Re: [PATCH v2 1/7] supplicant: set key_mgmt independent of pmf value
On 2018/01/16 00:56, Thomas Haller wrote: > On Mon, 2018-01-15 at 15:46 +0100, Beniamino Galvani wrote: >> On Sun, Jan 14, 2018 at 09:33:50AM +0900, Masashi Honma wrote: >>> Previouslly, the value of ieee80211w and key_mgmt field in >>> wpa_supplicant.conf was defined by the value of pmf. >>> >>> NM_SETTING_WIRELESS_SECURITY_PMF_DISABLE >>> ieee80211w=0 >>> key_mgmt=wpa-eap >>> NM_SETTING_WIRELESS_SECURITY_PMF_OPTIONAL >>> ieee80211w=1 >>> key_mgmt=wpa-eap wpa-eap-sha256 >>> NM_SETTING_WIRELESS_SECURITY_PMF_REQUIRED >>> ieee80211w=2 >>> key_mgmt=wpa-eap-sha256 >>> >>> Though these works, these does not include whole combinations. >>> The key_mgmt could be set independent of ieee80211w value. >>> For example, management frame protection could be used with >>> wpa-eap. >>> ieee80211w=2 >>> key_mgmt=wpa-eap >>> >>> And wpa-eap-sha256 could be used without management frame >>> protection. >>> ieee80211w=0 >>> key_mgmt=wpa-eap-sha256 >>> >>> So this patch uses always key_mgmt=wpa-psk wpa-psk-sha256 or >>> key_mgmt=wpa-eap wpa-eap-sha256. By this setting, when AP >>> supports both, stronger algorithm will be chosen (ex. when AP >>> supports both wpa-eap and wpa-eap-sha256, wpa-eap-sha256 will be >>> chosen). >> >> Hi, >> >> the series now looks very good to me, thanks! >> > > hi, > > me too, only minor complains. > Great work! > > could you adjust the remaining points? > > Thank you, > Thomas > Thanks, Beniamino and Thomas ! I will send fixed patches soon. Masashi Honma. signature.asc Description: OpenPGP digital signature ___ networkmanager-list mailing list networkmanager-list@gnome.org https://mail.gnome.org/mailman/listinfo/networkmanager-list
Re: [PATCH v2 1/7] supplicant: set key_mgmt independent of pmf value
On Mon, 2018-01-15 at 15:46 +0100, Beniamino Galvani wrote: > On Sun, Jan 14, 2018 at 09:33:50AM +0900, Masashi Honma wrote: > > Previouslly, the value of ieee80211w and key_mgmt field in > > wpa_supplicant.conf was defined by the value of pmf. > > > > NM_SETTING_WIRELESS_SECURITY_PMF_DISABLE > > ieee80211w=0 > > key_mgmt=wpa-eap > > NM_SETTING_WIRELESS_SECURITY_PMF_OPTIONAL > > ieee80211w=1 > > key_mgmt=wpa-eap wpa-eap-sha256 > > NM_SETTING_WIRELESS_SECURITY_PMF_REQUIRED > > ieee80211w=2 > > key_mgmt=wpa-eap-sha256 > > > > Though these works, these does not include whole combinations. > > The key_mgmt could be set independent of ieee80211w value. > > For example, management frame protection could be used with > > wpa-eap. > > ieee80211w=2 > > key_mgmt=wpa-eap > > > > And wpa-eap-sha256 could be used without management frame > > protection. > > ieee80211w=0 > > key_mgmt=wpa-eap-sha256 > > > > So this patch uses always key_mgmt=wpa-psk wpa-psk-sha256 or > > key_mgmt=wpa-eap wpa-eap-sha256. By this setting, when AP > > supports both, stronger algorithm will be chosen (ex. when AP > > supports both wpa-eap and wpa-eap-sha256, wpa-eap-sha256 will be > > chosen). > > Hi, > > the series now looks very good to me, thanks! > hi, me too, only minor complains. Great work! could you adjust the remaining points? Thank you, Thomas signature.asc Description: This is a digitally signed message part ___ networkmanager-list mailing list networkmanager-list@gnome.org https://mail.gnome.org/mailman/listinfo/networkmanager-list
Re: [PATCH v2 1/7] supplicant: set key_mgmt independent of pmf value
On Sun, Jan 14, 2018 at 09:33:50AM +0900, Masashi Honma wrote: > Previouslly, the value of ieee80211w and key_mgmt field in > wpa_supplicant.conf was defined by the value of pmf. > > NM_SETTING_WIRELESS_SECURITY_PMF_DISABLE > ieee80211w=0 > key_mgmt=wpa-eap > NM_SETTING_WIRELESS_SECURITY_PMF_OPTIONAL > ieee80211w=1 > key_mgmt=wpa-eap wpa-eap-sha256 > NM_SETTING_WIRELESS_SECURITY_PMF_REQUIRED > ieee80211w=2 > key_mgmt=wpa-eap-sha256 > > Though these works, these does not include whole combinations. > The key_mgmt could be set independent of ieee80211w value. > For example, management frame protection could be used with > wpa-eap. > ieee80211w=2 > key_mgmt=wpa-eap > > And wpa-eap-sha256 could be used without management frame > protection. > ieee80211w=0 > key_mgmt=wpa-eap-sha256 > > So this patch uses always key_mgmt=wpa-psk wpa-psk-sha256 or > key_mgmt=wpa-eap wpa-eap-sha256. By this setting, when AP > supports both, stronger algorithm will be chosen (ex. when AP > supports both wpa-eap and wpa-eap-sha256, wpa-eap-sha256 will be > chosen). Hi, the series now looks very good to me, thanks! Beniamino signature.asc Description: PGP signature ___ networkmanager-list mailing list networkmanager-list@gnome.org https://mail.gnome.org/mailman/listinfo/networkmanager-list
[PATCH v2 1/7] supplicant: set key_mgmt independent of pmf value
Previouslly, the value of ieee80211w and key_mgmt field in wpa_supplicant.conf was defined by the value of pmf. NM_SETTING_WIRELESS_SECURITY_PMF_DISABLE ieee80211w=0 key_mgmt=wpa-eap NM_SETTING_WIRELESS_SECURITY_PMF_OPTIONAL ieee80211w=1 key_mgmt=wpa-eap wpa-eap-sha256 NM_SETTING_WIRELESS_SECURITY_PMF_REQUIRED ieee80211w=2 key_mgmt=wpa-eap-sha256 Though these works, these does not include whole combinations. The key_mgmt could be set independent of ieee80211w value. For example, management frame protection could be used with wpa-eap. ieee80211w=2 key_mgmt=wpa-eap And wpa-eap-sha256 could be used without management frame protection. ieee80211w=0 key_mgmt=wpa-eap-sha256 So this patch uses always key_mgmt=wpa-psk wpa-psk-sha256 or key_mgmt=wpa-eap wpa-eap-sha256. By this setting, when AP supports both, stronger algorithm will be chosen (ex. when AP supports both wpa-eap and wpa-eap-sha256, wpa-eap-sha256 will be chosen). Signed-off-by: Masashi Honma --- src/supplicant/nm-supplicant-config.c | 16 +--- 1 file changed, 5 insertions(+), 11 deletions(-) diff --git a/src/supplicant/nm-supplicant-config.c b/src/supplicant/nm-supplicant-config.c index 5650e64..e51e8ba 100644 --- a/src/supplicant/nm-supplicant-config.c +++ b/src/supplicant/nm-supplicant-config.c @@ -744,17 +744,11 @@ nm_supplicant_config_add_setting_wireless_security (NMSupplicantConfig *self, g_return_val_if_fail (!error || !*error, FALSE); key_mgmt = key_mgmt_conf = nm_setting_wireless_security_get_key_mgmt (setting); - if (pmf == NM_SETTING_WIRELESS_SECURITY_PMF_OPTIONAL) { - if (nm_streq (key_mgmt_conf, "wpa-psk")) - key_mgmt_conf = "wpa-psk wpa-psk-sha256"; - else if (nm_streq (key_mgmt_conf, "wpa-eap")) - key_mgmt_conf = "wpa-eap wpa-eap-sha256"; - } else if (pmf == NM_SETTING_WIRELESS_SECURITY_PMF_REQUIRED) { - if (nm_streq (key_mgmt_conf, "wpa-psk")) - key_mgmt_conf = "wpa-psk-sha256"; - else if (nm_streq (key_mgmt_conf, "wpa-eap")) - key_mgmt_conf = "wpa-eap-sha256"; - } + if (nm_streq (key_mgmt, "wpa-psk")) + key_mgmt_conf = "wpa-psk wpa-psk-sha256"; + else if (nm_streq (key_mgmt, "wpa-eap")) + key_mgmt_conf = "wpa-eap wpa-eap-sha256"; + if (!add_string_val (self, key_mgmt_conf, "key_mgmt", TRUE, NULL, error)) return FALSE; -- 2.7.4 ___ networkmanager-list mailing list networkmanager-list@gnome.org https://mail.gnome.org/mailman/listinfo/networkmanager-list