[PATCH v3 1/6] supplicant: set key_mgmt independent of pmf value
- From: Masashi Honma <masashi honma gmail com>
- To: networkmanager-list gnome org
- Subject: [PATCH v3 1/6] supplicant: set key_mgmt independent of pmf value
- Date: Tue, 16 Jan 2018 06:28:32 +0900
Previouslly, the value of ieee80211w and key_mgmt field in
wpa_supplicant.conf was defined by the value of pmf.
NM_SETTING_WIRELESS_SECURITY_PMF_DISABLE
ieee80211w=0
key_mgmt=wpa-eap
NM_SETTING_WIRELESS_SECURITY_PMF_OPTIONAL
ieee80211w=1
key_mgmt=wpa-eap wpa-eap-sha256
NM_SETTING_WIRELESS_SECURITY_PMF_REQUIRED
ieee80211w=2
key_mgmt=wpa-eap-sha256
Though these works, these does not include whole combinations.
The key_mgmt could be set independent of ieee80211w value.
For example, management frame protection could be used with
wpa-eap.
ieee80211w=2
key_mgmt=wpa-eap
And wpa-eap-sha256 could be used without management frame
protection.
ieee80211w=0
key_mgmt=wpa-eap-sha256
So this patch uses always key_mgmt=wpa-psk wpa-psk-sha256 or
key_mgmt=wpa-eap wpa-eap-sha256. By this setting, when AP
supports both, stronger algorithm will be chosen (ex. when AP
supports both wpa-eap and wpa-eap-sha256, wpa-eap-sha256 will be
chosen).
Signed-off-by: Masashi Honma <masashi honma gmail com>
---
src/supplicant/nm-supplicant-config.c | 16 +++++---------
src/supplicant/tests/test-supplicant-config.c | 32 +++++++++++++++++++--------
2 files changed, 28 insertions(+), 20 deletions(-)
diff --git a/src/supplicant/nm-supplicant-config.c b/src/supplicant/nm-supplicant-config.c
index 5650e64..e51e8ba 100644
--- a/src/supplicant/nm-supplicant-config.c
+++ b/src/supplicant/nm-supplicant-config.c
@@ -744,17 +744,11 @@ nm_supplicant_config_add_setting_wireless_security (NMSupplicantConfig *self,
g_return_val_if_fail (!error || !*error, FALSE);
key_mgmt = key_mgmt_conf = nm_setting_wireless_security_get_key_mgmt (setting);
- if (pmf == NM_SETTING_WIRELESS_SECURITY_PMF_OPTIONAL) {
- if (nm_streq (key_mgmt_conf, "wpa-psk"))
- key_mgmt_conf = "wpa-psk wpa-psk-sha256";
- else if (nm_streq (key_mgmt_conf, "wpa-eap"))
- key_mgmt_conf = "wpa-eap wpa-eap-sha256";
- } else if (pmf == NM_SETTING_WIRELESS_SECURITY_PMF_REQUIRED) {
- if (nm_streq (key_mgmt_conf, "wpa-psk"))
- key_mgmt_conf = "wpa-psk-sha256";
- else if (nm_streq (key_mgmt_conf, "wpa-eap"))
- key_mgmt_conf = "wpa-eap-sha256";
- }
+ if (nm_streq (key_mgmt, "wpa-psk"))
+ key_mgmt_conf = "wpa-psk wpa-psk-sha256";
+ else if (nm_streq (key_mgmt, "wpa-eap"))
+ key_mgmt_conf = "wpa-eap wpa-eap-sha256";
+
if (!add_string_val (self, key_mgmt_conf, "key_mgmt", TRUE, NULL, error))
return FALSE;
diff --git a/src/supplicant/tests/test-supplicant-config.c b/src/supplicant/tests/test-supplicant-config.c
index 258ced6..f85c137 100644
--- a/src/supplicant/tests/test-supplicant-config.c
+++ b/src/supplicant/tests/test-supplicant-config.c
@@ -307,7 +307,8 @@ test_wifi_wpa_psk (const char *detail,
OptType key_type,
const char *key_data,
const unsigned char *expected,
- size_t expected_size)
+ size_t expected_size,
+ NMSettingWirelessSecurityPmf pmf)
{
gs_unref_object NMConnection *connection = NULL;
gs_unref_variant GVariant *config_dict = NULL;
@@ -327,7 +328,7 @@ test_wifi_wpa_psk (const char *detail,
g_object_set (s_wsec,
NM_SETTING_WIRELESS_SECURITY_KEY_MGMT, "wpa-psk",
NM_SETTING_WIRELESS_SECURITY_PSK, key_data,
- NM_SETTING_WIRELESS_SECURITY_PMF, (int) NM_SETTING_WIRELESS_SECURITY_PMF_OPTIONAL,
+ NM_SETTING_WIRELESS_SECURITY_PMF, (int) pmf,
NULL);
nm_setting_wireless_security_add_proto (s_wsec, "wpa");
nm_setting_wireless_security_add_proto (s_wsec, "rsn");
@@ -349,7 +350,16 @@ test_wifi_wpa_psk (const char *detail,
NMTST_EXPECT_NM_INFO ("Config: added 'proto' value 'WPA RSN'");
NMTST_EXPECT_NM_INFO ("Config: added 'pairwise' value 'TKIP CCMP'");
NMTST_EXPECT_NM_INFO ("Config: added 'group' value 'TKIP CCMP'");
- NMTST_EXPECT_NM_INFO ("Config: added 'ieee80211w' value '1'");
+ switch (pmf) {
+ case NM_SETTING_WIRELESS_SECURITY_PMF_OPTIONAL:
+ NMTST_EXPECT_NM_INFO ("Config: added 'ieee80211w' value '1'");
+ break;
+ case NM_SETTING_WIRELESS_SECURITY_PMF_REQUIRED:
+ NMTST_EXPECT_NM_INFO ("Config: added 'ieee80211w' value '2'");
+ break;
+ default:
+ break;
+ }
config_dict = build_supplicant_config (connection, 1500, 0);
g_test_assert_expected_messages ();
@@ -380,8 +390,12 @@ test_wifi_wpa_psk_types (void)
0x6c, 0x2f, 0x11, 0x60, 0x5a, 0x16, 0x08, 0x93 };
const char *key2 = "r34lly l33t wp4 p4ssphr4s3 for t3st1ng";
- test_wifi_wpa_psk ("wifi-wpa-psk-hex", TYPE_BYTES, key1, key1_expected, sizeof (key1_expected));
- test_wifi_wpa_psk ("wifi-wep-psk-passphrase", TYPE_STRING, key2, (gconstpointer) key2, strlen (key2));
+ test_wifi_wpa_psk ("wifi-wpa-psk-hex", TYPE_BYTES, key1, key1_expected,
+ sizeof (key1_expected), NM_SETTING_WIRELESS_SECURITY_PMF_OPTIONAL);
+ test_wifi_wpa_psk ("wifi-wep-psk-passphrase", TYPE_STRING, key2,
+ (gconstpointer) key2, strlen (key2), NM_SETTING_WIRELESS_SECURITY_PMF_REQUIRED);
+ test_wifi_wpa_psk ("pmf-disabled", TYPE_STRING, key2,
+ (gconstpointer) key2, strlen (key2), NM_SETTING_WIRELESS_SECURITY_PMF_DISABLE);
}
static NMConnection *
@@ -439,7 +453,7 @@ test_wifi_eap_locked_bssid (void)
NMTST_EXPECT_NM_INFO ("Config: added 'scan_ssid' value '1'*");
NMTST_EXPECT_NM_INFO ("Config: added 'bssid' value '11:22:33:44:55:66'*");
NMTST_EXPECT_NM_INFO ("Config: added 'freq_list' value *");
- NMTST_EXPECT_NM_INFO ("Config: added 'key_mgmt' value 'WPA-EAP'");
+ NMTST_EXPECT_NM_INFO ("Config: added 'key_mgmt' value 'WPA-EAP WPA-EAP-SHA256'");
NMTST_EXPECT_NM_INFO ("Config: added 'proto' value 'WPA RSN'");
NMTST_EXPECT_NM_INFO ("Config: added 'pairwise' value 'TKIP CCMP'");
NMTST_EXPECT_NM_INFO ("Config: added 'group' value 'TKIP CCMP'");
@@ -455,7 +469,7 @@ test_wifi_eap_locked_bssid (void)
validate_opt ("wifi-eap", config_dict, "scan_ssid", TYPE_INT, GINT_TO_POINTER (1));
validate_opt ("wifi-eap", config_dict, "ssid", TYPE_BYTES, ssid);
validate_opt ("wifi-eap", config_dict, "bssid", TYPE_KEYWORD, bssid_str);
- validate_opt ("wifi-eap", config_dict, "key_mgmt", TYPE_KEYWORD, "WPA-EAP");
+ validate_opt ("wifi-eap", config_dict, "key_mgmt", TYPE_KEYWORD, "WPA-EAP WPA-EAP-SHA256");
validate_opt ("wifi-eap", config_dict, "eap", TYPE_KEYWORD, "TLS");
validate_opt ("wifi-eap", config_dict, "proto", TYPE_KEYWORD, "WPA RSN");
validate_opt ("wifi-eap", config_dict, "pairwise", TYPE_KEYWORD, "TKIP CCMP");
@@ -479,7 +493,7 @@ test_wifi_eap_unlocked_bssid (void)
NMTST_EXPECT_NM_INFO ("Config: added 'ssid' value 'Test SSID'*");
NMTST_EXPECT_NM_INFO ("Config: added 'scan_ssid' value '1'*");
NMTST_EXPECT_NM_INFO ("Config: added 'freq_list' value *");
- NMTST_EXPECT_NM_INFO ("Config: added 'key_mgmt' value 'WPA-EAP'");
+ NMTST_EXPECT_NM_INFO ("Config: added 'key_mgmt' value 'WPA-EAP WPA-EAP-SHA256'");
NMTST_EXPECT_NM_INFO ("Config: added 'proto' value 'WPA RSN'");
NMTST_EXPECT_NM_INFO ("Config: added 'pairwise' value 'TKIP CCMP'");
NMTST_EXPECT_NM_INFO ("Config: added 'group' value 'TKIP CCMP'");
@@ -495,7 +509,7 @@ test_wifi_eap_unlocked_bssid (void)
validate_opt ("wifi-eap", config_dict, "scan_ssid", TYPE_INT, GINT_TO_POINTER (1));
validate_opt ("wifi-eap", config_dict, "ssid", TYPE_BYTES, ssid);
- validate_opt ("wifi-eap", config_dict, "key_mgmt", TYPE_KEYWORD, "WPA-EAP");
+ validate_opt ("wifi-eap", config_dict, "key_mgmt", TYPE_KEYWORD, "WPA-EAP WPA-EAP-SHA256");
validate_opt ("wifi-eap", config_dict, "eap", TYPE_KEYWORD, "TLS");
validate_opt ("wifi-eap", config_dict, "proto", TYPE_KEYWORD, "WPA RSN");
validate_opt ("wifi-eap", config_dict, "pairwise", TYPE_KEYWORD, "TKIP CCMP");
--
2.7.4
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]