From 0ebf5aa346a2bd25485df1c00eab079d659d35d0 Mon Sep 17 00:00:00 2001 From: Jouni Malinen Date: Wed, 9 Sep 2020 23:06:14 +0300 Subject: [PATCH] DPP2: Replace I/R-nonce with C/E-nonce in reconfiguration These nonces were renamed/replaced in the protocol design, so update implementation to match. Signed-off-by: Jouni Malinen --- src/common/dpp.h | 2 + src/common/dpp_crypto.c | 16 ++--- src/common/dpp_reconfig.c | 124 +++++++++++++++++++------------------- 3 files changed, 72 insertions(+), 70 deletions(-) diff --git a/src/common/dpp.h b/src/common/dpp.h index 2213593a3..011098f03 100644 --- a/src/common/dpp.h +++ b/src/common/dpp.h @@ -90,6 +90,7 @@ enum dpp_attribute_id { DPP_ATTR_CSR_ATTR_REQ = 0x101F, DPP_ATTR_A_NONCE = 0x1020, DPP_ATTR_E_PRIME_ID = 0x1021, + DPP_ATTR_CONFIGURATOR_NONCE = 0x1022, }; enum dpp_status_error { @@ -260,6 +261,7 @@ struct dpp_authentication { u8 i_nonce[DPP_MAX_NONCE_LEN]; u8 r_nonce[DPP_MAX_NONCE_LEN]; u8 e_nonce[DPP_MAX_NONCE_LEN]; + u8 c_nonce[DPP_MAX_NONCE_LEN]; u8 i_capab; u8 r_capab; enum dpp_netrole e_netrole; diff --git a/src/common/dpp_crypto.c b/src/common/dpp_crypto.c index 9dff7c653..9ae33d59a 100644 --- a/src/common/dpp_crypto.c +++ b/src/common/dpp_crypto.c @@ -2325,10 +2325,10 @@ int dpp_reconfig_derive_ke_responder(struct dpp_authentication *auth, goto fail; wpa_hexdump_key(MSG_DEBUG, "DPP: M.x", Mx, curve->prime_len); - /* ke = HKDF(I-nonce, "dpp reconfig key", M.x) */ + /* ke = HKDF(C-nonce, "dpp reconfig key", M.x) */ - /* HKDF-Extract(I-nonce, M.x) */ - if (dpp_hmac(curve->hash_len, auth->i_nonce, curve->nonce_len, + /* HKDF-Extract(C-nonce, M.x) */ + if (dpp_hmac(curve->hash_len, auth->c_nonce, curve->nonce_len, Mx, curve->prime_len, prk) < 0) goto fail; wpa_hexdump_key(MSG_DEBUG, "DPP: PRK", prk, curve->hash_len); @@ -2338,7 +2338,7 @@ int dpp_reconfig_derive_ke_responder(struct dpp_authentication *auth, "dpp reconfig key", auth->ke, curve->hash_len) < 0) goto fail; wpa_hexdump_key(MSG_DEBUG, - "DPP: ke = HKDF(I-nonce, \"dpp reconfig key\", M.x)", + "DPP: ke = HKDF(C-nonce, \"dpp reconfig key\", M.x)", auth->ke, curve->hash_len); res = 0; @@ -2420,10 +2420,10 @@ int dpp_reconfig_derive_ke_initiator(struct dpp_authentication *auth, wpa_hexdump_key(MSG_DEBUG, "DPP: M.x", Mx, curve->prime_len); - /* ke = HKDF(I-nonce, "dpp reconfig key", M.x) */ + /* ke = HKDF(C-nonce, "dpp reconfig key", M.x) */ - /* HKDF-Extract(I-nonce, M.x) */ - if (dpp_hmac(curve->hash_len, auth->i_nonce, curve->nonce_len, + /* HKDF-Extract(C-nonce, M.x) */ + if (dpp_hmac(curve->hash_len, auth->c_nonce, curve->nonce_len, Mx, curve->prime_len, prk) < 0) goto fail; wpa_hexdump_key(MSG_DEBUG, "DPP: PRK", prk, curve->hash_len); @@ -2433,7 +2433,7 @@ int dpp_reconfig_derive_ke_initiator(struct dpp_authentication *auth, "dpp reconfig key", auth->ke, curve->hash_len) < 0) goto fail; wpa_hexdump_key(MSG_DEBUG, - "DPP: ke = HKDF(I-nonce, \"dpp reconfig key\", M.x)", + "DPP: ke = HKDF(C-nonce, \"dpp reconfig key\", M.x)", auth->ke, curve->hash_len); res = 0; diff --git a/src/common/dpp_reconfig.c b/src/common/dpp_reconfig.c index a361131db..13324a047 100644 --- a/src/common/dpp_reconfig.c +++ b/src/common/dpp_reconfig.c @@ -158,10 +158,10 @@ static struct wpabuf * dpp_reconfig_build_req(struct dpp_authentication *auth) wpabuf_put_le16(msg, os_strlen(auth->conf->connector)); wpabuf_put_str(msg, auth->conf->connector); - /* I-nonce */ - wpabuf_put_le16(msg, DPP_ATTR_I_NONCE); + /* C-nonce */ + wpabuf_put_le16(msg, DPP_ATTR_CONFIGURATOR_NONCE); wpabuf_put_le16(msg, auth->curve->nonce_len); - wpabuf_put_data(msg, auth->i_nonce, auth->curve->nonce_len); + wpabuf_put_data(msg, auth->c_nonce, auth->curve->nonce_len); wpa_hexdump_buf(MSG_DEBUG, "DPP: Reconfig Authentication Request frame attributes", @@ -295,8 +295,8 @@ dpp_reconfig_init(struct dpp_global *dpp, void *msg_ctx, if (dpp_configurator_build_own_connector(conf, curve) < 0) goto fail; - if (random_get_bytes(auth->i_nonce, auth->curve->nonce_len)) { - wpa_printf(MSG_ERROR, "DPP: Failed to generate I-nonce"); + if (random_get_bytes(auth->c_nonce, auth->curve->nonce_len)) { + wpa_printf(MSG_ERROR, "DPP: Failed to generate C-nonce"); goto fail; } @@ -331,15 +331,15 @@ static int dpp_reconfig_build_resp(struct dpp_authentication *auth, if (!clear) goto fail; - /* I-nonce (wrapped) */ - wpabuf_put_le16(clear, DPP_ATTR_I_NONCE); + /* C-nonce (wrapped) */ + wpabuf_put_le16(clear, DPP_ATTR_CONFIGURATOR_NONCE); wpabuf_put_le16(clear, auth->curve->nonce_len); - wpabuf_put_data(clear, auth->i_nonce, auth->curve->nonce_len); + wpabuf_put_data(clear, auth->c_nonce, auth->curve->nonce_len); - /* R-nonce (wrapped) */ - wpabuf_put_le16(clear, DPP_ATTR_R_NONCE); + /* E-nonce (wrapped) */ + wpabuf_put_le16(clear, DPP_ATTR_ENROLLEE_NONCE); wpabuf_put_le16(clear, auth->curve->nonce_len); - wpabuf_put_data(clear, auth->r_nonce, auth->curve->nonce_len); + wpabuf_put_data(clear, auth->e_nonce, auth->curve->nonce_len); /* Connection Status (wrapped) */ wpabuf_put_le16(clear, DPP_ATTR_CONN_STATUS); @@ -392,7 +392,7 @@ static int dpp_reconfig_build_resp(struct dpp_authentication *auth, len[1] = attr_end - attr_start; wpa_hexdump(MSG_DEBUG, "DDP: AES-SIV AD[1]", addr[1], len[1]); - /* Wrapped Data: {I-nonce, R-nonce, Connection Status}ke */ + /* Wrapped Data: {C-nonce, E-nonce, Connection Status}ke */ wpabuf_put_le16(msg, DPP_ATTR_WRAPPED_DATA); wpabuf_put_le16(msg, wpabuf_len(clear) + AES_BLOCK_SIZE); wrapped = wpabuf_put(msg, wpabuf_len(clear) + AES_BLOCK_SIZE); @@ -430,8 +430,8 @@ dpp_reconfig_auth_req_rx(struct dpp_global *dpp, void *msg_ctx, const u8 *attr_start, size_t attr_len) { struct dpp_authentication *auth = NULL; - const u8 *trans_id, *version, *i_connector, *i_nonce; - u16 trans_id_len, version_len, i_connector_len, i_nonce_len; + const u8 *trans_id, *version, *i_connector, *c_nonce; + u16 trans_id_len, version_len, i_connector_len, c_nonce_len; struct dpp_signed_connector_info info; enum dpp_status_error res; struct json_token *root = NULL, *own_root = NULL, *token; @@ -465,14 +465,14 @@ dpp_reconfig_auth_req_rx(struct dpp_global *dpp, void *msg_ctx, wpa_hexdump_ascii(MSG_DEBUG, "DPP: I-Connector", i_connector, i_connector_len); - i_nonce = dpp_get_attr(attr_start, attr_len, DPP_ATTR_I_NONCE, - &i_nonce_len); - if (!i_nonce || i_nonce_len > DPP_MAX_NONCE_LEN) { + c_nonce = dpp_get_attr(attr_start, attr_len, + DPP_ATTR_CONFIGURATOR_NONCE, &c_nonce_len); + if (!c_nonce || c_nonce_len > DPP_MAX_NONCE_LEN) { wpa_printf(MSG_DEBUG, - "DPP: Missing or invalid I-Nonce attribute"); + "DPP: Missing or invalid C-nonce attribute"); goto fail; } - wpa_hexdump(MSG_DEBUG, "DPP: I-Nonce", i_nonce, i_nonce_len); + wpa_hexdump(MSG_DEBUG, "DPP: C-nonce", c_nonce, c_nonce_len); res = dpp_check_signed_connector(&info, csign_key, csign_key_len, i_connector, i_connector_len); @@ -519,25 +519,25 @@ dpp_reconfig_auth_req_rx(struct dpp_global *dpp, void *msg_ctx, wpa_printf(MSG_DEBUG, "DPP: Peer protocol version %u", auth->peer_version); - os_memcpy(auth->i_nonce, i_nonce, i_nonce_len); + os_memcpy(auth->c_nonce, c_nonce, c_nonce_len); if (dpp_reconfig_derive_ke_responder(auth, net_access_key, net_access_key_len, token) < 0) goto fail; - if (i_nonce_len != auth->curve->nonce_len) { + if (c_nonce_len != auth->curve->nonce_len) { wpa_printf(MSG_DEBUG, - "DPP: Unexpected I-nonce length %u (curve nonce len %zu)", - i_nonce_len, auth->curve->nonce_len); + "DPP: Unexpected C-nonce length %u (curve nonce len %zu)", + c_nonce_len, auth->curve->nonce_len); goto fail; } - if (random_get_bytes(auth->r_nonce, auth->curve->nonce_len)) { - wpa_printf(MSG_ERROR, "DPP: Failed to generate R-nonce"); + if (random_get_bytes(auth->e_nonce, auth->curve->nonce_len)) { + wpa_printf(MSG_ERROR, "DPP: Failed to generate E-nonce"); goto fail; } - wpa_hexdump_key(MSG_DEBUG, "DPP: R-nonce", - auth->r_nonce, auth->curve->nonce_len); + wpa_hexdump_key(MSG_DEBUG, "DPP: E-nonce", + auth->e_nonce, auth->curve->nonce_len); /* Build Connection Status object */ /* TODO: Get appropriate result value */ @@ -590,15 +590,15 @@ dpp_reconfig_build_conf(struct dpp_authentication *auth) wpabuf_put_le16(clear, 1); wpabuf_put_u8(clear, auth->peer_version); - /* I-nonce (wrapped) */ - wpabuf_put_le16(clear, DPP_ATTR_I_NONCE); + /* C-nonce (wrapped) */ + wpabuf_put_le16(clear, DPP_ATTR_CONFIGURATOR_NONCE); wpabuf_put_le16(clear, auth->curve->nonce_len); - wpabuf_put_data(clear, auth->i_nonce, auth->curve->nonce_len); + wpabuf_put_data(clear, auth->c_nonce, auth->curve->nonce_len); - /* R-nonce (wrapped) */ - wpabuf_put_le16(clear, DPP_ATTR_R_NONCE); + /* E-nonce (wrapped) */ + wpabuf_put_le16(clear, DPP_ATTR_ENROLLEE_NONCE); wpabuf_put_le16(clear, auth->curve->nonce_len); - wpabuf_put_data(clear, auth->r_nonce, auth->curve->nonce_len); + wpabuf_put_data(clear, auth->e_nonce, auth->curve->nonce_len); /* Reconfig-Flags (wrapped) */ flags = DPP_CONFIG_REPLACEKEY; @@ -659,9 +659,9 @@ dpp_reconfig_auth_resp_rx(struct dpp_authentication *auth, const u8 *hdr, const u8 *attr_start, size_t attr_len) { const u8 *trans_id, *version, *r_connector, *r_proto, *wrapped_data, - *i_nonce, *r_nonce, *conn_status; + *c_nonce, *e_nonce, *conn_status; u16 trans_id_len, version_len, r_connector_len, r_proto_len, - wrapped_data_len, i_nonce_len, r_nonce_len, conn_status_len; + wrapped_data_len, c_nonce_len, e_nonce_len, conn_status_len; struct wpabuf *conf = NULL; char *signed_connector = NULL; struct dpp_signed_connector_info info; @@ -787,23 +787,23 @@ dpp_reconfig_auth_resp_rx(struct dpp_authentication *auth, const u8 *hdr, goto fail; } - i_nonce = dpp_get_attr(unwrapped, unwrapped_len, DPP_ATTR_I_NONCE, - &i_nonce_len); - if (!i_nonce || i_nonce_len != auth->curve->nonce_len || - os_memcmp(i_nonce, auth->i_nonce, i_nonce_len) != 0) { - dpp_auth_fail(auth, "Missing or invalid I-nonce"); + c_nonce = dpp_get_attr(unwrapped, unwrapped_len, + DPP_ATTR_CONFIGURATOR_NONCE, &c_nonce_len); + if (!c_nonce || c_nonce_len != auth->curve->nonce_len || + os_memcmp(c_nonce, auth->c_nonce, c_nonce_len) != 0) { + dpp_auth_fail(auth, "Missing or invalid C-nonce"); goto fail; } - wpa_hexdump(MSG_DEBUG, "DPP: I-nonce", i_nonce, i_nonce_len); + wpa_hexdump(MSG_DEBUG, "DPP: C-nonce", c_nonce, c_nonce_len); - r_nonce = dpp_get_attr(unwrapped, unwrapped_len, DPP_ATTR_R_NONCE, - &r_nonce_len); - if (!r_nonce || r_nonce_len != auth->curve->nonce_len) { - dpp_auth_fail(auth, "Missing or invalid R-nonce"); + e_nonce = dpp_get_attr(unwrapped, unwrapped_len, + DPP_ATTR_ENROLLEE_NONCE, &e_nonce_len); + if (!e_nonce || e_nonce_len != auth->curve->nonce_len) { + dpp_auth_fail(auth, "Missing or invalid E-nonce"); goto fail; } - wpa_hexdump(MSG_DEBUG, "DPP: R-nonce", r_nonce, r_nonce_len); - os_memcpy(auth->r_nonce, r_nonce, r_nonce_len); + wpa_hexdump(MSG_DEBUG, "DPP: E-nonce", e_nonce, e_nonce_len); + os_memcpy(auth->e_nonce, e_nonce, e_nonce_len); conn_status = dpp_get_attr(unwrapped, unwrapped_len, DPP_ATTR_CONN_STATUS, &conn_status_len); @@ -843,10 +843,10 @@ fail: int dpp_reconfig_auth_conf_rx(struct dpp_authentication *auth, const u8 *hdr, const u8 *attr_start, size_t attr_len) { - const u8 *trans_id, *version, *wrapped_data, *i_nonce, *r_nonce, + const u8 *trans_id, *version, *wrapped_data, *c_nonce, *e_nonce, *reconfig_flags, *status; - u16 trans_id_len, version_len, wrapped_data_len, i_nonce_len, - r_nonce_len, reconfig_flags_len, status_len; + u16 trans_id_len, version_len, wrapped_data_len, c_nonce_len, + e_nonce_len, reconfig_flags_len, status_len; const u8 *addr[2]; size_t len[2]; u8 *unwrapped = NULL; @@ -925,23 +925,23 @@ int dpp_reconfig_auth_conf_rx(struct dpp_authentication *auth, const u8 *hdr, goto fail; } - i_nonce = dpp_get_attr(unwrapped, unwrapped_len, DPP_ATTR_I_NONCE, - &i_nonce_len); - if (!i_nonce || i_nonce_len != auth->curve->nonce_len || - os_memcmp(i_nonce, auth->i_nonce, i_nonce_len) != 0) { - dpp_auth_fail(auth, "Missing or invalid I-nonce"); + c_nonce = dpp_get_attr(unwrapped, unwrapped_len, + DPP_ATTR_CONFIGURATOR_NONCE, &c_nonce_len); + if (!c_nonce || c_nonce_len != auth->curve->nonce_len || + os_memcmp(c_nonce, auth->c_nonce, c_nonce_len) != 0) { + dpp_auth_fail(auth, "Missing or invalid C-nonce"); goto fail; } - wpa_hexdump(MSG_DEBUG, "DPP: I-nonce", i_nonce, i_nonce_len); + wpa_hexdump(MSG_DEBUG, "DPP: C-nonce", c_nonce, c_nonce_len); - r_nonce = dpp_get_attr(unwrapped, unwrapped_len, DPP_ATTR_R_NONCE, - &r_nonce_len); - if (!r_nonce || r_nonce_len != auth->curve->nonce_len || - os_memcmp(r_nonce, auth->r_nonce, r_nonce_len) != 0) { - dpp_auth_fail(auth, "Missing or invalid R-nonce"); + e_nonce = dpp_get_attr(unwrapped, unwrapped_len, + DPP_ATTR_ENROLLEE_NONCE, &e_nonce_len); + if (!e_nonce || e_nonce_len != auth->curve->nonce_len || + os_memcmp(e_nonce, auth->e_nonce, e_nonce_len) != 0) { + dpp_auth_fail(auth, "Missing or invalid E-nonce"); goto fail; } - wpa_hexdump(MSG_DEBUG, "DPP: R-nonce", r_nonce, r_nonce_len); + wpa_hexdump(MSG_DEBUG, "DPP: E-nonce", e_nonce, e_nonce_len); reconfig_flags = dpp_get_attr(unwrapped, unwrapped_len, DPP_ATTR_RECONFIG_FLAGS,