diff --git a/src/devices/nm-device-ethernet.c b/src/devices/nm-device-ethernet.c index 0d45dfdeda..3e84847ed1 100644 --- a/src/devices/nm-device-ethernet.c +++ b/src/devices/nm-device-ethernet.c @@ -560,7 +560,7 @@ build_supplicant_config (NMDeviceEthernet *self, mtu = nm_platform_link_get_mtu (nm_device_get_platform (NM_DEVICE (self)), nm_device_get_ifindex (NM_DEVICE (self))); - config = nm_supplicant_config_new (FALSE, FALSE); + config = nm_supplicant_config_new (FALSE, FALSE, FALSE, FALSE); security = nm_connection_get_setting_802_1x (connection); if (!nm_supplicant_config_add_setting_8021x (config, security, con_uuid, mtu, TRUE, error)) { diff --git a/src/devices/nm-device-macsec.c b/src/devices/nm-device-macsec.c index 54e04a1bf5..e3e3a895b2 100644 --- a/src/devices/nm-device-macsec.c +++ b/src/devices/nm-device-macsec.c @@ -224,7 +224,7 @@ build_supplicant_config (NMDeviceMacsec *self, GError **error) mtu = nm_platform_link_get_mtu (nm_device_get_platform (NM_DEVICE (self)), nm_device_get_ifindex (NM_DEVICE (self))); - config = nm_supplicant_config_new (FALSE, FALSE); + config = nm_supplicant_config_new (FALSE, FALSE, FALSE, FALSE); s_macsec = nm_device_get_applied_setting (NM_DEVICE (self), NM_TYPE_SETTING_MACSEC); diff --git a/src/devices/wifi/nm-device-wifi.c b/src/devices/wifi/nm-device-wifi.c index a1fa96be9f..db6ccf5b27 100644 --- a/src/devices/wifi/nm-device-wifi.c +++ b/src/devices/wifi/nm-device-wifi.c @@ -2452,7 +2452,9 @@ build_supplicant_config (NMDeviceWifi *self, config = nm_supplicant_config_new ( nm_supplicant_interface_get_pmf_support (priv->sup_iface) == NM_SUPPLICANT_FEATURE_YES, - nm_supplicant_interface_get_fils_support (priv->sup_iface) == NM_SUPPLICANT_FEATURE_YES); + nm_supplicant_interface_get_fils_support (priv->sup_iface) == NM_SUPPLICANT_FEATURE_YES, + nm_supplicant_interface_get_ft_support (priv->sup_iface) == NM_SUPPLICANT_FEATURE_YES, + nm_supplicant_interface_get_sha384_support (priv->sup_iface) == NM_SUPPLICANT_FEATURE_YES); /* Warn if AP mode may not be supported */ if ( g_strcmp0 (nm_setting_wireless_get_mode (s_wireless), NM_SETTING_WIRELESS_MODE_AP) == 0 diff --git a/src/devices/wifi/nm-wifi-ap.c b/src/devices/wifi/nm-wifi-ap.c index feec8e7fa4..8d60bee349 100644 --- a/src/devices/wifi/nm-wifi-ap.c +++ b/src/devices/wifi/nm-wifi-ap.c @@ -417,9 +417,11 @@ security_from_vardict (GVariant *security) if ( g_variant_lookup (security, "KeyMgmt", "^a&s", &array) && array) { - if (g_strv_contains (array, "wpa-psk")) + if (g_strv_contains (array, "wpa-psk") || + g_strv_contains (array, "wpa-ft-psk")) flags |= NM_802_11_AP_SEC_KEY_MGMT_PSK; if (g_strv_contains (array, "wpa-eap") || + g_strv_contains (array, "wpa-ft-eap") || g_strv_contains (array, "wpa-fils-sha256") || g_strv_contains (array, "wpa-fils-sha384")) flags |= NM_802_11_AP_SEC_KEY_MGMT_802_1X; diff --git a/src/supplicant/nm-supplicant-config.c b/src/supplicant/nm-supplicant-config.c index 2fc898c9ea..9873fc8111 100644 --- a/src/supplicant/nm-supplicant-config.c +++ b/src/supplicant/nm-supplicant-config.c @@ -49,6 +49,8 @@ typedef struct { gboolean dispose_has_run; gboolean support_pmf; gboolean support_fils; + gboolean support_ft; + gboolean support_sha384; } NMSupplicantConfigPrivate; struct _NMSupplicantConfig { @@ -67,7 +69,8 @@ G_DEFINE_TYPE (NMSupplicantConfig, nm_supplicant_config, G_TYPE_OBJECT) /*****************************************************************************/ NMSupplicantConfig * -nm_supplicant_config_new (gboolean support_pmf, gboolean support_fils) +nm_supplicant_config_new (gboolean support_pmf, gboolean support_fils, + gboolean support_ft, gboolean support_sha384) { NMSupplicantConfigPrivate *priv; NMSupplicantConfig *self; @@ -77,6 +80,8 @@ nm_supplicant_config_new (gboolean support_pmf, gboolean support_fils) priv->support_pmf = support_pmf; priv->support_fils = support_fils; + priv->support_ft = support_ft; + priv->support_sha384 = support_sha384; return self; } @@ -754,7 +759,8 @@ nm_supplicant_config_add_setting_wireless_security (NMSupplicantConfig *self, GError **error) { NMSupplicantConfigPrivate *priv = NM_SUPPLICANT_CONFIG_GET_PRIVATE (self); - const char *key_mgmt, *key_mgmt_conf, *auth_alg; + nm_auto_free_gstring GString *key_mgmt_conf = NULL; + const char *key_mgmt, *auth_alg; const char *psk; gboolean set_pmf; @@ -773,28 +779,43 @@ nm_supplicant_config_add_setting_wireless_security (NMSupplicantConfig *self, fils = NM_SETTING_WIRELESS_SECURITY_FILS_DISABLE; } - key_mgmt = key_mgmt_conf = nm_setting_wireless_security_get_key_mgmt (setting); + key_mgmt = nm_setting_wireless_security_get_key_mgmt (setting); + key_mgmt_conf = g_string_new (key_mgmt); if (nm_streq (key_mgmt, "wpa-psk")) { if (priv->support_pmf) - key_mgmt_conf = "wpa-psk wpa-psk-sha256"; + g_string_append (key_mgmt_conf, " wpa-psk-sha256"); + if (priv->support_ft) + g_string_append (key_mgmt_conf, " ft-psk"); } else if (nm_streq (key_mgmt, "wpa-eap")) { + if (priv->support_pmf) + g_string_append (key_mgmt_conf, " wpa-eap-sha256"); + if (priv->support_ft) + g_string_append (key_mgmt_conf, " ft-eap"); + if (priv->support_ft && priv->support_sha384) + g_string_append (key_mgmt_conf, " ft-eap-sha384"); switch (fils) { - case NM_SETTING_WIRELESS_SECURITY_FILS_OPTIONAL: - key_mgmt_conf = priv->support_pmf - ? "wpa-eap wpa-eap-sha256 fils-sha256 fils-sha384" - : "wpa-eap fils-sha256 fils-sha384"; - break; case NM_SETTING_WIRELESS_SECURITY_FILS_REQUIRED: - key_mgmt_conf = "fils-sha256 fils-sha384"; + g_string_truncate (key_mgmt_conf, 0); + if (!priv->support_pmf) + g_string_assign (key_mgmt_conf, "fils-sha256 fils-sha384"); + /* fall-through */ + case NM_SETTING_WIRELESS_SECURITY_FILS_OPTIONAL: + if (priv->support_pmf) + g_string_append (key_mgmt_conf, " fils-sha256 fils-sha384"); + if (priv->support_pmf && priv->support_ft) + g_string_append (key_mgmt_conf, " ft-fils-sha256"); + if (priv->support_pmf && priv->support_ft & priv->support_sha384) + g_string_append (key_mgmt_conf, " ft-fils-sha384"); break; default: - if (priv->support_pmf) - key_mgmt_conf = "wpa-eap wpa-eap-sha256"; break; } + } else if (nm_streq (key_mgmt, "sae")) { + if (priv->support_ft) + g_string_append (key_mgmt_conf, " ft-sae"); } - if (!add_string_val (self, key_mgmt_conf, "key_mgmt", TRUE, NULL, error)) + if (!add_string_val (self, key_mgmt_conf->str, "key_mgmt", TRUE, NULL, error)) return FALSE; auth_alg = nm_setting_wireless_security_get_auth_alg (setting); diff --git a/src/supplicant/nm-supplicant-config.h b/src/supplicant/nm-supplicant-config.h index 93038ba5bc..c4e7310d5e 100644 --- a/src/supplicant/nm-supplicant-config.h +++ b/src/supplicant/nm-supplicant-config.h @@ -39,7 +39,8 @@ typedef struct _NMSupplicantConfigClass NMSupplicantConfigClass; GType nm_supplicant_config_get_type (void); -NMSupplicantConfig *nm_supplicant_config_new (gboolean support_pmf, gboolean support_fils); +NMSupplicantConfig *nm_supplicant_config_new (gboolean support_pmf, gboolean support_fils, + gboolean support_ft, gboolean support_sha384); guint32 nm_supplicant_config_get_ap_scan (NMSupplicantConfig *self); diff --git a/src/supplicant/nm-supplicant-interface.c b/src/supplicant/nm-supplicant-interface.c index e94c98765b..1c92b9a747 100644 --- a/src/supplicant/nm-supplicant-interface.c +++ b/src/supplicant/nm-supplicant-interface.c @@ -113,6 +113,8 @@ NM_GOBJECT_PROPERTIES_DEFINE (NMSupplicantInterface, PROP_FILS_SUPPORT, PROP_P2P_SUPPORT, PROP_WFD_SUPPORT, + PROP_FT_SUPPORT, + PROP_SHA384_SUPPORT, ); typedef struct { @@ -125,6 +127,8 @@ typedef struct { NMSupplicantFeature fils_support; NMSupplicantFeature p2p_support; NMSupplicantFeature wfd_support; + NMSupplicantFeature ft_support; + NMSupplicantFeature sha384_support; guint32 max_scan_ssids; guint32 ready_count; @@ -786,6 +790,18 @@ nm_supplicant_interface_get_wfd_support (NMSupplicantInterface *self) return NM_SUPPLICANT_INTERFACE_GET_PRIVATE (self)->wfd_support; } +NMSupplicantFeature +nm_supplicant_interface_get_ft_support (NMSupplicantInterface *self) +{ + return NM_SUPPLICANT_INTERFACE_GET_PRIVATE (self)->ft_support; +} + +NMSupplicantFeature +nm_supplicant_interface_get_sha384_support (NMSupplicantInterface *self) +{ + return NM_SUPPLICANT_INTERFACE_GET_PRIVATE (self)->sha384_support; +} + void nm_supplicant_interface_set_ap_support (NMSupplicantInterface *self, NMSupplicantFeature ap_support) @@ -844,6 +860,24 @@ nm_supplicant_interface_set_wfd_support (NMSupplicantInterface *self, priv->wfd_support = wfd_support; } +void +nm_supplicant_interface_set_ft_support (NMSupplicantInterface *self, + NMSupplicantFeature ft_support) +{ + NMSupplicantInterfacePrivate *priv = NM_SUPPLICANT_INTERFACE_GET_PRIVATE (self); + + priv->ft_support = ft_support; +} + +void +nm_supplicant_interface_set_sha384_support (NMSupplicantInterface *self, + NMSupplicantFeature sha384_support) +{ + NMSupplicantInterfacePrivate *priv = NM_SUPPLICANT_INTERFACE_GET_PRIVATE (self); + + priv->sha384_support = sha384_support; +} + /*****************************************************************************/ static void @@ -2684,6 +2718,14 @@ set_property (GObject *object, /* construct-only */ priv->wfd_support = g_value_get_int (value); break; + case PROP_FT_SUPPORT: + /* construct-only */ + priv->ft_support = g_value_get_int (value); + break; + case PROP_SHA384_SUPPORT: + /* construct-only */ + priv->sha384_support = g_value_get_int (value); + break; default: G_OBJECT_WARN_INVALID_PROPERTY_ID (object, prop_id, pspec); break; @@ -2709,7 +2751,9 @@ nm_supplicant_interface_new (const char *ifname, NMSupplicantFeature pmf_support, NMSupplicantFeature fils_support, NMSupplicantFeature p2p_support, - NMSupplicantFeature wfd_support) + NMSupplicantFeature wfd_support, + NMSupplicantFeature ft_support, + NMSupplicantFeature sha384_support) { /* One of ifname or path need to be set */ g_return_val_if_fail (ifname != NULL || object_path != NULL, NULL); @@ -2725,6 +2769,8 @@ nm_supplicant_interface_new (const char *ifname, NM_SUPPLICANT_INTERFACE_FILS_SUPPORT, (int) fils_support, NM_SUPPLICANT_INTERFACE_P2P_SUPPORT, (int) p2p_support, NM_SUPPLICANT_INTERFACE_WFD_SUPPORT, (int) wfd_support, + NM_SUPPLICANT_INTERFACE_FT_SUPPORT, (int) ft_support, + NM_SUPPLICANT_INTERFACE_SHA384_SUPPORT, (int) sha384_support, NULL); } @@ -2883,6 +2929,22 @@ nm_supplicant_interface_class_init (NMSupplicantInterfaceClass *klass) G_PARAM_WRITABLE | G_PARAM_CONSTRUCT_ONLY | G_PARAM_STATIC_STRINGS); + obj_properties[PROP_FT_SUPPORT] = + g_param_spec_int (NM_SUPPLICANT_INTERFACE_FT_SUPPORT, "", "", + NM_SUPPLICANT_FEATURE_UNKNOWN, + NM_SUPPLICANT_FEATURE_YES, + NM_SUPPLICANT_FEATURE_UNKNOWN, + G_PARAM_WRITABLE | + G_PARAM_CONSTRUCT_ONLY | + G_PARAM_STATIC_STRINGS); + obj_properties[PROP_SHA384_SUPPORT] = + g_param_spec_int (NM_SUPPLICANT_INTERFACE_SHA384_SUPPORT, "", "", + NM_SUPPLICANT_FEATURE_UNKNOWN, + NM_SUPPLICANT_FEATURE_YES, + NM_SUPPLICANT_FEATURE_UNKNOWN, + G_PARAM_WRITABLE | + G_PARAM_CONSTRUCT_ONLY | + G_PARAM_STATIC_STRINGS); g_object_class_install_properties (object_class, _PROPERTY_ENUMS_LAST, obj_properties); diff --git a/src/supplicant/nm-supplicant-interface.h b/src/supplicant/nm-supplicant-interface.h index 2e124df92d..8e9eede6fa 100644 --- a/src/supplicant/nm-supplicant-interface.h +++ b/src/supplicant/nm-supplicant-interface.h @@ -68,6 +68,8 @@ typedef enum { #define NM_SUPPLICANT_INTERFACE_FILS_SUPPORT "fils-support" #define NM_SUPPLICANT_INTERFACE_P2P_SUPPORT "p2p-support" #define NM_SUPPLICANT_INTERFACE_WFD_SUPPORT "wfd-support" +#define NM_SUPPLICANT_INTERFACE_FT_SUPPORT "ft-support" +#define NM_SUPPLICANT_INTERFACE_SHA384_SUPPORT "sha384-support" /* Signals */ #define NM_SUPPLICANT_INTERFACE_STATE "state" @@ -95,7 +97,9 @@ NMSupplicantInterface * nm_supplicant_interface_new (const char *ifname, NMSupplicantFeature pmf_support, NMSupplicantFeature fils_support, NMSupplicantFeature p2p_support, - NMSupplicantFeature wfd_support); + NMSupplicantFeature wfd_support, + NMSupplicantFeature ft_support, + NMSupplicantFeature sha384_support); void nm_supplicant_interface_set_supplicant_available (NMSupplicantInterface *self, gboolean available); @@ -161,6 +165,8 @@ NMSupplicantFeature nm_supplicant_interface_get_pmf_support (NMSupplicantInterfa NMSupplicantFeature nm_supplicant_interface_get_fils_support (NMSupplicantInterface *self); NMSupplicantFeature nm_supplicant_interface_get_p2p_support (NMSupplicantInterface *self); NMSupplicantFeature nm_supplicant_interface_get_wfd_support (NMSupplicantInterface *self); +NMSupplicantFeature nm_supplicant_interface_get_ft_support (NMSupplicantInterface *self); +NMSupplicantFeature nm_supplicant_interface_get_sha384_support (NMSupplicantInterface *self); void nm_supplicant_interface_set_ap_support (NMSupplicantInterface *self, NMSupplicantFeature apmode); @@ -180,6 +186,12 @@ void nm_supplicant_interface_set_p2p_support (NMSupplicantInterface *self, void nm_supplicant_interface_set_wfd_support (NMSupplicantInterface *self, NMSupplicantFeature wfd_support); +void nm_supplicant_interface_set_ft_support (NMSupplicantInterface *self, + NMSupplicantFeature ft_support); + +void nm_supplicant_interface_set_sha384_support (NMSupplicantInterface *self, + NMSupplicantFeature sha384_support); + void nm_supplicant_interface_enroll_wps (NMSupplicantInterface *self, const char *const type, const char *bssid, diff --git a/src/supplicant/nm-supplicant-manager.c b/src/supplicant/nm-supplicant-manager.c index 2945d21ca9..d4b5bd8313 100644 --- a/src/supplicant/nm-supplicant-manager.c +++ b/src/supplicant/nm-supplicant-manager.c @@ -40,6 +40,8 @@ typedef struct { NMSupplicantFeature fils_support; NMSupplicantFeature p2p_support; NMSupplicantFeature wfd_support; + NMSupplicantFeature ft_support; + NMSupplicantFeature sha384_support; guint die_count_reset_id; guint die_count; } NMSupplicantManagerPrivate; @@ -231,7 +233,9 @@ nm_supplicant_manager_create_interface (NMSupplicantManager *self, priv->pmf_support, priv->fils_support, priv->p2p_support, - priv->wfd_support); + priv->wfd_support, + priv->ft_support, + priv->sha384_support); priv->ifaces = g_slist_prepend (priv->ifaces, iface); g_object_add_toggle_ref ((GObject *) iface, _sup_iface_last_ref, self); @@ -288,7 +292,9 @@ nm_supplicant_manager_create_interface_from_path (NMSupplicantManager *self, priv->pmf_support, priv->fils_support, priv->p2p_support, - priv->wfd_support); + priv->wfd_support, + priv->ft_support, + priv->sha384_support); priv->ifaces = g_slist_prepend (priv->ifaces, iface); g_object_add_toggle_ref ((GObject *) iface, _sup_iface_last_ref, self); @@ -324,8 +330,10 @@ update_capabilities (NMSupplicantManager *self) priv->ap_support = NM_SUPPLICANT_FEATURE_UNKNOWN; priv->pmf_support = NM_SUPPLICANT_FEATURE_UNKNOWN; priv->fils_support = NM_SUPPLICANT_FEATURE_UNKNOWN; - /* P2P support is newer than the capabilities property */ + /* Support for the following is newer than the capabilities property */ priv->p2p_support = NM_SUPPLICANT_FEATURE_NO; + priv->ft_support = NM_SUPPLICANT_FEATURE_NO; + priv->sha384_support = NM_SUPPLICANT_FEATURE_NO; value = g_dbus_proxy_get_cached_property (priv->proxy, "Capabilities"); if (value) { @@ -335,6 +343,8 @@ update_capabilities (NMSupplicantManager *self) priv->pmf_support = NM_SUPPLICANT_FEATURE_NO; priv->fils_support = NM_SUPPLICANT_FEATURE_NO; priv->p2p_support = NM_SUPPLICANT_FEATURE_NO; + priv->ft_support = NM_SUPPLICANT_FEATURE_NO; + priv->sha384_support = NM_SUPPLICANT_FEATURE_NO; if (array) { if (g_strv_contains (array, "ap")) priv->ap_support = NM_SUPPLICANT_FEATURE_YES; @@ -344,18 +354,24 @@ update_capabilities (NMSupplicantManager *self) priv->fils_support = NM_SUPPLICANT_FEATURE_YES; if (g_strv_contains (array, "p2p")) priv->p2p_support = NM_SUPPLICANT_FEATURE_YES; + if (g_strv_contains (array, "ft")) + priv->ft_support = NM_SUPPLICANT_FEATURE_YES; + if (g_strv_contains (array, "sha384")) + priv->sha384_support = NM_SUPPLICANT_FEATURE_YES; g_free (array); } } g_variant_unref (value); } - /* Tell all interfaces about results of the AP/PMF/FILS/P2P check */ + /* Tell all interfaces about results of the AP/PMF/FILS/P2P/FT/SHA384 check */ for (ifaces = priv->ifaces; ifaces; ifaces = ifaces->next) { nm_supplicant_interface_set_ap_support (ifaces->data, priv->ap_support); nm_supplicant_interface_set_pmf_support (ifaces->data, priv->pmf_support); nm_supplicant_interface_set_fils_support (ifaces->data, priv->fils_support); nm_supplicant_interface_set_p2p_support (ifaces->data, priv->p2p_support); + nm_supplicant_interface_set_ft_support (ifaces->data, priv->ft_support); + nm_supplicant_interface_set_sha384_support (ifaces->data, priv->sha384_support); } _LOGD ("AP mode is %ssupported", @@ -370,6 +386,12 @@ update_capabilities (NMSupplicantManager *self) _LOGD ("P2P is %ssupported", (priv->p2p_support == NM_SUPPLICANT_FEATURE_YES) ? "" : (priv->p2p_support == NM_SUPPLICANT_FEATURE_NO) ? "not " : "possibly "); + _LOGD ("FT is %ssupported", + (priv->ft_support == NM_SUPPLICANT_FEATURE_YES) ? "" : + (priv->ft_support == NM_SUPPLICANT_FEATURE_NO) ? "not " : "possibly "); + _LOGD ("SHA384 is %ssupported", + (priv->sha384_support == NM_SUPPLICANT_FEATURE_YES) ? "" : + (priv->sha384_support == NM_SUPPLICANT_FEATURE_NO) ? "not " : "possibly "); /* EAP-FAST */ priv->fast_support = NM_SUPPLICANT_FEATURE_NO; @@ -508,6 +530,8 @@ name_owner_cb (GDBusProxy *proxy, GParamSpec *pspec, gpointer user_data) priv->fast_support = NM_SUPPLICANT_FEATURE_UNKNOWN; priv->pmf_support = NM_SUPPLICANT_FEATURE_UNKNOWN; priv->fils_support = NM_SUPPLICANT_FEATURE_UNKNOWN; + priv->ft_support = NM_SUPPLICANT_FEATURE_UNKNOWN; + priv->sha384_support = NM_SUPPLICANT_FEATURE_UNKNOWN; set_running (self, FALSE); } diff --git a/src/supplicant/nm-supplicant-settings-verify.c b/src/supplicant/nm-supplicant-settings-verify.c index b7f1a02237..20466af1d0 100644 --- a/src/supplicant/nm-supplicant-settings-verify.c +++ b/src/supplicant/nm-supplicant-settings-verify.c @@ -66,8 +66,8 @@ static const struct validate_entry validate_table[] = { const char * pairwise_allowed[] = { "CCMP", "TKIP", "NONE", NULL }; const char * group_allowed[] = { "CCMP", "TKIP", "WEP104", "WEP40", NULL }; const char * proto_allowed[] = { "WPA", "RSN", NULL }; -const char * key_mgmt_allowed[] = { "WPA-PSK", "WPA-PSK-SHA256", - "WPA-EAP", "WPA-EAP-SHA256", +const char * key_mgmt_allowed[] = { "WPA-PSK", "WPA-PSK-SHA256", "FT-PSK", + "WPA-EAP", "WPA-EAP-SHA256", "FT-EAP", "FT-EAP-SHA384", "FILS-SHA256", "FILS-SHA384", "IEEE8021X", "WPA-NONE", "SAE", "NONE", NULL }; diff --git a/src/supplicant/tests/test-supplicant-config.c b/src/supplicant/tests/test-supplicant-config.c index 35330d0c8f..819256fb7d 100644 --- a/src/supplicant/tests/test-supplicant-config.c +++ b/src/supplicant/tests/test-supplicant-config.c @@ -110,7 +110,7 @@ build_supplicant_config (NMConnection *connection, NMSetting8021x *s_8021x; gboolean success; - config = nm_supplicant_config_new (support_pmf, support_fils); + config = nm_supplicant_config_new (support_pmf, support_fils, FALSE, FALSE); s_wifi = nm_connection_get_setting_wireless (connection); g_assert (s_wifi);