New subject: [PATCH 2/3] wireless client: Try using SHA256 over SHA1 when possible

6 Jan 2021

Signed-off-by: Michael Tremer michael.tremer@ipfire.org
---
 doc/language_issues.de            |  1 +
 doc/language_issues.en            |  1 +
 doc/language_issues.es            |  1 +
 doc/language_issues.fr            |  1 +
 doc/language_issues.it            |  1 +
 doc/language_issues.nl            |  1 +
 doc/language_issues.pl            |  1 +
 doc/language_issues.ru            |  1 +
 doc/language_issues.tr            |  1 +
 doc/language_missings             |  8 ++++++++
 html/cgi-bin/wirelessclient.cgi   |  5 +++--
 langs/en/cgi-bin/en.pl            |  1 +
 src/initscripts/system/wlanclient | 15 ++++++++++++++-
 13 files changed, 35 insertions(+), 3 deletions(-)

diff --git a/doc/language_issues.de b/doc/language_issues.de
index 6d22fcea4..5d9cbcebc 100644
--- a/doc/language_issues.de
+++ b/doc/language_issues.de
@@ -887,6 +887,7 @@ WARNING: untranslated string: show tls-auth key = Show tls-auth key
 WARNING: untranslated string: smb daemon = SMB Daemon
 WARNING: untranslated string: user management = User Management
 WARNING: untranslated string: winbind daemon = Winbind Daemon
+WARNING: untranslated string: wlan client encryption wpa3 = WPA3
 WARNING: untranslated string: wlanap 802.11w disabled = Disabled
 WARNING: untranslated string: wlanap 802.11w enforced = Enforced
 WARNING: untranslated string: wlanap 802.11w optional = Optional
diff --git a/doc/language_issues.en b/doc/language_issues.en
index b3c46de5e..c1e0ec33f 100644
--- a/doc/language_issues.en
+++ b/doc/language_issues.en
@@ -2124,6 +2124,7 @@ WARNING: untranslated string: wlan client encryption none = None
 WARNING: untranslated string: wlan client encryption wep = WEP
 WARNING: untranslated string: wlan client encryption wpa = WPA
 WARNING: untranslated string: wlan client encryption wpa2 = WPA2
+WARNING: untranslated string: wlan client encryption wpa3 = WPA3
 WARNING: untranslated string: wlan client group cipher = Group cipher
 WARNING: untranslated string: wlan client group key algorithm = GKA
 WARNING: untranslated string: wlan client identity = Identity
diff --git a/doc/language_issues.es b/doc/language_issues.es
index 9f62f03f2..9c41d68be 100644
--- a/doc/language_issues.es
+++ b/doc/language_issues.es
@@ -1499,6 +1499,7 @@ WARNING: untranslated string: wlan client encryption none = None
 WARNING: untranslated string: wlan client encryption wep = WEP
 WARNING: untranslated string: wlan client encryption wpa = WPA
 WARNING: untranslated string: wlan client encryption wpa2 = WPA2
+WARNING: untranslated string: wlan client encryption wpa3 = WPA3
 WARNING: untranslated string: wlan client group cipher = Group cipher
 WARNING: untranslated string: wlan client group key algorithm = GKA
 WARNING: untranslated string: wlan client identity = Identity
diff --git a/doc/language_issues.fr b/doc/language_issues.fr
index 90a745360..aad3667c4 100644
--- a/doc/language_issues.fr
+++ b/doc/language_issues.fr
@@ -921,3 +921,4 @@ WARNING: untranslated string: tor guard country any = Any country
 WARNING: untranslated string: tor guard nodes = Guard Nodes
 WARNING: untranslated string: tor use guard nodes = Use only these guard nodes (one fingerprint per line)
 WARNING: untranslated string: whois results from = WHOIS results from
+WARNING: untranslated string: wlan client encryption wpa3 = WPA3
diff --git a/doc/language_issues.it b/doc/language_issues.it
index 62e4f9953..83229dad2 100644
--- a/doc/language_issues.it
+++ b/doc/language_issues.it
@@ -1191,6 +1191,7 @@ WARNING: untranslated string: wlan client eap authentication method = EAP Authen
 WARNING: untranslated string: wlan client eap phase2 method = EAP Phase 2 Method
 WARNING: untranslated string: wlan client eap state = EAP Status
 WARNING: untranslated string: wlan client encryption eap = EAP
+WARNING: untranslated string: wlan client encryption wpa3 = WPA3
 WARNING: untranslated string: wlan client identity = Identity
 WARNING: untranslated string: wlan client method = Method
 WARNING: untranslated string: wlan client password = Password
diff --git a/doc/language_issues.nl b/doc/language_issues.nl
index 9a767322e..fc5915883 100644
--- a/doc/language_issues.nl
+++ b/doc/language_issues.nl
@@ -1232,6 +1232,7 @@ WARNING: untranslated string: wlan client eap authentication method = EAP Authen
 WARNING: untranslated string: wlan client eap phase2 method = EAP Phase 2 Method
 WARNING: untranslated string: wlan client eap state = EAP Status
 WARNING: untranslated string: wlan client encryption eap = EAP
+WARNING: untranslated string: wlan client encryption wpa3 = WPA3
 WARNING: untranslated string: wlan client identity = Identity
 WARNING: untranslated string: wlan client method = Method
 WARNING: untranslated string: wlan client password = Password
diff --git a/doc/language_issues.pl b/doc/language_issues.pl
index 9f62f03f2..9c41d68be 100644
--- a/doc/language_issues.pl
+++ b/doc/language_issues.pl
@@ -1499,6 +1499,7 @@ WARNING: untranslated string: wlan client encryption none = None
 WARNING: untranslated string: wlan client encryption wep = WEP
 WARNING: untranslated string: wlan client encryption wpa = WPA
 WARNING: untranslated string: wlan client encryption wpa2 = WPA2
+WARNING: untranslated string: wlan client encryption wpa3 = WPA3
 WARNING: untranslated string: wlan client group cipher = Group cipher
 WARNING: untranslated string: wlan client group key algorithm = GKA
 WARNING: untranslated string: wlan client identity = Identity
diff --git a/doc/language_issues.ru b/doc/language_issues.ru
index 5d16e0b18..3ec377f5e 100644
--- a/doc/language_issues.ru
+++ b/doc/language_issues.ru
@@ -1492,6 +1492,7 @@ WARNING: untranslated string: wlan client encryption none = None
 WARNING: untranslated string: wlan client encryption wep = WEP
 WARNING: untranslated string: wlan client encryption wpa = WPA
 WARNING: untranslated string: wlan client encryption wpa2 = WPA2
+WARNING: untranslated string: wlan client encryption wpa3 = WPA3
 WARNING: untranslated string: wlan client group cipher = Group cipher
 WARNING: untranslated string: wlan client group key algorithm = GKA
 WARNING: untranslated string: wlan client identity = Identity
diff --git a/doc/language_issues.tr b/doc/language_issues.tr
index 26530a923..3c6b44a63 100644
--- a/doc/language_issues.tr
+++ b/doc/language_issues.tr
@@ -1061,6 +1061,7 @@ WARNING: untranslated string: vulnerability = Vulnerability
 WARNING: untranslated string: vulnerable = Vulnerable
 WARNING: untranslated string: whois results from = WHOIS results from
 WARNING: untranslated string: winbind daemon = Winbind Daemon
+WARNING: untranslated string: wlan client encryption wpa3 = WPA3
 WARNING: untranslated string: wlanap 802.11w disabled = Disabled
 WARNING: untranslated string: wlanap 802.11w enforced = Enforced
 WARNING: untranslated string: wlanap 802.11w optional = Optional
diff --git a/doc/language_missings b/doc/language_missings
index 12e341402..946d7d1fe 100644
--- a/doc/language_missings
+++ b/doc/language_missings
@@ -64,6 +64,7 @@
 < wlanap 802.11w disabled
 < wlanap 802.11w enforced
 < wlanap 802.11w optional
+< wlan client encryption wpa3
 ############################################################################
 # Checking cgi-bin translations for language: es                           #
 ############################################################################
@@ -917,6 +918,7 @@
 < wlan client encryption wep
 < wlan client encryption wpa
 < wlan client encryption wpa2
+< wlan client encryption wpa3
 < wlan client group cipher
 < wlan client group key algorithm
 < wlan client identity
@@ -973,6 +975,7 @@
 < tor use guard nodes
 < upload fcdsl.o
 < whois results from
+< wlan client encryption wpa3
 ############################################################################
 # Checking cgi-bin translations for language: it                           #
 ############################################################################
@@ -1332,6 +1335,7 @@
 < wlan client eap phase2 method
 < wlan client eap state
 < wlan client encryption eap
+< wlan client encryption wpa3
 < wlan client identity
 < wlan client method
 < wlan client password
@@ -1767,6 +1771,7 @@
 < wlan client eap phase2 method
 < wlan client eap state
 < wlan client encryption eap
+< wlan client encryption wpa3
 < wlan client identity
 < wlan client method
 < wlan client password
@@ -2625,6 +2630,7 @@
 < wlan client encryption wep
 < wlan client encryption wpa
 < wlan client encryption wpa2
+< wlan client encryption wpa3
 < wlan client group cipher
 < wlan client group key algorithm
 < wlan client identity
@@ -3506,6 +3512,7 @@
 < wlan client encryption wep
 < wlan client encryption wpa
 < wlan client encryption wpa2
+< wlan client encryption wpa3
 < wlan client group cipher
 < wlan client group key algorithm
 < wlan client identity
@@ -3714,6 +3721,7 @@
 < wlanap neighbor scan
 < wlanap neighbor scan warning
 < wlanap ssid
+< wlan client encryption wpa3
 < working
 < zoneconf access native
 < zoneconf access none
diff --git a/html/cgi-bin/wirelessclient.cgi b/html/cgi-bin/wirelessclient.cgi
index bbb71a984..440a9e887 100644
--- a/html/cgi-bin/wirelessclient.cgi
+++ b/html/cgi-bin/wirelessclient.cgi
@@ -462,6 +462,7 @@ sub showEditBox() {
    my %selected = ();
    $selected{'ENCRYPTION'} = ();
    $selected{'ENCRYPTION'}{'NONE'} = '';
+	$selected{'ENCRYPTION'}{'WPA3'} = '';
    $selected{'ENCRYPTION'}{'WPA2'} = '';
    $selected{'ENCRYPTION'}{'WPA'} = '';
    $selected{'ENCRYPTION'}{'WEP'} = '';
@@ -505,9 +506,10 @@ sub showEditBox() {
    					<select name='ENCRYPTION'>
    						<option value="NONE" $selected{'ENCRYPTION'}{'NONE'}>$Lang::tr{'wlan client encryption none'}</option>
    						<option value="EAP"  $selected{'ENCRYPTION'}{'EAP'}>$Lang::tr{'wlan client encryption eap'}</option>
+							<option value="WPA3" $selected{'ENCRYPTION'}{'WPA3'}>$Lang::tr{'wlan client encryption wpa3'}</option>
    						<option value="WPA2" $selected{'ENCRYPTION'}{'WPA2'}>$Lang::tr{'wlan client encryption wpa2'}</option>
    						<option value="WPA"  $selected{'ENCRYPTION'}{'WPA'}>$Lang::tr{'wlan client encryption wpa'}</option>
-							<option value="WEP"  $selected{'ENCRYPTION'}{'WEP'}>$Lang::tr{'wlan client encryption wep'}</option>							
+							<option value="WEP"  $selected{'ENCRYPTION'}{'WEP'}>$Lang::tr{'wlan client encryption wep'}</option>
    					</select>
    				</td>
    				<td colspan="2" width='40%'></td>
@@ -839,7 +841,6 @@ sub ValidateInput($) {
    # Check for invalid key length.
    } elsif (ValidKeyLength($settings{'ENCRYPTION'}, $settings{'PSK'})) {
    	return "$Lang::tr{'wlan client invalid key length'}";
-
    }
# Reset WPA mode, if WPA(2) is not selected.
diff --git a/langs/en/cgi-bin/en.pl b/langs/en/cgi-bin/en.pl
index b5284effa..9190eab57 100644
--- a/langs/en/cgi-bin/en.pl
+++ b/langs/en/cgi-bin/en.pl
@@ -2948,6 +2948,7 @@
 'wlan client encryption wep' => 'WEP',
 'wlan client encryption wpa' => 'WPA',
 'wlan client encryption wpa2' => 'WPA2',
+'wlan client encryption wpa3' => 'WPA3',
 'wlan client group cipher' => 'Group cipher',
 'wlan client group key algorithm' => 'GKA',
 'wlan client identity' => 'Identity',
diff --git a/src/initscripts/system/wlanclient b/src/initscripts/system/wlanclient
index b32a4cb4a..27a144f72 100644
--- a/src/initscripts/system/wlanclient
+++ b/src/initscripts/system/wlanclient
@@ -86,6 +86,7 @@ function wpa_supplicant_config_line() {
    local config=${2}
    shift 2
+	local ieee80211w
    local anonymous_identity
    local auth_alg
    local auth_mode
@@ -144,6 +145,11 @@ function wpa_supplicant_config_line() {
    	EAP)
    		key_mgmt="WPA-EAP"
    		;;
+		WPA3)
+			key_mgmt="SAE"
+
+			ieee80211w="2"
+			;;
    	WPA2)
    		auth_alg="OPEN"
    		proto="RSN"
@@ -209,7 +215,11 @@ function wpa_supplicant_config_line() {
    		echo "	key_mgmt=${key_mgmt}"
    	fi
    	if [ -n "${psk}" ]; then
-			echo "	psk="${psk}""
+			if [ "${key_mgmt}" = "SAE" ]; then
+				echo "	sae_password="${psk}""
+			else
+				echo "	psk="${psk}""
+			fi
    	fi
    	if [ -n "${wep_tx_keyidx}" ]; then
    		echo "	wep_tx_keyidx=${wep_tx_keyidx}"
@@ -227,6 +237,9 @@ function wpa_supplicant_config_line() {
    	if [ -n "${priority}" ]; then
    		echo "	priority=${priority}"
    	fi
+		if [ -n "${ieee80211w}" ]; then
+			echo "	ieee80211w=${ieee80211w}"
+		fi
# EAP
    	if [ "${mode}" = "EAP" ]; then
-- 
2.20.1


    

[PATCH 1/3] wireless client: Add support for WPA3