From 5a5639b0682379606a465515a7a04825ba6f307b Mon Sep 17 00:00:00 2001 From: Jouni Malinen Date: Tue, 17 Sep 2019 13:36:22 +0300 Subject: [PATCH] DPP: Allow name and mudurl to be configured for Config Request The new hostapd and wpa_supplicant configuration parameters dpp_name and dpp_mud_url can now be used to set a specific name and MUD URL for the Enrollee to use in the Configuration Request. dpp_name replaces the previously hardcoded "Test" string (which is still the default if an explicit configuration entry is not included). dpp_mud_url can optionally be used to add a MUD URL to describe the Enrollee device. Signed-off-by: Jouni Malinen --- hostapd/config_file.c | 6 +++ hostapd/hostapd.conf | 14 ++++++ src/ap/ap_config.c | 2 + src/ap/ap_config.h | 2 + src/ap/dpp_hostapd.c | 12 +---- src/common/dpp.c | 75 +++++++++++++++++++++++------- src/common/dpp.h | 3 ++ wpa_supplicant/config.c | 6 +++ wpa_supplicant/config.h | 10 ++++ wpa_supplicant/dpp_supplicant.c | 18 ++----- wpa_supplicant/wpa_supplicant.conf | 20 ++++++++ 11 files changed, 127 insertions(+), 41 deletions(-) diff --git a/hostapd/config_file.c b/hostapd/config_file.c index 0d340d252..db9d58206 100644 --- a/hostapd/config_file.c +++ b/hostapd/config_file.c @@ -4327,6 +4327,12 @@ static int hostapd_config_fill(struct hostapd_config *conf, } else if (os_strcmp(buf, "broadcast_deauth") == 0) { bss->broadcast_deauth = atoi(pos); #ifdef CONFIG_DPP + } else if (os_strcmp(buf, "dpp_name") == 0) { + os_free(bss->dpp_name); + bss->dpp_name = os_strdup(pos); + } else if (os_strcmp(buf, "dpp_mud_url") == 0) { + os_free(bss->dpp_mud_url); + bss->dpp_mud_url = os_strdup(pos); } else if (os_strcmp(buf, "dpp_connector") == 0) { os_free(bss->dpp_connector); bss->dpp_connector = os_strdup(pos); diff --git a/hostapd/hostapd.conf b/hostapd/hostapd.conf index a3c698480..e6d847229 100644 --- a/hostapd/hostapd.conf +++ b/hostapd/hostapd.conf @@ -2165,6 +2165,20 @@ own_ip_addr=127.0.0.1 # Allow cross connection #allow_cross_connection=1 +##### Device Provisioning Protocol (DPP) ###################################### + +# Name for Enrollee's DPP Configuration Request +#dpp_name=Test + +# MUD URL for Enrollee's DPP Configuration Request (optional) +#dpp_mud_url=https://example.com/mud + +#dpp_connector +#dpp_netaccesskey +#dpp_netaccesskey_expiry +#dpp_csign +#dpp_controller + #### TDLS (IEEE 802.11z-2010) ################################################# # Prohibit use of TDLS in this BSS diff --git a/src/ap/ap_config.c b/src/ap/ap_config.c index a1aa45090..6704ade4e 100644 --- a/src/ap/ap_config.c +++ b/src/ap/ap_config.c @@ -841,6 +841,8 @@ void hostapd_config_free_bss(struct hostapd_bss_config *conf) hostapd_config_free_fils_realms(conf); #ifdef CONFIG_DPP + os_free(conf->dpp_name); + os_free(conf->dpp_mud_url); os_free(conf->dpp_connector); wpabuf_free(conf->dpp_netaccesskey); wpabuf_free(conf->dpp_csign); diff --git a/src/ap/ap_config.h b/src/ap/ap_config.h index 17eb0682b..d6052e144 100644 --- a/src/ap/ap_config.h +++ b/src/ap/ap_config.h @@ -707,6 +707,8 @@ struct hostapd_bss_config { int broadcast_deauth; #ifdef CONFIG_DPP + char *dpp_name; + char *dpp_mud_url; char *dpp_connector; struct wpabuf *dpp_netaccesskey; unsigned int dpp_netaccesskey_expiry; diff --git a/src/ap/dpp_hostapd.c b/src/ap/dpp_hostapd.c index 6c3e11e2d..91bbb0186 100644 --- a/src/ap/dpp_hostapd.c +++ b/src/ap/dpp_hostapd.c @@ -765,18 +765,10 @@ static void hostapd_dpp_start_gas_client(struct hostapd_data *hapd) { struct dpp_authentication *auth = hapd->dpp_auth; struct wpabuf *buf; - char json[100]; int res; - int netrole_ap = 1; - os_snprintf(json, sizeof(json), - "{\"name\":\"Test\"," - "\"wi-fi_tech\":\"infra\"," - "\"netRole\":\"%s\"}", - netrole_ap ? "ap" : "sta"); - wpa_printf(MSG_DEBUG, "DPP: GAS Config Attributes: %s", json); - - buf = dpp_build_conf_req(auth, json); + buf = dpp_build_conf_req_helper(auth, hapd->conf->dpp_name, 1, + hapd->conf->dpp_mud_url); if (!buf) { wpa_printf(MSG_DEBUG, "DPP: No configuration request data available"); diff --git a/src/common/dpp.c b/src/common/dpp.c index d35c82efb..6d6fbfbae 100644 --- a/src/common/dpp.c +++ b/src/common/dpp.c @@ -2376,7 +2376,7 @@ static struct wpabuf * dpp_build_conf_req_attr(struct dpp_authentication *auth, } wpa_hexdump(MSG_DEBUG, "DPP: E-nonce", auth->e_nonce, nonce_len); json_len = os_strlen(json); - wpa_hexdump_ascii(MSG_DEBUG, "DPP: configAttr JSON", json, json_len); + wpa_hexdump_ascii(MSG_DEBUG, "DPP: configRequest JSON", json, json_len); /* { E-nonce, configAttrib }ke */ clear_len = 4 + nonce_len + 4 + json_len; @@ -2512,6 +2512,59 @@ struct wpabuf * dpp_build_conf_req(struct dpp_authentication *auth, } +struct wpabuf * dpp_build_conf_req_helper(struct dpp_authentication *auth, + const char *name, int netrole_ap, + const char *mud_url) +{ + size_t len, nlen; + const char *tech = "infra"; + const char *dpp_name; + char *nbuf; + struct wpabuf *buf, *json; + +#ifdef CONFIG_TESTING_OPTIONS + if (dpp_test == DPP_TEST_INVALID_CONFIG_ATTR_OBJ_CONF_REQ) { + static const char *bogus_tech = "knfra"; + + wpa_printf(MSG_INFO, "DPP: TESTING - invalid Config Attr"); + tech = bogus_tech; + } +#endif /* CONFIG_TESTING_OPTIONS */ + + dpp_name = name ? name : "Test"; + len = os_strlen(dpp_name); + nlen = len * 6 + 1; + nbuf = os_malloc(nlen); + if (!nbuf) + return NULL; + json_escape_string(nbuf, nlen, dpp_name, len); + + len = 100 + os_strlen(nbuf); + if (mud_url && mud_url[0]) + len += 10 + os_strlen(mud_url); + json = wpabuf_alloc(len); + if (!json) { + os_free(nbuf); + return NULL; + } + + wpabuf_printf(json, + "{\"name\":\"%s\"," + "\"wi-fi_tech\":\"%s\"," + "\"netRole\":\"%s\"", + nbuf, tech, netrole_ap ? "ap" : "sta"); + if (mud_url && mud_url[0]) + wpabuf_printf(json, ",\"mudurl\":\"%s\"", mud_url); + wpabuf_put_str(json, "}"); + os_free(nbuf); + + buf = dpp_build_conf_req(auth, wpabuf_head(json)); + wpabuf_free(json); + + return buf; +} + + static void dpp_auth_success(struct dpp_authentication *auth) { wpa_printf(MSG_DEBUG, @@ -5102,6 +5155,10 @@ dpp_conf_req_rx(struct dpp_authentication *auth, const u8 *attr_start, goto fail; } + token = json_get_member(root, "mudurl"); + if (token && token->type == JSON_STRING) + wpa_printf(MSG_DEBUG, "DPP: mudurl = '%s'", token->string); + resp = dpp_build_conf_resp(auth, e_nonce, e_nonce_len, ap); fail: @@ -9194,23 +9251,9 @@ static void dpp_controller_start_gas_client(struct dpp_connection *conn) { struct dpp_authentication *auth = conn->auth; struct wpabuf *buf; - char json[100]; int netrole_ap = 0; /* TODO: make this configurable */ - os_snprintf(json, sizeof(json), - "{\"name\":\"Test\"," - "\"wi-fi_tech\":\"infra\"," - "\"netRole\":\"%s\"}", - netrole_ap ? "ap" : "sta"); -#ifdef CONFIG_TESTING_OPTIONS - if (dpp_test == DPP_TEST_INVALID_CONFIG_ATTR_OBJ_CONF_REQ) { - wpa_printf(MSG_INFO, "DPP: TESTING - invalid Config Attr"); - json[29] = 'k'; /* replace "infra" with "knfra" */ - } -#endif /* CONFIG_TESTING_OPTIONS */ - wpa_printf(MSG_DEBUG, "DPP: GAS Config Attributes: %s", json); - - buf = dpp_build_conf_req(auth, json); + buf = dpp_build_conf_req_helper(auth, "Test", netrole_ap, NULL); if (!buf) { wpa_printf(MSG_DEBUG, "DPP: No configuration request data available"); diff --git a/src/common/dpp.h b/src/common/dpp.h index d560f4b06..9870e3d35 100644 --- a/src/common/dpp.h +++ b/src/common/dpp.h @@ -420,6 +420,9 @@ dpp_auth_resp_rx(struct dpp_authentication *auth, const u8 *hdr, const u8 *attr_start, size_t attr_len); struct wpabuf * dpp_build_conf_req(struct dpp_authentication *auth, const char *json); +struct wpabuf * dpp_build_conf_req_helper(struct dpp_authentication *auth, + const char *name, int netrole_ap, + const char *mud_url); int dpp_auth_conf_rx(struct dpp_authentication *auth, const u8 *hdr, const u8 *attr_start, size_t attr_len); int dpp_notify_new_qr_code(struct dpp_authentication *auth, diff --git a/wpa_supplicant/config.c b/wpa_supplicant/config.c index 0467af9a9..5ad6fc7bb 100644 --- a/wpa_supplicant/config.c +++ b/wpa_supplicant/config.c @@ -2881,6 +2881,8 @@ void wpa_config_free(struct wpa_config *config) #ifdef CONFIG_MBO os_free(config->non_pref_chan); #endif /* CONFIG_MBO */ + os_free(config->dpp_name); + os_free(config->dpp_mud_url); os_free(config); } @@ -5020,7 +5022,11 @@ static const struct global_parse_data global_fields[] = { { INT_RANGE(ftm_initiator, 0, 1), 0 }, { INT(gas_rand_addr_lifetime), 0 }, { INT_RANGE(gas_rand_mac_addr, 0, 2), 0 }, +#ifdef CONFIG_DPP { INT_RANGE(dpp_config_processing, 0, 2), 0 }, + { STR(dpp_name), 0 }, + { STR(dpp_mud_url), 0 }, +#endif /* CONFIG_DPP */ { INT_RANGE(coloc_intf_reporting, 0, 1), 0 }, #ifdef CONFIG_WNM { INT_RANGE(disable_btm, 0, 1), CFG_CHANGED_DISABLE_BTM }, diff --git a/wpa_supplicant/config.h b/wpa_supplicant/config.h index 5b5c2fdba..1734e0087 100644 --- a/wpa_supplicant/config.h +++ b/wpa_supplicant/config.h @@ -1496,6 +1496,16 @@ struct wpa_config { */ int dpp_config_processing; + /** + * dpp_name - Name for Enrollee's DPP Configuration Request + */ + char *dpp_name; + + /** + * dpp_mud_url - MUD URL for Enrollee's DPP Configuration Request + */ + char *dpp_mud_url; + /** * coloc_intf_reporting - Colocated interference reporting * diff --git a/wpa_supplicant/dpp_supplicant.c b/wpa_supplicant/dpp_supplicant.c index 020a6d022..29a50f3b0 100644 --- a/wpa_supplicant/dpp_supplicant.c +++ b/wpa_supplicant/dpp_supplicant.c @@ -1251,27 +1251,15 @@ static void wpas_dpp_start_gas_client(struct wpa_supplicant *wpa_s) { struct dpp_authentication *auth = wpa_s->dpp_auth; struct wpabuf *buf; - char json[100]; int res; wpa_s->dpp_gas_client = 1; - os_snprintf(json, sizeof(json), - "{\"name\":\"Test\"," - "\"wi-fi_tech\":\"infra\"," - "\"netRole\":\"%s\"}", - wpa_s->dpp_netrole_ap ? "ap" : "sta"); -#ifdef CONFIG_TESTING_OPTIONS - if (dpp_test == DPP_TEST_INVALID_CONFIG_ATTR_OBJ_CONF_REQ) { - wpa_printf(MSG_INFO, "DPP: TESTING - invalid Config Attr"); - json[29] = 'k'; /* replace "infra" with "knfra" */ - } -#endif /* CONFIG_TESTING_OPTIONS */ - wpa_printf(MSG_DEBUG, "DPP: GAS Config Attributes: %s", json); - offchannel_send_action_done(wpa_s); wpas_dpp_listen_stop(wpa_s); - buf = dpp_build_conf_req(auth, json); + buf = dpp_build_conf_req_helper(auth, wpa_s->conf->dpp_name, + wpa_s->dpp_netrole_ap, + wpa_s->conf->dpp_mud_url); if (!buf) { wpa_printf(MSG_DEBUG, "DPP: No configuration request data available"); diff --git a/wpa_supplicant/wpa_supplicant.conf b/wpa_supplicant/wpa_supplicant.conf index 26df78a22..0babadcc8 100644 --- a/wpa_supplicant/wpa_supplicant.conf +++ b/wpa_supplicant/wpa_supplicant.conf @@ -311,6 +311,26 @@ fast_reauth=1 # by executing the WPS protocol. #wps_priority=0 +# Device Provisioning Protocol (DPP) parameters +# +# How to process DPP configuration +# 0 = report received configuration to an external program for +# processing; do not generate any network profile internally (default) +# 1 = report received configuration to an external program and generate +# a network profile internally, but do not automatically connect +# to the created (disabled) profile; the network profile id is +# reported to external programs +# 2 = report received configuration to an external program, generate +# a network profile internally, try to connect to the created +# profile automatically +#dpp_config_processing=0 +# +# Name for Enrollee's DPP Configuration Request +#dpp_name=Test +# +# MUD URL for Enrollee's DPP Configuration Request (optional) +#dpp_mud_url=https://example.com/mud + # Maximum number of BSS entries to keep in memory # Default: 200 # This can be used to limit memory use on the BSS entries (cached scan