3
0
mirror of https://git.kernel.org/pub/scm/network/wireless/iwd.git synced 2024-12-27 19:22:34 +01:00
Commit Graph

3524 Commits

Author SHA1 Message Date
Tim Kourt
4fa5a9869b client: Add arg completion for the known networks
Enables tab-completion for the network names in known networks
command family. In addition, tab-completion is added for the
entity commands.
2019-04-11 10:51:13 -05:00
James Prestwood
43c1bdfd62 sae: check if server point/scalar is valid
Reported-By: Mathy Vanhoef <Mathy.Vanhoef@nyu.edu>
2019-04-11 10:19:54 -05:00
James Prestwood
9192f506d3 eap-pwd: check if server point/scalar is valid
Reported-By: Mathy Vanhoef <Mathy.Vanhoef@nyu.edu>
2019-04-11 10:19:38 -05:00
James Prestwood
f9d92d6cdd eap: add eap_get_identity 2019-04-10 16:57:07 -05:00
James Prestwood
81fc6a687e handshake: add flag for FILS support
The handshake_state only holds a single AKM value. FILS depends on the AP
supporting EAP as well as FILS. The first time IWD connects, it will do a
full EAP auth. Subsequent connections (assuming FILS is supported) will use
FILS. But if the AP does not support FILS there is no reason to cache the
ERP keys.

This adds the supp_fils to the handshake_state. Now, station.c can set this
flag while building the handshake. This flag can later be checked when
caching the ERP keys.
2019-04-10 16:57:05 -05:00
James Prestwood
e963e64f9b eap: export session ID as key materials
ERP/FILS requires the session ID which is derived internally to an
EAP method.
2019-04-10 16:55:29 -05:00
James Prestwood
5df84a6933 erpcache: implementation for ERP key cache
This allows IWD to cache ERP keys after a full EAP run. Caching
allows IWD to quickly connect to the network later on using ERP or
FILS.

The cache will contain the EAP Identity, Session ID, EMSK, SSID and
optionally the ERP domain. For the time being, the cache entry
lifetimes are hard coded to 24 hours. Eventually the cache should
be written to disk to allow ERP/FILS to work after a reboot or
IWD restart.
2019-04-10 13:58:13 -05:00
Tim Kourt
b30b84373d client: Fix property completion mem leak 2019-04-09 00:05:07 -05:00
Tim Kourt
bb4f4c8159 client: Remove DBus disconnect message 2019-04-09 00:04:47 -05:00
Tim Kourt
6e8ad37ff3 client: Use proper output func 2019-04-09 00:04:47 -05:00
Tim Kourt
3d0f1dae12 client: Remove 'quit' message 2019-04-09 00:04:47 -05:00
Denis Kenzior
9f5d2e4475 .gitignore: Update for renamed unit test 2019-04-09 00:03:08 -05:00
James Prestwood
27f7a523b4 unit: add tests for util_get_{domain,username}
test-ssid-to-utf8 was hijacked and renamed to test-util, and
two tests were added for the new utility functions.
2019-04-08 16:30:41 -05:00
James Prestwood
1e337259ce mschaputil: use util_get_username 2019-04-08 16:28:56 -05:00
Denis Kenzior
86ce4a8b09 util: Add qualifying comments 2019-04-08 16:28:37 -05:00
James Prestwood
abcc9f1647 util: add APIs to get username/domain from identity
mschaputil already had similar functionality, but ERP will need this
as well. These two functions will also handle identities with either
'@' or '\' to separate the user and domain.
2019-04-08 16:26:25 -05:00
Denis Kenzior
44ebf10bb9 eap: Make sure identity is not NULL 2019-04-08 16:25:31 -05:00
Denis Kenzior
716e3f0cda eap: Add eap_free_common
Many operations performed during an error in load_settings were the same
as the ones performed when freeing the eap object.  Add eap_free_common
to unify these.
2019-04-08 16:24:18 -05:00
James Prestwood
875c6f27e7 eap: enforce max identity lengths
EAP identites are recommended to follow RFC 4282 (The Network Access
Identifier). This RFC recommends a maximum NAI length of 253 octets.
It also mentions that RADIUS is only able to support NAIs of 253
octets.

Because of this, IWD should not allow EAP identities larger than 253
bytes. This change adds a check in eap_load_settings to verify the
identity does not exceed this limit.
2019-04-08 16:18:47 -05:00
Tim Kourt
4ea6523b19 doc: Change interface naming after migration 2019-04-08 14:46:48 -05:00
Tim Kourt
3f41b8a1cc doc: Document 'Autoconnect' property for known networks 2019-04-08 14:46:48 -05:00
James Prestwood
e9618d97a8 crypto: add kdf_sha384
FILS requires the SHA384 KDF variant.
2019-04-05 17:58:03 -05:00
James Prestwood
a4af9dc9f5 monitor: support printing FILS IEs/Attributes
Added handling for several FILS IEs and NL attributes specific to
FILS. Also changed "SAE Data" to "Auth Data" since its now used for
both SAE and FILS.
2019-04-05 17:57:31 -05:00
James Prestwood
a71adcc243 netdev: skip associate event when not in OWE/FT
The associate event is only important for OWE and FT. If neither of
these conditions (or FT initial association) are happening we do
not need to continue further processing the associate event.
2019-04-05 17:35:31 -05:00
James Prestwood
c416db0708 common: fix missing PSK_SHA256 AKM
This AKM was lost while moving all the AKM checks into a the macros
2019-04-05 17:32:01 -05:00
Denis Kenzior
9c6589a6ad unit: Update to the new validate_mgmt_ies behavior 2019-04-05 16:31:30 -05:00
Denis Kenzior
8f9ed66bdd mpdu: Rework validate_mgmt_ies
802.11 mandates that IEs inside management frames are presented in a
given order.  However, in the real world, many APs seem to ignore the
rules and send their IEs in seemingly arbitrary order, especially when
it comes to VENDOR tags.  Change this function to no longer be strict in
enforcing the order.

Also, drop checking of rules specific to Probe Responses.  These will
have to be handled separately (most likely by the AP module) since
802.11-2016, Section 11.1.4.3.5 essentially allows just about anything.
2019-04-05 16:31:26 -05:00
Denis Kenzior
83af5b0170 mpdu: Drop unused argument 2019-04-05 16:29:59 -05:00
James Prestwood
050db0b054 netdev: fix association failure path
In netdev_associate_event the ignore_connect_event was getting set true,
but afterwards there were still potential failure paths. Now, once in
assoc_failed we explicitly set ignore_connect_event to false so the
the failure can be handled properly inside netdev_connect_event
2019-04-05 13:41:29 -05:00
James Prestwood
5359b54c37 eap-private: add initiate/finish EAP types 2019-04-05 12:13:30 -05:00
James Prestwood
8f3627646a mpdu: add auth algorithms for FILS 2019-04-05 12:07:37 -05:00
James Prestwood
e15cb7133a handshake: handle FILS AKMs in handshake_get_key_sizes 2019-04-05 12:07:34 -05:00
James Prestwood
9b83f3d2db common: put all PSK AKM's into macro
The list of PSK/8021x AKM's in security_determine was getting long,
and difficult to keep under 80 characters. This moves them all into
two new macros, AKM_IS_PSK/AKM_IS_8021X.
2019-04-05 12:06:00 -05:00
Jonas Große Sundrup
ea56b9b41f doc: Mention units for options in [Blacklist] 2019-04-04 17:02:19 -05:00
James Prestwood
05dcbfd982 unit: update AKM values to 32 bits in test-ie 2019-04-04 16:11:32 -05:00
James Prestwood
a2e711faf4 ie: crypto: add FILS AKMs
ie_rsn_info had to be updated to allow for 32 bit AKM values rather than
16 bit.
2019-04-04 16:11:07 -05:00
James Prestwood
cb9a0ed922 ie: add FILS IEs 2019-04-04 16:09:13 -05:00
James Prestwood
bde01b1826 eap-pwd: update hkdf_extract usage to cast constants
On some architectures, va_arg was behaving strangely with constant values
passed as lengths. Casting any constant lengths to size_t fixes the issue.
2019-04-04 14:01:19 -05:00
Denis Kenzior
b8dd39ded0 sae: Fix argument type passed via va_args
The function expects a size_t argument, but on some ARM systems this was
getting confused and failing.
2019-04-04 13:37:01 -05:00
James Prestwood
5338904824 unit: add check for SHA256/HMAC in SAE test 2019-04-04 11:43:01 -05:00
James Prestwood
c985da04ca sae: fix potential infinite loop
It was assumed that the hunt-and-peck loop was guarenteed to find
a PWE. This was incorrect in terms of kernel support. If a system
does not have support for AF_ALG or runs out of file descriptors
the KDFs may fail. The loop continued to run if found == false,
which is also incorrect because we want to stop after 20 iterations
regarless of success.

This changes the loop to a for loop so it will always exit after
the set number of iterations.
2019-04-04 11:20:12 -05:00
Marcel Holtmann
23041a44dd build: Add missing HAVE_CONFIG_H guards and include config.h 2019-04-04 14:02:38 +02:00
Marcel Holtmann
c45de8bf13 Release 0.16 2019-04-04 07:19:37 +02:00
Marcel Holtmann
ac2cbd325f build: Add src/pkcs8.conf to the distribution 2019-04-04 07:12:24 +02:00
Marcel Holtmann
3975482ac3 Release 0.15 2019-04-03 19:52:46 +02:00
Marcel Holtmann
842fd2f62e build: Bump external ELL version to 0.18 2019-04-03 19:18:23 +02:00
Marcel Holtmann
ea074ffe67 build: Create ELL_UNIT_TEST_DATA define for certificate directory 2019-04-03 19:16:29 +02:00
Denis Kenzior
6ecc3a20b8 scan: Fix warning
CC       src/scan.o
src/scan.c: In function ‘scan_bss_compute_rank’:
src/scan.c:1048:4: warning: this decimal constant is unsigned only in ISO C90
    factor = factor * data_rate / 2340000000 +
2019-04-03 11:54:41 -05:00
Denis Kenzior
5c9e6b255f util: Remove container_of 2019-04-03 11:49:36 -05:00
Denis Kenzior
f8af73f2c7 unit: Use l_container_of 2019-04-03 11:49:36 -05:00