From bbdb978dc63430515dfd649654d8358a0d832b5a Mon Sep 17 00:00:00 2001 From: Lubomir Rintel Date: Mon, 15 Jul 2019 11:30:12 +0000 Subject: [PATCH 1/5] wifi/ap: recognize FT variants of wpa-psk and wpa-eap --- src/devices/wifi/nm-wifi-ap.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/src/devices/wifi/nm-wifi-ap.c b/src/devices/wifi/nm-wifi-ap.c index feec8e7fa4..8d60bee349 100644 --- a/src/devices/wifi/nm-wifi-ap.c +++ b/src/devices/wifi/nm-wifi-ap.c @@ -417,9 +417,11 @@ security_from_vardict (GVariant *security) if ( g_variant_lookup (security, "KeyMgmt", "^a&s", &array) && array) { - if (g_strv_contains (array, "wpa-psk")) + if (g_strv_contains (array, "wpa-psk") || + g_strv_contains (array, "wpa-ft-psk")) flags |= NM_802_11_AP_SEC_KEY_MGMT_PSK; if (g_strv_contains (array, "wpa-eap") || + g_strv_contains (array, "wpa-ft-eap") || g_strv_contains (array, "wpa-fils-sha256") || g_strv_contains (array, "wpa-fils-sha384")) flags |= NM_802_11_AP_SEC_KEY_MGMT_802_1X; From 3d0d1a21c81418a4e8361301a13f5a51dd6c6674 Mon Sep 17 00:00:00 2001 From: Lubomir Rintel Date: Mon, 15 Jul 2019 11:30:15 +0000 Subject: [PATCH 2/5] supplicant: detect 802.11r fast BSS transition (FT) --- src/supplicant/nm-supplicant-interface.c | 33 +++++++++++++++++++++++- src/supplicant/nm-supplicant-interface.h | 8 +++++- src/supplicant/nm-supplicant-manager.c | 20 +++++++++++--- 3 files changed, 55 insertions(+), 6 deletions(-) diff --git a/src/supplicant/nm-supplicant-interface.c b/src/supplicant/nm-supplicant-interface.c index e94c98765b..2eaa1401e6 100644 --- a/src/supplicant/nm-supplicant-interface.c +++ b/src/supplicant/nm-supplicant-interface.c @@ -113,6 +113,7 @@ NM_GOBJECT_PROPERTIES_DEFINE (NMSupplicantInterface, PROP_FILS_SUPPORT, PROP_P2P_SUPPORT, PROP_WFD_SUPPORT, + PROP_FT_SUPPORT, ); typedef struct { @@ -125,6 +126,7 @@ typedef struct { NMSupplicantFeature fils_support; NMSupplicantFeature p2p_support; NMSupplicantFeature wfd_support; + NMSupplicantFeature ft_support; guint32 max_scan_ssids; guint32 ready_count; @@ -786,6 +788,12 @@ nm_supplicant_interface_get_wfd_support (NMSupplicantInterface *self) return NM_SUPPLICANT_INTERFACE_GET_PRIVATE (self)->wfd_support; } +NMSupplicantFeature +nm_supplicant_interface_get_ft_support (NMSupplicantInterface *self) +{ + return NM_SUPPLICANT_INTERFACE_GET_PRIVATE (self)->ft_support; +} + void nm_supplicant_interface_set_ap_support (NMSupplicantInterface *self, NMSupplicantFeature ap_support) @@ -844,6 +852,15 @@ nm_supplicant_interface_set_wfd_support (NMSupplicantInterface *self, priv->wfd_support = wfd_support; } +void +nm_supplicant_interface_set_ft_support (NMSupplicantInterface *self, + NMSupplicantFeature ft_support) +{ + NMSupplicantInterfacePrivate *priv = NM_SUPPLICANT_INTERFACE_GET_PRIVATE (self); + + priv->ft_support = ft_support; +} + /*****************************************************************************/ static void @@ -2684,6 +2701,10 @@ set_property (GObject *object, /* construct-only */ priv->wfd_support = g_value_get_int (value); break; + case PROP_FT_SUPPORT: + /* construct-only */ + priv->ft_support = g_value_get_int (value); + break; default: G_OBJECT_WARN_INVALID_PROPERTY_ID (object, prop_id, pspec); break; @@ -2709,7 +2730,8 @@ nm_supplicant_interface_new (const char *ifname, NMSupplicantFeature pmf_support, NMSupplicantFeature fils_support, NMSupplicantFeature p2p_support, - NMSupplicantFeature wfd_support) + NMSupplicantFeature wfd_support, + NMSupplicantFeature ft_support) { /* One of ifname or path need to be set */ g_return_val_if_fail (ifname != NULL || object_path != NULL, NULL); @@ -2725,6 +2747,7 @@ nm_supplicant_interface_new (const char *ifname, NM_SUPPLICANT_INTERFACE_FILS_SUPPORT, (int) fils_support, NM_SUPPLICANT_INTERFACE_P2P_SUPPORT, (int) p2p_support, NM_SUPPLICANT_INTERFACE_WFD_SUPPORT, (int) wfd_support, + NM_SUPPLICANT_INTERFACE_FT_SUPPORT, (int) ft_support, NULL); } @@ -2883,6 +2906,14 @@ nm_supplicant_interface_class_init (NMSupplicantInterfaceClass *klass) G_PARAM_WRITABLE | G_PARAM_CONSTRUCT_ONLY | G_PARAM_STATIC_STRINGS); + obj_properties[PROP_FT_SUPPORT] = + g_param_spec_int (NM_SUPPLICANT_INTERFACE_FT_SUPPORT, "", "", + NM_SUPPLICANT_FEATURE_UNKNOWN, + NM_SUPPLICANT_FEATURE_YES, + NM_SUPPLICANT_FEATURE_UNKNOWN, + G_PARAM_WRITABLE | + G_PARAM_CONSTRUCT_ONLY | + G_PARAM_STATIC_STRINGS); g_object_class_install_properties (object_class, _PROPERTY_ENUMS_LAST, obj_properties); diff --git a/src/supplicant/nm-supplicant-interface.h b/src/supplicant/nm-supplicant-interface.h index 2e124df92d..0b33a4e410 100644 --- a/src/supplicant/nm-supplicant-interface.h +++ b/src/supplicant/nm-supplicant-interface.h @@ -68,6 +68,7 @@ typedef enum { #define NM_SUPPLICANT_INTERFACE_FILS_SUPPORT "fils-support" #define NM_SUPPLICANT_INTERFACE_P2P_SUPPORT "p2p-support" #define NM_SUPPLICANT_INTERFACE_WFD_SUPPORT "wfd-support" +#define NM_SUPPLICANT_INTERFACE_FT_SUPPORT "ft-support" /* Signals */ #define NM_SUPPLICANT_INTERFACE_STATE "state" @@ -95,7 +96,8 @@ NMSupplicantInterface * nm_supplicant_interface_new (const char *ifname, NMSupplicantFeature pmf_support, NMSupplicantFeature fils_support, NMSupplicantFeature p2p_support, - NMSupplicantFeature wfd_support); + NMSupplicantFeature wfd_support, + NMSupplicantFeature ft_support); void nm_supplicant_interface_set_supplicant_available (NMSupplicantInterface *self, gboolean available); @@ -161,6 +163,7 @@ NMSupplicantFeature nm_supplicant_interface_get_pmf_support (NMSupplicantInterfa NMSupplicantFeature nm_supplicant_interface_get_fils_support (NMSupplicantInterface *self); NMSupplicantFeature nm_supplicant_interface_get_p2p_support (NMSupplicantInterface *self); NMSupplicantFeature nm_supplicant_interface_get_wfd_support (NMSupplicantInterface *self); +NMSupplicantFeature nm_supplicant_interface_get_ft_support (NMSupplicantInterface *self); void nm_supplicant_interface_set_ap_support (NMSupplicantInterface *self, NMSupplicantFeature apmode); @@ -180,6 +183,9 @@ void nm_supplicant_interface_set_p2p_support (NMSupplicantInterface *self, void nm_supplicant_interface_set_wfd_support (NMSupplicantInterface *self, NMSupplicantFeature wfd_support); +void nm_supplicant_interface_set_ft_support (NMSupplicantInterface *self, + NMSupplicantFeature ft_support); + void nm_supplicant_interface_enroll_wps (NMSupplicantInterface *self, const char *const type, const char *bssid, diff --git a/src/supplicant/nm-supplicant-manager.c b/src/supplicant/nm-supplicant-manager.c index 2945d21ca9..f7a3bdbf27 100644 --- a/src/supplicant/nm-supplicant-manager.c +++ b/src/supplicant/nm-supplicant-manager.c @@ -40,6 +40,7 @@ typedef struct { NMSupplicantFeature fils_support; NMSupplicantFeature p2p_support; NMSupplicantFeature wfd_support; + NMSupplicantFeature ft_support; guint die_count_reset_id; guint die_count; } NMSupplicantManagerPrivate; @@ -231,7 +232,8 @@ nm_supplicant_manager_create_interface (NMSupplicantManager *self, priv->pmf_support, priv->fils_support, priv->p2p_support, - priv->wfd_support); + priv->wfd_support, + priv->ft_support); priv->ifaces = g_slist_prepend (priv->ifaces, iface); g_object_add_toggle_ref ((GObject *) iface, _sup_iface_last_ref, self); @@ -288,7 +290,8 @@ nm_supplicant_manager_create_interface_from_path (NMSupplicantManager *self, priv->pmf_support, priv->fils_support, priv->p2p_support, - priv->wfd_support); + priv->wfd_support, + priv->ft_support); priv->ifaces = g_slist_prepend (priv->ifaces, iface); g_object_add_toggle_ref ((GObject *) iface, _sup_iface_last_ref, self); @@ -324,8 +327,9 @@ update_capabilities (NMSupplicantManager *self) priv->ap_support = NM_SUPPLICANT_FEATURE_UNKNOWN; priv->pmf_support = NM_SUPPLICANT_FEATURE_UNKNOWN; priv->fils_support = NM_SUPPLICANT_FEATURE_UNKNOWN; - /* P2P support is newer than the capabilities property */ + /* Support for the following is newer than the capabilities property */ priv->p2p_support = NM_SUPPLICANT_FEATURE_NO; + priv->ft_support = NM_SUPPLICANT_FEATURE_NO; value = g_dbus_proxy_get_cached_property (priv->proxy, "Capabilities"); if (value) { @@ -335,6 +339,7 @@ update_capabilities (NMSupplicantManager *self) priv->pmf_support = NM_SUPPLICANT_FEATURE_NO; priv->fils_support = NM_SUPPLICANT_FEATURE_NO; priv->p2p_support = NM_SUPPLICANT_FEATURE_NO; + priv->ft_support = NM_SUPPLICANT_FEATURE_NO; if (array) { if (g_strv_contains (array, "ap")) priv->ap_support = NM_SUPPLICANT_FEATURE_YES; @@ -344,18 +349,21 @@ update_capabilities (NMSupplicantManager *self) priv->fils_support = NM_SUPPLICANT_FEATURE_YES; if (g_strv_contains (array, "p2p")) priv->p2p_support = NM_SUPPLICANT_FEATURE_YES; + if (g_strv_contains (array, "ft")) + priv->ft_support = NM_SUPPLICANT_FEATURE_YES; g_free (array); } } g_variant_unref (value); } - /* Tell all interfaces about results of the AP/PMF/FILS/P2P check */ + /* Tell all interfaces about results of the AP/PMF/FILS/P2P/FT check */ for (ifaces = priv->ifaces; ifaces; ifaces = ifaces->next) { nm_supplicant_interface_set_ap_support (ifaces->data, priv->ap_support); nm_supplicant_interface_set_pmf_support (ifaces->data, priv->pmf_support); nm_supplicant_interface_set_fils_support (ifaces->data, priv->fils_support); nm_supplicant_interface_set_p2p_support (ifaces->data, priv->p2p_support); + nm_supplicant_interface_set_ft_support (ifaces->data, priv->ft_support); } _LOGD ("AP mode is %ssupported", @@ -370,6 +378,9 @@ update_capabilities (NMSupplicantManager *self) _LOGD ("P2P is %ssupported", (priv->p2p_support == NM_SUPPLICANT_FEATURE_YES) ? "" : (priv->p2p_support == NM_SUPPLICANT_FEATURE_NO) ? "not " : "possibly "); + _LOGD ("FT is %ssupported", + (priv->ft_support == NM_SUPPLICANT_FEATURE_YES) ? "" : + (priv->ft_support == NM_SUPPLICANT_FEATURE_NO) ? "not " : "possibly "); /* EAP-FAST */ priv->fast_support = NM_SUPPLICANT_FEATURE_NO; @@ -508,6 +519,7 @@ name_owner_cb (GDBusProxy *proxy, GParamSpec *pspec, gpointer user_data) priv->fast_support = NM_SUPPLICANT_FEATURE_UNKNOWN; priv->pmf_support = NM_SUPPLICANT_FEATURE_UNKNOWN; priv->fils_support = NM_SUPPLICANT_FEATURE_UNKNOWN; + priv->ft_support = NM_SUPPLICANT_FEATURE_UNKNOWN; set_running (self, FALSE); } From f5cd641c05bc9ced749a39852cb5a59bcdf2154b Mon Sep 17 00:00:00 2001 From: Lubomir Rintel Date: Mon, 15 Jul 2019 11:30:19 +0000 Subject: [PATCH 3/5] supplicant: detect SHA384 support --- src/supplicant/nm-supplicant-interface.c | 33 +++++++++++++++++++++++- src/supplicant/nm-supplicant-interface.h | 8 +++++- src/supplicant/nm-supplicant-manager.c | 18 ++++++++++--- 3 files changed, 54 insertions(+), 5 deletions(-) diff --git a/src/supplicant/nm-supplicant-interface.c b/src/supplicant/nm-supplicant-interface.c index 2eaa1401e6..1c92b9a747 100644 --- a/src/supplicant/nm-supplicant-interface.c +++ b/src/supplicant/nm-supplicant-interface.c @@ -114,6 +114,7 @@ NM_GOBJECT_PROPERTIES_DEFINE (NMSupplicantInterface, PROP_P2P_SUPPORT, PROP_WFD_SUPPORT, PROP_FT_SUPPORT, + PROP_SHA384_SUPPORT, ); typedef struct { @@ -127,6 +128,7 @@ typedef struct { NMSupplicantFeature p2p_support; NMSupplicantFeature wfd_support; NMSupplicantFeature ft_support; + NMSupplicantFeature sha384_support; guint32 max_scan_ssids; guint32 ready_count; @@ -794,6 +796,12 @@ nm_supplicant_interface_get_ft_support (NMSupplicantInterface *self) return NM_SUPPLICANT_INTERFACE_GET_PRIVATE (self)->ft_support; } +NMSupplicantFeature +nm_supplicant_interface_get_sha384_support (NMSupplicantInterface *self) +{ + return NM_SUPPLICANT_INTERFACE_GET_PRIVATE (self)->sha384_support; +} + void nm_supplicant_interface_set_ap_support (NMSupplicantInterface *self, NMSupplicantFeature ap_support) @@ -861,6 +869,15 @@ nm_supplicant_interface_set_ft_support (NMSupplicantInterface *self, priv->ft_support = ft_support; } +void +nm_supplicant_interface_set_sha384_support (NMSupplicantInterface *self, + NMSupplicantFeature sha384_support) +{ + NMSupplicantInterfacePrivate *priv = NM_SUPPLICANT_INTERFACE_GET_PRIVATE (self); + + priv->sha384_support = sha384_support; +} + /*****************************************************************************/ static void @@ -2705,6 +2722,10 @@ set_property (GObject *object, /* construct-only */ priv->ft_support = g_value_get_int (value); break; + case PROP_SHA384_SUPPORT: + /* construct-only */ + priv->sha384_support = g_value_get_int (value); + break; default: G_OBJECT_WARN_INVALID_PROPERTY_ID (object, prop_id, pspec); break; @@ -2731,7 +2752,8 @@ nm_supplicant_interface_new (const char *ifname, NMSupplicantFeature fils_support, NMSupplicantFeature p2p_support, NMSupplicantFeature wfd_support, - NMSupplicantFeature ft_support) + NMSupplicantFeature ft_support, + NMSupplicantFeature sha384_support) { /* One of ifname or path need to be set */ g_return_val_if_fail (ifname != NULL || object_path != NULL, NULL); @@ -2748,6 +2770,7 @@ nm_supplicant_interface_new (const char *ifname, NM_SUPPLICANT_INTERFACE_P2P_SUPPORT, (int) p2p_support, NM_SUPPLICANT_INTERFACE_WFD_SUPPORT, (int) wfd_support, NM_SUPPLICANT_INTERFACE_FT_SUPPORT, (int) ft_support, + NM_SUPPLICANT_INTERFACE_SHA384_SUPPORT, (int) sha384_support, NULL); } @@ -2914,6 +2937,14 @@ nm_supplicant_interface_class_init (NMSupplicantInterfaceClass *klass) G_PARAM_WRITABLE | G_PARAM_CONSTRUCT_ONLY | G_PARAM_STATIC_STRINGS); + obj_properties[PROP_SHA384_SUPPORT] = + g_param_spec_int (NM_SUPPLICANT_INTERFACE_SHA384_SUPPORT, "", "", + NM_SUPPLICANT_FEATURE_UNKNOWN, + NM_SUPPLICANT_FEATURE_YES, + NM_SUPPLICANT_FEATURE_UNKNOWN, + G_PARAM_WRITABLE | + G_PARAM_CONSTRUCT_ONLY | + G_PARAM_STATIC_STRINGS); g_object_class_install_properties (object_class, _PROPERTY_ENUMS_LAST, obj_properties); diff --git a/src/supplicant/nm-supplicant-interface.h b/src/supplicant/nm-supplicant-interface.h index 0b33a4e410..8e9eede6fa 100644 --- a/src/supplicant/nm-supplicant-interface.h +++ b/src/supplicant/nm-supplicant-interface.h @@ -69,6 +69,7 @@ typedef enum { #define NM_SUPPLICANT_INTERFACE_P2P_SUPPORT "p2p-support" #define NM_SUPPLICANT_INTERFACE_WFD_SUPPORT "wfd-support" #define NM_SUPPLICANT_INTERFACE_FT_SUPPORT "ft-support" +#define NM_SUPPLICANT_INTERFACE_SHA384_SUPPORT "sha384-support" /* Signals */ #define NM_SUPPLICANT_INTERFACE_STATE "state" @@ -97,7 +98,8 @@ NMSupplicantInterface * nm_supplicant_interface_new (const char *ifname, NMSupplicantFeature fils_support, NMSupplicantFeature p2p_support, NMSupplicantFeature wfd_support, - NMSupplicantFeature ft_support); + NMSupplicantFeature ft_support, + NMSupplicantFeature sha384_support); void nm_supplicant_interface_set_supplicant_available (NMSupplicantInterface *self, gboolean available); @@ -164,6 +166,7 @@ NMSupplicantFeature nm_supplicant_interface_get_fils_support (NMSupplicantInterf NMSupplicantFeature nm_supplicant_interface_get_p2p_support (NMSupplicantInterface *self); NMSupplicantFeature nm_supplicant_interface_get_wfd_support (NMSupplicantInterface *self); NMSupplicantFeature nm_supplicant_interface_get_ft_support (NMSupplicantInterface *self); +NMSupplicantFeature nm_supplicant_interface_get_sha384_support (NMSupplicantInterface *self); void nm_supplicant_interface_set_ap_support (NMSupplicantInterface *self, NMSupplicantFeature apmode); @@ -186,6 +189,9 @@ void nm_supplicant_interface_set_wfd_support (NMSupplicantInterface *self, void nm_supplicant_interface_set_ft_support (NMSupplicantInterface *self, NMSupplicantFeature ft_support); +void nm_supplicant_interface_set_sha384_support (NMSupplicantInterface *self, + NMSupplicantFeature sha384_support); + void nm_supplicant_interface_enroll_wps (NMSupplicantInterface *self, const char *const type, const char *bssid, diff --git a/src/supplicant/nm-supplicant-manager.c b/src/supplicant/nm-supplicant-manager.c index f7a3bdbf27..d4b5bd8313 100644 --- a/src/supplicant/nm-supplicant-manager.c +++ b/src/supplicant/nm-supplicant-manager.c @@ -41,6 +41,7 @@ typedef struct { NMSupplicantFeature p2p_support; NMSupplicantFeature wfd_support; NMSupplicantFeature ft_support; + NMSupplicantFeature sha384_support; guint die_count_reset_id; guint die_count; } NMSupplicantManagerPrivate; @@ -233,7 +234,8 @@ nm_supplicant_manager_create_interface (NMSupplicantManager *self, priv->fils_support, priv->p2p_support, priv->wfd_support, - priv->ft_support); + priv->ft_support, + priv->sha384_support); priv->ifaces = g_slist_prepend (priv->ifaces, iface); g_object_add_toggle_ref ((GObject *) iface, _sup_iface_last_ref, self); @@ -291,7 +293,8 @@ nm_supplicant_manager_create_interface_from_path (NMSupplicantManager *self, priv->fils_support, priv->p2p_support, priv->wfd_support, - priv->ft_support); + priv->ft_support, + priv->sha384_support); priv->ifaces = g_slist_prepend (priv->ifaces, iface); g_object_add_toggle_ref ((GObject *) iface, _sup_iface_last_ref, self); @@ -330,6 +333,7 @@ update_capabilities (NMSupplicantManager *self) /* Support for the following is newer than the capabilities property */ priv->p2p_support = NM_SUPPLICANT_FEATURE_NO; priv->ft_support = NM_SUPPLICANT_FEATURE_NO; + priv->sha384_support = NM_SUPPLICANT_FEATURE_NO; value = g_dbus_proxy_get_cached_property (priv->proxy, "Capabilities"); if (value) { @@ -340,6 +344,7 @@ update_capabilities (NMSupplicantManager *self) priv->fils_support = NM_SUPPLICANT_FEATURE_NO; priv->p2p_support = NM_SUPPLICANT_FEATURE_NO; priv->ft_support = NM_SUPPLICANT_FEATURE_NO; + priv->sha384_support = NM_SUPPLICANT_FEATURE_NO; if (array) { if (g_strv_contains (array, "ap")) priv->ap_support = NM_SUPPLICANT_FEATURE_YES; @@ -351,19 +356,22 @@ update_capabilities (NMSupplicantManager *self) priv->p2p_support = NM_SUPPLICANT_FEATURE_YES; if (g_strv_contains (array, "ft")) priv->ft_support = NM_SUPPLICANT_FEATURE_YES; + if (g_strv_contains (array, "sha384")) + priv->sha384_support = NM_SUPPLICANT_FEATURE_YES; g_free (array); } } g_variant_unref (value); } - /* Tell all interfaces about results of the AP/PMF/FILS/P2P/FT check */ + /* Tell all interfaces about results of the AP/PMF/FILS/P2P/FT/SHA384 check */ for (ifaces = priv->ifaces; ifaces; ifaces = ifaces->next) { nm_supplicant_interface_set_ap_support (ifaces->data, priv->ap_support); nm_supplicant_interface_set_pmf_support (ifaces->data, priv->pmf_support); nm_supplicant_interface_set_fils_support (ifaces->data, priv->fils_support); nm_supplicant_interface_set_p2p_support (ifaces->data, priv->p2p_support); nm_supplicant_interface_set_ft_support (ifaces->data, priv->ft_support); + nm_supplicant_interface_set_sha384_support (ifaces->data, priv->sha384_support); } _LOGD ("AP mode is %ssupported", @@ -381,6 +389,9 @@ update_capabilities (NMSupplicantManager *self) _LOGD ("FT is %ssupported", (priv->ft_support == NM_SUPPLICANT_FEATURE_YES) ? "" : (priv->ft_support == NM_SUPPLICANT_FEATURE_NO) ? "not " : "possibly "); + _LOGD ("SHA384 is %ssupported", + (priv->sha384_support == NM_SUPPLICANT_FEATURE_YES) ? "" : + (priv->sha384_support == NM_SUPPLICANT_FEATURE_NO) ? "not " : "possibly "); /* EAP-FAST */ priv->fast_support = NM_SUPPLICANT_FEATURE_NO; @@ -520,6 +531,7 @@ name_owner_cb (GDBusProxy *proxy, GParamSpec *pspec, gpointer user_data) priv->pmf_support = NM_SUPPLICANT_FEATURE_UNKNOWN; priv->fils_support = NM_SUPPLICANT_FEATURE_UNKNOWN; priv->ft_support = NM_SUPPLICANT_FEATURE_UNKNOWN; + priv->sha384_support = NM_SUPPLICANT_FEATURE_UNKNOWN; set_running (self, FALSE); } From 5480ec853702787a39bba2eec4cc7d03d07600c2 Mon Sep 17 00:00:00 2001 From: Lubomir Rintel Date: Mon, 15 Jul 2019 11:30:27 +0000 Subject: [PATCH 4/5] supplicant: reorganize the routine that sets key_mgmt a bit This is functionally equivalent, it only makes it easier to plug in the FT enablement logic at a later point. --- src/supplicant/nm-supplicant-config.c | 25 +++++++++++++------------ 1 file changed, 13 insertions(+), 12 deletions(-) diff --git a/src/supplicant/nm-supplicant-config.c b/src/supplicant/nm-supplicant-config.c index 2fc898c9ea..0e20a2790a 100644 --- a/src/supplicant/nm-supplicant-config.c +++ b/src/supplicant/nm-supplicant-config.c @@ -754,7 +754,8 @@ nm_supplicant_config_add_setting_wireless_security (NMSupplicantConfig *self, GError **error) { NMSupplicantConfigPrivate *priv = NM_SUPPLICANT_CONFIG_GET_PRIVATE (self); - const char *key_mgmt, *key_mgmt_conf, *auth_alg; + nm_auto_free_gstring GString *key_mgmt_conf = NULL; + const char *key_mgmt, *auth_alg; const char *psk; gboolean set_pmf; @@ -773,28 +774,28 @@ nm_supplicant_config_add_setting_wireless_security (NMSupplicantConfig *self, fils = NM_SETTING_WIRELESS_SECURITY_FILS_DISABLE; } - key_mgmt = key_mgmt_conf = nm_setting_wireless_security_get_key_mgmt (setting); + key_mgmt = nm_setting_wireless_security_get_key_mgmt (setting); + key_mgmt_conf = g_string_new (key_mgmt); if (nm_streq (key_mgmt, "wpa-psk")) { if (priv->support_pmf) - key_mgmt_conf = "wpa-psk wpa-psk-sha256"; + g_string_append (key_mgmt_conf, " wpa-psk-sha256"); } else if (nm_streq (key_mgmt, "wpa-eap")) { + if (priv->support_pmf) + g_string_append (key_mgmt_conf, " wpa-eap-sha256"); switch (fils) { - case NM_SETTING_WIRELESS_SECURITY_FILS_OPTIONAL: - key_mgmt_conf = priv->support_pmf - ? "wpa-eap wpa-eap-sha256 fils-sha256 fils-sha384" - : "wpa-eap fils-sha256 fils-sha384"; - break; case NM_SETTING_WIRELESS_SECURITY_FILS_REQUIRED: - key_mgmt_conf = "fils-sha256 fils-sha384"; + g_string_assign (key_mgmt_conf, "fils-sha256 fils-sha384"); + break; + case NM_SETTING_WIRELESS_SECURITY_FILS_OPTIONAL: + if (priv->support_pmf) + g_string_append (key_mgmt_conf, " fils-sha256 fils-sha384"); break; default: - if (priv->support_pmf) - key_mgmt_conf = "wpa-eap wpa-eap-sha256"; break; } } - if (!add_string_val (self, key_mgmt_conf, "key_mgmt", TRUE, NULL, error)) + if (!add_string_val (self, key_mgmt_conf->str, "key_mgmt", TRUE, NULL, error)) return FALSE; auth_alg = nm_setting_wireless_security_get_auth_alg (setting); From d17a0a0905552fce1c0f5141c9c956dcd67bf9cf Mon Sep 17 00:00:00 2001 From: Lubomir Rintel Date: Mon, 15 Jul 2019 11:30:30 +0000 Subject: [PATCH 5/5] supplicant: allow fast transition for WPA-PSK and WPA-EAP https://gitlab.freedesktop.org/NetworkManager/NetworkManager/issues/4 --- src/devices/nm-device-ethernet.c | 2 +- src/devices/nm-device-macsec.c | 2 +- src/devices/wifi/nm-device-wifi.c | 4 ++- src/supplicant/nm-supplicant-config.c | 26 ++++++++++++++++--- src/supplicant/nm-supplicant-config.h | 3 ++- .../nm-supplicant-settings-verify.c | 4 +-- src/supplicant/tests/test-supplicant-config.c | 2 +- 7 files changed, 33 insertions(+), 10 deletions(-) diff --git a/src/devices/nm-device-ethernet.c b/src/devices/nm-device-ethernet.c index 0d45dfdeda..3e84847ed1 100644 --- a/src/devices/nm-device-ethernet.c +++ b/src/devices/nm-device-ethernet.c @@ -560,7 +560,7 @@ build_supplicant_config (NMDeviceEthernet *self, mtu = nm_platform_link_get_mtu (nm_device_get_platform (NM_DEVICE (self)), nm_device_get_ifindex (NM_DEVICE (self))); - config = nm_supplicant_config_new (FALSE, FALSE); + config = nm_supplicant_config_new (FALSE, FALSE, FALSE, FALSE); security = nm_connection_get_setting_802_1x (connection); if (!nm_supplicant_config_add_setting_8021x (config, security, con_uuid, mtu, TRUE, error)) { diff --git a/src/devices/nm-device-macsec.c b/src/devices/nm-device-macsec.c index 54e04a1bf5..e3e3a895b2 100644 --- a/src/devices/nm-device-macsec.c +++ b/src/devices/nm-device-macsec.c @@ -224,7 +224,7 @@ build_supplicant_config (NMDeviceMacsec *self, GError **error) mtu = nm_platform_link_get_mtu (nm_device_get_platform (NM_DEVICE (self)), nm_device_get_ifindex (NM_DEVICE (self))); - config = nm_supplicant_config_new (FALSE, FALSE); + config = nm_supplicant_config_new (FALSE, FALSE, FALSE, FALSE); s_macsec = nm_device_get_applied_setting (NM_DEVICE (self), NM_TYPE_SETTING_MACSEC); diff --git a/src/devices/wifi/nm-device-wifi.c b/src/devices/wifi/nm-device-wifi.c index a1fa96be9f..db6ccf5b27 100644 --- a/src/devices/wifi/nm-device-wifi.c +++ b/src/devices/wifi/nm-device-wifi.c @@ -2452,7 +2452,9 @@ build_supplicant_config (NMDeviceWifi *self, config = nm_supplicant_config_new ( nm_supplicant_interface_get_pmf_support (priv->sup_iface) == NM_SUPPLICANT_FEATURE_YES, - nm_supplicant_interface_get_fils_support (priv->sup_iface) == NM_SUPPLICANT_FEATURE_YES); + nm_supplicant_interface_get_fils_support (priv->sup_iface) == NM_SUPPLICANT_FEATURE_YES, + nm_supplicant_interface_get_ft_support (priv->sup_iface) == NM_SUPPLICANT_FEATURE_YES, + nm_supplicant_interface_get_sha384_support (priv->sup_iface) == NM_SUPPLICANT_FEATURE_YES); /* Warn if AP mode may not be supported */ if ( g_strcmp0 (nm_setting_wireless_get_mode (s_wireless), NM_SETTING_WIRELESS_MODE_AP) == 0 diff --git a/src/supplicant/nm-supplicant-config.c b/src/supplicant/nm-supplicant-config.c index 0e20a2790a..9873fc8111 100644 --- a/src/supplicant/nm-supplicant-config.c +++ b/src/supplicant/nm-supplicant-config.c @@ -49,6 +49,8 @@ typedef struct { gboolean dispose_has_run; gboolean support_pmf; gboolean support_fils; + gboolean support_ft; + gboolean support_sha384; } NMSupplicantConfigPrivate; struct _NMSupplicantConfig { @@ -67,7 +69,8 @@ G_DEFINE_TYPE (NMSupplicantConfig, nm_supplicant_config, G_TYPE_OBJECT) /*****************************************************************************/ NMSupplicantConfig * -nm_supplicant_config_new (gboolean support_pmf, gboolean support_fils) +nm_supplicant_config_new (gboolean support_pmf, gboolean support_fils, + gboolean support_ft, gboolean support_sha384) { NMSupplicantConfigPrivate *priv; NMSupplicantConfig *self; @@ -77,6 +80,8 @@ nm_supplicant_config_new (gboolean support_pmf, gboolean support_fils) priv->support_pmf = support_pmf; priv->support_fils = support_fils; + priv->support_ft = support_ft; + priv->support_sha384 = support_sha384; return self; } @@ -779,20 +784,35 @@ nm_supplicant_config_add_setting_wireless_security (NMSupplicantConfig *self, if (nm_streq (key_mgmt, "wpa-psk")) { if (priv->support_pmf) g_string_append (key_mgmt_conf, " wpa-psk-sha256"); + if (priv->support_ft) + g_string_append (key_mgmt_conf, " ft-psk"); } else if (nm_streq (key_mgmt, "wpa-eap")) { if (priv->support_pmf) g_string_append (key_mgmt_conf, " wpa-eap-sha256"); + if (priv->support_ft) + g_string_append (key_mgmt_conf, " ft-eap"); + if (priv->support_ft && priv->support_sha384) + g_string_append (key_mgmt_conf, " ft-eap-sha384"); switch (fils) { case NM_SETTING_WIRELESS_SECURITY_FILS_REQUIRED: - g_string_assign (key_mgmt_conf, "fils-sha256 fils-sha384"); - break; + g_string_truncate (key_mgmt_conf, 0); + if (!priv->support_pmf) + g_string_assign (key_mgmt_conf, "fils-sha256 fils-sha384"); + /* fall-through */ case NM_SETTING_WIRELESS_SECURITY_FILS_OPTIONAL: if (priv->support_pmf) g_string_append (key_mgmt_conf, " fils-sha256 fils-sha384"); + if (priv->support_pmf && priv->support_ft) + g_string_append (key_mgmt_conf, " ft-fils-sha256"); + if (priv->support_pmf && priv->support_ft & priv->support_sha384) + g_string_append (key_mgmt_conf, " ft-fils-sha384"); break; default: break; } + } else if (nm_streq (key_mgmt, "sae")) { + if (priv->support_ft) + g_string_append (key_mgmt_conf, " ft-sae"); } if (!add_string_val (self, key_mgmt_conf->str, "key_mgmt", TRUE, NULL, error)) diff --git a/src/supplicant/nm-supplicant-config.h b/src/supplicant/nm-supplicant-config.h index 93038ba5bc..c4e7310d5e 100644 --- a/src/supplicant/nm-supplicant-config.h +++ b/src/supplicant/nm-supplicant-config.h @@ -39,7 +39,8 @@ typedef struct _NMSupplicantConfigClass NMSupplicantConfigClass; GType nm_supplicant_config_get_type (void); -NMSupplicantConfig *nm_supplicant_config_new (gboolean support_pmf, gboolean support_fils); +NMSupplicantConfig *nm_supplicant_config_new (gboolean support_pmf, gboolean support_fils, + gboolean support_ft, gboolean support_sha384); guint32 nm_supplicant_config_get_ap_scan (NMSupplicantConfig *self); diff --git a/src/supplicant/nm-supplicant-settings-verify.c b/src/supplicant/nm-supplicant-settings-verify.c index b7f1a02237..20466af1d0 100644 --- a/src/supplicant/nm-supplicant-settings-verify.c +++ b/src/supplicant/nm-supplicant-settings-verify.c @@ -66,8 +66,8 @@ static const struct validate_entry validate_table[] = { const char * pairwise_allowed[] = { "CCMP", "TKIP", "NONE", NULL }; const char * group_allowed[] = { "CCMP", "TKIP", "WEP104", "WEP40", NULL }; const char * proto_allowed[] = { "WPA", "RSN", NULL }; -const char * key_mgmt_allowed[] = { "WPA-PSK", "WPA-PSK-SHA256", - "WPA-EAP", "WPA-EAP-SHA256", +const char * key_mgmt_allowed[] = { "WPA-PSK", "WPA-PSK-SHA256", "FT-PSK", + "WPA-EAP", "WPA-EAP-SHA256", "FT-EAP", "FT-EAP-SHA384", "FILS-SHA256", "FILS-SHA384", "IEEE8021X", "WPA-NONE", "SAE", "NONE", NULL }; diff --git a/src/supplicant/tests/test-supplicant-config.c b/src/supplicant/tests/test-supplicant-config.c index 35330d0c8f..819256fb7d 100644 --- a/src/supplicant/tests/test-supplicant-config.c +++ b/src/supplicant/tests/test-supplicant-config.c @@ -110,7 +110,7 @@ build_supplicant_config (NMConnection *connection, NMSetting8021x *s_8021x; gboolean success; - config = nm_supplicant_config_new (support_pmf, support_fils); + config = nm_supplicant_config_new (support_pmf, support_fils, FALSE, FALSE); s_wifi = nm_connection_get_setting_wireless (connection); g_assert (s_wifi);