DPP3: Use Connector version instead of current version in Peer Discovery

Generate Peer Discovery Request/Response messages using the protected
version from the Connector, if present, instead of the currently
supported protocol version which might be higher than the one that got
included into the signed Connector during provisioning earlier.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>

diff --git a/src/ap/dpp_hostapd.c b/src/ap/dpp_hostapd.c
index 41769f475544b7adbd94cd335bcc6570bc9cf73b..173da4a06c42ea4413a14d9529c2b2f345b7d45f 100644 (file)
--- a/src/ap/dpp_hostapd.c
+++ b/src/ap/dpp_hostapd.c
@@ -1558,10 +1558,23 @@ skip_connector:
 
 #ifdef CONFIG_DPP2
        if (DPP_VERSION > 1) {
+               u8 ver = DPP_VERSION;
+#ifdef CONFIG_DPP3
+               int conn_ver;
+
+               conn_ver = dpp_get_connector_version(hapd->conf->dpp_connector);
+               if (conn_ver > 0 && ver != conn_ver) {
+                       wpa_printf(MSG_DEBUG,
+                                  "DPP: Use Connector version %d instead of current protocol version %d",
+                                  conn_ver, ver);
+                       ver = conn_ver;
+               }
+#endif /* CONFIG_DPP3 */
+
                /* Protocol Version */
                wpabuf_put_le16(msg, DPP_ATTR_PROTOCOL_VERSION);
                wpabuf_put_le16(msg, 1);
-               wpabuf_put_u8(msg, DPP_VERSION);
+               wpabuf_put_u8(msg, ver);
        }
 #endif /* CONFIG_DPP2 */
 

diff --git a/src/common/dpp.c b/src/common/dpp.c
index d36fcb84f09ff5da6f30e4e555974d02f6da3137..4a8fe06894e6b923e7830d1debb8c2b9e43db01c 100644 (file)
--- a/src/common/dpp.c
+++ b/src/common/dpp.c
@@ -3760,6 +3760,26 @@ fail:
 }
 
 
+#ifdef CONFIG_DPP3
+int dpp_get_connector_version(const char *connector)
+{
+       struct json_token *root, *token;
+       int ver = -1;
+
+       root = dpp_parse_own_connector(connector);
+       if (!root)
+               return -1;
+
+       token = json_get_member(root, "version");
+       if (token && token->type == JSON_NUMBER)
+               ver = token->number;
+
+       json_free(root);
+       return ver;
+}
+#endif /* CONFIG_DPP3 */
+
+
 unsigned int dpp_next_id(struct dpp_global *dpp)
 {
        struct dpp_bootstrap_info *bi;

diff --git a/src/common/dpp.h b/src/common/dpp.h
index 8e959051a3a7fc72a98dd8345abc6f6ecd68611d..99e86ec0f9f344f469e03f08c747956f39236d3c 100644 (file)
--- a/src/common/dpp.h
+++ b/src/common/dpp.h
@@ -595,6 +595,7 @@ dpp_peer_intro(struct dpp_introduction *intro, const char *own_connector,
               const u8 *csign_key, size_t csign_key_len,
               const u8 *peer_connector, size_t peer_connector_len,
               os_time_t *expiry);
+int dpp_get_connector_version(const char *connector);
 struct dpp_pkex * dpp_pkex_init(void *msg_ctx, struct dpp_bootstrap_info *bi,
                                const u8 *own_mac,
                                const char *identifier,

diff --git a/wpa_supplicant/dpp_supplicant.c b/wpa_supplicant/dpp_supplicant.c
index 40ef8aeb510fa5d118a8bca84b34cca3af48b821..fb1f3e1afd69149e337be97c71773072d1fae638 100644 (file)
--- a/wpa_supplicant/dpp_supplicant.c
+++ b/wpa_supplicant/dpp_supplicant.c
@@ -3196,10 +3196,23 @@ skip_connector:
 
 #ifdef CONFIG_DPP2
        if (DPP_VERSION > 1) {
+               u8 ver = DPP_VERSION;
+#ifdef CONFIG_DPP3
+               int conn_ver;
+
+               conn_ver = dpp_get_connector_version(ssid->dpp_connector);
+               if (conn_ver > 0 && ver != conn_ver) {
+                       wpa_printf(MSG_DEBUG,
+                                  "DPP: Use Connector version %d instead of current protocol version %d",
+                                  conn_ver, ver);
+                       ver = conn_ver;
+               }
+#endif /* CONFIG_DPP3 */
+
                /* Protocol Version */
                wpabuf_put_le16(msg, DPP_ATTR_PROTOCOL_VERSION);
                wpabuf_put_le16(msg, 1);
-               wpabuf_put_u8(msg, DPP_VERSION);
+               wpabuf_put_u8(msg, ver);
        }
 #endif /* CONFIG_DPP2 */