From: Jouni Malinen <jouni@qca.qualcomm.com>
Date: Wed, 22 Nov 2017 19:22:23 +0000 (+0200)
Subject: DPP: Add SAE credential support to Configurator
X-Git-Tag: hostap_2_7~800
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=e3a5882b3e82acdd7228950916cb592712f4b998;p=thirdparty%2Fhostap.git

DPP: Add SAE credential support to Configurator

The new conf={sta,ap}-{sae,psk-sae} parameter values can now be used to
specify that the legacy configuration object is for SAE.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
---

diff --git a/src/ap/dpp_hostapd.c b/src/ap/dpp_hostapd.c
index 222a53630..0ec0ec7ea 100644
--- a/src/ap/dpp_hostapd.c
+++ b/src/ap/dpp_hostapd.c
@@ -377,8 +377,15 @@ static void hostapd_dpp_set_configurator(struct hostapd_data *hapd,
 			goto fail;
 		os_memcpy(conf_sta->ssid, ssid, ssid_len);
 		conf_sta->ssid_len = ssid_len;
-		if (os_strstr(cmd, " conf=sta-psk")) {
-			conf_sta->dpp = 0;
+		if (os_strstr(cmd, " conf=sta-psk") ||
+		    os_strstr(cmd, " conf=sta-sae") ||
+		    os_strstr(cmd, " conf=sta-psk-sae")) {
+			if (os_strstr(cmd, " conf=sta-psk-sae"))
+				conf_sta->akm = DPP_AKM_PSK_SAE;
+			else if (os_strstr(cmd, " conf=sta-sae"))
+				conf_sta->akm = DPP_AKM_SAE;
+			else
+				conf_sta->akm = DPP_AKM_PSK;
 			if (psk_set) {
 				os_memcpy(conf_sta->psk, psk, PMK_LEN);
 			} else {
@@ -387,7 +394,7 @@ static void hostapd_dpp_set_configurator(struct hostapd_data *hapd,
 					goto fail;
 			}
 		} else if (os_strstr(cmd, " conf=sta-dpp")) {
-			conf_sta->dpp = 1;
+			conf_sta->akm = DPP_AKM_DPP;
 		} else {
 			goto fail;
 		}
@@ -399,8 +406,15 @@ static void hostapd_dpp_set_configurator(struct hostapd_data *hapd,
 			goto fail;
 		os_memcpy(conf_ap->ssid, ssid, ssid_len);
 		conf_ap->ssid_len = ssid_len;
-		if (os_strstr(cmd, " conf=ap-psk")) {
-			conf_ap->dpp = 0;
+		if (os_strstr(cmd, " conf=ap-psk") ||
+		    os_strstr(cmd, " conf=ap-sae") ||
+		    os_strstr(cmd, " conf=ap-psk-sae")) {
+			if (os_strstr(cmd, " conf=ap-psk-sae"))
+				conf_ap->akm = DPP_AKM_PSK_SAE;
+			else if (os_strstr(cmd, " conf=ap-sae"))
+				conf_ap->akm = DPP_AKM_SAE;
+			else
+				conf_ap->akm = DPP_AKM_PSK;
 			if (psk_set) {
 				os_memcpy(conf_ap->psk, psk, PMK_LEN);
 			} else {
@@ -409,7 +423,7 @@ static void hostapd_dpp_set_configurator(struct hostapd_data *hapd,
 					goto fail;
 			}
 		} else if (os_strstr(cmd, " conf=ap-dpp")) {
-			conf_ap->dpp = 1;
+			conf_ap->akm = DPP_AKM_DPP;
 		} else {
 			goto fail;
 		}
diff --git a/src/common/dpp.c b/src/common/dpp.c
index e82d115e6..e7db569b3 100644
--- a/src/common/dpp.c
+++ b/src/common/dpp.c
@@ -4112,7 +4112,7 @@ dpp_build_conf_obj_legacy(struct dpp_authentication *auth, int ap,
 	if (!buf)
 		return NULL;
 
-	wpabuf_put_str(buf, "\"cred\":{\"akm\":\"psk\",");
+	wpabuf_printf(buf, "\"cred\":{\"akm\":\"%s\",", dpp_akm_str(conf->akm));
 	if (conf->passphrase) {
 		char pass[63 * 6 + 1];
 
@@ -4165,7 +4165,7 @@ dpp_build_conf_obj(struct dpp_authentication *auth, int ap)
 		return NULL;
 	}
 
-	if (conf->dpp)
+	if (conf->akm == DPP_AKM_DPP)
 		return dpp_build_conf_obj_dpp(auth, ap, conf);
 	return dpp_build_conf_obj_legacy(auth, ap, conf);
 }
diff --git a/src/common/dpp.h b/src/common/dpp.h
index b97212685..4c7586392 100644
--- a/src/common/dpp.h
+++ b/src/common/dpp.h
@@ -147,7 +147,7 @@ enum dpp_akm {
 struct dpp_configuration {
 	u8 ssid[32];
 	size_t ssid_len;
-	int dpp; /* whether to use DPP or legacy configuration */
+	enum dpp_akm akm;
 
 	/* For DPP configuration (connector) */
 	os_time_t netaccesskey_expiry;
diff --git a/wpa_supplicant/dpp_supplicant.c b/wpa_supplicant/dpp_supplicant.c
index c20891c79..bc986fc50 100644
--- a/wpa_supplicant/dpp_supplicant.c
+++ b/wpa_supplicant/dpp_supplicant.c
@@ -536,8 +536,15 @@ static void wpas_dpp_set_configurator(struct wpa_supplicant *wpa_s,
 			goto fail;
 		os_memcpy(conf_sta->ssid, ssid, ssid_len);
 		conf_sta->ssid_len = ssid_len;
-		if (os_strstr(cmd, " conf=sta-psk")) {
-			conf_sta->dpp = 0;
+		if (os_strstr(cmd, " conf=sta-psk") ||
+		    os_strstr(cmd, " conf=sta-sae") ||
+		    os_strstr(cmd, " conf=sta-psk-sae")) {
+			if (os_strstr(cmd, " conf=sta-psk-sae"))
+				conf_sta->akm = DPP_AKM_PSK_SAE;
+			else if (os_strstr(cmd, " conf=sta-sae"))
+				conf_sta->akm = DPP_AKM_SAE;
+			else
+				conf_sta->akm = DPP_AKM_PSK;
 			if (psk_set) {
 				os_memcpy(conf_sta->psk, psk, PMK_LEN);
 			} else {
@@ -546,7 +553,7 @@ static void wpas_dpp_set_configurator(struct wpa_supplicant *wpa_s,
 					goto fail;
 			}
 		} else if (os_strstr(cmd, " conf=sta-dpp")) {
-			conf_sta->dpp = 1;
+			conf_sta->akm = DPP_AKM_DPP;
 		} else {
 			goto fail;
 		}
@@ -558,8 +565,15 @@ static void wpas_dpp_set_configurator(struct wpa_supplicant *wpa_s,
 			goto fail;
 		os_memcpy(conf_ap->ssid, ssid, ssid_len);
 		conf_ap->ssid_len = ssid_len;
-		if (os_strstr(cmd, " conf=ap-psk")) {
-			conf_ap->dpp = 0;
+		if (os_strstr(cmd, " conf=ap-psk") ||
+		    os_strstr(cmd, " conf=ap-sae") ||
+		    os_strstr(cmd, " conf=ap-psk-sae")) {
+			if (os_strstr(cmd, " conf=ap-psk-sae"))
+				conf_ap->akm = DPP_AKM_PSK_SAE;
+			else if (os_strstr(cmd, " conf=ap-sae"))
+				conf_ap->akm = DPP_AKM_SAE;
+			else
+				conf_ap->akm = DPP_AKM_PSK;
 			if (psk_set) {
 				os_memcpy(conf_ap->psk, psk, PMK_LEN);
 			} else {
@@ -568,7 +582,7 @@ static void wpas_dpp_set_configurator(struct wpa_supplicant *wpa_s,
 					goto fail;
 			}
 		} else if (os_strstr(cmd, " conf=ap-dpp")) {
-			conf_ap->dpp = 1;
+			conf_ap->akm = DPP_AKM_DPP;
 		} else {
 			goto fail;
 		}