3
0
mirror of https://git.kernel.org/pub/scm/network/wireless/iwd.git synced 2024-11-09 13:39:23 +01:00
Commit Graph

6835 Commits

Author SHA1 Message Date
James Prestwood
5d8b86ff7c eapol: add TKIP support in AP mode
Though TKIP is deprecated and insecure its trivial to support it in
AP mode as we already do in station. This is only to allow AP mode
for old hardware that may only support TKIP. If the hardware supports
any higher level cipher that will be chosen automatically.
2022-10-26 14:20:25 -05:00
James Prestwood
98b684b417 unit: test-arc4: test RC4 both directions
Tests that the data both encrypts and decrypts.
2022-10-26 14:20:05 -05:00
James Prestwood
1f9d9e1eb1 auto-t: allow printing devices in AP mode
The __str__ function assumed station mode which throws an exception
if the device is in AP mode. Fix this as well as print out the mode
the device is in.
2022-10-26 14:19:55 -05:00
James Prestwood
8bc871ba62 auto-t: fix get_ordered_network if hostapd isn't running
This API optimizes scanning to run tests quickly by only scanning
the frequencies which hostapd is using. But if a test doesn't use
hostapd this API raises an uncaught exception.

Check if hostapd is being used, and if not just do a full scan.
2022-10-26 14:19:35 -05:00
James Prestwood
4da101da92 eapol: choose key descriptor version in AP mode
The key descriptor version was hard coded to HMAC_SHA1_AES which
is correct when using IE_RSN_AKM_SUITE_PSK + CCMP. ap.c hard
codes the PSK AKM but still uses wiphy to select the cipher. In
theory there could be hardware that only supports TKIP which
would then make IWD non-compliant since a different key descriptor
version should be used with PSK + TKIP (HMAC_MD5_ARC4).

Now use a helper to sort out which key descriptor should be used
given the AKM and cipher suite.
2022-10-26 14:18:00 -05:00
Andrew Zaborowski
639e2a6fa3 netconfig: Avoid generating events after netconfig_reset
Similarly to l_netconfig track whether IWD's netconfig is active (from
the moment of netconfig_configure() till netconfig_reset()) using a
"started" flag and avoid handling or emitting any events after "started"
is cleared.

This fixes an occasional issue with the Netconfig Agent backend where
station would reset netconfig, netconfig would issue DBus calls to clear
addresses and routes, station would go into DISCONNECTING, perhaps
finish and go into DISCONNECTED and after a while the DBus calls would
come back with an error which would cause a NETCONFIG_EVENT_FAILED
causing station to call netdev_disconnct() for a second time and
transition to and get stuck in DISCONNECTING.
2022-10-26 14:16:22 -05:00
Andrew Zaborowski
72c2a94df9 netconfig: Print addresses added and removed to debug log 2022-10-26 14:15:59 -05:00
Denis Kenzior
75ec7d8076 ap: Limit pairwise and group ciphers to CCMP|TKIP 2022-10-26 14:14:39 -05:00
Denis Kenzior
60bd973441 auto-t: Add tests for GMAC/GMAC-256/CMAC-256 2022-10-24 11:05:24 -05:00
Denis Kenzior
7584b38562 wiphy: Support more group management cipher suites 2022-10-24 11:05:24 -05:00
Denis Kenzior
d1acc80331 netdev: Support more IGTK cipher suites 2022-10-24 11:05:24 -05:00
Denis Kenzior
17131c860a ie: Support more group management cipher suites 2022-10-24 11:05:24 -05:00
Denis Kenzior
3f60bd7e63 auto-t: Add GCMP|CCMP-256 to WPA2 test 2022-10-24 11:05:24 -05:00
Denis Kenzior
2f64f0d080 doc: Document GCMP|CCMP-256 ciphers 2022-10-24 11:05:24 -05:00
Denis Kenzior
ecadc72bcd wiphy: Support GCMP|CCMP-256 cipher suites 2022-10-24 11:05:24 -05:00
Denis Kenzior
fb9bcdadec station: Use IE_CIPHER_IS_GCMP_CCMP 2022-10-24 11:05:24 -05:00
Denis Kenzior
e61cada28f ie: Add IE_CIPHER_IS_GCMP_CCMP inline
Similar to IE_AKM_IS_* functions
2022-10-24 11:05:24 -05:00
Denis Kenzior
b3c3b08785 netdev: Add support for CCMP|GCMP-256
These are similar to CCMP/GCMP, just a different key size which is
already taken care of by calling crypto_cipher_key_len
2022-10-24 11:05:24 -05:00
Denis Kenzior
5998043bd2 ie: Add support for GCMP|CCMP-256 2022-10-24 11:05:24 -05:00
Denis Kenzior
e30298d957 auto-t: Support multiple pairwise ciphers in WPA2 2022-10-24 11:05:24 -05:00
Denis Kenzior
8799d5a393 station: diagnostic: implement PairwiseCipher 2022-10-24 11:05:24 -05:00
Denis Kenzior
bf4ad7a6e7 doc: Document PairwiseCipher property
Add an additional optional PairwiseCipher property on
net.connman.iwd.StationDiagnostic interface that will hold the current
pairwise cipher in use for the connection.
2022-10-24 11:05:24 -05:00
Denis Kenzior
81b9eb515e wiphy: Support GCMP cipher suite 2022-10-24 11:05:24 -05:00
Denis Kenzior
4c30bd68ea wiphy: Generalize supported cipher dumper
To make it easier to support additional ciphers in the future.
2022-10-24 11:05:24 -05:00
Denis Kenzior
8040826079 ie: add ie_rsn_cipher_suite_to_string 2022-10-24 11:05:24 -05:00
Denis Kenzior
150856c315 ie: Add support for GCMP cipher suite 2022-10-24 11:05:24 -05:00
Denis Kenzior
d643964fed netdev: Add support for setting GCMP keys 2022-10-24 11:05:24 -05:00
Denis Kenzior
7ab97db9a9 netdev: Build RSN attributes in a common function
Both CMD_ASSOCIATE and CMD_CONNECT paths were using very similar code to
build RSN specific attributes.  Use a common function to build these
attributes to cut down on duplicated code.

While here, also start using ie_rsn_cipher_suite_to_cipher instead of
assuming that the pairwise / group ciphers can only be CCMP or TKIP.
2022-10-24 11:05:24 -05:00
Denis Kenzior
59ace1b691 ie: Skip unknown pairwise ciphers 2022-10-24 11:05:24 -05:00
Denis Kenzior
ec3085e932 crypto: Add new cipher definitions 2022-10-24 11:05:24 -05:00
Denis Kenzior
f1a713a0fa ie: Simplify implementation
Instead of copy-pasting the same basic operation (memcpy & assignment),
use a goto and a common path instead.  This should also make it easier
for the compiler to optimize this function.
2022-10-24 11:05:24 -05:00
Denis Kenzior
94ecdc799a ie: Rename _BIP to _BIP_CMAC 2022-10-24 11:05:24 -05:00
Denis Kenzior
201b85e8da crypto: Rename BIP to BIP_CMAC
To match the spec more closely.  Several additional BIP algorithms are
being introduced, including BIP_GMAC_128|256 and BIP_CMAC_256.
2022-10-24 11:05:24 -05:00
Denis Kenzior
b85b92b3ee eapol: More strictly validate key_descriptor_version 2022-10-24 11:05:24 -05:00
Denis Kenzior
7f2aa40bba ap: Fix spurious warning message
The warning message would be printed even if no setting was present

Fixes: ac976c6f71 ("ap: Remove support for deprecated APRanges setting")
2022-10-24 11:05:24 -05:00
James Prestwood
72d35fc491 monitor: use int64_t type for NLMSG_NEXT length
Commit c7640f8346 was meant to fix a sign compare warning
in clang because NLMSG_NEXT internally compares the length
with nlmsghdr->nlmsg_len which is a u32. The problem is the
NLMSG_NEXT can underflow an unsigned value, hence why it
expects an int type to be passed in.

To work around this we can instead pass a larger sized
int64_t which the compiler allows since it can upgrade the
unsigned nlmsghdr->nlmsg_len. There is no underflow risk
with an int64_t either because the buffer used is much
smaller than what can fit in an int64_t.

Fixes: c7640f8346 ("monitor: fix integer comparison error (clang)")
2022-10-14 09:49:13 -05:00
James Prestwood
dc6575130e client: fix missing character for line breaks without spaces
In nearly all cases the auto-line breaks can be on spaces in the
string. The only exception (so far) is DPP which displays a very
long URI without any spaces. When this is displayed a single
character was lost on each break. This was due to the current line
being NULL terminated prior to the next line string being returned.

To handle both cases the next line is copied prior to terminating
the current line. The offsets were modified slightly so the line
will be broken *after* the space, not on the space. This leaves
the space at the end of the current line which is invisible to the
user but allows the no-space case to also work without loss of
the last character (since that last character is where the space
normally would be).
2022-10-12 13:55:57 -05:00
James Prestwood
9d042ca321 client: fix not accounting for color escapes after line break
Each color escape is tracked and the new_width is adjusted
accordingly. But if the color escape comes after a space which breaks
the line, the adjusted width ends up being too long since that escape
sequence isn't appearing on the current line. This causes the next
column to be shifted over.
2022-10-12 13:55:47 -05:00
James Prestwood
ea82616b6b client: add extra parameter for new width when printing rows
The old 'max' parameter was being used both as an input and output
parameter which was confusing. Instead have next_line take the
column width as input, and output a new width which includes any
color escapes and wide characters.
2022-10-12 13:52:40 -05:00
James Prestwood
5010ca2c99 client: validate utf-8 before displaying row
In theory any input to this function should have valid utf-8 but
just in case the strings should be validated. This removes the
need to check the return of l_utf8_get_codepoint which is useful
since there is no graceful failure path at this point.
2022-10-12 13:52:10 -05:00
Denis Kenzior
216b232946 AUTHORS: Mention Pinghao's contributions 2022-10-12 11:37:48 -05:00
Pinghao Wu
d82869c346 client: handle wide chars for table rows
Find out printing width of wide chars via wcwidth().
2022-10-12 11:26:01 -05:00
James Prestwood
ba6a48018c station: constrain known frequencies before roam scan
The known frequency list may include frequencies that once were
allowed but are now disabled due to regulatory restrictions. Don't
include these frequencies in the roam scan.
2022-10-11 14:31:20 -05:00
James Prestwood
887073b5d9 station: skip disabled frequencies in neighbor report
Use the disabled frequency list to check if the neighbor report is
including a frequency which IWD cannot use.
2022-10-11 14:30:43 -05:00
Peter Shkenev
6b81b6e46a station: remove excess if clause
No functional changes are intended.
2022-10-10 13:41:29 -05:00
James Prestwood
f9b7e32c2d client: better support utf-8 for table rows
The utf-8 bytes were being counted as normal ascii so the
width maximum was not being increased to include
non-printable bytes like it is for color escape sequences.
This lead to the row not printing enough characters which
effected the text further down the line.

Fix this by increasing 'max' when non-codepoint utf-8
characters are found.
2022-10-07 22:24:03 -05:00
James Prestwood
0c8f06441e auto-t: speed up testScan
This test was taking about 5 minutes to run, specifically
the requested scan test. One slight optimization is to
remove the duplicate hidden network, since there is no
need for two. In addition the requested scan test was
changed so it does not periodic scan and only issues a dbus
scan.
2022-10-06 14:41:26 -05:00
James Prestwood
2acbe26684 auto-t: speed up testHiddenNetworks
The CI was sometimes taking ~10-15 minutes to run just this
test. This is likely due to the test having 7 radios and
which is a lot of beacons/probes to process.

Disabling the unused hostapd instances drops the runtime down
to about 1 minute.
2022-10-06 14:41:04 -05:00
James Prestwood
bc3722060e monitor: parse DPP frame types
Parses the type of frame for easier debugging.
2022-10-06 09:01:42 -05:00
James Prestwood
1d3455ba16 auto-t: add two tests for new FT behavior
These tests ensure proper behavior if FT fails to authenticate
2022-10-06 09:01:38 -05:00