if (auth && auth->response_pending &&
dpp_notify_new_qr_code(auth, bi) == 1) {
- struct wpabuf *msg;
-
wpa_printf(MSG_DEBUG,
"DPP: Sending out pending authentication response");
- msg = dpp_alloc_msg(DPP_PA_AUTHENTICATION_RESP,
- wpabuf_len(auth->resp_attr));
- if (!msg)
- goto out;
- wpabuf_put_buf(msg, hapd->dpp_auth->resp_attr);
-
hostapd_drv_send_action(hapd, auth->curr_freq, 0,
auth->peer_mac_addr,
- wpabuf_head(msg), wpabuf_len(msg));
- wpabuf_free(msg);
+ wpabuf_head(hapd->dpp_auth->resp_msg),
+ wpabuf_len(hapd->dpp_auth->resp_msg));
}
-out:
return bi->id;
}
{
const char *pos;
struct dpp_bootstrap_info *peer_bi, *own_bi = NULL;
- struct wpabuf *msg;
const u8 *dst;
int res;
int configurator = 1;
else
hapd->dpp_auth->curr_freq = 2412;
- msg = dpp_alloc_msg(DPP_PA_AUTHENTICATION_REQ,
- wpabuf_len(hapd->dpp_auth->req_attr));
- if (!msg)
- return -1;
- wpabuf_put_buf(msg, hapd->dpp_auth->req_attr);
-
if (is_zero_ether_addr(peer_bi->mac_addr)) {
dst = broadcast;
} else {
hapd->dpp_auth_ok_on_ack = 0;
res = hostapd_drv_send_action(hapd, hapd->dpp_auth->curr_freq, 0,
- dst, wpabuf_head(msg), wpabuf_len(msg));
- wpabuf_free(msg);
+ dst, wpabuf_head(hapd->dpp_auth->req_msg),
+ wpabuf_len(hapd->dpp_auth->req_msg));
return res;
fail:
static void hostapd_dpp_rx_auth_req(struct hostapd_data *hapd, const u8 *src,
- const u8 *buf, size_t len, unsigned int freq)
+ const u8 *hdr, const u8 *buf, size_t len,
+ unsigned int freq)
{
const u8 *r_bootstrap, *i_bootstrap, *wrapped_data;
u16 r_bootstrap_len, i_bootstrap_len, wrapped_data_len;
struct dpp_bootstrap_info *bi, *own_bi = NULL, *peer_bi = NULL;
- struct wpabuf *msg;
wpa_printf(MSG_DEBUG, "DPP: Authentication Request from " MACSTR,
MAC2STR(src));
hapd->dpp_auth_ok_on_ack = 0;
hapd->dpp_auth = dpp_auth_req_rx(hapd->msg_ctx, hapd->dpp_allowed_roles,
hapd->dpp_qr_mutual,
- peer_bi, own_bi, freq, buf,
+ peer_bi, own_bi, freq, hdr, buf,
wrapped_data, wrapped_data_len);
if (!hapd->dpp_auth) {
wpa_printf(MSG_DEBUG, "DPP: No response generated");
hapd->dpp_configurator_params);
os_memcpy(hapd->dpp_auth->peer_mac_addr, src, ETH_ALEN);
- msg = dpp_alloc_msg(DPP_PA_AUTHENTICATION_RESP,
- wpabuf_len(hapd->dpp_auth->resp_attr));
- if (!msg)
- return;
- wpabuf_put_buf(msg, hapd->dpp_auth->resp_attr);
-
hostapd_drv_send_action(hapd, hapd->dpp_auth->curr_freq, 0,
- src, wpabuf_head(msg), wpabuf_len(msg));
- wpabuf_free(msg);
+ src, wpabuf_head(hapd->dpp_auth->resp_msg),
+ wpabuf_len(hapd->dpp_auth->resp_msg));
}
static void hostapd_dpp_rx_auth_resp(struct hostapd_data *hapd, const u8 *src,
- const u8 *buf, size_t len)
+ const u8 *hdr, const u8 *buf, size_t len)
{
struct dpp_authentication *auth = hapd->dpp_auth;
- struct wpabuf *msg, *attr;
+ struct wpabuf *msg;
wpa_printf(MSG_DEBUG, "DPP: Authentication Response from " MACSTR,
MAC2STR(src));
return;
}
- attr = dpp_auth_resp_rx(auth, buf, len);
- if (!attr) {
+ msg = dpp_auth_resp_rx(auth, hdr, buf, len);
+ if (!msg) {
if (auth->auth_resp_status == DPP_STATUS_RESPONSE_PENDING) {
wpa_printf(MSG_DEBUG, "DPP: Wait for full response");
return;
}
os_memcpy(auth->peer_mac_addr, src, ETH_ALEN);
- msg = dpp_alloc_msg(DPP_PA_AUTHENTICATION_CONF, wpabuf_len(attr));
- if (!msg) {
- wpabuf_free(attr);
- return;
- }
- wpabuf_put_buf(msg, attr);
- wpabuf_free(attr);
-
hostapd_drv_send_action(hapd, auth->curr_freq, 0, src,
wpabuf_head(msg), wpabuf_len(msg));
wpabuf_free(msg);
static void hostapd_dpp_rx_auth_conf(struct hostapd_data *hapd, const u8 *src,
- const u8 *buf, size_t len)
+ const u8 *hdr, const u8 *buf, size_t len)
{
struct dpp_authentication *auth = hapd->dpp_auth;
return;
}
- if (dpp_auth_conf_rx(auth, buf, len) < 0) {
+ if (dpp_auth_conf_rx(auth, hdr, buf, len) < 0) {
wpa_printf(MSG_DEBUG, "DPP: Authentication failed");
return;
}
{
u8 crypto_suite;
enum dpp_public_action_frame_type type;
+ const u8 *hdr;
- if (len < 2)
+ if (len < DPP_HDR_LEN)
+ return;
+ if (WPA_GET_BE24(buf) != OUI_WFA || buf[3] != DPP_OUI_TYPE)
return;
+ hdr = buf;
+ buf += 4;
+ len -= 4;
crypto_suite = *buf++;
type = *buf++;
len -= 2;
switch (type) {
case DPP_PA_AUTHENTICATION_REQ:
- hostapd_dpp_rx_auth_req(hapd, src, buf, len, freq);
+ hostapd_dpp_rx_auth_req(hapd, src, hdr, buf, len, freq);
break;
case DPP_PA_AUTHENTICATION_RESP:
- hostapd_dpp_rx_auth_resp(hapd, src, buf, len);
+ hostapd_dpp_rx_auth_resp(hapd, src, hdr, buf, len);
break;
case DPP_PA_AUTHENTICATION_CONF:
- hostapd_dpp_rx_auth_conf(hapd, src, buf, len);
+ hostapd_dpp_rx_auth_conf(hapd, src, hdr, buf, len);
break;
case DPP_PA_PEER_DISCOVERY_REQ:
hostapd_dpp_rx_peer_disc_req(hapd, src, buf, len, freq);
u8 clear[4 + DPP_MAX_NONCE_LEN + 4 + 1];
u8 wrapped_data[4 + DPP_MAX_NONCE_LEN + 4 + 1 + AES_BLOCK_SIZE];
u8 *pos;
- const u8 *addr[1];
- size_t len[1], siv_len;
+ const u8 *addr[2];
+ size_t len[2], siv_len, attr_len;
+ u8 *attr_start, *attr_end;
auth = os_zalloc(sizeof(*auth));
if (!auth)
goto fail;
/* Build DPP Authentication Request frame attributes */
- msg = wpabuf_alloc(2 * (4 + SHA256_MAC_LEN) + 4 + wpabuf_len(pi) +
- 4 + sizeof(wrapped_data));
+ attr_len = 2 * (4 + SHA256_MAC_LEN) + 4 + wpabuf_len(pi) +
+ 4 + sizeof(wrapped_data);
+ msg = dpp_alloc_msg(DPP_PA_AUTHENTICATION_REQ, attr_len);
if (!msg)
goto fail;
- auth->req_attr = msg;
+ auth->req_msg = msg;
+
+ attr_start = wpabuf_put(msg, 0);
/* Responder Bootstrapping Key Hash */
wpabuf_put_le16(msg, DPP_ATTR_R_BOOTSTRAP_KEY_HASH);
DPP_CAPAB_ENROLLEE;
*pos++ = auth->i_capab;
- addr[0] = wpabuf_head(msg);
- len[0] = wpabuf_len(msg);
- wpa_hexdump(MSG_DEBUG, "DDP: AES-SIV AD", addr[0], len[0]);
+ attr_end = wpabuf_put(msg, 0);
+
+ /* OUI, OUI type, Crypto Suite, DPP frame type */
+ addr[0] = wpabuf_head_u8(msg) + 2;
+ len[0] = 3 + 1 + 1 + 1;
+ wpa_hexdump(MSG_DEBUG, "DDP: AES-SIV AD[0]", addr[0], len[0]);
+
+ /* Attributes before Wrapped Data */
+ addr[1] = attr_start;
+ len[1] = attr_end - attr_start;
+ wpa_hexdump(MSG_DEBUG, "DDP: AES-SIV AD[1]", addr[1], len[1]);
+
siv_len = pos - clear;
wpa_hexdump(MSG_DEBUG, "DPP: AES-SIV cleartext", clear, siv_len);
if (aes_siv_encrypt(auth->k1, auth->curve->hash_len, clear, siv_len,
- 1, addr, len, wrapped_data) < 0)
+ 2, addr, len, wrapped_data) < 0)
goto fail;
siv_len += AES_BLOCK_SIZE;
wpa_hexdump(MSG_DEBUG, "DPP: AES-SIV ciphertext",
u8 clear[DPP_AUTH_RESP_CLEAR_LEN];
u8 wrapped_data[DPP_AUTH_RESP_CLEAR_LEN + AES_BLOCK_SIZE];
u8 *pos;
- const u8 *addr[1];
- size_t len[1], siv_len;
+ const u8 *addr[2];
+ size_t len[2], siv_len, attr_len;
+ u8 *attr_start, *attr_end;
wpa_printf(MSG_DEBUG, "DPP: Build Authentication Response");
wrapped_r_auth, wrapped_r_auth_len);
/* Build DPP Authentication Response frame attributes */
- msg = wpabuf_alloc(4 + 1 + 2 * (4 + SHA256_MAC_LEN) +
- 4 + wpabuf_len(pr) + 4 + sizeof(wrapped_data));
+ attr_len = 4 + 1 + 2 * (4 + SHA256_MAC_LEN) +
+ 4 + wpabuf_len(pr) + 4 + sizeof(wrapped_data);
+ msg = dpp_alloc_msg(DPP_PA_AUTHENTICATION_RESP, attr_len);
if (!msg)
goto fail;
- wpabuf_free(auth->resp_attr);
- auth->resp_attr = msg;
+ wpabuf_free(auth->resp_msg);
+ auth->resp_msg = msg;
+
+ attr_start = wpabuf_put(msg, 0);
/* DPP Status */
wpabuf_put_le16(msg, DPP_ATTR_STATUS);
wpabuf_free(pr);
pr = NULL;
+ attr_end = wpabuf_put(msg, 0);
+
/* Wrapped data ({R-nonce, I-nonce, R-capabilities, {R-auth}ke}k2) */
pos = clear;
/* R-nonce */
os_memcpy(pos, wrapped_r_auth, wrapped_r_auth_len);
pos += wrapped_r_auth_len;
- addr[0] = wpabuf_head(msg);
- len[0] = wpabuf_len(msg);
- wpa_hexdump(MSG_DEBUG, "DDP: AES-SIV AD", addr[0], len[0]);
+ /* OUI, OUI type, Crypto Suite, DPP frame type */
+ addr[0] = wpabuf_head_u8(msg) + 2;
+ len[0] = 3 + 1 + 1 + 1;
+ wpa_hexdump(MSG_DEBUG, "DDP: AES-SIV AD[0]", addr[0], len[0]);
+
+ /* Attributes before Wrapped Data */
+ addr[1] = attr_start;
+ len[1] = attr_end - attr_start;
+ wpa_hexdump(MSG_DEBUG, "DDP: AES-SIV AD[1]", addr[1], len[1]);
+
siv_len = pos - clear;
wpa_hexdump(MSG_DEBUG, "DPP: AES-SIV cleartext", clear, siv_len);
if (aes_siv_encrypt(auth->k2, auth->curve->hash_len, clear, siv_len,
- 1, addr, len, wrapped_data) < 0)
+ 2, addr, len, wrapped_data) < 0)
goto fail;
siv_len += AES_BLOCK_SIZE;
wpa_hexdump(MSG_DEBUG, "DPP: AES-SIV ciphertext",
u8 clear[DPP_AUTH_RESP_CLEAR_LEN2];
u8 wrapped_data[DPP_AUTH_RESP_CLEAR_LEN2 + AES_BLOCK_SIZE];
u8 *pos;
- const u8 *addr[1];
- size_t len[1], siv_len;
+ const u8 *addr[2];
+ size_t len[2], siv_len, attr_len;
+ u8 *attr_start, *attr_end;
wpa_printf(MSG_DEBUG, "DPP: Build Authentication Response");
/* Build DPP Authentication Response frame attributes */
- msg = wpabuf_alloc(4 + 1 + 2 * (4 + SHA256_MAC_LEN) +
- 4 + sizeof(wrapped_data));
+ attr_len = 4 + 1 + 2 * (4 + SHA256_MAC_LEN) + 4 + sizeof(wrapped_data);
+ msg = dpp_alloc_msg(DPP_PA_AUTHENTICATION_RESP, attr_len);
if (!msg)
goto fail;
- wpabuf_free(auth->resp_attr);
- auth->resp_attr = msg;
+ wpabuf_free(auth->resp_msg);
+ auth->resp_msg = msg;
+
+ attr_start = wpabuf_put(msg, 0);
/* DPP Status */
wpabuf_put_le16(msg, DPP_ATTR_STATUS);
SHA256_MAC_LEN);
}
+ attr_end = wpabuf_put(msg, 0);
+
/* Wrapped data ({I-nonce, R-capabilities}k1) */
pos = clear;
/* I-nonce */
DPP_CAPAB_ENROLLEE;
*pos++ = auth->r_capab;
- addr[0] = wpabuf_head(msg);
- len[0] = wpabuf_len(msg);
- wpa_hexdump(MSG_DEBUG, "DDP: AES-SIV AD", addr[0], len[0]);
+ /* OUI, OUI type, Crypto Suite, DPP frame type */
+ addr[0] = wpabuf_head_u8(msg) + 2;
+ len[0] = 3 + 1 + 1 + 1;
+ wpa_hexdump(MSG_DEBUG, "DDP: AES-SIV AD[0]", addr[0], len[0]);
+
+ /* Attributes before Wrapped Data */
+ addr[1] = attr_start;
+ len[1] = attr_end - attr_start;
+ wpa_hexdump(MSG_DEBUG, "DDP: AES-SIV AD[1]", addr[1], len[1]);
+
siv_len = pos - clear;
wpa_hexdump(MSG_DEBUG, "DPP: AES-SIV cleartext", clear, siv_len);
if (aes_siv_encrypt(auth->k1, auth->curve->hash_len, clear, siv_len,
- 1, addr, len, wrapped_data) < 0)
+ 2, addr, len, wrapped_data) < 0)
goto fail;
siv_len += AES_BLOCK_SIZE;
wpa_hexdump(MSG_DEBUG, "DPP: AES-SIV ciphertext",
dpp_auth_req_rx(void *msg_ctx, u8 dpp_allowed_roles, int qr_mutual,
struct dpp_bootstrap_info *peer_bi,
struct dpp_bootstrap_info *own_bi,
- unsigned int freq, const u8 *attr_start,
+ unsigned int freq, const u8 *hdr, const u8 *attr_start,
const u8 *wrapped_data, u16 wrapped_data_len)
{
EVP_PKEY *pi = NULL;
EVP_PKEY_CTX *ctx = NULL;
size_t secret_len;
- const u8 *addr[1];
- size_t len[1];
+ const u8 *addr[2];
+ size_t len[2];
u8 *unwrapped = NULL;
size_t unwrapped_len = 0;
const u8 *i_proto, *i_nonce, *i_capab, *i_bootstrap;
auth->curve->hash_len) < 0)
goto fail;
- addr[0] = attr_start;
- len[0] = attr_len;
- wpa_hexdump(MSG_DEBUG, "DDP: AES-SIV AD", addr[0], len[0]);
+ addr[0] = hdr;
+ len[0] = DPP_HDR_LEN;
+ addr[1] = attr_start;
+ len[1] = attr_len;
+ wpa_hexdump(MSG_DEBUG, "DDP: AES-SIV AD[0]", addr[0], len[0]);
+ wpa_hexdump(MSG_DEBUG, "DDP: AES-SIV AD[1]", addr[1], len[1]);
wpa_hexdump(MSG_DEBUG, "DPP: AES-SIV ciphertext",
wrapped_data, wrapped_data_len);
unwrapped_len = wrapped_data_len - AES_BLOCK_SIZE;
goto fail;
if (aes_siv_decrypt(auth->k1, auth->curve->hash_len,
wrapped_data, wrapped_data_len,
- 1, addr, len, unwrapped) < 0) {
+ 2, addr, len, unwrapped) < 0) {
wpa_printf(MSG_DEBUG, "DPP: AES-SIV decryption failed");
goto fail;
}
struct wpabuf *msg;
u8 i_auth[4 + DPP_MAX_HASH_LEN];
size_t i_auth_len;
- const u8 *addr[1];
- size_t len[1];
+ const u8 *addr[2];
+ size_t len[2], attr_len;
u8 *wrapped_i_auth;
+ u8 *attr_start, *attr_end;
wpa_printf(MSG_DEBUG, "DPP: Build Authentication Confirmation");
i_auth_len = 4 + auth->curve->hash_len;
/* Build DPP Authentication Confirmation frame attributes */
- msg = wpabuf_alloc(4 + 1 + 2 * (4 + SHA256_MAC_LEN) +
- 4 + i_auth_len + AES_BLOCK_SIZE);
+ attr_len = 4 + 1 + 2 * (4 + SHA256_MAC_LEN) +
+ 4 + i_auth_len + AES_BLOCK_SIZE;
+ msg = dpp_alloc_msg(DPP_PA_AUTHENTICATION_CONF, attr_len);
if (!msg)
goto fail;
+ attr_start = wpabuf_put(msg, 0);
+
/* DPP Status */
wpabuf_put_le16(msg, DPP_ATTR_STATUS);
wpabuf_put_le16(msg, 1);
wpabuf_put_data(msg, auth->own_bi->pubkey_hash, SHA256_MAC_LEN);
}
- addr[0] = wpabuf_head(msg);
- len[0] = wpabuf_len(msg);
+ attr_end = wpabuf_put(msg, 0);
+
+ /* OUI, OUI type, Crypto Suite, DPP frame type */
+ addr[0] = wpabuf_head_u8(msg) + 2;
+ len[0] = 3 + 1 + 1 + 1;
+ wpa_hexdump(MSG_DEBUG, "DDP: AES-SIV AD[0]", addr[0], len[0]);
+
+ /* Attributes before Wrapped Data */
+ addr[1] = attr_start;
+ len[1] = attr_end - attr_start;
+ wpa_hexdump(MSG_DEBUG, "DDP: AES-SIV AD[1]", addr[1], len[1]);
+
wpabuf_put_le16(msg, DPP_ATTR_WRAPPED_DATA);
wpabuf_put_le16(msg, i_auth_len + AES_BLOCK_SIZE);
wrapped_i_auth = wpabuf_put(msg, i_auth_len + AES_BLOCK_SIZE);
if (dpp_gen_i_auth(auth, i_auth + 4) < 0 ||
aes_siv_encrypt(auth->ke, auth->curve->hash_len,
i_auth, i_auth_len,
- 1, addr, len, wrapped_i_auth) < 0)
+ 2, addr, len, wrapped_i_auth) < 0)
goto fail;
wpa_hexdump(MSG_DEBUG, "DPP: {I-auth}ke",
wrapped_i_auth, i_auth_len + AES_BLOCK_SIZE);
static void
-dpp_auth_resp_rx_status(struct dpp_authentication *auth,
+dpp_auth_resp_rx_status(struct dpp_authentication *auth, const u8 *hdr,
const u8 *attr_start, size_t attr_len,
const u8 *wrapped_data, u16 wrapped_data_len,
enum dpp_status_error status)
{
- const u8 *addr[1];
- size_t len[1];
+ const u8 *addr[2];
+ size_t len[2];
u8 *unwrapped = NULL;
size_t unwrapped_len = 0;
const u8 *i_nonce, *r_capab;
return;
}
- addr[0] = attr_start;
- len[0] = attr_len;
- wpa_hexdump(MSG_DEBUG, "DDP: AES-SIV AD", addr[0], len[0]);
+ addr[0] = hdr;
+ len[0] = DPP_HDR_LEN;
+ addr[1] = attr_start;
+ len[1] = attr_len;
+ wpa_hexdump(MSG_DEBUG, "DDP: AES-SIV AD[0]", addr[0], len[0]);
+ wpa_hexdump(MSG_DEBUG, "DDP: AES-SIV AD[1]", addr[1], len[1]);
wpa_hexdump(MSG_DEBUG, "DPP: AES-SIV ciphertext",
wrapped_data, wrapped_data_len);
unwrapped_len = wrapped_data_len - AES_BLOCK_SIZE;
goto fail;
if (aes_siv_decrypt(auth->k1, auth->curve->hash_len,
wrapped_data, wrapped_data_len,
- 1, addr, len, unwrapped) < 0) {
+ 2, addr, len, unwrapped) < 0) {
wpa_printf(MSG_DEBUG, "DPP: AES-SIV decryption failed");
goto fail;
}
struct wpabuf *
-dpp_auth_resp_rx(struct dpp_authentication *auth, const u8 *attr_start,
- size_t attr_len)
+dpp_auth_resp_rx(struct dpp_authentication *auth, const u8 *hdr,
+ const u8 *attr_start, size_t attr_len)
{
EVP_PKEY *pr;
EVP_PKEY_CTX *ctx = NULL;
size_t secret_len;
- const u8 *addr[1];
- size_t len[1];
+ const u8 *addr[2];
+ size_t len[2];
u8 *unwrapped = NULL, *unwrapped2 = NULL;
size_t unwrapped_len = 0, unwrapped2_len = 0;
const u8 *r_bootstrap, *i_bootstrap, *wrapped_data, *status, *r_proto,
wpa_printf(MSG_DEBUG, "DPP: Status %u", status[0]);
auth->auth_resp_status = status[0];
if (status[0] != DPP_STATUS_OK) {
- dpp_auth_resp_rx_status(auth, attr_start,
+ dpp_auth_resp_rx_status(auth, hdr, attr_start,
attr_len, wrapped_data,
wrapped_data_len, status[0]);
return NULL;
auth->curve->hash_len) < 0)
goto fail;
- addr[0] = attr_start;
- len[0] = attr_len;
- wpa_hexdump(MSG_DEBUG, "DDP: AES-SIV AD", addr[0], len[0]);
+ addr[0] = hdr;
+ len[0] = DPP_HDR_LEN;
+ addr[1] = attr_start;
+ len[1] = attr_len;
+ wpa_hexdump(MSG_DEBUG, "DDP: AES-SIV AD[0]", addr[0], len[0]);
+ wpa_hexdump(MSG_DEBUG, "DDP: AES-SIV AD[1]", addr[1], len[1]);
wpa_hexdump(MSG_DEBUG, "DPP: AES-SIV ciphertext",
wrapped_data, wrapped_data_len);
unwrapped_len = wrapped_data_len - AES_BLOCK_SIZE;
goto fail;
if (aes_siv_decrypt(auth->k2, auth->curve->hash_len,
wrapped_data, wrapped_data_len,
- 1, addr, len, unwrapped) < 0) {
+ 2, addr, len, unwrapped) < 0) {
wpa_printf(MSG_DEBUG, "DPP: AES-SIV decryption failed");
goto fail;
}
}
-int dpp_auth_conf_rx(struct dpp_authentication *auth, const u8 *attr_start,
- size_t attr_len)
+int dpp_auth_conf_rx(struct dpp_authentication *auth, const u8 *hdr,
+ const u8 *attr_start, size_t attr_len)
{
const u8 *r_bootstrap, *i_bootstrap, *wrapped_data, *status, *i_auth;
u16 r_bootstrap_len, i_bootstrap_len, wrapped_data_len, status_len,
i_auth_len;
- const u8 *addr[1];
- size_t len[1];
+ const u8 *addr[2];
+ size_t len[2];
u8 *unwrapped = NULL;
size_t unwrapped_len = 0;
u8 i_auth2[DPP_MAX_HASH_LEN];
return -1;
}
- addr[0] = attr_start;
- len[0] = attr_len;
- wpa_hexdump(MSG_DEBUG, "DDP: AES-SIV AD", addr[0], len[0]);
+ addr[0] = hdr;
+ len[0] = DPP_HDR_LEN;
+ addr[1] = attr_start;
+ len[1] = attr_len;
+ wpa_hexdump(MSG_DEBUG, "DDP: AES-SIV AD[0]", addr[0], len[0]);
+ wpa_hexdump(MSG_DEBUG, "DDP: AES-SIV AD[1]", addr[1], len[1]);
wpa_hexdump(MSG_DEBUG, "DPP: AES-SIV ciphertext",
wrapped_data, wrapped_data_len);
unwrapped_len = wrapped_data_len - AES_BLOCK_SIZE;
return -1;
if (aes_siv_decrypt(auth->ke, auth->curve->hash_len,
wrapped_data, wrapped_data_len,
- 1, addr, len, unwrapped) < 0) {
+ 2, addr, len, unwrapped) < 0) {
wpa_printf(MSG_DEBUG, "DPP: AES-SIV decryption failed");
goto fail;
}
dpp_configuration_free(auth->conf_sta);
EVP_PKEY_free(auth->own_protocol_key);
EVP_PKEY_free(auth->peer_protocol_key);
- wpabuf_free(auth->req_attr);
- wpabuf_free(auth->resp_attr);
+ wpabuf_free(auth->req_msg);
+ wpabuf_free(auth->resp_msg);
wpabuf_free(auth->conf_req);
os_free(auth->connector);
wpabuf_free(auth->net_access_key);
if (auth && auth->response_pending &&
dpp_notify_new_qr_code(auth, bi) == 1) {
- struct wpabuf *msg;
-
wpa_printf(MSG_DEBUG,
"DPP: Sending out pending authentication response");
- msg = dpp_alloc_msg(DPP_PA_AUTHENTICATION_RESP,
- wpabuf_len(auth->resp_attr));
- if (!msg)
- goto out;
- wpabuf_put_buf(msg, wpa_s->dpp_auth->resp_attr);
-
offchannel_send_action(wpa_s, auth->curr_freq,
auth->peer_mac_addr, wpa_s->own_addr,
broadcast,
- wpabuf_head(msg), wpabuf_len(msg),
+ wpabuf_head(auth->resp_msg),
+ wpabuf_len(auth->resp_msg),
500, wpas_dpp_tx_status, 0);
- wpabuf_free(msg);
}
-out:
return bi->id;
}
{
const char *pos;
struct dpp_bootstrap_info *peer_bi, *own_bi = NULL;
- struct wpabuf *msg;
const u8 *dst;
int res;
int configurator = 1;
else
wpa_s->dpp_auth->curr_freq = 2412;
- msg = dpp_alloc_msg(DPP_PA_AUTHENTICATION_REQ,
- wpabuf_len(wpa_s->dpp_auth->req_attr));
- if (!msg)
- return -1;
- wpabuf_put_buf(msg, wpa_s->dpp_auth->req_attr);
-
if (is_zero_ether_addr(peer_bi->mac_addr)) {
dst = broadcast;
} else {
wpa_s, NULL);
res = offchannel_send_action(wpa_s, wpa_s->dpp_auth->curr_freq,
dst, wpa_s->own_addr, broadcast,
- wpabuf_head(msg), wpabuf_len(msg),
+ wpabuf_head(wpa_s->dpp_auth->req_msg),
+ wpabuf_len(wpa_s->dpp_auth->req_msg),
wait_time, wpas_dpp_tx_status, 0);
- wpabuf_free(msg);
return res;
fail:
static void wpas_dpp_rx_auth_req(struct wpa_supplicant *wpa_s, const u8 *src,
- const u8 *buf, size_t len, unsigned int freq)
+ const u8 *hdr, const u8 *buf, size_t len,
+ unsigned int freq)
{
const u8 *r_bootstrap, *i_bootstrap, *wrapped_data;
u16 r_bootstrap_len, i_bootstrap_len, wrapped_data_len;
struct dpp_bootstrap_info *bi, *own_bi = NULL, *peer_bi = NULL;
- struct wpabuf *msg;
wpa_printf(MSG_DEBUG, "DPP: Authentication Request from " MACSTR,
MAC2STR(src));
wpa_s->dpp_auth_ok_on_ack = 0;
wpa_s->dpp_auth = dpp_auth_req_rx(wpa_s, wpa_s->dpp_allowed_roles,
wpa_s->dpp_qr_mutual,
- peer_bi, own_bi, freq, buf,
+ peer_bi, own_bi, freq, hdr, buf,
wrapped_data, wrapped_data_len);
if (!wpa_s->dpp_auth) {
wpa_printf(MSG_DEBUG, "DPP: No response generated");
wpa_s->dpp_configurator_params);
os_memcpy(wpa_s->dpp_auth->peer_mac_addr, src, ETH_ALEN);
- msg = dpp_alloc_msg(DPP_PA_AUTHENTICATION_RESP,
- wpabuf_len(wpa_s->dpp_auth->resp_attr));
- if (!msg)
- return;
- wpabuf_put_buf(msg, wpa_s->dpp_auth->resp_attr);
-
offchannel_send_action(wpa_s, wpa_s->dpp_auth->curr_freq,
src, wpa_s->own_addr, broadcast,
- wpabuf_head(msg), wpabuf_len(msg),
+ wpabuf_head(wpa_s->dpp_auth->resp_msg),
+ wpabuf_len(wpa_s->dpp_auth->resp_msg),
500, wpas_dpp_tx_status, 0);
- wpabuf_free(msg);
}
static void wpas_dpp_rx_auth_resp(struct wpa_supplicant *wpa_s, const u8 *src,
- const u8 *buf, size_t len)
+ const u8 *hdr, const u8 *buf, size_t len)
{
struct dpp_authentication *auth = wpa_s->dpp_auth;
- struct wpabuf *msg, *attr;
+ struct wpabuf *msg;
wpa_printf(MSG_DEBUG, "DPP: Authentication Response from " MACSTR,
MAC2STR(src));
eloop_cancel_timeout(wpas_dpp_reply_wait_timeout, wpa_s, NULL);
- attr = dpp_auth_resp_rx(auth, buf, len);
- if (!attr) {
+ msg = dpp_auth_resp_rx(auth, hdr, buf, len);
+ if (!msg) {
if (auth->auth_resp_status == DPP_STATUS_RESPONSE_PENDING) {
wpa_printf(MSG_DEBUG,
"DPP: Start wait for full response");
}
os_memcpy(auth->peer_mac_addr, src, ETH_ALEN);
- msg = dpp_alloc_msg(DPP_PA_AUTHENTICATION_CONF, wpabuf_len(attr));
- if (!msg) {
- wpabuf_free(attr);
- return;
- }
- wpabuf_put_buf(msg, attr);
- wpabuf_free(attr);
-
offchannel_send_action(wpa_s, auth->curr_freq,
src, wpa_s->own_addr, broadcast,
wpabuf_head(msg), wpabuf_len(msg),
static void wpas_dpp_rx_auth_conf(struct wpa_supplicant *wpa_s, const u8 *src,
- const u8 *buf, size_t len)
+ const u8 *hdr, const u8 *buf, size_t len)
{
struct dpp_authentication *auth = wpa_s->dpp_auth;
return;
}
- if (dpp_auth_conf_rx(auth, buf, len) < 0) {
+ if (dpp_auth_conf_rx(auth, hdr, buf, len) < 0) {
wpa_printf(MSG_DEBUG, "DPP: Authentication failed");
return;
}
{
u8 crypto_suite;
enum dpp_public_action_frame_type type;
+ const u8 *hdr;
- if (len < 2)
+ if (len < DPP_HDR_LEN)
+ return;
+ if (WPA_GET_BE24(buf) != OUI_WFA || buf[3] != DPP_OUI_TYPE)
return;
+ hdr = buf;
+ buf += 4;
+ len -= 4;
crypto_suite = *buf++;
type = *buf++;
len -= 2;
switch (type) {
case DPP_PA_AUTHENTICATION_REQ:
- wpas_dpp_rx_auth_req(wpa_s, src, buf, len, freq);
+ wpas_dpp_rx_auth_req(wpa_s, src, hdr, buf, len, freq);
break;
case DPP_PA_AUTHENTICATION_RESP:
- wpas_dpp_rx_auth_resp(wpa_s, src, buf, len);
+ wpas_dpp_rx_auth_resp(wpa_s, src, hdr, buf, len);
break;
case DPP_PA_AUTHENTICATION_CONF:
- wpas_dpp_rx_auth_conf(wpa_s, src, buf, len);
+ wpas_dpp_rx_auth_conf(wpa_s, src, hdr, buf, len);
break;
case DPP_PA_PEER_DISCOVERY_RESP:
wpas_dpp_rx_peer_disc_resp(wpa_s, src, buf, len);
projects / thirdparty / hostap.git / commitdiff
