From patchwork Thu Jul 18 19:41:23 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Eric Caruso X-Patchwork-Id: 1133825 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=lists.infradead.org (client-ip=2607:7c80:54:e::133; helo=bombadil.infradead.org; envelope-from=hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=chromium.org Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=lists.infradead.org header.i=@lists.infradead.org header.b="QqX3BcJe"; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=chromium.org header.i=@chromium.org header.b="cEs4sGfl"; dkim-atps=neutral Received: from bombadil.infradead.org (bombadil.infradead.org [IPv6:2607:7c80:54:e::133]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 45qPdy5qckz9sBZ for ; Fri, 19 Jul 2019 05:41:40 +1000 (AEST) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20170209; h=Sender: Content-Transfer-Encoding:Content-Type:MIME-Version:Cc:List-Subscribe: List-Help:List-Post:List-Archive:List-Unsubscribe:List-Id:References: In-Reply-To:Message-Id:Date:Subject:To:From:Reply-To:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Owner; bh=dh3dt3NOzvkZ5mcQfGpuushoathMcyCrXcy3228AkH0=; b=QqX3BcJeO22VW9VJ+sFaZVVQOi M8m5pa04dkOXHwBygWUyClJGEw1Pk4/oZO6dHJdb2P82SyTjYsZFoMBks+hGUJ3FJV5Nb/nZIFmzq BioHTCywkHjRq4OnHhwLiokZWYGjpQFdY4uaRWFe98AhD0T9k6ZaubDFb53rmCZsA9IEx3+byle9p z5EwFjgaGLuFaCQxXWrILhQ+PBD8PiuRHSxD/kXpOeYNZKlhERGdgMx4E/YVeg8TcvkB5UcSxtCky 9fa/XYTEfzO5S6gEk943DMi+J4gtwavp3dBiDoBG/M252EIsnqtIM71BWp2jDHIo6Y5f6W9B2uBya ozxqCJ3w==; Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.92 #3 (Red Hat Linux)) id 1hoCHT-00016T-CT; Thu, 18 Jul 2019 19:41:31 +0000 Received: from mail-pf1-x444.google.com ([2607:f8b0:4864:20::444]) by bombadil.infradead.org with esmtps (Exim 4.92 #3 (Red Hat Linux)) id 1hoCHQ-00015t-7f for hostap@lists.infradead.org; Thu, 18 Jul 2019 19:41:30 +0000 Received: by mail-pf1-x444.google.com with SMTP id c73so13069762pfb.13 for ; Thu, 18 Jul 2019 12:41:27 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=Us++F4dYuKtqW+1oM7K6Kr5iMQaMv+tnOaBvg3qB/KE=; b=cEs4sGflHGonpy7tJetKEwaDLiNhug8LGPzKDhj7Kmi/Jy+DL/6jEb8MsAIQb1PaOZ ciLMAAcoA+/pVM5VA1cX2rF7s688YqyzSYJP3od5mowLjGpuQUICxFvkF1D2LntQOsH0 XwSxrr2VhL8yG3OphVCoao18Pnf6VycEEgzzw= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=Us++F4dYuKtqW+1oM7K6Kr5iMQaMv+tnOaBvg3qB/KE=; b=HmQ0N4T1oSP+w8jvd7VRY3Aw5qFqEZG/xtgF5jZhMbA9CJ4ExtpwF+mazscLaYM4I+ Stq9Es959uUH4DODAzO5hYfo42djxbUoLorAmek9qgiHf66tsm4L9kDJjhWiMg47mx77 2lNvXz53vSggOiLfnjTQZkDDKo09JeiNLiTZRXRD+AegA9kqtru3De7w1Rvdm5zX12Xa cCxzsbIU5V4oc6gbhWtF/dc1q0OLpWuifsFFQKeuhP2RZ2t816QfZ+bWdbm+CjnAV8uw EaEzEC3kRZeHTu2xGW7p+u8Ke1qIFn/y2ZjG083/yFTkQPrArRtqwpzSxT32Ydlg7Pc4 R0ew== X-Gm-Message-State: APjAAAXurt+Rh4riudpVYjiMBvxNIUvTseEjGJ6Q5Z6JvSJxgsIEAwlr nchqfPmaEEHgExoPKw0nrNi+b1+18CE= X-Google-Smtp-Source: APXvYqyB/gCNqin+p3gIQOmFzlDUxSN3Dbyd9/z8Q4B8ZgS6nZUqeCGz/Erd4JrErhOuMP047tZSMw== X-Received: by 2002:a17:90a:bb8b:: with SMTP id v11mr52152338pjr.64.1563478885982; Thu, 18 Jul 2019 12:41:25 -0700 (PDT) Received: from ejcaruso1.sfo.corp.google.com ([2620:0:1002:1006:c272:92fe:54b0:9596]) by smtp.gmail.com with ESMTPSA id h70sm22389517pgc.36.2019.07.18.12.41.24 (version=TLS1_3 cipher=AEAD-AES256-GCM-SHA384 bits=256/256); Thu, 18 Jul 2019 12:41:25 -0700 (PDT) From: Eric Caruso To: hostap@lists.infradead.org Subject: [PATCH v5 2/2] Add MAC address randomization endpoints to D-Bus Date: Thu, 18 Jul 2019 12:41:23 -0700 Message-Id: <1563478883-230819-1-git-send-email-ejcaruso@chromium.org> X-Mailer: git-send-email 2.1.2 In-Reply-To: <20190717235225.GA259016@google.com> References: <20190717235225.GA259016@google.com> X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20190718_124128_306374_A1B21C6B X-CRM114-Status: GOOD ( 17.62 ) X-Spam-Score: -0.2 (/) X-Spam-Report: SpamAssassin version 3.4.2 on bombadil.infradead.org summary: Content analysis details: (-0.2 points) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at https://www.dnswl.org/, no trust [2607:f8b0:4864:20:0:0:0:444 listed in] [list.dnswl.org] -0.0 SPF_PASS SPF: sender matches SPF record 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain -0.0 DKIMWL_WL_HIGH DKIMwl.org - Whitelisted High sender X-BeenThere: hostap@lists.infradead.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Jouni Malinen , Dan Williams , Brian Norris MIME-Version: 1.0 Sender: "Hostap" Errors-To: hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org Add D-Bus property: * MACAddressRandomizationMask: a{say} which configure random MAC address functionality in the Wi-Fi driver via netlink. Signed-off-by: Eric Caruso --- doc/dbus.doxygen | 7 ++ wpa_supplicant/dbus/dbus_new.c | 6 + wpa_supplicant/dbus/dbus_new_handlers.c | 154 ++++++++++++++++++++++++ wpa_supplicant/dbus/dbus_new_handlers.h | 2 + wpa_supplicant/scan.c | 26 ++++ wpa_supplicant/scan.h | 2 + 6 files changed, 197 insertions(+) diff --git a/doc/dbus.doxygen b/doc/dbus.doxygen index 072ed3486..f615598ad 100644 --- a/doc/dbus.doxygen +++ b/doc/dbus.doxygen @@ -1045,6 +1045,13 @@ fi.w1.wpa_supplicant1.CreateInterface. +
  • +

    MACAddressRandomizationMask - a{say} - (read/write)

    +

    Masks to show which bits not to randomize with MAC address randomization. Possible keys are "scan", "sched_scan", and "pno". Values must be an array of 6 bytes.

    +

    When this property is set, the new dictionary replaces the old value, rather than merging them together. Leaving a key out of the dictionary will turn off MAC address randomization for that scan type.

    +
    • + + \subsection dbus_interface_signals Signals
      diff --git a/wpa_supplicant/dbus/dbus_new.c b/wpa_supplicant/dbus/dbus_new.c index fc2fc2ef1..f277c04fb 100644 --- a/wpa_supplicant/dbus/dbus_new.c +++ b/wpa_supplicant/dbus/dbus_new.c @@ -3803,6 +3803,12 @@ static const struct wpa_dbus_property_desc wpas_dbus_interface_properties[] = { NULL, NULL }, + { "MACAddressRandomizationMask", WPAS_DBUS_NEW_IFACE_INTERFACE, + "a{say}", + wpas_dbus_getter_mac_address_randomization_mask, + wpas_dbus_setter_mac_address_randomization_mask, + NULL + }, { NULL, NULL, NULL, NULL, NULL, NULL } }; diff --git a/wpa_supplicant/dbus/dbus_new_handlers.c b/wpa_supplicant/dbus/dbus_new_handlers.c index 6c36d91a0..71e107e5c 100644 --- a/wpa_supplicant/dbus/dbus_new_handlers.c +++ b/wpa_supplicant/dbus/dbus_new_handlers.c @@ -3989,6 +3989,160 @@ out: } +/** + * wpas_dbus_setter_mac_address_randomization_mask - Set masks used for + * MAC address randomization + * @iter: Pointer to incoming dbus message iter + * @error: Location to store error on failure + * @user_data: Function specific data + * Returns: TRUE on success, FALSE on failure + * + * Setter for "MACAddressRandomizationMask" property. + */ +dbus_bool_t wpas_dbus_setter_mac_address_randomization_mask( + const struct wpa_dbus_property_desc *property_desc, + DBusMessageIter *iter, DBusError *error, void *user_data) +{ + struct wpa_supplicant *wpa_s = user_data; + DBusMessageIter variant_iter, dict_iter, entry_iter, array_iter; + const char *key; + unsigned int rand_type = 0; + const u8 *mask; + int mask_len; + unsigned int rand_types_to_disable = MAC_ADDR_RAND_ALL; + + dbus_message_iter_recurse(iter, &variant_iter); + dbus_message_iter_recurse(&variant_iter, &dict_iter); + while (dbus_message_iter_get_arg_type(&dict_iter) == + DBUS_TYPE_DICT_ENTRY) { + dbus_message_iter_recurse(&dict_iter, &entry_iter); + if (dbus_message_iter_get_arg_type(&entry_iter) != DBUS_TYPE_STRING) { + dbus_set_error(error, DBUS_ERROR_FAILED, + "%s: key not a string", __func__); + return FALSE; + } + dbus_message_iter_get_basic(&entry_iter, &key); + dbus_message_iter_next(&entry_iter); + if (dbus_message_iter_get_arg_type(&entry_iter) != DBUS_TYPE_ARRAY || + dbus_message_iter_get_element_type(&entry_iter) != DBUS_TYPE_BYTE) { + dbus_set_error(error, DBUS_ERROR_FAILED, + "%s: mask was not a byte array", __func__); + return FALSE; + } + dbus_message_iter_recurse(&entry_iter, &array_iter); + dbus_message_iter_get_fixed_array(&array_iter, &mask, &mask_len); + + if (os_strcmp(key, "scan") == 0) { + rand_type = MAC_ADDR_RAND_SCAN; + } else if (os_strcmp(key, "sched_scan") == 0) { + rand_type = MAC_ADDR_RAND_SCHED_SCAN; + } else if (os_strcmp(key, "pno") == 0) { + rand_type = MAC_ADDR_RAND_PNO; + } else { + dbus_set_error(error, DBUS_ERROR_FAILED, + "%s: bad scan type \"%s\"", __func__, key); + return FALSE; + } + + if (mask_len != ETH_ALEN) { + dbus_set_error(error, DBUS_ERROR_FAILED, + "%s: malformed MAC mask given", __func__); + return FALSE; + } + + if (wpas_enable_mac_addr_randomization( + wpa_s, rand_type, wpa_s->perm_addr, mask)) { + dbus_set_error(error, DBUS_ERROR_FAILED, + "%s: failed to set up MAC address randomization for %s", + __func__, key); + return FALSE; + } + + wpa_printf(MSG_DEBUG, "%s: Enabled MAC address randomization for %s with mask: " + MACSTR, wpa_s->ifname, key, MAC2STR(mask)); + rand_types_to_disable &= ~rand_type; + dbus_message_iter_next(&dict_iter); + } + + if (rand_types_to_disable && + wpas_disable_mac_addr_randomization(wpa_s, rand_types_to_disable)) { + dbus_set_error(error, DBUS_ERROR_FAILED, + "%s: failed to disable MAC address randomization", + __func__); + return FALSE; + } + + return TRUE; +} + + +dbus_bool_t wpas_dbus_getter_mac_address_randomization_mask( + const struct wpa_dbus_property_desc *property_desc, + DBusMessageIter *iter, DBusError *error, void *user_data) +{ + struct wpa_supplicant *wpa_s = user_data; + DBusMessageIter variant_iter, dict_iter, entry_iter, array_iter; + unsigned int i; + u8 mask_buf[ETH_ALEN]; + /* Read docs on dbus_message_iter_append_fixed_array for why this + * is necessary... */ + u8* mask = mask_buf; + static const struct { + const char *key; + unsigned int type; + } types[] = { + { "scan", MAC_ADDR_RAND_SCAN }, + { "sched_scan", MAC_ADDR_RAND_SCHED_SCAN }, + { "pno", MAC_ADDR_RAND_PNO } + }; + + if (!dbus_message_iter_open_container(iter, DBUS_TYPE_VARIANT, + "a{say}", &variant_iter) || + !dbus_message_iter_open_container(&variant_iter, DBUS_TYPE_ARRAY, + "{say}", &dict_iter)) { + dbus_set_error_const(error, DBUS_ERROR_NO_MEMORY, "no memory"); + return FALSE; + } + + for (i = 0; i < ARRAY_SIZE(types); i++) { + if (wpas_mac_addr_rand_scan_get_mask(wpa_s, types[i].type, + mask)) + continue; + + if (!dbus_message_iter_open_container(&dict_iter, + DBUS_TYPE_DICT_ENTRY, + NULL, &entry_iter) || + !dbus_message_iter_append_basic(&entry_iter, + DBUS_TYPE_STRING, + &types[i].key) || + !dbus_message_iter_open_container(&entry_iter, + DBUS_TYPE_ARRAY, + DBUS_TYPE_BYTE_AS_STRING, + &array_iter) || + !dbus_message_iter_append_fixed_array(&array_iter, + DBUS_TYPE_BYTE, + &mask, + ETH_ALEN) || + !dbus_message_iter_close_container(&entry_iter, + &array_iter) || + !dbus_message_iter_close_container(&dict_iter, + &entry_iter)) { + dbus_set_error_const(error, DBUS_ERROR_NO_MEMORY, + "no memory"); + return FALSE; + } + } + + if (!dbus_message_iter_close_container(&variant_iter, &dict_iter) || + !dbus_message_iter_close_container(iter, &variant_iter)) { + dbus_set_error_const(error, DBUS_ERROR_NO_MEMORY, "no memory"); + return FALSE; + } + + return TRUE; +} + + /** * wpas_dbus_getter_sta_address - Return the address of a connected station * @iter: Pointer to incoming dbus message iter diff --git a/wpa_supplicant/dbus/dbus_new_handlers.h b/wpa_supplicant/dbus/dbus_new_handlers.h index d922ce1b4..afa26efed 100644 --- a/wpa_supplicant/dbus/dbus_new_handlers.h +++ b/wpa_supplicant/dbus/dbus_new_handlers.h @@ -177,6 +177,8 @@ DECLARE_ACCESSOR(wpas_dbus_getter_pkcs11_engine_path); DECLARE_ACCESSOR(wpas_dbus_getter_pkcs11_module_path); DECLARE_ACCESSOR(wpas_dbus_getter_blobs); DECLARE_ACCESSOR(wpas_dbus_getter_stas); +DECLARE_ACCESSOR(wpas_dbus_getter_mac_address_randomization_mask); +DECLARE_ACCESSOR(wpas_dbus_setter_mac_address_randomization_mask); DECLARE_ACCESSOR(wpas_dbus_getter_sta_address); DECLARE_ACCESSOR(wpas_dbus_getter_sta_aid); DECLARE_ACCESSOR(wpas_dbus_getter_sta_caps); diff --git a/wpa_supplicant/scan.c b/wpa_supplicant/scan.c index 08ded3fdb..2c382046e 100644 --- a/wpa_supplicant/scan.c +++ b/wpa_supplicant/scan.c @@ -2844,6 +2844,32 @@ int wpas_mac_addr_rand_scan_set(struct wpa_supplicant *wpa_s, } +int wpas_mac_addr_rand_scan_get_mask(struct wpa_supplicant *wpa_s, + unsigned int type, u8 *mask) +{ + u8 *to_copy = NULL; + + if ((wpa_s->mac_addr_rand_enable & type) != type) + return -1; + + if (type == MAC_ADDR_RAND_SCAN) { + to_copy = wpa_s->mac_addr_scan; + } else if (type == MAC_ADDR_RAND_SCHED_SCAN) { + to_copy = wpa_s->mac_addr_sched_scan; + } else if (type == MAC_ADDR_RAND_PNO) { + to_copy = wpa_s->mac_addr_pno; + } else { + wpa_printf(MSG_DEBUG, + "scan: Invalid MAC randomization type=0x%x", + type); + return -1; + } + + os_memcpy(mask, to_copy + ETH_ALEN, ETH_ALEN); + return 0; +} + + int wpas_abort_ongoing_scan(struct wpa_supplicant *wpa_s) { struct wpa_radio_work *work; diff --git a/wpa_supplicant/scan.h b/wpa_supplicant/scan.h index 2aa0a8be0..58caa7818 100644 --- a/wpa_supplicant/scan.h +++ b/wpa_supplicant/scan.h @@ -52,6 +52,8 @@ void wpas_mac_addr_rand_scan_clear(struct wpa_supplicant *wpa_s, int wpas_mac_addr_rand_scan_set(struct wpa_supplicant *wpa_s, unsigned int type, const u8 *addr, const u8 *mask); +int wpas_mac_addr_rand_scan_get_mask(struct wpa_supplicant *wpa_s, + unsigned int type, u8 *mask); int wpas_abort_ongoing_scan(struct wpa_supplicant *wpa_s); void filter_scan_res(struct wpa_supplicant *wpa_s, struct wpa_scan_results *res);