From: Jouni Malinen Date: Fri, 22 Jul 2022 18:06:04 +0000 (+0300) Subject: DPP3: Fix push button boostrapping key passing through PKEX X-Git-Tag: hostap_2_11~1816 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=a7b8cef8b710fee63c9dafe3f9a5515fe49e44f4;p=thirdparty%2Fhostap.git DPP3: Fix push button boostrapping key passing through PKEX When PKEX was started through the push button mechanism, the own bootstrapping key was not bound correctly to the Authentication phase information and that ended up in incorrectly generating a new bootstrapping key for the Authentication exchange. Fix this by added the needed own= parameter into the cached parameters when using push button. Signed-off-by: Jouni Malinen --- diff --git a/src/ap/dpp_hostapd.c b/src/ap/dpp_hostapd.c index 37969a364..e4eb1e944 100644 --- a/src/ap/dpp_hostapd.c +++ b/src/ap/dpp_hostapd.c @@ -2361,6 +2361,7 @@ static void hostapd_dpp_pb_pkex_init(struct hostapd_data *hapd, struct sae_password_entry *e; int conf_id = -1; bool sae = false, psk = false; + size_t len; if (hapd->dpp_pkex) { wpa_printf(MSG_DEBUG, @@ -2401,11 +2402,14 @@ static void hostapd_dpp_pb_pkex_init(struct hostapd_data *hapd, if (ifaces->dpp_pb_cmd) { /* Use the externally provided configuration */ os_free(hapd->dpp_pkex_auth_cmd); - hapd->dpp_pkex_auth_cmd = os_strdup(ifaces->dpp_pb_cmd); + len = 30 + os_strlen(ifaces->dpp_pb_cmd); + hapd->dpp_pkex_auth_cmd = os_malloc(len); if (!hapd->dpp_pkex_auth_cmd) { hostapd_dpp_push_button_stop(hapd); return; } + os_snprintf(hapd->dpp_pkex_auth_cmd, len, " own=%d %s", + hapd->dpp_pkex_bi->id, ifaces->dpp_pb_cmd); return; } @@ -2439,8 +2443,7 @@ static void hostapd_dpp_pb_pkex_init(struct hostapd_data *hapd, hapd->conf->ssid.wpa_passphrase) password = hapd->conf->ssid.wpa_passphrase; if (password) { - size_t len = 2 * os_strlen(password) + 1; - + len = 2 * os_strlen(password) + 1; pass_hex = os_malloc(len); if (!pass_hex) { hostapd_dpp_push_button_stop(hapd); @@ -2484,7 +2487,11 @@ static void hostapd_dpp_pb_pkex_init(struct hostapd_data *hapd, str_clear_free(pass_hex); os_free(hapd->dpp_pkex_auth_cmd); - hapd->dpp_pkex_auth_cmd = os_strdup(cmd); + len = 30 + os_strlen(cmd); + hapd->dpp_pkex_auth_cmd = os_malloc(len); + if (hapd->dpp_pkex_auth_cmd) + os_snprintf(hapd->dpp_pkex_auth_cmd, len, " own=%d %s", + hapd->dpp_pkex_bi->id, cmd); forced_memzero(cmd, sizeof(cmd)); if (!hapd->dpp_pkex_auth_cmd) { hostapd_dpp_push_button_stop(hapd); diff --git a/wpa_supplicant/dpp_supplicant.c b/wpa_supplicant/dpp_supplicant.c index d03e79297..4965418b4 100644 --- a/wpa_supplicant/dpp_supplicant.c +++ b/wpa_supplicant/dpp_supplicant.c @@ -3282,6 +3282,7 @@ static void wpas_dpp_pb_pkex_init(struct wpa_supplicant *wpa_s, struct dpp_pkex *pkex; struct wpabuf *msg; unsigned int wait_time; + size_t len; if (wpa_s->dpp_pkex) { wpa_printf(MSG_DEBUG, @@ -3338,8 +3339,12 @@ static void wpas_dpp_pb_pkex_init(struct wpa_supplicant *wpa_s, /* Use the externally provided configuration */ os_free(wpa_s->dpp_pkex_auth_cmd); - wpa_s->dpp_pkex_auth_cmd = os_strdup(wpa_s->dpp_pb_cmd); - if (!wpa_s->dpp_pkex_auth_cmd) + len = 30 + os_strlen(wpa_s->dpp_pb_cmd); + wpa_s->dpp_pkex_auth_cmd = os_malloc(len); + if (wpa_s->dpp_pkex_auth_cmd) + os_snprintf(wpa_s->dpp_pkex_auth_cmd, len, " own=%d %s", + wpa_s->dpp_pkex_bi->id, wpa_s->dpp_pb_cmd); + else wpas_dpp_push_button_stop(wpa_s); }