DPP: Remove unnecessary Wrapped Data checks from callers

Now that dpp_check_attrs() takes care of verifying that no attributes
are after the Wrapped Data attribute, the duplicated checks in hostapd
and wpa_supplicant side of the implementation can be removed.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This commit is contained in:
Jouni Malinen 2017-10-22 11:46:12 +03:00 committed by Jouni Malinen
parent 0c881807b5
commit 27fefbbb76
4 changed files with 23 additions and 43 deletions

View file

@ -536,27 +536,16 @@ static void hostapd_dpp_rx_auth_req(struct hostapd_data *hapd, const u8 *src,
const u8 *hdr, const u8 *buf, size_t len, const u8 *hdr, const u8 *buf, size_t len,
unsigned int freq) unsigned int freq)
{ {
const u8 *r_bootstrap, *i_bootstrap, *wrapped_data; const u8 *r_bootstrap, *i_bootstrap;
u16 r_bootstrap_len, i_bootstrap_len, wrapped_data_len; u16 r_bootstrap_len, i_bootstrap_len;
struct dpp_bootstrap_info *bi, *own_bi = NULL, *peer_bi = NULL; struct dpp_bootstrap_info *bi, *own_bi = NULL, *peer_bi = NULL;
wpa_printf(MSG_DEBUG, "DPP: Authentication Request from " MACSTR, wpa_printf(MSG_DEBUG, "DPP: Authentication Request from " MACSTR,
MAC2STR(src)); MAC2STR(src));
wrapped_data = dpp_get_attr(buf, len, DPP_ATTR_WRAPPED_DATA,
&wrapped_data_len);
if (!wrapped_data) {
wpa_printf(MSG_DEBUG,
"DPP: Missing required Wrapped data attribute");
return;
}
wpa_hexdump(MSG_MSGDUMP, "DPP: Wrapped data",
wrapped_data, wrapped_data_len);
r_bootstrap = dpp_get_attr(buf, len, DPP_ATTR_R_BOOTSTRAP_KEY_HASH, r_bootstrap = dpp_get_attr(buf, len, DPP_ATTR_R_BOOTSTRAP_KEY_HASH,
&r_bootstrap_len); &r_bootstrap_len);
if (!r_bootstrap || r_bootstrap > wrapped_data || if (!r_bootstrap || r_bootstrap_len != SHA256_MAC_LEN) {
r_bootstrap_len != SHA256_MAC_LEN) {
wpa_printf(MSG_DEBUG, wpa_printf(MSG_DEBUG,
"DPP: Missing or invalid required Responder Bootstrapping Key Hash attribute"); "DPP: Missing or invalid required Responder Bootstrapping Key Hash attribute");
return; return;
@ -566,8 +555,7 @@ static void hostapd_dpp_rx_auth_req(struct hostapd_data *hapd, const u8 *src,
i_bootstrap = dpp_get_attr(buf, len, DPP_ATTR_I_BOOTSTRAP_KEY_HASH, i_bootstrap = dpp_get_attr(buf, len, DPP_ATTR_I_BOOTSTRAP_KEY_HASH,
&i_bootstrap_len); &i_bootstrap_len);
if (!i_bootstrap || i_bootstrap > wrapped_data || if (!i_bootstrap || i_bootstrap_len != SHA256_MAC_LEN) {
i_bootstrap_len != SHA256_MAC_LEN) {
wpa_printf(MSG_DEBUG, wpa_printf(MSG_DEBUG,
"DPP: Missing or invalid required Initiator Bootstrapping Key Hash attribute"); "DPP: Missing or invalid required Initiator Bootstrapping Key Hash attribute");
return; return;
@ -614,8 +602,7 @@ static void hostapd_dpp_rx_auth_req(struct hostapd_data *hapd, const u8 *src,
hapd->dpp_auth_ok_on_ack = 0; hapd->dpp_auth_ok_on_ack = 0;
hapd->dpp_auth = dpp_auth_req_rx(hapd->msg_ctx, hapd->dpp_allowed_roles, hapd->dpp_auth = dpp_auth_req_rx(hapd->msg_ctx, hapd->dpp_allowed_roles,
hapd->dpp_qr_mutual, hapd->dpp_qr_mutual,
peer_bi, own_bi, freq, hdr, buf, peer_bi, own_bi, freq, hdr, buf, len);
wrapped_data, wrapped_data_len);
if (!hapd->dpp_auth) { if (!hapd->dpp_auth) {
wpa_printf(MSG_DEBUG, "DPP: No response generated"); wpa_printf(MSG_DEBUG, "DPP: No response generated");
return; return;

View file

@ -2225,7 +2225,7 @@ dpp_auth_req_rx(void *msg_ctx, u8 dpp_allowed_roles, int qr_mutual,
struct dpp_bootstrap_info *peer_bi, struct dpp_bootstrap_info *peer_bi,
struct dpp_bootstrap_info *own_bi, struct dpp_bootstrap_info *own_bi,
unsigned int freq, const u8 *hdr, const u8 *attr_start, unsigned int freq, const u8 *hdr, const u8 *attr_start,
const u8 *wrapped_data, u16 wrapped_data_len) size_t attr_len)
{ {
EVP_PKEY *pi = NULL; EVP_PKEY *pi = NULL;
EVP_PKEY_CTX *ctx = NULL; EVP_PKEY_CTX *ctx = NULL;
@ -2234,14 +2234,20 @@ dpp_auth_req_rx(void *msg_ctx, u8 dpp_allowed_roles, int qr_mutual,
size_t len[2]; size_t len[2];
u8 *unwrapped = NULL; u8 *unwrapped = NULL;
size_t unwrapped_len = 0; size_t unwrapped_len = 0;
const u8 *i_proto, *i_nonce, *i_capab, *i_bootstrap; const u8 *wrapped_data, *i_proto, *i_nonce, *i_capab, *i_bootstrap;
u16 i_proto_len, i_nonce_len, i_capab_len, i_bootstrap_len; u16 wrapped_data_len, i_proto_len, i_nonce_len, i_capab_len,
i_bootstrap_len;
struct dpp_authentication *auth = NULL; struct dpp_authentication *auth = NULL;
size_t attr_len;
if (wrapped_data_len < AES_BLOCK_SIZE) wrapped_data = dpp_get_attr(attr_start, attr_len, DPP_ATTR_WRAPPED_DATA,
&wrapped_data_len);
if (!wrapped_data || wrapped_data_len < AES_BLOCK_SIZE) {
wpa_printf(MSG_DEBUG,
"DPP: Missing or invalid required Wrapped Data attribute");
return NULL; return NULL;
}
wpa_hexdump(MSG_MSGDUMP, "DPP: Wrapped Data",
wrapped_data, wrapped_data_len);
attr_len = wrapped_data - 4 - attr_start; attr_len = wrapped_data - 4 - attr_start;
auth = os_zalloc(sizeof(*auth)); auth = os_zalloc(sizeof(*auth));

View file

@ -240,7 +240,7 @@ dpp_auth_req_rx(void *msg_ctx, u8 dpp_allowed_roles, int qr_mutual,
struct dpp_bootstrap_info *peer_bi, struct dpp_bootstrap_info *peer_bi,
struct dpp_bootstrap_info *own_bi, struct dpp_bootstrap_info *own_bi,
unsigned int freq, const u8 *hdr, const u8 *attr_start, unsigned int freq, const u8 *hdr, const u8 *attr_start,
const u8 *wrapped_data, u16 wrapped_data_len); size_t attr_len);
struct wpabuf * struct wpabuf *
dpp_auth_resp_rx(struct dpp_authentication *auth, const u8 *hdr, dpp_auth_resp_rx(struct dpp_authentication *auth, const u8 *hdr,
const u8 *attr_start, size_t attr_len); const u8 *attr_start, size_t attr_len);

View file

@ -777,27 +777,16 @@ static void wpas_dpp_rx_auth_req(struct wpa_supplicant *wpa_s, const u8 *src,
const u8 *hdr, const u8 *buf, size_t len, const u8 *hdr, const u8 *buf, size_t len,
unsigned int freq) unsigned int freq)
{ {
const u8 *r_bootstrap, *i_bootstrap, *wrapped_data; const u8 *r_bootstrap, *i_bootstrap;
u16 r_bootstrap_len, i_bootstrap_len, wrapped_data_len; u16 r_bootstrap_len, i_bootstrap_len;
struct dpp_bootstrap_info *bi, *own_bi = NULL, *peer_bi = NULL; struct dpp_bootstrap_info *bi, *own_bi = NULL, *peer_bi = NULL;
wpa_printf(MSG_DEBUG, "DPP: Authentication Request from " MACSTR, wpa_printf(MSG_DEBUG, "DPP: Authentication Request from " MACSTR,
MAC2STR(src)); MAC2STR(src));
wrapped_data = dpp_get_attr(buf, len, DPP_ATTR_WRAPPED_DATA,
&wrapped_data_len);
if (!wrapped_data) {
wpa_printf(MSG_DEBUG,
"DPP: Missing required Wrapped data attribute");
return;
}
wpa_hexdump(MSG_MSGDUMP, "DPP: Wrapped data",
wrapped_data, wrapped_data_len);
r_bootstrap = dpp_get_attr(buf, len, DPP_ATTR_R_BOOTSTRAP_KEY_HASH, r_bootstrap = dpp_get_attr(buf, len, DPP_ATTR_R_BOOTSTRAP_KEY_HASH,
&r_bootstrap_len); &r_bootstrap_len);
if (!r_bootstrap || r_bootstrap > wrapped_data || if (!r_bootstrap || r_bootstrap_len != SHA256_MAC_LEN) {
r_bootstrap_len != SHA256_MAC_LEN) {
wpa_printf(MSG_DEBUG, wpa_printf(MSG_DEBUG,
"DPP: Missing or invalid required Responder Bootstrapping Key Hash attribute"); "DPP: Missing or invalid required Responder Bootstrapping Key Hash attribute");
return; return;
@ -807,8 +796,7 @@ static void wpas_dpp_rx_auth_req(struct wpa_supplicant *wpa_s, const u8 *src,
i_bootstrap = dpp_get_attr(buf, len, DPP_ATTR_I_BOOTSTRAP_KEY_HASH, i_bootstrap = dpp_get_attr(buf, len, DPP_ATTR_I_BOOTSTRAP_KEY_HASH,
&i_bootstrap_len); &i_bootstrap_len);
if (!i_bootstrap || i_bootstrap > wrapped_data || if (!i_bootstrap || i_bootstrap_len != SHA256_MAC_LEN) {
i_bootstrap_len != SHA256_MAC_LEN) {
wpa_printf(MSG_DEBUG, wpa_printf(MSG_DEBUG,
"DPP: Missing or invalid required Initiator Bootstrapping Key Hash attribute"); "DPP: Missing or invalid required Initiator Bootstrapping Key Hash attribute");
return; return;
@ -856,8 +844,7 @@ static void wpas_dpp_rx_auth_req(struct wpa_supplicant *wpa_s, const u8 *src,
wpa_s->dpp_auth_ok_on_ack = 0; wpa_s->dpp_auth_ok_on_ack = 0;
wpa_s->dpp_auth = dpp_auth_req_rx(wpa_s, wpa_s->dpp_allowed_roles, wpa_s->dpp_auth = dpp_auth_req_rx(wpa_s, wpa_s->dpp_allowed_roles,
wpa_s->dpp_qr_mutual, wpa_s->dpp_qr_mutual,
peer_bi, own_bi, freq, hdr, buf, peer_bi, own_bi, freq, hdr, buf, len);
wrapped_data, wrapped_data_len);
if (!wpa_s->dpp_auth) { if (!wpa_s->dpp_auth) {
wpa_printf(MSG_DEBUG, "DPP: No response generated"); wpa_printf(MSG_DEBUG, "DPP: No response generated");
return; return;