DPP2: Add Connector and C-sign-key in psk/sae credentials for reconfig
If the Enrollee indicates support for DPP R2 or newer, add Connector and C-sign-key in psk/sae credentials (i.e., cases where DPP AKM is not enabled) for reconfiguration. Extend processing of such credentials in wpa_supplicant network profile addition to handle this new case correctly by not setting key_mgmt=DPP based on Connector being present, but by looking at the actual akm value in the config object. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
This commit is contained in:
parent
08ac6f807d
commit
e4eb009d98
3 changed files with 24 additions and 8 deletions
|
@ -708,7 +708,8 @@ static void hostapd_dpp_handle_config_obj(struct hostapd_data *hapd,
|
||||||
* message. */
|
* message. */
|
||||||
wpa_msg(hapd->msg_ctx, MSG_INFO, DPP_EVENT_CONNECTOR "%s",
|
wpa_msg(hapd->msg_ctx, MSG_INFO, DPP_EVENT_CONNECTOR "%s",
|
||||||
conf->connector);
|
conf->connector);
|
||||||
} else if (conf->passphrase[0]) {
|
}
|
||||||
|
if (conf->passphrase[0]) {
|
||||||
char hex[64 * 2 + 1];
|
char hex[64 * 2 + 1];
|
||||||
|
|
||||||
wpa_snprintf_hex(hex, sizeof(hex),
|
wpa_snprintf_hex(hex, sizeof(hex),
|
||||||
|
|
|
@ -5236,7 +5236,7 @@ dpp_build_conf_obj(struct dpp_authentication *auth, enum dpp_netrole netrole,
|
||||||
return NULL;
|
return NULL;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (dpp_akm_dpp(conf->akm))
|
if (dpp_akm_dpp(conf->akm) || (auth->peer_version >= 2 && auth->conf))
|
||||||
return dpp_build_conf_obj_dpp(auth, conf);
|
return dpp_build_conf_obj_dpp(auth, conf);
|
||||||
return dpp_build_conf_obj_legacy(auth, conf);
|
return dpp_build_conf_obj_legacy(auth, conf);
|
||||||
}
|
}
|
||||||
|
@ -6724,6 +6724,7 @@ static int dpp_parse_cred_dpp(struct dpp_authentication *auth,
|
||||||
conf->connector = os_strdup(signed_connector);
|
conf->connector = os_strdup(signed_connector);
|
||||||
|
|
||||||
dpp_copy_csign(conf, csign_pub);
|
dpp_copy_csign(conf, csign_pub);
|
||||||
|
if (dpp_akm_dpp(conf->akm))
|
||||||
dpp_copy_netaccesskey(auth, conf);
|
dpp_copy_netaccesskey(auth, conf);
|
||||||
|
|
||||||
ret = 0;
|
ret = 0;
|
||||||
|
@ -6836,6 +6837,7 @@ static int dpp_parse_conf_obj(struct dpp_authentication *auth,
|
||||||
struct json_token *root, *token, *discovery, *cred;
|
struct json_token *root, *token, *discovery, *cred;
|
||||||
struct dpp_config_obj *conf;
|
struct dpp_config_obj *conf;
|
||||||
struct wpabuf *ssid64 = NULL;
|
struct wpabuf *ssid64 = NULL;
|
||||||
|
int legacy;
|
||||||
|
|
||||||
root = json_parse((const char *) conf_obj, conf_obj_len);
|
root = json_parse((const char *) conf_obj, conf_obj_len);
|
||||||
if (!root)
|
if (!root)
|
||||||
|
@ -6923,10 +6925,21 @@ static int dpp_parse_conf_obj(struct dpp_authentication *auth,
|
||||||
}
|
}
|
||||||
conf->akm = dpp_akm_from_str(token->string);
|
conf->akm = dpp_akm_from_str(token->string);
|
||||||
|
|
||||||
if (dpp_akm_legacy(conf->akm)) {
|
legacy = dpp_akm_legacy(conf->akm);
|
||||||
|
if (legacy && auth->peer_version >= 2) {
|
||||||
|
struct json_token *csign, *s_conn;
|
||||||
|
|
||||||
|
csign = json_get_member(cred, "csign");
|
||||||
|
s_conn = json_get_member(cred, "signedConnector");
|
||||||
|
if (csign && csign->type == JSON_OBJECT &&
|
||||||
|
s_conn && s_conn->type == JSON_STRING)
|
||||||
|
legacy = 0;
|
||||||
|
}
|
||||||
|
if (legacy) {
|
||||||
if (dpp_parse_cred_legacy(conf, cred) < 0)
|
if (dpp_parse_cred_legacy(conf, cred) < 0)
|
||||||
goto fail;
|
goto fail;
|
||||||
} else if (dpp_akm_dpp(conf->akm)) {
|
} else if (dpp_akm_dpp(conf->akm) ||
|
||||||
|
(auth->peer_version >= 2 && dpp_akm_legacy(conf->akm))) {
|
||||||
if (dpp_parse_cred_dpp(auth, conf, cred) < 0)
|
if (dpp_parse_cred_dpp(auth, conf, cred) < 0)
|
||||||
goto fail;
|
goto fail;
|
||||||
} else {
|
} else {
|
||||||
|
|
|
@ -1100,8 +1100,10 @@ static struct wpa_ssid * wpas_dpp_add_network(struct wpa_supplicant *wpa_s,
|
||||||
ssid->ssid_len = conf->ssid_len;
|
ssid->ssid_len = conf->ssid_len;
|
||||||
|
|
||||||
if (conf->connector) {
|
if (conf->connector) {
|
||||||
|
if (dpp_akm_dpp(conf->akm)) {
|
||||||
ssid->key_mgmt = WPA_KEY_MGMT_DPP;
|
ssid->key_mgmt = WPA_KEY_MGMT_DPP;
|
||||||
ssid->ieee80211w = MGMT_FRAME_PROTECTION_REQUIRED;
|
ssid->ieee80211w = MGMT_FRAME_PROTECTION_REQUIRED;
|
||||||
|
}
|
||||||
ssid->dpp_connector = os_strdup(conf->connector);
|
ssid->dpp_connector = os_strdup(conf->connector);
|
||||||
if (!ssid->dpp_connector)
|
if (!ssid->dpp_connector)
|
||||||
goto fail;
|
goto fail;
|
||||||
|
@ -1130,7 +1132,7 @@ static struct wpa_ssid * wpas_dpp_add_network(struct wpa_supplicant *wpa_s,
|
||||||
|
|
||||||
if (!conf->connector || dpp_akm_psk(conf->akm) ||
|
if (!conf->connector || dpp_akm_psk(conf->akm) ||
|
||||||
dpp_akm_sae(conf->akm)) {
|
dpp_akm_sae(conf->akm)) {
|
||||||
if (!conf->connector)
|
if (!conf->connector || !dpp_akm_dpp(conf->akm))
|
||||||
ssid->key_mgmt = 0;
|
ssid->key_mgmt = 0;
|
||||||
if (dpp_akm_psk(conf->akm))
|
if (dpp_akm_psk(conf->akm))
|
||||||
ssid->key_mgmt |= WPA_KEY_MGMT_PSK |
|
ssid->key_mgmt |= WPA_KEY_MGMT_PSK |
|
||||||
|
|
Loading…
Reference in a new issue