From 782c89c359c27e46f26a96f05b3c7f475cdd4ca0 Mon Sep 17 00:00:00 2001 From: Dan Harkins Date: Fri, 23 Aug 2024 10:50:36 -0700 Subject: [PATCH] DPP: Support for provisioning SAE password identifiers (Enrollee) DPP supports provisioning of SAE password identifiers to uniquely identify a password if the enrollee indicates support for them. Indicate Enrollee support for that and add the received value into the network profile. I put everything under defines for CONFIG_DPP3 as this is a bleeding edge feature in DPP. This was tested against my DPP reference implementation acting as the Configurator. Signed-off-by: Dan Harkins --- src/common/dpp.c | 12 ++++++++++++ src/common/dpp.h | 6 ++++++ src/common/wpa_ctrl.h | 1 + wpa_supplicant/dpp_supplicant.c | 17 +++++++++++++++++ 4 files changed, 36 insertions(+) diff --git a/src/common/dpp.c b/src/common/dpp.c index 9aa001127..d5d5c8e92 100644 --- a/src/common/dpp.c +++ b/src/common/dpp.c @@ -1035,6 +1035,10 @@ struct wpabuf * dpp_build_conf_req_helper(struct dpp_authentication *auth, json_value_sep(json); json_add_string(json, "pkcs10", csr); } +#ifdef CONFIG_DPP3 + json_value_sep(json); + json_add_int(json, "capabilities", DPP_ENROLLEE_CAPAB_SAE_PW_ID); +#endif /* CONFIG_DPP3 */ if (extra_name && extra_value && extra_name[0] && extra_value[0]) { json_value_sep(json); wpabuf_printf(json, "\"%s\":%s", extra_name, extra_value); @@ -2562,6 +2566,9 @@ static int dpp_parse_cred_legacy(struct dpp_config_obj *conf, if (pass && pass->type == JSON_STRING) { size_t len = os_strlen(pass->string); +#ifdef CONFIG_DPP3 + struct json_token *saepi = json_get_member(cred, "idpass"); +#endif /* CONFIG_DPP3 */ wpa_hexdump_ascii_key(MSG_DEBUG, "DPP: Legacy passphrase", pass->string, len); @@ -2573,6 +2580,11 @@ static int dpp_parse_cred_legacy(struct dpp_config_obj *conf, } os_strlcpy(conf->passphrase, pass->string, sizeof(conf->passphrase)); +#ifdef CONFIG_DPP3 + if (saepi && saepi->type == JSON_STRING) + os_strlcpy(conf->password_id, saepi->string, + sizeof(conf->password_id)); +#endif /* CONFIG_DPP3 */ } else if (psk_hex && psk_hex->type == JSON_STRING) { if (dpp_akm_sae(conf->akm) && !dpp_akm_psk(conf->akm)) { wpa_printf(MSG_DEBUG, diff --git a/src/common/dpp.h b/src/common/dpp.h index 0f843da6a..29d8145f4 100644 --- a/src/common/dpp.h +++ b/src/common/dpp.h @@ -134,6 +134,9 @@ enum dpp_connector_key { #define DPP_MAX_SHARED_SECRET_LEN 66 #define DPP_CP_LEN 64 +/* DPP Configuration Request - Enrollee Capabilities */ +#define DPP_ENROLLEE_CAPAB_SAE_PW_ID BIT(0) + struct dpp_curve_params { const char *name; size_t hash_len; @@ -356,6 +359,9 @@ struct dpp_authentication { u8 ssid_len; int ssid_charset; char passphrase[64]; +#ifdef CONFIG_DPP3 + char password_id[64]; +#endif /* CONFIG_DPP3 */ u8 psk[PMK_LEN]; int psk_set; enum dpp_akm akm; diff --git a/src/common/wpa_ctrl.h b/src/common/wpa_ctrl.h index 1bfe7a2c3..032360827 100644 --- a/src/common/wpa_ctrl.h +++ b/src/common/wpa_ctrl.h @@ -206,6 +206,7 @@ extern "C" { #define DPP_EVENT_CONFOBJ_SSID "DPP-CONFOBJ-SSID " #define DPP_EVENT_CONFOBJ_SSID_CHARSET "DPP-CONFOBJ-SSID-CHARSET " #define DPP_EVENT_CONFOBJ_PASS "DPP-CONFOBJ-PASS " +#define DPP_EVENT_CONFOBJ_IDPASS "DPP-CONFOBJ-IDPASS " #define DPP_EVENT_CONFOBJ_PSK "DPP-CONFOBJ-PSK " #define DPP_EVENT_CONNECTOR "DPP-CONNECTOR " #define DPP_EVENT_C_SIGN_KEY "DPP-C-SIGN-KEY " diff --git a/wpa_supplicant/dpp_supplicant.c b/wpa_supplicant/dpp_supplicant.c index b8bcc38c2..62059ccc8 100644 --- a/wpa_supplicant/dpp_supplicant.c +++ b/wpa_supplicant/dpp_supplicant.c @@ -1418,6 +1418,17 @@ static struct wpa_ssid * wpas_dpp_add_network(struct wpa_supplicant *wpa_s, os_memcpy(ssid->ssid, conf->ssid, conf->ssid_len); ssid->ssid_len = conf->ssid_len; +#ifdef CONFIG_DPP3 + if (conf->akm == DPP_AKM_SAE && conf->password_id[0]) { + size_t len = os_strlen(conf->password_id); + + ssid->sae_password_id = os_zalloc(len + 1); + if (!ssid->sae_password_id) + goto fail; + os_memcpy(ssid->sae_password_id, conf->password_id, len); + } +#endif /* CONFIG_DPP3 */ + if (conf->connector) { if (dpp_akm_dpp(conf->akm)) { ssid->key_mgmt = WPA_KEY_MGMT_DPP; @@ -1696,6 +1707,12 @@ static int wpas_dpp_handle_config_obj(struct wpa_supplicant *wpa_s, wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_CONFOBJ_PSK "%s", hex); } +#ifdef CONFIG_DPP3 + if (conf->password_id[0]) { + wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_CONFOBJ_IDPASS "%s", + conf->password_id); + } +#endif /* CONFIG_DPP3 */ if (conf->c_sign_key) { char *hex; size_t hexlen;