From b6eb237a271c91f6ca9d74f0db8f7e80b9998d51 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E8=B0=A2=E8=87=B4=E9=82=A6=20=28XIE=20Zhibang=29?= Date: Sun, 10 Apr 2022 20:32:19 +0800 Subject: [PATCH] supplicant: Disable WPA3 transition mode when PMF is set to disabled MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit According to WPA3_Specification_v3.0 section 2.3, when operating in WPA3-Personal transition mode an AP: - shall set MFPC to 1, MFPR to 0. Therefore, do not operate in WPA3-Personal transition mode when PMF is set to disabled. This also provides a way to be compatible with some devices that are not fully compatible with WPA3-Personal transition mode. Signed-off-by: 谢致邦 (XIE Zhibang) https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/merge_requests/1186 --- src/core/supplicant/nm-supplicant-config.c | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/src/core/supplicant/nm-supplicant-config.c b/src/core/supplicant/nm-supplicant-config.c index f8b1503ec2..a4e5cc4d4c 100644 --- a/src/core/supplicant/nm-supplicant-config.c +++ b/src/core/supplicant/nm-supplicant-config.c @@ -877,10 +877,21 @@ nm_supplicant_config_add_setting_wireless_security(NMSupplicantConfig * * Those conditions are met when the interface has capabilities * SAE, PMF, BIP. + * + * According to WPA3_Specification_v3.0 section 2.3, when operating + * in WPA3-Personal transition mode an AP: + * + * - shall set MFPC to 1, MFPR to 0. + * + * Therefore, do not operate in WPA3-Personal transition mode when PMF + * is set to disabled. This also provides a way to be compatible with + * some devices that are not fully compatible with WPA3-Personal + * transition mode. */ if (_get_capability(priv, NM_SUPPL_CAP_TYPE_SAE) && _get_capability(priv, NM_SUPPL_CAP_TYPE_PMF) - && _get_capability(priv, NM_SUPPL_CAP_TYPE_BIP)) { + && _get_capability(priv, NM_SUPPL_CAP_TYPE_BIP) + && (!is_ap || pmf != NM_SETTING_WIRELESS_SECURITY_PMF_DISABLE)) { g_string_append(key_mgmt_conf, " SAE"); if (!is_ap && _get_capability(priv, NM_SUPPL_CAP_TYPE_FT)) g_string_append(key_mgmt_conf, " FT-SAE");