DPP: Move signed connector checking into a helper function

This can be reused for similar need with reconfiguration.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
This commit is contained in:
Jouni Malinen 2020-05-10 13:41:51 +03:00 committed by Jouni Malinen
parent 94a28a4940
commit 94f73f90ef
3 changed files with 39 additions and 22 deletions

View File

@ -6521,9 +6521,6 @@ dpp_peer_intro(struct dpp_introduction *intro, const char *own_connector,
struct wpabuf *own_key_pub = NULL; struct wpabuf *own_key_pub = NULL;
const struct dpp_curve_params *curve, *own_curve; const struct dpp_curve_params *curve, *own_curve;
struct dpp_signed_connector_info info; struct dpp_signed_connector_info info;
const unsigned char *p;
EVP_PKEY *csign = NULL;
char *signed_connector = NULL;
size_t Nx_len; size_t Nx_len;
u8 Nx[DPP_MAX_SHARED_SECRET_LEN]; u8 Nx[DPP_MAX_SHARED_SECRET_LEN];
@ -6532,14 +6529,6 @@ dpp_peer_intro(struct dpp_introduction *intro, const char *own_connector,
if (expiry) if (expiry)
*expiry = 0; *expiry = 0;
p = csign_key;
csign = d2i_PUBKEY(NULL, &p, csign_key_len);
if (!csign) {
wpa_printf(MSG_ERROR,
"DPP: Failed to parse local C-sign-key information");
goto fail;
}
own_key = dpp_set_keypair(&own_curve, net_access_key, own_key = dpp_set_keypair(&own_curve, net_access_key,
net_access_key_len); net_access_key_len);
if (!own_key) { if (!own_key) {
@ -6551,15 +6540,8 @@ dpp_peer_intro(struct dpp_introduction *intro, const char *own_connector,
if (!own_root) if (!own_root)
goto fail; goto fail;
wpa_hexdump_ascii(MSG_DEBUG, "DPP: Peer signedConnector", res = dpp_check_signed_connector(&info, csign_key, csign_key_len,
peer_connector, peer_connector_len); peer_connector, peer_connector_len);
signed_connector = os_malloc(peer_connector_len + 1);
if (!signed_connector)
goto fail;
os_memcpy(signed_connector, peer_connector, peer_connector_len);
signed_connector[peer_connector_len] = '\0';
res = dpp_process_signed_connector(&info, csign, signed_connector);
if (res != DPP_STATUS_OK) { if (res != DPP_STATUS_OK) {
ret = res; ret = res;
goto fail; goto fail;
@ -6640,12 +6622,10 @@ fail:
if (ret != DPP_STATUS_OK) if (ret != DPP_STATUS_OK)
os_memset(intro, 0, sizeof(*intro)); os_memset(intro, 0, sizeof(*intro));
os_memset(Nx, 0, sizeof(Nx)); os_memset(Nx, 0, sizeof(Nx));
os_free(signed_connector);
os_free(info.payload); os_free(info.payload);
EVP_PKEY_free(own_key); EVP_PKEY_free(own_key);
wpabuf_free(own_key_pub); wpabuf_free(own_key_pub);
EVP_PKEY_free(peer_key); EVP_PKEY_free(peer_key);
EVP_PKEY_free(csign);
json_free(root); json_free(root);
json_free(own_root); json_free(own_root);
return ret; return ret;

View File

@ -1370,6 +1370,39 @@ fail:
} }
enum dpp_status_error
dpp_check_signed_connector(struct dpp_signed_connector_info *info,
const u8 *csign_key, size_t csign_key_len,
const u8 *peer_connector, size_t peer_connector_len)
{
const unsigned char *p;
EVP_PKEY *csign = NULL;
char *signed_connector = NULL;
enum dpp_status_error res = DPP_STATUS_INVALID_CONNECTOR;
p = csign_key;
csign = d2i_PUBKEY(NULL, &p, csign_key_len);
if (!csign) {
wpa_printf(MSG_ERROR,
"DPP: Failed to parse local C-sign-key information");
goto fail;
}
wpa_hexdump_ascii(MSG_DEBUG, "DPP: Peer signedConnector",
peer_connector, peer_connector_len);
signed_connector = os_malloc(peer_connector_len + 1);
if (!signed_connector)
goto fail;
os_memcpy(signed_connector, peer_connector, peer_connector_len);
signed_connector[peer_connector_len] = '\0';
res = dpp_process_signed_connector(info, csign, signed_connector);
fail:
os_free(signed_connector);
EVP_PKEY_free(csign);
return res;
}
int dpp_gen_r_auth(struct dpp_authentication *auth, u8 *r_auth) int dpp_gen_r_auth(struct dpp_authentication *auth, u8 *r_auth)
{ {
struct wpabuf *pix, *prx, *bix, *brx; struct wpabuf *pix, *prx, *bix, *brx;

View File

@ -42,6 +42,10 @@ struct dpp_signed_connector_info {
enum dpp_status_error enum dpp_status_error
dpp_process_signed_connector(struct dpp_signed_connector_info *info, dpp_process_signed_connector(struct dpp_signed_connector_info *info,
EVP_PKEY *csign_pub, const char *connector); EVP_PKEY *csign_pub, const char *connector);
enum dpp_status_error
dpp_check_signed_connector(struct dpp_signed_connector_info *info,
const u8 *csign_key, size_t csign_key_len,
const u8 *peer_connector, size_t peer_connector_len);
const struct dpp_curve_params * dpp_get_curve_name(const char *name); const struct dpp_curve_params * dpp_get_curve_name(const char *name);
const struct dpp_curve_params * dpp_get_curve_jwk_crv(const char *name); const struct dpp_curve_params * dpp_get_curve_jwk_crv(const char *name);
const struct dpp_curve_params * dpp_get_curve_oid(const ASN1_OBJECT *poid); const struct dpp_curve_params * dpp_get_curve_oid(const ASN1_OBJECT *poid);