From 1cf9bf2db07064d1507e00266b56a57340e16ffa Mon Sep 17 00:00:00 2001
From: Jaehyun Kim <jeik01.kim@samsung.com>
Date: Tue, 28 Nov 2017 22:09:43 +0900
Subject: [PATCH] Add WiFi passphrase encryption routine

Change-Id: Ife8902c48b338cec4a91429441e8435a6b21bc7e
Signed-off-by: Jaehyun Kim <jeik01.kim@samsung.com>
---
 include/network.h |   3 ++
 plugins/wifi.c    | 120 +++++++++++++++++++++++++++++++++++++++++++++++++++++-
 src/connman.h     |   2 +
 src/service.c     |  23 ++++++++++-
 4 files changed, 146 insertions(+), 2 deletions(-)

diff --git a/include/network.h b/include/network.h
index 68dc410..6403b16 100755
--- a/include/network.h
+++ b/include/network.h
@@ -157,6 +157,9 @@ unsigned int connman_network_get_keymgmt(struct connman_network *network);
 int connman_network_set_disconnect_reason(struct connman_network *network,
 				int reason_code);
 int connman_network_get_disconnect_reason(struct connman_network *network);
+int connman_network_get_assoc_status_code(struct connman_network *network);
+int connman_network_set_assoc_status_code(struct connman_network *network,
+				int assoc_status_code);
 #endif
 
 int connman_network_set_name(struct connman_network *network,
diff --git a/plugins/wifi.c b/plugins/wifi.c
index 116fa60..d34f811 100755
--- a/plugins/wifi.c
+++ b/plugins/wifi.c
@@ -140,6 +140,7 @@ struct wifi_data {
 
 #if defined TIZEN_EXT
 #include "connman.h"
+#include "dbus.h"
 
 #define TIZEN_ASSOC_RETRY_COUNT		4
 
@@ -157,6 +158,73 @@ bool wfd_service_registered = false;
 
 static void start_autoscan(struct connman_device *device);
 
+#if defined TIZEN_EXT
+#define NETCONFIG_SERVICE "net.netconfig"
+#define NETCONFIG_WIFI_PATH "/net/netconfig/wifi"
+#define NETCONFIG_WIFI_INTERFACE NETCONFIG_SERVICE ".wifi"
+
+static gchar* send_cryptographic_request(const char *passphrase, const char *method)
+{
+	DBusConnection *connection = NULL;
+	DBusMessage *msg = NULL, *reply = NULL;
+	DBusError error;
+	gchar *result;
+	const char *out_data;
+
+	if (!passphrase || !method) {
+		DBG("Invalid parameter");
+		return NULL;
+	}
+
+	dbus_error_init(&error);
+
+	connection = connman_dbus_get_connection();
+	if (!connection) {
+		DBG("dbus connection does not exist");
+		return NULL;
+	}
+
+	msg = dbus_message_new_method_call(NETCONFIG_SERVICE, NETCONFIG_WIFI_PATH,
+			NETCONFIG_WIFI_INTERFACE, method);
+	if (!msg) {
+		dbus_connection_unref(connection);
+		return NULL;
+	}
+
+	dbus_message_append_args(msg, DBUS_TYPE_STRING, &passphrase,
+							DBUS_TYPE_INVALID);
+
+	reply = dbus_connection_send_with_reply_and_block(connection, msg,
+					DBUS_TIMEOUT_USE_DEFAULT, &error);
+	if (reply == NULL) {
+		if (dbus_error_is_set(&error)) {
+			DBG("%s", error.message);
+			dbus_error_free(&error);
+		} else {
+			DBG("Failed to request cryptographic request");
+		}
+		dbus_connection_unref(connection);
+		dbus_message_unref(msg);
+		return NULL;
+	}
+
+	dbus_message_unref(msg);
+	dbus_connection_unref(connection);
+
+	if (!dbus_message_get_args(reply, NULL,
+				DBUS_TYPE_STRING, &out_data,
+				DBUS_TYPE_INVALID)) {
+		dbus_message_unref(reply);
+		return NULL;
+	}
+
+	result = g_strdup((const gchar *)out_data);
+	dbus_message_unref(reply);
+
+	return result;
+}
+#endif
+
 static int p2p_tech_probe(struct connman_technology *technology)
 {
 	p2p_technology = technology;
@@ -2281,7 +2349,28 @@ static void ssid_init(GSupplicantSSID *ssid, struct connman_network *network)
 	ssid->security = network_security(security);
 	ssid->passphrase = connman_network_get_string(network,
 						"WiFi.Passphrase");
-
+#if defined TIZEN_EXT
+	/* Decrypt the passphrase
+	 */
+	 static gchar* origin_value = NULL;
+	 gchar *passphrase = g_strdup(ssid->passphrase);
+	 g_free(origin_value);
+	 origin_value = NULL;
+
+	 if (passphrase && g_strcmp0(passphrase, "") != 0) {
+		 origin_value = send_cryptographic_request(passphrase,
+				 	 	 	 "DecryptPassphrase");
+
+		 if (!origin_value) {
+			 DBG("Decryption failed");
+		 } else {
+			 DBG("Decryption succeeded");
+			 ssid->passphrase = origin_value;
+		 }
+
+	 }
+	 g_free(passphrase);
+#endif
 	ssid->eap = connman_network_get_string(network, "WiFi.EAP");
 
 	/*
@@ -2615,10 +2704,39 @@ static bool handle_wps_completion(GSupplicantInterface *interface,
 		}
 
 		wps_key = g_supplicant_interface_get_wps_key(interface);
+#if defined TIZEN_EXT
+		/* Check the passphrase and encrypt it
+		 */
+		 gchar *encrypted_value = NULL;
+		 gchar *passphrase = g_strdup(wps_key);
+
+		 connman_network_set_string(network, "WiFi.PinWPS", NULL);
+
+		 if (check_passphrase_ext(network, passphrase) < 0) {
+			 DBG("[WPS] Invalid passphrase");
+			 g_free(passphrase);
+			 return true;
+		 }
+
+		 encrypted_value = send_cryptographic_request(passphrase, "EncryptPassphrase");
+
+		 g_free(passphrase);
+
+		 if (!encrypted_value) {
+			 DBG("[WPS] Encryption failed");
+			 return true;
+		 }
+		 DBG("[WPS] Encryption succeeded");
+		 connman_network_set_string(network, "WiFi.Passphrase",
+				 encrypted_value);
+		 g_free(encrypted_value);
+
+#else
 		connman_network_set_string(network, "WiFi.Passphrase",
 					wps_key);
 
 		connman_network_set_string(network, "WiFi.PinWPS", NULL);
+#endif
 	}
 
 	return true;
diff --git a/src/connman.h b/src/connman.h
index 658a239..57cfc87 100755
--- a/src/connman.h
+++ b/src/connman.h
@@ -823,6 +823,8 @@ void __connman_service_set_pac(struct connman_service *service,
 int __connman_service_get_connected_count_of_iface(struct connman_service *service);
 void __connman_service_set_proxy(struct connman_service *service,
                                        const char *proxies);
+int check_passphrase_ext(struct connman_network *network,
+					const char *passphrase);
 #endif
 bool __connman_service_is_hidden(struct connman_service *service);
 bool __connman_service_is_split_routing(struct connman_service *service);
diff --git a/src/service.c b/src/service.c
index 003b629..3d491a8 100755
--- a/src/service.c
+++ b/src/service.c
@@ -3960,7 +3960,14 @@ int __connman_service_set_passphrase(struct connman_service *service,
 	if (service->immutable &&
 			service->security != CONNMAN_SERVICE_SECURITY_8021X)
 		return -EINVAL;
-
+#if defined TIZEN_EXT
+	/* The encrypted passphrase is used here
+	 * and validation is done by net-config before being encrypted.
+	 */
+	if (service->security != CONNMAN_SERVICE_SECURITY_PSK &&
+			service->security != CONNMAN_SERVICE_SECURITY_RSN &&
+			service->security != CONNMAN_SERVICE_SECURITY_WEP)
+#endif
 	err = check_passphrase(service->security, passphrase);
 
 	if (err < 0)
@@ -8529,6 +8536,20 @@ static enum connman_service_security convert_wifi_security(const char *security)
 		return CONNMAN_SERVICE_SECURITY_UNKNOWN;
 }
 
+#if defined TIZEN_EXT
+int check_passphrase_ext(struct connman_network *network,
+					const char *passphrase)
+{
+	const char *str;
+	enum connman_service_security security;
+
+	str = connman_network_get_string(network, "WiFi.Security");
+	security = convert_wifi_security(str);
+
+	return check_passphrase(security, passphrase);
+}
+#endif
+
 static void update_from_network(struct connman_service *service,
 					struct connman_network *network)
 {
-- 
2.7.4