Home Explore Help
Register Sign In
wareck
/
krackattacks
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

DPP: Extend protocol testing to cover missing attributes in PKEX

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen 7 years ago
parent
b3e4cc5cbb
commit
61f9f27f80
2 changed files with 98 additions and 1 deletions
Split View Show Diff Stats
  1. 88 1
      src/common/dpp.c
  2. 10 0
      src/common/dpp.h

+ 88 - 1
src/common/dpp.c
View File 

@@ -5522,11 +5522,22 @@ static struct wpabuf * dpp_pkex_build_exchange_req(struct dpp_pkex *pkex)
 
 	if (!msg)
 
 		goto fail;
 
 
+#ifdef CONFIG_TESTING_OPTIONS
 
+	if (dpp_test == DPP_TEST_NO_FINITE_CYCLIC_GROUP_PKEX_EXCHANGE_REQ) {
 
+		wpa_printf(MSG_INFO, "DPP: TESTING - no Finite Cyclic Group");
 
+		goto skip_finite_cyclic_group;
 
+	}
 
+#endif /* CONFIG_TESTING_OPTIONS */
 
+
 
 	/* Finite Cyclic Group attribute */
 
 	wpabuf_put_le16(msg, DPP_ATTR_FINITE_CYCLIC_GROUP);
 
 	wpabuf_put_le16(msg, 2);
 
 	wpabuf_put_le16(msg, curve->ike_group);
 
 
+#ifdef CONFIG_TESTING_OPTIONS
 
+skip_finite_cyclic_group:
 
+#endif /* CONFIG_TESTING_OPTIONS */
 
+
 
 	/* Code Identifier attribute */
 
 	if (pkex->identifier) {
 
 		wpabuf_put_le16(msg, DPP_ATTR_CODE_IDENTIFIER);
 
@@ -5534,6 +5545,13 @@ static struct wpabuf * dpp_pkex_build_exchange_req(struct dpp_pkex *pkex)
 
 		wpabuf_put_str(msg, pkex->identifier);
 
 	}
 
 
+#ifdef CONFIG_TESTING_OPTIONS
 
+	if (dpp_test == DPP_TEST_NO_ENCRYPTED_KEY_PKEX_EXCHANGE_REQ) {
 
+		wpa_printf(MSG_INFO, "DPP: TESTING - no Encrypted Key");
 
+		goto out;
 
+	}
 
+#endif /* CONFIG_TESTING_OPTIONS */
 
+
 
 	/* M in Encrypted Key attribute */
 
 	wpabuf_put_le16(msg, DPP_ATTR_ENCRYPTED_KEY);
 
 	wpabuf_put_le16(msg, 2 * curve->prime_len);
 
@@ -5634,11 +5652,22 @@ static struct wpabuf * dpp_pkex_build_exchange_resp(struct dpp_pkex *pkex,
 
 	if (!msg)
 
 		goto fail;
 
 
+#ifdef CONFIG_TESTING_OPTIONS
 
+	if (dpp_test == DPP_TEST_NO_STATUS_PKEX_EXCHANGE_RESP) {
 
+		wpa_printf(MSG_INFO, "DPP: TESTING - no Status");
 
+		goto skip_status;
 
+	}
 
+#endif /* CONFIG_TESTING_OPTIONS */
 
+
 
 	/* DPP Status */
 
 	wpabuf_put_le16(msg, DPP_ATTR_STATUS);
 
 	wpabuf_put_le16(msg, 1);
 
 	wpabuf_put_u8(msg, DPP_STATUS_OK);
 
 
+#ifdef CONFIG_TESTING_OPTIONS
 
+skip_status:
 
+#endif /* CONFIG_TESTING_OPTIONS */
 
+
 
 	/* Code Identifier attribute */
 
 	if (pkex->identifier) {
 
 		wpabuf_put_le16(msg, DPP_ATTR_CODE_IDENTIFIER);
 
@@ -5646,6 +5675,13 @@ static struct wpabuf * dpp_pkex_build_exchange_resp(struct dpp_pkex *pkex,
 
 		wpabuf_put_str(msg, pkex->identifier);
 
 	}
 
 
+#ifdef CONFIG_TESTING_OPTIONS
 
+	if (dpp_test == DPP_TEST_NO_ENCRYPTED_KEY_PKEX_EXCHANGE_RESP) {
 
+		wpa_printf(MSG_INFO, "DPP: TESTING - no Encrypted Key");
 
+		goto skip_encrypted_key;
 
+	}
 
+#endif /* CONFIG_TESTING_OPTIONS */
 
+
 
 	/* N in Encrypted Key attribute */
 
 	wpabuf_put_le16(msg, DPP_ATTR_ENCRYPTED_KEY);
 
 	wpabuf_put_le16(msg, 2 * curve->prime_len);
 
@@ -5672,6 +5708,9 @@ static struct wpabuf * dpp_pkex_build_exchange_resp(struct dpp_pkex *pkex,
 
 	os_memset(wpabuf_put(msg, offset), 0, offset);
 
 	BN_bn2bin(Ny, wpabuf_put(msg, num_bytes));
 
 
+#ifdef CONFIG_TESTING_OPTIONS
 
+skip_encrypted_key:
 
+#endif /* CONFIG_TESTING_OPTIONS */
 
 	return msg;
 
 fail:
 
 	wpabuf_free(msg);
 
@@ -5930,16 +5969,39 @@ dpp_pkex_build_commit_reveal_req(struct dpp_pkex *pkex,
 
 	if (!clear || !msg)
 
 		goto fail;
 
 
+#ifdef CONFIG_TESTING_OPTIONS
 
+	if (dpp_test == DPP_TEST_NO_BOOTSTRAP_KEY_PKEX_CR_REQ) {
 
+		wpa_printf(MSG_INFO, "DPP: TESTING - no Bootstrap Key");
 
+		goto skip_bootstrap_key;
 
+	}
 
+#endif /* CONFIG_TESTING_OPTIONS */
 
+
 
 	/* A in Bootstrap Key attribute */
 
 	wpabuf_put_le16(clear, DPP_ATTR_BOOTSTRAP_KEY);
 
 	wpabuf_put_le16(clear, wpabuf_len(A_pub));
 
 	wpabuf_put_buf(clear, A_pub);
 
 
+#ifdef CONFIG_TESTING_OPTIONS
 
+skip_bootstrap_key:
 
+	if (dpp_test == DPP_TEST_NO_I_AUTH_TAG_PKEX_CR_REQ) {
 
+		wpa_printf(MSG_INFO, "DPP: TESTING - no I-Auth tag");
 
+		goto skip_i_auth_tag;
 
+	}
 
+#endif /* CONFIG_TESTING_OPTIONS */
 
+
 
 	/* u in I-Auth tag attribute */
 
 	wpabuf_put_le16(clear, DPP_ATTR_I_AUTH_TAG);
 
 	wpabuf_put_le16(clear, curve->hash_len);
 
 	wpabuf_put_data(clear, u, curve->hash_len);
 
 
+#ifdef CONFIG_TESTING_OPTIONS
 
+skip_i_auth_tag:
 
+	if (dpp_test == DPP_TEST_NO_WRAPPED_DATA_PKEX_CR_REQ) {
 
+		wpa_printf(MSG_INFO, "DPP: TESTING - no Wrapped Data");
 
+		goto skip_wrapped_data;
 
+	}
 
+#endif /* CONFIG_TESTING_OPTIONS */
 
+
 
 	addr[0] = wpabuf_head_u8(msg) + 2;
 
 	len[0] = DPP_HDR_LEN;
 
 	octet = 0;
 
@@ -5966,6 +6028,7 @@ dpp_pkex_build_commit_reveal_req(struct dpp_pkex *pkex,
 
 		wpabuf_put_le16(msg, DPP_ATTR_TESTING);
 
 		wpabuf_put_le16(msg, 0);
 
 	}
 
+skip_wrapped_data:
 
 #endif /* CONFIG_TESTING_OPTIONS */
 
 
 out:
 
@@ -6180,16 +6243,39 @@ dpp_pkex_build_commit_reveal_resp(struct dpp_pkex *pkex,
 
 	if (!clear || !msg)
 
 		goto fail;
 
 
-	/* A in Bootstrap Key attribute */
 
+#ifdef CONFIG_TESTING_OPTIONS
 
+	if (dpp_test == DPP_TEST_NO_BOOTSTRAP_KEY_PKEX_CR_RESP) {
 
+		wpa_printf(MSG_INFO, "DPP: TESTING - no Bootstrap Key");
 
+		goto skip_bootstrap_key;
 
+	}
 
+#endif /* CONFIG_TESTING_OPTIONS */
 
+
 
+	/* B in Bootstrap Key attribute */
 
 	wpabuf_put_le16(clear, DPP_ATTR_BOOTSTRAP_KEY);
 
 	wpabuf_put_le16(clear, wpabuf_len(B_pub));
 
 	wpabuf_put_buf(clear, B_pub);
 
 
+#ifdef CONFIG_TESTING_OPTIONS
 
+skip_bootstrap_key:
 
+	if (dpp_test == DPP_TEST_NO_R_AUTH_TAG_PKEX_CR_RESP) {
 
+		wpa_printf(MSG_INFO, "DPP: TESTING - no R-Auth tag");
 
+		goto skip_r_auth_tag;
 
+	}
 
+#endif /* CONFIG_TESTING_OPTIONS */
 
+
 
 	/* v in R-Auth tag attribute */
 
 	wpabuf_put_le16(clear, DPP_ATTR_R_AUTH_TAG);
 
 	wpabuf_put_le16(clear, curve->hash_len);
 
 	wpabuf_put_data(clear, v, curve->hash_len);
 
 
+#ifdef CONFIG_TESTING_OPTIONS
 
+skip_r_auth_tag:
 
+	if (dpp_test == DPP_TEST_NO_WRAPPED_DATA_PKEX_CR_RESP) {
 
+		wpa_printf(MSG_INFO, "DPP: TESTING - no Wrapped Data");
 
+		goto skip_wrapped_data;
 
+	}
 
+#endif /* CONFIG_TESTING_OPTIONS */
 
+
 
 	addr[0] = wpabuf_head_u8(msg) + 2;
 
 	len[0] = DPP_HDR_LEN;
 
 	octet = 1;
 
@@ -6216,6 +6302,7 @@ dpp_pkex_build_commit_reveal_resp(struct dpp_pkex *pkex,
 
 		wpabuf_put_le16(msg, DPP_ATTR_TESTING);
 
 		wpabuf_put_le16(msg, 0);
 
 	}
 
+skip_wrapped_data:
 
 #endif /* CONFIG_TESTING_OPTIONS */
 
 
 out:

+ 10 - 0
src/common/dpp.h
View File 

@@ -246,6 +246,16 @@ enum dpp_test_behavior {
 
 	DPP_TEST_INCOMPATIBLE_R_CAPAB_AUTH_RESP = 31,
 
 	DPP_TEST_R_AUTH_MISMATCH_AUTH_RESP = 32,
 
 	DPP_TEST_I_AUTH_MISMATCH_AUTH_CONF = 33,
 
+	DPP_TEST_NO_FINITE_CYCLIC_GROUP_PKEX_EXCHANGE_REQ = 34,
 
+	DPP_TEST_NO_ENCRYPTED_KEY_PKEX_EXCHANGE_REQ = 35,
 
+	DPP_TEST_NO_STATUS_PKEX_EXCHANGE_RESP = 36,
 
+	DPP_TEST_NO_ENCRYPTED_KEY_PKEX_EXCHANGE_RESP = 37,
 
+	DPP_TEST_NO_BOOTSTRAP_KEY_PKEX_CR_REQ = 38,
 
+	DPP_TEST_NO_I_AUTH_TAG_PKEX_CR_REQ = 39,
 
+	DPP_TEST_NO_WRAPPED_DATA_PKEX_CR_REQ = 40,
 
+	DPP_TEST_NO_BOOTSTRAP_KEY_PKEX_CR_RESP = 41,
 
+	DPP_TEST_NO_R_AUTH_TAG_PKEX_CR_RESP = 42,
 
+	DPP_TEST_NO_WRAPPED_DATA_PKEX_CR_RESP = 43,
 
 };
 
 
 extern enum dpp_test_behavior dpp_test;