3
0
mirror of https://git.kernel.org/pub/scm/network/wireless/iwd.git synced 2024-12-23 14:22:36 +01:00
Commit Graph

1975 Commits

Author SHA1 Message Date
James Prestwood
42fe517d4e netdev: added station watch
For Ad-Hoc networks, the kernel takes care of auth/assoc
and issues a NEW_STATION event when that is complete. This
provides a way to notify when NEW_STATION events occur as
well as forward the MAC of the station to Ad-Hoc.

The two new API's added:
 - netdev_station_watch_add()
 - netdev_station_watch_remove()
2018-07-17 10:50:34 -05:00
James Prestwood
54cd428c94 netdev: Add IFTYPE_ADHOC interface type
netdev_set_iftype and get_iftype were also changed to
account for all three interface types.
2018-07-17 10:49:10 -05:00
Denis Kenzior
efecce772f eapol: Fix memory allocation issues
When the EAPOL-Key data field is encrypted using AES Wrap, check
that the data field is large enough before calculating the expected
plaintext length.

Previously, if the encrypted data field was smaller than 8 bytes, an
integer underflow would occur when calculating the expected plaintext
data length. This would cause iwd to try to allocate a huge amount of
memory, which causes it to abort and terminate. If the data field was
equal to 8 bytes, iwd would try to allocate 0 bytes of memory, making
l_new return NULL, which subsequently causes iwd to crash on a NULL
pointer deference.

Reported-by: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be>
2018-07-16 10:51:13 -05:00
Denis Kenzior
57c3aa2589 scan: Fix triggered flag setting
triggered flag was being reset to false in all cases.  However, due to
how scan_finished logic works, it should have remained true if no more
commands were left to be sent (e.g. the scan was finished).
2018-07-13 12:34:59 -05:00
Tim Kourt
d83dda410d device: fix incomplete variable replacement 2018-07-13 11:41:49 -05:00
Christian Hesse
22e5ba2133 device: make the output less verbose
Having hidden SSIDs or SSIDs with non-UTF8 characters around make iwd
flood the logs with messages. Make iwd less verbose and show these
messages with enabled debug output only.
2018-07-13 10:39:02 -05:00
Tim Kourt
9ff2e59e40 scan: add hidden networks into periodic scan
In addition, the periodic scan can now alternate between the
active or passive modes. The active mode is enabled by existence of
the known hidden networks and observation of them in the
previous scan result.
2018-07-11 17:29:47 -05:00
Tim Kourt
ec8afb0af1 scan: add todo comment for randomization flag 2018-07-11 17:24:17 -05:00
Denis Kenzior
48e9f2aee0 scan: Break up logic into utility functions
Some fairly common logic was duplicated across functions.  Split it up
into common utilities
2018-07-11 17:20:06 -05:00
Denis Kenzior
dfe74ea8ff scan: Use a cast instead of an extra function 2018-07-11 16:30:45 -05:00
Tim Kourt
c33deb7a0a scan: add hidden networks into the scan requests
To support an auto-connect for the hidden networks and having
a limited number of SSIDs that can be appended into a probe
request, introduced a concept of a command batch. Now, scan request
may consist of a series of commands. The commands in the batch
are triggered sequentially. Once we are notified about the
results from a previous command, a consequent command in the
batch is triggered. The collective results are reported once
the batch is complete. On a command failure, the batch
processing is canceled and scan request is removed
2018-07-11 16:30:41 -05:00
Denis Kenzior
87108984bc network: set Hidden=true for new hidden networks 2018-07-11 16:09:42 -05:00
Denis Kenzior
d744915534 device: Rework device_hidden_network_scan_results
Rework the logic slightly to simplify the need for error labels.  Also
the connect_pending variable might not have been properly reset to NULL
in case of error, so make sure we reset it prior to calling into
network_connect_new_hidden_network
2018-07-11 15:59:51 -05:00
Tim Kourt
d8c8ebdf3a device: enable connection to the hidden networks
1) Change signature of process_bss to return a confirmation
   that bss has been added to a network otherwise we can
   discard it.

2) Implements logic for the discovery and connection to
   a hidden network.
2018-07-11 15:36:14 -05:00
Tim Kourt
72c6862255 network: add network info accessors
This adds the accessors for the hidden field in network
info. In addition, it provides a lookup of the network infos
by ssid and security type.
2018-07-11 15:20:55 -05:00
Tim Kourt
d2feb535a5 network: implement a counter for the hidden networks 2018-07-11 10:36:40 -05:00
Tim Kourt
f7a30106bf scan: initial support for the direct probe request
This enables the discovery of the hidden networks
2018-07-11 10:25:24 -05:00
Tim Kourt
d1a8e191e9 network: introduce connect API for the hidden nets 2018-07-11 10:19:43 -05:00
James Prestwood
bbad6b4ec9 ap: use netdev_del_station API
Removes del station code from AP in favor of netdev_del_station.
2018-07-03 16:45:29 -05:00
James Prestwood
4a2b80ee97 netdev: expose netdev_del_station
This removes the need for duplicate code in AP/netdev for issuing
a DEL_STATION command. Now AP can issue a DEL_STATION with
netdev_del_station, and specify to either disassociate or deauth
depending on state.
2018-07-03 16:45:29 -05:00
James Prestwood
b2f27f3abe netdev: fixed key setting failure
If netdev fails to set the keys, there was no way for device/ap to
know. A new handshake event was added for this. The key setting
failure function was also fixed to support both AP/station iftypes.
It will now automatically send either a disconnect or del_station
depending on the interface type.

In similar manner, netdev_handshake_failed was also modified to
support both AP/station iftypes. Now, any handshake event listeners
should call netdev_handshake_failed upon a handshake failure
event, including AP.
2018-07-03 16:45:25 -05:00
James Prestwood
d4e521027b device: add debug prints for mode switching
Its useful to know when the device has switched modes
2018-07-03 16:15:54 -05:00
Denis Kenzior
5b8f052524 device: Don't return an error on no state change
If device is already disconnected or in autoconnect mode, don't return
an error if .Disconnect is called.  Instead simply silently return
success after disabling autoconnect.
2018-07-03 16:13:39 -05:00
Denis Kenzior
73e0394d7f device: Use dbus_error_from_errno in .Disconnect 2018-07-03 16:12:04 -05:00
Denis Kenzior
8bbe85787c device: Fix memory leak when aborting a connection
==1058== 231 (32 direct, 199 indirect) bytes in 1 blocks are definitely lost in loss record 10 of 10
==1058==    at 0x4C2DB8F: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==1058==    by 0x452472: l_malloc (util.c:62)
==1058==    by 0x456324: l_settings_new (settings.c:83)
==1058==    by 0x427D45: storage_network_open (storage.c:262)
==1058==    by 0x42806C: network_settings_load (network.c:75)
==1058==    by 0x428C2F: network_autoconnect (network.c:490)
==1058==    by 0x4104E9: device_autoconnect_next (device.c:194)
==1058==    by 0x410E38: device_set_scan_results (device.c:393)
==1058==    by 0x410EFA: new_scan_results (device.c:414)
==1058==    by 0x424A6D: scan_finished (scan.c:1012)
==1058==    by 0x424B88: get_scan_done (scan.c:1038)
==1058==    by 0x45DC67: destroy_request (genl.c:134)
2018-07-03 15:45:29 -05:00
Tim Kourt
5f69aba32b eap-peap: add warning for the missing M flag 2018-07-02 20:28:08 -05:00
James Prestwood
9e32ea5e80 ap: removed unused ap_event enum 2018-07-02 15:34:26 -05:00
Denis Kenzior
fb1296e9c0 network: Add network_info_get_known 2018-07-02 13:03:03 -05:00
James Prestwood
8ed043533a wsc: register for handshake events
This is a fixup for the AP code merge. wsc.c never registered
for handshake events, so in case of failure it was never calling
netdev_handshake_failed, which caused a double free.
2018-07-02 12:29:08 -05:00
Denis Kenzior
057b019550 network: Use __device_connect_network
In network_autoconnect, use the low-level version of
device_connect_network
2018-07-02 12:28:10 -05:00
Denis Kenzior
a1a6c2d7d6 device: Introduce __device_connect_network
The version with '__' prefix is the raw version that returns errnos.
The version without '__' prefix deals with D-Bus error conversion.
2018-07-02 12:25:47 -05:00
Denis Kenzior
31081f98e7 dbus: Add dbus_error_from_errno 2018-07-02 12:24:33 -05:00
Denis Kenzior
7f844a2520 eapol: Relax key_iv checks
Many APs don't send properly zerod key_iv elements in EAPoL-Key frames.
In the past iwd has complained, but this broken behavior is so
prevalent, that it is likely a lost cause.

This patch takes out these warnings
2018-07-01 20:57:38 -05:00
Denis Kenzior
1c9a1ea46d eapol: Handle all zero PMKID 2018-07-01 20:48:11 -05:00
Denis Kenzior
7676aa2107 netdev: Allow iwd.conf to specify PAE over NL80211
Right now iwd uses Control Port over NL80211 feature if the kernel /
driver supports it.  On some kernels this feature is still buggy, so add
an iwd.conf entry to allow the user to override id.

For now the default is to disable this feature until it is more stable.
2018-07-01 20:41:34 -05:00
James Prestwood
fd79297553 device/ap: Moved AP dbus interface into ap.c
Now, a user can setup an AP as follows:

- Set device "Mode" to ap (ap interface will appear on bus)
- call "Start()" on AP interface

Issuing "Stop()" on the AP interface will stop and cleanup
the internal AP structures, but the AP interface will remain
up. To shutdown completely the device Mode must be switched
back to station. If the AP interface is running, the Mode can
directly be switched to station without calling Stop; this
has the same effect and will take down the AP interface.
2018-06-29 18:28:28 -05:00
Tim Kourt
9976007dd8 eap-peap: Relax the M bit requirement
Some of the PEAP server implementation brake the protocol
and don’t set the M flag for the first packet during the
fragmented transmission. To stay compatible with such
devices, we relax this requirement in iwd.
2018-06-29 17:39:50 -05:00
James Prestwood
d5dd1a4e90 wsc: fixed comment typo 2018-06-29 16:41:13 -05:00
James Prestwood
1d8869fbb7 dbus: define AccessPoint interface
net.connman.iwd.AccessPoint interface was added
2018-06-29 14:26:07 -05:00
Tim Kourt
1fff705160 device: use direct probe request in roam scans
This takes care of the roaming for the hidden networks.
In addition, it limits the noise responses from the
other networks.
2018-06-29 13:53:39 -05:00
Tim Kourt
5ded4890a6 network: introduce the concept of hidden networks 2018-06-29 13:51:12 -05:00
Tim Kourt
1ffc99c343 scan: add ssid parameter
ssid – is used for the direct probe requests
2018-06-29 13:48:09 -05:00
Tim Kourt
d91b81bc11 dbus: add AlreadyProvisioned and NotHidden errors 2018-06-29 13:46:33 -05:00
Tim Kourt
28c6a37db0 scan: rename scan triggered callback 2018-06-28 15:56:46 -05:00
Tim Kourt
27e305c9d2 device: change scan command logic
This patch allows alternating between the passive and active
scans taking into consideration an existence of the known
hidden networks and previous observation of them in the scan
results, as well as an ability to randomize the MAC address.
2018-06-28 15:44:57 -05:00
Denis Kenzior
5828073cd5 scan: Add randomize_mac_addr_hint
This will be used by the scanning code to enable mac address
randomization if supported by the hardware / kernel.
2018-06-28 15:41:29 -05:00
Tim Kourt
ef5110869b network: Add stub for network_info_has_hidden 2018-06-28 15:06:11 -05:00
Denis Kenzior
961c3e849d eap-peap: Print alert number 2018-06-28 13:23:13 -05:00
Tim Kourt
8ea4f82166 device: introduce seen_hidden_networks flag
This flag indicates whether the hidden networks were
observed in the scan results. We drop the hidden network BSSs
after the flag is set.
2018-06-28 11:37:10 -05:00
Tim Kourt
3781c157db util: Add util_ssid_is_hidden 2018-06-28 11:37:06 -05:00
Tim Kourt
a681e845a6 scan: change signature of scan_build_cmd
This allows scan_build_cmd to take advantage of a full
scan context. For example to check the feature availability
of wiphy, etc.
2018-06-28 11:25:30 -05:00
Tim Kourt
bece39619b scan: fix scan state check
The state of scan is split between the two variables sc->state
and sc->start_cmd_id. Not checking start_cmd_id used to cause
sending a scan request while periodic scan was just triggered
resulting in EBUSY.
2018-06-28 11:13:45 -05:00
James Prestwood
93a113f551 ap: remove ap_error_deauth_sta
Instead of manually sending a deauth/disassociate to a station
during an error or removal, the kernel can do it automatically
with DEL_STATION by including the MGMT_SUBTYPE attribute. This
removes the need for ap_error_deauth_sta and introduces
ap_deauthenticate_sta. Now AP can be explicit when it chooses
to deauth or disassociate.
2018-06-28 11:12:11 -05:00
Tim Kourt
48b7ed1e47 dbus: Add error msg for the service set overlap
The intended usage of this error is to notify a client
application about the presence of the multiple overlapping
network sessions.
2018-06-27 19:37:30 -05:00
James Prestwood
92f1ceb3ce netdev/eapol: removed eapol deauthenticate
This removes the need for the eapol/netdev deauthenticate function.
netdev_handshake_failed was exposed so device.c could issue the
disconnect.
2018-06-27 16:17:14 -05:00
James Prestwood
4ed30ff661 ap: removed code that was moved to eapol
All handshake packet handling has been removed from ap and
moved to eapol. After association, the AP registers a new
authenticator state machine which handles the AP side of
the handshake. AP will receive a handshake event once the
4-way handshake is complete.
2018-06-27 14:21:16 -05:00
James Prestwood
9d4f1b4ca6 eapol: moved AP authenticator into eapol
Includes:
 - support for handling ptk 2/4 and 4/4. Also sending 1/4 and 3/4.
 - new API to register an authenticator SM. This automatically
   sends 1/4 to kick off authentication with an sta.
2018-06-22 14:40:20 -05:00
James Prestwood
b81a9482b4 netdev: added checks for station/ap iftype
These checks allow both a station and authenticator to use
the same netdev key install functions. For NEW_KEY and
SET_STATION, the iftype is checked and either handshake->aa
or ->spa is used as the station address for the KEY/STATION
commands. Also, in the failure cases, a disconnect command
is issued only if the iftype is station as this doesn't
apply to AP.
2018-06-22 14:33:32 -05:00
James Prestwood
aac00bf33a handshake: remove handshake related netdev events
Handshake related netdev events were removed in favor of
handshake events. Now events will be emitted on the handshake
object related to the 4-way handshake and key settings. Events
are:

HANDSHAKE_EVENT_STARTED
HANDSHAKE_EVENT_SETTING_KEYS
HANDSHAKE_EVENT_COMPLETE
HANDSHAKE_EVENT_FAILED

Right now, since netdev only operates in station mode, nothing
listens for COMPLETE/FAILED, as device/wsc gets notified by the
connect_cb when the connection was successful. The COMPLETE/
FAILED were added in preperation for AP moving into eapol/netdev.
2018-06-22 14:21:50 -05:00
Denis Kenzior
c5893f7da8 network: Fix memory leak in network_set_psk
==1057== 32 bytes in 1 blocks are definitely lost in loss record 1 of 1
==1057==    at 0x4C2AF0F: malloc (vg_replace_malloc.c:299)
==1057==    by 0x15E9A2: l_malloc (util.c:62)
==1057==    by 0x15EA9D: l_memdup (util.c:121)
==1057==    by 0x133D9A: network_set_psk (network.c:350)
==1057==    by 0x13BD29: wsc_try_credentials (wsc.c:136)
==1057==    by 0x13C121: wsc_connect_cb (wsc.c:220)
==1057==    by 0x110FAF: netdev_connect_failed (netdev.c:525)
==1057==    by 0x16AAF4: process_unicast (genl.c:390)
==1057==    by 0x16AF03: received_data (genl.c:509)
==1057==    by 0x166CB6: io_callback (io.c:123)
==1057==    by 0x16580D: l_main_iterate (main.c:376)
==1057==    by 0x16594B: l_main_run (main.c:423)
2018-06-21 20:14:00 -05:00
Denis Kenzior
3df790e3c5 handshake: Switch to superclass api 2018-06-21 20:10:07 -05:00
Denis Kenzior
b5e01226cb netdev: Remove un-needed pairwise set_key call
This seems to be no longer needed as the kernel looks up the key by the
sta specific key index.
2018-06-21 20:10:07 -05:00
James Prestwood
2177b22caa handshake: Add utility to generate a new anonce
AP EAPoL state machine will need to generate the anonce, so as
with snonce, an API was added to do that.
2018-06-20 14:04:54 -05:00
James Prestwood
b059a699ab netdev: refactored code to prep for AP code
Added several helpers for code that will be reused by AP
2018-06-20 14:02:07 -05:00
Denis Kenzior
d76cf840ed eap-ttls: Rename eap to phase2_eap for clarity 2018-06-20 13:55:15 -05:00
Denis Kenzior
a217b4f8b9 eap-ttls: Remove eap_new calls after load_settings
load_settings ensures that ttls->eap is correctly initialized.  So this
code should be treated as an error condition.

We also do not support EAP chaining, so remove that logic as well
2018-06-20 13:55:15 -05:00
Denis Kenzior
2fe2ed61e1 netdev: Set netdev->type to NL80211 enum 2018-06-20 08:23:22 -05:00
James Prestwood
0b5a3da2ef netdev: fixed netdev_set_iftype
While this would issue a SET_INTERFACE to the kernel it would
not actually set netdev->type, so netdev_get_iftype would
return incorrectly.
2018-06-19 16:13:39 -05:00
Antonio Quartulli
1de8d18883 main: don't crash if DBus is not running
dbus_init() currently does not check for the g_dbus object being
properly initialized and this leads to crashes when dbus is not yet
running.

Ensure g_dbus is properly initialized and return false otherwise.
In this case the caller can understand that something went wrong and
stop the initialization procedure.

Program received signal SIGSEGV, Segmentation fault.
0x00005555555bc089 in l_dbus_add_service_watch (dbus=0x0,
name=0x5555555e5b0a "org.ofono",
    connect_func=0x5555555aa81e <ofono_found>,
disconnect_func=0x5555555aa8e6 <ofono_disappeared>,
    user_data=0x0, destroy=0x0) at ell/dbus.c:1621
1621		if (!dbus->name_cache)
(gdb) bt
name=0x5555555e5b0a "org.ofono",
    connect_func=0x5555555aa81e <ofono_found>,
disconnect_func=0x5555555aa8e6 <ofono_disappeared>,
    user_data=0x0, destroy=0x0) at ell/dbus.c:1621
user_data=0x0) at ell/plugin.c:115
function=0x5555555b40fd <plugin_start>,
    user_data=0x0) at ell/queue.c:441
version=0x0) at ell/plugin.c:201
src/plugin.c:82
src/main.c:417
2018-06-15 10:59:07 -05:00
Denis Kenzior
8112806aca eap-mschapv2: Fix uninitialized use of memory
When the response structure is generated, not all of the memory was
initialized to 0.

==1045== Syscall param socketcall.sendto(msg) points to uninitialised byte(s)
==1045==    at 0x5134D52: send (in /lib64/libc-2.25.so)
==1045==    by 0x168AB5: l_checksum_update (checksum.c:338)
==1045==    by 0x186777: tls_write_mac (tls-record.c:58)
==1045==    by 0x1869D1: tls_tx_record_plaintext (tls-record.c:120)
==1045==    by 0x186DEA: tls_tx_record (tls-record.c:201)
==1045==    by 0x185A3B: l_tls_write (tls.c:2064)
==1045==    by 0x14584F: eap_ttls_eap_tx_packet (eap-ttls.c:321)
==1045==    by 0x14236C: eap_send_response (eap.c:165)
==1045==    by 0x147904: eap_mschapv2_send_response (eap-mschapv2.c:468)
==1045==    by 0x147A10: eap_mschapv2_handle_challenge (eap-mschapv2.c:492)
==1045==    by 0x147E9A: eap_mschapv2_handle_request (eap-mschapv2.c:615)
==1045==    by 0x142693: __eap_handle_request (eap.c:240)
==1045==  Address 0x1ffeffe7f9 is on thread 1's stack
==1045==  in frame #4, created by tls_tx_record (tls-record.c:177)
==1045==  Uninitialised value was created by a stack allocation
==1045==    at 0x1477AE: eap_mschapv2_send_response (eap-mschapv2.c:443)
==1045==
==1045== Syscall param sendmsg(msg.msg_iov[0]) points to uninitialised byte(s)
==1045==    at 0x5134E3B: sendmsg (in /lib64/libc-2.25.so)
==1045==    by 0x17F691: operate_cipher (cipher.c:356)
==1045==    by 0x17F9D8: l_cipher_encrypt (cipher.c:446)
==1045==    by 0x186BAA: tls_tx_record_plaintext (tls-record.c:152)
==1045==    by 0x186DEA: tls_tx_record (tls-record.c:201)
==1045==    by 0x185A3B: l_tls_write (tls.c:2064)
==1045==    by 0x14584F: eap_ttls_eap_tx_packet (eap-ttls.c:321)
==1045==    by 0x14236C: eap_send_response (eap.c:165)
==1045==    by 0x147904: eap_mschapv2_send_response (eap-mschapv2.c:468)
==1045==    by 0x147A10: eap_mschapv2_handle_challenge (eap-mschapv2.c:492)
==1045==    by 0x147E9A: eap_mschapv2_handle_request (eap-mschapv2.c:615)
==1045==    by 0x142693: __eap_handle_request (eap.c:240)
==1045==  Address 0x1ffeffe7f9 is on thread 1's stack
==1045==  in frame #4, created by tls_tx_record (tls-record.c:177)
==1045==  Uninitialised value was created by a stack allocation
==1045==    at 0x1477AE: eap_mschapv2_send_response (eap-mschapv2.c:443)
==1045==
2018-06-15 07:55:41 -05:00
Denis Kenzior
38952813dd storage: Simplify storage_network_open 2018-06-14 20:53:39 -05:00
Denis Kenzior
a2d8054218 eap: Separate private bits into eap-private.h 2018-06-14 20:01:19 -05:00
Denis Kenzior
f04869c3cf network: Use network_load_psk in network_connect_psk 2018-06-14 19:22:29 -05:00
Denis Kenzior
c25499a118 network: Rework autoconnect logic 2018-06-14 19:21:44 -05:00
Denis Kenzior
786365e2c7 eap: Add __eap_check_settings
Since PEAP & TTLS expect to use eap_check_settings recursively, make
them use a private version of that API that does not perform cleanup and
can contain side-effects.

eap_check_settings itself will guarantee that no side effects happen on
error.  It is meant to be used by code outside of the eap subsystem.
2018-06-14 19:21:44 -05:00
Denis Kenzior
e24d6b54d2 eap: Ensure that we don't return an empty queue 2018-06-14 17:02:09 -05:00
Denis Kenzior
250568025c network: Fix a bunch of double-frees
Missing secrets are freed by eap_send_agent_req() even in case of
failure, so it was erroneous to try to free them on error.

==1048== Invalid read of size 8
==1048==    at 0x1603EC: l_queue_clear (queue.c:101)
==1048==    by 0x1603B8: l_queue_destroy (queue.c:82)
==1048==    by 0x135328: network_connect_8021x (network.c:943)
==1048==    by 0x1354C4: network_connect (network.c:987)
==1048==    by 0x178DD2: _dbus_object_tree_dispatch (dbus-service.c:1690)
==1048==    by 0x16D32A: message_read_handler (dbus.c:285)
==1048==    by 0x166EC3: io_callback (io.c:123)
==1048==    by 0x165A1A: l_main_iterate (main.c:376)
==1048==    by 0x165B58: l_main_run (main.c:423)
==1048==    by 0x1102DA: main (main.c:458)
==1048==  Address 0x5461850 is 0 bytes inside a block of size 24 free'd
==1048==    at 0x4C2C13B: free (vg_replace_malloc.c:530)
==1048==    by 0x15ED03: l_free (util.c:136)
==1048==    by 0x1603C4: l_queue_destroy (queue.c:83)
==1048==    by 0x134BD5: eap_secret_request_free (network.c:719)
==1048==    by 0x134EF9: eap_send_agent_req (network.c:817)
==1048==    by 0x1352F7: network_connect_8021x (network.c:936)
==1048==    by 0x1354C4: network_connect (network.c:987)
==1048==    by 0x178DD2: _dbus_object_tree_dispatch (dbus-service.c:1690)
==1048==    by 0x16D32A: message_read_handler (dbus.c:285)
==1048==    by 0x166EC3: io_callback (io.c:123)
==1048==    by 0x165A1A: l_main_iterate (main.c:376)
==1048==    by 0x165B58: l_main_run (main.c:423)
2018-06-14 17:00:52 -05:00
Denis Kenzior
75b492eacc eap-peap: Fix double free 2018-06-14 16:01:50 -05:00
Denis Kenzior
eb1a183277 eap-ttls: Fix double free 2018-06-14 15:58:43 -05:00
Denis Kenzior
86fef093c0 eap-mschapv2: Optimize away some allocs/frees 2018-06-14 15:19:50 -05:00
Andrew Zaborowski
1a465aed4a eap: Allow methods to request the Identity from agent
In eap_check_settings move the check for the EAP-Identity setting so
that the method's check_setting call back has a chance to request it
from the agent.  Note the check can be also moved to the EAP methods
so that they are free to skip it if not NULL identity is ok.
2018-06-13 21:49:24 -05:00
Andrew Zaborowski
b9aaab9c63 eap-mschapv2: Drop unneeded UTF-8 validation
As report by Denis those strings have already gone through validation.
2018-06-13 21:49:07 -05:00
Andrew Zaborowski
66e332fd4a eap: Use l_settings_get_string where needed
Replace usages of l_settings_get_value with l_settings_get_string, which
will make sure the returned strings are unescaped but also allocates
memeory and forces us to use l_free on most of the strings.  Some of
these strings we explicitly set with l_settings_set_string() in our code
so when we retrieved them with l_settings_get_value() we would receive a
different string if there were any escapable characters in the string.
I didn't replace any of the l_settings_get_value() uses where we're just
checking whether a setting is present, or those which are hexstrings or
EAP method names assuming that they can't have any special characters,
although this isn't future proof.  I did use l_settings_get_string() for
file paths though.
2018-06-13 21:41:43 -05:00
Andrew Zaborowski
b8fde0c166 eap: Accept a second id parameter in eap_append_secret
Accept two setting IDs in eap_append_secret, first for the username and
second for the password in case of the EAP_SECRET_REMOTE_USER_PASSWORD
EAP secret type.  In all other cases only the first setting is used.
Until now for EAP_SECRET_REMOTE_USER_PASSWORD secrets we'd generate the
two setting names by adding different suffixes to the ID parameter.

Using the two different setting names automatically fixes the issues
with using the EAP Identity returned by the agent in EAP-MSCHAPv2 and
EAP-PWD.
2018-06-13 21:34:25 -05:00
Denis Kenzior
7877be328b netdev: Fix unneeded error negation
device.c expects errors to be negative for both set_powered and
set_4addr.
2018-06-13 21:25:01 -05:00
Antonio Quartulli
b415858698 device: add dbus interface for WDS property
The WDS dbus property of a Device directly maps to the 4ADDR property
of a real netdevice. It can be activated or deactivated at any point
in time.

The name WDS comes from the fact that this feature allows a STA
interface to be bridged and thus create a Wireless Distribution
System (the same name is used in OpenWRT and hostapd).

To implement this feature, the 'powered callback' data structure has
been renamed and re-used.
2018-06-13 21:16:22 -05:00
Antonio Quartulli
9476f78e2d netdev: add helper to set/unset 4ADDR property 2018-06-13 21:12:53 -05:00
Andrew Zaborowski
17ad048c8c device: On lost beacon always set roam_no_orig_ap
Even if we're already roaming or preparing to roam, setting this flag
may still affect some step of the roam sequence so set it anyway.
2018-06-13 12:13:45 -05:00
Andrew Zaborowski
660f321c3d eap-mschapv2: Fix password hash validation 2018-06-13 11:59:49 -05:00
Antonio Quartulli
896aa41082 netdev: handle netlink events on bridge ports
When a wifi interface is added/removed to/from a bridge, a
RTM_NEW/DELLINK event is issued. This is the same event used to signal
when an interface is created/deleted.

For this reason the event generated by the bridge code has to be
properly distinguished and handled accordingly. Failing to do so will
result in inconsistencies in iwd which will think an interface has been
deleted when it was actually not.

Detect incoming NEW/DELLINK bridge events and reacts accordingly. For
now, this simply means printing a simple message, as there is no
special logic in iwd for this yet.
2018-06-13 08:31:46 -05:00
James Prestwood
96374f47e5 eap-aka: added EAP reset_state 2018-06-12 11:09:10 -05:00
James Prestwood
789eb08bc9 eap-sim: added EAP reset_state 2018-06-12 11:09:10 -05:00
Denis Kenzior
e4bc7149c3 eap-tls: Implement reset_state method 2018-06-07 19:58:56 -05:00
Denis Kenzior
092ccb4372 eap-ttls: Add reset_state method 2018-06-07 19:53:42 -05:00
Denis Kenzior
1f3b120467 eap-peap: Add reset_state method 2018-06-07 19:43:25 -05:00
Denis Kenzior
6e242acddb eap-mschapv2: Implement reset_state 2018-06-07 17:10:59 -05:00
Denis Kenzior
ff7a581d36 eap: Don't destroy method on completion
Let the upper layers decide what to do when a method completes
2018-05-30 22:36:41 -05:00
Denis Kenzior
9bcb2b75ac eapol: On success, reset EAP state
Instead of destroying the EAP object, just reset its state in case the
EAP process completed successfully.  This allows EAP Reauthentication to
work.
2018-05-30 15:09:42 -05:00
Denis Kenzior
2722990e61 eap-pwd: Add .reset_state method 2018-05-30 15:04:20 -05:00
Denis Kenzior
5894051d6c eap: Introduce state reset
This is meant to reset the EAP state back to its original state without
affecting any state variables obtained through load_settings.  This can
be useful for EAP Reauthentication triggered by the AP.
2018-05-30 14:52:22 -05:00
Denis Kenzior
4c59569f0c scan: Move scan_get_security to common.c 2018-05-24 19:22:16 -05:00
Denis Kenzior
7c18e3cdfe iwd: Move network_init & network_exit to iwd.h 2018-05-24 19:22:12 -05:00
Denis Kenzior
e4ddf4cf19 ie: Add missing #include and forward declaration 2018-05-24 15:54:32 -05:00
Tim Kourt
c0daec7e8d scan: add wiphy into scan context
The added wiphy will later be used by the scan command
builder to identify the available features and get properties
2018-05-24 15:24:33 -05:00
Tim Kourt
8f17186666 scan: rename callback for the triggered scan 2018-05-24 15:24:33 -05:00
Denis Kenzior
3b4cc1bfe2 wiphy: Rename get_ext_feature API
to has_ext_feature
2018-05-24 15:24:16 -05:00
Tim Kourt
933eabb6ef wiphy: added accessor for the feature flags 2018-05-24 13:10:56 -05:00
Tim Kourt
367522fe8f netdev: added accessor for wiphy
Added an accessor to get wiphy associated with a network device
2018-05-24 13:07:00 -05:00
Denis Kenzior
e6adb36621 iwd.service: Use multi-user target 2018-05-22 11:28:02 -05:00
Denis Kenzior
2aba2f3ba9 main: Disable debug output by default
Instead use '-d' command line option.  This option uses an optional
argument.  Without an argument, '*' is assumed.  Otherwise you can
specify a glob string to match.  Any debug output that matches the glob
string will be printed.  e.g.:

src/iwd -d '*eap*'
2018-05-19 18:29:28 -05:00
James Prestwood
d54a8e56d3 netdev: print error if frame watch fails
The frame watch API had no callback, so if there was a failure
it would silently continue.
2018-05-18 12:54:40 -05:00
Denis Kenzior
6db257b937 eap: Dump unhandled EAP packets 2018-05-18 10:29:58 -05:00
Denis Kenzior
450ed03e21 eap: Fix crash
Some EAP servers might try to send us packets after the EAP connection
has been established.  When EAP succeeds we destroy the EAP object.  If
a new EAP request arrives we create a temporary EAP object to handle the
request (most likely to NAK it).  However, if the packet is not destined
to a particular method (e.g. it is a notification) the current logic can
result in a crash.

src/netdev.c:netdev_set_gtk() 3
==4300== Invalid read of size 8
==4300==    at 0x14204B: __eap_handle_request (eap.c:203)
==4300==    by 0x142339: eap_rx_packet (eap.c:287)
==4300==    by 0x12AEF9: eapol_rx_packet (eapol.c:1622)
==4300==    by 0x12BBBC: __eapol_rx_packet (eapol.c:2018)
==4300==    by 0x116D1E: netdev_pae_read (netdev.c:3121)
==4300==    by 0x16672B: io_callback (io.c:123)
==4300==    by 0x165239: l_main_iterate (main.c:376)
==4300==    by 0x16537D: l_main_run (main.c:423)
==4300==    by 0x10F95C: main (main.c:447)
==4300==  Address 0x30 is not stack'd, malloc'd or (recently) free'd
==4300==
2018-05-18 10:27:42 -05:00
Denis Kenzior
56eeaf7b7a eap: Fix invalid access
When the server sends an identity prompt or a notification, we were
trying to print from our local buffer, not from the actual packet.  The
relevant valgrind trace is:

src/netdev.c:netdev_mlme_notify() MLME notification 64
==4300== Conditional jump or move depends on uninitialised value(s)
==4300==    at 0x4C3006E: strnlen (vg_replace_strmem.c:425)
==4300==    by 0x508C513: vfprintf (vfprintf.c:1643)
==4300==    by 0x508EB75: buffered_vfprintf (vfprintf.c:2329)
==4300==    by 0x508C1A1: vfprintf (vfprintf.c:1301)
==4300==    by 0x167051: log_stderr (log.c:145)
==4300==    by 0x16756E: l_log_with_location (log.c:293)
==4300==    by 0x142173: __eap_handle_request (eap.c:235)
==4300==    by 0x142339: eap_rx_packet (eap.c:287)
==4300==    by 0x12AEF9: eapol_rx_packet (eapol.c:1622)
==4300==    by 0x12BBBC: __eapol_rx_packet (eapol.c:2018)
==4300==    by 0x116D1E: netdev_pae_read (netdev.c:3121)
==4300==    by 0x16672B: io_callback (io.c:123)
==4300==
EAP identity prompt: ""
2018-05-18 09:46:12 -05:00
John Zimmermann
3b4c1dd4d3 build: check for existence of execinfo.h
GLIBC is not necessarily the only library that provides execinfo.
With libexecinfo execinfo can be used also in other Libraries.
The patch lets the configure check the existence of the header
and the libexecinfo Library and uses them if avaible.

(also fixes compilation if execinfo is not avaible)
2018-05-17 17:42:28 -05:00
Tim Kourt
42c5d96219 network: load settings for the open networks
iwd was auto-connecting to the open networks despite having
Autoconnect=false flag set in the network configuration file.
This patch enables iwd to load the configuration files for the
open networks during the auto-connect attempt to take advantage
of the Autoconnect flag.
2018-05-10 12:47:40 -05:00
Tim Kourt
46abfc7813 wiphy: add support for MAX_NUM_SCAN_SSIDS 2018-05-08 19:17:40 -05:00
James Prestwood
2f0c37dae6 eap-pwd: use ecc byte conversion API's 2018-05-04 19:33:55 -05:00
James Prestwood
db690ebe73 ecc: added byte conversion functions
EAP-PWD was hard coded to only work on LE architectures. This
adds 2 conversion functions to go from network byte order (BE)
to any native architecture, and vise versa.
2018-05-04 19:33:55 -05:00
James Prestwood
71902e2291 eap-pwd: fix 32 bit build warnings from debug prints
Printing size_t as %lu works on 64 bit architectures but shows a
compile warning on 32 bit. The %zu modifier fixes this.
2018-05-04 12:48:02 -05:00
James Prestwood
322f32295d eap-pwd: fixup some minor bounds checking issues 2018-05-03 14:46:29 -05:00
Denis Kenzior
6a28cd5527 main: Check and print missing kernel options 2018-05-03 14:45:26 -05:00
Denis Kenzior
bfe4fcffd3 eap-mschapv2: Check for MD4 support 2018-05-03 14:45:00 -05:00
Denis Kenzior
a65e5e0800 eap-pwd: Don't leak on failure 2018-05-03 12:57:23 -05:00
Denis Kenzior
5cf358cd4f eap-pwd: Fixup minor style issues 2018-05-03 12:55:45 -05:00
James Prestwood
d10369cf60 eap-pwd: core EAP-PWD code 2018-05-03 10:50:30 -05:00
James Prestwood
fdee72dffc ecc: added ecc implementation for EAP-PWD
The file, src/ecc.c was taken from the bluez project:
https://git.kernel.org/pub/scm/bluetooth/bluez.git/tree/src/shared/ecc.c

There were minor changes made, e.g. changing some functions to globals
for access in EAP-PWD as well as removing some unneeded code. There was
also some code appended which allows for point addition, modulus inverse
as well as a function to compute a Y value given an X.
2018-05-03 10:27:53 -05:00
Denis Kenzior
b8c80060d3 wiphy: Update ext_features size 2018-05-01 20:46:06 -05:00
Denis Kenzior
92cf0446a1 netdev: Print handshake failure reason code 2018-05-01 20:46:06 -05:00
Denis Kenzior
9e8850c423 ap: Use EAPoL over NL80211 if available 2018-05-01 20:46:06 -05:00
Denis Kenzior
5d0f1bbb31 netdev: Handle Control Port TX path 2018-05-01 20:46:06 -05:00
Denis Kenzior
b5d48da4c7 netdev: Open PAE transport if needed
If Control Port over NL80211 is not supported, open up a PAE socket and
stuff it into an l_io on the netdev object.  Install a read handler on
the l_io and call __eapol_rx_packet as needed.
2018-05-01 20:46:03 -05:00
Denis Kenzior
ebc4e2cdf0 netdev: React to CONTROL_PORT unicast 2018-05-01 20:46:01 -05:00
Denis Kenzior
c31cf5d383 eapol: Fully separate eapol transport details
With the introduction of Control Port Over NL80211 feature, the
transport details need to be moved out of eapol and into netdev.c.
Whether a given WiFi hardware supports transfer of Control Port packets
over NL80211 is Wiphy and kernel version related, so the transport
decisions need to be made elsewhere.
2018-05-01 11:14:04 -05:00
Andrew Zaborowski
008965882d eap-mschapv2: Fix string start calculation 2018-04-30 10:47:31 -05:00
Andrew Zaborowski
b1d4db7cc8 eap: Return specific error when check_settings fails
Change the check_settings eap functions to return a negative errno and
return more granular Dbus error from the Connect method.
2018-04-30 10:45:28 -05:00
James Prestwood
071ef356db eap: add EAP-PWD method type 2018-04-27 11:14:30 -05:00
Andrew Zaborowski
56d3d40f30 eap: Wipe passphrase memory in TLS, TTLS, EAP
Wipe the passphrase memory in more places before freeing.
2018-04-26 11:27:22 -05:00
Andrew Zaborowski
6dc5d2c3ec eap-mschapv2: Load credentials obtained from agent
If needed load the username and password obtained from the agent and
received in the settings object.
2018-04-26 11:23:29 -05:00
Andrew Zaborowski
cb775819b8 network: Pass secrets to EAP methods
On connect add any secrets we've received through the agent to the
l_settings objects which the EAP methods will process in load_settings.
The settings object is modified but is never written to storage.  If
this was to change because some settings need to be saved to storage,
a new l_settings object might be needed with the union of the settings
from the file and the secrets so as to avoid saving the sensitive data.
2018-04-26 11:23:29 -05:00
James Prestwood
d1a13036d2 eap: fix EAP-SIM/AKA/AKA' after settings change
These EAP methods do not store the identity inside the settings file
since it is obtained from the SIM card, then provided to IWD via
get_identity method. If the get_identity method is implemented, do
not fail the settings check when EAP-Identity is missing.
2018-04-20 14:36:52 -05:00
Andrew Zaborowski
2382dc7ffa network: Validate 8021x settings and request passwords
Use eap_check_settings directly from network.c before we start the
connection attempt at netdev.c level, to obtain all of the required
passwords/passphrases through the agent.  This is in network.c because
here we can decide the policies for whether to call the agent in
autoconnect or only if we had a request from the user, also whether we
want to save any of that for later re-use (either password data or
kernel-side key serial), etc.

In this patch we save the credentials for the lifetime of the network
object in memory, and we skip the network if it requires any passphrases
we don't have while in autoconnect, same as with PSK networks where the
PSK isn't given in the settings.  Note that NetworkManager does pop up
the password window for PSK or EAP passwords even in autoconnect.

If EAP needs multiple passwords we will call the agent sequentially for
each.
2018-04-19 14:05:20 -05:00
Andrew Zaborowski
7541b595f9 eap-peap: Implement .check_settings
Confirm that the PEM file paths that we'll be passing to the l_tls
object are loading Ok and request/validate the private key passphrase
if needed.  Then also call eap_check_settings to validate the inner
method's settings.
2018-04-19 13:23:03 -05:00
Andrew Zaborowski
86aa4e8af1 eap-gtc: Implement .check_settings
Only do the same validation that .load_settings would do for GTC.
2018-04-19 13:14:37 -05:00
Andrew Zaborowski
8650bddcfe eap-aka: Implement .check_settings
Also it seems aka->identity could not have been set at the time
it was used in the error message so I changed that error message
slightly.
2018-04-19 13:14:25 -05:00
Andrew Zaborowski
200312c4e5 eap-sim: Implement .check_settings 2018-04-19 13:13:58 -05:00
Andrew Zaborowski
d27b0d5b1e eap-ttls: Implement .check_settings
Confirm that the PEM file paths that we'll be passing to the l_tls
object are loading Ok and request/validate the private key passphrase
if needed.  Then also call eap_check_settings to validate the inner
method's settings.
2018-04-19 13:13:07 -05:00
Andrew Zaborowski
8eea2c39d1 eap-tls: Implement .check_settings
Confirm that the PEM file paths that we'll be passing to the l_tls
object are loading Ok and request/validate the private key passphrase
if needed.
2018-04-19 13:11:39 -05:00
Andrew Zaborowski
3b2b194170 eap-mschapv2: Implement .check_settings
Move the settings validation from .load_settings plus allow the
username/password to be supplied in the secrets l_queue instead of
in the l_settings.
2018-04-19 13:01:58 -05:00
Andrew Zaborowski
9134743a97 eap-md5: Implement .check_settings
Only do the same validation that .load_settings would do for MD5.
2018-04-19 13:00:44 -05:00
Andrew Zaborowski
246e76c7b0 eap: Validate settings, report passwords needed
With the goal of requesting the required passwords/passphrases, such as
the TLS private key passphrase, from the agent, add a static method
eap_check_settings to validate the settings and calculate what passwords
are needed for those settings, if any.  This is separate from
eap_load_settings because that can only be called later, once we've
got an eap state machine object.  We need to get all the needed EAP
credentials from the user before we even start connecting.

While we do this, we also validate the settings and output any error
messages through l_error (this could be changed so the messages go
somewhere else in the future), so I removed the error messages from
eap_load_settings and that method now assumes that eap_check_settings
has been called before.

eap_check_settings calls the appropriate method's .check_settings method
if the settings are complete enough to contain the method name.  The
policy is that any data can be provided inside the l_settings object
(from the network provisioning/config file), but some of the more
sensitive fields, like private key passwords, can be optionally omitted
and then the UI will ask for them and iwd will be careful with
caching them.

Within struct eap_secret_info, "id" is mainly for the EAP method to
locate the info in the list.  "value" is the actual value returned
by agent.  "parameter" is an optional string to be passed to the agent.
For a private key passphrase it may be the path to the key file, for a
password it may be the username for which the password is requested.
2018-04-19 13:00:12 -05:00
Andrew Zaborowski
15a037f633 agent: Add new request types
Add new agent.h methods and corresponding DBus methods to request
the 3 different EAP credential types from user.
2018-04-19 11:49:41 -05:00
Andrew Zaborowski
b862fd8fe1 agent: Check if callback has sent a new request
In agent_receive_reply we first call the callback for the pending
request (agent_finalize_pending) then try to send the next request
in the queue.  Check that the next request has not been sent already
which could happen if it has been just queued by the callback.
2018-04-19 11:45:03 -05:00
Andrew Zaborowski
c6e3140b38 device: Handle disconnect by AP and by SME events same way
The difference in the handlers was that in the
NETDEV_EVENT_DISCONNECT_BY_AP case we would make sure to reply
to a pending dbus Connect call.  We also need to do that for
NETDEV_EVENT_DISCONNECT_BY_SME.  This happens if another process
sends an nl80211 disconnect command while we're connecting.
2018-04-19 10:36:18 -05:00
Andrew Zaborowski
32d846470b device: Use active scans when connected
When we're connected we're advertising our hardware address anyway so
there's no benefit from using passive scanning.
2018-04-10 00:19:33 -05:00
Andrew Zaborowski
d9ae78b780 device: Drop unsupported bands from roam scan frequency set
The kernel will reject the TRIGGER_SCAN commands that include
frequencies not supported by the wiphy.
2018-04-10 00:19:30 -05:00
James Prestwood
c0739c1965 eap-gtc: add EAP-GTC method implementation 2018-04-04 09:42:28 -05:00
James Prestwood
d1c7f360d2 eap: add EAP_TYPE_GTC (6) type 2018-04-04 09:40:05 -05:00
James Prestwood
88a1520dbd main: set eapol config 2018-04-02 13:54:25 -05:00
James Prestwood
50eae9bf87 eapol: process config setting for handshake timeout
The eapol handshake timeout can now be configured in main.conf
(/etc/iwd/main.conf) using the key eapol_handshake_timeout. This
allows the user to configure a long timeout if debugging.
2018-04-02 13:54:25 -05:00
Andrew Zaborowski
5a17c2275f eapol: Make sure rsn_info is initialized in eapol_handle_ptk_1_of_4
After an EAP exchange rsn_info would be uninitialized and in the FT case
we'd use it to generate the step 2 IEs which would cause an RSNE
mismatch during FT handshake.
2018-03-15 11:40:17 -05:00
Andrew Zaborowski
8b534ba067 eapol: In FT-EAP use all 64 bytes of the MSK
Until now we'd save the second 32 bytes of the MSK as the PMK and use
that for the PMK-R0 as well as the PMKID calculation.  The PMKID
actually uses the first 32 bytes of the PMK while the PMK-R0's XXKey
input maps to the second 32 bytes.  Add a pmk_len parameter to
handshake_state_set_pmk to handle that.  Update the eapol_eap_results_cb
802.11 quotes to the 2016 version.
2018-03-15 11:40:17 -05:00
Tim Kourt
436e95d599 peap: Postpone cleanup on phase two failure 2018-03-01 09:13:17 -06:00
Andrew Zaborowski
d2247c3a3f netdev: Avoid calling netdev_connect_ok twice in FT
handshake_state_install_ptk triggers a call to
netdev_set_pairwise_key_cb which calls netdev_connect_ok, so don't call
netdev_connect_ok after handshake_state_install_ptk.  This doesn't fix
any specific problem though.
2018-02-26 09:59:58 -06:00
Tim Kourt
9783e236a1 peap: handle completion of phase two 2018-02-23 15:19:52 -06:00
Tim Kourt
97980c0315 eap: allow to discard EAP-Success/EAP-Failure pkts 2018-02-23 12:48:40 -06:00
Tim Kourt
ad94752170 eap: add accessor for method success 2018-02-21 20:14:50 -06:00
Andrew Zaborowski
7fd6803c7a agent: Fix cancelling running request
If the request being cancelled by agent_request_cancel has already been
sent over dbus we need to reset pending_id, the timeout, call l_dbus_cancel
to avoid the agent_receive_reply callback (and crash) and perhaps start
the next request.  Alternatively we could only reset the callback and not
free the request, then wait until the agent method to return before starting
the next request.
2018-02-20 11:07:00 -06:00
Tim Kourt
55e8d7fdcc peap: add retransmission support 2018-02-15 13:00:22 -06:00
Tim Kourt
78270bc39e eap: interoperability support for Success/Failure pkts 2018-02-15 12:59:45 -06:00
Tim Kourt
91ec5cff8c peap: add phase two eap tx/rx handlers 2018-02-14 21:34:21 -06:00
Tim Kourt
1ece3b13e4 peap: introduce and configure phase two eap method 2018-02-14 21:31:24 -06:00
Tim Kourt
50b7a01f87 peap: handle send for phase two data 2018-02-14 21:30:33 -06:00
Tim Kourt
8ae6e7c3de peap: switch tx_pdu_buf to use databuf struct 2018-02-14 21:28:03 -06:00
Tim Kourt
93d0dac77b peap: handle receive for phase two data 2018-02-14 21:26:54 -06:00
Tim Kourt
487c5cbafc peap: send ack on established tunnel 2018-02-14 17:37:19 -06:00
Tim Kourt
43c650a2b4 peap: add specification reference by the version 2018-02-14 17:36:08 -06:00
Tim Kourt
5b19d0454a eap: make eap_handle_request public 2018-02-14 15:09:27 -06:00
Andrew Zaborowski
7e8e8b2ac2 eapol: Stop eapol timeout after step 3/4
Move the cancelling of the eapol timeout from the end of step 1 to
step 3 to guard the whole handshake.  At the end of step 1 stop the
EAPOL-Start timeout for the case of 802.1X authentication + a cached
PMKSA (not used yet.)
2018-02-13 12:46:27 -06:00
Andrew Zaborowski
0abab92cac scan: Add new Operating Classes from 802.11-2016 2018-02-13 11:59:42 -06:00
Andrew Zaborowski
d42e848567 device: Workaround for 0 oper class in Neighbor Report
Some APs respond to Neighbor Report Requests with neighbor reports that
have a zero operating class value and a non-zero channel number.  This
does not mean that the channel is in the same band that the reporting
AP operates in.  Try to guess the band that the channel refers to out of
2.4 and 5GHz -- the bands supported by those APs.

wpa_supplicant also has this workaround in place.
2018-02-13 11:58:38 -06:00
Marcel Holtmann
c31244ddec build: Add support for installing systemd service unit 2018-02-10 18:42:43 +01:00
James Prestwood
41936468ed netdev: basic support for receiving SA Query requests 2018-02-08 10:34:53 -06:00
Tim Kourt
8c1b175b8b peap: derive and install eap key material 2018-02-02 14:27:05 -06:00
Tim Kourt
c5ec12e0e4 peap: response fragmentation support 2018-02-02 12:58:28 -06:00
Tim Kourt
71ebb7c1d5 peap: send response pkts 2018-02-01 22:09:12 -06:00
Tim Kourt
84be0eb8d3 peap: handle fragmented request 2018-02-01 22:08:13 -06:00
James Prestwood
f3cc96499c netdev: added support for SA Query
SA Query procedure is used when an unprotected disassociate frame
is received (with frame protection enabled). There are two code
paths that can occur when this disassociate frame is received:

1. Send out SA Query and receive a response from the AP within a
   timeout. This means that the disassociate frame was not sent
   from the AP and can be ignored.

2. Send out SA Query and receive no response. In this case it is
   assumed that the AP went down ungracefully and is now back up.
   Since frame protection is enabled, you must re-associate with
   the AP.
2018-02-01 11:33:47 -06:00
Tim Kourt
362771577b peap: introduce basic request-response flow 2018-02-01 10:47:26 -06:00
Tim Kourt
40898deb8b peap: handle Start flag 2018-02-01 10:43:16 -06:00
James Prestwood
ce0d5858da util: added macros to print mac addresses 2018-02-01 10:12:09 -06:00
Marcel Holtmann
64dcf11042 main: Rephrase warning when optional configuration file is missing 2018-01-29 02:25:28 -08:00
Marcel Holtmann
0cf589e13d build: Don't provide iwd/main.conf during make install 2018-01-29 02:20:52 -08:00
Marcel Holtmann
980f6f3645 main: Rename iwd/iwd.conf into iwd/main.conf 2018-01-29 02:13:41 -08:00
Tim Kourt
1d1bbb83eb eap-peap: add version validation 2018-01-24 11:23:50 -06:00
Tim Kourt
ba8857d2f4 eap-peap: configure Protected EAP 2018-01-24 11:22:16 -06:00
Tim Kourt
20e74e8679 eap-peap: Introduce Protected EAP support 2018-01-24 11:19:56 -06:00
Tim Kourt
b33486a7c7 eap: add eap type 25 - peap 2018-01-24 11:19:12 -06:00
Tim Kourt
3230cee2a1 network: add check for autoconnect flag in settings 2018-01-23 14:13:00 -06:00
Tim Kourt
91b6efaf66 eap: add NULL checks
1. Enforce implementation of handle_request function

2. In case of unimplemented handle_retransmit try to use
   handle_request instead and rely on method specific
   mechanism to restart the conversation if necessary

3. Make method->free implementation unrequired
2018-01-23 14:12:24 -06:00
Tim Kourt
4ed442b8b8 eap: add eap type 33 - extensions 2018-01-22 17:12:16 -06:00
Andrew Zaborowski
0ac0c6b129 device: Update Scanning on periodic scan stop
When we call scan_periodic_stop and a periodic scan is in progress (i.e.
the trigger callback has been called already) we get no new callback
from scan.c and the device Scanning property remains True forever so set
it to False.

The change from scan_periodic_stop to periodic_scan_stop looks silly but
it's consistent with our naming :)
2018-01-22 10:35:33 -06:00
Denis Kenzior
0930814aba device: Change #define names to be more descriptive 2018-01-22 10:27:14 -06:00
James Prestwood
38e9a67da8 device: Add support for AP directed roaming
This patch adds a watcher/parser for the frame event associated with
an AP directed BSS transition (AP roaming). When the AP sends a BSS
transition request, this will parse out the BSS candidate list
(neighbor report) and initiate a roam scan. After this point the
existing roaming code path is reused.
2018-01-18 15:32:42 -06:00
Andrew Zaborowski
fb8063f37f netdev: Make sure we send SET_STATION after FT
Make sure that we set the AUTHORIZED sta flag after an FT in
netdev_set_pairwise_key_cb, I broke this in
a03839f8ef.
2018-01-16 11:13:54 -06:00
Andrew Zaborowski
69b852126d device: Remove unnecessary assignment 2018-01-16 11:12:10 -06:00
James Prestwood
f82c2253ce eap-aka/sim: Automatically prefix identities
The identity retrieved from simauth was required to include the
prefix for SIM/AKA/AKA', but in reality a real SIM would not
include that prefix in the IMSI. Now the correct prefix is
prepended onto the identity depending on the EAP method.
2017-12-14 16:23:40 -06:00
James Prestwood
f7a9caef2b simauth: remove unregister API
The unregister simauth API was unused and not required, this
also fixes a double free when freeing the NAI.
2017-12-14 16:22:09 -06:00
James Prestwood
5f3bf1dbac eap-aka: support for synchronization error
If the SQN in AUTN is incorrect the simauth module will return
the AUTS parameter, which is sent back to the server and the
servers SQN number is updated.
2017-12-13 17:13:29 -06:00
James Prestwood
3de239ed9e simutil: removed milenage algorithm from simutil
The simauth module now checks the milenage values
2017-12-13 17:13:29 -06:00
James Prestwood
1fa218fc8d eap-aka: Updated EAP-AKA to use simauth module 2017-12-13 16:16:32 -06:00
James Prestwood
80aa03edd8 eap-sim: Updated EAP-SIM to use simauth module 2017-12-13 16:14:59 -06:00
James Prestwood
a1ceb34bec simauth: fixup to add proper return values
The GSM and Milenage API's should return an integer which
can be used to cancel the request, they were returning bool.
2017-12-13 16:12:24 -06:00
James Prestwood
36804b1b5c simauth: add register/unregister API's
Forcing a plugin to create and register simauth at once is sometimes
inconvenient. This patch separates the creation and registration
into two API's, and also adds several others to add the required simauth
data incrementally (identity, driver data, sim/aka support). This also
allows for the driver to unregister the auth provider without freeing
up the simauth object itself e.g. if the driver temporarily becomes
unavailable, but will come back sometime in the future.

The simauth watch API's were also renamed. Watchers will now get a
callback when the provider has been unregistered, so they have been
renamed to sim_auth_unregistered_watch_[add|remove].
2017-12-11 23:36:43 -06:00
James Prestwood
1a975a1168 simauth: fixup, destroy watchlist was not being removed 2017-11-30 12:44:06 -06:00
Denis Kenzior
777c7c3dae simauth: Fix compiler warning
src/simauth.c:163:6: error: no previous declaration for ‘sim_auth_cancel_request’ [-Werror=missing-declarations]
 void sim_auth_cancel_request(struct iwd_sim_auth *auth, int id)
      ^~~~~~~~~~~~~~~~~~~~~~~
2017-11-30 08:56:10 -06:00
James Prestwood
a595587b65 main: start simauth module 2017-11-30 08:49:49 -06:00
James Prestwood
e030151f7d main: start up plugin module
iwd now supports plugin loading, whitelisting and blacklisting.  Both
the whitelist and the blacklist support multiple patterns separated by a
',' character.
2017-11-28 13:32:36 -06:00
James Prestwood
09de4433ad plugins: module to load ell plugins 2017-11-28 13:30:06 -06:00
James Prestwood
517df48101 make: plugin system for build
Preperation for ell plugins. New plugins can be added to
builtin_sources/builtin_modules, which will be added
to src/builtin.h when it is generated.
2017-11-28 13:20:33 -06:00
Andrew Zaborowski
016dcd52d8 device: Fix an autoconnect corner case
Make sure device->autoconnect is set when entering the autoconnect state
after netdev UP event.  Otherwise the next time
device_set_autoconnect(device, false) is called it will exit early seeing
that device->autoconnect is false and not switch the device state.
2017-11-27 09:56:04 -06:00
James Prestwood
46c1e8fa60 simauth: new module to handle EAP-SIM/AKA auth
This is the core module that takes care of registering
authentication drivers. EAP-SIM/AKA will be able to acquire
a driver that supports the required algorithms. The driver
implementation (hardcoded/ofono etc.) is isolated into
separate plugin modules.
2017-11-22 11:59:13 -06:00
James Prestwood
1d119d58c1 watchlist: added macro for notifying with no args
The macros currently did not support notifying a watchlist with
no extra arguments.
2017-11-16 14:10:47 -06:00
James Prestwood
c0fe2b78c4 eap: new method API for getting EAP-Identity
EAP-SIM/AKA/AKA' retrieve the EAP-Identity off the SIM card
not from the settings file. This adds a new EAP method API
which can optionally be implemented to retrieve the identity.
If get_identity is implemented, the EAP layer will use it to
retrieve the identity rather than looking in the settings file.
2017-11-13 11:09:37 -06:00
Tim Kourt
f4f1450880 network: Start checking outcomes of setting loads 2017-10-31 17:46:28 -05:00
Tim Kourt
e7d1b779e7 storage: provide proper feedback on failures
network_settings_load expects NULL value to be returned
on failed attempts to read the settings files inside of
storage_network_open. At the same time storage_network_open
used to always return an initialized l_settings
structure despite the outcome of the read operations,
indicating a success.
2017-10-31 17:45:47 -05:00
Tim Kourt
adc203184b netdev: fail early on unsuccessful eapol_start 2017-10-30 08:51:59 -05:00
Tim Kourt
3f4b5a98f5 eapol: provide feedback from eapol_start, refactor 2017-10-30 08:51:28 -05:00
Tim Kourt
3b6d7e94f8 dbus: Add NotConfigured dbus exception 2017-10-26 16:00:21 -05:00
Andrew Zaborowski
4dba9e37dd netdev: Track the id of the SET_STATION netlink command
This way we make sure it gets cancelled any sort of connect abort of
netdev removal and don't leak the message on error.
2017-10-23 11:17:11 -05:00
Andrew Zaborowski
a03839f8ef netdev: Send SET STATION in pairwise key callback
When the 4-Way Handshake is done eapol.c calls netdev_set_tk, then
optionally netdev_set_gtk and netdev_set_igtk.  To support the no group
key option send the final SET STATION enabling the controlled port
inside the callback for the netdev_set_tk operation which always means
the end of a 4-Way Handshake rather than in the netdev_set_gtk callback.
The spec says exactly that the controlled port is enabled at the end of
the 4-Way Handshake.

The netlink operations will still be queued in the same order because
the netdev_set_tk/netdev_set_gtk/netdev_set_igtk calls happen in one
main loop iteration but even if the order changed it wouldn't matter.
On failure of any of the three operations netdev_setting_keys_failed
gets called and the remaining operations are cancelled.
2017-10-23 11:17:08 -05:00
Andrew Zaborowski
ffcda135d2 eapol: Check for "No Group Traffic" group cipher suite 2017-10-23 11:14:40 -05:00
Denis Kenzior
2c565019c7 eapol: Silence uninitialized var warnings 2017-10-20 07:41:56 -05:00
Denis Kenzior
7f8f45220e eapol: Do not install the same GTK/IGTK
Track the contents and size of the GTK and IGTK and if the Authenticator
(or an adversary) tries to set the same GTK/IGTK, process the packet
normally but do not resubmit the GTK/IGTK to the kernel.
2017-10-19 16:47:35 -05:00
Denis Kenzior
cd7af67aac eapol: Tighten up GTK/IGTK KDE validation
GTK KDE was being checked for being a minimum of 6 bytes.  Not quite
sure why since the minimum GTK key length is 16 bytes for CCMP.
Similarly make sure that the maximum length is not more than 32, which
is currently the largest key size (TKIP)
2017-10-19 16:47:35 -05:00
Denis Kenzior
c93a52c066 eapol: Handle retransmissions 2017-10-19 16:47:29 -05:00
Denis Kenzior
f07164b2ef eapol: Remove unneeded {} 2017-10-18 20:40:10 -05:00
Denis Kenzior
ac5d8c2b34 eapol: Reword comment 2017-10-18 20:39:31 -05:00
Denis Kenzior
bee04b179e eapol: Fail handshake if MIC calculation fails
This is a bizarre case since MIC calculation succeeded for the incoming
packet.  But just in case MIC calculation fails for the outgoing packet,
kill the handshake.
2017-10-18 20:38:54 -05:00
Denis Kenzior
c1a0e844b0 eapol: Tighten up replay counter handling 2017-10-18 20:31:49 -05:00
Denis Kenzior
5b6c18fadd watchlist: Fix memory leak 2017-10-18 19:29:24 -05:00
James Prestwood
8ce787557f simutil: fixup adding const to data pointer
eap_sim_add_attribute() was not taking a const uint8_t * as
it should.
2017-10-18 11:18:26 -05:00
Denis Kenzior
ffbf10fa31 eapol: Remove erroneous comments
The comments quoted sections of the specification that indicated STA
behavior for verifying Message 3 of 4 or GTK 1 of 2.  But in reality the
code directly below simply calculated the MIC for Message 4 of 4 or GTK
2 of 2.
2017-10-16 14:41:57 -05:00
Andrew Zaborowski
dae0abbac8 eapol: Use frame watches for preauth_sm 2017-10-12 11:14:59 -05:00
Andrew Zaborowski
cc4da26f69 eapol: Use frame watches for eapol_sm, refactor
Use eapol_frame_watch_add/eapol_frame_watch_remove in eapol_sm, while
there simplify the early_frame logic and confirm sender address for
received frames.
2017-10-12 11:13:51 -05:00
Andrew Zaborowski
47ae8571c1 ap: Drop unneeded ap_deauth_cb cleanup step
ap_free_sta() later in ap_deauth_cb already cancels the command.
2017-10-12 10:55:02 -05:00
Andrew Zaborowski
69687bedd1 ap: Implement Deauthentication on error 2017-10-12 10:54:45 -05:00
Andrew Zaborowski
375e2262f2 ap: Implement Reassociation
Add some form of the Reassociation procedure with comment on the
interpretation choice.
2017-10-12 10:54:24 -05:00
Andrew Zaborowski
a26ca0fb66 ap: Simplify ap_common_rates
If we've checked that the STA has included our Basic Rate we've already
found one common rate, no need for further checks.
2017-10-12 10:53:07 -05:00
Andrew Zaborowski
f011b81b19 ap: Implement EAPOL frame retries 2017-10-12 10:52:48 -05:00
Andrew Zaborowski
9d05a6ddb7 ap: Reorder ap_assoc_req_cb, fix comment
Set all the new field values into struct sta_state only after all the
error checks for better readabilty and fixing a possible issue if we
did "sta->rates = rates" and then detected en error and freed "rates".
Also update a comment which I think used the wording from 802.11-2012
instead of 802.11-2016.
2017-10-12 10:47:12 -05:00
Andrew Zaborowski
3d9cbdb6f6 ap: Drop two unneeded DEL_KEY commands
DEL_KEY is not needed and will return errors right after NEW_STATION or
right after DEL_STATION.  In both cases the kernel makes sure there are
no old keys for the station already.
2017-10-12 10:46:17 -05:00
Andrew Zaborowski
3c64d21e34 ap: Use ie_tlv_builder in ap_build_beacon_pr_head 2017-10-12 10:46:14 -05:00
Andrew Zaborowski
ba78950c83 crypto: Use l_pkcs5_pbkdf2 in place of local pbkdf2_sha1 2017-10-09 14:34:31 -05:00
Andrew Zaborowski
31631e1935 device: Add temporary Start / StopAccessPoint Dbus methods
As a temporary DBus API to switch between Station and Access Point
modes, add two methods on the Device interface.  Add a new state
DEVICE_STATE_ACCESS_POINT which is in effect from the moment
StartAccessPoint is received (even before it returns) until
StopAccessPoint returns, there are no intermediate states when the
methods run for simplicity.  Add checks across device.c to make sure
Station related functionality is disabled when in Access Point mode.
2017-09-22 12:50:12 -05:00
Andrew Zaborowski
aca698573f ap: Handle netdev DOWN event 2017-09-22 12:44:41 -05:00
Andrew Zaborowski
251edd2557 ap: Handle PTK handshake frame 4/4
Handle the 4-Way Handshake last frame, install keys, enable data frames
on the controlled port.
2017-09-22 12:44:17 -05:00
Andrew Zaborowski
a3361c5077 ap: Handle PTK handshake frame 2/4, send frame 3/4 2017-09-22 12:43:09 -05:00
Andrew Zaborowski
c505de3582 ap: Send PTK handshake frame 1 of 4 2017-09-22 12:41:41 -05:00
Andrew Zaborowski
89c2f14683 eapol: Add eapol_append_key_data utility
Add a utility to append a KDE to the key_data field in an EAPoL frame.
The KDE types enum is actually added to handshake.h because we've got
the utilities for finding those KDEs in a buffer there.  The new
function is specific to EAPoL-Key frames though and perhaps to simple to
be split across handshake.c and eapol.c.  Also it didn't seem useful to
use the ie_tlv_builder here.
2017-09-22 12:38:42 -05:00
Andrew Zaborowski
29ee350ec3 ap: Handle Association / Disassociation
Parse Association Request frames and send Association Responses, handle
Disassociation.  With this we should be able to receive uncontrolled
port data frames since we register the STAs with the kernel.

In this version I don't register for Reassociation frames.
2017-09-22 12:32:19 -05:00
Andrew Zaborowski
1842fe542b ap: Handle Authentication and Deauthentication frames
Parse authentication frames and send responses, manage a list of STAs.
2017-09-22 12:29:33 -05:00
Andrew Zaborowski
d8378c5a0f ap: Handle Probe Request frames
Parse probe requests and send probe responses to show up in active
scans.
2017-09-22 12:26:06 -05:00
Andrew Zaborowski
45c4e0589b netdev: Use mpdu_validate on received registered frames
This way the individual frame handlers have less validation to do.
2017-09-22 12:19:28 -05:00
Andrew Zaborowski
8db7725e0b netdev: Use util_is_broadcast_address 2017-09-22 12:19:23 -05:00
Andrew Zaborowski
6418a23fd5 mpdu: Refactor Authentication frame validation
Validate the IE order for some of the cases.  For other cases, as with
the Disassociation, Deauthentication and Action frame types in section
9.3 it's not even clear from the spec the fields are expected to be IEs
(in fact for Action frame we know they aren't).  For the Shared Key
authentication type drop the union with the contents as they can be
easier parsed as an IE sequence.  For SAE we are not expecting an IE
sequence apparently so this is where the union could come useful but
let's leave that until we want to support SAE.
2017-09-22 12:18:06 -05:00
Andrew Zaborowski
3f61a88ed5 mpdu: Declare missing Auth Algorithm values 2017-09-22 12:18:03 -05:00
Andrew Zaborowski
736f611974 mpdu: Validate IE order for most frame subtypes
Check the IE order for each frame type where we'd just do the body
minimum length check until now (and not always correctly).  We do not
try to validate the contents of any IEs (may be doable for some) or the
minimum mandatory IEs presence.  This is because which IEs are required
depend on the contents of other fields in the frame, on the
authentication state and STA config and even contents of a request frame
which we're validating the response to.  Frame handlers have to do this
work anyway.
2017-09-22 12:12:06 -05:00
Andrew Zaborowski
58a7032ed9 mpdu: Don't report Action frames as invalid
Declare the two missing frame subtype enum values for Action frames,
assume Action frames are valid.  Once we have specific validation code
for any Action frames elsewhere, we can move it to mpdu_validate, but
right don't try to validate the frame body as there are many subtypes
and we don't use any of them except Neighbor Reports which are actually
really simple.
2017-09-22 12:06:02 -05:00
Andrew Zaborowski
025d8dad44 ie: Allow building an empty IE sequence in ie_tlv_builder_finalize
Since we use the special 0xffff value in the builder code, check that
the tag is not 0xffff in ie_tlv_builder_finalize before writing the
header.  This is for consistency, not for a specific use case.
2017-09-22 11:59:06 -05:00
Andrew Zaborowski
5d8cb6260f ie: Handle Extended Element IDs
Make parsing TLVs using Extended Element IDs easier by returning the
extended tag value as listed in enum ie_type instead of just the 255
value, and not returning the pointer to the extended tag as the IE data
and instead the pointer to the next byte after the extended ID.
2017-09-22 11:55:47 -05:00
Andrew Zaborowski
bc30c94044 ie: Add IE tags new in 802.11-2016
Add new IEs including the Extended Element IDs, for which I make a
convention of using 256 + the actual value to differentiate from old
Element IDs.
2017-09-22 10:10:37 -05:00
Andrew Zaborowski
9ef5f68d4b util: Add address type utils 2017-09-22 10:08:04 -05:00
Andrew Zaborowski
2ebc64db55 ap: Build and send NL80211_CMD_START_AP and STOP_AP
This should be enough for the AP to start sending beacons and appear in
a passive scan.
2017-09-12 14:33:03 -05:00
Andrew Zaborowski
212bc08104 ap: Add AP mode api
Very basic WPA2-PSK only access point mode API with stubs of the start and
stop functions.
2017-09-12 14:29:34 -05:00
Andrew Zaborowski
275cc2789d eapol: Make eapol_find_rsne non-static
EAPoL server can reuse this function.
2017-09-12 14:29:25 -05:00
Andrew Zaborowski
6be08a3604 eapol: Add eapol_tx_frame
Allow other files to send EAPoL frames.
2017-09-07 16:16:45 -05:00
Andrew Zaborowski
f05c3c30d1 eapol: Add eapol_frame_watch_add / remove
Allow other files to receive EAPoL frames on specified interfaces.
2017-09-07 16:16:42 -05:00
Andrew Zaborowski
509324666c netdev: Reorder the registered check in netdev_frame_watch_add
The l_queue_find() to find other watches matching the new prefix
needs to be before the watchlist_link(), otherwise the prefix will
match itself and "registered" is always true.
2017-09-07 16:16:39 -05:00
Andrew Zaborowski
f2c4969fc9 watchlist: Pass item pointer to match function
In WATCHLIST_NOTIFY_MATCHES pass pointer to the item instead of
item->notify_data to free item->notify_data to be the final watch user's
user_data.  This is also what netdev expects.
2017-09-07 16:14:31 -05:00
Andrew Zaborowski
70518fad5f eap: Drop method's .probe, rename .remove
The EAP-method's .probe methods only checked the method name so do that
in eap.c instead and allocate method state in .load_settings.  Rename
method's .remove method to .free to improve the naming.
2017-09-06 14:43:11 -05:00
Denis Kenzior
af124da544 netdev: Simplify frame_watch using watchlist 2017-09-06 14:33:39 -05:00
Denis Kenzior
fa7fab196e watchlist: Add WATCHLIST_NOTIFY_MATCHES
This can be used to selectively notify watchlist items.  The match
function is called for each watchlist_item and match_data is passed
along.  If the match function returns true, then the watch_item is
notified.  The match function signature and semantics are identical
to l_queue_match_func_t.
2017-09-06 14:33:39 -05:00
Andrew Zaborowski
70079912ad netdev: Refactor netdev_register_frame
Rename netdev_register_frame to netdev_frame_watch_add and expose to be
usable outside of netdev.c, add netdev_frame_watch_remove also.  Update
the Neighbor Report handling which was the only user of
netdev_register_frame.

The handler is now simpler because we use a lookup list with all the
prefixes and individual frame handlers only see the frames matching the
right prefix.  This is also useful for the future Access-Point mode.
2017-09-06 14:29:46 -05:00
Denis Kenzior
04506c9afa netdev: Update to the new watchlist API 2017-09-06 14:29:33 -05:00
Denis Kenzior
0fa0d49adc device: Update to the new watchlist API 2017-09-06 14:29:01 -05:00
Denis Kenzior
2071fb7836 watchlist: Support polymorphic watchlist_items 2017-09-06 11:54:45 -05:00
Denis Kenzior
4a9d8278b4 util: Add container_of macro 2017-09-06 11:50:15 -05:00
Denis Kenzior
023ba1ea32 mpdu: Fix error
src/mpdu.c: In function ‘mpdu_validate’:
src/mpdu.c:180:9: error: ‘mmpdu’ may be used uninitialized in this function [-Werror=maybe-uninitialized]
   mmpdu = (const struct mmpdu_header *) mmpdu;
         ^
2017-08-31 18:23:47 -05:00
Denis Kenzior
ba54fded0b netdev: Simplify event watches using watchlist 2017-08-31 18:18:41 -05:00
Andrew Zaborowski
303683c89f mpdu: Refactor mpdu structs
Refactor management frame structures to take into account optional
presence of some parts of the header:
 * drop the single structure for management header and body since
   the body offset is variable.
 * add mmpdu_get_body to locate the start of frame body.
 * drop the union of different management frame type bodies.
 * prefix names specific to management frames with "mmpdu" instead
   of "mpdu" including any enums based on 802.11-2012 section 8.4.
 * move the FC field to the mmpdu_header structure.
2017-08-31 15:11:30 -05:00
Andrew Zaborowski
66325e8c9b eapol: Implement eapol_encrypt_key_data
Add a function to do the inverse of eapol_decrypt_key_data to be used in
eapol server.  Only AES-based versions supported.
2017-08-31 13:21:05 -05:00
Denis Kenzior
6d6fa57550 crypto: Make aes_unwrap look similar to aes_wrap
Running basic performance testing on x86 shows new and old code within a
few percent of each other.  The main penalty is the AES AF_ALG
invocation.
2017-08-31 13:00:46 -05:00
Andrew Zaborowski
4f865ba9f8 crypto: Implement aes_wrap
Add the inverse of aes_unwrap for eapol server usage.
2017-08-31 12:53:53 -05:00
Andrew Zaborowski
f66ae1e481 crypto: remove unneeded assignments in aes_unwrap
A is present in the specification but in practice B always contains A so
drop A.
2017-08-30 22:47:08 -05:00
Andrew Zaborowski
f659265000 netdev: Clarify the PTK->TK to MIC key mapping
Cite 802.11 in the comments and use nl80211.h constants to map the tx
and rx keys correctly.
2017-08-30 22:45:28 -05:00
Andrew Zaborowski
092ede1147 eapol: Stricter length check in eapol_decrypt_key_data
The plaintext key_data + padding must be at least 16 bytes so the
AES-encrypted key_data must be at least 24 bytes.
2017-08-30 22:42:20 -05:00
James Prestwood
1c34452a7b eap-aka: RAND and AUTN were not being checked
When processing the challenge, the AT_RAND and AT_AUTN attributes
were never being checked if they were present.
2017-08-30 21:01:35 -05:00
James Prestwood
5d98c7adcf aka-prime: EAP-AKA' implementation
This EAP method uses nearly all the logic from EAP-AKA. The major
difference is it uses the new key derivation functions for AKA' as
well as the SHA256 MAC calculation.
2017-08-30 21:01:22 -05:00
James Prestwood
e29d0dd69c simutil: updated EAP-SIM/AKA MAC API's to take type
EAP-AKA' uses SHA256 rather than SHA1 to generate the packet MAC's.
This updates the derive MAC API to take the EAP method type and
correctly use the right SHA variant to derive the MAC.
2017-08-30 17:31:39 -05:00
Denis Kenzior
44463389f1 wscutil: Fix invalid type conversion
We should be assigning to an enum type instead of a uint8.  This showed
up on PowerPC where the endianness affected the result.
2017-08-30 16:58:14 -05:00
James Prestwood
af0e432e0f eap: added EAP-AKA' method type 2017-08-30 16:43:38 -05:00
James Prestwood
c6bb0eb32d simutil: Added new key/prf functions for EAP-AKA'
This is the core key generation code for the AKA' method which
follows RFC 5448. Two new functions are implemented, one for
deriving CK'/IK' and the other for deriving the encryption keys
using CK'/IK'.
2017-08-30 16:39:10 -05:00
Andrew Zaborowski
eda160de12 eapol: Set a timeout for preauthentication
Wait 1 second for the first EAP frame to be received, after that wait up
to 3 seconds for all of EAP to complete.
2017-08-25 11:26:26 -05:00
Andrew Zaborowski
07b04e180f agent: Add a destroy function parameter for agent requests 2017-08-22 23:28:36 -05:00
Andrew Zaborowski
452e174802 netdev: RSSI polling support for less capable drivers
If the kernel device driver or the kernel nl80211 version doesn't
support the new RSSI threshold list CQM monitoring, implement similar
logic in iwd with periodic polling.  This is only active when an RSSI
agent is registered to receive the events.  I tested this with the same
testRSSIAgent autotests that tests the driver-side rssi monitoring
except with all timeouts multiplied by ~20.
2017-08-22 22:51:34 -05:00
James Prestwood
417367e272 eap-sim: Fix EAP-SIM version list length checks
The AT_VERSION_LIST attribute length was not being properly
checked. The actual length check did not include possible padding
bytes, so align_len() was added to ensure it was padded properly.
The comment about the padding being included in the Master Key
generation was not correct (padding is NOT included), and was removed.
2017-08-22 12:40:22 -05:00
Andrew Zaborowski
23af935e7b eapol: Add eapol_sm_set_require_handshake
Function to allow netdev.c to explicitly tell eapol.c whether to expect
EAP / 4-Way handshake.  This is to potentially make the code more
descriptive, until now we'd look at sm->handshake->ptk_complete to see
if a new PTK was needed.

A 4-Way handshake is required on  association to an AP except after FT.
2017-08-21 18:35:00 -05:00
James Prestwood
6aaa917dde aka: EAP-AKA protocol implementation 2017-08-21 18:20:10 -05:00
James Prestwood
283717b22f sim: EAP-SIM protocol implementation 2017-08-21 17:43:55 -05:00
Andrew Zaborowski
a9cbb95260 netdev: Add interface type setter and getter
Modify netdev_get_iftype, which was until now unused, and add
netdev_set_iftype.  Don't skip interfaces with types other than STATION
on startup, instead reset the type to STATION in device.c.

netdev_get_iftype is modified to use our own interface type enum to
avoid forcing users to include "nl80211.h".

Note that setting an interface UP and DOWN wouldn't generally reset the
iftype to STATION.  Another process may still change the type while iwd
is running and iwd would not detect this as it would detect another
interface setting interface DOWN, not sure how far we want to go in
monitoring all of the properties this way.
2017-08-15 15:01:33 -05:00
Andrew Zaborowski
b344d27c56 ie: Fix Supported Rates length check
Supported Rates IEs can be 1-8 bytes, not only 8 byte long, according to
802.11-2012 8.4.2.3.
2017-08-15 13:57:27 -05:00
Andrew Zaborowski
0cd18a0214 device: Set current BSS rank to 0 if not in scan results
If we're adding the BSS to the list only because it is the current BSS,
set the rank to 0 (lowest possible value) in case the list gets used in
the next Connect call.
2017-08-15 12:41:46 -05:00
Andrew Zaborowski
6e03933e62 netdev: Allow reassociation if not currently connected
Allow attempts to connect to a new AP using the Reassociation frame even
if netdev->operational is false.  This is needed if we want to continue
an ongoing roam attempt after the original connection broke and will be
needed when we start using cached PMKSAs in the future.
2017-08-15 12:39:35 -05:00
Andrew Zaborowski
a4edbbd429 device: Trigger roaming on beacon loss
Use beacon loss event to trigger a roam attempt in addition to the RSSI
monitoring.  Due to the how well beacons are normally received compared
to data packets, a beacon loss indicates a serious problem with the
connection so act as soon as a first beacon loss event is seen.

Avoid roaming methods that involve the current AP: preauthentication,
neighbor report request and FT-over-the-DS (not supported)
2017-08-15 11:53:15 -05:00
Andrew Zaborowski
cb9c6e8ade netdev: Handle CMD_DISCONNECT without "by AP" flag
There are situations including after beacon loss and during FT where the
cfg80211 will detect we're now disconnected (in some cases will send a
Deauthenticate frame too) and generate this event, or the driver may do
this.  For example in ieee80211_report_disconnect in net/mac80211/mlme.c
will (through cfg80211) generate a CMD_DEAUTHENTICATE followed by a
CMD_DISCONNECT.
2017-08-14 16:32:35 -05:00
Andrew Zaborowski
5c4313bcc2 netdev: Don't assume disconnect on beacon loss
The kernel doesn't reset the netdev's state to disconnected when it
sends us a beacon loss event so we can't either unless we automatically
send a disconnect command to the kernel.

It seems the handling of beacon loss depends on the driver.  For example
in mac80211 only after N beacon loss events (default 7) a probe request is
sent to the AP and a deauthenticate packet is sent if no probe reply is
receiver within T (default 500ms).
2017-08-14 16:32:35 -05:00
Marcel Holtmann
df911c0cf6 agent: Simplify loop exit handling 2017-07-18 08:37:21 +02:00
Tim Kourt
653019c263 agent: Fix uninitialized member usage 2017-07-18 08:36:06 +02:00
Tim Kourt
31d60b5cf2 agent: Fix formatting 2017-06-09 14:05:30 -05:00
Tim Kourt
7bd22770ed agent: Enable multi-agent support
If an application initiates the Connect() operation and
that application has an agent registered, then that
application's agent will be called. Otherwise, the default
agent is called.
2017-06-09 14:05:30 -05:00
Denis Kenzior
ff319b8234 crypto: Fix valgrind warning
==40686== Syscall param sendmsg(msg.msg_iov[0]) points to uninitialised byte(s)
==40686==    at 0x5147037: sendmsg (in /usr/lib64/libc-2.24.so)
==40686==    by 0x43957C: operate_cipher (cipher.c:354)
==40686==    by 0x439C18: l_cipher_decrypt (cipher.c:415)
==40686==    by 0x40FAB8: arc4_skip (crypto.c:181)

Initialize the skip buffer to 0s.  This isn't strictly necessary, but
hides the above valgrind warning.

The aim of arc4 skip is simply to seed some data into the RC4 cipher so
it makes it harder for the attacker to decrypt.  This 'initialization'
doesn't really care what data is fed.
2017-06-06 13:33:08 -05:00
Denis Kenzior
7e2e965eb7 crypto: Optimize arc4_skip 2017-06-06 13:32:14 -05:00
Denis Kenzior
21fffe2629 netdev: Use CMD_DISCONNECT for non-FT cases
CMD_DEAUTHENTICATE is not available for FullMAC based cards.  We already
use CMD_CONNECT in the non-FT cases, which works on all cards.  However,
for some reason we kept using CMD_DEAUTHENTICATE instead of CMD_DISCONNECT.

For FT (error) cases, keep using CMD_DEAUTHENTICATE.
2017-05-31 11:08:40 -05:00
Andrew Zaborowski
0416749710 eap: Move eap->method NULL check before first dereference
Move the eap->method NULL check to fix possible crash.
2017-05-30 17:10:31 -05:00
Andrew Zaborowski
e3c6d2e169 netdev: Use NL80211_ATTR_SOCKET_OWNER flag
Use the new NL80211_ATTR_SOCKET_OWNER with CMD_CONNECT and
CMD_ASSOCIATE to make sure an iwd crash results in deauthentication.
2017-05-30 17:09:09 -05:00
Denis Kenzior
f5decb274d netdev: Ignore CMD_SET_STATION errors
Certain WiFi drivers do not support using CMD_SET_STATION (e.g.
mwifiex).  It is not completely clear how such drivers handle the
AUTHORIZED state, but they don't seem to take it into account.  So for
such drivers, ignore the -ENOTSUPP error return from CMD_SET_STATION.
2017-05-30 17:04:26 -05:00
Andrew Zaborowski
55ecda31f3 netdev: On connect success don't wait for netdev_operstate_cb
Send the link_mode and operstate RTNL command in parallel with the
connect Ok event, don't wait for the RTNL callback as it's non-critical.
2017-05-30 17:04:19 -05:00
Andrew Zaborowski
4d20db05d7 netdev: Rework link_mode and operstate setting
These flags are documented in RFC2863 and kernel's
Documentation/networking/operstates.txt.  Operstate doesn't have any
siginificant effect on normal connectivity or on our autotests because
it is not used by the kernel except in some rare cases but it is
supposed to affect some userspace daemons that watch for RTM_NEWLINK
events, so I believe we *should* set them according to this
documentation.  Changes:

* There's no point setting link_mode or operstate of the netdev when
  we're bringing the admin state DOWN as that overrides operstate.

* Instead of numerical values for link_mode use the if.h defines.

* Set IF_OPER_UP when association succeeds also in the Fast Transition
  case.  The driver will have set carrier off and then on so the
  operstate should be IF_OPER_DORMANT at this point and needs to be
  reset to UP.
2017-05-30 17:04:13 -05:00
Denis Kenzior
c68200b5a1 device: Add extra sanity check to UnregisterAgent
We have to make sure that the path the application passes to
UnregisterAgent is the same as the one passed to RegisterAgent
2017-05-30 11:40:09 -05:00
Denis Kenzior
f38287f457 device: Don't check count upper limit twice
We already check it once in the for loop above
2017-05-30 11:40:09 -05:00
Andrew Zaborowski
570b483264 device: Add a SignalLevelAgent D-bus API
Allow registering and unregistering agent object to receive RSSI level
notifications.  The methods are similar to the ones related to the
password agent, including a Release method for the agent.
2017-05-30 11:32:51 -05:00
Denis Kenzior
3741c5aa6e netdev: Fix off-by-one error
rssi_levels_num should be able to hold a value of
L_ARRAY_SIZE(rssi_levels) (which is 16).  However, the maximum value is
15.
2017-05-30 11:32:51 -05:00
Andrew Zaborowski
faa8dce6da netdev: Implement RSSI level notifications API
Add an methods and an event using the new
NL80211_EXT_FEATURE_CQM_RSSI_LIST kernel feature to request RSSI
monitoring with notifications only when RSSI moves from one of the N
intervals requested to another.

device.c will call netdev_set_rssi_report_levels to request
NETDEV_EVENT_RSSI_LEVEL_NOTIFY events every time the RSSI level changes,
level meaning one of the intervals delimited by the threshold values
passed as argument.  Inside the event handler it can call
netdev_get_rssi_level to read the new level.

There's no fallback to periodic polling implemented in this patch for
the case of older kernels and/or the driver not supporting
NL80211_EXT_FEATURE_CQM_RSSI_LIST.
2017-05-30 11:28:33 -05:00
Andrew Zaborowski
fd4ab5d3df wiphy: Add wiphy_get_ext_feature
Save the extended features reported by the wiphy in the NEW_WIPHY event
or GET_WIPHY dump and allow netdev to query it with
wiphy_get_ext_feature()
2017-05-19 10:01:53 -05:00
Denis Kenzior
b59977262b handshake: Fix valgrind warning
==27901== Conditional jump or move depends on uninitialised value(s)
==27901==    at 0x41157A: handshake_util_find_pmkid_kde
(handshake.c:537)
==27901==    by 0x40E03A: eapol_handle_ptk_1_of_4 (eapol.c:852)
==27901==    by 0x40F3CD: eapol_key_handle (eapol.c:1417)
==27901==    by 0x40F955: eapol_rx_packet (eapol.c:1607)
==27901==    by 0x410321: __eapol_rx_packet (eapol.c:1915)
2017-05-15 15:23:03 -05:00
Denis Kenzior
b36dd5203e network: Sort out reference counting
Agent implementation inside agent.c takes a reference of the trigger
message associated with the request.  When the callback is called, the
message is passed as an argument.  The callback is responsible for
taking the message reference if necessary.  Once the callback returns,
agent releases its reference.

For error paths, our code was using dbus_pending_reply which in turn
uses dbus_message_unref.  This caused the agent to try an unref
operation on an already freed object.
2017-05-11 19:50:05 -05:00
Andrew Zaborowski
fb4ba71952 main: Don't init nl80211 if we're terminating
Don't enter nl80211_appeared if we're already terminating and inside the
1 second timeout.  This fixes a potential crash in device_free() caused
by a netdev_init() and a netdev_exit() happening without netdev_shutdown
in between.  netdev_shutdown has already run if terminating is true.

src/main.c:main() Opening nl80211 interface
src/eap.c:__eap_method_enable()
src/eap-wsc.c:eap_wsc_init()
src/eap-md5.c:eap_md5_init()
src/eap-tls.c:eap_tls_init()
src/eap-ttls.c:eap_ttls_init()
src/eap-mschapv2.c:eap_mschapv2_init()
Terminate
src/main.c:nl80211_appeared() Found nl80211 interface
src/netdev.c:netdev_init() Opening route netlink socket
src/wiphy.c:protocol_features_callback() Found split wiphy dump support
src/wiphy.c:regulatory_info_callback() Regulatory alpha2 is 00
src/wiphy.c:wiphy_dump_callback()
src/wiphy.c:parse_supported_bands()
src/wiphy.c:parse_supported_frequencies()
src/wiphy.c:parse_supported_frequencies()
src/wiphy.c:wiphy_dump_callback()
src/wiphy.c:wiphy_dump_callback()
src/wiphy.c:wiphy_dump_callback()
src/wiphy.c:wiphy_dump_callback()
src/wiphy.c:wiphy_dump_callback()
src/wiphy.c:wiphy_dump_callback()
src/wiphy.c:wiphy_is_managed() whitelist filtered phy: rad1
src/wiphy.c:wiphy_dump_callback()
src/wiphy.c:wiphy_is_managed() whitelist filtered phy: rad1
src/wiphy.c:wiphy_dump_callback()
src/wiphy.c:wiphy_is_managed() whitelist filtered phy: rad1
src/wiphy.c:wiphy_dump_callback()
src/wiphy.c:wiphy_is_managed() whitelist filtered phy: rad1
src/wiphy.c:wiphy_dump_callback()
src/wiphy.c:wiphy_is_managed() whitelist filtered phy: rad1
src/wiphy.c:wiphy_dump_callback()
src/wiphy.c:wiphy_is_managed() whitelist filtered phy: rad1
src/wiphy.c:wiphy_dump_callback()
src/wiphy.c:wiphy_is_managed() whitelist filtered phy: rad0
src/wiphy.c:wiphy_dump_callback()
src/wiphy.c:wiphy_is_managed() whitelist filtered phy: rad0
src/wiphy.c:wiphy_dump_callback()
src/wiphy.c:wiphy_is_managed() whitelist filtered phy: rad0
src/wiphy.c:wiphy_dump_callback()
src/wiphy.c:wiphy_is_managed() whitelist filtered phy: rad0
src/wiphy.c:wiphy_dump_callback()
src/wiphy.c:wiphy_is_managed() whitelist filtered phy: rad0
src/wiphy.c:wiphy_dump_callback()
src/wiphy.c:wiphy_is_managed() whitelist filtered phy: rad0
Wiphy: 2, Name: rad2
Bands: 2.4 GHz 5 GHz
Ciphers: CCMP TKIP BIP
src/netdev.c:netdev_create_from_genl() Created interface wln2[6]
src/netdev.c:netdev_initial_up_cb() Interface 6 initialized
src/device.c:device_enter_state() Old State: off, new state:
autoconnect
src/scan.c:scan_periodic_start() Starting periodic scan for
ifindex: 6
src/scan.c:scan_notify() Scan notification 33
src/netdev.c:netdev_operstate_dormant_cb() netdev: 6, success: 1
src/scan.c:scan_periodic_done()
src/scan.c:scan_periodic_done() Periodic scan triggered for
ifindex: 6
src/eap.c:__eap_method_disable()
src/eap-wsc.c:eap_wsc_exit()
src/eap-md5.c:eap_md5_exit()
src/eap-tls.c:eap_tls_exit()
src/eap-ttls.c:eap_ttls_exit()
src/eap-mschapv2.c:eap_mschapv2_exit()
src/main.c:nl80211_vanished() Lost nl80211 interface
src/wsc.c:wsc_exit()
src/scan.c:scan_exit()
src/scan.c:scan_context_free() sc: 0x5434ab0
src/netdev.c:netdev_exit() Closing route netlink socket
src/wiphy.c:wiphy_free() Freeing wiphy rad2[2]
device_list isn't empty!
src/device.c:device_free()
(crash here)
2017-05-04 10:50:33 -05:00
Andrew Zaborowski
33f8b1f53d dbus: Use the shutdown procedure instead of l_main_quit
Move the calling of the *_shutdown functions from the signal handler to
a new public function, and use that function inside the DBus disconnect
handler to make sure resources are cleanly released.
2017-05-04 10:50:29 -05:00
Andrew Zaborowski
faba9d509a eapol: After EAP skip the RSNE PMKID check in step 1/4
Skip the matching of the PMKID KDE to the PMKID list in the RSNE if
we've seen a new EAP authentication before the step 1/4 was received.
That would mean that the server had not accepted the PMKIDs we submitted
and we performed a new 8021X authentication, producing a new PMKSA which
won't be on the list in the RSNE.
2017-05-04 10:50:29 -05:00
Andrew Zaborowski
a620a02d35 device: In roam, preauthenticate to target BSS if supported
If FT is not possible and we're using 8021x try to preauthenticate to
target BSS before reassociation to it.
2017-05-01 11:24:04 -05:00
Andrew Zaborowski
08e863cb7e netdev: Add netdev_preauthenticate
Add preauthentication logic.  The callback receives the new PMK only.
2017-05-01 11:19:06 -05:00
Andrew Zaborowski
b910784e83 eapol: Add preauth_sm class, drop eapol_sm.preauth
Remove the preauthentication support code from the normal eapol_sm
methods and add a separate simplified class that only handles EAP
packets.
2017-05-01 11:13:32 -05:00
Andrew Zaborowski
48966f57e8 eapol: Only send EAPOL-Start on step 1/4 if really needed
Currently we'd send EAPOL-Start whenever EAP was configured and we
received an EAPOL-Key before EAP negotiation.  Instead only do that if
we know we can't respond to the 4-Way handshake because we don't have
a PMK yet or the PMKID doesn't match.  Require a PMKID in step 1/4 if
we'd sent a list of PMKIDs in our RSNE.
2017-04-21 14:16:25 -05:00
Tim Kourt
19e7ce2f30 eap: Fix whitespace 2017-04-18 17:44:25 -05:00
Andrew Zaborowski
c0ae9e3577 eapol: Receive frames with the Preauthentication ethertype
Modify the packet filter to also accept frames with ethertype of 0x88c7
and pass the ethertype value to __eapol_rx_packet so it can filter out
the frames where this value doesn't match the sm->preauth flag.
2017-04-18 11:42:45 -05:00
Andrew Zaborowski
0a4bd616c2 eapol: Use the Preauthentication ethertype in eapol_write
Select the right ether type for the eapol frame in eapol_write and pass
it to pae_write.
2017-04-18 11:41:24 -05:00
Andrew Zaborowski
4e9ed2d686 eapol: Add eapol_start_preauthentication
Add a wrapper for eapol_start that sets the sm->preauth flag and sends
the EAPOL-Start frame immediately to skip the timeout since we know
that the supplicant has to initiate the authentication.
2017-04-18 11:09:26 -05:00
Andrew Zaborowski
f340ea510c handshake: Add handshake_util_find_pmkid_kde
Add a function that finds the PMKID kde in an RSNE's Key Data field
similar to handshake_util_find_gtk_kde.
2017-04-17 14:28:09 -05:00
Andrew Zaborowski
b175e7ae06 handshake: Add handshake_state_get_pmkid
Returns the PMKID for the current PMK (configured through
handshake_state_set_pmk for PSK, created through EAP or from
pre-authentication)
2017-04-17 14:26:56 -05:00
Andrew Zaborowski
0f6685bf45 crypto: Add crypto_derive_pmkid
Calculates the PMKID for given PMK
2017-04-17 14:24:02 -05:00
Andrew Zaborowski
10a160a6e1 device: Non-FT roaming support
Use netdev_reassociate if FT is not available.  device_select_akm_suite
is only moved up in the file and the reused code from device_connect is
moved to a separate function.
2017-04-03 09:46:15 -05:00
Andrew Zaborowski
c8b251a475 netdev: Add netdev_reassociate
netdev_reassociate transitions to another BSS without FT.  Similar to
netdev_connect but uses reassociation instead of association and
requires and an existing connection.
2017-04-03 09:41:01 -05:00
Andrew Zaborowski
52ee3b0843 scan: Add error code argument to scan results callback
Pass an additional parameter to the scan results notify functions to
tell them whether the scan was successful.  If it wasn't don't bother
passing an empty bss_list queue, pass NULL as bss_list.  This way the
callbacks can tell whether the scan indicates there are no BSSes in
range or simply was aborted and the old scan results should be kept.
2017-03-26 20:26:53 -05:00
Denis Kenzior
4e421cfc8f netdev: Add sanity checks
In the case we get a connect or authenticate event, make sure we're
actually trying to connect.  Otherwise, it could be another supplicant
is running
2017-03-24 11:50:08 -05:00
Denis Kenzior
e7cb4b680e netdev: Silence warning
This can easily happen if the phy was blacklisted
2017-03-16 16:50:59 -05:00
Denis Kenzior
cacd0d83f4 wiphy: Add phy filtering 2017-03-16 16:50:25 -05:00
Denis Kenzior
c9a98d9681 device: Fix crash with autoconnect
++++++++ backtrace ++++++++
0  0x7fc0b20ca370 in /lib64/libc.so.6
1  0x4497d5 in l_dbus_message_new_error_valist() at /home/denkenz/iwd/ell/dbus-message.c:372
2  0x44994d in l_dbus_message_new_error() at /home/denkenz/iwd/ell/dbus-message.c:394
3  0x41369b in dbus_error_not_supported() at /home/denkenz/iwd/src/dbus.c:148
4  0x40eaf5 in device_connect_network() at /home/denkenz/iwd/src/device.c:1282
5  0x41f61c in network_autoconnect() at /home/denkenz/iwd/src/network.c:424
6  0x40c1c1 in device_autoconnect_next() at /home/denkenz/iwd/src/device.c:172
7  0x40cabf in device_set_scan_results() at /home/denkenz/iwd/src/device.c:368
8  0x40cb06 in new_scan_results() at /home/denkenz/iwd/src/device.c:376
9  0x41be8a in scan_finished() at /home/denkenz/iwd/src/scan.c:1021
10 0x41bf9e in get_scan_done() at /home/denkenz/iwd/src/scan.c:1048
11 0x43d5ce in destroy_request() at /home/denkenz/iwd/ell/genl.c:136
12 0x43ded1 in process_unicast() at /home/denkenz/iwd/ell/genl.c:395
13 0x43e295 in received_data() at /home/denkenz/iwd/ell/genl.c:502
14 0x43aa62 in io_callback() at /home/denkenz/iwd/ell/io.c:120
15 0x439632 in l_main_run() at /home/denkenz/iwd/ell/main.c:375 (discriminator 2)
16 0x403074 in main() at /home/denkenz/iwd/src/main.c:261
17 0x7fc0b20b7620 in /lib64/libc.so.6
2017-03-16 15:32:45 -05:00
Denis Kenzior
2e820abea1 backtrace: Try to find absolute executable path
This allows us to get backtraces from test_runner which does not start
iwd from a current working directory that is a parent of the iwd
executable.
2017-03-16 15:17:41 -05:00
Andrew Zaborowski
c35225d239 scan: Handle CMD_SCAN_ABORTED during periodic scan, refactor
Also handle the case of a periodic scan when handling a
NL80211_CMD_SCAN_ABORTED.  The goal is to make sure the supplied callback
is always called if .trigger was called before, but this should also fix
some other corner cases.

 * I add a sp.triggered field for periodic scans since sc->state doesn't
   tell us whether the scan in progress was triggered by ourselved o
   someone else (in that case .trigger has not been called)

 * Since the NL80211_CMD_SCAN_ABORTED becomes similar to get_scan_done I
   move the common code to scan_finished

 * I believe this fixes a situation where we weren't updating sc->state
   if we'd not triggered the scan, because both get_scan_done and the
   NL80211_CMD_SCAN_ABORTED would return directly.
2017-03-14 10:42:56 -05:00
Andrew Zaborowski
5869b74c2e scan: Don't immediately retry periodic scan on error
On a periodic scan trigger error we already set rearm to true, rearm the
timer instead of retrying immediately.
2017-03-14 10:29:02 -05:00
Andrew Zaborowski
1392a80d34 eapol: Further relax gtk 1/2 msg key length check
Accept any of 0, 16, 32 with WPA or WPA2, update comment.
2017-03-14 10:28:06 -05:00
Andrew Zaborowski
ba5d5430e1 scan: Update current request on NL80211_CMD_SCAN_ABORTED
If the current request is not freed when we receive the
NL80211_CMD_SCAN_ABORTED event, device.c will keep thinking that
we're still scanning and the scan.c logic also gets confused and may
resend the current request at some point and call sr->trigger again
causing a segfault in device.c.

I pass an empty bss_list to the callback, another possibility would be
to pass NULL to let the callback know not to replace old results yet.
The callbacks would need to handle a NULL first.
2017-03-13 11:53:38 -05:00
Andrew Zaborowski
b0167f2469 eapol: Define and use IEEE80211_MAX_DATA_LEN
The same constant will be used in multiple places so define it in a
header file.
2017-03-10 10:01:33 -06:00
Andrew Zaborowski
4d9d309e6a dbus: Add hwsim interface to DBus policy file 2017-03-09 11:45:41 -06:00
Denis Kenzior
5dc347ecb1 wiphy: Coalesce ATTR_WIPHY parsing logic
We parse ATTR_WIPHY and ATTR_WIPHY_NAME in several places.  Implement a
helper function to make this easier and cut down on code size.
2017-03-08 17:32:38 -06:00
Andrew Zaborowski
d67425c936 netdev: React to interface address change
Handle the changes of interface address in RTNL New Link messages
similarly to the name changes, emit a NETDEV_WATCH_EVENT_ADDRESS_CHANGE
event and a propety change on dbus.

Note this can only happen when the interface is down so it doesn't
break anything but we need to handle it anyway.
2017-03-08 09:43:40 -06:00
Denis Kenzior
97191d56f1 wiphy: Make sure path is valid
DBus has certain rules on what constitutes a valid path.  Since the
wiphy name is freeform, it is possible to set it such that the contents
do not contain a valid path.

We fall back to simply using the wiphy index as the path.
2017-03-07 12:01:40 -06:00
Denis Kenzior
c3b33a2cfd wiphy: Make sure Name attribute is valid utf8
DBus strings must be valid utf8.  The kernel only enforces that the
wiphy name is null terminated string.  It does not validate or otherwise
check the contents in any way.  Thus it is possible to have
non-printable or non-utf8 characters inside.
2017-03-07 12:00:03 -06:00
Denis Kenzior
4703dd5200 wiphy: Remove pointless check
wiphy->name is always true since the name member is an array
2017-03-07 11:23:54 -06:00
Denis Kenzior
74e1b85e54 wiphy: React to wiphy name changes
NL80211_CMD_SET_WIPHY can be used to set various attributes on the wiphy
object in the kernel.  This includes ATTR_WIPHY_NAME among others.  iwd
currently does not parse or store any of the other attributes, so we
react to changes in WIPHY_NAME only.
2017-03-07 11:22:25 -06:00
Denis Kenzior
d86b7404fd wiphy: Remove unneeded check
The wiphy attribute should never be repeated by the kernel, so this
check is ultimately not needed.  This condition can also be easily
checked by looking at the iwmon output in case things do go terribly
wrong.
2017-03-07 09:57:40 -06:00
Andrew Zaborowski
76246d0145 eapol: Don't send EAPOL-Start without EAP
Fix 1a64c4b771 by setting use_eapol_start
by default only when 8021x authentication is configured.  Otherwise we'd
be sending EAPOL-Start even for WPA2 Personal possibly after the 4-Way
Handshake success.
2017-02-27 12:04:31 -06:00
Denis Kenzior
0789c1cc4c wsc: Add support for new netdev events 2017-02-22 17:06:17 -06:00
Denis Kenzior
c60f28e685 wsc: Implement StartPin method
This implements very initial support of WPS PIN based connections.  The
scanning logic attempts to find an AP in PIN mode and tries to connect
to that AP.  We currently do not try multiple APs if available or
implement the WSC 1.0 connection logic.
2017-02-22 17:03:44 -06:00
Denis Kenzior
6c5ae87f1a netdev: Relax 4-way handshake condition
Right now the code checks for is_rsn to wait for the 4-way handshake and
sends the NETDEV_EVENT_4WAY_HANDSHAKE.  However, is_rsn condition is not
true for WSC connections since they do not set an RSN field.  Still,
they are EAP based handshakes and should be treated in the same manner.

We relax the is_rsn check to instead check for netdev->sm.  Currently
netdev->sm is only non-NULL if handshake->own_ie field is not NULL or in
the case of eap-wsc connections.
2017-02-22 16:58:12 -06:00
Denis Kenzior
bc5b84c2f1 eap-wsc: Obtain DevicePasswordId from settings 2017-02-22 11:46:40 -06:00
Denis Kenzior
7ad261fef7 util: Move mem_is_zero to util 2017-02-21 16:45:41 -06:00
Denis Kenzior
1a73854c09 wsc: Refactor slightly in preparation for PIN mode 2017-02-21 16:20:16 -06:00
Denis Kenzior
854bb11c79 dbus: Add InvalidFormat error 2017-02-21 15:46:26 -06:00
Tim Kourt
d3030acbec wiphy: Use real adapter name in path str 2017-02-21 13:34:24 -06:00
Tim Kourt
18886349df wiphy: expose the name property through DBus 2017-02-21 13:33:50 -06:00
Andrew Zaborowski
04f4e8e0a3 device: Ratelimit roam attempts and retry periodically
Define minimum delay between roam attempts and add automatic retries.
This handles a few situations:
 * roam attempt failing, then RSSI going above the threshold and below
   again -- in that case we don't want to reattempt too soon, we'll only
   reattempt after 60s.
 * roam attempt failing then RSSI staying low for longer than 60 -- in
   that case we want to reattempt after 60s too.
 * signal being low from the moment we connected -- in that case we also
   want to attempt a roam every some time.
2017-02-21 10:59:19 -06:00
Denis Kenzior
7d437241bd wsc: Implement GeneratePin() method 2017-02-17 13:43:58 -06:00
Denis Kenzior
230a4f4bab wscutil: Add wsc_pin_generate 2017-02-17 12:27:13 -06:00
Andrew Zaborowski
986b5eae60 device: Fix type passed to l_dbus_message_builder_append_basic
l_dbus_message_builder_append_basic is expecting an int16 for DBus type
'n'.
2017-02-15 14:40:50 -06:00
Denis Kenzior
94c49a4563 wscutil: Add wsc_pin_is_checksum_valid 2017-02-13 20:27:24 -06:00
Denis Kenzior
89d6b85f1d wscutil: Add wsc_is_pin_valid 2017-02-13 19:40:20 -06:00
Andrew Zaborowski
1307a815a6 device: Build MDE in a static buffer
Fix a leak of the MDE buffer.  It is now only needed for the single call
to handshake_state_set_mde which copies the bytes anyway so use a buffer
on stack.
2017-02-09 22:57:38 -06:00
Andrew Zaborowski
7006d18550 [PATCH netdev: Don't generate disconnect event in netdev_free
As discussed previously there's no point in having device.c change state
to autoconnect when device_remove will be called next.
2017-02-09 22:56:37 -06:00
Denis Kenzior
2ab67a1ee3 scan: Rearm the timer only if no pending requests 2017-02-09 10:18:50 -06:00
Andrew Zaborowski
1e70af0179 eapol: Relax GTK 1/2 msg Key Length validation
Since caab23f192085e6c8e47c41fc1ae9f795d1cbe86 hostapd is going to set
this bit to zero for RSN networks but both values will obviously be in
use.  Only check the value if is_wpa is true - in this case check the
value is exactly 16, see hostapd commit:

commit caab23f192085e6c8e47c41fc1ae9f795d1cbe86
Author: Jouni Malinen <j@w1.fi>
Date:   Sun Feb 5 13:52:43 2017 +0200

Set EAPOL-Key Key Length field to 0 for group message 1/2 in RSN

P802.11i/D3.0 described the Key Length as having value 16 for the group
key handshake. However, this was changed to 0 in the published IEEE Std
802.11i-2004 amendment (and still remains 0 in the current standard IEEE
Std 802.11-2016). We need to maintain the non-zero value for WPA (v1)
cases, but the RSN case can be changed to 0 to be closer to the current
standard.
2017-02-08 15:45:12 -06:00
Andrew Zaborowski
2756f24f0e scan: More cleanup in scan_cancel
Add sr NULL check before accessing sr->id.  Call scan_request_free on
request structure and call the destroy callback.  Cancel the netlink
TRIGGER_SCAN command if still running and try starting the next scan
in the queue.  It'll probably still fail with EBUSY but it'll be
reattempted later.
2017-02-08 15:43:52 -06:00
Andrew Zaborowski
cc6d0cf2db scan: Refactor start_next_scan_request use
Always call start_next_scan_request when a scan request has finished,
with a success or a failure, including a periodic scan attempt.  Inside
that function check if there's any work to be done, either for one-off
scan requests or periodic scan, instead of having this check only inside
get_scan_done.  Call start_next_scan_request in scan_periodic_start and
scan_periodic_timeout.
2017-02-08 15:37:31 -06:00
Andrew Zaborowski
9f19a48433 scan: Call trigger callback on netlink error
Also call the trigger callback with an error code when sending the
netlink command fails after the scan request has been queued because
another scan was in progress when the scan was requested.
2017-02-03 18:26:20 -06:00
Denis Kenzior
adfba7b2d2 scan: Fix crash
Program received signal SIGSEGV, Segmentation fault.
0x0000000000419d38 in scan_done (msg=0x692580, userdata=0x688250)
    at src/scan.c:250
250		sc->state = sr->passive ? SCAN_STATE_PASSIVE : SCAN_STATE_ACTIVE;
(gdb) bt
0  0x0000000000419d38 in scan_done (msg=0x692580, userdata=0x688250)
    at src/scan.c:250
1  0x000000000043cac0 in process_unicast (genl=0x686d60, nlmsg=0x7fffffffc3b0)
    at ell/genl.c:390
2  0x000000000043ceb0 in received_data (io=0x686e60, user_data=0x686d60)
    at ell/genl.c:506
3  0x000000000043967d in io_callback (fd=6, events=1, user_data=0x686e60)
    at ell/io.c:120
4  0x000000000043824d in l_main_run () at ell/main.c:381
5  0x000000000040303c in main (argc=1, argv=0x7fffffffe668) at src/main.c:259

The reasoning is that the logic inside scan_common is reversed.  Instead
of freeing the scan request on error, we always do it.  This causes the
trigger_scan callback to receive invalid userdata.
2017-02-03 18:05:00 -06:00
Denis Kenzior
58ec4ec1c1 wsc: Make sure the initial scan can be started
In push button mode, ensure the initial scan was actually queued
successfully.
2017-02-03 18:04:39 -06:00
Andrew Zaborowski
4e9dc77b2d scan: Cancel CMD_TRIGGER_SCAN when removing scan context
Save the ids of the netlink trigger scan commands that we send and
cancel them in scan_ifindex_remove to fix a race leading to a
segfault.  The segfault would happen every time if scan_ifindex_remove
was called in the same main loop iteration in which we sent the
command, on shutdown:

^CTerminate
src/netdev.c:netdev_free() Freeing netdev wlan3[6]
src/device.c:device_disassociated() 6
src/device.c:device_enter_state() Old State: connected, new state:
disconnected
src/device.c:device_enter_state() Old State: disconnected, new state:
autoconnect
src/scan.c:scan_periodic_start() Starting periodic scan for ifindex: 6
src/device.c:device_free()
src/device.c:bss_free() Freeing BSS 02:00:00:00:00:00
src/device.c:bss_free() Freeing BSS 02:00:00:00:01:00
Removing scan context for ifindex: 6
src/scan.c:scan_context_free() sc: 0x5555557ca290
src/scan.c:scan_notify() Scan notification 33
src/netdev.c:netdev_operstate_down_cb() netdev: 6, success: 1
src/scan.c:scan_periodic_done()
src/scan.c:scan_periodic_done() Periodic scan triggered for ifindex:
1434209520

Program received signal SIGSEGV, Segmentation fault.
0x0000000000000064 in ?? ()
(gdb) bt
 #0  0x0000000000000064 in ?? ()
 #1  0x0000555555583560 in process_unicast (nlmsg=0x7fffffffc1a0,
     genl=0x5555557c1d60) at ell/genl.c:390
 #2  received_data (io=<optimized out>, user_data=0x5555557c1d60)
     at ell/genl.c:506
 #3  0x0000555555580d45 in io_callback (fd=<optimized out>,
     events=1, user_data=0x5555557c1e60) at ell/io.c:120
 #4  0x000055555558005f in l_main_run () at ell/main.c:381
 #5  0x00005555555599c1 in main (argc=<optimized out>, argv=<optimized out>)
     at src/main.c:259
2017-02-02 12:28:28 -06:00
Andrew Zaborowski
701e5dabb9 netdev: Handle the GTK & IGTK received in a FT
Parse the GTK and IGTK FT subelements and set the keys through netlink.
2017-02-01 10:02:24 -06:00
Andrew Zaborowski
9ceca7a521 ie: Parse GTK and IGTK subelements in FTE
Parse the contents of the GTK and IGTK subelements in an FT IE instead
of working with buffers containing the whole subelement.  Some more
validation of the subelement contents.  Drop support for GTK / IGTK when
building the FTE (unused).
2017-02-01 10:02:14 -06:00
Andrew Zaborowski
e4c5b4b517 eapol: Don't start timeout if handshake already done
Don't start the handshake timeout in eapol_start if either
handshake->ptk_complete is set (handshake already done) or
handshake->have_snonce is set (steps 1&2 done).  This accounts for
eapol_start being called after a Fast Transition when a 4-Way handshake
is not expected.
2017-01-31 15:47:23 -06:00
Andrew Zaborowski
95e6623011 scan: Add flag to flush case when starting a scan
Add a flush flag to scan_parameters to tell the kernel to flush the
cache of scan results before the new scan.  Use this flag in the
active scan during roaming.
2017-01-31 12:39:16 -06:00
Andrew Zaborowski
3a4887fef4 netdev: Check GTK / IGTK buffer length before memcpying from it
Move key length checks in netdev_set_gtk/netdev_set_igtk to before we
memcpy from the buffer.
2017-01-31 12:06:05 -06:00
Denis Kenzior
c033fcbf5e handshake: Use align_len macro 2017-01-31 12:04:26 -06:00
Denis Kenzior
415c209276 handshake: Quote relevant section from 802.11
To make reading the code easier
2017-01-31 12:03:51 -06:00
Andrew Zaborowski
1f52bfb047 handshake: Add utility for decoding GTK & IGTK from FTE
handshake_decode_fte_key unwraps and validates the padding in the FTE
GTK and IGTK subelements.
2017-01-31 12:00:38 -06:00
Andrew Zaborowski
8d8b1c1baf handshake: Split the install_igtk igtk parameter in 2 buffers
Split the igtk parameter to handshake_state_install_igtk into one
parameter for the actual IGTK buffer and one for the IPN buffer instead
of requiring the caller to have them both in one continuous buffer.
With FT protocol, one is received encrypted and the other in plain text.
2017-01-31 11:59:02 -06:00
Denis Kenzior
0932157e4f util: Add align_len macro 2017-01-31 11:50:06 -06:00
Denis Kenzior
4978c31fd7 util: Remove unused msg_append_attr functions 2017-01-31 11:48:50 -06:00
Andrew Zaborowski
367f1ec798 eapol: Free sm->timeout when it expires 2017-01-31 11:45:54 -06:00
Andrew Zaborowski
e1dc53e895 netdev: More neighbor_report_req error handling
Make sure that the Neighbor Report timeout is cancelled when connection
breaks or device is being destroyed, and call the callback.  Add an
errno parameter to the callback to indicate the cause.
2017-01-23 12:59:42 -06:00
Andrew Zaborowski
2f34c87820 device: Transition to selected BSS if FT supported
With this patch an actual fast transition should happen when the signal
strength goes low but there are still various details to be fixed before
this becomes useful:

 * the kernel tends to return cached scan results and won't update the
   rssi values,
 * there's no timer to prevent too frequent transition attempts or to
   retry after some time if the signal is still low,
 * no candidate other than the top ranked BSS is tried.  With FT it
   may be impossible to try another BSS anyway although there isn't
   anything in the spec to imply this.  It would require keeping the
   handshake_state around after netdev gives up on the transition
   attempt.
2017-01-23 12:57:54 -06:00
Andrew Zaborowski
d10122c72a device: Scan target BSS candidates and process results
Trigger a scan of the selected channels or all channels if no useful
neighbor list was obtained, then process the scan results to select the
final target BSS.

The actual transition to the new BSS is not included in this patch for
readability.
2017-01-23 12:57:05 -06:00
Andrew Zaborowski
99e58db152 wiphy: Add utility to check if bss ciphers compatible
Move the BSS's supported ciphers checks from network_bss_select to a new
function in wiphy.c so we can reuse it in device.c.
2017-01-20 15:42:31 -06:00
Andrew Zaborowski
95847189ab device: Start a roaming attempt on low RSSI detection
Trigger a roam attempt when the RSSI level has been low for at least 5
seconds using the netdev RSSI LOW/HIGH events.  See if neighbor reports
are supported and if so, request and process the neighbor reports list
to restrict the number of channels to be scanned.  The scanning part is
not included in this patch for readability.
2017-01-18 17:27:35 -06:00
Andrew Zaborowski
8bacbf01e4 netdev: Handle the FT Reassociation Response message
Validate the fourth message of the fast transition sequence and save the
new keys and state as current values in the netdev object.  The
FT-specific IE validation that was already present in the initial MD
is moved to a new function.
2017-01-13 11:51:24 -06:00
Andrew Zaborowski
0854b90687 netdev: Handle the FT Authentication Response message
Parse the second message of the FT transition, validate and build the
third message, the Reassociation Request.
2017-01-12 10:33:40 -06:00
Andrew Zaborowski
d52683a2cb netdev: Implement netdev_fast_transition
Build and send the FT Authentication Request frame, the initial Fast
Transition message.

In this version the assumption is that once we start a transition attempt
there's no going back so the old handshake_state, scan_bss, etc. can be
replaced by the new objects immediately and there's no point at which both
the old and the new connection states are needed.  Also the disconnect
event for the old connection is implicit.  At netdev level the state
during a transition is almost the same with a new connection setup.

The first disconnect event on the netlink socket after the FT Authenticate
is assumed to be the one generated by the kernel for the old connection.
The disconnect event doesn't contain the AP bssid (unlike the
deauthenticate event preceding it), otherwise we could check to see if
the bssid is the one we are interested in or could check connect_cmd_id
assuming a disconnect doesn't happen before the connect command finishes.
2017-01-12 10:29:26 -06:00
Denis Kenzior
edfbd81ea2 device: Support iwd.conf mfp settings
This adds support for iwd.conf 'ManagementFrameProtection' setting.

This setting has the following semantics, with '1' being the default:
0 - MFP off, even if hardware is capable
1 - Use MFP if available
2 - MFP required.  If the hardware is not capable, no connections will
be possible.  Use at your own risk.
2017-01-06 18:28:44 -06:00
Andrew Zaborowski
3f3e60e415 eapol: Check the MSK size supplied by EAP
Despite RFC3748 mandating MSKs to be at least 256 bits some EAP methods
return shorter MSKs.  Since we call handshake_failed when the MSK is too
short, EAP methods have to be careful with their calls to set_key_material
because it may result in a call to the method's .remove method.

EAP-TLS and EAP-TTLS can't handle that currently and would be difficult to
adapt because of the TLS internals but they always set msk_len to 64 so
handshake_failed will not be called.
2017-01-06 13:24:03 -06:00
Andrew Zaborowski
c5906d1c20 mschapv2: Call set_key_material last in handle_success
Make sure that eap_set_key_material can free the whole EAP method and
EAP state machine before returning, by calling that function last.  This
relies on eap_mschapv2_handle_success being the last call in about 5
stack frames above it too.
2017-01-06 13:22:05 -06:00
Andrew Zaborowski
15f4ddfaa6 device: Drop unused device->connected_mde 2017-01-03 16:38:08 -06:00
Andrew Zaborowski
7e81dcac6f device: Move common code to device_reset_connection_state 2017-01-03 16:33:36 -06:00
Andrew Zaborowski
f73b751124 netdev: Add netdev_get_handshake
Getter for current handshake_state object.
2017-01-03 16:30:56 -06:00
Andrew Zaborowski
c36d0fcfa4 netdev: Monitor CQM RSSI level, emit RSSI LOW/HIGH events 2017-01-03 13:52:26 -06:00
Andrew Zaborowski
fbb7a72643 netdev: Register for and parse Neighbor Report responses 2017-01-03 13:11:52 -06:00
Andrew Zaborowski
dafa43fa54 netdev: Support sending Neighbor Report requests 2017-01-03 13:03:20 -06:00
Andrew Zaborowski
8646ab5bdd netdev: Handle Action Frames in netdev
Action Frames are sent by nl80211 as unicast data.  We're not receiving
any other unicast packets in iwd at this time so let netdev directly
handle all unicast data on the genl socket.
2017-01-03 12:56:36 -06:00
Andrew Zaborowski
b0f51a2527 scan: Support freq_set in scan_parameters
This way we can tell the kernel to only scan on particular frequencies
2017-01-03 12:10:07 -06:00
Andrew Zaborowski
ed1538d5bb scan: Add scan_active_full
Add a version of scan_active that accepts a struct with the scan
parameters so we can more easily add new parameters.  Since the genl
message is now built within scan_active_start the extra_ie memory
can be freed by the caller at any time.
2017-01-03 12:07:37 -06:00
Denis Kenzior
cec1546fce netdev: Fix crash on netdev_disconnect 2016-12-20 10:37:07 -06:00
Denis Kenzior
adde4e2db9 netdev: Fix typo 2016-12-20 10:31:33 -06:00
Markus Ongyerth
cd4957eb55 wscutil: Change type for va_args for clang
clang complains about enum as var_arg type
because of the argument standard conversion.
In a small test I did neither clang nor gcc can
properly warn about out of range values, so it's
purely for documentation either way.
2016-12-19 11:03:00 -06:00
Markus Ongyerth
139c8af210 wiphy: Remove useless null check on array 2016-12-19 11:02:55 -06:00
Andrew Zaborowski
27bdddf010 netdev: Emit DISCONNECT_BY_SME event on eapol failures
There are situations when a CMD_DISCONNECT or deauthenticate will be
issued locally because of an error detected locally where netdev would
not be able to emit a event to the device object.   The CMD_DISCONNECT
handler can only send an event if the disconnect is triggered by the AP
because we don't have an enum value defined for other diconnects.  We
have these values defined for the connect callback but those errors may
happen when the connect callback is already NULL because a connection
has been estabilshed.  So add an event type for local errors.

These situations may occur in a transition negotiation or in an eapol
handshake failure during rekeying resulting in a call to
netdev_handshake_failed.
2016-12-15 17:08:47 -06:00
Andrew Zaborowski
4d366df23f wsc: Handle beacon lost event
Handle the beacon loss event same as a disconnect: if any credentials
have been received try using them, otherwise fail.
2016-12-15 16:57:05 -06:00
Andrew Zaborowski
a750b7067a netdev: Drop netdev->remote_addr 2016-12-15 15:47:57 -06:00
Andrew Zaborowski
b99c89fd35 netdev: Drop separate mde parameter, simplify 2016-12-15 15:46:57 -06:00
Andrew Zaborowski
9c6643b773 netdev: Always require handshake_state with netdev_connect 2016-12-15 15:25:53 -06:00
Andrew Zaborowski
d93a44a3f0 wsc: Move eapol_sm creation to netdev_connect_wsc 2016-12-15 15:16:25 -06:00
Denis Kenzior
aca4641fad eap-mschapv2: Fixup some style issues 2016-12-14 23:07:02 -06:00
Markus Ongyerth
9afe21f86f eap-mschapv2: add code for eap method 2016-12-14 22:56:56 -06:00
Markus Ongyerth
1baa6ec04c eap-mschap: Add crypto functions for mschapv2
Add the key-derivation and hash functions required for mschapv2.
The eap-mschapv2 protocol can be implemented on top of these functions.
2016-12-14 22:46:18 -06:00
Denis Kenzior
2cd36be5ff netdev: Fixup USE_MFP atribute usage
The kernel parses NL80211_ATTR_USE_MFP to mean an enumeration
nl80211_mfp.  So instead of using a boolean, we should be using the
value NL80211_MFP_REQUIRED.
2016-12-13 09:26:42 -06:00
Denis Kenzior
221a8f9218 eapol: Fix IGTK key index extraction 2016-12-13 09:25:21 -06:00
Denis Kenzior
fea29229f3 eapol: Fix IGTK key index extraction
IGTK key index is a 2-byte little-endian field, not a bit field.  This
makes sense since IGTK key id can only be 4 or 5.
2016-12-12 22:07:31 -06:00
Rahul Rahul
c07addc4bf netdev: set NL80211_ATTR_USE_MFP if mfp is enabled 2016-12-09 11:47:14 -06:00
Tim Kourt
4a8fdc4b33 eap-wsc: Add re-transmission handler for WSC 2016-12-01 11:33:03 -06:00
Denis Kenzior
bd9e1883ee eap: Add retransmission support 2016-11-30 12:44:13 -06:00
Tim Kourt
79f4d1a9cd eap-wsc: Increment TX frag. offset only after ACK 2016-11-23 14:49:37 -06:00
Tim Kourt
b0930d8f79 eap: Extract md5 logic into eap-md5.c 2016-11-21 11:08:50 -06:00
Andrew Zaborowski
1a64c4b771 eapol: Send EAPOL-Start if AP starts 4-Way Handshake
Make the use of EAPOL-Start the default and send it when configured for
8021x and either we receive no EAPOL-EAP from from the AP before
timeout, or if the AP tries to start a 4-Way Handshake.
2016-11-18 14:10:17 -06:00
Denis Kenzior
413287d5cf eapol: Relax VERIFY_IS_ZERO condition
On certain routers, the 4-Way handshake message 3 of 4 contains a key iv
field which is not zero as it is supposed to.  This causes us to fail
the handshake.

Since the iv field is not utilized in this particular case, it is safe
to simply warn rather than fail the handshake outright.
2016-11-18 14:04:07 -06:00
Denis Kenzior
d03f23200a eap: Load MTU settings from iwd.conf 2016-11-15 16:44:07 -06:00
Denis Kenzior
ec93454e65 netdev: Send additional attributes
For fullmac drivers, these attributes are also needed
2016-11-15 15:39:55 -06:00
Denis Kenzior
d33fe385da crypto: Add AKMs 2016-11-15 15:39:55 -06:00
Tim Kourt
d0b735c73c handshake: Add getter for settings_8021x 2016-11-15 13:31:43 -06:00
Tim Kourt
92ece898d1 eap-wsc: Add RX fragmentation support 2016-11-07 16:31:47 -06:00
Tim Kourt
fe90dcaab4 eap-ttls: Fix msg size miscalculation 2016-11-07 16:27:26 -06:00
Andrew Zaborowski
e9e9358898 netdev: Add padding to netlink family headers
Use the NLMSG_ALIGN macro on the family header size (struct ifinfomsg in
this case).  The ascii graphics in include/net/netlink.h show that both
the netlink header and the family header should be padded.  The netlink
header (nlmsghdr) is already padded in ell.  To "document" this
requirementin ell what we could do is take two buffers, one for the
family header and one for the attributes.

This doesn't change anything for most people because ifinfomsg is
already 16-byte long on the usual architectures.
2016-11-07 11:43:18 -06:00
Tim Kourt
b6745000b5 eap-tls: Fix msg size miscalculation 2016-11-03 22:19:46 -05:00
Tim Kourt
2148d71264 eap-wsc: Add TX fragmentation support 2016-11-03 22:17:38 -05:00
Tim Kourt
2d73fb35fe main: Remove unnecessary initialization 2016-11-03 13:28:19 -05:00
Andrew Zaborowski
e32ffc4d98 eapol: Use handshake_state to store state
Remove the keys and other data from struct eapol_sm, update device.c,
netdev.c and wsc.c to use the handshake_state object instead of
eapol_sm.  This also gets rid of eapol_cancel and the ifindex parameter
in some of the eapol functions where sm->handshake->ifindex can be
used instead.
2016-11-03 10:23:58 -05:00
Andrew Zaborowski
061dad2ff5 Add handshake_state object
struct handshake_state is an object that stores all the key data and other
authentication state and does the low level operations on the keys.  Together
with the next patch this mostly just splits eapol.c into two layers
so that the key operations can also be used in Fast Transitions which don't
use eapol.
2016-11-03 10:23:41 -05:00
Andrew Zaborowski
19afcb3582 device: Pass FT-related data to eapol and netdev
If device_select_akm_suite selects Fast Transition association then pass
the MD IE and other bits needed for eapol and netdev to do an FT
association and 4-Way Handshake.
2016-11-03 10:15:11 -05:00
Andrew Zaborowski
a35e0c2690 netdev: FT version of association messages
If an MD IE is supplied to netdev_connect, pass that MD IE in the
associate request, then validate and handle the MD IE and FT IE in the
associate response from AP.
2016-11-03 10:12:44 -05:00
Andrew Zaborowski
d03f4d72f1 eapol: Handle FT-version of step 3 of 4-way handshake 2016-11-03 10:04:34 -05:00
Andrew Zaborowski
9d54a3082e eapol: Build FT-version step 2 of 4-way handshake
If an FT AKM suite is selected, build the FT version of the step 2
of the 4-way handshake frame.  Step 1 is same as non-FT version.
2016-11-03 10:03:45 -05:00
Andrew Zaborowski
0d2e5b9849 eapol: Add setters for the FT handshake input data
Add space in the eapol_sm struct for the pieces of information required
for the FT 4-Way Handshake and add setters for device.c and netdev.c to
be able to provide the data.
2016-11-03 10:01:41 -05:00
Andrew Zaborowski
67a5b68a16 device: Drop the bss->sha256 flag usage
Don't decide on the AKM suite to use when the bss entries are received
and processed, instead select the suite when the connection is triggered
using a new function device_select_akm_suite, similar to
wiphy_select_cipher().  Describing the AKM suite through flags will be
more difficult when more than 2 suites per security type are supported.
Also handle the wiphy_select_cipher 0 return value when no cipher can be
selected.
2016-11-03 10:00:35 -05:00
Andrew Zaborowski
1b99521e98 ie: Implement ie_parse_neighbor_report 2016-11-03 09:59:49 -05:00
Denis Kenzior
2340c7790c device: Avoid leaking memory
In case we bail out early when setting up the RSN element
2016-11-02 16:42:12 -05:00
Rahul Rahul
e6311557fe device: set mfp and group mgmt cipher if AP supports it 2016-11-02 16:39:20 -05:00
Rahul Rahul
b47c82102e network: update network_bss_select for mfp
Update network_bss_select for MFP.  Particularly the scenario when all
BSSes inside the bss_list have MFPR set, but we're not BIP capable.
2016-11-02 16:36:13 -05:00
Tim Kourt
17527d4570 main: init iwd config 2016-11-02 16:06:10 -05:00
Tim Kourt
410d34c21b iwd: Add accessor for iwd_config 2016-11-02 15:44:19 -05:00
Daniel Wagner
dee6a6f082 network: Add Type property to D-Bus API 2016-11-02 10:04:24 -05:00
Daniel Wagner
6a6f3c8865 network: Add Device property to D-Bus API 2016-11-02 10:00:30 -05:00
Daniel Wagner
d9f2d40f6f device: Add Adapter property to D-Bus API 2016-11-02 09:57:21 -05:00
Rahul Rahul
5e0b24dcb2 netdev: implement netdev_set_igtk 2016-10-31 09:53:04 -05:00
Andrew Zaborowski
424ceb58a3 eapol: Drop len parameter to eapol_sm_set_rsn/wpa
The len parameter was only used so it could be validated against ie[1],
but since it was not checked to be > 2, it must have been validated
already, the check was redundant.  In any case all users directly
passed ie[1] as len anyway.  This makes it consistent with the ie
parsers and builders which didn't require a length.
2016-10-29 23:09:10 -05:00
Andrew Zaborowski
b29f333bb4 scan: Parse the Country String IE
and save to struct scan_bss
2016-10-29 22:58:36 -05:00
Andrew Zaborowski
1720edfc0e scan: Save Neighbor Report capability bit in bss scan entry 2016-10-29 22:57:07 -05:00
Andrew Zaborowski
da435326aa scan: Save the MD IE in bss scan entry 2016-10-29 22:53:40 -05:00
Andrew Zaborowski
e4c168cc3b ie: Fast BSS Transition IE utilities 2016-10-29 22:53:14 -05:00
Andrew Zaborowski
b20f1a2d50 ie: Mobility Domain IE utilities 2016-10-28 11:28:21 -05:00
Denis Kenzior
90ea26bec5 netdev: Squash kernel warning
netlink: 16 bytes leftover after parsing attributes in
process `iwd'.
2016-10-28 09:27:02 -05:00
Rahul Rahul
c16ae02056 eapol: refactor eapol_find_kde and add install_igtk 2016-10-26 16:34:52 -05:00
Denis Kenzior
318d3a2d35 scan: Refactor bss_get_supported_ciphers
In many cases the pairwise and group cipher information is not the only
information needed from the BSS RSN/WPA elements in order to make a
decision.  For example, th MFPC/MFPR bits might be needed, or
pre-authentication capability bits, group management ciphers, etc.

This patch refactors bss_get_supported_ciphers into the more general
scan_bss_get_rsn_info function
2016-10-24 22:12:25 -05:00
Denis Kenzior
bdd676a23a wiphy: Add support for BIP in wiphy_select_cipher 2016-10-24 21:29:37 -05:00
Denis Kenzior
2899315828 wiphy: Rename pairwise_ciphers to supported_ciphers
Since the ciphers stored here are not only for pairwise, but also group
and management ciphers.
2016-10-24 21:29:03 -05:00
Denis Kenzior
13f83fda81 wiphy: Also print whether we support BIP 2016-10-24 21:25:04 -05:00
Tim Kourt
85db443b37 eap-wsc: Use header length constant for readability 2016-10-24 11:21:01 -05:00
Tim Kourt
da433a1c56 eap-wsc: Clean up packet ptr ops 2016-10-24 11:18:53 -05:00
Tim Kourt
79d5353531 src: Introduce iwd.conf 2016-10-24 11:10:26 -05:00
Tim Kourt
884ef2e15f src: Rename dbus config. file
Rename dbus config. file to avoid future configuration with the IWD
config. file.
2016-10-24 11:10:23 -05:00
Marcel Holtmann
88909947e2 build: Remove support for usage of kdbus 2016-10-16 19:41:27 +02:00
Denis Kenzior
cc2052d33e eapol: In case of timeout, mark as NULL 2016-10-15 16:26:41 -05:00
Andrew Zaborowski
c548898635 eapol: Cache early EAPoL frames until ready to process
Split eapol_start into two calls, one to register the state machine so
that the PAE read handler knows not to discard frames for that ifindex,
and eapol_start to actually start processing the frames.  This is needed
because, as per the comment in netdev.c, due to scheduling the PAE
socket read handler may trigger before the CMD_CONNECT event handler,
which needs to parse the FTE from the Associate Response frame and
supply it to the eapol SM before it can do anything with the message 1
of 4 of the FT handshake.

Another issue is that depending on the driver or timing, the underlying
link might not be marked as 'ready' by the kernel.  In this case, our
response to Message 1 of the 4-way Handshake is written and accepted by
the kernel, but gets dropped on the floor internally.  Which leads to
timeouts if the AP doesn't retransmit.
2016-10-15 16:25:37 -05:00
Denis Kenzior
d8cb8d7810 eapol: Default to EAPoL 2001 if unset
If protocol auto-detection is enabled (e.g. protocol_version is zero),
default to EAPOL 2001 version for EAPOL-Start messages.
2016-10-11 02:33:46 -05:00
Denis Kenzior
d1d08a33ab wsc: Treat disconnect_by_ap as handshake_failed 2016-10-11 01:54:32 -05:00
Denis Kenzior
eaee379e53 netdev: Allow disconnect_by_ap to be re-entrant 2016-10-11 01:53:59 -05:00
Denis Kenzior
30b7b46aa1 wsc: Tell eapol that EAPOL-Start might be needed 2016-10-11 01:36:59 -05:00
Denis Kenzior
91d35987fd eapol: Add provision to use EAPOL-Start 2016-10-11 01:36:48 -05:00
Denis Kenzior
a16abfdc92 network: Don't fail if network config file exists 2016-10-10 15:59:36 -05:00
Denis Kenzior
e7e6326179 device: honor autoconnect in device_disassociated 2016-10-10 15:38:03 -05:00
Denis Kenzior
8242e9b9aa device: on connect error use network_connect_failed 2016-10-10 14:53:01 -05:00
Denis Kenzior
63e11979ee network: free/zero psk in network_settings_close 2016-10-10 14:52:43 -05:00
Marcel Holtmann
e72b2f8daf util: Include sys/uio.h for struct iovec 2016-10-10 20:42:48 +02:00
Andrew Zaborowski
92bc1d6896 scan: Implement scan_oper_class_to_band
This function takes an Operating Channel and a Country String to convert
it into a band.  Using scan_oper_class_to_band and scan_channel_to_freq,
an Operating Channel, a Country String and a Channel Number together can
be converted into an actual frequency.  EU and US country codes based on
wpa_supplicant's tables.
2016-10-04 21:34:24 -05:00
Andrew Zaborowski
859dcf0d59 scan: Implement scan_freq_set_foreach 2016-10-04 15:15:51 -05:00
Andrew Zaborowski
c4941a82a4 scan: Implement scan_channel_to_freq
This function does the inverse of scan_freq_to_channel
2016-10-04 15:15:51 -05:00
Andrew Zaborowski
911aebc844 scan: Fix the supported rates factor in bss ranking 2016-10-04 14:20:01 -05:00
Andrew Zaborowski
09861f4ebe eapol: Free the checksum in eapol_verify_mic 2016-10-04 14:11:42 -05:00
Andrew Zaborowski
721be04f95 eapol: Pass actual PTK size to crypto_derive_pairwise_ptk()
It doesn't matter for crypto_derive_pairwise_ptk in non-SHA256 mode
but in the FT PTK derivation function, as well as in SHA256 mode all
bytes of the output do actually change with the PTK size.
2016-10-04 14:10:23 -05:00
Andrew Zaborowski
7b20f57239 network: Fix autoconnect candidate logic
Fix autoconnect trying to connect to networks never used before as found
by Tim Kourt.  Update the comments to be consistent with the use of the
is_known field and the docs, in that a Known Network is any network that
has a config file in the iwd storage, and an autoconnect candidate is a
network that has been connected to before.
2016-09-27 11:52:07 -05:00
Denis Kenzior
0eea6ad4b7 netdev: Make sure to set disconnect_cmd_id to 0 2016-09-22 21:16:19 -05:00
Denis Kenzior
a51ae8ce0e wsc: Let Cancel() abort WSC associations as well 2016-09-22 21:16:19 -05:00
Denis Kenzior
efd4b3462a wsc: trigger autoconnect if no useful credential 2016-09-22 21:16:17 -05:00
Denis Kenzior
a6cad89fbe netdev: Start eapol earlier 2016-09-22 17:34:27 -05:00
Denis Kenzior
5329ddceb8 netdev: Tweak netdev_disconnect semantics
If the handshake fails, we trigger a deauthentication prior to reporting
NETDEV_RESULT_HANDSHAKE_FAILED.  If a netdev_disconnect is invoked in
the meantime, then the caller will receive -ENOTCONN.  This is
incorrect, since we are in fact logically connected until the connect_cb
is notified.

Tweak the behavior to keep the connected variable as true, but check
whether disconnect_cmd_id has been issued in the netdev_disconnect_event
callback.
2016-09-22 17:23:49 -05:00
Denis Kenzior
9c2d61db2c wsc: Optionally disconnect before starting EAP-WSC
If the device is currently connected, we will initiate a disconnection
(or wait for the disconnection to complete) prior to starting the
WSC-EAP association.
2016-09-22 16:29:19 -05:00
Denis Kenzior
9a63ab6712 netdev: Make invoking disconnect_cb reentrant safe 2016-09-22 16:20:33 -05:00
Denis Kenzior
886ffc2edb netdev: keep track of operational state
We should not attempt to call connect_failed if we're have become
operational.  E.g. successfully associated, ran eapol if necessary and
set operstate.
2016-09-22 16:19:30 -05:00
Denis Kenzior
2d87556b6b device: destroy state watchlist after removed event 2016-09-22 15:28:56 -05:00
Denis Kenzior
42d26089e9 watchlist: Make re-entrant safe 2016-09-22 15:28:29 -05:00
Denis Kenzior
d2ccc367ef device: modify autoconnect behavior
In case Disconnect() is called for any reason, make sure autoconnect is
off.  Set autoconnect to true whenever we successfully connect.
2016-09-22 15:28:14 -05:00
Denis Kenzior
a766823ffc device: Make scanning into a bitfield 2016-09-22 13:48:05 -05:00
Denis Kenzior
ecacdd88e4 device: Add device_get_state 2016-09-22 13:48:05 -05:00
Denis Kenzior
1585ccc897 netdev: Return -EINPROGRESS if already disconnecting 2016-09-22 11:55:32 -05:00
Denis Kenzior
47fa0435ba wsc: Start walk timer
PBC mode mandates a 120-second walk timer.  The PBC transaction must be
completed within that time or be aborted.
2016-09-22 11:32:18 -05:00
Andrew Zaborowski
0ffec2e481 dbus: Switch to using org.freedesktop.DBus.Properties
Use the org.freedesktop.DBus.Properties interfaces on objects with
properties and drop the old style GetProperty/SetProperty methods on
individual interfaces.  Agent and KnownNetworks have no properties at
this time so don't add org.freedesktop.DBus.Properties interfaces.
2016-09-21 16:46:34 -05:00
Andrew Zaborowski
c6e38dacac scan: Zero destroy callback in scan_cancel
Otherwise it may be called again in get_scan_done.
2016-09-21 16:39:05 -05:00
Denis Kenzior
31ba824acc wsc: Try using credentials
We send the scan results where we obtained a PushButton target over to
device object.  If EAP-WSC transaction is successful, then the scan
results are searched to find a network/bss combination found in the
credentials obtained.  If found, the network is connected to
automatically.
2016-09-21 16:21:53 -05:00
Denis Kenzior
5fa37b9a1d wsc: Write credentials to storage 2016-09-21 16:21:28 -05:00
Denis Kenzior
3fd51c2d72 network: Add network_set_psk 2016-09-21 16:20:09 -05:00
Denis Kenzior
c380940b43 netdev: Deauthenticate prior to calling connect_cb 2016-09-21 16:19:47 -05:00
Denis Kenzior
92a51805c4 netdev: Finalize disconnects on device removal
When device is removed or otherwise freed, netdev_connect callbacks are
invoked.  Treat disconnects similarly
2016-09-21 15:23:06 -05:00
Denis Kenzior
29387e012a network: Use uint8_t instead of unsigned char 2016-09-21 14:38:43 -05:00
Denis Kenzior
954f4ebca2 network: Close settings if ineligible for autoconnect 2016-09-21 14:35:30 -05:00
Denis Kenzior
7661f1b7c0 network: Expose network_bss_select 2016-09-21 14:00:59 -05:00
Denis Kenzior
38a4a9668f wsc: Record credentials obtained from EAP-WSC
Multiple credentials can be obtained via the event, record them until we
are ready to process them.
2016-09-21 13:51:11 -05:00
Denis Kenzior
42fb2a7c0f device: Add device_set_scan_results 2016-09-19 20:35:57 -05:00
Denis Kenzior
9c9e6f6f29 network: Add network_bss_find_by_addr 2016-09-19 20:26:41 -05:00
Denis Kenzior
dc3a6a2f77 device: Add device_network_find 2016-09-19 20:19:34 -05:00
Denis Kenzior
29d5eeb3ca network: Use const char * to represent ssid
This also fixes a potential buffer overflow since the ssid was cast to a
string inside network_create.  However, ssid is a buffer of 32 bytes,
and would not be null-terminated in the case of a 32-byte SSID.
2016-09-19 20:18:53 -05:00
Denis Kenzior
12fca8b7f7 network: Make network_settings_close private 2016-09-19 17:04:51 -05:00
Denis Kenzior
a239b49707 network: Make network_load_settings static 2016-09-19 17:03:51 -05:00
Denis Kenzior
69ea4db15c wsc: Base RF freq on BSS we're connecting to 2016-09-16 12:42:58 -05:00
Denis Kenzior
099e2a028d wsc: Add support for initial WSC association 2016-09-14 21:56:20 -05:00
Denis Kenzior
15ac5c3f38 wscutil: Fix uninitialized warning
==5362== Conditional jump or move depends on uninitialised value(s)
==5362==    at 0x419B62: wsc_wfa_ext_iter_next (wscutil.c:52)
==5362==    by 0x41B869: wsc_parse_probe_response (wscutil.c:1016)
==5362==    by 0x41FD77: scan_results (wsc.c:218)
==5362==    by 0x415669: get_scan_done (scan.c:892)
==5362==    by 0x432932: destroy_request (genl.c:134)
==5362==    by 0x433245: process_unicast (genl.c:394)
==5362==    by 0x43361A: received_data (genl.c:506)
==5362==    by 0x42FDC2: io_callback (io.c:120)
==5362==    by 0x42EABE: l_main_run (main.c:381)
==5362==    by 0x402F90: main (main.c:234)
2016-09-14 21:56:18 -05:00
Denis Kenzior
9b0113018f scan: Fix running active scans
A wildcard SSID of zero length is needed
2016-09-14 21:56:18 -05:00
Denis Kenzior
a3fdb88a9a device: add device_get_netdev 2016-09-14 21:56:18 -05:00
Denis Kenzior
959ebd505b device: Free eapol_sm on netdev_connect failure 2016-09-14 21:56:18 -05:00
Denis Kenzior
09dcd78e30 device: Convert device watches to watchlist 2016-09-14 21:56:18 -05:00
Denis Kenzior
ef18c03322 device: Make device_enter_state static 2016-09-14 21:56:18 -05:00
Denis Kenzior
4419a6325a device: Add state watch api 2016-09-14 21:56:16 -05:00
Denis Kenzior
6d410b0bec watchlist: Add watchlist utilities 2016-09-14 20:26:49 -05:00
Denis Kenzior
d9c18deed7 device: Remove extra whitespace 2016-09-14 00:17:27 -05:00
Denis Kenzior
f77d363840 netdev: Add netdev_connect_wsc 2016-09-13 20:50:24 -05:00
Denis Kenzior
8a50054925 device: Make device_disassociated static 2016-09-13 20:49:36 -05:00
Denis Kenzior
db8794460f eapol: Remove io argument from eapol_start 2016-09-13 17:37:13 -05:00
Denis Kenzior
047a196c70 wscutil: Add wsc_build_association_response 2016-09-13 17:26:18 -05:00
Denis Kenzior
77abdb7d96 wscutil: add wsc_build_association_request 2016-09-13 17:23:43 -05:00
Denis Kenzior
da36b87531 wscutil: Add wsc_parse_association_request 2016-09-13 15:59:30 -05:00
Denis Kenzior
022d24474b wscutil: Add wsc_parse_association_response 2016-09-13 15:57:16 -05:00
Denis Kenzior
f3d5adfc3c wsc: report session overlap error 2016-09-13 14:55:13 -05:00
Denis Kenzior
1627b3a2bd wsc: Squash wsc_sm structure
eap-wsc now handles most of the details
2016-09-13 14:53:30 -05:00
Denis Kenzior
c60d34cd8d wiphy: Add wiphy_get_supported_bands 2016-09-13 14:36:46 -05:00
Denis Kenzior
4518394b0e eap-wsc: Send credential obtained events 2016-09-13 13:32:47 -05:00
Denis Kenzior
9fde037b8f eapol: Add eapol_sm_set_event_func 2016-09-13 13:30:54 -05:00
Denis Kenzior
1b72fe9713 eap: Add eap event_func
This is used to get arbitrary information out of the EAP method.  Needed
for EAP-WSC to signal credential information obtained from the peer.

Other uses include signaling why EAP-WSC failed (e.g. invalid PIN, etc)
and processing of M2D discovery messages.  The information in M2Ds might
be useful to external clients.
2016-09-13 11:50:52 -05:00
Denis Kenzior
baf72d7f86 eapol: Move to a single PAE socket
We used to open a socket for each wireless interface.  This patch uses a
single socket with an attached BPF to handle all EAPoL traffic via a
single file descriptor.
2016-09-12 10:02:04 -05:00
Denis Kenzior
8e50144d17 eap-wsc: Handle EAP WSC_NACK Requests
These should be responded to with a NACK as well.
2016-09-09 13:40:41 -05:00
Denis Kenzior
d2d9ce7be5 eap-wsc: implement NACK sending 2016-09-09 12:44:36 -05:00
Denis Kenzior
b93a992ed1 eap-wsc: Handle M8 messages 2016-09-08 21:59:04 -05:00
Denis Kenzior
1dc197d176 wscutil: Rename parse/build_nack
... to parse/build_wsc_nack to be more consistent with the spec naming
2016-09-08 21:34:32 -05:00
Denis Kenzior
983d598d1d wscutil: Add wsc_build_wsc_ack 2016-09-08 21:33:40 -05:00
Denis Kenzior
9c9ecfa239 wscutil: Add wsc_parse_wsc_ack 2016-09-08 21:33:20 -05:00
Denis Kenzior
aa518811b3 wscutil: Add wsc_build_wsc_done 2016-09-08 21:27:44 -05:00
Denis Kenzior
d8b8c25848 wscutil: Add wsc_parse_wsc_done 2016-09-08 21:27:18 -05:00
Andrew Zaborowski
1b1bf3cf65 eapol: On EAP success save the second 256 bits of MSK 2016-09-06 14:07:35 -05:00
Andrew Zaborowski
443e363c20 crypto: Implement crypto_derive_ft_ptk 2016-09-06 13:50:17 -05:00
Andrew Zaborowski
efbbe9870b crypto: Implement crypto_derive_pmk_r1 2016-09-06 13:48:50 -05:00
Andrew Zaborowski
994ffd94c5 crypto: Implement crypto_derive_pmk_r0 2016-09-06 13:47:18 -05:00
Andrew Zaborowski
955c88a64a ie: Consistently set group_management_cipher
RSNE_ADVANCE may return and if it is before the assignment of
info.group_management_cipher, that assignment will be dependent on where
the RSNE ends.
2016-09-05 23:10:29 -05:00
Andrew Zaborowski
316752c5e4 ie: Error in tlv_iter_next if no space to length byte
When parsing the EAPoL-Key key data field we don't strip the 0xdd /
0x00 padding from the decrypted data so there may be trailing padding
after the IE sequence and valgrind will report an invalid read of the
length byte.  Same thing may happen if we're sent garbage.
2016-09-05 23:00:01 -05:00
Denis Kenzior
b67e3f26b5 wscutil: Add wsc_parse_credential 2016-08-31 22:36:21 -05:00
Denis Kenzior
d83bf50a39 wscutil: Add wsc_parse_m8_encrypted_settings 2016-08-31 21:59:52 -05:00
Denis Kenzior
addba697da wscutil: Add wsc_build_m8 2016-08-31 14:14:11 -05:00
Denis Kenzior
ead40f0431 wscutil: Add wsc_parse_m8 2016-08-31 14:14:01 -05:00
Denis Kenzior
34ed84dc41 eap-wsc: Send M7 messages 2016-08-31 12:50:44 -05:00
Denis Kenzior
9bb4ba42dd wscutil: Add wsc_build_m7_encrypted_settings 2016-08-31 11:39:06 -05:00
Denis Kenzior
8df0f9fa28 wscutil: Add wsc_parse_m7_encrypted_settings 2016-08-31 11:38:52 -05:00
Denis Kenzior
a113cba4f2 wscutil: Add wsc_build_m7 2016-08-31 11:32:51 -05:00
Denis Kenzior
b7d44d302a wscutil: Add wsc_parse_m7 2016-08-31 11:32:21 -05:00
Denis Kenzior
6dae861ce2 eap-wsc: Handle M6 messages 2016-08-31 11:18:21 -05:00
Denis Kenzior
2ac78e1306 eap-wsc: split out R_Hash verification
So it can be used in M6 processing
2016-08-31 11:17:29 -05:00
Denis Kenzior
11550b2756 wscutil: Add wsc_m6_build_encrypted_settings 2016-08-31 11:15:35 -05:00
Denis Kenzior
3719e78094 wscutil: Add wsc_parse_m6_encrypted_settings 2016-08-31 11:15:12 -05:00
Denis Kenzior
4e0c932dc9 wscutil: Add wsc_build_m6 2016-08-31 11:14:48 -05:00
Denis Kenzior
815f685c2d wscutil: Add wsc_parse_m6 2016-08-31 11:14:48 -05:00
Denis Kenzior
ba55afa3f4 eap-wsc: Generate M5 messages 2016-08-30 23:20:24 -05:00
Denis Kenzior
c0de9d1790 eap-wsc: optionally load IV1 & IV2 for debugging
When we send M5 & M7, we need to generate a random IV.  For testing
purposes, the IV can be provided in settings, otherwise it will be
generated randomly.
2016-08-30 23:18:53 -05:00
Denis Kenzior
62623e0eb3 eap-wsc: Handle M4 messages 2016-08-30 21:52:24 -05:00
Denis Kenzior
48c3f4a55a eap-wsc: Store PSK1 & PSK2
We will need to use PSK1 & PSK2 when computing R_Hash1 & R_Hash2 when
processing M4 & M6.
2016-08-30 21:51:14 -05:00
Denis Kenzior
9a47f98ccd eap-wsc: Store M2 for future use
We need quite a bit of attributes of M2 for the duration of the WSC
handshake.  Most importantly, we need to use the peer's public key when
processing M4 and M6.  RegistrarNonce is also needed for generating any
ACK/NACK messages as needed.

Also, peer's device attributes such as Model, Manufacturer, etc might be
useful to report upon successful handshake.
2016-08-30 21:10:57 -05:00
Denis Kenzior
633389f2f4 eap-wsc: Add utility to decrypt EncryptedSettings 2016-08-30 14:43:49 -05:00
Denis Kenzior
b78bef2be8 eap-wsc: Add utility to check KeyWrapAuthenticator 2016-08-30 14:42:43 -05:00
Denis Kenzior
046c7b8994 eap-wsc: clear out intermediate key data 2016-08-30 14:41:58 -05:00
Denis Kenzior
39d6acb07d eap-wsc: Don't store AuthKey | KeyWrapKey | EMSK
AuthKey is already uploaded into auth_key_hmac.  KeyWrapKey is now
uploaded into the AES-CBC(128) cipher.  We currently have no use for
EMSK.

So we no longer need to keep the wsc_session_key structure around.
2016-08-30 14:34:03 -05:00
Denis Kenzior
24dfe6e436 wscutil: Add wsc_build_m5_encrypted_settings 2016-08-30 14:10:20 -05:00
Denis Kenzior
7bdb1a0225 wscutil: Add wsc_parse_m5_encrypted_settings 2016-08-30 14:07:53 -05:00
Denis Kenzior
d59086c791 wscutil: Add wsc_build_m4_encrypted_settings 2016-08-30 13:57:28 -05:00
Denis Kenzior
11e56031c0 wscutil: Add wsc_parse_m4_encrypted_settings 2016-08-30 13:38:08 -05:00
Denis Kenzior
757e4dbb90 wscutil: Prepare for parsing of Encrypted Settings
Encrypted Settings TLVs are structured similarly to the various WSC
messages.  However, they lack a version2 extension field and use a Key
Wrap Authenticator element instead of Authenticator.
2016-08-30 13:33:17 -05:00
Denis Kenzior
642804f9d7 wscutil: Handle Key Wrap Authenticator 2016-08-30 13:30:06 -05:00
Denis Kenzior
7810a45a9c eap-wsc: Rework state logic a bit
Mostly so repetitive code is not required
2016-08-30 10:10:11 -05:00
Denis Kenzior
a8580c7ed0 wscutil: Add wsc_build_m5 2016-08-30 09:45:39 -05:00
Denis Kenzior
0081bf4f64 wscutil: Add wsc_parse_m5 2016-08-30 09:34:34 -05:00
Denis Kenzior
05c230c46a eap-wsc: Send M3 2016-08-30 09:22:35 -05:00
Denis Kenzior
397a7d18c2 eap-wsc: Add TX message Authenticator calculation 2016-08-30 09:22:35 -05:00
Denis Kenzior
5951bc220b eap-wsc: Handle M2 messages 2016-08-30 09:22:35 -05:00
Denis Kenzior
33b0034678 eap-wsc: Add util to verify RX frame Authenticator 2016-08-30 09:22:35 -05:00
Denis Kenzior
097e775659 eap-wsc: Add basic logic to send M1 messages 2016-08-30 09:22:33 -05:00
Denis Kenzior
c2cb35b4c9 eap-wsc: store sent pdu
This is needed for authenticator computation
2016-08-29 22:16:34 -05:00
Denis Kenzior
2cbbcb7434 eap-wsc: Load settings related to DevicePassword
DevicePassword is the PIN, either static, dynamically generated or
entered by the user.  For PushButton mode, DevicePassword is set to
'00000000'.  It can also be provided via external means, such as NFC.

This patch allows DevicePassword to be externally configured into the
EAP-WSC layer.  Optionally, the secret nonce values can also be
provided for testing purposes.  If omitted, they will be generated using
l_getrandom.
2016-08-29 12:12:13 -05:00
Denis Kenzior
ce596058cd eap-wsc: Implement load_settings method
We use the load_settings method to bootstrap the internal state of the
EAP WSC state machine.  We require certain information to be provided by
the higher layers, namely:

Global Device parameters
 - Manufacturer
 - Model Name
 - Model Number
 - Serial Number
 - Device Name
 - Primary Device Type
 - OS Version

Session specific parameters
 - MAC Address
 - Configuration Methods
 - RF Bands

The following parameters are auto-generated for each new session, but
can be over-ridden if desired
 - Private Key
 - Enrollee Nonce
2016-08-28 02:47:09 -05:00
Denis Kenzior
b650b16d6f wscutil: Check authenticator more strictly
Make sure Authenticator is the last data in the WSC PDU, with no
extraneous data afterwards
2016-08-28 02:47:09 -05:00
Denis Kenzior
00dac648aa wscutil: Add wsc_build_nack 2016-08-26 17:14:36 -05:00
Denis Kenzior
334ccfce0f wscutil: Add wsc_parse_nack 2016-08-26 17:14:36 -05:00
Denis Kenzior
fdeed24591 eap-wsc: Properly set vendor-id & vendor-type 2016-08-24 21:37:42 -05:00
Denis Kenzior
887119c82f wscutil: Expose WSC WFA OUI 2016-08-24 21:35:41 -05:00
Denis Kenzior
0a314004ce eap: expanded methods start packets at opcode
Expanded EAP methods should get their packets for handling starting at
the op-code field.  They're not really interested in
type/vendor-id/vendor-type fields.
2016-08-24 21:32:16 -05:00
Denis Kenzior
63b5c60743 util: Add util_string_to_address 2016-08-24 21:31:54 -05:00
Denis Kenzior
c2b1351396 wscutil: Add WSC KDF function 2016-08-23 13:52:52 -05:00
Denis Kenzior
0a6ffdf029 netdev: Fix double-free
We should only call eapol_cancel if netdev_connect_free was not
triggered as a result of handshake failure.
2016-08-23 13:15:00 -05:00
Denis Kenzior
5d2c5b3b71 crypto: Add some missing whitespace 2016-08-22 15:54:24 -05:00
Denis Kenzior
9c457de8d5 wscutil: Add M4 builder 2016-08-19 15:24:29 -05:00
Denis Kenzior
d3ee7c71be wscutil: Add M4 parser 2016-08-19 15:14:24 -05:00
Denis Kenzior
ca41b21e15 wscutil: Add extractor for R_HASH1 & R_HASH2 2016-08-19 15:03:44 -05:00
Denis Kenzior
4e4820e2a5 wscutil: Add encrypted settings extractor 2016-08-19 15:03:25 -05:00
Denis Kenzior
f116659ab3 wscutil: Macro-ize WFA extension building 2016-08-18 18:02:08 -05:00
Denis Kenzior
6f0b31b3a4 wscutil: Add M3 builder 2016-08-18 17:58:34 -05:00
Denis Kenzior
b6e7b7a4d6 wscutil: Add M3 parser 2016-08-18 17:48:04 -05:00
Denis Kenzior
dc310bfc49 wscutil: Add e_hash 1 & 2 extractor 2016-08-18 17:47:36 -05:00
Denis Kenzior
a867076c3e wscutil: Relax OS_VERSION parser
Apple implementations seem to not set the MSB bit to 1.
2016-08-18 17:29:16 -05:00
Denis Kenzior
f2e11f5e7c wscutil: Fix memset 2016-08-18 16:22:48 -05:00
Denis Kenzior
af7224a973 wscutil: More strictly handle AUTHENTICATOR tlv
This element must be the TLV in the message
2016-08-18 12:53:06 -05:00