = NULL;
DPP: Protocol testing capability to generate invalid Protocol Key This extends dpp_test to allow invalid Initiator/Responder Protocol Key to be written into the Authentication Request/Response frame. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-18 23:11:44 +01:00
} else if (dpp_test == DPP_TEST_INVALID_I_PROTO_KEY_AUTH_REQ) {
wpa_printf(MSG_INFO, "DPP: TESTING - invalid I-Proto Key");
wpabuf_free(pi);
pi = wpabuf_alloc(2 * auth->curve->prime_len);
if (!pi || dpp_test_gen_invalid_key(pi, auth->curve) < 0)
goto fail;
DPP: Omission of Auth Req attributes for protocol testing This extends the dpp_test mechanism to allow each of the required attributes in Authentication Request to be omitted. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-10-22 16:20:24 +02:00
}
#endif /* CONFIG_TESTING_OPTIONS */
DPP: Move Authentication Request building into a separate function This cleans up dpp_auth_init() a bit by separating initialization steps for a DPP authentication session from the code needed to build the frame. In addition, this makes it easier to remove some of the attributes for protocol testing purposes. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-10-22 16:08:25 +02:00
auth->req_msg = dpp_auth_build_req(auth, pi, nonce_len, r_pubkey_hash,
DPP: Negotiation channel change request from Initiator Allow the Initiator to request a different channel to be used for DPP Authentication and DPP Configuration exchanges. This commit adds support for this in wpa_supplicant with the optional neg_freq=<freq in MHz> parameter in DPP_AUTH_INIT. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-10-29 15:08:02 +01:00
i_pubkey_hash, neg_freq);
DPP: Move Authentication Request building into a separate function This cleans up dpp_auth_init() a bit by separating initialization steps for a DPP authentication session from the code needed to build the frame. In addition, this makes it easier to remove some of the attributes for protocol testing purposes. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-10-22 16:08:25 +02:00
if (!auth->req_msg)
goto fail;
out:
DPP: Authentication exchange Add wpa_supplicant control interface commands for managing DPP Authentication exchange. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-06-15 20:18:12 +02:00
wpabuf_free(pi);
EVP_PKEY_CTX_free(ctx);
DPP: Move Authentication Request building into a separate function This cleans up dpp_auth_init() a bit by separating initialization steps for a DPP authentication session from the code needed to build the frame. In addition, this makes it easier to remove some of the attributes for protocol testing purposes. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-10-22 16:08:25 +02:00
return auth;
fail:
DPP: Authentication exchange Add wpa_supplicant control interface commands for managing DPP Authentication exchange. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-06-15 20:18:12 +02:00
dpp_auth_deinit(auth);
DPP: Move Authentication Request building into a separate function This cleans up dpp_auth_init() a bit by separating initialization steps for a DPP authentication session from the code needed to build the frame. In addition, this makes it easier to remove some of the attributes for protocol testing purposes. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-10-22 16:08:25 +02:00
auth = NULL;
goto out;
DPP: Authentication exchange Add wpa_supplicant control interface commands for managing DPP Authentication exchange. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-06-15 20:18:12 +02:00
}
DPP: Configuration exchange This adds support for DPP Configuration Protocol using GAS. Full generation and processing of the configuration object is not included in this commit. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-06-15 20:18:15 +02:00
struct wpabuf * dpp_build_conf_req(struct dpp_authentication *auth,
const char *json)
{
size_t nonce_len;
size_t json_len, clear_len;
struct wpabuf *clear = NULL, *msg = NULL;
u8 *wrapped;
DPP: Protocol testing framework Add a generic mechanism for configuring the DPP implementation to behave in particular different (mostly incorrect) ways for protocol testing purposes. The new dpp_test parameter can be set to a non-zero integer to indicate a specific behavior. This is only available in CONFIG_TESTING_OPTIONS=y builds. This commit include cases for an extra attribute being added after the Wrapped Data attribute and Initiator/Responder capabilities having an unexpected zero capability. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-10-22 10:15:21 +02:00
size_t attr_len;
DPP: Configuration exchange This adds support for DPP Configuration Protocol using GAS. Full generation and processing of the configuration object is not included in this commit. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-06-15 20:18:15 +02:00
wpa_printf(MSG_DEBUG, "DPP: Build configuration request");
nonce_len = auth->curve->nonce_len;
if (random_get_bytes(auth->e_nonce, nonce_len)) {
wpa_printf(MSG_ERROR, "DPP: Failed to generate E-nonce");
goto fail;
}
wpa_hexdump(MSG_DEBUG, "DPP: E-nonce", auth->e_nonce, nonce_len);
json_len = os_strlen(json);
wpa_hexdump_ascii(MSG_DEBUG, "DPP: configAttr JSON", json, json_len);
/* { E-nonce, configAttrib }ke */
clear_len = 4 + nonce_len + 4 + json_len;
clear = wpabuf_alloc(clear_len);
DPP: Protocol testing framework Add a generic mechanism for configuring the DPP implementation to behave in particular different (mostly incorrect) ways for protocol testing purposes. The new dpp_test parameter can be set to a non-zero integer to indicate a specific behavior. This is only available in CONFIG_TESTING_OPTIONS=y builds. This commit include cases for an extra attribute being added after the Wrapped Data attribute and Initiator/Responder capabilities having an unexpected zero capability. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-10-22 10:15:21 +02:00
attr_len = 4 + clear_len + AES_BLOCK_SIZE;
#ifdef CONFIG_TESTING_OPTIONS
if (dpp_test == DPP_TEST_AFTER_WRAPPED_DATA_CONF_REQ)
DPP: Replace custom undefined attr with DPP Status in after-wrapped data This has the same impact and is needed for some testing needs. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-19 11:32:00 +01:00
attr_len += 5;
DPP: Protocol testing framework Add a generic mechanism for configuring the DPP implementation to behave in particular different (mostly incorrect) ways for protocol testing purposes. The new dpp_test parameter can be set to a non-zero integer to indicate a specific behavior. This is only available in CONFIG_TESTING_OPTIONS=y builds. This commit include cases for an extra attribute being added after the Wrapped Data attribute and Initiator/Responder capabilities having an unexpected zero capability. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-10-22 10:15:21 +02:00
#endif /* CONFIG_TESTING_OPTIONS */
msg = wpabuf_alloc(attr_len);
DPP: Configuration exchange This adds support for DPP Configuration Protocol using GAS. Full generation and processing of the configuration object is not included in this commit. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-06-15 20:18:15 +02:00
if (!clear || !msg)
goto fail;
DPP: Protocol testing to remove attributes from Config Req/Resp Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-03 19:39:00 +01:00
#ifdef CONFIG_TESTING_OPTIONS
if (dpp_test == DPP_TEST_NO_E_NONCE_CONF_REQ) {
wpa_printf(MSG_INFO, "DPP: TESTING - no E-nonce");
goto skip_e_nonce;
}
if (dpp_test == DPP_TEST_NO_WRAPPED_DATA_CONF_REQ) {
wpa_printf(MSG_INFO, "DPP: TESTING - no Wrapped Data");
goto skip_wrapped_data;
}
#endif /* CONFIG_TESTING_OPTIONS */
DPP: Configuration exchange This adds support for DPP Configuration Protocol using GAS. Full generation and processing of the configuration object is not included in this commit. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-06-15 20:18:15 +02:00
/* E-nonce */
wpabuf_put_le16(clear, DPP_ATTR_ENROLLEE_NONCE);
wpabuf_put_le16(clear, nonce_len);
wpabuf_put_data(clear, auth->e_nonce, nonce_len);
DPP: Protocol testing to remove attributes from Config Req/Resp Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-03 19:39:00 +01:00
#ifdef CONFIG_TESTING_OPTIONS
skip_e_nonce:
if (dpp_test == DPP_TEST_NO_CONFIG_ATTR_OBJ_CONF_REQ) {
wpa_printf(MSG_INFO, "DPP: TESTING - no configAttrib");
goto skip_conf_attr_obj;
}
#endif /* CONFIG_TESTING_OPTIONS */
DPP: Configuration exchange This adds support for DPP Configuration Protocol using GAS. Full generation and processing of the configuration object is not included in this commit. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-06-15 20:18:15 +02:00
/* configAttrib */
wpabuf_put_le16(clear, DPP_ATTR_CONFIG_ATTR_OBJ);
wpabuf_put_le16(clear, json_len);
wpabuf_put_data(clear, json, json_len);
DPP: Protocol testing to remove attributes from Config Req/Resp Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-03 19:39:00 +01:00
#ifdef CONFIG_TESTING_OPTIONS
skip_conf_attr_obj:
#endif /* CONFIG_TESTING_OPTIONS */
DPP: Configuration exchange This adds support for DPP Configuration Protocol using GAS. Full generation and processing of the configuration object is not included in this commit. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-06-15 20:18:15 +02:00
wpabuf_put_le16(msg, DPP_ATTR_WRAPPED_DATA);
wpabuf_put_le16(msg, wpabuf_len(clear) + AES_BLOCK_SIZE);
wrapped = wpabuf_put(msg, wpabuf_len(clear) + AES_BLOCK_SIZE);
/* No AES-SIV AD */
wpa_hexdump_buf(MSG_DEBUG, "DPP: AES-SIV cleartext", clear);
if (aes_siv_encrypt(auth->ke, auth->curve->hash_len,
wpabuf_head(clear), wpabuf_len(clear),
0, NULL, NULL, wrapped) < 0)
goto fail;
wpa_hexdump(MSG_DEBUG, "DPP: AES-SIV ciphertext",
wrapped, wpabuf_len(clear) + AES_BLOCK_SIZE);
DPP: Protocol testing framework Add a generic mechanism for configuring the DPP implementation to behave in particular different (mostly incorrect) ways for protocol testing purposes. The new dpp_test parameter can be set to a non-zero integer to indicate a specific behavior. This is only available in CONFIG_TESTING_OPTIONS=y builds. This commit include cases for an extra attribute being added after the Wrapped Data attribute and Initiator/Responder capabilities having an unexpected zero capability. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-10-22 10:15:21 +02:00
#ifdef CONFIG_TESTING_OPTIONS
if (dpp_test == DPP_TEST_AFTER_WRAPPED_DATA_CONF_REQ) {
wpa_printf(MSG_INFO, "DPP: TESTING - attr after Wrapped Data");
DPP: Replace custom undefined attr with DPP Status in after-wrapped data This has the same impact and is needed for some testing needs. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-19 11:32:00 +01:00
dpp_build_attr_status(msg, DPP_STATUS_OK);
DPP: Protocol testing framework Add a generic mechanism for configuring the DPP implementation to behave in particular different (mostly incorrect) ways for protocol testing purposes. The new dpp_test parameter can be set to a non-zero integer to indicate a specific behavior. This is only available in CONFIG_TESTING_OPTIONS=y builds. This commit include cases for an extra attribute being added after the Wrapped Data attribute and Initiator/Responder capabilities having an unexpected zero capability. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-10-22 10:15:21 +02:00
}
DPP: Protocol testing to remove attributes from Config Req/Resp Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-03 19:39:00 +01:00
skip_wrapped_data:
DPP: Protocol testing framework Add a generic mechanism for configuring the DPP implementation to behave in particular different (mostly incorrect) ways for protocol testing purposes. The new dpp_test parameter can be set to a non-zero integer to indicate a specific behavior. This is only available in CONFIG_TESTING_OPTIONS=y builds. This commit include cases for an extra attribute being added after the Wrapped Data attribute and Initiator/Responder capabilities having an unexpected zero capability. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-10-22 10:15:21 +02:00
#endif /* CONFIG_TESTING_OPTIONS */
DPP: Configuration exchange This adds support for DPP Configuration Protocol using GAS. Full generation and processing of the configuration object is not included in this commit. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-06-15 20:18:15 +02:00
wpa_hexdump_buf(MSG_DEBUG,
"DPP: Configuration Request frame attributes", msg);
wpabuf_free(clear);
return msg;
fail:
wpabuf_free(clear);
wpabuf_free(msg);
return NULL;
}
DPP: Authentication exchange Add wpa_supplicant control interface commands for managing DPP Authentication exchange. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-06-15 20:18:12 +02:00
static void dpp_auth_success(struct dpp_authentication *auth)
{
wpa_printf(MSG_DEBUG,
"DPP: Authentication success - clear temporary keys");
os_memset(auth->Mx, 0, sizeof(auth->Mx));
os_memset(auth->Nx, 0, sizeof(auth->Nx));
os_memset(auth->Lx, 0, sizeof(auth->Lx));
os_memset(auth->k1, 0, sizeof(auth->k1));
os_memset(auth->k2, 0, sizeof(auth->k2));
auth->auth_success = 1;
}
static int dpp_gen_r_auth(struct dpp_authentication *auth, u8 *r_auth)
{
struct wpabuf *pix, *prx, *bix, *brx;
const u8 *addr[7];
size_t len[7];
size_t i, num_elem = 0;
size_t nonce_len;
u8 zero = 0;
int res = -1;
/* R-auth = H(I-nonce | R-nonce | PI.x | PR.x | [BI.x |] BR.x | 0) */
nonce_len = auth->curve->nonce_len;
if (auth->initiator) {
pix = dpp_get_pubkey_point(auth->own_protocol_key, 0);
prx = dpp_get_pubkey_point(auth->peer_protocol_key, 0);
if (auth->own_bi)
bix = dpp_get_pubkey_point(auth->own_bi->pubkey, 0);
else
bix = NULL;
brx = dpp_get_pubkey_point(auth->peer_bi->pubkey, 0);
} else {
pix = dpp_get_pubkey_point(auth->peer_protocol_key, 0);
prx = dpp_get_pubkey_point(auth->own_protocol_key, 0);
if (auth->peer_bi)
bix = dpp_get_pubkey_point(auth->peer_bi->pubkey, 0);
else
bix = NULL;
brx = dpp_get_pubkey_point(auth->own_bi->pubkey, 0);
}
if (!pix || !prx || !brx)
goto fail;
addr[num_elem] = auth->i_nonce;
len[num_elem] = nonce_len;
num_elem++;
addr[num_elem] = auth->r_nonce;
len[num_elem] = nonce_len;
num_elem++;
addr[num_elem] = wpabuf_head(pix);
len[num_elem] = wpabuf_len(pix) / 2;
num_elem++;
addr[num_elem] = wpabuf_head(prx);
len[num_elem] = wpabuf_len(prx) / 2;
num_elem++;
if (bix) {
addr[num_elem] = wpabuf_head(bix);
len[num_elem] = wpabuf_len(bix) / 2;
num_elem++;
}
addr[num_elem] = wpabuf_head(brx);
len[num_elem] = wpabuf_len(brx) / 2;
num_elem++;
addr[num_elem] = &zero;
len[num_elem] = 1;
num_elem++;
wpa_printf(MSG_DEBUG, "DPP: R-auth hash components");
for (i = 0; i < num_elem; i++)
wpa_hexdump(MSG_DEBUG, "DPP: hash component", addr[i], len[i]);
DPP: Add helper functions for running hash operations Use helper functions to cover all three different hash algorithm options for DPP operations instead of having separate calls to each function at every location a hash operation based on the curve is needed. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-07-02 11:36:20 +02:00
res = dpp_hash_vector(auth->curve, num_elem, addr, len, r_auth);
DPP: Authentication exchange Add wpa_supplicant control interface commands for managing DPP Authentication exchange. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-06-15 20:18:12 +02:00
if (res == 0)
wpa_hexdump(MSG_DEBUG, "DPP: R-auth", r_auth,
auth->curve->hash_len);
fail:
wpabuf_free(pix);
wpabuf_free(prx);
wpabuf_free(bix);
wpabuf_free(brx);
return res;
}
static int dpp_gen_i_auth(struct dpp_authentication *auth, u8 *i_auth)
{
struct wpabuf *pix = NULL, *prx = NULL, *bix = NULL, *brx = NULL;
const u8 *addr[7];
size_t len[7];
size_t i, num_elem = 0;
size_t nonce_len;
u8 one = 1;
int res = -1;
/* I-auth = H(R-nonce | I-nonce | PR.x | PI.x | BR.x | [BI.x |] 1) */
nonce_len = auth->curve->nonce_len;
if (auth->initiator) {
pix = dpp_get_pubkey_point(auth->own_protocol_key, 0);
prx = dpp_get_pubkey_point(auth->peer_protocol_key, 0);
if (auth->own_bi)
bix = dpp_get_pubkey_point(auth->own_bi->pubkey, 0);
else
bix = NULL;
if (!auth->peer_bi)
goto fail;
brx = dpp_get_pubkey_point(auth->peer_bi->pubkey, 0);
} else {
pix = dpp_get_pubkey_point(auth->peer_protocol_key, 0);
prx = dpp_get_pubkey_point(auth->own_protocol_key, 0);
if (auth->peer_bi)
bix = dpp_get_pubkey_point(auth->peer_bi->pubkey, 0);
else
bix = NULL;
if (!auth->own_bi)
goto fail;
brx = dpp_get_pubkey_point(auth->own_bi->pubkey, 0);
}
if (!pix || !prx || !brx)
goto fail;
addr[num_elem] = auth->r_nonce;
len[num_elem] = nonce_len;
num_elem++;
addr[num_elem] = auth->i_nonce;
len[num_elem] = nonce_len;
num_elem++;
addr[num_elem] = wpabuf_head(prx);
len[num_elem] = wpabuf_len(prx) / 2;
num_elem++;
addr[num_elem] = wpabuf_head(pix);
len[num_elem] = wpabuf_len(pix) / 2;
num_elem++;
addr[num_elem] = wpabuf_head(brx);
len[num_elem] = wpabuf_len(brx) / 2;
num_elem++;
if (bix) {
addr[num_elem] = wpabuf_head(bix);
len[num_elem] = wpabuf_len(bix) / 2;
num_elem++;
}
addr[num_elem] = &one;
len[num_elem] = 1;
num_elem++;
wpa_printf(MSG_DEBUG, "DPP: I-auth hash components");
for (i = 0; i < num_elem; i++)
wpa_hexdump(MSG_DEBUG, "DPP: hash component", addr[i], len[i]);
DPP: Add helper functions for running hash operations Use helper functions to cover all three different hash algorithm options for DPP operations instead of having separate calls to each function at every location a hash operation based on the curve is needed. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-07-02 11:36:20 +02:00
res = dpp_hash_vector(auth->curve, num_elem, addr, len, i_auth);
DPP: Authentication exchange Add wpa_supplicant control interface commands for managing DPP Authentication exchange. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-06-15 20:18:12 +02:00
if (res == 0)
wpa_hexdump(MSG_DEBUG, "DPP: I-auth", i_auth,
auth->curve->hash_len);
fail:
wpabuf_free(pix);
wpabuf_free(prx);
wpabuf_free(bix);
wpabuf_free(brx);
return res;
}
static int dpp_auth_derive_l_responder(struct dpp_authentication *auth)
{
const EC_GROUP *group;
EC_POINT *l = NULL;
EC_KEY *BI = NULL, *bR = NULL, *pR = NULL;
const EC_POINT *BI_point;
BN_CTX *bnctx;
BIGNUM *lx, *sum, *q;
const BIGNUM *bR_bn, *pR_bn;
int ret = -1;
/* L = ((bR + pR) modulo q) * BI */
bnctx = BN_CTX_new();
sum = BN_new();
q = BN_new();
lx = BN_new();
if (!bnctx || !sum || !q || !lx)
goto fail;
BI = EVP_PKEY_get1_EC_KEY(auth->peer_bi->pubkey);
if (!BI)
goto fail;
BI_point = EC_KEY_get0_public_key(BI);
group = EC_KEY_get0_group(BI);
if (!group)
goto fail;
bR = EVP_PKEY_get1_EC_KEY(auth->own_bi->pubkey);
pR = EVP_PKEY_get1_EC_KEY(auth->own_protocol_key);
if (!bR || !pR)
goto fail;
bR_bn = EC_KEY_get0_private_key(bR);
pR_bn = EC_KEY_get0_private_key(pR);
if (!bR_bn || !pR_bn)
goto fail;
if (EC_GROUP_get_order(group, q, bnctx) != 1 ||
BN_mod_add(sum, bR_bn, pR_bn, q, bnctx) != 1)
goto fail;
l = EC_POINT_new(group);
if (!l ||
EC_POINT_mul(group, l, NULL, BI_point, sum, bnctx) != 1 ||
EC_POINT_get_affine_coordinates_GFp(group, l, lx, NULL,
bnctx) != 1) {
wpa_printf(MSG_ERROR,
"OpenSSL: failed: %s",
ERR_error_string(ERR_get_error(), NULL));
goto fail;
}
DPP: Use dpp_bn2bin_pad() helper to simplify code Number of places writing BIGNUM values with left-padding were open coding this helper functionality unnecessarily. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-03 15:49:48 +01:00
if (dpp_bn2bin_pad(lx, auth->Lx, auth->secret_len) < 0)
DPP: Authentication exchange Add wpa_supplicant control interface commands for managing DPP Authentication exchange. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-06-15 20:18:12 +02:00
goto fail;
wpa_hexdump_key(MSG_DEBUG, "DPP: L.x", auth->Lx, auth->secret_len);
ret = 0;
fail:
EC_POINT_clear_free(l);
EC_KEY_free(BI);
EC_KEY_free(bR);
EC_KEY_free(pR);
BN_clear_free(lx);
BN_clear_free(sum);
BN_free(q);
BN_CTX_free(bnctx);
return ret;
}
static int dpp_auth_derive_l_initiator(struct dpp_authentication *auth)
{
const EC_GROUP *group;
EC_POINT *l = NULL, *sum = NULL;
EC_KEY *bI = NULL, *BR = NULL, *PR = NULL;
const EC_POINT *BR_point, *PR_point;
BN_CTX *bnctx;
BIGNUM *lx;
const BIGNUM *bI_bn;
int ret = -1;
/* L = bI * (BR + PR) */
bnctx = BN_CTX_new();
lx = BN_new();
if (!bnctx || !lx)
goto fail;
BR = EVP_PKEY_get1_EC_KEY(auth->peer_bi->pubkey);
PR = EVP_PKEY_get1_EC_KEY(auth->peer_protocol_key);
if (!BR || !PR)
goto fail;
BR_point = EC_KEY_get0_public_key(BR);
PR_point = EC_KEY_get0_public_key(PR);
bI = EVP_PKEY_get1_EC_KEY(auth->own_bi->pubkey);
if (!bI)
goto fail;
group = EC_KEY_get0_group(bI);
bI_bn = EC_KEY_get0_private_key(bI);
if (!group || !bI_bn)
goto fail;
sum = EC_POINT_new(group);
l = EC_POINT_new(group);
if (!sum || !l ||
EC_POINT_add(group, sum, BR_point, PR_point, bnctx) != 1 ||
EC_POINT_mul(group, l, NULL, sum, bI_bn, bnctx) != 1 ||
EC_POINT_get_affine_coordinates_GFp(group, l, lx, NULL,
bnctx) != 1) {
wpa_printf(MSG_ERROR,
"OpenSSL: failed: %s",
ERR_error_string(ERR_get_error(), NULL));
goto fail;
}
DPP: Use dpp_bn2bin_pad() helper to simplify code Number of places writing BIGNUM values with left-padding were open coding this helper functionality unnecessarily. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-03 15:49:48 +01:00
if (dpp_bn2bin_pad(lx, auth->Lx, auth->secret_len) < 0)
DPP: Authentication exchange Add wpa_supplicant control interface commands for managing DPP Authentication exchange. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-06-15 20:18:12 +02:00
goto fail;
wpa_hexdump_key(MSG_DEBUG, "DPP: L.x", auth->Lx, auth->secret_len);
ret = 0;
fail:
EC_POINT_clear_free(l);
EC_KEY_free(bI);
EC_KEY_free(BR);
EC_KEY_free(PR);
BN_clear_free(lx);
BN_CTX_free(bnctx);
return ret;
}
DPP: Move Authentication Response building into a separate function This cleans up old dpp_auth_build_resp() (now dpp_auth_build_resp_ok()) a bit by separating initialization steps for a DPP authentication session from the code needed to build the frame. This allows dpp_auth_build_resp_status() to share the helper function instead of having to maintain a duplicated message construction implementation. In addition, this makes it easier to remove some of the attributes for protocol testing purposes. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-10-22 18:03:23 +02:00
static int dpp_auth_build_resp_ok(struct dpp_authentication *auth)
DPP: Authentication exchange Add wpa_supplicant control interface commands for managing DPP Authentication exchange. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-06-15 20:18:12 +02:00
{
size_t nonce_len;
EVP_PKEY_CTX *ctx = NULL;
size_t secret_len;
struct wpabuf *msg, *pr = NULL;
u8 r_auth[4 + DPP_MAX_HASH_LEN];
DPP: Omission of Auth Resp attributes for protocol testing This extends the dpp_test mechanism to allow each of the required attributes in Authentication Response to be omitted. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-10-22 21:17:55 +02:00
u8 wrapped_r_auth[4 + DPP_MAX_HASH_LEN + AES_BLOCK_SIZE], *w_r_auth;
DPP: Authentication exchange Add wpa_supplicant control interface commands for managing DPP Authentication exchange. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-06-15 20:18:12 +02:00
size_t wrapped_r_auth_len;
DPP: Move Authentication Response building into a separate function This cleans up old dpp_auth_build_resp() (now dpp_auth_build_resp_ok()) a bit by separating initialization steps for a DPP authentication session from the code needed to build the frame. This allows dpp_auth_build_resp_status() to share the helper function instead of having to maintain a duplicated message construction implementation. In addition, this makes it easier to remove some of the attributes for protocol testing purposes. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-10-22 18:03:23 +02:00
int ret = -1;
DPP: Omission of Auth Resp attributes for protocol testing This extends the dpp_test mechanism to allow each of the required attributes in Authentication Response to be omitted. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-10-22 21:17:55 +02:00
const u8 *r_pubkey_hash, *i_pubkey_hash, *r_nonce, *i_nonce;
enum dpp_status_error status = DPP_STATUS_OK;
DPP: Protocol testing for writing invalid I/R Bootstrap Key Hash Extend dpp_test to cover cases where Initiator/Responder Bootstrap Key Hash value in DPP Authentication frames is invalid (flip one bit). Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-19 10:32:02 +01:00
#ifdef CONFIG_TESTING_OPTIONS
u8 test_hash[SHA256_MAC_LEN];
#endif /* CONFIG_TESTING_OPTIONS */
DPP: Authentication exchange Add wpa_supplicant control interface commands for managing DPP Authentication exchange. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-06-15 20:18:12 +02:00
wpa_printf(MSG_DEBUG, "DPP: Build Authentication Response");
DPP: Testing capability to send unexpected Authentication Response This is for protocol testing to check what happens if the Responser receives an unexpected Authentication Response instead of Authentication Confirm. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-13 11:47:30 +01:00
if (!auth->own_bi)
return -1;
DPP: Authentication exchange Add wpa_supplicant control interface commands for managing DPP Authentication exchange. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-06-15 20:18:12 +02:00
nonce_len = auth->curve->nonce_len;
if (random_get_bytes(auth->r_nonce, nonce_len)) {
wpa_printf(MSG_ERROR, "DPP: Failed to generate R-nonce");
goto fail;
}
wpa_hexdump(MSG_DEBUG, "DPP: R-nonce", auth->r_nonce, nonce_len);
auth->own_protocol_key = dpp_gen_keypair(auth->curve);
if (!auth->own_protocol_key)
goto fail;
pr = dpp_get_pubkey_point(auth->own_protocol_key, 0);
if (!pr)
goto fail;
/* ECDH: N = pR * PI */
ctx = EVP_PKEY_CTX_new(auth->own_protocol_key, NULL);
if (!ctx ||
EVP_PKEY_derive_init(ctx) != 1 ||
EVP_PKEY_derive_set_peer(ctx, auth->peer_protocol_key) != 1 ||
EVP_PKEY_derive(ctx, NULL, &secret_len) != 1 ||
secret_len > DPP_MAX_SHARED_SECRET_LEN ||
EVP_PKEY_derive(ctx, auth->Nx, &secret_len) != 1) {
wpa_printf(MSG_ERROR,
"DPP: Failed to derive ECDH shared secret: %s",
ERR_error_string(ERR_get_error(), NULL));
goto fail;
}
EVP_PKEY_CTX_free(ctx);
ctx = NULL;
wpa_hexdump_key(MSG_DEBUG, "DPP: ECDH shared secret (N.x)",
auth->Nx, auth->secret_len);
if (dpp_derive_k2(auth->Nx, auth->secret_len, auth->k2,
auth->curve->hash_len) < 0)
goto fail;
if (auth->own_bi && auth->peer_bi) {
/* Mutual authentication */
if (dpp_auth_derive_l_responder(auth) < 0)
goto fail;
}
if (dpp_derive_ke(auth, auth->ke, auth->curve->hash_len) < 0)
goto fail;
/* R-auth = H(I-nonce | R-nonce | PI.x | PR.x | [BI.x |] BR.x | 0) */
WPA_PUT_LE16(r_auth, DPP_ATTR_R_AUTH_TAG);
WPA_PUT_LE16(&r_auth[2], auth->curve->hash_len);
DPP: Auth Resp/Conf incorrect attribute values for protocol testing This extends the dpp_test mechanism to allow I-nonce, R-capab, R-auth, and I-auth values in Authentication Response/Confirm to use incorrect values. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-10-28 10:23:22 +02:00
if (dpp_gen_r_auth(auth, r_auth + 4) < 0)
goto fail;
#ifdef CONFIG_TESTING_OPTIONS
if (dpp_test == DPP_TEST_R_AUTH_MISMATCH_AUTH_RESP) {
wpa_printf(MSG_INFO, "DPP: TESTING - R-auth mismatch");
r_auth[4 + auth->curve->hash_len / 2] ^= 0x01;
}
#endif /* CONFIG_TESTING_OPTIONS */
if (aes_siv_encrypt(auth->ke, auth->curve->hash_len,
DPP: Authentication exchange Add wpa_supplicant control interface commands for managing DPP Authentication exchange. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-06-15 20:18:12 +02:00
r_auth, 4 + auth->curve->hash_len,
0, NULL, NULL, wrapped_r_auth) < 0)
goto fail;
wrapped_r_auth_len = 4 + auth->curve->hash_len + AES_BLOCK_SIZE;
wpa_hexdump(MSG_DEBUG, "DPP: {R-auth}ke",
wrapped_r_auth, wrapped_r_auth_len);
DPP: Omission of Auth Resp attributes for protocol testing This extends the dpp_test mechanism to allow each of the required attributes in Authentication Response to be omitted. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-10-22 21:17:55 +02:00
w_r_auth = wrapped_r_auth;
DPP: Authentication exchange Add wpa_supplicant control interface commands for managing DPP Authentication exchange. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-06-15 20:18:12 +02:00
DPP: Move Authentication Response building into a separate function This cleans up old dpp_auth_build_resp() (now dpp_auth_build_resp_ok()) a bit by separating initialization steps for a DPP authentication session from the code needed to build the frame. This allows dpp_auth_build_resp_status() to share the helper function instead of having to maintain a duplicated message construction implementation. In addition, this makes it easier to remove some of the attributes for protocol testing purposes. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-10-22 18:03:23 +02:00
r_pubkey_hash = auth->own_bi->pubkey_hash;
if (auth->peer_bi)
i_pubkey_hash = auth->peer_bi->pubkey_hash;
else
i_pubkey_hash = NULL;
DPP: Omission of Auth Resp attributes for protocol testing This extends the dpp_test mechanism to allow each of the required attributes in Authentication Response to be omitted. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-10-22 21:17:55 +02:00
i_nonce = auth->i_nonce;
r_nonce = auth->r_nonce;
#ifdef CONFIG_TESTING_OPTIONS
if (dpp_test == DPP_TEST_NO_R_BOOTSTRAP_KEY_HASH_AUTH_RESP) {
wpa_printf(MSG_INFO, "DPP: TESTING - no R-Bootstrap Key Hash");
r_pubkey_hash = NULL;
DPP: Protocol testing for writing invalid I/R Bootstrap Key Hash Extend dpp_test to cover cases where Initiator/Responder Bootstrap Key Hash value in DPP Authentication frames is invalid (flip one bit). Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-19 10:32:02 +01:00
} else if (dpp_test ==
DPP_TEST_INVALID_R_BOOTSTRAP_KEY_HASH_AUTH_RESP) {
wpa_printf(MSG_INFO,
"DPP: TESTING - invalid R-Bootstrap Key Hash");
os_memcpy(test_hash, r_pubkey_hash, SHA256_MAC_LEN);
test_hash[SHA256_MAC_LEN - 1] ^= 0x01;
r_pubkey_hash = test_hash;
DPP: Omission of Auth Resp attributes for protocol testing This extends the dpp_test mechanism to allow each of the required attributes in Authentication Response to be omitted. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-10-22 21:17:55 +02:00
} else if (dpp_test == DPP_TEST_NO_I_BOOTSTRAP_KEY_HASH_AUTH_RESP) {
wpa_printf(MSG_INFO, "DPP: TESTING - no I-Bootstrap Key Hash");
i_pubkey_hash = NULL;
DPP: Protocol testing for writing invalid I/R Bootstrap Key Hash Extend dpp_test to cover cases where Initiator/Responder Bootstrap Key Hash value in DPP Authentication frames is invalid (flip one bit). Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-19 10:32:02 +01:00
} else if (dpp_test ==
DPP_TEST_INVALID_I_BOOTSTRAP_KEY_HASH_AUTH_RESP) {
wpa_printf(MSG_INFO,
"DPP: TESTING - invalid I-Bootstrap Key Hash");
if (i_pubkey_hash)
os_memcpy(test_hash, i_pubkey_hash, SHA256_MAC_LEN);
else
os_memset(test_hash, 0, SHA256_MAC_LEN);
test_hash[SHA256_MAC_LEN - 1] ^= 0x01;
i_pubkey_hash = test_hash;
DPP: Omission of Auth Resp attributes for protocol testing This extends the dpp_test mechanism to allow each of the required attributes in Authentication Response to be omitted. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-10-22 21:17:55 +02:00
} else if (dpp_test == DPP_TEST_NO_R_PROTO_KEY_AUTH_RESP) {
wpa_printf(MSG_INFO, "DPP: TESTING - no R-Proto Key");
wpabuf_free(pr);
pr = NULL;
DPP: Protocol testing capability to generate invalid Protocol Key This extends dpp_test to allow invalid Initiator/Responder Protocol Key to be written into the Authentication Request/Response frame. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-18 23:11:44 +01:00
} else if (dpp_test == DPP_TEST_INVALID_R_PROTO_KEY_AUTH_RESP) {
wpa_printf(MSG_INFO, "DPP: TESTING - invalid R-Proto Key");
wpabuf_free(pr);
pr = wpabuf_alloc(2 * auth->curve->prime_len);
if (!pr || dpp_test_gen_invalid_key(pr, auth->curve) < 0)
goto fail;
DPP: Omission of Auth Resp attributes for protocol testing This extends the dpp_test mechanism to allow each of the required attributes in Authentication Response to be omitted. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-10-22 21:17:55 +02:00
} else if (dpp_test == DPP_TEST_NO_R_AUTH_AUTH_RESP) {
wpa_printf(MSG_INFO, "DPP: TESTING - no R-Auth");
w_r_auth = NULL;
wrapped_r_auth_len = 0;
} else if (dpp_test == DPP_TEST_NO_STATUS_AUTH_RESP) {
wpa_printf(MSG_INFO, "DPP: TESTING - no Status");
status = 255;
DPP: Protocol testing for invalid DPP Status value Extend dpp_test to cover cases where DPP Status value is invalid in Authentication Response/Confirm frames. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-19 11:53:04 +01:00
} else if (dpp_test == DPP_TEST_INVALID_STATUS_AUTH_RESP) {
wpa_printf(MSG_INFO, "DPP: TESTING - invalid Status");
status = 254;
DPP: Omission of Auth Resp attributes for protocol testing This extends the dpp_test mechanism to allow each of the required attributes in Authentication Response to be omitted. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-10-22 21:17:55 +02:00
} else if (dpp_test == DPP_TEST_NO_R_NONCE_AUTH_RESP) {
wpa_printf(MSG_INFO, "DPP: TESTING - no R-nonce");
r_nonce = NULL;
} else if (dpp_test == DPP_TEST_NO_I_NONCE_AUTH_RESP) {
wpa_printf(MSG_INFO, "DPP: TESTING - no I-nonce");
i_nonce = NULL;
}
#endif /* CONFIG_TESTING_OPTIONS */
msg = dpp_auth_build_resp(auth, status, pr, nonce_len,
DPP: Move Authentication Response building into a separate function This cleans up old dpp_auth_build_resp() (now dpp_auth_build_resp_ok()) a bit by separating initialization steps for a DPP authentication session from the code needed to build the frame. This allows dpp_auth_build_resp_status() to share the helper function instead of having to maintain a duplicated message construction implementation. In addition, this makes it easier to remove some of the attributes for protocol testing purposes. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-10-22 18:03:23 +02:00
r_pubkey_hash, i_pubkey_hash,
DPP: Omission of Auth Resp attributes for protocol testing This extends the dpp_test mechanism to allow each of the required attributes in Authentication Response to be omitted. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-10-22 21:17:55 +02:00
r_nonce, i_nonce,
w_r_auth, wrapped_r_auth_len,
DPP: Move Authentication Response building into a separate function This cleans up old dpp_auth_build_resp() (now dpp_auth_build_resp_ok()) a bit by separating initialization steps for a DPP authentication session from the code needed to build the frame. This allows dpp_auth_build_resp_status() to share the helper function instead of having to maintain a duplicated message construction implementation. In addition, this makes it easier to remove some of the attributes for protocol testing purposes. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-10-22 18:03:23 +02:00
auth->k2);
DPP: Authentication exchange Add wpa_supplicant control interface commands for managing DPP Authentication exchange. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-06-15 20:18:12 +02:00
if (!msg)
goto fail;
DPP: Retransmit DPP Authentication Response frame if it is not ACKed This extends wpa_supplicant DPP implementation to retransmit DPP Authentication Response frame every 10 seconds up to 5 times if the peer does not reply with DPP Authentication Confirm frame. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-13 11:34:17 +01:00
wpabuf_free(auth->resp_msg);
DPP: Update AES-SIV AD for DPP Authentication frames The protocol design was updated to protect the six octets in the header before the attributes. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-10-18 21:51:30 +02:00
auth->resp_msg = msg;
DPP: Move Authentication Response building into a separate function This cleans up old dpp_auth_build_resp() (now dpp_auth_build_resp_ok()) a bit by separating initialization steps for a DPP authentication session from the code needed to build the frame. This allows dpp_auth_build_resp_status() to share the helper function instead of having to maintain a duplicated message construction implementation. In addition, this makes it easier to remove some of the attributes for protocol testing purposes. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-10-22 18:03:23 +02:00
ret = 0;
DPP: Authentication exchange Add wpa_supplicant control interface commands for managing DPP Authentication exchange. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-06-15 20:18:12 +02:00
fail:
wpabuf_free(pr);
DPP: Move Authentication Response building into a separate function This cleans up old dpp_auth_build_resp() (now dpp_auth_build_resp_ok()) a bit by separating initialization steps for a DPP authentication session from the code needed to build the frame. This allows dpp_auth_build_resp_status() to share the helper function instead of having to maintain a duplicated message construction implementation. In addition, this makes it easier to remove some of the attributes for protocol testing purposes. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-10-22 18:03:23 +02:00
return ret;
DPP: Authentication exchange Add wpa_supplicant control interface commands for managing DPP Authentication exchange. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-06-15 20:18:12 +02:00
}
static int dpp_auth_build_resp_status(struct dpp_authentication *auth,
enum dpp_status_error status)
{
struct wpabuf *msg;
DPP: Omission of Auth Resp attributes for protocol testing This extends the dpp_test mechanism to allow each of the required attributes in Authentication Response to be omitted. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-10-22 21:17:55 +02:00
const u8 *r_pubkey_hash, *i_pubkey_hash, *i_nonce;
DPP: Protocol testing for writing invalid I/R Bootstrap Key Hash Extend dpp_test to cover cases where Initiator/Responder Bootstrap Key Hash value in DPP Authentication frames is invalid (flip one bit). Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-19 10:32:02 +01:00
#ifdef CONFIG_TESTING_OPTIONS
u8 test_hash[SHA256_MAC_LEN];
#endif /* CONFIG_TESTING_OPTIONS */
DPP: Authentication exchange Add wpa_supplicant control interface commands for managing DPP Authentication exchange. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-06-15 20:18:12 +02:00
DPP: Testing capability to send unexpected Authentication Response This is for protocol testing to check what happens if the Responser receives an unexpected Authentication Response instead of Authentication Confirm. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-13 11:47:30 +01:00
if (!auth->own_bi)
return -1;
DPP: Authentication exchange Add wpa_supplicant control interface commands for managing DPP Authentication exchange. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-06-15 20:18:12 +02:00
wpa_printf(MSG_DEBUG, "DPP: Build Authentication Response");
DPP: Move Authentication Response building into a separate function This cleans up old dpp_auth_build_resp() (now dpp_auth_build_resp_ok()) a bit by separating initialization steps for a DPP authentication session from the code needed to build the frame. This allows dpp_auth_build_resp_status() to share the helper function instead of having to maintain a duplicated message construction implementation. In addition, this makes it easier to remove some of the attributes for protocol testing purposes. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-10-22 18:03:23 +02:00
r_pubkey_hash = auth->own_bi->pubkey_hash;
if (auth->peer_bi)
i_pubkey_hash = auth->peer_bi->pubkey_hash;
else
i_pubkey_hash = NULL;
DPP: Omission of Auth Resp attributes for protocol testing This extends the dpp_test mechanism to allow each of the required attributes in Authentication Response to be omitted. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-10-22 21:17:55 +02:00
i_nonce = auth->i_nonce;
#ifdef CONFIG_TESTING_OPTIONS
if (dpp_test == DPP_TEST_NO_R_BOOTSTRAP_KEY_HASH_AUTH_RESP) {
wpa_printf(MSG_INFO, "DPP: TESTING - no R-Bootstrap Key Hash");
r_pubkey_hash = NULL;
DPP: Protocol testing for writing invalid I/R Bootstrap Key Hash Extend dpp_test to cover cases where Initiator/Responder Bootstrap Key Hash value in DPP Authentication frames is invalid (flip one bit). Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-19 10:32:02 +01:00
} else if (dpp_test ==
DPP_TEST_INVALID_R_BOOTSTRAP_KEY_HASH_AUTH_RESP) {
wpa_printf(MSG_INFO,
"DPP: TESTING - invalid R-Bootstrap Key Hash");
os_memcpy(test_hash, r_pubkey_hash, SHA256_MAC_LEN);
test_hash[SHA256_MAC_LEN - 1] ^= 0x01;
r_pubkey_hash = test_hash;
DPP: Omission of Auth Resp attributes for protocol testing This extends the dpp_test mechanism to allow each of the required attributes in Authentication Response to be omitted. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-10-22 21:17:55 +02:00
} else if (dpp_test == DPP_TEST_NO_I_BOOTSTRAP_KEY_HASH_AUTH_RESP) {
wpa_printf(MSG_INFO, "DPP: TESTING - no I-Bootstrap Key Hash");
i_pubkey_hash = NULL;
DPP: Protocol testing for writing invalid I/R Bootstrap Key Hash Extend dpp_test to cover cases where Initiator/Responder Bootstrap Key Hash value in DPP Authentication frames is invalid (flip one bit). Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-19 10:32:02 +01:00
} else if (dpp_test ==
DPP_TEST_INVALID_I_BOOTSTRAP_KEY_HASH_AUTH_RESP) {
wpa_printf(MSG_INFO,
"DPP: TESTING - invalid I-Bootstrap Key Hash");
if (i_pubkey_hash)
os_memcpy(test_hash, i_pubkey_hash, SHA256_MAC_LEN);
else
os_memset(test_hash, 0, SHA256_MAC_LEN);
test_hash[SHA256_MAC_LEN - 1] ^= 0x01;
i_pubkey_hash = test_hash;
DPP: Omission of Auth Resp attributes for protocol testing This extends the dpp_test mechanism to allow each of the required attributes in Authentication Response to be omitted. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-10-22 21:17:55 +02:00
} else if (dpp_test == DPP_TEST_NO_STATUS_AUTH_RESP) {
wpa_printf(MSG_INFO, "DPP: TESTING - no Status");
status = -1;
} else if (dpp_test == DPP_TEST_NO_I_NONCE_AUTH_RESP) {
wpa_printf(MSG_INFO, "DPP: TESTING - no I-nonce");
i_nonce = NULL;
}
#endif /* CONFIG_TESTING_OPTIONS */
DPP: Move Authentication Response building into a separate function This cleans up old dpp_auth_build_resp() (now dpp_auth_build_resp_ok()) a bit by separating initialization steps for a DPP authentication session from the code needed to build the frame. This allows dpp_auth_build_resp_status() to share the helper function instead of having to maintain a duplicated message construction implementation. In addition, this makes it easier to remove some of the attributes for protocol testing purposes. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-10-22 18:03:23 +02:00
msg = dpp_auth_build_resp(auth, status, NULL, auth->curve->nonce_len,
r_pubkey_hash, i_pubkey_hash,
DPP: Omission of Auth Resp attributes for protocol testing This extends the dpp_test mechanism to allow each of the required attributes in Authentication Response to be omitted. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-10-22 21:17:55 +02:00
NULL, i_nonce, NULL, 0, auth->k1);
DPP: Authentication exchange Add wpa_supplicant control interface commands for managing DPP Authentication exchange. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-06-15 20:18:12 +02:00
if (!msg)
DPP: Move Authentication Response building into a separate function This cleans up old dpp_auth_build_resp() (now dpp_auth_build_resp_ok()) a bit by separating initialization steps for a DPP authentication session from the code needed to build the frame. This allows dpp_auth_build_resp_status() to share the helper function instead of having to maintain a duplicated message construction implementation. In addition, this makes it easier to remove some of the attributes for protocol testing purposes. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-10-22 18:03:23 +02:00
return -1;
DPP: Retransmit DPP Authentication Response frame if it is not ACKed This extends wpa_supplicant DPP implementation to retransmit DPP Authentication Response frame every 10 seconds up to 5 times if the peer does not reply with DPP Authentication Confirm frame. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-13 11:34:17 +01:00
wpabuf_free(auth->resp_msg);
DPP: Update AES-SIV AD for DPP Authentication frames The protocol design was updated to protect the six octets in the header before the attributes. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-10-18 21:51:30 +02:00
auth->resp_msg = msg;
DPP: Authentication exchange Add wpa_supplicant control interface commands for managing DPP Authentication exchange. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-06-15 20:18:12 +02:00
return 0;
}
struct dpp_authentication *
dpp_auth_req_rx(void *msg_ctx, u8 dpp_allowed_roles, int qr_mutual,
struct dpp_bootstrap_info *peer_bi,
struct dpp_bootstrap_info *own_bi,
DPP: Update AES-SIV AD for DPP Authentication frames The protocol design was updated to protect the six octets in the header before the attributes. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-10-18 21:51:30 +02:00
unsigned int freq, const u8 *hdr, const u8 *attr_start,
DPP: Remove unnecessary Wrapped Data checks from callers Now that dpp_check_attrs() takes care of verifying that no attributes are after the Wrapped Data attribute, the duplicated checks in hostapd and wpa_supplicant side of the implementation can be removed. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-10-22 10:46:12 +02:00
size_t attr_len)
DPP: Authentication exchange Add wpa_supplicant control interface commands for managing DPP Authentication exchange. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-06-15 20:18:12 +02:00
{
EVP_PKEY *pi = NULL;
EVP_PKEY_CTX *ctx = NULL;
size_t secret_len;
DPP: Update AES-SIV AD for DPP Authentication frames The protocol design was updated to protect the six octets in the header before the attributes. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-10-18 21:51:30 +02:00
const u8 *addr[2];
size_t len[2];
DPP: Authentication exchange Add wpa_supplicant control interface commands for managing DPP Authentication exchange. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-06-15 20:18:12 +02:00
u8 *unwrapped = NULL;
size_t unwrapped_len = 0;
DPP: Negotiation channel change request from Initiator Allow the Initiator to request a different channel to be used for DPP Authentication and DPP Configuration exchanges. This commit adds support for this in wpa_supplicant with the optional neg_freq=<freq in MHz> parameter in DPP_AUTH_INIT. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-10-29 15:08:02 +01:00
const u8 *wrapped_data, *i_proto, *i_nonce, *i_capab, *i_bootstrap,
*channel;
DPP: Remove unnecessary Wrapped Data checks from callers Now that dpp_check_attrs() takes care of verifying that no attributes are after the Wrapped Data attribute, the duplicated checks in hostapd and wpa_supplicant side of the implementation can be removed. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-10-22 10:46:12 +02:00
u16 wrapped_data_len, i_proto_len, i_nonce_len, i_capab_len,
DPP: Negotiation channel change request from Initiator Allow the Initiator to request a different channel to be used for DPP Authentication and DPP Configuration exchanges. This commit adds support for this in wpa_supplicant with the optional neg_freq=<freq in MHz> parameter in DPP_AUTH_INIT. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-10-29 15:08:02 +01:00
i_bootstrap_len, channel_len;
DPP: Authentication exchange Add wpa_supplicant control interface commands for managing DPP Authentication exchange. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-06-15 20:18:12 +02:00
struct dpp_authentication *auth = NULL;
DPP: Remove unnecessary Wrapped Data checks from callers Now that dpp_check_attrs() takes care of verifying that no attributes are after the Wrapped Data attribute, the duplicated checks in hostapd and wpa_supplicant side of the implementation can be removed. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-10-22 10:46:12 +02:00
wrapped_data = dpp_get_attr(attr_start, attr_len, DPP_ATTR_WRAPPED_DATA,
&wrapped_data_len);
if (!wrapped_data || wrapped_data_len < AES_BLOCK_SIZE) {
DPP: Report invalid messages and failure conditions in control interface This is useful for protocol testing purposes and UI needs to display more detailed information about DPP exchanges. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-10-22 16:24:38 +02:00
wpa_msg(msg_ctx, MSG_INFO, DPP_EVENT_FAIL
"Missing or invalid required Wrapped Data attribute");
DPP: Authentication exchange Add wpa_supplicant control interface commands for managing DPP Authentication exchange. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-06-15 20:18:12 +02:00
return NULL;
DPP: Remove unnecessary Wrapped Data checks from callers Now that dpp_check_attrs() takes care of verifying that no attributes are after the Wrapped Data attribute, the duplicated checks in hostapd and wpa_supplicant side of the implementation can be removed. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-10-22 10:46:12 +02:00
}
wpa_hexdump(MSG_MSGDUMP, "DPP: Wrapped Data",
wrapped_data, wrapped_data_len);
DPP: Authentication exchange Add wpa_supplicant control interface commands for managing DPP Authentication exchange. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-06-15 20:18:12 +02:00
attr_len = wrapped_data - 4 - attr_start;
auth = os_zalloc(sizeof(*auth));
if (!auth)
goto fail;
auth->msg_ctx = msg_ctx;
auth->peer_bi = peer_bi;
auth->own_bi = own_bi;
auth->curve = own_bi->curve;
auth->curr_freq = freq;
DPP: Negotiation channel change request from Initiator Allow the Initiator to request a different channel to be used for DPP Authentication and DPP Configuration exchanges. This commit adds support for this in wpa_supplicant with the optional neg_freq=<freq in MHz> parameter in DPP_AUTH_INIT. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-10-29 15:08:02 +01:00
channel = dpp_get_attr(attr_start, attr_len, DPP_ATTR_CHANNEL,
&channel_len);
if (channel) {
int neg_freq;
if (channel_len < 2) {
dpp_auth_fail(auth, "Too short Channel attribute");
goto fail;
}
neg_freq = ieee80211_chan_to_freq(NULL, channel[0], channel[1]);
wpa_printf(MSG_DEBUG,
"DPP: Initiator requested different channel for negotiation: op_class=%u channel=%u --> freq=%d",
channel[0], channel[1], neg_freq);
if (neg_freq < 0) {
dpp_auth_fail(auth,
"Unsupported Channel attribute value");
goto fail;
}
if (auth->curr_freq != (unsigned int) neg_freq) {
wpa_printf(MSG_DEBUG,
"DPP: Changing negotiation channel from %u MHz to %u MHz",
freq, neg_freq);
auth->curr_freq = neg_freq;
}
}
DPP: Authentication exchange Add wpa_supplicant control interface commands for managing DPP Authentication exchange. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-06-15 20:18:12 +02:00
i_proto = dpp_get_attr(attr_start, attr_len, DPP_ATTR_I_PROTOCOL_KEY,
&i_proto_len);
if (!i_proto) {
DPP: Report invalid messages and failure conditions in control interface This is useful for protocol testing purposes and UI needs to display more detailed information about DPP exchanges. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-10-22 16:24:38 +02:00
dpp_auth_fail(auth,
"Missing required Initiator Protocol Key attribute");
DPP: Authentication exchange Add wpa_supplicant control interface commands for managing DPP Authentication exchange. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-06-15 20:18:12 +02:00
goto fail;
}
wpa_hexdump(MSG_MSGDUMP, "DPP: Initiator Protocol Key",
i_proto, i_proto_len);
/* M = bR * PI */
pi = dpp_set_pubkey_point(own_bi->pubkey, i_proto, i_proto_len);
if (!pi) {
DPP: Report invalid messages and failure conditions in control interface This is useful for protocol testing purposes and UI needs to display more detailed information about DPP exchanges. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-10-22 16:24:38 +02:00
dpp_auth_fail(auth, "Invalid Initiator Protocol Key");
DPP: Authentication exchange Add wpa_supplicant control interface commands for managing DPP Authentication exchange. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-06-15 20:18:12 +02:00
goto fail;
}
dpp_debug_print_key("Peer (Initiator) Protocol Key", pi);
ctx = EVP_PKEY_CTX_new(own_bi->pubkey, NULL);
if (!ctx ||
EVP_PKEY_derive_init(ctx) != 1 ||
EVP_PKEY_derive_set_peer(ctx, pi) != 1 ||
EVP_PKEY_derive(ctx, NULL, &secret_len) != 1 ||
secret_len > DPP_MAX_SHARED_SECRET_LEN ||
EVP_PKEY_derive(ctx, auth->Mx, &secret_len) != 1) {
wpa_printf(MSG_ERROR,
"DPP: Failed to derive ECDH shared secret: %s",
ERR_error_string(ERR_get_error(), NULL));
DPP: Report invalid messages and failure conditions in control interface This is useful for protocol testing purposes and UI needs to display more detailed information about DPP exchanges. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-10-22 16:24:38 +02:00
dpp_auth_fail(auth, "Failed to derive ECDH shared secret");
DPP: Authentication exchange Add wpa_supplicant control interface commands for managing DPP Authentication exchange. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-06-15 20:18:12 +02:00
goto fail;
}
auth->secret_len = secret_len;
EVP_PKEY_CTX_free(ctx);
ctx = NULL;
wpa_hexdump_key(MSG_DEBUG, "DPP: ECDH shared secret (M.x)",
auth->Mx, auth->secret_len);
if (dpp_derive_k1(auth->Mx, auth->secret_len, auth->k1,
auth->curve->hash_len) < 0)
goto fail;
DPP: Update AES-SIV AD for DPP Authentication frames The protocol design was updated to protect the six octets in the header before the attributes. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-10-18 21:51:30 +02:00
addr[0] = hdr;
len[0] = DPP_HDR_LEN;
addr[1] = attr_start;
len[1] = attr_len;
wpa_hexdump(MSG_DEBUG, "DDP: AES-SIV AD[0]", addr[0], len[0]);
wpa_hexdump(MSG_DEBUG, "DDP: AES-SIV AD[1]", addr[1], len[1]);
DPP: Authentication exchange Add wpa_supplicant control interface commands for managing DPP Authentication exchange. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-06-15 20:18:12 +02:00
wpa_hexdump(MSG_DEBUG, "DPP: AES-SIV ciphertext",
wrapped_data, wrapped_data_len);
unwrapped_len = wrapped_data_len - AES_BLOCK_SIZE;
unwrapped = os_malloc(unwrapped_len);
if (!unwrapped)
goto fail;
if (aes_siv_decrypt(auth->k1, auth->curve->hash_len,
wrapped_data, wrapped_data_len,
DPP: Update AES-SIV AD for DPP Authentication frames The protocol design was updated to protect the six octets in the header before the attributes. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-10-18 21:51:30 +02:00
2, addr, len, unwrapped) < 0) {
DPP: Report invalid messages and failure conditions in control interface This is useful for protocol testing purposes and UI needs to display more detailed information about DPP exchanges. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-10-22 16:24:38 +02:00
dpp_auth_fail(auth, "AES-SIV decryption failed");
DPP: Authentication exchange Add wpa_supplicant control interface commands for managing DPP Authentication exchange. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-06-15 20:18:12 +02:00
goto fail;
}
wpa_hexdump(MSG_DEBUG, "DPP: AES-SIV cleartext",
unwrapped, unwrapped_len);
if (dpp_check_attrs(unwrapped, unwrapped_len) < 0) {
DPP: Report invalid messages and failure conditions in control interface This is useful for protocol testing purposes and UI needs to display more detailed information about DPP exchanges. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-10-22 16:24:38 +02:00
dpp_auth_fail(auth, "Invalid attribute in unwrapped data");
DPP: Authentication exchange Add wpa_supplicant control interface commands for managing DPP Authentication exchange. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-06-15 20:18:12 +02:00
goto fail;
}
i_nonce = dpp_get_attr(unwrapped, unwrapped_len, DPP_ATTR_I_NONCE,
&i_nonce_len);
if (!i_nonce || i_nonce_len != auth->curve->nonce_len) {
DPP: Report invalid messages and failure conditions in control interface This is useful for protocol testing purposes and UI needs to display more detailed information about DPP exchanges. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-10-22 16:24:38 +02:00
dpp_auth_fail(auth, "Missing or invalid I-nonce");
DPP: Authentication exchange Add wpa_supplicant control interface commands for managing DPP Authentication exchange. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-06-15 20:18:12 +02:00
goto fail;
}
wpa_hexdump(MSG_DEBUG, "DPP: I-nonce", i_nonce, i_nonce_len);
os_memcpy(auth->i_nonce, i_nonce, i_nonce_len);
i_capab = dpp_get_attr(unwrapped, unwrapped_len,
DPP_ATTR_I_CAPABILITIES,
&i_capab_len);
if (!i_capab || i_capab_len < 1) {
DPP: Report invalid messages and failure conditions in control interface This is useful for protocol testing purposes and UI needs to display more detailed information about DPP exchanges. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-10-22 16:24:38 +02:00
dpp_auth_fail(auth, "Missing or invalid I-capabilities");
DPP: Authentication exchange Add wpa_supplicant control interface commands for managing DPP Authentication exchange. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-06-15 20:18:12 +02:00
goto fail;
}
auth->i_capab = i_capab[0];
wpa_printf(MSG_DEBUG, "DPP: I-capabilities: 0x%02x", auth->i_capab);
bin_clear_free(unwrapped, unwrapped_len);
unwrapped = NULL;
switch (auth->i_capab & DPP_CAPAB_ROLE_MASK) {
case DPP_CAPAB_ENROLLEE:
if (!(dpp_allowed_roles & DPP_CAPAB_CONFIGURATOR)) {
wpa_printf(MSG_DEBUG,
"DPP: Local policy does not allow Configurator role");
goto not_compatible;
}
wpa_printf(MSG_DEBUG, "DPP: Acting as Configurator");
auth->configurator = 1;
break;
case DPP_CAPAB_CONFIGURATOR:
if (!(dpp_allowed_roles & DPP_CAPAB_ENROLLEE)) {
wpa_printf(MSG_DEBUG,
"DPP: Local policy does not allow Enrollee role");
goto not_compatible;
}
wpa_printf(MSG_DEBUG, "DPP: Acting as Enrollee");
auth->configurator = 0;
break;
DPP: Allowed initiator to indicate either role The new role=either parameter can now be used with DPP_AUTH_INIT to indicate that the initiator can take either the Configurator or Enrollee role. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-13 10:29:45 +01:00
case DPP_CAPAB_CONFIGURATOR | DPP_CAPAB_ENROLLEE:
if (dpp_allowed_roles & DPP_CAPAB_ENROLLEE) {
wpa_printf(MSG_DEBUG, "DPP: Acting as Enrollee");
auth->configurator = 0;
} else if (dpp_allowed_roles & DPP_CAPAB_CONFIGURATOR) {
wpa_printf(MSG_DEBUG, "DPP: Acting as Configurator");
auth->configurator = 1;
} else {
wpa_printf(MSG_DEBUG,
"DPP: Local policy does not allow Configurator/Enrollee role");
goto not_compatible;
}
break;
DPP: Authentication exchange Add wpa_supplicant control interface commands for managing DPP Authentication exchange. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-06-15 20:18:12 +02:00
default:
wpa_printf(MSG_DEBUG, "DPP: Unexpected role in I-capabilities");
DPP: Explicitly check and reject 0x00 and 0x03 I/R-capab role 0x00 and 0x03 are not valid I/R-capabilities role values. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-10-22 12:49:01 +02:00
wpa_msg(auth->msg_ctx, MSG_INFO,
DPP_EVENT_FAIL "Invalid role in I-capabilities 0x%02x",
auth->i_capab & DPP_CAPAB_ROLE_MASK);
goto fail;
DPP: Authentication exchange Add wpa_supplicant control interface commands for managing DPP Authentication exchange. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-06-15 20:18:12 +02:00
}
auth->peer_protocol_key = pi;
pi = NULL;
if (qr_mutual && !peer_bi && own_bi->type == DPP_BOOTSTRAP_QR_CODE) {
char hex[SHA256_MAC_LEN * 2 + 1];
wpa_printf(MSG_DEBUG,
"DPP: Mutual authentication required with QR Codes, but peer info is not yet available - request more time");
if (dpp_auth_build_resp_status(auth,
DPP_STATUS_RESPONSE_PENDING) < 0)
goto fail;
i_bootstrap = dpp_get_attr(attr_start, attr_len,
DPP_ATTR_I_BOOTSTRAP_KEY_HASH,
&i_bootstrap_len);
if (i_bootstrap && i_bootstrap_len == SHA256_MAC_LEN) {
auth->response_pending = 1;
os_memcpy(auth->waiting_pubkey_hash,
i_bootstrap, i_bootstrap_len);
wpa_snprintf_hex(hex, sizeof(hex), i_bootstrap,
i_bootstrap_len);
} else {
hex[0] = '\0';
}
wpa_msg(auth->msg_ctx, MSG_INFO, DPP_EVENT_SCAN_PEER_QR_CODE
"%s", hex);
return auth;
}
DPP: Move Authentication Response building into a separate function This cleans up old dpp_auth_build_resp() (now dpp_auth_build_resp_ok()) a bit by separating initialization steps for a DPP authentication session from the code needed to build the frame. This allows dpp_auth_build_resp_status() to share the helper function instead of having to maintain a duplicated message construction implementation. In addition, this makes it easier to remove some of the attributes for protocol testing purposes. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-10-22 18:03:23 +02:00
if (dpp_auth_build_resp_ok(auth) < 0)
DPP: Authentication exchange Add wpa_supplicant control interface commands for managing DPP Authentication exchange. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-06-15 20:18:12 +02:00
goto fail;
return auth;
not_compatible:
wpa_msg(auth->msg_ctx, MSG_INFO, DPP_EVENT_NOT_COMPATIBLE
"i-capab=0x%02x", auth->i_capab);
if (dpp_allowed_roles & DPP_CAPAB_CONFIGURATOR)
auth->configurator = 1;
else
auth->configurator = 0;
auth->peer_protocol_key = pi;
pi = NULL;
if (dpp_auth_build_resp_status(auth, DPP_STATUS_NOT_COMPATIBLE) < 0)
goto fail;
auth->remove_on_tx_status = 1;
return auth;
fail:
bin_clear_free(unwrapped, unwrapped_len);
EVP_PKEY_free(pi);
EVP_PKEY_CTX_free(ctx);
dpp_auth_deinit(auth);
return NULL;
}
int dpp_notify_new_qr_code(struct dpp_authentication *auth,
struct dpp_bootstrap_info *peer_bi)
{
if (!auth || !auth->response_pending ||
os_memcmp(auth->waiting_pubkey_hash, peer_bi->pubkey_hash,
SHA256_MAC_LEN) != 0)
return 0;
wpa_printf(MSG_DEBUG,
"DPP: New scanned QR Code has matching public key that was needed to continue DPP Authentication exchange with "
MACSTR, MAC2STR(auth->peer_mac_addr));
auth->peer_bi = peer_bi;
DPP: Move Authentication Response building into a separate function This cleans up old dpp_auth_build_resp() (now dpp_auth_build_resp_ok()) a bit by separating initialization steps for a DPP authentication session from the code needed to build the frame. This allows dpp_auth_build_resp_status() to share the helper function instead of having to maintain a duplicated message construction implementation. In addition, this makes it easier to remove some of the attributes for protocol testing purposes. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-10-22 18:03:23 +02:00
if (dpp_auth_build_resp_ok(auth) < 0)
DPP: Authentication exchange Add wpa_supplicant control interface commands for managing DPP Authentication exchange. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-06-15 20:18:12 +02:00
return -1;
return 1;
}
DPP: Send Authentication Confirm failure reports If Authentication Response processing fails due to R-capab incompatibility or R-auth mismatch, send Authentication Confirm with error status. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-10-28 11:06:22 +02:00
static struct wpabuf * dpp_auth_build_conf(struct dpp_authentication *auth,
enum dpp_status_error status)
DPP: Authentication exchange Add wpa_supplicant control interface commands for managing DPP Authentication exchange. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-06-15 20:18:12 +02:00
{
struct wpabuf *msg;
u8 i_auth[4 + DPP_MAX_HASH_LEN];
size_t i_auth_len;
DPP: Send Authentication Confirm failure reports If Authentication Response processing fails due to R-capab incompatibility or R-auth mismatch, send Authentication Confirm with error status. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-10-28 11:06:22 +02:00
u8 r_nonce[4 + DPP_MAX_NONCE_LEN];
size_t r_nonce_len;
DPP: Update AES-SIV AD for DPP Authentication frames The protocol design was updated to protect the six octets in the header before the attributes. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-10-18 21:51:30 +02:00
const u8 *addr[2];
size_t len[2], attr_len;
DPP: Authentication exchange Add wpa_supplicant control interface commands for managing DPP Authentication exchange. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-06-15 20:18:12 +02:00
u8 *wrapped_i_auth;
DPP: Send Authentication Confirm failure reports If Authentication Response processing fails due to R-capab incompatibility or R-auth mismatch, send Authentication Confirm with error status. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-10-28 11:06:22 +02:00
u8 *wrapped_r_nonce;
DPP: Update AES-SIV AD for DPP Authentication frames The protocol design was updated to protect the six octets in the header before the attributes. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-10-18 21:51:30 +02:00
u8 *attr_start, *attr_end;
DPP: Protocol testing for writing invalid I/R Bootstrap Key Hash Extend dpp_test to cover cases where Initiator/Responder Bootstrap Key Hash value in DPP Authentication frames is invalid (flip one bit). Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-19 10:32:02 +01:00
const u8 *r_pubkey_hash, *i_pubkey_hash;
#ifdef CONFIG_TESTING_OPTIONS
u8 test_hash[SHA256_MAC_LEN];
#endif /* CONFIG_TESTING_OPTIONS */
DPP: Authentication exchange Add wpa_supplicant control interface commands for managing DPP Authentication exchange. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-06-15 20:18:12 +02:00
wpa_printf(MSG_DEBUG, "DPP: Build Authentication Confirmation");
i_auth_len = 4 + auth->curve->hash_len;
DPP: Send Authentication Confirm failure reports If Authentication Response processing fails due to R-capab incompatibility or R-auth mismatch, send Authentication Confirm with error status. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-10-28 11:06:22 +02:00
r_nonce_len = 4 + auth->curve->nonce_len;
DPP: Authentication exchange Add wpa_supplicant control interface commands for managing DPP Authentication exchange. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-06-15 20:18:12 +02:00
/* Build DPP Authentication Confirmation frame attributes */
DPP: Update AES-SIV AD for DPP Authentication frames The protocol design was updated to protect the six octets in the header before the attributes. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-10-18 21:51:30 +02:00
attr_len = 4 + 1 + 2 * (4 + SHA256_MAC_LEN) +
DPP: Send Authentication Confirm failure reports If Authentication Response processing fails due to R-capab incompatibility or R-auth mismatch, send Authentication Confirm with error status. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-10-28 11:06:22 +02:00
4 + i_auth_len + r_nonce_len + AES_BLOCK_SIZE;
DPP: Protocol testing framework Add a generic mechanism for configuring the DPP implementation to behave in particular different (mostly incorrect) ways for protocol testing purposes. The new dpp_test parameter can be set to a non-zero integer to indicate a specific behavior. This is only available in CONFIG_TESTING_OPTIONS=y builds. This commit include cases for an extra attribute being added after the Wrapped Data attribute and Initiator/Responder capabilities having an unexpected zero capability. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-10-22 10:15:21 +02:00
#ifdef CONFIG_TESTING_OPTIONS
if (dpp_test == DPP_TEST_AFTER_WRAPPED_DATA_AUTH_CONF)
DPP: Replace custom undefined attr with DPP Status in after-wrapped data This has the same impact and is needed for some testing needs. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-19 11:32:00 +01:00
attr_len += 5;
DPP: Protocol testing framework Add a generic mechanism for configuring the DPP implementation to behave in particular different (mostly incorrect) ways for protocol testing purposes. The new dpp_test parameter can be set to a non-zero integer to indicate a specific behavior. This is only available in CONFIG_TESTING_OPTIONS=y builds. This commit include cases for an extra attribute being added after the Wrapped Data attribute and Initiator/Responder capabilities having an unexpected zero capability. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-10-22 10:15:21 +02:00
#endif /* CONFIG_TESTING_OPTIONS */
DPP: Update AES-SIV AD for DPP Authentication frames The protocol design was updated to protect the six octets in the header before the attributes. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-10-18 21:51:30 +02:00
msg = dpp_alloc_msg(DPP_PA_AUTHENTICATION_CONF, attr_len);
DPP: Authentication exchange Add wpa_supplicant control interface commands for managing DPP Authentication exchange. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-06-15 20:18:12 +02:00
if (!msg)
goto fail;
DPP: Update AES-SIV AD for DPP Authentication frames The protocol design was updated to protect the six octets in the header before the attributes. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-10-18 21:51:30 +02:00
attr_start = wpabuf_put(msg, 0);
DPP: Protocol testing for writing invalid I/R Bootstrap Key Hash Extend dpp_test to cover cases where Initiator/Responder Bootstrap Key Hash value in DPP Authentication frames is invalid (flip one bit). Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-19 10:32:02 +01:00
r_pubkey_hash = auth->peer_bi->pubkey_hash;
if (auth->own_bi)
i_pubkey_hash = auth->own_bi->pubkey_hash;
else
i_pubkey_hash = NULL;
DPP: Omission of Auth Conf attributes for protocol testing This extends the dpp_test mechanism to allow each of the required attributes in Authentication Confirm to be omitted. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-10-23 12:34:30 +02:00
#ifdef CONFIG_TESTING_OPTIONS
DPP: Protocol testing for invalid DPP Status value Extend dpp_test to cover cases where DPP Status value is invalid in Authentication Response/Confirm frames. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-19 11:53:04 +01:00
if (dpp_test == DPP_TEST_NO_STATUS_AUTH_CONF) {
wpa_printf(MSG_INFO, "DPP: TESTING - no Status");
DPP: Omission of Auth Conf attributes for protocol testing This extends the dpp_test mechanism to allow each of the required attributes in Authentication Confirm to be omitted. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-10-23 12:34:30 +02:00
goto skip_status;
DPP: Protocol testing for invalid DPP Status value Extend dpp_test to cover cases where DPP Status value is invalid in Authentication Response/Confirm frames. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-19 11:53:04 +01:00
} else if (dpp_test == DPP_TEST_INVALID_STATUS_AUTH_CONF) {
wpa_printf(MSG_INFO, "DPP: TESTING - invalid Status");
status = 254;
}
DPP: Omission of Auth Conf attributes for protocol testing This extends the dpp_test mechanism to allow each of the required attributes in Authentication Confirm to be omitted. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-10-23 12:34:30 +02:00
#endif /* CONFIG_TESTING_OPTIONS */
DPP: Authentication exchange Add wpa_supplicant control interface commands for managing DPP Authentication exchange. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-06-15 20:18:12 +02:00
/* DPP Status */
DPP: Use a helper function to build DPP Status attribute Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-19 11:27:14 +01:00
dpp_build_attr_status(msg, status);
DPP: Authentication exchange Add wpa_supplicant control interface commands for managing DPP Authentication exchange. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-06-15 20:18:12 +02:00
DPP: Omission of Auth Conf attributes for protocol testing This extends the dpp_test mechanism to allow each of the required attributes in Authentication Confirm to be omitted. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-10-23 12:34:30 +02:00
#ifdef CONFIG_TESTING_OPTIONS
skip_status:
DPP: Protocol testing for writing invalid I/R Bootstrap Key Hash Extend dpp_test to cover cases where Initiator/Responder Bootstrap Key Hash value in DPP Authentication frames is invalid (flip one bit). Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-19 10:32:02 +01:00
if (dpp_test == DPP_TEST_NO_R_BOOTSTRAP_KEY_HASH_AUTH_CONF) {
wpa_printf(MSG_INFO, "DPP: TESTING - no R-Bootstrap Key Hash");
r_pubkey_hash = NULL;
} else if (dpp_test ==
DPP_TEST_INVALID_R_BOOTSTRAP_KEY_HASH_AUTH_CONF) {
wpa_printf(MSG_INFO,
"DPP: TESTING - invalid R-Bootstrap Key Hash");
os_memcpy(test_hash, r_pubkey_hash, SHA256_MAC_LEN);
test_hash[SHA256_MAC_LEN - 1] ^= 0x01;
r_pubkey_hash = test_hash;
} else if (dpp_test == DPP_TEST_NO_I_BOOTSTRAP_KEY_HASH_AUTH_CONF) {
wpa_printf(MSG_INFO, "DPP: TESTING - no I-Bootstrap Key Hash");
i_pubkey_hash = NULL;
} else if (dpp_test ==
DPP_TEST_INVALID_I_BOOTSTRAP_KEY_HASH_AUTH_CONF) {
wpa_printf(MSG_INFO,
"DPP: TESTING - invalid I-Bootstrap Key Hash");
if (i_pubkey_hash)
os_memcpy(test_hash, i_pubkey_hash, SHA256_MAC_LEN);
else
os_memset(test_hash, 0, SHA256_MAC_LEN);
test_hash[SHA256_MAC_LEN - 1] ^= 0x01;
i_pubkey_hash = test_hash;
}
DPP: Omission of Auth Conf attributes for protocol testing This extends the dpp_test mechanism to allow each of the required attributes in Authentication Confirm to be omitted. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-10-23 12:34:30 +02:00
#endif /* CONFIG_TESTING_OPTIONS */
DPP: Authentication exchange Add wpa_supplicant control interface commands for managing DPP Authentication exchange. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-06-15 20:18:12 +02:00
/* Responder Bootstrapping Key Hash */
DPP: Use helper functions to build Bootstrap Key Hash attributes Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-19 11:41:57 +01:00
dpp_build_attr_r_bootstrap_key_hash(msg, r_pubkey_hash);
DPP: Omission of Auth Conf attributes for protocol testing This extends the dpp_test mechanism to allow each of the required attributes in Authentication Confirm to be omitted. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-10-23 12:34:30 +02:00
DPP: Use helper functions to build Bootstrap Key Hash attributes Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-19 11:41:57 +01:00
/* Initiator Bootstrapping Key Hash (mutual authentication) */
dpp_build_attr_i_bootstrap_key_hash(msg, i_pubkey_hash);
DPP: Authentication exchange Add wpa_supplicant control interface commands for managing DPP Authentication exchange. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-06-15 20:18:12 +02:00
DPP: Omission of Auth Conf attributes for protocol testing This extends the dpp_test mechanism to allow each of the required attributes in Authentication Confirm to be omitted. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-10-23 12:34:30 +02:00
#ifdef CONFIG_TESTING_OPTIONS
if (dpp_test == DPP_TEST_NO_WRAPPED_DATA_AUTH_CONF)
goto skip_wrapped_data;
if (dpp_test == DPP_TEST_NO_I_AUTH_AUTH_CONF)
i_auth_len = 0;
#endif /* CONFIG_TESTING_OPTIONS */
DPP: Update AES-SIV AD for DPP Authentication frames The protocol design was updated to protect the six octets in the header before the attributes. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-10-18 21:51:30 +02:00
attr_end = wpabuf_put(msg, 0);
/* OUI, OUI type, Crypto Suite, DPP frame type */
addr[0] = wpabuf_head_u8(msg) + 2;
len[0] = 3 + 1 + 1 + 1;
wpa_hexdump(MSG_DEBUG, "DDP: AES-SIV AD[0]", addr[0], len[0]);
/* Attributes before Wrapped Data */
addr[1] = attr_start;
len[1] = attr_end - attr_start;
wpa_hexdump(MSG_DEBUG, "DDP: AES-SIV AD[1]", addr[1], len[1]);
DPP: Send Authentication Confirm failure reports If Authentication Response processing fails due to R-capab incompatibility or R-auth mismatch, send Authentication Confirm with error status. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-10-28 11:06:22 +02:00
if (status == DPP_STATUS_OK) {
/* I-auth wrapped with ke */
wpabuf_put_le16(msg, DPP_ATTR_WRAPPED_DATA);
wpabuf_put_le16(msg, i_auth_len + AES_BLOCK_SIZE);
wrapped_i_auth = wpabuf_put(msg, i_auth_len + AES_BLOCK_SIZE);
DPP: Omission of Auth Conf attributes for protocol testing This extends the dpp_test mechanism to allow each of the required attributes in Authentication Confirm to be omitted. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-10-23 12:34:30 +02:00
#ifdef CONFIG_TESTING_OPTIONS
DPP: Send Authentication Confirm failure reports If Authentication Response processing fails due to R-capab incompatibility or R-auth mismatch, send Authentication Confirm with error status. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-10-28 11:06:22 +02:00
if (dpp_test == DPP_TEST_NO_I_AUTH_AUTH_CONF)
goto skip_i_auth;
DPP: Omission of Auth Conf attributes for protocol testing This extends the dpp_test mechanism to allow each of the required attributes in Authentication Confirm to be omitted. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-10-23 12:34:30 +02:00
#endif /* CONFIG_TESTING_OPTIONS */
DPP: Send Authentication Confirm failure reports If Authentication Response processing fails due to R-capab incompatibility or R-auth mismatch, send Authentication Confirm with error status. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-10-28 11:06:22 +02:00
/* I-auth = H(R-nonce | I-nonce | PR.x | PI.x | BR.x | [BI.x |]
* 1) */
WPA_PUT_LE16(i_auth, DPP_ATTR_I_AUTH_TAG);
WPA_PUT_LE16(&i_auth[2], auth->curve->hash_len);
if (dpp_gen_i_auth(auth, i_auth + 4) < 0)
goto fail;
DPP: Omission of Auth Conf attributes for protocol testing This extends the dpp_test mechanism to allow each of the required attributes in Authentication Confirm to be omitted. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-10-23 12:34:30 +02:00
#ifdef CONFIG_TESTING_OPTIONS
DPP: Send Authentication Confirm failure reports If Authentication Response processing fails due to R-capab incompatibility or R-auth mismatch, send Authentication Confirm with error status. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-10-28 11:06:22 +02:00
if (dpp_test == DPP_TEST_I_AUTH_MISMATCH_AUTH_CONF) {
wpa_printf(MSG_INFO, "DPP: TESTING - I-auth mismatch");
i_auth[4 + auth->curve->hash_len / 2] ^= 0x01;
}
DPP: Omission of Auth Conf attributes for protocol testing This extends the dpp_test mechanism to allow each of the required attributes in Authentication Confirm to be omitted. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-10-23 12:34:30 +02:00
skip_i_auth:
#endif /* CONFIG_TESTING_OPTIONS */
DPP: Send Authentication Confirm failure reports If Authentication Response processing fails due to R-capab incompatibility or R-auth mismatch, send Authentication Confirm with error status. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-10-28 11:06:22 +02:00
if (aes_siv_encrypt(auth->ke, auth->curve->hash_len,
i_auth, i_auth_len,
2, addr, len, wrapped_i_auth) < 0)
goto fail;
wpa_hexdump(MSG_DEBUG, "DPP: {I-auth}ke",
wrapped_i_auth, i_auth_len + AES_BLOCK_SIZE);
} else {
/* R-nonce wrapped with k2 */
wpabuf_put_le16(msg, DPP_ATTR_WRAPPED_DATA);
wpabuf_put_le16(msg, r_nonce_len + AES_BLOCK_SIZE);
wrapped_r_nonce = wpabuf_put(msg, r_nonce_len + AES_BLOCK_SIZE);
WPA_PUT_LE16(r_nonce, DPP_ATTR_R_NONCE);
WPA_PUT_LE16(&r_nonce[2], auth->curve->nonce_len);
os_memcpy(r_nonce + 4, auth->r_nonce, auth->curve->nonce_len);
if (aes_siv_encrypt(auth->k2, auth->curve->hash_len,
r_nonce, r_nonce_len,
2, addr, len, wrapped_r_nonce) < 0)
goto fail;
wpa_hexdump(MSG_DEBUG, "DPP: {R-nonce}k2",
wrapped_r_nonce, r_nonce_len + AES_BLOCK_SIZE);
}
DPP: Authentication exchange Add wpa_supplicant control interface commands for managing DPP Authentication exchange. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-06-15 20:18:12 +02:00
DPP: Protocol testing framework Add a generic mechanism for configuring the DPP implementation to behave in particular different (mostly incorrect) ways for protocol testing purposes. The new dpp_test parameter can be set to a non-zero integer to indicate a specific behavior. This is only available in CONFIG_TESTING_OPTIONS=y builds. This commit include cases for an extra attribute being added after the Wrapped Data attribute and Initiator/Responder capabilities having an unexpected zero capability. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-10-22 10:15:21 +02:00
#ifdef CONFIG_TESTING_OPTIONS
if (dpp_test == DPP_TEST_AFTER_WRAPPED_DATA_AUTH_CONF) {
wpa_printf(MSG_INFO, "DPP: TESTING - attr after Wrapped Data");
DPP: Replace custom undefined attr with DPP Status in after-wrapped data This has the same impact and is needed for some testing needs. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-19 11:32:00 +01:00
dpp_build_attr_status(msg, DPP_STATUS_OK);
DPP: Protocol testing framework Add a generic mechanism for configuring the DPP implementation to behave in particular different (mostly incorrect) ways for protocol testing purposes. The new dpp_test parameter can be set to a non-zero integer to indicate a specific behavior. This is only available in CONFIG_TESTING_OPTIONS=y builds. This commit include cases for an extra attribute being added after the Wrapped Data attribute and Initiator/Responder capabilities having an unexpected zero capability. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-10-22 10:15:21 +02:00
}
DPP: Omission of Auth Conf attributes for protocol testing This extends the dpp_test mechanism to allow each of the required attributes in Authentication Confirm to be omitted. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-10-23 12:34:30 +02:00
skip_wrapped_data:
DPP: Protocol testing framework Add a generic mechanism for configuring the DPP implementation to behave in particular different (mostly incorrect) ways for protocol testing purposes. The new dpp_test parameter can be set to a non-zero integer to indicate a specific behavior. This is only available in CONFIG_TESTING_OPTIONS=y builds. This commit include cases for an extra attribute being added after the Wrapped Data attribute and Initiator/Responder capabilities having an unexpected zero capability. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-10-22 10:15:21 +02:00
#endif /* CONFIG_TESTING_OPTIONS */
DPP: Authentication exchange Add wpa_supplicant control interface commands for managing DPP Authentication exchange. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-06-15 20:18:12 +02:00
wpa_hexdump_buf(MSG_DEBUG,
"DPP: Authentication Confirmation frame attributes",
msg);
DPP: Send Authentication Confirm failure reports If Authentication Response processing fails due to R-capab incompatibility or R-auth mismatch, send Authentication Confirm with error status. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-10-28 11:06:22 +02:00
if (status == DPP_STATUS_OK)
dpp_auth_success(auth);
DPP: Authentication exchange Add wpa_supplicant control interface commands for managing DPP Authentication exchange. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-06-15 20:18:12 +02:00
return msg;
fail:
return NULL;
}
static void
DPP: Update AES-SIV AD for DPP Authentication frames The protocol design was updated to protect the six octets in the header before the attributes. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-10-18 21:51:30 +02:00
dpp_auth_resp_rx_status(struct dpp_authentication *auth, const u8 *hdr,
DPP: Authentication exchange Add wpa_supplicant control interface commands for managing DPP Authentication exchange. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-06-15 20:18:12 +02:00
const u8 *attr_start, size_t attr_len,
const u8 *wrapped_data, u16 wrapped_data_len,
enum dpp_status_error status)
{
DPP: Update AES-SIV AD for DPP Authentication frames The protocol design was updated to protect the six octets in the header before the attributes. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-10-18 21:51:30 +02:00
const u8 *addr[2];
size_t len[2];
DPP: Authentication exchange Add wpa_supplicant control interface commands for managing DPP Authentication exchange. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-06-15 20:18:12 +02:00
u8 *unwrapped = NULL;
size_t unwrapped_len = 0;
const u8 *i_nonce, *r_capab;
u16 i_nonce_len, r_capab_len;
if (status == DPP_STATUS_NOT_COMPATIBLE) {
wpa_printf(MSG_DEBUG,
"DPP: Responder reported incompatible roles");
} else if (status == DPP_STATUS_RESPONSE_PENDING) {
wpa_printf(MSG_DEBUG,
"DPP: Responder reported more time needed");
} else {
wpa_printf(MSG_DEBUG,
"DPP: Responder reported failure (status %d)",
status);
DPP: Report invalid messages and failure conditions in control interface This is useful for protocol testing purposes and UI needs to display more detailed information about DPP exchanges. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-10-22 16:24:38 +02:00
dpp_auth_fail(auth, "Responder reported failure");
DPP: Authentication exchange Add wpa_supplicant control interface commands for managing DPP Authentication exchange. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-06-15 20:18:12 +02:00
return;
}
DPP: Update AES-SIV AD for DPP Authentication frames The protocol design was updated to protect the six octets in the header before the attributes. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-10-18 21:51:30 +02:00
addr[0] = hdr;
len[0] = DPP_HDR_LEN;
addr[1] = attr_start;
len[1] = attr_len;
wpa_hexdump(MSG_DEBUG, "DDP: AES-SIV AD[0]", addr[0], len[0]);
wpa_hexdump(MSG_DEBUG, "DDP: AES-SIV AD[1]", addr[1], len[1]);
DPP: Authentication exchange Add wpa_supplicant control interface commands for managing DPP Authentication exchange. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-06-15 20:18:12 +02:00
wpa_hexdump(MSG_DEBUG, "DPP: AES-SIV ciphertext",
wrapped_data, wrapped_data_len);
unwrapped_len = wrapped_data_len - AES_BLOCK_SIZE;
unwrapped = os_malloc(unwrapped_len);
if (!unwrapped)
goto fail;
if (aes_siv_decrypt(auth->k1, auth->curve->hash_len,
wrapped_data, wrapped_data_len,
DPP: Update AES-SIV AD for DPP Authentication frames The protocol design was updated to protect the six octets in the header before the attributes. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-10-18 21:51:30 +02:00
2, addr, len, unwrapped) < 0) {
DPP: Report invalid messages and failure conditions in control interface This is useful for protocol testing purposes and UI needs to display more detailed information about DPP exchanges. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-10-22 16:24:38 +02:00
dpp_auth_fail(auth, "AES-SIV decryption failed");
DPP: Authentication exchange Add wpa_supplicant control interface commands for managing DPP Authentication exchange. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-06-15 20:18:12 +02:00
goto fail;
}
wpa_hexdump(MSG_DEBUG, "DPP: AES-SIV cleartext",
unwrapped, unwrapped_len);
if (dpp_check_attrs(unwrapped, unwrapped_len) < 0) {
DPP: Report invalid messages and failure conditions in control interface This is useful for protocol testing purposes and UI needs to display more detailed information about DPP exchanges. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-10-22 16:24:38 +02:00
dpp_auth_fail(auth, "Invalid attribute in unwrapped data");
DPP: Authentication exchange Add wpa_supplicant control interface commands for managing DPP Authentication exchange. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-06-15 20:18:12 +02:00
goto fail;
}
i_nonce = dpp_get_attr(unwrapped, unwrapped_len, DPP_ATTR_I_NONCE,
&i_nonce_len);
if (!i_nonce || i_nonce_len != auth->curve->nonce_len) {
DPP: Report invalid messages and failure conditions in control interface This is useful for protocol testing purposes and UI needs to display more detailed information about DPP exchanges. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-10-22 16:24:38 +02:00
dpp_auth_fail(auth, "Missing or invalid I-nonce");
DPP: Authentication exchange Add wpa_supplicant control interface commands for managing DPP Authentication exchange. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-06-15 20:18:12 +02:00
goto fail;
}
wpa_hexdump(MSG_DEBUG, "DPP: I-nonce", i_nonce, i_nonce_len);
if (os_memcmp(auth->i_nonce, i_nonce, i_nonce_len) != 0) {
DPP: Report invalid messages and failure conditions in control interface This is useful for protocol testing purposes and UI needs to display more detailed information about DPP exchanges. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-10-22 16:24:38 +02:00
dpp_auth_fail(auth, "I-nonce mismatch");
DPP: Authentication exchange Add wpa_supplicant control interface commands for managing DPP Authentication exchange. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-06-15 20:18:12 +02:00
goto fail;
}
r_capab = dpp_get_attr(unwrapped, unwrapped_len,
DPP_ATTR_R_CAPABILITIES,
&r_capab_len);
if (!r_capab || r_capab_len < 1) {
DPP: Report invalid messages and failure conditions in control interface This is useful for protocol testing purposes and UI needs to display more detailed information about DPP exchanges. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-10-22 16:24:38 +02:00
dpp_auth_fail(auth, "Missing or invalid R-capabilities");
DPP: Authentication exchange Add wpa_supplicant control interface commands for managing DPP Authentication exchange. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-06-15 20:18:12 +02:00
goto fail;
}
auth->r_capab = r_capab[0];
wpa_printf(MSG_DEBUG, "DPP: R-capabilities: 0x%02x", auth->r_capab);
if (status == DPP_STATUS_NOT_COMPATIBLE) {
wpa_msg(auth->msg_ctx, MSG_INFO, DPP_EVENT_NOT_COMPATIBLE
"r-capab=0x%02x", auth->r_capab);
} else if (status == DPP_STATUS_RESPONSE_PENDING) {
DPP: Explicitly check and reject 0x00 and 0x03 I/R-capab role 0x00 and 0x03 are not valid I/R-capabilities role values. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-10-22 12:49:01 +02:00
u8 role = auth->r_capab & DPP_CAPAB_ROLE_MASK;
if ((auth->configurator && role != DPP_CAPAB_ENROLLEE) ||
(!auth->configurator && role != DPP_CAPAB_CONFIGURATOR)) {
wpa_msg(auth->msg_ctx, MSG_INFO,
DPP_EVENT_FAIL "Unexpected role in R-capabilities 0x%02x",
role);
} else {
wpa_printf(MSG_DEBUG,
"DPP: Continue waiting for full DPP Authentication Response");
wpa_msg(auth->msg_ctx, MSG_INFO, DPP_EVENT_RESPONSE_PENDING);
}
DPP: Authentication exchange Add wpa_supplicant control interface commands for managing DPP Authentication exchange. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-06-15 20:18:12 +02:00
}
fail:
bin_clear_free(unwrapped, unwrapped_len);
}
struct wpabuf *
DPP: Update AES-SIV AD for DPP Authentication frames The protocol design was updated to protect the six octets in the header before the attributes. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-10-18 21:51:30 +02:00
dpp_auth_resp_rx(struct dpp_authentication *auth, const u8 *hdr,
const u8 *attr_start, size_t attr_len)
DPP: Authentication exchange Add wpa_supplicant control interface commands for managing DPP Authentication exchange. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-06-15 20:18:12 +02:00
{
EVP_PKEY *pr;
EVP_PKEY_CTX *ctx = NULL;
size_t secret_len;
DPP: Update AES-SIV AD for DPP Authentication frames The protocol design was updated to protect the six octets in the header before the attributes. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-10-18 21:51:30 +02:00
const u8 *addr[2];
size_t len[2];
DPP: Authentication exchange Add wpa_supplicant control interface commands for managing DPP Authentication exchange. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-06-15 20:18:12 +02:00
u8 *unwrapped = NULL, *unwrapped2 = NULL;
size_t unwrapped_len = 0, unwrapped2_len = 0;
const u8 *r_bootstrap, *i_bootstrap, *wrapped_data, *status, *r_proto,
*r_nonce, *i_nonce, *r_capab, *wrapped2, *r_auth;
u16 r_bootstrap_len, i_bootstrap_len, wrapped_data_len, status_len,
r_proto_len, r_nonce_len, i_nonce_len, r_capab_len,
wrapped2_len, r_auth_len;
u8 r_auth2[DPP_MAX_HASH_LEN];
DPP: Explicitly check and reject 0x00 and 0x03 I/R-capab role 0x00 and 0x03 are not valid I/R-capabilities role values. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-10-22 12:49:01 +02:00
u8 role;
DPP: Authentication exchange Add wpa_supplicant control interface commands for managing DPP Authentication exchange. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-06-15 20:18:12 +02:00
DPP: Reject unexpected Req/Resp message based on Auth/PKEX role This prevents issues where an unexpected message in the DPP Authentication exchange or PKEX could result in undefined behavior. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-13 11:54:20 +01:00
if (!auth->initiator) {
dpp_auth_fail(auth, "Unexpected Authentication Response");
return NULL;
}
DPP: Support multiple channels for initiating DPP Authentication This extends wpa_supplicant to iterate over all available channels from the intersection of what the peer indicates and the local device supports when initiating DPP Authentication. In addition, retry DPP Authentication Request frame up to five times if no response is received. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-12 11:17:54 +01:00
auth->waiting_auth_resp = 0;
DPP: Authentication exchange Add wpa_supplicant control interface commands for managing DPP Authentication exchange. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-06-15 20:18:12 +02:00
wrapped_data = dpp_get_attr(attr_start, attr_len, DPP_ATTR_WRAPPED_DATA,
&wrapped_data_len);
DPP: Report invalid messages and failure conditions in control interface This is useful for protocol testing purposes and UI needs to display more detailed information about DPP exchanges. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-10-22 16:24:38 +02:00
if (!wrapped_data || wrapped_data_len < AES_BLOCK_SIZE) {
dpp_auth_fail(auth,
"Missing or invalid required Wrapped Data attribute");
DPP: Authentication exchange Add wpa_supplicant control interface commands for managing DPP Authentication exchange. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-06-15 20:18:12 +02:00
return NULL;
}
wpa_hexdump(MSG_DEBUG, "DPP: Wrapped data",
wrapped_data, wrapped_data_len);
attr_len = wrapped_data - 4 - attr_start;
r_bootstrap = dpp_get_attr(attr_start, attr_len,
DPP_ATTR_R_BOOTSTRAP_KEY_HASH,
&r_bootstrap_len);
if (!r_bootstrap || r_bootstrap_len != SHA256_MAC_LEN) {
DPP: Report invalid messages and failure conditions in control interface This is useful for protocol testing purposes and UI needs to display more detailed information about DPP exchanges. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-10-22 16:24:38 +02:00
dpp_auth_fail(auth,
"Missing or invalid required Responder Bootstrapping Key Hash attribute");
DPP: Authentication exchange Add wpa_supplicant control interface commands for managing DPP Authentication exchange. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-06-15 20:18:12 +02:00
return NULL;
}
wpa_hexdump(MSG_DEBUG, "DPP: Responder Bootstrapping Key Hash",
r_bootstrap, r_bootstrap_len);
if (os_memcmp(r_bootstrap, auth->peer_bi->pubkey_hash,
SHA256_MAC_LEN) != 0) {
DPP: Report invalid messages and failure conditions in control interface This is useful for protocol testing purposes and UI needs to display more detailed information about DPP exchanges. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-10-22 16:24:38 +02:00
dpp_auth_fail(auth,
"Unexpected Responder Bootstrapping Key Hash value");
DPP: Authentication exchange Add wpa_supplicant control interface commands for managing DPP Authentication exchange. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-06-15 20:18:12 +02:00
wpa_hexdump(MSG_DEBUG,
"DPP: Expected Responder Bootstrapping Key Hash",
auth->peer_bi->pubkey_hash, SHA256_MAC_LEN);
return NULL;
}
i_bootstrap = dpp_get_attr(attr_start, attr_len,
DPP_ATTR_I_BOOTSTRAP_KEY_HASH,
&i_bootstrap_len);
if (i_bootstrap) {
if (i_bootstrap_len != SHA256_MAC_LEN) {
DPP: Report invalid messages and failure conditions in control interface This is useful for protocol testing purposes and UI needs to display more detailed information about DPP exchanges. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-10-22 16:24:38 +02:00
dpp_auth_fail(auth,
"Invalid Initiator Bootstrapping Key Hash attribute");
DPP: Authentication exchange Add wpa_supplicant control interface commands for managing DPP Authentication exchange. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-06-15 20:18:12 +02:00
return NULL;
}
wpa_hexdump(MSG_MSGDUMP,
"DPP: Initiator Bootstrapping Key Hash",
i_bootstrap, i_bootstrap_len);
if (!auth->own_bi ||
os_memcmp(i_bootstrap, auth->own_bi->pubkey_hash,
SHA256_MAC_LEN) != 0) {
DPP: Report invalid messages and failure conditions in control interface This is useful for protocol testing purposes and UI needs to display more detailed information about DPP exchanges. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-10-22 16:24:38 +02:00
dpp_auth_fail(auth,
"Initiator Bootstrapping Key Hash attribute did not match");
DPP: Authentication exchange Add wpa_supplicant control interface commands for managing DPP Authentication exchange. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-06-15 20:18:12 +02:00
return NULL;
}
DPP: Allow Responder to decide not to use mutual authentication Previously, Initiator decided whether to use mutual authentication on its own based on having own and peer bootstrapping info. This prevented Responder from selecting not to use mutual authentication in such a case. Fix this by allowed Initiator to fall back to non-mutual authentication based on Responder choice if the bootstrapping mechanism allows this (PKEX does not; it mandates use of mutual authentication). Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-10-23 13:14:57 +02:00
} else if (auth->own_bi && auth->own_bi->type == DPP_BOOTSTRAP_PKEX) {
/* PKEX bootstrapping mandates use of mutual authentication */
dpp_auth_fail(auth,
"Missing Initiator Bootstrapping Key Hash attribute");
return NULL;
DPP: Authentication exchange Add wpa_supplicant control interface commands for managing DPP Authentication exchange. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-06-15 20:18:12 +02:00
}
status = dpp_get_attr(attr_start, attr_len, DPP_ATTR_STATUS,
&status_len);
if (!status || status_len < 1) {
DPP: Report invalid messages and failure conditions in control interface This is useful for protocol testing purposes and UI needs to display more detailed information about DPP exchanges. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-10-22 16:24:38 +02:00
dpp_auth_fail(auth,
"Missing or invalid required DPP Status attribute");
DPP: Authentication exchange Add wpa_supplicant control interface commands for managing DPP Authentication exchange. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-06-15 20:18:12 +02:00
return NULL;
}
wpa_printf(MSG_DEBUG, "DPP: Status %u", status[0]);
auth->auth_resp_status = status[0];
if (status[0] != DPP_STATUS_OK) {
DPP: Update AES-SIV AD for DPP Authentication frames The protocol design was updated to protect the six octets in the header before the attributes. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-10-18 21:51:30 +02:00
dpp_auth_resp_rx_status(auth, hdr, attr_start,
DPP: Authentication exchange Add wpa_supplicant control interface commands for managing DPP Authentication exchange. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-06-15 20:18:12 +02:00
attr_len, wrapped_data,
wrapped_data_len, status[0]);
return NULL;
}
DPP: Allow Responder to decide not to use mutual authentication Previously, Initiator decided whether to use mutual authentication on its own based on having own and peer bootstrapping info. This prevented Responder from selecting not to use mutual authentication in such a case. Fix this by allowed Initiator to fall back to non-mutual authentication based on Responder choice if the bootstrapping mechanism allows this (PKEX does not; it mandates use of mutual authentication). Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-10-23 13:14:57 +02:00
if (!i_bootstrap && auth->own_bi) {
wpa_printf(MSG_DEBUG,
"DPP: Responder decided not to use mutual authentication");
auth->own_bi = NULL;
}
DPP: Authentication exchange Add wpa_supplicant control interface commands for managing DPP Authentication exchange. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-06-15 20:18:12 +02:00
r_proto = dpp_get_attr(attr_start, attr_len, DPP_ATTR_R_PROTOCOL_KEY,
&r_proto_len);
if (!r_proto) {
DPP: Report invalid messages and failure conditions in control interface This is useful for protocol testing purposes and UI needs to display more detailed information about DPP exchanges. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-10-22 16:24:38 +02:00
dpp_auth_fail(auth,
"Missing required Responder Protocol Key attribute");
DPP: Authentication exchange Add wpa_supplicant control interface commands for managing DPP Authentication exchange. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-06-15 20:18:12 +02:00
return NULL;
}
wpa_hexdump(MSG_MSGDUMP, "DPP: Responder Protocol Key",
r_proto, r_proto_len);
/* N = pI * PR */
pr = dpp_set_pubkey_point(auth->own_protocol_key, r_proto, r_proto_len);
if (!pr) {
DPP: Report invalid messages and failure conditions in control interface This is useful for protocol testing purposes and UI needs to display more detailed information about DPP exchanges. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-10-22 16:24:38 +02:00
dpp_auth_fail(auth, "Invalid Responder Protocol Key");
DPP: Authentication exchange Add wpa_supplicant control interface commands for managing DPP Authentication exchange. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-06-15 20:18:12 +02:00
return NULL;
}
dpp_debug_print_key("Peer (Responder) Protocol Key", pr);
ctx = EVP_PKEY_CTX_new(auth->own_protocol_key, NULL);
if (!ctx ||
EVP_PKEY_derive_init(ctx) != 1 ||
EVP_PKEY_derive_set_peer(ctx, pr) != 1 ||
EVP_PKEY_derive(ctx, NULL, &secret_len) != 1 ||
secret_len > DPP_MAX_SHARED_SECRET_LEN ||
EVP_PKEY_derive(ctx, auth->Nx, &secret_len) != 1) {
wpa_printf(MSG_ERROR,
"DPP: Failed to derive ECDH shared secret: %s",
ERR_error_string(ERR_get_error(), NULL));
DPP: Report invalid messages and failure conditions in control interface This is useful for protocol testing purposes and UI needs to display more detailed information about DPP exchanges. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-10-22 16:24:38 +02:00
dpp_auth_fail(auth, "Failed to derive ECDH shared secret");
DPP: Authentication exchange Add wpa_supplicant control interface commands for managing DPP Authentication exchange. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-06-15 20:18:12 +02:00
goto fail;
}
EVP_PKEY_CTX_free(ctx);
ctx = NULL;
auth->peer_protocol_key = pr;
pr = NULL;
wpa_hexdump_key(MSG_DEBUG, "DPP: ECDH shared secret (N.x)",
auth->Nx, auth->secret_len);
if (dpp_derive_k2(auth->Nx, auth->secret_len, auth->k2,
auth->curve->hash_len) < 0)
goto fail;
DPP: Update AES-SIV AD for DPP Authentication frames The protocol design was updated to protect the six octets in the header before the attributes. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-10-18 21:51:30 +02:00
addr[0] = hdr;
len[0] = DPP_HDR_LEN;
addr[1] = attr_start;
len[1] = attr_len;
wpa_hexdump(MSG_DEBUG, "DDP: AES-SIV AD[0]", addr[0], len[0]);
wpa_hexdump(MSG_DEBUG, "DDP: AES-SIV AD[1]", addr[1], len[1]);
DPP: Authentication exchange Add wpa_supplicant control interface commands for managing DPP Authentication exchange. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-06-15 20:18:12 +02:00
wpa_hexdump(MSG_DEBUG, "DPP: AES-SIV ciphertext",
wrapped_data, wrapped_data_len);
unwrapped_len = wrapped_data_len - AES_BLOCK_SIZE;
unwrapped = os_malloc(unwrapped_len);
if (!unwrapped)
goto fail;
if (aes_siv_decrypt(auth->k2, auth->curve->hash_len,
wrapped_data, wrapped_data_len,
DPP: Update AES-SIV AD for DPP Authentication frames The protocol design was updated to protect the six octets in the header before the attributes. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-10-18 21:51:30 +02:00
2, addr, len, unwrapped) < 0) {
DPP: Report invalid messages and failure conditions in control interface This is useful for protocol testing purposes and UI needs to display more detailed information about DPP exchanges. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-10-22 16:24:38 +02:00
dpp_auth_fail(auth, "AES-SIV decryption failed");
DPP: Authentication exchange Add wpa_supplicant control interface commands for managing DPP Authentication exchange. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-06-15 20:18:12 +02:00
goto fail;
}
wpa_hexdump(MSG_DEBUG, "DPP: AES-SIV cleartext",
unwrapped, unwrapped_len);
if (dpp_check_attrs(unwrapped, unwrapped_len) < 0) {
DPP: Report invalid messages and failure conditions in control interface This is useful for protocol testing purposes and UI needs to display more detailed information about DPP exchanges. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-10-22 16:24:38 +02:00
dpp_auth_fail(auth, "Invalid attribute in unwrapped data");
DPP: Authentication exchange Add wpa_supplicant control interface commands for managing DPP Authentication exchange. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-06-15 20:18:12 +02:00
goto fail;
}
r_nonce = dpp_get_attr(unwrapped, unwrapped_len, DPP_ATTR_R_NONCE,
&r_nonce_len);
if (!r_nonce || r_nonce_len != auth->curve->nonce_len) {
DPP: Report invalid messages and failure conditions in control interface This is useful for protocol testing purposes and UI needs to display more detailed information about DPP exchanges. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-10-22 16:24:38 +02:00
dpp_auth_fail(auth, "DPP: Missing or invalid R-nonce");
DPP: Authentication exchange Add wpa_supplicant control interface commands for managing DPP Authentication exchange. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-06-15 20:18:12 +02:00
goto fail;
}
wpa_hexdump(MSG_DEBUG, "DPP: R-nonce", r_nonce, r_nonce_len);
os_memcpy(auth->r_nonce, r_nonce, r_nonce_len);
i_nonce = dpp_get_attr(unwrapped, unwrapped_len, DPP_ATTR_I_NONCE,
&i_nonce_len);
if (!i_nonce || i_nonce_len != auth->curve->nonce_len) {
DPP: Report invalid messages and failure conditions in control interface This is useful for protocol testing purposes and UI needs to display more detailed information about DPP exchanges. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-10-22 16:24:38 +02:00
dpp_auth_fail(auth, "Missing or invalid I-nonce");
DPP: Authentication exchange Add wpa_supplicant control interface commands for managing DPP Authentication exchange. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-06-15 20:18:12 +02:00
goto fail;
}
wpa_hexdump(MSG_DEBUG, "DPP: I-nonce", i_nonce, i_nonce_len);
if (os_memcmp(auth->i_nonce, i_nonce, i_nonce_len) != 0) {
DPP: Report invalid messages and failure conditions in control interface This is useful for protocol testing purposes and UI needs to display more detailed information about DPP exchanges. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-10-22 16:24:38 +02:00
dpp_auth_fail(auth, "I-nonce mismatch");
DPP: Authentication exchange Add wpa_supplicant control interface commands for managing DPP Authentication exchange. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-06-15 20:18:12 +02:00
goto fail;
}
if (auth->own_bi && auth->peer_bi) {
/* Mutual authentication */
if (dpp_auth_derive_l_initiator(auth) < 0)
goto fail;
}
r_capab = dpp_get_attr(unwrapped, unwrapped_len,
DPP_ATTR_R_CAPABILITIES,
&r_capab_len);
if (!r_capab || r_capab_len < 1) {
DPP: Report invalid messages and failure conditions in control interface This is useful for protocol testing purposes and UI needs to display more detailed information about DPP exchanges. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-10-22 16:24:38 +02:00
dpp_auth_fail(auth, "Missing or invalid R-capabilities");
DPP: Authentication exchange Add wpa_supplicant control interface commands for managing DPP Authentication exchange. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-06-15 20:18:12 +02:00
goto fail;
}
auth->r_capab = r_capab[0];
wpa_printf(MSG_DEBUG, "DPP: R-capabilities: 0x%02x", auth->r_capab);
DPP: Explicitly check and reject 0x00 and 0x03 I/R-capab role 0x00 and 0x03 are not valid I/R-capabilities role values. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-10-22 12:49:01 +02:00
role = auth->r_capab & DPP_CAPAB_ROLE_MASK;
DPP: Allowed initiator to indicate either role The new role=either parameter can now be used with DPP_AUTH_INIT to indicate that the initiator can take either the Configurator or Enrollee role. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-13 10:29:45 +01:00
if ((auth->allowed_roles ==
(DPP_CAPAB_CONFIGURATOR | DPP_CAPAB_ENROLLEE)) &&
(role == DPP_CAPAB_CONFIGURATOR || role == DPP_CAPAB_ENROLLEE)) {
/* Peer selected its role, so move from "either role" to the
* role that is compatible with peer's selection. */
auth->configurator = role == DPP_CAPAB_ENROLLEE;
wpa_printf(MSG_DEBUG, "DPP: Acting as %s",
auth->configurator ? "Configurator" : "Enrollee");
} else if ((auth->configurator && role != DPP_CAPAB_ENROLLEE) ||
(!auth->configurator && role != DPP_CAPAB_CONFIGURATOR)) {
DPP: Authentication exchange Add wpa_supplicant control interface commands for managing DPP Authentication exchange. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-06-15 20:18:12 +02:00
wpa_printf(MSG_DEBUG, "DPP: Incompatible role selection");
DPP: Explicitly check and reject 0x00 and 0x03 I/R-capab role 0x00 and 0x03 are not valid I/R-capabilities role values. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-10-22 12:49:01 +02:00
wpa_msg(auth->msg_ctx, MSG_INFO, DPP_EVENT_FAIL
"Unexpected role in R-capabilities 0x%02x",
role);
DPP: Send Authentication Confirm failure reports If Authentication Response processing fails due to R-capab incompatibility or R-auth mismatch, send Authentication Confirm with error status. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-10-28 11:06:22 +02:00
if (role != DPP_CAPAB_ENROLLEE &&
role != DPP_CAPAB_CONFIGURATOR)
goto fail;
bin_clear_free(unwrapped, unwrapped_len);
auth->remove_on_tx_status = 1;
return dpp_auth_build_conf(auth, DPP_STATUS_NOT_COMPATIBLE);
DPP: Authentication exchange Add wpa_supplicant control interface commands for managing DPP Authentication exchange. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-06-15 20:18:12 +02:00
}
wrapped2 = dpp_get_attr(unwrapped, unwrapped_len,
DPP_ATTR_WRAPPED_DATA, &wrapped2_len);
if (!wrapped2 || wrapped2_len < AES_BLOCK_SIZE) {
DPP: Report invalid messages and failure conditions in control interface This is useful for protocol testing purposes and UI needs to display more detailed information about DPP exchanges. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-10-22 16:24:38 +02:00
dpp_auth_fail(auth,
"Missing or invalid Secondary Wrapped Data");
DPP: Authentication exchange Add wpa_supplicant control interface commands for managing DPP Authentication exchange. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-06-15 20:18:12 +02:00
goto fail;
}
wpa_hexdump(MSG_DEBUG, "DPP: AES-SIV ciphertext",
wrapped2, wrapped2_len);
DPP: Send Authentication Confirm failure reports If Authentication Response processing fails due to R-capab incompatibility or R-auth mismatch, send Authentication Confirm with error status. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-10-28 11:06:22 +02:00
if (dpp_derive_ke(auth, auth->ke, auth->curve->hash_len) < 0)
goto fail;
DPP: Authentication exchange Add wpa_supplicant control interface commands for managing DPP Authentication exchange. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-06-15 20:18:12 +02:00
unwrapped2_len = wrapped2_len - AES_BLOCK_SIZE;
unwrapped2 = os_malloc(unwrapped2_len);
if (!unwrapped2)
goto fail;
if (aes_siv_decrypt(auth->ke, auth->curve->hash_len,
wrapped2, wrapped2_len,
0, NULL, NULL, unwrapped2) < 0) {
DPP: Report invalid messages and failure conditions in control interface This is useful for protocol testing purposes and UI needs to display more detailed information about DPP exchanges. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-10-22 16:24:38 +02:00
dpp_auth_fail(auth, "AES-SIV decryption failed");
DPP: Authentication exchange Add wpa_supplicant control interface commands for managing DPP Authentication exchange. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-06-15 20:18:12 +02:00
goto fail;
}
wpa_hexdump(MSG_DEBUG, "DPP: AES-SIV cleartext",
unwrapped2, unwrapped2_len);
if (dpp_check_attrs(unwrapped2, unwrapped2_len) < 0) {
DPP: Report invalid messages and failure conditions in control interface This is useful for protocol testing purposes and UI needs to display more detailed information about DPP exchanges. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-10-22 16:24:38 +02:00
dpp_auth_fail(auth,
"Invalid attribute in secondary unwrapped data");
DPP: Authentication exchange Add wpa_supplicant control interface commands for managing DPP Authentication exchange. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-06-15 20:18:12 +02:00
goto fail;
}
r_auth = dpp_get_attr(unwrapped2, unwrapped2_len, DPP_ATTR_R_AUTH_TAG,
&r_auth_len);
if (!r_auth || r_auth_len != auth->curve->hash_len) {
DPP: Report invalid messages and failure conditions in control interface This is useful for protocol testing purposes and UI needs to display more detailed information about DPP exchanges. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-10-22 16:24:38 +02:00
dpp_auth_fail(auth,
"Missing or invalid Responder Authenticating Tag");
DPP: Authentication exchange Add wpa_supplicant control interface commands for managing DPP Authentication exchange. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-06-15 20:18:12 +02:00
goto fail;
}
wpa_hexdump(MSG_DEBUG, "DPP: Received Responder Authenticating Tag",
r_auth, r_auth_len);
/* R-auth' = H(I-nonce | R-nonce | PI.x | PR.x | [BI.x |] BR.x | 0) */
if (dpp_gen_r_auth(auth, r_auth2) < 0)
goto fail;
wpa_hexdump(MSG_DEBUG, "DPP: Calculated Responder Authenticating Tag",
r_auth2, r_auth_len);
if (os_memcmp(r_auth, r_auth2, r_auth_len) != 0) {
DPP: Report invalid messages and failure conditions in control interface This is useful for protocol testing purposes and UI needs to display more detailed information about DPP exchanges. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-10-22 16:24:38 +02:00
dpp_auth_fail(auth, "Mismatching Responder Authenticating Tag");
DPP: Send Authentication Confirm failure reports If Authentication Response processing fails due to R-capab incompatibility or R-auth mismatch, send Authentication Confirm with error status. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-10-28 11:06:22 +02:00
bin_clear_free(unwrapped, unwrapped_len);
bin_clear_free(unwrapped2, unwrapped2_len);
auth->remove_on_tx_status = 1;
return dpp_auth_build_conf(auth, DPP_STATUS_AUTH_FAILURE);
DPP: Authentication exchange Add wpa_supplicant control interface commands for managing DPP Authentication exchange. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-06-15 20:18:12 +02:00
}
bin_clear_free(unwrapped, unwrapped_len);
bin_clear_free(unwrapped2, unwrapped2_len);
DPP: Testing capability to send unexpected Authentication Response This is for protocol testing to check what happens if the Responser receives an unexpected Authentication Response instead of Authentication Confirm. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-13 11:47:30 +01:00
#ifdef CONFIG_TESTING_OPTIONS
if (dpp_test == DPP_TEST_AUTH_RESP_IN_PLACE_OF_CONF) {
wpa_printf(MSG_INFO,
"DPP: TESTING - Authentication Response in place of Confirm");
if (dpp_auth_build_resp_ok(auth) < 0)
return NULL;
return wpabuf_dup(auth->resp_msg);
}
#endif /* CONFIG_TESTING_OPTIONS */
DPP: Send Authentication Confirm failure reports If Authentication Response processing fails due to R-capab incompatibility or R-auth mismatch, send Authentication Confirm with error status. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-10-28 11:06:22 +02:00
return dpp_auth_build_conf(auth, DPP_STATUS_OK);
DPP: Authentication exchange Add wpa_supplicant control interface commands for managing DPP Authentication exchange. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-06-15 20:18:12 +02:00
fail:
bin_clear_free(unwrapped, unwrapped_len);
bin_clear_free(unwrapped2, unwrapped2_len);
EVP_PKEY_free(pr);
EVP_PKEY_CTX_free(ctx);
return NULL;
}
DPP: Process Authentication Confirm failure cases Process Authentication Confirm with the two failure cases defined in the spec: STATUS_NOT_COMPATIBLE and STATUS_AUTH_FAILURE. This verifies the {R-nonce}k2 part and reports more detailed failure reason if the message is valid. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-10-28 16:40:06 +02:00
static int dpp_auth_conf_rx_failure(struct dpp_authentication *auth,
const u8 *hdr,
const u8 *attr_start, size_t attr_len,
const u8 *wrapped_data,
u16 wrapped_data_len,
enum dpp_status_error status)
{
const u8 *addr[2];
size_t len[2];
u8 *unwrapped = NULL;
size_t unwrapped_len = 0;
const u8 *r_nonce;
u16 r_nonce_len;
/* Authentication Confirm failure cases are expected to include
* {R-nonce}k2 in the Wrapped Data attribute. */
addr[0] = hdr;
len[0] = DPP_HDR_LEN;
addr[1] = attr_start;
len[1] = attr_len;
wpa_hexdump(MSG_DEBUG, "DDP: AES-SIV AD[0]", addr[0], len[0]);
wpa_hexdump(MSG_DEBUG, "DDP: AES-SIV AD[1]", addr[1], len[1]);
wpa_hexdump(MSG_DEBUG, "DPP: AES-SIV ciphertext",
wrapped_data, wrapped_data_len);
unwrapped_len = wrapped_data_len - AES_BLOCK_SIZE;
unwrapped = os_malloc(unwrapped_len);
if (!unwrapped) {
dpp_auth_fail(auth, "Authentication failed");
goto fail;
}
if (aes_siv_decrypt(auth->k2, auth->curve->hash_len,
wrapped_data, wrapped_data_len,
2, addr, len, unwrapped) < 0) {
dpp_auth_fail(auth, "AES-SIV decryption failed");
goto fail;
}
wpa_hexdump(MSG_DEBUG, "DPP: AES-SIV cleartext",
unwrapped, unwrapped_len);
if (dpp_check_attrs(unwrapped, unwrapped_len) < 0) {
dpp_auth_fail(auth, "Invalid attribute in unwrapped data");
goto fail;
}
r_nonce = dpp_get_attr(unwrapped, unwrapped_len, DPP_ATTR_R_NONCE,
&r_nonce_len);
if (!r_nonce || r_nonce_len != auth->curve->nonce_len) {
dpp_auth_fail(auth, "DPP: Missing or invalid R-nonce");
goto fail;
}
if (os_memcmp(r_nonce, auth->r_nonce, r_nonce_len) != 0) {
wpa_hexdump(MSG_DEBUG, "DPP: Received R-nonce",
r_nonce, r_nonce_len);
wpa_hexdump(MSG_DEBUG, "DPP: Expected R-nonce",
auth->r_nonce, r_nonce_len);
dpp_auth_fail(auth, "R-nonce mismatch");
goto fail;
}
if (status == DPP_STATUS_NOT_COMPATIBLE)
dpp_auth_fail(auth, "Peer reported incompatible R-capab role");
else if (status == DPP_STATUS_AUTH_FAILURE)
dpp_auth_fail(auth, "Peer reported authentication failure)");
fail:
bin_clear_free(unwrapped, unwrapped_len);
return -1;
}
DPP: Update AES-SIV AD for DPP Authentication frames The protocol design was updated to protect the six octets in the header before the attributes. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-10-18 21:51:30 +02:00
int dpp_auth_conf_rx(struct dpp_authentication *auth, const u8 *hdr,
const u8 *attr_start, size_t attr_len)
DPP: Authentication exchange Add wpa_supplicant control interface commands for managing DPP Authentication exchange. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-06-15 20:18:12 +02:00
{
const u8 *r_bootstrap, *i_bootstrap, *wrapped_data, *status, *i_auth;
u16 r_bootstrap_len, i_bootstrap_len, wrapped_data_len, status_len,
i_auth_len;
DPP: Update AES-SIV AD for DPP Authentication frames The protocol design was updated to protect the six octets in the header before the attributes. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-10-18 21:51:30 +02:00
const u8 *addr[2];
size_t len[2];
DPP: Authentication exchange Add wpa_supplicant control interface commands for managing DPP Authentication exchange. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-06-15 20:18:12 +02:00
u8 *unwrapped = NULL;
size_t unwrapped_len = 0;
u8 i_auth2[DPP_MAX_HASH_LEN];
DPP: Reject unexpected Req/Resp message based on Auth/PKEX role This prevents issues where an unexpected message in the DPP Authentication exchange or PKEX could result in undefined behavior. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-13 11:54:20 +01:00
if (auth->initiator) {
dpp_auth_fail(auth, "Unexpected Authentication Confirm");
DPP: Fix error return value in dpp_auth_conf_rx() Commit 03abb6b5416d472d473c7017802236f8397d0278 ('DPP: Reject unexpected Req/Resp message based on Auth/PKEX role') used incorrect type of error value (NULL vs. -1). Fix that. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-23 19:20:39 +01:00
return -1;
DPP: Reject unexpected Req/Resp message based on Auth/PKEX role This prevents issues where an unexpected message in the DPP Authentication exchange or PKEX could result in undefined behavior. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-13 11:54:20 +01:00
}
DPP: Retransmit DPP Authentication Response frame if it is not ACKed This extends wpa_supplicant DPP implementation to retransmit DPP Authentication Response frame every 10 seconds up to 5 times if the peer does not reply with DPP Authentication Confirm frame. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-13 11:34:17 +01:00
auth->waiting_auth_conf = 0;
DPP: Authentication exchange Add wpa_supplicant control interface commands for managing DPP Authentication exchange. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-06-15 20:18:12 +02:00
wrapped_data = dpp_get_attr(attr_start, attr_len, DPP_ATTR_WRAPPED_DATA,
&wrapped_data_len);
DPP: Report Auth Conf failures in control interface This is useful for protocol testing purposes and UI needs to display more detailed information about DPP exchanges. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-10-23 12:46:23 +02:00
if (!wrapped_data || wrapped_data_len < AES_BLOCK_SIZE) {
dpp_auth_fail(auth,
"Missing or invalid required Wrapped Data attribute");
DPP: Authentication exchange Add wpa_supplicant control interface commands for managing DPP Authentication exchange. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-06-15 20:18:12 +02:00
return -1;
}
wpa_hexdump(MSG_DEBUG, "DPP: Wrapped data",
wrapped_data, wrapped_data_len);
attr_len = wrapped_data - 4 - attr_start;
r_bootstrap = dpp_get_attr(attr_start, attr_len,
DPP_ATTR_R_BOOTSTRAP_KEY_HASH,
&r_bootstrap_len);
DPP: Report Auth Conf failures in control interface This is useful for protocol testing purposes and UI needs to display more detailed information about DPP exchanges. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-10-23 12:46:23 +02:00
if (!r_bootstrap || r_bootstrap_len != SHA256_MAC_LEN) {
dpp_auth_fail(auth,
"Missing or invalid required Responder Bootstrapping Key Hash attribute");
DPP: Authentication exchange Add wpa_supplicant control interface commands for managing DPP Authentication exchange. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-06-15 20:18:12 +02:00
return -1;
}
wpa_hexdump(MSG_DEBUG, "DPP: Responder Bootstrapping Key Hash",
r_bootstrap, r_bootstrap_len);
if (os_memcmp(r_bootstrap, auth->own_bi->pubkey_hash,
SHA256_MAC_LEN) != 0) {
wpa_hexdump(MSG_DEBUG,
"DPP: Expected Responder Bootstrapping Key Hash",
auth->peer_bi->pubkey_hash, SHA256_MAC_LEN);
DPP: Report Auth Conf failures in control interface This is useful for protocol testing purposes and UI needs to display more detailed information about DPP exchanges. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-10-23 12:46:23 +02:00
dpp_auth_fail(auth,
"Responder Bootstrapping Key Hash mismatch");
DPP: Authentication exchange Add wpa_supplicant control interface commands for managing DPP Authentication exchange. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-06-15 20:18:12 +02:00
return -1;
}
i_bootstrap = dpp_get_attr(attr_start, attr_len,
DPP_ATTR_I_BOOTSTRAP_KEY_HASH,
&i_bootstrap_len);
if (i_bootstrap) {
DPP: Report Auth Conf failures in control interface This is useful for protocol testing purposes and UI needs to display more detailed information about DPP exchanges. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-10-23 12:46:23 +02:00
if (i_bootstrap_len != SHA256_MAC_LEN) {
dpp_auth_fail(auth,
"Invalid Initiator Bootstrapping Key Hash attribute");
DPP: Authentication exchange Add wpa_supplicant control interface commands for managing DPP Authentication exchange. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-06-15 20:18:12 +02:00
return -1;
}
wpa_hexdump(MSG_MSGDUMP,
"DPP: Initiator Bootstrapping Key Hash",
i_bootstrap, i_bootstrap_len);
if (!auth->peer_bi ||
os_memcmp(i_bootstrap, auth->peer_bi->pubkey_hash,
SHA256_MAC_LEN) != 0) {
DPP: Report Auth Conf failures in control interface This is useful for protocol testing purposes and UI needs to display more detailed information about DPP exchanges. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-10-23 12:46:23 +02:00
dpp_auth_fail(auth,
"Initiator Bootstrapping Key Hash mismatch");
DPP: Authentication exchange Add wpa_supplicant control interface commands for managing DPP Authentication exchange. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-06-15 20:18:12 +02:00
return -1;
}
DPP: Allow Responder to decide not to use mutual authentication Previously, Initiator decided whether to use mutual authentication on its own based on having own and peer bootstrapping info. This prevented Responder from selecting not to use mutual authentication in such a case. Fix this by allowed Initiator to fall back to non-mutual authentication based on Responder choice if the bootstrapping mechanism allows this (PKEX does not; it mandates use of mutual authentication). Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-10-23 13:14:57 +02:00
} else if (auth->own_bi && auth->peer_bi) {
/* Mutual authentication and peer did not include its
* Bootstrapping Key Hash attribute. */
dpp_auth_fail(auth,
"Missing Initiator Bootstrapping Key Hash attribute");
return -1;
DPP: Authentication exchange Add wpa_supplicant control interface commands for managing DPP Authentication exchange. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-06-15 20:18:12 +02:00
}
status = dpp_get_attr(attr_start, attr_len, DPP_ATTR_STATUS,
&status_len);
if (!status || status_len < 1) {
DPP: Report Auth Conf failures in control interface This is useful for protocol testing purposes and UI needs to display more detailed information about DPP exchanges. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-10-23 12:46:23 +02:00
dpp_auth_fail(auth,
"Missing or invalid required DPP Status attribute");
DPP: Authentication exchange Add wpa_supplicant control interface commands for managing DPP Authentication exchange. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-06-15 20:18:12 +02:00
return -1;
}
wpa_printf(MSG_DEBUG, "DPP: Status %u", status[0]);
DPP: Process Authentication Confirm failure cases Process Authentication Confirm with the two failure cases defined in the spec: STATUS_NOT_COMPATIBLE and STATUS_AUTH_FAILURE. This verifies the {R-nonce}k2 part and reports more detailed failure reason if the message is valid. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-10-28 16:40:06 +02:00
if (status[0] == DPP_STATUS_NOT_COMPATIBLE ||
status[0] == DPP_STATUS_AUTH_FAILURE)
return dpp_auth_conf_rx_failure(auth, hdr, attr_start,
attr_len, wrapped_data,
wrapped_data_len, status[0]);
DPP: Authentication exchange Add wpa_supplicant control interface commands for managing DPP Authentication exchange. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-06-15 20:18:12 +02:00
if (status[0] != DPP_STATUS_OK) {
DPP: Report Auth Conf failures in control interface This is useful for protocol testing purposes and UI needs to display more detailed information about DPP exchanges. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-10-23 12:46:23 +02:00
dpp_auth_fail(auth, "Authentication failed");
DPP: Authentication exchange Add wpa_supplicant control interface commands for managing DPP Authentication exchange. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-06-15 20:18:12 +02:00
return -1;
}
DPP: Update AES-SIV AD for DPP Authentication frames The protocol design was updated to protect the six octets in the header before the attributes. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-10-18 21:51:30 +02:00
addr[0] = hdr;
len[0] = DPP_HDR_LEN;
addr[1] = attr_start;
len[1] = attr_len;
wpa_hexdump(MSG_DEBUG, "DDP: AES-SIV AD[0]", addr[0], len[0]);
wpa_hexdump(MSG_DEBUG, "DDP: AES-SIV AD[1]", addr[1], len[1]);
DPP: Authentication exchange Add wpa_supplicant control interface commands for managing DPP Authentication exchange. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-06-15 20:18:12 +02:00
wpa_hexdump(MSG_DEBUG, "DPP: AES-SIV ciphertext",
wrapped_data, wrapped_data_len);
unwrapped_len = wrapped_data_len - AES_BLOCK_SIZE;
unwrapped = os_malloc(unwrapped_len);
if (!unwrapped)
return -1;
if (aes_siv_decrypt(auth->ke, auth->curve->hash_len,
wrapped_data, wrapped_data_len,
DPP: Update AES-SIV AD for DPP Authentication frames The protocol design was updated to protect the six octets in the header before the attributes. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-10-18 21:51:30 +02:00
2, addr, len, unwrapped) < 0) {
DPP: Report Auth Conf failures in control interface This is useful for protocol testing purposes and UI needs to display more detailed information about DPP exchanges. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-10-23 12:46:23 +02:00
dpp_auth_fail(auth, "AES-SIV decryption failed");
DPP: Authentication exchange Add wpa_supplicant control interface commands for managing DPP Authentication exchange. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-06-15 20:18:12 +02:00
goto fail;
}
wpa_hexdump(MSG_DEBUG, "DPP: AES-SIV cleartext",
unwrapped, unwrapped_len);
if (dpp_check_attrs(unwrapped, unwrapped_len) < 0) {
DPP: Report Auth Conf failures in control interface This is useful for protocol testing purposes and UI needs to display more detailed information about DPP exchanges. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-10-23 12:46:23 +02:00
dpp_auth_fail(auth, "Invalid attribute in unwrapped data");
DPP: Authentication exchange Add wpa_supplicant control interface commands for managing DPP Authentication exchange. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-06-15 20:18:12 +02:00
goto fail;
}
i_auth = dpp_get_attr(unwrapped, unwrapped_len, DPP_ATTR_I_AUTH_TAG,
&i_auth_len);
if (!i_auth || i_auth_len != auth->curve->hash_len) {
DPP: Report Auth Conf failures in control interface This is useful for protocol testing purposes and UI needs to display more detailed information about DPP exchanges. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-10-23 12:46:23 +02:00
dpp_auth_fail(auth,
"Missing or invalid Initiator Authenticating Tag");
DPP: Authentication exchange Add wpa_supplicant control interface commands for managing DPP Authentication exchange. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-06-15 20:18:12 +02:00
goto fail;
}
wpa_hexdump(MSG_DEBUG, "DPP: Received Initiator Authenticating Tag",
i_auth, i_auth_len);
/* I-auth' = H(R-nonce | I-nonce | PR.x | PI.x | BR.x | [BI.x |] 1) */
if (dpp_gen_i_auth(auth, i_auth2) < 0)
goto fail;
wpa_hexdump(MSG_DEBUG, "DPP: Calculated Initiator Authenticating Tag",
i_auth2, i_auth_len);
if (os_memcmp(i_auth, i_auth2, i_auth_len) != 0) {
DPP: Report Auth Conf failures in control interface This is useful for protocol testing purposes and UI needs to display more detailed information about DPP exchanges. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-10-23 12:46:23 +02:00
dpp_auth_fail(auth, "Mismatching Initiator Authenticating Tag");
DPP: Authentication exchange Add wpa_supplicant control interface commands for managing DPP Authentication exchange. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-06-15 20:18:12 +02:00
goto fail;
}
bin_clear_free(unwrapped, unwrapped_len);
dpp_auth_success(auth);
return 0;
fail:
bin_clear_free(unwrapped, unwrapped_len);
return -1;
}
DPP: Configuration exchange This adds support for DPP Configuration Protocol using GAS. Full generation and processing of the configuration object is not included in this commit. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-06-15 20:18:15 +02:00
void dpp_configuration_free(struct dpp_configuration *conf)
{
if (!conf)
return;
str_clear_free(conf->passphrase);
bin_clear_free(conf, sizeof(*conf));
}
DPP: Authentication exchange Add wpa_supplicant control interface commands for managing DPP Authentication exchange. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-06-15 20:18:12 +02:00
void dpp_auth_deinit(struct dpp_authentication *auth)
{
if (!auth)
return;
DPP: Configuration exchange This adds support for DPP Configuration Protocol using GAS. Full generation and processing of the configuration object is not included in this commit. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-06-15 20:18:15 +02:00
dpp_configuration_free(auth->conf_ap);
dpp_configuration_free(auth->conf_sta);
DPP: Authentication exchange Add wpa_supplicant control interface commands for managing DPP Authentication exchange. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-06-15 20:18:12 +02:00
EVP_PKEY_free(auth->own_protocol_key);
EVP_PKEY_free(auth->peer_protocol_key);
DPP: Update AES-SIV AD for DPP Authentication frames The protocol design was updated to protect the six octets in the header before the attributes. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-10-18 21:51:30 +02:00
wpabuf_free(auth->req_msg);
wpabuf_free(auth->resp_msg);
DPP: Configuration exchange This adds support for DPP Configuration Protocol using GAS. Full generation and processing of the configuration object is not included in this commit. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-06-15 20:18:15 +02:00
wpabuf_free(auth->conf_req);
os_free(auth->connector);
wpabuf_free(auth->net_access_key);
wpabuf_free(auth->c_sign_key);
#ifdef CONFIG_TESTING_OPTIONS
os_free(auth->config_obj_override);
os_free(auth->discovery_override);
os_free(auth->groups_override);
#endif /* CONFIG_TESTING_OPTIONS */
DPP: Authentication exchange Add wpa_supplicant control interface commands for managing DPP Authentication exchange. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-06-15 20:18:12 +02:00
bin_clear_free(auth, sizeof(*auth));
}
DPP: Configuration exchange This adds support for DPP Configuration Protocol using GAS. Full generation and processing of the configuration object is not included in this commit. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-06-15 20:18:15 +02:00
static struct wpabuf *
dpp_build_conf_start(struct dpp_authentication *auth,
struct dpp_configuration *conf, size_t tailroom)
{
struct wpabuf *buf;
char ssid[6 * sizeof(conf->ssid) + 1];
#ifdef CONFIG_TESTING_OPTIONS
if (auth->discovery_override)
tailroom += os_strlen(auth->discovery_override);
#endif /* CONFIG_TESTING_OPTIONS */
buf = wpabuf_alloc(200 + tailroom);
if (!buf)
return NULL;
wpabuf_put_str(buf, "{\"wi-fi_tech\":\"infra\",\"discovery\":");
#ifdef CONFIG_TESTING_OPTIONS
if (auth->discovery_override) {
wpa_printf(MSG_DEBUG, "DPP: TESTING - discovery override: '%s'",
auth->discovery_override);
wpabuf_put_str(buf, auth->discovery_override);
wpabuf_put_u8(buf, ',');
return buf;
}
#endif /* CONFIG_TESTING_OPTIONS */
wpabuf_put_str(buf, "{\"ssid\":\"");
json_escape_string(ssid, sizeof(ssid),
(const char *) conf->ssid, conf->ssid_len);
wpabuf_put_str(buf, ssid);
DPP: Remove obsolete TODO comment on discovery object The optional channel information was removed from the discovery object in the DPP tech spec, so no need to maintain this TODO note anymore. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-03 11:09:15 +01:00
wpabuf_put_str(buf, "\"},");
DPP: Configuration exchange This adds support for DPP Configuration Protocol using GAS. Full generation and processing of the configuration object is not included in this commit. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-06-15 20:18:15 +02:00
return buf;
}
static int dpp_build_jwk(struct wpabuf *buf, const char *name, EVP_PKEY *key,
const char *kid, const struct dpp_curve_params *curve)
{
struct wpabuf *pub;
const u8 *pos;
char *x = NULL, *y = NULL;
int ret = -1;
pub = dpp_get_pubkey_point(key, 0);
if (!pub)
goto fail;
pos = wpabuf_head(pub);
x = (char *) base64_url_encode(pos, curve->prime_len, NULL, 0);
pos += curve->prime_len;
y = (char *) base64_url_encode(pos, curve->prime_len, NULL, 0);
DPP: Fix static analyzer warnings in key generation and JWK construction Memory allocation failures could have resulted in error paths that dereference a NULL pointer or double-freeing memory. Fix this by explicitly clearing the freed pointer and checking allocation results. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-10-11 17:19:03 +02:00
if (!x || !y)
goto fail;
DPP: Configuration exchange This adds support for DPP Configuration Protocol using GAS. Full generation and processing of the configuration object is not included in this commit. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-06-15 20:18:15 +02:00
wpabuf_put_str(buf, "\"");
wpabuf_put_str(buf, name);
wpabuf_put_str(buf, "\":{\"kty\":\"EC\",\"crv\":\"");
wpabuf_put_str(buf, curve->jwk_crv);
wpabuf_put_str(buf, "\",\"x\":\"");
wpabuf_put_str(buf, x);
wpabuf_put_str(buf, "\",\"y\":\"");
wpabuf_put_str(buf, y);
if (kid) {
wpabuf_put_str(buf, "\",\"kid\":\"");
wpabuf_put_str(buf, kid);
}
wpabuf_put_str(buf, "\"}");
ret = 0;
DPP: Fix static analyzer warnings in key generation and JWK construction Memory allocation failures could have resulted in error paths that dereference a NULL pointer or double-freeing memory. Fix this by explicitly clearing the freed pointer and checking allocation results. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-10-11 17:19:03 +02:00
fail:
DPP: Configuration exchange This adds support for DPP Configuration Protocol using GAS. Full generation and processing of the configuration object is not included in this commit. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-06-15 20:18:15 +02:00
wpabuf_free(pub);
os_free(x);
os_free(y);
return ret;
}
static struct wpabuf *
dpp_build_conf_obj_dpp(struct dpp_authentication *auth, int ap,
struct dpp_configuration *conf)
{
struct wpabuf *buf = NULL;
char *signed1 = NULL, *signed2 = NULL, *signed3 = NULL;
size_t tailroom;
const struct dpp_curve_params *curve;
char jws_prot_hdr[100];
size_t signed1_len, signed2_len, signed3_len;
struct wpabuf *dppcon = NULL;
unsigned char *signature = NULL;
const unsigned char *p;
size_t signature_len;
EVP_MD_CTX *md_ctx = NULL;
ECDSA_SIG *sig = NULL;
char *dot = ".";
const EVP_MD *sign_md;
const BIGNUM *r, *s;
size_t extra_len = 1000;
if (!auth->conf) {
wpa_printf(MSG_INFO,
"DPP: No configurator specified - cannot generate DPP config object");
goto fail;
}
curve = auth->conf->curve;
if (curve->hash_len == SHA256_MAC_LEN) {
sign_md = EVP_sha256();
} else if (curve->hash_len == SHA384_MAC_LEN) {
sign_md = EVP_sha384();
} else if (curve->hash_len == SHA512_MAC_LEN) {
sign_md = EVP_sha512();
} else {
wpa_printf(MSG_DEBUG, "DPP: Unknown signature algorithm");
goto fail;
}
#ifdef CONFIG_TESTING_OPTIONS
if (auth->groups_override)
extra_len += os_strlen(auth->groups_override);
#endif /* CONFIG_TESTING_OPTIONS */
/* Connector (JSON dppCon object) */
dppcon = wpabuf_alloc(extra_len + 2 * auth->curve->prime_len * 4 / 3);
if (!dppcon)
goto fail;
#ifdef CONFIG_TESTING_OPTIONS
DPP: Remove devices object from the connector This was removed from the draft DPP tech spec, so remove it from the implementation as well. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-08-22 22:46:27 +02:00
if (auth->groups_override) {
DPP: Configuration exchange This adds support for DPP Configuration Protocol using GAS. Full generation and processing of the configuration object is not included in this commit. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-06-15 20:18:15 +02:00
wpabuf_put_u8(dppcon, '{');
if (auth->groups_override) {
wpa_printf(MSG_DEBUG,
"DPP: TESTING - groups override: '%s'",
auth->groups_override);
wpabuf_put_str(dppcon, "\"groups\":");
wpabuf_put_str(dppcon, auth->groups_override);
wpabuf_put_u8(dppcon, ',');
}
goto skip_groups;
}
#endif /* CONFIG_TESTING_OPTIONS */
wpabuf_put_str(dppcon, "{\"groups\":[{\"groupId\":\"*\",");
wpabuf_printf(dppcon, "\"netRole\":\"%s\"}],", ap ? "ap" : "sta");
#ifdef CONFIG_TESTING_OPTIONS
skip_groups:
#endif /* CONFIG_TESTING_OPTIONS */
if (dpp_build_jwk(dppcon, "netAccessKey", auth->peer_protocol_key, NULL,
auth->curve) < 0) {
wpa_printf(MSG_DEBUG, "DPP: Failed to build netAccessKey JWK");
goto fail;
}
if (conf->netaccesskey_expiry) {
struct os_tm tm;
if (os_gmtime(conf->netaccesskey_expiry, &tm) < 0) {
wpa_printf(MSG_DEBUG,
"DPP: Failed to generate expiry string");
goto fail;
}
wpabuf_printf(dppcon,
",\"expiry\":\"%04u-%02u-%02uT%02u:%02u:%02uZ\"",
tm.year, tm.month, tm.day,
tm.hour, tm.min, tm.sec);
}
wpabuf_put_u8(dppcon, '}');
wpa_printf(MSG_DEBUG, "DPP: dppCon: %s",
(const char *) wpabuf_head(dppcon));
os_snprintf(jws_prot_hdr, sizeof(jws_prot_hdr),
"{\"typ\":\"dppCon\",\"kid\":\"%s\",\"alg\":\"%s\"}",
DPP: Update JWS algorithm strings for Brainpool curves Instead of trying to share the existing definitions for NIST curves, start using unique strings for Brainpool curves. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-07-02 11:36:31 +02:00
auth->conf->kid, curve->jws_alg);
DPP: Configuration exchange This adds support for DPP Configuration Protocol using GAS. Full generation and processing of the configuration object is not included in this commit. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-06-15 20:18:15 +02:00
signed1 = (char *) base64_url_encode((unsigned char *) jws_prot_hdr,
os_strlen(jws_prot_hdr),
&signed1_len, 0);
signed2 = (char *) base64_url_encode(wpabuf_head(dppcon),
wpabuf_len(dppcon),
&signed2_len, 0);
if (!signed1 || !signed2)
goto fail;
md_ctx = EVP_MD_CTX_create();
if (!md_ctx)
goto fail;
ERR_clear_error();
if (EVP_DigestSignInit(md_ctx, NULL, sign_md, NULL,
auth->conf->csign) != 1) {
wpa_printf(MSG_DEBUG, "DPP: EVP_DigestSignInit failed: %s",
ERR_error_string(ERR_get_error(), NULL));
goto fail;
}
if (EVP_DigestSignUpdate(md_ctx, signed1, signed1_len) != 1 ||
EVP_DigestSignUpdate(md_ctx, dot, 1) != 1 ||
EVP_DigestSignUpdate(md_ctx, signed2, signed2_len) != 1) {
wpa_printf(MSG_DEBUG, "DPP: EVP_DigestSignUpdate failed: %s",
ERR_error_string(ERR_get_error(), NULL));
goto fail;
}
if (EVP_DigestSignFinal(md_ctx, NULL, &signature_len) != 1) {
wpa_printf(MSG_DEBUG, "DPP: EVP_DigestSignFinal failed: %s",
ERR_error_string(ERR_get_error(), NULL));
goto fail;
}
signature = os_malloc(signature_len);
if (!signature)
goto fail;
if (EVP_DigestSignFinal(md_ctx, signature, &signature_len) != 1) {
wpa_printf(MSG_DEBUG, "DPP: EVP_DigestSignFinal failed: %s",
ERR_error_string(ERR_get_error(), NULL));
goto fail;
}
wpa_hexdump(MSG_DEBUG, "DPP: signedConnector ECDSA signature (DER)",
signature, signature_len);
/* Convert to raw coordinates r,s */
p = signature;
sig = d2i_ECDSA_SIG(NULL, &p, signature_len);
if (!sig)
goto fail;
ECDSA_SIG_get0(sig, &r, &s);
if (dpp_bn2bin_pad(r, signature, curve->prime_len) < 0 ||
dpp_bn2bin_pad(s, signature + curve->prime_len,
curve->prime_len) < 0)
goto fail;
signature_len = 2 * curve->prime_len;
wpa_hexdump(MSG_DEBUG, "DPP: signedConnector ECDSA signature (raw r,s)",
signature, signature_len);
signed3 = (char *) base64_url_encode(signature, signature_len,
&signed3_len, 0);
if (!signed3)
goto fail;
tailroom = 1000;
tailroom += 2 * curve->prime_len * 4 / 3 + os_strlen(auth->conf->kid);
tailroom += signed1_len + signed2_len + signed3_len;
buf = dpp_build_conf_start(auth, conf, tailroom);
if (!buf)
return NULL;
wpabuf_put_str(buf, "\"cred\":{\"akm\":\"dpp\",\"signedConnector\":\"");
wpabuf_put_str(buf, signed1);
wpabuf_put_u8(buf, '.');
wpabuf_put_str(buf, signed2);
wpabuf_put_u8(buf, '.');
wpabuf_put_str(buf, signed3);
wpabuf_put_str(buf, "\",");
if (dpp_build_jwk(buf, "csign", auth->conf->csign, auth->conf->kid,
curve) < 0) {
wpa_printf(MSG_DEBUG, "DPP: Failed to build csign JWK");
goto fail;
}
wpabuf_put_str(buf, "}}");
wpa_hexdump_ascii_key(MSG_DEBUG, "DPP: Configuration Object",
wpabuf_head(buf), wpabuf_len(buf));
out:
EVP_MD_CTX_destroy(md_ctx);
ECDSA_SIG_free(sig);
os_free(signed1);
os_free(signed2);
os_free(signed3);
os_free(signature);
wpabuf_free(dppcon);
return buf;
fail:
wpa_printf(MSG_DEBUG, "DPP: Failed to build configuration object");
wpabuf_free(buf);
buf = NULL;
goto out;
}
static struct wpabuf *
dpp_build_conf_obj_legacy(struct dpp_authentication *auth, int ap,
struct dpp_configuration *conf)
{
struct wpabuf *buf;
buf = dpp_build_conf_start(auth, conf, 1000);
if (!buf)
return NULL;
DPP: Add SAE credential support to Configurator The new conf={sta,ap}-{sae,psk-sae} parameter values can now be used to specify that the legacy configuration object is for SAE. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-22 20:22:23 +01:00
wpabuf_printf(buf, "\"cred\":{\"akm\":\"%s\",", dpp_akm_str(conf->akm));
DPP: Configuration exchange This adds support for DPP Configuration Protocol using GAS. Full generation and processing of the configuration object is not included in this commit. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-06-15 20:18:15 +02:00
if (conf->passphrase) {
char pass[63 * 6 + 1];
if (os_strlen(conf->passphrase) > 63) {
wpabuf_free(buf);
return NULL;
}
json_escape_string(pass, sizeof(pass), conf->passphrase,
os_strlen(conf->passphrase));
wpabuf_put_str(buf, "\"pass\":\"");
wpabuf_put_str(buf, pass);
wpabuf_put_str(buf, "\"");
} else {
char psk[2 * sizeof(conf->psk) + 1];
wpa_snprintf_hex(psk, sizeof(psk),
conf->psk, sizeof(conf->psk));
wpabuf_put_str(buf, "\"psk_hex\":\"");
wpabuf_put_str(buf, psk);
wpabuf_put_str(buf, "\"");
}
wpabuf_put_str(buf, "}}");
wpa_hexdump_ascii_key(MSG_DEBUG, "DPP: Configuration Object (legacy)",
wpabuf_head(buf), wpabuf_len(buf));
return buf;
}
static struct wpabuf *
dpp_build_conf_obj(struct dpp_authentication *auth, int ap)
{
struct dpp_configuration *conf;
#ifdef CONFIG_TESTING_OPTIONS
if (auth->config_obj_override) {
wpa_printf(MSG_DEBUG, "DPP: Testing - Config Object override");
return wpabuf_alloc_copy(auth->config_obj_override,
os_strlen(auth->config_obj_override));
}
#endif /* CONFIG_TESTING_OPTIONS */
conf = ap ? auth->conf_ap : auth->conf_sta;
if (!conf) {
wpa_printf(MSG_DEBUG,
"DPP: No configuration available for Enrollee(%s) - reject configuration request",
ap ? "ap" : "sta");
return NULL;
}
DPP: Add SAE credential support to Configurator The new conf={sta,ap}-{sae,psk-sae} parameter values can now be used to specify that the legacy configuration object is for SAE. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-22 20:22:23 +01:00
if (conf->akm == DPP_AKM_DPP)
DPP: Configuration exchange This adds support for DPP Configuration Protocol using GAS. Full generation and processing of the configuration object is not included in this commit. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-06-15 20:18:15 +02:00
return dpp_build_conf_obj_dpp(auth, ap, conf);
return dpp_build_conf_obj_legacy(auth, ap, conf);
}
static struct wpabuf *
dpp_build_conf_resp(struct dpp_authentication *auth, const u8 *e_nonce,
u16 e_nonce_len, int ap)
{
struct wpabuf *conf;
DPP: Protocol testing framework Add a generic mechanism for configuring the DPP implementation to behave in particular different (mostly incorrect) ways for protocol testing purposes. The new dpp_test parameter can be set to a non-zero integer to indicate a specific behavior. This is only available in CONFIG_TESTING_OPTIONS=y builds. This commit include cases for an extra attribute being added after the Wrapped Data attribute and Initiator/Responder capabilities having an unexpected zero capability. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-10-22 10:15:21 +02:00
size_t clear_len, attr_len;
DPP: Configuration exchange This adds support for DPP Configuration Protocol using GAS. Full generation and processing of the configuration object is not included in this commit. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-06-15 20:18:15 +02:00
struct wpabuf *clear = NULL, *msg = NULL;
u8 *wrapped;
const u8 *addr[1];
size_t len[1];
enum dpp_status_error status;
conf = dpp_build_conf_obj(auth, ap);
if (conf) {
wpa_hexdump_ascii(MSG_DEBUG, "DPP: configurationObject JSON",
wpabuf_head(conf), wpabuf_len(conf));
}
status = conf ? DPP_STATUS_OK : DPP_STATUS_CONFIGURE_FAILURE;
/* { E-nonce, configurationObject}ke */
clear_len = 4 + e_nonce_len;
if (conf)
clear_len += 4 + wpabuf_len(conf);
clear = wpabuf_alloc(clear_len);
DPP: Protocol testing framework Add a generic mechanism for configuring the DPP implementation to behave in particular different (mostly incorrect) ways for protocol testing purposes. The new dpp_test parameter can be set to a non-zero integer to indicate a specific behavior. This is only available in CONFIG_TESTING_OPTIONS=y builds. This commit include cases for an extra attribute being added after the Wrapped Data attribute and Initiator/Responder capabilities having an unexpected zero capability. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-10-22 10:15:21 +02:00
attr_len = 4 + 1 + 4 + clear_len + AES_BLOCK_SIZE;
#ifdef CONFIG_TESTING_OPTIONS
if (dpp_test == DPP_TEST_AFTER_WRAPPED_DATA_CONF_RESP)
DPP: Replace custom undefined attr with DPP Status in after-wrapped data This has the same impact and is needed for some testing needs. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-19 11:32:00 +01:00
attr_len += 5;
DPP: Protocol testing framework Add a generic mechanism for configuring the DPP implementation to behave in particular different (mostly incorrect) ways for protocol testing purposes. The new dpp_test parameter can be set to a non-zero integer to indicate a specific behavior. This is only available in CONFIG_TESTING_OPTIONS=y builds. This commit include cases for an extra attribute being added after the Wrapped Data attribute and Initiator/Responder capabilities having an unexpected zero capability. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-10-22 10:15:21 +02:00
#endif /* CONFIG_TESTING_OPTIONS */
msg = wpabuf_alloc(attr_len);
DPP: Configuration exchange This adds support for DPP Configuration Protocol using GAS. Full generation and processing of the configuration object is not included in this commit. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-06-15 20:18:15 +02:00
if (!clear || !msg)
goto fail;
DPP: Protocol testing to remove attributes from Config Req/Resp Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-03 19:39:00 +01:00
#ifdef CONFIG_TESTING_OPTIONS
if (dpp_test == DPP_TEST_NO_E_NONCE_CONF_RESP) {
wpa_printf(MSG_INFO, "DPP: TESTING - no E-nonce");
goto skip_e_nonce;
}
DPP: Protocol testing for invalid Config Resp attribute values Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-03 20:11:00 +01:00
if (dpp_test == DPP_TEST_E_NONCE_MISMATCH_CONF_RESP) {
wpa_printf(MSG_INFO, "DPP: TESTING - E-nonce mismatch");
wpabuf_put_le16(clear, DPP_ATTR_ENROLLEE_NONCE);
wpabuf_put_le16(clear, e_nonce_len);
wpabuf_put_data(clear, e_nonce, e_nonce_len - 1);
wpabuf_put_u8(clear, e_nonce[e_nonce_len - 1] ^ 0x01);
goto skip_e_nonce;
}
DPP: Protocol testing to remove attributes from Config Req/Resp Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-03 19:39:00 +01:00
if (dpp_test == DPP_TEST_NO_WRAPPED_DATA_CONF_RESP) {
wpa_printf(MSG_INFO, "DPP: TESTING - no Wrapped Data");
goto skip_wrapped_data;
}
#endif /* CONFIG_TESTING_OPTIONS */
DPP: Configuration exchange This adds support for DPP Configuration Protocol using GAS. Full generation and processing of the configuration object is not included in this commit. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-06-15 20:18:15 +02:00
/* E-nonce */
wpabuf_put_le16(clear, DPP_ATTR_ENROLLEE_NONCE);
wpabuf_put_le16(clear, e_nonce_len);
wpabuf_put_data(clear, e_nonce, e_nonce_len);
DPP: Protocol testing to remove attributes from Config Req/Resp Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-03 19:39:00 +01:00
#ifdef CONFIG_TESTING_OPTIONS
skip_e_nonce:
if (dpp_test == DPP_TEST_NO_CONFIG_OBJ_CONF_RESP) {
wpa_printf(MSG_INFO, "DPP: TESTING - Config Object");
goto skip_config_obj;
}
#endif /* CONFIG_TESTING_OPTIONS */
DPP: Configuration exchange This adds support for DPP Configuration Protocol using GAS. Full generation and processing of the configuration object is not included in this commit. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-06-15 20:18:15 +02:00
if (conf) {
wpabuf_put_le16(clear, DPP_ATTR_CONFIG_OBJ);
wpabuf_put_le16(clear, wpabuf_len(conf));
wpabuf_put_buf(clear, conf);
}
DPP: Protocol testing to remove attributes from Config Req/Resp Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-03 19:39:00 +01:00
#ifdef CONFIG_TESTING_OPTIONS
skip_config_obj:
if (dpp_test == DPP_TEST_NO_STATUS_CONF_RESP) {
wpa_printf(MSG_INFO, "DPP: TESTING - Status");
goto skip_status;
}
DPP: Protocol testing for invalid Config Resp attribute values Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-03 20:11:00 +01:00
if (dpp_test == DPP_TEST_INVALID_STATUS_CONF_RESP) {
wpa_printf(MSG_INFO, "DPP: TESTING - invalid Status");
status = 255;
}
DPP: Protocol testing to remove attributes from Config Req/Resp Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-03 19:39:00 +01:00
#endif /* CONFIG_TESTING_OPTIONS */
DPP: Configuration exchange This adds support for DPP Configuration Protocol using GAS. Full generation and processing of the configuration object is not included in this commit. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-06-15 20:18:15 +02:00
/* DPP Status */
DPP: Use a helper function to build DPP Status attribute Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-19 11:27:14 +01:00
dpp_build_attr_status(msg, status);
DPP: Configuration exchange This adds support for DPP Configuration Protocol using GAS. Full generation and processing of the configuration object is not included in this commit. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-06-15 20:18:15 +02:00
DPP: Protocol testing to remove attributes from Config Req/Resp Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-03 19:39:00 +01:00
#ifdef CONFIG_TESTING_OPTIONS
skip_status:
#endif /* CONFIG_TESTING_OPTIONS */
DPP: Configuration exchange This adds support for DPP Configuration Protocol using GAS. Full generation and processing of the configuration object is not included in this commit. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-06-15 20:18:15 +02:00
addr[0] = wpabuf_head(msg);
len[0] = wpabuf_len(msg);
wpa_hexdump(MSG_DEBUG, "DDP: AES-SIV AD", addr[0], len[0]);
wpabuf_put_le16(msg, DPP_ATTR_WRAPPED_DATA);
wpabuf_put_le16(msg, wpabuf_len(clear) + AES_BLOCK_SIZE);
wrapped = wpabuf_put(msg, wpabuf_len(clear) + AES_BLOCK_SIZE);
wpa_hexdump_buf(MSG_DEBUG, "DPP: AES-SIV cleartext", clear);
if (aes_siv_encrypt(auth->ke, auth->curve->hash_len,
wpabuf_head(clear), wpabuf_len(clear),
1, addr, len, wrapped) < 0)
goto fail;
wpa_hexdump(MSG_DEBUG, "DPP: AES-SIV ciphertext",
wrapped, wpabuf_len(clear) + AES_BLOCK_SIZE);
DPP: Protocol testing framework Add a generic mechanism for configuring the DPP implementation to behave in particular different (mostly incorrect) ways for protocol testing purposes. The new dpp_test parameter can be set to a non-zero integer to indicate a specific behavior. This is only available in CONFIG_TESTING_OPTIONS=y builds. This commit include cases for an extra attribute being added after the Wrapped Data attribute and Initiator/Responder capabilities having an unexpected zero capability. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-10-22 10:15:21 +02:00
#ifdef CONFIG_TESTING_OPTIONS
if (dpp_test == DPP_TEST_AFTER_WRAPPED_DATA_CONF_RESP) {
wpa_printf(MSG_INFO, "DPP: TESTING - attr after Wrapped Data");
DPP: Replace custom undefined attr with DPP Status in after-wrapped data This has the same impact and is needed for some testing needs. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-19 11:32:00 +01:00
dpp_build_attr_status(msg, DPP_STATUS_OK);
DPP: Protocol testing framework Add a generic mechanism for configuring the DPP implementation to behave in particular different (mostly incorrect) ways for protocol testing purposes. The new dpp_test parameter can be set to a non-zero integer to indicate a specific behavior. This is only available in CONFIG_TESTING_OPTIONS=y builds. This commit include cases for an extra attribute being added after the Wrapped Data attribute and Initiator/Responder capabilities having an unexpected zero capability. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-10-22 10:15:21 +02:00
}
DPP: Protocol testing to remove attributes from Config Req/Resp Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-03 19:39:00 +01:00
skip_wrapped_data:
DPP: Protocol testing framework Add a generic mechanism for configuring the DPP implementation to behave in particular different (mostly incorrect) ways for protocol testing purposes. The new dpp_test parameter can be set to a non-zero integer to indicate a specific behavior. This is only available in CONFIG_TESTING_OPTIONS=y builds. This commit include cases for an extra attribute being added after the Wrapped Data attribute and Initiator/Responder capabilities having an unexpected zero capability. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-10-22 10:15:21 +02:00
#endif /* CONFIG_TESTING_OPTIONS */
DPP: Configuration exchange This adds support for DPP Configuration Protocol using GAS. Full generation and processing of the configuration object is not included in this commit. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-06-15 20:18:15 +02:00
wpa_hexdump_buf(MSG_DEBUG,
"DPP: Configuration Response attributes", msg);
DPP: Protocol testing to remove attributes from Config Req/Resp Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-03 19:39:00 +01:00
out:
DPP: Configuration exchange This adds support for DPP Configuration Protocol using GAS. Full generation and processing of the configuration object is not included in this commit. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-06-15 20:18:15 +02:00
wpabuf_free(conf);
wpabuf_free(clear);
DPP: Protocol testing to remove attributes from Config Req/Resp Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-03 19:39:00 +01:00
return msg;
fail:
DPP: Configuration exchange This adds support for DPP Configuration Protocol using GAS. Full generation and processing of the configuration object is not included in this commit. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-06-15 20:18:15 +02:00
wpabuf_free(msg);
DPP: Protocol testing to remove attributes from Config Req/Resp Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-03 19:39:00 +01:00
msg = NULL;
goto out;
DPP: Configuration exchange This adds support for DPP Configuration Protocol using GAS. Full generation and processing of the configuration object is not included in this commit. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-06-15 20:18:15 +02:00
}
struct wpabuf *
dpp_conf_req_rx(struct dpp_authentication *auth, const u8 *attr_start,
size_t attr_len)
{
const u8 *wrapped_data, *e_nonce, *config_attr;
u16 wrapped_data_len, e_nonce_len, config_attr_len;
u8 *unwrapped = NULL;
size_t unwrapped_len = 0;
struct wpabuf *resp = NULL;
struct json_token *root = NULL, *token;
int ap;
if (dpp_check_attrs(attr_start, attr_len) < 0) {
DPP: Report Config Request/Response failure reasons on control interface This provides more details of failures to upper layer components. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-03 19:58:53 +01:00
dpp_auth_fail(auth, "Invalid attribute in config request");
DPP: Configuration exchange This adds support for DPP Configuration Protocol using GAS. Full generation and processing of the configuration object is not included in this commit. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-06-15 20:18:15 +02:00
return NULL;
}
wrapped_data = dpp_get_attr(attr_start, attr_len, DPP_ATTR_WRAPPED_DATA,
&wrapped_data_len);
if (!wrapped_data || wrapped_data_len < AES_BLOCK_SIZE) {
DPP: Report Config Request/Response failure reasons on control interface This provides more details of failures to upper layer components. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-03 19:58:53 +01:00
dpp_auth_fail(auth,
"Missing or invalid required Wrapped Data attribute");
DPP: Configuration exchange This adds support for DPP Configuration Protocol using GAS. Full generation and processing of the configuration object is not included in this commit. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-06-15 20:18:15 +02:00
return NULL;
}
wpa_hexdump(MSG_DEBUG, "DPP: AES-SIV ciphertext",
wrapped_data, wrapped_data_len);
unwrapped_len = wrapped_data_len - AES_BLOCK_SIZE;
unwrapped = os_malloc(unwrapped_len);
if (!unwrapped)
return NULL;
if (aes_siv_decrypt(auth->ke, auth->curve->hash_len,
wrapped_data, wrapped_data_len,
0, NULL, NULL, unwrapped) < 0) {
DPP: Report Config Request/Response failure reasons on control interface This provides more details of failures to upper layer components. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-03 19:58:53 +01:00
dpp_auth_fail(auth, "AES-SIV decryption failed");
DPP: Configuration exchange This adds support for DPP Configuration Protocol using GAS. Full generation and processing of the configuration object is not included in this commit. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-06-15 20:18:15 +02:00
goto fail;
}
wpa_hexdump(MSG_DEBUG, "DPP: AES-SIV cleartext",
unwrapped, unwrapped_len);
if (dpp_check_attrs(unwrapped, unwrapped_len) < 0) {
DPP: Report Config Request/Response failure reasons on control interface This provides more details of failures to upper layer components. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-03 19:58:53 +01:00
dpp_auth_fail(auth, "Invalid attribute in unwrapped data");
DPP: Configuration exchange This adds support for DPP Configuration Protocol using GAS. Full generation and processing of the configuration object is not included in this commit. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-06-15 20:18:15 +02:00
goto fail;
}
e_nonce = dpp_get_attr(unwrapped, unwrapped_len,
DPP_ATTR_ENROLLEE_NONCE,
&e_nonce_len);
if (!e_nonce || e_nonce_len != auth->curve->nonce_len) {
DPP: Report Config Request/Response failure reasons on control interface This provides more details of failures to upper layer components. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-03 19:58:53 +01:00
dpp_auth_fail(auth,
"Missing or invalid Enrollee Nonce attribute");
DPP: Configuration exchange This adds support for DPP Configuration Protocol using GAS. Full generation and processing of the configuration object is not included in this commit. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-06-15 20:18:15 +02:00
goto fail;
}
wpa_hexdump(MSG_DEBUG, "DPP: Enrollee Nonce", e_nonce, e_nonce_len);
config_attr = dpp_get_attr(unwrapped, unwrapped_len,
DPP_ATTR_CONFIG_ATTR_OBJ,
&config_attr_len);
if (!config_attr) {
DPP: Report Config Request/Response failure reasons on control interface This provides more details of failures to upper layer components. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-03 19:58:53 +01:00
dpp_auth_fail(auth,
"Missing or invalid Config Attributes attribute");
DPP: Configuration exchange This adds support for DPP Configuration Protocol using GAS. Full generation and processing of the configuration object is not included in this commit. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-06-15 20:18:15 +02:00
goto fail;
}
wpa_hexdump_ascii(MSG_DEBUG, "DPP: Config Attributes",
config_attr, config_attr_len);
root = json_parse((const char *) config_attr, config_attr_len);
if (!root) {
DPP: Report Config Request/Response failure reasons on control interface This provides more details of failures to upper layer components. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-03 19:58:53 +01:00
dpp_auth_fail(auth, "Could not parse Config Attributes");
DPP: Configuration exchange This adds support for DPP Configuration Protocol using GAS. Full generation and processing of the configuration object is not included in this commit. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-06-15 20:18:15 +02:00
goto fail;
}
token = json_get_member(root, "name");
if (!token || token->type != JSON_STRING) {
DPP: Report Config Request/Response failure reasons on control interface This provides more details of failures to upper layer components. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-03 19:58:53 +01:00
dpp_auth_fail(auth, "No Config Attributes - name");
DPP: Configuration exchange This adds support for DPP Configuration Protocol using GAS. Full generation and processing of the configuration object is not included in this commit. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-06-15 20:18:15 +02:00
goto fail;
}
wpa_printf(MSG_DEBUG, "DPP: Enrollee name = '%s'", token->string);
token = json_get_member(root, "wi-fi_tech");
if (!token || token->type != JSON_STRING) {
DPP: Report Config Request/Response failure reasons on control interface This provides more details of failures to upper layer components. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-03 19:58:53 +01:00
dpp_auth_fail(auth, "No Config Attributes - wi-fi_tech");
DPP: Configuration exchange This adds support for DPP Configuration Protocol using GAS. Full generation and processing of the configuration object is not included in this commit. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-06-15 20:18:15 +02:00
goto fail;
}
wpa_printf(MSG_DEBUG, "DPP: wi-fi_tech = '%s'", token->string);
if (os_strcmp(token->string, "infra") != 0) {
wpa_printf(MSG_DEBUG, "DPP: Unsupported wi-fi_tech '%s'",
token->string);
DPP: Report Config Request/Response failure reasons on control interface This provides more details of failures to upper layer components. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-03 19:58:53 +01:00
dpp_auth_fail(auth, "Unsupported wi-fi_tech");
DPP: Configuration exchange This adds support for DPP Configuration Protocol using GAS. Full generation and processing of the configuration object is not included in this commit. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-06-15 20:18:15 +02:00
goto fail;
}
token = json_get_member(root, "netRole");
if (!token || token->type != JSON_STRING) {
DPP: Report Config Request/Response failure reasons on control interface This provides more details of failures to upper layer components. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-03 19:58:53 +01:00
dpp_auth_fail(auth, "No Config Attributes - netRole");
DPP: Configuration exchange This adds support for DPP Configuration Protocol using GAS. Full generation and processing of the configuration object is not included in this commit. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-06-15 20:18:15 +02:00
goto fail;
}
wpa_printf(MSG_DEBUG, "DPP: netRole = '%s'", token->string);
if (os_strcmp(token->string, "sta") == 0) {
ap = 0;
} else if (os_strcmp(token->string, "ap") == 0) {
ap = 1;
} else {
wpa_printf(MSG_DEBUG, "DPP: Unsupported netRole '%s'",
token->string);
DPP: Report Config Request/Response failure reasons on control interface This provides more details of failures to upper layer components. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-03 19:58:53 +01:00
dpp_auth_fail(auth, "Unsupported netRole");
DPP: Configuration exchange This adds support for DPP Configuration Protocol using GAS. Full generation and processing of the configuration object is not included in this commit. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-06-15 20:18:15 +02:00
goto fail;
}
resp = dpp_build_conf_resp(auth, e_nonce, e_nonce_len, ap);
fail:
json_free(root);
os_free(unwrapped);
return resp;
}
static struct wpabuf *
DPP: Check JWS protected header alg against C-sign-key curve These need to be compatible for the JWS protected header signing to be valid, so add an explicit check to confirm this. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-07-02 11:36:38 +02:00
dpp_parse_jws_prot_hdr(const struct dpp_curve_params *curve,
const u8 *prot_hdr, u16 prot_hdr_len,
DPP: Configuration exchange This adds support for DPP Configuration Protocol using GAS. Full generation and processing of the configuration object is not included in this commit. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-06-15 20:18:15 +02:00
const EVP_MD **ret_md)
{
struct json_token *root, *token;
struct wpabuf *kid = NULL;
root = json_parse((const char *) prot_hdr, prot_hdr_len);
if (!root) {
wpa_printf(MSG_DEBUG,
"DPP: JSON parsing failed for JWS Protected Header");
goto fail;
}
if (root->type != JSON_OBJECT) {
wpa_printf(MSG_DEBUG,
"DPP: JWS Protected Header root is not an object");
goto fail;
}
token = json_get_member(root, "typ");
if (!token || token->type != JSON_STRING) {
wpa_printf(MSG_DEBUG, "DPP: No typ string value found");
goto fail;
}
wpa_printf(MSG_DEBUG, "DPP: JWS Protected Header typ=%s",
token->string);
if (os_strcmp(token->string, "dppCon") != 0) {
wpa_printf(MSG_DEBUG,
"DPP: Unsupported JWS Protected Header typ=%s",
token->string);
goto fail;
}
token = json_get_member(root, "alg");
if (!token || token->type != JSON_STRING) {
wpa_printf(MSG_DEBUG, "DPP: No alg string value found");
goto fail;
}
wpa_printf(MSG_DEBUG, "DPP: JWS Protected Header alg=%s",
token->string);
DPP: Check JWS protected header alg against C-sign-key curve These need to be compatible for the JWS protected header signing to be valid, so add an explicit check to confirm this. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-07-02 11:36:38 +02:00
if (os_strcmp(token->string, curve->jws_alg) != 0) {
wpa_printf(MSG_DEBUG,
"DPP: Unexpected JWS Protected Header alg=%s (expected %s based on C-sign-key)",
token->string, curve->jws_alg);
goto fail;
}
DPP: Update JWS algorithm strings for Brainpool curves Instead of trying to share the existing definitions for NIST curves, start using unique strings for Brainpool curves. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-07-02 11:36:31 +02:00
if (os_strcmp(token->string, "ES256") == 0 ||
os_strcmp(token->string, "BS256") == 0)
DPP: Configuration exchange This adds support for DPP Configuration Protocol using GAS. Full generation and processing of the configuration object is not included in this commit. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-06-15 20:18:15 +02:00
*ret_md = EVP_sha256();
DPP: Update JWS algorithm strings for Brainpool curves Instead of trying to share the existing definitions for NIST curves, start using unique strings for Brainpool curves. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-07-02 11:36:31 +02:00
else if (os_strcmp(token->string, "ES384") == 0 ||
os_strcmp(token->string, "BS384") == 0)
DPP: Configuration exchange This adds support for DPP Configuration Protocol using GAS. Full generation and processing of the configuration object is not included in this commit. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-06-15 20:18:15 +02:00
*ret_md = EVP_sha384();
DPP: Update JWS algorithm strings for Brainpool curves Instead of trying to share the existing definitions for NIST curves, start using unique strings for Brainpool curves. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-07-02 11:36:31 +02:00
else if (os_strcmp(token->string, "ES512") == 0 ||
os_strcmp(token->string, "BS512") == 0)
DPP: Configuration exchange This adds support for DPP Configuration Protocol using GAS. Full generation and processing of the configuration object is not included in this commit. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-06-15 20:18:15 +02:00
*ret_md = EVP_sha512();
else
*ret_md = NULL;
if (!*ret_md) {
wpa_printf(MSG_DEBUG,
"DPP: Unsupported JWS Protected Header alg=%s",
token->string);
goto fail;
}
kid = json_get_member_base64url(root, "kid");
if (!kid) {
wpa_printf(MSG_DEBUG, "DPP: No kid string value found");
goto fail;
}
wpa_hexdump_buf(MSG_DEBUG, "DPP: JWS Protected Header kid (decoded)",
kid);
fail:
json_free(root);
return kid;
}
static int dpp_parse_cred_legacy(struct dpp_authentication *auth,
struct json_token *cred)
{
struct json_token *pass, *psk_hex;
wpa_printf(MSG_DEBUG, "DPP: Legacy akm=psk credential");
pass = json_get_member(cred, "pass");
psk_hex = json_get_member(cred, "psk_hex");
if (pass && pass->type == JSON_STRING) {
DPP: Automatic network profile creation wpa_supplicant can now be configured to generate a network profile automatically based on DPP configuration. The following dpp_config_processing values can be used to specify the behavior: 0 = report received configuration to an external program for processing; do not generate any network profile internally (default) 1 = report received configuration to an external program and generate a network profile internally, but do not automatically connect to the created (disabled) profile; the network profile id is reported to external programs 2 = report received configuration to an external program, generate a network profile internally, try to connect to the created profile automatically Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-06-21 17:01:51 +02:00
size_t len = os_strlen(pass->string);
DPP: Configuration exchange This adds support for DPP Configuration Protocol using GAS. Full generation and processing of the configuration object is not included in this commit. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-06-15 20:18:15 +02:00
wpa_hexdump_ascii_key(MSG_DEBUG, "DPP: Legacy passphrase",
DPP: Automatic network profile creation wpa_supplicant can now be configured to generate a network profile automatically based on DPP configuration. The following dpp_config_processing values can be used to specify the behavior: 0 = report received configuration to an external program for processing; do not generate any network profile internally (default) 1 = report received configuration to an external program and generate a network profile internally, but do not automatically connect to the created (disabled) profile; the network profile id is reported to external programs 2 = report received configuration to an external program, generate a network profile internally, try to connect to the created profile automatically Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-06-21 17:01:51 +02:00
pass->string, len);
if (len < 8 || len > 63)
return -1;
os_strlcpy(auth->passphrase, pass->string,
sizeof(auth->passphrase));
DPP: Configuration exchange This adds support for DPP Configuration Protocol using GAS. Full generation and processing of the configuration object is not included in this commit. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-06-15 20:18:15 +02:00
} else if (psk_hex && psk_hex->type == JSON_STRING) {
DPP: Add akm=sae and akm=psk+sae support in Enrollee role This allows DPP to be used for enrolling credentials for SAE networks in addition to the legacy PSK (WPA-PSK) case. In addition, enable FT-PSK and FT-SAE cases automatically. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-22 20:04:41 +01:00
if (auth->akm == DPP_AKM_SAE) {
wpa_printf(MSG_DEBUG,
"DPP: Unexpected psk_hex with akm=sae");
return -1;
}
DPP: Automatic network profile creation wpa_supplicant can now be configured to generate a network profile automatically based on DPP configuration. The following dpp_config_processing values can be used to specify the behavior: 0 = report received configuration to an external program for processing; do not generate any network profile internally (default) 1 = report received configuration to an external program and generate a network profile internally, but do not automatically connect to the created (disabled) profile; the network profile id is reported to external programs 2 = report received configuration to an external program, generate a network profile internally, try to connect to the created profile automatically Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-06-21 17:01:51 +02:00
if (os_strlen(psk_hex->string) != PMK_LEN * 2 ||
hexstr2bin(psk_hex->string, auth->psk, PMK_LEN) < 0) {
DPP: Configuration exchange This adds support for DPP Configuration Protocol using GAS. Full generation and processing of the configuration object is not included in this commit. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-06-15 20:18:15 +02:00
wpa_printf(MSG_DEBUG, "DPP: Invalid psk_hex encoding");
return -1;
}
DPP: Automatic network profile creation wpa_supplicant can now be configured to generate a network profile automatically based on DPP configuration. The following dpp_config_processing values can be used to specify the behavior: 0 = report received configuration to an external program for processing; do not generate any network profile internally (default) 1 = report received configuration to an external program and generate a network profile internally, but do not automatically connect to the created (disabled) profile; the network profile id is reported to external programs 2 = report received configuration to an external program, generate a network profile internally, try to connect to the created profile automatically Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-06-21 17:01:51 +02:00
wpa_hexdump_key(MSG_DEBUG, "DPP: Legacy PSK",
auth->psk, PMK_LEN);
auth->psk_set = 1;
DPP: Configuration exchange This adds support for DPP Configuration Protocol using GAS. Full generation and processing of the configuration object is not included in this commit. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-06-15 20:18:15 +02:00
} else {
wpa_printf(MSG_DEBUG, "DPP: No pass or psk_hex strings found");
return -1;
}
DPP: Add akm=sae and akm=psk+sae support in Enrollee role This allows DPP to be used for enrolling credentials for SAE networks in addition to the legacy PSK (WPA-PSK) case. In addition, enable FT-PSK and FT-SAE cases automatically. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-22 20:04:41 +01:00
if ((auth->akm == DPP_AKM_SAE || auth->akm == DPP_AKM_PSK_SAE) &&
!auth->passphrase[0]) {
wpa_printf(MSG_DEBUG, "DPP: No pass for sae found");
return -1;
}
DPP: Configuration exchange This adds support for DPP Configuration Protocol using GAS. Full generation and processing of the configuration object is not included in this commit. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-06-15 20:18:15 +02:00
return 0;
}
static EVP_PKEY * dpp_parse_jwk(struct json_token *jwk,
const struct dpp_curve_params **key_curve)
{
struct json_token *token;
const struct dpp_curve_params *curve;
struct wpabuf *x = NULL, *y = NULL;
EC_GROUP *group;
EVP_PKEY *pkey = NULL;
token = json_get_member(jwk, "kty");
if (!token || token->type != JSON_STRING) {
wpa_printf(MSG_DEBUG, "DPP: No kty in JWK");
goto fail;
}
if (os_strcmp(token->string, "EC") != 0) {
wpa_printf(MSG_DEBUG, "DPP: Unexpected JWK kty '%s",
token->string);
goto fail;
}
token = json_get_member(jwk, "crv");
if (!token || token->type != JSON_STRING) {
wpa_printf(MSG_DEBUG, "DPP: No crv in JWK");
goto fail;
}
curve = dpp_get_curve_jwk_crv(token->string);
if (!curve) {
wpa_printf(MSG_DEBUG, "DPP: Unsupported JWK crv '%s'",
token->string);
goto fail;
}
x = json_get_member_base64url(jwk, "x");
if (!x) {
wpa_printf(MSG_DEBUG, "DPP: No x in JWK");
goto fail;
}
DPP: Fix JWK debug prints This function is used for parsing both the C-sign-key and netAccessKey, so better not imply that all cases are C-sign-key in the debug prints. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-07-02 11:36:01 +02:00
wpa_hexdump_buf(MSG_DEBUG, "DPP: JWK x", x);
DPP: Configuration exchange This adds support for DPP Configuration Protocol using GAS. Full generation and processing of the configuration object is not included in this commit. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-06-15 20:18:15 +02:00
if (wpabuf_len(x) != curve->prime_len) {
wpa_printf(MSG_DEBUG,
DPP: Fix JWK debug prints This function is used for parsing both the C-sign-key and netAccessKey, so better not imply that all cases are C-sign-key in the debug prints. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-07-02 11:36:01 +02:00
"DPP: Unexpected JWK x length %u (expected %u for curve %s)",
DPP: Configuration exchange This adds support for DPP Configuration Protocol using GAS. Full generation and processing of the configuration object is not included in this commit. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-06-15 20:18:15 +02:00
(unsigned int) wpabuf_len(x),
(unsigned int) curve->prime_len, curve->name);
goto fail;
}
y = json_get_member_base64url(jwk, "y");
if (!y) {
wpa_printf(MSG_DEBUG, "DPP: No y in JWK");
goto fail;
}
DPP: Fix JWK debug prints This function is used for parsing both the C-sign-key and netAccessKey, so better not imply that all cases are C-sign-key in the debug prints. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-07-02 11:36:01 +02:00
wpa_hexdump_buf(MSG_DEBUG, "DPP: JWK y", y);
DPP: Configuration exchange This adds support for DPP Configuration Protocol using GAS. Full generation and processing of the configuration object is not included in this commit. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-06-15 20:18:15 +02:00
if (wpabuf_len(y) != curve->prime_len) {
wpa_printf(MSG_DEBUG,
DPP: Fix JWK debug prints This function is used for parsing both the C-sign-key and netAccessKey, so better not imply that all cases are C-sign-key in the debug prints. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-07-02 11:36:01 +02:00
"DPP: Unexpected JWK y length %u (expected %u for curve %s)",
DPP: Configuration exchange This adds support for DPP Configuration Protocol using GAS. Full generation and processing of the configuration object is not included in this commit. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-06-15 20:18:15 +02:00
(unsigned int) wpabuf_len(y),
(unsigned int) curve->prime_len, curve->name);
goto fail;
}
group = EC_GROUP_new_by_curve_name(OBJ_txt2nid(curve->name));
if (!group) {
wpa_printf(MSG_DEBUG, "DPP: Could not prepare group for JWK");
goto fail;
}
pkey = dpp_set_pubkey_point_group(group, wpabuf_head(x), wpabuf_head(y),
wpabuf_len(x));
*key_curve = curve;
fail:
wpabuf_free(x);
wpabuf_free(y);
return pkey;
}
int dpp_key_expired(const char *timestamp, os_time_t *expiry)
{
struct os_time now;
unsigned int year, month, day, hour, min, sec;
os_time_t utime;
const char *pos;
/* ISO 8601 date and time:
* <date>T<time>
* YYYY-MM-DDTHH:MM:SSZ
* YYYY-MM-DDTHH:MM:SS+03:00
*/
if (os_strlen(timestamp) < 19) {
wpa_printf(MSG_DEBUG,
"DPP: Too short timestamp - assume expired key");
return 1;
}
if (sscanf(timestamp, "%04u-%02u-%02uT%02u:%02u:%02u",
&year, &month, &day, &hour, &min, &sec) != 6) {
wpa_printf(MSG_DEBUG,
"DPP: Failed to parse expiration day - assume expired key");
return 1;
}
if (os_mktime(year, month, day, hour, min, sec, &utime) < 0) {
wpa_printf(MSG_DEBUG,
"DPP: Invalid date/time information - assume expired key");
return 1;
}
pos = timestamp + 19;
if (*pos == 'Z' || *pos == '\0') {
/* In UTC - no need to adjust */
} else if (*pos == '-' || *pos == '+') {
int items;
/* Adjust local time to UTC */
items = sscanf(pos + 1, "%02u:%02u", &hour, &min);
if (items < 1) {
wpa_printf(MSG_DEBUG,
"DPP: Invalid time zone designator (%s) - assume expired key",
pos);
return 1;
}
if (*pos == '-')
utime += 3600 * hour;
if (*pos == '+')
utime -= 3600 * hour;
if (items > 1) {
if (*pos == '-')
utime += 60 * min;
if (*pos == '+')
utime -= 60 * min;
}
} else {
wpa_printf(MSG_DEBUG,
"DPP: Invalid time zone designator (%s) - assume expired key",
pos);
return 1;
}
if (expiry)
*expiry = utime;
if (os_get_time(&now) < 0) {
wpa_printf(MSG_DEBUG,
"DPP: Cannot get current time - assume expired key");
return 1;
}
if (now.sec > utime) {
wpa_printf(MSG_DEBUG, "DPP: Key has expired (%lu < %lu)",
utime, now.sec);
return 1;
}
return 0;
}
static int dpp_parse_connector(struct dpp_authentication *auth,
const unsigned char *payload,
u16 payload_len)
{
DPP: Remove devices object from the connector This was removed from the draft DPP tech spec, so remove it from the implementation as well. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-08-22 22:46:27 +02:00
struct json_token *root, *groups, *netkey, *token;
DPP: Configuration exchange This adds support for DPP Configuration Protocol using GAS. Full generation and processing of the configuration object is not included in this commit. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-06-15 20:18:15 +02:00
int ret = -1;
EVP_PKEY *key = NULL;
const struct dpp_curve_params *curve;
unsigned int rules = 0;
root = json_parse((const char *) payload, payload_len);
if (!root) {
wpa_printf(MSG_DEBUG, "DPP: JSON parsing of connector failed");
goto fail;
}
groups = json_get_member(root, "groups");
if (!groups || groups->type != JSON_ARRAY) {
wpa_printf(MSG_DEBUG, "DPP: No groups array found");
goto skip_groups;
}
for (token = groups->child; token; token = token->sibling) {
struct json_token *id, *role;
id = json_get_member(token, "groupId");
if (!id || id->type != JSON_STRING) {
wpa_printf(MSG_DEBUG, "DPP: Missing groupId string");
goto fail;
}
role = json_get_member(token, "netRole");
if (!role || role->type != JSON_STRING) {
wpa_printf(MSG_DEBUG, "DPP: Missing netRole string");
goto fail;
}
wpa_printf(MSG_DEBUG,
"DPP: connector group: groupId='%s' netRole='%s'",
id->string, role->string);
rules++;
}
skip_groups:
if (!rules) {
wpa_printf(MSG_DEBUG,
DPP: Remove devices object from the connector This was removed from the draft DPP tech spec, so remove it from the implementation as well. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-08-22 22:46:27 +02:00
"DPP: Connector includes no groups");
DPP: Configuration exchange This adds support for DPP Configuration Protocol using GAS. Full generation and processing of the configuration object is not included in this commit. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-06-15 20:18:15 +02:00
goto fail;
}
token = json_get_member(root, "expiry");
if (!token || token->type != JSON_STRING) {
wpa_printf(MSG_DEBUG,
"DPP: No expiry string found - connector does not expire");
} else {
wpa_printf(MSG_DEBUG, "DPP: expiry = %s", token->string);
if (dpp_key_expired(token->string,
&auth->net_access_key_expiry)) {
wpa_printf(MSG_DEBUG,
"DPP: Connector (netAccessKey) has expired");
goto fail;
}
}
netkey = json_get_member(root, "netAccessKey");
if (!netkey || netkey->type != JSON_OBJECT) {
wpa_printf(MSG_DEBUG, "DPP: No netAccessKey object found");
goto fail;
}
key = dpp_parse_jwk(netkey, &curve);
if (!key)
goto fail;
dpp_debug_print_key("DPP: Received netAccessKey", key);
if (EVP_PKEY_cmp(key, auth->own_protocol_key) != 1) {
wpa_printf(MSG_DEBUG,
"DPP: netAccessKey in connector does not match own protocol key");
#ifdef CONFIG_TESTING_OPTIONS
if (auth->ignore_netaccesskey_mismatch) {
wpa_printf(MSG_DEBUG,
"DPP: TESTING - skip netAccessKey mismatch");
} else {
goto fail;
}
#else /* CONFIG_TESTING_OPTIONS */
goto fail;
#endif /* CONFIG_TESTING_OPTIONS */
}
ret = 0;
fail:
EVP_PKEY_free(key);
json_free(root);
return ret;
}
static int dpp_check_pubkey_match(EVP_PKEY *pub, struct wpabuf *r_hash)
{
struct wpabuf *uncomp;
int res;
u8 hash[SHA256_MAC_LEN];
const u8 *addr[1];
size_t len[1];
if (wpabuf_len(r_hash) != SHA256_MAC_LEN)
return -1;
uncomp = dpp_get_pubkey_point(pub, 1);
if (!uncomp)
return -1;
addr[0] = wpabuf_head(uncomp);
len[0] = wpabuf_len(uncomp);
wpa_hexdump(MSG_DEBUG, "DPP: Uncompressed public key",
addr[0], len[0]);
res = sha256_vector(1, addr, len, hash);
wpabuf_free(uncomp);
if (res < 0)
return -1;
if (os_memcmp(hash, wpabuf_head(r_hash), SHA256_MAC_LEN) != 0) {
wpa_printf(MSG_DEBUG,
"DPP: Received hash value does not match calculated public key hash value");
wpa_hexdump(MSG_DEBUG, "DPP: Calculated hash",
hash, SHA256_MAC_LEN);
return -1;
}
return 0;
}
static void dpp_copy_csign(struct dpp_authentication *auth, EVP_PKEY *csign)
{
unsigned char *der = NULL;
int der_len;
der_len = i2d_PUBKEY(csign, &der);
if (der_len <= 0)
return;
wpabuf_free(auth->c_sign_key);
auth->c_sign_key = wpabuf_alloc_copy(der, der_len);
OPENSSL_free(der);
}
static void dpp_copy_netaccesskey(struct dpp_authentication *auth)
{
unsigned char *der = NULL;
int der_len;
EC_KEY *eckey;
eckey = EVP_PKEY_get1_EC_KEY(auth->own_protocol_key);
if (!eckey)
return;
der_len = i2d_ECPrivateKey(eckey, &der);
if (der_len <= 0) {
EC_KEY_free(eckey);
return;
}
wpabuf_free(auth->net_access_key);
auth->net_access_key = wpabuf_alloc_copy(der, der_len);
OPENSSL_free(der);
EC_KEY_free(eckey);
}
struct dpp_signed_connector_info {
unsigned char *payload;
size_t payload_len;
};
DPP: Add DPP Status attribute into Peer Discovery Response This was added in DPP tech spec v0.2.7 to allow result of network introduction to be reported. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-10-29 10:43:41 +01:00
static enum dpp_status_error
DPP: Configuration exchange This adds support for DPP Configuration Protocol using GAS. Full generation and processing of the configuration object is not included in this commit. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-06-15 20:18:15 +02:00
dpp_process_signed_connector(struct dpp_signed_connector_info *info,
EVP_PKEY *csign_pub, const char *connector)
{
DPP: Add DPP Status attribute into Peer Discovery Response This was added in DPP tech spec v0.2.7 to allow result of network introduction to be reported. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-10-29 10:43:41 +01:00
enum dpp_status_error ret = 255;
DPP: Configuration exchange This adds support for DPP Configuration Protocol using GAS. Full generation and processing of the configuration object is not included in this commit. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-06-15 20:18:15 +02:00
const char *pos, *end, *signed_start, *signed_end;
struct wpabuf *kid = NULL;
unsigned char *prot_hdr = NULL, *signature = NULL;
size_t prot_hdr_len = 0, signature_len = 0;
const EVP_MD *sign_md = NULL;
unsigned char *der = NULL;
int der_len;
int res;
EVP_MD_CTX *md_ctx = NULL;
ECDSA_SIG *sig = NULL;
BIGNUM *r = NULL, *s = NULL;
DPP: Check JWS protected header alg against C-sign-key curve These need to be compatible for the JWS protected header signing to be valid, so add an explicit check to confirm this. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-07-02 11:36:38 +02:00
const struct dpp_curve_params *curve;
EC_KEY *eckey;
const EC_GROUP *group;
int nid;
DPP: Configuration exchange This adds support for DPP Configuration Protocol using GAS. Full generation and processing of the configuration object is not included in this commit. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-06-15 20:18:15 +02:00
DPP: Check JWS protected header alg against C-sign-key curve These need to be compatible for the JWS protected header signing to be valid, so add an explicit check to confirm this. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-07-02 11:36:38 +02:00
eckey = EVP_PKEY_get1_EC_KEY(csign_pub);
if (!eckey)
goto fail;
group = EC_KEY_get0_group(eckey);
if (!group)
goto fail;
nid = EC_GROUP_get_curve_name(group);
curve = dpp_get_curve_nid(nid);
if (!curve)
goto fail;
wpa_printf(MSG_DEBUG, "DPP: C-sign-key group: %s", curve->jwk_crv);
DPP: Configuration exchange This adds support for DPP Configuration Protocol using GAS. Full generation and processing of the configuration object is not included in this commit. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-06-15 20:18:15 +02:00
os_memset(info, 0, sizeof(*info));
signed_start = pos = connector;
end = os_strchr(pos, '.');
if (!end) {
wpa_printf(MSG_DEBUG, "DPP: Missing dot(1) in signedConnector");
DPP: Add DPP Status attribute into Peer Discovery Response This was added in DPP tech spec v0.2.7 to allow result of network introduction to be reported. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-10-29 10:43:41 +01:00
ret = DPP_STATUS_INVALID_CONNECTOR;
DPP: Configuration exchange This adds support for DPP Configuration Protocol using GAS. Full generation and processing of the configuration object is not included in this commit. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-06-15 20:18:15 +02:00
goto fail;
}
prot_hdr = base64_url_decode((const unsigned char *) pos,
end - pos, &prot_hdr_len);
if (!prot_hdr) {
wpa_printf(MSG_DEBUG,
"DPP: Failed to base64url decode signedConnector JWS Protected Header");
DPP: Add DPP Status attribute into Peer Discovery Response This was added in DPP tech spec v0.2.7 to allow result of network introduction to be reported. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-10-29 10:43:41 +01:00
ret = DPP_STATUS_INVALID_CONNECTOR;
DPP: Configuration exchange This adds support for DPP Configuration Protocol using GAS. Full generation and processing of the configuration object is not included in this commit. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-06-15 20:18:15 +02:00
goto fail;
}
wpa_hexdump_ascii(MSG_DEBUG,
"DPP: signedConnector - JWS Protected Header",
prot_hdr, prot_hdr_len);
DPP: Check JWS protected header alg against C-sign-key curve These need to be compatible for the JWS protected header signing to be valid, so add an explicit check to confirm this. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-07-02 11:36:38 +02:00
kid = dpp_parse_jws_prot_hdr(curve, prot_hdr, prot_hdr_len, &sign_md);
DPP: Add DPP Status attribute into Peer Discovery Response This was added in DPP tech spec v0.2.7 to allow result of network introduction to be reported. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-10-29 10:43:41 +01:00
if (!kid) {
ret = DPP_STATUS_INVALID_CONNECTOR;
DPP: Configuration exchange This adds support for DPP Configuration Protocol using GAS. Full generation and processing of the configuration object is not included in this commit. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-06-15 20:18:15 +02:00
goto fail;
DPP: Add DPP Status attribute into Peer Discovery Response This was added in DPP tech spec v0.2.7 to allow result of network introduction to be reported. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-10-29 10:43:41 +01:00
}
DPP: Configuration exchange This adds support for DPP Configuration Protocol using GAS. Full generation and processing of the configuration object is not included in this commit. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-06-15 20:18:15 +02:00
if (wpabuf_len(kid) != SHA256_MAC_LEN) {
wpa_printf(MSG_DEBUG,
"DPP: Unexpected signedConnector JWS Protected Header kid length: %u (expected %u)",
(unsigned int) wpabuf_len(kid), SHA256_MAC_LEN);
DPP: Add DPP Status attribute into Peer Discovery Response This was added in DPP tech spec v0.2.7 to allow result of network introduction to be reported. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-10-29 10:43:41 +01:00
ret = DPP_STATUS_INVALID_CONNECTOR;
DPP: Configuration exchange This adds support for DPP Configuration Protocol using GAS. Full generation and processing of the configuration object is not included in this commit. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-06-15 20:18:15 +02:00
goto fail;
}
pos = end + 1;
end = os_strchr(pos, '.');
if (!end) {
wpa_printf(MSG_DEBUG,
"DPP: Missing dot(2) in signedConnector");
DPP: Add DPP Status attribute into Peer Discovery Response This was added in DPP tech spec v0.2.7 to allow result of network introduction to be reported. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-10-29 10:43:41 +01:00
ret = DPP_STATUS_INVALID_CONNECTOR;
DPP: Configuration exchange This adds support for DPP Configuration Protocol using GAS. Full generation and processing of the configuration object is not included in this commit. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-06-15 20:18:15 +02:00
goto fail;
}
signed_end = end - 1;
info->payload = base64_url_decode((const unsigned char *) pos,
end - pos, &info->payload_len);
if (!info->payload) {
wpa_printf(MSG_DEBUG,
"DPP: Failed to base64url decode signedConnector JWS Payload");
DPP: Add DPP Status attribute into Peer Discovery Response This was added in DPP tech spec v0.2.7 to allow result of network introduction to be reported. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-10-29 10:43:41 +01:00
ret = DPP_STATUS_INVALID_CONNECTOR;
DPP: Configuration exchange This adds support for DPP Configuration Protocol using GAS. Full generation and processing of the configuration object is not included in this commit. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-06-15 20:18:15 +02:00
goto fail;
}
wpa_hexdump_ascii(MSG_DEBUG,
"DPP: signedConnector - JWS Payload",
info->payload, info->payload_len);
pos = end + 1;
signature = base64_url_decode((const unsigned char *) pos,
os_strlen(pos), &signature_len);
if (!signature) {
wpa_printf(MSG_DEBUG,
"DPP: Failed to base64url decode signedConnector signature");
DPP: Add DPP Status attribute into Peer Discovery Response This was added in DPP tech spec v0.2.7 to allow result of network introduction to be reported. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-10-29 10:43:41 +01:00
ret = DPP_STATUS_INVALID_CONNECTOR;
DPP: Configuration exchange This adds support for DPP Configuration Protocol using GAS. Full generation and processing of the configuration object is not included in this commit. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-06-15 20:18:15 +02:00
goto fail;
}
wpa_hexdump(MSG_DEBUG, "DPP: signedConnector - signature",
signature, signature_len);
DPP: Add DPP Status attribute into Peer Discovery Response This was added in DPP tech spec v0.2.7 to allow result of network introduction to be reported. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-10-29 10:43:41 +01:00
if (dpp_check_pubkey_match(csign_pub, kid) < 0) {
ret = DPP_STATUS_NO_MATCH;
DPP: Configuration exchange This adds support for DPP Configuration Protocol using GAS. Full generation and processing of the configuration object is not included in this commit. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-06-15 20:18:15 +02:00
goto fail;
DPP: Add DPP Status attribute into Peer Discovery Response This was added in DPP tech spec v0.2.7 to allow result of network introduction to be reported. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-10-29 10:43:41 +01:00
}
DPP: Configuration exchange This adds support for DPP Configuration Protocol using GAS. Full generation and processing of the configuration object is not included in this commit. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-06-15 20:18:15 +02:00
if (signature_len & 0x01) {
wpa_printf(MSG_DEBUG,
"DPP: Unexpected signedConnector signature length (%d)",
(int) signature_len);
DPP: Add DPP Status attribute into Peer Discovery Response This was added in DPP tech spec v0.2.7 to allow result of network introduction to be reported. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-10-29 10:43:41 +01:00
ret = DPP_STATUS_INVALID_CONNECTOR;
DPP: Configuration exchange This adds support for DPP Configuration Protocol using GAS. Full generation and processing of the configuration object is not included in this commit. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-06-15 20:18:15 +02:00
goto fail;
}
/* JWS Signature encodes the signature (r,s) as two octet strings. Need
* to convert that to DER encoded ECDSA_SIG for OpenSSL EVP routines. */
r = BN_bin2bn(signature, signature_len / 2, NULL);
s = BN_bin2bn(signature + signature_len / 2, signature_len / 2, NULL);
sig = ECDSA_SIG_new();
if (!r || !s || !sig || ECDSA_SIG_set0(sig, r, s) != 1)
goto fail;
r = NULL;
s = NULL;
der_len = i2d_ECDSA_SIG(sig, &der);
if (der_len <= 0) {
wpa_printf(MSG_DEBUG, "DPP: Could not DER encode signature");
goto fail;
}
wpa_hexdump(MSG_DEBUG, "DPP: DER encoded signature", der, der_len);
md_ctx = EVP_MD_CTX_create();
if (!md_ctx)
goto fail;
ERR_clear_error();
if (EVP_DigestVerifyInit(md_ctx, NULL, sign_md, NULL, csign_pub) != 1) {
wpa_printf(MSG_DEBUG, "DPP: EVP_DigestVerifyInit failed: %s",
ERR_error_string(ERR_get_error(), NULL));
goto fail;
}
if (EVP_DigestVerifyUpdate(md_ctx, signed_start,
signed_end - signed_start + 1) != 1) {
wpa_printf(MSG_DEBUG, "DPP: EVP_DigestVerifyUpdate failed: %s",
ERR_error_string(ERR_get_error(), NULL));
goto fail;
}
res = EVP_DigestVerifyFinal(md_ctx, der, der_len);
if (res != 1) {
wpa_printf(MSG_DEBUG,
"DPP: EVP_DigestVerifyFinal failed (res=%d): %s",
res, ERR_error_string(ERR_get_error(), NULL));
DPP: Add DPP Status attribute into Peer Discovery Response This was added in DPP tech spec v0.2.7 to allow result of network introduction to be reported. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-10-29 10:43:41 +01:00
ret = DPP_STATUS_INVALID_CONNECTOR;
DPP: Configuration exchange This adds support for DPP Configuration Protocol using GAS. Full generation and processing of the configuration object is not included in this commit. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-06-15 20:18:15 +02:00
goto fail;
}
DPP: Add DPP Status attribute into Peer Discovery Response This was added in DPP tech spec v0.2.7 to allow result of network introduction to be reported. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-10-29 10:43:41 +01:00
ret = DPP_STATUS_OK;
DPP: Configuration exchange This adds support for DPP Configuration Protocol using GAS. Full generation and processing of the configuration object is not included in this commit. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-06-15 20:18:15 +02:00
fail:
DPP: Check JWS protected header alg against C-sign-key curve These need to be compatible for the JWS protected header signing to be valid, so add an explicit check to confirm this. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-07-02 11:36:38 +02:00
EC_KEY_free(eckey);
DPP: Configuration exchange This adds support for DPP Configuration Protocol using GAS. Full generation and processing of the configuration object is not included in this commit. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-06-15 20:18:15 +02:00
EVP_MD_CTX_destroy(md_ctx);
os_free(prot_hdr);
wpabuf_free(kid);
os_free(signature);
ECDSA_SIG_free(sig);
BN_free(r);
BN_free(s);
OPENSSL_free(der);
return ret;
}
static int dpp_parse_cred_dpp(struct dpp_authentication *auth,
struct json_token *cred)
{
struct dpp_signed_connector_info info;
struct json_token *token, *csign;
int ret = -1;
EVP_PKEY *csign_pub = NULL;
const struct dpp_curve_params *key_curve = NULL;
const char *signed_connector;
os_memset(&info, 0, sizeof(info));
wpa_printf(MSG_DEBUG, "DPP: Connector credential");
csign = json_get_member(cred, "csign");
if (!csign || csign->type != JSON_OBJECT) {
wpa_printf(MSG_DEBUG, "DPP: No csign JWK in JSON");
goto fail;
}
csign_pub = dpp_parse_jwk(csign, &key_curve);
if (!csign_pub) {
wpa_printf(MSG_DEBUG, "DPP: Failed to parse csign JWK");
goto fail;
}
dpp_debug_print_key("DPP: Received C-sign-key", csign_pub);
token = json_get_member(cred, "signedConnector");
if (!token || token->type != JSON_STRING) {
wpa_printf(MSG_DEBUG, "DPP: No signedConnector string found");
goto fail;
}
wpa_hexdump_ascii(MSG_DEBUG, "DPP: signedConnector",
token->string, os_strlen(token->string));
signed_connector = token->string;
if (os_strchr(signed_connector, '"') ||
os_strchr(signed_connector, '\n')) {
wpa_printf(MSG_DEBUG,
"DPP: Unexpected character in signedConnector");
goto fail;
}
if (dpp_process_signed_connector(&info, csign_pub,
DPP: Add DPP Status attribute into Peer Discovery Response This was added in DPP tech spec v0.2.7 to allow result of network introduction to be reported. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-10-29 10:43:41 +01:00
signed_connector) != DPP_STATUS_OK)
DPP: Configuration exchange This adds support for DPP Configuration Protocol using GAS. Full generation and processing of the configuration object is not included in this commit. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-06-15 20:18:15 +02:00
goto fail;
if (dpp_parse_connector(auth, info.payload, info.payload_len) < 0) {
wpa_printf(MSG_DEBUG, "DPP: Failed to parse connector");
goto fail;
}
os_free(auth->connector);
auth->connector = os_strdup(signed_connector);
dpp_copy_csign(auth, csign_pub);
dpp_copy_netaccesskey(auth);
ret = 0;
fail:
EVP_PKEY_free(csign_pub);
os_free(info.payload);
return ret;
}
DPP: Add akm=sae and akm=psk+sae support in Enrollee role This allows DPP to be used for enrolling credentials for SAE networks in addition to the legacy PSK (WPA-PSK) case. In addition, enable FT-PSK and FT-SAE cases automatically. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-22 20:04:41 +01:00
const char * dpp_akm_str(enum dpp_akm akm)
{
switch (akm) {
case DPP_AKM_DPP:
return "dpp";
case DPP_AKM_PSK:
return "psk";
case DPP_AKM_SAE:
return "sae";
case DPP_AKM_PSK_SAE:
return "psk+sae";
default:
return "??";
}
}
static enum dpp_akm dpp_akm_from_str(const char *akm)
{
if (os_strcmp(akm, "psk") == 0)
return DPP_AKM_PSK;
if (os_strcmp(akm, "sae") == 0)
return DPP_AKM_SAE;
if (os_strcmp(akm, "psk+sae") == 0)
return DPP_AKM_PSK_SAE;
if (os_strcmp(akm, "dpp") == 0)
return DPP_AKM_DPP;
return DPP_AKM_UNKNOWN;
}
DPP: Configuration exchange This adds support for DPP Configuration Protocol using GAS. Full generation and processing of the configuration object is not included in this commit. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-06-15 20:18:15 +02:00
static int dpp_parse_conf_obj(struct dpp_authentication *auth,
const u8 *conf_obj, u16 conf_obj_len)
{
int ret = -1;
struct json_token *root, *token, *discovery, *cred;
root = json_parse((const char *) conf_obj, conf_obj_len);
if (!root)
return -1;
if (root->type != JSON_OBJECT) {
DPP: Report Config Request/Response failure reasons on control interface This provides more details of failures to upper layer components. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-03 19:58:53 +01:00
dpp_auth_fail(auth, "JSON root is not an object");
DPP: Configuration exchange This adds support for DPP Configuration Protocol using GAS. Full generation and processing of the configuration object is not included in this commit. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-06-15 20:18:15 +02:00
goto fail;
}
token = json_get_member(root, "wi-fi_tech");
if (!token || token->type != JSON_STRING) {
DPP: Report Config Request/Response failure reasons on control interface This provides more details of failures to upper layer components. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-03 19:58:53 +01:00
dpp_auth_fail(auth, "No wi-fi_tech string value found");
DPP: Configuration exchange This adds support for DPP Configuration Protocol using GAS. Full generation and processing of the configuration object is not included in this commit. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-06-15 20:18:15 +02:00
goto fail;
}
if (os_strcmp(token->string, "infra") != 0) {
wpa_printf(MSG_DEBUG, "DPP: Unsupported wi-fi_tech value: '%s'",
token->string);
DPP: Report Config Request/Response failure reasons on control interface This provides more details of failures to upper layer components. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-03 19:58:53 +01:00
dpp_auth_fail(auth, "Unsupported wi-fi_tech value");
DPP: Configuration exchange This adds support for DPP Configuration Protocol using GAS. Full generation and processing of the configuration object is not included in this commit. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-06-15 20:18:15 +02:00
goto fail;
}
discovery = json_get_member(root, "discovery");
if (!discovery || discovery->type != JSON_OBJECT) {
DPP: Report Config Request/Response failure reasons on control interface This provides more details of failures to upper layer components. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-03 19:58:53 +01:00
dpp_auth_fail(auth, "No discovery object in JSON");
DPP: Configuration exchange This adds support for DPP Configuration Protocol using GAS. Full generation and processing of the configuration object is not included in this commit. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-06-15 20:18:15 +02:00
goto fail;
}
token = json_get_member(discovery, "ssid");
if (!token || token->type != JSON_STRING) {
DPP: Report Config Request/Response failure reasons on control interface This provides more details of failures to upper layer components. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-03 19:58:53 +01:00
dpp_auth_fail(auth, "No discovery::ssid string value found");
DPP: Configuration exchange This adds support for DPP Configuration Protocol using GAS. Full generation and processing of the configuration object is not included in this commit. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-06-15 20:18:15 +02:00
goto fail;
}
wpa_hexdump_ascii(MSG_DEBUG, "DPP: discovery::ssid",
token->string, os_strlen(token->string));
if (os_strlen(token->string) > SSID_MAX_LEN) {
DPP: Report Config Request/Response failure reasons on control interface This provides more details of failures to upper layer components. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-03 19:58:53 +01:00
dpp_auth_fail(auth, "Too long discovery::ssid string value");
DPP: Configuration exchange This adds support for DPP Configuration Protocol using GAS. Full generation and processing of the configuration object is not included in this commit. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-06-15 20:18:15 +02:00
goto fail;
}
auth->ssid_len = os_strlen(token->string);
os_memcpy(auth->ssid, token->string, auth->ssid_len);
cred = json_get_member(root, "cred");
if (!cred || cred->type != JSON_OBJECT) {
DPP: Report Config Request/Response failure reasons on control interface This provides more details of failures to upper layer components. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-03 19:58:53 +01:00
dpp_auth_fail(auth, "No cred object in JSON");
DPP: Configuration exchange This adds support for DPP Configuration Protocol using GAS. Full generation and processing of the configuration object is not included in this commit. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-06-15 20:18:15 +02:00
goto fail;
}
token = json_get_member(cred, "akm");
if (!token || token->type != JSON_STRING) {
DPP: Report Config Request/Response failure reasons on control interface This provides more details of failures to upper layer components. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-03 19:58:53 +01:00
dpp_auth_fail(auth, "No cred::akm string value found");
DPP: Configuration exchange This adds support for DPP Configuration Protocol using GAS. Full generation and processing of the configuration object is not included in this commit. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-06-15 20:18:15 +02:00
goto fail;
}
DPP: Add akm=sae and akm=psk+sae support in Enrollee role This allows DPP to be used for enrolling credentials for SAE networks in addition to the legacy PSK (WPA-PSK) case. In addition, enable FT-PSK and FT-SAE cases automatically. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-22 20:04:41 +01:00
auth->akm = dpp_akm_from_str(token->string);
if (auth->akm == DPP_AKM_PSK || auth->akm == DPP_AKM_SAE ||
auth->akm == DPP_AKM_PSK_SAE) {
DPP: Configuration exchange This adds support for DPP Configuration Protocol using GAS. Full generation and processing of the configuration object is not included in this commit. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-06-15 20:18:15 +02:00
if (dpp_parse_cred_legacy(auth, cred) < 0)
goto fail;
DPP: Add akm=sae and akm=psk+sae support in Enrollee role This allows DPP to be used for enrolling credentials for SAE networks in addition to the legacy PSK (WPA-PSK) case. In addition, enable FT-PSK and FT-SAE cases automatically. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-22 20:04:41 +01:00
} else if (auth->akm == DPP_AKM_DPP) {
DPP: Configuration exchange This adds support for DPP Configuration Protocol using GAS. Full generation and processing of the configuration object is not included in this commit. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-06-15 20:18:15 +02:00
if (dpp_parse_cred_dpp(auth, cred) < 0)
goto fail;
} else {
wpa_printf(MSG_DEBUG, "DPP: Unsupported akm: %s",
token->string);
DPP: Report Config Request/Response failure reasons on control interface This provides more details of failures to upper layer components. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-03 19:58:53 +01:00
dpp_auth_fail(auth, "Unsupported akm");
DPP: Configuration exchange This adds support for DPP Configuration Protocol using GAS. Full generation and processing of the configuration object is not included in this commit. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-06-15 20:18:15 +02:00
goto fail;
}
wpa_printf(MSG_DEBUG, "DPP: JSON parsing completed successfully");
ret = 0;
fail:
json_free(root);
return ret;
}
int dpp_conf_resp_rx(struct dpp_authentication *auth,
const struct wpabuf *resp)
{
const u8 *wrapped_data, *e_nonce, *status, *conf_obj;
u16 wrapped_data_len, e_nonce_len, status_len, conf_obj_len;
const u8 *addr[1];
size_t len[1];
u8 *unwrapped = NULL;
size_t unwrapped_len = 0;
int ret = -1;
if (dpp_check_attrs(wpabuf_head(resp), wpabuf_len(resp)) < 0) {
DPP: Report Config Request/Response failure reasons on control interface This provides more details of failures to upper layer components. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-03 19:58:53 +01:00
dpp_auth_fail(auth, "Invalid attribute in config response");
DPP: Configuration exchange This adds support for DPP Configuration Protocol using GAS. Full generation and processing of the configuration object is not included in this commit. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-06-15 20:18:15 +02:00
return -1;
}
wrapped_data = dpp_get_attr(wpabuf_head(resp), wpabuf_len(resp),
DPP_ATTR_WRAPPED_DATA,
&wrapped_data_len);
if (!wrapped_data || wrapped_data_len < AES_BLOCK_SIZE) {
DPP: Report Config Request/Response failure reasons on control interface This provides more details of failures to upper layer components. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-03 19:58:53 +01:00
dpp_auth_fail(auth,
"Missing or invalid required Wrapped Data attribute");
DPP: Configuration exchange This adds support for DPP Configuration Protocol using GAS. Full generation and processing of the configuration object is not included in this commit. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-06-15 20:18:15 +02:00
return -1;
}
wpa_hexdump(MSG_DEBUG, "DPP: AES-SIV ciphertext",
wrapped_data, wrapped_data_len);
unwrapped_len = wrapped_data_len - AES_BLOCK_SIZE;
unwrapped = os_malloc(unwrapped_len);
if (!unwrapped)
return -1;
addr[0] = wpabuf_head(resp);
len[0] = wrapped_data - 4 - (const u8 *) wpabuf_head(resp);
wpa_hexdump(MSG_DEBUG, "DDP: AES-SIV AD", addr[0], len[0]);
if (aes_siv_decrypt(auth->ke, auth->curve->hash_len,
wrapped_data, wrapped_data_len,
1, addr, len, unwrapped) < 0) {
DPP: Report Config Request/Response failure reasons on control interface This provides more details of failures to upper layer components. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-03 19:58:53 +01:00
dpp_auth_fail(auth, "AES-SIV decryption failed");
DPP: Configuration exchange This adds support for DPP Configuration Protocol using GAS. Full generation and processing of the configuration object is not included in this commit. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-06-15 20:18:15 +02:00
goto fail;
}
wpa_hexdump(MSG_DEBUG, "DPP: AES-SIV cleartext",
unwrapped, unwrapped_len);
if (dpp_check_attrs(unwrapped, unwrapped_len) < 0) {
DPP: Report Config Request/Response failure reasons on control interface This provides more details of failures to upper layer components. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-03 19:58:53 +01:00
dpp_auth_fail(auth, "Invalid attribute in unwrapped data");
DPP: Configuration exchange This adds support for DPP Configuration Protocol using GAS. Full generation and processing of the configuration object is not included in this commit. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-06-15 20:18:15 +02:00
goto fail;
}
e_nonce = dpp_get_attr(unwrapped, unwrapped_len,
DPP_ATTR_ENROLLEE_NONCE,
&e_nonce_len);
if (!e_nonce || e_nonce_len != auth->curve->nonce_len) {
DPP: Report Config Request/Response failure reasons on control interface This provides more details of failures to upper layer components. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-03 19:58:53 +01:00
dpp_auth_fail(auth,
"Missing or invalid Enrollee Nonce attribute");
DPP: Configuration exchange This adds support for DPP Configuration Protocol using GAS. Full generation and processing of the configuration object is not included in this commit. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-06-15 20:18:15 +02:00
goto fail;
}
wpa_hexdump(MSG_DEBUG, "DPP: Enrollee Nonce", e_nonce, e_nonce_len);
if (os_memcmp(e_nonce, auth->e_nonce, e_nonce_len) != 0) {
DPP: Report Config Request/Response failure reasons on control interface This provides more details of failures to upper layer components. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-03 19:58:53 +01:00
dpp_auth_fail(auth, "Enrollee Nonce mismatch");
DPP: Configuration exchange This adds support for DPP Configuration Protocol using GAS. Full generation and processing of the configuration object is not included in this commit. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-06-15 20:18:15 +02:00
goto fail;
}
status = dpp_get_attr(wpabuf_head(resp), wpabuf_len(resp),
DPP_ATTR_STATUS, &status_len);
if (!status || status_len < 1) {
DPP: Report Config Request/Response failure reasons on control interface This provides more details of failures to upper layer components. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-03 19:58:53 +01:00
dpp_auth_fail(auth,
"Missing or invalid required DPP Status attribute");
DPP: Configuration exchange This adds support for DPP Configuration Protocol using GAS. Full generation and processing of the configuration object is not included in this commit. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-06-15 20:18:15 +02:00
goto fail;
}
wpa_printf(MSG_DEBUG, "DPP: Status %u", status[0]);
if (status[0] != DPP_STATUS_OK) {
DPP: Report Config Request/Response failure reasons on control interface This provides more details of failures to upper layer components. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-03 19:58:53 +01:00
dpp_auth_fail(auth, "Configurator rejected configuration");
DPP: Configuration exchange This adds support for DPP Configuration Protocol using GAS. Full generation and processing of the configuration object is not included in this commit. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-06-15 20:18:15 +02:00
goto fail;
}
conf_obj = dpp_get_attr(unwrapped, unwrapped_len,
DPP_ATTR_CONFIG_OBJ, &conf_obj_len);
if (!conf_obj) {
DPP: Report Config Request/Response failure reasons on control interface This provides more details of failures to upper layer components. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-03 19:58:53 +01:00
dpp_auth_fail(auth,
"Missing required Configuration Object attribute");
DPP: Configuration exchange This adds support for DPP Configuration Protocol using GAS. Full generation and processing of the configuration object is not included in this commit. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-06-15 20:18:15 +02:00
goto fail;
}
wpa_hexdump_ascii(MSG_DEBUG, "DPP: configurationObject JSON",
conf_obj, conf_obj_len);
if (dpp_parse_conf_obj(auth, conf_obj, conf_obj_len) < 0)
goto fail;
ret = 0;
fail:
os_free(unwrapped);
return ret;
}
void dpp_configurator_free(struct dpp_configurator *conf)
{
if (!conf)
return;
EVP_PKEY_free(conf->csign);
os_free(conf->kid);
os_free(conf);
}
struct dpp_configurator *
dpp_keygen_configurator(const char *curve, const u8 *privkey,
size_t privkey_len)
{
struct dpp_configurator *conf;
struct wpabuf *csign_pub = NULL;
u8 kid_hash[SHA256_MAC_LEN];
const u8 *addr[1];
size_t len[1];
conf = os_zalloc(sizeof(*conf));
if (!conf)
return NULL;
if (!curve) {
conf->curve = &dpp_curves[0];
} else {
conf->curve = dpp_get_curve_name(curve);
if (!conf->curve) {
wpa_printf(MSG_INFO, "DPP: Unsupported curve: %s",
curve);
return NULL;
}
}
if (privkey)
conf->csign = dpp_set_keypair(&conf->curve, privkey,
privkey_len);
else
conf->csign = dpp_gen_keypair(conf->curve);
if (!conf->csign)
goto fail;
conf->own = 1;
csign_pub = dpp_get_pubkey_point(conf->csign, 1);
if (!csign_pub) {
wpa_printf(MSG_INFO, "DPP: Failed to extract C-sign-key");
goto fail;
}
/* kid = SHA256(ANSI X9.63 uncompressed C-sign-key) */
addr[0] = wpabuf_head(csign_pub);
len[0] = wpabuf_len(csign_pub);
if (sha256_vector(1, addr, len, kid_hash) < 0) {
wpa_printf(MSG_DEBUG,
"DPP: Failed to derive kid for C-sign-key");
goto fail;
}
conf->kid = (char *) base64_url_encode(kid_hash, sizeof(kid_hash),
NULL, 0);
if (!conf->kid)
goto fail;
out:
wpabuf_free(csign_pub);
return conf;
fail:
dpp_configurator_free(conf);
conf = NULL;
goto out;
}
DPP: Network Introduction protocol This commit adds generic helper functions for going through Network Introduction protocol. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-06-18 19:19:57 +02:00
DPP: Add DPP_CONFIGURATOR_SIGN to generate own connector The DPP Configurator can use this new command to generate its own signed connector for the network that it manages. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-07-04 16:48:44 +02:00
int dpp_configurator_own_config(struct dpp_authentication *auth,
const char *curve)
{
struct wpabuf *conf_obj;
int ret = -1;
if (!auth->conf) {
wpa_printf(MSG_DEBUG, "DPP: No configurator specified");
return -1;
}
if (!curve) {
auth->curve = &dpp_curves[0];
} else {
auth->curve = dpp_get_curve_name(curve);
if (!auth->curve) {
wpa_printf(MSG_INFO, "DPP: Unsupported curve: %s",
curve);
return -1;
}
}
wpa_printf(MSG_DEBUG,
"DPP: Building own configuration/connector with curve %s",
auth->curve->name);
auth->own_protocol_key = dpp_gen_keypair(auth->curve);
if (!auth->own_protocol_key)
return -1;
dpp_copy_netaccesskey(auth);
auth->peer_protocol_key = auth->own_protocol_key;
dpp_copy_csign(auth, auth->conf->csign);
conf_obj = dpp_build_conf_obj(auth, 0);
if (!conf_obj)
goto fail;
ret = dpp_parse_conf_obj(auth, wpabuf_head(conf_obj),
wpabuf_len(conf_obj));
fail:
wpabuf_free(conf_obj);
auth->peer_protocol_key = NULL;
return ret;
}
DPP: Network Introduction protocol This commit adds generic helper functions for going through Network Introduction protocol. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-06-18 19:19:57 +02:00
static int dpp_compatible_netrole(const char *role1, const char *role2)
{
return (os_strcmp(role1, "sta") == 0 && os_strcmp(role2, "ap") == 0) ||
(os_strcmp(role1, "ap") == 0 && os_strcmp(role2, "sta") == 0);
}
static int dpp_connector_compatible_group(struct json_token *root,
const char *group_id,
const char *net_role)
{
struct json_token *groups, *token;
groups = json_get_member(root, "groups");
if (!groups || groups->type != JSON_ARRAY)
return 0;
for (token = groups->child; token; token = token->sibling) {
struct json_token *id, *role;
id = json_get_member(token, "groupId");
if (!id || id->type != JSON_STRING)
continue;
role = json_get_member(token, "netRole");
if (!role || role->type != JSON_STRING)
continue;
if (os_strcmp(id->string, "*") != 0 &&
os_strcmp(group_id, "*") != 0 &&
os_strcmp(id->string, group_id) != 0)
continue;
if (dpp_compatible_netrole(role->string, net_role))
return 1;
}
return 0;
}
static int dpp_connector_match_groups(struct json_token *own_root,
struct json_token *peer_root)
{
struct json_token *groups, *token;
groups = json_get_member(peer_root, "groups");
if (!groups || groups->type != JSON_ARRAY) {
wpa_printf(MSG_DEBUG, "DPP: No peer groups array found");
return 0;
}
for (token = groups->child; token; token = token->sibling) {
struct json_token *id, *role;
id = json_get_member(token, "groupId");
if (!id || id->type != JSON_STRING) {
wpa_printf(MSG_DEBUG,
"DPP: Missing peer groupId string");
continue;
}
role = json_get_member(token, "netRole");
if (!role || role->type != JSON_STRING) {
wpa_printf(MSG_DEBUG,
"DPP: Missing peer groups::netRole string");
continue;
}
wpa_printf(MSG_DEBUG,
"DPP: peer connector group: groupId='%s' netRole='%s'",
id->string, role->string);
if (dpp_connector_compatible_group(own_root, id->string,
role->string)) {
wpa_printf(MSG_DEBUG,
"DPP: Compatible group/netRole in own connector");
return 1;
}
}
return 0;
}
static int dpp_derive_pmk(const u8 *Nx, size_t Nx_len, u8 *pmk,
unsigned int hash_len)
{
u8 salt[DPP_MAX_HASH_LEN], prk[DPP_MAX_HASH_LEN];
const char *info = "DPP PMK";
DPP: Add helper functions for running hash operations Use helper functions to cover all three different hash algorithm options for DPP operations instead of having separate calls to each function at every location a hash operation based on the curve is needed. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-07-02 11:36:20 +02:00
int res;
DPP: Network Introduction protocol This commit adds generic helper functions for going through Network Introduction protocol. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-06-18 19:19:57 +02:00
/* PMK = HKDF(<>, "DPP PMK", N.x) */
/* HKDF-Extract(<>, N.x) */
os_memset(salt, 0, hash_len);
DPP: Add helper functions for running hash operations Use helper functions to cover all three different hash algorithm options for DPP operations instead of having separate calls to each function at every location a hash operation based on the curve is needed. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-07-02 11:36:20 +02:00
if (dpp_hmac(hash_len, salt, hash_len, Nx, Nx_len, prk) < 0)
DPP: Network Introduction protocol This commit adds generic helper functions for going through Network Introduction protocol. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-06-18 19:19:57 +02:00
return -1;
wpa_hexdump_key(MSG_DEBUG, "DPP: PRK = HKDF-Extract(<>, IKM=N.x)",
prk, hash_len);
/* HKDF-Expand(PRK, info, L) */
DPP: Add helper functions for running hash operations Use helper functions to cover all three different hash algorithm options for DPP operations instead of having separate calls to each function at every location a hash operation based on the curve is needed. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-07-02 11:36:20 +02:00
res = dpp_hkdf_expand(hash_len, prk, hash_len, info, pmk, hash_len);
DPP: Network Introduction protocol This commit adds generic helper functions for going through Network Introduction protocol. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-06-18 19:19:57 +02:00
os_memset(prk, 0, hash_len);
if (res < 0)
return -1;
wpa_hexdump_key(MSG_DEBUG, "DPP: PMK = HKDF-Expand(PRK, info, L)",
pmk, hash_len);
return 0;
}
static int dpp_derive_pmkid(const struct dpp_curve_params *curve,
EVP_PKEY *own_key, EVP_PKEY *peer_key, u8 *pmkid)
{
struct wpabuf *nkx, *pkx;
int ret = -1, res;
const u8 *addr[2];
size_t len[2];
DPP: Derive PMKID using SHA256() for all curves This was previously defined inconsistently (H() vs. SHA256()), but it is now clarified in the draft tech spec to use SHA256(), so update implementation to do that. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-08-24 22:59:44 +02:00
u8 hash[SHA256_MAC_LEN];
DPP: Network Introduction protocol This commit adds generic helper functions for going through Network Introduction protocol. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-06-18 19:19:57 +02:00
/* PMKID = Truncate-128(H(min(NK.x, PK.x) | max(NK.x, PK.x))) */
nkx = dpp_get_pubkey_point(own_key, 0);
pkx = dpp_get_pubkey_point(peer_key, 0);
if (!nkx || !pkx)
goto fail;
addr[0] = wpabuf_head(nkx);
len[0] = wpabuf_len(nkx) / 2;
addr[1] = wpabuf_head(pkx);
len[1] = wpabuf_len(pkx) / 2;
if (len[0] != len[1])
goto fail;
if (os_memcmp(addr[0], addr[1], len[0]) > 0) {
addr[0] = wpabuf_head(pkx);
addr[1] = wpabuf_head(nkx);
}
wpa_hexdump(MSG_DEBUG, "DPP: PMKID hash payload 1", addr[0], len[0]);
wpa_hexdump(MSG_DEBUG, "DPP: PMKID hash payload 2", addr[1], len[1]);
DPP: Derive PMKID using SHA256() for all curves This was previously defined inconsistently (H() vs. SHA256()), but it is now clarified in the draft tech spec to use SHA256(), so update implementation to do that. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-08-24 22:59:44 +02:00
res = sha256_vector(2, addr, len, hash);
DPP: Network Introduction protocol This commit adds generic helper functions for going through Network Introduction protocol. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-06-18 19:19:57 +02:00
if (res < 0)
goto fail;
DPP: Derive PMKID using SHA256() for all curves This was previously defined inconsistently (H() vs. SHA256()), but it is now clarified in the draft tech spec to use SHA256(), so update implementation to do that. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-08-24 22:59:44 +02:00
wpa_hexdump(MSG_DEBUG, "DPP: PMKID hash output", hash, SHA256_MAC_LEN);
DPP: Network Introduction protocol This commit adds generic helper functions for going through Network Introduction protocol. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-06-18 19:19:57 +02:00
os_memcpy(pmkid, hash, PMKID_LEN);
wpa_hexdump(MSG_DEBUG, "DPP: PMKID", pmkid, PMKID_LEN);
ret = 0;
fail:
wpabuf_free(nkx);
wpabuf_free(pkx);
return ret;
}
DPP: Add DPP Status attribute into Peer Discovery Response This was added in DPP tech spec v0.2.7 to allow result of network introduction to be reported. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-10-29 10:43:41 +01:00
enum dpp_status_error
dpp_peer_intro(struct dpp_introduction *intro, const char *own_connector,
const u8 *net_access_key, size_t net_access_key_len,
const u8 *csign_key, size_t csign_key_len,
const u8 *peer_connector, size_t peer_connector_len,
os_time_t *expiry)
DPP: Network Introduction protocol This commit adds generic helper functions for going through Network Introduction protocol. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-06-18 19:19:57 +02:00
{
struct json_token *root = NULL, *netkey, *token;
struct json_token *own_root = NULL;
DPP: Add DPP Status attribute into Peer Discovery Response This was added in DPP tech spec v0.2.7 to allow result of network introduction to be reported. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-10-29 10:43:41 +01:00
enum dpp_status_error ret = 255, res;
DPP: Network Introduction protocol This commit adds generic helper functions for going through Network Introduction protocol. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-06-18 19:19:57 +02:00
EVP_PKEY *own_key = NULL, *peer_key = NULL;
struct wpabuf *own_key_pub = NULL;
const struct dpp_curve_params *curve, *own_curve;
struct dpp_signed_connector_info info;
const unsigned char *p;
EVP_PKEY *csign = NULL;
char *signed_connector = NULL;
const char *pos, *end;
unsigned char *own_conn = NULL;
size_t own_conn_len;
EVP_PKEY_CTX *ctx = NULL;
size_t Nx_len;
u8 Nx[DPP_MAX_SHARED_SECRET_LEN];
os_memset(intro, 0, sizeof(*intro));
os_memset(&info, 0, sizeof(info));
DPP: Set PMKSA expiration based on peer connector Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-07-02 11:36:41 +02:00
if (expiry)
*expiry = 0;
DPP: Network Introduction protocol This commit adds generic helper functions for going through Network Introduction protocol. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-06-18 19:19:57 +02:00
p = csign_key;
csign = d2i_PUBKEY(NULL, &p, csign_key_len);
if (!csign) {
wpa_printf(MSG_ERROR,
"DPP: Failed to parse local C-sign-key information");
goto fail;
}
own_key = dpp_set_keypair(&own_curve, net_access_key,
net_access_key_len);
if (!own_key) {
wpa_printf(MSG_ERROR, "DPP: Failed to parse own netAccessKey");
goto fail;
}
pos = os_strchr(own_connector, '.');
DPP: More debug for own connector configuration errors This makes it easier to notice a reason for failure in cases a connector string has been truncated. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-07-02 11:36:11 +02:00
if (!pos) {
wpa_printf(MSG_DEBUG, "DPP: Own connector is missing the first dot (.)");
DPP: Network Introduction protocol This commit adds generic helper functions for going through Network Introduction protocol. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-06-18 19:19:57 +02:00
goto fail;
DPP: More debug for own connector configuration errors This makes it easier to notice a reason for failure in cases a connector string has been truncated. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-07-02 11:36:11 +02:00
}
DPP: Network Introduction protocol This commit adds generic helper functions for going through Network Introduction protocol. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-06-18 19:19:57 +02:00
pos++;
end = os_strchr(pos, '.');
DPP: More debug for own connector configuration errors This makes it easier to notice a reason for failure in cases a connector string has been truncated. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-07-02 11:36:11 +02:00
if (!end) {
wpa_printf(MSG_DEBUG, "DPP: Own connector is missing the second dot (.)");
DPP: Network Introduction protocol This commit adds generic helper functions for going through Network Introduction protocol. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-06-18 19:19:57 +02:00
goto fail;
DPP: More debug for own connector configuration errors This makes it easier to notice a reason for failure in cases a connector string has been truncated. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-07-02 11:36:11 +02:00
}
DPP: Network Introduction protocol This commit adds generic helper functions for going through Network Introduction protocol. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-06-18 19:19:57 +02:00
own_conn = base64_url_decode((const unsigned char *) pos,
end - pos, &own_conn_len);
if (!own_conn) {
wpa_printf(MSG_DEBUG,
"DPP: Failed to base64url decode own signedConnector JWS Payload");
goto fail;
}
own_root = json_parse((const char *) own_conn, own_conn_len);
if (!own_root) {
wpa_printf(MSG_DEBUG, "DPP: Failed to parse local connector");
goto fail;
}
wpa_hexdump_ascii(MSG_DEBUG, "DPP: Peer signedConnector",
peer_connector, peer_connector_len);
signed_connector = os_malloc(peer_connector_len + 1);
if (!signed_connector)
goto fail;
os_memcpy(signed_connector, peer_connector, peer_connector_len);
signed_connector[peer_connector_len] = '\0';
DPP: Add DPP Status attribute into Peer Discovery Response This was added in DPP tech spec v0.2.7 to allow result of network introduction to be reported. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-10-29 10:43:41 +01:00
res = dpp_process_signed_connector(&info, csign, signed_connector);
if (res != DPP_STATUS_OK) {
ret = res;
DPP: Network Introduction protocol This commit adds generic helper functions for going through Network Introduction protocol. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-06-18 19:19:57 +02:00
goto fail;
DPP: Add DPP Status attribute into Peer Discovery Response This was added in DPP tech spec v0.2.7 to allow result of network introduction to be reported. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-10-29 10:43:41 +01:00
}
DPP: Network Introduction protocol This commit adds generic helper functions for going through Network Introduction protocol. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-06-18 19:19:57 +02:00
root = json_parse((const char *) info.payload, info.payload_len);
if (!root) {
wpa_printf(MSG_DEBUG, "DPP: JSON parsing of connector failed");
DPP: Add DPP Status attribute into Peer Discovery Response This was added in DPP tech spec v0.2.7 to allow result of network introduction to be reported. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-10-29 10:43:41 +01:00
ret = DPP_STATUS_INVALID_CONNECTOR;
DPP: Network Introduction protocol This commit adds generic helper functions for going through Network Introduction protocol. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-06-18 19:19:57 +02:00
goto fail;
}
DPP: Remove devices object from the connector This was removed from the draft DPP tech spec, so remove it from the implementation as well. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-08-22 22:46:27 +02:00
if (!dpp_connector_match_groups(own_root, root)) {
DPP: Network Introduction protocol This commit adds generic helper functions for going through Network Introduction protocol. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-06-18 19:19:57 +02:00
wpa_printf(MSG_DEBUG,
DPP: Remove devices object from the connector This was removed from the draft DPP tech spec, so remove it from the implementation as well. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-08-22 22:46:27 +02:00
"DPP: Peer connector does not include compatible group netrole with own connector");
DPP: Add DPP Status attribute into Peer Discovery Response This was added in DPP tech spec v0.2.7 to allow result of network introduction to be reported. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-10-29 10:43:41 +01:00
ret = DPP_STATUS_NO_MATCH;
DPP: Network Introduction protocol This commit adds generic helper functions for going through Network Introduction protocol. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-06-18 19:19:57 +02:00
goto fail;
}
token = json_get_member(root, "expiry");
if (!token || token->type != JSON_STRING) {
wpa_printf(MSG_DEBUG,
"DPP: No expiry string found - connector does not expire");
} else {
wpa_printf(MSG_DEBUG, "DPP: expiry = %s", token->string);
DPP: Set PMKSA expiration based on peer connector Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-07-02 11:36:41 +02:00
if (dpp_key_expired(token->string, expiry)) {
DPP: Network Introduction protocol This commit adds generic helper functions for going through Network Introduction protocol. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-06-18 19:19:57 +02:00
wpa_printf(MSG_DEBUG,
"DPP: Connector (netAccessKey) has expired");
DPP: Add DPP Status attribute into Peer Discovery Response This was added in DPP tech spec v0.2.7 to allow result of network introduction to be reported. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-10-29 10:43:41 +01:00
ret = DPP_STATUS_INVALID_CONNECTOR;
DPP: Network Introduction protocol This commit adds generic helper functions for going through Network Introduction protocol. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-06-18 19:19:57 +02:00
goto fail;
}
}
netkey = json_get_member(root, "netAccessKey");
if (!netkey || netkey->type != JSON_OBJECT) {
wpa_printf(MSG_DEBUG, "DPP: No netAccessKey object found");
DPP: Add DPP Status attribute into Peer Discovery Response This was added in DPP tech spec v0.2.7 to allow result of network introduction to be reported. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-10-29 10:43:41 +01:00
ret = DPP_STATUS_INVALID_CONNECTOR;
DPP: Network Introduction protocol This commit adds generic helper functions for going through Network Introduction protocol. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-06-18 19:19:57 +02:00
goto fail;
}
peer_key = dpp_parse_jwk(netkey, &curve);
DPP: Add DPP Status attribute into Peer Discovery Response This was added in DPP tech spec v0.2.7 to allow result of network introduction to be reported. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-10-29 10:43:41 +01:00
if (!peer_key) {
ret = DPP_STATUS_INVALID_CONNECTOR;
DPP: Network Introduction protocol This commit adds generic helper functions for going through Network Introduction protocol. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-06-18 19:19:57 +02:00
goto fail;
DPP: Add DPP Status attribute into Peer Discovery Response This was added in DPP tech spec v0.2.7 to allow result of network introduction to be reported. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-10-29 10:43:41 +01:00
}
DPP: Network Introduction protocol This commit adds generic helper functions for going through Network Introduction protocol. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-06-18 19:19:57 +02:00
dpp_debug_print_key("DPP: Received netAccessKey", peer_key);
if (own_curve != curve) {
wpa_printf(MSG_DEBUG,
"DPP: Mismatching netAccessKey curves (%s != %s)",
own_curve->name, curve->name);
DPP: Add DPP Status attribute into Peer Discovery Response This was added in DPP tech spec v0.2.7 to allow result of network introduction to be reported. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-10-29 10:43:41 +01:00
ret = DPP_STATUS_INVALID_CONNECTOR;
DPP: Network Introduction protocol This commit adds generic helper functions for going through Network Introduction protocol. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-06-18 19:19:57 +02:00
goto fail;
}
/* ECDH: N = nk * PK */
ctx = EVP_PKEY_CTX_new(own_key, NULL);
if (!ctx ||
EVP_PKEY_derive_init(ctx) != 1 ||
EVP_PKEY_derive_set_peer(ctx, peer_key) != 1 ||
EVP_PKEY_derive(ctx, NULL, &Nx_len) != 1 ||
Nx_len > DPP_MAX_SHARED_SECRET_LEN ||
EVP_PKEY_derive(ctx, Nx, &Nx_len) != 1) {
wpa_printf(MSG_ERROR,
"DPP: Failed to derive ECDH shared secret: %s",
ERR_error_string(ERR_get_error(), NULL));
goto fail;
}
wpa_hexdump_key(MSG_DEBUG, "DPP: ECDH shared secret (N.x)",
Nx, Nx_len);
/* PMK = HKDF(<>, "DPP PMK", N.x) */
if (dpp_derive_pmk(Nx, Nx_len, intro->pmk, curve->hash_len) < 0) {
wpa_printf(MSG_ERROR, "DPP: Failed to derive PMK");
goto fail;
}
intro->pmk_len = curve->hash_len;
/* PMKID = Truncate-128(H(min(NK.x, PK.x) | max(NK.x, PK.x))) */
if (dpp_derive_pmkid(curve, own_key, peer_key, intro->pmkid) < 0) {
wpa_printf(MSG_ERROR, "DPP: Failed to derive PMKID");
goto fail;
}
DPP: Add DPP Status attribute into Peer Discovery Response This was added in DPP tech spec v0.2.7 to allow result of network introduction to be reported. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-10-29 10:43:41 +01:00
ret = DPP_STATUS_OK;
DPP: Network Introduction protocol This commit adds generic helper functions for going through Network Introduction protocol. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-06-18 19:19:57 +02:00
fail:
DPP: Add DPP Status attribute into Peer Discovery Response This was added in DPP tech spec v0.2.7 to allow result of network introduction to be reported. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-10-29 10:43:41 +01:00
if (ret != DPP_STATUS_OK)
DPP: Network Introduction protocol This commit adds generic helper functions for going through Network Introduction protocol. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-06-18 19:19:57 +02:00
os_memset(intro, 0, sizeof(*intro));
os_memset(Nx, 0, sizeof(Nx));
EVP_PKEY_CTX_free(ctx);
os_free(own_conn);
os_free(signed_connector);
os_free(info.payload);
EVP_PKEY_free(own_key);
wpabuf_free(own_key_pub);
EVP_PKEY_free(peer_key);
EVP_PKEY_free(csign);
json_free(root);
json_free(own_root);
return ret;
}
DPP: PKEX bootstrapping This implements genric PKEX functionality in src/common/dpp.c and glue code to use this in wpa_supplicant (i.e, hostapd DPP implementation does not yet support PKEX). Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-07-02 11:36:23 +02:00
static EVP_PKEY * dpp_pkex_get_role_elem(const struct dpp_curve_params *curve,
int init)
{
EC_GROUP *group;
size_t len = curve->prime_len;
const u8 *x, *y;
switch (curve->ike_group) {
case 19:
x = init ? pkex_init_x_p256 : pkex_resp_x_p256;
y = init ? pkex_init_y_p256 : pkex_resp_y_p256;
break;
case 20:
x = init ? pkex_init_x_p384 : pkex_resp_x_p384;
y = init ? pkex_init_y_p384 : pkex_resp_y_p384;
break;
case 21:
x = init ? pkex_init_x_p521 : pkex_resp_x_p521;
y = init ? pkex_init_y_p521 : pkex_resp_y_p521;
break;
case 28:
x = init ? pkex_init_x_bp_p256r1 : pkex_resp_x_bp_p256r1;
y = init ? pkex_init_y_bp_p256r1 : pkex_resp_y_bp_p256r1;
break;
case 29:
x = init ? pkex_init_x_bp_p384r1 : pkex_resp_x_bp_p384r1;
y = init ? pkex_init_y_bp_p384r1 : pkex_resp_y_bp_p384r1;
break;
case 30:
x = init ? pkex_init_x_bp_p512r1 : pkex_resp_x_bp_p512r1;
y = init ? pkex_init_y_bp_p512r1 : pkex_resp_y_bp_p512r1;
break;
default:
return NULL;
}
group = EC_GROUP_new_by_curve_name(OBJ_txt2nid(curve->name));
if (!group)
return NULL;
return dpp_set_pubkey_point_group(group, x, y, len);
}
static EC_POINT * dpp_pkex_derive_Qi(const struct dpp_curve_params *curve,
const u8 *mac_init, const char *code,
const char *identifier, BN_CTX *bnctx,
const EC_GROUP **ret_group)
{
u8 hash[DPP_MAX_HASH_LEN];
const u8 *addr[3];
size_t len[3];
unsigned int num_elem = 0;
EC_POINT *Qi = NULL;
EVP_PKEY *Pi = NULL;
EC_KEY *Pi_ec = NULL;
const EC_POINT *Pi_point;
BIGNUM *hash_bn = NULL;
const EC_GROUP *group = NULL;
EC_GROUP *group2 = NULL;
/* Qi = H(MAC-Initiator | [identifier |] code) * Pi */
wpa_printf(MSG_DEBUG, "DPP: MAC-Initiator: " MACSTR, MAC2STR(mac_init));
addr[num_elem] = mac_init;
len[num_elem] = ETH_ALEN;
num_elem++;
if (identifier) {
wpa_printf(MSG_DEBUG, "DPP: code identifier: %s",
identifier);
addr[num_elem] = (const u8 *) identifier;
len[num_elem] = os_strlen(identifier);
num_elem++;
}
wpa_hexdump_ascii_key(MSG_DEBUG, "DPP: code", code, os_strlen(code));
addr[num_elem] = (const u8 *) code;
len[num_elem] = os_strlen(code);
num_elem++;
if (dpp_hash_vector(curve, num_elem, addr, len, hash) < 0)
goto fail;
wpa_hexdump_key(MSG_DEBUG,
"DPP: H(MAC-Initiator | [identifier |] code)",
hash, curve->hash_len);
Pi = dpp_pkex_get_role_elem(curve, 1);
if (!Pi)
goto fail;
dpp_debug_print_key("DPP: Pi", Pi);
Pi_ec = EVP_PKEY_get1_EC_KEY(Pi);
if (!Pi_ec)
goto fail;
Pi_point = EC_KEY_get0_public_key(Pi_ec);
group = EC_KEY_get0_group(Pi_ec);
if (!group)
goto fail;
group2 = EC_GROUP_dup(group);
if (!group2)
goto fail;
Qi = EC_POINT_new(group2);
if (!Qi) {
EC_GROUP_free(group2);
goto fail;
}
hash_bn = BN_bin2bn(hash, curve->hash_len, NULL);
if (!hash_bn ||
EC_POINT_mul(group2, Qi, NULL, Pi_point, hash_bn, bnctx) != 1)
goto fail;
DPP: Verify that PKEX Qi is not the point-at-infinity This was added as an explicit requirement in DPP tech spec v0.2.3. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-10-09 23:42:34 +02:00
if (EC_POINT_is_at_infinity(group, Qi)) {
DPP: Fix a typo in a debug print Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-03 18:02:07 +01:00
wpa_printf(MSG_INFO, "DPP: Qi is the point-at-infinity");
DPP: Verify that PKEX Qi is not the point-at-infinity This was added as an explicit requirement in DPP tech spec v0.2.3. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-10-09 23:42:34 +02:00
goto fail;
}
DPP: PKEX bootstrapping This implements genric PKEX functionality in src/common/dpp.c and glue code to use this in wpa_supplicant (i.e, hostapd DPP implementation does not yet support PKEX). Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-07-02 11:36:23 +02:00
out:
EC_KEY_free(Pi_ec);
EVP_PKEY_free(Pi);
BN_clear_free(hash_bn);
if (ret_group)
*ret_group = group2;
return Qi;
fail:
EC_POINT_free(Qi);
Qi = NULL;
goto out;
}
static EC_POINT * dpp_pkex_derive_Qr(const struct dpp_curve_params *curve,
const u8 *mac_resp, const char *code,
const char *identifier, BN_CTX *bnctx,
const EC_GROUP **ret_group)
{
u8 hash[DPP_MAX_HASH_LEN];
const u8 *addr[3];
size_t len[3];
unsigned int num_elem = 0;
EC_POINT *Qr = NULL;
EVP_PKEY *Pr = NULL;
EC_KEY *Pr_ec = NULL;
const EC_POINT *Pr_point;
BIGNUM *hash_bn = NULL;
const EC_GROUP *group = NULL;
EC_GROUP *group2 = NULL;
/* Qr = H(MAC-Responder | | [identifier | ] code) * Pr */
wpa_printf(MSG_DEBUG, "DPP: MAC-Responder: " MACSTR, MAC2STR(mac_resp));
addr[num_elem] = mac_resp;
len[num_elem] = ETH_ALEN;
num_elem++;
if (identifier) {
wpa_printf(MSG_DEBUG, "DPP: code identifier: %s",
identifier);
addr[num_elem] = (const u8 *) identifier;
len[num_elem] = os_strlen(identifier);
num_elem++;
}
wpa_hexdump_ascii_key(MSG_DEBUG, "DPP: code", code, os_strlen(code));
addr[num_elem] = (const u8 *) code;
len[num_elem] = os_strlen(code);
num_elem++;
if (dpp_hash_vector(curve, num_elem, addr, len, hash) < 0)
goto fail;
wpa_hexdump_key(MSG_DEBUG,
"DPP: H(MAC-Responder | [identifier |] code)",
hash, curve->hash_len);
Pr = dpp_pkex_get_role_elem(curve, 0);
if (!Pr)
goto fail;
dpp_debug_print_key("DPP: Pr", Pr);
Pr_ec = EVP_PKEY_get1_EC_KEY(Pr);
if (!Pr_ec)
goto fail;
Pr_point = EC_KEY_get0_public_key(Pr_ec);
group = EC_KEY_get0_group(Pr_ec);
if (!group)
goto fail;
group2 = EC_GROUP_dup(group);
if (!group2)
goto fail;
Qr = EC_POINT_new(group2);
if (!Qr) {
EC_GROUP_free(group2);
goto fail;
}
hash_bn = BN_bin2bn(hash, curve->hash_len, NULL);
if (!hash_bn ||
EC_POINT_mul(group2, Qr, NULL, Pr_point, hash_bn, bnctx) != 1)
goto fail;
DPP: Explicitly check that PKEX Qr is not the point-at-infinity This was already done for Qi, but the same needs to be done for Qr as well. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-03 18:01:24 +01:00
if (EC_POINT_is_at_infinity(group, Qr)) {
wpa_printf(MSG_INFO, "DPP: Qr is the point-at-infinity");
goto fail;
}
DPP: PKEX bootstrapping This implements genric PKEX functionality in src/common/dpp.c and glue code to use this in wpa_supplicant (i.e, hostapd DPP implementation does not yet support PKEX). Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-07-02 11:36:23 +02:00
out:
EC_KEY_free(Pr_ec);
EVP_PKEY_free(Pr);
BN_clear_free(hash_bn);
if (ret_group)
*ret_group = group2;
return Qr;
fail:
EC_POINT_free(Qr);
Qr = NULL;
goto out;
}
DPP: Testing capability to generate invalid PKEX encrypted key (M and N) Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-02 23:42:54 +01:00
#ifdef CONFIG_TESTING_OPTIONS
static int dpp_test_gen_invalid_key(struct wpabuf *msg,
const struct dpp_curve_params *curve)
{
BN_CTX *ctx;
BIGNUM *x, *y;
int ret = -1;
EC_GROUP *group;
EC_POINT *point;
group = EC_GROUP_new_by_curve_name(OBJ_txt2nid(curve->name));
if (!group)
DPP: Fix compiler warning of testing code ../src/common/dpp.c: In function 'dpp_test_gen_invalid_key': ../src/common/dpp.c:5531:10: warning: return makes integer from pointer without a cast [-Wint-conversion] return NULL; ^ Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
2017-11-09 21:13:21 +01:00
return -1;
DPP: Testing capability to generate invalid PKEX encrypted key (M and N) Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-02 23:42:54 +01:00
ctx = BN_CTX_new();
point = EC_POINT_new(group);
x = BN_new();
y = BN_new();
if (!ctx || !point || !x || !y)
goto fail;
if (BN_rand(x, curve->prime_len * 8, 0, 0) != 1)
goto fail;
/* Generate a random y coordinate that results in a point that is not
* on the curve. */
for (;;) {
if (BN_rand(y, curve->prime_len * 8, 0, 0) != 1)
goto fail;
if (EC_POINT_set_affine_coordinates_GFp(group, point, x, y,
DPP: Fix dpp_test_gen_invalid_key() with BoringSSL Unlike OpenSSL, BoringSSL returns an error from EC_POINT_set_affine_coordinates_GFp() is not on the curve. As such, need to behave differently here depending on which library is used. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-18 12:22:17 +01:00
ctx) != 1) {
#ifdef OPENSSL_IS_BORINGSSL
/* Unlike OpenSSL, BoringSSL returns an error from
* EC_POINT_set_affine_coordinates_GFp() is not on the curve. */
break;
#else /* OPENSSL_IS_BORINGSSL */
DPP: Testing capability to generate invalid PKEX encrypted key (M and N) Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-02 23:42:54 +01:00
goto fail;
DPP: Fix dpp_test_gen_invalid_key() with BoringSSL Unlike OpenSSL, BoringSSL returns an error from EC_POINT_set_affine_coordinates_GFp() is not on the curve. As such, need to behave differently here depending on which library is used. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-18 12:22:17 +01:00
#endif /* OPENSSL_IS_BORINGSSL */
}
DPP: Testing capability to generate invalid PKEX encrypted key (M and N) Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-02 23:42:54 +01:00
if (!EC_POINT_is_on_curve(group, point, ctx))
break;
}
DPP: Use dpp_bn2bin_pad() helper to simplify code Number of places writing BIGNUM values with left-padding were open coding this helper functionality unnecessarily. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-03 15:49:48 +01:00
if (dpp_bn2bin_pad(x, wpabuf_put(msg, curve->prime_len),
curve->prime_len) < 0 ||
dpp_bn2bin_pad(y, wpabuf_put(msg, curve->prime_len),
curve->prime_len) < 0)
DPP: Testing capability to generate invalid PKEX encrypted key (M and N) Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-02 23:42:54 +01:00
goto fail;
ret = 0;
fail:
DPP: Fix dpp_test_gen_invalid_key() with BoringSSL Unlike OpenSSL, BoringSSL returns an error from EC_POINT_set_affine_coordinates_GFp() is not on the curve. As such, need to behave differently here depending on which library is used. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-18 12:22:17 +01:00
if (ret < 0)
wpa_printf(MSG_INFO, "DPP: Failed to generate invalid key");
DPP: Testing capability to generate invalid PKEX encrypted key (M and N) Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-02 23:42:54 +01:00
BN_free(x);
BN_free(y);
EC_POINT_free(point);
BN_CTX_free(ctx);
return ret;
}
#endif /* CONFIG_TESTING_OPTIONS */
DPP: PKEX bootstrapping This implements genric PKEX functionality in src/common/dpp.c and glue code to use this in wpa_supplicant (i.e, hostapd DPP implementation does not yet support PKEX). Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-07-02 11:36:23 +02:00
static struct wpabuf * dpp_pkex_build_exchange_req(struct dpp_pkex *pkex)
{
EC_KEY *X_ec = NULL;
const EC_POINT *X_point;
BN_CTX *bnctx = NULL;
const EC_GROUP *group;
EC_POINT *Qi = NULL, *M = NULL;
struct wpabuf *M_buf = NULL;
BIGNUM *Mx = NULL, *My = NULL;
struct wpabuf *msg = NULL;
size_t attr_len;
const struct dpp_curve_params *curve = pkex->own_bi->curve;
wpa_printf(MSG_DEBUG, "DPP: Build PKEX Exchange Request");
/* Qi = H(MAC-Initiator | [identifier |] code) * Pi */
bnctx = BN_CTX_new();
if (!bnctx)
goto fail;
Qi = dpp_pkex_derive_Qi(curve, pkex->own_mac, pkex->code,
pkex->identifier, bnctx, &group);
if (!Qi)
goto fail;
/* Generate a random ephemeral keypair x/X */
pkex->x = dpp_gen_keypair(curve);
if (!pkex->x)
goto fail;
/* M = X + Qi */
X_ec = EVP_PKEY_get1_EC_KEY(pkex->x);
if (!X_ec)
goto fail;
X_point = EC_KEY_get0_public_key(X_ec);
if (!X_point)
goto fail;
M = EC_POINT_new(group);
Mx = BN_new();
My = BN_new();
if (!M || !Mx || !My ||
EC_POINT_add(group, M, X_point, Qi, bnctx) != 1 ||
EC_POINT_get_affine_coordinates_GFp(group, M, Mx, My, bnctx) != 1)
goto fail;
/* Initiator -> Responder: group, [identifier,] M */
attr_len = 4 + 2;
if (pkex->identifier)
attr_len += 4 + os_strlen(pkex->identifier);
attr_len += 4 + 2 * curve->prime_len;
msg = dpp_alloc_msg(DPP_PA_PKEX_EXCHANGE_REQ, attr_len);
if (!msg)
goto fail;
DPP: Extend protocol testing to cover missing attributes in PKEX Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-02 22:53:55 +01:00
#ifdef CONFIG_TESTING_OPTIONS
if (dpp_test == DPP_TEST_NO_FINITE_CYCLIC_GROUP_PKEX_EXCHANGE_REQ) {
wpa_printf(MSG_INFO, "DPP: TESTING - no Finite Cyclic Group");
goto skip_finite_cyclic_group;
}
#endif /* CONFIG_TESTING_OPTIONS */
DPP: PKEX bootstrapping This implements genric PKEX functionality in src/common/dpp.c and glue code to use this in wpa_supplicant (i.e, hostapd DPP implementation does not yet support PKEX). Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-07-02 11:36:23 +02:00
/* Finite Cyclic Group attribute */
wpabuf_put_le16(msg, DPP_ATTR_FINITE_CYCLIC_GROUP);
wpabuf_put_le16(msg, 2);
wpabuf_put_le16(msg, curve->ike_group);
DPP: Extend protocol testing to cover missing attributes in PKEX Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-02 22:53:55 +01:00
#ifdef CONFIG_TESTING_OPTIONS
skip_finite_cyclic_group:
#endif /* CONFIG_TESTING_OPTIONS */
DPP: PKEX bootstrapping This implements genric PKEX functionality in src/common/dpp.c and glue code to use this in wpa_supplicant (i.e, hostapd DPP implementation does not yet support PKEX). Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-07-02 11:36:23 +02:00
/* Code Identifier attribute */
if (pkex->identifier) {
wpabuf_put_le16(msg, DPP_ATTR_CODE_IDENTIFIER);
wpabuf_put_le16(msg, os_strlen(pkex->identifier));
wpabuf_put_str(msg, pkex->identifier);
}
DPP: Extend protocol testing to cover missing attributes in PKEX Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-02 22:53:55 +01:00
#ifdef CONFIG_TESTING_OPTIONS
if (dpp_test == DPP_TEST_NO_ENCRYPTED_KEY_PKEX_EXCHANGE_REQ) {
wpa_printf(MSG_INFO, "DPP: TESTING - no Encrypted Key");
goto out;
}
#endif /* CONFIG_TESTING_OPTIONS */
DPP: PKEX bootstrapping This implements genric PKEX functionality in src/common/dpp.c and glue code to use this in wpa_supplicant (i.e, hostapd DPP implementation does not yet support PKEX). Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-07-02 11:36:23 +02:00
/* M in Encrypted Key attribute */
wpabuf_put_le16(msg, DPP_ATTR_ENCRYPTED_KEY);
wpabuf_put_le16(msg, 2 * curve->prime_len);
DPP: Testing capability to generate invalid PKEX encrypted key (M and N) Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-02 23:42:54 +01:00
#ifdef CONFIG_TESTING_OPTIONS
if (dpp_test == DPP_TEST_INVALID_ENCRYPTED_KEY_PKEX_EXCHANGE_REQ) {
wpa_printf(MSG_INFO, "DPP: TESTING - invalid Encrypted Key");
if (dpp_test_gen_invalid_key(msg, curve) < 0)
goto fail;
goto out;
}
#endif /* CONFIG_TESTING_OPTIONS */
DPP: Use dpp_bn2bin_pad() helper to simplify code Number of places writing BIGNUM values with left-padding were open coding this helper functionality unnecessarily. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-03 15:49:48 +01:00
if (dpp_bn2bin_pad(Mx, wpabuf_put(msg, curve->prime_len),
curve->prime_len) < 0 ||
dpp_bn2bin_pad(Mx, pkex->Mx, curve->prime_len) < 0 ||
dpp_bn2bin_pad(My, wpabuf_put(msg, curve->prime_len),
curve->prime_len) < 0)
DPP: PKEX bootstrapping This implements genric PKEX functionality in src/common/dpp.c and glue code to use this in wpa_supplicant (i.e, hostapd DPP implementation does not yet support PKEX). Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-07-02 11:36:23 +02:00
goto fail;
out:
wpabuf_free(M_buf);
EC_KEY_free(X_ec);
EC_POINT_free(M);
EC_POINT_free(Qi);
BN_clear_free(Mx);
BN_clear_free(My);
BN_CTX_free(bnctx);
return msg;
fail:
wpa_printf(MSG_INFO, "DPP: Failed to build PKEX Exchange Request");
wpabuf_free(msg);
msg = NULL;
goto out;
}
DPP: Report possible PKEX code mismatch in control interface Indicate to upper layers if PKEX Commit-Reveal Request frame AES-SIV decryption fails. That is a likely sign of the PKEX code mismatch between the devices. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-02 11:21:00 +01:00
static void dpp_pkex_fail(struct dpp_pkex *pkex, const char *txt)
{
wpa_msg(pkex->msg_ctx, MSG_INFO, DPP_EVENT_FAIL "%s", txt);
}
struct dpp_pkex * dpp_pkex_init(void *msg_ctx, struct dpp_bootstrap_info *bi,
DPP: PKEX bootstrapping This implements genric PKEX functionality in src/common/dpp.c and glue code to use this in wpa_supplicant (i.e, hostapd DPP implementation does not yet support PKEX). Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-07-02 11:36:23 +02:00
const u8 *own_mac,
const char *identifier,
const char *code)
{
struct dpp_pkex *pkex;
pkex = os_zalloc(sizeof(*pkex));
if (!pkex)
return NULL;
DPP: Report possible PKEX code mismatch in control interface Indicate to upper layers if PKEX Commit-Reveal Request frame AES-SIV decryption fails. That is a likely sign of the PKEX code mismatch between the devices. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-02 11:21:00 +01:00
pkex->msg_ctx = msg_ctx;
DPP: PKEX bootstrapping This implements genric PKEX functionality in src/common/dpp.c and glue code to use this in wpa_supplicant (i.e, hostapd DPP implementation does not yet support PKEX). Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-07-02 11:36:23 +02:00
pkex->initiator = 1;
pkex->own_bi = bi;
os_memcpy(pkex->own_mac, own_mac, ETH_ALEN);
if (identifier) {
pkex->identifier = os_strdup(identifier);
if (!pkex->identifier)
goto fail;
}
pkex->code = os_strdup(code);
if (!pkex->code)
goto fail;
pkex->exchange_req = dpp_pkex_build_exchange_req(pkex);
if (!pkex->exchange_req)
goto fail;
return pkex;
fail:
dpp_pkex_free(pkex);
return NULL;
}
DPP: PKEX and STATUS_BAD_GROUP Report mismatching finite cyclic group with PKEX Exchange Response using STATUS_BAD_GROUP and provide more detailed error report over the control interface on the peer device when this happens. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-03 15:43:58 +01:00
static struct wpabuf *
dpp_pkex_build_exchange_resp(struct dpp_pkex *pkex,
enum dpp_status_error status,
const BIGNUM *Nx, const BIGNUM *Ny)
DPP: Move PKEX Exchange Response building to a helper function This cleans up dpp_pkex_rx_exchange_req() a bit and makes it easier to add protocol testing functionality to PKEX exchange similarly to the previously added DPP Authentication case. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-02 20:13:43 +01:00
{
struct wpabuf *msg = NULL;
size_t attr_len;
const struct dpp_curve_params *curve = pkex->own_bi->curve;
/* Initiator -> Responder: DPP Status, [identifier,] N */
attr_len = 4 + 1;
DPP: PKEX and STATUS_BAD_GROUP Report mismatching finite cyclic group with PKEX Exchange Response using STATUS_BAD_GROUP and provide more detailed error report over the control interface on the peer device when this happens. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-03 15:43:58 +01:00
if (pkex->identifier)
attr_len += 4 + os_strlen(pkex->identifier);
DPP: Move PKEX Exchange Response building to a helper function This cleans up dpp_pkex_rx_exchange_req() a bit and makes it easier to add protocol testing functionality to PKEX exchange similarly to the previously added DPP Authentication case. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-02 20:13:43 +01:00
attr_len += 4 + 2 * curve->prime_len;
msg = dpp_alloc_msg(DPP_PA_PKEX_EXCHANGE_RESP, attr_len);
if (!msg)
goto fail;
DPP: Extend protocol testing to cover missing attributes in PKEX Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-02 22:53:55 +01:00
#ifdef CONFIG_TESTING_OPTIONS
if (dpp_test == DPP_TEST_NO_STATUS_PKEX_EXCHANGE_RESP) {
wpa_printf(MSG_INFO, "DPP: TESTING - no Status");
goto skip_status;
}
DPP: Protocol testing - invalid Status value in PKEX Exchange Response Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-03 18:33:17 +01:00
if (dpp_test == DPP_TEST_INVALID_STATUS_PKEX_EXCHANGE_RESP) {
wpa_printf(MSG_INFO, "DPP: TESTING - invalid Status");
status = 255;
}
DPP: Extend protocol testing to cover missing attributes in PKEX Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-02 22:53:55 +01:00
#endif /* CONFIG_TESTING_OPTIONS */
DPP: Move PKEX Exchange Response building to a helper function This cleans up dpp_pkex_rx_exchange_req() a bit and makes it easier to add protocol testing functionality to PKEX exchange similarly to the previously added DPP Authentication case. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-02 20:13:43 +01:00
/* DPP Status */
DPP: Use a helper function to build DPP Status attribute Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-19 11:27:14 +01:00
dpp_build_attr_status(msg, status);
DPP: Move PKEX Exchange Response building to a helper function This cleans up dpp_pkex_rx_exchange_req() a bit and makes it easier to add protocol testing functionality to PKEX exchange similarly to the previously added DPP Authentication case. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-02 20:13:43 +01:00
DPP: Extend protocol testing to cover missing attributes in PKEX Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-02 22:53:55 +01:00
#ifdef CONFIG_TESTING_OPTIONS
skip_status:
#endif /* CONFIG_TESTING_OPTIONS */
DPP: Move PKEX Exchange Response building to a helper function This cleans up dpp_pkex_rx_exchange_req() a bit and makes it easier to add protocol testing functionality to PKEX exchange similarly to the previously added DPP Authentication case. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-02 20:13:43 +01:00
/* Code Identifier attribute */
if (pkex->identifier) {
wpabuf_put_le16(msg, DPP_ATTR_CODE_IDENTIFIER);
wpabuf_put_le16(msg, os_strlen(pkex->identifier));
wpabuf_put_str(msg, pkex->identifier);
}
DPP: PKEX and STATUS_BAD_GROUP Report mismatching finite cyclic group with PKEX Exchange Response using STATUS_BAD_GROUP and provide more detailed error report over the control interface on the peer device when this happens. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-03 15:43:58 +01:00
if (status != DPP_STATUS_OK)
goto skip_encrypted_key;
DPP: Extend protocol testing to cover missing attributes in PKEX Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-02 22:53:55 +01:00
#ifdef CONFIG_TESTING_OPTIONS
if (dpp_test == DPP_TEST_NO_ENCRYPTED_KEY_PKEX_EXCHANGE_RESP) {
wpa_printf(MSG_INFO, "DPP: TESTING - no Encrypted Key");
goto skip_encrypted_key;
}
#endif /* CONFIG_TESTING_OPTIONS */
DPP: Move PKEX Exchange Response building to a helper function This cleans up dpp_pkex_rx_exchange_req() a bit and makes it easier to add protocol testing functionality to PKEX exchange similarly to the previously added DPP Authentication case. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-02 20:13:43 +01:00
/* N in Encrypted Key attribute */
wpabuf_put_le16(msg, DPP_ATTR_ENCRYPTED_KEY);
wpabuf_put_le16(msg, 2 * curve->prime_len);
DPP: Testing capability to generate invalid PKEX encrypted key (M and N) Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-02 23:42:54 +01:00
#ifdef CONFIG_TESTING_OPTIONS
if (dpp_test == DPP_TEST_INVALID_ENCRYPTED_KEY_PKEX_EXCHANGE_RESP) {
wpa_printf(MSG_INFO, "DPP: TESTING - invalid Encrypted Key");
if (dpp_test_gen_invalid_key(msg, curve) < 0)
goto fail;
goto skip_encrypted_key;
}
#endif /* CONFIG_TESTING_OPTIONS */
DPP: Use dpp_bn2bin_pad() helper to simplify code Number of places writing BIGNUM values with left-padding were open coding this helper functionality unnecessarily. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-03 15:49:48 +01:00
if (dpp_bn2bin_pad(Nx, wpabuf_put(msg, curve->prime_len),
curve->prime_len) < 0 ||
dpp_bn2bin_pad(Nx, pkex->Nx, curve->prime_len) < 0 ||
dpp_bn2bin_pad(Ny, wpabuf_put(msg, curve->prime_len),
curve->prime_len) < 0)
DPP: Move PKEX Exchange Response building to a helper function This cleans up dpp_pkex_rx_exchange_req() a bit and makes it easier to add protocol testing functionality to PKEX exchange similarly to the previously added DPP Authentication case. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-02 20:13:43 +01:00
goto fail;
DPP: Extend protocol testing to cover missing attributes in PKEX Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-02 22:53:55 +01:00
skip_encrypted_key:
DPP: PKEX and STATUS_BAD_GROUP Report mismatching finite cyclic group with PKEX Exchange Response using STATUS_BAD_GROUP and provide more detailed error report over the control interface on the peer device when this happens. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-03 15:43:58 +01:00
if (status == DPP_STATUS_BAD_GROUP) {
/* Finite Cyclic Group attribute */
wpabuf_put_le16(msg, DPP_ATTR_FINITE_CYCLIC_GROUP);
wpabuf_put_le16(msg, 2);
wpabuf_put_le16(msg, curve->ike_group);
}
DPP: Move PKEX Exchange Response building to a helper function This cleans up dpp_pkex_rx_exchange_req() a bit and makes it easier to add protocol testing functionality to PKEX exchange similarly to the previously added DPP Authentication case. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-02 20:13:43 +01:00
return msg;
fail:
wpabuf_free(msg);
return NULL;
}
DPP: Move PKEX z derivation on Responder to earlier phase K and z can be derived already based on information available at the time the PKEX Exchange Request is being processed, so move these there from the PKEX Commit-Reveal Request processing since that matches the DPP tech spec description close and allows PKEX exchange to be aborted earlier if anything unexpected happens. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-03 18:24:41 +01:00
static int dpp_pkex_derive_z(const u8 *mac_init, const u8 *mac_resp,
const u8 *Mx, size_t Mx_len,
const u8 *Nx, size_t Nx_len,
const char *code,
const u8 *Kx, size_t Kx_len,
u8 *z, unsigned int hash_len)
{
u8 salt[DPP_MAX_HASH_LEN], prk[DPP_MAX_HASH_LEN];
int res;
u8 *info, *pos;
size_t info_len;
/* z = HKDF(<>, MAC-Initiator | MAC-Responder | M.x | N.x | code, K.x)
*/
/* HKDF-Extract(<>, IKM=K.x) */
os_memset(salt, 0, hash_len);
if (dpp_hmac(hash_len, salt, hash_len, Kx, Kx_len, prk) < 0)
return -1;
wpa_hexdump_key(MSG_DEBUG, "DPP: PRK = HKDF-Extract(<>, IKM)",
prk, hash_len);
info_len = 2 * ETH_ALEN + Mx_len + Nx_len + os_strlen(code);
info = os_malloc(info_len);
if (!info)
return -1;
pos = info;
os_memcpy(pos, mac_init, ETH_ALEN);
pos += ETH_ALEN;
os_memcpy(pos, mac_resp, ETH_ALEN);
pos += ETH_ALEN;
os_memcpy(pos, Mx, Mx_len);
pos += Mx_len;
os_memcpy(pos, Nx, Nx_len);
pos += Nx_len;
os_memcpy(pos, code, os_strlen(code));
/* HKDF-Expand(PRK, info, L) */
if (hash_len == 32)
res = hmac_sha256_kdf(prk, hash_len, NULL, info, info_len,
z, hash_len);
else if (hash_len == 48)
res = hmac_sha384_kdf(prk, hash_len, NULL, info, info_len,
z, hash_len);
else if (hash_len == 64)
res = hmac_sha512_kdf(prk, hash_len, NULL, info, info_len,
z, hash_len);
else
res = -1;
os_free(info);
os_memset(prk, 0, hash_len);
if (res < 0)
return -1;
wpa_hexdump_key(MSG_DEBUG, "DPP: z = HKDF-Expand(PRK, info, L)",
z, hash_len);
return 0;
}
DPP: Report possible PKEX code mismatch in control interface Indicate to upper layers if PKEX Commit-Reveal Request frame AES-SIV decryption fails. That is a likely sign of the PKEX code mismatch between the devices. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-02 11:21:00 +01:00
struct dpp_pkex * dpp_pkex_rx_exchange_req(void *msg_ctx,
struct dpp_bootstrap_info *bi,
DPP: PKEX bootstrapping This implements genric PKEX functionality in src/common/dpp.c and glue code to use this in wpa_supplicant (i.e, hostapd DPP implementation does not yet support PKEX). Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-07-02 11:36:23 +02:00
const u8 *own_mac,
const u8 *peer_mac,
const char *identifier,
const char *code,
const u8 *buf, size_t len)
{
const u8 *attr_group, *attr_id, *attr_key;
u16 attr_group_len, attr_id_len, attr_key_len;
const struct dpp_curve_params *curve = bi->curve;
u16 ike_group;
struct dpp_pkex *pkex = NULL;
EC_POINT *Qi = NULL, *Qr = NULL, *M = NULL, *X = NULL, *N = NULL;
BN_CTX *bnctx = NULL;
const EC_GROUP *group;
BIGNUM *Mx = NULL, *My = NULL;
EC_KEY *Y_ec = NULL, *X_ec = NULL;;
const EC_POINT *Y_point;
BIGNUM *Nx = NULL, *Ny = NULL;
DPP: Move PKEX z derivation on Responder to earlier phase K and z can be derived already based on information available at the time the PKEX Exchange Request is being processed, so move these there from the PKEX Commit-Reveal Request processing since that matches the DPP tech spec description close and allows PKEX exchange to be aborted earlier if anything unexpected happens. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-03 18:24:41 +01:00
u8 Kx[DPP_MAX_SHARED_SECRET_LEN];
size_t Kx_len;
int res;
EVP_PKEY_CTX *ctx = NULL;
DPP: PKEX bootstrapping This implements genric PKEX functionality in src/common/dpp.c and glue code to use this in wpa_supplicant (i.e, hostapd DPP implementation does not yet support PKEX). Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-07-02 11:36:23 +02:00
DPP: PKEX counter t Add limit on number of failed attempts that could have used PKEX code. If the limit (5) is reached, drop the PKEX state (including the code) and report this on the control interface to indicate that a new code needs to be entered due to possible attack. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-03 16:49:45 +01:00
if (bi->pkex_t >= PKEX_COUNTER_T_LIMIT) {
wpa_msg(msg_ctx, MSG_INFO, DPP_EVENT_FAIL
"PKEX counter t limit reached - ignore message");
return NULL;
}
DPP: PKEX bootstrapping This implements genric PKEX functionality in src/common/dpp.c and glue code to use this in wpa_supplicant (i.e, hostapd DPP implementation does not yet support PKEX). Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-07-02 11:36:23 +02:00
attr_id = dpp_get_attr(buf, len, DPP_ATTR_CODE_IDENTIFIER,
&attr_id_len);
if (!attr_id && identifier) {
wpa_printf(MSG_DEBUG,
"DPP: No PKEX code identifier received, but expected one");
return NULL;
}
if (attr_id && identifier &&
(os_strlen(identifier) != attr_id_len ||
os_memcmp(identifier, attr_id, attr_id_len) != 0)) {
wpa_printf(MSG_DEBUG, "DPP: PKEX code identifier mismatch");
return NULL;
}
attr_group = dpp_get_attr(buf, len, DPP_ATTR_FINITE_CYCLIC_GROUP,
&attr_group_len);
if (!attr_group || attr_group_len != 2) {
DPP: Report PKEX failure reasons over control interface This provides more information to upper layer software to report failure reasons on the UI. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-02 23:14:02 +01:00
wpa_msg(msg_ctx, MSG_INFO, DPP_EVENT_FAIL
"Missing or invalid Finite Cyclic Group attribute");
DPP: PKEX bootstrapping This implements genric PKEX functionality in src/common/dpp.c and glue code to use this in wpa_supplicant (i.e, hostapd DPP implementation does not yet support PKEX). Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-07-02 11:36:23 +02:00
return NULL;
}
ike_group = WPA_GET_LE16(attr_group);
if (ike_group != curve->ike_group) {
DPP: Report PKEX failure reasons over control interface This provides more information to upper layer software to report failure reasons on the UI. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-02 23:14:02 +01:00
wpa_msg(msg_ctx, MSG_INFO, DPP_EVENT_FAIL
"Mismatching PKEX curve: peer=%u own=%u",
ike_group, curve->ike_group);
DPP: PKEX and STATUS_BAD_GROUP Report mismatching finite cyclic group with PKEX Exchange Response using STATUS_BAD_GROUP and provide more detailed error report over the control interface on the peer device when this happens. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-03 15:43:58 +01:00
pkex = os_zalloc(sizeof(*pkex));
if (!pkex)
goto fail;
pkex->own_bi = bi;
pkex->failed = 1;
pkex->exchange_resp = dpp_pkex_build_exchange_resp(
pkex, DPP_STATUS_BAD_GROUP, NULL, NULL);
if (!pkex->exchange_resp)
goto fail;
return pkex;
DPP: PKEX bootstrapping This implements genric PKEX functionality in src/common/dpp.c and glue code to use this in wpa_supplicant (i.e, hostapd DPP implementation does not yet support PKEX). Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-07-02 11:36:23 +02:00
}
/* M in Encrypted Key attribute */
attr_key = dpp_get_attr(buf, len, DPP_ATTR_ENCRYPTED_KEY,
&attr_key_len);
if (!attr_key || attr_key_len & 0x01 || attr_key_len < 2 ||
attr_key_len / 2 > DPP_MAX_SHARED_SECRET_LEN) {
DPP: Report PKEX failure reasons over control interface This provides more information to upper layer software to report failure reasons on the UI. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-02 23:14:02 +01:00
wpa_msg(msg_ctx, MSG_INFO, DPP_EVENT_FAIL
"Missing Encrypted Key attribute");
DPP: PKEX bootstrapping This implements genric PKEX functionality in src/common/dpp.c and glue code to use this in wpa_supplicant (i.e, hostapd DPP implementation does not yet support PKEX). Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-07-02 11:36:23 +02:00
return NULL;
}
/* Qi = H(MAC-Initiator | [identifier |] code) * Pi */
bnctx = BN_CTX_new();
if (!bnctx)
goto fail;
Qi = dpp_pkex_derive_Qi(curve, peer_mac, code, identifier, bnctx,
&group);
if (!Qi)
goto fail;
/* X' = M - Qi */
X = EC_POINT_new(group);
M = EC_POINT_new(group);
Mx = BN_bin2bn(attr_key, attr_key_len / 2, NULL);
My = BN_bin2bn(attr_key + attr_key_len / 2, attr_key_len / 2, NULL);
if (!X || !M || !Mx || !My ||
EC_POINT_set_affine_coordinates_GFp(group, M, Mx, My, bnctx) != 1 ||
EC_POINT_is_at_infinity(group, M) ||
!EC_POINT_is_on_curve(group, M, bnctx) ||
EC_POINT_invert(group, Qi, bnctx) != 1 ||
EC_POINT_add(group, X, M, Qi, bnctx) != 1 ||
EC_POINT_is_at_infinity(group, X) ||
DPP: Report PKEX failure reasons over control interface This provides more information to upper layer software to report failure reasons on the UI. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-02 23:14:02 +01:00
!EC_POINT_is_on_curve(group, X, bnctx)) {
wpa_msg(msg_ctx, MSG_INFO, DPP_EVENT_FAIL
"Invalid Encrypted Key value");
DPP: PKEX counter t Add limit on number of failed attempts that could have used PKEX code. If the limit (5) is reached, drop the PKEX state (including the code) and report this on the control interface to indicate that a new code needs to be entered due to possible attack. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-03 16:49:45 +01:00
bi->pkex_t++;
DPP: PKEX bootstrapping This implements genric PKEX functionality in src/common/dpp.c and glue code to use this in wpa_supplicant (i.e, hostapd DPP implementation does not yet support PKEX). Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-07-02 11:36:23 +02:00
goto fail;
DPP: Report PKEX failure reasons over control interface This provides more information to upper layer software to report failure reasons on the UI. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-02 23:14:02 +01:00
}
DPP: PKEX bootstrapping This implements genric PKEX functionality in src/common/dpp.c and glue code to use this in wpa_supplicant (i.e, hostapd DPP implementation does not yet support PKEX). Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-07-02 11:36:23 +02:00
pkex = os_zalloc(sizeof(*pkex));
if (!pkex)
goto fail;
DPP: PKEX counter t Add limit on number of failed attempts that could have used PKEX code. If the limit (5) is reached, drop the PKEX state (including the code) and report this on the control interface to indicate that a new code needs to be entered due to possible attack. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-03 16:49:45 +01:00
pkex->t = bi->pkex_t;
DPP: Report possible PKEX code mismatch in control interface Indicate to upper layers if PKEX Commit-Reveal Request frame AES-SIV decryption fails. That is a likely sign of the PKEX code mismatch between the devices. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-02 11:21:00 +01:00
pkex->msg_ctx = msg_ctx;
DPP: PKEX bootstrapping This implements genric PKEX functionality in src/common/dpp.c and glue code to use this in wpa_supplicant (i.e, hostapd DPP implementation does not yet support PKEX). Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-07-02 11:36:23 +02:00
pkex->own_bi = bi;
os_memcpy(pkex->own_mac, own_mac, ETH_ALEN);
os_memcpy(pkex->peer_mac, peer_mac, ETH_ALEN);
if (identifier) {
pkex->identifier = os_strdup(identifier);
if (!pkex->identifier)
goto fail;
}
pkex->code = os_strdup(code);
if (!pkex->code)
goto fail;
os_memcpy(pkex->Mx, attr_key, attr_key_len / 2);
X_ec = EC_KEY_new();
if (!X_ec ||
EC_KEY_set_group(X_ec, group) != 1 ||
EC_KEY_set_public_key(X_ec, X) != 1)
goto fail;
pkex->x = EVP_PKEY_new();
if (!pkex->x ||
EVP_PKEY_set1_EC_KEY(pkex->x, X_ec) != 1)
goto fail;
/* Qr = H(MAC-Responder | | [identifier | ] code) * Pr */
Qr = dpp_pkex_derive_Qr(curve, own_mac, code, identifier, bnctx, NULL);
if (!Qr)
goto fail;
/* Generate a random ephemeral keypair y/Y */
pkex->y = dpp_gen_keypair(curve);
if (!pkex->y)
goto fail;
/* N = Y + Qr */
Y_ec = EVP_PKEY_get1_EC_KEY(pkex->y);
if (!Y_ec)
goto fail;
Y_point = EC_KEY_get0_public_key(Y_ec);
if (!Y_point)
goto fail;
N = EC_POINT_new(group);
Nx = BN_new();
Ny = BN_new();
if (!N || !Nx || !Ny ||
EC_POINT_add(group, N, Y_point, Qr, bnctx) != 1 ||
EC_POINT_get_affine_coordinates_GFp(group, N, Nx, Ny, bnctx) != 1)
goto fail;
DPP: PKEX and STATUS_BAD_GROUP Report mismatching finite cyclic group with PKEX Exchange Response using STATUS_BAD_GROUP and provide more detailed error report over the control interface on the peer device when this happens. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-03 15:43:58 +01:00
pkex->exchange_resp = dpp_pkex_build_exchange_resp(pkex, DPP_STATUS_OK,
DPP: Move PKEX Exchange Response building to a helper function This cleans up dpp_pkex_rx_exchange_req() a bit and makes it easier to add protocol testing functionality to PKEX exchange similarly to the previously added DPP Authentication case. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-02 20:13:43 +01:00
Nx, Ny);
if (!pkex->exchange_resp)
DPP: PKEX bootstrapping This implements genric PKEX functionality in src/common/dpp.c and glue code to use this in wpa_supplicant (i.e, hostapd DPP implementation does not yet support PKEX). Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-07-02 11:36:23 +02:00
goto fail;
DPP: Move PKEX z derivation on Responder to earlier phase K and z can be derived already based on information available at the time the PKEX Exchange Request is being processed, so move these there from the PKEX Commit-Reveal Request processing since that matches the DPP tech spec description close and allows PKEX exchange to be aborted earlier if anything unexpected happens. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-03 18:24:41 +01:00
/* K = y * X' */
ctx = EVP_PKEY_CTX_new(pkex->y, NULL);
if (!ctx ||
EVP_PKEY_derive_init(ctx) != 1 ||
EVP_PKEY_derive_set_peer(ctx, pkex->x) != 1 ||
EVP_PKEY_derive(ctx, NULL, &Kx_len) != 1 ||
Kx_len > DPP_MAX_SHARED_SECRET_LEN ||
EVP_PKEY_derive(ctx, Kx, &Kx_len) != 1) {
wpa_printf(MSG_ERROR,
"DPP: Failed to derive ECDH shared secret: %s",
ERR_error_string(ERR_get_error(), NULL));
goto fail;
}
wpa_hexdump_key(MSG_DEBUG, "DPP: ECDH shared secret (K.x)",
Kx, Kx_len);
/* z = HKDF(<>, MAC-Initiator | MAC-Responder | M.x | N.x | code, K.x)
*/
res = dpp_pkex_derive_z(pkex->peer_mac, pkex->own_mac,
pkex->Mx, curve->prime_len,
pkex->Nx, curve->prime_len, pkex->code,
Kx, Kx_len, pkex->z, curve->hash_len);
os_memset(Kx, 0, Kx_len);
if (res < 0)
goto fail;
DPP: PKEX bootstrapping This implements genric PKEX functionality in src/common/dpp.c and glue code to use this in wpa_supplicant (i.e, hostapd DPP implementation does not yet support PKEX). Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-07-02 11:36:23 +02:00
pkex->exchange_done = 1;
out:
DPP: Move PKEX z derivation on Responder to earlier phase K and z can be derived already based on information available at the time the PKEX Exchange Request is being processed, so move these there from the PKEX Commit-Reveal Request processing since that matches the DPP tech spec description close and allows PKEX exchange to be aborted earlier if anything unexpected happens. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-03 18:24:41 +01:00
EVP_PKEY_CTX_free(ctx);
DPP: PKEX bootstrapping This implements genric PKEX functionality in src/common/dpp.c and glue code to use this in wpa_supplicant (i.e, hostapd DPP implementation does not yet support PKEX). Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-07-02 11:36:23 +02:00
BN_CTX_free(bnctx);
EC_POINT_free(Qi);
EC_POINT_free(Qr);
BN_free(Mx);
BN_free(My);
BN_free(Nx);
BN_free(Ny);
EC_POINT_free(M);
EC_POINT_free(N);
EC_POINT_free(X);
EC_KEY_free(X_ec);
EC_KEY_free(Y_ec);
return pkex;
fail:
DPP: Fix couple of typos in debug messages Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-02 20:34:03 +01:00
wpa_printf(MSG_DEBUG, "DPP: PKEX Exchange Request processing failed");
DPP: PKEX bootstrapping This implements genric PKEX functionality in src/common/dpp.c and glue code to use this in wpa_supplicant (i.e, hostapd DPP implementation does not yet support PKEX). Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-07-02 11:36:23 +02:00
dpp_pkex_free(pkex);
pkex = NULL;
goto out;
}
DPP: Move PKEX Commit-Reveal Request building to a helper function This cleans up dpp_pkex_rx_exchange_resp() a bit and makes it easier to add protocol testing functionality to PKEX exchange similarly to the previously added DPP Authentication case. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-02 20:21:55 +01:00
static struct wpabuf *
dpp_pkex_build_commit_reveal_req(struct dpp_pkex *pkex,
const struct wpabuf *A_pub, const u8 *u)
{
const struct dpp_curve_params *curve = pkex->own_bi->curve;
struct wpabuf *msg = NULL;
size_t clear_len, attr_len;
struct wpabuf *clear = NULL;
u8 *wrapped;
u8 octet;
const u8 *addr[2];
size_t len[2];
/* {A, u, [bootstrapping info]}z */
clear_len = 4 + 2 * curve->prime_len + 4 + curve->hash_len;
clear = wpabuf_alloc(clear_len);
attr_len = 4 + clear_len + AES_BLOCK_SIZE;
#ifdef CONFIG_TESTING_OPTIONS
if (dpp_test == DPP_TEST_AFTER_WRAPPED_DATA_PKEX_CR_REQ)
DPP: Replace custom undefined attr with DPP Status in after-wrapped data This has the same impact and is needed for some testing needs. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-19 11:32:00 +01:00
attr_len += 5;
DPP: Move PKEX Commit-Reveal Request building to a helper function This cleans up dpp_pkex_rx_exchange_resp() a bit and makes it easier to add protocol testing functionality to PKEX exchange similarly to the previously added DPP Authentication case. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-02 20:21:55 +01:00
#endif /* CONFIG_TESTING_OPTIONS */
msg = dpp_alloc_msg(DPP_PA_PKEX_COMMIT_REVEAL_REQ, attr_len);
if (!clear || !msg)
goto fail;
DPP: Extend protocol testing to cover missing attributes in PKEX Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-02 22:53:55 +01:00
#ifdef CONFIG_TESTING_OPTIONS
if (dpp_test == DPP_TEST_NO_BOOTSTRAP_KEY_PKEX_CR_REQ) {
wpa_printf(MSG_INFO, "DPP: TESTING - no Bootstrap Key");
goto skip_bootstrap_key;
}
DPP: Protocol testing - invalid Bootstrap Key value in PKEX Commit-Reveal Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-03 18:54:48 +01:00
if (dpp_test == DPP_TEST_INVALID_BOOTSTRAP_KEY_PKEX_CR_REQ) {
wpa_printf(MSG_INFO, "DPP: TESTING - invalid Bootstrap Key");
wpabuf_put_le16(clear, DPP_ATTR_BOOTSTRAP_KEY);
wpabuf_put_le16(clear, 2 * curve->prime_len);
if (dpp_test_gen_invalid_key(clear, curve) < 0)
goto fail;
goto skip_bootstrap_key;
}
DPP: Extend protocol testing to cover missing attributes in PKEX Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-02 22:53:55 +01:00
#endif /* CONFIG_TESTING_OPTIONS */
DPP: Move PKEX Commit-Reveal Request building to a helper function This cleans up dpp_pkex_rx_exchange_resp() a bit and makes it easier to add protocol testing functionality to PKEX exchange similarly to the previously added DPP Authentication case. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-02 20:21:55 +01:00
/* A in Bootstrap Key attribute */
wpabuf_put_le16(clear, DPP_ATTR_BOOTSTRAP_KEY);
wpabuf_put_le16(clear, wpabuf_len(A_pub));
wpabuf_put_buf(clear, A_pub);
DPP: Extend protocol testing to cover missing attributes in PKEX Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-02 22:53:55 +01:00
#ifdef CONFIG_TESTING_OPTIONS
skip_bootstrap_key:
if (dpp_test == DPP_TEST_NO_I_AUTH_TAG_PKEX_CR_REQ) {
wpa_printf(MSG_INFO, "DPP: TESTING - no I-Auth tag");
goto skip_i_auth_tag;
}
DPP: Protocol testing - invalid I/R-Auth value in PKEX Commit-Reveal Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-03 19:18:24 +01:00
if (dpp_test == DPP_TEST_I_AUTH_TAG_MISMATCH_PKEX_CR_REQ) {
wpa_printf(MSG_INFO, "DPP: TESTING - I-Auth tag mismatch");
wpabuf_put_le16(clear, DPP_ATTR_I_AUTH_TAG);
wpabuf_put_le16(clear, curve->hash_len);
wpabuf_put_data(clear, u, curve->hash_len - 1);
wpabuf_put_u8(clear, u[curve->hash_len - 1] ^ 0x01);
goto skip_i_auth_tag;
}
DPP: Extend protocol testing to cover missing attributes in PKEX Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-02 22:53:55 +01:00
#endif /* CONFIG_TESTING_OPTIONS */
DPP: Move PKEX Commit-Reveal Request building to a helper function This cleans up dpp_pkex_rx_exchange_resp() a bit and makes it easier to add protocol testing functionality to PKEX exchange similarly to the previously added DPP Authentication case. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-02 20:21:55 +01:00
/* u in I-Auth tag attribute */
wpabuf_put_le16(clear, DPP_ATTR_I_AUTH_TAG);
wpabuf_put_le16(clear, curve->hash_len);
wpabuf_put_data(clear, u, curve->hash_len);
DPP: Extend protocol testing to cover missing attributes in PKEX Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-02 22:53:55 +01:00
#ifdef CONFIG_TESTING_OPTIONS
skip_i_auth_tag:
if (dpp_test == DPP_TEST_NO_WRAPPED_DATA_PKEX_CR_REQ) {
wpa_printf(MSG_INFO, "DPP: TESTING - no Wrapped Data");
goto skip_wrapped_data;
}
#endif /* CONFIG_TESTING_OPTIONS */
DPP: Move PKEX Commit-Reveal Request building to a helper function This cleans up dpp_pkex_rx_exchange_resp() a bit and makes it easier to add protocol testing functionality to PKEX exchange similarly to the previously added DPP Authentication case. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-02 20:21:55 +01:00
addr[0] = wpabuf_head_u8(msg) + 2;
len[0] = DPP_HDR_LEN;
octet = 0;
addr[1] = &octet;
len[1] = sizeof(octet);
wpa_hexdump(MSG_DEBUG, "DDP: AES-SIV AD[0]", addr[0], len[0]);
wpa_hexdump(MSG_DEBUG, "DDP: AES-SIV AD[1]", addr[1], len[1]);
wpabuf_put_le16(msg, DPP_ATTR_WRAPPED_DATA);
wpabuf_put_le16(msg, wpabuf_len(clear) + AES_BLOCK_SIZE);
wrapped = wpabuf_put(msg, wpabuf_len(clear) + AES_BLOCK_SIZE);
wpa_hexdump_buf(MSG_DEBUG, "DPP: AES-SIV cleartext", clear);
if (aes_siv_encrypt(pkex->z, curve->hash_len,
wpabuf_head(clear), wpabuf_len(clear),
2, addr, len, wrapped) < 0)
goto fail;
wpa_hexdump(MSG_DEBUG, "DPP: AES-SIV ciphertext",
wrapped, wpabuf_len(clear) + AES_BLOCK_SIZE);
#ifdef CONFIG_TESTING_OPTIONS
if (dpp_test == DPP_TEST_AFTER_WRAPPED_DATA_PKEX_CR_REQ) {
wpa_printf(MSG_INFO, "DPP: TESTING - attr after Wrapped Data");
DPP: Replace custom undefined attr with DPP Status in after-wrapped data This has the same impact and is needed for some testing needs. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-19 11:32:00 +01:00
dpp_build_attr_status(msg, DPP_STATUS_OK);
DPP: Move PKEX Commit-Reveal Request building to a helper function This cleans up dpp_pkex_rx_exchange_resp() a bit and makes it easier to add protocol testing functionality to PKEX exchange similarly to the previously added DPP Authentication case. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-02 20:21:55 +01:00
}
DPP: Extend protocol testing to cover missing attributes in PKEX Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-02 22:53:55 +01:00
skip_wrapped_data:
DPP: Move PKEX Commit-Reveal Request building to a helper function This cleans up dpp_pkex_rx_exchange_resp() a bit and makes it easier to add protocol testing functionality to PKEX exchange similarly to the previously added DPP Authentication case. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-02 20:21:55 +01:00
#endif /* CONFIG_TESTING_OPTIONS */
out:
wpabuf_free(clear);
return msg;
fail:
wpabuf_free(msg);
msg = NULL;
goto out;
}
DPP: PKEX bootstrapping This implements genric PKEX functionality in src/common/dpp.c and glue code to use this in wpa_supplicant (i.e, hostapd DPP implementation does not yet support PKEX). Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-07-02 11:36:23 +02:00
struct wpabuf * dpp_pkex_rx_exchange_resp(struct dpp_pkex *pkex,
const u8 *buf, size_t buflen)
{
DPP: PKEX and STATUS_BAD_GROUP Report mismatching finite cyclic group with PKEX Exchange Response using STATUS_BAD_GROUP and provide more detailed error report over the control interface on the peer device when this happens. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-03 15:43:58 +01:00
const u8 *attr_status, *attr_id, *attr_key, *attr_group;
u16 attr_status_len, attr_id_len, attr_key_len, attr_group_len;
DPP: PKEX bootstrapping This implements genric PKEX functionality in src/common/dpp.c and glue code to use this in wpa_supplicant (i.e, hostapd DPP implementation does not yet support PKEX). Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-07-02 11:36:23 +02:00
const EC_GROUP *group;
BN_CTX *bnctx = NULL;
struct wpabuf *msg = NULL, *A_pub = NULL, *X_pub = NULL, *Y_pub = NULL;
const struct dpp_curve_params *curve = pkex->own_bi->curve;
EC_POINT *Qr = NULL, *Y = NULL, *N = NULL;
BIGNUM *Nx = NULL, *Ny = NULL;
EVP_PKEY_CTX *ctx = NULL;
EC_KEY *Y_ec = NULL;
DPP: Rename PKEX secret element from Z to K This matches the change in the DPP tech spec to make this less likely to be confused with the shared secret z. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-10-09 23:52:35 +02:00
size_t Jx_len, Kx_len;
u8 Jx[DPP_MAX_SHARED_SECRET_LEN], Kx[DPP_MAX_SHARED_SECRET_LEN];
DPP: PKEX bootstrapping This implements genric PKEX functionality in src/common/dpp.c and glue code to use this in wpa_supplicant (i.e, hostapd DPP implementation does not yet support PKEX). Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-07-02 11:36:23 +02:00
const u8 *addr[4];
size_t len[4];
u8 u[DPP_MAX_HASH_LEN];
DPP: Explicitly delete the PKEX secret element K upon generation of z This was added as an explicit requirement in DPP tech spec 0.2.3. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-10-09 23:56:21 +02:00
int res;
DPP: PKEX bootstrapping This implements genric PKEX functionality in src/common/dpp.c and glue code to use this in wpa_supplicant (i.e, hostapd DPP implementation does not yet support PKEX). Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-07-02 11:36:23 +02:00
DPP: Reject unexpected Req/Resp message based on Auth/PKEX role This prevents issues where an unexpected message in the DPP Authentication exchange or PKEX could result in undefined behavior. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-13 11:54:20 +01:00
if (pkex->failed || pkex->t >= PKEX_COUNTER_T_LIMIT || !pkex->initiator)
DPP: PKEX and STATUS_BAD_GROUP Report mismatching finite cyclic group with PKEX Exchange Response using STATUS_BAD_GROUP and provide more detailed error report over the control interface on the peer device when this happens. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-03 15:43:58 +01:00
return NULL;
DPP: PKEX bootstrapping This implements genric PKEX functionality in src/common/dpp.c and glue code to use this in wpa_supplicant (i.e, hostapd DPP implementation does not yet support PKEX). Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-07-02 11:36:23 +02:00
attr_status = dpp_get_attr(buf, buflen, DPP_ATTR_STATUS,
&attr_status_len);
if (!attr_status || attr_status_len != 1) {
DPP: Report PKEX failure reasons over control interface This provides more information to upper layer software to report failure reasons on the UI. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-02 23:14:02 +01:00
dpp_pkex_fail(pkex, "No DPP Status attribute");
DPP: PKEX bootstrapping This implements genric PKEX functionality in src/common/dpp.c and glue code to use this in wpa_supplicant (i.e, hostapd DPP implementation does not yet support PKEX). Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-07-02 11:36:23 +02:00
return NULL;
}
wpa_printf(MSG_DEBUG, "DPP: Status %u", attr_status[0]);
DPP: PKEX and STATUS_BAD_GROUP Report mismatching finite cyclic group with PKEX Exchange Response using STATUS_BAD_GROUP and provide more detailed error report over the control interface on the peer device when this happens. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-03 15:43:58 +01:00
if (attr_status[0] == DPP_STATUS_BAD_GROUP) {
attr_group = dpp_get_attr(buf, buflen,
DPP_ATTR_FINITE_CYCLIC_GROUP,
&attr_group_len);
if (attr_group && attr_group_len == 2) {
wpa_msg(pkex->msg_ctx, MSG_INFO, DPP_EVENT_FAIL
"Peer indicated mismatching PKEX group - proposed %u",
WPA_GET_LE16(attr_group));
return NULL;
}
}
DPP: PKEX bootstrapping This implements genric PKEX functionality in src/common/dpp.c and glue code to use this in wpa_supplicant (i.e, hostapd DPP implementation does not yet support PKEX). Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-07-02 11:36:23 +02:00
if (attr_status[0] != DPP_STATUS_OK) {
DPP: Report PKEX failure reasons over control interface This provides more information to upper layer software to report failure reasons on the UI. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-02 23:14:02 +01:00
dpp_pkex_fail(pkex, "PKEX failed (peer indicated failure)");
DPP: PKEX bootstrapping This implements genric PKEX functionality in src/common/dpp.c and glue code to use this in wpa_supplicant (i.e, hostapd DPP implementation does not yet support PKEX). Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-07-02 11:36:23 +02:00
return NULL;
}
attr_id = dpp_get_attr(buf, buflen, DPP_ATTR_CODE_IDENTIFIER,
&attr_id_len);
if (!attr_id && pkex->identifier) {
wpa_printf(MSG_DEBUG,
"DPP: No PKEX code identifier received, but expected one");
return NULL;
}
if (attr_id && pkex->identifier &&
(os_strlen(pkex->identifier) != attr_id_len ||
os_memcmp(pkex->identifier, attr_id, attr_id_len) != 0)) {
DPP: Report PKEX failure reasons over control interface This provides more information to upper layer software to report failure reasons on the UI. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-02 23:14:02 +01:00
dpp_pkex_fail(pkex, "PKEX code identifier mismatch");
DPP: PKEX bootstrapping This implements genric PKEX functionality in src/common/dpp.c and glue code to use this in wpa_supplicant (i.e, hostapd DPP implementation does not yet support PKEX). Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-07-02 11:36:23 +02:00
return NULL;
}
/* N in Encrypted Key attribute */
attr_key = dpp_get_attr(buf, buflen, DPP_ATTR_ENCRYPTED_KEY,
&attr_key_len);
if (!attr_key || attr_key_len & 0x01 || attr_key_len < 2) {
DPP: Report PKEX failure reasons over control interface This provides more information to upper layer software to report failure reasons on the UI. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-02 23:14:02 +01:00
dpp_pkex_fail(pkex, "Missing Encrypted Key attribute");
DPP: PKEX bootstrapping This implements genric PKEX functionality in src/common/dpp.c and glue code to use this in wpa_supplicant (i.e, hostapd DPP implementation does not yet support PKEX). Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-07-02 11:36:23 +02:00
return NULL;
}
/* Qr = H(MAC-Responder | [identifier |] code) * Pr */
bnctx = BN_CTX_new();
if (!bnctx)
goto fail;
Qr = dpp_pkex_derive_Qr(curve, pkex->peer_mac, pkex->code,
pkex->identifier, bnctx, &group);
if (!Qr)
goto fail;
/* Y' = N - Qr */
Y = EC_POINT_new(group);
N = EC_POINT_new(group);
Nx = BN_bin2bn(attr_key, attr_key_len / 2, NULL);
Ny = BN_bin2bn(attr_key + attr_key_len / 2, attr_key_len / 2, NULL);
if (!Y || !N || !Nx || !Ny ||
EC_POINT_set_affine_coordinates_GFp(group, N, Nx, Ny, bnctx) != 1 ||
EC_POINT_is_at_infinity(group, N) ||
!EC_POINT_is_on_curve(group, N, bnctx) ||
EC_POINT_invert(group, Qr, bnctx) != 1 ||
EC_POINT_add(group, Y, N, Qr, bnctx) != 1 ||
EC_POINT_is_at_infinity(group, Y) ||
DPP: Report PKEX failure reasons over control interface This provides more information to upper layer software to report failure reasons on the UI. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-02 23:14:02 +01:00
!EC_POINT_is_on_curve(group, Y, bnctx)) {
dpp_pkex_fail(pkex, "Invalid Encrypted Key value");
DPP: PKEX counter t Add limit on number of failed attempts that could have used PKEX code. If the limit (5) is reached, drop the PKEX state (including the code) and report this on the control interface to indicate that a new code needs to be entered due to possible attack. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-03 16:49:45 +01:00
pkex->t++;
DPP: PKEX bootstrapping This implements genric PKEX functionality in src/common/dpp.c and glue code to use this in wpa_supplicant (i.e, hostapd DPP implementation does not yet support PKEX). Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-07-02 11:36:23 +02:00
goto fail;
DPP: Report PKEX failure reasons over control interface This provides more information to upper layer software to report failure reasons on the UI. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-02 23:14:02 +01:00
}
DPP: PKEX bootstrapping This implements genric PKEX functionality in src/common/dpp.c and glue code to use this in wpa_supplicant (i.e, hostapd DPP implementation does not yet support PKEX). Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-07-02 11:36:23 +02:00
pkex->exchange_done = 1;
/* ECDH: J = a * Y */
Y_ec = EC_KEY_new();
if (!Y_ec ||
EC_KEY_set_group(Y_ec, group) != 1 ||
EC_KEY_set_public_key(Y_ec, Y) != 1)
goto fail;
pkex->y = EVP_PKEY_new();
if (!pkex->y ||
EVP_PKEY_set1_EC_KEY(pkex->y, Y_ec) != 1)
goto fail;
ctx = EVP_PKEY_CTX_new(pkex->own_bi->pubkey, NULL);
if (!ctx ||
EVP_PKEY_derive_init(ctx) != 1 ||
EVP_PKEY_derive_set_peer(ctx, pkex->y) != 1 ||
EVP_PKEY_derive(ctx, NULL, &Jx_len) != 1 ||
Jx_len > DPP_MAX_SHARED_SECRET_LEN ||
EVP_PKEY_derive(ctx, Jx, &Jx_len) != 1) {
wpa_printf(MSG_ERROR,
"DPP: Failed to derive ECDH shared secret: %s",
ERR_error_string(ERR_get_error(), NULL));
goto fail;
}
wpa_hexdump_key(MSG_DEBUG, "DPP: ECDH shared secret (J.x)",
Jx, Jx_len);
/* u = HMAC(J.x, MAC-Initiator | A.x | Y.x | X.x ) */
A_pub = dpp_get_pubkey_point(pkex->own_bi->pubkey, 0);
Y_pub = dpp_get_pubkey_point(pkex->y, 0);
X_pub = dpp_get_pubkey_point(pkex->x, 0);
if (!A_pub || !Y_pub || !X_pub)
goto fail;
addr[0] = pkex->own_mac;
len[0] = ETH_ALEN;
addr[1] = wpabuf_head(A_pub);
len[1] = wpabuf_len(A_pub) / 2;
addr[2] = wpabuf_head(Y_pub);
len[2] = wpabuf_len(Y_pub) / 2;
addr[3] = wpabuf_head(X_pub);
len[3] = wpabuf_len(X_pub) / 2;
if (dpp_hmac_vector(curve->hash_len, Jx, Jx_len, 4, addr, len, u) < 0)
goto fail;
wpa_hexdump(MSG_DEBUG, "DPP: u", u, curve->hash_len);
DPP: Rename PKEX secret element from Z to K This matches the change in the DPP tech spec to make this less likely to be confused with the shared secret z. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-10-09 23:52:35 +02:00
/* K = x * Y */
DPP: PKEX bootstrapping This implements genric PKEX functionality in src/common/dpp.c and glue code to use this in wpa_supplicant (i.e, hostapd DPP implementation does not yet support PKEX). Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-07-02 11:36:23 +02:00
EVP_PKEY_CTX_free(ctx);
ctx = EVP_PKEY_CTX_new(pkex->x, NULL);
if (!ctx ||
EVP_PKEY_derive_init(ctx) != 1 ||
EVP_PKEY_derive_set_peer(ctx, pkex->y) != 1 ||
DPP: Rename PKEX secret element from Z to K This matches the change in the DPP tech spec to make this less likely to be confused with the shared secret z. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-10-09 23:52:35 +02:00
EVP_PKEY_derive(ctx, NULL, &Kx_len) != 1 ||
Kx_len > DPP_MAX_SHARED_SECRET_LEN ||
EVP_PKEY_derive(ctx, Kx, &Kx_len) != 1) {
DPP: PKEX bootstrapping This implements genric PKEX functionality in src/common/dpp.c and glue code to use this in wpa_supplicant (i.e, hostapd DPP implementation does not yet support PKEX). Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-07-02 11:36:23 +02:00
wpa_printf(MSG_ERROR,
"DPP: Failed to derive ECDH shared secret: %s",
ERR_error_string(ERR_get_error(), NULL));
goto fail;
}
DPP: Rename PKEX secret element from Z to K This matches the change in the DPP tech spec to make this less likely to be confused with the shared secret z. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-10-09 23:52:35 +02:00
wpa_hexdump_key(MSG_DEBUG, "DPP: ECDH shared secret (K.x)",
Kx, Kx_len);
DPP: PKEX bootstrapping This implements genric PKEX functionality in src/common/dpp.c and glue code to use this in wpa_supplicant (i.e, hostapd DPP implementation does not yet support PKEX). Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-07-02 11:36:23 +02:00
DPP: Rename PKEX secret element from Z to K This matches the change in the DPP tech spec to make this less likely to be confused with the shared secret z. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-10-09 23:52:35 +02:00
/* z = HKDF(<>, MAC-Initiator | MAC-Responder | M.x | N.x | code, K.x)
DPP: PKEX bootstrapping This implements genric PKEX functionality in src/common/dpp.c and glue code to use this in wpa_supplicant (i.e, hostapd DPP implementation does not yet support PKEX). Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-07-02 11:36:23 +02:00
*/
DPP: Explicitly delete the PKEX secret element K upon generation of z This was added as an explicit requirement in DPP tech spec 0.2.3. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-10-09 23:56:21 +02:00
res = dpp_pkex_derive_z(pkex->own_mac, pkex->peer_mac,
pkex->Mx, curve->prime_len,
attr_key /* N.x */, attr_key_len / 2,
pkex->code, Kx, Kx_len,
pkex->z, curve->hash_len);
os_memset(Kx, 0, Kx_len);
if (res < 0)
DPP: PKEX bootstrapping This implements genric PKEX functionality in src/common/dpp.c and glue code to use this in wpa_supplicant (i.e, hostapd DPP implementation does not yet support PKEX). Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-07-02 11:36:23 +02:00
goto fail;
DPP: Move PKEX Commit-Reveal Request building to a helper function This cleans up dpp_pkex_rx_exchange_resp() a bit and makes it easier to add protocol testing functionality to PKEX exchange similarly to the previously added DPP Authentication case. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-02 20:21:55 +01:00
msg = dpp_pkex_build_commit_reveal_req(pkex, A_pub, u);
if (!msg)
DPP: PKEX bootstrapping This implements genric PKEX functionality in src/common/dpp.c and glue code to use this in wpa_supplicant (i.e, hostapd DPP implementation does not yet support PKEX). Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-07-02 11:36:23 +02:00
goto fail;
DPP: Protocol testing framework Add a generic mechanism for configuring the DPP implementation to behave in particular different (mostly incorrect) ways for protocol testing purposes. The new dpp_test parameter can be set to a non-zero integer to indicate a specific behavior. This is only available in CONFIG_TESTING_OPTIONS=y builds. This commit include cases for an extra attribute being added after the Wrapped Data attribute and Initiator/Responder capabilities having an unexpected zero capability. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-10-22 10:15:21 +02:00
DPP: PKEX bootstrapping This implements genric PKEX functionality in src/common/dpp.c and glue code to use this in wpa_supplicant (i.e, hostapd DPP implementation does not yet support PKEX). Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-07-02 11:36:23 +02:00
out:
wpabuf_free(A_pub);
wpabuf_free(X_pub);
wpabuf_free(Y_pub);
EC_POINT_free(Qr);
EC_POINT_free(Y);
EC_POINT_free(N);
BN_free(Nx);
BN_free(Ny);
EC_KEY_free(Y_ec);
EVP_PKEY_CTX_free(ctx);
BN_CTX_free(bnctx);
return msg;
fail:
DPP: Fix couple of typos in debug messages Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-02 20:34:03 +01:00
wpa_printf(MSG_DEBUG, "DPP: PKEX Exchange Response processing failed");
DPP: PKEX bootstrapping This implements genric PKEX functionality in src/common/dpp.c and glue code to use this in wpa_supplicant (i.e, hostapd DPP implementation does not yet support PKEX). Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-07-02 11:36:23 +02:00
goto out;
}
DPP: Move PKEX Commit-Reveal Response building to a helper function This cleans up dpp_pkex_rx_commit_reveal_req() a bit and makes it easier to add protocol testing functionality to PKEX exchange similarly to the previously added DPP Authentication case. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-02 20:28:58 +01:00
static struct wpabuf *
dpp_pkex_build_commit_reveal_resp(struct dpp_pkex *pkex,
const struct wpabuf *B_pub, const u8 *v)
{
const struct dpp_curve_params *curve = pkex->own_bi->curve;
struct wpabuf *msg = NULL;
const u8 *addr[2];
size_t len[2];
u8 octet;
u8 *wrapped;
struct wpabuf *clear = NULL;
size_t clear_len, attr_len;
/* {B, v [bootstrapping info]}z */
clear_len = 4 + 2 * curve->prime_len + 4 + curve->hash_len;
clear = wpabuf_alloc(clear_len);
attr_len = 4 + clear_len + AES_BLOCK_SIZE;
#ifdef CONFIG_TESTING_OPTIONS
if (dpp_test == DPP_TEST_AFTER_WRAPPED_DATA_PKEX_CR_RESP)
DPP: Replace custom undefined attr with DPP Status in after-wrapped data This has the same impact and is needed for some testing needs. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-19 11:32:00 +01:00
attr_len += 5;
DPP: Move PKEX Commit-Reveal Response building to a helper function This cleans up dpp_pkex_rx_commit_reveal_req() a bit and makes it easier to add protocol testing functionality to PKEX exchange similarly to the previously added DPP Authentication case. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-02 20:28:58 +01:00
#endif /* CONFIG_TESTING_OPTIONS */
msg = dpp_alloc_msg(DPP_PA_PKEX_COMMIT_REVEAL_RESP, attr_len);
if (!clear || !msg)
goto fail;
DPP: Extend protocol testing to cover missing attributes in PKEX Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-02 22:53:55 +01:00
#ifdef CONFIG_TESTING_OPTIONS
if (dpp_test == DPP_TEST_NO_BOOTSTRAP_KEY_PKEX_CR_RESP) {
wpa_printf(MSG_INFO, "DPP: TESTING - no Bootstrap Key");
goto skip_bootstrap_key;
}
DPP: Protocol testing - invalid Bootstrap Key value in PKEX Commit-Reveal Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-03 18:54:48 +01:00
if (dpp_test == DPP_TEST_INVALID_BOOTSTRAP_KEY_PKEX_CR_RESP) {
wpa_printf(MSG_INFO, "DPP: TESTING - invalid Bootstrap Key");
wpabuf_put_le16(clear, DPP_ATTR_BOOTSTRAP_KEY);
wpabuf_put_le16(clear, 2 * curve->prime_len);
if (dpp_test_gen_invalid_key(clear, curve) < 0)
goto fail;
goto skip_bootstrap_key;
}
DPP: Extend protocol testing to cover missing attributes in PKEX Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-02 22:53:55 +01:00
#endif /* CONFIG_TESTING_OPTIONS */
/* B in Bootstrap Key attribute */
DPP: Move PKEX Commit-Reveal Response building to a helper function This cleans up dpp_pkex_rx_commit_reveal_req() a bit and makes it easier to add protocol testing functionality to PKEX exchange similarly to the previously added DPP Authentication case. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-02 20:28:58 +01:00
wpabuf_put_le16(clear, DPP_ATTR_BOOTSTRAP_KEY);
wpabuf_put_le16(clear, wpabuf_len(B_pub));
wpabuf_put_buf(clear, B_pub);
DPP: Extend protocol testing to cover missing attributes in PKEX Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-02 22:53:55 +01:00
#ifdef CONFIG_TESTING_OPTIONS
skip_bootstrap_key:
if (dpp_test == DPP_TEST_NO_R_AUTH_TAG_PKEX_CR_RESP) {
wpa_printf(MSG_INFO, "DPP: TESTING - no R-Auth tag");
goto skip_r_auth_tag;
}
DPP: Protocol testing - invalid I/R-Auth value in PKEX Commit-Reveal Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-03 19:18:24 +01:00
if (dpp_test == DPP_TEST_R_AUTH_TAG_MISMATCH_PKEX_CR_RESP) {
wpa_printf(MSG_INFO, "DPP: TESTING - R-Auth tag mismatch");
wpabuf_put_le16(clear, DPP_ATTR_R_AUTH_TAG);
wpabuf_put_le16(clear, curve->hash_len);
wpabuf_put_data(clear, v, curve->hash_len - 1);
wpabuf_put_u8(clear, v[curve->hash_len - 1] ^ 0x01);
goto skip_r_auth_tag;
}
DPP: Extend protocol testing to cover missing attributes in PKEX Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-02 22:53:55 +01:00
#endif /* CONFIG_TESTING_OPTIONS */
DPP: Move PKEX Commit-Reveal Response building to a helper function This cleans up dpp_pkex_rx_commit_reveal_req() a bit and makes it easier to add protocol testing functionality to PKEX exchange similarly to the previously added DPP Authentication case. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-02 20:28:58 +01:00
/* v in R-Auth tag attribute */
wpabuf_put_le16(clear, DPP_ATTR_R_AUTH_TAG);
wpabuf_put_le16(clear, curve->hash_len);
wpabuf_put_data(clear, v, curve->hash_len);
DPP: Extend protocol testing to cover missing attributes in PKEX Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-02 22:53:55 +01:00
#ifdef CONFIG_TESTING_OPTIONS
skip_r_auth_tag:
if (dpp_test == DPP_TEST_NO_WRAPPED_DATA_PKEX_CR_RESP) {
wpa_printf(MSG_INFO, "DPP: TESTING - no Wrapped Data");
goto skip_wrapped_data;
}
#endif /* CONFIG_TESTING_OPTIONS */
DPP: Move PKEX Commit-Reveal Response building to a helper function This cleans up dpp_pkex_rx_commit_reveal_req() a bit and makes it easier to add protocol testing functionality to PKEX exchange similarly to the previously added DPP Authentication case. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-02 20:28:58 +01:00
addr[0] = wpabuf_head_u8(msg) + 2;
len[0] = DPP_HDR_LEN;
octet = 1;
addr[1] = &octet;
len[1] = sizeof(octet);
wpa_hexdump(MSG_DEBUG, "DDP: AES-SIV AD[0]", addr[0], len[0]);
wpa_hexdump(MSG_DEBUG, "DDP: AES-SIV AD[1]", addr[1], len[1]);
wpabuf_put_le16(msg, DPP_ATTR_WRAPPED_DATA);
wpabuf_put_le16(msg, wpabuf_len(clear) + AES_BLOCK_SIZE);
wrapped = wpabuf_put(msg, wpabuf_len(clear) + AES_BLOCK_SIZE);
wpa_hexdump_buf(MSG_DEBUG, "DPP: AES-SIV cleartext", clear);
if (aes_siv_encrypt(pkex->z, curve->hash_len,
wpabuf_head(clear), wpabuf_len(clear),
2, addr, len, wrapped) < 0)
goto fail;
wpa_hexdump(MSG_DEBUG, "DPP: AES-SIV ciphertext",
wrapped, wpabuf_len(clear) + AES_BLOCK_SIZE);
#ifdef CONFIG_TESTING_OPTIONS
if (dpp_test == DPP_TEST_AFTER_WRAPPED_DATA_PKEX_CR_RESP) {
wpa_printf(MSG_INFO, "DPP: TESTING - attr after Wrapped Data");
DPP: Replace custom undefined attr with DPP Status in after-wrapped data This has the same impact and is needed for some testing needs. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-19 11:32:00 +01:00
dpp_build_attr_status(msg, DPP_STATUS_OK);
DPP: Move PKEX Commit-Reveal Response building to a helper function This cleans up dpp_pkex_rx_commit_reveal_req() a bit and makes it easier to add protocol testing functionality to PKEX exchange similarly to the previously added DPP Authentication case. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-02 20:28:58 +01:00
}
DPP: Extend protocol testing to cover missing attributes in PKEX Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-02 22:53:55 +01:00
skip_wrapped_data:
DPP: Move PKEX Commit-Reveal Response building to a helper function This cleans up dpp_pkex_rx_commit_reveal_req() a bit and makes it easier to add protocol testing functionality to PKEX exchange similarly to the previously added DPP Authentication case. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-02 20:28:58 +01:00
#endif /* CONFIG_TESTING_OPTIONS */
out:
wpabuf_free(clear);
return msg;
fail:
wpabuf_free(msg);
msg = NULL;
goto out;
}
DPP: PKEX bootstrapping This implements genric PKEX functionality in src/common/dpp.c and glue code to use this in wpa_supplicant (i.e, hostapd DPP implementation does not yet support PKEX). Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-07-02 11:36:23 +02:00
struct wpabuf * dpp_pkex_rx_commit_reveal_req(struct dpp_pkex *pkex,
DPP: Update AES-SIV AD for PKEX frames The protocol design was updated to protect the six octets in the header before the attributes. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-10-18 22:10:34 +02:00
const u8 *hdr,
DPP: PKEX bootstrapping This implements genric PKEX functionality in src/common/dpp.c and glue code to use this in wpa_supplicant (i.e, hostapd DPP implementation does not yet support PKEX). Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-07-02 11:36:23 +02:00
const u8 *buf, size_t buflen)
{
const struct dpp_curve_params *curve = pkex->own_bi->curve;
DPP: PKEX and STATUS_BAD_GROUP Report mismatching finite cyclic group with PKEX Exchange Response using STATUS_BAD_GROUP and provide more detailed error report over the control interface on the peer device when this happens. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-03 15:43:58 +01:00
EVP_PKEY_CTX *ctx = NULL;
DPP: Move PKEX z derivation on Responder to earlier phase K and z can be derived already based on information available at the time the PKEX Exchange Request is being processed, so move these there from the PKEX Commit-Reveal Request processing since that matches the DPP tech spec description close and allows PKEX exchange to be aborted earlier if anything unexpected happens. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-03 18:24:41 +01:00
size_t Jx_len, Lx_len;
u8 Jx[DPP_MAX_SHARED_SECRET_LEN];
DPP: PKEX bootstrapping This implements genric PKEX functionality in src/common/dpp.c and glue code to use this in wpa_supplicant (i.e, hostapd DPP implementation does not yet support PKEX). Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-07-02 11:36:23 +02:00
u8 Lx[DPP_MAX_SHARED_SECRET_LEN];
const u8 *wrapped_data, *b_key, *peer_u;
u16 wrapped_data_len, b_key_len, peer_u_len = 0;
const u8 *addr[4];
size_t len[4];
u8 octet;
u8 *unwrapped = NULL;
size_t unwrapped_len = 0;
struct wpabuf *msg = NULL, *A_pub = NULL, *X_pub = NULL, *Y_pub = NULL;
struct wpabuf *B_pub = NULL;
u8 u[DPP_MAX_HASH_LEN], v[DPP_MAX_HASH_LEN];
DPP: PKEX counter t Add limit on number of failed attempts that could have used PKEX code. If the limit (5) is reached, drop the PKEX state (including the code) and report this on the control interface to indicate that a new code needs to be entered due to possible attack. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-03 16:49:45 +01:00
if (!pkex->exchange_done || pkex->failed ||
DPP: Reject unexpected Req/Resp message based on Auth/PKEX role This prevents issues where an unexpected message in the DPP Authentication exchange or PKEX could result in undefined behavior. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-13 11:54:20 +01:00
pkex->t >= PKEX_COUNTER_T_LIMIT || pkex->initiator)
DPP: PKEX and STATUS_BAD_GROUP Report mismatching finite cyclic group with PKEX Exchange Response using STATUS_BAD_GROUP and provide more detailed error report over the control interface on the peer device when this happens. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-03 15:43:58 +01:00
goto fail;
DPP: PKEX bootstrapping This implements genric PKEX functionality in src/common/dpp.c and glue code to use this in wpa_supplicant (i.e, hostapd DPP implementation does not yet support PKEX). Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-07-02 11:36:23 +02:00
wrapped_data = dpp_get_attr(buf, buflen, DPP_ATTR_WRAPPED_DATA,
&wrapped_data_len);
if (!wrapped_data || wrapped_data_len < AES_BLOCK_SIZE) {
DPP: Report PKEX failure reasons over control interface This provides more information to upper layer software to report failure reasons on the UI. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-02 23:14:02 +01:00
dpp_pkex_fail(pkex,
"Missing or invalid required Wrapped Data attribute");
DPP: PKEX bootstrapping This implements genric PKEX functionality in src/common/dpp.c and glue code to use this in wpa_supplicant (i.e, hostapd DPP implementation does not yet support PKEX). Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-07-02 11:36:23 +02:00
goto fail;
}
wpa_hexdump(MSG_DEBUG, "DPP: AES-SIV ciphertext",
wrapped_data, wrapped_data_len);
unwrapped_len = wrapped_data_len - AES_BLOCK_SIZE;
unwrapped = os_malloc(unwrapped_len);
if (!unwrapped)
goto fail;
DPP: Update AES-SIV AD for PKEX frames The protocol design was updated to protect the six octets in the header before the attributes. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-10-18 22:10:34 +02:00
addr[0] = hdr;
len[0] = DPP_HDR_LEN;
DPP: PKEX bootstrapping This implements genric PKEX functionality in src/common/dpp.c and glue code to use this in wpa_supplicant (i.e, hostapd DPP implementation does not yet support PKEX). Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-07-02 11:36:23 +02:00
octet = 0;
DPP: Update AES-SIV AD for PKEX frames The protocol design was updated to protect the six octets in the header before the attributes. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-10-18 22:10:34 +02:00
addr[1] = &octet;
len[1] = sizeof(octet);
wpa_hexdump(MSG_DEBUG, "DDP: AES-SIV AD[0]", addr[0], len[0]);
wpa_hexdump(MSG_DEBUG, "DDP: AES-SIV AD[1]", addr[1], len[1]);
DPP: PKEX bootstrapping This implements genric PKEX functionality in src/common/dpp.c and glue code to use this in wpa_supplicant (i.e, hostapd DPP implementation does not yet support PKEX). Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-07-02 11:36:23 +02:00
if (aes_siv_decrypt(pkex->z, curve->hash_len,
wrapped_data, wrapped_data_len,
DPP: Update AES-SIV AD for PKEX frames The protocol design was updated to protect the six octets in the header before the attributes. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-10-18 22:10:34 +02:00
2, addr, len, unwrapped) < 0) {
DPP: Report possible PKEX code mismatch in control interface Indicate to upper layers if PKEX Commit-Reveal Request frame AES-SIV decryption fails. That is a likely sign of the PKEX code mismatch between the devices. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-02 11:21:00 +01:00
dpp_pkex_fail(pkex,
"AES-SIV decryption failed - possible PKEX code mismatch");
DPP: Terminate PKEX exchange on detection of a mismatching code Clean up the pending PKEX exchange if Commit-Reveal Request processing indicates a mismatch in the PKEX code. Previously, the this case was silently ignored and the session was left in pending state that prevented new PKEX exchanges from getting initated. Now, a new attempt is allowed to be initiated. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-03 16:13:17 +01:00
pkex->failed = 1;
DPP: PKEX counter t Add limit on number of failed attempts that could have used PKEX code. If the limit (5) is reached, drop the PKEX state (including the code) and report this on the control interface to indicate that a new code needs to be entered due to possible attack. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-03 16:49:45 +01:00
pkex->t++;
DPP: PKEX bootstrapping This implements genric PKEX functionality in src/common/dpp.c and glue code to use this in wpa_supplicant (i.e, hostapd DPP implementation does not yet support PKEX). Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-07-02 11:36:23 +02:00
goto fail;
}
wpa_hexdump(MSG_DEBUG, "DPP: AES-SIV cleartext",
unwrapped, unwrapped_len);
if (dpp_check_attrs(unwrapped, unwrapped_len) < 0) {
DPP: Report PKEX failure reasons over control interface This provides more information to upper layer software to report failure reasons on the UI. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-02 23:14:02 +01:00
dpp_pkex_fail(pkex, "Invalid attribute in unwrapped data");
DPP: PKEX bootstrapping This implements genric PKEX functionality in src/common/dpp.c and glue code to use this in wpa_supplicant (i.e, hostapd DPP implementation does not yet support PKEX). Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-07-02 11:36:23 +02:00
goto fail;
}
b_key = dpp_get_attr(unwrapped, unwrapped_len, DPP_ATTR_BOOTSTRAP_KEY,
&b_key_len);
if (!b_key || b_key_len != 2 * curve->prime_len) {
DPP: Report PKEX failure reasons over control interface This provides more information to upper layer software to report failure reasons on the UI. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-02 23:14:02 +01:00
dpp_pkex_fail(pkex, "No valid peer bootstrapping key found");
DPP: PKEX bootstrapping This implements genric PKEX functionality in src/common/dpp.c and glue code to use this in wpa_supplicant (i.e, hostapd DPP implementation does not yet support PKEX). Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-07-02 11:36:23 +02:00
goto fail;
}
pkex->peer_bootstrap_key = dpp_set_pubkey_point(pkex->x, b_key,
b_key_len);
DPP: Report PKEX failure reasons over control interface This provides more information to upper layer software to report failure reasons on the UI. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-02 23:14:02 +01:00
if (!pkex->peer_bootstrap_key) {
dpp_pkex_fail(pkex, "Peer bootstrapping key is invalid");
DPP: PKEX bootstrapping This implements genric PKEX functionality in src/common/dpp.c and glue code to use this in wpa_supplicant (i.e, hostapd DPP implementation does not yet support PKEX). Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-07-02 11:36:23 +02:00
goto fail;
DPP: Report PKEX failure reasons over control interface This provides more information to upper layer software to report failure reasons on the UI. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-02 23:14:02 +01:00
}
DPP: PKEX bootstrapping This implements genric PKEX functionality in src/common/dpp.c and glue code to use this in wpa_supplicant (i.e, hostapd DPP implementation does not yet support PKEX). Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-07-02 11:36:23 +02:00
dpp_debug_print_key("DPP: Peer bootstrap public key",
pkex->peer_bootstrap_key);
/* ECDH: J' = y * A' */
ctx = EVP_PKEY_CTX_new(pkex->y, NULL);
if (!ctx ||
EVP_PKEY_derive_init(ctx) != 1 ||
EVP_PKEY_derive_set_peer(ctx, pkex->peer_bootstrap_key) != 1 ||
EVP_PKEY_derive(ctx, NULL, &Jx_len) != 1 ||
Jx_len > DPP_MAX_SHARED_SECRET_LEN ||
EVP_PKEY_derive(ctx, Jx, &Jx_len) != 1) {
wpa_printf(MSG_ERROR,
"DPP: Failed to derive ECDH shared secret: %s",
ERR_error_string(ERR_get_error(), NULL));
goto fail;
}
wpa_hexdump_key(MSG_DEBUG, "DPP: ECDH shared secret (J.x)",
Jx, Jx_len);
/* u' = HMAC(J'.x, MAC-Initiator | A'.x | Y.x | X'.x) */
A_pub = dpp_get_pubkey_point(pkex->peer_bootstrap_key, 0);
Y_pub = dpp_get_pubkey_point(pkex->y, 0);
X_pub = dpp_get_pubkey_point(pkex->x, 0);
if (!A_pub || !Y_pub || !X_pub)
goto fail;
addr[0] = pkex->peer_mac;
len[0] = ETH_ALEN;
addr[1] = wpabuf_head(A_pub);
len[1] = wpabuf_len(A_pub) / 2;
addr[2] = wpabuf_head(Y_pub);
len[2] = wpabuf_len(Y_pub) / 2;
addr[3] = wpabuf_head(X_pub);
len[3] = wpabuf_len(X_pub) / 2;
if (dpp_hmac_vector(curve->hash_len, Jx, Jx_len, 4, addr, len, u) < 0)
goto fail;
peer_u = dpp_get_attr(unwrapped, unwrapped_len, DPP_ATTR_I_AUTH_TAG,
&peer_u_len);
if (!peer_u || peer_u_len != curve->hash_len ||
os_memcmp(peer_u, u, curve->hash_len) != 0) {
DPP: Report PKEX failure reasons over control interface This provides more information to upper layer software to report failure reasons on the UI. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-02 23:14:02 +01:00
dpp_pkex_fail(pkex, "No valid u (I-Auth tag) found");
DPP: PKEX bootstrapping This implements genric PKEX functionality in src/common/dpp.c and glue code to use this in wpa_supplicant (i.e, hostapd DPP implementation does not yet support PKEX). Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-07-02 11:36:23 +02:00
wpa_hexdump(MSG_DEBUG, "DPP: Calculated u'",
u, curve->hash_len);
wpa_hexdump(MSG_DEBUG, "DPP: Received u", peer_u, peer_u_len);
DPP: PKEX counter t Add limit on number of failed attempts that could have used PKEX code. If the limit (5) is reached, drop the PKEX state (including the code) and report this on the control interface to indicate that a new code needs to be entered due to possible attack. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-03 16:49:45 +01:00
pkex->t++;
DPP: PKEX bootstrapping This implements genric PKEX functionality in src/common/dpp.c and glue code to use this in wpa_supplicant (i.e, hostapd DPP implementation does not yet support PKEX). Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-07-02 11:36:23 +02:00
goto fail;
}
wpa_printf(MSG_DEBUG, "DPP: Valid u (I-Auth tag) received");
/* ECDH: L = b * X' */
EVP_PKEY_CTX_free(ctx);
ctx = EVP_PKEY_CTX_new(pkex->own_bi->pubkey, NULL);
if (!ctx ||
EVP_PKEY_derive_init(ctx) != 1 ||
EVP_PKEY_derive_set_peer(ctx, pkex->x) != 1 ||
EVP_PKEY_derive(ctx, NULL, &Lx_len) != 1 ||
Lx_len > DPP_MAX_SHARED_SECRET_LEN ||
EVP_PKEY_derive(ctx, Lx, &Lx_len) != 1) {
wpa_printf(MSG_ERROR,
"DPP: Failed to derive ECDH shared secret: %s",
ERR_error_string(ERR_get_error(), NULL));
goto fail;
}
wpa_hexdump_key(MSG_DEBUG, "DPP: ECDH shared secret (L.x)",
Lx, Lx_len);
/* v = HMAC(L.x, MAC-Responder | B.x | X'.x | Y.x) */
B_pub = dpp_get_pubkey_point(pkex->own_bi->pubkey, 0);
if (!B_pub)
goto fail;
addr[0] = pkex->own_mac;
len[0] = ETH_ALEN;
addr[1] = wpabuf_head(B_pub);
len[1] = wpabuf_len(B_pub) / 2;
addr[2] = wpabuf_head(X_pub);
len[2] = wpabuf_len(X_pub) / 2;
addr[3] = wpabuf_head(Y_pub);
len[3] = wpabuf_len(Y_pub) / 2;
if (dpp_hmac_vector(curve->hash_len, Lx, Lx_len, 4, addr, len, v) < 0)
goto fail;
wpa_hexdump(MSG_DEBUG, "DPP: v", v, curve->hash_len);
DPP: Move PKEX Commit-Reveal Response building to a helper function This cleans up dpp_pkex_rx_commit_reveal_req() a bit and makes it easier to add protocol testing functionality to PKEX exchange similarly to the previously added DPP Authentication case. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-02 20:28:58 +01:00
msg = dpp_pkex_build_commit_reveal_resp(pkex, B_pub, v);
if (!msg)
DPP: PKEX bootstrapping This implements genric PKEX functionality in src/common/dpp.c and glue code to use this in wpa_supplicant (i.e, hostapd DPP implementation does not yet support PKEX). Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-07-02 11:36:23 +02:00
goto fail;
DPP: Protocol testing framework Add a generic mechanism for configuring the DPP implementation to behave in particular different (mostly incorrect) ways for protocol testing purposes. The new dpp_test parameter can be set to a non-zero integer to indicate a specific behavior. This is only available in CONFIG_TESTING_OPTIONS=y builds. This commit include cases for an extra attribute being added after the Wrapped Data attribute and Initiator/Responder capabilities having an unexpected zero capability. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-10-22 10:15:21 +02:00
DPP: PKEX bootstrapping This implements genric PKEX functionality in src/common/dpp.c and glue code to use this in wpa_supplicant (i.e, hostapd DPP implementation does not yet support PKEX). Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-07-02 11:36:23 +02:00
out:
EVP_PKEY_CTX_free(ctx);
os_free(unwrapped);
wpabuf_free(A_pub);
wpabuf_free(B_pub);
wpabuf_free(X_pub);
wpabuf_free(Y_pub);
return msg;
fail:
DPP: Move PKEX Commit-Reveal Response building to a helper function This cleans up dpp_pkex_rx_commit_reveal_req() a bit and makes it easier to add protocol testing functionality to PKEX exchange similarly to the previously added DPP Authentication case. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-02 20:28:58 +01:00
wpa_printf(MSG_DEBUG,
"DPP: PKEX Commit-Reveal Request processing failed");
DPP: PKEX bootstrapping This implements genric PKEX functionality in src/common/dpp.c and glue code to use this in wpa_supplicant (i.e, hostapd DPP implementation does not yet support PKEX). Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-07-02 11:36:23 +02:00
goto out;
}
DPP: Update AES-SIV AD for PKEX frames The protocol design was updated to protect the six octets in the header before the attributes. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-10-18 22:10:34 +02:00
int dpp_pkex_rx_commit_reveal_resp(struct dpp_pkex *pkex, const u8 *hdr,
DPP: PKEX bootstrapping This implements genric PKEX functionality in src/common/dpp.c and glue code to use this in wpa_supplicant (i.e, hostapd DPP implementation does not yet support PKEX). Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-07-02 11:36:23 +02:00
const u8 *buf, size_t buflen)
{
const struct dpp_curve_params *curve = pkex->own_bi->curve;
const u8 *wrapped_data, *b_key, *peer_v;
u16 wrapped_data_len, b_key_len, peer_v_len = 0;
const u8 *addr[4];
size_t len[4];
u8 octet;
u8 *unwrapped = NULL;
size_t unwrapped_len = 0;
int ret = -1;
u8 v[DPP_MAX_HASH_LEN];
size_t Lx_len;
u8 Lx[DPP_MAX_SHARED_SECRET_LEN];
EVP_PKEY_CTX *ctx = NULL;
struct wpabuf *B_pub = NULL, *X_pub = NULL, *Y_pub = NULL;
DPP: PKEX counter t Add limit on number of failed attempts that could have used PKEX code. If the limit (5) is reached, drop the PKEX state (including the code) and report this on the control interface to indicate that a new code needs to be entered due to possible attack. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-03 16:49:45 +01:00
if (!pkex->exchange_done || pkex->failed ||
DPP: Reject unexpected Req/Resp message based on Auth/PKEX role This prevents issues where an unexpected message in the DPP Authentication exchange or PKEX could result in undefined behavior. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-13 11:54:20 +01:00
pkex->t >= PKEX_COUNTER_T_LIMIT || !pkex->initiator)
DPP: PKEX and STATUS_BAD_GROUP Report mismatching finite cyclic group with PKEX Exchange Response using STATUS_BAD_GROUP and provide more detailed error report over the control interface on the peer device when this happens. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-03 15:43:58 +01:00
goto fail;
DPP: PKEX bootstrapping This implements genric PKEX functionality in src/common/dpp.c and glue code to use this in wpa_supplicant (i.e, hostapd DPP implementation does not yet support PKEX). Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-07-02 11:36:23 +02:00
wrapped_data = dpp_get_attr(buf, buflen, DPP_ATTR_WRAPPED_DATA,
&wrapped_data_len);
if (!wrapped_data || wrapped_data_len < AES_BLOCK_SIZE) {
DPP: Report PKEX failure reasons over control interface This provides more information to upper layer software to report failure reasons on the UI. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-02 23:14:02 +01:00
dpp_pkex_fail(pkex,
"Missing or invalid required Wrapped Data attribute");
DPP: PKEX bootstrapping This implements genric PKEX functionality in src/common/dpp.c and glue code to use this in wpa_supplicant (i.e, hostapd DPP implementation does not yet support PKEX). Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-07-02 11:36:23 +02:00
goto fail;
}
wpa_hexdump(MSG_DEBUG, "DPP: AES-SIV ciphertext",
wrapped_data, wrapped_data_len);
unwrapped_len = wrapped_data_len - AES_BLOCK_SIZE;
unwrapped = os_malloc(unwrapped_len);
if (!unwrapped)
goto fail;
DPP: Update AES-SIV AD for PKEX frames The protocol design was updated to protect the six octets in the header before the attributes. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-10-18 22:10:34 +02:00
addr[0] = hdr;
len[0] = DPP_HDR_LEN;
DPP: PKEX bootstrapping This implements genric PKEX functionality in src/common/dpp.c and glue code to use this in wpa_supplicant (i.e, hostapd DPP implementation does not yet support PKEX). Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-07-02 11:36:23 +02:00
octet = 1;
DPP: Update AES-SIV AD for PKEX frames The protocol design was updated to protect the six octets in the header before the attributes. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-10-18 22:10:34 +02:00
addr[1] = &octet;
len[1] = sizeof(octet);
wpa_hexdump(MSG_DEBUG, "DDP: AES-SIV AD[0]", addr[0], len[0]);
wpa_hexdump(MSG_DEBUG, "DDP: AES-SIV AD[1]", addr[1], len[1]);
DPP: PKEX bootstrapping This implements genric PKEX functionality in src/common/dpp.c and glue code to use this in wpa_supplicant (i.e, hostapd DPP implementation does not yet support PKEX). Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-07-02 11:36:23 +02:00
if (aes_siv_decrypt(pkex->z, curve->hash_len,
wrapped_data, wrapped_data_len,
DPP: Update AES-SIV AD for PKEX frames The protocol design was updated to protect the six octets in the header before the attributes. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-10-18 22:10:34 +02:00
2, addr, len, unwrapped) < 0) {
DPP: Report possible PKEX code mismatch in control interface Indicate to upper layers if PKEX Commit-Reveal Request frame AES-SIV decryption fails. That is a likely sign of the PKEX code mismatch between the devices. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-02 11:21:00 +01:00
dpp_pkex_fail(pkex,
"AES-SIV decryption failed - possible PKEX code mismatch");
DPP: PKEX counter t Add limit on number of failed attempts that could have used PKEX code. If the limit (5) is reached, drop the PKEX state (including the code) and report this on the control interface to indicate that a new code needs to be entered due to possible attack. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-03 16:49:45 +01:00
pkex->t++;
DPP: PKEX bootstrapping This implements genric PKEX functionality in src/common/dpp.c and glue code to use this in wpa_supplicant (i.e, hostapd DPP implementation does not yet support PKEX). Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-07-02 11:36:23 +02:00
goto fail;
}
wpa_hexdump(MSG_DEBUG, "DPP: AES-SIV cleartext",
unwrapped, unwrapped_len);
if (dpp_check_attrs(unwrapped, unwrapped_len) < 0) {
DPP: Report PKEX failure reasons over control interface This provides more information to upper layer software to report failure reasons on the UI. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-02 23:14:02 +01:00
dpp_pkex_fail(pkex, "Invalid attribute in unwrapped data");
DPP: PKEX bootstrapping This implements genric PKEX functionality in src/common/dpp.c and glue code to use this in wpa_supplicant (i.e, hostapd DPP implementation does not yet support PKEX). Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-07-02 11:36:23 +02:00
goto fail;
}
b_key = dpp_get_attr(unwrapped, unwrapped_len, DPP_ATTR_BOOTSTRAP_KEY,
&b_key_len);
if (!b_key || b_key_len != 2 * curve->prime_len) {
DPP: Report PKEX failure reasons over control interface This provides more information to upper layer software to report failure reasons on the UI. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-02 23:14:02 +01:00
dpp_pkex_fail(pkex, "No valid peer bootstrapping key found");
DPP: PKEX bootstrapping This implements genric PKEX functionality in src/common/dpp.c and glue code to use this in wpa_supplicant (i.e, hostapd DPP implementation does not yet support PKEX). Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-07-02 11:36:23 +02:00
goto fail;
}
pkex->peer_bootstrap_key = dpp_set_pubkey_point(pkex->x, b_key,
b_key_len);
DPP: Report PKEX failure reasons over control interface This provides more information to upper layer software to report failure reasons on the UI. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-02 23:14:02 +01:00
if (!pkex->peer_bootstrap_key) {
dpp_pkex_fail(pkex, "Peer bootstrapping key is invalid");
DPP: PKEX bootstrapping This implements genric PKEX functionality in src/common/dpp.c and glue code to use this in wpa_supplicant (i.e, hostapd DPP implementation does not yet support PKEX). Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-07-02 11:36:23 +02:00
goto fail;
DPP: Report PKEX failure reasons over control interface This provides more information to upper layer software to report failure reasons on the UI. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-02 23:14:02 +01:00
}
DPP: PKEX bootstrapping This implements genric PKEX functionality in src/common/dpp.c and glue code to use this in wpa_supplicant (i.e, hostapd DPP implementation does not yet support PKEX). Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-07-02 11:36:23 +02:00
dpp_debug_print_key("DPP: Peer bootstrap public key",
pkex->peer_bootstrap_key);
/* ECDH: L' = x * B' */
ctx = EVP_PKEY_CTX_new(pkex->x, NULL);
if (!ctx ||
EVP_PKEY_derive_init(ctx) != 1 ||
EVP_PKEY_derive_set_peer(ctx, pkex->peer_bootstrap_key) != 1 ||
EVP_PKEY_derive(ctx, NULL, &Lx_len) != 1 ||
Lx_len > DPP_MAX_SHARED_SECRET_LEN ||
EVP_PKEY_derive(ctx, Lx, &Lx_len) != 1) {
wpa_printf(MSG_ERROR,
"DPP: Failed to derive ECDH shared secret: %s",
ERR_error_string(ERR_get_error(), NULL));
goto fail;
}
wpa_hexdump_key(MSG_DEBUG, "DPP: ECDH shared secret (L.x)",
Lx, Lx_len);
/* v' = HMAC(L.x, MAC-Responder | B'.x | X.x | Y'.x) */
B_pub = dpp_get_pubkey_point(pkex->peer_bootstrap_key, 0);
X_pub = dpp_get_pubkey_point(pkex->x, 0);
Y_pub = dpp_get_pubkey_point(pkex->y, 0);
if (!B_pub || !X_pub || !Y_pub)
goto fail;
addr[0] = pkex->peer_mac;
len[0] = ETH_ALEN;
addr[1] = wpabuf_head(B_pub);
len[1] = wpabuf_len(B_pub) / 2;
addr[2] = wpabuf_head(X_pub);
len[2] = wpabuf_len(X_pub) / 2;
addr[3] = wpabuf_head(Y_pub);
len[3] = wpabuf_len(Y_pub) / 2;
if (dpp_hmac_vector(curve->hash_len, Lx, Lx_len, 4, addr, len, v) < 0)
goto fail;
peer_v = dpp_get_attr(unwrapped, unwrapped_len, DPP_ATTR_R_AUTH_TAG,
&peer_v_len);
if (!peer_v || peer_v_len != curve->hash_len ||
os_memcmp(peer_v, v, curve->hash_len) != 0) {
DPP: Report PKEX failure reasons over control interface This provides more information to upper layer software to report failure reasons on the UI. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-02 23:14:02 +01:00
dpp_pkex_fail(pkex, "No valid v (R-Auth tag) found");
DPP: PKEX bootstrapping This implements genric PKEX functionality in src/common/dpp.c and glue code to use this in wpa_supplicant (i.e, hostapd DPP implementation does not yet support PKEX). Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-07-02 11:36:23 +02:00
wpa_hexdump(MSG_DEBUG, "DPP: Calculated v'",
v, curve->hash_len);
wpa_hexdump(MSG_DEBUG, "DPP: Received v", peer_v, peer_v_len);
DPP: PKEX counter t Add limit on number of failed attempts that could have used PKEX code. If the limit (5) is reached, drop the PKEX state (including the code) and report this on the control interface to indicate that a new code needs to be entered due to possible attack. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-03 16:49:45 +01:00
pkex->t++;
DPP: PKEX bootstrapping This implements genric PKEX functionality in src/common/dpp.c and glue code to use this in wpa_supplicant (i.e, hostapd DPP implementation does not yet support PKEX). Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-07-02 11:36:23 +02:00
goto fail;
}
wpa_printf(MSG_DEBUG, "DPP: Valid v (R-Auth tag) received");
ret = 0;
out:
wpabuf_free(B_pub);
wpabuf_free(X_pub);
wpabuf_free(Y_pub);
EVP_PKEY_CTX_free(ctx);
os_free(unwrapped);
return ret;
fail:
goto out;
}
void dpp_pkex_free(struct dpp_pkex *pkex)
{
if (!pkex)
return;
os_free(pkex->identifier);
os_free(pkex->code);
EVP_PKEY_free(pkex->x);
EVP_PKEY_free(pkex->y);
EVP_PKEY_free(pkex->peer_bootstrap_key);
wpabuf_free(pkex->exchange_req);
wpabuf_free(pkex->exchange_resp);
os_free(pkex);
}
DPP: Protocol testing for invalid Peer Discovery Req/Resp values Extend dpp_test to allow more invalid attribute values to be written into Peer Discovery Request/Response frames. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-19 16:15:02 +01:00
#ifdef CONFIG_TESTING_OPTIONS
char * dpp_corrupt_connector_signature(const char *connector)
{
char *tmp, *pos, *signed3 = NULL;
unsigned char *signature = NULL;
size_t signature_len = 0, signed3_len;
tmp = os_zalloc(os_strlen(connector) + 5);
if (!tmp)
goto fail;
os_memcpy(tmp, connector, os_strlen(connector));
pos = os_strchr(tmp, '.');
if (!pos)
goto fail;
pos = os_strchr(pos + 1, '.');
if (!pos)
goto fail;
pos++;
wpa_printf(MSG_DEBUG, "DPP: Original base64url encoded signature: %s",
pos);
signature = base64_url_decode((const unsigned char *) pos,
os_strlen(pos), &signature_len);
if (!signature || signature_len == 0)
goto fail;
wpa_hexdump(MSG_DEBUG, "DPP: Original Connector signature",
signature, signature_len);
signature[signature_len - 1] ^= 0x01;
wpa_hexdump(MSG_DEBUG, "DPP: Corrupted Connector signature",
signature, signature_len);
signed3 = (char *) base64_url_encode(signature, signature_len,
&signed3_len, 0);
if (!signed3)
goto fail;
os_memcpy(pos, signed3, signed3_len);
pos[signed3_len] = '\0';
wpa_printf(MSG_DEBUG, "DPP: Corrupted base64url encoded signature: %s",
pos);
out:
os_free(signature);
os_free(signed3);
return tmp;
fail:
os_free(tmp);
tmp = NULL;
goto out;
}
#endif /* CONFIG_TESTING_OPTIONS */
Reference in a new issue Copy permalink