3
0
mirror of https://git.kernel.org/pub/scm/network/wireless/iwd.git synced 2024-11-25 17:59:25 +01:00
Commit Graph

3455 Commits

Author SHA1 Message Date
Denis Kenzior
686f515e04 eap-ttls: Bump up buffer sizes to quiet warnings
src/eap-ttls.c:766:50: error: ‘Password’ directive output may be truncated writing 8 bytes into a region of size between 1 and 72 [-Werror=format-truncation=]
  snprintf(password_key, sizeof(password_key), "%sPassword", prefix);
                                                  ^~~~~~~~
In file included from /usr/include/stdio.h:862,
                 from src/eap-ttls.c:28:
/usr/include/bits/stdio2.h:64:10: note: ‘__builtin___snprintf_chk’ output between 9 and 80 bytes into a destination of size 72
   return __builtin___snprintf_chk (__s, __n, __USE_FORTIFY_LEVEL - 1,
          ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        __bos (__s), __fmt, __va_arg_pack ());
        ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
2018-12-17 11:21:55 -06:00
Andrew Zaborowski
961e6d1480 eap-tls: Replace l_pem_load_certificate() with newer functions
Stop using l_pem_load_certificate which has been removed from ell, use
the same functions to load certificate files to validate them as those
used by the TLS implementation itself.
2018-12-17 11:18:42 -06:00
James Prestwood
2ec66c9d3f test-runner: fixed garbage output in test results
When printing test results the line separators were not NULL terminated
causing garbage bytes to be printed at the end.
2018-12-17 11:17:34 -06:00
Tim Kourt
cff86c8419 eap-ttls: Propagate status of challenge generator 2018-12-14 14:18:22 -06:00
James Prestwood
74599ce33d auto-t: update tests to use get_ordered_network call 2018-12-14 13:47:00 -06:00
James Prestwood
9d3d65a282 auto-t: add get_ordered_network(ssid)
This is a helper/shortcut to get_ordered_networks (plural). In nearly
all the autotests we had (roughly) the same block of code:

ordered_network = get_ordered_networks()[0]

self.assertNotEqual(ordered_network, None)
self.assertEqual(ordered_network.name, "someSsid")

Rather than having to do this, we can simplify and just have a single
call to get_ordered_network, which takes the SSID. If the SSID is not
found, we raise an exception. This avoids needing both asserts since
we are guarenteed that the return is valid and the SSID matches.

This also avoids possible issues with multiple networks showing up in
the GetOrderedNetworks call. Eventually test-runner will support running
tests on real wireless hardware, so its possible we could pick up
unexpected networks in the scan.
2018-12-14 13:46:32 -06:00
James Prestwood
699b83cb1f auto-t: removed ';' from many autotests
At some point a stray ';' got added into an autotest in a section
of code that is heavily copy pasted. So in turn nearly all the autotests
have this stray ';' after list_devices (and a few in other places).
2018-12-14 13:46:23 -06:00
James Prestwood
c2094c5e04 ecdh: remove ECDH and unit tests
ECDH was moved into ell and is no longer needed in IWD
2018-12-12 11:12:27 -06:00
James Prestwood
e11c157478 owe: updated to use ell ECDH/ECC API's 2018-12-12 11:12:24 -06:00
James Prestwood
82ac1e0ba5 build: added ecc/ecdh into ell headers and sources 2018-12-12 10:55:39 -06:00
Tim Kourt
fb656ff87a eap-tls-common: Make databuf private 2018-12-11 17:09:51 -06:00
Marcel Holtmann
8a8a0df05c Release 0.13 2018-12-11 12:42:07 +01:00
Marcel Holtmann
d54b235dae build: Require at least version 0.16 when building with external ELL 2018-12-11 12:35:18 +01:00
Andrew Zaborowski
529ae6e683 eap-tls: Check AP identity in tls ready callbck
Check that the TLS logic has verified the server is trusted by the CA if
one was configured.  This is more of an assert as ell intentionally only
allows empty certificate chains from the peer in server mode (if a CA
certficate is set) although this could be made configurable.
2018-12-10 12:04:56 -06:00
Andrew Zaborowski
57ce6d0ca5 station: Check network_get_psk/passphrase return values
Check the returned values are not NULL.
2018-12-10 12:04:53 -06:00
Andreas Henriksson
aef4dd4286 build: set things up to enable large file support
Spotted by lintian check, tag explained at:
https://lintian.debian.org/tags/binary-file-built-without-LFS-support.html
2018-12-07 09:41:15 -06:00
Marcel Holtmann
18b4f8b359 build: Enable -Wformat -Wformat-security compiler warnings 2018-12-07 10:05:51 +01:00
Marcel Holtmann
5e31b194e2 monitor: List all enum values in switch statement 2018-12-07 09:04:36 +01:00
Marcel Holtmann
42f5d905b1 client: List all enum values in switch statement 2018-12-07 08:58:53 +01:00
Tim Kourt
610f9d28f0 eap-ttls: Migrate to eap-tls-common framework
The conversion transitions EAP-TTLS implementation to use a
common Phase 1 implementation shared among all TLS based
EAP methods.
2018-12-05 22:57:36 -06:00
Tim Kourt
84eda62823 eap-tls-common: ACK first fragment with missing M bit 2018-12-05 22:55:02 -06:00
Tim Kourt
30dfe9225c eap-peap: Migrate to eap-tls-common framework
The conversion transitions EAP-PEAP implementation to use a
common Phase 1 implementation shared among all TLS based
EAP methods.
2018-12-05 22:31:17 -06:00
Tim Kourt
4b9970bd99 eap-tls-common: Add comment 2018-12-05 22:26:29 -06:00
James Prestwood
dd835aba2e test-runner: fix removal of SIM/AKA/AKA' files
If ofono/phonesim is not found on the system, any test requiring those will
be skipped. In this case we would still try and remove symlinks that were
never created. An error would be printed, but the actual source tree files
were getting removed. This adds a new goto label where we can skip the tmpfs
removal in this error case.
2018-12-05 22:24:08 -06:00
Denis Kenzior
94b7a69146 eap-tls-common: Fix typo 2018-12-05 11:55:00 -06:00
Tim Kourt
aafa4d50bb eap-tls: Migrate to eap-tls-common framework
The conversion transitions EAP-TLS implementation to use a
common Phase 1 implementation shared among all TLS based
EAP methods.
2018-12-05 11:53:59 -06:00
Tim Kourt
645b72be06 eap-tls-common: Validate successful loading of keys/certs 2018-12-05 11:33:47 -06:00
Tim Kourt
f1f826ee81 eap-tls-common: Handle packet payload 2018-12-05 11:33:06 -06:00
Andrew Zaborowski
b375191c61 scan: Drop the wiphy_id scan callback parameter 2018-12-04 10:36:17 -06:00
Andrew Zaborowski
e4858d6da3 scan: Refactor scan request and periodic scan logic
This should not change the behaviour except for fixing a rare crash
due to scan_cancel not working correctly when cancelling the first scan
request in the queue while a periodic scan was running, and potentially
other corner cases.  To be able to better distinguish between a periodic
scan in progress and a scan request in progress add a sc->current_sr
field that points either at a scan request or is NULL when a periodic
scan is in ongoing.  Move the triggered flag from scan_request and
scan_preiodic directly to scan_context so it's there together with
start_cmd_id.  Hopefully make scan_cancel simpler/clearer.

Note sc->state and sc->triggered have similar semantics so one of them
may be easily removed.  Also the wiphy_id parameter to the scan callback
is rather useless, note I temporarily pass 0 as the value on error but
perhaps it should be dropped.
2018-12-04 10:32:57 -06:00
Tim Kourt
f07119b33a eap-tls-common: Add tunnel API for send, close 2018-12-04 10:25:24 -06:00
Tim Kourt
6490ecd615 eap-tls-common: Add accessors for variant data and ver 2018-12-04 10:23:49 -06:00
Tim Kourt
663cf9931e eap-tls-common: Expose PRF 2018-12-04 10:22:00 -06:00
Tim Kourt
8dc9276800 eap-tls-common: Make send empty response func. public 2018-12-04 10:21:28 -06:00
Tim Kourt
779f668ab9 eap-tls-common: Introduce variant data and reset API 2018-12-04 10:19:55 -06:00
Tim Kourt
bb98101bd4 eap-tls-common: Handle response retransmission 2018-12-04 10:19:20 -06:00
Tim Kourt
9df7785fee eap-tls-common: Add phase 2 failure flag
This flag is used by the extensions to signal the failure
during phase 2 execution.
2018-12-04 10:18:53 -06:00
Tim Kourt
c1f791afc4 eap-tls-common: Handle common tunnel ready cb 2018-12-04 10:18:11 -06:00
Tim Kourt
c2d3a84e3a eap-tls-common: Add method completion flag
This flag prevents methods from restarting
2018-12-04 10:16:36 -06:00
Tim Kourt
c35c91ad20 eap-tls-common: Add support for fragmented response 2018-12-04 10:14:39 -06:00
Tim Kourt
718f967d17 eap-tls-common: Add basic send response 2018-12-04 10:13:24 -06:00
Tim Kourt
802891fcc3 eap-tls-common: Add tunneled data handling 2018-12-04 10:04:07 -06:00
Tim Kourt
edfc070d96 eap-tls-common: Add tls tunnel 2018-12-04 10:03:07 -06:00
Tim Kourt
c865eaa141 eap-tls-common: Add support for the fragmented requests 2018-12-03 14:31:16 -06:00
Tim Kourt
36e2252606 eap-tls-common: Add basic request handling
This also introduces the version negotiation
2018-12-03 14:31:16 -06:00
Tim Kourt
7aa35bf6c7 eap-tls-common: Introduce eap_tls_variant_ops
eap_tls_variant_ops will allow methods such as TTLS, PEAP,
etc. to specify their own handlers for the Phase 2 operations.
2018-12-03 14:31:16 -06:00
Andrew Zaborowski
d558724676 autotests: Update expected error in password length test 2018-12-03 14:21:30 -06:00
Andrew Zaborowski
47bb5b5f72 network: Generate the PSK as soon as we have a passphrase
In the name of failing earlier try to generate the PSK from the
passphrase as soon as we receive the passphrase or read it from the
file, mainly to validate it has the right number of characters.
The passphrase length currently gets validates inside
crypto_psk_from_passphrase which will be called when we receive a new
passphrase from the agent or when the config file has no PSK in it.  We
do not do this when there's already both the PSK and the passphrase
available in the settings -- we can add that separately if needed.
2018-12-03 14:17:30 -06:00
Andrew Zaborowski
0d3f16ec5e scan: Call .destroy in scan_request_free
The main difference with this is that scan_context removal will also
trigger the .destroy calls.  Normally there won't be any requests left
during scan_context but if there were any we should call destroy on
them.
2018-12-03 11:42:32 -06:00
Andrew Zaborowski
c9d8346d40 autotests: Test bad PSK password lengths 2018-11-30 10:26:33 -06:00