From patchwork Mon Apr 22 22:58:21 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Eric Caruso X-Patchwork-Id: 1088971 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=lists.infradead.org (client-ip=2607:7c80:54:e::133; helo=bombadil.infradead.org; envelope-from=hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=chromium.org Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=lists.infradead.org header.i=@lists.infradead.org header.b="faNUAG7e"; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=chromium.org header.i=@chromium.org header.b="i5wEF5LH"; dkim-atps=neutral Received: from bombadil.infradead.org (bombadil.infradead.org [IPv6:2607:7c80:54:e::133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 44p27Q2M5xz9s6w for ; Tue, 23 Apr 2019 08:58:36 +1000 (AEST) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20170209; h=Sender: Content-Transfer-Encoding:Content-Type:MIME-Version:Cc:List-Subscribe: List-Help:List-Post:List-Archive:List-Unsubscribe:List-Id:Message-Id:Date: Subject:To:From:Reply-To:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To: References:List-Owner; bh=gyuZa/NcZB2W+QVONwvIl5unb6grd1eBImmlIV5CTC4=; b=faN UAG7edbLrvzA2vrH4pzNxoqUNBA17BqQIwUGU+Jd7Sg0mglanF6jqihtxegUJLSYj0pDNwNydT1EW qbDycL1YmPWZ8VpPthr4bJyH0HptqAy/DBhh09xtd9I4xKXRo0c+vzeNlcDK33hZJb+LaK0Io0EtA XaFC6c6jRyEvtLP8dV/430DPXQ3x4U4QSwLRuJ+6XjE6Cgg0qg+IrYNoOYAvJRGY3WN/7fLtjkJdb fHGj3tNMft/zQYjInRsdHDUUGDH4WE/leU3kaZaVOCozJ2o+FEoQClT9ueEDRP47j7wDEKVKz/CbC zdmBsZLnxgS2GqgqaS3YaVpRng8RdXQ==; Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.90_1 #2 (Red Hat Linux)) id 1hIhtP-0000FW-2Q; Mon, 22 Apr 2019 22:58:31 +0000 Received: from mail-pf1-x444.google.com ([2607:f8b0:4864:20::444]) by bombadil.infradead.org with esmtps (Exim 4.90_1 #2 (Red Hat Linux)) id 1hIhtK-0000F2-U4 for hostap@lists.infradead.org; Mon, 22 Apr 2019 22:58:28 +0000 Received: by mail-pf1-x444.google.com with SMTP id z5so6410242pfn.3 for ; Mon, 22 Apr 2019 15:58:25 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=from:to:cc:subject:date:message-id; bh=qLGgfC7uMFV1vCscEJ7BO4fZPe+ml5YpM5ZxYaO8RMw=; b=i5wEF5LHxHmMEtvJagWYhui+342HecL5+7z1Ji8ZbFToZEkn+0AYltT9gkNOBC5dJ0 9G754QEUoAPGNDZwJVY5W2UjYTrt/D5+UQBP2AkEN8aYLSaSNtrGnr7mTBVpPpPqNB+x 89+oMxkjJWAdnhDR12Le4CIyu9kSoASaUuroA= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id; bh=qLGgfC7uMFV1vCscEJ7BO4fZPe+ml5YpM5ZxYaO8RMw=; b=oSZi3QNs0OWzmF1fPu/xUq0oXQ5ddXVrDdwDSzAcXxODdmNAAm/G13t9wJ1vKPldqL 1Qjc6oUxgn4ppPN7mFooV4yVhTEML3oxryxxdzlzMulw/RZgsBmxY5zNQrUQN13cazH0 sAcAM3oN0+owdBwi/ACSPDZXtngTz8hWW1z2Y1S340GLFRvlt4M0HYKIGc0IOKpPEWtT yaR8E5GOl3EZilKBMc4Z7oD1y5Qf9KUg4oNOqm499yLDEQo9cMU4UtiH1DTn5lazjadp 31z2ckZ9NLZQdgq265YXRXvJ3qHziomSk/WFrrO7zQ+1CCvBAR6bLwYSi4bbFgWUwSRf OjoA== X-Gm-Message-State: APjAAAUxlozjj6rM6odMeFCFgWOxobXdGDFkIOt1Nhb4WAXIC8+k2cj8 oj5R5wdCvLsq/UPd2rPx68kGwwf6Gt0= X-Google-Smtp-Source: APXvYqygPMEchgZ4g14kKvL4y9HzRdKerI4LNKgQ2ddF9GHQmpFr+/XYKlNvO9POgBI/sS2AO7jjzw== X-Received: by 2002:aa7:9ab1:: with SMTP id x17mr23094684pfi.4.1555973904287; Mon, 22 Apr 2019 15:58:24 -0700 (PDT) Received: from ejcaruso.sfo.corp.google.com ([2620:0:1002:1006:8064:9c77:80dd:9c6a]) by smtp.gmail.com with ESMTPSA id n5sm15633976pgp.80.2019.04.22.15.58.23 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Mon, 22 Apr 2019 15:58:23 -0700 (PDT) From: Eric Caruso To: hostap@lists.infradead.org Subject: [PATCH] Add MAC address randomization functionality Date: Mon, 22 Apr 2019 15:58:21 -0700 Message-Id: <1555973901-253751-1-git-send-email-ejcaruso@chromium.org> X-Mailer: git-send-email 2.1.2 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20190422_155826_971071_2FB2A847 X-CRM114-Status: GOOD ( 16.85 ) X-Spam-Score: -0.2 (/) X-Spam-Report: SpamAssassin version 3.4.2 on bombadil.infradead.org summary: Content analysis details: (-0.2 points) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at https://www.dnswl.org/, no trust [2607:f8b0:4864:20:0:0:0:444 listed in] [list.dnswl.org] -0.0 SPF_PASS SPF: sender matches SPF record -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature -0.0 DKIMWL_WL_HIGH DKIMwl.org - Whitelisted High sender X-BeenThere: hostap@lists.infradead.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: j@w1.fi MIME-Version: 1.0 Sender: "Hostap" Errors-To: hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org Add two D-Bus methods: * EnableMACAddressRandomization: (ay : mask) -> nothing * DisableMACAddressRandomization: nothing -> nothing which configure random MAC address functionality in the Wi-Fi driver via netlink. This also enables random MAC addresses on timer-based scans and fixes weird pointer ownership that was causing memory issues. Signed-off-by: Eric Caruso Tested-by: Eric Caruso Reviewed-by: Kevin Cernekee --- wpa_supplicant/ctrl_iface.c | 51 +---------------- wpa_supplicant/dbus/dbus_new.c | 13 +++++ wpa_supplicant/dbus/dbus_new_handlers.c | 43 +++++++++++++++ wpa_supplicant/dbus/dbus_new_handlers.h | 5 ++ wpa_supplicant/scan.c | 73 ++++++++++++------------- wpa_supplicant/wpa_supplicant.c | 56 +++++++++++++++++++ wpa_supplicant/wpa_supplicant_i.h | 4 ++ 7 files changed, 158 insertions(+), 87 deletions(-) diff --git a/wpa_supplicant/ctrl_iface.c b/wpa_supplicant/ctrl_iface.c index d814fdf7f..113a6dcda 100644 --- a/wpa_supplicant/ctrl_iface.c +++ b/wpa_supplicant/ctrl_iface.c @@ -8566,55 +8566,10 @@ static int wpas_ctrl_iface_mac_rand_scan(struct wpa_supplicant *wpa_s, return -1; } - if (!enable) { - wpas_mac_addr_rand_scan_clear(wpa_s, type); - if (wpa_s->pno) { - if (type & MAC_ADDR_RAND_PNO) { - wpas_stop_pno(wpa_s); - wpas_start_pno(wpa_s); - } - } else if (wpa_s->sched_scanning && - (type & MAC_ADDR_RAND_SCHED_SCAN)) { - wpas_scan_restart_sched_scan(wpa_s); - } - return 0; - } + if (!enable) + return wpas_disable_mac_addr_randomization(wpa_s, type); - if ((addr && !mask) || (!addr && mask)) { - wpa_printf(MSG_INFO, - "CTRL: MAC_RAND_SCAN invalid addr/mask combination"); - return -1; - } - - if (addr && mask && (!(mask[0] & 0x01) || (addr[0] & 0x01))) { - wpa_printf(MSG_INFO, - "CTRL: MAC_RAND_SCAN cannot allow multicast address"); - return -1; - } - - if (type & MAC_ADDR_RAND_SCAN) { - wpas_mac_addr_rand_scan_set(wpa_s, MAC_ADDR_RAND_SCAN, - addr, mask); - } - - if (type & MAC_ADDR_RAND_SCHED_SCAN) { - wpas_mac_addr_rand_scan_set(wpa_s, MAC_ADDR_RAND_SCHED_SCAN, - addr, mask); - - if (wpa_s->sched_scanning && !wpa_s->pno) - wpas_scan_restart_sched_scan(wpa_s); - } - - if (type & MAC_ADDR_RAND_PNO) { - wpas_mac_addr_rand_scan_set(wpa_s, MAC_ADDR_RAND_PNO, - addr, mask); - if (wpa_s->pno) { - wpas_stop_pno(wpa_s); - wpas_start_pno(wpa_s); - } - } - - return 0; + return wpas_enable_mac_addr_randomization(wpa_s, type, addr, mask); } diff --git a/wpa_supplicant/dbus/dbus_new.c b/wpa_supplicant/dbus/dbus_new.c index 27b3012ae..e58632ef9 100644 --- a/wpa_supplicant/dbus/dbus_new.c +++ b/wpa_supplicant/dbus/dbus_new.c @@ -2808,6 +2808,19 @@ static const struct wpa_dbus_method_desc wpas_dbus_interface_methods[] = { END_ARGS } }, + { "EnableMACAddressRandomization", WPAS_DBUS_NEW_IFACE_INTERFACE, + (WPADBusMethodHandler) &wpas_dbus_handler_enable_mac_address_randomization, + { + { "mac_mask", "ay", ARG_IN }, + END_ARGS + } + }, + { "DisableMACAddressRandomization", WPAS_DBUS_NEW_IFACE_INTERFACE, + (WPADBusMethodHandler) &wpas_dbus_handler_disable_mac_address_randomization, + { + END_ARGS + } + }, #ifdef CONFIG_WPS { "Start", WPAS_DBUS_NEW_IFACE_WPS, (WPADBusMethodHandler) wpas_dbus_handler_wps_start, diff --git a/wpa_supplicant/dbus/dbus_new_handlers.c b/wpa_supplicant/dbus/dbus_new_handlers.c index e11dd36ca..ed2adbd97 100644 --- a/wpa_supplicant/dbus/dbus_new_handlers.c +++ b/wpa_supplicant/dbus/dbus_new_handlers.c @@ -2005,6 +2005,49 @@ DBusMessage * wpas_dbus_handler_remove_blob(DBusMessage *message, #endif /* CONFIG_NO_CONFIG_BLOBS */ +DBusMessage * wpas_dbus_handler_enable_mac_address_randomization( + DBusMessage *message, struct wpa_supplicant *wpa_s) +{ + DBusMessageIter iter, array_iter; + u8 *mask; + int mask_len; + + dbus_message_iter_init(message, &iter); + dbus_message_iter_recurse(&iter, &array_iter); + + dbus_message_iter_get_fixed_array(&array_iter, &mask, &mask_len); + if (mask_len != ETH_ALEN) { + return wpas_dbus_error_invalid_args( + message, "Malformed MAC address mask"); + } + + if (wpas_enable_mac_addr_randomization( + wpa_s, MAC_ADDR_RAND_SCAN | MAC_ADDR_RAND_SCHED_SCAN, + wpa_s->perm_addr, mask)) { + return wpas_dbus_error_unknown_error( + message, "Couldn't enable MAC address randomization"); + } + + wpa_printf(MSG_DEBUG, "Enabled MAC address randomization with mask: " + MACSTR, MAC2STR(mask)); + + return NULL; +} + +DBusMessage * wpas_dbus_handler_disable_mac_address_randomization( + DBusMessage *message, struct wpa_supplicant *wpa_s) +{ + if (wpas_disable_mac_addr_randomization( + wpa_s, MAC_ADDR_RAND_SCAN | MAC_ADDR_RAND_SCHED_SCAN)) { + return wpas_dbus_error_unknown_error( + message, "Couldn't disable MAC address randomization"); + } + + wpa_printf(MSG_DEBUG, "Disabled MAC address randomization"); + + return NULL; +} + /* * wpas_dbus_handler_flush_bss - Flush the BSS cache * @message: Pointer to incoming dbus message diff --git a/wpa_supplicant/dbus/dbus_new_handlers.h b/wpa_supplicant/dbus/dbus_new_handlers.h index 1d6235d6f..7700b003d 100644 --- a/wpa_supplicant/dbus/dbus_new_handlers.h +++ b/wpa_supplicant/dbus/dbus_new_handlers.h @@ -117,6 +117,11 @@ DBusMessage * wpas_dbus_handler_remove_blob(DBusMessage *message, DBusMessage * wpas_dbus_handler_set_pkcs11_engine_and_module_path( DBusMessage *message, struct wpa_supplicant *wpa_s); +DBusMessage * wpas_dbus_handler_enable_mac_address_randomization( + DBusMessage *message, struct wpa_supplicant *wpa_s); +DBusMessage * wpas_dbus_handler_disable_mac_address_randomization( + DBusMessage *message, struct wpa_supplicant *wpa_s); + DBusMessage * wpas_dbus_handler_flush_bss(DBusMessage *message, struct wpa_supplicant *wpa_s); diff --git a/wpa_supplicant/scan.c b/wpa_supplicant/scan.c index fb8ebdf2e..b4bf4421e 100644 --- a/wpa_supplicant/scan.c +++ b/wpa_supplicant/scan.c @@ -79,6 +79,27 @@ static int wpas_wps_in_use(struct wpa_supplicant *wpa_s, #endif /* CONFIG_WPS */ +static int wpa_setup_mac_addr_rand_params(struct wpa_driver_scan_params *params, + const u8 *mac_addr) +{ + u8 *tmp; + + if (!mac_addr) + return 0; + + params->mac_addr_rand = 1; + + tmp = os_malloc(2 * ETH_ALEN); + if (!tmp) + return -1; + + os_memcpy(tmp, mac_addr, 2 * ETH_ALEN); + params->mac_addr = tmp; + params->mac_addr_mask = tmp + ETH_ALEN; + return 0; +} + + /** * wpa_supplicant_enabled_networks - Check whether there are enabled networks * @wpa_s: Pointer to wpa_supplicant data @@ -175,6 +196,10 @@ static void wpas_trigger_scan_cb(struct wpa_radio_work *work, int deinit) "Request driver to clear scan cache due to local BSS flush"); params->only_new_results = 1; } + + if (wpa_s->mac_addr_rand_enable & MAC_ADDR_RAND_SCAN) + wpa_setup_mac_addr_rand_params(params, wpa_s->mac_addr_scan); + ret = wpa_drv_scan(wpa_s, params); wpa_scan_free_params(params); work->ctx = NULL; @@ -1047,13 +1072,8 @@ ssid_list_set: } #endif /* CONFIG_P2P */ - if (wpa_s->mac_addr_rand_enable & MAC_ADDR_RAND_SCAN) { - params.mac_addr_rand = 1; - if (wpa_s->mac_addr_scan) { - params.mac_addr = wpa_s->mac_addr_scan; - params.mac_addr_mask = wpa_s->mac_addr_scan + ETH_ALEN; - } - } + if (wpa_s->mac_addr_rand_enable & MAC_ADDR_RAND_SCAN) + wpa_setup_mac_addr_rand_params(¶ms, wpa_s->mac_addr_scan); if (!is_zero_ether_addr(wpa_s->next_scan_bssid)) { struct wpa_bss *bss; @@ -1469,14 +1489,8 @@ scan: wpa_setband_scan_freqs(wpa_s, scan_params); - if (wpa_s->mac_addr_rand_enable & MAC_ADDR_RAND_SCHED_SCAN) { - params.mac_addr_rand = 1; - if (wpa_s->mac_addr_sched_scan) { - params.mac_addr = wpa_s->mac_addr_sched_scan; - params.mac_addr_mask = wpa_s->mac_addr_sched_scan + - ETH_ALEN; - } - } + if (wpa_s->mac_addr_rand_enable & MAC_ADDR_RAND_SCHED_SCAN) + wpa_setup_mac_addr_rand_params(¶ms, wpa_s->mac_addr_sched_scan); ret = wpa_supplicant_start_sched_scan(wpa_s, scan_params); wpabuf_free(extra_ie); @@ -2319,23 +2333,9 @@ wpa_scan_clone_params(const struct wpa_driver_scan_params *src) params->sched_scan_plans_num = src->sched_scan_plans_num; } - if (src->mac_addr_rand) { - params->mac_addr_rand = src->mac_addr_rand; - - if (src->mac_addr && src->mac_addr_mask) { - u8 *mac_addr; - - mac_addr = os_malloc(2 * ETH_ALEN); - if (!mac_addr) - goto failed; - - os_memcpy(mac_addr, src->mac_addr, ETH_ALEN); - os_memcpy(mac_addr + ETH_ALEN, src->mac_addr_mask, - ETH_ALEN); - params->mac_addr = mac_addr; - params->mac_addr_mask = mac_addr + ETH_ALEN; - } - } + if (src->mac_addr_rand && + wpa_setup_mac_addr_rand_params(params, (const u8 *)src->mac_addr)) + goto failed; if (src->bssid) { u8 *bssid; @@ -2516,13 +2516,8 @@ int wpas_start_pno(struct wpa_supplicant *wpa_s) params.freqs = wpa_s->manual_sched_scan_freqs; } - if (wpa_s->mac_addr_rand_enable & MAC_ADDR_RAND_PNO) { - params.mac_addr_rand = 1; - if (wpa_s->mac_addr_pno) { - params.mac_addr = wpa_s->mac_addr_pno; - params.mac_addr_mask = wpa_s->mac_addr_pno + ETH_ALEN; - } - } + if (wpa_s->mac_addr_rand_enable & MAC_ADDR_RAND_PNO) + wpa_setup_mac_addr_rand_params(¶ms, wpa_s->mac_addr_pno); ret = wpa_supplicant_start_sched_scan(wpa_s, ¶ms); os_free(params.filter_ssids); diff --git a/wpa_supplicant/wpa_supplicant.c b/wpa_supplicant/wpa_supplicant.c index 7361ee96d..94e3bcb67 100644 --- a/wpa_supplicant/wpa_supplicant.c +++ b/wpa_supplicant/wpa_supplicant.c @@ -6907,3 +6907,59 @@ int wpa_is_bss_tmp_disallowed(struct wpa_supplicant *wpa_s, const u8 *bssid) MAC2STR(bss->bssid), age.sec, age.usec); return 1; } + +int wpas_enable_mac_addr_randomization(struct wpa_supplicant *wpa_s, + int type, u8 *addr, u8 *mask) +{ + if ((addr && !mask) || (!addr && mask)) { + wpa_printf(MSG_INFO, + "MAC_ADDR_RAND_SCAN invalid addr/mask combination"); + return -1; + } + + if (addr && mask && (!(mask[0] & 0x01) || (addr[0] & 0x01))) { + wpa_printf(MSG_INFO, + "MAC_ADDR_RAND_SCAN cannot allow multicast address"); + return -1; + } + + if (type & MAC_ADDR_RAND_SCAN) { + wpas_mac_addr_rand_scan_set(wpa_s, MAC_ADDR_RAND_SCAN, + addr, mask); + } + + if (type & MAC_ADDR_RAND_SCHED_SCAN) { + wpas_mac_addr_rand_scan_set(wpa_s, MAC_ADDR_RAND_SCHED_SCAN, + addr, mask); + + if (wpa_s->sched_scanning && !wpa_s->pno) + wpas_scan_restart_sched_scan(wpa_s); + } + + if (type & MAC_ADDR_RAND_PNO) { + wpas_mac_addr_rand_scan_set(wpa_s, MAC_ADDR_RAND_PNO, + addr, mask); + if (wpa_s->pno) { + wpas_stop_pno(wpa_s); + wpas_start_pno(wpa_s); + } + } + + return 0; +} + + +int wpas_disable_mac_addr_randomization(struct wpa_supplicant *wpa_s, int type) +{ + wpas_mac_addr_rand_scan_clear(wpa_s, type); + if (wpa_s->pno) { + if (type & MAC_ADDR_RAND_PNO) { + wpas_stop_pno(wpa_s); + wpas_start_pno(wpa_s); + } + } else if (wpa_s->sched_scanning && (type & MAC_ADDR_RAND_SCHED_SCAN)) { + wpas_scan_restart_sched_scan(wpa_s); + } + + return 0; +} diff --git a/wpa_supplicant/wpa_supplicant_i.h b/wpa_supplicant/wpa_supplicant_i.h index ef9273d09..809791e14 100644 --- a/wpa_supplicant/wpa_supplicant_i.h +++ b/wpa_supplicant/wpa_supplicant_i.h @@ -1208,6 +1208,10 @@ void wpas_mbo_update_cell_capa(struct wpa_supplicant *wpa_s, u8 mbo_cell_capa); struct wpabuf * mbo_build_anqp_buf(struct wpa_supplicant *wpa_s, struct wpa_bss *bss); +int wpas_enable_mac_addr_randomization(struct wpa_supplicant *wpa_s, + int type, u8 *addr, u8 *mask); +int wpas_disable_mac_addr_randomization(struct wpa_supplicant *wpa_s, int type); + /** * wpa_supplicant_ctrl_iface_ctrl_rsp_handle - Handle a control response * @wpa_s: Pointer to wpa_supplicant data