DPP: Protocol testing for invalid Peer Discovery Req/Resp values
Extend dpp_test to allow more invalid attribute values to be written into Peer Discovery Request/Response frames. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This commit is contained in:
Jouni Malinen
Jouni Malinen
parent
18b8c35b41
commit
4b8de0c929
4 changed files with 100 additions and 0 deletions
|
|
@ -943,6 +943,10 @@ static void hostapd_dpp_send_peer_disc_resp(struct hostapd_data *hapd,
|
|||
wpa_printf(MSG_INFO, "DPP: TESTING - no Transaction ID");
|
||||
goto skip_trans_id;
|
||||
}
|
||||
if (dpp_test == DPP_TEST_INVALID_TRANSACTION_ID_PEER_DISC_RESP) {
|
||||
wpa_printf(MSG_INFO, "DPP: TESTING - invalid Transaction ID");
|
||||
trans_id ^= 0x01;
|
||||
}
|
||||
#endif /* CONFIG_TESTING_OPTIONS */
|
||||
|
||||
/* Transaction ID */
|
||||
|
|
@ -956,6 +960,10 @@ skip_trans_id:
|
|||
wpa_printf(MSG_INFO, "DPP: TESTING - no Status");
|
||||
goto skip_status;
|
||||
}
|
||||
if (dpp_test == DPP_TEST_INVALID_STATUS_PEER_DISC_RESP) {
|
||||
wpa_printf(MSG_INFO, "DPP: TESTING - invalid Status");
|
||||
status = 254;
|
||||
}
|
||||
#endif /* CONFIG_TESTING_OPTIONS */
|
||||
|
||||
/* DPP Status */
|
||||
|
|
@ -969,6 +977,23 @@ skip_status:
|
|||
wpa_printf(MSG_INFO, "DPP: TESTING - no Connector");
|
||||
goto skip_connector;
|
||||
}
|
||||
if (status == DPP_STATUS_OK &&
|
||||
dpp_test == DPP_TEST_INVALID_CONNECTOR_PEER_DISC_RESP) {
|
||||
char *connector;
|
||||
|
||||
wpa_printf(MSG_INFO, "DPP: TESTING - invalid Connector");
|
||||
connector = dpp_corrupt_connector_signature(
|
||||
hapd->conf->dpp_connector);
|
||||
if (!connector) {
|
||||
wpabuf_free(msg);
|
||||
return;
|
||||
}
|
||||
wpabuf_put_le16(msg, DPP_ATTR_CONNECTOR);
|
||||
wpabuf_put_le16(msg, os_strlen(connector));
|
||||
wpabuf_put_str(msg, connector);
|
||||
os_free(connector);
|
||||
goto skip_connector;
|
||||
}
|
||||
#endif /* CONFIG_TESTING_OPTIONS */
|
||||
|
||||
/* DPP Connector */
|
||||
|
|
|
|||
|
|
@ -7250,3 +7250,56 @@ void dpp_pkex_free(struct dpp_pkex *pkex)
|
|||
wpabuf_free(pkex->exchange_resp);
|
||||
os_free(pkex);
|
||||
}
|
||||
|
||||
|
||||
#ifdef CONFIG_TESTING_OPTIONS
|
||||
char * dpp_corrupt_connector_signature(const char *connector)
|
||||
{
|
||||
char *tmp, *pos, *signed3 = NULL;
|
||||
unsigned char *signature = NULL;
|
||||
size_t signature_len = 0, signed3_len;
|
||||
|
||||
tmp = os_zalloc(os_strlen(connector) + 5);
|
||||
if (!tmp)
|
||||
goto fail;
|
||||
os_memcpy(tmp, connector, os_strlen(connector));
|
||||
|
||||
pos = os_strchr(tmp, '.');
|
||||
if (!pos)
|
||||
goto fail;
|
||||
|
||||
pos = os_strchr(pos + 1, '.');
|
||||
if (!pos)
|
||||
goto fail;
|
||||
pos++;
|
||||
|
||||
wpa_printf(MSG_DEBUG, "DPP: Original base64url encoded signature: %s",
|
||||
pos);
|
||||
signature = base64_url_decode((const unsigned char *) pos,
|
||||
os_strlen(pos), &signature_len);
|
||||
if (!signature || signature_len == 0)
|
||||
goto fail;
|
||||
wpa_hexdump(MSG_DEBUG, "DPP: Original Connector signature",
|
||||
signature, signature_len);
|
||||
signature[signature_len - 1] ^= 0x01;
|
||||
wpa_hexdump(MSG_DEBUG, "DPP: Corrupted Connector signature",
|
||||
signature, signature_len);
|
||||
signed3 = (char *) base64_url_encode(signature, signature_len,
|
||||
&signed3_len, 0);
|
||||
if (!signed3)
|
||||
goto fail;
|
||||
os_memcpy(pos, signed3, signed3_len);
|
||||
pos[signed3_len] = '\0';
|
||||
wpa_printf(MSG_DEBUG, "DPP: Corrupted base64url encoded signature: %s",
|
||||
pos);
|
||||
|
||||
out:
|
||||
os_free(signature);
|
||||
os_free(signed3);
|
||||
return tmp;
|
||||
fail:
|
||||
os_free(tmp);
|
||||
tmp = NULL;
|
||||
goto out;
|
||||
}
|
||||
#endif /* CONFIG_TESTING_OPTIONS */
|
||||
|
|
|
|||
|
|
@ -303,6 +303,10 @@ enum dpp_test_behavior {
|
|||
DPP_TEST_INVALID_STATUS_AUTH_RESP = 74,
|
||||
DPP_TEST_INVALID_STATUS_AUTH_CONF = 75,
|
||||
DPP_TEST_INVALID_CONFIG_ATTR_OBJ_CONF_REQ = 76,
|
||||
DPP_TEST_INVALID_TRANSACTION_ID_PEER_DISC_RESP = 77,
|
||||
DPP_TEST_INVALID_STATUS_PEER_DISC_RESP = 78,
|
||||
DPP_TEST_INVALID_CONNECTOR_PEER_DISC_RESP = 79,
|
||||
DPP_TEST_INVALID_CONNECTOR_PEER_DISC_REQ = 80,
|
||||
};
|
||||
|
||||
extern enum dpp_test_behavior dpp_test;
|
||||
|
|
@ -385,4 +389,6 @@ int dpp_pkex_rx_commit_reveal_resp(struct dpp_pkex *pkex, const u8 *hdr,
|
|||
const u8 *buf, size_t len);
|
||||
void dpp_pkex_free(struct dpp_pkex *pkex);
|
||||
|
||||
char * dpp_corrupt_connector_signature(const char *connector);
|
||||
|
||||
#endif /* DPP_H */
|
||||
|
|
|
|||
|
|
@ -2131,6 +2131,22 @@ skip_trans_id:
|
|||
wpa_printf(MSG_INFO, "DPP: TESTING - no Connector");
|
||||
goto skip_connector;
|
||||
}
|
||||
if (dpp_test == DPP_TEST_INVALID_CONNECTOR_PEER_DISC_REQ) {
|
||||
char *connector;
|
||||
|
||||
wpa_printf(MSG_INFO, "DPP: TESTING - invalid Connector");
|
||||
connector = dpp_corrupt_connector_signature(
|
||||
ssid->dpp_connector);
|
||||
if (!connector) {
|
||||
wpabuf_free(msg);
|
||||
return -1;
|
||||
}
|
||||
wpabuf_put_le16(msg, DPP_ATTR_CONNECTOR);
|
||||
wpabuf_put_le16(msg, os_strlen(connector));
|
||||
wpabuf_put_str(msg, connector);
|
||||
os_free(connector);
|
||||
goto skip_connector;
|
||||
}
|
||||
#endif /* CONFIG_TESTING_OPTIONS */
|
||||
|
||||
/* DPP Connector */
|
||||
|
|
|
|||
Loading…
Reference in a new issue