[PATCH 01/16] ie: add IE_AKM_IS_PSK

[PATCH 01/16] ie: add IE_AKM_IS_PSK

[James Prestwood]

---
 src/ie.h | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/src/ie.h b/src/ie.h
index 4498785a..28931a01 100644
--- a/src/ie.h
+++ b/src/ie.h
@@ -399,6 +399,15 @@ static inline bool IE_AKM_IS_8021X(uint32_t akm)
 			IE_RSN_AKM_SUITE_FT_OVER_8021X_SHA384);
 }
 
+static inline bool IE_AKM_IS_PSK(uint32_t akm)
+{
+	return akm & (IE_RSN_AKM_SUITE_PSK |
+			IE_RSN_AKM_SUITE_FT_USING_PSK |
+			IE_RSN_AKM_SUITE_PSK_SHA256 |
+			IE_RSN_AKM_SUITE_SAE_SHA256 |
+			IE_RSN_AKM_SUITE_FT_OVER_SAE_SHA256);
+}
+
 static inline bool IE_CIPHER_IS_GCMP_CCMP(uint32_t cipher_suite)
 {
 	return cipher_suite & (IE_RSN_CIPHER_SUITE_CCMP |
-- 
2.34.1

[PATCH 02/16] dpp-util: refactor dpp_configuration_new into a _psk helper

[James Prestwood]

Prior to adding 802.1x configuration with DPP we need to isolate the
configuration object creation into a PSK variant, as 802.1x options
don't require the passphrase/psk fields.
---
 src/dpp-util.c | 41 ++++++++++++++++++++++++++++++-----------
 1 file changed, 30 insertions(+), 11 deletions(-)

diff --git a/src/dpp-util.c b/src/dpp-util.c
index cfdedbdd..2eacc587 100644
--- a/src/dpp-util.c
+++ b/src/dpp-util.c
@@ -315,17 +315,12 @@ char *dpp_configuration_to_json(struct dpp_configuration *config)
 				config->hidden ? "true" : "false");
 }
 
-struct dpp_configuration *dpp_configuration_new(
-					const struct l_settings *settings,
-					const char *ssid,
-					enum ie_rsn_akm_suite akm_suite)
+static struct dpp_configuration *dpp_configuration_new_psk(
+					const struct l_settings *settings)
 {
 	struct dpp_configuration *config;
 	_auto_(l_free) char *passphrase = NULL;
 	_auto_(l_free) char *psk = NULL;
-	size_t ssid_len = strlen(ssid);
-	bool send_hostname;
-	bool hidden;
 
 	if (!l_settings_has_group(settings, "Security"))
 		return NULL;
@@ -340,15 +335,39 @@ struct dpp_configuration *dpp_configuration_new(
 
 	config = l_new(struct dpp_configuration, 1);
 
-	memcpy(config->ssid, ssid, ssid_len);
-	config->ssid[ssid_len] = '\0';
-	config->ssid_len = ssid_len;
-
 	if (passphrase)
 		config->passphrase = l_steal_ptr(passphrase);
 	else
 		config->psk = l_steal_ptr(psk);
 
+	return config;
+}
+
+struct dpp_configuration *dpp_configuration_new(
+					const struct l_settings *settings,
+					const char *ssid,
+					enum ie_rsn_akm_suite akm_suite)
+{
+	struct dpp_configuration *config;
+	size_t ssid_len = strlen(ssid);
+	bool send_hostname;
+	bool hidden;
+
+	if (IE_AKM_IS_PSK(akm_suite))
+		config = dpp_configuration_new_psk(settings);
+	else {
+		l_warn("DPP not supported using AKM suite %x", akm_suite);
+		return NULL;
+	}
+
+	if (!config) {
+		l_warn("Failed to parse profile settings for DPP");
+		return NULL;
+	}
+
+	memcpy(config->ssid, ssid, ssid_len);
+	config->ssid[ssid_len] = '\0';
+	config->ssid_len = ssid_len;
 
 	config->akm_suites = akm_suite;
 
-- 
2.34.1

[PATCH 03/16] dpp: fix some return/cleanup issues for error cases

[James Prestwood]

There were several error paths which did not reset the dpp_sm and
would then result in the state showing incorrectly as some values
would have remained initialized.
---
 src/dpp.c | 24 ++++++++++++++++++++----
 1 file changed, 20 insertions(+), 4 deletions(-)

diff --git a/src/dpp.c b/src/dpp.c
index 03e2a7a6..32160d96 100644
--- a/src/dpp.c
+++ b/src/dpp.c
@@ -4169,11 +4169,15 @@ static struct l_dbus_message *dpp_start_configurator_common(
 	dpp->state = DPP_STATE_PRESENCE;
 
 	if (!responder) {
-		if (!l_dbus_message_get_arguments(message, "s", &uri))
-			return dbus_error_invalid_args(message);
+		if (!l_dbus_message_get_arguments(message, "s", &uri)) {
+			reply = dbus_error_invalid_args(message);
+			goto error;
+		}
 
-		if (!dpp_configurator_start_presence(dpp, uri))
-			return dbus_error_invalid_args(message);
+		if (!dpp_configurator_start_presence(dpp, uri)) {
+			reply = dbus_error_invalid_args(message);
+			goto error;
+		}
 
 		/* Since we have the peer's URI generate the keys now */
 		l_getrandom(dpp->i_nonce, dpp->nonce_len);
@@ -4196,6 +4200,10 @@ static struct l_dbus_message *dpp_start_configurator_common(
 	dpp->config = dpp_configuration_new(settings,
 						network_get_ssid(network),
 						hs->akm_suite);
+	if (!dpp->config) {
+		reply = dbus_error_not_supported(message);
+		goto error;
+	}
 
 	dpp_property_changed_notify(dpp);
 
@@ -4209,6 +4217,10 @@ static struct l_dbus_message *dpp_start_configurator_common(
 	l_dbus_message_set_arguments(reply, "s", dpp->uri);
 
 	return reply;
+
+error:
+	dpp_reset(dpp);
+	return reply;
 }
 
 static struct l_dbus_message *dpp_dbus_start_configurator(struct l_dbus *dbus,
@@ -4613,6 +4625,10 @@ static struct l_dbus_message *dpp_start_pkex_configurator(struct dpp_sm *dpp,
 	dpp->config = dpp_configuration_new(network_get_settings(network),
 						network_get_ssid(network),
 						hs->akm_suite);
+	if (!dpp->config) {
+		dpp_reset(dpp);
+		return dbus_error_not_supported(message);
+	}
 
 	dpp_reset_protocol_timer(dpp, DPP_PKEX_PROTO_TIMEOUT);
 	dpp_property_changed_notify(dpp);
-- 
2.34.1

[PATCH 04/16] dpp-util: refactor dpp_configuration_to_json for only PSK networks

[James Prestwood]

This renames dpp_configuration_to_json to dpp_psk_config_to_json to
prepare for adding 802.1x provisioning. The 802.1x variant will need
to take additional arguments, so we'll need to isolate the PSK
logic into its own API.
---
 src/dpp-util.c | 27 +++++++++++++++++----------
 src/dpp-util.h |  2 +-
 src/dpp.c      |  2 +-
 3 files changed, 19 insertions(+), 12 deletions(-)

diff --git a/src/dpp-util.c b/src/dpp-util.c
index 2eacc587..62db2081 100644
--- a/src/dpp-util.c
+++ b/src/dpp-util.c
@@ -282,22 +282,15 @@ static const char *dpp_akm_to_string(enum ie_rsn_akm_suite akm_suite)
 	}
 }
 
-char *dpp_configuration_to_json(struct dpp_configuration *config)
+static char *dpp_configuration_to_json(struct dpp_configuration *config,
+					const char *creds)
 {
-	_auto_(l_free) char *pass_or_psk;
 	_auto_(l_free) char *ssid;
 
 	ssid = l_malloc(config->ssid_len + 1);
 	memcpy(ssid, config->ssid, config->ssid_len);
 	ssid[config->ssid_len] = '\0';
 
-	if (config->passphrase)
-		pass_or_psk = l_strdup_printf("\"pass\":\"%s\"",
-						config->passphrase);
-	else
-		pass_or_psk = l_strdup_printf("\"psk\":\"%s\"",
-						config->psk);
-
 	return l_strdup_printf("{\"wi-fi_tech\":\"infra\","
 				"\"discovery\":{"
 					"\"ssid\":\"%s\""
@@ -310,11 +303,25 @@ char *dpp_configuration_to_json(struct dpp_configuration *config)
 					"\"hidden\":%s}"
 				"}",
 				ssid, dpp_akm_to_string(config->akm_suites),
-				pass_or_psk,
+				creds,
 				config->send_hostname ? "true" : "false",
 				config->hidden ? "true" : "false");
 }
 
+char *dpp_psk_config_to_json(struct dpp_configuration *config)
+{
+	_auto_(l_free) char *pass_or_psk;
+
+	if (config->passphrase)
+		pass_or_psk = l_strdup_printf("\"pass\":\"%s\"",
+						config->passphrase);
+	else
+		pass_or_psk = l_strdup_printf("\"psk\":\"%s\"",
+						config->psk);
+
+	return dpp_configuration_to_json(config, pass_or_psk);
+}
+
 static struct dpp_configuration *dpp_configuration_new_psk(
 					const struct l_settings *settings)
 {
diff --git a/src/dpp-util.h b/src/dpp-util.h
index 86ef36f9..f7d7122c 100644
--- a/src/dpp-util.h
+++ b/src/dpp-util.h
@@ -132,7 +132,7 @@ struct dpp_configuration *dpp_configuration_new(
 					const struct l_settings *settings,
 					const char *ssid,
 					enum ie_rsn_akm_suite akm_suite);
-char *dpp_configuration_to_json(struct dpp_configuration *config);
+char *dpp_psk_config_to_json(struct dpp_configuration *config);
 void dpp_configuration_free(struct dpp_configuration *conf);
 
 struct dpp_attr_iter {
diff --git a/src/dpp.c b/src/dpp.c
index 32160d96..41e56197 100644
--- a/src/dpp.c
+++ b/src/dpp.c
@@ -1212,7 +1212,7 @@ static void dpp_send_config_response(struct dpp_sm *dpp, uint8_t status)
 	 * STATUS_CONFIGURE_FAILURE which only includes the E-Nonce.
 	 */
 	if (status == DPP_STATUS_OK) {
-		json = dpp_configuration_to_json(dpp->config);
+		json = dpp_psk_config_to_json(dpp->config);
 		json_len = strlen(json);
 
 		ptr += dpp_append_wrapped_data(attrs + 2, ptr - attrs - 2,
-- 
2.34.1

[PATCH 05/16] dpp: refactor dpp_send_config_response to take JSON as a parameter

[James Prestwood]

The future 802.1x config is too complicated for this to handle
internally so it will now be passed in as an argument.
---
 src/dpp.c | 21 ++++++++++-----------
 1 file changed, 10 insertions(+), 11 deletions(-)

diff --git a/src/dpp.c b/src/dpp.c
index 41e56197..19d10daa 100644
--- a/src/dpp.c
+++ b/src/dpp.c
@@ -1163,13 +1163,13 @@ static void dpp_handle_config_response_frame(const struct mmpdu_header *frame,
 	dpp_reset(dpp);
 }
 
-static void dpp_send_config_response(struct dpp_sm *dpp, uint8_t status)
+static void dpp_send_config_response(struct dpp_sm *dpp, uint8_t status,
+					const char *json)
 {
-	_auto_(l_free) char *json = NULL;
 	struct iovec iov[3];
 	uint8_t hdr[41];
-	uint8_t attrs[512];
-	size_t json_len;
+	size_t json_len = json ? strlen(json) : 0;
+	uint8_t attrs[256 + json_len];
 	uint8_t *ptr = hdr + 24;
 
 	memset(hdr, 0, sizeof(hdr));
@@ -1211,10 +1211,7 @@ static void dpp_send_config_response(struct dpp_sm *dpp, uint8_t status)
 	 * included. For now IWD's basic DPP implementation will assume
 	 * STATUS_CONFIGURE_FAILURE which only includes the E-Nonce.
 	 */
-	if (status == DPP_STATUS_OK) {
-		json = dpp_psk_config_to_json(dpp->config);
-		json_len = strlen(json);
-
+	if (status == DPP_STATUS_OK)
 		ptr += dpp_append_wrapped_data(attrs + 2, ptr - attrs - 2,
 						NULL, 0, ptr, sizeof(attrs),
 						dpp->ke, dpp->key_len, 2,
@@ -1222,7 +1219,7 @@ static void dpp_send_config_response(struct dpp_sm *dpp, uint8_t status)
 						dpp->nonce_len, dpp->e_nonce,
 						DPP_ATTR_CONFIGURATION_OBJECT,
 						json_len, json);
-	} else
+	else
 		ptr += dpp_append_wrapped_data(attrs + 2, ptr - attrs - 2,
 						NULL, 0, ptr, sizeof(attrs),
 						dpp->ke, dpp->key_len, 2,
@@ -1272,6 +1269,7 @@ static void dpp_handle_config_request_frame(const struct mmpdu_header *frame,
 	struct json_iter jsiter;
 	_auto_(l_free) char *tech = NULL;
 	_auto_(l_free) char *role = NULL;
+	_auto_(l_free) char *config_object = NULL;
 
 	if (dpp->state != DPP_STATE_AUTHENTICATING) {
 		l_debug("Configuration request in wrong state");
@@ -1398,12 +1396,13 @@ static void dpp_handle_config_request_frame(const struct mmpdu_header *frame,
 
 	dpp->state = DPP_STATE_CONFIGURING;
 
-	dpp_send_config_response(dpp, DPP_STATUS_OK);
+	config_object = dpp_psk_config_to_json(dpp->config);
+	dpp_send_config_response(dpp, DPP_STATUS_OK, config_object);
 
 	return;
 
 configure_failure:
-	dpp_send_config_response(dpp, DPP_STATUS_CONFIGURE_FAILURE);
+	dpp_send_config_response(dpp, DPP_STATUS_CONFIGURE_FAILURE, NULL);
 	/*
 	 * The other peer is still authenticated, and can potentially send
 	 * additional requests so keep this session alive.
-- 
2.34.1

[PATCH 06/16] dpp: refactor dpp_configuration_start to take the JSON as a parameter

[James Prestwood]

The configuration request for PSK networks is simple and static. This
is now defined as a static string and passed to
dpp_configuration_start.

For future 802.1x networks the configuration request object is more
complex (contains a CSR).
---
 src/dpp.c | 24 ++++++++++++++++++------
 1 file changed, 18 insertions(+), 6 deletions(-)

diff --git a/src/dpp.c b/src/dpp.c
index 19d10daa..16d0a711 100644
--- a/src/dpp.c
+++ b/src/dpp.c
@@ -60,6 +60,17 @@
 #define DPP_AUTH_PROTO_TIMEOUT 10
 #define DPP_PKEX_PROTO_TIMEOUT 120
 #define DPP_PKEX_PROTO_PER_FREQ_TIMEOUT 10
+/*
+ * The default JSON configuration object sent initially. For PSK networks this
+ * is sufficient, but for 802.1x the enrollee will be asked to send another
+ * request containing a CSR
+ */
+#define DPP_CONFIG_REQUEST_DEFAULT_VALUES \
+	"\"name\":\"IWD\"," \
+	"\"wi-fi_tech\":\"infra\"," \
+	"\"netRole\":\"sta\""
+#define DPP_CONFIG_REQUEST_DEFAULT_OBJECT \
+	"{" DPP_CONFIG_REQUEST_DEFAULT_VALUES "}"
 
 static uint32_t netdev_watch;
 static struct l_genl_family *nl80211;
@@ -753,14 +764,13 @@ static void dpp_reset_protocol_timer(struct dpp_sm *dpp, uint32_t time)
  *    does effect the resulting encryption/decryption so this is also what IWD
  *    will do to remain compliant with it.
  */
-static void dpp_configuration_start(struct dpp_sm *dpp, const uint8_t *addr)
+static void dpp_configuration_start(struct dpp_sm *dpp, const uint8_t *addr,
+					const char *json)
 {
-	const char *json = "{\"name\":\"IWD\",\"wi-fi_tech\":\"infra\","
-				"\"netRole\":\"sta\"}";
 	struct iovec iov[3];
 	uint8_t hdr[37];
-	uint8_t attrs[512];
 	size_t json_len = strlen(json);
+	uint8_t attrs[256 + json_len];
 	uint8_t *ptr = attrs;
 
 	l_getrandom(&dpp->diag_token, 1);
@@ -1689,7 +1699,8 @@ static void authenticate_confirm(struct dpp_sm *dpp, const uint8_t *from,
 	dpp_reset_protocol_timer(dpp, DPP_AUTH_PROTO_TIMEOUT);
 
 	if (dpp->role == DPP_CAPABILITY_ENROLLEE)
-		dpp_configuration_start(dpp, from);
+		dpp_configuration_start(dpp, from,
+					DPP_CONFIG_REQUEST_DEFAULT_OBJECT);
 
 	return;
 
@@ -2490,7 +2501,8 @@ static void authenticate_response(struct dpp_sm *dpp, const uint8_t *from,
 	dpp_send_authenticate_confirm(dpp);
 
 	if (dpp->role == DPP_CAPABILITY_ENROLLEE)
-		dpp_configuration_start(dpp, from);
+		dpp_configuration_start(dpp, from,
+					DPP_CONFIG_REQUEST_DEFAULT_OBJECT);
 
 }
 
-- 
2.34.1

[PATCH 07/16] dpp: refactor config writing, add checks for PSK

[James Prestwood]

When writing the config object ensure the network security of the
scanned network is PSK, and matches the config object recieved.
---
 src/dpp.c | 60 ++++++++++++++++++++++++++++++++++++++++++++-----------
 1 file changed, 48 insertions(+), 12 deletions(-)

diff --git a/src/dpp.c b/src/dpp.c
index 16d0a711..3ad60188 100644
--- a/src/dpp.c
+++ b/src/dpp.c
@@ -832,25 +832,57 @@ static void send_config_result(struct dpp_sm *dpp, const uint8_t *to)
 	dpp_send_frame(dpp, iov, 2, dpp->current_freq);
 }
 
-static void dpp_write_config(struct dpp_configuration *config,
+static void dpp_write_psk_config(struct dpp_configuration *config,
+					struct l_settings *settings)
+{
+	if (config->passphrase)
+		l_settings_set_string(settings, "Security", "Passphrase",
+				config->passphrase);
+	else if (config->psk)
+		l_settings_set_string(settings, "Security", "PreSharedKey",
+				config->psk);
+}
+
+static bool dpp_write_config(struct dpp_configuration *config,
 				struct network *network)
 {
 	_auto_(l_settings_free) struct l_settings *settings = l_settings_new();
-	_auto_(l_free) char *path;
+	_auto_(l_free) char *path = NULL;
+	enum security security;
+
+	if (!network) {
+		l_warn("Network not seen in results, can't validate security");
+
+		if (IE_AKM_IS_PSK(config->akm_suites))
+			security = SECURITY_PSK;
+		else
+			return false;
+
+		goto write_config;
+	} else
+		security = network_get_security(network);
 
-	path = storage_get_network_file_path(SECURITY_PSK, config->ssid);
+	if (security == SECURITY_PSK) {
+		if (!IE_AKM_IS_PSK(config->akm_suites)) {
+			l_warn("Network is PSK but DPP config is not!");
+			return false;
+		}
+	} else {
+		l_warn("Unsupported network security %s",
+				security_to_str(security));
+		return false;
+	}
+
+write_config:
+	path = storage_get_network_file_path(security, config->ssid);
 
 	if (l_settings_load_from_file(settings, path)) {
 		/* Remove any existing Security keys */
 		l_settings_remove_group(settings, "Security");
 	}
 
-	if (config->passphrase)
-		l_settings_set_string(settings, "Security", "Passphrase",
-				config->passphrase);
-	else if (config->psk)
-		l_settings_set_string(settings, "Security", "PreSharedKey",
-				config->psk);
+	if (security == SECURITY_PSK)
+		dpp_write_psk_config(config, settings);
 
 	if (config->send_hostname)
 		l_settings_set_bool(settings, "IPv4", "SendHostname", true);
@@ -859,8 +891,10 @@ static void dpp_write_config(struct dpp_configuration *config,
 		l_settings_set_bool(settings, "Settings", "Hidden", true);
 
 	l_debug("Storing credential for '%s(%s)'", config->ssid,
-						security_to_str(SECURITY_PSK));
-	storage_network_sync(SECURITY_PSK, config->ssid, settings);
+						security_to_str(security));
+	storage_network_sync(security, config->ssid, settings);
+
+	return true;
 }
 
 static void dpp_scan_triggered(int err, void *user_data)
@@ -1141,7 +1175,8 @@ static void dpp_handle_config_response_frame(const struct mmpdu_header *frame,
 			bss = network_bss_select(network, true);
 	}
 
-	dpp_write_config(config, network);
+	if (!dpp_write_config(config, network))
+		goto free_config;
 
 	send_config_result(dpp, dpp->peer_addr);
 
@@ -1169,6 +1204,7 @@ static void dpp_handle_config_response_frame(const struct mmpdu_header *frame,
 		}
 	}
 
+free_config:
 	dpp_configuration_free(config);
 	dpp_reset(dpp);
 }
-- 
2.34.1

[PATCH 08/16] dpp-util: check the AKM is "psk" before further parsing the object

[James Prestwood]

---
 src/dpp-util.c | 24 +++++++++++++++---------
 1 file changed, 15 insertions(+), 9 deletions(-)

diff --git a/src/dpp-util.c b/src/dpp-util.c
index 62db2081..2e4b181b 100644
--- a/src/dpp-util.c
+++ b/src/dpp-util.c
@@ -196,6 +196,7 @@ struct dpp_configuration *dpp_parse_configuration_object(const char *json,
 	_auto_(l_free) char *akm = NULL;
 	_auto_(l_free) char *pass = NULL;
 	_auto_(l_free) char *psk = NULL;
+	uint32_t akm_suites;
 
 	c = json_contents_new(json, json_len);
 	if (!c)
@@ -229,23 +230,28 @@ struct dpp_configuration *dpp_parse_configuration_object(const char *json,
 			JSON_UNDEFINED))
 		goto free_contents;
 
-	if (!pass && (!psk || strlen(psk) != 64))
+	akm_suites = dpp_parse_akm(akm);
+
+	if (!akm_suites)
 		goto free_contents;
 
 	config = l_new(struct dpp_configuration, 1);
+	config->akm_suites = akm_suites;
 
-	if (pass)
-		config->passphrase = l_steal_ptr(pass);
-	else
-		config->psk = l_steal_ptr(psk);
+	if (IE_AKM_IS_PSK(akm_suites)) {
+		if (!pass && (!psk || strlen(psk) != 64))
+			goto free_config;
+
+		if (pass)
+			config->passphrase = l_steal_ptr(pass);
+		else
+			config->psk = l_steal_ptr(psk);
+	} else
+		goto free_config;
 
 	memcpy(config->ssid, ssid, strlen(ssid));
 	config->ssid_len = strlen(ssid);
 
-	config->akm_suites = dpp_parse_akm(akm);
-	if (!config->akm_suites)
-		goto free_config;
-
 	if (json_iter_is_valid(&extra)) {
 		if (!dpp_parse_extra_options(config, &extra))
 			l_warn("Extra settings failed to parse!");
-- 
2.34.1

[PATCH 09/16] dbus: add generic DPP agent interface

[James Prestwood]

This will handle all DPP related agent requests.
---
 src/dbus.h | 1 +
 1 file changed, 1 insertion(+)

diff --git a/src/dbus.h b/src/dbus.h
index 6d7074bf..d667cb23 100644
--- a/src/dbus.h
+++ b/src/dbus.h
@@ -49,6 +49,7 @@
 	"net.connman.iwd.NetworkConfigurationAgent"
 #define IWD_SHARED_CODE_AGENT_INTERFACE "net.connman.iwd.SharedCodeAgent"
 #define IWD_BSS_INTERFACE "net.connman.iwd.BasicServiceSet"
+#define IWD_DPP_AGENT_INTERFACE "net.connman.iwd.DeviceProvisioningAgent"
 
 #define IWD_BASE_PATH "/net/connman/iwd"
 #define IWD_AGENT_MANAGER_PATH IWD_BASE_PATH
-- 
2.34.1

[PATCH 10/16] dpp: replace PKEX agent with generic DPP agent

[James Prestwood]

This is one of two commits which replaces the existing shared code
agent with a generic DPP agent. This commit alone breaks DPP PKEX
but the next will fully remove the PKEX agent in place of the new
generic agent.

This is being done to prepare for enterprise DPP configuration where
additional agent APIs will be needed. Rather than invent a new
agent type it makes sense to bundle both into one and just define
separate methods, PKEX/Enterprise.
---
 src/dpp.c | 168 +++++++++++++++++++++++++++++++++++-------------------
 src/dpp.h |  24 ++++++++
 2 files changed, 133 insertions(+), 59 deletions(-)
 create mode 100644 src/dpp.h

diff --git a/src/dpp.c b/src/dpp.c
index 3ad60188..7b700018 100644
--- a/src/dpp.c
+++ b/src/dpp.c
@@ -54,6 +54,7 @@
 #include "src/handshake.h"
 #include "src/nl80211util.h"
 #include "src/knownnetworks.h"
+#include "src/dpp.h"
 
 #define DPP_FRAME_MAX_RETRIES 5
 #define DPP_FRAME_RETRY_TIMEOUT 1
@@ -81,6 +82,10 @@ static uint32_t unicast_watch;
 
 static uint8_t dpp_prefix[] = { 0x04, 0x09, 0x50, 0x6f, 0x9a, 0x1a, 0x01 };
 
+static char *dpp_agent_name;
+static char *dpp_agent_path;
+static unsigned int dpp_agent_watch;
+
 enum dpp_state {
 	DPP_STATE_NOTHING,
 	DPP_STATE_PRESENCE,
@@ -134,6 +139,7 @@ struct dpp_sm {
 	enum dpp_state state;
 	enum dpp_interface interface;
 
+	uint32_t agent_request_id;
 	struct pkex_agent *agent;
 
 	/*
@@ -373,64 +379,6 @@ static void dpp_free_pending_pkex_data(struct dpp_sm *dpp)
 	}
 }
 
-static void pkex_agent_free(void *data)
-{
-	struct pkex_agent *agent = data;
-
-	l_free(agent->owner);
-	l_free(agent->path);
-	l_dbus_remove_watch(dbus_get_bus(), agent->disconnect_watch);
-	l_free(agent);
-}
-
-static void dpp_agent_cancel(struct dpp_sm *dpp)
-{
-	struct l_dbus_message *msg;
-
-	const char *reason = "shutdown";
-
-	msg = l_dbus_message_new_method_call(dbus_get_bus(),
-						dpp->agent->owner,
-						dpp->agent->path,
-						IWD_SHARED_CODE_AGENT_INTERFACE,
-						"Cancel");
-	l_dbus_message_set_arguments(msg, "s", reason);
-	l_dbus_message_set_no_reply(msg, true);
-	l_dbus_send(dbus_get_bus(), msg);
-}
-
-static void dpp_agent_release(struct dpp_sm *dpp)
-{
-	struct l_dbus_message *msg;
-
-	msg = l_dbus_message_new_method_call(dbus_get_bus(),
-						dpp->agent->owner,
-						dpp->agent->path,
-						IWD_SHARED_CODE_AGENT_INTERFACE,
-						"Release");
-	l_dbus_message_set_arguments(msg, "");
-	l_dbus_message_set_no_reply(msg, true);
-	l_dbus_send(dbus_get_bus(), msg);
-}
-
-static void dpp_destroy_agent(struct dpp_sm *dpp)
-{
-	if (!dpp->agent)
-		return;
-
-	if (dpp->agent->pending_id) {
-		dpp_agent_cancel(dpp);
-		l_dbus_cancel(dbus_get_bus(), dpp->agent->pending_id);
-	}
-
-	dpp_agent_release(dpp);
-
-	l_debug("Released SharedCodeAgent on path %s", dpp->agent->path);
-
-	pkex_agent_free(dpp->agent);
-	dpp->agent = NULL;
-}
-
 static void dpp_free_auth_data(struct dpp_sm *dpp)
 {
 	if (dpp->own_proto_public) {
@@ -480,6 +428,47 @@ static void dpp_free_auth_data(struct dpp_sm *dpp)
 
 }
 
+static void dpp_agent_cancel(struct dpp_sm *dpp)
+{
+	struct l_dbus_message *msg;
+	const char *reason = "shutdown";
+
+	if (L_WARN_ON(!dpp_agent_name))
+		return;
+
+	msg = l_dbus_message_new_method_call(dbus_get_bus(),
+						dpp_agent_name,
+						dpp_agent_path,
+						IWD_DPP_AGENT_INTERFACE,
+						"CancelSharedCode");
+	l_dbus_message_set_arguments(msg, "s", reason);
+	l_dbus_message_set_no_reply(msg, true);
+	l_dbus_send(dbus_get_bus(), msg);
+
+	l_dbus_cancel(dbus_get_bus(), dpp->agent_request_id);
+	dpp->agent_request_id = 0;
+}
+
+static void dpp_agent_release(void)
+{
+	struct l_dbus_message *msg;
+
+	if (L_WARN_ON(!dpp_agent_name))
+		return;
+
+	msg = l_dbus_message_new_method_call(dbus_get_bus(),
+						dpp_agent_name,
+						dpp_agent_path,
+						IWD_DPP_AGENT_INTERFACE,
+						"Release");
+	l_dbus_message_set_arguments(msg, "");
+	l_dbus_message_set_no_reply(msg, true);
+	l_dbus_send(dbus_get_bus(), msg);
+
+	l_dbus_remove_watch(dbus_get_bus(), dpp_agent_watch);
+}
+
+
 static void dpp_reset(struct dpp_sm *dpp)
 {
 	struct station *station = station_find(netdev_get_ifindex(dpp->netdev));
@@ -555,7 +544,8 @@ static void dpp_reset(struct dpp_sm *dpp)
 	explicit_bzero(dpp->z, dpp->key_len);
 	explicit_bzero(dpp->u, dpp->u_len);
 
-	dpp_destroy_agent(dpp);
+	if (dpp->agent_request_id)
+		dpp_agent_cancel(dpp);
 
 	dpp_free_pending_pkex_data(dpp);
 
@@ -599,6 +589,63 @@ static void dpp_free(struct dpp_sm *dpp)
 	l_free(dpp);
 }
 
+static void dpp_agent_disconnect_cb(struct l_dbus *dbus, void *user_data)
+{
+	const struct l_queue_entry *e;
+
+	l_debug("DPP agent disconnected");
+
+	for (e = l_queue_get_entries(dpp_list); e; e = e->next) {
+		struct dpp_sm *dpp = e->data;
+
+		/*
+		 * If this DPP SM was in the process of making an agent request
+		 * this protocol run won't complete, reset
+		 */
+		if (dpp->agent_request_id)
+			dpp_reset(dpp);
+	}
+
+	l_dbus_remove_watch(dbus, dpp_agent_watch);
+}
+
+static void dpp_agent_watch_destroy(void *user_data)
+{
+	dpp_agent_watch = 0;
+
+	l_free(dpp_agent_name);
+	dpp_agent_name = NULL;
+	l_free(dpp_agent_path);
+	dpp_agent_path = NULL;
+}
+
+int dpp_register_agent(const char *name, const char *path)
+{
+	if (dpp_agent_path)
+		return -EEXIST;
+
+	dpp_agent_name = l_strdup(name);
+	dpp_agent_path = l_strdup(path);
+	dpp_agent_watch = l_dbus_add_disconnect_watch(dbus_get_bus(),
+						name,
+						dpp_agent_disconnect_cb,
+						NULL, dpp_agent_watch_destroy);
+	return 0;
+}
+
+int dpp_unregister_agent(const char *name, const char *path)
+{
+	if (!dpp_agent_path || strcmp(dpp_agent_path, path))
+		return -ENOENT;
+
+	if (strcmp(dpp_agent_name, name))
+		return -EPERM;
+
+	l_dbus_remove_watch(dbus_get_bus(), dpp_agent_watch);
+
+	return 0;
+}
+
 static void dpp_send_frame_cb(struct l_genl_msg *msg, void *user_data)
 {
 	struct dpp_sm *dpp = user_data;
@@ -4832,6 +4879,9 @@ static void dpp_exit(void)
 	nl80211 = NULL;
 
 	l_queue_destroy(dpp_list, (l_queue_destroy_func_t) dpp_free);
+
+	if (dpp_agent_name)
+		dpp_agent_release();
 }
 
 IWD_MODULE(dpp, dpp_init, dpp_exit);
diff --git a/src/dpp.h b/src/dpp.h
new file mode 100644
index 00000000..d66deb52
--- /dev/null
+++ b/src/dpp.h
@@ -0,0 +1,24 @@
+/*
+ *
+ *  Wireless daemon for Linux
+ *
+ *  Copyright (C) 2024  Locus Robotics. All rights reserved.
+ *
+ *  This library is free software; you can redistribute it and/or
+ *  modify it under the terms of the GNU Lesser General Public
+ *  License as published by the Free Software Foundation; either
+ *  version 2.1 of the License, or (at your option) any later version.
+ *
+ *  This library is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ *  Lesser General Public License for more details.
+ *
+ *  You should have received a copy of the GNU Lesser General Public
+ *  License along with this library; if not, write to the Free Software
+ *  Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
+ *
+ */
+
+int dpp_register_agent(const char *name, const char *path);
+int dpp_unregister_agent(const char *name, const char *path);
-- 
2.34.1

[PATCH 11/16] agent: add APIs for DeviceProvisioningAgent

[James Prestwood]

This adds {Register,Unregister}DeviceProvisioningAgent to the
AgentManager interface. These are simple wrappers which just call
into DPP.
---
 src/agent.c | 58 +++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 58 insertions(+)

diff --git a/src/agent.c b/src/agent.c
index 0f718b87..bf0a88ea 100644
--- a/src/agent.c
+++ b/src/agent.c
@@ -32,6 +32,7 @@
 #include "src/agent.h"
 #include "src/iwd.h"
 #include "src/module.h"
+#include "src/dpp.h"
 
 static unsigned int next_request_id = 0;
 
@@ -639,6 +640,54 @@ static struct l_dbus_message *netconfig_agent_unregister(struct l_dbus *dbus,
 	return reply;
 }
 
+static struct l_dbus_message *device_provisioning_agent_register(
+						struct l_dbus *dbus,
+						struct l_dbus_message *message,
+						void *user_data)
+{
+	struct l_dbus_message *reply;
+	const char *path;
+	int r;
+
+	l_debug("");
+
+	if (!l_dbus_message_get_arguments(message, "o", &path))
+		return dbus_error_invalid_args(message);
+
+	r = dpp_register_agent(l_dbus_message_get_sender(message), path);
+	if (r)
+		return dbus_error_from_errno(r, message);
+
+	l_debug("device provisioning agent %s path %s",
+		l_dbus_message_get_sender(message), path);
+
+	reply = l_dbus_message_new_method_return(message);
+	l_dbus_message_set_arguments(reply, "");
+	return reply;
+}
+
+static struct l_dbus_message *device_provisioning_agent_unregister(struct l_dbus *dbus,
+						struct l_dbus_message *message,
+					void *user_data)
+{
+	struct l_dbus_message *reply;
+	const char *path;
+	int r;
+
+	l_debug("");
+
+	if (!l_dbus_message_get_arguments(message, "o", &path))
+		return dbus_error_invalid_args(message);
+
+	r = dpp_unregister_agent(l_dbus_message_get_sender(message), path);
+	if (r)
+		return dbus_error_from_errno(r, message);
+
+	reply = l_dbus_message_new_method_return(message);
+	l_dbus_message_set_arguments(reply, "");
+	return reply;
+}
+
 static void setup_agent_interface(struct l_dbus_interface *interface)
 {
 	l_dbus_interface_method(interface, "RegisterAgent", 0,
@@ -654,6 +703,15 @@ static void setup_agent_interface(struct l_dbus_interface *interface)
 	l_dbus_interface_method(interface,
 				"UnregisterNetworkConfigurationAgent", 0,
 				netconfig_agent_unregister, "", "o", "path");
+
+	l_dbus_interface_method(interface,
+				"RegisterDeviceProvisioningAgent", 0,
+				device_provisioning_agent_register,
+				"", "o", "path");
+	l_dbus_interface_method(interface,
+				"UnregisterDeviceProvisioningAgent", 0,
+				device_provisioning_agent_unregister,
+				"", "o", "path");
 }
 
 static bool release_agent(void *data, void *user_data)
-- 
2.34.1

[PATCH 12/16] dpp: replace SharedCodeAgent with DeviceProvisioningAgent

[James Prestwood]

This fully removes the SharedCodeAgent which was specific to the PKEX
protocol and replaces it with the more generalized
DeviceProvisioningAgent. The new agent should still implement the
shared code method and effectively behave no differently in that
regard.

The main difference as far as the API is the new agent must be
registered via the AgentManager interface, not passed in via the
method arguments to ConfigureEnrollee().
---
 src/dpp.c | 63 ++++++++++++-------------------------------------------
 1 file changed, 13 insertions(+), 50 deletions(-)

diff --git a/src/dpp.c b/src/dpp.c
index 7b700018..d1912eaf 100644
--- a/src/dpp.c
+++ b/src/dpp.c
@@ -106,13 +106,6 @@ enum dpp_interface {
 	DPP_INTERFACE_PKEX,
 };
 
-struct pkex_agent {
-	char *owner;
-	char *path;
-	unsigned int disconnect_watch;
-	uint32_t pending_id;
-};
-
 struct dpp_sm {
 	struct netdev *netdev;
 	char *uri;
@@ -140,7 +133,6 @@ struct dpp_sm {
 	enum dpp_interface interface;
 
 	uint32_t agent_request_id;
-	struct pkex_agent *agent;
 
 	/*
 	 * List of frequencies to jump between. The presence of this list is
@@ -2088,7 +2080,7 @@ static void dpp_offchannel_timeout(int error, void *user_data)
 
 	switch (dpp->state) {
 	case DPP_STATE_PKEX_EXCHANGE:
-		if (dpp->role != DPP_CAPABILITY_CONFIGURATOR || !dpp->agent)
+		if (dpp->role != DPP_CAPABILITY_CONFIGURATOR || !dpp_agent_name)
 			break;
 
 		/*
@@ -2097,7 +2089,7 @@ static void dpp_offchannel_timeout(int error, void *user_data)
 		 * for our response so cancel the request and continue waiting
 		 * for another request
 		 */
-		if (dpp->agent->pending_id) {
+		if (dpp->agent_request_id) {
 			dpp_free_pending_pkex_data(dpp);
 			dpp_agent_cancel(dpp);
 		}
@@ -3228,10 +3220,10 @@ static void dpp_pkex_agent_reply(struct l_dbus_message *message,
 	const char *error, *text;
 	const char *code;
 
-	dpp->agent->pending_id = 0;
+	dpp->agent_request_id = 0;
 
-	l_debug("SharedCodeAgent %s path %s replied", dpp->agent->owner,
-			dpp->agent->path);
+	l_debug("DeviceProvisioningAgent %s path %s replied", dpp_agent_name,
+			dpp_agent_path);
 
 	if (l_dbus_message_get_error(message, &error, &text)) {
 		l_error("RequestSharedCode(%s) returned %s(\"%s\")",
@@ -3240,7 +3232,7 @@ static void dpp_pkex_agent_reply(struct l_dbus_message *message,
 	}
 
 	if (!l_dbus_message_get_arguments(message, "s", &code)) {
-		l_debug("Invalid arguments, check SharedCodeAgent!");
+		l_debug("Invalid arguments, check DeviceProvisioningAgent!");
 		goto reset;
 	}
 
@@ -3257,25 +3249,25 @@ static bool dpp_pkex_agent_request(struct dpp_sm *dpp)
 {
 	struct l_dbus_message *msg;
 
-	if (!dpp->agent)
+	if (!dpp_agent_name)
 		return false;
 
-	if (L_WARN_ON(dpp->agent->pending_id))
+	if (L_WARN_ON(dpp->agent_request_id))
 		return false;
 
 	msg = l_dbus_message_new_method_call(dbus_get_bus(),
-						dpp->agent->owner,
-						dpp->agent->path,
-						IWD_SHARED_CODE_AGENT_INTERFACE,
+						dpp_agent_name,
+						dpp_agent_path,
+						IWD_DPP_AGENT_INTERFACE,
 						"RequestSharedCode");
 	l_dbus_message_set_arguments(msg, "s", dpp->pkex_id);
 
 
-	dpp->agent->pending_id = l_dbus_send_with_reply(dbus_get_bus(),
+	dpp->agent_request_id = l_dbus_send_with_reply(dbus_get_bus(),
 							msg,
 							dpp_pkex_agent_reply,
 							dpp, NULL);
-	return dpp->agent->pending_id != 0;
+	return dpp->agent_request_id != 0;
 }
 
 static void dpp_handle_pkex_exchange_request(struct dpp_sm *dpp,
@@ -4648,32 +4640,6 @@ invalid_args:
 	return dbus_error_invalid_args(message);
 }
 
-static void pkex_agent_disconnect(struct l_dbus *dbus, void *user_data)
-{
-	struct dpp_sm *dpp = user_data;
-
-	l_debug("SharedCodeAgent %s disconnected", dpp->agent->path);
-
-	dpp_reset(dpp);
-}
-
-static void dpp_create_agent(struct dpp_sm *dpp, const char *path,
-					struct l_dbus_message *message)
-{
-	const char *sender = l_dbus_message_get_sender(message);
-
-	dpp->agent = l_new(struct pkex_agent, 1);
-	dpp->agent->owner = l_strdup(sender);
-	dpp->agent->path = l_strdup(path);
-	dpp->agent->disconnect_watch = l_dbus_add_disconnect_watch(
-							dbus_get_bus(),
-							sender,
-							pkex_agent_disconnect,
-							dpp, NULL);
-
-	l_debug("Registered a SharedCodeAgent on path %s", path);
-}
-
 static struct l_dbus_message *dpp_start_pkex_configurator(struct dpp_sm *dpp,
 					const char *key, const char *identifier,
 					const char *agent_path,
@@ -4708,9 +4674,6 @@ static struct l_dbus_message *dpp_start_pkex_configurator(struct dpp_sm *dpp,
 	if (key)
 		dpp->pkex_key = l_strdup(key);
 
-	if (agent_path)
-		dpp_create_agent(dpp, agent_path, message);
-
 	dpp->role = DPP_CAPABILITY_CONFIGURATOR;
 	dpp->state = DPP_STATE_PKEX_EXCHANGE;
 	dpp->interface = DPP_INTERFACE_PKEX;
-- 
2.34.1

[PATCH 13/16] dpp: remove agent path from StartConfigurator

[James Prestwood]

The agent must now be registered via the AgentManager interface, so
remove the path argument as it is not used anymore.
---
 src/dpp.c | 11 +++--------
 1 file changed, 3 insertions(+), 8 deletions(-)

diff --git a/src/dpp.c b/src/dpp.c
index d1912eaf..7a744ed3 100644
--- a/src/dpp.c
+++ b/src/dpp.c
@@ -4642,7 +4642,6 @@ invalid_args:
 
 static struct l_dbus_message *dpp_start_pkex_configurator(struct dpp_sm *dpp,
 					const char *key, const char *identifier,
-					const char *agent_path,
 					struct l_dbus_message *message)
 {
 	struct handshake_state *hs = netdev_get_handshake(dpp->netdev);
@@ -4715,7 +4714,7 @@ static struct l_dbus_message *dpp_dbus_pkex_configure_enrollee(
 	if (!dpp_parse_pkex_args(message, &key, &id, NULL, NULL))
 		return dbus_error_invalid_args(message);
 
-	return dpp_start_pkex_configurator(dpp, key, id, NULL, message);
+	return dpp_start_pkex_configurator(dpp, key, id, message);
 }
 
 static struct l_dbus_message *dpp_dbus_pkex_start_configurator(
@@ -4724,12 +4723,8 @@ static struct l_dbus_message *dpp_dbus_pkex_start_configurator(
 						void *user_data)
 {
 	struct dpp_sm *dpp = user_data;
-	const char *path;
 
-	if (!l_dbus_message_get_arguments(message, "o", &path))
-		return dbus_error_invalid_args(message);
-
-	return dpp_start_pkex_configurator(dpp, NULL, NULL, path, message);
+	return dpp_start_pkex_configurator(dpp, NULL, NULL, message);
 }
 
 static void dpp_setup_interface(struct l_dbus_interface *interface)
@@ -4774,7 +4769,7 @@ static void dpp_setup_pkex_interface(struct l_dbus_interface *interface)
 	l_dbus_interface_method(interface, "ConfigureEnrollee", 0,
 			dpp_dbus_pkex_configure_enrollee, "", "a{sv}", "args");
 	l_dbus_interface_method(interface, "StartConfigurator", 0,
-			dpp_dbus_pkex_start_configurator, "", "o", "path");
+			dpp_dbus_pkex_start_configurator, "", "");
 
 	l_dbus_interface_property(interface, "Started", 0, "b",
 			dpp_pkex_get_started, NULL);
-- 
2.34.1

[PATCH 14/16] auto-t: update utils to use DeviceProvisioningAgent

[James Prestwood]

---
 autotests/util/iwd.py | 48 ++++++++++++++++++++++++++++++++-----------
 1 file changed, 36 insertions(+), 12 deletions(-)

diff --git a/autotests/util/iwd.py b/autotests/util/iwd.py
index 83f2d9ef..262afe52 100755
--- a/autotests/util/iwd.py
+++ b/autotests/util/iwd.py
@@ -43,7 +43,7 @@ IWD_P2P_WFD_INTERFACE =         'net.connman.iwd.p2p.Display'
 IWD_STATION_DEBUG_INTERFACE =   'net.connman.iwd.StationDebug'
 IWD_DPP_INTERFACE =             'net.connman.iwd.DeviceProvisioning'
 IWD_DPP_PKEX_INTERFACE =        'net.connman.iwd.SharedCodeDeviceProvisioning'
-IWD_SHARED_CODE_AGENT_INTERFACE = 'net.connman.iwd.SharedCodeAgent'
+IWD_DPP_AGENT_INTERFACE =       'net.connman.iwd.DeviceProvisioningAgent'
 
 IWD_AGENT_MANAGER_PATH =        '/net/connman/iwd'
 IWD_TOP_LEVEL_PATH =            '/'
@@ -214,31 +214,32 @@ class SignalAgent(dbus.service.Object):
     def handle_new_level(self, path, level):
         pass
 
-class SharedCodeAgent(dbus.service.Object):
+class DeviceProvisioningAgent(dbus.service.Object):
     def __init__(self, codes = {}):
         self._path = '/test/agent/' + str(int(round(time.time() * 1000)))
         self._codes = codes
+        self._bus = dbus.bus.BusConnection(address_or_type=ctx.dbus_address)
 
-        dbus.service.Object.__init__(self, ctx.get_bus(), self._path)
+        dbus.service.Object.__init__(self, self._bus, self._path)
 
     @property
     def path(self):
         return self._path
 
-    @dbus.service.method(IWD_SHARED_CODE_AGENT_INTERFACE,
+    @dbus.service.method(IWD_DPP_AGENT_INTERFACE,
                          in_signature='', out_signature='')
     def Release(self):
-        print("SharedCodeAgent released")
+        print("DeviceProvisioningAgent released")
 
-    @dbus.service.method(IWD_SHARED_CODE_AGENT_INTERFACE,
+    @dbus.service.method(IWD_DPP_AGENT_INTERFACE,
                          in_signature='s', out_signature='')
-    def Cancel(self, reason):
-        print("SharedCodeAgent canceled (%s)" % reason)
+    def CancelSharedCode(self, reason):
+        print("DeviceProvisioningAgent canceled (%s)" % reason)
 
-    @dbus.service.method(IWD_SHARED_CODE_AGENT_INTERFACE,
+    @dbus.service.method(IWD_DPP_AGENT_INTERFACE,
                          in_signature='s', out_signature='s')
     def RequestSharedCode(self, identifier):
-        print("SharedCodeAgent request for %s" % identifier)
+        print("DeviceProvisioningAgent request for %s" % identifier)
 
         code = self._codes.get(identifier, None)
         if not code:
@@ -352,8 +353,8 @@ class SharedCodeDeviceProvisioning(IWDDBusAbstract):
 
         self._iface.StartEnrollee(args)
 
-    def start_configurator(self, path):
-        self._iface.StartConfigurator(dbus.ObjectPath(path))
+    def start_configurator(self):
+        self._iface.StartConfigurator()
 
     def configure_enrollee(self, code, identifier=None):
         args = {
@@ -1572,6 +1573,29 @@ class IWD(AsyncOpAbstract):
         self._wait_for_async_op()
         self.psk_agents.remove(psk_agent)
 
+    def register_dpp_agent(self, dpp_agent):
+        iface = dbus.Interface(dpp_agent._bus.get_object(IWD_SERVICE,
+                                                IWD_AGENT_MANAGER_PATH),
+                                                IWD_AGENT_MANAGER_INTERFACE)
+        iface.RegisterDeviceProvisioningAgent(dpp_agent.path,
+                            dbus_interface=IWD_AGENT_MANAGER_INTERFACE,
+                            reply_handler=self._success,
+                            error_handler=self._failure)
+
+        self._wait_for_async_op()
+        self.dpp_agent = dpp_agent
+
+    def unregister_dpp_agent(self, dpp_agent):
+        iface = dbus.Interface(dpp_agent._bus.get_object(IWD_SERVICE,
+                                                IWD_AGENT_MANAGER_PATH),
+                                                IWD_AGENT_MANAGER_INTERFACE)
+        iface.UnregisterDeviceProvisioningAgent(dpp_agent.path,
+                                dbus_interface=IWD_AGENT_MANAGER_INTERFACE,
+                                reply_handler=self._success,
+                                error_handler=self._failure)
+        self._wait_for_async_op()
+        self.dpp_agent = None
+
     @staticmethod
     def get_instance():
         return IWD._default_instance()
-- 
2.34.1

[PATCH 15/16] auto-t: update PKEX test to use DeviceProvisioningAgent

[James Prestwood]

This also removes the unused import of the old SharedCodeAgent
object from the state change test
---
 autotests/testDPP/pkex_test.py         | 7 ++++---
 autotests/testDPP/state_change_test.py | 8 +-------
 2 files changed, 5 insertions(+), 10 deletions(-)

diff --git a/autotests/testDPP/pkex_test.py b/autotests/testDPP/pkex_test.py
index a651c6f6..62172785 100644
--- a/autotests/testDPP/pkex_test.py
+++ b/autotests/testDPP/pkex_test.py
@@ -4,7 +4,7 @@ import unittest
 import sys
 
 sys.path.append('../util')
-from iwd import IWD, SharedCodeAgent, DeviceState
+from iwd import IWD, DeviceProvisioningAgent, DeviceState
 from iwd import DeviceProvisioning
 from wpas import Wpas
 from hostapd import HostapdCLI
@@ -37,9 +37,10 @@ class Test(unittest.TestCase):
         self.wd.wait_for_object_condition(device, condition)
 
         if agent:
-            self.agent = SharedCodeAgent(codes = {"test": "secret123"})
+            agent = DeviceProvisioningAgent(codes = {"test": "secret123"})
+            self.wd.register_dpp_agent(agent)
 
-            device.dpp_pkex_start_configurator(self.agent.path)
+            device.dpp_pkex_start_configurator()
         else:
             device.dpp_pkex_configure_enrollee('secret123', identifier="test")
 
diff --git a/autotests/testDPP/state_change_test.py b/autotests/testDPP/state_change_test.py
index d52f2b12..f1ac7d5e 100644
--- a/autotests/testDPP/state_change_test.py
+++ b/autotests/testDPP/state_change_test.py
@@ -4,14 +4,8 @@ import unittest
 import sys
 
 sys.path.append('../util')
-from iwd import IWD, SharedCodeAgent, DeviceState
-from iwd import DeviceProvisioning
-from wpas import Wpas
+from iwd import IWD
 from hostapd import HostapdCLI
-from hwsim import Hwsim
-from config import ctx
-from time import time
-import os
 
 class Test(unittest.TestCase):
     def auto_connect(self):
-- 
2.34.1

[PATCH 16/16] doc: Document new DeviceProvisioningAgent

[James Prestwood]

This moves the SharedCodeAgent docs into the AgentManager interface
and renames it to DeviceProvisioningAgent. The agent path parameter
was also removed from the StartConfigurator() method.
---
 doc/agent-api.txt               | 56 +++++++++++++++++++++++++++++++++
 doc/device-provisioning-api.txt | 48 ++++------------------------
 2 files changed, 62 insertions(+), 42 deletions(-)

diff --git a/doc/agent-api.txt b/doc/agent-api.txt
index e9bb95ca..1cc7eafe 100644
--- a/doc/agent-api.txt
+++ b/doc/agent-api.txt
@@ -67,6 +67,31 @@ Methods		void RegisterAgent(object path)
 					 [service].NotFound
 					 [service].NotAvailable
 
+		void RegisterDeviceProvisioningAgent(object path)
+
+			Register an agent for handling Device Provisioning (DPP)
+			specific requests.
+
+			This includes:
+			 - Requests for shared codes when using shared code
+			   device provisioning.
+			 - Requests for certificate signing requests
+			 - Requests to send a certificate signing request
+
+			The details of these are explained in the DBus method
+			docs below for the
+			net.connman.iwd.DeviceProvisioningAgent interface.
+
+
+			Possible Errors: [service].InvalidArguments
+					 [service].AlreadyExists
+
+		void UnregisterDeviceProvisioningAgent(object path)
+
+			Unregisters an existing Device Provisioning agent
+
+			Possible Errors: [service].InvalidArguments
+					 [service].NotFound
 
 Agent hierarchy
 ===============
@@ -263,3 +288,34 @@ Methods		void Release() [noreply]
 		void CancelIPv6(object device, string reason) [noreply]
 
 			Same as CancelIPv4 above but for IPv6.
+
+DeviceProvisioningAgent hierarchy
+=================================
+
+Service		unique name
+Interface	net.connman.iwd.DeviceProvisioningAgent [Experimental]
+Object path	freely definable
+
+Methods		void Release() [noreply]
+
+			This method gets called when the service daemon
+			unregisteres the agent
+
+		void CancelSharedCode(string reason) [noreply]
+
+			This method gets called to indicate that the agent
+			request for a shared code failed before a reply was
+			returned. The argument will indicate why the request is
+			being cancelled and may be "user-canceled", "timed-out"
+			or "shutdown".
+
+		string RequestSharedCode(string identifier)
+
+			This method gets called when a shared code is requested
+			for a particular enrollee, distingushed by the
+			identifier. The shared code agent should lookup the
+			identifier and return the shared code, or return an
+			error if not found.
+
+			Possible Errors:	[service].Error.Canceled
+						[service].Error.NotFound
diff --git a/doc/device-provisioning-api.txt b/doc/device-provisioning-api.txt
index 6cf16fb8..37d8f67e 100644
--- a/doc/device-provisioning-api.txt
+++ b/doc/device-provisioning-api.txt
@@ -132,14 +132,13 @@ Object path	/net/connman/iwd/{phy0,phy1,...}/{1,2,...}
 			Possible errors:	net.connman.iwd.Busy
 						net.connman.iwd.InvalidArguments
 
-		void StartConfigurator(object agent_path)
+		void StartConfigurator(void)
 
-			Start a shared code configurator using an agent
-			(distingushed by 'agent_path') to obtain the shared
-			code. This method is meant for an automated use case
-			where a configurator is capable of configuring multiple
-			enrollees, and distinguishing between them by their
-			identifier.
+			Start a shared code configurator which depends on an
+			agent (registered via AgentManager). This method is
+			meant for an automated use case where a configurator is
+			capable of configuring multiple enrollees, and
+			distinguishing between them by their identifier.
 
 			If the agent service disappears during the shared code
 			exchange it will be stopped, and the protocol will fail.
@@ -180,38 +179,3 @@ Properties	boolean Started [readonly]
 			Indicates the DPP role. Possible values are "enrollee"
 			or "configurator". This property is only available when
 			Started is true.
-
-SharedCodeAgent hierarchy
-=========================
-
-Service		unique name
-Interface	net.connman.iwd.SharedCodeAgent [Experimental]
-Object path	freely definable
-
-Methods		void Release() [noreply]
-
-			This method gets called when the service daemon
-			unregisters the agent.
-
-		string RequestSharedCode(string identifier)
-
-			This method gets called when a shared code is requested
-			for a particular enrollee, distingushed by the
-			identifier. The shared code agent should lookup the
-			identifier and return the shared code, or return an
-			error if not found.
-
-			Possible Errors:	[service].Error.Canceled
-						[service].Error.NotFound
-
-		void Cancel(string reason) [noreply]
-
-			This method gets called to indicate that the agent
-			request failed before a reply was returned. The
-			argument will indicate why the request is being
-			cancelled and may be "user-canceled", "timed-out" or
-			"shutdown".
-
-Examples	Requesting a shared code for an enrollee identified by "foo"
-
-			RequestSharedCode("foo") ==> "super_secret_code"
-- 
2.34.1