diff --git a/hostapd/config_file.c b/hostapd/config_file.c index 091437a3b..ac08b7bda 100644 --- a/hostapd/config_file.c +++ b/hostapd/config_file.c @@ -3770,8 +3770,6 @@ static int hostapd_config_fill(struct hostapd_config *conf, } else if (os_strcmp(buf, "dpp_csign") == 0) { if (parse_wpabuf_hex(line, buf, &bss->dpp_csign, pos)) return 1; - } else if (os_strcmp(buf, "dpp_csign_expiry") == 0) { - bss->dpp_csign_expiry = strtol(pos, NULL, 0); #endif /* CONFIG_DPP */ #ifdef CONFIG_OWE } else if (os_strcmp(buf, "owe_transition_bssid") == 0) { diff --git a/src/ap/ap_config.h b/src/ap/ap_config.h index 83f422964..ac459471c 100644 --- a/src/ap/ap_config.h +++ b/src/ap/ap_config.h @@ -642,7 +642,6 @@ struct hostapd_bss_config { struct wpabuf *dpp_netaccesskey; unsigned int dpp_netaccesskey_expiry; struct wpabuf *dpp_csign; - unsigned int dpp_csign_expiry; #endif /* CONFIG_DPP */ #ifdef CONFIG_OWE diff --git a/src/ap/dpp_hostapd.c b/src/ap/dpp_hostapd.c index c73c56cc4..d18d31fd3 100644 --- a/src/ap/dpp_hostapd.c +++ b/src/ap/dpp_hostapd.c @@ -732,14 +732,8 @@ static void hostapd_dpp_gas_resp_cb(void *ctx, const u8 *addr, u8 dialog_token, wpa_snprintf_hex(hex, hexlen, wpabuf_head(auth->c_sign_key), wpabuf_len(auth->c_sign_key)); - if (auth->c_sign_key_expiry) - wpa_msg(hapd->msg_ctx, MSG_INFO, - DPP_EVENT_C_SIGN_KEY "%s %lu", hex, - (unsigned long) - auth->c_sign_key_expiry); - else - wpa_msg(hapd->msg_ctx, MSG_INFO, - DPP_EVENT_C_SIGN_KEY "%s", hex); + wpa_msg(hapd->msg_ctx, MSG_INFO, + DPP_EVENT_C_SIGN_KEY "%s", hex); os_free(hex); } } @@ -951,11 +945,6 @@ static void hostapd_dpp_rx_peer_disc_req(struct hostapd_data *hapd, } os_get_time(&now); - if (hapd->conf->dpp_csign_expiry && - hapd->conf->dpp_csign_expiry < now.sec) { - wpa_printf(MSG_DEBUG, "DPP: C-sign-key expired"); - return; - } if (hapd->conf->dpp_netaccesskey_expiry && hapd->conf->dpp_netaccesskey_expiry < now.sec) { @@ -991,8 +980,6 @@ static void hostapd_dpp_rx_peer_disc_req(struct hostapd_data *hapd, if (!expire || hapd->conf->dpp_netaccesskey_expiry < expire) expire = hapd->conf->dpp_netaccesskey_expiry; - if (!expire || hapd->conf->dpp_csign_expiry < expire) - expire = hapd->conf->dpp_csign_expiry; if (expire) expiration = expire - now.sec; else @@ -1306,14 +1293,13 @@ static unsigned int hostapd_dpp_next_configurator_id(struct hostapd_data *hapd) int hostapd_dpp_configurator_add(struct hostapd_data *hapd, const char *cmd) { - char *expiry = NULL, *curve = NULL; + char *curve = NULL; char *key = NULL; u8 *privkey = NULL; size_t privkey_len = 0; int ret = -1; struct dpp_configurator *conf = NULL; - expiry = get_param(cmd, " expiry="); curve = get_param(cmd, " curve="); key = get_param(cmd, " key="); @@ -1329,22 +1315,12 @@ int hostapd_dpp_configurator_add(struct hostapd_data *hapd, const char *cmd) if (!conf) goto fail; - if (expiry) { - long int val; - - val = strtol(expiry, NULL, 0); - if (val <= 0) - goto fail; - conf->csign_expiry = val; - } - conf->id = hostapd_dpp_next_configurator_id(hapd); dl_list_add(&hapd->dpp_configurator, &conf->list); ret = conf->id; conf = NULL; fail: os_free(curve); - os_free(expiry); str_clear_free(key); bin_clear_free(privkey, privkey_len); dpp_configurator_free(conf); diff --git a/src/common/dpp.c b/src/common/dpp.c index ab6010aa8..85b97fb4f 100644 --- a/src/common/dpp.c +++ b/src/common/dpp.c @@ -3156,19 +3156,6 @@ skip_groups: wpa_printf(MSG_DEBUG, "DPP: Failed to build csign JWK"); goto fail; } - if (auth->conf->csign_expiry) { - struct os_tm tm; - - if (os_gmtime(auth->conf->csign_expiry, &tm) < 0) { - wpa_printf(MSG_DEBUG, - "DPP: Failed to generate expiry string"); - goto fail; - } - wpabuf_printf(buf, - ",\"expiry\":\"%04u-%02u-%02uT%02u:%02u:%02uZ\"", - tm.year, tm.month, tm.day, - tm.hour, tm.min, tm.sec); - } wpabuf_put_str(buf, "}}"); @@ -4078,18 +4065,6 @@ static int dpp_parse_cred_dpp(struct dpp_authentication *auth, } dpp_debug_print_key("DPP: Received C-sign-key", csign_pub); - token = json_get_member(cred, "expiry"); - if (!token || token->type != JSON_STRING) { - wpa_printf(MSG_DEBUG, - "DPP: No expiry string found - C-sign-key does not expire"); - } else { - wpa_printf(MSG_DEBUG, "DPP: expiry = %s", token->string); - if (dpp_key_expired(token->string, &auth->c_sign_key_expiry)) { - wpa_printf(MSG_DEBUG, "DPP: C-sign-key has expired"); - goto fail; - } - } - token = json_get_member(cred, "signedConnector"); if (!token || token->type != JSON_STRING) { wpa_printf(MSG_DEBUG, "DPP: No signedConnector string found"); diff --git a/src/common/dpp.h b/src/common/dpp.h index 550157e18..534036aa3 100644 --- a/src/common/dpp.h +++ b/src/common/dpp.h @@ -178,7 +178,6 @@ struct dpp_authentication { struct wpabuf *net_access_key; os_time_t net_access_key_expiry; struct wpabuf *c_sign_key; - os_time_t c_sign_key_expiry; #ifdef CONFIG_TESTING_OPTIONS char *config_obj_override; char *discovery_override; @@ -194,7 +193,6 @@ struct dpp_configurator { EVP_PKEY *csign; char *kid; const struct dpp_curve_params *curve; - os_time_t csign_expiry; }; struct dpp_introduction { diff --git a/wpa_supplicant/config.c b/wpa_supplicant/config.c index 79f36b945..1ff0799dc 100644 --- a/wpa_supplicant/config.c +++ b/wpa_supplicant/config.c @@ -2279,7 +2279,6 @@ static const struct parse_data ssid_fields[] = { { STR_LEN(dpp_netaccesskey) }, { INT(dpp_netaccesskey_expiry) }, { STR_LEN(dpp_csign) }, - { INT(dpp_csign_expiry) }, #endif /* CONFIG_DPP */ { INT_RANGE(owe_group, 0, 65535) }, }; diff --git a/wpa_supplicant/config_file.c b/wpa_supplicant/config_file.c index b2f760ae4..489237cc1 100644 --- a/wpa_supplicant/config_file.c +++ b/wpa_supplicant/config_file.c @@ -871,7 +871,6 @@ static void wpa_config_write_network(FILE *f, struct wpa_ssid *ssid) STR(dpp_netaccesskey); INT(dpp_netaccesskey_expiry); STR(dpp_csign); - INT(dpp_csign_expiry); #endif /* CONFIG_DPP */ INT(owe_group); #ifdef CONFIG_HT_OVERRIDES diff --git a/wpa_supplicant/config_ssid.h b/wpa_supplicant/config_ssid.h index 120218f48..2748c6a88 100644 --- a/wpa_supplicant/config_ssid.h +++ b/wpa_supplicant/config_ssid.h @@ -887,13 +887,6 @@ struct wpa_ssid { */ size_t dpp_csign_len; - /** - * dpp_csign_expiry - C-sign-key expiry in UNIX time stamp - * - * 0 indicates no expiration. - */ - unsigned int dpp_csign_expiry; - /** * owe_group - OWE DH Group * diff --git a/wpa_supplicant/dpp_supplicant.c b/wpa_supplicant/dpp_supplicant.c index 44178f971..2492749fe 100644 --- a/wpa_supplicant/dpp_supplicant.c +++ b/wpa_supplicant/dpp_supplicant.c @@ -935,7 +935,6 @@ static struct wpa_ssid * wpas_dpp_add_network(struct wpa_supplicant *wpa_s, os_memcpy(ssid->dpp_csign, wpabuf_head(auth->c_sign_key), wpabuf_len(auth->c_sign_key)); ssid->dpp_csign_len = wpabuf_len(auth->c_sign_key); - ssid->dpp_csign_expiry = auth->c_sign_key_expiry; } if (auth->net_access_key) { @@ -1025,14 +1024,8 @@ static void wpas_dpp_handle_config_obj(struct wpa_supplicant *wpa_s, wpa_snprintf_hex(hex, hexlen, wpabuf_head(auth->c_sign_key), wpabuf_len(auth->c_sign_key)); - if (auth->c_sign_key_expiry) - wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_C_SIGN_KEY - "%s %lu", hex, - (long unsigned) - auth->c_sign_key_expiry); - else - wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_C_SIGN_KEY - "%s", hex); + wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_C_SIGN_KEY "%s", + hex); os_free(hex); } } @@ -1348,8 +1341,6 @@ static void wpas_dpp_rx_peer_disc_resp(struct wpa_supplicant *wpa_s, os_memcpy(entry->pmk, intro.pmk, intro.pmk_len); entry->pmk_len = intro.pmk_len; entry->akmp = WPA_KEY_MGMT_DPP; - if (!expiry || expiry > ssid->dpp_csign_expiry) - expiry = ssid->dpp_csign_expiry; if (expiry) { os_get_time(&now); seconds = expiry - now.sec; @@ -1712,14 +1703,13 @@ static unsigned int wpas_dpp_next_configurator_id(struct wpa_supplicant *wpa_s) int wpas_dpp_configurator_add(struct wpa_supplicant *wpa_s, const char *cmd) { - char *expiry = NULL, *curve = NULL; + char *curve = NULL; char *key = NULL; u8 *privkey = NULL; size_t privkey_len = 0; int ret = -1; struct dpp_configurator *conf = NULL; - expiry = get_param(cmd, " expiry="); curve = get_param(cmd, " curve="); key = get_param(cmd, " key="); @@ -1735,22 +1725,12 @@ int wpas_dpp_configurator_add(struct wpa_supplicant *wpa_s, const char *cmd) if (!conf) goto fail; - if (expiry) { - long int val; - - val = strtol(expiry, NULL, 0); - if (val <= 0) - goto fail; - conf->csign_expiry = val; - } - conf->id = wpas_dpp_next_configurator_id(wpa_s); dl_list_add(&wpa_s->dpp_configurator, &conf->list); ret = conf->id; conf = NULL; fail: os_free(curve); - os_free(expiry); str_clear_free(key); bin_clear_free(privkey, privkey_len); dpp_configurator_free(conf); @@ -1860,12 +1840,6 @@ int wpas_dpp_check_connect(struct wpa_supplicant *wpa_s, struct wpa_ssid *ssid, os_get_time(&now); - if (ssid->dpp_csign_expiry && ssid->dpp_csign_expiry < now.sec) { - wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_MISSING_CONNECTOR - "C-sign-key expired"); - return -1; - } - if (ssid->dpp_netaccesskey_expiry && ssid->dpp_netaccesskey_expiry < now.sec) { wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_MISSING_CONNECTOR