From patchwork Mon Aug 5 09:33:19 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Shivani Baranwal X-Patchwork-Id: 1969028 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; dkim=pass (2048-bit key; secure) header.d=lists.infradead.org header.i=@lists.infradead.org header.a=rsa-sha256 header.s=bombadil.20210309 header.b=k+lnmR1s; dkim=fail reason="signature verification failed" (2048-bit key; secure) header.d=infradead.org header.i=@infradead.org header.a=rsa-sha256 header.s=desiato.20200630 header.b=VBEMSMnT; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=quicinc.com header.i=@quicinc.com header.a=rsa-sha256 header.s=qcppdkim1 header.b=gWyBJUoI; dkim-atps=neutral Authentication-Results: legolas.ozlabs.org; spf=none (no SPF record) smtp.mailfrom=lists.infradead.org (client-ip=2607:7c80:54:3::133; helo=bombadil.infradead.org; envelope-from=hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org; receiver=patchwork.ozlabs.org) Received: from bombadil.infradead.org (bombadil.infradead.org [IPv6:2607:7c80:54:3::133]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) server-digest SHA384) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4WctQ25Tn4z1yf5 for ; Mon, 5 Aug 2024 20:45:44 +1000 (AEST) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender: Content-Transfer-Encoding:Content-Type:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:MIME-Version:References:In-Reply-To: Message-ID:Date:Subject:CC:To:From:Reply-To:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: List-Owner; bh=Gn+bzD3CFQuMAdhRRf1PiUpgEFVLxteU1+mI5g2Jz1w=; b=k+lnmR1s36AVNe bQelT6UonkdyCJ+fHlX7p++SvzC7AhGgIGDlM7WULUPVQjciAknS9T+4NBYlpQnauR6PWn0VH2O4d fD9X/sPXGgGpO2e9XaMW2q6j3oB7t+OWEvHgglHXlLSE9faIQsM4FvLhnwqo0DuQkiYArfyuYnX1s ng/1qyfrbu8PNYnwNQwfGVgzY0P9iS1Z3L/5gLVbfQJASWpFhBWq2bSQZI0Yx2fkCz6CmgjTleVyJ nVHAe+5VFSYleyA2Vg4s4YJvplgdYrb5vjcA2zCEQeyuWvn66NM2bbm1oDr52s497xR77Rjp18Q2e RuJK0bM96YiJG5l4D5nA==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.97.1 #2 (Red Hat Linux)) id 1savDX-0000000FZBA-3dKK; Mon, 05 Aug 2024 10:45:31 +0000 Received: from desiato.infradead.org ([2001:8b0:10b:1:d65d:64ff:fe57:4e05]) by bombadil.infradead.org with esmtps (Exim 4.97.1 #2 (Red Hat Linux)) id 1sau7D-0000000FJ6S-1Jkv for hostap@bombadil.infradead.org; Mon, 05 Aug 2024 09:34:55 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=infradead.org; s=desiato.20200630; h=Content-Type:MIME-Version:References: In-Reply-To:Message-ID:Date:Subject:CC:To:From:Sender:Reply-To: Content-Transfer-Encoding:Content-ID:Content-Description; bh=mGc9Thb7e4JuQhuQ4CeFxIrLaRvwxCSERXmftn69WHo=; b=VBEMSMnTPz1a753JdTz+iWyW0i W2Hh+pePoifmI4OOuh7RZgMmmRQhpg4LcbxOerCbfAIwOKh0eKvyFRoiFmMtPxvEkCRtzle3JNM6j B3PnNNZn4z27XFqaN02/XttsIbJbbcRE0c5nLRK7bRnQc4JyohdXOBB1F3MoE9lvcSnC4mmsXm5DU QGj42Cd6BMraiySR1ZfJrxEr1vr/4bahNEpLDQYplYktS79KOHtGpTDTHzm2m3Mc2rNCi/beJWlHC 4IjxhdZGPGWNBE4ZT/eFOMdTCud/GeeQ2O0lZsGDhxtiXstfJ93725PlXBTV/m3oXfYcaNaUJg3xG JTKNVxng==; Received: from mx0b-0031df01.pphosted.com ([205.220.180.131]) by desiato.infradead.org with esmtps (Exim 4.97.1 #2 (Red Hat Linux)) id 1sau76-00000006Dhj-0Hjn for hostap@lists.infradead.org; Mon, 05 Aug 2024 09:34:52 +0000 Received: from pps.filterd (m0279868.ppops.net [127.0.0.1]) by mx0a-0031df01.pphosted.com (8.18.1.2/8.18.1.2) with ESMTP id 4752VX0C000420 for ; Mon, 5 Aug 2024 09:34:45 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=quicinc.com; h= cc:content-type:date:from:in-reply-to:message-id:mime-version :references:subject:to; s=qcppdkim1; bh=mGc9Thb7e4JuQhuQ4CeFxIrL aRvwxCSERXmftn69WHo=; b=gWyBJUoIgFsnxv0w+f6pqX69MTcKLB6heXLnKlMX tHcqxBm8cmM36bWWXLBDmPBARpxcP8Sj0IetRBmdU+I9AcKgMfaACz9bwqHmH/mr Xaz1z9B2c2EedGY422tgOv0dbZ/QflpT8iPD9BR512J+gIa9THTqXore39WhBhT/ AIrE+jA+cTGLkdWsX2n/X8zOCz10S8pT1zm+UGFygSnpZXPMspviRAyLJ4GlYJsS cvjtxib+ZsCfei2T6eHAFG6xSsnfOxFBW3VAxOQWyr7pSzDNpjN3Wu5sx+WDe5nH WWEbFUYBDuNkfqfT6rRgQhEVagoJVBUZnVoshFjJUXEaMg== Received: from nalasppmta01.qualcomm.com (Global_NAT1.qualcomm.com [129.46.96.20]) by mx0a-0031df01.pphosted.com (PPS) with ESMTPS id 40sbvgbgbs-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Mon, 05 Aug 2024 09:34:44 +0000 (GMT) Received: from nalasex01a.na.qualcomm.com (nalasex01a.na.qualcomm.com [10.47.209.196]) by NALASPPMTA01.qualcomm.com (8.17.1.19/8.17.1.19) with ESMTPS id 4759YhTA022985 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Mon, 5 Aug 2024 09:34:43 GMT Received: from hu-shivbara-hyd.qualcomm.com (10.80.80.8) by nalasex01a.na.qualcomm.com (10.47.209.196) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1544.9; Mon, 5 Aug 2024 02:34:41 -0700 From: Shivani Baranwal To: CC: Subject: [PATCH v3 21/25] P2P: Add device identity block to p2p_supplicant.conf Date: Mon, 5 Aug 2024 15:03:19 +0530 Message-ID: <1722850403-8852-22-git-send-email-quic_shivbara@quicinc.com> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1722850403-8852-1-git-send-email-quic_shivbara@quicinc.com> References: <1722850403-8852-1-git-send-email-quic_shivbara@quicinc.com> MIME-Version: 1.0 X-Originating-IP: [10.80.80.8] X-ClientProxiedBy: nasanex01b.na.qualcomm.com (10.46.141.250) To nalasex01a.na.qualcomm.com (10.47.209.196) X-QCInternal: smtphost X-Proofpoint-Virus-Version: vendor=nai engine=6200 definitions=5800 signatures=585085 X-Proofpoint-GUID: r82iq2lqe562DtHda_TQLQGjo7dNwwvZ X-Proofpoint-ORIG-GUID: r82iq2lqe562DtHda_TQLQGjo7dNwwvZ X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1039,Hydra:6.0.680,FMLib:17.12.28.16 definitions=2024-08-04_14,2024-08-02_01,2024-05-17_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 suspectscore=0 spamscore=0 mlxscore=0 mlxlogscore=999 adultscore=0 malwarescore=0 clxscore=1015 phishscore=0 lowpriorityscore=0 impostorscore=0 priorityscore=1501 bulkscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.19.0-2407110000 definitions=main-2408050067 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20240805_103449_294728_0B9B8161 X-CRM114-Status: GOOD ( 32.93 ) X-Spam-Score: -0.2 (/) X-Spam-Report: Spam detection software, running on the system "desiato.infradead.org", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: Add device identity block to store dik, pmk, pmikd, cipher version. This persistent data is used during pairing verification of previously paired peers. Signed-off-by: Shivani Baranwal --- wpa_supplicant/config.c | 132 +++++++++++++++++++++++++++++++++++++++++++ wpa_supplicant/config.h | 62 ++++++++++++++++++++ wpa_supplica [...] Content analysis details: (-0.2 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 SPF_PASS SPF: sender matches SPF record 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain X-BeenThere: hostap@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "Hostap" Errors-To: hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org Add device identity block to store dik, pmk, pmikd, cipher version. This persistent data is used during pairing verification of previously paired peers. Signed-off-by: Shivani Baranwal --- wpa_supplicant/config.c | 132 +++++++++++++++++++++++++++++++++++++++++++ wpa_supplicant/config.h | 62 ++++++++++++++++++++ wpa_supplicant/config_file.c | 96 +++++++++++++++++++++++++++++++ 3 files changed, 290 insertions(+) diff --git a/wpa_supplicant/config.c b/wpa_supplicant/config.c index d0957eb..f9d34b2 100644 --- a/wpa_supplicant/config.c +++ b/wpa_supplicant/config.c @@ -3027,6 +3027,7 @@ void wpa_config_free(struct wpa_config *config) { struct wpa_ssid *ssid, *prev = NULL; struct wpa_cred *cred, *cprev; + struct wpa_dev_ik *identity, *iprev; int i; ssid = config->ssid; @@ -3043,6 +3044,13 @@ void wpa_config_free(struct wpa_config *config) wpa_config_free_cred(cprev); } + identity = config->identity; + while (identity) { + iprev = identity; + identity = identity->next; + wpa_config_free_identity(iprev); + } + wpa_config_flush_blobs(config); wpabuf_free(config->wps_vendor_ext_m1); @@ -4105,6 +4113,60 @@ int wpa_config_set_cred(struct wpa_cred *cred, const char *var, return -1; } +int wpa_config_set_identity(struct wpa_dev_ik *identity, const char *var, + const char *value, int line) +{ + char *val; + size_t len; + + if (os_strcmp(var, "dik_cipher") == 0) { + identity->dik_cipher = atoi(value); + return 0; + } + + if (os_strcmp(var, "dik_len") == 0) { + identity->dik_len = atoi(value); + return 0; + } + + val = wpa_config_parse_string(value, &len); + if (val == NULL) { + wpa_printf(MSG_ERROR, "Line %d: invalid field '%s' string " + "value '%s'.", line, var, value); + return -1; + } + + if (os_strcmp(var, "dik_data") == 0) { + os_free(identity->dik_data); + identity->dik_data = val; + return 0; + } + + if (os_strcmp(var, "pmk_len") == 0) { + identity->pmk_len = atoi(value); + return 0; + } + + if (os_strcmp(var, "pmk") == 0) { + os_free(identity->pmk); + identity->pmk = val; + return 0; + } + if (os_strcmp(var, "pmkid") == 0) { + os_free(identity->pmkid); + identity->pmkid = val; + return 0; + } + + if (line) { + wpa_printf(MSG_ERROR, "Line %d: unknown identity field '%s'.", + line, var); + } + + os_free(val); + + return -1; +} static char * alloc_int_str(int val) { @@ -5763,3 +5825,73 @@ int wpa_config_process_global(struct wpa_config *config, char *pos, int line) return ret; } + +void wpa_config_free_identity(struct wpa_dev_ik *identity) +{ + os_free(identity->dik_data); + os_free(identity->pmk); + os_free(identity->pmkid); + os_free(identity); +} + +/** + * wpa_config_add_identity - Add a new device identity with empty configuration + * @config: Configuration data from wpa_config_read() + * Returns: The new device identity or %NULL if operation failed + */ +struct wpa_dev_ik * wpa_config_add_identity(struct wpa_config *config) +{ + int id; + struct wpa_dev_ik *identity, *last = NULL; + + id = -1; + identity = config->identity; + while (identity) { + if (identity->id > id) + id = identity->id; + last = identity; + identity = identity->next; + } + id++; + + identity = os_zalloc(sizeof(*identity)); + if (identity == NULL) + return NULL; + identity->id = id; + if (last) + last->next = identity; + else + config->identity = identity; + + return identity; +} + +/** + * wpa_config_remove_identity - Remove a configured identity based on id + * @config: Configuration data from wpa_config_read() + * @id: Unique network id to search for + * Returns: 0 on success, or -1 if the network was not found + */ +int wpa_config_remove_identity(struct wpa_config *config, int id) +{ + struct wpa_dev_ik *identity, *prev = NULL; + + identity = config->identity; + while (identity) { + if (id == identity->id) + break; + prev = identity; + identity = identity->next; + } + + if (identity == NULL) + return -1; + + if (prev) + prev->next = identity->next; + else + config->identity = identity->next; + + wpa_config_free_identity(identity); + return 0; +} diff --git a/wpa_supplicant/config.h b/wpa_supplicant/config.h index 6b8f0cb..3333125 100644 --- a/wpa_supplicant/config.h +++ b/wpa_supplicant/config.h @@ -417,6 +417,57 @@ struct wpa_cred { int sim_num; }; +struct wpa_dev_ik { + /** + * next - Next device Identity in the list + * + * This pointer can be used to iterate over all device Indetity keys. + * The head of this list is stored in the dev_ik field of struct + * wpa_config. + */ + struct wpa_dev_ik *next; + + /** + * id - Unique id for the credential + * + * This identifier is used as a unique identifier for each identity + * block when using the control interface. Each identity is allocated + * an id when it is being created, either when reading the + * configuration file or when a new identity is added through the + * control interface. + */ + int id; + + /** + * dik_cipher - Device Identity key cipher version + */ + int dik_cipher; + + /** + * dik_len - Device Identity key length + */ + int dik_len; + + /** + * dik_data - Device Identity key which is unique for the device + */ + char *dik_data; + + /** + * pmk_len - PMK length + */ + int pmk_len; + + /** + * pmk - pmk associated of previous connection with the given device + */ + char *pmk; + + /** + * pmkid - pmkid of previous connection with the given device + */ + char *pmkid; +}; #define CFG_CHANGED_DEVICE_NAME BIT(0) #define CFG_CHANGED_CONFIG_METHODS BIT(1) @@ -1823,6 +1874,12 @@ struct wpa_config { /* length of DevIK */ size_t dik_len; + /** + * identity - Head of the list of peer device identities + * + * This is the head for the list of all the paired devices. + */ + struct wpa_dev_ik *identity; }; @@ -1867,6 +1924,8 @@ int wpa_config_remove_cred(struct wpa_config *config, int id); void wpa_config_free_cred(struct wpa_cred *cred); int wpa_config_set_cred(struct wpa_cred *cred, const char *var, const char *value, int line); +int wpa_config_set_identity(struct wpa_dev_ik *identity, const char *var, + const char *value, int line); char * wpa_config_get_cred_no_key(struct wpa_cred *cred, const char *var); struct wpa_config * wpa_config_alloc_empty(const char *ctrl_interface, @@ -1919,5 +1978,8 @@ struct wpa_config * wpa_config_read(const char *name, struct wpa_config *cfgp, * Each configuration backend needs to implement this function. */ int wpa_config_write(const char *name, struct wpa_config *config); +void wpa_config_free_identity(struct wpa_dev_ik *identity); +struct wpa_dev_ik * wpa_config_add_identity(struct wpa_config *config); +int wpa_config_remove_identity(struct wpa_config *config, int id); #endif /* CONFIG_H */ diff --git a/wpa_supplicant/config_file.c b/wpa_supplicant/config_file.c index 68aed57..f79b301 100644 --- a/wpa_supplicant/config_file.c +++ b/wpa_supplicant/config_file.c @@ -296,6 +296,60 @@ static int wpa_config_process_blob(struct wpa_config *config, FILE *f, #endif /* CONFIG_NO_CONFIG_BLOBS */ +static struct wpa_dev_ik * wpa_config_read_identity(FILE *f, int *line, int id) +{ + struct wpa_dev_ik *identity; + int errors = 0, end = 0; + char buf[256], *pos, *pos2; + + wpa_printf(MSG_MSGDUMP, "Line: %d - start of a new identity block", *line); + identity = os_zalloc(sizeof(*identity)); + if (identity == NULL) + return NULL; + identity->id = id; + + while (wpa_config_get_line(buf, sizeof(buf), f, line, &pos)) { + if (os_strcmp(pos, "}") == 0) { + end = 1; + break; + } + + pos2 = os_strchr(pos, '='); + if (pos2 == NULL) { + wpa_printf(MSG_ERROR, "Line %d: Invalid identity line " + "'%s'.", *line, pos); + errors++; + continue; + } + + *pos2++ = '\0'; + if (*pos2 == '"') { + if (os_strchr(pos2 + 1, '"') == NULL) { + wpa_printf(MSG_ERROR, "Line %d: invalid " + "quotation '%s'.", *line, pos2); + errors++; + continue; + } + } + + if (wpa_config_set_identity(identity, pos, pos2, *line) < 0) + errors++; + } + + if (!end) { + wpa_printf(MSG_ERROR, "Line %d: identity block was not " + "terminated properly.", *line); + errors++; + } + + if (errors) { + wpa_config_free_identity(identity); + identity = NULL; + } + + return identity; +} + struct wpa_config * wpa_config_read(const char *name, struct wpa_config *cfgp, bool ro) { @@ -304,9 +358,11 @@ struct wpa_config * wpa_config_read(const char *name, struct wpa_config *cfgp, int errors = 0, line = 0; struct wpa_ssid *ssid, *tail, *head; struct wpa_cred *cred, *cred_tail, *cred_head; + struct wpa_dev_ik *identity, *identity_tail, *identity_head; struct wpa_config *config; static int id = 0; static int cred_id = 0; + static int identity_id = 0; if (name == NULL) return NULL; @@ -325,6 +381,9 @@ struct wpa_config * wpa_config_read(const char *name, struct wpa_config *cfgp, cred_tail = cred_head = config->cred; while (cred_tail && cred_tail->next) cred_tail = cred_tail->next; + identity_tail = identity_head = config->identity; + while (identity_tail && identity_tail->next) + identity_tail = identity_tail->next; wpa_printf(MSG_DEBUG, "Reading configuration file '%s'", name); f = fopen(name, "r"); @@ -383,6 +442,20 @@ struct wpa_config * wpa_config_read(const char *name, struct wpa_config *cfgp, continue; } #endif /* CONFIG_NO_CONFIG_BLOBS */ + } else if (os_strcmp(pos, "identity={") == 0) { + identity = wpa_config_read_identity(f, &line, identity_id++); + if (identity == NULL) { + wpa_printf(MSG_ERROR, "Line %d: failed to " + "parse identity block.", line); + errors++; + continue; + } + if (identity_head == NULL) { + identity_head = identity_tail = identity; + } else { + identity_tail->next = identity; + identity_tail = identity; + } } else if (wpa_config_process_global(config, pos, line) < 0) { wpa_printf(MSG_ERROR, "Line %d: Invalid configuration " "line '%s'.", line, pos); @@ -396,6 +469,7 @@ struct wpa_config * wpa_config_read(const char *name, struct wpa_config *cfgp, config->ssid = head; wpa_config_debug_dump_networks(config); config->cred = cred_head; + config->identity = identity_head; #ifndef WPA_IGNORE_CONFIG_ERRORS if (errors) { @@ -1075,6 +1149,21 @@ static void wpa_config_write_cred(FILE *f, struct wpa_cred *cred) cred->imsi_privacy_attr); } +static void wpa_config_write_identity(FILE *f, struct wpa_dev_ik *dev_ik) +{ + fprintf(f, "\tdik_cipher=%d\n", dev_ik->dik_cipher); + + fprintf(f, "\tdik_len=%d\n", dev_ik->dik_len); + if (dev_ik->dik_data) + fprintf(f, "\tdik_data=\"%s\"\n", dev_ik->dik_data); + + fprintf(f, "\tpmk_len=%d\n", dev_ik->pmk_len); + if (dev_ik->pmk) + fprintf(f, "\tpmk=\"%s\"\n", dev_ik->pmk); + + if (dev_ik->pmkid) + fprintf(f, "\tpmkid=\"%s\"\n", dev_ik->pmkid); +} #ifndef CONFIG_NO_CONFIG_BLOBS static int wpa_config_write_blob(FILE *f, struct wpa_config_blob *blob) @@ -1646,6 +1735,7 @@ int wpa_config_write(const char *name, struct wpa_config *config) FILE *f; struct wpa_ssid *ssid; struct wpa_cred *cred; + struct wpa_dev_ik *dev_ik; #ifndef CONFIG_NO_CONFIG_BLOBS struct wpa_config_blob *blob; #endif /* CONFIG_NO_CONFIG_BLOBS */ @@ -1700,6 +1790,12 @@ int wpa_config_write(const char *name, struct wpa_config *config) fprintf(f, "}\n"); } + for (dev_ik = config->identity; dev_ik; dev_ik = dev_ik->next) { + fprintf(f, "\nidentity={\n"); + wpa_config_write_identity(f, dev_ik); + fprintf(f, "}\n"); + } + #ifndef CONFIG_NO_CONFIG_BLOBS for (blob = config->blobs; blob; blob = blob->next) { ret = wpa_config_write_blob(f, blob);