Support for provisioning SAE password identifiers with DPP
Dan Harkins
dharkins at lounge.org
Fri Aug 23 10:50:36 PDT 2024
DPP supports provisioning of SAE password identifiers to uniquely
identify a password if the enrollee indicates support for them.
Support is indicated using dpp_extra_conf_req_<name|value> in the
wpa_supplicant config file but if the Configurator then sends a
password identifier in the Configuration Object, it would not be
saved as part of the provisioned profile. This patch fixes that.
I put everything under defines for CONFIG_DPP3 as this is a
bleeding edge feature in DPP.
This was tested against my DPP reference implementation acting
as the Configurator.
-------------------------------------------------------------------
diff --git a/src/common/dpp.c b/src/common/dpp.c
index 3b9f35e8d..8c0fc44f8 100644
--- a/src/common/dpp.c
+++ b/src/common/dpp.c
@@ -2549,13 +2549,18 @@ fail:
static int dpp_parse_cred_legacy(struct dpp_config_obj *conf,
struct json_token *cred)
{
- struct json_token *pass, *psk_hex;
+ struct json_token *pass, *psk_hex;
+#ifdef CONFIG_DPP3
+ struct json_token *saepi;
+#endif /* CONFIG_DPP3 */
wpa_printf(MSG_DEBUG, "DPP: Legacy akm=psk credential");
pass = json_get_member(cred, "pass");
psk_hex = json_get_member(cred, "psk_hex");
-
+#ifdef CONFIG_DPP3
+ saepi = json_get_member(cred, "idpass");
+#endif /* CONFIG_DPP3 */
if (pass && pass->type == JSON_STRING) {
size_t len = os_strlen(pass->string);
@@ -2565,6 +2570,12 @@ static int dpp_parse_cred_legacy(struct
dpp_config_obj *conf,
return -1;
os_strlcpy(conf->passphrase, pass->string,
sizeof(conf->passphrase));
+#ifdef CONFIG_DPP3
+ if (saepi && saepi->type == JSON_STRING) {
+ os_strlcpy(conf->password_id, saepi->string,
+ sizeof(saepi->string));
+ }
+#endif /* CONFIG_DPP3 */
} else if (psk_hex && psk_hex->type == JSON_STRING) {
if (dpp_akm_sae(conf->akm) && !dpp_akm_psk(conf->akm)) {
wpa_printf(MSG_DEBUG,
diff --git a/src/common/dpp.h b/src/common/dpp.h
index 0f843da6a..6f6487a61 100644
--- a/src/common/dpp.h
+++ b/src/common/dpp.h
@@ -356,6 +356,9 @@ struct dpp_authentication {
u8 ssid_len;
int ssid_charset;
char passphrase[64];
+#ifdef CONFIG_DPP3
+ char password_id[64];
+#endif /* CONFIG_DPP3 */
u8 psk[PMK_LEN];
int psk_set;
enum dpp_akm akm;
diff --git a/src/common/wpa_ctrl.h b/src/common/wpa_ctrl.h
index f6142501e..b6ff6d73f 100644
--- a/src/common/wpa_ctrl.h
+++ b/src/common/wpa_ctrl.h
@@ -204,6 +204,9 @@ extern "C" {
#define DPP_EVENT_CONFOBJ_SSID "DPP-CONFOBJ-SSID "
#define DPP_EVENT_CONFOBJ_SSID_CHARSET "DPP-CONFOBJ-SSID-CHARSET "
#define DPP_EVENT_CONFOBJ_PASS "DPP-CONFOBJ-PASS "
+#ifdef CONFIG_DPP3
+#define DPP_EVENT_CONFOBJ_IDPASS "DPP-CONFOBJ-IDPASS "
+#endif /* CONFIG_DPP3 */
#define DPP_EVENT_CONFOBJ_PSK "DPP-CONFOBJ-PSK "
#define DPP_EVENT_CONNECTOR "DPP-CONNECTOR "
#define DPP_EVENT_C_SIGN_KEY "DPP-C-SIGN-KEY "
diff --git a/wpa_supplicant/config.c b/wpa_supplicant/config.c
index b02b694a3..8b79eddda 100644
--- a/wpa_supplicant/config.c
+++ b/wpa_supplicant/config.c
@@ -5694,7 +5694,6 @@ int wpa_config_process_global(struct wpa_config
*config, char *pos, int line)
if (os_strncmp(pos, field->name, flen) != 0 ||
pos[flen] != '=')
continue;
-
ret = field->parser(field, config, line, pos + flen + 1);
if (ret < 0) {
wpa_printf(MSG_ERROR, "Line %d: failed to "
diff --git a/wpa_supplicant/dpp_supplicant.c
b/wpa_supplicant/dpp_supplicant.c
index 94d7ae990..a99f2384b 100644
--- a/wpa_supplicant/dpp_supplicant.c
+++ b/wpa_supplicant/dpp_supplicant.c
@@ -1418,6 +1418,18 @@ static struct wpa_ssid *
wpas_dpp_add_network(struct wpa_supplicant *wpa_s,
os_memcpy(ssid->ssid, conf->ssid, conf->ssid_len);
ssid->ssid_len = conf->ssid_len;
+#ifdef CONFIG_DPP3
+ if (conf->akm == DPP_AKM_SAE) {
+ if (conf->password_id[0]) {
+ ssid->sae_password_id =
os_malloc(os_strlen(conf->password_id));
+ if (!ssid->sae_password_id) {
+ goto fail;
+ }
+ os_memcpy(ssid->sae_password_id, conf->password_id,
os_strlen(conf->password_id));
+ ssid->sae_password_id[os_strlen(conf->password_id)] = '\0'; /* ??? */
+ }
+ }
+#endif /* CONFIG_DPP3 */
if (conf->connector) {
if (dpp_akm_dpp(conf->akm)) {
ssid->key_mgmt = WPA_KEY_MGMT_DPP;
@@ -1691,6 +1703,12 @@ static int wpas_dpp_handle_config_obj(struct
wpa_supplicant *wpa_s,
wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_CONFOBJ_PSK "%s",
hex);
}
+#ifdef CONFIG_DPP3
+ if (conf->password_id[0]) {
+ wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_CONFOBJ_IDPASS "%s",
+ conf->password_id);
+ }
+#endif /* CONFIG_DPP3 */
if (conf->c_sign_key) {
char *hex;
size_t hexlen;
------------------------------------------------------------------
Signed-off-by: Dan Harkins <dharkins at lounge.org>
regards,
Dan.
--
"The object of life is not to be on the side of the majority, but to
escape finding oneself in the ranks of the insane." -- Marcus Aurelius
More information about the Hostap
mailing list