DPP3: Verify version match during Network Introduction

Verify that the Protocol Version attribute is used appropriate in Peer
Discovery Request/Response messages in cases where the signed Connector
includes the version information.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
This commit is contained in:
Jouni Malinen 2021-12-03 21:04:03 +02:00 committed by Jouni Malinen
parent f26fd5ee6c
commit 341e7cd664
4 changed files with 41 additions and 0 deletions

View file

@ -1661,6 +1661,28 @@ static void hostapd_dpp_rx_peer_disc_req(struct hostapd_data *hapd,
return; return;
} }
#ifdef CONFIG_DPP3
if (intro.peer_version && intro.peer_version >= 2) {
const u8 *version;
u16 version_len;
u8 attr_version = 1;
version = dpp_get_attr(buf, len, DPP_ATTR_PROTOCOL_VERSION,
&version_len);
if (version && version_len >= 1)
attr_version = version[0];
if (attr_version != intro.peer_version) {
wpa_printf(MSG_INFO,
"DPP: Protocol version mismatch (Connector: %d Attribute: %d",
intro.peer_version, attr_version);
hostapd_dpp_send_peer_disc_resp(hapd, src, freq,
trans_id[0],
DPP_STATUS_NO_MATCH);
return;
}
}
#endif /* CONFIG_DPP3 */
if (!expire || (os_time_t) hapd->conf->dpp_netaccesskey_expiry < expire) if (!expire || (os_time_t) hapd->conf->dpp_netaccesskey_expiry < expire)
expire = hapd->conf->dpp_netaccesskey_expiry; expire = hapd->conf->dpp_netaccesskey_expiry;
if (expire) if (expire)

View file

@ -3703,6 +3703,14 @@ dpp_peer_intro(struct dpp_introduction *intro, const char *own_connector,
} }
} }
#ifdef CONFIG_DPP3
token = json_get_member(root, "version");
if (token && token->type == JSON_NUMBER) {
wpa_printf(MSG_DEBUG, "DPP: version = %d", token->number);
intro->peer_version = token->number;
}
#endif /* CONFIG_DPP3 */
netkey = json_get_member(root, "netAccessKey"); netkey = json_get_member(root, "netAccessKey");
if (!netkey || netkey->type != JSON_OBJECT) { if (!netkey || netkey->type != JSON_OBJECT) {
wpa_printf(MSG_DEBUG, "DPP: No netAccessKey object found"); wpa_printf(MSG_DEBUG, "DPP: No netAccessKey object found");

View file

@ -374,6 +374,7 @@ struct dpp_introduction {
u8 pmkid[PMKID_LEN]; u8 pmkid[PMKID_LEN];
u8 pmk[PMK_LEN_MAX]; u8 pmk[PMK_LEN_MAX];
size_t pmk_len; size_t pmk_len;
int peer_version;
}; };
struct dpp_relay_config { struct dpp_relay_config {

View file

@ -2462,6 +2462,16 @@ static void wpas_dpp_rx_peer_disc_resp(struct wpa_supplicant *wpa_s,
&version_len); &version_len);
if (version && version_len >= 1) if (version && version_len >= 1)
peer_version = version[0]; peer_version = version[0];
#ifdef CONFIG_DPP3
if (intro.peer_version && intro.peer_version >= 2 &&
peer_version != intro.peer_version) {
wpa_printf(MSG_INFO,
"DPP: Protocol version mismatch (Connector: %d Attribute: %d",
intro.peer_version, peer_version);
wpas_dpp_send_conn_status_result(wpa_s, DPP_STATUS_NO_MATCH);
goto fail;
}
#endif /* CONFIG_DPP3 */
entry->dpp_pfs = peer_version >= 2; entry->dpp_pfs = peer_version >= 2;
#endif /* CONFIG_DPP2 */ #endif /* CONFIG_DPP2 */
if (expiry) { if (expiry) {