[PATCH v2 16/20] ctrl_iface: Add support for PASN authentication
Ilan Peer
ilan.peer at intel.com
Wed Dec 16 06:00:29 EST 2020
Signed-off-by: Ilan Peer <ilan.peer at intel.com>
---
wpa_supplicant/ctrl_iface.c | 83 ++++++++++++++++++++++++++++++++
wpa_supplicant/pasn_supplicant.c | 2 +-
wpa_supplicant/wpa_cli.c | 36 ++++++++++++++
3 files changed, 120 insertions(+), 1 deletion(-)
diff --git a/wpa_supplicant/ctrl_iface.c b/wpa_supplicant/ctrl_iface.c
index da0a904df5..e2c1437ee0 100644
--- a/wpa_supplicant/ctrl_iface.c
+++ b/wpa_supplicant/ctrl_iface.c
@@ -66,6 +66,7 @@
#ifdef CONFIG_PASN
#include "wpas_glue.h"
+#include "common/ptksa_cache.h"
#endif /* CONFIG_PASN */
static int wpa_supplicant_global_iface_list(struct wpa_global *global,
@@ -4503,6 +4504,14 @@ static int ctrl_iface_get_capability_auth_alg(struct wpa_supplicant *wpa_s,
#endif /* CONFIG_FILS_SK_PFS */
#endif /* CONFIG_FILS */
+#ifdef CONFIG_PASN
+ ret = os_snprintf(pos, end - pos, "%sPASN",
+ pos == buf ? "" : " ");
+ if (os_snprintf_error(end - pos, ret))
+ return pos - buf;
+ pos += ret;
+
+#endif /* CONFIG_PASN */
return pos - buf;
}
@@ -10447,6 +10456,71 @@ static int wpas_ctrl_iface_configure_mscs(struct wpa_supplicant *wpa_s,
}
+#ifdef CONFIG_PASN
+
+static int wpas_ctrl_iface_pasn_start(struct wpa_supplicant *wpa_s, char *cmd)
+{
+ char *token, *context = NULL;
+ u8 bssid[ETH_ALEN];
+ int akmp = -1, cipher = -1, got_bssid = 0;
+ u16 group = 0xFFFF;
+
+ /*
+ * Entry format: bssid=<BSSID> akmp=<AKMP> cipher=<CIPHER> group=<group>
+ */
+ while ((token = str_token(cmd, " ", &context))) {
+ if (os_strncmp(token, "bssid=", 6) == 0) {
+ if (hwaddr_aton(token + 6, bssid))
+ return -1;
+ got_bssid = 1;
+ } else if (os_strncmp(token, "akmp=PASN", 9) == 0) {
+ akmp = WPA_KEY_MGMT_PASN;
+#ifdef CONFIG_IEEE80211R
+ } else if (os_strncmp(token, "akmp=FT-PSK", 11) == 0) {
+ akmp = WPA_KEY_MGMT_FT_PSK;
+ } else if (os_strncmp(token, "akmp=FT-EAP-SHA384", 18) == 0) {
+ akmp = WPA_KEY_MGMT_FT_IEEE8021X_SHA384;
+ } else if (os_strncmp(token, "akmp=FT-EAP", 11) == 0) {
+ akmp = WPA_KEY_MGMT_FT_IEEE8021X;
+#endif /* CONFIG_IEEE80211R */
+#ifdef CONFIG_SAE
+ } else if (os_strncmp(token, "akmp=SAE", 8) == 0) {
+ akmp = WPA_KEY_MGMT_SAE;
+#endif /* CONFIG_SAE */
+#ifdef CONFIG_FILS
+ } else if (os_strncmp(token, "akmp=FILS-SHA256", 16) == 0) {
+ akmp = WPA_KEY_MGMT_FILS_SHA256;
+ } else if (os_strncmp(token, "akmp=FILS-SHA384", 16) == 0) {
+ akmp = WPA_KEY_MGMT_FILS_SHA384;
+#endif /* CONFIG_FILS */
+ } else if (os_strncmp(token, "cipher=CCMP-256", 13) == 0) {
+ cipher = WPA_CIPHER_CCMP_256;
+ } else if (os_strncmp(token, "cipher=GCMP-256", 13) == 0) {
+ cipher = WPA_CIPHER_GCMP_256;
+ } else if (os_strncmp(token, "cipher=CCMP", 9) == 0) {
+ cipher = WPA_CIPHER_CCMP;
+ } else if (os_strncmp(token, "cipher=GCMP", 9) == 0) {
+ cipher = WPA_CIPHER_GCMP;
+ } else if (os_strncmp(token, "group=", 6) == 0) {
+ group = atoi(token + 6);
+ } else {
+ wpa_printf(MSG_DEBUG,
+ "CTRL: PASN Invalid parameter: '%s'",
+ token);
+ return -1;
+ }
+ }
+
+ if (!got_bssid || akmp == -1 || cipher == -1 || group == 0xFFFF) {
+ wpa_printf(MSG_DEBUG,"CTRL: PASN missing parameter");
+ return -1;
+ }
+
+ return wpas_pasn_auth_start(wpa_s, bssid, akmp, cipher, group);
+}
+#endif /* CONFIG_PASN */
+
+
char * wpa_supplicant_ctrl_iface_process(struct wpa_supplicant *wpa_s,
char *buf, size_t *resp_len)
{
@@ -11341,6 +11415,15 @@ char * wpa_supplicant_ctrl_iface_process(struct wpa_supplicant *wpa_s,
} else if (os_strncmp(buf, "MSCS ", 5) == 0) {
if (wpas_ctrl_iface_configure_mscs(wpa_s, buf + 5))
reply_len = -1;
+#ifdef CONFIG_PASN
+ } else if (os_strncmp(buf, "PASN_START ", 11) == 0) {
+ if (wpas_ctrl_iface_pasn_start(wpa_s, buf + 11) < 0)
+ reply_len = -1;
+ } else if (os_strcmp(buf, "PASN_STOP") == 0) {
+ wpas_pasn_auth_stop(wpa_s);
+ } else if (os_strcmp(buf, "PTKSA_CACHE_LIST") == 0) {
+ reply_len = ptksa_cache_list(wpa_s->ptksa, reply, reply_size);
+#endif /* CONFIG_PASN */
} else {
os_memcpy(reply, "UNKNOWN COMMAND\n", 16);
reply_len = 16;
diff --git a/wpa_supplicant/pasn_supplicant.c b/wpa_supplicant/pasn_supplicant.c
index 2f92024b50..652fee0c7f 100644
--- a/wpa_supplicant/pasn_supplicant.c
+++ b/wpa_supplicant/pasn_supplicant.c
@@ -752,7 +752,7 @@ int wpas_pasn_auth_rx(struct wpa_supplicant *wpa_s,
wpa_s->own_addr, pasn->bssid,
wpabuf_head(secret), wpabuf_len(secret),
&pasn->ptk, pasn->akmp, pasn->cipher,
- WPA_HLTK_MAX_LEN);
+ WPA_KDK_MAX_LEN);
if (ret) {
wpa_printf(MSG_DEBUG, "PASN: failed to derive PTK");
diff --git a/wpa_supplicant/wpa_cli.c b/wpa_supplicant/wpa_cli.c
index 813e4b3cfd..70f2e9f01a 100644
--- a/wpa_supplicant/wpa_cli.c
+++ b/wpa_supplicant/wpa_cli.c
@@ -3158,6 +3158,30 @@ static int wpa_cli_cmd_all_bss(struct wpa_ctrl *ctrl, int argc, char *argv[])
}
+#ifdef CONFIG_PASN
+
+static int wpa_cli_cmd_pasn_auth_start(struct wpa_ctrl *ctrl, int argc,
+ char *argv[])
+{
+ return wpa_cli_cmd(ctrl, "PASN_AUTH_START", 4, argc, argv);
+}
+
+
+static int wpa_cli_cmd_pasn_auth_stop(struct wpa_ctrl *ctrl, int argc,
+ char *argv[])
+{
+ return wpa_cli_cmd(ctrl, "PASN_AUTH_STOP", 0, argc, argv);
+}
+
+static int wpa_cli_cmd_ptksa_cache_list(struct wpa_ctrl *ctrl, int argc,
+ char *argv[])
+{
+ return wpa_cli_cmd(ctrl, "PTKSA_CACHE_LIST", 0, argc, argv);
+}
+
+#endif /* CONFIG_PASN */
+
+
enum wpa_cli_cmd_flags {
cli_cmd_flag_none = 0x00,
cli_cmd_flag_sensitive = 0x01
@@ -3830,6 +3854,18 @@ static const struct wpa_cli_cmd wpa_cli_commands[] = {
#endif /* CONFIG_DPP */
{ "all_bss", wpa_cli_cmd_all_bss, NULL, cli_cmd_flag_none,
"= list all BSS entries (scan results)" },
+#ifdef CONFIG_PASN
+ { "pasn_auth_start", wpa_cli_cmd_pasn_auth_start, NULL,
+ cli_cmd_flag_none,
+ "bssid=<BSSID> akmp=<WPA key mgmt> cipher=<WPA cipher> group=<group> "
+ "= Start PASN authentication" },
+ { "pasn_auth_stop", wpa_cli_cmd_pasn_auth_stop, NULL,
+ cli_cmd_flag_none,
+ "= Stop PASN authentication" },
+ { "ptksa_cache_list", wpa_cli_cmd_ptksa_cache_list, NULL,
+ cli_cmd_flag_none,
+ "= Get the PTKSA Cache" },
+#endif /* CONFIG_PASN */
{ NULL, NULL, NULL, cli_cmd_flag_none, NULL }
};
--
2.17.1
More information about the Hostap
mailing list