From patchwork Mon May 12 08:52:23 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Michael Nazzareno Trimarchi X-Patchwork-Id: 3973 Return-Path: X-Original-To: linux-amarula@patchwork.amarulasolutions.com Delivered-To: linux-amarula@patchwork.amarulasolutions.com Received: from mail-wm1-f72.google.com (mail-wm1-f72.google.com [209.85.128.72]) by ganimede.amarulasolutions.com (Postfix) with ESMTPS id 718BD3F142 for ; Mon, 12 May 2025 10:52:34 +0200 (CEST) Received: by mail-wm1-f72.google.com with SMTP id 5b1f17b1804b1-43cf172ff63sf18042475e9.3 for ; Mon, 12 May 2025 01:52:34 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1747039954; cv=pass; d=google.com; s=arc-20240605; b=ZLQq7/BLmGoR/b3C59oguuTXu6Lv/Et+JEeJv4S5OypbZccgqNT3kvObzgn8W8Ur3c 8bHcRp3SF7EeQRQMaWdW1orLytJF3IIyJkQ95mAtxIun24wuYAYF0hgre4mbt8HLG2uF EBt6NWh6hM5qbyKyIKEZKJ1Z3H2eijEtOEFinz90NlofxD4dY0NHEh6B2j79vZPT9oBp 9VjlIOfNGudsjoHlBdZSljBjEasQARnlH+AET2ux5YAHrnrtSJT+VNE0Do7o8jT/MgDQ 9sPKDUMmAdEcDRKcm7HZaG/G/D8Vxt/RZapGwyAaxUEmna9gBOVfu6V6Az4GY7eLAi1n hR2g== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=list-unsubscribe:list-archive:list-help:list-post:list-id :mailing-list:precedence:mime-version:message-id:date:subject:cc:to :from:dkim-signature; bh=tDWZuSnnR2O6bv1KgTqY1mmm0fUOfXoNLuuJ3Tcb+oY=; fh=xcNa2zcDUkhjBDK+uhBduzZIzAZt6WcavgOjlw6qwaY=; b=b4+YMhm9aoLq0u8Trc8MJjRKVLPpqIOpLuzU+1FglT8PwYls7ZItnImM1ogr5FZVGA c9osSMegpIsBKou6U1s2PiMhwiRC/ghpsvh6dDy/kjYKXVXDcWKUdWNG1YdPH6BG2ZYJ NMeL6Z9x8/e4e3JjIM7S1kwDPQNJswLOkIyG9o7T0+2Ni8YjM22Pe76tgpqLZedIR3e6 ku6cSP3oNvFltjph78ts+Mz98oJh/ELr9sQvu+Kca7WgNzsMLdrR0V6jdvHVo4kjngxZ c+3gftqy/cL66lGitD+zUruPBj28p5c+ccVZxoYd2ltut4UId57EqI2MmnD0PbGEMeNf LkfQ==; darn=patchwork.amarulasolutions.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@amarulasolutions.com header.s=google header.b=QVezMLGB; spf=pass (google.com: domain of michael@amarulasolutions.com designates 209.85.220.41 as permitted sender) smtp.mailfrom=michael@amarulasolutions.com; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=amarulasolutions.com; dara=pass header.i=@amarulasolutions.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amarulasolutions.com; s=google; t=1747039954; x=1747644754; darn=patchwork.amarulasolutions.com; h=list-unsubscribe:list-archive:list-help:list-post:list-id :mailing-list:precedence:x-original-authentication-results :x-original-sender:mime-version:message-id:date:subject:cc:to:from :from:to:cc:subject:date:message-id:reply-to; bh=tDWZuSnnR2O6bv1KgTqY1mmm0fUOfXoNLuuJ3Tcb+oY=; b=VqwKS+adC07NNCQHZmKSuL/JrRU0V5y/iYb2yHfGAdlF5qV00+3x4Se/n/1K3zdpqt thfEZV2lzy55ZJyk3SRdH4o/ho4eEwtFU+lZ0oIUdjSrvnxY9n3X7iat8FXCYhfW3TEw GCRPIKFR2sJO4wPGE81r1j9xY6F4XsJFZ5HGk= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1747039954; x=1747644754; h=list-unsubscribe:list-archive:list-help:list-post :x-spam-checked-in-group:list-id:mailing-list:precedence :x-original-authentication-results:x-original-sender:mime-version :message-id:date:subject:cc:to:from:x-beenthere:x-gm-message-state :from:to:cc:subject:date:message-id:reply-to; bh=tDWZuSnnR2O6bv1KgTqY1mmm0fUOfXoNLuuJ3Tcb+oY=; b=bzqbmZlKAnzig+54abrmt9mnC3Xr5ghkGJU1M0WYZxjwBZzElrmKxvIHt+ff5td10R BFfHtimYI4NQ2au0gwpCokxNmdzGG1Un5EBhFkWXzOZUBt+siPqBoi/sfriyaRy9ZVWj G9BkRU1KMV8x5OnTPCLPPGTarX5sDv2ow0S+zXu36I1AEUCg9hkTXmqneJVZHTO4eq5M VT/5lUVBPaH6VeZ4PKWrQbfE3F+bp4JbHf1Re63aJTqTH38lnUZ08EOl90Xv46WBP3n7 NnUaawUF/f4+/h6Jtr8jdvhuxr3PiUa9aQMs1iJOes4syP8S7TzkU9RmsAHyaDbObZix a7rw== X-Forwarded-Encrypted: i=2; AJvYcCWiW2lg6j103CFVEuwpLL8tkeSp9THRGYUnK4rc7RqulSnycDGgwJInvQ5oKRifqtnbRCWcBJfJGtYHfS2k@patchwork.amarulasolutions.com X-Gm-Message-State: AOJu0YzJu845vzh3qsbK7TFLKLmcruw+YzfujRJe1fD+HNy/mtorFIlK d4XObKIS0Ic1QSpt5f25mvZriVD2OFwkjgXmfBDaJoIg4WCaBKw8gv3So9VDXrvhKw== X-Google-Smtp-Source: AGHT+IEN6wEi/J+7HAA3hXBXn9RP3r5y7rSgcK/MFKk7E9b7G38/BzwZeLeVKvnk/RjG9YI1Tr7E2A== X-Received: by 2002:a05:600c:3b90:b0:43c:f81d:34 with SMTP id 5b1f17b1804b1-442d6d3e6f3mr87945435e9.9.1747039953712; Mon, 12 May 2025 01:52:33 -0700 (PDT) X-BeenThere: linux-amarula@amarulasolutions.com; h=AVT/gBFc6nuKz3GLICUV+mcWn1F8H6TKNt2jcBnQF6zmxpAymA== Received: by 2002:a05:600c:1d0d:b0:43d:40b0:33 with SMTP id 5b1f17b1804b1-442d029434bls15143075e9.0.-pod-prod-01-eu; Mon, 12 May 2025 01:52:31 -0700 (PDT) X-Forwarded-Encrypted: i=2; AJvYcCXo8JBRYoNBD1wUxK/bK9OCcLsm3w7ZduK5tuCkSIbcDKT9L3xp0KKIxym3Eyuefv9IbLFznI/H1LwvNYqW@amarulasolutions.com X-Received: by 2002:a05:6000:3105:b0:3a1:fc08:c110 with SMTP id ffacd0b85a97d-3a1fc08c46emr6791317f8f.42.1747039950996; Mon, 12 May 2025 01:52:30 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1747039950; cv=none; d=google.com; s=arc-20240605; b=BDGMBnFVDSNpTZ6g35F53zByhcvIIr1YLOGOThFF48h1Ui9vbJArNKGdFbaca+7q6A keb/4y8fILE7jJIHg19SXFLGaIgsNP2kqWPLByV0b0oTwCqY9ATKoEPDEfB1ouG36ZKw 7Tmj7e4HbamzmlRD7YU32ARau8FtUY3Ei3NUoON7rfixDV0BKvgZVNpIWRxX9ZrZ9Ddy IcO+fjuhUHScMY68KwzBePffpV230ZB4IrR3nmI7PGdH9m3Oa8xU2hnoNJIFbHg7LWZX Lw3gXcPZeFT3zjbuTlMGkUmfSpBorEZuBsepfP3k4vlo4U1+LkxzYD8dAM7Q/4uDtyWP NVVg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:dkim-signature; bh=HCHuii/5P9vkIno5BOmBYrrXv2T45rLinxAOuKOdNko=; fh=FD9ExhRtaU+eJP776IDgzmV3iOA4EaLeOKy3n0lKHgY=; b=jKJLLhjcZ8TklOfg9icqiUgha/ehN+p1+y7m9Nyg+tkWcjxmhQoPjJ3c1gDytS55UW 32nGMgaYanXXcKAlCHekjXUp67yI6HET21LEnMRmwopVToDBbBFsHL8srYJ0HgrzUEUp g8JSDvp7gPxIgGzVF6vyQ7XsH+aZkJB9Fdn3og8f1sV4Rk3fJ7MPEGdqJA+nhTKZslv1 yMSHvSDGqejiBP2K1b44d1dQK6+NE13krLnn6n+xq6P6n+tjI7psdswWodPwXee9i9Xu mEIW3Un+ZdkyIGvRd18ya9qxXBe/PMPqWeAVXIvnn1s8PJL23MfOvb4Sf76zqRP8iKZa +v7w==; dara=google.com ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@amarulasolutions.com header.s=google header.b=QVezMLGB; spf=pass (google.com: domain of michael@amarulasolutions.com designates 209.85.220.41 as permitted sender) smtp.mailfrom=michael@amarulasolutions.com; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=amarulasolutions.com; dara=pass header.i=@amarulasolutions.com Received: from mail-sor-f41.google.com (mail-sor-f41.google.com. [209.85.220.41]) by mx.google.com with SMTPS id ffacd0b85a97d-3a207cc1d8dsor560296f8f.2.2025.05.12.01.52.30 for (Google Transport Security); Mon, 12 May 2025 01:52:30 -0700 (PDT) Received-SPF: pass (google.com: domain of michael@amarulasolutions.com designates 209.85.220.41 as permitted sender) client-ip=209.85.220.41; X-Forwarded-Encrypted: i=1; AJvYcCVrJVWMBpXZqRjs6xiWaYbcwIWcKBYPky8VZKNM8qoHo/7DGKwD/n2Z2aJ8aD6wdWjraizT1DyGoTRfu+Fj@amarulasolutions.com X-Gm-Gg: ASbGncsm+IybHW5R0ybl5hBOZMJf5C6f1vTxgdwZ6pCc5KibMo721R5PI1Q32YHSMuv EwC3drXvR0Gc8Qspl/BGqThs/b10nMxLejntH1cQQh61aE68jb1NQNq9vRvVE4fUPMd6xa2jFyB iHKZZfIRZ2MwnZCeTGRK0RN68VAR61IbFPBGxXpT0DBkazDBfai+5KqJF5V/JzIAQZDrCWwXxV9 syCpTevDlKef1r9fQFomkgIxIS+mt5GS60UItBDkBZgQ3iWCrNh8UYniP4vZkC4KgXo7s3vQDtJ BDTRG3U0BMwdnE2qFkH2+YK8uuPVyFDefDpw7lJshGm4Rp1Psa+1x34iI2uj93rJrnA17P8Kmon /mQtXFj1d3I02/o4fBPvSPdVRhA== X-Received: by 2002:a05:6000:40dc:b0:3a0:6ae3:a1a with SMTP id ffacd0b85a97d-3a1f6446d0amr8601845f8f.23.1747039950617; Mon, 12 May 2025 01:52:30 -0700 (PDT) Received: from panicking.fritz.box (p5b26784b.dip0.t-ipconnect.de. [91.38.120.75]) by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-3a1f5a2ca47sm11752878f8f.73.2025.05.12.01.52.29 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 12 May 2025 01:52:29 -0700 (PDT) From: Michael Trimarchi To: connman@lists.linux.dev Cc: denkenz@gmail.com, linux-amarula@amarulasolutions.com, "Dembianny, Sven (GDE-EDSD5)" Subject: [PATCH] gsupplicant: MFP optional for WPA2-Personal Date: Mon, 12 May 2025 10:52:23 +0200 Message-ID: <20250512085223.411606-1-michael@amarulasolutions.com> X-Mailer: git-send-email 2.43.0 MIME-Version: 1.0 X-Original-Sender: michael@amarulasolutions.com X-Original-Authentication-Results: mx.google.com; dkim=pass header.i=@amarulasolutions.com header.s=google header.b=QVezMLGB; spf=pass (google.com: domain of michael@amarulasolutions.com designates 209.85.220.41 as permitted sender) smtp.mailfrom=michael@amarulasolutions.com; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=amarulasolutions.com; dara=pass header.i=@amarulasolutions.com Content-Type: text/plain; charset="UTF-8" Precedence: list Mailing-list: list linux-amarula@amarulasolutions.com; contact linux-amarula+owners@amarulasolutions.com List-ID: X-Spam-Checked-In-Group: linux-amarula@amarulasolutions.com X-Google-Group-Id: 476853432473 List-Post: , List-Help: , List-Archive: List-Unsubscribe: , From: "Dembianny, Sven (GDE-EDSD5)" Previous MFP support was restricted to WPA3, however it is also possible to set MFP to mandatory on APs with WPA2. wpa_supplicant config: * WPA2-Personal: key_mgmt="WPA-PSK-SHA256" ; iee80211w=1 It is important that the default value of MFPC bit is 1 on the final-commercial version of the device. It is a mandatory WFA requirement. --- gsupplicant/supplicant.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/gsupplicant/supplicant.c b/gsupplicant/supplicant.c index f3be9e7b..2ebfa2c6 100644 --- a/gsupplicant/supplicant.c +++ b/gsupplicant/supplicant.c @@ -4955,6 +4955,7 @@ static void add_network_security(DBusMessageIter *dict, GSupplicantSSID *ssid) add_network_security_ciphers(dict, ssid); break; case G_SUPPLICANT_SECURITY_PSK: + ieee80211w = G_SUPPLICANT_MFP_OPTIONAL; if (ssid->keymgmt & G_SUPPLICANT_KEYMGMT_SAE) { if (ssid->keymgmt & G_SUPPLICANT_KEYMGMT_WPA_PSK) { /* @@ -4962,15 +4963,16 @@ static void add_network_security(DBusMessageIter *dict, GSupplicantSSID *ssid) * WPA2-Personal (PSK) and WPA3-Personal (SAE) */ key_mgmt = "SAE WPA-PSK"; - ieee80211w = G_SUPPLICANT_MFP_OPTIONAL; } else { key_mgmt = "SAE"; ieee80211w = G_SUPPLICANT_MFP_REQUIRED; } - add_network_ieee80211w(dict, ssid, ieee80211w); + } else if (ssid->keymgmt & G_SUPPLICANT_KEYMGMT_WPA_PSK_256) { + key_mgmt = "WPA-PSK-SHA256"; } else { key_mgmt = "WPA-PSK"; } + add_network_ieee80211w(dict, ssid, ieee80211w); add_network_security_psk(dict, ssid); add_network_security_ciphers(dict, ssid); add_network_security_proto(dict, ssid);