3
0
mirror of https://git.kernel.org/pub/scm/network/wireless/iwd.git synced 2024-11-27 03:19:24 +01:00
Commit Graph

1099 Commits

Author SHA1 Message Date
Denis Kenzior
f5decb274d netdev: Ignore CMD_SET_STATION errors
Certain WiFi drivers do not support using CMD_SET_STATION (e.g.
mwifiex).  It is not completely clear how such drivers handle the
AUTHORIZED state, but they don't seem to take it into account.  So for
such drivers, ignore the -ENOTSUPP error return from CMD_SET_STATION.
2017-05-30 17:04:26 -05:00
Andrew Zaborowski
55ecda31f3 netdev: On connect success don't wait for netdev_operstate_cb
Send the link_mode and operstate RTNL command in parallel with the
connect Ok event, don't wait for the RTNL callback as it's non-critical.
2017-05-30 17:04:19 -05:00
Andrew Zaborowski
4d20db05d7 netdev: Rework link_mode and operstate setting
These flags are documented in RFC2863 and kernel's
Documentation/networking/operstates.txt.  Operstate doesn't have any
siginificant effect on normal connectivity or on our autotests because
it is not used by the kernel except in some rare cases but it is
supposed to affect some userspace daemons that watch for RTM_NEWLINK
events, so I believe we *should* set them according to this
documentation.  Changes:

* There's no point setting link_mode or operstate of the netdev when
  we're bringing the admin state DOWN as that overrides operstate.

* Instead of numerical values for link_mode use the if.h defines.

* Set IF_OPER_UP when association succeeds also in the Fast Transition
  case.  The driver will have set carrier off and then on so the
  operstate should be IF_OPER_DORMANT at this point and needs to be
  reset to UP.
2017-05-30 17:04:13 -05:00
Denis Kenzior
c68200b5a1 device: Add extra sanity check to UnregisterAgent
We have to make sure that the path the application passes to
UnregisterAgent is the same as the one passed to RegisterAgent
2017-05-30 11:40:09 -05:00
Denis Kenzior
f38287f457 device: Don't check count upper limit twice
We already check it once in the for loop above
2017-05-30 11:40:09 -05:00
Andrew Zaborowski
570b483264 device: Add a SignalLevelAgent D-bus API
Allow registering and unregistering agent object to receive RSSI level
notifications.  The methods are similar to the ones related to the
password agent, including a Release method for the agent.
2017-05-30 11:32:51 -05:00
Denis Kenzior
3741c5aa6e netdev: Fix off-by-one error
rssi_levels_num should be able to hold a value of
L_ARRAY_SIZE(rssi_levels) (which is 16).  However, the maximum value is
15.
2017-05-30 11:32:51 -05:00
Andrew Zaborowski
faa8dce6da netdev: Implement RSSI level notifications API
Add an methods and an event using the new
NL80211_EXT_FEATURE_CQM_RSSI_LIST kernel feature to request RSSI
monitoring with notifications only when RSSI moves from one of the N
intervals requested to another.

device.c will call netdev_set_rssi_report_levels to request
NETDEV_EVENT_RSSI_LEVEL_NOTIFY events every time the RSSI level changes,
level meaning one of the intervals delimited by the threshold values
passed as argument.  Inside the event handler it can call
netdev_get_rssi_level to read the new level.

There's no fallback to periodic polling implemented in this patch for
the case of older kernels and/or the driver not supporting
NL80211_EXT_FEATURE_CQM_RSSI_LIST.
2017-05-30 11:28:33 -05:00
Andrew Zaborowski
fd4ab5d3df wiphy: Add wiphy_get_ext_feature
Save the extended features reported by the wiphy in the NEW_WIPHY event
or GET_WIPHY dump and allow netdev to query it with
wiphy_get_ext_feature()
2017-05-19 10:01:53 -05:00
Denis Kenzior
b59977262b handshake: Fix valgrind warning
==27901== Conditional jump or move depends on uninitialised value(s)
==27901==    at 0x41157A: handshake_util_find_pmkid_kde
(handshake.c:537)
==27901==    by 0x40E03A: eapol_handle_ptk_1_of_4 (eapol.c:852)
==27901==    by 0x40F3CD: eapol_key_handle (eapol.c:1417)
==27901==    by 0x40F955: eapol_rx_packet (eapol.c:1607)
==27901==    by 0x410321: __eapol_rx_packet (eapol.c:1915)
2017-05-15 15:23:03 -05:00
Denis Kenzior
b36dd5203e network: Sort out reference counting
Agent implementation inside agent.c takes a reference of the trigger
message associated with the request.  When the callback is called, the
message is passed as an argument.  The callback is responsible for
taking the message reference if necessary.  Once the callback returns,
agent releases its reference.

For error paths, our code was using dbus_pending_reply which in turn
uses dbus_message_unref.  This caused the agent to try an unref
operation on an already freed object.
2017-05-11 19:50:05 -05:00
Andrew Zaborowski
fb4ba71952 main: Don't init nl80211 if we're terminating
Don't enter nl80211_appeared if we're already terminating and inside the
1 second timeout.  This fixes a potential crash in device_free() caused
by a netdev_init() and a netdev_exit() happening without netdev_shutdown
in between.  netdev_shutdown has already run if terminating is true.

src/main.c:main() Opening nl80211 interface
src/eap.c:__eap_method_enable()
src/eap-wsc.c:eap_wsc_init()
src/eap-md5.c:eap_md5_init()
src/eap-tls.c:eap_tls_init()
src/eap-ttls.c:eap_ttls_init()
src/eap-mschapv2.c:eap_mschapv2_init()
Terminate
src/main.c:nl80211_appeared() Found nl80211 interface
src/netdev.c:netdev_init() Opening route netlink socket
src/wiphy.c:protocol_features_callback() Found split wiphy dump support
src/wiphy.c:regulatory_info_callback() Regulatory alpha2 is 00
src/wiphy.c:wiphy_dump_callback()
src/wiphy.c:parse_supported_bands()
src/wiphy.c:parse_supported_frequencies()
src/wiphy.c:parse_supported_frequencies()
src/wiphy.c:wiphy_dump_callback()
src/wiphy.c:wiphy_dump_callback()
src/wiphy.c:wiphy_dump_callback()
src/wiphy.c:wiphy_dump_callback()
src/wiphy.c:wiphy_dump_callback()
src/wiphy.c:wiphy_dump_callback()
src/wiphy.c:wiphy_is_managed() whitelist filtered phy: rad1
src/wiphy.c:wiphy_dump_callback()
src/wiphy.c:wiphy_is_managed() whitelist filtered phy: rad1
src/wiphy.c:wiphy_dump_callback()
src/wiphy.c:wiphy_is_managed() whitelist filtered phy: rad1
src/wiphy.c:wiphy_dump_callback()
src/wiphy.c:wiphy_is_managed() whitelist filtered phy: rad1
src/wiphy.c:wiphy_dump_callback()
src/wiphy.c:wiphy_is_managed() whitelist filtered phy: rad1
src/wiphy.c:wiphy_dump_callback()
src/wiphy.c:wiphy_is_managed() whitelist filtered phy: rad1
src/wiphy.c:wiphy_dump_callback()
src/wiphy.c:wiphy_is_managed() whitelist filtered phy: rad0
src/wiphy.c:wiphy_dump_callback()
src/wiphy.c:wiphy_is_managed() whitelist filtered phy: rad0
src/wiphy.c:wiphy_dump_callback()
src/wiphy.c:wiphy_is_managed() whitelist filtered phy: rad0
src/wiphy.c:wiphy_dump_callback()
src/wiphy.c:wiphy_is_managed() whitelist filtered phy: rad0
src/wiphy.c:wiphy_dump_callback()
src/wiphy.c:wiphy_is_managed() whitelist filtered phy: rad0
src/wiphy.c:wiphy_dump_callback()
src/wiphy.c:wiphy_is_managed() whitelist filtered phy: rad0
Wiphy: 2, Name: rad2
Bands: 2.4 GHz 5 GHz
Ciphers: CCMP TKIP BIP
src/netdev.c:netdev_create_from_genl() Created interface wln2[6]
src/netdev.c:netdev_initial_up_cb() Interface 6 initialized
src/device.c:device_enter_state() Old State: off, new state:
autoconnect
src/scan.c:scan_periodic_start() Starting periodic scan for
ifindex: 6
src/scan.c:scan_notify() Scan notification 33
src/netdev.c:netdev_operstate_dormant_cb() netdev: 6, success: 1
src/scan.c:scan_periodic_done()
src/scan.c:scan_periodic_done() Periodic scan triggered for
ifindex: 6
src/eap.c:__eap_method_disable()
src/eap-wsc.c:eap_wsc_exit()
src/eap-md5.c:eap_md5_exit()
src/eap-tls.c:eap_tls_exit()
src/eap-ttls.c:eap_ttls_exit()
src/eap-mschapv2.c:eap_mschapv2_exit()
src/main.c:nl80211_vanished() Lost nl80211 interface
src/wsc.c:wsc_exit()
src/scan.c:scan_exit()
src/scan.c:scan_context_free() sc: 0x5434ab0
src/netdev.c:netdev_exit() Closing route netlink socket
src/wiphy.c:wiphy_free() Freeing wiphy rad2[2]
device_list isn't empty!
src/device.c:device_free()
(crash here)
2017-05-04 10:50:33 -05:00
Andrew Zaborowski
33f8b1f53d dbus: Use the shutdown procedure instead of l_main_quit
Move the calling of the *_shutdown functions from the signal handler to
a new public function, and use that function inside the DBus disconnect
handler to make sure resources are cleanly released.
2017-05-04 10:50:29 -05:00
Andrew Zaborowski
faba9d509a eapol: After EAP skip the RSNE PMKID check in step 1/4
Skip the matching of the PMKID KDE to the PMKID list in the RSNE if
we've seen a new EAP authentication before the step 1/4 was received.
That would mean that the server had not accepted the PMKIDs we submitted
and we performed a new 8021X authentication, producing a new PMKSA which
won't be on the list in the RSNE.
2017-05-04 10:50:29 -05:00
Andrew Zaborowski
a620a02d35 device: In roam, preauthenticate to target BSS if supported
If FT is not possible and we're using 8021x try to preauthenticate to
target BSS before reassociation to it.
2017-05-01 11:24:04 -05:00
Andrew Zaborowski
08e863cb7e netdev: Add netdev_preauthenticate
Add preauthentication logic.  The callback receives the new PMK only.
2017-05-01 11:19:06 -05:00
Andrew Zaborowski
b910784e83 eapol: Add preauth_sm class, drop eapol_sm.preauth
Remove the preauthentication support code from the normal eapol_sm
methods and add a separate simplified class that only handles EAP
packets.
2017-05-01 11:13:32 -05:00
Andrew Zaborowski
48966f57e8 eapol: Only send EAPOL-Start on step 1/4 if really needed
Currently we'd send EAPOL-Start whenever EAP was configured and we
received an EAPOL-Key before EAP negotiation.  Instead only do that if
we know we can't respond to the 4-Way handshake because we don't have
a PMK yet or the PMKID doesn't match.  Require a PMKID in step 1/4 if
we'd sent a list of PMKIDs in our RSNE.
2017-04-21 14:16:25 -05:00
Tim Kourt
19e7ce2f30 eap: Fix whitespace 2017-04-18 17:44:25 -05:00
Andrew Zaborowski
c0ae9e3577 eapol: Receive frames with the Preauthentication ethertype
Modify the packet filter to also accept frames with ethertype of 0x88c7
and pass the ethertype value to __eapol_rx_packet so it can filter out
the frames where this value doesn't match the sm->preauth flag.
2017-04-18 11:42:45 -05:00
Andrew Zaborowski
0a4bd616c2 eapol: Use the Preauthentication ethertype in eapol_write
Select the right ether type for the eapol frame in eapol_write and pass
it to pae_write.
2017-04-18 11:41:24 -05:00
Andrew Zaborowski
4e9ed2d686 eapol: Add eapol_start_preauthentication
Add a wrapper for eapol_start that sets the sm->preauth flag and sends
the EAPOL-Start frame immediately to skip the timeout since we know
that the supplicant has to initiate the authentication.
2017-04-18 11:09:26 -05:00
Andrew Zaborowski
f340ea510c handshake: Add handshake_util_find_pmkid_kde
Add a function that finds the PMKID kde in an RSNE's Key Data field
similar to handshake_util_find_gtk_kde.
2017-04-17 14:28:09 -05:00
Andrew Zaborowski
b175e7ae06 handshake: Add handshake_state_get_pmkid
Returns the PMKID for the current PMK (configured through
handshake_state_set_pmk for PSK, created through EAP or from
pre-authentication)
2017-04-17 14:26:56 -05:00
Andrew Zaborowski
0f6685bf45 crypto: Add crypto_derive_pmkid
Calculates the PMKID for given PMK
2017-04-17 14:24:02 -05:00
Andrew Zaborowski
10a160a6e1 device: Non-FT roaming support
Use netdev_reassociate if FT is not available.  device_select_akm_suite
is only moved up in the file and the reused code from device_connect is
moved to a separate function.
2017-04-03 09:46:15 -05:00
Andrew Zaborowski
c8b251a475 netdev: Add netdev_reassociate
netdev_reassociate transitions to another BSS without FT.  Similar to
netdev_connect but uses reassociation instead of association and
requires and an existing connection.
2017-04-03 09:41:01 -05:00
Andrew Zaborowski
52ee3b0843 scan: Add error code argument to scan results callback
Pass an additional parameter to the scan results notify functions to
tell them whether the scan was successful.  If it wasn't don't bother
passing an empty bss_list queue, pass NULL as bss_list.  This way the
callbacks can tell whether the scan indicates there are no BSSes in
range or simply was aborted and the old scan results should be kept.
2017-03-26 20:26:53 -05:00
Denis Kenzior
4e421cfc8f netdev: Add sanity checks
In the case we get a connect or authenticate event, make sure we're
actually trying to connect.  Otherwise, it could be another supplicant
is running
2017-03-24 11:50:08 -05:00
Denis Kenzior
e7cb4b680e netdev: Silence warning
This can easily happen if the phy was blacklisted
2017-03-16 16:50:59 -05:00
Denis Kenzior
cacd0d83f4 wiphy: Add phy filtering 2017-03-16 16:50:25 -05:00
Denis Kenzior
c9a98d9681 device: Fix crash with autoconnect
++++++++ backtrace ++++++++
0  0x7fc0b20ca370 in /lib64/libc.so.6
1  0x4497d5 in l_dbus_message_new_error_valist() at /home/denkenz/iwd/ell/dbus-message.c:372
2  0x44994d in l_dbus_message_new_error() at /home/denkenz/iwd/ell/dbus-message.c:394
3  0x41369b in dbus_error_not_supported() at /home/denkenz/iwd/src/dbus.c:148
4  0x40eaf5 in device_connect_network() at /home/denkenz/iwd/src/device.c:1282
5  0x41f61c in network_autoconnect() at /home/denkenz/iwd/src/network.c:424
6  0x40c1c1 in device_autoconnect_next() at /home/denkenz/iwd/src/device.c:172
7  0x40cabf in device_set_scan_results() at /home/denkenz/iwd/src/device.c:368
8  0x40cb06 in new_scan_results() at /home/denkenz/iwd/src/device.c:376
9  0x41be8a in scan_finished() at /home/denkenz/iwd/src/scan.c:1021
10 0x41bf9e in get_scan_done() at /home/denkenz/iwd/src/scan.c:1048
11 0x43d5ce in destroy_request() at /home/denkenz/iwd/ell/genl.c:136
12 0x43ded1 in process_unicast() at /home/denkenz/iwd/ell/genl.c:395
13 0x43e295 in received_data() at /home/denkenz/iwd/ell/genl.c:502
14 0x43aa62 in io_callback() at /home/denkenz/iwd/ell/io.c:120
15 0x439632 in l_main_run() at /home/denkenz/iwd/ell/main.c:375 (discriminator 2)
16 0x403074 in main() at /home/denkenz/iwd/src/main.c:261
17 0x7fc0b20b7620 in /lib64/libc.so.6
2017-03-16 15:32:45 -05:00
Denis Kenzior
2e820abea1 backtrace: Try to find absolute executable path
This allows us to get backtraces from test_runner which does not start
iwd from a current working directory that is a parent of the iwd
executable.
2017-03-16 15:17:41 -05:00
Andrew Zaborowski
c35225d239 scan: Handle CMD_SCAN_ABORTED during periodic scan, refactor
Also handle the case of a periodic scan when handling a
NL80211_CMD_SCAN_ABORTED.  The goal is to make sure the supplied callback
is always called if .trigger was called before, but this should also fix
some other corner cases.

 * I add a sp.triggered field for periodic scans since sc->state doesn't
   tell us whether the scan in progress was triggered by ourselved o
   someone else (in that case .trigger has not been called)

 * Since the NL80211_CMD_SCAN_ABORTED becomes similar to get_scan_done I
   move the common code to scan_finished

 * I believe this fixes a situation where we weren't updating sc->state
   if we'd not triggered the scan, because both get_scan_done and the
   NL80211_CMD_SCAN_ABORTED would return directly.
2017-03-14 10:42:56 -05:00
Andrew Zaborowski
5869b74c2e scan: Don't immediately retry periodic scan on error
On a periodic scan trigger error we already set rearm to true, rearm the
timer instead of retrying immediately.
2017-03-14 10:29:02 -05:00
Andrew Zaborowski
1392a80d34 eapol: Further relax gtk 1/2 msg key length check
Accept any of 0, 16, 32 with WPA or WPA2, update comment.
2017-03-14 10:28:06 -05:00
Andrew Zaborowski
ba5d5430e1 scan: Update current request on NL80211_CMD_SCAN_ABORTED
If the current request is not freed when we receive the
NL80211_CMD_SCAN_ABORTED event, device.c will keep thinking that
we're still scanning and the scan.c logic also gets confused and may
resend the current request at some point and call sr->trigger again
causing a segfault in device.c.

I pass an empty bss_list to the callback, another possibility would be
to pass NULL to let the callback know not to replace old results yet.
The callbacks would need to handle a NULL first.
2017-03-13 11:53:38 -05:00
Andrew Zaborowski
b0167f2469 eapol: Define and use IEEE80211_MAX_DATA_LEN
The same constant will be used in multiple places so define it in a
header file.
2017-03-10 10:01:33 -06:00
Andrew Zaborowski
4d9d309e6a dbus: Add hwsim interface to DBus policy file 2017-03-09 11:45:41 -06:00
Denis Kenzior
5dc347ecb1 wiphy: Coalesce ATTR_WIPHY parsing logic
We parse ATTR_WIPHY and ATTR_WIPHY_NAME in several places.  Implement a
helper function to make this easier and cut down on code size.
2017-03-08 17:32:38 -06:00
Andrew Zaborowski
d67425c936 netdev: React to interface address change
Handle the changes of interface address in RTNL New Link messages
similarly to the name changes, emit a NETDEV_WATCH_EVENT_ADDRESS_CHANGE
event and a propety change on dbus.

Note this can only happen when the interface is down so it doesn't
break anything but we need to handle it anyway.
2017-03-08 09:43:40 -06:00
Denis Kenzior
97191d56f1 wiphy: Make sure path is valid
DBus has certain rules on what constitutes a valid path.  Since the
wiphy name is freeform, it is possible to set it such that the contents
do not contain a valid path.

We fall back to simply using the wiphy index as the path.
2017-03-07 12:01:40 -06:00
Denis Kenzior
c3b33a2cfd wiphy: Make sure Name attribute is valid utf8
DBus strings must be valid utf8.  The kernel only enforces that the
wiphy name is null terminated string.  It does not validate or otherwise
check the contents in any way.  Thus it is possible to have
non-printable or non-utf8 characters inside.
2017-03-07 12:00:03 -06:00
Denis Kenzior
4703dd5200 wiphy: Remove pointless check
wiphy->name is always true since the name member is an array
2017-03-07 11:23:54 -06:00
Denis Kenzior
74e1b85e54 wiphy: React to wiphy name changes
NL80211_CMD_SET_WIPHY can be used to set various attributes on the wiphy
object in the kernel.  This includes ATTR_WIPHY_NAME among others.  iwd
currently does not parse or store any of the other attributes, so we
react to changes in WIPHY_NAME only.
2017-03-07 11:22:25 -06:00
Denis Kenzior
d86b7404fd wiphy: Remove unneeded check
The wiphy attribute should never be repeated by the kernel, so this
check is ultimately not needed.  This condition can also be easily
checked by looking at the iwmon output in case things do go terribly
wrong.
2017-03-07 09:57:40 -06:00
Andrew Zaborowski
76246d0145 eapol: Don't send EAPOL-Start without EAP
Fix 1a64c4b771 by setting use_eapol_start
by default only when 8021x authentication is configured.  Otherwise we'd
be sending EAPOL-Start even for WPA2 Personal possibly after the 4-Way
Handshake success.
2017-02-27 12:04:31 -06:00
Denis Kenzior
0789c1cc4c wsc: Add support for new netdev events 2017-02-22 17:06:17 -06:00
Denis Kenzior
c60f28e685 wsc: Implement StartPin method
This implements very initial support of WPS PIN based connections.  The
scanning logic attempts to find an AP in PIN mode and tries to connect
to that AP.  We currently do not try multiple APs if available or
implement the WSC 1.0 connection logic.
2017-02-22 17:03:44 -06:00
Denis Kenzior
6c5ae87f1a netdev: Relax 4-way handshake condition
Right now the code checks for is_rsn to wait for the 4-way handshake and
sends the NETDEV_EVENT_4WAY_HANDSHAKE.  However, is_rsn condition is not
true for WSC connections since they do not set an RSN field.  Still,
they are EAP based handshakes and should be treated in the same manner.

We relax the is_rsn check to instead check for netdev->sm.  Currently
netdev->sm is only non-NULL if handshake->own_ie field is not NULL or in
the case of eap-wsc connections.
2017-02-22 16:58:12 -06:00
Denis Kenzior
bc5b84c2f1 eap-wsc: Obtain DevicePasswordId from settings 2017-02-22 11:46:40 -06:00
Denis Kenzior
7ad261fef7 util: Move mem_is_zero to util 2017-02-21 16:45:41 -06:00
Denis Kenzior
1a73854c09 wsc: Refactor slightly in preparation for PIN mode 2017-02-21 16:20:16 -06:00
Denis Kenzior
854bb11c79 dbus: Add InvalidFormat error 2017-02-21 15:46:26 -06:00
Tim Kourt
d3030acbec wiphy: Use real adapter name in path str 2017-02-21 13:34:24 -06:00
Tim Kourt
18886349df wiphy: expose the name property through DBus 2017-02-21 13:33:50 -06:00
Andrew Zaborowski
04f4e8e0a3 device: Ratelimit roam attempts and retry periodically
Define minimum delay between roam attempts and add automatic retries.
This handles a few situations:
 * roam attempt failing, then RSSI going above the threshold and below
   again -- in that case we don't want to reattempt too soon, we'll only
   reattempt after 60s.
 * roam attempt failing then RSSI staying low for longer than 60 -- in
   that case we want to reattempt after 60s too.
 * signal being low from the moment we connected -- in that case we also
   want to attempt a roam every some time.
2017-02-21 10:59:19 -06:00
Denis Kenzior
7d437241bd wsc: Implement GeneratePin() method 2017-02-17 13:43:58 -06:00
Denis Kenzior
230a4f4bab wscutil: Add wsc_pin_generate 2017-02-17 12:27:13 -06:00
Andrew Zaborowski
986b5eae60 device: Fix type passed to l_dbus_message_builder_append_basic
l_dbus_message_builder_append_basic is expecting an int16 for DBus type
'n'.
2017-02-15 14:40:50 -06:00
Denis Kenzior
94c49a4563 wscutil: Add wsc_pin_is_checksum_valid 2017-02-13 20:27:24 -06:00
Denis Kenzior
89d6b85f1d wscutil: Add wsc_is_pin_valid 2017-02-13 19:40:20 -06:00
Andrew Zaborowski
1307a815a6 device: Build MDE in a static buffer
Fix a leak of the MDE buffer.  It is now only needed for the single call
to handshake_state_set_mde which copies the bytes anyway so use a buffer
on stack.
2017-02-09 22:57:38 -06:00
Andrew Zaborowski
7006d18550 [PATCH netdev: Don't generate disconnect event in netdev_free
As discussed previously there's no point in having device.c change state
to autoconnect when device_remove will be called next.
2017-02-09 22:56:37 -06:00
Denis Kenzior
2ab67a1ee3 scan: Rearm the timer only if no pending requests 2017-02-09 10:18:50 -06:00
Andrew Zaborowski
1e70af0179 eapol: Relax GTK 1/2 msg Key Length validation
Since caab23f192085e6c8e47c41fc1ae9f795d1cbe86 hostapd is going to set
this bit to zero for RSN networks but both values will obviously be in
use.  Only check the value if is_wpa is true - in this case check the
value is exactly 16, see hostapd commit:

commit caab23f192085e6c8e47c41fc1ae9f795d1cbe86
Author: Jouni Malinen <j@w1.fi>
Date:   Sun Feb 5 13:52:43 2017 +0200

Set EAPOL-Key Key Length field to 0 for group message 1/2 in RSN

P802.11i/D3.0 described the Key Length as having value 16 for the group
key handshake. However, this was changed to 0 in the published IEEE Std
802.11i-2004 amendment (and still remains 0 in the current standard IEEE
Std 802.11-2016). We need to maintain the non-zero value for WPA (v1)
cases, but the RSN case can be changed to 0 to be closer to the current
standard.
2017-02-08 15:45:12 -06:00
Andrew Zaborowski
2756f24f0e scan: More cleanup in scan_cancel
Add sr NULL check before accessing sr->id.  Call scan_request_free on
request structure and call the destroy callback.  Cancel the netlink
TRIGGER_SCAN command if still running and try starting the next scan
in the queue.  It'll probably still fail with EBUSY but it'll be
reattempted later.
2017-02-08 15:43:52 -06:00
Andrew Zaborowski
cc6d0cf2db scan: Refactor start_next_scan_request use
Always call start_next_scan_request when a scan request has finished,
with a success or a failure, including a periodic scan attempt.  Inside
that function check if there's any work to be done, either for one-off
scan requests or periodic scan, instead of having this check only inside
get_scan_done.  Call start_next_scan_request in scan_periodic_start and
scan_periodic_timeout.
2017-02-08 15:37:31 -06:00
Andrew Zaborowski
9f19a48433 scan: Call trigger callback on netlink error
Also call the trigger callback with an error code when sending the
netlink command fails after the scan request has been queued because
another scan was in progress when the scan was requested.
2017-02-03 18:26:20 -06:00
Denis Kenzior
adfba7b2d2 scan: Fix crash
Program received signal SIGSEGV, Segmentation fault.
0x0000000000419d38 in scan_done (msg=0x692580, userdata=0x688250)
    at src/scan.c:250
250		sc->state = sr->passive ? SCAN_STATE_PASSIVE : SCAN_STATE_ACTIVE;
(gdb) bt
0  0x0000000000419d38 in scan_done (msg=0x692580, userdata=0x688250)
    at src/scan.c:250
1  0x000000000043cac0 in process_unicast (genl=0x686d60, nlmsg=0x7fffffffc3b0)
    at ell/genl.c:390
2  0x000000000043ceb0 in received_data (io=0x686e60, user_data=0x686d60)
    at ell/genl.c:506
3  0x000000000043967d in io_callback (fd=6, events=1, user_data=0x686e60)
    at ell/io.c:120
4  0x000000000043824d in l_main_run () at ell/main.c:381
5  0x000000000040303c in main (argc=1, argv=0x7fffffffe668) at src/main.c:259

The reasoning is that the logic inside scan_common is reversed.  Instead
of freeing the scan request on error, we always do it.  This causes the
trigger_scan callback to receive invalid userdata.
2017-02-03 18:05:00 -06:00
Denis Kenzior
58ec4ec1c1 wsc: Make sure the initial scan can be started
In push button mode, ensure the initial scan was actually queued
successfully.
2017-02-03 18:04:39 -06:00
Andrew Zaborowski
4e9dc77b2d scan: Cancel CMD_TRIGGER_SCAN when removing scan context
Save the ids of the netlink trigger scan commands that we send and
cancel them in scan_ifindex_remove to fix a race leading to a
segfault.  The segfault would happen every time if scan_ifindex_remove
was called in the same main loop iteration in which we sent the
command, on shutdown:

^CTerminate
src/netdev.c:netdev_free() Freeing netdev wlan3[6]
src/device.c:device_disassociated() 6
src/device.c:device_enter_state() Old State: connected, new state:
disconnected
src/device.c:device_enter_state() Old State: disconnected, new state:
autoconnect
src/scan.c:scan_periodic_start() Starting periodic scan for ifindex: 6
src/device.c:device_free()
src/device.c:bss_free() Freeing BSS 02:00:00:00:00:00
src/device.c:bss_free() Freeing BSS 02:00:00:00:01:00
Removing scan context for ifindex: 6
src/scan.c:scan_context_free() sc: 0x5555557ca290
src/scan.c:scan_notify() Scan notification 33
src/netdev.c:netdev_operstate_down_cb() netdev: 6, success: 1
src/scan.c:scan_periodic_done()
src/scan.c:scan_periodic_done() Periodic scan triggered for ifindex:
1434209520

Program received signal SIGSEGV, Segmentation fault.
0x0000000000000064 in ?? ()
(gdb) bt
 #0  0x0000000000000064 in ?? ()
 #1  0x0000555555583560 in process_unicast (nlmsg=0x7fffffffc1a0,
     genl=0x5555557c1d60) at ell/genl.c:390
 #2  received_data (io=<optimized out>, user_data=0x5555557c1d60)
     at ell/genl.c:506
 #3  0x0000555555580d45 in io_callback (fd=<optimized out>,
     events=1, user_data=0x5555557c1e60) at ell/io.c:120
 #4  0x000055555558005f in l_main_run () at ell/main.c:381
 #5  0x00005555555599c1 in main (argc=<optimized out>, argv=<optimized out>)
     at src/main.c:259
2017-02-02 12:28:28 -06:00
Andrew Zaborowski
701e5dabb9 netdev: Handle the GTK & IGTK received in a FT
Parse the GTK and IGTK FT subelements and set the keys through netlink.
2017-02-01 10:02:24 -06:00
Andrew Zaborowski
9ceca7a521 ie: Parse GTK and IGTK subelements in FTE
Parse the contents of the GTK and IGTK subelements in an FT IE instead
of working with buffers containing the whole subelement.  Some more
validation of the subelement contents.  Drop support for GTK / IGTK when
building the FTE (unused).
2017-02-01 10:02:14 -06:00
Andrew Zaborowski
e4c5b4b517 eapol: Don't start timeout if handshake already done
Don't start the handshake timeout in eapol_start if either
handshake->ptk_complete is set (handshake already done) or
handshake->have_snonce is set (steps 1&2 done).  This accounts for
eapol_start being called after a Fast Transition when a 4-Way handshake
is not expected.
2017-01-31 15:47:23 -06:00
Andrew Zaborowski
95e6623011 scan: Add flag to flush case when starting a scan
Add a flush flag to scan_parameters to tell the kernel to flush the
cache of scan results before the new scan.  Use this flag in the
active scan during roaming.
2017-01-31 12:39:16 -06:00
Andrew Zaborowski
3a4887fef4 netdev: Check GTK / IGTK buffer length before memcpying from it
Move key length checks in netdev_set_gtk/netdev_set_igtk to before we
memcpy from the buffer.
2017-01-31 12:06:05 -06:00
Denis Kenzior
c033fcbf5e handshake: Use align_len macro 2017-01-31 12:04:26 -06:00
Denis Kenzior
415c209276 handshake: Quote relevant section from 802.11
To make reading the code easier
2017-01-31 12:03:51 -06:00
Andrew Zaborowski
1f52bfb047 handshake: Add utility for decoding GTK & IGTK from FTE
handshake_decode_fte_key unwraps and validates the padding in the FTE
GTK and IGTK subelements.
2017-01-31 12:00:38 -06:00
Andrew Zaborowski
8d8b1c1baf handshake: Split the install_igtk igtk parameter in 2 buffers
Split the igtk parameter to handshake_state_install_igtk into one
parameter for the actual IGTK buffer and one for the IPN buffer instead
of requiring the caller to have them both in one continuous buffer.
With FT protocol, one is received encrypted and the other in plain text.
2017-01-31 11:59:02 -06:00
Denis Kenzior
0932157e4f util: Add align_len macro 2017-01-31 11:50:06 -06:00
Denis Kenzior
4978c31fd7 util: Remove unused msg_append_attr functions 2017-01-31 11:48:50 -06:00
Andrew Zaborowski
367f1ec798 eapol: Free sm->timeout when it expires 2017-01-31 11:45:54 -06:00
Andrew Zaborowski
e1dc53e895 netdev: More neighbor_report_req error handling
Make sure that the Neighbor Report timeout is cancelled when connection
breaks or device is being destroyed, and call the callback.  Add an
errno parameter to the callback to indicate the cause.
2017-01-23 12:59:42 -06:00
Andrew Zaborowski
2f34c87820 device: Transition to selected BSS if FT supported
With this patch an actual fast transition should happen when the signal
strength goes low but there are still various details to be fixed before
this becomes useful:

 * the kernel tends to return cached scan results and won't update the
   rssi values,
 * there's no timer to prevent too frequent transition attempts or to
   retry after some time if the signal is still low,
 * no candidate other than the top ranked BSS is tried.  With FT it
   may be impossible to try another BSS anyway although there isn't
   anything in the spec to imply this.  It would require keeping the
   handshake_state around after netdev gives up on the transition
   attempt.
2017-01-23 12:57:54 -06:00
Andrew Zaborowski
d10122c72a device: Scan target BSS candidates and process results
Trigger a scan of the selected channels or all channels if no useful
neighbor list was obtained, then process the scan results to select the
final target BSS.

The actual transition to the new BSS is not included in this patch for
readability.
2017-01-23 12:57:05 -06:00
Andrew Zaborowski
99e58db152 wiphy: Add utility to check if bss ciphers compatible
Move the BSS's supported ciphers checks from network_bss_select to a new
function in wiphy.c so we can reuse it in device.c.
2017-01-20 15:42:31 -06:00
Andrew Zaborowski
95847189ab device: Start a roaming attempt on low RSSI detection
Trigger a roam attempt when the RSSI level has been low for at least 5
seconds using the netdev RSSI LOW/HIGH events.  See if neighbor reports
are supported and if so, request and process the neighbor reports list
to restrict the number of channels to be scanned.  The scanning part is
not included in this patch for readability.
2017-01-18 17:27:35 -06:00
Andrew Zaborowski
8bacbf01e4 netdev: Handle the FT Reassociation Response message
Validate the fourth message of the fast transition sequence and save the
new keys and state as current values in the netdev object.  The
FT-specific IE validation that was already present in the initial MD
is moved to a new function.
2017-01-13 11:51:24 -06:00
Andrew Zaborowski
0854b90687 netdev: Handle the FT Authentication Response message
Parse the second message of the FT transition, validate and build the
third message, the Reassociation Request.
2017-01-12 10:33:40 -06:00
Andrew Zaborowski
d52683a2cb netdev: Implement netdev_fast_transition
Build and send the FT Authentication Request frame, the initial Fast
Transition message.

In this version the assumption is that once we start a transition attempt
there's no going back so the old handshake_state, scan_bss, etc. can be
replaced by the new objects immediately and there's no point at which both
the old and the new connection states are needed.  Also the disconnect
event for the old connection is implicit.  At netdev level the state
during a transition is almost the same with a new connection setup.

The first disconnect event on the netlink socket after the FT Authenticate
is assumed to be the one generated by the kernel for the old connection.
The disconnect event doesn't contain the AP bssid (unlike the
deauthenticate event preceding it), otherwise we could check to see if
the bssid is the one we are interested in or could check connect_cmd_id
assuming a disconnect doesn't happen before the connect command finishes.
2017-01-12 10:29:26 -06:00
Denis Kenzior
edfbd81ea2 device: Support iwd.conf mfp settings
This adds support for iwd.conf 'ManagementFrameProtection' setting.

This setting has the following semantics, with '1' being the default:
0 - MFP off, even if hardware is capable
1 - Use MFP if available
2 - MFP required.  If the hardware is not capable, no connections will
be possible.  Use at your own risk.
2017-01-06 18:28:44 -06:00
Andrew Zaborowski
3f3e60e415 eapol: Check the MSK size supplied by EAP
Despite RFC3748 mandating MSKs to be at least 256 bits some EAP methods
return shorter MSKs.  Since we call handshake_failed when the MSK is too
short, EAP methods have to be careful with their calls to set_key_material
because it may result in a call to the method's .remove method.

EAP-TLS and EAP-TTLS can't handle that currently and would be difficult to
adapt because of the TLS internals but they always set msk_len to 64 so
handshake_failed will not be called.
2017-01-06 13:24:03 -06:00
Andrew Zaborowski
c5906d1c20 mschapv2: Call set_key_material last in handle_success
Make sure that eap_set_key_material can free the whole EAP method and
EAP state machine before returning, by calling that function last.  This
relies on eap_mschapv2_handle_success being the last call in about 5
stack frames above it too.
2017-01-06 13:22:05 -06:00
Andrew Zaborowski
15f4ddfaa6 device: Drop unused device->connected_mde 2017-01-03 16:38:08 -06:00
Andrew Zaborowski
7e81dcac6f device: Move common code to device_reset_connection_state 2017-01-03 16:33:36 -06:00
Andrew Zaborowski
f73b751124 netdev: Add netdev_get_handshake
Getter for current handshake_state object.
2017-01-03 16:30:56 -06:00
Andrew Zaborowski
c36d0fcfa4 netdev: Monitor CQM RSSI level, emit RSSI LOW/HIGH events 2017-01-03 13:52:26 -06:00
Andrew Zaborowski
fbb7a72643 netdev: Register for and parse Neighbor Report responses 2017-01-03 13:11:52 -06:00