aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorPurushottam Kushwaha <pkushwah@codeaurora.org>2018-03-16 10:04:21 (GMT)
committerJouni Malinen <j@w1.fi>2018-03-16 18:55:32 (GMT)
commit8179ae3a2a375ff293b87eab2e9761f8919aa516 (patch)
tree8ec98b98cbabc4a7516a9418dd158d2a27c54cb1
parent4bc801ab42eb9308e82bc9ac35f82c13d497c80e (diff)
downloadhostap-8179ae3a2a375ff293b87eab2e9761f8919aa516.zip
hostap-8179ae3a2a375ff293b87eab2e9761f8919aa516.tar.gz
hostap-8179ae3a2a375ff293b87eab2e9761f8919aa516.tar.bz2
DPP: Support retrieving of configurator's private key
To retain configurator information across hostapd/wpa_supplicant restart, private key need to be maintained to generate a valid pair of authentication keys (connector, netaccess_key, csign) for new enrollees in the network. Add a DPP_CONFIGURATOR_GET_KEY control interface API through which the private key of an existing configurator can be fetched. Command format: DPP_CONFIGURATOR_GET_KEY <configurator_id> The output from this command can then be used with "DPP_CONFIGURATOR_ADD key=<hexdump>" to create the same key again. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
-rw-r--r--hostapd/ctrl_iface.c4
-rw-r--r--hostapd/hostapd_cli.c10
-rw-r--r--src/ap/dpp_hostapd.c13
-rw-r--r--src/ap/dpp_hostapd.h2
-rw-r--r--src/common/dpp.c24
-rw-r--r--src/common/dpp.h2
-rw-r--r--wpa_supplicant/ctrl_iface.c3
-rw-r--r--wpa_supplicant/dpp_supplicant.c13
-rw-r--r--wpa_supplicant/dpp_supplicant.h2
-rw-r--r--wpa_supplicant/wpa_cli.c10
10 files changed, 83 insertions, 0 deletions
diff --git a/hostapd/ctrl_iface.c b/hostapd/ctrl_iface.c
index 3bba3ae..0c372b9 100644
--- a/hostapd/ctrl_iface.c
+++ b/hostapd/ctrl_iface.c
@@ -3171,6 +3171,10 @@ static int hostapd_ctrl_iface_receive_process(struct hostapd_data *hapd,
} else if (os_strncmp(buf, "DPP_CONFIGURATOR_SIGN ", 22) == 0) {
if (hostapd_dpp_configurator_sign(hapd, buf + 22) < 0)
reply_len = -1;
+ } else if (os_strncmp(buf, "DPP_CONFIGURATOR_GET_KEY ", 25) == 0) {
+ reply_len = hostapd_dpp_configurator_get_key(hapd,
+ atoi(buf + 25),
+ reply, reply_size);
} else if (os_strncmp(buf, "DPP_PKEX_ADD ", 13) == 0) {
res = hostapd_dpp_pkex_add(hapd, buf + 12);
if (res < 0) {
diff --git a/hostapd/hostapd_cli.c b/hostapd/hostapd_cli.c
index 6683582..e937d9c 100644
--- a/hostapd/hostapd_cli.c
+++ b/hostapd/hostapd_cli.c
@@ -1436,6 +1436,13 @@ static int hostapd_cli_cmd_dpp_configurator_remove(struct wpa_ctrl *ctrl,
}
+static int hostapd_cli_cmd_dpp_configurator_get_key(struct wpa_ctrl *ctrl,
+ int argc, char *argv[])
+{
+ return hostapd_cli_cmd(ctrl, "DPP_CONFIGURATOR_GET_KEY", 1, argc, argv);
+}
+
+
static int hostapd_cli_cmd_dpp_pkex_add(struct wpa_ctrl *ctrl, int argc,
char *argv[])
{
@@ -1623,6 +1630,9 @@ static const struct hostapd_cli_cmd hostapd_cli_commands[] = {
{ "dpp_configurator_remove", hostapd_cli_cmd_dpp_configurator_remove,
NULL,
"*|<id> = remove DPP configurator" },
+ { "dpp_configurator_remove", hostapd_cli_cmd_dpp_configurator_get_key,
+ NULL,
+ "<id> = Get DPP configurator's private key" },
{ "dpp_pkex_add", hostapd_cli_cmd_dpp_pkex_add, NULL,
"add PKEX code" },
{ "dpp_pkex_remove", hostapd_cli_cmd_dpp_pkex_remove, NULL,
diff --git a/src/ap/dpp_hostapd.c b/src/ap/dpp_hostapd.c
index 0bebe59..4d2b71a 100644
--- a/src/ap/dpp_hostapd.c
+++ b/src/ap/dpp_hostapd.c
@@ -1881,6 +1881,19 @@ int hostapd_dpp_configurator_sign(struct hostapd_data *hapd, const char *cmd)
}
+int hostapd_dpp_configurator_get_key(struct hostapd_data *hapd, unsigned int id,
+ char *buf, size_t buflen)
+{
+ struct dpp_configurator *conf;
+
+ conf = hostapd_dpp_configurator_get_id(hapd, id);
+ if (!conf)
+ return -1;
+
+ return dpp_configurator_get_key(conf, buf, buflen);
+}
+
+
int hostapd_dpp_pkex_add(struct hostapd_data *hapd, const char *cmd)
{
struct dpp_bootstrap_info *own_bi;
diff --git a/src/ap/dpp_hostapd.h b/src/ap/dpp_hostapd.h
index c2c6200..3ef7c14 100644
--- a/src/ap/dpp_hostapd.h
+++ b/src/ap/dpp_hostapd.h
@@ -30,6 +30,8 @@ void hostapd_dpp_gas_status_handler(struct hostapd_data *hapd, int ok);
int hostapd_dpp_configurator_add(struct hostapd_data *hapd, const char *cmd);
int hostapd_dpp_configurator_remove(struct hostapd_data *hapd, const char *id);
int hostapd_dpp_configurator_sign(struct hostapd_data *hapd, const char *cmd);
+int hostapd_dpp_configurator_get_key(struct hostapd_data *hapd, unsigned int id,
+ char *buf, size_t buflen);
int hostapd_dpp_pkex_add(struct hostapd_data *hapd, const char *cmd);
int hostapd_dpp_pkex_remove(struct hostapd_data *hapd, const char *id);
void hostapd_dpp_stop(struct hostapd_data *hapd);
diff --git a/src/common/dpp.c b/src/common/dpp.c
index 4e0bf36..805507c 100644
--- a/src/common/dpp.c
+++ b/src/common/dpp.c
@@ -5510,6 +5510,30 @@ void dpp_configurator_free(struct dpp_configurator *conf)
}
+int dpp_configurator_get_key(const struct dpp_configurator *conf, char *buf,
+ size_t buflen)
+{
+ EC_KEY *eckey;
+ int key_len, ret = -1;
+ unsigned char *key = NULL;
+
+ if (!conf->csign)
+ return -1;
+
+ eckey = EVP_PKEY_get1_EC_KEY(conf->csign);
+ if (!eckey)
+ return -1;
+
+ key_len = i2d_ECPrivateKey(eckey, &key);
+ if (key_len > 0)
+ ret = wpa_snprintf_hex(buf, buflen, key, key_len);
+
+ EC_KEY_free(eckey);
+ OPENSSL_free(key);
+ return ret;
+}
+
+
struct dpp_configurator *
dpp_keygen_configurator(const char *curve, const u8 *privkey,
size_t privkey_len)
diff --git a/src/common/dpp.h b/src/common/dpp.h
index b89b22c..185a31c 100644
--- a/src/common/dpp.h
+++ b/src/common/dpp.h
@@ -394,6 +394,8 @@ const u8 * dpp_get_attr(const u8 *buf, size_t len, u16 req_id, u16 *ret_len);
int dpp_check_attrs(const u8 *buf, size_t len);
int dpp_key_expired(const char *timestamp, os_time_t *expiry);
const char * dpp_akm_str(enum dpp_akm akm);
+int dpp_configurator_get_key(const struct dpp_configurator *conf, char *buf,
+ size_t buflen);
void dpp_configurator_free(struct dpp_configurator *conf);
struct dpp_configurator *
dpp_keygen_configurator(const char *curve, const u8 *privkey,
diff --git a/wpa_supplicant/ctrl_iface.c b/wpa_supplicant/ctrl_iface.c
index a3aa3b6..23681dc 100644
--- a/wpa_supplicant/ctrl_iface.c
+++ b/wpa_supplicant/ctrl_iface.c
@@ -10576,6 +10576,9 @@ char * wpa_supplicant_ctrl_iface_process(struct wpa_supplicant *wpa_s,
} else if (os_strncmp(buf, "DPP_CONFIGURATOR_SIGN ", 22) == 0) {
if (wpas_dpp_configurator_sign(wpa_s, buf + 22) < 0)
reply_len = -1;
+ } else if (os_strncmp(buf, "DPP_CONFIGURATOR_GET_KEY ", 25) == 0) {
+ reply_len = wpas_dpp_configurator_get_key(wpa_s, atoi(buf + 25),
+ reply, reply_size);
} else if (os_strncmp(buf, "DPP_PKEX_ADD ", 13) == 0) {
int res;
diff --git a/wpa_supplicant/dpp_supplicant.c b/wpa_supplicant/dpp_supplicant.c
index 57ba7bc..d14203f 100644
--- a/wpa_supplicant/dpp_supplicant.c
+++ b/wpa_supplicant/dpp_supplicant.c
@@ -2275,6 +2275,19 @@ int wpas_dpp_configurator_sign(struct wpa_supplicant *wpa_s, const char *cmd)
}
+int wpas_dpp_configurator_get_key(struct wpa_supplicant *wpa_s, unsigned int id,
+ char *buf, size_t buflen)
+{
+ struct dpp_configurator *conf;
+
+ conf = dpp_configurator_get_id(wpa_s, id);
+ if (!conf)
+ return -1;
+
+ return dpp_configurator_get_key(conf, buf, buflen);
+}
+
+
static void
wpas_dpp_tx_introduction_status(struct wpa_supplicant *wpa_s,
unsigned int freq, const u8 *dst,
diff --git a/wpa_supplicant/dpp_supplicant.h b/wpa_supplicant/dpp_supplicant.h
index 0760b36..9b539df 100644
--- a/wpa_supplicant/dpp_supplicant.h
+++ b/wpa_supplicant/dpp_supplicant.h
@@ -28,6 +28,8 @@ void wpas_dpp_rx_action(struct wpa_supplicant *wpa_s, const u8 *src,
int wpas_dpp_configurator_add(struct wpa_supplicant *wpa_s, const char *cmd);
int wpas_dpp_configurator_remove(struct wpa_supplicant *wpa_s, const char *id);
int wpas_dpp_configurator_sign(struct wpa_supplicant *wpa_s, const char *cmd);
+int wpas_dpp_configurator_get_key(struct wpa_supplicant *wpa_s, unsigned int id,
+ char *buf, size_t buflen);
int wpas_dpp_pkex_add(struct wpa_supplicant *wpa_s, const char *cmd);
int wpas_dpp_pkex_remove(struct wpa_supplicant *wpa_s, const char *id);
void wpas_dpp_stop(struct wpa_supplicant *wpa_s);
diff --git a/wpa_supplicant/wpa_cli.c b/wpa_supplicant/wpa_cli.c
index 4f60890..de33671 100644
--- a/wpa_supplicant/wpa_cli.c
+++ b/wpa_supplicant/wpa_cli.c
@@ -2948,6 +2948,13 @@ static int wpa_cli_cmd_dpp_configurator_remove(struct wpa_ctrl *ctrl, int argc,
}
+static int wpa_cli_cmd_dpp_configurator_get_key(struct wpa_ctrl *ctrl, int argc,
+ char *argv[])
+{
+ return wpa_cli_cmd(ctrl, "DPP_CONFIGURATOR_GET_KEY", 1, argc, argv);
+}
+
+
static int wpa_cli_cmd_dpp_pkex_add(struct wpa_ctrl *ctrl, int argc,
char *argv[])
{
@@ -3604,6 +3611,9 @@ static const struct wpa_cli_cmd wpa_cli_commands[] = {
{ "dpp_configurator_remove", wpa_cli_cmd_dpp_configurator_remove, NULL,
cli_cmd_flag_none,
"*|<id> = remove DPP configurator" },
+ { "dpp_configurator_get_key", wpa_cli_cmd_dpp_configurator_get_key,
+ NULL, cli_cmd_flag_none,
+ "<id> = Get DPP configurator's private key" },
{ "dpp_pkex_add", wpa_cli_cmd_dpp_pkex_add, NULL,
cli_cmd_flag_sensitive,
"add PKEX code" },