From ba7d967da46d4cf3c98b970cf1bc1e724d8b68d5 Mon Sep 17 00:00:00 2001 From: Peddolla Harshavardhan Reddy Date: Tue, 17 Jun 2025 13:34:45 +0530 Subject: [PATCH] PASN: Testing support for PASN with user-specified parameters Extend control interface support to allow PASN authentication with user-defined network parameters such as AKMP, cipher, password, and comeback cookie to be tested with the PASN_AUTH driver event. Update the pasn_sae_driver test case to align with these control interface changes. This enhancement modifies the existing PASN_DRIVER command to accept additional parameters beyond just the peer BSSID, which was a limitation in the earlier implementation. This command is included only in CONFIG_TESTING_OPTIONS builds. Signed-off-by: Peddolla Harshavardhan Reddy --- tests/hwsim/test_pasn.py | 4 +- wpa_supplicant/ctrl_iface.c | 109 ++++++++++++++++++++++++++++++------ 2 files changed, 93 insertions(+), 20 deletions(-) diff --git a/tests/hwsim/test_pasn.py b/tests/hwsim/test_pasn.py index da6719373..3bc2d366f 100644 --- a/tests/hwsim/test_pasn.py +++ b/tests/hwsim/test_pasn.py @@ -1048,7 +1048,7 @@ def test_pasn_sae_driver(dev, apdev): try: dev[0].set("sae_pwe", "2") - cmd = f"PASN_DRIVER auth {bssid} 02:11:22:33:44:55 {bssid2}" + cmd = f"PASN_DRIVER auth bssid={bssid} bssid=02:11:22:33:44:55 bssid={bssid2}" if "OK" not in dev[0].request(cmd): raise Exception("PASN_DRIVER failed") @@ -1068,7 +1068,7 @@ def test_pasn_sae_driver(dev, apdev): time.sleep(1) dev[0].dump_monitor() - cmd2 = f"PASN_DRIVER del {bssid} {bssid2}" + cmd2 = f"PASN_DRIVER del bssid={bssid} bssid={bssid2}" if "OK" not in dev[0].request(cmd2): raise Exception("PASN_DRIVER failed") diff --git a/wpa_supplicant/ctrl_iface.c b/wpa_supplicant/ctrl_iface.c index 51b7c0a65..c350981e8 100644 --- a/wpa_supplicant/ctrl_iface.c +++ b/wpa_supplicant/ctrl_iface.c @@ -11476,45 +11476,118 @@ static int wpas_ctrl_iface_pasn_deauthenticate(struct wpa_supplicant *wpa_s, #ifdef CONFIG_TESTING_OPTIONS -static int wpas_ctrl_iface_pasn_driver(struct wpa_supplicant *wpa_s, - const char *cmd) +static int wpas_ctrl_iface_pasn_driver(struct wpa_supplicant *wpa_s, char *cmd) { + char *token, *context = NULL; + u8 bssid[ETH_ALEN]; + u8 *comeback = NULL; + size_t comeback_len = 0; union wpa_event_data event; - const char *pos = cmd; - u8 addr[ETH_ALEN]; + unsigned int i; + struct pasn_peer *peer = NULL; + int ret = -1; os_memset(&event, 0, sizeof(event)); - if (os_strncmp(pos, "auth ", 5) == 0) + /* + * Entry format : + * + * .......... + */ + + if (os_strncmp(cmd, "auth ", 5) == 0) event.pasn_auth.action = PASN_ACTION_AUTH; - else if (os_strncmp(pos, "del ", 4) == 0) + else if (os_strncmp(cmd, "del ", 4) == 0) event.pasn_auth.action = PASN_ACTION_DELETE_SECURE_RANGING_CONTEXT; else return -1; - pos = os_strchr(pos, ' '); - if (!pos) + cmd = os_strchr(cmd, ' '); + if (!cmd) return -1; - pos++; - while (hwaddr_aton(pos, addr) == 0) { - struct pasn_peer *peer; + + /* + * Entry format for peer details: + * bssid= akmp= cipher= group= + * nid= [comeback=] password= + */ + while ((token = str_token(cmd, " ", &context))) { + if (os_strncmp(token, "bssid=", 6) == 0) { + if (hwaddr_aton(token + 6, bssid)) + goto out; if (event.pasn_auth.num_peers == WPAS_MAX_PASN_PEERS) - return -1; + goto out; peer = &event.pasn_auth.peer[event.pasn_auth.num_peers]; os_memcpy(peer->own_addr, wpa_s->own_addr, ETH_ALEN); - os_memcpy(peer->peer_addr, addr, ETH_ALEN); + os_memcpy(peer->peer_addr, bssid, ETH_ALEN); event.pasn_auth.num_peers++; - pos = os_strchr(pos, ' '); - if (!pos) - break; - pos++; + } else if (os_strcmp(token, "akmp=PASN") == 0) { + peer->akmp = WPA_KEY_MGMT_PASN; +#ifdef CONFIG_IEEE80211R + } else if (os_strcmp(token, "akmp=FT-PSK") == 0) { + peer->akmp = WPA_KEY_MGMT_FT_PSK; + } else if (os_strcmp(token, "akmp=FT-EAP-SHA384") == 0) { + peer->akmp = WPA_KEY_MGMT_FT_IEEE8021X_SHA384; + } else if (os_strcmp(token, "akmp=FT-EAP") == 0) { + peer->akmp = WPA_KEY_MGMT_FT_IEEE8021X; +#endif /* CONFIG_IEEE80211R */ +#ifdef CONFIG_SAE + } else if (os_strcmp(token, "akmp=SAE") == 0) { + peer->akmp = WPA_KEY_MGMT_SAE; + wpa_printf(MSG_ERROR, "PASN: SAE akmp picked"); + } else if (os_strcmp(token, "akmp=SAE-EXT-KEY") == 0) { + peer->akmp = WPA_KEY_MGMT_SAE_EXT_KEY; +#endif /* CONFIG_SAE */ +#ifdef CONFIG_FILS + } else if (os_strcmp(token, "akmp=FILS-SHA256") == 0) { + peer->akmp = WPA_KEY_MGMT_FILS_SHA256; + } else if (os_strcmp(token, "akmp=FILS-SHA384") == 0) { + peer->akmp = WPA_KEY_MGMT_FILS_SHA384; +#endif /* CONFIG_FILS */ + } else if (os_strncmp(token, "cipher=", 7) == 0) { + peer->cipher = wpa_parse_cipher(token + 7); + } else if (os_strncmp(token, "group=", 6) == 0) { + peer->group = atoi(token + 6); + } else if (os_strncmp(token, "nid=", 4) == 0) { + peer->network_id = atoi(token + 4); + } else if (os_strncmp(token, "comeback=", 9) == 0) { + comeback_len = os_strlen(token + 9); + if (comeback || !comeback_len || comeback_len % 2) + goto out; + + comeback_len /= 2; + peer->comeback = os_malloc(comeback_len); + if (!peer->comeback || + hexstr2bin(token + 9, peer->comeback, comeback_len)) + goto out; + peer->comeback_len = comeback_len; + } else if (os_strncmp(token, "password=", 9) == 0) { + peer->password = os_strdup(token + 9); + if (!peer->password) + goto out; + } else { + wpa_printf(MSG_DEBUG, + "CTRL: PASN Invalid parameter: '%s'", + token); + goto out; + } } wpa_supplicant_event(wpa_s, EVENT_PASN_AUTH, &event); - return 0; + + ret = 0; + +out: + for (i = 0; i < event.pasn_auth.num_peers; i++) { + peer = &event.pasn_auth.peer[i]; + os_free(peer->password); + os_free(peer->comeback); + } + + return ret; } #endif /* CONFIG_TESTING_OPTIONS */ -- 2.47.2