DPP2: Add Enrollee name into CSR as the commonName

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
This commit is contained in:
Jouni Malinen 2020-06-18 21:06:10 +03:00 committed by Jouni Malinen
parent 11aa77e00f
commit b25ddfe9d3
4 changed files with 30 additions and 8 deletions

View file

@ -616,7 +616,8 @@ struct dpp_pfs * dpp_pfs_init(const u8 *net_access_key,
int dpp_pfs_process(struct dpp_pfs *pfs, const u8 *peer_ie, size_t peer_ie_len);
void dpp_pfs_free(struct dpp_pfs *pfs);
struct wpabuf * dpp_build_csr(struct dpp_authentication *auth);
struct wpabuf * dpp_build_csr(struct dpp_authentication *auth,
const char *name);
struct wpabuf * dpp_pkcs7_certs(const struct wpabuf *pkcs7);
int dpp_validate_csr(struct dpp_authentication *auth, const struct wpabuf *csr);
@ -660,7 +661,8 @@ int dpp_controller_start(struct dpp_global *dpp,
struct dpp_controller_config *config);
void dpp_controller_stop(struct dpp_global *dpp);
int dpp_tcp_init(struct dpp_global *dpp, struct dpp_authentication *auth,
const struct hostapd_ip_addr *addr, int port);
const struct hostapd_ip_addr *addr, int port,
const char *name);
struct wpabuf * dpp_build_presence_announcement(struct dpp_bootstrap_info *bi);
struct dpp_global_config {

View file

@ -2666,7 +2666,7 @@ void dpp_pfs_free(struct dpp_pfs *pfs)
}
struct wpabuf * dpp_build_csr(struct dpp_authentication *auth)
struct wpabuf * dpp_build_csr(struct dpp_authentication *auth, const char *name)
{
X509_REQ *req = NULL;
struct wpabuf *buf = NULL;
@ -2705,6 +2705,19 @@ struct wpabuf * dpp_build_csr(struct dpp_authentication *auth)
if (!req || !X509_REQ_set_pubkey(req, key))
goto fail;
if (name) {
X509_NAME *n;
n = X509_REQ_get_subject_name(req);
if (!n)
goto fail;
if (X509_NAME_add_entry_by_txt(
n, "CN", MBSTRING_UTF8,
(const unsigned char *) name, -1, -1, 0) != 1)
goto fail;
}
/* cp = HKDF-Expand(bk, "CSR challengePassword", 64) */
if (dpp_hkdf_expand(hash_len, auth->bk, hash_len,
"CSR challengePassword", cp, DPP_CP_LEN) < 0)

View file

@ -41,6 +41,7 @@ struct dpp_connection {
unsigned int gas_comeback_in_progress:1;
u8 gas_dialog_token;
struct wpabuf *gas_resp;
char *name;
};
/* Remote Controller */
@ -92,6 +93,7 @@ static void dpp_connection_free(struct dpp_connection *conn)
wpabuf_free(conn->msg_out);
wpabuf_free(conn->gas_resp);
dpp_auth_deinit(conn->auth);
os_free(conn->name);
os_free(conn);
}
@ -258,8 +260,10 @@ static void dpp_controller_start_gas_client(struct dpp_connection *conn)
struct dpp_authentication *auth = conn->auth;
struct wpabuf *buf;
int netrole_ap = 0; /* TODO: make this configurable */
const char *dpp_name;
buf = dpp_build_conf_req_helper(auth, "Test", netrole_ap, NULL, NULL);
dpp_name = conn->name ? conn->name : "Test";
buf = dpp_build_conf_req_helper(auth, dpp_name, netrole_ap, NULL, NULL);
if (!buf) {
wpa_printf(MSG_DEBUG,
"DPP: No configuration request data available");
@ -1169,7 +1173,7 @@ static void dpp_tcp_build_csr(void *eloop_ctx, void *timeout_ctx)
wpa_printf(MSG_DEBUG, "DPP: Build CSR");
wpabuf_free(auth->csr);
/* TODO: Additional information needed for CSR based on csrAttrs */
auth->csr = dpp_build_csr(auth);
auth->csr = dpp_build_csr(auth, conn->name ? conn->name : "Test");
if (!auth->csr) {
dpp_connection_remove(conn);
return;
@ -1513,7 +1517,7 @@ fail:
int dpp_tcp_init(struct dpp_global *dpp, struct dpp_authentication *auth,
const struct hostapd_ip_addr *addr, int port)
const struct hostapd_ip_addr *addr, int port, const char *name)
{
struct dpp_connection *conn;
struct sockaddr_storage saddr;
@ -1535,6 +1539,7 @@ int dpp_tcp_init(struct dpp_global *dpp, struct dpp_authentication *auth,
return -1;
}
conn->name = os_strdup(name ? name : "Test");
conn->global = dpp;
conn->auth = auth;
conn->sock = socket(AF_INET, SOCK_STREAM, 0);

View file

@ -831,7 +831,8 @@ int wpas_dpp_auth_init(struct wpa_supplicant *wpa_s, const char *cmd)
#ifdef CONFIG_DPP2
if (tcp)
return dpp_tcp_init(wpa_s->dpp, auth, &ipaddr, tcp_port);
return dpp_tcp_init(wpa_s->dpp, auth, &ipaddr, tcp_port,
wpa_s->conf->dpp_name);
#endif /* CONFIG_DPP2 */
wpa_s->dpp_auth = auth;
@ -1515,7 +1516,8 @@ static void wpas_dpp_build_csr(void *eloop_ctx, void *timeout_ctx)
wpa_printf(MSG_DEBUG, "DPP: Build CSR");
wpabuf_free(auth->csr);
/* TODO: Additional information needed for CSR based on csrAttrs */
auth->csr = dpp_build_csr(auth);
auth->csr = dpp_build_csr(auth, wpa_s->conf->dpp_name ?
wpa_s->conf->dpp_name : "Test");
if (!auth->csr) {
dpp_auth_deinit(wpa_s->dpp_auth);
wpa_s->dpp_auth = NULL;