DPP: Auth Resp/Conf incorrect attribute values for protocol testing
This extends the dpp_test mechanism to allow I-nonce, R-capab, R-auth, and I-auth values in Authentication Response/Confirm to use incorrect values. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This commit is contained in:
Jouni Malinen
Jouni Malinen
parent
f7380b47a1
commit
978bc3f2af
|
|
@ -1578,6 +1578,12 @@ static struct wpabuf * dpp_auth_build_resp(struct dpp_authentication *auth,
|
|||
WPA_PUT_LE16(pos, nonce_len);
|
||||
pos += 2;
|
||||
os_memcpy(pos, i_nonce, nonce_len);
|
||||
#ifdef CONFIG_TESTING_OPTIONS
|
||||
if (dpp_test == DPP_TEST_I_NONCE_MISMATCH_AUTH_RESP) {
|
||||
wpa_printf(MSG_INFO, "DPP: TESTING - I-nonce mismatch");
|
||||
pos[nonce_len / 2] ^= 0x01;
|
||||
}
|
||||
#endif /* CONFIG_TESTING_OPTIONS */
|
||||
pos += nonce_len;
|
||||
}
|
||||
|
||||
|
|
@ -1600,6 +1606,11 @@ static struct wpabuf * dpp_auth_build_resp(struct dpp_authentication *auth,
|
|||
if (dpp_test == DPP_TEST_ZERO_R_CAPAB) {
|
||||
wpa_printf(MSG_INFO, "DPP: TESTING - zero R-capabilities");
|
||||
pos[-1] = 0;
|
||||
} else if (dpp_test == DPP_TEST_INCOMPATIBLE_R_CAPAB_AUTH_RESP) {
|
||||
wpa_printf(MSG_INFO,
|
||||
"DPP: TESTING - incompatible R-capabilities");
|
||||
pos[-1] = auth->configurator ? DPP_CAPAB_ENROLLEE :
|
||||
DPP_CAPAB_CONFIGURATOR;
|
||||
}
|
||||
skip_r_capab:
|
||||
#endif /* CONFIG_TESTING_OPTIONS */
|
||||
|
|
@ -2214,8 +2225,15 @@ static int dpp_auth_build_resp_ok(struct dpp_authentication *auth)
|
|||
/* R-auth = H(I-nonce | R-nonce | PI.x | PR.x | [BI.x |] BR.x | 0) */
|
||||
WPA_PUT_LE16(r_auth, DPP_ATTR_R_AUTH_TAG);
|
||||
WPA_PUT_LE16(&r_auth[2], auth->curve->hash_len);
|
||||
if (dpp_gen_r_auth(auth, r_auth + 4) < 0 ||
|
||||
aes_siv_encrypt(auth->ke, auth->curve->hash_len,
|
||||
if (dpp_gen_r_auth(auth, r_auth + 4) < 0)
|
||||
goto fail;
|
||||
#ifdef CONFIG_TESTING_OPTIONS
|
||||
if (dpp_test == DPP_TEST_R_AUTH_MISMATCH_AUTH_RESP) {
|
||||
wpa_printf(MSG_INFO, "DPP: TESTING - R-auth mismatch");
|
||||
r_auth[4 + auth->curve->hash_len / 2] ^= 0x01;
|
||||
}
|
||||
#endif /* CONFIG_TESTING_OPTIONS */
|
||||
if (aes_siv_encrypt(auth->ke, auth->curve->hash_len,
|
||||
r_auth, 4 + auth->curve->hash_len,
|
||||
0, NULL, NULL, wrapped_r_auth) < 0)
|
||||
goto fail;
|
||||
|
|
@ -2645,6 +2663,10 @@ skip_i_bootstrap_key:
|
|||
goto fail;
|
||||
|
||||
#ifdef CONFIG_TESTING_OPTIONS
|
||||
if (dpp_test == DPP_TEST_I_AUTH_MISMATCH_AUTH_CONF) {
|
||||
wpa_printf(MSG_INFO, "DPP: TESTING - I-auth mismatch");
|
||||
i_auth[4 + auth->curve->hash_len / 2] ^= 0x01;
|
||||
}
|
||||
skip_i_auth:
|
||||
#endif /* CONFIG_TESTING_OPTIONS */
|
||||
if (aes_siv_encrypt(auth->ke, auth->curve->hash_len,
|
||||
|
|
|
|||
|
|
@ -236,6 +236,10 @@ enum dpp_test_behavior {
|
|||
DPP_TEST_NO_I_BOOTSTRAP_KEY_HASH_AUTH_CONF = 27,
|
||||
DPP_TEST_NO_I_AUTH_AUTH_CONF = 28,
|
||||
DPP_TEST_NO_WRAPPED_DATA_AUTH_CONF = 29,
|
||||
DPP_TEST_I_NONCE_MISMATCH_AUTH_RESP = 30,
|
||||
DPP_TEST_INCOMPATIBLE_R_CAPAB_AUTH_RESP = 31,
|
||||
DPP_TEST_R_AUTH_MISMATCH_AUTH_RESP = 32,
|
||||
DPP_TEST_I_AUTH_MISMATCH_AUTH_CONF = 33,
|
||||
};
|
||||
|
||||
extern enum dpp_test_behavior dpp_test;
|
||||
|
|
|
|||
Loading…
Reference in a new issue