3
0
mirror of https://git.kernel.org/pub/scm/network/wireless/iwd.git synced 2024-11-25 17:59:25 +01:00
Commit Graph

2104 Commits

Author SHA1 Message Date
Andrew Zaborowski
c8854d9a4c hwsim: Use new mpdu.h structs 2017-08-31 15:13:09 -05:00
Andrew Zaborowski
76dd86d816 monitor: Use new mpdu.h structs
This may also fix displaying authentication and deauthentication frames.
2017-08-31 15:12:49 -05:00
Andrew Zaborowski
303683c89f mpdu: Refactor mpdu structs
Refactor management frame structures to take into account optional
presence of some parts of the header:
 * drop the single structure for management header and body since
   the body offset is variable.
 * add mmpdu_get_body to locate the start of frame body.
 * drop the union of different management frame type bodies.
 * prefix names specific to management frames with "mmpdu" instead
   of "mpdu" including any enums based on 802.11-2012 section 8.4.
 * move the FC field to the mmpdu_header structure.
2017-08-31 15:11:30 -05:00
Andrew Zaborowski
66325e8c9b eapol: Implement eapol_encrypt_key_data
Add a function to do the inverse of eapol_decrypt_key_data to be used in
eapol server.  Only AES-based versions supported.
2017-08-31 13:21:05 -05:00
Denis Kenzior
da029bead8 unit: Use overlapped in/out buffers
Since aes_wrap & aes_unwrap advertise support for overlapped in/out
buffers, make sure that the unit test actually tests this as well.
valgrind will complain if the memory is overlapped and memcpy is used
instead of memmove.
2017-08-31 13:16:28 -05:00
Denis Kenzior
9da2d64980 unit: Add check that AES is present 2017-08-31 13:15:15 -05:00
Andrew Zaborowski
ef652642b5 unit: Test aes_wrap and aed_unwrap in test-crypto 2017-08-31 13:10:47 -05:00
Denis Kenzior
6d6fa57550 crypto: Make aes_unwrap look similar to aes_wrap
Running basic performance testing on x86 shows new and old code within a
few percent of each other.  The main penalty is the AES AF_ALG
invocation.
2017-08-31 13:00:46 -05:00
Andrew Zaborowski
4f865ba9f8 crypto: Implement aes_wrap
Add the inverse of aes_unwrap for eapol server usage.
2017-08-31 12:53:53 -05:00
Andrew Zaborowski
f66ae1e481 crypto: remove unneeded assignments in aes_unwrap
A is present in the specification but in practice B always contains A so
drop A.
2017-08-30 22:47:08 -05:00
Andrew Zaborowski
f659265000 netdev: Clarify the PTK->TK to MIC key mapping
Cite 802.11 in the comments and use nl80211.h constants to map the tx
and rx keys correctly.
2017-08-30 22:45:28 -05:00
Andrew Zaborowski
092ede1147 eapol: Stricter length check in eapol_decrypt_key_data
The plaintext key_data + padding must be at least 16 bytes so the
AES-encrypted key_data must be at least 24 bytes.
2017-08-30 22:42:20 -05:00
James Prestwood
a0cde90814 autotest: Added autotest for EAP-AKA' 2017-08-30 21:01:45 -05:00
James Prestwood
1c34452a7b eap-aka: RAND and AUTN were not being checked
When processing the challenge, the AT_RAND and AT_AUTN attributes
were never being checked if they were present.
2017-08-30 21:01:35 -05:00
James Prestwood
5d98c7adcf aka-prime: EAP-AKA' implementation
This EAP method uses nearly all the logic from EAP-AKA. The major
difference is it uses the new key derivation functions for AKA' as
well as the SHA256 MAC calculation.
2017-08-30 21:01:22 -05:00
James Prestwood
83995b5099 unit: update SIM unit tests to derive MAC changes 2017-08-30 17:31:43 -05:00
James Prestwood
e29d0dd69c simutil: updated EAP-SIM/AKA MAC API's to take type
EAP-AKA' uses SHA256 rather than SHA1 to generate the packet MAC's.
This updates the derive MAC API to take the EAP method type and
correctly use the right SHA variant to derive the MAC.
2017-08-30 17:31:39 -05:00
Denis Kenzior
44463389f1 wscutil: Fix invalid type conversion
We should be assigning to an enum type instead of a uint8.  This showed
up on PowerPC where the endianness affected the result.
2017-08-30 16:58:14 -05:00
James Prestwood
af0e432e0f eap: added EAP-AKA' method type 2017-08-30 16:43:38 -05:00
James Prestwood
8b575103b6 unit: Added unit tests for EAP-AKA' API's
This adds unit tests for the new key derivation functions
in simutil.c. The test data was obtained from RFC 5448
(case 1 and 2).
2017-08-30 16:39:10 -05:00
James Prestwood
c6bb0eb32d simutil: Added new key/prf functions for EAP-AKA'
This is the core key generation code for the AKA' method which
follows RFC 5448. Two new functions are implemented, one for
deriving CK'/IK' and the other for deriving the encryption keys
using CK'/IK'.
2017-08-30 16:39:10 -05:00
Marcel Holtmann
5cbd0aa1d9 build: Make sure iwd-dbus.conf gets included in the distribution 2017-08-30 23:37:19 +02:00
Marcel Holtmann
aa668df7c9 build: Remove readline/readline.h and readline/history.h from SOURCES 2017-08-30 23:29:18 +02:00
Marcel Holtmann
c0a77f32c1 test-runner: Add support for Qemu on PowerPC 32-bit and 64-bit 2017-08-30 14:25:03 -07:00
Marcel Holtmann
f41fa52f99 client: Set saveptr argument of strtok_r to NULL for initial invocation 2017-08-30 23:17:53 +02:00
Marcel Holtmann
d8d7a31f74 build: Use PKG_PROG_PKG_CONFIG to ensure $PKG_CONFIG is set 2017-08-30 23:09:42 +02:00
Marcel Holtmann
1db66dbe51 monitor: Use extra unsigned variable to make NLMSG_OK macro happy 2017-08-30 22:56:23 +02:00
Marcel Holtmann
e578b7071d build: Add missing unit/test-eap-sim to .gitignore 2017-08-30 20:50:51 +02:00
Andrew Zaborowski
eda160de12 eapol: Set a timeout for preauthentication
Wait 1 second for the first EAP frame to be received, after that wait up
to 3 seconds for all of EAP to complete.
2017-08-25 11:26:26 -05:00
Tim Kourt
9bb19526d9 client: Exclude unnecessary checks
Arrays are guaranteed to be initialized during
the compilation time.
2017-08-23 16:26:05 -05:00
Tim Kourt
4d626d6576 monitor: Fix casting error
Fix for the cros-compilation with Chromium OS’s toolchain
that uses GCC 4.9
2017-08-23 16:26:05 -05:00
Andrew Zaborowski
d3cf79ed12 autotests: Restore AP beacons after timeout in testFT-PSK-roam
In the beacon loss test try to simulate a periodic communication problem
because we don't support roaming if the AP goes away completely.
2 seconds seems to be enough to consistently trigger the beacon_loss
event without triggering a disconnect by the linux kernel or hiding the AP
from the roam scan.  Also set the RSSI for that AP lower so that it is
not reselected by iwd.
2017-08-23 13:26:58 -05:00
Andrew Zaborowski
b66d55c52c doc: Add hwsim.Rule.Drop property 2017-08-23 13:26:58 -05:00
Andrew Zaborowski
bf86081eba hwsim: Add Rule.Drop property
Add a way to have matching packets dropped by the hwsim medium.
2017-08-23 13:26:58 -05:00
Andrew Zaborowski
07b04e180f agent: Add a destroy function parameter for agent requests 2017-08-22 23:28:36 -05:00
Andrew Zaborowski
452e174802 netdev: RSSI polling support for less capable drivers
If the kernel device driver or the kernel nl80211 version doesn't
support the new RSSI threshold list CQM monitoring, implement similar
logic in iwd with periodic polling.  This is only active when an RSSI
agent is registered to receive the events.  I tested this with the same
testRSSIAgent autotests that tests the driver-side rssi monitoring
except with all timeouts multiplied by ~20.
2017-08-22 22:51:34 -05:00
James Prestwood
417367e272 eap-sim: Fix EAP-SIM version list length checks
The AT_VERSION_LIST attribute length was not being properly
checked. The actual length check did not include possible padding
bytes, so align_len() was added to ensure it was padded properly.
The comment about the padding being included in the Master Key
generation was not correct (padding is NOT included), and was removed.
2017-08-22 12:40:22 -05:00
Andrew Zaborowski
23af935e7b eapol: Add eapol_sm_set_require_handshake
Function to allow netdev.c to explicitly tell eapol.c whether to expect
EAP / 4-Way handshake.  This is to potentially make the code more
descriptive, until now we'd look at sm->handshake->ptk_complete to see
if a new PTK was needed.

A 4-Way handshake is required on  association to an AP except after FT.
2017-08-21 18:35:00 -05:00
James Prestwood
14dcda4d59 autotest: EAP-AKA autotest
Implemented milenage algorithm in hlrauc.py. Unlike EAP-SIM, the
authentication center must compute several values to give back
to the server (hostapd). This was already done by IWD as the peer
in EAP-AKA, but was also needed on the server side (HLR AuC).
2017-08-21 18:22:28 -05:00
James Prestwood
6aaa917dde aka: EAP-AKA protocol implementation 2017-08-21 18:20:10 -05:00
James Prestwood
7c61d0365e autotest: EAP-SIM autotest
Included an HLR AuC python implementation that is required by
hostapd. This is what hostapd uses to retrieve SIM card values
over a UNIX socket.
2017-08-21 18:04:52 -05:00
James Prestwood
b2fe7fe230 unit: EAP-SIM unit tests
Several unit tests for EAP-SIM functionality:
 - Get/Add attributes
 - MAC calculation
 - PRNG test
2017-08-21 18:03:13 -05:00
James Prestwood
283717b22f sim: EAP-SIM protocol implementation 2017-08-21 17:43:55 -05:00
Andrew Zaborowski
e6765c1e9b monitor: Actually print management frame subtype
The subtype was only printed if mpdu_validate had returned an error for
the frame, i.e. would not be printed for well formed frames.  This was
probably an intent to avoid printing the frame subtype after all the
conents of the body frame had been printed already, but iwmon only
supports printing of Authentication and Deauthentication frames so far.
2017-08-15 15:18:40 -05:00
Andrew Zaborowski
a9cbb95260 netdev: Add interface type setter and getter
Modify netdev_get_iftype, which was until now unused, and add
netdev_set_iftype.  Don't skip interfaces with types other than STATION
on startup, instead reset the type to STATION in device.c.

netdev_get_iftype is modified to use our own interface type enum to
avoid forcing users to include "nl80211.h".

Note that setting an interface UP and DOWN wouldn't generally reset the
iftype to STATION.  Another process may still change the type while iwd
is running and iwd would not detect this as it would detect another
interface setting interface DOWN, not sure how far we want to go in
monitoring all of the properties this way.
2017-08-15 15:01:33 -05:00
Andrew Zaborowski
b344d27c56 ie: Fix Supported Rates length check
Supported Rates IEs can be 1-8 bytes, not only 8 byte long, according to
802.11-2012 8.4.2.3.
2017-08-15 13:57:27 -05:00
Andrew Zaborowski
38b5f3fee4 autotests: Add test for roam triggered by beacon loss
The two tests in test.py are similar except for the way that the roaming
is triggered.
2017-08-15 12:43:14 -05:00
Andrew Zaborowski
0cd18a0214 device: Set current BSS rank to 0 if not in scan results
If we're adding the BSS to the list only because it is the current BSS,
set the rank to 0 (lowest possible value) in case the list gets used in
the next Connect call.
2017-08-15 12:41:46 -05:00
Andrew Zaborowski
6e03933e62 netdev: Allow reassociation if not currently connected
Allow attempts to connect to a new AP using the Reassociation frame even
if netdev->operational is false.  This is needed if we want to continue
an ongoing roam attempt after the original connection broke and will be
needed when we start using cached PMKSAs in the future.
2017-08-15 12:39:35 -05:00
Andrew Zaborowski
a4edbbd429 device: Trigger roaming on beacon loss
Use beacon loss event to trigger a roam attempt in addition to the RSSI
monitoring.  Due to the how well beacons are normally received compared
to data packets, a beacon loss indicates a serious problem with the
connection so act as soon as a first beacon loss event is seen.

Avoid roaming methods that involve the current AP: preauthentication,
neighbor report request and FT-over-the-DS (not supported)
2017-08-15 11:53:15 -05:00