aboutsummaryrefslogtreecommitdiffstats
path: root/src
diff options
context:
space:
mode:
authorJouni Malinen <jouni@qca.qualcomm.com>2017-07-02 09:36:41 (GMT)
committerJouni Malinen <j@w1.fi>2017-07-03 10:29:59 (GMT)
commit787615b38161ae7947314cc4b9e1905853d151e2 (patch)
tree043f9226ffa374516c90c0a12ba4d4bfc1881bc2 /src
parent0651dfb76cffb80e216c4b8d62c657b26e67b634 (diff)
downloadhostap-787615b38161ae7947314cc4b9e1905853d151e2.zip
hostap-787615b38161ae7947314cc4b9e1905853d151e2.tar.gz
hostap-787615b38161ae7947314cc4b9e1905853d151e2.tar.bz2
DPP: Set PMKSA expiration based on peer connector
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Diffstat (limited to 'src')
-rw-r--r--src/ap/dpp_hostapd.c16
-rw-r--r--src/common/dpp.c7
-rw-r--r--src/common/dpp.h3
3 files changed, 15 insertions, 11 deletions
diff --git a/src/ap/dpp_hostapd.c b/src/ap/dpp_hostapd.c
index f6ac9c8..b5980d4 100644
--- a/src/ap/dpp_hostapd.c
+++ b/src/ap/dpp_hostapd.c
@@ -880,6 +880,7 @@ static void hostapd_dpp_rx_peer_disc_req(struct hostapd_data *hapd,
u16 connector_len;
struct os_time now;
struct dpp_introduction intro;
+ os_time_t expire;
int expiration;
struct wpabuf *msg;
@@ -923,19 +924,18 @@ static void hostapd_dpp_rx_peer_disc_req(struct hostapd_data *hapd,
wpabuf_len(hapd->conf->dpp_netaccesskey),
wpabuf_head(hapd->conf->dpp_csign),
wpabuf_len(hapd->conf->dpp_csign),
- connector, connector_len) < 0) {
+ connector, connector_len, &expire) < 0) {
wpa_printf(MSG_INFO,
"DPP: Network Introduction protocol resulted in failure");
return;
}
- if (hapd->conf->dpp_netaccesskey_expiry &&
- (!hapd->conf->dpp_csign_expiry ||
- hapd->conf->dpp_netaccesskey_expiry <
- hapd->conf->dpp_csign_expiry))
- expiration = hapd->conf->dpp_netaccesskey_expiry - now.sec;
- else if (hapd->conf->dpp_csign_expiry)
- expiration = hapd->conf->dpp_csign_expiry - now.sec;
+ if (!expire || hapd->conf->dpp_netaccesskey_expiry < expire)
+ expire = hapd->conf->dpp_netaccesskey_expiry;
+ if (!expire || hapd->conf->dpp_csign_expiry < expire)
+ expire = hapd->conf->dpp_csign_expiry;
+ if (expire)
+ expiration = expire - now.sec;
else
expiration = 0;
diff --git a/src/common/dpp.c b/src/common/dpp.c
index 5311dee..06e70a1 100644
--- a/src/common/dpp.c
+++ b/src/common/dpp.c
@@ -4686,7 +4686,8 @@ static int dpp_netkey_hash(EVP_PKEY *key, u8 *hash)
int dpp_peer_intro(struct dpp_introduction *intro, const char *own_connector,
const u8 *net_access_key, size_t net_access_key_len,
const u8 *csign_key, size_t csign_key_len,
- const u8 *peer_connector, size_t peer_connector_len)
+ const u8 *peer_connector, size_t peer_connector_len,
+ os_time_t *expiry)
{
struct json_token *root = NULL, *netkey, *token;
struct json_token *own_root = NULL;
@@ -4711,6 +4712,8 @@ int dpp_peer_intro(struct dpp_introduction *intro, const char *own_connector,
os_memset(intro, 0, sizeof(*intro));
os_memset(&info, 0, sizeof(info));
+ if (expiry)
+ *expiry = 0;
p = csign_key;
csign = d2i_PUBKEY(NULL, &p, csign_key_len);
@@ -4802,7 +4805,7 @@ int dpp_peer_intro(struct dpp_introduction *intro, const char *own_connector,
"DPP: No expiry string found - connector does not expire");
} else {
wpa_printf(MSG_DEBUG, "DPP: expiry = %s", token->string);
- if (dpp_key_expired(token->string, NULL)) {
+ if (dpp_key_expired(token->string, expiry)) {
wpa_printf(MSG_DEBUG,
"DPP: Connector (netAccessKey) has expired");
goto fail;
diff --git a/src/common/dpp.h b/src/common/dpp.h
index 1c10928..d68cd76 100644
--- a/src/common/dpp.h
+++ b/src/common/dpp.h
@@ -256,7 +256,8 @@ dpp_keygen_configurator(const char *curve, const u8 *privkey,
int dpp_peer_intro(struct dpp_introduction *intro, const char *own_connector,
const u8 *net_access_key, size_t net_access_key_len,
const u8 *csign_key, size_t csign_key_len,
- const u8 *peer_connector, size_t peer_connector_len);
+ const u8 *peer_connector, size_t peer_connector_len,
+ os_time_t *expiry);
struct dpp_pkex * dpp_pkex_init(struct dpp_bootstrap_info *bi,
const u8 *own_mac,
const char *identifier,