diff --git a/src/ap/dpp_hostapd.c b/src/ap/dpp_hostapd.c index f6ac9c8cf..b5980d4c3 100644 --- a/src/ap/dpp_hostapd.c +++ b/src/ap/dpp_hostapd.c @@ -880,6 +880,7 @@ static void hostapd_dpp_rx_peer_disc_req(struct hostapd_data *hapd, u16 connector_len; struct os_time now; struct dpp_introduction intro; + os_time_t expire; int expiration; struct wpabuf *msg; @@ -923,19 +924,18 @@ static void hostapd_dpp_rx_peer_disc_req(struct hostapd_data *hapd, wpabuf_len(hapd->conf->dpp_netaccesskey), wpabuf_head(hapd->conf->dpp_csign), wpabuf_len(hapd->conf->dpp_csign), - connector, connector_len) < 0) { + connector, connector_len, &expire) < 0) { wpa_printf(MSG_INFO, "DPP: Network Introduction protocol resulted in failure"); return; } - if (hapd->conf->dpp_netaccesskey_expiry && - (!hapd->conf->dpp_csign_expiry || - hapd->conf->dpp_netaccesskey_expiry < - hapd->conf->dpp_csign_expiry)) - expiration = hapd->conf->dpp_netaccesskey_expiry - now.sec; - else if (hapd->conf->dpp_csign_expiry) - expiration = hapd->conf->dpp_csign_expiry - now.sec; + if (!expire || hapd->conf->dpp_netaccesskey_expiry < expire) + expire = hapd->conf->dpp_netaccesskey_expiry; + if (!expire || hapd->conf->dpp_csign_expiry < expire) + expire = hapd->conf->dpp_csign_expiry; + if (expire) + expiration = expire - now.sec; else expiration = 0; diff --git a/src/common/dpp.c b/src/common/dpp.c index 5311dee02..06e70a105 100644 --- a/src/common/dpp.c +++ b/src/common/dpp.c @@ -4686,7 +4686,8 @@ static int dpp_netkey_hash(EVP_PKEY *key, u8 *hash) int dpp_peer_intro(struct dpp_introduction *intro, const char *own_connector, const u8 *net_access_key, size_t net_access_key_len, const u8 *csign_key, size_t csign_key_len, - const u8 *peer_connector, size_t peer_connector_len) + const u8 *peer_connector, size_t peer_connector_len, + os_time_t *expiry) { struct json_token *root = NULL, *netkey, *token; struct json_token *own_root = NULL; @@ -4711,6 +4712,8 @@ int dpp_peer_intro(struct dpp_introduction *intro, const char *own_connector, os_memset(intro, 0, sizeof(*intro)); os_memset(&info, 0, sizeof(info)); + if (expiry) + *expiry = 0; p = csign_key; csign = d2i_PUBKEY(NULL, &p, csign_key_len); @@ -4802,7 +4805,7 @@ int dpp_peer_intro(struct dpp_introduction *intro, const char *own_connector, "DPP: No expiry string found - connector does not expire"); } else { wpa_printf(MSG_DEBUG, "DPP: expiry = %s", token->string); - if (dpp_key_expired(token->string, NULL)) { + if (dpp_key_expired(token->string, expiry)) { wpa_printf(MSG_DEBUG, "DPP: Connector (netAccessKey) has expired"); goto fail; diff --git a/src/common/dpp.h b/src/common/dpp.h index 1c1092878..d68cd76b5 100644 --- a/src/common/dpp.h +++ b/src/common/dpp.h @@ -256,7 +256,8 @@ dpp_keygen_configurator(const char *curve, const u8 *privkey, int dpp_peer_intro(struct dpp_introduction *intro, const char *own_connector, const u8 *net_access_key, size_t net_access_key_len, const u8 *csign_key, size_t csign_key_len, - const u8 *peer_connector, size_t peer_connector_len); + const u8 *peer_connector, size_t peer_connector_len, + os_time_t *expiry); struct dpp_pkex * dpp_pkex_init(struct dpp_bootstrap_info *bi, const u8 *own_mac, const char *identifier, diff --git a/wpa_supplicant/dpp_supplicant.c b/wpa_supplicant/dpp_supplicant.c index b7b50110c..74233eb23 100644 --- a/wpa_supplicant/dpp_supplicant.c +++ b/wpa_supplicant/dpp_supplicant.c @@ -1269,6 +1269,10 @@ static void wpas_dpp_rx_peer_disc_resp(struct wpa_supplicant *wpa_s, u16 connector_len, pk_hash_len, nk_hash_len; struct dpp_introduction intro; struct rsn_pmksa_cache_entry *entry; + struct os_time now; + struct os_reltime rnow; + os_time_t expiry; + unsigned int seconds; wpa_printf(MSG_DEBUG, "DPP: Peer Discovery Response from " MACSTR, MAC2STR(src)); @@ -1303,7 +1307,7 @@ static void wpas_dpp_rx_peer_disc_resp(struct wpa_supplicant *wpa_s, ssid->dpp_netaccesskey_len, ssid->dpp_csign, ssid->dpp_csign_len, - connector, connector_len) < 0) { + connector, connector_len, &expiry) < 0) { wpa_printf(MSG_INFO, "DPP: Network Introduction protocol resulted in failure"); goto fail; @@ -1347,7 +1351,17 @@ static void wpas_dpp_rx_peer_disc_resp(struct wpa_supplicant *wpa_s, os_memcpy(entry->pmk, intro.pmk, intro.pmk_len); entry->pmk_len = intro.pmk_len; entry->akmp = WPA_KEY_MGMT_DPP; - /* TODO: expiration */ + if (!expiry || expiry > ssid->dpp_csign_expiry) + expiry = ssid->dpp_csign_expiry; + if (expiry) { + os_get_time(&now); + seconds = expiry - now.sec; + } else { + seconds = 86400 * 7; + } + os_get_reltime(&rnow); + entry->expiration = rnow.sec + seconds; + entry->reauth_time = rnow.sec + seconds; entry->network_ctx = ssid; wpa_sm_pmksa_cache_add_entry(wpa_s->wpa, entry);