WPS: Add support for OOB dev password lengths 16..31

Previously, only the maximum length 32 octets for OOB device password
was accepted. Since the specification allows a shorter password to be
used with limited OOB mechanism (e.g., small NFC tag), we should accept
lengths 16..32.

Signed-hostap: Jouni Malinen <j@w1.fi>

diff --git a/src/wps/wps_attr_parse.c b/src/wps/wps_attr_parse.c
index f5ad403778236b96a15256d1a62e61c8126e87fd..d0d1efb4a09b4b09f4aabc82408b3b372f3e4618 100644 (file)
--- a/src/wps/wps_attr_parse.c
+++ b/src/wps/wps_attr_parse.c
@@ -262,12 +262,16 @@ static int wps_set_attr(struct wps_parse_attr *attr, u16 type,
                attr->dev_password_id = pos;
                break;
        case ATTR_OOB_DEVICE_PASSWORD:
-               if (len != WPS_OOB_DEVICE_PASSWORD_ATTR_LEN) {
+               if (len < WPS_OOB_PUBKEY_HASH_LEN + 2 +
+                   WPS_OOB_DEVICE_PASSWORD_MIN_LEN ||
+                   len > WPS_OOB_PUBKEY_HASH_LEN + 2 +
+                   WPS_OOB_DEVICE_PASSWORD_LEN) {
                        wpa_printf(MSG_DEBUG, "WPS: Invalid OOB Device "
                                   "Password length %u", len);
                        return -1;
                }
                attr->oob_dev_password = pos;
+               attr->oob_dev_password_len = len;
                break;
        case ATTR_OS_VERSION:
                if (len != 4) {

diff --git a/src/wps/wps_common.c b/src/wps/wps_common.c
index 510d99d3efbc72fd2d98647720b0d355a3525ed2..c7c0c297d09bdc703522257bb8285c5f1eb2e56b 100644 (file)
--- a/src/wps/wps_common.c
+++ b/src/wps/wps_common.c
@@ -375,6 +375,7 @@ static int wps_parse_oob_dev_pwd(struct wps_context *wps,
        struct oob_conf_data *oob_conf = &wps->oob_conf;
        struct wps_parse_attr attr;
        const u8 *pos;
+       size_t pw_len;
 
        if (wps_parse_msg(data, &attr) < 0 ||
            attr.oob_dev_password == NULL) {
@@ -397,17 +398,16 @@ static int wps_parse_oob_dev_pwd(struct wps_context *wps,
        wps->oob_dev_pw_id = WPA_GET_BE16(pos);
        pos += sizeof(wps->oob_dev_pw_id);
 
-       oob_conf->dev_password =
-               wpabuf_alloc(WPS_OOB_DEVICE_PASSWORD_LEN * 2 + 1);
+       pw_len = attr.oob_dev_password_len - WPS_OOB_PUBKEY_HASH_LEN - 2;
+       oob_conf->dev_password = wpabuf_alloc(pw_len * 2 + 1);
        if (oob_conf->dev_password == NULL) {
                wpa_printf(MSG_ERROR, "WPS: Failed to allocate memory for OOB "
                           "device password");
                return -1;
        }
        wpa_snprintf_hex_uppercase(wpabuf_put(oob_conf->dev_password,
-                                  wpabuf_size(oob_conf->dev_password)),
-                                  wpabuf_size(oob_conf->dev_password), pos,
-                                  WPS_OOB_DEVICE_PASSWORD_LEN);
+                                             pw_len * 2 + 1),
+                                  pw_len * 2 + 1, pos, pw_len);
 
        return 0;
 }

diff --git a/src/wps/wps_defs.h b/src/wps/wps_defs.h
index e128a195217adc61ab20c75c024fdb3b53ba5fe3..2f42603a78392785ba3675ba53bc043d12f4f7ec 100644 (file)
--- a/src/wps/wps_defs.h
+++ b/src/wps/wps_defs.h
@@ -41,7 +41,7 @@ extern int wps_testing_dummy_cred;
 #define WPS_MGMTAUTHKEY_LEN 32
 #define WPS_MGMTENCKEY_LEN 16
 #define WPS_MGMT_KEY_ID_LEN 16
-#define WPS_OOB_DEVICE_PASSWORD_ATTR_LEN 54
+#define WPS_OOB_DEVICE_PASSWORD_MIN_LEN 16
 #define WPS_OOB_DEVICE_PASSWORD_LEN 32
 #define WPS_OOB_PUBKEY_HASH_LEN 20
 

diff --git a/src/wps/wps_i.h b/src/wps/wps_i.h
index 1297f658f1281ddfad93f9f3b7845124e345e992..a873f33f1c96844f3338c1e066f3c276edfb8ad1 100644 (file)
--- a/src/wps/wps_i.h
+++ b/src/wps/wps_i.h
@@ -136,8 +136,6 @@ struct wps_parse_attr {
        const u8 *assoc_state; /* 2 octets */
        const u8 *config_error; /* 2 octets */
        const u8 *dev_password_id; /* 2 octets */
-       const u8 *oob_dev_password; /* WPS_OOB_DEVICE_PASSWORD_ATTR_LEN (54)
-                                    * octets */
        const u8 *os_version; /* 4 octets */
        const u8 *wps_state; /* 1 octet */
        const u8 *authenticator; /* WPS_AUTHENTICATOR_LEN (8) octets */
@@ -192,6 +190,8 @@ struct wps_parse_attr {
        size_t authorized_macs_len;
        const u8 *sec_dev_type_list; /* <= 128 octets */
        size_t sec_dev_type_list_len;
+       const u8 *oob_dev_password; /* 38..54 octets */
+       size_t oob_dev_password_len;
 
        /* attributes that can occur multiple times */
 #define MAX_CRED_COUNT 10