From patchwork Wed Nov 10 19:16:35 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andrzej Ostruszka X-Patchwork-Id: 1553573 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: bilbo.ozlabs.org; dkim=pass (2048-bit key; secure) header.d=lists.infradead.org header.i=@lists.infradead.org header.a=rsa-sha256 header.s=bombadil.20210309 header.b=lSdVIh1g; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=semihalf-com.20210112.gappssmtp.com header.i=@semihalf-com.20210112.gappssmtp.com header.a=rsa-sha256 header.s=20210112 header.b=uhv03gmB; dkim-atps=neutral Authentication-Results: ozlabs.org; spf=none (no SPF record) smtp.mailfrom=lists.infradead.org (client-ip=2607:7c80:54:e::133; helo=bombadil.infradead.org; envelope-from=hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org; receiver=) Received: from bombadil.infradead.org (bombadil.infradead.org [IPv6:2607:7c80:54:e::133]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by bilbo.ozlabs.org (Postfix) with ESMTPS id 4HqF6029tBz9sCD for ; Thu, 11 Nov 2021 06:19:36 +1100 (AEDT) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender: Content-Transfer-Encoding:Content-Type:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:MIME-Version:Message-Id:Date:Subject:Cc :To:From:Reply-To:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References: List-Owner; bh=Ii7gqsqbibJMs6+EnSVPpyZsJlHLyy/c9XTY2v0vejY=; b=lSdVIh1g/KDpIX NRue4hmOT+hJKI4GmXAeVmBdp8IEPKWzV0bKM3qfL+S3zNdSTQABM+TUOa/mhDwVttyIBS5xlSDYt yLf2nQN1GENgwtPQ+7Vd6z/zyJTH7cOHFDduB+9Di/7qGBp28wMz1s7Nztylx8ER/aVPHJqDbs5VD PTxoKydV6WHQVPtcY0GHZW5K++zTrDbXM8znEbiFKuvEHUIb+27VOYQzlyZAKcd1JzA7uEfm8/oUo A/MvOSJ9yHEAlWZeWVSILt6rPbhG65W2uu8VEFsWGn3PZHwzenhLzeY/zy33rKwipgFJ88+qcSkcE F2jGdBnhiYLbl6AMS6Og==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.94.2 #2 (Red Hat Linux)) id 1mkt67-0067LA-KN; Wed, 10 Nov 2021 19:17:27 +0000 Received: from mail-wr1-x42d.google.com ([2a00:1450:4864:20::42d]) by bombadil.infradead.org with esmtps (Exim 4.94.2 #2 (Red Hat Linux)) id 1mkt5v-0067Jh-G1 for hostap@lists.infradead.org; Wed, 10 Nov 2021 19:17:17 +0000 Received: by mail-wr1-x42d.google.com with SMTP id w29so5768275wra.12 for ; Wed, 10 Nov 2021 11:17:14 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=semihalf-com.20210112.gappssmtp.com; s=20210112; h=from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=DwfYbVM2ERTjzEk1pEictYhwaptxYOA+AsLqQxbrAAE=; b=uhv03gmB9XiLZXTkQDGNpp+zIsS3DNqHxB7XWCkc+YWqoCTAzaEEwEHtFaxgBzhP6H KGQpnOet6d6h9WVAPxg7J/fw+J5bx+vRi4lTGV9//LoLjo9qXnfgANl26cZIuHjtdfdG tB2NZBPYEFH2he+i3tyKbhkz8MuPoYm7AjJc8KzLhN8F+s8hjf1EJxbUHfReMcUIjLyQ MOOf0rR+nVKzKvCiFi+3cDVLsJswn0u0x0+2vbv9H7Wgym3SUZ0v+oIo5aUcJ5PvGT7U rxeqdddGuRQfU/CT/QxWQwI6sw/+eE2dxmKdxyTyoRYnYUqPs53wbO9oasAKO6d5CtV8 OmoA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=DwfYbVM2ERTjzEk1pEictYhwaptxYOA+AsLqQxbrAAE=; b=PJ2WKS4iF7qu8Smp3/5O5nUXmudRaIJ7TmR8A7Z8XisTnarK/JtrGh5DXhXHkBBXRH XTW7aRRyYAnxMxehhAGr36ejXRH2ds/ADB0Vx9VbN/IqVHMNkGdu8Wm6tYElNV4XjEdE 9q/3wldjRtGaakHYJ3Njsqmp9k8r+R52XONwuyS/1M6T69s/uoKmraXKcjI+j5tA5RDJ WWp2Y+aNPUX7hW0fBkHmTJV55qQga32sEcpdx2Igbjm/h2zdYwszbEdIegpiqQfcXEYo jnCnn95ScaCNGVmhbXqiYVJGkeYh8t49UAq2QtMop1njIeWL36+r5NyT5MJl+Y1YBamg hWgg== X-Gm-Message-State: AOAM530UkyijMdCLvYwQfuTtNQCxr8PExQk2eVmGuksuHj8XhaYDTl08 uRgUkPd6uSUBa4ubbZ+qfs+Hq1Q1djGvJg== X-Google-Smtp-Source: ABdhPJzPhWKSc2foXm530umfRcG/FWQA3TjMU+MJ/EGn4Ctp/iem0xGx2uztEtsv1C7ypY8vtHPXhQ== X-Received: by 2002:adf:d1e3:: with SMTP id g3mr1781482wrd.300.1636571833090; Wed, 10 Nov 2021 11:17:13 -0800 (PST) Received: from andrzejo.c.googlers.com.com (109.36.187.35.bc.googleusercontent.com. [35.187.36.109]) by smtp.googlemail.com with ESMTPSA id c16sm672228wrx.96.2021.11.10.11.17.12 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 10 Nov 2021 11:17:12 -0800 (PST) From: Andrzej Ostruszka To: hostap@lists.infradead.org Cc: upstream@semihalf.com, Andrzej Ostruszka Subject: [PATCH] wpa_supplicant: Add support for pregenerated MAC Date: Wed, 10 Nov 2021 19:16:35 +0000 Message-Id: <20211110191635.1175508-1-amo@semihalf.com> X-Mailer: git-send-email 2.34.0.rc0.344.g81b53c2807-goog MIME-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20211110_111715_618573_34B00759 X-CRM114-Status: GOOD ( 29.41 ) X-Spam-Score: 0.0 (/) X-Spam-Report: Spam detection software, running on the system "bombadil.infradead.org", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: Add new 'mac_addr' policy (3) with which supplicant expects to also obtain 'mac_value' with pregenerated value of MAC address to be used for given SSID. The main difference between this policy and policy 1 is the ability to control persistence of the MAC address used. For example if there is a requirement to always use the same (but random) MAC addres [...] Content analysis details: (0.0 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at https://www.dnswl.org/, no trust [2a00:1450:4864:20:0:0:0:42d listed in] [list.dnswl.org] 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record 0.0 SPF_NONE SPF: sender does not publish an SPF Record -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid X-BeenThere: hostap@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "Hostap" Errors-To: hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org Add new 'mac_addr' policy (3) with which supplicant expects to also obtain 'mac_value' with pregenerated value of MAC address to be used for given SSID. The main difference between this policy and policy 1 is the ability to control persistence of the MAC address used. For example if there is a requirement to always use the same (but random) MAC address for given SSID (even if user removes/forgets the network) this could be handled outside of the wpa_supplicant by using some SSID based hashing scheme to generate MAC (or by just storing the randomly generated one) and providing it to wpa_supplicant together with mac_addr=3 policy. Signed-off-by: Andrzej Ostruszka Change-Id: I4046cf1cd08c84350a44703fe1fa0ecab4c82870 --- wpa_supplicant/config.c | 46 ++++++++++++++++++++++++- wpa_supplicant/config_ssid.h | 9 +++++ wpa_supplicant/dbus/dbus_new_handlers.c | 22 +++++++++++- wpa_supplicant/wpa_supplicant.c | 16 +++++++-- wpa_supplicant/wpa_supplicant_i.h | 3 +- 5 files changed, 90 insertions(+), 6 deletions(-) diff --git a/wpa_supplicant/config.c b/wpa_supplicant/config.c index bf97de698..1d17a3a32 100644 --- a/wpa_supplicant/config.c +++ b/wpa_supplicant/config.c @@ -2321,6 +2321,49 @@ static char * wpa_config_write_peerkey(const struct parse_data *data, #endif /* NO_CONFIG_WRITE */ +static int wpa_config_parse_mac_value(const struct parse_data *data, + struct wpa_ssid *ssid, int line, + const char *value) +{ + u8 mac_value[ETH_ALEN]; + + if (hwaddr_aton(value, mac_value) == 0) { + if (os_memcmp(mac_value, ssid->mac_value, ETH_ALEN) == 0) + return 1; + os_memcpy(ssid->mac_value, mac_value, ETH_ALEN); + return 0; + } + + wpa_printf(MSG_ERROR, "Line %d: Invalid MAC address '%s'", + line, value); + return -1; +} + +#ifndef NO_CONFIG_WRITE +static char * wpa_config_write_mac_value(const struct parse_data *data, + struct wpa_ssid *ssid) +{ + const size_t size = 3 * ETH_ALEN; + char *value; + int res; + + if (ssid->mac_addr != 3) + return NULL; + + value = os_malloc(size); + if (value == NULL) + return NULL; + res = os_snprintf(value, size, MACSTR, MAC2STR(ssid->mac_value)); + if (os_snprintf_error(size, res)) { + os_free(value); + return NULL; + } + value[size-1] = '\0'; + return value; +} +#endif /* NO_CONFIG_WRITE */ + + /* Helper macros for network block parser */ #ifdef OFFSET @@ -2618,7 +2661,8 @@ static const struct parse_data ssid_fields[] = { { INT(update_identifier) }, { STR_RANGE(roaming_consortium_selection, 0, MAX_ROAMING_CONS_OI_LEN) }, #endif /* CONFIG_HS20 */ - { INT_RANGE(mac_addr, 0, 2) }, + { INT_RANGE(mac_addr, 0, 3) }, + { FUNC_KEY(mac_value) }, { INT_RANGE(pbss, 0, 2) }, { INT_RANGE(wps_disabled, 0, 1) }, { INT_RANGE(fils_dh_group, 0, 65535) }, diff --git a/wpa_supplicant/config_ssid.h b/wpa_supplicant/config_ssid.h index 339eead1c..61a5139ec 100644 --- a/wpa_supplicant/config_ssid.h +++ b/wpa_supplicant/config_ssid.h @@ -954,6 +954,7 @@ struct wpa_ssid { * 0 = use permanent MAC address * 1 = use random MAC address for each ESS connection * 2 = like 1, but maintain OUI (with local admin bit set) + * 3 = use dedicated/pregenerated MAC address * * Internally, special value -1 is used to indicate that the parameter * was not specified in the configuration (i.e., default behavior is @@ -961,6 +962,14 @@ struct wpa_ssid { */ int mac_addr; + /** + * mac_value - specific MAC address to be used + * + * When mac_addr policy is equal to 3 this is the value of the MAC + * address that should be used. + */ + u8 mac_value[ETH_ALEN]; + /** * no_auto_peer - Do not automatically peer with compatible mesh peers * diff --git a/wpa_supplicant/dbus/dbus_new_handlers.c b/wpa_supplicant/dbus/dbus_new_handlers.c index db9f30c9a..c4a7ceb44 100644 --- a/wpa_supplicant/dbus/dbus_new_handlers.c +++ b/wpa_supplicant/dbus/dbus_new_handlers.c @@ -148,7 +148,7 @@ static const char * const dont_quote[] = { #ifdef CONFIG_P2P "go_p2p_dev_addr", "p2p_client_list", "psk_list", #endif /* CONFIG_P2P */ - NULL + "mac_value", NULL }; static dbus_bool_t should_quote_opt(const char *key) @@ -202,6 +202,8 @@ dbus_bool_t set_network_properties(struct wpa_supplicant *wpa_s, struct wpa_dbus_dict_entry entry = { .type = DBUS_TYPE_STRING }; DBusMessageIter iter_dict; char *value = NULL; + bool mac_addr3_set = false; + bool mac_value_set = false; if (!wpa_dbus_dict_open_read(iter, &iter_dict, error)) return FALSE; @@ -311,12 +313,30 @@ dbus_bool_t set_network_properties(struct wpa_supplicant *wpa_s, else if (os_strcmp(entry.key, "priority") == 0) wpa_config_update_prio_list(wpa_s->conf); + /* + * MAC address policy "3" needs to come with mac_value in + * the message so make sure that it is present (checked after + * the loop - here we just note what has been supplied). + */ + if (os_strcmp(entry.key, "mac_addr") == 0 && + atoi(value) == 3) + mac_addr3_set = true; + if (os_strcmp(entry.key, "mac_value") == 0) + mac_value_set = true; + skip_update: os_free(value); value = NULL; wpa_dbus_dict_entry_clear(&entry); } + if (mac_addr3_set && !mac_value_set) { + wpa_printf(MSG_ERROR, "Invalid mac_addr policy config"); + dbus_set_error_const(error, DBUS_ERROR_INVALID_ARGS, + "Invalid mac_addr policy config"); + return FALSE; + } + return TRUE; error: diff --git a/wpa_supplicant/wpa_supplicant.c b/wpa_supplicant/wpa_supplicant.c index b80f1d4f0..c6f32e75f 100644 --- a/wpa_supplicant/wpa_supplicant.c +++ b/wpa_supplicant/wpa_supplicant.c @@ -2058,13 +2058,16 @@ void wpas_connect_work_done(struct wpa_supplicant *wpa_s) } -int wpas_update_random_addr(struct wpa_supplicant *wpa_s, int style) +int wpas_update_random_addr(struct wpa_supplicant *wpa_s, int style, + struct wpa_ssid *ssid) { struct os_reltime now; u8 addr[ETH_ALEN]; os_get_reltime(&now); if (wpa_s->last_mac_addr_style == style && + /* pregenerated addresses do not expire */ + wpa_s->last_mac_addr_style != 3 && wpa_s->last_mac_addr_change.sec != 0 && !os_reltime_expired(&now, &wpa_s->last_mac_addr_change, wpa_s->conf->rand_addr_lifetime)) { @@ -2083,6 +2086,13 @@ int wpas_update_random_addr(struct wpa_supplicant *wpa_s, int style) if (random_mac_addr_keep_oui(addr) < 0) return -1; break; + case 3: + if (!ssid) { + wpa_msg(wpa_s, MSG_ERROR, "Invalid 'ssid' for address policy 3"); + return -1; + } + os_memcpy(addr, ssid->mac_value, ETH_ALEN); + break; default: return -1; } @@ -2116,7 +2126,7 @@ int wpas_update_random_addr_disassoc(struct wpa_supplicant *wpa_s) !wpa_s->conf->preassoc_mac_addr) return 0; - return wpas_update_random_addr(wpa_s, wpa_s->conf->preassoc_mac_addr); + return wpas_update_random_addr(wpa_s, wpa_s->conf->preassoc_mac_addr, NULL); } @@ -2251,7 +2261,7 @@ void wpa_supplicant_associate(struct wpa_supplicant *wpa_s, #endif /* CONFIG_SAE */ if (rand_style > 0 && !wpa_s->reassoc_same_ess) { - if (wpas_update_random_addr(wpa_s, rand_style) < 0) + if (wpas_update_random_addr(wpa_s, rand_style, ssid) < 0) return; wpa_sm_pmksa_cache_flush(wpa_s->wpa, ssid); } else if (rand_style == 0 && wpa_s->mac_addr_changed) { diff --git a/wpa_supplicant/wpa_supplicant_i.h b/wpa_supplicant/wpa_supplicant_i.h index cbc955159..ee8049a4c 100644 --- a/wpa_supplicant/wpa_supplicant_i.h +++ b/wpa_supplicant/wpa_supplicant_i.h @@ -1631,7 +1631,8 @@ int disallowed_ssid(struct wpa_supplicant *wpa_s, const u8 *ssid, void wpas_request_connection(struct wpa_supplicant *wpa_s); void wpas_request_disconnection(struct wpa_supplicant *wpa_s); int wpas_build_ext_capab(struct wpa_supplicant *wpa_s, u8 *buf, size_t buflen); -int wpas_update_random_addr(struct wpa_supplicant *wpa_s, int style); +int wpas_update_random_addr(struct wpa_supplicant *wpa_s, int style, + struct wpa_ssid *ssid); int wpas_update_random_addr_disassoc(struct wpa_supplicant *wpa_s); void add_freq(int *freqs, int *num_freqs, int freq);