diff --git a/netifd-morse/lib/netifd/wireless/morse.sh b/netifd-morse/lib/netifd/wireless/morse.sh index 658599a..186a33e 100755 --- a/netifd-morse/lib/netifd/wireless/morse.sh +++ b/netifd-morse/lib/netifd/wireless/morse.sh @@ -146,11 +146,11 @@ build_morse_mod_params(){ } -# If thinlmac optimisation is unset, the original settings are not restored unless the device is rebooted. -# This is because the user could have forced different settings (e.g. via rc.local, or by setting ipv6_disabled=0 -# in UCI on the network device itself), and we do not want to unexpectedly interfere with these when this option -# is unset. Note also that it's difficult to disable IPv6 via UCI in the normal way because it needs to be done -# on the L3 device, and this device is not fixed for a particular wifi-iface (i.e. it might be a bridge) so there's +# If thinlmac optimisation is unset, the original settings are not restored unless the device is rebooted. +# This is because the user could have forced different settings (e.g. via rc.local, or by setting ipv6_disabled=0 +# in UCI on the network device itself), and we do not want to unexpectedly interfere with these when this option +# is unset. Note also that it's difficult to disable IPv6 via UCI in the normal way because it needs to be done +# on the L3 device, and this device is not fixed for a particular wifi-iface (i.e. it might be a bridge) so there's # no clean way to push the wifi-device option into the right network device. apply_thin_lmac_optimization() { # Disable noise from IPv6 incidental traffic @@ -297,10 +297,10 @@ get_mesh11sd_config() { json_select .. } -get_matter_config() { +get_matter_config() { config_load matter var= - + json_select config config_get var config enable diff --git a/utils/dpp-key-recovery/files/etc/init.d/dpp-key-recovery b/utils/dpp-key-recovery/files/etc/init.d/dpp-key-recovery index c1e3d91..c193ae1 100644 --- a/utils/dpp-key-recovery/files/etc/init.d/dpp-key-recovery +++ b/utils/dpp-key-recovery/files/etc/init.d/dpp-key-recovery @@ -2,69 +2,14 @@ # # Copyright (C) 2021-2023 Morse Micro Pty Ltd. All rights reserved. # -. /lib/netifd/morse/morse_utils.sh +# It's important this happens before netifd sets up any +# morse interfaces, because the actual svg creation happens +# when there and /etc/dpp_key.pem must already exist. START=11 -# update_dpp_private_key compares the recovered dpp_key (if exist) with the one -# in /etc/dpp_key.pem and will overwrite it if they are different. -update_dpp_private_key() -{ - local tmp_key_path=$1 - local etc_key_path=$2 - - # /tmp/key exist , /etc/key DOESN'T exist - if [ -f "$tmp_key_path" ] && [ ! -f "$etc_key_path" ]; then - #copy /tmp/key to /etc/key; return - cp $tmp_key_path $etc_key_path - return - fi - - - # /tmp/key DOESN'T exist , /etc/key DOESN'T exist - if [ ! -f "$tmp_key_path" ] && [ ! -f "$etc_key_path" ]; then - #generate a key and save it to /etc/key; return - openssl ecparam -genkey -name prime256v1 -noout -out $etc_key_path - return - fi - - - # /tmp/key DOESN'T exist , /etc/key exist - if [ ! -f "$tmp_key_path" ] && [ -f "$etc_key_path" ]; then - return - fi - - # /tmp/key exist , /etc/key exist - if [ -f "$tmp_key_path" ] && [ -f "$etc_key_path" ]; then - #are they different? - local md5sum_tmp_key=$(md5sum $tmp_key_path | awk '{ print $1 }') - local md5sum_etc_key=$(md5sum $etc_key_path | awk '{ print $1 }') - if [ ! "$md5sum_tmp_key" = "$md5sum_etc_key" ]; then - #yes - #copy /tmp/key to /etc/key; return - cp $tmp_key_path $etc_key_path - return - else - #no - return - fi - fi - -} - boot() { - /morse/scripts/recover_dpp_key.sh /tmp/dpp_key.pem - update_dpp_private_key /tmp/dpp_key.pem /etc/dpp_key.pem - - local halow_mac="$(morse_get_chip_macaddr)" - if [ -z "$halow_mac" ]; then - local ETH0_MAC_SUFFIX="$(cat /sys/class/net/eth0/address | cut -d: -f4-)" - halow_mac="0C:BF:74:$ETH0_MAC_SUFFIX" - fi - - if [ -n "$halow_mac" ]; then - update_dpp_qrcode /etc/dpp_key.pem "$halow_mac" - else - logger "Unable to get macaddr of the halow interface. Skipping QR code string generation" + if [ ! -e /etc/dpp_key.pem ]; then + /morse/scripts/recover_dpp_key.sh /etc/dpp_key.pem fi } \ No newline at end of file diff --git a/utils/dpp-key-recovery/files/morse/scripts/recover_dpp_key.sh b/utils/dpp-key-recovery/files/morse/scripts/recover_dpp_key.sh index 85e4129..25881e9 100755 --- a/utils/dpp-key-recovery/files/morse/scripts/recover_dpp_key.sh +++ b/utils/dpp-key-recovery/files/morse/scripts/recover_dpp_key.sh @@ -3,65 +3,28 @@ # Copyright (C) 2023 MorseMicro # - dpp_key_tmp_file=$1 -get_key_from_persistent_storage() -{ - local ubenv_key= - [ -f "/sbin/persistent_vars_storage.sh" ] && ubenv_key=$(/sbin/persistent_vars_storage.sh READ dpp_priv_key) - echo "$ubenv_key" -} +ubenv_key=$(persistent_vars_storage.sh READ dpp_priv_key) -create_persistent_private_key() -{ - logger "Generating a new private key and saving it to the persistent storage." - local priv_key=$(openssl ecparam -genkey -name prime256v1 -noout -outform DER | hexdump -e '16/1 "%02x " "\n"'| xxd -r -p | base64 -w 0) - - /sbin/persistent_vars_storage.sh WRITE dpp_priv_key "$priv_key" - - echo "$priv_key" -} +# logger is not available at START=11, which is when this is +# used by /etc/init.d/dpp-key-recovery -save_private_key_file() -{ - echo "-----BEGIN EC PRIVATE KEY-----" > $2 - echo "$1" >> $2 - echo "-----END EC PRIVATE KEY-----" >> $2 -} - - -#1-check if the /sbin/persistent_vars_storage.sh scripts exist. -[ ! -f "/sbin/persistent_vars_storage.sh" ] && exit 0 - - -#2-get the private key from uboot_env -ubenv_key=$(get_key_from_persistent_storage) - -#3-is private key empty? if [ -z "$ubenv_key" ]; then - #23-yes: we don't have dpp private key. - logger "DPP private key isn't found in u-boot-env." - ubenv_key=$(create_persistent_private_key) + echo "dpp-key-recovery: DPP private key isn't found in persistent storage." > /dev/kmsg fi -#create /tmp/dpp_key.pem with the result. -save_private_key_file $ubenv_key $dpp_key_tmp_file - -#is the private key valid? -if openssl ec -in $dpp_key_tmp_file -check 1>/dev/null 2>/dev/null ; then - #yes: done. - exit 0 -else - #no - logger "persistent storage contains an incorrect DPP private key." - ubenv_key=$(create_persistent_private_key) - save_private_key_file $ubenv_key $dpp_key_tmp_file - exit 0 +if ! openssl ec -in $dpp_key_tmp_file -check 1>/dev/null 2>/dev/null; then + echo "dpp-key-recovery: persistent storage contains an incorrect DPP private key." > /dev/kmsg + ubenv_key= fi +if [ -z "$ubenv_key" ]; then + echo "dpp-key-recovery: generating a new private key and saving it to the persistent storage." > /dev/kmsg + ubenv_key=$(openssl ecparam -genkey -name prime256v1 -noout -outform DER | base64 -w0) + /sbin/persistent_vars_storage.sh WRITE dpp_priv_key "$ubenv_key" +fi - - - - +echo "-----BEGIN EC PRIVATE KEY-----" > "$dpp_key_tmp_file" +echo "$ubenv_key" >> "$dpp_key_tmp_file" +echo "-----END EC PRIVATE KEY-----" >> "$dpp_key_tmp_file"