3
0
mirror of https://git.kernel.org/pub/scm/network/wireless/iwd.git synced 2025-01-12 11:02:37 +01:00
Commit Graph

3706 Commits

Author SHA1 Message Date
James Prestwood
0e9ed03e60 handshake: update key getters for FILS-FT
FILS-FT is a special case with respect to the PTK keys. The KCK getter
was updated to handle both FT-FILS AKMs, by returning the offset in
the PTK to the special KCK generated during FILS. A getter for the KCK
length was added, which handles the SHA384 variant. The PTK size was
also updated since FILS-FT can generate an additional 56 bytes of PTK
2019-05-22 16:14:51 -05:00
James Prestwood
bc381bd8c3 crypto: update FT derivation functions to use sha384
FILS-FT requires the SHA384 KDF to derive the FT keys
2019-05-22 16:14:14 -05:00
James Prestwood
aafb3fa7ed handshake: add key for FILS-FT in handshake_state
FILS derives its own FT key, for use as xxkey during fast transition.
2019-05-22 16:14:01 -05:00
James Prestwood
e109e1b1cf crypto: pass xxkey length for crypto_derive_pmk_r0
FILS-FT has a special derivation for xxkey, and depending on AKM
the key may be 32 or 48 bytes long.
2019-05-22 16:13:57 -05:00
James Prestwood
4c32dd09f6 fils: add forgotten break 2019-05-22 16:13:08 -05:00
Denis Kenzior
03ff5ef7d0 device: Convert to using IWD_MODULE 2019-05-22 10:20:10 -05:00
Denis Kenzior
978e538f81 station: Convert to use IWD_MODULE 2019-05-22 10:20:10 -05:00
Denis Kenzior
23b278ef52 wsc: Convert to use IWD_MODULE 2019-05-22 10:20:10 -05:00
Denis Kenzior
4cfcb9c88d network: Convert to use IWD_MODULE 2019-05-22 10:20:10 -05:00
Denis Kenzior
800d57d095 knownnetworks: Convert to IWD_MODULE 2019-05-22 10:20:10 -05:00
Denis Kenzior
546c3c26d3 simauth: Convert to use IWD_MODULE 2019-05-22 10:20:08 -05:00
Denis Kenzior
b8f6899f40 blacklist: Convert to use IWD_MODULE 2019-05-22 09:58:04 -05:00
Denis Kenzior
a1d9c07f2f erp: Convert to using IWD_MODULE 2019-05-19 13:07:13 -05:00
Denis Kenzior
2386fa7938 main: Add IWD_MODULE macro 2019-05-19 13:05:06 -05:00
Denis Kenzior
8dced8b7f7 main: Update to the new genl api 2019-05-17 17:10:18 -05:00
Denis Kenzior
71ebc00fb7 tools: Update test-runner to the new genl api 2019-05-17 17:10:15 -05:00
Denis Kenzior
dea23bede7 tools: Update hwsim to the new genl api 2019-05-17 17:10:13 -05:00
Denis Kenzior
4e4285497d TODO: Add some OCE related tasks 2019-05-13 21:43:24 -05:00
James Prestwood
e5d36bbb33 auto-t: add AP test with no AP iftype support
Ensures IWD properly handles an adapter which does not support AP mode.
2019-05-13 16:38:23 -05:00
James Prestwood
f30c4bf578 auto-t: handle exceptions correctly for start_ap
The start_ap method was raising potential dbus errors before converting
them to an IWD error type. This is due to dbus.Set() not taking an error
handler. The only way to address this is to catch the error, convert it
and raise the converted error.
2019-05-13 16:38:23 -05:00
James Prestwood
d6eade2252 auto-t: add test for CCMP with no support
Using the new cipher_disable hwsim option we can disable CCMP support
but require it on the AP. This should result in a Not Supported error.
2019-05-13 16:38:23 -05:00
James Prestwood
f038c11205 test-runner: allow disabling of iftype/cipher
Two new hardware configuration keys were added:

[radX]
iftype_disable=station,ap,adhoc,p2p_client,p2p_go,mesh_point
cipher_disable=wep40,wep104,tkip,ccmp,bip

Any of the above values are supported and can be disabled.
2019-05-13 16:38:23 -05:00
James Prestwood
2d173e5f24 test-runner: add a radio parameters structure for creation
Support is coming to configure radios with a specific set of interface
type and cipher support, so the input to create_hwsim_radio is better
suited to use a parameter structure rather than adding more parameters.
2019-05-13 16:38:23 -05:00
James Prestwood
2d51622c0b test-runner: allow radio list subset to be configured
The radio_confs key was parsed in a way that required all radios
to be specified in the list. This isnt optimal, as you may want to
specially configure a certain radio, while keeping all the others
default.

This change reworks some logic and allows any radio to be specially
configured on its own.
2019-05-13 16:38:23 -05:00
James Prestwood
0e31b33631 hwsim: allow specific radio iftypes/ciphers
mac80211_hwsim now allows setting supported iftypes/ciphers. This patch
enables this support in hwsim. Specific iftypes/ciphers can now be
disabled via the command line when creating a radio:

Disable iftypes:
--iftype-disable station,ap,adhoc,p2p_client,p2p_go,mesh_point

Disable cipher types:
--cipher-disable ccmp,tkip,wep
2019-05-13 16:38:23 -05:00
James Prestwood
79dd04c13a test-runner: in native HW mode, check for AP capabilities
The test should be aborted if there are not enough radios that support
AP mode. The iftype attribute will now be parsed during the wiphy dump
and a flag is set on the wiphy so we know to skip this radio when
creating the hostapd instances. Since hostapd gets started first, it
will automatically choose all the radios it needs which support AP mode.
This leaves the remainder of the radios (potentially STA only) for IWD.
2019-05-13 14:13:34 -05:00
James Prestwood
7c7aafa812 test-runner: skip hostapd iface creation if native HW
In native hardware mode the interfaces already exist, so there is
no need for hostapd to create new ones.
2019-05-13 14:13:18 -05:00
James Prestwood
97ec50ce28 test-runner: fix radio index 0 deletion
In the PCI/USB passthrough changes the wiphy ID was changed to be an
unsigned integer, where id zero corresponded to an error when in native
hardware mode. Along with this, the radio ID for hwsim was changed to a
pre-increment (only in test-runner), so the radio IDs would start at 1.
The repercussions were not fully investigated, but if they were it would
have been seen that hwsim creates radios IDs starting at zero. This left
test-runner and hwsim with unsynchronized radio IDs, and radio zero
never got deleted after each test causing each successive test to
discover old radio IDs.
2019-05-13 14:11:54 -05:00
Andrew Zaborowski
08ec88671a manager: Also delete interfaces without an ifindex, cleanup 2019-05-13 14:10:49 -05:00
Andrew Zaborowski
0b109c52b7 netdev: Add missing initialization
ifaddr is not guaranteed to be initialized, I'm not sure why there was
no compiler warning.  Also replace a | with a || for boolean conditions
and merge the wiphy check with that line.
2019-05-13 14:10:49 -05:00
Andrew Zaborowski
b86af171f0 netdev: Don't warn on genl messages not matching a netdev
This is going to be a normal situation when we start using interfaces
without an ifindex.
2019-05-13 14:10:49 -05:00
Andrew Zaborowski
925095f835 netdev: Drop remaining whitelist/blacklist code 2019-05-13 14:10:49 -05:00
Marcel Holtmann
c923448bac Release 0.18 2019-05-11 21:32:54 +02:00
Marcel Holtmann
df6003d8c8 build: Add generated certificates to .gitignore 2019-05-11 21:32:17 +02:00
Marcel Holtmann
0c3de62880 build: Require at least version 0.20 when building with external ELL 2019-05-11 21:14:57 +02:00
Marcel Holtmann
cde9933124 build: Generate certificates for unit testing locally 2019-05-11 10:11:12 +02:00
Marcel Holtmann
f3ed078adf build: Remove unit/test-pbkdf2-sha1 from .gitignore 2019-05-11 09:48:53 +02:00
Andrew Zaborowski
236dc14a3d station: Cancel the roam scan in station_free
We'd remove the roam timeout but not scancel the roam scan in
station_free, instead call station_roam_state_clear which does both
things.
2019-05-10 19:19:21 -05:00
Andrew Zaborowski
b560ca6173 scan: Make sure request is unqueued in scan_cancel
We were forgetting to handle the case of scan requests that are not at the
top of the queue.
2019-05-10 19:19:07 -05:00
Andrew Zaborowski
157d5f9f47 scan: Check if an external scan flushed intermediate results
When handling a scan finished event for a scan we haven't started check
that we were not halfway through a scan request that would have its
results flushed by the external scan.
2019-05-10 19:19:02 -05:00
Andrew Zaborowski
d256bc91ad test-runner: Drop options no longer supported by qemu
-nodefconfig doesn't exist anymore and according to the docs it either
had the same meaning or was implied by -no-user-config so it wouldn't be
needed anyway.  -balloon doesn't exist anymore and according to
https://lists.gnu.org/archive/html/qemu-devel/2018-02/msg06985.html
"-balloon none" was a nop, but I suspect -nodefaults may have already
had the effect of disabling creation of the virtio-balloon device.
2019-05-10 14:15:51 -05:00
Marcel Holtmann
51553415bd erp: Include src/missing.h for explicit_bzero 2019-05-10 11:06:52 +02:00
Marcel Holtmann
cab0bc29c4 sae: Include src/missing.h for explicit_bzero 2019-05-10 11:01:32 +02:00
Marcel Holtmann
635ca39096 build: Add missing src/auth-proto.h filename 2019-05-10 10:48:40 +02:00
Marcel Holtmann
02a3f6a146 build: Fix spelling of src/rtnlutil.h filename 2019-05-10 10:44:57 +02:00
James Prestwood
465c90465d TODO: remove FT-over-DS item 2019-05-09 13:50:02 -05:00
James Prestwood
02a0a821b4 auto-t: add test for FT-over-DS 2019-05-09 13:38:48 -05:00
James Prestwood
c0c8faf32f ft: netdev: station: support FT-over-DS
FT-over-DS is a way to do a Fast BSS Transition using action frames for
the authenticate step. This allows a station to start a fast transition
to a target AP while still being connected to the original AP. This,
in theory, can result in less carrier downtime.

The existing ft_sm_new was removed, and two new constructors were added;
one for over-air, and another for over-ds. The internals of ft.c mostly
remain the same. A flag to distinguish between air/ds was added along
with a new parser to parse the action frames rather than authenticate
frames. The IE parsing is identical.

Netdev now just initializes the auth-proto differently depending on if
its doing over-air or over-ds. A new TX authenticate function was added
and used for over-ds. This will send out the IEs from ft.c with an
FT Request action frame.

The FT Response action frame is then recieved from the AP and fed into
the auth-proto state machine. After this point ft-over-ds behaves the
same as ft-over-air (associate to the target AP).

Some simple code was added in station.c to determine if over-air or
over-ds should be used. FT-over-DS can be beneficial in cases where the
AP is directing us to roam, or if the RSSI falls below a threshold.
It should not be used if we have lost communication to the AP all
(beacon lost) as it only works while we can still talk to the original
AP.
2019-05-09 13:38:34 -05:00
James Prestwood
a432ceeee4 netdev: modify netdev_send_action_frame for ft-over-ds
To support FT-over-DS this API needed some slight modifications:

- Instead of setting the DA to netdev->handshake->aa, it is just set to
  the same address as the 'to' parameter. The kernel actually requires
  and checks for these addresses to match. All occurences were passing
  the handshake->aa anyways so this change should have no adverse
  affects; and its actually required by ft-over-ds to pass in the
  previous BSSID, so hard coding handshake->aa will not work.

- The frequency is is also passed in now, as ft-over-ds needs to use
  the frequency of the currently connected AP (netdev->frequency get
  set to the new target in netdev_fast_transition. Previous frequency
  is also saved now).

- A new vector variant (netdev_send_action_framev) was added as well
  to support sending out the FT Request action frame since the FT
  TX authenticate function provides an iovec of the IEs. The existing
  function was already having to prepend the action frame header to
  the body, so its not any more or less copying to do the same thing
  with an iovec instead.
2019-05-09 13:32:45 -05:00
James Prestwood
1801262f2a auto-t: update FT tests to disable FT-over-DS 2019-05-09 12:26:33 -05:00