* [PATCH 01/26] eapol: More strictly validate key_descriptor_version
@ 2022-10-21 19:12 Denis Kenzior
2022-10-21 19:12 ` [PATCH 02/26] crypto: Rename BIP to BIP_CMAC Denis Kenzior
` (25 more replies)
0 siblings, 26 replies; 27+ messages in thread
From: Denis Kenzior @ 2022-10-21 19:12 UTC (permalink / raw)
To: iwd; +Cc: Denis Kenzior
---
src/eapol.c | 38 +++++++++++++++++++++++---------------
src/eapolutil.c | 44 ++++++++++++++++++++++++++++++++++++++++++++
src/eapolutil.h | 6 ++++++
3 files changed, 73 insertions(+), 15 deletions(-)
diff --git a/src/eapol.c b/src/eapol.c
index e8bd5cdbf64b..c6439bb1302d 100644
--- a/src/eapol.c
+++ b/src/eapol.c
@@ -2238,12 +2238,14 @@ static void eapol_key_handle(struct eapol_sm *sm,
const struct eapol_frame *frame,
bool unencrypted)
{
+ struct handshake_state *hs = sm->handshake;
const struct eapol_key *ek;
const uint8_t *kck;
const uint8_t *kek;
uint8_t *decrypted_key_data = NULL;
size_t key_data_len = 0;
uint64_t replay_counter;
+ uint8_t expected_key_descriptor_version;
ek = eapol_key_validate((const uint8_t *) frame,
sizeof(struct eapol_header) +
@@ -2256,11 +2258,19 @@ static void eapol_key_handle(struct eapol_sm *sm,
if (!ek->key_ack)
return;
+ if (L_WARN_ON(eapol_key_descriptor_version_from_akm(hs->akm_suite,
+ hs->pairwise_cipher,
+ &expected_key_descriptor_version) < 0))
+ return;
+
+ if (L_WARN_ON(expected_key_descriptor_version !=
+ ek->key_descriptor_version))
+ return;
+
/* Further Descriptor Type check */
- if (!sm->handshake->wpa_ie &&
- ek->descriptor_type != EAPOL_DESCRIPTOR_TYPE_80211)
+ if (!hs->wpa_ie && ek->descriptor_type != EAPOL_DESCRIPTOR_TYPE_80211)
return;
- else if (sm->handshake->wpa_ie &&
+ else if (hs->wpa_ie &&
ek->descriptor_type != EAPOL_DESCRIPTOR_TYPE_WPA)
return;
@@ -2293,31 +2303,30 @@ static void eapol_key_handle(struct eapol_sm *sm,
if (sm->have_replay && sm->replay_counter >= replay_counter)
return;
- kck = handshake_state_get_kck(sm->handshake);
+ kck = handshake_state_get_kck(hs);
if (ek->key_mic) {
/* Haven't received step 1 yet, so no ptk */
- if (!sm->handshake->have_snonce)
+ if (!hs->have_snonce)
return;
- if (!eapol_verify_mic(sm->handshake->akm_suite, kck, ek,
- sm->mic_len))
+ if (!eapol_verify_mic(hs->akm_suite, kck, ek, sm->mic_len))
return;
}
- if ((ek->encrypted_key_data && !sm->handshake->wpa_ie) ||
- (ek->key_type == 0 && sm->handshake->wpa_ie)) {
+ if ((ek->encrypted_key_data && !hs->wpa_ie) ||
+ (ek->key_type == 0 && hs->wpa_ie)) {
/*
* If using a MIC (non-FILS) but haven't received step 1 yet
* we disregard since there will be no ptk
*/
- if (sm->mic_len && !sm->handshake->have_snonce)
+ if (sm->mic_len && !hs->have_snonce)
return;
- kek = handshake_state_get_kek(sm->handshake);
+ kek = handshake_state_get_kek(hs);
decrypted_key_data = eapol_decrypt_key_data(
- sm->handshake->akm_suite, kek,
+ hs->akm_suite, kek,
ek, &key_data_len, sm->mic_len);
if (!decrypted_key_data)
return;
@@ -2326,11 +2335,10 @@ static void eapol_key_handle(struct eapol_sm *sm,
if (ek->key_type == 0) {
/* GTK handshake allowed only after PTK handshake complete */
- if (!sm->handshake->ptk_complete)
+ if (!hs->ptk_complete)
goto done;
- if (sm->handshake->group_cipher ==
- IE_RSN_CIPHER_SUITE_NO_GROUP_TRAFFIC)
+ if (hs->group_cipher == IE_RSN_CIPHER_SUITE_NO_GROUP_TRAFFIC)
goto done;
if (!decrypted_key_data)
diff --git a/src/eapolutil.c b/src/eapolutil.c
index e2a41c2e823f..3a0ef26e62bc 100644
--- a/src/eapolutil.c
+++ b/src/eapolutil.c
@@ -25,9 +25,11 @@
#endif
#include <stdio.h>
+#include <errno.h>
#include <ell/ell.h>
#include "src/eapolutil.h"
+#include "src/ie.h"
const struct eapol_key *eapol_key_validate(const uint8_t *frame, size_t len,
size_t mic_len)
@@ -80,3 +82,45 @@ const struct eapol_key *eapol_key_validate(const uint8_t *frame, size_t len,
return ek;
}
+
+int eapol_key_descriptor_version_from_akm(enum ie_rsn_akm_suite akm,
+ enum ie_rsn_cipher_suite pairwise,
+ uint8_t *outv)
+{
+ /* 802.11-2020 Section 12.7.2 */
+ switch (akm) {
+ case IE_RSN_AKM_SUITE_8021X:
+ case IE_RSN_AKM_SUITE_PSK:
+ if (pairwise == IE_RSN_CIPHER_SUITE_USE_GROUP_CIPHER ||
+ pairwise == IE_RSN_CIPHER_SUITE_TKIP)
+ *outv = EAPOL_KEY_DESCRIPTOR_VERSION_HMAC_MD5_ARC4;
+ else
+ *outv = EAPOL_KEY_DESCRIPTOR_VERSION_HMAC_SHA1_AES;
+
+ return 0;
+ case IE_RSN_AKM_SUITE_FT_OVER_8021X:
+ case IE_RSN_AKM_SUITE_FT_USING_PSK:
+ case IE_RSN_AKM_SUITE_8021X_SHA256:
+ case IE_RSN_AKM_SUITE_PSK_SHA256:
+ *outv = EAPOL_KEY_DESCRIPTOR_VERSION_AES_128_CMAC_AES;
+ return 0;
+ case IE_RSN_AKM_SUITE_SAE_SHA256:
+ case IE_RSN_AKM_SUITE_FT_OVER_SAE_SHA256:
+ case IE_RSN_AKM_SUITE_8021X_SUITE_B_SHA256:
+ case IE_RSN_AKM_SUITE_8021X_SUITE_B_SHA384:
+ case IE_RSN_AKM_SUITE_FT_OVER_8021X_SHA384:
+ case IE_RSN_AKM_SUITE_FILS_SHA256:
+ case IE_RSN_AKM_SUITE_FILS_SHA384:
+ case IE_RSN_AKM_SUITE_FT_OVER_FILS_SHA256:
+ case IE_RSN_AKM_SUITE_FT_OVER_FILS_SHA384:
+ case IE_RSN_AKM_SUITE_OWE:
+ case IE_RSN_AKM_SUITE_OSEN:
+ *outv = EAPOL_KEY_DESCRIPTOR_VERSION_AKM_DEFINED;
+ return 0;
+ case IE_RSN_AKM_SUITE_TDLS:
+ case IE_RSN_AKM_SUITE_AP_PEER_KEY_SHA256:
+ break;
+ }
+
+ return -ENOTSUP;
+};
diff --git a/src/eapolutil.h b/src/eapolutil.h
index 1f15872eb2d7..7451f69bedd8 100644
--- a/src/eapolutil.h
+++ b/src/eapolutil.h
@@ -25,6 +25,9 @@
#include <asm/byteorder.h>
#include <linux/types.h>
+enum ie_rsn_akm_suite;
+enum ie_rsn_cipher_suite;
+
enum eapol_protocol_version {
EAPOL_PROTOCOL_VERSION_2001 = 1,
EAPOL_PROTOCOL_VERSION_2004 = 2,
@@ -116,3 +119,6 @@ struct eapol_key {
const struct eapol_key *eapol_key_validate(const uint8_t *frame, size_t len,
size_t mic_len);
+int eapol_key_descriptor_version_from_akm(enum ie_rsn_akm_suite akm,
+ enum ie_rsn_cipher_suite pairwise,
+ uint8_t *out_version);
--
2.35.1
^ permalink raw reply related [flat|nested] 27+ messages in thread
* [PATCH 02/26] crypto: Rename BIP to BIP_CMAC
2022-10-21 19:12 [PATCH 01/26] eapol: More strictly validate key_descriptor_version Denis Kenzior
@ 2022-10-21 19:12 ` Denis Kenzior
2022-10-21 19:12 ` [PATCH 03/26] ie: Rename _BIP to _BIP_CMAC Denis Kenzior
` (24 subsequent siblings)
25 siblings, 0 replies; 27+ messages in thread
From: Denis Kenzior @ 2022-10-21 19:12 UTC (permalink / raw)
To: iwd; +Cc: Denis Kenzior
To match the spec more closely. Several additional BIP algorithms are
being introduced, including BIP_GMAC_128|256 and BIP_CMAC_256.
---
src/crypto.c | 2 +-
src/crypto.h | 2 +-
src/ie.c | 2 +-
src/netdev.c | 2 +-
src/wiphy.c | 2 +-
tools/hwsim.c | 4 ++--
6 files changed, 7 insertions(+), 7 deletions(-)
diff --git a/src/crypto.c b/src/crypto.c
index 19d55e70f5d0..89e315df6a36 100644
--- a/src/crypto.c
+++ b/src/crypto.c
@@ -501,7 +501,7 @@ int crypto_cipher_key_len(enum crypto_cipher cipher)
return 32;
case CRYPTO_CIPHER_CCMP:
return 16;
- case CRYPTO_CIPHER_BIP:
+ case CRYPTO_CIPHER_BIP_CMAC:
return 16;
}
diff --git a/src/crypto.h b/src/crypto.h
index b6fa2ec3eccf..b2cd8839aa77 100644
--- a/src/crypto.h
+++ b/src/crypto.h
@@ -30,7 +30,7 @@ enum crypto_cipher {
CRYPTO_CIPHER_WEP104 = 0x000fac05,
CRYPTO_CIPHER_TKIP = 0x000fac02,
CRYPTO_CIPHER_CCMP = 0x000fac04,
- CRYPTO_CIPHER_BIP = 0x000fac06,
+ CRYPTO_CIPHER_BIP_CMAC = 0x000fac06,
};
enum crypto_akm {
diff --git a/src/ie.c b/src/ie.c
index 070454ef4f8f..245b59c91ad3 100644
--- a/src/ie.c
+++ b/src/ie.c
@@ -429,7 +429,7 @@ uint32_t ie_rsn_cipher_suite_to_cipher(enum ie_rsn_cipher_suite suite)
case IE_RSN_CIPHER_SUITE_WEP104:
return CRYPTO_CIPHER_WEP104;
case IE_RSN_CIPHER_SUITE_BIP:
- return CRYPTO_CIPHER_BIP;
+ return CRYPTO_CIPHER_BIP_CMAC;
default:
return 0;
}
diff --git a/src/netdev.c b/src/netdev.c
index 206907b896f8..cd8e70863d3a 100644
--- a/src/netdev.c
+++ b/src/netdev.c
@@ -1684,7 +1684,7 @@ static void netdev_set_igtk(struct handshake_state *hs, uint16_t key_index,
}
switch (cipher) {
- case CRYPTO_CIPHER_BIP:
+ case CRYPTO_CIPHER_BIP_CMAC:
memcpy(igtk_buf, igtk, 16);
break;
default:
diff --git a/src/wiphy.c b/src/wiphy.c
index 6fdd3df526cd..1283bede923e 100644
--- a/src/wiphy.c
+++ b/src/wiphy.c
@@ -1215,7 +1215,7 @@ static void parse_supported_ciphers(struct wiphy *wiphy, const void *data,
case CRYPTO_CIPHER_WEP104:
wiphy->supported_ciphers |= IE_RSN_CIPHER_SUITE_WEP104;
break;
- case CRYPTO_CIPHER_BIP:
+ case CRYPTO_CIPHER_BIP_CMAC:
wiphy->supported_ciphers |= IE_RSN_CIPHER_SUITE_BIP;
break;
default: /* TODO: Support other ciphers */
diff --git a/tools/hwsim.c b/tools/hwsim.c
index e55019045967..75f074abf0b0 100644
--- a/tools/hwsim.c
+++ b/tools/hwsim.c
@@ -175,7 +175,7 @@ static const uint32_t hwsim_supported_ciphers[] = {
CRYPTO_CIPHER_WEP104,
CRYPTO_CIPHER_TKIP,
CRYPTO_CIPHER_CCMP,
- CRYPTO_CIPHER_BIP,
+ CRYPTO_CIPHER_BIP_CMAC,
};
static uint32_t hwsim_ciphers[L_ARRAY_SIZE(hwsim_supported_ciphers)];
static int hwsim_num_ciphers = 0;
@@ -196,7 +196,7 @@ static const struct hwsim_support cipher_map[] = {
{ "wep104", CRYPTO_CIPHER_WEP104 },
{ "tkip", CRYPTO_CIPHER_TKIP },
{ "ccmp", CRYPTO_CIPHER_CCMP },
- { "bip", CRYPTO_CIPHER_BIP },
+ { "bip", CRYPTO_CIPHER_BIP_CMAC },
{ }
};
--
2.35.1
^ permalink raw reply related [flat|nested] 27+ messages in thread
* [PATCH 03/26] ie: Rename _BIP to _BIP_CMAC
2022-10-21 19:12 [PATCH 01/26] eapol: More strictly validate key_descriptor_version Denis Kenzior
2022-10-21 19:12 ` [PATCH 02/26] crypto: Rename BIP to BIP_CMAC Denis Kenzior
@ 2022-10-21 19:12 ` Denis Kenzior
2022-10-21 19:12 ` [PATCH 04/26] ie: Simplify implementation Denis Kenzior
` (23 subsequent siblings)
25 siblings, 0 replies; 27+ messages in thread
From: Denis Kenzior @ 2022-10-21 19:12 UTC (permalink / raw)
To: iwd; +Cc: Denis Kenzior
---
src/ie.c | 15 ++++++++-------
src/ie.h | 2 +-
src/wiphy.c | 13 +++++++------
unit/test-ie.c | 2 +-
4 files changed, 17 insertions(+), 15 deletions(-)
diff --git a/src/ie.c b/src/ie.c
index 245b59c91ad3..7159222a4f6c 100644
--- a/src/ie.c
+++ b/src/ie.c
@@ -428,7 +428,7 @@ uint32_t ie_rsn_cipher_suite_to_cipher(enum ie_rsn_cipher_suite suite)
return CRYPTO_CIPHER_WEP40;
case IE_RSN_CIPHER_SUITE_WEP104:
return CRYPTO_CIPHER_WEP104;
- case IE_RSN_CIPHER_SUITE_BIP:
+ case IE_RSN_CIPHER_SUITE_BIP_CMAC:
return CRYPTO_CIPHER_BIP_CMAC;
default:
return 0;
@@ -462,7 +462,7 @@ static bool ie_parse_cipher_suite(const uint8_t *data,
*out = IE_RSN_CIPHER_SUITE_WEP104;
return true;
case 6:
- *out = IE_RSN_CIPHER_SUITE_BIP;
+ *out = IE_RSN_CIPHER_SUITE_BIP_CMAC;
return true;
case 7:
*out = IE_RSN_CIPHER_SUITE_NO_GROUP_TRAFFIC;
@@ -625,7 +625,7 @@ static bool ie_parse_group_management_cipher(const uint8_t *data,
return r;
switch (tmp) {
- case IE_RSN_CIPHER_SUITE_BIP:
+ case IE_RSN_CIPHER_SUITE_BIP_CMAC:
case IE_RSN_CIPHER_SUITE_NO_GROUP_TRAFFIC:
break;
default:
@@ -746,7 +746,8 @@ static int parse_ciphers(const uint8_t *data, size_t len,
* management frame protection enabled
*/
if (out_info->mfpc)
- out_info->group_management_cipher = IE_RSN_CIPHER_SUITE_BIP;
+ out_info->group_management_cipher =
+ IE_RSN_CIPHER_SUITE_BIP_CMAC;
RSNE_ADVANCE(data, len, 2);
@@ -905,7 +906,7 @@ static bool ie_build_cipher_suite(uint8_t *data, const uint8_t *oui,
memcpy(data, oui, 3);
data[3] = 5;
return true;
- case IE_RSN_CIPHER_SUITE_BIP:
+ case IE_RSN_CIPHER_SUITE_BIP_CMAC:
memcpy(data, oui, 3);
data[3] = 6;
return true;
@@ -1115,7 +1116,7 @@ static int build_ciphers_common(const struct ie_rsn_info *info, uint8_t *to,
else if (!info->mfpc)
goto done;
else if (info->group_management_cipher ==
- IE_RSN_CIPHER_SUITE_BIP)
+ IE_RSN_CIPHER_SUITE_BIP_CMAC)
goto done;
}
@@ -1136,7 +1137,7 @@ static int build_ciphers_common(const struct ie_rsn_info *info, uint8_t *to,
goto done;
if (!force_group_mgmt_cipher && info->group_management_cipher ==
- IE_RSN_CIPHER_SUITE_BIP)
+ IE_RSN_CIPHER_SUITE_BIP_CMAC)
goto done;
/* Group Management Cipher Suite */
diff --git a/src/ie.h b/src/ie.h
index e56df984e53c..e7ffaa63f74d 100644
--- a/src/ie.h
+++ b/src/ie.h
@@ -329,7 +329,7 @@ enum ie_rsn_cipher_suite {
IE_RSN_CIPHER_SUITE_TKIP = 0x0004,
IE_RSN_CIPHER_SUITE_CCMP = 0x0008,
IE_RSN_CIPHER_SUITE_WEP104 = 0x0010,
- IE_RSN_CIPHER_SUITE_BIP = 0x0020,
+ IE_RSN_CIPHER_SUITE_BIP_CMAC = 0x0020,
IE_RSN_CIPHER_SUITE_NO_GROUP_TRAFFIC = 0x0040,
};
diff --git a/src/wiphy.c b/src/wiphy.c
index 1283bede923e..3e08047910e1 100644
--- a/src/wiphy.c
+++ b/src/wiphy.c
@@ -157,8 +157,8 @@ enum ie_rsn_cipher_suite wiphy_select_cipher(struct wiphy *wiphy, uint16_t mask)
if (mask & IE_RSN_CIPHER_SUITE_TKIP)
return IE_RSN_CIPHER_SUITE_TKIP;
- if (mask & IE_RSN_CIPHER_SUITE_BIP)
- return IE_RSN_CIPHER_SUITE_BIP;
+ if (mask & IE_RSN_CIPHER_SUITE_BIP_CMAC)
+ return IE_RSN_CIPHER_SUITE_BIP_CMAC;
return 0;
}
@@ -178,7 +178,7 @@ static bool wiphy_can_connect_sae(struct wiphy *wiphy)
* WPA3 Specification version 3, Section 2.3:
* A STA shall negotiate PMF when associating to an AP using SAE
*/
- if (!(wiphy->supported_ciphers & IE_RSN_CIPHER_SUITE_BIP)) {
+ if (!(wiphy->supported_ciphers & IE_RSN_CIPHER_SUITE_BIP_CMAC)) {
l_debug("HW not MFP capable, can't use SAE");
return false;
}
@@ -488,7 +488,7 @@ bool wiphy_can_transition_disable(struct wiphy *wiphy)
if (!(wiphy->supported_ciphers & IE_RSN_CIPHER_SUITE_CCMP))
return false;
- if (!(wiphy->supported_ciphers & IE_RSN_CIPHER_SUITE_BIP))
+ if (!(wiphy->supported_ciphers & IE_RSN_CIPHER_SUITE_BIP_CMAC))
return false;
return true;
@@ -1145,7 +1145,7 @@ static void wiphy_print_basic_info(struct wiphy *wiphy)
if (wiphy->supported_ciphers & IE_RSN_CIPHER_SUITE_TKIP)
len += sprintf(buf + len, " TKIP");
- if (wiphy->supported_ciphers & IE_RSN_CIPHER_SUITE_BIP)
+ if (wiphy->supported_ciphers & IE_RSN_CIPHER_SUITE_BIP_CMAC)
len += sprintf(buf + len, " BIP");
l_info("%s", buf);
@@ -1216,7 +1216,8 @@ static void parse_supported_ciphers(struct wiphy *wiphy, const void *data,
wiphy->supported_ciphers |= IE_RSN_CIPHER_SUITE_WEP104;
break;
case CRYPTO_CIPHER_BIP_CMAC:
- wiphy->supported_ciphers |= IE_RSN_CIPHER_SUITE_BIP;
+ wiphy->supported_ciphers |=
+ IE_RSN_CIPHER_SUITE_BIP_CMAC;
break;
default: /* TODO: Support other ciphers */
break;
diff --git a/unit/test-ie.c b/unit/test-ie.c
index 709b745428b9..7ea84c387121 100644
--- a/unit/test-ie.c
+++ b/unit/test-ie.c
@@ -423,7 +423,7 @@ static const struct ie_rsne_info_test ie_rsne_info_test_6 = {
.pairwise_ciphers = IE_RSN_CIPHER_SUITE_CCMP,
.akm_suites = IE_RSN_AKM_SUITE_8021X,
.mfpc = true, /* Management frame protection is enabled, not required */
- .group_management_cipher = IE_RSN_CIPHER_SUITE_BIP,
+ .group_management_cipher = IE_RSN_CIPHER_SUITE_BIP_CMAC,
};
static void ie_test_rsne_info(const void *data)
--
2.35.1
^ permalink raw reply related [flat|nested] 27+ messages in thread
* [PATCH 04/26] ie: Simplify implementation
2022-10-21 19:12 [PATCH 01/26] eapol: More strictly validate key_descriptor_version Denis Kenzior
2022-10-21 19:12 ` [PATCH 02/26] crypto: Rename BIP to BIP_CMAC Denis Kenzior
2022-10-21 19:12 ` [PATCH 03/26] ie: Rename _BIP to _BIP_CMAC Denis Kenzior
@ 2022-10-21 19:12 ` Denis Kenzior
2022-10-21 19:12 ` [PATCH 05/26] crypto: Add new cipher definitions Denis Kenzior
` (22 subsequent siblings)
25 siblings, 0 replies; 27+ messages in thread
From: Denis Kenzior @ 2022-10-21 19:12 UTC (permalink / raw)
To: iwd; +Cc: Denis Kenzior
Instead of copy-pasting the same basic operation (memcpy & assignment),
use a goto and a common path instead. This should also make it easier
for the compiler to optimize this function.
---
src/ie.c | 41 ++++++++++++++++++++---------------------
1 file changed, 20 insertions(+), 21 deletions(-)
diff --git a/src/ie.c b/src/ie.c
index 7159222a4f6c..8ceefc643615 100644
--- a/src/ie.c
+++ b/src/ie.c
@@ -885,38 +885,37 @@ int ie_parse_osen_from_data(const uint8_t *data, size_t len,
static bool ie_build_cipher_suite(uint8_t *data, const uint8_t *oui,
const enum ie_rsn_cipher_suite suite)
{
+ uint8_t selector;
+
switch (suite) {
case IE_RSN_CIPHER_SUITE_USE_GROUP_CIPHER:
- memcpy(data, oui, 3);
- data[3] = 0;
- return true;
+ selector = 0;
+ goto done;
case IE_RSN_CIPHER_SUITE_WEP40:
- memcpy(data, oui, 3);
- data[3] = 1;
- return true;
+ selector = 1;
+ goto done;
case IE_RSN_CIPHER_SUITE_TKIP:
- memcpy(data, oui, 3);
- data[3] = 2;
- return true;
+ selector = 2;
+ goto done;
case IE_RSN_CIPHER_SUITE_CCMP:
- memcpy(data, oui, 3);
- data[3] = 4;
- return true;
+ selector = 4;
+ goto done;
case IE_RSN_CIPHER_SUITE_WEP104:
- memcpy(data, oui, 3);
- data[3] = 5;
- return true;
+ selector = 5;
+ goto done;
case IE_RSN_CIPHER_SUITE_BIP_CMAC:
- memcpy(data, oui, 3);
- data[3] = 6;
- return true;
+ selector = 6;
+ goto done;
case IE_RSN_CIPHER_SUITE_NO_GROUP_TRAFFIC:
- memcpy(data, oui, 3);
- data[3] = 7;
- return true;
+ selector = 7;
+ goto done;
}
return false;
+done:
+ memcpy(data, oui, 3);
+ data[3] = selector;
+ return true;
}
#define RETURN_AKM(data, oui, id) \
--
2.35.1
^ permalink raw reply related [flat|nested] 27+ messages in thread
* [PATCH 05/26] crypto: Add new cipher definitions
2022-10-21 19:12 [PATCH 01/26] eapol: More strictly validate key_descriptor_version Denis Kenzior
` (2 preceding siblings ...)
2022-10-21 19:12 ` [PATCH 04/26] ie: Simplify implementation Denis Kenzior
@ 2022-10-21 19:12 ` Denis Kenzior
2022-10-21 19:12 ` [PATCH 06/26] ie: Skip unknown pairwise ciphers Denis Kenzior
` (21 subsequent siblings)
25 siblings, 0 replies; 27+ messages in thread
From: Denis Kenzior @ 2022-10-21 19:12 UTC (permalink / raw)
To: iwd; +Cc: Denis Kenzior
---
src/crypto.c | 8 ++++++++
src/crypto.h | 6 ++++++
2 files changed, 14 insertions(+)
diff --git a/src/crypto.c b/src/crypto.c
index 89e315df6a36..840d9ee4dd5b 100644
--- a/src/crypto.c
+++ b/src/crypto.c
@@ -500,9 +500,17 @@ int crypto_cipher_key_len(enum crypto_cipher cipher)
case CRYPTO_CIPHER_TKIP:
return 32;
case CRYPTO_CIPHER_CCMP:
+ case CRYPTO_CIPHER_GCMP:
return 16;
+ case CRYPTO_CIPHER_CCMP_256:
+ case CRYPTO_CIPHER_GCMP_256:
+ return 32;
case CRYPTO_CIPHER_BIP_CMAC:
+ case CRYPTO_CIPHER_BIP_GMAC:
return 16;
+ case CRYPTO_CIPHER_BIP_CMAC_256:
+ case CRYPTO_CIPHER_BIP_GMAC_256:
+ return 32;
}
return 0;
diff --git a/src/crypto.h b/src/crypto.h
index b2cd8839aa77..ed430abb00d8 100644
--- a/src/crypto.h
+++ b/src/crypto.h
@@ -31,6 +31,12 @@ enum crypto_cipher {
CRYPTO_CIPHER_TKIP = 0x000fac02,
CRYPTO_CIPHER_CCMP = 0x000fac04,
CRYPTO_CIPHER_BIP_CMAC = 0x000fac06,
+ CRYPTO_CIPHER_GCMP = 0x000fac08,
+ CRYPTO_CIPHER_GCMP_256 = 0x000fac09,
+ CRYPTO_CIPHER_CCMP_256 = 0x000fac0a,
+ CRYPTO_CIPHER_BIP_GMAC = 0x000fac0b,
+ CRYPTO_CIPHER_BIP_GMAC_256 = 0x000fac0c,
+ CRYPTO_CIPHER_BIP_CMAC_256 = 0x000fac0d,
};
enum crypto_akm {
--
2.35.1
^ permalink raw reply related [flat|nested] 27+ messages in thread
* [PATCH 06/26] ie: Skip unknown pairwise ciphers
2022-10-21 19:12 [PATCH 01/26] eapol: More strictly validate key_descriptor_version Denis Kenzior
` (3 preceding siblings ...)
2022-10-21 19:12 ` [PATCH 05/26] crypto: Add new cipher definitions Denis Kenzior
@ 2022-10-21 19:12 ` Denis Kenzior
2022-10-21 19:12 ` [PATCH 07/26] netdev: Build RSN attributes in a common function Denis Kenzior
` (20 subsequent siblings)
25 siblings, 0 replies; 27+ messages in thread
From: Denis Kenzior @ 2022-10-21 19:12 UTC (permalink / raw)
To: iwd; +Cc: Denis Kenzior
---
src/ie.c | 16 +++++++++-------
1 file changed, 9 insertions(+), 7 deletions(-)
diff --git a/src/ie.c b/src/ie.c
index 8ceefc643615..110b5b3ebdec 100644
--- a/src/ie.c
+++ b/src/ie.c
@@ -589,15 +589,14 @@ static bool ie_parse_group_cipher(const uint8_t *data,
return true;
}
-static bool ie_parse_pairwise_cipher(const uint8_t *data,
+static int ie_parse_pairwise_cipher(const uint8_t *data,
enum ie_rsn_cipher_suite *out)
{
enum ie_rsn_cipher_suite tmp;
-
bool r = ie_parse_cipher_suite(data, &tmp);
if (!r)
- return r;
+ return -ENOENT;
switch (tmp) {
case IE_RSN_CIPHER_SUITE_CCMP:
@@ -607,11 +606,11 @@ static bool ie_parse_pairwise_cipher(const uint8_t *data,
case IE_RSN_CIPHER_SUITE_USE_GROUP_CIPHER:
break;
default:
- return false;
+ return -ERANGE;
}
*out = tmp;
- return true;
+ return 0;
}
static bool ie_parse_group_management_cipher(const uint8_t *data,
@@ -682,9 +681,12 @@ static int parse_ciphers(const uint8_t *data, size_t len,
/* Parse Pairwise Cipher Suite List field */
for (i = 0, out_info->pairwise_ciphers = 0; i < count; i++) {
enum ie_rsn_cipher_suite suite;
+ int r = ie_parse_pairwise_cipher(data + i * 4, &suite);
- if (!ie_parse_pairwise_cipher(data + i * 4, &suite))
- return -ERANGE;
+ if (r == -ENOENT) /* Skip unknown */
+ continue;
+ else if (r < 0)
+ return r;
out_info->pairwise_ciphers |= suite;
}
--
2.35.1
^ permalink raw reply related [flat|nested] 27+ messages in thread
* [PATCH 07/26] netdev: Build RSN attributes in a common function
2022-10-21 19:12 [PATCH 01/26] eapol: More strictly validate key_descriptor_version Denis Kenzior
` (4 preceding siblings ...)
2022-10-21 19:12 ` [PATCH 06/26] ie: Skip unknown pairwise ciphers Denis Kenzior
@ 2022-10-21 19:12 ` Denis Kenzior
2022-10-21 19:12 ` [PATCH 08/26] netdev: Add support for setting GCMP keys Denis Kenzior
` (19 subsequent siblings)
25 siblings, 0 replies; 27+ messages in thread
From: Denis Kenzior @ 2022-10-21 19:12 UTC (permalink / raw)
To: iwd; +Cc: Denis Kenzior
Both CMD_ASSOCIATE and CMD_CONNECT paths were using very similar code to
build RSN specific attributes. Use a common function to build these
attributes to cut down on duplicated code.
While here, also start using ie_rsn_cipher_suite_to_cipher instead of
assuming that the pairwise / group ciphers can only be CCMP or TKIP.
---
src/netdev.c | 139 ++++++++++++++++++++-------------------------------
1 file changed, 53 insertions(+), 86 deletions(-)
diff --git a/src/netdev.c b/src/netdev.c
index cd8e70863d3a..231ed9862cc5 100644
--- a/src/netdev.c
+++ b/src/netdev.c
@@ -2519,6 +2519,44 @@ static unsigned int ie_rsn_akm_suite_to_nl80211(enum ie_rsn_akm_suite akm)
return 0;
}
+static void netdev_append_nl80211_rsn_attributes(struct l_genl_msg *msg,
+ struct handshake_state *hs)
+{
+ uint32_t nl_cipher;
+ uint32_t nl_akm;
+ uint32_t wpa_version;
+
+ nl_cipher = ie_rsn_cipher_suite_to_cipher(hs->pairwise_cipher);
+ L_WARN_ON(!nl_cipher);
+ l_genl_msg_append_attr(msg, NL80211_ATTR_CIPHER_SUITES_PAIRWISE,
+ 4, &nl_cipher);
+
+ nl_cipher = ie_rsn_cipher_suite_to_cipher(hs->group_cipher);
+ L_WARN_ON(!nl_cipher);
+ l_genl_msg_append_attr(msg, NL80211_ATTR_CIPHER_SUITE_GROUP,
+ 4, &nl_cipher);
+
+ if (hs->mfp) {
+ uint32_t use_mfp = NL80211_MFP_REQUIRED;
+
+ l_genl_msg_append_attr(msg, NL80211_ATTR_USE_MFP, 4, &use_mfp);
+ }
+
+ nl_akm = ie_rsn_akm_suite_to_nl80211(hs->akm_suite);
+ L_WARN_ON(!nl_akm);
+ l_genl_msg_append_attr(msg, NL80211_ATTR_AKM_SUITES, 4, &nl_akm);
+
+ if (IE_AKM_IS_SAE(hs->akm_suite))
+ wpa_version = NL80211_WPA_VERSION_3;
+ else if (hs->wpa_ie)
+ wpa_version = NL80211_WPA_VERSION_1;
+ else
+ wpa_version = NL80211_WPA_VERSION_2;
+
+ l_genl_msg_append_attr(msg, NL80211_ATTR_WPA_VERSIONS,
+ 4, &wpa_version);
+}
+
static struct l_genl_msg *netdev_build_cmd_connect(struct netdev *netdev,
struct handshake_state *hs,
const uint8_t *prev_bssid,
@@ -2575,49 +2613,18 @@ static struct l_genl_msg *netdev_build_cmd_connect(struct netdev *netdev,
l_genl_msg_append_attr(msg, NL80211_ATTR_SOCKET_OWNER, 0, NULL);
if (is_rsn) {
- uint32_t nl_cipher;
- uint32_t nl_akm;
- uint32_t wpa_version;
-
- if (hs->pairwise_cipher == IE_RSN_CIPHER_SUITE_CCMP)
- nl_cipher = CRYPTO_CIPHER_CCMP;
- else
- nl_cipher = CRYPTO_CIPHER_TKIP;
-
- l_genl_msg_append_attr(msg, NL80211_ATTR_CIPHER_SUITES_PAIRWISE,
- 4, &nl_cipher);
-
- if (hs->group_cipher == IE_RSN_CIPHER_SUITE_CCMP)
- nl_cipher = CRYPTO_CIPHER_CCMP;
- else
- nl_cipher = CRYPTO_CIPHER_TKIP;
-
- l_genl_msg_append_attr(msg, NL80211_ATTR_CIPHER_SUITE_GROUP,
- 4, &nl_cipher);
-
- if (hs->mfp) {
- uint32_t use_mfp = NL80211_MFP_REQUIRED;
- l_genl_msg_append_attr(msg, NL80211_ATTR_USE_MFP,
- 4, &use_mfp);
- }
-
- nl_akm = ie_rsn_akm_suite_to_nl80211(hs->akm_suite);
- if (nl_akm)
- l_genl_msg_append_attr(msg, NL80211_ATTR_AKM_SUITES,
- 4, &nl_akm);
-
- if (IE_AKM_IS_SAE(hs->akm_suite))
- wpa_version = NL80211_WPA_VERSION_3;
- else if (hs->wpa_ie)
- wpa_version = NL80211_WPA_VERSION_1;
- else
- wpa_version = NL80211_WPA_VERSION_2;
+ netdev_append_nl80211_rsn_attributes(msg, hs);
+ c_iov = iov_ie_append(iov, n_iov, c_iov, hs->supplicant_ie);
+ }
- l_genl_msg_append_attr(msg, NL80211_ATTR_WPA_VERSIONS,
- 4, &wpa_version);
+ if (is_rsn || hs->settings_8021x) {
+ l_genl_msg_append_attr(msg, NL80211_ATTR_CONTROL_PORT,
+ 0, NULL);
- l_genl_msg_append_attr(msg, NL80211_ATTR_CONTROL_PORT, 0, NULL);
- c_iov = iov_ie_append(iov, n_iov, c_iov, hs->supplicant_ie);
+ if (netdev->pae_over_nl80211)
+ l_genl_msg_append_attr(msg,
+ NL80211_ATTR_CONTROL_PORT_OVER_NL80211,
+ 0, NULL);
}
if (netdev->owe_sm) {
@@ -2625,11 +2632,6 @@ static struct l_genl_msg *netdev_build_cmd_connect(struct netdev *netdev,
c_iov = iov_ie_append(iov, n_iov, c_iov, owe_dh_ie);
}
- if (netdev->pae_over_nl80211)
- l_genl_msg_append_attr(msg,
- NL80211_ATTR_CONTROL_PORT_OVER_NL80211,
- 0, NULL);
-
c_iov = iov_ie_append(iov, n_iov, c_iov, hs->mde);
c_iov = netdev_populate_common_ies(netdev, hs, msg, iov, n_iov, c_iov);
@@ -2953,52 +2955,17 @@ static struct l_genl_msg *netdev_build_cmd_associate_common(
l_genl_msg_append_attr(msg, NL80211_ATTR_SSID, hs->ssid_len, hs->ssid);
l_genl_msg_append_attr(msg, NL80211_ATTR_SOCKET_OWNER, 0, NULL);
- if (is_rsn) {
- uint32_t nl_cipher;
- uint32_t nl_akm;
- uint32_t wpa_version;
+ if (is_rsn)
+ netdev_append_nl80211_rsn_attributes(msg, hs);
- l_genl_msg_append_attr(msg, NL80211_ATTR_CONTROL_PORT, 0, NULL);
+ if (is_rsn || hs->settings_8021x) {
+ l_genl_msg_append_attr(msg, NL80211_ATTR_CONTROL_PORT,
+ 0, NULL);
if (netdev->pae_over_nl80211)
l_genl_msg_append_attr(msg,
NL80211_ATTR_CONTROL_PORT_OVER_NL80211,
0, NULL);
-
- if (hs->pairwise_cipher == IE_RSN_CIPHER_SUITE_CCMP)
- nl_cipher = CRYPTO_CIPHER_CCMP;
- else
- nl_cipher = CRYPTO_CIPHER_TKIP;
-
- l_genl_msg_append_attr(msg, NL80211_ATTR_CIPHER_SUITES_PAIRWISE,
- 4, &nl_cipher);
-
- if (hs->group_cipher == IE_RSN_CIPHER_SUITE_CCMP)
- nl_cipher = CRYPTO_CIPHER_CCMP;
- else
- nl_cipher = CRYPTO_CIPHER_TKIP;
-
- l_genl_msg_append_attr(msg, NL80211_ATTR_CIPHER_SUITE_GROUP,
- 4, &nl_cipher);
-
- if (hs->mfp) {
- uint32_t use_mfp = NL80211_MFP_REQUIRED;
- l_genl_msg_append_attr(msg, NL80211_ATTR_USE_MFP,
- 4, &use_mfp);
- }
-
- nl_akm = ie_rsn_akm_suite_to_nl80211(hs->akm_suite);
- if (nl_akm)
- l_genl_msg_append_attr(msg, NL80211_ATTR_AKM_SUITES,
- 4, &nl_akm);
-
- if (hs->wpa_ie)
- wpa_version = NL80211_WPA_VERSION_1;
- else
- wpa_version = NL80211_WPA_VERSION_2;
-
- l_genl_msg_append_attr(msg, NL80211_ATTR_WPA_VERSIONS,
- 4, &wpa_version);
}
return msg;
--
2.35.1
^ permalink raw reply related [flat|nested] 27+ messages in thread
* [PATCH 08/26] netdev: Add support for setting GCMP keys
2022-10-21 19:12 [PATCH 01/26] eapol: More strictly validate key_descriptor_version Denis Kenzior
` (5 preceding siblings ...)
2022-10-21 19:12 ` [PATCH 07/26] netdev: Build RSN attributes in a common function Denis Kenzior
@ 2022-10-21 19:12 ` Denis Kenzior
2022-10-21 19:12 ` [PATCH 09/26] ie: Add support for GCMP cipher suite Denis Kenzior
` (18 subsequent siblings)
25 siblings, 0 replies; 27+ messages in thread
From: Denis Kenzior @ 2022-10-21 19:12 UTC (permalink / raw)
To: iwd; +Cc: Denis Kenzior
---
src/netdev.c | 7 +++++--
1 file changed, 5 insertions(+), 2 deletions(-)
diff --git a/src/netdev.c b/src/netdev.c
index 231ed9862cc5..4ca230e42b1f 100644
--- a/src/netdev.c
+++ b/src/netdev.c
@@ -1564,12 +1564,15 @@ static bool netdev_copy_tk(uint8_t *tk_buf, const uint8_t *tk,
{
switch (cipher) {
case CRYPTO_CIPHER_CCMP:
+ case CRYPTO_CIPHER_GCMP:
/*
- * 802.11-2016 12.8.3 Mapping PTK to CCMP keys:
+ * 802.11-2020 12.8.3 Mapping PTK to CCMP keys:
* "A STA shall use the temporal key as the CCMP key
* for MPDUs between the two communicating STAs."
+ *
+ * Similar verbiage in 12.8.8
*/
- memcpy(tk_buf, tk, 16);
+ memcpy(tk_buf, tk, crypto_cipher_key_len(cipher));
break;
case CRYPTO_CIPHER_TKIP:
/*
--
2.35.1
^ permalink raw reply related [flat|nested] 27+ messages in thread
* [PATCH 09/26] ie: Add support for GCMP cipher suite
2022-10-21 19:12 [PATCH 01/26] eapol: More strictly validate key_descriptor_version Denis Kenzior
` (6 preceding siblings ...)
2022-10-21 19:12 ` [PATCH 08/26] netdev: Add support for setting GCMP keys Denis Kenzior
@ 2022-10-21 19:12 ` Denis Kenzior
2022-10-21 19:12 ` [PATCH 10/26] ie: add ie_rsn_cipher_suite_to_string Denis Kenzior
` (17 subsequent siblings)
25 siblings, 0 replies; 27+ messages in thread
From: Denis Kenzior @ 2022-10-21 19:12 UTC (permalink / raw)
To: iwd; +Cc: Denis Kenzior
---
src/ie.c | 11 +++++++++++
src/ie.h | 1 +
2 files changed, 12 insertions(+)
diff --git a/src/ie.c b/src/ie.c
index 110b5b3ebdec..89f19b11a0fb 100644
--- a/src/ie.c
+++ b/src/ie.c
@@ -430,6 +430,8 @@ uint32_t ie_rsn_cipher_suite_to_cipher(enum ie_rsn_cipher_suite suite)
return CRYPTO_CIPHER_WEP104;
case IE_RSN_CIPHER_SUITE_BIP_CMAC:
return CRYPTO_CIPHER_BIP_CMAC;
+ case IE_RSN_CIPHER_SUITE_GCMP:
+ return CRYPTO_CIPHER_GCMP;
default:
return 0;
}
@@ -467,6 +469,9 @@ static bool ie_parse_cipher_suite(const uint8_t *data,
case 7:
*out = IE_RSN_CIPHER_SUITE_NO_GROUP_TRAFFIC;
return true;
+ case 8:
+ *out = IE_RSN_CIPHER_SUITE_GCMP;
+ return true;
default:
return false;
}
@@ -580,6 +585,7 @@ static bool ie_parse_group_cipher(const uint8_t *data,
case IE_RSN_CIPHER_SUITE_WEP104:
case IE_RSN_CIPHER_SUITE_WEP40:
case IE_RSN_CIPHER_SUITE_NO_GROUP_TRAFFIC:
+ case IE_RSN_CIPHER_SUITE_GCMP:
break;
default:
return false;
@@ -604,6 +610,7 @@ static int ie_parse_pairwise_cipher(const uint8_t *data,
case IE_RSN_CIPHER_SUITE_WEP104:
case IE_RSN_CIPHER_SUITE_WEP40:
case IE_RSN_CIPHER_SUITE_USE_GROUP_CIPHER:
+ case IE_RSN_CIPHER_SUITE_GCMP:
break;
default:
return -ERANGE;
@@ -911,6 +918,9 @@ static bool ie_build_cipher_suite(uint8_t *data, const uint8_t *oui,
case IE_RSN_CIPHER_SUITE_NO_GROUP_TRAFFIC:
selector = 7;
goto done;
+ case IE_RSN_CIPHER_SUITE_GCMP:
+ selector = 8;
+ goto done;
}
return false;
@@ -999,6 +1009,7 @@ static int build_ciphers_common(const struct ie_rsn_info *info, uint8_t *to,
IE_RSN_CIPHER_SUITE_WEP104,
IE_RSN_CIPHER_SUITE_WEP40,
IE_RSN_CIPHER_SUITE_USE_GROUP_CIPHER,
+ IE_RSN_CIPHER_SUITE_GCMP,
};
unsigned int pos = 0;
unsigned int i;
diff --git a/src/ie.h b/src/ie.h
index e7ffaa63f74d..2cbe35f2bdcc 100644
--- a/src/ie.h
+++ b/src/ie.h
@@ -331,6 +331,7 @@ enum ie_rsn_cipher_suite {
IE_RSN_CIPHER_SUITE_WEP104 = 0x0010,
IE_RSN_CIPHER_SUITE_BIP_CMAC = 0x0020,
IE_RSN_CIPHER_SUITE_NO_GROUP_TRAFFIC = 0x0040,
+ IE_RSN_CIPHER_SUITE_GCMP = 0x0080,
};
enum ie_rsn_akm_suite {
--
2.35.1
^ permalink raw reply related [flat|nested] 27+ messages in thread
* [PATCH 10/26] ie: add ie_rsn_cipher_suite_to_string
2022-10-21 19:12 [PATCH 01/26] eapol: More strictly validate key_descriptor_version Denis Kenzior
` (7 preceding siblings ...)
2022-10-21 19:12 ` [PATCH 09/26] ie: Add support for GCMP cipher suite Denis Kenzior
@ 2022-10-21 19:12 ` Denis Kenzior
2022-10-21 19:12 ` [PATCH 11/26] wiphy: Generalize supported cipher dumper Denis Kenzior
` (16 subsequent siblings)
25 siblings, 0 replies; 27+ messages in thread
From: Denis Kenzior @ 2022-10-21 19:12 UTC (permalink / raw)
To: iwd; +Cc: Denis Kenzior
---
src/ie.c | 24 ++++++++++++++++++++++++
src/ie.h | 1 +
2 files changed, 25 insertions(+)
diff --git a/src/ie.c b/src/ie.c
index 89f19b11a0fb..a424af275634 100644
--- a/src/ie.c
+++ b/src/ie.c
@@ -437,6 +437,30 @@ uint32_t ie_rsn_cipher_suite_to_cipher(enum ie_rsn_cipher_suite suite)
}
}
+const char *ie_rsn_cipher_suite_to_string(enum ie_rsn_cipher_suite suite)
+{
+ switch (suite) {
+ case IE_RSN_CIPHER_SUITE_CCMP:
+ return "CCMP-128";
+ case IE_RSN_CIPHER_SUITE_TKIP:
+ return "TKIP";
+ case IE_RSN_CIPHER_SUITE_WEP40:
+ return "WEP-40";
+ case IE_RSN_CIPHER_SUITE_WEP104:
+ return "WEP-104";
+ case IE_RSN_CIPHER_SUITE_BIP_CMAC:
+ return "BIP-CMAC-128";
+ case IE_RSN_CIPHER_SUITE_GCMP:
+ return "GCMP-128";
+ case IE_RSN_CIPHER_SUITE_NO_GROUP_TRAFFIC:
+ return "NO-TRAFFIC";
+ case IE_RSN_CIPHER_SUITE_USE_GROUP_CIPHER:
+ break;
+ }
+
+ return NULL;
+}
+
/* 802.11, Section 8.4.2.27.2 */
static bool ie_parse_cipher_suite(const uint8_t *data,
enum ie_rsn_cipher_suite *out)
diff --git a/src/ie.h b/src/ie.h
index 2cbe35f2bdcc..1dadcb6be718 100644
--- a/src/ie.h
+++ b/src/ie.h
@@ -587,6 +587,7 @@ unsigned char *ie_tlv_builder_finalize(struct ie_tlv_builder *builder,
size_t *out_len);
uint32_t ie_rsn_cipher_suite_to_cipher(enum ie_rsn_cipher_suite suite);
+const char *ie_rsn_cipher_suite_to_string(enum ie_rsn_cipher_suite suite);
int ie_parse_rsne(struct ie_tlv_iter *iter, struct ie_rsn_info *info);
int ie_parse_rsne_from_data(const uint8_t *data, size_t len,
--
2.35.1
^ permalink raw reply related [flat|nested] 27+ messages in thread
* [PATCH 11/26] wiphy: Generalize supported cipher dumper
2022-10-21 19:12 [PATCH 01/26] eapol: More strictly validate key_descriptor_version Denis Kenzior
` (8 preceding siblings ...)
2022-10-21 19:12 ` [PATCH 10/26] ie: add ie_rsn_cipher_suite_to_string Denis Kenzior
@ 2022-10-21 19:12 ` Denis Kenzior
2022-10-21 19:12 ` [PATCH 12/26] wiphy: Support GCMP cipher suite Denis Kenzior
` (15 subsequent siblings)
25 siblings, 0 replies; 27+ messages in thread
From: Denis Kenzior @ 2022-10-21 19:12 UTC (permalink / raw)
To: iwd; +Cc: Denis Kenzior
To make it easier to support additional ciphers in the future.
---
src/wiphy.c | 33 ++++++++++++++++++++++++---------
1 file changed, 24 insertions(+), 9 deletions(-)
diff --git a/src/wiphy.c b/src/wiphy.c
index 3e08047910e1..da4610d094d5 100644
--- a/src/wiphy.c
+++ b/src/wiphy.c
@@ -1120,7 +1120,7 @@ static void wiphy_print_band_info(struct band *band, const char *name)
static void wiphy_print_basic_info(struct wiphy *wiphy)
{
- char buf[1024];
+ char buf[2048];
l_info("Wiphy: %d, Name: %s", wiphy->id, wiphy->name);
l_info("\tPermanent Address: "MAC, MAC_STR(wiphy->permanent_addr));
@@ -1135,18 +1135,33 @@ static void wiphy_print_basic_info(struct wiphy *wiphy)
wiphy_print_band_info(wiphy->band_6g, "6GHz Band");
if (wiphy->supported_ciphers) {
- int len = 0;
+ int n = 0;
+ size_t len = 0;
+ int i = sizeof(wiphy->supported_ciphers) * 8 - 1;
- len += sprintf(buf + len, "\tCiphers:");
+ len += snprintf(buf, sizeof(buf), "\tCiphers:");
- if (wiphy->supported_ciphers & IE_RSN_CIPHER_SUITE_CCMP)
- len += sprintf(buf + len, " CCMP");
+ for (; i >= 0 && len < sizeof(buf); i--) {
+ typeof(wiphy->supported_ciphers) cipher = 1 << i;
+ const char *str;
- if (wiphy->supported_ciphers & IE_RSN_CIPHER_SUITE_TKIP)
- len += sprintf(buf + len, " TKIP");
+ if (cipher == IE_RSN_CIPHER_SUITE_WEP40 ||
+ cipher == IE_RSN_CIPHER_SUITE_WEP104)
+ continue;
+
+ if (!(wiphy->supported_ciphers & cipher))
+ continue;
- if (wiphy->supported_ciphers & IE_RSN_CIPHER_SUITE_BIP_CMAC)
- len += sprintf(buf + len, " BIP");
+ str = ie_rsn_cipher_suite_to_string(cipher);
+ if (!str)
+ continue;
+
+ len += snprintf(buf + len, sizeof(buf) - len, "%s%s",
+ !n || (n % 4) ? " " : "\n\t\t ",
+ str);
+
+ n += 1;
+ }
l_info("%s", buf);
}
--
2.35.1
^ permalink raw reply related [flat|nested] 27+ messages in thread
* [PATCH 12/26] wiphy: Support GCMP cipher suite
2022-10-21 19:12 [PATCH 01/26] eapol: More strictly validate key_descriptor_version Denis Kenzior
` (9 preceding siblings ...)
2022-10-21 19:12 ` [PATCH 11/26] wiphy: Generalize supported cipher dumper Denis Kenzior
@ 2022-10-21 19:12 ` Denis Kenzior
2022-10-21 19:12 ` [PATCH 13/26] doc: Document PairwiseCipher property Denis Kenzior
` (14 subsequent siblings)
25 siblings, 0 replies; 27+ messages in thread
From: Denis Kenzior @ 2022-10-21 19:12 UTC (permalink / raw)
To: iwd; +Cc: Denis Kenzior
---
src/station.c | 3 ++-
src/wiphy.c | 7 ++++++-
2 files changed, 8 insertions(+), 2 deletions(-)
diff --git a/src/station.c b/src/station.c
index 294edd615107..e0c163fb7e44 100644
--- a/src/station.c
+++ b/src/station.c
@@ -1167,7 +1167,8 @@ build_ie:
* also indicates support.
*/
if (wiphy_supports_ext_key_id(wiphy) && bss_info.extended_key_id &&
- info.pairwise_ciphers == IE_RSN_CIPHER_SUITE_CCMP)
+ (info.pairwise_ciphers & (IE_RSN_CIPHER_SUITE_CCMP |
+ IE_RSN_CIPHER_SUITE_GCMP)))
info.extended_key_id = true;
/* RSN takes priority */
diff --git a/src/wiphy.c b/src/wiphy.c
index da4610d094d5..f0451b60416e 100644
--- a/src/wiphy.c
+++ b/src/wiphy.c
@@ -150,7 +150,9 @@ enum ie_rsn_cipher_suite wiphy_select_cipher(struct wiphy *wiphy, uint16_t mask)
mask &= wiphy->supported_ciphers;
- /* CCMP is our first choice, TKIP second */
+ if (mask & IE_RSN_CIPHER_SUITE_GCMP)
+ return IE_RSN_CIPHER_SUITE_GCMP;
+
if (mask & IE_RSN_CIPHER_SUITE_CCMP)
return IE_RSN_CIPHER_SUITE_CCMP;
@@ -1234,6 +1236,9 @@ static void parse_supported_ciphers(struct wiphy *wiphy, const void *data,
wiphy->supported_ciphers |=
IE_RSN_CIPHER_SUITE_BIP_CMAC;
break;
+ case CRYPTO_CIPHER_GCMP:
+ wiphy->supported_ciphers |= IE_RSN_CIPHER_SUITE_GCMP;
+ break;
default: /* TODO: Support other ciphers */
break;
}
--
2.35.1
^ permalink raw reply related [flat|nested] 27+ messages in thread
* [PATCH 13/26] doc: Document PairwiseCipher property
2022-10-21 19:12 [PATCH 01/26] eapol: More strictly validate key_descriptor_version Denis Kenzior
` (10 preceding siblings ...)
2022-10-21 19:12 ` [PATCH 12/26] wiphy: Support GCMP cipher suite Denis Kenzior
@ 2022-10-21 19:12 ` Denis Kenzior
2022-10-21 19:12 ` [PATCH 14/26] station: diagnostic: implement PairwiseCipher Denis Kenzior
` (13 subsequent siblings)
25 siblings, 0 replies; 27+ messages in thread
From: Denis Kenzior @ 2022-10-21 19:12 UTC (permalink / raw)
To: iwd; +Cc: Denis Kenzior
Add an additional optional PairwiseCipher property on
net.connman.iwd.StationDiagnostic interface that will hold the current
pairwise cipher in use for the connection.
---
doc/station-diagnostic-api.txt | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/doc/station-diagnostic-api.txt b/doc/station-diagnostic-api.txt
index d1a340ad4d5a..a974b8130c3a 100644
--- a/doc/station-diagnostic-api.txt
+++ b/doc/station-diagnostic-api.txt
@@ -43,6 +43,12 @@ Methods dict GetDiagnostics()
TxMCS [optional] - Transmitting MCS index
+ PairwiseCipher [optional] - The pairwise cipher chosen
+ for this connection. Possible values are:
+ - CCMP-128
+ - TKIP
+ - GCMP-128
+
Possible errors: net.connman.iwd.Busy
net.connman.iwd.Failed
net.connman.iwd.NotConnected
--
2.35.1
^ permalink raw reply related [flat|nested] 27+ messages in thread
* [PATCH 14/26] station: diagnostic: implement PairwiseCipher
2022-10-21 19:12 [PATCH 01/26] eapol: More strictly validate key_descriptor_version Denis Kenzior
` (11 preceding siblings ...)
2022-10-21 19:12 ` [PATCH 13/26] doc: Document PairwiseCipher property Denis Kenzior
@ 2022-10-21 19:12 ` Denis Kenzior
2022-10-21 19:12 ` [PATCH 15/26] auto-t: Support multiple pairwise ciphers in WPA2 Denis Kenzior
` (12 subsequent siblings)
25 siblings, 0 replies; 27+ messages in thread
From: Denis Kenzior @ 2022-10-21 19:12 UTC (permalink / raw)
To: iwd; +Cc: Denis Kenzior
---
src/station.c | 15 +++++++++++++++
1 file changed, 15 insertions(+)
diff --git a/src/station.c b/src/station.c
index e0c163fb7e44..11e86d1f06c2 100644
--- a/src/station.c
+++ b/src/station.c
@@ -4509,6 +4509,21 @@ static void station_get_diagnostic_cb(
diagnostic_akm_suite_to_security(hs->akm_suite,
hs->wpa_ie));
+ if (hs->pairwise_cipher) {
+ const char *str;
+
+ if (hs->pairwise_cipher ==
+ IE_RSN_CIPHER_SUITE_USE_GROUP_CIPHER)
+ str = ie_rsn_cipher_suite_to_string(hs->group_cipher);
+ else
+ str = ie_rsn_cipher_suite_to_string(
+ hs->pairwise_cipher);
+
+ if (str)
+ dbus_append_dict_basic(builder, "PairwiseCipher",
+ 's', str);
+ }
+
diagnostic_info_to_dict(info, builder);
l_dbus_message_builder_leave_array(builder);
--
2.35.1
^ permalink raw reply related [flat|nested] 27+ messages in thread
* [PATCH 15/26] auto-t: Support multiple pairwise ciphers in WPA2
2022-10-21 19:12 [PATCH 01/26] eapol: More strictly validate key_descriptor_version Denis Kenzior
` (12 preceding siblings ...)
2022-10-21 19:12 ` [PATCH 14/26] station: diagnostic: implement PairwiseCipher Denis Kenzior
@ 2022-10-21 19:12 ` Denis Kenzior
2022-10-21 19:12 ` [PATCH 16/26] ie: Add support for GCMP|CCMP-256 Denis Kenzior
` (11 subsequent siblings)
25 siblings, 0 replies; 27+ messages in thread
From: Denis Kenzior @ 2022-10-21 19:12 UTC (permalink / raw)
To: iwd; +Cc: Denis Kenzior
---
autotests/testWPA2/connection_test.py | 30 +++++++++++++++----
autotests/testWPA2/failure_test.py | 4 +--
autotests/testWPA2/hw.conf | 3 +-
autotests/testWPA2/password_test.py | 4 +--
.../testWPA2/{ssidCCMP.conf => ssidWPA2.conf} | 2 +-
5 files changed, 31 insertions(+), 12 deletions(-)
rename autotests/testWPA2/{ssidCCMP.conf => ssidWPA2.conf} (83%)
diff --git a/autotests/testWPA2/connection_test.py b/autotests/testWPA2/connection_test.py
index bf8831ea81db..2cbdf8e1b788 100644
--- a/autotests/testWPA2/connection_test.py
+++ b/autotests/testWPA2/connection_test.py
@@ -8,20 +8,19 @@ import iwd
from iwd import IWD
from iwd import PSKAgent
from iwd import NetworkType
+from hostapd import HostapdCLI
import testutil
class Test(unittest.TestCase):
- def test_connection_success(self):
- wd = IWD()
-
+ def validate_connection_success(self, wd):
psk_agent = PSKAgent("secret123")
wd.register_psk_agent(psk_agent)
devices = wd.list_devices(1)
device = devices[0]
- ordered_network = device.get_ordered_network('ssidCCMP')
+ ordered_network = device.get_ordered_network('ssidWPA2')
self.assertEqual(ordered_network.type, NetworkType.psk)
@@ -43,13 +42,32 @@ class Test(unittest.TestCase):
wd.unregister_psk_agent(psk_agent)
+ def test_ccmp(self):
+ self.hostapd.set_value('rsn_pairwise', 'CCMP')
+ self.hostapd.reload()
+ self.hostapd.wait_for_event("AP-ENABLED")
+ self.validate_connection_success(self.wd)
+
+ def test_gcmp(self):
+ self.hostapd.set_value('rsn_pairwise', 'GCMP')
+ self.hostapd.reload()
+ self.hostapd.wait_for_event("AP-ENABLED")
+ self.validate_connection_success(self.wd)
+
+ def setUp(self):
+ self.wd = IWD(True)
+
+ def tearDown(self):
+ self.wd.clear_storage()
+ self.wd = None
+
@classmethod
def setUpClass(cls):
- pass
+ cls.hostapd = HostapdCLI(config='ssidWPA2.conf')
@classmethod
def tearDownClass(cls):
- IWD.clear_storage()
+ pass
if __name__ == '__main__':
unittest.main(exit=True)
diff --git a/autotests/testWPA2/failure_test.py b/autotests/testWPA2/failure_test.py
index 605ee5dddc59..61cf6ade87b0 100644
--- a/autotests/testWPA2/failure_test.py
+++ b/autotests/testWPA2/failure_test.py
@@ -13,7 +13,7 @@ import testutil
class Test(unittest.TestCase):
def test_connection_success(self):
- wd = IWD()
+ wd = IWD(True)
psk_agent = PSKAgent("InvalidPassword")
wd.register_psk_agent(psk_agent)
@@ -22,7 +22,7 @@ class Test(unittest.TestCase):
self.assertIsNotNone(devices)
device = devices[0]
- ordered_network = device.get_ordered_network('ssidCCMP')
+ ordered_network = device.get_ordered_network('ssidWPA2')
self.assertEqual(ordered_network.type, NetworkType.psk)
diff --git a/autotests/testWPA2/hw.conf b/autotests/testWPA2/hw.conf
index fad15b8823a3..51350f989552 100644
--- a/autotests/testWPA2/hw.conf
+++ b/autotests/testWPA2/hw.conf
@@ -1,5 +1,6 @@
[SETUP]
num_radios=2
+start_iwd=0
[HOSTAPD]
-rad0=ssidCCMP.conf
+rad0=ssidWPA2.conf
diff --git a/autotests/testWPA2/password_test.py b/autotests/testWPA2/password_test.py
index d937d5c04cd8..1dbfce004c2e 100644
--- a/autotests/testWPA2/password_test.py
+++ b/autotests/testWPA2/password_test.py
@@ -13,7 +13,7 @@ import testutil
class Test(unittest.TestCase):
def test_connection_success(self):
- wd = IWD()
+ wd = IWD(True)
devices = wd.list_devices(1)
device = devices[0]
@@ -22,7 +22,7 @@ class Test(unittest.TestCase):
condition = 'obj.state == DeviceState.disconnected'
wd.wait_for_object_condition(device, condition)
- ordered_network = device.get_ordered_network("ssidCCMP")
+ ordered_network = device.get_ordered_network("ssidWPA2")
self.assertEqual(ordered_network.type, NetworkType.psk)
network = ordered_network.network_object
diff --git a/autotests/testWPA2/ssidCCMP.conf b/autotests/testWPA2/ssidWPA2.conf
similarity index 83%
rename from autotests/testWPA2/ssidCCMP.conf
rename to autotests/testWPA2/ssidWPA2.conf
index 074e82283e23..64fd77961f2c 100644
--- a/autotests/testWPA2/ssidCCMP.conf
+++ b/autotests/testWPA2/ssidWPA2.conf
@@ -1,6 +1,6 @@
hw_mode=g
channel=1
-ssid=ssidCCMP
+ssid=ssidWPA2
wpa=2
wpa_pairwise=CCMP
--
2.35.1
^ permalink raw reply related [flat|nested] 27+ messages in thread
* [PATCH 16/26] ie: Add support for GCMP|CCMP-256
2022-10-21 19:12 [PATCH 01/26] eapol: More strictly validate key_descriptor_version Denis Kenzior
` (13 preceding siblings ...)
2022-10-21 19:12 ` [PATCH 15/26] auto-t: Support multiple pairwise ciphers in WPA2 Denis Kenzior
@ 2022-10-21 19:12 ` Denis Kenzior
2022-10-21 19:12 ` [PATCH 17/26] netdev: Add support for CCMP|GCMP-256 Denis Kenzior
` (10 subsequent siblings)
25 siblings, 0 replies; 27+ messages in thread
From: Denis Kenzior @ 2022-10-21 19:12 UTC (permalink / raw)
To: iwd; +Cc: Denis Kenzior
---
src/ie.c | 26 ++++++++++++++++++++++++++
src/ie.h | 2 ++
2 files changed, 28 insertions(+)
diff --git a/src/ie.c b/src/ie.c
index a424af275634..4a3e02e11cac 100644
--- a/src/ie.c
+++ b/src/ie.c
@@ -432,6 +432,10 @@ uint32_t ie_rsn_cipher_suite_to_cipher(enum ie_rsn_cipher_suite suite)
return CRYPTO_CIPHER_BIP_CMAC;
case IE_RSN_CIPHER_SUITE_GCMP:
return CRYPTO_CIPHER_GCMP;
+ case IE_RSN_CIPHER_SUITE_GCMP_256:
+ return CRYPTO_CIPHER_GCMP_256;
+ case IE_RSN_CIPHER_SUITE_CCMP_256:
+ return CRYPTO_CIPHER_CCMP_256;
default:
return 0;
}
@@ -452,6 +456,10 @@ const char *ie_rsn_cipher_suite_to_string(enum ie_rsn_cipher_suite suite)
return "BIP-CMAC-128";
case IE_RSN_CIPHER_SUITE_GCMP:
return "GCMP-128";
+ case IE_RSN_CIPHER_SUITE_GCMP_256:
+ return "GCMP-256";
+ case IE_RSN_CIPHER_SUITE_CCMP_256:
+ return "CCMP-256";
case IE_RSN_CIPHER_SUITE_NO_GROUP_TRAFFIC:
return "NO-TRAFFIC";
case IE_RSN_CIPHER_SUITE_USE_GROUP_CIPHER:
@@ -496,6 +504,12 @@ static bool ie_parse_cipher_suite(const uint8_t *data,
case 8:
*out = IE_RSN_CIPHER_SUITE_GCMP;
return true;
+ case 9:
+ *out = IE_RSN_CIPHER_SUITE_GCMP_256;
+ return true;
+ case 10:
+ *out = IE_RSN_CIPHER_SUITE_CCMP_256;
+ return true;
default:
return false;
}
@@ -610,6 +624,8 @@ static bool ie_parse_group_cipher(const uint8_t *data,
case IE_RSN_CIPHER_SUITE_WEP40:
case IE_RSN_CIPHER_SUITE_NO_GROUP_TRAFFIC:
case IE_RSN_CIPHER_SUITE_GCMP:
+ case IE_RSN_CIPHER_SUITE_GCMP_256:
+ case IE_RSN_CIPHER_SUITE_CCMP_256:
break;
default:
return false;
@@ -635,6 +651,8 @@ static int ie_parse_pairwise_cipher(const uint8_t *data,
case IE_RSN_CIPHER_SUITE_WEP40:
case IE_RSN_CIPHER_SUITE_USE_GROUP_CIPHER:
case IE_RSN_CIPHER_SUITE_GCMP:
+ case IE_RSN_CIPHER_SUITE_GCMP_256:
+ case IE_RSN_CIPHER_SUITE_CCMP_256:
break;
default:
return -ERANGE;
@@ -945,6 +963,12 @@ static bool ie_build_cipher_suite(uint8_t *data, const uint8_t *oui,
case IE_RSN_CIPHER_SUITE_GCMP:
selector = 8;
goto done;
+ case IE_RSN_CIPHER_SUITE_GCMP_256:
+ selector = 9;
+ goto done;
+ case IE_RSN_CIPHER_SUITE_CCMP_256:
+ selector = 10;
+ goto done;
}
return false;
@@ -1034,6 +1058,8 @@ static int build_ciphers_common(const struct ie_rsn_info *info, uint8_t *to,
IE_RSN_CIPHER_SUITE_WEP40,
IE_RSN_CIPHER_SUITE_USE_GROUP_CIPHER,
IE_RSN_CIPHER_SUITE_GCMP,
+ IE_RSN_CIPHER_SUITE_GCMP_256,
+ IE_RSN_CIPHER_SUITE_CCMP_256,
};
unsigned int pos = 0;
unsigned int i;
diff --git a/src/ie.h b/src/ie.h
index 1dadcb6be718..f447a4f98d81 100644
--- a/src/ie.h
+++ b/src/ie.h
@@ -332,6 +332,8 @@ enum ie_rsn_cipher_suite {
IE_RSN_CIPHER_SUITE_BIP_CMAC = 0x0020,
IE_RSN_CIPHER_SUITE_NO_GROUP_TRAFFIC = 0x0040,
IE_RSN_CIPHER_SUITE_GCMP = 0x0080,
+ IE_RSN_CIPHER_SUITE_GCMP_256 = 0x0100,
+ IE_RSN_CIPHER_SUITE_CCMP_256 = 0x0200,
};
enum ie_rsn_akm_suite {
--
2.35.1
^ permalink raw reply related [flat|nested] 27+ messages in thread
* [PATCH 17/26] netdev: Add support for CCMP|GCMP-256
2022-10-21 19:12 [PATCH 01/26] eapol: More strictly validate key_descriptor_version Denis Kenzior
` (14 preceding siblings ...)
2022-10-21 19:12 ` [PATCH 16/26] ie: Add support for GCMP|CCMP-256 Denis Kenzior
@ 2022-10-21 19:12 ` Denis Kenzior
2022-10-21 19:12 ` [PATCH 18/26] ie: Add IE_CIPHER_IS_GCMP_CCMP inline Denis Kenzior
` (9 subsequent siblings)
25 siblings, 0 replies; 27+ messages in thread
From: Denis Kenzior @ 2022-10-21 19:12 UTC (permalink / raw)
To: iwd; +Cc: Denis Kenzior
These are similar to CCMP/GCMP, just a different key size which is
already taken care of by calling crypto_cipher_key_len
---
src/netdev.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/src/netdev.c b/src/netdev.c
index 4ca230e42b1f..7b8948604347 100644
--- a/src/netdev.c
+++ b/src/netdev.c
@@ -1565,6 +1565,8 @@ static bool netdev_copy_tk(uint8_t *tk_buf, const uint8_t *tk,
switch (cipher) {
case CRYPTO_CIPHER_CCMP:
case CRYPTO_CIPHER_GCMP:
+ case CRYPTO_CIPHER_GCMP_256:
+ case CRYPTO_CIPHER_CCMP_256:
/*
* 802.11-2020 12.8.3 Mapping PTK to CCMP keys:
* "A STA shall use the temporal key as the CCMP key
--
2.35.1
^ permalink raw reply related [flat|nested] 27+ messages in thread
* [PATCH 18/26] ie: Add IE_CIPHER_IS_GCMP_CCMP inline
2022-10-21 19:12 [PATCH 01/26] eapol: More strictly validate key_descriptor_version Denis Kenzior
` (15 preceding siblings ...)
2022-10-21 19:12 ` [PATCH 17/26] netdev: Add support for CCMP|GCMP-256 Denis Kenzior
@ 2022-10-21 19:12 ` Denis Kenzior
2022-10-21 19:13 ` [PATCH 19/26] station: Use IE_CIPHER_IS_GCMP_CCMP Denis Kenzior
` (8 subsequent siblings)
25 siblings, 0 replies; 27+ messages in thread
From: Denis Kenzior @ 2022-10-21 19:12 UTC (permalink / raw)
To: iwd; +Cc: Denis Kenzior
Similar to IE_AKM_IS_* functions
---
src/ie.h | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/src/ie.h b/src/ie.h
index f447a4f98d81..e69175635908 100644
--- a/src/ie.h
+++ b/src/ie.h
@@ -390,6 +390,14 @@ static inline bool IE_AKM_IS_8021X(uint32_t akm)
IE_RSN_AKM_SUITE_FT_OVER_8021X_SHA384);
}
+static inline bool IE_CIPHER_IS_GCMP_CCMP(uint32_t cipher_suite)
+{
+ return cipher_suite & (IE_RSN_CIPHER_SUITE_CCMP |
+ IE_RSN_CIPHER_SUITE_CCMP_256 |
+ IE_RSN_CIPHER_SUITE_GCMP |
+ IE_RSN_CIPHER_SUITE_GCMP_256);
+}
+
#define IE_LEN(ie) \
((ie) ? (ie)[1] + 2 : 0)
--
2.35.1
^ permalink raw reply related [flat|nested] 27+ messages in thread
* [PATCH 19/26] station: Use IE_CIPHER_IS_GCMP_CCMP
2022-10-21 19:12 [PATCH 01/26] eapol: More strictly validate key_descriptor_version Denis Kenzior
` (16 preceding siblings ...)
2022-10-21 19:12 ` [PATCH 18/26] ie: Add IE_CIPHER_IS_GCMP_CCMP inline Denis Kenzior
@ 2022-10-21 19:13 ` Denis Kenzior
2022-10-21 19:13 ` [PATCH 20/26] wiphy: Support GCMP|CCMP-256 cipher suites Denis Kenzior
` (7 subsequent siblings)
25 siblings, 0 replies; 27+ messages in thread
From: Denis Kenzior @ 2022-10-21 19:13 UTC (permalink / raw)
To: iwd; +Cc: Denis Kenzior
---
src/station.c | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/src/station.c b/src/station.c
index 11e86d1f06c2..eab16eff5afa 100644
--- a/src/station.c
+++ b/src/station.c
@@ -1167,8 +1167,7 @@ build_ie:
* also indicates support.
*/
if (wiphy_supports_ext_key_id(wiphy) && bss_info.extended_key_id &&
- (info.pairwise_ciphers & (IE_RSN_CIPHER_SUITE_CCMP |
- IE_RSN_CIPHER_SUITE_GCMP)))
+ IE_CIPHER_IS_GCMP_CCMP(info.pairwise_ciphers))
info.extended_key_id = true;
/* RSN takes priority */
--
2.35.1
^ permalink raw reply related [flat|nested] 27+ messages in thread
* [PATCH 20/26] wiphy: Support GCMP|CCMP-256 cipher suites
2022-10-21 19:12 [PATCH 01/26] eapol: More strictly validate key_descriptor_version Denis Kenzior
` (17 preceding siblings ...)
2022-10-21 19:13 ` [PATCH 19/26] station: Use IE_CIPHER_IS_GCMP_CCMP Denis Kenzior
@ 2022-10-21 19:13 ` Denis Kenzior
2022-10-21 19:13 ` [PATCH 21/26] doc: Document GCMP|CCMP-256 ciphers Denis Kenzior
` (6 subsequent siblings)
25 siblings, 0 replies; 27+ messages in thread
From: Denis Kenzior @ 2022-10-21 19:13 UTC (permalink / raw)
To: iwd; +Cc: Denis Kenzior
---
src/wiphy.c | 14 ++++++++++++++
1 file changed, 14 insertions(+)
diff --git a/src/wiphy.c b/src/wiphy.c
index f0451b60416e..76f1ba7cfc04 100644
--- a/src/wiphy.c
+++ b/src/wiphy.c
@@ -150,6 +150,12 @@ enum ie_rsn_cipher_suite wiphy_select_cipher(struct wiphy *wiphy, uint16_t mask)
mask &= wiphy->supported_ciphers;
+ if (mask & IE_RSN_CIPHER_SUITE_GCMP_256)
+ return IE_RSN_CIPHER_SUITE_GCMP_256;
+
+ if (mask & IE_RSN_CIPHER_SUITE_CCMP_256)
+ return IE_RSN_CIPHER_SUITE_CCMP_256;
+
if (mask & IE_RSN_CIPHER_SUITE_GCMP)
return IE_RSN_CIPHER_SUITE_GCMP;
@@ -1239,6 +1245,14 @@ static void parse_supported_ciphers(struct wiphy *wiphy, const void *data,
case CRYPTO_CIPHER_GCMP:
wiphy->supported_ciphers |= IE_RSN_CIPHER_SUITE_GCMP;
break;
+ case CRYPTO_CIPHER_GCMP_256:
+ wiphy->supported_ciphers |=
+ IE_RSN_CIPHER_SUITE_GCMP_256;
+ break;
+ case CRYPTO_CIPHER_CCMP_256:
+ wiphy->supported_ciphers |=
+ IE_RSN_CIPHER_SUITE_CCMP_256;
+ break;
default: /* TODO: Support other ciphers */
break;
}
--
2.35.1
^ permalink raw reply related [flat|nested] 27+ messages in thread
* [PATCH 21/26] doc: Document GCMP|CCMP-256 ciphers
2022-10-21 19:12 [PATCH 01/26] eapol: More strictly validate key_descriptor_version Denis Kenzior
` (18 preceding siblings ...)
2022-10-21 19:13 ` [PATCH 20/26] wiphy: Support GCMP|CCMP-256 cipher suites Denis Kenzior
@ 2022-10-21 19:13 ` Denis Kenzior
2022-10-21 19:13 ` [PATCH 22/26] auto-t: Add GCMP|CCMP-256 to WPA2 test Denis Kenzior
` (5 subsequent siblings)
25 siblings, 0 replies; 27+ messages in thread
From: Denis Kenzior @ 2022-10-21 19:13 UTC (permalink / raw)
To: iwd; +Cc: Denis Kenzior
---
doc/station-diagnostic-api.txt | 2 ++
1 file changed, 2 insertions(+)
diff --git a/doc/station-diagnostic-api.txt b/doc/station-diagnostic-api.txt
index a974b8130c3a..f6e099b51241 100644
--- a/doc/station-diagnostic-api.txt
+++ b/doc/station-diagnostic-api.txt
@@ -48,6 +48,8 @@ Methods dict GetDiagnostics()
- CCMP-128
- TKIP
- GCMP-128
+ - GCMP-256
+ - CCMP-256
Possible errors: net.connman.iwd.Busy
net.connman.iwd.Failed
--
2.35.1
^ permalink raw reply related [flat|nested] 27+ messages in thread
* [PATCH 22/26] auto-t: Add GCMP|CCMP-256 to WPA2 test
2022-10-21 19:12 [PATCH 01/26] eapol: More strictly validate key_descriptor_version Denis Kenzior
` (19 preceding siblings ...)
2022-10-21 19:13 ` [PATCH 21/26] doc: Document GCMP|CCMP-256 ciphers Denis Kenzior
@ 2022-10-21 19:13 ` Denis Kenzior
2022-10-21 19:13 ` [PATCH 23/26] ie: Support more group management cipher suites Denis Kenzior
` (4 subsequent siblings)
25 siblings, 0 replies; 27+ messages in thread
From: Denis Kenzior @ 2022-10-21 19:13 UTC (permalink / raw)
To: iwd; +Cc: Denis Kenzior
---
autotests/testWPA2/connection_test.py | 12 ++++++++++++
1 file changed, 12 insertions(+)
diff --git a/autotests/testWPA2/connection_test.py b/autotests/testWPA2/connection_test.py
index 2cbdf8e1b788..a5a655f58795 100644
--- a/autotests/testWPA2/connection_test.py
+++ b/autotests/testWPA2/connection_test.py
@@ -54,6 +54,18 @@ class Test(unittest.TestCase):
self.hostapd.wait_for_event("AP-ENABLED")
self.validate_connection_success(self.wd)
+ def test_gcmp_256(self):
+ self.hostapd.set_value('rsn_pairwise', 'GCMP-256')
+ self.hostapd.reload()
+ self.hostapd.wait_for_event("AP-ENABLED")
+ self.validate_connection_success(self.wd)
+
+ def test_ccmp_256(self):
+ self.hostapd.set_value('rsn_pairwise', 'CCMP-256')
+ self.hostapd.reload()
+ self.hostapd.wait_for_event("AP-ENABLED")
+ self.validate_connection_success(self.wd)
+
def setUp(self):
self.wd = IWD(True)
--
2.35.1
^ permalink raw reply related [flat|nested] 27+ messages in thread
* [PATCH 23/26] ie: Support more group management cipher suites
2022-10-21 19:12 [PATCH 01/26] eapol: More strictly validate key_descriptor_version Denis Kenzior
` (20 preceding siblings ...)
2022-10-21 19:13 ` [PATCH 22/26] auto-t: Add GCMP|CCMP-256 to WPA2 test Denis Kenzior
@ 2022-10-21 19:13 ` Denis Kenzior
2022-10-21 19:13 ` [PATCH 24/26] netdev: Support more IGTK " Denis Kenzior
` (3 subsequent siblings)
25 siblings, 0 replies; 27+ messages in thread
From: Denis Kenzior @ 2022-10-21 19:13 UTC (permalink / raw)
To: iwd; +Cc: Denis Kenzior
---
src/ie.c | 33 +++++++++++++++++++++++++++++++++
src/ie.h | 3 +++
2 files changed, 36 insertions(+)
diff --git a/src/ie.c b/src/ie.c
index 4a3e02e11cac..6b08ce180a87 100644
--- a/src/ie.c
+++ b/src/ie.c
@@ -436,6 +436,12 @@ uint32_t ie_rsn_cipher_suite_to_cipher(enum ie_rsn_cipher_suite suite)
return CRYPTO_CIPHER_GCMP_256;
case IE_RSN_CIPHER_SUITE_CCMP_256:
return CRYPTO_CIPHER_CCMP_256;
+ case IE_RSN_CIPHER_SUITE_BIP_GMAC:
+ return CRYPTO_CIPHER_BIP_GMAC;
+ case IE_RSN_CIPHER_SUITE_BIP_GMAC_256:
+ return CRYPTO_CIPHER_BIP_GMAC_256;
+ case IE_RSN_CIPHER_SUITE_BIP_CMAC_256:
+ return CRYPTO_CIPHER_BIP_CMAC_256;
default:
return 0;
}
@@ -464,6 +470,12 @@ const char *ie_rsn_cipher_suite_to_string(enum ie_rsn_cipher_suite suite)
return "NO-TRAFFIC";
case IE_RSN_CIPHER_SUITE_USE_GROUP_CIPHER:
break;
+ case IE_RSN_CIPHER_SUITE_BIP_GMAC:
+ return "BIP-GMAC-128";
+ case IE_RSN_CIPHER_SUITE_BIP_GMAC_256:
+ return "BIP-GMAC-256";
+ case IE_RSN_CIPHER_SUITE_BIP_CMAC_256:
+ return "BIP-CMAC-256";
}
return NULL;
@@ -510,6 +522,15 @@ static bool ie_parse_cipher_suite(const uint8_t *data,
case 10:
*out = IE_RSN_CIPHER_SUITE_CCMP_256;
return true;
+ case 11:
+ *out = IE_RSN_CIPHER_SUITE_BIP_GMAC;
+ return true;
+ case 12:
+ *out = IE_RSN_CIPHER_SUITE_BIP_GMAC_256;
+ return true;
+ case 13:
+ *out = IE_RSN_CIPHER_SUITE_BIP_CMAC_256;
+ return true;
default:
return false;
}
@@ -675,6 +696,9 @@ static bool ie_parse_group_management_cipher(const uint8_t *data,
switch (tmp) {
case IE_RSN_CIPHER_SUITE_BIP_CMAC:
case IE_RSN_CIPHER_SUITE_NO_GROUP_TRAFFIC:
+ case IE_RSN_CIPHER_SUITE_BIP_GMAC:
+ case IE_RSN_CIPHER_SUITE_BIP_GMAC_256:
+ case IE_RSN_CIPHER_SUITE_BIP_CMAC_256:
break;
default:
return false;
@@ -969,6 +993,15 @@ static bool ie_build_cipher_suite(uint8_t *data, const uint8_t *oui,
case IE_RSN_CIPHER_SUITE_CCMP_256:
selector = 10;
goto done;
+ case IE_RSN_CIPHER_SUITE_BIP_GMAC:
+ selector = 11;
+ goto done;
+ case IE_RSN_CIPHER_SUITE_BIP_GMAC_256:
+ selector = 12;
+ goto done;
+ case IE_RSN_CIPHER_SUITE_BIP_CMAC_256:
+ selector = 13;
+ goto done;
}
return false;
diff --git a/src/ie.h b/src/ie.h
index e69175635908..533118541d6c 100644
--- a/src/ie.h
+++ b/src/ie.h
@@ -334,6 +334,9 @@ enum ie_rsn_cipher_suite {
IE_RSN_CIPHER_SUITE_GCMP = 0x0080,
IE_RSN_CIPHER_SUITE_GCMP_256 = 0x0100,
IE_RSN_CIPHER_SUITE_CCMP_256 = 0x0200,
+ IE_RSN_CIPHER_SUITE_BIP_GMAC = 0x0400,
+ IE_RSN_CIPHER_SUITE_BIP_GMAC_256 = 0x0800,
+ IE_RSN_CIPHER_SUITE_BIP_CMAC_256 = 0x1000,
};
enum ie_rsn_akm_suite {
--
2.35.1
^ permalink raw reply related [flat|nested] 27+ messages in thread
* [PATCH 24/26] netdev: Support more IGTK cipher suites
2022-10-21 19:12 [PATCH 01/26] eapol: More strictly validate key_descriptor_version Denis Kenzior
` (21 preceding siblings ...)
2022-10-21 19:13 ` [PATCH 23/26] ie: Support more group management cipher suites Denis Kenzior
@ 2022-10-21 19:13 ` Denis Kenzior
2022-10-21 19:13 ` [PATCH 25/26] wiphy: Support more group management " Denis Kenzior
` (2 subsequent siblings)
25 siblings, 0 replies; 27+ messages in thread
From: Denis Kenzior @ 2022-10-21 19:13 UTC (permalink / raw)
To: iwd; +Cc: Denis Kenzior
---
src/netdev.c | 7 +++++--
1 file changed, 5 insertions(+), 2 deletions(-)
diff --git a/src/netdev.c b/src/netdev.c
index 7b8948604347..636c02dea51a 100644
--- a/src/netdev.c
+++ b/src/netdev.c
@@ -1674,7 +1674,7 @@ static void netdev_set_igtk(struct handshake_state *hs, uint16_t key_index,
{
struct netdev_handshake_state *nhs =
l_container_of(hs, struct netdev_handshake_state, super);
- uint8_t igtk_buf[16];
+ uint8_t igtk_buf[32];
struct netdev *netdev = nhs->netdev;
struct l_genl_msg *msg;
@@ -1690,7 +1690,10 @@ static void netdev_set_igtk(struct handshake_state *hs, uint16_t key_index,
switch (cipher) {
case CRYPTO_CIPHER_BIP_CMAC:
- memcpy(igtk_buf, igtk, 16);
+ case CRYPTO_CIPHER_BIP_GMAC:
+ case CRYPTO_CIPHER_BIP_GMAC_256:
+ case CRYPTO_CIPHER_BIP_CMAC_256:
+ memcpy(igtk_buf, igtk, igtk_len);
break;
default:
l_error("Unexpected cipher: %x", cipher);
--
2.35.1
^ permalink raw reply related [flat|nested] 27+ messages in thread
* [PATCH 25/26] wiphy: Support more group management cipher suites
2022-10-21 19:12 [PATCH 01/26] eapol: More strictly validate key_descriptor_version Denis Kenzior
` (22 preceding siblings ...)
2022-10-21 19:13 ` [PATCH 24/26] netdev: Support more IGTK " Denis Kenzior
@ 2022-10-21 19:13 ` Denis Kenzior
2022-10-21 19:13 ` [PATCH 26/26] auto-t: Add tests for GMAC/GMAC-256/CMAC-256 Denis Kenzior
2022-10-26 19:53 ` [PATCH 01/26] eapol: More strictly validate key_descriptor_version Denis Kenzior
25 siblings, 0 replies; 27+ messages in thread
From: Denis Kenzior @ 2022-10-21 19:13 UTC (permalink / raw)
To: iwd; +Cc: Denis Kenzior
---
src/wiphy.c | 21 +++++++++++++++++++++
1 file changed, 21 insertions(+)
diff --git a/src/wiphy.c b/src/wiphy.c
index 76f1ba7cfc04..bb83f814aa69 100644
--- a/src/wiphy.c
+++ b/src/wiphy.c
@@ -165,6 +165,15 @@ enum ie_rsn_cipher_suite wiphy_select_cipher(struct wiphy *wiphy, uint16_t mask)
if (mask & IE_RSN_CIPHER_SUITE_TKIP)
return IE_RSN_CIPHER_SUITE_TKIP;
+ if (mask & IE_RSN_CIPHER_SUITE_BIP_GMAC_256)
+ return IE_RSN_CIPHER_SUITE_BIP_GMAC_256;
+
+ if (mask & IE_RSN_CIPHER_SUITE_BIP_CMAC_256)
+ return IE_RSN_CIPHER_SUITE_BIP_CMAC_256;
+
+ if (mask & IE_RSN_CIPHER_SUITE_BIP_GMAC)
+ return IE_RSN_CIPHER_SUITE_BIP_GMAC;
+
if (mask & IE_RSN_CIPHER_SUITE_BIP_CMAC)
return IE_RSN_CIPHER_SUITE_BIP_CMAC;
@@ -1253,6 +1262,18 @@ static void parse_supported_ciphers(struct wiphy *wiphy, const void *data,
wiphy->supported_ciphers |=
IE_RSN_CIPHER_SUITE_CCMP_256;
break;
+ case CRYPTO_CIPHER_BIP_GMAC:
+ wiphy->supported_ciphers |=
+ IE_RSN_CIPHER_SUITE_BIP_GMAC;
+ break;
+ case CRYPTO_CIPHER_BIP_GMAC_256:
+ wiphy->supported_ciphers |=
+ IE_RSN_CIPHER_SUITE_BIP_GMAC_256;
+ break;
+ case CRYPTO_CIPHER_BIP_CMAC_256:
+ wiphy->supported_ciphers |=
+ IE_RSN_CIPHER_SUITE_BIP_CMAC_256;
+ break;
default: /* TODO: Support other ciphers */
break;
}
--
2.35.1
^ permalink raw reply related [flat|nested] 27+ messages in thread
* [PATCH 26/26] auto-t: Add tests for GMAC/GMAC-256/CMAC-256
2022-10-21 19:12 [PATCH 01/26] eapol: More strictly validate key_descriptor_version Denis Kenzior
` (23 preceding siblings ...)
2022-10-21 19:13 ` [PATCH 25/26] wiphy: Support more group management " Denis Kenzior
@ 2022-10-21 19:13 ` Denis Kenzior
2022-10-26 19:53 ` [PATCH 01/26] eapol: More strictly validate key_descriptor_version Denis Kenzior
25 siblings, 0 replies; 27+ messages in thread
From: Denis Kenzior @ 2022-10-21 19:13 UTC (permalink / raw)
To: iwd; +Cc: Denis Kenzior
---
autotests/testWPA2withMFP/connection_test.py | 42 ++++++++++++++++---
autotests/testWPA2withMFP/hw.conf | 4 +-
.../{ssidCCMP.conf => ssidWPA2.conf} | 2 +-
3 files changed, 40 insertions(+), 8 deletions(-)
rename autotests/testWPA2withMFP/{ssidCCMP.conf => ssidWPA2.conf} (88%)
diff --git a/autotests/testWPA2withMFP/connection_test.py b/autotests/testWPA2withMFP/connection_test.py
index 982b69e265d7..bdc9e96ac536 100644
--- a/autotests/testWPA2withMFP/connection_test.py
+++ b/autotests/testWPA2withMFP/connection_test.py
@@ -8,19 +8,18 @@ import iwd
from iwd import IWD
from iwd import PSKAgent
from iwd import NetworkType
+from hostapd import HostapdCLI
class Test(unittest.TestCase):
- def test_connection_success(self):
- wd = IWD()
-
+ def validate_connection_success(self, wd):
psk_agent = PSKAgent("secret123")
wd.register_psk_agent(psk_agent)
devices = wd.list_devices(1)
device = devices[0]
- ordered_network = device.get_ordered_network('ssidCCMP')
+ ordered_network = device.get_ordered_network('ssidWPA2')
self.assertEqual(ordered_network.type, NetworkType.psk)
@@ -39,13 +38,44 @@ class Test(unittest.TestCase):
wd.unregister_psk_agent(psk_agent)
+ def test_cmac(self):
+ self.hostapd.set_value('group_mgmt_cipher', 'AES-128-CMAC')
+ self.hostapd.reload()
+ self.hostapd.wait_for_event("AP-ENABLED")
+ self.validate_connection_success(self.wd)
+
+ def test_gmac(self):
+ self.hostapd.set_value('group_mgmt_cipher', 'BIP-128-GMAC')
+ self.hostapd.reload()
+ self.hostapd.wait_for_event("AP-ENABLED")
+ self.validate_connection_success(self.wd)
+
+ def test_gmac_256(self):
+ self.hostapd.set_value('group_mgmt_cipher', 'BIP-256-GMAC')
+ self.hostapd.reload()
+ self.hostapd.wait_for_event("AP-ENABLED")
+ self.validate_connection_success(self.wd)
+
+ def test_cmac_256(self):
+ self.hostapd.set_value('group_mgmt_cipher', 'BIP-256-CMAC')
+ self.hostapd.reload()
+ self.hostapd.wait_for_event("AP-ENABLED")
+ self.validate_connection_success(self.wd)
+
+ def setUp(self):
+ self.wd = IWD(True)
+
+ def tearDown(self):
+ self.wd.clear_storage()
+ self.wd = None
+
@classmethod
def setUpClass(cls):
- pass
+ cls.hostapd = HostapdCLI(config='ssidWPA2.conf')
@classmethod
def tearDownClass(cls):
- IWD.clear_storage()
+ pass
if __name__ == '__main__':
unittest.main(exit=True)
diff --git a/autotests/testWPA2withMFP/hw.conf b/autotests/testWPA2withMFP/hw.conf
index fad15b8823a3..edfe03f97e25 100644
--- a/autotests/testWPA2withMFP/hw.conf
+++ b/autotests/testWPA2withMFP/hw.conf
@@ -1,5 +1,7 @@
[SETUP]
num_radios=2
+start_iwd=0
[HOSTAPD]
-rad0=ssidCCMP.conf
+rad0=ssidWPA2.conf
+
diff --git a/autotests/testWPA2withMFP/ssidCCMP.conf b/autotests/testWPA2withMFP/ssidWPA2.conf
similarity index 88%
rename from autotests/testWPA2withMFP/ssidCCMP.conf
rename to autotests/testWPA2withMFP/ssidWPA2.conf
index c79f5e558021..908915d7cb02 100644
--- a/autotests/testWPA2withMFP/ssidCCMP.conf
+++ b/autotests/testWPA2withMFP/ssidWPA2.conf
@@ -1,6 +1,6 @@
hw_mode=g
channel=1
-ssid=ssidCCMP
+ssid=ssidWPA2
wpa=2
wpa_pairwise=CCMP
--
2.35.1
^ permalink raw reply related [flat|nested] 27+ messages in thread
* Re: [PATCH 01/26] eapol: More strictly validate key_descriptor_version
2022-10-21 19:12 [PATCH 01/26] eapol: More strictly validate key_descriptor_version Denis Kenzior
` (24 preceding siblings ...)
2022-10-21 19:13 ` [PATCH 26/26] auto-t: Add tests for GMAC/GMAC-256/CMAC-256 Denis Kenzior
@ 2022-10-26 19:53 ` Denis Kenzior
25 siblings, 0 replies; 27+ messages in thread
From: Denis Kenzior @ 2022-10-26 19:53 UTC (permalink / raw)
To: iwd
All 26 applied.
Regards,
-Denis
^ permalink raw reply [flat|nested] 27+ messages in thread
end of thread, other threads:[~2022-10-26 19:53 UTC | newest]
Thread overview: 27+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-10-21 19:12 [PATCH 01/26] eapol: More strictly validate key_descriptor_version Denis Kenzior
2022-10-21 19:12 ` [PATCH 02/26] crypto: Rename BIP to BIP_CMAC Denis Kenzior
2022-10-21 19:12 ` [PATCH 03/26] ie: Rename _BIP to _BIP_CMAC Denis Kenzior
2022-10-21 19:12 ` [PATCH 04/26] ie: Simplify implementation Denis Kenzior
2022-10-21 19:12 ` [PATCH 05/26] crypto: Add new cipher definitions Denis Kenzior
2022-10-21 19:12 ` [PATCH 06/26] ie: Skip unknown pairwise ciphers Denis Kenzior
2022-10-21 19:12 ` [PATCH 07/26] netdev: Build RSN attributes in a common function Denis Kenzior
2022-10-21 19:12 ` [PATCH 08/26] netdev: Add support for setting GCMP keys Denis Kenzior
2022-10-21 19:12 ` [PATCH 09/26] ie: Add support for GCMP cipher suite Denis Kenzior
2022-10-21 19:12 ` [PATCH 10/26] ie: add ie_rsn_cipher_suite_to_string Denis Kenzior
2022-10-21 19:12 ` [PATCH 11/26] wiphy: Generalize supported cipher dumper Denis Kenzior
2022-10-21 19:12 ` [PATCH 12/26] wiphy: Support GCMP cipher suite Denis Kenzior
2022-10-21 19:12 ` [PATCH 13/26] doc: Document PairwiseCipher property Denis Kenzior
2022-10-21 19:12 ` [PATCH 14/26] station: diagnostic: implement PairwiseCipher Denis Kenzior
2022-10-21 19:12 ` [PATCH 15/26] auto-t: Support multiple pairwise ciphers in WPA2 Denis Kenzior
2022-10-21 19:12 ` [PATCH 16/26] ie: Add support for GCMP|CCMP-256 Denis Kenzior
2022-10-21 19:12 ` [PATCH 17/26] netdev: Add support for CCMP|GCMP-256 Denis Kenzior
2022-10-21 19:12 ` [PATCH 18/26] ie: Add IE_CIPHER_IS_GCMP_CCMP inline Denis Kenzior
2022-10-21 19:13 ` [PATCH 19/26] station: Use IE_CIPHER_IS_GCMP_CCMP Denis Kenzior
2022-10-21 19:13 ` [PATCH 20/26] wiphy: Support GCMP|CCMP-256 cipher suites Denis Kenzior
2022-10-21 19:13 ` [PATCH 21/26] doc: Document GCMP|CCMP-256 ciphers Denis Kenzior
2022-10-21 19:13 ` [PATCH 22/26] auto-t: Add GCMP|CCMP-256 to WPA2 test Denis Kenzior
2022-10-21 19:13 ` [PATCH 23/26] ie: Support more group management cipher suites Denis Kenzior
2022-10-21 19:13 ` [PATCH 24/26] netdev: Support more IGTK " Denis Kenzior
2022-10-21 19:13 ` [PATCH 25/26] wiphy: Support more group management " Denis Kenzior
2022-10-21 19:13 ` [PATCH 26/26] auto-t: Add tests for GMAC/GMAC-256/CMAC-256 Denis Kenzior
2022-10-26 19:53 ` [PATCH 01/26] eapol: More strictly validate key_descriptor_version Denis Kenzior
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).