Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[PW_SID:850639] Basic WPA3 support in AP mode #342

Open
wants to merge 24 commits into
base: workflow
Choose a base branch
from
Open

[PW_SID:850639] Basic WPA3 support in AP mode #342

wants to merge 24 commits into from

Conversation

IWDTestBot
Copy link
Owner

Add the configuration option AKMSuites under Security so it becomes
possible to support both PSK and SAE. This influences the advertised
AKMs in the beacon.

src/ap.c | 26 +++++++++++++++++++++++++-
1 file changed, 25 insertions(+), 1 deletion(-)

jprestwo and others added 24 commits April 16, 2024 13:02
@jprestwo @IWDTestBot
Workflow's for syncing with upstream, build, unit test, and test-runner
0086fd4
@jprestwo @IWDTestBot
workflow: use newer commit for hostapd
3b9c9a9
@jprestwo @IWDTestBot
ci: remove cache/ from tar file list
80259e8 
This is taken care of by the individual cache items and
if none exist, tar fails.
@jprestwo @IWDTestBot
ci: use kernel 5.19
78f2794
@jprestwo @IWDTestBot
ci: use iwd-ci after renaming to remove -v2
30111f1
@jprestwo @IWDTestBot
ci: remove set-output use, now deprecated
089fa9a
@IWDTestBot
ap: ability to advertise PSK and SAE
b839209 
Add the configuration option AKMSuites under Security so it becomes
possible to support both PSK and SAE. This influences the advertised
AKMs in the beacon.
@IWDTestBot
ap: accept PSK/SAE in auth depending on config
0aed6c9 
On reception of an authentication frame, accept both PSK and SAE as AKM
depending on the config. Save the client's AKM for later use.
@IWDTestBot
unit: fix SAE unit tests
385472c 
Don't mark either client as being the authenticator. In the current unit
tests, both instances act as clients to test functionality. This ensures
the unit does not show an error during the following commits where SAE
for AP mode is added.
@IWDTestBot
sae: add function sae_set_group
c1ec84d 
Refactor code by adding function sae_set_group. This will make the next
commits easier where basic SAE support for APs is added.
@IWDTestBot
sae: refactor and add function sae_calculate_keys
8b314ac 
Refactor code by moving code to the new function sae_calculate_keys.
This will make it easier in the next commits to add SAE support for AP
mode.
@IWDTestBot
sae: make sae_process_commit callable in AP mode
d0583fd 
As an AP, the function sae_process_commit will pick the group offered by
the client. In a subsuquent commit the offered group will first be
verified before calling sae_process_commit. The AP will reply with a
Commit frame, calculate current keys, and move to the COMMITTED state.
@IWDTestBot
sae: verify offered group in AP mode
6b18e08 
When receiving a Commit frame in AP mode, first verify that we support
the offered group before further processing the frame.
@IWDTestBot
sae: support reception of Confirm frame by AP
510cd5d 
Experimental AP-mode support for receiving a Confirm frame when in the
COMMITTED state. The AP will reply with a Confirm frame.

Note that when acting as an AP, on reception of a Commit frame, the AP
only replies with a Commit frame. The protocols allows to also already
send the Confirm frame, but older clients may not support simultaneously
receiving a Commit and Confirm frame.
@IWDTestBot
ap: add support to handle SAE authentication
c2af370 
When the client requests SAE authentication, and it is enabled, allocate
an auth_proto instance to handle SAE authentication. This also adds a
new function to send SAE frames in AP mode that can be used by the
auth_proto instance.
@IWDTestBot
ap: enable start of 4-way HS after SAE
4c21cd5 
Accept association frames that request SAE if SAE is enabled by the AP.
When SAE is being used, get the PMK as negoticated by SAE.
@IWDTestBot
eapol: support PTK derivation with SHA256
38e8d74 
Support PTK derivation in case the negotiated AKM requires SHA256. This
is needed to support SAE in AP mode.
@IWDTestBot
eapol: encrypt key data for AKM-defined ciphers
5d34ad3 
Support encrypting key data when the cipher is AKM-defined. This is
needed to support SAE in AP mode.
@IWDTestBot
unit: add unit test for SAE AP mode
74ec04c 
Add unit test that simulates client and AP in SAE handshake. Test that
both the client and AP complete the SAE handshake.
@IWDTestBot
ap: move toward requiring MFP when using SAE
f164db2 
When wanting to use SAE, confirm that MFP is also supported, and
automatically enable MFP. Advertise as MFP capable in the beacon.
@IWDTestBot
handshake: add functions to save and set IGTK
d225bdf 
To add MFP support in the AP mode, add utility functions to save the
IGTK and to add the IGTK to handshake messages.
@IWDTestBot
eapol: include IGTK in 4-way handshake as AP
7dde9bf 
When SAE with MFP is being used, include the IGTK in message 3 of the
4-way handshake.
@IWDTestBot
ap: generate IGTK on startup if MFP is enabled
b288e39 
When using MFP, generate the IGTK group key on startup, and install it
for use. When installing the IGTK, which has either key index 4 or 5,
use the appropriate NL80211 flags so it is installed properly.
@IWDTestBot
ap: propogate IGTK and RSC to handshake
44c1ef4 
When a client is connecting, remember whether it supports MFP, and if
so, propogate the IGTK to the handshake. Also get the current Receive
Sequence Counter (RSC) of the IGTK and propogate it to the handshake.
@IWDTestBot
Copy link
Owner Author

Fetch PR
Test ID: fetch
Desc: Fetch the PR commits for this CI run
Duration: 3.13 seconds
Result: PASS

Prep - Setup ELL
Test ID: setupell
Desc: Clone, build, and install ELL
Duration: 26.08 seconds
Result: PASS

Make Distcheck
Test ID: makedistcheck
Desc: Run distcheck to check the distribution
Duration: 54.46 seconds
Result: PASS

Build - Configure
Test ID: build
Desc: Configure the BlueZ source tree
Duration: 11.88 seconds
Result: PASS

Make Check
Test ID: makecheck
Desc: Run 'make check'
Duration: 3.07 seconds
Result: PASS

Make Check w/Valgrind
Test ID: makecheckvalgrind
Desc: Run 'make check' with Valgrind
Duration: 94.37 seconds
Result: PASS

Incremental Build with patches
Test ID: incremental_build
Desc: Incremental build per patch in the series
Duration: 768.45 seconds
Result: PASS

@IWDTestBot
Copy link
Owner Author

Fetch PR
Test ID: fetch
Desc: Fetch the PR commits for this CI run
Duration: 2.61 seconds
Result: PASS

GitLint
Test ID: gitlint
Desc: Run gitlint with rule in .gitlint
Duration: 8.73 seconds
Result: PASS

Prep - Setup ELL
Test ID: setupell
Desc: Clone, build, and install ELL
Duration: 36.46 seconds
Result: PASS

Make Distcheck
Test ID: makedistcheck
Desc: Run distcheck to check the distribution
Duration: 37.06 seconds
Result: PASS

Build - Configure
Test ID: build
Desc: Configure the BlueZ source tree
Duration: 33.34 seconds
Result: PASS

Make Check
Test ID: makecheck
Desc: Run 'make check'
Duration: 2.29 seconds
Result: PASS

Make Check w/Valgrind
Test ID: makecheckvalgrind
Desc: Run 'make check' with Valgrind
Duration: 115.88 seconds
Result: PASS

Incremental Build with patches
Test ID: incremental_build
Desc: Incremental build per patch in the series
Duration: 742.31 seconds
Result: PASS

Autotest Runner
Test ID: testrunner
Desc: Runs IWD's autotest framework
Duration: 1785.45 seconds
Result: PASS

Clang Build
Test ID: clang
Desc: Build IWD using clang compiler
Duration: 114.33 seconds
Result: PASS

@github-actions github-actions bot force-pushed the workflow branch 4 times, most recently from 2192e98 to 43a07cc Compare May 9, 2024 15:24
@github-actions github-actions bot force-pushed the workflow branch 3 times, most recently from 2c7b52e to 58d64d4 Compare May 14, 2024 15:45
@github-actions github-actions bot force-pushed the workflow branch 4 times, most recently from 68d5156 to 953fb5e Compare June 4, 2024 13:45
@github-actions github-actions bot force-pushed the workflow branch 2 times, most recently from a123040 to 568d50f Compare June 26, 2024 14:45
@github-actions github-actions bot force-pushed the workflow branch 2 times, most recently from eb06b40 to 9e0bb3e Compare July 11, 2024 22:26
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@IWDTestBot @jprestwo