Home Explore Help
Register Sign In
wareck
/
krackattacks
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

DPP: Check JWS protected header alg against C-sign-key curve

These need to be compatible for the JWS protected header signing to be
valid, so add an explicit check to confirm this.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen 7 years ago
parent
d86b86d034
commit
6095b47905
1 changed files with 25 additions and 2 deletions
Split View Show Diff Stats
  1. 25 2
      src/common/dpp.c

+ 25 - 2
src/common/dpp.c
View File 

@@ -3450,7 +3450,8 @@ fail:
 
 
 
 static struct wpabuf *
 
-dpp_parse_jws_prot_hdr(const u8 *prot_hdr, u16 prot_hdr_len,
 
+dpp_parse_jws_prot_hdr(const struct dpp_curve_params *curve,
 
+		       const u8 *prot_hdr, u16 prot_hdr_len,
 
 		       const EVP_MD **ret_md)
 
 {
 
 	struct json_token *root, *token;
 
@@ -3490,6 +3491,12 @@ dpp_parse_jws_prot_hdr(const u8 *prot_hdr, u16 prot_hdr_len,
 
 	}
 
 	wpa_printf(MSG_DEBUG, "DPP: JWS Protected Header alg=%s",
 
 		   token->string);
 
+	if (os_strcmp(token->string, curve->jws_alg) != 0) {
 
+		wpa_printf(MSG_DEBUG,
 
+			   "DPP: Unexpected JWS Protected Header alg=%s (expected %s based on C-sign-key)",
 
+			   token->string, curve->jws_alg);
 
+		goto fail;
 
+	}
 
 	if (os_strcmp(token->string, "ES256") == 0 ||
 
 	    os_strcmp(token->string, "BS256") == 0)
 
 		*ret_md = EVP_sha256();
 
@@ -3936,7 +3943,22 @@ dpp_process_signed_connector(struct dpp_signed_connector_info *info,
 
 	EVP_MD_CTX *md_ctx = NULL;
 
 	ECDSA_SIG *sig = NULL;
 
 	BIGNUM *r = NULL, *s = NULL;
 
+	const struct dpp_curve_params *curve;
 
+	EC_KEY *eckey;
 
+	const EC_GROUP *group;
 
+	int nid;
 
 
+	eckey = EVP_PKEY_get1_EC_KEY(csign_pub);
 
+	if (!eckey)
 
+		goto fail;
 
+	group = EC_KEY_get0_group(eckey);
 
+	if (!group)
 
+		goto fail;
 
+	nid = EC_GROUP_get_curve_name(group);
 
+	curve = dpp_get_curve_nid(nid);
 
+	if (!curve)
 
+		goto fail;
 
+	wpa_printf(MSG_DEBUG, "DPP: C-sign-key group: %s", curve->jwk_crv);
 
 	os_memset(info, 0, sizeof(*info));
 
 
 	signed_start = pos = connector;
 
@@ -3955,7 +3977,7 @@ dpp_process_signed_connector(struct dpp_signed_connector_info *info,
 
 	wpa_hexdump_ascii(MSG_DEBUG,
 
 			  "DPP: signedConnector - JWS Protected Header",
 
 			  prot_hdr, prot_hdr_len);
 
-	kid = dpp_parse_jws_prot_hdr(prot_hdr, prot_hdr_len, &sign_md);
 
+	kid = dpp_parse_jws_prot_hdr(curve, prot_hdr, prot_hdr_len, &sign_md);
 
 	if (!kid)
 
 		goto fail;
 
 	if (wpabuf_len(kid) != SHA256_MAC_LEN) {
 
@@ -4046,6 +4068,7 @@ dpp_process_signed_connector(struct dpp_signed_connector_info *info,
 
 
 	ret = 0;
 
 fail:
 
+	EC_KEY_free(eckey);
 
 	EVP_MD_CTX_destroy(md_ctx);
 
 	os_free(prot_hdr);
 
 	wpabuf_free(kid);