diff options
author | Beniamino Galvani <bgalvani@redhat.com> | 2021-12-09 12:05:59 +0100 |
---|---|---|
committer | Beniamino Galvani <bgalvani@redhat.com> | 2022-01-11 21:39:04 +0100 |
commit | 9f3d2a09ea9cbd41d64199a8684d9108f8432094 (patch) | |
tree | d0b005dab9e3c13f189ae3d434ad6718a15353ec /src | |
parent | e0cdbd733b2dbe4096e8285cc281ac85cf5398b0 (diff) | |
download | NetworkManager-9f3d2a09ea9cbd41d64199a8684d9108f8432094.tar.gz |
supplicant: enable SAE-H2E
H2E (hash to element) is a newer method for generating the PWE
(password element) for SAE, alternative to the existing
"hunting-and-pecking". It is considered more secure and it is
mandatory for the WPA3 certification; also, SAE in the 6GHz band can
only use H2E (hunting-and-pecking is disallowed).
Enable H2E in addition to hunting-and-pecking.
https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/issues/753
https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/merge_requests/1045
Diffstat (limited to 'src')
-rw-r--r-- | src/core/supplicant/nm-supplicant-interface.c | 18 |
1 files changed, 18 insertions, 0 deletions
diff --git a/src/core/supplicant/nm-supplicant-interface.c b/src/core/supplicant/nm-supplicant-interface.c index 54d7c7210c..cb2c762c93 100644 --- a/src/core/supplicant/nm-supplicant-interface.c +++ b/src/core/supplicant/nm-supplicant-interface.c @@ -173,6 +173,8 @@ G_DEFINE_TYPE(NMSupplicantInterface, nm_supplicant_interface, G_TYPE_OBJECT) #define NM_SUPPLICANT_INTERFACE_GET_PRIVATE(self) \ _NM_GET_PRIVATE_PTR(self, NMSupplicantInterface, NM_IS_SUPPLICANT_INTERFACE) +static NMTernary _get_capability(NMSupplicantInterfacePrivate *priv, NMSupplCapType type); + /*****************************************************************************/ static const char * @@ -1320,6 +1322,22 @@ _starting_check_ready(NMSupplicantInterface *self) NM_SUPPL_CAP_TO_CHAR(priv->iface_capabilities, NM_SUPPL_CAP_TYPE_FT), NM_SUPPL_CAP_TO_CHAR(priv->iface_capabilities, NM_SUPPL_CAP_TYPE_SAE)); + /* Other global properties are set in constructed() because they don't + * depend on interface capabilities. */ + if (_get_capability(priv, NM_SUPPL_CAP_TYPE_SAE) == NM_TERNARY_TRUE) { + _LOGD("enabling SAE-H2E (SaePwe=2)"); + nm_dbus_connection_call_set(priv->dbus_connection, + priv->name_owner->str, + priv->object_path->str, + NM_WPAS_DBUS_IFACE_INTERFACE, + "SaePwe", + g_variant_new_string("2"), + DBUS_TIMEOUT_MSEC, + NULL, + NULL, + NULL); + } + set_state(self, priv->supp_state); } |