DPP2: Allow Configurator to use AKM suite selectors in Config Object

The new use_akm_selector=1 value to Configurator parameters can now be
used to request a list of AKM suite selectors to be used in the
Configuration Object if the Enrollee supports version 2 or newer.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
This commit is contained in:
Jouni Malinen 2019-09-27 02:30:33 +03:00 committed by Jouni Malinen
parent 52d469de11
commit 68fea96038
2 changed files with 41 additions and 2 deletions

View file

@ -4585,6 +4585,12 @@ int dpp_set_configurator(struct dpp_global *dpp, void *msg_ctx,
auth->send_conn_status = atoi(pos);
}
pos = os_strstr(cmd, " akm_use_selector=");
if (pos) {
pos += 18;
auth->akm_use_selector = atoi(pos);
}
if (dpp_configuration_parse(auth, cmd) < 0) {
wpa_msg(msg_ctx, MSG_INFO,
"DPP: Failed to set configurator parameters");
@ -4761,6 +4767,7 @@ dpp_build_conf_obj_dpp(struct dpp_authentication *auth,
size_t extra_len = 1000;
int incl_legacy;
enum dpp_akm akm;
const char *akm_str;
if (!auth->conf) {
wpa_printf(MSG_INFO,
@ -4914,7 +4921,11 @@ skip_groups:
if (!buf)
goto fail;
wpabuf_printf(buf, "\"cred\":{\"akm\":\"%s\",", dpp_akm_str(akm));
if (auth->akm_use_selector && dpp_akm_ver2(akm))
akm_str = dpp_akm_selector_str(akm);
else
akm_str = dpp_akm_str(akm);
wpabuf_printf(buf, "\"cred\":{\"akm\":\"%s\",", akm_str);
if (incl_legacy) {
dpp_build_legacy_cred_params(buf, conf);
wpabuf_put_str(buf, ",");
@ -4959,12 +4970,17 @@ dpp_build_conf_obj_legacy(struct dpp_authentication *auth,
struct dpp_configuration *conf)
{
struct wpabuf *buf;
const char *akm_str;
buf = dpp_build_conf_start(auth, conf, 1000);
if (!buf)
return NULL;
wpabuf_printf(buf, "\"cred\":{\"akm\":\"%s\",", dpp_akm_str(conf->akm));
if (auth->akm_use_selector && dpp_akm_ver2(conf->akm))
akm_str = dpp_akm_selector_str(conf->akm);
else
akm_str = dpp_akm_str(conf->akm);
wpabuf_printf(buf, "\"cred\":{\"akm\":\"%s\",", akm_str);
dpp_build_legacy_cred_params(buf, conf);
wpabuf_put_str(buf, "}}");
@ -6024,6 +6040,27 @@ const char * dpp_akm_str(enum dpp_akm akm)
}
const char * dpp_akm_selector_str(enum dpp_akm akm)
{
switch (akm) {
case DPP_AKM_DPP:
return "506F9A02";
case DPP_AKM_PSK:
return "000FAC02+000FAC06";
case DPP_AKM_SAE:
return "000FAC08";
case DPP_AKM_PSK_SAE:
return "000FAC02+000FAC06+000FAC08";
case DPP_AKM_SAE_DPP:
return "506F9A02+000FAC08";
case DPP_AKM_PSK_SAE_DPP:
return "506F9A02+000FAC08+000FAC02+000FAC06";
default:
return "??";
}
}
static enum dpp_akm dpp_akm_from_str(const char *akm)
{
if (os_strcmp(akm, "psk") == 0)

View file

@ -258,6 +258,7 @@ struct dpp_authentication {
os_time_t net_access_key_expiry;
int send_conn_status;
int conn_status_requested;
int akm_use_selector;
#ifdef CONFIG_TESTING_OPTIONS
char *config_obj_override;
char *discovery_override;
@ -478,6 +479,7 @@ const u8 * dpp_get_attr(const u8 *buf, size_t len, u16 req_id, u16 *ret_len);
int dpp_check_attrs(const u8 *buf, size_t len);
int dpp_key_expired(const char *timestamp, os_time_t *expiry);
const char * dpp_akm_str(enum dpp_akm akm);
const char * dpp_akm_selector_str(enum dpp_akm akm);
int dpp_configurator_get_key(const struct dpp_configurator *conf, char *buf,
size_t buflen);
void dpp_configurator_free(struct dpp_configurator *conf);