DPP: Remove devices object from the connector

author Jouni Malinen <jouni@qca.qualcomm.com>

Tue, 22 Aug 2017 20:46:27 +0000 (23:46 +0300)

committer Jouni Malinen <j@w1.fi>

Tue, 22 Aug 2017 20:46:27 +0000 (23:46 +0300)
author Jouni Malinen <jouni@qca.qualcomm.com>
Tue, 22 Aug 2017 20:46:27 +0000 (23:46 +0300)
committer Jouni Malinen <j@w1.fi>
Tue, 22 Aug 2017 20:46:27 +0000 (23:46 +0300)
diff --git a/hostapd/ctrl_iface.c b/hostapd/ctrl_iface.c

index c2534d1fb3fa03780fba5a7bd5c5827ba8a90a76..21d50ed79c8947c873d4fac3005a18f707697c1d 100644 (file)
--- a/hostapd/ctrl_iface.c
+++ b/hostapd/ctrl_iface.c
@@ -1298,9 +1298,6 @@ static int hostapd_ctrl_iface_set(struct hostapd_data *hapd, char *cmd)
         } else if (os_strcasecmp(cmd, "dpp_groups_override") == 0) {
                 os_free(hapd->dpp_groups_override);
                 hapd->dpp_groups_override = os_strdup(value);
-       } else if (os_strcasecmp(cmd, "dpp_devices_override") == 0) {
-               os_free(hapd->dpp_devices_override);
-               hapd->dpp_devices_override = os_strdup(value);
         } else if (os_strcasecmp(cmd,
                                  "dpp_ignore_netaccesskey_mismatch") == 0) {
                 hapd->dpp_ignore_netaccesskey_mismatch = atoi(value);
diff --git a/src/ap/dpp_hostapd.c b/src/ap/dpp_hostapd.c

index c8b4f87b8b7906eafc44806100b03539a490894f..8a8b4be6436eea503557d2252f5b4729f63a5784 100644 (file)
--- a/src/ap/dpp_hostapd.c
+++ b/src/ap/dpp_hostapd.c
@@ -320,8 +320,6 @@ static void hostapd_dpp_set_testing_options(struct hostapd_data *hapd,
                         os_strdup(hapd->dpp_discovery_override);
         if (hapd->dpp_groups_override)
                 auth->groups_override = os_strdup(hapd->dpp_groups_override);
-       if (hapd->dpp_devices_override)
-               auth->devices_override = os_strdup(hapd->dpp_devices_override);
         auth->ignore_netaccesskey_mismatch =
                 hapd->dpp_ignore_netaccesskey_mismatch;
  #endif /* CONFIG_TESTING_OPTIONS */
@@ -1476,8 +1474,6 @@ void hostapd_dpp_deinit(struct hostapd_data *hapd)
         hapd->dpp_discovery_override = NULL;
         os_free(hapd->dpp_groups_override);
         hapd->dpp_groups_override = NULL;
-       os_free(hapd->dpp_devices_override);
-       hapd->dpp_devices_override = NULL;
         hapd->dpp_ignore_netaccesskey_mismatch = 0;
  #endif /* CONFIG_TESTING_OPTIONS */
         if (!hapd->dpp_init_done)
diff --git a/src/ap/hostapd.h b/src/ap/hostapd.h

index fc19c25a9e7f56f14efa6d3361c9ff7fe1ea2be8..97e116571500af049e3edbe589c37bc9e0b7cb97 100644 (file)
--- a/src/ap/hostapd.h
+++ b/src/ap/hostapd.h
@@ -344,7 +344,6 @@ struct hostapd_data {
         char *dpp_config_obj_override;
         char *dpp_discovery_override;
         char *dpp_groups_override;
-       char *dpp_devices_override;
         unsigned int dpp_ignore_netaccesskey_mismatch:1;
  #endif /* CONFIG_TESTING_OPTIONS */
  #endif /* CONFIG_DPP */
diff --git a/src/common/dpp.c b/src/common/dpp.c

index e98a1339005f6575f19cb13b7650787304460fa2..1edfc9be0079cf476116ff4088b2739d5b08df0e 100644 (file)
--- a/src/common/dpp.c
+++ b/src/common/dpp.c
@@ -2890,7 +2890,6 @@ void dpp_auth_deinit(struct dpp_authentication *auth)
         os_free(auth->config_obj_override);
         os_free(auth->discovery_override);
         os_free(auth->groups_override);
-       os_free(auth->devices_override);
  #endif /* CONFIG_TESTING_OPTIONS */
         bin_clear_free(auth, sizeof(*auth));
  }
@@ -3028,8 +3027,6 @@ dpp_build_conf_obj_dpp(struct dpp_authentication *auth, int ap,
  #ifdef CONFIG_TESTING_OPTIONS
         if (auth->groups_override)
                 extra_len += os_strlen(auth->groups_override);
-       if (auth->devices_override)
-               extra_len += os_strlen(auth->devices_override);
  #endif /* CONFIG_TESTING_OPTIONS */
  
         /* Connector (JSON dppCon object) */
@@ -3037,7 +3034,7 @@ dpp_build_conf_obj_dpp(struct dpp_authentication *auth, int ap,
         if (!dppcon)
                 goto fail;
  #ifdef CONFIG_TESTING_OPTIONS
-       if (auth->groups_override || auth->devices_override) {
+       if (auth->groups_override) {
                 wpabuf_put_u8(dppcon, '{');
                 if (auth->groups_override) {
                         wpa_printf(MSG_DEBUG,
@@ -3047,14 +3044,6 @@ dpp_build_conf_obj_dpp(struct dpp_authentication *auth, int ap,
                         wpabuf_put_str(dppcon, auth->groups_override);
                         wpabuf_put_u8(dppcon, ',');
                 }
-               if (auth->devices_override) {
-                       wpa_printf(MSG_DEBUG,
-                                  "DPP: TESTING - devices override: '%s'",
-                                  auth->devices_override);
-                       wpabuf_put_str(dppcon, "\"devices\":");
-                       wpabuf_put_str(dppcon, auth->devices_override);
-                       wpabuf_put_u8(dppcon, ',');
-               }
                 goto skip_groups;
         }
  #endif /* CONFIG_TESTING_OPTIONS */
@@ -3743,7 +3732,7 @@ static int dpp_parse_connector(struct dpp_authentication *auth,
                                const unsigned char *payload,
                                u16 payload_len)
  {
-       struct json_token *root, *groups, *devices, *netkey, *token;
+       struct json_token *root, *groups, *netkey, *token;
         int ret = -1;
         EVP_PKEY *key = NULL;
         const struct dpp_curve_params *curve;
@@ -3781,44 +3770,9 @@ static int dpp_parse_connector(struct dpp_authentication *auth,
         }
  skip_groups:
  
-       devices = json_get_member(root, "devices");
-       if (!devices || devices->type != JSON_ARRAY) {
-               wpa_printf(MSG_DEBUG, "DPP: No devices array found");
-               goto skip_devices;
-       }
-       for (token = devices->child; token; token = token->sibling) {
-               struct wpabuf *id;
-               struct json_token *role;
-
-               id = json_get_member_base64url(token, "deviceId");
-               if (!id) {
-                       wpa_printf(MSG_DEBUG,
-                                  "DPP: Missing or invalid deviceId string");
-                       goto fail;
-               }
-               wpa_hexdump_buf(MSG_DEBUG, "DPP: deviceId", id);
-               if (wpabuf_len(id) != SHA256_MAC_LEN) {
-                       wpa_printf(MSG_DEBUG,
-                                  "DPP: Unexpected deviceId length");
-                       wpabuf_free(id);
-                       goto fail;
-               }
-               wpabuf_free(id);
-
-               role = json_get_member(token, "netRole");
-               if (!role || role->type != JSON_STRING) {
-                       wpa_printf(MSG_DEBUG, "DPP: Missing netRole string");
-                       goto fail;
-               }
-               wpa_printf(MSG_DEBUG, "DPP: connector device netRole='%s'",
-                          role->string);
-               rules++;
-       }
-
-skip_devices:
         if (!rules) {
                 wpa_printf(MSG_DEBUG,
-                          "DPP: Connector includes no groups or devices");
+                          "DPP: Connector includes no groups");
                 goto fail;
         }
  
@@ -4552,102 +4506,6 @@ static int dpp_connector_match_groups(struct json_token *own_root,
  }
  
  
-static int dpp_connector_compatible_device(struct json_token *root,
-                                          const char *device_id,
-                                          const char *net_role)
-{
-       struct json_token *groups, *token;
-
-       groups = json_get_member(root, "devices");
-       if (!groups || groups->type != JSON_ARRAY)
-               return 0;
-
-       for (token = groups->child; token; token = token->sibling) {
-               struct json_token *id, *role;
-
-               id = json_get_member(token, "deviceId");
-               if (!id || id->type != JSON_STRING)
-                       continue;
-
-               role = json_get_member(token, "netRole");
-               if (!role || role->type != JSON_STRING)
-                       continue;
-
-               if (os_strcmp(id->string, device_id) != 0)
-                       continue;
-
-               if (dpp_compatible_netrole(role->string, net_role))
-                       return 1;
-       }
-
-       return 0;
-}
-
-
-static int dpp_connector_match_devices(struct json_token *own_root,
-                                      struct json_token *peer_root,
-                                      const char *own_deviceid)
-{
-       struct json_token *devices, *token;
-
-       devices = json_get_member(peer_root, "devices");
-       if (!devices || devices->type != JSON_ARRAY) {
-               wpa_printf(MSG_DEBUG, "DPP: No peer devices array found");
-               return 0;
-       }
-
-       for (token = devices->child; token; token = token->sibling) {
-               struct json_token *id, *role;
-
-               id = json_get_member(token, "deviceId");
-               if (!id || id->type != JSON_STRING) {
-                       wpa_printf(MSG_DEBUG,
-                                  "DPP: Missing or invalid deviceId string");
-                       continue;
-               }
-
-               role = json_get_member(token, "netRole");
-               if (!role || role->type != JSON_STRING) {
-                       wpa_printf(MSG_DEBUG, "DPP: Missing netRole string");
-                       continue;
-               }
-               wpa_printf(MSG_DEBUG,
-                          "DPP: connector device deviceId='%s' netRole='%s'",
-                          id->string, role->string);
-               if (os_strcmp(id->string, own_deviceid) != 0)
-                       continue;
-
-               wpa_printf(MSG_DEBUG,
-                          "DPP: Listed deviceId matches own deviceId");
-               /* TODO: Is this next step required? */
-               if (dpp_connector_compatible_device(own_root, id->string,
-                                                   role->string)) {
-                       wpa_printf(MSG_DEBUG,
-                                  "DPP: Compatible device/netRole in own connector");
-                       return 1;
-               }
-               /* TODO: For now, accept this for interop testing purposes based
-                * on a simple match of deviceId while ignoring netRole. Once
-                * the spec is clearer on the expected behavior, either this
-                * comment or the following return 1 statement needs to be
-                * removed.
-                */
-               return 1;
-       }
-
-       return 0;
-}
-
-
-static int dpp_connector_match(struct json_token *own_root,
-                              struct json_token *peer_root,
-                              const char *own_deviceid)
-{
-       return dpp_connector_match_groups(own_root, peer_root) ||
-               dpp_connector_match_devices(own_root, peer_root, own_deviceid);
-}
-
-
  static int dpp_derive_pmk(const u8 *Nx, size_t Nx_len, u8 *pmk,
                           unsigned int hash_len)
  {
@@ -4754,7 +4612,6 @@ int dpp_peer_intro(struct dpp_introduction *intro, const char *own_connector,
         int ret = -1;
         EVP_PKEY *own_key = NULL, *peer_key = NULL;
         struct wpabuf *own_key_pub = NULL;
-       char *own_deviceid = NULL;
         const struct dpp_curve_params *curve, *own_curve;
         struct dpp_signed_connector_info info;
         const unsigned char *p;
@@ -4766,9 +4623,6 @@ int dpp_peer_intro(struct dpp_introduction *intro, const char *own_connector,
         EVP_PKEY_CTX *ctx = NULL;
         size_t Nx_len;
         u8 Nx[DPP_MAX_SHARED_SECRET_LEN];
-       u8 hash[SHA256_MAC_LEN];
-       const u8 *addr[1];
-       size_t len[1];
  
         os_memset(intro, 0, sizeof(*intro));
         os_memset(&info, 0, sizeof(info));
@@ -4789,27 +4643,6 @@ int dpp_peer_intro(struct dpp_introduction *intro, const char *own_connector,
                 wpa_printf(MSG_ERROR, "DPP: Failed to parse own netAccessKey");
                 goto fail;
         }
-       /* deviceId = SHA256(ANSI X9.63 uncompressed netAccessKey) */
-       own_key_pub = dpp_get_pubkey_point(own_key, 1);
-       if (!own_key_pub)
-               goto fail;
-       wpa_hexdump_buf(MSG_DEBUG,
-                       "DPP: ANSI X9.63 uncompressed public key of own netAccessKey",
-                       own_key_pub);
-       addr[0] = wpabuf_head(own_key_pub);
-       len[0] = wpabuf_len(own_key_pub);
-       if (sha256_vector(1, addr, len, hash) < 0)
-               goto fail;
-       wpa_hexdump(MSG_DEBUG,
-                   "DPP: SHA256 hash of ANSI X9.63 uncompressed form",
-                   hash, SHA256_MAC_LEN);
-
-       own_deviceid = (char *) base64_url_encode(hash, sizeof(hash), NULL, 0);
-       if (!own_deviceid)
-               goto fail;
-       wpa_printf(MSG_DEBUG,
-                  "DPP: Own deviceId (base64url encoded hash value): %s",
-                  own_deviceid);
  
         pos = os_strchr(own_connector, '.');
         if (!pos) {
@@ -4853,9 +4686,9 @@ int dpp_peer_intro(struct dpp_introduction *intro, const char *own_connector,
                 goto fail;
         }
  
-       if (!dpp_connector_match(own_root, root, own_deviceid)) {
+       if (!dpp_connector_match_groups(own_root, root)) {
                 wpa_printf(MSG_DEBUG,
-                          "DPP: Peer connector does not include compatible group/device netrole with own connector");
+                          "DPP: Peer connector does not include compatible group netrole with own connector");
                 goto fail;
         }
  
@@ -4937,7 +4770,6 @@ fail:
         os_free(info.payload);
         EVP_PKEY_free(own_key);
         wpabuf_free(own_key_pub);
-       os_free(own_deviceid);
         EVP_PKEY_free(peer_key);
         EVP_PKEY_free(csign);
         json_free(root);
diff --git a/src/common/dpp.h b/src/common/dpp.h

index c328e1db37cd0bc7c1403e5374066a06a194b35c..277b03ae2fb9260b4f2400a1e83050acc11fd13c 100644 (file)
--- a/src/common/dpp.h
+++ b/src/common/dpp.h
@@ -128,7 +128,7 @@ struct dpp_configuration {
         /* For DPP configuration (connector) */
         os_time_t netaccesskey_expiry;
  
-       /* TODO: groups, devices */
+       /* TODO: groups */
  
         /* For legacy configuration */
         char *passphrase;
@@ -183,7 +183,6 @@ struct dpp_authentication {
         char *config_obj_override;
         char *discovery_override;
         char *groups_override;
-       char *devices_override;
         unsigned int ignore_netaccesskey_mismatch:1;
  #endif /* CONFIG_TESTING_OPTIONS */
  };
diff --git a/wpa_supplicant/ctrl_iface.c b/wpa_supplicant/ctrl_iface.c

index 863dc992f99a6a9b4f77115dd4d2129946f01089..62b1bafc55cefbec9516bd6abaf45a89fa5072ee 100644 (file)
--- a/wpa_supplicant/ctrl_iface.c
+++ b/wpa_supplicant/ctrl_iface.c
@@ -646,9 +646,6 @@ static int wpa_supplicant_ctrl_iface_set(struct wpa_supplicant *wpa_s,
         } else if (os_strcasecmp(cmd, "dpp_groups_override") == 0) {
                 os_free(wpa_s->dpp_groups_override);
                 wpa_s->dpp_groups_override = os_strdup(value);
-       } else if (os_strcasecmp(cmd, "dpp_devices_override") == 0) {
-               os_free(wpa_s->dpp_devices_override);
-               wpa_s->dpp_devices_override = os_strdup(value);
         } else if (os_strcasecmp(cmd,
                                  "dpp_ignore_netaccesskey_mismatch") == 0) {
                 wpa_s->dpp_ignore_netaccesskey_mismatch = atoi(value);
diff --git a/wpa_supplicant/dpp_supplicant.c b/wpa_supplicant/dpp_supplicant.c

index 7acb44fb22cc887b834ca739860e3f31c3944776..4d632b389fd529a24c9c548feba42ef4ba90829f 100644 (file)
--- a/wpa_supplicant/dpp_supplicant.c
+++ b/wpa_supplicant/dpp_supplicant.c
@@ -366,9 +366,6 @@ static void wpas_dpp_set_testing_options(struct wpa_supplicant *wpa_s,
         if (wpa_s->dpp_groups_override)
                 auth->groups_override =
                         os_strdup(wpa_s->dpp_groups_override);
-       if (wpa_s->dpp_devices_override)
-               auth->devices_override =
-                       os_strdup(wpa_s->dpp_devices_override);
         auth->ignore_netaccesskey_mismatch =
                 wpa_s->dpp_ignore_netaccesskey_mismatch;
  #endif /* CONFIG_TESTING_OPTIONS */
@@ -2039,8 +2036,6 @@ void wpas_dpp_deinit(struct wpa_supplicant *wpa_s)
         wpa_s->dpp_discovery_override = NULL;
         os_free(wpa_s->dpp_groups_override);
         wpa_s->dpp_groups_override = NULL;
-       os_free(wpa_s->dpp_devices_override);
-       wpa_s->dpp_devices_override = NULL;
         wpa_s->dpp_ignore_netaccesskey_mismatch = 0;
  #endif /* CONFIG_TESTING_OPTIONS */
         if (!wpa_s->dpp_init_done)
diff --git a/wpa_supplicant/wpa_supplicant_i.h b/wpa_supplicant/wpa_supplicant_i.h

index 8b7d2f5c819209a02710b872c15c8e31f975b7dd..61ea5ee3d41e4ef66d5bea7621a9a5bebe149d96 100644 (file)
--- a/wpa_supplicant/wpa_supplicant_i.h
+++ b/wpa_supplicant/wpa_supplicant_i.h
@@ -1193,7 +1193,6 @@ struct wpa_supplicant {
         char *dpp_config_obj_override;
         char *dpp_discovery_override;
         char *dpp_groups_override;
-       char *dpp_devices_override;
         unsigned int dpp_ignore_netaccesskey_mismatch:1;
  #endif /* CONFIG_TESTING_OPTIONS */
  #endif /* CONFIG_DPP */
author	Jouni Malinen <jouni@qca.qualcomm.com>
	Tue, 22 Aug 2017 20:46:27 +0000 (23:46 +0300)
committer	Jouni Malinen <j@w1.fi>
	Tue, 22 Aug 2017 20:46:27 +0000 (23:46 +0300)
hostapd/ctrl_iface.c		patch \| blob \| blame \| history
src/ap/dpp_hostapd.c		patch \| blob \| blame \| history
src/ap/hostapd.h		patch \| blob \| blame \| history
src/common/dpp.c		patch \| blob \| blame \| history
src/common/dpp.h		patch \| blob \| blame \| history
wpa_supplicant/ctrl_iface.c		patch \| blob \| blame \| history
wpa_supplicant/dpp_supplicant.c		patch \| blob \| blame \| history
wpa_supplicant/wpa_supplicant_i.h		patch \| blob \| blame \| history