From eeb72e7c9afd861d73798de1da211e38c236e568 Mon Sep 17 00:00:00 2001 From: Jouni Malinen Date: Mon, 7 Mar 2022 21:37:40 +0200 Subject: [PATCH] DPP: Extend DPP_PKEX_ADD ver=<1/2> to cover Responder role Allow PKEX v1-only or v2-only behavior to be specific for the Responder role. This is mainly for testing purposes. Signed-off-by: Jouni Malinen --- src/ap/dpp_hostapd.c | 59 +++++++++++++++++-------------- src/ap/hostapd.h | 2 ++ src/common/dpp.h | 6 ++++ wpa_supplicant/dpp_supplicant.c | 59 +++++++++++++++++-------------- wpa_supplicant/wpa_supplicant_i.h | 2 ++ 5 files changed, 74 insertions(+), 54 deletions(-) diff --git a/src/ap/dpp_hostapd.c b/src/ap/dpp_hostapd.c index 96a13fb6f..74d7a5923 100644 --- a/src/ap/dpp_hostapd.c +++ b/src/ap/dpp_hostapd.c @@ -346,14 +346,8 @@ static int hostapd_dpp_pkex_done(void *ctx, void *conn, #endif /* CONFIG_DPP2 */ -enum hostapd_dpp_pkex_ver { - PKEX_VER_AUTO, - PKEX_VER_ONLY_1, - PKEX_VER_ONLY_2, -}; - static int hostapd_dpp_pkex_init(struct hostapd_data *hapd, - enum hostapd_dpp_pkex_ver ver, + enum dpp_pkex_ver ver, const struct hostapd_ip_addr *ipaddr, int tcp_port) { @@ -1986,6 +1980,17 @@ hostapd_dpp_rx_pkex_exchange_req(struct hostapd_data *hapd, const u8 *src, wpa_printf(MSG_DEBUG, "DPP: PKEX Exchange Request from " MACSTR, MAC2STR(src)); + if (hapd->dpp_pkex_ver == PKEX_VER_ONLY_1 && v2) { + wpa_printf(MSG_DEBUG, + "DPP: Ignore PKEXv2 Exchange Request when configured to be PKEX v1 only"); + return; + } + if (hapd->dpp_pkex_ver == PKEX_VER_ONLY_2 && !v2) { + wpa_printf(MSG_DEBUG, + "DPP: Ignore PKEXv1 Exchange Request when configured to be PKEX v2 only"); + return; + } + /* TODO: Support multiple PKEX codes by iterating over all the enabled * values here */ @@ -2409,6 +2414,11 @@ int hostapd_dpp_pkex_add(struct hostapd_data *hapd, const char *cmd) { struct dpp_bootstrap_info *own_bi; const char *pos, *end; +#ifdef CONFIG_DPP3 + enum dpp_pkex_ver ver = PKEX_VER_AUTO; +#else /* CONFIG_DPP3 */ + enum dpp_pkex_ver ver = PKEX_VER_ONLY_1; +#endif /* CONFIG_DPP3 */ int tcp_port = DPP_TCP_PORT; struct hostapd_ip_addr *ipaddr = NULL; #ifdef CONFIG_DPP2 @@ -2474,27 +2484,22 @@ int hostapd_dpp_pkex_add(struct hostapd_data *hapd, const char *cmd) if (!hapd->dpp_pkex_code) return -1; + pos = os_strstr(cmd, " ver="); + if (pos) { + int v; + + pos += 5; + v = atoi(pos); + if (v == 1) + ver = PKEX_VER_ONLY_1; + else if (v == 2) + ver = PKEX_VER_ONLY_2; + else + return -1; + } + hapd->dpp_pkex_ver = ver; + if (os_strstr(cmd, " init=1")) { -#ifdef CONFIG_DPP3 - enum hostapd_dpp_pkex_ver ver = PKEX_VER_AUTO; -#else /* CONFIG_DPP3 */ - enum hostapd_dpp_pkex_ver ver = PKEX_VER_ONLY_1; -#endif /* CONFIG_DPP3 */ - - pos = os_strstr(cmd, " ver="); - if (pos) { - int v; - - pos += 5; - v = atoi(pos); - if (v == 1) - ver = PKEX_VER_ONLY_1; - else if (v == 2) - ver = PKEX_VER_ONLY_2; - else - return -1; - } - if (hostapd_dpp_pkex_init(hapd, ver, ipaddr, tcp_port) < 0) return -1; } else { diff --git a/src/ap/hostapd.h b/src/ap/hostapd.h index f3ca7529a..c797a52ec 100644 --- a/src/ap/hostapd.h +++ b/src/ap/hostapd.h @@ -14,6 +14,7 @@ #endif /* CONFIG_SQLITE */ #include "common/defs.h" +#include "common/dpp.h" #include "utils/list.h" #include "ap_config.h" #include "drivers/driver.h" @@ -388,6 +389,7 @@ struct hostapd_data { struct dpp_bootstrap_info *dpp_pkex_bi; char *dpp_pkex_code; char *dpp_pkex_identifier; + enum dpp_pkex_ver dpp_pkex_ver; char *dpp_pkex_auth_cmd; char *dpp_configurator_params; struct os_reltime dpp_last_init; diff --git a/src/common/dpp.h b/src/common/dpp.h index daf27f68e..27377f6cf 100644 --- a/src/common/dpp.h +++ b/src/common/dpp.h @@ -172,6 +172,12 @@ struct dpp_bootstrap_info { #define PKEX_COUNTER_T_LIMIT 5 +enum dpp_pkex_ver { + PKEX_VER_AUTO, + PKEX_VER_ONLY_1, + PKEX_VER_ONLY_2, +}; + struct dpp_pkex { void *msg_ctx; unsigned int initiator:1; diff --git a/wpa_supplicant/dpp_supplicant.c b/wpa_supplicant/dpp_supplicant.c index 20a111c89..380354294 100644 --- a/wpa_supplicant/dpp_supplicant.c +++ b/wpa_supplicant/dpp_supplicant.c @@ -2729,14 +2729,8 @@ static int wpas_dpp_pkex_done(void *ctx, void *conn, #endif /* CONFIG_DPP2 */ -enum wpas_dpp_pkex_ver { - PKEX_VER_AUTO, - PKEX_VER_ONLY_1, - PKEX_VER_ONLY_2, -}; - static int wpas_dpp_pkex_init(struct wpa_supplicant *wpa_s, - enum wpas_dpp_pkex_ver ver, + enum dpp_pkex_ver ver, const struct hostapd_ip_addr *ipaddr, int tcp_port) { @@ -2889,6 +2883,17 @@ wpas_dpp_rx_pkex_exchange_req(struct wpa_supplicant *wpa_s, const u8 *src, wpa_printf(MSG_DEBUG, "DPP: PKEX Exchange Request from " MACSTR, MAC2STR(src)); + if (wpa_s->dpp_pkex_ver == PKEX_VER_ONLY_1 && v2) { + wpa_printf(MSG_DEBUG, + "DPP: Ignore PKEXv2 Exchange Request when configured to be PKEX v1 only"); + return; + } + if (wpa_s->dpp_pkex_ver == PKEX_VER_ONLY_2 && !v2) { + wpa_printf(MSG_DEBUG, + "DPP: Ignore PKEXv1 Exchange Request when configured to be PKEX v2 only"); + return; + } + /* TODO: Support multiple PKEX codes by iterating over all the enabled * values here */ @@ -3595,6 +3600,11 @@ int wpas_dpp_pkex_add(struct wpa_supplicant *wpa_s, const char *cmd) { struct dpp_bootstrap_info *own_bi; const char *pos, *end; +#ifdef CONFIG_DPP3 + enum dpp_pkex_ver ver = PKEX_VER_AUTO; +#else /* CONFIG_DPP3 */ + enum dpp_pkex_ver ver = PKEX_VER_ONLY_1; +#endif /* CONFIG_DPP3 */ int tcp_port = DPP_TCP_PORT; struct hostapd_ip_addr *ipaddr = NULL; #ifdef CONFIG_DPP2 @@ -3660,27 +3670,22 @@ int wpas_dpp_pkex_add(struct wpa_supplicant *wpa_s, const char *cmd) if (!wpa_s->dpp_pkex_code) return -1; + pos = os_strstr(cmd, " ver="); + if (pos) { + int v; + + pos += 5; + v = atoi(pos); + if (v == 1) + ver = PKEX_VER_ONLY_1; + else if (v == 2) + ver = PKEX_VER_ONLY_2; + else + return -1; + } + wpa_s->dpp_pkex_ver = ver; + if (os_strstr(cmd, " init=1")) { -#ifdef CONFIG_DPP3 - enum wpas_dpp_pkex_ver ver = PKEX_VER_AUTO; -#else /* CONFIG_DPP3 */ - enum wpas_dpp_pkex_ver ver = PKEX_VER_ONLY_1; -#endif /* CONFIG_DPP3 */ - - pos = os_strstr(cmd, " ver="); - if (pos) { - int v; - - pos += 5; - v = atoi(pos); - if (v == 1) - ver = PKEX_VER_ONLY_1; - else if (v == 2) - ver = PKEX_VER_ONLY_2; - else - return -1; - } - if (wpas_dpp_pkex_init(wpa_s, ver, ipaddr, tcp_port) < 0) return -1; } else { diff --git a/wpa_supplicant/wpa_supplicant_i.h b/wpa_supplicant/wpa_supplicant_i.h index 111aa0744..5d2f23d1b 100644 --- a/wpa_supplicant/wpa_supplicant_i.h +++ b/wpa_supplicant/wpa_supplicant_i.h @@ -14,6 +14,7 @@ #include "common/defs.h" #include "common/sae.h" #include "common/wpa_ctrl.h" +#include "common/dpp.h" #include "crypto/sha384.h" #include "eapol_supp/eapol_supp_sm.h" #include "wps/wps_defs.h" @@ -1456,6 +1457,7 @@ struct wpa_supplicant { struct dpp_bootstrap_info *dpp_pkex_bi; char *dpp_pkex_code; char *dpp_pkex_identifier; + enum dpp_pkex_ver dpp_pkex_ver; char *dpp_pkex_auth_cmd; char *dpp_configurator_params; struct os_reltime dpp_last_init;