sta_set_security: Add ServerCert parameter
This new parameter can be used to configure a specific server
certificate for the network profile using SHA256 hash of the DER version
of the certificate read from a file on the station.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
diff --git a/sigma_dut.c b/sigma_dut.c
index aa1b8d4..b482d14 100644
--- a/sigma_dut.c
+++ b/sigma_dut.c
@@ -423,6 +423,7 @@
send_resp(dut, conn, SIGMA_INVALID, NULL);
break;
case STATUS_SENT:
+ case STATUS_SENT_ERROR:
break;
case SUCCESS_SEND_STATUS:
send_resp(dut, conn, SIGMA_COMPLETE, NULL);
diff --git a/sigma_dut.h b/sigma_dut.h
index 6a91500..b4b81b3 100644
--- a/sigma_dut.h
+++ b/sigma_dut.h
@@ -126,6 +126,7 @@
};
enum sigma_cmd_result {
+ STATUS_SENT_ERROR = -3,
ERROR_SEND_STATUS = -2,
INVALID_SEND_STATUS = -1,
STATUS_SENT = 0,
diff --git a/sta.c b/sta.c
index 9e78eb3..3033c5b 100644
--- a/sta.c
+++ b/sta.c
@@ -2166,7 +2166,7 @@
{
const char *val, *alg, *akm;
int id;
- char buf[200];
+ char buf[200], buf2[300];
#ifdef ANDROID
unsigned char kvalue[KEYSTORE_MESSAGE_SIZE];
int length;
@@ -2267,6 +2267,33 @@
return -2;
}
+ val = get_param(cmd, "ServerCert");
+ if (val) {
+ FILE *f;
+ char *result = NULL, *pos;
+
+ snprintf(buf, sizeof(buf), "%s/%s.sha256", sigma_cert_path,
+ val);
+ f = fopen(buf, "r");
+ if (f) {
+ result = fgets(buf, sizeof(buf), f);
+ fclose(f);
+ }
+ if (!result) {
+ snprintf(buf2, sizeof(buf2),
+ "ErrorCode,ServerCert hash could not be read from %s",
+ buf);
+ send_resp(dut, conn, SIGMA_ERROR, buf2);
+ return STATUS_SENT_ERROR;
+ }
+ pos = strchr(buf, '\n');
+ if (pos)
+ *pos = '\0';
+ snprintf(buf2, sizeof(buf2), "hash://server/sha256/%s", buf);
+ if (set_network_quoted(ifname, id, "ca_cert", buf2) < 0)
+ return ERROR_SEND_STATUS;
+ }
+
val = get_param(cmd, "Domain");
if (val && set_network_quoted(ifname, id, "domain_match", val) < 0)
return ERROR_SEND_STATUS;