DPP2: Use the new privacy protection key to protect E-id on Enrollee

Use ppKey instead of C-sign-key to encrypted E-id to E'-id into Reconfig
Announcement frame on the Enrollee side.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>

diff --git a/src/common/dpp.h b/src/common/dpp.h
index 4b270524a8dbbfd37b3fbc485899c694038d08e6..1774d6cfb03573fe47caab041cb50cb1c7017aa4 100644 (file)
--- a/src/common/dpp.h
+++ b/src/common/dpp.h
@@ -723,7 +723,9 @@ int dpp_reconfig_auth_conf_rx(struct dpp_authentication *auth, const u8 *hdr,
                              const u8 *attr_start, size_t attr_len);
 
 struct dpp_reconfig_id * dpp_gen_reconfig_id(const u8 *csign_key,
-                                            size_t csign_key_len);
+                                            size_t csign_key_len,
+                                            const u8 *pp_key,
+                                            size_t pp_key_len);
 int dpp_update_reconfig_id(struct dpp_reconfig_id *id);
 void dpp_free_reconfig_id(struct dpp_reconfig_id *id);
 

diff --git a/src/common/dpp_crypto.c b/src/common/dpp_crypto.c
index 5938ed6a78d4c6e4b3fdc4df655ec52aaae8dae7..865215afe67afae4969178bb2d047d6eb85310f4 100644 (file)
--- a/src/common/dpp_crypto.c
+++ b/src/common/dpp_crypto.c
@@ -3004,10 +3004,12 @@ fail:
 
 
 struct dpp_reconfig_id * dpp_gen_reconfig_id(const u8 *csign_key,
-                                            size_t csign_key_len)
+                                            size_t csign_key_len,
+                                            const u8 *pp_key,
+                                            size_t pp_key_len)
 {
        const unsigned char *p;
-       EVP_PKEY *csign = NULL;
+       EVP_PKEY *csign = NULL, *ppkey = NULL;
        struct dpp_reconfig_id *id = NULL;
        BN_CTX *ctx = NULL;
        BIGNUM *bn = NULL, *q = NULL;
@@ -3020,6 +3022,13 @@ struct dpp_reconfig_id * dpp_gen_reconfig_id(const u8 *csign_key,
        if (!csign)
                goto fail;
 
+       if (!pp_key)
+               goto fail;
+       p = pp_key;
+       ppkey = d2i_PUBKEY(NULL, &p, pp_key_len);
+       if (!ppkey)
+               goto fail;
+
        eckey = EVP_PKEY_get0_EC_KEY(csign);
        if (!eckey)
                goto fail;
@@ -3047,9 +3056,12 @@ struct dpp_reconfig_id * dpp_gen_reconfig_id(const u8 *csign_key,
        e_id = NULL;
        id->csign = csign;
        csign = NULL;
+       id->pp_key = ppkey;
+       ppkey = NULL;
 fail:
        EC_POINT_free(e_id);
        EVP_PKEY_free(csign);
+       EVP_PKEY_free(ppkey);
        BN_clear_free(bn);
        BN_CTX_free(ctx);
        return id;
@@ -3093,13 +3105,13 @@ int dpp_update_reconfig_id(struct dpp_reconfig_id *id)
        BIGNUM *bn = NULL, *q = NULL;
        EC_POINT *e_prime_id = NULL, *a_nonce = NULL;
        int ret = -1;
-       const EC_KEY *csign;
-       const EC_POINT *csign_point;
+       const EC_KEY *pp;
+       const EC_POINT *pp_point;
 
-       csign = EVP_PKEY_get0_EC_KEY(id->csign);
-       if (!csign)
+       pp = EVP_PKEY_get0_EC_KEY(id->pp_key);
+       if (!pp)
                goto fail;
-       csign_point = EC_KEY_get0_public_key(csign);
+       pp_point = EC_KEY_get0_public_key(pp);
        e_prime_id = EC_POINT_new(id->group);
        a_nonce = EC_POINT_new(id->group);
        ctx = BN_CTX_new();
@@ -3107,12 +3119,12 @@ int dpp_update_reconfig_id(struct dpp_reconfig_id *id)
        q = BN_new();
        /* Generate random 0 <= a-nonce < q
         * A-NONCE = a-nonce * G
-        * E'-id = E-id + a-nonce * S_C */
-       if (!csign_point || !e_prime_id || !a_nonce || !ctx || !bn || !q ||
+        * E'-id = E-id + a-nonce * P_pk */
+       if (!pp_point || !e_prime_id || !a_nonce || !ctx || !bn || !q ||
            !EC_GROUP_get_order(id->group, q, ctx) ||
            !BN_rand_range(bn, q) || /* bn = a-nonce */
            !EC_POINT_mul(id->group, a_nonce, bn, NULL, NULL, ctx) ||
-           !EC_POINT_mul(id->group, e_prime_id, NULL, csign_point, bn, ctx) ||
+           !EC_POINT_mul(id->group, e_prime_id, NULL, pp_point, bn, ctx) ||
            !EC_POINT_add(id->group, e_prime_id, id->e_id, e_prime_id, ctx))
                goto fail;
 
@@ -3145,6 +3157,7 @@ void dpp_free_reconfig_id(struct dpp_reconfig_id *id)
                EVP_PKEY_free(id->csign);
                EVP_PKEY_free(id->a_nonce);
                EVP_PKEY_free(id->e_prime_id);
+               EVP_PKEY_free(id->pp_key);
                os_free(id);
        }
 }

diff --git a/src/common/dpp_i.h b/src/common/dpp_i.h
index f2164c7898f8b8bf4af889de3f108cdf2dc436c9..b875f2033a26e47eb7f05482b3165b0329e6d13d 100644 (file)
--- a/src/common/dpp_i.h
+++ b/src/common/dpp_i.h
@@ -146,6 +146,7 @@ struct dpp_reconfig_id {
        EVP_PKEY *csign;
        EVP_PKEY *a_nonce; /* A-NONCE */
        EVP_PKEY *e_prime_id; /* E'-id */
+       EVP_PKEY *pp_key;
 };
 
 /* dpp_tcp.c */

diff --git a/wpa_supplicant/dpp_supplicant.c b/wpa_supplicant/dpp_supplicant.c
index 8e9a37c8bd9fd1f205aa2f799508e4807e25094e..74514886ad58d1c899f26d76e55d909ed4323cf7 100644 (file)
--- a/wpa_supplicant/dpp_supplicant.c
+++ b/wpa_supplicant/dpp_supplicant.c
@@ -3730,7 +3730,9 @@ int wpas_dpp_reconfig(struct wpa_supplicant *wpa_s, const char *cmd)
 
        dpp_free_reconfig_id(wpa_s->dpp_reconfig_id);
        wpa_s->dpp_reconfig_id = dpp_gen_reconfig_id(ssid->dpp_csign,
-                                                    ssid->dpp_csign_len);
+                                                    ssid->dpp_csign_len,
+                                                    ssid->dpp_pp_key,
+                                                    ssid->dpp_pp_key_len);
        if (!wpa_s->dpp_reconfig_id) {
                wpa_printf(MSG_DEBUG,
                           "DPP: Failed to generate E-id for reconfiguration");