* [connman v1] wifi: Set ieee80211w as required for WPA3-Personal-only mode
@ 2021-08-02 15:10 Ariel D'Alessandro
2021-08-03 7:41 ` Daniel Wagner
0 siblings, 1 reply; 7+ messages in thread
From: Ariel D'Alessandro @ 2021-08-02 15:10 UTC (permalink / raw)
To: iwd
[-- Attachment #1: Type: text/plain, Size: 1133 bytes --]
From wpa_supplicant docs [0] section "ieee80211w":
"WPA3-Personal-only mode: ieee80211w=2 and key_mgmt=SAE".
This means that the parameter ieee80211w has to be set to 2 (required)
if SAE is used. Fix it.
[0] https://w1.fi/cgit/hostap/plain/wpa_supplicant/wpa_supplicant.conf
---
plugins/wifi.c | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/plugins/wifi.c b/plugins/wifi.c
index 578b4be7..02603e85 100644
--- a/plugins/wifi.c
+++ b/plugins/wifi.c
@@ -2174,7 +2174,12 @@ static void ssid_init(GSupplicantSSID *ssid, struct connman_network *network)
security = connman_network_get_string(network, "WiFi.Security");
ssid->security = network_security(security);
ssid->keymgmt = network_data->keymgmt;
- ssid->ieee80211w = G_SUPPLICANT_MFP_OPTIONAL;
+ /*
+ * From wpa_supplicant docs:
+ * "WPA3-Personal-only mode: ieee80211w=2 and key_mgmt=SAE".
+ * Set ieee80211w as required, which is sent if SAE key is used.
+ */
+ ssid->ieee80211w = G_SUPPLICANT_MFP_REQUIRED;
ssid->passphrase = connman_network_get_string(network,
"WiFi.Passphrase");
--
2.30.2
^ permalink raw reply related [flat|nested] 7+ messages in thread
* Re: [connman v1] wifi: Set ieee80211w as required for WPA3-Personal-only mode
2021-08-02 15:10 [connman v1] wifi: Set ieee80211w as required for WPA3-Personal-only mode Ariel D'Alessandro
@ 2021-08-03 7:41 ` Daniel Wagner
0 siblings, 0 replies; 7+ messages in thread
From: Daniel Wagner @ 2021-08-03 7:41 UTC (permalink / raw)
To: Ariel D'Alessandro; +Cc: connman, iwd, Sven.Dembianny, marcel
Hi Ariel,
Thanks for tracking this! Just a stupid question:
On Mon, Aug 02, 2021 at 12:10:06PM -0300, Ariel D'Alessandro wrote:
> From wpa_supplicant docs [0] section "ieee80211w":
>
> "WPA3-Personal-only mode: ieee80211w=2 and key_mgmt=SAE".
>
> This means that the parameter ieee80211w has to be set to 2 (required)
> if SAE is used. Fix it.
>
> [0] https://w1.fi/cgit/hostap/plain/wpa_supplicant/wpa_supplicant.conf
> ---
> plugins/wifi.c | 7 ++++++-
> 1 file changed, 6 insertions(+), 1 deletion(-)
>
> diff --git a/plugins/wifi.c b/plugins/wifi.c
> index 578b4be7..02603e85 100644
> --- a/plugins/wifi.c
> +++ b/plugins/wifi.c
> @@ -2174,7 +2174,12 @@ static void ssid_init(GSupplicantSSID *ssid, struct connman_network *network)
> security = connman_network_get_string(network, "WiFi.Security");
> ssid->security = network_security(security);
> ssid->keymgmt = network_data->keymgmt;
> - ssid->ieee80211w = G_SUPPLICANT_MFP_OPTIONAL;
> + /*
> + * From wpa_supplicant docs:
> + * "WPA3-Personal-only mode: ieee80211w=2 and key_mgmt=SAE".
> + * Set ieee80211w as required, which is sent if SAE key is used.
> + */
> + ssid->ieee80211w = G_SUPPLICANT_MFP_REQUIRED;
Should we check the keymgmt is SAE and only then set the ieee80211w
value?
Thanks,
Daniel
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [connman v1] wifi: Set ieee80211w as required for WPA3-Personal-only mode
@ 2021-08-03 7:41 ` Daniel Wagner
0 siblings, 0 replies; 7+ messages in thread
From: Daniel Wagner @ 2021-08-03 7:41 UTC (permalink / raw)
To: iwd
[-- Attachment #1: Type: text/plain, Size: 1316 bytes --]
Hi Ariel,
Thanks for tracking this! Just a stupid question:
On Mon, Aug 02, 2021 at 12:10:06PM -0300, Ariel D'Alessandro wrote:
> From wpa_supplicant docs [0] section "ieee80211w":
>
> "WPA3-Personal-only mode: ieee80211w=2 and key_mgmt=SAE".
>
> This means that the parameter ieee80211w has to be set to 2 (required)
> if SAE is used. Fix it.
>
> [0] https://w1.fi/cgit/hostap/plain/wpa_supplicant/wpa_supplicant.conf
> ---
> plugins/wifi.c | 7 ++++++-
> 1 file changed, 6 insertions(+), 1 deletion(-)
>
> diff --git a/plugins/wifi.c b/plugins/wifi.c
> index 578b4be7..02603e85 100644
> --- a/plugins/wifi.c
> +++ b/plugins/wifi.c
> @@ -2174,7 +2174,12 @@ static void ssid_init(GSupplicantSSID *ssid, struct connman_network *network)
> security = connman_network_get_string(network, "WiFi.Security");
> ssid->security = network_security(security);
> ssid->keymgmt = network_data->keymgmt;
> - ssid->ieee80211w = G_SUPPLICANT_MFP_OPTIONAL;
> + /*
> + * From wpa_supplicant docs:
> + * "WPA3-Personal-only mode: ieee80211w=2 and key_mgmt=SAE".
> + * Set ieee80211w as required, which is sent if SAE key is used.
> + */
> + ssid->ieee80211w = G_SUPPLICANT_MFP_REQUIRED;
Should we check the keymgmt is SAE and only then set the ieee80211w
value?
Thanks,
Daniel
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [connman v1] wifi: Set ieee80211w as required for WPA3-Personal-only mode
2021-08-03 7:41 ` Daniel Wagner
@ 2021-08-04 21:17 ` Ariel D'Alessandro
-1 siblings, 0 replies; 7+ messages in thread
From: Ariel D'Alessandro @ 2021-08-04 21:17 UTC (permalink / raw)
To: Daniel Wagner; +Cc: connman, iwd, Sven.Dembianny
Hi Daniel,
On 8/3/21 4:41 AM, Daniel Wagner wrote:
> Hi Ariel,
>
> Thanks for tracking this! Just a stupid question:
Thanks for the quick feedback :-) see below.
>
> On Mon, Aug 02, 2021 at 12:10:06PM -0300, Ariel D'Alessandro wrote:
>> From wpa_supplicant docs [0] section "ieee80211w":
>>
>> "WPA3-Personal-only mode: ieee80211w=2 and key_mgmt=SAE".
>>
>> This means that the parameter ieee80211w has to be set to 2 (required)
>> if SAE is used. Fix it.
>>
>> [0] https://w1.fi/cgit/hostap/plain/wpa_supplicant/wpa_supplicant.conf
>> ---
>> plugins/wifi.c | 7 ++++++-
>> 1 file changed, 6 insertions(+), 1 deletion(-)
>>
>> diff --git a/plugins/wifi.c b/plugins/wifi.c
>> index 578b4be7..02603e85 100644
>> --- a/plugins/wifi.c
>> +++ b/plugins/wifi.c
>> @@ -2174,7 +2174,12 @@ static void ssid_init(GSupplicantSSID *ssid, struct connman_network *network)
>> security = connman_network_get_string(network, "WiFi.Security");
>> ssid->security = network_security(security);
>> ssid->keymgmt = network_data->keymgmt;
>> - ssid->ieee80211w = G_SUPPLICANT_MFP_OPTIONAL;
>> + /*
>> + * From wpa_supplicant docs:
>> + * "WPA3-Personal-only mode: ieee80211w=2 and key_mgmt=SAE".
>> + * Set ieee80211w as required, which is sent if SAE key is used.
>> + */
>> + ssid->ieee80211w = G_SUPPLICANT_MFP_REQUIRED;
>
> Should we check the keymgmt is SAE and only then set the ieee80211w
> value?
Thanks for asking that, two answers:
* `ssid->ieee80211w` only gets sent if key management is SAE, so that'd
be redundant. See this code block [0]. So, there's no real need to check
the keymgmt is SAE here, and `required` could be the default value.
* On the other hand, my concern now is about supporting SAE transition
mode. Let's *drop* this patchset and I'll send an RFC patch implementing
WPA3-Personal transition mode.
Thanks!
Ariel
[0]
https://git.kernel.org/pub/scm/network/connman/connman.git/tree/gsupplicant/supplicant.c#n4908
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [connman v1] wifi: Set ieee80211w as required for WPA3-Personal-only mode
@ 2021-08-04 21:17 ` Ariel D'Alessandro
0 siblings, 0 replies; 7+ messages in thread
From: Ariel D'Alessandro @ 2021-08-04 21:17 UTC (permalink / raw)
To: iwd
[-- Attachment #1: Type: text/plain, Size: 2000 bytes --]
Hi Daniel,
On 8/3/21 4:41 AM, Daniel Wagner wrote:
> Hi Ariel,
>
> Thanks for tracking this! Just a stupid question:
Thanks for the quick feedback :-) see below.
>
> On Mon, Aug 02, 2021 at 12:10:06PM -0300, Ariel D'Alessandro wrote:
>> From wpa_supplicant docs [0] section "ieee80211w":
>>
>> "WPA3-Personal-only mode: ieee80211w=2 and key_mgmt=SAE".
>>
>> This means that the parameter ieee80211w has to be set to 2 (required)
>> if SAE is used. Fix it.
>>
>> [0] https://w1.fi/cgit/hostap/plain/wpa_supplicant/wpa_supplicant.conf
>> ---
>> plugins/wifi.c | 7 ++++++-
>> 1 file changed, 6 insertions(+), 1 deletion(-)
>>
>> diff --git a/plugins/wifi.c b/plugins/wifi.c
>> index 578b4be7..02603e85 100644
>> --- a/plugins/wifi.c
>> +++ b/plugins/wifi.c
>> @@ -2174,7 +2174,12 @@ static void ssid_init(GSupplicantSSID *ssid, struct connman_network *network)
>> security = connman_network_get_string(network, "WiFi.Security");
>> ssid->security = network_security(security);
>> ssid->keymgmt = network_data->keymgmt;
>> - ssid->ieee80211w = G_SUPPLICANT_MFP_OPTIONAL;
>> + /*
>> + * From wpa_supplicant docs:
>> + * "WPA3-Personal-only mode: ieee80211w=2 and key_mgmt=SAE".
>> + * Set ieee80211w as required, which is sent if SAE key is used.
>> + */
>> + ssid->ieee80211w = G_SUPPLICANT_MFP_REQUIRED;
>
> Should we check the keymgmt is SAE and only then set the ieee80211w
> value?
Thanks for asking that, two answers:
* `ssid->ieee80211w` only gets sent if key management is SAE, so that'd
be redundant. See this code block [0]. So, there's no real need to check
the keymgmt is SAE here, and `required` could be the default value.
* On the other hand, my concern now is about supporting SAE transition
mode. Let's *drop* this patchset and I'll send an RFC patch implementing
WPA3-Personal transition mode.
Thanks!
Ariel
[0]
https://git.kernel.org/pub/scm/network/connman/connman.git/tree/gsupplicant/supplicant.c#n4908
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [connman v1] wifi: Set ieee80211w as required for WPA3-Personal-only mode
2021-08-04 21:17 ` Ariel D'Alessandro
@ 2021-08-05 6:03 ` Daniel Wagner
-1 siblings, 0 replies; 7+ messages in thread
From: Daniel Wagner @ 2021-08-05 6:03 UTC (permalink / raw)
To: Ariel D'Alessandro; +Cc: connman, iwd, Sven.Dembianny
Hi Ariel,
On Wed, Aug 04, 2021 at 06:17:20PM -0300, Ariel D'Alessandro wrote:
> > Should we check the keymgmt is SAE and only then set the ieee80211w
> > value?
>
> Thanks for asking that, two answers:
>
> * `ssid->ieee80211w` only gets sent if key management is SAE, so that'd
> be redundant. See this code block [0]. So, there's no real need to check
> the keymgmt is SAE here, and `required` could be the default value.
Ah yes, that filters out the ieee80211w settings if it's not SAE. Didn't
see it :)
> * On the other hand, my concern now is about supporting SAE transition
> mode. Let's *drop* this patchset and I'll send an RFC patch implementing
> WPA3-Personal transition mode.
Okay :)
Daniel
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [connman v1] wifi: Set ieee80211w as required for WPA3-Personal-only mode
@ 2021-08-05 6:03 ` Daniel Wagner
0 siblings, 0 replies; 7+ messages in thread
From: Daniel Wagner @ 2021-08-05 6:03 UTC (permalink / raw)
To: iwd
[-- Attachment #1: Type: text/plain, Size: 729 bytes --]
Hi Ariel,
On Wed, Aug 04, 2021 at 06:17:20PM -0300, Ariel D'Alessandro wrote:
> > Should we check the keymgmt is SAE and only then set the ieee80211w
> > value?
>
> Thanks for asking that, two answers:
>
> * `ssid->ieee80211w` only gets sent if key management is SAE, so that'd
> be redundant. See this code block [0]. So, there's no real need to check
> the keymgmt is SAE here, and `required` could be the default value.
Ah yes, that filters out the ieee80211w settings if it's not SAE. Didn't
see it :)
> * On the other hand, my concern now is about supporting SAE transition
> mode. Let's *drop* this patchset and I'll send an RFC patch implementing
> WPA3-Personal transition mode.
Okay :)
Daniel
^ permalink raw reply [flat|nested] 7+ messages in thread
end of thread, other threads:[~2021-08-05 6:03 UTC | newest]
Thread overview: 7+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-08-02 15:10 [connman v1] wifi: Set ieee80211w as required for WPA3-Personal-only mode Ariel D'Alessandro
2021-08-03 7:41 ` Daniel Wagner
2021-08-03 7:41 ` Daniel Wagner
2021-08-04 21:17 ` Ariel D'Alessandro
2021-08-04 21:17 ` Ariel D'Alessandro
2021-08-05 6:03 ` Daniel Wagner
2021-08-05 6:03 ` Daniel Wagner
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.