DPP2: Allow Configurator to use AKM suite selectors in Config Object

The new use_akm_selector=1 value to Configurator parameters can now be used to request a list of AKM suite selectors to be used in the Configuration Object if the Enrollee supports version 2 or newer. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-09-27 02:30:33 +03:00 · 2019-09-27 02:30:33 +03:00 · 68fea96038
parent 52d469de11
commit 68fea96038
2 changed files with 41 additions and 2 deletions
--- a/src/common/dpp.c
+++ b/src/common/dpp.c
@ -4585,6 +4585,12 @@ int dpp_set_configurator(struct dpp_global *dpp, void *msg_ctx,
 		auth->send_conn_status = atoi(pos);
 	}

+	pos = os_strstr(cmd, " akm_use_selector=");
+	if (pos) {
+		pos += 18;
+		auth->akm_use_selector = atoi(pos);
+	}
+
 	if (dpp_configuration_parse(auth, cmd) < 0) {
 		wpa_msg(msg_ctx, MSG_INFO,
 			"DPP: Failed to set configurator parameters");
@ -4761,6 +4767,7 @@ dpp_build_conf_obj_dpp(struct dpp_authentication *auth,
 	size_t extra_len = 1000;
 	int incl_legacy;
 	enum dpp_akm akm;
+	const char *akm_str;

 	if (!auth->conf) {
 		wpa_printf(MSG_INFO,
@ -4914,7 +4921,11 @@ skip_groups:
 	if (!buf)
 		goto fail;

-	wpabuf_printf(buf, "\"cred\":{\"akm\":\"%s\",", dpp_akm_str(akm));
+	if (auth->akm_use_selector && dpp_akm_ver2(akm))
+		akm_str = dpp_akm_selector_str(akm);
+	else
+		akm_str = dpp_akm_str(akm);
+	wpabuf_printf(buf, "\"cred\":{\"akm\":\"%s\",", akm_str);
 	if (incl_legacy) {
 		dpp_build_legacy_cred_params(buf, conf);
 		wpabuf_put_str(buf, ",");
@ -4959,12 +4970,17 @@ dpp_build_conf_obj_legacy(struct dpp_authentication *auth,
 			  struct dpp_configuration *conf)
 {
 	struct wpabuf *buf;
+	const char *akm_str;

 	buf = dpp_build_conf_start(auth, conf, 1000);
 	if (!buf)
 		return NULL;

-	wpabuf_printf(buf, "\"cred\":{\"akm\":\"%s\",", dpp_akm_str(conf->akm));
+	if (auth->akm_use_selector && dpp_akm_ver2(conf->akm))
+		akm_str = dpp_akm_selector_str(conf->akm);
+	else
+		akm_str = dpp_akm_str(conf->akm);
+	wpabuf_printf(buf, "\"cred\":{\"akm\":\"%s\",", akm_str);
 	dpp_build_legacy_cred_params(buf, conf);
 	wpabuf_put_str(buf, "}}");

@ -6024,6 +6040,27 @@ const char * dpp_akm_str(enum dpp_akm akm)
 }


+const char * dpp_akm_selector_str(enum dpp_akm akm)
+{
+	switch (akm) {
+	case DPP_AKM_DPP:
+		return "506F9A02";
+	case DPP_AKM_PSK:
+		return "000FAC02+000FAC06";
+	case DPP_AKM_SAE:
+		return "000FAC08";
+	case DPP_AKM_PSK_SAE:
+		return "000FAC02+000FAC06+000FAC08";
+	case DPP_AKM_SAE_DPP:
+		return "506F9A02+000FAC08";
+	case DPP_AKM_PSK_SAE_DPP:
+		return "506F9A02+000FAC08+000FAC02+000FAC06";
+	default:
+		return "??";
+	}
+}
+
+
 static enum dpp_akm dpp_akm_from_str(const char *akm)
 {
 	if (os_strcmp(akm, "psk") == 0)
--- a/src/common/dpp.h
+++ b/src/common/dpp.h
@ -258,6 +258,7 @@ struct dpp_authentication {
 	os_time_t net_access_key_expiry;
 	int send_conn_status;
 	int conn_status_requested;
+	int akm_use_selector;
 #ifdef CONFIG_TESTING_OPTIONS
 	char *config_obj_override;
 	char *discovery_override;
@ -478,6 +479,7 @@ const u8 * dpp_get_attr(const u8 *buf, size_t len, u16 req_id, u16 *ret_len);
 int dpp_check_attrs(const u8 *buf, size_t len);
 int dpp_key_expired(const char *timestamp, os_time_t *expiry);
 const char * dpp_akm_str(enum dpp_akm akm);
+const char * dpp_akm_selector_str(enum dpp_akm akm);
 int dpp_configurator_get_key(const struct dpp_configurator *conf, char *buf,
 			     size_t buflen);
 void dpp_configurator_free(struct dpp_configurator *conf);