From 94f73f90efb8dcb30bd7df1b0578f3370b2c4abb Mon Sep 17 00:00:00 2001
From: Jouni Malinen <jouni@codeaurora.org>
Date: Sun, 10 May 2020 13:41:51 +0300
Subject: [PATCH] DPP: Move signed connector checking into a helper function

This can be reused for similar need with reconfiguration.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
---
 src/common/dpp.c        | 24 ++----------------------
 src/common/dpp_crypto.c | 33 +++++++++++++++++++++++++++++++++
 src/common/dpp_i.h      |  4 ++++
 3 files changed, 39 insertions(+), 22 deletions(-)

diff --git a/src/common/dpp.c b/src/common/dpp.c
index 9c2acef53..d2bf5cf92 100644
--- a/src/common/dpp.c
+++ b/src/common/dpp.c
@@ -6521,9 +6521,6 @@ dpp_peer_intro(struct dpp_introduction *intro, const char *own_connector,
 	struct wpabuf *own_key_pub = NULL;
 	const struct dpp_curve_params *curve, *own_curve;
 	struct dpp_signed_connector_info info;
-	const unsigned char *p;
-	EVP_PKEY *csign = NULL;
-	char *signed_connector = NULL;
 	size_t Nx_len;
 	u8 Nx[DPP_MAX_SHARED_SECRET_LEN];
 
@@ -6532,14 +6529,6 @@ dpp_peer_intro(struct dpp_introduction *intro, const char *own_connector,
 	if (expiry)
 		*expiry = 0;
 
-	p = csign_key;
-	csign = d2i_PUBKEY(NULL, &p, csign_key_len);
-	if (!csign) {
-		wpa_printf(MSG_ERROR,
-			   "DPP: Failed to parse local C-sign-key information");
-		goto fail;
-	}
-
 	own_key = dpp_set_keypair(&own_curve, net_access_key,
 				  net_access_key_len);
 	if (!own_key) {
@@ -6551,15 +6540,8 @@ dpp_peer_intro(struct dpp_introduction *intro, const char *own_connector,
 	if (!own_root)
 		goto fail;
 
-	wpa_hexdump_ascii(MSG_DEBUG, "DPP: Peer signedConnector",
-			  peer_connector, peer_connector_len);
-	signed_connector = os_malloc(peer_connector_len + 1);
-	if (!signed_connector)
-		goto fail;
-	os_memcpy(signed_connector, peer_connector, peer_connector_len);
-	signed_connector[peer_connector_len] = '\0';
-
-	res = dpp_process_signed_connector(&info, csign, signed_connector);
+	res = dpp_check_signed_connector(&info, csign_key, csign_key_len,
+					 peer_connector, peer_connector_len);
 	if (res != DPP_STATUS_OK) {
 		ret = res;
 		goto fail;
@@ -6640,12 +6622,10 @@ fail:
 	if (ret != DPP_STATUS_OK)
 		os_memset(intro, 0, sizeof(*intro));
 	os_memset(Nx, 0, sizeof(Nx));
-	os_free(signed_connector);
 	os_free(info.payload);
 	EVP_PKEY_free(own_key);
 	wpabuf_free(own_key_pub);
 	EVP_PKEY_free(peer_key);
-	EVP_PKEY_free(csign);
 	json_free(root);
 	json_free(own_root);
 	return ret;
diff --git a/src/common/dpp_crypto.c b/src/common/dpp_crypto.c
index 3d1109f02..224d2871f 100644
--- a/src/common/dpp_crypto.c
+++ b/src/common/dpp_crypto.c
@@ -1370,6 +1370,39 @@ fail:
 }
 
 
+enum dpp_status_error
+dpp_check_signed_connector(struct dpp_signed_connector_info *info,
+			   const u8 *csign_key, size_t csign_key_len,
+			   const u8 *peer_connector, size_t peer_connector_len)
+{
+	const unsigned char *p;
+	EVP_PKEY *csign = NULL;
+	char *signed_connector = NULL;
+	enum dpp_status_error res = DPP_STATUS_INVALID_CONNECTOR;
+
+	p = csign_key;
+	csign = d2i_PUBKEY(NULL, &p, csign_key_len);
+	if (!csign) {
+		wpa_printf(MSG_ERROR,
+			   "DPP: Failed to parse local C-sign-key information");
+		goto fail;
+	}
+
+	wpa_hexdump_ascii(MSG_DEBUG, "DPP: Peer signedConnector",
+			  peer_connector, peer_connector_len);
+	signed_connector = os_malloc(peer_connector_len + 1);
+	if (!signed_connector)
+		goto fail;
+	os_memcpy(signed_connector, peer_connector, peer_connector_len);
+	signed_connector[peer_connector_len] = '\0';
+	res = dpp_process_signed_connector(info, csign, signed_connector);
+fail:
+	os_free(signed_connector);
+	EVP_PKEY_free(csign);
+	return res;
+}
+
+
 int dpp_gen_r_auth(struct dpp_authentication *auth, u8 *r_auth)
 {
 	struct wpabuf *pix, *prx, *bix, *brx;
diff --git a/src/common/dpp_i.h b/src/common/dpp_i.h
index 1ac239f06..5a8fa9454 100644
--- a/src/common/dpp_i.h
+++ b/src/common/dpp_i.h
@@ -42,6 +42,10 @@ struct dpp_signed_connector_info {
 enum dpp_status_error
 dpp_process_signed_connector(struct dpp_signed_connector_info *info,
 			     EVP_PKEY *csign_pub, const char *connector);
+enum dpp_status_error
+dpp_check_signed_connector(struct dpp_signed_connector_info *info,
+			   const u8 *csign_key, size_t csign_key_len,
+			   const u8 *peer_connector, size_t peer_connector_len);
 const struct dpp_curve_params * dpp_get_curve_name(const char *name);
 const struct dpp_curve_params * dpp_get_curve_jwk_crv(const char *name);
 const struct dpp_curve_params * dpp_get_curve_oid(const ASN1_OBJECT *poid);