DPP: Extend DPP_PKEX_ADD ver=<1/2> to cover Responder role

Allow PKEX v1-only or v2-only behavior to be specific for the Responder
role. This is mainly for testing purposes.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
This commit is contained in:
Jouni Malinen 2022-03-07 21:37:40 +02:00 committed by Jouni Malinen
parent 6c3c431bbd
commit eeb72e7c9a
5 changed files with 74 additions and 54 deletions

View file

@ -346,14 +346,8 @@ static int hostapd_dpp_pkex_done(void *ctx, void *conn,
#endif /* CONFIG_DPP2 */
enum hostapd_dpp_pkex_ver {
PKEX_VER_AUTO,
PKEX_VER_ONLY_1,
PKEX_VER_ONLY_2,
};
static int hostapd_dpp_pkex_init(struct hostapd_data *hapd,
enum hostapd_dpp_pkex_ver ver,
enum dpp_pkex_ver ver,
const struct hostapd_ip_addr *ipaddr,
int tcp_port)
{
@ -1986,6 +1980,17 @@ hostapd_dpp_rx_pkex_exchange_req(struct hostapd_data *hapd, const u8 *src,
wpa_printf(MSG_DEBUG, "DPP: PKEX Exchange Request from " MACSTR,
MAC2STR(src));
if (hapd->dpp_pkex_ver == PKEX_VER_ONLY_1 && v2) {
wpa_printf(MSG_DEBUG,
"DPP: Ignore PKEXv2 Exchange Request when configured to be PKEX v1 only");
return;
}
if (hapd->dpp_pkex_ver == PKEX_VER_ONLY_2 && !v2) {
wpa_printf(MSG_DEBUG,
"DPP: Ignore PKEXv1 Exchange Request when configured to be PKEX v2 only");
return;
}
/* TODO: Support multiple PKEX codes by iterating over all the enabled
* values here */
@ -2409,6 +2414,11 @@ int hostapd_dpp_pkex_add(struct hostapd_data *hapd, const char *cmd)
{
struct dpp_bootstrap_info *own_bi;
const char *pos, *end;
#ifdef CONFIG_DPP3
enum dpp_pkex_ver ver = PKEX_VER_AUTO;
#else /* CONFIG_DPP3 */
enum dpp_pkex_ver ver = PKEX_VER_ONLY_1;
#endif /* CONFIG_DPP3 */
int tcp_port = DPP_TCP_PORT;
struct hostapd_ip_addr *ipaddr = NULL;
#ifdef CONFIG_DPP2
@ -2474,27 +2484,22 @@ int hostapd_dpp_pkex_add(struct hostapd_data *hapd, const char *cmd)
if (!hapd->dpp_pkex_code)
return -1;
pos = os_strstr(cmd, " ver=");
if (pos) {
int v;
pos += 5;
v = atoi(pos);
if (v == 1)
ver = PKEX_VER_ONLY_1;
else if (v == 2)
ver = PKEX_VER_ONLY_2;
else
return -1;
}
hapd->dpp_pkex_ver = ver;
if (os_strstr(cmd, " init=1")) {
#ifdef CONFIG_DPP3
enum hostapd_dpp_pkex_ver ver = PKEX_VER_AUTO;
#else /* CONFIG_DPP3 */
enum hostapd_dpp_pkex_ver ver = PKEX_VER_ONLY_1;
#endif /* CONFIG_DPP3 */
pos = os_strstr(cmd, " ver=");
if (pos) {
int v;
pos += 5;
v = atoi(pos);
if (v == 1)
ver = PKEX_VER_ONLY_1;
else if (v == 2)
ver = PKEX_VER_ONLY_2;
else
return -1;
}
if (hostapd_dpp_pkex_init(hapd, ver, ipaddr, tcp_port) < 0)
return -1;
} else {

View file

@ -14,6 +14,7 @@
#endif /* CONFIG_SQLITE */
#include "common/defs.h"
#include "common/dpp.h"
#include "utils/list.h"
#include "ap_config.h"
#include "drivers/driver.h"
@ -388,6 +389,7 @@ struct hostapd_data {
struct dpp_bootstrap_info *dpp_pkex_bi;
char *dpp_pkex_code;
char *dpp_pkex_identifier;
enum dpp_pkex_ver dpp_pkex_ver;
char *dpp_pkex_auth_cmd;
char *dpp_configurator_params;
struct os_reltime dpp_last_init;

View file

@ -172,6 +172,12 @@ struct dpp_bootstrap_info {
#define PKEX_COUNTER_T_LIMIT 5
enum dpp_pkex_ver {
PKEX_VER_AUTO,
PKEX_VER_ONLY_1,
PKEX_VER_ONLY_2,
};
struct dpp_pkex {
void *msg_ctx;
unsigned int initiator:1;

View file

@ -2729,14 +2729,8 @@ static int wpas_dpp_pkex_done(void *ctx, void *conn,
#endif /* CONFIG_DPP2 */
enum wpas_dpp_pkex_ver {
PKEX_VER_AUTO,
PKEX_VER_ONLY_1,
PKEX_VER_ONLY_2,
};
static int wpas_dpp_pkex_init(struct wpa_supplicant *wpa_s,
enum wpas_dpp_pkex_ver ver,
enum dpp_pkex_ver ver,
const struct hostapd_ip_addr *ipaddr,
int tcp_port)
{
@ -2889,6 +2883,17 @@ wpas_dpp_rx_pkex_exchange_req(struct wpa_supplicant *wpa_s, const u8 *src,
wpa_printf(MSG_DEBUG, "DPP: PKEX Exchange Request from " MACSTR,
MAC2STR(src));
if (wpa_s->dpp_pkex_ver == PKEX_VER_ONLY_1 && v2) {
wpa_printf(MSG_DEBUG,
"DPP: Ignore PKEXv2 Exchange Request when configured to be PKEX v1 only");
return;
}
if (wpa_s->dpp_pkex_ver == PKEX_VER_ONLY_2 && !v2) {
wpa_printf(MSG_DEBUG,
"DPP: Ignore PKEXv1 Exchange Request when configured to be PKEX v2 only");
return;
}
/* TODO: Support multiple PKEX codes by iterating over all the enabled
* values here */
@ -3595,6 +3600,11 @@ int wpas_dpp_pkex_add(struct wpa_supplicant *wpa_s, const char *cmd)
{
struct dpp_bootstrap_info *own_bi;
const char *pos, *end;
#ifdef CONFIG_DPP3
enum dpp_pkex_ver ver = PKEX_VER_AUTO;
#else /* CONFIG_DPP3 */
enum dpp_pkex_ver ver = PKEX_VER_ONLY_1;
#endif /* CONFIG_DPP3 */
int tcp_port = DPP_TCP_PORT;
struct hostapd_ip_addr *ipaddr = NULL;
#ifdef CONFIG_DPP2
@ -3660,27 +3670,22 @@ int wpas_dpp_pkex_add(struct wpa_supplicant *wpa_s, const char *cmd)
if (!wpa_s->dpp_pkex_code)
return -1;
pos = os_strstr(cmd, " ver=");
if (pos) {
int v;
pos += 5;
v = atoi(pos);
if (v == 1)
ver = PKEX_VER_ONLY_1;
else if (v == 2)
ver = PKEX_VER_ONLY_2;
else
return -1;
}
wpa_s->dpp_pkex_ver = ver;
if (os_strstr(cmd, " init=1")) {
#ifdef CONFIG_DPP3
enum wpas_dpp_pkex_ver ver = PKEX_VER_AUTO;
#else /* CONFIG_DPP3 */
enum wpas_dpp_pkex_ver ver = PKEX_VER_ONLY_1;
#endif /* CONFIG_DPP3 */
pos = os_strstr(cmd, " ver=");
if (pos) {
int v;
pos += 5;
v = atoi(pos);
if (v == 1)
ver = PKEX_VER_ONLY_1;
else if (v == 2)
ver = PKEX_VER_ONLY_2;
else
return -1;
}
if (wpas_dpp_pkex_init(wpa_s, ver, ipaddr, tcp_port) < 0)
return -1;
} else {

View file

@ -14,6 +14,7 @@
#include "common/defs.h"
#include "common/sae.h"
#include "common/wpa_ctrl.h"
#include "common/dpp.h"
#include "crypto/sha384.h"
#include "eapol_supp/eapol_supp_sm.h"
#include "wps/wps_defs.h"
@ -1456,6 +1457,7 @@ struct wpa_supplicant {
struct dpp_bootstrap_info *dpp_pkex_bi;
char *dpp_pkex_code;
char *dpp_pkex_identifier;
enum dpp_pkex_ver dpp_pkex_ver;
char *dpp_pkex_auth_cmd;
char *dpp_configurator_params;
struct os_reltime dpp_last_init;