WPS: Add testing option to corrupt public key hash

If CONFIG_WPS_TESTING=y is enabled in build configuration, the new
wps_corrupt_pkhash parameter (similar to wps_testing_dummy_cred) can be
used to request public key hash to be corrupted in all generated OOB
Device Password attributes. This can be used for testing purposes to
validate public key hash validation steps.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>

diff --git a/hostapd/ctrl_iface.c b/hostapd/ctrl_iface.c
index e5c3022b9208b4b47607e78f5fe98ac9eb67af8e..4a9da5f6a85cdfd80d7993f990c644212db0c7fd 100644 (file)
--- a/hostapd/ctrl_iface.c
+++ b/hostapd/ctrl_iface.c
@@ -965,6 +965,10 @@ static int hostapd_ctrl_iface_set(struct hostapd_data *hapd, char *cmd)
                wps_testing_dummy_cred = atoi(value);
                wpa_printf(MSG_DEBUG, "WPS: Testing - dummy_cred=%d",
                           wps_testing_dummy_cred);
+       } else if (os_strcasecmp(cmd, "wps_corrupt_pkhash") == 0) {
+               wps_corrupt_pkhash = atoi(value);
+               wpa_printf(MSG_DEBUG, "WPS: Testing - wps_corrupt_pkhash=%d",
+                          wps_corrupt_pkhash);
 #endif /* CONFIG_WPS_TESTING */
 #ifdef CONFIG_INTERWORKING
        } else if (os_strcasecmp(cmd, "gas_frag_limit") == 0) {
@@ -1599,6 +1603,16 @@ static int hostapd_ctrl_iface_remove(struct hapd_interfaces *interfaces,
 }
 
 
+static void hostapd_ctrl_iface_flush(struct hapd_interfaces *interfaces)
+{
+#ifdef CONFIG_WPS_TESTING
+       wps_version_number = 0x20;
+       wps_testing_dummy_cred = 0;
+       wps_corrupt_pkhash = 0;
+#endif /* CONFIG_WPS_TESTING */
+}
+
+
 static void hostapd_global_ctrl_iface_receive(int sock, void *eloop_ctx,
                                              void *sock_ctx)
 {
@@ -1628,6 +1642,8 @@ static void hostapd_global_ctrl_iface_receive(int sock, void *eloop_ctx,
        } else if (os_strncmp(buf, "RELOG", 5) == 0) {
                if (wpa_debug_reopen_file() < 0)
                        reply_len = -1;
+       } else if (os_strcmp(buf, "FLUSH") == 0) {
+               hostapd_ctrl_iface_flush(interfaces);
        } else if (os_strncmp(buf, "ADD ", 4) == 0) {
                if (hostapd_ctrl_iface_add(interfaces, buf + 4) < 0)
                        reply_len = -1;

diff --git a/src/wps/wps.c b/src/wps/wps.c
index b40a68aeb73f71e52f8b609c2f63f29ceb3e6dda..3d019f10399edde69552d1be83081465587051fd 100644 (file)
--- a/src/wps/wps.c
+++ b/src/wps/wps.c
@@ -18,6 +18,7 @@
 #ifdef CONFIG_WPS_TESTING
 int wps_version_number = 0x20;
 int wps_testing_dummy_cred = 0;
+int wps_corrupt_pkhash = 0;
 #endif /* CONFIG_WPS_TESTING */
 
 

diff --git a/src/wps/wps_attr_build.c b/src/wps/wps_attr_build.c
index 8afbc7e5285f62f476a299759e4374385409167c..62d0feb9804612559503ad2d2632fa70638c2876 100644 (file)
--- a/src/wps/wps_attr_build.c
+++ b/src/wps/wps_attr_build.c
@@ -399,6 +399,14 @@ int wps_build_oob_dev_pw(struct wpabuf *msg, u16 dev_pw_id,
        addr[0] = wpabuf_head(pubkey);
        hash_len = wpabuf_len(pubkey);
        sha256_vector(1, addr, &hash_len, pubkey_hash);
+#ifdef CONFIG_WPS_TESTING
+       if (wps_corrupt_pkhash) {
+               wpa_hexdump(MSG_DEBUG, "WPS: Real Public Key Hash",
+                           pubkey_hash, WPS_OOB_PUBKEY_HASH_LEN);
+               wpa_printf(MSG_INFO, "WPS: Testing - corrupt public key hash");
+               pubkey_hash[WPS_OOB_PUBKEY_HASH_LEN - 2]++;
+       }
+#endif /* CONFIG_WPS_TESTING */
 
        wpabuf_put_be16(msg, ATTR_OOB_DEVICE_PASSWORD);
        wpabuf_put_be16(msg, WPS_OOB_PUBKEY_HASH_LEN + 2 + dev_pw_len);

diff --git a/src/wps/wps_defs.h b/src/wps/wps_defs.h
index a736f2756815239d572c3f4e7532bf3c82e037a8..6f8a49f04a5e8092377e7c76c6096c1527b87c1b 100644 (file)
--- a/src/wps/wps_defs.h
+++ b/src/wps/wps_defs.h
@@ -13,6 +13,7 @@
 
 extern int wps_version_number;
 extern int wps_testing_dummy_cred;
+extern int wps_corrupt_pkhash;
 #define WPS_VERSION wps_version_number
 
 #else /* CONFIG_WPS_TESTING */

diff --git a/wpa_supplicant/ctrl_iface.c b/wpa_supplicant/ctrl_iface.c
index 0644a747222f70b928c0922b5fa462fb5d695d7e..d9ab1dc680f7b7f007031bdac61a65451b815dfc 100644 (file)
--- a/wpa_supplicant/ctrl_iface.c
+++ b/wpa_supplicant/ctrl_iface.c
@@ -364,6 +364,10 @@ static int wpa_supplicant_ctrl_iface_set(struct wpa_supplicant *wpa_s,
                wps_testing_dummy_cred = atoi(value);
                wpa_printf(MSG_DEBUG, "WPS: Testing - dummy_cred=%d",
                           wps_testing_dummy_cred);
+       } else if (os_strcasecmp(cmd, "wps_corrupt_pkhash") == 0) {
+               wps_corrupt_pkhash = atoi(value);
+               wpa_printf(MSG_DEBUG, "WPS: Testing - wps_corrupt_pkhash=%d",
+                          wps_corrupt_pkhash);
 #endif /* CONFIG_WPS_TESTING */
        } else if (os_strcasecmp(cmd, "ampdu") == 0) {
                if (wpa_drv_ampdu(wpa_s, atoi(value)) < 0)
@@ -5388,6 +5392,7 @@ static void wpa_supplicant_ctrl_iface_flush(struct wpa_supplicant *wpa_s)
 #ifdef CONFIG_WPS_TESTING
        wps_version_number = 0x20;
        wps_testing_dummy_cred = 0;
+       wps_corrupt_pkhash = 0;
 #endif /* CONFIG_WPS_TESTING */
 #ifdef CONFIG_WPS
        wpa_s->wps_fragment_size = 0;