RDKEMW-15311 : Use key-mgmt as SAE for WPA2-WPA3 Transition mode SSIDs#298
RDKEMW-15311 : Use key-mgmt as SAE for WPA2-WPA3 Transition mode SSIDs#298jincysam87 wants to merge 4 commits intordkcentral:developfrom
Conversation
jincysam87
changed the title
There was a problem hiding this comment.
Pull request overview
This PR updates the GNOME NetworkManager Wi-Fi connection builder to remove explicit configuration of the 802-11-wireless-security key-mgmt security mode when creating connections.
Changes:
- Removed explicit
key-mgmtassignment for WPA-PSK vs WPA3-SAE connections. - Removed creation of the
802-11-wireless-securitysetting (andkey-mgmt=wpa-eap) for EAP connections.
Comments suppressed due to low confidence (1)
plugin/gnome/NetworkManagerGnomeWIFI.cpp:675
- In the WPA_PSK/SAE branch,
NM_SETTING_WIRELESS_SECURITY_KEY_MGMTis no longer set. For WPA3-Personal (SAE) connections, NetworkManager typically requireskey-mgmt="sae"; leaving it unset can cause the connection to be treated as WPA-PSK and fail to associate on SAE-only APs. Please restore settingkey-mgmtbased onssidinfo.security(or document/validate that NM auto-detects SAE here, sinceplugin/gnome/gdbus/NetworkManagerGdbusClient.cppstill sets it explicitly).
NMSettingWirelessSecurity *sSecurity = NULL;
switch(ssidinfo.security)
{
case Exchange::INetworkManager::WIFISecurityMode::WIFI_SECURITY_WPA_PSK:
case Exchange::INetworkManager::WIFISecurityMode::WIFI_SECURITY_SAE:
{
sSecurity = (NMSettingWirelessSecurity *) nm_setting_wireless_security_new();
nm_connection_add_setting(m_connection, NM_SETTING(sSecurity));
/* if ap is not a wps network */
if(!iswpsAP)
{
if(ssidinfo.passphrase.empty() || ssidinfo.passphrase.length() < 8)
{
NMLOG_WARNING("password legth should be >= 8");
return false;
}
g_object_set(G_OBJECT(sSecurity), NM_SETTING_WIRELESS_SECURITY_PSK, ssidinfo.passphrase.c_str(), NULL);
}
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 1 out of 1 changed files in this pull request and generated 1 comment.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| NMSettingWirelessSecurity *sSecurity = NULL; | ||
| switch(ssidinfo.security) | ||
| { | ||
| case Exchange::INetworkManager::WIFISecurityMode::WIFI_SECURITY_WPA_PSK: | ||
| case Exchange::INetworkManager::WIFISecurityMode::WIFI_SECURITY_SAE: | ||
| { | ||
|
|
||
| sSecurity = (NMSettingWirelessSecurity *) nm_setting_wireless_security_new(); | ||
| nm_connection_add_setting(m_connection, NM_SETTING(sSecurity)); | ||
| if(Exchange::INetworkManager::WIFISecurityMode::WIFI_SECURITY_SAE == ssidinfo.security) | ||
| { | ||
| NMLOG_INFO("key-mgmt: %s", "sae"); | ||
| g_object_set(G_OBJECT(sSecurity), NM_SETTING_WIRELESS_SECURITY_KEY_MGMT,"sae", NULL); | ||
| } | ||
| else | ||
| { | ||
| NMLOG_INFO("key-mgmt: %s", "wpa-psk"); | ||
| g_object_set(G_OBJECT(sSecurity), NM_SETTING_WIRELESS_SECURITY_KEY_MGMT,"wpa-psk", NULL); | ||
| } | ||
|
|
There was a problem hiding this comment.
In the WPA-PSK/SAE branch, the code no longer sets 802-11-wireless-security.key-mgmt at all. Given the PR title/intent (“use key-mgmt as SAE for WPA2–WPA3 transition mode SSIDs”), this change doesn’t explicitly select SAE for transition-mode networks (which are currently classified as WIFI_SECURITY_WPA_PSK in nmUtils::wifiSecurityModeFromAp). Please either (a) implement explicit transition-mode detection and set key-mgmt to "sae" for those SSIDs (while keeping "wpa-psk" for pure WPA2), or (b) document/verify that omitting key-mgmt reliably causes NetworkManager to prefer SAE and persist a correct key-mgmt value for later consumers.
Reason for Change: Remove the explicit set of security mode
Test Procedure: Check wifi connect with all security mode
Priority: P1
Risks: Medium
Signed-off-by: jincysaramma_sam@comcast.com