Digi
/
meta-digi
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
meta-digi/meta-digi-dey/recipes-connectivity/networkmanager/networkmanager/0005-supplicant-allow-fast-...

169 lines
7.7 KiB
Diff
Raw Blame History

From: Lubomir Rintel <lkundrak@v3.sk>
Date: Mon, 15 Jul 2019 11:30:30 +0000
Subject: [PATCH 5/7] supplicant: allow fast transition for WPA-PSK and WPA-EAP
https://gitlab.freedesktop.org/NetworkManager/NetworkManager/issues/4
---
src/devices/nm-device-ethernet.c | 2 +-
src/devices/nm-device-macsec.c | 2 +-
src/devices/wifi/nm-device-wifi.c | 4 ++-
src/supplicant/nm-supplicant-config.c | 26 ++++++++++++++++---
src/supplicant/nm-supplicant-config.h | 3 ++-
.../nm-supplicant-settings-verify.c | 4 +--
src/supplicant/tests/test-supplicant-config.c | 2 +-
7 files changed, 33 insertions(+), 10 deletions(-)
diff --git a/src/devices/nm-device-ethernet.c b/src/devices/nm-device-ethernet.c
index 0d45dfded..3e84847ed 100644
--- a/src/devices/nm-device-ethernet.c
+++ b/src/devices/nm-device-ethernet.c
@@ -560,7 +560,7 @@ build_supplicant_config (NMDeviceEthernet *self,
mtu = nm_platform_link_get_mtu (nm_device_get_platform (NM_DEVICE (self)),
nm_device_get_ifindex (NM_DEVICE (self)));
- config = nm_supplicant_config_new (FALSE, FALSE);
+ config = nm_supplicant_config_new (FALSE, FALSE, FALSE, FALSE);
security = nm_connection_get_setting_802_1x (connection);
if (!nm_supplicant_config_add_setting_8021x (config, security, con_uuid, mtu, TRUE, error)) {
diff --git a/src/devices/nm-device-macsec.c b/src/devices/nm-device-macsec.c
index 54e04a1bf..e3e3a895b 100644
--- a/src/devices/nm-device-macsec.c
+++ b/src/devices/nm-device-macsec.c
@@ -224,7 +224,7 @@ build_supplicant_config (NMDeviceMacsec *self, GError **error)
mtu = nm_platform_link_get_mtu (nm_device_get_platform (NM_DEVICE (self)),
nm_device_get_ifindex (NM_DEVICE (self)));
- config = nm_supplicant_config_new (FALSE, FALSE);
+ config = nm_supplicant_config_new (FALSE, FALSE, FALSE, FALSE);
s_macsec = nm_device_get_applied_setting (NM_DEVICE (self), NM_TYPE_SETTING_MACSEC);
diff --git a/src/devices/wifi/nm-device-wifi.c b/src/devices/wifi/nm-device-wifi.c
index a1fa96be9..db6ccf5b2 100644
--- a/src/devices/wifi/nm-device-wifi.c
+++ b/src/devices/wifi/nm-device-wifi.c
@@ -2452,7 +2452,9 @@ build_supplicant_config (NMDeviceWifi *self,
config = nm_supplicant_config_new (
nm_supplicant_interface_get_pmf_support (priv->sup_iface) == NM_SUPPLICANT_FEATURE_YES,
- nm_supplicant_interface_get_fils_support (priv->sup_iface) == NM_SUPPLICANT_FEATURE_YES);
+ nm_supplicant_interface_get_fils_support (priv->sup_iface) == NM_SUPPLICANT_FEATURE_YES,
+ nm_supplicant_interface_get_ft_support (priv->sup_iface) == NM_SUPPLICANT_FEATURE_YES,
+ nm_supplicant_interface_get_sha384_support (priv->sup_iface) == NM_SUPPLICANT_FEATURE_YES);
/* Warn if AP mode may not be supported */
if ( g_strcmp0 (nm_setting_wireless_get_mode (s_wireless), NM_SETTING_WIRELESS_MODE_AP) == 0
diff --git a/src/supplicant/nm-supplicant-config.c b/src/supplicant/nm-supplicant-config.c
index 0e20a2790..9873fc811 100644
--- a/src/supplicant/nm-supplicant-config.c
+++ b/src/supplicant/nm-supplicant-config.c
@@ -49,6 +49,8 @@ typedef struct {
gboolean dispose_has_run;
gboolean support_pmf;
gboolean support_fils;
+ gboolean support_ft;
+ gboolean support_sha384;
} NMSupplicantConfigPrivate;
struct _NMSupplicantConfig {
@@ -67,7 +69,8 @@ G_DEFINE_TYPE (NMSupplicantConfig, nm_supplicant_config, G_TYPE_OBJECT)
/*****************************************************************************/
NMSupplicantConfig *
-nm_supplicant_config_new (gboolean support_pmf, gboolean support_fils)
+nm_supplicant_config_new (gboolean support_pmf, gboolean support_fils,
+ gboolean support_ft, gboolean support_sha384)
{
NMSupplicantConfigPrivate *priv;
NMSupplicantConfig *self;
@@ -77,6 +80,8 @@ nm_supplicant_config_new (gboolean support_pmf, gboolean support_fils)
priv->support_pmf = support_pmf;
priv->support_fils = support_fils;
+ priv->support_ft = support_ft;
+ priv->support_sha384 = support_sha384;
return self;
}
@@ -779,20 +784,35 @@ nm_supplicant_config_add_setting_wireless_security (NMSupplicantConfig *self,
if (nm_streq (key_mgmt, "wpa-psk")) {
if (priv->support_pmf)
g_string_append (key_mgmt_conf, " wpa-psk-sha256");
+ if (priv->support_ft)
+ g_string_append (key_mgmt_conf, " ft-psk");
} else if (nm_streq (key_mgmt, "wpa-eap")) {
if (priv->support_pmf)
g_string_append (key_mgmt_conf, " wpa-eap-sha256");
+ if (priv->support_ft)
+ g_string_append (key_mgmt_conf, " ft-eap");
+ if (priv->support_ft && priv->support_sha384)
+ g_string_append (key_mgmt_conf, " ft-eap-sha384");
switch (fils) {
case NM_SETTING_WIRELESS_SECURITY_FILS_REQUIRED:
- g_string_assign (key_mgmt_conf, "fils-sha256 fils-sha384");
- break;
+ g_string_truncate (key_mgmt_conf, 0);
+ if (!priv->support_pmf)
+ g_string_assign (key_mgmt_conf, "fils-sha256 fils-sha384");
+ /* fall-through */
case NM_SETTING_WIRELESS_SECURITY_FILS_OPTIONAL:
if (priv->support_pmf)
g_string_append (key_mgmt_conf, " fils-sha256 fils-sha384");
+ if (priv->support_pmf && priv->support_ft)
+ g_string_append (key_mgmt_conf, " ft-fils-sha256");
+ if (priv->support_pmf && priv->support_ft & priv->support_sha384)
+ g_string_append (key_mgmt_conf, " ft-fils-sha384");
break;
default:
break;
}
+ } else if (nm_streq (key_mgmt, "sae")) {
+ if (priv->support_ft)
+ g_string_append (key_mgmt_conf, " ft-sae");
}
if (!add_string_val (self, key_mgmt_conf->str, "key_mgmt", TRUE, NULL, error))
diff --git a/src/supplicant/nm-supplicant-config.h b/src/supplicant/nm-supplicant-config.h
index 93038ba5b..c4e7310d5 100644
--- a/src/supplicant/nm-supplicant-config.h
+++ b/src/supplicant/nm-supplicant-config.h
@@ -39,7 +39,8 @@ typedef struct _NMSupplicantConfigClass NMSupplicantConfigClass;
GType nm_supplicant_config_get_type (void);
-NMSupplicantConfig *nm_supplicant_config_new (gboolean support_pmf, gboolean support_fils);
+NMSupplicantConfig *nm_supplicant_config_new (gboolean support_pmf, gboolean support_fils,
+ gboolean support_ft, gboolean support_sha384);
guint32 nm_supplicant_config_get_ap_scan (NMSupplicantConfig *self);
diff --git a/src/supplicant/nm-supplicant-settings-verify.c b/src/supplicant/nm-supplicant-settings-verify.c
index b7f1a0223..20466af1d 100644
--- a/src/supplicant/nm-supplicant-settings-verify.c
+++ b/src/supplicant/nm-supplicant-settings-verify.c
@@ -66,8 +66,8 @@ static const struct validate_entry validate_table[] = {
const char * pairwise_allowed[] = { "CCMP", "TKIP", "NONE", NULL };
const char * group_allowed[] = { "CCMP", "TKIP", "WEP104", "WEP40", NULL };
const char * proto_allowed[] = { "WPA", "RSN", NULL };
-const char * key_mgmt_allowed[] = { "WPA-PSK", "WPA-PSK-SHA256",
- "WPA-EAP", "WPA-EAP-SHA256",
+const char * key_mgmt_allowed[] = { "WPA-PSK", "WPA-PSK-SHA256", "FT-PSK",
+ "WPA-EAP", "WPA-EAP-SHA256", "FT-EAP", "FT-EAP-SHA384",
"FILS-SHA256", "FILS-SHA384",
"IEEE8021X", "WPA-NONE", "SAE",
"NONE", NULL };
diff --git a/src/supplicant/tests/test-supplicant-config.c b/src/supplicant/tests/test-supplicant-config.c
index 35330d0c8..819256fb7 100644
--- a/src/supplicant/tests/test-supplicant-config.c
+++ b/src/supplicant/tests/test-supplicant-config.c
@@ -110,7 +110,7 @@ build_supplicant_config (NMConnection *connection,
NMSetting8021x *s_8021x;
gboolean success;
- config = nm_supplicant_config_new (support_pmf, support_fils);
+ config = nm_supplicant_config_new (support_pmf, support_fils, FALSE, FALSE);
s_wifi = nm_connection_get_setting_wireless (connection);
g_assert (s_wifi);
Reference in New Issue View Git Blame Copy Permalink