Commit graph

87 commits

Author SHA1 Message Date
Jouni Malinen
116454f460 DPP: Fix error return value in dpp_auth_conf_rx()
Commit 03abb6b541 ('DPP: Reject unexpected
Req/Resp message based on Auth/PKEX role') used incorrect type of error
value (NULL vs. -1). Fix that.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-23 20:20:39 +02:00
Jouni Malinen
e3a5882b3e DPP: Add SAE credential support to Configurator
The new conf={sta,ap}-{sae,psk-sae} parameter values can now be used to
specify that the legacy configuration object is for SAE.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-22 21:24:08 +02:00
Jouni Malinen
5dd745b738 DPP: Add akm=sae and akm=psk+sae support in Enrollee role
This allows DPP to be used for enrolling credentials for SAE networks in
addition to the legacy PSK (WPA-PSK) case. In addition, enable FT-PSK
and FT-SAE cases automatically.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-22 21:23:51 +02:00
Jouni Malinen
a444673957 DPP: Protocol testing capability to send invalid I-Nonce in Auth Req
Extend dpp_test to cover one more invalid behavior.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-22 16:23:42 +02:00
Jouni Malinen
4b8de0c929 DPP: Protocol testing for invalid Peer Discovery Req/Resp values
Extend dpp_test to allow more invalid attribute values to be written
into Peer Discovery Request/Response frames.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-19 17:15:02 +02:00
Jouni Malinen
3f35ec2dc3 DPP: Protocol testing for invalid DPP Status value
Extend dpp_test to cover cases where DPP Status value is invalid in
Authentication Response/Confirm frames.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-19 14:13:16 +02:00
Jouni Malinen
9efa531499 DPP: Use helper functions to build Bootstrap Key Hash attributes
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-19 12:41:57 +02:00
Jouni Malinen
acdf703d50 DPP: Replace custom undefined attr with DPP Status in after-wrapped data
This has the same impact and is needed for some testing needs.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-19 12:32:00 +02:00
Jouni Malinen
56f24d1da0 DPP: Use a helper function to build DPP Status attribute
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-19 12:27:14 +02:00
Jouni Malinen
65ecce87fd DPP: Protocol testing for writing invalid I/R Bootstrap Key Hash
Extend dpp_test to cover cases where Initiator/Responder Bootstrap Key
Hash value in DPP Authentication frames is invalid (flip one bit).

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-19 11:32:02 +02:00
Jouni Malinen
b6b4226bdd DPP: Protocol testing capability to generate invalid Protocol Key
This extends dpp_test to allow invalid Initiator/Responder Protocol Key
to be written into the Authentication Request/Response frame.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-19 00:11:44 +02:00
Jouni Malinen
94619905c8 DPP: Fix dpp_test_gen_invalid_key() with BoringSSL
Unlike OpenSSL, BoringSSL returns an error from
EC_POINT_set_affine_coordinates_GFp() is not on the curve. As such, need
to behave differently here depending on which library is used.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-18 17:50:08 +02:00
Jouni Malinen
746c1792ac DPP: Build bootstrapping key DER encoding using custom routine
While the OpenSSL version of i2d_EC_PUBKEY() seemed to be able to use
the POINT_CONVERSION_COMPRESSED setting on the EC key, that did not seem
to work with BoringSSL. Since this is not exactly robust design, replace
use of i2d_EC_PUBKEY() with a custom routine that enforces the DPP rules
on SubjectPublicKeyInfo (compressed format of the public key,
ecPublicKey OID, parameters present and indicating the curve by OID).

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-18 17:50:02 +02:00
Jouni Malinen
f2d27ef94c DPP: Use a helper function to DER encode bootstrapping key
This routine was previously implemented twice using i2d_EC_PUBKEY().
There is no need to duplicate that implementation and especially since
it looks like this implementation needs to be replaced for BoringSSL,
start by using a shared helper function for both locations so that there
is only a single place that uses i2d_EC_PUBKEY() to build the special
DPP bootstrapping key DER encoding.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-18 12:14:21 +02:00
Jouni Malinen
5548453a2d BoringSSL: Add DPP special cases regardless of claimed version number
It looks like BoringSSL claims to have OPENSSL_VERSION_NUMBER for a
1.1.0 version, but it does not provide ECDSA_SIG_set0() or
ECDSA_SIG_get0(). For now, add the helper functions regardless of the
version BoringSSL claims to be. Similarly, include the X509_ALGOR_get0()
workaround unconditionally for BoringSSL.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-17 20:44:42 +02:00
Masashi Honma
4109555ef7 DPP: Fix compiler warning of testing code
../src/common/dpp.c: In function 'dpp_test_gen_invalid_key':
../src/common/dpp.c:5531:10: warning: return makes integer from pointer without a cast [-Wint-conversion]
   return NULL;
          ^

Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
2017-11-14 18:22:58 +02:00
Jouni Malinen
762fb4f066 DPP: Testing capability to send unexpected Authentication Response
This is for protocol testing to check what happens if the Responser
receives an unexpected Authentication Response instead of Authentication
Confirm.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-13 12:55:56 +02:00
Jouni Malinen
03abb6b541 DPP: Reject unexpected Req/Resp message based on Auth/PKEX role
This prevents issues where an unexpected message in the DPP
Authentication exchange or PKEX could result in undefined behavior.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-13 12:55:56 +02:00
Jouni Malinen
95b0104a34 DPP: Retransmit DPP Authentication Response frame if it is not ACKed
This extends wpa_supplicant DPP implementation to retransmit DPP
Authentication Response frame every 10 seconds up to 5 times if the peer
does not reply with DPP Authentication Confirm frame.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-13 12:35:26 +02:00
Jouni Malinen
d1f082644c DPP: Allowed initiator to indicate either role
The new role=either parameter can now be used with DPP_AUTH_INIT to
indicate that the initiator can take either the Configurator or Enrollee
role.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-13 11:45:05 +02:00
Jouni Malinen
f97ace34cb DPP: Support multiple channels for initiating DPP Authentication
This extends wpa_supplicant to iterate over all available channels from
the intersection of what the peer indicates and the local device
supports when initiating DPP Authentication. In addition, retry DPP
Authentication Request frame up to five times if no response is
received.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-13 11:45:05 +02:00
Jouni Malinen
af7f10fcdf DPP: Protocol testing for invalid Config Resp attribute values
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-03 21:14:08 +02:00
Jouni Malinen
8c99e6264a DPP: Report Config Request/Response failure reasons on control interface
This provides more details of failures to upper layer components.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-03 21:04:17 +02:00
Jouni Malinen
f411ad1b86 DPP: Protocol testing to remove attributes from Config Req/Resp
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-03 21:04:17 +02:00
Jouni Malinen
7e0ebe21b0 DPP: Protocol testing - invalid I/R-Auth value in PKEX Commit-Reveal
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-03 20:18:24 +02:00
Jouni Malinen
89d0bf6783 DPP: Protocol testing - invalid Bootstrap Key value in PKEX Commit-Reveal
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-03 19:59:47 +02:00
Jouni Malinen
f31ef96dc3 DPP: Protocol testing - invalid Status value in PKEX Exchange Response
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-03 19:59:47 +02:00
Jouni Malinen
d05c82c4d0 DPP: Move PKEX z derivation on Responder to earlier phase
K and z can be derived already based on information available at the
time the PKEX Exchange Request is being processed, so move these there
from the PKEX Commit-Reveal Request processing since that matches the
DPP tech spec description close and allows PKEX exchange to be aborted
earlier if anything unexpected happens.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-03 19:59:47 +02:00
Jouni Malinen
578c9ea1ab DPP: Fix a typo in a debug print
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-03 19:59:47 +02:00
Jouni Malinen
5f5fff4363 DPP: Explicitly check that PKEX Qr is not the point-at-infinity
This was already done for Qi, but the same needs to be done for Qr as
well.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-03 19:59:47 +02:00
Jouni Malinen
29ab69e4b0 DPP: PKEX counter t
Add limit on number of failed attempts that could have used PKEX code.
If the limit (5) is reached, drop the PKEX state (including the code)
and report this on the control interface to indicate that a new code
needs to be entered due to possible attack.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-03 19:59:46 +02:00
Jouni Malinen
039b8e7369 DPP: Terminate PKEX exchange on detection of a mismatching code
Clean up the pending PKEX exchange if Commit-Reveal Request processing
indicates a mismatch in the PKEX code. Previously, the this case was
silently ignored and the session was left in pending state that
prevented new PKEX exchanges from getting initated. Now, a new attempt
is allowed to be initiated.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-03 19:59:46 +02:00
Jouni Malinen
fc0efa2a1e DPP: Use dpp_bn2bin_pad() helper to simplify code
Number of places writing BIGNUM values with left-padding were open
coding this helper functionality unnecessarily.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-03 19:59:46 +02:00
Jouni Malinen
e0247e7983 DPP: PKEX and STATUS_BAD_GROUP
Report mismatching finite cyclic group with PKEX Exchange Response using
STATUS_BAD_GROUP and provide more detailed error report over the control
interface on the peer device when this happens.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-03 19:59:46 +02:00
Jouni Malinen
2265353a4f DPP: Remove obsolete TODO comment on discovery object
The optional channel information was removed from the discovery object
in the DPP tech spec, so no need to maintain this TODO note anymore.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-03 19:59:46 +02:00
Jouni Malinen
1cfcbd32ac DPP: Testing capability to generate invalid PKEX encrypted key (M and N)
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-03 19:59:46 +02:00
Jouni Malinen
d7e7b7122e DPP: Report PKEX failure reasons over control interface
This provides more information to upper layer software to report failure
reasons on the UI.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-03 19:59:46 +02:00
Jouni Malinen
61f9f27f80 DPP: Extend protocol testing to cover missing attributes in PKEX
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-02 23:53:55 +02:00
Jouni Malinen
b3e4cc5cbb DPP: Move PKEX Commit-Reveal Response building to a helper function
This cleans up dpp_pkex_rx_commit_reveal_req() a bit and makes it easier
to add protocol testing functionality to PKEX exchange similarly to the
previously added DPP Authentication case.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-02 21:34:51 +02:00
Jouni Malinen
b0626c2a6b DPP: Move PKEX Commit-Reveal Request building to a helper function
This cleans up dpp_pkex_rx_exchange_resp() a bit and makes it easier to
add protocol testing functionality to PKEX exchange similarly to the
previously added DPP Authentication case.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-02 21:34:50 +02:00
Jouni Malinen
a5c3b41b2f DPP: Move PKEX Exchange Response building to a helper function
This cleans up dpp_pkex_rx_exchange_req() a bit and makes it easier to
add protocol testing functionality to PKEX exchange similarly to the
previously added DPP Authentication case.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-02 21:34:17 +02:00
Jouni Malinen
60b9dd86fd DPP: Fix couple of typos in debug messages
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-02 21:34:03 +02:00
Jouni Malinen
219d4c9fcb DPP: Report possible PKEX code mismatch in control interface
Indicate to upper layers if PKEX Commit-Reveal Request frame AES-SIV
decryption fails. That is a likely sign of the PKEX code mismatch
between the devices.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-02 12:25:35 +02:00
Jouni Malinen
d270920692 DPP: Negotiation channel change request from Initiator
Allow the Initiator to request a different channel to be used for DPP
Authentication and DPP Configuration exchanges. This commit adds support
for this in wpa_supplicant with the optional neg_freq=<freq in MHz>
parameter in DPP_AUTH_INIT.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-10-29 16:08:02 +02:00
Jouni Malinen
e85b660129 DPP: Add DPP Status attribute into Peer Discovery Response
This was added in DPP tech spec v0.2.7 to allow result of network
introduction to be reported.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-10-29 12:16:15 +02:00
Jouni Malinen
19ef4289ca DPP: Process Authentication Confirm failure cases
Process Authentication Confirm with the two failure cases defined in the
spec: STATUS_NOT_COMPATIBLE and STATUS_AUTH_FAILURE. This verifies the
{R-nonce}k2 part and reports more detailed failure reason if the message
is valid.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-10-28 17:44:14 +03:00
Jouni Malinen
7d917ab048 DPP: Send Authentication Confirm failure reports
If Authentication Response processing fails due to R-capab
incompatibility or R-auth mismatch, send Authentication Confirm with
error status.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-10-28 17:44:14 +03:00
Jouni Malinen
978bc3f2af DPP: Auth Resp/Conf incorrect attribute values for protocol testing
This extends the dpp_test mechanism to allow I-nonce, R-capab, R-auth,
and I-auth values in Authentication Response/Confirm to use incorrect
values.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-10-28 17:44:10 +03:00
Jouni Malinen
9b51112031 DPP: Allow Responder to decide not to use mutual authentication
Previously, Initiator decided whether to use mutual authentication on
its own based on having own and peer bootstrapping info. This prevented
Responder from selecting not to use mutual authentication in such a
case. Fix this by allowed Initiator to fall back to non-mutual
authentication based on Responder choice if the bootstrapping mechanism
allows this (PKEX does not; it mandates use of mutual authentication).

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-10-27 16:09:51 +03:00
Jouni Malinen
dcdaeab79c DPP: Report Auth Conf failures in control interface
This is useful for protocol testing purposes and UI needs to display
more detailed information about DPP exchanges.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-10-27 16:09:51 +03:00