From e2b1e7dce70e4bce5bd8eac79599ff0aa0df5549 Mon Sep 17 00:00:00 2001 From: Jouni Malinen Date: Thu, 6 Feb 2020 03:34:36 +0200 Subject: [PATCH] DPP: Require conf=configurator to allow Configurator provisioning Make Configurator provisioning require explicit conf parameter enabling similarly to the previously used conf=ap-* and conf=sta-* cases. Signed-off-by: Jouni Malinen --- src/common/dpp.c | 10 ++++++++++ src/common/dpp.h | 1 + 2 files changed, 11 insertions(+) diff --git a/src/common/dpp.c b/src/common/dpp.c index 12a5a983b..9cdd926ff 100644 --- a/src/common/dpp.c +++ b/src/common/dpp.c @@ -4517,6 +4517,10 @@ static int dpp_configuration_parse_helper(struct dpp_authentication *auth, conf = conf_ap; } + pos = os_strstr(cmd, " conf=configurator"); + if (pos) + auth->provision_configurator = 1; + if (!conf) return 0; @@ -5605,6 +5609,12 @@ static struct wpabuf * dpp_build_enveloped_data(struct dpp_authentication *auth) return NULL; } + if (!auth->provision_configurator) { + wpa_printf(MSG_DEBUG, + "DPP: Configurator provisioning not allowed"); + return NULL; + } + wpa_printf(MSG_DEBUG, "DPP: Building DPPEnvelopedData"); hash_len = auth->conf->curve->hash_len; diff --git a/src/common/dpp.h b/src/common/dpp.h index c47a9b87c..ad1bcb0fa 100644 --- a/src/common/dpp.h +++ b/src/common/dpp.h @@ -254,6 +254,7 @@ struct dpp_authentication { struct dpp_configuration *conf2_ap; struct dpp_configuration *conf_sta; struct dpp_configuration *conf2_sta; + int provision_configurator; struct dpp_configurator *conf; struct dpp_config_obj { char *connector; /* received signedConnector */ -- 2.39.2