DPP2: Replace I/R-nonce with C/E-nonce in reconfiguration

These nonces were renamed/replaced in the protocol design, so update
implementation to match.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
This commit is contained in:
Jouni Malinen 2020-09-09 23:06:14 +03:00 committed by Jouni Malinen
parent 99f8506d30
commit 0ebf5aa346
3 changed files with 72 additions and 70 deletions

View file

@ -90,6 +90,7 @@ enum dpp_attribute_id {
DPP_ATTR_CSR_ATTR_REQ = 0x101F, DPP_ATTR_CSR_ATTR_REQ = 0x101F,
DPP_ATTR_A_NONCE = 0x1020, DPP_ATTR_A_NONCE = 0x1020,
DPP_ATTR_E_PRIME_ID = 0x1021, DPP_ATTR_E_PRIME_ID = 0x1021,
DPP_ATTR_CONFIGURATOR_NONCE = 0x1022,
}; };
enum dpp_status_error { enum dpp_status_error {
@ -260,6 +261,7 @@ struct dpp_authentication {
u8 i_nonce[DPP_MAX_NONCE_LEN]; u8 i_nonce[DPP_MAX_NONCE_LEN];
u8 r_nonce[DPP_MAX_NONCE_LEN]; u8 r_nonce[DPP_MAX_NONCE_LEN];
u8 e_nonce[DPP_MAX_NONCE_LEN]; u8 e_nonce[DPP_MAX_NONCE_LEN];
u8 c_nonce[DPP_MAX_NONCE_LEN];
u8 i_capab; u8 i_capab;
u8 r_capab; u8 r_capab;
enum dpp_netrole e_netrole; enum dpp_netrole e_netrole;

View file

@ -2325,10 +2325,10 @@ int dpp_reconfig_derive_ke_responder(struct dpp_authentication *auth,
goto fail; goto fail;
wpa_hexdump_key(MSG_DEBUG, "DPP: M.x", Mx, curve->prime_len); wpa_hexdump_key(MSG_DEBUG, "DPP: M.x", Mx, curve->prime_len);
/* ke = HKDF(I-nonce, "dpp reconfig key", M.x) */ /* ke = HKDF(C-nonce, "dpp reconfig key", M.x) */
/* HKDF-Extract(I-nonce, M.x) */ /* HKDF-Extract(C-nonce, M.x) */
if (dpp_hmac(curve->hash_len, auth->i_nonce, curve->nonce_len, if (dpp_hmac(curve->hash_len, auth->c_nonce, curve->nonce_len,
Mx, curve->prime_len, prk) < 0) Mx, curve->prime_len, prk) < 0)
goto fail; goto fail;
wpa_hexdump_key(MSG_DEBUG, "DPP: PRK", prk, curve->hash_len); wpa_hexdump_key(MSG_DEBUG, "DPP: PRK", prk, curve->hash_len);
@ -2338,7 +2338,7 @@ int dpp_reconfig_derive_ke_responder(struct dpp_authentication *auth,
"dpp reconfig key", auth->ke, curve->hash_len) < 0) "dpp reconfig key", auth->ke, curve->hash_len) < 0)
goto fail; goto fail;
wpa_hexdump_key(MSG_DEBUG, wpa_hexdump_key(MSG_DEBUG,
"DPP: ke = HKDF(I-nonce, \"dpp reconfig key\", M.x)", "DPP: ke = HKDF(C-nonce, \"dpp reconfig key\", M.x)",
auth->ke, curve->hash_len); auth->ke, curve->hash_len);
res = 0; res = 0;
@ -2420,10 +2420,10 @@ int dpp_reconfig_derive_ke_initiator(struct dpp_authentication *auth,
wpa_hexdump_key(MSG_DEBUG, "DPP: M.x", Mx, curve->prime_len); wpa_hexdump_key(MSG_DEBUG, "DPP: M.x", Mx, curve->prime_len);
/* ke = HKDF(I-nonce, "dpp reconfig key", M.x) */ /* ke = HKDF(C-nonce, "dpp reconfig key", M.x) */
/* HKDF-Extract(I-nonce, M.x) */ /* HKDF-Extract(C-nonce, M.x) */
if (dpp_hmac(curve->hash_len, auth->i_nonce, curve->nonce_len, if (dpp_hmac(curve->hash_len, auth->c_nonce, curve->nonce_len,
Mx, curve->prime_len, prk) < 0) Mx, curve->prime_len, prk) < 0)
goto fail; goto fail;
wpa_hexdump_key(MSG_DEBUG, "DPP: PRK", prk, curve->hash_len); wpa_hexdump_key(MSG_DEBUG, "DPP: PRK", prk, curve->hash_len);
@ -2433,7 +2433,7 @@ int dpp_reconfig_derive_ke_initiator(struct dpp_authentication *auth,
"dpp reconfig key", auth->ke, curve->hash_len) < 0) "dpp reconfig key", auth->ke, curve->hash_len) < 0)
goto fail; goto fail;
wpa_hexdump_key(MSG_DEBUG, wpa_hexdump_key(MSG_DEBUG,
"DPP: ke = HKDF(I-nonce, \"dpp reconfig key\", M.x)", "DPP: ke = HKDF(C-nonce, \"dpp reconfig key\", M.x)",
auth->ke, curve->hash_len); auth->ke, curve->hash_len);
res = 0; res = 0;

View file

@ -158,10 +158,10 @@ static struct wpabuf * dpp_reconfig_build_req(struct dpp_authentication *auth)
wpabuf_put_le16(msg, os_strlen(auth->conf->connector)); wpabuf_put_le16(msg, os_strlen(auth->conf->connector));
wpabuf_put_str(msg, auth->conf->connector); wpabuf_put_str(msg, auth->conf->connector);
/* I-nonce */ /* C-nonce */
wpabuf_put_le16(msg, DPP_ATTR_I_NONCE); wpabuf_put_le16(msg, DPP_ATTR_CONFIGURATOR_NONCE);
wpabuf_put_le16(msg, auth->curve->nonce_len); wpabuf_put_le16(msg, auth->curve->nonce_len);
wpabuf_put_data(msg, auth->i_nonce, auth->curve->nonce_len); wpabuf_put_data(msg, auth->c_nonce, auth->curve->nonce_len);
wpa_hexdump_buf(MSG_DEBUG, wpa_hexdump_buf(MSG_DEBUG,
"DPP: Reconfig Authentication Request frame attributes", "DPP: Reconfig Authentication Request frame attributes",
@ -295,8 +295,8 @@ dpp_reconfig_init(struct dpp_global *dpp, void *msg_ctx,
if (dpp_configurator_build_own_connector(conf, curve) < 0) if (dpp_configurator_build_own_connector(conf, curve) < 0)
goto fail; goto fail;
if (random_get_bytes(auth->i_nonce, auth->curve->nonce_len)) { if (random_get_bytes(auth->c_nonce, auth->curve->nonce_len)) {
wpa_printf(MSG_ERROR, "DPP: Failed to generate I-nonce"); wpa_printf(MSG_ERROR, "DPP: Failed to generate C-nonce");
goto fail; goto fail;
} }
@ -331,15 +331,15 @@ static int dpp_reconfig_build_resp(struct dpp_authentication *auth,
if (!clear) if (!clear)
goto fail; goto fail;
/* I-nonce (wrapped) */ /* C-nonce (wrapped) */
wpabuf_put_le16(clear, DPP_ATTR_I_NONCE); wpabuf_put_le16(clear, DPP_ATTR_CONFIGURATOR_NONCE);
wpabuf_put_le16(clear, auth->curve->nonce_len); wpabuf_put_le16(clear, auth->curve->nonce_len);
wpabuf_put_data(clear, auth->i_nonce, auth->curve->nonce_len); wpabuf_put_data(clear, auth->c_nonce, auth->curve->nonce_len);
/* R-nonce (wrapped) */ /* E-nonce (wrapped) */
wpabuf_put_le16(clear, DPP_ATTR_R_NONCE); wpabuf_put_le16(clear, DPP_ATTR_ENROLLEE_NONCE);
wpabuf_put_le16(clear, auth->curve->nonce_len); wpabuf_put_le16(clear, auth->curve->nonce_len);
wpabuf_put_data(clear, auth->r_nonce, auth->curve->nonce_len); wpabuf_put_data(clear, auth->e_nonce, auth->curve->nonce_len);
/* Connection Status (wrapped) */ /* Connection Status (wrapped) */
wpabuf_put_le16(clear, DPP_ATTR_CONN_STATUS); wpabuf_put_le16(clear, DPP_ATTR_CONN_STATUS);
@ -392,7 +392,7 @@ static int dpp_reconfig_build_resp(struct dpp_authentication *auth,
len[1] = attr_end - attr_start; len[1] = attr_end - attr_start;
wpa_hexdump(MSG_DEBUG, "DDP: AES-SIV AD[1]", addr[1], len[1]); wpa_hexdump(MSG_DEBUG, "DDP: AES-SIV AD[1]", addr[1], len[1]);
/* Wrapped Data: {I-nonce, R-nonce, Connection Status}ke */ /* Wrapped Data: {C-nonce, E-nonce, Connection Status}ke */
wpabuf_put_le16(msg, DPP_ATTR_WRAPPED_DATA); wpabuf_put_le16(msg, DPP_ATTR_WRAPPED_DATA);
wpabuf_put_le16(msg, wpabuf_len(clear) + AES_BLOCK_SIZE); wpabuf_put_le16(msg, wpabuf_len(clear) + AES_BLOCK_SIZE);
wrapped = wpabuf_put(msg, wpabuf_len(clear) + AES_BLOCK_SIZE); wrapped = wpabuf_put(msg, wpabuf_len(clear) + AES_BLOCK_SIZE);
@ -430,8 +430,8 @@ dpp_reconfig_auth_req_rx(struct dpp_global *dpp, void *msg_ctx,
const u8 *attr_start, size_t attr_len) const u8 *attr_start, size_t attr_len)
{ {
struct dpp_authentication *auth = NULL; struct dpp_authentication *auth = NULL;
const u8 *trans_id, *version, *i_connector, *i_nonce; const u8 *trans_id, *version, *i_connector, *c_nonce;
u16 trans_id_len, version_len, i_connector_len, i_nonce_len; u16 trans_id_len, version_len, i_connector_len, c_nonce_len;
struct dpp_signed_connector_info info; struct dpp_signed_connector_info info;
enum dpp_status_error res; enum dpp_status_error res;
struct json_token *root = NULL, *own_root = NULL, *token; struct json_token *root = NULL, *own_root = NULL, *token;
@ -465,14 +465,14 @@ dpp_reconfig_auth_req_rx(struct dpp_global *dpp, void *msg_ctx,
wpa_hexdump_ascii(MSG_DEBUG, "DPP: I-Connector", wpa_hexdump_ascii(MSG_DEBUG, "DPP: I-Connector",
i_connector, i_connector_len); i_connector, i_connector_len);
i_nonce = dpp_get_attr(attr_start, attr_len, DPP_ATTR_I_NONCE, c_nonce = dpp_get_attr(attr_start, attr_len,
&i_nonce_len); DPP_ATTR_CONFIGURATOR_NONCE, &c_nonce_len);
if (!i_nonce || i_nonce_len > DPP_MAX_NONCE_LEN) { if (!c_nonce || c_nonce_len > DPP_MAX_NONCE_LEN) {
wpa_printf(MSG_DEBUG, wpa_printf(MSG_DEBUG,
"DPP: Missing or invalid I-Nonce attribute"); "DPP: Missing or invalid C-nonce attribute");
goto fail; goto fail;
} }
wpa_hexdump(MSG_DEBUG, "DPP: I-Nonce", i_nonce, i_nonce_len); wpa_hexdump(MSG_DEBUG, "DPP: C-nonce", c_nonce, c_nonce_len);
res = dpp_check_signed_connector(&info, csign_key, csign_key_len, res = dpp_check_signed_connector(&info, csign_key, csign_key_len,
i_connector, i_connector_len); i_connector, i_connector_len);
@ -519,25 +519,25 @@ dpp_reconfig_auth_req_rx(struct dpp_global *dpp, void *msg_ctx,
wpa_printf(MSG_DEBUG, "DPP: Peer protocol version %u", wpa_printf(MSG_DEBUG, "DPP: Peer protocol version %u",
auth->peer_version); auth->peer_version);
os_memcpy(auth->i_nonce, i_nonce, i_nonce_len); os_memcpy(auth->c_nonce, c_nonce, c_nonce_len);
if (dpp_reconfig_derive_ke_responder(auth, net_access_key, if (dpp_reconfig_derive_ke_responder(auth, net_access_key,
net_access_key_len, token) < 0) net_access_key_len, token) < 0)
goto fail; goto fail;
if (i_nonce_len != auth->curve->nonce_len) { if (c_nonce_len != auth->curve->nonce_len) {
wpa_printf(MSG_DEBUG, wpa_printf(MSG_DEBUG,
"DPP: Unexpected I-nonce length %u (curve nonce len %zu)", "DPP: Unexpected C-nonce length %u (curve nonce len %zu)",
i_nonce_len, auth->curve->nonce_len); c_nonce_len, auth->curve->nonce_len);
goto fail; goto fail;
} }
if (random_get_bytes(auth->r_nonce, auth->curve->nonce_len)) { if (random_get_bytes(auth->e_nonce, auth->curve->nonce_len)) {
wpa_printf(MSG_ERROR, "DPP: Failed to generate R-nonce"); wpa_printf(MSG_ERROR, "DPP: Failed to generate E-nonce");
goto fail; goto fail;
} }
wpa_hexdump_key(MSG_DEBUG, "DPP: R-nonce", wpa_hexdump_key(MSG_DEBUG, "DPP: E-nonce",
auth->r_nonce, auth->curve->nonce_len); auth->e_nonce, auth->curve->nonce_len);
/* Build Connection Status object */ /* Build Connection Status object */
/* TODO: Get appropriate result value */ /* TODO: Get appropriate result value */
@ -590,15 +590,15 @@ dpp_reconfig_build_conf(struct dpp_authentication *auth)
wpabuf_put_le16(clear, 1); wpabuf_put_le16(clear, 1);
wpabuf_put_u8(clear, auth->peer_version); wpabuf_put_u8(clear, auth->peer_version);
/* I-nonce (wrapped) */ /* C-nonce (wrapped) */
wpabuf_put_le16(clear, DPP_ATTR_I_NONCE); wpabuf_put_le16(clear, DPP_ATTR_CONFIGURATOR_NONCE);
wpabuf_put_le16(clear, auth->curve->nonce_len); wpabuf_put_le16(clear, auth->curve->nonce_len);
wpabuf_put_data(clear, auth->i_nonce, auth->curve->nonce_len); wpabuf_put_data(clear, auth->c_nonce, auth->curve->nonce_len);
/* R-nonce (wrapped) */ /* E-nonce (wrapped) */
wpabuf_put_le16(clear, DPP_ATTR_R_NONCE); wpabuf_put_le16(clear, DPP_ATTR_ENROLLEE_NONCE);
wpabuf_put_le16(clear, auth->curve->nonce_len); wpabuf_put_le16(clear, auth->curve->nonce_len);
wpabuf_put_data(clear, auth->r_nonce, auth->curve->nonce_len); wpabuf_put_data(clear, auth->e_nonce, auth->curve->nonce_len);
/* Reconfig-Flags (wrapped) */ /* Reconfig-Flags (wrapped) */
flags = DPP_CONFIG_REPLACEKEY; flags = DPP_CONFIG_REPLACEKEY;
@ -659,9 +659,9 @@ dpp_reconfig_auth_resp_rx(struct dpp_authentication *auth, const u8 *hdr,
const u8 *attr_start, size_t attr_len) const u8 *attr_start, size_t attr_len)
{ {
const u8 *trans_id, *version, *r_connector, *r_proto, *wrapped_data, const u8 *trans_id, *version, *r_connector, *r_proto, *wrapped_data,
*i_nonce, *r_nonce, *conn_status; *c_nonce, *e_nonce, *conn_status;
u16 trans_id_len, version_len, r_connector_len, r_proto_len, u16 trans_id_len, version_len, r_connector_len, r_proto_len,
wrapped_data_len, i_nonce_len, r_nonce_len, conn_status_len; wrapped_data_len, c_nonce_len, e_nonce_len, conn_status_len;
struct wpabuf *conf = NULL; struct wpabuf *conf = NULL;
char *signed_connector = NULL; char *signed_connector = NULL;
struct dpp_signed_connector_info info; struct dpp_signed_connector_info info;
@ -787,23 +787,23 @@ dpp_reconfig_auth_resp_rx(struct dpp_authentication *auth, const u8 *hdr,
goto fail; goto fail;
} }
i_nonce = dpp_get_attr(unwrapped, unwrapped_len, DPP_ATTR_I_NONCE, c_nonce = dpp_get_attr(unwrapped, unwrapped_len,
&i_nonce_len); DPP_ATTR_CONFIGURATOR_NONCE, &c_nonce_len);
if (!i_nonce || i_nonce_len != auth->curve->nonce_len || if (!c_nonce || c_nonce_len != auth->curve->nonce_len ||
os_memcmp(i_nonce, auth->i_nonce, i_nonce_len) != 0) { os_memcmp(c_nonce, auth->c_nonce, c_nonce_len) != 0) {
dpp_auth_fail(auth, "Missing or invalid I-nonce"); dpp_auth_fail(auth, "Missing or invalid C-nonce");
goto fail; goto fail;
} }
wpa_hexdump(MSG_DEBUG, "DPP: I-nonce", i_nonce, i_nonce_len); wpa_hexdump(MSG_DEBUG, "DPP: C-nonce", c_nonce, c_nonce_len);
r_nonce = dpp_get_attr(unwrapped, unwrapped_len, DPP_ATTR_R_NONCE, e_nonce = dpp_get_attr(unwrapped, unwrapped_len,
&r_nonce_len); DPP_ATTR_ENROLLEE_NONCE, &e_nonce_len);
if (!r_nonce || r_nonce_len != auth->curve->nonce_len) { if (!e_nonce || e_nonce_len != auth->curve->nonce_len) {
dpp_auth_fail(auth, "Missing or invalid R-nonce"); dpp_auth_fail(auth, "Missing or invalid E-nonce");
goto fail; goto fail;
} }
wpa_hexdump(MSG_DEBUG, "DPP: R-nonce", r_nonce, r_nonce_len); wpa_hexdump(MSG_DEBUG, "DPP: E-nonce", e_nonce, e_nonce_len);
os_memcpy(auth->r_nonce, r_nonce, r_nonce_len); os_memcpy(auth->e_nonce, e_nonce, e_nonce_len);
conn_status = dpp_get_attr(unwrapped, unwrapped_len, conn_status = dpp_get_attr(unwrapped, unwrapped_len,
DPP_ATTR_CONN_STATUS, &conn_status_len); DPP_ATTR_CONN_STATUS, &conn_status_len);
@ -843,10 +843,10 @@ fail:
int dpp_reconfig_auth_conf_rx(struct dpp_authentication *auth, const u8 *hdr, int dpp_reconfig_auth_conf_rx(struct dpp_authentication *auth, const u8 *hdr,
const u8 *attr_start, size_t attr_len) const u8 *attr_start, size_t attr_len)
{ {
const u8 *trans_id, *version, *wrapped_data, *i_nonce, *r_nonce, const u8 *trans_id, *version, *wrapped_data, *c_nonce, *e_nonce,
*reconfig_flags, *status; *reconfig_flags, *status;
u16 trans_id_len, version_len, wrapped_data_len, i_nonce_len, u16 trans_id_len, version_len, wrapped_data_len, c_nonce_len,
r_nonce_len, reconfig_flags_len, status_len; e_nonce_len, reconfig_flags_len, status_len;
const u8 *addr[2]; const u8 *addr[2];
size_t len[2]; size_t len[2];
u8 *unwrapped = NULL; u8 *unwrapped = NULL;
@ -925,23 +925,23 @@ int dpp_reconfig_auth_conf_rx(struct dpp_authentication *auth, const u8 *hdr,
goto fail; goto fail;
} }
i_nonce = dpp_get_attr(unwrapped, unwrapped_len, DPP_ATTR_I_NONCE, c_nonce = dpp_get_attr(unwrapped, unwrapped_len,
&i_nonce_len); DPP_ATTR_CONFIGURATOR_NONCE, &c_nonce_len);
if (!i_nonce || i_nonce_len != auth->curve->nonce_len || if (!c_nonce || c_nonce_len != auth->curve->nonce_len ||
os_memcmp(i_nonce, auth->i_nonce, i_nonce_len) != 0) { os_memcmp(c_nonce, auth->c_nonce, c_nonce_len) != 0) {
dpp_auth_fail(auth, "Missing or invalid I-nonce"); dpp_auth_fail(auth, "Missing or invalid C-nonce");
goto fail; goto fail;
} }
wpa_hexdump(MSG_DEBUG, "DPP: I-nonce", i_nonce, i_nonce_len); wpa_hexdump(MSG_DEBUG, "DPP: C-nonce", c_nonce, c_nonce_len);
r_nonce = dpp_get_attr(unwrapped, unwrapped_len, DPP_ATTR_R_NONCE, e_nonce = dpp_get_attr(unwrapped, unwrapped_len,
&r_nonce_len); DPP_ATTR_ENROLLEE_NONCE, &e_nonce_len);
if (!r_nonce || r_nonce_len != auth->curve->nonce_len || if (!e_nonce || e_nonce_len != auth->curve->nonce_len ||
os_memcmp(r_nonce, auth->r_nonce, r_nonce_len) != 0) { os_memcmp(e_nonce, auth->e_nonce, e_nonce_len) != 0) {
dpp_auth_fail(auth, "Missing or invalid R-nonce"); dpp_auth_fail(auth, "Missing or invalid E-nonce");
goto fail; goto fail;
} }
wpa_hexdump(MSG_DEBUG, "DPP: R-nonce", r_nonce, r_nonce_len); wpa_hexdump(MSG_DEBUG, "DPP: E-nonce", e_nonce, e_nonce_len);
reconfig_flags = dpp_get_attr(unwrapped, unwrapped_len, reconfig_flags = dpp_get_attr(unwrapped, unwrapped_len,
DPP_ATTR_RECONFIG_FLAGS, DPP_ATTR_RECONFIG_FLAGS,