DPP3: Use Connector version instead of current version in Peer Discovery

Generate Peer Discovery Request/Response messages using the protected
version from the Connector, if present, instead of the currently
supported protocol version which might be higher than the one that got
included into the signed Connector during provisioning earlier.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
This commit is contained in:
Jouni Malinen 2021-12-03 16:33:46 +02:00 committed by Jouni Malinen
parent 0cfb726895
commit f26fd5ee6c
4 changed files with 49 additions and 2 deletions

View file

@ -1558,10 +1558,23 @@ skip_connector:
#ifdef CONFIG_DPP2 #ifdef CONFIG_DPP2
if (DPP_VERSION > 1) { if (DPP_VERSION > 1) {
u8 ver = DPP_VERSION;
#ifdef CONFIG_DPP3
int conn_ver;
conn_ver = dpp_get_connector_version(hapd->conf->dpp_connector);
if (conn_ver > 0 && ver != conn_ver) {
wpa_printf(MSG_DEBUG,
"DPP: Use Connector version %d instead of current protocol version %d",
conn_ver, ver);
ver = conn_ver;
}
#endif /* CONFIG_DPP3 */
/* Protocol Version */ /* Protocol Version */
wpabuf_put_le16(msg, DPP_ATTR_PROTOCOL_VERSION); wpabuf_put_le16(msg, DPP_ATTR_PROTOCOL_VERSION);
wpabuf_put_le16(msg, 1); wpabuf_put_le16(msg, 1);
wpabuf_put_u8(msg, DPP_VERSION); wpabuf_put_u8(msg, ver);
} }
#endif /* CONFIG_DPP2 */ #endif /* CONFIG_DPP2 */

View file

@ -3760,6 +3760,26 @@ fail:
} }
#ifdef CONFIG_DPP3
int dpp_get_connector_version(const char *connector)
{
struct json_token *root, *token;
int ver = -1;
root = dpp_parse_own_connector(connector);
if (!root)
return -1;
token = json_get_member(root, "version");
if (token && token->type == JSON_NUMBER)
ver = token->number;
json_free(root);
return ver;
}
#endif /* CONFIG_DPP3 */
unsigned int dpp_next_id(struct dpp_global *dpp) unsigned int dpp_next_id(struct dpp_global *dpp)
{ {
struct dpp_bootstrap_info *bi; struct dpp_bootstrap_info *bi;

View file

@ -595,6 +595,7 @@ dpp_peer_intro(struct dpp_introduction *intro, const char *own_connector,
const u8 *csign_key, size_t csign_key_len, const u8 *csign_key, size_t csign_key_len,
const u8 *peer_connector, size_t peer_connector_len, const u8 *peer_connector, size_t peer_connector_len,
os_time_t *expiry); os_time_t *expiry);
int dpp_get_connector_version(const char *connector);
struct dpp_pkex * dpp_pkex_init(void *msg_ctx, struct dpp_bootstrap_info *bi, struct dpp_pkex * dpp_pkex_init(void *msg_ctx, struct dpp_bootstrap_info *bi,
const u8 *own_mac, const u8 *own_mac,
const char *identifier, const char *identifier,

View file

@ -3196,10 +3196,23 @@ skip_connector:
#ifdef CONFIG_DPP2 #ifdef CONFIG_DPP2
if (DPP_VERSION > 1) { if (DPP_VERSION > 1) {
u8 ver = DPP_VERSION;
#ifdef CONFIG_DPP3
int conn_ver;
conn_ver = dpp_get_connector_version(ssid->dpp_connector);
if (conn_ver > 0 && ver != conn_ver) {
wpa_printf(MSG_DEBUG,
"DPP: Use Connector version %d instead of current protocol version %d",
conn_ver, ver);
ver = conn_ver;
}
#endif /* CONFIG_DPP3 */
/* Protocol Version */ /* Protocol Version */
wpabuf_put_le16(msg, DPP_ATTR_PROTOCOL_VERSION); wpabuf_put_le16(msg, DPP_ATTR_PROTOCOL_VERSION);
wpabuf_put_le16(msg, 1); wpabuf_put_le16(msg, 1);
wpabuf_put_u8(msg, DPP_VERSION); wpabuf_put_u8(msg, ver);
} }
#endif /* CONFIG_DPP2 */ #endif /* CONFIG_DPP2 */