[PATCH 4/4] DPP: Update test for BoringSSL

Cedric Izoard cedric.izoard at ceva-dsp.com
Fri Oct 29 02:05:33 PDT 2021 

From: "(4401 440) Cedric Izoard (France)" <cedric.izoard at ceva-dsp.com>

- When checking DPP capabilities the brainpool flag was not always set
when needed, leading to run test with brainpool curves not supported by
BoringSSL.

- Use short form for the DER length of EC privateKey with p-521 curve.
Indeed BoringSSL returns an error when parsing DER sequence 30 81 50
... because the length 81 50 could have been encoded as 50 and
according comment in BoringSSL:
ITU-T X.690 section 10.1 (DER length forms) requires encoding the
length with the minimum number of octets.

Signed-off-by: Cedric Izoard <cedric.izoard at ceva-dsp.com>
---
 tests/hwsim/test_dpp.py | 14 +++++++++-----
 1 file changed, 9 insertions(+), 5 deletions(-)

diff --git a/tests/hwsim/test_dpp.py b/tests/hwsim/test_dpp.py
index efcdb318c..e7e59051b 100644
--- a/tests/hwsim/test_dpp.py
+++ b/tests/hwsim/test_dpp.py
@@ -369,8 +369,10 @@ def run_dpp_qr_code_auth_unicast(dev, apdev, curve, netrole=None, key=None,
                                  require_conf_failure=False,
                                  configurator=False, conf_curve=None,
                                  conf=None, qr=None, stop_responder=True):
-    check_dpp_capab(dev[0], curve and "brainpool" in curve)
-    check_dpp_capab(dev[1], curve and "brainpool" in curve)
+    check_dpp_capab(dev[0], (curve and "brainpool" in curve) or
+                    (conf_curve and "brainpool" in conf_curve))
+    check_dpp_capab(dev[1], (curve and "brainpool" in curve) or
+                    (conf_curve and "brainpool" in conf_curve))
     if configurator:
         conf_id = dev[1].dpp_configurator_add(curve=conf_curve)
     else:
@@ -1751,8 +1753,10 @@ def update_hapd_config(hapd):
 
 def run_dpp_ap_config(dev, apdev, curve=None, conf_curve=None,
                       reconf_configurator=False):
-    check_dpp_capab(dev[0])
-    check_dpp_capab(dev[1])
+    check_dpp_capab(dev[0], (curve and "BP-" in curve) or
+                    (conf_curve and "BP-" in conf_curve))
+    check_dpp_capab(dev[1], (curve and "BP-" in curve) or
+                    (conf_curve and "BP-" in conf_curve))
     hapd = hostapd.add_ap(apdev[0], {"ssid": "unconfigured"})
     check_dpp_capab(hapd)
 
@@ -2214,7 +2218,7 @@ def test_dpp_test_vector_p_256_b(dev, apdev):
 def der_priv_key_p_521(priv):
     if len(priv) != 2 * 66:
         raise Exception("Unexpected der_priv_key_p_521 parameter: " + priv)
-    der_prefix = "3081500201010442"
+    der_prefix = "30500201010442"
     der_postfix = "a00706052b81040023"
     return der_prefix + priv + der_postfix
 
-- 
2.25.1

More information about the Hostap mailing list