DPP: Allow version number to be overridden for testing purposes

"SET dpp_version_override <ver>" can now be used to request wpa_supplicant and hostapd to support a subset of DPP versions. In practice, the only valid case for now is to fall back from DPP version 2 support to version 1 in builds that include CONFIG_DPP2=y. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-05-01 21:07:42 +03:00 · 2020-05-01 21:07:42 +03:00 · 12c8eacf73
commit 12c8eacf73
parent c3c38bc8b9
12 changed files with 63 additions and 24 deletions
--- a/src/ap/dpp_hostapd.c
+++ b/src/ap/dpp_hostapd.c
@ -1286,10 +1286,12 @@ skip_connector:
 #endif /* CONFIG_TESTING_OPTIONS */

 #ifdef CONFIG_DPP2
-	/* Protocol Version */
-	wpabuf_put_le16(msg, DPP_ATTR_PROTOCOL_VERSION);
-	wpabuf_put_le16(msg, 1);
-	wpabuf_put_u8(msg, 2);
+	if (DPP_VERSION > 1) {
+		/* Protocol Version */
+		wpabuf_put_le16(msg, DPP_ATTR_PROTOCOL_VERSION);
+		wpabuf_put_le16(msg, 1);
+		wpabuf_put_u8(msg, DPP_VERSION);
+	}
 #endif /* CONFIG_DPP2 */

 	wpa_printf(MSG_DEBUG, "DPP: Send Peer Discovery Response to " MACSTR
--- a/src/ap/ieee802_11.c
+++ b/src/ap/ieee802_11.c
@ -3365,7 +3365,8 @@ static int check_assoc_ies(struct hostapd_data *hapd, struct sta_info *sta,
 		dpp_pfs_free(sta->dpp_pfs);
 		sta->dpp_pfs = NULL;

-		if ((hapd->conf->wpa_key_mgmt & WPA_KEY_MGMT_DPP) &&
+		if (DPP_VERSION > 1 &&
+		    (hapd->conf->wpa_key_mgmt & WPA_KEY_MGMT_DPP) &&
 		    hapd->conf->dpp_netaccesskey && sta->wpa_sm &&
 		    wpa_auth_sta_key_mgmt(sta->wpa_sm) == WPA_KEY_MGMT_DPP &&
 		    elems.owe_dh) {
@ -3843,7 +3844,7 @@ rsnxe_done:
 #endif /* CONFIG_OWE */

 #ifdef CONFIG_DPP2
-	if ((hapd->conf->wpa_key_mgmt & WPA_KEY_MGMT_DPP) &&
+	if (DPP_VERSION > 1 && (hapd->conf->wpa_key_mgmt & WPA_KEY_MGMT_DPP) &&
 	    sta && sta->dpp_pfs && status_code == WLAN_STATUS_SUCCESS &&
 	    wpa_auth_sta_key_mgmt(sta->wpa_sm) == WPA_KEY_MGMT_DPP) {
 		os_memcpy(p, wpabuf_head(sta->dpp_pfs->ie),
--- a/src/ap/wpa_auth.c
+++ b/src/ap/wpa_auth.c
@ -14,6 +14,7 @@
 #include "utils/bitfield.h"
 #include "common/ieee802_11_defs.h"
 #include "common/ocv.h"
+#include "common/dpp.h"
 #include "crypto/aes.h"
 #include "crypto/aes_wrap.h"
 #include "crypto/aes_siv.h"
@ -3080,7 +3081,7 @@ SM_STATE(WPA_PTK, PTKCALCNEGOTIATING)
 #endif /* CONFIG_P2P */

 #ifdef CONFIG_DPP2
-	if (kde.dpp_kde) {
+	if (DPP_VERSION > 1 && kde.dpp_kde) {
 		wpa_printf(MSG_DEBUG,
 			   "DPP: peer Protocol Version %u Flags 0x%x",
 			   kde.dpp_kde[0], kde.dpp_kde[1]);
@ -3516,10 +3517,10 @@ SM_STATE(WPA_PTK, PTKINITNEGOTIATING)
 				  &conf->transition_disable, 1, NULL, 0);

 #ifdef CONFIG_DPP2
-	if (sm->wpa_key_mgmt == WPA_KEY_MGMT_DPP) {
+	if (DPP_VERSION > 1 && sm->wpa_key_mgmt == WPA_KEY_MGMT_DPP) {
 		u8 payload[2];

-		payload[0] = 2; /* Protocol Version */
+		payload[0] = DPP_VERSION; /* Protocol Version */
 		payload[1] = 0; /* Flags */
 		if (conf->dpp_pfs == 0)
 			payload[1] |= DPP_KDE_PFS_ALLOWED;
--- a/src/common/dpp.c
+++ b/src/common/dpp.c
@ -37,6 +37,11 @@
 static const char * dpp_netrole_str(enum dpp_netrole netrole);

 #ifdef CONFIG_TESTING_OPTIONS
+#ifdef CONFIG_DPP2
+int dpp_version_override = 2;
+#else
+int dpp_version_override = 1;
+#endif
 enum dpp_test_behavior dpp_test = DPP_TEST_DISABLED;
 u8 dpp_pkex_own_mac_override[ETH_ALEN] = { 0, 0, 0, 0, 0, 0 };
 u8 dpp_pkex_peer_mac_override[ETH_ALEN] = { 0, 0, 0, 0, 0, 0 };
@ -1850,7 +1855,7 @@ static struct wpabuf * dpp_auth_build_req(struct dpp_authentication *auth,
 	/* Protocol Version */
 	wpabuf_put_le16(msg, DPP_ATTR_PROTOCOL_VERSION);
 	wpabuf_put_le16(msg, 1);
-	wpabuf_put_u8(msg, 2);
+	wpabuf_put_u8(msg, DPP_VERSION);
 #endif /* CONFIG_DPP2 */

 #ifdef CONFIG_TESTING_OPTIONS
@ -2014,7 +2019,7 @@ static struct wpabuf * dpp_auth_build_resp(struct dpp_authentication *auth,
 	if (auth->peer_version >= 2) {
 		wpabuf_put_le16(msg, DPP_ATTR_PROTOCOL_VERSION);
 		wpabuf_put_le16(msg, 1);
-		wpabuf_put_u8(msg, 2);
+		wpabuf_put_u8(msg, DPP_VERSION);
 	}
 #endif /* CONFIG_DPP2 */

@ -3352,7 +3357,7 @@ dpp_auth_req_rx(struct dpp_global *dpp, void *msg_ctx, u8 dpp_allowed_roles,
 #ifdef CONFIG_DPP2
 	version = dpp_get_attr(attr_start, attr_len, DPP_ATTR_PROTOCOL_VERSION,
 			       &version_len);
-	if (version) {
+	if (version && DPP_VERSION > 1) {
 		if (version_len < 1 || version[0] == 0) {
 			dpp_auth_fail(auth,
 				      "Invalid Protocol Version attribute");
@ -3968,7 +3973,7 @@ dpp_auth_resp_rx(struct dpp_authentication *auth, const u8 *hdr,
 #ifdef CONFIG_DPP2
 	version = dpp_get_attr(attr_start, attr_len, DPP_ATTR_PROTOCOL_VERSION,
 			       &version_len);
-	if (version) {
+	if (version && DPP_VERSION > 1) {
 		if (version_len < 1 || version[0] == 0) {
 			dpp_auth_fail(auth,
 				      "Invalid Protocol Version attribute");
--- a/src/common/dpp.h
+++ b/src/common/dpp.h
@ -21,6 +21,17 @@ struct crypto_ecdh;
 struct hostapd_ip_addr;
 struct dpp_global;

+#ifdef CONFIG_TESTING_OPTIONS
+#define DPP_VERSION (dpp_version_override)
+extern int dpp_version_override;
+#else /* CONFIG_TESTING_OPTIONS */
+#ifdef CONFIG_DPP2
+#define DPP_VERSION 2
+#else
+#define DPP_VERSION 1
+#endif
+#endif /* CONFIG_TESTING_OPTIONS */
+
 #define DPP_HDR_LEN (4 + 2) /* OUI, OUI Type, Crypto Suite, DPP frame type */
 #define DPP_TCP_PORT 7871

--- a/src/rsn_supp/wpa.c
+++ b/src/rsn_supp/wpa.c
@ -21,6 +21,7 @@
 #include "common/ieee802_11_defs.h"
 #include "common/ieee802_11_common.h"
 #include "common/ocv.h"
+#include "common/dpp.h"
 #include "eap_common/eap_defs.h"
 #include "eapol_supp/eapol_supp_sm.h"
 #include "drivers/driver.h"
@ -784,7 +785,7 @@ static void wpa_supplicant_process_1_of_4(struct wpa_sm *sm,
 #endif /* CONFIG_P2P */

 #ifdef CONFIG_DPP2
-	if (sm->key_mgmt == WPA_KEY_MGMT_DPP) {
+	if (DPP_VERSION > 1 && sm->key_mgmt == WPA_KEY_MGMT_DPP) {
 		u8 *pos;

 		wpa_printf(MSG_DEBUG, "DPP: Add DPP KDE into EAPOL-Key 2/4");
@ -793,7 +794,7 @@ static void wpa_supplicant_process_1_of_4(struct wpa_sm *sm,
 		*pos++ = RSN_SELECTOR_LEN + 2;
 		RSN_SELECTOR_PUT(pos, WFA_KEY_DATA_DPP);
 		pos += RSN_SELECTOR_LEN;
-		*pos++ = 2; /* Protocol Version */
+		*pos++ = DPP_VERSION; /* Protocol Version */
 		*pos = 0; /* Flags */
 		if (sm->dpp_pfs == 0)
 			*pos |= DPP_KDE_PFS_ALLOWED;
@ -1716,7 +1717,7 @@ static void wpa_supplicant_process_3_of_4(struct wpa_sm *sm,
 #endif /* CONFIG_OCV */

 #ifdef CONFIG_DPP2
-	if (ie.dpp_kde) {
+	if (DPP_VERSION > 1 && ie.dpp_kde) {
 		wpa_printf(MSG_DEBUG,
 			   "DPP: peer Protocol Version %u Flags 0x%x",
 			   ie.dpp_kde[0], ie.dpp_kde[1]);