diff --git a/src/ap/dpp_hostapd.c b/src/ap/dpp_hostapd.c index aae29104d..825af9e3b 100644 --- a/src/ap/dpp_hostapd.c +++ b/src/ap/dpp_hostapd.c @@ -536,27 +536,16 @@ static void hostapd_dpp_rx_auth_req(struct hostapd_data *hapd, const u8 *src, const u8 *hdr, const u8 *buf, size_t len, unsigned int freq) { - const u8 *r_bootstrap, *i_bootstrap, *wrapped_data; - u16 r_bootstrap_len, i_bootstrap_len, wrapped_data_len; + const u8 *r_bootstrap, *i_bootstrap; + u16 r_bootstrap_len, i_bootstrap_len; struct dpp_bootstrap_info *bi, *own_bi = NULL, *peer_bi = NULL; wpa_printf(MSG_DEBUG, "DPP: Authentication Request from " MACSTR, MAC2STR(src)); - wrapped_data = dpp_get_attr(buf, len, DPP_ATTR_WRAPPED_DATA, - &wrapped_data_len); - if (!wrapped_data) { - wpa_printf(MSG_DEBUG, - "DPP: Missing required Wrapped data attribute"); - return; - } - wpa_hexdump(MSG_MSGDUMP, "DPP: Wrapped data", - wrapped_data, wrapped_data_len); - r_bootstrap = dpp_get_attr(buf, len, DPP_ATTR_R_BOOTSTRAP_KEY_HASH, &r_bootstrap_len); - if (!r_bootstrap || r_bootstrap > wrapped_data || - r_bootstrap_len != SHA256_MAC_LEN) { + if (!r_bootstrap || r_bootstrap_len != SHA256_MAC_LEN) { wpa_printf(MSG_DEBUG, "DPP: Missing or invalid required Responder Bootstrapping Key Hash attribute"); return; @@ -566,8 +555,7 @@ static void hostapd_dpp_rx_auth_req(struct hostapd_data *hapd, const u8 *src, i_bootstrap = dpp_get_attr(buf, len, DPP_ATTR_I_BOOTSTRAP_KEY_HASH, &i_bootstrap_len); - if (!i_bootstrap || i_bootstrap > wrapped_data || - i_bootstrap_len != SHA256_MAC_LEN) { + if (!i_bootstrap || i_bootstrap_len != SHA256_MAC_LEN) { wpa_printf(MSG_DEBUG, "DPP: Missing or invalid required Initiator Bootstrapping Key Hash attribute"); return; @@ -614,8 +602,7 @@ static void hostapd_dpp_rx_auth_req(struct hostapd_data *hapd, const u8 *src, hapd->dpp_auth_ok_on_ack = 0; hapd->dpp_auth = dpp_auth_req_rx(hapd->msg_ctx, hapd->dpp_allowed_roles, hapd->dpp_qr_mutual, - peer_bi, own_bi, freq, hdr, buf, - wrapped_data, wrapped_data_len); + peer_bi, own_bi, freq, hdr, buf, len); if (!hapd->dpp_auth) { wpa_printf(MSG_DEBUG, "DPP: No response generated"); return; diff --git a/src/common/dpp.c b/src/common/dpp.c index 596c81cb3..40b875087 100644 --- a/src/common/dpp.c +++ b/src/common/dpp.c @@ -2225,7 +2225,7 @@ dpp_auth_req_rx(void *msg_ctx, u8 dpp_allowed_roles, int qr_mutual, struct dpp_bootstrap_info *peer_bi, struct dpp_bootstrap_info *own_bi, unsigned int freq, const u8 *hdr, const u8 *attr_start, - const u8 *wrapped_data, u16 wrapped_data_len) + size_t attr_len) { EVP_PKEY *pi = NULL; EVP_PKEY_CTX *ctx = NULL; @@ -2234,14 +2234,20 @@ dpp_auth_req_rx(void *msg_ctx, u8 dpp_allowed_roles, int qr_mutual, size_t len[2]; u8 *unwrapped = NULL; size_t unwrapped_len = 0; - const u8 *i_proto, *i_nonce, *i_capab, *i_bootstrap; - u16 i_proto_len, i_nonce_len, i_capab_len, i_bootstrap_len; + const u8 *wrapped_data, *i_proto, *i_nonce, *i_capab, *i_bootstrap; + u16 wrapped_data_len, i_proto_len, i_nonce_len, i_capab_len, + i_bootstrap_len; struct dpp_authentication *auth = NULL; - size_t attr_len; - if (wrapped_data_len < AES_BLOCK_SIZE) + wrapped_data = dpp_get_attr(attr_start, attr_len, DPP_ATTR_WRAPPED_DATA, + &wrapped_data_len); + if (!wrapped_data || wrapped_data_len < AES_BLOCK_SIZE) { + wpa_printf(MSG_DEBUG, + "DPP: Missing or invalid required Wrapped Data attribute"); return NULL; - + } + wpa_hexdump(MSG_MSGDUMP, "DPP: Wrapped Data", + wrapped_data, wrapped_data_len); attr_len = wrapped_data - 4 - attr_start; auth = os_zalloc(sizeof(*auth)); diff --git a/src/common/dpp.h b/src/common/dpp.h index f6bc5af01..ecad2d6e0 100644 --- a/src/common/dpp.h +++ b/src/common/dpp.h @@ -240,7 +240,7 @@ dpp_auth_req_rx(void *msg_ctx, u8 dpp_allowed_roles, int qr_mutual, struct dpp_bootstrap_info *peer_bi, struct dpp_bootstrap_info *own_bi, unsigned int freq, const u8 *hdr, const u8 *attr_start, - const u8 *wrapped_data, u16 wrapped_data_len); + size_t attr_len); struct wpabuf * dpp_auth_resp_rx(struct dpp_authentication *auth, const u8 *hdr, const u8 *attr_start, size_t attr_len); diff --git a/wpa_supplicant/dpp_supplicant.c b/wpa_supplicant/dpp_supplicant.c index bf29f192d..e0638f3a7 100644 --- a/wpa_supplicant/dpp_supplicant.c +++ b/wpa_supplicant/dpp_supplicant.c @@ -777,27 +777,16 @@ static void wpas_dpp_rx_auth_req(struct wpa_supplicant *wpa_s, const u8 *src, const u8 *hdr, const u8 *buf, size_t len, unsigned int freq) { - const u8 *r_bootstrap, *i_bootstrap, *wrapped_data; - u16 r_bootstrap_len, i_bootstrap_len, wrapped_data_len; + const u8 *r_bootstrap, *i_bootstrap; + u16 r_bootstrap_len, i_bootstrap_len; struct dpp_bootstrap_info *bi, *own_bi = NULL, *peer_bi = NULL; wpa_printf(MSG_DEBUG, "DPP: Authentication Request from " MACSTR, MAC2STR(src)); - wrapped_data = dpp_get_attr(buf, len, DPP_ATTR_WRAPPED_DATA, - &wrapped_data_len); - if (!wrapped_data) { - wpa_printf(MSG_DEBUG, - "DPP: Missing required Wrapped data attribute"); - return; - } - wpa_hexdump(MSG_MSGDUMP, "DPP: Wrapped data", - wrapped_data, wrapped_data_len); - r_bootstrap = dpp_get_attr(buf, len, DPP_ATTR_R_BOOTSTRAP_KEY_HASH, &r_bootstrap_len); - if (!r_bootstrap || r_bootstrap > wrapped_data || - r_bootstrap_len != SHA256_MAC_LEN) { + if (!r_bootstrap || r_bootstrap_len != SHA256_MAC_LEN) { wpa_printf(MSG_DEBUG, "DPP: Missing or invalid required Responder Bootstrapping Key Hash attribute"); return; @@ -807,8 +796,7 @@ static void wpas_dpp_rx_auth_req(struct wpa_supplicant *wpa_s, const u8 *src, i_bootstrap = dpp_get_attr(buf, len, DPP_ATTR_I_BOOTSTRAP_KEY_HASH, &i_bootstrap_len); - if (!i_bootstrap || i_bootstrap > wrapped_data || - i_bootstrap_len != SHA256_MAC_LEN) { + if (!i_bootstrap || i_bootstrap_len != SHA256_MAC_LEN) { wpa_printf(MSG_DEBUG, "DPP: Missing or invalid required Initiator Bootstrapping Key Hash attribute"); return; @@ -856,8 +844,7 @@ static void wpas_dpp_rx_auth_req(struct wpa_supplicant *wpa_s, const u8 *src, wpa_s->dpp_auth_ok_on_ack = 0; wpa_s->dpp_auth = dpp_auth_req_rx(wpa_s, wpa_s->dpp_allowed_roles, wpa_s->dpp_qr_mutual, - peer_bi, own_bi, freq, hdr, buf, - wrapped_data, wrapped_data_len); + peer_bi, own_bi, freq, hdr, buf, len); if (!wpa_s->dpp_auth) { wpa_printf(MSG_DEBUG, "DPP: No response generated"); return;