From b25ddfe9d3cb5ffb1fb10f7c9221d433fb026ab7 Mon Sep 17 00:00:00 2001
From: Jouni Malinen <jouni@codeaurora.org>
Date: Thu, 18 Jun 2020 21:06:10 +0300
Subject: [PATCH] DPP2: Add Enrollee name into CSR as the commonName

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
---
 src/common/dpp.h                |  6 ++++--
 src/common/dpp_crypto.c         | 15 ++++++++++++++-
 src/common/dpp_tcp.c            | 11 ++++++++---
 wpa_supplicant/dpp_supplicant.c |  6 ++++--
 4 files changed, 30 insertions(+), 8 deletions(-)

diff --git a/src/common/dpp.h b/src/common/dpp.h
index f4398aa0d..58a220dc6 100644
--- a/src/common/dpp.h
+++ b/src/common/dpp.h
@@ -616,7 +616,8 @@ struct dpp_pfs * dpp_pfs_init(const u8 *net_access_key,
 int dpp_pfs_process(struct dpp_pfs *pfs, const u8 *peer_ie, size_t peer_ie_len);
 void dpp_pfs_free(struct dpp_pfs *pfs);
 
-struct wpabuf * dpp_build_csr(struct dpp_authentication *auth);
+struct wpabuf * dpp_build_csr(struct dpp_authentication *auth,
+			      const char *name);
 struct wpabuf * dpp_pkcs7_certs(const struct wpabuf *pkcs7);
 int dpp_validate_csr(struct dpp_authentication *auth, const struct wpabuf *csr);
 
@@ -660,7 +661,8 @@ int dpp_controller_start(struct dpp_global *dpp,
 			 struct dpp_controller_config *config);
 void dpp_controller_stop(struct dpp_global *dpp);
 int dpp_tcp_init(struct dpp_global *dpp, struct dpp_authentication *auth,
-		 const struct hostapd_ip_addr *addr, int port);
+		 const struct hostapd_ip_addr *addr, int port,
+		 const char *name);
 struct wpabuf * dpp_build_presence_announcement(struct dpp_bootstrap_info *bi);
 
 struct dpp_global_config {
diff --git a/src/common/dpp_crypto.c b/src/common/dpp_crypto.c
index 916aeeff8..e83ab9c60 100644
--- a/src/common/dpp_crypto.c
+++ b/src/common/dpp_crypto.c
@@ -2666,7 +2666,7 @@ void dpp_pfs_free(struct dpp_pfs *pfs)
 }
 
 
-struct wpabuf * dpp_build_csr(struct dpp_authentication *auth)
+struct wpabuf * dpp_build_csr(struct dpp_authentication *auth, const char *name)
 {
 	X509_REQ *req = NULL;
 	struct wpabuf *buf = NULL;
@@ -2705,6 +2705,19 @@ struct wpabuf * dpp_build_csr(struct dpp_authentication *auth)
 	if (!req || !X509_REQ_set_pubkey(req, key))
 		goto fail;
 
+	if (name) {
+		X509_NAME *n;
+
+		n = X509_REQ_get_subject_name(req);
+		if (!n)
+			goto fail;
+
+		if (X509_NAME_add_entry_by_txt(
+			    n, "CN", MBSTRING_UTF8,
+			    (const unsigned char *) name, -1, -1, 0) != 1)
+			goto fail;
+	}
+
 	/* cp = HKDF-Expand(bk, "CSR challengePassword", 64) */
 	if (dpp_hkdf_expand(hash_len, auth->bk, hash_len,
 			    "CSR challengePassword", cp, DPP_CP_LEN) < 0)
diff --git a/src/common/dpp_tcp.c b/src/common/dpp_tcp.c
index 4ed4a3b71..b7d9294e3 100644
--- a/src/common/dpp_tcp.c
+++ b/src/common/dpp_tcp.c
@@ -41,6 +41,7 @@ struct dpp_connection {
 	unsigned int gas_comeback_in_progress:1;
 	u8 gas_dialog_token;
 	struct wpabuf *gas_resp;
+	char *name;
 };
 
 /* Remote Controller */
@@ -92,6 +93,7 @@ static void dpp_connection_free(struct dpp_connection *conn)
 	wpabuf_free(conn->msg_out);
 	wpabuf_free(conn->gas_resp);
 	dpp_auth_deinit(conn->auth);
+	os_free(conn->name);
 	os_free(conn);
 }
 
@@ -258,8 +260,10 @@ static void dpp_controller_start_gas_client(struct dpp_connection *conn)
 	struct dpp_authentication *auth = conn->auth;
 	struct wpabuf *buf;
 	int netrole_ap = 0; /* TODO: make this configurable */
+	const char *dpp_name;
 
-	buf = dpp_build_conf_req_helper(auth, "Test", netrole_ap, NULL, NULL);
+	dpp_name = conn->name ? conn->name : "Test";
+	buf = dpp_build_conf_req_helper(auth, dpp_name, netrole_ap, NULL, NULL);
 	if (!buf) {
 		wpa_printf(MSG_DEBUG,
 			   "DPP: No configuration request data available");
@@ -1169,7 +1173,7 @@ static void dpp_tcp_build_csr(void *eloop_ctx, void *timeout_ctx)
 	wpa_printf(MSG_DEBUG, "DPP: Build CSR");
 	wpabuf_free(auth->csr);
 	/* TODO: Additional information needed for CSR based on csrAttrs */
-	auth->csr = dpp_build_csr(auth);
+	auth->csr = dpp_build_csr(auth, conn->name ? conn->name : "Test");
 	if (!auth->csr) {
 		dpp_connection_remove(conn);
 		return;
@@ -1513,7 +1517,7 @@ fail:
 
 
 int dpp_tcp_init(struct dpp_global *dpp, struct dpp_authentication *auth,
-		 const struct hostapd_ip_addr *addr, int port)
+		 const struct hostapd_ip_addr *addr, int port, const char *name)
 {
 	struct dpp_connection *conn;
 	struct sockaddr_storage saddr;
@@ -1535,6 +1539,7 @@ int dpp_tcp_init(struct dpp_global *dpp, struct dpp_authentication *auth,
 		return -1;
 	}
 
+	conn->name = os_strdup(name ? name : "Test");
 	conn->global = dpp;
 	conn->auth = auth;
 	conn->sock = socket(AF_INET, SOCK_STREAM, 0);
diff --git a/wpa_supplicant/dpp_supplicant.c b/wpa_supplicant/dpp_supplicant.c
index 7e2cdcd31..68846e63d 100644
--- a/wpa_supplicant/dpp_supplicant.c
+++ b/wpa_supplicant/dpp_supplicant.c
@@ -831,7 +831,8 @@ int wpas_dpp_auth_init(struct wpa_supplicant *wpa_s, const char *cmd)
 
 #ifdef CONFIG_DPP2
 	if (tcp)
-		return dpp_tcp_init(wpa_s->dpp, auth, &ipaddr, tcp_port);
+		return dpp_tcp_init(wpa_s->dpp, auth, &ipaddr, tcp_port,
+				    wpa_s->conf->dpp_name);
 #endif /* CONFIG_DPP2 */
 
 	wpa_s->dpp_auth = auth;
@@ -1515,7 +1516,8 @@ static void wpas_dpp_build_csr(void *eloop_ctx, void *timeout_ctx)
 	wpa_printf(MSG_DEBUG, "DPP: Build CSR");
 	wpabuf_free(auth->csr);
 	/* TODO: Additional information needed for CSR based on csrAttrs */
-	auth->csr = dpp_build_csr(auth);
+	auth->csr = dpp_build_csr(auth, wpa_s->conf->dpp_name ?
+				  wpa_s->conf->dpp_name : "Test");
 	if (!auth->csr) {
 		dpp_auth_deinit(wpa_s->dpp_auth);
 		wpa_s->dpp_auth = NULL;