DPP3: Verify version match during Network Introduction
Verify that the Protocol Version attribute is used appropriate in Peer Discovery Request/Response messages in cases where the signed Connector includes the version information. Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
This commit is contained in:
parent
f26fd5ee6c
commit
341e7cd664
4 changed files with 41 additions and 0 deletions
|
@ -1661,6 +1661,28 @@ static void hostapd_dpp_rx_peer_disc_req(struct hostapd_data *hapd,
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
#ifdef CONFIG_DPP3
|
||||||
|
if (intro.peer_version && intro.peer_version >= 2) {
|
||||||
|
const u8 *version;
|
||||||
|
u16 version_len;
|
||||||
|
u8 attr_version = 1;
|
||||||
|
|
||||||
|
version = dpp_get_attr(buf, len, DPP_ATTR_PROTOCOL_VERSION,
|
||||||
|
&version_len);
|
||||||
|
if (version && version_len >= 1)
|
||||||
|
attr_version = version[0];
|
||||||
|
if (attr_version != intro.peer_version) {
|
||||||
|
wpa_printf(MSG_INFO,
|
||||||
|
"DPP: Protocol version mismatch (Connector: %d Attribute: %d",
|
||||||
|
intro.peer_version, attr_version);
|
||||||
|
hostapd_dpp_send_peer_disc_resp(hapd, src, freq,
|
||||||
|
trans_id[0],
|
||||||
|
DPP_STATUS_NO_MATCH);
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
#endif /* CONFIG_DPP3 */
|
||||||
|
|
||||||
if (!expire || (os_time_t) hapd->conf->dpp_netaccesskey_expiry < expire)
|
if (!expire || (os_time_t) hapd->conf->dpp_netaccesskey_expiry < expire)
|
||||||
expire = hapd->conf->dpp_netaccesskey_expiry;
|
expire = hapd->conf->dpp_netaccesskey_expiry;
|
||||||
if (expire)
|
if (expire)
|
||||||
|
|
|
@ -3703,6 +3703,14 @@ dpp_peer_intro(struct dpp_introduction *intro, const char *own_connector,
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
#ifdef CONFIG_DPP3
|
||||||
|
token = json_get_member(root, "version");
|
||||||
|
if (token && token->type == JSON_NUMBER) {
|
||||||
|
wpa_printf(MSG_DEBUG, "DPP: version = %d", token->number);
|
||||||
|
intro->peer_version = token->number;
|
||||||
|
}
|
||||||
|
#endif /* CONFIG_DPP3 */
|
||||||
|
|
||||||
netkey = json_get_member(root, "netAccessKey");
|
netkey = json_get_member(root, "netAccessKey");
|
||||||
if (!netkey || netkey->type != JSON_OBJECT) {
|
if (!netkey || netkey->type != JSON_OBJECT) {
|
||||||
wpa_printf(MSG_DEBUG, "DPP: No netAccessKey object found");
|
wpa_printf(MSG_DEBUG, "DPP: No netAccessKey object found");
|
||||||
|
|
|
@ -374,6 +374,7 @@ struct dpp_introduction {
|
||||||
u8 pmkid[PMKID_LEN];
|
u8 pmkid[PMKID_LEN];
|
||||||
u8 pmk[PMK_LEN_MAX];
|
u8 pmk[PMK_LEN_MAX];
|
||||||
size_t pmk_len;
|
size_t pmk_len;
|
||||||
|
int peer_version;
|
||||||
};
|
};
|
||||||
|
|
||||||
struct dpp_relay_config {
|
struct dpp_relay_config {
|
||||||
|
|
|
@ -2462,6 +2462,16 @@ static void wpas_dpp_rx_peer_disc_resp(struct wpa_supplicant *wpa_s,
|
||||||
&version_len);
|
&version_len);
|
||||||
if (version && version_len >= 1)
|
if (version && version_len >= 1)
|
||||||
peer_version = version[0];
|
peer_version = version[0];
|
||||||
|
#ifdef CONFIG_DPP3
|
||||||
|
if (intro.peer_version && intro.peer_version >= 2 &&
|
||||||
|
peer_version != intro.peer_version) {
|
||||||
|
wpa_printf(MSG_INFO,
|
||||||
|
"DPP: Protocol version mismatch (Connector: %d Attribute: %d",
|
||||||
|
intro.peer_version, peer_version);
|
||||||
|
wpas_dpp_send_conn_status_result(wpa_s, DPP_STATUS_NO_MATCH);
|
||||||
|
goto fail;
|
||||||
|
}
|
||||||
|
#endif /* CONFIG_DPP3 */
|
||||||
entry->dpp_pfs = peer_version >= 2;
|
entry->dpp_pfs = peer_version >= 2;
|
||||||
#endif /* CONFIG_DPP2 */
|
#endif /* CONFIG_DPP2 */
|
||||||
if (expiry) {
|
if (expiry) {
|
||||||
|
|
Loading…
Reference in a new issue