From 9f3d2a09ea9cbd41d64199a8684d9108f8432094 Mon Sep 17 00:00:00 2001
From: Beniamino Galvani <bgalvani@redhat.com>
Date: Thu, 9 Dec 2021 12:05:59 +0100
Subject: [PATCH] supplicant: enable SAE-H2E

H2E (hash to element) is a newer method for generating the PWE
(password element) for SAE, alternative to the existing
"hunting-and-pecking". It is considered more secure and it is
mandatory for the WPA3 certification; also, SAE in the 6GHz band can
only use H2E (hunting-and-pecking is disallowed).

Enable H2E in addition to hunting-and-pecking.

https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/issues/753
https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/merge_requests/1045
---
 src/core/supplicant/nm-supplicant-interface.c | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)

diff --git a/src/core/supplicant/nm-supplicant-interface.c b/src/core/supplicant/nm-supplicant-interface.c
index 54d7c7210c..cb2c762c93 100644
--- a/src/core/supplicant/nm-supplicant-interface.c
+++ b/src/core/supplicant/nm-supplicant-interface.c
@@ -173,6 +173,8 @@ G_DEFINE_TYPE(NMSupplicantInterface, nm_supplicant_interface, G_TYPE_OBJECT)
 #define NM_SUPPLICANT_INTERFACE_GET_PRIVATE(self) \
     _NM_GET_PRIVATE_PTR(self, NMSupplicantInterface, NM_IS_SUPPLICANT_INTERFACE)
 
+static NMTernary _get_capability(NMSupplicantInterfacePrivate *priv, NMSupplCapType type);
+
 /*****************************************************************************/
 
 static const char *
@@ -1320,6 +1322,22 @@ _starting_check_ready(NMSupplicantInterface *self)
           NM_SUPPL_CAP_TO_CHAR(priv->iface_capabilities, NM_SUPPL_CAP_TYPE_FT),
           NM_SUPPL_CAP_TO_CHAR(priv->iface_capabilities, NM_SUPPL_CAP_TYPE_SAE));
 
+    /* Other global properties are set in constructed() because they don't
+     * depend on interface capabilities. */
+    if (_get_capability(priv, NM_SUPPL_CAP_TYPE_SAE) == NM_TERNARY_TRUE) {
+        _LOGD("enabling SAE-H2E (SaePwe=2)");
+        nm_dbus_connection_call_set(priv->dbus_connection,
+                                    priv->name_owner->str,
+                                    priv->object_path->str,
+                                    NM_WPAS_DBUS_IFACE_INTERFACE,
+                                    "SaePwe",
+                                    g_variant_new_string("2"),
+                                    DBUS_TIMEOUT_MSEC,
+                                    NULL,
+                                    NULL,
+                                    NULL);
+    }
+
     set_state(self, priv->supp_state);
 }