DPP: Mandate mutual auth with NFC negotiated connection handover
Mark own bootstrap information as having been used in NFC negotiated connection handover and do not accept non-mutual authentication when processing Authentication Response from the peer when such bootstrapping information is used. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
This commit is contained in:
Jouni Malinen
Jouni Malinen
parent
4b9a1ba0ad
commit
512b6c02e0
3 changed files with 12 additions and 0 deletions
|
|
@ -3952,6 +3952,14 @@ dpp_auth_resp_rx(struct dpp_authentication *auth, const u8 *hdr,
|
|||
dpp_auth_fail(auth,
|
||||
"Missing Initiator Bootstrapping Key Hash attribute");
|
||||
return NULL;
|
||||
} else if (auth->own_bi &&
|
||||
auth->own_bi->type == DPP_BOOTSTRAP_NFC_URI &&
|
||||
auth->own_bi->nfc_negotiated) {
|
||||
/* NFC negotiated connection handover bootstrapping mandates
|
||||
* use of mutual authentication */
|
||||
dpp_auth_fail(auth,
|
||||
"Missing Initiator Bootstrapping Key Hash attribute");
|
||||
return NULL;
|
||||
}
|
||||
|
||||
auth->peer_version = 1; /* default to the first version */
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue