3
0
mirror of https://git.kernel.org/pub/scm/network/wireless/iwd.git synced 2024-10-31 00:59:23 +01:00
Commit Graph

2377 Commits

Author SHA1 Message Date
James Prestwood
d2e7d47c84 ie: fix ie_tlv_builder semantics
The TLV builder APIs were not very intuative, and in some (or all)
cases required access to the builder structure directly, either to
set the TLV buffer or to get the buffer at the end.

This change adds a new API, ie_tlv_builder_set_data, which both sets
the length for the current TLV and copies the TLV data in one go.
This will avoid the need for memcpy(ie_tlv_builder_get_data(...),...)

ie_tlv_builder_finalize was also changed to return a pointer to the
start of the build buffer. This will eliminate the need to access
builder.tlv after building the TLVs.

ie_tlv_builder_init was changed to take an optional buffer to hold
the TLV data. Passing NULL/0 will build the TLV in the internal
buffer. Passing in a pointer and length will build into the passed
in buffer.
2019-04-23 12:56:20 -05:00
Andrew Zaborowski
14d69873b0 wiphy: Add wiphy_create_complete
Let manager.c signal to wiphy.c when the wiphy parsing from the genl
messages is complete.  When we query for existing wiphy using the
GET_WIPHY dump command we get many genl messages per wiphy, on a
notification we only get one message.  So after wiphy_create there may
be one or many calls to wiphy_update_from_genl.  wiphy_create_complete
is called after all of them, so wiphy.c can be sure it's done with
parsing the wiphy attributes when in prints the new wiphy summary log
message, like it did before manager.c was added.

I had wrongly assumed that all the important wiphy attributes were in
the first message in the dump, but NL80211_ATTR_EXT_FEATURES was not and
wasn't being parsed which was breaking at least testRSSIAgent.
2019-04-22 16:34:51 -05:00
James Prestwood
6ea74d77cc eap-sim: derive session-ID for ERP 2019-04-22 16:31:19 -05:00
James Prestwood
2cbdc1aa43 eap-aka: derive Session-ID for ERP 2019-04-22 16:31:14 -05:00
James Prestwood
e7219cbcc5 netdev: free SAE SM once protocol has completed
SAE was behaving inconsitently with respect to freeing the state.
It was freeing the SM internally on failure, but requiring netdev
free it on success.

This removes the call to sae_sm_free in sae.c upon failure, and
instead netdev frees the SM in the complete callback in all cases
regardless of success or failure.
2019-04-22 16:26:11 -05:00
James Prestwood
ea571bc6ac netdev: free OWE SM once protocol has completed
The OWE SM is not needed once the OWE protocol completes. We can
free it immediately in netdev_owe_complete (unless retrying).
2019-04-22 16:25:31 -05:00
James Prestwood
5cc0148e7f station: enable FILS support
station will now check if ERP has cached keys for FILS when building
the handshake, as well as get the ERP cache and set it into the
handshake object.
2019-04-22 14:56:48 -05:00
James Prestwood
b125976fea netdev: add FILS support
From netdev's prospective FILS works the same as OWE/SAE where we create
a fils_sm and forward all auth/assoc frames into the FILS module. The
only real difference is we do not start EAPoL once FILS completes.
2019-04-22 14:55:41 -05:00
James Prestwood
73c9a126bd fils: implementation for FILS
FILS (Fast Initial Link Setup) allows a station to negotiate a PTK during
authentication and association. This allows for a faster connection as
opposed to doing full EAP and the 4-way. FILS uses ERP (EAP Reauth Protocol)
to achieve this, but encapsulates the ERP data into an IE inside
authenticate frames. Association is then used to verify both sides have
valid keys, as well as delivering the GTK/IGTK.

FILS will work similar to SAE/OWE/FT where netdev registers a fils_sm, and
then forwards all Auth/Assoc frame data to and from the FILS module.
2019-04-22 14:55:02 -05:00
James Prestwood
91cdd86e0d handshake: add ERP cache object to handshake
Keeping the ERP cache on the handshake object allows station.c to
handle all the ERP details and encapsulate them into a handshake.
FILS can then use the ERP cache right from the handshake rather
than getting it itself.
2019-04-22 14:55:02 -05:00
James Prestwood
bc7b12d1a4 wiphy: handle FILS AKMs
wiphy_select_akm needed to be updated to take a flag, which can be
set to true if there are known reauth keys for this connection. If
we have reauth keys, and FILS is available we will choose it.
2019-04-19 15:05:23 -05:00
James Prestwood
b829daaab7 owe: fix group renegotiation to not reauthenticate
If the AP send an associate with an unsupported group status, OWE
was completely starting over and sending out an authenticate frame
when it could instead just resend the associate frame with a
different group.
2019-04-19 13:52:28 -05:00
James Prestwood
17e3a5ee3c handshake: add setter for PTK
With FILS support coming there needs to be a way to set the PTK directly.
Other AKMs derive the PTK via the 4-way handshake, but FILS computes the
PTK on its own.
2019-04-18 10:55:24 -05:00
Denis Kenzior
b768e26f1d Revert "mschaputil: use util_get_username"
This reverts commit 1e337259ce.

Using util_get_username was wrong in this context.  MSCHAPv2 expects us
to only strip the domain name from identities of the form
domain\identity.  util_get_username would also strip identities of the
form username@domain.com.
2019-04-18 10:46:56 -05:00
James Prestwood
349acf292f eapol: fix kek length for FILS rekeys (SHA384)
FILS-SHA384 got overlooked and the kek length was being hard coded
to 32 bytes when encrypting the key data. There was also one occurence
where the kek_len was just being set incorrectly.
2019-04-17 19:33:55 -05:00
James Prestwood
e940fc9282 handshake: add handshake_state_get_kek_len 2019-04-17 19:33:51 -05:00
Denis Kenzior
89017afdb2 crypto: Skip aes-ctr decryption for in_len = 16
If the input length is 16 bytes, this means aes_siv_decrypt should
only be verifying the 16 byte SIV and not decrypting any data. If
this is the case, we can skip over the whole AES-CTR portion of
AES-SIV and only verify the SIV.
2019-04-17 18:59:27 -05:00
James Prestwood
799a29d37c eapol: only check for snonce if MIC is used
In eapol_key_handle, 'have_snonce' is checked before decrypting the
key data. For FILS, there will be no snonce so this check can be
skipped if mic_len == 0.
2019-04-17 18:40:46 -05:00
James Prestwood
c21f3cd2a4 eapol: allow FILS GTK handshake
The GTK handshake for FILS uses AES-SIV to encrypt the key data, and
does away with the MIC completely. Now, when finalizing the 2/2 GTK
packet we check the MIC length, and if zero we assume FILS is being
used and we use AES-SIV to encrypt the key data.

For FILS, there is no actual data being encrypted for GTK 2/2 (hence
why the input data length is zero). This results in only the SIV
being generated, which essentially serves the same purpose as a MIC.
2019-04-17 18:40:46 -05:00
James Prestwood
a6640f1b7a eapol: allow eapol_decrypt_key_data to work with FILS
FILS falls under the 'AKM defined' key descriptor, and uses AES-SIV.
2019-04-17 18:40:46 -05:00
James Prestwood
368d6714b9 eapol: allow _create_gtk_2_of_2 to work without MIC
FILS does not use a MIC, as well as requires encrypted data on GTK 2/2.
This updates eapol_create_gtk_2_of_2 to pass in extra data to
eapol_create_common, which will reserve room for this encrypted data.
Extra data is only reserved if mic_len == 0.
2019-04-17 18:40:46 -05:00
James Prestwood
ca63ac2342 eapol: allow eapol_create_common to work with no MIC
FILS does not use a MIC in EAPoL frames and also requires encrypted
data on all EAPoL frames. In the common builder the mic_len is now
checked and the flags are set appropriately.
2019-04-17 18:40:46 -05:00
James Prestwood
62e20ca285 eapol: pass mic_len in gtk 1/2 verify
FILS authentication does away with the MIC, so checking for key_mic
in the eapol key frame does not allow FILS to work. Now we pass in
the mic_len to eapol_verify_gtk_1_of_2, and if it is non-zero we can
check that the MIC is present in the frame.
2019-04-17 18:40:46 -05:00
James Prestwood
82eeef1c29 eapol: add eapol_set_started
FILS does not require an eapol_sm for authentication, but rekeys
are still performed using the 4-way handshake. Because of this
FILS needs to create a eapol_sm in a 'started' state, but without
calling eapol_start as this will initialize EAP and create handshake
timeouts.

This allows EAPoL to wait for any 4-way packets, and handle them
as rekeys.
2019-04-17 18:40:46 -05:00
James Prestwood
433373fe28 eapol: cache ERP keys on EAP success 2019-04-17 17:06:25 -05:00
James Prestwood
7f502ff16f main: initialize erp 2019-04-17 17:06:25 -05:00
James Prestwood
d938d362b2 erp: ERP implementation and key cache move
ERP (EAP Reauthentication Protocol) allows a station to quickly
reauthenticate using keys from a previous EAP authentication.

This change both implements ERP as well as moves the key cache into
the ERP module.

ERP in its current form is here to only support FILS. ERP is likely not
widespread and there is no easy way to determine if an AP supports ERP
without trying it. Attempting ERP with a non-ERP enabled AP will actually
result in longer connection times since ERP must fail and then full EAP
is done afterwards. For this reason ERP was separated from EAP and a
separate ERP state machine must be created. As it stands now, ERP cannot
be used on its own, only with FILS.
2019-04-17 17:06:25 -05:00
James Prestwood
5e28b314a7 crypto: add aes_siv_{encrypt,decrypt}
FILS requires AES-SIV for rekeys
2019-04-17 13:55:11 -05:00
Tim Kourt
1c04707487 station: Add quick scan
Quick scan uses a set of frequencies associated with the
known networks. This allows to reduce the scan latency.
At this time, the frequency selection follows a very simple
logic by taking all known frequencies from the top 5 most
recently connected networks.
If connection isn't established after the quick scan attempt,
we fall back to the full periodic scan.
2019-04-16 18:16:04 -05:00
Tim Kourt
5c9138ed7d knownnetworks: Add lookup API for recent frequencies
The returned scan_freq_set contains the known frequencies from
the top most recently connected networks.
2019-04-16 18:14:35 -05:00
Denis Kenzior
02b3ab6793 manager: Run an interface dump on startup
Instead of handling NEW_WIPHY events and WIHPY_DUMP events in a similar
fashion, split up the paths to optimize iwd startup time.  There's
fundamentally no reason to wait a second (and eat up file-descriptor
resources for timers unnecessarily) when we can simply start an
interface dump right after the wiphy dump.

In case a new wiphy is added in the middle of a wiphy dump, we will
likely get a new wiphy event anyway, in which case a setup_timeout will
be created and we will ignore this phy during the interface dump
processing.

This also optimizes the case of iwd being re-started, in which case
there are no interfaces present.
2019-04-16 17:51:00 -05:00
Denis Kenzior
d99242846c manager: Split up new_wiphy dumps & events
Separate out the two types of NEW_WIPHY handlers into separate paths and
factor out the common code into a utility function.

Dumps of CMD_NEW_WIPHY can be split up over several messages, while
CMD_NEW_WIPHY events (generated when a new card is plugged in) are
stuffed into a single message.

This also prepares ground for follow-on commits where we will handle the
two types of events differently.
2019-04-16 17:51:00 -05:00
Denis Kenzior
1b08602727 manager: Make sure to not leak msg on failure:wq 2019-04-16 17:51:00 -05:00
Denis Kenzior
d85e6eedff manager: Don't try to create pending_state more than once 2019-04-16 17:51:00 -05:00
Denis Kenzior
5cfc6e513d netdev: Fix crash
src/netdev.c:netdev_create_from_genl() Skipping duplicate netdev wlp2s0[3]
Aborting (signal 11) [/home/denkenz/iwd/src/iwd]
++++++++ backtrace ++++++++
 #0  0x7fc4c7a4e930 in /lib64/libc.so.6
 #1  0x40ea13 in netdev_getlink_cb() at src/netdev.c:4654
 #2  0x468cab in process_message() at ell/netlink.c:183
 #3  0x4690a3 in can_read_data() at ell/netlink.c:289
 #4  0x46681d in io_callback() at ell/io.c:126
 #5  0x4651cd in l_main_iterate() at ell/main.c:473
 #6  0x46530e in l_main_run() at ell/main.c:516
 #7  0x465626 in l_main_run_with_signal() at ell/main.c:642
 #8  0x403df8 in main() at src/main.c:513
 #9  0x7fc4c7a39bde in /lib64/libc.so.6
2019-04-16 17:51:00 -05:00
Andrew Zaborowski
467b6341d8 manager: Handle interface white/blacklists
Mirror netdev.c white/blacklist logic.  If either or both the whitelist
and the blacklist are given also fall back to not touching the existing
interface setup on the wiphy.
2019-04-16 17:51:00 -05:00
Andrew Zaborowski
9e079ba4fc manager: Fallback to old logic for some drivers
If we get an error during DEL_INTERFACE or NEW_INTERFACE we may be
dealing with a driver that doesn't implement virtual interfaces or
doesn't implement deleting the default interface.  In this case fall
back to using the first usable interface that we've detected on this
wiphy.

There's at least one full-mac driver that doesn't implement the cfg80211
.del_virtual_intf and .add_virtual_intf methods and at least one that
only allows P2P interfaces to be manipulated.  mac80211 drivers seem to
at least implement those methods but I didn't check to see if there are
driver where they'd eventually return EOPNOTSUPP.
2019-04-16 17:51:00 -05:00
Andrew Zaborowski
2ea9db9cae netdev: Drop netdev creation logic 2019-04-16 17:51:00 -05:00
Andrew Zaborowski
d907593c08 manager: Create an interface on each wiphy and register netdevs
This is probably the trickiest part in this patchset.  I'm introducing a
new logic where instead of using the interfaces that we find present
when a wiphy is detected, which would normally be the one default
interface per wiphy but could be 0 or more than one, we create one
ourselves with the socket owner attribute and use exactly one for
Station, AP and Ad-Hoc modes.  When IWD starts we delete all the
interfaces on existing wiphys that we're going to use (as determined by
the wiphy white/blacklists) or freshly hotplugged ones, and only then we
register the interface we're going to use meaning that the wiphy's
limits on the number of concurrent interfaces of each type should be at
0.  Otherwise we'd be unlikely to be abe to create the station interface
as most adapters only allow one.  After that we ignore any interfaces
that may be created by other processes as we have no use for multiple
station interfaces.

At this point manager.c only keeps local state for wiphys during
the interface setup although when we start adding P2P code we will be
creating and removing interfaces multiple times during the wiphy's
runtime and may need to track it here or in wiphy.c.  We do not
specifically check the interface number limits received during the wiphy
dump, if we need to create any interfaces and we're over the driver's
maximum for that specific iftype we'll still attempt it and report error
if it fails.

I tested this and it seems to work with my laptop's intel card and some
USB hotplug adapters.
2019-04-16 17:51:00 -05:00
Denis Kenzior
edade7f19c netdev: Fix handshake failures on FT-PSK + FullMac
The latest refactoring ended up assuming that FT related elements would
be handled in netdev_associate_event.  However, FullMac cards (that do
not generate netdev_associate_event) could still connect using FT AKMs
and perform the Initial mobility association.  In such cases the FTE
element was required but ended up not being set into the handshake.
This caused the handshake to fail during PTK 1_of_4 processing.

Fix this by making sure that FTE + related info is set into the
handshake, albeit with a lower sanity checking level since the
elements have been processed by the firmware already.

Note that it is currently impossible for actual FTs to be performed on
FullMac cards, so the extra logic and sanity checking to handle these
can be skipped.
2019-04-15 17:32:12 -05:00
Tim Kourt
c44da22470 wiphy: Add freq set constrain API 2019-04-15 12:34:36 -05:00
Tim Kourt
5be3de7484 knownnetworks: Add known frequencies
Add functionality to read and parse the known frequencies
from permanent storage on start of the service. On service
shutdown, we sync the known frequencies back to the permanent
storage.
2019-04-15 12:30:13 -05:00
Tim Kourt
c3e79a4f2a network: Introduce a concept of known frequencies
Each known network (previously connected) will have a set
of known frequencies associated with it, e.g. a set of
frequencies from all BSSs observed. The list of known
frequencies is sorted with the most recently observed
frequency in the head.
2019-04-15 12:29:48 -05:00
Tim Kourt
8881910662 station: Start removing scan results based on age
Previously, the scan results were disregarded once the new
ones were available. To enable the scan scenarios where the
new scan results are delivered in parts, we introduce a
concept of aging BSSs and will remove them based on
retention time.
2019-04-15 12:25:30 -05:00
Tim Kourt
e01368b848 scan: Add randomization of SN for probe requests 2019-04-11 16:57:07 -05:00
Tim Kourt
b1d77d52b9 scan: Use randomization flag only for active scans 2019-04-11 16:56:44 -05:00
Tim Kourt
91105768e0 knownnetworks: Enable setting Autoconnect property over DBus 2019-04-11 12:09:27 -05:00
Denis Kenzior
5a28504d9e manager: Simplify logic 2019-04-11 12:09:07 -05:00
Denis Kenzior
72158e66da main: Move manager initialization
The order of wiphy / netdev dumps matters.  So to preserve the old
behavior, move manager initialization up.
2019-04-11 12:09:07 -05:00
Andrew Zaborowski
65109ec46d wiphy: Drop wiphy creation logic 2019-04-11 11:20:04 -05:00
Andrew Zaborowski
530a449337 manager: Add new file for wiphy/interface management
Add manager.c, a new file where the wiphy and interface creation/removal
will be handled and interface use policies will be implemented.  Since
not all kernel-side nl80211 interfaces are tied to kernel-side netdevs,
netdev.c can't manage all of the interfaces that we will be using, so
the logic is being moved to a common place where all interfaces on a
wiphy will be managed according to the policy, device support for things
like P2P and user enabling/disabling/connecting with P2P which require
interfaces to be dynamically added and removed.
2019-04-11 11:17:52 -05:00
Andrew Zaborowski
4a969294f7 wiphy: Add wiphy_create/wiphy_destroy API
Add wiphy_create, wiphy_update_from_genl and wiphy_destroy that together
will let a new file command the wiphy creation, updates and deletion
with the same functionality the current config notification handler
implements in wiphy.c.
2019-04-11 11:15:10 -05:00
Andrew Zaborowski
fd0892baf0 wiphy: Make wiphy_parse_id_and_name public 2019-04-11 11:13:28 -05:00
Andrew Zaborowski
c06754a978 wiphy: Drop name_len from wiphy_parse_id_and_name
As mentioned in code comments the name is NUL-terminated so there's no
need to return the length path, which was ignored in some occasions
anyway.  Consistently treat it as NUL-terminated but also validate.
2019-04-11 11:11:52 -05:00
Andrew Zaborowski
8f910518c4 netdev: Make netdev_create_from_genl, netdev_destroy public
Make netdev_create_from_genl public and change signature to return the
created netdev or NULL.  Also add netdev_destroy that destroys and
unregisters the created netdevs.  Both will be used to move the
whole interface management to a new file.
2019-04-11 11:04:16 -05:00
Andrew Zaborowski
ceb605a2cc dbus: Add p2p iftypes in dbus_iftype_to_string 2019-04-11 11:01:09 -05:00
Tim Kourt
531bb3f0b5 knownnetworks: Load Autoconnect along with other settings
Previously, 'Autoconnect' setting was loaded only at the
connection time, this patch makes autoconnect to load along
with other settings.
2019-04-11 10:55:22 -05:00
James Prestwood
43c1bdfd62 sae: check if server point/scalar is valid
Reported-By: Mathy Vanhoef <Mathy.Vanhoef@nyu.edu>
2019-04-11 10:19:54 -05:00
James Prestwood
9192f506d3 eap-pwd: check if server point/scalar is valid
Reported-By: Mathy Vanhoef <Mathy.Vanhoef@nyu.edu>
2019-04-11 10:19:38 -05:00
James Prestwood
f9d92d6cdd eap: add eap_get_identity 2019-04-10 16:57:07 -05:00
James Prestwood
81fc6a687e handshake: add flag for FILS support
The handshake_state only holds a single AKM value. FILS depends on the AP
supporting EAP as well as FILS. The first time IWD connects, it will do a
full EAP auth. Subsequent connections (assuming FILS is supported) will use
FILS. But if the AP does not support FILS there is no reason to cache the
ERP keys.

This adds the supp_fils to the handshake_state. Now, station.c can set this
flag while building the handshake. This flag can later be checked when
caching the ERP keys.
2019-04-10 16:57:05 -05:00
James Prestwood
e963e64f9b eap: export session ID as key materials
ERP/FILS requires the session ID which is derived internally to an
EAP method.
2019-04-10 16:55:29 -05:00
James Prestwood
5df84a6933 erpcache: implementation for ERP key cache
This allows IWD to cache ERP keys after a full EAP run. Caching
allows IWD to quickly connect to the network later on using ERP or
FILS.

The cache will contain the EAP Identity, Session ID, EMSK, SSID and
optionally the ERP domain. For the time being, the cache entry
lifetimes are hard coded to 24 hours. Eventually the cache should
be written to disk to allow ERP/FILS to work after a reboot or
IWD restart.
2019-04-10 13:58:13 -05:00
James Prestwood
1e337259ce mschaputil: use util_get_username 2019-04-08 16:28:56 -05:00
Denis Kenzior
86ce4a8b09 util: Add qualifying comments 2019-04-08 16:28:37 -05:00
James Prestwood
abcc9f1647 util: add APIs to get username/domain from identity
mschaputil already had similar functionality, but ERP will need this
as well. These two functions will also handle identities with either
'@' or '\' to separate the user and domain.
2019-04-08 16:26:25 -05:00
Denis Kenzior
44ebf10bb9 eap: Make sure identity is not NULL 2019-04-08 16:25:31 -05:00
Denis Kenzior
716e3f0cda eap: Add eap_free_common
Many operations performed during an error in load_settings were the same
as the ones performed when freeing the eap object.  Add eap_free_common
to unify these.
2019-04-08 16:24:18 -05:00
James Prestwood
875c6f27e7 eap: enforce max identity lengths
EAP identites are recommended to follow RFC 4282 (The Network Access
Identifier). This RFC recommends a maximum NAI length of 253 octets.
It also mentions that RADIUS is only able to support NAIs of 253
octets.

Because of this, IWD should not allow EAP identities larger than 253
bytes. This change adds a check in eap_load_settings to verify the
identity does not exceed this limit.
2019-04-08 16:18:47 -05:00
James Prestwood
e9618d97a8 crypto: add kdf_sha384
FILS requires the SHA384 KDF variant.
2019-04-05 17:58:03 -05:00
James Prestwood
a71adcc243 netdev: skip associate event when not in OWE/FT
The associate event is only important for OWE and FT. If neither of
these conditions (or FT initial association) are happening we do
not need to continue further processing the associate event.
2019-04-05 17:35:31 -05:00
James Prestwood
c416db0708 common: fix missing PSK_SHA256 AKM
This AKM was lost while moving all the AKM checks into a the macros
2019-04-05 17:32:01 -05:00
Denis Kenzior
8f9ed66bdd mpdu: Rework validate_mgmt_ies
802.11 mandates that IEs inside management frames are presented in a
given order.  However, in the real world, many APs seem to ignore the
rules and send their IEs in seemingly arbitrary order, especially when
it comes to VENDOR tags.  Change this function to no longer be strict in
enforcing the order.

Also, drop checking of rules specific to Probe Responses.  These will
have to be handled separately (most likely by the AP module) since
802.11-2016, Section 11.1.4.3.5 essentially allows just about anything.
2019-04-05 16:31:26 -05:00
Denis Kenzior
83af5b0170 mpdu: Drop unused argument 2019-04-05 16:29:59 -05:00
James Prestwood
050db0b054 netdev: fix association failure path
In netdev_associate_event the ignore_connect_event was getting set true,
but afterwards there were still potential failure paths. Now, once in
assoc_failed we explicitly set ignore_connect_event to false so the
the failure can be handled properly inside netdev_connect_event
2019-04-05 13:41:29 -05:00
James Prestwood
5359b54c37 eap-private: add initiate/finish EAP types 2019-04-05 12:13:30 -05:00
James Prestwood
8f3627646a mpdu: add auth algorithms for FILS 2019-04-05 12:07:37 -05:00
James Prestwood
e15cb7133a handshake: handle FILS AKMs in handshake_get_key_sizes 2019-04-05 12:07:34 -05:00
James Prestwood
9b83f3d2db common: put all PSK AKM's into macro
The list of PSK/8021x AKM's in security_determine was getting long,
and difficult to keep under 80 characters. This moves them all into
two new macros, AKM_IS_PSK/AKM_IS_8021X.
2019-04-05 12:06:00 -05:00
James Prestwood
a2e711faf4 ie: crypto: add FILS AKMs
ie_rsn_info had to be updated to allow for 32 bit AKM values rather than
16 bit.
2019-04-04 16:11:07 -05:00
James Prestwood
cb9a0ed922 ie: add FILS IEs 2019-04-04 16:09:13 -05:00
James Prestwood
bde01b1826 eap-pwd: update hkdf_extract usage to cast constants
On some architectures, va_arg was behaving strangely with constant values
passed as lengths. Casting any constant lengths to size_t fixes the issue.
2019-04-04 14:01:19 -05:00
Denis Kenzior
b8dd39ded0 sae: Fix argument type passed via va_args
The function expects a size_t argument, but on some ARM systems this was
getting confused and failing.
2019-04-04 13:37:01 -05:00
James Prestwood
c985da04ca sae: fix potential infinite loop
It was assumed that the hunt-and-peck loop was guarenteed to find
a PWE. This was incorrect in terms of kernel support. If a system
does not have support for AF_ALG or runs out of file descriptors
the KDFs may fail. The loop continued to run if found == false,
which is also incorrect because we want to stop after 20 iterations
regarless of success.

This changes the loop to a for loop so it will always exit after
the set number of iterations.
2019-04-04 11:20:12 -05:00
Marcel Holtmann
23041a44dd build: Add missing HAVE_CONFIG_H guards and include config.h 2019-04-04 14:02:38 +02:00
Denis Kenzior
6ecc3a20b8 scan: Fix warning
CC       src/scan.o
src/scan.c: In function ‘scan_bss_compute_rank’:
src/scan.c:1048:4: warning: this decimal constant is unsigned only in ISO C90
    factor = factor * data_rate / 2340000000 +
2019-04-03 11:54:41 -05:00
Denis Kenzior
5c9e6b255f util: Remove container_of 2019-04-03 11:49:36 -05:00
Denis Kenzior
aca70beeff netdev: Use l_container_of 2019-04-03 11:49:36 -05:00
Denis Kenzior
b97d3f2a82 eapol: Use l_container_of 2019-04-03 11:49:36 -05:00
Marcel Holtmann
3f3e778719 build: Add support for including fallbacks for missing defines 2019-04-03 18:34:22 +02:00
Marcel Holtmann
923ac09cb6 owe: Add missing include for config.h 2019-04-03 18:33:36 +02:00
Tim Kourt
71efd05f4e eap: Rename EAP TLS type to follow common nomenclature 2019-04-02 14:34:37 -05:00
Tim Kourt
967983c638 station: Allow to disable roaming 2019-04-01 18:38:18 -05:00
Tim Kourt
734c9ad2f6 station: Split autoconnect state into two sub states
The auto-connect state will now consist of the two phases:
STATION_STATE_AUTOCONNECT_QUICK and STATION_STATE_AUTOCONNECT_FULL.
The auto-connect will always start with STATION_STATE_AUTOCONNECT_QUICK
and then transition into STATION_STATE_AUTOCONNECT_FULL if no
connection has been established. During STATION_STATE_AUTOCONNECT_QUICK
phase we take advantage of the wireless scans with the limited number
of channels on which the known networks have been observed before.
This approach allows to shorten the time required for the network
sweeps, therefore decreases the connection latency if the connection
is possible. Thereafter, if no connection has been established after
the first phase we transition into STATION_STATE_AUTOCONNECT_FULL and
do the periodic scan just like we did before the split in
STATION_STATE_AUTOCONNECT state.
2019-04-01 16:04:20 -05:00
Tim Kourt
405785cd0b scan: Add scan_freq_set_merge API 2019-04-01 15:29:33 -05:00
Tim Kourt
e5baa98a32 station: Encapsulate setter for 'scanning' property 2019-04-01 15:25:44 -05:00
Tim Kourt
33aa07e9ce station: rename scan_id to dbus_scan_id 2019-04-01 15:23:24 -05:00
Tim Kourt
395d8b9ea0 station: Refactor station_scan_destroy closer to its usage
The function is also renamed to reflect its usage
2019-04-01 15:21:12 -05:00
Tim Kourt
e4a5972b42 station: Separate scan and dbus logic 2019-04-01 15:18:51 -05:00
Tim Kourt
47900d34bc scan: Add scan_freq_set param into scan_passive 2019-04-01 15:18:37 -05:00
Tim Kourt
0d3eb7d27b scan: Make scan_freq_set_foreach const correct 2019-04-01 14:28:42 -05:00
James Prestwood
62748e567d ie: remove 80+80 column in vht_width_map
For simplicity 160Mhz and 80+80Mhz were grouped together when
parsing the VHT capabilities, but the 80+80 bits were left in
vht_widht_map. This could cause an overflow when getting the
width map.
2019-03-22 17:48:43 -05:00
Andrew Zaborowski
3ca8a18b4e network: Clear psk and passphrase copies before freeing 2019-03-22 14:04:08 -05:00
Andrew Zaborowski
05d556d493 eap-pwd: Memzero copies of secrets
Note that PK and PWE are also considered secret but their buffers
will need to be cleared in l_ecc_point_free in ell.
2019-03-22 13:04:50 -05:00
James Prestwood
588848651a wiphy: enforce MFP requirement on SAE connections
wiphy_select_akm will now check if BIP is supported, and if MFPR is
set in the scan_bss before returning either SAE AKMs. This will allow
fallback to another PSK AKM (e.g. hybrid APs) if any of the requirements
are not met.
2019-03-22 12:11:05 -05:00
Andrew Zaborowski
fa7db4be4d eap,eapol,crypto: Replace uses of memset with explicit_bzero
Replace existing uses of memset to clear secrets with explicit_bzero to
make sure it doesn't get optimized away.  This has some side effects as
documented in gcc docs but is still recommended.

In eap_secret_info_free make sure we clear both strings in the case of
EAP_SECRET_REMOTE_USER_PASSWORD secrets.
2019-03-21 20:28:14 -05:00
James Prestwood
45a51613c4 netdev: add conf option to set RSSI threshold
Environments with several AP's, all at low signal strength may
want to lower the roaming RSSI threshold to prevent IWD from
roaming excessively. This adds an option 'roam_rssi_threshold',
which is still defaulted to -70.
2019-03-21 11:03:25 -05:00
Andrew Zaborowski
970ce050fe eap-mschapv2: Check hexstring parses in load_settings
load_settings is assumed to do minimum error checking to avoid crashing
on invalid input.
2019-03-21 09:37:26 -05:00
Andrew Zaborowski
94043d6bcb eap-mschapv2: Memzero copies of secrets 2019-03-21 09:36:46 -05:00
Andrew Zaborowski
881fbd1d80 crypto: Memzero copies of secrets 2019-03-21 09:33:40 -05:00
Andrew Zaborowski
13f09be1a0 wsc: Memzero secrets after use
Also printing keys with l_debug conditional on an environment variable
as someone wanting debug logs, or leaving debug on accidentally, does
not necessarily want the keys in the logs and in memory.
2019-03-19 14:14:39 -05:00
James Prestwood
2042fe7a73 netdev: fix WPS test (with ControlPortOverNL80211 on)
At some point the connect command builder was modified, and the
control port over NL80211 check was moved to inside if (is_rsn).
For WPS, no supplicant_ie was set, so CONTROL_PORT_OVER_NL80211
was never set into CMD_CONNECT. This caused IWD to expect WPS
frames over netlink, but the kernel was sending them over the
legacy route.
2019-03-19 14:03:27 -05:00
Christian Rebischke
6e44295fe2 iwd.service: Harden systemd service file
This commit hardens the iwd.service.in template file for systemd
services. The following is a short explanation for each added directive:

+PrivateTmp=true

If true, sets up a new file system namespace for the executed processes
and mounts private /tmp and /var/tmp directories inside it that is not
shared by processes outside of the namespace.

+NoNewPrivileges=true

If true, ensures that the service process and all its children can never
gain new privileges through execve() (e.g. via setuid or setgid bits, or
filesystem capabilities).

+PrivateDevices=true

If true, sets up a new /dev mount for the executed processes and only
adds API pseudo devices such as /dev/null, /dev/zero or /dev/random (as
well as the pseudo TTY subsystem) to it, but no physical devices such as
/dev/sda, system memory /dev/mem, system ports /dev/port and others.

+ProtectHome=yes

If true, the directories /home, /root and /run/user are made
inaccessible and empty for processes invoked by this unit.

+ProtectSystem=strict

If set to "strict" the entire file system hierarchy is mounted
read-only, except for the API file system subtrees /dev, /proc and /sys
(protect these directories using PrivateDevices=,
ProtectKernelTunables=, ProtectControlGroups=).

+ReadWritePaths=/var/lib/iwd/

Sets up a new file system namespace for executed processes. These
options may be used to limit access a process might have to the file
system hierarchy. Each setting takes a space-separated list of paths
relative to the host's root directory (i.e. the system running the
service manager). Note that if paths contain symlinks, they are resolved
relative to the root directory set with RootDirectory=/RootImage=.
Paths listed in ReadWritePaths= are accessible from within
the namespace with the same access modes as from outside of
it.

+ProtectControlGroups=yes

If true, the Linux Control Groups (cgroups(7)) hierarchies accessible
through /sys/fs/cgroup will be made read-only to all processes of the
unit.

+ProtectKernelModules=yes

If true, explicit module loading will be denied. This allows module
load and unload operations to be turned off on modular kernels.

For further explanation to all directives see `man systemd.directives`
2019-03-19 14:00:46 -05:00
James Prestwood
dee6703122 sae: check group number on UNSUPP_FINITE_CYCLIC_GROUP
Hostapd has now been updated to include the group number when rejecting
the connection with UNSUPP_FINITE_CYCLIC_GROUP. We still need the existing
len == 0 check because old hostapd versions will still behave this way.
2019-03-19 13:59:29 -05:00
Andrew Zaborowski
2133e8a9fc eap-ttls: Memzero copies of secrets
The AVP buffers are cleared because some plaintext secrets get written
into them.
2019-03-19 11:46:51 -05:00
Andrew Zaborowski
14572c0f1a mschaputil: Memzero copies of secrets 2019-03-19 11:43:49 -05:00
Andrew Zaborowski
0bf3ae97d7 eap-mschapv2: Drop mschapv2_nt_password_hash, use mschap_nt_password_hash
The two functions looked identical, drop mschapv2_nt_password_hash and
update callers to use mschap_nt_password_hash from mschaputil.c/.h.
2019-03-19 11:34:23 -05:00
Denis Kenzior
570abd7bfb eapol: Convert memsets to explicit_bzero
We were wiping out certain secrets via memset.  Convert them to
explicit_bzero just in case the compiler decides to optimize them out.
2019-03-19 11:25:22 -05:00
Andrew Zaborowski
f76e10799f eapol,handshake: Memzero copies of secrets 2019-03-19 11:20:40 -05:00
Andrew Zaborowski
c682847249 eap-md5: Memzero copies of secrets 2019-03-19 11:11:16 -05:00
Andrew Zaborowski
8954c62bcf eap-sim: Memzero secrets after use
Also slightly simplify eap_aka_prf_prime and other functions.
2019-03-19 11:05:11 -05:00
Andrew Zaborowski
b1317d3984 eap-aka: Memzero secrets after use 2019-03-19 11:04:29 -05:00
Andrew Zaborowski
28840b29a8 simutil: Memzero secrets after use
Also slightly simplify eap_aka_prf_prime and other functions.
2019-03-19 11:03:33 -05:00
Andrew Zaborowski
c80b239b93 simutil: Optimize l_checksum usage
The checksum object was created / destroyed repeatedly.  It was
sufficient to simply call checksum_reset since the key was never
changed.
2019-03-19 11:02:55 -05:00
Andrew Zaborowski
aa7abb44c5 eap-gtc: Memzero copies of secrets
The single-use password is apparently sent in plaintext over the network
but at least try to prevent it from staying in the memory until we know
it's been used.
2019-03-19 10:56:24 -05:00
Andrew Zaborowski
5306e37279 eap-tls,eap-peap: Memzero copies of secrets 2019-03-19 10:54:18 -05:00
Andrew Zaborowski
a090b1ef52 netdev: Update Associate IEs with the values actually sent
station.c generates the IEs we will need to use for the
Authenticate/Associate and EAPoL frames and sets them into the
handshake_state object.  However the driver may modify some of them
during CMD_CONNECT and we need to use those update values so the AP
isn't confused about differing IEs in diffent frames from us.

Specifically the "wl" driver seems to do this at least for the RSN IE.
2019-03-19 09:46:32 -05:00
James Prestwood
a983ca0c33 eap-pwd: fix buffer overflow for larger groups
The KDF function processes data in 32 byte chunks so for groups which
primes are not divisible by 32 bytes, you will get a buffer overflow
when copying the last chunk of data.

Now l_checksum_get_digest is limited to the bytes remaining in the
buffer, or 32, whichever is the smallest.
2019-03-19 09:44:36 -05:00
James Prestwood
0288c537a2 eapol: have eapol_encrypt_key_data return length/error
Since eapol_encrypt_key_data already calculates the key data length and
encodes it into the key frame, we can just return this length and avoid
having to obtain it again from the frame.
2019-03-18 18:02:37 -05:00
James Prestwood
3863fa3670 eap-pwd: mitigate potential timing attacks in EAP-PWD
Similar to SAE, EAP-PWD derives an ECC point (PWE). It is possible
for information to be gathered from the timing of this derivation,
which could be used to to recover the password.

This change adapts EAP-PWD to use the same mitigation technique as
SAE where we continue to derive ECC points even after we have found
a valid point. This derivation loop continues for a set number of
iterations (20 in this case), so anyone timing it will always see
the same timings for every run of the protocol.
2019-03-18 11:29:40 -05:00
Tim Kourt
58522fe98f storage: Allow load/sync known freqs. to file 2019-03-15 17:50:29 -05:00
Andrew Zaborowski
2b544541bc scan: Drop notify callback's ifindex parameter
This is not used by any of the scan notify callback implementations and
for P2P we're going to need to scan on an interface without an ifindex
so without this the other changes should be mostly contained in scan.
2019-03-15 12:17:53 -05:00
Tim Kourt
5e95e30e41 scan: Fix misinterpretation of the channel as frequency 2019-03-14 20:11:32 -05:00
Andrew Zaborowski
154e9f63bc wiphy, netdev: Add enum values for P2P-related iftypes
Also add a mask parameter to wiphy_get_supported_iftypes to make sure
the SupportedModes property only contains the values that can be used
as Device.Mode.
2019-03-11 18:03:40 -05:00
Andrew Zaborowski
e344df432b wiphy: Fix printing supported iftypes
dbus_iftype_to_string returns NULL for unknown iftypes, the strdup will
also return NULL and ret[i] will be assigned a NULL.  As a result
the l_strjoinv will not print the known iftypes that might have come
after that and will the l_strfreev will leak the strduped strings.
2019-03-11 18:03:38 -05:00
Andrew Zaborowski
98623edd7d scan: Drop remaining sched scan code 2019-03-11 17:49:15 -05:00
Andrew Zaborowski
d0ccb8496a scan: Fix tracking external scans in sc->state
sc->state would get set when the TRIGGERED event arrived or when the
triggered callback for our own SCAN_TRIGGER command is received.
However it would not get reset to NOT_RUNNING when the NEW_SCAN_RESULTS
event is received, instead we'd first request the results with GET_SCAN
and only reset sc->state when that returns.  If during that command a
new scan gets triggered, the GET_SCAN callback would still reset
sc->state and clobber the value set by the new scan.

To fix that repurpose sc->state to only track that period from the
TRIGGERED signal to the NEW_SCAN_RESULTS signal.  sc->triggered can be
used to check if we're still waiting for the GET_SCAN command and
sc->start_cmd_id to check if we're waiting for the scan to get
triggered, so one of these three variables will now always indicate if
a scan is in progress.
2019-03-11 17:28:41 -05:00
Denis Kenzior
e295b73c4c netdev: Fix crash when aborting a connection
We can crash if we abort the connection, but the connect command has
already gone through.  In this case we will get a sequence of
authenticate_event, associate_event, connect_event.  The first and last
events don't crash since they check whether netdev->connected is true.
However, this causes an annoying warning to be printed.

Fix this by introducing an 'aborting' flag and ignore all connection
related events if it is set.

++++++++ backtrace ++++++++
2019-03-08 16:28:15 -06:00
Tim Kourt
4b9abde3e5 scan: Optimize frequency set foreach logic 2019-03-07 16:27:24 -06:00
James Prestwood
ef06f06cfb owe: handle all non-zero status codes in owe_rx_associate
Now that the OWE failure/retry is handled in netdev, we can catch
all associate error status' inside owe_rx_associate rather than only
catching UNSUPP_FINITE_CYCLIC_GROUP.
2019-03-05 16:20:40 -06:00
James Prestwood
e3f4bfb428 netdev: process association in netdev_associate_event
Apart from OWE, the association event was disregarded and all association
processing was done in netdev_connect_event. This led to
netdev_connect_event having to handle all the logic of both success and
failure, as well as parsing the association for FT and OWE. Also, without
checking the status code in the associate frame there is the potential
for the kernel to think we are connected even if association failed
(e.g. rogue AP).

This change introduces two flags into netdev, expect_connect_failure and
ignore_connect_event. All the FT processing that was once in
netdev_connect_event has now been moved into netdev_associate_event, as
well as non-FT associate frame processing. The connect event now only
handles failure cases for soft/half MAC cards.

Note: Since fullmac cards rely on the connect event, the eapol_start
and netdev_connect_ok were left in netdev_connect_event. Since neither
auth/assoc events come in on fullmac we shouldn't have any conflict with
the new flags.

Once a connection has completed association, EAPoL is started from
netdev_associate_event (if required) and the ignore_connect_event flag can
be set. This will bypass the connect event.

If a connection has failed during association for whatever reason, we can
set expect_connect_failure, the netdev reason, and the MPDU status code.
This allows netdev_connect_event to both handle the error, and, if required,
send a deauth telling the kernel that we have failed (protecting against the
rogue AP situation).
2019-03-05 16:02:52 -06:00
James Prestwood
5027bd3d0b ftutil: add associate parser
Helper to obtain RSNE, MDE, and FTE from associate frame.
2019-03-05 11:44:41 -06:00
James Prestwood
210b8645b7 netdev: remove OWE handling from netdev_connect_event
OWE processing can be completely taken care of inside
netdev_authenticate_event and netdev_associate_event. This removes
the need for OWE specific checks inside netdev_connect_event. We can
now return early out of the connect event if OWE is in progress.
2019-03-01 17:16:17 -06:00
James Prestwood
cd6e32bf90 station: temporarily blacklist BSS for certain status codes
Several Auth/Assoc failure status codes indicate that the connection
failed for reasons such as bandwidth issues, poor channel conditions
etc. These conditions should not result in the BSS being blacklisted
since its likely only a temporary issue and the AP is not actually
"broken" per-se.

This adds support in station.c to temporarily blacklist these BSS's
on a per-network basis. After the connection has completed we clear
out these blacklist entries.
2019-03-01 13:13:08 -06:00
James Prestwood
64dedd9aa5 network: add APIs to blacklist BSS's per-network
Certain error conditions require that a BSS be blacklisted only for
the duration of the current connection. The existing blacklist
does not allow for this, and since this blacklist is shared between
all interfaces it doesnt make sense to use it for this purpose.

Instead, each network object can contain its own blacklist of
scan_bss elements. New elements can be added with network_blacklist_add.
The blacklist is cleared when the connection completes, either
successfully or not.

Now inside network_bss_select both the per-network blacklist as well as
the global blacklist will be checked before returning a BSS.
2019-03-01 13:08:01 -06:00
James Prestwood
3af51558f2 netdev: pass event data to netdev events
Several netdev events benefit from including event data in the callback.
This is similar to how the connect callback works as well. The content
of the event data is documented in netdev.h (netdev_event_func_t).

By including event data for the two disconnect events, we can pass the
reason code to better handle the failure in station.c. Now, inside
station_disconnect_event, we still check if there is a pending connection,
and if so we can call the connect callback directly with HANDSHAKE_FAILED.
Doing it this way unifies the code path into a single switch statment to
handle all failures.

In addition, we pass the RSSI level index as event data to
RSSI_LEVEL_NOTIFY. This removes the need for a getter to be exposed in
netdev.h.
2019-02-28 18:26:45 -06:00
Tim Kourt
a5424829b6 scan: Standardize nomenclature between scan triggers 2019-02-28 18:25:44 -06:00
Tim Kourt
c5d6b70520 scan: Deprecate scan_send_start()
On successful send, scan_send_start(..) used to set msg to NULL,
therefore the further management of the command by the caller was
impossible. This patch removes wrapper around l_genl_family_send()
and lets the callers to take responsibility for the command.
2019-02-28 18:25:15 -06:00
James Prestwood
8fed50a448 netdev: station: fix status/reason code in callbacks
This change cleans up the mess of status vs reason codes. The two
types of codes have already been separated into different enumerations,
but netdev was still treating them the same (with last_status_code).

A new 'event_data' argument was added to the connect callback, which
has a different meaning depending on the result of the connection
(described inside netdev.h, netdev_connect_cb_t). This allows for the
removal of netdev_get_last_status_code since the status or reason
code is now passed via event_data.

Inside the netdev object last_status_code was renamed to last_code, for
the purpose of storing either status or reason. This is only used when
a disconnect needs to be emitted before failing the connection. In all
other cases we just pass the code directly into the connect_cb and do
not store it.

All ocurrences of netdev_connect_failed were updated to use the proper
code depending on the netdev result. Most of these simply changed from
REASON_CODE_UNSPECIFIED to STATUS_CODE_UNSPECIFIED. This was simply for
consistency (both codes have the same value).

netdev_[authenticate|associate]_event's were updated to parse the
status code and, if present, use that if their was a failure rather
than defaulting to UNSPECIFIED.
2019-02-28 13:38:36 -06:00
Andrew Zaborowski
6017dc5730 eap-ttls: Check phase2-method is non-NULL in load_settings
Even though .check_settings in our EAP method implementations does the
settings validation, .load_settings also has minimum sanity checks to
rule out segfaults if the settings have changed since the last
.check_settings call.
2019-02-28 13:02:26 -06:00
Tim Kourt
8f09a0c937 wiphy: Add accessor for supported frequencies 2019-02-28 10:53:04 -06:00
Tim Kourt
9f52036b85 scan: Let ELL to handle the message sizing 2019-02-28 10:52:53 -06:00
James Prestwood
d6abf62946 netdev: remove unneeded disconnect for OWE failure
If OWE fails in association there is no reason to send a disconnect
since its already known that we failed. Instead we can directly
call netdev_connect_failed
2019-02-27 16:29:18 -06:00
James Prestwood
51f21c1c9b mpdu: remove invalid reason codes 2019-02-27 16:16:25 -06:00
James Prestwood
e5e2922eee netdev: sae: owe: update to use new status codes 2019-02-27 16:15:23 -06:00
James Prestwood
ffd8e81774 mpdu: add new status code enum
mpdu.h reason codes were being abused as status codes for Auth/Assoc
protocols. This adds a whole new enum for status codes.
2019-02-27 16:15:12 -06:00
Tim Kourt
45e5c42726 scan: Add ref to cmd to make it reusable on failure 2019-02-27 16:14:22 -06:00
Denis Kenzior
917815e99a netdev: netdev_setting_keys_failed takes an errno
Instead of sending a reason_code to netdev_setting_keys_failed, make it
take an errno (negative) instead.  Since key setting failures are
entirely a system / software issue, and not a protocol issue, it makes
no sense to use a protocol error code.
2019-02-27 14:22:42 -06:00
Tim Kourt
8e44760c34 scan: Fix scan request retry logic
While triggering scan, we leave the scan command in the queue,
so it can be replayed in the case of a busy device.
2019-02-26 18:02:48 -06:00
Tim Kourt
8fc7c0e5c4 scan: Rename request triggered cb 2019-02-26 17:16:52 -06:00
James Prestwood
df923cd962 scan: increase rate factor range
The rate factor range was quite small. This increases the range a bit,
which should make higher throughput AP's preferred more.
2019-02-26 12:35:56 -06:00
James Prestwood
a0d8511331 scan: allow 5G factor to be user configurable
Some users may need their own control over 2.4/5GHz preference. This
adds a new user option, 'rank_5g_factor', which allows users to increase
or decrease their 5G preference.
2019-02-26 12:35:50 -06:00
James Prestwood
49b02907a8 ie: scan: use VHT rates in scan ranking
This adds support for parsing the VHT IE, which allows a BSS supporting
VHT (80211ac) to be ranked higher than a BSS supporting only HT/basic
rates. Now, with basic/HT/VHT parsing we can calculate the theoretical
maximum data rate for all three and rank the BSS based on that.
2019-02-25 15:07:41 -06:00
James Prestwood
ad2bf340a4 ie: scan: use HT rates in scan ranking
This adds HT IE parsing and data rate calculation for HT (80211n)
rates. Now, a BSS supporting HT rates will be ranked higher than
a basic rate BSS, assuming the RSSI is at an acceptable level.
2019-02-25 11:52:58 -06:00
James Prestwood
5ce6e173ba ie: make rate_rssi_map const 2019-02-25 11:47:54 -06:00
James Prestwood
7d7fcff03b ie: scan: take into account RSSI when parsing data rate
The spec dictates RSSI thresholds for different modulation schemes, which
correlate to different data rates. Until now were were ranking a BSS with
only looking at its advertised data rate, which may not even be possible
if the RSSI does not meet the threshold.

Now, RSSI is taken into consideration and the data rate returned from
parsing (Ext) Supported Rates IE(s) will reflect that.
2019-02-22 17:44:06 -06:00
James Prestwood
922e10e82c ie: add macro for calculating an IE's length
All over the place we do "ie[1] + 2" for getting the IE length. It
is much clearer to use a macro to do this. The macro also checks
for NULL, and returns zero in this case.
2019-02-22 17:41:11 -06:00
James Prestwood
c18b1289a5 ap: move ie_parse_supported_rates into ap.c
Supported rates will soon be parsed along with HT/VHT capabilities
to determine the best data rate. This will remove the need for the
supported_rates uintset element in scan_bss, as well as the single
API to only parse the supported rates IE. AP still does rely on
this though (since it only supports basic rates), so the parsing
function was moved into ap.c.
2019-02-22 17:41:01 -06:00
Andrew Zaborowski
dbd619c231 eap-tls-common: More complete certificate validation
In the methods' check_settings do a more complete early check for
possible certificate / private key misconfiguration, including check
that the certificate and the private key are always present or absent
together and that they actually match each other.  Do this by encrypting
and decrypting a small buffer because we have no better API for that.
2019-02-08 13:59:32 -06:00
Andrew Zaborowski
d9f0cc47d0 eap: Remove redundant error messages in .load_settings
A method's .check_settings method checks for inconsistent setting files
and prints readable errors so there's no need to do that again in
.load_settings, although at some point after removing the duplicate
error messages from the load_settings methods we agreed to keep minimum
checks that could cause a crash e.g. in a corner case like when the
setting file got modified between the check_settings and the
load_settings call.  Some error messages have been re-added to
load_settings after that (e.g. in
bb4e1ebd4f) but they're incomplete and not
useful so remove them.
2019-02-08 13:43:05 -06:00
Andrew Zaborowski
451a7e9b52 eap-ttls: Check Phase 2 method name is not NULL 2019-02-08 13:42:51 -06:00
Andrew Zaborowski
8dfb8e9207 handshake: Remove unused handshake_state_get_8021x_config 2019-02-08 13:42:44 -06:00
Tim Kourt
22318ebbd5 main: Ensure existence of the storage dir at startup
Previously, the storage dir has only been created after a successful
network connection, causing removal of Known Network interface from
Dbus and failure to register dir watcher until daemon is restarted.
2019-02-07 11:07:43 -06:00
Denis Kenzior
995cbc7ad3 mpdu: relax IE ordering requirements 2019-02-07 10:44:09 -06:00
Denis Kenzior
bd7f8bf613 eapol: Relax message 2 / 4 key_length check
Seems certain Apple implementations set the key length to 16, even
though it should be 0.
2019-02-07 10:13:17 -06:00
James Prestwood
bc9e70f9cd sae: fix length check and commit buffer size
A length check was still assuming the 256 bit ECC group. This
was updated to scale with the group. The commit buffer was also
not properly sized. This was changed to allow for the largest
ECC group supported.
2019-02-02 09:25:20 -06:00
James Prestwood
a4fdddc403 sae: allow other ECC groups and group negotiation
SAE was hardcoded to work only with group 19. This change fixes up the
hard coded lengths to allow it to work with group 20 since ELL supports
it. There was also good amount of logic added to support negotiating
groups. Before, since we only supported group 19, we would just reject
the connection to an AP unless it only supported group 19.

This did lead to a discovery of a potential bug in hostapd, which was
worked around in SAE in order to properly support group negotiation.

If an AP receives a commit request with a group it does not support it
should reject the authentication with code 77. According to the spec
it should also include the group number which it is rejecting. This is
not the case with hostapd. To fix this we needed to special case a
length check where we would otherwise fail the connection.
2019-02-01 15:57:26 -06:00
Denis Kenzior
c926b3fe80 eap-pwd: Remove unneeded cast 2019-01-31 12:41:58 -06:00
James Prestwood
bb28351c93 eap-pwd: Update EAP-PWD to allow larger ECC groups
Most of this work was already done after moving ECC into ELL, but
there were still a few places where the 256-bit group was assumed.
This allows the 384-bit group to be used, and theoretically any
other group added to ELL in the future.
2019-01-31 12:40:03 -06:00
James Prestwood
025ca0d4d3 network: allow network_bss_select to skip blacklist
If we have a BSS list where all BSS's have been blacklisted we still
need a way to force a connection to that network, instead of having
to wait for the blacklist entry to expire. network_bss_select now
takes a boolean 'fallback_to_blacklist' which causes the selection
to still return a connectable BSS even if the entire list was
blacklisted.

In most cases this is set to true, as these cases are initiated by
DBus calls. The only case where this is not true is inside
station_try_next_bss, where we do want to honor the blacklist.
This both prevents an explicit connect call (where all BSS's are
blacklisted) from trying all the blacklisted BSS's, as well as the
autoconnect case where we simply should not try to connect if all
the BSS's are blacklisted.

There are is some implied behavior here that may not be obvious:

On an explicit DBus connect call IWD will attempt to connect to
any non-blacklisted BSS found under the network. If unsuccessful,
the current BSS will be blacklisted and IWD will try the next
in the list. This will repeat until all BSS's are blacklisted,
and in this case the connect call will fail.

If a connect is tried again when all BSS's are blacklisted IWD
will attempt to connect to the first connectable blacklisted
BSS, and if this fails the connect call will fail. No more
connection attempts will happen until the next DBus call.
2019-01-31 12:36:58 -06:00
James Prestwood
45cc0fd918 network/station: add BSS blacklisting
If IWD fails to connect to a BSS we can attempt to connect to a different
BSS under the same network and blacklist the first BSS. In the case of an
incorrect PSK (MMPDU code 2 or 23) we will still fail the connection.

station_connect_cb was refactored to better handle the dbus case. Now the
netdev result switch statement is handled before deciding whether to send
a dbus reply. This allows for both cases where we are trying to connect
to the next BSS in autoconnect, as well as in the dbus case.
2019-01-30 13:23:38 -06:00
James Prestwood
da485179a6 station: refactor __station_connect_network
This makes __station_connect_network even less intelligent by JUST
making it connect to a network, without any state changes. This makes
the rekey logic much cleaner.

We were also changing dbus properties when setting the state to
CONNECTING, so those dbus property change calls were moved into
station_enter_state.
2019-01-30 13:23:36 -06:00
Denis Kenzior
cff0600621 station: Use station_disassociated instead
station_disconnect can trigger yet another netdev_disconnect call (which
would obviously fail since we're no longer connected)
2019-01-28 15:52:18 -06:00
Denis Kenzior
d51c3db4ce station: Simplify logic 2019-01-28 15:52:02 -06:00
James Prestwood
a2354f88a6 station/netdev: handle rekeying based on driver features
A new driver extended feature bit was added signifying if the driver
supports PTK replacement/rekeying. During a connect, netdev checks
for the driver feature and sets the handshakes 'no_rekey' flag
accordingly.

At some point the AP will decide to rekey which is handled inside
eapol. If no_rekey is unset we rekey as normal and the connection
remains open. If we have set no_rekey eapol will emit
HANDSHAKE_EVENT_REKEY_FAILED, which is now caught inside station. If
this happens our only choice is to fully disconnect and reconnect.
2019-01-28 15:49:57 -06:00
James Prestwood
8edaa23f8a eapol: emit HANDSHAKE_EVENT_REKEY_FAILED
If we receive handshake message 1/4 after we are already connected
the AP is attempting to rekey. This may not be allowed and if not
we do not process the rekey and emit HANDSHAKE_EVENT_REKEY_FAILED
so any listeners can handle accordingly.
2019-01-28 15:38:47 -06:00
James Prestwood
a76376cac4 handshake: add HANDSHAKE_EVENT_REKEY_FAILED
This event will be emitted from eapol if the AP is attempting to
rekey but the handshake object does not allow it (via no_rekey).
2019-01-28 15:37:21 -06:00
James Prestwood
2a7a756c9f handshake: add flag and setter to disallow rekeying 2019-01-28 15:36:51 -06:00
James Prestwood
e4f22f0a5d ap: fix crash when stopping AP
The AP structure was getting cleaned up twice. When the DBus stop method came
in we do AP_STOP on nl80211. In this callback the AP was getting freed in
ap_reset. Also when the DBus interface was cleaned up it triggered ap_reset.

Since ap->started gets set to false in ap_reset, we now check this and bail
out if the AP is already stopped.

Fixes:
++++++++ backtrace ++++++++
0  0x7f099c11ef20 in /lib/x86_64-linux-gnu/libc.so.6
1  0x43fed0 in l_queue_foreach() at ell/queue.c:441 (discriminator 3)
2  0x423a6c in ap_reset() at src/ap.c:140
3  0x423b69 in ap_free() at src/ap.c:162
4  0x44ee86 in interface_instance_free() at ell/dbus-service.c:513
5  0x451730 in _dbus_object_tree_remove_interface() at ell/dbus-service.c:1650
6  0x405c07 in netdev_newlink_notify() at src/netdev.c:4449 (discriminator 9)
7  0x440775 in l_hashmap_foreach() at ell/hashmap.c:534
8  0x4455d3 in process_broadcast() at ell/netlink.c:158
9  0x4439b3 in io_callback() at ell/io.c:126
10 0x442c4e in l_main_iterate() at ell/main.c:473
11 0x442d1c in l_main_run() at ell/main.c:516
12 0x442f2b in l_main_run_with_signal() at ell/main.c:644
13 0x403ab3 in main() at src/main.c:504
14 0x7f099c101b97 in /lib/x86_64-linux-gnu/libc.so.6
+++++++++++++++++++++++++++
2019-01-25 18:51:18 -06:00
James Prestwood
ed6f5ea55a blacklist: add blacklist.[ch] to build and main
This will allow for blacklisting a BSS if the connection fails. The
actual blacklist module is simple and must be driven by station. All
it does is add BSS addresses, a timestamp, and a timeout to a queue.
Entries can also be removed, or checked if they exist. The blacklist
timeout is configuratble in main.conf, as well as the blacklist
timeout multiplier and maximum timeout. The multiplier is used after
a blacklisted BSS timeout expires but we still fail to connect on the
next connection attempt. We multiply the current timeout by the
multiplier so the BSS remains in the blacklist for a larger growing
amount of time until it reaches the maximum (24 hours by default).
2019-01-24 17:29:15 -06:00
James Prestwood
475d1082d7 netdev: store mpdu status and add getter
Soon BSS blacklisting will be added, and in order to properly decide if
a BSS should be blacklisted we need the status code on a failed
connection. This change stores the status code when there is a failure
in netdev and adds a getter to retrieve later. In many cases we have
the actual status code from the AP, but in some corner cases its not
obtainable (e.g. an error sending an NL80211 command) in which case we
just default to MMPDU_REASON_CODE_UNSPECIFIED.

Rather than continue with the pattern of setting netdev->result and
now netdev->last_status_code, the netdev_connect_failed function was
redefined so its no longer used as both a NL80211 callback and called
directly. Instead a new function was added, netdev_disconnect_cb which
just calls netdev_connect_failed. netdev_disconnect_cb should not be
used for all the NL80211 disconnect commands. Now netdev_connect_failed
takes both a result and status code which it sets in the netdev object.
In the case where we were using netdev_connect_failed as a callback we
still need to set the result and last_status_code but at least this is
better than having to set those in all cases.
2019-01-24 16:54:39 -06:00
Marcel Holtmann
39ee15dbc3 build: Provide modules-load.d for loading pkcs8_key_parser module 2019-01-23 18:22:11 +01:00
Andrew Zaborowski
c9490ce657 crypto: Optimize hkdf_expand slightly
Remove an unneeded buffer and its memcpy, remove the now unneeded use of
l_checksum_digest_length and use l_checksum_reset instead of creating a
new l_checksum for each chunk.
2019-01-22 11:40:07 -06:00
James Prestwood
922506105e owe: allow group 20 + group negotiation
ELL ECC supports group 20 (P384) so OWE can also support it. This also
adds group negotiation, where OWE can choose a different group than the
default if the AP requests it.

A check needed to be added in netdev in order for the negotiation to work.
The RFC says that if a group is not supported association should be rejected
with code 77 (unsupported finite cyclic group) and association should be
started again. This rejection was causing a connect event to be emitted by
the kernel (in addition to an associate event) which would result in netdev
terminating the connection, which we didn't want. Since OWE receives the
rejected associate event it can intelligently decide whether it really wants
to terminate (out of supported groups) or try the next available group.

This also utilizes the new MIC/KEK/KCK length changes, since OWE dictates
the lengths of those keys.
2019-01-17 15:24:56 -06:00
James Prestwood
d79b2b28ec eapol: use HMAC-SHA384 for OWE in MIC calculation 2019-01-17 15:20:28 -06:00
James Prestwood
7bfaf182e6 crypto: allow hkdf_expand/extract to use different SHA's
Rather than hard coding to SHA256, we can pass in l_checksum_type
and use that SHA. This will allow for OWE/SAE/PWD to support more
curves that use different SHA algorithms for hashing.
2019-01-17 15:20:28 -06:00
James Prestwood
90c39afd61 handshake: add OWE to get_ptk_size
OWE defines KEK/KCK lengths depending on group. This change adds a
case into handshake_get_key_sizes. With OWE we can determine the
key lengths based on the PMK length in the handshake.
2019-01-17 15:20:28 -06:00
James Prestwood
532c9a5521 eapol: Add OWE cases for different key lengths
In preparation for OWE supporting multiple groups eapol needed some
additional cases to handle the OWE AKM since OWE dictates the KEK,
KCK and MIC key lengths (depending on group).
2019-01-17 15:20:28 -06:00
James Prestwood
2c82d6b223 crypto: pass PMK length to crypto_derive_pairwise_ptk
Right now the PMK is hard coded to 32 bytes, which works for the vast
majority of cases. The only outlier is OWE which can generate a PMK
of 32, 48 or 64 bytes depending on the ECC group used. The PMK length
is already stored in the handshake, so now we can just pass that to
crypto_derive_pairwise_ptk
2019-01-17 15:20:28 -06:00
James Prestwood
6771a06463 crypto/handshake/eapol: Allow other PTK lengths
The crypto_ptk was hard coded for 16 byte KCK/KEK. Depending on the
AKM these can be up to 32 bytes. This changes completely removes the
crypto_ptk struct and adds getters to the handshake object for the
kck and kek. Like before the PTK is derived into a continuous buffer,
and the kck/kek getters take care of returning the proper key offset
depending on AKM.

To allow for larger than 16 byte keys aes_unwrap needed to be
modified to take the kek length.
2019-01-17 15:20:28 -06:00
James Prestwood
374b367ba4 eapol: allow 16, 24 and 32 byte MIC lengths
The MIC length was hard coded to 16 bytes everywhere, and since several
AKMs require larger MIC's (24/32) this needed to change. The main issue
was that the MIC was hard coded to 16 bytes inside eapol_key. Instead
of doing this, the MIC, key_data_length, and key_data elements were all
bundled into key_data[0]. In order to retrieve the MIC, key_data_len,
or key_data several macros were introduced which account for the MIC
length provided.

A consequence of this is that all the verify functions inside eapol now
require the MIC length as a parameter because without it they cannot
determine the byte offset of key_data or key_data_length.

The MIC length for a given handshake is set inside the SM when starting
EAPoL. This length is determined by the AKM for the handshake.
2019-01-17 15:20:28 -06:00
Tim Kourt
80d4e9b572 station: Default to active scan if MAC randomization is present
This patch also simplifies the scan type selection logic.
2019-01-16 15:05:38 -06:00
James Prestwood
55a7e9d82a pwd/sae/owe: update to use l_ecc_curve_get_ike_group 2019-01-16 15:05:06 -06:00
Tim Kourt
71b10ab271 scan: Enable the usage of MAC randomization flag 2019-01-16 13:02:25 -06:00
Tim Kourt
81d570572e wiphy: Add MAC randomization feature check API 2019-01-16 13:01:12 -06:00
James Prestwood
37cfec01a2 crypto: add hmac_sha384
To support OWE group 20, which uses HMAC-SHA384 for hashing the PMK
2019-01-15 15:07:26 -06:00
James Prestwood
8e7da821f9 handshake: store PMK length
Non-802.11 AKMs can define their own key lengths. Currently only OWE does
this, and the MIC/KEK/KCK lengths will be determined by the PMK length so
we need to save it.
2019-01-15 14:57:53 -06:00
Andrew Zaborowski
2600c446ab netdev: Skip a memcpy when no data to copy 2019-01-15 07:40:51 -06:00
Andrew Zaborowski
52b3268b78 netdev: Allow NULL prefix in netdev_frame_watch_add
Make sure we don't pass NULLs to memcmp or l_memdup when the prefix
buffer is NULL.  There's no point having callers pass dummy buffers if
they need to watch frames independent of the frame data.
2019-01-15 07:40:51 -06:00
Andrew Zaborowski
8aa306fddc eap-wsc: Use new l_key DH helper functions
Start using l_key_generate_dh_private and l_key_validate_dh_payload to
check for the disallowed corner case values in the DH private/public
values generated/received.
2019-01-14 15:20:50 -06:00
Tim Kourt
726bf9d8e4 eap: Make Identity optional
Some of the EAP methods don't require a clear-text identity to
be sent with the Identity Response packet. The mandatory identity
filed has resulted in unnecessary transmission of the garbage
values. This patch makes the Identity field to be optional and
shift responsibility to ensure its existence to the individual
methods if the field is required. All necessary identity checks
have been previously propagated to individual methods.
2019-01-11 17:36:33 -06:00
Denis Kenzior
782bd4a7ae network: Reset connected_time when forgetting
If a network is being forgotten, then make sure to reset connected_time.
Otherwise the rank logic thinks that the network is known which can
result in network_find_rank_index returning -1.

Found by sanitizer:
src/network.c:1329:23: runtime error: index -1 out of bounds for type
	'double [64]'
2019-01-11 17:28:10 -06:00
Denis Kenzior
e256cbaba9 eapol: Don't memcpy if no extra data
As reported by the sanitizer:

src/eapol.c:574:2: runtime error: null pointer passed as argument 2,
	which is declared to never be null
2019-01-11 17:10:47 -06:00
Denis Kenzior
30cf1aa376 mpdu: Fix buffer overflow reported by asan
==25412==ERROR: AddressSanitizer: global-buffer-overflow on address 0x000000421ab0 at pc 0x000000402faf bp 0x7fffffffdb00 sp 0x7fffffffdaf0
READ of size 4 at 0x000000421ab0 thread T0
    #0 0x402fae in validate_mgmt_ies src/mpdu.c:128
    #1 0x403ce8 in validate_probe_request_mmpdu src/mpdu.c:370
    #2 0x404ef2 in validate_mgmt_mpdu src/mpdu.c:662
    #3 0x405166 in mpdu_validate src/mpdu.c:706
    #4 0x402529 in ie_order_test unit/test-mpdu.c:156
    #5 0x418f49 in l_test_run ell/test.c:83
    #6 0x402715 in main unit/test-mpdu.c:171
    #7 0x7ffff5d43ed9 in __libc_start_main (/lib64/libc.so.6+0x20ed9)
    #8 0x4019a9 in _start (/home/denkenz/iwd-master/unit/test-mpdu+0x4019a9)
2019-01-11 11:43:21 -06:00
James Prestwood
c2189bc67e sae: fix one-off error in sae_is_quadradic_residue
This fixes the valgrind warning:

==14804== Conditional jump or move depends on uninitialised value(s)
==14804==    at 0x402E56: sae_is_quadradic_residue (sae.c:218)
==14804==    by 0x402E56: sae_compute_pwe (sae.c:272)
==14804==    by 0x402E56: sae_build_commit (sae.c:333)
==14804==    by 0x402E56: sae_send_commit (sae.c:591)
==14804==    by 0x401CC3: test_confirm_after_accept (test-sae.c:454)
==14804==    by 0x408A28: l_test_run (test.c:83)
==14804==    by 0x401427: main (test-sae.c:566)
2019-01-11 11:19:17 -06:00
Tim Kourt
e57f46df30 eap-ttls: Add tunneled MSCHAPv2 support 2019-01-10 17:26:19 -06:00
Tim Kourt
fd2c34cebc eap-ttls: Use method object in phase2 reset/destroy 2019-01-10 17:23:18 -06:00
Tim Kourt
9d1e2fa85b eap-ttls: Change signature of Phase 2 reset method 2019-01-10 17:22:56 -06:00
Tim Kourt
f924974e62 eap-ttls: Allow NULL state for Phase 2 2019-01-10 17:22:42 -06:00
Tim Kourt
af297039b1 eap-ttls: Extract credentials into dedicated struct 2019-01-10 17:18:45 -06:00
Tim Kourt
bb4e1ebd4f eap-mschapv2: Warn if required fields are missing 2019-01-10 17:12:55 -06:00
Tim Kourt
bfb69e930f eap-mschapv2: Fix domain name usage in username
The domain name must be excluded from the username only for the NT
challenge calculations and left in place for everything else.
2019-01-10 17:12:28 -06:00
Tim Kourt
3a71cf458b mschaputil: Move generator of the hash of the pwd hash 2019-01-10 17:09:10 -06:00
Tim Kourt
c8f071c67c mschaputil: Rearrange ops to fail early 2019-01-10 17:07:59 -06:00
Tim Kourt
cd00416168 mschaputil: Exlude domain name from challenge generation 2019-01-10 17:07:38 -06:00
Tim Kourt
5d9d00fac3 mschaputil: Adapt mschapv2 to re-use mschap ops
In addition, it refactors code to use l_util_hexstring_upper
2019-01-10 17:04:52 -06:00
Tim Kourt
6ffa1cf58a mschaputil: Move mschapv2 funcs into common util 2019-01-10 16:48:45 -06:00
Denis Kenzior
9b722197ba ecc: Remove remaining ECC/ECDH files
ECC primitives have now been fully converted / moved to ell.
2019-01-10 16:27:09 -06:00
James Prestwood
73dd0602fd sae: verify peer element for valid point
The return from l_ecc_point_from_data was not being checked for NULL,
which would cause a segfault if the peer sent an invalid point.
This adds a check and fails the protocol if p_element is NULL, as the
spec defines.
2019-01-10 16:26:29 -06:00
James Prestwood
48f5a051bc sae: update SAE to use ELL API's 2019-01-10 14:28:02 -06:00
James Prestwood
1d66ee0dd5 eap-pwd: update to use ELL ECC API's 2019-01-10 14:27:10 -06:00
Denis Kenzior
12189fcf39 conf: Increase default eapool handshake timeout 2019-01-09 21:13:53 -06:00
Andrew Zaborowski
d242cfc9e9 owe: Update l_ecdh_generate_shared_secret parameters 2018-12-28 12:32:14 -06:00
Andrew Zaborowski
8f9408efc7 eap-tls-common: Call the new l_tls_start 2018-12-19 10:05:35 -06:00
Andrew Zaborowski
6bf365d9a4 eapol: Check handshake_state_get_pmkid return value
Don't proceed with the handshake if handshake_state_get_pmkid fails
(shouldn't happen, but it's an error situation)
2018-12-19 10:05:16 -06:00
Tim Kourt
9d9f8331fa eap-tls-common: Increase log level for the common warning 2018-12-17 14:07:07 -06:00
Tim Kourt
a98089ed65 eap-tls-common: Add missing data 2018-12-17 14:06:59 -06:00
Denis Kenzior
686f515e04 eap-ttls: Bump up buffer sizes to quiet warnings
src/eap-ttls.c:766:50: error: ‘Password’ directive output may be truncated writing 8 bytes into a region of size between 1 and 72 [-Werror=format-truncation=]
  snprintf(password_key, sizeof(password_key), "%sPassword", prefix);
                                                  ^~~~~~~~
In file included from /usr/include/stdio.h:862,
                 from src/eap-ttls.c:28:
/usr/include/bits/stdio2.h:64:10: note: ‘__builtin___snprintf_chk’ output between 9 and 80 bytes into a destination of size 72
   return __builtin___snprintf_chk (__s, __n, __USE_FORTIFY_LEVEL - 1,
          ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        __bos (__s), __fmt, __va_arg_pack ());
        ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
2018-12-17 11:21:55 -06:00
Andrew Zaborowski
961e6d1480 eap-tls: Replace l_pem_load_certificate() with newer functions
Stop using l_pem_load_certificate which has been removed from ell, use
the same functions to load certificate files to validate them as those
used by the TLS implementation itself.
2018-12-17 11:18:42 -06:00
Tim Kourt
cff86c8419 eap-ttls: Propagate status of challenge generator 2018-12-14 14:18:22 -06:00
James Prestwood
c2094c5e04 ecdh: remove ECDH and unit tests
ECDH was moved into ell and is no longer needed in IWD
2018-12-12 11:12:27 -06:00
James Prestwood
e11c157478 owe: updated to use ell ECDH/ECC API's 2018-12-12 11:12:24 -06:00
Tim Kourt
fb656ff87a eap-tls-common: Make databuf private 2018-12-11 17:09:51 -06:00
Andrew Zaborowski
529ae6e683 eap-tls: Check AP identity in tls ready callbck
Check that the TLS logic has verified the server is trusted by the CA if
one was configured.  This is more of an assert as ell intentionally only
allows empty certificate chains from the peer in server mode (if a CA
certficate is set) although this could be made configurable.
2018-12-10 12:04:56 -06:00
Andrew Zaborowski
57ce6d0ca5 station: Check network_get_psk/passphrase return values
Check the returned values are not NULL.
2018-12-10 12:04:53 -06:00
Tim Kourt
610f9d28f0 eap-ttls: Migrate to eap-tls-common framework
The conversion transitions EAP-TTLS implementation to use a
common Phase 1 implementation shared among all TLS based
EAP methods.
2018-12-05 22:57:36 -06:00
Tim Kourt
84eda62823 eap-tls-common: ACK first fragment with missing M bit 2018-12-05 22:55:02 -06:00
Tim Kourt
30dfe9225c eap-peap: Migrate to eap-tls-common framework
The conversion transitions EAP-PEAP implementation to use a
common Phase 1 implementation shared among all TLS based
EAP methods.
2018-12-05 22:31:17 -06:00
Tim Kourt
4b9970bd99 eap-tls-common: Add comment 2018-12-05 22:26:29 -06:00
Denis Kenzior
94b7a69146 eap-tls-common: Fix typo 2018-12-05 11:55:00 -06:00
Tim Kourt
aafa4d50bb eap-tls: Migrate to eap-tls-common framework
The conversion transitions EAP-TLS implementation to use a
common Phase 1 implementation shared among all TLS based
EAP methods.
2018-12-05 11:53:59 -06:00
Tim Kourt
645b72be06 eap-tls-common: Validate successful loading of keys/certs 2018-12-05 11:33:47 -06:00
Tim Kourt
f1f826ee81 eap-tls-common: Handle packet payload 2018-12-05 11:33:06 -06:00
Andrew Zaborowski
b375191c61 scan: Drop the wiphy_id scan callback parameter 2018-12-04 10:36:17 -06:00
Andrew Zaborowski
e4858d6da3 scan: Refactor scan request and periodic scan logic
This should not change the behaviour except for fixing a rare crash
due to scan_cancel not working correctly when cancelling the first scan
request in the queue while a periodic scan was running, and potentially
other corner cases.  To be able to better distinguish between a periodic
scan in progress and a scan request in progress add a sc->current_sr
field that points either at a scan request or is NULL when a periodic
scan is in ongoing.  Move the triggered flag from scan_request and
scan_preiodic directly to scan_context so it's there together with
start_cmd_id.  Hopefully make scan_cancel simpler/clearer.

Note sc->state and sc->triggered have similar semantics so one of them
may be easily removed.  Also the wiphy_id parameter to the scan callback
is rather useless, note I temporarily pass 0 as the value on error but
perhaps it should be dropped.
2018-12-04 10:32:57 -06:00
Tim Kourt
f07119b33a eap-tls-common: Add tunnel API for send, close 2018-12-04 10:25:24 -06:00
Tim Kourt
6490ecd615 eap-tls-common: Add accessors for variant data and ver 2018-12-04 10:23:49 -06:00
Tim Kourt
663cf9931e eap-tls-common: Expose PRF 2018-12-04 10:22:00 -06:00
Tim Kourt
8dc9276800 eap-tls-common: Make send empty response func. public 2018-12-04 10:21:28 -06:00
Tim Kourt
779f668ab9 eap-tls-common: Introduce variant data and reset API 2018-12-04 10:19:55 -06:00
Tim Kourt
bb98101bd4 eap-tls-common: Handle response retransmission 2018-12-04 10:19:20 -06:00
Tim Kourt
9df7785fee eap-tls-common: Add phase 2 failure flag
This flag is used by the extensions to signal the failure
during phase 2 execution.
2018-12-04 10:18:53 -06:00
Tim Kourt
c1f791afc4 eap-tls-common: Handle common tunnel ready cb 2018-12-04 10:18:11 -06:00
Tim Kourt
c2d3a84e3a eap-tls-common: Add method completion flag
This flag prevents methods from restarting
2018-12-04 10:16:36 -06:00
Tim Kourt
c35c91ad20 eap-tls-common: Add support for fragmented response 2018-12-04 10:14:39 -06:00
Tim Kourt
718f967d17 eap-tls-common: Add basic send response 2018-12-04 10:13:24 -06:00
Tim Kourt
802891fcc3 eap-tls-common: Add tunneled data handling 2018-12-04 10:04:07 -06:00
Tim Kourt
edfc070d96 eap-tls-common: Add tls tunnel 2018-12-04 10:03:07 -06:00
Tim Kourt
c865eaa141 eap-tls-common: Add support for the fragmented requests 2018-12-03 14:31:16 -06:00
Tim Kourt
36e2252606 eap-tls-common: Add basic request handling
This also introduces the version negotiation
2018-12-03 14:31:16 -06:00
Tim Kourt
7aa35bf6c7 eap-tls-common: Introduce eap_tls_variant_ops
eap_tls_variant_ops will allow methods such as TTLS, PEAP,
etc. to specify their own handlers for the Phase 2 operations.
2018-12-03 14:31:16 -06:00
Andrew Zaborowski
47bb5b5f72 network: Generate the PSK as soon as we have a passphrase
In the name of failing earlier try to generate the PSK from the
passphrase as soon as we receive the passphrase or read it from the
file, mainly to validate it has the right number of characters.
The passphrase length currently gets validates inside
crypto_psk_from_passphrase which will be called when we receive a new
passphrase from the agent or when the config file has no PSK in it.  We
do not do this when there's already both the PSK and the passphrase
available in the settings -- we can add that separately if needed.
2018-12-03 14:17:30 -06:00
Andrew Zaborowski
0d3f16ec5e scan: Call .destroy in scan_request_free
The main difference with this is that scan_context removal will also
trigger the .destroy calls.  Normally there won't be any requests left
during scan_context but if there were any we should call destroy on
them.
2018-12-03 11:42:32 -06:00
Denis Kenzior
5b3ae4c40c wsc: Only add WSC interface if netdev is UP 2018-11-29 11:45:20 -06:00
Denis Kenzior
9e1ba84f26 device: Restore device Powered state
After wiphy comes out of the rfkill state and is again powered, restore
the device state to Powered if needed.
2018-11-29 11:34:07 -06:00
Denis Kenzior
0dd8114970 wiphy: Add wiphy state watch add / remove 2018-11-29 11:22:50 -06:00
Denis Kenzior
9be982b460 wiphy: Introduce wiphy_new 2018-11-29 11:22:07 -06:00
Denis Kenzior
52771de1a5 eapol: Further relax PMKID check
If we haven't sent a PMKID, and we're not running EAP, then ignore
whatever PMKID the AP sends us.  Frequently the APs send us garbage in
this field.  For PSK and related AKMs, if the PMK is wrong, then we
simply fail to generate a proper MIC and the handshake would fail at a
later stage anyway.
2018-11-28 19:06:33 -06:00
Tim Kourt
0536a9bdd5 scan: Fix failure handling in common scan triggering logic
Fix incorrect usage of the caller’s scan triggered callback.
In case of a failure, destroy scan request and notify caller
about the issue by returning zero scan id instead of calling
callers’ scan triggered callback with an error code.
2018-11-26 18:16:11 -06:00
Shaleen Jain
d9c89e89c6 iwd.service: restart service on crash 2018-11-26 14:38:07 -06:00
Andreas Henriksson
b6910e1210 build: only enable backtrace(3) in maintainer mode
Using backtrace() is of no use when building with PIE (which most
distro compilers do by default) and prevents catching the coredump
for later retracing, which is needed since distros usually don't
install debug symbols by default either.

This patch thus only enables backtrace() when --enable-maintainer-mode
is passed and also tries to explicitly disable PIE.
2018-11-26 14:32:04 -06:00
Andrew Zaborowski
95c05d447b scan: Fix confusing identation 2018-11-21 11:28:48 -06:00
Denis Kenzior
e609981b61 eap-tls-common: Update to private key API changes 2018-11-21 11:28:34 -06:00
Andrew Zaborowski
299af7fc39 eap-tls, ttls, peap: Update for private key API changes 2018-11-21 11:25:03 -06:00
Tim Kourt
bdcff2cdde eap: Add accessors for the method name and type 2018-11-19 17:10:53 -06:00
Tim Kourt
87c411f816 eap-tls-common: Introduce a common tls state and load settings 2018-11-19 17:10:53 -06:00
Tim Kourt
514d442db1 eap-tls-common: Add check for phase one settings 2018-11-19 17:10:53 -06:00
Denis Kenzior
1e6df6a226 ecdh: Fix warning 2018-11-19 14:27:17 -06:00
James Prestwood
c3abfde025 ecdh: make key byte ordering consistent
ECDH was expecting the private key in LE, but the public key in BE byte ordering.
For consistency the ECDH now expect all inputs in LE byte ordering. It is up to
the caller to order the bytes appropriately.

This required adding some ecc_native2be/be2native calls in OWE
2018-11-19 13:46:28 -06:00
Andrew Zaborowski
d7dc6606de eap-tls, ttls, peap: Update for l_tls API changes 2018-11-19 13:03:38 -06:00
Denis Kenzior
53db703773 netdev: Fix style 2018-11-19 12:09:27 -06:00
Denis Kenzior
adb14dfca5 netdev: Fix typo 2018-11-19 11:53:30 -06:00
James Prestwood
576c6dc9f3 netdev/station: Add OWE support
The changes to station.c are minor. Specifically,
station_build_handshake_rsn was modified to always build up the RSN
information, not just for SECURITY_8021X and SECURITY_PSK. This is
because OWE needs this RSN information, even though it is still
SECURITY_NONE. Since "regular" open networks don't need this, a check
was added (security == NONE && akm != OWE) which skips the RSN
building.

netdev.c needed to be changed in nearly the same manor as it was for
SAE. When connecting, we check if the AKM is for OWE, and if so create
a new OWE SM and start it. OWE handles all the ECDH, and netdev handles
sending CMD_AUTHENTICATE and CMD_ASSOCIATE when triggered by OWE. The
incoming authenticate/associate events just get forwarded to OWE as they
do with SAE.
2018-11-19 11:51:02 -06:00
James Prestwood
8978f8c43f owe: added OWE module
This module is similar to SAE in that it communicates over authenticate
and associate frames. Creating a new OWE SM requires registering two TX
functions that handle sending the data out over CMD_AUTHENTICATE/ASSOCIATE,
as well as a complete function.

Once ready, calling owe_start will kick off the OWE process, first by
sending out an authenticate frame. There is nothing special here, since
OWE is done over the associate request/response.

After the authenticate response comes in OWE will send out the associate
frame which includes the ECDH public key, and then receive the AP's
public key via the associate response. From here OWE will use ECDH to
compute the shared secret, and the PMK/PMKID. Both are set into the
handshake object.

Assuming the PMK/PMKID are successfully computed the OWE complete callback
will trigger, meaning the 4-way handshake can begin using the PMK/PMKID
that were set in the handshake object.
2018-11-16 18:06:42 -06:00
James Prestwood
60555ece3b handshake: added OWE AKM to handshake_state_derive_ptk 2018-11-16 17:03:06 -06:00
James Prestwood
126993b9e3 eapol: Add OWE to MIC calculate/verify
This allows eapol to work with the OWE AKM type. Similar shortcuts were
taken as with SAE since, for now, both only support a single ECC group.
2018-11-16 17:02:13 -06:00
James Prestwood
d19b1bb85e wiphy: Handle OWE AKM for SECURITY_TYPE_NONE 2018-11-16 16:59:59 -06:00
James Prestwood
ef544dfc6e common: Classify OWE networks as open 2018-11-16 16:59:59 -06:00
James Prestwood
8740abb60e netdev: add translation for OWE AKM type 2018-11-16 16:59:59 -06:00
James Prestwood
3293bd9933 ie: add OWE AKM type
Added a new AKM suite, IE_RSN_AKM_SUITE_OWE.
2018-11-16 16:59:45 -06:00
Tim Kourt
e4a76018fd scan: Make periodic scan optional 2018-11-16 16:42:00 -06:00
James Prestwood
40685e8fe3 crypto: implement HKDF-Expand (RFC 5869)
This will be required by OWE
2018-11-16 16:38:28 -06:00
James Prestwood
0b42ca7c30 crypto: renamed hkdf_256
The RFC (5869) for this implementation defines two functions,
HKDF-Extract and HKDF-Expand. The existing 'hkdf_256' was implementing
the Extract function, so it was renamed appropriately. The name was
changed for consistency when the Expand function will be added in the
future.
2018-11-16 16:30:22 -06:00
James Prestwood
5811e72940 ecdh: added ECDH module 2018-11-16 16:25:17 -06:00
James Prestwood
9b204a8c7e ie: add IE_TYPE_OWE_DH_PARAM to IE list 2018-11-16 16:20:59 -06:00
Denis Kenzior
712a92cc4c network: Simplify is_rsn logic
In the current version SECURITY_PSK was handled inside the is_rsn block
while the SECURITY_8021X was off in its own block.  This was weird and a
bit misleading.  Simplify the code flow through the use of a goto and
decrease the nesting level.

Also optimize out unnecessary use of scan_bss_get_rsn_info
2018-11-15 11:37:20 -06:00
Denis Kenzior
5bfbdd5a01 network: Check Autoconnectable as the first condition 2018-11-15 11:31:39 -06:00
Denis Kenzior
c146490567 network: Introduce __bss_is_sae
This takes an rsn_info pointer directly so that some calls to
scan_bss_get_rsn_info can be optimized
2018-11-15 11:29:13 -06:00
Denis Kenzior
3d549e457d scan: make scan_bss_get_rsn_info const correct 2018-11-15 11:28:46 -06:00
James Prestwood
ad242a796a network: fix 8021x autoconnect
In network_autoconnect, when the network was SECURITY_8021X there was no
check (for SECURITY_PSK) before calling network_load_psk. Since the
provisioning file was for an 8021x network neither PreSharedKey or
Passphrase existed so this would always fail. This fixes the 8021x failure
in testConnectAutoconnect.
2018-11-15 11:20:06 -06:00
James Prestwood
07c870df55 station: only set 8021x config on 8021x networks
During the handshake setup, if security != SECURITY_PSK then 8021x settings
would get set in the handshake object. This didn't appear to break anything
(e.g. Open/WEP) but its better to explicitly check that we are setting up
an 8021x network.
2018-11-14 20:47:42 -06:00
Peter Seiderer
7d6e11ddd5 main: Fix __iwd_backtrace_init() availability detection
Check for HAVE_EXECINFO_H for all __iwd_backtrace_init usages.

Fixes:

  src/main.o: In function `main':
  main.c:(.text.startup+0x798): undefined reference to `__iwd_backtrace_init'
  collect2: error: ld returned 1 exit status
2018-11-10 19:09:14 +01:00
Denis Kenzior
6df62ab68e station: Update to the new GetHiddenAccessPoints API 2018-11-09 14:06:20 -06:00
Denis Kenzior
5f8c20f455 netdev: Enable ControlPortOverNL80211 by default 2018-11-09 11:52:09 -06:00
Denis Kenzior
8732a9f38a main: Add checks for asymmetric key support
Tell the user that Kernel 4.20 with asymmetric key support enabled is
required to support TLS based (EAP/PEAP/TTLS) WPA-Enterprise methods.
2018-11-09 11:50:29 -06:00
Tim Kourt
8c1992feb2 station: Introduce GetHiddenStations API call 2018-11-09 11:34:43 -06:00
Tim Kourt
f803b0439b station: Introduce an ordered list of hidden stations
A sorted list of hidden network BSSs observed in the recent scan
is kept for the informational purposes of the clients. In addition,
it has deprecated the usage of seen_hidden_networks variable.
2018-11-09 11:34:43 -06:00
Andrew Zaborowski
0b5dceab27 network: Don't require PSK if Passphrase present
Refactor the network->psk and network->passphrase loading and saving
logic to not require the PreSharedKey entry in the psk config file and
to generate network->psk lazily on request.  Still cache the computed
PSK in memory and in the .psk file to avoid recomputing it which uses
many syscalls.  While there update the ask_psk variable to
ask_passphrase because we're specifically asking for the passphrase.
2018-11-05 12:43:16 -06:00
Patrik Flykt
0b1e6cc3e5 scan: Log BSSID in messages
If there is an error with the BSSID information, log the BSSID
station address to catch the offending Access Point.
2018-11-05 12:29:41 -06:00
Patrik Flykt
7ec8fd6776 ie: Fix up broken Access Point with too many rates added
According to the specification, Supported rates IE is supposed
to have a maximum length of eight rate bytes. In the wild an
Access Point is found to add 12 bytes of data instead of placing
excess rate bytes in an Extended Rates IE.

BSS: len 480
    BSSID 44:39:C4:XX:XX:XX
    Probe Response: true
    TSF: 0 (0x0000000000000000)
    IEs: len 188
...
        Supported rates:
            1.0(B) 2.0(B) 5.5(B) 6.0(B) 9.0 11.0(B) 12.0(B) 18.0 Mbit/s
            24.0(B) 36.0 48.0 54.0 Mbit/s
            82 84 8b 8c 12 96 98 24 b0 48 60 6c              .......$.H`l
        DSSS parameter set: channel 3
            03
...

Any following IEs decode nicely, thus it seems that we can relax
Supported Rates IE length handling to support this thermostat.
2018-11-05 12:07:22 -06:00
Patrik Flykt
c68ae2f00b main: Log optimized implementations only when they exist
Log optimized implementations strings only when the hashmap contains
items in order to avoid an unnecessary line of text with no members
printed out.
2018-11-05 11:52:48 -06:00
Denis Kenzior
c4153941af netdev: Use l_genl_family_unicast_handler 2018-11-02 15:53:07 -05:00
James Prestwood
1d62f4ec0e eapol: remove unused public eapol functions from header
After moving AP EAPoL code into eapol.c there were a few functions that
no longer needed to be public API's. These were changed to static's and
the header definition was removed.
2018-11-02 14:05:44 -05:00
Marcel Holtmann
554e4f55db build: Fix includes for using with -std=c99 compiler option 2018-11-01 22:37:11 +01:00
Marcel Holtmann
72a64fa7fb build: Adjust to the latest ELL signal API changes 2018-11-01 22:09:19 +01:00
Andrew Zaborowski
e4222d0ebe eap-tls: Set upper limit on request size
Set an upper limit on a fragmented EAP-TLS request size similar to how
we do it in EAP-TTLS.  While there make the code more similar to the
EAP-TTLS flag processing to keep them closer in sync.  Note that the
spec suggests a 64KB limit but it's not clear if that is for the TLS
record or EAP request although it takes into account the whole TLS
negotiation so it might be good for both.
2018-11-01 15:04:56 -05:00
Andrew Zaborowski
0b71b034c1 eap-tls/ttls/peap: Conditionally enable TLS debugging
Print the TLS debug messages if IWD_TLS_DEBUG is set.
2018-11-01 15:04:56 -05:00
Marcel Holtmann
a011909556 main: Use l_main_run_with_signal instead of open coding it 2018-11-01 19:56:16 +01:00
Marcel Holtmann
38e831afa0 main: Make genl and nl80211 global variables static 2018-11-01 19:55:54 +01:00
Marcel Holtmann
013bae6d3d eapol: Make eapol_frame_watch_{add,remove} functions static 2018-11-01 10:27:22 +01:00
Marcel Holtmann
9335602ba0 network: Removed unneeded include for src/watchlist.h 2018-11-01 10:19:26 +01:00
Marcel Holtmann
e1c391a76b wsc: Removed unneeded include for src/watchlist.h 2018-11-01 10:17:54 +01:00
Denis Kenzior
7699c8ab1e eap-ttls: Handle redundant L flags
Some of the TTLS server implementations set the L flag in the fragment
packets other than the first one. To stay interoperable with such devices,
iwd is relaxing the L bit check.
2018-10-30 15:47:57 -05:00
Denis Kenzior
5cc60d18cc eap-md5: Add warning about deprecated settings key 2018-10-29 18:49:19 -05:00
Tim Kourt
99c685940a eap-md5: Standardize setting keys
Switch EAP-MD5 to use the common password setting key nomenclature.
The key name has been changed from PREFIX-MD5-Secret to PREFIX-Password.
Note: The old key name is supported.
In addition, this patch adds an ability to request Identity and/or
Password from user.
2018-10-29 18:46:07 -05:00
James Prestwood
b9029aaf65 adhoc: wait for both handshakes before adding peer
Adhoc was not waiting for BOTH handshakes to complete before adding the
new peer to the ConnectedPeers property. Actually waiting for the gtk/igtk
(in a previous commit) helps with this, but adhoc also needed to keep track
of which handshakes had completed, and only add the peer once BOTH were done.
This required a small change in netdev, where we memcmp the addresses from
both handshakes and only set the PTK on one.
2018-10-26 15:29:48 -05:00
James Prestwood
e678d6655f netdev: signal handshake complete after setting all keys
Currently, netdev triggers the HANDSHAKE_COMPLETE event after completing
the SET_STATION (after setting the pairwise key). Depending on the timing
this may happen before the GTK/IGTK are set which will result in group
traffic not working initially (the GTK/IGTK would still get set, but group
traffic would not work immediately after DBus said you were connected, this
mainly poses a problem with autotests).

In order to fix this, several flags were added in netdev_handshake_state:
ptk_installed, gtk_installed, igtk_installed, and completed. Each of these
flags are set true when their respective keys are set, and in each key
callback we try to trigger the handshake complete event (assuming all the
flags are true). Initially the gtk/igtk flags are set to true, for reasons
explained below.

In the WPA2 case, all the key setter functions are called sequentially from
eapol. With this change, the PTK is now set AFTER the gtk/igtk. This is
because the gtk/igtk are optional and only set if group traffic is allowed.
If the gtk/igtk are not used, we set the PTK and can immediately trigger the
handshake complete event (since gtk_installed/igtk_installed are initialized
as true). When the gtk/igtk are being set, we immediately set their flags to
false and wait for their callbacks in addition to the PTK callback. Doing it
this way handles both group traffic and non group traffic paths.

WPA1 throws a wrench into this since the group keys are obtained in a
separate handshake. For this case a new flag was added to the handshake_state,
'wait_for_gtk'. This allows netdev to set the PTK after the initial 4-way,
but still wait for the gtk/igtk setters to get called before triggering the
handshake complete event. As a precaution, netdev sets a timeout that will
trigger if the gtk/igtk setters are never called. In this case we can still
complete the connection, but print a warning that group traffic will not be
allowed.
2018-10-26 15:26:49 -05:00
Marcel Holtmann
9b2bb2723f crypto: Use full include path local includes 2018-10-26 21:35:27 +02:00
Marcel Holtmann
77710f9765 simauth: Use full include path local includes 2018-10-26 21:34:58 +02:00
Marcel Holtmann
515c130549 storage: Use full include path local includes 2018-10-26 21:34:00 +02:00
Marcel Holtmann
0b93fde3b4 wscutil: Use full include path local includes 2018-10-26 21:33:38 +02:00
Marcel Holtmann
162e6a19f6 watchlist: Use full include path local includes 2018-10-26 21:33:01 +02:00
Marcel Holtmann
1eaca1f8e1 mscaputil: Use full include path local includes 2018-10-26 21:32:20 +02:00
Marcel Holtmann
3fa63ede50 eapol: Use full include path local includes 2018-10-26 21:31:52 +02:00
Marcel Holtmann
c2d0517228 knownnetworks: Use full include path local includes 2018-10-26 21:30:44 +02:00
Marcel Holtmann
e92b976663 ecc: Use full include path local includes 2018-10-26 21:29:45 +02:00
Marcel Holtmann
42cfaeb265 sae: Use full include path local includes 2018-10-26 21:29:08 +02:00
Marcel Holtmann
785be02ee5 mpdu: Use full include path local includes 2018-10-26 21:28:10 +02:00
Marcel Holtmann
52f7f1dea2 handshake: Use full include path local includes 2018-10-26 21:27:01 +02:00
Marcel Holtmann
23a7fafec6 ie: Use full include path for local includes 2018-10-26 21:26:17 +02:00
Marcel Holtmann
be5bf7ee15 util: Only include <ell/ell.h> and use full include path 2018-10-26 21:24:20 +02:00
Denis Kenzior
a2efe2d2de eap-pwd: Warn if deprecated setting is used 2018-10-25 14:52:30 -05:00
Tim Kourt
df59d57f96 eap-pwd: Standardize setting keys
Switch EAP-PWD to use the common password setting key nomenclature.
2018-10-25 14:29:56 -05:00
Denis Kenzior
c256dbfbd8 eap-gtc: Warn if deprecated setting is used 2018-10-25 14:25:28 -05:00
Tim Kourt
c92f8231b2 eap-gtc: Standardize property keys
Switch EAP-GTC to use the common password setting key nomenclature.
2018-10-25 14:14:16 -05:00
Tim Kourt
e8de229223 ttls: add support for tunneled MS-CHAP 2018-10-24 16:33:06 -05:00
Tim Kourt
b46376980a mschaputil: Add MS CHAP utilities 2018-10-24 16:28:46 -05:00
Denis Kenzior
ae538eae7d netdev: Cancel ongoing rekey offload
We need to cancel an ongoing rekey offload in a few additional places
besides the netdev destructor.
2018-10-20 10:38:56 -05:00
Denis Kenzior
8501b2edb1 netdev: Add a TODO about Rekey Offload errors 2018-10-20 10:36:42 -05:00
Denis Kenzior
658362a349 netdev: Put command cancelation into a common function 2018-10-20 10:35:28 -05:00
Tim Kourt
e979bf97f1 netdev: add an ability to cancel hw rekey cmd
==1628== Invalid read of size 1
==1628==    at 0x405E71: hardware_rekey_cb (netdev.c:1381)
==1628==    by 0x444E5B: process_unicast (genl.c:415)
==1628==    by 0x444E5B: received_data (genl.c:534)
==1628==    by 0x442032: io_callback (io.c:126)
==1628==    by 0x4414CD: l_main_iterate (main.c:387)
==1628==    by 0x44158B: l_main_run (main.c:434)
==1628==    by 0x403775: main (main.c:489)
==1628==  Address 0x5475208 is 312 bytes inside a block of size 320 free'd
==1628==    at 0x4C2ED18: free (vg_replace_malloc.c:530)
==1628==    by 0x43D94D: l_queue_clear (queue.c:107)
==1628==    by 0x43D998: l_queue_destroy (queue.c:82)
==1628==    by 0x40B431: netdev_shutdown (netdev.c:4765)
==1628==    by 0x403B17: iwd_shutdown (main.c:81)
==1628==    by 0x4419D2: signal_callback (signal.c:82)
==1628==    by 0x4414CD: l_main_iterate (main.c:387)
==1628==    by 0x44158B: l_main_run (main.c:434)
==1628==    by 0x403775: main (main.c:489)
==1628==  Block was alloc'd at
==1628==    at 0x4C2DB6B: malloc (vg_replace_malloc.c:299)
==1628==    by 0x43CA4D: l_malloc (util.c:62)
==1628==    by 0x40A853: netdev_create_from_genl (netdev.c:4517)
==1628==    by 0x444E5B: process_unicast (genl.c:415)
==1628==    by 0x444E5B: received_data (genl.c:534)
==1628==    by 0x442032: io_callback (io.c:126)
==1628==    by 0x4414CD: l_main_iterate (main.c:387)
==1628==    by 0x44158B: l_main_run (main.c:434)
==1628==    by 0x403775: main (main.c:489)
2018-10-20 10:29:52 -05:00
Marcel Holtmann
a59e162446 knownnetworks: Use l_dir_watch instead of l_fswatch 2018-10-19 19:14:05 +02:00
Marcel Holtmann
8f8a214fbd build: Use new l_tls_prf_get_bytes and remove ell/tls-private.h usage 2018-10-19 09:30:59 +02:00
Marcel Holtmann
467d3958b4 build: Use l_tls_prf_get_bytes instead of tls_prf_get_bytes 2018-10-19 08:46:57 +02:00
Marcel Holtmann
b27edce298 build: Use include "" instead of include <> for ell/tls-private.h 2018-10-19 08:24:57 +02:00
Denis Kenzior
d22e57c994 treewide: Remove use of key-private.h 2018-10-19 00:31:41 -05:00
Denis Kenzior
6e8f10f695 eap-ttls: Use iwd's version of align_len
No need to include ell's private bits unnecessarily
2018-10-19 00:20:47 -05:00
Denis Kenzior
770f3c6049 dbus: Remove unneeded include 2018-10-19 00:20:35 -05:00
Marcel Holtmann
1ee7de15c8 ttls: Fix truncated before the last format character 2018-10-14 11:35:48 +02:00
Marcel Holtmann
a3c1fa28da build: Rename nl80211_util.[ch] into nl80211util.[ch] 2018-10-14 05:41:06 +02:00
James Prestwood
70d6c9c692 adhoc: implement setting TX GTK
Adhoc requires 2 GTK's to be set, a single TX GTK and a per-mac RX GTK.
The per-mac RX GTK already gets set via netdev_set_gtk. The single TX GTK
is created the same as AP, where, upon the first station connecting a GTK
is generated and set in the kernel. Then any subsequent stations use
GET_KEY to retrieve the GTK and set it in the handshake.
2018-10-08 21:38:30 -05:00
James Prestwood
2123d613fc nl80211: support per-mac GTK on _new_key_group
AdHoc will require a per-mac GTK to be set. For this reason
nl80211_build_new_key_group has been updated to optionally take
a MAC address.
2018-10-08 21:35:33 -05:00
James Prestwood
5e5caedb90 nl80211: added verifier/parser for GET_KEY
AdHoc will also need the same functionality to verify and parse the
key sequence from GET_KEY. This block of code was moved from AP's
GET_KEY callback into nl80211_parse_get_key_seq.
2018-10-08 21:35:24 -05:00
James Prestwood
60aba7114e nl80211: make SET_KEY/GET_KEY common
Moved AP helpers for building SET_KEY/GET_KEY commands into
nl80211_util.c
2018-10-08 21:35:12 -05:00
James Prestwood
04a9315a3c nl80211: introduce nl80211 utility API's
Netdev/AP share several NL80211 commands and each has their own
builder API's. These were moved into a common file nl80211_util.[ch].

A helper was added to AP for building NEW_STATION to make the associate
callback look cleaner (rather than manually building NEW_STATION).
2018-10-08 21:34:58 -05:00
Andrew Zaborowski
dc39c52525 station: Cancel ongoing scans in station_free
Make scan.c forget station's scan callbacks to prevent crash when
switching interface types with a scan running.
2018-10-08 11:33:53 -05:00
James Prestwood
395acc8203 netdev: simplify netdev_choose_key_address
The key address can be chosen regardless of iftype. The deciding
factor is the authenticator bit in the handshake.
2018-10-08 11:29:47 -05:00
Andrew Zaborowski
fb85b1d1a7 netdev: Check that netdev->device is not NULL
Check that netdev->device is not NULL before doing device_remove()
(which would crash) and emitting NETDEV_WATCH_EVENT_DEL.  It may be
NULL if the initial RTM_SETLINK has failed to bring device UP.
2018-10-04 20:57:33 -05:00
Andrew Zaborowski
6e70c84f8e station: Ignore ad-hoc networks in scan results
If there are Ad-hoc BSSes they should be present in the scan results
together with regular APs as far as scan.c is concerned.  But in
station mode we can't connect to them -- the Connect method will fail and
autoconnect would fail.  Since we have no property to indicate a
network is an IBSS just filter these results out for now.  There are
perhaps better solutions but the benefit is very low.
2018-10-03 16:56:19 -05:00
Tim Kourt
0682ddad37 ttls: change signature of the inner reset funcs 2018-10-01 17:30:29 -05:00
Tim Kourt
f0a86519e9 ttls: add support for tunneled CHAP 2018-10-01 17:14:19 -05:00
Tim Kourt
ba5cf86716 ttls: add support for tunneled PAP 2018-10-01 17:12:17 -05:00
Tim Kourt
aedf89ca37 ttls: remove load_settings from phase2_method 2018-10-01 17:11:39 -05:00
Tim Kourt
726ff5d2b1 ttls: exclude avp_builder_put_bytes 2018-10-01 17:11:10 -05:00
Tim Kourt
2aefd8badf ttls: improve avp build approach 2018-10-01 17:10:03 -05:00
Tim Kourt
e6bf22f8c9 ttls: add support for non eap auth settings 2018-09-26 17:55:44 -05:00
Tim Kourt
8f0c4a769a ttls: clear the obtained memory to prevent info leaks 2018-09-26 17:19:46 -05:00
Tim Kourt
3d77748bca ttls: change signature of the inner destroy funcs. 2018-09-26 17:19:05 -05:00
Tim Kourt
b2ec0c350a ttls: fix check on avp start 2018-09-25 16:23:40 -05:00
James Prestwood
50acc11f07 wiphy: added wiphy_select_akm
This is a replacement for station's static select_akm_suite. This was
done because wiphy can make a much more intellegent decision about the
akm suite by checking the wiphy supported features e.g. SAE support.

This allows a connection to hybrid WPA2/WPA3 AP's if SAE is not
supported in the kernel.
2018-09-25 10:58:04 -05:00
James Prestwood
272cb441cd wiphy: only connect to SAE if feature is supported 2018-09-25 10:56:06 -05:00
Andrew Zaborowski
36c441c945 ap: Set up the GTK and pass to handshake
Set a default GTK cipher type same as our current PTK type, generate a
random GTK when the first STA connects and set it up in the kernel, then
pass the values that EAPoL is going to need to the handshake_state.
2018-09-25 10:53:40 -05:00
Andrew Zaborowski
01edef9001 netdev: Reject setting powered while setting iftype
In netdev_set_powered also check that no NL80211_CMD_SET_INTERFACE is in
progress because once it returned we would overwrite
netdev->set_powered_cmd_id (could also add a check there but it seems
more logical to just disallow Powered property changes while Mode is
being changed, since we also disallow Mode changes while Powered is
being changed.)
2018-09-25 10:51:48 -05:00
Denis Kenzior
ebda2ce60f device: Remove unneeded includes 2018-09-24 19:29:40 -05:00
Denis Kenzior
87118959e6 device: Obtain station using station_find
Since device object no longer creates / destroys station objects, use
station_find inside ap directed roam events to direct these to the
station interface.
2018-09-24 19:27:04 -05:00
Andrew Zaborowski
8632b81397 eapol: Add GTK data to msg 3/4 of the handshake 2018-09-24 14:53:41 -05:00
Andrew Zaborowski
e4873dea5a handshake: Use enum handshake_kde in find_kde()
Since we have all the KDE types defined in enum handshake_kde use that
instead of uint8_t buffers containing the same values.
2018-09-24 14:24:41 -05:00
Andrew Zaborowski
7c779956ac handshake: Add handshake_util_build_gtk_kde utility 2018-09-24 14:24:41 -05:00
Andrew Zaborowski
68e612573e handshake: Add GTK data to handshake_state
Add places to store the GTK data, index and RSC in struct
handshake_state and add a setter function for these fields.  We may want
to also convert install_gtk to use these fields similar to install_ptk.
2018-09-24 14:24:41 -05:00
Denis Kenzior
7eb59602df netdev: Drop redundant netdev_get_device checks
As a consequence of the previous commit, netdev watches are always
called when the device object is valid.  As a result, we can drop the
netdev_get_device calls and checks from individual AP/AdHoc/Station/WSC
netdev watches
2018-09-24 14:12:43 -05:00
Andrew Zaborowski
916bde3a02 netdev: Don't emit events before NETDEV_WATCH_EVENT_NEW 2018-09-24 14:09:36 -05:00
Andrew Zaborowski
c96f44b2e6 station: Make station_create/station_free static
These two functions don't need to be used from outside of station.c
anymore so make them static and simplify the station_create arguments
slightly.
2018-09-24 14:07:03 -05:00
Andrew Zaborowski
567baed2c4 station: Create interface simliarly to AP, AdHoc interfaces
Instead of creating the Station interface in device.c create it directly
on the netdev watch event the same way that the AP and AdHoc interfaces
are created and freed.  This fixes some minor incosistencies, for
example station_free was previously called twice, once from device.c and
once from the netdev watch.

device.c would previously keep the pointer returned by station_create()
but that pointer was not actually useful so remove it.  Autotests still
seem to pass.
2018-09-24 14:05:03 -05:00
Andrew Zaborowski
daf248e1ba station: Disconnect netdev in station_free()
Call netdev_disconnect() to make netdev forget any of station.c's
callbacks for connections or transitions in progress or established.
Otherwise station.c will crash as soon as we're connected and try to
change interface mode:
==17601== Invalid read of size 8
==17601==    at 0x11DFA0: station_disconnect_event (station.c:775)
==17601==    by 0x11DFA0: station_netdev_event (station.c:1570)
==17601==    by 0x115D18: netdev_disconnect_event (netdev.c:868)
==17601==    by 0x115D18: netdev_mlme_notify (netdev.c:3403)
==17601==    by 0x14E287: l_queue_foreach (queue.c:441)
==17601==    by 0x1558B4: process_multicast (genl.c:469)
==17601==    by 0x1558B4: received_data (genl.c:532)
==17601==    by 0x152888: io_callback (io.c:123)
==17601==    by 0x151BCD: l_main_iterate (main.c:376)
==17601==    by 0x151C9B: l_main_run (main.c:423)
==17601==    by 0x10FE20: main (main.c:489)
2018-09-24 13:57:36 -05:00
Andrew Zaborowski
f9faeed7bb ap, adhoc: On NETDEV_WATCH_EVENT_NEW check device is UP
Since the interfaces are not supposed to exist when the device is DOWN
(we destroy the interfaces on NETDEV_WATCH_EVENT_DOWN too), don't
create the interfaces if the device hasn't been brought up yet.
2018-09-24 13:56:02 -05:00
Andrew Zaborowski
99e7e0d977 netdev: Update ifi_flags in rntl_set_powered callbacks
When we detect a new device we either bring it down and then up or only
up.  The IFF_UP flag in netdev->ifi_flags is updated before that, then
we send the two rtnl commands and then fire the NETDEV_WATCH_EVENT_NEW
event if either the bring up succeeded or -ERFKILL was returned, so the
device may either be UP or DOWN at that point.

It seems that a RTNL NEWLINK notification is usually received before
the RTNL command callback but I don't think this is guaranteed so update
the IFF_UP flag in the callbacks so that the NETDEV_WATCH_EVENT_NEW
handlers can reliably use netdev_get_is_up()
2018-09-24 13:54:24 -05:00
Andrew Zaborowski
ab6160b017 netdev: Drop DEFAULT_TYPES nl80211 attr of CMD_NEW_KEY
The NL80211_ATTR_KEY_DEFAULT_TYPES attribute is only parsed by the
kernel if either NL80211_ATTR_KEY_DEFAULT or
NL80211_ATTR_KEY_DEFAULT_MGMT are also present, however these are only
used with NL80211_CMD_SET_KEY and ignored for NEW_KEY.  As far as I
understand the default key concept only makes sense for a Tx key because
on Rx all keys can be tried, so we don't need this for client mode.  The
kernel decides whether the NEW_KEY is for unicast or multicast based on
whether NL80211_ATTR_KEY_MAC was supplied.
2018-09-24 13:14:27 -05:00
Denis Kenzior
b60e79b8dd eap-wsc: Do not leak device_password
device password was read from settings using l_settings_get_string which
returns a newly-allocated string due to un-escape semantics.  However,
when assigning wsc->device_password, we strdup-ed the password again
unnecessarily.

==1069== 14 bytes in 2 blocks are definitely lost in loss record 1 of 1
==1069==    at 0x4C2AF0F: malloc (vg_replace_malloc.c:299)
==1069==    by 0x16696A: l_malloc (util.c:62)
==1069==    by 0x16B14B: unescape_value (settings.c:108)
==1069==    by 0x16D12C: l_settings_get_string (settings.c:971)
==1069==    by 0x149680: eap_wsc_load_settings (eap-wsc.c:1270)
==1069==    by 0x146113: eap_load_settings (eap.c:556)
==1069==    by 0x12E079: eapol_start (eapol.c:2022)
==1069==    by 0x1143A5: netdev_connect_event (netdev.c:1728)
==1069==    by 0x118751: netdev_mlme_notify (netdev.c:3406)
==1069==    by 0x1734F1: notify_handler (genl.c:454)
==1069==    by 0x168987: l_queue_foreach (queue.c:441)
==1069==    by 0x173561: process_multicast (genl.c:469)
2018-09-24 12:19:27 -05:00
Denis Kenzior
3ca1aeb917 wsc: Don't use wsc_pin_is_checksum_valid on 4 digit PINs
wsc_pin_is_valid allows two types of PINs through:
  1. 4 digit numeric PIN
  2. 8 digit numeric PIN

The current code always calls wsc_pin_is_checksum_valid to determine
whether a DEFAULT or USER_SPECIFIED PIN is used.  However, this function
is not safe to call on 4 digit PINs and causes a buffer overflow.

Add simple checks to treat 4 digit PINs as DEFAULT PINs and do not call
wsc_pin_is_checksum_valid on these.

Reported-By: Matthias Gerstner <matthias.gerstner@suse.de>
2018-09-24 12:19:27 -05:00
Denis Kenzior
cc37018426 eap-wsc: Drop 8 digit PIN check
EAP-WSC handles 4 digit, 8 digit and out-of-band Device passwords.  The
latter in particular can be anything, so drop the mandatory minimum
password length check here.

This also has the effect of enabling 4-digit PINs to actually work as
they are intended.
2018-09-24 12:19:27 -05:00
Tim Kourt
a3cc68e61e ttls: add radius AVP builder and build response 2018-09-21 18:07:58 -05:00
Tim Kourt
4d8791dd3a ttls: replace old AVP processing with new 2018-09-21 15:20:18 -05:00
Tim Kourt
5d1d1ad893 ttls: add radius AVP parser 2018-09-21 15:19:13 -05:00
Tim Kourt
71ba8ac765 ttls: introduce phase2_method structure
The struct allows to support multiple types of the tunneled methods.
Previously, EAP-TTLS was supporting only the eap based ones.
This patch is also starts to move some of the phase 2 EAP
functionality into the new structure.
2018-09-21 15:19:13 -05:00
Tim Kourt
a7f5d1da21 ttls: remove unused state var 2018-09-21 12:15:28 -05:00
Tim Kourt
410ee2f6b9 eap-tls-common: introduce utility functions for eap-tls 2018-09-21 12:15:25 -05:00
James Prestwood
a553771ffe netdev: station: support FT over SAE
Boiled down, FT over SAE is no different than FT over PSK, apart from
the different AKM suite. The bulk of this change fixes the current
netdev/station logic related to SAE by rebuilding the RSNE and adding
the MDE if present in the handshake to match what the PSK logic does.

A common function was introduced into station which will rebuild the
handshake rsne's for a target network. This is used for both new
network connections as well as fast transitions.
2018-09-21 11:26:05 -05:00
James Prestwood
8064cb599a ie: introduce IE_AKM_IS_SAE macro
To prepare for FT over SAE, several case/if statements needed to include
IE_RSN_AKM_SUITE_FT_OVER_SAE. Also a new macro was introduced to remove
duplicate if statement code checking for both FT_OVER_SAE and SAE AKM's.
2018-09-21 11:26:05 -05:00
James Prestwood
996a18e934 network: free EAP_CACHE_NEVER secret types
When freeing a network secrets any secrets labeled with CACHE_NEVER
would get removed from the secret queue but never actually freed.
2018-09-19 14:33:23 -05:00
James Prestwood
74b8b6d65c watchlist: fix stale watchlist item processing
All the watchlist notify macros were broken in that they did not check
that the watchlist item was still valid before calling it. This only
came into play when a watchlist was being notified and one of the notify
functions removed an item from the same watchlist. It appears this was
already thought of since watchlist_remove checks 'in_notify' and will
mark the item's id as stale (0), but that id never got checked in the
notify macros.

This fixes testAdHoc valgrind warning:

==3347== Invalid read of size 4
==3347==    at 0x416612: eapol_rx_auth_packet (eapol.c:1871)
==3347==    by 0x416DD4: __eapol_rx_packet (eapol.c:2334)
==3347==    by 0x40725B: netdev_pae_read (netdev.c:3515)
==3347==    by 0x440958: io_callback (io.c:123)
==3347==    by 0x43FDED: l_main_iterate (main.c:376)
==3347==    by 0x43FEAB: l_main_run (main.c:423)
==3347==    by 0x40377A: main (main.c:489)
...
2018-09-19 14:17:26 -05:00
Denis Kenzior
ba248e028e station: Make station_rssi_level_changed static 2018-09-19 13:47:51 -05:00
Denis Kenzior
f06c3b645d station: Make station_state_to_string static 2018-09-19 13:45:49 -05:00
Tim Kourt
59c4c8ac6b scan: change scan triggered notification behavior
Do not notify the caller after the first scan_triggered event in
multi-segmented scans.
2018-09-19 11:53:36 -05:00
Tim Kourt
b5aefede95 network: add check for the existing settings
In the case of the open networks with hidden SSIDs
the settings object is already created.

Valgrind:
==4084==    at 0x4C2EB6B: malloc (vg_replace_malloc.c:299)
==4084==    by 0x43B44D: l_malloc (util.c:62)
==4084==    by 0x43E3FA: l_settings_new (settings.c:83)
==4084==    by 0x41D101: network_connect_new_hidden_network (network.c:1053)
==4084==    by 0x4105B7: station_hidden_network_scan_results (station.c:1733)
==4084==    by 0x419817: scan_finished (scan.c:1165)
==4084==    by 0x419CAA: get_scan_done (scan.c:1191)
==4084==    by 0x443562: destroy_request (genl.c:139)
==4084==    by 0x4437F7: process_unicast (genl.c:424)
==4084==    by 0x4437F7: received_data (genl.c:534)
==4084==    by 0x440958: io_callback (io.c:123)
==4084==    by 0x43FDED: l_main_iterate (main.c:376)
==4084==    by 0x43FEAB: l_main_run (main.c:423)
2018-09-19 11:52:33 -05:00
Denis Kenzior
88b2aefeed wiphy: Add missing blank 2018-09-18 17:06:07 -05:00
Denis Kenzior
e52204f46f station: Fix scan_pending assignment
In case an error occurs starting a scan, the scan_pending variable is
never cleared and message is never unrefed.
2018-09-18 13:58:52 -05:00
Denis Kenzior
d347100ac2 device: Remove the rest of the legacy Device properties 2018-09-14 21:53:01 -05:00
Denis Kenzior
42e5dbf6f8 device: Remove legacy GetOrderedNetworks 2018-09-14 21:49:13 -05:00
Denis Kenzior
b2e0a82225 device: Remove Scan method 2018-09-14 21:21:47 -05:00
Denis Kenzior
c47db2635f device: Remove Disconnect method 2018-09-14 21:20:33 -05:00
Marcel Holtmann
804ce5944b dbus: Make the g_dbus global variable static 2018-09-14 23:01:32 +02:00
Marcel Holtmann
2606bc73ad build: Add DAEMON_ prefix to CONFIGDIR and STORAGEDIR 2018-09-14 17:58:44 +02:00
Marcel Holtmann
1e37ef31fe eapol: Move eapol_key_validate() into eapolutil helper 2018-09-14 17:31:42 +02:00
Marcel Holtmann
c40be7a7d5 monitor: Add EAP dummy method to keep linker happy 2018-09-14 17:12:47 +02:00
Marcel Holtmann
502aac073f tools: Add configure option and D-Bus policy file for hwsim utility 2018-09-14 15:24:15 +02:00
Marcel Holtmann
5126459ecc main: Fix the order of --help and -h option handling 2018-09-14 15:19:06 +02:00
Marcel Holtmann
0c5b6e4da3 dbus: Fix policy entries and add access for group wheel 2018-09-14 15:04:15 +02:00
Denis Kenzior
b181604c18 main: Don't init nl80211 until dbus name is owned 2018-09-11 20:06:00 -05:00
Denis Kenzior
95896c10ff device: Fix crashes when outside of Station mode 2018-09-10 20:01:35 -05:00
Denis Kenzior
0a42f63d42 station: Update GetOrderedNetworks API implementation
The Station interface GetOrderedNetworks signature now matches the API
documentation.  Device.GetOrderedNetworks still uses the legacy
signature.
2018-09-08 10:34:52 -05:00
Andrew Zaborowski
854ce2b062 station: Emit PropertiesChanged on the Station interface too 2018-09-07 21:23:41 -05:00
Tim Kourt
18aa744099 eap: clarify warning message 2018-09-07 12:31:03 -05:00
Tim Kourt
bb5997c4ea peap: fix typo and add labels 2018-09-07 12:30:05 -05:00
Tim Kourt
2735e32b10 peap: handle redundant usage of the L flag
Some of the PEAP server implementations set the L flag along with
redundant TLS Message Length field for the un-fragmented packets.
This patch allows to identify and handle such occasions.
2018-09-07 12:26:23 -05:00
Tim Kourt
958bd12624 peap: accept EAP type 33 as termination mechanism for PEAPv1
EAP Extensions type 33 is used in PEAPv0 as a termination
mechanism for the tunneled EAP methods. In PEAPv1
the regular EAP-Success/Failure packets must be used to terminate
the method. Some of the server implementations of PEAPv1
rely on EAP Extensions method to terminate the conversation
instead of the required Success/Failure packets. This patch
makes iwd interoperable with such devices.
2018-09-06 18:23:24 -05:00
James Prestwood
397bf9c0bd crypto: pwd: sae: Made H function common
The "H" function used by SAE and EAP-PWD was effectively the same
function, EAP-PWD just used a zero key for its calls. This removes
the duplicate implementations and merges them into crypto.c as
"hkdf_256".

Since EAP-PWD always uses a zero'ed key, passing in a NULL key to
hkdf_256 will actually use a 32 byte zero'ed array as the key. This
avoids the need for EAP-PWD to store or create a zero'ed key for
every call.

Both the original "H" functions never called va_end, so that was
added to hkdf_256.
2018-09-05 11:12:54 -05:00
Denis Kenzior
5db022041c station: Fix up some printf type inconsistencies
The ifindex as reported by netdev is unsigned, so make sure that it is
printed as such.  It is astronomically unlikely that this causes any
actual issues, but lets be paranoid.
2018-09-05 11:09:35 -05:00
Denis Kenzior
0f34e1a0c1 station: Expose ConnectedNetwork, Scanning and State
These properties will temporarily be exposed on both interfaces
until tools such as test runner, iwctl and NetworkManager/ConnMan
are ported over.
2018-09-05 11:09:35 -05:00
Denis Kenzior
2f2ec71a6c station: Expose Scan, Disconnect, GetOrderedNetworks
These methods will temporarily be exposed on both interfaces until tools
such as test runner, iwctl and NetworkManager/ConnMan are ported over.
2018-09-05 11:09:35 -05:00
Denis Kenzior
b650a5d492 station: Move ConnectHiddenNetwork to station 2018-09-05 11:09:35 -05:00