diff --git a/src/ap/dpp_hostapd.c b/src/ap/dpp_hostapd.c index 821b5f3b5..222a53630 100644 --- a/src/ap/dpp_hostapd.c +++ b/src/ap/dpp_hostapd.c @@ -711,6 +711,8 @@ static void hostapd_dpp_gas_resp_cb(void *ctx, const u8 *addr, u8 dialog_token, } wpa_msg(hapd->msg_ctx, MSG_INFO, DPP_EVENT_CONF_RECEIVED); + wpa_msg(hapd->msg_ctx, MSG_INFO, DPP_EVENT_CONFOBJ_AKM "%s", + dpp_akm_str(auth->akm)); if (auth->ssid_len) wpa_msg(hapd->msg_ctx, MSG_INFO, DPP_EVENT_CONFOBJ_SSID "%s", wpa_ssid_txt(auth->ssid, auth->ssid_len)); diff --git a/src/common/dpp.c b/src/common/dpp.c index dc975a5de..e82d115e6 100644 --- a/src/common/dpp.c +++ b/src/common/dpp.c @@ -4517,6 +4517,11 @@ static int dpp_parse_cred_legacy(struct dpp_authentication *auth, os_strlcpy(auth->passphrase, pass->string, sizeof(auth->passphrase)); } else if (psk_hex && psk_hex->type == JSON_STRING) { + if (auth->akm == DPP_AKM_SAE) { + wpa_printf(MSG_DEBUG, + "DPP: Unexpected psk_hex with akm=sae"); + return -1; + } if (os_strlen(psk_hex->string) != PMK_LEN * 2 || hexstr2bin(psk_hex->string, auth->psk, PMK_LEN) < 0) { wpa_printf(MSG_DEBUG, "DPP: Invalid psk_hex encoding"); @@ -4530,6 +4535,12 @@ static int dpp_parse_cred_legacy(struct dpp_authentication *auth, return -1; } + if ((auth->akm == DPP_AKM_SAE || auth->akm == DPP_AKM_PSK_SAE) && + !auth->passphrase[0]) { + wpa_printf(MSG_DEBUG, "DPP: No pass for sae found"); + return -1; + } + return 0; } @@ -5092,6 +5103,37 @@ fail: } +const char * dpp_akm_str(enum dpp_akm akm) +{ + switch (akm) { + case DPP_AKM_DPP: + return "dpp"; + case DPP_AKM_PSK: + return "psk"; + case DPP_AKM_SAE: + return "sae"; + case DPP_AKM_PSK_SAE: + return "psk+sae"; + default: + return "??"; + } +} + + +static enum dpp_akm dpp_akm_from_str(const char *akm) +{ + if (os_strcmp(akm, "psk") == 0) + return DPP_AKM_PSK; + if (os_strcmp(akm, "sae") == 0) + return DPP_AKM_SAE; + if (os_strcmp(akm, "psk+sae") == 0) + return DPP_AKM_PSK_SAE; + if (os_strcmp(akm, "dpp") == 0) + return DPP_AKM_DPP; + return DPP_AKM_UNKNOWN; +} + + static int dpp_parse_conf_obj(struct dpp_authentication *auth, const u8 *conf_obj, u16 conf_obj_len) { @@ -5149,10 +5191,13 @@ static int dpp_parse_conf_obj(struct dpp_authentication *auth, dpp_auth_fail(auth, "No cred::akm string value found"); goto fail; } - if (os_strcmp(token->string, "psk") == 0) { + auth->akm = dpp_akm_from_str(token->string); + + if (auth->akm == DPP_AKM_PSK || auth->akm == DPP_AKM_SAE || + auth->akm == DPP_AKM_PSK_SAE) { if (dpp_parse_cred_legacy(auth, cred) < 0) goto fail; - } else if (os_strcmp(token->string, "dpp") == 0) { + } else if (auth->akm == DPP_AKM_DPP) { if (dpp_parse_cred_dpp(auth, cred) < 0) goto fail; } else { diff --git a/src/common/dpp.h b/src/common/dpp.h index 235e8ffb4..b97212685 100644 --- a/src/common/dpp.h +++ b/src/common/dpp.h @@ -136,6 +136,14 @@ struct dpp_pkex { unsigned int freq; }; +enum dpp_akm { + DPP_AKM_UNKNOWN, + DPP_AKM_DPP, + DPP_AKM_PSK, + DPP_AKM_SAE, + DPP_AKM_PSK_SAE +}; + struct dpp_configuration { u8 ssid[32]; size_t ssid_len; @@ -201,6 +209,7 @@ struct dpp_authentication { char passphrase[64]; u8 psk[PMK_LEN]; int psk_set; + enum dpp_akm akm; struct wpabuf *net_access_key; os_time_t net_access_key_expiry; struct wpabuf *c_sign_key; @@ -361,6 +370,7 @@ struct wpabuf * dpp_alloc_msg(enum dpp_public_action_frame_type type, const u8 * dpp_get_attr(const u8 *buf, size_t len, u16 req_id, u16 *ret_len); int dpp_check_attrs(const u8 *buf, size_t len); int dpp_key_expired(const char *timestamp, os_time_t *expiry); +const char * dpp_akm_str(enum dpp_akm akm); void dpp_configurator_free(struct dpp_configurator *conf); struct dpp_configurator * dpp_keygen_configurator(const char *curve, const u8 *privkey, diff --git a/src/common/wpa_ctrl.h b/src/common/wpa_ctrl.h index f2a3c4bf9..25cf1014c 100644 --- a/src/common/wpa_ctrl.h +++ b/src/common/wpa_ctrl.h @@ -160,6 +160,7 @@ extern "C" { #define DPP_EVENT_CONF_RECEIVED "DPP-CONF-RECEIVED " #define DPP_EVENT_CONF_SENT "DPP-CONF-SENT " #define DPP_EVENT_CONF_FAILED "DPP-CONF-FAILED " +#define DPP_EVENT_CONFOBJ_AKM "DPP-CONFOBJ-AKM " #define DPP_EVENT_CONFOBJ_SSID "DPP-CONFOBJ-SSID " #define DPP_EVENT_CONFOBJ_PASS "DPP-CONFOBJ-PASS " #define DPP_EVENT_CONFOBJ_PSK "DPP-CONFOBJ-PSK " diff --git a/wpa_supplicant/dpp_supplicant.c b/wpa_supplicant/dpp_supplicant.c index 7a7a8214f..c20891c79 100644 --- a/wpa_supplicant/dpp_supplicant.c +++ b/wpa_supplicant/dpp_supplicant.c @@ -1108,7 +1108,13 @@ static struct wpa_ssid * wpas_dpp_add_network(struct wpa_supplicant *wpa_s, } if (!auth->connector) { - ssid->key_mgmt = WPA_KEY_MGMT_PSK | WPA_KEY_MGMT_PSK_SHA256; + ssid->key_mgmt = 0; + if (auth->akm == DPP_AKM_PSK || auth->akm == DPP_AKM_PSK_SAE) + ssid->key_mgmt |= WPA_KEY_MGMT_PSK | + WPA_KEY_MGMT_PSK_SHA256 | WPA_KEY_MGMT_FT_PSK; + if (auth->akm == DPP_AKM_SAE || auth->akm == DPP_AKM_PSK_SAE) + ssid->key_mgmt |= WPA_KEY_MGMT_SAE | + WPA_KEY_MGMT_FT_SAE; ssid->ieee80211w = 1; if (auth->passphrase[0]) { if (wpa_config_set_quoted(ssid, "psk",