[RFC connman v2 0/1] Add wpa_supplicant WPA3-SAE support

[RFC connman v2 0/1] Add wpa_supplicant WPA3-SAE support

[Ariel D'Alessandro]

[-- Attachment #1: Type: text/plain, Size: 928 bytes --]

Hi all,

Here's another attemp on adding WPA3-SAE support to connman
(wpa_supplicant backend).

I'd like comments on the following mainly:

Based on plugin/iwd.c, a private data struct is added to each network
in plugin/wifi.c so it can keep track of keymgmt capabilities, needed to
use WPA3-SAE if it's available. See RFC v1 thread for more details.

Note that this is an RFC patchset. Feel free to give any kind of
feedback, always appreciated :-)

Changes from v1:
* Dropped changes to service API.
* Unified WPA3-SAE under WPA-PSK.
* Added private data struct to network in plugin/wifi.c

Regards,

Ariel D'Alessandro (1):
  WIP: Add wpa_supplicant WPA3-SAE support

 gsupplicant/gsupplicant.h | 10 ++++++++++
 gsupplicant/supplicant.c  | 33 ++++++++++++++++++++++++++++++---
 plugins/wifi.c            | 21 +++++++++++++++++++++
 3 files changed, 61 insertions(+), 3 deletions(-)

-- 
2.30.2

[RFC connman v2 1/1] WIP: Add wpa_supplicant WPA3-SAE support

[Ariel D'Alessandro]

[-- Attachment #1: Type: text/plain, Size: 8004 bytes --]

Implement WPA3-SAE authentication on connman side using wpa_supplicant
backend.

Initially based on Tizen project:

  https://review.tizen.org/git/?p=platform/upstream/connman.git

Signed-off-by: Ariel D'Alessandro <ariel.dalessandro@collabora.com>
---
 gsupplicant/gsupplicant.h | 10 ++++++++++
 gsupplicant/supplicant.c  | 33 ++++++++++++++++++++++++++++++---
 plugins/wifi.c            | 21 +++++++++++++++++++++
 3 files changed, 61 insertions(+), 3 deletions(-)

diff --git a/gsupplicant/gsupplicant.h b/gsupplicant/gsupplicant.h
index 7935c3a6..eab6293f 100644
--- a/gsupplicant/gsupplicant.h
+++ b/gsupplicant/gsupplicant.h
@@ -61,6 +61,7 @@ extern "C" {
 #define G_SUPPLICANT_KEYMGMT_WPA_EAP	(1 << 7)
 #define G_SUPPLICANT_KEYMGMT_WPA_EAP_256	(1 << 8)
 #define G_SUPPLICANT_KEYMGMT_WPS		(1 << 9)
+#define G_SUPPLICANT_KEYMGMT_SAE		(1 << 10)
 
 #define G_SUPPLICANT_PROTO_WPA		(1 << 0)
 #define G_SUPPLICANT_PROTO_RSN		(1 << 1)
@@ -129,6 +130,12 @@ typedef enum {
 	G_SUPPLICANT_PEER_GROUP_FAILED,
 } GSupplicantPeerState;
 
+typedef enum {
+	G_SUPPLICANT_MFP_NONE,
+	G_SUPPLICANT_MFP_OPTIONAL,
+	G_SUPPLICANT_MFP_REQUIRED,
+} GSupplicantMfpOptions;
+
 struct _GSupplicantSSID {
 	const void *ssid;
 	unsigned int ssid_len;
@@ -155,6 +162,8 @@ struct _GSupplicantSSID {
 	dbus_bool_t use_wps;
 	const char *pin_wps;
 	const char *bgscan;
+	unsigned int keymgmt;
+	GSupplicantMfpOptions ieee80211w;
 };
 
 typedef struct _GSupplicantSSID GSupplicantSSID;
@@ -339,6 +348,7 @@ bool g_supplicant_peer_is_in_a_group(GSupplicantPeer *peer);
 GSupplicantInterface *g_supplicant_peer_get_group_interface(GSupplicantPeer *peer);
 bool g_supplicant_peer_is_client(GSupplicantPeer *peer);
 bool g_supplicant_peer_has_requested_connection(GSupplicantPeer *peer);
+unsigned int g_supplicant_network_get_keymgmt(GSupplicantNetwork *network);
 
 struct _GSupplicantCallbacks {
 	void (*system_ready) (void);
diff --git a/gsupplicant/supplicant.c b/gsupplicant/supplicant.c
index f56b595f..be05575c 100644
--- a/gsupplicant/supplicant.c
+++ b/gsupplicant/supplicant.c
@@ -92,6 +92,7 @@ static struct strvalmap keymgmt_map[] = {
 	{ "wpa-eap",		G_SUPPLICANT_KEYMGMT_WPA_EAP	},
 	{ "wpa-eap-sha256",	G_SUPPLICANT_KEYMGMT_WPA_EAP_256	},
 	{ "wps",		G_SUPPLICANT_KEYMGMT_WPS		},
+	{ "sae",		G_SUPPLICANT_KEYMGMT_SAE		},
 	{ }
 };
 
@@ -234,6 +235,7 @@ struct _GSupplicantNetwork {
 	unsigned int wps_capabilities;
 	GHashTable *bss_table;
 	GHashTable *config_table;
+	unsigned int keymgmt;
 };
 
 struct _GSupplicantPeer {
@@ -1427,6 +1429,14 @@ bool g_supplicant_peer_has_requested_connection(GSupplicantPeer *peer)
 	return peer->connection_requested;
 }
 
+unsigned int g_supplicant_network_get_keymgmt(GSupplicantNetwork *network)
+{
+	if (network == NULL)
+		return 0;
+
+	return network->keymgmt;
+}
+
 static void merge_network(GSupplicantNetwork *network)
 {
 	GString *str;
@@ -1457,7 +1467,8 @@ static void merge_network(GSupplicantNetwork *network)
 	else if (g_strcmp0(mode, "1") == 0)
 		g_string_append_printf(str, "_adhoc");
 
-	if (g_strcmp0(key_mgmt, "WPA-PSK") == 0)
+	if ((g_strcmp0(key_mgmt, "WPA-PSK") == 0) ||
+	    (g_strcmp0(key_mgmt, "SAE") == 0))
 		g_string_append_printf(str, "_psk");
 
 	group = g_string_free(str, FALSE);
@@ -1650,6 +1661,7 @@ static int add_or_replace_bss_to_network(struct g_supplicant_bss *bss)
 	network->name = create_name(bss->ssid, bss->ssid_len);
 	network->mode = bss->mode;
 	network->security = bss->security;
+	network->keymgmt = bss->keymgmt;
 	network->ssid_len = bss->ssid_len;
 	memcpy(network->ssid, bss->ssid, bss->ssid_len);
 	network->signal = bss->signal;
@@ -1931,7 +1943,8 @@ static void bss_compute_security(struct g_supplicant_bss *bss)
 	if (bss->keymgmt &
 			(G_SUPPLICANT_KEYMGMT_WPA_PSK |
 				G_SUPPLICANT_KEYMGMT_WPA_FT_PSK |
-				G_SUPPLICANT_KEYMGMT_WPA_PSK_256))
+				G_SUPPLICANT_KEYMGMT_WPA_PSK_256 |
+				G_SUPPLICANT_KEYMGMT_SAE))
 		bss->psk = TRUE;
 
 	if (bss->ieee8021x)
@@ -4890,6 +4903,15 @@ static void add_network_security_proto(DBusMessageIter *dict,
 	g_free(proto);
 }
 
+static void add_network_ieee80211w(DBusMessageIter *dict, GSupplicantSSID *ssid)
+{
+	if (!(ssid->keymgmt & G_SUPPLICANT_KEYMGMT_SAE))
+		return;
+
+	supplicant_dbus_dict_append_basic(dict, "ieee80211w", DBUS_TYPE_UINT32,
+					  &ssid->ieee80211w);
+}
+
 static void add_network_security(DBusMessageIter *dict, GSupplicantSSID *ssid)
 {
 	char *key_mgmt;
@@ -4907,7 +4929,10 @@ static void add_network_security(DBusMessageIter *dict, GSupplicantSSID *ssid)
 		add_network_security_ciphers(dict, ssid);
 		break;
 	case G_SUPPLICANT_SECURITY_PSK:
-		key_mgmt = "WPA-PSK";
+		if (ssid->keymgmt & G_SUPPLICANT_KEYMGMT_SAE)
+			key_mgmt = "SAE";
+		else
+			key_mgmt = "WPA-PSK";
 		add_network_security_psk(dict, ssid);
 		add_network_security_ciphers(dict, ssid);
 		add_network_security_proto(dict, ssid);
@@ -4969,6 +4994,8 @@ static void interface_add_network_params(DBusMessageIter *iter, void *user_data)
 
 	add_network_security(&dict, ssid);
 
+	add_network_ieee80211w(&dict, ssid);
+
 	supplicant_dbus_dict_append_fixed_array(&dict, "ssid",
 					DBUS_TYPE_BYTE, &ssid->ssid,
 						ssid->ssid_len);
diff --git a/plugins/wifi.c b/plugins/wifi.c
index 6233fe11..f990d40c 100644
--- a/plugins/wifi.c
+++ b/plugins/wifi.c
@@ -167,6 +167,10 @@ struct wifi_data {
 	int assoc_code;
 };
 
+struct wifi_network {
+	unsigned int keymgmt;
+};
+
 struct disconnect_data {
 	struct wifi_data *wifi;
 	struct connman_network *network;
@@ -809,6 +813,7 @@ static void remove_networks(struct connman_device *device,
 	for (list = wifi->networks; list; list = list->next) {
 		struct connman_network *network = list->data;
 
+		g_free(connman_network_get_data(network));
 		connman_device_remove_network(device, network);
 		connman_network_unref(network);
 	}
@@ -2148,6 +2153,7 @@ static GSupplicantSecurity network_security(const char *security)
 
 static void ssid_init(GSupplicantSSID *ssid, struct connman_network *network)
 {
+	struct wifi_network *network_data = connman_network_get_data(network);
 	const char *security;
 
 	memset(ssid, 0, sizeof(*ssid));
@@ -2157,6 +2163,8 @@ static void ssid_init(GSupplicantSSID *ssid, struct connman_network *network)
 	ssid->scan_ssid = 1;
 	security = connman_network_get_string(network, "WiFi.Security");
 	ssid->security = network_security(security);
+	ssid->keymgmt = network_data->keymgmt;
+	ssid->ieee80211w = G_SUPPLICANT_MFP_OPTIONAL;
 	ssid->passphrase = connman_network_get_string(network,
 						"WiFi.Passphrase");
 
@@ -2801,6 +2809,7 @@ static void network_added(GSupplicantNetwork *supplicant_network)
 	struct connman_network *network;
 	GSupplicantInterface *interface;
 	struct wifi_data *wifi;
+	struct wifi_network *network_data;
 	const char *name, *identifier, *security, *group, *mode;
 	const unsigned char *ssid;
 	unsigned int ssid_len;
@@ -2849,8 +2858,19 @@ static void network_added(GSupplicantNetwork *supplicant_network)
 		}
 
 		wifi->networks = g_slist_prepend(wifi->networks, network);
+
+		network_data = g_try_new0(struct wifi_network, 1);
+		if (!network_data) {
+			connman_error("Out of memory creating wifi network");
+			return;
+		}
+		connman_network_set_data(network, network_data);
 	}
 
+	network_data = connman_network_get_data(network);
+	network_data->keymgmt =
+		g_supplicant_network_get_keymgmt(supplicant_network);
+
 	if (name && name[0] != '\0')
 		connman_network_set_name(network, name);
 
@@ -2918,6 +2938,7 @@ static void network_removed(GSupplicantNetwork *network)
 
 	wifi->networks = g_slist_remove(wifi->networks, connman_network);
 
+	g_free(connman_network_get_data(connman_network));
 	connman_device_remove_network(wifi->device, connman_network);
 	connman_network_unref(connman_network);
 }
-- 
2.30.2

Re: [RFC connman v2 1/1] WIP: Add wpa_supplicant WPA3-SAE support

[Ariel D'Alessandro]

[-- Attachment #1: Type: text/plain, Size: 8703 bytes --]

Hi Daniel,

Just a gentle a ping in case you have time to take a look at this
patchset v2 :-) let me know if this address the requirements we
discussed on patchset v1.

Thanks a lot!
Ariel

On 5/27/21 6:41 PM, Ariel D'Alessandro wrote:
> Implement WPA3-SAE authentication on connman side using wpa_supplicant
> backend.
> 
> Initially based on Tizen project:
> 
>   https://review.tizen.org/git/?p=platform/upstream/connman.git
> 
> Signed-off-by: Ariel D'Alessandro <ariel.dalessandro@collabora.com>
> ---
>  gsupplicant/gsupplicant.h | 10 ++++++++++
>  gsupplicant/supplicant.c  | 33 ++++++++++++++++++++++++++++++---
>  plugins/wifi.c            | 21 +++++++++++++++++++++
>  3 files changed, 61 insertions(+), 3 deletions(-)
> 
> diff --git a/gsupplicant/gsupplicant.h b/gsupplicant/gsupplicant.h
> index 7935c3a6..eab6293f 100644
> --- a/gsupplicant/gsupplicant.h
> +++ b/gsupplicant/gsupplicant.h
> @@ -61,6 +61,7 @@ extern "C" {
>  #define G_SUPPLICANT_KEYMGMT_WPA_EAP	(1 << 7)
>  #define G_SUPPLICANT_KEYMGMT_WPA_EAP_256	(1 << 8)
>  #define G_SUPPLICANT_KEYMGMT_WPS		(1 << 9)
> +#define G_SUPPLICANT_KEYMGMT_SAE		(1 << 10)
>  
>  #define G_SUPPLICANT_PROTO_WPA		(1 << 0)
>  #define G_SUPPLICANT_PROTO_RSN		(1 << 1)
> @@ -129,6 +130,12 @@ typedef enum {
>  	G_SUPPLICANT_PEER_GROUP_FAILED,
>  } GSupplicantPeerState;
>  
> +typedef enum {
> +	G_SUPPLICANT_MFP_NONE,
> +	G_SUPPLICANT_MFP_OPTIONAL,
> +	G_SUPPLICANT_MFP_REQUIRED,
> +} GSupplicantMfpOptions;
> +
>  struct _GSupplicantSSID {
>  	const void *ssid;
>  	unsigned int ssid_len;
> @@ -155,6 +162,8 @@ struct _GSupplicantSSID {
>  	dbus_bool_t use_wps;
>  	const char *pin_wps;
>  	const char *bgscan;
> +	unsigned int keymgmt;
> +	GSupplicantMfpOptions ieee80211w;
>  };
>  
>  typedef struct _GSupplicantSSID GSupplicantSSID;
> @@ -339,6 +348,7 @@ bool g_supplicant_peer_is_in_a_group(GSupplicantPeer *peer);
>  GSupplicantInterface *g_supplicant_peer_get_group_interface(GSupplicantPeer *peer);
>  bool g_supplicant_peer_is_client(GSupplicantPeer *peer);
>  bool g_supplicant_peer_has_requested_connection(GSupplicantPeer *peer);
> +unsigned int g_supplicant_network_get_keymgmt(GSupplicantNetwork *network);
>  
>  struct _GSupplicantCallbacks {
>  	void (*system_ready) (void);
> diff --git a/gsupplicant/supplicant.c b/gsupplicant/supplicant.c
> index f56b595f..be05575c 100644
> --- a/gsupplicant/supplicant.c
> +++ b/gsupplicant/supplicant.c
> @@ -92,6 +92,7 @@ static struct strvalmap keymgmt_map[] = {
>  	{ "wpa-eap",		G_SUPPLICANT_KEYMGMT_WPA_EAP	},
>  	{ "wpa-eap-sha256",	G_SUPPLICANT_KEYMGMT_WPA_EAP_256	},
>  	{ "wps",		G_SUPPLICANT_KEYMGMT_WPS		},
> +	{ "sae",		G_SUPPLICANT_KEYMGMT_SAE		},
>  	{ }
>  };
>  
> @@ -234,6 +235,7 @@ struct _GSupplicantNetwork {
>  	unsigned int wps_capabilities;
>  	GHashTable *bss_table;
>  	GHashTable *config_table;
> +	unsigned int keymgmt;
>  };
>  
>  struct _GSupplicantPeer {
> @@ -1427,6 +1429,14 @@ bool g_supplicant_peer_has_requested_connection(GSupplicantPeer *peer)
>  	return peer->connection_requested;
>  }
>  
> +unsigned int g_supplicant_network_get_keymgmt(GSupplicantNetwork *network)
> +{
> +	if (network == NULL)
> +		return 0;
> +
> +	return network->keymgmt;
> +}
> +
>  static void merge_network(GSupplicantNetwork *network)
>  {
>  	GString *str;
> @@ -1457,7 +1467,8 @@ static void merge_network(GSupplicantNetwork *network)
>  	else if (g_strcmp0(mode, "1") == 0)
>  		g_string_append_printf(str, "_adhoc");
>  
> -	if (g_strcmp0(key_mgmt, "WPA-PSK") == 0)
> +	if ((g_strcmp0(key_mgmt, "WPA-PSK") == 0) ||
> +	    (g_strcmp0(key_mgmt, "SAE") == 0))
>  		g_string_append_printf(str, "_psk");
>  
>  	group = g_string_free(str, FALSE);
> @@ -1650,6 +1661,7 @@ static int add_or_replace_bss_to_network(struct g_supplicant_bss *bss)
>  	network->name = create_name(bss->ssid, bss->ssid_len);
>  	network->mode = bss->mode;
>  	network->security = bss->security;
> +	network->keymgmt = bss->keymgmt;
>  	network->ssid_len = bss->ssid_len;
>  	memcpy(network->ssid, bss->ssid, bss->ssid_len);
>  	network->signal = bss->signal;
> @@ -1931,7 +1943,8 @@ static void bss_compute_security(struct g_supplicant_bss *bss)
>  	if (bss->keymgmt &
>  			(G_SUPPLICANT_KEYMGMT_WPA_PSK |
>  				G_SUPPLICANT_KEYMGMT_WPA_FT_PSK |
> -				G_SUPPLICANT_KEYMGMT_WPA_PSK_256))
> +				G_SUPPLICANT_KEYMGMT_WPA_PSK_256 |
> +				G_SUPPLICANT_KEYMGMT_SAE))
>  		bss->psk = TRUE;
>  
>  	if (bss->ieee8021x)
> @@ -4890,6 +4903,15 @@ static void add_network_security_proto(DBusMessageIter *dict,
>  	g_free(proto);
>  }
>  
> +static void add_network_ieee80211w(DBusMessageIter *dict, GSupplicantSSID *ssid)
> +{
> +	if (!(ssid->keymgmt & G_SUPPLICANT_KEYMGMT_SAE))
> +		return;
> +
> +	supplicant_dbus_dict_append_basic(dict, "ieee80211w", DBUS_TYPE_UINT32,
> +					  &ssid->ieee80211w);
> +}
> +
>  static void add_network_security(DBusMessageIter *dict, GSupplicantSSID *ssid)
>  {
>  	char *key_mgmt;
> @@ -4907,7 +4929,10 @@ static void add_network_security(DBusMessageIter *dict, GSupplicantSSID *ssid)
>  		add_network_security_ciphers(dict, ssid);
>  		break;
>  	case G_SUPPLICANT_SECURITY_PSK:
> -		key_mgmt = "WPA-PSK";
> +		if (ssid->keymgmt & G_SUPPLICANT_KEYMGMT_SAE)
> +			key_mgmt = "SAE";
> +		else
> +			key_mgmt = "WPA-PSK";
>  		add_network_security_psk(dict, ssid);
>  		add_network_security_ciphers(dict, ssid);
>  		add_network_security_proto(dict, ssid);
> @@ -4969,6 +4994,8 @@ static void interface_add_network_params(DBusMessageIter *iter, void *user_data)
>  
>  	add_network_security(&dict, ssid);
>  
> +	add_network_ieee80211w(&dict, ssid);
> +
>  	supplicant_dbus_dict_append_fixed_array(&dict, "ssid",
>  					DBUS_TYPE_BYTE, &ssid->ssid,
>  						ssid->ssid_len);
> diff --git a/plugins/wifi.c b/plugins/wifi.c
> index 6233fe11..f990d40c 100644
> --- a/plugins/wifi.c
> +++ b/plugins/wifi.c
> @@ -167,6 +167,10 @@ struct wifi_data {
>  	int assoc_code;
>  };
>  
> +struct wifi_network {
> +	unsigned int keymgmt;
> +};
> +
>  struct disconnect_data {
>  	struct wifi_data *wifi;
>  	struct connman_network *network;
> @@ -809,6 +813,7 @@ static void remove_networks(struct connman_device *device,
>  	for (list = wifi->networks; list; list = list->next) {
>  		struct connman_network *network = list->data;
>  
> +		g_free(connman_network_get_data(network));
>  		connman_device_remove_network(device, network);
>  		connman_network_unref(network);
>  	}
> @@ -2148,6 +2153,7 @@ static GSupplicantSecurity network_security(const char *security)
>  
>  static void ssid_init(GSupplicantSSID *ssid, struct connman_network *network)
>  {
> +	struct wifi_network *network_data = connman_network_get_data(network);
>  	const char *security;
>  
>  	memset(ssid, 0, sizeof(*ssid));
> @@ -2157,6 +2163,8 @@ static void ssid_init(GSupplicantSSID *ssid, struct connman_network *network)
>  	ssid->scan_ssid = 1;
>  	security = connman_network_get_string(network, "WiFi.Security");
>  	ssid->security = network_security(security);
> +	ssid->keymgmt = network_data->keymgmt;
> +	ssid->ieee80211w = G_SUPPLICANT_MFP_OPTIONAL;
>  	ssid->passphrase = connman_network_get_string(network,
>  						"WiFi.Passphrase");
>  
> @@ -2801,6 +2809,7 @@ static void network_added(GSupplicantNetwork *supplicant_network)
>  	struct connman_network *network;
>  	GSupplicantInterface *interface;
>  	struct wifi_data *wifi;
> +	struct wifi_network *network_data;
>  	const char *name, *identifier, *security, *group, *mode;
>  	const unsigned char *ssid;
>  	unsigned int ssid_len;
> @@ -2849,8 +2858,19 @@ static void network_added(GSupplicantNetwork *supplicant_network)
>  		}
>  
>  		wifi->networks = g_slist_prepend(wifi->networks, network);
> +
> +		network_data = g_try_new0(struct wifi_network, 1);
> +		if (!network_data) {
> +			connman_error("Out of memory creating wifi network");
> +			return;
> +		}
> +		connman_network_set_data(network, network_data);
>  	}
>  
> +	network_data = connman_network_get_data(network);
> +	network_data->keymgmt =
> +		g_supplicant_network_get_keymgmt(supplicant_network);
> +
>  	if (name && name[0] != '\0')
>  		connman_network_set_name(network, name);
>  
> @@ -2918,6 +2938,7 @@ static void network_removed(GSupplicantNetwork *network)
>  
>  	wifi->networks = g_slist_remove(wifi->networks, connman_network);
>  
> +	g_free(connman_network_get_data(connman_network));
>  	connman_device_remove_network(wifi->device, connman_network);
>  	connman_network_unref(connman_network);
>  }
> 

Re: [RFC connman v2 1/1] WIP: Add wpa_supplicant WPA3-SAE support

[Daniel Wagner]

Hi Ariel,

On Thu, May 27, 2021 at 06:41:34PM -0300, Ariel D'Alessandro wrote:
> Implement WPA3-SAE authentication on connman side using wpa_supplicant
> backend.
> 
> Initially based on Tizen project:
> 
>   https://review.tizen.org/git/?p=platform/upstream/connman.git
> 
> Signed-off-by: Ariel D'Alessandro <ariel.dalessandro@collabora.com>

We don't do the SOB, so I just dropped.

I applied the patch, there were small style issues which I fixed it
directly.

Probably we should update the documentation which wpa_supplicant version
is needed to support WPA3.

Thanks,
Daniel

Re: [RFC connman v2 1/1] WIP: Add wpa_supplicant WPA3-SAE support

[Daniel Wagner]

[-- Attachment #1: Type: text/plain, Size: 601 bytes --]

Hi Ariel,

On Thu, May 27, 2021 at 06:41:34PM -0300, Ariel D'Alessandro wrote:
> Implement WPA3-SAE authentication on connman side using wpa_supplicant
> backend.
> 
> Initially based on Tizen project:
> 
>   https://review.tizen.org/git/?p=platform/upstream/connman.git
> 
> Signed-off-by: Ariel D'Alessandro <ariel.dalessandro@collabora.com>

We don't do the SOB, so I just dropped.

I applied the patch, there were small style issues which I fixed it
directly.

Probably we should update the documentation which wpa_supplicant version
is needed to support WPA3.

Thanks,
Daniel

Re: [RFC connman v2 1/1] WIP: Add wpa_supplicant WPA3-SAE support

[Ariel D'Alessandro]

Hi Daniel,

On 6/14/21 4:00 AM, Daniel Wagner wrote:
> Hi Ariel,
> 
> On Thu, May 27, 2021 at 06:41:34PM -0300, Ariel D'Alessandro wrote:
>> Implement WPA3-SAE authentication on connman side using wpa_supplicant
>> backend.
>>
>> Initially based on Tizen project:
>>
>>   https://review.tizen.org/git/?p=platform/upstream/connman.git
>>
>> Signed-off-by: Ariel D'Alessandro <ariel.dalessandro@collabora.com>
> 
> We don't do the SOB, so I just dropped.

Ok.

> 
> I applied the patch, there were small style issues which I fixed it
> directly.

Great! Thanks a lot for your help.

> 
> Probably we should update the documentation which wpa_supplicant version
> is needed to support WPA3.

Which doc files should be updated? I can take a look at that and put
some notes together.

Regards,
Ariel

Re: [RFC connman v2 1/1] WIP: Add wpa_supplicant WPA3-SAE support

[Ariel D'Alessandro]

[-- Attachment #1: Type: text/plain, Size: 827 bytes --]

Hi Daniel,

On 6/14/21 4:00 AM, Daniel Wagner wrote:
> Hi Ariel,
> 
> On Thu, May 27, 2021 at 06:41:34PM -0300, Ariel D'Alessandro wrote:
>> Implement WPA3-SAE authentication on connman side using wpa_supplicant
>> backend.
>>
>> Initially based on Tizen project:
>>
>>   https://review.tizen.org/git/?p=platform/upstream/connman.git
>>
>> Signed-off-by: Ariel D'Alessandro <ariel.dalessandro@collabora.com>
> 
> We don't do the SOB, so I just dropped.

Ok.

> 
> I applied the patch, there were small style issues which I fixed it
> directly.

Great! Thanks a lot for your help.

> 
> Probably we should update the documentation which wpa_supplicant version
> is needed to support WPA3.

Which doc files should be updated? I can take a look at that and put
some notes together.

Regards,
Ariel

Re: [RFC connman v2 1/1] WIP: Add wpa_supplicant WPA3-SAE support

[Daniel Wagner]

Hi Ariel,

On Mon, Jun 14, 2021 at 08:50:10AM -0300, Ariel D'Alessandro wrote:
> > I applied the patch, there were small style issues which I fixed it
> > directly.
> 
> Great! Thanks a lot for your help.

Thanks for your contribution. Really appreciated.

> > Probably we should update the documentation which wpa_supplicant version
> > is needed to support WPA3.
> 
> Which doc files should be updated? I can take a look at that and put
> some notes together.

There was some recommendation on the wpa_supplicant version in the
README. I wonder if this is still valid.

Thanks,
Daniel

Re: [RFC connman v2 1/1] WIP: Add wpa_supplicant WPA3-SAE support

[Daniel Wagner]

[-- Attachment #1: Type: text/plain, Size: 606 bytes --]

Hi Ariel,

On Mon, Jun 14, 2021 at 08:50:10AM -0300, Ariel D'Alessandro wrote:
> > I applied the patch, there were small style issues which I fixed it
> > directly.
> 
> Great! Thanks a lot for your help.

Thanks for your contribution. Really appreciated.

> > Probably we should update the documentation which wpa_supplicant version
> > is needed to support WPA3.
> 
> Which doc files should be updated? I can take a look at that and put
> some notes together.

There was some recommendation on the wpa_supplicant version in the
README. I wonder if this is still valid.

Thanks,
Daniel

Re: [RFC connman v2 1/1] WIP: Add wpa_supplicant WPA3-SAE support

[Ariel D'Alessandro]

[-- Attachment #1: Type: text/plain, Size: 1860 bytes --]

Hi all,

This patch has been merged already. However, I'd like to have your
comments, see below.

On 5/27/21 6:41 PM, Ariel D'Alessandro wrote:
> Implement WPA3-SAE authentication on connman side using wpa_supplicant
> backend.
> 
> Initially based on Tizen project:
> 
>   https://review.tizen.org/git/?p=platform/upstream/connman.git
> 
> Signed-off-by: Ariel D'Alessandro <ariel.dalessandro@collabora.com>
> ---
>  gsupplicant/gsupplicant.h | 10 ++++++++++
>  gsupplicant/supplicant.c  | 33 ++++++++++++++++++++++++++++++---
>  plugins/wifi.c            | 21 +++++++++++++++++++++
>  3 files changed, 61 insertions(+), 3 deletions(-)
[snip]
> diff --git a/plugins/wifi.c b/plugins/wifi.c
> index 6233fe11..f990d40c 100644
> --- a/plugins/wifi.c
> +++ b/plugins/wifi.c[snip]> @@ -2148,6 +2153,7 @@ static GSupplicantSecurity
network_security(const char *security)
>  
>  static void ssid_init(GSupplicantSSID *ssid, struct connman_network *network)
>  {
> +	struct wifi_network *network_data = connman_network_get_data(network);
>  	const char *security;
>  
>  	memset(ssid, 0, sizeof(*ssid));
> @@ -2157,6 +2163,8 @@ static void ssid_init(GSupplicantSSID *ssid, struct connman_network *network)
>  	ssid->scan_ssid = 1;
>  	security = connman_network_get_string(network, "WiFi.Security");
>  	ssid->security = network_security(security);
> +	ssid->keymgmt = network_data->keymgmt;
> +	ssid->ieee80211w = G_SUPPLICANT_MFP_OPTIONAL;

Should this be G_SUPPLICANT_MFP_REQUIRED?

According to wpa_supplicant docs [0] section "# ieee80211w:": it is
stated "WPA3-Personal-only mode: ieee80211w=2 and key_mgmt=SAE". This
means that the parameter ieee80211w has to be set to 2 (required) if SAE
is used.

Should this be fixed?

[0] https://w1.fi/cgit/hostap/plain/wpa_supplicant/wpa_supplicant.conf

Regards,
Ariel

Re: [RFC connman v2 1/1] WIP: Add wpa_supplicant WPA3-SAE support

[Daniel Wagner]

[-- Attachment #1: Type: text/plain, Size: 1108 bytes --]

Hi Ariel,

On Fri, Jul 30, 2021 at 03:28:57PM -0300, Ariel D'Alessandro wrote:
> >  static void ssid_init(GSupplicantSSID *ssid, struct connman_network *network)
> >  {
> > +	struct wifi_network *network_data = connman_network_get_data(network);
> >  	const char *security;
> >  
> >  	memset(ssid, 0, sizeof(*ssid));
> > @@ -2157,6 +2163,8 @@ static void ssid_init(GSupplicantSSID *ssid, struct connman_network *network)
> >  	ssid->scan_ssid = 1;
> >  	security = connman_network_get_string(network, "WiFi.Security");
> >  	ssid->security = network_security(security);
> > +	ssid->keymgmt = network_data->keymgmt;
> > +	ssid->ieee80211w = G_SUPPLICANT_MFP_OPTIONAL;
> 
> Should this be G_SUPPLICANT_MFP_REQUIRED?
> 
> According to wpa_supplicant docs [0] section "# ieee80211w:": it is
> stated "WPA3-Personal-only mode: ieee80211w=2 and key_mgmt=SAE". This
> means that the parameter ieee80211w has to be set to 2 (required) if SAE
> is used.
> 
> Should this be fixed?

Yes, I agree. According the docs this should be set to required. Are you
sending a patch?

Thanks,
Daniel