7 years ago · 787615b381
--- a/src/ap/dpp_hostapd.c
+++ b/src/ap/dpp_hostapd.c
@@ -880,6 +880,7 @@ static void hostapd_dpp_rx_peer_disc_req(struct hostapd_data *hapd,
 
				 	u16 connector_len;
			
 
				 	struct os_time now;
			
 
				 	struct dpp_introduction intro;
			
 
				+	os_time_t expire;
			
 
				 	int expiration;
			
 
				 	struct wpabuf *msg;
			
 
				 
			
@@ -923,19 +924,18 @@ static void hostapd_dpp_rx_peer_disc_req(struct hostapd_data *hapd,
 
				 			   wpabuf_len(hapd->conf->dpp_netaccesskey),
			
 
				 			   wpabuf_head(hapd->conf->dpp_csign),
			
 
				 			   wpabuf_len(hapd->conf->dpp_csign),
			
 
				-			   connector, connector_len) < 0) {
			
 
				+			   connector, connector_len, &expire) < 0) {
			
 
				 		wpa_printf(MSG_INFO,
			
 
				 			   "DPP: Network Introduction protocol resulted in failure");
			
 
				 		return;
			
 
				 	}
			
 
				 
			
 
				-	if (hapd->conf->dpp_netaccesskey_expiry &&
			
 
				-	    (!hapd->conf->dpp_csign_expiry ||
			
 
				-	     hapd->conf->dpp_netaccesskey_expiry <
			
 
				-	     hapd->conf->dpp_csign_expiry))
			
 
				-		expiration = hapd->conf->dpp_netaccesskey_expiry - now.sec;
			
 
				-	else if (hapd->conf->dpp_csign_expiry)
			
 
				-		expiration = hapd->conf->dpp_csign_expiry - now.sec;
			
 
				+	if (!expire || hapd->conf->dpp_netaccesskey_expiry < expire)
			
 
				+		expire = hapd->conf->dpp_netaccesskey_expiry;
			
 
				+	if (!expire || hapd->conf->dpp_csign_expiry < expire)
			
 
				+		expire = hapd->conf->dpp_csign_expiry;
			
 
				+	if (expire)
			
 
				+		expiration = expire - now.sec;
			
 
				 	else
			
 
				 		expiration = 0;
			
 
				 
			
--- a/src/common/dpp.c
+++ b/src/common/dpp.c
@@ -4686,7 +4686,8 @@ static int dpp_netkey_hash(EVP_PKEY *key, u8 *hash)
 
				 int dpp_peer_intro(struct dpp_introduction *intro, const char *own_connector,
			
 
				 		   const u8 *net_access_key, size_t net_access_key_len,
			
 
				 		   const u8 *csign_key, size_t csign_key_len,
			
 
				-		   const u8 *peer_connector, size_t peer_connector_len)
			
 
				+		   const u8 *peer_connector, size_t peer_connector_len,
			
 
				+		   os_time_t *expiry)
			
 
				 {
			
 
				 	struct json_token *root = NULL, *netkey, *token;
			
 
				 	struct json_token *own_root = NULL;
			
@@ -4711,6 +4712,8 @@ int dpp_peer_intro(struct dpp_introduction *intro, const char *own_connector,
 
				 
			
 
				 	os_memset(intro, 0, sizeof(*intro));
			
 
				 	os_memset(&info, 0, sizeof(info));
			
 
				+	if (expiry)
			
 
				+		*expiry = 0;
			
 
				 
			
 
				 	p = csign_key;
			
 
				 	csign = d2i_PUBKEY(NULL, &p, csign_key_len);
			
@@ -4802,7 +4805,7 @@ int dpp_peer_intro(struct dpp_introduction *intro, const char *own_connector,
 
				 			   "DPP: No expiry string found - connector does not expire");
			
 
				 	} else {
			
 
				 		wpa_printf(MSG_DEBUG, "DPP: expiry = %s", token->string);
			
 
				-		if (dpp_key_expired(token->string, NULL)) {
			
 
				+		if (dpp_key_expired(token->string, expiry)) {
			
 
				 			wpa_printf(MSG_DEBUG,
			
 
				 				   "DPP: Connector (netAccessKey) has expired");
			
 
				 			goto fail;
			
--- a/src/common/dpp.h
+++ b/src/common/dpp.h
@@ -256,7 +256,8 @@ dpp_keygen_configurator(const char *curve, const u8 *privkey,
 
				 int dpp_peer_intro(struct dpp_introduction *intro, const char *own_connector,
			
 
				 		   const u8 *net_access_key, size_t net_access_key_len,
			
 
				 		   const u8 *csign_key, size_t csign_key_len,
			
 
				-		   const u8 *peer_connector, size_t peer_connector_len);
			
 
				+		   const u8 *peer_connector, size_t peer_connector_len,
			
 
				+		   os_time_t *expiry);
			
 
				 struct dpp_pkex * dpp_pkex_init(struct dpp_bootstrap_info *bi,
			
 
				 				const u8 *own_mac,
			
 
				 				const char *identifier,
			
--- a/wpa_supplicant/dpp_supplicant.c
+++ b/wpa_supplicant/dpp_supplicant.c
@@ -1269,6 +1269,10 @@ static void wpas_dpp_rx_peer_disc_resp(struct wpa_supplicant *wpa_s,
 
				 	u16 connector_len, pk_hash_len, nk_hash_len;
			
 
				 	struct dpp_introduction intro;
			
 
				 	struct rsn_pmksa_cache_entry *entry;
			
 
				+	struct os_time now;
			
 
				+	struct os_reltime rnow;
			
 
				+	os_time_t expiry;
			
 
				+	unsigned int seconds;
			
 
				 
			
 
				 	wpa_printf(MSG_DEBUG, "DPP: Peer Discovery Response from " MACSTR,
			
 
				 		   MAC2STR(src));
			
@@ -1303,7 +1307,7 @@ static void wpas_dpp_rx_peer_disc_resp(struct wpa_supplicant *wpa_s,
 
				 			   ssid->dpp_netaccesskey_len,
			
 
				 			   ssid->dpp_csign,
			
 
				 			   ssid->dpp_csign_len,
			
 
				-			   connector, connector_len) < 0) {
			
 
				+			   connector, connector_len, &expiry) < 0) {
			
 
				 		wpa_printf(MSG_INFO,
			
 
				 			   "DPP: Network Introduction protocol resulted in failure");
			
 
				 		goto fail;
			
@@ -1347,7 +1351,17 @@ static void wpas_dpp_rx_peer_disc_resp(struct wpa_supplicant *wpa_s,
 
				 	os_memcpy(entry->pmk, intro.pmk, intro.pmk_len);
			
 
				 	entry->pmk_len = intro.pmk_len;
			
 
				 	entry->akmp = WPA_KEY_MGMT_DPP;
			
 
				-	/* TODO: expiration */
			
 
				+	if (!expiry || expiry > ssid->dpp_csign_expiry)
			
 
				+		expiry = ssid->dpp_csign_expiry;
			
 
				+	if (expiry) {
			
 
				+		os_get_time(&now);
			
 
				+		seconds = expiry - now.sec;
			
 
				+	} else {
			
 
				+		seconds = 86400 * 7;
			
 
				+	}
			
 
				+	os_get_reltime(&rnow);
			
 
				+	entry->expiration = rnow.sec + seconds;
			
 
				+	entry->reauth_time = rnow.sec + seconds;
			
 
				 	entry->network_ctx = ssid;
			
 
				 	wpa_sm_pmksa_cache_add_entry(wpa_s->wpa, entry);