colin/NetworkManager
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

supplicant: allow fast transition for WPA-PSK and WPA-EAP

Browse Source 
https://gitlab.freedesktop.org/NetworkManager/NetworkManager/issues/4
This commit is contained in:
Lubomir Rintel
2019-07-15 11:30:30 +00:00
parent 5480ec8537
commit d17a0a0905
7 changed files with 33 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
src/devices/nm-device-ethernet.c
View File

@@ -560,7 +560,7 @@ build_supplicant_config (NMDeviceEthernet *self,
mtu = nm_platform_link_get_mtu (nm_device_get_platform (NM_DEVICE (self)), mtu = nm_platform_link_get_mtu (nm_device_get_platform (NM_DEVICE (self)),
nm_device_get_ifindex (NM_DEVICE (self))); nm_device_get_ifindex (NM_DEVICE (self)));
config = nm_supplicant_config_new (FALSE, FALSE); config = nm_supplicant_config_new (FALSE, FALSE, FALSE, FALSE);
security = nm_connection_get_setting_802_1x (connection); security = nm_connection_get_setting_802_1x (connection);
if (!nm_supplicant_config_add_setting_8021x (config, security, con_uuid, mtu, TRUE, error)) { if (!nm_supplicant_config_add_setting_8021x (config, security, con_uuid, mtu, TRUE, error)) {

2
src/devices/nm-device-macsec.c
View File

@@ -224,7 +224,7 @@ build_supplicant_config (NMDeviceMacsec *self, GError **error)
mtu = nm_platform_link_get_mtu (nm_device_get_platform (NM_DEVICE (self)), mtu = nm_platform_link_get_mtu (nm_device_get_platform (NM_DEVICE (self)),
nm_device_get_ifindex (NM_DEVICE (self))); nm_device_get_ifindex (NM_DEVICE (self)));
config = nm_supplicant_config_new (FALSE, FALSE); config = nm_supplicant_config_new (FALSE, FALSE, FALSE, FALSE);
s_macsec = nm_device_get_applied_setting (NM_DEVICE (self), NM_TYPE_SETTING_MACSEC); s_macsec = nm_device_get_applied_setting (NM_DEVICE (self), NM_TYPE_SETTING_MACSEC);

4
src/devices/wifi/nm-device-wifi.c
View File

@@ -2452,7 +2452,9 @@ build_supplicant_config (NMDeviceWifi *self,
config = nm_supplicant_config_new ( config = nm_supplicant_config_new (
nm_supplicant_interface_get_pmf_support (priv->sup_iface) == NM_SUPPLICANT_FEATURE_YES, nm_supplicant_interface_get_pmf_support (priv->sup_iface) == NM_SUPPLICANT_FEATURE_YES,
nm_supplicant_interface_get_fils_support (priv->sup_iface) == NM_SUPPLICANT_FEATURE_YES); nm_supplicant_interface_get_fils_support (priv->sup_iface) == NM_SUPPLICANT_FEATURE_YES,
nm_supplicant_interface_get_ft_support (priv->sup_iface) == NM_SUPPLICANT_FEATURE_YES,
nm_supplicant_interface_get_sha384_support (priv->sup_iface) == NM_SUPPLICANT_FEATURE_YES);
/* Warn if AP mode may not be supported */ /* Warn if AP mode may not be supported */
if ( g_strcmp0 (nm_setting_wireless_get_mode (s_wireless), NM_SETTING_WIRELESS_MODE_AP) == 0 if ( g_strcmp0 (nm_setting_wireless_get_mode (s_wireless), NM_SETTING_WIRELESS_MODE_AP) == 0

26
src/supplicant/nm-supplicant-config.c
View File

@@ -49,6 +49,8 @@ typedef struct {
gboolean dispose_has_run; gboolean dispose_has_run;
gboolean support_pmf; gboolean support_pmf;
gboolean support_fils; gboolean support_fils;
gboolean support_ft;
gboolean support_sha384;
} NMSupplicantConfigPrivate; } NMSupplicantConfigPrivate;
struct _NMSupplicantConfig { struct _NMSupplicantConfig {
@@ -67,7 +69,8 @@ G_DEFINE_TYPE (NMSupplicantConfig, nm_supplicant_config, G_TYPE_OBJECT)
/*****************************************************************************/ /*****************************************************************************/
NMSupplicantConfig * NMSupplicantConfig *
nm_supplicant_config_new (gboolean support_pmf, gboolean support_fils) nm_supplicant_config_new (gboolean support_pmf, gboolean support_fils,
gboolean support_ft, gboolean support_sha384)
{ {
NMSupplicantConfigPrivate *priv; NMSupplicantConfigPrivate *priv;
NMSupplicantConfig *self; NMSupplicantConfig *self;
@@ -77,6 +80,8 @@ nm_supplicant_config_new (gboolean support_pmf, gboolean support_fils)
priv->support_pmf = support_pmf; priv->support_pmf = support_pmf;
priv->support_fils = support_fils; priv->support_fils = support_fils;
priv->support_ft = support_ft;
priv->support_sha384 = support_sha384;
return self; return self;
} }
@@ -779,20 +784,35 @@ nm_supplicant_config_add_setting_wireless_security (NMSupplicantConfig *self,
if (nm_streq (key_mgmt, "wpa-psk")) { if (nm_streq (key_mgmt, "wpa-psk")) {
if (priv->support_pmf) if (priv->support_pmf)
g_string_append (key_mgmt_conf, " wpa-psk-sha256"); g_string_append (key_mgmt_conf, " wpa-psk-sha256");
if (priv->support_ft)
g_string_append (key_mgmt_conf, " ft-psk");
} else if (nm_streq (key_mgmt, "wpa-eap")) { } else if (nm_streq (key_mgmt, "wpa-eap")) {
if (priv->support_pmf) if (priv->support_pmf)
g_string_append (key_mgmt_conf, " wpa-eap-sha256"); g_string_append (key_mgmt_conf, " wpa-eap-sha256");
if (priv->support_ft)
g_string_append (key_mgmt_conf, " ft-eap");
if (priv->support_ft && priv->support_sha384)
g_string_append (key_mgmt_conf, " ft-eap-sha384");
switch (fils) { switch (fils) {
case NM_SETTING_WIRELESS_SECURITY_FILS_REQUIRED: case NM_SETTING_WIRELESS_SECURITY_FILS_REQUIRED:
g_string_assign (key_mgmt_conf, "fils-sha256 fils-sha384"); g_string_truncate (key_mgmt_conf, 0);
break; if (!priv->support_pmf)
g_string_assign (key_mgmt_conf, "fils-sha256 fils-sha384");
/* fall-through */
case NM_SETTING_WIRELESS_SECURITY_FILS_OPTIONAL: case NM_SETTING_WIRELESS_SECURITY_FILS_OPTIONAL:
if (priv->support_pmf) if (priv->support_pmf)
g_string_append (key_mgmt_conf, " fils-sha256 fils-sha384"); g_string_append (key_mgmt_conf, " fils-sha256 fils-sha384");
if (priv->support_pmf && priv->support_ft)
g_string_append (key_mgmt_conf, " ft-fils-sha256");
if (priv->support_pmf && priv->support_ft & priv->support_sha384)
g_string_append (key_mgmt_conf, " ft-fils-sha384");
break; break;
default: default:
break; break;
} }
} else if (nm_streq (key_mgmt, "sae")) {
if (priv->support_ft)
g_string_append (key_mgmt_conf, " ft-sae");
} }
if (!add_string_val (self, key_mgmt_conf->str, "key_mgmt", TRUE, NULL, error)) if (!add_string_val (self, key_mgmt_conf->str, "key_mgmt", TRUE, NULL, error))

3
src/supplicant/nm-supplicant-config.h
View File

@@ -39,7 +39,8 @@ typedef struct _NMSupplicantConfigClass NMSupplicantConfigClass;
GType nm_supplicant_config_get_type (void); GType nm_supplicant_config_get_type (void);
NMSupplicantConfig *nm_supplicant_config_new (gboolean support_pmf, gboolean support_fils); NMSupplicantConfig *nm_supplicant_config_new (gboolean support_pmf, gboolean support_fils,
gboolean support_ft, gboolean support_sha384);
guint32 nm_supplicant_config_get_ap_scan (NMSupplicantConfig *self); guint32 nm_supplicant_config_get_ap_scan (NMSupplicantConfig *self);

4
src/supplicant/nm-supplicant-settings-verify.c
View File

@@ -66,8 +66,8 @@ static const struct validate_entry validate_table[] = {
const char * pairwise_allowed[] = { "CCMP", "TKIP", "NONE", NULL }; const char * pairwise_allowed[] = { "CCMP", "TKIP", "NONE", NULL };
const char * group_allowed[] = { "CCMP", "TKIP", "WEP104", "WEP40", NULL }; const char * group_allowed[] = { "CCMP", "TKIP", "WEP104", "WEP40", NULL };
const char * proto_allowed[] = { "WPA", "RSN", NULL }; const char * proto_allowed[] = { "WPA", "RSN", NULL };
const char * key_mgmt_allowed[] = { "WPA-PSK", "WPA-PSK-SHA256", const char * key_mgmt_allowed[] = { "WPA-PSK", "WPA-PSK-SHA256", "FT-PSK",
"WPA-EAP", "WPA-EAP-SHA256", "WPA-EAP", "WPA-EAP-SHA256", "FT-EAP", "FT-EAP-SHA384",
"FILS-SHA256", "FILS-SHA384", "FILS-SHA256", "FILS-SHA384",
"IEEE8021X", "WPA-NONE", "SAE", "IEEE8021X", "WPA-NONE", "SAE",
"NONE", NULL }; "NONE", NULL };

2
src/supplicant/tests/test-supplicant-config.c
View File

@@ -110,7 +110,7 @@ build_supplicant_config (NMConnection *connection,
NMSetting8021x *s_8021x; NMSetting8021x *s_8021x;
gboolean success; gboolean success;
config = nm_supplicant_config_new (support_pmf, support_fils); config = nm_supplicant_config_new (support_pmf, support_fils, FALSE, FALSE);
s_wifi = nm_connection_get_setting_wireless (connection); s_wifi = nm_connection_get_setting_wireless (connection);
g_assert (s_wifi); g_assert (s_wifi);