RDKEMW-14284 : Connect with sae for WPA2/WPA3#287
RDKEMW-14284 : Connect with sae for WPA2/WPA3#287jincysam87 wants to merge 15 commits intordkcentral:developfrom
Conversation
RDK-58636: Pass private key password to wpa-supplicant (rdkcentral#202)
There was a problem hiding this comment.
Pull request overview
Updates the GNOME NetworkManager (libnm) security-mode detection so WPA2/WPA3 transition networks are treated as SAE, aligning connection attempts with WPA3-Personal where available.
Changes:
- Map WPA2/WPA3 Transition (PSK+SAE RSN flags) to
WIFI_SECURITY_SAEinstead ofWIFI_SECURITY_WPA_PSK.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
You can also share your feedback on Copilot code review. Take the survey.
| else if((rsnFlags & NM_802_11_AP_SEC_KEY_MGMT_PSK) && (rsnFlags & NM_802_11_AP_SEC_KEY_MGMT_SAE)) // WPA2/WPA3 Transition | ||
| security = Exchange::INetworkManager::WIFISecurityMode::WIFI_SECURITY_WPA_PSK; | ||
| security = Exchange::INetworkManager::WIFISecurityMode::WIFI_SECURITY_SAE; | ||
| else if (rsnFlags & NM_802_11_AP_SEC_KEY_MGMT_SAE) // Pure WPA3 (SAE only): WPA3-Personal |
There was a problem hiding this comment.
This changes WPA2/WPA3 Transition classification to WIFI_SECURITY_SAE in the libnm path, but the gdbus implementation (plugin/gnome/gdbus/NetworkManagerGdbusUtils.cpp, wifiSecurityModeFromApFlags) still maps the same transition flags to WIFI_SECURITY_WPA_PSK. Since the build can target either gdbus or libnm, this will lead to different scan results and connection key-mgmt selection depending on build flags; update the gdbus mapping (or centralize this logic) to keep behavior consistent.
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 2 out of 2 changed files in this pull request and generated 1 comment.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
You can also share your feedback on Copilot code review. Take the survey.
| @@ -684,6 +683,7 @@ namespace WPEFramework | |||
| g_object_set(G_OBJECT(sSecurity), NM_SETTING_WIRELESS_SECURITY_PSK, ssidinfo.passphrase.c_str(), NULL); | |||
| } | |||
| break; | |||
| nm_connection_add_setting(m_connection, NM_SETTING(sSecurity)); | |||
| } | |||
There was a problem hiding this comment.
nm_connection_add_setting(m_connection, NM_SETTING(sSecurity)); is placed after break;, so it is unreachable and the wireless-security setting is never added for WPA-PSK/SAE connections. This will result in connections being created without any security config (and also leaks sSecurity). Move the nm_connection_add_setting call to execute before the break (after the g_object_set calls).
Reason for change: Connect with sae for WPA2/WPA3
Test Procedure: Check whether wifi is connected via sae
Risks: Medium