Re: [PATCH v3 8/9] dpp: initial version of PKEX enrollee support

[Denis Kenzior <denkenz@gmail.com>]

Hi James,

On 10/31/23 13:47, James Prestwood wrote:
> This is the initial support for PKEX enrollees acting as the
> initiator. A PKEX initiator starts the protocol by broadcasting
> the PKEX exchange request. This request contains a key encrypted
> with the pre-shared PKEX code. If accepted the peer sends back
> the exchange response with its own encrypted key. The enrollee
> decrypts this and performs some crypto/hashing in order to establish
> an ephemeral key used to encrypt its own boostrapping key. The
> boostrapping key is encrypted and sent to the peer in the PKEX
> commit-reveal request. The peer then does the same thing, encrypting
> its own bootstrapping key and sending to the initiator as the
> PKEX commit-reveal response.
> 
> After this, both peers have exchanged their boostrapping keys
> securely and can begin DPP authentication, then configuration.
> 
> For now the enrollee will only iterate the default channel list
> from the Easy Connect spec. Future upates will need to include some
> way of discovering non-default channel configurators, but the
> protocol needs to be ironed out first.
> ---
>   src/dpp.c | 765 +++++++++++++++++++++++++++++++++++++++++++++++++++++-
>   1 file changed, 761 insertions(+), 4 deletions(-)
> 

Wish this came before the agent stuff :)

> diff --git a/src/dpp.c b/src/dpp.c
> index 57024a26..8b47be5c 100644
> --- a/src/dpp.c
> +++ b/src/dpp.c
> @@ -53,10 +53,12 @@
>   #include "src/network.h"
>   #include "src/handshake.h"
>   #include "src/nl80211util.h"
> +#include "src/agent.h"
>   

Why is this needed?

>   #define DPP_FRAME_MAX_RETRIES 5
>   #define DPP_FRAME_RETRY_TIMEOUT 1
>   #define DPP_AUTH_PROTO_TIMEOUT 10
> +#define DPP_PKEX_PROTO_TIMEOUT 120
>   
>   static uint32_t netdev_watch;
>   static struct l_genl_family *nl80211;

I'll look at this in more detail once you send v4.

Regards,
-Denis