3
0
mirror of https://git.kernel.org/pub/scm/network/wireless/iwd.git synced 2024-12-04 10:49:24 +01:00
Commit Graph

3068 Commits

Author SHA1 Message Date
James Prestwood
417367e272 eap-sim: Fix EAP-SIM version list length checks
The AT_VERSION_LIST attribute length was not being properly
checked. The actual length check did not include possible padding
bytes, so align_len() was added to ensure it was padded properly.
The comment about the padding being included in the Master Key
generation was not correct (padding is NOT included), and was removed.
2017-08-22 12:40:22 -05:00
Andrew Zaborowski
23af935e7b eapol: Add eapol_sm_set_require_handshake
Function to allow netdev.c to explicitly tell eapol.c whether to expect
EAP / 4-Way handshake.  This is to potentially make the code more
descriptive, until now we'd look at sm->handshake->ptk_complete to see
if a new PTK was needed.

A 4-Way handshake is required on  association to an AP except after FT.
2017-08-21 18:35:00 -05:00
James Prestwood
14dcda4d59 autotest: EAP-AKA autotest
Implemented milenage algorithm in hlrauc.py. Unlike EAP-SIM, the
authentication center must compute several values to give back
to the server (hostapd). This was already done by IWD as the peer
in EAP-AKA, but was also needed on the server side (HLR AuC).
2017-08-21 18:22:28 -05:00
James Prestwood
6aaa917dde aka: EAP-AKA protocol implementation 2017-08-21 18:20:10 -05:00
James Prestwood
7c61d0365e autotest: EAP-SIM autotest
Included an HLR AuC python implementation that is required by
hostapd. This is what hostapd uses to retrieve SIM card values
over a UNIX socket.
2017-08-21 18:04:52 -05:00
James Prestwood
b2fe7fe230 unit: EAP-SIM unit tests
Several unit tests for EAP-SIM functionality:
 - Get/Add attributes
 - MAC calculation
 - PRNG test
2017-08-21 18:03:13 -05:00
James Prestwood
283717b22f sim: EAP-SIM protocol implementation 2017-08-21 17:43:55 -05:00
Andrew Zaborowski
e6765c1e9b monitor: Actually print management frame subtype
The subtype was only printed if mpdu_validate had returned an error for
the frame, i.e. would not be printed for well formed frames.  This was
probably an intent to avoid printing the frame subtype after all the
conents of the body frame had been printed already, but iwmon only
supports printing of Authentication and Deauthentication frames so far.
2017-08-15 15:18:40 -05:00
Andrew Zaborowski
a9cbb95260 netdev: Add interface type setter and getter
Modify netdev_get_iftype, which was until now unused, and add
netdev_set_iftype.  Don't skip interfaces with types other than STATION
on startup, instead reset the type to STATION in device.c.

netdev_get_iftype is modified to use our own interface type enum to
avoid forcing users to include "nl80211.h".

Note that setting an interface UP and DOWN wouldn't generally reset the
iftype to STATION.  Another process may still change the type while iwd
is running and iwd would not detect this as it would detect another
interface setting interface DOWN, not sure how far we want to go in
monitoring all of the properties this way.
2017-08-15 15:01:33 -05:00
Andrew Zaborowski
b344d27c56 ie: Fix Supported Rates length check
Supported Rates IEs can be 1-8 bytes, not only 8 byte long, according to
802.11-2012 8.4.2.3.
2017-08-15 13:57:27 -05:00
Andrew Zaborowski
38b5f3fee4 autotests: Add test for roam triggered by beacon loss
The two tests in test.py are similar except for the way that the roaming
is triggered.
2017-08-15 12:43:14 -05:00
Andrew Zaborowski
0cd18a0214 device: Set current BSS rank to 0 if not in scan results
If we're adding the BSS to the list only because it is the current BSS,
set the rank to 0 (lowest possible value) in case the list gets used in
the next Connect call.
2017-08-15 12:41:46 -05:00
Andrew Zaborowski
6e03933e62 netdev: Allow reassociation if not currently connected
Allow attempts to connect to a new AP using the Reassociation frame even
if netdev->operational is false.  This is needed if we want to continue
an ongoing roam attempt after the original connection broke and will be
needed when we start using cached PMKSAs in the future.
2017-08-15 12:39:35 -05:00
Andrew Zaborowski
a4edbbd429 device: Trigger roaming on beacon loss
Use beacon loss event to trigger a roam attempt in addition to the RSSI
monitoring.  Due to the how well beacons are normally received compared
to data packets, a beacon loss indicates a serious problem with the
connection so act as soon as a first beacon loss event is seen.

Avoid roaming methods that involve the current AP: preauthentication,
neighbor report request and FT-over-the-DS (not supported)
2017-08-15 11:53:15 -05:00
Andrew Zaborowski
cb9c6e8ade netdev: Handle CMD_DISCONNECT without "by AP" flag
There are situations including after beacon loss and during FT where the
cfg80211 will detect we're now disconnected (in some cases will send a
Deauthenticate frame too) and generate this event, or the driver may do
this.  For example in ieee80211_report_disconnect in net/mac80211/mlme.c
will (through cfg80211) generate a CMD_DEAUTHENTICATE followed by a
CMD_DISCONNECT.
2017-08-14 16:32:35 -05:00
Andrew Zaborowski
5c4313bcc2 netdev: Don't assume disconnect on beacon loss
The kernel doesn't reset the netdev's state to disconnected when it
sends us a beacon loss event so we can't either unless we automatically
send a disconnect command to the kernel.

It seems the handling of beacon loss depends on the driver.  For example
in mac80211 only after N beacon loss events (default 7) a probe request is
sent to the AP and a deauthenticate packet is sent if no probe reply is
receiver within T (default 500ms).
2017-08-14 16:32:35 -05:00
Denis Kenzior
d67f8acd57 build: Add new files from ell 2017-08-14 16:32:35 -05:00
Marcel Holtmann
45e4626d80 test-runner: Add support for Qemu on ARM 32-bit and 64-bit 2017-08-08 00:00:59 -07:00
Marcel Holtmann
60bc0ecf22 monitor: Use temporary variable for RTA_PAYLOAD 2017-08-07 23:48:22 -07:00
Marcel Holtmann
df911c0cf6 agent: Simplify loop exit handling 2017-07-18 08:37:21 +02:00
Tim Kourt
653019c263 agent: Fix uninitialized member usage 2017-07-18 08:36:06 +02:00
Mat Martineau
21fae3d1d9 test-runner: Avoid intermediate string in number conversion
Derive a floating-point interval value from integers using math rather
than integer->string->float conversion. The string technique triggered a
-Wformat-overflow warning.
2017-07-11 16:34:52 -07:00
Tim Kourt
8071b51168 client: do display quit on exit 2017-06-09 14:08:21 -05:00
Tim Kourt
3bfbe72e33 client: Disable cmd refresh on console resize 2017-06-09 14:08:21 -05:00
Tim Kourt
2fb671e0d4 client: add flashing indicator for the updatable tables 2017-06-09 14:08:21 -05:00
Tim Kourt
31d60b5cf2 agent: Fix formatting 2017-06-09 14:05:30 -05:00
Tim Kourt
7bd22770ed agent: Enable multi-agent support
If an application initiates the Connect() operation and
that application has an agent registered, then that
application's agent will be called. Otherwise, the default
agent is called.
2017-06-09 14:05:30 -05:00
Denis Kenzior
ff319b8234 crypto: Fix valgrind warning
==40686== Syscall param sendmsg(msg.msg_iov[0]) points to uninitialised byte(s)
==40686==    at 0x5147037: sendmsg (in /usr/lib64/libc-2.24.so)
==40686==    by 0x43957C: operate_cipher (cipher.c:354)
==40686==    by 0x439C18: l_cipher_decrypt (cipher.c:415)
==40686==    by 0x40FAB8: arc4_skip (crypto.c:181)

Initialize the skip buffer to 0s.  This isn't strictly necessary, but
hides the above valgrind warning.

The aim of arc4 skip is simply to seed some data into the RC4 cipher so
it makes it harder for the attacker to decrypt.  This 'initialization'
doesn't really care what data is fed.
2017-06-06 13:33:08 -05:00
Denis Kenzior
7e2e965eb7 crypto: Optimize arc4_skip 2017-06-06 13:32:14 -05:00
Denis Kenzior
6c64ae3461 AUTHORS: Mention James' contributions 2017-06-02 14:22:39 -05:00
Denis Kenzior
8e2b3513e7 AUTHORS: Mention Matías' contributions 2017-06-02 14:22:07 -05:00
James Prestwood
1cd1183916 test-runner: move remove_absolute_path_dirs call
remove_absolute_path_dirs() was not getting called in some test
failure cases. This caused subsequent tests to fail due to stale
files existing.
2017-06-02 14:21:01 -05:00
Denis Kenzior
23d9b4c089 unit: Only run tests if checksum is available 2017-06-01 16:30:14 -05:00
Matías Zúñiga
d46489c4ee test-runner: Always define qemu_table
Otherwise build fails in architectures with no qemu name defined.
2017-06-01 11:19:10 -05:00
Denis Kenzior
21fffe2629 netdev: Use CMD_DISCONNECT for non-FT cases
CMD_DEAUTHENTICATE is not available for FullMAC based cards.  We already
use CMD_CONNECT in the non-FT cases, which works on all cards.  However,
for some reason we kept using CMD_DEAUTHENTICATE instead of CMD_DISCONNECT.

For FT (error) cases, keep using CMD_DEAUTHENTICATE.
2017-05-31 11:08:40 -05:00
Tim Kourt
a647072e02 doc: Add device state: roaming 2017-05-30 19:56:38 -05:00
Tim Kourt
5c9ed0ccf0 client: Allow switching between bars and dbms for rssi output 2017-05-30 17:19:54 -05:00
Tim Kourt
e6d4a34773 client: Add caption for misc. cmds 2017-05-30 17:14:08 -05:00
Andrew Zaborowski
0416749710 eap: Move eap->method NULL check before first dereference
Move the eap->method NULL check to fix possible crash.
2017-05-30 17:10:31 -05:00
Andrew Zaborowski
e3c6d2e169 netdev: Use NL80211_ATTR_SOCKET_OWNER flag
Use the new NL80211_ATTR_SOCKET_OWNER with CMD_CONNECT and
CMD_ASSOCIATE to make sure an iwd crash results in deauthentication.
2017-05-30 17:09:09 -05:00
Andrew Zaborowski
132d3ac11c autotests: Test operstate is IF_OPER_UP when state == connected
Test that iwd correctly sets the interface's operstate before and after
a roam, in the same autotests which run the connectivity check.
2017-05-30 17:08:36 -05:00
Andrew Zaborowski
71c15306fd autotests: Test communication when iwd reports connected
Test that the AP interface and the station interface managed by iwd
can actually send and receive ethernet traffic when iwd is in the
connected state.  Due to linux routing none of the high level utilities
like ping or arping can be easily used to test communication between
two interfaces of the same machine so use a method based on the
mac80211_hwsim/tools/hwsim_test.c utility in the wpa_supplicant tree
that uses a raw socket to inject unicast and broadcast frames.

Add this check in three tests of different security type connections
that simulate a single AP, and the two roaming tests with two APs.
Check that the station can't communicate with the other AP's interface.
2017-05-30 17:08:31 -05:00
Denis Kenzior
f5decb274d netdev: Ignore CMD_SET_STATION errors
Certain WiFi drivers do not support using CMD_SET_STATION (e.g.
mwifiex).  It is not completely clear how such drivers handle the
AUTHORIZED state, but they don't seem to take it into account.  So for
such drivers, ignore the -ENOTSUPP error return from CMD_SET_STATION.
2017-05-30 17:04:26 -05:00
Andrew Zaborowski
55ecda31f3 netdev: On connect success don't wait for netdev_operstate_cb
Send the link_mode and operstate RTNL command in parallel with the
connect Ok event, don't wait for the RTNL callback as it's non-critical.
2017-05-30 17:04:19 -05:00
Andrew Zaborowski
4d20db05d7 netdev: Rework link_mode and operstate setting
These flags are documented in RFC2863 and kernel's
Documentation/networking/operstates.txt.  Operstate doesn't have any
siginificant effect on normal connectivity or on our autotests because
it is not used by the kernel except in some rare cases but it is
supposed to affect some userspace daemons that watch for RTM_NEWLINK
events, so I believe we *should* set them according to this
documentation.  Changes:

* There's no point setting link_mode or operstate of the netdev when
  we're bringing the admin state DOWN as that overrides operstate.

* Instead of numerical values for link_mode use the if.h defines.

* Set IF_OPER_UP when association succeeds also in the Fast Transition
  case.  The driver will have set carrier off and then on so the
  operstate should be IF_OPER_DORMANT at this point and needs to be
  reset to UP.
2017-05-30 17:04:13 -05:00
Andrew Zaborowski
49930c6d77 autotests: Add a SignalLevelAgent test
This test takes about 40 seconds.
2017-05-30 11:42:15 -05:00
Andrew Zaborowski
ca1ef2d82f autotests: Add a utilities for the SignalLevelAgent API 2017-05-30 11:42:11 -05:00
Andrew Zaborowski
c2a39f5c22 doc: SignalLevelAgent related docs 2017-05-30 11:40:10 -05:00
Denis Kenzior
c68200b5a1 device: Add extra sanity check to UnregisterAgent
We have to make sure that the path the application passes to
UnregisterAgent is the same as the one passed to RegisterAgent
2017-05-30 11:40:09 -05:00
Denis Kenzior
f38287f457 device: Don't check count upper limit twice
We already check it once in the for loop above
2017-05-30 11:40:09 -05:00