From 99d7bf23486d4e456726a60dbda8201eb9fb5df2 Mon Sep 17 00:00:00 2001
From: Jouni Malinen <jouni@codeaurora.org>
Date: Tue, 13 Oct 2020 20:53:09 +0300
Subject: [PATCH] DPP2: Use the new privacy protection key to protect E-id on
 Enrollee

Use ppKey instead of C-sign-key to encrypted E-id to E'-id into Reconfig
Announcement frame on the Enrollee side.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
---
 src/common/dpp.h                |  4 +++-
 src/common/dpp_crypto.c         | 33 +++++++++++++++++++++++----------
 src/common/dpp_i.h              |  1 +
 wpa_supplicant/dpp_supplicant.c |  4 +++-
 4 files changed, 30 insertions(+), 12 deletions(-)

diff --git a/src/common/dpp.h b/src/common/dpp.h
index 4b270524a..1774d6cfb 100644
--- a/src/common/dpp.h
+++ b/src/common/dpp.h
@@ -723,7 +723,9 @@ int dpp_reconfig_auth_conf_rx(struct dpp_authentication *auth, const u8 *hdr,
 			      const u8 *attr_start, size_t attr_len);
 
 struct dpp_reconfig_id * dpp_gen_reconfig_id(const u8 *csign_key,
-					     size_t csign_key_len);
+					     size_t csign_key_len,
+					     const u8 *pp_key,
+					     size_t pp_key_len);
 int dpp_update_reconfig_id(struct dpp_reconfig_id *id);
 void dpp_free_reconfig_id(struct dpp_reconfig_id *id);
 
diff --git a/src/common/dpp_crypto.c b/src/common/dpp_crypto.c
index 5938ed6a7..865215afe 100644
--- a/src/common/dpp_crypto.c
+++ b/src/common/dpp_crypto.c
@@ -3004,10 +3004,12 @@ fail:
 
 
 struct dpp_reconfig_id * dpp_gen_reconfig_id(const u8 *csign_key,
-					     size_t csign_key_len)
+					     size_t csign_key_len,
+					     const u8 *pp_key,
+					     size_t pp_key_len)
 {
 	const unsigned char *p;
-	EVP_PKEY *csign = NULL;
+	EVP_PKEY *csign = NULL, *ppkey = NULL;
 	struct dpp_reconfig_id *id = NULL;
 	BN_CTX *ctx = NULL;
 	BIGNUM *bn = NULL, *q = NULL;
@@ -3020,6 +3022,13 @@ struct dpp_reconfig_id * dpp_gen_reconfig_id(const u8 *csign_key,
 	if (!csign)
 		goto fail;
 
+	if (!pp_key)
+		goto fail;
+	p = pp_key;
+	ppkey = d2i_PUBKEY(NULL, &p, pp_key_len);
+	if (!ppkey)
+		goto fail;
+
 	eckey = EVP_PKEY_get0_EC_KEY(csign);
 	if (!eckey)
 		goto fail;
@@ -3047,9 +3056,12 @@ struct dpp_reconfig_id * dpp_gen_reconfig_id(const u8 *csign_key,
 	e_id = NULL;
 	id->csign = csign;
 	csign = NULL;
+	id->pp_key = ppkey;
+	ppkey = NULL;
 fail:
 	EC_POINT_free(e_id);
 	EVP_PKEY_free(csign);
+	EVP_PKEY_free(ppkey);
 	BN_clear_free(bn);
 	BN_CTX_free(ctx);
 	return id;
@@ -3093,13 +3105,13 @@ int dpp_update_reconfig_id(struct dpp_reconfig_id *id)
 	BIGNUM *bn = NULL, *q = NULL;
 	EC_POINT *e_prime_id = NULL, *a_nonce = NULL;
 	int ret = -1;
-	const EC_KEY *csign;
-	const EC_POINT *csign_point;
+	const EC_KEY *pp;
+	const EC_POINT *pp_point;
 
-	csign = EVP_PKEY_get0_EC_KEY(id->csign);
-	if (!csign)
+	pp = EVP_PKEY_get0_EC_KEY(id->pp_key);
+	if (!pp)
 		goto fail;
-	csign_point = EC_KEY_get0_public_key(csign);
+	pp_point = EC_KEY_get0_public_key(pp);
 	e_prime_id = EC_POINT_new(id->group);
 	a_nonce = EC_POINT_new(id->group);
 	ctx = BN_CTX_new();
@@ -3107,12 +3119,12 @@ int dpp_update_reconfig_id(struct dpp_reconfig_id *id)
 	q = BN_new();
 	/* Generate random 0 <= a-nonce < q
 	 * A-NONCE = a-nonce * G
-	 * E'-id = E-id + a-nonce * S_C */
-	if (!csign_point || !e_prime_id || !a_nonce || !ctx || !bn || !q ||
+	 * E'-id = E-id + a-nonce * P_pk */
+	if (!pp_point || !e_prime_id || !a_nonce || !ctx || !bn || !q ||
 	    !EC_GROUP_get_order(id->group, q, ctx) ||
 	    !BN_rand_range(bn, q) || /* bn = a-nonce */
 	    !EC_POINT_mul(id->group, a_nonce, bn, NULL, NULL, ctx) ||
-	    !EC_POINT_mul(id->group, e_prime_id, NULL, csign_point, bn, ctx) ||
+	    !EC_POINT_mul(id->group, e_prime_id, NULL, pp_point, bn, ctx) ||
 	    !EC_POINT_add(id->group, e_prime_id, id->e_id, e_prime_id, ctx))
 		goto fail;
 
@@ -3145,6 +3157,7 @@ void dpp_free_reconfig_id(struct dpp_reconfig_id *id)
 		EVP_PKEY_free(id->csign);
 		EVP_PKEY_free(id->a_nonce);
 		EVP_PKEY_free(id->e_prime_id);
+		EVP_PKEY_free(id->pp_key);
 		os_free(id);
 	}
 }
diff --git a/src/common/dpp_i.h b/src/common/dpp_i.h
index f2164c789..b875f2033 100644
--- a/src/common/dpp_i.h
+++ b/src/common/dpp_i.h
@@ -146,6 +146,7 @@ struct dpp_reconfig_id {
 	EVP_PKEY *csign;
 	EVP_PKEY *a_nonce; /* A-NONCE */
 	EVP_PKEY *e_prime_id; /* E'-id */
+	EVP_PKEY *pp_key;
 };
 
 /* dpp_tcp.c */
diff --git a/wpa_supplicant/dpp_supplicant.c b/wpa_supplicant/dpp_supplicant.c
index 8e9a37c8b..74514886a 100644
--- a/wpa_supplicant/dpp_supplicant.c
+++ b/wpa_supplicant/dpp_supplicant.c
@@ -3730,7 +3730,9 @@ int wpas_dpp_reconfig(struct wpa_supplicant *wpa_s, const char *cmd)
 
 	dpp_free_reconfig_id(wpa_s->dpp_reconfig_id);
 	wpa_s->dpp_reconfig_id = dpp_gen_reconfig_id(ssid->dpp_csign,
-						     ssid->dpp_csign_len);
+						     ssid->dpp_csign_len,
+						     ssid->dpp_pp_key,
+						     ssid->dpp_pp_key_len);
 	if (!wpa_s->dpp_reconfig_id) {
 		wpa_printf(MSG_DEBUG,
 			   "DPP: Failed to generate E-id for reconfiguration");