DPP: Remove unnecessary Wrapped Data checks from callers
Now that dpp_check_attrs() takes care of verifying that no attributes are after the Wrapped Data attribute, the duplicated checks in hostapd and wpa_supplicant side of the implementation can be removed. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This commit is contained in:
parent
0c881807b5
commit
27fefbbb76
4 changed files with 23 additions and 43 deletions
|
@ -536,27 +536,16 @@ static void hostapd_dpp_rx_auth_req(struct hostapd_data *hapd, const u8 *src,
|
||||||
const u8 *hdr, const u8 *buf, size_t len,
|
const u8 *hdr, const u8 *buf, size_t len,
|
||||||
unsigned int freq)
|
unsigned int freq)
|
||||||
{
|
{
|
||||||
const u8 *r_bootstrap, *i_bootstrap, *wrapped_data;
|
const u8 *r_bootstrap, *i_bootstrap;
|
||||||
u16 r_bootstrap_len, i_bootstrap_len, wrapped_data_len;
|
u16 r_bootstrap_len, i_bootstrap_len;
|
||||||
struct dpp_bootstrap_info *bi, *own_bi = NULL, *peer_bi = NULL;
|
struct dpp_bootstrap_info *bi, *own_bi = NULL, *peer_bi = NULL;
|
||||||
|
|
||||||
wpa_printf(MSG_DEBUG, "DPP: Authentication Request from " MACSTR,
|
wpa_printf(MSG_DEBUG, "DPP: Authentication Request from " MACSTR,
|
||||||
MAC2STR(src));
|
MAC2STR(src));
|
||||||
|
|
||||||
wrapped_data = dpp_get_attr(buf, len, DPP_ATTR_WRAPPED_DATA,
|
|
||||||
&wrapped_data_len);
|
|
||||||
if (!wrapped_data) {
|
|
||||||
wpa_printf(MSG_DEBUG,
|
|
||||||
"DPP: Missing required Wrapped data attribute");
|
|
||||||
return;
|
|
||||||
}
|
|
||||||
wpa_hexdump(MSG_MSGDUMP, "DPP: Wrapped data",
|
|
||||||
wrapped_data, wrapped_data_len);
|
|
||||||
|
|
||||||
r_bootstrap = dpp_get_attr(buf, len, DPP_ATTR_R_BOOTSTRAP_KEY_HASH,
|
r_bootstrap = dpp_get_attr(buf, len, DPP_ATTR_R_BOOTSTRAP_KEY_HASH,
|
||||||
&r_bootstrap_len);
|
&r_bootstrap_len);
|
||||||
if (!r_bootstrap || r_bootstrap > wrapped_data ||
|
if (!r_bootstrap || r_bootstrap_len != SHA256_MAC_LEN) {
|
||||||
r_bootstrap_len != SHA256_MAC_LEN) {
|
|
||||||
wpa_printf(MSG_DEBUG,
|
wpa_printf(MSG_DEBUG,
|
||||||
"DPP: Missing or invalid required Responder Bootstrapping Key Hash attribute");
|
"DPP: Missing or invalid required Responder Bootstrapping Key Hash attribute");
|
||||||
return;
|
return;
|
||||||
|
@ -566,8 +555,7 @@ static void hostapd_dpp_rx_auth_req(struct hostapd_data *hapd, const u8 *src,
|
||||||
|
|
||||||
i_bootstrap = dpp_get_attr(buf, len, DPP_ATTR_I_BOOTSTRAP_KEY_HASH,
|
i_bootstrap = dpp_get_attr(buf, len, DPP_ATTR_I_BOOTSTRAP_KEY_HASH,
|
||||||
&i_bootstrap_len);
|
&i_bootstrap_len);
|
||||||
if (!i_bootstrap || i_bootstrap > wrapped_data ||
|
if (!i_bootstrap || i_bootstrap_len != SHA256_MAC_LEN) {
|
||||||
i_bootstrap_len != SHA256_MAC_LEN) {
|
|
||||||
wpa_printf(MSG_DEBUG,
|
wpa_printf(MSG_DEBUG,
|
||||||
"DPP: Missing or invalid required Initiator Bootstrapping Key Hash attribute");
|
"DPP: Missing or invalid required Initiator Bootstrapping Key Hash attribute");
|
||||||
return;
|
return;
|
||||||
|
@ -614,8 +602,7 @@ static void hostapd_dpp_rx_auth_req(struct hostapd_data *hapd, const u8 *src,
|
||||||
hapd->dpp_auth_ok_on_ack = 0;
|
hapd->dpp_auth_ok_on_ack = 0;
|
||||||
hapd->dpp_auth = dpp_auth_req_rx(hapd->msg_ctx, hapd->dpp_allowed_roles,
|
hapd->dpp_auth = dpp_auth_req_rx(hapd->msg_ctx, hapd->dpp_allowed_roles,
|
||||||
hapd->dpp_qr_mutual,
|
hapd->dpp_qr_mutual,
|
||||||
peer_bi, own_bi, freq, hdr, buf,
|
peer_bi, own_bi, freq, hdr, buf, len);
|
||||||
wrapped_data, wrapped_data_len);
|
|
||||||
if (!hapd->dpp_auth) {
|
if (!hapd->dpp_auth) {
|
||||||
wpa_printf(MSG_DEBUG, "DPP: No response generated");
|
wpa_printf(MSG_DEBUG, "DPP: No response generated");
|
||||||
return;
|
return;
|
||||||
|
|
|
@ -2225,7 +2225,7 @@ dpp_auth_req_rx(void *msg_ctx, u8 dpp_allowed_roles, int qr_mutual,
|
||||||
struct dpp_bootstrap_info *peer_bi,
|
struct dpp_bootstrap_info *peer_bi,
|
||||||
struct dpp_bootstrap_info *own_bi,
|
struct dpp_bootstrap_info *own_bi,
|
||||||
unsigned int freq, const u8 *hdr, const u8 *attr_start,
|
unsigned int freq, const u8 *hdr, const u8 *attr_start,
|
||||||
const u8 *wrapped_data, u16 wrapped_data_len)
|
size_t attr_len)
|
||||||
{
|
{
|
||||||
EVP_PKEY *pi = NULL;
|
EVP_PKEY *pi = NULL;
|
||||||
EVP_PKEY_CTX *ctx = NULL;
|
EVP_PKEY_CTX *ctx = NULL;
|
||||||
|
@ -2234,14 +2234,20 @@ dpp_auth_req_rx(void *msg_ctx, u8 dpp_allowed_roles, int qr_mutual,
|
||||||
size_t len[2];
|
size_t len[2];
|
||||||
u8 *unwrapped = NULL;
|
u8 *unwrapped = NULL;
|
||||||
size_t unwrapped_len = 0;
|
size_t unwrapped_len = 0;
|
||||||
const u8 *i_proto, *i_nonce, *i_capab, *i_bootstrap;
|
const u8 *wrapped_data, *i_proto, *i_nonce, *i_capab, *i_bootstrap;
|
||||||
u16 i_proto_len, i_nonce_len, i_capab_len, i_bootstrap_len;
|
u16 wrapped_data_len, i_proto_len, i_nonce_len, i_capab_len,
|
||||||
|
i_bootstrap_len;
|
||||||
struct dpp_authentication *auth = NULL;
|
struct dpp_authentication *auth = NULL;
|
||||||
size_t attr_len;
|
|
||||||
|
|
||||||
if (wrapped_data_len < AES_BLOCK_SIZE)
|
wrapped_data = dpp_get_attr(attr_start, attr_len, DPP_ATTR_WRAPPED_DATA,
|
||||||
|
&wrapped_data_len);
|
||||||
|
if (!wrapped_data || wrapped_data_len < AES_BLOCK_SIZE) {
|
||||||
|
wpa_printf(MSG_DEBUG,
|
||||||
|
"DPP: Missing or invalid required Wrapped Data attribute");
|
||||||
return NULL;
|
return NULL;
|
||||||
|
}
|
||||||
|
wpa_hexdump(MSG_MSGDUMP, "DPP: Wrapped Data",
|
||||||
|
wrapped_data, wrapped_data_len);
|
||||||
attr_len = wrapped_data - 4 - attr_start;
|
attr_len = wrapped_data - 4 - attr_start;
|
||||||
|
|
||||||
auth = os_zalloc(sizeof(*auth));
|
auth = os_zalloc(sizeof(*auth));
|
||||||
|
|
|
@ -240,7 +240,7 @@ dpp_auth_req_rx(void *msg_ctx, u8 dpp_allowed_roles, int qr_mutual,
|
||||||
struct dpp_bootstrap_info *peer_bi,
|
struct dpp_bootstrap_info *peer_bi,
|
||||||
struct dpp_bootstrap_info *own_bi,
|
struct dpp_bootstrap_info *own_bi,
|
||||||
unsigned int freq, const u8 *hdr, const u8 *attr_start,
|
unsigned int freq, const u8 *hdr, const u8 *attr_start,
|
||||||
const u8 *wrapped_data, u16 wrapped_data_len);
|
size_t attr_len);
|
||||||
struct wpabuf *
|
struct wpabuf *
|
||||||
dpp_auth_resp_rx(struct dpp_authentication *auth, const u8 *hdr,
|
dpp_auth_resp_rx(struct dpp_authentication *auth, const u8 *hdr,
|
||||||
const u8 *attr_start, size_t attr_len);
|
const u8 *attr_start, size_t attr_len);
|
||||||
|
|
|
@ -777,27 +777,16 @@ static void wpas_dpp_rx_auth_req(struct wpa_supplicant *wpa_s, const u8 *src,
|
||||||
const u8 *hdr, const u8 *buf, size_t len,
|
const u8 *hdr, const u8 *buf, size_t len,
|
||||||
unsigned int freq)
|
unsigned int freq)
|
||||||
{
|
{
|
||||||
const u8 *r_bootstrap, *i_bootstrap, *wrapped_data;
|
const u8 *r_bootstrap, *i_bootstrap;
|
||||||
u16 r_bootstrap_len, i_bootstrap_len, wrapped_data_len;
|
u16 r_bootstrap_len, i_bootstrap_len;
|
||||||
struct dpp_bootstrap_info *bi, *own_bi = NULL, *peer_bi = NULL;
|
struct dpp_bootstrap_info *bi, *own_bi = NULL, *peer_bi = NULL;
|
||||||
|
|
||||||
wpa_printf(MSG_DEBUG, "DPP: Authentication Request from " MACSTR,
|
wpa_printf(MSG_DEBUG, "DPP: Authentication Request from " MACSTR,
|
||||||
MAC2STR(src));
|
MAC2STR(src));
|
||||||
|
|
||||||
wrapped_data = dpp_get_attr(buf, len, DPP_ATTR_WRAPPED_DATA,
|
|
||||||
&wrapped_data_len);
|
|
||||||
if (!wrapped_data) {
|
|
||||||
wpa_printf(MSG_DEBUG,
|
|
||||||
"DPP: Missing required Wrapped data attribute");
|
|
||||||
return;
|
|
||||||
}
|
|
||||||
wpa_hexdump(MSG_MSGDUMP, "DPP: Wrapped data",
|
|
||||||
wrapped_data, wrapped_data_len);
|
|
||||||
|
|
||||||
r_bootstrap = dpp_get_attr(buf, len, DPP_ATTR_R_BOOTSTRAP_KEY_HASH,
|
r_bootstrap = dpp_get_attr(buf, len, DPP_ATTR_R_BOOTSTRAP_KEY_HASH,
|
||||||
&r_bootstrap_len);
|
&r_bootstrap_len);
|
||||||
if (!r_bootstrap || r_bootstrap > wrapped_data ||
|
if (!r_bootstrap || r_bootstrap_len != SHA256_MAC_LEN) {
|
||||||
r_bootstrap_len != SHA256_MAC_LEN) {
|
|
||||||
wpa_printf(MSG_DEBUG,
|
wpa_printf(MSG_DEBUG,
|
||||||
"DPP: Missing or invalid required Responder Bootstrapping Key Hash attribute");
|
"DPP: Missing or invalid required Responder Bootstrapping Key Hash attribute");
|
||||||
return;
|
return;
|
||||||
|
@ -807,8 +796,7 @@ static void wpas_dpp_rx_auth_req(struct wpa_supplicant *wpa_s, const u8 *src,
|
||||||
|
|
||||||
i_bootstrap = dpp_get_attr(buf, len, DPP_ATTR_I_BOOTSTRAP_KEY_HASH,
|
i_bootstrap = dpp_get_attr(buf, len, DPP_ATTR_I_BOOTSTRAP_KEY_HASH,
|
||||||
&i_bootstrap_len);
|
&i_bootstrap_len);
|
||||||
if (!i_bootstrap || i_bootstrap > wrapped_data ||
|
if (!i_bootstrap || i_bootstrap_len != SHA256_MAC_LEN) {
|
||||||
i_bootstrap_len != SHA256_MAC_LEN) {
|
|
||||||
wpa_printf(MSG_DEBUG,
|
wpa_printf(MSG_DEBUG,
|
||||||
"DPP: Missing or invalid required Initiator Bootstrapping Key Hash attribute");
|
"DPP: Missing or invalid required Initiator Bootstrapping Key Hash attribute");
|
||||||
return;
|
return;
|
||||||
|
@ -856,8 +844,7 @@ static void wpas_dpp_rx_auth_req(struct wpa_supplicant *wpa_s, const u8 *src,
|
||||||
wpa_s->dpp_auth_ok_on_ack = 0;
|
wpa_s->dpp_auth_ok_on_ack = 0;
|
||||||
wpa_s->dpp_auth = dpp_auth_req_rx(wpa_s, wpa_s->dpp_allowed_roles,
|
wpa_s->dpp_auth = dpp_auth_req_rx(wpa_s, wpa_s->dpp_allowed_roles,
|
||||||
wpa_s->dpp_qr_mutual,
|
wpa_s->dpp_qr_mutual,
|
||||||
peer_bi, own_bi, freq, hdr, buf,
|
peer_bi, own_bi, freq, hdr, buf, len);
|
||||||
wrapped_data, wrapped_data_len);
|
|
||||||
if (!wpa_s->dpp_auth) {
|
if (!wpa_s->dpp_auth) {
|
||||||
wpa_printf(MSG_DEBUG, "DPP: No response generated");
|
wpa_printf(MSG_DEBUG, "DPP: No response generated");
|
||||||
return;
|
return;
|
||||||
|
|
Loading…
Reference in a new issue