DGNum/hostapd
6
0
Fork 0
Code Issues Pull requests 1 Projects Releases Packages Wiki Activity Actions

DPP: Strict validation of PKEX peer bootstrapping key during auth

Browse source 
Verify that the peer does not change its bootstrapping key between the
PKEX exchange and the authentication exchange.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
This commit is contained in:
Jouni Malinen 2022-07-22 21:08:08 +03:00 committed by Jouni Malinen
parent a7b8cef8b7
commit d2388bcca5
4 changed files with 35 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

15
src/ap/dpp_hostapd.c
View file

@ -1056,6 +1056,21 @@ static void hostapd_dpp_rx_auth_req(struct hostapd_data *hapd, const u8 *src,
return;
}
if (own_bi->type == DPP_BOOTSTRAP_PKEX) {
if (!peer_bi || peer_bi->type != DPP_BOOTSTRAP_PKEX) {
wpa_msg(hapd->msg_ctx, MSG_INFO, DPP_EVENT_FAIL
"No matching peer bootstrapping key found for PKEX - ignore message");
return;
}
if (os_memcmp(peer_bi->pubkey_hash, own_bi->peer_pubkey_hash,
SHA256_MAC_LEN) != 0) {
wpa_msg(hapd->msg_ctx, MSG_INFO, DPP_EVENT_FAIL
"Mismatching peer PKEX bootstrapping key - ignore message");
return;
}
}
if (hapd->dpp_auth) {
wpa_msg(hapd->msg_ctx, MSG_INFO, DPP_EVENT_FAIL
"Already in DPP authentication exchange - ignore new one");