DGNum/hostapd
6
0
Fork 0
Code Issues Pull requests 1 Projects Releases Packages Wiki Activity Actions

DPP: Strict validation of PKEX peer bootstrapping key during auth

Browse source 
Verify that the peer does not change its bootstrapping key between the
PKEX exchange and the authentication exchange.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
This commit is contained in:
Jouni Malinen 2022-07-22 21:08:08 +03:00 committed by Jouni Malinen
parent a7b8cef8b7
commit d2388bcca5
4 changed files with 35 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

15
src/ap/dpp_hostapd.c
View file

@ -1056,6 +1056,21 @@ static void hostapd_dpp_rx_auth_req(struct hostapd_data *hapd, const u8 *src,
return; return;
} }
if (own_bi->type == DPP_BOOTSTRAP_PKEX) {
if (!peer_bi || peer_bi->type != DPP_BOOTSTRAP_PKEX) {
wpa_msg(hapd->msg_ctx, MSG_INFO, DPP_EVENT_FAIL
"No matching peer bootstrapping key found for PKEX - ignore message");
return;
}
if (os_memcmp(peer_bi->pubkey_hash, own_bi->peer_pubkey_hash,
SHA256_MAC_LEN) != 0) {
wpa_msg(hapd->msg_ctx, MSG_INFO, DPP_EVENT_FAIL
"Mismatching peer PKEX bootstrapping key - ignore message");
return;
}
}
if (hapd->dpp_auth) { if (hapd->dpp_auth) {
wpa_msg(hapd->msg_ctx, MSG_INFO, DPP_EVENT_FAIL wpa_msg(hapd->msg_ctx, MSG_INFO, DPP_EVENT_FAIL
"Already in DPP authentication exchange - ignore new one"); "Already in DPP authentication exchange - ignore new one");

3
src/common/dpp.h
View file

@ -186,6 +186,9 @@ struct dpp_bootstrap_info {
int nfc_negotiated; /* whether this has been used in NFC negotiated int nfc_negotiated; /* whether this has been used in NFC negotiated
* connection handover */ * connection handover */
char *configurator_params; char *configurator_params;
u8 peer_pubkey_hash[SHA256_MAC_LEN]; /* for enforcing a specific
* peer bootstrapping key with
* PKEX */
}; };
#define PKEX_COUNTER_T_LIMIT 5 #define PKEX_COUNTER_T_LIMIT 5

2
src/common/dpp_pkex.c
View file

@ -1363,6 +1363,8 @@ dpp_pkex_finish(struct dpp_global *dpp, struct dpp_pkex *pkex, const u8 *peer,
dpp_bootstrap_info_free(bi); dpp_bootstrap_info_free(bi);
return NULL; return NULL;
} }
os_memcpy(pkex->own_bi->peer_pubkey_hash, bi->pubkey_hash,
SHA256_MAC_LEN);
dpp_pkex_free(pkex); dpp_pkex_free(pkex);
dl_list_add(&dpp->bootstrap, &bi->list); dl_list_add(&dpp->bootstrap, &bi->list);
return bi; return bi;

15
wpa_supplicant/dpp_supplicant.c
View file

@ -1153,6 +1153,21 @@ static void wpas_dpp_rx_auth_req(struct wpa_supplicant *wpa_s, const u8 *src,
return; return;
} }
if (own_bi->type == DPP_BOOTSTRAP_PKEX) {
if (!peer_bi || peer_bi->type != DPP_BOOTSTRAP_PKEX) {
wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_FAIL
"No matching peer bootstrapping key found for PKEX - ignore message");
return;
}
if (os_memcmp(peer_bi->pubkey_hash, own_bi->peer_pubkey_hash,
SHA256_MAC_LEN) != 0) {
wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_FAIL
"Mismatching peer PKEX bootstrapping key - ignore message");
return;
}
}
if (wpa_s->dpp_auth) { if (wpa_s->dpp_auth) {
wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_FAIL wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_FAIL
"Already in DPP authentication exchange - ignore new one"); "Already in DPP authentication exchange - ignore new one");