DPP: Update Configurator to require same netAccessKey curve to be used

DPP network introduction requires all devices to use the same curve for
netAccessKey. Enforce that this happens based on hardcoding the curve
based on the first successful configuration object generation if no
explicit configuration of the curve was used.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>

diff --git a/src/common/dpp.c b/src/common/dpp.c
index 9ff06ae1f7fc20880276d0433cd87876fdd61b36..a9497f58c777f6e2e5d1de5210b4122bb171030e 100644 (file)
--- a/src/common/dpp.c
+++ b/src/common/dpp.c
@@ -1663,6 +1663,20 @@ skip_groups:
        wpa_hexdump_ascii_key(MSG_DEBUG, "DPP: Configuration Object",
                              wpabuf_head(buf), wpabuf_len(buf));
 
+#ifdef CONFIG_DPP3
+       if (!auth->conf->net_access_key_curve) {
+               /* All netAccessKey values used in the network will have to be
+                * from the same curve for network introduction to work, so
+                * hardcode the first used netAccessKey curve for consecutive
+                * operations if there was no explicit configuration of which
+                * curve to use. */
+               wpa_printf(MSG_DEBUG,
+                          "DPP: Update Configurator to require netAccessKey curve %s based on first provisioning",
+                          nak_curve->name);
+               auth->conf->net_access_key_curve = nak_curve;
+       }
+#endif /* CONFIG_DPP3 */
+
 out:
        os_free(signed_conn);
        wpabuf_free(dppcon);