Merge pull request #249 from microsoft/authdatasaeopts

Accept SAE password ids and peer mac addresses in CLI

Author: abeltrano

src/common/service/NetRemoteService.cxx

@@ -751,6 +751,12 @@ NetRemoteService::WifiAccessPointSetAuthenticationDataImpl(std::string_view acce
                 wifiOperationStatus.set_message("No PSK passphrase provided (empty)");
                 return wifiOperationStatus;
             }
+            const auto pskPassphraseSize = std::size(pskPassphrase);
+            if (pskPassphraseSize < Ieee80211RsnaPskPassphraseLengthMinimum || pskPassphraseSize > Ieee80211RsnaPskPassphraseLengthMaximum) {
+                wifiOperationStatus.set_code(WifiAccessPointOperationStatusCode::WifiAccessPointOperationStatusCodeInvalidParameter);
+                wifiOperationStatus.set_message(std::format("Invalid PSK passphrase size '{}' provided (expected {} to {} characters)", pskPassphraseSize, Ieee80211RsnaPskPassphraseLengthMinimum, Ieee80211RsnaPskPassphraseLengthMaximum));
+                return wifiOperationStatus;
+            }
         } else if (psk.has_value()) {
             const auto& pskValue = psk.value();
             if (!pskValue.has_hex() && !pskValue.has_raw()) {
@@ -769,7 +775,7 @@ NetRemoteService::WifiAccessPointSetAuthenticationDataImpl(std::string_view acce
                 const auto& pskRaw = pskValue.raw();
                 if (std::size(pskRaw) != Ieee80211RsnaPskLength) {
                     wifiOperationStatus.set_code(WifiAccessPointOperationStatusCode::WifiAccessPointOperationStatusCodeInvalidParameter);
-                    wifiOperationStatus.set_message(std::format("Invalid PSK raw value provided (not {} bytes)", Ieee80211RsnaPskLength));
+                    wifiOperationStatus.set_message(std::format("Invalid PSK raw value size '{}' provided (expected {} bytes)", std::size(pskRaw), Ieee80211RsnaPskLength));
                     return wifiOperationStatus;
                 }
             }

src/common/shared/strings/CMakeLists.txt

@@ -2,18 +2,22 @@
 add_library(strings INTERFACE)
 
 set(STRINGS_PUBLIC_INCLUDE ${CMAKE_CURRENT_LIST_DIR}/include)
-set(STRINGS_PUBLIC_INCLUDE_PREFIX ${STRINGS_PUBLIC_INCLUDE}/strings)
+set(STRINGS_PUBLIC_INCLUDE_SUFFIX strings)
+set(STRINGS_PUBLIC_INCLUDE_PREFIX ${STRINGS_PUBLIC_INCLUDE}/${STRINGS_PUBLIC_INCLUDE_SUFFIX})
 
 target_sources(strings
     PUBLIC
+    FILE_SET HEADERS
+    BASE_DIRS ${STRINGS_PUBLIC_INCLUDE}
+    FILES
         ${STRINGS_PUBLIC_INCLUDE_PREFIX}/StringHelpers.hxx
+        ${STRINGS_PUBLIC_INCLUDE_PREFIX}/StringParsing.hxx
 )
 
-list(APPEND STRINGS_PUBLIC_HEADERS
-    ${STRINGS_PUBLIC_INCLUDE_PREFIX}/StringHelpers.hxx
-)
-
-set_target_properties(strings PROPERTIES
-    PUBLIC_HEADER "${STRINGS_PUBLIC_HEADERS}"
-    INTERFACE_INCLUDE_DIRECTORIES "${STRINGS_PUBLIC_INCLUDE}"
+install(
+    TARGETS strings
+    EXPORT ${PROJECT_NAME}
+    COMPONENT dev
+    FILE_SET HEADERS
+    PUBLIC_HEADER DESTINATION "${NETREMOTE_DIR_INSTALL_PUBLIC_HEADER_BASE}/${STRINGS_PUBLIC_INCLUDE_SUFFIX}"
 )

src/common/shared/strings/include/strings/StringParsing.hxx

@@ -0,0 +1,50 @@
+
+#ifndef STRING_PARSING_HXX
+#define STRING_PARSING_HXX
+
+#include <charconv>
+#include <concepts>
+#include <cstdint>
+#include <cstdlib>
+#include <ranges>
+#include <string>
+#include <tuple>
+
+namespace Strings
+{
+/**
+ * @brief Parse a hex string into a container of bytes.
+ *
+ * @tparam ContainerT The container type to store the parsed bytes.
+ * @param hexString The hex string to parse.
+ * @param result The container to store the parsed bytes.
+ * @param numberOfBytesToParse The number of bytes to parse from the hex string.
+ * @return true If a valid hex string was parsed into the container.
+ * @return false If the hex string was invalid or the container was too small to store the parsed bytes.
+ */
+// clang-format off
+template <std::ranges::range ContainerT>
+requires std::same_as<std::ranges::range_value_t<ContainerT>, std::uint8_t>
+// clang-format on
+bool
+ParseHexString(const std::string& hexString, ContainerT& result, std::size_t numberOfBytesToParse = std::tuple_size_v<ContainerT>)
+{
+    // Ensure the input has enough characters to parse the requested number of bytes.
+    if (std::size(hexString) / 2 < numberOfBytesToParse) {
+        return false;
+    }
+
+    std::string_view hexStringView{ hexString };
+    for (std::size_t i = 0; i < std::size(result); i++) {
+        const auto byteAsHex = hexStringView.substr(i * 2, 2); // 2 hex chars
+        const auto byteConversionResult = std::from_chars(std::data(byteAsHex), std::data(byteAsHex) + std::size(byteAsHex), result[i], 16);
+        if (byteConversionResult.ec != std::errc{}) {
+            return false;
+        }
+    }
+
+    return true;
+}
+} // namespace Strings
+
+#endif // STRING_PARSING_HXX

src/common/tools/cli/CMakeLists.txt

@@ -27,6 +27,7 @@ target_link_libraries(${PROJECT_NAME}-cli
         magic_enum::magic_enum
         notstd
         plog::plog
+        strings
     PUBLIC
         ${PROJECT_NAME}-client
         wifi-core

src/common/tools/cli/NetRemoteCli.cxx

@@ -1,5 +1,6 @@
 
 #include <format>
+#include <iostream>
 #include <map>
 #include <memory>
 #include <stdexcept>
@@ -20,6 +21,7 @@
 #include <microsoft/net/wifi/Ieee80211AccessPointConfiguration.hxx>
 #include <notstd/Memory.hxx>
 #include <plog/Log.h>
+#include <strings/StringParsing.hxx>
 
 using namespace Microsoft::Net::Remote;
 using namespace Microsoft::Net::Wifi;
@@ -118,12 +120,22 @@ NetRemoteCli::AddSubcommandWifiAccessPointsEnumerate(CLI::App* parent)
 
 namespace detail
 {
+/**
+ * @brief Thin wrapper to destructure the std::tuple used to parse SAE passwords.
+ *
+ * @param saePasswordArgument The tuple containing the SAE password, password ID, and peer MAC address.
+ * @return Ieee80211RsnaPassword
+ */
 Ieee80211RsnaPassword
-ParseSaePasswordCliArgument(const std::string& saePasswordArg)
+ParseSaePasswordCliArgument(std::tuple<std::string, std::optional<std::string>, std::optional<std::string>>& saePasswordArgument)
 {
-    Ieee80211RsnaPassword saePassword{};
-    // TODO: parse optional password id and peer mac address fields.
-    saePassword.Credential = saePasswordArg;
+    const auto& [password, passwordId, peerMacAddress] = saePasswordArgument; // NOLINT(cppcoreguidelines-pro-bounds-constant-array-index)
+
+    Ieee80211RsnaPassword saePassword{
+        .Credential = std::move(password),
+        .PasswordId = std::move(passwordId),
+        .PeerMacAddress = peerMacAddress.and_then(Ieee80211MacAddressFromString)
+    };
 
     return saePassword;
 }
@@ -138,6 +150,14 @@ NetRemoteCli::WifiAccessPointEnableCallback()
         auto& psk = ieee80211AccessPointConfiguration.AuthenticationData.Psk.emplace();
         psk.Psk = m_cliData->WifiAccessPointPskPassphrase;
     }
+    if (!std::empty(m_cliData->WifiAccessPointPskHex)) {
+        auto& psk = ieee80211AccessPointConfiguration.AuthenticationData.Psk.emplace();
+        auto& pskValue = psk.Psk.emplace<Ieee80211RsnaPskValue>();
+        if (!Strings::ParseHexString(m_cliData->WifiAccessPointPskHex, pskValue)) {
+            std::cerr << "Failed to parse PSK value (must be 64 hex characters)" << std::endl;
+            return;
+        }
+    }
 
     if (!std::empty(m_cliData->WifiAccessPointSaePasswords)) {
         auto& sae = ieee80211AccessPointConfiguration.AuthenticationData.Sae.emplace();
@@ -274,8 +294,9 @@ NetRemoteCli::AddSubcommandWifiAccessPointEnable(CLI::App* parent)
         ->transform(CLI::CheckedTransformer(detail::Ieee80211AuthenticationAlgorithmNames(), CLI::ignore_case));
     cliAppWifiAccessPointEnable->add_option("--akm,--akms,--akmSuite,--akmSuites,--keyManagement,--keyManagements", m_cliData->WifiAccessPointAkmSuites, "The AKM suites of the access point to enable")
         ->transform(CLI::CheckedTransformer(detail::Ieee80211AkmSuiteNames(), CLI::ignore_case));
-    cliAppWifiAccessPointEnable->add_option("--passphrase,--pskPassphrase", m_cliData->WifiAccessPointPskPassphrase, "The PSK passphrase of the access point to enable");
-    cliAppWifiAccessPointEnable->add_option("--sae,--password,--passwords,--saePassword,--saePasswords", m_cliData->WifiAccessPointSaePasswords, "The SAE passwords of the access point to enable");
+    cliAppWifiAccessPointEnable->add_option("--psk", m_cliData->WifiAccessPointPskHex, "The PSK of the access point to enable");
+    cliAppWifiAccessPointEnable->add_option("--passphrase,--pskPassphrase", m_cliData->WifiAccessPointPskPassphrase, "The PSK passphrase of the access point to enable")->excludes("--psk");
+    cliAppWifiAccessPointEnable->add_option("--sae,--password,--passwords,--saePassword,--saePasswords", m_cliData->WifiAccessPointSaePasswords, "The SAE passwords of the access point to enable")->type_size(1, 3);
     cliAppWifiAccessPointEnable->callback([this] {
         WifiAccessPointEnableCallback();
     });

src/common/tools/cli/include/microsoft/net/remote/NetRemoteCliData.hxx

@@ -4,6 +4,7 @@
 
 #include <optional>
 #include <string>
+#include <tuple>
 #include <vector>
 
 #include <microsoft/net/remote/protocol/NetRemoteProtocol.hxx>
@@ -26,7 +27,8 @@ struct NetRemoteCliData
     std::string WifiAccessPointId{};
     std::string WifiAccessPointSsid{};
     std::string WifiAccessPointPskPassphrase;
-    std::vector<std::string> WifiAccessPointSaePasswords{};
+    std::string WifiAccessPointPskHex;
+    std::vector<std::tuple<std::string, std::optional<std::string>, std::optional<std::string>>> WifiAccessPointSaePasswords{};
     std::vector<Microsoft::Net::Wifi::Ieee80211FrequencyBand> WifiAccessPointFrequencyBands{};
     std::vector<Microsoft::Net::Wifi::Ieee80211AuthenticationAlgorithm> WifiAccessPointAuthenticationAlgorithms{};
     std::vector<Microsoft::Net::Wifi::Ieee80211AkmSuite> WifiAccessPointAkmSuites{};

src/common/wifi/core/CMakeLists.txt

@@ -34,6 +34,7 @@ target_link_libraries(wifi-core
     PRIVATE
         magic_enum::magic_enum
         notstd
+        strings
     PUBLIC
         plog::plog
 )

src/common/wifi/core/Ieee80211.cxx

@@ -1,8 +1,13 @@
 
+#include <algorithm>
+#include <charconv>
 #include <format>
+#include <optional>
 #include <string>
+#include <string_view>
 
 #include <microsoft/net/wifi/Ieee80211.hxx>
+#include <strings/StringParsing.hxx>
 
 namespace Microsoft::Net::Wifi
 {
@@ -11,4 +16,24 @@ Ieee80211MacAddressToString(const Ieee80211MacAddress& macAddress)
 {
     return std::format("{:02X}:{:02X}:{:02X}:{:02X}:{:02X}:{:02X}", macAddress[0], macAddress[1], macAddress[2], macAddress[3], macAddress[4], macAddress[5]);
 }
+
+std::optional<Ieee80211MacAddress>
+Ieee80211MacAddressFromString(std::string macAddress)
+{
+    constexpr auto isDelimeter = [](const char c) {
+        return c == ':' || c == '-';
+    };
+
+    const auto eraseRange = std::ranges::remove_if(macAddress, isDelimeter);
+    if (!std::empty(eraseRange)) {
+        macAddress.erase(std::begin(eraseRange), std::end(eraseRange));
+    }
+
+    Ieee80211MacAddress result{};
+    if (!Strings::ParseHexString(macAddress, result)) {
+        return std::nullopt;
+    }
+
+    return result;
+}
 } // namespace Microsoft::Net::Wifi

src/common/wifi/core/include/microsoft/net/wifi/Ieee80211.hxx

@@ -6,6 +6,7 @@
 #include <cmath>
 #include <cstdint>
 #include <initializer_list>
+#include <optional>
 #include <string>
 #include <utility>
 
@@ -423,6 +424,15 @@ using Ieee80211MacAddress = std::array<uint8_t, MacAddressNumOctets>;
 std::string
 Ieee80211MacAddressToString(const Ieee80211MacAddress& macAddress);
 
+/**
+ * @brief Parse a string into a MAC address.
+ *
+ * @param macAddress The MAC address string to parse.
+ * @return std::optional<Ieee80211MacAddress>
+ */
+std::optional<Ieee80211MacAddress>
+Ieee80211MacAddressFromString(std::string macAddress);
+
 /**
  * @brief Information about a BSS.
  */

src/common/wifi/core/include/microsoft/net/wifi/Ieee80211Authentication.hxx

@@ -26,6 +26,7 @@ using Ieee80211RsnaPskVariant = std::variant<Ieee80211RsnaPskPassphrase, Ieee802
  * @brief Encoding of a pre-shared key.
  */
 enum class Ieee80211RsnaPskEncoding {
+    Invalid,
     Passphrase,
     Value,
 };
@@ -50,9 +51,13 @@ struct Ieee80211RsnaPsk :
     constexpr Ieee80211RsnaPskEncoding
     Encoding() const noexcept
     {
+        // clang-format off
         return std::holds_alternative<Ieee80211RsnaPskPassphrase>(*this)
             ? Ieee80211RsnaPskEncoding::Passphrase
-            : Ieee80211RsnaPskEncoding::Value;
+            : std::holds_alternative<Ieee80211RsnaPskValue>(*this)
+                ? Ieee80211RsnaPskEncoding::Value
+                : Ieee80211RsnaPskEncoding::Invalid;
+        // clang-format on
     }
 
     /**