DPP: Strict validation of PKEX peer bootstrapping key during auth

Verify that the peer does not change its bootstrapping key between the
PKEX exchange and the authentication exchange.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>

diff --git a/src/ap/dpp_hostapd.c b/src/ap/dpp_hostapd.c
index e4eb1e944bb90195b16b2aa8b7d8251ad882b865..32885ea7df1796c0600607f7aea0091d0e970030 100644 (file)
--- a/src/ap/dpp_hostapd.c
+++ b/src/ap/dpp_hostapd.c
@@ -1056,6 +1056,21 @@ static void hostapd_dpp_rx_auth_req(struct hostapd_data *hapd, const u8 *src,
                return;
        }
 
+       if (own_bi->type == DPP_BOOTSTRAP_PKEX) {
+               if (!peer_bi || peer_bi->type != DPP_BOOTSTRAP_PKEX) {
+                       wpa_msg(hapd->msg_ctx, MSG_INFO, DPP_EVENT_FAIL
+                               "No matching peer bootstrapping key found for PKEX - ignore message");
+                       return;
+               }
+
+               if (os_memcmp(peer_bi->pubkey_hash, own_bi->peer_pubkey_hash,
+                             SHA256_MAC_LEN) != 0) {
+                       wpa_msg(hapd->msg_ctx, MSG_INFO, DPP_EVENT_FAIL
+                               "Mismatching peer PKEX bootstrapping key - ignore message");
+                       return;
+               }
+       }
+
        if (hapd->dpp_auth) {
                wpa_msg(hapd->msg_ctx, MSG_INFO, DPP_EVENT_FAIL
                        "Already in DPP authentication exchange - ignore new one");

diff --git a/src/common/dpp.h b/src/common/dpp.h
index b2129fccf0009d1d4bf48324fcb54517d23ed63d..d5f1f58e8d339917eab4ab3deb2336a07f10cb18 100644 (file)
--- a/src/common/dpp.h
+++ b/src/common/dpp.h
@@ -186,6 +186,9 @@ struct dpp_bootstrap_info {
        int nfc_negotiated; /* whether this has been used in NFC negotiated
                             * connection handover */
        char *configurator_params;
+       u8 peer_pubkey_hash[SHA256_MAC_LEN]; /* for enforcing a specific
+                                             * peer bootstrapping key with
+                                             * PKEX */
 };
 
 #define PKEX_COUNTER_T_LIMIT 5

diff --git a/src/common/dpp_pkex.c b/src/common/dpp_pkex.c
index ff650cf0efd7e7b1ecdc1ebad844f6c793175394..dca0d8d39f416b2a8b7ee74bcb65d3a867ee7bad 100644 (file)
--- a/src/common/dpp_pkex.c
+++ b/src/common/dpp_pkex.c
@@ -1363,6 +1363,8 @@ dpp_pkex_finish(struct dpp_global *dpp, struct dpp_pkex *pkex, const u8 *peer,
                dpp_bootstrap_info_free(bi);
                return NULL;
        }
+       os_memcpy(pkex->own_bi->peer_pubkey_hash, bi->pubkey_hash,
+                 SHA256_MAC_LEN);
        dpp_pkex_free(pkex);
        dl_list_add(&dpp->bootstrap, &bi->list);
        return bi;

diff --git a/wpa_supplicant/dpp_supplicant.c b/wpa_supplicant/dpp_supplicant.c
index 4965418b41ffd193890136af542d1cf0a59248aa..fa636fca090f18eacdf4698e1766cd47fe3f4952 100644 (file)
--- a/wpa_supplicant/dpp_supplicant.c
+++ b/wpa_supplicant/dpp_supplicant.c
@@ -1153,6 +1153,21 @@ static void wpas_dpp_rx_auth_req(struct wpa_supplicant *wpa_s, const u8 *src,
                return;
        }
 
+       if (own_bi->type == DPP_BOOTSTRAP_PKEX) {
+               if (!peer_bi || peer_bi->type != DPP_BOOTSTRAP_PKEX) {
+                       wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_FAIL
+                               "No matching peer bootstrapping key found for PKEX - ignore message");
+                       return;
+               }
+
+               if (os_memcmp(peer_bi->pubkey_hash, own_bi->peer_pubkey_hash,
+                             SHA256_MAC_LEN) != 0) {
+                       wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_FAIL
+                               "Mismatching peer PKEX bootstrapping key - ignore message");
+                       return;
+               }
+       }
+
        if (wpa_s->dpp_auth) {
                wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_FAIL
                        "Already in DPP authentication exchange - ignore new one");