3
0
mirror of https://git.kernel.org/pub/scm/network/wireless/iwd.git synced 2024-11-29 22:19:23 +01:00
Commit Graph

5736 Commits

Author SHA1 Message Date
Denis Kenzior
46c19b6c6a eapol: Use handshake_util_find_kde
This returns the length of the actual contents, making the code a bit
easier to read and avoid the need to mask the KDE value which isn't
self-explanatory.
2021-07-27 14:02:43 -05:00
Denis Kenzior
f7b59750d0 handshake: Add handshake_util_find_kde 2021-07-27 14:02:43 -05:00
Denis Kenzior
8606f6e96a network: remove unused method 2021-07-27 14:01:21 -05:00
Denis Kenzior
87dde21ec5 erp: Fix missing comma
Fixes: fbe8b7a3c0 ("crypto: Add prf_plus function")
2021-07-27 14:01:19 -05:00
Denis Kenzior
64211c292d unit: Fix SAE unit test failure
The SAE unit test was written when group 19 was preferred by default for
all SAE connections.  However, we have now started to prefer higher
security groups.  Trick the test into using group 19 by wrapping
l_ecc_supported_ike_groups implementation to return just curve 19 as a
supported curve.
2021-07-27 14:01:12 -05:00
Denis Kenzior
eab0bf6e8a monitor: Fix invalid read
ERROR: AddressSanitizer: global-buffer-overflow on address 0x000000512c08 at pc 0x00000041848d bp 0x7ffcdde71870 sp 0x7ffcdde71860
READ of size 8 at 0x000000512c08 thread T0
    #0 0x41848c in print_attributes monitor/nlmon.c:6268
    #1 0x42ac53 in print_message monitor/nlmon.c:6544
    #2 0x438968 in nlmon_message monitor/nlmon.c:6698
    #3 0x43d5e4 in nlmon_receive monitor/nlmon.c:7658
    #4 0x4b3cd0 in io_callback ell/io.c:120
    #5 0x4b085a in l_main_iterate ell/main.c:478
    #6 0x4b0ee3 in l_main_run ell/main.c:525
    #7 0x4b0ee3 in l_main_run ell/main.c:507
    #8 0x4b13ac in l_main_run_with_signal ell/main.c:647
    #9 0x4072fe in main monitor/main.c:811
2021-07-14 19:10:34 -05:00
Denis Kenzior
6d76b3e21d auto-t: SAE: Rework SAE tests
Break up the SAE tests into two parts: testSAE and testSAE-AntiClogging

testSAE is simplified to only use two radios and a single phy managed
by hostapd.  hostapd configurations are changed via the new 'set_value'
method added to hostapd utils.  This allows forcing hostapd to use a
particular sae group set, or force hostapd to use SAE H2E/Hunting and
Pecking Loop for key derivation.  A separate test for IKE Group 20 is no
longer required and is folded into connection_test.py

testSAE-AntiClogging is added with an environment for 5 radios instead
of 7, again with hostapd running on a single phy.  'sae_pwe' is used to
force hostapd to use SAE H2E or Hunting and Pecking for key derivation.
Both Anti-Clogging protocol variants are thus tested.

main.conf is added to both directories to force scan randomization off.
This seems to be required for hostapd to work properly on hwsim.
2021-07-14 19:02:06 -05:00
Denis Kenzior
38e3e72684 netdev: Send RSNXE element during SAE association 2021-07-14 09:58:42 -05:00
Denis Kenzior
c957d25dad sae: Add sae_is_h2e
Allows clients to know whether H2E was used by the SAE state machine
2021-07-14 09:58:42 -05:00
Denis Kenzior
f67e5ea6d8 netdev: Centralize mmpdu validation
Instead of requiring each auth_proto to perform validation of the frames
received via rx_authenticate & rx_associate, have netdev itself perform
the mpdu validation.  This is unlikely to happen anyway since the kernel
performs its own frame validation.  Print a warning in case the
validation fails.
2021-07-14 09:58:42 -05:00
Denis Kenzior
cb5939f941 network: Set SAE-PT into handshake
If the authenticator is SAE H2E capable, add the relevant PTs into the
handshake_state to enable use of SAE H2E.
2021-07-14 09:58:42 -05:00
Denis Kenzior
9c07741a0a network: Also support SAE PT for group 20
Generalize loading / saving of SAE PTs and add support for saving /
loading of ECC group 20 based SAE PT.
2021-07-14 09:58:42 -05:00
Denis Kenzior
a46269d5b0 sae: Don't destroy token on group change
There's no reason why a change in groups would result in the
anti-clogging token becoming invalid.  This might result in us needing
an extra round-trip if the peer is using countermeasures and our
requested group was deemed unsuitable.
2021-07-14 09:58:42 -05:00
Denis Kenzior
c02b1466c4 sae: Fix potential leak in sae_process_anti_clogging
We may receive multiple anti-clogging request messages.  We memdup the
token every time, without checking whether memory for one has already
been allocated.  Free the old token prior to allocating a new one.
2021-07-14 09:58:42 -05:00
Denis Kenzior
67be05ec3e sae: validate group in sae_process_anti_clogging
The group was not checked at all.  The specification doesn't
mention doing so specifically, but we are only likely to receive an Anti
Clogging Token Request message once we have sent our initial Commit.  So
the group should be something we could have sent or might potentially be
able to use.
2021-07-14 09:58:42 -05:00
Denis Kenzior
891b78e9e8 sae: Add basic H2E support 2021-07-14 09:58:42 -05:00
Denis Kenzior
d12ac0fa71 crypto: Generalize kdf_sha{256|384} as crypto_kdf
This also allows us to easily implement KDF with SHA512
2021-07-14 09:58:42 -05:00
Denis Kenzior
e82f0d3459 unit: Update expected error code 2021-07-14 09:58:42 -05:00
Denis Kenzior
f0e3d92d00 sae: Fix sae_cn endianness issue
send_confirm was always passed in using host byte-order, but the hash
should be ran over send_confirm in LE order.
2021-07-14 09:58:42 -05:00
Denis Kenzior
03b99ba0d5 sae: Handle error conditions more consistently
In case an exceptional condition occurs, handle this more consistently
by returning the following errors:

  -ENOMSG -- If a message results in the retransmission timer t0 being
             restarted without actually sending anything.
  -EBADMSG -- If a received message is to be silently discarded without
              affecting the t0 timer.
  -ETIMEDOUT -- If SYNC_MAX has been exceeded
  -EPROTO -- If a fatal protocol error occurred
2021-07-14 09:58:42 -05:00
Denis Kenzior
fefa93e3ba sae: Drop unneeded state checks
Now that sae_verify_* methods no longer allow dropped frames though,
there's no reason to keep these checks.  sae_process_commit and
sae_process_confirm will now always receive messages in their respective
state.
2021-07-14 09:58:42 -05:00
Denis Kenzior
0925a362d6 sae: Return an error when dropping frames
sae_verify_* functions were correctly marking frames to be dropped, but
were returning 0, which caused the to-be-dropped frames to be further
processed inside sae_rx_authenticate.  Fix that by returning a proper
error.
2021-07-14 09:58:42 -05:00
Denis Kenzior
3474953d16 sae: Properly return -EAGAIN when retransmitting
Make sure to return -EAGAIN whenever a received frame from the peer
results in a retransmission.  This also prevents the frame from being
mistakenly processed further in sae_rx_authenticate.
2021-07-14 09:58:42 -05:00
Denis Kenzior
d8f9d9d45c sae: Transition to a new state explicitly
Do not try to transition to a new state from sae_send_commit /
sae_send_confirm since these methods can be called due to
retransmissions or other unexpected messages.  Instead, transition to
the new state explicitly from sae_process_commit / sae_process_confirm.
2021-07-14 09:58:42 -05:00
Denis Kenzior
cb810c12ff sae: Move Commit message length validation
Instead of verifying commit message length in the sae_process_commit
method, verify it in the verification function instead.
2021-07-14 09:58:42 -05:00
Denis Kenzior
18ec5589f8 sae: Reject group changes
SAE protocol is meant to authenticate peers simultaneously.  Hence it
includes a tie-breaker provision in case both peers enter into the
Committed state and the Commit messages arrive at the respective peers
near simultaneously.

However, in the case of STA or Infrastructure mode, only one peer (STA)
would normally enter the Committed state (via Init) and the tie-breaker
provision is not needed.  If this condition is detected, abort the
connection.

Also remove the uneeded group change check in process_commit.
2021-07-14 09:58:42 -05:00
Denis Kenzior
7d67192493 sae: Make sae_compute_pwe independent of sae_sm
sae_compute_pwe doesn't really depend on the state of sae_sm.  Only the
curve to be used for the PWE calculation is needed.  Rework the function
signature to reflect that and remove unneeded member of struct sae_sm.
2021-07-14 09:58:42 -05:00
Denis Kenzior
8de07357fd fils: mmpdu_body cannot fail 2021-07-14 09:58:42 -05:00
Denis Kenzior
08845fb19c ie: Change ie_tlv_builder_finalize signature
ie_tlv_builder_init takes a size_t as input, yet for some reason
ie_tlv_builder_finalize takes an unsigned int argument as output.  Fix
the latter to use size_t as well.
2021-07-14 09:58:42 -05:00
Denis Kenzior
8320e3ab92 mpdu: Add SAE_HASH_TO_ELEMENT Status Code 2021-07-14 09:58:42 -05:00
Denis Kenzior
0815b85f22 unit: Add basic test for ECC PWE-from-PT derivation 2021-07-14 09:58:42 -05:00
Denis Kenzior
993a934803 crypto: Expose crypto_sae_hash_from_ecc_prime_len 2021-07-14 09:58:42 -05:00
Denis Kenzior
77e387dd0c crypto: Add crypto_derive_sae_pwe_from_pt_ecc 2021-07-14 09:58:42 -05:00
Denis Kenzior
f7b5ebd097 netdev: Set Supplicant RSNXE to handshake_state 2021-07-14 09:58:09 -05:00
Denis Kenzior
636c6eb645 eapol: Send / Validate RSNXE in STA mode 2021-07-14 09:55:49 -05:00
Denis Kenzior
1a7c5786f6 eapol: Use a separate hs variable
Instead of using sm->handshake everywhere, use a short-hand hs variable.
This makes some lines a bit more readable.  No functional changes.
2021-07-14 09:55:49 -05:00
Denis Kenzior
10fd485d7d station: Set authenticator's RSNXE if present 2021-07-14 09:55:49 -05:00
Denis Kenzior
6470601a34 handshake: Add support for RSNXE
Allow handshake_state to track Authenticator & Supplicant RSN Extension
elements (RSNXE)s.
2021-07-14 09:55:49 -05:00
Denis Kenzior
37bc48add4 handshake: Optimize replacement of IEs
During processing of Connect events by netdev, some of these elements
might be updated even when already set.  Instead of issuing
l_free/l_memdup each time, check and see whether the elements are
bitwise identical first.
2021-07-14 09:55:49 -05:00
Denis Kenzior
7fafb627d8 scan: Save off RSNXE if present 2021-07-14 09:55:49 -05:00
Denis Kenzior
57a57646d8 wiphy: Add wiphy_get_rsnxe
Returns a template RSNX element that can be further modified by callers
to set any additional capabilities if required.  wiphy will fill in
those capabilities that are driver / firmware dependent.
2021-07-14 09:55:49 -05:00
Denis Kenzior
3f42e4df25 ie: Add ie_rsnxe_capable
Add convenience method for checking whether a given capability exists in
an RSN Extension element.
2021-07-14 09:55:49 -05:00
Denis Kenzior
f22c958b79 ie: Add certain IE definitions from 802.11-2020 2021-07-14 09:55:49 -05:00
Denis Kenzior
de04e6d723 handshake: Allow adding of ECC SAE-PT points 2021-07-14 09:55:49 -05:00
Denis Kenzior
ead1f0e96e network: Save / Load SAE PT for Group 19 2021-07-14 09:55:49 -05:00
Denis Kenzior
2a66b3bfe5 network: Move handshake parameter setup from station
Most parameters set into the handshake object are actually known by the
network object itself and not station.  This includes address
randomization settings, EAPoL settings, passphrase/psk/8021x settings,
etc.  Since the number of these settings will only keep growing, move
the handshake setup into network itself.  This also helps keep network
internals better encapsulated.
2021-07-14 09:55:49 -05:00
Denis Kenzior
869bcf59d5 network: Make network_sync_psk not repetitive
Refactor network_sync_psk to not require setting attributes into
multiple settings objects.  This is in fact unnecessary as the parsed
security parameters are used everywhere else instead.  Also make sure to
wipe the [Security] group first, in case any settings were invalid
during loading or otherwise invalidated.
2021-07-14 09:55:49 -05:00
Denis Kenzior
27583e6b35 network: Generate PSK lazily
In cases where networks are WPA3 only, there's no point to actually
generate the PSK.  Do so only if needed (network_get_psk gets called)
2021-07-14 09:55:49 -05:00
Denis Kenzior
a8e2023a8e netdev: netdev_build_cmd_authenticate doesn't fail 2021-07-14 09:55:49 -05:00
Denis Kenzior
29aea1d411 netdev: netdev_build_cmd_connect doesn't fail 2021-07-14 09:55:49 -05:00