[10/14] ctrl_iface: Add support for PASN authentication
diff mbox series

Message ID 20200224091529.15259-11-ilan.peer@intel.com
State Deferred
Headers show
Series
  • Support base Pre association Security Negotiation (PASN)
Related show

Commit Message

Peer, Ilan Feb. 24, 2020, 9:15 a.m. UTC
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
---
 wpa_supplicant/ctrl_iface.c | 83 +++++++++++++++++++++++++++++++++++++
 wpa_supplicant/wpa_cli.c    | 36 ++++++++++++++++
 2 files changed, 119 insertions(+)

Patch
diff mbox series

diff --git a/wpa_supplicant/ctrl_iface.c b/wpa_supplicant/ctrl_iface.c
index 9ed3c8b4a9..a0cacbd25d 100644
--- a/wpa_supplicant/ctrl_iface.c
+++ b/wpa_supplicant/ctrl_iface.c
@@ -66,6 +66,7 @@ 
 
 #ifdef CONFIG_PASN
 #include "wpas_glue.h"
+#include "common/ptksa_cache.h"
 #endif /* CONFIG_PASN */
 
 static int wpa_supplicant_global_iface_list(struct wpa_global *global,
@@ -4314,6 +4315,14 @@  static int ctrl_iface_get_capability_auth_alg(struct wpa_supplicant *wpa_s,
 #endif /* CONFIG_FILS_SK_PFS */
 #endif /* CONFIG_FILS */
 
+#ifdef CONFIG_PASN
+	ret = os_snprintf(pos, end - pos, "%sPASN",
+			  pos == buf ? "" : " ");
+	if (os_snprintf_error(end - pos, ret))
+		return pos - buf;
+	pos += ret;
+
+#endif /* CONFIG_PASN */
 	return pos - buf;
 }
 
@@ -10057,6 +10066,71 @@  static int wpas_ctrl_cmd_debug_level(const char *cmd)
 }
 
 
+#ifdef CONFIG_PASN
+
+static int wpas_ctrl_iface_pasn_start(struct wpa_supplicant *wpa_s, char *cmd)
+{
+	char *token, *context = NULL;
+	u8 bssid[ETH_ALEN];
+	int akmp = -1, cipher = -1, got_bssid = 0;
+	u16 group = 0xFFFF;
+
+	/*
+	 * Entry format: bssid=<BSSID> akmp=<AKMP> cipher=<CIPHER> group=<group>
+	 */
+	while ((token = str_token(cmd, " ", &context))) {
+		if (os_strncmp(token, "bssid=", 6) == 0) {
+			if (hwaddr_aton(token + 6, bssid))
+				return -1;
+			got_bssid = 1;
+		} else if (os_strncmp(token, "akmp=PASN", 9) == 0) {
+			akmp = WPA_KEY_MGMT_PASN;
+#ifdef CONFIG_IEEE80211R
+		} else if (os_strncmp(token, "akmp=FT-PSK", 11) == 0) {
+			akmp = WPA_KEY_MGMT_FT_PSK;
+		} else if (os_strncmp(token, "akmp=FT-EAP-SHA384", 18) == 0) {
+			akmp = WPA_KEY_MGMT_FT_IEEE8021X_SHA384;
+		} else if (os_strncmp(token, "akmp=FT-EAP", 11) == 0) {
+			akmp = WPA_KEY_MGMT_FT_IEEE8021X;
+#endif /* CONFIG_IEEE80211R */
+#ifdef CONFIG_SAE
+		} else if (os_strncmp(token, "akmp=SAE", 8) == 0) {
+			akmp = WPA_KEY_MGMT_SAE;
+#endif /* CONFIG_SAE */
+#ifdef CONFIG_FILS
+		} else if (os_strncmp(token, "akmp=FILS-SHA256", 16) == 0) {
+			akmp = WPA_KEY_MGMT_FILS_SHA256;
+		} else if (os_strncmp(token, "akmp=FILS-SHA384", 16) == 0) {
+			akmp = WPA_KEY_MGMT_FILS_SHA384;
+#endif /* CONFIG_FILS */
+		} else if (os_strncmp(token, "cipher=CCMP-256", 13) == 0) {
+			cipher = WPA_CIPHER_CCMP_256;
+		} else if (os_strncmp(token, "cipher=GCMP-256", 13) == 0) {
+			cipher = WPA_CIPHER_GCMP_256;
+		} else if (os_strncmp(token, "cipher=CCMP", 9) == 0) {
+			cipher = WPA_CIPHER_CCMP;
+		} else if (os_strncmp(token, "cipher=GCMP", 9) == 0) {
+			cipher = WPA_CIPHER_GCMP;
+		} else if (os_strncmp(token, "group=", 6) == 0) {
+			group = atoi(token + 6);
+		} else {
+			wpa_printf(MSG_DEBUG,
+				   "CTRL: PASN Invalid parameter: '%s'",
+				   token);
+			return -1;
+		}
+	}
+
+	if (!got_bssid || akmp == -1 || cipher == -1 || group == 0xFFFF) {
+		wpa_printf(MSG_DEBUG,"CTRL: PASN missing parameter");
+		return -1;
+	}
+
+	return wpas_pasn_auth_start(wpa_s, bssid, akmp, cipher, group);
+}
+#endif /* CONFIG_PASN */
+
+
 char * wpa_supplicant_ctrl_iface_process(struct wpa_supplicant *wpa_s,
 					 char *buf, size_t *resp_len)
 {
@@ -10930,6 +11004,15 @@  char * wpa_supplicant_ctrl_iface_process(struct wpa_supplicant *wpa_s,
 		dpp_controller_stop(wpa_s->dpp);
 #endif /* CONFIG_DPP2 */
 #endif /* CONFIG_DPP */
+#ifdef CONFIG_PASN
+	} else if (os_strncmp(buf, "PASN_START ", 11) == 0) {
+		if (wpas_ctrl_iface_pasn_start(wpa_s, buf + 11) < 0)
+			reply_len = -1;
+	} else if (os_strcmp(buf, "PASN_STOP") == 0) {
+		wpas_pasn_auth_stop(wpa_s);
+	} else if (os_strcmp(buf, "PTKSA_CACHE_LIST") == 0) {
+		reply_len = ptksa_cache_list(wpa_s->ptksa, reply, reply_size);
+#endif /* CONFIG_PASN */
 	} else {
 		os_memcpy(reply, "UNKNOWN COMMAND\n", 16);
 		reply_len = 16;
diff --git a/wpa_supplicant/wpa_cli.c b/wpa_supplicant/wpa_cli.c
index 490e77c962..1313b5e025 100644
--- a/wpa_supplicant/wpa_cli.c
+++ b/wpa_supplicant/wpa_cli.c
@@ -3024,6 +3024,30 @@  static int wpa_cli_cmd_dpp_pkex_remove(struct wpa_ctrl *ctrl, int argc,
 #endif /* CONFIG_DPP */
 
 
+#ifdef CONFIG_PASN
+
+static int wpa_cli_cmd_pasn_auth_start(struct wpa_ctrl *ctrl, int argc,
+				       char *argv[])
+{
+	return wpa_cli_cmd(ctrl, "PASN_AUTH_START", 4, argc, argv);
+}
+
+
+static int wpa_cli_cmd_pasn_auth_stop(struct wpa_ctrl *ctrl, int argc,
+				      char *argv[])
+{
+	return wpa_cli_cmd(ctrl, "PASN_AUTH_STOP", 0, argc, argv);
+}
+
+static int wpa_cli_cmd_ptksa_cache_list(struct wpa_ctrl *ctrl, int argc,
+					char *argv[])
+{
+	return wpa_cli_cmd(ctrl, "PTKSA_CACHE_LIST", 0, argc, argv);
+}
+
+#endif /* CONFIG_PASN */
+
+
 enum wpa_cli_cmd_flags {
 	cli_cmd_flag_none		= 0x00,
 	cli_cmd_flag_sensitive		= 0x01
@@ -3683,6 +3707,18 @@  static const struct wpa_cli_cmd wpa_cli_commands[] = {
 	  cli_cmd_flag_none,
 	  "*|<id> = remove DPP pkex information" },
 #endif /* CONFIG_DPP */
+#ifdef CONFIG_PASN
+	{ "pasn_auth_start", wpa_cli_cmd_pasn_auth_start, NULL,
+	  cli_cmd_flag_none,
+	  "bssid=<BSSID> akmp=<WPA key mgmt> cipher=<WPA cipher> group=<group> "
+          "= Start PASN authentication" },
+	{ "pasn_auth_stop", wpa_cli_cmd_pasn_auth_stop, NULL,
+	  cli_cmd_flag_none,
+	  "= Stop PASN authentication" },
+	{ "ptksa_cache_list", wpa_cli_cmd_ptksa_cache_list, NULL,
+	  cli_cmd_flag_none,
+	  "= Get the PTKSA Cache" },
+#endif /* CONFIG_PASN */
 	{ NULL, NULL, NULL, cli_cmd_flag_none, NULL }
 };