DPP: Remove C-sign-key expiry

This was removed in DPP tech spec v0.2.3.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>

diff --git a/hostapd/config_file.c b/hostapd/config_file.c
index 091437a3bcd0291d2f423a98a22ba884a67a2910..ac08b7bdafa236c6ff14567a765e5b3fa31eacfe 100644 (file)
--- a/hostapd/config_file.c
+++ b/hostapd/config_file.c
@@ -3770,8 +3770,6 @@ static int hostapd_config_fill(struct hostapd_config *conf,
        } else if (os_strcmp(buf, "dpp_csign") == 0) {
                if (parse_wpabuf_hex(line, buf, &bss->dpp_csign, pos))
                        return 1;
-       } else if (os_strcmp(buf, "dpp_csign_expiry") == 0) {
-               bss->dpp_csign_expiry = strtol(pos, NULL, 0);
 #endif /* CONFIG_DPP */
 #ifdef CONFIG_OWE
        } else if (os_strcmp(buf, "owe_transition_bssid") == 0) {

diff --git a/src/ap/ap_config.h b/src/ap/ap_config.h
index 83f422964f2a344b1494694be9ec129d8f4cfe39..ac459471cb3f4e63bfe29e39e6f41d5861b5b4a8 100644 (file)
--- a/src/ap/ap_config.h
+++ b/src/ap/ap_config.h
@@ -642,7 +642,6 @@ struct hostapd_bss_config {
        struct wpabuf *dpp_netaccesskey;
        unsigned int dpp_netaccesskey_expiry;
        struct wpabuf *dpp_csign;
-       unsigned int dpp_csign_expiry;
 #endif /* CONFIG_DPP */
 
 #ifdef CONFIG_OWE

diff --git a/src/ap/dpp_hostapd.c b/src/ap/dpp_hostapd.c
index c73c56cc4e5d3ab061495474c342fbcc1214c1ca..d18d31fd3e8a721c490626939000db71924ba695 100644 (file)
--- a/src/ap/dpp_hostapd.c
+++ b/src/ap/dpp_hostapd.c
@@ -732,14 +732,8 @@ static void hostapd_dpp_gas_resp_cb(void *ctx, const u8 *addr, u8 dialog_token,
                        wpa_snprintf_hex(hex, hexlen,
                                         wpabuf_head(auth->c_sign_key),
                                         wpabuf_len(auth->c_sign_key));
-                       if (auth->c_sign_key_expiry)
-                               wpa_msg(hapd->msg_ctx, MSG_INFO,
-                                       DPP_EVENT_C_SIGN_KEY "%s %lu", hex,
-                                       (unsigned long)
-                                       auth->c_sign_key_expiry);
-                       else
-                               wpa_msg(hapd->msg_ctx, MSG_INFO,
-                                       DPP_EVENT_C_SIGN_KEY "%s", hex);
+                       wpa_msg(hapd->msg_ctx, MSG_INFO,
+                               DPP_EVENT_C_SIGN_KEY "%s", hex);
                        os_free(hex);
                }
        }
@@ -951,11 +945,6 @@ static void hostapd_dpp_rx_peer_disc_req(struct hostapd_data *hapd,
        }
 
        os_get_time(&now);
-       if (hapd->conf->dpp_csign_expiry &&
-           hapd->conf->dpp_csign_expiry < now.sec) {
-               wpa_printf(MSG_DEBUG, "DPP: C-sign-key expired");
-               return;
-       }
 
        if (hapd->conf->dpp_netaccesskey_expiry &&
            hapd->conf->dpp_netaccesskey_expiry < now.sec) {
@@ -991,8 +980,6 @@ static void hostapd_dpp_rx_peer_disc_req(struct hostapd_data *hapd,
 
        if (!expire || hapd->conf->dpp_netaccesskey_expiry < expire)
                expire = hapd->conf->dpp_netaccesskey_expiry;
-       if (!expire || hapd->conf->dpp_csign_expiry < expire)
-               expire = hapd->conf->dpp_csign_expiry;
        if (expire)
                expiration = expire - now.sec;
        else
@@ -1306,14 +1293,13 @@ static unsigned int hostapd_dpp_next_configurator_id(struct hostapd_data *hapd)
 
 int hostapd_dpp_configurator_add(struct hostapd_data *hapd, const char *cmd)
 {
-       char *expiry = NULL, *curve = NULL;
+       char *curve = NULL;
        char *key = NULL;
        u8 *privkey = NULL;
        size_t privkey_len = 0;
        int ret = -1;
        struct dpp_configurator *conf = NULL;
 
-       expiry = get_param(cmd, " expiry=");
        curve = get_param(cmd, " curve=");
        key = get_param(cmd, " key=");
 
@@ -1329,22 +1315,12 @@ int hostapd_dpp_configurator_add(struct hostapd_data *hapd, const char *cmd)
        if (!conf)
                goto fail;
 
-       if (expiry) {
-               long int val;
-
-               val = strtol(expiry, NULL, 0);
-               if (val <= 0)
-                       goto fail;
-               conf->csign_expiry = val;
-       }
-
        conf->id = hostapd_dpp_next_configurator_id(hapd);
        dl_list_add(&hapd->dpp_configurator, &conf->list);
        ret = conf->id;
        conf = NULL;
 fail:
        os_free(curve);
-       os_free(expiry);
        str_clear_free(key);
        bin_clear_free(privkey, privkey_len);
        dpp_configurator_free(conf);

diff --git a/src/common/dpp.c b/src/common/dpp.c
index ab6010aa889b72432e893f13467ef685123472df..85b97fb4fe01d0a15ae57bfd8fed2a7f777ca76c 100644 (file)
--- a/src/common/dpp.c
+++ b/src/common/dpp.c
@@ -3156,19 +3156,6 @@ skip_groups:
                wpa_printf(MSG_DEBUG, "DPP: Failed to build csign JWK");
                goto fail;
        }
-       if (auth->conf->csign_expiry) {
-               struct os_tm tm;
-
-               if (os_gmtime(auth->conf->csign_expiry, &tm) < 0) {
-                       wpa_printf(MSG_DEBUG,
-                                  "DPP: Failed to generate expiry string");
-                       goto fail;
-               }
-               wpabuf_printf(buf,
-                             ",\"expiry\":\"%04u-%02u-%02uT%02u:%02u:%02uZ\"",
-                             tm.year, tm.month, tm.day,
-                             tm.hour, tm.min, tm.sec);
-       }
 
        wpabuf_put_str(buf, "}}");
 
@@ -4078,18 +4065,6 @@ static int dpp_parse_cred_dpp(struct dpp_authentication *auth,
        }
        dpp_debug_print_key("DPP: Received C-sign-key", csign_pub);
 
-       token = json_get_member(cred, "expiry");
-       if (!token || token->type != JSON_STRING) {
-               wpa_printf(MSG_DEBUG,
-                          "DPP: No expiry string found - C-sign-key does not expire");
-       } else {
-               wpa_printf(MSG_DEBUG, "DPP: expiry = %s", token->string);
-               if (dpp_key_expired(token->string, &auth->c_sign_key_expiry)) {
-                       wpa_printf(MSG_DEBUG, "DPP: C-sign-key has expired");
-                       goto fail;
-               }
-       }
-
        token = json_get_member(cred, "signedConnector");
        if (!token || token->type != JSON_STRING) {
                wpa_printf(MSG_DEBUG, "DPP: No signedConnector string found");

diff --git a/src/common/dpp.h b/src/common/dpp.h
index 550157e1838094757b50efbf1d2eb268daea2617..534036aa333cb778d1def454f7f86dd9641c2bee 100644 (file)
--- a/src/common/dpp.h
+++ b/src/common/dpp.h
@@ -178,7 +178,6 @@ struct dpp_authentication {
        struct wpabuf *net_access_key;
        os_time_t net_access_key_expiry;
        struct wpabuf *c_sign_key;
-       os_time_t c_sign_key_expiry;
 #ifdef CONFIG_TESTING_OPTIONS
        char *config_obj_override;
        char *discovery_override;
@@ -194,7 +193,6 @@ struct dpp_configurator {
        EVP_PKEY *csign;
        char *kid;
        const struct dpp_curve_params *curve;
-       os_time_t csign_expiry;
 };
 
 struct dpp_introduction {

diff --git a/wpa_supplicant/config.c b/wpa_supplicant/config.c
index 79f36b945b8c00735901972b87d3198ef1924537..1ff0799dca1db580267200e26a14b912e8151ee2 100644 (file)
--- a/wpa_supplicant/config.c
+++ b/wpa_supplicant/config.c
@@ -2279,7 +2279,6 @@ static const struct parse_data ssid_fields[] = {
        { STR_LEN(dpp_netaccesskey) },
        { INT(dpp_netaccesskey_expiry) },
        { STR_LEN(dpp_csign) },
-       { INT(dpp_csign_expiry) },
 #endif /* CONFIG_DPP */
        { INT_RANGE(owe_group, 0, 65535) },
 };

diff --git a/wpa_supplicant/config_file.c b/wpa_supplicant/config_file.c
index b2f760ae4892721f698096e6229b9d8226c44f52..489237cc15b3466f7327bc557da89c06bcbc2aa5 100644 (file)
--- a/wpa_supplicant/config_file.c
+++ b/wpa_supplicant/config_file.c
@@ -871,7 +871,6 @@ static void wpa_config_write_network(FILE *f, struct wpa_ssid *ssid)
        STR(dpp_netaccesskey);
        INT(dpp_netaccesskey_expiry);
        STR(dpp_csign);
-       INT(dpp_csign_expiry);
 #endif /* CONFIG_DPP */
        INT(owe_group);
 #ifdef CONFIG_HT_OVERRIDES

diff --git a/wpa_supplicant/config_ssid.h b/wpa_supplicant/config_ssid.h
index 120218f486bda691a3d96d4fbb92fc83b9fb4291..2748c6a88b0e622d1815659b46f7834f4caa4648 100644 (file)
--- a/wpa_supplicant/config_ssid.h
+++ b/wpa_supplicant/config_ssid.h
@@ -887,13 +887,6 @@ struct wpa_ssid {
         */
        size_t dpp_csign_len;
 
-       /**
-        * dpp_csign_expiry - C-sign-key expiry in UNIX time stamp
-        *
-        * 0 indicates no expiration.
-        */
-       unsigned int dpp_csign_expiry;
-
        /**
         * owe_group - OWE DH Group
         *

diff --git a/wpa_supplicant/dpp_supplicant.c b/wpa_supplicant/dpp_supplicant.c
index 44178f971bdbc2838caa6583a47e7fd0724cd238..2492749fed07fdc8b9730a733c05471000a729d5 100644 (file)
--- a/wpa_supplicant/dpp_supplicant.c
+++ b/wpa_supplicant/dpp_supplicant.c
@@ -935,7 +935,6 @@ static struct wpa_ssid * wpas_dpp_add_network(struct wpa_supplicant *wpa_s,
                os_memcpy(ssid->dpp_csign, wpabuf_head(auth->c_sign_key),
                          wpabuf_len(auth->c_sign_key));
                ssid->dpp_csign_len = wpabuf_len(auth->c_sign_key);
-               ssid->dpp_csign_expiry = auth->c_sign_key_expiry;
        }
 
        if (auth->net_access_key) {
@@ -1025,14 +1024,8 @@ static void wpas_dpp_handle_config_obj(struct wpa_supplicant *wpa_s,
                        wpa_snprintf_hex(hex, hexlen,
                                         wpabuf_head(auth->c_sign_key),
                                         wpabuf_len(auth->c_sign_key));
-                       if (auth->c_sign_key_expiry)
-                               wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_C_SIGN_KEY
-                                       "%s %lu", hex,
-                                       (long unsigned)
-                                       auth->c_sign_key_expiry);
-                       else
-                               wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_C_SIGN_KEY
-                                       "%s", hex);
+                       wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_C_SIGN_KEY "%s",
+                               hex);
                        os_free(hex);
                }
        }
@@ -1348,8 +1341,6 @@ static void wpas_dpp_rx_peer_disc_resp(struct wpa_supplicant *wpa_s,
        os_memcpy(entry->pmk, intro.pmk, intro.pmk_len);
        entry->pmk_len = intro.pmk_len;
        entry->akmp = WPA_KEY_MGMT_DPP;
-       if (!expiry || expiry > ssid->dpp_csign_expiry)
-               expiry = ssid->dpp_csign_expiry;
        if (expiry) {
                os_get_time(&now);
                seconds = expiry - now.sec;
@@ -1712,14 +1703,13 @@ static unsigned int wpas_dpp_next_configurator_id(struct wpa_supplicant *wpa_s)
 
 int wpas_dpp_configurator_add(struct wpa_supplicant *wpa_s, const char *cmd)
 {
-       char *expiry = NULL, *curve = NULL;
+       char *curve = NULL;
        char *key = NULL;
        u8 *privkey = NULL;
        size_t privkey_len = 0;
        int ret = -1;
        struct dpp_configurator *conf = NULL;
 
-       expiry = get_param(cmd, " expiry=");
        curve = get_param(cmd, " curve=");
        key = get_param(cmd, " key=");
 
@@ -1735,22 +1725,12 @@ int wpas_dpp_configurator_add(struct wpa_supplicant *wpa_s, const char *cmd)
        if (!conf)
                goto fail;
 
-       if (expiry) {
-               long int val;
-
-               val = strtol(expiry, NULL, 0);
-               if (val <= 0)
-                       goto fail;
-               conf->csign_expiry = val;
-       }
-
        conf->id = wpas_dpp_next_configurator_id(wpa_s);
        dl_list_add(&wpa_s->dpp_configurator, &conf->list);
        ret = conf->id;
        conf = NULL;
 fail:
        os_free(curve);
-       os_free(expiry);
        str_clear_free(key);
        bin_clear_free(privkey, privkey_len);
        dpp_configurator_free(conf);
@@ -1860,12 +1840,6 @@ int wpas_dpp_check_connect(struct wpa_supplicant *wpa_s, struct wpa_ssid *ssid,
 
        os_get_time(&now);
 
-       if (ssid->dpp_csign_expiry && ssid->dpp_csign_expiry < now.sec) {
-               wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_MISSING_CONNECTOR
-                       "C-sign-key expired");
-               return -1;
-       }
-
        if (ssid->dpp_netaccesskey_expiry &&
            ssid->dpp_netaccesskey_expiry < now.sec) {
                wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_MISSING_CONNECTOR