[PATCH 1/4] wifi: add support for FILS
- From: Masashi Honma <masashi honma gmail com>
- To: networkmanager-list gnome org
- Subject: [PATCH 1/4] wifi: add support for FILS
- Date: Sat, 23 Dec 2017 07:26:03 +0900
The FILS(Fast Initial Link Setup) is a specification defined by IEEE 802.11ai to
speed up roaming. This patch adds support of it. I have tested with both
FILS-SHA256 and FILS-SHA384 by PEAP.
Signed-off-by: Masashi Honma <masashi honma gmail com>
---
libnm-core/nm-setting-wireless-security.c | 9 ++++++---
libnm-core/nm-setting-wireless.c | 5 +++--
src/devices/wifi/nm-wifi-ap.c | 6 ++++--
src/settings/plugins/ifcfg-rh/nms-ifcfg-rh-reader.c | 2 +-
src/settings/plugins/ifcfg-rh/nms-ifcfg-rh-writer.c | 3 +++
src/supplicant/nm-supplicant-config.c | 13 +++++++++----
src/supplicant/nm-supplicant-settings-verify.c | 1 +
7 files changed, 27 insertions(+), 12 deletions(-)
diff --git a/libnm-core/nm-setting-wireless-security.c b/libnm-core/nm-setting-wireless-security.c
index de77a49..eea0581 100644
--- a/libnm-core/nm-setting-wireless-security.c
+++ b/libnm-core/nm-setting-wireless-security.c
@@ -868,7 +868,8 @@ need_secrets (NMSetting *setting)
}
if ( (strcmp (priv->key_mgmt, "ieee8021x") == 0)
- || (strcmp (priv->key_mgmt, "wpa-eap") == 0)) {
+ || (strcmp (priv->key_mgmt, "wpa-eap") == 0)
+ || (strcmp (priv->key_mgmt, "wpa-fils") == 0)) {
/* Let caller check the 802.1x setting for secrets */
goto no_secrets;
}
@@ -887,7 +888,8 @@ verify (NMSetting *setting, NMConnection *connection, GError **error)
{
NMSettingWirelessSecurity *self = NM_SETTING_WIRELESS_SECURITY (setting);
NMSettingWirelessSecurityPrivate *priv = NM_SETTING_WIRELESS_SECURITY_GET_PRIVATE (self);
- const char *valid_key_mgmt[] = { "none", "ieee8021x", "wpa-none", "wpa-psk", "wpa-eap", NULL };
+ const char *valid_key_mgmt[] = { "none", "ieee8021x", "wpa-none",
+ "wpa-psk", "wpa-eap", "wpa-fils", NULL };
const char *valid_auth_algs[] = { "open", "shared", "leap", NULL };
const char *valid_protos[] = { "wpa", "rsn", NULL };
const char *valid_pairwise[] = { "tkip", "ccmp", NULL };
@@ -933,7 +935,8 @@ verify (NMSetting *setting, NMConnection *connection, GError **error)
}
} else {
if ( (strcmp (priv->key_mgmt, "ieee8021x") == 0)
- || (strcmp (priv->key_mgmt, "wpa-eap") == 0)) {
+ || (strcmp (priv->key_mgmt, "wpa-eap") == 0)
+ || (strcmp (priv->key_mgmt, "wpa-fils") == 0)) {
/* Need an 802.1x setting too */
if (connection && !nm_connection_get_setting_802_1x (connection)) {
g_set_error (error,
diff --git a/libnm-core/nm-setting-wireless.c b/libnm-core/nm-setting-wireless.c
index 0a3915b..df5499d 100644
--- a/libnm-core/nm-setting-wireless.c
+++ b/libnm-core/nm-setting-wireless.c
@@ -229,13 +229,14 @@ nm_setting_wireless_ap_security_compatible (NMSettingWireless *s_wireless,
/* WPA[2]-PSK and WPA[2] Enterprise */
if ( !strcmp (key_mgmt, "wpa-psk")
- || !strcmp (key_mgmt, "wpa-eap")) {
+ || !strcmp (key_mgmt, "wpa-eap")
+ || !strcmp (key_mgmt, "wpa-fils")) {
if (!strcmp (key_mgmt, "wpa-psk")) {
if ( !(ap_wpa & NM_802_11_AP_SEC_KEY_MGMT_PSK)
&& !(ap_rsn & NM_802_11_AP_SEC_KEY_MGMT_PSK))
return FALSE;
- } else if (!strcmp (key_mgmt, "wpa-eap")) {
+ } else {
if ( !(ap_wpa & NM_802_11_AP_SEC_KEY_MGMT_802_1X)
&& !(ap_rsn & NM_802_11_AP_SEC_KEY_MGMT_802_1X))
return FALSE;
diff --git a/src/devices/wifi/nm-wifi-ap.c b/src/devices/wifi/nm-wifi-ap.c
index 603eb57..195cffa 100644
--- a/src/devices/wifi/nm-wifi-ap.c
+++ b/src/devices/wifi/nm-wifi-ap.c
@@ -415,7 +415,9 @@ security_from_vardict (GVariant *security)
&& array) {
if (g_strv_contains (array, "wpa-psk"))
flags |= NM_802_11_AP_SEC_KEY_MGMT_PSK;
- if (g_strv_contains (array, "wpa-eap"))
+ if (g_strv_contains (array, "wpa-eap") ||
+ g_strv_contains (array, "wpa-fils-sha256") ||
+ g_strv_contains (array, "wpa-fils-sha384"))
flags |= NM_802_11_AP_SEC_KEY_MGMT_802_1X;
g_free (array);
}
@@ -1271,7 +1273,7 @@ nm_wifi_ap_new_fake_from_connection (NMConnection *connection)
goto done;
psk = !strcmp (key_mgmt, "wpa-psk");
- eap = !strcmp (key_mgmt, "wpa-eap");
+ eap = !strcmp (key_mgmt, "wpa-eap") || !strcmp (key_mgmt, "wpa-fils");
if (psk || eap) {
if (has_proto (s_wireless_sec, PROTO_WPA)) {
flags = priv->wpa_flags | (eap ? NM_802_11_AP_SEC_KEY_MGMT_802_1X :
NM_802_11_AP_SEC_KEY_MGMT_PSK);
diff --git a/src/settings/plugins/ifcfg-rh/nms-ifcfg-rh-reader.c
b/src/settings/plugins/ifcfg-rh/nms-ifcfg-rh-reader.c
index d6be2f3..4de2887 100644
--- a/src/settings/plugins/ifcfg-rh/nms-ifcfg-rh-reader.c
+++ b/src/settings/plugins/ifcfg-rh/nms-ifcfg-rh-reader.c
@@ -3443,7 +3443,7 @@ make_wpa_setting (shvarFile *ifcfg,
v = svGetValueStr (ifcfg, "KEY_MGMT", &value);
wpa_psk = nm_streq0 (v, "WPA-PSK");
- wpa_eap = nm_streq0 (v, "WPA-EAP");
+ wpa_eap = nm_streq0 (v, "WPA-EAP") || nm_streq0 (v, "WPA-FILS");
ieee8021x = nm_streq0 (v, "IEEE8021X");
if (!wpa_psk && !wpa_eap && !ieee8021x)
return NULL; /* Not WPA or Dynamic WEP */
diff --git a/src/settings/plugins/ifcfg-rh/nms-ifcfg-rh-writer.c
b/src/settings/plugins/ifcfg-rh/nms-ifcfg-rh-writer.c
index 9c49c97..43bc6c2 100644
--- a/src/settings/plugins/ifcfg-rh/nms-ifcfg-rh-writer.c
+++ b/src/settings/plugins/ifcfg-rh/nms-ifcfg-rh-writer.c
@@ -615,6 +615,9 @@ write_wireless_security_setting (NMConnection *connection,
} else if (!strcmp (key_mgmt, "wpa-eap")) {
svSetValueStr (ifcfg, "KEY_MGMT", "WPA-EAP");
wpa = TRUE;
+ } else if (!strcmp (key_mgmt, "wpa-fils")) {
+ svSetValueStr (ifcfg, "KEY_MGMT", "WPA-FILS");
+ wpa = TRUE;
}
svUnsetValue (ifcfg, "SECURITYMODE");
diff --git a/src/supplicant/nm-supplicant-config.c b/src/supplicant/nm-supplicant-config.c
index 5650e64..3269f5f 100644
--- a/src/supplicant/nm-supplicant-config.c
+++ b/src/supplicant/nm-supplicant-config.c
@@ -578,7 +578,8 @@ nm_supplicant_config_add_bgscan (NMSupplicantConfig *self,
if (s_wsec) {
if (NM_IN_STRSET (nm_setting_wireless_security_get_key_mgmt (s_wsec),
"ieee8021x",
- "wpa-eap"))
+ "wpa-eap",
+ "wpa-fils"))
bgscan = "simple:30:-65:300";
}
@@ -755,6 +756,8 @@ nm_supplicant_config_add_setting_wireless_security (NMSupplicantConfig *self,
else if (nm_streq (key_mgmt_conf, "wpa-eap"))
key_mgmt_conf = "wpa-eap-sha256";
}
+ if (nm_streq (key_mgmt, "wpa-fils"))
+ key_mgmt_conf = "fils-sha256 fils-sha384";
if (!add_string_val (self, key_mgmt_conf, "key_mgmt", TRUE, NULL, error))
return FALSE;
@@ -803,7 +806,8 @@ nm_supplicant_config_add_setting_wireless_security (NMSupplicantConfig *self,
/* Only WPA-specific things when using WPA */
if ( !strcmp (key_mgmt, "wpa-none")
|| !strcmp (key_mgmt, "wpa-psk")
- || !strcmp (key_mgmt, "wpa-eap")) {
+ || !strcmp (key_mgmt, "wpa-eap")
+ || !strcmp (key_mgmt, "wpa-fils")) {
if (!ADD_STRING_LIST_VAL (self, setting, wireless_security, proto, protos, "proto", ' ',
TRUE, NULL, error))
return FALSE;
if (!ADD_STRING_LIST_VAL (self, setting, wireless_security, pairwise, pairwise, "pairwise", '
', TRUE, NULL, error))
@@ -873,7 +877,8 @@ nm_supplicant_config_add_setting_wireless_security (NMSupplicantConfig *self,
}
} else {
/* 802.1x for Dynamic WEP and WPA-Enterprise */
- if (!strcmp (key_mgmt, "ieee8021x") || !strcmp (key_mgmt, "wpa-eap")) {
+ if (!strcmp (key_mgmt, "ieee8021x") || !strcmp (key_mgmt, "wpa-eap") ||
+ !strcmp (key_mgmt, "wpa-fils")) {
if (!setting_8021x) {
g_set_error (error, NM_SUPPLICANT_ERROR, NM_SUPPLICANT_ERROR_CONFIG,
"Cannot set key-mgmt %s with missing 8021x setting", key_mgmt);
@@ -883,7 +888,7 @@ nm_supplicant_config_add_setting_wireless_security (NMSupplicantConfig *self,
return FALSE;
}
- if (!strcmp (key_mgmt, "wpa-eap")) {
+ if (!strcmp (key_mgmt, "wpa-eap") || !strcmp (key_mgmt, "wpa-fils")) {
/* When using WPA-Enterprise, we want to use Proactive Key Caching (also
* called Opportunistic Key Caching) to avoid full EAP exchanges when
* roaming between access points in the same mobility group.
diff --git a/src/supplicant/nm-supplicant-settings-verify.c b/src/supplicant/nm-supplicant-settings-verify.c
index 14daf69..d53a13c 100644
--- a/src/supplicant/nm-supplicant-settings-verify.c
+++ b/src/supplicant/nm-supplicant-settings-verify.c
@@ -73,6 +73,7 @@ const char * group_allowed[] = { "CCMP", "TKIP", "WEP104", "WEP40", NULL };
const char * proto_allowed[] = { "WPA", "RSN", NULL };
const char * key_mgmt_allowed[] = { "WPA-PSK", "WPA-PSK-SHA256",
"WPA-EAP", "WPA-EAP-SHA256",
+ "FILS-SHA256", "FILS-SHA384",
"IEEE8021X", "WPA-NONE",
"NONE", NULL };
const char * auth_alg_allowed[] = { "OPEN", "SHARED", "LEAP", NULL };
--
2.7.4
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]
