3
0
mirror of https://git.kernel.org/pub/scm/network/wireless/iwd.git synced 2024-12-01 23:59:51 +01:00
Commit Graph

6079 Commits

Author SHA1 Message Date
Denis Kenzior
da0fa4e012 station: Set network's vendor IEs into handshake
This guarantees that the vendor IEs will be used on ReAssociate and
Fast-Transition paths, as well as on all non-CMD_CONNECT based
connections.
2021-08-06 14:23:45 -05:00
Denis Kenzior
7e9971661b netdev: Append any vendor IEs from the handshake 2021-08-06 14:07:06 -05:00
Denis Kenzior
f24cfa481b handshake: Add setter for vendor IEs
Some connections, like Hotspot require additional IEs to be used during
the Association.  These are now passed as 'extra_ies' when invoking
netdev_connect, however they are also needed during ReAssociation and FT
to such APs.

Additionally, it may be that Hotspot-enabled APs will start utilizing
FILS or SAE.  In these cases the extra_ies need to be accounted for
somehow, either by making a copy in handshake_state, netdev, or the
auth_proto itself.  Similarly, P2P which heavily uses vendor IEs can be
used over SAE in the future.

Since a copy of these IEs is needed, might as well store them in
handshake_state itself for easy book-keeping by network/station.
2021-08-06 14:04:25 -05:00
Denis Kenzior
8f9e6b3f76 netdev: Send addititional IEs for FT/SAE/OWE/FILS
RM Enabled Capabilities and Extended Capabilities IEs were correctly
being sent when using CMD_CONNECT for initial connections and
re-associations.  However, for SoftMac SAE, FT, FILS and OWE connections,
these additional IEs were not added properly during the Associate step.
2021-08-05 21:01:37 -05:00
Denis Kenzior
289b8826bf netdev: Always send RM Enabled Capabilities
If the driver supports RRM, then we might as well always send the RM
Enabled Capabilities IE (and use the USE_RRM flag).  802.11-2020
suggests that this IE can be sent whenever
dot11RadioMeasurementActivated is true, and this setting is independent
of whether the peer supports RRM.  There's nothing to indicate that an
STA should not send these IEs if the AP is not RRM enabled.
2021-08-05 15:49:46 -05:00
Alvin Šipraga
aa7845ca98 netdev: update frequency on channel switch events
While we correctly emit a NETDEV_EVENT_CHANNEL_SWITCHED event from
netdev for other modules to respond to, we fail to actually update the
frequency of the netdev object in question. Since the netdev frequency
is used elsewhere (e.g. to send action frames), it needs updating too.

Fixes: 5eb0b7ca8e ("netdev: add a channel switch event")
2021-08-05 10:35:50 -05:00
Denis Kenzior
317e345a6a netdev: Remove prev_bssid member
This variable ended up being used only on the fast-transition path.  On
the re-associate path it was never used, but memcpy-ied nevertheless.
Since its only use is by auth_proto based protocols, move it to the
auth_proto object directly.

Due to how prepare_ft works (we need prev_bssid from the handshake, but
the handshake is reset), have netdev_ft_* methods take an 'orig_bss'
parameter, similar to netdev_reassociate.
2021-08-04 23:08:34 -05:00
Denis Kenzior
60e2a9994f netdev: Remove unused variable
This was set, but never used in any way
2021-08-04 15:55:30 -05:00
Denis Kenzior
17d653904f netdev: netdev_connect_common doesn't fail 2021-08-04 15:55:30 -05:00
Denis Kenzior
b55732066d unit: Add simple ie sorting test 2021-08-04 10:46:27 -05:00
Denis Kenzior
3f69ddb615 mpdu: Add ie sorting utility
IE elements in various management frames are ordered.  This ordering is
outlined in 802.11, Section 9.3.3.  The ordering is actually different
depending on the frame type.  Instead of trying to implement the order
manually, add a utility function that will sort the IEs in the order
expected by the particular management frame type.

Since we already have IE ordering look up tables in the various
management frame type validation functions, move them to global level
and re-use these lookup tables for the sorting utility.
2021-08-04 10:41:19 -05:00
Denis Kenzior
9a8129abd6 mpdu: Update IE ordering for 802.11-2020 2021-08-04 09:03:07 -05:00
Denis Kenzior
a3b9967c13 build: Fixup due to handshake dependency on erp
and iwmon doesn't need handshake.[ch]
2021-08-03 16:35:30 -05:00
James Prestwood
d58ae33e5c erp: take cache ref in erp_new
Since the erp_state is holding a pointer to the ERP cache, as
well as calling erp_cache_put on free, it should take a reference
for symmetry.
2021-08-03 16:29:47 -05:00
James Prestwood
95574e4538 handshake: unref erp_cache when handshake is freed
This makes the erp_cache ownership more consisten rather than
relying on the ERP state to free the cache.
2021-08-03 16:29:30 -05:00
James Prestwood
630c2c2a08 station: network: rework ERP/FILS code path
This refactors some code to eliminate getting the ERP entry twice
by simply returning it from network_has_erp_identity (now renamed
to network_get_erp_cache). In addition this code was moved into
station_build_handshake_rsn and properly cleaned up in case there
was an error or if a FILS AKM was not chosen.
2021-08-03 16:29:08 -05:00
Marcel Holtmann
236bb27cdd Release 1.16 2021-08-01 22:18:17 +02:00
Marcel Holtmann
1959d23b18 build: Require at least version 0.42 when building with external ELL 2021-08-01 22:01:24 +02:00
James Prestwood
f1d6e6094e auto-t: update deprecated option
testBSSBlacklist was using the old addressr randomization option
2021-07-30 15:45:57 -05:00
James Prestwood
d4e8ba072a p2p: fix out of scope read
The authorized macs pointer was being set to either the wsc_beacon
or wsc_probe_response structures, which were initialized out of
scope to where 'amacs' was being used. This resulted in an out of
scope read, caught by address sanitizers.
2021-07-30 10:40:30 -05:00
James Prestwood
4bcfa21ca4 eap-aka: round to nearest word on message buffers
One of these message buffers was overflowing due to padding not
being taken into account (caught by sanitizers). Wrapped the length
of all message buffers with EAP_SIM_ROUND as to account for any
padding that attributes may add.
2021-07-30 10:38:26 -05:00
James Prestwood
e2e625fa18 test-runner: refactor process output code
The Process class requires the ability to write out any processes
output to stdout, logging, or an explicit file, as well as store
it inside python for processing by test utilities. To accomplish
this each process was given a temporary file to write to, and that
file had an IO watch set on it. Any data that was written was then
read, and re-written out to where it needed to go. This ended up
being very buggy and quite complex due to needing to mess with
read/write pointers inside the file.

Popen already creates pipes to stdout if told, and they are accessable
via the p.stdout. Its then as simple as setting an IO watch on that
pipe and keeping the same code for reading out new data and writing
it to any files we want. This greatly reduces the complexity.
2021-07-29 17:51:25 -05:00
James Prestwood
04d00c5c20 auto-t: add regular 8021x AKM to FT-FILS tests
After some code changes the FT-FILS AKM was no longer selectable
inside network_can_connect_bss. This normally shouldn't matter
since station ends up selecting the AKM explicitly, including
passing the fils_hint, but since the autotests only included
FT-FILS AKMs this caused the transition to fail with no available
BSS's.

To fix this the standard 8021x AKM was added to the hostapd
configs. This allows these BSS's to be selected when attempting
to roam, but since FT-FILS is the only other AKM it will be used
for the actual transition.
2021-07-29 17:51:25 -05:00
James Prestwood
1d9f2d69e0 auto-t: remove unneeded hidden networks
testScan was creating 10 separate hidden networks which
sometimes bogged down hostapd to the point that it would
not start up in time before test-runner's timeouts fired.
This appeared to be due to hostapd needing to create 10
separate interfaces which would sometimes fail with -ENFILE.

The test itself only needed two separate networks, so instead
the additional 8 can be completely removed.
2021-07-29 17:51:25 -05:00
James Prestwood
52189d99f6 test-runner: don't reset dbus object on reset()
Doing this is redundant since the dbus object is initialized
anyways when a new test starts.
2021-07-29 17:51:25 -05:00
James Prestwood
b5c3fc1222 test-runner: increase RAM to 384MB
Occationally python will fatally terminate trying to load a test
using importlib with an out of memory exception. Increasing RAM
allows reliable exection of all tests.
2021-07-29 17:51:25 -05:00
James Prestwood
75b20ff1d0 test-runner: set msize for --monitor
This was added for logging but --monitor suffers the same warning
without setting msize as well.
2021-07-29 17:51:25 -05:00
James Prestwood
ba5bc1f5b3 test-runner: remove TLS debugging artifact
When logging is enabled TLS debugging is turned on which creates
a PEM file during runtime. There is no way for IWD itself to clean
this up since its meant to be there for debugging.
2021-07-29 17:51:25 -05:00
James Prestwood
36bc4e15c3 auto-t: hostapd: catch local socket remove exception
This happens if hostapd is killed ungracefully which is done in
some tests.
2021-07-29 17:51:25 -05:00
James Prestwood
1b4c6e9be8 knownnetworks: copy network_config on update
The network_config was not being copied to network_info when
updated. This caused any new settings to be lost if the network
configuration file was updated during runtime.
2021-07-29 17:51:25 -05:00
James Prestwood
befa448017 netdev: fix RoamThreshold5G
The RoamThreshold5G was never honored because it was being
set prior to any connections. This caused the logic inside
netdev_cqm_rssi_update to always choose the 2GHz threshold
(RoamThreshold) due to netdev->frequency being zero at this time.

Instead call netdev_cqm_rssi_update in all connect/transition
calls after netdev->frequency is updated. This will allow both
the 2G and 5G thresholds to be used depending on what frequency
the new BSS is.

The call to netdev_cqm_rssi_update in netdev_setup_interface
was also removed since it serves no purpose, at least now
that there are two thresholds to consider.
2021-07-28 10:04:41 -05:00
Denis Kenzior
30d32e4a58 treewide: Remove non-ascii characters 2021-07-28 10:03:27 -05:00
Denis Kenzior
78b9328db6 scan: Quiet down warning
Under certain conditions, access points with very low signal could be
detected.  This signal is too low to estimate a data rate and causes
this L_WARN to fire.  Fix this by returning a -ENETUNREACH error code in
case the signal is too low for any of the supported rates.
2021-07-28 09:53:21 -05:00
James Prestwood
f902c7019d auto-t: fix blacklist test ranking
The scan ranking logic was previously changed to be based off a
theoretical calculated data rate rather than signal strength.
For HT/VHT networks there are many data points that can be used
for this calculation, but non HT/VHT networks are estimated based
on a simple table mapping signal strengths to data rates.

This table starts at a signal strength of -65 dBm and decreases from
there, meaning any signal strengths greater than -65 dBm will end up
getting the same ranking. This poses a problem for 3/4 blacklisting
tests as they set signal strengths ranging from -20 to -40 dBm.
IWD will then autoconnect to whatever network popped up first, which
may not be the expected network.

To fix this the signal strengths were changed to much lower values
which ensures IWD picks the expected network.
2021-07-28 09:32:42 -05:00
James Prestwood
8d40c37469 test-runner: set msize to remove runtime warning
Newer QEMU version warn that msize is set too low and may result
in poor IO performance. The default is 8KiB which QEMU claims is
too low. Explicitly setting to 10KiB removes the warning:

qemu-system-x86_64: warning: 9p: degraded performance: a
reasonable high msize should be chosen on client/guest side
(chosen msize is <= 8192).
See https://wiki.qemu.org/Documentation/9psetup#msize for details.
2021-07-28 09:32:42 -05:00
Denis Kenzior
74fa720e60 iwd.network: Document Transition Disable settings 2021-07-27 17:43:38 -05:00
Denis Kenzior
2e777a0d31 network: Enforce Transition Disable settings
Transition Disable indications and information stored in the network
profile needs to be enforced.  Since Transition Disable information is
now stored inside the network object, add a new method
'network_can_connect_bss' that will take this information into account.
wiphy_can_connect method is thus deprecated and removed.

Transition Disable can also result in certain AKMs and pairwise ciphers
being disabled, so wiphy_select_akm method's signature is changed and
takes the (possibly overriden) ie_rsn_info as input.
2021-07-27 17:43:38 -05:00
Denis Kenzior
ca8f3edc33 wiphy: Add wiphy_can_transition_disable 2021-07-27 17:43:38 -05:00
Denis Kenzior
0c8406780f knownnetworks: Parse Transition Disable settings 2021-07-27 17:43:35 -05:00
Denis Kenzior
51b437bbfe eapol: Add support for Transition Disable
If this indication is received in message 3/4, forward the contents as
a HANDSHAKE_EVENT_TRANSITION_DISABLE
2021-07-27 16:56:01 -05:00
Denis Kenzior
47ba837e98 network: Store Transition Disable info
This indication can come in via EAPoL message 3 or during
FILS Association.  It carries information as to whether certain
transition mode options should be disabled.  See WPA3 Specification,
version 3 for more details.
2021-07-27 16:55:58 -05:00
Denis Kenzior
8cfe038d67 network: Move parsing of additional options
Move parsing of AddressOverride and AlwaysRandomizeAddress settings to
knownnetwork.c to be in the same place as other global network settings.
2021-07-27 14:02:43 -05:00
Denis Kenzior
bedf2b0596 knownnetworks: Commonize parser for common settings
Some network settings keys are set / parsed in multiple files.  Add a
utility to parse all common network configuration settings in one place.

Also add some defines to make sure settings are always saved in the
expected group/key.
2021-07-27 14:02:43 -05:00
Denis Kenzior
46c19b6c6a eapol: Use handshake_util_find_kde
This returns the length of the actual contents, making the code a bit
easier to read and avoid the need to mask the KDE value which isn't
self-explanatory.
2021-07-27 14:02:43 -05:00
Denis Kenzior
f7b59750d0 handshake: Add handshake_util_find_kde 2021-07-27 14:02:43 -05:00
Denis Kenzior
8606f6e96a network: remove unused method 2021-07-27 14:01:21 -05:00
Denis Kenzior
87dde21ec5 erp: Fix missing comma
Fixes: fbe8b7a3c0 ("crypto: Add prf_plus function")
2021-07-27 14:01:19 -05:00
Denis Kenzior
64211c292d unit: Fix SAE unit test failure
The SAE unit test was written when group 19 was preferred by default for
all SAE connections.  However, we have now started to prefer higher
security groups.  Trick the test into using group 19 by wrapping
l_ecc_supported_ike_groups implementation to return just curve 19 as a
supported curve.
2021-07-27 14:01:12 -05:00
Denis Kenzior
eab0bf6e8a monitor: Fix invalid read
ERROR: AddressSanitizer: global-buffer-overflow on address 0x000000512c08 at pc 0x00000041848d bp 0x7ffcdde71870 sp 0x7ffcdde71860
READ of size 8 at 0x000000512c08 thread T0
    #0 0x41848c in print_attributes monitor/nlmon.c:6268
    #1 0x42ac53 in print_message monitor/nlmon.c:6544
    #2 0x438968 in nlmon_message monitor/nlmon.c:6698
    #3 0x43d5e4 in nlmon_receive monitor/nlmon.c:7658
    #4 0x4b3cd0 in io_callback ell/io.c:120
    #5 0x4b085a in l_main_iterate ell/main.c:478
    #6 0x4b0ee3 in l_main_run ell/main.c:525
    #7 0x4b0ee3 in l_main_run ell/main.c:507
    #8 0x4b13ac in l_main_run_with_signal ell/main.c:647
    #9 0x4072fe in main monitor/main.c:811
2021-07-14 19:10:34 -05:00
Denis Kenzior
6d76b3e21d auto-t: SAE: Rework SAE tests
Break up the SAE tests into two parts: testSAE and testSAE-AntiClogging

testSAE is simplified to only use two radios and a single phy managed
by hostapd.  hostapd configurations are changed via the new 'set_value'
method added to hostapd utils.  This allows forcing hostapd to use a
particular sae group set, or force hostapd to use SAE H2E/Hunting and
Pecking Loop for key derivation.  A separate test for IKE Group 20 is no
longer required and is folded into connection_test.py

testSAE-AntiClogging is added with an environment for 5 radios instead
of 7, again with hostapd running on a single phy.  'sae_pwe' is used to
force hostapd to use SAE H2E or Hunting and Pecking for key derivation.
Both Anti-Clogging protocol variants are thus tested.

main.conf is added to both directories to force scan randomization off.
This seems to be required for hostapd to work properly on hwsim.
2021-07-14 19:02:06 -05:00