The FILS(Fast Initial Link Setup) is a specification defined by IEEE 802.11ai to speed up roaming. This patch adds support of it. I have tested with both FILS-SHA256 and FILS-SHA384 by PEAP.
Signed-off-by: Masashi Honma <[email protected]> --- libnm-core/nm-setting-wireless-security.c | 9 ++++++--- libnm-core/nm-setting-wireless.c | 5 +++-- src/devices/wifi/nm-wifi-ap.c | 6 ++++-- src/settings/plugins/ifcfg-rh/nms-ifcfg-rh-reader.c | 2 +- src/settings/plugins/ifcfg-rh/nms-ifcfg-rh-writer.c | 3 +++ src/supplicant/nm-supplicant-config.c | 13 +++++++++---- src/supplicant/nm-supplicant-settings-verify.c | 1 + 7 files changed, 27 insertions(+), 12 deletions(-) diff --git a/libnm-core/nm-setting-wireless-security.c b/libnm-core/nm-setting-wireless-security.c index de77a49..eea0581 100644 --- a/libnm-core/nm-setting-wireless-security.c +++ b/libnm-core/nm-setting-wireless-security.c @@ -868,7 +868,8 @@ need_secrets (NMSetting *setting) } if ( (strcmp (priv->key_mgmt, "ieee8021x") == 0) - || (strcmp (priv->key_mgmt, "wpa-eap") == 0)) { + || (strcmp (priv->key_mgmt, "wpa-eap") == 0) + || (strcmp (priv->key_mgmt, "wpa-fils") == 0)) { /* Let caller check the 802.1x setting for secrets */ goto no_secrets; } @@ -887,7 +888,8 @@ verify (NMSetting *setting, NMConnection *connection, GError **error) { NMSettingWirelessSecurity *self = NM_SETTING_WIRELESS_SECURITY (setting); NMSettingWirelessSecurityPrivate *priv = NM_SETTING_WIRELESS_SECURITY_GET_PRIVATE (self); - const char *valid_key_mgmt[] = { "none", "ieee8021x", "wpa-none", "wpa-psk", "wpa-eap", NULL }; + const char *valid_key_mgmt[] = { "none", "ieee8021x", "wpa-none", + "wpa-psk", "wpa-eap", "wpa-fils", NULL }; const char *valid_auth_algs[] = { "open", "shared", "leap", NULL }; const char *valid_protos[] = { "wpa", "rsn", NULL }; const char *valid_pairwise[] = { "tkip", "ccmp", NULL }; @@ -933,7 +935,8 @@ verify (NMSetting *setting, NMConnection *connection, GError **error) } } else { if ( (strcmp (priv->key_mgmt, "ieee8021x") == 0) - || (strcmp (priv->key_mgmt, "wpa-eap") == 0)) { + || (strcmp (priv->key_mgmt, "wpa-eap") == 0) + || (strcmp (priv->key_mgmt, "wpa-fils") == 0)) { /* Need an 802.1x setting too */ if (connection && !nm_connection_get_setting_802_1x (connection)) { g_set_error (error, diff --git a/libnm-core/nm-setting-wireless.c b/libnm-core/nm-setting-wireless.c index 0a3915b..df5499d 100644 --- a/libnm-core/nm-setting-wireless.c +++ b/libnm-core/nm-setting-wireless.c @@ -229,13 +229,14 @@ nm_setting_wireless_ap_security_compatible (NMSettingWireless *s_wireless, /* WPA[2]-PSK and WPA[2] Enterprise */ if ( !strcmp (key_mgmt, "wpa-psk") - || !strcmp (key_mgmt, "wpa-eap")) { + || !strcmp (key_mgmt, "wpa-eap") + || !strcmp (key_mgmt, "wpa-fils")) { if (!strcmp (key_mgmt, "wpa-psk")) { if ( !(ap_wpa & NM_802_11_AP_SEC_KEY_MGMT_PSK) && !(ap_rsn & NM_802_11_AP_SEC_KEY_MGMT_PSK)) return FALSE; - } else if (!strcmp (key_mgmt, "wpa-eap")) { + } else { if ( !(ap_wpa & NM_802_11_AP_SEC_KEY_MGMT_802_1X) && !(ap_rsn & NM_802_11_AP_SEC_KEY_MGMT_802_1X)) return FALSE; diff --git a/src/devices/wifi/nm-wifi-ap.c b/src/devices/wifi/nm-wifi-ap.c index 603eb57..195cffa 100644 --- a/src/devices/wifi/nm-wifi-ap.c +++ b/src/devices/wifi/nm-wifi-ap.c @@ -415,7 +415,9 @@ security_from_vardict (GVariant *security) && array) { if (g_strv_contains (array, "wpa-psk")) flags |= NM_802_11_AP_SEC_KEY_MGMT_PSK; - if (g_strv_contains (array, "wpa-eap")) + if (g_strv_contains (array, "wpa-eap") || + g_strv_contains (array, "wpa-fils-sha256") || + g_strv_contains (array, "wpa-fils-sha384")) flags |= NM_802_11_AP_SEC_KEY_MGMT_802_1X; g_free (array); } @@ -1271,7 +1273,7 @@ nm_wifi_ap_new_fake_from_connection (NMConnection *connection) goto done; psk = !strcmp (key_mgmt, "wpa-psk"); - eap = !strcmp (key_mgmt, "wpa-eap"); + eap = !strcmp (key_mgmt, "wpa-eap") || !strcmp (key_mgmt, "wpa-fils"); if (psk || eap) { if (has_proto (s_wireless_sec, PROTO_WPA)) { flags = priv->wpa_flags | (eap ? NM_802_11_AP_SEC_KEY_MGMT_802_1X : NM_802_11_AP_SEC_KEY_MGMT_PSK); diff --git a/src/settings/plugins/ifcfg-rh/nms-ifcfg-rh-reader.c b/src/settings/plugins/ifcfg-rh/nms-ifcfg-rh-reader.c index d6be2f3..4de2887 100644 --- a/src/settings/plugins/ifcfg-rh/nms-ifcfg-rh-reader.c +++ b/src/settings/plugins/ifcfg-rh/nms-ifcfg-rh-reader.c @@ -3443,7 +3443,7 @@ make_wpa_setting (shvarFile *ifcfg, v = svGetValueStr (ifcfg, "KEY_MGMT", &value); wpa_psk = nm_streq0 (v, "WPA-PSK"); - wpa_eap = nm_streq0 (v, "WPA-EAP"); + wpa_eap = nm_streq0 (v, "WPA-EAP") || nm_streq0 (v, "WPA-FILS"); ieee8021x = nm_streq0 (v, "IEEE8021X"); if (!wpa_psk && !wpa_eap && !ieee8021x) return NULL; /* Not WPA or Dynamic WEP */ diff --git a/src/settings/plugins/ifcfg-rh/nms-ifcfg-rh-writer.c b/src/settings/plugins/ifcfg-rh/nms-ifcfg-rh-writer.c index 9c49c97..43bc6c2 100644 --- a/src/settings/plugins/ifcfg-rh/nms-ifcfg-rh-writer.c +++ b/src/settings/plugins/ifcfg-rh/nms-ifcfg-rh-writer.c @@ -615,6 +615,9 @@ write_wireless_security_setting (NMConnection *connection, } else if (!strcmp (key_mgmt, "wpa-eap")) { svSetValueStr (ifcfg, "KEY_MGMT", "WPA-EAP"); wpa = TRUE; + } else if (!strcmp (key_mgmt, "wpa-fils")) { + svSetValueStr (ifcfg, "KEY_MGMT", "WPA-FILS"); + wpa = TRUE; } svUnsetValue (ifcfg, "SECURITYMODE"); diff --git a/src/supplicant/nm-supplicant-config.c b/src/supplicant/nm-supplicant-config.c index 5650e64..3269f5f 100644 --- a/src/supplicant/nm-supplicant-config.c +++ b/src/supplicant/nm-supplicant-config.c @@ -578,7 +578,8 @@ nm_supplicant_config_add_bgscan (NMSupplicantConfig *self, if (s_wsec) { if (NM_IN_STRSET (nm_setting_wireless_security_get_key_mgmt (s_wsec), "ieee8021x", - "wpa-eap")) + "wpa-eap", + "wpa-fils")) bgscan = "simple:30:-65:300"; } @@ -755,6 +756,8 @@ nm_supplicant_config_add_setting_wireless_security (NMSupplicantConfig *self, else if (nm_streq (key_mgmt_conf, "wpa-eap")) key_mgmt_conf = "wpa-eap-sha256"; } + if (nm_streq (key_mgmt, "wpa-fils")) + key_mgmt_conf = "fils-sha256 fils-sha384"; if (!add_string_val (self, key_mgmt_conf, "key_mgmt", TRUE, NULL, error)) return FALSE; @@ -803,7 +806,8 @@ nm_supplicant_config_add_setting_wireless_security (NMSupplicantConfig *self, /* Only WPA-specific things when using WPA */ if ( !strcmp (key_mgmt, "wpa-none") || !strcmp (key_mgmt, "wpa-psk") - || !strcmp (key_mgmt, "wpa-eap")) { + || !strcmp (key_mgmt, "wpa-eap") + || !strcmp (key_mgmt, "wpa-fils")) { if (!ADD_STRING_LIST_VAL (self, setting, wireless_security, proto, protos, "proto", ' ', TRUE, NULL, error)) return FALSE; if (!ADD_STRING_LIST_VAL (self, setting, wireless_security, pairwise, pairwise, "pairwise", ' ', TRUE, NULL, error)) @@ -873,7 +877,8 @@ nm_supplicant_config_add_setting_wireless_security (NMSupplicantConfig *self, } } else { /* 802.1x for Dynamic WEP and WPA-Enterprise */ - if (!strcmp (key_mgmt, "ieee8021x") || !strcmp (key_mgmt, "wpa-eap")) { + if (!strcmp (key_mgmt, "ieee8021x") || !strcmp (key_mgmt, "wpa-eap") || + !strcmp (key_mgmt, "wpa-fils")) { if (!setting_8021x) { g_set_error (error, NM_SUPPLICANT_ERROR, NM_SUPPLICANT_ERROR_CONFIG, "Cannot set key-mgmt %s with missing 8021x setting", key_mgmt); @@ -883,7 +888,7 @@ nm_supplicant_config_add_setting_wireless_security (NMSupplicantConfig *self, return FALSE; } - if (!strcmp (key_mgmt, "wpa-eap")) { + if (!strcmp (key_mgmt, "wpa-eap") || !strcmp (key_mgmt, "wpa-fils")) { /* When using WPA-Enterprise, we want to use Proactive Key Caching (also * called Opportunistic Key Caching) to avoid full EAP exchanges when * roaming between access points in the same mobility group. diff --git a/src/supplicant/nm-supplicant-settings-verify.c b/src/supplicant/nm-supplicant-settings-verify.c index 14daf69..d53a13c 100644 --- a/src/supplicant/nm-supplicant-settings-verify.c +++ b/src/supplicant/nm-supplicant-settings-verify.c @@ -73,6 +73,7 @@ const char * group_allowed[] = { "CCMP", "TKIP", "WEP104", "WEP40", NULL }; const char * proto_allowed[] = { "WPA", "RSN", NULL }; const char * key_mgmt_allowed[] = { "WPA-PSK", "WPA-PSK-SHA256", "WPA-EAP", "WPA-EAP-SHA256", + "FILS-SHA256", "FILS-SHA384", "IEEE8021X", "WPA-NONE", "NONE", NULL }; const char * auth_alg_allowed[] = { "OPEN", "SHARED", "LEAP", NULL }; -- 2.7.4 _______________________________________________ networkmanager-list mailing list [email protected] https://mail.gnome.org/mailman/listinfo/networkmanager-list
