From 2cbbcb74347172edbfe8eff0863103712076ee10 Mon Sep 17 00:00:00 2001 From: Denis Kenzior Date: Sun, 28 Aug 2016 02:54:35 -0500 Subject: [PATCH] eap-wsc: Load settings related to DevicePassword DevicePassword is the PIN, either static, dynamically generated or entered by the user. For PushButton mode, DevicePassword is set to '00000000'. It can also be provided via external means, such as NFC. This patch allows DevicePassword to be externally configured into the EAP-WSC layer. Optionally, the secret nonce values can also be provided for testing purposes. If omitted, they will be generated using l_getrandom. --- src/eap-wsc.c | 41 +++++++++++++++++++++++++++++++++++++++++ 1 file changed, 41 insertions(+) diff --git a/src/eap-wsc.c b/src/eap-wsc.c index 477b6917..a915788a 100644 --- a/src/eap-wsc.c +++ b/src/eap-wsc.c @@ -42,6 +42,9 @@ static struct l_key *dh5_prime; struct eap_wsc_state { struct wsc_m1 *m1; struct l_key *private; + char *device_password; + uint8_t e_snonce1[16]; + uint8_t e_snonce2[16]; }; static int eap_wsc_probe(struct eap_state *eap, const char *name) @@ -64,6 +67,7 @@ static void eap_wsc_remove(struct eap_state *eap) eap_set_data(eap, NULL); + l_free(wsc->device_password); l_key_free(wsc->private); l_free(wsc->m1); l_free(wsc); @@ -155,6 +159,7 @@ static bool eap_wsc_load_settings(struct eap_state *eap, uint8_t private_key[192]; size_t len; unsigned int u32; + const char *device_password; wsc->m1 = l_new(struct wsc_m1, 1); wsc->m1->version2 = true; @@ -256,6 +261,42 @@ static bool eap_wsc_load_settings(struct eap_state *eap, wsc->m1->os_version = u32 & 0x7fffffff; + device_password = l_settings_get_string(settings, "WSC", + "DevicePassword"); + if (device_password) { + int i; + + for (i = 0; device_password[i]; i++) { + if (!l_ascii_isxdigit(device_password[i])) + return false; + } + + if (i < 8) + return false; + + wsc->device_password = strdup(device_password); + /* + * WSC 2.0.5: Section 7.4: + * If an out-of-band mechanism is used as the configuration + * method, the device password is expressed in hexadecimal + * using ASCII character (two characters per octet, uppercase + * letters only). + */ + for (i = 0; wsc->device_password[i]; i++) { + if (wsc->device_password[i] >= 'a' && + wsc->device_password[i] <= 'f') + wsc->device_password[i] = + 'A' + wsc->device_password[i] - 'a'; + } + } else + wsc->device_password = strdup("00000000"); + + if (!load_hexencoded(settings, "E-SNonce1", wsc->e_snonce1, 16)) + l_getrandom(wsc->e_snonce1, 16); + + if (!load_hexencoded(settings, "E-SNonce2", wsc->e_snonce2, 16)) + l_getrandom(wsc->e_snonce2, 16); + return true; }