DGNum/hostapd
6
0
Fork 0
Code Issues Pull requests 1 Projects Releases Packages Wiki Activity Actions

DPP: Omission of Auth Resp attributes for protocol testing

Browse source 
This extends the dpp_test mechanism to allow each of the required
attributes in Authentication Response to be omitted.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This commit is contained in:
Jouni Malinen 2017-10-22 22:17:55 +03:00 committed by Jouni Malinen
parent a03406dbe2
commit ce9acce006
2 changed files with 83 additions and 9 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

83
src/common/dpp.c
View file

@ -1514,7 +1514,7 @@ static struct wpabuf * dpp_auth_build_resp(struct dpp_authentication *auth,
attr_start = wpabuf_put(msg, 0); attr_start = wpabuf_put(msg, 0);
/* DPP Status */ /* DPP Status */
if (status >= 0) { if (status != 255) {
wpa_printf(MSG_DEBUG, "DPP: Status %d", status); wpa_printf(MSG_DEBUG, "DPP: Status %d", status);
wpabuf_put_le16(msg, DPP_ATTR_STATUS); wpabuf_put_le16(msg, DPP_ATTR_STATUS);
wpabuf_put_le16(msg, 1); wpabuf_put_le16(msg, 1);
@ -1545,6 +1545,13 @@ static struct wpabuf * dpp_auth_build_resp(struct dpp_authentication *auth,
attr_end = wpabuf_put(msg, 0); attr_end = wpabuf_put(msg, 0);
#ifdef CONFIG_TESTING_OPTIONS
if (dpp_test == DPP_TEST_NO_WRAPPED_DATA_AUTH_RESP) {
wpa_printf(MSG_INFO, "DPP: TESTING - no Wrapped Data");
goto skip_wrapped_data;
}
#endif /* CONFIG_TESTING_OPTIONS */
/* Wrapped data ({R-nonce, I-nonce, R-capabilities, {R-auth}ke}k2) */ /* Wrapped data ({R-nonce, I-nonce, R-capabilities, {R-auth}ke}k2) */
pos = clear; pos = clear;
@ -1568,6 +1575,13 @@ static struct wpabuf * dpp_auth_build_resp(struct dpp_authentication *auth,
pos += nonce_len; pos += nonce_len;
} }
#ifdef CONFIG_TESTING_OPTIONS
if (dpp_test == DPP_TEST_NO_R_CAPAB_AUTH_RESP) {
wpa_printf(MSG_INFO, "DPP: TESTING - no R-capab");
goto skip_r_capab;
}
#endif /* CONFIG_TESTING_OPTIONS */
/* R-capabilities */ /* R-capabilities */
WPA_PUT_LE16(pos, DPP_ATTR_R_CAPABILITIES); WPA_PUT_LE16(pos, DPP_ATTR_R_CAPABILITIES);
pos += 2; pos += 2;
@ -1581,6 +1595,7 @@ static struct wpabuf * dpp_auth_build_resp(struct dpp_authentication *auth,
wpa_printf(MSG_INFO, "DPP: TESTING - zero R-capabilities"); wpa_printf(MSG_INFO, "DPP: TESTING - zero R-capabilities");
pos[-1] = 0; pos[-1] = 0;
} }
skip_r_capab:
#endif /* CONFIG_TESTING_OPTIONS */ #endif /* CONFIG_TESTING_OPTIONS */
if (wrapped_r_auth) { if (wrapped_r_auth) {
@ -1624,6 +1639,7 @@ static struct wpabuf * dpp_auth_build_resp(struct dpp_authentication *auth,
wpabuf_put_le16(msg, DPP_ATTR_TESTING); wpabuf_put_le16(msg, DPP_ATTR_TESTING);
wpabuf_put_le16(msg, 0); wpabuf_put_le16(msg, 0);
} }
skip_wrapped_data:
#endif /* CONFIG_TESTING_OPTIONS */ #endif /* CONFIG_TESTING_OPTIONS */
wpa_hexdump_buf(MSG_DEBUG, wpa_hexdump_buf(MSG_DEBUG,
@ -2134,10 +2150,11 @@ static int dpp_auth_build_resp_ok(struct dpp_authentication *auth)
size_t secret_len; size_t secret_len;
struct wpabuf *msg, *pr = NULL; struct wpabuf *msg, *pr = NULL;
u8 r_auth[4 + DPP_MAX_HASH_LEN]; u8 r_auth[4 + DPP_MAX_HASH_LEN];
u8 wrapped_r_auth[4 + DPP_MAX_HASH_LEN + AES_BLOCK_SIZE]; u8 wrapped_r_auth[4 + DPP_MAX_HASH_LEN + AES_BLOCK_SIZE], *w_r_auth;
size_t wrapped_r_auth_len; size_t wrapped_r_auth_len;
int ret = -1; int ret = -1;
const u8 *r_pubkey_hash, *i_pubkey_hash; const u8 *r_pubkey_hash, *i_pubkey_hash, *r_nonce, *i_nonce;
enum dpp_status_error status = DPP_STATUS_OK;
wpa_printf(MSG_DEBUG, "DPP: Build Authentication Response"); wpa_printf(MSG_DEBUG, "DPP: Build Authentication Response");
@ -2199,6 +2216,7 @@ static int dpp_auth_build_resp_ok(struct dpp_authentication *auth)
wrapped_r_auth_len = 4 + auth->curve->hash_len + AES_BLOCK_SIZE; wrapped_r_auth_len = 4 + auth->curve->hash_len + AES_BLOCK_SIZE;
wpa_hexdump(MSG_DEBUG, "DPP: {R-auth}ke", wpa_hexdump(MSG_DEBUG, "DPP: {R-auth}ke",
wrapped_r_auth, wrapped_r_auth_len); wrapped_r_auth, wrapped_r_auth_len);
w_r_auth = wrapped_r_auth;
r_pubkey_hash = auth->own_bi->pubkey_hash; r_pubkey_hash = auth->own_bi->pubkey_hash;
if (auth->peer_bi) if (auth->peer_bi)
@ -2206,10 +2224,40 @@ static int dpp_auth_build_resp_ok(struct dpp_authentication *auth)
else else
i_pubkey_hash = NULL; i_pubkey_hash = NULL;
msg = dpp_auth_build_resp(auth, DPP_STATUS_OK, pr, nonce_len, i_nonce = auth->i_nonce;
r_nonce = auth->r_nonce;
#ifdef CONFIG_TESTING_OPTIONS
if (dpp_test == DPP_TEST_NO_R_BOOTSTRAP_KEY_HASH_AUTH_RESP) {
wpa_printf(MSG_INFO, "DPP: TESTING - no R-Bootstrap Key Hash");
r_pubkey_hash = NULL;
} else if (dpp_test == DPP_TEST_NO_I_BOOTSTRAP_KEY_HASH_AUTH_RESP) {
wpa_printf(MSG_INFO, "DPP: TESTING - no I-Bootstrap Key Hash");
i_pubkey_hash = NULL;
} else if (dpp_test == DPP_TEST_NO_R_PROTO_KEY_AUTH_RESP) {
wpa_printf(MSG_INFO, "DPP: TESTING - no R-Proto Key");
wpabuf_free(pr);
pr = NULL;
} else if (dpp_test == DPP_TEST_NO_R_AUTH_AUTH_RESP) {
wpa_printf(MSG_INFO, "DPP: TESTING - no R-Auth");
w_r_auth = NULL;
wrapped_r_auth_len = 0;
} else if (dpp_test == DPP_TEST_NO_STATUS_AUTH_RESP) {
wpa_printf(MSG_INFO, "DPP: TESTING - no Status");
status = 255;
} else if (dpp_test == DPP_TEST_NO_R_NONCE_AUTH_RESP) {
wpa_printf(MSG_INFO, "DPP: TESTING - no R-nonce");
r_nonce = NULL;
} else if (dpp_test == DPP_TEST_NO_I_NONCE_AUTH_RESP) {
wpa_printf(MSG_INFO, "DPP: TESTING - no I-nonce");
i_nonce = NULL;
}
#endif /* CONFIG_TESTING_OPTIONS */
msg = dpp_auth_build_resp(auth, status, pr, nonce_len,
r_pubkey_hash, i_pubkey_hash, r_pubkey_hash, i_pubkey_hash,
auth->r_nonce, auth->i_nonce, r_nonce, i_nonce,
wrapped_r_auth, wrapped_r_auth_len, w_r_auth, wrapped_r_auth_len,
auth->k2); auth->k2);
if (!msg) if (!msg)
goto fail; goto fail;
@ -2225,7 +2273,7 @@ static int dpp_auth_build_resp_status(struct dpp_authentication *auth,
enum dpp_status_error status) enum dpp_status_error status)
{ {
struct wpabuf *msg; struct wpabuf *msg;
const u8 *r_pubkey_hash, *i_pubkey_hash; const u8 *r_pubkey_hash, *i_pubkey_hash, *i_nonce;
wpa_printf(MSG_DEBUG, "DPP: Build Authentication Response"); wpa_printf(MSG_DEBUG, "DPP: Build Authentication Response");
@ -2235,10 +2283,27 @@ static int dpp_auth_build_resp_status(struct dpp_authentication *auth,
else else
i_pubkey_hash = NULL; i_pubkey_hash = NULL;
i_nonce = auth->i_nonce;
#ifdef CONFIG_TESTING_OPTIONS
if (dpp_test == DPP_TEST_NO_R_BOOTSTRAP_KEY_HASH_AUTH_RESP) {
wpa_printf(MSG_INFO, "DPP: TESTING - no R-Bootstrap Key Hash");
r_pubkey_hash = NULL;
} else if (dpp_test == DPP_TEST_NO_I_BOOTSTRAP_KEY_HASH_AUTH_RESP) {
wpa_printf(MSG_INFO, "DPP: TESTING - no I-Bootstrap Key Hash");
i_pubkey_hash = NULL;
} else if (dpp_test == DPP_TEST_NO_STATUS_AUTH_RESP) {
wpa_printf(MSG_INFO, "DPP: TESTING - no Status");
status = -1;
} else if (dpp_test == DPP_TEST_NO_I_NONCE_AUTH_RESP) {
wpa_printf(MSG_INFO, "DPP: TESTING - no I-nonce");
i_nonce = NULL;
}
#endif /* CONFIG_TESTING_OPTIONS */
msg = dpp_auth_build_resp(auth, status, NULL, auth->curve->nonce_len, msg = dpp_auth_build_resp(auth, status, NULL, auth->curve->nonce_len,
r_pubkey_hash, i_pubkey_hash, r_pubkey_hash, i_pubkey_hash,
NULL, auth->i_nonce, NULL, 0, NULL, i_nonce, NULL, 0, auth->k1);
auth->k1);
if (!msg) if (!msg)
return -1; return -1;
auth->resp_msg = msg; auth->resp_msg = msg;

9
src/common/dpp.h
View file

@ -222,6 +222,15 @@ enum dpp_test_behavior {
DPP_TEST_NO_I_NONCE_AUTH_REQ = 13, DPP_TEST_NO_I_NONCE_AUTH_REQ = 13,
DPP_TEST_NO_I_CAPAB_AUTH_REQ = 14, DPP_TEST_NO_I_CAPAB_AUTH_REQ = 14,
DPP_TEST_NO_WRAPPED_DATA_AUTH_REQ = 15, DPP_TEST_NO_WRAPPED_DATA_AUTH_REQ = 15,
DPP_TEST_NO_STATUS_AUTH_RESP = 16,
DPP_TEST_NO_R_BOOTSTRAP_KEY_HASH_AUTH_RESP = 17,
DPP_TEST_NO_I_BOOTSTRAP_KEY_HASH_AUTH_RESP = 18,
DPP_TEST_NO_R_PROTO_KEY_AUTH_RESP = 19,
DPP_TEST_NO_R_NONCE_AUTH_RESP = 20,
DPP_TEST_NO_I_NONCE_AUTH_RESP = 21,
DPP_TEST_NO_R_CAPAB_AUTH_RESP = 22,
DPP_TEST_NO_R_AUTH_AUTH_RESP = 23,
DPP_TEST_NO_WRAPPED_DATA_AUTH_RESP = 24,
}; };
extern enum dpp_test_behavior dpp_test; extern enum dpp_test_behavior dpp_test;