aboutsummaryrefslogtreecommitdiffstats
path: root/src
diff options
context:
space:
mode:
authorJouni Malinen <jouni@qca.qualcomm.com>2017-08-23 09:49:22 (GMT)
committerJouni Malinen <j@w1.fi>2017-08-23 09:51:41 (GMT)
commit85fd8263a51081350de9c7529aa6a58948dcb70c (patch)
tree1d68e3c70cd6f33b741916a49f6aab654810ae4b /src
parenta28675da2337bf4a5dde07d2a4159ea3ac0b6acd (diff)
downloadhostap-85fd8263a51081350de9c7529aa6a58948dcb70c.zip
hostap-85fd8263a51081350de9c7529aa6a58948dcb70c.tar.gz
hostap-85fd8263a51081350de9c7529aa6a58948dcb70c.tar.bz2
DPP: Use Transaction ID in Peer Discovery Request/Response frames
DPP tech spec changed the contents of these frames by replacing the public key hash attributes with a Transaction ID attribute that gets copied from the request to the response to identify the transaction in a simpler manner. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Diffstat (limited to 'src')
-rw-r--r--src/ap/dpp_hostapd.c28
-rw-r--r--src/common/dpp.c30
-rw-r--r--src/common/dpp.h4
3 files changed, 16 insertions, 46 deletions
diff --git a/src/ap/dpp_hostapd.c b/src/ap/dpp_hostapd.c
index 8a8b4be..27caa64 100644
--- a/src/ap/dpp_hostapd.c
+++ b/src/ap/dpp_hostapd.c
@@ -895,8 +895,8 @@ static void hostapd_dpp_rx_peer_disc_req(struct hostapd_data *hapd,
const u8 *buf, size_t len,
unsigned int freq)
{
- const u8 *connector;
- u16 connector_len;
+ const u8 *connector, *trans_id;
+ u16 connector_len, trans_id_len;
struct os_time now;
struct dpp_introduction intro;
os_time_t expire;
@@ -931,6 +931,14 @@ static void hostapd_dpp_rx_peer_disc_req(struct hostapd_data *hapd,
return;
}
+ trans_id = dpp_get_attr(buf, len, DPP_ATTR_TRANSACTION_ID,
+ &trans_id_len);
+ if (!trans_id || trans_id_len != 1) {
+ wpa_printf(MSG_DEBUG,
+ "DPP: Peer did not include Transaction ID");
+ return;
+ }
+
connector = dpp_get_attr(buf, len, DPP_ATTR_CONNECTOR, &connector_len);
if (!connector) {
wpa_printf(MSG_DEBUG,
@@ -966,20 +974,14 @@ static void hostapd_dpp_rx_peer_disc_req(struct hostapd_data *hapd,
}
msg = dpp_alloc_msg(DPP_PA_PEER_DISCOVERY_RESP,
- 2 * (4 + SHA256_MAC_LEN) +
- 4 + os_strlen(hapd->conf->dpp_connector));
+ 5 + 4 + os_strlen(hapd->conf->dpp_connector));
if (!msg)
return;
- /* SHA256(PK) */
- wpabuf_put_le16(msg, DPP_ATTR_PEER_NET_PK_HASH);
- wpabuf_put_le16(msg, SHA256_MAC_LEN);
- wpabuf_put_data(msg, intro.pk_hash, SHA256_MAC_LEN);
-
- /* SHA256(NK) */
- wpabuf_put_le16(msg, DPP_ATTR_OWN_NET_NK_HASH);
- wpabuf_put_le16(msg, SHA256_MAC_LEN);
- wpabuf_put_data(msg, intro.nk_hash, SHA256_MAC_LEN);
+ /* Transaction ID */
+ wpabuf_put_le16(msg, DPP_ATTR_TRANSACTION_ID);
+ wpabuf_put_le16(msg, 1);
+ wpabuf_put_u8(msg, trans_id[0]);
/* DPP Connector */
wpabuf_put_le16(msg, DPP_ATTR_CONNECTOR);
diff --git a/src/common/dpp.c b/src/common/dpp.c
index 1edfc9b..5ef700b 100644
--- a/src/common/dpp.c
+++ b/src/common/dpp.c
@@ -4577,30 +4577,6 @@ fail:
}
-static int dpp_netkey_hash(EVP_PKEY *key, u8 *hash)
-{
- EC_KEY *eckey;
- unsigned char *der = NULL;
- int ret, der_len;
- const u8 *addr[1];
- size_t len[1];
-
- eckey = EVP_PKEY_get1_EC_KEY(key);
- if (!eckey)
- return -1;
- EC_KEY_set_conv_form(eckey, POINT_CONVERSION_COMPRESSED);
- der_len = i2d_EC_PUBKEY(eckey, &der);
- EC_KEY_free(eckey);
- if (der_len <= 0)
- return -1;
- addr[0] = der;
- len[0] = der_len;
- ret = sha256_vector(1, addr, len, hash);
- OPENSSL_free(der);
- return ret;
-}
-
-
int dpp_peer_intro(struct dpp_introduction *intro, const char *own_connector,
const u8 *net_access_key, size_t net_access_key_len,
const u8 *csign_key, size_t csign_key_len,
@@ -4753,12 +4729,6 @@ int dpp_peer_intro(struct dpp_introduction *intro, const char *own_connector,
goto fail;
}
- if (dpp_netkey_hash(own_key, intro->nk_hash) < 0 ||
- dpp_netkey_hash(peer_key, intro->pk_hash) < 0) {
- wpa_printf(MSG_ERROR, "DPP: Failed to derive NK/PK hash");
- goto fail;
- }
-
ret = 0;
fail:
if (ret < 0)
diff --git a/src/common/dpp.h b/src/common/dpp.h
index 277b03a..550157e 100644
--- a/src/common/dpp.h
+++ b/src/common/dpp.h
@@ -44,12 +44,12 @@ enum dpp_attribute_id {
DPP_ATTR_CONNECTOR = 0x100D,
DPP_ATTR_CONFIG_ATTR_OBJ = 0x100E,
DPP_ATTR_BOOTSTRAP_KEY = 0x100F,
- DPP_ATTR_PEER_NET_PK_HASH = 0x1010,
DPP_ATTR_OWN_NET_NK_HASH = 0x1011,
DPP_ATTR_FINITE_CYCLIC_GROUP = 0x1012,
DPP_ATTR_ENCRYPTED_KEY = 0x1013,
DPP_ATTR_ENROLLEE_NONCE = 0x1014,
DPP_ATTR_CODE_IDENTIFIER = 0x1015,
+ DPP_ATTR_TRANSACTION_ID = 0x1016,
};
enum dpp_status_error {
@@ -201,8 +201,6 @@ struct dpp_introduction {
u8 pmkid[PMKID_LEN];
u8 pmk[PMK_LEN_MAX];
size_t pmk_len;
- u8 pk_hash[SHA256_MAC_LEN];
- u8 nk_hash[SHA256_MAC_LEN];
};
void dpp_bootstrap_info_free(struct dpp_bootstrap_info *info);