[PATCH v3 2/6] wifi: add support for FILS
- From: Masashi Honma <masashi honma gmail com>
- To: networkmanager-list gnome org
- Subject: [PATCH v3 2/6] wifi: add support for FILS
- Date: Tue, 16 Jan 2018 06:28:33 +0900
The FILS(Fast Initial Link Setup) is a specification defined by IEEE 802.11ai to
speed up roaming. This patch adds support of it.
I have tested with these cases.
+-----+-------------------------+----------------+
| STA | AP | |
|FILS | key-mgmt | result |
+-----+-------------------------+----------------+
| 1 | WPA-EAP | O |
+-----+-------------------------+----------------+
| 1 | WPA-EAP-SHA256 | O |
+-----+-------------------------+----------------+
| 1 | FILS-SHA256 | X |
+-----+-------------------------+----------------+
| 1 | FILS-SHA384 | X |
+-----+-------------------------+----------------+
| 1 | WPA-EAP WPA-EAP-SHA256 | O |
| | FILS-SHA256 FILS-SHA384 | WPA-EAP-SHA256 |
+-----+-------------------------+----------------+
| 2 | WPA-EAP | O |
+-----+-------------------------+----------------+
| 2 | WPA-EAP-SHA256 | O |
+-----+-------------------------+----------------+
| 2 | FILS-SHA256 | O |
+-----+-------------------------+----------------+
| 2 | FILS-SHA384 | O |
+-----+-------------------------+----------------+
| 2 | WPA-EAP WPA-EAP-SHA256 | O |
| | FILS-SHA256 FILS-SHA384 | FILS-SHA384 |
+-----+-------------------------+----------------+
| 3 | WPA-EAP | X |
+-----+-------------------------+----------------+
| 3 | WPA-EAP-SHA256 | X |
+-----+-------------------------+----------------+
| 3 | FILS-SHA256 | O |
+-----+-------------------------+----------------+
| 3 | FILS-SHA384 | O |
+-----+-------------------------+----------------+
| 3 | WPA-EAP WPA-EAP-SHA256 | O |
| | FILS-SHA256 FILS-SHA384 | FILS-SHA384 |
+-----+-------------------------+----------------+
Signed-off-by: Masashi Honma <masashi honma gmail com>
---
clients/common/settings-docs.h.in | 1 +
libnm-core/nm-setting-wireless-security.c | 57 ++++++++++++++++++++++
libnm-core/nm-setting-wireless-security.h | 26 ++++++++++
libnm/libnm.ver | 2 +
man/NetworkManager.conf.xml | 5 ++
src/devices/wifi/nm-device-wifi.c | 18 +++++++
src/devices/wifi/nm-wifi-ap.c | 4 +-
.../plugins/ifcfg-rh/nms-ifcfg-rh-reader.c | 7 +++
.../plugins/ifcfg-rh/nms-ifcfg-rh-writer.c | 7 +++
src/supplicant/nm-supplicant-config.c | 13 ++++-
src/supplicant/nm-supplicant-config.h | 1 +
src/supplicant/nm-supplicant-settings-verify.c | 1 +
src/supplicant/tests/test-supplicant-config.c | 2 +
13 files changed, 142 insertions(+), 2 deletions(-)
diff --git a/clients/common/settings-docs.h.in b/clients/common/settings-docs.h.in
index a53c230..4a295a4 100644
--- a/clients/common/settings-docs.h.in
+++ b/clients/common/settings-docs.h.in
@@ -22,6 +22,7 @@
#define DESCRIBE_DOC_NM_SETTING_WIRELESS_SSID N_("SSID of the Wi-Fi network. Must be specified.")
#define DESCRIBE_DOC_NM_SETTING_WIRELESS_TX_POWER N_("If non-zero, directs the device to use the specified
transmit power. Units are dBm. This property is highly driver dependent and not all devices support setting
a static transmit power.")
#define DESCRIBE_DOC_NM_SETTING_WIRELESS_SECURITY_AUTH_ALG N_("When WEP is used (ie, key-mgmt = \"none\" or
\"ieee8021x\") indicate the 802.11 authentication algorithm required by the AP here. One of \"open\" for
Open System, \"shared\" for Shared Key, or \"leap\" for Cisco LEAP. When using Cisco LEAP (ie, key-mgmt =
\"ieee8021x\" and auth-alg = \"leap\") the \"leap-username\" and \"leap-password\" properties must be
specified.")
+#define DESCRIBE_DOC_NM_SETTING_WIRELESS_SECURITY_FILS N_("Indicates whether Fast Initial Link Setup
(802.11ai) must be enabled for the connection. One of NM_SETTING_WIRELESS_SECURITY_FILS_DEFAULT (0) (use
global default value), NM_SETTING_WIRELESS_SECURITY_FILS_DISABLE (1) (disable FILS),
NM_SETTING_WIRELESS_SECURITY_FILS_OPTIONAL (2) (enable FILS if the supplicant and the access point support
it) or NM_SETTING_WIRELESS_SECURITY_FILS_REQUIRED (3) (enable FILS and fail if not supported). When set to
NM_SETTING_WIRELESS_SECURITY_FILS_DEFAULT (0) and no global default is set, FILS will be optionally enabled.")
#define DESCRIBE_DOC_NM_SETTING_WIRELESS_SECURITY_GROUP N_("A list of group/broadcast encryption algorithms
which prevents connections to Wi-Fi networks that do not utilize one of the algorithms in the list. For
maximum compatibility leave this property empty. Each list element may be one of \"wep40\", \"wep104\",
\"tkip\", or \"ccmp\".")
#define DESCRIBE_DOC_NM_SETTING_WIRELESS_SECURITY_KEY_MGMT N_("Key management used for the connection. One
of \"none\" (WEP), \"ieee8021x\" (Dynamic WEP), \"wpa-none\" (Ad-Hoc WPA-PSK), \"wpa-psk\" (infrastructure
WPA-PSK), or \"wpa-eap\" (WPA-Enterprise). This property must be set for any Wi-Fi connection that uses
security.")
#define DESCRIBE_DOC_NM_SETTING_WIRELESS_SECURITY_LEAP_PASSWORD N_("The login password for legacy LEAP
connections (ie, key-mgmt = \"ieee8021x\" and auth-alg = \"leap\").")
diff --git a/libnm-core/nm-setting-wireless-security.c b/libnm-core/nm-setting-wireless-security.c
index de77a49..31e386f 100644
--- a/libnm-core/nm-setting-wireless-security.c
+++ b/libnm-core/nm-setting-wireless-security.c
@@ -87,6 +87,9 @@ typedef struct {
/* WPS */
NMSettingWirelessSecurityWpsMethod wps_method;
+
+ /* FILS */
+ NMSettingWirelessSecurityFils fils;
} NMSettingWirelessSecurityPrivate;
enum {
@@ -110,6 +113,7 @@ enum {
PROP_LEAP_PASSWORD,
PROP_LEAP_PASSWORD_FLAGS,
PROP_WPS_METHOD,
+ PROP_FILS,
LAST_PROP
};
@@ -814,6 +818,22 @@ nm_setting_wireless_security_get_wps_method (NMSettingWirelessSecurity *setting)
return NM_SETTING_WIRELESS_SECURITY_GET_PRIVATE (setting)->wps_method;
}
+/*
+ * nm_setting_wireless_security_get_fils:
+ * @setting: the #NMSettingWirelessSecurity
+ *
+ * Returns: the #NMSettingWirelessSecurity:fils property of the setting
+ *
+ * Since: 1.12
+ **/
+NMSettingWirelessSecurityFils
+nm_setting_wireless_security_get_fils (NMSettingWirelessSecurity *setting)
+{
+ g_return_val_if_fail (NM_IS_SETTING_WIRELESS_SECURITY (setting), 0);
+
+ return NM_SETTING_WIRELESS_SECURITY_GET_PRIVATE (setting)->fils;
+}
+
static GPtrArray *
need_secrets (NMSetting *setting)
{
@@ -1327,6 +1347,9 @@ set_property (GObject *object, guint prop_id,
case PROP_WPS_METHOD:
priv->wps_method = g_value_get_uint (value);
break;
+ case PROP_FILS:
+ priv->fils = g_value_get_int (value);
+ break;
default:
G_OBJECT_WARN_INVALID_PROPERTY_ID (object, prop_id, pspec);
break;
@@ -1398,6 +1421,9 @@ get_property (GObject *object, guint prop_id,
case PROP_WPS_METHOD:
g_value_set_uint (value, priv->wps_method);
break;
+ case PROP_FILS:
+ g_value_set_int (value, nm_setting_wireless_security_get_fils (setting));
+ break;
default:
G_OBJECT_WARN_INVALID_PROPERTY_ID (object, prop_id, pspec);
break;
@@ -1865,4 +1891,35 @@ nm_setting_wireless_security_class_init (NMSettingWirelessSecurityClass *setting
G_PARAM_CONSTRUCT |
NM_SETTING_PARAM_FUZZY_IGNORE |
G_PARAM_STATIC_STRINGS));
+
+ /**
+ * NMSettingWirelessSecurity:fils:
+ *
+ * Indicates whether Fast Initial Link Setup (802.11ai) must be enabled for
+ * the connection. One of %NM_SETTING_WIRELESS_SECURITY_FILS_DEFAULT (use
+ * global default value), %NM_SETTING_WIRELESS_SECURITY_FILS_DISABLE
+ * (disable FILS), %NM_SETTING_WIRELESS_SECURITY_FILS_OPTIONAL (enable FILS
+ * if the supplicant and the access point support it) or
+ * %NM_SETTING_WIRELESS_SECURITY_FILS_REQUIRED (enable FILS and fail if not
+ * supported). When set to %NM_SETTING_WIRELESS_SECURITY_FILS_DEFAULT and
+ * no global default is set, FILS will be optionally enabled.
+ *
+ * Since: 1.12
+ **/
+ /* ---ifcfg-rh---
+ * property: fils
+ * variable: FILS(+)
+ * values: default, disable, optional, required
+ * description: Enables or disables FILS (802.11ai)
+ * example: FILS=required
+ * ---end---
+ */
+ g_object_class_install_property
+ (object_class, PROP_FILS,
+ g_param_spec_int (NM_SETTING_WIRELESS_SECURITY_FILS, "", "",
+ G_MININT32, G_MAXINT32, 0,
+ G_PARAM_READWRITE |
+ G_PARAM_CONSTRUCT |
+ NM_SETTING_PARAM_FUZZY_IGNORE |
+ G_PARAM_STATIC_STRINGS));
}
diff --git a/libnm-core/nm-setting-wireless-security.h b/libnm-core/nm-setting-wireless-security.h
index e7641b3..5a732ac 100644
--- a/libnm-core/nm-setting-wireless-security.h
+++ b/libnm-core/nm-setting-wireless-security.h
@@ -109,6 +109,28 @@ typedef enum {
NM_SETTING_WIRELESS_SECURITY_WPS_METHOD_PIN = 0x00000008,
} NMSettingWirelessSecurityWpsMethod;
+/**
+ * NMSettingWirelessSecurityFils:
+ * @NM_SETTING_WIRELESS_SECURITY_FILS_DEFAULT: use the default value
+ * @NM_SETTING_WIRELESS_SECURITY_FILS_DISABLE: disable FILS
+ * @NM_SETTING_WIRELESS_SECURITY_FILS_OPTIONAL: enable FILS if the supplicant and the AP support it
+ * @NM_SETTING_WIRELESS_SECURITY_FILS_REQUIRED: require FILS and fail if not available
+ * @_NM_SETTING_WIRELESS_SECURITY_FILS_NUM: placeholder value for bounds-checking
+ * @NM_SETTING_WIRELESS_SECURITY_FILS_LAST: placeholder value for bounds-checking
+ *
+ * These flags indicate whether FILS must be enabled.
+ *
+ * Since: 1.12
+ **/
+typedef enum {
+ NM_SETTING_WIRELESS_SECURITY_FILS_DEFAULT = 0,
+ NM_SETTING_WIRELESS_SECURITY_FILS_DISABLE = 1,
+ NM_SETTING_WIRELESS_SECURITY_FILS_OPTIONAL = 2,
+ NM_SETTING_WIRELESS_SECURITY_FILS_REQUIRED = 3,
+ _NM_SETTING_WIRELESS_SECURITY_FILS_NUM, /*< skip >*/
+ NM_SETTING_WIRELESS_SECURITY_FILS_LAST = _NM_SETTING_WIRELESS_SECURITY_FILS_NUM - 1, /*<
skip >*/
+} NMSettingWirelessSecurityFils;
+
#define NM_SETTING_WIRELESS_SECURITY_KEY_MGMT "key-mgmt"
#define NM_SETTING_WIRELESS_SECURITY_WEP_TX_KEYIDX "wep-tx-keyidx"
#define NM_SETTING_WIRELESS_SECURITY_AUTH_ALG "auth-alg"
@@ -128,6 +150,7 @@ typedef enum {
#define NM_SETTING_WIRELESS_SECURITY_LEAP_PASSWORD "leap-password"
#define NM_SETTING_WIRELESS_SECURITY_LEAP_PASSWORD_FLAGS "leap-password-flags"
#define NM_SETTING_WIRELESS_SECURITY_WPS_METHOD "wps-method"
+#define NM_SETTING_WIRELESS_SECURITY_FILS "fils"
/**
* NMSettingWirelessSecurity:
@@ -193,6 +216,9 @@ NMWepKeyType nm_setting_wireless_security_get_wep_key_type (NMSettingWirelessSec
NM_AVAILABLE_IN_1_10
NMSettingWirelessSecurityWpsMethod nm_setting_wireless_security_get_wps_method (NMSettingWirelessSecurity
*setting);
+NM_AVAILABLE_IN_1_12
+NMSettingWirelessSecurityFils nm_setting_wireless_security_get_fils (NMSettingWirelessSecurity *setting);
+
G_END_DECLS
#endif /* __NM_SETTING_WIRELESS_SECURITY_H__ */
diff --git a/libnm/libnm.ver b/libnm/libnm.ver
index 29dfba7..179a225 100644
--- a/libnm/libnm.ver
+++ b/libnm/libnm.ver
@@ -1352,4 +1352,6 @@ global:
nm_setting_ip_tunnel_get_flags;
nm_setting_vpn_get_data_keys;
nm_setting_vpn_get_secret_keys;
+ nm_setting_wireless_security_get_fils;
+ nm_setting_wireless_security_fils_get_type;
} libnm_1_10_0;
diff --git a/man/NetworkManager.conf.xml b/man/NetworkManager.conf.xml
index 4171bfd..074ddc0 100644
--- a/man/NetworkManager.conf.xml
+++ b/man/NetworkManager.conf.xml
@@ -752,6 +752,11 @@ ipv6.ip6-privacy=0
<listitem><para>If left unspecified, the default value
"<literal>optional</literal>" will be used.</para></listitem>
</varlistentry>
+ <varlistentry>
+ <term><varname>wifi-sec.fils</varname></term>
+ <listitem><para>If left unspecified, the default value
+ "<literal>optional</literal>" will be used.</para></listitem>
+ </varlistentry>
</variablelist>
</para>
</refsect2>
diff --git a/src/devices/wifi/nm-device-wifi.c b/src/devices/wifi/nm-device-wifi.c
index f9441f8..6d6c271 100644
--- a/src/devices/wifi/nm-device-wifi.c
+++ b/src/devices/wifi/nm-device-wifi.c
@@ -2381,6 +2381,7 @@ build_supplicant_config (NMDeviceWifi *self,
NMSettingWireless *s_wireless;
NMSettingWirelessSecurity *s_wireless_sec;
NMSettingWirelessSecurityPmf pmf;
+ NMSettingWirelessSecurityFils fils;
gs_free char *value = NULL;
g_return_val_if_fail (priv->sup_iface, NULL);
@@ -2450,6 +2451,22 @@ build_supplicant_config (NMDeviceWifi *self,
}
}
+ /* Configure FILS (802.11ai) */
+ fils = nm_setting_wireless_security_get_fils (s_wireless_sec);
+ if (fils == NM_SETTING_WIRELESS_SECURITY_FILS_DEFAULT) {
+ value = nm_config_data_get_connection_default (NM_CONFIG_GET_DATA,
+ "wifi-sec.fils",
+ NM_DEVICE (self));
+ fils = _nm_utils_ascii_str_to_int64 (value, 10,
+ NM_SETTING_WIRELESS_SECURITY_FILS_DISABLE,
+ NM_SETTING_WIRELESS_SECURITY_FILS_REQUIRED,
+ NM_SETTING_WIRELESS_SECURITY_FILS_OPTIONAL);
+ }
+
+ /* Don't try to enable FILS on non-EAP networks */
+ if (!NM_IN_STRSET (nm_setting_wireless_security_get_key_mgmt (s_wireless_sec), "wpa-eap"))
+ fils = NM_SETTING_WIRELESS_SECURITY_FILS_DISABLE;
+
s_8021x = nm_connection_get_setting_802_1x (connection);
if (!nm_supplicant_config_add_setting_wireless_security (config,
s_wireless_sec,
@@ -2457,6 +2474,7 @@ build_supplicant_config (NMDeviceWifi *self,
con_uuid,
mtu,
pmf,
+ fils,
error)) {
g_prefix_error (error, "802-11-wireless-security: ");
goto error;
diff --git a/src/devices/wifi/nm-wifi-ap.c b/src/devices/wifi/nm-wifi-ap.c
index 603eb57..c3c64e7 100644
--- a/src/devices/wifi/nm-wifi-ap.c
+++ b/src/devices/wifi/nm-wifi-ap.c
@@ -415,7 +415,9 @@ security_from_vardict (GVariant *security)
&& array) {
if (g_strv_contains (array, "wpa-psk"))
flags |= NM_802_11_AP_SEC_KEY_MGMT_PSK;
- if (g_strv_contains (array, "wpa-eap"))
+ if (g_strv_contains (array, "wpa-eap") ||
+ g_strv_contains (array, "wpa-fils-sha256") ||
+ g_strv_contains (array, "wpa-fils-sha384"))
flags |= NM_802_11_AP_SEC_KEY_MGMT_802_1X;
g_free (array);
}
diff --git a/src/settings/plugins/ifcfg-rh/nms-ifcfg-rh-reader.c
b/src/settings/plugins/ifcfg-rh/nms-ifcfg-rh-reader.c
index 400a7bd..aed73c3 100644
--- a/src/settings/plugins/ifcfg-rh/nms-ifcfg-rh-reader.c
+++ b/src/settings/plugins/ifcfg-rh/nms-ifcfg-rh-reader.c
@@ -3542,6 +3542,13 @@ make_wpa_setting (shvarFile *ifcfg,
return NULL;
g_object_set (wsec, NM_SETTING_WIRELESS_SECURITY_PMF, i_val, NULL);
+ i_val = NM_SETTING_WIRELESS_SECURITY_FILS_DEFAULT;
+ if (!svGetValueEnum (ifcfg, "FILS",
+ nm_setting_wireless_security_fils_get_type (),
+ &i_val, error))
+ return NULL;
+ g_object_set (wsec, NM_SETTING_WIRELESS_SECURITY_FILS, i_val, NULL);
+
nm_clear_g_free (&value);
v = svGetValueStr (ifcfg, "SECURITYMODE", &value);
if (NM_IN_STRSET (v, NULL, "open"))
diff --git a/src/settings/plugins/ifcfg-rh/nms-ifcfg-rh-writer.c
b/src/settings/plugins/ifcfg-rh/nms-ifcfg-rh-writer.c
index 32f056f..8fa4e5d 100644
--- a/src/settings/plugins/ifcfg-rh/nms-ifcfg-rh-writer.c
+++ b/src/settings/plugins/ifcfg-rh/nms-ifcfg-rh-writer.c
@@ -794,6 +794,13 @@ write_wireless_security_setting (NMConnection *connection,
nm_setting_wireless_security_get_pmf (s_wsec));
}
+ if (nm_setting_wireless_security_get_fils (s_wsec) == NM_SETTING_WIRELESS_SECURITY_FILS_DEFAULT)
+ svUnsetValue (ifcfg, "FILS");
+ else {
+ svSetValueEnum (ifcfg, "FILS", nm_setting_wireless_security_fils_get_type (),
+ nm_setting_wireless_security_get_fils (s_wsec));
+ }
+
return TRUE;
}
diff --git a/src/supplicant/nm-supplicant-config.c b/src/supplicant/nm-supplicant-config.c
index e51e8ba..a2502bd 100644
--- a/src/supplicant/nm-supplicant-config.c
+++ b/src/supplicant/nm-supplicant-config.c
@@ -733,6 +733,7 @@ nm_supplicant_config_add_setting_wireless_security (NMSupplicantConfig *self,
const char *con_uuid,
guint32 mtu,
NMSettingWirelessSecurityPmf pmf,
+ NMSettingWirelessSecurityFils fils,
GError **error)
{
const char *key_mgmt, *key_mgmt_conf, *auth_alg;
@@ -747,7 +748,17 @@ nm_supplicant_config_add_setting_wireless_security (NMSupplicantConfig *self,
if (nm_streq (key_mgmt, "wpa-psk"))
key_mgmt_conf = "wpa-psk wpa-psk-sha256";
else if (nm_streq (key_mgmt, "wpa-eap"))
- key_mgmt_conf = "wpa-eap wpa-eap-sha256";
+ switch (fils) {
+ case NM_SETTING_WIRELESS_SECURITY_FILS_OPTIONAL:
+ key_mgmt_conf = "wpa-eap wpa-eap-sha256 fils-sha256 fils-sha384";
+ break;
+ case NM_SETTING_WIRELESS_SECURITY_FILS_REQUIRED:
+ key_mgmt_conf = "fils-sha256 fils-sha384";
+ break;
+ default:
+ key_mgmt_conf = "wpa-eap wpa-eap-sha256";
+ break;
+ }
if (!add_string_val (self, key_mgmt_conf, "key_mgmt", TRUE, NULL, error))
return FALSE;
diff --git a/src/supplicant/nm-supplicant-config.h b/src/supplicant/nm-supplicant-config.h
index d90d82b..39b8a9f 100644
--- a/src/supplicant/nm-supplicant-config.h
+++ b/src/supplicant/nm-supplicant-config.h
@@ -65,6 +65,7 @@ gboolean nm_supplicant_config_add_setting_wireless_security (NMSupplicantConfig
const char *con_uuid,
guint32 mtu,
NMSettingWirelessSecurityPmf pmf,
+ NMSettingWirelessSecurityFils fils,
GError **error);
gboolean nm_supplicant_config_add_no_security (NMSupplicantConfig *self,
diff --git a/src/supplicant/nm-supplicant-settings-verify.c b/src/supplicant/nm-supplicant-settings-verify.c
index 14daf69..d53a13c 100644
--- a/src/supplicant/nm-supplicant-settings-verify.c
+++ b/src/supplicant/nm-supplicant-settings-verify.c
@@ -73,6 +73,7 @@ const char * group_allowed[] = { "CCMP", "TKIP", "WEP104", "WEP40", NULL };
const char * proto_allowed[] = { "WPA", "RSN", NULL };
const char * key_mgmt_allowed[] = { "WPA-PSK", "WPA-PSK-SHA256",
"WPA-EAP", "WPA-EAP-SHA256",
+ "FILS-SHA256", "FILS-SHA384",
"IEEE8021X", "WPA-NONE",
"NONE", NULL };
const char * auth_alg_allowed[] = { "OPEN", "SHARED", "LEAP", NULL };
diff --git a/src/supplicant/tests/test-supplicant-config.c b/src/supplicant/tests/test-supplicant-config.c
index f85c137..9420860 100644
--- a/src/supplicant/tests/test-supplicant-config.c
+++ b/src/supplicant/tests/test-supplicant-config.c
@@ -118,6 +118,7 @@ build_supplicant_config (NMConnection *connection, guint mtu, guint fixed_freq)
s_wsec = nm_connection_get_setting_wireless_security (connection);
if (s_wsec) {
NMSettingWirelessSecurityPmf pmf = nm_setting_wireless_security_get_pmf (s_wsec);
+ NMSettingWirelessSecurityFils fils = nm_setting_wireless_security_get_fils (s_wsec);
s_8021x = nm_connection_get_setting_802_1x (connection);
success = nm_supplicant_config_add_setting_wireless_security (config,
s_wsec,
@@ -125,6 +126,7 @@ build_supplicant_config (NMConnection *connection, guint mtu, guint fixed_freq)
nm_connection_get_uuid
(connection),
mtu,
pmf,
+ fils,
&error);
} else {
success = nm_supplicant_config_add_no_security (config, &error);
--
2.7.4
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]