3
0
mirror of https://git.kernel.org/pub/scm/network/wireless/iwd.git synced 2024-12-01 23:59:51 +01:00
Commit Graph

275 Commits

Author SHA1 Message Date
Marcel Holtmann
ad7412efb2 build: Create state directories only when systemd support is disabled 2019-09-08 19:58:59 +02:00
Andrew Zaborowski
9e81a8115a build: Make test-eapol depend on ell
It seems that setting unit_test_eapol_DEPENDENCIES prevents test-eapol
from depending on some ell .c files, like other unit tests do that have
no explicit _DEPENDENCIES variable set in Makefile.am.  Using
EXTRA_unit_test_eapol_DEPENDENCIES instead also seems to fix this.
2019-08-26 11:18:21 -05:00
Andrew Zaborowski
c5627ad62e build: Add a DNSName in the test server cert 2019-08-26 11:12:02 -05:00
Andreas Henriksson
5a96c11664 build: create daemon storage dirs on install
Upon initial install iwd fails to start because the service file
says ReadWritePaths=/var/lib/iwd while that directory doesn't
(yet) exist. (This commit also fixes the same problem for ead.)

Addresses: https://bugs.debian.org/934194
Reported-by: Stephen Gelman <ssgelm@debian.org>
2019-08-11 10:48:54 +02:00
Denis Kenzior
2d65a0030e module: Introduce a basic module dependency framework 2019-08-07 16:33:19 -05:00
Denis Kenzior
a6e8622677 build: Add ell/path.[ch] to build 2019-08-07 10:46:04 -05:00
Marcel Holtmann
1f5ca4b108 build: Make sure to include src/p2putil.[ch] source files 2019-08-03 23:33:41 +02:00
Marcel Holtmann
16c489490c build: Fix issue with incorrect ReadWritePaths in unit files 2019-08-03 09:52:28 +02:00
James Prestwood
2b12759595 monitor: basic ANQP printing
Simply prints the ANQP ID (human readable) and the length. Once
the ANQP dependency on netdev is removed the full ANQP parser
can be used, but for now its done manually. Once this is done it
will be much easier to print the actual ANQP ID data.
2019-07-15 14:53:47 -05:00
James Prestwood
2c19085ccd anqp: move ANQP parsers into anqputil
This allows monitor to use the ANQP parser utils without depending
on netdev.
2019-07-15 14:53:44 -05:00
Denis Kenzior
7f0b169e71 monitor: Use nl80211cmd_to_string 2019-07-15 14:06:26 -05:00
Denis Kenzior
bb61e971e5 nl80211cmd: Introduce new utility 2019-07-15 14:06:26 -05:00
Andrew Zaborowski
38099f75d6 unit: Add p2putil tests 2019-07-08 22:16:16 -05:00
Andrew Zaborowski
614fc0261f p2putil: Add P2P-related declarations and iterator
Add enums defining the values from the spec that we're going to be using
and add an iterator for P2P payload attributes similar to wsc_attr_iter.
2019-07-08 13:58:35 -05:00
Tim Kourt
20466cd735 resolve: Introduce resolve module
The module is responsible for the configuration of the address
resolution services. It will consist of the multiple service
specific plugins such as: systemd-resolved plugin, dnsmasq
plugin, etc.
2019-07-02 19:09:57 -05:00
James Prestwood
a5f2710d05 hotspot: add hotspot module
This module will be in charge of managing Hotspot provisioning files
stored under the .hotspot/ directory. This includes a dir watch to
handle file changes/removal as well as an API to match a network
object to a hotspot provisioning file.
2019-06-26 14:25:11 -05:00
Tim Kourt
4e3e1fbf60 netconfig: Introduce netconfig module
netconfig module will be responsible for the orchestration
of the network configuration with the IP addresses.

iwd creates one netconfig structure per interface index.
The purpose of this struct is to hold all of the interface
related addressing states such as: assigned dhcp
clients, known addresses, routes, etc.
2019-06-26 10:25:57 -05:00
James Prestwood
2ce5277f6d anqp: added utility for parsing ANQP responses
Currently these are geared to support the WiFi Alliance Hotspot 2.0
ANQP elements, which all fall under the vendor specific ANQP element.

anqp_iter_next behaves similar to the genl parsers, where the id, length
and data will be returned as out parameters. Currently there is only
vendor support for Hotspot 2.0. anqp_iter_is_hs20 can be used to setup
the subtype, length, and data pointer to parse any Hotspot 2.0 ANQP
elements. From here the subtype can be checked and a vendor specific
parser for that subtype can be used to parse the data, e.g.
hs20_parse_osu_provider_nai.
2019-06-14 16:09:29 -05:00
Denis Kenzior
c80d32a162 ap: Convert to IWD_MODULE 2019-05-28 14:43:42 -05:00
Denis Kenzior
eeac3e8f40 adhoc: Convert to IWD_MODULE 2019-05-28 14:24:37 -05:00
Marcel Holtmann
cde9933124 build: Generate certificates for unit testing locally 2019-05-11 10:11:12 +02:00
Marcel Holtmann
635ca39096 build: Add missing src/auth-proto.h filename 2019-05-10 10:48:40 +02:00
Marcel Holtmann
02a3f6a146 build: Fix spelling of src/rtnlutil.h filename 2019-05-10 10:44:57 +02:00
James Prestwood
87346212c9 ft: rename ftutil to ft (prep for auth-proto)
Now the 'ft' module, previously ftutil, will be used to drive FT via
the auth-proto virtual class. This renaming is in preparation as
ftutil will become obsolete since all the IE building/processing is
going to be moved out of netdev. The new ft.c module will utilize
the existing ftutil functionality, but since this is now a full blown
auth protocol naming it 'ft' is better suited.
2019-05-07 14:09:08 -05:00
Tim Kourt
5104e6752f rtnlutil: Introduce rtnl utility
The rtnl utility will encapsulate a collection of functions for rtnl ops.
2019-05-06 13:21:15 -05:00
James Prestwood
14ac9e4aeb unit: fix test-sae after auth_proto changes
The SAE unit test needed to be updated to use the handshake_driver,
but in addition all the packet building needed a major overhaul. SAE
was changed to behave more like OWE/FILS, in that netdev passes the
raw mpdu frame into the RX callbacks. Before, only the authentication
data was passed. This requires the unit tests to now build up the
entire authentication frame, and in some cases append the header
to the data coming from the TX functions.
2019-05-03 14:43:35 -05:00
James Prestwood
73c9a126bd fils: implementation for FILS
FILS (Fast Initial Link Setup) allows a station to negotiate a PTK during
authentication and association. This allows for a faster connection as
opposed to doing full EAP and the 4-way. FILS uses ERP (EAP Reauth Protocol)
to achieve this, but encapsulates the ERP data into an IE inside
authenticate frames. Association is then used to verify both sides have
valid keys, as well as delivering the GTK/IGTK.

FILS will work similar to SAE/OWE/FT where netdev registers a fils_sm, and
then forwards all Auth/Assoc frame data to and from the FILS module.
2019-04-22 14:55:02 -05:00
Denis Kenzior
b768e26f1d Revert "mschaputil: use util_get_username"
This reverts commit 1e337259ce.

Using util_get_username was wrong in this context.  MSCHAPv2 expects us
to only strip the domain name from identities of the form
domain\identity.  util_get_username would also strip identities of the
form username@domain.com.
2019-04-18 10:46:56 -05:00
James Prestwood
61ab1d4f5f make: add erp files to unit test recipes 2019-04-17 17:06:25 -05:00
James Prestwood
d938d362b2 erp: ERP implementation and key cache move
ERP (EAP Reauthentication Protocol) allows a station to quickly
reauthenticate using keys from a previous EAP authentication.

This change both implements ERP as well as moves the key cache into
the ERP module.

ERP in its current form is here to only support FILS. ERP is likely not
widespread and there is no easy way to determine if an AP supports ERP
without trying it. Attempting ERP with a non-ERP enabled AP will actually
result in longer connection times since ERP must fail and then full EAP
is done afterwards. For this reason ERP was separated from EAP and a
separate ERP state machine must be created. As it stands now, ERP cannot
be used on its own, only with FILS.
2019-04-17 17:06:25 -05:00
Andrew Zaborowski
530a449337 manager: Add new file for wiphy/interface management
Add manager.c, a new file where the wiphy and interface creation/removal
will be handled and interface use policies will be implemented.  Since
not all kernel-side nl80211 interfaces are tied to kernel-side netdevs,
netdev.c can't manage all of the interfaces that we will be using, so
the logic is being moved to a common place where all interfaces on a
wiphy will be managed according to the policy, device support for things
like P2P and user enabling/disabling/connecting with P2P which require
interfaces to be dynamically added and removed.
2019-04-11 11:17:52 -05:00
James Prestwood
5df84a6933 erpcache: implementation for ERP key cache
This allows IWD to cache ERP keys after a full EAP run. Caching
allows IWD to quickly connect to the network later on using ERP or
FILS.

The cache will contain the EAP Identity, Session ID, EMSK, SSID and
optionally the ERP domain. For the time being, the cache entry
lifetimes are hard coded to 24 hours. Eventually the cache should
be written to disk to allow ERP/FILS to work after a reboot or
IWD restart.
2019-04-10 13:58:13 -05:00
James Prestwood
27f7a523b4 unit: add tests for util_get_{domain,username}
test-ssid-to-utf8 was hijacked and renamed to test-util, and
two tests were added for the new utility functions.
2019-04-08 16:30:41 -05:00
James Prestwood
1e337259ce mschaputil: use util_get_username 2019-04-08 16:28:56 -05:00
Marcel Holtmann
ac2cbd325f build: Add src/pkcs8.conf to the distribution 2019-04-04 07:12:24 +02:00
Marcel Holtmann
ea074ffe67 build: Create ELL_UNIT_TEST_DATA define for certificate directory 2019-04-03 19:16:29 +02:00
Marcel Holtmann
10db2d60d6 build: Add src/missing.h to the distribution 2019-04-03 18:37:10 +02:00
James Prestwood
ed6f5ea55a blacklist: add blacklist.[ch] to build and main
This will allow for blacklisting a BSS if the connection fails. The
actual blacklist module is simple and must be driven by station. All
it does is add BSS addresses, a timestamp, and a timeout to a queue.
Entries can also be removed, or checked if they exist. The blacklist
timeout is configuratble in main.conf, as well as the blacklist
timeout multiplier and maximum timeout. The multiplier is used after
a blacklisted BSS timeout expires but we still fail to connect on the
next connection attempt. We multiply the current timeout by the
multiplier so the BSS remains in the blacklist for a larger growing
amount of time until it reaches the maximum (24 hours by default).
2019-01-24 17:29:15 -06:00
James Prestwood
425cb2aa49 build: added ell/time.[ch] to Makefile.am 2019-01-24 12:29:35 -06:00
Marcel Holtmann
39ee15dbc3 build: Provide modules-load.d for loading pkcs8_key_parser module 2019-01-23 18:22:11 +01:00
Tim Kourt
58f7b06c01 unit: Switch eap-mschapv2 test to use mschaputil 2019-01-10 17:04:57 -06:00
Denis Kenzior
9b722197ba ecc: Remove remaining ECC/ECDH files
ECC primitives have now been fully converted / moved to ell.
2019-01-10 16:27:09 -06:00
Marcel Holtmann
a44969f837 build: Add ell/tls-suites.c and ell/tls-extensions.c 2019-01-05 21:24:29 +01:00
James Prestwood
c2094c5e04 ecdh: remove ECDH and unit tests
ECDH was moved into ell and is no longer needed in IWD
2018-12-12 11:12:27 -06:00
James Prestwood
82ac1e0ba5 build: added ecc/ecdh into ell headers and sources 2018-12-12 10:55:39 -06:00
Martin Hundebøll
c4803d3b12 build: make client unit test conditional on --{enable,disable}-client
The iwctl client and its unit test depends on readline. If building on a
host without readline installed, default make target succeeds when
configured with --disable-client, but the following make check target
fails.

Fix this by making the test-client target conditional on the
--{enable,disable}-client configure flag.
2018-11-22 15:06:48 +01:00
James Prestwood
007d972046 unit: allow ECDH test vector to run without l_getrandom
Using the gcc wrap feature, l_getrandom was redefined to use a known
good, hardcoded random value. The two other tests were also disabled
if l_getrandom is not supported since these do require randomness
for proper testing.
2018-11-20 17:28:44 -06:00
Denis Kenzior
4f2fe6370f build: Add new cert files from ell 2018-11-19 17:10:53 -06:00
James Prestwood
8978f8c43f owe: added OWE module
This module is similar to SAE in that it communicates over authenticate
and associate frames. Creating a new OWE SM requires registering two TX
functions that handle sending the data out over CMD_AUTHENTICATE/ASSOCIATE,
as well as a complete function.

Once ready, calling owe_start will kick off the OWE process, first by
sending out an authenticate frame. There is nothing special here, since
OWE is done over the associate request/response.

After the authenticate response comes in OWE will send out the associate
frame which includes the ECDH public key, and then receive the AP's
public key via the associate response. From here OWE will use ECDH to
compute the shared secret, and the PMK/PMKID. Both are set into the
handshake object.

Assuming the PMK/PMKID are successfully computed the OWE complete callback
will trigger, meaning the 4-way handshake can begin using the PMK/PMKID
that were set in the handshake object.
2018-11-16 18:06:42 -06:00
James Prestwood
dddbf22ab7 unit: added ECDH unit tests 2018-11-16 16:25:20 -06:00