supplicant: enable SAE-H2E

H2E (hash to element) is a newer method for generating the PWE (password element) for SAE, alternative to the existing "hunting-and-pecking". It is considered more secure and it is mandatory for the WPA3 certification; also, SAE in the 6GHz band can only use H2E (hunting-and-pecking is disallowed). Enable H2E in addition to hunting-and-pecking. https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/issues/753 https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/merge_requests/1045
2026-02-03 13:40:39 +01:00 · 2021-12-09 12:05:59 +01:00 · 2021-12-09 12:05:59 +01:00 · 9f3d2a09ea
commit 9f3d2a09ea
parent e0cdbd733b
1 changed files with 18 additions and 0 deletions
--- a/src/core/supplicant/nm-supplicant-interface.c
+++ b/src/core/supplicant/nm-supplicant-interface.c
@ -173,6 +173,8 @@ G_DEFINE_TYPE(NMSupplicantInterface, nm_supplicant_interface, G_TYPE_OBJECT)
 #define NM_SUPPLICANT_INTERFACE_GET_PRIVATE(self) \
    _NM_GET_PRIVATE_PTR(self, NMSupplicantInterface, NM_IS_SUPPLICANT_INTERFACE)

+static NMTernary _get_capability(NMSupplicantInterfacePrivate *priv, NMSupplCapType type);
+
 /*****************************************************************************/

 static const char *
@ -1320,6 +1322,22 @@ _starting_check_ready(NMSupplicantInterface *self)
          NM_SUPPL_CAP_TO_CHAR(priv->iface_capabilities, NM_SUPPL_CAP_TYPE_FT),
          NM_SUPPL_CAP_TO_CHAR(priv->iface_capabilities, NM_SUPPL_CAP_TYPE_SAE));

+    /* Other global properties are set in constructed() because they don't
+     * depend on interface capabilities. */
+    if (_get_capability(priv, NM_SUPPL_CAP_TYPE_SAE) == NM_TERNARY_TRUE) {
+        _LOGD("enabling SAE-H2E (SaePwe=2)");
+        nm_dbus_connection_call_set(priv->dbus_connection,
+                                    priv->name_owner->str,
+                                    priv->object_path->str,
+                                    NM_WPAS_DBUS_IFACE_INTERFACE,
+                                    "SaePwe",
+                                    g_variant_new_string("2"),
+                                    DBUS_TIMEOUT_MSEC,
+                                    NULL,
+                                    NULL,
+                                    NULL);
+    }
+
    set_state(self, priv->supp_state);
 }