From patchwork Tue Dec 5 15:46:38 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: James Prestwood X-Patchwork-Id: 13480344 Received: from mail-qv1-f51.google.com (mail-qv1-f51.google.com [209.85.219.51]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id E8E2B5F1D8 for ; Tue, 5 Dec 2023 15:46:55 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="I/tM+3+z" Received: by mail-qv1-f51.google.com with SMTP id 6a1803df08f44-67a9b393f53so15366646d6.0 for ; Tue, 05 Dec 2023 07:46:55 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1701791214; x=1702396014; darn=lists.linux.dev; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:from:to:cc:subject:date:message-id:reply-to; bh=8m+HV8zJEKGuNGrOene7oRzTO4rBmRSywZwjO7i4ppk=; b=I/tM+3+zFTzD2Ly4hdTh0CJeBad/KsdsGSW+ANjhO9vZuNitnDZESKMqXvuZthWJ5/ Apt7qNzNmofimyp/vNXvlnyZSQbGLWi/z+v1RXIcM9j+DH93FDnIH7Jz5JqJp8Ha5WyS lGZovxlPm1RHHnnAdZiuG8Ho5IaYDw/5pV/Y4BomzWSYfvskAo7sjF7XDU4IRynX12xx IUgskszcqkipgYGJnAAxFjgxgYu/iMCG8Caa1QKCbmpqFJ46d1/wazufFkhyRqGy5lr8 e24PGhb88YUdWdEkUQA4AR2Toi7mPaFV00Z0+iDTBBOZ0tZ8tNlDsJB4vsTVRf7aS8uw r3cQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1701791214; x=1702396014; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=8m+HV8zJEKGuNGrOene7oRzTO4rBmRSywZwjO7i4ppk=; b=PbfYtb0dAnEVWe3HxEPVEPfIDTXngCXWki4kAet6vPU3uzbLXuwY9q0L7tWyJUmLNX IK7/IwPNCddpbnueMW37EVXXdYajpOCEjkWzo0MFXA7N5S+klNu6CWbm/nMtSrns4Bi0 r4sOCfggP11tWUhYfg/ZTm1J+8rQCFyS5dCZgOlClyc1sN/brYwzjkygz+I/UtZCTzFN wwoSUc6pldt9daeMxSXZTa2ynJ+Zufqi9ZQgYA4+Q92cIOu4vLXVHZJfPYe7u4QSU68Z 9zWD1l+fTgcExdX1046qEYyUhazdIE5mc1h5LI+rdhsdgD0ryvgokTaQliWB3onRBP8F MVkA== X-Gm-Message-State: AOJu0YyUqWMhPQALz8tECx9yiFkPyEXx7gHySRiMfRQ4e3mWvTfyyBYw okqb+4uz18++alYFylfcicM64ERjw+o= X-Google-Smtp-Source: AGHT+IGjOtVPh4Bj1KhqJWMAuATirBflDkDV5E7K/wSkkFkwTJ1o8bUotCwr4bfzhuoW8tRpWRNqLQ== X-Received: by 2002:a05:6214:584a:b0:67a:a721:ec06 with SMTP id ml10-20020a056214584a00b0067aa721ec06mr1219894qvb.74.1701791214401; Tue, 05 Dec 2023 07:46:54 -0800 (PST) Received: from LOCLAP699.rst-02.locus (50-78-19-50-static.hfc.comcastbusiness.net. [50.78.19.50]) by smtp.gmail.com with ESMTPSA id kr3-20020a0562142b8300b0067aad395037sm3177567qvb.60.2023.12.05.07.46.53 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 05 Dec 2023 07:46:54 -0800 (PST) From: James Prestwood To: iwd@lists.linux.dev Cc: James Prestwood Subject: [PATCH 01/10] scan: parse password identifier/exclusive bits Date: Tue, 5 Dec 2023 07:46:38 -0800 Message-Id: <20231205154647.1778389-1-prestwoj@gmail.com> X-Mailer: git-send-email 2.34.1 Precedence: bulk X-Mailing-List: iwd@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 These bits are used to communicate to the station that SAE password identifiers are used or required. --- src/scan.c | 20 +++++++++++++++++--- src/scan.h | 2 ++ 2 files changed, 19 insertions(+), 3 deletions(-) diff --git a/src/scan.c b/src/scan.c index 5aa92a90..f48ffdef 100644 --- a/src/scan.c +++ b/src/scan.c @@ -1404,10 +1404,24 @@ static bool scan_parse_bss_information_elements(struct scan_bss *bss, * Currently only Proxy ARP bit (12) is checked, and if * not found, this is not a fatal error. */ - if (iter.len < 2) - break; + if (iter.len >= 2) + bss->proxy_arp = test_bit(iter.data, 12); + + /* + * 802.11-2020 Table 9-153 + * + * The spec merely mentions the "exclusive" bit and + * doesn't enforce a requirement to check it anywhere. + * But if set it would indicate the AP will only accept + * auths when a password ID is used so store this in + * order to fail early if no ID is set. + */ + if (iter.len >= 11) { + bss->sae_pw_id_used = test_bit(iter.data, 81); + bss->sae_pw_id_exclusive = + test_bit(iter.data, 82); + } - bss->proxy_arp = test_bit(iter.data, 12); } } diff --git a/src/scan.h b/src/scan.h index 0db7752d..65caf41c 100644 --- a/src/scan.h +++ b/src/scan.h @@ -88,6 +88,8 @@ struct scan_bss { uint8_t cost_level : 3; uint8_t cost_flags : 4; bool dpp_configurator : 1; + bool sae_pw_id_used : 1; + bool sae_pw_id_exclusive : 1; }; struct scan_parameters { From patchwork Tue Dec 5 15:46:39 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: James Prestwood X-Patchwork-Id: 13480345 Received: from mail-oo1-f50.google.com (mail-oo1-f50.google.com [209.85.161.50]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id EA1BD5F1F0 for ; Tue, 5 Dec 2023 15:46:56 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="VaGboaGr" Received: by mail-oo1-f50.google.com with SMTP id 006d021491bc7-58ceabd7cdeso3501686eaf.3 for ; Tue, 05 Dec 2023 07:46:56 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1701791215; x=1702396015; darn=lists.linux.dev; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=z5sYOH7EK86gdZlBKFuGUGGBNmbTPUNMQuZN0UpGjRs=; b=VaGboaGr2Ns+lpNXct5fF/X2ikDmPMlAa7Ehk2h7VH/pGQBB+soqVCtCfUS/Y9RmdN FtoxX/zZun6MTC8NjUYhwctO8NlXfbZ7jf2FEROIZbx3AtYPdcicZb/AjA+kBTfOZgxP zHjWZP8DDVGpTHw6L9KSGLXpHE2HDPs/f1pP9iNMAWw9YvJFoleBzFG941hS88v6szxn tzEgVkMFbmHAwppO+7SEZLuJWfbHtpeUUB39WdVM4ZfaLRRxzv2unseLZ0bHDh1RJmEz aWzFo6nbKgaicQAwuMI5dW626HwDVXTxruSjWbRy3+tLsXFIPMY9mMGZeE9Sz9WdQPCy ds3A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1701791215; x=1702396015; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=z5sYOH7EK86gdZlBKFuGUGGBNmbTPUNMQuZN0UpGjRs=; b=a+fYQA7JTKAKqE5V4wd/O0f2aNsXQJKcmbDFVJXpccVVFP6GqeprxTIvwZFBnPs7K7 sQIQ5cRO7eFPKsuBBzc/R7Xthdiu9TlWSW6kFljP2sihxvWGwO3iuEOgn8z9i47418zQ 2yWK6rGPzLplaupIS59Oc9N0nVSUgW5U7p718Y5xPDV1fHcD/yp5LgQmD7ZGTjddlrF5 kNDcMZZy0VuoOY7wZWQVGrdQX7zVI7/ZkZNCx+hOTrTko8jCjZuXaetl0nZd0tnlFLxM buFRrGLeCe+NScyPlh//U8UmudMZjqfwgDqoEBU937zfLsr7Uogb5sjM7rVZC4QkOGEu OhIg== X-Gm-Message-State: AOJu0YxQ3vF/GgC0mqxCX9xjc80Dldb5GX/gEhClWNu0NppTNAWXwIp/ U228JLpRcLB0TmLMSaj3xZ9NTOBbAEE= X-Google-Smtp-Source: AGHT+IETh1qqvUn3mgn66qdfQBv6d8NC2zEMSw+LGYUSXZt9CjiqxkCzMkWIr+RxbZmT4CxSZ7yDUw== X-Received: by 2002:a05:6358:108:b0:170:17eb:1e4 with SMTP id f8-20020a056358010800b0017017eb01e4mr3666288rwa.39.1701791215600; Tue, 05 Dec 2023 07:46:55 -0800 (PST) Received: from LOCLAP699.rst-02.locus (50-78-19-50-static.hfc.comcastbusiness.net. [50.78.19.50]) by smtp.gmail.com with ESMTPSA id kr3-20020a0562142b8300b0067aad395037sm3177567qvb.60.2023.12.05.07.46.54 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 05 Dec 2023 07:46:55 -0800 (PST) From: James Prestwood To: iwd@lists.linux.dev Cc: James Prestwood Subject: [PATCH 02/10] network: pass scan_bss into network_load_psk Date: Tue, 5 Dec 2023 07:46:39 -0800 Message-Id: <20231205154647.1778389-2-prestwoj@gmail.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20231205154647.1778389-1-prestwoj@gmail.com> References: <20231205154647.1778389-1-prestwoj@gmail.com> Precedence: bulk X-Mailing-List: iwd@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 For adding SAE password identifiers the capability bits need to be verified when loading the identifier from the profile. Pass the BSS object in to network_load_psk rather than the 'need_passphrase' boolean. --- src/network.c | 60 +++++++++++++++++++++++++-------------------------- 1 file changed, 30 insertions(+), 30 deletions(-) diff --git a/src/network.c b/src/network.c index f203834c..79f964b2 100644 --- a/src/network.c +++ b/src/network.c @@ -594,8 +594,34 @@ generate: return -EIO; } -static int network_load_psk(struct network *network, bool need_passphrase) +static inline bool __bss_is_sae(const struct scan_bss *bss, + const struct ie_rsn_info *rsn) { + if (rsn->akm_suites & IE_RSN_AKM_SUITE_SAE_SHA256) + return true; + + return false; +} + +static bool bss_is_sae(const struct scan_bss *bss) +{ + struct ie_rsn_info rsn; + + memset(&rsn, 0, sizeof(rsn)); + scan_bss_get_rsn_info(bss, &rsn); + + return __bss_is_sae(bss, &rsn); +} + +static int network_load_psk(struct network *network, struct scan_bss *bss) +{ + /* + * A legacy psk file may only contain the PreSharedKey entry. For SAE + * networks the raw Passphrase is required. So in this case where + * the psk is found but no Passphrase, we ask the agent. The psk file + * will then be re-written to contain the raw passphrase. + */ + bool is_sae = bss_is_sae(bss); const char *ssid = network_get_ssid(network); enum security security = network_get_security(network); size_t psk_len; @@ -616,7 +642,7 @@ static int network_load_psk(struct network *network, bool need_passphrase) } /* PSK can be generated from the passphrase but not the other way */ - if (!psk || need_passphrase) { + if (!psk || is_sae) { if (!passphrase) return -ENOKEY; @@ -778,25 +804,6 @@ bool network_get_force_default_owe_group(struct network *network) return network->force_default_owe_group; } -static inline bool __bss_is_sae(const struct scan_bss *bss, - const struct ie_rsn_info *rsn) -{ - if (rsn->akm_suites & IE_RSN_AKM_SUITE_SAE_SHA256) - return true; - - return false; -} - -static bool bss_is_sae(const struct scan_bss *bss) -{ - struct ie_rsn_info rsn; - - memset(&rsn, 0, sizeof(rsn)); - scan_bss_get_rsn_info(bss, &rsn); - - return __bss_is_sae(bss, &rsn); -} - int network_can_connect_bss(struct network *network, const struct scan_bss *bss) { struct station *station = network->station; @@ -959,7 +966,7 @@ int network_autoconnect(struct network *network, struct scan_bss *bss) switch (security) { case SECURITY_PSK: - ret = network_load_psk(network, bss_is_sae(bss)); + ret = network_load_psk(network, bss); if (ret < 0) goto close_settings; @@ -1285,20 +1292,13 @@ static struct l_dbus_message *network_connect_psk(struct network *network, struct l_dbus_message *message) { struct station *station = network->station; - /* - * A legacy psk file may only contain the PreSharedKey entry. For SAE - * networks the raw Passphrase is required. So in this case where - * the psk is found but no Passphrase, we ask the agent. The psk file - * will then be re-written to contain the raw passphrase. - */ - bool need_passphrase = bss_is_sae(bss); if (!network_settings_load(network)) { network->settings = l_settings_new(); network->ask_passphrase = true; } else if (!network->ask_passphrase) network->ask_passphrase = - network_load_psk(network, need_passphrase) < 0; + network_load_psk(network, bss) < 0; l_debug("ask_passphrase: %s", network->ask_passphrase ? "true" : "false"); From patchwork Tue Dec 5 15:46:40 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: James Prestwood X-Patchwork-Id: 13480346 Received: from mail-qv1-f45.google.com (mail-qv1-f45.google.com [209.85.219.45]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 22C305F1F8 for ; Tue, 5 Dec 2023 15:46:57 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="WZ9IPJ1Z" Received: by mail-qv1-f45.google.com with SMTP id 6a1803df08f44-67adc37b797so5119206d6.1 for ; Tue, 05 Dec 2023 07:46:57 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1701791217; x=1702396017; darn=lists.linux.dev; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=EbIAX+OX886LW7j5nKIosUWE7irYaEIenybfS3otCjk=; b=WZ9IPJ1ZLJYatM0p4uQi2FXewkOElBz/ngOrdusxB/5APBUJ8zAhxWLq/s5HQ0OQNe fOG1xqF61jlStCveAU2RRuVVxY3J+E3K83TZbse/5plkkKL3X9FyaOK2T9Eymz5OP8k9 MVzwNeqe33y3CxuOJr/qZZI7ytAIONgibAEd8YQK0W1g3dTVHlcOIzIpe5AQUJBP4Wvp Khlsr04CNqtlNzp+CVa/LUM4c8ee7zz4Qs3ZZSLNN5QpwOoWR2P2OWmq0p6x1N752WuT /LivbzURPnR8CJuU8j3FXz7HsxdAPg5UnNvglL6ecq4j6S61Hky84woNQZiXu4EzUQci TlQA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1701791217; x=1702396017; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=EbIAX+OX886LW7j5nKIosUWE7irYaEIenybfS3otCjk=; b=l8AhDslKMh1XVarXWJuh7Ld2QlXvAfxUclSZaB0g2p+7ZgF/UN6Fl6cesLuqokmpkN HOj0qp1Lnccu743hDKLnY/F4JdoZZD8sDd/bicFSbxCJLAuJPCRpy4Lv/vmRn7299FyA Rd3GMKCqmarsyiVRp83T7TVoZxehAooECBIkC9j+LJNSlpQVecEL8IDqqat0O5fSuBcP bM9LXGy0LDhyplPbEz+fl+mNEPlxdfkaBjh8p3pE8XBa5pBW0bvOLi2yziqijjebVU06 DsdoHVVR6iI396agAEMmWH13YiEPw912iOU6atpPtO20FletOvppEXSId+ToTam6Mq8T /Ozg== X-Gm-Message-State: AOJu0YyBP3eO7n0uGlENV+DWzd/K95V9A2juFKvyNSLN7hB7pZQ3LqJX OnOzRmNIDgDUb86/HvWTZG8ErJWyV0o= X-Google-Smtp-Source: AGHT+IHQQVYFWHDlUpoe7jQHKIZ0p+Czo0Bg5kNl67K3GbxX0CoUrqsnPVX6SktFpfkFQrKA0XSDbQ== X-Received: by 2002:a05:6214:ca8:b0:67a:d693:e2d7 with SMTP id s8-20020a0562140ca800b0067ad693e2d7mr1968515qvs.11.1701791216730; Tue, 05 Dec 2023 07:46:56 -0800 (PST) Received: from LOCLAP699.rst-02.locus (50-78-19-50-static.hfc.comcastbusiness.net. [50.78.19.50]) by smtp.gmail.com with ESMTPSA id kr3-20020a0562142b8300b0067aad395037sm3177567qvb.60.2023.12.05.07.46.55 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 05 Dec 2023 07:46:56 -0800 (PST) From: James Prestwood To: iwd@lists.linux.dev Cc: James Prestwood Subject: [PATCH 03/10] handshake: add password identifier/setter Date: Tue, 5 Dec 2023 07:46:40 -0800 Message-Id: <20231205154647.1778389-3-prestwoj@gmail.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20231205154647.1778389-1-prestwoj@gmail.com> References: <20231205154647.1778389-1-prestwoj@gmail.com> Precedence: bulk X-Mailing-List: iwd@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 --- src/handshake.c | 12 ++++++++++++ src/handshake.h | 3 +++ 2 files changed, 15 insertions(+) diff --git a/src/handshake.c b/src/handshake.c index 1c5ed2c9..cf9c18d5 100644 --- a/src/handshake.c +++ b/src/handshake.c @@ -137,6 +137,12 @@ void handshake_state_free(struct handshake_state *s) l_free(s->passphrase); } + if (s->password_identifier) { + explicit_bzero(s->password_identifier, + strlen(s->password_identifier)); + l_free(s->password_identifier); + } + if (s->ecc_sae_pts) { unsigned int i; @@ -364,6 +370,12 @@ void handshake_state_set_passphrase(struct handshake_state *s, s->passphrase = l_strdup(passphrase); } +void handshake_state_set_password_identifier(struct handshake_state *s, + const char *id) +{ + s->password_identifier = l_strdup(id); +} + void handshake_state_set_no_rekey(struct handshake_state *s, bool no_rekey) { s->no_rekey = no_rekey; diff --git a/src/handshake.h b/src/handshake.h index 815eb44f..3b51cb34 100644 --- a/src/handshake.h +++ b/src/handshake.h @@ -143,6 +143,7 @@ struct handshake_state { uint8_t ssid[32]; size_t ssid_len; char *passphrase; + char *password_identifier; uint8_t r0khid[48]; size_t r0khid_len; uint8_t r1khid[6]; @@ -228,6 +229,8 @@ void handshake_state_set_event_func(struct handshake_state *s, void *user_data); void handshake_state_set_passphrase(struct handshake_state *s, const char *passphrase); +void handshake_state_set_password_identifier(struct handshake_state *s, + const char *id); bool handshake_state_add_ecc_sae_pt(struct handshake_state *s, const struct l_ecc_point *pt); void handshake_state_set_no_rekey(struct handshake_state *s, bool no_rekey); From patchwork Tue Dec 5 15:46:41 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: James Prestwood X-Patchwork-Id: 13480347 Received: from mail-ot1-f44.google.com (mail-ot1-f44.google.com [209.85.210.44]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 7CABA5F1F0 for ; Tue, 5 Dec 2023 15:46:59 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="RMFopRjp" Received: by mail-ot1-f44.google.com with SMTP id 46e09a7af769-6d87cf8a297so1355446a34.2 for ; Tue, 05 Dec 2023 07:46:59 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1701791218; x=1702396018; darn=lists.linux.dev; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=AJbWLOHkbdv7ZMeI6+OALlG00aL8CflGvOvaNaRwjT8=; b=RMFopRjpD8dKOdG97I2tOG0raxQX12qRXC9aMdvlu/AN048c0/rRr/Nc7fDD4MSi1E d1wVyrFKYpVhMCcObFPQLaoVBqivhqCFzJWV4Ho4FWfxD9OAnpt8vejW6hY8xQHz9oqK zyRPLe4LtZWuv+Tz+gZiaLMebsfLJLx0yI/5OCa9tjKdw47zRPXphhMHcjETv9CNfSWI I2jU0mnV6qqZdGcFCxIJeng3YTBZEUBgmhhKPhJ9I1lQuzz7rixwAK3K50yfuBEW7fG1 XcjGgbNl4CF0fcbtxb0Ek87Oc82Tv5hulLFe4hdkGRGA2gAxu4UHMtYPIpygyA+bFSgf qCvg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1701791218; x=1702396018; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=AJbWLOHkbdv7ZMeI6+OALlG00aL8CflGvOvaNaRwjT8=; b=Wwev5nD9MZIx/v5faMOLpPVvza73QUtZ5648kQWHCL2f116IzVNaxD2C4AqWM3tXvB rtRXD6tYqDMpBf0ygak7c2gWmPtMmFLEiC7HZtdzYbvgziAwXlb/2iyEDfgSzFVxs3T1 7gzYVmygauu6Nd9dm6Y81oVYnyoim34rBtEHOPltD0XRELu0cRt7p3vtn+fhIvO7Fpqv XxXfZcKH8c6AEdWBZjU8ya6OpK/aPuLrT29+y2290+8qKWQSzKzM1WRpPqH2n11653ZZ 2bQkY7QbglcIHQg31fIfRmIe6ze0CxFH+l44/SKKpwEs4Pvii/zJWS1u/bNFU0ianwbb thNg== X-Gm-Message-State: AOJu0YwYwL63HZcXsK7IFEOEfRLRA7QJFkZ7NqMe3Ui7DK5Nlp7cRAfC HVmoEwJj8pXu2DWgaNyalctGzd3f9i0= X-Google-Smtp-Source: AGHT+IG62mNnv1cycUfsjUFadvZMxZRYHkK/2a5jh0PpF11wC17ZOz03GxVamQsqE5GeLGsWWy1WGg== X-Received: by 2002:a05:6870:4708:b0:1fa:2d2c:9728 with SMTP id b8-20020a056870470800b001fa2d2c9728mr3833775oaq.34.1701791217940; Tue, 05 Dec 2023 07:46:57 -0800 (PST) Received: from LOCLAP699.rst-02.locus (50-78-19-50-static.hfc.comcastbusiness.net. [50.78.19.50]) by smtp.gmail.com with ESMTPSA id kr3-20020a0562142b8300b0067aad395037sm3177567qvb.60.2023.12.05.07.46.56 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 05 Dec 2023 07:46:57 -0800 (PST) From: James Prestwood To: iwd@lists.linux.dev Cc: James Prestwood Subject: [PATCH 04/10] network: add support for SAE password identifiers Date: Tue, 5 Dec 2023 07:46:41 -0800 Message-Id: <20231205154647.1778389-4-prestwoj@gmail.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20231205154647.1778389-1-prestwoj@gmail.com> References: <20231205154647.1778389-1-prestwoj@gmail.com> Precedence: bulk X-Mailing-List: iwd@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Adds a new network profile setting [Security].PasswordIdentifier. When set (and the BSS enables SAE password identifiers) the network and handshake object will read this and use it for the SAE exchange. Loading the PSK will fail if there is no password identifier set and the BSS sets the "exclusive" bit. If a password identifier is set and the BSS doesn't indicate support the setting will be ignored (with a debug print). --- src/network.c | 50 +++++++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 49 insertions(+), 1 deletion(-) diff --git a/src/network.c b/src/network.c index 79f964b2..d422b282 100644 --- a/src/network.c +++ b/src/network.c @@ -70,6 +70,7 @@ struct network { struct network_info *info; unsigned char *psk; char *passphrase; + char *password_identifier; struct l_ecc_point *sae_pt_19; /* SAE PT for Group 19 */ struct l_ecc_point *sae_pt_20; /* SAE PT for Group 20 */ unsigned int agent_request; @@ -124,6 +125,13 @@ static void network_reset_passphrase(struct network *network) network->passphrase = NULL; } + if (network->password_identifier) { + explicit_bzero(network->password_identifier, + strlen(network->password_identifier)); + l_free(network->password_identifier); + network->password_identifier = NULL; + } + if (network->sae_pt_19) { l_ecc_point_free(network->sae_pt_19); network->sae_pt_19 = NULL; @@ -317,7 +325,8 @@ static struct l_ecc_point *network_generate_sae_pt(struct network *network, l_debug("Generating PT for Group %u", group); pt = crypto_derive_sae_pt_ecc(group, network->ssid, - network->passphrase, NULL); + network->passphrase, + network->password_identifier); if (!pt) l_warn("SAE PT generation for Group %u failed", group); @@ -462,6 +471,10 @@ static int network_set_handshake_secrets_psk(struct network *network, handshake_state_set_passphrase(hs, network->passphrase); + if (network->password_identifier) + handshake_state_set_password_identifier(hs, + network->password_identifier); + if (ie_rsnxe_capable(hs->authenticator_rsnxe, IE_RSNX_SAE_H2E)) { l_debug("Authenticator is SAE H2E capable"); @@ -631,6 +644,9 @@ static int network_load_psk(struct network *network, struct scan_bss *bss) _auto_(l_free) char *passphrase = l_settings_get_string(network->settings, "Security", "Passphrase"); + _auto_(l_free) char *password_id = + l_settings_get_string(network->settings, "Security", + "PasswordIdentifier"); _auto_(l_free) char *path = storage_get_network_file_path(security, ssid); @@ -641,6 +657,32 @@ static int network_load_psk(struct network *network, struct scan_bss *bss) psk_len = 0; } + /* + * Sort out if the password identifier is required, should be used, " + * or should be ignored. + */ + if (is_sae) { + if (bss->sae_pw_id_exclusive && !password_id) { + l_error("BSS requires SAE password identifiers, check " + "[Security].PasswordIdentifier"); + return -ENOKEY; + } + + /* + * If the profile contains a password identifier but the network + * does not support it IWD will still attempt to connect. The + * caveat here is if the connection is successful the sync will + * remove the password identifier entry. Though this might be + * unexpected to the user, retaining this (invalid) setting + * isn't worth special casing. + */ + if (!bss->sae_pw_id_used && password_id) { + l_debug("[Security].PasswordIdentifier set but BSS " + "does not not use password identifiers"); + l_free(l_steal_ptr(password_id)); + } + } + /* PSK can be generated from the passphrase but not the other way */ if (!psk || is_sae) { if (!passphrase) @@ -655,6 +697,7 @@ static int network_load_psk(struct network *network, struct scan_bss *bss) network_reset_passphrase(network); network_reset_psk(network); network->passphrase = l_steal_ptr(passphrase); + network->password_identifier = l_steal_ptr(password_id); if (network_settings_load_pt_ecc(network, path, 19, &network->sae_pt_19) > 0) @@ -726,6 +769,11 @@ static void network_settings_save(struct network *network, l_settings_set_string(settings, "Security", "Passphrase", network->passphrase); + if (network->password_identifier) + l_settings_set_string(settings, "Security", + "PasswordIdentifier", + network->password_identifier); + if (network->sae_pt_19) network_settings_save_sae_pt_ecc(settings, network->sae_pt_19); From patchwork Tue Dec 5 15:46:42 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: James Prestwood X-Patchwork-Id: 13480348 Received: from mail-oa1-f49.google.com (mail-oa1-f49.google.com [209.85.160.49]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 3EE974D11D for ; Tue, 5 Dec 2023 15:47:00 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="FMmHNWDb" Received: by mail-oa1-f49.google.com with SMTP id 586e51a60fabf-1fa26074783so3012669fac.1 for ; Tue, 05 Dec 2023 07:47:00 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1701791219; x=1702396019; darn=lists.linux.dev; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=wwHB6rld5MqIXNWFkkHhofRzbjrhYrincS7mibtpAuc=; b=FMmHNWDbY2wptpf+TMShz+0JoqVVEC/QY9ZiFAw8UI7By8uMBuREeIV5IId8uftbqC ZlhczDBOa/IjHENL6fNMCSArmgkF7QVvB7NDlj41AGzigFLXm2NpoXECRL1Dr7DXZtQu TzP0NYmpzd389NoL3rae7zNdS/v0U3zxW+wlSAS21Dy7IKxfSS3W7qaZ0hnuAD6Tni9F 8obgNirnlix02ZiHReFocmmur+0oY/cvLHRDdp0Etnxj5iABnHvyp9h+TePbv0ATKYt4 rjUin48C+alcpex30qV3xfZoSXtAOm1dUpdibVYqCT+VOxorUXQbk7jGMoEqvOYWHGuH Dr9Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1701791219; x=1702396019; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=wwHB6rld5MqIXNWFkkHhofRzbjrhYrincS7mibtpAuc=; b=rhkS+9gKbjCe5M9SrVelJWeuZisr1K5V5YhyKWxDBJYcumlp0qrnYtNA0V1wOkl5QI AiMS7DmZBAA6dML7tW1nq+BU85GdxBJ0b1IAvxwKwIOq71HyzsZNjteQKW80ofzGz8qV Kvmz/JELveOPdLoYtYcBl0f9zAIZW9gnKiJEnFppK8ME12nT1+RnAO/zOAwV0ysJ7089 Q1r8LmtFEbFoMd3HEPleToa4dYlQ/nFRorgPLdXh3TzNXflo2+YApgkovGLBTSFJXRCK Hy9d8WI3cjeYhhqv2YolsMCJDClrHOeWKArRGafC9GKqH7ymjezTp54Nf+8E9Gj+ND20 /oXg== X-Gm-Message-State: AOJu0YwiVRtDauqAgSkQLW8AM4Ru+AhaQtw5QK2HczImiK2XuIOC6Wjh 5VvnkuRGgCzwUObVIMbKmH7J+uu1wwA= X-Google-Smtp-Source: AGHT+IHWew8u+Bxj/gsAC6cJAbp1mizDOpD3qpUYGRLr14ytrYuc2G/Li8KRst1UaiKPAycOHH4cQQ== X-Received: by 2002:a05:6870:3d90:b0:1fa:db5f:419c with SMTP id lm16-20020a0568703d9000b001fadb5f419cmr8136320oab.59.1701791219190; Tue, 05 Dec 2023 07:46:59 -0800 (PST) Received: from LOCLAP699.rst-02.locus (50-78-19-50-static.hfc.comcastbusiness.net. [50.78.19.50]) by smtp.gmail.com with ESMTPSA id kr3-20020a0562142b8300b0067aad395037sm3177567qvb.60.2023.12.05.07.46.58 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 05 Dec 2023 07:46:58 -0800 (PST) From: James Prestwood To: iwd@lists.linux.dev Cc: James Prestwood Subject: [PATCH 05/10] sae: include password identifier IE in commit Date: Tue, 5 Dec 2023 07:46:42 -0800 Message-Id: <20231205154647.1778389-5-prestwoj@gmail.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20231205154647.1778389-1-prestwoj@gmail.com> References: <20231205154647.1778389-1-prestwoj@gmail.com> Precedence: bulk X-Mailing-List: iwd@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Include the IE if a password identifier is being used. This is only supported by H2E as required by 802.11. --- src/sae.c | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/src/sae.c b/src/sae.c index 336954b4..da00e4da 100644 --- a/src/sae.c +++ b/src/sae.c @@ -637,6 +637,14 @@ old_commit: ie_tlv_builder_set_data(&builder, sm->token, sm->token_len); } + if (sm->sae_type == CRYPTO_SAE_HASH_TO_ELEMENT && + sm->handshake->password_identifier) { + ie_tlv_builder_next(&builder, IE_TYPE_PASSWORD_IDENTIFIER); + ie_tlv_builder_set_data(&builder, + sm->handshake->password_identifier, + strlen(sm->handshake->password_identifier)); + } + ie_tlv_builder_finalize(&builder, &len); return ptr - commit + len; From patchwork Tue Dec 5 15:46:43 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: James Prestwood X-Patchwork-Id: 13480349 Received: from mail-qk1-f180.google.com (mail-qk1-f180.google.com [209.85.222.180]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 9C06C5AB85 for ; Tue, 5 Dec 2023 15:47:01 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="dl6atQKD" Received: by mail-qk1-f180.google.com with SMTP id af79cd13be357-77dccb3e4baso377568685a.0 for ; Tue, 05 Dec 2023 07:47:01 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1701791220; x=1702396020; darn=lists.linux.dev; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=ddG2NgAFohCJV7Cc17A4DZHKBY27rv39aR8NPt62Fzw=; b=dl6atQKD3bVYTSqsiWFbrQgq6m9rHt6mYfzfGZ7mwwpG+v11EqkkDIsNLR9pwbf66H bF4L55VdWbKE5ofwblHX4X9RMCvMx/X84Ck+Qd83msu0BqDfwP+AmSRKMLqHmBtxhyBX 6Qk5Rh7TY8xv/hnoJqKg3FmUwi+hXbW9pjZAIwT8xKlFKmF0QOckYSTngOiLOAikB8Ix UuUbhhfDyfFqo5ZYt7+YVNzuyUoXBPeQQ8wCkM0RGlc9fAm1zPJDmSeP6URcerK5XUR5 TRZds/je4KfFBHFGXxedu+g7hykPItTCm9qkVVRNHVFxB7vfR4xyfx3HbOKEeSFuJM0w Hfeg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1701791220; x=1702396020; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=ddG2NgAFohCJV7Cc17A4DZHKBY27rv39aR8NPt62Fzw=; b=qTNG2jcmDAem5ItFpWAMQ9LDGVS4Y6ezFM968/y6f8F3PiZ1wYPVByA3L9ZfvaglRY dHJ5VkN0na7doTehfWRQZYqTCnszXEIeSYZ/klFJB+x/iMb+mmyZKR7rVZwJvPRXta23 iDWGDD2bmAg2riL70N/grNqeUh4vWcA+XmywtjoiU5Wu3P/WwSkxW1KhZwfOP/ctAwB+ 5IBQQoSUMMsPFYkHkJpMSs/3QWa5F+Xk4LG7iG5/opL+BzRXrO99lVn7wWk8cTI28tmM OMSi6sdgGxMT6v2znfphTVbNsd5NsHzx6r0tZS6NRRQvcXB1ehRAnacPFVQyEaEuqKza 5czg== X-Gm-Message-State: AOJu0YxD2xtIwmU1w39QRJ2ho7XkjGFJvyqtTiKUO7lMyaVXSJ7o2pSP v4i+hgyTuATkZoGMf0YuNhPeMrIv0VA= X-Google-Smtp-Source: AGHT+IGE9wGwptqBKMRQY+Ei6QRQHr4DnmXgwh/B936o+5Euv+kOKQM/sgQVPa6M8Qeu2JQycTOojw== X-Received: by 2002:a0c:efd4:0:b0:67a:9f66:5afd with SMTP id a20-20020a0cefd4000000b0067a9f665afdmr1515894qvt.12.1701791220366; Tue, 05 Dec 2023 07:47:00 -0800 (PST) Received: from LOCLAP699.rst-02.locus (50-78-19-50-static.hfc.comcastbusiness.net. [50.78.19.50]) by smtp.gmail.com with ESMTPSA id kr3-20020a0562142b8300b0067aad395037sm3177567qvb.60.2023.12.05.07.46.59 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 05 Dec 2023 07:47:00 -0800 (PST) From: James Prestwood To: iwd@lists.linux.dev Cc: James Prestwood Subject: [PATCH 06/10] doc: document [Security].PasswordIdentifier Date: Tue, 5 Dec 2023 07:46:43 -0800 Message-Id: <20231205154647.1778389-6-prestwoj@gmail.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20231205154647.1778389-1-prestwoj@gmail.com> References: <20231205154647.1778389-1-prestwoj@gmail.com> Precedence: bulk X-Mailing-List: iwd@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 --- src/iwd.network.rst | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/src/iwd.network.rst b/src/iwd.network.rst index 719853fa..d467b7b1 100644 --- a/src/iwd.network.rst +++ b/src/iwd.network.rst @@ -199,6 +199,16 @@ connect to that network. required if the *PreSharedKey* is not provided. If not provided in settings, the agent will be asked for the passphrase at connection time. + * - PasswordIdentifier + - string + + An identifer string to be used with the passphrase. This is used for + WPA3-Personal (SAE) networks if the security has enabled password + identifiers for clients. + + Note: if the network does not support password identifiers but one is + set in the profile it will be ignored and removed upon a successful + connection to the network. * - PreSharedKey - 64 character hex string From patchwork Tue Dec 5 15:46:44 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: James Prestwood X-Patchwork-Id: 13480350 Received: from mail-oi1-f182.google.com (mail-oi1-f182.google.com [209.85.167.182]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id B776D4D11D for ; Tue, 5 Dec 2023 15:47:02 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="OVw3ko34" Received: by mail-oi1-f182.google.com with SMTP id 5614622812f47-3b9b90f8708so1223376b6e.2 for ; Tue, 05 Dec 2023 07:47:02 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1701791221; x=1702396021; darn=lists.linux.dev; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=MchMnUEFHg8V+CfcUQwkcGFR/Y4dtyM6OUBpfJFWAUs=; b=OVw3ko34P5lyr7hSudCbyPuE0tk1w0SXlXxStHTGcfoh/0ALSzkt/rDYzNSNmDER5x DofCFUqKcdBXudFK84PDcdJ30zKoY60f1Xm5nRSrKMUpPDV+7UDrQktpX641crv0CHXO 2NZyMnSdiUFBqHqEOzzf/e0r6TDYod3FFhjc5OcJoTpons0TDlJoomz0XQN+JjBbjMEL CRjbXfK5UNVWo+e5s0M9ShyAjtOC0f4ktf52NLrfW/Vd4tjKhBHUAgJqW61YynBJtl2D RZKQjkWEHEKzlk0/x4Jq2dT9HaHtytWXfla29GHUSA8ACHe8w9+Js7abjE3gO3SoJgZi DgQQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1701791221; x=1702396021; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=MchMnUEFHg8V+CfcUQwkcGFR/Y4dtyM6OUBpfJFWAUs=; b=WgYTh7mYatLLkdr7PrD1xkY/vb1YvZuugzpLEx0ilqwLKGwOxLZBWDvLuA2gBzH2y2 HWyNRwYgeEVI5g6Dzaqo5/WYRkfHT0HyDFvwPPpu190dqZo0uxyaW68sh/jA2Dt4xSI5 kVSHspfAN2Xnh3CI0sJ6Ul2go3YQ3HifH5XyjPHFNkcplMvBWn0srg58ZGAD9QzStlUW 8KW1obO9SXaz6BM9X8reXjIti++R33XFhZXa3UjE/Fp4KH1CO70/FPtlzra2T4IrrfgN INFuJlTik4bFW57sghfhZjvyhNY3p05kbcefSZl0ImRu/Vy6vz6AVVblqna8HljRhZnA QAXg== X-Gm-Message-State: AOJu0Yw8JQh468g5mGbAV6CKK1vHtknxRHFfHV8yQqm5AXXQLCZi+/Q0 Kw9tQt+gm7vBk//Ux1KLlrh5T4yjZhM= X-Google-Smtp-Source: AGHT+IGd4IObti+m97vzDAVfO5Sy/maHuN6fP2077DMYiSudJh9knzhlSTwil8GFfnoPTpNGdrrLgA== X-Received: by 2002:a05:6870:1593:b0:1fb:75a:77bb with SMTP id j19-20020a056870159300b001fb075a77bbmr5886552oab.108.1701791221503; Tue, 05 Dec 2023 07:47:01 -0800 (PST) Received: from LOCLAP699.rst-02.locus (50-78-19-50-static.hfc.comcastbusiness.net. [50.78.19.50]) by smtp.gmail.com with ESMTPSA id kr3-20020a0562142b8300b0067aad395037sm3177567qvb.60.2023.12.05.07.47.00 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 05 Dec 2023 07:47:01 -0800 (PST) From: James Prestwood To: iwd@lists.linux.dev Cc: James Prestwood Subject: [PATCH 07/10] auto-t: add H2E password identifier test Date: Tue, 5 Dec 2023 07:46:44 -0800 Message-Id: <20231205154647.1778389-7-prestwoj@gmail.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20231205154647.1778389-1-prestwoj@gmail.com> References: <20231205154647.1778389-1-prestwoj@gmail.com> Precedence: bulk X-Mailing-List: iwd@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 In order to support identifiers the test profiles needed to be reworked due to hostapd allowing multiple password entires. You cannot just call set_value() with a new entry as the old ones still exist. Instead use a unique password for the identifier and non-identifier use cases. After adding this test the failure_test started failing due to hostapd not starting up. This was due to the group being unsupported but oddly only when hostapd was reloaded (running the test individually worked). To fix this the group number was changed to 21 which hostapd does support but IWD does not. --- autotests/testSAE/autoconnect_test.py | 20 +++++++++++++------ autotests/testSAE/failure_test.py | 2 +- autotests/testSAE/ssidSAE.conf | 3 ++- .../{ssidSAE.psk => ssidSAE.psk.default} | 0 autotests/testSAE/ssidSAE.psk.identifier | 3 +++ 5 files changed, 20 insertions(+), 8 deletions(-) rename autotests/testSAE/{ssidSAE.psk => ssidSAE.psk.default} (100%) create mode 100644 autotests/testSAE/ssidSAE.psk.identifier diff --git a/autotests/testSAE/autoconnect_test.py b/autotests/testSAE/autoconnect_test.py index cba59274..4ce3b845 100644 --- a/autotests/testSAE/autoconnect_test.py +++ b/autotests/testSAE/autoconnect_test.py @@ -35,12 +35,23 @@ class Test(unittest.TestCase): wd.wait_for_object_condition(ordered_network.network_object, condition) def test_SAE(self): + IWD.copy_to_storage("ssidSAE.psk.default", name="ssidSAE.psk") self.hostapd.wait_for_event("AP-ENABLED") wd = IWD(True) self.validate_connection(wd) def test_SAE_H2E(self): + IWD.copy_to_storage("ssidSAE.psk.default", name="ssidSAE.psk") + self.hostapd.set_value('sae_pwe', '1') + self.hostapd.set_value('sae_groups', '20') + self.hostapd.reload() + self.hostapd.wait_for_event("AP-ENABLED") + wd = IWD(True) + self.validate_connection(wd) + + def test_SAE_H2E_password_identifier(self): + IWD.copy_to_storage("ssidSAE.psk.identifier", name="ssidSAE.psk") self.hostapd.set_value('sae_pwe', '1') self.hostapd.set_value('sae_groups', '20') self.hostapd.reload() @@ -51,15 +62,12 @@ class Test(unittest.TestCase): def setUp(self): self.hostapd.default() + def tearDown(self): + IWD.clear_storage() + @classmethod def setUpClass(cls): cls.hostapd = HostapdCLI(config='ssidSAE.conf') - IWD.copy_to_storage('ssidSAE.psk') - pass - - @classmethod - def tearDownClass(cls): - IWD.clear_storage() if __name__ == '__main__': unittest.main(exit=True) diff --git a/autotests/testSAE/failure_test.py b/autotests/testSAE/failure_test.py index 2aac3a07..aa4d14b9 100644 --- a/autotests/testSAE/failure_test.py +++ b/autotests/testSAE/failure_test.py @@ -37,7 +37,7 @@ class Test(unittest.TestCase): self.validate_connection(wd, 'InvalidSecret') def test_no_supported_groups(self): - self.hostapd.set_value('sae_groups', '1') + self.hostapd.set_value('sae_groups', '21') self.hostapd.reload() wd = IWD(True) diff --git a/autotests/testSAE/ssidSAE.conf b/autotests/testSAE/ssidSAE.conf index 41f46cad..f5ce537d 100644 --- a/autotests/testSAE/ssidSAE.conf +++ b/autotests/testSAE/ssidSAE.conf @@ -5,7 +5,8 @@ ssid=ssidSAE wpa=2 wpa_key_mgmt=SAE wpa_pairwise=CCMP -sae_password=secret123|mac=ff:ff:ff:ff:ff:ff +sae_password=secret123 +sae_password=withidentifier|id=myidentifier sae_groups=19 ieee80211w=2 sae_pwe=0 diff --git a/autotests/testSAE/ssidSAE.psk b/autotests/testSAE/ssidSAE.psk.default similarity index 100% rename from autotests/testSAE/ssidSAE.psk rename to autotests/testSAE/ssidSAE.psk.default diff --git a/autotests/testSAE/ssidSAE.psk.identifier b/autotests/testSAE/ssidSAE.psk.identifier new file mode 100644 index 00000000..3664063a --- /dev/null +++ b/autotests/testSAE/ssidSAE.psk.identifier @@ -0,0 +1,3 @@ +[Security] +Passphrase=withidentifier +PasswordIdentifier=myidentifier From patchwork Tue Dec 5 15:46:45 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: James Prestwood X-Patchwork-Id: 13480351 Received: from mail-oo1-f49.google.com (mail-oo1-f49.google.com [209.85.161.49]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id DFE765F1F6 for ; Tue, 5 Dec 2023 15:47:03 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="CLZ9xprO" Received: by mail-oo1-f49.google.com with SMTP id 006d021491bc7-58ce8513da1so3895725eaf.2 for ; Tue, 05 Dec 2023 07:47:03 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1701791222; x=1702396022; darn=lists.linux.dev; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=iT7ctme1sO4Kp/oJ7668iSMaXw1fmh4u3UXz4NDSyDg=; b=CLZ9xprOkjYRSAJEKgqIr8Ddgj4AfnyDnx8ydx46FHTalIdRmgDE0+4a7Kkr8X4xrc pMQfUe3i3iXixsGt6L9GguIfw/PiJTsc3RIZOsVYseH9oFL3QIgI1mNLDmAyApeYw7fp RgIlylP7J2NOZWe5Kiw1JSYlgZlhWkkG1oUBFNDeU+w/vXeH16O2SZNR3JLYgpHVV/aa 9RUauJm8LeUOuRM8NbGFKm8Jpdz1uu8LBZAWzI4QflZz5493apt5cjdBlFKj+yeyLHUl C/i6btfxyHV/y7EoajIkzmnhCnagP4U0OevMbd6TZ/9ISQuBAkF01WavSiThmiZ9Dxee XyMg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1701791222; x=1702396022; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=iT7ctme1sO4Kp/oJ7668iSMaXw1fmh4u3UXz4NDSyDg=; b=wGddFkGNTGmx8nmeVhKKpy2NjsRJ12boRGtck+EXz9jUQB9xBxP49k3nkyaSCxFPP5 A3Bbvmy6ih4vsJp0gVg37L95/lyyKpKsfZmoxnOkBpYks+YBDBKyKZKsRfJ38fWukbyA ygnF3ti52z5vqfJV7Dqff1ADvpIgrcVTLWSfYNgGwEHBlIhGKfSX+M/T7QuvdlRrX53G iloAdh0onHBFC8iRvzm4WeAGoDO7GBTjZh/a/h62asNlWiMPYMzB97ryO/eCGGQezy21 uxD0ybc7B7OT2PFLlNRqeuD9yEi4ehxsq2EM8cMxX4dGobFrsmznEd3Je9k2i4AHJYNy BjnQ== X-Gm-Message-State: AOJu0YxaN/N6EEphJpZRVoUi3MiOExGrFoP6ioSe9XdDBdQGkimAIUQW WRmlAJuwUs1lSRDvnEoBxpOyg9QsQec= X-Google-Smtp-Source: AGHT+IFWpWEyK27UGR6odkVUGIoIoQWkQkWqG5VE9VKotp5jGeBBGoo0edPR8tzlu++37umPnKocjw== X-Received: by 2002:a05:6359:2e83:b0:170:17eb:2052 with SMTP id rp3-20020a0563592e8300b0017017eb2052mr5106899rwb.59.1701791222715; Tue, 05 Dec 2023 07:47:02 -0800 (PST) Received: from LOCLAP699.rst-02.locus (50-78-19-50-static.hfc.comcastbusiness.net. [50.78.19.50]) by smtp.gmail.com with ESMTPSA id kr3-20020a0562142b8300b0067aad395037sm3177567qvb.60.2023.12.05.07.47.01 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 05 Dec 2023 07:47:02 -0800 (PST) From: James Prestwood To: iwd@lists.linux.dev Cc: James Prestwood Subject: [PATCH 08/10] mpdu: add unknown password identifier status Date: Tue, 5 Dec 2023 07:46:45 -0800 Message-Id: <20231205154647.1778389-8-prestwoj@gmail.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20231205154647.1778389-1-prestwoj@gmail.com> References: <20231205154647.1778389-1-prestwoj@gmail.com> Precedence: bulk X-Mailing-List: iwd@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 --- src/mpdu.h | 1 + 1 file changed, 1 insertion(+) diff --git a/src/mpdu.h b/src/mpdu.h index f6f19744..cf3114db 100644 --- a/src/mpdu.h +++ b/src/mpdu.h @@ -231,6 +231,7 @@ enum mmpdu_status_code { MMPDU_STATUS_CODE_ENABLEMENT_DENIED = 105, MMPDU_STATUS_CODE_RESTRICT_AUTH_GDB = 106, MMPDU_STATUS_CODE_AUTHORIZATION_DEENABLED = 107, + MMPDU_STATUS_CODE_UNKNOWN_PASSWORD_IDENTIFIER = 123, MMPDU_STATUS_CODE_SAE_HASH_TO_ELEMENT = 126, MMPDU_STATUS_CODE_SAE_PK = 127, }; From patchwork Tue Dec 5 15:46:46 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: James Prestwood X-Patchwork-Id: 13480352 Received: from mail-ot1-f41.google.com (mail-ot1-f41.google.com [209.85.210.41]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id D9DAC5F1F6 for ; Tue, 5 Dec 2023 15:47:06 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="EavWg4mz" Received: by mail-ot1-f41.google.com with SMTP id 46e09a7af769-6d857f6f1c0so3357119a34.0 for ; Tue, 05 Dec 2023 07:47:06 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1701791226; x=1702396026; darn=lists.linux.dev; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=ynkjYcP7IJR8MbXlzdLEE7AfZ7IxCw3aYdjYsAQAuvU=; b=EavWg4mzJa6mDd9hPnWyHbUA0jUJYWEC4CKt6Bq1JiEYNUj/nabnspCDgGswqMu9Jt znowX28B/7Zzvr5qDf9IbSAr92henxrxPP23ie5jlT5pDvhjEvYR4khz487rl8McnmoI 8b37Y2p3YBah3O/BQJx9v5nFS8UAAgTmAlHSuoCiZ5/EUC07/pZIn5+r0cmXQRUCnuPZ 7fHMo1RENcdN672r+nXvihNplXwSMSxNd1fysaosi8uzsqvZix5EFqm/l4UnuGaXsY/q 401ajU5fF20yyyUVQZfbdRKC7RR3rzm1s/bvWGUfZgeDxH/UhxTEk/3SXCJLMNabj/tr uEOQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1701791226; x=1702396026; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=ynkjYcP7IJR8MbXlzdLEE7AfZ7IxCw3aYdjYsAQAuvU=; b=CCicMNqsQoecJE8zoCpaacysh9mTbBg7v9QHQQNrSCiKHKMoXv3WFHzOgnpXyVoEIW CSED2DNW4JhBJoqpEelWDKiRYQXEO5QYDLzIga6WpRiiZ8HTs9YpW76KWsfVuBbTV1Zl 8OdRYV8PPMVjSUwJT4mV9whRqHxKmmRe0XUZPAq+W809oEIB8L5V8Iy5g7p/37E346+E U3HG/Wm4GUJ5+a/VvUEg3jLkOqETwYn9jiwj8dQEtyUL+o9n+01uCPCWUutTPBB4kk+R sajVnKR86CtdW3bq423COy6ZOJ8EGZVPdnNNqnpLVG9TH24bWLcviIJxbBH5vm/Lmj1e tLvA== X-Gm-Message-State: AOJu0Yy7IQyUplvcV8GP7S95QwoRX1A8IBt1A2Bw0H6xcM0ocdmZ6whh bpa3nOvwA2zN8ysRJIT5Z6L6eusvD70= X-Google-Smtp-Source: AGHT+IGfo+OUgz9XH4pFroQvkBmED7q2NIL0wQJb5cwE6nAjeIJcfWQn/fN1RVuWHJ+cg3Hi+5n13Q== X-Received: by 2002:a05:6830:139a:b0:6d9:b049:a26c with SMTP id d26-20020a056830139a00b006d9b049a26cmr1720521otq.15.1701791223851; Tue, 05 Dec 2023 07:47:03 -0800 (PST) Received: from LOCLAP699.rst-02.locus (50-78-19-50-static.hfc.comcastbusiness.net. [50.78.19.50]) by smtp.gmail.com with ESMTPSA id kr3-20020a0562142b8300b0067aad395037sm3177567qvb.60.2023.12.05.07.47.02 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 05 Dec 2023 07:47:03 -0800 (PST) From: James Prestwood To: iwd@lists.linux.dev Cc: James Prestwood Subject: [PATCH 09/10] sae: add debugging for incorrect password identifier Date: Tue, 5 Dec 2023 07:46:46 -0800 Message-Id: <20231205154647.1778389-9-prestwoj@gmail.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20231205154647.1778389-1-prestwoj@gmail.com> References: <20231205154647.1778389-1-prestwoj@gmail.com> Precedence: bulk X-Mailing-List: iwd@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 If the AP rejects the auth because of an unknown identifier catch this and log the error. --- src/sae.c | 16 ++++++++++++---- 1 file changed, 12 insertions(+), 4 deletions(-) diff --git a/src/sae.c b/src/sae.c index da00e4da..9a10292e 100644 --- a/src/sae.c +++ b/src/sae.c @@ -1104,11 +1104,19 @@ static int sae_verify_committed(struct sae_sm *sm, uint16_t transaction, * If the Status is some other nonzero value, the frame shall be * silently discarded and the t0 (retransmission) timer shall be set. */ - if (status != 0 && status != MMPDU_STATUS_CODE_SAE_HASH_TO_ELEMENT) + switch (status) { + case 0: + case MMPDU_STATUS_CODE_SAE_HASH_TO_ELEMENT: + if (status != sae_status_code(sm)) + return -EBADMSG; + break; + case MMPDU_STATUS_CODE_UNKNOWN_PASSWORD_IDENTIFIER: + sae_debug("Incorrect password identifier, check " + "[Security].PasswordIdentifier"); + /* fall through */ + default: return -ENOMSG; - - if (status != sae_status_code(sm)) - return -EBADMSG; + } if (len < 2) return -EBADMSG; From patchwork Tue Dec 5 15:46:47 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: James Prestwood X-Patchwork-Id: 13480353 Received: from mail-qv1-f54.google.com (mail-qv1-f54.google.com [209.85.219.54]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 61E185F1FA for ; Tue, 5 Dec 2023 15:47:08 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="IcqQ5kWO" Received: by mail-qv1-f54.google.com with SMTP id 6a1803df08f44-67ad032559fso9920096d6.2 for ; Tue, 05 Dec 2023 07:47:08 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1701791227; x=1702396027; darn=lists.linux.dev; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=NXnYUofkCp1atA9uXGJyCH9I7mrbJ+/QubCgFZHo8jc=; b=IcqQ5kWOUBeuyY/5wP743CvQRdZubD7A3VSHLBnhb9C6u+scMPlW7C8KX5IbqgpCB6 OXCiBx+6MyPptfWB3S1qqpIJ8MxbMNf0Nu9StkVjm8uNYSlzPw/fdUV8/27Cafll059e tLh9O4ywsNB+MOsJ98rB5PZbdXFA58UMZuCqDIpiRNRoI3dHRtT+nRR1+1elJ/kBlZLo jIX1hXzQqSWQ8e0KjktNDHVTuY3M8Ziw9nuHHCzbpJ7my8fNzThDC3sD1mzgTnBXMXkC oEYwBqAARd2pM7wDWpvhzvHzTOOqx0zDb3LWJBdgd1lct7v4xu5D3qVmq6MmxkBb9x7j H8lg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1701791227; x=1702396027; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=NXnYUofkCp1atA9uXGJyCH9I7mrbJ+/QubCgFZHo8jc=; b=Z9921lh7TGy+n6+ou/x6a5KyAaThOnrSpYhc2UdbzX+/gMjClz85KQYbsvHqwP5rNW yRVa/+PnT2bXRsTpa6Pd/2dn1NvKkp29AT6r33wZjcTf1ea+MvqvC8j1bWnCWJReQFD9 PiB3/3vjf3t5RbMpUpPteKaTN9aI2dDAjb8v7SbEKHc4kMNuh2A4/+8OLjZ8BnpmklPH 6DD05E47zqCUO41J+bQrB60D9nldkZf0LgjmHPnJc6yWzlvsrGZmKmqB2bgcyWsc8Gpn GynUI/ewWHeYMGrRqzw1TgnaM9IzNhRsMO5iarnd5M3lceymwZkENocvV0gSOUrUR9ay 28Gg== X-Gm-Message-State: AOJu0Yw/xvULqmukZTkqqte8KZ0OkkFiyQrENzZHLYxniu3oS5OKtE4b 8vRdbqxQ17ghra7NZ40pdgZD8TpwYEA= X-Google-Smtp-Source: AGHT+IGkkIyFwuC/5jNfnEZXyXCt6T+1dalkxR7630hivi8mOrv/MJ3IQpj+3/S3scLMIQM5o2V3kg== X-Received: by 2002:a05:6214:5ed4:b0:67a:8f8c:885c with SMTP id mn20-20020a0562145ed400b0067a8f8c885cmr1334791qvb.56.1701791227027; Tue, 05 Dec 2023 07:47:07 -0800 (PST) Received: from LOCLAP699.rst-02.locus (50-78-19-50-static.hfc.comcastbusiness.net. [50.78.19.50]) by smtp.gmail.com with ESMTPSA id kr3-20020a0562142b8300b0067aad395037sm3177567qvb.60.2023.12.05.07.47.06 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 05 Dec 2023 07:47:06 -0800 (PST) From: James Prestwood To: iwd@lists.linux.dev Cc: James Prestwood Subject: [PATCH 10/10] auto-t: throw exception if executable is missing Date: Tue, 5 Dec 2023 07:46:47 -0800 Message-Id: <20231205154647.1778389-10-prestwoj@gmail.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20231205154647.1778389-1-prestwoj@gmail.com> References: <20231205154647.1778389-1-prestwoj@gmail.com> Precedence: bulk X-Mailing-List: iwd@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Certain tests may require external processes to work (e.g. testNetconfig) and if missing the test will just hang until the maximum test timeout. Check in start_process if the exe actually exists and if not throw an exception. --- tools/utils.py | 3 +++ 1 file changed, 3 insertions(+) diff --git a/tools/utils.py b/tools/utils.py index a07c3183..8219542e 100644 --- a/tools/utils.py +++ b/tools/utils.py @@ -34,6 +34,9 @@ class Process(subprocess.Popen): logfile = args[0] + if not shutil.which(args[0]): + raise Exception("%s is not found on system" % args[0]) + if Process.is_verbose(args[0], log=False): self.verbose = True