const u8 *buf, size_t len,
unsigned int freq)
{
- const u8 *connector;
- u16 connector_len;
+ const u8 *connector, *trans_id;
+ u16 connector_len, trans_id_len;
struct os_time now;
struct dpp_introduction intro;
os_time_t expire;
return;
}
+ trans_id = dpp_get_attr(buf, len, DPP_ATTR_TRANSACTION_ID,
+ &trans_id_len);
+ if (!trans_id || trans_id_len != 1) {
+ wpa_printf(MSG_DEBUG,
+ "DPP: Peer did not include Transaction ID");
+ return;
+ }
+
connector = dpp_get_attr(buf, len, DPP_ATTR_CONNECTOR, &connector_len);
if (!connector) {
wpa_printf(MSG_DEBUG,
}
msg = dpp_alloc_msg(DPP_PA_PEER_DISCOVERY_RESP,
- 2 * (4 + SHA256_MAC_LEN) +
- 4 + os_strlen(hapd->conf->dpp_connector));
+ 5 + 4 + os_strlen(hapd->conf->dpp_connector));
if (!msg)
return;
- /* SHA256(PK) */
- wpabuf_put_le16(msg, DPP_ATTR_PEER_NET_PK_HASH);
- wpabuf_put_le16(msg, SHA256_MAC_LEN);
- wpabuf_put_data(msg, intro.pk_hash, SHA256_MAC_LEN);
-
- /* SHA256(NK) */
- wpabuf_put_le16(msg, DPP_ATTR_OWN_NET_NK_HASH);
- wpabuf_put_le16(msg, SHA256_MAC_LEN);
- wpabuf_put_data(msg, intro.nk_hash, SHA256_MAC_LEN);
+ /* Transaction ID */
+ wpabuf_put_le16(msg, DPP_ATTR_TRANSACTION_ID);
+ wpabuf_put_le16(msg, 1);
+ wpabuf_put_u8(msg, trans_id[0]);
/* DPP Connector */
wpabuf_put_le16(msg, DPP_ATTR_CONNECTOR);
}
-static int dpp_netkey_hash(EVP_PKEY *key, u8 *hash)
-{
- EC_KEY *eckey;
- unsigned char *der = NULL;
- int ret, der_len;
- const u8 *addr[1];
- size_t len[1];
-
- eckey = EVP_PKEY_get1_EC_KEY(key);
- if (!eckey)
- return -1;
- EC_KEY_set_conv_form(eckey, POINT_CONVERSION_COMPRESSED);
- der_len = i2d_EC_PUBKEY(eckey, &der);
- EC_KEY_free(eckey);
- if (der_len <= 0)
- return -1;
- addr[0] = der;
- len[0] = der_len;
- ret = sha256_vector(1, addr, len, hash);
- OPENSSL_free(der);
- return ret;
-}
-
-
int dpp_peer_intro(struct dpp_introduction *intro, const char *own_connector,
const u8 *net_access_key, size_t net_access_key_len,
const u8 *csign_key, size_t csign_key_len,
goto fail;
}
- if (dpp_netkey_hash(own_key, intro->nk_hash) < 0 ||
- dpp_netkey_hash(peer_key, intro->pk_hash) < 0) {
- wpa_printf(MSG_ERROR, "DPP: Failed to derive NK/PK hash");
- goto fail;
- }
-
ret = 0;
fail:
if (ret < 0)
DPP_ATTR_CONNECTOR = 0x100D,
DPP_ATTR_CONFIG_ATTR_OBJ = 0x100E,
DPP_ATTR_BOOTSTRAP_KEY = 0x100F,
- DPP_ATTR_PEER_NET_PK_HASH = 0x1010,
DPP_ATTR_OWN_NET_NK_HASH = 0x1011,
DPP_ATTR_FINITE_CYCLIC_GROUP = 0x1012,
DPP_ATTR_ENCRYPTED_KEY = 0x1013,
DPP_ATTR_ENROLLEE_NONCE = 0x1014,
DPP_ATTR_CODE_IDENTIFIER = 0x1015,
+ DPP_ATTR_TRANSACTION_ID = 0x1016,
};
enum dpp_status_error {
u8 pmkid[PMKID_LEN];
u8 pmk[PMK_LEN_MAX];
size_t pmk_len;
- u8 pk_hash[SHA256_MAC_LEN];
- u8 nk_hash[SHA256_MAC_LEN];
};
void dpp_bootstrap_info_free(struct dpp_bootstrap_info *info);
static const u8 broadcast[ETH_ALEN] = { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff };
+/* Use a hardcoded Transaction ID 1 in Peer Discovery frames since there is only
+ * a single transaction in progress at any point in time. */
+static const u8 TRANSACTION_ID = 1;
+
static struct dpp_configurator *
dpp_configurator_get_id(struct wpa_supplicant *wpa_s, unsigned int id)
const u8 *buf, size_t len)
{
struct wpa_ssid *ssid;
- const u8 *connector, *pk_hash, *nk_hash;
- u16 connector_len, pk_hash_len, nk_hash_len;
+ const u8 *connector, *trans_id;
+ u16 connector_len, trans_id_len;
struct dpp_introduction intro;
struct rsn_pmksa_cache_entry *entry;
struct os_time now;
return;
}
+ trans_id = dpp_get_attr(buf, len, DPP_ATTR_TRANSACTION_ID,
+ &trans_id_len);
+ if (!trans_id || trans_id_len != 1) {
+ wpa_printf(MSG_DEBUG,
+ "DPP: Peer did not include Transaction ID");
+ goto fail;
+ }
+ if (trans_id[0] != TRANSACTION_ID) {
+ wpa_printf(MSG_DEBUG,
+ "DPP: Ignore frame with unexpected Transaction ID %u",
+ trans_id[0]);
+ goto fail;
+ }
+
connector = dpp_get_attr(buf, len, DPP_ATTR_CONNECTOR, &connector_len);
if (!connector) {
wpa_printf(MSG_DEBUG,
goto fail;
}
- pk_hash = dpp_get_attr(buf, len, DPP_ATTR_PEER_NET_PK_HASH,
- &pk_hash_len);
- if (!pk_hash || pk_hash_len != SHA256_MAC_LEN) {
- wpa_printf(MSG_DEBUG, "DPP: Peer did not include SHA256(PK)");
- goto fail;
- }
- if (os_memcmp(pk_hash, intro.nk_hash, SHA256_MAC_LEN) != 0) {
- wpa_printf(MSG_DEBUG, "DPP: SHA256(PK) mismatch");
- wpa_hexdump(MSG_DEBUG, "DPP: Received SHA256(PK)",
- pk_hash, pk_hash_len);
- wpa_hexdump(MSG_DEBUG, "DPP: Calculated SHA256(PK)",
- intro.nk_hash, SHA256_MAC_LEN);
- goto fail;
- }
-
- nk_hash = dpp_get_attr(buf, len, DPP_ATTR_OWN_NET_NK_HASH,
- &nk_hash_len);
- if (!nk_hash || nk_hash_len != SHA256_MAC_LEN) {
- wpa_printf(MSG_DEBUG, "DPP: Peer did not include SHA256(NK)");
- goto fail;
- }
- if (os_memcmp(nk_hash, intro.pk_hash, SHA256_MAC_LEN) != 0) {
- wpa_printf(MSG_DEBUG, "DPP: SHA256(NK) mismatch");
- wpa_hexdump(MSG_DEBUG, "DPP: Received SHA256(NK)",
- nk_hash, nk_hash_len);
- wpa_hexdump(MSG_DEBUG, "DPP: Calculated SHA256(NK)",
- intro.pk_hash, SHA256_MAC_LEN);
- goto fail;
- }
-
entry = os_zalloc(sizeof(*entry));
if (!entry)
goto fail;
MACSTR, MAC2STR(bss->bssid));
msg = dpp_alloc_msg(DPP_PA_PEER_DISCOVERY_REQ,
- 4 + os_strlen(ssid->dpp_connector));
+ 5 + 4 + os_strlen(ssid->dpp_connector));
if (!msg)
return -1;
+ /* Transaction ID */
+ wpabuf_put_le16(msg, DPP_ATTR_TRANSACTION_ID);
+ wpabuf_put_le16(msg, 1);
+ wpabuf_put_u8(msg, TRANSACTION_ID);
+
/* DPP Connector */
wpabuf_put_le16(msg, DPP_ATTR_CONNECTOR);
wpabuf_put_le16(msg, os_strlen(ssid->dpp_connector));