Home Explore Help
Register Sign In
wareck
/
krackattacks
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

DPP: Update AES-SIV AD for PKEX frames

The protocol design was updated to protect the six octets in the header
before the attributes.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen 7 years ago
parent
dc4d271c6d
commit
4be5bc98a8
4 changed files with 50 additions and 31 deletions
Split View Show Diff Stats
  1. 9 7
      src/ap/dpp_hostapd.c
  2. 30 17
      src/common/dpp.c
  3. 2 1
      src/common/dpp.h
  4. 9 6
      wpa_supplicant/dpp_supplicant.c

+ 9 - 7
src/ap/dpp_hostapd.c
View File 

@@ -987,7 +987,8 @@ static void hostapd_dpp_rx_peer_disc_req(struct hostapd_data *hapd,
 
 
 static void
 
 hostapd_dpp_rx_pkex_exchange_req(struct hostapd_data *hapd, const u8 *src,
 
-				 const u8 *buf, size_t len, unsigned int freq)
 
+				 const u8 *buf, size_t len,
 
+				 unsigned int freq)
 
 {
 
 	struct wpabuf *msg;
 
 
@@ -1063,7 +1064,7 @@ hostapd_dpp_rx_pkex_exchange_resp(struct hostapd_data *hapd, const u8 *src,
 
 
 static void
 
 hostapd_dpp_rx_pkex_commit_reveal_req(struct hostapd_data *hapd, const u8 *src,
 
-				      const u8 *buf, size_t len,
 
+				      const u8 *hdr, const u8 *buf, size_t len,
 
 				      unsigned int freq)
 
 {
 
 	struct wpabuf *msg;
 
@@ -1078,7 +1079,7 @@ hostapd_dpp_rx_pkex_commit_reveal_req(struct hostapd_data *hapd, const u8 *src,
 
 		return;
 
 	}
 
 
-	msg = dpp_pkex_rx_commit_reveal_req(pkex, buf, len);
 
+	msg = dpp_pkex_rx_commit_reveal_req(pkex, hdr, buf, len);
 
 	if (!msg) {
 
 		wpa_printf(MSG_DEBUG, "DPP: Failed to process the request");
 
 		return;
 
@@ -1114,7 +1115,7 @@ hostapd_dpp_rx_pkex_commit_reveal_req(struct hostapd_data *hapd, const u8 *src,
 
 
 static void
 
 hostapd_dpp_rx_pkex_commit_reveal_resp(struct hostapd_data *hapd, const u8 *src,
 
-				       const u8 *buf, size_t len,
 
+				       const u8 *hdr, const u8 *buf, size_t len,
 
 				       unsigned int freq)
 
 {
 
 	int res;
 
@@ -1130,7 +1131,7 @@ hostapd_dpp_rx_pkex_commit_reveal_resp(struct hostapd_data *hapd, const u8 *src,
 
 		return;
 
 	}
 
 
-	res = dpp_pkex_rx_commit_reveal_resp(pkex, buf, len);
 
+	res = dpp_pkex_rx_commit_reveal_resp(pkex, hdr, buf, len);
 
 	if (res < 0) {
 
 		wpa_printf(MSG_DEBUG, "DPP: Failed to process the response");
 
 		return;
 
@@ -1222,10 +1223,11 @@ void hostapd_dpp_rx_action(struct hostapd_data *hapd, const u8 *src,
 
 		hostapd_dpp_rx_pkex_exchange_resp(hapd, src, buf, len, freq);
 
 		break;
 
 	case DPP_PA_PKEX_COMMIT_REVEAL_REQ:
 
-		hostapd_dpp_rx_pkex_commit_reveal_req(hapd, src, buf, len, freq);
 
+		hostapd_dpp_rx_pkex_commit_reveal_req(hapd, src, hdr, buf, len,
 
+						      freq);
 
 		break;
 
 	case DPP_PA_PKEX_COMMIT_REVEAL_RESP:
 
-		hostapd_dpp_rx_pkex_commit_reveal_resp(hapd, src, buf, len,
 
+		hostapd_dpp_rx_pkex_commit_reveal_resp(hapd, src, hdr, buf, len,
 
 						       freq);
 
 		break;
 
 	default:

+ 30 - 17
src/common/dpp.c
View File 

@@ -5574,10 +5574,13 @@ struct wpabuf * dpp_pkex_rx_exchange_resp(struct dpp_pkex *pkex,
 
 	wpabuf_put_le16(clear, curve->hash_len);
 
 	wpabuf_put_data(clear, u, curve->hash_len);
 
 
+	addr[0] = wpabuf_head_u8(msg) + 2;
 
+	len[0] = DPP_HDR_LEN;
 
 	octet = 0;
 
-	addr[0] = &octet;
 
-	len[0] = sizeof(octet);
 
-	wpa_hexdump(MSG_DEBUG, "DDP: AES-SIV AD", addr[0], len[0]);
 
+	addr[1] = &octet;
 
+	len[1] = sizeof(octet);
 
+	wpa_hexdump(MSG_DEBUG, "DDP: AES-SIV AD[0]", addr[0], len[0]);
 
+	wpa_hexdump(MSG_DEBUG, "DDP: AES-SIV AD[1]", addr[1], len[1]);
 
 
 	wpabuf_put_le16(msg, DPP_ATTR_WRAPPED_DATA);
 
 	wpabuf_put_le16(msg, wpabuf_len(clear) + AES_BLOCK_SIZE);
 
@@ -5586,7 +5589,7 @@ struct wpabuf * dpp_pkex_rx_exchange_resp(struct dpp_pkex *pkex,
 
 	wpa_hexdump_buf(MSG_DEBUG, "DPP: AES-SIV cleartext", clear);
 
 	if (aes_siv_encrypt(pkex->z, curve->hash_len,
 
 			    wpabuf_head(clear), wpabuf_len(clear),
 
-			    1, addr, len, wrapped) < 0)
 
+			    2, addr, len, wrapped) < 0)
 
 		goto fail;
 
 	wpa_hexdump(MSG_DEBUG, "DPP: AES-SIV ciphertext",
 
 		    wrapped, wpabuf_len(clear) + AES_BLOCK_SIZE);
 
@@ -5614,6 +5617,7 @@ fail:
 
 
 
 struct wpabuf * dpp_pkex_rx_commit_reveal_req(struct dpp_pkex *pkex,
 
+					      const u8 *hdr,
 
 					      const u8 *buf, size_t buflen)
 
 {
 
 	const struct dpp_curve_params *curve = pkex->own_bi->curve;
 
@@ -5678,14 +5682,17 @@ struct wpabuf * dpp_pkex_rx_commit_reveal_req(struct dpp_pkex *pkex,
 
 	if (!unwrapped)
 
 		goto fail;
 
 
+	addr[0] = hdr;
 
+	len[0] = DPP_HDR_LEN;
 
 	octet = 0;
 
-	addr[0] = &octet;
 
-	len[0] = sizeof(octet);
 
-	wpa_hexdump(MSG_DEBUG, "DDP: AES-SIV AD", addr[0], len[0]);
 
+	addr[1] = &octet;
 
+	len[1] = sizeof(octet);
 
+	wpa_hexdump(MSG_DEBUG, "DDP: AES-SIV AD[0]", addr[0], len[0]);
 
+	wpa_hexdump(MSG_DEBUG, "DDP: AES-SIV AD[1]", addr[1], len[1]);
 
 
 	if (aes_siv_decrypt(pkex->z, curve->hash_len,
 
 			    wrapped_data, wrapped_data_len,
 
-			    1, addr, len, unwrapped) < 0) {
 
+			    2, addr, len, unwrapped) < 0) {
 
 		wpa_printf(MSG_DEBUG, "DPP: AES-SIV decryption failed");
 
 		goto fail;
 
 	}
 
@@ -5811,10 +5818,13 @@ struct wpabuf * dpp_pkex_rx_commit_reveal_req(struct dpp_pkex *pkex,
 
 	wpabuf_put_le16(clear, curve->hash_len);
 
 	wpabuf_put_data(clear, v, curve->hash_len);
 
 
+	addr[0] = wpabuf_head_u8(msg) + 2;
 
+	len[0] = DPP_HDR_LEN;
 
 	octet = 1;
 
-	addr[0] = &octet;
 
-	len[0] = sizeof(octet);
 
-	wpa_hexdump(MSG_DEBUG, "DDP: AES-SIV AD", addr[0], len[0]);
 
+	addr[1] = &octet;
 
+	len[1] = sizeof(octet);
 
+	wpa_hexdump(MSG_DEBUG, "DDP: AES-SIV AD[0]", addr[0], len[0]);
 
+	wpa_hexdump(MSG_DEBUG, "DDP: AES-SIV AD[1]", addr[1], len[1]);
 
 
 	wpabuf_put_le16(msg, DPP_ATTR_WRAPPED_DATA);
 
 	wpabuf_put_le16(msg, wpabuf_len(clear) + AES_BLOCK_SIZE);
 
@@ -5823,7 +5833,7 @@ struct wpabuf * dpp_pkex_rx_commit_reveal_req(struct dpp_pkex *pkex,
 
 	wpa_hexdump_buf(MSG_DEBUG, "DPP: AES-SIV cleartext", clear);
 
 	if (aes_siv_encrypt(pkex->z, curve->hash_len,
 
 			    wpabuf_head(clear), wpabuf_len(clear),
 
-			    1, addr, len, wrapped) < 0)
 
+			    2, addr, len, wrapped) < 0)
 
 		goto fail;
 
 	wpa_hexdump(MSG_DEBUG, "DPP: AES-SIV ciphertext",
 
 		    wrapped, wpabuf_len(clear) + AES_BLOCK_SIZE);
 
@@ -5843,7 +5853,7 @@ fail:
 
 }
 
 
 
-int dpp_pkex_rx_commit_reveal_resp(struct dpp_pkex *pkex,
 
+int dpp_pkex_rx_commit_reveal_resp(struct dpp_pkex *pkex, const u8 *hdr,
 
 				   const u8 *buf, size_t buflen)
 
 {
 
 	const struct dpp_curve_params *curve = pkex->own_bi->curve;
 
@@ -5876,14 +5886,17 @@ int dpp_pkex_rx_commit_reveal_resp(struct dpp_pkex *pkex,
 
 	if (!unwrapped)
 
 		goto fail;
 
 
+	addr[0] = hdr;
 
+	len[0] = DPP_HDR_LEN;
 
 	octet = 1;
 
-	addr[0] = &octet;
 
-	len[0] = sizeof(octet);
 
-	wpa_hexdump(MSG_DEBUG, "DDP: AES-SIV AD", addr[0], len[0]);
 
+	addr[1] = &octet;
 
+	len[1] = sizeof(octet);
 
+	wpa_hexdump(MSG_DEBUG, "DDP: AES-SIV AD[0]", addr[0], len[0]);
 
+	wpa_hexdump(MSG_DEBUG, "DDP: AES-SIV AD[1]", addr[1], len[1]);
 
 
 	if (aes_siv_decrypt(pkex->z, curve->hash_len,
 
 			    wrapped_data, wrapped_data_len,
 
-			    1, addr, len, unwrapped) < 0) {
 
+			    2, addr, len, unwrapped) < 0) {
 
 		wpa_printf(MSG_DEBUG, "DPP: AES-SIV decryption failed");
 
 		goto fail;
 
 	}

+ 2 - 1
src/common/dpp.h
View File 

@@ -268,8 +268,9 @@ struct dpp_pkex * dpp_pkex_rx_exchange_req(struct dpp_bootstrap_info *bi,
 
 struct wpabuf * dpp_pkex_rx_exchange_resp(struct dpp_pkex *pkex,
 
 					  const u8 *buf, size_t len);
 
 struct wpabuf * dpp_pkex_rx_commit_reveal_req(struct dpp_pkex *pkex,
 
+					      const u8 *hdr,
 
 					      const u8 *buf, size_t len);
 
-int dpp_pkex_rx_commit_reveal_resp(struct dpp_pkex *pkex,
 
+int dpp_pkex_rx_commit_reveal_resp(struct dpp_pkex *pkex, const u8 *hdr,
 
 				   const u8 *buf, size_t len);
 
 void dpp_pkex_free(struct dpp_pkex *pkex);

+ 9 - 6
wpa_supplicant/dpp_supplicant.c
View File 

@@ -1441,7 +1441,8 @@ wpas_dpp_rx_pkex_exchange_resp(struct wpa_supplicant *wpa_s, const u8 *src,
 
 
 static void
 
 wpas_dpp_rx_pkex_commit_reveal_req(struct wpa_supplicant *wpa_s, const u8 *src,
 
-				   const u8 *buf, size_t len, unsigned int freq)
 
+				   const u8 *hdr, const u8 *buf, size_t len,
 
+				   unsigned int freq)
 
 {
 
 	struct wpabuf *msg;
 
 	unsigned int wait_time;
 
@@ -1456,7 +1457,7 @@ wpas_dpp_rx_pkex_commit_reveal_req(struct wpa_supplicant *wpa_s, const u8 *src,
 
 		return;
 
 	}
 
 
-	msg = dpp_pkex_rx_commit_reveal_req(pkex, buf, len);
 
+	msg = dpp_pkex_rx_commit_reveal_req(pkex, hdr, buf, len);
 
 	if (!msg) {
 
 		wpa_printf(MSG_DEBUG, "DPP: Failed to process the request");
 
 		return;
 
@@ -1497,7 +1498,7 @@ wpas_dpp_rx_pkex_commit_reveal_req(struct wpa_supplicant *wpa_s, const u8 *src,
 
 
 static void
 
 wpas_dpp_rx_pkex_commit_reveal_resp(struct wpa_supplicant *wpa_s, const u8 *src,
 
-				    const u8 *buf, size_t len,
 
+				    const u8 *hdr, const u8 *buf, size_t len,
 
 				    unsigned int freq)
 
 {
 
 	int res;
 
@@ -1513,7 +1514,7 @@ wpas_dpp_rx_pkex_commit_reveal_resp(struct wpa_supplicant *wpa_s, const u8 *src,
 
 		return;
 
 	}
 
 
-	res = dpp_pkex_rx_commit_reveal_resp(pkex, buf, len);
 
+	res = dpp_pkex_rx_commit_reveal_resp(pkex, hdr, buf, len);
 
 	if (res < 0) {
 
 		wpa_printf(MSG_DEBUG, "DPP: Failed to process the response");
 
 		return;
 
@@ -1605,10 +1606,12 @@ void wpas_dpp_rx_action(struct wpa_supplicant *wpa_s, const u8 *src,
 
 		wpas_dpp_rx_pkex_exchange_resp(wpa_s, src, buf, len, freq);
 
 		break;
 
 	case DPP_PA_PKEX_COMMIT_REVEAL_REQ:
 
-		wpas_dpp_rx_pkex_commit_reveal_req(wpa_s, src, buf, len, freq);
 
+		wpas_dpp_rx_pkex_commit_reveal_req(wpa_s, src, hdr, buf, len,
 
+						   freq);
 
 		break;
 
 	case DPP_PA_PKEX_COMMIT_REVEAL_RESP:
 
-		wpas_dpp_rx_pkex_commit_reveal_resp(wpa_s, src, buf, len, freq);
 
+		wpas_dpp_rx_pkex_commit_reveal_resp(wpa_s, src, hdr, buf, len,
 
+						    freq);
 
 		break;
 
 	default:
 
 		wpa_printf(MSG_DEBUG,