3
0
mirror of https://git.kernel.org/pub/scm/network/wireless/iwd.git synced 2024-10-30 08:39:23 +01:00
Commit Graph

6904 Commits

Author SHA1 Message Date
Denis Kenzior
77e387dd0c crypto: Add crypto_derive_sae_pwe_from_pt_ecc 2021-07-14 09:58:42 -05:00
Denis Kenzior
f7b5ebd097 netdev: Set Supplicant RSNXE to handshake_state 2021-07-14 09:58:09 -05:00
Denis Kenzior
636c6eb645 eapol: Send / Validate RSNXE in STA mode 2021-07-14 09:55:49 -05:00
Denis Kenzior
1a7c5786f6 eapol: Use a separate hs variable
Instead of using sm->handshake everywhere, use a short-hand hs variable.
This makes some lines a bit more readable.  No functional changes.
2021-07-14 09:55:49 -05:00
Denis Kenzior
10fd485d7d station: Set authenticator's RSNXE if present 2021-07-14 09:55:49 -05:00
Denis Kenzior
6470601a34 handshake: Add support for RSNXE
Allow handshake_state to track Authenticator & Supplicant RSN Extension
elements (RSNXE)s.
2021-07-14 09:55:49 -05:00
Denis Kenzior
37bc48add4 handshake: Optimize replacement of IEs
During processing of Connect events by netdev, some of these elements
might be updated even when already set.  Instead of issuing
l_free/l_memdup each time, check and see whether the elements are
bitwise identical first.
2021-07-14 09:55:49 -05:00
Denis Kenzior
7fafb627d8 scan: Save off RSNXE if present 2021-07-14 09:55:49 -05:00
Denis Kenzior
57a57646d8 wiphy: Add wiphy_get_rsnxe
Returns a template RSNX element that can be further modified by callers
to set any additional capabilities if required.  wiphy will fill in
those capabilities that are driver / firmware dependent.
2021-07-14 09:55:49 -05:00
Denis Kenzior
3f42e4df25 ie: Add ie_rsnxe_capable
Add convenience method for checking whether a given capability exists in
an RSN Extension element.
2021-07-14 09:55:49 -05:00
Denis Kenzior
f22c958b79 ie: Add certain IE definitions from 802.11-2020 2021-07-14 09:55:49 -05:00
Denis Kenzior
de04e6d723 handshake: Allow adding of ECC SAE-PT points 2021-07-14 09:55:49 -05:00
Denis Kenzior
ead1f0e96e network: Save / Load SAE PT for Group 19 2021-07-14 09:55:49 -05:00
Denis Kenzior
2a66b3bfe5 network: Move handshake parameter setup from station
Most parameters set into the handshake object are actually known by the
network object itself and not station.  This includes address
randomization settings, EAPoL settings, passphrase/psk/8021x settings,
etc.  Since the number of these settings will only keep growing, move
the handshake setup into network itself.  This also helps keep network
internals better encapsulated.
2021-07-14 09:55:49 -05:00
Denis Kenzior
869bcf59d5 network: Make network_sync_psk not repetitive
Refactor network_sync_psk to not require setting attributes into
multiple settings objects.  This is in fact unnecessary as the parsed
security parameters are used everywhere else instead.  Also make sure to
wipe the [Security] group first, in case any settings were invalid
during loading or otherwise invalidated.
2021-07-14 09:55:49 -05:00
Denis Kenzior
27583e6b35 network: Generate PSK lazily
In cases where networks are WPA3 only, there's no point to actually
generate the PSK.  Do so only if needed (network_get_psk gets called)
2021-07-14 09:55:49 -05:00
Denis Kenzior
a8e2023a8e netdev: netdev_build_cmd_authenticate doesn't fail 2021-07-14 09:55:49 -05:00
Denis Kenzior
29aea1d411 netdev: netdev_build_cmd_connect doesn't fail 2021-07-14 09:55:49 -05:00
Denis Kenzior
c1bf2376d4 netdev: Remove unused member 2021-07-13 17:00:07 -05:00
Denis Kenzior
10e5bee5ef wsc: Properly write provisioning files with a passphrase
Credentials obtained can now be either in passphrase or PSK form.  Prior
to commit 7a9891dbef, passphrase credentials were always converted to
PSK form by invoking crypto_psk_from_passphrase.  This was changed in
order to support WPA3 networks.  Unfortunately the provisioning logic
was never properly updated.  Fix that, and also try to not overwrite any
existing settings in case WSC is providing credentials for networks that
are already known.

Fixes: 7a9891dbef ("wsc: store plain text passphrase if available")
2021-07-09 10:33:02 -05:00
Denis Kenzior
3f1e4cce65 unit: Add basic test for crypto_derive_sae_pt_ecc 2021-07-07 21:03:32 -05:00
Denis Kenzior
277437f3d6 crypto: Add crypto_derive_sae_pt_ecc 2021-07-07 21:03:19 -05:00
Denis Kenzior
308071796a network: Update comment 2021-07-07 21:03:06 -05:00
Denis Kenzior
b63674dc21 unit: Update to ell ecc API changes 2021-07-07 20:57:09 -05:00
Denis Kenzior
1d64c96a5c pwd/sae/owe: Update to ell ecc API changes 2021-07-07 20:56:53 -05:00
Denis Kenzior
dfdc8716be network: Rename _sync_psk to _sync_settings
There will be additional security-related settings that will be
introduced for settings files.  In particular, Hash-to-Curve PT
elements, Transition Disable settings and potentially others in the
future.  Since PSK is now not the only element that would require
update, rename this function to better reflect this.
2021-07-06 11:46:33 -05:00
Denis Kenzior
dcd48e1f66 anqp: Ensure a random token is used 2021-07-05 20:25:14 -05:00
Denis Kenzior
667023b01b wiphy: ensure CCMP support when considering SAE 2021-07-05 19:53:52 -05:00
Denis Kenzior
e4d007e14f unit: Add test for SAE Hash to Curve derivation 2021-07-05 18:38:23 -05:00
Denis Kenzior
fbe8b7a3c0 crypto: Add prf_plus function
PRF+ from RFC 5295 is the more generic function using which HKDF_Expand
is defined.  Allow this function to take a vararg list of arguments to
be hashed (these are referred to as 'S' in the RFCs).

Implement hkdf_expand in terms of prf_plus and update all uses to the
new syntax.
2021-06-29 20:37:38 -05:00
Denis Kenzior
412fea3ffa crypto: Make hkdf_extract take void *
This makes it easier to use from unit tests and other places which might
be dealing with const char * data.
2021-06-29 11:55:16 -05:00
Michael Johnson
ed283d7b14 iwd.service: Add CAP_NET_BIND_SERVICE
This fixes an issue where the udp port was not being opened due to a
permission denied error. The result of this was the dhcp client would
fail to send the renewal request and so the dhcp lease would expire.

The addition of the CAP_NET_BIND_SERVICE capability allows the service
to open sockets in the restricted port range (<1024) which is required
for dhcp.
2021-06-29 11:43:26 -05:00
Denis Kenzior
584377f8f1 AUTHORS: Mention Michael's contributions 2021-06-18 13:11:01 -05:00
Michael Johnson
b6236255d2 Send hostname as part of DHCP request.
This is based on a previous patch by Roberto Santalla Fernández.

A new config is introduced into the network config file under IPv4
called SendHostname. If this is set to true then we add the hostname
into all DHCP requests. The default is false.
2021-06-18 13:05:59 -05:00
Andrew Zaborowski
19e5cc9b0d station: Remove diagnostics interface reliably
If the idea is that the interface should only be present when connected
then don't do this in the DISCONNECTING state as there are various
possible transitions from CONNECTED or ROAMING directly to DISCONNECTED.
2021-06-18 10:06:57 -05:00
Andrew Zaborowski
002fc2d632 station: Check if busy in station_get_diagnostics 2021-06-18 09:58:42 -05:00
Denis Kenzior
653821c521 AUTHORS: Mention Joseph's contributions 2021-06-14 09:09:17 -05:00
Joseph Benden
7436cef012 eapol: Use constant-time comparison
This closes the possibility of a timing attack against PMKIDs.
2021-06-14 09:07:53 -05:00
Andrew Zaborowski
2a37dba4bf autotest: Improve cleanup in testP2P
Make sure some of the processes and files created are also cleaned up on
failure so that the next chance has a chance to succeed anyway.
2021-06-14 09:02:34 -05:00
Marcel Holtmann
6d47354e63 Release 1.15 2021-06-12 14:32:08 +02:00
Marcel Holtmann
37896485b6 build: Require at least version 0.41 when building with external ELL 2021-06-11 20:18:25 +02:00
Denis Kenzior
a5f3aed1ef README: Mention channel move to oftc 2021-06-09 14:28:12 -05:00
Denis Kenzior
049cb701d0 doc: No reply expected/wanted from Cancel/Release 2021-06-09 10:35:35 -05:00
Denis Kenzior
eb84e29c81 agent: Send Release/Cancel with no_reply flag set
These method calls did not process or expect a reply.
2021-06-09 10:34:22 -05:00
Denis Kenzior
051a911840 doc: Fix SignalLevelAgent API signatures
The Changed() method did not actually return anything, and in fact the
no_reply flag for that message was set.

Similarly, the Release method does not expect a reply.
2021-06-09 10:32:32 -05:00
Andrew Zaborowski
d9c324a511 netconfig: Make gateway optional for client
Don't require a gateway address from the settings file or from the DHCP
server when doing netconfig.  Failing when the gateway address was
missing was breaking P2P but also small local networks.
2021-06-08 10:25:49 -05:00
Denis Kenzior
7f4dd181b2 ip-pool: Take out un-needed cast 2021-06-07 17:30:25 -05:00
Denis Kenzior
3dcf1fd9d8 ip-pool: Sanity check addr_str_list 2021-06-07 17:22:43 -05:00
Andrew Zaborowski
c295fba546 ip-pool: Validate prefix lengths in used addresses
Be paranoid and check that the prefix length in addresses from
used_addr4_list are not zero (they shouldn't be) and that address family
is AF_INET (it should be), mainly to quiet coverity warnings:

While there also fix one line's indentation.
2021-06-07 17:03:23 -05:00
Andrew Zaborowski
b1c8a57047 ip-pool: Make host address valid even if prefix_len != 24
At the end of ip_pool_select_addr4() we'd check if the selected address
is equal to the subnet address and increment it by 1 to produce a valid
host address for the AP.  That check was always correct only with 24-bit
prefix, extend it to actually use the prefix-dependent mask instead of
0xff.  Fixes a testAP failure triggered 50% of the times because the
netmask is 28 bit long there.
2021-06-07 17:02:09 -05:00