[RFC connman v1 1/1] gsupplicant: Add support for WPA3-Personal
by Ariel D'Alessandro
Hi all, Daniel:
WPA3 support has been recently added to connman (wpa_supplicant). As
we've been discussing on a previous thread, this only supports
WPA3-Personal-only mode.
This RFC patchset adds support for WPA3-Personal transition mode, which
supports both WPA2-Personal (PSK) and WPA3-Personal (SAE).
Based on the AP accepted key management protocols, connman configures
wpa_supplicant as follows:
* WPA3-Personal-only mode: key_mgmt="SAE" ; ieee80211w=2
* WPA3-Personal transition mode: key_mgmt="SAE WPA-PSK" ; ieee80211w=1
This patch applies cleanly on top of current master branch (commit
e36a38d8).
I'd like to hear any thoughts you might have about this.
For reference, see wpa_supplicant configuration [0].
Regards,
Ariel D'Alessandro
[0] https://w1.fi/cgit/hostap/plain/wpa_supplicant/wpa_supplicant.conf
Ariel D'Alessandro (1):
gsupplicant: Add support for WPA3-Personal transition mode
gsupplicant/supplicant.c | 29 +++++++++++++++++++----------
1 file changed, 19 insertions(+), 10 deletions(-)
--
2.30.2
8 months, 1 week
[PATCH v3 1/6] hwsim: add MatchBytes/MatchBytesOffset rule properties
by James Prestwood
If set, a rule will start matching 'MatchBytes' some number of bytes
into the frame (MatchBytesOffset). This is useful since header
information, addresses, and sequence numbers may be unpredictable
between test runs.
To avoid unintended matches the Prefix property is left unchanged
and will match starting at the beginning of the frame.
---
tools/hwsim.c | 106 ++++++++++++++++++++++++++++++++++++++++++++++++++
1 file changed, 106 insertions(+)
diff --git a/tools/hwsim.c b/tools/hwsim.c
index 8fb9b0a4..2352dcce 100644
--- a/tools/hwsim.c
+++ b/tools/hwsim.c
@@ -132,6 +132,9 @@ struct hwsim_rule {
int delay;
uint8_t *prefix;
size_t prefix_len;
+ uint8_t *match;
+ size_t match_len;
+ uint16_t match_offset;
int match_times; /* negative value indicates unused */
};
@@ -1218,6 +1221,14 @@ static void process_rules(const struct radio_info_rec *src_radio,
continue;
}
+ if (rule->match && frame->payload_len >=
+ rule->match_len + rule->match_offset) {
+ if (memcmp(rule->match,
+ frame->payload + rule->match_offset,
+ rule->match_len))
+ continue;
+ }
+
/* Rule deemed to match frame, apply any changes */
if (rule->match_times == 0)
continue;
@@ -2063,6 +2074,9 @@ static struct l_dbus_message *rule_remove(struct l_dbus *dbus,
if (rule->prefix)
l_free(rule->prefix);
+ if (rule->match)
+ l_free(rule->match);
+
l_free(rule);
l_dbus_unregister_object(dbus, path);
@@ -2394,6 +2408,90 @@ invalid_args:
return dbus_error_invalid_args(message);
}
+static bool rule_property_get_match(struct l_dbus *dbus,
+ struct l_dbus_message *message,
+ struct l_dbus_message_builder *builder,
+ void *user_data)
+{
+ struct hwsim_rule *rule = user_data;
+ size_t i;
+
+ l_dbus_message_builder_enter_array(builder, "y");
+
+ for (i = 0; i < rule->match_len; i++)
+ l_dbus_message_builder_append_basic(builder, 'y',
+ rule->match + i);
+
+ l_dbus_message_builder_leave_array(builder);
+
+ return true;
+}
+
+static struct l_dbus_message *rule_property_set_match(
+ struct l_dbus *dbus,
+ struct l_dbus_message *message,
+ struct l_dbus_message_iter *new_value,
+ l_dbus_property_complete_cb_t complete,
+ void *user_data)
+{
+ struct hwsim_rule *rule = user_data;
+ struct l_dbus_message_iter iter;
+ const uint8_t *match;
+ uint32_t len;
+
+ if (!l_dbus_message_iter_get_variant(new_value, "ay", &iter))
+ goto invalid_args;
+
+ if (!l_dbus_message_iter_get_fixed_array(&iter,
+ (const void **)&match, &len))
+ goto invalid_args;
+
+ if (len > HWSIM_MAX_PREFIX_LEN)
+ goto invalid_args;
+
+ if (rule->match)
+ l_free(rule->match);
+
+ rule->match = l_memdup(match, len);
+ rule->match_len = len;
+
+ return l_dbus_message_new_method_return(message);
+
+invalid_args:
+ return dbus_error_invalid_args(message);
+}
+
+static bool rule_property_get_match_offset(struct l_dbus *dbus,
+ struct l_dbus_message *message,
+ struct l_dbus_message_builder *builder,
+ void *user_data)
+{
+ struct hwsim_rule *rule = user_data;
+ uint16_t val = rule->match_offset;
+
+ l_dbus_message_builder_append_basic(builder, 'q', &val);
+
+ return true;
+}
+
+static struct l_dbus_message *rule_property_set_match_offset(
+ struct l_dbus *dbus,
+ struct l_dbus_message *message,
+ struct l_dbus_message_iter *new_value,
+ l_dbus_property_complete_cb_t complete,
+ void *user_data)
+{
+ struct hwsim_rule *rule = user_data;
+ uint16_t val;
+
+ if (!l_dbus_message_iter_get_variant(new_value, "q", &val))
+ return dbus_error_invalid_args(message);
+
+ rule->match_offset = val;
+
+ return l_dbus_message_new_method_return(message);
+}
+
static bool rule_property_get_enabled(struct l_dbus *dbus,
struct l_dbus_message *message,
struct l_dbus_message_builder *builder,
@@ -2527,6 +2625,14 @@ static void setup_rule_interface(struct l_dbus_interface *interface)
L_DBUS_PROPERTY_FLAG_AUTO_EMIT, "ay",
rule_property_get_prefix,
rule_property_set_prefix);
+ l_dbus_interface_property(interface, "MatchBytes",
+ L_DBUS_PROPERTY_FLAG_AUTO_EMIT, "ay",
+ rule_property_get_match,
+ rule_property_set_match);
+ l_dbus_interface_property(interface, "MatchBytesOffset",
+ L_DBUS_PROPERTY_FLAG_AUTO_EMIT, "q",
+ rule_property_get_match_offset,
+ rule_property_set_match_offset);
l_dbus_interface_property(interface, "Enabled",
L_DBUS_PROPERTY_FLAG_AUTO_EMIT, "b",
rule_property_get_enabled,
--
2.31.1
8 months, 1 week
[PATCH v2 1/6] hwsim: add MatchBytes/MatchBytesOffset rule properties
by James Prestwood
If set, a rule will start matching 'MatchBytes' some number of bytes
into the frame (MatchBytesOffset). This is useful since header
information, addresses, and sequence numbers may be unpredictable
between test runs.
To avoid unintended matches the Prefix property is left unchanged
and will match starting at the beginning of the frame.
---
tools/hwsim.c | 103 ++++++++++++++++++++++++++++++++++++++++++++++++++
1 file changed, 103 insertions(+)
v2:
* Added MatchBytes/MatchBytesOffset
diff --git a/tools/hwsim.c b/tools/hwsim.c
index 8fb9b0a4..95dbf1dc 100644
--- a/tools/hwsim.c
+++ b/tools/hwsim.c
@@ -132,6 +132,9 @@ struct hwsim_rule {
int delay;
uint8_t *prefix;
size_t prefix_len;
+ uint8_t *match;
+ size_t match_len;
+ uint16_t match_offset;
int match_times; /* negative value indicates unused */
};
@@ -1218,6 +1221,14 @@ static void process_rules(const struct radio_info_rec *src_radio,
continue;
}
+ if (rule->match && frame->payload_len >=
+ rule->match_len + rule->match_offset) {
+ if (memcmp(rule->match,
+ frame->payload + rule->match_offset,
+ rule->match_len))
+ continue;
+ }
+
/* Rule deemed to match frame, apply any changes */
if (rule->match_times == 0)
continue;
@@ -2394,6 +2405,90 @@ invalid_args:
return dbus_error_invalid_args(message);
}
+static bool rule_property_get_match(struct l_dbus *dbus,
+ struct l_dbus_message *message,
+ struct l_dbus_message_builder *builder,
+ void *user_data)
+{
+ struct hwsim_rule *rule = user_data;
+ size_t i;
+
+ l_dbus_message_builder_enter_array(builder, "y");
+
+ for (i = 0; i < rule->match_len; i++)
+ l_dbus_message_builder_append_basic(builder, 'y',
+ rule->match + i);
+
+ l_dbus_message_builder_leave_array(builder);
+
+ return true;
+}
+
+static struct l_dbus_message *rule_property_set_match(
+ struct l_dbus *dbus,
+ struct l_dbus_message *message,
+ struct l_dbus_message_iter *new_value,
+ l_dbus_property_complete_cb_t complete,
+ void *user_data)
+{
+ struct hwsim_rule *rule = user_data;
+ struct l_dbus_message_iter iter;
+ const uint8_t *match;
+ uint32_t len;
+
+ if (!l_dbus_message_iter_get_variant(new_value, "ay", &iter))
+ goto invalid_args;
+
+ if (!l_dbus_message_iter_get_fixed_array(&iter,
+ (const void **)&match, &len))
+ goto invalid_args;
+
+ if (len > HWSIM_MAX_PREFIX_LEN)
+ goto invalid_args;
+
+ if (rule->match)
+ l_free(rule->match);
+
+ rule->match = l_memdup(match, len);
+ rule->match_len = len;
+
+ return l_dbus_message_new_method_return(message);
+
+invalid_args:
+ return dbus_error_invalid_args(message);
+}
+
+static bool rule_property_get_match_offset(struct l_dbus *dbus,
+ struct l_dbus_message *message,
+ struct l_dbus_message_builder *builder,
+ void *user_data)
+{
+ struct hwsim_rule *rule = user_data;
+ uint16_t val = rule->match_offset;
+
+ l_dbus_message_builder_append_basic(builder, 'q', &val);
+
+ return true;
+}
+
+static struct l_dbus_message *rule_property_set_match_offset(
+ struct l_dbus *dbus,
+ struct l_dbus_message *message,
+ struct l_dbus_message_iter *new_value,
+ l_dbus_property_complete_cb_t complete,
+ void *user_data)
+{
+ struct hwsim_rule *rule = user_data;
+ uint16_t val;
+
+ if (!l_dbus_message_iter_get_variant(new_value, "q", &val))
+ return dbus_error_invalid_args(message);
+
+ rule->match_offset = val;
+
+ return l_dbus_message_new_method_return(message);
+}
+
static bool rule_property_get_enabled(struct l_dbus *dbus,
struct l_dbus_message *message,
struct l_dbus_message_builder *builder,
@@ -2527,6 +2622,14 @@ static void setup_rule_interface(struct l_dbus_interface *interface)
L_DBUS_PROPERTY_FLAG_AUTO_EMIT, "ay",
rule_property_get_prefix,
rule_property_set_prefix);
+ l_dbus_interface_property(interface, "MatchBytes",
+ L_DBUS_PROPERTY_FLAG_AUTO_EMIT, "ay",
+ rule_property_get_match,
+ rule_property_set_match);
+ l_dbus_interface_property(interface, "MatchBytesOffset",
+ L_DBUS_PROPERTY_FLAG_AUTO_EMIT, "q",
+ rule_property_get_match_offset,
+ rule_property_set_match_offset);
l_dbus_interface_property(interface, "Enabled",
L_DBUS_PROPERTY_FLAG_AUTO_EMIT, "b",
rule_property_get_enabled,
--
2.31.1
8 months, 1 week
[PATCH 1/5] hwsim: add PrefixOffset rule property
by James Prestwood
If set, a rule will start matching a prefix some number of bytes
into the frame. This is useful since header information, addresses,
and sequence numbers may be unpredictable between test runs.
---
tools/hwsim.c | 45 +++++++++++++++++++++++++++++++++++++++++++--
1 file changed, 43 insertions(+), 2 deletions(-)
diff --git a/tools/hwsim.c b/tools/hwsim.c
index 8fb9b0a4..9a7a90a9 100644
--- a/tools/hwsim.c
+++ b/tools/hwsim.c
@@ -132,6 +132,7 @@ struct hwsim_rule {
int delay;
uint8_t *prefix;
size_t prefix_len;
+ uint16_t prefix_offset;
int match_times; /* negative value indicates unused */
};
@@ -1212,8 +1213,13 @@ static void process_rules(const struct radio_info_rec *src_radio,
if (rule->frequency && rule->frequency != frame->frequency)
continue;
- if (rule->prefix && frame->payload_len >= rule->prefix_len) {
- if (memcmp(rule->prefix, frame->payload,
+ if (rule->prefix) {
+ if (frame->payload_len <
+ rule->prefix_len + rule->prefix_offset)
+ continue;
+
+ if (memcmp(rule->prefix,
+ frame->payload + rule->prefix_offset,
rule->prefix_len) != 0)
continue;
}
@@ -2394,6 +2400,37 @@ invalid_args:
return dbus_error_invalid_args(message);
}
+static bool rule_property_get_prefix_offset(struct l_dbus *dbus,
+ struct l_dbus_message *message,
+ struct l_dbus_message_builder *builder,
+ void *user_data)
+{
+ struct hwsim_rule *rule = user_data;
+ uint16_t val = rule->prefix_offset;
+
+ l_dbus_message_builder_append_basic(builder, 'q', &val);
+
+ return true;
+}
+
+static struct l_dbus_message *rule_property_set_prefix_offset(
+ struct l_dbus *dbus,
+ struct l_dbus_message *message,
+ struct l_dbus_message_iter *new_value,
+ l_dbus_property_complete_cb_t complete,
+ void *user_data)
+{
+ struct hwsim_rule *rule = user_data;
+ uint16_t val;
+
+ if (!l_dbus_message_iter_get_variant(new_value, "q", &val))
+ return dbus_error_invalid_args(message);
+
+ rule->prefix_offset = val;
+
+ return l_dbus_message_new_method_return(message);
+}
+
static bool rule_property_get_enabled(struct l_dbus *dbus,
struct l_dbus_message *message,
struct l_dbus_message_builder *builder,
@@ -2527,6 +2564,10 @@ static void setup_rule_interface(struct l_dbus_interface *interface)
L_DBUS_PROPERTY_FLAG_AUTO_EMIT, "ay",
rule_property_get_prefix,
rule_property_set_prefix);
+ l_dbus_interface_property(interface, "PrefixOffset",
+ L_DBUS_PROPERTY_FLAG_AUTO_EMIT, "q",
+ rule_property_get_prefix_offset,
+ rule_property_set_prefix_offset);
l_dbus_interface_property(interface, "Enabled",
L_DBUS_PROPERTY_FLAG_AUTO_EMIT, "b",
rule_property_get_enabled,
--
2.31.1
8 months, 1 week
[PATCH] auto-t: remove OWE renegotiate test
by James Prestwood
Since IWD tries group 20 first all other OWE tests are actually
triggering group negotiation where this test is not. Since this
code is exercised this test can be removed completely, as well
as the additional radio/network.
---
autotests/testOWE/hw.conf | 3 +-
autotests/testOWE/renegotiate_test.py | 60 ---------------------------
autotests/testOWE/ssidGroup20.conf | 8 ----
3 files changed, 1 insertion(+), 70 deletions(-)
delete mode 100644 autotests/testOWE/renegotiate_test.py
delete mode 100644 autotests/testOWE/ssidGroup20.conf
diff --git a/autotests/testOWE/hw.conf b/autotests/testOWE/hw.conf
index 1421b69c..dc2aaaf9 100644
--- a/autotests/testOWE/hw.conf
+++ b/autotests/testOWE/hw.conf
@@ -1,8 +1,7 @@
[SETUP]
-num_radios=4
+num_radios=3
hwsim_medium=yes
[HOSTAPD]
rad0=ssidOWE-1.conf
rad1=ssidOWE-2.conf
-rad2=ssidGroup20.conf
diff --git a/autotests/testOWE/renegotiate_test.py b/autotests/testOWE/renegotiate_test.py
deleted file mode 100644
index e3fd911b..00000000
--- a/autotests/testOWE/renegotiate_test.py
+++ /dev/null
@@ -1,60 +0,0 @@
-#!/usr/bin/python3
-
-import unittest
-import sys
-
-sys.path.append('../util')
-import iwd
-from iwd import IWD
-from iwd import NetworkType
-from hostapd import HostapdCLI
-import testutil
-
-class Test(unittest.TestCase):
-
- def test_connection_success(self):
- hapd = HostapdCLI(config='ssidGroup20.conf')
-
- wd = IWD()
-
- devices = wd.list_devices(1)
- device = devices[0]
-
- condition = 'not obj.scanning'
- wd.wait_for_object_condition(device, condition)
-
- device.scan()
-
- condition = 'not obj.scanning'
- wd.wait_for_object_condition(device, condition)
-
- ordered_network = device.get_ordered_network('ssidGroup20')
-
- self.assertEqual(ordered_network.type, NetworkType.open)
-
- condition = 'not obj.connected'
- wd.wait_for_object_condition(ordered_network.network_object, condition)
-
- ordered_network.network_object.connect()
-
- condition = 'obj.state == DeviceState.connected'
- wd.wait_for_object_condition(device, condition)
-
- testutil.test_iface_operstate()
- testutil.test_ifaces_connected(device.name, hapd.ifname)
-
- device.disconnect()
-
- condition = 'not obj.connected'
- wd.wait_for_object_condition(ordered_network.network_object, condition)
-
- @classmethod
- def setUpClass(cls):
- pass
-
- @classmethod
- def tearDownClass(cls):
- IWD.clear_storage()
-
-if __name__ == '__main__':
- unittest.main(exit=True)
diff --git a/autotests/testOWE/ssidGroup20.conf b/autotests/testOWE/ssidGroup20.conf
deleted file mode 100644
index afd5c0a4..00000000
--- a/autotests/testOWE/ssidGroup20.conf
+++ /dev/null
@@ -1,8 +0,0 @@
-ctrl_interface=/var/run/hostapd
-hw_mode=g
-channel=1
-ssid=ssidGroup20
-wpa=2
-wpa_key_mgmt=OWE
-rsn_pairwise=CCMP
-owe_groups=20
--
2.31.1
8 months, 1 week
[PATCH v4 1/5] sae: don't send commit/confirm in confirmed state
by James Prestwood
This works around a hostapd bug (described more in the TODO comment)
which is exposed because of the kernels overly agressive re-transmit
behavior on missed ACKs. Combined this results in a death if the
initial commit is not acked. This behavior has been identified in
consumer access points and likely won't ever be patched for older
devices. Because of this IWD must work around the problem which can
be eliminated by not sending out this commit message.
This bug was reported to the hostapd ML:
https://lists.infradead.org/pipermail/hostap/2021-September/039842.html
This change should not cause any compatibility problems to non-hostapd
access points and is identical to how wpa_supplicant treats this
scenario.
---
src/sae.c | 25 +++++++++++++++++++++++++
1 file changed, 25 insertions(+)
v4:
* Keep the -EAGAIN return for non-sta case
diff --git a/src/sae.c b/src/sae.c
index c14b646f..7e6377f5 100644
--- a/src/sae.c
+++ b/src/sae.c
@@ -1158,6 +1158,31 @@ static int sae_verify_confirmed(struct sae_sm *sm, uint16_t trans,
if (l_get_le16(frame) != sm->group)
return -EBADMSG;
+ /*
+ * Because of kernel retransmit behavior on missed ACKs plus hostapd's
+ * incorrect handling of confirm packets while in accepted state the
+ * following can happen:
+ *
+ * 1. Client sends commit, not acked (committed state)
+ * 2. AP receives commit, sends commit reply (committed state)
+ * 3. Client retransmits original commit
+ * 4. Client receives AP's commit, sends confirm (confirmed state)
+ * 5. AP receives clients retransmitted commit, sends only commit
+ * 6. AP receives clients confirm and accepts (accepted state)
+ * 7. Client receives AP's commit and sends both commit + confirm
+ * (the code below).
+ * 8. AP receives clients commit while in accepted state, and deauths
+ *
+ * Due to this, any commit received while in a confirmed state will be
+ * ignored by IWD since it is probably caused by this retransmission
+ * and sending the commit/confirm below would likely cause hostapd to
+ * deauth us.
+ *
+ * As for non-sta (currently not used) we want to keep with the spec.
+ */
+ if (!sm->handshake->authenticator)
+ return -EBADMSG;
+
/*
* the protocol instance shall increment Sync, increment Sc, and
* transmit its Commit and Confirm (with the new Sc value) messages.
--
2.31.1
8 months, 1 week
[PATCH v3 1/4] sae: don't send commit/confirm in confirmed state
by James Prestwood
This works around a hostapd bug (described more in the TODO comment)
which is exposed because of the kernels overly agressive re-transmit
behavior on missed ACKs. Combined this results in a death if the
initial commit is not acked. This behavior has been identified in
consumer access points and likely won't ever be patched for older
devices. Because of this IWD must work around the problem which can
be eliminated by not sending out this commit message.
This bug was reported to the hostapd ML:
https://lists.infradead.org/pipermail/hostap/2021-September/039842.html
This change should not cause any compatibility problems to non-hostapd
access points and is identical to how wpa_supplicant treats this
scenario.
---
src/sae.c | 27 ++++++++++++++++++++++++++-
1 file changed, 26 insertions(+), 1 deletion(-)
v3:
* Kept existing behavior for non-STA handshakes
* Better described the sequence of events that requires this workaround
diff --git a/src/sae.c b/src/sae.c
index c14b646f..ccba74cc 100644
--- a/src/sae.c
+++ b/src/sae.c
@@ -1158,6 +1158,31 @@ static int sae_verify_confirmed(struct sae_sm *sm, uint16_t trans,
if (l_get_le16(frame) != sm->group)
return -EBADMSG;
+ /*
+ * Because of kernel retransmit behavior on missed ACKs plus hostapd's
+ * incorrect handling of confirm packets while in accepted state the
+ * following can happen:
+ *
+ * 1. Client sends commit, not acked (committed state)
+ * 2. AP receives commit, sends commit reply (committed state)
+ * 3. Client retransmits original commit
+ * 4. Client receives AP's commit, sends confirm (confirmed state)
+ * 5. AP receives clients retransmitted commit, sends only commit
+ * 6. AP receives clients confirm and accepts (accepted state)
+ * 7. Client receives AP's commit and sends both commit + confirm
+ * (the code below).
+ * 8. AP receives clients commit while in accepted state, and deauths
+ *
+ * Due to this, any commit received while in a confirmed state will be
+ * ignored by IWD since it is probably caused by this retransmission
+ * and sending the commit/confirm below would likely cause hostapd to
+ * deauth us.
+ *
+ * As for non-sta (currently not used) we want to keep with the spec.
+ */
+ if (!sm->handshake->authenticator)
+ return -EBADMSG;
+
/*
* the protocol instance shall increment Sync, increment Sc, and
* transmit its Commit and Confirm (with the new Sc value) messages.
@@ -1170,7 +1195,7 @@ static int sae_verify_confirmed(struct sae_sm *sm, uint16_t trans,
if (!sae_send_confirm(sm))
return -EPROTO;
- return -EAGAIN;
+ return -EBADMSG;
}
/*
--
2.31.1
8 months, 1 week
[PATCH v2 1/7] sae: fix a spec violation with duplicate commits
by James Prestwood
If a commit is received while in an accepted state the spec states
the scalar should be checked against the previous commit and if
equal the message should be silently dropped.
---
src/sae.c | 28 +++++++++++++++++++++++++---
1 file changed, 25 insertions(+), 3 deletions(-)
v2:
* Changed to check the scalar rather than always ignore.
diff --git a/src/sae.c b/src/sae.c
index 62fd6c88..c14b646f 100644
--- a/src/sae.c
+++ b/src/sae.c
@@ -1182,10 +1182,32 @@ static int sae_verify_accepted(struct sae_sm *sm, uint16_t trans,
{
uint16_t sc;
- /* spec does not specify what to do here, so print and discard */
- if (trans != SAE_STATE_CONFIRMED) {
+ /*
+ * 12.4.8.6.1 Parent process behavior
+ *
+ * "Upon receipt of an SAE Commit message... and it is in Accepted
+ * state, the scalar in the received frame is checked against the
+ * peer-scalar used in authentication of the existing protocol instance
+ * (in Accepted state). If it is identical, the frame shall be dropped"
+ */
+ if (trans == SAE_STATE_COMMITTED) {
+ bool drop;
+ unsigned int nbytes = l_ecc_curve_get_scalar_bytes(sm->curve);
+ struct l_ecc_scalar *p_scalar;
+
+ if (len < nbytes + 2)
+ return -EMSGSIZE;
+
+ p_scalar = l_ecc_scalar_new(sm->curve, frame + 2, nbytes);
+
+ drop = l_ecc_scalars_are_equal(sm->p_scalar, p_scalar);
+ l_ecc_scalar_free(p_scalar);
+
+ if (drop)
+ return -EBADMSG;
+
l_error("received transaction %u in accepted state", trans);
- return -EBADMSG;
+ return -EPROTO;
}
if (sm->sync > SAE_SYNC_MAX)
--
2.31.1
8 months, 1 week
Cannot connect to SAE protected AP with iwd 1.16 and beyond
by Jesus Gonzalez
First of all: I looked around and found no dedicated bug tracker. if this is not the place to report bugs, please excuse me, and I would be glad to be pointed in the correct direction. Thank you!
Starting with iwd 1.16 I am not able to connect to my home WLAN network. It is a WPA3 SAE protected access point running on a Netgear R7800 with OpenWRT, in case it matters. Connecting to my WPA2 PSK AP on my phone as a test works just fine.
The connection log from the client: https://pastebin.com/48umPPzh
The only but decisive log entry in the AP: https://pastebin.com/W7JsH1kY
It seems after iwd 1.16 the client tries to associate before it is correctly authenticated. Maybe a race condition, and iwd got too fast for the router?
I tried to bisect between 1.15 and 1.16 to get the commit, but I ran into problems while building (make[1]: *** No rule to make target 'ell/util.c', needed by 'ell/util.lo'. Stop.) and I currently lack the time to troubleshoot Makefiles.
Sorry for the vague infos. If you want more logs, tell me what you need and I'll be happy to provide it! Thank you!
8 months, 1 week
[PATCH 1/9] hwsim: add MatchTimes property
by James Prestwood
This integer property can be set to only match a rule a number of
times rather than all packets. This is useful for testing behavior
of a single dropped frame or ack. Once the rule has been matched
'MatchTimes' the rules will no longer be applied (unless set again
to some integer greater than zero).
---
tools/hwsim.c | 42 ++++++++++++++++++++++++++++++++++++++++++
1 file changed, 42 insertions(+)
diff --git a/tools/hwsim.c b/tools/hwsim.c
index cd4a99b7..18ba111a 100644
--- a/tools/hwsim.c
+++ b/tools/hwsim.c
@@ -131,6 +131,7 @@ struct hwsim_rule {
int delay;
uint8_t *prefix;
size_t prefix_len;
+ int match_times; /* negative value indicates unused */
};
struct hwsim_support {
@@ -1217,6 +1218,8 @@ static void process_rules(const struct radio_info_rec *src_radio,
}
/* Rule deemed to match frame, apply any changes */
+ if (rule->match_times == 0)
+ continue;
if (rule->signal)
frame->signal = rule->signal / 100;
@@ -1225,6 +1228,9 @@ static void process_rules(const struct radio_info_rec *src_radio,
if (delay)
*delay = rule->delay;
+
+ if (rule->match_times > 0)
+ rule->match_times--;
}
}
@@ -2008,6 +2014,7 @@ static struct l_dbus_message *rule_add(struct l_dbus *dbus,
rule->destination_any = true;
rule->delay = 0;
rule->enabled = false;
+ rule->match_times = -1;
if (!rules)
rules = l_queue_new();
@@ -2412,6 +2419,37 @@ static struct l_dbus_message *rule_property_set_enabled(
return l_dbus_message_new_method_return(message);
}
+static bool rule_property_get_match_times(struct l_dbus *dbus,
+ struct l_dbus_message *message,
+ struct l_dbus_message_builder *builder,
+ void *user_data)
+{
+ struct hwsim_rule *rule = user_data;
+ uint16_t val = rule->match_times;
+
+ l_dbus_message_builder_append_basic(builder, 'q', &val);
+
+ return true;
+}
+
+static struct l_dbus_message *rule_property_set_match_times(
+ struct l_dbus *dbus,
+ struct l_dbus_message *message,
+ struct l_dbus_message_iter *new_value,
+ l_dbus_property_complete_cb_t complete,
+ void *user_data)
+{
+ struct hwsim_rule *rule = user_data;
+ uint16_t val;
+
+ if (!l_dbus_message_iter_get_variant(new_value, "q", &val))
+ return dbus_error_invalid_args(message);
+
+ rule->match_times = val;
+
+ return l_dbus_message_new_method_return(message);
+}
+
static void setup_rule_interface(struct l_dbus_interface *interface)
{
l_dbus_interface_method(interface, "Remove", 0, rule_remove, "", "");
@@ -2456,6 +2494,10 @@ static void setup_rule_interface(struct l_dbus_interface *interface)
L_DBUS_PROPERTY_FLAG_AUTO_EMIT, "b",
rule_property_get_enabled,
rule_property_set_enabled);
+ l_dbus_interface_property(interface, "MatchTimes",
+ L_DBUS_PROPERTY_FLAG_AUTO_EMIT, "q",
+ rule_property_get_match_times,
+ rule_property_set_match_times);
}
static void request_name_callback(struct l_dbus *dbus, bool success,
--
2.31.1
8 months, 1 week