3
0
mirror of https://git.kernel.org/pub/scm/network/wireless/iwd.git synced 2024-12-24 06:52:37 +01:00
Commit Graph

369 Commits

Author SHA1 Message Date
Denis Kenzior
c36358cc7c handshake: Add pmksa setter & stealer
The majority of this patch was authored by Denis Kenzior, but
I have appended setting the PMK inside handshake_state_set_pmksa
as well as checking if the pmkid exists in
handshake_state_steal_pmkid.

Authored-by: Denis Kenzior <denkenz@gmail.com>
Authored-by: James Prestwood <prestwoj@gmail.com>
2024-11-25 08:46:51 -06:00
Denis Kenzior
980e132f48 unit: Add basic pmksa test 2024-11-25 08:37:28 -06:00
Denis Kenzior
900aa5810e pmksa: Add skeleton 2024-11-25 08:34:29 -06:00
Denis Kenzior
e565b75032 defs: Add defs.h to hold certain global definitions
This will help to get rid of magic number use throughout the project.
The definitions should be limited to global magic numbers that are used
throughout the project, for example SSID length, MAC address length,
etc.
2024-08-23 11:17:20 -05:00
James Prestwood
0d7ff8ebd9 client: add BasicServiceSet interface 2024-08-12 12:10:58 -05:00
James Prestwood
685d105739 unit: add simple test for nl80211util 2024-06-20 10:51:00 -05:00
Denis Kenzior
c1e2a6c44c build: Add notifylist.[ch] from ell 2024-05-31 15:45:11 -05:00
James Prestwood
3be01a83ab build: Create ell directory for ell/ell.h target
Both ell/shared and ell/internal targets first create the ell/
directory within IWD. This apparently was just luck that one of
these always finished first in parallel builds. On my system at
least when building using dpkg-buildpackage IWD fails to build
due to the ell/ directory missing. From the logs it appears that
both the shared/internal targets were started but didn't complete
(or at least create the directory) before the ell/ell.h target:

make[1]: Entering directory '/home/jprestwood/tmp/iwd'
/usr/bin/mkdir -p ell
/usr/bin/mkdir -p ell
echo -n > ell/ell.h
/usr/bin/mkdir -p src
/bin/bash: line 1: ell/ell.h: No such file or directory
make[1]: *** [Makefile:4028: ell/ell.h] Error 1

Creating the ell/ directory within the ell/ell.h target solve
the issue. For reference this is the configure command dpkg
is using:

./configure --build=x86_64-linux-gnu \
	--prefix=/usr \
	--includedir=/usr/include \
	--mandir=/usr/share/man \
	--infodir=/usr/share/info \
	--sysconfdir=/etc \
	--localstatedir=/var \
	--disable-option-checking \
	--disable-silent-rules \
	--libdir=/usr/lib/x86_64-linux-gnu \
	--runstatedir=/run \
	--disable-maintainer-mode \
	--disable-dependency-tracking \
	--enable-tools \
	--enable-dbus-policy
2024-05-14 10:24:09 -05:00
Marcel Holtmann
be3f6a2ca0 udev: Add module for checking interface renaming actions 2024-04-16 14:57:57 +02:00
Denis Kenzior
b10ef09186 nl80211util: Move nl80211_append_rsn_attributes 2023-11-27 11:27:26 +01:00
James Prestwood
3b6d279184 client: add client commands for shared code configuration
The StartConfigurator() call was left out since there would be no
functional difference to the user in iwctl. Its expected that
human users of the shared code API provide the code/id ahead of
time, i.e. use ConfigureEnrollee/StartEnrollee.
2023-11-11 10:27:27 -06:00
Denis Kenzior
613ad4bc32 build: Update to the new ell files 2023-07-17 22:51:50 -05:00
Denis Kenzior
92822bd53a build: Enable configuring with gcov
This allows generating code and test coverage reports using lcov &
genhtml.  Useful for understanding how much of the codebase is currently
covered by unit and autotests.
2023-06-19 15:34:36 -05:00
Marcel Holtmann
dd1000f245 build: Only compile unit test and tools when daemon is enabled 2023-04-25 16:09:45 +02:00
Marcel Holtmann
8f0420c533 build: Allow building with libedit instead readline 2023-04-21 06:33:02 +02:00
Marcel Holtmann
4ffcde8125 json: Set defines before including shared/jsmn.h 2022-11-02 11:25:35 +01:00
Andrew Zaborowski
b79c7d49cd netconfig: Add netconfig-commit API
Add netconfig-commit.c whose main method, netconfig_commit actually sets
the configuration obtained by l_netconfig to the system netdev,
specifically it sets local addresses on the interface, adds routes to the
routing table, sets DNS related data and may add entries to the neighbor
cache.  netconfig-commit.c uses a backend-ops type structure to allow
for switching backends.  In this commit there's only a default backend
that uses l_netconfig_rtnl_apply() and a struct resolve object to write
the configuration.

netconfig_gateway_to_arp is moved from netconfig.c to netconfig-commit.c
(and renamed.)  The struct netconfig definition is moved to netconfig.h
so that both files can access the settings stored in the struct.
2022-09-13 08:51:29 -05:00
Andrew Zaborowski
b0b1a46779 netconfig: Keep configuration directly in struct l_netconfig
Drop all the struct netconfig members where we were keeping the parsed
netconfig settings and add a struct l_netconfig object.  In
netconfig_load_settings load all of the settings once parsed directly
into the l_netconfig object.  Only preserve the mdns configuration and
save some boolean values needed to properly handle static configuration
and FILS.  Update functions to use the new set of struct netconfig
members.

These booleans mirroring the l_netconfig state could be replaced by
adding l_netconfig getters for settings which currently only have
setters.
2022-09-13 08:46:05 -05:00
James Prestwood
be02c3fa3d client: add station-debug command interface
This lets iwctl call methods on .StationDebug. The command
name is called 'debug'. This can only be used when IWD is
in developer mode
2022-08-11 15:47:08 -05:00
James Prestwood
aff5663c0b build: add ie.c/netdev.h to test-band build 2022-07-20 17:19:39 -05:00
Denis Kenzior
f12cf1ab9d build: Add rtnl-private.h from latest ell 2022-05-19 09:50:59 -05:00
James Prestwood
15b5385e71 tools: add decrypt-profile tool
This tool will decrypt an IWD network profile which was previously
encrypted using a systemd provided key. Either a text passphrase
can be provided (--pass) or a file containing the secret (--file).

This can be useful for debugging, or recovering an encrypted
profile after enabling SystemdEncrypt.
2022-02-16 16:10:55 -06:00
James Prestwood
01cd858760 storage: implement network profile encryption
Some users don't like the idea of storing network credentials in
plaintext on the file system.  This patch implements an option to
encrypt such profiles using a secret key.  The origin of the key can in
theory be anything, but would typically be provided by systemd via
'LoadEncryptedCredential' setting in the iwd unit file.

The encryption operates on the entire [Security] group as well as all
embedded groups. Once encrypted the [Security] group will be replaced
with two key/values:

EncryptedSalt - A random string of bytes used for the encryption
EncryptedSecurity - A string of bytes containing the encrypted
                    [Security] group, as well as all embedded groups.

After the profile has been encrypted these values should not be
modified.  Note that any values added to [Security] after encryption
has no effect.  Once the profile is encrypted there is no way to modify
[Security] without manually decrypting first, or just re-creating it
entirely which effectively treated a 'new' profile.

The encryption/decryption is done using AES-SIV with a salt value and
the network SSID as the IV.

Once a key is set any profiles opened will automatically be encrypted
and re-written to disk.  Modules using network_storage_open will be
provided the decrypted profile, and will be unaware it was ever
encrypted in the first place.  Similarly when network_storage_sync is
called the profile will by automatically encrypted and written to disk
without the caller needing to do anything special.

A few private storage.c helpers were added to serve several purposes:

storage_init/exit():
This sets/cleans up the encryption key direct from systemd then uses
extract and expand to create a new fixed length key to perform
encryption/decryption.

__storage_decrypt():
Low level API to decrypt an l_settings object using a previously set
key and the SSID/name for the network.  This returns a 'changed' out
parameter signifying that the settings need to be encrypted and
re-written to disk.  The purpose of exposing this is for a standalone
decryption tool which does not re-write any settings.

storage_decrypt():
Wrapper around __storage_decrypt() that handles re-writing a new
profile to disk. This was exposed in order to support hotspot profiles.

__storage_encrypt():
Encrypts an l_settings object and returns the full profile as data
2022-02-15 17:19:33 -06:00
James Prestwood
52fafd8f5b dpp-util: use ell/asn1-private.h for ASN1 generation
ASN1 parsing will soon be required which will need some utilities in
asn1-private.h. To avoid duplication include this private header and
replace the OID's with the defined structures as well as remove the
duplicated macros.
2022-01-20 13:59:37 -06:00
Denis Kenzior
04fccea63b doc: Add sample main.conf file
This file is meant as a sample and contains only the most typically
changed settings.  For other settings users should refer to the
iwd.config manual page.
2022-01-03 14:24:19 -06:00
Denis Kenzior
1dcab170b6 hwsim: Keep track of interface types 2021-12-27 23:25:24 -06:00
James Prestwood
ba040219ce client: add DPP client commands
Two commands were added:

dpp <iface> start-enrollee
dpp <iface> start-configurator
dpp <iface> stop

In addition there is support for using the qrencode utility for displaying
the QR code after DPP is started (enrollee or configurator. If qrencode is
found on the system the QR code will be displayed. Otherwise only the URI
will be printed to the console.
2021-12-20 18:13:44 -06:00
James Prestwood
992deb36d4 dpp-util: add dpp_parse_configuration_object
This parses the configuration JSON object from the configuration
response. Only a minimal configuration object is supported for
now.
2021-12-16 14:29:18 -06:00
James Prestwood
acfbc34909 dpp: initial skeleton DPP module 2021-12-16 13:53:29 -06:00
James Prestwood
e04c363d9f unit: add JSON unit test 2021-12-10 17:33:47 -06:00
James Prestwood
abfd749335 json: introduce JSON module
This is a minimal wrapper around jsmn.h to make things a bit easier
for iterating through a JSON object.

To use, first parse the JSON and create a contents object using
json_contents_new(). This object can then be used to initialize a
json_iter object using json_iter_init().

The json_iter object can then be parsed with json_iter_parse by
passing in JSON_MANDATORY/JSON_OPTIONAL arguments. Currently only
JSON_STRING and JSON_OBJECT types are supported. Any JSON_MANDATORY
values that are not found will result in an error.

If a JSON_OPTIONAL string is not found, the pointer will be NULL.
If a JSON_OPTIONAL object is not found, this iterator will be
initialized but 'start' will be -1. This can be checked with a
convenience macro json_object_not_found();
2021-12-10 17:33:47 -06:00
James Prestwood
43037a94cf unit: add unit test for DPP crypto operations 2021-12-06 16:36:15 -06:00
James Prestwood
cdf05183b9 dpp-util: Introduce dpp-util, and add crypto operations 2021-12-06 15:54:37 -06:00
James Prestwood
bc36aca98e offchannel: introduce new offchannel module
This module provides a convenient wrapper around both
CMD_[CANCEL_]_REMAIN_ON_CHANNEL APIs.

Certain protocols require going offchannel to send frames, and/or
wait for a response. The frame-xchg module somewhat does this but
has some limitations. For example you cannot just go offchannel;
an initial frame must be sent out to start the procedure. In addition
frame-xchg does not work for broadcasts since it expects an ACK.

This module is much simpler and only handles going offchannel for
a duration. During this time frames may be sent or received. After
the duration the caller will get a callback and any included error
if there was one. Any offchannel request can be cancelled prior to
the duration expriring if the offchannel work has finished early.
2021-12-06 14:10:39 -06:00
James Prestwood
cd15a1698b build: update unit tests with util.c/band.c dependency 2021-11-30 12:29:49 -06:00
James Prestwood
6ea58f9fde sysfs: introduce sysfs module
Netconfig was the only user of sysfs but now other modules will
also need it.

Adding existing API for IPv6 settings, a IPv4 and IPv6 'supports'
checker, and a setter for IPv4 settings.
2021-11-03 17:44:00 -05:00
Denis Kenzior
48b0a95528 client: Print daemon information at startup 2021-10-25 17:24:51 -05:00
Denis Kenzior
5d9e0401fc build: Add cleanup.h 2021-10-14 16:54:58 -05:00
Denis Kenzior
923f7b6a11 build: Add band.h for tests requiring handshake.[ch] 2021-09-21 15:39:31 -05:00
Denis Kenzior
a3b9967c13 build: Fixup due to handshake dependency on erp
and iwmon doesn't need handshake.[ch]
2021-08-03 16:35:30 -05:00
Denis Kenzior
64211c292d unit: Fix SAE unit test failure
The SAE unit test was written when group 19 was preferred by default for
all SAE connections.  However, we have now started to prefer higher
security groups.  Trick the test into using group 19 by wrapping
l_ecc_supported_ike_groups implementation to return just curve 19 as a
supported curve.
2021-07-27 14:01:12 -05:00
Denis Kenzior
2686baae69 unit: Add unit test for VHT RX data rate estimation 2021-06-04 10:14:04 -05:00
Denis Kenzior
e41bee377d band: Add band.[ch]
Move the band definition out of wiphy.c and into band.[ch].  This is
done to make certain utilities that depend on band information capable
of being tested from unit tests.

The band concept will most likely grow over time.  For now, the only
user will be wiphy.c and unit tests, so the structures are kept public.
2021-06-04 10:14:04 -05:00
Andrew Zaborowski
6e5b26ba64 ip-pool: Track IPv4 addresses in use
Add the ip-pool submodule that tracks IPv4 addresses in use on the
system for use when selecting the address for a new AP.  l_rtnl_address
is used internally because if we're going to return l_rtnl_address
objects it would be misleading if we didn't fill in all of their
properties like flags etc.
2021-06-01 10:03:00 -05:00
Marcel Holtmann
d87b580c20 build: Create directory for ell/useful.h 2021-04-29 10:16:32 +02:00
Marcel Holtmann
ed05585063 build: Always link in the ell/useful.h header file 2021-03-11 21:52:12 +01:00
Denis Kenzior
e84f257bff build: Add ell's useful.h header 2021-03-10 14:09:25 -06:00
Denis Kenzior
17a4cd4be0 build: Add ell's main-private.h header 2021-03-10 13:41:06 -06:00
Marcel Holtmann
a2f1389efa build: Remove mentions of --enable-sim-hardcoded 2021-02-15 19:20:58 +01:00
James Prestwood
11d1d860f0 client: implement diagnostic module
For now this module serves as a helper for printing diagnostic
dictionary values. The new API (diagnostic_display) takes a
Dbus iterator which has been entered into a dictionary and
prints out each key and value. A mapping struct was defined
which maps keys to types and units. For simple cases the mapping
will consist of a dbus type character and a units string,
e.g. dBm, Kbit/s etc. For more complex printing which requires
processing the value the 'units' void* cant be set to a
function which can be custom written to handle the value.
2021-01-22 15:01:05 -06:00