From patchwork Wed Jan 6 14:43:12 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Michael Tremer X-Patchwork-Id: 3793 Return-Path: Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature RSA-PSS (4096 bits)) (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK)) by web04.haj.ipfire.org (Postfix) with ESMTPS id 4D9sYP5d5Cz3wgP for ; Wed, 6 Jan 2021 14:43:21 +0000 (UTC) Received: from mail02.haj.ipfire.org (mail02.haj.ipfire.org [172.28.1.201]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384 client-signature ECDSA (P-384) client-digest SHA384) (Client CN "mail02.haj.ipfire.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mail01.ipfire.org (Postfix) with ESMTPS id 4D9sYN1Wt5z141; Wed, 6 Jan 2021 14:43:20 +0000 (UTC) Received: from mail02.haj.ipfire.org (localhost [127.0.0.1]) by mail02.haj.ipfire.org (Postfix) with ESMTP id 4D9sYN0RhWz2yYg; Wed, 6 Jan 2021 14:43:20 +0000 (UTC) Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature RSA-PSS (4096 bits)) (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK)) by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4D9sYM0q5dz2xfh for ; Wed, 6 Jan 2021 14:43:19 +0000 (UTC) Received: from [127.0.0.1] (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384) (No client certificate requested) by mail01.ipfire.org (Postfix) with ESMTPSA id 4D9sYL35GJzj1; Wed, 6 Jan 2021 14:43:18 +0000 (UTC) DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003ed25519; t=1609944198; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding; bh=oD9YTxt3gLuZYTWkvJQkpzFtiTFDZLFsupd5t9cyuvo=; b=dct6jGwGdMsa6D7b12hCRYJh68xCGH5oqbTjK8VFlOlV67zVNH+kDVBcVj+cbLGpphOu/x WSmG42QPjk4EceCg== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003rsa; t=1609944198; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding; bh=oD9YTxt3gLuZYTWkvJQkpzFtiTFDZLFsupd5t9cyuvo=; b=elUTaLcihc78yOm49e/C+KN0V7CMHc2WPopRVQSdAw4NXp1FeQUOy9HmDHJqk7IfFu1nEw 2nK0+o6AF0TB84bXXtsZYIDncWBw83IuyFXoPyTbAIZOZsbfY0WYAFIvq7CPBqJ/dP16Y5 h7KOvuk6n0DZvaxPdTx3YhZoqQUVraa4VCoznwrbCiU05KTH2/Uq+5VJXr3PqfQnUheveq 8wR88aoi48RbYiGqfTeExUI1YF7P4ggZSLX4EFYt8flpous+0+deEL+sYR7L+E9QE74rQP 5ZmqjsS3+Dc2FYeMa9+ovDH8Cs34A8i87PKNY/xUM6Dc0GJrRFNPxG7wUSOm0g== From: Michael Tremer To: development@lists.ipfire.org Subject: [PATCH 1/3] wireless client: Add support for WPA3 Date: Wed, 6 Jan 2021 14:43:12 +0000 Message-Id: <20210106144314.2732-1-michael.tremer@ipfire.org> MIME-Version: 1.0 X-BeenThere: development@lists.ipfire.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: IPFire development talk List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Michael Tremer Errors-To: development-bounces@lists.ipfire.org Sender: "Development" Signed-off-by: Michael Tremer --- doc/language_issues.de | 1 + doc/language_issues.en | 1 + doc/language_issues.es | 1 + doc/language_issues.fr | 1 + doc/language_issues.it | 1 + doc/language_issues.nl | 1 + doc/language_issues.pl | 1 + doc/language_issues.ru | 1 + doc/language_issues.tr | 1 + doc/language_missings | 8 ++++++++ html/cgi-bin/wirelessclient.cgi | 5 +++-- langs/en/cgi-bin/en.pl | 1 + src/initscripts/system/wlanclient | 15 ++++++++++++++- 13 files changed, 35 insertions(+), 3 deletions(-) diff --git a/doc/language_issues.de b/doc/language_issues.de index 6d22fcea4..5d9cbcebc 100644 --- a/doc/language_issues.de +++ b/doc/language_issues.de @@ -887,6 +887,7 @@ WARNING: untranslated string: show tls-auth key = Show tls-auth key WARNING: untranslated string: smb daemon = SMB Daemon WARNING: untranslated string: user management = User Management WARNING: untranslated string: winbind daemon = Winbind Daemon +WARNING: untranslated string: wlan client encryption wpa3 = WPA3 WARNING: untranslated string: wlanap 802.11w disabled = Disabled WARNING: untranslated string: wlanap 802.11w enforced = Enforced WARNING: untranslated string: wlanap 802.11w optional = Optional diff --git a/doc/language_issues.en b/doc/language_issues.en index b3c46de5e..c1e0ec33f 100644 --- a/doc/language_issues.en +++ b/doc/language_issues.en @@ -2124,6 +2124,7 @@ WARNING: untranslated string: wlan client encryption none = None WARNING: untranslated string: wlan client encryption wep = WEP WARNING: untranslated string: wlan client encryption wpa = WPA WARNING: untranslated string: wlan client encryption wpa2 = WPA2 +WARNING: untranslated string: wlan client encryption wpa3 = WPA3 WARNING: untranslated string: wlan client group cipher = Group cipher WARNING: untranslated string: wlan client group key algorithm = GKA WARNING: untranslated string: wlan client identity = Identity diff --git a/doc/language_issues.es b/doc/language_issues.es index 9f62f03f2..9c41d68be 100644 --- a/doc/language_issues.es +++ b/doc/language_issues.es @@ -1499,6 +1499,7 @@ WARNING: untranslated string: wlan client encryption none = None WARNING: untranslated string: wlan client encryption wep = WEP WARNING: untranslated string: wlan client encryption wpa = WPA WARNING: untranslated string: wlan client encryption wpa2 = WPA2 +WARNING: untranslated string: wlan client encryption wpa3 = WPA3 WARNING: untranslated string: wlan client group cipher = Group cipher WARNING: untranslated string: wlan client group key algorithm = GKA WARNING: untranslated string: wlan client identity = Identity diff --git a/doc/language_issues.fr b/doc/language_issues.fr index 90a745360..aad3667c4 100644 --- a/doc/language_issues.fr +++ b/doc/language_issues.fr @@ -921,3 +921,4 @@ WARNING: untranslated string: tor guard country any = Any country WARNING: untranslated string: tor guard nodes = Guard Nodes WARNING: untranslated string: tor use guard nodes = Use only these guard nodes (one fingerprint per line) WARNING: untranslated string: whois results from = WHOIS results from +WARNING: untranslated string: wlan client encryption wpa3 = WPA3 diff --git a/doc/language_issues.it b/doc/language_issues.it index 62e4f9953..83229dad2 100644 --- a/doc/language_issues.it +++ b/doc/language_issues.it @@ -1191,6 +1191,7 @@ WARNING: untranslated string: wlan client eap authentication method = EAP Authen WARNING: untranslated string: wlan client eap phase2 method = EAP Phase 2 Method WARNING: untranslated string: wlan client eap state = EAP Status WARNING: untranslated string: wlan client encryption eap = EAP +WARNING: untranslated string: wlan client encryption wpa3 = WPA3 WARNING: untranslated string: wlan client identity = Identity WARNING: untranslated string: wlan client method = Method WARNING: untranslated string: wlan client password = Password diff --git a/doc/language_issues.nl b/doc/language_issues.nl index 9a767322e..fc5915883 100644 --- a/doc/language_issues.nl +++ b/doc/language_issues.nl @@ -1232,6 +1232,7 @@ WARNING: untranslated string: wlan client eap authentication method = EAP Authen WARNING: untranslated string: wlan client eap phase2 method = EAP Phase 2 Method WARNING: untranslated string: wlan client eap state = EAP Status WARNING: untranslated string: wlan client encryption eap = EAP +WARNING: untranslated string: wlan client encryption wpa3 = WPA3 WARNING: untranslated string: wlan client identity = Identity WARNING: untranslated string: wlan client method = Method WARNING: untranslated string: wlan client password = Password diff --git a/doc/language_issues.pl b/doc/language_issues.pl index 9f62f03f2..9c41d68be 100644 --- a/doc/language_issues.pl +++ b/doc/language_issues.pl @@ -1499,6 +1499,7 @@ WARNING: untranslated string: wlan client encryption none = None WARNING: untranslated string: wlan client encryption wep = WEP WARNING: untranslated string: wlan client encryption wpa = WPA WARNING: untranslated string: wlan client encryption wpa2 = WPA2 +WARNING: untranslated string: wlan client encryption wpa3 = WPA3 WARNING: untranslated string: wlan client group cipher = Group cipher WARNING: untranslated string: wlan client group key algorithm = GKA WARNING: untranslated string: wlan client identity = Identity diff --git a/doc/language_issues.ru b/doc/language_issues.ru index 5d16e0b18..3ec377f5e 100644 --- a/doc/language_issues.ru +++ b/doc/language_issues.ru @@ -1492,6 +1492,7 @@ WARNING: untranslated string: wlan client encryption none = None WARNING: untranslated string: wlan client encryption wep = WEP WARNING: untranslated string: wlan client encryption wpa = WPA WARNING: untranslated string: wlan client encryption wpa2 = WPA2 +WARNING: untranslated string: wlan client encryption wpa3 = WPA3 WARNING: untranslated string: wlan client group cipher = Group cipher WARNING: untranslated string: wlan client group key algorithm = GKA WARNING: untranslated string: wlan client identity = Identity diff --git a/doc/language_issues.tr b/doc/language_issues.tr index 26530a923..3c6b44a63 100644 --- a/doc/language_issues.tr +++ b/doc/language_issues.tr @@ -1061,6 +1061,7 @@ WARNING: untranslated string: vulnerability = Vulnerability WARNING: untranslated string: vulnerable = Vulnerable WARNING: untranslated string: whois results from = WHOIS results from WARNING: untranslated string: winbind daemon = Winbind Daemon +WARNING: untranslated string: wlan client encryption wpa3 = WPA3 WARNING: untranslated string: wlanap 802.11w disabled = Disabled WARNING: untranslated string: wlanap 802.11w enforced = Enforced WARNING: untranslated string: wlanap 802.11w optional = Optional diff --git a/doc/language_missings b/doc/language_missings index 12e341402..946d7d1fe 100644 --- a/doc/language_missings +++ b/doc/language_missings @@ -64,6 +64,7 @@ < wlanap 802.11w disabled < wlanap 802.11w enforced < wlanap 802.11w optional +< wlan client encryption wpa3 ############################################################################ # Checking cgi-bin translations for language: es # ############################################################################ @@ -917,6 +918,7 @@ < wlan client encryption wep < wlan client encryption wpa < wlan client encryption wpa2 +< wlan client encryption wpa3 < wlan client group cipher < wlan client group key algorithm < wlan client identity @@ -973,6 +975,7 @@ < tor use guard nodes < upload fcdsl.o < whois results from +< wlan client encryption wpa3 ############################################################################ # Checking cgi-bin translations for language: it # ############################################################################ @@ -1332,6 +1335,7 @@ < wlan client eap phase2 method < wlan client eap state < wlan client encryption eap +< wlan client encryption wpa3 < wlan client identity < wlan client method < wlan client password @@ -1767,6 +1771,7 @@ < wlan client eap phase2 method < wlan client eap state < wlan client encryption eap +< wlan client encryption wpa3 < wlan client identity < wlan client method < wlan client password @@ -2625,6 +2630,7 @@ < wlan client encryption wep < wlan client encryption wpa < wlan client encryption wpa2 +< wlan client encryption wpa3 < wlan client group cipher < wlan client group key algorithm < wlan client identity @@ -3506,6 +3512,7 @@ < wlan client encryption wep < wlan client encryption wpa < wlan client encryption wpa2 +< wlan client encryption wpa3 < wlan client group cipher < wlan client group key algorithm < wlan client identity @@ -3714,6 +3721,7 @@ < wlanap neighbor scan < wlanap neighbor scan warning < wlanap ssid +< wlan client encryption wpa3 < working < zoneconf access native < zoneconf access none diff --git a/html/cgi-bin/wirelessclient.cgi b/html/cgi-bin/wirelessclient.cgi index bbb71a984..440a9e887 100644 --- a/html/cgi-bin/wirelessclient.cgi +++ b/html/cgi-bin/wirelessclient.cgi @@ -462,6 +462,7 @@ sub showEditBox() { my %selected = (); $selected{'ENCRYPTION'} = (); $selected{'ENCRYPTION'}{'NONE'} = ''; + $selected{'ENCRYPTION'}{'WPA3'} = ''; $selected{'ENCRYPTION'}{'WPA2'} = ''; $selected{'ENCRYPTION'}{'WPA'} = ''; $selected{'ENCRYPTION'}{'WEP'} = ''; @@ -505,9 +506,10 @@ sub showEditBox() { @@ -839,7 +841,6 @@ sub ValidateInput($) { # Check for invalid key length. } elsif (ValidKeyLength($settings{'ENCRYPTION'}, $settings{'PSK'})) { return "$Lang::tr{'wlan client invalid key length'}"; - } # Reset WPA mode, if WPA(2) is not selected. diff --git a/langs/en/cgi-bin/en.pl b/langs/en/cgi-bin/en.pl index b5284effa..9190eab57 100644 --- a/langs/en/cgi-bin/en.pl +++ b/langs/en/cgi-bin/en.pl @@ -2948,6 +2948,7 @@ 'wlan client encryption wep' => 'WEP', 'wlan client encryption wpa' => 'WPA', 'wlan client encryption wpa2' => 'WPA2', +'wlan client encryption wpa3' => 'WPA3', 'wlan client group cipher' => 'Group cipher', 'wlan client group key algorithm' => 'GKA', 'wlan client identity' => 'Identity', diff --git a/src/initscripts/system/wlanclient b/src/initscripts/system/wlanclient index b32a4cb4a..27a144f72 100644 --- a/src/initscripts/system/wlanclient +++ b/src/initscripts/system/wlanclient @@ -86,6 +86,7 @@ function wpa_supplicant_config_line() { local config=${2} shift 2 + local ieee80211w local anonymous_identity local auth_alg local auth_mode @@ -144,6 +145,11 @@ function wpa_supplicant_config_line() { EAP) key_mgmt="WPA-EAP" ;; + WPA3) + key_mgmt="SAE" + + ieee80211w="2" + ;; WPA2) auth_alg="OPEN" proto="RSN" @@ -209,7 +215,11 @@ function wpa_supplicant_config_line() { echo " key_mgmt=${key_mgmt}" fi if [ -n "${psk}" ]; then - echo " psk=\"${psk}\"" + if [ "${key_mgmt}" = "SAE" ]; then + echo " sae_password=\"${psk}\"" + else + echo " psk=\"${psk}\"" + fi fi if [ -n "${wep_tx_keyidx}" ]; then echo " wep_tx_keyidx=${wep_tx_keyidx}" @@ -227,6 +237,9 @@ function wpa_supplicant_config_line() { if [ -n "${priority}" ]; then echo " priority=${priority}" fi + if [ -n "${ieee80211w}" ]; then + echo " ieee80211w=${ieee80211w}" + fi # EAP if [ "${mode}" = "EAP" ]; then