aboutsummaryrefslogtreecommitdiffstats
path: root/src/common
diff options
context:
space:
mode:
authorJouni Malinen <jouni@codeaurora.org>2020-04-03 12:47:18 (GMT)
committerJouni Malinen <j@w1.fi>2020-04-03 13:27:52 (GMT)
commit512b6c02e0f347b30666d5d747da9f9129b1a5b9 (patch)
tree9ebc12a18fb540bf6e3be569f482bf3e5fb43019 /src/common
parent4b9a1ba0ad52d2723e55da10c92984fb1e4eaf79 (diff)
downloadhostap-512b6c02e0f347b30666d5d747da9f9129b1a5b9.zip
hostap-512b6c02e0f347b30666d5d747da9f9129b1a5b9.tar.gz
hostap-512b6c02e0f347b30666d5d747da9f9129b1a5b9.tar.bz2
DPP: Mandate mutual auth with NFC negotiated connection handover
Mark own bootstrap information as having been used in NFC negotiated connection handover and do not accept non-mutual authentication when processing Authentication Response from the peer when such bootstrapping information is used. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Diffstat (limited to 'src/common')
-rw-r--r--src/common/dpp.c8
-rw-r--r--src/common/dpp.h2
2 files changed, 10 insertions, 0 deletions
diff --git a/src/common/dpp.c b/src/common/dpp.c
index ae4ed3f..c4ee9b8 100644
--- a/src/common/dpp.c
+++ b/src/common/dpp.c
@@ -3952,6 +3952,14 @@ dpp_auth_resp_rx(struct dpp_authentication *auth, const u8 *hdr,
dpp_auth_fail(auth,
"Missing Initiator Bootstrapping Key Hash attribute");
return NULL;
+ } else if (auth->own_bi &&
+ auth->own_bi->type == DPP_BOOTSTRAP_NFC_URI &&
+ auth->own_bi->nfc_negotiated) {
+ /* NFC negotiated connection handover bootstrapping mandates
+ * use of mutual authentication */
+ dpp_auth_fail(auth,
+ "Missing Initiator Bootstrapping Key Hash attribute");
+ return NULL;
}
auth->peer_version = 1; /* default to the first version */
diff --git a/src/common/dpp.h b/src/common/dpp.h
index 61be218..afbedc5 100644
--- a/src/common/dpp.h
+++ b/src/common/dpp.h
@@ -138,6 +138,8 @@ struct dpp_bootstrap_info {
const struct dpp_curve_params *curve;
unsigned int pkex_t; /* number of failures before dpp_pkex
* instantiation */
+ int nfc_negotiated; /* whether this has been used in NFC negotiated
+ * connection handover */
char *configurator_params;
};