From patchwork Fri Nov 22 15:15:37 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: James Prestwood X-Patchwork-Id: 13883276 Received: from mail-qv1-f53.google.com (mail-qv1-f53.google.com [209.85.219.53]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 3C8B91DED7F for ; Fri, 22 Nov 2024 15:16:00 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.219.53 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1732288562; cv=none; b=fMB860+a0Sd5qOwmounxx//dgy60Vsh9nIlHGOwn7jJ+6/IJJShij8Mz5Ua9ECJXB3VKRfRB+GYRmmioYtgj2PYhDISxz+dpZZf+RNottgr3Vr7BM3y/jGb/xIYctPqG0YHLAmXrFhqLNpQhrs+T5OtYMn2pkMVy+1q5ib+n0XU= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1732288562; c=relaxed/simple; bh=T7EzbGP0zQxKW3CZyanatbIG6gM6n0XcTvl0ip0rhj4=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=UqUbjBp4T9XYX+O8+hxdYmhKN/pbh8qmGef16heLhnXaNPAg3RxQhx5PuEtXFDyBOthDlVHHx5KzMpC+03PIYesjKSdg2xzK0pv1SQcBi6r6S4I7H1nbHIUm6M3Xc3+Su2Ktb21yNru4ExuqpcMAmsXCwtZgm7nI16lytfl8WQQ= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=JfrwWoSy; arc=none smtp.client-ip=209.85.219.53 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="JfrwWoSy" Received: by mail-qv1-f53.google.com with SMTP id 6a1803df08f44-6d41f721047so14779056d6.1 for ; Fri, 22 Nov 2024 07:16:00 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1732288559; x=1732893359; darn=lists.linux.dev; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=QAqtQzo2z/Xd6xeFf3E/w3pqkrQp9PxiPvRFri9XqHU=; b=JfrwWoSyc4AjoUD78xh/q8+a+AoOPcyN0J+B7cocEVxDKyqJDQ0yn8TC1+k5C9JAYn 417sMo8RsEJsf/m90b6aEgzz25JgTk7z73khytcgOwP4FeiVeyRNf/VIAtfYnaXsiMsv y3InT5lDz0V+Eaj0X3roYpY8Vtw0BQVd1k5TkKcK5klTX4l+eXgrBh4QhG03dp9xTJlp 7ZRVdoBjbnmG5JsViiNljArn1gVbCRqmFr+bin5MKmsjJHj8f1/9Tc/ttQ8CGBBXtJgS 5Yy3R7bgSchZC2sz80IEzanFJoYGlqFeQZHLp2jNSbB0uGKz7u+ELfhCbaOZpZDWTdLM xf+w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1732288559; x=1732893359; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=QAqtQzo2z/Xd6xeFf3E/w3pqkrQp9PxiPvRFri9XqHU=; b=HvZDyqmoSVqPPIkEUrTWnNWKFlb0F7ko06zMsgNJlqOB4s4sHtV8YUGG7Uy3Xm7Ems GthiFX/zi0sam8bPs2j/VszzY/SPS2BAzDC7Wbn6AIOfHKyOL+9wRkUUjn+g/36jAAgF oWhoX28uMYmkmIfe+1znRRNLcRlmSNSfxmCCUMKtK7yfY0mwnnTjTQI58Ksrz7acGDGi 6mq2xlcEJjI7B1j8wehucUieHao29rK//kuyW/Kwngz0bkG7n29fj1A+2ohksgf8Ml/X lpSA/QCtzThkC/EjPokeImNSaLDbUK7JyxGFPWFUX3lEG6l9EiH7nx00UvQXMhaVEjio Zxng== X-Gm-Message-State: AOJu0YzMAJWD5jRECJEly5PsyjOlnJMXULCLGrMbOQs3q7y0RbpZhrDq 6hURgLg9X2Ob4YFuTQZKFwAlYUWq//fHs9f6J8/gZSkg43zzuVtr+8g9rw== X-Gm-Gg: ASbGnctQhN/Hvr43Skj69ljQakndg96yZBmtavzIzehdbGKEfSesix4RWTmcky/Kk+a fG+7n2LQgFgZHKayaKVGhD4Y0T6dHsRhwkLDYY85LgeJ+ZMYdgfRfeNXwadPaTYd+EHtAG43l3D OTXDMiNfdEZI7S2mKAFfOWPpqPsCqRgQJfgtbd2fdhQ8l18s++Te++ogNZLo58J3t/nGaWvjO8r PtAPSgdoFKU3DxXUsWymyiixHupX8hMUeCgN9r/nK87dAZ27SnpwafDfocC X-Google-Smtp-Source: AGHT+IH5oWGSC7IXnxDMWH5VoFtWkBkYhi91/nHtkwYn/B/TW3IYm7XrwkOa4l29dNdcsiOvAcz8NQ== X-Received: by 2002:a05:6214:2267:b0:6cb:eba0:267f with SMTP id 6a1803df08f44-6d450eb6858mr48548286d6.16.1732288558796; Fri, 22 Nov 2024 07:15:58 -0800 (PST) Received: from LOCLAP699.localdomain ([152.193.78.90]) by smtp.gmail.com with ESMTPSA id 6a1803df08f44-6d451a9a720sm10722706d6.50.2024.11.22.07.15.57 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 22 Nov 2024 07:15:58 -0800 (PST) From: James Prestwood To: iwd@lists.linux.dev Cc: James Prestwood Subject: [PATCH 01/15] handshake: add ref counting to handshake_state Date: Fri, 22 Nov 2024 07:15:37 -0800 Message-Id: <20241122151551.286355-2-prestwoj@gmail.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20241122151551.286355-1-prestwoj@gmail.com> References: <20241122151551.286355-1-prestwoj@gmail.com> Precedence: bulk X-Mailing-List: iwd@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 This adds a ref count to the handshake state object (as well as ref/unref APIs). Currently IWD is careful to ensure that netdev holds the root reference to the handshake state. Other modules do track it themselves, but ensure that it doesn't get referenced after netdev frees it. Future work related to PMKSA will require that station holds a references to the handshake state, specifically for retry logic, after netdev is done with it so we need a way to delay the free until station is also done. --- src/adhoc.c | 4 ++-- src/ap.c | 2 +- src/handshake.c | 12 +++++++++++- src/handshake.h | 9 ++++++--- src/netdev.c | 5 +++-- src/p2p.c | 2 +- src/station.c | 8 ++++---- src/wsc.c | 2 +- 8 files changed, 29 insertions(+), 15 deletions(-) diff --git a/src/adhoc.c b/src/adhoc.c index e787dab1..930240ae 100644 --- a/src/adhoc.c +++ b/src/adhoc.c @@ -94,13 +94,13 @@ static void adhoc_sta_free(void *data) eapol_sm_free(sta->sm); if (sta->hs_sta) - handshake_state_free(sta->hs_sta); + handshake_state_unref(sta->hs_sta); if (sta->sm_a) eapol_sm_free(sta->sm_a); if (sta->hs_auth) - handshake_state_free(sta->hs_auth); + handshake_state_unref(sta->hs_auth); end: l_free(sta); diff --git a/src/ap.c b/src/ap.c index 562e00c8..d52b7e55 100644 --- a/src/ap.c +++ b/src/ap.c @@ -230,7 +230,7 @@ static void ap_stop_handshake(struct sta_state *sta) } if (sta->hs) { - handshake_state_free(sta->hs); + handshake_state_unref(sta->hs); sta->hs = NULL; } diff --git a/src/handshake.c b/src/handshake.c index fc1978df..7fb75dc4 100644 --- a/src/handshake.c +++ b/src/handshake.c @@ -103,7 +103,14 @@ void __handshake_set_install_ext_tk_func(handshake_install_ext_tk_func_t func) install_ext_tk = func; } -void handshake_state_free(struct handshake_state *s) +struct handshake_state *handshake_state_ref(struct handshake_state *s) +{ + __sync_fetch_and_add(&s->refcount, 1); + + return s; +} + +void handshake_state_unref(struct handshake_state *s) { __typeof__(s->free) destroy; @@ -117,6 +124,9 @@ void handshake_state_free(struct handshake_state *s) return; } + if (__sync_sub_and_fetch(&s->refcount, 1)) + return; + l_free(s->authenticator_ie); l_free(s->supplicant_ie); l_free(s->authenticator_rsnxe); diff --git a/src/handshake.h b/src/handshake.h index d1116472..6c0946d4 100644 --- a/src/handshake.h +++ b/src/handshake.h @@ -170,6 +170,8 @@ struct handshake_state { bool in_event; handshake_event_func_t event_func; + + int refcount; }; #define HSID(x) UNIQUE_ID(handshake_, x) @@ -186,7 +188,7 @@ struct handshake_state { ##__VA_ARGS__); \ \ if (!HSID(hs)->in_event) { \ - handshake_state_free(HSID(hs)); \ + handshake_state_unref(HSID(hs)); \ HSID(freed) = true; \ } else \ HSID(hs)->in_event = false; \ @@ -194,7 +196,8 @@ struct handshake_state { HSID(freed); \ }) -void handshake_state_free(struct handshake_state *s); +struct handshake_state *handshake_state_ref(struct handshake_state *s); +void handshake_state_unref(struct handshake_state *s); void handshake_state_set_supplicant_address(struct handshake_state *s, const uint8_t *spa); @@ -316,4 +319,4 @@ void handshake_util_build_gtk_kde(enum crypto_cipher cipher, const uint8_t *key, void handshake_util_build_igtk_kde(enum crypto_cipher cipher, const uint8_t *key, unsigned int key_index, uint8_t *to); -DEFINE_CLEANUP_FUNC(handshake_state_free); +DEFINE_CLEANUP_FUNC(handshake_state_unref); diff --git a/src/netdev.c b/src/netdev.c index e86ef1bd..4dccb78a 100644 --- a/src/netdev.c +++ b/src/netdev.c @@ -376,6 +376,7 @@ struct handshake_state *netdev_handshake_state_new(struct netdev *netdev) nhs->super.ifindex = netdev->index; nhs->super.free = netdev_handshake_state_free; + nhs->super.refcount = 1; nhs->netdev = netdev; /* @@ -828,7 +829,7 @@ static void netdev_connect_free(struct netdev *netdev) eapol_preauth_cancel(netdev->index); if (netdev->handshake) { - handshake_state_free(netdev->handshake); + handshake_state_unref(netdev->handshake); netdev->handshake = NULL; } @@ -4239,7 +4240,7 @@ int netdev_reassociate(struct netdev *netdev, const struct scan_bss *target_bss, eapol_sm_free(old_sm); if (old_hs) - handshake_state_free(old_hs); + handshake_state_unref(old_hs); return 0; } diff --git a/src/p2p.c b/src/p2p.c index 676ef146..7d89da21 100644 --- a/src/p2p.c +++ b/src/p2p.c @@ -1497,7 +1497,7 @@ static void p2p_handshake_event(struct handshake_state *hs, static void p2p_try_connect_group(struct p2p_device *dev) { struct scan_bss *bss = dev->conn_wsc_bss; - _auto_(handshake_state_free) struct handshake_state *hs = NULL; + _auto_(handshake_state_unref) struct handshake_state *hs = NULL; struct iovec ie_iov[16]; int ie_num = 0; int r; diff --git a/src/station.c b/src/station.c index 1238734f..c1c7ba9d 100644 --- a/src/station.c +++ b/src/station.c @@ -1394,7 +1394,7 @@ static struct handshake_state *station_handshake_setup(struct station *station, return hs; not_supported: - handshake_state_free(hs); + handshake_state_unref(hs); return NULL; } @@ -2484,7 +2484,7 @@ static void station_preauthenticate_cb(struct netdev *netdev, } if (station_transition_reassociate(station, bss, new_hs) < 0) { - handshake_state_free(new_hs); + handshake_state_unref(new_hs); station_roam_failed(station); } } @@ -2687,7 +2687,7 @@ static bool station_try_next_transition(struct station *station, } if (station_transition_reassociate(station, bss, new_hs) < 0) { - handshake_state_free(new_hs); + handshake_state_unref(new_hs); return false; } @@ -3734,7 +3734,7 @@ int __station_connect_network(struct station *station, struct network *network, station_netdev_event, station_connect_cb, station); if (r < 0) { - handshake_state_free(hs); + handshake_state_unref(hs); return r; } diff --git a/src/wsc.c b/src/wsc.c index f88f5deb..44b8d3de 100644 --- a/src/wsc.c +++ b/src/wsc.c @@ -393,7 +393,7 @@ static int wsc_enrollee_connect(struct wsc_enrollee *wsce, struct scan_bss *bss, return 0; error: - handshake_state_free(hs); + handshake_state_unref(hs); return r; } From patchwork Fri Nov 22 15:15:38 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: James Prestwood X-Patchwork-Id: 13883277 Received: from mail-pg1-f179.google.com (mail-pg1-f179.google.com [209.85.215.179]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 3FEA61DF976 for ; Fri, 22 Nov 2024 15:16:00 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.215.179 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1732288563; cv=none; b=iCOcEX9sroAbOM+awPkBf53b6LdtCW/q2kxD49dzYJRZXTgPuuVOKqS5T+EEEM4TXCBJNohtO6v1ynTN/9bUgqVjq8w0Q7403a4LCJpy9u098M4YbPe44E6P9X9EOFF39JJkzJSFEjt0llvZFfrvssT+Tilj61BGSrZazSlDNqo= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1732288563; c=relaxed/simple; bh=230tCrv6eS/YKazBZPgfJnsYDXGXQokhPPwmyy0C2r0=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=AmcBcOCXUpTAN0po8j3TnZUJtcH47p94ynelcWc213Vtehx4zO1wNkf5O/um1TtnCJ3QmdTcmueAwrV8xPYcwH1K+XCDaAgA2wwNzH77nGC7COwk9hjpMlM7LCUsBvNGMHz4c3XOt7n6kdap+vs6gIO85oQQfwkokJGvuqLBXL0= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=IDLkMFWJ; arc=none smtp.client-ip=209.85.215.179 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="IDLkMFWJ" Received: by mail-pg1-f179.google.com with SMTP id 41be03b00d2f7-7e6cbf6cd1dso1573465a12.3 for ; Fri, 22 Nov 2024 07:16:00 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1732288560; x=1732893360; darn=lists.linux.dev; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=cAgHWR+yJqfwD2qesQmtXh6fgB90YeAcv/lCztwTggw=; b=IDLkMFWJETXtOk8dfSBN1dgLDqYMW10Uz+KiTBL4Ql5vw/axoQ7dDs4VxGufZGQZQN e6RRbhRCh4dnmLs2Wj6k8SgDLqgEkUwhfPPrjLcGSrIUNBvw2aUl6rBl+wF4h65yqFqa 500K2+O7iz5v4juUJpvh1hvAsUT8DVN6TEJFd5H8iqZoJV+k8D7MFHHHvpYIQy26qftZ 0tq/cpZ13sfm0qEqK57T3X1hh0RB7SnArpO6odgJPV+6ESHdbvefNHr6J8xL+OsEELqO WsgQlaf7PbZxEmt4+9WcLbgKx4uoGsRfQavJFIz/Vu35NnEkXqKaBTBf0Uhb+eMWFQBm ovfw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1732288560; x=1732893360; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=cAgHWR+yJqfwD2qesQmtXh6fgB90YeAcv/lCztwTggw=; b=SCih/pDiU5HSgqF3xpRX6BBtCEkDm7EyK1RTAij/XICDwWkEobTtFwcMtuYt/gffjA w4oxgSjF6RlFnth7lIouAAq4NiaEWbAbs2MH8DvK2rmgdLT5b8WEGPUO+1KYvs8+3ZrD weDCXUevtIYOjZwCQJBlb3GWwXFHSqh++SXfiNckloIytS6Dd+TuBHKsnlWfwYQSJj6i D6eA6Lv2RV9/7RwQ38YF4mMjdaVodxMhthBZKvkGBeF79LQJc34CD8a2IwLF9mt9+bhj OaKQuZ51rC8Y61b7oEWKO5FimAKOq6nSQ0xL/H73oV2WjtdqAeEavJXuS0nELLXZe5BO YebA== X-Gm-Message-State: AOJu0YxobSLJo4o/t4z27OdunBO4FkOoLGmn6pIawk+6RG+R+pnAXKsn EOxC6qwVrRINUAnm8MRYDHXZFpyrKZwvq3lkxiF52PP8MG4g6sqEvsT+HQ== X-Gm-Gg: ASbGncuYYZOQA53zVDiBrgFxeWdXo7wcxvya4TU3R6ahq9ALiCPYTfG3xRGk/EXtcY9 7gvSvbWZB+UPwFH78i4qgmSVXLBovAUbmBe6ijmIUPhaH8x3kL3iENce8dX17E9aNHlyVLYV3fm qYF7YRAsZgX2CBUmPY7HxRHtavUn+gQ563IyfdmqIzklcM71EDHHrm9RwUP0UDixsnQ6QxsNGrH FO2wnAhcgoP3fGTAL10s34CLFznvWarpgVTXk8PjDQJCZFMi5aBsjf2Kg+g X-Google-Smtp-Source: AGHT+IH/ue5LLjXgmtDujGDJLEH1X5jYObbw8R7TtqnbYaoUKW7jfcB0vhfaV78pqONedV1SGXYeYA== X-Received: by 2002:a05:6a21:3399:b0:1d9:78c:dcf2 with SMTP id adf61e73a8af0-1e09e5ff718mr3898615637.43.1732288559981; Fri, 22 Nov 2024 07:15:59 -0800 (PST) Received: from LOCLAP699.localdomain ([152.193.78.90]) by smtp.gmail.com with ESMTPSA id 6a1803df08f44-6d451a9a720sm10722706d6.50.2024.11.22.07.15.59 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 22 Nov 2024 07:15:59 -0800 (PST) From: James Prestwood To: iwd@lists.linux.dev Cc: James Prestwood Subject: [PATCH 02/15] unit: update use of handshake_state with ref/unref Date: Fri, 22 Nov 2024 07:15:38 -0800 Message-Id: <20241122151551.286355-3-prestwoj@gmail.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20241122151551.286355-1-prestwoj@gmail.com> References: <20241122151551.286355-1-prestwoj@gmail.com> Precedence: bulk X-Mailing-List: iwd@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 --- unit/test-eapol.c | 38 +++++++++++++++++++++----------------- unit/test-sae.c | 15 ++++++++------- unit/test-wsc.c | 10 ++++++---- 3 files changed, 35 insertions(+), 28 deletions(-) diff --git a/unit/test-eapol.c b/unit/test-eapol.c index 5317f9ad..0e01bfa5 100644 --- a/unit/test-eapol.c +++ b/unit/test-eapol.c @@ -94,6 +94,7 @@ static struct handshake_state *test_handshake_state_new(uint32_t ifindex) ths->super.ifindex = ifindex; ths->super.free = test_handshake_state_free; + ths->super.refcount = 1; return &ths->super; } @@ -2199,7 +2200,7 @@ static void eapol_sm_test_ptk(const void *data) assert(verify_step4_called); eapol_sm_free(sm); - handshake_state_free(hs); + handshake_state_unref(hs); eapol_exit(); } @@ -2263,7 +2264,7 @@ static void eapol_sm_test_igtk(const void *data) assert(verify_step4_called); eapol_sm_free(sm); - handshake_state_free(hs); + handshake_state_unref(hs); eapol_exit(); } @@ -2332,7 +2333,7 @@ static void eapol_sm_test_wpa2_ptk_gtk(const void *data) assert(verify_gtk_step2_called); eapol_sm_free(sm); - handshake_state_free(hs); + handshake_state_unref(hs); eapol_exit(); } @@ -2399,7 +2400,7 @@ static void eapol_sm_test_wpa_ptk_gtk(const void *data) assert(verify_gtk_step2_called); eapol_sm_free(sm); - handshake_state_free(hs); + handshake_state_unref(hs); eapol_exit(); } @@ -2467,7 +2468,7 @@ static void eapol_sm_test_wpa_ptk_gtk_2(const void *data) assert(verify_gtk_step2_called); eapol_sm_free(sm); - handshake_state_free(hs); + handshake_state_unref(hs); eapol_exit(); } @@ -2721,7 +2722,7 @@ static void eapol_sm_wpa2_retransmit_test(const void *data) l_free(ptk); eapol_sm_free(sm); - handshake_state_free(hs); + handshake_state_unref(hs); eapol_exit(); } @@ -3141,7 +3142,7 @@ done: if (sm) eapol_sm_free(sm); - handshake_state_free(hs); + handshake_state_unref(hs); eapol_exit(); eap_exit(); } @@ -3424,7 +3425,7 @@ static void eapol_sm_test_eap_nak(const void *data) sizeof(eap_failure), false); assert(ths->handshake_failed); - handshake_state_free(hs); + handshake_state_unref(hs); eapol_exit(); eap_exit(); } @@ -3510,7 +3511,7 @@ static void eapol_ft_handshake_test(const void *data) assert(verify_step4_called); eapol_sm_free(sm); - handshake_state_free(hs); + handshake_state_unref(hs); eapol_exit(); } @@ -3609,6 +3610,7 @@ static struct handshake_state *test_ap_sta_hs_new(struct test_ap_sta_data *s, ths->super.ifindex = ifindex; ths->super.free = (void (*)(struct handshake_state *s)) l_free; + ths->super.refcount = 1; ths->s = s; return &ths->super; @@ -3692,8 +3694,10 @@ static void eapol_ap_sta_handshake_test(const void *data) test_ap_sta_run(&s); - handshake_state_free(s.ap_hs); - handshake_state_free(s.sta_hs); + l_info("freeing in eapol_ap_sta_handshake_test()"); + + handshake_state_unref(s.ap_hs); + handshake_state_unref(s.sta_hs); __handshake_set_install_tk_func(NULL); assert(s.ap_success && s.sta_success); @@ -3753,8 +3757,8 @@ static void eapol_ap_sta_handshake_bad_psk_test(const void *data) test_ap_sta_run(&s); - handshake_state_free(s.ap_hs); - handshake_state_free(s.sta_hs); + handshake_state_unref(s.ap_hs); + handshake_state_unref(s.sta_hs); __handshake_set_install_tk_func(NULL); /* @@ -3825,8 +3829,8 @@ static void eapol_ap_sta_handshake_ip_alloc_ok_test(const void *data) assert(s.sta_hs->subnet_mask == s.ap_hs->subnet_mask); assert(s.sta_hs->go_ip_addr == s.ap_hs->go_ip_addr); - handshake_state_free(s.ap_hs); - handshake_state_free(s.sta_hs); + handshake_state_unref(s.ap_hs); + handshake_state_unref(s.sta_hs); __handshake_set_install_tk_func(NULL); assert(s.ap_success && s.sta_success); @@ -3889,8 +3893,8 @@ static void eapol_ap_sta_handshake_ip_alloc_no_req_test(const void *data) assert(!s.ap_hs->support_ip_allocation); assert(!s.sta_hs->support_ip_allocation); - handshake_state_free(s.ap_hs); - handshake_state_free(s.sta_hs); + handshake_state_unref(s.ap_hs); + handshake_state_unref(s.sta_hs); __handshake_set_install_tk_func(NULL); assert(s.ap_success && s.sta_success); diff --git a/unit/test-sae.c b/unit/test-sae.c index 04783d18..2e564133 100644 --- a/unit/test-sae.c +++ b/unit/test-sae.c @@ -101,6 +101,7 @@ static struct handshake_state *test_handshake_state_new(uint32_t ifindex) ths->super.ifindex = ifindex; ths->super.free = test_handshake_state_free; + ths->super.refcount = 1; return &ths->super; } @@ -183,7 +184,7 @@ static struct auth_proto *test_initialize(struct test_data *td) static void test_destruct(struct test_data *td) { - handshake_state_free(td->handshake); + handshake_state_unref(td->handshake); l_free(td); } @@ -459,8 +460,8 @@ static void test_bad_confirm(const void *arg) assert(td1->tx_assoc_called); assert(td2->status != 0); - handshake_state_free(hs1); - handshake_state_free(hs2); + handshake_state_unref(hs1); + handshake_state_unref(hs2); ap1->free(ap1); ap2->free(ap2); @@ -544,8 +545,8 @@ static void test_confirm_after_accept(const void *arg) assert(auth_proto_rx_associate(ap1, (uint8_t *)assoc, frame_len) == 0); assert(auth_proto_rx_associate(ap2, (uint8_t *)assoc, frame_len) == 0); - handshake_state_free(hs1); - handshake_state_free(hs2); + handshake_state_unref(hs1); + handshake_state_unref(hs2); auth_proto_free(ap1); auth_proto_free(ap2); @@ -621,8 +622,8 @@ static void test_end_to_end(const void *arg) assert(auth_proto_rx_associate(ap1, (uint8_t *)assoc, frame_len) == 0); assert(auth_proto_rx_associate(ap2, (uint8_t *)assoc, frame_len) == 0); - handshake_state_free(hs1); - handshake_state_free(hs2); + handshake_state_unref(hs1); + handshake_state_unref(hs2); auth_proto_free(ap1); auth_proto_free(ap2); diff --git a/unit/test-wsc.c b/unit/test-wsc.c index 8b130f45..8022ebf6 100644 --- a/unit/test-wsc.c +++ b/unit/test-wsc.c @@ -61,6 +61,7 @@ static struct handshake_state *test_handshake_state_new(uint32_t ifindex) ths->super.ifindex = ifindex; ths->super.free = test_handshake_state_free; + ths->super.refcount = 1; return &ths->super; } @@ -2093,7 +2094,7 @@ static void wsc_test_pbc_handshake(const void *data) eap_fail, sizeof(eap_fail), false); assert(verify.eapol_failed); - handshake_state_free(hs); + handshake_state_unref(hs); eapol_exit(); eap_exit(); } @@ -2216,7 +2217,7 @@ static void wsc_test_retransmission_no_fragmentation(const void *data) sizeof(eap_fail), false); assert(verify.eapol_failed); - handshake_state_free(hs); + handshake_state_unref(hs); eapol_exit(); eap_exit(); } @@ -2335,6 +2336,7 @@ static struct handshake_state *test_ap_sta_hs_new(struct test_ap_sta_data *s, ths->super.ifindex = ifindex; ths->super.free = (void (*)(struct handshake_state *s)) l_free; + ths->super.refcount = 1; ths->s = s; return &ths->super; @@ -2535,8 +2537,8 @@ static void wsc_r_test_pbc_handshake(const void *data) test_ap_sta_run(&s); - handshake_state_free(s.ap_hs); - handshake_state_free(s.sta_hs); + handshake_state_unref(s.ap_hs); + handshake_state_unref(s.sta_hs); __handshake_set_install_tk_func(NULL); l_settings_free(ap_8021x_settings); l_settings_free(sta_8021x_settings); From patchwork Fri Nov 22 15:15:39 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: James Prestwood X-Patchwork-Id: 13883278 Received: from mail-qk1-f176.google.com (mail-qk1-f176.google.com [209.85.222.176]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id C7FBC1DF97C for ; Fri, 22 Nov 2024 15:16:02 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.222.176 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1732288564; cv=none; b=QXnMeeCT8IAYLoJ8eCQMlwWbQiiLLpk+2Vx0CAiB2+bEBU1Oc2gs3RJOuKSArHUI+CLq0y95bJG80emzlKIYRqVAFpT7ezlighwQK7jKjQshV7xhgxWxI32vaSa2hH/VQIzwaQ6ft2j9K//CUPy+AB9UcQ8NnQ/m4yjPOjfOxBE= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1732288564; c=relaxed/simple; bh=lz42EzFJGWQ8+rQb+j+gOzZplkzxcGWyNyolwtaV3kA=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=ZGQ++ejN52axqnzJxAA9it0Yyv/27/RaWgrXuIzSi1ahI72twv5Gh+6ZL4WoCTHO+7nRZiUGWixIHvaCv0kOp25vaP3bZDaEPiuQCn47uKqiL3+w9n8MCNsyTBg13jAYJ8hBYnFqmq1QbyFG15DkXnc0pnkmF3rHBlhnIIEpVz0= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=R7oaKcsA; arc=none smtp.client-ip=209.85.222.176 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="R7oaKcsA" Received: by mail-qk1-f176.google.com with SMTP id af79cd13be357-7b15d7b7a32so143370385a.1 for ; Fri, 22 Nov 2024 07:16:02 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1732288561; x=1732893361; darn=lists.linux.dev; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=aeqantfww0CyY6LtbLG/AePT/EJjBBFmJzhCfNYHwDA=; b=R7oaKcsA+2P7qhpCJ+nV8zf9tOMn+u3aTCDrgar2e9dB4Amf/p+NvNCxVYWhZmvV4C f1zHBPKOa/Hcop6VGofAi7FkjwLcrA5iggVacI/KS2Zw2tP98W72yUPRb1Ql9iuJNNA3 BYmnDhVOjZMdsGUk/+qTLR5Yv04zZy1RMP+7ndr4WN3tPHy72CIkMRWsVPVM4JOHVLjG gEtVTs53QAiJ6guXG0R+/Trl1FwcJCvJvgz81Fyhxh8mildK4cpGcSEwna/SrtVpbADV s0FF8Yp3XLt0Hzmv2An6U5jWSn7Ks0O79yYpYVqbW7r0ExlG4nqLWh/4s8UerXH5Rz3V GadQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1732288561; x=1732893361; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=aeqantfww0CyY6LtbLG/AePT/EJjBBFmJzhCfNYHwDA=; b=HIUAinV97atZSSA0HqBXYeZ+p8EH1VS+iweQc2VZTJ6kPkzdzF6u1JheRDSnxK/r9Q L6wDDAv1mStWXlpwqOM8LZopiLVynN4YfVPAlNTx3M9OxpWoeAUk4sxtAqDlFLZTVPBO /yr9+hiOAhNCSYwnG1IG7sWK6DdcOtkE7ej0QZZVFFgbV5dHXJOWwSwwd5TzP4DKMM5S /BoRzfAgC8MHOVE421POt6ofF+/5bMqZP8iBmbIAPdzXcqevDT/QRYd+WisD28p87J14 zCsRbZoO/HAbkOByBmGF8tEiC/iCzY19DED/G+TZXuFq1tZYPDWdjEb8N1KyB2EtCMII YD0w== X-Gm-Message-State: AOJu0Yyq6/iFv0nwn9bCQv0RoBfyp7jBVK6RjJ13Glq+AbELlhtr1pta hZjyTPfbAT29CQzpYZwZVKZ8SIMzysuzehWvW7ndwlRRFU2SVOEKlOFZ3A== X-Gm-Gg: ASbGnctubjLtM2I3YhpeB+yQKDTj23osrRZj2/ex3mmiq3GrDEhxF6W4CXDLFanrZ7t Gx5q6lKc0Ay7tDorUkD+Fi4pLNGWd9K9uJ2b3HnpuNDAJU+R+AFIhUiAQtpdbEIpOZSDeQa7cbn IsM2Vtij7vYwjrQjdYEzX2dtdZT3qh1xx4sjTXXfp1Jynp2fUFCsLp9FPwaeVMtCvKPXK5yCNFG MWXeNKs0bmsulXkSkn2R98PgsnIbgz/67mbH/JRaFq+wFZ4QRjRafRv0OPd X-Google-Smtp-Source: AGHT+IFQfeFXhHxwV2bRxqSx+juZZ4Rdrz6QFNGGdV+ohlAd/3w1p3uny/NvDu/y5aNJrSI95wmkGA== X-Received: by 2002:a05:6214:20ea:b0:6d4:76a:d96a with SMTP id 6a1803df08f44-6d451393387mr40205276d6.48.1732288561237; Fri, 22 Nov 2024 07:16:01 -0800 (PST) Received: from LOCLAP699.localdomain ([152.193.78.90]) by smtp.gmail.com with ESMTPSA id 6a1803df08f44-6d451a9a720sm10722706d6.50.2024.11.22.07.16.00 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 22 Nov 2024 07:16:00 -0800 (PST) From: James Prestwood To: iwd@lists.linux.dev Cc: James Prestwood Subject: [PATCH 03/15] auto-t: always initialize StationDebug in Device class Date: Fri, 22 Nov 2024 07:15:39 -0800 Message-Id: <20241122151551.286355-4-prestwoj@gmail.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20241122151551.286355-1-prestwoj@gmail.com> References: <20241122151551.286355-1-prestwoj@gmail.com> Precedence: bulk X-Mailing-List: iwd@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Since IWD doesn't utilize DBus signals in "normal" operations its fine to lazy initialize any of the DBus interfaces since properties can be obtained as needed with Get/GetAll. For test-runner though StationDebug uses signals for debug events and until the StationDebug class is initialized (via a method call or property access) all signals will be lost. Fix this by always initializing the StationDebug interface when a Device class is initialized. --- autotests/util/iwd.py | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/autotests/util/iwd.py b/autotests/util/iwd.py index e9101d75..9091807a 100755 --- a/autotests/util/iwd.py +++ b/autotests/util/iwd.py @@ -450,13 +450,15 @@ class Device(IWDDBusAbstract): self._wps_manager_if = None self._station_if = None self._station_props = None - self._station_debug_obj = None self._dpp_obj = None self._sc_dpp_obj = None self._ap_obj = None IWDDBusAbstract.__init__(self, *args, **kwargs) + self._station_debug_obj = StationDebug(object_path=self._object_path, + namespace=self._namespace) + @property def _wps_manager(self): if self._wps_manager_if is None: From patchwork Fri Nov 22 15:15:40 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: James Prestwood X-Patchwork-Id: 13883279 Received: from mail-qv1-f41.google.com (mail-qv1-f41.google.com [209.85.219.41]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 38F591DF27E for ; Fri, 22 Nov 2024 15:16:03 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.219.41 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1732288565; cv=none; b=SF9GxfmxvoiSrVrFEDlMF7jsOfpnV6cTdb3XJeo3s8Urbn6BpSAoS+KVvdrUbi3EV34XWUhzHkVrHEcZPQ3qkn2l/aLZW3MJA5DKapFYYFKVQNc0fJUMX078JjeQKaYq5xbNkURYac/F5DkqUUv99ClpxNmpjwelPUQXL6ALV6M= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1732288565; c=relaxed/simple; bh=F+ZINwdxUv1j8363e0TcjXdQkq8wX3RLY8HtOMevR9Q=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=jvsOQh90wkbMmVvJdEvS+Uu7a8w+Xl+unrOEWkzksr6bGX8Hh7snAlx3rXxoKYVvX1h4PXYagnOLFLu+mFjYabQHm3Pm/LP6sqiHTU8r1YX1lTlnzY3UH5BowY4nShq48BHqE/5KQSGLiNqofT12j63NZv/3GScCeQyWCGS+0is= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=SIgIz61G; arc=none smtp.client-ip=209.85.219.41 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="SIgIz61G" Received: by mail-qv1-f41.google.com with SMTP id 6a1803df08f44-6d408e38561so12958546d6.2 for ; Fri, 22 Nov 2024 07:16:03 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1732288563; x=1732893363; darn=lists.linux.dev; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=w9fJp+iP2ienHIhxJqavPfR0kha9omAdAWoA2nuKMPo=; b=SIgIz61GGv/pNwBs80J0SkE1fEBf5Cm/VQa2CZknpgc88zcsXDZzneqjdBa++jPytV FUeT2UDqJ/fXTA/sg129Wb3c2u0DLJiaVhEYKNk66RiXdWZ9llljMEG4S18UubT/ul02 oE/tQYdPuELtuctC5wIqPYaUNjie0jYQ9stwlLwnJqR+Tw9b2vTqourshTd16LrWsa7u SvYFYRbP+4RyDnXxa27sN33nCxiEc/33FSEYSjuthzbZFQkri2NcwEPRl8EX1pdYDaLm JZWItO0GSBI1shwhnrcRg8MrhPXg1PCf0fYjSvkS9KiSR3ZzEB84HwbpzLA7XNkm+i6p JAjw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1732288563; x=1732893363; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=w9fJp+iP2ienHIhxJqavPfR0kha9omAdAWoA2nuKMPo=; b=qbZvgV5MUn7XjPhIP6msoHsUpCS9bQ8WH7mkKj6zlRuvP0pDSejMOICW/KkrbITGbF OP4NKhGkJ8RsISEMHZKPsrhX/r6szHvQndFZIrWdl9VQX2/zZyr8Yv0ikVJlKglHH+jU bebOUbecDYs549bvh1+FC+iEM9NhzT6/PQ/vLF9ZAmu1Xz2u+HOAKO7YQnFUuBRKURro PzgkVseA2tt9PT2WZOMzidnAFaGnA5HjYgs2W5Pw6fbkl8Bd1ad+78PnT4SLO8M+ta0e FOcLOGImfT9C6pbtgIGKmL45yraDy9SEFwUCnEyFuSHQaP/3PatzWgVhhzpUodz7HfJV T3WA== X-Gm-Message-State: AOJu0YyFFAQd7EEVILGQnszNmMHcY3jaENYqUG+J1wdRm69tjqWV594L F88JJJNIktd5x/3W1353YtLexUu3apbemAxsenSR+meN4YtVox2ciYNbVg== X-Gm-Gg: ASbGncv8QuWye7lCFqh54GdchlHpw016809NzIovYn38QyQou/3BFjZTTrd6dlKNCwi 7KGMSUyTo0w0DI4LIDS9AqQ7Yf5i01cOp7KAoLAPk1ajI0CvSiZHMBYwJcKX5/5T/PILf94tYQo 4sIS0tWhfwDNVFFfPdEBItWL64/qE0yhYtJhGkU82g65rBbn1EiX3rZs0h3Q7H2V4WvNGfrQtIU 6E0k51JvaLkmXmpumzKM1QO/6gWGtymMZ+Hd+q1OfY2MMejTXf3wD6HSwIW X-Google-Smtp-Source: AGHT+IGZk7RyCXPwpdE4MyiDAqgGkq/2/dBkcXrasPdiY1zJ3XSkbCaY8ADr1ZQk2iOIEyrkrTInRA== X-Received: by 2002:a05:6214:1d0a:b0:6cd:ec00:205e with SMTP id 6a1803df08f44-6d450df104cmr55223036d6.0.1732288562614; Fri, 22 Nov 2024 07:16:02 -0800 (PST) Received: from LOCLAP699.localdomain ([152.193.78.90]) by smtp.gmail.com with ESMTPSA id 6a1803df08f44-6d451a9a720sm10722706d6.50.2024.11.22.07.16.01 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 22 Nov 2024 07:16:02 -0800 (PST) From: James Prestwood To: iwd@lists.linux.dev Cc: James Prestwood Subject: [PATCH 04/15] auto-t: add pmksa_flush() to hostapd module Date: Fri, 22 Nov 2024 07:15:40 -0800 Message-Id: <20241122151551.286355-5-prestwoj@gmail.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20241122151551.286355-1-prestwoj@gmail.com> References: <20241122151551.286355-1-prestwoj@gmail.com> Precedence: bulk X-Mailing-List: iwd@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 --- autotests/util/hostapd.py | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/autotests/util/hostapd.py b/autotests/util/hostapd.py index e5e35a96..611d8a63 100644 --- a/autotests/util/hostapd.py +++ b/autotests/util/hostapd.py @@ -368,3 +368,7 @@ class HostapdCLI(object): others = [h for h in args if h != hapd] hapd._add_neighbors(*others) + + def pmksa_flush(self): + cmd = self.cmdline + ['pmksa_flush'] + ctx.start_process(cmd).wait() From patchwork Fri Nov 22 15:15:41 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: James Prestwood X-Patchwork-Id: 13883280 Received: from mail-il1-f179.google.com (mail-il1-f179.google.com [209.85.166.179]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 3D8A01DF722 for ; Fri, 22 Nov 2024 15:16:05 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.166.179 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1732288566; cv=none; b=VfvwoLAAnY8i7ebIZQibsU9jrycYvp2E+s8J6rEsrEWb7WTnqx4DY22ljD1vrRlK6PWuXSyNMO9I9w9WoNPZAvuzwQ1NUzNWnNX4/QOQMy+vr5n2XPGzK2oCfQyGd4O3BLQzfoomXJixGfKkVsI0kl81SmgA5k98jAk74TjAoJ0= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1732288566; c=relaxed/simple; bh=L26BtJ3msy54RtgliMzXVVn1l0C3+Mj3XP2g9AMd0XQ=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=ikfQ0+3CaL4W4K3wB4Z7P1luO9SXXDf01GQe2PvVITwAoee5rOnrQLOt5PbOC55ks6P4Wetwt1D1ejsk9lUBjH+tqW8o0hb7tH8IiowiCo1W86eFlOzgfapU4XmnbCuEOi2BJil6YfXE/WX/TwBEz86YBcFnK0+TBcT8QAuF3Ck= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=aQcD4LcG; arc=none smtp.client-ip=209.85.166.179 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="aQcD4LcG" Received: by mail-il1-f179.google.com with SMTP id e9e14a558f8ab-3a77bd62fdeso7490835ab.2 for ; Fri, 22 Nov 2024 07:16:05 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1732288564; x=1732893364; darn=lists.linux.dev; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=EluXf0G+pEbuPEV/B3osZR6S7xYW0Oy/n3g5+l/9zxs=; b=aQcD4LcGHotNaULmSUa3gb9kf3IPonnpKPIAvcHgJT/DxZzrjk3BnKBYDirKqWKI0A amP1EsyGpFPMraOTZexZ01FG+bVHUKOsBw0vZU5bbnEndMhE9cxnzD/h+9zjY/Q+FSot lwWZRJibt0Wsv3IDQr6XlVSAzctVOGWJJgejxewI5mxrj75F1GW+/XU3NuY1221vY34t gbs4/c1DdgT4XlCQi0KmJhmnqRTipZstCxMTJJRNOQgwf5HhtHSB50lHMQbYVbmQx3GH jY8cLwD9co8Z0kGRK3zYMTv0WHrrY3mcz3oUNh4/DdW8vsdiOTH/edRQpLyAVaHuyyU8 QLDA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1732288564; x=1732893364; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=EluXf0G+pEbuPEV/B3osZR6S7xYW0Oy/n3g5+l/9zxs=; b=j6FkbArRVrDyqio8LiAIEyjuRnvvGrVaIkG3b6z6+XEtU7w1Yl+z6FZ9jdLa3CXjuL trbQHZcLw/oMnWsRlHMkAsn+CqS8Y13OWl5TZ44BRRqOPWwxXaeSSW89SzeVYzDq6BCs ERR9avwwx7AkdT/ZBJ1vMoF1QaoVY4gUNJgsWpnJBJ6WL+mt7QOSGyv8veBxGN1YkKae by7F1tiZ6TzhKljgzgE6rgtM+YD6s5f6vS8YbeTuZzYQuZ8SKgW1bxRHnOzW94d7kVR5 4k1WMGwbMj2tUziS2Be92hT2hsvLIx0DjZzHW4S2/CrK+gjvohev3hE4Ha3KyTpTEvw8 47Qg== X-Gm-Message-State: AOJu0YzzxszKacgFNjc0bcDWAshwRHMX5rbx3sA3R4swk5zApyGW4zYi A48P6yJiyvzEmAqI4MxRAUc4AmIN6Btty0ro4XGL1xz6uTwoLvFCOAGcxw== X-Gm-Gg: ASbGnctR5DfF2mpLT5BRCnd3ji+inGAIXcRqtkymkyaXcdOciyEqS/YHN0yDBOHUg+n qIz261K73p2VpZlvzwRXuDAuBvybPCIALfYeJV1A8oe+l93ttUDt5cxgiQMWXWHydKhdOKCu+6z CoCnIzXOgALXZtDZVoUBxmIQ4Cs6s/mSzNwLv/fqqa6crWiC27EysSwh2KBYwSPrrjIlFE54qVl Rary2aOGDmjOuJVrhliIwmJyGvmvqhC2rVzoj2CsBGMKMZgzXgoFbGt+Pzq X-Google-Smtp-Source: AGHT+IFiv23yCej8xjoqXXEpKWDqmGUdZAhschTIz3t7BqBZlbJKccs4eoZi8Y4Zo7RI692WaOYGug== X-Received: by 2002:a92:ca0c:0:b0:3a7:466e:9ebd with SMTP id e9e14a558f8ab-3a79aeacd85mr40460805ab.11.1732288564148; Fri, 22 Nov 2024 07:16:04 -0800 (PST) Received: from LOCLAP699.localdomain ([152.193.78.90]) by smtp.gmail.com with ESMTPSA id 6a1803df08f44-6d451a9a720sm10722706d6.50.2024.11.22.07.16.02 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 22 Nov 2024 07:16:03 -0800 (PST) From: James Prestwood To: iwd@lists.linux.dev Cc: James Prestwood Subject: [PATCH 05/15] auto-t: update testSAE to disable PMKSA Date: Fri, 22 Nov 2024 07:15:41 -0800 Message-Id: <20241122151551.286355-6-prestwoj@gmail.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20241122151551.286355-1-prestwoj@gmail.com> References: <20241122151551.286355-1-prestwoj@gmail.com> Precedence: bulk X-Mailing-List: iwd@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 There are quite a few tests here for various scenarios and PMKSA throws a wrench into that. Rather than potentially breaking the tests in attempt to get them working with PMKSA, just disable PMKSA. --- autotests/testSAE/main.conf | 3 +++ 1 file changed, 3 insertions(+) diff --git a/autotests/testSAE/main.conf b/autotests/testSAE/main.conf index 932eb38b..ee279b4f 100644 --- a/autotests/testSAE/main.conf +++ b/autotests/testSAE/main.conf @@ -4,3 +4,6 @@ # hardware, but fails when used in simulated environment with mac80211_hwsim. # Disable MAC randomization for the tests with hidden networks. DisableMacAddressRandomization=true + +[General] +DisablePMKSA=true From patchwork Fri Nov 22 15:15:42 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: James Prestwood X-Patchwork-Id: 13883282 Received: from mail-qk1-f180.google.com (mail-qk1-f180.google.com [209.85.222.180]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id AD6171C9DD8 for ; Fri, 22 Nov 2024 15:16:06 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.222.180 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1732288570; cv=none; b=cTJnllC3Ky87b47wVcVDnXqmsdjf7gNQ8E2l4htHvG6WgLFfJFGaFdjwNkfkLh7k6S2jvndDFtEctWa9OI8xon0uuTBIXLBu/R3kRDxktb/IxI+rMF7Ai89RbgBsuI0WXtg/qB6q76LSXT19GMMMcq5arEAIjaCgHyjQX1X0F7k= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1732288570; c=relaxed/simple; bh=sset+1TO+8i949hxTEFOSaqIim/tp8WUtormVpZOSLg=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=AxerPiFETuoZEBchQkWn3g2hGe2Fu6/sUsf59DmUQzaXLoHXROwt3znqEDj7Rw8sBGCdR6zjswOM81TYnrPb861Hf6UJjLGaAhEUf3v6ulJQJaZjWEHOslOzNhszO/Fwn5XkHZIza5CanQRu/PxfaNkcMTVeJU8ZZuG95KEsZyI= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=DNoXx8sJ; arc=none smtp.client-ip=209.85.222.180 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="DNoXx8sJ" Received: by mail-qk1-f180.google.com with SMTP id af79cd13be357-7b14554468fso135297685a.1 for ; Fri, 22 Nov 2024 07:16:06 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1732288565; x=1732893365; darn=lists.linux.dev; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=sIq6dqXW8C1tIT4R4xEZpqWXbljQvRD8NKszaY6Ivpg=; b=DNoXx8sJz51t4BguyzNgP/7SHFQ/HKLlZScB8f0zxmxfraV7mdX0X3XMBVKXYx5E/e J5aSp1HiOeAVGKgxeR/hofuX6F9mrnyuufvBdnLkPWzP6DgrOz82mDyT85Q+EoPol+63 8w2cOk60tSKvZmwUfueqccTsYA8IlwM1tGf/QKVZgI1dFklkOHtzwY7r4X/776Hzub3q WCCznbfiN55gTDo0BI39M2+FmQIxPaa2/8eBwe5UzDk+P1uhDHk4rDtq4egncvT4j3jK y3kFyJdNSMZBt5mbTTeEc27ud9Ry7yDsa1AyUIi5au3oesIme6UMKilca4LswFxpEgLE KlQg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1732288565; x=1732893365; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=sIq6dqXW8C1tIT4R4xEZpqWXbljQvRD8NKszaY6Ivpg=; b=YBpRpSlKwkTzADNLFyjtN1z9zB8RLEvPWSPyhKfBI9BpgM0lvsj1wWFZlEDGc23Kzc Qml9iLQAPi9LzwFfOZatJXjyW2P1sPPMD4PWwZFausvOrxW7VjV9ACicd/CpkyvGCmhw 5yrI0L39l5z7fMMgYF1A0/yLwTB3zg++9bS2R/RdE1yxcC1ijzkP3pNCjwBMkP1306f0 KUmMLTJMo6lwaaz5U5Yntz5bxP0x2p7ybECHWYUM+uFLuo1rYyoVgjFQjiqkUkRbawPw h512HVF3U2rgDuvzyTupikRASZ37+AKf4AG7Rm592jXP61OykQKje9oXPfzI+9wHJvkl wmjA== X-Gm-Message-State: AOJu0YxAz2uTEll+R3+ruUaU8geI/42/h8hhuE1HMRUmKtLFvNqvACCj a9QdoExZ3d/ZUq1nW3cYrIBYOqhgNGVyQ1eHRHvRy0sNnVIq4IAH2Pm/NQ== X-Gm-Gg: ASbGncuNFES1aBWVioLfOJblb3wAFCjH9KGVf65CZ1arqn3vS5PP0PtBLBX9co1TniN L4shSnQUuDmpYAGcGciMb3kMEVTmsUjyk9Q0JlfUCIWTsAjLRLgFfxoQOd2rQgs25dfORHsBQm0 sga0Dk8O/kXzMPc1yCmu4oAXF0q1u5h0vjuYQPqlsyCQuPxF+AuAYokdIaI57DRoL5/QGUMKPS7 UCNwWdktxkjzE3Ay1Lv5jiC4PQ9w6G/V0OGYLa1mgQpN7jcPv2hkM9tnvE9 X-Google-Smtp-Source: AGHT+IEtgJ6v6EOmSMnU4BCUmHSCQUzULv6OrqwZYrsMpbkV8yaoMRVYm26WiXh19LFmoTika57fwg== X-Received: by 2002:a05:6214:e87:b0:6d3:556c:1002 with SMTP id 6a1803df08f44-6d45135864emr51842876d6.43.1732288565321; Fri, 22 Nov 2024 07:16:05 -0800 (PST) Received: from LOCLAP699.localdomain ([152.193.78.90]) by smtp.gmail.com with ESMTPSA id 6a1803df08f44-6d451a9a720sm10722706d6.50.2024.11.22.07.16.04 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 22 Nov 2024 07:16:04 -0800 (PST) From: James Prestwood To: iwd@lists.linux.dev Cc: Denis Kenzior Subject: [PATCH 06/15] pmksa: Add skeleton Date: Fri, 22 Nov 2024 07:15:42 -0800 Message-Id: <20241122151551.286355-7-prestwoj@gmail.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20241122151551.286355-1-prestwoj@gmail.com> References: <20241122151551.286355-1-prestwoj@gmail.com> Precedence: bulk X-Mailing-List: iwd@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 From: Denis Kenzior --- Makefile.am | 7 +- src/pmksa.c | 224 ++++++++++++++++++++++++++++++++++++++++++++++++++++ src/pmksa.h | 46 +++++++++++ 3 files changed, 275 insertions(+), 2 deletions(-) create mode 100644 src/pmksa.c create mode 100644 src/pmksa.h diff --git a/Makefile.am b/Makefile.am index 61d46d7d..7805ed26 100644 --- a/Makefile.am +++ b/Makefile.am @@ -65,7 +65,8 @@ ell_headers = ell/util.h \ ell/cleanup.h \ ell/netconfig.h \ ell/sysctl.h \ - ell/notifylist.h + ell/notifylist.h \ + ell/minheap.h ell_sources = ell/private.h \ ell/missing.h \ @@ -147,7 +148,8 @@ ell_sources = ell/private.h \ ell/acd.c \ ell/netconfig.c \ ell/sysctl.c \ - ell/notifylist.c + ell/notifylist.c \ + ell/minheap.c ell_shared = ell/useful.h ell/asn1-private.h @@ -269,6 +271,7 @@ src_iwd_SOURCES = src/main.c linux/nl80211.h src/iwd.h \ src/json.h src/json.c \ src/dpp.c \ src/udev.c \ + src/pmksa.h src/pmksa.c \ $(eap_sources) \ $(builtin_sources) diff --git a/src/pmksa.c b/src/pmksa.c new file mode 100644 index 00000000..b2e65d17 --- /dev/null +++ b/src/pmksa.c @@ -0,0 +1,224 @@ +/* + * + * Wireless daemon for Linux + * + * Copyright (C) 2023 Cruise LLC. All rights reserved. + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2.1 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this library; if not, write to the Free Software + * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA + * + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#define _GNU_SOURCE +#include +#include + +#include +#include "ell/useful.h" + +#include "src/module.h" +#include "src/pmksa.h" + +static uint64_t dot11RSNAConfigPMKLifetime = 43200ULL * L_USEC_PER_SEC; +static uint32_t pmksa_cache_capacity = 255; + +struct min_heap { + struct pmksa **data; + uint32_t capacity; + uint32_t used; +}; + +static struct min_heap cache; + +static __always_inline void swap_ptr(void *l, void *r) +{ + struct pmksa **lp = l; + struct pmksa **rp = r; + + SWAP(*lp, *rp); +} + +static __always_inline +bool pmksa_compare_expiration(const void *l, const void *r) +{ + const struct pmksa * const *lp = l; + const struct pmksa * const *rp = r; + + return (*lp)->expiration < (*rp)->expiration; +} + +static struct l_minheap_ops ops = { + .elem_size = sizeof(struct pmksa *), + .swap = swap_ptr, + .less = pmksa_compare_expiration, +}; + +static int pmksa_cache_find(const uint8_t spa[static 6], + const uint8_t aa[static 6], + const uint8_t *ssid, size_t ssid_len, + uint32_t akm) +{ + unsigned int i; + + for (i = 0; i < cache.used; i++) { + struct pmksa *pmksa = cache.data[i]; + + if (memcmp(pmksa->spa, spa, sizeof(pmksa->spa))) + continue; + + if (memcmp(pmksa->aa, aa, sizeof(pmksa->aa))) + continue; + + if (ssid_len != pmksa->ssid_len) + continue; + + if (memcmp(pmksa->ssid, ssid, ssid_len)) + continue; + + if (akm & pmksa->akm) + return i; + } + + return -ENOENT; +} + +/* + * Try to obtain a PMKSA entry from the cache. If the the entry matching + * the parameters is found, it is removed from the cache and returned to the + * caller. The caller is responsible for managing the returned pmksa + * structure + */ +struct pmksa *pmksa_cache_get(const uint8_t spa[static 6], + const uint8_t aa[static 6], + const uint8_t *ssid, size_t ssid_len, + uint32_t akm) +{ + int r = pmksa_cache_find(spa, aa, ssid, ssid_len, akm); + + if (r < 0) + return NULL; + + cache.used -= 1; + if ((uint32_t) r == cache.used) + goto done; + + SWAP(cache.data[r], cache.data[cache.used]); + __minheap_sift_down(cache.data, cache.used, r, &ops); + +done: + return cache.data[cache.used]; +} + +/* + * Put a PMKSA into the cache. It will be sorted in soonest-to-expire order. + * If the cache is full, then soonest-to-expire entry is removed first. + */ +int pmksa_cache_put(struct pmksa *pmksa) +{ + if (cache.used == cache.capacity) { + l_free(cache.data[0]); + cache.data[0] = pmksa; + __minheap_sift_down(cache.data, cache.used, 0, &ops); + return 0; + } + + cache.data[cache.used] = pmksa; + __minheap_sift_up(cache.data, cache.used, &ops); + cache.used += 1; + + return 0; +} + +/* + * Expire all PMKSA entries with expiration time smaller or equal to the cutoff + * time. + */ +int pmksa_cache_expire(uint64_t cutoff) +{ + int i; + int used = cache.used; + int remaining = 0; + + for (i = 0; i < used; i++) { + if (cache.data[i]->expiration <= cutoff) { + l_free(cache.data[i]); + continue; + } + + cache.data[remaining] = cache.data[i]; + remaining += 1; + } + + cache.used = remaining; + + for (i = cache.used >> 1; i >= 0; i--) + __minheap_sift_down(cache.data, cache.used, i, &ops); + + return used - remaining; +} + +/* + * Flush all PMKSA entries from the cache, regardless of expiration time. + */ +int pmksa_cache_flush(void) +{ + uint32_t i; + + for (i = 0; i < cache.used; i++) + l_free(cache.data[i]); + + memset(cache.data, 0, cache.capacity * sizeof(struct pmksa *)); + cache.used = 0; + return 0; +} + +struct pmksa **__pmksa_cache_get_all(uint32_t *out_n_entries) +{ + if (out_n_entries) + *out_n_entries = cache.used; + + return cache.data; +} + +uint64_t pmksa_lifetime(void) +{ + return dot11RSNAConfigPMKLifetime; +} + +void __pmksa_set_config(const struct l_settings *config) +{ + l_settings_get_uint(config, "PMKSA", "Capacity", + &pmksa_cache_capacity); +} + +static int pmksa_init(void) +{ + cache.capacity = pmksa_cache_capacity; + cache.used = 0; + cache.data = l_new(struct pmksa *, cache.capacity); + + return 0; +} + +static void pmksa_exit(void) +{ + pmksa_cache_flush(); + l_free(cache.data); +} + +IWD_MODULE(pmksa, pmksa_init, pmksa_exit); diff --git a/src/pmksa.h b/src/pmksa.h new file mode 100644 index 00000000..67879309 --- /dev/null +++ b/src/pmksa.h @@ -0,0 +1,46 @@ +/* + * + * Wireless daemon for Linux + * + * Copyright (C) 2023 Cruise, LLC. All rights reserved. + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2.1 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this library; if not, write to the Free Software + * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA + * + */ + +struct pmksa { + uint64_t expiration; + uint8_t spa[6]; + uint8_t aa[6]; + uint8_t ssid[32]; + size_t ssid_len; + uint32_t akm; + uint8_t pmkid[16]; + uint8_t pmk[64]; + size_t pmk_len; +}; + +struct pmksa **__pmksa_cache_get_all(uint32_t *out_n_entries); + +struct pmksa *pmksa_cache_get(const uint8_t spa[static 6], + const uint8_t aa[static 6], + const uint8_t *ssid, size_t ssid_len, + uint32_t akm); +int pmksa_cache_put(struct pmksa *pmksa); +int pmksa_cache_expire(uint64_t cutoff); +int pmksa_cache_flush(void); + +uint64_t pmksa_lifetime(void); +void __pmksa_set_config(const struct l_settings *config); From patchwork Fri Nov 22 15:15:43 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: James Prestwood X-Patchwork-Id: 13883281 Received: from mail-qv1-f53.google.com (mail-qv1-f53.google.com [209.85.219.53]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id D2A3D1DEFDD for ; Fri, 22 Nov 2024 15:16:07 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.219.53 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1732288569; cv=none; b=lcZejE9YrZVEciIZW1htUIzoQ7y6ljUHii5FKeb/ZZSwkf3Q0x7Yn4joH89HZByq0l7oRn51oYSyugioWPYDAcVFCbiuAA8e5wXbxQK08ayf7GHES6sAyACuaEtv26TQHhcV0yB2hyRtceuq7y4zn1z2bJ5y8j1xJB4zCx/fq5Q= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1732288569; c=relaxed/simple; bh=FeM5etPn+/9Ik4rov9BMJE/8FNN8Ey/Llhupmx56GZk=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=FTMiBBQO0poZwWJYyWXFq7f72cJujAAhc2zpXgZiBEznWvRCoe3LdInSRRDLtWoqBAx0a2H3e++dNErP3wdsZj0GcW3pNXT3rmJ3gfy9F9P0W9Gu6ERZaZ7lr6J0WeKSzpyG+QRG9ZQZFF2OxV7RZIMHh038B1nwPfMBlmu+6+0= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=GnqSrcR1; arc=none smtp.client-ip=209.85.219.53 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="GnqSrcR1" Received: by mail-qv1-f53.google.com with SMTP id 6a1803df08f44-6d40e69577dso14053126d6.3 for ; Fri, 22 Nov 2024 07:16:07 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1732288566; x=1732893366; darn=lists.linux.dev; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=y9qQyNPSoNg8ool/2AiTWUUmN9QyDPhQB+lmpas63IE=; b=GnqSrcR1IhwJwir4MSEa30jKhWkp5oTbBW+RvLtvSYt1/dTfAOhjSD/jaIKboB4c0g 8pe7gnfMrkrYJoN/L6bhH2P5nLp3L6IA6UA4rAQHa0X8yIhZrUx/RI0lwn8xnHh5Y+RZ xlTElirIObe9bKdxkyuJEt8O6kv2VlH+KOcfvWvgY+j4h5/JrOUfiaQZyUSOXAJliUfK Ekign7Mrle1XABZU8k2zIXa7GfDj2+26H1ixaFVX8HH/r1ZGJ7h4I3HZG3yv3X8uOZVN XljPFTDRGceRet2VrlWnuWAndDnEAV25Fie7SILpsdXT0+9uXlXio0DFDgj9EbRgqXfV /eGw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1732288566; x=1732893366; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=y9qQyNPSoNg8ool/2AiTWUUmN9QyDPhQB+lmpas63IE=; b=lE84ULzh3U+0DPCm5inLm79DK0ATvYcO/zMuZpS2RLZT+cDS1qcIE7+QADPT/Wqsuw ZQMEr+hrGZHRIPr82W5xw+0Vh7xDI5JqRl++ZjVamArzlTLQUTP12Mo65Nt90cVBLGcA FZdtRHRVrV+znv6l/ImKAeA9LF9CwMRQMYTkLU67TGDYV+iA9x2fo9N351ynNmYZQwTL p0Rta9jZiM4KZNJBCY6vugPQ3ANR3E2qaDXBQ2joheXUw75YsmUm3iDVh6bX3YHyMnFD oxQcVIBt+VqAIW103yZXJHfquziJ2NYDvnF/DckFFNb87pNtVtgboth6uiK/ywJCfjUd flpg== X-Gm-Message-State: AOJu0YyBHSwXitLKM/g/SzjyyMoePDPxzKffslnYI73TUeZRGBNpR4+5 rf7nZrkdab3tW+jXMnFUNYEsKlFeDraVn8t7f4B/ETKumTL0Q3Ree6qskQ== X-Gm-Gg: ASbGncuz+9ElOu+asCEe5TUTTuqMeQdinMnRr1PHrl1auy+67n2In1ATexzH5dH7wpo aRpgJBjjEEm/d1uAjKjr/2FR52YqBW4aBlfIqE8h4H/JJTgg8r+XR1T/3bPoJXVgWGMB3RdEJwj tZg85Gp8BP9n6ewbtSItTQ5Y36yK83wGgLFAsZNqak9+wuFdp5OMo39lp6KtzQKqYAxme87ZAd7 kE4W+aLQpCOOUyvDD9NHE0yY1SjNUcdayjr5r1fWvdNqC5jSFOT0jBCrqW+ X-Google-Smtp-Source: AGHT+IEvD6RkXVnCnhUElLVQPCMb4TVdFe3Apz7GLeTFg/BbJKVkMt1GRpFgDzrrSzroPf0FPZMZAA== X-Received: by 2002:a05:6214:c6b:b0:6cb:ef1f:d1ab with SMTP id 6a1803df08f44-6d45112fc0dmr42444336d6.30.1732288566437; Fri, 22 Nov 2024 07:16:06 -0800 (PST) Received: from LOCLAP699.localdomain ([152.193.78.90]) by smtp.gmail.com with ESMTPSA id 6a1803df08f44-6d451a9a720sm10722706d6.50.2024.11.22.07.16.05 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 22 Nov 2024 07:16:06 -0800 (PST) From: James Prestwood To: iwd@lists.linux.dev Cc: Denis Kenzior Subject: [PATCH 07/15] unit: Add basic pmksa test Date: Fri, 22 Nov 2024 07:15:43 -0800 Message-Id: <20241122151551.286355-8-prestwoj@gmail.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20241122151551.286355-1-prestwoj@gmail.com> References: <20241122151551.286355-1-prestwoj@gmail.com> Precedence: bulk X-Mailing-List: iwd@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 From: Denis Kenzior --- .gitignore | 1 + Makefile.am | 7 +- unit/test-pmksa.c | 164 ++++++++++++++++++++++++++++++++++++++++++++++ 3 files changed, 171 insertions(+), 1 deletion(-) create mode 100644 unit/test-pmksa.c diff --git a/.gitignore b/.gitignore index 8af48c16..5fb9145e 100644 --- a/.gitignore +++ b/.gitignore @@ -67,6 +67,7 @@ unit/test-band unit/test-dpp unit/test-json unit/test-nl80211util +unit/test-pmksa unit/cert-*.pem unit/cert-*.csr unit/cert-*.srl diff --git a/Makefile.am b/Makefile.am index 7805ed26..598b8f90 100644 --- a/Makefile.am +++ b/Makefile.am @@ -438,7 +438,8 @@ unit_tests += unit/test-cmac-aes \ unit/test-ie unit/test-util unit/test-ssid-security \ unit/test-arc4 unit/test-wsc unit/test-eap-mschapv2 \ unit/test-eap-sim unit/test-sae unit/test-p2p unit/test-band \ - unit/test-dpp unit/test-json unit/test-nl80211util + unit/test-dpp unit/test-json unit/test-nl80211util \ + unit/test-pmksa endif if CLIENT @@ -594,6 +595,10 @@ unit_test_nl80211util_SOURCES = unit/test-nl80211util.c \ src/ie.h src/ie.c \ src/util.h src/util.c unit_test_nl80211util_LDADD = $(ell_ldadd) + +unit_test_pmksa_SOURCES = unit/test-pmksa.c src/pmksa.c src/pmksa.h \ + src/module.h src/util.h +unit_test_pmksa_LDADD = $(ell_ldadd) endif if CLIENT diff --git a/unit/test-pmksa.c b/unit/test-pmksa.c new file mode 100644 index 00000000..4c7111aa --- /dev/null +++ b/unit/test-pmksa.c @@ -0,0 +1,164 @@ +/* + * + * Wireless daemon for Linux + * + * Copyright (C) 2023 Cruise LLC. All rights reserved. + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2.1 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this library; if not, write to the Free Software + * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA + * + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include +#include +#include + +#include "src/module.h" +#include "src/util.h" +#include "src/pmksa.h" + +static bool verbose = false; +static struct l_settings *config; +extern struct iwd_module_desc __start___iwd_module[]; +extern struct iwd_module_desc __stop___iwd_module[]; +/* There's a single module compiled in, so it will be the pmksa one */ +static struct iwd_module_desc *pmksa = __start___iwd_module; + +static void print_cache() +{ + uint32_t used; + struct pmksa **entries = __pmksa_cache_get_all(&used); + uint32_t i; + + for (i = 0; i < used; i++) { + struct pmksa *pmksa = entries[i]; + + fprintf(stderr, "%02u aa "MAC" spa "MAC" expiration: %" + PRIu64"\n", i, + MAC_STR(pmksa->aa), MAC_STR(pmksa->spa), + pmksa->expiration); + } +} + +static struct pmksa *make_pmksa() +{ + static uint32_t counter = 0xabcdef00; + struct pmksa *pmksa = l_new(struct pmksa, 1); + + memcpy(pmksa->aa, &counter, sizeof(counter)); + counter += 1; + memcpy(pmksa->spa, &counter, sizeof(counter)); + counter += 1; + + pmksa->ssid_len = 6; + pmksa->ssid[0] = 'F'; + pmksa->ssid[1] = 'o'; + pmksa->ssid[2] = 'o'; + pmksa->ssid[3] = 'b'; + pmksa->ssid[4] = 'a'; + pmksa->ssid[5] = 'r'; + + pmksa->akm = 0x4; + + return pmksa; +} + +static void test_pmksa(const void *data) +{ + struct pmksa *p; + struct pmksa **entries; + uint32_t used; + + config = l_settings_new(); + l_settings_set_uint(config, "PMKSA", "Capacity", 7); + __pmksa_set_config(config); + pmksa->init(); + + p = make_pmksa(); + p->expiration = 20; + assert(!pmksa_cache_put(p)); + + p = make_pmksa(); + p->expiration = 15; + assert(!pmksa_cache_put(p)); + + p = make_pmksa(); + p->expiration = 32; + assert(!pmksa_cache_put(p)); + + p = make_pmksa(); + p->expiration = 48; + assert(!pmksa_cache_put(p)); + + p = make_pmksa(); + p->expiration = 102; + assert(!pmksa_cache_put(p)); + + p = make_pmksa(); + p->expiration = 55; + assert(!pmksa_cache_put(p)); + + p = make_pmksa(); + p->expiration = 41; + assert(!pmksa_cache_put(p)); + + p = make_pmksa(); + p->expiration = 66; + assert(!pmksa_cache_put(p)); + + if (verbose) + print_cache(); + + entries = __pmksa_cache_get_all(&used); + assert(used == 7); + assert(entries[0]->expiration == 20); + + /* Reverse spa and aa */ + p = pmksa_cache_get(entries[0]->aa, entries[0]->spa, + entries[0]->ssid, entries[0]->ssid_len, + 0xff); + assert(!p); + + p = pmksa_cache_get(entries[0]->spa, entries[0]->aa, + entries[0]->ssid, entries[0]->ssid_len, + 0xff); + assert(p); + l_free(p); + + entries = __pmksa_cache_get_all(&used); + assert(used == 6); + assert(entries[0]->expiration == 32); + + assert(pmksa_cache_expire(48) == 3); + entries = __pmksa_cache_get_all(&used); + assert(used == 3); + assert(entries[0]->expiration == 55); + + pmksa->exit(); + l_settings_free(config); +} + +int main(int argc, char *argv[]) +{ + l_test_init(&argc, &argv); + + l_test_add("PMKSA/basics", test_pmksa, NULL); + + return l_test_run(); +} From patchwork Fri Nov 22 15:15:44 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: James Prestwood X-Patchwork-Id: 13883283 Received: from mail-qv1-f53.google.com (mail-qv1-f53.google.com [209.85.219.53]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id D69661DF256 for ; Fri, 22 Nov 2024 15:16:08 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.219.53 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1732288570; cv=none; b=lOPHtJ8pA48QdSNO6m87kb+PLOupTIR6kG6GoOc7CBDXVJY1jVhIaLTjIpo0MAFBuCKP3riN27rG2anXsThnUiTAs+GsPCwF8jOYo4sy0nxeLD7TYz2QNSyicgP3XAsrekyIdl2ZeC4bdMqWJVfawG3OUms+4Z1VjQXAalyckD4= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1732288570; c=relaxed/simple; bh=4+jd0WaY3CCOXXrrr8nrvQWvNOU1N3FY4gtRXcAwUgA=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=k/HkLOGc0wn8Y35fWYKaJ9roWADiLo1cE7i+Zel5c1O2f4whAYXVPmRdEETPOJQd4M5ZdmM6yrpqFrDNMQfxT09E7LIhFJX3vD1khHhrOlVxNQaHgsiy+mXCsieo6d3jCccesWKDyl9iGm8NvZdIP8HnGrhLOp2hoZfY0j+lgTI= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=LHK6w6DO; arc=none smtp.client-ip=209.85.219.53 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="LHK6w6DO" Received: by mail-qv1-f53.google.com with SMTP id 6a1803df08f44-6d415acf76aso15817366d6.0 for ; Fri, 22 Nov 2024 07:16:08 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1732288567; x=1732893367; darn=lists.linux.dev; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=QCiQSzxPcx5+c2otdncEyVvFElCasBr2HwAktaS1x0U=; b=LHK6w6DOMXYVGwTiJnJ41wA8GRghLuQ+loG6pB9eOmyl710AsoSI2EQlHcCC5PFZz8 fv2S3P8sYs7m7GxAXSMwin0dvObLVZdUlX1OpLKaun3fGAlBAiEWJWhDJMR/xj5SFWbj p0A/lGX3xN7078yrcqZwUcF7NiZH+FLXHSCALQlysRwTEfFmKFVEwMWaRzUwz1CLQ/Y7 TlZ9b4ibxvb31rGz+r36NugJnVfUODSkdXzzMWAXhTJsYNiajLWzr0shAdvlILkn05Ir pbc9cDGQy2KXOjWaggGVGt94Pcn0OyWkKRKligXpaapCrBZmImXmUU4jApAXVBjWJiXL USmg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1732288567; x=1732893367; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=QCiQSzxPcx5+c2otdncEyVvFElCasBr2HwAktaS1x0U=; b=vl+1VBEpun6gtP9FIR2C8Z26ICfdRjPHYhkc3zAass1K7r+/aXzfncVBuyCJsQuoYd eVCZtOdkzWlyOp2L9tiWHvIYElFORoDfE0UJxElT1nGSR1HfewrsquIrvcNReDyPAkmp J82SXQ2Iw2PPEhDXTJxaHJFe/QW8qyWVr27zhwU+DyS2uJPHH66en4YCI6BGDLzmkzgu VUJzRhl2nUakHu5qZtbbvET8xSqlDbsBHyXlmyLcU/QW9l99T/8zFfmKyE5+p9Ts4T/1 19IR9TiMRrrvzWgBrigA7C8qTZgbxMuxA+nO7IkEHcMIezgd9qOdyHK1UZedk05cfE4o A9dQ== X-Gm-Message-State: AOJu0YwMvI1FLKxrZbKoklKEGX7eiiYdDjcJN63J9eDAJaZWCPw3Tf3A mgqGWsofEtG6c3BB2xR9E+BxZGfMr/Gi8vPex/AI+ETomQrOIFmmqRaXmg== X-Gm-Gg: ASbGnct+xEIDG4yPrrMo9B9O87T+nCfJtsOEsi+E/EY5Y0b8s9jqLG4Qfis1PfN8UMj wnTnHtlJZ0zckAv08cxRLu5waRXBMJ4gIxfEiMnp7De4OfGBOJUuGqkk2dw8FiHlBb0EPqVEdzh FJxXFvj0QMj3bpBXal100haJ8LW0tpwyAmuIvyWJpNCBKom+g825ODxg2kjLECrqEWUMOrAQtLh u9MIh0xtPey6iftBIWfrXVae5mwzzvNbqXyqxH0rmseHq1GY008zm6slPI5 X-Google-Smtp-Source: AGHT+IGQXB8yESpnzPLmWe7POURgu/O0nd0kFNNz9lWUzuMnUg6UtOcJKpUWMg7d3w4Q74b0AirbBQ== X-Received: by 2002:ad4:4ea5:0:b0:6d4:1680:612d with SMTP id 6a1803df08f44-6d450dd3999mr57782646d6.0.1732288567602; Fri, 22 Nov 2024 07:16:07 -0800 (PST) Received: from LOCLAP699.localdomain ([152.193.78.90]) by smtp.gmail.com with ESMTPSA id 6a1803df08f44-6d451a9a720sm10722706d6.50.2024.11.22.07.16.06 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 22 Nov 2024 07:16:07 -0800 (PST) From: James Prestwood To: iwd@lists.linux.dev Cc: Denis Kenzior Subject: [PATCH 08/15] pmksa: Add debugging Date: Fri, 22 Nov 2024 07:15:44 -0800 Message-Id: <20241122151551.286355-9-prestwoj@gmail.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20241122151551.286355-1-prestwoj@gmail.com> References: <20241122151551.286355-1-prestwoj@gmail.com> Precedence: bulk X-Mailing-List: iwd@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 From: Denis Kenzior --- src/pmksa.c | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/src/pmksa.c b/src/pmksa.c index b2e65d17..bb539b85 100644 --- a/src/pmksa.c +++ b/src/pmksa.c @@ -34,6 +34,10 @@ #include "src/module.h" #include "src/pmksa.h" +#define PMKID "%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x" +#define PMKID_STR(x) x[0], x[1], x[2], x[3], x[4], x[5], x[6], x[7], \ + x[8], x[9], x[10], x[11], x[12], x[13], x[14], x[15] + static uint64_t dot11RSNAConfigPMKLifetime = 43200ULL * L_USEC_PER_SEC; static uint32_t pmksa_cache_capacity = 255; @@ -108,6 +112,7 @@ struct pmksa *pmksa_cache_get(const uint8_t spa[static 6], const uint8_t *ssid, size_t ssid_len, uint32_t akm) { + struct pmksa *pmksa; int r = pmksa_cache_find(spa, aa, ssid, ssid_len, akm); if (r < 0) @@ -121,7 +126,11 @@ struct pmksa *pmksa_cache_get(const uint8_t spa[static 6], __minheap_sift_down(cache.data, cache.used, r, &ops); done: - return cache.data[cache.used]; + pmksa = cache.data[cache.used]; + + l_debug("Returning entry with PMKID: "PMKID, PMKID_STR(pmksa->pmkid)); + + return pmksa; } /* @@ -130,6 +139,8 @@ done: */ int pmksa_cache_put(struct pmksa *pmksa) { + l_debug("Adding entry with PMKID: "PMKID, PMKID_STR(pmksa->pmkid)); + if (cache.used == cache.capacity) { l_free(cache.data[0]); cache.data[0] = pmksa; From patchwork Fri Nov 22 15:15:45 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: James Prestwood X-Patchwork-Id: 13883284 Received: from mail-qv1-f51.google.com (mail-qv1-f51.google.com [209.85.219.51]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 8C2861DF98C for ; Fri, 22 Nov 2024 15:16:10 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.219.51 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1732288572; cv=none; b=d/9zpH8Tu38mAzU8UdQD7iOGVTF9dgwrXnHhazLz0YBnge+uyESE8YO1Nzjsr2LkwYMI4wIeOHMmMMF+pSxfvCgvaOjG1etqAJbYhZDHDb/QrQ+v60/kpYWcP1ij9d/nHOb2mPejTrIyHvPWG/4koEN+T5R1S4dFT8w1O7mgpkw= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1732288572; c=relaxed/simple; bh=app2kwmym8tp71UN5ya5RecWFQZ5ovPmS+/7ZcEHEyQ=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=LZyYYK3F82TVgVoo4ekUXpQAbN/z9Cl8Jbz3ZCpSHVAdGCbPECds7q6wVjCNaOGcvNQiETcDwdfUNBMqoIgFawmhYfuGFl0iDWCUpNVPWK9JLiirKSaQNBYgT69dxUfX0AbIFT+xGcztRUair6Tw8JBCuV+/TM8kluZg0t+LCes= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=RW7bowpn; arc=none smtp.client-ip=209.85.219.51 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="RW7bowpn" Received: by mail-qv1-f51.google.com with SMTP id 6a1803df08f44-6d41c87aec0so15820536d6.0 for ; Fri, 22 Nov 2024 07:16:10 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1732288569; x=1732893369; darn=lists.linux.dev; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=pZj33h3ZSmotzU73CoGbrIL9FdQqLM+ERMw0N8q/Qto=; b=RW7bowpnuVb3LYkevUWCK8MS6LD4ABC6DW8cneuhGQV0dlRLVn9gfVWfghxty/y+eN nJS7vSddFHYQ30WT32CpxuO/6noXyggLmXp9H7y/4KuePX8BGwRlE5R7zLHufilLAwo7 CErSYNgKJU4z3MrZr++G0xbJ5k5Zojhop9r0Q6Tn6tdQBio7fUzA1aDxNZSRMU7kp/3s VRc0kch3ixtElKz4H0pTunMoPersGimd94KnHAgES9PS8X6Bm0UgNBnTnTbunaZ6isFb Ol2ssVg3AVFZZHKvmfbAN9CFqSUinRp3WNRalqlTiUoo+2lqE86SYN3ltgYwmJq6y7zI wIiA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1732288569; x=1732893369; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=pZj33h3ZSmotzU73CoGbrIL9FdQqLM+ERMw0N8q/Qto=; b=dKizKe8y0TM/18vHF4j2+NYjKd2E4XfkQW2dR9gDwbr/Q3HERrjQKCv5SJu9PMxDFU oFOi5ZCc2eS5dI+6yZLJlG3noR0uDZ2Q8W/3qlhi7+vrDyycU9r2XQZ569WKbJ94AWFC z1BvttVyD6orhNp4dgCBlsI+uFmLEVxe9l9oFbGy+CuDE/+eHca3Ghu+k9pvgp1gck40 4yij+q4cvW2cV+eMgmYzAkm+YKArPa6kqaXAscftP68J+4AGcSxnE3oiUtd1FXaQ75ES rr/k5PZIXCQa1hJEF/ki/7s15EQ2gHTbJtIan/xf2q7rZpNcj9SrR7A1VhXTrKNLwqdO V0AQ== X-Gm-Message-State: AOJu0YzqciLqLrHkxiQV/o8Om88JX2FK5ewX/wBs1xzCL+q/pPl2kQ8C Ujz3il1IM5cc7It6XPCDVhBAbx/cQDVRissJzY5EnX1Y8fRB1ZHGT8vrdw== X-Gm-Gg: ASbGncvgSpFhFR/So5iO0bQSgIzVVxrVDWLp3jg/q6TGrD8teRJOCQhkf21ylP5Gh8Y wbvW0DbVUnjwyUoPnxXfXAcjfUnn5IKuZN1rCFAmbET0vUZrNx36txTG5RLdKwzvrtExD0MibDc Z6LBJokeGa/HjBy9/g2DBOv3oWyzj1xTP3lm6FDdzfz/EYWOOOEVzJjMB532i3aH46WwYbAnWJk AnEVKjw/xiXv3LyZWexgXSMuRGI5p4tEs3KVRGjsoGclbAPgGeEPc9ouSm/ X-Google-Smtp-Source: AGHT+IE0jxY2feoVvDdWXZhbwmL/PUkydaVdyOqHx1uItzQTo1zifZB5T8SVJmVoI8k7+hMubtc1Hg== X-Received: by 2002:a05:6214:528f:b0:6d4:2267:61c2 with SMTP id 6a1803df08f44-6d450eccbb3mr47274176d6.15.1732288569161; Fri, 22 Nov 2024 07:16:09 -0800 (PST) Received: from LOCLAP699.localdomain ([152.193.78.90]) by smtp.gmail.com with ESMTPSA id 6a1803df08f44-6d451a9a720sm10722706d6.50.2024.11.22.07.16.07 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 22 Nov 2024 07:16:08 -0800 (PST) From: James Prestwood To: iwd@lists.linux.dev Cc: Denis Kenzior , James Prestwood Subject: [PATCH 09/15] handshake: Add pmksa setter & stealer Date: Fri, 22 Nov 2024 07:15:45 -0800 Message-Id: <20241122151551.286355-10-prestwoj@gmail.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20241122151551.286355-1-prestwoj@gmail.com> References: <20241122151551.286355-1-prestwoj@gmail.com> Precedence: bulk X-Mailing-List: iwd@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 From: Denis Kenzior The majority of this patch was authored by Denis Kenzior, but I have appended setting the PMK inside handshake_state_set_pmksa as well as checking if the pmkid exists in handshake_state_steal_pmkid. Authored-by: Denis Kenzior Authored-by: James Prestwood --- Makefile.am | 4 +++ src/handshake.c | 77 +++++++++++++++++++++++++++++++++++++++++++++++++ src/handshake.h | 11 ++++++- 3 files changed, 91 insertions(+), 1 deletion(-) diff --git a/Makefile.am b/Makefile.am index 598b8f90..89198289 100644 --- a/Makefile.am +++ b/Makefile.am @@ -458,6 +458,7 @@ unit_test_eap_sim_SOURCES = unit/test-eap-sim.c \ src/eapol.h src/eapol.c \ src/eapolutil.h src/eapolutil.c \ src/handshake.h src/handshake.c \ + src/pmksa.h src/pmksa.c \ src/eap.h src/eap.c src/eap-private.h \ src/util.h src/util.c \ src/simauth.h src/simauth.c \ @@ -517,6 +518,7 @@ unit_test_eapol_SOURCES = unit/test-eapol.c \ src/eapol.h src/eapol.c \ src/eapolutil.h src/eapolutil.c \ src/handshake.h src/handshake.c \ + src/pmksa.h src/pmksa.c \ src/eap.h src/eap.c src/eap-private.h \ src/eap-tls.c src/eap-ttls.c \ src/eap-md5.c src/util.c \ @@ -547,6 +549,7 @@ unit_test_wsc_SOURCES = unit/test-wsc.c src/wscutil.h src/wscutil.c \ src/eapol.h src/eapol.c \ src/eapolutil.h src/eapolutil.c \ src/handshake.h src/handshake.c \ + src/pmksa.h src/pmksa.c \ src/eap.h src/eap.c src/eap-private.h \ src/util.h src/util.c \ src/erp.h src/erp.c \ @@ -565,6 +568,7 @@ unit_test_sae_SOURCES = unit/test-sae.c \ src/crypto.h src/crypto.c \ src/ie.h src/ie.c \ src/handshake.h src/handshake.c \ + src/pmksa.h src/pmksa.c \ src/erp.h src/erp.c \ src/band.h src/band.c \ src/util.h src/util.c \ diff --git a/src/handshake.c b/src/handshake.c index 7fb75dc4..a93143d1 100644 --- a/src/handshake.c +++ b/src/handshake.c @@ -43,6 +43,7 @@ #include "src/handshake.h" #include "src/erp.h" #include "src/band.h" +#include "src/pmksa.h" static inline unsigned int n_ecc_groups(void) { @@ -138,6 +139,9 @@ void handshake_state_unref(struct handshake_state *s) l_free(s->fils_ip_resp_ie); l_free(s->vendor_ies); + if (s->have_pmksa) + l_free(s->pmksa); + if (s->erp_cache) erp_cache_put(s->erp_cache); @@ -701,6 +705,11 @@ void handshake_state_install_ptk(struct handshake_state *s) { s->ptk_complete = true; + if (!s->have_pmksa && IE_AKM_IS_SAE(s->akm_suite)) { + l_debug("Adding PMKSA expiration"); + s->expiration = l_time_now() + pmksa_lifetime(); + } + if (install_tk) { uint32_t cipher = ie_rsn_cipher_suite_to_cipher( s->pairwise_cipher); @@ -1203,3 +1212,71 @@ done: return r; } + +bool handshake_state_set_pmksa(struct handshake_state *s, + struct pmksa *pmksa) +{ + /* checks for both expiration || pmksa being set */ + if (s->expiration) + return false; + + s->pmksa = pmksa; + s->have_pmksa = true; + + handshake_state_set_pmkid(s, pmksa->pmkid); + handshake_state_set_pmk(s, pmksa->pmk, pmksa->pmk_len); + + return true; +} + +static struct pmksa *handshake_state_steal_pmksa(struct handshake_state *s) +{ + struct pmksa *pmksa; + uint64_t now = l_time_now(); + + if (s->have_pmksa) { + pmksa = l_steal_ptr(s->pmksa); + s->have_pmksa = false; + + if (l_time_after(now, pmksa->expiration)) { + l_free(pmksa); + pmksa = NULL; + } + + return pmksa; + } + + if (s->expiration && l_time_after(now, s->expiration)) { + s->expiration = 0; + return NULL; + } + + if (!s->have_pmkid) + return NULL; + + pmksa = l_new(struct pmksa, 1); + pmksa->expiration = s->expiration; + memcpy(pmksa->spa, s->spa, sizeof(s->spa)); + memcpy(pmksa->aa, s->aa, sizeof(s->aa)); + memcpy(pmksa->ssid, s->ssid, s->ssid_len); + pmksa->ssid_len = s->ssid_len; + pmksa->akm = s->akm_suite; + memcpy(pmksa->pmkid, s->pmkid, sizeof(s->pmkid)); + pmksa->pmk_len = s->pmk_len; + memcpy(pmksa->pmk, s->pmk, s->pmk_len); + + return pmksa; +} + +void handshake_state_cache_pmksa(struct handshake_state *s) +{ + struct pmksa *pmksa = handshake_state_steal_pmksa(s); + + l_debug("%p", pmksa); + + if (!pmksa) + return; + + if (L_WARN_ON(pmksa_cache_put(pmksa) < 0)) + l_free(pmksa); +} diff --git a/src/handshake.h b/src/handshake.h index 6c0946d4..cf7dc48c 100644 --- a/src/handshake.h +++ b/src/handshake.h @@ -29,6 +29,7 @@ struct handshake_state; enum crypto_cipher; struct eapol_frame; +struct pmksa; enum handshake_kde { /* 802.11-2020 Table 12-9 in section 12.7.2 */ @@ -141,7 +142,12 @@ struct handshake_state { bool supplicant_ocvc : 1; bool ext_key_id_capable : 1; bool force_default_ecc_group : 1; - uint8_t ssid[SSID_MAX_SIZE]; + bool have_pmksa : 1; + union { + struct pmksa *pmksa; + uint64_t expiration; + }; + uint8_t ssid[32]; size_t ssid_len; char *passphrase; char *password_identifier; @@ -302,6 +308,9 @@ void handshake_state_set_chandef(struct handshake_state *s, int handshake_state_verify_oci(struct handshake_state *s, const uint8_t *oci, size_t oci_len); +bool handshake_state_set_pmksa(struct handshake_state *s, struct pmksa *pmksa); +void handshake_state_cache_pmksa(struct handshake_state *s); + bool handshake_util_ap_ie_matches(const struct ie_rsn_info *msg_info, const uint8_t *scan_ie, bool is_wpa); From patchwork Fri Nov 22 15:15:46 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: James Prestwood X-Patchwork-Id: 13883286 Received: from mail-qv1-f54.google.com (mail-qv1-f54.google.com [209.85.219.54]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 5CE621DF99E for ; Fri, 22 Nov 2024 15:16:13 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.219.54 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1732288574; cv=none; b=UOSLKKjNQSL4zPlxNQMLJXRHEM8Vv0aaOTcEz/A17bous/cBGVQiATbdwAyVqcMl+ZQi4To+/PcV2qRf2ZpSoRrYCSYi1AtB3BNuztFMtmIKnUwtdfJdHyT7AmM5wjQ83+rhvkrzGXJzvC1ryYP6v0Uo/AnZ6MKUHuG99zs+3jk= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1732288574; c=relaxed/simple; bh=r4P8q139hjoAa4Omu3oa5TeH/RnzK6yAGa+FRHnh1Hg=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=BGeLPWFZELUs4UrkZq3Jjkp1w0IAnn2ttb38rB9EoVBxoSJ+T7XIB/nqHxdouOEQwWSFJ5pHEZJWGmZaQlL11f556eQgGwQgfVeZPZkW8jsXNcqX1Q/Z0uGLYui5Xw+pEgynarexmCVW67RCRddjPWWRUIPCEO36f4ufKax2H1Y= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=CI4yJIG4; arc=none smtp.client-ip=209.85.219.54 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="CI4yJIG4" Received: by mail-qv1-f54.google.com with SMTP id 6a1803df08f44-6d4241457b7so12728716d6.2 for ; Fri, 22 Nov 2024 07:16:13 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1732288572; x=1732893372; darn=lists.linux.dev; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=p1op6WaQ6eSX7k/vlLsIm129sQQqpo51cEuN6bTvB8s=; b=CI4yJIG4jD0MgSFnpAvnEwWUJh+oB2hZTMBRMjt1Jw3mADwGQn+f73dys5YYFPCkRx VoxHmfCMXf47JU08TtMjYS7fvmG3Fo+pY9YbP/1yvQiPxa2d8mGbB69Or9MTq7BnHSbA PoTQPTrY4mSTjnUiq5UPpG+/RqRQD5KkTY+U4klrP0JkFk30NOWyN9gDunJx1s4M1K8F otulJ0QXOPdw7LgtxvHz3UpaqW0jN24GaRZIP2g4zWYGNJiP/OSY+x8hom8Yvgf40Czk hhlFksLNljnQK/4iJ6CJF/4h6gRHtcIzP5quYp0QER0pBxnJG0eFHca9KiIFfLCrw6YL t5SQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1732288572; x=1732893372; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=p1op6WaQ6eSX7k/vlLsIm129sQQqpo51cEuN6bTvB8s=; b=exMuNxPk64A/UGxPEB4y4/S3jvXQPOIIFSa+vLIid5wyZ38WE//iGhTtnw7oW3hR37 LuYLa9M40YDvVA4fvvT5uspV51P1fcyMZDjAbfKNqG6VrjigeifzONbbadooYa62wXt8 RLheyCyaAYhW1Voz0qI5LhV95WQbPaJ1vn9rd+i0GzSzGO6GVG93wk8PkqHpE/wcdER0 Q5aKWLKJgnGMhW8ZJWAb5XR+2UI8CViQiaqsMzURpx7sRXMmr/8qtaQkJ3mQJUQEE0jq 6iMfzcj4C0OgG+JUtpW2gNgKjEg0cjh8MR801XGL3Mo9VlqxuyBPGMZeWectcx3IMDqv pgmA== X-Gm-Message-State: AOJu0YzHl+EsRP3RdzT/FFaJAxmi9vGFE2KihmhRb3EWP3XkkZOqNcZ0 il8EEAaUmw7W4nQfTQFAJ/Hjh/3LOuqAtFK+MqsQ8YODl2CG6JljoTN0fA== X-Gm-Gg: ASbGncuJ/1PPaWiNa3frxVJutfbVaxR4X9EaBYB3usZMRtnSIBzJpx8T+DnY5giw+8e 31KqTqrApNAg1cyJzptJ9T/v5zk4cA0LVp+wRCyv6SSOCTWWQIUZsZT14BYAxmypY9VWKYsEZhw Cul7fuz5tBB98O1lshY6Lp3neuT1AeNnnUp9sq7Qlwu6YkHUe4VC3hh0aw99gIJPUlBykVp3Gpv JxMqRpxP3xqFu3q6jySHGZp5MeLhNy6U4xuAaoCB/2qVhjwlqNjQyYEjMdg X-Google-Smtp-Source: AGHT+IHIv0rnOwSkHitp1/WmOxqr4CAzwu4SO4nAQhyjQABn+uFmUZ5Do61kQukuLJK5uU6P4kRYug== X-Received: by 2002:ad4:5ba9:0:b0:6d4:20fa:83f0 with SMTP id 6a1803df08f44-6d451358550mr44185146d6.41.1732288570466; Fri, 22 Nov 2024 07:16:10 -0800 (PST) Received: from LOCLAP699.localdomain ([152.193.78.90]) by smtp.gmail.com with ESMTPSA id 6a1803df08f44-6d451a9a720sm10722706d6.50.2024.11.22.07.16.09 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 22 Nov 2024 07:16:09 -0800 (PST) From: James Prestwood To: iwd@lists.linux.dev Cc: James Prestwood Subject: [PATCH 10/15] handshake: add handshake_state_remove_pmksa Date: Fri, 22 Nov 2024 07:15:46 -0800 Message-Id: <20241122151551.286355-11-prestwoj@gmail.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20241122151551.286355-1-prestwoj@gmail.com> References: <20241122151551.286355-1-prestwoj@gmail.com> Precedence: bulk X-Mailing-List: iwd@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 This is needed in order to clear the PMKSA from the handshake state without actually putting it back into the cache. This is something that will be needed in case the AP rejects the association due to an expired (or forgotten) PMKSA. --- src/handshake.c | 16 ++++++++++++++++ src/handshake.h | 1 + 2 files changed, 17 insertions(+) diff --git a/src/handshake.c b/src/handshake.c index a93143d1..f73f91d1 100644 --- a/src/handshake.c +++ b/src/handshake.c @@ -1280,3 +1280,19 @@ void handshake_state_cache_pmksa(struct handshake_state *s) if (L_WARN_ON(pmksa_cache_put(pmksa) < 0)) l_free(pmksa); } + +bool handshake_state_remove_pmksa(struct handshake_state *s) +{ + struct pmksa *pmksa; + + if (!s->have_pmksa) + return false; + + pmksa = handshake_state_steal_pmksa(s); + if (!pmksa) + return false; + + l_free(pmksa); + + return true; +} diff --git a/src/handshake.h b/src/handshake.h index cf7dc48c..e4a00531 100644 --- a/src/handshake.h +++ b/src/handshake.h @@ -310,6 +310,7 @@ int handshake_state_verify_oci(struct handshake_state *s, const uint8_t *oci, bool handshake_state_set_pmksa(struct handshake_state *s, struct pmksa *pmksa); void handshake_state_cache_pmksa(struct handshake_state *s); +bool handshake_state_remove_pmksa(struct handshake_state *s); bool handshake_util_ap_ie_matches(const struct ie_rsn_info *msg_info, const uint8_t *scan_ie, bool is_wpa); From patchwork Fri Nov 22 15:15:47 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: James Prestwood X-Patchwork-Id: 13883285 Received: from mail-qk1-f172.google.com (mail-qk1-f172.google.com [209.85.222.172]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 2BC581DF256 for ; Fri, 22 Nov 2024 15:16:12 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.222.172 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1732288574; cv=none; b=nX2EZ6Al5SJ5IqOxL5mcZt/bYKgedvuNAQu2S8yZ4fPwjTQo0XCX+kxnhEgcyqaV7sOXf30Jqtlm8vmkQSgDuzbfPz0Cgu9ETpgPA2gXMSe8yjYl1B5W9fEMqIIJlXCzqa73UORpC9L5Qd3zS69myqfQ42m1ZY9MSAOD1hYUswQ= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1732288574; c=relaxed/simple; bh=t0edp6TmEPXhr84a55bPQVEMNChrrlAbVIBX/0QfKNo=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=nOmslDdzy/Q8DKh2ogKSnV9ljNNCnaPX8lvNWBqNrjHhqE5gB4D9TRJ9f9ppqcC5J8/y7LCpWZwqpp13GfjIPsR/kGfCIqCTPQXKeFDc31iz/HjCw92WBJ+KFIJx/QeG78RxZ6hcKIcABOX4oEBhEihdYEw5+UJiaVFSGqSm3io= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=OfQB91XA; arc=none smtp.client-ip=209.85.222.172 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="OfQB91XA" Received: by mail-qk1-f172.google.com with SMTP id af79cd13be357-7b1434b00a2so134301185a.0 for ; Fri, 22 Nov 2024 07:16:12 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1732288572; x=1732893372; darn=lists.linux.dev; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=4jbefqhtIlzzufaPAwsPs/PIphvpcMtoy2neMRUjSUQ=; b=OfQB91XA6fy74vZrYuq3gbfF1s6cKo3Uz/o8/H0wZX0Ajlti+Ze4R4V2o1f6d1LJ06 y8/XKTfjxudKAtesN/WPfv5BSM+69XH/sGWq2uMIreY4XG1BJQM253Ig7uHqQ6PEdEBu lW8QbJHnnseZNHhFbWlXqo4/AsCb618ub6b+8MeSXSoj1FeBH57BRZyb4to9mCj6JHjL 2PpclYHSwrY1ouDIpCEn75pTme1ZScS62RvzPH4U4ZjD2ipAZ/zKh3AibyKEkrM/x700 Yt1TC61NoaniB2wx1+YTQVXk/5C8hBAKIirQEqssGqySFegXI3jm0eYA1p5yCz+HtQGE Pmcg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1732288572; x=1732893372; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=4jbefqhtIlzzufaPAwsPs/PIphvpcMtoy2neMRUjSUQ=; b=wnPQ79BvO3F0P+yNvDZSzIbLeIHnC9En7GMTl6jl4lv6CIyZqOgIrm51bWgGBgET1u i83itaHEKUtm/Vc0cQGg3w8Wekz96Hk3DyrSWSST7gEKDdAMqM2JnFKFU5WyXyXSohfH eEnMH5/prZRU9rHiM1ME0+ptOSe7mi7Nb4RT96EsYPJmZ8ox4qEzTgno8qEyRxFTq/6K HVMLH0RaYbksF/UHCQ8rGybTqtsxuZ0c4IcdfzbCqzIRkjvtwHcKKnNajOxYq8eXhy0l sK//f+6jmqOX5mr3eepoM18V/sT/lvjJnEG3+C6s/AZXiTASUPowxFDG7gbGEFt7wWOj c9aQ== X-Gm-Message-State: AOJu0Yy5kzyj7qFZIo0S0Opvg3xGQeJPY7QKQtIcyGUAg2CrRLC2pqea O+YgI9Zxs44LUU2siY4CMFazN+horRbqGpjdlUc6PfCfBvIO5zQsFBaXyQ== X-Gm-Gg: ASbGncvRjjSOiFyRbrNSIczb2T7q01KSUFs7PDO9aPev/rt8CTnVJ6fwp4UWp7g7soF fOnWP9Yfb++H/jmaeO7RePehTQXLfoEXLDwfV9tpTUZoETZymjhuKlYWorJQhidmpA40AGOO4RL iEiikjy/kCsOm1jp/QeWY65Hj4/pMbIpWLDec34oBBSe7f+ddWXrE34HuDsiVqhWkVdmdvPVKqi i37+wpTTihcvF3js6HKlsntUdpKBXmjI0bHqR6+JDiJLNtKHWBQEKzfCZaI X-Google-Smtp-Source: AGHT+IHFLHiJtD7CqUZRAblar/5Udr8iooyFHEcsC9ojubVOEql5xtmFyGJ9kDXpA0lGP/QT8jxRIg== X-Received: by 2002:a05:6214:27cd:b0:6d4:246a:735a with SMTP id 6a1803df08f44-6d451378123mr53169506d6.45.1732288571651; Fri, 22 Nov 2024 07:16:11 -0800 (PST) Received: from LOCLAP699.localdomain ([152.193.78.90]) by smtp.gmail.com with ESMTPSA id 6a1803df08f44-6d451a9a720sm10722706d6.50.2024.11.22.07.16.10 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 22 Nov 2024 07:16:11 -0800 (PST) From: James Prestwood To: iwd@lists.linux.dev Cc: James Prestwood Subject: [PATCH 11/15] netdev: add support to use PMKSA over SAE if available Date: Fri, 22 Nov 2024 07:15:47 -0800 Message-Id: <20241122151551.286355-12-prestwoj@gmail.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20241122151551.286355-1-prestwoj@gmail.com> References: <20241122151551.286355-1-prestwoj@gmail.com> Precedence: bulk X-Mailing-List: iwd@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 This was quite simple and only requiring caching the PMKSA after a successful handshake, and using the correct authentication type for connections if we have a prior PMKSA cached. This is only being added for initial SAE associations for now since this is where we gain the biggest improvement, in addition to the requirement by the WiFi alliance to label products as "WPA3 capable" --- src/netdev.c | 26 +++++++++++++++++++++++++- 1 file changed, 25 insertions(+), 1 deletion(-) diff --git a/src/netdev.c b/src/netdev.c index 4dccb78a..02496c92 100644 --- a/src/netdev.c +++ b/src/netdev.c @@ -65,6 +65,7 @@ #include "src/frame-xchg.h" #include "src/diagnostic.h" #include "src/band.h" +#include "src/pmksa.h" #ifndef ENOTSUPP #define ENOTSUPP 524 @@ -1517,6 +1518,8 @@ static void try_handshake_complete(struct netdev_handshake_state *nhs) l_debug("Invoking handshake_event()"); + handshake_state_cache_pmksa(&nhs->super); + if (handshake_event(&nhs->super, HANDSHAKE_EVENT_COMPLETE)) return; @@ -2458,7 +2461,19 @@ static struct l_genl_msg *netdev_build_cmd_connect(struct netdev *netdev, { struct netdev_handshake_state *nhs = l_container_of(hs, struct netdev_handshake_state, super); - uint32_t auth_type = IE_AKM_IS_SAE(hs->akm_suite) ? + /* + * Choose Open system auth type if PMKSA caching is used for an SAE AKM: + * + * IEEE 802.11-2020 Table 9-151 + * - SAE authentication: + * 3 (SAE) for SAE Authentication + * 0 (open) for PMKSA caching + * - FT authentication over SAE: + * 3 (SAE) for FT Initial Mobility Domain Association + * 0 (open) for FT Initial Mobility Domain Association over + * PMKSA caching + */ + uint32_t auth_type = IE_AKM_IS_SAE(hs->akm_suite) && !hs->have_pmksa ? NL80211_AUTHTYPE_SAE : NL80211_AUTHTYPE_OPEN_SYSTEM; enum mpdu_management_subtype subtype = prev_bssid ? @@ -4027,6 +4042,15 @@ static void netdev_connect_common(struct netdev *netdev, goto done; } + /* + * If SAE, and we have a valid PMKSA cache we can skip the entire SAE + * protocol and authenticate using the cached keys. + */ + if (IE_AKM_IS_SAE(hs->akm_suite) && hs->have_pmksa) { + l_debug("Skipping SAE by using PMKSA cache"); + goto build_cmd_connect; + } + if (!IE_AKM_IS_SAE(hs->akm_suite) || nhs->type == CONNECTION_TYPE_SAE_OFFLOAD) goto build_cmd_connect; From patchwork Fri Nov 22 15:15:48 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: James Prestwood X-Patchwork-Id: 13883287 Received: from mail-qv1-f48.google.com (mail-qv1-f48.google.com [209.85.219.48]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 7DCF91DF27E for ; Fri, 22 Nov 2024 15:16:14 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.219.48 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1732288576; cv=none; b=QQt61RqnK3nmoOUCv1u7eBSFgVAckAg750BNhqvsCqivIeLPSTRCo3YkIZOcCaK2zRvPHKNf/edkMr3w0t5cImDGxHvyDhKtHPDroQtdqTv2ArT3FYIsXA/sMD1Ca6mpcqgXlwlAfeuoIFWLYI7lcvP3gAGJfQKAQeuTyzaPZ0w= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1732288576; c=relaxed/simple; bh=zrMZF1KWO93JDNcBPSsnDLOcds00UlA1nFhqaowfTs8=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=WVIZmDVGS6hELM+LG7L0egMm+wyR3iDWKUfKKeTLQ/nBoS5sdrXhZWubdVfBASLxTMarSM5mbEp5I8hQTpZvLsN+0F6TeJ7DBBQQYBjQBqC9Tj1oqmTDgIx3+dBoqXxNxh0OnafH67UAapMuCZweoZQMsZmi5/Ka37RALfAYjKw= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=bU1cnser; arc=none smtp.client-ip=209.85.219.48 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="bU1cnser" Received: by mail-qv1-f48.google.com with SMTP id 6a1803df08f44-6d41176505fso19058786d6.2 for ; Fri, 22 Nov 2024 07:16:14 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1732288573; x=1732893373; darn=lists.linux.dev; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=5j//uCjCp/01QAwP2eyAX/It1NsC6Kx58kuQzSAfbLI=; b=bU1cnserdV1DIocmm1KUx3WWleJC4r/n4fpKaXjqC0fMf1SKcDhEyMPgbsdgjOnqdo iagePjUMwexeR4kq8kurO/csG17zFJm3+noRqnihFEiU3bAukqdFixOPPGJDC0orspOU 7Umtt3aXYw3JY3w55MX3Rs/HO9gljSZSM/DnCP4awE+LIXRcuttZeD6bZjhayH1JtPrR igndPDe2mpL1P1yS+ZDNB0OHubLRnOimz3R0sxI/1E41xdJtTD0EvCznzeO84S7nJ0Z5 nfTZT0JgIvSY1RbjYowNBfNmKiITUZGvw4HWApYQfCkjewOl2YYqu63R7Rg6Qzaq0HF8 LagA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1732288573; x=1732893373; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=5j//uCjCp/01QAwP2eyAX/It1NsC6Kx58kuQzSAfbLI=; b=SCEYctNl7vU0F0KdGZOauVNVqVucgEdkRRt4B93uiiG7uDrtiNSGiv/uYh7OLYYDst oc1E99Wyn5Y2O2xny2ydTnayRRXle3WBDyWgmkBtlmiGJjFfQdt/4jE4qGW8f2ZAAczD H040R/kxOwwpQ0njtZOGiTi1QshR8ln8bipeNg7XV0kZVFXlDVGCahotAZJZLfeXWARA 4IzpG5fezFfu58BSnLcnGoTXrzzQOWsKebnolWE+NseUPN22omWY7QxLHd6HBKphvreF rDAzcRY7eIrixT3rhHTlDIZ3YxNN77+Tp481sMN1peVyg/86BKeKmd/HtwHl+M6Bd/zE LJSQ== X-Gm-Message-State: AOJu0YxZwWIyeQwLkJJ6SJkOM7nocqNHV46H3ajq2jTykvx10A7FTKpn RGIuGHKdEq7ZuBPbTxYDaaveKDBlquc8C1TZ9MmVY/uNsXERZdv1Vi5/tw== X-Gm-Gg: ASbGncuK39aBF6aezNWoqN2gzUAijXjqPidr3kjoVsza0iSfqRmUZUj+UzH/EyU1bFc FKC/c4S9WZPeVWIhVH2QTh7XMkIVUQeNIKjfDTNtiwHA3hKls3wsksamea5IjNxljN6idr9dE/R Ai/9spWNsnAvS4JdFQp2DagUwyyo9ymKbUvTsEA3Rxw/o9DYDhWB8O93XOYYakBP/Cl8JXx0T5J GaDXdHgAk1shhtuRguJ1pVAFUAbpmEiYTO7EJTOZUgN5EbADm07pEHjqkMC X-Google-Smtp-Source: AGHT+IE9l1t6rg+RRXulLnlBKxKJAqwutpFnEjC4/iFXlk5I5xZzRqGbZeikX7OiFwmNN12So0VEcg== X-Received: by 2002:a05:6214:5183:b0:6d4:ca5:7bfb with SMTP id 6a1803df08f44-6d450e6d219mr50686256d6.9.1732288573054; Fri, 22 Nov 2024 07:16:13 -0800 (PST) Received: from LOCLAP699.localdomain ([152.193.78.90]) by smtp.gmail.com with ESMTPSA id 6a1803df08f44-6d451a9a720sm10722706d6.50.2024.11.22.07.16.11 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 22 Nov 2024 07:16:12 -0800 (PST) From: James Prestwood To: iwd@lists.linux.dev Cc: James Prestwood Subject: [PATCH 12/15] station: hold reference to handshake object Date: Fri, 22 Nov 2024 07:15:48 -0800 Message-Id: <20241122151551.286355-13-prestwoj@gmail.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20241122151551.286355-1-prestwoj@gmail.com> References: <20241122151551.286355-1-prestwoj@gmail.com> Precedence: bulk X-Mailing-List: iwd@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 To prepare for PMKSA support station needs access to the handshake object. This is because if PMKSA fails due to an expired/missing PMKSA on the AP station should retry using the standard association. This poses a problem currently because netdev frees the handshake prior to calling the connect callback. --- src/station.c | 28 ++++++++++++++++++++++++++++ 1 file changed, 28 insertions(+) diff --git a/src/station.c b/src/station.c index c1c7ba9d..09193eed 100644 --- a/src/station.c +++ b/src/station.c @@ -135,6 +135,8 @@ struct station { unsigned int affinity_watch; char *affinity_client; + struct handshake_state *hs; + bool preparing_roam : 1; bool roam_scan_full : 1; bool signal_low : 1; @@ -1771,6 +1773,11 @@ static void station_enter_state(struct station *station, station->affinity_watch = 0; } + if (station->hs) { + handshake_state_unref(station->hs); + station->hs = NULL; + } + break; case STATION_STATE_DISCONNECTING: case STATION_STATE_NETCONFIG: @@ -2487,6 +2494,9 @@ static void station_preauthenticate_cb(struct netdev *netdev, handshake_state_unref(new_hs); station_roam_failed(station); } + + handshake_state_unref(station->hs); + station->hs = handshake_state_ref(new_hs); } static void station_transition_start(struct station *station); @@ -2691,6 +2701,9 @@ static bool station_try_next_transition(struct station *station, return false; } + handshake_state_unref(station->hs); + station->hs = handshake_state_ref(new_hs); + return true; } @@ -3721,6 +3734,15 @@ int __station_connect_network(struct station *station, struct network *network, struct handshake_state *hs; int r; + /* + * If we already have a handshake_state ref this is due to a retry, + * unref that now + */ + if (station->hs) { + handshake_state_unref(station->hs); + station->hs = NULL; + } + if (station->netconfig && !netconfig_load_settings( station->netconfig, network_get_settings(network))) @@ -3747,6 +3769,7 @@ int __station_connect_network(struct station *station, struct network *network, station->connected_bss = bss; station->connected_network = network; + station->hs = handshake_state_ref(hs); if (station->state != state) station_enter_state(station, state); @@ -5039,6 +5062,11 @@ static void station_free(struct station *station) l_queue_destroy(station->owe_hidden_scan_ids, NULL); } + if (station->hs) { + handshake_state_unref(station->hs); + station->hs = NULL; + } + station_roam_state_clear(station); l_queue_destroy(station->networks_sorted, NULL); From patchwork Fri Nov 22 15:15:49 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: James Prestwood X-Patchwork-Id: 13883288 Received: from mail-qk1-f174.google.com (mail-qk1-f174.google.com [209.85.222.174]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 7EE801DF99E for ; Fri, 22 Nov 2024 15:16:15 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.222.174 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1732288577; cv=none; b=t9JbQiGOfKDnRuPr3YkM883He23wX8gE+BnguUm01arsa1bzNFRk3zZjg0O9n+eoNi2kuqIhboosXeAxqhNcagNRL5aPhciredaSL0cD/Hq+15WLQy34AhDOAclKw72lPrwpMNkeQpXE3SRiQ8LelM413s8gFXzxN5GYa4iz3Ow= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1732288577; c=relaxed/simple; bh=OWTe4bcMifh1PpNVFFL5ewEB+HErvlf7qJPYQvhLI1U=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=Vsc8Bld85DjdCoad+5yaR7OBiHwZPKiPlj6pDZk/rmUeswjo1pVj9J8WMDaYAwVMDBvRHk1ZwaLjqhFsWdXsvZ++ccsb6N1bkQ0CzQDkhoJ6DgjYCm3XbOQmoZTlf3bp92beK5wnXYcz3pnQh0aN1d8omYVH09NnjhAhAxce9yg= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=JHQBAL+Q; arc=none smtp.client-ip=209.85.222.174 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="JHQBAL+Q" Received: by mail-qk1-f174.google.com with SMTP id af79cd13be357-7b154f71885so144395985a.0 for ; Fri, 22 Nov 2024 07:16:15 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1732288574; x=1732893374; darn=lists.linux.dev; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=vsa58RXp9lDeRDF1l2cBmiNv/WDJwW0rSNFj1Jebv68=; b=JHQBAL+QrDfiso/uAVGSkl9v4f6gxF7WwyVgOYX7NNc5/7eWxzguIoUKevxtCWMzMJ +eC4tOBZ6fk62nOI/tp/kgzw2ukhILTTfW8tLlF8MlTbgKpPNcR1+v2yclr/ZGlLiF/2 V++XjCX1BONOXqYwvBUKHXohaS3TlRHOhgP6ERfZ3e24iV5QsM3XE0y1Ekn5/bzNhWNY bymxIOnNBuwPbtzbclUlX2KJMnBU71520ZPp31CPW2p6WhcfNn7l5+DkdnpgxxLHBC4Y cMOtOQB9NeMNgTApd7WcURIZXfxN6+mX0iPraaFVxa5nLzEbqDLrKOJlSrANY6Vtr+fD NTgg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1732288574; x=1732893374; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=vsa58RXp9lDeRDF1l2cBmiNv/WDJwW0rSNFj1Jebv68=; b=sFGS/9tBhMHsvlTQlAdsNVO08ZELKD9q0+of+csxWI0yl0S6CEmS2MbUM6Ae50GQ0z uy6Ox9EkBes5Xc7F3KLBlgE4En11TF4/iyZ2gUj23g52vTyAS+Nt2I/R0bBtGOIOx/HS Lv8kX81V4t/VOOFYrucr2mM1HwbY+GjLVPmOk1I+l7MDY31eGrWeLuslnMzHPJ3Fj08c vJ0Ecf2WR490l9UcxAUhLjdonw1nLUiIyVYUC/Ku1iiLp+GqzwNmM0JKMfNFFKQldzCA XbW3o7sd2ir5o3dXIDJNcmTWG2SC/9vwyzcfLD3Rk1ShOGtxOk3Snbh3ODm6DsjFqst/ 1GxQ== X-Gm-Message-State: AOJu0Yz760IJkTPv0tg/SZHmkVhdf9KNYBiCYxeleB24KtX+QibDurOy pRfuAUVI2Cv1Cw5nvAnWCIg2SrUIDPNUoQRGr/RfO7sQWsg19Ez4X/Mwuw== X-Gm-Gg: ASbGncvq31HdiFi1JOo7sNA1DSGacG/2R2sbnsb5VpmYLtYM8ia4NbEijwHdI390CJ3 gd53RQX5ZFoqv3GETpOisP3H/bjkODJT8ddjSiveInKALnU2UurypevQVJB34fmOBzx3VB2+aCR mgHb/lhqEHTnF8rBfSGSj1ZbYdRJH/bQemAy8Wb1miyGM6yVr0VKLcwQy741lOLlQOmOWBYthpv aKaf5xiQY6m9ry6P5F/xYJ020q30CFHhfXp70ZyZiSr5Er+sN9ThbpyCz7/ X-Google-Smtp-Source: AGHT+IGy4ViIbSXCdTsvshx/bRK/8/jQuXWcIJQF7nznwFDLV4WiNQM19sDSY/BtyKa+9f9SMwm6KQ== X-Received: by 2002:a05:6214:19c6:b0:6d4:e46:b438 with SMTP id 6a1803df08f44-6d450eed1edmr51696686d6.23.1732288574199; Fri, 22 Nov 2024 07:16:14 -0800 (PST) Received: from LOCLAP699.localdomain ([152.193.78.90]) by smtp.gmail.com with ESMTPSA id 6a1803df08f44-6d451a9a720sm10722706d6.50.2024.11.22.07.16.13 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 22 Nov 2024 07:16:13 -0800 (PST) From: James Prestwood To: iwd@lists.linux.dev Cc: James Prestwood Subject: [PATCH 13/15] station: support PMKSA connections Date: Fri, 22 Nov 2024 07:15:49 -0800 Message-Id: <20241122151551.286355-14-prestwoj@gmail.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20241122151551.286355-1-prestwoj@gmail.com> References: <20241122151551.286355-1-prestwoj@gmail.com> Precedence: bulk X-Mailing-List: iwd@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 The actual connection piece of this is very minimal, and only requires station to check if there is a PMKSA cached, and if so include the PMKID in the RSNE. Netdev then takes care of the rest. The remainder of this patch is the error handling if a PMKSA connection fails with INVALID_PMKID. In this case IWD should retry the same BSS without PMKSA. An option was also added to disable PMKSA if a user wants to do that. In theory PMKSA is actually less secure compared to SAE so it could be something a user wants to disable. Going forward though it will be enabled by default as its a requirement from the WiFi alliance for WPA3 certification. --- src/station.c | 54 ++++++++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 53 insertions(+), 1 deletion(-) diff --git a/src/station.c b/src/station.c index 09193eed..5403c332 100644 --- a/src/station.c +++ b/src/station.c @@ -63,6 +63,7 @@ #include "src/eap.h" #include "src/eap-tls-common.h" #include "src/storage.h" +#include "src/pmksa.h" #define STATION_RECENT_NETWORK_LIMIT 5 #define STATION_RECENT_FREQS_LIMIT 5 @@ -78,6 +79,7 @@ static bool supports_drop_gratuitous_arp; static bool supports_drop_unsolicited_na; static bool supports_ipv4_drop_unicast_in_l2_multicast; static bool supports_ipv6_drop_unicast_in_l2_multicast; +static bool pmksa_disabled; static struct watchlist event_watches; static uint32_t known_networks_watch; static uint32_t allowed_bands; @@ -1157,6 +1159,7 @@ static int station_build_handshake_rsn(struct handshake_state *hs, struct network *network, struct scan_bss *bss) { + struct netdev *netdev = netdev_find(hs->ifindex); const struct l_settings *settings = iwd_get_config(); enum security security = network_get_security(network); bool add_mde = false; @@ -1167,6 +1170,7 @@ static int station_build_handshake_rsn(struct handshake_state *hs, uint8_t *ap_ie; bool disable_ocv; enum band_freq band; + struct pmksa *pmksa; memset(&info, 0, sizeof(info)); @@ -1300,6 +1304,17 @@ build_ie: IE_CIPHER_IS_GCMP_CCMP(info.pairwise_ciphers)) info.extended_key_id = true; + if (IE_AKM_IS_SAE(info.akm_suites) && !pmksa_disabled) { + pmksa = pmksa_cache_get(netdev_get_address(netdev), bss->addr, + bss->ssid, bss->ssid_len, + info.akm_suites); + if (pmksa) { + handshake_state_set_pmksa(hs, pmksa); + info.num_pmkids = 1; + info.pmkids = hs->pmksa->pmkid; + } + } + /* RSN takes priority */ if (bss->rsne) { ap_ie = bss->rsne; @@ -3391,6 +3406,39 @@ try_next: return station_try_next_bss(station); } +static bool station_pmksa_fallback(struct station *station, uint16_t status) +{ + /* + * IEEE 802.11-2020 12.6.10.3 Cached PMKSAs and RSNA key management + * + * "If the Authenticator does not have a PMKSA for the PMKIDs in the + * (re)association request or the AKM does not match, its behavior + * depends on how the PMKSA was established. If SAE authentication was + * used to establish the PMKSA, then the AP shall reject (re)association + * by sending a (Re)Association Response frame with status code + * STATUS_INVALID_PMKID. Note that this allows the non-AP STA to fall + * back to full SAE authentication to establish another PMKSA" + */ + if (status != MMPDU_STATUS_CODE_INVALID_PMKID) + return false; + + if (L_WARN_ON(!station->hs)) + return false; + + if (!IE_AKM_IS_SAE(station->hs->akm_suite) || !station->hs->have_pmksa) + return false; + + /* + * Remove the PMKSA from the handshake and return true to re-try the + * same BSS without PMKSA. + */ + handshake_state_remove_pmksa(station->hs); + + station_debug_event(station, "pmksa-invalid-pmkid"); + + return true; +} + /* A bit more concise for trying to fit these into 80 characters */ #define IS_TEMPORARY_STATUS(code) \ ((code) == MMPDU_STATUS_CODE_DENIED_UNSUFFICIENT_BANDWIDTH || \ @@ -3414,7 +3462,7 @@ static bool station_retry_with_status(struct station *station, if (IS_TEMPORARY_STATUS(status_code)) network_blacklist_add(station->connected_network, station->connected_bss); - else + else if (!station_pmksa_fallback(station, status_code)) blacklist_add_bss(station->connected_bss->addr); iwd_notice(IWD_NOTICE_CONNECT_FAILED, "status: %u", status_code); @@ -5830,6 +5878,10 @@ static int station_init(void) &anqp_disabled)) anqp_disabled = true; + if (!l_settings_get_bool(iwd_get_config(), "General", "DisablePMKSA", + &pmksa_disabled)) + pmksa_disabled = false; + if (!netconfig_enabled()) l_info("station: Network configuration is disabled."); From patchwork Fri Nov 22 15:15:50 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: James Prestwood X-Patchwork-Id: 13883290 Received: from mail-qv1-f53.google.com (mail-qv1-f53.google.com [209.85.219.53]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 0ECA41DF99D for ; Fri, 22 Nov 2024 15:16:16 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.219.53 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1732288579; cv=none; b=mfTaIBXOnZhW++6KS8h6Mx683I7QoVrgATwYLtCEkFMexRMG0SLzsh6Bg22cSiBOa6JasbL2FLwRnUMZzutRDhge5esdMH1h9Gu9dTEfVMoxWxtI0b57CpXK3fDwJhYZBVr5qVbqfWea2KCbqXQV+1nsJatFvIydLC8tUhX5x9U= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1732288579; c=relaxed/simple; bh=V15vIXSFqTi9eUGPQNCm/rL44+++70q67n/coRZUT8E=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=SpYaPzL8Rm/Uxd5qiOA81vEy2dTn/G/Mt9prxRVdjGGJUR3JB9DgTeUIrgLQ7VO5lw7DpQUhSj/V205zcCBSOSIPbeII5zGUUeu6Y812KC6BpFuLdcXeb1dDuzKeSUUOjbok3qHRPjRPiaq2SERkxoobb6Pz5qEzm4QYWpd+E7s= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=IwnALOcO; arc=none smtp.client-ip=209.85.219.53 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="IwnALOcO" Received: by mail-qv1-f53.google.com with SMTP id 6a1803df08f44-6d41b209858so14056836d6.3 for ; Fri, 22 Nov 2024 07:16:16 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1732288576; x=1732893376; darn=lists.linux.dev; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=vIAtRXiuA39aotQB1LBrlxaBLkR6j8CfBnDzIygHkq0=; b=IwnALOcOBU9j4ksfDO66JfJLpqCyNBD85Y7p4mCDjJrNG+L4QBPc6pN9A2N6C4AAnq 5ndoi2DfgPf6M0LwoZArYCJn8HI6pkar1Agtj0hZJl7quEuIkP4hqabUOiVUkuBJvHfk B9NJepUdnw5GLqnn+0uIUObdnk8BDkPBYoCFQvo6pgEHPTfSlwmfnYDQdqudodcIEgq4 Kwpx+HgigS6/nPBy7C+2DZjEg+s0OzG2h5zI742vBL2kr5g5GspIG2G1PDQ8yZhJAQJA F3YH2GE2x+d3GL4rkShHz/J+f73OBkRcoE5TRnlqyLlnoEx91uoc9rpF943wWPq/BmMG ZJKQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1732288576; x=1732893376; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=vIAtRXiuA39aotQB1LBrlxaBLkR6j8CfBnDzIygHkq0=; b=s5OwjtLehftNaonjCrMK8wUWvCAv4hAcFlkI9hWAZI+DphwM/F9IV3HfgYg7fzeseQ hO9i1VYz2YmyGqcRsmRkOGTN05Tk5ZNM0ugRa60BHD8Ol3k9bhsRVkWiWVrtEbJrXb51 ZOfIW698v7j2KcbFS8JfWb5+JSf2cYB1Bu6BZ1cGiuyVr1pE9sSTOw5eH7fDmKcndXyb p5lViTiMTSqawVdh5TbeFddyhV48uZ7MFlur0cKdosjJGeuJrTxsyUrifr+DHMQbvNGT M3CCOCoPQrStaXhHmF0HcksaNa0hnJOEqnpySGPadflCf+V9yX6Ma4Fba43XPsEvaTXJ qzOQ== X-Gm-Message-State: AOJu0YwKyAnBGRrA//8nwsEOI6A56DAJalBThg1t+N/+xZSOThKgebwV RJ1HlkmU2Qa8uR20DO3jqZdH7KNS1QBn9hSKI6obRljwr+PiYusZOrrv/Q== X-Gm-Gg: ASbGncsoRdkQF4BOQjtRSCoabQyLnBYY2TPmwm061YuXszikgGYmZAFqDvaMDYwe2w/ 3Ab6tr1L02+s/knzU7bM+WUx37sI4AzyTcJUv+47ZyyU/U8FPownbMLmz19qIStXQGuC/vCMrDj 7tRgCqu2dOYgxHFtwUMfEwrjSEIpn4r3vwgG7L7G8TD8/S/q2qveyZwPRbyA5SfjlSOd7WdsZWG ODMsgIStIrcbXQF3VZ76OM6naYPUDr1SdKhNVPDsCuK79x+uIr5iknRWva4 X-Google-Smtp-Source: AGHT+IGu4YOQuIuF8VujRnf7BxT/a4RGwFDbk7X1OvywLrt2BzrDc3dlkjKgjU7kfIDDL9Ku+aMxhQ== X-Received: by 2002:ad4:5968:0:b0:6d4:18ce:1188 with SMTP id 6a1803df08f44-6d450adf014mr54050296d6.0.1732288575622; Fri, 22 Nov 2024 07:16:15 -0800 (PST) Received: from LOCLAP699.localdomain ([152.193.78.90]) by smtp.gmail.com with ESMTPSA id 6a1803df08f44-6d451a9a720sm10722706d6.50.2024.11.22.07.16.14 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 22 Nov 2024 07:16:15 -0800 (PST) From: James Prestwood To: iwd@lists.linux.dev Cc: James Prestwood Subject: [PATCH 14/15] auto-t: add PMKSA tests Date: Fri, 22 Nov 2024 07:15:50 -0800 Message-Id: <20241122151551.286355-15-prestwoj@gmail.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20241122151551.286355-1-prestwoj@gmail.com> References: <20241122151551.286355-1-prestwoj@gmail.com> Precedence: bulk X-Mailing-List: iwd@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Adds a test for just PMKSA and testing expiration as well as includes some PMKSA tests in the SAE roaming test to ensure FT/reassociation works. --- autotests/testPMKSA-SAE/connection_test.py | 114 +++++++++++++++++++++ autotests/testPMKSA-SAE/hw.conf | 7 ++ autotests/testPMKSA-SAE/ssidSAE.conf | 12 +++ autotests/testSAE-roam/connection_test.py | 60 ++++++++++- 4 files changed, 192 insertions(+), 1 deletion(-) create mode 100644 autotests/testPMKSA-SAE/connection_test.py create mode 100644 autotests/testPMKSA-SAE/hw.conf create mode 100644 autotests/testPMKSA-SAE/ssidSAE.conf diff --git a/autotests/testPMKSA-SAE/connection_test.py b/autotests/testPMKSA-SAE/connection_test.py new file mode 100644 index 00000000..5bab3ff8 --- /dev/null +++ b/autotests/testPMKSA-SAE/connection_test.py @@ -0,0 +1,114 @@ +#!/usr/bin/python3 + +import unittest +import sys + +sys.path.append('../util') +from iwd import IWD +from iwd import PSKAgent +from iwd import NetworkType +from hostapd import HostapdCLI +import testutil + +class Test(unittest.TestCase): + + def validate_connection(self, wd, ssid, hostapd, expected_group): + psk_agent = PSKAgent("secret123") + wd.register_psk_agent(psk_agent) + + devices = wd.list_devices(1) + self.assertIsNotNone(devices) + device = devices[0] + + device.disconnect() + + network = device.get_ordered_network(ssid, full_scan=True) + + self.assertEqual(network.type, NetworkType.psk) + + network.network_object.connect() + + condition = 'obj.state == DeviceState.connected' + wd.wait_for_object_condition(device, condition) + + wd.wait(2) + + testutil.test_iface_operstate(intf=device.name) + testutil.test_ifaces_connected(if0=device.name, if1=hostapd.ifname) + + # Initial connection PMKSA should not be used. So we should see the + # SAE group set. + sta_status = hostapd.sta_status(device.address) + self.assertEqual(int(sta_status["sae_group"]), expected_group) + + device.disconnect() + + condition = 'not obj.connected' + wd.wait_for_object_condition(network.network_object, condition) + + wd.unregister_psk_agent(psk_agent) + + network.network_object.connect(wait=False) + + condition = 'obj.state == DeviceState.connected' + wd.wait_for_object_condition(device, condition) + + wd.wait(2) + + testutil.test_iface_operstate(intf=device.name) + testutil.test_ifaces_connected(if0=device.name, if1=hostapd.ifname) + + # Having connected once prior we should have a PMKSA and SAE should not + # have been used. + sta_status = hostapd.sta_status(device.address) + self.assertNotIn("sae_group", sta_status.keys()) + + device.disconnect() + + condition = 'not obj.connected' + wd.wait_for_object_condition(network.network_object, condition) + + hostapd.pmksa_flush() + + wd.wait(5) + + network.network_object.connect() + + device.wait_for_event("pmksa-invalid-pmkid") + + condition = 'obj.state == DeviceState.connected' + wd.wait_for_object_condition(device, condition) + + wd.wait(2) + + testutil.test_iface_operstate(intf=device.name) + testutil.test_ifaces_connected(if0=device.name, if1=hostapd.ifname) + + # Manually flushing the PMKSA from the AP then reconnecting we should + # have failed (INVALID_PMKID) then retried the same BSS with SAE, not + # PMKSA. + sta_status = hostapd.sta_status(device.address) + self.assertEqual(int(sta_status["sae_group"]), expected_group) + + def test_pmksa_sae(self): + self.hostapd.wait_for_event("AP-ENABLED") + self.validate_connection(self.wd, "ssidSAE", self.hostapd, 19) + + def setUp(self): + self.hostapd.default() + self.wd = IWD(True) + + def tearDown(self): + self.wd.clear_storage() + self.wd = None + + @classmethod + def setUpClass(cls): + cls.hostapd = HostapdCLI(config='ssidSAE.conf') + + @classmethod + def tearDownClass(cls): + pass + +if __name__ == '__main__': + unittest.main(exit=True) diff --git a/autotests/testPMKSA-SAE/hw.conf b/autotests/testPMKSA-SAE/hw.conf new file mode 100644 index 00000000..72b161b8 --- /dev/null +++ b/autotests/testPMKSA-SAE/hw.conf @@ -0,0 +1,7 @@ +[SETUP] +num_radios=2 +start_iwd=0 +hwsim_medium=yes + +[HOSTAPD] +rad0=ssidSAE.conf diff --git a/autotests/testPMKSA-SAE/ssidSAE.conf b/autotests/testPMKSA-SAE/ssidSAE.conf new file mode 100644 index 00000000..377646b2 --- /dev/null +++ b/autotests/testPMKSA-SAE/ssidSAE.conf @@ -0,0 +1,12 @@ +hw_mode=g +channel=1 +ssid=ssidSAE + +wpa=2 +wpa_key_mgmt=SAE +wpa_pairwise=CCMP +sae_password=secret123 +sae_groups=19 +ieee80211w=2 +sae_pwe=0 +rsn_preauth=1 diff --git a/autotests/testSAE-roam/connection_test.py b/autotests/testSAE-roam/connection_test.py index ca7234a6..718bfd77 100644 --- a/autotests/testSAE-roam/connection_test.py +++ b/autotests/testSAE-roam/connection_test.py @@ -13,7 +13,7 @@ import testutil from config import ctx class Test(unittest.TestCase): - def validate_connection(self, wd, ft=True): + def validate_connection(self, wd, ft=True, check_used_pmksa=False): device = wd.list_devices(1)[0] # This won't guarantee all BSS's are found, but at least ensures that @@ -37,6 +37,14 @@ class Test(unittest.TestCase): self.assertRaises(Exception, testutil.test_ifaces_connected, (self.bss_hostapd[1].ifname, device.name, True, True)) + # If PMKSA was used, hostapd should not include the sae_group key in + # its status for the station. + sta_status = self.bss_hostapd[0].sta_status(device.address) + if check_used_pmksa: + self.assertNotIn("sae_group", sta_status.keys()) + else: + self.assertIn("sae_group", sta_status.keys()) + device.roam(self.bss_hostapd[1].bssid) # Check that iwd is on BSS 1 once out of roaming state and doesn't @@ -88,6 +96,31 @@ class Test(unittest.TestCase): self.validate_connection(wd, True) + def test_ft_roam_pmksa(self): + wd = IWD(True) + + self.bss_hostapd[0].set_value('wpa_key_mgmt', 'FT-SAE SAE') + self.bss_hostapd[0].reload() + self.bss_hostapd[0].wait_for_event("AP-ENABLED") + self.bss_hostapd[1].set_value('wpa_key_mgmt', 'FT-SAE SAE') + self.bss_hostapd[1].reload() + self.bss_hostapd[1].wait_for_event("AP-ENABLED") + self.bss_hostapd[2].set_value('wpa_key_mgmt', 'FT-PSK') + self.bss_hostapd[2].reload() + self.bss_hostapd[2].wait_for_event("AP-ENABLED") + + self.validate_connection(wd, True) + + device = wd.list_devices(1)[0] + device.disconnect() + + for hapd in self.bss_hostapd: + hapd.deauthenticate(device.address) + + wd.wait(5) + + self.validate_connection(wd, True, check_used_pmksa=True) + def test_reassociate_roam_success(self): wd = IWD(True) @@ -103,6 +136,31 @@ class Test(unittest.TestCase): self.validate_connection(wd, False) + def test_reassociate_roam_pmksa(self): + wd = IWD(True) + + self.bss_hostapd[0].set_value('wpa_key_mgmt', 'SAE') + self.bss_hostapd[0].reload() + self.bss_hostapd[0].wait_for_event("AP-ENABLED") + self.bss_hostapd[1].set_value('wpa_key_mgmt', 'SAE') + self.bss_hostapd[1].reload() + self.bss_hostapd[1].wait_for_event("AP-ENABLED") + self.bss_hostapd[2].set_value('wpa_key_mgmt', 'WPA-PSK') + self.bss_hostapd[2].reload() + self.bss_hostapd[2].wait_for_event("AP-ENABLED") + + self.validate_connection(wd, False) + + device = wd.list_devices(1)[0] + device.disconnect() + + for hapd in self.bss_hostapd: + hapd.deauthenticate(device.address) + + wd.wait(5) + + self.validate_connection(wd, False, check_used_pmksa=True) + def tearDown(self): os.system('ip link set "' + self.bss_hostapd[0].ifname + '" down') os.system('ip link set "' + self.bss_hostapd[1].ifname + '" down') From patchwork Fri Nov 22 15:15:51 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: James Prestwood X-Patchwork-Id: 13883289 Received: from mail-qv1-f41.google.com (mail-qv1-f41.google.com [209.85.219.41]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 28A231DFD82 for ; Fri, 22 Nov 2024 15:16:18 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.219.41 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1732288579; cv=none; b=HGKQ3LxIazA2lDx5wu/TdTgnBV33ST1OPydSYTtFvueF0aPZUdWaiE9S9VORKtWqT7Tctbe6wDxF6+o1eu9d/2JSIEf2nIwx5zaQlU2kqdcMUpe8gpLXGfSjhGJpbH50lQ+jwQ9QTLOo92uDd6tDUovDuiMt2nObJdX7kqBi8XQ= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1732288579; c=relaxed/simple; bh=7v8Hwh12tAfXG/QCBDDX3k5jeAJphvtI3VBhMujUpu4=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=DgRWchImXHikoE6tIf8SkMuvKiXkbTn6dhP0h0tgruoDoM1HLqDRCRfloo4zwgLHv3tMfQvYzxZsRhrc1dHSlAxJUD4h8n60XEObWKbGHbS5nTzTEmQZc7dh2Ye+NcUlVTYDlyeJVtZKbsuXbkoiVbEIxowAxV3S0oXNQGklgdA= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=ACyl9GjQ; arc=none smtp.client-ip=209.85.219.41 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="ACyl9GjQ" Received: by mail-qv1-f41.google.com with SMTP id 6a1803df08f44-6d41b1e842aso11191416d6.2 for ; Fri, 22 Nov 2024 07:16:18 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1732288577; x=1732893377; darn=lists.linux.dev; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=XpxfYQAAiMUJiaqQWHacvkMcUU2odSK4tYwWww3Hs5A=; b=ACyl9GjQZ+kT0CPaQTPZAC0IQAwqIS9brO35ujgAoooSjan5zSEQUrUDY0uKE/hww3 jX/YQhoz7svhC35oursIS8GmrS7Ugn9QdGYzPeznKYiRZTahYE571hZSTfg6XXb6zeGu zSDrCKiv+5nk0GreBLGGYPhZjyv7e7GGnY7b32drhIzorLYK47qFHFgwsEdKRsRTUdgJ lG+D4XXWtwq7XFseoRmBby2hk6fZaH+5YQ3CXoaLJ+eDdxLwaVmB5xzYCZQRCOh/8/Wu xXaYsUAebP/v1rw+o3T1kIsxtGPZgfMKu3VQvjH8p3sYrPECpluJSdy8x5HGQAUrgTsY bbkg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1732288577; x=1732893377; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=XpxfYQAAiMUJiaqQWHacvkMcUU2odSK4tYwWww3Hs5A=; b=mikXt93HPezCVcOfgibdjuPTr5sn6z3EpplcE83ERrEOMh9YEaEV08uyNIl47GZrbR L9xkL5RS0Q3MpfkaUawQwb5f0JPBL4oBmFrn/uO8m4fnkFI+yKQXJdShUT95MMyh//Zq XQGNwAXS7BUO4rJ2kLzIjUuvsapQ4tmfdaRCCjn5pX0PVcCymoNoQ45FtnI2G8BLg1Gu 990VQ0vVj37uLTRof667mGQEMvd6ozWTOYXLkvyKhpCddQLpz4uefl+1dmSPk7uqGmem l7mkUns3MJ2bcSIHlDfsyZ4ucPBaj1TbeLHmr4amA+5B/2u8a3i67I5VaZUCccnD1SVK pV1Q== X-Gm-Message-State: AOJu0Yz3M7qeN2OuPUC9FZpyGqHWiTxRrKikk7/yzZ3M2S95xnEkAC3v ie6q1HndTUwaAZtXE+yL26TabCr4dOMWjSpTTTpYD9yfHg0CsQSCGCS4Qw== X-Gm-Gg: ASbGncvaOlci2QxZzo3rAqasE+7TlN7E1+7KWIo704J8VPX3L6PDiDGCzZwJ1tFJcB3 8j3MedvF8ScDLYMJh2sndO4J6VKMnmvf4BPGZH7bbD+VXq+QWAtkCxW5yyiEcxhW3vxHZboRS99 tuAO9UbBmATovIAdqleMS+PdFwfZjz4d52fiUkk0REixIBJDykAS/iKR58nCxL7Uy21+Xsq5oTw yonLLpWcCJdfP+Q78+phwdvS/x+MfGgDtFu28oARGnMzegwbZg/0d6QXzQW X-Google-Smtp-Source: AGHT+IEg+gQZezp3OFp8hyTuJ+AZb9kdX/Lln8j42vnJi0dF21cL3npB5zPBqRn8pFXGqwBICEvYMA== X-Received: by 2002:a05:6214:cc4:b0:6d4:1d6f:8fb9 with SMTP id 6a1803df08f44-6d451362880mr59087186d6.47.1732288576862; Fri, 22 Nov 2024 07:16:16 -0800 (PST) Received: from LOCLAP699.localdomain ([152.193.78.90]) by smtp.gmail.com with ESMTPSA id 6a1803df08f44-6d451a9a720sm10722706d6.50.2024.11.22.07.16.15 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 22 Nov 2024 07:16:16 -0800 (PST) From: James Prestwood To: iwd@lists.linux.dev Cc: James Prestwood Subject: [PATCH 15/15] doc: document DisablePMKSA option Date: Fri, 22 Nov 2024 07:15:51 -0800 Message-Id: <20241122151551.286355-16-prestwoj@gmail.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20241122151551.286355-1-prestwoj@gmail.com> References: <20241122151551.286355-1-prestwoj@gmail.com> Precedence: bulk X-Mailing-List: iwd@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 --- src/iwd.config.rst | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/src/iwd.config.rst b/src/iwd.config.rst index 1cb4b05d..7530aae0 100644 --- a/src/iwd.config.rst +++ b/src/iwd.config.rst @@ -225,6 +225,11 @@ The group ``[General]`` contains general settings. request is just a 'hint' and ultimately left up to the kernel to set the country. + * - DisablePMKSA + - Value: **false**, true + + Disable PMKSA support in IWD + Network -------