iwd.lists.linux.dev archive mirror
 help / color / mirror / Atom feed
* [PATCH v3 01/11] wiphy: add wiphy_get_supported_ciphers
@ 2022-11-02 22:51 James Prestwood
  2022-11-02 22:51 ` [PATCH v3 02/11] ie: add group/pairwise lists of supported ciphers James Prestwood
                   ` (9 more replies)
  0 siblings, 10 replies; 12+ messages in thread
From: James Prestwood @ 2022-11-02 22:51 UTC (permalink / raw)
  To: iwd; +Cc: James Prestwood

Similar to wiphy_select_cipher but returns all supported ciphers
included in the mask rather than just one.
---
 src/wiphy.c | 5 +++++
 src/wiphy.h | 2 ++
 2 files changed, 7 insertions(+)

diff --git a/src/wiphy.c b/src/wiphy.c
index bb83f814..10514572 100644
--- a/src/wiphy.c
+++ b/src/wiphy.c
@@ -180,6 +180,11 @@ enum ie_rsn_cipher_suite wiphy_select_cipher(struct wiphy *wiphy, uint16_t mask)
 	return 0;
 }
 
+uint16_t wiphy_get_supported_ciphers(struct wiphy *wiphy, uint16_t mask)
+{
+	return wiphy->supported_ciphers & mask;
+}
+
 static bool wiphy_can_connect_sae(struct wiphy *wiphy)
 {
 	/*
diff --git a/src/wiphy.h b/src/wiphy.h
index 2c6bf86b..f8de7e0e 100644
--- a/src/wiphy.h
+++ b/src/wiphy.h
@@ -68,6 +68,8 @@ typedef void (*wiphy_destroy_func_t)(void *user_data);
 
 enum ie_rsn_cipher_suite wiphy_select_cipher(struct wiphy *wiphy,
 							uint16_t mask);
+uint16_t wiphy_get_supported_ciphers(struct wiphy *wiphy, uint16_t mask);
+
 enum ie_rsn_akm_suite wiphy_select_akm(struct wiphy *wiphy,
 					const struct scan_bss *bss,
 					enum security security,
-- 
2.34.3


^ permalink raw reply related	[flat|nested] 12+ messages in thread

* [PATCH v3 02/11] ie: add group/pairwise lists of supported ciphers
  2022-11-02 22:51 [PATCH v3 01/11] wiphy: add wiphy_get_supported_ciphers James Prestwood
@ 2022-11-02 22:51 ` James Prestwood
  2022-11-02 22:51 ` [PATCH v3 03/11] ap: add profile settings PairwiseCiphers/GroupCipher James Prestwood
                   ` (8 subsequent siblings)
  9 siblings, 0 replies; 12+ messages in thread
From: James Prestwood @ 2022-11-02 22:51 UTC (permalink / raw)
  To: iwd; +Cc: James Prestwood

The validation of these ciphers for station is done when parsing
the BSS RSNE but for AP mode there is no such validation and
potentially any supported cipher could be chosen, even if its
incompatible for the type of key.
---
 src/ie.h | 19 +++++++++++++++++++
 1 file changed, 19 insertions(+)

diff --git a/src/ie.h b/src/ie.h
index 53311854..c9a6c783 100644
--- a/src/ie.h
+++ b/src/ie.h
@@ -401,6 +401,25 @@ static inline bool IE_CIPHER_IS_GCMP_CCMP(uint32_t cipher_suite)
 				IE_RSN_CIPHER_SUITE_GCMP_256);
 }
 
+#define IE_GROUP_CIPHERS		\
+(					\
+	IE_RSN_CIPHER_SUITE_TKIP |	\
+	IE_RSN_CIPHER_SUITE_CCMP |	\
+	IE_RSN_CIPHER_SUITE_GCMP |	\
+	IE_RSN_CIPHER_SUITE_GCMP_256 |	\
+	IE_RSN_CIPHER_SUITE_CCMP_256	\
+)
+
+/*
+ * Since WEP is unsupported we can just use the group cipher list with
+ * "Use group cipher" appended
+ */
+#define IE_PAIRWISE_CIPHERS			\
+(						\
+	IE_GROUP_CIPHERS |			\
+	IE_RSN_CIPHER_SUITE_USE_GROUP_CIPHER	\
+)
+
 #define IE_LEN(ie) \
 	((ie) ? (ie)[1] + 2 : 0)
 
-- 
2.34.3


^ permalink raw reply related	[flat|nested] 12+ messages in thread

* [PATCH v3 03/11] ap: add profile settings PairwiseCiphers/GroupCipher
  2022-11-02 22:51 [PATCH v3 01/11] wiphy: add wiphy_get_supported_ciphers James Prestwood
  2022-11-02 22:51 ` [PATCH v3 02/11] ie: add group/pairwise lists of supported ciphers James Prestwood
@ 2022-11-02 22:51 ` James Prestwood
  2022-11-02 22:51 ` [PATCH v3 04/11] p2p: limit ciphers to CCMP James Prestwood
                   ` (7 subsequent siblings)
  9 siblings, 0 replies; 12+ messages in thread
From: James Prestwood @ 2022-11-02 22:51 UTC (permalink / raw)
  To: iwd; +Cc: James Prestwood

These can now be optionally provided in an AP profile and provide a
way to limit what ciphers can be chosen. This still is dependent on
what the hardware supports.
---
 src/ap.c | 89 ++++++++++++++++++++++++++++++++++++++++++++++++++++----
 1 file changed, 83 insertions(+), 6 deletions(-)

diff --git a/src/ap.c b/src/ap.c
index ba827728..44440191 100644
--- a/src/ap.c
+++ b/src/ap.c
@@ -3132,12 +3132,38 @@ static bool ap_load_psk(struct ap_state *ap, const struct l_settings *config)
 	return true;
 }
 
+/*
+ * Note: only PTK/GTK ciphers are supported here since this is all these are
+ *       used for.
+ */
+static enum ie_rsn_cipher_suite ap_string_to_cipher(const char *str)
+{
+	if (!strcmp(str, "UseGroupCipher"))
+		return IE_RSN_CIPHER_SUITE_USE_GROUP_CIPHER;
+	else if (!strcmp(str, "TKIP"))
+		return IE_RSN_CIPHER_SUITE_TKIP;
+	else if (!strcmp(str, "CCMP-128") || !strcmp(str, "CCMP"))
+		return IE_RSN_CIPHER_SUITE_CCMP;
+	else if (!strcmp(str, "GCMP-128") || !strcmp(str, "GCMP"))
+		return IE_RSN_CIPHER_SUITE_GCMP;
+	else if (!strcmp(str, "GCMP-256"))
+		return IE_RSN_CIPHER_SUITE_GCMP_256;
+	else if (!strcmp(str, "CCMP-256"))
+		return IE_RSN_CIPHER_SUITE_CCMP_256;
+	else
+		return 0;
+}
+
 static int ap_load_config(struct ap_state *ap, const struct l_settings *config,
 				bool *out_cck_rates)
 {
+	struct wiphy *wiphy = netdev_get_wiphy(ap->netdev);
 	size_t len;
 	L_AUTO_FREE_VAR(char *, strval) = NULL;
+	_auto_(l_strv_free) char **ciphers_str = NULL;
+	uint16_t cipher_mask;
 	int err;
+	int i;
 
 	strval = l_settings_get_string(config, "General", "SSID");
 	if (L_WARN_ON(!strval))
@@ -3212,6 +3238,8 @@ static int ap_load_config(struct ap_state *ap, const struct l_settings *config,
 			l_error("AP [WSC].PrimaryDeviceType format unknown");
 			return -EINVAL;
 		}
+
+		l_free(l_steal_ptr(strval));
 	} else {
 		/* Make ourselves a WFA standard PC by default */
 		ap->wsc_primary_device_type.category = 1;
@@ -3260,6 +3288,61 @@ static int ap_load_config(struct ap_state *ap, const struct l_settings *config,
 	} else
 		*out_cck_rates = true;
 
+	cipher_mask = wiphy_get_supported_ciphers(wiphy, IE_GROUP_CIPHERS);
+
+	/* If the config sets a group cipher use that directly */
+	strval = l_settings_get_string(config, "Security", "GroupCipher");
+	if (strval) {
+		enum ie_rsn_cipher_suite cipher = ap_string_to_cipher(strval);
+
+		if (!cipher || !(cipher & cipher_mask)) {
+			l_error("Unsupported or unknown group cipher %s",
+					strval);
+			return -ENOTSUP;
+		}
+
+		ap->group_cipher = cipher;
+		l_free(l_steal_ptr(strval));
+	} else {
+		/* No config override, use CCMP (or TKIP if not supported) */
+		if (cipher_mask & IE_RSN_CIPHER_SUITE_CCMP)
+			ap->group_cipher = IE_RSN_CIPHER_SUITE_CCMP;
+		else
+			ap->group_cipher = IE_RSN_CIPHER_SUITE_TKIP;
+	}
+
+	cipher_mask = wiphy_get_supported_ciphers(wiphy, IE_PAIRWISE_CIPHERS);
+
+	ciphers_str = l_settings_get_string_list(config, "Security",
+						"PairwiseCiphers", ',');
+	for (i = 0; ciphers_str && ciphers_str[i]; i++) {
+		enum ie_rsn_cipher_suite cipher =
+					ap_string_to_cipher(ciphers_str[i]);
+
+		/*
+		 * Constrain list to only values in both supported ciphers and
+		 * the cipher list provided.
+		 */
+		if (!cipher || !(cipher & cipher_mask)) {
+			l_error("Unsupported or unknown pairwise cipher %s",
+					ciphers_str[i]);
+			return -ENOTSUP;
+		}
+
+		ap->ciphers |= cipher;
+	}
+
+	if (!ap->ciphers) {
+		/*
+		 * Default behavior if no ciphers are specified, disable TKIP
+		 * for security if CCMP is available
+		 */
+		if (cipher_mask & IE_RSN_CIPHER_SUITE_CCMP)
+			cipher_mask &= ~IE_RSN_CIPHER_SUITE_TKIP;
+
+		ap->ciphers = cipher_mask;
+	}
+
 	return 0;
 }
 
@@ -3302,12 +3385,6 @@ struct ap_state *ap_start(struct netdev *netdev, struct l_settings *config,
 
 	err = -EINVAL;
 
-	/* TODO: Add all ciphers supported by wiphy */
-	ap->ciphers = wiphy_select_cipher(wiphy, IE_RSN_CIPHER_SUITE_TKIP |
-						IE_RSN_CIPHER_SUITE_CCMP);
-	ap->group_cipher = wiphy_select_cipher(wiphy,
-						IE_RSN_CIPHER_SUITE_TKIP |
-						IE_RSN_CIPHER_SUITE_CCMP);
 	ap->beacon_interval = 100;
 	ap->networks = l_queue_new();
 
-- 
2.34.3


^ permalink raw reply related	[flat|nested] 12+ messages in thread

* [PATCH v3 04/11] p2p: limit ciphers to CCMP
  2022-11-02 22:51 [PATCH v3 01/11] wiphy: add wiphy_get_supported_ciphers James Prestwood
  2022-11-02 22:51 ` [PATCH v3 02/11] ie: add group/pairwise lists of supported ciphers James Prestwood
  2022-11-02 22:51 ` [PATCH v3 03/11] ap: add profile settings PairwiseCiphers/GroupCipher James Prestwood
@ 2022-11-02 22:51 ` James Prestwood
  2022-11-02 22:51 ` [PATCH v3 05/11] doc: document PairwiseCiphers/GroupCiphers AP settings James Prestwood
                   ` (6 subsequent siblings)
  9 siblings, 0 replies; 12+ messages in thread
From: James Prestwood @ 2022-11-02 22:51 UTC (permalink / raw)
  To: iwd; +Cc: James Prestwood

The limitation of cipher selection in ap.c was done so to allow p2p to
work. Now with the ability to specify ciphers in the AP config put the
burden on p2p to limit ciphers as it needs which is only CCMP according
to the spec.
---
 src/p2p.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/src/p2p.c b/src/p2p.c
index cfd8560a..5d96e682 100644
--- a/src/p2p.c
+++ b/src/p2p.c
@@ -1273,6 +1273,9 @@ static void p2p_group_start(struct p2p_device *dev)
 	/* Enable netconfig, set maximum usable DHCP lease time */
 	l_settings_set_uint(config, "IPv4", "LeaseTime", 0x7fffffff);
 
+	l_settings_set_string(config, "Security", "PairwiseCiphers", "CCMP");
+	l_settings_set_string(config, "Security", "GroupCipher", "CCMP");
+
 	dev->capability.group_caps |= P2P_GROUP_CAP_GO;
 	dev->capability.group_caps |= P2P_GROUP_CAP_GROUP_FORMATION;
 	dev->capability.group_caps |= P2P_GROUP_CAP_IP_ALLOCATION;
-- 
2.34.3


^ permalink raw reply related	[flat|nested] 12+ messages in thread

* [PATCH v3 05/11] doc: document PairwiseCiphers/GroupCiphers AP settings
  2022-11-02 22:51 [PATCH v3 01/11] wiphy: add wiphy_get_supported_ciphers James Prestwood
                   ` (2 preceding siblings ...)
  2022-11-02 22:51 ` [PATCH v3 04/11] p2p: limit ciphers to CCMP James Prestwood
@ 2022-11-02 22:51 ` James Prestwood
  2022-11-02 22:51 ` [PATCH v3 06/11] ap: add PairwiseCiphers/GroupCipher to dbus interface James Prestwood
                   ` (5 subsequent siblings)
  9 siblings, 0 replies; 12+ messages in thread
From: James Prestwood @ 2022-11-02 22:51 UTC (permalink / raw)
  To: iwd; +Cc: James Prestwood

---
 src/iwd.ap.rst | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

diff --git a/src/iwd.ap.rst b/src/iwd.ap.rst
index 5fa23179..7b8844e7 100644
--- a/src/iwd.ap.rst
+++ b/src/iwd.ap.rst
@@ -82,6 +82,21 @@ configuration.
        Processed passphrase for this network in the form of a hex-encoded
        32-byte pre-shared key.  Either this or *Passphrase* must be present.
 
+   * - PairwiseCiphers
+     - Comma separated list of pairwise ciphers for the AP supports.
+
+       Values can include: TKIP, CCMP, GCMP, GCMP-256, CCMP-256
+
+       The underlying hardware and IWD's AP implementation must also support the
+       ciphers listed
+
+   * - GroupCipher
+     - Group cipher the AP uses
+
+       A single cipher value the AP can use as the group cipher. Values are the
+       same as pairwise ciphers and the same restrictions apply (hardware and
+       IWD implementation must support the cipher)
+
 IPv4 Network Configuration
 --------------------------
 
-- 
2.34.3


^ permalink raw reply related	[flat|nested] 12+ messages in thread

* [PATCH v3 06/11] ap: add PairwiseCiphers/GroupCipher to dbus interface
  2022-11-02 22:51 [PATCH v3 01/11] wiphy: add wiphy_get_supported_ciphers James Prestwood
                   ` (3 preceding siblings ...)
  2022-11-02 22:51 ` [PATCH v3 05/11] doc: document PairwiseCiphers/GroupCiphers AP settings James Prestwood
@ 2022-11-02 22:51 ` James Prestwood
  2022-11-03 14:25   ` Denis Kenzior
  2022-11-02 22:51 ` [PATCH v3 07/11] ap: update Frequency property on started James Prestwood
                   ` (4 subsequent siblings)
  9 siblings, 1 reply; 12+ messages in thread
From: James Prestwood @ 2022-11-02 22:51 UTC (permalink / raw)
  To: iwd; +Cc: James Prestwood

Expose these values on the DBus interface so clients can view them.
---
 src/ap.c | 73 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 73 insertions(+)

diff --git a/src/ap.c b/src/ap.c
index 44440191..33f2d1e4 100644
--- a/src/ap.c
+++ b/src/ap.c
@@ -3154,6 +3154,25 @@ static enum ie_rsn_cipher_suite ap_string_to_cipher(const char *str)
 		return 0;
 }
 
+static char *ap_ciphers_to_string(uint16_t ciphers)
+{
+	uint16_t i;
+	char **list = l_strv_new();
+	char *ret;
+
+	for (i = 0; i < 16; i++) {
+		if (!(ciphers & (1 << i)))
+			continue;
+
+		list = l_strv_append(list,
+					ie_rsn_cipher_suite_to_string(1 << i));
+	}
+
+	ret = l_strjoinv(list, ',');
+	l_strv_free(list);
+	return ret;
+}
+
 static int ap_load_config(struct ap_state *ap, const struct l_settings *config,
 				bool *out_cck_rates)
 {
@@ -3690,6 +3709,12 @@ static void ap_if_event_func(enum ap_event_type type, const void *event_data,
 		l_dbus_property_changed(dbus_get_bus(),
 					netdev_get_path(ap_if->netdev),
 					IWD_AP_INTERFACE, "Name");
+		l_dbus_property_changed(dbus_get_bus(),
+					netdev_get_path(ap_if->netdev),
+					IWD_AP_INTERFACE, "PairwiseCiphers");
+		l_dbus_property_changed(dbus_get_bus(),
+					netdev_get_path(ap_if->netdev),
+					IWD_AP_INTERFACE, "GroupCipher");
 
 		l_rtnl_set_linkmode_and_operstate(rtnl,
 					netdev_get_ifindex(ap_if->netdev),
@@ -3711,6 +3736,12 @@ static void ap_if_event_func(enum ap_event_type type, const void *event_data,
 		l_dbus_property_changed(dbus_get_bus(),
 					netdev_get_path(ap_if->netdev),
 					IWD_AP_INTERFACE, "Frequency");
+		l_dbus_property_changed(dbus_get_bus(),
+					netdev_get_path(ap_if->netdev),
+					IWD_AP_INTERFACE, "PairwiseCiphers");
+		l_dbus_property_changed(dbus_get_bus(),
+					netdev_get_path(ap_if->netdev),
+					IWD_AP_INTERFACE, "GroupCipher");
 
 		l_rtnl_set_linkmode_and_operstate(rtnl,
 					netdev_get_ifindex(ap_if->netdev),
@@ -4061,6 +4092,44 @@ static bool ap_dbus_property_get_freq(struct l_dbus *dbus,
 	return true;
 }
 
+static bool ap_dbus_property_get_pairwise(struct l_dbus *dbus,
+					struct l_dbus_message *message,
+					struct l_dbus_message_builder *builder,
+					void *user_data)
+{
+	struct ap_if_data *ap_if = user_data;
+	char *list;
+
+	if (!ap_if->ap || !ap_if->ap->started)
+		return false;
+
+	list = ap_ciphers_to_string(ap_if->ap->ciphers);
+
+	l_dbus_message_builder_append_basic(builder, 's', list);
+	l_free(list);
+
+	return true;
+}
+
+static bool ap_dbus_property_get_group(struct l_dbus *dbus,
+					struct l_dbus_message *message,
+					struct l_dbus_message_builder *builder,
+					void *user_data)
+{
+	struct ap_if_data *ap_if = user_data;
+	char *cipher;
+
+	if (!ap_if->ap || !ap_if->ap->started)
+		return false;
+
+	cipher = ap_ciphers_to_string(ap_if->ap->group_cipher);
+
+	l_dbus_message_builder_append_basic(builder, 's', cipher);
+	l_free(cipher);
+
+	return true;
+}
+
 static void ap_setup_interface(struct l_dbus_interface *interface)
 {
 	l_dbus_interface_method(interface, "Start", 0, ap_dbus_start, "",
@@ -4082,6 +4151,10 @@ static void ap_setup_interface(struct l_dbus_interface *interface)
 					ap_dbus_property_get_scanning, NULL);
 	l_dbus_interface_property(interface, "Frequency", 0, "u",
 					ap_dbus_property_get_freq, NULL);
+	l_dbus_interface_property(interface, "PairwiseCiphers", 0, "s",
+					ap_dbus_property_get_pairwise, NULL);
+	l_dbus_interface_property(interface, "GroupCipher", 0, "s",
+					ap_dbus_property_get_group, NULL);
 }
 
 static void ap_destroy_interface(void *user_data)
-- 
2.34.3


^ permalink raw reply related	[flat|nested] 12+ messages in thread

* [PATCH v3 07/11] ap: update Frequency property on started
  2022-11-02 22:51 [PATCH v3 01/11] wiphy: add wiphy_get_supported_ciphers James Prestwood
                   ` (4 preceding siblings ...)
  2022-11-02 22:51 ` [PATCH v3 06/11] ap: add PairwiseCiphers/GroupCipher to dbus interface James Prestwood
@ 2022-11-02 22:51 ` James Prestwood
  2022-11-02 22:51 ` [PATCH v3 08/11] client: add ap support for PairwiseCiphers/GroupCipher James Prestwood
                   ` (3 subsequent siblings)
  9 siblings, 0 replies; 12+ messages in thread
From: James Prestwood @ 2022-11-02 22:51 UTC (permalink / raw)
  To: iwd; +Cc: James Prestwood

This was forgotten when adding the property
---
 src/ap.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/src/ap.c b/src/ap.c
index 33f2d1e4..9c82a545 100644
--- a/src/ap.c
+++ b/src/ap.c
@@ -3709,6 +3709,9 @@ static void ap_if_event_func(enum ap_event_type type, const void *event_data,
 		l_dbus_property_changed(dbus_get_bus(),
 					netdev_get_path(ap_if->netdev),
 					IWD_AP_INTERFACE, "Name");
+		l_dbus_property_changed(dbus_get_bus(),
+					netdev_get_path(ap_if->netdev),
+					IWD_AP_INTERFACE, "Frequency");
 		l_dbus_property_changed(dbus_get_bus(),
 					netdev_get_path(ap_if->netdev),
 					IWD_AP_INTERFACE, "PairwiseCiphers");
-- 
2.34.3


^ permalink raw reply related	[flat|nested] 12+ messages in thread

* [PATCH v3 08/11] client: add ap support for PairwiseCiphers/GroupCipher
  2022-11-02 22:51 [PATCH v3 01/11] wiphy: add wiphy_get_supported_ciphers James Prestwood
                   ` (5 preceding siblings ...)
  2022-11-02 22:51 ` [PATCH v3 07/11] ap: update Frequency property on started James Prestwood
@ 2022-11-02 22:51 ` James Prestwood
  2022-11-02 22:51 ` [PATCH v3 09/11] auto-t: add proper AccessPoint object class James Prestwood
                   ` (2 subsequent siblings)
  9 siblings, 0 replies; 12+ messages in thread
From: James Prestwood @ 2022-11-02 22:51 UTC (permalink / raw)
  To: iwd; +Cc: James Prestwood

---
 client/ap.c | 64 +++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 64 insertions(+)

diff --git a/client/ap.c b/client/ap.c
index 4ce727de..f444a12c 100644
--- a/client/ap.c
+++ b/client/ap.c
@@ -37,6 +37,8 @@ struct ap {
 	char *name;
 	bool scanning;
 	uint32_t freq;
+	char *pairwise;
+	char *group;
 };
 
 static void *ap_create(void)
@@ -51,6 +53,12 @@ static void ap_destroy(void *data)
 	if (ap->name)
 		l_free(ap->name);
 
+	if (ap->pairwise)
+		l_free(ap->pairwise);
+
+	if (ap->group)
+		l_free(ap->group);
+
 	l_free(ap);
 }
 
@@ -151,11 +159,67 @@ static const char *get_freq_tostr(const void *data)
 	return str;
 }
 
+static void update_pairwise(void *data, struct l_dbus_message_iter *variant)
+{
+	struct ap *ap = data;
+	char *value;
+
+	if (ap->pairwise)
+		l_free(ap->pairwise);
+
+	if (!l_dbus_message_iter_get_variant(variant, "s", &value)) {
+		ap->pairwise = NULL;
+
+		return;
+	}
+
+	ap->pairwise = l_strdup(value);
+}
+
+static const char *get_pairwise_tostr(const void *data)
+{
+	const struct ap *ap = data;
+
+	if (!ap->pairwise)
+		return "";
+
+	return ap->pairwise;
+}
+
+static void update_group(void *data, struct l_dbus_message_iter *variant)
+{
+	struct ap *ap = data;
+	char *value;
+
+	if (ap->group)
+		l_free(ap->group);
+
+	if (!l_dbus_message_iter_get_variant(variant, "s", &value)) {
+		ap->group = NULL;
+
+		return;
+	}
+
+	ap->group = l_strdup(value);
+}
+
+static const char *get_group_tostr(const void *data)
+{
+	const struct ap *ap = data;
+
+	if (!ap->group)
+		return "";
+
+	return ap->group;
+}
+
 static const struct proxy_interface_property ap_properties[] = {
 	{ "Started",  "b", update_started,  get_started_tostr },
 	{ "Name",     "s", update_name, get_name_tostr },
 	{ "Scanning", "b", update_scanning, get_scanning_tostr },
 	{ "Frequency", "u", update_freq, get_freq_tostr },
+	{ "PairwiseCiphers", "s", update_pairwise, get_pairwise_tostr },
+	{ "GroupCipher", "s", update_group, get_group_tostr },
 	{ }
 };
 
-- 
2.34.3


^ permalink raw reply related	[flat|nested] 12+ messages in thread

* [PATCH v3 09/11] auto-t: add proper AccessPoint object class
  2022-11-02 22:51 [PATCH v3 01/11] wiphy: add wiphy_get_supported_ciphers James Prestwood
                   ` (6 preceding siblings ...)
  2022-11-02 22:51 ` [PATCH v3 08/11] client: add ap support for PairwiseCiphers/GroupCipher James Prestwood
@ 2022-11-02 22:51 ` James Prestwood
  2022-11-02 22:51 ` [PATCH v3 10/11] auto-t: test AP fails to start with unsupported ciphers James Prestwood
  2022-11-02 22:51 ` [PATCH v3 11/11] auto-t: add AP test for all pairwise/group cipher combos James Prestwood
  9 siblings, 0 replies; 12+ messages in thread
From: James Prestwood @ 2022-11-02 22:51 UTC (permalink / raw)
  To: iwd; +Cc: James Prestwood

The AP mode device APIs were hacked together and only able to start
stop an AP. Now that the AP interface has more functionality its
best to use the DBus class template to access the full AP interface
capabilities.
---
 autotests/util/iwd.py | 101 ++++++++++++++++++++++++++++++++++++++----
 1 file changed, 93 insertions(+), 8 deletions(-)

diff --git a/autotests/util/iwd.py b/autotests/util/iwd.py
index 9e96382a..98b9ea1c 100755
--- a/autotests/util/iwd.py
+++ b/autotests/util/iwd.py
@@ -299,6 +299,69 @@ class DeviceProvisioning(IWDDBusAbstract):
     def role(self):
         return self._properties['Role']
 
+class AccessPointDevice(IWDDBusAbstract):
+    '''
+        Class represents net.connman.iwd.AccessPoint
+    '''
+    _iface_name = IWD_AP_INTERFACE
+
+    def start(self, ssid, psk):
+        self._iface.Start(ssid, psk, reply_handler=self._success,
+                                        error_handler=self._failure)
+        self._wait_for_async_op()
+
+        IWD._wait_for_object_condition(self, 'obj.started == True')
+
+    def start_profile(self, ssid):
+        self._iface.StartProfile(ssid, reply_handler=self._success,
+                                        error_handler=self._failure)
+        self._wait_for_async_op()
+
+        IWD._wait_for_object_condition(self, 'obj.started == True')
+
+    def stop(self):
+        self._iface.Stop(reply_handler=self._success,
+                            error_handler=self._failure)
+        self._wait_for_async_op()
+
+        IWD._wait_for_object_condition(self, 'obj.started == False')
+
+    def scan(self):
+        self._iface.Scan(reply_handler=self._success,
+                                        error_handler=self._failure)
+        self._wait_for_async_op()
+
+        IWD._wait_for_object_condition(self, 'obj.scanning == True')
+        IWD._wait_for_object_condition(self, 'obj.scanning == False')
+
+    def get_ordered_networks(self):
+        return self._iface.GetOrderedNetworks()
+
+    @property
+    def started(self):
+        return self._properties['Started']
+
+    @property
+    def name(self):
+        return self._properties['Name']
+
+    @property
+    def scanning(self):
+        return self._properties['Scanning']
+
+    @property
+    def frequency(self):
+        return self._properties['Frequency']
+
+    @property
+    def pairwise_ciphers(self):
+        return self._properties['PairwiseCiphers']
+
+    @property
+    def group_cipher(self):
+        return self._properties['GroupCipher']
+
+
 class Device(IWDDBusAbstract):
     '''
         Class represents a network device object: net.connman.iwd.Device
@@ -312,6 +375,7 @@ class Device(IWDDBusAbstract):
         self._station_props = None
         self._station_debug_obj = None
         self._dpp_obj = None
+        self._ap_obj = None
 
         IWDDBusAbstract.__init__(self, *args, **kwargs)
 
@@ -354,6 +418,17 @@ class Device(IWDDBusAbstract):
 
         return self._station_debug_obj
 
+    @property
+    def _ap(self):
+        if self._properties['Mode'] != 'ap':
+            self._prop_proxy.Set(IWD_DEVICE_INTERFACE, 'Mode', 'ap')
+
+        if self._ap_obj is None:
+            self._ap_obj = AccessPointDevice(object_path=self._object_path,
+                                                namespace=self._namespace)
+
+        return self._ap_obj
+
     def _station_properties(self):
         if self._station_props is not None:
             return self._station_props
@@ -605,20 +680,30 @@ class Device(IWDDBusAbstract):
         except Exception as e:
             raise _convert_dbus_ex(e)
 
-        self._ap_iface = dbus.Interface(self._bus.get_object(IWD_SERVICE,
-                                            self.device_path),
-                                            IWD_AP_INTERFACE)
         if psk:
-            self._ap_iface.Start(ssid, psk, reply_handler=self._success,
-                                    error_handler=self._failure)
+            self._ap.start(ssid, psk)
         else:
-            self._ap_iface.StartProfile(ssid, reply_handler=self._success,
-                                    error_handler=self._failure)
-        self._wait_for_async_op()
+            self._ap.start_profile(ssid)
 
     def stop_ap(self):
         self._prop_proxy.Set(IWD_DEVICE_INTERFACE, 'Mode', 'station')
 
+        IWD._wait_for_object_condition(self, "obj._properties['Mode'] == 'station'")
+
+    @property
+    def group_cipher(self):
+        if self._properties['Mode'] != 'ap':
+            raise Exception('group_cipher only supported in AP mode')
+
+        return self._ap.group_cipher
+
+    @property
+    def pairwise_ciphers(self):
+        if self._properties['Mode'] != 'ap':
+            raise Exception('pairwise_cipher only supported in AP mode')
+
+        return self._ap.pairwise_ciphers
+
     def connect_hidden_network(self, name):
         '''Connect to a hidden network
            Possible exception: BusyEx
-- 
2.34.3


^ permalink raw reply related	[flat|nested] 12+ messages in thread

* [PATCH v3 10/11] auto-t: test AP fails to start with unsupported ciphers
  2022-11-02 22:51 [PATCH v3 01/11] wiphy: add wiphy_get_supported_ciphers James Prestwood
                   ` (7 preceding siblings ...)
  2022-11-02 22:51 ` [PATCH v3 09/11] auto-t: add proper AccessPoint object class James Prestwood
@ 2022-11-02 22:51 ` James Prestwood
  2022-11-02 22:51 ` [PATCH v3 11/11] auto-t: add AP test for all pairwise/group cipher combos James Prestwood
  9 siblings, 0 replies; 12+ messages in thread
From: James Prestwood @ 2022-11-02 22:51 UTC (permalink / raw)
  To: iwd; +Cc: James Prestwood

If the profile lists unsupported ciphers it should fail to start with
NotSupported.
---
 autotests/testAP-no-support/TestAP2.ap         |  3 +++
 autotests/testAP-no-support/connection_test.py | 15 ++++++++++++++-
 2 files changed, 17 insertions(+), 1 deletion(-)
 create mode 100644 autotests/testAP-no-support/TestAP2.ap

diff --git a/autotests/testAP-no-support/TestAP2.ap b/autotests/testAP-no-support/TestAP2.ap
new file mode 100644
index 00000000..32a242ea
--- /dev/null
+++ b/autotests/testAP-no-support/TestAP2.ap
@@ -0,0 +1,3 @@
+[Security]
+Passphrase=secret123
+PairwiseCiphers=CCMP
diff --git a/autotests/testAP-no-support/connection_test.py b/autotests/testAP-no-support/connection_test.py
index 9e5dccbb..d7a13f51 100644
--- a/autotests/testAP-no-support/connection_test.py
+++ b/autotests/testAP-no-support/connection_test.py
@@ -26,6 +26,9 @@ class Test(unittest.TestCase):
 
         dev_ap.start_ap('TestAP2', 'Password2')
 
+        self.assertTrue(dev_ap.group_cipher == 'TKIP')
+        self.assertTrue(dev_ap.pairwise_ciphers == 'TKIP')
+
         ordered_network = dev_sta.get_ordered_network('TestAP2')
 
         if ordered_network.type != NetworkType.psk:
@@ -41,9 +44,19 @@ class Test(unittest.TestCase):
 
         wd.unregister_psk_agent(psk_agent)
 
+    def test_no_ccmp_support(self):
+        wd = IWD(True)
+
+        dev = wd.list_devices(2)[1]
+
+        # Should fail to start since the radio doesn't support CCMP but the
+        # profile only lists CCMP as allowed.
+        with self.assertRaises(iwd.NotSupportedEx):
+            dev.start_ap('TestAP2')
+
     @classmethod
     def setUpClass(cls):
-        pass
+        IWD.copy_to_ap('TestAP2.ap')
 
     @classmethod
     def tearDownClass(cls):
-- 
2.34.3


^ permalink raw reply related	[flat|nested] 12+ messages in thread

* [PATCH v3 11/11] auto-t: add AP test for all pairwise/group cipher combos
  2022-11-02 22:51 [PATCH v3 01/11] wiphy: add wiphy_get_supported_ciphers James Prestwood
                   ` (8 preceding siblings ...)
  2022-11-02 22:51 ` [PATCH v3 10/11] auto-t: test AP fails to start with unsupported ciphers James Prestwood
@ 2022-11-02 22:51 ` James Prestwood
  9 siblings, 0 replies; 12+ messages in thread
From: James Prestwood @ 2022-11-02 22:51 UTC (permalink / raw)
  To: iwd; +Cc: James Prestwood

Iterates through every possible cipher combination and verifies the
AP can authenticate the clients.
---
 autotests/testAP/TestAP2.ap         |  2 ++
 autotests/testAP/connection_test.py | 36 +++++++++++++++++++++++++----
 2 files changed, 33 insertions(+), 5 deletions(-)
 create mode 100644 autotests/testAP/TestAP2.ap

diff --git a/autotests/testAP/TestAP2.ap b/autotests/testAP/TestAP2.ap
new file mode 100644
index 00000000..27f086cb
--- /dev/null
+++ b/autotests/testAP/TestAP2.ap
@@ -0,0 +1,2 @@
+[Security]
+Passphrase=Password2
diff --git a/autotests/testAP/connection_test.py b/autotests/testAP/connection_test.py
index dff415e7..53dcfaba 100644
--- a/autotests/testAP/connection_test.py
+++ b/autotests/testAP/connection_test.py
@@ -1,6 +1,7 @@
 #! /usr/bin/python3
 
 import unittest
+import os
 
 from iwd import IWD
 from config import ctx
@@ -8,6 +9,8 @@ from validation import validate, client_connect
 
 class Test(unittest.TestCase):
     def test_connection_success(self):
+        IWD.copy_to_storage('TestAP1.psk')
+
         wd = IWD(True)
 
         dev1, dev2 = wd.list_devices(2)
@@ -22,6 +25,8 @@ class Test(unittest.TestCase):
         client_connect(wd, dev1, 'TestAP1')
 
     def test_client_start_ap(self):
+        IWD.copy_to_storage('TestAP1.psk')
+
         wd = IWD(True)
 
         dev1, dev2 = wd.list_devices(2)
@@ -39,12 +44,33 @@ class Test(unittest.TestCase):
 
         validate(wd, dev2, dev1, 'TestAP2', 'Password2')
 
-    @classmethod
-    def setUpClass(cls):
-        IWD.copy_to_storage('TestAP1.psk')
+    def test_valid_ciphers(self):
+        ciphers = ['TKIP', 'CCMP-128', 'GCMP-128', 'CCMP-256', 'GCMP-256']
+
+        for group in ciphers:
+            for pairwise in ciphers:
+                IWD.copy_to_ap('TestAP2.ap')
+                os.system('echo "PairwiseCiphers=%s" >> /tmp/iwd/ap/TestAP2.ap' % pairwise)
+                os.system('echo "GroupCipher=%s" >> /tmp/iwd/ap/TestAP2.ap' % group)
+
+                wd = IWD(True)
+
+                dev1, dev2 = wd.list_devices(2)
+
+                dev1.start_ap('TestAP2')
+
+                self.assertTrue(dev1.group_cipher == group)
+                self.assertTrue(dev1.pairwise_ciphers == pairwise)
+
+                try:
+                    validate(wd, dev2, dev1, 'TestAP2', 'Password2', ip_checks=False)
+                except:
+                    raise Exception("Failed with pairwise=%s group=%s" % (pairwise, group))
+                finally:
+                    IWD.clear_storage()
+                    del wd
 
-    @classmethod
-    def tearDownClass(cls):
+    def tearDown(self):
         IWD.clear_storage()
 
 if __name__ == '__main__':
-- 
2.34.3


^ permalink raw reply related	[flat|nested] 12+ messages in thread

* Re: [PATCH v3 06/11] ap: add PairwiseCiphers/GroupCipher to dbus interface
  2022-11-02 22:51 ` [PATCH v3 06/11] ap: add PairwiseCiphers/GroupCipher to dbus interface James Prestwood
@ 2022-11-03 14:25   ` Denis Kenzior
  0 siblings, 0 replies; 12+ messages in thread
From: Denis Kenzior @ 2022-11-03 14:25 UTC (permalink / raw)
  To: James Prestwood, iwd

Hi James,

On 11/2/22 17:51, James Prestwood wrote:
> Expose these values on the DBus interface so clients can view them.
> ---
>   src/ap.c | 73 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++
>   1 file changed, 73 insertions(+)
> 

This set is missing the API documentation update for these properties.

I went ahead and applied all 13 patches in this series.

Regards,
-Denis


^ permalink raw reply	[flat|nested] 12+ messages in thread

end of thread, other threads:[~2022-11-03 14:25 UTC | newest]

Thread overview: 12+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-11-02 22:51 [PATCH v3 01/11] wiphy: add wiphy_get_supported_ciphers James Prestwood
2022-11-02 22:51 ` [PATCH v3 02/11] ie: add group/pairwise lists of supported ciphers James Prestwood
2022-11-02 22:51 ` [PATCH v3 03/11] ap: add profile settings PairwiseCiphers/GroupCipher James Prestwood
2022-11-02 22:51 ` [PATCH v3 04/11] p2p: limit ciphers to CCMP James Prestwood
2022-11-02 22:51 ` [PATCH v3 05/11] doc: document PairwiseCiphers/GroupCiphers AP settings James Prestwood
2022-11-02 22:51 ` [PATCH v3 06/11] ap: add PairwiseCiphers/GroupCipher to dbus interface James Prestwood
2022-11-03 14:25   ` Denis Kenzior
2022-11-02 22:51 ` [PATCH v3 07/11] ap: update Frequency property on started James Prestwood
2022-11-02 22:51 ` [PATCH v3 08/11] client: add ap support for PairwiseCiphers/GroupCipher James Prestwood
2022-11-02 22:51 ` [PATCH v3 09/11] auto-t: add proper AccessPoint object class James Prestwood
2022-11-02 22:51 ` [PATCH v3 10/11] auto-t: test AP fails to start with unsupported ciphers James Prestwood
2022-11-02 22:51 ` [PATCH v3 11/11] auto-t: add AP test for all pairwise/group cipher combos James Prestwood

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).