DPP: Support for provisioning SAE password identifiers (Enrollee)

DPP supports provisioning of SAE password identifiers to uniquely
identify a password if the enrollee indicates support for them. Indicate
Enrollee support for that and add the received value into the network
profile.

I put everything under defines for CONFIG_DPP3 as this is a bleeding
edge feature in DPP.

This was tested against my DPP reference implementation acting as the
Configurator.

Signed-off-by: Dan Harkins <dharkins@lounge.org>

diff --git a/src/common/dpp.c b/src/common/dpp.c
index 9aa001127da5f16a5a87237d8392693f6ebcf906..d5d5c8e92fc70385a56b99479e0ac7a43c9f1892 100644 (file)
--- a/src/common/dpp.c
+++ b/src/common/dpp.c
@@ -1035,6 +1035,10 @@ struct wpabuf * dpp_build_conf_req_helper(struct dpp_authentication *auth,
                json_value_sep(json);
                json_add_string(json, "pkcs10", csr);
        }
+#ifdef CONFIG_DPP3
+       json_value_sep(json);
+       json_add_int(json, "capabilities", DPP_ENROLLEE_CAPAB_SAE_PW_ID);
+#endif /* CONFIG_DPP3 */
        if (extra_name && extra_value && extra_name[0] && extra_value[0]) {
                json_value_sep(json);
                wpabuf_printf(json, "\"%s\":%s", extra_name, extra_value);
@@ -2562,6 +2566,9 @@ static int dpp_parse_cred_legacy(struct dpp_config_obj *conf,
 
        if (pass && pass->type == JSON_STRING) {
                size_t len = os_strlen(pass->string);
+#ifdef CONFIG_DPP3
+               struct json_token *saepi = json_get_member(cred, "idpass");
+#endif /* CONFIG_DPP3 */
 
                wpa_hexdump_ascii_key(MSG_DEBUG, "DPP: Legacy passphrase",
                                      pass->string, len);
@@ -2573,6 +2580,11 @@ static int dpp_parse_cred_legacy(struct dpp_config_obj *conf,
                }
                os_strlcpy(conf->passphrase, pass->string,
                           sizeof(conf->passphrase));
+#ifdef CONFIG_DPP3
+               if (saepi && saepi->type == JSON_STRING)
+                       os_strlcpy(conf->password_id, saepi->string,
+                                  sizeof(conf->password_id));
+#endif /* CONFIG_DPP3 */
        } else if (psk_hex && psk_hex->type == JSON_STRING) {
                if (dpp_akm_sae(conf->akm) && !dpp_akm_psk(conf->akm)) {
                        wpa_printf(MSG_DEBUG,

diff --git a/src/common/dpp.h b/src/common/dpp.h
index 0f843da6a394fd449f2defd8a918f5a7897bab49..29d8145f4bf22af2fe84a5184c5df312fe6bdf26 100644 (file)
--- a/src/common/dpp.h
+++ b/src/common/dpp.h
@@ -134,6 +134,9 @@ enum dpp_connector_key {
 #define DPP_MAX_SHARED_SECRET_LEN 66
 #define DPP_CP_LEN 64
 
+/* DPP Configuration Request - Enrollee Capabilities */
+#define DPP_ENROLLEE_CAPAB_SAE_PW_ID BIT(0)
+
 struct dpp_curve_params {
        const char *name;
        size_t hash_len;
@@ -356,6 +359,9 @@ struct dpp_authentication {
                u8 ssid_len;
                int ssid_charset;
                char passphrase[64];
+#ifdef CONFIG_DPP3
+               char password_id[64];
+#endif /* CONFIG_DPP3 */
                u8 psk[PMK_LEN];
                int psk_set;
                enum dpp_akm akm;

diff --git a/src/common/wpa_ctrl.h b/src/common/wpa_ctrl.h
index 1bfe7a2c3dab124edcd09ece234c2b5fb066158c..032360827749f2543c4b45232eceb22388bdce0a 100644 (file)
--- a/src/common/wpa_ctrl.h
+++ b/src/common/wpa_ctrl.h
@@ -206,6 +206,7 @@ extern "C" {
 #define DPP_EVENT_CONFOBJ_SSID "DPP-CONFOBJ-SSID "
 #define DPP_EVENT_CONFOBJ_SSID_CHARSET "DPP-CONFOBJ-SSID-CHARSET "
 #define DPP_EVENT_CONFOBJ_PASS "DPP-CONFOBJ-PASS "
+#define DPP_EVENT_CONFOBJ_IDPASS "DPP-CONFOBJ-IDPASS "
 #define DPP_EVENT_CONFOBJ_PSK "DPP-CONFOBJ-PSK "
 #define DPP_EVENT_CONNECTOR "DPP-CONNECTOR "
 #define DPP_EVENT_C_SIGN_KEY "DPP-C-SIGN-KEY "

diff --git a/wpa_supplicant/dpp_supplicant.c b/wpa_supplicant/dpp_supplicant.c
index b8bcc38c2e971169ac64fdc718f16e477c9eb08e..62059ccc8a06a50d10f412611f1f58f67ad2763d 100644 (file)
--- a/wpa_supplicant/dpp_supplicant.c
+++ b/wpa_supplicant/dpp_supplicant.c
@@ -1418,6 +1418,17 @@ static struct wpa_ssid * wpas_dpp_add_network(struct wpa_supplicant *wpa_s,
        os_memcpy(ssid->ssid, conf->ssid, conf->ssid_len);
        ssid->ssid_len = conf->ssid_len;
 
+#ifdef CONFIG_DPP3
+       if (conf->akm == DPP_AKM_SAE && conf->password_id[0]) {
+               size_t len = os_strlen(conf->password_id);
+
+               ssid->sae_password_id = os_zalloc(len + 1);
+               if (!ssid->sae_password_id)
+                       goto fail;
+               os_memcpy(ssid->sae_password_id, conf->password_id, len);
+       }
+#endif /* CONFIG_DPP3 */
+
        if (conf->connector) {
                if (dpp_akm_dpp(conf->akm)) {
                        ssid->key_mgmt = WPA_KEY_MGMT_DPP;
@@ -1696,6 +1707,12 @@ static int wpas_dpp_handle_config_obj(struct wpa_supplicant *wpa_s,
                wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_CONFOBJ_PSK "%s",
                        hex);
        }
+#ifdef CONFIG_DPP3
+       if (conf->password_id[0]) {
+               wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_CONFOBJ_IDPASS "%s",
+                       conf->password_id);
+       }
+#endif /* CONFIG_DPP3 */
        if (conf->c_sign_key) {
                char *hex;
                size_t hexlen;