Re: [PATCH v2 1/7] supplicant: set key_mgmt independent of pmf value
On 2018/01/16 00:56, Thomas Haller wrote: > On Mon, 2018-01-15 at 15:46 +0100, Beniamino Galvani wrote: >> On Sun, Jan 14, 2018 at 09:33:50AM +0900, Masashi Honma wrote: >>> Previouslly, the value of ieee80211w and key_mgmt field in >>> wpa_supplicant.conf was defined by the value of pmf. >>> >>> NM_SETTING_WIRELESS_SECURITY_PMF_DISABLE >>> ieee80211w=0 >>> key_mgmt=wpa-eap >>> NM_SETTING_WIRELESS_SECURITY_PMF_OPTIONAL >>> ieee80211w=1 >>> key_mgmt=wpa-eap wpa-eap-sha256 >>> NM_SETTING_WIRELESS_SECURITY_PMF_REQUIRED >>> ieee80211w=2 >>> key_mgmt=wpa-eap-sha256 >>> >>> Though these works, these does not include whole combinations. >>> The key_mgmt could be set independent of ieee80211w value. >>> For example, management frame protection could be used with >>> wpa-eap. >>> ieee80211w=2 >>> key_mgmt=wpa-eap >>> >>> And wpa-eap-sha256 could be used without management frame >>> protection. >>> ieee80211w=0 >>> key_mgmt=wpa-eap-sha256 >>> >>> So this patch uses always key_mgmt=wpa-psk wpa-psk-sha256 or >>> key_mgmt=wpa-eap wpa-eap-sha256. By this setting, when AP >>> supports both, stronger algorithm will be chosen (ex. when AP >>> supports both wpa-eap and wpa-eap-sha256, wpa-eap-sha256 will be >>> chosen). >> >> Hi, >> >> the series now looks very good to me, thanks! >> > > hi, > > me too, only minor complains. > Great work! > > could you adjust the remaining points? > > Thank you, > Thomas > Thanks, Beniamino and Thomas ! I will send fixed patches soon. Masashi Honma. signature.asc Description: OpenPGP digital signature ___ networkmanager-list mailing list networkmanager-list@gnome.org https://mail.gnome.org/mailman/listinfo/networkmanager-list
Re: [PATCH v2 1/7] supplicant: set key_mgmt independent of pmf value
On Mon, 2018-01-15 at 15:46 +0100, Beniamino Galvani wrote: > On Sun, Jan 14, 2018 at 09:33:50AM +0900, Masashi Honma wrote: > > Previouslly, the value of ieee80211w and key_mgmt field in > > wpa_supplicant.conf was defined by the value of pmf. > > > > NM_SETTING_WIRELESS_SECURITY_PMF_DISABLE > > ieee80211w=0 > > key_mgmt=wpa-eap > > NM_SETTING_WIRELESS_SECURITY_PMF_OPTIONAL > > ieee80211w=1 > > key_mgmt=wpa-eap wpa-eap-sha256 > > NM_SETTING_WIRELESS_SECURITY_PMF_REQUIRED > > ieee80211w=2 > > key_mgmt=wpa-eap-sha256 > > > > Though these works, these does not include whole combinations. > > The key_mgmt could be set independent of ieee80211w value. > > For example, management frame protection could be used with > > wpa-eap. > > ieee80211w=2 > > key_mgmt=wpa-eap > > > > And wpa-eap-sha256 could be used without management frame > > protection. > > ieee80211w=0 > > key_mgmt=wpa-eap-sha256 > > > > So this patch uses always key_mgmt=wpa-psk wpa-psk-sha256 or > > key_mgmt=wpa-eap wpa-eap-sha256. By this setting, when AP > > supports both, stronger algorithm will be chosen (ex. when AP > > supports both wpa-eap and wpa-eap-sha256, wpa-eap-sha256 will be > > chosen). > > Hi, > > the series now looks very good to me, thanks! > hi, me too, only minor complains. Great work! could you adjust the remaining points? Thank you, Thomas signature.asc Description: This is a digitally signed message part ___ networkmanager-list mailing list networkmanager-list@gnome.org https://mail.gnome.org/mailman/listinfo/networkmanager-list
Re: [PATCH v2 1/7] supplicant: set key_mgmt independent of pmf value
On Sun, Jan 14, 2018 at 09:33:50AM +0900, Masashi Honma wrote: > Previouslly, the value of ieee80211w and key_mgmt field in > wpa_supplicant.conf was defined by the value of pmf. > > NM_SETTING_WIRELESS_SECURITY_PMF_DISABLE > ieee80211w=0 > key_mgmt=wpa-eap > NM_SETTING_WIRELESS_SECURITY_PMF_OPTIONAL > ieee80211w=1 > key_mgmt=wpa-eap wpa-eap-sha256 > NM_SETTING_WIRELESS_SECURITY_PMF_REQUIRED > ieee80211w=2 > key_mgmt=wpa-eap-sha256 > > Though these works, these does not include whole combinations. > The key_mgmt could be set independent of ieee80211w value. > For example, management frame protection could be used with > wpa-eap. > ieee80211w=2 > key_mgmt=wpa-eap > > And wpa-eap-sha256 could be used without management frame > protection. > ieee80211w=0 > key_mgmt=wpa-eap-sha256 > > So this patch uses always key_mgmt=wpa-psk wpa-psk-sha256 or > key_mgmt=wpa-eap wpa-eap-sha256. By this setting, when AP > supports both, stronger algorithm will be chosen (ex. when AP > supports both wpa-eap and wpa-eap-sha256, wpa-eap-sha256 will be > chosen). Hi, the series now looks very good to me, thanks! Beniamino signature.asc Description: PGP signature ___ networkmanager-list mailing list networkmanager-list@gnome.org https://mail.gnome.org/mailman/listinfo/networkmanager-list
[PATCH v2 1/7] supplicant: set key_mgmt independent of pmf value
Previouslly, the value of ieee80211w and key_mgmt field in
wpa_supplicant.conf was defined by the value of pmf.
NM_SETTING_WIRELESS_SECURITY_PMF_DISABLE
ieee80211w=0
key_mgmt=wpa-eap
NM_SETTING_WIRELESS_SECURITY_PMF_OPTIONAL
ieee80211w=1
key_mgmt=wpa-eap wpa-eap-sha256
NM_SETTING_WIRELESS_SECURITY_PMF_REQUIRED
ieee80211w=2
key_mgmt=wpa-eap-sha256
Though these works, these does not include whole combinations.
The key_mgmt could be set independent of ieee80211w value.
For example, management frame protection could be used with
wpa-eap.
ieee80211w=2
key_mgmt=wpa-eap
And wpa-eap-sha256 could be used without management frame
protection.
ieee80211w=0
key_mgmt=wpa-eap-sha256
So this patch uses always key_mgmt=wpa-psk wpa-psk-sha256 or
key_mgmt=wpa-eap wpa-eap-sha256. By this setting, when AP
supports both, stronger algorithm will be chosen (ex. when AP
supports both wpa-eap and wpa-eap-sha256, wpa-eap-sha256 will be
chosen).
Signed-off-by: Masashi Honma
---
src/supplicant/nm-supplicant-config.c | 16 +---
1 file changed, 5 insertions(+), 11 deletions(-)
diff --git a/src/supplicant/nm-supplicant-config.c
b/src/supplicant/nm-supplicant-config.c
index 5650e64..e51e8ba 100644
--- a/src/supplicant/nm-supplicant-config.c
+++ b/src/supplicant/nm-supplicant-config.c
@@ -744,17 +744,11 @@ nm_supplicant_config_add_setting_wireless_security
(NMSupplicantConfig *self,
g_return_val_if_fail (!error || !*error, FALSE);
key_mgmt = key_mgmt_conf = nm_setting_wireless_security_get_key_mgmt
(setting);
- if (pmf == NM_SETTING_WIRELESS_SECURITY_PMF_OPTIONAL) {
- if (nm_streq (key_mgmt_conf, "wpa-psk"))
- key_mgmt_conf = "wpa-psk wpa-psk-sha256";
- else if (nm_streq (key_mgmt_conf, "wpa-eap"))
- key_mgmt_conf = "wpa-eap wpa-eap-sha256";
- } else if (pmf == NM_SETTING_WIRELESS_SECURITY_PMF_REQUIRED) {
- if (nm_streq (key_mgmt_conf, "wpa-psk"))
- key_mgmt_conf = "wpa-psk-sha256";
- else if (nm_streq (key_mgmt_conf, "wpa-eap"))
- key_mgmt_conf = "wpa-eap-sha256";
- }
+ if (nm_streq (key_mgmt, "wpa-psk"))
+ key_mgmt_conf = "wpa-psk wpa-psk-sha256";
+ else if (nm_streq (key_mgmt, "wpa-eap"))
+ key_mgmt_conf = "wpa-eap wpa-eap-sha256";
+
if (!add_string_val (self, key_mgmt_conf, "key_mgmt", TRUE, NULL,
error))
return FALSE;
--
2.7.4
___
networkmanager-list mailing list
networkmanager-list@gnome.org
https://mail.gnome.org/mailman/listinfo/networkmanager-list
