From 68fea96038bd46d1204d816a87c206f92406c684 Mon Sep 17 00:00:00 2001 From: Jouni Malinen Date: Fri, 27 Sep 2019 02:30:33 +0300 Subject: [PATCH] DPP2: Allow Configurator to use AKM suite selectors in Config Object The new use_akm_selector=1 value to Configurator parameters can now be used to request a list of AKM suite selectors to be used in the Configuration Object if the Enrollee supports version 2 or newer. Signed-off-by: Jouni Malinen --- src/common/dpp.c | 41 +++++++++++++++++++++++++++++++++++++++-- src/common/dpp.h | 2 ++ 2 files changed, 41 insertions(+), 2 deletions(-) diff --git a/src/common/dpp.c b/src/common/dpp.c index fbad03eeb..4aa279aad 100644 --- a/src/common/dpp.c +++ b/src/common/dpp.c @@ -4585,6 +4585,12 @@ int dpp_set_configurator(struct dpp_global *dpp, void *msg_ctx, auth->send_conn_status = atoi(pos); } + pos = os_strstr(cmd, " akm_use_selector="); + if (pos) { + pos += 18; + auth->akm_use_selector = atoi(pos); + } + if (dpp_configuration_parse(auth, cmd) < 0) { wpa_msg(msg_ctx, MSG_INFO, "DPP: Failed to set configurator parameters"); @@ -4761,6 +4767,7 @@ dpp_build_conf_obj_dpp(struct dpp_authentication *auth, size_t extra_len = 1000; int incl_legacy; enum dpp_akm akm; + const char *akm_str; if (!auth->conf) { wpa_printf(MSG_INFO, @@ -4914,7 +4921,11 @@ skip_groups: if (!buf) goto fail; - wpabuf_printf(buf, "\"cred\":{\"akm\":\"%s\",", dpp_akm_str(akm)); + if (auth->akm_use_selector && dpp_akm_ver2(akm)) + akm_str = dpp_akm_selector_str(akm); + else + akm_str = dpp_akm_str(akm); + wpabuf_printf(buf, "\"cred\":{\"akm\":\"%s\",", akm_str); if (incl_legacy) { dpp_build_legacy_cred_params(buf, conf); wpabuf_put_str(buf, ","); @@ -4959,12 +4970,17 @@ dpp_build_conf_obj_legacy(struct dpp_authentication *auth, struct dpp_configuration *conf) { struct wpabuf *buf; + const char *akm_str; buf = dpp_build_conf_start(auth, conf, 1000); if (!buf) return NULL; - wpabuf_printf(buf, "\"cred\":{\"akm\":\"%s\",", dpp_akm_str(conf->akm)); + if (auth->akm_use_selector && dpp_akm_ver2(conf->akm)) + akm_str = dpp_akm_selector_str(conf->akm); + else + akm_str = dpp_akm_str(conf->akm); + wpabuf_printf(buf, "\"cred\":{\"akm\":\"%s\",", akm_str); dpp_build_legacy_cred_params(buf, conf); wpabuf_put_str(buf, "}}"); @@ -6024,6 +6040,27 @@ const char * dpp_akm_str(enum dpp_akm akm) } +const char * dpp_akm_selector_str(enum dpp_akm akm) +{ + switch (akm) { + case DPP_AKM_DPP: + return "506F9A02"; + case DPP_AKM_PSK: + return "000FAC02+000FAC06"; + case DPP_AKM_SAE: + return "000FAC08"; + case DPP_AKM_PSK_SAE: + return "000FAC02+000FAC06+000FAC08"; + case DPP_AKM_SAE_DPP: + return "506F9A02+000FAC08"; + case DPP_AKM_PSK_SAE_DPP: + return "506F9A02+000FAC08+000FAC02+000FAC06"; + default: + return "??"; + } +} + + static enum dpp_akm dpp_akm_from_str(const char *akm) { if (os_strcmp(akm, "psk") == 0) diff --git a/src/common/dpp.h b/src/common/dpp.h index 5c1c83c3e..0be26d7e3 100644 --- a/src/common/dpp.h +++ b/src/common/dpp.h @@ -258,6 +258,7 @@ struct dpp_authentication { os_time_t net_access_key_expiry; int send_conn_status; int conn_status_requested; + int akm_use_selector; #ifdef CONFIG_TESTING_OPTIONS char *config_obj_override; char *discovery_override; @@ -478,6 +479,7 @@ const u8 * dpp_get_attr(const u8 *buf, size_t len, u16 req_id, u16 *ret_len); int dpp_check_attrs(const u8 *buf, size_t len); int dpp_key_expired(const char *timestamp, os_time_t *expiry); const char * dpp_akm_str(enum dpp_akm akm); +const char * dpp_akm_selector_str(enum dpp_akm akm); int dpp_configurator_get_key(const struct dpp_configurator *conf, char *buf, size_t buflen); void dpp_configurator_free(struct dpp_configurator *conf);