DPP: Auto-generate Initiator bootstrapping info if needed

Instead of using the all-zeros Initiator Bootstrapping Key Hash when no
local bootstrapping key is configuref for the Initiator, automatically
generate a temporary bootstrapping key for the same curve that the
Responder uses. If the Responder indicates that it wants to do mutual
authentication, provide the URI for the auto-generated bootstrapping key
in the DPP-RESPONSE-PENDING event for upper layers to display the QR
Code.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>

diff --git a/src/common/dpp.c b/src/common/dpp.c
index fe4b154b10bde53088aad1c49eb9c0ce603fcae4..a73c068e99e7666e116e95fd2145844307f71e70 100644 (file)
--- a/src/common/dpp.c
+++ b/src/common/dpp.c
@@ -2010,6 +2010,45 @@ static int dpp_prepare_channel_list(struct dpp_authentication *auth,
 }
 
 
+static int dpp_autogen_bootstrap_key(struct dpp_authentication *auth)
+{
+       struct dpp_bootstrap_info *bi;
+       char *pk = NULL;
+       size_t len;
+
+       if (auth->own_bi)
+               return 0; /* already generated */
+
+       bi = os_zalloc(sizeof(*bi));
+       if (!bi)
+               return -1;
+       bi->type = DPP_BOOTSTRAP_QR_CODE;
+       pk = dpp_keygen(bi, auth->peer_bi->curve->name, NULL, 0);
+       if (!pk)
+               goto fail;
+
+       len = 4; /* "DPP:" */
+       len += 4 + os_strlen(pk);
+       bi->uri = os_malloc(len + 1);
+       if (!bi->uri)
+               goto fail;
+       os_snprintf(bi->uri, len + 1, "DPP:K:%s;;", pk);
+       wpa_printf(MSG_DEBUG,
+                  "DPP: Auto-generated own bootstrapping key info: URI %s",
+                  bi->uri);
+
+       auth->tmp_own_bi = auth->own_bi = bi;
+
+       os_free(pk);
+
+       return 0;
+fail:
+       os_free(pk);
+       dpp_bootstrap_info_free(bi);
+       return -1;
+}
+
+
 struct dpp_authentication * dpp_auth_init(void *msg_ctx,
                                          struct dpp_bootstrap_info *peer_bi,
                                          struct dpp_bootstrap_info *own_bi,
@@ -2023,7 +2062,6 @@ struct dpp_authentication * dpp_auth_init(void *msg_ctx,
        EVP_PKEY_CTX *ctx = NULL;
        size_t secret_len;
        struct wpabuf *pi = NULL;
-       u8 zero[SHA256_MAC_LEN];
        const u8 *r_pubkey_hash, *i_pubkey_hash;
 #ifdef CONFIG_TESTING_OPTIONS
        u8 test_hash[SHA256_MAC_LEN];
@@ -2041,7 +2079,8 @@ struct dpp_authentication * dpp_auth_init(void *msg_ctx,
        auth->own_bi = own_bi;
        auth->curve = peer_bi->curve;
 
-       if (dpp_prepare_channel_list(auth, own_modes, num_modes) < 0)
+       if (dpp_autogen_bootstrap_key(auth) < 0 ||
+           dpp_prepare_channel_list(auth, own_modes, num_modes) < 0)
                goto fail;
 
        nonce_len = auth->curve->nonce_len;
@@ -2084,13 +2123,7 @@ struct dpp_authentication * dpp_auth_init(void *msg_ctx,
                goto fail;
 
        r_pubkey_hash = auth->peer_bi->pubkey_hash;
-
-       if (auth->own_bi) {
-               i_pubkey_hash = auth->own_bi->pubkey_hash;
-       } else {
-               os_memset(zero, 0, SHA256_MAC_LEN);
-               i_pubkey_hash = zero;
-       }
+       i_pubkey_hash = auth->own_bi->pubkey_hash;
 
 #ifdef CONFIG_TESTING_OPTIONS
        if (dpp_test == DPP_TEST_NO_R_BOOTSTRAP_KEY_HASH_AUTH_REQ) {
@@ -3307,7 +3340,9 @@ dpp_auth_resp_rx_status(struct dpp_authentication *auth, const u8 *hdr,
                } else {
                        wpa_printf(MSG_DEBUG,
                                   "DPP: Continue waiting for full DPP Authentication Response");
-                       wpa_msg(auth->msg_ctx, MSG_INFO, DPP_EVENT_RESPONSE_PENDING);
+                       wpa_msg(auth->msg_ctx, MSG_INFO,
+                               DPP_EVENT_RESPONSE_PENDING "%s",
+                               auth->tmp_own_bi ? auth->tmp_own_bi->uri : "");
                }
        }
 fail:
@@ -3873,6 +3908,7 @@ void dpp_auth_deinit(struct dpp_authentication *auth)
        os_free(auth->connector);
        wpabuf_free(auth->net_access_key);
        wpabuf_free(auth->c_sign_key);
+       dpp_bootstrap_info_free(auth->tmp_own_bi);
 #ifdef CONFIG_TESTING_OPTIONS
        os_free(auth->config_obj_override);
        os_free(auth->discovery_override);

diff --git a/src/common/dpp.h b/src/common/dpp.h
index 59afabb763c03db1004bca5036927045842524f5..3c01728aa92a1f36df2d313403f550036d65c7cc 100644 (file)
--- a/src/common/dpp.h
+++ b/src/common/dpp.h
@@ -164,6 +164,7 @@ struct dpp_authentication {
        const struct dpp_curve_params *curve;
        struct dpp_bootstrap_info *peer_bi;
        struct dpp_bootstrap_info *own_bi;
+       struct dpp_bootstrap_info *tmp_own_bi;
        u8 waiting_pubkey_hash[SHA256_MAC_LEN];
        int response_pending;
        enum dpp_status_error auth_resp_status;