DPP: Omission of Auth Conf attributes for protocol testing

This extends the dpp_test mechanism to allow each of the required attributes in Authentication Confirm to be omitted. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-10-23 13:34:30 +03:00 · 2017-10-23 13:34:30 +03:00 · f9c7d77029
commit f9c7d77029
parent a0e3e22263
2 changed files with 44 additions and 2 deletions
--- a/src/common/dpp.c
+++ b/src/common/dpp.c
@ -2574,16 +2574,33 @@ static struct wpabuf * dpp_auth_build_conf(struct dpp_authentication *auth)

 	attr_start = wpabuf_put(msg, 0);

+#ifdef CONFIG_TESTING_OPTIONS
+	if (dpp_test == DPP_TEST_NO_STATUS_AUTH_CONF)
+		goto skip_status;
+#endif /* CONFIG_TESTING_OPTIONS */
+
 	/* DPP Status */
 	wpabuf_put_le16(msg, DPP_ATTR_STATUS);
 	wpabuf_put_le16(msg, 1);
 	wpabuf_put_u8(msg, DPP_STATUS_OK);

+#ifdef CONFIG_TESTING_OPTIONS
+skip_status:
+	if (dpp_test == DPP_TEST_NO_R_BOOTSTRAP_KEY_HASH_AUTH_CONF)
+		goto skip_r_bootstrap_key;
+#endif /* CONFIG_TESTING_OPTIONS */
+
 	/* Responder Bootstrapping Key Hash */
 	wpabuf_put_le16(msg, DPP_ATTR_R_BOOTSTRAP_KEY_HASH);
 	wpabuf_put_le16(msg, SHA256_MAC_LEN);
 	wpabuf_put_data(msg, auth->peer_bi->pubkey_hash, SHA256_MAC_LEN);

+#ifdef CONFIG_TESTING_OPTIONS
+skip_r_bootstrap_key:
+	if (dpp_test == DPP_TEST_NO_I_BOOTSTRAP_KEY_HASH_AUTH_CONF)
+		goto skip_i_bootstrap_key;
+#endif /* CONFIG_TESTING_OPTIONS */
+
 	if (auth->own_bi) {
 		/* Mutual authentication */
 		/* Initiator Bootstrapping Key Hash */
@ -2592,6 +2609,14 @@ static struct wpabuf * dpp_auth_build_conf(struct dpp_authentication *auth)
 		wpabuf_put_data(msg, auth->own_bi->pubkey_hash, SHA256_MAC_LEN);
 	}

+#ifdef CONFIG_TESTING_OPTIONS
+skip_i_bootstrap_key:
+	if (dpp_test == DPP_TEST_NO_WRAPPED_DATA_AUTH_CONF)
+		goto skip_wrapped_data;
+	if (dpp_test == DPP_TEST_NO_I_AUTH_AUTH_CONF)
+		i_auth_len = 0;
+#endif /* CONFIG_TESTING_OPTIONS */
+
 	attr_end = wpabuf_put(msg, 0);

 	/* OUI, OUI type, Crypto Suite, DPP frame type */
@ -2607,11 +2632,22 @@ static struct wpabuf * dpp_auth_build_conf(struct dpp_authentication *auth)
 	wpabuf_put_le16(msg, DPP_ATTR_WRAPPED_DATA);
 	wpabuf_put_le16(msg, i_auth_len + AES_BLOCK_SIZE);
 	wrapped_i_auth = wpabuf_put(msg, i_auth_len + AES_BLOCK_SIZE);
+
+#ifdef CONFIG_TESTING_OPTIONS
+	if (dpp_test == DPP_TEST_NO_I_AUTH_AUTH_CONF)
+		goto skip_i_auth;
+#endif /* CONFIG_TESTING_OPTIONS */
+
 	/* I-auth = H(R-nonce | I-nonce | PR.x | PI.x | BR.x | [BI.x |] 1) */
 	WPA_PUT_LE16(i_auth, DPP_ATTR_I_AUTH_TAG);
 	WPA_PUT_LE16(&i_auth[2], auth->curve->hash_len);
-	if (dpp_gen_i_auth(auth, i_auth + 4) < 0 ||
-	    aes_siv_encrypt(auth->ke, auth->curve->hash_len,
+	if (dpp_gen_i_auth(auth, i_auth + 4) < 0)
+		goto fail;
+
+#ifdef CONFIG_TESTING_OPTIONS
+skip_i_auth:
+#endif /* CONFIG_TESTING_OPTIONS */
+	if (aes_siv_encrypt(auth->ke, auth->curve->hash_len,
 			    i_auth, i_auth_len,
 			    2, addr, len, wrapped_i_auth) < 0)
 		goto fail;
@ -2624,6 +2660,7 @@ static struct wpabuf * dpp_auth_build_conf(struct dpp_authentication *auth)
 		wpabuf_put_le16(msg, DPP_ATTR_TESTING);
 		wpabuf_put_le16(msg, 0);
 	}
+skip_wrapped_data:
 #endif /* CONFIG_TESTING_OPTIONS */

 	wpa_hexdump_buf(MSG_DEBUG,
--- a/src/common/dpp.h
+++ b/src/common/dpp.h
@ -231,6 +231,11 @@ enum dpp_test_behavior {
 	DPP_TEST_NO_R_CAPAB_AUTH_RESP = 22,
 	DPP_TEST_NO_R_AUTH_AUTH_RESP = 23,
 	DPP_TEST_NO_WRAPPED_DATA_AUTH_RESP = 24,
+	DPP_TEST_NO_STATUS_AUTH_CONF = 25,
+	DPP_TEST_NO_R_BOOTSTRAP_KEY_HASH_AUTH_CONF = 26,
+	DPP_TEST_NO_I_BOOTSTRAP_KEY_HASH_AUTH_CONF = 27,
+	DPP_TEST_NO_I_AUTH_AUTH_CONF = 28,
+	DPP_TEST_NO_WRAPPED_DATA_AUTH_CONF = 29,
 };

 extern enum dpp_test_behavior dpp_test;