[PATCH v2 1/7] supplicant: set key_mgmt independent of pmf value

[Masashi Honma <masashi honma gmail com>]

Previouslly, the value of ieee80211w and key_mgmt field in
wpa_supplicant.conf was defined by the value of pmf.

NM_SETTING_WIRELESS_SECURITY_PMF_DISABLE
  ieee80211w=0
  key_mgmt=wpa-eap
NM_SETTING_WIRELESS_SECURITY_PMF_OPTIONAL
  ieee80211w=1
  key_mgmt=wpa-eap wpa-eap-sha256
NM_SETTING_WIRELESS_SECURITY_PMF_REQUIRED
  ieee80211w=2
  key_mgmt=wpa-eap-sha256

Though these works, these does not include whole combinations.
The key_mgmt could be set independent of ieee80211w value.
For example, management frame protection could be used with
wpa-eap.
  ieee80211w=2
  key_mgmt=wpa-eap

And wpa-eap-sha256 could be used without management frame
protection.
  ieee80211w=0
  key_mgmt=wpa-eap-sha256

So this patch uses always key_mgmt=wpa-psk wpa-psk-sha256 or
key_mgmt=wpa-eap wpa-eap-sha256. By this setting, when AP
supports both, stronger algorithm will be chosen (ex. when AP
supports both wpa-eap and wpa-eap-sha256, wpa-eap-sha256 will be
chosen).

Signed-off-by: Masashi Honma <masashi honma gmail com>
---
 src/supplicant/nm-supplicant-config.c | 16 +++++-----------
 1 file changed, 5 insertions(+), 11 deletions(-)

diff --git a/src/supplicant/nm-supplicant-config.c b/src/supplicant/nm-supplicant-config.c
index 5650e64..e51e8ba 100644
--- a/src/supplicant/nm-supplicant-config.c
+++ b/src/supplicant/nm-supplicant-config.c
@@ -744,17 +744,11 @@ nm_supplicant_config_add_setting_wireless_security (NMSupplicantConfig *self,
        g_return_val_if_fail (!error || !*error, FALSE);
 
        key_mgmt = key_mgmt_conf = nm_setting_wireless_security_get_key_mgmt (setting);
-       if (pmf == NM_SETTING_WIRELESS_SECURITY_PMF_OPTIONAL) {
-               if (nm_streq (key_mgmt_conf, "wpa-psk"))
-                       key_mgmt_conf = "wpa-psk wpa-psk-sha256";
-               else if (nm_streq (key_mgmt_conf, "wpa-eap"))
-                       key_mgmt_conf = "wpa-eap wpa-eap-sha256";
-       } else if (pmf == NM_SETTING_WIRELESS_SECURITY_PMF_REQUIRED) {
-               if (nm_streq (key_mgmt_conf, "wpa-psk"))
-                       key_mgmt_conf = "wpa-psk-sha256";
-               else if (nm_streq (key_mgmt_conf, "wpa-eap"))
-                       key_mgmt_conf = "wpa-eap-sha256";
-       }
+       if (nm_streq (key_mgmt, "wpa-psk"))
+               key_mgmt_conf = "wpa-psk wpa-psk-sha256";
+       else if (nm_streq (key_mgmt, "wpa-eap"))
+               key_mgmt_conf = "wpa-eap wpa-eap-sha256";
+
        if (!add_string_val (self, key_mgmt_conf, "key_mgmt", TRUE, NULL, error))
                return FALSE;
 
-- 
2.7.4