mirror of
https://git.kernel.org/pub/scm/network/wireless/iwd.git
synced 2024-12-22 21:22:37 +01:00
network: Generate the PSK as soon as we have a passphrase
In the name of failing earlier try to generate the PSK from the passphrase as soon as we receive the passphrase or read it from the file, mainly to validate it has the right number of characters. The passphrase length currently gets validates inside crypto_psk_from_passphrase which will be called when we receive a new passphrase from the agent or when the config file has no PSK in it. We do not do this when there's already both the PSK and the passphrase available in the settings -- we can add that separately if needed.
This commit is contained in:
parent
0d3f16ec5e
commit
47bb5b5f72
@ -314,28 +314,7 @@ enum security network_get_security(const struct network *network)
|
|||||||
|
|
||||||
const uint8_t *network_get_psk(struct network *network)
|
const uint8_t *network_get_psk(struct network *network)
|
||||||
{
|
{
|
||||||
int r;
|
return network->psk;
|
||||||
|
|
||||||
if (network->psk)
|
|
||||||
return network->psk;
|
|
||||||
|
|
||||||
if (!network->passphrase)
|
|
||||||
return NULL;
|
|
||||||
|
|
||||||
network->psk = l_malloc(32);
|
|
||||||
r = crypto_psk_from_passphrase(network->passphrase,
|
|
||||||
(uint8_t *) network->info->ssid,
|
|
||||||
strlen(network->info->ssid),
|
|
||||||
network->psk);
|
|
||||||
if (!r)
|
|
||||||
return network->psk;
|
|
||||||
|
|
||||||
l_free(network->psk);
|
|
||||||
network->psk = NULL;
|
|
||||||
l_error("PMK generation failed: %s. "
|
|
||||||
"Ensure Crypto Engine is properly configured",
|
|
||||||
strerror(-r));
|
|
||||||
return NULL;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
const char *network_get_passphrase(const struct network *network)
|
const char *network_get_passphrase(const struct network *network)
|
||||||
@ -427,19 +406,52 @@ static int network_load_psk(struct network *network, bool need_passphrase)
|
|||||||
"Security", "PreSharedKey");
|
"Security", "PreSharedKey");
|
||||||
char *passphrase = l_settings_get_string(network->settings,
|
char *passphrase = l_settings_get_string(network->settings,
|
||||||
"Security", "Passphrase");
|
"Security", "Passphrase");
|
||||||
|
struct network_info *info = network->info;
|
||||||
|
int r;
|
||||||
|
|
||||||
|
/* PSK can be generated from the passphrase but not the other way */
|
||||||
if ((!psk || need_passphrase) && !passphrase)
|
if ((!psk || need_passphrase) && !passphrase)
|
||||||
return -ENOKEY;
|
return -ENOKEY;
|
||||||
|
|
||||||
l_free(network->passphrase);
|
l_free(network->passphrase);
|
||||||
network->passphrase = passphrase;
|
network->passphrase = passphrase;
|
||||||
l_free(network->psk);
|
l_free(network->psk);
|
||||||
network->psk = l_util_from_hexstring(psk, &len);
|
|
||||||
if (network->psk && len == 32)
|
if (psk) {
|
||||||
|
char *path;
|
||||||
|
|
||||||
|
network->psk = l_util_from_hexstring(psk, &len);
|
||||||
|
if (network->psk && len == 32)
|
||||||
|
return 0;
|
||||||
|
|
||||||
|
path = storage_get_network_file_path(info->type, info->ssid);
|
||||||
|
l_error("%s: invalid PreSharedKey format", path);
|
||||||
|
l_free(path);
|
||||||
|
|
||||||
|
if (!passphrase)
|
||||||
|
goto reset_psk;
|
||||||
|
|
||||||
|
l_free(network->psk);
|
||||||
|
}
|
||||||
|
|
||||||
|
network->psk = l_malloc(32);
|
||||||
|
r = crypto_psk_from_passphrase(passphrase, (uint8_t *) info->ssid,
|
||||||
|
strlen(info->ssid), network->psk);
|
||||||
|
if (!r) {
|
||||||
|
network->update_psk = true;
|
||||||
return 0;
|
return 0;
|
||||||
|
}
|
||||||
|
|
||||||
|
if (r == -ERANGE || r == -EINVAL)
|
||||||
|
l_error("PSK generation failed: invalid passphrase format");
|
||||||
|
else
|
||||||
|
l_error("PSK generation failed: %s. "
|
||||||
|
"Ensure Crypto Engine is properly configured",
|
||||||
|
strerror(-r));
|
||||||
|
|
||||||
l_free(network->passphrase);
|
l_free(network->passphrase);
|
||||||
network->passphrase = NULL;
|
network->passphrase = NULL;
|
||||||
|
reset_psk:
|
||||||
l_free(network->psk);
|
l_free(network->psk);
|
||||||
network->psk = NULL;
|
network->psk = NULL;
|
||||||
return -EINVAL;
|
return -EINVAL;
|
||||||
@ -677,6 +689,7 @@ static void passphrase_callback(enum agent_result result,
|
|||||||
struct network *network = user_data;
|
struct network *network = user_data;
|
||||||
struct station *station = network->station;
|
struct station *station = network->station;
|
||||||
struct scan_bss *bss;
|
struct scan_bss *bss;
|
||||||
|
int r;
|
||||||
|
|
||||||
l_debug("result %d", result);
|
l_debug("result %d", result);
|
||||||
|
|
||||||
@ -703,7 +716,30 @@ static void passphrase_callback(enum agent_result result,
|
|||||||
}
|
}
|
||||||
|
|
||||||
l_free(network->psk);
|
l_free(network->psk);
|
||||||
network->psk = NULL;
|
network->psk = l_malloc(32);
|
||||||
|
r = crypto_psk_from_passphrase(passphrase,
|
||||||
|
(uint8_t *) network->info->ssid,
|
||||||
|
strlen(network->info->ssid),
|
||||||
|
network->psk);
|
||||||
|
if (r) {
|
||||||
|
struct l_dbus_message *error;
|
||||||
|
|
||||||
|
l_free(network->psk);
|
||||||
|
network->psk = NULL;
|
||||||
|
|
||||||
|
if (r == -ERANGE || r == -EINVAL)
|
||||||
|
error = dbus_error_invalid_format(message);
|
||||||
|
else {
|
||||||
|
l_error("PSK generation failed: %s. "
|
||||||
|
"Ensure Crypto Engine is properly configured",
|
||||||
|
strerror(-r));
|
||||||
|
error = dbus_error_failed(message);
|
||||||
|
}
|
||||||
|
|
||||||
|
dbus_pending_reply(&message, error);
|
||||||
|
goto err;
|
||||||
|
}
|
||||||
|
|
||||||
l_free(network->passphrase);
|
l_free(network->passphrase);
|
||||||
network->passphrase = l_strdup(passphrase);
|
network->passphrase = l_strdup(passphrase);
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user