3
0
mirror of https://git.kernel.org/pub/scm/network/wireless/iwd.git synced 2024-12-22 13:02:44 +01:00
Commit Graph

1975 Commits

Author SHA1 Message Date
James Prestwood
d6abf62946 netdev: remove unneeded disconnect for OWE failure
If OWE fails in association there is no reason to send a disconnect
since its already known that we failed. Instead we can directly
call netdev_connect_failed
2019-02-27 16:29:18 -06:00
James Prestwood
51f21c1c9b mpdu: remove invalid reason codes 2019-02-27 16:16:25 -06:00
James Prestwood
e5e2922eee netdev: sae: owe: update to use new status codes 2019-02-27 16:15:23 -06:00
James Prestwood
ffd8e81774 mpdu: add new status code enum
mpdu.h reason codes were being abused as status codes for Auth/Assoc
protocols. This adds a whole new enum for status codes.
2019-02-27 16:15:12 -06:00
Tim Kourt
45e5c42726 scan: Add ref to cmd to make it reusable on failure 2019-02-27 16:14:22 -06:00
Denis Kenzior
917815e99a netdev: netdev_setting_keys_failed takes an errno
Instead of sending a reason_code to netdev_setting_keys_failed, make it
take an errno (negative) instead.  Since key setting failures are
entirely a system / software issue, and not a protocol issue, it makes
no sense to use a protocol error code.
2019-02-27 14:22:42 -06:00
Tim Kourt
8e44760c34 scan: Fix scan request retry logic
While triggering scan, we leave the scan command in the queue,
so it can be replayed in the case of a busy device.
2019-02-26 18:02:48 -06:00
Tim Kourt
8fc7c0e5c4 scan: Rename request triggered cb 2019-02-26 17:16:52 -06:00
James Prestwood
df923cd962 scan: increase rate factor range
The rate factor range was quite small. This increases the range a bit,
which should make higher throughput AP's preferred more.
2019-02-26 12:35:56 -06:00
James Prestwood
a0d8511331 scan: allow 5G factor to be user configurable
Some users may need their own control over 2.4/5GHz preference. This
adds a new user option, 'rank_5g_factor', which allows users to increase
or decrease their 5G preference.
2019-02-26 12:35:50 -06:00
James Prestwood
49b02907a8 ie: scan: use VHT rates in scan ranking
This adds support for parsing the VHT IE, which allows a BSS supporting
VHT (80211ac) to be ranked higher than a BSS supporting only HT/basic
rates. Now, with basic/HT/VHT parsing we can calculate the theoretical
maximum data rate for all three and rank the BSS based on that.
2019-02-25 15:07:41 -06:00
James Prestwood
ad2bf340a4 ie: scan: use HT rates in scan ranking
This adds HT IE parsing and data rate calculation for HT (80211n)
rates. Now, a BSS supporting HT rates will be ranked higher than
a basic rate BSS, assuming the RSSI is at an acceptable level.
2019-02-25 11:52:58 -06:00
James Prestwood
5ce6e173ba ie: make rate_rssi_map const 2019-02-25 11:47:54 -06:00
James Prestwood
7d7fcff03b ie: scan: take into account RSSI when parsing data rate
The spec dictates RSSI thresholds for different modulation schemes, which
correlate to different data rates. Until now were were ranking a BSS with
only looking at its advertised data rate, which may not even be possible
if the RSSI does not meet the threshold.

Now, RSSI is taken into consideration and the data rate returned from
parsing (Ext) Supported Rates IE(s) will reflect that.
2019-02-22 17:44:06 -06:00
James Prestwood
922e10e82c ie: add macro for calculating an IE's length
All over the place we do "ie[1] + 2" for getting the IE length. It
is much clearer to use a macro to do this. The macro also checks
for NULL, and returns zero in this case.
2019-02-22 17:41:11 -06:00
James Prestwood
c18b1289a5 ap: move ie_parse_supported_rates into ap.c
Supported rates will soon be parsed along with HT/VHT capabilities
to determine the best data rate. This will remove the need for the
supported_rates uintset element in scan_bss, as well as the single
API to only parse the supported rates IE. AP still does rely on
this though (since it only supports basic rates), so the parsing
function was moved into ap.c.
2019-02-22 17:41:01 -06:00
Andrew Zaborowski
dbd619c231 eap-tls-common: More complete certificate validation
In the methods' check_settings do a more complete early check for
possible certificate / private key misconfiguration, including check
that the certificate and the private key are always present or absent
together and that they actually match each other.  Do this by encrypting
and decrypting a small buffer because we have no better API for that.
2019-02-08 13:59:32 -06:00
Andrew Zaborowski
d9f0cc47d0 eap: Remove redundant error messages in .load_settings
A method's .check_settings method checks for inconsistent setting files
and prints readable errors so there's no need to do that again in
.load_settings, although at some point after removing the duplicate
error messages from the load_settings methods we agreed to keep minimum
checks that could cause a crash e.g. in a corner case like when the
setting file got modified between the check_settings and the
load_settings call.  Some error messages have been re-added to
load_settings after that (e.g. in
bb4e1ebd4f) but they're incomplete and not
useful so remove them.
2019-02-08 13:43:05 -06:00
Andrew Zaborowski
451a7e9b52 eap-ttls: Check Phase 2 method name is not NULL 2019-02-08 13:42:51 -06:00
Andrew Zaborowski
8dfb8e9207 handshake: Remove unused handshake_state_get_8021x_config 2019-02-08 13:42:44 -06:00
Tim Kourt
22318ebbd5 main: Ensure existence of the storage dir at startup
Previously, the storage dir has only been created after a successful
network connection, causing removal of Known Network interface from
Dbus and failure to register dir watcher until daemon is restarted.
2019-02-07 11:07:43 -06:00
Denis Kenzior
995cbc7ad3 mpdu: relax IE ordering requirements 2019-02-07 10:44:09 -06:00
Denis Kenzior
bd7f8bf613 eapol: Relax message 2 / 4 key_length check
Seems certain Apple implementations set the key length to 16, even
though it should be 0.
2019-02-07 10:13:17 -06:00
James Prestwood
bc9e70f9cd sae: fix length check and commit buffer size
A length check was still assuming the 256 bit ECC group. This
was updated to scale with the group. The commit buffer was also
not properly sized. This was changed to allow for the largest
ECC group supported.
2019-02-02 09:25:20 -06:00
James Prestwood
a4fdddc403 sae: allow other ECC groups and group negotiation
SAE was hardcoded to work only with group 19. This change fixes up the
hard coded lengths to allow it to work with group 20 since ELL supports
it. There was also good amount of logic added to support negotiating
groups. Before, since we only supported group 19, we would just reject
the connection to an AP unless it only supported group 19.

This did lead to a discovery of a potential bug in hostapd, which was
worked around in SAE in order to properly support group negotiation.

If an AP receives a commit request with a group it does not support it
should reject the authentication with code 77. According to the spec
it should also include the group number which it is rejecting. This is
not the case with hostapd. To fix this we needed to special case a
length check where we would otherwise fail the connection.
2019-02-01 15:57:26 -06:00
Denis Kenzior
c926b3fe80 eap-pwd: Remove unneeded cast 2019-01-31 12:41:58 -06:00
James Prestwood
bb28351c93 eap-pwd: Update EAP-PWD to allow larger ECC groups
Most of this work was already done after moving ECC into ELL, but
there were still a few places where the 256-bit group was assumed.
This allows the 384-bit group to be used, and theoretically any
other group added to ELL in the future.
2019-01-31 12:40:03 -06:00
James Prestwood
025ca0d4d3 network: allow network_bss_select to skip blacklist
If we have a BSS list where all BSS's have been blacklisted we still
need a way to force a connection to that network, instead of having
to wait for the blacklist entry to expire. network_bss_select now
takes a boolean 'fallback_to_blacklist' which causes the selection
to still return a connectable BSS even if the entire list was
blacklisted.

In most cases this is set to true, as these cases are initiated by
DBus calls. The only case where this is not true is inside
station_try_next_bss, where we do want to honor the blacklist.
This both prevents an explicit connect call (where all BSS's are
blacklisted) from trying all the blacklisted BSS's, as well as the
autoconnect case where we simply should not try to connect if all
the BSS's are blacklisted.

There are is some implied behavior here that may not be obvious:

On an explicit DBus connect call IWD will attempt to connect to
any non-blacklisted BSS found under the network. If unsuccessful,
the current BSS will be blacklisted and IWD will try the next
in the list. This will repeat until all BSS's are blacklisted,
and in this case the connect call will fail.

If a connect is tried again when all BSS's are blacklisted IWD
will attempt to connect to the first connectable blacklisted
BSS, and if this fails the connect call will fail. No more
connection attempts will happen until the next DBus call.
2019-01-31 12:36:58 -06:00
James Prestwood
45cc0fd918 network/station: add BSS blacklisting
If IWD fails to connect to a BSS we can attempt to connect to a different
BSS under the same network and blacklist the first BSS. In the case of an
incorrect PSK (MMPDU code 2 or 23) we will still fail the connection.

station_connect_cb was refactored to better handle the dbus case. Now the
netdev result switch statement is handled before deciding whether to send
a dbus reply. This allows for both cases where we are trying to connect
to the next BSS in autoconnect, as well as in the dbus case.
2019-01-30 13:23:38 -06:00
James Prestwood
da485179a6 station: refactor __station_connect_network
This makes __station_connect_network even less intelligent by JUST
making it connect to a network, without any state changes. This makes
the rekey logic much cleaner.

We were also changing dbus properties when setting the state to
CONNECTING, so those dbus property change calls were moved into
station_enter_state.
2019-01-30 13:23:36 -06:00
Denis Kenzior
cff0600621 station: Use station_disassociated instead
station_disconnect can trigger yet another netdev_disconnect call (which
would obviously fail since we're no longer connected)
2019-01-28 15:52:18 -06:00
Denis Kenzior
d51c3db4ce station: Simplify logic 2019-01-28 15:52:02 -06:00
James Prestwood
a2354f88a6 station/netdev: handle rekeying based on driver features
A new driver extended feature bit was added signifying if the driver
supports PTK replacement/rekeying. During a connect, netdev checks
for the driver feature and sets the handshakes 'no_rekey' flag
accordingly.

At some point the AP will decide to rekey which is handled inside
eapol. If no_rekey is unset we rekey as normal and the connection
remains open. If we have set no_rekey eapol will emit
HANDSHAKE_EVENT_REKEY_FAILED, which is now caught inside station. If
this happens our only choice is to fully disconnect and reconnect.
2019-01-28 15:49:57 -06:00
James Prestwood
8edaa23f8a eapol: emit HANDSHAKE_EVENT_REKEY_FAILED
If we receive handshake message 1/4 after we are already connected
the AP is attempting to rekey. This may not be allowed and if not
we do not process the rekey and emit HANDSHAKE_EVENT_REKEY_FAILED
so any listeners can handle accordingly.
2019-01-28 15:38:47 -06:00
James Prestwood
a76376cac4 handshake: add HANDSHAKE_EVENT_REKEY_FAILED
This event will be emitted from eapol if the AP is attempting to
rekey but the handshake object does not allow it (via no_rekey).
2019-01-28 15:37:21 -06:00
James Prestwood
2a7a756c9f handshake: add flag and setter to disallow rekeying 2019-01-28 15:36:51 -06:00
James Prestwood
e4f22f0a5d ap: fix crash when stopping AP
The AP structure was getting cleaned up twice. When the DBus stop method came
in we do AP_STOP on nl80211. In this callback the AP was getting freed in
ap_reset. Also when the DBus interface was cleaned up it triggered ap_reset.

Since ap->started gets set to false in ap_reset, we now check this and bail
out if the AP is already stopped.

Fixes:
++++++++ backtrace ++++++++
0  0x7f099c11ef20 in /lib/x86_64-linux-gnu/libc.so.6
1  0x43fed0 in l_queue_foreach() at ell/queue.c:441 (discriminator 3)
2  0x423a6c in ap_reset() at src/ap.c:140
3  0x423b69 in ap_free() at src/ap.c:162
4  0x44ee86 in interface_instance_free() at ell/dbus-service.c:513
5  0x451730 in _dbus_object_tree_remove_interface() at ell/dbus-service.c:1650
6  0x405c07 in netdev_newlink_notify() at src/netdev.c:4449 (discriminator 9)
7  0x440775 in l_hashmap_foreach() at ell/hashmap.c:534
8  0x4455d3 in process_broadcast() at ell/netlink.c:158
9  0x4439b3 in io_callback() at ell/io.c:126
10 0x442c4e in l_main_iterate() at ell/main.c:473
11 0x442d1c in l_main_run() at ell/main.c:516
12 0x442f2b in l_main_run_with_signal() at ell/main.c:644
13 0x403ab3 in main() at src/main.c:504
14 0x7f099c101b97 in /lib/x86_64-linux-gnu/libc.so.6
+++++++++++++++++++++++++++
2019-01-25 18:51:18 -06:00
James Prestwood
ed6f5ea55a blacklist: add blacklist.[ch] to build and main
This will allow for blacklisting a BSS if the connection fails. The
actual blacklist module is simple and must be driven by station. All
it does is add BSS addresses, a timestamp, and a timeout to a queue.
Entries can also be removed, or checked if they exist. The blacklist
timeout is configuratble in main.conf, as well as the blacklist
timeout multiplier and maximum timeout. The multiplier is used after
a blacklisted BSS timeout expires but we still fail to connect on the
next connection attempt. We multiply the current timeout by the
multiplier so the BSS remains in the blacklist for a larger growing
amount of time until it reaches the maximum (24 hours by default).
2019-01-24 17:29:15 -06:00
James Prestwood
475d1082d7 netdev: store mpdu status and add getter
Soon BSS blacklisting will be added, and in order to properly decide if
a BSS should be blacklisted we need the status code on a failed
connection. This change stores the status code when there is a failure
in netdev and adds a getter to retrieve later. In many cases we have
the actual status code from the AP, but in some corner cases its not
obtainable (e.g. an error sending an NL80211 command) in which case we
just default to MMPDU_REASON_CODE_UNSPECIFIED.

Rather than continue with the pattern of setting netdev->result and
now netdev->last_status_code, the netdev_connect_failed function was
redefined so its no longer used as both a NL80211 callback and called
directly. Instead a new function was added, netdev_disconnect_cb which
just calls netdev_connect_failed. netdev_disconnect_cb should not be
used for all the NL80211 disconnect commands. Now netdev_connect_failed
takes both a result and status code which it sets in the netdev object.
In the case where we were using netdev_connect_failed as a callback we
still need to set the result and last_status_code but at least this is
better than having to set those in all cases.
2019-01-24 16:54:39 -06:00
Marcel Holtmann
39ee15dbc3 build: Provide modules-load.d for loading pkcs8_key_parser module 2019-01-23 18:22:11 +01:00
Andrew Zaborowski
c9490ce657 crypto: Optimize hkdf_expand slightly
Remove an unneeded buffer and its memcpy, remove the now unneeded use of
l_checksum_digest_length and use l_checksum_reset instead of creating a
new l_checksum for each chunk.
2019-01-22 11:40:07 -06:00
James Prestwood
922506105e owe: allow group 20 + group negotiation
ELL ECC supports group 20 (P384) so OWE can also support it. This also
adds group negotiation, where OWE can choose a different group than the
default if the AP requests it.

A check needed to be added in netdev in order for the negotiation to work.
The RFC says that if a group is not supported association should be rejected
with code 77 (unsupported finite cyclic group) and association should be
started again. This rejection was causing a connect event to be emitted by
the kernel (in addition to an associate event) which would result in netdev
terminating the connection, which we didn't want. Since OWE receives the
rejected associate event it can intelligently decide whether it really wants
to terminate (out of supported groups) or try the next available group.

This also utilizes the new MIC/KEK/KCK length changes, since OWE dictates
the lengths of those keys.
2019-01-17 15:24:56 -06:00
James Prestwood
d79b2b28ec eapol: use HMAC-SHA384 for OWE in MIC calculation 2019-01-17 15:20:28 -06:00
James Prestwood
7bfaf182e6 crypto: allow hkdf_expand/extract to use different SHA's
Rather than hard coding to SHA256, we can pass in l_checksum_type
and use that SHA. This will allow for OWE/SAE/PWD to support more
curves that use different SHA algorithms for hashing.
2019-01-17 15:20:28 -06:00
James Prestwood
90c39afd61 handshake: add OWE to get_ptk_size
OWE defines KEK/KCK lengths depending on group. This change adds a
case into handshake_get_key_sizes. With OWE we can determine the
key lengths based on the PMK length in the handshake.
2019-01-17 15:20:28 -06:00
James Prestwood
532c9a5521 eapol: Add OWE cases for different key lengths
In preparation for OWE supporting multiple groups eapol needed some
additional cases to handle the OWE AKM since OWE dictates the KEK,
KCK and MIC key lengths (depending on group).
2019-01-17 15:20:28 -06:00
James Prestwood
2c82d6b223 crypto: pass PMK length to crypto_derive_pairwise_ptk
Right now the PMK is hard coded to 32 bytes, which works for the vast
majority of cases. The only outlier is OWE which can generate a PMK
of 32, 48 or 64 bytes depending on the ECC group used. The PMK length
is already stored in the handshake, so now we can just pass that to
crypto_derive_pairwise_ptk
2019-01-17 15:20:28 -06:00
James Prestwood
6771a06463 crypto/handshake/eapol: Allow other PTK lengths
The crypto_ptk was hard coded for 16 byte KCK/KEK. Depending on the
AKM these can be up to 32 bytes. This changes completely removes the
crypto_ptk struct and adds getters to the handshake object for the
kck and kek. Like before the PTK is derived into a continuous buffer,
and the kck/kek getters take care of returning the proper key offset
depending on AKM.

To allow for larger than 16 byte keys aes_unwrap needed to be
modified to take the kek length.
2019-01-17 15:20:28 -06:00
James Prestwood
374b367ba4 eapol: allow 16, 24 and 32 byte MIC lengths
The MIC length was hard coded to 16 bytes everywhere, and since several
AKMs require larger MIC's (24/32) this needed to change. The main issue
was that the MIC was hard coded to 16 bytes inside eapol_key. Instead
of doing this, the MIC, key_data_length, and key_data elements were all
bundled into key_data[0]. In order to retrieve the MIC, key_data_len,
or key_data several macros were introduced which account for the MIC
length provided.

A consequence of this is that all the verify functions inside eapol now
require the MIC length as a parameter because without it they cannot
determine the byte offset of key_data or key_data_length.

The MIC length for a given handshake is set inside the SM when starting
EAPoL. This length is determined by the AKM for the handshake.
2019-01-17 15:20:28 -06:00
Tim Kourt
80d4e9b572 station: Default to active scan if MAC randomization is present
This patch also simplifies the scan type selection logic.
2019-01-16 15:05:38 -06:00
James Prestwood
55a7e9d82a pwd/sae/owe: update to use l_ecc_curve_get_ike_group 2019-01-16 15:05:06 -06:00
Tim Kourt
71b10ab271 scan: Enable the usage of MAC randomization flag 2019-01-16 13:02:25 -06:00
Tim Kourt
81d570572e wiphy: Add MAC randomization feature check API 2019-01-16 13:01:12 -06:00
James Prestwood
37cfec01a2 crypto: add hmac_sha384
To support OWE group 20, which uses HMAC-SHA384 for hashing the PMK
2019-01-15 15:07:26 -06:00
James Prestwood
8e7da821f9 handshake: store PMK length
Non-802.11 AKMs can define their own key lengths. Currently only OWE does
this, and the MIC/KEK/KCK lengths will be determined by the PMK length so
we need to save it.
2019-01-15 14:57:53 -06:00
Andrew Zaborowski
2600c446ab netdev: Skip a memcpy when no data to copy 2019-01-15 07:40:51 -06:00
Andrew Zaborowski
52b3268b78 netdev: Allow NULL prefix in netdev_frame_watch_add
Make sure we don't pass NULLs to memcmp or l_memdup when the prefix
buffer is NULL.  There's no point having callers pass dummy buffers if
they need to watch frames independent of the frame data.
2019-01-15 07:40:51 -06:00
Andrew Zaborowski
8aa306fddc eap-wsc: Use new l_key DH helper functions
Start using l_key_generate_dh_private and l_key_validate_dh_payload to
check for the disallowed corner case values in the DH private/public
values generated/received.
2019-01-14 15:20:50 -06:00
Tim Kourt
726bf9d8e4 eap: Make Identity optional
Some of the EAP methods don't require a clear-text identity to
be sent with the Identity Response packet. The mandatory identity
filed has resulted in unnecessary transmission of the garbage
values. This patch makes the Identity field to be optional and
shift responsibility to ensure its existence to the individual
methods if the field is required. All necessary identity checks
have been previously propagated to individual methods.
2019-01-11 17:36:33 -06:00
Denis Kenzior
782bd4a7ae network: Reset connected_time when forgetting
If a network is being forgotten, then make sure to reset connected_time.
Otherwise the rank logic thinks that the network is known which can
result in network_find_rank_index returning -1.

Found by sanitizer:
src/network.c:1329:23: runtime error: index -1 out of bounds for type
	'double [64]'
2019-01-11 17:28:10 -06:00
Denis Kenzior
e256cbaba9 eapol: Don't memcpy if no extra data
As reported by the sanitizer:

src/eapol.c:574:2: runtime error: null pointer passed as argument 2,
	which is declared to never be null
2019-01-11 17:10:47 -06:00
Denis Kenzior
30cf1aa376 mpdu: Fix buffer overflow reported by asan
==25412==ERROR: AddressSanitizer: global-buffer-overflow on address 0x000000421ab0 at pc 0x000000402faf bp 0x7fffffffdb00 sp 0x7fffffffdaf0
READ of size 4 at 0x000000421ab0 thread T0
    #0 0x402fae in validate_mgmt_ies src/mpdu.c:128
    #1 0x403ce8 in validate_probe_request_mmpdu src/mpdu.c:370
    #2 0x404ef2 in validate_mgmt_mpdu src/mpdu.c:662
    #3 0x405166 in mpdu_validate src/mpdu.c:706
    #4 0x402529 in ie_order_test unit/test-mpdu.c:156
    #5 0x418f49 in l_test_run ell/test.c:83
    #6 0x402715 in main unit/test-mpdu.c:171
    #7 0x7ffff5d43ed9 in __libc_start_main (/lib64/libc.so.6+0x20ed9)
    #8 0x4019a9 in _start (/home/denkenz/iwd-master/unit/test-mpdu+0x4019a9)
2019-01-11 11:43:21 -06:00
James Prestwood
c2189bc67e sae: fix one-off error in sae_is_quadradic_residue
This fixes the valgrind warning:

==14804== Conditional jump or move depends on uninitialised value(s)
==14804==    at 0x402E56: sae_is_quadradic_residue (sae.c:218)
==14804==    by 0x402E56: sae_compute_pwe (sae.c:272)
==14804==    by 0x402E56: sae_build_commit (sae.c:333)
==14804==    by 0x402E56: sae_send_commit (sae.c:591)
==14804==    by 0x401CC3: test_confirm_after_accept (test-sae.c:454)
==14804==    by 0x408A28: l_test_run (test.c:83)
==14804==    by 0x401427: main (test-sae.c:566)
2019-01-11 11:19:17 -06:00
Tim Kourt
e57f46df30 eap-ttls: Add tunneled MSCHAPv2 support 2019-01-10 17:26:19 -06:00
Tim Kourt
fd2c34cebc eap-ttls: Use method object in phase2 reset/destroy 2019-01-10 17:23:18 -06:00
Tim Kourt
9d1e2fa85b eap-ttls: Change signature of Phase 2 reset method 2019-01-10 17:22:56 -06:00
Tim Kourt
f924974e62 eap-ttls: Allow NULL state for Phase 2 2019-01-10 17:22:42 -06:00
Tim Kourt
af297039b1 eap-ttls: Extract credentials into dedicated struct 2019-01-10 17:18:45 -06:00
Tim Kourt
bb4e1ebd4f eap-mschapv2: Warn if required fields are missing 2019-01-10 17:12:55 -06:00
Tim Kourt
bfb69e930f eap-mschapv2: Fix domain name usage in username
The domain name must be excluded from the username only for the NT
challenge calculations and left in place for everything else.
2019-01-10 17:12:28 -06:00
Tim Kourt
3a71cf458b mschaputil: Move generator of the hash of the pwd hash 2019-01-10 17:09:10 -06:00
Tim Kourt
c8f071c67c mschaputil: Rearrange ops to fail early 2019-01-10 17:07:59 -06:00
Tim Kourt
cd00416168 mschaputil: Exlude domain name from challenge generation 2019-01-10 17:07:38 -06:00
Tim Kourt
5d9d00fac3 mschaputil: Adapt mschapv2 to re-use mschap ops
In addition, it refactors code to use l_util_hexstring_upper
2019-01-10 17:04:52 -06:00
Tim Kourt
6ffa1cf58a mschaputil: Move mschapv2 funcs into common util 2019-01-10 16:48:45 -06:00
Denis Kenzior
9b722197ba ecc: Remove remaining ECC/ECDH files
ECC primitives have now been fully converted / moved to ell.
2019-01-10 16:27:09 -06:00
James Prestwood
73dd0602fd sae: verify peer element for valid point
The return from l_ecc_point_from_data was not being checked for NULL,
which would cause a segfault if the peer sent an invalid point.
This adds a check and fails the protocol if p_element is NULL, as the
spec defines.
2019-01-10 16:26:29 -06:00
James Prestwood
48f5a051bc sae: update SAE to use ELL API's 2019-01-10 14:28:02 -06:00
James Prestwood
1d66ee0dd5 eap-pwd: update to use ELL ECC API's 2019-01-10 14:27:10 -06:00
Denis Kenzior
12189fcf39 conf: Increase default eapool handshake timeout 2019-01-09 21:13:53 -06:00
Andrew Zaborowski
d242cfc9e9 owe: Update l_ecdh_generate_shared_secret parameters 2018-12-28 12:32:14 -06:00
Andrew Zaborowski
8f9408efc7 eap-tls-common: Call the new l_tls_start 2018-12-19 10:05:35 -06:00
Andrew Zaborowski
6bf365d9a4 eapol: Check handshake_state_get_pmkid return value
Don't proceed with the handshake if handshake_state_get_pmkid fails
(shouldn't happen, but it's an error situation)
2018-12-19 10:05:16 -06:00
Tim Kourt
9d9f8331fa eap-tls-common: Increase log level for the common warning 2018-12-17 14:07:07 -06:00
Tim Kourt
a98089ed65 eap-tls-common: Add missing data 2018-12-17 14:06:59 -06:00
Denis Kenzior
686f515e04 eap-ttls: Bump up buffer sizes to quiet warnings
src/eap-ttls.c:766:50: error: ‘Password’ directive output may be truncated writing 8 bytes into a region of size between 1 and 72 [-Werror=format-truncation=]
  snprintf(password_key, sizeof(password_key), "%sPassword", prefix);
                                                  ^~~~~~~~
In file included from /usr/include/stdio.h:862,
                 from src/eap-ttls.c:28:
/usr/include/bits/stdio2.h:64:10: note: ‘__builtin___snprintf_chk’ output between 9 and 80 bytes into a destination of size 72
   return __builtin___snprintf_chk (__s, __n, __USE_FORTIFY_LEVEL - 1,
          ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        __bos (__s), __fmt, __va_arg_pack ());
        ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
2018-12-17 11:21:55 -06:00
Andrew Zaborowski
961e6d1480 eap-tls: Replace l_pem_load_certificate() with newer functions
Stop using l_pem_load_certificate which has been removed from ell, use
the same functions to load certificate files to validate them as those
used by the TLS implementation itself.
2018-12-17 11:18:42 -06:00
Tim Kourt
cff86c8419 eap-ttls: Propagate status of challenge generator 2018-12-14 14:18:22 -06:00
James Prestwood
c2094c5e04 ecdh: remove ECDH and unit tests
ECDH was moved into ell and is no longer needed in IWD
2018-12-12 11:12:27 -06:00
James Prestwood
e11c157478 owe: updated to use ell ECDH/ECC API's 2018-12-12 11:12:24 -06:00
Tim Kourt
fb656ff87a eap-tls-common: Make databuf private 2018-12-11 17:09:51 -06:00
Andrew Zaborowski
529ae6e683 eap-tls: Check AP identity in tls ready callbck
Check that the TLS logic has verified the server is trusted by the CA if
one was configured.  This is more of an assert as ell intentionally only
allows empty certificate chains from the peer in server mode (if a CA
certficate is set) although this could be made configurable.
2018-12-10 12:04:56 -06:00
Andrew Zaborowski
57ce6d0ca5 station: Check network_get_psk/passphrase return values
Check the returned values are not NULL.
2018-12-10 12:04:53 -06:00
Tim Kourt
610f9d28f0 eap-ttls: Migrate to eap-tls-common framework
The conversion transitions EAP-TTLS implementation to use a
common Phase 1 implementation shared among all TLS based
EAP methods.
2018-12-05 22:57:36 -06:00
Tim Kourt
84eda62823 eap-tls-common: ACK first fragment with missing M bit 2018-12-05 22:55:02 -06:00
Tim Kourt
30dfe9225c eap-peap: Migrate to eap-tls-common framework
The conversion transitions EAP-PEAP implementation to use a
common Phase 1 implementation shared among all TLS based
EAP methods.
2018-12-05 22:31:17 -06:00
Tim Kourt
4b9970bd99 eap-tls-common: Add comment 2018-12-05 22:26:29 -06:00
Denis Kenzior
94b7a69146 eap-tls-common: Fix typo 2018-12-05 11:55:00 -06:00
Tim Kourt
aafa4d50bb eap-tls: Migrate to eap-tls-common framework
The conversion transitions EAP-TLS implementation to use a
common Phase 1 implementation shared among all TLS based
EAP methods.
2018-12-05 11:53:59 -06:00
Tim Kourt
645b72be06 eap-tls-common: Validate successful loading of keys/certs 2018-12-05 11:33:47 -06:00
Tim Kourt
f1f826ee81 eap-tls-common: Handle packet payload 2018-12-05 11:33:06 -06:00
Andrew Zaborowski
b375191c61 scan: Drop the wiphy_id scan callback parameter 2018-12-04 10:36:17 -06:00
Andrew Zaborowski
e4858d6da3 scan: Refactor scan request and periodic scan logic
This should not change the behaviour except for fixing a rare crash
due to scan_cancel not working correctly when cancelling the first scan
request in the queue while a periodic scan was running, and potentially
other corner cases.  To be able to better distinguish between a periodic
scan in progress and a scan request in progress add a sc->current_sr
field that points either at a scan request or is NULL when a periodic
scan is in ongoing.  Move the triggered flag from scan_request and
scan_preiodic directly to scan_context so it's there together with
start_cmd_id.  Hopefully make scan_cancel simpler/clearer.

Note sc->state and sc->triggered have similar semantics so one of them
may be easily removed.  Also the wiphy_id parameter to the scan callback
is rather useless, note I temporarily pass 0 as the value on error but
perhaps it should be dropped.
2018-12-04 10:32:57 -06:00
Tim Kourt
f07119b33a eap-tls-common: Add tunnel API for send, close 2018-12-04 10:25:24 -06:00
Tim Kourt
6490ecd615 eap-tls-common: Add accessors for variant data and ver 2018-12-04 10:23:49 -06:00
Tim Kourt
663cf9931e eap-tls-common: Expose PRF 2018-12-04 10:22:00 -06:00
Tim Kourt
8dc9276800 eap-tls-common: Make send empty response func. public 2018-12-04 10:21:28 -06:00
Tim Kourt
779f668ab9 eap-tls-common: Introduce variant data and reset API 2018-12-04 10:19:55 -06:00
Tim Kourt
bb98101bd4 eap-tls-common: Handle response retransmission 2018-12-04 10:19:20 -06:00
Tim Kourt
9df7785fee eap-tls-common: Add phase 2 failure flag
This flag is used by the extensions to signal the failure
during phase 2 execution.
2018-12-04 10:18:53 -06:00
Tim Kourt
c1f791afc4 eap-tls-common: Handle common tunnel ready cb 2018-12-04 10:18:11 -06:00
Tim Kourt
c2d3a84e3a eap-tls-common: Add method completion flag
This flag prevents methods from restarting
2018-12-04 10:16:36 -06:00
Tim Kourt
c35c91ad20 eap-tls-common: Add support for fragmented response 2018-12-04 10:14:39 -06:00
Tim Kourt
718f967d17 eap-tls-common: Add basic send response 2018-12-04 10:13:24 -06:00
Tim Kourt
802891fcc3 eap-tls-common: Add tunneled data handling 2018-12-04 10:04:07 -06:00
Tim Kourt
edfc070d96 eap-tls-common: Add tls tunnel 2018-12-04 10:03:07 -06:00
Tim Kourt
c865eaa141 eap-tls-common: Add support for the fragmented requests 2018-12-03 14:31:16 -06:00
Tim Kourt
36e2252606 eap-tls-common: Add basic request handling
This also introduces the version negotiation
2018-12-03 14:31:16 -06:00
Tim Kourt
7aa35bf6c7 eap-tls-common: Introduce eap_tls_variant_ops
eap_tls_variant_ops will allow methods such as TTLS, PEAP,
etc. to specify their own handlers for the Phase 2 operations.
2018-12-03 14:31:16 -06:00
Andrew Zaborowski
47bb5b5f72 network: Generate the PSK as soon as we have a passphrase
In the name of failing earlier try to generate the PSK from the
passphrase as soon as we receive the passphrase or read it from the
file, mainly to validate it has the right number of characters.
The passphrase length currently gets validates inside
crypto_psk_from_passphrase which will be called when we receive a new
passphrase from the agent or when the config file has no PSK in it.  We
do not do this when there's already both the PSK and the passphrase
available in the settings -- we can add that separately if needed.
2018-12-03 14:17:30 -06:00
Andrew Zaborowski
0d3f16ec5e scan: Call .destroy in scan_request_free
The main difference with this is that scan_context removal will also
trigger the .destroy calls.  Normally there won't be any requests left
during scan_context but if there were any we should call destroy on
them.
2018-12-03 11:42:32 -06:00
Denis Kenzior
5b3ae4c40c wsc: Only add WSC interface if netdev is UP 2018-11-29 11:45:20 -06:00
Denis Kenzior
9e1ba84f26 device: Restore device Powered state
After wiphy comes out of the rfkill state and is again powered, restore
the device state to Powered if needed.
2018-11-29 11:34:07 -06:00
Denis Kenzior
0dd8114970 wiphy: Add wiphy state watch add / remove 2018-11-29 11:22:50 -06:00
Denis Kenzior
9be982b460 wiphy: Introduce wiphy_new 2018-11-29 11:22:07 -06:00
Denis Kenzior
52771de1a5 eapol: Further relax PMKID check
If we haven't sent a PMKID, and we're not running EAP, then ignore
whatever PMKID the AP sends us.  Frequently the APs send us garbage in
this field.  For PSK and related AKMs, if the PMK is wrong, then we
simply fail to generate a proper MIC and the handshake would fail at a
later stage anyway.
2018-11-28 19:06:33 -06:00
Tim Kourt
0536a9bdd5 scan: Fix failure handling in common scan triggering logic
Fix incorrect usage of the caller’s scan triggered callback.
In case of a failure, destroy scan request and notify caller
about the issue by returning zero scan id instead of calling
callers’ scan triggered callback with an error code.
2018-11-26 18:16:11 -06:00
Shaleen Jain
d9c89e89c6 iwd.service: restart service on crash 2018-11-26 14:38:07 -06:00
Andreas Henriksson
b6910e1210 build: only enable backtrace(3) in maintainer mode
Using backtrace() is of no use when building with PIE (which most
distro compilers do by default) and prevents catching the coredump
for later retracing, which is needed since distros usually don't
install debug symbols by default either.

This patch thus only enables backtrace() when --enable-maintainer-mode
is passed and also tries to explicitly disable PIE.
2018-11-26 14:32:04 -06:00
Andrew Zaborowski
95c05d447b scan: Fix confusing identation 2018-11-21 11:28:48 -06:00
Denis Kenzior
e609981b61 eap-tls-common: Update to private key API changes 2018-11-21 11:28:34 -06:00
Andrew Zaborowski
299af7fc39 eap-tls, ttls, peap: Update for private key API changes 2018-11-21 11:25:03 -06:00
Tim Kourt
bdcff2cdde eap: Add accessors for the method name and type 2018-11-19 17:10:53 -06:00
Tim Kourt
87c411f816 eap-tls-common: Introduce a common tls state and load settings 2018-11-19 17:10:53 -06:00
Tim Kourt
514d442db1 eap-tls-common: Add check for phase one settings 2018-11-19 17:10:53 -06:00
Denis Kenzior
1e6df6a226 ecdh: Fix warning 2018-11-19 14:27:17 -06:00
James Prestwood
c3abfde025 ecdh: make key byte ordering consistent
ECDH was expecting the private key in LE, but the public key in BE byte ordering.
For consistency the ECDH now expect all inputs in LE byte ordering. It is up to
the caller to order the bytes appropriately.

This required adding some ecc_native2be/be2native calls in OWE
2018-11-19 13:46:28 -06:00
Andrew Zaborowski
d7dc6606de eap-tls, ttls, peap: Update for l_tls API changes 2018-11-19 13:03:38 -06:00
Denis Kenzior
53db703773 netdev: Fix style 2018-11-19 12:09:27 -06:00
Denis Kenzior
adb14dfca5 netdev: Fix typo 2018-11-19 11:53:30 -06:00
James Prestwood
576c6dc9f3 netdev/station: Add OWE support
The changes to station.c are minor. Specifically,
station_build_handshake_rsn was modified to always build up the RSN
information, not just for SECURITY_8021X and SECURITY_PSK. This is
because OWE needs this RSN information, even though it is still
SECURITY_NONE. Since "regular" open networks don't need this, a check
was added (security == NONE && akm != OWE) which skips the RSN
building.

netdev.c needed to be changed in nearly the same manor as it was for
SAE. When connecting, we check if the AKM is for OWE, and if so create
a new OWE SM and start it. OWE handles all the ECDH, and netdev handles
sending CMD_AUTHENTICATE and CMD_ASSOCIATE when triggered by OWE. The
incoming authenticate/associate events just get forwarded to OWE as they
do with SAE.
2018-11-19 11:51:02 -06:00
James Prestwood
8978f8c43f owe: added OWE module
This module is similar to SAE in that it communicates over authenticate
and associate frames. Creating a new OWE SM requires registering two TX
functions that handle sending the data out over CMD_AUTHENTICATE/ASSOCIATE,
as well as a complete function.

Once ready, calling owe_start will kick off the OWE process, first by
sending out an authenticate frame. There is nothing special here, since
OWE is done over the associate request/response.

After the authenticate response comes in OWE will send out the associate
frame which includes the ECDH public key, and then receive the AP's
public key via the associate response. From here OWE will use ECDH to
compute the shared secret, and the PMK/PMKID. Both are set into the
handshake object.

Assuming the PMK/PMKID are successfully computed the OWE complete callback
will trigger, meaning the 4-way handshake can begin using the PMK/PMKID
that were set in the handshake object.
2018-11-16 18:06:42 -06:00
James Prestwood
60555ece3b handshake: added OWE AKM to handshake_state_derive_ptk 2018-11-16 17:03:06 -06:00
James Prestwood
126993b9e3 eapol: Add OWE to MIC calculate/verify
This allows eapol to work with the OWE AKM type. Similar shortcuts were
taken as with SAE since, for now, both only support a single ECC group.
2018-11-16 17:02:13 -06:00
James Prestwood
d19b1bb85e wiphy: Handle OWE AKM for SECURITY_TYPE_NONE 2018-11-16 16:59:59 -06:00
James Prestwood
ef544dfc6e common: Classify OWE networks as open 2018-11-16 16:59:59 -06:00
James Prestwood
8740abb60e netdev: add translation for OWE AKM type 2018-11-16 16:59:59 -06:00
James Prestwood
3293bd9933 ie: add OWE AKM type
Added a new AKM suite, IE_RSN_AKM_SUITE_OWE.
2018-11-16 16:59:45 -06:00
Tim Kourt
e4a76018fd scan: Make periodic scan optional 2018-11-16 16:42:00 -06:00
James Prestwood
40685e8fe3 crypto: implement HKDF-Expand (RFC 5869)
This will be required by OWE
2018-11-16 16:38:28 -06:00
James Prestwood
0b42ca7c30 crypto: renamed hkdf_256
The RFC (5869) for this implementation defines two functions,
HKDF-Extract and HKDF-Expand. The existing 'hkdf_256' was implementing
the Extract function, so it was renamed appropriately. The name was
changed for consistency when the Expand function will be added in the
future.
2018-11-16 16:30:22 -06:00
James Prestwood
5811e72940 ecdh: added ECDH module 2018-11-16 16:25:17 -06:00
James Prestwood
9b204a8c7e ie: add IE_TYPE_OWE_DH_PARAM to IE list 2018-11-16 16:20:59 -06:00
Denis Kenzior
712a92cc4c network: Simplify is_rsn logic
In the current version SECURITY_PSK was handled inside the is_rsn block
while the SECURITY_8021X was off in its own block.  This was weird and a
bit misleading.  Simplify the code flow through the use of a goto and
decrease the nesting level.

Also optimize out unnecessary use of scan_bss_get_rsn_info
2018-11-15 11:37:20 -06:00
Denis Kenzior
5bfbdd5a01 network: Check Autoconnectable as the first condition 2018-11-15 11:31:39 -06:00
Denis Kenzior
c146490567 network: Introduce __bss_is_sae
This takes an rsn_info pointer directly so that some calls to
scan_bss_get_rsn_info can be optimized
2018-11-15 11:29:13 -06:00
Denis Kenzior
3d549e457d scan: make scan_bss_get_rsn_info const correct 2018-11-15 11:28:46 -06:00
James Prestwood
ad242a796a network: fix 8021x autoconnect
In network_autoconnect, when the network was SECURITY_8021X there was no
check (for SECURITY_PSK) before calling network_load_psk. Since the
provisioning file was for an 8021x network neither PreSharedKey or
Passphrase existed so this would always fail. This fixes the 8021x failure
in testConnectAutoconnect.
2018-11-15 11:20:06 -06:00
James Prestwood
07c870df55 station: only set 8021x config on 8021x networks
During the handshake setup, if security != SECURITY_PSK then 8021x settings
would get set in the handshake object. This didn't appear to break anything
(e.g. Open/WEP) but its better to explicitly check that we are setting up
an 8021x network.
2018-11-14 20:47:42 -06:00
Peter Seiderer
7d6e11ddd5 main: Fix __iwd_backtrace_init() availability detection
Check for HAVE_EXECINFO_H for all __iwd_backtrace_init usages.

Fixes:

  src/main.o: In function `main':
  main.c:(.text.startup+0x798): undefined reference to `__iwd_backtrace_init'
  collect2: error: ld returned 1 exit status
2018-11-10 19:09:14 +01:00
Denis Kenzior
6df62ab68e station: Update to the new GetHiddenAccessPoints API 2018-11-09 14:06:20 -06:00
Denis Kenzior
5f8c20f455 netdev: Enable ControlPortOverNL80211 by default 2018-11-09 11:52:09 -06:00
Denis Kenzior
8732a9f38a main: Add checks for asymmetric key support
Tell the user that Kernel 4.20 with asymmetric key support enabled is
required to support TLS based (EAP/PEAP/TTLS) WPA-Enterprise methods.
2018-11-09 11:50:29 -06:00
Tim Kourt
8c1992feb2 station: Introduce GetHiddenStations API call 2018-11-09 11:34:43 -06:00
Tim Kourt
f803b0439b station: Introduce an ordered list of hidden stations
A sorted list of hidden network BSSs observed in the recent scan
is kept for the informational purposes of the clients. In addition,
it has deprecated the usage of seen_hidden_networks variable.
2018-11-09 11:34:43 -06:00
Andrew Zaborowski
0b5dceab27 network: Don't require PSK if Passphrase present
Refactor the network->psk and network->passphrase loading and saving
logic to not require the PreSharedKey entry in the psk config file and
to generate network->psk lazily on request.  Still cache the computed
PSK in memory and in the .psk file to avoid recomputing it which uses
many syscalls.  While there update the ask_psk variable to
ask_passphrase because we're specifically asking for the passphrase.
2018-11-05 12:43:16 -06:00
Patrik Flykt
0b1e6cc3e5 scan: Log BSSID in messages
If there is an error with the BSSID information, log the BSSID
station address to catch the offending Access Point.
2018-11-05 12:29:41 -06:00
Patrik Flykt
7ec8fd6776 ie: Fix up broken Access Point with too many rates added
According to the specification, Supported rates IE is supposed
to have a maximum length of eight rate bytes. In the wild an
Access Point is found to add 12 bytes of data instead of placing
excess rate bytes in an Extended Rates IE.

BSS: len 480
    BSSID 44:39:C4:XX:XX:XX
    Probe Response: true
    TSF: 0 (0x0000000000000000)
    IEs: len 188
...
        Supported rates:
            1.0(B) 2.0(B) 5.5(B) 6.0(B) 9.0 11.0(B) 12.0(B) 18.0 Mbit/s
            24.0(B) 36.0 48.0 54.0 Mbit/s
            82 84 8b 8c 12 96 98 24 b0 48 60 6c              .......$.H`l
        DSSS parameter set: channel 3
            03
...

Any following IEs decode nicely, thus it seems that we can relax
Supported Rates IE length handling to support this thermostat.
2018-11-05 12:07:22 -06:00
Patrik Flykt
c68ae2f00b main: Log optimized implementations only when they exist
Log optimized implementations strings only when the hashmap contains
items in order to avoid an unnecessary line of text with no members
printed out.
2018-11-05 11:52:48 -06:00
Denis Kenzior
c4153941af netdev: Use l_genl_family_unicast_handler 2018-11-02 15:53:07 -05:00
James Prestwood
1d62f4ec0e eapol: remove unused public eapol functions from header
After moving AP EAPoL code into eapol.c there were a few functions that
no longer needed to be public API's. These were changed to static's and
the header definition was removed.
2018-11-02 14:05:44 -05:00
Marcel Holtmann
554e4f55db build: Fix includes for using with -std=c99 compiler option 2018-11-01 22:37:11 +01:00
Marcel Holtmann
72a64fa7fb build: Adjust to the latest ELL signal API changes 2018-11-01 22:09:19 +01:00
Andrew Zaborowski
e4222d0ebe eap-tls: Set upper limit on request size
Set an upper limit on a fragmented EAP-TLS request size similar to how
we do it in EAP-TTLS.  While there make the code more similar to the
EAP-TTLS flag processing to keep them closer in sync.  Note that the
spec suggests a 64KB limit but it's not clear if that is for the TLS
record or EAP request although it takes into account the whole TLS
negotiation so it might be good for both.
2018-11-01 15:04:56 -05:00
Andrew Zaborowski
0b71b034c1 eap-tls/ttls/peap: Conditionally enable TLS debugging
Print the TLS debug messages if IWD_TLS_DEBUG is set.
2018-11-01 15:04:56 -05:00
Marcel Holtmann
a011909556 main: Use l_main_run_with_signal instead of open coding it 2018-11-01 19:56:16 +01:00
Marcel Holtmann
38e831afa0 main: Make genl and nl80211 global variables static 2018-11-01 19:55:54 +01:00
Marcel Holtmann
013bae6d3d eapol: Make eapol_frame_watch_{add,remove} functions static 2018-11-01 10:27:22 +01:00
Marcel Holtmann
9335602ba0 network: Removed unneeded include for src/watchlist.h 2018-11-01 10:19:26 +01:00
Marcel Holtmann
e1c391a76b wsc: Removed unneeded include for src/watchlist.h 2018-11-01 10:17:54 +01:00
Denis Kenzior
7699c8ab1e eap-ttls: Handle redundant L flags
Some of the TTLS server implementations set the L flag in the fragment
packets other than the first one. To stay interoperable with such devices,
iwd is relaxing the L bit check.
2018-10-30 15:47:57 -05:00
Denis Kenzior
5cc60d18cc eap-md5: Add warning about deprecated settings key 2018-10-29 18:49:19 -05:00
Tim Kourt
99c685940a eap-md5: Standardize setting keys
Switch EAP-MD5 to use the common password setting key nomenclature.
The key name has been changed from PREFIX-MD5-Secret to PREFIX-Password.
Note: The old key name is supported.
In addition, this patch adds an ability to request Identity and/or
Password from user.
2018-10-29 18:46:07 -05:00
James Prestwood
b9029aaf65 adhoc: wait for both handshakes before adding peer
Adhoc was not waiting for BOTH handshakes to complete before adding the
new peer to the ConnectedPeers property. Actually waiting for the gtk/igtk
(in a previous commit) helps with this, but adhoc also needed to keep track
of which handshakes had completed, and only add the peer once BOTH were done.
This required a small change in netdev, where we memcmp the addresses from
both handshakes and only set the PTK on one.
2018-10-26 15:29:48 -05:00
James Prestwood
e678d6655f netdev: signal handshake complete after setting all keys
Currently, netdev triggers the HANDSHAKE_COMPLETE event after completing
the SET_STATION (after setting the pairwise key). Depending on the timing
this may happen before the GTK/IGTK are set which will result in group
traffic not working initially (the GTK/IGTK would still get set, but group
traffic would not work immediately after DBus said you were connected, this
mainly poses a problem with autotests).

In order to fix this, several flags were added in netdev_handshake_state:
ptk_installed, gtk_installed, igtk_installed, and completed. Each of these
flags are set true when their respective keys are set, and in each key
callback we try to trigger the handshake complete event (assuming all the
flags are true). Initially the gtk/igtk flags are set to true, for reasons
explained below.

In the WPA2 case, all the key setter functions are called sequentially from
eapol. With this change, the PTK is now set AFTER the gtk/igtk. This is
because the gtk/igtk are optional and only set if group traffic is allowed.
If the gtk/igtk are not used, we set the PTK and can immediately trigger the
handshake complete event (since gtk_installed/igtk_installed are initialized
as true). When the gtk/igtk are being set, we immediately set their flags to
false and wait for their callbacks in addition to the PTK callback. Doing it
this way handles both group traffic and non group traffic paths.

WPA1 throws a wrench into this since the group keys are obtained in a
separate handshake. For this case a new flag was added to the handshake_state,
'wait_for_gtk'. This allows netdev to set the PTK after the initial 4-way,
but still wait for the gtk/igtk setters to get called before triggering the
handshake complete event. As a precaution, netdev sets a timeout that will
trigger if the gtk/igtk setters are never called. In this case we can still
complete the connection, but print a warning that group traffic will not be
allowed.
2018-10-26 15:26:49 -05:00
Marcel Holtmann
9b2bb2723f crypto: Use full include path local includes 2018-10-26 21:35:27 +02:00
Marcel Holtmann
77710f9765 simauth: Use full include path local includes 2018-10-26 21:34:58 +02:00
Marcel Holtmann
515c130549 storage: Use full include path local includes 2018-10-26 21:34:00 +02:00
Marcel Holtmann
0b93fde3b4 wscutil: Use full include path local includes 2018-10-26 21:33:38 +02:00
Marcel Holtmann
162e6a19f6 watchlist: Use full include path local includes 2018-10-26 21:33:01 +02:00
Marcel Holtmann
1eaca1f8e1 mscaputil: Use full include path local includes 2018-10-26 21:32:20 +02:00
Marcel Holtmann
3fa63ede50 eapol: Use full include path local includes 2018-10-26 21:31:52 +02:00
Marcel Holtmann
c2d0517228 knownnetworks: Use full include path local includes 2018-10-26 21:30:44 +02:00
Marcel Holtmann
e92b976663 ecc: Use full include path local includes 2018-10-26 21:29:45 +02:00
Marcel Holtmann
42cfaeb265 sae: Use full include path local includes 2018-10-26 21:29:08 +02:00
Marcel Holtmann
785be02ee5 mpdu: Use full include path local includes 2018-10-26 21:28:10 +02:00
Marcel Holtmann
52f7f1dea2 handshake: Use full include path local includes 2018-10-26 21:27:01 +02:00
Marcel Holtmann
23a7fafec6 ie: Use full include path for local includes 2018-10-26 21:26:17 +02:00
Marcel Holtmann
be5bf7ee15 util: Only include <ell/ell.h> and use full include path 2018-10-26 21:24:20 +02:00
Denis Kenzior
a2efe2d2de eap-pwd: Warn if deprecated setting is used 2018-10-25 14:52:30 -05:00