Project

General

Profile

Feature #1095 ยป eap-ttls-20110817.diff

First try at ON integration, minus wpad changes. - Albert Lee, 2011-08-17 11:45 PM

View differences:

usr/src/cmd/cmd-inet/lib/nwamd/ncu_phys.c
301 301
	nlog(LOG_DEBUG, "after: key_string_to_secobj_value: buf_len = %d",
302 302
	    buf_len);
303 303

  
304
	if (class == DLADM_SECOBJ_CLASS_WPA) {
304
	switch (class) {
305
	case DLADM_SECOBJ_CLASS_WPA:
305 306
		/*
306 307
		 * Per IEEE802.11i spec, the Pre-shared key (PSK) length should
307 308
		 * be between 8 and 63.
......
314 315
		}
315 316
		(void) memcpy(obj_val, buf, (uint_t)buf_len);
316 317
		*obj_lenp = buf_len;
317
		return (0);
318
	}
319

  
320
	switch (buf_len) {
321
	case 5:		/* ASCII key sizes */
322
	case 13:
323
		(void) memcpy(obj_val, buf, (uint_t)buf_len);
324
		*obj_lenp = (uint_t)buf_len;
325 318
		break;
326
	case 10:
327
	case 26:	/* Hex key sizes, not preceded by 0x */
328
		if (hexascii_to_octet(buf, (uint_t)buf_len, obj_val, obj_lenp)
329
		    != 0) {
330
			nlog(LOG_ERR,
331
			    "key_string_to_secobj_value: invalid WEP key");
319
	case DLADM_SECOBJ_CLASS_WEP:
320
		switch (buf_len) {
321
		case 5:		/* ASCII key sizes */
322
		case 13:
323
			(void) memcpy(obj_val, buf, (uint_t)buf_len);
324
			*obj_lenp = (uint_t)buf_len;
325
			break;
326
		case 10:
327
		case 26:	/* Hex key sizes, not preceded by 0x */
328
			if (hexascii_to_octet(buf, (uint_t)buf_len, obj_val,
329
			    obj_lenp) != 0) {
330
				nlog(LOG_ERR,
331
				    "key_string_to_secobj_value:"
332
				    " invalid WEP key");
333
				return (-1);
334
			}
335
			break;
336
		case 12:
337
		case 28:	/* Hex key sizes, preceded by 0x */
338
			if (strncmp(buf, "0x", 2) != 0 ||
339
			    hexascii_to_octet(buf + 2, (uint_t)buf_len - 2,
340
			    obj_val, obj_lenp) != 0) {
341
				nlog(LOG_ERR,
342
				    "key_string_to_secobj_value:"
343
				    " invalid WEP key");
344
				return (-1);
345
			}
346
			break;
347
		default:
348
			syslog(LOG_ERR,
349
			    "key_string_to_secobj_value:"
350
			    " invalid WEP key length");
332 351
			return (-1);
333 352
		}
334 353
		break;
335
	case 12:
336
	case 28:	/* Hex key sizes, preceded by 0x */
337
		if (strncmp(buf, "0x", 2) != 0 ||
338
		    hexascii_to_octet(buf + 2, (uint_t)buf_len - 2, obj_val,
339
		    obj_lenp) != 0) {
354
	case DLADM_SECOBJ_CLASS_WPA_ENTERPRISE:
355
		if (buf_len > *obj_lenp) {
340 356
			nlog(LOG_ERR,
341
			    "key_string_to_secobj_value: invalid WEP key");
357
			    "key_string_to_secobj_value:"
358
			    " invalid WPA key length: buf_len = %d (max %i)",
359
			    buf_len, *obj_lenp);
342 360
			return (-1);
343 361
		}
362
		(void) memcpy(obj_val, buf, (uint_t)buf_len);
363
		*obj_lenp = buf_len;
344 364
		break;
345
	default:
346
		syslog(LOG_ERR,
347
		    "key_string_to_secobj_value: invalid WEP key length");
348
		return (-1);
349 365
	}
350 366
	return (0);
351 367
}
......
426 442
	 */
427 443
	nwamd_set_key_name(essid, bssid, obj_name, sizeof (obj_name));
428 444
	nlog(LOG_DEBUG, "store_key: obj_name is %s", obj_name);
429

  
430
	class = (security_mode == DLADM_WLAN_SECMODE_WEP ?
431
	    DLADM_SECOBJ_CLASS_WEP : DLADM_SECOBJ_CLASS_WPA);
445
	
446
	switch (security_mode) {
447
		case DLADM_WLAN_SECMODE_WEP:
448
			class = DLADM_SECOBJ_CLASS_WEP;
449
			break;
450
		case DLADM_WLAN_SECMODE_WPA:
451
			class = DLADM_SECOBJ_CLASS_WPA;
452
			break;
453
		case DLADM_WLAN_SECMODE_WPA_ENTERPRISE:
454
			class = DLADM_SECOBJ_CLASS_WPA_ENTERPRISE;
455
			break;
456
		default:
457
			break;
458
	}
432 459
	if (key_string_to_secobj_value(raw_key, obj_val, &obj_len,
433 460
	    class) != 0) {
434 461
		/* above function logs internally on failure */
......
577 604
			if (security_mode == DLADM_WLAN_SECMODE_WPA)
578 605
				return (cooked_key);
579 606
			break;
607
		case DLADM_SECOBJ_CLASS_WPA_ENTERPRISE:
608
			if (security_mode ==
609
			    DLADM_WLAN_SECMODE_WPA_ENTERPRISE ||
610
			    security_mode == DLADM_WLAN_SECMODE_WPA)
611
				return (cooked_key);
612
			break;
580 613
		default:
581 614
			/* shouldn't happen */
582 615
			nlog(LOG_ERR, "nwamd_wlan_get_key: invalid class %d",
usr/src/lib/libdladm/common/libdllink.h
81 81
 */
82 82
#define	DLADM_PROP_VAL_MAX	128
83 83

  
84
#define		DLADM_SECOBJ_CLASS_WEP	0
85
#define		DLADM_SECOBJ_CLASS_WPA	1
84
#define		DLADM_SECOBJ_CLASS_WEP			0
85
#define		DLADM_SECOBJ_CLASS_WPA			1
86
#define		DLADM_SECOBJ_CLASS_WPA_ENTERPRISE	2
86 87
typedef int	dladm_secobj_class_t;
87 88

  
88 89
typedef int (dladm_walkcb_t)(const char *, void *);
usr/src/lib/libdladm/common/libdlwlan.c
44 44
#include <net/wpa.h>
45 45

  
46 46
static dladm_status_t	wpa_instance_create(dladm_handle_t, datalink_id_t,
47
			    void *);
47
			    void *, dladm_wlan_essid_t* essid);
48 48
static dladm_status_t	wpa_instance_delete(dladm_handle_t, datalink_id_t);
49 49

  
50 50
static dladm_status_t 	do_get_bsstype(dladm_handle_t, datalink_id_t, void *,
......
520 520
		goto fail;
521 521
	}
522 522

  
523
	if ((status = do_set_essid(handle, linkid, &essid)) != DLADM_STATUS_OK)
524
		goto fail;
525

  
526 523
	/*
527 524
	 * Because wpa daemon needs getting essid from driver,
528 525
	 * we need call do_set_essid() first, then call wpa_instance_create().
529 526
	 */
530 527
	if (secmode == DLADM_WLAN_SECMODE_WPA && keys != NULL)
531
		(void) wpa_instance_create(handle, linkid, keys);
528
		(void) wpa_instance_create(handle, linkid, keys, &essid);
529
	else
530
		if ((status = do_set_essid(handle, linkid, &essid)) !=
531
		    DLADM_STATUS_OK)
532
			goto fail;
532 533

  
533 534
	start = gethrtime();
534 535
	for (;;) {
......
1191 1192
}
1192 1193

  
1193 1194
static dladm_status_t
1194
do_get_bssid(dladm_handle_t handle, datalink_id_t linkid, void *buf, int buflen)
1195
do_get_bssid(dladm_handle_t handle, datalink_id_t linkid, void *buf,
1196
    int buflen)
1195 1197
{
1196 1198
	return (i_dladm_wlan_param(handle, linkid, buf, MAC_PROP_WL_BSSID,
1197 1199
	    buflen, B_FALSE));
1198 1200
}
1199 1201

  
1200 1202
static dladm_status_t
1201
do_get_essid(dladm_handle_t handle, datalink_id_t linkid, void *buf, int buflen)
1203
do_get_essid(dladm_handle_t handle, datalink_id_t linkid, void *buf,
1204
    int buflen)
1202 1205
{
1203 1206
	return (i_dladm_wlan_param(handle, linkid, buf, MAC_PROP_WL_ESSID,
1204 1207
	    buflen, B_FALSE));
......
1919 1922
}
1920 1923

  
1921 1924
static dladm_status_t
1922
wpa_instance_create(dladm_handle_t handle, datalink_id_t linkid, void *key)
1925
wpa_instance_create(dladm_handle_t handle, datalink_id_t linkid, void *key,
1926
    dladm_wlan_essid_t* essid)
1923 1927
{
1924 1928
	dladm_status_t	status = DLADM_STATUS_FAILED;
1925 1929
	char		*command = NULL;
......
1935 1939
	if (status != DLADM_STATUS_OK)
1936 1940
		goto out;
1937 1941

  
1938
	size = strlen(instance_name) + strlen(" -i  -k ") + strlen(wk_name) + 1;
1942
	size = strlen(instance_name) + strlen(" -i  -k  -B -s ") +
1943
	    strlen(wk_name) + strlen(essid->we_bytes) + 1;
1939 1944
	command = malloc(size);
1940 1945
	if (command == NULL) {
1941 1946
		status = DLADM_STATUS_NOMEM;
1942 1947
		goto out;
1943 1948
	}
1944
	(void) snprintf(command, size, "-i %s -k %s", instance_name, wk_name);
1949
	(void) snprintf(command, size, "-i %s -k %s -B -s %s", instance_name,
1950
	    wk_name, essid->we_bytes);
1945 1951

  
1946 1952
	status = create_instance(instance_name, command);
1947 1953
	if (status == DLADM_STATUS_EXIST) {
usr/src/lib/libdladm/common/libdlwlan.h
52 52
#define	DLADM_WLAN_WPA_KEY_LEN		32	/* per 802.11i spec */
53 53
#define	DLADM_WLAN_MAX_WPA_IE_LEN	40	/* per 802.11i spec */
54 54

  
55
#define	DLADM_WLAN_CONNECT_TIMEOUT_DEFAULT	10
55
#define	DLADM_WLAN_CONNECT_TIMEOUT_DEFAULT	20
56 56
#define	DLADM_WLAN_CONNECT_CREATEIBSS		0x00000001
57 57
#define	DLADM_WLAN_CONNECT_NOSCAN		0x00000002
58 58

  
......
95 95
typedef enum {
96 96
	DLADM_WLAN_SECMODE_NONE = 1,
97 97
	DLADM_WLAN_SECMODE_WEP,
98
	DLADM_WLAN_SECMODE_WPA
98
	DLADM_WLAN_SECMODE_WPA,
99
	DLADM_WLAN_SECMODE_WPA_ENTERPRISE
99 100
} dladm_wlan_secmode_t;
100 101

  
101 102
typedef enum {
......
173 174
#define	DLADM_WLAN_MAX_KEY_LEN		64	/* per WEP/WPA spec */
174 175
#define	DLADM_WLAN_MAX_WEPKEYS		4 	/* MAX_NWEPKEYS */
175 176
#define	DLADM_WLAN_MAX_KEYNAME_LEN	64
177
#define DLADM_SECOBJ_VAL_MAX	256 /* should be kept the same as in libdllink.h (include it ?) */
178

  
176 179
typedef struct dladm_wlan_key {
177 180
	uint_t		wk_idx;
178 181
	uint_t		wk_len;
179
	uint8_t		wk_val[DLADM_WLAN_MAX_KEY_LEN];
182
	uint8_t		wk_val[DLADM_SECOBJ_VAL_MAX];
180 183
	char		wk_name[DLADM_WLAN_MAX_KEYNAME_LEN];
181 184
	uint_t		wk_class;
182 185
} dladm_wlan_key_t;
usr/src/lib/libdladm/common/secobj.c
52 52

  
53 53
static secobj_class_info_t secobj_class_table[] = {
54 54
	{"wep",	DLD_SECOBJ_CLASS_WEP},
55
	{"wpa",	DLD_SECOBJ_CLASS_WPA}
55
	{"wpa",	DLD_SECOBJ_CLASS_WPA},
56
	{"wpa-enterprise", DLD_SECOBJ_CLASS_WPA_ENTERPRISE}
56 57
};
57 58

  
58 59
#define	SECOBJ_MAXBUFSZ	65536
usr/src/lib/libnwam/common/libnwam.h
481 481
#define	NWAM_KNOWN_WLAN_PROP_KEYNAME		"keyname"
482 482
#define	NWAM_KNOWN_WLAN_PROP_KEYSLOT		"keyslot"
483 483
#define	NWAM_KNOWN_WLAN_PROP_SECURITY_MODE	"security-mode"
484
#define	NWAM_KNOWN_WLAN_PROP_WPA_EAP_MODE	"wpa-eap-mode"
485
#define	NWAM_KNOWN_WLAN_PROP_WPA_EAP_TTLS_MODE	"wpa-eap-ttls-mode"
486
#define NWAM_KNOWN_WLAN_PROP_WPA_CERT_FILE	"wpa-cert-file"
487
#define NWAM_KNOWN_WLAN_PROP_WPA_USERNAME	"wpa-username"
484 488

  
485 489
/*
486 490
 * Location Functions
usr/src/lib/libnwam/common/libnwam_known_wlan.c
50 50
static nwam_error_t valid_keyname(nwam_value_t);
51 51
static nwam_error_t valid_keyslot(nwam_value_t);
52 52
static nwam_error_t valid_secmode(nwam_value_t);
53
static nwam_error_t valid_wpa_eap(nwam_value_t);
54
static nwam_error_t valid_wpa_eap_ttls(nwam_value_t value);
53 55

  
54 56
struct nwam_prop_table_entry known_wlan_prop_table_entries[] = {
55 57
	{NWAM_KNOWN_WLAN_PROP_PRIORITY, NWAM_VALUE_TYPE_UINT64, B_FALSE,
......
72 74
	{NWAM_KNOWN_WLAN_PROP_SECURITY_MODE, NWAM_VALUE_TYPE_UINT64, B_FALSE,
73 75
	    0, 1, valid_secmode,
74 76
	    "specifies security mode used for known WLAN",
77
	    NWAM_TYPE_ANY, NWAM_CLASS_ANY},
78
	{NWAM_KNOWN_WLAN_PROP_WPA_EAP_MODE, NWAM_VALUE_TYPE_UINT64, B_FALSE,
79
	    0, 1, valid_wpa_eap,
80
	    "specifies EAP mode used for known WLAN",
81
	    NWAM_TYPE_ANY, NWAM_CLASS_ANY},
82
	{NWAM_KNOWN_WLAN_PROP_WPA_EAP_TTLS_MODE, NWAM_VALUE_TYPE_UINT64,
83
	    B_FALSE, 0, 1, valid_wpa_eap_ttls,
84
	    "specifies EAP-TTLS mode used for known WLAN",
85
	    NWAM_TYPE_ANY, NWAM_CLASS_ANY},
86
	{NWAM_KNOWN_WLAN_PROP_WPA_USERNAME, NWAM_VALUE_TYPE_STRING, B_FALSE,
87
	    0, 1, NULL,
88
	    "specifies wpa username used for known WLAN",
89
	    NWAM_TYPE_ANY, NWAM_CLASS_ANY},
90
	{NWAM_KNOWN_WLAN_PROP_WPA_CERT_FILE, NWAM_VALUE_TYPE_STRING, B_FALSE,
91
	    0, 1, NULL,
92
	    "specifies cert file used for known WLAN",
75 93
	    NWAM_TYPE_ANY, NWAM_CLASS_ANY}
94
	
76 95
};
77 96

  
78 97
#define	NWAM_NUM_KNOWN_WLAN_PROPS	\
......
530 549

  
531 550
	if (secmode != DLADM_WLAN_SECMODE_NONE &&
532 551
	    secmode != DLADM_WLAN_SECMODE_WEP &&
533
	    secmode != DLADM_WLAN_SECMODE_WPA)
552
	    secmode != DLADM_WLAN_SECMODE_WPA &&
553
	    secmode != DLADM_WLAN_SECMODE_WPA_ENTERPRISE)
554
		return (NWAM_ENTITY_INVALID_VALUE);
555

  
556
	return (NWAM_SUCCESS);
557
}
558

  
559
static nwam_error_t
560
valid_wpa_eap(nwam_value_t value)
561
{
562
	uint64_t eap_method;
563

  
564
	if (nwam_value_get_uint64(value, &eap_method) != NWAM_SUCCESS)
565
		return (NWAM_ENTITY_INVALID_VALUE);
566

  
567
	if (eap_method != NWAMUI_WIFI_WPA_CONFIG_LEAP &&
568
	    eap_method != NWAMUI_WIFI_WPA_CONFIG_PEAP &&
569
	    eap_method != NWAMUI_WIFI_WPA_CONFIG_EAP_TTLS)
570
		return (NWAM_ENTITY_INVALID_VALUE);
571

  
572
	return (NWAM_SUCCESS);
573
}
574

  
575
static nwam_error_t
576
valid_wpa_eap_ttls(nwam_value_t value)
577
{
578
	uint64_t eap_ttls_method;
579

  
580
	if (nwam_value_get_uint64(value, &eap_ttls_method) != NWAM_SUCCESS)
581
		return (NWAM_ENTITY_INVALID_VALUE);
582

  
583
	if (eap_ttls_method != NWAMUI_WIFI_WPA_EAP_TTLS_PAP &&
584
	    eap_ttls_method != NWAMUI_WIFI_WPA_EAP_TTLS_CHAP)
534 585
		return (NWAM_ENTITY_INVALID_VALUE);
535 586

  
536 587
	return (NWAM_SUCCESS);
usr/src/lib/libnwam/common/libnwam_priv.h
107 107
		char nwdad_essid[NWAM_MAX_NAME_LEN];
108 108
		char nwdad_bssid[NWAM_MAX_NAME_LEN];
109 109
		uint32_t nwdad_security_mode;
110
		char nwdad_key[NWAM_MAX_NAME_LEN];
110
		char nwdad_key[NWAM_MAX_VALUE_LEN];
111 111
		uint_t nwdad_keyslot;
112 112
		boolean_t nwdad_add_to_known_wlans;
113 113
		uint_t nwdad_num_wlans;
......
139 139
} nwam_backend_door_arg_t;
140 140

  
141 141
/*
142
 * For AUTOMATIC, net80211 will need to parse WPA IEs, and maybe
143
 * it will be possible if WPA IE contains such information.
144
 */
145
typedef enum {
146
	NWAMUI_WIFI_WPA_CONFIG_AUTOMATIC,
147
	NWAMUI_WIFI_WPA_CONFIG_LEAP,
148
	NWAMUI_WIFI_WPA_CONFIG_PEAP, /* aka MSCHAPv2 */
149
	NWAMUI_WIFI_WPA_CONFIG_EAP_TTLS,
150
	NWAMUI_WIFI_WPA_CONFIG_LAST /* Not to be used directly */	
151
} nwamui_wifi_wpa_config_t;
152

  
153
typedef enum {
154
	NWAMUI_WIFI_WPA_EAP_TTLS_PAP,
155
	NWAMUI_WIFI_WPA_EAP_TTLS_CHAP,
156
	NWAMUI_WIFI_WPA_EAP_TTLS_LAST
157
} nwamui_wifi_wpa_eap_ttls_t;
158

  
159
/*
142 160
 * Functions needed to initialize/stop processing of libnwam backend data
143 161
 * (used in netcfgd).
144 162
 */
usr/src/lib/libnwam/common/libnwam_values.c
723 723
	{ "none", DLADM_WLAN_SECMODE_NONE },
724 724
	{ "wep", DLADM_WLAN_SECMODE_WEP },
725 725
	{ "wpa", DLADM_WLAN_SECMODE_WPA },
726
	{ "wpa-enterprise", DLADM_WLAN_SECMODE_WPA_ENTERPRISE },
727
	{ NULL, 0 }
728
};
729

  
730
struct nwam_value_entry known_wlan_prop_wpa_eap_mode_entries[] =
731
{
732
	{ "ttls", NWAMUI_WIFI_WPA_CONFIG_EAP_TTLS },
733
	{ "peap", NWAMUI_WIFI_WPA_CONFIG_PEAP },
734
	{ "leap", NWAMUI_WIFI_WPA_CONFIG_LEAP },
726 735
	{ NULL, 0 }
727 736
};
728 737

  
......
749 758
	    loc_prop_nameservice_configsrc_entries },
750 759
	{ NWAM_KNOWN_WLAN_PROP_SECURITY_MODE,
751 760
	    known_wlan_prop_security_mode_entries },
761
	{ NWAM_KNOWN_WLAN_PROP_WPA_EAP_MODE,
762
	    known_wlan_prop_wpa_eap_mode_entries },
752 763
	{ NULL, NULL }
753 764
};
754 765

  
usr/src/uts/common/io/dld/dld_drv.c
1168 1168
	sobjp = &ssp->ss_obj;
1169 1169

  
1170 1170
	if (sobjp->so_class != DLD_SECOBJ_CLASS_WEP &&
1171
	    sobjp->so_class != DLD_SECOBJ_CLASS_WPA)
1171
	    sobjp->so_class != DLD_SECOBJ_CLASS_WPA &&
1172
	    sobjp->so_class != DLD_SECOBJ_CLASS_WPA_ENTERPRISE)
1172 1173
		return (EINVAL);
1173 1174

  
1174 1175
	if (sobjp->so_name[DLD_SECOBJ_NAME_MAX - 1] != '\0' ||
usr/src/uts/common/sys/dld.h
122 122
 */
123 123
typedef enum {
124 124
	DLD_SECOBJ_CLASS_WEP = 1,
125
	DLD_SECOBJ_CLASS_WPA
125
	DLD_SECOBJ_CLASS_WPA,
126
	DLD_SECOBJ_CLASS_WPA_ENTERPRISE
126 127
} dld_secobj_class_t;
127 128

  
128 129
#define	DLD_SECOBJ_OPT_CREATE	0x00000001
    (1-1/1)