Skip to content

netplan key-management support wpa-psk-sha256 (LP# 2085320)#531

Merged
daniloegea merged 1 commit intocanonical:mainfrom
seankingyang:add_wpa_psk_sha256
Dec 18, 2024
Merged

netplan key-management support wpa-psk-sha256 (LP# 2085320)#531
daniloegea merged 1 commit intocanonical:mainfrom
seankingyang:add_wpa_psk_sha256

Conversation

@seankingyang
Copy link
Contributor

@seankingyang seankingyang commented Dec 13, 2024
edited
Loading

Description

Make the netplan key-management support wpa-psk-sha256.

If the AP only support the WPA-PSK-SHA256 key management, the original netplan code will only add the wpa-psk in wpa_supplicant confg

ubuntu@ubuntu:~/netplan$ sudo cat /run/netplan/wpa-wlp1s0.conf
ctrl_interface=/run/wpa_supplicant

network={
  ssid=P"cert-n-wpa-tel-l4"
  key_mgmt=WPA-PSK
  psk="insecure"
}

And the networkctl status wlp1s0 will alway show configuration

ubuntu@ubuntu:~/netplan$ networkctl status wlp1s0
● 4: wlp1s0
                   Link File: /usr/lib/systemd/network/99-default.link
                Network File: /run/systemd/network/10-netplan-wlp1s0.network
                       State: no-carrier (configuring)
                Online state: offline
                        Type: wlan
                        Path: pci-0000:01:00.0
                      Driver: iwlwifi
                      Vendor: Intel Corporation
                       Model: Wi-Fi 6 AX210/AX211/AX411 160MHz (Wi-Fi 6 AX210 160MHz)
            Hardware Address: c4:bd:e5:5f:13:83 (Intel Corporate)
                         MTU: 1500 (min: 256, max: 2304)
                       QDisc: noqueue
IPv6 Address Generation Mode: eui64
          Wi-Fi access point: (null) (00:00:00:00:00:00)
    Number of Queues (Tx/Rx): 1/1
                     Address: fe80::c6bd:e5ff:fe5f:1383
           Activation Policy: up
         Required For Online: yes

This change is add the psk-sha256 once the use want to connect the ap which only support the wpa-psk-sha256.
The change is like eap and eap-sha256.

Checklist

@seankingyang seankingyang marked this pull request as draft December 13, 2024 10:58
@seankingyang seankingyang changed the title netplan key-management support wpa-psk-sha256 netplan key-management support wpa-psk-sha256 (LP# 2085320) Dec 13, 2024
@seankingyang seankingyang force-pushed the add_wpa_psk_sha256 branch 7 times, most recently from 52fd4b1 to 9fc1e78 Compare December 16, 2024 03:47
@seankingyang seankingyang marked this pull request as ready for review December 16, 2024 03:54
daniloegea
daniloegea suggested changes Dec 16, 2024
View reviewed changes
Copy link
Contributor

@daniloegea daniloegea left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hello Isaac,

Thank you so much for your PR, it looks mostly good to me.

I just left a few comments that we should address before merging.

Apart from that, can you also rebase it into a single commit please?
In the first line of the commit message use something like: wifi: add support for wpa-psk-sha256. And add a short description of the change with a link to the Launchpad bug.

Did you test the configuration against a real setup that only supports psk-sha256? I'll also try that later.

Thanks again!

@slyon feel free to also take a look 🌚

src/abi.h Outdated
typedef enum {
NETPLAN_AUTH_KEY_MANAGEMENT_NONE,
NETPLAN_AUTH_KEY_MANAGEMENT_WPA_PSK,
NETPLAN_AUTH_KEY_MANAGEMENT_WPA_PSKSHA256,
Copy link
Contributor

@daniloegea daniloegea Dec 16, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

todo: please move the new option to the end of the enum (before _MAX) to avoid renumbering the other options. It might not cause any harm but the generate binary (sadly) import internal files so we just want to avoid any ABI changes that might break it.

Copy link
Contributor Author

@seankingyang seankingyang Dec 16, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This part made me hard to decide where should I put when I did this PR.
Thanks for your great explanation

src/parse-nm.c
*/
if (ap->auth.key_management == NETPLAN_AUTH_KEY_MANAGEMENT_WPA_EAP)
ap->auth.key_management = NETPLAN_AUTH_KEY_MANAGEMENT_WPA_EAPSHA256;
else if (ap->auth.key_management == NETPLAN_AUTH_KEY_MANAGEMENT_WPA_PSK)
Copy link
Contributor

@daniloegea daniloegea Dec 16, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nitpick: the comment above needs to be updated now. Maybe just append this to the comment: The same logic is used for WPA-PSK.

Copy link
Contributor Author

@seankingyang seankingyang Dec 16, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Agree!! It will be clearer for other when reading this part~

@seankingyang
Copy link
Contributor Author

seankingyang commented Dec 16, 2024
edited
Loading

Hello @daniloegea, thanks for your quickly response and give the great feedback!
The following was I test on a really machine and connect the ap only support the wpa-psk-sha256.
I directly clone my branch and build netplan to replace the original netplan on it.

Using this machine https://certification.canonical.com/hardware/202407-34231/ to connect the cert-wpa-tel-l4 which is only support the wpa-psk-sha256

  1. key-management: psk
ubuntu@ubuntu:~/netplan$ cat /etc/netplan/99-test.yaml
network:
  version: 2
  wifis:
    wlp1s0:
      access-points:
        cert-n-wpa-tel-l4:
          auth:
            key-management: psk
            password: insecure
      dhcp4: true
      nameservers: {}
ubuntu@ubuntu:~/netplan$ sudo cat /run/netplan/wpa-wlp1s0.conf
ctrl_interface=/run/wpa_supplicant

network={
  ssid=P"cert-n-wpa-tel-l4"
  key_mgmt=WPA-PSK
  psk="insecure"
}
ubuntu@ubuntu:~/netplan$ networkctl status wlp1s0
● 4: wlp1s0
                   Link File: /usr/lib/systemd/network/99-default.link
                Network File: /run/systemd/network/10-netplan-wlp1s0.network
                       State: no-carrier (configuring)
                Online state: offline
                        Type: wlan
                        Path: pci-0000:01:00.0
                      Driver: iwlwifi
                      Vendor: Intel Corporation
                       Model: Wi-Fi 6 AX210/AX211/AX411 160MHz (Wi-Fi 6 AX210 160MHz)
            Hardware Address: c4:bd:e5:5f:13:83 (Intel Corporate)
                         MTU: 1500 (min: 256, max: 2304)
                       QDisc: noqueue
IPv6 Address Generation Mode: eui64
          Wi-Fi access point: (null) (00:00:00:00:00:00)
    Number of Queues (Tx/Rx): 1/1
                     Address: fe80::c6bd:e5ff:fe5f:1383
           Activation Policy: up
         Required For Online: yes

Dec 16 13:01:36 ubuntu systemd-networkd[629]: wlp1s0: DHCPv6 lease lost
Dec 16 13:01:43 ubuntu systemd-networkd[629]: wlp1s0: Connected WiFi access point: cert-n-wpa-tel-l4 (7c:10:c9:69:6d:60)
Dec 16 13:01:44 ubuntu systemd-networkd[629]: wlp1s0: Gained carrier
Dec 16 13:01:44 ubuntu systemd-networkd[629]: wlp1s0: DHCPv4 address 192.168.50.231/24, gateway 192.168.50.1 acquired from 192.168.50.1
Dec 16 13:14:58 ubuntu systemd-networkd[629]: wlp1s0: Lost carrier
Dec 16 13:14:58 ubuntu systemd-networkd[629]: wlp1s0: DHCP lease lost
Dec 16 13:14:58 ubuntu systemd-networkd[629]: wlp1s0: DHCPv6 lease lost
Dec 16 13:14:58 ubuntu systemd-networkd[629]: wlp1s0: Reconfiguring with /run/systemd/network/10-netplan-wlp1s0.network.
Dec 16 13:14:58 ubuntu systemd-networkd[629]: wlp1s0: DHCPv6 lease lost
Dec 16 13:14:58 ubuntu systemd-networkd[629]: wlp1s0: Configuring with /run/systemd/network/10-netplan-wlp1s0.network.
  1. key-management: psk-sha256
ubuntu@ubuntu:~/netplan$ cat /etc/netplan/99-test.yaml
network:
  version: 2
  wifis:
    wlp1s0:
      access-points:
        cert-n-wpa-tel-l4:
          auth:
            key-management: psk-sha256
            password: insecure
      dhcp4: true
      nameservers: {}
ubuntu@ubuntu:~/netplan$ sudo cat /run/netplan/wpa-wlp1s0.conf
ctrl_interface=/run/wpa_supplicant

network={
  ssid=P"cert-n-wpa-tel-l4"
  key_mgmt=WPA-PSK WPA-PSK-SHA256
  ieee80211w=1
  psk="insecure"
}
ubuntu@ubuntu:~/netplan$ networkctl status wlp1s0
● 4: wlp1s0
                   Link File: /usr/lib/systemd/network/99-default.link
                Network File: /run/systemd/network/10-netplan-wlp1s0.network
                       State: routable (configured)
                Online state: online
                        Type: wlan
                        Path: pci-0000:01:00.0
                      Driver: iwlwifi
                      Vendor: Intel Corporation
                       Model: Wi-Fi 6 AX210/AX211/AX411 160MHz (Wi-Fi 6 AX210 160MHz)
            Hardware Address: c4:bd:e5:5f:13:83 (Intel Corporate)
                         MTU: 1500 (min: 256, max: 2304)
                       QDisc: noqueue
IPv6 Address Generation Mode: eui64
          Wi-Fi access point: cert-n-wpa-tel-l4 (7c:10:c9:69:6d:60)
    Number of Queues (Tx/Rx): 1/1
                     Address: 192.168.50.231 (DHCP4 via 192.168.50.1)
                              fe80::c6bd:e5ff:fe5f:1383
                     Gateway: 192.168.50.1
                         DNS: 192.168.50.1
           Activation Policy: up
         Required For Online: yes
             DHCP4 Client ID: IAID:0xff4d6f5/DUID
           DHCP6 Client DUID: DUID-EN/Vendor:0000ab11dfb47e7f241d70e6
                Connected To: GT-AXE11000 on port 7c:10:c9:69:6d:60 (eth6)

Dec 16 13:14:58 ubuntu systemd-networkd[629]: wlp1s0: DHCP lease lost
Dec 16 13:14:58 ubuntu systemd-networkd[629]: wlp1s0: DHCPv6 lease lost
Dec 16 13:14:58 ubuntu systemd-networkd[629]: wlp1s0: Reconfiguring with /run/systemd/network/10-netplan-wlp1s0.network.
Dec 16 13:14:58 ubuntu systemd-networkd[629]: wlp1s0: DHCPv6 lease lost
Dec 16 13:14:58 ubuntu systemd-networkd[629]: wlp1s0: Configuring with /run/systemd/network/10-netplan-wlp1s0.network.
Dec 16 13:19:22 ubuntu systemd-networkd[629]: wlp1s0: Reconfiguring with /run/systemd/network/10-netplan-wlp1s0.network.
Dec 16 13:19:22 ubuntu systemd-networkd[629]: wlp1s0: Configuring with /run/systemd/network/10-netplan-wlp1s0.network.
Dec 16 13:19:24 ubuntu systemd-networkd[629]: wlp1s0: Connected WiFi access point: cert-n-wpa-tel-l4 (7c:10:c9:69:6d:60)
Dec 16 13:19:24 ubuntu systemd-networkd[629]: wlp1s0: Gained carrier
Dec 16 13:19:24 ubuntu systemd-networkd[629]: wlp1s0: DHCPv4 address 192.168.50.231/24, gateway 192.168.50.1 acquired from 192.168.50.1

daniloegea
daniloegea approved these changes Dec 18, 2024
View reviewed changes
Copy link
Contributor

@daniloegea daniloegea left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you! lgtm!

I tested it with the following hostapd.conf:

hw_mode=g
channel=1
ssid=fake net
wpa=2
wpa_key_mgmt=WPA-PSK-SHA256
wpa_pairwise=CCMP
ieee80211w=2
wpa_passphrase=12345678

It will connect only when using psk-sha256. I'll prepare an autopkgtest for it later.

@daniloegea daniloegea merged commit a03d614 into canonical:main Dec 18, 2024
@slyon slyon added community This PR has been proposed by somebody outside of the Netplan team and roadmap commitments. Canonical by Canonical employees outside the Netplan team labels Mar 11, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@daniloegea daniloegea daniloegea approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

Canonical by Canonical employees outside the Netplan team community This PR has been proposed by somebody outside of the Netplan team and roadmap commitments.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@seankingyang @daniloegea @slyon