From: James Prestwood <prestwoj@gmail.com>
To: iwd@lists.linux.dev
Cc: James Prestwood <prestwoj@gmail.com>
Subject: [PATCH 07/16] dpp: refactor config writing, add checks for PSK
Date: Tue, 24 Sep 2024 05:04:38 -0700 [thread overview]
Message-ID: <20240924120447.251761-7-prestwoj@gmail.com> (raw)
In-Reply-To: <20240924120447.251761-1-prestwoj@gmail.com>
When writing the config object ensure the network security of the
scanned network is PSK, and matches the config object recieved.
---
src/dpp.c | 60 ++++++++++++++++++++++++++++++++++++++++++++-----------
1 file changed, 48 insertions(+), 12 deletions(-)
diff --git a/src/dpp.c b/src/dpp.c
index 16d0a711..3ad60188 100644
--- a/src/dpp.c
+++ b/src/dpp.c
@@ -832,25 +832,57 @@ static void send_config_result(struct dpp_sm *dpp, const uint8_t *to)
dpp_send_frame(dpp, iov, 2, dpp->current_freq);
}
-static void dpp_write_config(struct dpp_configuration *config,
+static void dpp_write_psk_config(struct dpp_configuration *config,
+ struct l_settings *settings)
+{
+ if (config->passphrase)
+ l_settings_set_string(settings, "Security", "Passphrase",
+ config->passphrase);
+ else if (config->psk)
+ l_settings_set_string(settings, "Security", "PreSharedKey",
+ config->psk);
+}
+
+static bool dpp_write_config(struct dpp_configuration *config,
struct network *network)
{
_auto_(l_settings_free) struct l_settings *settings = l_settings_new();
- _auto_(l_free) char *path;
+ _auto_(l_free) char *path = NULL;
+ enum security security;
+
+ if (!network) {
+ l_warn("Network not seen in results, can't validate security");
+
+ if (IE_AKM_IS_PSK(config->akm_suites))
+ security = SECURITY_PSK;
+ else
+ return false;
+
+ goto write_config;
+ } else
+ security = network_get_security(network);
- path = storage_get_network_file_path(SECURITY_PSK, config->ssid);
+ if (security == SECURITY_PSK) {
+ if (!IE_AKM_IS_PSK(config->akm_suites)) {
+ l_warn("Network is PSK but DPP config is not!");
+ return false;
+ }
+ } else {
+ l_warn("Unsupported network security %s",
+ security_to_str(security));
+ return false;
+ }
+
+write_config:
+ path = storage_get_network_file_path(security, config->ssid);
if (l_settings_load_from_file(settings, path)) {
/* Remove any existing Security keys */
l_settings_remove_group(settings, "Security");
}
- if (config->passphrase)
- l_settings_set_string(settings, "Security", "Passphrase",
- config->passphrase);
- else if (config->psk)
- l_settings_set_string(settings, "Security", "PreSharedKey",
- config->psk);
+ if (security == SECURITY_PSK)
+ dpp_write_psk_config(config, settings);
if (config->send_hostname)
l_settings_set_bool(settings, "IPv4", "SendHostname", true);
@@ -859,8 +891,10 @@ static void dpp_write_config(struct dpp_configuration *config,
l_settings_set_bool(settings, "Settings", "Hidden", true);
l_debug("Storing credential for '%s(%s)'", config->ssid,
- security_to_str(SECURITY_PSK));
- storage_network_sync(SECURITY_PSK, config->ssid, settings);
+ security_to_str(security));
+ storage_network_sync(security, config->ssid, settings);
+
+ return true;
}
static void dpp_scan_triggered(int err, void *user_data)
@@ -1141,7 +1175,8 @@ static void dpp_handle_config_response_frame(const struct mmpdu_header *frame,
bss = network_bss_select(network, true);
}
- dpp_write_config(config, network);
+ if (!dpp_write_config(config, network))
+ goto free_config;
send_config_result(dpp, dpp->peer_addr);
@@ -1169,6 +1204,7 @@ static void dpp_handle_config_response_frame(const struct mmpdu_header *frame,
}
}
+free_config:
dpp_configuration_free(config);
dpp_reset(dpp);
}
--
2.34.1
next prev parent reply other threads:[~2024-09-24 12:05 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-09-24 12:04 [PATCH 01/16] ie: add IE_AKM_IS_PSK James Prestwood
2024-09-24 12:04 ` [PATCH 02/16] dpp-util: refactor dpp_configuration_new into a _psk helper James Prestwood
2024-09-24 12:04 ` [PATCH 03/16] dpp: fix some return/cleanup issues for error cases James Prestwood
2024-09-24 12:04 ` [PATCH 04/16] dpp-util: refactor dpp_configuration_to_json for only PSK networks James Prestwood
2024-09-24 12:04 ` [PATCH 05/16] dpp: refactor dpp_send_config_response to take JSON as a parameter James Prestwood
2024-09-24 12:04 ` [PATCH 06/16] dpp: refactor dpp_configuration_start to take the " James Prestwood
2024-09-24 12:04 ` James Prestwood [this message]
2024-09-24 12:04 ` [PATCH 08/16] dpp-util: check the AKM is "psk" before further parsing the object James Prestwood
2024-09-24 12:04 ` [PATCH 09/16] dbus: add generic DPP agent interface James Prestwood
2024-09-24 12:04 ` [PATCH 10/16] dpp: replace PKEX agent with generic DPP agent James Prestwood
2024-09-24 12:04 ` [PATCH 11/16] agent: add APIs for DeviceProvisioningAgent James Prestwood
2024-09-24 12:04 ` [PATCH 12/16] dpp: replace SharedCodeAgent with DeviceProvisioningAgent James Prestwood
2024-09-24 12:04 ` [PATCH 13/16] dpp: remove agent path from StartConfigurator James Prestwood
2024-09-24 12:04 ` [PATCH 14/16] auto-t: update utils to use DeviceProvisioningAgent James Prestwood
2024-09-24 12:04 ` [PATCH 15/16] auto-t: update PKEX test " James Prestwood
2024-09-24 12:04 ` [PATCH 16/16] doc: Document new DeviceProvisioningAgent James Prestwood
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20240924120447.251761-7-prestwoj@gmail.com \
--to=prestwoj@gmail.com \
--cc=iwd@lists.linux.dev \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox