From patchwork Sun Apr 28 13:13:41 2024
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: David Bauer <mail@david-bauer.net>
X-Patchwork-Id: 1928657
Return-Path: 
 <hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@legolas.ozlabs.org
Authentication-Results: legolas.ozlabs.org;
	dkim=pass (2048-bit key;
 secure) header.d=lists.infradead.org header.i=@lists.infradead.org
 header.a=rsa-sha256 header.s=bombadil.20210309 header.b=HEvb0dd3;
	dkim=fail reason="signature verification failed" (4096-bit key;
 secure) header.d=david-bauer.net header.i=@david-bauer.net
 header.a=rsa-sha256 header.s=uberspace header.b=vzmuvqY3;
	dkim-atps=neutral
Authentication-Results: legolas.ozlabs.org;
 spf=none (no SPF record) smtp.mailfrom=lists.infradead.org
 (client-ip=2607:7c80:54:3::133; helo=bombadil.infradead.org;
 envelope-from=hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org;
 receiver=patchwork.ozlabs.org)
Received: from bombadil.infradead.org (bombadil.infradead.org
 [IPv6:2607:7c80:54:3::133])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature ECDSA (secp384r1) server-digest SHA384)
	(No client certificate requested)
	by legolas.ozlabs.org (Postfix) with ESMTPS id 4VS6Pl54jbz23tD
	for <incoming@patchwork.ozlabs.org>; Sun, 28 Apr 2024 23:14:50 +1000 (AEST)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
	d=lists.infradead.org; s=bombadil.20210309; h=Sender:
	Content-Transfer-Encoding:Content-Type:List-Subscribe:List-Help:List-Post:
	List-Archive:List-Unsubscribe:List-Id:MIME-Version:References:In-Reply-To:
	Message-ID:Date:Subject:To:From:Reply-To:Cc:Content-ID:Content-Description:
	Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:
	List-Owner; bh=uLSTk11vVBUAzULx64skZnwdyN9ndut4OWULJ9ei1KU=; b=HEvb0dd3kMrBDW
	ZY8pioa2G9+r/1f80yF9mzzBTW5gmCz4pJJe4KK5K9NaQf2MW0DLVzO+QsrGQLlX0IExWTAoCrQCG
	43fZlNpAXNoAP8BnwYCHU8qk9JeMvh+8l9MzclSab3Z+gQhZ3GKSBn5MxCx+Hx4MUm/T+MeTaX6TF
	6np1pWP00VNB8pAmPSaUO5r8W+KENhLypxK8TOS7bkopX1rGQyN02LxogV6vmhTbYImTqZ/g1LEYy
	eb79C4DEnna7ucDj7VUcOjl8Y/nQcW7OBwLTMA7ANYzEh3P7nJMeqIRqkIv++/bDAoVawodzJ33aY
	5o3Y4fs65XyNQRs4kuDg==;
Received: from localhost ([::1] helo=bombadil.infradead.org)
	by bombadil.infradead.org with esmtp (Exim 4.97.1 #2 (Red Hat Linux))
	id 1s14MJ-000000000LR-2ode;
	Sun, 28 Apr 2024 13:14:23 +0000
Received: from perseus.uberspace.de ([95.143.172.134])
	by bombadil.infradead.org with esmtps (Exim 4.97.1 #2 (Red Hat Linux))
	id 1s14M4-000000000Di-3ByH
	for hostap@lists.infradead.org;
	Sun, 28 Apr 2024 13:14:14 +0000
Received: (qmail 7406 invoked by uid 988); 28 Apr 2024 13:13:59 -0000
Authentication-Results: perseus.uberspace.de;
	auth=pass (plain)
Received: from unknown (HELO unkown) (::1)
	by perseus.uberspace.de (Haraka/3.0.1) with ESMTPSA;
 Sun, 28 Apr 2024 15:13:59 +0200
From: David Bauer <mail@david-bauer.net>
To: hostap@lists.infradead.org
Subject: [PATCH v2 2/5] ctrl: enable roaming between OWE APs
Date: Sun, 28 Apr 2024 15:13:41 +0200
Message-ID: <20240428131344.334314-3-mail@david-bauer.net>
X-Mailer: git-send-email 2.43.0
In-Reply-To: <20240428131344.334314-1-mail@david-bauer.net>
References: <20240428131344.334314-1-mail@david-bauer.net>
MIME-Version: 1.0
X-Rspamd-Bar: -
X-Rspamd-Report: MID_CONTAINS_FROM(1) BAYES_HAM(-3) MIME_GOOD(-0.1)
 R_MISSING_CHARSET(0.5)
X-Rspamd-Score: -1.6
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple;
	d=david-bauer.net; s=uberspace;
	h=from:to:subject:date;
	bh=EVLomd57g/+bXM4h9qRFLJalOz3hOWbgkXO/JW27FJc=;
	b=vzmuvqY3sFM73x3osYCe+xaWNU9zllhLo6gJAAlGHmymvt/gp+lXVz+tlTp3WovzHpwZMa7Y2D
	sI4LSvmAqKvecCqu+aasGMmAYzr8yBnCqfXTyY+sk4Oi70Kasg40rkUrpWyXxT9kBL90udeEe5f+
	ff1DzELd1JMzaIhU0R/VJfQ/BIq4SWWkf7FD0U6dBGUO2dAgv36jcOkO0Q04rYdcH4MxjuteC1XB
	vw9lsYUOKEuutqLUNKu7aIJsWPrsgnw2rf9+LD+ipXmwjtEfTZTmf+UpF+9KsrVM9hsD9IOlwFEx
	fk0Gd/piZJLaSWtX7Ur2acucz7k9ArhlZSV99yQOHhNKxWXZfBqDRERbO+gajb85aBozIH9Drsi8
	N7kPUpp+bYUOt4Zr+DMRMws3myYTr2MKkxRgePgAfHV0dx2LXbmwLwxqrL/nUeXDfKreZlom8mhP
	u8v9Sfp6GUAuhwHS8KIXluT+7W25gceTppx4Di7fcDI1NI7ETKbsBssT9NSPS7bZh7OjXSZCGNBC
	39q4BAU7Q2HIUoPkuQEhU+04wikJecCATXC3G0YJa1cnGG5eTNLpb64cPEzfm+98iyWNxU/HxvAe
	JPCe+clIVQLnAFs8NfzuLJ9H4QvhPFAe+FDV9B4ABdq94Qde/4NleKYn0ToAgIrjCekOuVYCpFBE
	4=
X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 
X-CRM114-CacheID: sfid-20240428_061409_537174_62637ACF 
X-CRM114-Status: GOOD (  15.29  )
X-Spam-Score: -0.9 (/)
X-Spam-Report: Spam detection software,
 running on the system "bombadil.infradead.org",
 has NOT identified this incoming email as spam.  The original
 message has been attached to this so you can view it or label
 similar future email.  If you have any questions, see
 the administrator of that system for details.
 Content preview:  This allows to use the roam command with wpa_cli to force
   roaming on a transition network. Previously, this was not possible, as the
    open SSID is stored for the connection profile. Add a new function [...]
 Content analysis details:   (-0.9 points, 5.0 required)
  pts rule name              description
 ---- ----------------------
 --------------------------------------------------
 -0.7 RCVD_IN_DNSWL_LOW      RBL: Sender listed at https://www.dnswl.org/, low
                             trust
                             [95.143.172.134 listed in list.dnswl.org]
 -0.0 SPF_HELO_PASS          SPF: HELO matches SPF record
 -0.0 SPF_PASS               SPF: sender matches SPF record
  0.1 DKIM_SIGNED            Message has a DKIM or DK signature,
 not necessarily valid
 -0.1 DKIM_VALID             Message has at least one valid DKIM or DK
 signature
 -0.1 DKIM_VALID_EF          Message has a valid DKIM or DK signature from
                             envelope-from domain
 -0.1 DKIM_VALID_AU          Message has a valid DKIM or DK signature from
 author's
                             domain
X-BeenThere: hostap@lists.infradead.org
X-Mailman-Version: 2.1.34
Precedence: list
List-Id: <hostap.lists.infradead.org>
List-Unsubscribe: <http://lists.infradead.org/mailman/options/hostap>,
 <mailto:hostap-request@lists.infradead.org?subject=unsubscribe>
List-Archive: <http://lists.infradead.org/pipermail/hostap/>
List-Post: <mailto:hostap@lists.infradead.org>
List-Help: <mailto:hostap-request@lists.infradead.org?subject=help>
List-Subscribe: <http://lists.infradead.org/mailman/listinfo/hostap>,
 <mailto:hostap-request@lists.infradead.org?subject=subscribe>
Sender: "Hostap" <hostap-bounces@lists.infradead.org>
Errors-To: hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org

This allows to use the roam command with wpa_cli to force roaming on a
transition network. Previously, this was not possible, as the open SSID
is stored for the connection profile. Add a new function to also return
OWE transition networks if the profile SSID is set as the
transition-ssid for the OWE RSN network.

Signed-off-by: David Bauer <mail@david-bauer.net>
---
 wpa_supplicant/bss.c        | 47 +++++++++++++++++++++++++++++++++++++
 wpa_supplicant/bss.h        |  2 ++
 wpa_supplicant/ctrl_iface.c |  2 +-
 3 files changed, 50 insertions(+), 1 deletion(-)

diff --git a/wpa_supplicant/bss.c b/wpa_supplicant/bss.c
index c213d15ad..e528af280 100644
--- a/wpa_supplicant/bss.c
+++ b/wpa_supplicant/bss.c
@@ -273,6 +273,53 @@ struct wpa_bss * wpa_bss_get(struct wpa_supplicant *wpa_s, const u8 *bssid,
 	return NULL;
 }
 
+/**
+ * wpa_bss_get_connection - Fetch a BSS table entry based on BSSID and SSID.
+ * This function is similar to wpa_bss_get() but it will also return OWE-TM
+ * encrypted networks which transition-element matches @ssid.
+ * @wpa_s: Pointer to wpa_supplicant data
+ * @bssid: BSSID, or %NULL to match any BSSID
+ * @ssid: SSID
+ * @ssid_len: Length of @ssid
+ * Returns: Pointer to the BSS entry or %NULL if not found
+ */
+struct wpa_bss * wpa_bss_get_connection(struct wpa_supplicant *wpa_s, const u8 *bssid,
+					const u8 *ssid, size_t ssid_len)
+{
+	struct wpa_bss *bss;
+#ifdef CONFIG_OWE
+	const u8 *owe, *owe_bssid, *owe_ssid;
+	size_t owe_ssid_len;
+#endif /* CONFIG_OWE */
+
+	if (bssid && !wpa_supplicant_filter_bssid_match(wpa_s, bssid))
+		return NULL;
+	dl_list_for_each(bss, &wpa_s->bss, struct wpa_bss, list) {
+		if (bssid && os_memcmp(bss->bssid, bssid, ETH_ALEN) != 0)
+			continue;
+
+		if (bss->ssid_len == ssid_len &&
+		    os_memcmp(bss->ssid, ssid, ssid_len) == 0)
+			return bss;
+
+#ifdef CONFIG_OWE
+		/* Check if OWE-TM element is present and matches the SSID */
+		owe = wpa_bss_get_vendor_ie(bss, OWE_IE_VENDOR_TYPE);
+		if (!owe)
+			continue;
+
+		if (wpa_bss_get_owe_trans_network(wpa_s, owe, &owe_bssid, &owe_ssid,
+						  &owe_ssid_len))
+			continue;
+
+		if (owe_ssid_len == ssid_len &&
+		    os_memcmp(owe_ssid, ssid, ssid_len) == 0)
+			return bss;
+#endif /* CONFIG_OWE */
+	}
+	return NULL;
+}
+
 
 void calculate_update_time(const struct os_reltime *fetch_time,
 			   unsigned int age_ms,
diff --git a/wpa_supplicant/bss.h b/wpa_supplicant/bss.h
index 8acedbce7..fa72d7406 100644
--- a/wpa_supplicant/bss.h
+++ b/wpa_supplicant/bss.h
@@ -165,6 +165,8 @@ void wpa_bss_flush(struct wpa_supplicant *wpa_s);
 void wpa_bss_flush_by_age(struct wpa_supplicant *wpa_s, int age);
 struct wpa_bss * wpa_bss_get(struct wpa_supplicant *wpa_s, const u8 *bssid,
 			     const u8 *ssid, size_t ssid_len);
+struct wpa_bss * wpa_bss_get_connection(struct wpa_supplicant *wpa_s, const u8 *bssid,
+					const u8 *ssid, size_t ssid_len);
 struct wpa_bss * wpa_bss_get_bssid(struct wpa_supplicant *wpa_s,
 				   const u8 *bssid);
 struct wpa_bss * wpa_bss_get_bssid_latest(struct wpa_supplicant *wpa_s,
diff --git a/wpa_supplicant/ctrl_iface.c b/wpa_supplicant/ctrl_iface.c
index bc013ad99..b5cf16650 100644
--- a/wpa_supplicant/ctrl_iface.c
+++ b/wpa_supplicant/ctrl_iface.c
@@ -6011,7 +6011,7 @@ static int wpa_supplicant_ctrl_iface_roam(struct wpa_supplicant *wpa_s,
 		return -1;
 	}
 
-	bss = wpa_bss_get(wpa_s, bssid, ssid->ssid, ssid->ssid_len);
+	bss = wpa_bss_get_connection(wpa_s, bssid, ssid->ssid, ssid->ssid_len);
 	if (!bss) {
 		wpa_printf(MSG_DEBUG, "CTRL_IFACE ROAM: Target AP not found "
 			   "from BSS table");