From af7f10fcdf5b5acfd7b5eb650cf8696f42ca2251 Mon Sep 17 00:00:00 2001
From: Jouni Malinen <jouni@qca.qualcomm.com>
Date: Fri, 3 Nov 2017 21:11:00 +0200
Subject: [PATCH] DPP: Protocol testing for invalid Config Resp attribute
 values

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
---
 src/common/dpp.c | 12 ++++++++++++
 src/common/dpp.h |  2 ++
 2 files changed, 14 insertions(+)

diff --git a/src/common/dpp.c b/src/common/dpp.c
index 634010eb7..12a154be9 100644
--- a/src/common/dpp.c
+++ b/src/common/dpp.c
@@ -3801,6 +3801,14 @@ dpp_build_conf_resp(struct dpp_authentication *auth, const u8 *e_nonce,
 		wpa_printf(MSG_INFO, "DPP: TESTING - no E-nonce");
 		goto skip_e_nonce;
 	}
+	if (dpp_test == DPP_TEST_E_NONCE_MISMATCH_CONF_RESP) {
+		wpa_printf(MSG_INFO, "DPP: TESTING - E-nonce mismatch");
+		wpabuf_put_le16(clear, DPP_ATTR_ENROLLEE_NONCE);
+		wpabuf_put_le16(clear, e_nonce_len);
+		wpabuf_put_data(clear, e_nonce, e_nonce_len - 1);
+		wpabuf_put_u8(clear, e_nonce[e_nonce_len - 1] ^ 0x01);
+		goto skip_e_nonce;
+	}
 	if (dpp_test == DPP_TEST_NO_WRAPPED_DATA_CONF_RESP) {
 		wpa_printf(MSG_INFO, "DPP: TESTING - no Wrapped Data");
 		goto skip_wrapped_data;
@@ -3832,6 +3840,10 @@ skip_config_obj:
 		wpa_printf(MSG_INFO, "DPP: TESTING - Status");
 		goto skip_status;
 	}
+	if (dpp_test == DPP_TEST_INVALID_STATUS_CONF_RESP) {
+		wpa_printf(MSG_INFO, "DPP: TESTING - invalid Status");
+		status = 255;
+	}
 #endif /* CONFIG_TESTING_OPTIONS */
 
 	/* DPP Status */
diff --git a/src/common/dpp.h b/src/common/dpp.h
index d26feb3e3..a17404537 100644
--- a/src/common/dpp.h
+++ b/src/common/dpp.h
@@ -276,6 +276,8 @@ enum dpp_test_behavior {
 	DPP_TEST_NO_CONFIG_OBJ_CONF_RESP = 55,
 	DPP_TEST_NO_STATUS_CONF_RESP = 56,
 	DPP_TEST_NO_WRAPPED_DATA_CONF_RESP = 57,
+	DPP_TEST_INVALID_STATUS_CONF_RESP = 58,
+	DPP_TEST_E_NONCE_MISMATCH_CONF_RESP = 59,
 };
 
 extern enum dpp_test_behavior dpp_test;