diff options
-rw-r--r-- | src/devices/nm-device-ethernet.c | 2 | ||||
-rw-r--r-- | src/devices/nm-device-macsec.c | 2 | ||||
-rw-r--r-- | src/devices/wifi/nm-device-wifi.c | 4 | ||||
-rw-r--r-- | src/supplicant/nm-supplicant-config.c | 26 | ||||
-rw-r--r-- | src/supplicant/nm-supplicant-config.h | 3 | ||||
-rw-r--r-- | src/supplicant/nm-supplicant-settings-verify.c | 4 | ||||
-rw-r--r-- | src/supplicant/tests/test-supplicant-config.c | 2 |
7 files changed, 33 insertions, 10 deletions
diff --git a/src/devices/nm-device-ethernet.c b/src/devices/nm-device-ethernet.c index 0d45dfdeda..3e84847ed1 100644 --- a/src/devices/nm-device-ethernet.c +++ b/src/devices/nm-device-ethernet.c @@ -560,7 +560,7 @@ build_supplicant_config (NMDeviceEthernet *self, mtu = nm_platform_link_get_mtu (nm_device_get_platform (NM_DEVICE (self)), nm_device_get_ifindex (NM_DEVICE (self))); - config = nm_supplicant_config_new (FALSE, FALSE); + config = nm_supplicant_config_new (FALSE, FALSE, FALSE, FALSE); security = nm_connection_get_setting_802_1x (connection); if (!nm_supplicant_config_add_setting_8021x (config, security, con_uuid, mtu, TRUE, error)) { diff --git a/src/devices/nm-device-macsec.c b/src/devices/nm-device-macsec.c index 54e04a1bf5..e3e3a895b2 100644 --- a/src/devices/nm-device-macsec.c +++ b/src/devices/nm-device-macsec.c @@ -224,7 +224,7 @@ build_supplicant_config (NMDeviceMacsec *self, GError **error) mtu = nm_platform_link_get_mtu (nm_device_get_platform (NM_DEVICE (self)), nm_device_get_ifindex (NM_DEVICE (self))); - config = nm_supplicant_config_new (FALSE, FALSE); + config = nm_supplicant_config_new (FALSE, FALSE, FALSE, FALSE); s_macsec = nm_device_get_applied_setting (NM_DEVICE (self), NM_TYPE_SETTING_MACSEC); diff --git a/src/devices/wifi/nm-device-wifi.c b/src/devices/wifi/nm-device-wifi.c index a1fa96be9f..db6ccf5b27 100644 --- a/src/devices/wifi/nm-device-wifi.c +++ b/src/devices/wifi/nm-device-wifi.c @@ -2452,7 +2452,9 @@ build_supplicant_config (NMDeviceWifi *self, config = nm_supplicant_config_new ( nm_supplicant_interface_get_pmf_support (priv->sup_iface) == NM_SUPPLICANT_FEATURE_YES, - nm_supplicant_interface_get_fils_support (priv->sup_iface) == NM_SUPPLICANT_FEATURE_YES); + nm_supplicant_interface_get_fils_support (priv->sup_iface) == NM_SUPPLICANT_FEATURE_YES, + nm_supplicant_interface_get_ft_support (priv->sup_iface) == NM_SUPPLICANT_FEATURE_YES, + nm_supplicant_interface_get_sha384_support (priv->sup_iface) == NM_SUPPLICANT_FEATURE_YES); /* Warn if AP mode may not be supported */ if ( g_strcmp0 (nm_setting_wireless_get_mode (s_wireless), NM_SETTING_WIRELESS_MODE_AP) == 0 diff --git a/src/supplicant/nm-supplicant-config.c b/src/supplicant/nm-supplicant-config.c index 0e20a2790a..9873fc8111 100644 --- a/src/supplicant/nm-supplicant-config.c +++ b/src/supplicant/nm-supplicant-config.c @@ -49,6 +49,8 @@ typedef struct { gboolean dispose_has_run; gboolean support_pmf; gboolean support_fils; + gboolean support_ft; + gboolean support_sha384; } NMSupplicantConfigPrivate; struct _NMSupplicantConfig { @@ -67,7 +69,8 @@ G_DEFINE_TYPE (NMSupplicantConfig, nm_supplicant_config, G_TYPE_OBJECT) /*****************************************************************************/ NMSupplicantConfig * -nm_supplicant_config_new (gboolean support_pmf, gboolean support_fils) +nm_supplicant_config_new (gboolean support_pmf, gboolean support_fils, + gboolean support_ft, gboolean support_sha384) { NMSupplicantConfigPrivate *priv; NMSupplicantConfig *self; @@ -77,6 +80,8 @@ nm_supplicant_config_new (gboolean support_pmf, gboolean support_fils) priv->support_pmf = support_pmf; priv->support_fils = support_fils; + priv->support_ft = support_ft; + priv->support_sha384 = support_sha384; return self; } @@ -779,20 +784,35 @@ nm_supplicant_config_add_setting_wireless_security (NMSupplicantConfig *self, if (nm_streq (key_mgmt, "wpa-psk")) { if (priv->support_pmf) g_string_append (key_mgmt_conf, " wpa-psk-sha256"); + if (priv->support_ft) + g_string_append (key_mgmt_conf, " ft-psk"); } else if (nm_streq (key_mgmt, "wpa-eap")) { if (priv->support_pmf) g_string_append (key_mgmt_conf, " wpa-eap-sha256"); + if (priv->support_ft) + g_string_append (key_mgmt_conf, " ft-eap"); + if (priv->support_ft && priv->support_sha384) + g_string_append (key_mgmt_conf, " ft-eap-sha384"); switch (fils) { case NM_SETTING_WIRELESS_SECURITY_FILS_REQUIRED: - g_string_assign (key_mgmt_conf, "fils-sha256 fils-sha384"); - break; + g_string_truncate (key_mgmt_conf, 0); + if (!priv->support_pmf) + g_string_assign (key_mgmt_conf, "fils-sha256 fils-sha384"); + /* fall-through */ case NM_SETTING_WIRELESS_SECURITY_FILS_OPTIONAL: if (priv->support_pmf) g_string_append (key_mgmt_conf, " fils-sha256 fils-sha384"); + if (priv->support_pmf && priv->support_ft) + g_string_append (key_mgmt_conf, " ft-fils-sha256"); + if (priv->support_pmf && priv->support_ft & priv->support_sha384) + g_string_append (key_mgmt_conf, " ft-fils-sha384"); break; default: break; } + } else if (nm_streq (key_mgmt, "sae")) { + if (priv->support_ft) + g_string_append (key_mgmt_conf, " ft-sae"); } if (!add_string_val (self, key_mgmt_conf->str, "key_mgmt", TRUE, NULL, error)) diff --git a/src/supplicant/nm-supplicant-config.h b/src/supplicant/nm-supplicant-config.h index 93038ba5bc..c4e7310d5e 100644 --- a/src/supplicant/nm-supplicant-config.h +++ b/src/supplicant/nm-supplicant-config.h @@ -39,7 +39,8 @@ typedef struct _NMSupplicantConfigClass NMSupplicantConfigClass; GType nm_supplicant_config_get_type (void); -NMSupplicantConfig *nm_supplicant_config_new (gboolean support_pmf, gboolean support_fils); +NMSupplicantConfig *nm_supplicant_config_new (gboolean support_pmf, gboolean support_fils, + gboolean support_ft, gboolean support_sha384); guint32 nm_supplicant_config_get_ap_scan (NMSupplicantConfig *self); diff --git a/src/supplicant/nm-supplicant-settings-verify.c b/src/supplicant/nm-supplicant-settings-verify.c index b7f1a02237..20466af1d0 100644 --- a/src/supplicant/nm-supplicant-settings-verify.c +++ b/src/supplicant/nm-supplicant-settings-verify.c @@ -66,8 +66,8 @@ static const struct validate_entry validate_table[] = { const char * pairwise_allowed[] = { "CCMP", "TKIP", "NONE", NULL }; const char * group_allowed[] = { "CCMP", "TKIP", "WEP104", "WEP40", NULL }; const char * proto_allowed[] = { "WPA", "RSN", NULL }; -const char * key_mgmt_allowed[] = { "WPA-PSK", "WPA-PSK-SHA256", - "WPA-EAP", "WPA-EAP-SHA256", +const char * key_mgmt_allowed[] = { "WPA-PSK", "WPA-PSK-SHA256", "FT-PSK", + "WPA-EAP", "WPA-EAP-SHA256", "FT-EAP", "FT-EAP-SHA384", "FILS-SHA256", "FILS-SHA384", "IEEE8021X", "WPA-NONE", "SAE", "NONE", NULL }; diff --git a/src/supplicant/tests/test-supplicant-config.c b/src/supplicant/tests/test-supplicant-config.c index 35330d0c8f..819256fb7d 100644 --- a/src/supplicant/tests/test-supplicant-config.c +++ b/src/supplicant/tests/test-supplicant-config.c @@ -110,7 +110,7 @@ build_supplicant_config (NMConnection *connection, NMSetting8021x *s_8021x; gboolean success; - config = nm_supplicant_config_new (support_pmf, support_fils); + config = nm_supplicant_config_new (support_pmf, support_fils, FALSE, FALSE); s_wifi = nm_connection_get_setting_wireless (connection); g_assert (s_wifi); |