[PATCH 1/3] wscutil: Add wsc_build_credential

[PATCH 1/3] wscutil: Add wsc_build_credential

[Andrew Zaborowski]

[-- Attachment #1: Type: text/plain, Size: 3938 bytes --]

---
 src/wscutil.c | 54 +++++++++++++++++++++++++++++++++++++++++++++++++++
 src/wscutil.h |  2 ++
 2 files changed, 56 insertions(+)

diff --git a/src/wscutil.c b/src/wscutil.c
index 7f0f6c77..d63e3bc7 100644
--- a/src/wscutil.c
+++ b/src/wscutil.c
@@ -1766,6 +1766,13 @@ static void build_association_state(struct wsc_attr_builder *builder,
 	wsc_attr_builder_put_u16(builder, state);
 }
 
+static void build_authentication_type(struct wsc_attr_builder *builder,
+							uint16_t auth_type)
+{
+	wsc_attr_builder_start_attr(builder, WSC_ATTR_AUTHENTICATION_TYPE);
+	wsc_attr_builder_put_u16(builder, auth_type);
+}
+
 static void build_authentication_type_flags(struct wsc_attr_builder *builder,
 					uint16_t auth_type_flags)
 {
@@ -1816,6 +1823,13 @@ static void build_device_password_id(struct wsc_attr_builder *builder,
 	wsc_attr_builder_put_u16(builder, id);
 }
 
+static void build_encryption_type(struct wsc_attr_builder *builder,
+						uint16_t encryption_type)
+{
+	wsc_attr_builder_start_attr(builder, WSC_ATTR_ENCRYPTION_TYPE);
+	wsc_attr_builder_put_u16(builder, encryption_type);
+}
+
 static void build_encryption_type_flags(struct wsc_attr_builder *builder,
 						uint16_t encryption_type_flags)
 {
@@ -1900,6 +1914,20 @@ static void build_model_number(struct wsc_attr_builder *builder,
 	wsc_attr_builder_put_string(builder, model_number);
 }
 
+static void build_network_index(struct wsc_attr_builder *builder,
+							uint8_t network_index)
+{
+	wsc_attr_builder_start_attr(builder, WSC_ATTR_NETWORK_INDEX);
+	wsc_attr_builder_put_u8(builder, network_index);
+}
+
+static void build_network_key(struct wsc_attr_builder *builder,
+					const uint8_t *key, size_t key_len)
+{
+	wsc_attr_builder_start_attr(builder, WSC_ATTR_NETWORK_KEY);
+	wsc_attr_builder_put_bytes(builder, key, key_len);
+}
+
 static void build_os_version(struct wsc_attr_builder *builder,
 							uint32_t os_version)
 {
@@ -1979,6 +2007,13 @@ static void build_r_snonce2(struct wsc_attr_builder *builder,
 	wsc_attr_builder_put_bytes(builder, nonce, 16);
 }
 
+static void build_ssid(struct wsc_attr_builder *builder, const uint8_t *ssid,
+							size_t ssid_len)
+{
+	wsc_attr_builder_start_attr(builder, WSC_ATTR_SSID);
+	wsc_attr_builder_put_bytes(builder, ssid, ssid_len);
+}
+
 static void build_serial_number(struct wsc_attr_builder *builder,
 						const char *serial_number)
 {
@@ -2018,6 +2053,25 @@ static void build_wsc_state(struct wsc_attr_builder *builder,
 	wsc_attr_builder_put_u8(builder, 1);				\
 	wsc_attr_builder_put_u8(builder, 0x20)
 
+uint8_t *wsc_build_credential(const struct wsc_credential *in, size_t *out_len)
+{
+	struct wsc_attr_builder *builder;
+	uint8_t *ret;
+
+	builder = wsc_attr_builder_new(128);
+	build_network_index(builder, 1);
+	build_ssid(builder, in->ssid, in->ssid_len);
+	build_authentication_type(builder, in->auth_type);
+	build_encryption_type(builder, in->encryption_type);
+	build_network_key(builder, in->network_key, in->network_key_len);
+	build_mac_address(builder, in->addr);
+
+	/* TODO: Append EAP attrs & Network Key Shareable inside WFA EXT */
+
+	ret = wsc_attr_builder_free(builder, false, out_len);
+	return ret;
+}
+
 uint8_t *wsc_build_probe_request(const struct wsc_probe_request *probe_request,
 							size_t *out_len)
 {
diff --git a/src/wscutil.h b/src/wscutil.h
index 1a133f33..424725d1 100644
--- a/src/wscutil.h
+++ b/src/wscutil.h
@@ -602,6 +602,8 @@ int wsc_parse_wsc_nack(const uint8_t *pdu, uint32_t len, struct wsc_nack *out);
 
 int wsc_parse_wsc_done(const uint8_t *pdu, uint32_t len, struct wsc_done *out);
 
+uint8_t *wsc_build_credential(const struct wsc_credential *in, size_t *out_len);
+
 uint8_t *wsc_build_probe_request(const struct wsc_probe_request *probe_request,
 				size_t *out_len);
 uint8_t *wsc_build_association_request(
-- 
2.20.1

[PATCH 2/3] wscutil: Add wsc_build_m8_encrypted_settings

[Andrew Zaborowski]

[-- Attachment #1: Type: text/plain, Size: 3011 bytes --]

Note it internally calls wsc_build_credential instead of the user
having to do this.  I can convert wsc_parse_m8_encrypted_settings to do
the same thing.
---
 src/wscutil.c | 42 ++++++++++++++++++++++++++++++++++++++++++
 src/wscutil.h |  4 ++++
 2 files changed, 46 insertions(+)

diff --git a/src/wscutil.c b/src/wscutil.c
index d63e3bc7..99a74d1e 100644
--- a/src/wscutil.c
+++ b/src/wscutil.c
@@ -1928,6 +1928,13 @@ static void build_network_key(struct wsc_attr_builder *builder,
 	wsc_attr_builder_put_bytes(builder, key, key_len);
 }
 
+static void build_new_password(struct wsc_attr_builder *builder,
+				const uint8_t *password, size_t password_len)
+{
+	wsc_attr_builder_start_attr(builder, WSC_ATTR_NEW_PASSWORD);
+	wsc_attr_builder_put_bytes(builder, password, password_len);
+}
+
 static void build_os_version(struct wsc_attr_builder *builder,
 							uint32_t os_version)
 {
@@ -2072,6 +2079,17 @@ uint8_t *wsc_build_credential(const struct wsc_credential *in, size_t *out_len)
 	return ret;
 }
 
+static void build_credential(struct wsc_attr_builder *builder,
+					const struct wsc_credential *cred)
+{
+	size_t data_len;
+	uint8_t *data = wsc_build_credential(cred, &data_len);
+
+	wsc_attr_builder_start_attr(builder, WSC_ATTR_CREDENTIAL);
+	wsc_attr_builder_put_bytes(builder, data, data_len);
+	l_free(data);
+}
+
 uint8_t *wsc_build_probe_request(const struct wsc_probe_request *probe_request,
 							size_t *out_len)
 {
@@ -2447,6 +2465,30 @@ done:
 	return ret;
 }
 
+uint8_t *wsc_build_m8_encrypted_settings(
+				const struct wsc_m8_encrypted_settings *in,
+				const struct wsc_credential *creds,
+				unsigned int creds_cnt, size_t *out_len)
+{
+	struct wsc_attr_builder *builder;
+	unsigned int i;
+
+	builder = wsc_attr_builder_new(256);
+
+	for (i = 0; i < creds_cnt; i++)
+		build_credential(builder, &creds[i]);
+
+	if (in->new_password_len) {
+		build_new_password(builder, in->new_password,
+					in->new_password_len);
+		build_device_password_id(builder, in->device_password_id);
+	}
+
+	build_key_wrap_authenticator(builder, in->authenticator);
+
+	return wsc_attr_builder_free(builder, false, out_len);
+}
+
 uint8_t *wsc_build_wsc_ack(const struct wsc_ack *ack, size_t *out_len)
 {
 	struct wsc_attr_builder *builder;
diff --git a/src/wscutil.h b/src/wscutil.h
index 424725d1..0d06a60f 100644
--- a/src/wscutil.h
+++ b/src/wscutil.h
@@ -638,6 +638,10 @@ uint8_t *wsc_build_m7_encrypted_settings(
 				size_t *out_len);
 uint8_t *wsc_build_m8(const struct wsc_m8 *m8, const uint8_t *encrypted,
 			size_t encrypted_len, size_t *out_len);
+uint8_t *wsc_build_m8_encrypted_settings(
+				const struct wsc_m8_encrypted_settings *in,
+				const struct wsc_credential *creds,
+				unsigned int creds_cnt, size_t *out_len);
 
 uint8_t *wsc_build_wsc_ack(const struct wsc_ack *ack, size_t *out_len);
 uint8_t *wsc_build_wsc_nack(const struct wsc_nack *nack, size_t *out_len);
-- 
2.20.1

[PATCH 3/3] unit: Add a test for building M8 encrypted settings

[Andrew Zaborowski]

[-- Attachment #1: Type: text/plain, Size: 3564 bytes --]

There's are two changes to the example raw data in m8_encrypted_settings,
one is to change the Network Index value to 1 and the other is to drop
the Network Key Index attribute:

Network Index     R     Deprecated – use fixed value 1 for
                        backwards compatibility.

Network Key       O     Deprecated. Only included by WSC 1.0
Index                   devices. Ignored by WSC 2.0 or newer
                        devices.
---
 unit/test-wsc.c | 39 +++++++++++++++++++++++++++++----------
 1 file changed, 29 insertions(+), 10 deletions(-)

diff --git a/unit/test-wsc.c b/unit/test-wsc.c
index 01420d47..983570e2 100644
--- a/unit/test-wsc.c
+++ b/unit/test-wsc.c
@@ -1736,17 +1736,17 @@ static void wsc_test_build_m8(const void *data)
 }
 
 static const unsigned char m8_encrypted_settings[] = {
-	0x10, 0x0e, 0x00, 0x6f, 0x10, 0x26, 0x00, 0x01, 0x00, 0x10, 0x45, 0x00,
+	0x10, 0x0e, 0x00, 0x6a, 0x10, 0x26, 0x00, 0x01, 0x01, 0x10, 0x45, 0x00,
 	0x07, 0x54, 0x65, 0x73, 0x74, 0x57, 0x50, 0x41, 0x10, 0x03, 0x00, 0x02,
-	0x00, 0x20, 0x10, 0x0f, 0x00, 0x02, 0x00, 0x08, 0x10, 0x28, 0x00, 0x01,
-	0x00, 0x10, 0x27, 0x00, 0x40, 0x34, 0x36, 0x30, 0x34, 0x44, 0x30, 0x31,
-	0x46, 0x46, 0x44, 0x42, 0x30, 0x42, 0x32, 0x39, 0x32, 0x45, 0x33, 0x37,
-	0x37, 0x33, 0x32, 0x44, 0x44, 0x34, 0x45, 0x31, 0x31, 0x43, 0x32, 0x34,
-	0x30, 0x31, 0x31, 0x35, 0x34, 0x32, 0x38, 0x39, 0x41, 0x30, 0x39, 0x41,
-	0x33, 0x33, 0x41, 0x44, 0x37, 0x30, 0x34, 0x31, 0x37, 0x37, 0x41, 0x42,
-	0x30, 0x44, 0x31, 0x42, 0x37, 0x35, 0x38, 0x44, 0x30, 0x10, 0x20, 0x00,
-	0x06, 0xa0, 0xa8, 0xcd, 0x1c, 0x7e, 0xc9, 0x10, 0x1e, 0x00, 0x08, 0xe8,
-	0x3b, 0x3b, 0xe7, 0x9e, 0x72, 0x06, 0x46,
+	0x00, 0x20, 0x10, 0x0f, 0x00, 0x02, 0x00, 0x08, 0x10, 0x27, 0x00, 0x40,
+	0x34, 0x36, 0x30, 0x34, 0x44, 0x30, 0x31, 0x46, 0x46, 0x44, 0x42, 0x30,
+	0x42, 0x32, 0x39, 0x32, 0x45, 0x33, 0x37, 0x37, 0x33, 0x32, 0x44, 0x44,
+	0x34, 0x45, 0x31, 0x31, 0x43, 0x32, 0x34, 0x30, 0x31, 0x31, 0x35, 0x34,
+	0x32, 0x38, 0x39, 0x41, 0x30, 0x39, 0x41, 0x33, 0x33, 0x41, 0x44, 0x37,
+	0x30, 0x34, 0x31, 0x37, 0x37, 0x41, 0x42, 0x30, 0x44, 0x31, 0x42, 0x37,
+	0x35, 0x38, 0x44, 0x30, 0x10, 0x20, 0x00, 0x06, 0xa0, 0xa8, 0xcd, 0x1c,
+	0x7e, 0xc9, 0x10, 0x1e, 0x00, 0x08, 0xe8, 0x3b, 0x3b, 0xe7, 0x9e, 0x72,
+	0x06, 0x46,
 };
 
 struct wsc_credential creds_1[1] = {
@@ -1831,6 +1831,22 @@ static void wsc_test_parse_m8_encrypted_settings(const void *data)
 	assert(!memcmp(expected->authenticator, m8es.authenticator, 8));
 }
 
+static void wsc_test_build_m8_encrypted_settings(const void *data)
+{
+	const struct m8_encrypted_settings_data *test = data;
+	uint8_t *out;
+	size_t out_len;
+
+	out = wsc_build_m8_encrypted_settings(&test->expected, test->creds,
+						test->n_creds, &out_len);
+	assert(out);
+
+	assert(out_len == test->len);
+	assert(!memcmp(test->pdu, out, test->len));
+
+	l_free(out);
+}
+
 static const unsigned char eap_wsc_done[] = {
 	0x01, 0x00, 0x00, 0x4a, 0x02, 0xab, 0x00, 0x4a, 0xfe, 0x00, 0x37, 0x2a,
 	0x00, 0x00, 0x00, 0x01, 0x05, 0x00, 0x10, 0x4a, 0x00, 0x01, 0x10, 0x10,
@@ -2330,6 +2346,9 @@ int main(int argc, char *argv[])
 	l_test_add("/wsc/parse/m8 encrypted settings 1",
 			wsc_test_parse_m8_encrypted_settings,
 			&m8_encrypted_settings_data_1);
+	l_test_add("/wsc/build/m8 encrypted settings 1",
+			wsc_test_build_m8_encrypted_settings,
+			&m8_encrypted_settings_data_1);
 
 	l_test_add("/wsc/parse/wsc_done 1", wsc_test_parse_wsc_done,
 							&wsc_done_data_1);
-- 
2.20.1

Re: [PATCH 2/3] wscutil: Add wsc_build_m8_encrypted_settings

[Denis Kenzior]

[-- Attachment #1: Type: text/plain, Size: 650 bytes --]

Hi Andrew,

On 1/9/20 1:40 PM, Andrew Zaborowski wrote:
> Note it internally calls wsc_build_credential instead of the user
> having to do this.  I can convert wsc_parse_m8_encrypted_settings to do
> the same thing.

Do you mean to have parse_m8_encrypted_settings to return struct 
wsc_credential directly?  I think that'd be nice for consistency, yes. 
Anyway, I cut this note out of the commit.  This really belongs...

> ---
>   src/wscutil.c | 42 ++++++++++++++++++++++++++++++++++++++++++
>   src/wscutil.h |  4 ++++
>   2 files changed, 46 insertions(+)

here after the '---'

Patch 1 & 2 applied, thanks.

Regards,
-Denis

Re: [PATCH 3/3] unit: Add a test for building M8 encrypted settings

[Denis Kenzior]

[-- Attachment #1: Type: text/plain, Size: 837 bytes --]

Hi Andrew,

On 1/9/20 1:40 PM, Andrew Zaborowski wrote:
> There's are two changes to the example raw data in m8_encrypted_settings,
> one is to change the Network Index value to 1 and the other is to drop
> the Network Key Index attribute:
> 
> Network Index     R     Deprecated – use fixed value 1 for
>                          backwards compatibility.
> 
> Network Key       O     Deprecated. Only included by WSC 1.0
> Index                   devices. Ignored by WSC 2.0 or newer
>                          devices.
> ---
>   unit/test-wsc.c | 39 +++++++++++++++++++++++++++++----------
>   1 file changed, 29 insertions(+), 10 deletions(-)
> 

I had to apply this manually since the '-' character above was non-ascii 
and git-am was confused.  Please make sure I didn't screw anything up.

Regards,
-Denis

Re: [PATCH 3/3] unit: Add a test for building M8 encrypted settings

[Andrew Zaborowski]

[-- Attachment #1: Type: text/plain, Size: 549 bytes --]

Hi Denis,

On Thu, 9 Jan 2020 at 21:11, Denis Kenzior <denkenz@gmail.com> wrote:
> On 1/9/20 1:40 PM, Andrew Zaborowski wrote:
> > Network Index     R     Deprecated – use fixed value 1 for
> >                          backwards compatibility.
> >
>
> I had to apply this manually since the '-' character above was non-ascii
> and git-am was confused.  Please make sure I didn't screw anything up.

Sorry for the complication, looks good upstream.  git-am here didn't
have a problem with the non-ascii long dash though.

Best regards