[PW_SID:790210] RFC: PKEX support for DPP #240

IWDTestBot · 2023-10-20T17:08:48Z

PKEX is part of the WFA EasyConnect specification and is
an additional boostrapping method (like QR codes) for
exchanging public keys between a configurator and enrollee.

PKEX operates over wifi and requires a key/code be exchanged
prior to the protocol. The key is used to encrypt the exchange
of the boostrapping information, then DPP authentication is
started immediately aftewards.

This can be useful for devices which don't have the ability to
scan a QR code, or even as a more convenient way to share
wireless credentials if the PSK is very secure (i.e. not a
human readable string).

This only documents the DBus API for now to get an idea of how
and where this module would live. The current plan is to keep
it in dpp.c. This module is getting rather large but all the
infrastructure exists for offchannel/frame callbacks and
state so it makes sense to keep it there. The plan is to add
some additional states to dpp for PKEX which would happen
prior to AUTHENTICATION and allow the PRESENCE state to be
skipped.

PKEX would be used via the two DBus APIs. PkexConfigure would
start listening and wait for an Enrollee to send a PKEX
exchange request. The enrollee would be started with PkexEnroll
and initiate the exchange. PKEX would proceed and once done
DPP Authentication would start using the boostrapping keys
exchanged.

For convenience/security the PKEX key could be specified in the
IWD provisioning file (part of the Security group). This would
allow IWD to encrypt it and avoid the need for some other entity
to store the key in order to call PkexConfigure (e.g. if not
initiated by a human entering the key).

doc/device-provisioning-api.txt | 44 +++++++++++++++++++++++++++++++++
1 file changed, 44 insertions(+)

This is taken care of by the individual cache items and if none exist, tar fails.

PKEX is part of the WFA EasyConnect specification and is an additional boostrapping method (like QR codes) for exchanging public keys between a configurator and enrollee. PKEX operates over wifi and requires a key/code be exchanged prior to the protocol. The key is used to encrypt the exchange of the boostrapping information, then DPP authentication is started immediately aftewards. This can be useful for devices which don't have the ability to scan a QR code, or even as a more convenient way to share wireless credentials if the PSK is very secure (i.e. not a human readable string). This only documents the DBus API for now to get an idea of how and where this module would live. The current plan is to keep it in dpp.c. This module is getting rather large but all the infrastructure exists for offchannel/frame callbacks and state so it makes sense to keep it there. The plan is to add some additional states to dpp for PKEX which would happen prior to AUTHENTICATION and allow the PRESENCE state to be skipped. PKEX would be used via the two DBus APIs. PkexConfigure would start listening and wait for an Enrollee to send a PKEX exchange request. The enrollee would be started with PkexEnroll and initiate the exchange. PKEX would proceed and once done DPP Authentication would start using the boostrapping keys exchanged. For convenience/security the PKEX key could be specified in the IWD provisioning file (part of the Security group). This would allow IWD to encrypt it and avoid the need for some other entity to store the key in order to call PkexConfigure (e.g. if not initiated by a human entering the key).

IWDTestBot · 2023-10-20T17:10:48Z

Fetch PR
Test ID: fetch
Desc: Fetch the PR commits for this CI run
Duration: 3.64 seconds
Result: PASS

Make Distcheck
Test ID: makedistcheck
Desc: Run distcheck to check the distribution
Duration: 12.19 seconds
Result: FAIL

Output:

make[2]: *** No rule to make target 'ell/sysctl.h', needed by 'distdir-am'.  Stop.
make[1]: *** [Makefile:3218: distdir] Error 2
make: *** [Makefile:3298: dist] Error 2

Build - Configure
Test ID: build
Desc: Configure the BlueZ source tree
Duration: 11.70 seconds
Result: PASS

Make Check
Test ID: makecheck
Desc: Run 'make check'
Duration: 0.00 seconds
Result: SKIP

Output:

makecheck was skipped

Make Check w/Valgrind
Test ID: makecheckvalgrind
Desc: Run 'make check' with Valgrind
Duration: 11.97 seconds
Result: FAIL

Output:

make[1]: *** No rule to make target 'ell/sysctl.c', needed by 'ell/sysctl.lo'.  Stop.
make[1]: *** Waiting for unfinished jobs....
make: *** [Makefile:1710: all] Error 2

Incremental Build with patches
Test ID: incremental_build
Desc: Incremental build per patch in the series
Duration: 0.26 seconds
Result: PASS

IWDTestBot · 2023-10-20T17:17:41Z

Fetch PR
Test ID: fetch
Desc: Fetch the PR commits for this CI run
Duration: 2.99 seconds
Result: PASS

GitLint
Test ID: gitlint
Desc: Run gitlint with rule in .gitlint
Duration: 0.65 seconds
Result: PASS

Make Distcheck
Test ID: makedistcheck
Desc: Run distcheck to check the distribution
Duration: 11.01 seconds
Result: FAIL

Output:

make[2]: *** No rule to make target 'ell/sysctl.h', needed by 'distdir-am'.  Stop.
make[1]: *** [Makefile:3217: distdir] Error 2
make: *** [Makefile:3297: dist] Error 2

Build - Configure
Test ID: build
Desc: Configure the BlueZ source tree
Duration: 46.83 seconds
Result: PASS

Make Check
Test ID: makecheck
Desc: Run 'make check'
Duration: 0.00 seconds
Result: SKIP

Output:

makecheck was skipped

Make Check w/Valgrind
Test ID: makecheckvalgrind
Desc: Run 'make check' with Valgrind
Duration: 49.39 seconds
Result: FAIL

Output:

make[1]: *** No rule to make target 'ell/sysctl.c', needed by 'ell/sysctl.lo'.  Stop.
make[1]: *** Waiting for unfinished jobs....
make: *** [Makefile:1709: all] Error 2

Incremental Build with patches
Test ID: incremental_build
Desc: Incremental build per patch in the series
Duration: 0.90 seconds
Result: PASS

Autotest Runner
Test ID: testrunner
Desc: Runs IWD's autotest framework
Duration: 0.00 seconds
Result: SKIP

Output:

testrunner was skipped

Clang Build
Test ID: clang
Desc: Build IWD using clang compiler
Duration: 53.56 seconds
Result: FAIL

Output:

make[1]: *** No rule to make target 'ell/sysctl.c', needed by 'ell/sysctl.lo'.  Stop.
make[1]: *** Waiting for unfinished jobs....
make: *** [Makefile:1709: all] Error 2

jprestwo added 7 commits October 20, 2023 16:59

Workflow's for syncing with upstream, build, unit test, and test-runner

74a982d

workflow: use newer commit for hostapd

e7efce6

ci: remove cache/ from tar file list

086f2c2

This is taken care of by the individual cache items and if none exist, tar fails.

ci: use kernel 5.19

ba46dec

ci: use iwd-ci after renaming to remove -v2

c256b20

ci: remove set-output use, now deprecated

f19a3ab

github-actions bot force-pushed the workflow branch 5 times, most recently from c94e205 to 0505d54 Compare October 30, 2023 15:00

github-actions bot force-pushed the workflow branch 7 times, most recently from a9a4ef7 to eac1598 Compare November 9, 2023 16:37

github-actions bot force-pushed the workflow branch 8 times, most recently from bcfe88e to d7f439f Compare November 16, 2023 16:00

github-actions bot force-pushed the workflow branch from d7f439f to 92a4b1e Compare November 17, 2023 16:00

github-actions bot force-pushed the workflow branch 9 times, most recently from 68c71d2 to 43f4327 Compare March 4, 2024 20:00

github-actions bot force-pushed the workflow branch 2 times, most recently from 4170bb4 to c067bc7 Compare March 15, 2024 14:00

github-actions bot force-pushed the workflow branch 4 times, most recently from f10f2fc to c2be9ec Compare March 28, 2024 23:30

github-actions bot force-pushed the workflow branch 2 times, most recently from ebbbc93 to 089fa9a Compare April 16, 2024 13:02

github-actions bot force-pushed the workflow branch 4 times, most recently from 2192e98 to 43a07cc Compare May 9, 2024 15:24

github-actions bot force-pushed the workflow branch 3 times, most recently from 2c7b52e to 58d64d4 Compare May 14, 2024 15:45

github-actions bot force-pushed the workflow branch 4 times, most recently from 68d5156 to 953fb5e Compare June 4, 2024 13:45

github-actions bot force-pushed the workflow branch 2 times, most recently from a123040 to 568d50f Compare June 26, 2024 14:45

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[PW_SID:790210] RFC: PKEX support for DPP #240

[PW_SID:790210] RFC: PKEX support for DPP #240

IWDTestBot commented Oct 20, 2023

IWDTestBot commented Oct 20, 2023

IWDTestBot commented Oct 20, 2023

[PW_SID:790210] RFC: PKEX support for DPP #240

Are you sure you want to change the base?

[PW_SID:790210] RFC: PKEX support for DPP #240

Conversation

IWDTestBot commented Oct 20, 2023

For convenience/security the PKEX key could be specified in the IWD provisioning file (part of the Security group). This would allow IWD to encrypt it and avoid the need for some other entity to store the key in order to call PkexConfigure (e.g. if not initiated by a human entering the key).

IWDTestBot commented Oct 20, 2023

IWDTestBot commented Oct 20, 2023

For convenience/security the PKEX key could be specified in the
IWD provisioning file (part of the Security group). This would
allow IWD to encrypt it and avoid the need for some other entity
to store the key in order to call PkexConfigure (e.g. if not
initiated by a human entering the key).