Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

netplan key-management support wpa-psk-sha256 (LP# 2085320) #531

Merged
merged 1 commit into from
Dec 18, 2024
Merged

netplan key-management support wpa-psk-sha256 (LP# 2085320) #531

merged 1 commit into from
Dec 18, 2024

Conversation

seankingyang
Copy link
Contributor

@seankingyang seankingyang commented Dec 13, 2024
edited
Loading

Description

Make the netplan key-management support wpa-psk-sha256.

If the AP only support the WPA-PSK-SHA256 key management, the original netplan code will only add the wpa-psk in wpa_supplicant confg

ubuntu@ubuntu:~/netplan$ sudo cat /run/netplan/wpa-wlp1s0.conf
ctrl_interface=/run/wpa_supplicant

network={
  ssid=P"cert-n-wpa-tel-l4"
  key_mgmt=WPA-PSK
  psk="insecure"
}

And the networkctl status wlp1s0 will alway show configuration

ubuntu@ubuntu:~/netplan$ networkctl status wlp1s0
● 4: wlp1s0
                   Link File: /usr/lib/systemd/network/99-default.link
                Network File: /run/systemd/network/10-netplan-wlp1s0.network
                       State: no-carrier (configuring)
                Online state: offline
                        Type: wlan
                        Path: pci-0000:01:00.0
                      Driver: iwlwifi
                      Vendor: Intel Corporation
                       Model: Wi-Fi 6 AX210/AX211/AX411 160MHz (Wi-Fi 6 AX210 160MHz)
            Hardware Address: c4:bd:e5:5f:13:83 (Intel Corporate)
                         MTU: 1500 (min: 256, max: 2304)
                       QDisc: noqueue
IPv6 Address Generation Mode: eui64
          Wi-Fi access point: (null) (00:00:00:00:00:00)
    Number of Queues (Tx/Rx): 1/1
                     Address: fe80::c6bd:e5ff:fe5f:1383
           Activation Policy: up
         Required For Online: yes

This change is add the psk-sha256 once the use want to connect the ap which only support the wpa-psk-sha256.
The change is like eap and eap-sha256.

Checklist

  • Runs make check successfully.
  • Retains code coverage (make check-coverage).
  • New/changed keys in YAML format are documented.
  • (Optional) Adds example YAML for new feature.
  • (Optional) Closes an open bug in Launchpad. https://pad.lv/2085320 https://pad.lv/2084237

@seankingyang seankingyang marked this pull request as draft December 13, 2024 10:58
@seankingyang seankingyang changed the title netplan key-management support wpa-psk-sha256 netplan key-management support wpa-psk-sha256 (LP# 2085320) Dec 13, 2024
@seankingyang seankingyang force-pushed the add_wpa_psk_sha256 branch 7 times, most recently from 52fd4b1 to 9fc1e78 Compare December 16, 2024 03:47
@seankingyang seankingyang marked this pull request as ready for review December 16, 2024 03:54
daniloegea
daniloegea requested changes Dec 16, 2024
View reviewed changes
Copy link
Collaborator

@daniloegea daniloegea left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hello Isaac,

Thank you so much for your PR, it looks mostly good to me.

I just left a few comments that we should address before merging.

Apart from that, can you also rebase it into a single commit please?
In the first line of the commit message use something like: wifi: add support for wpa-psk-sha256. And add a short description of the change with a link to the Launchpad bug.

Did you test the configuration against a real setup that only supports psk-sha256? I'll also try that later.

Thanks again!

@slyon feel free to also take a look 🌚

abi-compat/noble_1.1.xml Outdated Show resolved Hide resolved
src/abi.h Outdated
@@ -140,6 +140,7 @@ typedef enum {
typedef enum {
NETPLAN_AUTH_KEY_MANAGEMENT_NONE,
NETPLAN_AUTH_KEY_MANAGEMENT_WPA_PSK,
NETPLAN_AUTH_KEY_MANAGEMENT_WPA_PSKSHA256,
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

todo: please move the new option to the end of the enum (before _MAX) to avoid renumbering the other options. It might not cause any harm but the generate binary (sadly) import internal files so we just want to avoid any ABI changes that might break it.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This part made me hard to decide where should I put when I did this PR.
Thanks for your great explanation

src/parse-nm.c
@@ -1019,6 +1019,8 @@ netplan_parser_load_keyfile(NetplanParser* npp, const char* filename, GError** e
*/
if (ap->auth.key_management == NETPLAN_AUTH_KEY_MANAGEMENT_WPA_EAP)
ap->auth.key_management = NETPLAN_AUTH_KEY_MANAGEMENT_WPA_EAPSHA256;
else if (ap->auth.key_management == NETPLAN_AUTH_KEY_MANAGEMENT_WPA_PSK)
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nitpick: the comment above needs to be updated now. Maybe just append this to the comment: The same logic is used for WPA-PSK.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Agree!! It will be clearer for other when reading this part~

@seankingyang
Copy link
Contributor Author

seankingyang commented Dec 16, 2024
edited
Loading

Hello @daniloegea, thanks for your quickly response and give the great feedback!
The following was I test on a really machine and connect the ap only support the wpa-psk-sha256.
I directly clone my branch and build netplan to replace the original netplan on it.

Using this machine https://certification.canonical.com/hardware/202407-34231/ to connect the cert-wpa-tel-l4 which is only support the wpa-psk-sha256

  1. key-management: psk
ubuntu@ubuntu:~/netplan$ cat /etc/netplan/99-test.yaml
network:
  version: 2
  wifis:
    wlp1s0:
      access-points:
        cert-n-wpa-tel-l4:
          auth:
            key-management: psk
            password: insecure
      dhcp4: true
      nameservers: {}
ubuntu@ubuntu:~/netplan$ sudo cat /run/netplan/wpa-wlp1s0.conf
ctrl_interface=/run/wpa_supplicant

network={
  ssid=P"cert-n-wpa-tel-l4"
  key_mgmt=WPA-PSK
  psk="insecure"
}
ubuntu@ubuntu:~/netplan$ networkctl status wlp1s0
● 4: wlp1s0
                   Link File: /usr/lib/systemd/network/99-default.link
                Network File: /run/systemd/network/10-netplan-wlp1s0.network
                       State: no-carrier (configuring)
                Online state: offline
                        Type: wlan
                        Path: pci-0000:01:00.0
                      Driver: iwlwifi
                      Vendor: Intel Corporation
                       Model: Wi-Fi 6 AX210/AX211/AX411 160MHz (Wi-Fi 6 AX210 160MHz)
            Hardware Address: c4:bd:e5:5f:13:83 (Intel Corporate)
                         MTU: 1500 (min: 256, max: 2304)
                       QDisc: noqueue
IPv6 Address Generation Mode: eui64
          Wi-Fi access point: (null) (00:00:00:00:00:00)
    Number of Queues (Tx/Rx): 1/1
                     Address: fe80::c6bd:e5ff:fe5f:1383
           Activation Policy: up
         Required For Online: yes

Dec 16 13:01:36 ubuntu systemd-networkd[629]: wlp1s0: DHCPv6 lease lost
Dec 16 13:01:43 ubuntu systemd-networkd[629]: wlp1s0: Connected WiFi access point: cert-n-wpa-tel-l4 (7c:10:c9:69:6d:60)
Dec 16 13:01:44 ubuntu systemd-networkd[629]: wlp1s0: Gained carrier
Dec 16 13:01:44 ubuntu systemd-networkd[629]: wlp1s0: DHCPv4 address 192.168.50.231/24, gateway 192.168.50.1 acquired from 192.168.50.1
Dec 16 13:14:58 ubuntu systemd-networkd[629]: wlp1s0: Lost carrier
Dec 16 13:14:58 ubuntu systemd-networkd[629]: wlp1s0: DHCP lease lost
Dec 16 13:14:58 ubuntu systemd-networkd[629]: wlp1s0: DHCPv6 lease lost
Dec 16 13:14:58 ubuntu systemd-networkd[629]: wlp1s0: Reconfiguring with /run/systemd/network/10-netplan-wlp1s0.network.
Dec 16 13:14:58 ubuntu systemd-networkd[629]: wlp1s0: DHCPv6 lease lost
Dec 16 13:14:58 ubuntu systemd-networkd[629]: wlp1s0: Configuring with /run/systemd/network/10-netplan-wlp1s0.network.
  1. key-management: psk-sha256
ubuntu@ubuntu:~/netplan$ cat /etc/netplan/99-test.yaml
network:
  version: 2
  wifis:
    wlp1s0:
      access-points:
        cert-n-wpa-tel-l4:
          auth:
            key-management: psk-sha256
            password: insecure
      dhcp4: true
      nameservers: {}
ubuntu@ubuntu:~/netplan$ sudo cat /run/netplan/wpa-wlp1s0.conf
ctrl_interface=/run/wpa_supplicant

network={
  ssid=P"cert-n-wpa-tel-l4"
  key_mgmt=WPA-PSK WPA-PSK-SHA256
  ieee80211w=1
  psk="insecure"
}
ubuntu@ubuntu:~/netplan$ networkctl status wlp1s0
● 4: wlp1s0
                   Link File: /usr/lib/systemd/network/99-default.link
                Network File: /run/systemd/network/10-netplan-wlp1s0.network
                       State: routable (configured)
                Online state: online
                        Type: wlan
                        Path: pci-0000:01:00.0
                      Driver: iwlwifi
                      Vendor: Intel Corporation
                       Model: Wi-Fi 6 AX210/AX211/AX411 160MHz (Wi-Fi 6 AX210 160MHz)
            Hardware Address: c4:bd:e5:5f:13:83 (Intel Corporate)
                         MTU: 1500 (min: 256, max: 2304)
                       QDisc: noqueue
IPv6 Address Generation Mode: eui64
          Wi-Fi access point: cert-n-wpa-tel-l4 (7c:10:c9:69:6d:60)
    Number of Queues (Tx/Rx): 1/1
                     Address: 192.168.50.231 (DHCP4 via 192.168.50.1)
                              fe80::c6bd:e5ff:fe5f:1383
                     Gateway: 192.168.50.1
                         DNS: 192.168.50.1
           Activation Policy: up
         Required For Online: yes
             DHCP4 Client ID: IAID:0xff4d6f5/DUID
           DHCP6 Client DUID: DUID-EN/Vendor:0000ab11dfb47e7f241d70e6
                Connected To: GT-AXE11000 on port 7c:10:c9:69:6d:60 (eth6)

Dec 16 13:14:58 ubuntu systemd-networkd[629]: wlp1s0: DHCP lease lost
Dec 16 13:14:58 ubuntu systemd-networkd[629]: wlp1s0: DHCPv6 lease lost
Dec 16 13:14:58 ubuntu systemd-networkd[629]: wlp1s0: Reconfiguring with /run/systemd/network/10-netplan-wlp1s0.network.
Dec 16 13:14:58 ubuntu systemd-networkd[629]: wlp1s0: DHCPv6 lease lost
Dec 16 13:14:58 ubuntu systemd-networkd[629]: wlp1s0: Configuring with /run/systemd/network/10-netplan-wlp1s0.network.
Dec 16 13:19:22 ubuntu systemd-networkd[629]: wlp1s0: Reconfiguring with /run/systemd/network/10-netplan-wlp1s0.network.
Dec 16 13:19:22 ubuntu systemd-networkd[629]: wlp1s0: Configuring with /run/systemd/network/10-netplan-wlp1s0.network.
Dec 16 13:19:24 ubuntu systemd-networkd[629]: wlp1s0: Connected WiFi access point: cert-n-wpa-tel-l4 (7c:10:c9:69:6d:60)
Dec 16 13:19:24 ubuntu systemd-networkd[629]: wlp1s0: Gained carrier
Dec 16 13:19:24 ubuntu systemd-networkd[629]: wlp1s0: DHCPv4 address 192.168.50.231/24, gateway 192.168.50.1 acquired from 192.168.50.1

daniloegea
daniloegea approved these changes Dec 18, 2024
View reviewed changes
Copy link
Collaborator

@daniloegea daniloegea left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you! lgtm!

I tested it with the following hostapd.conf:

hw_mode=g
channel=1
ssid=fake net
wpa=2
wpa_key_mgmt=WPA-PSK-SHA256
wpa_pairwise=CCMP
ieee80211w=2
wpa_passphrase=12345678

It will connect only when using psk-sha256. I'll prepare an autopkgtest for it later.

@daniloegea daniloegea merged commit a03d614 into canonical:main Dec 18, 2024
31 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@daniloegea daniloegea daniloegea approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@seankingyang @daniloegea