DPP3: Verify version match during Network Introduction
Verify that the Protocol Version attribute is used appropriate in Peer Discovery Request/Response messages in cases where the signed Connector includes the version information. Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
This commit is contained in:
parent
f26fd5ee6c
commit
341e7cd664
4 changed files with 41 additions and 0 deletions
|
@ -1661,6 +1661,28 @@ static void hostapd_dpp_rx_peer_disc_req(struct hostapd_data *hapd,
|
|||
return;
|
||||
}
|
||||
|
||||
#ifdef CONFIG_DPP3
|
||||
if (intro.peer_version && intro.peer_version >= 2) {
|
||||
const u8 *version;
|
||||
u16 version_len;
|
||||
u8 attr_version = 1;
|
||||
|
||||
version = dpp_get_attr(buf, len, DPP_ATTR_PROTOCOL_VERSION,
|
||||
&version_len);
|
||||
if (version && version_len >= 1)
|
||||
attr_version = version[0];
|
||||
if (attr_version != intro.peer_version) {
|
||||
wpa_printf(MSG_INFO,
|
||||
"DPP: Protocol version mismatch (Connector: %d Attribute: %d",
|
||||
intro.peer_version, attr_version);
|
||||
hostapd_dpp_send_peer_disc_resp(hapd, src, freq,
|
||||
trans_id[0],
|
||||
DPP_STATUS_NO_MATCH);
|
||||
return;
|
||||
}
|
||||
}
|
||||
#endif /* CONFIG_DPP3 */
|
||||
|
||||
if (!expire || (os_time_t) hapd->conf->dpp_netaccesskey_expiry < expire)
|
||||
expire = hapd->conf->dpp_netaccesskey_expiry;
|
||||
if (expire)
|
||||
|
|
|
@ -3703,6 +3703,14 @@ dpp_peer_intro(struct dpp_introduction *intro, const char *own_connector,
|
|||
}
|
||||
}
|
||||
|
||||
#ifdef CONFIG_DPP3
|
||||
token = json_get_member(root, "version");
|
||||
if (token && token->type == JSON_NUMBER) {
|
||||
wpa_printf(MSG_DEBUG, "DPP: version = %d", token->number);
|
||||
intro->peer_version = token->number;
|
||||
}
|
||||
#endif /* CONFIG_DPP3 */
|
||||
|
||||
netkey = json_get_member(root, "netAccessKey");
|
||||
if (!netkey || netkey->type != JSON_OBJECT) {
|
||||
wpa_printf(MSG_DEBUG, "DPP: No netAccessKey object found");
|
||||
|
|
|
@ -374,6 +374,7 @@ struct dpp_introduction {
|
|||
u8 pmkid[PMKID_LEN];
|
||||
u8 pmk[PMK_LEN_MAX];
|
||||
size_t pmk_len;
|
||||
int peer_version;
|
||||
};
|
||||
|
||||
struct dpp_relay_config {
|
||||
|
|
|
@ -2462,6 +2462,16 @@ static void wpas_dpp_rx_peer_disc_resp(struct wpa_supplicant *wpa_s,
|
|||
&version_len);
|
||||
if (version && version_len >= 1)
|
||||
peer_version = version[0];
|
||||
#ifdef CONFIG_DPP3
|
||||
if (intro.peer_version && intro.peer_version >= 2 &&
|
||||
peer_version != intro.peer_version) {
|
||||
wpa_printf(MSG_INFO,
|
||||
"DPP: Protocol version mismatch (Connector: %d Attribute: %d",
|
||||
intro.peer_version, peer_version);
|
||||
wpas_dpp_send_conn_status_result(wpa_s, DPP_STATUS_NO_MATCH);
|
||||
goto fail;
|
||||
}
|
||||
#endif /* CONFIG_DPP3 */
|
||||
entry->dpp_pfs = peer_version >= 2;
|
||||
#endif /* CONFIG_DPP2 */
|
||||
if (expiry) {
|
||||
|
|
Loading…
Reference in a new issue