DPP: Protocol testing for writing invalid I/R Bootstrap Key Hash
Extend dpp_test to cover cases where Initiator/Responder Bootstrap Key Hash value in DPP Authentication frames is invalid (flip one bit). Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This commit is contained in:
		
							parent
							
								
									dc515328a2
								
							
						
					
					
						commit
						65ecce87fd
					
				
					 2 changed files with 102 additions and 14 deletions
				
			
		
							
								
								
									
										110
									
								
								src/common/dpp.c
									
									
									
									
									
								
							
							
						
						
									
										110
									
								
								src/common/dpp.c
									
									
									
									
									
								
							|  | @ -1956,6 +1956,9 @@ struct dpp_authentication * dpp_auth_init(void *msg_ctx, | |||
| 	struct wpabuf *pi = NULL; | ||||
| 	u8 zero[SHA256_MAC_LEN]; | ||||
| 	const u8 *r_pubkey_hash, *i_pubkey_hash; | ||||
| #ifdef CONFIG_TESTING_OPTIONS | ||||
| 	u8 test_hash[SHA256_MAC_LEN]; | ||||
| #endif /* CONFIG_TESTING_OPTIONS */ | ||||
| 
 | ||||
| 	auth = os_zalloc(sizeof(*auth)); | ||||
| 	if (!auth) | ||||
|  | @ -2024,9 +2027,21 @@ struct dpp_authentication * dpp_auth_init(void *msg_ctx, | |||
| 	if (dpp_test == DPP_TEST_NO_R_BOOTSTRAP_KEY_HASH_AUTH_REQ) { | ||||
| 		wpa_printf(MSG_INFO, "DPP: TESTING - no R-Bootstrap Key Hash"); | ||||
| 		r_pubkey_hash = NULL; | ||||
| 	} else if (dpp_test == DPP_TEST_INVALID_R_BOOTSTRAP_KEY_HASH_AUTH_REQ) { | ||||
| 		wpa_printf(MSG_INFO, | ||||
| 			   "DPP: TESTING - invalid R-Bootstrap Key Hash"); | ||||
| 		os_memcpy(test_hash, r_pubkey_hash, SHA256_MAC_LEN); | ||||
| 		test_hash[SHA256_MAC_LEN - 1] ^= 0x01; | ||||
| 		r_pubkey_hash = test_hash; | ||||
| 	} else if (dpp_test == DPP_TEST_NO_I_BOOTSTRAP_KEY_HASH_AUTH_REQ) { | ||||
| 		wpa_printf(MSG_INFO, "DPP: TESTING - no I-Bootstrap Key Hash"); | ||||
| 		i_pubkey_hash = NULL; | ||||
| 	} else if (dpp_test == DPP_TEST_INVALID_I_BOOTSTRAP_KEY_HASH_AUTH_REQ) { | ||||
| 		wpa_printf(MSG_INFO, | ||||
| 			   "DPP: TESTING - invalid I-Bootstrap Key Hash"); | ||||
| 		os_memcpy(test_hash, i_pubkey_hash, SHA256_MAC_LEN); | ||||
| 		test_hash[SHA256_MAC_LEN - 1] ^= 0x01; | ||||
| 		i_pubkey_hash = test_hash; | ||||
| 	} else if (dpp_test == DPP_TEST_NO_I_PROTO_KEY_AUTH_REQ) { | ||||
| 		wpa_printf(MSG_INFO, "DPP: TESTING - no I-Proto Key"); | ||||
| 		wpabuf_free(pi); | ||||
|  | @ -2468,6 +2483,9 @@ static int dpp_auth_build_resp_ok(struct dpp_authentication *auth) | |||
| 	int ret = -1; | ||||
| 	const u8 *r_pubkey_hash, *i_pubkey_hash, *r_nonce, *i_nonce; | ||||
| 	enum dpp_status_error status = DPP_STATUS_OK; | ||||
| #ifdef CONFIG_TESTING_OPTIONS | ||||
| 	u8 test_hash[SHA256_MAC_LEN]; | ||||
| #endif /* CONFIG_TESTING_OPTIONS */ | ||||
| 
 | ||||
| 	wpa_printf(MSG_DEBUG, "DPP: Build Authentication Response"); | ||||
| 	if (!auth->own_bi) | ||||
|  | @ -2553,9 +2571,26 @@ static int dpp_auth_build_resp_ok(struct dpp_authentication *auth) | |||
| 	if (dpp_test == DPP_TEST_NO_R_BOOTSTRAP_KEY_HASH_AUTH_RESP) { | ||||
| 		wpa_printf(MSG_INFO, "DPP: TESTING - no R-Bootstrap Key Hash"); | ||||
| 		r_pubkey_hash = NULL; | ||||
| 	} else if (dpp_test == | ||||
| 		   DPP_TEST_INVALID_R_BOOTSTRAP_KEY_HASH_AUTH_RESP) { | ||||
| 		wpa_printf(MSG_INFO, | ||||
| 			   "DPP: TESTING - invalid R-Bootstrap Key Hash"); | ||||
| 		os_memcpy(test_hash, r_pubkey_hash, SHA256_MAC_LEN); | ||||
| 		test_hash[SHA256_MAC_LEN - 1] ^= 0x01; | ||||
| 		r_pubkey_hash = test_hash; | ||||
| 	} else if (dpp_test == DPP_TEST_NO_I_BOOTSTRAP_KEY_HASH_AUTH_RESP) { | ||||
| 		wpa_printf(MSG_INFO, "DPP: TESTING - no I-Bootstrap Key Hash"); | ||||
| 		i_pubkey_hash = NULL; | ||||
| 	} else if (dpp_test == | ||||
| 		   DPP_TEST_INVALID_I_BOOTSTRAP_KEY_HASH_AUTH_RESP) { | ||||
| 		wpa_printf(MSG_INFO, | ||||
| 			   "DPP: TESTING - invalid I-Bootstrap Key Hash"); | ||||
| 		if (i_pubkey_hash) | ||||
| 			os_memcpy(test_hash, i_pubkey_hash, SHA256_MAC_LEN); | ||||
| 		else | ||||
| 			os_memset(test_hash, 0, SHA256_MAC_LEN); | ||||
| 		test_hash[SHA256_MAC_LEN - 1] ^= 0x01; | ||||
| 		i_pubkey_hash = test_hash; | ||||
| 	} else if (dpp_test == DPP_TEST_NO_R_PROTO_KEY_AUTH_RESP) { | ||||
| 		wpa_printf(MSG_INFO, "DPP: TESTING - no R-Proto Key"); | ||||
| 		wpabuf_free(pr); | ||||
|  | @ -2603,6 +2638,9 @@ static int dpp_auth_build_resp_status(struct dpp_authentication *auth, | |||
| { | ||||
| 	struct wpabuf *msg; | ||||
| 	const u8 *r_pubkey_hash, *i_pubkey_hash, *i_nonce; | ||||
| #ifdef CONFIG_TESTING_OPTIONS | ||||
| 	u8 test_hash[SHA256_MAC_LEN]; | ||||
| #endif /* CONFIG_TESTING_OPTIONS */ | ||||
| 
 | ||||
| 	if (!auth->own_bi) | ||||
| 		return -1; | ||||
|  | @ -2620,9 +2658,26 @@ static int dpp_auth_build_resp_status(struct dpp_authentication *auth, | |||
| 	if (dpp_test == DPP_TEST_NO_R_BOOTSTRAP_KEY_HASH_AUTH_RESP) { | ||||
| 		wpa_printf(MSG_INFO, "DPP: TESTING - no R-Bootstrap Key Hash"); | ||||
| 		r_pubkey_hash = NULL; | ||||
| 	} else if (dpp_test == | ||||
| 		   DPP_TEST_INVALID_R_BOOTSTRAP_KEY_HASH_AUTH_RESP) { | ||||
| 		wpa_printf(MSG_INFO, | ||||
| 			   "DPP: TESTING - invalid R-Bootstrap Key Hash"); | ||||
| 		os_memcpy(test_hash, r_pubkey_hash, SHA256_MAC_LEN); | ||||
| 		test_hash[SHA256_MAC_LEN - 1] ^= 0x01; | ||||
| 		r_pubkey_hash = test_hash; | ||||
| 	} else if (dpp_test == DPP_TEST_NO_I_BOOTSTRAP_KEY_HASH_AUTH_RESP) { | ||||
| 		wpa_printf(MSG_INFO, "DPP: TESTING - no I-Bootstrap Key Hash"); | ||||
| 		i_pubkey_hash = NULL; | ||||
| 	} else if (dpp_test == | ||||
| 		   DPP_TEST_INVALID_I_BOOTSTRAP_KEY_HASH_AUTH_RESP) { | ||||
| 		wpa_printf(MSG_INFO, | ||||
| 			   "DPP: TESTING - invalid I-Bootstrap Key Hash"); | ||||
| 		if (i_pubkey_hash) | ||||
| 			os_memcpy(test_hash, i_pubkey_hash, SHA256_MAC_LEN); | ||||
| 		else | ||||
| 			os_memset(test_hash, 0, SHA256_MAC_LEN); | ||||
| 		test_hash[SHA256_MAC_LEN - 1] ^= 0x01; | ||||
| 		i_pubkey_hash = test_hash; | ||||
| 	} else if (dpp_test == DPP_TEST_NO_STATUS_AUTH_RESP) { | ||||
| 		wpa_printf(MSG_INFO, "DPP: TESTING - no Status"); | ||||
| 		status = -1; | ||||
|  | @ -2929,6 +2984,10 @@ static struct wpabuf * dpp_auth_build_conf(struct dpp_authentication *auth, | |||
| 	u8 *wrapped_i_auth; | ||||
| 	u8 *wrapped_r_nonce; | ||||
| 	u8 *attr_start, *attr_end; | ||||
| 	const u8 *r_pubkey_hash, *i_pubkey_hash; | ||||
| #ifdef CONFIG_TESTING_OPTIONS | ||||
| 	u8 test_hash[SHA256_MAC_LEN]; | ||||
| #endif /* CONFIG_TESTING_OPTIONS */ | ||||
| 
 | ||||
| 	wpa_printf(MSG_DEBUG, "DPP: Build Authentication Confirmation"); | ||||
| 
 | ||||
|  | @ -2947,6 +3006,12 @@ static struct wpabuf * dpp_auth_build_conf(struct dpp_authentication *auth, | |||
| 
 | ||||
| 	attr_start = wpabuf_put(msg, 0); | ||||
| 
 | ||||
| 	r_pubkey_hash = auth->peer_bi->pubkey_hash; | ||||
| 	if (auth->own_bi) | ||||
| 		i_pubkey_hash = auth->own_bi->pubkey_hash; | ||||
| 	else | ||||
| 		i_pubkey_hash = NULL; | ||||
| 
 | ||||
| #ifdef CONFIG_TESTING_OPTIONS | ||||
| 	if (dpp_test == DPP_TEST_NO_STATUS_AUTH_CONF) | ||||
| 		goto skip_status; | ||||
|  | @ -2959,31 +3024,48 @@ static struct wpabuf * dpp_auth_build_conf(struct dpp_authentication *auth, | |||
| 
 | ||||
| #ifdef CONFIG_TESTING_OPTIONS | ||||
| skip_status: | ||||
| 	if (dpp_test == DPP_TEST_NO_R_BOOTSTRAP_KEY_HASH_AUTH_CONF) | ||||
| 		goto skip_r_bootstrap_key; | ||||
| 	if (dpp_test == DPP_TEST_NO_R_BOOTSTRAP_KEY_HASH_AUTH_CONF) { | ||||
| 		wpa_printf(MSG_INFO, "DPP: TESTING - no R-Bootstrap Key Hash"); | ||||
| 		r_pubkey_hash = NULL; | ||||
| 	} else if (dpp_test == | ||||
| 		   DPP_TEST_INVALID_R_BOOTSTRAP_KEY_HASH_AUTH_CONF) { | ||||
| 		wpa_printf(MSG_INFO, | ||||
| 			   "DPP: TESTING - invalid R-Bootstrap Key Hash"); | ||||
| 		os_memcpy(test_hash, r_pubkey_hash, SHA256_MAC_LEN); | ||||
| 		test_hash[SHA256_MAC_LEN - 1] ^= 0x01; | ||||
| 		r_pubkey_hash = test_hash; | ||||
| 	} else if (dpp_test == DPP_TEST_NO_I_BOOTSTRAP_KEY_HASH_AUTH_CONF) { | ||||
| 		wpa_printf(MSG_INFO, "DPP: TESTING - no I-Bootstrap Key Hash"); | ||||
| 		i_pubkey_hash = NULL; | ||||
| 	} else if (dpp_test == | ||||
| 		   DPP_TEST_INVALID_I_BOOTSTRAP_KEY_HASH_AUTH_CONF) { | ||||
| 		wpa_printf(MSG_INFO, | ||||
| 			   "DPP: TESTING - invalid I-Bootstrap Key Hash"); | ||||
| 		if (i_pubkey_hash) | ||||
| 			os_memcpy(test_hash, i_pubkey_hash, SHA256_MAC_LEN); | ||||
| 		else | ||||
| 			os_memset(test_hash, 0, SHA256_MAC_LEN); | ||||
| 		test_hash[SHA256_MAC_LEN - 1] ^= 0x01; | ||||
| 		i_pubkey_hash = test_hash; | ||||
| 	} | ||||
| #endif /* CONFIG_TESTING_OPTIONS */ | ||||
| 
 | ||||
| 	/* Responder Bootstrapping Key Hash */ | ||||
| 	wpabuf_put_le16(msg, DPP_ATTR_R_BOOTSTRAP_KEY_HASH); | ||||
| 	wpabuf_put_le16(msg, SHA256_MAC_LEN); | ||||
| 	wpabuf_put_data(msg, auth->peer_bi->pubkey_hash, SHA256_MAC_LEN); | ||||
| 	if (r_pubkey_hash) { | ||||
| 		wpabuf_put_le16(msg, DPP_ATTR_R_BOOTSTRAP_KEY_HASH); | ||||
| 		wpabuf_put_le16(msg, SHA256_MAC_LEN); | ||||
| 		wpabuf_put_data(msg, r_pubkey_hash, SHA256_MAC_LEN); | ||||
| 	} | ||||
| 
 | ||||
| #ifdef CONFIG_TESTING_OPTIONS | ||||
| skip_r_bootstrap_key: | ||||
| 	if (dpp_test == DPP_TEST_NO_I_BOOTSTRAP_KEY_HASH_AUTH_CONF) | ||||
| 		goto skip_i_bootstrap_key; | ||||
| #endif /* CONFIG_TESTING_OPTIONS */ | ||||
| 
 | ||||
| 	if (auth->own_bi) { | ||||
| 	if (i_pubkey_hash) { | ||||
| 		/* Mutual authentication */ | ||||
| 		/* Initiator Bootstrapping Key Hash */ | ||||
| 		wpabuf_put_le16(msg, DPP_ATTR_I_BOOTSTRAP_KEY_HASH); | ||||
| 		wpabuf_put_le16(msg, SHA256_MAC_LEN); | ||||
| 		wpabuf_put_data(msg, auth->own_bi->pubkey_hash, SHA256_MAC_LEN); | ||||
| 		wpabuf_put_data(msg, i_pubkey_hash, SHA256_MAC_LEN); | ||||
| 	} | ||||
| 
 | ||||
| #ifdef CONFIG_TESTING_OPTIONS | ||||
| skip_i_bootstrap_key: | ||||
| 	if (dpp_test == DPP_TEST_NO_WRAPPED_DATA_AUTH_CONF) | ||||
| 		goto skip_wrapped_data; | ||||
| 	if (dpp_test == DPP_TEST_NO_I_AUTH_AUTH_CONF) | ||||
|  |  | |||
|  | @ -295,6 +295,12 @@ enum dpp_test_behavior { | |||
| 	DPP_TEST_AUTH_RESP_IN_PLACE_OF_CONF = 65, | ||||
| 	DPP_TEST_INVALID_I_PROTO_KEY_AUTH_REQ = 66, | ||||
| 	DPP_TEST_INVALID_R_PROTO_KEY_AUTH_RESP = 67, | ||||
| 	DPP_TEST_INVALID_R_BOOTSTRAP_KEY_HASH_AUTH_REQ = 68, | ||||
| 	DPP_TEST_INVALID_I_BOOTSTRAP_KEY_HASH_AUTH_REQ = 69, | ||||
| 	DPP_TEST_INVALID_R_BOOTSTRAP_KEY_HASH_AUTH_RESP = 70, | ||||
| 	DPP_TEST_INVALID_I_BOOTSTRAP_KEY_HASH_AUTH_RESP = 71, | ||||
| 	DPP_TEST_INVALID_R_BOOTSTRAP_KEY_HASH_AUTH_CONF = 72, | ||||
| 	DPP_TEST_INVALID_I_BOOTSTRAP_KEY_HASH_AUTH_CONF = 73, | ||||
| }; | ||||
| 
 | ||||
| extern enum dpp_test_behavior dpp_test; | ||||
|  |  | |||
		Loading…
	
		Reference in a new issue
	
	 Jouni Malinen
						Jouni Malinen