3
0
mirror of https://git.kernel.org/pub/scm/network/wireless/iwd.git synced 2024-12-27 10:52:47 +01:00
Commit Graph

2314 Commits

Author SHA1 Message Date
Andrew Zaborowski
e32ffc4d98 eapol: Use handshake_state to store state
Remove the keys and other data from struct eapol_sm, update device.c,
netdev.c and wsc.c to use the handshake_state object instead of
eapol_sm.  This also gets rid of eapol_cancel and the ifindex parameter
in some of the eapol functions where sm->handshake->ifindex can be
used instead.
2016-11-03 10:23:58 -05:00
Andrew Zaborowski
061dad2ff5 Add handshake_state object
struct handshake_state is an object that stores all the key data and other
authentication state and does the low level operations on the keys.  Together
with the next patch this mostly just splits eapol.c into two layers
so that the key operations can also be used in Fast Transitions which don't
use eapol.
2016-11-03 10:23:41 -05:00
Andrew Zaborowski
19afcb3582 device: Pass FT-related data to eapol and netdev
If device_select_akm_suite selects Fast Transition association then pass
the MD IE and other bits needed for eapol and netdev to do an FT
association and 4-Way Handshake.
2016-11-03 10:15:11 -05:00
Andrew Zaborowski
a35e0c2690 netdev: FT version of association messages
If an MD IE is supplied to netdev_connect, pass that MD IE in the
associate request, then validate and handle the MD IE and FT IE in the
associate response from AP.
2016-11-03 10:12:44 -05:00
Andrew Zaborowski
955ba74d2d unit: FT 4-Way Handshake eapol test
This also tests that the FT crypto functions work.  For the record
these are the values of the intermediate keys in this test:

ANonce: 33 b2 74 a0 ae c9 e8 5d 61 11 8f 1b 6b 97 77 4e 5b 75 08 37 45
77 dc 14 08 a5 f1 80 c5 d2 e9 fd
SNonce: ac 1e b2 c7 0b 20 8c e6 0a e2 07 b2 38 9e 44 1f ff 39 86 3d 44
9f 81 24 6f e3 6e de 0f 1f 56 ce
PMK-R0: ad b8 81 bf 50 11 1c fd 0b 5c 87 23 42 bf 3b 54 3e 81 d6 3f 3e
18 cf 0a 8d 3d 85 4f d8 07 ad d5
PMKR0Name: cc 62 4a e8 6e 0c 85 25 06 02 22 15 f7 3d 0d 01
PMK-R1: 17 6a 37 92 25 28 72 9f 40 18 06 20 b4 2d 34 2a 7b 8d da 09 4c
a9 cf 84 bd 55 4a 39 bc 5d c1 61
PMKR1Name: de ce 50 a0 9e f0 8c 4e be f2 f1 db e9 67 b4 d4
KCK: e4 2d ee 98 f9 9d fb f8 32 9f 50 41 05 58 35 a2
KEK: 34 5e 22 4e 91 73 8a 97 dd c4 19 53 c5 c8 d7 29
TK: 7c ff bd 35 ce 11 c5 75 1d 4c c6 7a df c2 a2 78
PTKName: 31 e4 94 a6 96 a5 c3 7e 2f 33 9c 47 04 dc ae 05
2016-11-03 10:06:01 -05:00
Andrew Zaborowski
d03f4d72f1 eapol: Handle FT-version of step 3 of 4-way handshake 2016-11-03 10:04:34 -05:00
Andrew Zaborowski
9d54a3082e eapol: Build FT-version step 2 of 4-way handshake
If an FT AKM suite is selected, build the FT version of the step 2
of the 4-way handshake frame.  Step 1 is same as non-FT version.
2016-11-03 10:03:45 -05:00
Andrew Zaborowski
0d2e5b9849 eapol: Add setters for the FT handshake input data
Add space in the eapol_sm struct for the pieces of information required
for the FT 4-Way Handshake and add setters for device.c and netdev.c to
be able to provide the data.
2016-11-03 10:01:41 -05:00
Andrew Zaborowski
67a5b68a16 device: Drop the bss->sha256 flag usage
Don't decide on the AKM suite to use when the bss entries are received
and processed, instead select the suite when the connection is triggered
using a new function device_select_akm_suite, similar to
wiphy_select_cipher().  Describing the AKM suite through flags will be
more difficult when more than 2 suites per security type are supported.
Also handle the wiphy_select_cipher 0 return value when no cipher can be
selected.
2016-11-03 10:00:35 -05:00
Andrew Zaborowski
1b99521e98 ie: Implement ie_parse_neighbor_report 2016-11-03 09:59:49 -05:00
Tim Kourt
bc2396b4f7 auto-t: Add config file arg. to IWD start script 2016-11-02 17:42:36 -05:00
Tim Kourt
cae6734035 doc: Explain iwd_config_dir option for t-runner 2016-11-02 17:25:02 -05:00
Tim Kourt
445f872ecd t-runner: use iwd config file option 2016-11-02 17:24:51 -05:00
Denis Kenzior
2340c7790c device: Avoid leaking memory
In case we bail out early when setting up the RSN element
2016-11-02 16:42:12 -05:00
Rahul Rahul
e6311557fe device: set mfp and group mgmt cipher if AP supports it 2016-11-02 16:39:20 -05:00
Rahul Rahul
b47c82102e network: update network_bss_select for mfp
Update network_bss_select for MFP.  Particularly the scenario when all
BSSes inside the bss_list have MFPR set, but we're not BIP capable.
2016-11-02 16:36:13 -05:00
Tim Kourt
17527d4570 main: init iwd config 2016-11-02 16:06:10 -05:00
Tim Kourt
ee15914e79 bootstrap: define sysconfdir 2016-11-02 15:44:47 -05:00
Tim Kourt
301caff89e makefile: Install iwd.conf into /etc 2016-11-02 15:44:43 -05:00
Tim Kourt
410d34c21b iwd: Add accessor for iwd_config 2016-11-02 15:44:19 -05:00
Tim Kourt
2ab4d424b8 configure: Add config. dir path 2016-11-02 15:35:13 -05:00
Daniel Wagner
dee6a6f082 network: Add Type property to D-Bus API 2016-11-02 10:04:24 -05:00
Daniel Wagner
b540e498c5 doc: Add Type property to Network objects
Currently, the security type is only discovererable via the Device
object.  Let's add it security type property here to avoid unnecessary
complex lookups.
2016-11-02 10:04:10 -05:00
Daniel Wagner
6a6f3c8865 network: Add Device property to D-Bus API 2016-11-02 10:00:30 -05:00
Daniel Wagner
785e155571 doc: Add Device property to Network objects
This allows to walk the tree in reverse order.
2016-11-02 10:00:10 -05:00
Denis Kenzior
02ae7d0f53 AUTHORS: Mention Daniel's contributions 2016-11-02 09:57:44 -05:00
Daniel Wagner
d9f2d40f6f device: Add Adapter property to D-Bus API 2016-11-02 09:57:21 -05:00
Daniel Wagner
47d158393d doc: Add Adapter property to D-Bus API
This allows to walk the tree in reverse order.
2016-11-02 09:57:11 -05:00
Rahul Rahul
5e0b24dcb2 netdev: implement netdev_set_igtk 2016-10-31 09:53:04 -05:00
Andrew Zaborowski
c3efd80dd0 unit: Update eapol_sm_set_ap/own_rsn/wpa parameters 2016-10-29 23:09:15 -05:00
Andrew Zaborowski
424ceb58a3 eapol: Drop len parameter to eapol_sm_set_rsn/wpa
The len parameter was only used so it could be validated against ie[1],
but since it was not checked to be > 2, it must have been validated
already, the check was redundant.  In any case all users directly
passed ie[1] as len anyway.  This makes it consistent with the ie
parsers and builders which didn't require a length.
2016-10-29 23:09:10 -05:00
Andrew Zaborowski
b29f333bb4 scan: Parse the Country String IE
and save to struct scan_bss
2016-10-29 22:58:36 -05:00
Andrew Zaborowski
1720edfc0e scan: Save Neighbor Report capability bit in bss scan entry 2016-10-29 22:57:07 -05:00
Andrew Zaborowski
da435326aa scan: Save the MD IE in bss scan entry 2016-10-29 22:53:40 -05:00
Andrew Zaborowski
e4c168cc3b ie: Fast BSS Transition IE utilities 2016-10-29 22:53:14 -05:00
Andrew Zaborowski
b20f1a2d50 ie: Mobility Domain IE utilities 2016-10-28 11:28:21 -05:00
Denis Kenzior
90ea26bec5 netdev: Squash kernel warning
netlink: 16 bytes leftover after parsing attributes in
process `iwd'.
2016-10-28 09:27:02 -05:00
Rahul Rahul
c16ae02056 eapol: refactor eapol_find_kde and add install_igtk 2016-10-26 16:34:52 -05:00
Denis Kenzior
318d3a2d35 scan: Refactor bss_get_supported_ciphers
In many cases the pairwise and group cipher information is not the only
information needed from the BSS RSN/WPA elements in order to make a
decision.  For example, th MFPC/MFPR bits might be needed, or
pre-authentication capability bits, group management ciphers, etc.

This patch refactors bss_get_supported_ciphers into the more general
scan_bss_get_rsn_info function
2016-10-24 22:12:25 -05:00
Denis Kenzior
bdd676a23a wiphy: Add support for BIP in wiphy_select_cipher 2016-10-24 21:29:37 -05:00
Denis Kenzior
2899315828 wiphy: Rename pairwise_ciphers to supported_ciphers
Since the ciphers stored here are not only for pairwise, but also group
and management ciphers.
2016-10-24 21:29:03 -05:00
Denis Kenzior
13f83fda81 wiphy: Also print whether we support BIP 2016-10-24 21:25:04 -05:00
Tim Kourt
85db443b37 eap-wsc: Use header length constant for readability 2016-10-24 11:21:01 -05:00
Tim Kourt
da433a1c56 eap-wsc: Clean up packet ptr ops 2016-10-24 11:18:53 -05:00
Tim Kourt
79d5353531 src: Introduce iwd.conf 2016-10-24 11:10:26 -05:00
Tim Kourt
884ef2e15f src: Rename dbus config. file
Rename dbus config. file to avoid future configuration with the IWD
config. file.
2016-10-24 11:10:23 -05:00
Marcel Holtmann
88909947e2 build: Remove support for usage of kdbus 2016-10-16 19:41:27 +02:00
Denis Kenzior
cc2052d33e eapol: In case of timeout, mark as NULL 2016-10-15 16:26:41 -05:00
Andrew Zaborowski
bf65ce9096 unit: Update eapol and WSC tests for new eapol calls 2016-10-15 16:26:41 -05:00
Andrew Zaborowski
c548898635 eapol: Cache early EAPoL frames until ready to process
Split eapol_start into two calls, one to register the state machine so
that the PAE read handler knows not to discard frames for that ifindex,
and eapol_start to actually start processing the frames.  This is needed
because, as per the comment in netdev.c, due to scheduling the PAE
socket read handler may trigger before the CMD_CONNECT event handler,
which needs to parse the FTE from the Associate Response frame and
supply it to the eapol SM before it can do anything with the message 1
of 4 of the FT handshake.

Another issue is that depending on the driver or timing, the underlying
link might not be marked as 'ready' by the kernel.  In this case, our
response to Message 1 of the 4-way Handshake is written and accepted by
the kernel, but gets dropped on the floor internally.  Which leads to
timeouts if the AP doesn't retransmit.
2016-10-15 16:25:37 -05:00