DPP: Remove C-sign-key expiry
This was removed in DPP tech spec v0.2.3. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This commit is contained in:
parent
6254045a51
commit
c77e2ff096
9 changed files with 6 additions and 95 deletions
|
@ -3770,8 +3770,6 @@ static int hostapd_config_fill(struct hostapd_config *conf,
|
||||||
} else if (os_strcmp(buf, "dpp_csign") == 0) {
|
} else if (os_strcmp(buf, "dpp_csign") == 0) {
|
||||||
if (parse_wpabuf_hex(line, buf, &bss->dpp_csign, pos))
|
if (parse_wpabuf_hex(line, buf, &bss->dpp_csign, pos))
|
||||||
return 1;
|
return 1;
|
||||||
} else if (os_strcmp(buf, "dpp_csign_expiry") == 0) {
|
|
||||||
bss->dpp_csign_expiry = strtol(pos, NULL, 0);
|
|
||||||
#endif /* CONFIG_DPP */
|
#endif /* CONFIG_DPP */
|
||||||
#ifdef CONFIG_OWE
|
#ifdef CONFIG_OWE
|
||||||
} else if (os_strcmp(buf, "owe_transition_bssid") == 0) {
|
} else if (os_strcmp(buf, "owe_transition_bssid") == 0) {
|
||||||
|
|
|
@ -642,7 +642,6 @@ struct hostapd_bss_config {
|
||||||
struct wpabuf *dpp_netaccesskey;
|
struct wpabuf *dpp_netaccesskey;
|
||||||
unsigned int dpp_netaccesskey_expiry;
|
unsigned int dpp_netaccesskey_expiry;
|
||||||
struct wpabuf *dpp_csign;
|
struct wpabuf *dpp_csign;
|
||||||
unsigned int dpp_csign_expiry;
|
|
||||||
#endif /* CONFIG_DPP */
|
#endif /* CONFIG_DPP */
|
||||||
|
|
||||||
#ifdef CONFIG_OWE
|
#ifdef CONFIG_OWE
|
||||||
|
|
|
@ -732,14 +732,8 @@ static void hostapd_dpp_gas_resp_cb(void *ctx, const u8 *addr, u8 dialog_token,
|
||||||
wpa_snprintf_hex(hex, hexlen,
|
wpa_snprintf_hex(hex, hexlen,
|
||||||
wpabuf_head(auth->c_sign_key),
|
wpabuf_head(auth->c_sign_key),
|
||||||
wpabuf_len(auth->c_sign_key));
|
wpabuf_len(auth->c_sign_key));
|
||||||
if (auth->c_sign_key_expiry)
|
wpa_msg(hapd->msg_ctx, MSG_INFO,
|
||||||
wpa_msg(hapd->msg_ctx, MSG_INFO,
|
DPP_EVENT_C_SIGN_KEY "%s", hex);
|
||||||
DPP_EVENT_C_SIGN_KEY "%s %lu", hex,
|
|
||||||
(unsigned long)
|
|
||||||
auth->c_sign_key_expiry);
|
|
||||||
else
|
|
||||||
wpa_msg(hapd->msg_ctx, MSG_INFO,
|
|
||||||
DPP_EVENT_C_SIGN_KEY "%s", hex);
|
|
||||||
os_free(hex);
|
os_free(hex);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -951,11 +945,6 @@ static void hostapd_dpp_rx_peer_disc_req(struct hostapd_data *hapd,
|
||||||
}
|
}
|
||||||
|
|
||||||
os_get_time(&now);
|
os_get_time(&now);
|
||||||
if (hapd->conf->dpp_csign_expiry &&
|
|
||||||
hapd->conf->dpp_csign_expiry < now.sec) {
|
|
||||||
wpa_printf(MSG_DEBUG, "DPP: C-sign-key expired");
|
|
||||||
return;
|
|
||||||
}
|
|
||||||
|
|
||||||
if (hapd->conf->dpp_netaccesskey_expiry &&
|
if (hapd->conf->dpp_netaccesskey_expiry &&
|
||||||
hapd->conf->dpp_netaccesskey_expiry < now.sec) {
|
hapd->conf->dpp_netaccesskey_expiry < now.sec) {
|
||||||
|
@ -991,8 +980,6 @@ static void hostapd_dpp_rx_peer_disc_req(struct hostapd_data *hapd,
|
||||||
|
|
||||||
if (!expire || hapd->conf->dpp_netaccesskey_expiry < expire)
|
if (!expire || hapd->conf->dpp_netaccesskey_expiry < expire)
|
||||||
expire = hapd->conf->dpp_netaccesskey_expiry;
|
expire = hapd->conf->dpp_netaccesskey_expiry;
|
||||||
if (!expire || hapd->conf->dpp_csign_expiry < expire)
|
|
||||||
expire = hapd->conf->dpp_csign_expiry;
|
|
||||||
if (expire)
|
if (expire)
|
||||||
expiration = expire - now.sec;
|
expiration = expire - now.sec;
|
||||||
else
|
else
|
||||||
|
@ -1306,14 +1293,13 @@ static unsigned int hostapd_dpp_next_configurator_id(struct hostapd_data *hapd)
|
||||||
|
|
||||||
int hostapd_dpp_configurator_add(struct hostapd_data *hapd, const char *cmd)
|
int hostapd_dpp_configurator_add(struct hostapd_data *hapd, const char *cmd)
|
||||||
{
|
{
|
||||||
char *expiry = NULL, *curve = NULL;
|
char *curve = NULL;
|
||||||
char *key = NULL;
|
char *key = NULL;
|
||||||
u8 *privkey = NULL;
|
u8 *privkey = NULL;
|
||||||
size_t privkey_len = 0;
|
size_t privkey_len = 0;
|
||||||
int ret = -1;
|
int ret = -1;
|
||||||
struct dpp_configurator *conf = NULL;
|
struct dpp_configurator *conf = NULL;
|
||||||
|
|
||||||
expiry = get_param(cmd, " expiry=");
|
|
||||||
curve = get_param(cmd, " curve=");
|
curve = get_param(cmd, " curve=");
|
||||||
key = get_param(cmd, " key=");
|
key = get_param(cmd, " key=");
|
||||||
|
|
||||||
|
@ -1329,22 +1315,12 @@ int hostapd_dpp_configurator_add(struct hostapd_data *hapd, const char *cmd)
|
||||||
if (!conf)
|
if (!conf)
|
||||||
goto fail;
|
goto fail;
|
||||||
|
|
||||||
if (expiry) {
|
|
||||||
long int val;
|
|
||||||
|
|
||||||
val = strtol(expiry, NULL, 0);
|
|
||||||
if (val <= 0)
|
|
||||||
goto fail;
|
|
||||||
conf->csign_expiry = val;
|
|
||||||
}
|
|
||||||
|
|
||||||
conf->id = hostapd_dpp_next_configurator_id(hapd);
|
conf->id = hostapd_dpp_next_configurator_id(hapd);
|
||||||
dl_list_add(&hapd->dpp_configurator, &conf->list);
|
dl_list_add(&hapd->dpp_configurator, &conf->list);
|
||||||
ret = conf->id;
|
ret = conf->id;
|
||||||
conf = NULL;
|
conf = NULL;
|
||||||
fail:
|
fail:
|
||||||
os_free(curve);
|
os_free(curve);
|
||||||
os_free(expiry);
|
|
||||||
str_clear_free(key);
|
str_clear_free(key);
|
||||||
bin_clear_free(privkey, privkey_len);
|
bin_clear_free(privkey, privkey_len);
|
||||||
dpp_configurator_free(conf);
|
dpp_configurator_free(conf);
|
||||||
|
|
|
@ -3156,19 +3156,6 @@ skip_groups:
|
||||||
wpa_printf(MSG_DEBUG, "DPP: Failed to build csign JWK");
|
wpa_printf(MSG_DEBUG, "DPP: Failed to build csign JWK");
|
||||||
goto fail;
|
goto fail;
|
||||||
}
|
}
|
||||||
if (auth->conf->csign_expiry) {
|
|
||||||
struct os_tm tm;
|
|
||||||
|
|
||||||
if (os_gmtime(auth->conf->csign_expiry, &tm) < 0) {
|
|
||||||
wpa_printf(MSG_DEBUG,
|
|
||||||
"DPP: Failed to generate expiry string");
|
|
||||||
goto fail;
|
|
||||||
}
|
|
||||||
wpabuf_printf(buf,
|
|
||||||
",\"expiry\":\"%04u-%02u-%02uT%02u:%02u:%02uZ\"",
|
|
||||||
tm.year, tm.month, tm.day,
|
|
||||||
tm.hour, tm.min, tm.sec);
|
|
||||||
}
|
|
||||||
|
|
||||||
wpabuf_put_str(buf, "}}");
|
wpabuf_put_str(buf, "}}");
|
||||||
|
|
||||||
|
@ -4078,18 +4065,6 @@ static int dpp_parse_cred_dpp(struct dpp_authentication *auth,
|
||||||
}
|
}
|
||||||
dpp_debug_print_key("DPP: Received C-sign-key", csign_pub);
|
dpp_debug_print_key("DPP: Received C-sign-key", csign_pub);
|
||||||
|
|
||||||
token = json_get_member(cred, "expiry");
|
|
||||||
if (!token || token->type != JSON_STRING) {
|
|
||||||
wpa_printf(MSG_DEBUG,
|
|
||||||
"DPP: No expiry string found - C-sign-key does not expire");
|
|
||||||
} else {
|
|
||||||
wpa_printf(MSG_DEBUG, "DPP: expiry = %s", token->string);
|
|
||||||
if (dpp_key_expired(token->string, &auth->c_sign_key_expiry)) {
|
|
||||||
wpa_printf(MSG_DEBUG, "DPP: C-sign-key has expired");
|
|
||||||
goto fail;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
token = json_get_member(cred, "signedConnector");
|
token = json_get_member(cred, "signedConnector");
|
||||||
if (!token || token->type != JSON_STRING) {
|
if (!token || token->type != JSON_STRING) {
|
||||||
wpa_printf(MSG_DEBUG, "DPP: No signedConnector string found");
|
wpa_printf(MSG_DEBUG, "DPP: No signedConnector string found");
|
||||||
|
|
|
@ -178,7 +178,6 @@ struct dpp_authentication {
|
||||||
struct wpabuf *net_access_key;
|
struct wpabuf *net_access_key;
|
||||||
os_time_t net_access_key_expiry;
|
os_time_t net_access_key_expiry;
|
||||||
struct wpabuf *c_sign_key;
|
struct wpabuf *c_sign_key;
|
||||||
os_time_t c_sign_key_expiry;
|
|
||||||
#ifdef CONFIG_TESTING_OPTIONS
|
#ifdef CONFIG_TESTING_OPTIONS
|
||||||
char *config_obj_override;
|
char *config_obj_override;
|
||||||
char *discovery_override;
|
char *discovery_override;
|
||||||
|
@ -194,7 +193,6 @@ struct dpp_configurator {
|
||||||
EVP_PKEY *csign;
|
EVP_PKEY *csign;
|
||||||
char *kid;
|
char *kid;
|
||||||
const struct dpp_curve_params *curve;
|
const struct dpp_curve_params *curve;
|
||||||
os_time_t csign_expiry;
|
|
||||||
};
|
};
|
||||||
|
|
||||||
struct dpp_introduction {
|
struct dpp_introduction {
|
||||||
|
|
|
@ -2279,7 +2279,6 @@ static const struct parse_data ssid_fields[] = {
|
||||||
{ STR_LEN(dpp_netaccesskey) },
|
{ STR_LEN(dpp_netaccesskey) },
|
||||||
{ INT(dpp_netaccesskey_expiry) },
|
{ INT(dpp_netaccesskey_expiry) },
|
||||||
{ STR_LEN(dpp_csign) },
|
{ STR_LEN(dpp_csign) },
|
||||||
{ INT(dpp_csign_expiry) },
|
|
||||||
#endif /* CONFIG_DPP */
|
#endif /* CONFIG_DPP */
|
||||||
{ INT_RANGE(owe_group, 0, 65535) },
|
{ INT_RANGE(owe_group, 0, 65535) },
|
||||||
};
|
};
|
||||||
|
|
|
@ -871,7 +871,6 @@ static void wpa_config_write_network(FILE *f, struct wpa_ssid *ssid)
|
||||||
STR(dpp_netaccesskey);
|
STR(dpp_netaccesskey);
|
||||||
INT(dpp_netaccesskey_expiry);
|
INT(dpp_netaccesskey_expiry);
|
||||||
STR(dpp_csign);
|
STR(dpp_csign);
|
||||||
INT(dpp_csign_expiry);
|
|
||||||
#endif /* CONFIG_DPP */
|
#endif /* CONFIG_DPP */
|
||||||
INT(owe_group);
|
INT(owe_group);
|
||||||
#ifdef CONFIG_HT_OVERRIDES
|
#ifdef CONFIG_HT_OVERRIDES
|
||||||
|
|
|
@ -887,13 +887,6 @@ struct wpa_ssid {
|
||||||
*/
|
*/
|
||||||
size_t dpp_csign_len;
|
size_t dpp_csign_len;
|
||||||
|
|
||||||
/**
|
|
||||||
* dpp_csign_expiry - C-sign-key expiry in UNIX time stamp
|
|
||||||
*
|
|
||||||
* 0 indicates no expiration.
|
|
||||||
*/
|
|
||||||
unsigned int dpp_csign_expiry;
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* owe_group - OWE DH Group
|
* owe_group - OWE DH Group
|
||||||
*
|
*
|
||||||
|
|
|
@ -935,7 +935,6 @@ static struct wpa_ssid * wpas_dpp_add_network(struct wpa_supplicant *wpa_s,
|
||||||
os_memcpy(ssid->dpp_csign, wpabuf_head(auth->c_sign_key),
|
os_memcpy(ssid->dpp_csign, wpabuf_head(auth->c_sign_key),
|
||||||
wpabuf_len(auth->c_sign_key));
|
wpabuf_len(auth->c_sign_key));
|
||||||
ssid->dpp_csign_len = wpabuf_len(auth->c_sign_key);
|
ssid->dpp_csign_len = wpabuf_len(auth->c_sign_key);
|
||||||
ssid->dpp_csign_expiry = auth->c_sign_key_expiry;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
if (auth->net_access_key) {
|
if (auth->net_access_key) {
|
||||||
|
@ -1025,14 +1024,8 @@ static void wpas_dpp_handle_config_obj(struct wpa_supplicant *wpa_s,
|
||||||
wpa_snprintf_hex(hex, hexlen,
|
wpa_snprintf_hex(hex, hexlen,
|
||||||
wpabuf_head(auth->c_sign_key),
|
wpabuf_head(auth->c_sign_key),
|
||||||
wpabuf_len(auth->c_sign_key));
|
wpabuf_len(auth->c_sign_key));
|
||||||
if (auth->c_sign_key_expiry)
|
wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_C_SIGN_KEY "%s",
|
||||||
wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_C_SIGN_KEY
|
hex);
|
||||||
"%s %lu", hex,
|
|
||||||
(long unsigned)
|
|
||||||
auth->c_sign_key_expiry);
|
|
||||||
else
|
|
||||||
wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_C_SIGN_KEY
|
|
||||||
"%s", hex);
|
|
||||||
os_free(hex);
|
os_free(hex);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -1348,8 +1341,6 @@ static void wpas_dpp_rx_peer_disc_resp(struct wpa_supplicant *wpa_s,
|
||||||
os_memcpy(entry->pmk, intro.pmk, intro.pmk_len);
|
os_memcpy(entry->pmk, intro.pmk, intro.pmk_len);
|
||||||
entry->pmk_len = intro.pmk_len;
|
entry->pmk_len = intro.pmk_len;
|
||||||
entry->akmp = WPA_KEY_MGMT_DPP;
|
entry->akmp = WPA_KEY_MGMT_DPP;
|
||||||
if (!expiry || expiry > ssid->dpp_csign_expiry)
|
|
||||||
expiry = ssid->dpp_csign_expiry;
|
|
||||||
if (expiry) {
|
if (expiry) {
|
||||||
os_get_time(&now);
|
os_get_time(&now);
|
||||||
seconds = expiry - now.sec;
|
seconds = expiry - now.sec;
|
||||||
|
@ -1712,14 +1703,13 @@ static unsigned int wpas_dpp_next_configurator_id(struct wpa_supplicant *wpa_s)
|
||||||
|
|
||||||
int wpas_dpp_configurator_add(struct wpa_supplicant *wpa_s, const char *cmd)
|
int wpas_dpp_configurator_add(struct wpa_supplicant *wpa_s, const char *cmd)
|
||||||
{
|
{
|
||||||
char *expiry = NULL, *curve = NULL;
|
char *curve = NULL;
|
||||||
char *key = NULL;
|
char *key = NULL;
|
||||||
u8 *privkey = NULL;
|
u8 *privkey = NULL;
|
||||||
size_t privkey_len = 0;
|
size_t privkey_len = 0;
|
||||||
int ret = -1;
|
int ret = -1;
|
||||||
struct dpp_configurator *conf = NULL;
|
struct dpp_configurator *conf = NULL;
|
||||||
|
|
||||||
expiry = get_param(cmd, " expiry=");
|
|
||||||
curve = get_param(cmd, " curve=");
|
curve = get_param(cmd, " curve=");
|
||||||
key = get_param(cmd, " key=");
|
key = get_param(cmd, " key=");
|
||||||
|
|
||||||
|
@ -1735,22 +1725,12 @@ int wpas_dpp_configurator_add(struct wpa_supplicant *wpa_s, const char *cmd)
|
||||||
if (!conf)
|
if (!conf)
|
||||||
goto fail;
|
goto fail;
|
||||||
|
|
||||||
if (expiry) {
|
|
||||||
long int val;
|
|
||||||
|
|
||||||
val = strtol(expiry, NULL, 0);
|
|
||||||
if (val <= 0)
|
|
||||||
goto fail;
|
|
||||||
conf->csign_expiry = val;
|
|
||||||
}
|
|
||||||
|
|
||||||
conf->id = wpas_dpp_next_configurator_id(wpa_s);
|
conf->id = wpas_dpp_next_configurator_id(wpa_s);
|
||||||
dl_list_add(&wpa_s->dpp_configurator, &conf->list);
|
dl_list_add(&wpa_s->dpp_configurator, &conf->list);
|
||||||
ret = conf->id;
|
ret = conf->id;
|
||||||
conf = NULL;
|
conf = NULL;
|
||||||
fail:
|
fail:
|
||||||
os_free(curve);
|
os_free(curve);
|
||||||
os_free(expiry);
|
|
||||||
str_clear_free(key);
|
str_clear_free(key);
|
||||||
bin_clear_free(privkey, privkey_len);
|
bin_clear_free(privkey, privkey_len);
|
||||||
dpp_configurator_free(conf);
|
dpp_configurator_free(conf);
|
||||||
|
@ -1860,12 +1840,6 @@ int wpas_dpp_check_connect(struct wpa_supplicant *wpa_s, struct wpa_ssid *ssid,
|
||||||
|
|
||||||
os_get_time(&now);
|
os_get_time(&now);
|
||||||
|
|
||||||
if (ssid->dpp_csign_expiry && ssid->dpp_csign_expiry < now.sec) {
|
|
||||||
wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_MISSING_CONNECTOR
|
|
||||||
"C-sign-key expired");
|
|
||||||
return -1;
|
|
||||||
}
|
|
||||||
|
|
||||||
if (ssid->dpp_netaccesskey_expiry &&
|
if (ssid->dpp_netaccesskey_expiry &&
|
||||||
ssid->dpp_netaccesskey_expiry < now.sec) {
|
ssid->dpp_netaccesskey_expiry < now.sec) {
|
||||||
wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_MISSING_CONNECTOR
|
wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_MISSING_CONNECTOR
|
||||||
|
|
Loading…
Reference in a new issue