DPP: Allow name and mudurl to be configured for Config Request

The new hostapd and wpa_supplicant configuration parameters dpp_name and
dpp_mud_url can now be used to set a specific name and MUD URL for the
Enrollee to use in the Configuration Request. dpp_name replaces the
previously hardcoded "Test" string (which is still the default if an
explicit configuration entry is not included). dpp_mud_url can
optionally be used to add a MUD URL to describe the Enrollee device.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>

hostapd/config_file.c

@@ -4327,6 +4327,12 @@ static int hostapd_config_fill(struct hostapd_config *conf,
 	} else if (os_strcmp(buf, "broadcast_deauth") == 0) {
 		bss->broadcast_deauth = atoi(pos);
 #ifdef CONFIG_DPP
+	} else if (os_strcmp(buf, "dpp_name") == 0) {
+		os_free(bss->dpp_name);
+		bss->dpp_name = os_strdup(pos);
+	} else if (os_strcmp(buf, "dpp_mud_url") == 0) {
+		os_free(bss->dpp_mud_url);
+		bss->dpp_mud_url = os_strdup(pos);
 	} else if (os_strcmp(buf, "dpp_connector") == 0) {
 		os_free(bss->dpp_connector);
 		bss->dpp_connector = os_strdup(pos);

hostapd/hostapd.conf

@@ -2165,6 +2165,20 @@ own_ip_addr=127.0.0.1
 # Allow cross connection
 #allow_cross_connection=1
 
+##### Device Provisioning Protocol (DPP) ######################################
+
+# Name for Enrollee's DPP Configuration Request
+#dpp_name=Test
+
+# MUD URL for Enrollee's DPP Configuration Request (optional)
+#dpp_mud_url=https://example.com/mud
+
+#dpp_connector
+#dpp_netaccesskey
+#dpp_netaccesskey_expiry
+#dpp_csign
+#dpp_controller
+
 #### TDLS (IEEE 802.11z-2010) #################################################
 
 # Prohibit use of TDLS in this BSS

src/ap/ap_config.c

@@ -841,6 +841,8 @@ void hostapd_config_free_bss(struct hostapd_bss_config *conf)
 	hostapd_config_free_fils_realms(conf);
 
 #ifdef CONFIG_DPP
+	os_free(conf->dpp_name);
+	os_free(conf->dpp_mud_url);
 	os_free(conf->dpp_connector);
 	wpabuf_free(conf->dpp_netaccesskey);
 	wpabuf_free(conf->dpp_csign);

src/ap/ap_config.h

@@ -707,6 +707,8 @@ struct hostapd_bss_config {
 	int broadcast_deauth;
 
 #ifdef CONFIG_DPP
+	char *dpp_name;
+	char *dpp_mud_url;
 	char *dpp_connector;
 	struct wpabuf *dpp_netaccesskey;
 	unsigned int dpp_netaccesskey_expiry;

src/ap/dpp_hostapd.c

@@ -765,18 +765,10 @@ static void hostapd_dpp_start_gas_client(struct hostapd_data *hapd)
 {
 	struct dpp_authentication *auth = hapd->dpp_auth;
 	struct wpabuf *buf;
-	char json[100];
 	int res;
-	int netrole_ap = 1;
 
-	os_snprintf(json, sizeof(json),
+	buf = dpp_build_conf_req_helper(auth, hapd->conf->dpp_name, 1,
-		    "{\"name\":\"Test\","
+					hapd->conf->dpp_mud_url);
-		    "\"wi-fi_tech\":\"infra\","
-		    "\"netRole\":\"%s\"}",
-		    netrole_ap ? "ap" : "sta");
-	wpa_printf(MSG_DEBUG, "DPP: GAS Config Attributes: %s", json);
-
-	buf = dpp_build_conf_req(auth, json);
 	if (!buf) {
 		wpa_printf(MSG_DEBUG,
 			   "DPP: No configuration request data available");

src/common/dpp.c

@@ -2376,7 +2376,7 @@ static struct wpabuf * dpp_build_conf_req_attr(struct dpp_authentication *auth,
 	}
 	wpa_hexdump(MSG_DEBUG, "DPP: E-nonce", auth->e_nonce, nonce_len);
 	json_len = os_strlen(json);
-	wpa_hexdump_ascii(MSG_DEBUG, "DPP: configAttr JSON", json, json_len);
+	wpa_hexdump_ascii(MSG_DEBUG, "DPP: configRequest JSON", json, json_len);
 
 	/* { E-nonce, configAttrib }ke */
 	clear_len = 4 + nonce_len + 4 + json_len;
@@ -2512,6 +2512,59 @@ struct wpabuf * dpp_build_conf_req(struct dpp_authentication *auth,
 }
 
 
+struct wpabuf * dpp_build_conf_req_helper(struct dpp_authentication *auth,
+					  const char *name, int netrole_ap,
+					  const char *mud_url)
+{
+	size_t len, nlen;
+	const char *tech = "infra";
+	const char *dpp_name;
+	char *nbuf;
+	struct wpabuf *buf, *json;
+
+#ifdef CONFIG_TESTING_OPTIONS
+	if (dpp_test == DPP_TEST_INVALID_CONFIG_ATTR_OBJ_CONF_REQ) {
+		static const char *bogus_tech = "knfra";
+
+		wpa_printf(MSG_INFO, "DPP: TESTING - invalid Config Attr");
+		tech = bogus_tech;
+	}
+#endif /* CONFIG_TESTING_OPTIONS */
+
+	dpp_name = name ? name : "Test";
+	len = os_strlen(dpp_name);
+	nlen = len * 6 + 1;
+	nbuf = os_malloc(nlen);
+	if (!nbuf)
+		return NULL;
+	json_escape_string(nbuf, nlen, dpp_name, len);
+
+	len = 100 + os_strlen(nbuf);
+	if (mud_url && mud_url[0])
+		len += 10 + os_strlen(mud_url);
+	json = wpabuf_alloc(len);
+	if (!json) {
+		os_free(nbuf);
+		return NULL;
+	}
+
+	wpabuf_printf(json,
+		      "{\"name\":\"%s\","
+		      "\"wi-fi_tech\":\"%s\","
+		      "\"netRole\":\"%s\"",
+		      nbuf, tech, netrole_ap ? "ap" : "sta");
+	if (mud_url && mud_url[0])
+		wpabuf_printf(json, ",\"mudurl\":\"%s\"", mud_url);
+	wpabuf_put_str(json, "}");
+	os_free(nbuf);
+
+	buf = dpp_build_conf_req(auth, wpabuf_head(json));
+	wpabuf_free(json);
+
+	return buf;
+}
+
+
 static void dpp_auth_success(struct dpp_authentication *auth)
 {
 	wpa_printf(MSG_DEBUG,
@@ -5102,6 +5155,10 @@ dpp_conf_req_rx(struct dpp_authentication *auth, const u8 *attr_start,
 		goto fail;
 	}
 
+	token = json_get_member(root, "mudurl");
+	if (token && token->type == JSON_STRING)
+		wpa_printf(MSG_DEBUG, "DPP: mudurl = '%s'", token->string);
+
 	resp = dpp_build_conf_resp(auth, e_nonce, e_nonce_len, ap);
 
 fail:
@@ -9194,23 +9251,9 @@ static void dpp_controller_start_gas_client(struct dpp_connection *conn)
 {
 	struct dpp_authentication *auth = conn->auth;
 	struct wpabuf *buf;
-	char json[100];
 	int netrole_ap = 0; /* TODO: make this configurable */
 
-	os_snprintf(json, sizeof(json),
+	buf = dpp_build_conf_req_helper(auth, "Test", netrole_ap, NULL);
-		    "{\"name\":\"Test\","
-		    "\"wi-fi_tech\":\"infra\","
-		    "\"netRole\":\"%s\"}",
-		    netrole_ap ? "ap" : "sta");
-#ifdef CONFIG_TESTING_OPTIONS
-	if (dpp_test == DPP_TEST_INVALID_CONFIG_ATTR_OBJ_CONF_REQ) {
-		wpa_printf(MSG_INFO, "DPP: TESTING - invalid Config Attr");
-		json[29] = 'k'; /* replace "infra" with "knfra" */
-	}
-#endif /* CONFIG_TESTING_OPTIONS */
-	wpa_printf(MSG_DEBUG, "DPP: GAS Config Attributes: %s", json);
-
-	buf = dpp_build_conf_req(auth, json);
 	if (!buf) {
 		wpa_printf(MSG_DEBUG,
 			   "DPP: No configuration request data available");

src/common/dpp.h

@@ -420,6 +420,9 @@ dpp_auth_resp_rx(struct dpp_authentication *auth, const u8 *hdr,
 		 const u8 *attr_start, size_t attr_len);
 struct wpabuf * dpp_build_conf_req(struct dpp_authentication *auth,
 				   const char *json);
+struct wpabuf * dpp_build_conf_req_helper(struct dpp_authentication *auth,
+					  const char *name, int netrole_ap,
+					  const char *mud_url);
 int dpp_auth_conf_rx(struct dpp_authentication *auth, const u8 *hdr,
 		     const u8 *attr_start, size_t attr_len);
 int dpp_notify_new_qr_code(struct dpp_authentication *auth,

wpa_supplicant/config.c

@@ -2881,6 +2881,8 @@ void wpa_config_free(struct wpa_config *config)
 #ifdef CONFIG_MBO
 	os_free(config->non_pref_chan);
 #endif /* CONFIG_MBO */
+	os_free(config->dpp_name);
+	os_free(config->dpp_mud_url);
 
 	os_free(config);
 }
@@ -5020,7 +5022,11 @@ static const struct global_parse_data global_fields[] = {
 	{ INT_RANGE(ftm_initiator, 0, 1), 0 },
 	{ INT(gas_rand_addr_lifetime), 0 },
 	{ INT_RANGE(gas_rand_mac_addr, 0, 2), 0 },
+#ifdef CONFIG_DPP
 	{ INT_RANGE(dpp_config_processing, 0, 2), 0 },
+	{ STR(dpp_name), 0 },
+	{ STR(dpp_mud_url), 0 },
+#endif /* CONFIG_DPP */
 	{ INT_RANGE(coloc_intf_reporting, 0, 1), 0 },
 #ifdef CONFIG_WNM
 	{ INT_RANGE(disable_btm, 0, 1), CFG_CHANGED_DISABLE_BTM },

wpa_supplicant/config.h

@@ -1496,6 +1496,16 @@ struct wpa_config {
 	 */
 	int dpp_config_processing;
 
+	/**
+	 * dpp_name - Name for Enrollee's DPP Configuration Request
+	 */
+	char *dpp_name;
+
+	/**
+	 * dpp_mud_url - MUD URL for Enrollee's DPP Configuration Request
+	 */
+	char *dpp_mud_url;
+
 	/**
 	 * coloc_intf_reporting - Colocated interference reporting
 	 *

wpa_supplicant/dpp_supplicant.c

@@ -1251,27 +1251,15 @@ static void wpas_dpp_start_gas_client(struct wpa_supplicant *wpa_s)
 {
 	struct dpp_authentication *auth = wpa_s->dpp_auth;
 	struct wpabuf *buf;
-	char json[100];
 	int res;
 
 	wpa_s->dpp_gas_client = 1;
-	os_snprintf(json, sizeof(json),
-		    "{\"name\":\"Test\","
-		    "\"wi-fi_tech\":\"infra\","
-		    "\"netRole\":\"%s\"}",
-		    wpa_s->dpp_netrole_ap ? "ap" : "sta");
-#ifdef CONFIG_TESTING_OPTIONS
-	if (dpp_test == DPP_TEST_INVALID_CONFIG_ATTR_OBJ_CONF_REQ) {
-		wpa_printf(MSG_INFO, "DPP: TESTING - invalid Config Attr");
-		json[29] = 'k'; /* replace "infra" with "knfra" */
-	}
-#endif /* CONFIG_TESTING_OPTIONS */
-	wpa_printf(MSG_DEBUG, "DPP: GAS Config Attributes: %s", json);
-
 	offchannel_send_action_done(wpa_s);
 	wpas_dpp_listen_stop(wpa_s);
 
-	buf = dpp_build_conf_req(auth, json);
+	buf = dpp_build_conf_req_helper(auth, wpa_s->conf->dpp_name,
+					wpa_s->dpp_netrole_ap,
+					wpa_s->conf->dpp_mud_url);
 	if (!buf) {
 		wpa_printf(MSG_DEBUG,
 			   "DPP: No configuration request data available");

wpa_supplicant/wpa_supplicant.conf

@@ -311,6 +311,26 @@ fast_reauth=1
 # by executing the WPS protocol.
 #wps_priority=0
 
+# Device Provisioning Protocol (DPP) parameters
+#
+# How to process DPP configuration
+# 0 = report received configuration to an external program for
+#     processing; do not generate any network profile internally (default)
+# 1 = report received configuration to an external program and generate
+#     a network profile internally, but do not automatically connect
+#     to the created (disabled) profile; the network profile id is
+#     reported to external programs
+# 2 = report received configuration to an external program, generate
+#     a network profile internally, try to connect to the created
+#     profile automatically
+#dpp_config_processing=0
+#
+# Name for Enrollee's DPP Configuration Request
+#dpp_name=Test
+#
+# MUD URL for Enrollee's DPP Configuration Request (optional)
+#dpp_mud_url=https://example.com/mud
+
 # Maximum number of BSS entries to keep in memory
 # Default: 200
 # This can be used to limit memory use on the BSS entries (cached scan