9 a.m.
Move the reading of ControlPortOverNL80211 into wiphy itself and
renamed wiphy_control_port_capable to wiphy_control_port_enabled.
This makes things easier for any modules interested in control
port support since they will only have to check this one API rather
than read the settings and check capability.
---
src/netdev.c | 7 +------
src/wiphy.c | 16 +++++++++++++---
src/wiphy.h | 2 +-
3 files changed, 15 insertions(+), 10 deletions(-)
diff --git a/src/netdev.c b/src/netdev.c
index fbf3b067..de155da1 100644
--- a/src/netdev.c
+++ b/src/netdev.c
@@ -203,7 +203,6 @@ static struct l_netlink *rtnl = NULL;
static struct l_genl_family *nl80211;
static struct l_queue *netdev_list;
static struct watchlist netdev_watches;
-static bool pae_over_nl80211;
static bool mac_per_ssid;
static unsigned int iov_ie_append(struct iovec *iov,
@@ -6096,7 +6095,7 @@ struct netdev *netdev_create_from_genl(struct l_genl_msg *msg,
return NULL;
}
- if (!pae_over_nl80211 || !wiphy_control_port_capable(wiphy)) {
+ if (!wiphy_control_port_enabled(wiphy)) {
pae_io = pae_open(ifindex);
if (!pae_io) {
l_error("Unable to open PAE interface");
@@ -6233,10 +6232,6 @@ static int netdev_init(void)
&LOW_SIGNAL_THRESHOLD_5GHZ))
LOW_SIGNAL_THRESHOLD_5GHZ = -76;
- if (!l_settings_get_bool(settings, "General",
"ControlPortOverNL80211",
- &pae_over_nl80211))
- pae_over_nl80211 = true;
-
rand_addr_str = l_settings_get_value(settings, "General",
"AddressRandomization");
if (rand_addr_str && !strcmp(rand_addr_str, "network"))
diff --git a/src/wiphy.c b/src/wiphy.c
index 84d2a152..1a333aad 100644
--- a/src/wiphy.c
+++ b/src/wiphy.c
@@ -555,8 +555,11 @@ bool wiphy_uses_default_if(struct wiphy *wiphy)
return false;
}
-bool wiphy_control_port_capable(struct wiphy *wiphy)
+bool wiphy_control_port_enabled(struct wiphy *wiphy)
{
+ const struct l_settings *settings = iwd_get_config();
+ bool enabled;
+
if (wiphy->driver_info &&
wiphy->driver_info->flags & FORCE_PAE) {
l_info("Not using Control Port due to driver quirks: %s",
@@ -564,8 +567,15 @@ bool wiphy_control_port_capable(struct wiphy *wiphy)
return false;
}
- return wiphy_has_ext_feature(wiphy,
- NL80211_EXT_FEATURE_CONTROL_PORT_OVER_NL80211);
+ if (!wiphy_has_ext_feature(wiphy,
+ NL80211_EXT_FEATURE_CONTROL_PORT_OVER_NL80211))
+ return false;
+
+ if (!l_settings_get_bool(settings, "General",
+ "ControlPortOverNL80211", &enabled))
+ enabled = true;
+
+ return enabled;
}
const uint8_t *wiphy_get_permanent_address(struct wiphy *wiphy)
diff --git a/src/wiphy.h b/src/wiphy.h
index d6487074..f7b6e1c4 100644
--- a/src/wiphy.h
+++ b/src/wiphy.h
@@ -102,7 +102,7 @@ bool wiphy_supports_firmware_roam(struct wiphy *wiphy);
const char *wiphy_get_driver(struct wiphy *wiphy);
const char *wiphy_get_name(struct wiphy *wiphy);
bool wiphy_uses_default_if(struct wiphy *wiphy);
-bool wiphy_control_port_capable(struct wiphy *wiphy);
+bool wiphy_control_port_enabled(struct wiphy *wiphy);
const uint8_t *wiphy_get_permanent_address(struct wiphy *wiphy);
const uint8_t *wiphy_get_extended_capabilities(struct wiphy *wiphy,
uint32_t iftype);
--
2.31.1
9 a.m.
New subject: [PATCH v2 02/11] handshake: add flags/key_index for extended key IDs
ext_key_id_capable indicates the handshake has set the capability bit
in the RSN info. This will only be set if the AP also has the capability
set.
use_ext_key_id indicates if extended key ID procedure should be used.
This is required because an AP may not send the KDE (even with capabilities
set) meaning we fall back to the legacy zero key index.
ptk_index is the key index the AP chose for a given rekey.
---
src/handshake.h | 3 +++
1 file changed, 3 insertions(+)
diff --git a/src/handshake.h b/src/handshake.h
index 36ccc3a2..e67e2c20 100644
--- a/src/handshake.h
+++ b/src/handshake.h
@@ -128,6 +128,7 @@ struct handshake_state {
bool support_fils : 1;
bool authenticator_ocvc : 1;
bool supplicant_ocvc : 1;
+ bool ext_key_id_capable : 1;
uint8_t ssid[32];
size_t ssid_len;
char *passphrase;
@@ -138,6 +139,8 @@ struct handshake_state {
uint8_t gtk_rsc[6];
uint8_t proto_version : 2;
unsigned int gtk_index;
+ bool use_ext_key_id : 1;
+ uint8_t ptk_index;
struct erp_cache_entry *erp_cache;
bool support_ip_allocation : 1;
uint32_t client_ip_addr;
--
2.31.1
9 a.m.
New subject: [PATCH v2 03/11] handshake: add callback for extended key IDs
The procedure for setting extended key IDs is different from the
single PTK key. The key ID is toggled between 0 and 1 and the new
key is set as RX only, then set to RX/TX after message 4/4 goes
out.
Since netdev needs to set this new key before sending message 4,
eapol can include a built message which netdev will store if
required (i.e. using PAE).
---
src/handshake.c | 21 +++++++++++++++++++++
src/handshake.h | 13 +++++++++++++
2 files changed, 34 insertions(+)
diff --git a/src/handshake.c b/src/handshake.c
index 642a25a7..bf50656b 100644
--- a/src/handshake.c
+++ b/src/handshake.c
@@ -76,6 +76,7 @@ static handshake_get_nonce_func_t get_nonce = handshake_get_nonce;
static handshake_install_tk_func_t install_tk = NULL;
static handshake_install_gtk_func_t install_gtk = NULL;
static handshake_install_igtk_func_t install_igtk = NULL;
+static handshake_install_ext_tk_func_t install_ext_tk = NULL;
void __handshake_set_get_nonce_func(handshake_get_nonce_func_t func)
{
@@ -97,6 +98,11 @@ void __handshake_set_install_igtk_func(handshake_install_igtk_func_t
func)
install_igtk = func;
}
+void __handshake_set_install_ext_tk_func(handshake_install_ext_tk_func_t func)
+{
+ install_ext_tk = func;
+}
+
void handshake_state_free(struct handshake_state *s)
{
__typeof__(s->free) destroy = s->free;
@@ -663,6 +669,21 @@ void handshake_state_install_ptk(struct handshake_state *s)
}
}
+void handshake_state_install_ext_ptk(struct handshake_state *s,
+ uint8_t key_idx,
+ struct eapol_frame *ek, uint16_t proto,
+ bool noencrypt)
+{
+ if (install_ext_tk) {
+ uint32_t cipher =
+ ie_rsn_cipher_suite_to_cipher(s->pairwise_cipher);
+
+ install_ext_tk(s, key_idx, handshake_get_tk(s), cipher, ek,
+ proto, noencrypt);
+ }
+}
+
+
void handshake_state_install_gtk(struct handshake_state *s,
uint16_t gtk_key_index,
const uint8_t *gtk, size_t gtk_len,
diff --git a/src/handshake.h b/src/handshake.h
index e67e2c20..449c8fb8 100644
--- a/src/handshake.h
+++ b/src/handshake.h
@@ -27,6 +27,7 @@
struct handshake_state;
enum crypto_cipher;
+struct eapol_frame;
enum handshake_kde {
/* 802.11-2020 Table 12-9 in section 12.7.2 */
@@ -78,11 +79,18 @@ typedef void (*handshake_install_igtk_func_t)(struct handshake_state
*hs,
const uint8_t *igtk, uint8_t igtk_len,
const uint8_t *ipn, uint8_t ipn_len,
uint32_t cipher);
+typedef void (*handshake_install_rx_tk_cb_t)(bool success, void *user_data);
+typedef void (*handshake_install_ext_tk_func_t)(struct handshake_state *hs,
+ uint8_t key_idx, const uint8_t *tk,
+ uint32_t cipher,
+ const struct eapol_frame *step4,
+ uint16_t proto, bool noencrypt);
void __handshake_set_get_nonce_func(handshake_get_nonce_func_t func);
void __handshake_set_install_tk_func(handshake_install_tk_func_t func);
void __handshake_set_install_gtk_func(handshake_install_gtk_func_t func);
void __handshake_set_install_igtk_func(handshake_install_igtk_func_t func);
+void __handshake_set_install_ext_tk_func(handshake_install_ext_tk_func_t func);
struct handshake_state {
uint32_t ifindex;
@@ -227,6 +235,11 @@ size_t handshake_state_get_kek_len(struct handshake_state *s);
const uint8_t *handshake_state_get_kek(struct handshake_state *s);
void handshake_state_install_ptk(struct handshake_state *s);
+void handshake_state_install_ext_ptk(struct handshake_state *s,
+ uint8_t key_idx,
+ struct eapol_frame *ek, uint16_t proto,
+ bool noencrypt);
+
void handshake_state_install_gtk(struct handshake_state *s,
uint16_t gtk_key_index,
const uint8_t *gtk, size_t gtk_len,
--
2.31.1
348
days inactive
348
days old
10 comments
1 participants
participants (1)
-
James Prestwood