From patchwork Tue Nov 1 20:17:31 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: James Prestwood X-Patchwork-Id: 13027397 Received: from mail-pf1-f178.google.com (mail-pf1-f178.google.com [209.85.210.178]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 4F9A87E for ; Tue, 1 Nov 2022 20:17:55 +0000 (UTC) Received: by mail-pf1-f178.google.com with SMTP id y13so14485721pfp.7 for ; Tue, 01 Nov 2022 13:17:55 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:from:to:cc:subject:date:message-id:reply-to; bh=M4Yp6AA1FXvkE6qMPo7pF3xcKK+LRYMCI/7aXmF7FFw=; b=i4LpWDq3A2fJrogppRp0erM+feRX1KiYYozpYfuPKGqU0AxGOPYZxYgetAauJzkZHM hmWoFWqL2gb7fMsbFNfoeuXSZmimWkOtmxAuS5Z6wy4j8adNrvvZpYOpYQdBHjGZjcBv 9KbfXt1FFICfI0tBUq14XKhkzhmWUDjcpoCAKm34GTBJQASNP5h0+Kv283q2YL1BD+ya PyF4TkteQ1g5ObllzfzU/CX8CMsMHsQzEVKxjDFuM9tPn4EVHpG5i7ep6ldwQoDpNfnf d9TQkbb9eSIro0OxLpRn4xnMLGYmrdKyjVu2WgtoZNdEFEFOYrBLicleF4kzmk7KVJ+S t5JA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=M4Yp6AA1FXvkE6qMPo7pF3xcKK+LRYMCI/7aXmF7FFw=; b=acojGCy2ynTMM0mY+BAy+z2QDSaUcbXVpFCGCscndriJlCyEqjaBTtjzEzNLfFIlS3 5pvx+jIdZgz2Fkki3cr1kmwZ7KiwCP76/La7xqyDEF89Pfw+jtu34lUT3rB1xhbRCuF2 oCEOs8nGVzYh4020MVAuD+E6J3Olqnf777a6M0h3eN0TIq1v8NXpFBIaHVOOwm6MMTp1 80KZmIK4zKwi1TFpkUvKa+7WO1RKvwSC2e6d+9IBU3q981ivqktH4xKtF//U9x/drFjn Dis7JwGDQw9vdc5+lnaarVw+sq5EduyEAukYLhsJ9zHcp1i98Yf+ItViI6AF+cf/ybLy HaOg== X-Gm-Message-State: ACrzQf3BR9jLAylcyzzql6ZA+HLt1blY/lV28xLRPSrA0leUblD04UWX JqHrl+7YQcYO594ysWKjjir6o5p1asY= X-Google-Smtp-Source: AMsMyM4TTmzFZAY52Mym8GRN5oddIhMBlIZt+d7ujNQ4y+z0KxAtiJtAIwIVfB32b+v6k42yqgvltQ== X-Received: by 2002:a63:914b:0:b0:46e:dbd5:ae15 with SMTP id l72-20020a63914b000000b0046edbd5ae15mr18816907pge.94.1667333874482; Tue, 01 Nov 2022 13:17:54 -0700 (PDT) Received: from jprestwo-xps.none ([50.39.160.234]) by smtp.gmail.com with ESMTPSA id z15-20020a170903018f00b00180a7ff78ccsm6781681plg.126.2022.11.01.13.17.53 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 01 Nov 2022 13:17:54 -0700 (PDT) From: James Prestwood To: iwd@lists.linux.dev Cc: James Prestwood Subject: [PATCH 01/17] wiphy: add wiphy_get_supported_ciphers Date: Tue, 1 Nov 2022 13:17:31 -0700 Message-Id: <20221101201747.143379-1-prestwoj@gmail.com> X-Mailer: git-send-email 2.34.3 Precedence: bulk X-Mailing-List: iwd@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Similar to wiphy_select_cipher but returns all supported ciphers included in the mask rather than just one. --- src/wiphy.c | 5 +++++ src/wiphy.h | 2 ++ 2 files changed, 7 insertions(+) diff --git a/src/wiphy.c b/src/wiphy.c index bb83f814..10514572 100644 --- a/src/wiphy.c +++ b/src/wiphy.c @@ -180,6 +180,11 @@ enum ie_rsn_cipher_suite wiphy_select_cipher(struct wiphy *wiphy, uint16_t mask) return 0; } +uint16_t wiphy_get_supported_ciphers(struct wiphy *wiphy, uint16_t mask) +{ + return wiphy->supported_ciphers & mask; +} + static bool wiphy_can_connect_sae(struct wiphy *wiphy) { /* diff --git a/src/wiphy.h b/src/wiphy.h index 2c6bf86b..f8de7e0e 100644 --- a/src/wiphy.h +++ b/src/wiphy.h @@ -68,6 +68,8 @@ typedef void (*wiphy_destroy_func_t)(void *user_data); enum ie_rsn_cipher_suite wiphy_select_cipher(struct wiphy *wiphy, uint16_t mask); +uint16_t wiphy_get_supported_ciphers(struct wiphy *wiphy, uint16_t mask); + enum ie_rsn_akm_suite wiphy_select_akm(struct wiphy *wiphy, const struct scan_bss *bss, enum security security, From patchwork Tue Nov 1 20:17:32 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: James Prestwood X-Patchwork-Id: 13027398 Received: from mail-pf1-f181.google.com (mail-pf1-f181.google.com [209.85.210.181]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id E04FB1EA10 for ; Tue, 1 Nov 2022 20:17:55 +0000 (UTC) Received: by mail-pf1-f181.google.com with SMTP id m6so14528139pfb.0 for ; Tue, 01 Nov 2022 13:17:55 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=+SgPJKR2WAcaoWEQeb3b2tErOAn7cQvPlu0P7SL7rgc=; b=GTr9Mtn0ia7zj6DRLqwexLLCJCOyQDAEFxTAwVnk7svGIDmyB7kwTXbSjxITiEJGMw +M8jMTPuP9NcRnXxQ8RIGApYz37UeJ1Ayk9PSJXy9E4m8jtsY2pa7yDvynzn3ekqeeNK GJrN5E8ProiWqNkCLYC/Pclwqr3iJprne6/KeDOzAuXy8+cbWpfrcb/oLvJUJkUtNACE eX6o7TOTMmYleUmiv1bc7l09uDJdtPiU4tqj9Kznu6M01jiVpvFZZWEyYUXiy8z5H7a6 mfdA/u2MtlQSpEI3Fnt015yxyCBj+Yk3MyUzKJDNDKb71Y9jWS+Udl7k3BxHWM2esH44 mmVQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=+SgPJKR2WAcaoWEQeb3b2tErOAn7cQvPlu0P7SL7rgc=; b=S+9XtRxXkkH3qdO34ZHKEASp3O/RKQjsgLF4mnL67VVcNEzAw/bgjVV/k/9bGSiQtZ JVUFfsuSqxidfiq3BZhzhd/Nr+LLWlo/xm9vUl/vCMI77eVb7QYDb6WT3+xFztRAw8yJ ws5Ui8J3fopEOTc4YrBMnv15D9Aftfoql5l8OxCjTUHpLxgDMQMLTYd2K+YHqDEPwn9G 7BUMTnr9zx/M25py5cUwz6L99uNQWRkn23k+SIip6hwixHFIwn6ubMfYTQaTpqs5y/LR 65k2H3XNLod8Mo3iM/1YFgO/Gqkb5iUDzZqmBMSoZ3rJBN9+Gmf4FCQSP9e/dpSPc6ix bN7A== X-Gm-Message-State: ACrzQf0hBdaOSfR+FfdVZnN5iuxoQSSWBp0xZzCgy8H7qGTYiAHIAKVE 190BxQieCOC/uhTOORWfi2FhSPT0Xg4= X-Google-Smtp-Source: AMsMyM68S0EVZaifQJO3EJ3wmFHH4uDjTJ1nkd0ppXmwHs2qKB/x4SmAgeRdR22aXwsXgvSYD06K2Q== X-Received: by 2002:a63:f20a:0:b0:464:8c6:f27e with SMTP id v10-20020a63f20a000000b0046408c6f27emr18553087pgh.411.1667333875115; Tue, 01 Nov 2022 13:17:55 -0700 (PDT) Received: from jprestwo-xps.none ([50.39.160.234]) by smtp.gmail.com with ESMTPSA id z15-20020a170903018f00b00180a7ff78ccsm6781681plg.126.2022.11.01.13.17.54 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 01 Nov 2022 13:17:54 -0700 (PDT) From: James Prestwood To: iwd@lists.linux.dev Cc: James Prestwood Subject: [PATCH 02/17] ie: add group/pairwise lists of supported ciphers Date: Tue, 1 Nov 2022 13:17:32 -0700 Message-Id: <20221101201747.143379-2-prestwoj@gmail.com> X-Mailer: git-send-email 2.34.3 In-Reply-To: <20221101201747.143379-1-prestwoj@gmail.com> References: <20221101201747.143379-1-prestwoj@gmail.com> Precedence: bulk X-Mailing-List: iwd@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 The validation of these ciphers for station is done when parsing the BSS RSNE but for AP mode there is no such validation and potentially any supported cipher could be chosen, even if its incompatible for the type of key. --- src/ie.h | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) diff --git a/src/ie.h b/src/ie.h index 53311854..c9a6c783 100644 --- a/src/ie.h +++ b/src/ie.h @@ -401,6 +401,25 @@ static inline bool IE_CIPHER_IS_GCMP_CCMP(uint32_t cipher_suite) IE_RSN_CIPHER_SUITE_GCMP_256); } +#define IE_GROUP_CIPHERS \ +( \ + IE_RSN_CIPHER_SUITE_TKIP | \ + IE_RSN_CIPHER_SUITE_CCMP | \ + IE_RSN_CIPHER_SUITE_GCMP | \ + IE_RSN_CIPHER_SUITE_GCMP_256 | \ + IE_RSN_CIPHER_SUITE_CCMP_256 \ +) + +/* + * Since WEP is unsupported we can just use the group cipher list with + * "Use group cipher" appended + */ +#define IE_PAIRWISE_CIPHERS \ +( \ + IE_GROUP_CIPHERS | \ + IE_RSN_CIPHER_SUITE_USE_GROUP_CIPHER \ +) + #define IE_LEN(ie) \ ((ie) ? (ie)[1] + 2 : 0) From patchwork Tue Nov 1 20:17:33 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: James Prestwood X-Patchwork-Id: 13027399 Received: from mail-pg1-f174.google.com (mail-pg1-f174.google.com [209.85.215.174]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 9203F1EA11 for ; Tue, 1 Nov 2022 20:17:56 +0000 (UTC) Received: by mail-pg1-f174.google.com with SMTP id b62so4008963pgc.0 for ; Tue, 01 Nov 2022 13:17:56 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=JTzcns9s964zfXLhnNW1ut1TqxoVeZtTMpQTveIVTU8=; b=BqeciXp2EBK7ktkLscmIW7Dvtn1MYwaZwALT6bQb35TePYkdbPYTxLeZR5DDamUVqd fglw+k/L1217VqVZAzLN/mVJiY4HUft4OST3k9dAyh9B9tCt4VyB3L54VeWOB9gUstBM KJObG80QeOVZWLGOB7JNMUMAL7V/ll5x8n/UiIDiZgi5ZoTPa251OKMNriuo0sH+wsmB PmOgy/wfHgb8zR4Pxw4c8NX8KsmyJZZjH57rr6rKrWfEHIRUiF9RkcXUS+/E80aXzDBX wKCWdLhi+qQ2FVDnLD071HirTRiAp3x54cDvpphvAEGfYmd96cfsQTtP2fLNuGvoZTnO OHdg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=JTzcns9s964zfXLhnNW1ut1TqxoVeZtTMpQTveIVTU8=; b=zzYARRPD0b4mko0RHWLM5eWYacZU+EFnlFAwtHMIbmF3TXdmyH9wj0JeyOu2Q5DHHL H1mNX57Ec4Dphl82FgO6bDtmuZo2DW8OHlLWJGM33zqagt9h3ZMPtcnwcKA8K626NwlK MLCPcMDRUGhTjKchX/LFaUza120FMpzZu3/bm2AEqa0lnmhQht5xg1NfivmweBdcrLQ9 +JrIlnYMjMaUBFobXHKULIMCoLYJtO8MzFur2+YoLCzI5LgalaQnPs3c1PPdP+pbo+Tg M2Izmzz8LWiT18zx1rtTAmLn60IrKJgAHPAzzgUaqBbJkBxnptFkxloPUXeiyRUF4AT/ CDMg== X-Gm-Message-State: ACrzQf34e7z30ZJI5w9yLUHSrjD9v7Cyy87GpGB3L3qmg6lFuQWZY6EP VPqo5qUKg8NEgqw38SfA3kmotRuATfk= X-Google-Smtp-Source: AMsMyM4QphRfd5FKhQTrSgqcaTzxUy8uH95yMxzxCq/LbNQNJPcMnA8mTYzd1TjpkpAcRZw+Jl757g== X-Received: by 2002:a05:6a00:993:b0:56c:80f6:db5 with SMTP id u19-20020a056a00099300b0056c80f60db5mr21281446pfg.45.1667333875859; Tue, 01 Nov 2022 13:17:55 -0700 (PDT) Received: from jprestwo-xps.none ([50.39.160.234]) by smtp.gmail.com with ESMTPSA id z15-20020a170903018f00b00180a7ff78ccsm6781681plg.126.2022.11.01.13.17.55 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 01 Nov 2022 13:17:55 -0700 (PDT) From: James Prestwood To: iwd@lists.linux.dev Cc: James Prestwood Subject: [PATCH 03/17] ap: add profile settings PairwiseCiphers/GroupCipher Date: Tue, 1 Nov 2022 13:17:33 -0700 Message-Id: <20221101201747.143379-3-prestwoj@gmail.com> X-Mailer: git-send-email 2.34.3 In-Reply-To: <20221101201747.143379-1-prestwoj@gmail.com> References: <20221101201747.143379-1-prestwoj@gmail.com> Precedence: bulk X-Mailing-List: iwd@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 These can now be optionally provided in an AP profile and provide a way to limit what ciphers can be chosen. This still is dependent on what the hardware supports. --- src/ap.c | 75 +++++++++++++++++++++++++++++++++++++++++++++++++++----- 1 file changed, 69 insertions(+), 6 deletions(-) diff --git a/src/ap.c b/src/ap.c index 2939a9c1..834fa089 100644 --- a/src/ap.c +++ b/src/ap.c @@ -3132,12 +3132,38 @@ static bool ap_load_psk(struct ap_state *ap, const struct l_settings *config) return true; } +/* + * Note: only PTK/GTK ciphers are supported here since this is all these are + * used for. + */ +static enum ie_rsn_cipher_suite ap_string_to_cipher(const char *str) +{ + if (!strcmp(str, "UseGroupCipher")) + return IE_RSN_CIPHER_SUITE_USE_GROUP_CIPHER; + else if (!strcmp(str, "TKIP")) + return IE_RSN_CIPHER_SUITE_TKIP; + else if (!strcmp(str, "CCMP-128") || !strcmp(str, "CCMP")) + return IE_RSN_CIPHER_SUITE_CCMP; + else if (!strcmp(str, "GCMP-128") || !strcmp(str, "GCMP")) + return IE_RSN_CIPHER_SUITE_GCMP; + else if (!strcmp(str, "GCMP-256")) + return IE_RSN_CIPHER_SUITE_GCMP_256; + else if (!strcmp(str, "CCMP-256")) + return IE_RSN_CIPHER_SUITE_CCMP_256; + else + return 0; +} + static int ap_load_config(struct ap_state *ap, const struct l_settings *config, bool *out_cck_rates) { + struct wiphy *wiphy = netdev_get_wiphy(ap->netdev); size_t len; L_AUTO_FREE_VAR(char *, strval) = NULL; + _auto_(l_strv_free) char **ciphers_str; + uint16_t cipher_mask; int err; + int i; strval = l_settings_get_string(config, "General", "SSID"); if (L_WARN_ON(!strval)) @@ -3212,6 +3238,8 @@ static int ap_load_config(struct ap_state *ap, const struct l_settings *config, l_error("AP [WSC].PrimaryDeviceType format unknown"); return -EINVAL; } + + l_free(l_steal_ptr(strval)); } else { /* Make ourselves a WFA standard PC by default */ ap->wsc_primary_device_type.category = 1; @@ -3260,6 +3288,47 @@ static int ap_load_config(struct ap_state *ap, const struct l_settings *config, } else *out_cck_rates = true; + cipher_mask = wiphy_get_supported_ciphers(wiphy, IE_PAIRWISE_CIPHERS); + ciphers_str = l_settings_get_string_list(config, "Security", + "PairwiseCiphers", ','); + for (i = 0; ciphers_str && ciphers_str[i]; i++) { + enum ie_rsn_cipher_suite cipher = + ap_string_to_cipher(ciphers_str[i]); + + /* + * Constrain list to only values in both supported ciphers and + * the cipher list provided. + */ + if (!cipher || !(cipher & cipher_mask)) { + l_error("Unsupported or unknown cipher %s", + ciphers_str[i]); + return -ENOTSUP; + } + + ap->ciphers |= cipher; + } + + /* No list provided, just set to all supported ciphers */ + if (!ap->ciphers) + ap->ciphers = cipher_mask; + + cipher_mask = wiphy_get_supported_ciphers(wiphy, IE_GROUP_CIPHERS); + + strval = l_settings_get_string(config, "Security", "GroupCipher"); + if (strval) { + enum ie_rsn_cipher_suite cipher = ap_string_to_cipher(strval); + + if (!cipher || !(cipher & cipher_mask)) { + l_error("Unsupported or unknown cipher %s", strval); + return -ENOTSUP; + } + + ap->group_cipher = cipher; + + l_free(l_steal_ptr(strval)); + } else + ap->group_cipher = wiphy_select_cipher(wiphy, cipher_mask); + return 0; } @@ -3302,12 +3371,6 @@ struct ap_state *ap_start(struct netdev *netdev, struct l_settings *config, err = -EINVAL; - /* TODO: Add all ciphers supported by wiphy */ - ap->ciphers = wiphy_select_cipher(wiphy, IE_RSN_CIPHER_SUITE_TKIP | - IE_RSN_CIPHER_SUITE_CCMP); - ap->group_cipher = wiphy_select_cipher(wiphy, - IE_RSN_CIPHER_SUITE_TKIP | - IE_RSN_CIPHER_SUITE_CCMP); ap->beacon_interval = 100; ap->networks = l_queue_new(); From patchwork Tue Nov 1 20:17:34 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: James Prestwood X-Patchwork-Id: 13027400 Received: from mail-pg1-f178.google.com (mail-pg1-f178.google.com [209.85.215.178]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 686541EA16 for ; Tue, 1 Nov 2022 20:17:57 +0000 (UTC) Received: by mail-pg1-f178.google.com with SMTP id b62so4008991pgc.0 for ; Tue, 01 Nov 2022 13:17:57 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=bOKtes0ZltwVRHNBy0LfGmRjRzyXYFUiWaVb+96yY0U=; b=N6xCgH+/1O7YtrruDWICgJV4kYU0NL+YIBOTRSrBLu5hE+E3q2mN3awb4cRuDw4EEW TqFz82fgPr2A9oCGp/0hIono4Tl0U0im4RoCESNF5cmHR3MpimVAaqK8i1aA3FrIJnqx AUhqemkCZgGUh9E1E3hxwUYejfQ4IwQtns8MIOh0zp6RSkrdS9HdL8OW1lr2PTB6hp5a ffai14dwCddJyRHjwzhUY1r9Z7KJ+60C90qad+mtP95MAd2MLoztr6L68b+XjRxZeyyq H9tDm7oybmAy9NZpTG0hdZBkmjQgTYrmc2plq6cRo+A9WnAwpSuogyCa2DaxRI3j+xXg se8Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=bOKtes0ZltwVRHNBy0LfGmRjRzyXYFUiWaVb+96yY0U=; b=GaMQIFSsIovmX9xTy90gups+Ft6I+qrbBtmT4fx8PGPhu1EBe1hSg2kMJ7ayBnHDh5 xuxlt01d4CMGgzD60GUNAffwJ49Bg4dz+ecHkL0ZOSrSu4MbzLVyhw/dstNWhtJ4OXt+ Tc0hGpA5ivbRKoZbDN3FXVdECUU9vFUicCe7Ts+F4CpZjR/Ink4AdiGGAfm1ts3vn1GH HJ3ZkwCE2Ct82DmTQBOKxYrrwuoQhvCOAKS5EJtQIzpeFEUjm19jukZ10SMp4iccUorU oiqpdJulwn8XHJ9a/PONoQH7U94yng4SmPyyZMWHQUrzsr29ZfeV/ValGlm3+r0xs7bS U/QQ== X-Gm-Message-State: ACrzQf0bNIWND2tmbsoWmOtD93VPwfC2TnLnoeI6Qsu4EzAqtb+v8Azv 4E2QyOAxFqOir3+pCIcxE7WlxBSqW4E= X-Google-Smtp-Source: AMsMyM4o8xyRGXEkVk8WAenBDnN7FmzZfLqUAyN7UH9YOBCoM0zd8QX3y1iN/ZucyVRCo/cJl3ogPA== X-Received: by 2002:a63:7304:0:b0:46a:faa5:700f with SMTP id o4-20020a637304000000b0046afaa5700fmr18891302pgc.253.1667333876547; Tue, 01 Nov 2022 13:17:56 -0700 (PDT) Received: from jprestwo-xps.none ([50.39.160.234]) by smtp.gmail.com with ESMTPSA id z15-20020a170903018f00b00180a7ff78ccsm6781681plg.126.2022.11.01.13.17.55 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 01 Nov 2022 13:17:56 -0700 (PDT) From: James Prestwood To: iwd@lists.linux.dev Cc: James Prestwood Subject: [PATCH 04/17] p2p: limit ciphers to CCMP/TKIP Date: Tue, 1 Nov 2022 13:17:34 -0700 Message-Id: <20221101201747.143379-4-prestwoj@gmail.com> X-Mailer: git-send-email 2.34.3 In-Reply-To: <20221101201747.143379-1-prestwoj@gmail.com> References: <20221101201747.143379-1-prestwoj@gmail.com> Precedence: bulk X-Mailing-List: iwd@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 The limitation of cipher selection in ap.c was done so to allow p2p to work. Now with the ability to specify ciphers in the AP config put the burden on p2p to limit ciphers as it needs. --- src/p2p.c | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/src/p2p.c b/src/p2p.c index cfd8560a..ad2ac39f 100644 --- a/src/p2p.c +++ b/src/p2p.c @@ -1234,6 +1234,8 @@ static void p2p_group_start(struct p2p_device *dev) ((uint64_t) pdt->oui[2] << 24) | ((uint64_t) pdt->oui_type << 16) | pdt->subcategory; + char *ciphers[] = { "TKIP", "CCMP", NULL }; + uint16_t cipher; l_settings_set_string(config, "General", "SSID", dev->go_group_id.ssid); l_settings_set_uint(config, "General", "Channel", dev->listen_channel); @@ -1273,6 +1275,19 @@ static void p2p_group_start(struct p2p_device *dev) /* Enable netconfig, set maximum usable DHCP lease time */ l_settings_set_uint(config, "IPv4", "LeaseTime", 0x7fffffff); + l_settings_set_string_list(config, "Security", "PairwiseCiphers", + ciphers, ','); + + /* TODO: P2P only plays nice with CCMP or TKIP ciphers currently */ + cipher = wiphy_select_cipher(dev->wiphy, IE_RSN_CIPHER_SUITE_TKIP | + IE_RSN_CIPHER_SUITE_CCMP); + if (cipher == IE_RSN_CIPHER_SUITE_CCMP) + l_settings_set_string(config, "Security", "GroupCipher", + "CCMP"); + else + l_settings_set_string(config, "Security", "GroupCipher", + "TKIP"); + dev->capability.group_caps |= P2P_GROUP_CAP_GO; dev->capability.group_caps |= P2P_GROUP_CAP_GROUP_FORMATION; dev->capability.group_caps |= P2P_GROUP_CAP_IP_ALLOCATION; From patchwork Tue Nov 1 20:17:35 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: James Prestwood X-Patchwork-Id: 13027401 Received: from mail-pg1-f174.google.com (mail-pg1-f174.google.com [209.85.215.174]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id E08E42F29 for ; Tue, 1 Nov 2022 20:17:57 +0000 (UTC) Received: by mail-pg1-f174.google.com with SMTP id q71so14382742pgq.8 for ; Tue, 01 Nov 2022 13:17:57 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=2hOQw+JM1kFwufhWmlhEirrnvCVU7Fu5LUTGIzej0To=; b=Fe24rWl9vs7HOdMB5fvsIEFqmcmdfNrmGp82P4kDT9Aw7q0n+Jw8slTNsuPAS1NGtQ sE6sYte3roC6fYbUuXCfAB3DcRSvr736rKpZASNxAf8FQPxK3XeORBLhwEfeRu7E4dqi bGRdehVm4rjti66slxhyTqvOSvCl9IW9nSLsMjmi9gQGoPkHVzTwSsH6YwZg7AU5fL5S 2EdU1y54zv1IbPmZJU0Av/TEE6Qn6eY8/O1AnUkOtmC48GpiDmr/VTSPYBIId93SoKup 1kUPq1wmVLk9deEcrEwkj9mxsQpkZKmsi925f3cAj+o+4O2vP+CagxJzxmbcF+hMilUN TGaA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=2hOQw+JM1kFwufhWmlhEirrnvCVU7Fu5LUTGIzej0To=; b=GPIIK0w0FeYXiSpptbWmCyXQGe5opB1S/lB2DfuNex6gcFy1zxgGIcjxgWJY+rerdk ZbkoknqGexaqwrjrV0NOqZrukaa/PEEdsB8Uai1Y1ADsuQpxIeRgLTJkASrbXmuCPIR4 dhSlO+tPNbJV9L/4o3fCGwzNbpCe3BQgiuRV2ML0RdcFNaZ51hqIm6NOxBobpDkyS0Qx FaMTnKRSn2GOTrKzxrS4m89f7GWi9dEN34/LAkgJjXD4kbDdn+L4bbDhaN8uHmqVjzKi 4e602s2MdHvWxSSFwma6hNk34T64kmVt5BZOayZQ8hAqcus+40GJ4z7A0sWjdM8s/DcG moYQ== X-Gm-Message-State: ACrzQf36SWkGTtf0pSM45Z/93+pX3DC7/FvsnpmIw/jzS8u0U1F0PnVG PoL8dWAKy5THJ83es7Vufp4BSUEoa4g= X-Google-Smtp-Source: AMsMyM6QywjAYFc+70LUhHO7uQPVUtZHozob3yHaI2B++zMEeyWNnEqMR19WOqlek9uf+j9WFVBaBg== X-Received: by 2002:a63:5319:0:b0:46f:c6e0:661 with SMTP id h25-20020a635319000000b0046fc6e00661mr9910797pgb.571.1667333877196; Tue, 01 Nov 2022 13:17:57 -0700 (PDT) Received: from jprestwo-xps.none ([50.39.160.234]) by smtp.gmail.com with ESMTPSA id z15-20020a170903018f00b00180a7ff78ccsm6781681plg.126.2022.11.01.13.17.56 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 01 Nov 2022 13:17:56 -0700 (PDT) From: James Prestwood To: iwd@lists.linux.dev Cc: James Prestwood Subject: [PATCH 05/17] doc: document PairwiseCiphers/GroupCiphers AP settings Date: Tue, 1 Nov 2022 13:17:35 -0700 Message-Id: <20221101201747.143379-5-prestwoj@gmail.com> X-Mailer: git-send-email 2.34.3 In-Reply-To: <20221101201747.143379-1-prestwoj@gmail.com> References: <20221101201747.143379-1-prestwoj@gmail.com> Precedence: bulk X-Mailing-List: iwd@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 --- src/iwd.ap.rst | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/src/iwd.ap.rst b/src/iwd.ap.rst index 5fa23179..ade09e07 100644 --- a/src/iwd.ap.rst +++ b/src/iwd.ap.rst @@ -82,6 +82,21 @@ configuration. Processed passphrase for this network in the form of a hex-encoded 32-byte pre-shared key. Either this or *Passphrase* must be present. + * - PairwiseCiphers + - Comma separated list of pairwise ciphers for the AP supports. + + Values can include: TKIP, CCMP, GCMP, GCMP-256, CCMP-256 + + The underlying hardware and IWD's AP implementation must also support the + ciphers listed, currently only TKIP and CCMP. + + * - GroupCipher + - Group cipher the AP uses + + A single cipher value the AP can use as the group cipher. Values are the + same as pairwise ciphers and the same restrictions apply (hardware and + IWD implementation must support the cipher) + IPv4 Network Configuration -------------------------- From patchwork Tue Nov 1 20:17:36 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: James Prestwood X-Patchwork-Id: 13027402 Received: from mail-pf1-f173.google.com (mail-pf1-f173.google.com [209.85.210.173]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 935371EA11 for ; Tue, 1 Nov 2022 20:17:58 +0000 (UTC) Received: by mail-pf1-f173.google.com with SMTP id v28so14310585pfi.12 for ; Tue, 01 Nov 2022 13:17:58 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=ZehA54EXLoFpuihBQqE/s3qSP5Wr2j1HNX08mqpwWi8=; b=jyrcetSLIXPrMMhNnTjF6n1+G0Ai5mkpqSeGKdbinCRKDPImTNVTFGKMJSc485avEv gfoUhMrjnRRK9Is4V8ny/YW39lP/2EeM67V+rk/Z7tz09cass9OU2um2bsbn+SitQzMW DQsO/lShOvXwx9wHhvOMnY+Tv92hgrherR71psIpk5PRDCr4DFObXS0lg98OI9sZRknk s0IRqDX8Vxx3e6K9uB0N31xLpiNgFQq5NyunmnB74JmnN1FWI8mnPN5EawljMaBvOeWo qaKFlAhPr6bc6RAU1d26EemU8IYnpJPNUgObRC8KX2iSyAln8/zaDXeJCl8edtY66hk/ ndDg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=ZehA54EXLoFpuihBQqE/s3qSP5Wr2j1HNX08mqpwWi8=; b=xa/A24+0ZWLrRPxdQ+u1A2Cf+kj4ylUrES0vgvDPdK78lkGr4ofT9oRXDrvYIbqmZW vyuHXQsSRGBDXsAF2GcFlUyECcVVAT7MPJH+Y6GR14unadMdDaAo0GG5/WF5KQjkcbCl mQKpqQIOHp76XqD7DjieApw/oFMuULzUk7df0Cv8pRFs5SSbAoX9qtINEmImZ39B2743 ESkImNCvtls6pxCyC84nE6Rgk13+FlP1hoYqSHJAmMajvWNzEIRNaCFSKeLCTaujM309 jtfuUgq2XShPNdNDd8ldjyIacyw68VJJJdxoPD4xX+0pUBNIse0aylphr1ZoCG2xeFWQ mJew== X-Gm-Message-State: ACrzQf2MYrlNt0YhZ06kHcVN87goR7n4o6bkPcCoacQH5OLhEiH+caUN IPkThqC2zHwOy4bmjIb8UmiFWj916Uc= X-Google-Smtp-Source: AMsMyM6HUpdHUzczlzYe6DauywLkO+kSA89+08n6aOXQuV6IcZuob69iOGNrlxriXtpkfh2CfO5CfA== X-Received: by 2002:aa7:8750:0:b0:56c:318a:f811 with SMTP id g16-20020aa78750000000b0056c318af811mr21172640pfo.14.1667333877911; Tue, 01 Nov 2022 13:17:57 -0700 (PDT) Received: from jprestwo-xps.none ([50.39.160.234]) by smtp.gmail.com with ESMTPSA id z15-20020a170903018f00b00180a7ff78ccsm6781681plg.126.2022.11.01.13.17.57 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 01 Nov 2022 13:17:57 -0700 (PDT) From: James Prestwood To: iwd@lists.linux.dev Cc: James Prestwood Subject: [PATCH 06/17] ap: add frequency to AP interface Date: Tue, 1 Nov 2022 13:17:36 -0700 Message-Id: <20221101201747.143379-6-prestwoj@gmail.com> X-Mailer: git-send-email 2.34.3 In-Reply-To: <20221101201747.143379-1-prestwoj@gmail.com> References: <20221101201747.143379-1-prestwoj@gmail.com> Precedence: bulk X-Mailing-List: iwd@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 --- src/ap.c | 23 +++++++++++++++++++++++ 1 file changed, 23 insertions(+) diff --git a/src/ap.c b/src/ap.c index 834fa089..baf90c1b 100644 --- a/src/ap.c +++ b/src/ap.c @@ -3676,6 +3676,9 @@ static void ap_if_event_func(enum ap_event_type type, const void *event_data, l_dbus_property_changed(dbus_get_bus(), netdev_get_path(ap_if->netdev), IWD_AP_INTERFACE, "Name"); + l_dbus_property_changed(dbus_get_bus(), + netdev_get_path(ap_if->netdev), + IWD_AP_INTERFACE, "Frequency"); l_rtnl_set_linkmode_and_operstate(rtnl, netdev_get_ifindex(ap_if->netdev), @@ -4026,6 +4029,24 @@ static bool ap_dbus_property_get_scanning(struct l_dbus *dbus, return true; } +static bool ap_dbus_property_get_freq(struct l_dbus *dbus, + struct l_dbus_message *message, + struct l_dbus_message_builder *builder, + void *user_data) +{ + struct ap_if_data *ap_if = user_data; + uint32_t freq; + + if (!ap_if->ap || !ap_if->ap->started) + return false; + + freq = band_channel_to_freq(ap_if->ap->channel, BAND_FREQ_2_4_GHZ); + + l_dbus_message_builder_append_basic(builder, 'u', &freq); + + return true; +} + static void ap_setup_interface(struct l_dbus_interface *interface) { l_dbus_interface_method(interface, "Start", 0, ap_dbus_start, "", @@ -4045,6 +4066,8 @@ static void ap_setup_interface(struct l_dbus_interface *interface) ap_dbus_property_get_name, NULL); l_dbus_interface_property(interface, "Scanning", 0, "b", ap_dbus_property_get_scanning, NULL); + l_dbus_interface_property(interface, "Frequency", 0, "u", + ap_dbus_property_get_freq, NULL); } static void ap_destroy_interface(void *user_data) From patchwork Tue Nov 1 20:17:37 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: James Prestwood X-Patchwork-Id: 13027403 Received: from mail-pf1-f172.google.com (mail-pf1-f172.google.com [209.85.210.172]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 5D0B62F29 for ; Tue, 1 Nov 2022 20:17:59 +0000 (UTC) Received: by mail-pf1-f172.google.com with SMTP id 192so14494399pfx.5 for ; Tue, 01 Nov 2022 13:17:59 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=EEfGkuCQYYxcGbbfjR6N6mc6MQeYVXrumfh75c4m1EE=; b=fxIU+z0eUWksYM0oUib8xvEoEj1bqX4jOOG/y2iNyYSAZ/RT9ysUQwvDluCro1Bzk/ YGm5OXrgbDNjjqMTQc0XBOM6pH9rNXqBOwuq7aWxzMXkpiPyilZI01gAA/COmbb7bKK7 nci1AbxWFbf4Kp+3ZFEU63cnEhs3tiatZFmBmGcUQYK4QbvAjBL6a3azXm/0eEIjsa0o 46TTeAZAz2T1QBX/xVshKkXRD7DC0tDca+M1K+LVkFD0XpNrnyQQesNFbqsjiw0yp+cP X52iNt9IkIDRJ/tCNLoKsfLjVYyI5xt4TQZlSo8ny5879QeF+wqid0J6ZrP2+lKi+Bf4 odkA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=EEfGkuCQYYxcGbbfjR6N6mc6MQeYVXrumfh75c4m1EE=; b=2BSQQlZn8RO8EBsSbAS0czR3Jnctb7aL0B72pKxH/sXzhK9G72QxiCbA+etzRUSYzf 9Y03qwrJiOHeFscRn/CMgnTydHXfVQjLTb4SV1u1g0FQ/U5zU2WXFi9hsln50XvjzOvU ALN0hcyKjsjj+Z1ynsO2eFQdAyxAotqnY0Jr8Ny9YfoghsooLDp9wi1OHWCVLaACN659 JHLNLF7GyDU1QQb9sFG/dJGl0xfSeSgHOZVuT/LGsz0CxFH1qHyx2Z4TJY7hnEmopW1b N5SBMtWNJd4Ye5gdCox56iglqP0NHOcmx9dKHbNQaGTntqJoi9b+eUS/V1uWsTwUQ6dX 5IFw== X-Gm-Message-State: ACrzQf0ZSm4ej8iA1zulsiN+rjhFGcktPVKegGNfYlsD+ddg5TKfyNSQ HLr3RGELPdX8Z3mgha9Yx8/dDMaUiQ4= X-Google-Smtp-Source: AMsMyM52PptedxG6oW8/0WnMimK0vWK3vs7Ib6aejKzE0oCyx1IPGRw2VL4LjYt1a6HZNYJfky4vww== X-Received: by 2002:aa7:814a:0:b0:56c:c538:f100 with SMTP id d10-20020aa7814a000000b0056cc538f100mr191300pfn.58.1667333878682; Tue, 01 Nov 2022 13:17:58 -0700 (PDT) Received: from jprestwo-xps.none ([50.39.160.234]) by smtp.gmail.com with ESMTPSA id z15-20020a170903018f00b00180a7ff78ccsm6781681plg.126.2022.11.01.13.17.58 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 01 Nov 2022 13:17:58 -0700 (PDT) From: James Prestwood To: iwd@lists.linux.dev Cc: James Prestwood Subject: [PATCH 07/17] client: show frequency with ap show Date: Tue, 1 Nov 2022 13:17:37 -0700 Message-Id: <20221101201747.143379-7-prestwoj@gmail.com> X-Mailer: git-send-email 2.34.3 In-Reply-To: <20221101201747.143379-1-prestwoj@gmail.com> References: <20221101201747.143379-1-prestwoj@gmail.com> Precedence: bulk X-Mailing-List: iwd@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 --- client/ap.c | 26 ++++++++++++++++++++++++++ 1 file changed, 26 insertions(+) diff --git a/client/ap.c b/client/ap.c index b8849a1b..4ce727de 100644 --- a/client/ap.c +++ b/client/ap.c @@ -36,6 +36,7 @@ struct ap { bool started; char *name; bool scanning; + uint32_t freq; }; static void *ap_create(void) @@ -126,10 +127,35 @@ static const char *get_scanning_tostr(const void *data) return ap->scanning ? "yes" : "no"; } +static void update_freq(void *data, struct l_dbus_message_iter *variant) +{ + struct ap *ap = data; + uint32_t value; + + if (!l_dbus_message_iter_get_variant(variant, "u", &value)) { + ap->freq = 0; + + return; + } + + ap->freq = value; +} + +static const char *get_freq_tostr(const void *data) +{ + const struct ap *ap = data; + static char str[5]; + + sprintf(str, "%u", ap->freq); + + return str; +} + static const struct proxy_interface_property ap_properties[] = { { "Started", "b", update_started, get_started_tostr }, { "Name", "s", update_name, get_name_tostr }, { "Scanning", "b", update_scanning, get_scanning_tostr }, + { "Frequency", "u", update_freq, get_freq_tostr }, { } }; From patchwork Tue Nov 1 20:17:38 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: James Prestwood X-Patchwork-Id: 13027411 Received: from mail-pf1-f171.google.com (mail-pf1-f171.google.com [209.85.210.171]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id B0A1C21D51 for ; Tue, 1 Nov 2022 20:18:04 +0000 (UTC) Received: by mail-pf1-f171.google.com with SMTP id 130so14496484pfu.8 for ; Tue, 01 Nov 2022 13:18:04 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=xkYcLD3Uu8NA8QkrLyCBQllIjYcPzer+iB69Jx3h3fc=; b=mGiLLomIJryn1V4wUWBIBmgJ2XIGCukFM5dbzvtEUUSotYQ0Fj0XbROpHqW4LudH44 uO4qLDi41QC6wZWl4ADU9Nkj2IUo+wQsZbYh4uZ8Si5RYC6ZXbm9Mhs15SFXNA3YeSYA eAfa8pDbwyRz+iQ0f8PyvwVjyE8t+TSa/zF6yOK+qWVLQccvkzwnb5pD/NV67Ras0wPN SNLnmwUuywTPqWHlmRe5SjJOEQFYoC4yFo0Zgpg6Lz1Ss+dvsyBKZBs+sQKZqxOa8tAt Hn/iKqtPrntJjGuv7tNLGF5wQhgFSTUjWuakKgKXc3MgyGCYaVW8oBjirdsgudbIcVEG lPcg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=xkYcLD3Uu8NA8QkrLyCBQllIjYcPzer+iB69Jx3h3fc=; b=ZaAOlOLvFfMZao1aDrdsiLd6y+HsItDIuodL2kGJYIfRQ2PEvUVeWTTCFL2QXZwAsg MXfFna8CBp3p1zfRi0xqBf40ojY4KAK3BDYduzZPbU+iuIfdyDV3ur64rVGmqSdDhuGB 6QD4CQULdwLQAJn6sSPQ5BspmW2HiTQasxM9m2rtBgbWw+2Fio4Seltrpvk/oot4VGoK DOQCddya2Ci3sNTMZpACdmfj+nq1Sd00XIqUqpLiei6TEt8MwrsjpNsavv7nJbT5YNto z3Q+NULTzdwEvzsqF0V8jrViLKjQEvK3iLfNmPz5jCGPIsvRYhci1/IHbzq4CRGYvqu1 1QwQ== X-Gm-Message-State: ACrzQf0CyPJZs3qmHIxxmsePHwHajBEAGNBrXgE5xXspFpxgQvt8duzL KYL33qltcfnx/fbNqhl4QOzsGyfbUCQ= X-Google-Smtp-Source: AMsMyM6Q+pxv6rpQ+OsLm5MbHCnC+qfj4EWPRSptAHoIxIDvG+PDAr28Ma781Fd5abDqFekGH36/sA== X-Received: by 2002:a63:c14:0:b0:456:d887:c83 with SMTP id b20-20020a630c14000000b00456d8870c83mr19109318pgl.53.1667333879354; Tue, 01 Nov 2022 13:17:59 -0700 (PDT) Received: from jprestwo-xps.none ([50.39.160.234]) by smtp.gmail.com with ESMTPSA id z15-20020a170903018f00b00180a7ff78ccsm6781681plg.126.2022.11.01.13.17.58 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 01 Nov 2022 13:17:58 -0700 (PDT) From: James Prestwood To: iwd@lists.linux.dev Cc: James Prestwood Subject: [PATCH 08/17] ap: add PairwiseCiphers/GroupCipher to dbus interface Date: Tue, 1 Nov 2022 13:17:38 -0700 Message-Id: <20221101201747.143379-8-prestwoj@gmail.com> X-Mailer: git-send-email 2.34.3 In-Reply-To: <20221101201747.143379-1-prestwoj@gmail.com> References: <20221101201747.143379-1-prestwoj@gmail.com> Precedence: bulk X-Mailing-List: iwd@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Expose these values on the DBus interface so clients can view them. --- src/ap.c | 67 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 67 insertions(+) diff --git a/src/ap.c b/src/ap.c index baf90c1b..a6618c23 100644 --- a/src/ap.c +++ b/src/ap.c @@ -3154,6 +3154,25 @@ static enum ie_rsn_cipher_suite ap_string_to_cipher(const char *str) return 0; } +static char *ap_ciphers_to_string(uint16_t ciphers) +{ + uint16_t i; + char **list = l_strv_new(); + char *ret; + + for (i = 0; i < 16; i++) { + if (!(ciphers & (1 << i))) + continue; + + list = l_strv_append(list, + ie_rsn_cipher_suite_to_string(1 << i)); + } + + ret = l_strjoinv(list, ','); + l_strv_free(list); + return ret; +} + static int ap_load_config(struct ap_state *ap, const struct l_settings *config, bool *out_cck_rates) { @@ -3679,6 +3698,12 @@ static void ap_if_event_func(enum ap_event_type type, const void *event_data, l_dbus_property_changed(dbus_get_bus(), netdev_get_path(ap_if->netdev), IWD_AP_INTERFACE, "Frequency"); + l_dbus_property_changed(dbus_get_bus(), + netdev_get_path(ap_if->netdev), + IWD_AP_INTERFACE, "PairwiseCiphers"); + l_dbus_property_changed(dbus_get_bus(), + netdev_get_path(ap_if->netdev), + IWD_AP_INTERFACE, "GroupCipher"); l_rtnl_set_linkmode_and_operstate(rtnl, netdev_get_ifindex(ap_if->netdev), @@ -4047,6 +4072,44 @@ static bool ap_dbus_property_get_freq(struct l_dbus *dbus, return true; } +static bool ap_dbus_property_get_pairwise(struct l_dbus *dbus, + struct l_dbus_message *message, + struct l_dbus_message_builder *builder, + void *user_data) +{ + struct ap_if_data *ap_if = user_data; + char *list; + + if (!ap_if->ap || !ap_if->ap->started) + return false; + + list = ap_ciphers_to_string(ap_if->ap->ciphers); + + l_dbus_message_builder_append_basic(builder, 's', list); + l_free(list); + + return true; +} + +static bool ap_dbus_property_get_group(struct l_dbus *dbus, + struct l_dbus_message *message, + struct l_dbus_message_builder *builder, + void *user_data) +{ + struct ap_if_data *ap_if = user_data; + char *cipher; + + if (!ap_if->ap || !ap_if->ap->started) + return false; + + cipher = ap_ciphers_to_string(ap_if->ap->group_cipher); + + l_dbus_message_builder_append_basic(builder, 's', cipher); + l_free(cipher); + + return true; +} + static void ap_setup_interface(struct l_dbus_interface *interface) { l_dbus_interface_method(interface, "Start", 0, ap_dbus_start, "", @@ -4068,6 +4131,10 @@ static void ap_setup_interface(struct l_dbus_interface *interface) ap_dbus_property_get_scanning, NULL); l_dbus_interface_property(interface, "Frequency", 0, "u", ap_dbus_property_get_freq, NULL); + l_dbus_interface_property(interface, "PairwiseCiphers", 0, "s", + ap_dbus_property_get_pairwise, NULL); + l_dbus_interface_property(interface, "GroupCipher", 0, "s", + ap_dbus_property_get_group, NULL); } static void ap_destroy_interface(void *user_data) From patchwork Tue Nov 1 20:17:39 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: James Prestwood X-Patchwork-Id: 13027404 Received: from mail-pg1-f180.google.com (mail-pg1-f180.google.com [209.85.215.180]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 81B891EA11 for ; Tue, 1 Nov 2022 20:18:00 +0000 (UTC) Received: by mail-pg1-f180.google.com with SMTP id h2so14402203pgp.4 for ; Tue, 01 Nov 2022 13:18:00 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=K5BVp7TOrkkbkapuyuqyANloReXrKYsVuuTSBHRDunE=; b=OWV61OlSrVbZTHRzWG0JkmzvYkGx//3UT/Aq5iAEFEJU/LAeIopn8vaFtaTW26J4Aj 3N42bKjaOUoTkVwN6wl+c79jxpX/ZYuf05sgeAcAJkFKS7ZO5lRrt7VPrIGnh56VNyzE bd2MPoHDSzg98+rX/kG5KPGEYK9hXw738xiBgeJTrrXbXgGMydKqlvdFsBrqHecCEBJA xrxrfQx68n3wio7cO/LBV5SCZvC2Ml1Nvv1zH41+zj3M3QkFFy1bI1H/ec0Uytjpcat2 UenWPs/goz/bQPNAJVe9uMYZhSGc+LBOtHsxdAPkGzMQLIx6L9mSEq3JfwU5baMjUWEw vAjQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=K5BVp7TOrkkbkapuyuqyANloReXrKYsVuuTSBHRDunE=; b=cN4X+Z6YQr+sti6NGSgsKH5B2RfST5z9ywM4FIlpzoa/G52VrVbus+Dl+2sOCLEmyX bxgafN4IrNYVDgYbvTjIxh4D4v5yg9frYALFAVK52KuQ/FA/vgiTzAu4bvZNQOsyw2XU RbDF96FZReyQ26tY3NRNPqKWLXUhtSlLr0lAzBVFOnhwKge5DFU/VM2pIwBOc/t+5J0G 8GBWuhmDpb2LJEOdRegYqTW24ivlOq1+duE/DvmogoBdaTU88qZK1iJE52c0lopuQRhu 9lsqNAUcjOr4dott6vEwglAdKHhR8HZ9Z7yXPD3D8Egds8JiDETbOLGXHgVfkXCDv8ju tclA== X-Gm-Message-State: ACrzQf3YghhvabbGJGdU2rq+bo1Lmv+/IrCOf/Izh0rD2Cl1D23A+80i 4cyjSMw8uUobRLhLetsFOKfKC3Dx3yE= X-Google-Smtp-Source: AMsMyM432jYEn4kJPPvoehkyvFvGLrLVnrDUTh/RUJ4anxCV7l7Q1RA3LhqFoxM5oMvHH9o+AkqCWQ== X-Received: by 2002:aa7:8189:0:b0:56c:f424:bbfe with SMTP id g9-20020aa78189000000b0056cf424bbfemr21439490pfi.70.1667333879858; Tue, 01 Nov 2022 13:17:59 -0700 (PDT) Received: from jprestwo-xps.none ([50.39.160.234]) by smtp.gmail.com with ESMTPSA id z15-20020a170903018f00b00180a7ff78ccsm6781681plg.126.2022.11.01.13.17.59 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 01 Nov 2022 13:17:59 -0700 (PDT) From: James Prestwood To: iwd@lists.linux.dev Cc: James Prestwood Subject: [PATCH 09/17] client: add ap support for PairwiseCiphers/GroupCipher Date: Tue, 1 Nov 2022 13:17:39 -0700 Message-Id: <20221101201747.143379-9-prestwoj@gmail.com> X-Mailer: git-send-email 2.34.3 In-Reply-To: <20221101201747.143379-1-prestwoj@gmail.com> References: <20221101201747.143379-1-prestwoj@gmail.com> Precedence: bulk X-Mailing-List: iwd@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 --- client/ap.c | 64 +++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 64 insertions(+) diff --git a/client/ap.c b/client/ap.c index 4ce727de..f444a12c 100644 --- a/client/ap.c +++ b/client/ap.c @@ -37,6 +37,8 @@ struct ap { char *name; bool scanning; uint32_t freq; + char *pairwise; + char *group; }; static void *ap_create(void) @@ -51,6 +53,12 @@ static void ap_destroy(void *data) if (ap->name) l_free(ap->name); + if (ap->pairwise) + l_free(ap->pairwise); + + if (ap->group) + l_free(ap->group); + l_free(ap); } @@ -151,11 +159,67 @@ static const char *get_freq_tostr(const void *data) return str; } +static void update_pairwise(void *data, struct l_dbus_message_iter *variant) +{ + struct ap *ap = data; + char *value; + + if (ap->pairwise) + l_free(ap->pairwise); + + if (!l_dbus_message_iter_get_variant(variant, "s", &value)) { + ap->pairwise = NULL; + + return; + } + + ap->pairwise = l_strdup(value); +} + +static const char *get_pairwise_tostr(const void *data) +{ + const struct ap *ap = data; + + if (!ap->pairwise) + return ""; + + return ap->pairwise; +} + +static void update_group(void *data, struct l_dbus_message_iter *variant) +{ + struct ap *ap = data; + char *value; + + if (ap->group) + l_free(ap->group); + + if (!l_dbus_message_iter_get_variant(variant, "s", &value)) { + ap->group = NULL; + + return; + } + + ap->group = l_strdup(value); +} + +static const char *get_group_tostr(const void *data) +{ + const struct ap *ap = data; + + if (!ap->group) + return ""; + + return ap->group; +} + static const struct proxy_interface_property ap_properties[] = { { "Started", "b", update_started, get_started_tostr }, { "Name", "s", update_name, get_name_tostr }, { "Scanning", "b", update_scanning, get_scanning_tostr }, { "Frequency", "u", update_freq, get_freq_tostr }, + { "PairwiseCiphers", "s", update_pairwise, get_pairwise_tostr }, + { "GroupCipher", "s", update_group, get_group_tostr }, { } }; From patchwork Tue Nov 1 20:17:40 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: James Prestwood X-Patchwork-Id: 13027405 Received: from mail-pf1-f181.google.com (mail-pf1-f181.google.com [209.85.210.181]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id EDF992F29 for ; Tue, 1 Nov 2022 20:18:00 +0000 (UTC) Received: by mail-pf1-f181.google.com with SMTP id m6so14528334pfb.0 for ; Tue, 01 Nov 2022 13:18:00 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=Pl/wF4QTzropjp7gVvmVx0kWZfSE+YEayUsDM/oHDxY=; b=dK8T+rL+el1yEgSPxZ0vb1l6qhImPZdQiNmaAhZPcZBeo4kmrTERMy3Blthq/QdFNp EaRsLwcR0qAE3Mus/f6MGxjdrvhs7nI1VIt85iQD1Tq7D5SkIsgRrxqY1a56+mqoZowR eBqiaU62ClT1+F3Ba3zijC8ktGZU/g8r7Pr1z5VJy0P9Kq/7jAIYMBIauC3i2pb5J9qS 6Bte6xbam8b4atJ9DPIGC1nxWjCAfMZT26WxSZXL2cLrbs4ZJEozLRUo6RjzWBNj5061 XFEQh1zqsCz7SBcGaOEHAqUmjvMpFwZu3Jk3JXH/9eDslvjpIhLn42d7naKzH2jP/02A FcAQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=Pl/wF4QTzropjp7gVvmVx0kWZfSE+YEayUsDM/oHDxY=; b=Eqvwioj++ShrXEksXmRMSVn4ukkXJSwJbyKDV4jnn4vkUS6lst9Drx4elAC/sdgHvE yrhODtYWIHtHi+DtUpyo0XXPLIeENWhKbY2hilPPseQmqPlHzF4OV9UihSsxOHCwUAqB rqfNORtgca6o9grRjC97doSP8AVz/bemklxZyC3J+LccwbjhOjMdBuzQ8s/dOH1NzyLb pB0ETu9MtYe9Hccpy1lnf3Au+L2QvOe1I+IeyEkkEw4UU5ruGyLbFB8uomUTGHjuR1Ms L1+ETursuaRpw2DR757h8RVrg0SOnLNdn047/7U6Pv51cVN8QDSrubQOBDtTsVHTL6Gz fD2g== X-Gm-Message-State: ACrzQf3C08qrJuU8Hrldp7HBK/mSdMkVdvDqClEE/wmdylJASCT79T92 I+go4UTnRFOZyb2TMIFDmW8ihkj++OY= X-Google-Smtp-Source: AMsMyM74SwUx1fZJyynjK4e46Wo0Z43cJdpAMAdRXFXtHXC9HQ9R/nuzNTuLPb5Nf3m2Z0TVUOTHfw== X-Received: by 2002:a05:6a00:35cb:b0:56c:a2f1:2783 with SMTP id dc11-20020a056a0035cb00b0056ca2f12783mr187649pfb.7.1667333880500; Tue, 01 Nov 2022 13:18:00 -0700 (PDT) Received: from jprestwo-xps.none ([50.39.160.234]) by smtp.gmail.com with ESMTPSA id z15-20020a170903018f00b00180a7ff78ccsm6781681plg.126.2022.11.01.13.18.00 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 01 Nov 2022 13:18:00 -0700 (PDT) From: James Prestwood To: iwd@lists.linux.dev Cc: James Prestwood Subject: [PATCH 10/17] hwsim: add remaining ciphers to supported list Date: Tue, 1 Nov 2022 13:17:40 -0700 Message-Id: <20221101201747.143379-10-prestwoj@gmail.com> X-Mailer: git-send-email 2.34.3 In-Reply-To: <20221101201747.143379-1-prestwoj@gmail.com> References: <20221101201747.143379-1-prestwoj@gmail.com> Precedence: bulk X-Mailing-List: iwd@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 This list was not updated when adding the new ciphers which prevented these ciphers from being disabled. --- tools/hwsim.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/tools/hwsim.c b/tools/hwsim.c index 0ace4c0e..7afbe4e7 100644 --- a/tools/hwsim.c +++ b/tools/hwsim.c @@ -176,6 +176,12 @@ static const uint32_t hwsim_supported_ciphers[] = { CRYPTO_CIPHER_TKIP, CRYPTO_CIPHER_CCMP, CRYPTO_CIPHER_BIP_CMAC, + CRYPTO_CIPHER_GCMP, + CRYPTO_CIPHER_GCMP_256, + CRYPTO_CIPHER_CCMP_256, + CRYPTO_CIPHER_BIP_GMAC, + CRYPTO_CIPHER_BIP_GMAC_256, + CRYPTO_CIPHER_BIP_CMAC_256, }; static uint32_t hwsim_ciphers[L_ARRAY_SIZE(hwsim_supported_ciphers)]; static int hwsim_num_ciphers = 0; From patchwork Tue Nov 1 20:17:41 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: James Prestwood X-Patchwork-Id: 13027407 Received: from mail-pg1-f170.google.com (mail-pg1-f170.google.com [209.85.215.170]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id B1E6B21D42 for ; Tue, 1 Nov 2022 20:18:01 +0000 (UTC) Received: by mail-pg1-f170.google.com with SMTP id f9so14401699pgj.2 for ; Tue, 01 Nov 2022 13:18:01 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=58dB+qVRHEvq+U/Mvya6dUNz1H4AZw05my/Hpz5EGXI=; b=WLo0N6w4gnTodw4jab5xlJf+voHzJpn/etj8roc9AN/Wwz18hw1eZEodoQMCV/xL/B 2M95m6eVqO5BEcDUePCpzfgkw/EpNfTGmcXyfhT7+5AvVlbyGhrugWKZu5m58hp/yovz A0S8FrpiOlJ1NcelT2spsYgjfHetZBfdNxYwy/S8cp+9/S+pA337fB45soFMUpO5FI7G uWs2zSbNcAHeV+Mp0vlGU25CDnQLM1Y9owLc171TE1Aq/ECBtxWAaHTfIg8prd7rM2GP /5d8vzuaygbjQtidn4KBrA1QXrnyuxSoiq+a4KljfzUPoEAjgkQU5R2xB1co/EtfDgMC N1EQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=58dB+qVRHEvq+U/Mvya6dUNz1H4AZw05my/Hpz5EGXI=; b=JxBRwTZIxS/5i9hpchiZHUZM5mAQxHtOiONdro5u4tawuxDAXvLcn/RloC/lqWEN1u gLO7sB8FWaAkkxEmWTQqrvIBTyPO2uw4SjExj5StRuH9Z+i9c+Akfs4zwp+uST+t9iFy EriwdK55SZf8pwvdAcIfaV7gk/2w4CvI+2ZF+zspD6/xOmvsJgefoUQiz/W9wswj/gA0 QlO2shTGn0ACo/anPzofhW3KoHs+lM0TQ5z3y3XBegNEDVacbQFMH9V59u8lNBGbBkfT pBXreeIsXaBVCx1NQGXAyiys1cQi9zv3vfsdBzGwg27u10AScdGXZHupziJt90IWgV/y jhAw== X-Gm-Message-State: ACrzQf38fHLX0kHxVLVIPW2OmjfoBs9245hLUhJRzY40cldcvW4n6yue vHLDiJGJdchO20N165Q8lKxj7Sr+0K4= X-Google-Smtp-Source: AMsMyM4ZsUs3f1WXGsnDi8JBwU6/rV7/UXqLEzJkhixxtO2KqF9a22FOBwhC41o9pyS4dhoo2oPHdw== X-Received: by 2002:a63:1861:0:b0:462:4961:9a8f with SMTP id 33-20020a631861000000b0046249619a8fmr18845334pgy.372.1667333881118; Tue, 01 Nov 2022 13:18:01 -0700 (PDT) Received: from jprestwo-xps.none ([50.39.160.234]) by smtp.gmail.com with ESMTPSA id z15-20020a170903018f00b00180a7ff78ccsm6781681plg.126.2022.11.01.13.18.00 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 01 Nov 2022 13:18:00 -0700 (PDT) From: James Prestwood To: iwd@lists.linux.dev Cc: James Prestwood Subject: [PATCH 11/17] auto-t: test AP fails to start with unsupported ciphers Date: Tue, 1 Nov 2022 13:17:41 -0700 Message-Id: <20221101201747.143379-11-prestwoj@gmail.com> X-Mailer: git-send-email 2.34.3 In-Reply-To: <20221101201747.143379-1-prestwoj@gmail.com> References: <20221101201747.143379-1-prestwoj@gmail.com> Precedence: bulk X-Mailing-List: iwd@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 If the profile lists unsupported ciphers it should fail to start with NotSupported. --- autotests/testAP-no-support/TestAP2.ap | 3 +++ autotests/testAP-no-support/connection_test.py | 12 +++++++++++- 2 files changed, 14 insertions(+), 1 deletion(-) create mode 100644 autotests/testAP-no-support/TestAP2.ap diff --git a/autotests/testAP-no-support/TestAP2.ap b/autotests/testAP-no-support/TestAP2.ap new file mode 100644 index 00000000..32a242ea --- /dev/null +++ b/autotests/testAP-no-support/TestAP2.ap @@ -0,0 +1,3 @@ +[Security] +Passphrase=secret123 +PairwiseCiphers=CCMP diff --git a/autotests/testAP-no-support/connection_test.py b/autotests/testAP-no-support/connection_test.py index 9e5dccbb..e4cb40b5 100644 --- a/autotests/testAP-no-support/connection_test.py +++ b/autotests/testAP-no-support/connection_test.py @@ -41,9 +41,19 @@ class Test(unittest.TestCase): wd.unregister_psk_agent(psk_agent) + def test_no_ccmp_support(self): + wd = IWD(True) + + dev = wd.list_devices(2)[1] + + # Should fail to start since the radio doesn't support CCMP but the + # profile only lists CCMP as allowed. + with self.assertRaises(iwd.NotSupportedEx): + dev.start_ap('TestAP2') + @classmethod def setUpClass(cls): - pass + IWD.copy_to_ap('TestAP2.ap') @classmethod def tearDownClass(cls): From patchwork Tue Nov 1 20:17:42 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: James Prestwood X-Patchwork-Id: 13027406 Received: from mail-pf1-f171.google.com (mail-pf1-f171.google.com [209.85.210.171]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 4A6BC21D48 for ; Tue, 1 Nov 2022 20:18:02 +0000 (UTC) Received: by mail-pf1-f171.google.com with SMTP id 130so14496373pfu.8 for ; Tue, 01 Nov 2022 13:18:02 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=ubYF7od8LpUmX6xZfvGxai9I4KTJyGC1bWjpg45IAkM=; b=F0dE0gxLMRg+Xhpry4CJKNZphly4OedwaZ3hvqAqx8FJxLgtuisfOC9Z77wbKRxqtD u7psbjU/4Yrsd4VIpF+UXRYK//CrxphUmWxOLtFs8nrpahlUPlbvnU2JXKQ04HPe0o8h D5LfAw/jG/f1gPpHMHHQ+nA7vf2/AbWlMkDg91WQ4esQGoMGfCa/3hWW1wTqWBJCZ+Ka lcBOVRUCBM8ZgjrDP2b+K2hsus/nI/EaBLoTxfB0eHwnDNbM9hKSmNgfrO+r2gmmLnG6 4U3eqoN1cU7Fs6R6BUN2wKMzXirQMTXbh+DBfbf5MqalBBLNaePD2bQKAwqgVizjAoPr Kxkg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=ubYF7od8LpUmX6xZfvGxai9I4KTJyGC1bWjpg45IAkM=; b=4fV7FpmiQWZVCqVfh+w0o/+uypQ1Cl/fqANXhfkxQlkjPWgMWk2Ctwj/vVLmVXIxjP dDup191HywGyDmphcnmeHMOwJ7uedoktCZ2lk3gJceef9JLKU0rdCm18NL56nC7ZLEty L+rW3+FMCjRtfbMHWbTsRAJXaH7LpvGVu5tzOZXhnLr3xR8H4cpc4vzUv4y3av5dCBAz 2wgeKpAXzccN4KyXCW46n9UWYAwZUCWFrJud+Cvwzf3kBXliHN4kkBZLo+SS0y8lXsVx 1vYnrPgKk9NlZRlzsIN6eCueAXEwegMPPzXeqKhiJ2ML/BKbZsdnoLmmkFB+UbEZai0N qDZw== X-Gm-Message-State: ACrzQf277VrMw2MlAt5x95z9q8uO8uhUBu7RP4KrquntCpiZZDsmfBDU rVXrcQHmpk4utlvW+eNBEv9hdZZKPrg= X-Google-Smtp-Source: AMsMyM58kKbOrTuvKq0vzEsEf6tpTYB84keG3oA9dQWTXs7HvV1q6vV/Xr4JfFQPOlsUwHWvUaTiKA== X-Received: by 2002:a05:6a00:23cc:b0:56c:12c0:aaf7 with SMTP id g12-20020a056a0023cc00b0056c12c0aaf7mr21585813pfc.0.1667333881659; Tue, 01 Nov 2022 13:18:01 -0700 (PDT) Received: from jprestwo-xps.none ([50.39.160.234]) by smtp.gmail.com with ESMTPSA id z15-20020a170903018f00b00180a7ff78ccsm6781681plg.126.2022.11.01.13.18.01 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 01 Nov 2022 13:18:01 -0700 (PDT) From: James Prestwood To: iwd@lists.linux.dev Cc: James Prestwood Subject: [PATCH 12/17] auto-t: fix testAP-no-support disabled ciphers Date: Tue, 1 Nov 2022 13:17:42 -0700 Message-Id: <20221101201747.143379-12-prestwoj@gmail.com> X-Mailer: git-send-email 2.34.3 In-Reply-To: <20221101201747.143379-1-prestwoj@gmail.com> References: <20221101201747.143379-1-prestwoj@gmail.com> Precedence: bulk X-Mailing-List: iwd@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 The disabled cipher list contained a '.' instead of ',' which prevented the subsequent ciphers from being disabled. This was only group management ciphers so it didn't have any effect on the test. --- autotests/testAP-no-support/hw.conf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/autotests/testAP-no-support/hw.conf b/autotests/testAP-no-support/hw.conf index 06a9d7c2..7925b15d 100644 --- a/autotests/testAP-no-support/hw.conf +++ b/autotests/testAP-no-support/hw.conf @@ -6,4 +6,4 @@ start_iwd=0 iftype_disable=ap [rad1] -cipher_disable=ccmp,bip_cmac,gcmp,gcmp_256,ccmp_256,bip_gmac.bip_gmac_256,bip_cmac_256 +cipher_disable=ccmp,bip_cmac,gcmp,gcmp_256,ccmp_256,bip_gmac,bip_gmac_256,bip_cmac_256 From patchwork Tue Nov 1 20:17:43 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: James Prestwood X-Patchwork-Id: 13027408 Received: from mail-pj1-f47.google.com (mail-pj1-f47.google.com [209.85.216.47]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 4B4F17E for ; Tue, 1 Nov 2022 20:18:03 +0000 (UTC) Received: by mail-pj1-f47.google.com with SMTP id l22-20020a17090a3f1600b00212fbbcfb78so39030pjc.3 for ; Tue, 01 Nov 2022 13:18:03 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=HZNJqVzNqIeHRpSHGVfGGecu6wCe6Sy58TzyuQNckpk=; b=IaIPFNGrYXKYMB2k/YVwQ85R3DJSRrz1tQljzVju4yNhk9eYeUyPpCtcLaAyUUfgVs sGvlTG7VVlx8v7NZGltPq00UnwltLnrpJp4cnQgV7GXrvB8HFTlbu1PtCuH/Fbk+rBce QynLxVsXLGWbrPI17QehOxoRJ95+lDWT30WH/aVePRkB4E1rFX5KhhZjS9SkNCzF6tgq pXsXw9lZoZkT8i1kJ4mpuqUAqrUMVgTNU2maRUyy18V+H2Z70wemZXZha7UfkpAZd59G zu2hwdGQkQwgqUXpmBP7OG0DSEUzQZONL/SxNtmQ9mVFETujYjKmgsqUMrLis3oBLVLk Fx0w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=HZNJqVzNqIeHRpSHGVfGGecu6wCe6Sy58TzyuQNckpk=; b=5bHM3/J5u2hesanp4a0CXsPLjTUurmbT6RJc7pPqvcCJlU9iHk9kKyDaeax31xyOU0 bDgff9igfSK0Mhnuw0qgIgd9OsP3SkplTcZZBaP3atKdkt4EWXI9LmIneAJg7fPnbArr BBXtE9X/55i49n4N5CWFCF6nxjvY6dSb/b5NJ4gWMkhQmBUN3NdUd/agFFXH83qW2KdR RjkBcQhQCl5YTnrdNUgXmAIRJkBXGZTaOAcL2OmqHZ6Q2ReysrQnfCOvqAhvM5Xwn9bo V+nK0PEZky/Yos0KgcyH/2p8rKADgBUaOl9iwPzeip/A4m00RO8hMkOovtgp0rUNl348 s6+A== X-Gm-Message-State: ACrzQf18mkGzujkM0bPF2ORVLz69MwQDflvbyp9xDexjSVd94/oadXBc HiZqRfi2jJ4Fyc0N2EJsuuqqJUe3mlE= X-Google-Smtp-Source: AMsMyM5DyhwflzaR/I5rB7Ga5Ysao85XP5VCWlSmJ2WznOebW7qUmeEuahdaUj0H7syJgOHyMiykFg== X-Received: by 2002:a17:903:50b:b0:187:11e:5f1f with SMTP id jn11-20020a170903050b00b00187011e5f1fmr21533143plb.41.1667333882647; Tue, 01 Nov 2022 13:18:02 -0700 (PDT) Received: from jprestwo-xps.none ([50.39.160.234]) by smtp.gmail.com with ESMTPSA id z15-20020a170903018f00b00180a7ff78ccsm6781681plg.126.2022.11.01.13.18.01 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 01 Nov 2022 13:18:02 -0700 (PDT) From: James Prestwood To: iwd@lists.linux.dev Cc: James Prestwood Subject: [PATCH 13/17] netdev: add more info to key setting debug messages Date: Tue, 1 Nov 2022 13:17:43 -0700 Message-Id: <20221101201747.143379-13-prestwoj@gmail.com> X-Mailer: git-send-email 2.34.3 In-Reply-To: <20221101201747.143379-1-prestwoj@gmail.com> References: <20221101201747.143379-1-prestwoj@gmail.com> Precedence: bulk X-Mailing-List: iwd@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Specify that the ifindex is being printed and print the key ID as well. --- src/netdev.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/netdev.c b/src/netdev.c index 22288c67..59e73608 100644 --- a/src/netdev.c +++ b/src/netdev.c @@ -1635,7 +1635,7 @@ static void netdev_set_gtk(struct handshake_state *hs, uint16_t key_index, nhs->gtk_installed = false; - l_debug("%d", netdev->index); + l_debug("ifindex=%d key_idx=%u", netdev->index, key_index); if (crypto_cipher_key_len(cipher) != gtk_len) { l_error("Unexpected key length: %d", gtk_len); @@ -1680,7 +1680,7 @@ static void netdev_set_igtk(struct handshake_state *hs, uint16_t key_index, nhs->igtk_installed = false; - l_debug("%d", netdev->index); + l_debug("ifindex=%d key_idx=%u", netdev->index, key_index); if (crypto_cipher_key_len(cipher) != igtk_len) { l_error("Unexpected key length: %d", igtk_len); @@ -2054,7 +2054,7 @@ static void netdev_set_tk(struct handshake_state *hs, uint8_t key_index, return; } - l_debug("%d", netdev->index); + l_debug("ifindex=%d key_idx=%u", netdev->index, key_index); err = -ENOENT; if (!netdev_copy_tk(tk_buf, tk, cipher, false)) From patchwork Tue Nov 1 20:17:44 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: James Prestwood X-Patchwork-Id: 13027409 Received: from mail-pf1-f171.google.com (mail-pf1-f171.google.com [209.85.210.171]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id DAAFD2F29 for ; Tue, 1 Nov 2022 20:18:03 +0000 (UTC) Received: by mail-pf1-f171.google.com with SMTP id b185so14485272pfb.9 for ; Tue, 01 Nov 2022 13:18:03 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=S8hXDu47V/KInprnnKCQWt4KLvHCkzYNAqb7i+VADpI=; b=MWajhhM6g70ic9RsWU+6ujqthhZ70efAYWpBUdyCPM2NXAaZhvKhexQNHcX43YkK0A JUkE5ZDCe0EA0lMk+xFXI2AkleecQMVvBz1n/qCf0Hm70ucic24YPRlm5lKR5O25G9EO /UJNSroruBTcQUrJ1fAhP+14l+08oeGCY7iBhIveK4Sro05NfB/0q2BLWqVKiYxjzvbq RxiThhLwlrmQNa9kiOvQmtgd6KUxNVw0ijcH/UoETWXFf7ai0hW/1H203znIBKhsVqun CWlENXxsn0gPup2iBFK3xhuklMYKuGp44QmvnnE8D0bF0aiKolCHAasHv7HE0Qf5baXR 2JoQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=S8hXDu47V/KInprnnKCQWt4KLvHCkzYNAqb7i+VADpI=; b=uZfN9RrosQqcPbTTBtiszjQa0JbTI6TeLHVSNaV80Lo1UCbaQ28+NNUY+K/EiCuK3G 89b93YBhusyNxrvOMi/KCwBKNJq4n3r0o9G/VheffpPM9C1YJ35LUxpPOCr6iHMAhosB irW9QI/jR5vuTKOIVA1/QUTLMh0wTrVUylQ9v4buStNhEsUwnCxCe3mMj54zP2M4+lvt JbC5dGbScJ39x0AlxYI/SW8VehWuBfyB04QECdL2X2eUua4r/PnqKLhkxcdqyNdJ0k49 lZWBa+FHilaU0OyEK4KBzAgqhU0JXkQXd54WGn8wcPFMBwtwX7CcCggBWKAHxTPPOwP9 Z9Gg== X-Gm-Message-State: ACrzQf2T/gh/F9xNGCiDD494nDJUiQPT7IEx7O3lFDP8Ve/QPjW1Di59 /BHL/XaCGW9Hcz7XU8eA41m+cb8sMTs= X-Google-Smtp-Source: AMsMyM6kZwEQHrIqXKu9TpvDXRcrP9WCJ5+FVgPiFDJctxzw/TMRtz5J/BvjHnu5cSB9sBQZJyJ8KQ== X-Received: by 2002:a63:90c7:0:b0:442:87:3a38 with SMTP id a190-20020a6390c7000000b0044200873a38mr18809796pge.216.1667333883207; Tue, 01 Nov 2022 13:18:03 -0700 (PDT) Received: from jprestwo-xps.none ([50.39.160.234]) by smtp.gmail.com with ESMTPSA id z15-20020a170903018f00b00180a7ff78ccsm6781681plg.126.2022.11.01.13.18.02 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 01 Nov 2022 13:18:02 -0700 (PDT) From: James Prestwood To: iwd@lists.linux.dev Cc: James Prestwood Subject: [PATCH 14/17] netdev: fix key setting for authenticators Date: Tue, 1 Nov 2022 13:17:44 -0700 Message-Id: <20221101201747.143379-14-prestwoj@gmail.com> X-Mailer: git-send-email 2.34.3 In-Reply-To: <20221101201747.143379-1-prestwoj@gmail.com> References: <20221101201747.143379-1-prestwoj@gmail.com> Precedence: bulk X-Mailing-List: iwd@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 The netdev_copy_tk function was being hard coded with authenticator set to false. This isn't important for any ciphers except TKIP but now that AP mode supports TKIP it needs to be fixed. --- src/netdev.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/netdev.c b/src/netdev.c index 59e73608..23bbbcf6 100644 --- a/src/netdev.c +++ b/src/netdev.c @@ -1643,7 +1643,7 @@ static void netdev_set_gtk(struct handshake_state *hs, uint16_t key_index, return; } - if (!netdev_copy_tk(gtk_buf, gtk, cipher, false)) { + if (!netdev_copy_tk(gtk_buf, gtk, cipher, hs->authenticator)) { netdev_setting_keys_failed(nhs, -ENOENT); return; } @@ -2057,7 +2057,7 @@ static void netdev_set_tk(struct handshake_state *hs, uint8_t key_index, l_debug("ifindex=%d key_idx=%u", netdev->index, key_index); err = -ENOENT; - if (!netdev_copy_tk(tk_buf, tk, cipher, false)) + if (!netdev_copy_tk(tk_buf, tk, cipher, hs->authenticator)) goto invalid_key; msg = netdev_build_cmd_new_key_pairwise(netdev, cipher, addr, tk_buf, @@ -2091,7 +2091,7 @@ static void netdev_set_ext_tk(struct handshake_state *hs, uint8_t key_idx, L_BE16_TO_CPU(step4->header.packet_len); err = -ENOENT; - if (!netdev_copy_tk(tk_buf, tk, cipher, false)) + if (!netdev_copy_tk(tk_buf, tk, cipher, hs->authenticator)) goto error; msg = netdev_build_cmd_new_rx_key_pairwise(netdev, cipher, addr, tk_buf, From patchwork Tue Nov 1 20:17:45 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: James Prestwood X-Patchwork-Id: 13027410 Received: from mail-pj1-f53.google.com (mail-pj1-f53.google.com [209.85.216.53]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 87B2321D42 for ; Tue, 1 Nov 2022 20:18:04 +0000 (UTC) Received: by mail-pj1-f53.google.com with SMTP id d13-20020a17090a3b0d00b00213519dfe4aso40045pjc.2 for ; Tue, 01 Nov 2022 13:18:04 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=IAgiBi84vL5+0ESFh6tvm8krO8ZajAxFMxugRLqCevM=; b=AxFr6YCREUmIJ/0bYbaownnDg0/5zCg4lauMW1soQ8iiSwpO033rx/AWcPj6a17TVY B+Sf8FO6gk3ZYvw6m9kw79/1ohIcHKvkgra/eSY7fuEnsNYeNrTiWUXkplvU+goms2dA w+CUHBk4GcD8Hr39Csq/OmC8J5KyDVNQWolFRNWNpN0Va/kG7LTiDUCH5ESqR2Zy4twC 0cr+NsbG/weDzUcb2q00vjXxgeUoFfIdgvlVIVjKqFaP6oOEeaJHNExuxQYGzX/HmxJx rUI3tZeILDxUUSOA1c3/iGLUH0sfpzLon3D8SVRBKUl5Eq3dYQdIQkPnQnUbtAdEWp+6 9Gyg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=IAgiBi84vL5+0ESFh6tvm8krO8ZajAxFMxugRLqCevM=; b=3cdKhQMnIIh4MKJnhAV9+IEfiFYh613/8MJPFenL/G4gCwNjmCXcZ5/Ep+15jgQwxM AiaK7flBneJjzFZ1HLzzb/K+KcgUF+o5BEvi1txklD597v5P3d2YbLB+8G2ydkO3qFy8 hAwQCkAqGQ6SWa00dDAvoFf5vYT4r14PpZL3yGQeBggg8a3CxImXfGb+mzmvvzxnX6XE TPLdJa3ef6DMcRihPL4gEanUxDB8wyApwUTOUe+G123cbuR/0ow9+V51QQ2LSZ+JbJ1R TRYObv1t6QuwGT7fnrHxzMGBuTJKJrFMXfxJ0qWZ0xW0ewErL2MOW+IHqe42zzdVcjT3 nbBw== X-Gm-Message-State: ACrzQf3sdxAOE2aWaUru0sV+ZHYUOeX6nr7w6Je+jBoCDPbXGoOH8Lwr kQ5CKKbpllvGumXP0tAQV/58Mdj9WKw= X-Google-Smtp-Source: AMsMyM5O1+1JCrk+iukNwb45IWIGzbZ/jNT3Rex6EgZbLaLsryUyVMehR0PN7369Z/rYSPmW0oVm9g== X-Received: by 2002:a17:902:d511:b0:186:ae37:c041 with SMTP id b17-20020a170902d51100b00186ae37c041mr21512903plg.14.1667333883891; Tue, 01 Nov 2022 13:18:03 -0700 (PDT) Received: from jprestwo-xps.none ([50.39.160.234]) by smtp.gmail.com with ESMTPSA id z15-20020a170903018f00b00180a7ff78ccsm6781681plg.126.2022.11.01.13.18.03 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 01 Nov 2022 13:18:03 -0700 (PDT) From: James Prestwood To: iwd@lists.linux.dev Cc: James Prestwood Subject: [PATCH 15/17] nl80211util: add key type/idx to nl80211_parse_attrs Date: Tue, 1 Nov 2022 13:17:45 -0700 Message-Id: <20221101201747.143379-15-prestwoj@gmail.com> X-Mailer: git-send-email 2.34.3 In-Reply-To: <20221101201747.143379-1-prestwoj@gmail.com> References: <20221101201747.143379-1-prestwoj@gmail.com> Precedence: bulk X-Mailing-List: iwd@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 --- src/nl80211util.c | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/src/nl80211util.c b/src/nl80211util.c index 5ba0097f..da36d936 100644 --- a/src/nl80211util.c +++ b/src/nl80211util.c @@ -139,6 +139,17 @@ static bool extract_nested(const void *data, uint16_t len, void *o) return true; } +static bool extract_u8(const void *data, uint16_t len, void *o) +{ + uint8_t *out = o; + + if (len != 1) + return false; + + *out = l_get_u8(data); + return true; +} + static attr_handler handler_for_type(enum nl80211_attrs type) { switch (type) { @@ -146,6 +157,7 @@ static attr_handler handler_for_type(enum nl80211_attrs type) return extract_ifindex; case NL80211_ATTR_WIPHY: case NL80211_ATTR_IFTYPE: + case NL80211_ATTR_KEY_TYPE: return extract_uint32; case NL80211_ATTR_WDEV: case NL80211_ATTR_COOKIE: @@ -170,6 +182,8 @@ static attr_handler handler_for_type(enum nl80211_attrs type) return extract_iovec; case NL80211_ATTR_WIPHY_BANDS: return extract_nested; + case NL80211_ATTR_KEY_IDX: + return extract_u8; default: break; } From patchwork Tue Nov 1 20:17:46 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: James Prestwood X-Patchwork-Id: 13027412 Received: from mail-pl1-f170.google.com (mail-pl1-f170.google.com [209.85.214.170]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 12E0D7E for ; Tue, 1 Nov 2022 20:18:05 +0000 (UTC) Received: by mail-pl1-f170.google.com with SMTP id v17so11592398plo.1 for ; Tue, 01 Nov 2022 13:18:05 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=1UEcUJlR2NFd3ZJzzkmtPSmop46MuCFADfvl0SGPai0=; b=OQlCI2w/ivziSLAImmk2EipRbkqpzpbdppQAJFxMTqTmy3urANipOJH+YUpGEygYJA aD2uNSKzhEJ/gpy/1OdXYpo7vTuq3XD3dlsQfAXe98SQv+DDumBmCcTEKXqwcVDv4TQ2 5TwC16QCEv9CYMOXdDtth+TSRUX20Ma+/u2fmfWDmPvz4HVN7tLHRXcpUXheqtoERVGr H3lbm/JSZrZVMY4DgcGBjzkjDzC6/QI2WvV4SRU13eHmeEcYWGMfuZ6SyJqQfsSZvFyT GNjYKWV7Er9Ey0Tpdf/YqzhWSM76WICb7pV5+0bk/uVS0IRu50gKs9xNfSG+wHgWJ6t+ lsyg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=1UEcUJlR2NFd3ZJzzkmtPSmop46MuCFADfvl0SGPai0=; b=3llqpUZM5mwQbbnQtcdDKrFS78MNCk3ZF1yhAjng1bTL3+PeI5pvWjCFmA7kUwLHfh Es87x0hChAReYnxdoWbdlLKL0nvitwBmH/yxzVDXM3cnAthSy3VbSVkB1u7IDhvKD0m+ r6X+mLY7xy2OPrRwtaf87IwpxdGMeuIqkEAmAlIlWin5JP3j7nBxYjeZmrd9jeFFN7fC cBfoIxKgFBtiP6+6VrOOJxyBYBTTFZLnmwNKWBci5OcAsgjh3ZM37tYKHH7smaRfvvek 3HNxrBindqLBJKU3h1nO9ga5wLnh9PMaSuVQ75YhvnXr8f+vQbdJ3VgwBdrObBoET54b LR0g== X-Gm-Message-State: ACrzQf1DHEN0vOx/3uIVvJn8x6IPWHVSUIMfxB86g7NwACtetcCfw0Oa +dLE9GCMOADI5CxewyisoJC0ofyHSXU= X-Google-Smtp-Source: AMsMyM6qLDq0jG/Zti1Ij5SUqZbgh9dBKPLShHpIf+K0EDvUa5+JJm4v6wVyoI2G4CoNjG6Rz8au+w== X-Received: by 2002:a17:902:c40d:b0:186:ffe6:24cc with SMTP id k13-20020a170902c40d00b00186ffe624ccmr22089417plk.133.1667333884463; Tue, 01 Nov 2022 13:18:04 -0700 (PDT) Received: from jprestwo-xps.none ([50.39.160.234]) by smtp.gmail.com with ESMTPSA id z15-20020a170903018f00b00180a7ff78ccsm6781681plg.126.2022.11.01.13.18.04 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 01 Nov 2022 13:18:04 -0700 (PDT) From: James Prestwood To: iwd@lists.linux.dev Cc: James Prestwood Subject: [PATCH 16/17] netdev: parse michael MIC failure message Date: Tue, 1 Nov 2022 13:17:46 -0700 Message-Id: <20221101201747.143379-16-prestwoj@gmail.com> X-Mailer: git-send-email 2.34.3 In-Reply-To: <20221101201747.143379-1-prestwoj@gmail.com> References: <20221101201747.143379-1-prestwoj@gmail.com> Precedence: bulk X-Mailing-List: iwd@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 This event indicates a security issue. The proper handling would be to rekey but for now at least provide some information to the user. --- src/netdev.c | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/src/netdev.c b/src/netdev.c index 23bbbcf6..ced87191 100644 --- a/src/netdev.c +++ b/src/netdev.c @@ -5224,6 +5224,20 @@ static void netdev_channel_switch_event(struct l_genl_msg *msg, &netdev->frequency, netdev->user_data); } +static void netdev_michael_mic_failure(struct l_genl_msg *msg, + struct netdev *netdev) +{ + uint8_t idx; + uint32_t type; + + if (nl80211_parse_attrs(msg, NL80211_ATTR_KEY_IDX, &idx, + NL80211_ATTR_KEY_TYPE, &type, + NL80211_ATTR_UNSPEC) < 0) + return; + + l_debug("ifindex=%u key_idx=%u type=%u", netdev->index, idx, type); +} + static void netdev_mlme_notify(struct l_genl_msg *msg, void *user_data) { struct netdev *netdev = NULL; @@ -5274,6 +5288,9 @@ static void netdev_mlme_notify(struct l_genl_msg *msg, void *user_data) case NL80211_CMD_DEL_STATION: netdev_station_event(msg, netdev, false); break; + case NL80211_CMD_MICHAEL_MIC_FAILURE: + netdev_michael_mic_failure(msg, netdev); + break; } } From patchwork Tue Nov 1 20:17:47 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: James Prestwood X-Patchwork-Id: 13027413 Received: from mail-pj1-f53.google.com (mail-pj1-f53.google.com [209.85.216.53]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id C1F912F29 for ; Tue, 1 Nov 2022 20:18:05 +0000 (UTC) Received: by mail-pj1-f53.google.com with SMTP id r61-20020a17090a43c300b00212f4e9cccdso28751pjg.5 for ; Tue, 01 Nov 2022 13:18:05 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=2zyWsO69TtCZ4q7JEd0HyoJwfnBzszoXMTkRuGBLKzk=; b=QiT6NBIEODijUVuRhJi9yNN6QeaiPvERu+F1ENv4rRHlrgO8gzmdeAxQeNw7gGwn+G bQ5XENFS2HUga9KUm+5K8nLKKkadnoRiSRsQx6aMYJ+T4545qaWfe+Dk+HsLSB5SmXYp +ZjTXWZJSTS8g/99Q1CtEbTIIfCb3dMmB4GGdP2SfEevalj27BahTPccA3tAHuy4qTQ8 xBdTiIGbMppO0ICeykrdZ+kQQrXlhvTRr0mbyUm1b+w/Qqiv3XWI6HwYfDZCAHWiHLg9 LAcPqwrfYwZjp8jb3ZZrGWQ3JnqIteqiQnvmyDoivz5VBVXTn3FfBkHFrr6jp8+RYByQ Pq5g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=2zyWsO69TtCZ4q7JEd0HyoJwfnBzszoXMTkRuGBLKzk=; b=0zE8l2KhEIbV+U8U/C6nx2U9Z6v0HBw45dvhn9TAiHXVMHVlezMpymccp+K2CnPWkN MXBPgzmWcIQzIn8+4a8DD9leCjRADXP/TNHSfTUHlVMJLQoUkdmoTF0GY1F0LMJAnupJ z3NHj7tCElnhDH15S5qli19lBetR4Fe3nXGrqzxbrRkhaJ3WxLscK5oeOj/tbfERZC9L lQoKRemz3g7ACmgNQPJCUokNM1s+MedODyjG0TJ+UBIuxclr682enJ1ybpEyclxsXieG F9J09m4QalzEMpCQHIiMvlwXZ+D/hXlDVdpoLlg2lg8tzJMRJaK359JoFSEEopzyrLBg cIzw== X-Gm-Message-State: ACrzQf2/U2hWQlvj7AhFSw71wSTrtCyVRnFRZJXDUxMY5HuE7ynsqf8N 3YYmfIp46j6CxkOez+8ZoX8OOJimkLU= X-Google-Smtp-Source: AMsMyM55yVM45w4/vrx4JGkmxAJhYdThR6b7LfolGXI4sA8FsjeKiSy7QYKfOVGZBJpfsR53izvoQQ== X-Received: by 2002:a17:902:7689:b0:187:48d:d9be with SMTP id m9-20020a170902768900b00187048dd9bemr781226pll.102.1667333885069; Tue, 01 Nov 2022 13:18:05 -0700 (PDT) Received: from jprestwo-xps.none ([50.39.160.234]) by smtp.gmail.com with ESMTPSA id z15-20020a170903018f00b00180a7ff78ccsm6781681plg.126.2022.11.01.13.18.04 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 01 Nov 2022 13:18:04 -0700 (PDT) From: James Prestwood To: iwd@lists.linux.dev Cc: James Prestwood Subject: [PATCH 17/17] auto-t: add AP test for all pairwise/group cipher combos Date: Tue, 1 Nov 2022 13:17:47 -0700 Message-Id: <20221101201747.143379-17-prestwoj@gmail.com> X-Mailer: git-send-email 2.34.3 In-Reply-To: <20221101201747.143379-1-prestwoj@gmail.com> References: <20221101201747.143379-1-prestwoj@gmail.com> Precedence: bulk X-Mailing-List: iwd@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Iterates through every possible cipher combination and verifies the AP can authenticate the clients. --- autotests/testAP/connection_test.py | 33 ++++++++++++++++++++++++----- 1 file changed, 28 insertions(+), 5 deletions(-) diff --git a/autotests/testAP/connection_test.py b/autotests/testAP/connection_test.py index dff415e7..297a8aa2 100644 --- a/autotests/testAP/connection_test.py +++ b/autotests/testAP/connection_test.py @@ -1,6 +1,7 @@ #! /usr/bin/python3 import unittest +import os from iwd import IWD from config import ctx @@ -8,6 +9,8 @@ from validation import validate, client_connect class Test(unittest.TestCase): def test_connection_success(self): + IWD.copy_to_storage('TestAP1.psk') + wd = IWD(True) dev1, dev2 = wd.list_devices(2) @@ -22,6 +25,8 @@ class Test(unittest.TestCase): client_connect(wd, dev1, 'TestAP1') def test_client_start_ap(self): + IWD.copy_to_storage('TestAP1.psk') + wd = IWD(True) dev1, dev2 = wd.list_devices(2) @@ -39,12 +44,30 @@ class Test(unittest.TestCase): validate(wd, dev2, dev1, 'TestAP2', 'Password2') - @classmethod - def setUpClass(cls): - IWD.copy_to_storage('TestAP1.psk') + def test_ciphers(self): + ciphers = ['TKIP', 'CCMP', 'GCMP', 'CCMP-256', 'GCMP-256'] + + for pairwise in ciphers: + for group in ciphers: + IWD.copy_to_ap('TestAP2.ap') + os.system('echo "PairwiseCiphers=%s" >> /tmp/iwd/ap/TestAP2.ap' % pairwise) + os.system('echo "GroupCipher=%s" >> /tmp/iwd/ap/TestAP2.ap' % group) + + wd = IWD(True) + + dev1, dev2 = wd.list_devices(2) + + dev1.start_ap('TestAP2') + + try: + validate(wd, dev2, dev1, 'TestAP2', 'Password2', ip_checks=False) + except: + raise Exception("Failed with pairwise=%s group=%s" % (pairwise, group)) + finally: + IWD.clear_storage() + del wd - @classmethod - def tearDownClass(cls): + def tearDown(self): IWD.clear_storage() if __name__ == '__main__':