Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

WPA3 support (LP: #2023238) #369

Merged
merged 4 commits into from Jun 19, 2023
Merged

WPA3 support (LP: #2023238) #369

merged 4 commits into from Jun 19, 2023

Conversation

daniloegea
Copy link
Collaborator

@daniloegea daniloegea commented Jun 16, 2023
edited by slyon

Related to https://bugs.launchpad.net/netplan/+bug/2023238

Description

The following wpa_supplicant configuration is required to connect to a WPA3 network:

network={
	ssid="WPA3-Network"
	psk="abcdefgh"
	key_mgmt=SAE
	ieee80211w=2
}

From the wpa_supplicant.conf manual:

# SAE = Simultaneous authentication of equals; pre-shared key/password -based
#	authentication with stronger security than WPA-PSK especially when using
#	not that strong password; a.k.a. WPA3-Personal
...
...
# ieee80211w: whether management frame protection is enabled
# 0 = disabled (default unless changed with the global pmf parameter)
# 1 = optional
# 2 = required
# The most common configuration options for this based on the PMF (protected
# management frames) certification program are:
# PMF enabled: ieee80211w=1 and key_mgmt=WPA-EAP WPA-EAP-SHA256
# PMF required: ieee80211w=2 and key_mgmt=WPA-EAP-SHA256
# (and similarly for WPA-PSK and WPA-PSK-SHA256 if WPA2-Personal is used)
# WPA3-Personal-only mode: ieee80211w=2 and key_mgmt=SAE

It was tested with a WPA3 only network configured with hostapd using both renderers.

The integration with Network Manager (netplan everywhere) was also tested.

Checklist

  • Runs make check successfully.
  • Retains 100% code coverage (make check-coverage).
  • New/changed keys in YAML format are documented.
  • (Optional) Adds example YAML for new feature.
  • (Optional) Closes an open bug in Launchpad.

@daniloegea daniloegea changed the title WPA3 support WPA3 support (LP: #2023238) Jun 19, 2023
slyon
slyon approved these changes Jun 19, 2023
View reviewed changes
Copy link
Collaborator

@slyon slyon left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks, LGTM!

I left one little inline comment, which we might want to resolve before merging.

src/abi.h Outdated Show resolved Hide resolved
@daniloegea
parser: add support for WPA3-Personal
1d312a1 
WPA3 requires setting the key-management to SAE (Simultaneous
Authentication of Equals) and enabling ieee80211w (Management
Frame Protection)
@daniloegea
examples: add an example for WPA3
30efc63
@daniloegea
docs: add SAE (WPA3) to the key-management list
3a1ec88
@daniloegea
tests: fix run_asan.sh for new types of interfaces
8a87f68 
When we introduce a new key, the system's installed netplan will fail to
parse a new examples file. So let's just build netplan again in a new
directory without address sanitizer.
@slyon slyon merged commit 012ce6a into canonical:main Jun 19, 2023
10 checks passed
@slyon
Copy link
Collaborator

slyon commented Aug 23, 2023

FTR: See #402 for WPA3 Enterprise

@pieqq pieqq mentioned this pull request Nov 6, 2023
Open
@fernando79513 fernando79513 mentioned this pull request May 9, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@slyon slyon slyon approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
2 participants
@daniloegea @slyon