From patchwork Fri Aug 23 17:50:36 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Dan Harkins X-Patchwork-Id: 1976700 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; dkim=pass (2048-bit key; secure) header.d=lists.infradead.org header.i=@lists.infradead.org header.a=rsa-sha256 header.s=bombadil.20210309 header.b=Kl3D0CRT; dkim-atps=neutral Authentication-Results: legolas.ozlabs.org; spf=none (no SPF record) smtp.mailfrom=lists.infradead.org (client-ip=2607:7c80:54:3::133; helo=bombadil.infradead.org; envelope-from=hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org; receiver=patchwork.ozlabs.org) Received: from bombadil.infradead.org (bombadil.infradead.org [IPv6:2607:7c80:54:3::133]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) server-digest SHA384) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4WskKK4ybDz1yYl for ; Mon, 26 Aug 2024 18:26:13 +1000 (AEST) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender:Content-Type: Content-Transfer-Encoding:List-Subscribe:List-Help:List-Post:List-Archive: List-Unsubscribe:List-Id:MIME-version:Message-id:To:Subject:From:Date: Reply-To:Cc:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References: List-Owner; bh=Druo2NwHHRttd7EqrFrI0floq8scjdcFxcbge1v9fpw=; b=Kl3D0CRTBcewPI Y+LvVgzKXxy71KzkEjiBSBOjuQ4PDGDTS6jh5GSbahXokDnThiGyy+rK7x1zcJiUidW2VpwqE5fBk pYRPjT3WVTkk4bXUpqRK6DmiBEw/XFE5y7c2NxIOUfg3Bu65Sqww+aZ7aYBuq1ooF/wznOR0ZHeLv 5axJL+EXqGgOB4nPrjjFyiPwhnvoysj76c+Na2Ffbzj0FO15RF2Yed36G0mcDbMZ1lRp8qOmla2t8 ncUMyLJM4NVW+YMfvgOtNXYonXVoU7bzeheqG+CVVWlnQXUY/SfKKCFn9fRPg3gj/Dp8s9Of/Sgf+ +QO1pjDCkJ9N+r7uTBNw==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.97.1 #2 (Red Hat Linux)) id 1siV2m-00000006TlZ-1dOh; Mon, 26 Aug 2024 08:25:44 +0000 Received: from www.goatley.com ([198.137.202.94]) by bombadil.infradead.org with esmtps (Exim 4.97.1 #2 (Red Hat Linux)) id 1shYQo-00000000D59-05X8 for hostap@lists.infradead.org; Fri, 23 Aug 2024 17:50:41 +0000 Received: from kitty.bergandi.net (syn-076-176-014-122.res.spectrum.com [76.176.14.122]) by wwwlocal.goatley.com (PMDF V6.8 #2433) with ESMTPS id <0SIO040BLMWDKE@wwwlocal.goatley.com> for hostap@lists.infradead.org; Fri, 23 Aug 2024 13:50:37 -0400 (EDT) Received: from [192.168.1.24] (customer.lsancax1.pop.starlinkisp.net [98.97.143.1]) by kitty.bergandi.net (PMDF V6.8 #2433) with ESMTPSA id <0SIO006NXMWDCS@kitty.bergandi.net> for hostap@lists.infradead.org; Fri, 23 Aug 2024 10:50:37 -0700 (PDT) Received: from customer.lsancax1.pop.starlinkisp.net ([98.97.143.1] EXTERNAL) (EHLO [192.168.1.24]) with TLS/SSL by kitty.bergandi.net ([10.0.42.19]) (PreciseMail V3.3-1); Fri, 23 Aug 2024 10:50:37 -0700 Date: Fri, 23 Aug 2024 10:50:36 -0700 From: Dan Harkins Subject: Support for provisioning SAE password identifiers with DPP To: hostap@lists.infradead.org Message-id: MIME-version: 1.0 Content-language: en-US User-Agent: Mozilla Thunderbird X-PMAS-SPF: SPF check skipped for authenticated session (recv=kitty.bergandi.net, send-ip=98.97.143.1) X-PMAS-External-Auth: customer.lsancax1.pop.starlinkisp.net [98.97.143.1] (EHLO [192.168.1.24]) X-PMAS-Software: PreciseMail V3.3-1 [240823a] (kitty.bergandi.net) X-PMAS-Allowed: system rule (rule allow header:X-PMAS-External noexists) X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20240823_105040_187790_05497A73 X-CRM114-Status: GOOD ( 14.37 ) X-Spam-Score: -2.6 (--) X-Spam-Report: Spam detection software, running on the system "bombadil.infradead.org", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: DPP supports provisioning of SAE password identifiers to uniquely identify a password if the enrollee indicates support for them. Support is indicated using dpp_extra_conf_req_ in the wpa [...] Content analysis details: (-2.6 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- -0.7 RCVD_IN_DNSWL_LOW RBL: Sender listed at https://www.dnswl.org/, low trust [198.137.202.94 listed in list.dnswl.org] 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record -0.0 SPF_PASS SPF: sender matches SPF record -1.9 BAYES_00 BODY: Bayes spam probability is 0 to 1% [score: 0.0000] 0.0 RCVD_IN_VALIDITY_SAFE_BLOCKED RBL: ADMINISTRATOR NOTICE: The query to Validity was blocked. See https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more information. [198.137.202.94 listed in sa-accredit.habeas.com] 0.0 RCVD_IN_VALIDITY_CERTIFIED_BLOCKED RBL: ADMINISTRATOR NOTICE: The query to Validity was blocked. See https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more information. [198.137.202.94 listed in sa-trusted.bondedsender.org] 0.0 RCVD_IN_VALIDITY_RPBL_BLOCKED RBL: ADMINISTRATOR NOTICE: The query to Validity was blocked. See https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more information. [198.137.202.94 listed in bl.score.senderscore.com] -0.0 T_SCC_BODY_TEXT_LINE No description available. X-Mailman-Approved-At: Mon, 26 Aug 2024 01:25:43 -0700 X-BeenThere: hostap@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "Hostap" Errors-To: hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org DPP supports provisioning of SAE password identifiers to uniquely identify a password if the enrollee indicates support for them. Support is indicated using dpp_extra_conf_req_ in the wpa_supplicant config file but if the Configurator then sends a password identifier in the Configuration Object, it would not be saved as part of the provisioned profile. This patch fixes that.   I put everything under defines for CONFIG_DPP3 as this is a bleeding edge feature in DPP.   This was tested against my DPP reference implementation acting as the Configurator. -------------------------------------------------------------------      if (conf->connector) {          if (dpp_akm_dpp(conf->akm)) {              ssid->key_mgmt = WPA_KEY_MGMT_DPP; @@ -1691,6 +1703,12 @@ static int wpas_dpp_handle_config_obj(struct wpa_supplicant *wpa_s,          wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_CONFOBJ_PSK "%s",              hex);      } +#ifdef CONFIG_DPP3 +        if (conf->password_id[0]) { +        wpa_msg(wpa_s, MSG_INFO, DPP_EVENT_CONFOBJ_IDPASS "%s", +            conf->password_id); +        } +#endif  /* CONFIG_DPP3 */      if (conf->c_sign_key) {          char *hex;          size_t hexlen; ------------------------------------------------------------------ Signed-off-by: Dan Harkins   regards,   Dan. diff --git a/src/common/dpp.c b/src/common/dpp.c index 3b9f35e8d..8c0fc44f8 100644 --- a/src/common/dpp.c +++ b/src/common/dpp.c @@ -2549,13 +2549,18 @@ fail:  static int dpp_parse_cred_legacy(struct dpp_config_obj *conf,                   struct json_token *cred)  { -    struct json_token *pass, *psk_hex; +    struct json_token *pass, *psk_hex; +#ifdef CONFIG_DPP3 +    struct json_token *saepi; +#endif  /* CONFIG_DPP3 */      wpa_printf(MSG_DEBUG, "DPP: Legacy akm=psk credential");      pass = json_get_member(cred, "pass");      psk_hex = json_get_member(cred, "psk_hex"); - +#ifdef CONFIG_DPP3 +        saepi = json_get_member(cred, "idpass"); +#endif  /* CONFIG_DPP3 */      if (pass && pass->type == JSON_STRING) {          size_t len = os_strlen(pass->string); @@ -2565,6 +2570,12 @@ static int dpp_parse_cred_legacy(struct dpp_config_obj *conf,              return -1;          os_strlcpy(conf->passphrase, pass->string,                 sizeof(conf->passphrase)); +#ifdef CONFIG_DPP3 +                if (saepi && saepi->type == JSON_STRING) { +                    os_strlcpy(conf->password_id, saepi->string, +                               sizeof(saepi->string)); +                } +#endif  /* CONFIG_DPP3 */      } else if (psk_hex && psk_hex->type == JSON_STRING) {          if (dpp_akm_sae(conf->akm) && !dpp_akm_psk(conf->akm)) {              wpa_printf(MSG_DEBUG, diff --git a/src/common/dpp.h b/src/common/dpp.h index 0f843da6a..6f6487a61 100644 --- a/src/common/dpp.h +++ b/src/common/dpp.h @@ -356,6 +356,9 @@ struct dpp_authentication {          u8 ssid_len;          int ssid_charset;          char passphrase[64]; +#ifdef CONFIG_DPP3 +                char password_id[64]; +#endif  /* CONFIG_DPP3 */          u8 psk[PMK_LEN];          int psk_set;          enum dpp_akm akm; diff --git a/src/common/wpa_ctrl.h b/src/common/wpa_ctrl.h index f6142501e..b6ff6d73f 100644 --- a/src/common/wpa_ctrl.h +++ b/src/common/wpa_ctrl.h @@ -204,6 +204,9 @@ extern "C" {  #define DPP_EVENT_CONFOBJ_SSID "DPP-CONFOBJ-SSID "  #define DPP_EVENT_CONFOBJ_SSID_CHARSET "DPP-CONFOBJ-SSID-CHARSET "  #define DPP_EVENT_CONFOBJ_PASS "DPP-CONFOBJ-PASS " +#ifdef CONFIG_DPP3 +#define DPP_EVENT_CONFOBJ_IDPASS "DPP-CONFOBJ-IDPASS " +#endif  /* CONFIG_DPP3 */  #define DPP_EVENT_CONFOBJ_PSK "DPP-CONFOBJ-PSK "  #define DPP_EVENT_CONNECTOR "DPP-CONNECTOR "  #define DPP_EVENT_C_SIGN_KEY "DPP-C-SIGN-KEY " diff --git a/wpa_supplicant/config.c b/wpa_supplicant/config.c index b02b694a3..8b79eddda 100644 --- a/wpa_supplicant/config.c +++ b/wpa_supplicant/config.c @@ -5694,7 +5694,6 @@ int wpa_config_process_global(struct wpa_config *config, char *pos, int line)          if (os_strncmp(pos, field->name, flen) != 0 ||              pos[flen] != '=')              continue; -          ret = field->parser(field, config, line, pos + flen + 1);          if (ret < 0) {              wpa_printf(MSG_ERROR, "Line %d: failed to " diff --git a/wpa_supplicant/dpp_supplicant.c b/wpa_supplicant/dpp_supplicant.c index 94d7ae990..a99f2384b 100644 --- a/wpa_supplicant/dpp_supplicant.c +++ b/wpa_supplicant/dpp_supplicant.c @@ -1418,6 +1418,18 @@ static struct wpa_ssid * wpas_dpp_add_network(struct wpa_supplicant *wpa_s,      os_memcpy(ssid->ssid, conf->ssid, conf->ssid_len);      ssid->ssid_len = conf->ssid_len; +#ifdef CONFIG_DPP3 +    if (conf->akm == DPP_AKM_SAE) { +            if (conf->password_id[0]) { +                ssid->sae_password_id = os_malloc(os_strlen(conf->password_id)); +                if (!ssid->sae_password_id) { +                    goto fail; +                } +                os_memcpy(ssid->sae_password_id, conf->password_id, os_strlen(conf->password_id)); + ssid->sae_password_id[os_strlen(conf->password_id)] = '\0';     /* ??? */ +            } +        } +#endif  /* CONFIG_DPP3 */