DPP2: Allow Configurator to use AKM suite selectors in Config Object

The new use_akm_selector=1 value to Configurator parameters can now be
used to request a list of AKM suite selectors to be used in the
Configuration Object if the Enrollee supports version 2 or newer.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>

diff --git a/src/common/dpp.c b/src/common/dpp.c
index fbad03eeb0810ea7d65b9a9c63ac9bc0c1c1a48c..4aa279aada811418f32c3d96179f5b95bc9a66f7 100644 (file)
--- a/src/common/dpp.c
+++ b/src/common/dpp.c
@@ -4585,6 +4585,12 @@ int dpp_set_configurator(struct dpp_global *dpp, void *msg_ctx,
                auth->send_conn_status = atoi(pos);
        }
 
+       pos = os_strstr(cmd, " akm_use_selector=");
+       if (pos) {
+               pos += 18;
+               auth->akm_use_selector = atoi(pos);
+       }
+
        if (dpp_configuration_parse(auth, cmd) < 0) {
                wpa_msg(msg_ctx, MSG_INFO,
                        "DPP: Failed to set configurator parameters");
@@ -4761,6 +4767,7 @@ dpp_build_conf_obj_dpp(struct dpp_authentication *auth,
        size_t extra_len = 1000;
        int incl_legacy;
        enum dpp_akm akm;
+       const char *akm_str;
 
        if (!auth->conf) {
                wpa_printf(MSG_INFO,
@@ -4914,7 +4921,11 @@ skip_groups:
        if (!buf)
                goto fail;
 
-       wpabuf_printf(buf, "\"cred\":{\"akm\":\"%s\",", dpp_akm_str(akm));
+       if (auth->akm_use_selector && dpp_akm_ver2(akm))
+               akm_str = dpp_akm_selector_str(akm);
+       else
+               akm_str = dpp_akm_str(akm);
+       wpabuf_printf(buf, "\"cred\":{\"akm\":\"%s\",", akm_str);
        if (incl_legacy) {
                dpp_build_legacy_cred_params(buf, conf);
                wpabuf_put_str(buf, ",");
@@ -4959,12 +4970,17 @@ dpp_build_conf_obj_legacy(struct dpp_authentication *auth,
                          struct dpp_configuration *conf)
 {
        struct wpabuf *buf;
+       const char *akm_str;
 
        buf = dpp_build_conf_start(auth, conf, 1000);
        if (!buf)
                return NULL;
 
-       wpabuf_printf(buf, "\"cred\":{\"akm\":\"%s\",", dpp_akm_str(conf->akm));
+       if (auth->akm_use_selector && dpp_akm_ver2(conf->akm))
+               akm_str = dpp_akm_selector_str(conf->akm);
+       else
+               akm_str = dpp_akm_str(conf->akm);
+       wpabuf_printf(buf, "\"cred\":{\"akm\":\"%s\",", akm_str);
        dpp_build_legacy_cred_params(buf, conf);
        wpabuf_put_str(buf, "}}");
 
@@ -6024,6 +6040,27 @@ const char * dpp_akm_str(enum dpp_akm akm)
 }
 
 
+const char * dpp_akm_selector_str(enum dpp_akm akm)
+{
+       switch (akm) {
+       case DPP_AKM_DPP:
+               return "506F9A02";
+       case DPP_AKM_PSK:
+               return "000FAC02+000FAC06";
+       case DPP_AKM_SAE:
+               return "000FAC08";
+       case DPP_AKM_PSK_SAE:
+               return "000FAC02+000FAC06+000FAC08";
+       case DPP_AKM_SAE_DPP:
+               return "506F9A02+000FAC08";
+       case DPP_AKM_PSK_SAE_DPP:
+               return "506F9A02+000FAC08+000FAC02+000FAC06";
+       default:
+               return "??";
+       }
+}
+
+
 static enum dpp_akm dpp_akm_from_str(const char *akm)
 {
        if (os_strcmp(akm, "psk") == 0)

diff --git a/src/common/dpp.h b/src/common/dpp.h
index 5c1c83c3ed36fc9d8a2f82815deb92e4f1df2fe9..0be26d7e3c520ef675bda5a91ae09c0fa8f63a7f 100644 (file)
--- a/src/common/dpp.h
+++ b/src/common/dpp.h
@@ -258,6 +258,7 @@ struct dpp_authentication {
        os_time_t net_access_key_expiry;
        int send_conn_status;
        int conn_status_requested;
+       int akm_use_selector;
 #ifdef CONFIG_TESTING_OPTIONS
        char *config_obj_override;
        char *discovery_override;
@@ -478,6 +479,7 @@ const u8 * dpp_get_attr(const u8 *buf, size_t len, u16 req_id, u16 *ret_len);
 int dpp_check_attrs(const u8 *buf, size_t len);
 int dpp_key_expired(const char *timestamp, os_time_t *expiry);
 const char * dpp_akm_str(enum dpp_akm akm);
+const char * dpp_akm_selector_str(enum dpp_akm akm);
 int dpp_configurator_get_key(const struct dpp_configurator *conf, char *buf,
                             size_t buflen);
 void dpp_configurator_free(struct dpp_configurator *conf);