DPP2: Move E-nonce to be outside wrapped data in Reconfig Auth Resp

This was changed in the protocol design to allow ke derivation to use
E-nonce, so update implementation to match.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>

diff --git a/src/common/dpp_reconfig.c b/src/common/dpp_reconfig.c
index 13324a047406ba79a9d753af0d867fa69aee42c0..225bac5e55e4bc91e7c324fd7b8daf932c9e1918 100644 (file)
--- a/src/common/dpp_reconfig.c
+++ b/src/common/dpp_reconfig.c
@@ -325,7 +325,7 @@ static int dpp_reconfig_build_resp(struct dpp_authentication *auth,
        int res = -1;
 
        /* Build DPP Reconfig Authentication Response frame attributes */
-       clear_len = 2 * (4 + auth->curve->nonce_len) +
+       clear_len = 4 + auth->curve->nonce_len +
                4 + wpabuf_len(conn_status);
        clear = wpabuf_alloc(clear_len);
        if (!clear)
@@ -336,11 +336,6 @@ static int dpp_reconfig_build_resp(struct dpp_authentication *auth,
        wpabuf_put_le16(clear, auth->curve->nonce_len);
        wpabuf_put_data(clear, auth->c_nonce, auth->curve->nonce_len);
 
-       /* E-nonce (wrapped) */
-       wpabuf_put_le16(clear, DPP_ATTR_ENROLLEE_NONCE);
-       wpabuf_put_le16(clear, auth->curve->nonce_len);
-       wpabuf_put_data(clear, auth->e_nonce, auth->curve->nonce_len);
-
        /* Connection Status (wrapped) */
        wpabuf_put_le16(clear, DPP_ATTR_CONN_STATUS);
        wpabuf_put_le16(clear, wpabuf_len(conn_status));
@@ -352,6 +347,7 @@ static int dpp_reconfig_build_resp(struct dpp_authentication *auth,
 
        attr_len = 4 + 1 + 4 + 1 +
                4 + os_strlen(own_connector) +
+               4 + auth->curve->nonce_len +
                4 + wpabuf_len(pr) +
                4 + wpabuf_len(clear) + AES_BLOCK_SIZE;
        msg = dpp_alloc_msg(DPP_PA_RECONFIG_AUTH_RESP, attr_len);
@@ -375,6 +371,11 @@ static int dpp_reconfig_build_resp(struct dpp_authentication *auth,
        wpabuf_put_le16(msg, os_strlen(own_connector));
        wpabuf_put_str(msg, own_connector);
 
+       /* E-nonce */
+       wpabuf_put_le16(msg, DPP_ATTR_ENROLLEE_NONCE);
+       wpabuf_put_le16(msg, auth->curve->nonce_len);
+       wpabuf_put_data(msg, auth->e_nonce, auth->curve->nonce_len);
+
        /* Responder Protocol Key (Pr) */
        wpabuf_put_le16(msg, DPP_ATTR_R_PROTOCOL_KEY);
        wpabuf_put_le16(msg, wpabuf_len(pr));
@@ -719,6 +720,15 @@ dpp_reconfig_auth_resp_rx(struct dpp_authentication *auth, const u8 *hdr,
        wpa_hexdump_ascii(MSG_DEBUG, "DPP: R-Connector",
                          r_connector, r_connector_len);
 
+       e_nonce = dpp_get_attr(attr_start, attr_len,
+                              DPP_ATTR_ENROLLEE_NONCE, &e_nonce_len);
+       if (!e_nonce || e_nonce_len != auth->curve->nonce_len) {
+               dpp_auth_fail(auth, "Missing or invalid E-nonce");
+               goto fail;
+       }
+       wpa_hexdump(MSG_DEBUG, "DPP: E-nonce", e_nonce, e_nonce_len);
+       os_memcpy(auth->e_nonce, e_nonce, e_nonce_len);
+
        r_proto = dpp_get_attr(attr_start, attr_len, DPP_ATTR_R_PROTOCOL_KEY,
                               &r_proto_len);
        if (!r_proto) {
@@ -796,15 +806,6 @@ dpp_reconfig_auth_resp_rx(struct dpp_authentication *auth, const u8 *hdr,
        }
        wpa_hexdump(MSG_DEBUG, "DPP: C-nonce", c_nonce, c_nonce_len);
 
-       e_nonce = dpp_get_attr(unwrapped, unwrapped_len,
-                              DPP_ATTR_ENROLLEE_NONCE, &e_nonce_len);
-       if (!e_nonce || e_nonce_len != auth->curve->nonce_len) {
-               dpp_auth_fail(auth, "Missing or invalid E-nonce");
-               goto fail;
-       }
-       wpa_hexdump(MSG_DEBUG, "DPP: E-nonce", e_nonce, e_nonce_len);
-       os_memcpy(auth->e_nonce, e_nonce, e_nonce_len);
-
        conn_status = dpp_get_attr(unwrapped, unwrapped_len,
                                   DPP_ATTR_CONN_STATUS, &conn_status_len);
        if (!conn_status) {