3
0
mirror of https://git.kernel.org/pub/scm/network/wireless/iwd.git synced 2024-11-13 23:49:23 +01:00
Commit Graph

3735 Commits

Author SHA1 Message Date
Denis Kenzior
d51c3db4ce station: Simplify logic 2019-01-28 15:52:02 -06:00
James Prestwood
a2354f88a6 station/netdev: handle rekeying based on driver features
A new driver extended feature bit was added signifying if the driver
supports PTK replacement/rekeying. During a connect, netdev checks
for the driver feature and sets the handshakes 'no_rekey' flag
accordingly.

At some point the AP will decide to rekey which is handled inside
eapol. If no_rekey is unset we rekey as normal and the connection
remains open. If we have set no_rekey eapol will emit
HANDSHAKE_EVENT_REKEY_FAILED, which is now caught inside station. If
this happens our only choice is to fully disconnect and reconnect.
2019-01-28 15:49:57 -06:00
James Prestwood
8edaa23f8a eapol: emit HANDSHAKE_EVENT_REKEY_FAILED
If we receive handshake message 1/4 after we are already connected
the AP is attempting to rekey. This may not be allowed and if not
we do not process the rekey and emit HANDSHAKE_EVENT_REKEY_FAILED
so any listeners can handle accordingly.
2019-01-28 15:38:47 -06:00
James Prestwood
a76376cac4 handshake: add HANDSHAKE_EVENT_REKEY_FAILED
This event will be emitted from eapol if the AP is attempting to
rekey but the handshake object does not allow it (via no_rekey).
2019-01-28 15:37:21 -06:00
James Prestwood
2a7a756c9f handshake: add flag and setter to disallow rekeying 2019-01-28 15:36:51 -06:00
James Prestwood
e4f22f0a5d ap: fix crash when stopping AP
The AP structure was getting cleaned up twice. When the DBus stop method came
in we do AP_STOP on nl80211. In this callback the AP was getting freed in
ap_reset. Also when the DBus interface was cleaned up it triggered ap_reset.

Since ap->started gets set to false in ap_reset, we now check this and bail
out if the AP is already stopped.

Fixes:
++++++++ backtrace ++++++++
0  0x7f099c11ef20 in /lib/x86_64-linux-gnu/libc.so.6
1  0x43fed0 in l_queue_foreach() at ell/queue.c:441 (discriminator 3)
2  0x423a6c in ap_reset() at src/ap.c:140
3  0x423b69 in ap_free() at src/ap.c:162
4  0x44ee86 in interface_instance_free() at ell/dbus-service.c:513
5  0x451730 in _dbus_object_tree_remove_interface() at ell/dbus-service.c:1650
6  0x405c07 in netdev_newlink_notify() at src/netdev.c:4449 (discriminator 9)
7  0x440775 in l_hashmap_foreach() at ell/hashmap.c:534
8  0x4455d3 in process_broadcast() at ell/netlink.c:158
9  0x4439b3 in io_callback() at ell/io.c:126
10 0x442c4e in l_main_iterate() at ell/main.c:473
11 0x442d1c in l_main_run() at ell/main.c:516
12 0x442f2b in l_main_run_with_signal() at ell/main.c:644
13 0x403ab3 in main() at src/main.c:504
14 0x7f099c101b97 in /lib/x86_64-linux-gnu/libc.so.6
+++++++++++++++++++++++++++
2019-01-25 18:51:18 -06:00
James Prestwood
ed6f5ea55a blacklist: add blacklist.[ch] to build and main
This will allow for blacklisting a BSS if the connection fails. The
actual blacklist module is simple and must be driven by station. All
it does is add BSS addresses, a timestamp, and a timeout to a queue.
Entries can also be removed, or checked if they exist. The blacklist
timeout is configuratble in main.conf, as well as the blacklist
timeout multiplier and maximum timeout. The multiplier is used after
a blacklisted BSS timeout expires but we still fail to connect on the
next connection attempt. We multiply the current timeout by the
multiplier so the BSS remains in the blacklist for a larger growing
amount of time until it reaches the maximum (24 hours by default).
2019-01-24 17:29:15 -06:00
James Prestwood
f454a03b00 linux: update nl80211.h to 4.20 kernel release 2019-01-24 17:25:22 -06:00
James Prestwood
e9f53a08b4 test-runner: document creation of /var/lib/iwd 2019-01-24 17:24:42 -06:00
James Prestwood
fc557136c5 doc: document BSS blacklist config options 2019-01-24 17:22:50 -06:00
James Prestwood
475d1082d7 netdev: store mpdu status and add getter
Soon BSS blacklisting will be added, and in order to properly decide if
a BSS should be blacklisted we need the status code on a failed
connection. This change stores the status code when there is a failure
in netdev and adds a getter to retrieve later. In many cases we have
the actual status code from the AP, but in some corner cases its not
obtainable (e.g. an error sending an NL80211 command) in which case we
just default to MMPDU_REASON_CODE_UNSPECIFIED.

Rather than continue with the pattern of setting netdev->result and
now netdev->last_status_code, the netdev_connect_failed function was
redefined so its no longer used as both a NL80211 callback and called
directly. Instead a new function was added, netdev_disconnect_cb which
just calls netdev_connect_failed. netdev_disconnect_cb should not be
used for all the NL80211 disconnect commands. Now netdev_connect_failed
takes both a result and status code which it sets in the netdev object.
In the case where we were using netdev_connect_failed as a callback we
still need to set the result and last_status_code but at least this is
better than having to set those in all cases.
2019-01-24 16:54:39 -06:00
James Prestwood
425cb2aa49 build: added ell/time.[ch] to Makefile.am 2019-01-24 12:29:35 -06:00
Marcel Holtmann
39ee15dbc3 build: Provide modules-load.d for loading pkcs8_key_parser module 2019-01-23 18:22:11 +01:00
James Prestwood
313f1e0367 gitignore: remove test-ecdh 2019-01-22 17:23:37 -06:00
Andrew Zaborowski
62851b9e47 unit: Fix usage of sizeof(struct eapol_key) in test-eapol 2019-01-22 11:40:47 -06:00
Andrew Zaborowski
c9490ce657 crypto: Optimize hkdf_expand slightly
Remove an unneeded buffer and its memcpy, remove the now unneeded use of
l_checksum_digest_length and use l_checksum_reset instead of creating a
new l_checksum for each chunk.
2019-01-22 11:40:07 -06:00
James Prestwood
8956451b26 test-runner: decouple --verbose with --valgrind
When using --valgrind, you must also use --verbose iwd, and, depending
on the tests you may also need to include pytests in the verbose flag.
Since anyone using --valgrind definitely wants to see valgrind info
printed they should not need to enable verbose printing. Also, manually
parsing valgrind prints with IWD prints mixed throughout is a nightmare
even for a single test.

This patch uses valgrind's --log-file flag, which is directed to
/tmp/valgrind.log. After the tests runs we can print out this file.
2019-01-18 08:57:21 -06:00
James Prestwood
1927e40fd0 test-runner: fix garbage output on test start
I missed this on a previous commit fixing the same issue with printing
the test results. This fixes garbage output on lines in between test
runs.
2019-01-17 15:43:12 -06:00
James Prestwood
922506105e owe: allow group 20 + group negotiation
ELL ECC supports group 20 (P384) so OWE can also support it. This also
adds group negotiation, where OWE can choose a different group than the
default if the AP requests it.

A check needed to be added in netdev in order for the negotiation to work.
The RFC says that if a group is not supported association should be rejected
with code 77 (unsupported finite cyclic group) and association should be
started again. This rejection was causing a connect event to be emitted by
the kernel (in addition to an associate event) which would result in netdev
terminating the connection, which we didn't want. Since OWE receives the
rejected associate event it can intelligently decide whether it really wants
to terminate (out of supported groups) or try the next available group.

This also utilizes the new MIC/KEK/KCK length changes, since OWE dictates
the lengths of those keys.
2019-01-17 15:24:56 -06:00
James Prestwood
d79b2b28ec eapol: use HMAC-SHA384 for OWE in MIC calculation 2019-01-17 15:20:28 -06:00
James Prestwood
7bfaf182e6 crypto: allow hkdf_expand/extract to use different SHA's
Rather than hard coding to SHA256, we can pass in l_checksum_type
and use that SHA. This will allow for OWE/SAE/PWD to support more
curves that use different SHA algorithms for hashing.
2019-01-17 15:20:28 -06:00
James Prestwood
90c39afd61 handshake: add OWE to get_ptk_size
OWE defines KEK/KCK lengths depending on group. This change adds a
case into handshake_get_key_sizes. With OWE we can determine the
key lengths based on the PMK length in the handshake.
2019-01-17 15:20:28 -06:00
James Prestwood
532c9a5521 eapol: Add OWE cases for different key lengths
In preparation for OWE supporting multiple groups eapol needed some
additional cases to handle the OWE AKM since OWE dictates the KEK,
KCK and MIC key lengths (depending on group).
2019-01-17 15:20:28 -06:00
James Prestwood
f6013d8730 unit: update test-eapol to work with crypto/eapol changes 2019-01-17 15:20:28 -06:00
James Prestwood
79f7cb85c3 unit: update test-crypto to work with eapol/crypto changes 2019-01-17 15:20:28 -06:00
James Prestwood
2c82d6b223 crypto: pass PMK length to crypto_derive_pairwise_ptk
Right now the PMK is hard coded to 32 bytes, which works for the vast
majority of cases. The only outlier is OWE which can generate a PMK
of 32, 48 or 64 bytes depending on the ECC group used. The PMK length
is already stored in the handshake, so now we can just pass that to
crypto_derive_pairwise_ptk
2019-01-17 15:20:28 -06:00
James Prestwood
6771a06463 crypto/handshake/eapol: Allow other PTK lengths
The crypto_ptk was hard coded for 16 byte KCK/KEK. Depending on the
AKM these can be up to 32 bytes. This changes completely removes the
crypto_ptk struct and adds getters to the handshake object for the
kck and kek. Like before the PTK is derived into a continuous buffer,
and the kck/kek getters take care of returning the proper key offset
depending on AKM.

To allow for larger than 16 byte keys aes_unwrap needed to be
modified to take the kek length.
2019-01-17 15:20:28 -06:00
James Prestwood
3b801526f0 monitor: allow monitor to support other MIC lengths
Unfortunately there is no way to determine the MIC length just from the
eapol frame. 802.11 defined AKMs define the MIC length, but non 802.11
AKMs (e.g. OWE) can define their own MIC length. For this reason it seem
infeasable to track these special AKM's data flow to determine the MIC
length.

To work around this we can just try different MIC lengths (since there
are only 3 after all). This allows us to get key data length and see if
the total packet size equals the frame length + key data length. If the
sizes don't match we can try the next MIC length.
2019-01-17 15:20:28 -06:00
James Prestwood
374b367ba4 eapol: allow 16, 24 and 32 byte MIC lengths
The MIC length was hard coded to 16 bytes everywhere, and since several
AKMs require larger MIC's (24/32) this needed to change. The main issue
was that the MIC was hard coded to 16 bytes inside eapol_key. Instead
of doing this, the MIC, key_data_length, and key_data elements were all
bundled into key_data[0]. In order to retrieve the MIC, key_data_len,
or key_data several macros were introduced which account for the MIC
length provided.

A consequence of this is that all the verify functions inside eapol now
require the MIC length as a parameter because without it they cannot
determine the byte offset of key_data or key_data_length.

The MIC length for a given handshake is set inside the SM when starting
EAPoL. This length is determined by the AKM for the handshake.
2019-01-17 15:20:28 -06:00
Tim Kourt
80d4e9b572 station: Default to active scan if MAC randomization is present
This patch also simplifies the scan type selection logic.
2019-01-16 15:05:38 -06:00
James Prestwood
55a7e9d82a pwd/sae/owe: update to use l_ecc_curve_get_ike_group 2019-01-16 15:05:06 -06:00
Tim Kourt
04225757d6 auto-t: Disable MAC rand. for tests with trans. medium 2019-01-16 13:20:04 -06:00
Tim Kourt
f8fedb0ec8 auto-t: Disable MAC rand. for tests with hidden networks 2019-01-16 13:19:48 -06:00
Tim Kourt
b41729d608 doc: Add setting to disable MAC randomization 2019-01-16 13:18:57 -06:00
Tim Kourt
71b10ab271 scan: Enable the usage of MAC randomization flag 2019-01-16 13:02:25 -06:00
Tim Kourt
81d570572e wiphy: Add MAC randomization feature check API 2019-01-16 13:01:12 -06:00
James Prestwood
37cfec01a2 crypto: add hmac_sha384
To support OWE group 20, which uses HMAC-SHA384 for hashing the PMK
2019-01-15 15:07:26 -06:00
James Prestwood
8e7da821f9 handshake: store PMK length
Non-802.11 AKMs can define their own key lengths. Currently only OWE does
this, and the MIC/KEK/KCK lengths will be determined by the PMK length so
we need to save it.
2019-01-15 14:57:53 -06:00
Marcel Holtmann
f87159964c Release 0.14 2019-01-15 20:31:53 +01:00
Andrew Zaborowski
2600c446ab netdev: Skip a memcpy when no data to copy 2019-01-15 07:40:51 -06:00
Andrew Zaborowski
52b3268b78 netdev: Allow NULL prefix in netdev_frame_watch_add
Make sure we don't pass NULLs to memcmp or l_memdup when the prefix
buffer is NULL.  There's no point having callers pass dummy buffers if
they need to watch frames independent of the frame data.
2019-01-15 07:40:51 -06:00
Andrew Zaborowski
8aa306fddc eap-wsc: Use new l_key DH helper functions
Start using l_key_generate_dh_private and l_key_validate_dh_payload to
check for the disallowed corner case values in the DH private/public
values generated/received.
2019-01-14 15:20:50 -06:00
Tim Kourt
726bf9d8e4 eap: Make Identity optional
Some of the EAP methods don't require a clear-text identity to
be sent with the Identity Response packet. The mandatory identity
filed has resulted in unnecessary transmission of the garbage
values. This patch makes the Identity field to be optional and
shift responsibility to ensure its existence to the individual
methods if the field is required. All necessary identity checks
have been previously propagated to individual methods.
2019-01-11 17:36:33 -06:00
Denis Kenzior
782bd4a7ae network: Reset connected_time when forgetting
If a network is being forgotten, then make sure to reset connected_time.
Otherwise the rank logic thinks that the network is known which can
result in network_find_rank_index returning -1.

Found by sanitizer:
src/network.c:1329:23: runtime error: index -1 out of bounds for type
	'double [64]'
2019-01-11 17:28:10 -06:00
Denis Kenzior
e256cbaba9 eapol: Don't memcpy if no extra data
As reported by the sanitizer:

src/eapol.c:574:2: runtime error: null pointer passed as argument 2,
	which is declared to never be null
2019-01-11 17:10:47 -06:00
Denis Kenzior
30cf1aa376 mpdu: Fix buffer overflow reported by asan
==25412==ERROR: AddressSanitizer: global-buffer-overflow on address 0x000000421ab0 at pc 0x000000402faf bp 0x7fffffffdb00 sp 0x7fffffffdaf0
READ of size 4 at 0x000000421ab0 thread T0
    #0 0x402fae in validate_mgmt_ies src/mpdu.c:128
    #1 0x403ce8 in validate_probe_request_mmpdu src/mpdu.c:370
    #2 0x404ef2 in validate_mgmt_mpdu src/mpdu.c:662
    #3 0x405166 in mpdu_validate src/mpdu.c:706
    #4 0x402529 in ie_order_test unit/test-mpdu.c:156
    #5 0x418f49 in l_test_run ell/test.c:83
    #6 0x402715 in main unit/test-mpdu.c:171
    #7 0x7ffff5d43ed9 in __libc_start_main (/lib64/libc.so.6+0x20ed9)
    #8 0x4019a9 in _start (/home/denkenz/iwd-master/unit/test-mpdu+0x4019a9)
2019-01-11 11:43:21 -06:00
Denis Kenzior
6bf7e638b0 unit: Fix asan warning
==24642==ERROR: AddressSanitizer: stack-buffer-overflow on address 0x7ffe00450850 at pc 0x7f2043eef5e3 bp 0x7ffe00450660 sp 0x7ffe0044fdf0
WRITE of size 3 at 0x7ffe00450850 thread T0
    #0 0x7f2043eef5e2 in __interceptor_vsprintf /var/tmp/portage/sys-devel/gcc-8.2.0-r2/work/gcc-8.2.0/libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc:1522
    #1 0x7f2043eef956 in __interceptor_sprintf /var/tmp/portage/sys-devel/gcc-8.2.0-r2/work/gcc-8.2.0/libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc:1553
    #2 0x4026f1 in prf_test unit/test-prf-sha1.c:64
    #3 0x407478 in l_test_run ell/test.c:83
    #4 0x4029e3 in main unit/test-prf-sha1.c:130
    #5 0x7f2042dd9ed9 in __libc_start_main (/lib64/libc.so.6+0x20ed9)
    #6 0x401f79 in _start (/home/denkenz/iwd-master/unit/test-prf-sha1+0x401f79)
2019-01-11 11:34:49 -06:00
Denis Kenzior
3063c4968a build: Add support for various sanitizers
Shamelessly stolen from the ell build system.  Credit goes to:

Mat Martineau <mathew.j.martineau@linux.intel.com>
2019-01-11 11:32:54 -06:00
James Prestwood
c2189bc67e sae: fix one-off error in sae_is_quadradic_residue
This fixes the valgrind warning:

==14804== Conditional jump or move depends on uninitialised value(s)
==14804==    at 0x402E56: sae_is_quadradic_residue (sae.c:218)
==14804==    by 0x402E56: sae_compute_pwe (sae.c:272)
==14804==    by 0x402E56: sae_build_commit (sae.c:333)
==14804==    by 0x402E56: sae_send_commit (sae.c:591)
==14804==    by 0x401CC3: test_confirm_after_accept (test-sae.c:454)
==14804==    by 0x408A28: l_test_run (test.c:83)
==14804==    by 0x401427: main (test-sae.c:566)
2019-01-11 11:19:17 -06:00
Tim Kourt
0b4509d8d2 auto-t: Test Tunneled-MSCHAPv2 over TTLS 2019-01-10 17:26:22 -06:00