From 0b4a906de1e89443a4a84f1ea517b276fca07391 Mon Sep 17 00:00:00 2001 From: Jouni Malinen Date: Wed, 13 Mar 2019 12:18:01 +0200 Subject: [PATCH] DPP2: Protocol version indication Send out the new Protocol Version attribute in Authentication Request/Response messages and determine the peer version based on this attribute. Signed-off-by: Jouni Malinen --- src/common/dpp.c | 61 ++++++++++++++++++++++++++++++++++++++++++++++++ src/common/dpp.h | 4 ++++ 2 files changed, 65 insertions(+) diff --git a/src/common/dpp.c b/src/common/dpp.c index bcb694b5a..00208128b 100644 --- a/src/common/dpp.c +++ b/src/common/dpp.c @@ -1,6 +1,7 @@ /* * DPP functionality shared between hostapd and wpa_supplicant * Copyright (c) 2017, Qualcomm Atheros, Inc. + * Copyright (c) 2018-2019, The Linux Foundation * * This software may be distributed under the terms of the BSD license. * See README for more details. @@ -1537,6 +1538,9 @@ static struct wpabuf * dpp_auth_build_req(struct dpp_authentication *auth, 4 + sizeof(wrapped_data); if (neg_freq > 0) attr_len += 4 + 2; +#ifdef CONFIG_DPP2 + attr_len += 5; +#endif /* CONFIG_DPP2 */ #ifdef CONFIG_TESTING_OPTIONS if (dpp_test == DPP_TEST_AFTER_WRAPPED_DATA_AUTH_REQ) attr_len += 5; @@ -1579,6 +1583,13 @@ static struct wpabuf * dpp_auth_build_req(struct dpp_authentication *auth, wpabuf_put_u8(msg, channel); } +#ifdef CONFIG_DPP2 + /* Protocol Version */ + wpabuf_put_le16(msg, DPP_ATTR_PROTOCOL_VERSION); + wpabuf_put_le16(msg, 1); + wpabuf_put_u8(msg, 2); +#endif /* CONFIG_DPP2 */ + #ifdef CONFIG_TESTING_OPTIONS if (dpp_test == DPP_TEST_NO_WRAPPED_DATA_AUTH_REQ) { wpa_printf(MSG_INFO, "DPP: TESTING - no Wrapped Data"); @@ -1705,6 +1716,9 @@ static struct wpabuf * dpp_auth_build_resp(struct dpp_authentication *auth, /* Build DPP Authentication Response frame attributes */ attr_len = 4 + 1 + 2 * (4 + SHA256_MAC_LEN) + 4 + (pr ? wpabuf_len(pr) : 0) + 4 + sizeof(wrapped_data); +#ifdef CONFIG_DPP2 + attr_len += 5; +#endif /* CONFIG_DPP2 */ #ifdef CONFIG_TESTING_OPTIONS if (dpp_test == DPP_TEST_AFTER_WRAPPED_DATA_AUTH_RESP) attr_len += 5; @@ -1732,6 +1746,13 @@ static struct wpabuf * dpp_auth_build_resp(struct dpp_authentication *auth, wpabuf_put_buf(msg, pr); } +#ifdef CONFIG_DPP2 + /* Protocol Version */ + wpabuf_put_le16(msg, DPP_ATTR_PROTOCOL_VERSION); + wpabuf_put_le16(msg, 1); + wpabuf_put_u8(msg, 2); +#endif /* CONFIG_DPP2 */ + attr_end = wpabuf_put(msg, 0); #ifdef CONFIG_TESTING_OPTIONS @@ -2893,6 +2914,10 @@ dpp_auth_req_rx(void *msg_ctx, u8 dpp_allowed_roles, int qr_mutual, u16 wrapped_data_len, i_proto_len, i_nonce_len, i_capab_len, i_bootstrap_len, channel_len; struct dpp_authentication *auth = NULL; +#ifdef CONFIG_DPP2 + const u8 *version; + u16 version_len; +#endif /* CONFIG_DPP2 */ #ifdef CONFIG_TESTING_OPTIONS if (dpp_test == DPP_TEST_STOP_AT_AUTH_REQ) { @@ -2922,6 +2947,22 @@ dpp_auth_req_rx(void *msg_ctx, u8 dpp_allowed_roles, int qr_mutual, auth->curve = own_bi->curve; auth->curr_freq = freq; + auth->peer_version = 1; /* default to the first version */ +#ifdef CONFIG_DPP2 + version = dpp_get_attr(attr_start, attr_len, DPP_ATTR_PROTOCOL_VERSION, + &version_len); + if (version) { + if (version_len < 1 || version[0] == 0) { + dpp_auth_fail(auth, + "Invalid Protocol Version attribute"); + goto fail; + } + auth->peer_version = version[0]; + wpa_printf(MSG_DEBUG, "DPP: Peer protocol version %u", + auth->peer_version); + } +#endif /* CONFIG_DPP2 */ + channel = dpp_get_attr(attr_start, attr_len, DPP_ATTR_CHANNEL, &channel_len); if (channel) { @@ -3450,6 +3491,10 @@ dpp_auth_resp_rx(struct dpp_authentication *auth, const u8 *hdr, wrapped2_len, r_auth_len; u8 r_auth2[DPP_MAX_HASH_LEN]; u8 role; +#ifdef CONFIG_DPP2 + const u8 *version; + u16 version_len; +#endif /* CONFIG_DPP2 */ #ifdef CONFIG_TESTING_OPTIONS if (dpp_test == DPP_TEST_STOP_AT_AUTH_RESP) { @@ -3524,6 +3569,22 @@ dpp_auth_resp_rx(struct dpp_authentication *auth, const u8 *hdr, return NULL; } + auth->peer_version = 1; /* default to the first version */ +#ifdef CONFIG_DPP2 + version = dpp_get_attr(attr_start, attr_len, DPP_ATTR_PROTOCOL_VERSION, + &version_len); + if (version) { + if (version_len < 1 || version[0] == 0) { + dpp_auth_fail(auth, + "Invalid Protocol Version attribute"); + return NULL; + } + auth->peer_version = version[0]; + wpa_printf(MSG_DEBUG, "DPP: Peer protocol version %u", + auth->peer_version); + } +#endif /* CONFIG_DPP2 */ + status = dpp_get_attr(attr_start, attr_len, DPP_ATTR_STATUS, &status_len); if (!status || status_len < 1) { diff --git a/src/common/dpp.h b/src/common/dpp.h index 25759088a..4b192ac0b 100644 --- a/src/common/dpp.h +++ b/src/common/dpp.h @@ -1,6 +1,7 @@ /* * DPP functionality shared between hostapd and wpa_supplicant * Copyright (c) 2017, Qualcomm Atheros, Inc. + * Copyright (c) 2018-2019, The Linux Foundation * * This software may be distributed under the terms of the BSD license. * See README for more details. @@ -54,6 +55,8 @@ enum dpp_attribute_id { DPP_ATTR_TRANSACTION_ID = 0x1016, DPP_ATTR_BOOTSTRAP_INFO = 0x1017, DPP_ATTR_CHANNEL = 0x1018, + DPP_ATTR_PROTOCOL_VERSION = 0x1019, + DPP_ATTR_ENVELOPED_DATA = 0x101A, }; enum dpp_status_error { @@ -162,6 +165,7 @@ struct dpp_configuration { struct dpp_authentication { void *msg_ctx; + u8 peer_version; const struct dpp_curve_params *curve; struct dpp_bootstrap_info *peer_bi; struct dpp_bootstrap_info *own_bi;