Returns a template RSNX element that can be further modified by callers
to set any additional capabilities if required. wiphy will fill in
those capabilities that are driver / firmware dependent.
Most parameters set into the handshake object are actually known by the
network object itself and not station. This includes address
randomization settings, EAPoL settings, passphrase/psk/8021x settings,
etc. Since the number of these settings will only keep growing, move
the handshake setup into network itself. This also helps keep network
internals better encapsulated.
Refactor network_sync_psk to not require setting attributes into
multiple settings objects. This is in fact unnecessary as the parsed
security parameters are used everywhere else instead. Also make sure to
wipe the [Security] group first, in case any settings were invalid
during loading or otherwise invalidated.
Credentials obtained can now be either in passphrase or PSK form. Prior
to commit 7a9891dbef, passphrase credentials were always converted to
PSK form by invoking crypto_psk_from_passphrase. This was changed in
order to support WPA3 networks. Unfortunately the provisioning logic
was never properly updated. Fix that, and also try to not overwrite any
existing settings in case WSC is providing credentials for networks that
are already known.
Fixes: 7a9891dbef ("wsc: store plain text passphrase if available")
There will be additional security-related settings that will be
introduced for settings files. In particular, Hash-to-Curve PT
elements, Transition Disable settings and potentially others in the
future. Since PSK is now not the only element that would require
update, rename this function to better reflect this.
PRF+ from RFC 5295 is the more generic function using which HKDF_Expand
is defined. Allow this function to take a vararg list of arguments to
be hashed (these are referred to as 'S' in the RFCs).
Implement hkdf_expand in terms of prf_plus and update all uses to the
new syntax.
This fixes an issue where the udp port was not being opened due to a
permission denied error. The result of this was the dhcp client would
fail to send the renewal request and so the dhcp lease would expire.
The addition of the CAP_NET_BIND_SERVICE capability allows the service
to open sockets in the restricted port range (<1024) which is required
for dhcp.
This is based on a previous patch by Roberto Santalla Fernández.
A new config is introduced into the network config file under IPv4
called SendHostname. If this is set to true then we add the hostname
into all DHCP requests. The default is false.
If the idea is that the interface should only be present when connected
then don't do this in the DISCONNECTING state as there are various
possible transitions from CONNECTED or ROAMING directly to DISCONNECTED.
The Changed() method did not actually return anything, and in fact the
no_reply flag for that message was set.
Similarly, the Release method does not expect a reply.
Don't require a gateway address from the settings file or from the DHCP
server when doing netconfig. Failing when the gateway address was
missing was breaking P2P but also small local networks.
Be paranoid and check that the prefix length in addresses from
used_addr4_list are not zero (they shouldn't be) and that address family
is AF_INET (it should be), mainly to quiet coverity warnings:
While there also fix one line's indentation.
At the end of ip_pool_select_addr4() we'd check if the selected address
is equal to the subnet address and increment it by 1 to produce a valid
host address for the AP. That check was always correct only with 24-bit
prefix, extend it to actually use the prefix-dependent mask instead of
0xff. Fixes a testAP failure triggered 50% of the times because the
netmask is 28 bit long there.