Denis Kenzior
046c7b8994
eap-wsc: clear out intermediate key data
2016-08-30 14:41:58 -05:00
Denis Kenzior
39d6acb07d
eap-wsc: Don't store AuthKey | KeyWrapKey | EMSK
...
AuthKey is already uploaded into auth_key_hmac. KeyWrapKey is now
uploaded into the AES-CBC(128) cipher. We currently have no use for
EMSK.
So we no longer need to keep the wsc_session_key structure around.
2016-08-30 14:34:03 -05:00
Denis Kenzior
24dfe6e436
wscutil: Add wsc_build_m5_encrypted_settings
2016-08-30 14:10:20 -05:00
Denis Kenzior
7bdb1a0225
wscutil: Add wsc_parse_m5_encrypted_settings
2016-08-30 14:07:53 -05:00
Denis Kenzior
ba8e0cd6b7
unit: Add test for wsc_build_m4_encrypted_settings
2016-08-30 13:58:32 -05:00
Denis Kenzior
f8af4886c4
unit: Add test for wsc_parse_m4_encrypted_settings
2016-08-30 13:58:06 -05:00
Denis Kenzior
d59086c791
wscutil: Add wsc_build_m4_encrypted_settings
2016-08-30 13:57:28 -05:00
Denis Kenzior
11e56031c0
wscutil: Add wsc_parse_m4_encrypted_settings
2016-08-30 13:38:08 -05:00
Denis Kenzior
757e4dbb90
wscutil: Prepare for parsing of Encrypted Settings
...
Encrypted Settings TLVs are structured similarly to the various WSC
messages. However, they lack a version2 extension field and use a Key
Wrap Authenticator element instead of Authenticator.
2016-08-30 13:33:17 -05:00
Denis Kenzior
642804f9d7
wscutil: Handle Key Wrap Authenticator
2016-08-30 13:30:06 -05:00
Denis Kenzior
7810a45a9c
eap-wsc: Rework state logic a bit
...
Mostly so repetitive code is not required
2016-08-30 10:10:11 -05:00
Denis Kenzior
a4bf3f3280
unit: Add M5 builder unit test
2016-08-30 09:46:33 -05:00
Denis Kenzior
5c88de6e65
unit: Add M5 parser unit test
2016-08-30 09:46:20 -05:00
Denis Kenzior
a8580c7ed0
wscutil: Add wsc_build_m5
2016-08-30 09:45:39 -05:00
Denis Kenzior
0081bf4f64
wscutil: Add wsc_parse_m5
2016-08-30 09:34:34 -05:00
Denis Kenzior
be1b2a3281
unit: Add end-to-end WSC handshake test
...
This only checks M1 & M3 message generation for now
2016-08-30 09:22:35 -05:00
Denis Kenzior
05c230c46a
eap-wsc: Send M3
2016-08-30 09:22:35 -05:00
Denis Kenzior
397a7d18c2
eap-wsc: Add TX message Authenticator calculation
2016-08-30 09:22:35 -05:00
Denis Kenzior
5951bc220b
eap-wsc: Handle M2 messages
2016-08-30 09:22:35 -05:00
Denis Kenzior
33b0034678
eap-wsc: Add util to verify RX frame Authenticator
2016-08-30 09:22:35 -05:00
Denis Kenzior
097e775659
eap-wsc: Add basic logic to send M1 messages
2016-08-30 09:22:33 -05:00
Denis Kenzior
c2cb35b4c9
eap-wsc: store sent pdu
...
This is needed for authenticator computation
2016-08-29 22:16:34 -05:00
Denis Kenzior
2cbbcb7434
eap-wsc: Load settings related to DevicePassword
...
DevicePassword is the PIN, either static, dynamically generated or
entered by the user. For PushButton mode, DevicePassword is set to
'00000000'. It can also be provided via external means, such as NFC.
This patch allows DevicePassword to be externally configured into the
EAP-WSC layer. Optionally, the secret nonce values can also be
provided for testing purposes. If omitted, they will be generated using
l_getrandom.
2016-08-29 12:12:13 -05:00
Denis Kenzior
ce596058cd
eap-wsc: Implement load_settings method
...
We use the load_settings method to bootstrap the internal state of the
EAP WSC state machine. We require certain information to be provided by
the higher layers, namely:
Global Device parameters
- Manufacturer
- Model Name
- Model Number
- Serial Number
- Device Name
- Primary Device Type
- OS Version
Session specific parameters
- MAC Address
- Configuration Methods
- RF Bands
The following parameters are auto-generated for each new session, but
can be over-ridden if desired
- Private Key
- Enrollee Nonce
2016-08-28 02:47:09 -05:00
Denis Kenzior
b650b16d6f
wscutil: Check authenticator more strictly
...
Make sure Authenticator is the last data in the WSC PDU, with no
extraneous data afterwards
2016-08-28 02:47:09 -05:00
Denis Kenzior
c6f086d741
TODO: Add EAPoL <-> EAP timeout relationship task
2016-08-28 00:41:07 -05:00
Denis Kenzior
e128408b3f
TODO: Add EAP timeout configuration task
2016-08-28 00:41:06 -05:00
Denis Kenzior
200070c060
TODO: Add EAP retransmission support task
2016-08-28 00:41:06 -05:00
Denis Kenzior
00dac648aa
wscutil: Add wsc_build_nack
2016-08-26 17:14:36 -05:00
Denis Kenzior
334ccfce0f
wscutil: Add wsc_parse_nack
2016-08-26 17:14:36 -05:00
Denis Kenzior
fdeed24591
eap-wsc: Properly set vendor-id & vendor-type
2016-08-24 21:37:42 -05:00
Denis Kenzior
887119c82f
wscutil: Expose WSC WFA OUI
2016-08-24 21:35:41 -05:00
Denis Kenzior
0a314004ce
eap: expanded methods start packets at opcode
...
Expanded EAP methods should get their packets for handling starting at
the op-code field. They're not really interested in
type/vendor-id/vendor-type fields.
2016-08-24 21:32:16 -05:00
Denis Kenzior
63b5c60743
util: Add util_string_to_address
2016-08-24 21:31:54 -05:00
Denis Kenzior
f05ed4683c
unit: Fix up EAP packet identifiers
...
Reset these to start at a sane value
2016-08-24 21:30:25 -05:00
Denis Kenzior
89207a4c81
unit: Add testing of Authenticator
...
Just to make sure our private/public/shared and KDF utilities work
properly.
2016-08-23 15:44:45 -05:00
Denis Kenzior
c2b1351396
wscutil: Add WSC KDF function
2016-08-23 13:52:52 -05:00
Denis Kenzior
0a6ffdf029
netdev: Fix double-free
...
We should only call eapol_cancel if netdev_connect_free was not
triggered as a result of handshake failure.
2016-08-23 13:15:00 -05:00
Denis Kenzior
5d2c5b3b71
crypto: Add some missing whitespace
2016-08-22 15:54:24 -05:00
Denis Kenzior
28a57b2eca
unit: Make valgrind happy
2016-08-19 16:16:16 -05:00
Denis Kenzior
76e1c73fd3
unit: Add M4 builder test
2016-08-19 15:25:05 -05:00
Denis Kenzior
9c457de8d5
wscutil: Add M4 builder
2016-08-19 15:24:29 -05:00
Denis Kenzior
5322daa79a
unit: Add M4 parser unit test
2016-08-19 15:15:53 -05:00
Denis Kenzior
d3ee7c71be
wscutil: Add M4 parser
2016-08-19 15:14:24 -05:00
Denis Kenzior
ca41b21e15
wscutil: Add extractor for R_HASH1 & R_HASH2
2016-08-19 15:03:44 -05:00
Denis Kenzior
4e4820e2a5
wscutil: Add encrypted settings extractor
2016-08-19 15:03:25 -05:00
Denis Kenzior
f116659ab3
wscutil: Macro-ize WFA extension building
2016-08-18 18:02:08 -05:00
Denis Kenzior
61047664c9
unit: Add M3 builder unit test
2016-08-18 17:59:15 -05:00
Denis Kenzior
6f0b31b3a4
wscutil: Add M3 builder
2016-08-18 17:58:34 -05:00
Denis Kenzior
951eb26ec0
unit: Add M3 parser unit test
2016-08-18 17:48:42 -05:00