1:10 a.m.
From wpa_supplicant docs [0] section "ieee80211w":
"WPA3-Personal-only mode: ieee80211w=2 and key_mgmt=SAE".
This means that the parameter ieee80211w has to be set to 2 (required)
if SAE is used. Fix it.
[0] https://w1.fi/cgit/hostap/plain/wpa_supplicant/wpa_supplicant.conf
---
plugins/wifi.c | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/plugins/wifi.c b/plugins/wifi.c
index 578b4be7..02603e85 100644
--- a/plugins/wifi.c
+++ b/plugins/wifi.c
@@ -2174,7 +2174,12 @@ static void ssid_init(GSupplicantSSID *ssid, struct connman_network
*network)
security = connman_network_get_string(network, "WiFi.Security");
ssid->security = network_security(security);
ssid->keymgmt = network_data->keymgmt;
- ssid->ieee80211w = G_SUPPLICANT_MFP_OPTIONAL;
+ /*
+ * From wpa_supplicant docs:
+ * "WPA3-Personal-only mode: ieee80211w=2 and key_mgmt=SAE".
+ * Set ieee80211w as required, which is sent if SAE key is used.
+ */
+ ssid->ieee80211w = G_SUPPLICANT_MFP_REQUIRED;
ssid->passphrase = connman_network_get_string(network,
"WiFi.Passphrase");
--
2.30.2
5:41 p.m.
New subject: [connman v1] wifi: Set ieee80211w as required for
WPA3-Personal-only mode
Hi Ariel,
Thanks for tracking this! Just a stupid question:
On Mon, Aug 02, 2021 at 12:10:06PM -0300, Ariel D'Alessandro wrote:
From wpa_supplicant docs [0] section "ieee80211w":
"WPA3-Personal-only mode: ieee80211w=2 and key_mgmt=SAE".
This means that the parameter ieee80211w has to be set to 2 (required)
if SAE is used. Fix it.
[0] https://w1.fi/cgit/hostap/plain/wpa_supplicant/wpa_supplicant.conf
---
plugins/wifi.c | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/plugins/wifi.c b/plugins/wifi.c
index 578b4be7..02603e85 100644
--- a/plugins/wifi.c
+++ b/plugins/wifi.c
@@ -2174,7 +2174,12 @@ static void ssid_init(GSupplicantSSID *ssid, struct
connman_network *network)
security = connman_network_get_string(network, "WiFi.Security");
ssid->security = network_security(security);
ssid->keymgmt = network_data->keymgmt;
- ssid->ieee80211w = G_SUPPLICANT_MFP_OPTIONAL;
+ /*
+ * From wpa_supplicant docs:
+ * "WPA3-Personal-only mode: ieee80211w=2 and key_mgmt=SAE".
+ * Set ieee80211w as required, which is sent if SAE key is used.
+ */
+ ssid->ieee80211w = G_SUPPLICANT_MFP_REQUIRED;
Should we check the keymgmt is SAE and only then set the ieee80211w
value?
Thanks,
Daniel
7:17 a.m.
New subject: [connman v1] wifi: Set ieee80211w as required for
WPA3-Personal-only mode
Hi Daniel,
On 8/3/21 4:41 AM, Daniel Wagner wrote:
Hi Ariel,
Thanks for tracking this! Just a stupid question:
Thanks for the quick feedback :-) see below.
On Mon, Aug 02, 2021 at 12:10:06PM -0300, Ariel D'Alessandro wrote:
> From wpa_supplicant docs [0] section "ieee80211w":
>
> "WPA3-Personal-only mode: ieee80211w=2 and key_mgmt=SAE".
>
> This means that the parameter ieee80211w has to be set to 2 (required)
> if SAE is used. Fix it.
>
> [0] https://w1.fi/cgit/hostap/plain/wpa_supplicant/wpa_supplicant.conf
> ---
> plugins/wifi.c | 7 ++++++-
> 1 file changed, 6 insertions(+), 1 deletion(-)
>
> diff --git a/plugins/wifi.c b/plugins/wifi.c
> index 578b4be7..02603e85 100644
> --- a/plugins/wifi.c
> +++ b/plugins/wifi.c
> @@ -2174,7 +2174,12 @@ static void ssid_init(GSupplicantSSID *ssid, struct
connman_network *network)
> security = connman_network_get_string(network, "WiFi.Security");
> ssid->security = network_security(security);
> ssid->keymgmt = network_data->keymgmt;
> - ssid->ieee80211w = G_SUPPLICANT_MFP_OPTIONAL;
> + /*
> + * From wpa_supplicant docs:
> + * "WPA3-Personal-only mode: ieee80211w=2 and key_mgmt=SAE".
> + * Set ieee80211w as required, which is sent if SAE key is used.
> + */
> + ssid->ieee80211w = G_SUPPLICANT_MFP_REQUIRED;
Should we check the keymgmt is SAE and only then set the ieee80211w
value?
Thanks for asking that, two answers:
* `ssid->ieee80211w` only gets sent if key management is SAE, so that'd
be redundant. See this code block [0]. So, there's no real need to check
the keymgmt is SAE here, and `required` could be the default value.
* On the other hand, my concern now is about supporting SAE transition
mode. Let's *drop* this patchset and I'll send an RFC patch implementing
WPA3-Personal transition mode.
Thanks!
Ariel
[0]
https://git.kernel.org/pub/scm/network/connman/connman.git/tree/gsupplica...
4:03 p.m.
New subject: [connman v1] wifi: Set ieee80211w as required for
WPA3-Personal-only mode
Hi Ariel,
On Wed, Aug 04, 2021 at 06:17:20PM -0300, Ariel D'Alessandro wrote:
> Should we check the keymgmt is SAE and only then set the
ieee80211w
> value?
Thanks for asking that, two answers:
* `ssid->ieee80211w` only gets sent if key management is SAE, so that'd
be redundant. See this code block [0]. So, there's no real need to check
the keymgmt is SAE here, and `required` could be the default value.
Ah yes, that filters out the ieee80211w settings if it's not SAE. Didn't
see it :)
* On the other hand, my concern now is about supporting SAE
transition
mode. Let's *drop* this patchset and I'll send an RFC patch implementing
WPA3-Personal transition mode.
Okay :)
Daniel
409
days inactive
412
days old
3 comments
2 participants
participants (2)
-
Ariel D'Alessandro -
Daniel Wagner