DPP: Reject invalid no-psk/pass legacy configurator parameters
Instead of going through the configuration exchange, reject invalid legacy configurator parameters explicitly. Previously, configuring legacy (psk/sae) parameters without psk/pass resulted in a config object that used a zero length passphrase. With this change, that config object is not sent and instead, either the initialization attempts is rejected or the incoming initialization attempt is ignored. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
This commit is contained in:
Jouni Malinen
Jouni Malinen
parent
4d38285b3b
commit
a00d65e79f
2 changed files with 47 additions and 26 deletions
|
|
@ -505,7 +505,7 @@ static void hostapd_dpp_set_testing_options(struct hostapd_data *hapd,
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
static void hostapd_dpp_set_configurator(struct hostapd_data *hapd,
|
static int hostapd_dpp_set_configurator(struct hostapd_data *hapd,
|
||||||
struct dpp_authentication *auth,
|
struct dpp_authentication *auth,
|
||||||
const char *cmd)
|
const char *cmd)
|
||||||
{
|
{
|
||||||
|
|
@ -521,7 +521,7 @@ static void hostapd_dpp_set_configurator(struct hostapd_data *hapd,
|
||||||
char *group_id = NULL;
|
char *group_id = NULL;
|
||||||
|
|
||||||
if (!cmd)
|
if (!cmd)
|
||||||
return;
|
return 0;
|
||||||
|
|
||||||
wpa_printf(MSG_DEBUG, "DPP: Set configurator parameters: %s", cmd);
|
wpa_printf(MSG_DEBUG, "DPP: Set configurator parameters: %s", cmd);
|
||||||
pos = os_strstr(cmd, " ssid=");
|
pos = os_strstr(cmd, " ssid=");
|
||||||
|
|
@ -618,10 +618,12 @@ static void hostapd_dpp_set_configurator(struct hostapd_data *hapd,
|
||||||
conf_ap->akm = DPP_AKM_PSK;
|
conf_ap->akm = DPP_AKM_PSK;
|
||||||
if (psk_set) {
|
if (psk_set) {
|
||||||
os_memcpy(conf_ap->psk, psk, PMK_LEN);
|
os_memcpy(conf_ap->psk, psk, PMK_LEN);
|
||||||
} else {
|
} else if (pass_len > 0) {
|
||||||
conf_ap->passphrase = os_strdup(pass);
|
conf_ap->passphrase = os_strdup(pass);
|
||||||
if (!conf_ap->passphrase)
|
if (!conf_ap->passphrase)
|
||||||
goto fail;
|
goto fail;
|
||||||
|
} else {
|
||||||
|
goto fail;
|
||||||
}
|
}
|
||||||
} else if (os_strstr(cmd, " conf=ap-dpp")) {
|
} else if (os_strstr(cmd, " conf=ap-dpp")) {
|
||||||
conf_ap->akm = DPP_AKM_DPP;
|
conf_ap->akm = DPP_AKM_DPP;
|
||||||
|
|
@ -663,13 +665,15 @@ static void hostapd_dpp_set_configurator(struct hostapd_data *hapd,
|
||||||
auth->conf_ap = conf_ap;
|
auth->conf_ap = conf_ap;
|
||||||
auth->conf = conf;
|
auth->conf = conf;
|
||||||
os_free(group_id);
|
os_free(group_id);
|
||||||
return;
|
return 0;
|
||||||
|
|
||||||
fail:
|
fail:
|
||||||
wpa_printf(MSG_DEBUG, "DPP: Failed to set configurator parameters");
|
wpa_msg(hapd->msg_ctx, MSG_INFO,
|
||||||
|
"DPP: Failed to set configurator parameters");
|
||||||
dpp_configuration_free(conf_sta);
|
dpp_configuration_free(conf_sta);
|
||||||
dpp_configuration_free(conf_ap);
|
dpp_configuration_free(conf_ap);
|
||||||
os_free(group_id);
|
os_free(group_id);
|
||||||
|
return -1;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
|
@ -842,7 +846,11 @@ int hostapd_dpp_auth_init(struct hostapd_data *hapd, const char *cmd)
|
||||||
if (!hapd->dpp_auth)
|
if (!hapd->dpp_auth)
|
||||||
goto fail;
|
goto fail;
|
||||||
hostapd_dpp_set_testing_options(hapd, hapd->dpp_auth);
|
hostapd_dpp_set_testing_options(hapd, hapd->dpp_auth);
|
||||||
hostapd_dpp_set_configurator(hapd, hapd->dpp_auth, cmd);
|
if (hostapd_dpp_set_configurator(hapd, hapd->dpp_auth, cmd) < 0) {
|
||||||
|
dpp_auth_deinit(hapd->dpp_auth);
|
||||||
|
hapd->dpp_auth = NULL;
|
||||||
|
goto fail;
|
||||||
|
}
|
||||||
|
|
||||||
hapd->dpp_auth->neg_freq = neg_freq;
|
hapd->dpp_auth->neg_freq = neg_freq;
|
||||||
|
|
||||||
|
|
@ -967,8 +975,12 @@ static void hostapd_dpp_rx_auth_req(struct hostapd_data *hapd, const u8 *src,
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
hostapd_dpp_set_testing_options(hapd, hapd->dpp_auth);
|
hostapd_dpp_set_testing_options(hapd, hapd->dpp_auth);
|
||||||
hostapd_dpp_set_configurator(hapd, hapd->dpp_auth,
|
if (hostapd_dpp_set_configurator(hapd, hapd->dpp_auth,
|
||||||
hapd->dpp_configurator_params);
|
hapd->dpp_configurator_params) < 0) {
|
||||||
|
dpp_auth_deinit(hapd->dpp_auth);
|
||||||
|
hapd->dpp_auth = NULL;
|
||||||
|
return;
|
||||||
|
}
|
||||||
os_memcpy(hapd->dpp_auth->peer_mac_addr, src, ETH_ALEN);
|
os_memcpy(hapd->dpp_auth->peer_mac_addr, src, ETH_ALEN);
|
||||||
|
|
||||||
wpa_msg(hapd->msg_ctx, MSG_INFO, DPP_EVENT_TX "dst=" MACSTR
|
wpa_msg(hapd->msg_ctx, MSG_INFO, DPP_EVENT_TX "dst=" MACSTR
|
||||||
|
|
@ -1892,9 +1904,8 @@ int hostapd_dpp_configurator_sign(struct hostapd_data *hapd, const char *cmd)
|
||||||
return -1;
|
return -1;
|
||||||
|
|
||||||
curve = get_param(cmd, " curve=");
|
curve = get_param(cmd, " curve=");
|
||||||
hostapd_dpp_set_configurator(hapd, auth, cmd);
|
if (hostapd_dpp_set_configurator(hapd, auth, cmd) == 0 &&
|
||||||
|
dpp_configurator_own_config(auth, curve, 1) == 0) {
|
||||||
if (dpp_configurator_own_config(auth, curve, 1) == 0) {
|
|
||||||
hostapd_dpp_handle_config_obj(hapd, auth);
|
hostapd_dpp_handle_config_obj(hapd, auth);
|
||||||
ret = 0;
|
ret = 0;
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -527,7 +527,7 @@ static void wpas_dpp_set_testing_options(struct wpa_supplicant *wpa_s,
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
static void wpas_dpp_set_configurator(struct wpa_supplicant *wpa_s,
|
static int wpas_dpp_set_configurator(struct wpa_supplicant *wpa_s,
|
||||||
struct dpp_authentication *auth,
|
struct dpp_authentication *auth,
|
||||||
const char *cmd)
|
const char *cmd)
|
||||||
{
|
{
|
||||||
|
|
@ -543,7 +543,7 @@ static void wpas_dpp_set_configurator(struct wpa_supplicant *wpa_s,
|
||||||
char *group_id = NULL;
|
char *group_id = NULL;
|
||||||
|
|
||||||
if (!cmd)
|
if (!cmd)
|
||||||
return;
|
return 0;
|
||||||
|
|
||||||
wpa_printf(MSG_DEBUG, "DPP: Set configurator parameters: %s", cmd);
|
wpa_printf(MSG_DEBUG, "DPP: Set configurator parameters: %s", cmd);
|
||||||
pos = os_strstr(cmd, " ssid=");
|
pos = os_strstr(cmd, " ssid=");
|
||||||
|
|
@ -607,10 +607,12 @@ static void wpas_dpp_set_configurator(struct wpa_supplicant *wpa_s,
|
||||||
conf_sta->akm = DPP_AKM_PSK;
|
conf_sta->akm = DPP_AKM_PSK;
|
||||||
if (psk_set) {
|
if (psk_set) {
|
||||||
os_memcpy(conf_sta->psk, psk, PMK_LEN);
|
os_memcpy(conf_sta->psk, psk, PMK_LEN);
|
||||||
} else {
|
} else if (pass_len > 0) {
|
||||||
conf_sta->passphrase = os_strdup(pass);
|
conf_sta->passphrase = os_strdup(pass);
|
||||||
if (!conf_sta->passphrase)
|
if (!conf_sta->passphrase)
|
||||||
goto fail;
|
goto fail;
|
||||||
|
} else {
|
||||||
|
goto fail;
|
||||||
}
|
}
|
||||||
} else if (os_strstr(cmd, " conf=sta-dpp")) {
|
} else if (os_strstr(cmd, " conf=sta-dpp")) {
|
||||||
conf_sta->akm = DPP_AKM_DPP;
|
conf_sta->akm = DPP_AKM_DPP;
|
||||||
|
|
@ -684,13 +686,14 @@ static void wpas_dpp_set_configurator(struct wpa_supplicant *wpa_s,
|
||||||
auth->conf_ap = conf_ap;
|
auth->conf_ap = conf_ap;
|
||||||
auth->conf = conf;
|
auth->conf = conf;
|
||||||
os_free(group_id);
|
os_free(group_id);
|
||||||
return;
|
return 0;
|
||||||
|
|
||||||
fail:
|
fail:
|
||||||
wpa_printf(MSG_DEBUG, "DPP: Failed to set configurator parameters");
|
wpa_msg(wpa_s, MSG_INFO, "DPP: Failed to set configurator parameters");
|
||||||
dpp_configuration_free(conf_sta);
|
dpp_configuration_free(conf_sta);
|
||||||
dpp_configuration_free(conf_ap);
|
dpp_configuration_free(conf_ap);
|
||||||
os_free(group_id);
|
os_free(group_id);
|
||||||
|
return -1;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
|
@ -869,7 +872,11 @@ int wpas_dpp_auth_init(struct wpa_supplicant *wpa_s, const char *cmd)
|
||||||
if (!wpa_s->dpp_auth)
|
if (!wpa_s->dpp_auth)
|
||||||
goto fail;
|
goto fail;
|
||||||
wpas_dpp_set_testing_options(wpa_s, wpa_s->dpp_auth);
|
wpas_dpp_set_testing_options(wpa_s, wpa_s->dpp_auth);
|
||||||
wpas_dpp_set_configurator(wpa_s, wpa_s->dpp_auth, cmd);
|
if (wpas_dpp_set_configurator(wpa_s, wpa_s->dpp_auth, cmd) < 0) {
|
||||||
|
dpp_auth_deinit(wpa_s->dpp_auth);
|
||||||
|
wpa_s->dpp_auth = NULL;
|
||||||
|
goto fail;
|
||||||
|
}
|
||||||
|
|
||||||
wpa_s->dpp_auth->neg_freq = neg_freq;
|
wpa_s->dpp_auth->neg_freq = neg_freq;
|
||||||
|
|
||||||
|
|
@ -1142,8 +1149,12 @@ static void wpas_dpp_rx_auth_req(struct wpa_supplicant *wpa_s, const u8 *src,
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
wpas_dpp_set_testing_options(wpa_s, wpa_s->dpp_auth);
|
wpas_dpp_set_testing_options(wpa_s, wpa_s->dpp_auth);
|
||||||
wpas_dpp_set_configurator(wpa_s, wpa_s->dpp_auth,
|
if (wpas_dpp_set_configurator(wpa_s, wpa_s->dpp_auth,
|
||||||
wpa_s->dpp_configurator_params);
|
wpa_s->dpp_configurator_params) < 0) {
|
||||||
|
dpp_auth_deinit(wpa_s->dpp_auth);
|
||||||
|
wpa_s->dpp_auth = NULL;
|
||||||
|
return;
|
||||||
|
}
|
||||||
os_memcpy(wpa_s->dpp_auth->peer_mac_addr, src, ETH_ALEN);
|
os_memcpy(wpa_s->dpp_auth->peer_mac_addr, src, ETH_ALEN);
|
||||||
|
|
||||||
if (wpa_s->dpp_listen_freq &&
|
if (wpa_s->dpp_listen_freq &&
|
||||||
|
|
@ -2287,9 +2298,8 @@ int wpas_dpp_configurator_sign(struct wpa_supplicant *wpa_s, const char *cmd)
|
||||||
return -1;
|
return -1;
|
||||||
|
|
||||||
curve = get_param(cmd, " curve=");
|
curve = get_param(cmd, " curve=");
|
||||||
wpas_dpp_set_configurator(wpa_s, auth, cmd);
|
if (wpas_dpp_set_configurator(wpa_s, auth, cmd) == 0 &&
|
||||||
|
dpp_configurator_own_config(auth, curve, 0) == 0) {
|
||||||
if (dpp_configurator_own_config(auth, curve, 0) == 0) {
|
|
||||||
wpas_dpp_handle_config_obj(wpa_s, auth);
|
wpas_dpp_handle_config_obj(wpa_s, auth);
|
||||||
ret = 0;
|
ret = 0;
|
||||||
}
|
}
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue