DPP3: Fix push button boostrapping key passing through PKEX

When PKEX was started through the push button mechanism, the own
bootstrapping key was not bound correctly to the Authentication phase
information and that ended up in incorrectly generating a new
bootstrapping key for the Authentication exchange. Fix this by added the
needed own=<id> parameter into the cached parameters when using push
button.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>

diff --git a/src/ap/dpp_hostapd.c b/src/ap/dpp_hostapd.c
index 37969a364b067f993e7cd0b1934149ce2f0f00cf..e4eb1e944bb90195b16b2aa8b7d8251ad882b865 100644 (file)
--- a/src/ap/dpp_hostapd.c
+++ b/src/ap/dpp_hostapd.c
@@ -2361,6 +2361,7 @@ static void hostapd_dpp_pb_pkex_init(struct hostapd_data *hapd,
        struct sae_password_entry *e;
        int conf_id = -1;
        bool sae = false, psk = false;
+       size_t len;
 
        if (hapd->dpp_pkex) {
                wpa_printf(MSG_DEBUG,
@@ -2401,11 +2402,14 @@ static void hostapd_dpp_pb_pkex_init(struct hostapd_data *hapd,
        if (ifaces->dpp_pb_cmd) {
                /* Use the externally provided configuration */
                os_free(hapd->dpp_pkex_auth_cmd);
-               hapd->dpp_pkex_auth_cmd = os_strdup(ifaces->dpp_pb_cmd);
+               len = 30 + os_strlen(ifaces->dpp_pb_cmd);
+               hapd->dpp_pkex_auth_cmd = os_malloc(len);
                if (!hapd->dpp_pkex_auth_cmd) {
                        hostapd_dpp_push_button_stop(hapd);
                        return;
                }
+               os_snprintf(hapd->dpp_pkex_auth_cmd, len, " own=%d %s",
+                           hapd->dpp_pkex_bi->id, ifaces->dpp_pb_cmd);
                return;
        }
 
@@ -2439,8 +2443,7 @@ static void hostapd_dpp_pb_pkex_init(struct hostapd_data *hapd,
            hapd->conf->ssid.wpa_passphrase)
                password = hapd->conf->ssid.wpa_passphrase;
        if (password) {
-               size_t len = 2 * os_strlen(password) + 1;
-
+               len = 2 * os_strlen(password) + 1;
                pass_hex = os_malloc(len);
                if (!pass_hex) {
                        hostapd_dpp_push_button_stop(hapd);
@@ -2484,7 +2487,11 @@ static void hostapd_dpp_pb_pkex_init(struct hostapd_data *hapd,
        str_clear_free(pass_hex);
 
        os_free(hapd->dpp_pkex_auth_cmd);
-       hapd->dpp_pkex_auth_cmd = os_strdup(cmd);
+       len = 30 + os_strlen(cmd);
+       hapd->dpp_pkex_auth_cmd = os_malloc(len);
+       if (hapd->dpp_pkex_auth_cmd)
+               os_snprintf(hapd->dpp_pkex_auth_cmd, len, " own=%d %s",
+                           hapd->dpp_pkex_bi->id, cmd);
        forced_memzero(cmd, sizeof(cmd));
        if (!hapd->dpp_pkex_auth_cmd) {
                hostapd_dpp_push_button_stop(hapd);

diff --git a/wpa_supplicant/dpp_supplicant.c b/wpa_supplicant/dpp_supplicant.c
index d03e79297feec89a9a05b1b9f500dbec5bdd3102..4965418b41ffd193890136af542d1cf0a59248aa 100644 (file)
--- a/wpa_supplicant/dpp_supplicant.c
+++ b/wpa_supplicant/dpp_supplicant.c
@@ -3282,6 +3282,7 @@ static void wpas_dpp_pb_pkex_init(struct wpa_supplicant *wpa_s,
        struct dpp_pkex *pkex;
        struct wpabuf *msg;
        unsigned int wait_time;
+       size_t len;
 
        if (wpa_s->dpp_pkex) {
                wpa_printf(MSG_DEBUG,
@@ -3338,8 +3339,12 @@ static void wpas_dpp_pb_pkex_init(struct wpa_supplicant *wpa_s,
 
        /* Use the externally provided configuration */
        os_free(wpa_s->dpp_pkex_auth_cmd);
-       wpa_s->dpp_pkex_auth_cmd = os_strdup(wpa_s->dpp_pb_cmd);
-       if (!wpa_s->dpp_pkex_auth_cmd)
+       len = 30 + os_strlen(wpa_s->dpp_pb_cmd);
+       wpa_s->dpp_pkex_auth_cmd = os_malloc(len);
+       if (wpa_s->dpp_pkex_auth_cmd)
+               os_snprintf(wpa_s->dpp_pkex_auth_cmd, len, " own=%d %s",
+                           wpa_s->dpp_pkex_bi->id, wpa_s->dpp_pb_cmd);
+       else
                wpas_dpp_push_button_stop(wpa_s);
 }