* [PATCH 2/5] auto-t: fix get_ordered_network if hostapd isn't running
2022-10-26 18:56 [PATCH 1/5] eapol: choose key descriptor version in AP mode James Prestwood
@ 2022-10-26 18:56 ` James Prestwood
2022-10-26 18:56 ` [PATCH 3/5] auto-t: allow printing devices in AP mode James Prestwood
` (3 subsequent siblings)
4 siblings, 0 replies; 6+ messages in thread
From: James Prestwood @ 2022-10-26 18:56 UTC (permalink / raw)
To: iwd; +Cc: James Prestwood
This API optimizes scanning to run tests quickly by only scanning
the frequencies which hostapd is using. But if a test doesn't use
hostapd this API raises an uncaught exception.
Check if hostapd is being used, and if not just do a full scan.
---
autotests/util/iwd.py | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/autotests/util/iwd.py b/autotests/util/iwd.py
index a9df0dca..a9e2f2f5 100755
--- a/autotests/util/iwd.py
+++ b/autotests/util/iwd.py
@@ -519,7 +519,8 @@ class Device(IWDDBusAbstract):
IWD._wait_for_object_condition(self, condition)
try:
- if full_scan:
+ # Do a full scan if instructed or if hostapd isn't being used
+ if full_scan or not ctx.hostapd:
self.scan()
else:
self.debug_scan(ctx.get_frequencies())
--
2.34.3
^ permalink raw reply related [flat|nested] 6+ messages in thread* [PATCH 3/5] auto-t: allow printing devices in AP mode
2022-10-26 18:56 [PATCH 1/5] eapol: choose key descriptor version in AP mode James Prestwood
2022-10-26 18:56 ` [PATCH 2/5] auto-t: fix get_ordered_network if hostapd isn't running James Prestwood
@ 2022-10-26 18:56 ` James Prestwood
2022-10-26 18:56 ` [PATCH 4/5] unit: test-arc4: test RC4 both directions James Prestwood
` (2 subsequent siblings)
4 siblings, 0 replies; 6+ messages in thread
From: James Prestwood @ 2022-10-26 18:56 UTC (permalink / raw)
To: iwd; +Cc: James Prestwood
The __str__ function assumed station mode which throws an exception
if the device is in AP mode. Fix this as well as print out the mode
the device is in.
---
autotests/util/iwd.py | 13 ++++++++-----
1 file changed, 8 insertions(+), 5 deletions(-)
diff --git a/autotests/util/iwd.py b/autotests/util/iwd.py
index a9e2f2f5..9e96382a 100755
--- a/autotests/util/iwd.py
+++ b/autotests/util/iwd.py
@@ -690,14 +690,17 @@ class Device(IWDDBusAbstract):
return self._device_provisioning.stop()
def __str__(self, prefix = ''):
- return prefix + 'Device: ' + self.device_path + '\n'\
+ s = prefix + 'Device: ' + self.device_path + '\n'\
+ prefix + '\tName:\t\t' + self.name + '\n'\
- + prefix + '\tAddress:\t' + self.address + '\n'\
- + prefix + '\tState:\t\t' + str(self.state) + '\n'\
+ + prefix + '\tAddress:\t' + self.address + '\n' \
+ prefix + '\tPowered:\t' + str(self.powered) + '\n'\
- + prefix + '\tConnected net:\t' + str(self.connected_network) +\
- '\n'
+ + prefix + '\tMode:\t\t' + self._properties['Mode'] + '\n'
+ if self._properties['Mode'] == 'station':
+ s += prefix + '\tState:\t\t' + str(self.state) + '\n'\
+ + prefix + '\tConnected net:\t' + str(self.connected_network) + '\n'
+
+ return s
class Network(IWDDBusAbstract):
'''Class represents a network object: net.connman.iwd.Network'''
--
2.34.3
^ permalink raw reply related [flat|nested] 6+ messages in thread* [PATCH 4/5] unit: test-arc4: test RC4 both directions
2022-10-26 18:56 [PATCH 1/5] eapol: choose key descriptor version in AP mode James Prestwood
2022-10-26 18:56 ` [PATCH 2/5] auto-t: fix get_ordered_network if hostapd isn't running James Prestwood
2022-10-26 18:56 ` [PATCH 3/5] auto-t: allow printing devices in AP mode James Prestwood
@ 2022-10-26 18:56 ` James Prestwood
2022-10-26 18:56 ` [PATCH 5/5] eapol: add TKIP support in AP mode James Prestwood
2022-10-26 19:55 ` [PATCH 1/5] eapol: choose key descriptor version " Denis Kenzior
4 siblings, 0 replies; 6+ messages in thread
From: James Prestwood @ 2022-10-26 18:56 UTC (permalink / raw)
To: iwd; +Cc: James Prestwood
Tests that the data both encrypts and decrypts.
---
unit/test-arc4.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/unit/test-arc4.c b/unit/test-arc4.c
index bfc5009c..a9e0ef1d 100644
--- a/unit/test-arc4.c
+++ b/unit/test-arc4.c
@@ -92,6 +92,8 @@ static void arc4_skip_test(const void *data)
assert(arc4_skip(test->key, 16, test->offset, buf, sizeof(buf), buf));
assert(!memcmp(buf, test->result, sizeof(buf)));
+ assert(arc4_skip(test->key, 16, test->offset, buf, sizeof(buf), buf));
+ assert(l_memeqzero(buf, 16));
}
int main(int argc, char *argv[])
--
2.34.3
^ permalink raw reply related [flat|nested] 6+ messages in thread
* [PATCH 5/5] eapol: add TKIP support in AP mode
2022-10-26 18:56 [PATCH 1/5] eapol: choose key descriptor version in AP mode James Prestwood
` (2 preceding siblings ...)
2022-10-26 18:56 ` [PATCH 4/5] unit: test-arc4: test RC4 both directions James Prestwood
@ 2022-10-26 18:56 ` James Prestwood
2022-10-26 19:55 ` [PATCH 1/5] eapol: choose key descriptor version " Denis Kenzior
4 siblings, 0 replies; 6+ messages in thread
From: James Prestwood @ 2022-10-26 18:56 UTC (permalink / raw)
To: iwd; +Cc: James Prestwood
Though TKIP is deprecated and insecure its trivial to support it in
AP mode as we already do in station. This is only to allow AP mode
for old hardware that may only support TKIP. If the hardware supports
any higher level cipher that will be chosen automatically.
---
src/eapol.c | 24 ++++++++++++++++++++++--
1 file changed, 22 insertions(+), 2 deletions(-)
diff --git a/src/eapol.c b/src/eapol.c
index 44ffb220..4a1abd28 100644
--- a/src/eapol.c
+++ b/src/eapol.c
@@ -390,11 +390,31 @@ static int eapol_encrypt_key_data(const uint8_t *kek, uint8_t *key_data,
size_t key_data_len,
struct eapol_key *out_frame, size_t mic_len)
{
+ uint8_t key[32];
+ bool ret;
+
switch (out_frame->key_descriptor_version) {
case EAPOL_KEY_DESCRIPTOR_VERSION_HMAC_MD5_ARC4:
- /* Not supported */
- return -ENOTSUP;
+ /*
+ * Not following the spec to generate the IV. The spec outlines
+ * a procedure where a 32 byte buffer is held and incremented
+ * each time nonces are created, and the IV comes from this
+ * buffer. In the end randomizing the IV every time should be
+ * just as good. This is how we handle the GTK in AP mode.
+ */
+ l_getrandom(out_frame->eapol_key_iv, 16);
+
+ memcpy(key, out_frame->eapol_key_iv, 16);
+ memcpy(key + 16, kek, 16);
+ ret = arc4_skip(key, 32, 256, key_data, key_data_len,
+ EAPOL_KEY_DATA(out_frame, mic_len));
+ explicit_bzero(key, sizeof(key));
+
+ if (!ret)
+ return -ENOTSUP;
+
+ break;
case EAPOL_KEY_DESCRIPTOR_VERSION_HMAC_SHA1_AES:
case EAPOL_KEY_DESCRIPTOR_VERSION_AES_128_CMAC_AES:
if (key_data_len < 16 || key_data_len % 8)
--
2.34.3
^ permalink raw reply related [flat|nested] 6+ messages in thread* Re: [PATCH 1/5] eapol: choose key descriptor version in AP mode
2022-10-26 18:56 [PATCH 1/5] eapol: choose key descriptor version in AP mode James Prestwood
` (3 preceding siblings ...)
2022-10-26 18:56 ` [PATCH 5/5] eapol: add TKIP support in AP mode James Prestwood
@ 2022-10-26 19:55 ` Denis Kenzior
4 siblings, 0 replies; 6+ messages in thread
From: Denis Kenzior @ 2022-10-26 19:55 UTC (permalink / raw)
To: James Prestwood, iwd
Hi James,
On 10/26/22 13:56, James Prestwood wrote:
> The key descriptor version was hard coded to HMAC_SHA1_AES which
> is correct when using IE_RSN_AKM_SUITE_PSK + CCMP. ap.c hard
> codes the PSK AKM but still uses wiphy to select the cipher. In
> theory there could be hardware that only supports TKIP which
> would then make IWD non-compliant since a different key descriptor
> version should be used with PSK + TKIP (HMAC_MD5_ARC4).
>
> Now use a helper to sort out which key descriptor should be used
> given the AKM and cipher suite.
> ---
> src/eapol.c | 16 ++++++++++++----
> 1 file changed, 12 insertions(+), 4 deletions(-)
>
All applied, thanks.
Regards,
-Denis
^ permalink raw reply [flat|nested] 6+ messages in thread