DPP2: Generate a privacy protection key for Configurator

Generate a new key for Configurator. This is either generated
automatically for the specified curve or provided from external source
with the new ppkey=<val> argument similarly to the way c-sign-key was
previously generated.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>

diff --git a/src/common/dpp.c b/src/common/dpp.c
index d83c1a2d0222c48fe9b0bbf881e74ac5cbf7ce44..b3bbbf855c31969c9465e05643e2966e71dbe8d6 100644 (file)
--- a/src/common/dpp.c
+++ b/src/common/dpp.c
@@ -3355,6 +3355,7 @@ void dpp_configurator_free(struct dpp_configurator *conf)
        os_free(conf->kid);
        os_free(conf->connector);
        EVP_PKEY_free(conf->connector_key);
+       EVP_PKEY_free(conf->pp_key);
        os_free(conf);
 }
 
@@ -3415,7 +3416,7 @@ static int dpp_configurator_gen_kid(struct dpp_configurator *conf)
 
 static struct dpp_configurator *
 dpp_keygen_configurator(const char *curve, const u8 *privkey,
-                       size_t privkey_len)
+                       size_t privkey_len, const u8 *pp_key, size_t pp_key_len)
 {
        struct dpp_configurator *conf;
 
@@ -3435,7 +3436,12 @@ dpp_keygen_configurator(const char *curve, const u8 *privkey,
                                              privkey_len);
        else
                conf->csign = dpp_gen_keypair(conf->curve);
-       if (!conf->csign)
+       if (pp_key)
+               conf->pp_key = dpp_set_keypair(&conf->curve, pp_key,
+                                              pp_key_len);
+       else
+               conf->pp_key = dpp_gen_keypair(conf->curve);
+       if (!conf->csign || !conf->pp_key)
                goto fail;
        conf->own = 1;
 
@@ -4122,14 +4128,15 @@ static unsigned int dpp_next_configurator_id(struct dpp_global *dpp)
 int dpp_configurator_add(struct dpp_global *dpp, const char *cmd)
 {
        char *curve = NULL;
-       char *key = NULL;
-       u8 *privkey = NULL;
-       size_t privkey_len = 0;
+       char *key = NULL, *ppkey = NULL;
+       u8 *privkey = NULL, *pp_key = NULL;
+       size_t privkey_len = 0, pp_key_len = 0;
        int ret = -1;
        struct dpp_configurator *conf = NULL;
 
        curve = get_param(cmd, " curve=");
        key = get_param(cmd, " key=");
+       ppkey = get_param(cmd, " ppkey=");
 
        if (key) {
                privkey_len = os_strlen(key) / 2;
@@ -4139,7 +4146,16 @@ int dpp_configurator_add(struct dpp_global *dpp, const char *cmd)
                        goto fail;
        }
 
-       conf = dpp_keygen_configurator(curve, privkey, privkey_len);
+       if (ppkey) {
+               pp_key_len = os_strlen(key) / 2;
+               pp_key = os_malloc(pp_key_len);
+               if (!pp_key ||
+                   hexstr2bin(ppkey, pp_key, pp_key_len) < 0)
+                       goto fail;
+       }
+
+       conf = dpp_keygen_configurator(curve, privkey, privkey_len,
+                                      pp_key, pp_key_len);
        if (!conf)
                goto fail;
 
@@ -4150,7 +4166,9 @@ int dpp_configurator_add(struct dpp_global *dpp, const char *cmd)
 fail:
        os_free(curve);
        str_clear_free(key);
+       str_clear_free(ppkey);
        bin_clear_free(privkey, privkey_len);
+       bin_clear_free(pp_key, pp_key_len);
        dpp_configurator_free(conf);
        return ret;
 }

diff --git a/src/common/dpp.h b/src/common/dpp.h
index 7a0443471653e4d5a391b799b4db6a36cfe50998..f6216522d52324cc7d071bcae664c4501fcf2763 100644 (file)
--- a/src/common/dpp.h
+++ b/src/common/dpp.h
@@ -364,6 +364,7 @@ struct dpp_configurator {
        const struct dpp_curve_params *curve;
        char *connector; /* own Connector for reconfiguration */
        EVP_PKEY *connector_key;
+       EVP_PKEY *pp_key;
 };
 
 struct dpp_introduction {