[PATCH 5/9] dpp: add role definitions

public inbox for iwd@lists.linux.dev
 help / color / mirror / Atom feed

* [PATCH 5/9] dpp: add role definitions
@ 2021-12-20 21:49 James Prestwood
  0 siblings, 0 replies; only message in thread
From: James Prestwood @ 2021-12-20 21:49 UTC (permalink / raw)
  To: iwd 

[-- Attachment #1: Type: text/plain, Size: 4715 bytes --]

Added both enrollee and configurator roles, as well as the needed
logic inside the authentication protocol to verify role compatibility.
The dpp_sm's role will now be used when setting capability bits making
the auth protocol agnostic to enrollees or configurators.
---
 src/dpp.c | 41 ++++++++++++++++++++++++++++++++---------
 1 file changed, 32 insertions(+), 9 deletions(-)

diff --git a/src/dpp.c b/src/dpp.c
index c98ba021..29cec5cd 100644
--- a/src/dpp.c
+++ b/src/dpp.c
@@ -58,9 +58,15 @@ enum dpp_state {
 	DPP_STATE_CONFIGURING,
 };
 
+enum dpp_capability {
+	DPP_CAPABILITY_ENROLLEE = 0x01,
+	DPP_CAPABILITY_CONFIGURATOR = 0x02,
+};
+
 struct dpp_sm {
 	struct netdev *netdev;
 	char *uri;
+	uint8_t role;
 
 	uint64_t wdev_id;
 
@@ -583,7 +589,6 @@ static void send_authenticate_response(struct dpp_sm *dpp, void *r_auth)
 	uint8_t status = DPP_STATUS_OK;
 	uint64_t r_proto_key[L_ECC_MAX_DIGITS * 2];
 	uint8_t version = 2;
-	uint8_t r_capabilities = 0x01;
 	struct iovec iov[3];
 	uint8_t wrapped2_plaintext[dpp->key_len + 4];
 	uint8_t wrapped2[dpp->key_len + 16 + 8];
@@ -623,7 +628,7 @@ static void send_authenticate_response(struct dpp_sm *dpp, void *r_auth)
 			ptr, sizeof(attrs), dpp->k2, dpp->key_len, 4,
 			DPP_ATTR_RESPONDER_NONCE, dpp->nonce_len, dpp->r_nonce,
 			DPP_ATTR_INITIATOR_NONCE, dpp->nonce_len, dpp->i_nonce,
-			DPP_ATTR_RESPONDER_CAPABILITIES, 1, &r_capabilities,
+			DPP_ATTR_RESPONDER_CAPABILITIES, 1, &dpp->role,
 			DPP_ATTR_WRAPPED_DATA, wrapped2_len, wrapped2);
 
 	iov[1].iov_base = attrs;
@@ -755,7 +760,9 @@ static void authenticate_confirm(struct dpp_sm *dpp, const uint8_t *from,
 	l_debug("Authentication successful");
 
 	dpp_reset_protocol_timer(dpp);
-	dpp_configuration_start(dpp, from);
+
+	if (dpp->role == DPP_CAPABILITY_ENROLLEE)
+		dpp_configuration_start(dpp, from);
 
 	return;
 
@@ -772,7 +779,6 @@ static void dpp_auth_request_failed(struct dpp_sm *dpp,
 	uint8_t attrs[128];
 	uint8_t *ptr = attrs;
 	uint8_t version = 2;
-	uint8_t r_capabilities = 0x01;
 	uint8_t s = status;
 	struct iovec iov[2];
 
@@ -790,7 +796,7 @@ static void dpp_auth_request_failed(struct dpp_sm *dpp,
 	ptr += dpp_append_wrapped_data(hdr + 26, 6, attrs, ptr - attrs,
 			ptr, sizeof(attrs) - (ptr - attrs), k1, dpp->key_len, 2,
 			DPP_ATTR_INITIATOR_NONCE, dpp->nonce_len, dpp->i_nonce,
-			DPP_ATTR_RESPONDER_CAPABILITIES, 1, &r_capabilities);
+			DPP_ATTR_RESPONDER_CAPABILITIES, 1, &dpp->role);
 
 	iov[1].iov_base = attrs;
 	iov[1].iov_len = ptr - attrs;
@@ -799,6 +805,18 @@ static void dpp_auth_request_failed(struct dpp_sm *dpp,
 				dpp->current_freq);
 }
 
+static bool dpp_check_roles(struct dpp_sm *dpp, uint8_t peer_capa)
+{
+	if (dpp->role == DPP_CAPABILITY_ENROLLEE &&
+			!(peer_capa & DPP_CAPABILITY_CONFIGURATOR))
+		return false;
+	else if (dpp->role == DPP_CAPABILITY_CONFIGURATOR &&
+			!(peer_capa & DPP_CAPABILITY_ENROLLEE))
+		return false;
+
+	return true;
+}
+
 static void authenticate_request(struct dpp_sm *dpp, const uint8_t *from,
 					const uint8_t *body, size_t body_len)
 {
@@ -811,6 +829,7 @@ static void authenticate_request(struct dpp_sm *dpp, const uint8_t *from,
 	const uint8_t *i_proto = NULL;
 	const void *wrapped = NULL;
 	const uint8_t *i_nonce = NULL;
+	uint8_t i_capa = 0;
 	size_t r_boot_len = 0, i_proto_len = 0, wrapped_len = 0;
 	size_t i_nonce_len = 0;
 	_auto_(l_free) uint8_t *unwrapped = NULL;
@@ -920,9 +939,10 @@ static void authenticate_request(struct dpp_sm *dpp, const uint8_t *from,
 			 * failure by adding the DPP Status field set to
 			 * STATUS_NOT_COMPATIBLE"
 			 */
-			if (!(l_get_u8(data) & 0x2)) {
-				l_debug("Initiator is not configurator");
+			i_capa = l_get_u8(data);
 
+			if (!dpp_check_roles(dpp, i_capa)) {
+				l_debug("Peer does not support required role");
 				dpp_auth_request_failed(dpp,
 						DPP_STATUS_NOT_COMPATIBLE, k1);
 				goto auth_request_failed;
@@ -1037,9 +1057,11 @@ static void dpp_roc_started(void *user_data)
 	struct dpp_sm *dpp = user_data;
 
 	/*
-	 * If not in presence procedure, just stay on channel.
+	 * If not in presence procedure or in a configurator role, just stay
+	 * on channel.
 	 */
-	if (dpp->state != DPP_STATE_PRESENCE)
+	if (dpp->state != DPP_STATE_PRESENCE ||
+			dpp->role == DPP_CAPABILITY_CONFIGURATOR)
 		return;
 
 	dpp_presence_announce(dpp);
@@ -1230,6 +1252,7 @@ static struct l_dbus_message *dpp_dbus_start_enrollee(struct l_dbus *dbus,
 					1, NULL, NULL);
 
 	dpp->state = DPP_STATE_PRESENCE;
+	dpp->role = DPP_CAPABILITY_ENROLLEE;
 
 	l_debug("DPP Start Enrollee: %s", dpp->uri);
 
-- 
2.31.1

^ permalink raw reply related	[flat|nested] only message in thread

only message in thread, other threads:[~2021-12-20 21:49 UTC | newest]

Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2021-12-20 21:49 [PATCH 5/9] dpp: add role definitions James Prestwood

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox