From 0e30a5256cd8e36e9a2200bbf470257d6971c0a0 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jonas=20Dre=C3=9Fler?= <verdre@v0yd.nl>
Date: Sat, 24 Apr 2021 11:18:12 +0200
Subject: [PATCH] devices/wifi: Use wpa-psk key-mgmt for networks supporting
 WPA2 and WPA3

Networks offering WPA2 and WPA3/SAE at the same time are in WPA3 hybrid
mode. In this case the PSK passphrase rules that apply need to be the
WPA2 rules, so we shouldn't use "sae" as key-mgmt. Also our wifi card
might not support SAE and we want to make sure WPA2 eventually gets used
in that case.

So use "wpa-psk" as key-mgmt method in case an AP is in WPA3 hybrid
mode.
---
 src/core/devices/wifi/nm-wifi-utils.c | 22 +++++++++++++++-------
 1 file changed, 15 insertions(+), 7 deletions(-)

diff --git a/src/core/devices/wifi/nm-wifi-utils.c b/src/core/devices/wifi/nm-wifi-utils.c
index d9cf5df20b..a8209c36bb 100644
--- a/src/core/devices/wifi/nm-wifi-utils.c
+++ b/src/core/devices/wifi/nm-wifi-utils.c
@@ -814,15 +814,24 @@ nm_wifi_utils_complete_connection(GBytes *      ap_ssid,
          * setting.  Since there's so much configuration required for it, there's
          * no way it can be automatically completed.
          */
-    } else if ((key_mgmt && !strcmp(key_mgmt, "sae"))
-               || (ap_rsn_flags & NM_802_11_AP_SEC_KEY_MGMT_SAE)) {
+    } else if (nm_streq0(key_mgmt, "wpa-psk")
+               || (ap_rsn_flags & NM_802_11_AP_SEC_KEY_MGMT_SAE
+                   && (ap_wpa_flags & NM_802_11_AP_SEC_KEY_MGMT_PSK
+                       || ap_rsn_flags & NM_802_11_AP_SEC_KEY_MGMT_PSK))) {
+        g_object_set(s_wsec,
+                     NM_SETTING_WIRELESS_SECURITY_KEY_MGMT,
+                     "wpa-psk",
+                     NM_SETTING_WIRELESS_SECURITY_AUTH_ALG,
+                     "open",
+                     NULL);
+    } else if (nm_streq0(key_mgmt, "sae") || (ap_rsn_flags & NM_802_11_AP_SEC_KEY_MGMT_SAE)) {
         g_object_set(s_wsec,
                      NM_SETTING_WIRELESS_SECURITY_KEY_MGMT,
                      "sae",
                      NM_SETTING_WIRELESS_SECURITY_AUTH_ALG,
                      "open",
                      NULL);
-    } else if ((key_mgmt && !strcmp(key_mgmt, "owe"))
+    } else if (nm_streq0(key_mgmt, "owe")
                || NM_FLAGS_ANY(ap_rsn_flags,
                                NM_802_11_AP_SEC_KEY_MGMT_OWE | NM_802_11_AP_SEC_KEY_MGMT_OWE_TM)) {
         g_object_set(s_wsec,
@@ -831,9 +840,8 @@ nm_wifi_utils_complete_connection(GBytes *      ap_ssid,
                      NM_SETTING_WIRELESS_SECURITY_AUTH_ALG,
                      "open",
                      NULL);
-    } else if ((key_mgmt && !strcmp(key_mgmt, "wpa-psk"))
-               || (ap_wpa_flags & NM_802_11_AP_SEC_KEY_MGMT_PSK)
-               || (ap_rsn_flags & NM_802_11_AP_SEC_KEY_MGMT_PSK)) {
+    } else if (ap_wpa_flags & NM_802_11_AP_SEC_KEY_MGMT_PSK
+               || ap_rsn_flags & NM_802_11_AP_SEC_KEY_MGMT_PSK) {
         g_object_set(s_wsec,
                      NM_SETTING_WIRELESS_SECURITY_KEY_MGMT,
                      "wpa-psk",
@@ -843,7 +851,7 @@ nm_wifi_utils_complete_connection(GBytes *      ap_ssid,
         /* Leave proto/pairwise/group as client set them; if they are unset the
          * supplicant will figure out the best combination at connect time.
          */
-    } else if ((key_mgmt && !strcmp(key_mgmt, "wpa-eap-suite-b-192"))
+    } else if (nm_streq0(key_mgmt, "wpa-eap-suite-b-192")
                || (ap_rsn_flags & NM_802_11_AP_SEC_KEY_MGMT_EAP_SUITE_B_192)) {
         g_object_set(s_wsec,
                      NM_SETTING_WIRELESS_SECURITY_KEY_MGMT,