fdo-mirrors/NetworkManager
1
0
Fork 0
mirror of https://gitlab.freedesktop.org/NetworkManager/NetworkManager.git synced 2025-12-25 03:40:07 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

supplicant/config: Disallow SHA1 ciphers when using required PMF

Browse source 
As mentioned in the wpa_supplicant reference config, when setting PMF to
required with WPA2 (personal or enterprise) authentication, we want to
only enable SHA256 and upwards as HMAC. So enforce that by not passing
WPA-PSK and WPA-EAP to the config in case pmf is set to REQUIRED.
This commit is contained in:
Jonas Dreßler 2021-04-23 18:04:36 +02:00 committed by Thomas Haller
parent a4b95a9fcd
commit 2bc3cf0cb8
No known key found for this signature in database
GPG key ID: 29C2366E4DFC5728
1 changed files with 4 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
src/core/supplicant/nm-supplicant-config.c
View file

@ -848,7 +848,8 @@ nm_supplicant_config_add_setting_wireless_security(NMSupplicantConfig *
g_string_append(key_mgmt_conf, "OWE");
} else if (nm_streq(key_mgmt, "wpa-psk")) {
g_string_append(key_mgmt_conf, "WPA-PSK");
if (pmf != NM_SETTING_WIRELESS_SECURITY_PMF_REQUIRED)
g_string_append(key_mgmt_conf, "WPA-PSK");
if (_get_capability(priv, NM_SUPPL_CAP_TYPE_PMF))
g_string_append(key_mgmt_conf, " WPA-PSK-SHA256");
if (_get_capability(priv, NM_SUPPL_CAP_TYPE_FT))
@ -867,7 +868,8 @@ nm_supplicant_config_add_setting_wireless_security(NMSupplicantConfig *
g_string_append(key_mgmt_conf, " FT-SAE");
} else if (nm_streq(key_mgmt, "wpa-eap")) {
g_string_append(key_mgmt_conf, "WPA-EAP");
if (pmf != NM_SETTING_WIRELESS_SECURITY_PMF_REQUIRED)
g_string_append(key_mgmt_conf, "WPA-EAP");
if (_get_capability(priv, NM_SUPPL_CAP_TYPE_FT)) {
g_string_append(key_mgmt_conf, " FT-EAP");
if (_get_capability(priv, NM_SUPPL_CAP_TYPE_SHA384))