* [RFC PATCH 0/1] iw: add support for retrieving keys
@ 2022-08-22 7:43 Raphaël Mélotte
2022-08-22 7:43 ` [RFC PATCH 1/1] " Raphaël Mélotte
0 siblings, 1 reply; 8+ messages in thread
From: Raphaël Mélotte @ 2022-08-22 7:43 UTC (permalink / raw
To: johannes; +Cc: linux-wireless, Raphaël Mélotte
Hello,
I couldn't find a way to retrieve keys and key sequences using iw, so
the following patch adds support for it.
I wasn't sure whether I should include the (new?) nested NL80211_KEY_*
attributes, or only the global ones. In my simple case any of them
would do, so I included the global ones only.
Kind regards,
Raphael
Raphaël Mélotte (1):
iw: add support for retrieving keys
Makefile | 2 +-
keys.c | 77 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++
2 files changed, 78 insertions(+), 1 deletion(-)
create mode 100644 keys.c
--
2.37.1
^ permalink raw reply [flat|nested] 8+ messages in thread
* [RFC PATCH 1/1] iw: add support for retrieving keys
2022-08-22 7:43 [RFC PATCH 0/1] iw: add support for retrieving keys Raphaël Mélotte
@ 2022-08-22 7:43 ` Raphaël Mélotte
2022-12-01 13:37 ` Johannes Berg
2023-01-02 11:12 ` [PATCH v2 " Raphaël Mélotte
0 siblings, 2 replies; 8+ messages in thread
From: Raphaël Mélotte @ 2022-08-22 7:43 UTC (permalink / raw
To: johannes; +Cc: linux-wireless, Raphaël Mélotte
For debugging purposes, it can be useful to be able to retrieve keys.
Add a "iw get key" command, to be able to retrieve keys when the key
index is known.
Example retrieving a pairwise key:
iw dev wlan0 get key 0 02:02:03:04:05:06
Example retrieving a group key:
iw dev wlan0 get key 1
Note that only the outer ATTR_KEY_DATA (and seq) is reported, the
nested KEY_DATA (and seq) within ATTR_KEY is not.
Signed-off-by: Raphaël Mélotte <raphael.melotte@mind.be>
---
Makefile | 2 +-
keys.c | 77 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++
2 files changed, 78 insertions(+), 1 deletion(-)
create mode 100644 keys.c
diff --git a/Makefile b/Makefile
index 33aaf6a..aa4ce7e 100644
--- a/Makefile
+++ b/Makefile
@@ -23,7 +23,7 @@ OBJS = iw.o genl.o event.o info.o phy.o \
mesh.o mpath.o mpp.o scan.o reg.o version.o \
reason.o status.o connect.o link.o offch.o ps.o cqm.o \
bitrate.o wowlan.o coalesce.o roc.o p2p.o vendor.o mgmt.o \
- ap.o sha256.o nan.o bloom.o \
+ ap.o sha256.o nan.o bloom.o keys.o \
measurements.o ftm.o
OBJS += sections.o
diff --git a/keys.c b/keys.c
new file mode 100644
index 0000000..3cb2950
--- /dev/null
+++ b/keys.c
@@ -0,0 +1,77 @@
+#include <errno.h>
+#include <netlink/genl/genl.h>
+#include <netlink/genl/family.h>
+#include <netlink/genl/ctrl.h>
+#include <netlink/msg.h>
+#include <netlink/attr.h>
+#include "nl80211.h"
+#include "iw.h"
+
+static int print_keys(struct nl_msg *msg, void *arg)
+{
+ struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg));
+ struct nlattr *tb[NL80211_ATTR_MAX + 1];
+
+ nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0),
+ genlmsg_attrlen(gnlh, 0), NULL);
+
+ if (!tb[NL80211_ATTR_KEY_IDX]) {
+ fprintf(stderr, "KEY_IDX missing!\n");
+ return NL_SKIP;
+ }
+
+ if (!tb[NL80211_ATTR_KEY_DATA]) {
+ fprintf(stderr, "ATTR_KEY_DATA missing!\n");
+ return NL_SKIP;
+ }
+
+ iw_hexdump("Key", nla_data(tb[NL80211_ATTR_KEY_DATA]),
+ nla_len(tb[NL80211_ATTR_KEY_DATA]));
+
+ if (!tb[NL80211_ATTR_KEY_SEQ]) {
+ fprintf(stderr, "ATTR_KEY_SEQ missing!\n");
+ return NL_SKIP;
+ }
+
+ iw_hexdump("Key seq", nla_data(tb[NL80211_ATTR_KEY_SEQ]),
+ nla_len(tb[NL80211_ATTR_KEY_SEQ]));
+
+ return NL_OK;
+}
+
+static int handle_get_key(struct nl80211_state *state,
+ struct nl_msg *msg, int argc, char **argv,
+ enum id_input id)
+{
+ char *end;
+ unsigned char mac[6];
+
+ /* key index */
+ if (argc) {
+ nla_put_u8(msg, NL80211_ATTR_KEY_IDX, strtoul(argv[0], &end, 10));
+ argv++;
+ argc--;
+ }
+
+ /* mac */
+ if (argc) {
+ if (mac_addr_a2n(mac, argv[0]) == 0) {
+ NLA_PUT(msg, NL80211_ATTR_MAC, 6, mac);
+ argv++;
+ argc--;
+ nla_put_u32(msg, NL80211_ATTR_KEY_TYPE, NL80211_KEYTYPE_PAIRWISE);
+ }
+ } else {
+ nla_put_u32(msg, NL80211_ATTR_KEY_TYPE, NL80211_KEYTYPE_GROUP);
+ }
+
+ register_handler(print_keys, NULL);
+ return 0;
+
+ nla_put_failure:
+ return -ENOSPC;
+}
+
+COMMAND(get, key, "",
+ NL80211_CMD_GET_KEY, 0, CIB_NETDEV, handle_get_key,
+ "<key index> <MAC address> <pairwise>\n");
--
2.37.1
^ permalink raw reply related [flat|nested] 8+ messages in thread
* Re: [RFC PATCH 1/1] iw: add support for retrieving keys
2022-08-22 7:43 ` [RFC PATCH 1/1] " Raphaël Mélotte
@ 2022-12-01 13:37 ` Johannes Berg
2023-01-02 8:28 ` Raphaël Mélotte
2023-01-02 11:12 ` [PATCH v2 " Raphaël Mélotte
1 sibling, 1 reply; 8+ messages in thread
From: Johannes Berg @ 2022-12-01 13:37 UTC (permalink / raw
To: Raphaël Mélotte; +Cc: linux-wireless
On Mon, 2022-08-22 at 09:43 +0200, Raphaël Mélotte wrote:
> For debugging purposes, it can be useful to be able to retrieve keys.
>
> Add a "iw get key" command, to be able to retrieve keys when the key
> index is known.
>
> Example retrieving a pairwise key:
> iw dev wlan0 get key 0 02:02:03:04:05:06
>
> Example retrieving a group key:
> iw dev wlan0 get key 1
The examples don't seem to match the docs:
> +COMMAND(get, key, "",
> + NL80211_CMD_GET_KEY, 0, CIB_NETDEV, handle_get_key,
> + "<key index> <MAC address> <pairwise>\n");
and maybe you should switch pairwise/mac addr since it's not required
for pairwise == false I guess? or maybe let you specify the key type
instead, so you can retrieve other kinds of keys?
> + if (argc) {
> + if (mac_addr_a2n(mac, argv[0]) == 0) {
> + NLA_PUT(msg, NL80211_ATTR_MAC, 6, mac);
> + argv++;
> + argc--;
> + nla_put_u32(msg, NL80211_ATTR_KEY_TYPE,
> NL80211_KEYTYPE_PAIRWISE);
> + }
and this seems like it could have some error return in the else or
something?
Otherwise seems fine to me, any particular reason you sent it as RFC?
johannes
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [RFC PATCH 1/1] iw: add support for retrieving keys
2022-12-01 13:37 ` Johannes Berg
@ 2023-01-02 8:28 ` Raphaël Mélotte
0 siblings, 0 replies; 8+ messages in thread
From: Raphaël Mélotte @ 2023-01-02 8:28 UTC (permalink / raw
To: Johannes Berg; +Cc: linux-wireless
On 12/1/22 14:37, Johannes Berg wrote:
> The examples don't seem to match the docs:
Indeed.. I'll fix it.
> and maybe you should switch pairwise/mac addr since it's not required
> for pairwise == false I guess? or maybe let you specify the key type
> instead, so you can retrieve other kinds of keys?
I was actually thinking about removing the pairwise flag entirely.
Since the kernel currently only allows to retrieve pairwise or
group keys (AFAICT), I was thinking it could be easier to use the
presence of the MAC address to differentiate between the key
types.
>
> and this seems like it could have some error return in the else or
> something?
Indeed, I'll add it.
>
> Otherwise seems fine to me, any particular reason you sent it as RFC?
I thought there might have been a specific reason why it was not
there yet, and I also wasn't sure about 'NL80211_KEY_*' vs
'NL80211_ATTR_KEY_*'.
I'll send a v2 addressing the comments above.
Thanks for the review!
Raphaël
^ permalink raw reply [flat|nested] 8+ messages in thread
* [PATCH v2 1/1] iw: add support for retrieving keys
2022-08-22 7:43 ` [RFC PATCH 1/1] " Raphaël Mélotte
2022-12-01 13:37 ` Johannes Berg
@ 2023-01-02 11:12 ` Raphaël Mélotte
2023-01-12 10:05 ` Johannes Berg
2023-01-12 12:25 ` [PATCH v3 " Raphaël Mélotte
1 sibling, 2 replies; 8+ messages in thread
From: Raphaël Mélotte @ 2023-01-02 11:12 UTC (permalink / raw
To: johannes; +Cc: linux-wireless, Raphaël Mélotte
For debugging purposes, it can be useful to be able to retrieve keys.
Add a "iw key get" command, to be able to retrieve keys when the key
index is known. A new "key" section is also introduced, in preparation
for future key-related commands.
Example retrieving a pairwise key:
iw dev wlan0 key get 0 02:02:03:04:05:06
Example retrieving a group key:
iw dev wlan0 key get 1
Note that only the outer ATTR_KEY_DATA (and seq) is reported, the
nested KEY_DATA (and seq) within ATTR_KEY is not.
Signed-off-by: Raphaël Mélotte <raphael.melotte@mind.be>
---
Changes v1 -> v2:
- Introduce a 'key' section and update commit message
- Fix documentation (and remove pairwise flag)
- Return error when MAC is invalid
- Rebase on master
keys.c | 80 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
1 file changed, 80 insertions(+)
create mode 100644 keys.c
diff --git a/keys.c b/keys.c
new file mode 100644
index 0000000..37abc94
--- /dev/null
+++ b/keys.c
@@ -0,0 +1,80 @@
+#include <errno.h>
+#include <netlink/genl/genl.h>
+#include <netlink/genl/family.h>
+#include <netlink/genl/ctrl.h>
+#include <netlink/msg.h>
+#include <netlink/attr.h>
+#include "nl80211.h"
+#include "iw.h"
+
+SECTION(key);
+
+static int print_keys(struct nl_msg *msg, void *arg)
+{
+ struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg));
+ struct nlattr *tb[NL80211_ATTR_MAX + 1];
+
+ nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0),
+ genlmsg_attrlen(gnlh, 0), NULL);
+
+ if (!tb[NL80211_ATTR_KEY_IDX]) {
+ fprintf(stderr, "KEY_IDX missing!\n");
+ return NL_SKIP;
+ }
+
+ if (!tb[NL80211_ATTR_KEY_DATA]) {
+ fprintf(stderr, "ATTR_KEY_DATA missing!\n");
+ return NL_SKIP;
+ }
+
+ iw_hexdump("Key", nla_data(tb[NL80211_ATTR_KEY_DATA]),
+ nla_len(tb[NL80211_ATTR_KEY_DATA]));
+
+ if (!tb[NL80211_ATTR_KEY_SEQ]) {
+ fprintf(stderr, "ATTR_KEY_SEQ missing!\n");
+ return NL_SKIP;
+ }
+
+ iw_hexdump("Key seq", nla_data(tb[NL80211_ATTR_KEY_SEQ]),
+ nla_len(tb[NL80211_ATTR_KEY_SEQ]));
+
+ return NL_OK;
+}
+
+static int handle_get_key(struct nl80211_state *state,
+ struct nl_msg *msg, int argc, char **argv,
+ enum id_input id)
+{
+ char *end;
+ unsigned char mac[6];
+
+ /* key index */
+ if (argc) {
+ nla_put_u8(msg, NL80211_ATTR_KEY_IDX, strtoul(argv[0], &end, 10));
+ argv++;
+ argc--;
+ }
+
+ /* mac */
+ if (argc) {
+ if (mac_addr_a2n(mac, argv[0]) == 0) {
+ NLA_PUT(msg, NL80211_ATTR_MAC, 6, mac);
+ argv++;
+ argc--;
+ nla_put_u32(msg, NL80211_ATTR_KEY_TYPE, NL80211_KEYTYPE_PAIRWISE);
+ } else {
+ return -EINVAL;
+ }
+ } else {
+ nla_put_u32(msg, NL80211_ATTR_KEY_TYPE, NL80211_KEYTYPE_GROUP);
+ }
+
+ register_handler(print_keys, NULL);
+ return 0;
+
+ nla_put_failure:
+ return -ENOSPC;
+}
+COMMAND(key, get, "<key index> <MAC address>",
+ NL80211_CMD_GET_KEY, 0, CIB_NETDEV, handle_get_key,
+ "Retrieve a key and key sequence.\n");
--
2.38.1
^ permalink raw reply related [flat|nested] 8+ messages in thread
* Re: [PATCH v2 1/1] iw: add support for retrieving keys
2023-01-02 11:12 ` [PATCH v2 " Raphaël Mélotte
@ 2023-01-12 10:05 ` Johannes Berg
2023-01-12 12:22 ` Raphaël Mélotte
2023-01-12 12:25 ` [PATCH v3 " Raphaël Mélotte
1 sibling, 1 reply; 8+ messages in thread
From: Johannes Berg @ 2023-01-12 10:05 UTC (permalink / raw
To: Raphaël Mélotte; +Cc: linux-wireless
On Mon, 2023-01-02 at 12:12 +0100, Raphaël Mélotte wrote:
>
> + /* key index */
> + if (argc) {
> + nla_put_u8(msg, NL80211_ATTR_KEY_IDX, strtoul(argv[0], &end, 10));
This is odd now - if you have &end you should check that strtoul()
actually consumed all the input etc.? Otherwise might as well just use
atoi(), but I'd prefer with the checks.
> + argv++;
> + argc--;
> + }
> +
> + /* mac */
> + if (argc) {
> + if (mac_addr_a2n(mac, argv[0]) == 0) {
> + NLA_PUT(msg, NL80211_ATTR_MAC, 6, mac);
> + argv++;
> + argc--;
> + nla_put_u32(msg, NL80211_ATTR_KEY_TYPE, NL80211_KEYTYPE_PAIRWISE);
maybe add that before the argv/argc (and maybe break line in there) -
first I got concerned if argv/argc was used in that nla_put_u32().
johannes
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [PATCH v2 1/1] iw: add support for retrieving keys
2023-01-12 10:05 ` Johannes Berg
@ 2023-01-12 12:22 ` Raphaël Mélotte
0 siblings, 0 replies; 8+ messages in thread
From: Raphaël Mélotte @ 2023-01-12 12:22 UTC (permalink / raw
To: Johannes Berg; +Cc: linux-wireless
On 1/12/23 11:05, Johannes Berg wrote:
> On Mon, 2023-01-02 at 12:12 +0100, Raphaël Mélotte wrote:
> This is odd now - if you have &end you should check that strtoul()
> actually consumed all the input etc.? Otherwise might as well just use
> atoi(), but I'd prefer with the checks.
Indeed..
> maybe add that before the argv/argc (and maybe break line in there) -
> first I got concerned if argv/argc was used in that nla_put_u32().
Okay, I'll do that in a v3.
Thanks!
Raphaël
^ permalink raw reply [flat|nested] 8+ messages in thread
* [PATCH v3 1/1] iw: add support for retrieving keys
2023-01-02 11:12 ` [PATCH v2 " Raphaël Mélotte
2023-01-12 10:05 ` Johannes Berg
@ 2023-01-12 12:25 ` Raphaël Mélotte
1 sibling, 0 replies; 8+ messages in thread
From: Raphaël Mélotte @ 2023-01-12 12:25 UTC (permalink / raw
To: johannes; +Cc: linux-wireless, Raphaël Mélotte
For debugging purposes, it can be useful to be able to retrieve keys.
Add a "iw key get" command, to be able to retrieve keys when the key
index is known. A new "key" section is also introduced, in preparation
for future key-related commands.
Example retrieving a pairwise key:
iw dev wlan0 key get 0 02:02:03:04:05:06
Example retrieving a group key:
iw dev wlan0 key get 1
Note that only the outer ATTR_KEY_DATA (and seq) is reported, the
nested KEY_DATA (and seq) within ATTR_KEY is not.
Signed-off-by: Raphaël Mélotte <raphael.melotte@mind.be>
---
Changes v2 -> v3:
- Check parsing of index.
- Move pairwise type before argv++ and add line break.
Changes v1 -> v2:
- Introduce a 'key' section and update commit message
- Fix documentation (and remove pairwise flag)
- Return error when MAC is invalid
- Rebase on master
keys.c | 83 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
1 file changed, 83 insertions(+)
create mode 100644 keys.c
diff --git a/keys.c b/keys.c
new file mode 100644
index 0000000..65aa426
--- /dev/null
+++ b/keys.c
@@ -0,0 +1,83 @@
+#include <errno.h>
+#include <netlink/genl/genl.h>
+#include <netlink/genl/family.h>
+#include <netlink/genl/ctrl.h>
+#include <netlink/msg.h>
+#include <netlink/attr.h>
+#include "nl80211.h"
+#include "iw.h"
+
+SECTION(key);
+
+static int print_keys(struct nl_msg *msg, void *arg)
+{
+ struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg));
+ struct nlattr *tb[NL80211_ATTR_MAX + 1];
+
+ nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0),
+ genlmsg_attrlen(gnlh, 0), NULL);
+
+ if (!tb[NL80211_ATTR_KEY_IDX]) {
+ fprintf(stderr, "KEY_IDX missing!\n");
+ return NL_SKIP;
+ }
+
+ if (!tb[NL80211_ATTR_KEY_DATA]) {
+ fprintf(stderr, "ATTR_KEY_DATA missing!\n");
+ return NL_SKIP;
+ }
+
+ iw_hexdump("Key", nla_data(tb[NL80211_ATTR_KEY_DATA]),
+ nla_len(tb[NL80211_ATTR_KEY_DATA]));
+
+ if (!tb[NL80211_ATTR_KEY_SEQ]) {
+ fprintf(stderr, "ATTR_KEY_SEQ missing!\n");
+ return NL_SKIP;
+ }
+
+ iw_hexdump("Key seq", nla_data(tb[NL80211_ATTR_KEY_SEQ]),
+ nla_len(tb[NL80211_ATTR_KEY_SEQ]));
+
+ return NL_OK;
+}
+
+static int handle_get_key(struct nl80211_state *state,
+ struct nl_msg *msg, int argc, char **argv,
+ enum id_input id)
+{
+ char *end;
+ unsigned char mac[6];
+
+ /* key index */
+ if (argc) {
+ nla_put_u8(msg, NL80211_ATTR_KEY_IDX, strtoul(argv[0], &end, 10));
+ if (*end != '\0')
+ return -EINVAL;
+ argv++;
+ argc--;
+ }
+
+ /* mac */
+ if (argc) {
+ if (mac_addr_a2n(mac, argv[0]) == 0) {
+ NLA_PUT(msg, NL80211_ATTR_MAC, 6, mac);
+ nla_put_u32(msg, NL80211_ATTR_KEY_TYPE,
+ NL80211_KEYTYPE_PAIRWISE);
+ argv++;
+ argc--;
+ } else {
+ return -EINVAL;
+ }
+ } else {
+ nla_put_u32(msg, NL80211_ATTR_KEY_TYPE, NL80211_KEYTYPE_GROUP);
+ }
+
+ register_handler(print_keys, NULL);
+ return 0;
+
+ nla_put_failure:
+ return -ENOSPC;
+}
+COMMAND(key, get, "<key index> <MAC address>",
+ NL80211_CMD_GET_KEY, 0, CIB_NETDEV, handle_get_key,
+ "Retrieve a key and key sequence.\n");
--
2.38.1
^ permalink raw reply related [flat|nested] 8+ messages in thread
end of thread, other threads:[~2023-01-12 12:26 UTC | newest]
Thread overview: 8+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2022-08-22 7:43 [RFC PATCH 0/1] iw: add support for retrieving keys Raphaël Mélotte
2022-08-22 7:43 ` [RFC PATCH 1/1] " Raphaël Mélotte
2022-12-01 13:37 ` Johannes Berg
2023-01-02 8:28 ` Raphaël Mélotte
2023-01-02 11:12 ` [PATCH v2 " Raphaël Mélotte
2023-01-12 10:05 ` Johannes Berg
2023-01-12 12:22 ` Raphaël Mélotte
2023-01-12 12:25 ` [PATCH v3 " Raphaël Mélotte
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.