3
0
mirror of https://git.kernel.org/pub/scm/network/wireless/iwd.git synced 2024-10-31 00:59:23 +01:00
Commit Graph

5883 Commits

Author SHA1 Message Date
Denis Kenzior
8732a9f38a main: Add checks for asymmetric key support
Tell the user that Kernel 4.20 with asymmetric key support enabled is
required to support TLS based (EAP/PEAP/TTLS) WPA-Enterprise methods.
2018-11-09 11:50:29 -06:00
Tim Kourt
19f45d9752 client: Implement GetHiddenStations API 2018-11-09 11:34:43 -06:00
Tim Kourt
8c1992feb2 station: Introduce GetHiddenStations API call 2018-11-09 11:34:43 -06:00
Tim Kourt
f803b0439b station: Introduce an ordered list of hidden stations
A sorted list of hidden network BSSs observed in the recent scan
is kept for the informational purposes of the clients. In addition,
it has deprecated the usage of seen_hidden_networks variable.
2018-11-09 11:34:43 -06:00
Tim Kourt
67f245a497 client: Fix argv for display refresh 2018-11-09 11:34:43 -06:00
Tim Kourt
97cdffc4cd client: Add property 'hidden' to known network 2018-11-09 11:34:43 -06:00
Tim Kourt
a435f8fd4d client: Fix header display for known network list 2018-11-09 11:34:43 -06:00
Marcel Holtmann
16824cad05 unit: Use L_ARRAY_SIZE instead own version of it 2018-11-09 14:49:33 +01:00
Andrew Zaborowski
0b5dceab27 network: Don't require PSK if Passphrase present
Refactor the network->psk and network->passphrase loading and saving
logic to not require the PreSharedKey entry in the psk config file and
to generate network->psk lazily on request.  Still cache the computed
PSK in memory and in the .psk file to avoid recomputing it which uses
many syscalls.  While there update the ask_psk variable to
ask_passphrase because we're specifically asking for the passphrase.
2018-11-05 12:43:16 -06:00
Patrik Flykt
0b1e6cc3e5 scan: Log BSSID in messages
If there is an error with the BSSID information, log the BSSID
station address to catch the offending Access Point.
2018-11-05 12:29:41 -06:00
James Prestwood
635c530e5e doc: updated features to include SAE 2018-11-05 12:08:31 -06:00
James Prestwood
e12b24d218 doc: updated features to include AP/AdHoc modes 2018-11-05 12:08:11 -06:00
Patrik Flykt
7ec8fd6776 ie: Fix up broken Access Point with too many rates added
According to the specification, Supported rates IE is supposed
to have a maximum length of eight rate bytes. In the wild an
Access Point is found to add 12 bytes of data instead of placing
excess rate bytes in an Extended Rates IE.

BSS: len 480
    BSSID 44:39:C4:XX:XX:XX
    Probe Response: true
    TSF: 0 (0x0000000000000000)
    IEs: len 188
...
        Supported rates:
            1.0(B) 2.0(B) 5.5(B) 6.0(B) 9.0 11.0(B) 12.0(B) 18.0 Mbit/s
            24.0(B) 36.0 48.0 54.0 Mbit/s
            82 84 8b 8c 12 96 98 24 b0 48 60 6c              .......$.H`l
        DSSS parameter set: channel 3
            03
...

Any following IEs decode nicely, thus it seems that we can relax
Supported Rates IE length handling to support this thermostat.
2018-11-05 12:07:22 -06:00
Patrik Flykt
c68ae2f00b main: Log optimized implementations only when they exist
Log optimized implementations strings only when the hashmap contains
items in order to avoid an unnecessary line of text with no members
printed out.
2018-11-05 11:52:48 -06:00
Tim Kourt
2cc4fdbf45 t-runner: Add verbosity option for TLS debug 2018-11-02 15:54:32 -05:00
Denis Kenzior
c4153941af netdev: Use l_genl_family_unicast_handler 2018-11-02 15:53:07 -05:00
Denis Kenzior
a4512f3cd6 hwsim: Use l_genl_family_set_unicast_handler 2018-11-02 15:52:56 -05:00
James Prestwood
1d62f4ec0e eapol: remove unused public eapol functions from header
After moving AP EAPoL code into eapol.c there were a few functions that
no longer needed to be public API's. These were changed to static's and
the header definition was removed.
2018-11-02 14:05:44 -05:00
James Prestwood
a8aa07aeb4 TODO: remove AP/AdHoc GTK support task
Both AP and AdHoc support group traffic now
2018-11-02 14:04:51 -05:00
Marcel Holtmann
554e4f55db build: Fix includes for using with -std=c99 compiler option 2018-11-01 22:37:11 +01:00
Marcel Holtmann
d0fd928af2 wired: Fix includes for using with -std=c99 compiler option 2018-11-01 22:23:53 +01:00
Marcel Holtmann
63bafa7adf client: Fix includes for using with -std=c99 compiler option 2018-11-01 22:19:45 +01:00
Marcel Holtmann
5d9278913f monitor: Fix includes for using with -std=c99 compiler option 2018-11-01 22:19:11 +01:00
Marcel Holtmann
72a64fa7fb build: Adjust to the latest ELL signal API changes 2018-11-01 22:09:19 +01:00
Marcel Holtmann
a9c2d71874 monitor: Use l_get_be16 and l_put_be16 instead of open coding it 2018-11-01 21:28:55 +01:00
Andrew Zaborowski
e4222d0ebe eap-tls: Set upper limit on request size
Set an upper limit on a fragmented EAP-TLS request size similar to how
we do it in EAP-TTLS.  While there make the code more similar to the
EAP-TTLS flag processing to keep them closer in sync.  Note that the
spec suggests a 64KB limit but it's not clear if that is for the TLS
record or EAP request although it takes into account the whole TLS
negotiation so it might be good for both.
2018-11-01 15:04:56 -05:00
Andrew Zaborowski
0b71b034c1 eap-tls/ttls/peap: Conditionally enable TLS debugging
Print the TLS debug messages if IWD_TLS_DEBUG is set.
2018-11-01 15:04:56 -05:00
Andrew Zaborowski
558341a689 client: Fix two format strings 2018-11-01 15:04:56 -05:00
Marcel Holtmann
fe034229eb client: Use l_main_run_with_signal instead of open coding it 2018-11-01 20:48:03 +01:00
Marcel Holtmann
2b36727f3a test-runner: Use l_main_run_with_signal instead of open coding it 2018-11-01 20:46:18 +01:00
Marcel Holtmann
0689877858 monitor: Use l_main_run_with_signal instead of open coding it 2018-11-01 20:02:53 +01:00
Marcel Holtmann
36f5056810 hwsim: Use l_main_run_with_signal instead of open coding it 2018-11-01 19:58:34 +01:00
Marcel Holtmann
a011909556 main: Use l_main_run_with_signal instead of open coding it 2018-11-01 19:56:16 +01:00
Marcel Holtmann
38e831afa0 main: Make genl and nl80211 global variables static 2018-11-01 19:55:54 +01:00
Marcel Holtmann
013bae6d3d eapol: Make eapol_frame_watch_{add,remove} functions static 2018-11-01 10:27:22 +01:00
Marcel Holtmann
9335602ba0 network: Removed unneeded include for src/watchlist.h 2018-11-01 10:19:26 +01:00
Marcel Holtmann
e1c391a76b wsc: Removed unneeded include for src/watchlist.h 2018-11-01 10:17:54 +01:00
Denis Kenzior
ec365e52eb monitor: Fix valgrind warning
==24195== Syscall param socketcall.sendto(msg) points to uninitialised byte(s)
==24195==    at 0x4F3DBEF: sendto (in /lib64/libc-2.26.so)
==24195==    by 0x13A453: can_write_data (netlink.c:119)
==24195==    by 0x13866B: io_callback (io.c:149)
==24195==    by 0x137365: l_main_iterate (main.c:389)
==24195==    by 0x1374A3: l_main_run (main.c:436)
==24195==    by 0x113524: main (main.c:832)
==24195==  Address 0x5205f99 is 57 bytes inside a block of size 88 alloc'd
==24195==    at 0x4C2D0AF: malloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==24195==    by 0x133931: l_malloc (util.c:62)
==24195==    by 0x13AEF3: l_netlink_send (netlink.c:411)
==24195==    by 0x112351: rtm_interface_send_message (main.c:276)
==24195==    by 0x1126F3: iwmon_interface_lookup (main.c:405)
==24195==    by 0x11351F: main (main.c:830)
==24195==  Uninitialised value was created by a heap allocation
==24195==    at 0x4C2D0AF: malloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==24195==    by 0x133931: l_malloc (util.c:62)
==24195==    by 0x11217B: rtm_interface_send_message (main.c:234)
==24195==    by 0x1126F3: iwmon_interface_lookup (main.c:405)
==24195==    by 0x11351F: main (main.c:830)
2018-10-30 17:52:24 -05:00
Denis Kenzior
7699c8ab1e eap-ttls: Handle redundant L flags
Some of the TTLS server implementations set the L flag in the fragment
packets other than the first one. To stay interoperable with such devices,
iwd is relaxing the L bit check.
2018-10-30 15:47:57 -05:00
Denis Kenzior
76c8fd9a2f monitor: Fix invalid use of l_free
==23290== Invalid read of size 4
==23290==    at 0x12D334: timeout_destroy (timeout.c:61)
==23290==    by 0x12CDD1: l_main_exit (main.c:466)
==23290==    by 0x111F3B: main (main.c:835)
==23290==  Address 0x5211d80 is 0 bytes inside a block of size 32 free'd
==23290==    at 0x4C2E1BB: free (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==23290==    by 0x111F36: main (main.c:833)
==23290==  Block was alloc'd at
==23290==    at 0x4C2CF8F: malloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==23290==    by 0x12A74D: l_malloc (util.c:62)
==23290==    by 0x12D40F: timeout_create_with_nanoseconds (timeout.c:135)
==23290==    by 0x112A31: signal_handler (main.c:661)
==23290==    by 0x12D03A: signal_callback (signal.c:82)
==23290==    by 0x12CC6D: l_main_iterate (main.c:387)
==23290==    by 0x12CD3B: l_main_run (main.c:434)
==23290==    by 0x1121F2: main (main.c:821)
==23290==
==23290== Invalid read of size 8
==23290==    at 0x12D33B: timeout_destroy (timeout.c:64)
==23290==    by 0x12CDD1: l_main_exit (main.c:466)
==23290==    by 0x111F3B: main (main.c:835)
==23290==  Address 0x5211d90 is 16 bytes inside a block of size 32 free'd
==23290==    at 0x4C2E1BB: free (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==23290==    by 0x111F36: main (main.c:833)
==23290==  Block was alloc'd at
==23290==    at 0x4C2CF8F: malloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==23290==    by 0x12A74D: l_malloc (util.c:62)
==23290==    by 0x12D40F: timeout_create_with_nanoseconds (timeout.c:135)
==23290==    by 0x112A31: signal_handler (main.c:661)
==23290==    by 0x12D03A: signal_callback (signal.c:82)
==23290==    by 0x12CC6D: l_main_iterate (main.c:387)
==23290==    by 0x12CD3B: l_main_run (main.c:434)
==23290==    by 0x1121F2: main (main.c:821)
==23290==
==23290== Invalid write of size 4
==23290==    at 0x12D33F: timeout_destroy (timeout.c:62)
==23290==    by 0x12CDD1: l_main_exit (main.c:466)
==23290==    by 0x111F3B: main (main.c:835)
==23290==  Address 0x5211d80 is 0 bytes inside a block of size 32 free'd
==23290==    at 0x4C2E1BB: free (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==23290==    by 0x111F36: main (main.c:833)
==23290==  Block was alloc'd at
==23290==    at 0x4C2CF8F: malloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==23290==    by 0x12A74D: l_malloc (util.c:62)
==23290==    by 0x12D40F: timeout_create_with_nanoseconds (timeout.c:135)
==23290==    by 0x112A31: signal_handler (main.c:661)
==23290==    by 0x12D03A: signal_callback (signal.c:82)
==23290==    by 0x12CC6D: l_main_iterate (main.c:387)
==23290==    by 0x12CD3B: l_main_run (main.c:434)
==23290==    by 0x1121F2: main (main.c:821)
2018-10-30 15:47:57 -05:00
Marcel Holtmann
30c79d2633 build: Generate ell/ell.h from list of public headers 2018-10-30 20:54:16 +01:00
Denis Kenzior
5cc60d18cc eap-md5: Add warning about deprecated settings key 2018-10-29 18:49:19 -05:00
Tim Kourt
da9b1f785e auto-t: switch MD5 to new property key 2018-10-29 18:46:07 -05:00
Tim Kourt
f369c9006e unit: use new setting key name for EAP-MD5 2018-10-29 18:46:07 -05:00
Tim Kourt
99c685940a eap-md5: Standardize setting keys
Switch EAP-MD5 to use the common password setting key nomenclature.
The key name has been changed from PREFIX-MD5-Secret to PREFIX-Password.
Note: The old key name is supported.
In addition, this patch adds an ability to request Identity and/or
Password from user.
2018-10-29 18:46:07 -05:00
James Prestwood
ec4cb6beeb auto-t: test connectivity in testWPA
testWPA was not verifying connectivity between the two interfaces. Funny
enough, doing this resulted in the same problems that adhoc had where
we were setting the connection as complete before the gtk/igtk were set.
This is fixed now so we can now use testutil in this test.
2018-10-26 15:29:55 -05:00
James Prestwood
da262e7187 auto-t: fix testFT-8021x-roam autoconnect
As with many other test, we need to disable autoconnect for better
reliablility.
2018-10-26 15:29:52 -05:00
James Prestwood
b9029aaf65 adhoc: wait for both handshakes before adding peer
Adhoc was not waiting for BOTH handshakes to complete before adding the
new peer to the ConnectedPeers property. Actually waiting for the gtk/igtk
(in a previous commit) helps with this, but adhoc also needed to keep track
of which handshakes had completed, and only add the peer once BOTH were done.
This required a small change in netdev, where we memcmp the addresses from
both handshakes and only set the PTK on one.
2018-10-26 15:29:48 -05:00
James Prestwood
e678d6655f netdev: signal handshake complete after setting all keys
Currently, netdev triggers the HANDSHAKE_COMPLETE event after completing
the SET_STATION (after setting the pairwise key). Depending on the timing
this may happen before the GTK/IGTK are set which will result in group
traffic not working initially (the GTK/IGTK would still get set, but group
traffic would not work immediately after DBus said you were connected, this
mainly poses a problem with autotests).

In order to fix this, several flags were added in netdev_handshake_state:
ptk_installed, gtk_installed, igtk_installed, and completed. Each of these
flags are set true when their respective keys are set, and in each key
callback we try to trigger the handshake complete event (assuming all the
flags are true). Initially the gtk/igtk flags are set to true, for reasons
explained below.

In the WPA2 case, all the key setter functions are called sequentially from
eapol. With this change, the PTK is now set AFTER the gtk/igtk. This is
because the gtk/igtk are optional and only set if group traffic is allowed.
If the gtk/igtk are not used, we set the PTK and can immediately trigger the
handshake complete event (since gtk_installed/igtk_installed are initialized
as true). When the gtk/igtk are being set, we immediately set their flags to
false and wait for their callbacks in addition to the PTK callback. Doing it
this way handles both group traffic and non group traffic paths.

WPA1 throws a wrench into this since the group keys are obtained in a
separate handshake. For this case a new flag was added to the handshake_state,
'wait_for_gtk'. This allows netdev to set the PTK after the initial 4-way,
but still wait for the gtk/igtk setters to get called before triggering the
handshake complete event. As a precaution, netdev sets a timeout that will
trigger if the gtk/igtk setters are never called. In this case we can still
complete the connection, but print a warning that group traffic will not be
allowed.
2018-10-26 15:26:49 -05:00
Marcel Holtmann
9b2bb2723f crypto: Use full include path local includes 2018-10-26 21:35:27 +02:00