3
0
mirror of https://git.kernel.org/pub/scm/network/wireless/iwd.git synced 2024-11-30 06:39:46 +01:00
Commit Graph

5085 Commits

Author SHA1 Message Date
Andrew Zaborowski
0ffb96056a wsc: Clear the pin copy in wsc_generate_pin 2020-04-06 16:21:31 -05:00
Denis Kenzior
aba3da32ac netdev: work around APs that send igtk in big endian
It seems some APs send the IGTK key in big endian format (it is a
uin16).  The kernel rightly reports an -EINVAL error when iwd issues a
NEW_KEY with such a value, resulting in the connection being aborted.

Work around this by trying to detect big-endian key indexes and 'fixing'
them up.
2020-04-06 15:56:46 -05:00
Denis Kenzior
5576722d29 eapol: Make sure igtk key index is uint16_t
Fixes: 1cc7346d6a ("handshake: Change signature of (i)gtk setters")
2020-04-02 18:16:56 -05:00
Denis Kenzior
45824ff7eb unit: Update to the new handshake API 2020-04-02 00:41:18 -05:00
Denis Kenzior
1cc7346d6a handshake: Change signature of (i)gtk setters 2020-04-02 00:41:02 -05:00
James Prestwood
f37966a24d test-runner: create pcap when logging 2020-04-02 00:32:38 -05:00
James Prestwood
689a1ed858 test-runner: fix segfault running with --log non-root
When running test-runner as non-root the environment variables
SUDO_GID/SUDO_UID were unset, causing atoi to segfault. This replaces
atoi with strtol, and checks the existance of SUDO_GID/SUDO_UID
before trying to turn it into an integer. This patch also allows
the uid/gid to be read from the user if running as non-root.

Note: running as non-root does require the users permissions to be
setup properly. Directories and files are created when running with
logging, so if the user running test-runner does not have these
permissions the creation of these files will fail.
2020-04-02 00:31:36 -05:00
Denis Kenzior
935138500f AUTHORS: Mention Rosen's contributions 2020-04-02 00:31:05 -05:00
Rosen Penev
6b12593ec0 nlmon: fix -Wformat under musl 1.2.0
musl 1.2.0 uses 64-bit time, even under 32-bit OSes. Cast to int64_t
and use the proper macro.
2020-04-02 00:30:59 -05:00
Denis Kenzior
426681aeb2 netdev: Add support for extended errors 2020-04-02 00:30:59 -05:00
Marcel Holtmann
ad97f4f945 Release 1.6 2020-03-25 10:35:01 +01:00
Marcel Holtmann
5a0d5de689 build: Require at least version 0.29 when building with external ELL 2020-03-25 10:19:16 +01:00
Marcel Holtmann
b95b9955f1 build: Remove ell/genl-private.h from source requirements 2020-03-25 09:53:15 +01:00
James Prestwood
72bf3aa1f5 auto-t: remove iwd_config_dir from autotests
This is no longer needed unless setting a different
directory than /tmp
2020-03-21 00:10:36 -05:00
James Prestwood
9eb0f973f3 auto-t: fix testAddressRandomization
This test was dependent on having a local main.conf in /etc/iwd
2020-03-21 00:10:34 -05:00
James Prestwood
7d5ce16f1a test-runner: make default iwd_config_dir=/tmp
The configuration value of iwd_config_dir was defaulting to /etc/iwd
which, in the context of test-runner, is probably not the best idea.
The system may have a main.conf file in /etc/iwd which could cause
tests to fail or behave unexpectedly.

In addition all tests which use iwd_config_dir set it to /tmp anyways.
Because of this, the new default value will be /tmp and no tests will
even need to bother setting this.

The configuration value itself is not being removed because it may be
useful to set arbitrary paths (e.g. /etc/iwd) for example when using
the shell functionality.
2020-03-21 00:10:32 -05:00
James Prestwood
972762b116 handshake: fix OWE PTK derivation
This bug has been in here since OWE was written, but a similar bug also
existed in hostapd which allowed the PTK derivation to be identical.
In January 2020 hostapd fixed this bug, which now makes IWD incompatible
when using group 20 or 21.

This patch fixes the bug for IWD, so now OWE should be compatible with
recent hostapd version. This will break compatibility with old hostapd
versions which still have this bug.
2020-03-20 23:50:55 -05:00
James Prestwood
6e8b765278 wiphy: add check for CMD_AUTH/CMD_ASSOC support
If the AP only supports an AKM which requires an auth protocol
CMD_AUTHENTICATE/CMD_ASSOCIATE must be supported or else the
auth protocol cannot be run. All the auth protocols are started
assuming that the card supports these commands, but the support
was never checked when parsing supported commands.

This patch will prevent any fullMAC cards from using
SAE/FILS/OWE. This was the same behavior as before, just an
earlier failure path.
2020-03-20 18:58:55 -05:00
Andrew Zaborowski
59a7f2e681 frame-xchg: Drop l_io read destroy handler
This function was intended to catch socket errors and destroy the group
but it would leak the l_io object if that happened, and if called on
ordinary shutdown it could cause a crash.  Since we're now assuming
that the netlink socket operations never fail just remove it.
2020-03-20 10:47:53 -05:00
Andrew Zaborowski
e705c4382a monitor: Print WFD IE contents
Only print the WFD version 2.1.0 spec subelements which removed all the
low level video format details from the IEs so this code is much
shorter.
2020-03-20 10:47:26 -05:00
Andrew Zaborowski
97051da883 eap-tls: Print a hint about IWD_TLS_DEBUG on TLS errors 2020-03-20 10:23:30 -05:00
Andrew Zaborowski
264ab685ba ie: Add ie_tlv_extract_wfd_payload 2020-03-20 10:21:04 -05:00
Andrew Zaborowski
430ccf8714 p2putil: Add WFD IE parsing utilities
Only add constants for parsing the Device Information subelement as that
is the main thing we care about in P2P code.  And since our own WFD IEs
will likely only need to contain the Device Information subelement, we
don't need builder utilities.  We do need iterator utilities because we
may receive WFD IEs with more subelements.
2020-03-20 10:18:56 -05:00
Andrew Zaborowski
c41eb6b2b0 tools: Add utility to tx Probe Requests 2020-03-20 10:18:04 -05:00
Andrew Zaborowski
4abafd8eea wsc: Don't start connections until Cancel finishes
Return busy from StartPin and PushButton if the Cancel method is still
running.
2020-03-20 10:17:04 -05:00
Andrew Zaborowski
485cb4d375 wscutil: Implement wsc_build_probe_response 2020-03-20 10:16:44 -05:00
Andrew Zaborowski
e7e597c876 frame-xchg: Add frame_xchg_start 2020-03-20 10:15:50 -05:00
Andrew Zaborowski
e6de4b10ad frame-xchg: Add facility to keep retransmitting after ACK
In some cases a P2P peer will ACK our frame but not reply on the first
attempt, and other implementations seem to handle this by going back to
retransmitting the frame at a high rate until it gets ACKed again, at
which point they will again give the peer a longer time to tx the
response frame.  Implement the same logic here by adding a
retries_on_ack parameter that takes the number of additional times we
want to restart the normal retransmit counter after we received no
response frame on the first attempt.  So passing 0 maintains the
current behaviour, 1 for 1 extra attempt, etc.

In effect we may retransmit a frame about 15 * (retry_on_ack + 1) *
<in-kernel retransmit limit> times.  The kernel/driver retransmits a
frame a number of times if there's no ACK (I've seen about 20 normally)
at a high frequency, if that fails we retry the whole process 15 times
inside frame-xchg.c and if we still get no ACK at any point, we give up.
If we do get an ACK, we wait for a response frame and if we don't get
that we will optionally reset the retry counter and restart the whole
thing retry_on_ack times.
2020-03-20 10:13:42 -05:00
James Prestwood
e7a9a43410 auto-t: add test for AddressRandomization option
Tests all cases of AddressRandomization=network

1. Deterministic generation per-network (default)
2. Full randomization per-network
3. Address override per-network
2020-03-18 18:15:16 -05:00
James Prestwood
e10c6ada12 doc: document AlwaysRandomizeAddress and AddressOverride 2020-03-18 18:15:16 -05:00
James Prestwood
f13fd9d61f netdev: honor handshake->spa if set
In order to support AlwaysRandomizeAddress and AddressOverride, station will
set the desired address into the handshake object. Then, netdev checks if
this was done and will use that address rather than generate one.
2020-03-18 18:15:16 -05:00
James Prestwood
e7777c3422 station: support full MAC randomization and override
This patch adds two new options to a network provisioning file:

AlwaysRandomizeAddress={true,false}

If true, IWD will randomize the MAC address on each connection to this
network. The address does not persists between connections, any new
connection will result in a different MAC.

AddressOverride=<MAC>

If set, the MAC address will be set to <MAC> assuming its a valid MAC
address.

These two options should not be used together, and will only take effect
if [General].AddressRandomization is set to 'network' in the IWD
config file.

If neither of these options are set, and [General].AddressRandomization
is set to 'network', the default behavior remains the same; the MAC
will be generated deterministically on a per-network basis.
2020-03-18 18:15:16 -05:00
James Prestwood
33251ccd20 util: add util_is_valid_sta_address
Checks that that address is neither broadcast or group
2020-03-18 18:15:16 -05:00
Andrew Zaborowski
66657a5706 p2putil: Tolerate GO Neg Response with empty Channel List
Work around a parse error in GO Negotiation with some P2P devices.
2020-03-18 13:50:32 -05:00
Andrew Zaborowski
22d7a3c629 frame-xchg: Optimize frame_watch_remove_by_handler scenarios
Since frame_watch_remove_by_handler only forgets a given function +
user data pointers, and doesn't remove the frame prefixes added in the
kernel, we can avoid later re-registering those prefixes with the
kernel by keeping them in our local watchlist, and only replacing the
handler pointer with a dummy function.
2020-03-18 13:49:42 -05:00
Andrew Zaborowski
9e18552fe7 watchlist: Allow watch CBs to call watchlist_destroy
If during WATCHLIST_NOTIFY{,_MATCHES,_NO_ARGS} one of the watch
notify callback triggers a call to watchlist_destroy, give up calling
remaining watches and destroy the watchlist without crashing.  This is
useful in frame-xchg.c (P2P use case) where a frame watch may trigger
a move to a new state after receiving a specific frame, and remove one
group of frame watches (including its watchlist) to create a different
group.
2020-03-18 13:49:22 -05:00
James Prestwood
a2006a3d29 doc: document AddressRandomization=network option 2020-03-18 13:10:41 -05:00
James Prestwood
5a1b1184fc netdev: support per-network MAC addresses
For privacy reasons its advantageous to randomize or mask
the MAC address when connecting to networks, especially public
networks.

This patch allows netdev to generate a new MAC address on a
per-network basis. The generated MAC will remain the same when
connecting to the same network. This allows reauthentications
or roaming to work, and not have to fully re-connect (which would
be required if the MAC changed on every connection).

Changing the MAC requires bringing the interface down. This does
lead to potential race conditions with respect to external
processes. There are two potential conditions which are explained
in a TODO comment in this patch.
2020-03-18 13:10:41 -05:00
James Prestwood
f96f8ba4a0 manager: remove warning for AddressRandomization option
Since the 'network' value is handled inside netdev we don't want this warning
being printed.
2020-03-18 13:10:41 -05:00
James Prestwood
1f14782857 wiphy: add _generate_address_from_ssid
This API is being added to support per-network MAC address
generation. The MAC is generated based on the network SSID
and the adapters permanent address using HMAC-SHA256. The
SHA digest is then constrained to make it MAC address
compliant.

Generating the MAC address like this will ensure that the
MAC remains the same each time a given SSID is connected to.
2020-03-18 13:10:41 -05:00
Andrew Zaborowski
60bb42087a frame-xchg: Allow frame_xchg_stop calls inside frame callbacks
Make sure a frame callback is free to call frame_xchg_stop without
causing a crash.  Frame callback here means the one that gets
called if our tx frame was ACKed and triggered a respone frame that
matched one of the provided prefixes, within the given time.

All in all a frame callback is allowed to call either
frame_xchg_stop or frame_xchg_startv or neither.  Same applies to
the final callback (called when no matching responses received).
2020-03-17 15:45:07 -05:00
Andrew Zaborowski
f1aa208edf frame-xchg: Allow calling frame_xchg_stop from the callback
Don't crash if the user calls frame_xchg_stop(wdev) from inside the
frame exchange's final callback.  That call is going to be redundant but
it's convenient to do this inside a cleanup function for a given wdev
without having to check whether any frame exchange was actually running.
2020-03-17 15:44:56 -05:00
Andrew Zaborowski
9147a6b726 frame-xchg: Fix frame_watch_item_remove_by_handler 2020-03-17 15:44:22 -05:00
Andrew Zaborowski
a18c75d375 frame-xchg: Actually free duplicate watches
Fix a potential leak when we need to drop an existing watch because it's
being replaced with a new one.
2020-03-17 15:44:10 -05:00
Andrew Zaborowski
9ff1c4da3a cleanup: Remove extra empty lines 2020-03-17 15:35:22 -05:00
Andrew Zaborowski
c1bf85ec13 doc: Fix p2p method error names 2020-03-17 15:34:38 -05:00
James Prestwood
85fd9f50f7 netdev: fix auth protocols not setting ->connected
This causes netdev to think another supplicant is running when it
recieves a connect event due to an auth protocol running.
2020-03-13 23:52:26 -05:00
James Prestwood
24235a2af8 test-runner: fix improper loading of radius_config
This key is special in hostapd, and was being treated as a normal hostapd
config file. This special radius config file needs to be kept unpaired from
any interfaces so now its passed in as a separate argument and appended to
the end of the hostapd execute command.
2020-03-13 23:52:26 -05:00
James Prestwood
af5c77aeba test-runner: fix crash for tests using radius_server
Tests which use a standalone RADIUS server may crash due to
the wiphy array not taking into account the 'radius_server'
key which is skipped during setup.
2020-03-13 23:52:26 -05:00
James Prestwood
37886066d8 test-runner: fix crash if ofono is not installed
The goto was jumping to a label which freed the wiphy list which
had not yet been initialized. This also fixes another similar issue
if chdir fails (in this case tmpfs_extra_stuff would get freed
before being allocated).
2020-03-13 23:52:26 -05:00