From d8ed3a075ae0891cc697e9100274169b491ce6f9 Mon Sep 17 00:00:00 2001 From: Jouni Malinen Date: Sun, 24 Feb 2013 10:57:49 +0200 Subject: [PATCH] WPS: Fix OOB Device Password use in PSK1,PSK1 derivation WSC specification 2.0 section 7.4 describes OOB password to be expressed in ASCII format (upper case hexdump) instead of raw binary. Signed-hostap: Jouni Malinen --- src/ap/wps_hostapd.c | 12 +++++++++++- src/eap_peer/eap_wsc.c | 9 --------- src/wps/wps_registrar.c | 8 +++++--- 3 files changed, 16 insertions(+), 13 deletions(-) diff --git a/src/ap/wps_hostapd.c b/src/ap/wps_hostapd.c index dfe77ad37..e017972de 100644 --- a/src/ap/wps_hostapd.c +++ b/src/ap/wps_hostapd.c @@ -1612,6 +1612,7 @@ struct wpabuf * hostapd_wps_nfc_token_gen(struct hostapd_data *hapd, int ndef) int hostapd_wps_nfc_token_enable(struct hostapd_data *hapd) { struct wps_context *wps = hapd->wps; + struct wpabuf *pw; if (wps == NULL) return -1; @@ -1626,7 +1627,16 @@ int hostapd_wps_nfc_token_enable(struct hostapd_data *hapd) wps->ap_nfc_dev_pw_id = hapd->conf->wps_nfc_dev_pw_id; wps->ap_nfc_dh_pubkey = wpabuf_dup(hapd->conf->wps_nfc_dh_pubkey); wps->ap_nfc_dh_privkey = wpabuf_dup(hapd->conf->wps_nfc_dh_privkey); - wps->ap_nfc_dev_pw = wpabuf_dup(hapd->conf->wps_nfc_dev_pw); + pw = hapd->conf->wps_nfc_dev_pw; + wps->ap_nfc_dev_pw = wpabuf_alloc( + wpabuf_len(pw) * 2 + 1); + if (wps->ap_nfc_dev_pw) { + wpa_snprintf_hex_uppercase( + (char *) wpabuf_put(wps->ap_nfc_dev_pw, + wpabuf_len(pw) * 2), + wpabuf_len(pw) * 2 + 1, + wpabuf_head(pw), wpabuf_len(pw)); + } if (!wps->ap_nfc_dh_pubkey || !wps->ap_nfc_dh_privkey || !wps->ap_nfc_dev_pw) { diff --git a/src/eap_peer/eap_wsc.c b/src/eap_peer/eap_wsc.c index f3581560e..81ad0ce05 100644 --- a/src/eap_peer/eap_wsc.c +++ b/src/eap_peer/eap_wsc.c @@ -137,7 +137,6 @@ static void * eap_wsc_init(struct eap_sm *sm) struct wps_context *wps; struct wps_credential new_ap_settings; int res; - u8 dev_pw[WPS_OOB_DEVICE_PASSWORD_LEN]; int nfc = 0; wps = sm->wps; @@ -186,14 +185,6 @@ static void * eap_wsc_init(struct eap_sm *sm) while (*pos != '\0' && *pos != ' ') pos++; cfg.pin_len = pos - (const char *) cfg.pin; - if (cfg.pin_len >= WPS_OOB_DEVICE_PASSWORD_MIN_LEN * 2 && - cfg.pin_len <= WPS_OOB_DEVICE_PASSWORD_LEN * 2 && - hexstr2bin((const char *) cfg.pin, dev_pw, - cfg.pin_len / 2) == 0) { - /* Convert OOB Device Password to binary */ - cfg.pin = dev_pw; - cfg.pin_len /= 2; - } if (cfg.pin_len == 6 && os_strncmp((const char *) cfg.pin, "nfc-pw", 6) == 0) { cfg.pin = NULL; diff --git a/src/wps/wps_registrar.c b/src/wps/wps_registrar.c index 57344c565..a26b8ee99 100644 --- a/src/wps/wps_registrar.c +++ b/src/wps/wps_registrar.c @@ -32,7 +32,7 @@ struct wps_nfc_pw_token { struct dl_list list; u8 pubkey_hash[WPS_OOB_PUBKEY_HASH_LEN]; u16 pw_id; - u8 dev_pw[WPS_OOB_DEVICE_PASSWORD_LEN]; + u8 dev_pw[WPS_OOB_DEVICE_PASSWORD_LEN * 2 + 1]; size_t dev_pw_len; }; @@ -3498,8 +3498,10 @@ int wps_registrar_add_nfc_pw_token(struct wps_registrar *reg, os_memcpy(token->pubkey_hash, pubkey_hash, WPS_OOB_PUBKEY_HASH_LEN); token->pw_id = pw_id; - os_memcpy(token->dev_pw, dev_pw, dev_pw_len); - token->dev_pw_len = dev_pw_len; + wpa_snprintf_hex_uppercase((char *) token->dev_pw, + sizeof(token->dev_pw), + dev_pw, dev_pw_len); + token->dev_pw_len = dev_pw_len * 2; dl_list_add(®->nfc_pw_tokens, &token->list);