jeltz/hostap
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

DPP: Remove devices object from the connector

Browse source 
This was removed from the draft DPP tech spec, so remove it from the
implementation as well.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This commit is contained in:
Jouni Malinen 2017-08-22 23:46:27 +03:00 committed by Jouni Malinen
parent d1888b142e
commit a4bf007877
8 changed files with 6 additions and 192 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
hostapd/ctrl_iface.c
View file

@ -1298,9 +1298,6 @@ static int hostapd_ctrl_iface_set(struct hostapd_data *hapd, char *cmd)
} else if (os_strcasecmp(cmd, "dpp_groups_override") == 0) { } else if (os_strcasecmp(cmd, "dpp_groups_override") == 0) {
os_free(hapd->dpp_groups_override); os_free(hapd->dpp_groups_override);
hapd->dpp_groups_override = os_strdup(value); hapd->dpp_groups_override = os_strdup(value);
} else if (os_strcasecmp(cmd, "dpp_devices_override") == 0) {
os_free(hapd->dpp_devices_override);
hapd->dpp_devices_override = os_strdup(value);
} else if (os_strcasecmp(cmd, } else if (os_strcasecmp(cmd,
"dpp_ignore_netaccesskey_mismatch") == 0) { "dpp_ignore_netaccesskey_mismatch") == 0) {
hapd->dpp_ignore_netaccesskey_mismatch = atoi(value); hapd->dpp_ignore_netaccesskey_mismatch = atoi(value);

4
src/ap/dpp_hostapd.c
View file

@ -320,8 +320,6 @@ static void hostapd_dpp_set_testing_options(struct hostapd_data *hapd,
os_strdup(hapd->dpp_discovery_override); os_strdup(hapd->dpp_discovery_override);
if (hapd->dpp_groups_override) if (hapd->dpp_groups_override)
auth->groups_override = os_strdup(hapd->dpp_groups_override); auth->groups_override = os_strdup(hapd->dpp_groups_override);
if (hapd->dpp_devices_override)
auth->devices_override = os_strdup(hapd->dpp_devices_override);
auth->ignore_netaccesskey_mismatch = auth->ignore_netaccesskey_mismatch =
hapd->dpp_ignore_netaccesskey_mismatch; hapd->dpp_ignore_netaccesskey_mismatch;
#endif /* CONFIG_TESTING_OPTIONS */ #endif /* CONFIG_TESTING_OPTIONS */
@ -1476,8 +1474,6 @@ void hostapd_dpp_deinit(struct hostapd_data *hapd)
hapd->dpp_discovery_override = NULL; hapd->dpp_discovery_override = NULL;
os_free(hapd->dpp_groups_override); os_free(hapd->dpp_groups_override);
hapd->dpp_groups_override = NULL; hapd->dpp_groups_override = NULL;
os_free(hapd->dpp_devices_override);
hapd->dpp_devices_override = NULL;
hapd->dpp_ignore_netaccesskey_mismatch = 0; hapd->dpp_ignore_netaccesskey_mismatch = 0;
#endif /* CONFIG_TESTING_OPTIONS */ #endif /* CONFIG_TESTING_OPTIONS */
if (!hapd->dpp_init_done) if (!hapd->dpp_init_done)

1
src/ap/hostapd.h
View file

@ -344,7 +344,6 @@ struct hostapd_data {
char *dpp_config_obj_override; char *dpp_config_obj_override;
char *dpp_discovery_override; char *dpp_discovery_override;
char *dpp_groups_override; char *dpp_groups_override;
char *dpp_devices_override;
unsigned int dpp_ignore_netaccesskey_mismatch:1; unsigned int dpp_ignore_netaccesskey_mismatch:1;
#endif /* CONFIG_TESTING_OPTIONS */ #endif /* CONFIG_TESTING_OPTIONS */
#endif /* CONFIG_DPP */ #endif /* CONFIG_DPP */

178
src/common/dpp.c
View file

@ -2890,7 +2890,6 @@ void dpp_auth_deinit(struct dpp_authentication *auth)
os_free(auth->config_obj_override); os_free(auth->config_obj_override);
os_free(auth->discovery_override); os_free(auth->discovery_override);
os_free(auth->groups_override); os_free(auth->groups_override);
os_free(auth->devices_override);
#endif /* CONFIG_TESTING_OPTIONS */ #endif /* CONFIG_TESTING_OPTIONS */
bin_clear_free(auth, sizeof(*auth)); bin_clear_free(auth, sizeof(*auth));
} }
@ -3028,8 +3027,6 @@ dpp_build_conf_obj_dpp(struct dpp_authentication *auth, int ap,
#ifdef CONFIG_TESTING_OPTIONS #ifdef CONFIG_TESTING_OPTIONS
if (auth->groups_override) if (auth->groups_override)
extra_len += os_strlen(auth->groups_override); extra_len += os_strlen(auth->groups_override);
if (auth->devices_override)
extra_len += os_strlen(auth->devices_override);
#endif /* CONFIG_TESTING_OPTIONS */ #endif /* CONFIG_TESTING_OPTIONS */
/* Connector (JSON dppCon object) */ /* Connector (JSON dppCon object) */
@ -3037,7 +3034,7 @@ dpp_build_conf_obj_dpp(struct dpp_authentication *auth, int ap,
if (!dppcon) if (!dppcon)
goto fail; goto fail;
#ifdef CONFIG_TESTING_OPTIONS #ifdef CONFIG_TESTING_OPTIONS
if (auth->groups_override || auth->devices_override) { if (auth->groups_override) {
wpabuf_put_u8(dppcon, '{'); wpabuf_put_u8(dppcon, '{');
if (auth->groups_override) { if (auth->groups_override) {
wpa_printf(MSG_DEBUG, wpa_printf(MSG_DEBUG,
@ -3047,14 +3044,6 @@ dpp_build_conf_obj_dpp(struct dpp_authentication *auth, int ap,
wpabuf_put_str(dppcon, auth->groups_override); wpabuf_put_str(dppcon, auth->groups_override);
wpabuf_put_u8(dppcon, ','); wpabuf_put_u8(dppcon, ',');
} }
if (auth->devices_override) {
wpa_printf(MSG_DEBUG,
"DPP: TESTING - devices override: '%s'",
auth->devices_override);
wpabuf_put_str(dppcon, "\"devices\":");
wpabuf_put_str(dppcon, auth->devices_override);
wpabuf_put_u8(dppcon, ',');
}
goto skip_groups; goto skip_groups;
} }
#endif /* CONFIG_TESTING_OPTIONS */ #endif /* CONFIG_TESTING_OPTIONS */
@ -3743,7 +3732,7 @@ static int dpp_parse_connector(struct dpp_authentication *auth,
const unsigned char *payload, const unsigned char *payload,
u16 payload_len) u16 payload_len)
{ {
struct json_token *root, *groups, *devices, *netkey, *token; struct json_token *root, *groups, *netkey, *token;
int ret = -1; int ret = -1;
EVP_PKEY *key = NULL; EVP_PKEY *key = NULL;
const struct dpp_curve_params *curve; const struct dpp_curve_params *curve;
@ -3781,44 +3770,9 @@ static int dpp_parse_connector(struct dpp_authentication *auth,
} }
skip_groups: skip_groups:
devices = json_get_member(root, "devices");
if (!devices || devices->type != JSON_ARRAY) {
wpa_printf(MSG_DEBUG, "DPP: No devices array found");
goto skip_devices;
}
for (token = devices->child; token; token = token->sibling) {
struct wpabuf *id;
struct json_token *role;
id = json_get_member_base64url(token, "deviceId");
if (!id) {
wpa_printf(MSG_DEBUG,
"DPP: Missing or invalid deviceId string");
goto fail;
}
wpa_hexdump_buf(MSG_DEBUG, "DPP: deviceId", id);
if (wpabuf_len(id) != SHA256_MAC_LEN) {
wpa_printf(MSG_DEBUG,
"DPP: Unexpected deviceId length");
wpabuf_free(id);
goto fail;
}
wpabuf_free(id);
role = json_get_member(token, "netRole");
if (!role || role->type != JSON_STRING) {
wpa_printf(MSG_DEBUG, "DPP: Missing netRole string");
goto fail;
}
wpa_printf(MSG_DEBUG, "DPP: connector device netRole='%s'",
role->string);
rules++;
}
skip_devices:
if (!rules) { if (!rules) {
wpa_printf(MSG_DEBUG, wpa_printf(MSG_DEBUG,
"DPP: Connector includes no groups or devices"); "DPP: Connector includes no groups");
goto fail; goto fail;
} }
@ -4552,102 +4506,6 @@ static int dpp_connector_match_groups(struct json_token *own_root,
} }
static int dpp_connector_compatible_device(struct json_token *root,
const char *device_id,
const char *net_role)
{
struct json_token *groups, *token;
groups = json_get_member(root, "devices");
if (!groups || groups->type != JSON_ARRAY)
return 0;
for (token = groups->child; token; token = token->sibling) {
struct json_token *id, *role;
id = json_get_member(token, "deviceId");
if (!id || id->type != JSON_STRING)
continue;
role = json_get_member(token, "netRole");
if (!role || role->type != JSON_STRING)
continue;
if (os_strcmp(id->string, device_id) != 0)
continue;
if (dpp_compatible_netrole(role->string, net_role))
return 1;
}
return 0;
}
static int dpp_connector_match_devices(struct json_token *own_root,
struct json_token *peer_root,
const char *own_deviceid)
{
struct json_token *devices, *token;
devices = json_get_member(peer_root, "devices");
if (!devices || devices->type != JSON_ARRAY) {
wpa_printf(MSG_DEBUG, "DPP: No peer devices array found");
return 0;
}
for (token = devices->child; token; token = token->sibling) {
struct json_token *id, *role;
id = json_get_member(token, "deviceId");
if (!id || id->type != JSON_STRING) {
wpa_printf(MSG_DEBUG,
"DPP: Missing or invalid deviceId string");
continue;
}
role = json_get_member(token, "netRole");
if (!role || role->type != JSON_STRING) {
wpa_printf(MSG_DEBUG, "DPP: Missing netRole string");
continue;
}
wpa_printf(MSG_DEBUG,
"DPP: connector device deviceId='%s' netRole='%s'",
id->string, role->string);
if (os_strcmp(id->string, own_deviceid) != 0)
continue;
wpa_printf(MSG_DEBUG,
"DPP: Listed deviceId matches own deviceId");
/* TODO: Is this next step required? */
if (dpp_connector_compatible_device(own_root, id->string,
role->string)) {
wpa_printf(MSG_DEBUG,
"DPP: Compatible device/netRole in own connector");
return 1;
}
/* TODO: For now, accept this for interop testing purposes based
* on a simple match of deviceId while ignoring netRole. Once
* the spec is clearer on the expected behavior, either this
* comment or the following return 1 statement needs to be
* removed.
*/
return 1;
}
return 0;
}
static int dpp_connector_match(struct json_token *own_root,
struct json_token *peer_root,
const char *own_deviceid)
{
return dpp_connector_match_groups(own_root, peer_root) ||
dpp_connector_match_devices(own_root, peer_root, own_deviceid);
}
static int dpp_derive_pmk(const u8 *Nx, size_t Nx_len, u8 *pmk, static int dpp_derive_pmk(const u8 *Nx, size_t Nx_len, u8 *pmk,
unsigned int hash_len) unsigned int hash_len)
{ {
@ -4754,7 +4612,6 @@ int dpp_peer_intro(struct dpp_introduction *intro, const char *own_connector,
int ret = -1; int ret = -1;
EVP_PKEY *own_key = NULL, *peer_key = NULL; EVP_PKEY *own_key = NULL, *peer_key = NULL;
struct wpabuf *own_key_pub = NULL; struct wpabuf *own_key_pub = NULL;
char *own_deviceid = NULL;
const struct dpp_curve_params *curve, *own_curve; const struct dpp_curve_params *curve, *own_curve;
struct dpp_signed_connector_info info; struct dpp_signed_connector_info info;
const unsigned char *p; const unsigned char *p;
@ -4766,9 +4623,6 @@ int dpp_peer_intro(struct dpp_introduction *intro, const char *own_connector,
EVP_PKEY_CTX *ctx = NULL; EVP_PKEY_CTX *ctx = NULL;
size_t Nx_len; size_t Nx_len;
u8 Nx[DPP_MAX_SHARED_SECRET_LEN]; u8 Nx[DPP_MAX_SHARED_SECRET_LEN];
u8 hash[SHA256_MAC_LEN];
const u8 *addr[1];
size_t len[1];
os_memset(intro, 0, sizeof(*intro)); os_memset(intro, 0, sizeof(*intro));
os_memset(&info, 0, sizeof(info)); os_memset(&info, 0, sizeof(info));
@ -4789,27 +4643,6 @@ int dpp_peer_intro(struct dpp_introduction *intro, const char *own_connector,
wpa_printf(MSG_ERROR, "DPP: Failed to parse own netAccessKey"); wpa_printf(MSG_ERROR, "DPP: Failed to parse own netAccessKey");
goto fail; goto fail;
} }
/* deviceId = SHA256(ANSI X9.63 uncompressed netAccessKey) */
own_key_pub = dpp_get_pubkey_point(own_key, 1);
if (!own_key_pub)
goto fail;
wpa_hexdump_buf(MSG_DEBUG,
"DPP: ANSI X9.63 uncompressed public key of own netAccessKey",
own_key_pub);
addr[0] = wpabuf_head(own_key_pub);
len[0] = wpabuf_len(own_key_pub);
if (sha256_vector(1, addr, len, hash) < 0)
goto fail;
wpa_hexdump(MSG_DEBUG,
"DPP: SHA256 hash of ANSI X9.63 uncompressed form",
hash, SHA256_MAC_LEN);
own_deviceid = (char *) base64_url_encode(hash, sizeof(hash), NULL, 0);
if (!own_deviceid)
goto fail;
wpa_printf(MSG_DEBUG,
"DPP: Own deviceId (base64url encoded hash value): %s",
own_deviceid);
pos = os_strchr(own_connector, '.'); pos = os_strchr(own_connector, '.');
if (!pos) { if (!pos) {
@ -4853,9 +4686,9 @@ int dpp_peer_intro(struct dpp_introduction *intro, const char *own_connector,
goto fail; goto fail;
} }
if (!dpp_connector_match(own_root, root, own_deviceid)) { if (!dpp_connector_match_groups(own_root, root)) {
wpa_printf(MSG_DEBUG, wpa_printf(MSG_DEBUG,
"DPP: Peer connector does not include compatible group/device netrole with own connector"); "DPP: Peer connector does not include compatible group netrole with own connector");
goto fail; goto fail;
} }
@ -4937,7 +4770,6 @@ fail:
os_free(info.payload); os_free(info.payload);
EVP_PKEY_free(own_key); EVP_PKEY_free(own_key);
wpabuf_free(own_key_pub); wpabuf_free(own_key_pub);
os_free(own_deviceid);
EVP_PKEY_free(peer_key); EVP_PKEY_free(peer_key);
EVP_PKEY_free(csign); EVP_PKEY_free(csign);
json_free(root); json_free(root);

3
src/common/dpp.h
View file

@ -128,7 +128,7 @@ struct dpp_configuration {
/* For DPP configuration (connector) */ /* For DPP configuration (connector) */
os_time_t netaccesskey_expiry; os_time_t netaccesskey_expiry;
/* TODO: groups, devices */ /* TODO: groups */
/* For legacy configuration */ /* For legacy configuration */
char *passphrase; char *passphrase;
@ -183,7 +183,6 @@ struct dpp_authentication {
char *config_obj_override; char *config_obj_override;
char *discovery_override; char *discovery_override;
char *groups_override; char *groups_override;
char *devices_override;
unsigned int ignore_netaccesskey_mismatch:1; unsigned int ignore_netaccesskey_mismatch:1;
#endif /* CONFIG_TESTING_OPTIONS */ #endif /* CONFIG_TESTING_OPTIONS */
}; };

3
wpa_supplicant/ctrl_iface.c
View file

@ -646,9 +646,6 @@ static int wpa_supplicant_ctrl_iface_set(struct wpa_supplicant *wpa_s,
} else if (os_strcasecmp(cmd, "dpp_groups_override") == 0) { } else if (os_strcasecmp(cmd, "dpp_groups_override") == 0) {
os_free(wpa_s->dpp_groups_override); os_free(wpa_s->dpp_groups_override);
wpa_s->dpp_groups_override = os_strdup(value); wpa_s->dpp_groups_override = os_strdup(value);
} else if (os_strcasecmp(cmd, "dpp_devices_override") == 0) {
os_free(wpa_s->dpp_devices_override);
wpa_s->dpp_devices_override = os_strdup(value);
} else if (os_strcasecmp(cmd, } else if (os_strcasecmp(cmd,
"dpp_ignore_netaccesskey_mismatch") == 0) { "dpp_ignore_netaccesskey_mismatch") == 0) {
wpa_s->dpp_ignore_netaccesskey_mismatch = atoi(value); wpa_s->dpp_ignore_netaccesskey_mismatch = atoi(value);

5
wpa_supplicant/dpp_supplicant.c
View file

@ -366,9 +366,6 @@ static void wpas_dpp_set_testing_options(struct wpa_supplicant *wpa_s,
if (wpa_s->dpp_groups_override) if (wpa_s->dpp_groups_override)
auth->groups_override = auth->groups_override =
os_strdup(wpa_s->dpp_groups_override); os_strdup(wpa_s->dpp_groups_override);
if (wpa_s->dpp_devices_override)
auth->devices_override =
os_strdup(wpa_s->dpp_devices_override);
auth->ignore_netaccesskey_mismatch = auth->ignore_netaccesskey_mismatch =
wpa_s->dpp_ignore_netaccesskey_mismatch; wpa_s->dpp_ignore_netaccesskey_mismatch;
#endif /* CONFIG_TESTING_OPTIONS */ #endif /* CONFIG_TESTING_OPTIONS */
@ -2039,8 +2036,6 @@ void wpas_dpp_deinit(struct wpa_supplicant *wpa_s)
wpa_s->dpp_discovery_override = NULL; wpa_s->dpp_discovery_override = NULL;
os_free(wpa_s->dpp_groups_override); os_free(wpa_s->dpp_groups_override);
wpa_s->dpp_groups_override = NULL; wpa_s->dpp_groups_override = NULL;
os_free(wpa_s->dpp_devices_override);
wpa_s->dpp_devices_override = NULL;
wpa_s->dpp_ignore_netaccesskey_mismatch = 0; wpa_s->dpp_ignore_netaccesskey_mismatch = 0;
#endif /* CONFIG_TESTING_OPTIONS */ #endif /* CONFIG_TESTING_OPTIONS */
if (!wpa_s->dpp_init_done) if (!wpa_s->dpp_init_done)

1
wpa_supplicant/wpa_supplicant_i.h
View file

@ -1193,7 +1193,6 @@ struct wpa_supplicant {
char *dpp_config_obj_override; char *dpp_config_obj_override;
char *dpp_discovery_override; char *dpp_discovery_override;
char *dpp_groups_override; char *dpp_groups_override;
char *dpp_devices_override;
unsigned int dpp_ignore_netaccesskey_mismatch:1; unsigned int dpp_ignore_netaccesskey_mismatch:1;
#endif /* CONFIG_TESTING_OPTIONS */ #endif /* CONFIG_TESTING_OPTIONS */
#endif /* CONFIG_DPP */ #endif /* CONFIG_DPP */