From 182fdf111c2fad99e2be169e53e01588f3b78389 Mon Sep 17 00:00:00 2001 From: Bruce Leidl Date: Wed, 4 Nov 2020 12:45:11 -0500 Subject: [PATCH] Revert iwd to 1.7 and add a config file workaround --- .../citadel-config/citadel-config.bb | 4 + .../citadel-config/files/iwd/main.conf | 5 + .../iwd/iwd/0002-arc4-implementation.patch | 147 ++++++++++++++++++ .../iwd/{iwd_1.9.bb => iwd_1.7.bb} | 3 +- 4 files changed, 158 insertions(+), 1 deletion(-) create mode 100644 meta-citadel/recipes-citadel/citadel-config/files/iwd/main.conf create mode 100644 meta-gnome/recipes-connectivity/iwd/iwd/0002-arc4-implementation.patch rename meta-gnome/recipes-connectivity/iwd/{iwd_1.9.bb => iwd_1.7.bb} (94%) diff --git a/meta-citadel/recipes-citadel/citadel-config/citadel-config.bb b/meta-citadel/recipes-citadel/citadel-config/citadel-config.bb index 59324b3..a55244d 100644 --- a/meta-citadel/recipes-citadel/citadel-config/citadel-config.bb +++ b/meta-citadel/recipes-citadel/citadel-config/citadel-config.bb @@ -61,6 +61,7 @@ SRC_URI = "\ file://skel/vimrc \ file://apt-cacher-ng/acng.conf \ file://apt-cacher-ng/security.conf \ + file://iwd/main.conf \ ${DEFAULT_REALM_UNITS} \ ${MODPROBE_CONFIG} \ ${SYSCTL_CONFIG} \ @@ -92,6 +93,7 @@ do_install() { install -m 0755 -d ${D}${sysconfdir}/polkit-1/rules.d install -m 0755 -d ${D}${sysconfdir}/modprobe.d install -m 0755 -d ${D}${sysconfdir}/sudoers.d + install -m 0755 -d ${D}${sysconfdir}/iwd install -m 0755 -d ${D}${datadir}/iptables install -m 0755 -d ${D}${datadir}/factory/skel install -m 0700 -d ${D}${localstatedir}/lib/NetworkManager @@ -157,6 +159,8 @@ do_install() { install -m 0644 ${WORKDIR}/modprobe.d/audio_powersave.conf ${D}${sysconfdir}/modprobe.d/ + install -m 0644 ${WORKDIR}/iwd/main.conf ${D}${sysconfdir}/iwd/ + install -d ${D}${datadir}/apt-cacher-ng/conf install -m 0644 ${WORKDIR}/apt-cacher-ng/acng.conf ${D}${datadir}/apt-cacher-ng/conf/ install -m 0644 ${WORKDIR}/apt-cacher-ng/security.conf ${D}${datadir}/apt-cacher-ng/conf/ diff --git a/meta-citadel/recipes-citadel/citadel-config/files/iwd/main.conf b/meta-citadel/recipes-citadel/citadel-config/files/iwd/main.conf new file mode 100644 index 0000000..b47186d --- /dev/null +++ b/meta-citadel/recipes-citadel/citadel-config/files/iwd/main.conf @@ -0,0 +1,5 @@ +# +# Only needed until this is fixed: https://lkml.org/lkml/2020/10/14/1101 +# +[General] +ControlPortOverNL80211=False diff --git a/meta-gnome/recipes-connectivity/iwd/iwd/0002-arc4-implementation.patch b/meta-gnome/recipes-connectivity/iwd/iwd/0002-arc4-implementation.patch new file mode 100644 index 0000000..1642f23 --- /dev/null +++ b/meta-gnome/recipes-connectivity/iwd/iwd/0002-arc4-implementation.patch @@ -0,0 +1,147 @@ + +Newer version of ell in poky has removed ARC4, but iwd 1.7 still requires it. + +Backported commit of internal implementation that was added to iwd. This patch +will not be needed when iwd is upgraded to 1.9 + +However, iwd 1.9 (and 1.8) has another problem: + +https://bugzilla.kernel.org/show_bug.cgi?id=208599 + +--- + +diff --git a/src/crypto.c b/src/crypto.c +index 696b5990..f5f8e24d 100644 +--- a/src/crypto.c ++++ b/src/crypto.c +@@ -18,6 +18,8 @@ + * License along with this library; if not, write to the Free Software + * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA + * ++ * (contains ARC4 implementation copyright (c) 2001 Niels Möller) ++ * + */ + + #ifdef HAVE_CONFIG_H +@@ -34,6 +36,16 @@ + #include "src/missing.h" + #include "src/crypto.h" + ++#define ARC4_MIN_KEY_SIZE 1 ++#define ARC4_MAX_KEY_SIZE 256 ++#define ARC4_KEY_SIZE 16 ++ ++struct arc4_ctx { ++ uint8_t S[256]; ++ uint8_t i; ++ uint8_t j; ++}; ++ + /* RFC 3526, Section 2 */ + const unsigned char crypto_dh5_prime[] = { + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xc9, 0x0f, 0xda, 0xa2, +@@ -415,44 +427,54 @@ free_ctr: + return false; + } + +-bool arc4_skip(const uint8_t *key, size_t key_len, size_t skip, +- const uint8_t *in, size_t len, uint8_t *out) +-{ +- char skip_buf[1024]; +- struct l_cipher *cipher; +- struct iovec in_vec[2]; +- struct iovec out_vec[2]; +- bool r; +- +- cipher = l_cipher_new(L_CIPHER_ARC4, key, key_len); +- if (!cipher) +- return false; ++#define SWAP(a,b) do { int _t = a; a = b; b = _t; } while (0) + +- /* This is not strictly necessary, but keeps valgrind happy */ +- memset(skip_buf, 0, sizeof(skip_buf)); ++static void arc4_set_key(struct arc4_ctx *ctx, unsigned length, ++ const uint8_t *key) ++{ ++ unsigned int i, j, k; + +- while (skip > sizeof(skip_buf)) { +- size_t to_skip = +- skip > sizeof(skip_buf) ? sizeof(skip_buf) : skip; ++ /* Initialize context */ ++ for (i = 0; i < 256; i++) ++ ctx->S[i] = i; + +- l_cipher_decrypt(cipher, skip_buf, skip_buf, to_skip); +- skip -= to_skip; ++ for (i = j = k = 0; i < 256; i++) { ++ j += ctx->S[i] + key[k]; j &= 0xff; ++ SWAP(ctx->S[i], ctx->S[j]); ++ /* Repeat key as needed */ ++ k = (k + 1) % length; + } ++ ctx->i = ctx->j = 0; ++} + +- in_vec[0].iov_base = skip_buf; +- in_vec[0].iov_len = skip; +- in_vec[1].iov_base = (void *) in; +- in_vec[1].iov_len = len; ++static void arc4_crypt(struct arc4_ctx *ctx, unsigned length, uint8_t *dst, ++ const uint8_t *src) ++{ ++ uint8_t i, j; ++ ++ i = ctx->i; j = ctx->j; ++ while (length--) { ++ i++; i &= 0xff; ++ j += ctx->S[i]; j &= 0xff; ++ SWAP(ctx->S[i], ctx->S[j]); ++ if (!dst || !src) ++ continue; ++ *dst++ = *src++ ^ ctx->S[ (ctx->S[i] + ctx->S[j]) & 0xff ]; ++ } ++ ctx->i = i; ctx->j = j; ++} + +- out_vec[0].iov_base = skip_buf; +- out_vec[0].iov_len = skip; +- out_vec[1].iov_base = out; +- out_vec[1].iov_len = len; ++bool arc4_skip(const uint8_t *key, size_t key_len, size_t skip, ++ const uint8_t *in, size_t len, uint8_t *out) ++{ ++ struct arc4_ctx cipher; + +- r = l_cipher_decryptv(cipher, in_vec, 2, out_vec, 2); +- l_cipher_free(cipher); ++ arc4_set_key(&cipher, key_len, key); ++ arc4_crypt(&cipher, skip, NULL, NULL); ++ arc4_crypt(&cipher, len, out, in); ++ explicit_bzero(&cipher, sizeof(cipher)); + +- return r; ++ return true; + } + + /* 802.11, Section 11.6.2, Table 11-4 */ +diff --git a/src/main.c b/src/main.c +index 8bcbb6a7..105de3e1 100644 +--- a/src/main.c ++++ b/src/main.c +@@ -271,15 +271,6 @@ static int check_crypto() + l_hashmap_insert(optional, "CONFIG_CRYPTO_SHA512_SSSE3", &r); + } + +- if (!l_cipher_is_supported(L_CIPHER_ARC4)) { +- r = -ENOTSUP; +- l_error("RC4 support not found"); +- l_hashmap_insert(options, +- "CONFIG_CRYPTO_USER_API_SKCIPHER", &r); +- l_hashmap_insert(options, "CONFIG_CRYPTO_ARC4", &r); +- l_hashmap_insert(options, "CONFIG_CRYPTO_ECB", &r); +- } +- + if (!l_cipher_is_supported(L_CIPHER_DES) || + !l_cipher_is_supported(L_CIPHER_DES3_EDE_CBC)) { + r = -ENOTSUP; diff --git a/meta-gnome/recipes-connectivity/iwd/iwd_1.9.bb b/meta-gnome/recipes-connectivity/iwd/iwd_1.7.bb similarity index 94% rename from meta-gnome/recipes-connectivity/iwd/iwd_1.9.bb rename to meta-gnome/recipes-connectivity/iwd/iwd_1.7.bb index 9760c59..3c1d9df 100644 --- a/meta-gnome/recipes-connectivity/iwd/iwd_1.9.bb +++ b/meta-gnome/recipes-connectivity/iwd/iwd_1.7.bb @@ -7,8 +7,9 @@ DEPENDS = "ell" SRC_URI = "git://git.kernel.org/pub/scm/network/wireless/iwd.git \ file://0001-Remove-config-dir-from-unit-file.patch \ + file://0002-arc4-implementation.patch \ " -SRCREV = "aa3dc1b95348dea177e9d8c2c3063b29e20fe2e9" +SRCREV = "ef6084dcb4fe2e00327bb9c7b113ece204042c22" S = "${WORKDIR}/git"