OpenMANET/morse-feed
1
0
Fork 0
mirror of https://github.com/OpenMANET/morse-feed.git synced 2025-12-10 03:43:06 -06:00
Code Issues Packages Projects Releases Wiki Activity

netifd-morse/dpp-key-recovery: (APP-3496, PR #879) clean up DPP qrcode paths

Browse Source 
- only attempt to generate qrcode if dpp_key.pem exists
  - reduce number of code paths:
    - only generate private key in dpp-key-recovery
    - only generate qrcode when morse interface is brought up
      and we definitely have a MAC address (this lets us remove a bunch
      of mac address fallback code which is not useful)
  - some refactoring/simplification to reduce amount of code

This means that this script doesn't change this key later in
the bringup, and the logic is simpler.

It also means we don't _regenerate_ if we've failed
to put it in persistent storage (i.e. the persistent
storage write failed).

Approved-by: Evan Benn
Approved-by: Milad Mohtashamirad
This commit is contained in:
James Haggerty 2024-10-11 03:10:48 +00:00 committed by Arien Judge
parent 9cc09a8fdf
commit 5f4347ee5b
3 changed files with 27 additions and 119 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
netifd-morse/lib/netifd/wireless/morse.sh
View File

@ -146,11 +146,11 @@ build_morse_mod_params(){
} }
# If thinlmac optimisation is unset, the original settings are not restored unless the device is rebooted. # If thinlmac optimisation is unset, the original settings are not restored unless the device is rebooted.
# This is because the user could have forced different settings (e.g. via rc.local, or by setting ipv6_disabled=0 # This is because the user could have forced different settings (e.g. via rc.local, or by setting ipv6_disabled=0
# in UCI on the network device itself), and we do not want to unexpectedly interfere with these when this option # in UCI on the network device itself), and we do not want to unexpectedly interfere with these when this option
# is unset. Note also that it's difficult to disable IPv6 via UCI in the normal way because it needs to be done # is unset. Note also that it's difficult to disable IPv6 via UCI in the normal way because it needs to be done
# on the L3 device, and this device is not fixed for a particular wifi-iface (i.e. it might be a bridge) so there's # on the L3 device, and this device is not fixed for a particular wifi-iface (i.e. it might be a bridge) so there's
# no clean way to push the wifi-device option into the right network device. # no clean way to push the wifi-device option into the right network device.
apply_thin_lmac_optimization() { apply_thin_lmac_optimization() {
# Disable noise from IPv6 incidental traffic # Disable noise from IPv6 incidental traffic
@ -297,10 +297,10 @@ get_mesh11sd_config() {
json_select .. json_select ..
} }
get_matter_config() { get_matter_config() {
config_load matter config_load matter
var= var=
json_select config json_select config
config_get var config enable config_get var config enable

65
utils/dpp-key-recovery/files/etc/init.d/dpp-key-recovery
View File

@ -2,69 +2,14 @@
# #
# Copyright (C) 2021-2023 Morse Micro Pty Ltd. All rights reserved. # Copyright (C) 2021-2023 Morse Micro Pty Ltd. All rights reserved.
# #
. /lib/netifd/morse/morse_utils.sh
# It's important this happens before netifd sets up any
# morse interfaces, because the actual svg creation happens
# when there and /etc/dpp_key.pem must already exist.
START=11 START=11
# update_dpp_private_key compares the recovered dpp_key (if exist) with the one
# in /etc/dpp_key.pem and will overwrite it if they are different.
update_dpp_private_key()
{
local tmp_key_path=$1
local etc_key_path=$2
# /tmp/key exist , /etc/key DOESN'T exist
if [ -f "$tmp_key_path" ] && [ ! -f "$etc_key_path" ]; then
#copy /tmp/key to /etc/key; return
cp $tmp_key_path $etc_key_path
return
fi
# /tmp/key DOESN'T exist , /etc/key DOESN'T exist
if [ ! -f "$tmp_key_path" ] && [ ! -f "$etc_key_path" ]; then
#generate a key and save it to /etc/key; return
openssl ecparam -genkey -name prime256v1 -noout -out $etc_key_path
return
fi
# /tmp/key DOESN'T exist , /etc/key exist
if [ ! -f "$tmp_key_path" ] && [ -f "$etc_key_path" ]; then
return
fi
# /tmp/key exist , /etc/key exist
if [ -f "$tmp_key_path" ] && [ -f "$etc_key_path" ]; then
#are they different?
local md5sum_tmp_key=$(md5sum $tmp_key_path | awk '{ print $1 }')
local md5sum_etc_key=$(md5sum $etc_key_path | awk '{ print $1 }')
if [ ! "$md5sum_tmp_key" = "$md5sum_etc_key" ]; then
#yes
#copy /tmp/key to /etc/key; return
cp $tmp_key_path $etc_key_path
return
else
#no
return
fi
fi
}
boot() { boot() {
/morse/scripts/recover_dpp_key.sh /tmp/dpp_key.pem if [ ! -e /etc/dpp_key.pem ]; then
update_dpp_private_key /tmp/dpp_key.pem /etc/dpp_key.pem /morse/scripts/recover_dpp_key.sh /etc/dpp_key.pem
local halow_mac="$(morse_get_chip_macaddr)"
if [ -z "$halow_mac" ]; then
local ETH0_MAC_SUFFIX="$(cat /sys/class/net/eth0/address | cut -d: -f4-)"
halow_mac="0C:BF:74:$ETH0_MAC_SUFFIX"
fi
if [ -n "$halow_mac" ]; then
update_dpp_qrcode /etc/dpp_key.pem "$halow_mac"
else
logger "Unable to get macaddr of the halow interface. Skipping QR code string generation"
fi fi
} }

67
utils/dpp-key-recovery/files/morse/scripts/recover_dpp_key.sh
View File

@ -3,65 +3,28 @@
# Copyright (C) 2023 MorseMicro # Copyright (C) 2023 MorseMicro
# #
dpp_key_tmp_file=$1 dpp_key_tmp_file=$1
get_key_from_persistent_storage() ubenv_key=$(persistent_vars_storage.sh READ dpp_priv_key)
{
local ubenv_key=
[ -f "/sbin/persistent_vars_storage.sh" ] && ubenv_key=$(/sbin/persistent_vars_storage.sh READ dpp_priv_key)
echo "$ubenv_key"
}
create_persistent_private_key() # logger is not available at START=11, which is when this is
{ # used by /etc/init.d/dpp-key-recovery
logger "Generating a new private key and saving it to the persistent storage."
local priv_key=$(openssl ecparam -genkey -name prime256v1 -noout -outform DER | hexdump -e '16/1 "%02x " "\n"'| xxd -r -p | base64 -w 0)
/sbin/persistent_vars_storage.sh WRITE dpp_priv_key "$priv_key"
echo "$priv_key"
}
save_private_key_file()
{
echo "-----BEGIN EC PRIVATE KEY-----" > $2
echo "$1" >> $2
echo "-----END EC PRIVATE KEY-----" >> $2
}
#1-check if the /sbin/persistent_vars_storage.sh scripts exist.
[ ! -f "/sbin/persistent_vars_storage.sh" ] && exit 0
#2-get the private key from uboot_env
ubenv_key=$(get_key_from_persistent_storage)
#3-is private key empty?
if [ -z "$ubenv_key" ]; then if [ -z "$ubenv_key" ]; then
#23-yes: we don't have dpp private key. echo "dpp-key-recovery: DPP private key isn't found in persistent storage." > /dev/kmsg
logger "DPP private key isn't found in u-boot-env."
ubenv_key=$(create_persistent_private_key)
fi fi
#create /tmp/dpp_key.pem with the result. if ! openssl ec -in $dpp_key_tmp_file -check 1>/dev/null 2>/dev/null; then
save_private_key_file $ubenv_key $dpp_key_tmp_file echo "dpp-key-recovery: persistent storage contains an incorrect DPP private key." > /dev/kmsg
ubenv_key=
#is the private key valid?
if openssl ec -in $dpp_key_tmp_file -check 1>/dev/null 2>/dev/null ; then
#yes: done.
exit 0
else
#no
logger "persistent storage contains an incorrect DPP private key."
ubenv_key=$(create_persistent_private_key)
save_private_key_file $ubenv_key $dpp_key_tmp_file
exit 0
fi fi
if [ -z "$ubenv_key" ]; then
echo "dpp-key-recovery: generating a new private key and saving it to the persistent storage." > /dev/kmsg
ubenv_key=$(openssl ecparam -genkey -name prime256v1 -noout -outform DER | base64 -w0)
/sbin/persistent_vars_storage.sh WRITE dpp_priv_key "$ubenv_key"
fi
echo "-----BEGIN EC PRIVATE KEY-----" > "$dpp_key_tmp_file"
echo "$ubenv_key" >> "$dpp_key_tmp_file"
echo "-----END EC PRIVATE KEY-----" >> "$dpp_key_tmp_file"