From: James Prestwood <prestwoj@gmail.com>
To: Denis Kenzior <denkenz@gmail.com>, iwd@lists.linux.dev
Subject: Re: [PATCH v3 8/9] dpp: initial version of PKEX enrollee support
Date: Fri, 3 Nov 2023 04:27:33 -0700 [thread overview]
Message-ID: <f82d0756-53a8-40aa-9ee7-0cee6f384640@gmail.com> (raw)
In-Reply-To: <1d8a3e83-defc-4f81-b85e-6ec0f59b4f18@gmail.com>
Hi Denis,
On 11/2/23 7:12 PM, Denis Kenzior wrote:
> Hi James,
>
> On 10/31/23 13:47, James Prestwood wrote:
>> This is the initial support for PKEX enrollees acting as the
>> initiator. A PKEX initiator starts the protocol by broadcasting
>> the PKEX exchange request. This request contains a key encrypted
>> with the pre-shared PKEX code. If accepted the peer sends back
>> the exchange response with its own encrypted key. The enrollee
>> decrypts this and performs some crypto/hashing in order to establish
>> an ephemeral key used to encrypt its own boostrapping key. The
>> boostrapping key is encrypted and sent to the peer in the PKEX
>> commit-reveal request. The peer then does the same thing, encrypting
>> its own bootstrapping key and sending to the initiator as the
>> PKEX commit-reveal response.
>>
>> After this, both peers have exchanged their boostrapping keys
>> securely and can begin DPP authentication, then configuration.
>>
>> For now the enrollee will only iterate the default channel list
>> from the Easy Connect spec. Future upates will need to include some
>> way of discovering non-default channel configurators, but the
>> protocol needs to be ironed out first.
>> ---
>> src/dpp.c | 765 +++++++++++++++++++++++++++++++++++++++++++++++++++++-
>> 1 file changed, 761 insertions(+), 4 deletions(-)
>>
>
> Wish this came before the agent stuff :)
Yeah, I can reorder them. I did this really just to include some of the
cleanup functions that only made sense once the agent existed. But I can
leave them in this commit.
I can also split the configurator patch into two, one implementing
ConfigureEnrollee() and the other StartConfigurator()
>
>> diff --git a/src/dpp.c b/src/dpp.c
>> index 57024a26..8b47be5c 100644
>> --- a/src/dpp.c
>> +++ b/src/dpp.c
>> @@ -53,10 +53,12 @@
>> #include "src/network.h"
>> #include "src/handshake.h"
>> #include "src/nl80211util.h"
>> +#include "src/agent.h"
>
> Why is this needed?
>
>> #define DPP_FRAME_MAX_RETRIES 5
>> #define DPP_FRAME_RETRY_TIMEOUT 1
>> #define DPP_AUTH_PROTO_TIMEOUT 10
>> +#define DPP_PKEX_PROTO_TIMEOUT 120
>> static uint32_t netdev_watch;
>> static struct l_genl_family *nl80211;
>
> I'll look at this in more detail once you send v4.
>
> Regards,
> -Denis
>
next prev parent reply other threads:[~2023-11-03 11:27 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-10-31 18:47 [PATCH v3 0/9] DPP PKEX Changes James Prestwood
2023-10-31 18:47 ` [PATCH v3 1/9] dpp: remove scan_periodic_stop calls James Prestwood
2023-11-03 1:40 ` Denis Kenzior
2023-10-31 18:47 ` [PATCH v3 2/9] dpp: fix config request header check James Prestwood
2023-10-31 18:47 ` [PATCH v3 3/9] dpp: allow enrollee to be authentication initiator James Prestwood
2023-10-31 18:47 ` [PATCH v3 4/9] dbus: add net.connman.iwd.SharedCodeAgent DBus interface James Prestwood
2023-10-31 18:47 ` [PATCH v3 5/9] station: provide new state in __station_connect_network James Prestwood
2023-10-31 18:47 ` [PATCH v3 6/9] doc: PKEX support for DPP James Prestwood
2023-11-03 2:07 ` Denis Kenzior
2023-11-03 11:24 ` James Prestwood
2023-10-31 18:47 ` [PATCH v3 7/9] dpp: SharedCode interface, {Register,Unregister}SharedCodeAgent James Prestwood
2023-11-03 2:09 ` Denis Kenzior
2023-10-31 18:47 ` [PATCH v3 8/9] dpp: initial version of PKEX enrollee support James Prestwood
2023-11-03 2:12 ` Denis Kenzior
2023-11-03 11:27 ` James Prestwood [this message]
2023-10-31 18:47 ` [PATCH v3 9/9] dpp: initial version of PKEX configurator support James Prestwood
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=f82d0756-53a8-40aa-9ee7-0cee6f384640@gmail.com \
--to=prestwoj@gmail.com \
--cc=denkenz@gmail.com \
--cc=iwd@lists.linux.dev \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox