* [RFC connman v2 0/1] Add wpa_supplicant WPA3-SAE support
@ 2021-05-27 21:41 Ariel D'Alessandro
2021-05-27 21:41 ` [RFC connman v2 1/1] WIP: " Ariel D'Alessandro
0 siblings, 1 reply; 11+ messages in thread
From: Ariel D'Alessandro @ 2021-05-27 21:41 UTC (permalink / raw)
To: iwd
[-- Attachment #1: Type: text/plain, Size: 928 bytes --]
Hi all,
Here's another attemp on adding WPA3-SAE support to connman
(wpa_supplicant backend).
I'd like comments on the following mainly:
Based on plugin/iwd.c, a private data struct is added to each network
in plugin/wifi.c so it can keep track of keymgmt capabilities, needed to
use WPA3-SAE if it's available. See RFC v1 thread for more details.
Note that this is an RFC patchset. Feel free to give any kind of
feedback, always appreciated :-)
Changes from v1:
* Dropped changes to service API.
* Unified WPA3-SAE under WPA-PSK.
* Added private data struct to network in plugin/wifi.c
Regards,
Ariel D'Alessandro (1):
WIP: Add wpa_supplicant WPA3-SAE support
gsupplicant/gsupplicant.h | 10 ++++++++++
gsupplicant/supplicant.c | 33 ++++++++++++++++++++++++++++++---
plugins/wifi.c | 21 +++++++++++++++++++++
3 files changed, 61 insertions(+), 3 deletions(-)
--
2.30.2
^ permalink raw reply [flat|nested] 11+ messages in thread
* [RFC connman v2 1/1] WIP: Add wpa_supplicant WPA3-SAE support
2021-05-27 21:41 [RFC connman v2 0/1] Add wpa_supplicant WPA3-SAE support Ariel D'Alessandro
@ 2021-05-27 21:41 ` Ariel D'Alessandro
2021-06-02 17:05 ` Ariel D'Alessandro
` (2 more replies)
0 siblings, 3 replies; 11+ messages in thread
From: Ariel D'Alessandro @ 2021-05-27 21:41 UTC (permalink / raw)
To: iwd
[-- Attachment #1: Type: text/plain, Size: 8004 bytes --]
Implement WPA3-SAE authentication on connman side using wpa_supplicant
backend.
Initially based on Tizen project:
https://review.tizen.org/git/?p=platform/upstream/connman.git
Signed-off-by: Ariel D'Alessandro <ariel.dalessandro@collabora.com>
---
gsupplicant/gsupplicant.h | 10 ++++++++++
gsupplicant/supplicant.c | 33 ++++++++++++++++++++++++++++++---
plugins/wifi.c | 21 +++++++++++++++++++++
3 files changed, 61 insertions(+), 3 deletions(-)
diff --git a/gsupplicant/gsupplicant.h b/gsupplicant/gsupplicant.h
index 7935c3a6..eab6293f 100644
--- a/gsupplicant/gsupplicant.h
+++ b/gsupplicant/gsupplicant.h
@@ -61,6 +61,7 @@ extern "C" {
#define G_SUPPLICANT_KEYMGMT_WPA_EAP (1 << 7)
#define G_SUPPLICANT_KEYMGMT_WPA_EAP_256 (1 << 8)
#define G_SUPPLICANT_KEYMGMT_WPS (1 << 9)
+#define G_SUPPLICANT_KEYMGMT_SAE (1 << 10)
#define G_SUPPLICANT_PROTO_WPA (1 << 0)
#define G_SUPPLICANT_PROTO_RSN (1 << 1)
@@ -129,6 +130,12 @@ typedef enum {
G_SUPPLICANT_PEER_GROUP_FAILED,
} GSupplicantPeerState;
+typedef enum {
+ G_SUPPLICANT_MFP_NONE,
+ G_SUPPLICANT_MFP_OPTIONAL,
+ G_SUPPLICANT_MFP_REQUIRED,
+} GSupplicantMfpOptions;
+
struct _GSupplicantSSID {
const void *ssid;
unsigned int ssid_len;
@@ -155,6 +162,8 @@ struct _GSupplicantSSID {
dbus_bool_t use_wps;
const char *pin_wps;
const char *bgscan;
+ unsigned int keymgmt;
+ GSupplicantMfpOptions ieee80211w;
};
typedef struct _GSupplicantSSID GSupplicantSSID;
@@ -339,6 +348,7 @@ bool g_supplicant_peer_is_in_a_group(GSupplicantPeer *peer);
GSupplicantInterface *g_supplicant_peer_get_group_interface(GSupplicantPeer *peer);
bool g_supplicant_peer_is_client(GSupplicantPeer *peer);
bool g_supplicant_peer_has_requested_connection(GSupplicantPeer *peer);
+unsigned int g_supplicant_network_get_keymgmt(GSupplicantNetwork *network);
struct _GSupplicantCallbacks {
void (*system_ready) (void);
diff --git a/gsupplicant/supplicant.c b/gsupplicant/supplicant.c
index f56b595f..be05575c 100644
--- a/gsupplicant/supplicant.c
+++ b/gsupplicant/supplicant.c
@@ -92,6 +92,7 @@ static struct strvalmap keymgmt_map[] = {
{ "wpa-eap", G_SUPPLICANT_KEYMGMT_WPA_EAP },
{ "wpa-eap-sha256", G_SUPPLICANT_KEYMGMT_WPA_EAP_256 },
{ "wps", G_SUPPLICANT_KEYMGMT_WPS },
+ { "sae", G_SUPPLICANT_KEYMGMT_SAE },
{ }
};
@@ -234,6 +235,7 @@ struct _GSupplicantNetwork {
unsigned int wps_capabilities;
GHashTable *bss_table;
GHashTable *config_table;
+ unsigned int keymgmt;
};
struct _GSupplicantPeer {
@@ -1427,6 +1429,14 @@ bool g_supplicant_peer_has_requested_connection(GSupplicantPeer *peer)
return peer->connection_requested;
}
+unsigned int g_supplicant_network_get_keymgmt(GSupplicantNetwork *network)
+{
+ if (network == NULL)
+ return 0;
+
+ return network->keymgmt;
+}
+
static void merge_network(GSupplicantNetwork *network)
{
GString *str;
@@ -1457,7 +1467,8 @@ static void merge_network(GSupplicantNetwork *network)
else if (g_strcmp0(mode, "1") == 0)
g_string_append_printf(str, "_adhoc");
- if (g_strcmp0(key_mgmt, "WPA-PSK") == 0)
+ if ((g_strcmp0(key_mgmt, "WPA-PSK") == 0) ||
+ (g_strcmp0(key_mgmt, "SAE") == 0))
g_string_append_printf(str, "_psk");
group = g_string_free(str, FALSE);
@@ -1650,6 +1661,7 @@ static int add_or_replace_bss_to_network(struct g_supplicant_bss *bss)
network->name = create_name(bss->ssid, bss->ssid_len);
network->mode = bss->mode;
network->security = bss->security;
+ network->keymgmt = bss->keymgmt;
network->ssid_len = bss->ssid_len;
memcpy(network->ssid, bss->ssid, bss->ssid_len);
network->signal = bss->signal;
@@ -1931,7 +1943,8 @@ static void bss_compute_security(struct g_supplicant_bss *bss)
if (bss->keymgmt &
(G_SUPPLICANT_KEYMGMT_WPA_PSK |
G_SUPPLICANT_KEYMGMT_WPA_FT_PSK |
- G_SUPPLICANT_KEYMGMT_WPA_PSK_256))
+ G_SUPPLICANT_KEYMGMT_WPA_PSK_256 |
+ G_SUPPLICANT_KEYMGMT_SAE))
bss->psk = TRUE;
if (bss->ieee8021x)
@@ -4890,6 +4903,15 @@ static void add_network_security_proto(DBusMessageIter *dict,
g_free(proto);
}
+static void add_network_ieee80211w(DBusMessageIter *dict, GSupplicantSSID *ssid)
+{
+ if (!(ssid->keymgmt & G_SUPPLICANT_KEYMGMT_SAE))
+ return;
+
+ supplicant_dbus_dict_append_basic(dict, "ieee80211w", DBUS_TYPE_UINT32,
+ &ssid->ieee80211w);
+}
+
static void add_network_security(DBusMessageIter *dict, GSupplicantSSID *ssid)
{
char *key_mgmt;
@@ -4907,7 +4929,10 @@ static void add_network_security(DBusMessageIter *dict, GSupplicantSSID *ssid)
add_network_security_ciphers(dict, ssid);
break;
case G_SUPPLICANT_SECURITY_PSK:
- key_mgmt = "WPA-PSK";
+ if (ssid->keymgmt & G_SUPPLICANT_KEYMGMT_SAE)
+ key_mgmt = "SAE";
+ else
+ key_mgmt = "WPA-PSK";
add_network_security_psk(dict, ssid);
add_network_security_ciphers(dict, ssid);
add_network_security_proto(dict, ssid);
@@ -4969,6 +4994,8 @@ static void interface_add_network_params(DBusMessageIter *iter, void *user_data)
add_network_security(&dict, ssid);
+ add_network_ieee80211w(&dict, ssid);
+
supplicant_dbus_dict_append_fixed_array(&dict, "ssid",
DBUS_TYPE_BYTE, &ssid->ssid,
ssid->ssid_len);
diff --git a/plugins/wifi.c b/plugins/wifi.c
index 6233fe11..f990d40c 100644
--- a/plugins/wifi.c
+++ b/plugins/wifi.c
@@ -167,6 +167,10 @@ struct wifi_data {
int assoc_code;
};
+struct wifi_network {
+ unsigned int keymgmt;
+};
+
struct disconnect_data {
struct wifi_data *wifi;
struct connman_network *network;
@@ -809,6 +813,7 @@ static void remove_networks(struct connman_device *device,
for (list = wifi->networks; list; list = list->next) {
struct connman_network *network = list->data;
+ g_free(connman_network_get_data(network));
connman_device_remove_network(device, network);
connman_network_unref(network);
}
@@ -2148,6 +2153,7 @@ static GSupplicantSecurity network_security(const char *security)
static void ssid_init(GSupplicantSSID *ssid, struct connman_network *network)
{
+ struct wifi_network *network_data = connman_network_get_data(network);
const char *security;
memset(ssid, 0, sizeof(*ssid));
@@ -2157,6 +2163,8 @@ static void ssid_init(GSupplicantSSID *ssid, struct connman_network *network)
ssid->scan_ssid = 1;
security = connman_network_get_string(network, "WiFi.Security");
ssid->security = network_security(security);
+ ssid->keymgmt = network_data->keymgmt;
+ ssid->ieee80211w = G_SUPPLICANT_MFP_OPTIONAL;
ssid->passphrase = connman_network_get_string(network,
"WiFi.Passphrase");
@@ -2801,6 +2809,7 @@ static void network_added(GSupplicantNetwork *supplicant_network)
struct connman_network *network;
GSupplicantInterface *interface;
struct wifi_data *wifi;
+ struct wifi_network *network_data;
const char *name, *identifier, *security, *group, *mode;
const unsigned char *ssid;
unsigned int ssid_len;
@@ -2849,8 +2858,19 @@ static void network_added(GSupplicantNetwork *supplicant_network)
}
wifi->networks = g_slist_prepend(wifi->networks, network);
+
+ network_data = g_try_new0(struct wifi_network, 1);
+ if (!network_data) {
+ connman_error("Out of memory creating wifi network");
+ return;
+ }
+ connman_network_set_data(network, network_data);
}
+ network_data = connman_network_get_data(network);
+ network_data->keymgmt =
+ g_supplicant_network_get_keymgmt(supplicant_network);
+
if (name && name[0] != '\0')
connman_network_set_name(network, name);
@@ -2918,6 +2938,7 @@ static void network_removed(GSupplicantNetwork *network)
wifi->networks = g_slist_remove(wifi->networks, connman_network);
+ g_free(connman_network_get_data(connman_network));
connman_device_remove_network(wifi->device, connman_network);
connman_network_unref(connman_network);
}
--
2.30.2
^ permalink raw reply related [flat|nested] 11+ messages in thread
* Re: [RFC connman v2 1/1] WIP: Add wpa_supplicant WPA3-SAE support
2021-05-27 21:41 ` [RFC connman v2 1/1] WIP: " Ariel D'Alessandro
@ 2021-06-02 17:05 ` Ariel D'Alessandro
2021-06-14 7:00 ` Daniel Wagner
2021-07-30 18:28 ` Ariel D'Alessandro
2 siblings, 0 replies; 11+ messages in thread
From: Ariel D'Alessandro @ 2021-06-02 17:05 UTC (permalink / raw)
To: iwd
[-- Attachment #1: Type: text/plain, Size: 8703 bytes --]
Hi Daniel,
Just a gentle a ping in case you have time to take a look at this
patchset v2 :-) let me know if this address the requirements we
discussed on patchset v1.
Thanks a lot!
Ariel
On 5/27/21 6:41 PM, Ariel D'Alessandro wrote:
> Implement WPA3-SAE authentication on connman side using wpa_supplicant
> backend.
>
> Initially based on Tizen project:
>
> https://review.tizen.org/git/?p=platform/upstream/connman.git
>
> Signed-off-by: Ariel D'Alessandro <ariel.dalessandro@collabora.com>
> ---
> gsupplicant/gsupplicant.h | 10 ++++++++++
> gsupplicant/supplicant.c | 33 ++++++++++++++++++++++++++++++---
> plugins/wifi.c | 21 +++++++++++++++++++++
> 3 files changed, 61 insertions(+), 3 deletions(-)
>
> diff --git a/gsupplicant/gsupplicant.h b/gsupplicant/gsupplicant.h
> index 7935c3a6..eab6293f 100644
> --- a/gsupplicant/gsupplicant.h
> +++ b/gsupplicant/gsupplicant.h
> @@ -61,6 +61,7 @@ extern "C" {
> #define G_SUPPLICANT_KEYMGMT_WPA_EAP (1 << 7)
> #define G_SUPPLICANT_KEYMGMT_WPA_EAP_256 (1 << 8)
> #define G_SUPPLICANT_KEYMGMT_WPS (1 << 9)
> +#define G_SUPPLICANT_KEYMGMT_SAE (1 << 10)
>
> #define G_SUPPLICANT_PROTO_WPA (1 << 0)
> #define G_SUPPLICANT_PROTO_RSN (1 << 1)
> @@ -129,6 +130,12 @@ typedef enum {
> G_SUPPLICANT_PEER_GROUP_FAILED,
> } GSupplicantPeerState;
>
> +typedef enum {
> + G_SUPPLICANT_MFP_NONE,
> + G_SUPPLICANT_MFP_OPTIONAL,
> + G_SUPPLICANT_MFP_REQUIRED,
> +} GSupplicantMfpOptions;
> +
> struct _GSupplicantSSID {
> const void *ssid;
> unsigned int ssid_len;
> @@ -155,6 +162,8 @@ struct _GSupplicantSSID {
> dbus_bool_t use_wps;
> const char *pin_wps;
> const char *bgscan;
> + unsigned int keymgmt;
> + GSupplicantMfpOptions ieee80211w;
> };
>
> typedef struct _GSupplicantSSID GSupplicantSSID;
> @@ -339,6 +348,7 @@ bool g_supplicant_peer_is_in_a_group(GSupplicantPeer *peer);
> GSupplicantInterface *g_supplicant_peer_get_group_interface(GSupplicantPeer *peer);
> bool g_supplicant_peer_is_client(GSupplicantPeer *peer);
> bool g_supplicant_peer_has_requested_connection(GSupplicantPeer *peer);
> +unsigned int g_supplicant_network_get_keymgmt(GSupplicantNetwork *network);
>
> struct _GSupplicantCallbacks {
> void (*system_ready) (void);
> diff --git a/gsupplicant/supplicant.c b/gsupplicant/supplicant.c
> index f56b595f..be05575c 100644
> --- a/gsupplicant/supplicant.c
> +++ b/gsupplicant/supplicant.c
> @@ -92,6 +92,7 @@ static struct strvalmap keymgmt_map[] = {
> { "wpa-eap", G_SUPPLICANT_KEYMGMT_WPA_EAP },
> { "wpa-eap-sha256", G_SUPPLICANT_KEYMGMT_WPA_EAP_256 },
> { "wps", G_SUPPLICANT_KEYMGMT_WPS },
> + { "sae", G_SUPPLICANT_KEYMGMT_SAE },
> { }
> };
>
> @@ -234,6 +235,7 @@ struct _GSupplicantNetwork {
> unsigned int wps_capabilities;
> GHashTable *bss_table;
> GHashTable *config_table;
> + unsigned int keymgmt;
> };
>
> struct _GSupplicantPeer {
> @@ -1427,6 +1429,14 @@ bool g_supplicant_peer_has_requested_connection(GSupplicantPeer *peer)
> return peer->connection_requested;
> }
>
> +unsigned int g_supplicant_network_get_keymgmt(GSupplicantNetwork *network)
> +{
> + if (network == NULL)
> + return 0;
> +
> + return network->keymgmt;
> +}
> +
> static void merge_network(GSupplicantNetwork *network)
> {
> GString *str;
> @@ -1457,7 +1467,8 @@ static void merge_network(GSupplicantNetwork *network)
> else if (g_strcmp0(mode, "1") == 0)
> g_string_append_printf(str, "_adhoc");
>
> - if (g_strcmp0(key_mgmt, "WPA-PSK") == 0)
> + if ((g_strcmp0(key_mgmt, "WPA-PSK") == 0) ||
> + (g_strcmp0(key_mgmt, "SAE") == 0))
> g_string_append_printf(str, "_psk");
>
> group = g_string_free(str, FALSE);
> @@ -1650,6 +1661,7 @@ static int add_or_replace_bss_to_network(struct g_supplicant_bss *bss)
> network->name = create_name(bss->ssid, bss->ssid_len);
> network->mode = bss->mode;
> network->security = bss->security;
> + network->keymgmt = bss->keymgmt;
> network->ssid_len = bss->ssid_len;
> memcpy(network->ssid, bss->ssid, bss->ssid_len);
> network->signal = bss->signal;
> @@ -1931,7 +1943,8 @@ static void bss_compute_security(struct g_supplicant_bss *bss)
> if (bss->keymgmt &
> (G_SUPPLICANT_KEYMGMT_WPA_PSK |
> G_SUPPLICANT_KEYMGMT_WPA_FT_PSK |
> - G_SUPPLICANT_KEYMGMT_WPA_PSK_256))
> + G_SUPPLICANT_KEYMGMT_WPA_PSK_256 |
> + G_SUPPLICANT_KEYMGMT_SAE))
> bss->psk = TRUE;
>
> if (bss->ieee8021x)
> @@ -4890,6 +4903,15 @@ static void add_network_security_proto(DBusMessageIter *dict,
> g_free(proto);
> }
>
> +static void add_network_ieee80211w(DBusMessageIter *dict, GSupplicantSSID *ssid)
> +{
> + if (!(ssid->keymgmt & G_SUPPLICANT_KEYMGMT_SAE))
> + return;
> +
> + supplicant_dbus_dict_append_basic(dict, "ieee80211w", DBUS_TYPE_UINT32,
> + &ssid->ieee80211w);
> +}
> +
> static void add_network_security(DBusMessageIter *dict, GSupplicantSSID *ssid)
> {
> char *key_mgmt;
> @@ -4907,7 +4929,10 @@ static void add_network_security(DBusMessageIter *dict, GSupplicantSSID *ssid)
> add_network_security_ciphers(dict, ssid);
> break;
> case G_SUPPLICANT_SECURITY_PSK:
> - key_mgmt = "WPA-PSK";
> + if (ssid->keymgmt & G_SUPPLICANT_KEYMGMT_SAE)
> + key_mgmt = "SAE";
> + else
> + key_mgmt = "WPA-PSK";
> add_network_security_psk(dict, ssid);
> add_network_security_ciphers(dict, ssid);
> add_network_security_proto(dict, ssid);
> @@ -4969,6 +4994,8 @@ static void interface_add_network_params(DBusMessageIter *iter, void *user_data)
>
> add_network_security(&dict, ssid);
>
> + add_network_ieee80211w(&dict, ssid);
> +
> supplicant_dbus_dict_append_fixed_array(&dict, "ssid",
> DBUS_TYPE_BYTE, &ssid->ssid,
> ssid->ssid_len);
> diff --git a/plugins/wifi.c b/plugins/wifi.c
> index 6233fe11..f990d40c 100644
> --- a/plugins/wifi.c
> +++ b/plugins/wifi.c
> @@ -167,6 +167,10 @@ struct wifi_data {
> int assoc_code;
> };
>
> +struct wifi_network {
> + unsigned int keymgmt;
> +};
> +
> struct disconnect_data {
> struct wifi_data *wifi;
> struct connman_network *network;
> @@ -809,6 +813,7 @@ static void remove_networks(struct connman_device *device,
> for (list = wifi->networks; list; list = list->next) {
> struct connman_network *network = list->data;
>
> + g_free(connman_network_get_data(network));
> connman_device_remove_network(device, network);
> connman_network_unref(network);
> }
> @@ -2148,6 +2153,7 @@ static GSupplicantSecurity network_security(const char *security)
>
> static void ssid_init(GSupplicantSSID *ssid, struct connman_network *network)
> {
> + struct wifi_network *network_data = connman_network_get_data(network);
> const char *security;
>
> memset(ssid, 0, sizeof(*ssid));
> @@ -2157,6 +2163,8 @@ static void ssid_init(GSupplicantSSID *ssid, struct connman_network *network)
> ssid->scan_ssid = 1;
> security = connman_network_get_string(network, "WiFi.Security");
> ssid->security = network_security(security);
> + ssid->keymgmt = network_data->keymgmt;
> + ssid->ieee80211w = G_SUPPLICANT_MFP_OPTIONAL;
> ssid->passphrase = connman_network_get_string(network,
> "WiFi.Passphrase");
>
> @@ -2801,6 +2809,7 @@ static void network_added(GSupplicantNetwork *supplicant_network)
> struct connman_network *network;
> GSupplicantInterface *interface;
> struct wifi_data *wifi;
> + struct wifi_network *network_data;
> const char *name, *identifier, *security, *group, *mode;
> const unsigned char *ssid;
> unsigned int ssid_len;
> @@ -2849,8 +2858,19 @@ static void network_added(GSupplicantNetwork *supplicant_network)
> }
>
> wifi->networks = g_slist_prepend(wifi->networks, network);
> +
> + network_data = g_try_new0(struct wifi_network, 1);
> + if (!network_data) {
> + connman_error("Out of memory creating wifi network");
> + return;
> + }
> + connman_network_set_data(network, network_data);
> }
>
> + network_data = connman_network_get_data(network);
> + network_data->keymgmt =
> + g_supplicant_network_get_keymgmt(supplicant_network);
> +
> if (name && name[0] != '\0')
> connman_network_set_name(network, name);
>
> @@ -2918,6 +2938,7 @@ static void network_removed(GSupplicantNetwork *network)
>
> wifi->networks = g_slist_remove(wifi->networks, connman_network);
>
> + g_free(connman_network_get_data(connman_network));
> connman_device_remove_network(wifi->device, connman_network);
> connman_network_unref(connman_network);
> }
>
^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: [RFC connman v2 1/1] WIP: Add wpa_supplicant WPA3-SAE support
2021-05-27 21:41 ` [RFC connman v2 1/1] WIP: " Ariel D'Alessandro
@ 2021-06-14 7:00 ` Daniel Wagner
2021-06-14 7:00 ` Daniel Wagner
2021-07-30 18:28 ` Ariel D'Alessandro
2 siblings, 0 replies; 11+ messages in thread
From: Daniel Wagner @ 2021-06-14 7:00 UTC (permalink / raw)
To: Ariel D'Alessandro
Cc: connman, iwd, Sven.Dembianny, andrew.shadura, niraj.g,
n.chaprana, marcel
Hi Ariel,
On Thu, May 27, 2021 at 06:41:34PM -0300, Ariel D'Alessandro wrote:
> Implement WPA3-SAE authentication on connman side using wpa_supplicant
> backend.
>
> Initially based on Tizen project:
>
> https://review.tizen.org/git/?p=platform/upstream/connman.git
>
> Signed-off-by: Ariel D'Alessandro <ariel.dalessandro@collabora.com>
We don't do the SOB, so I just dropped.
I applied the patch, there were small style issues which I fixed it
directly.
Probably we should update the documentation which wpa_supplicant version
is needed to support WPA3.
Thanks,
Daniel
^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: [RFC connman v2 1/1] WIP: Add wpa_supplicant WPA3-SAE support
@ 2021-06-14 7:00 ` Daniel Wagner
0 siblings, 0 replies; 11+ messages in thread
From: Daniel Wagner @ 2021-06-14 7:00 UTC (permalink / raw)
To: iwd
[-- Attachment #1: Type: text/plain, Size: 601 bytes --]
Hi Ariel,
On Thu, May 27, 2021 at 06:41:34PM -0300, Ariel D'Alessandro wrote:
> Implement WPA3-SAE authentication on connman side using wpa_supplicant
> backend.
>
> Initially based on Tizen project:
>
> https://review.tizen.org/git/?p=platform/upstream/connman.git
>
> Signed-off-by: Ariel D'Alessandro <ariel.dalessandro@collabora.com>
We don't do the SOB, so I just dropped.
I applied the patch, there were small style issues which I fixed it
directly.
Probably we should update the documentation which wpa_supplicant version
is needed to support WPA3.
Thanks,
Daniel
^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: [RFC connman v2 1/1] WIP: Add wpa_supplicant WPA3-SAE support
2021-06-14 7:00 ` Daniel Wagner
@ 2021-06-14 11:50 ` Ariel D'Alessandro
-1 siblings, 0 replies; 11+ messages in thread
From: Ariel D'Alessandro @ 2021-06-14 11:50 UTC (permalink / raw)
To: Daniel Wagner
Cc: connman, iwd, Sven.Dembianny, andrew.shadura, niraj.g,
n.chaprana, marcel
Hi Daniel,
On 6/14/21 4:00 AM, Daniel Wagner wrote:
> Hi Ariel,
>
> On Thu, May 27, 2021 at 06:41:34PM -0300, Ariel D'Alessandro wrote:
>> Implement WPA3-SAE authentication on connman side using wpa_supplicant
>> backend.
>>
>> Initially based on Tizen project:
>>
>> https://review.tizen.org/git/?p=platform/upstream/connman.git
>>
>> Signed-off-by: Ariel D'Alessandro <ariel.dalessandro@collabora.com>
>
> We don't do the SOB, so I just dropped.
Ok.
>
> I applied the patch, there were small style issues which I fixed it
> directly.
Great! Thanks a lot for your help.
>
> Probably we should update the documentation which wpa_supplicant version
> is needed to support WPA3.
Which doc files should be updated? I can take a look at that and put
some notes together.
Regards,
Ariel
^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: [RFC connman v2 1/1] WIP: Add wpa_supplicant WPA3-SAE support
@ 2021-06-14 11:50 ` Ariel D'Alessandro
0 siblings, 0 replies; 11+ messages in thread
From: Ariel D'Alessandro @ 2021-06-14 11:50 UTC (permalink / raw)
To: iwd
[-- Attachment #1: Type: text/plain, Size: 827 bytes --]
Hi Daniel,
On 6/14/21 4:00 AM, Daniel Wagner wrote:
> Hi Ariel,
>
> On Thu, May 27, 2021 at 06:41:34PM -0300, Ariel D'Alessandro wrote:
>> Implement WPA3-SAE authentication on connman side using wpa_supplicant
>> backend.
>>
>> Initially based on Tizen project:
>>
>> https://review.tizen.org/git/?p=platform/upstream/connman.git
>>
>> Signed-off-by: Ariel D'Alessandro <ariel.dalessandro@collabora.com>
>
> We don't do the SOB, so I just dropped.
Ok.
>
> I applied the patch, there were small style issues which I fixed it
> directly.
Great! Thanks a lot for your help.
>
> Probably we should update the documentation which wpa_supplicant version
> is needed to support WPA3.
Which doc files should be updated? I can take a look at that and put
some notes together.
Regards,
Ariel
^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: [RFC connman v2 1/1] WIP: Add wpa_supplicant WPA3-SAE support
2021-06-14 11:50 ` Ariel D'Alessandro
@ 2021-06-14 11:57 ` Daniel Wagner
-1 siblings, 0 replies; 11+ messages in thread
From: Daniel Wagner @ 2021-06-14 11:57 UTC (permalink / raw)
To: Ariel D'Alessandro
Cc: connman, iwd, Sven.Dembianny, andrew.shadura, niraj.g,
n.chaprana, marcel
Hi Ariel,
On Mon, Jun 14, 2021 at 08:50:10AM -0300, Ariel D'Alessandro wrote:
> > I applied the patch, there were small style issues which I fixed it
> > directly.
>
> Great! Thanks a lot for your help.
Thanks for your contribution. Really appreciated.
> > Probably we should update the documentation which wpa_supplicant version
> > is needed to support WPA3.
>
> Which doc files should be updated? I can take a look at that and put
> some notes together.
There was some recommendation on the wpa_supplicant version in the
README. I wonder if this is still valid.
Thanks,
Daniel
^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: [RFC connman v2 1/1] WIP: Add wpa_supplicant WPA3-SAE support
@ 2021-06-14 11:57 ` Daniel Wagner
0 siblings, 0 replies; 11+ messages in thread
From: Daniel Wagner @ 2021-06-14 11:57 UTC (permalink / raw)
To: iwd
[-- Attachment #1: Type: text/plain, Size: 606 bytes --]
Hi Ariel,
On Mon, Jun 14, 2021 at 08:50:10AM -0300, Ariel D'Alessandro wrote:
> > I applied the patch, there were small style issues which I fixed it
> > directly.
>
> Great! Thanks a lot for your help.
Thanks for your contribution. Really appreciated.
> > Probably we should update the documentation which wpa_supplicant version
> > is needed to support WPA3.
>
> Which doc files should be updated? I can take a look at that and put
> some notes together.
There was some recommendation on the wpa_supplicant version in the
README. I wonder if this is still valid.
Thanks,
Daniel
^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: [RFC connman v2 1/1] WIP: Add wpa_supplicant WPA3-SAE support
2021-05-27 21:41 ` [RFC connman v2 1/1] WIP: " Ariel D'Alessandro
2021-06-02 17:05 ` Ariel D'Alessandro
2021-06-14 7:00 ` Daniel Wagner
@ 2021-07-30 18:28 ` Ariel D'Alessandro
2021-08-02 6:55 ` Daniel Wagner
2 siblings, 1 reply; 11+ messages in thread
From: Ariel D'Alessandro @ 2021-07-30 18:28 UTC (permalink / raw)
To: iwd
[-- Attachment #1: Type: text/plain, Size: 1860 bytes --]
Hi all,
This patch has been merged already. However, I'd like to have your
comments, see below.
On 5/27/21 6:41 PM, Ariel D'Alessandro wrote:
> Implement WPA3-SAE authentication on connman side using wpa_supplicant
> backend.
>
> Initially based on Tizen project:
>
> https://review.tizen.org/git/?p=platform/upstream/connman.git
>
> Signed-off-by: Ariel D'Alessandro <ariel.dalessandro@collabora.com>
> ---
> gsupplicant/gsupplicant.h | 10 ++++++++++
> gsupplicant/supplicant.c | 33 ++++++++++++++++++++++++++++++---
> plugins/wifi.c | 21 +++++++++++++++++++++
> 3 files changed, 61 insertions(+), 3 deletions(-)
[snip]
> diff --git a/plugins/wifi.c b/plugins/wifi.c
> index 6233fe11..f990d40c 100644
> --- a/plugins/wifi.c
> +++ b/plugins/wifi.c[snip]> @@ -2148,6 +2153,7 @@ static GSupplicantSecurity
network_security(const char *security)
>
> static void ssid_init(GSupplicantSSID *ssid, struct connman_network *network)
> {
> + struct wifi_network *network_data = connman_network_get_data(network);
> const char *security;
>
> memset(ssid, 0, sizeof(*ssid));
> @@ -2157,6 +2163,8 @@ static void ssid_init(GSupplicantSSID *ssid, struct connman_network *network)
> ssid->scan_ssid = 1;
> security = connman_network_get_string(network, "WiFi.Security");
> ssid->security = network_security(security);
> + ssid->keymgmt = network_data->keymgmt;
> + ssid->ieee80211w = G_SUPPLICANT_MFP_OPTIONAL;
Should this be G_SUPPLICANT_MFP_REQUIRED?
According to wpa_supplicant docs [0] section "# ieee80211w:": it is
stated "WPA3-Personal-only mode: ieee80211w=2 and key_mgmt=SAE". This
means that the parameter ieee80211w has to be set to 2 (required) if SAE
is used.
Should this be fixed?
[0] https://w1.fi/cgit/hostap/plain/wpa_supplicant/wpa_supplicant.conf
Regards,
Ariel
^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: [RFC connman v2 1/1] WIP: Add wpa_supplicant WPA3-SAE support
2021-07-30 18:28 ` Ariel D'Alessandro
@ 2021-08-02 6:55 ` Daniel Wagner
0 siblings, 0 replies; 11+ messages in thread
From: Daniel Wagner @ 2021-08-02 6:55 UTC (permalink / raw)
To: iwd
[-- Attachment #1: Type: text/plain, Size: 1108 bytes --]
Hi Ariel,
On Fri, Jul 30, 2021 at 03:28:57PM -0300, Ariel D'Alessandro wrote:
> > static void ssid_init(GSupplicantSSID *ssid, struct connman_network *network)
> > {
> > + struct wifi_network *network_data = connman_network_get_data(network);
> > const char *security;
> >
> > memset(ssid, 0, sizeof(*ssid));
> > @@ -2157,6 +2163,8 @@ static void ssid_init(GSupplicantSSID *ssid, struct connman_network *network)
> > ssid->scan_ssid = 1;
> > security = connman_network_get_string(network, "WiFi.Security");
> > ssid->security = network_security(security);
> > + ssid->keymgmt = network_data->keymgmt;
> > + ssid->ieee80211w = G_SUPPLICANT_MFP_OPTIONAL;
>
> Should this be G_SUPPLICANT_MFP_REQUIRED?
>
> According to wpa_supplicant docs [0] section "# ieee80211w:": it is
> stated "WPA3-Personal-only mode: ieee80211w=2 and key_mgmt=SAE". This
> means that the parameter ieee80211w has to be set to 2 (required) if SAE
> is used.
>
> Should this be fixed?
Yes, I agree. According the docs this should be set to required. Are you
sending a patch?
Thanks,
Daniel
^ permalink raw reply [flat|nested] 11+ messages in thread
end of thread, other threads:[~2021-08-02 6:55 UTC | newest]
Thread overview: 11+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-05-27 21:41 [RFC connman v2 0/1] Add wpa_supplicant WPA3-SAE support Ariel D'Alessandro
2021-05-27 21:41 ` [RFC connman v2 1/1] WIP: " Ariel D'Alessandro
2021-06-02 17:05 ` Ariel D'Alessandro
2021-06-14 7:00 ` Daniel Wagner
2021-06-14 7:00 ` Daniel Wagner
2021-06-14 11:50 ` Ariel D'Alessandro
2021-06-14 11:50 ` Ariel D'Alessandro
2021-06-14 11:57 ` Daniel Wagner
2021-06-14 11:57 ` Daniel Wagner
2021-07-30 18:28 ` Ariel D'Alessandro
2021-08-02 6:55 ` Daniel Wagner
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.