DPP2: Add Enrollee name into CSR as the commonName
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
This commit is contained in:
Jouni Malinen
Jouni Malinen
parent
11aa77e00f
commit
b25ddfe9d3
4 changed files with 30 additions and 8 deletions
|
|
@ -616,7 +616,8 @@ struct dpp_pfs * dpp_pfs_init(const u8 *net_access_key,
|
||||||
int dpp_pfs_process(struct dpp_pfs *pfs, const u8 *peer_ie, size_t peer_ie_len);
|
int dpp_pfs_process(struct dpp_pfs *pfs, const u8 *peer_ie, size_t peer_ie_len);
|
||||||
void dpp_pfs_free(struct dpp_pfs *pfs);
|
void dpp_pfs_free(struct dpp_pfs *pfs);
|
||||||
|
|
||||||
struct wpabuf * dpp_build_csr(struct dpp_authentication *auth);
|
struct wpabuf * dpp_build_csr(struct dpp_authentication *auth,
|
||||||
|
const char *name);
|
||||||
struct wpabuf * dpp_pkcs7_certs(const struct wpabuf *pkcs7);
|
struct wpabuf * dpp_pkcs7_certs(const struct wpabuf *pkcs7);
|
||||||
int dpp_validate_csr(struct dpp_authentication *auth, const struct wpabuf *csr);
|
int dpp_validate_csr(struct dpp_authentication *auth, const struct wpabuf *csr);
|
||||||
|
|
||||||
|
|
@ -660,7 +661,8 @@ int dpp_controller_start(struct dpp_global *dpp,
|
||||||
struct dpp_controller_config *config);
|
struct dpp_controller_config *config);
|
||||||
void dpp_controller_stop(struct dpp_global *dpp);
|
void dpp_controller_stop(struct dpp_global *dpp);
|
||||||
int dpp_tcp_init(struct dpp_global *dpp, struct dpp_authentication *auth,
|
int dpp_tcp_init(struct dpp_global *dpp, struct dpp_authentication *auth,
|
||||||
const struct hostapd_ip_addr *addr, int port);
|
const struct hostapd_ip_addr *addr, int port,
|
||||||
|
const char *name);
|
||||||
struct wpabuf * dpp_build_presence_announcement(struct dpp_bootstrap_info *bi);
|
struct wpabuf * dpp_build_presence_announcement(struct dpp_bootstrap_info *bi);
|
||||||
|
|
||||||
struct dpp_global_config {
|
struct dpp_global_config {
|
||||||
|
|
|
||||||
|
|
@ -2666,7 +2666,7 @@ void dpp_pfs_free(struct dpp_pfs *pfs)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
struct wpabuf * dpp_build_csr(struct dpp_authentication *auth)
|
struct wpabuf * dpp_build_csr(struct dpp_authentication *auth, const char *name)
|
||||||
{
|
{
|
||||||
X509_REQ *req = NULL;
|
X509_REQ *req = NULL;
|
||||||
struct wpabuf *buf = NULL;
|
struct wpabuf *buf = NULL;
|
||||||
|
|
@ -2705,6 +2705,19 @@ struct wpabuf * dpp_build_csr(struct dpp_authentication *auth)
|
||||||
if (!req || !X509_REQ_set_pubkey(req, key))
|
if (!req || !X509_REQ_set_pubkey(req, key))
|
||||||
goto fail;
|
goto fail;
|
||||||
|
|
||||||
|
if (name) {
|
||||||
|
X509_NAME *n;
|
||||||
|
|
||||||
|
n = X509_REQ_get_subject_name(req);
|
||||||
|
if (!n)
|
||||||
|
goto fail;
|
||||||
|
|
||||||
|
if (X509_NAME_add_entry_by_txt(
|
||||||
|
n, "CN", MBSTRING_UTF8,
|
||||||
|
(const unsigned char *) name, -1, -1, 0) != 1)
|
||||||
|
goto fail;
|
||||||
|
}
|
||||||
|
|
||||||
/* cp = HKDF-Expand(bk, "CSR challengePassword", 64) */
|
/* cp = HKDF-Expand(bk, "CSR challengePassword", 64) */
|
||||||
if (dpp_hkdf_expand(hash_len, auth->bk, hash_len,
|
if (dpp_hkdf_expand(hash_len, auth->bk, hash_len,
|
||||||
"CSR challengePassword", cp, DPP_CP_LEN) < 0)
|
"CSR challengePassword", cp, DPP_CP_LEN) < 0)
|
||||||
|
|
|
||||||
|
|
@ -41,6 +41,7 @@ struct dpp_connection {
|
||||||
unsigned int gas_comeback_in_progress:1;
|
unsigned int gas_comeback_in_progress:1;
|
||||||
u8 gas_dialog_token;
|
u8 gas_dialog_token;
|
||||||
struct wpabuf *gas_resp;
|
struct wpabuf *gas_resp;
|
||||||
|
char *name;
|
||||||
};
|
};
|
||||||
|
|
||||||
/* Remote Controller */
|
/* Remote Controller */
|
||||||
|
|
@ -92,6 +93,7 @@ static void dpp_connection_free(struct dpp_connection *conn)
|
||||||
wpabuf_free(conn->msg_out);
|
wpabuf_free(conn->msg_out);
|
||||||
wpabuf_free(conn->gas_resp);
|
wpabuf_free(conn->gas_resp);
|
||||||
dpp_auth_deinit(conn->auth);
|
dpp_auth_deinit(conn->auth);
|
||||||
|
os_free(conn->name);
|
||||||
os_free(conn);
|
os_free(conn);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -258,8 +260,10 @@ static void dpp_controller_start_gas_client(struct dpp_connection *conn)
|
||||||
struct dpp_authentication *auth = conn->auth;
|
struct dpp_authentication *auth = conn->auth;
|
||||||
struct wpabuf *buf;
|
struct wpabuf *buf;
|
||||||
int netrole_ap = 0; /* TODO: make this configurable */
|
int netrole_ap = 0; /* TODO: make this configurable */
|
||||||
|
const char *dpp_name;
|
||||||
|
|
||||||
buf = dpp_build_conf_req_helper(auth, "Test", netrole_ap, NULL, NULL);
|
dpp_name = conn->name ? conn->name : "Test";
|
||||||
|
buf = dpp_build_conf_req_helper(auth, dpp_name, netrole_ap, NULL, NULL);
|
||||||
if (!buf) {
|
if (!buf) {
|
||||||
wpa_printf(MSG_DEBUG,
|
wpa_printf(MSG_DEBUG,
|
||||||
"DPP: No configuration request data available");
|
"DPP: No configuration request data available");
|
||||||
|
|
@ -1169,7 +1173,7 @@ static void dpp_tcp_build_csr(void *eloop_ctx, void *timeout_ctx)
|
||||||
wpa_printf(MSG_DEBUG, "DPP: Build CSR");
|
wpa_printf(MSG_DEBUG, "DPP: Build CSR");
|
||||||
wpabuf_free(auth->csr);
|
wpabuf_free(auth->csr);
|
||||||
/* TODO: Additional information needed for CSR based on csrAttrs */
|
/* TODO: Additional information needed for CSR based on csrAttrs */
|
||||||
auth->csr = dpp_build_csr(auth);
|
auth->csr = dpp_build_csr(auth, conn->name ? conn->name : "Test");
|
||||||
if (!auth->csr) {
|
if (!auth->csr) {
|
||||||
dpp_connection_remove(conn);
|
dpp_connection_remove(conn);
|
||||||
return;
|
return;
|
||||||
|
|
@ -1513,7 +1517,7 @@ fail:
|
||||||
|
|
||||||
|
|
||||||
int dpp_tcp_init(struct dpp_global *dpp, struct dpp_authentication *auth,
|
int dpp_tcp_init(struct dpp_global *dpp, struct dpp_authentication *auth,
|
||||||
const struct hostapd_ip_addr *addr, int port)
|
const struct hostapd_ip_addr *addr, int port, const char *name)
|
||||||
{
|
{
|
||||||
struct dpp_connection *conn;
|
struct dpp_connection *conn;
|
||||||
struct sockaddr_storage saddr;
|
struct sockaddr_storage saddr;
|
||||||
|
|
@ -1535,6 +1539,7 @@ int dpp_tcp_init(struct dpp_global *dpp, struct dpp_authentication *auth,
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
conn->name = os_strdup(name ? name : "Test");
|
||||||
conn->global = dpp;
|
conn->global = dpp;
|
||||||
conn->auth = auth;
|
conn->auth = auth;
|
||||||
conn->sock = socket(AF_INET, SOCK_STREAM, 0);
|
conn->sock = socket(AF_INET, SOCK_STREAM, 0);
|
||||||
|
|
|
||||||
|
|
@ -831,7 +831,8 @@ int wpas_dpp_auth_init(struct wpa_supplicant *wpa_s, const char *cmd)
|
||||||
|
|
||||||
#ifdef CONFIG_DPP2
|
#ifdef CONFIG_DPP2
|
||||||
if (tcp)
|
if (tcp)
|
||||||
return dpp_tcp_init(wpa_s->dpp, auth, &ipaddr, tcp_port);
|
return dpp_tcp_init(wpa_s->dpp, auth, &ipaddr, tcp_port,
|
||||||
|
wpa_s->conf->dpp_name);
|
||||||
#endif /* CONFIG_DPP2 */
|
#endif /* CONFIG_DPP2 */
|
||||||
|
|
||||||
wpa_s->dpp_auth = auth;
|
wpa_s->dpp_auth = auth;
|
||||||
|
|
@ -1515,7 +1516,8 @@ static void wpas_dpp_build_csr(void *eloop_ctx, void *timeout_ctx)
|
||||||
wpa_printf(MSG_DEBUG, "DPP: Build CSR");
|
wpa_printf(MSG_DEBUG, "DPP: Build CSR");
|
||||||
wpabuf_free(auth->csr);
|
wpabuf_free(auth->csr);
|
||||||
/* TODO: Additional information needed for CSR based on csrAttrs */
|
/* TODO: Additional information needed for CSR based on csrAttrs */
|
||||||
auth->csr = dpp_build_csr(auth);
|
auth->csr = dpp_build_csr(auth, wpa_s->conf->dpp_name ?
|
||||||
|
wpa_s->conf->dpp_name : "Test");
|
||||||
if (!auth->csr) {
|
if (!auth->csr) {
|
||||||
dpp_auth_deinit(wpa_s->dpp_auth);
|
dpp_auth_deinit(wpa_s->dpp_auth);
|
||||||
wpa_s->dpp_auth = NULL;
|
wpa_s->dpp_auth = NULL;
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue