3
0
mirror of https://git.kernel.org/pub/scm/network/wireless/iwd.git synced 2024-11-24 08:29:25 +01:00
Commit Graph

2638 Commits

Author SHA1 Message Date
Denis Kenzior
97771f80f1 unit: Add M4/M5 pair to end-to-end wsc test 2016-08-30 23:20:43 -05:00
Denis Kenzior
ba55afa3f4 eap-wsc: Generate M5 messages 2016-08-30 23:20:24 -05:00
Denis Kenzior
c0de9d1790 eap-wsc: optionally load IV1 & IV2 for debugging
When we send M5 & M7, we need to generate a random IV.  For testing
purposes, the IV can be provided in settings, otherwise it will be
generated randomly.
2016-08-30 23:18:53 -05:00
Denis Kenzior
1820d7c33e merge: M5 parse test 2016-08-30 23:18:19 -05:00
Denis Kenzior
62623e0eb3 eap-wsc: Handle M4 messages 2016-08-30 21:52:24 -05:00
Denis Kenzior
48c3f4a55a eap-wsc: Store PSK1 & PSK2
We will need to use PSK1 & PSK2 when computing R_Hash1 & R_Hash2 when
processing M4 & M6.
2016-08-30 21:51:14 -05:00
Denis Kenzior
9a47f98ccd eap-wsc: Store M2 for future use
We need quite a bit of attributes of M2 for the duration of the WSC
handshake.  Most importantly, we need to use the peer's public key when
processing M4 and M6.  RegistrarNonce is also needed for generating any
ACK/NACK messages as needed.

Also, peer's device attributes such as Model, Manufacturer, etc might be
useful to report upon successful handshake.
2016-08-30 21:10:57 -05:00
Denis Kenzior
633389f2f4 eap-wsc: Add utility to decrypt EncryptedSettings 2016-08-30 14:43:49 -05:00
Denis Kenzior
b78bef2be8 eap-wsc: Add utility to check KeyWrapAuthenticator 2016-08-30 14:42:43 -05:00
Denis Kenzior
046c7b8994 eap-wsc: clear out intermediate key data 2016-08-30 14:41:58 -05:00
Denis Kenzior
39d6acb07d eap-wsc: Don't store AuthKey | KeyWrapKey | EMSK
AuthKey is already uploaded into auth_key_hmac.  KeyWrapKey is now
uploaded into the AES-CBC(128) cipher.  We currently have no use for
EMSK.

So we no longer need to keep the wsc_session_key structure around.
2016-08-30 14:34:03 -05:00
Denis Kenzior
24dfe6e436 wscutil: Add wsc_build_m5_encrypted_settings 2016-08-30 14:10:20 -05:00
Denis Kenzior
7bdb1a0225 wscutil: Add wsc_parse_m5_encrypted_settings 2016-08-30 14:07:53 -05:00
Denis Kenzior
ba8e0cd6b7 unit: Add test for wsc_build_m4_encrypted_settings 2016-08-30 13:58:32 -05:00
Denis Kenzior
f8af4886c4 unit: Add test for wsc_parse_m4_encrypted_settings 2016-08-30 13:58:06 -05:00
Denis Kenzior
d59086c791 wscutil: Add wsc_build_m4_encrypted_settings 2016-08-30 13:57:28 -05:00
Denis Kenzior
11e56031c0 wscutil: Add wsc_parse_m4_encrypted_settings 2016-08-30 13:38:08 -05:00
Denis Kenzior
757e4dbb90 wscutil: Prepare for parsing of Encrypted Settings
Encrypted Settings TLVs are structured similarly to the various WSC
messages.  However, they lack a version2 extension field and use a Key
Wrap Authenticator element instead of Authenticator.
2016-08-30 13:33:17 -05:00
Denis Kenzior
642804f9d7 wscutil: Handle Key Wrap Authenticator 2016-08-30 13:30:06 -05:00
Denis Kenzior
7810a45a9c eap-wsc: Rework state logic a bit
Mostly so repetitive code is not required
2016-08-30 10:10:11 -05:00
Denis Kenzior
a4bf3f3280 unit: Add M5 builder unit test 2016-08-30 09:46:33 -05:00
Denis Kenzior
5c88de6e65 unit: Add M5 parser unit test 2016-08-30 09:46:20 -05:00
Denis Kenzior
a8580c7ed0 wscutil: Add wsc_build_m5 2016-08-30 09:45:39 -05:00
Denis Kenzior
0081bf4f64 wscutil: Add wsc_parse_m5 2016-08-30 09:34:34 -05:00
Denis Kenzior
be1b2a3281 unit: Add end-to-end WSC handshake test
This only checks M1 & M3 message generation for now
2016-08-30 09:22:35 -05:00
Denis Kenzior
05c230c46a eap-wsc: Send M3 2016-08-30 09:22:35 -05:00
Denis Kenzior
397a7d18c2 eap-wsc: Add TX message Authenticator calculation 2016-08-30 09:22:35 -05:00
Denis Kenzior
5951bc220b eap-wsc: Handle M2 messages 2016-08-30 09:22:35 -05:00
Denis Kenzior
33b0034678 eap-wsc: Add util to verify RX frame Authenticator 2016-08-30 09:22:35 -05:00
Denis Kenzior
097e775659 eap-wsc: Add basic logic to send M1 messages 2016-08-30 09:22:33 -05:00
Denis Kenzior
c2cb35b4c9 eap-wsc: store sent pdu
This is needed for authenticator computation
2016-08-29 22:16:34 -05:00
Denis Kenzior
2cbbcb7434 eap-wsc: Load settings related to DevicePassword
DevicePassword is the PIN, either static, dynamically generated or
entered by the user.  For PushButton mode, DevicePassword is set to
'00000000'.  It can also be provided via external means, such as NFC.

This patch allows DevicePassword to be externally configured into the
EAP-WSC layer.  Optionally, the secret nonce values can also be
provided for testing purposes.  If omitted, they will be generated using
l_getrandom.
2016-08-29 12:12:13 -05:00
Denis Kenzior
ce596058cd eap-wsc: Implement load_settings method
We use the load_settings method to bootstrap the internal state of the
EAP WSC state machine.  We require certain information to be provided by
the higher layers, namely:

Global Device parameters
 - Manufacturer
 - Model Name
 - Model Number
 - Serial Number
 - Device Name
 - Primary Device Type
 - OS Version

Session specific parameters
 - MAC Address
 - Configuration Methods
 - RF Bands

The following parameters are auto-generated for each new session, but
can be over-ridden if desired
 - Private Key
 - Enrollee Nonce
2016-08-28 02:47:09 -05:00
Denis Kenzior
b650b16d6f wscutil: Check authenticator more strictly
Make sure Authenticator is the last data in the WSC PDU, with no
extraneous data afterwards
2016-08-28 02:47:09 -05:00
Denis Kenzior
c6f086d741 TODO: Add EAPoL <-> EAP timeout relationship task 2016-08-28 00:41:07 -05:00
Denis Kenzior
e128408b3f TODO: Add EAP timeout configuration task 2016-08-28 00:41:06 -05:00
Denis Kenzior
200070c060 TODO: Add EAP retransmission support task 2016-08-28 00:41:06 -05:00
Denis Kenzior
00dac648aa wscutil: Add wsc_build_nack 2016-08-26 17:14:36 -05:00
Denis Kenzior
334ccfce0f wscutil: Add wsc_parse_nack 2016-08-26 17:14:36 -05:00
Denis Kenzior
fdeed24591 eap-wsc: Properly set vendor-id & vendor-type 2016-08-24 21:37:42 -05:00
Denis Kenzior
887119c82f wscutil: Expose WSC WFA OUI 2016-08-24 21:35:41 -05:00
Denis Kenzior
0a314004ce eap: expanded methods start packets at opcode
Expanded EAP methods should get their packets for handling starting at
the op-code field.  They're not really interested in
type/vendor-id/vendor-type fields.
2016-08-24 21:32:16 -05:00
Denis Kenzior
63b5c60743 util: Add util_string_to_address 2016-08-24 21:31:54 -05:00
Denis Kenzior
f05ed4683c unit: Fix up EAP packet identifiers
Reset these to start at a sane value
2016-08-24 21:30:25 -05:00
Denis Kenzior
89207a4c81 unit: Add testing of Authenticator
Just to make sure our private/public/shared and KDF utilities work
properly.
2016-08-23 15:44:45 -05:00
Denis Kenzior
c2b1351396 wscutil: Add WSC KDF function 2016-08-23 13:52:52 -05:00
Denis Kenzior
0a6ffdf029 netdev: Fix double-free
We should only call eapol_cancel if netdev_connect_free was not
triggered as a result of handshake failure.
2016-08-23 13:15:00 -05:00
Denis Kenzior
5d2c5b3b71 crypto: Add some missing whitespace 2016-08-22 15:54:24 -05:00
Denis Kenzior
28a57b2eca unit: Make valgrind happy 2016-08-19 16:16:16 -05:00
Denis Kenzior
76e1c73fd3 unit: Add M4 builder test 2016-08-19 15:25:05 -05:00