3
0
mirror of https://git.kernel.org/pub/scm/network/wireless/iwd.git synced 2024-11-05 03:29:24 +01:00
Commit Graph

1705 Commits

Author SHA1 Message Date
Rahul Rahul
c07addc4bf netdev: set NL80211_ATTR_USE_MFP if mfp is enabled 2016-12-09 11:47:14 -06:00
Tim Kourt
8bc1b6866f tools: Add option for CMAC in 4.9.0-rc5+ 2016-12-06 17:04:07 -06:00
Tim Kourt
22a7a209d0 tools: Add required for 4.9.0-rc5+ config option 2016-12-06 15:18:50 -06:00
Rahul Rahul
0453b4e52f unit/test-eapol: fixed handshake frame in tls test
eapol_sm_test_tls was using an incorrect frame in
handshake_state_set_own_wpa.
2016-12-02 10:05:50 -06:00
Rahul Rahul
71932acd2d unit/test-eapol: igtk test with mfp enabled
This is the first version of the test
2016-12-02 09:45:42 -06:00
Denis Kenzior
c78d6fda26 build: Add eap-md5.c to test-eapol requirements
Otherwise the EAP-MD5 driver is not found and we get the following
output:

TEST: EAPoL/8021x EAP-TTLS+EAP-MD5 & 4-Way Handshake
Error initializing EAP for ifindex 1

Program received signal SIGSEGV, Segmentation fault.
2016-12-01 13:41:36 -06:00
Tim Kourt
eeb4f35bcb unit: WSC unfragmented retransmission 2016-12-01 11:33:39 -06:00
Tim Kourt
4a8fdc4b33 eap-wsc: Add re-transmission handler for WSC 2016-12-01 11:33:03 -06:00
Tim Kourt
f21698095b t-runner: Specify a python version to run 2016-11-30 22:57:16 -06:00
Tim Kourt
8d7b88ad25 t-runner: Disable PMU emulation for a guest 2016-11-30 22:57:13 -06:00
Denis Kenzior
bd9e1883ee eap: Add retransmission support 2016-11-30 12:44:13 -06:00
Tim Kourt
32d623a09e auto-t: Raname testWPS to testEAP-WPS 2016-11-30 10:07:15 -06:00
Tim Kourt
a2d638791d t-runner: Enable unit test support 2016-11-29 11:34:07 -06:00
Tim Kourt
79f4d1a9cd eap-wsc: Increment TX frag. offset only after ACK 2016-11-23 14:49:37 -06:00
Tim Kourt
fe25198af6 build: Include eap-md5.c 2016-11-21 11:08:56 -06:00
Tim Kourt
b0930d8f79 eap: Extract md5 logic into eap-md5.c 2016-11-21 11:08:50 -06:00
Andrew Zaborowski
1a64c4b771 eapol: Send EAPOL-Start if AP starts 4-Way Handshake
Make the use of EAPOL-Start the default and send it when configured for
8021x and either we receive no EAPOL-EAP from from the AP before
timeout, or if the AP tries to start a 4-Way Handshake.
2016-11-18 14:10:17 -06:00
Denis Kenzior
413287d5cf eapol: Relax VERIFY_IS_ZERO condition
On certain routers, the 4-Way handshake message 3 of 4 contains a key iv
field which is not zero as it is supposed to.  This causes us to fail
the handshake.

Since the iv field is not utilized in this particular case, it is safe
to simply warn rather than fail the handshake outright.
2016-11-18 14:04:07 -06:00
Denis Kenzior
d26e224bfc unit: Update to new eap_init API 2016-11-15 16:44:24 -06:00
Denis Kenzior
d03f23200a eap: Load MTU settings from iwd.conf 2016-11-15 16:44:07 -06:00
Denis Kenzior
ec93454e65 netdev: Send additional attributes
For fullmac drivers, these attributes are also needed
2016-11-15 15:39:55 -06:00
Denis Kenzior
d33fe385da crypto: Add AKMs 2016-11-15 15:39:55 -06:00
Tim Kourt
d0b735c73c handshake: Add getter for settings_8021x 2016-11-15 13:31:43 -06:00
Andrew Zaborowski
ea08bcd8fd unit: Fix eapol TLS test after handshake_state changes 2016-11-14 11:20:20 -06:00
Denis Kenzior
2c2af4edd3 doc: Add WSC api 2016-11-11 11:29:04 -06:00
Tim Kourt
92ece898d1 eap-wsc: Add RX fragmentation support 2016-11-07 16:31:47 -06:00
Tim Kourt
fe90dcaab4 eap-ttls: Fix msg size miscalculation 2016-11-07 16:27:26 -06:00
Denis Kenzior
ee074153ed doc: Add Adapter API documentation 2016-11-07 11:55:07 -06:00
Denis Kenzior
0b98f75dda doc: Add AgentManager API documentation 2016-11-07 11:50:20 -06:00
Andrew Zaborowski
e9e9358898 netdev: Add padding to netlink family headers
Use the NLMSG_ALIGN macro on the family header size (struct ifinfomsg in
this case).  The ascii graphics in include/net/netlink.h show that both
the netlink header and the family header should be padded.  The netlink
header (nlmsghdr) is already padded in ell.  To "document" this
requirementin ell what we could do is take two buffers, one for the
family header and one for the attributes.

This doesn't change anything for most people because ifinfomsg is
already 16-byte long on the usual architectures.
2016-11-07 11:43:18 -06:00
Tim Kourt
a7a3e7e7f7 auto-t: Add EAP TTLS fragmentation test 2016-11-03 22:21:31 -05:00
Tim Kourt
9a5c0eb151 auto-t: Add EAP TLS fragmentation test 2016-11-03 22:21:27 -05:00
Tim Kourt
aa3796af3b auto-t: Add EAP WPS fragmentation test 2016-11-03 22:21:23 -05:00
Tim Kourt
b6745000b5 eap-tls: Fix msg size miscalculation 2016-11-03 22:19:46 -05:00
Tim Kourt
2148d71264 eap-wsc: Add TX fragmentation support 2016-11-03 22:17:38 -05:00
Tim Kourt
2352c3f819 auto-t: Rename abs_path_dir_list to tmpfs_extra_stuff 2016-11-03 13:30:06 -05:00
Tim Kourt
764d9bb377 doc: Rename abs_path_dir_list to tmpfs_extra_stuff 2016-11-03 13:30:06 -05:00
Tim Kourt
50dff98280 t-runner: Rename abs_path_dir_list to tmpfs_extra_stuff 2016-11-03 13:30:06 -05:00
Tim Kourt
2d73fb35fe main: Remove unnecessary initialization 2016-11-03 13:28:19 -05:00
Andrew Zaborowski
73e61fa787 unit: Update wsc test with eapol API changes 2016-11-03 10:24:22 -05:00
Andrew Zaborowski
f74e6f4261 unit: Update eapol test with eapol API changes 2016-11-03 10:24:12 -05:00
Andrew Zaborowski
e32ffc4d98 eapol: Use handshake_state to store state
Remove the keys and other data from struct eapol_sm, update device.c,
netdev.c and wsc.c to use the handshake_state object instead of
eapol_sm.  This also gets rid of eapol_cancel and the ifindex parameter
in some of the eapol functions where sm->handshake->ifindex can be
used instead.
2016-11-03 10:23:58 -05:00
Andrew Zaborowski
061dad2ff5 Add handshake_state object
struct handshake_state is an object that stores all the key data and other
authentication state and does the low level operations on the keys.  Together
with the next patch this mostly just splits eapol.c into two layers
so that the key operations can also be used in Fast Transitions which don't
use eapol.
2016-11-03 10:23:41 -05:00
Andrew Zaborowski
19afcb3582 device: Pass FT-related data to eapol and netdev
If device_select_akm_suite selects Fast Transition association then pass
the MD IE and other bits needed for eapol and netdev to do an FT
association and 4-Way Handshake.
2016-11-03 10:15:11 -05:00
Andrew Zaborowski
a35e0c2690 netdev: FT version of association messages
If an MD IE is supplied to netdev_connect, pass that MD IE in the
associate request, then validate and handle the MD IE and FT IE in the
associate response from AP.
2016-11-03 10:12:44 -05:00
Andrew Zaborowski
955ba74d2d unit: FT 4-Way Handshake eapol test
This also tests that the FT crypto functions work.  For the record
these are the values of the intermediate keys in this test:

ANonce: 33 b2 74 a0 ae c9 e8 5d 61 11 8f 1b 6b 97 77 4e 5b 75 08 37 45
77 dc 14 08 a5 f1 80 c5 d2 e9 fd
SNonce: ac 1e b2 c7 0b 20 8c e6 0a e2 07 b2 38 9e 44 1f ff 39 86 3d 44
9f 81 24 6f e3 6e de 0f 1f 56 ce
PMK-R0: ad b8 81 bf 50 11 1c fd 0b 5c 87 23 42 bf 3b 54 3e 81 d6 3f 3e
18 cf 0a 8d 3d 85 4f d8 07 ad d5
PMKR0Name: cc 62 4a e8 6e 0c 85 25 06 02 22 15 f7 3d 0d 01
PMK-R1: 17 6a 37 92 25 28 72 9f 40 18 06 20 b4 2d 34 2a 7b 8d da 09 4c
a9 cf 84 bd 55 4a 39 bc 5d c1 61
PMKR1Name: de ce 50 a0 9e f0 8c 4e be f2 f1 db e9 67 b4 d4
KCK: e4 2d ee 98 f9 9d fb f8 32 9f 50 41 05 58 35 a2
KEK: 34 5e 22 4e 91 73 8a 97 dd c4 19 53 c5 c8 d7 29
TK: 7c ff bd 35 ce 11 c5 75 1d 4c c6 7a df c2 a2 78
PTKName: 31 e4 94 a6 96 a5 c3 7e 2f 33 9c 47 04 dc ae 05
2016-11-03 10:06:01 -05:00
Andrew Zaborowski
d03f4d72f1 eapol: Handle FT-version of step 3 of 4-way handshake 2016-11-03 10:04:34 -05:00
Andrew Zaborowski
9d54a3082e eapol: Build FT-version step 2 of 4-way handshake
If an FT AKM suite is selected, build the FT version of the step 2
of the 4-way handshake frame.  Step 1 is same as non-FT version.
2016-11-03 10:03:45 -05:00
Andrew Zaborowski
0d2e5b9849 eapol: Add setters for the FT handshake input data
Add space in the eapol_sm struct for the pieces of information required
for the FT 4-Way Handshake and add setters for device.c and netdev.c to
be able to provide the data.
2016-11-03 10:01:41 -05:00
Andrew Zaborowski
67a5b68a16 device: Drop the bss->sha256 flag usage
Don't decide on the AKM suite to use when the bss entries are received
and processed, instead select the suite when the connection is triggered
using a new function device_select_akm_suite, similar to
wiphy_select_cipher().  Describing the AKM suite through flags will be
more difficult when more than 2 suites per security type are supported.
Also handle the wiphy_select_cipher 0 return value when no cipher can be
selected.
2016-11-03 10:00:35 -05:00