netplan key-management support wpa-psk-sha256

abi-compat/noble_1.1.xml

@@ -462,12 +462,13 @@
       <underlying-type type-id='type-id-89'/>
       <enumerator name='NETPLAN_AUTH_KEY_MANAGEMENT_NONE' value='0'/>
       <enumerator name='NETPLAN_AUTH_KEY_MANAGEMENT_WPA_PSK' value='1'/>
-      <enumerator name='NETPLAN_AUTH_KEY_MANAGEMENT_WPA_EAP' value='2'/>
-      <enumerator name='NETPLAN_AUTH_KEY_MANAGEMENT_WPA_EAPSHA256' value='3'/>
-      <enumerator name='NETPLAN_AUTH_KEY_MANAGEMENT_WPA_EAPSUITE_B_192' value='4'/>
-      <enumerator name='NETPLAN_AUTH_KEY_MANAGEMENT_8021X' value='5'/>
-      <enumerator name='NETPLAN_AUTH_KEY_MANAGEMENT_WPA_SAE' value='6'/>
-      <enumerator name='NETPLAN_AUTH_KEY_MANAGEMENT_MAX' value='7'/>
+      <enumerator name='NETPLAN_AUTH_KEY_MANAGEMENT_WPA_PSKSHA256' value='2'/>
+      <enumerator name='NETPLAN_AUTH_KEY_MANAGEMENT_WPA_EAP' value='3'/>
+      <enumerator name='NETPLAN_AUTH_KEY_MANAGEMENT_WPA_EAPSHA256' value='4'/>
+      <enumerator name='NETPLAN_AUTH_KEY_MANAGEMENT_WPA_EAPSUITE_B_192' value='5'/>
+      <enumerator name='NETPLAN_AUTH_KEY_MANAGEMENT_8021X' value='6'/>
+      <enumerator name='NETPLAN_AUTH_KEY_MANAGEMENT_WPA_SAE' value='7'/>
+      <enumerator name='NETPLAN_AUTH_KEY_MANAGEMENT_MAX' value='8'/>
     </enum-decl>
     <enum-decl name='NetplanAuthPMFMode' naming-typedef-id='type-id-104' filepath='../src/abi.h' line='162' column='1' id='type-id-105'>
       <underlying-type type-id='type-id-89'/>

doc/netplan-yaml.md

@@ -910,7 +910,8 @@ interfaces, as well as individual Wi-Fi networks, by means of the `auth` block.
   - **`key-management`** (scalar)
 
     > The supported key management modes are `none` (no key management);
-    > `psk` (WPA with pre-shared key, common for home Wi-Fi); `eap` (WPA
+    > `psk` (WPA with pre-shared key, common for home Wi-Fi); `psk-sha256`
+    > (WPA2 with pre-shared key, common for home Wi-Fi); `eap` (WPA
     > with EAP, common for enterprise Wi-Fi); `eap-sha256` (used with WPA3-Enterprise);
     > `eap-suite-b-192` (used with WPA3-Enterprise); `sae` (used by WPA3);
     > and `802.1x` (used primarily for wired Ethernet connections).

src/abi.h

@@ -140,6 +140,7 @@ typedef enum {
 typedef enum {
     NETPLAN_AUTH_KEY_MANAGEMENT_NONE,
     NETPLAN_AUTH_KEY_MANAGEMENT_WPA_PSK,
+    NETPLAN_AUTH_KEY_MANAGEMENT_WPA_PSKSHA256,
     NETPLAN_AUTH_KEY_MANAGEMENT_WPA_EAP,
     NETPLAN_AUTH_KEY_MANAGEMENT_WPA_EAPSHA256,
     NETPLAN_AUTH_KEY_MANAGEMENT_WPA_EAPSUITE_B_192,

src/names.c

@@ -59,6 +59,7 @@ static const char* const
 netplan_auth_key_management_type_to_str[NETPLAN_AUTH_KEY_MANAGEMENT_MAX] = {
     [NETPLAN_AUTH_KEY_MANAGEMENT_NONE] = "none",
     [NETPLAN_AUTH_KEY_MANAGEMENT_WPA_PSK] = "psk",
+    [NETPLAN_AUTH_KEY_MANAGEMENT_WPA_PSKSHA256] = "psk-sha256",
     [NETPLAN_AUTH_KEY_MANAGEMENT_WPA_EAP] = "eap",
     [NETPLAN_AUTH_KEY_MANAGEMENT_WPA_EAPSHA256] = "eap-sha256",
     [NETPLAN_AUTH_KEY_MANAGEMENT_WPA_EAPSUITE_B_192] = "eap-suite-b-192",

src/networkd.c

@@ -1188,6 +1188,10 @@ append_wpa_auth_conf(GString* s, const NetplanAuthenticationSettings* auth, cons
                 g_string_append(s, "  key_mgmt=WPA-PSK\n");
             break;
 
+        case NETPLAN_AUTH_KEY_MANAGEMENT_WPA_PSKSHA256:
+            g_string_append(s, "  key_mgmt=WPA-PSK WPA-PSK-SHA256\n");
+            break;
+
         case NETPLAN_AUTH_KEY_MANAGEMENT_WPA_EAP:
             g_string_append(s, "  key_mgmt=WPA-EAP\n");
             break;

src/nm.c

@@ -515,6 +515,7 @@ write_wifi_auth_parameters(const NetplanAuthenticationSettings* auth, GKeyFile *
         case NETPLAN_AUTH_KEY_MANAGEMENT_NONE:
             break;
         case NETPLAN_AUTH_KEY_MANAGEMENT_WPA_PSK:
+        case NETPLAN_AUTH_KEY_MANAGEMENT_WPA_PSKSHA256:
             g_key_file_set_string(kf, "wifi-security", "key-mgmt", "wpa-psk");
             break;
         case NETPLAN_AUTH_KEY_MANAGEMENT_WPA_EAP:

src/parse-nm.c

@@ -1019,6 +1019,8 @@ netplan_parser_load_keyfile(NetplanParser* npp, const char* filename, GError** e
                  */
                 if (ap->auth.key_management == NETPLAN_AUTH_KEY_MANAGEMENT_WPA_EAP)
                     ap->auth.key_management = NETPLAN_AUTH_KEY_MANAGEMENT_WPA_EAPSHA256;
+                else if (ap->auth.key_management == NETPLAN_AUTH_KEY_MANAGEMENT_WPA_PSK)
+                    ap->auth.key_management = NETPLAN_AUTH_KEY_MANAGEMENT_WPA_PSKSHA256;
                 break;
 
             case 3:

src/parse.c

@@ -1015,6 +1015,13 @@ handle_auth_key_management(NetplanParser* npp, yaml_node_t* node, __unused const
         auth->key_management = NETPLAN_AUTH_KEY_MANAGEMENT_NONE;
     else if (strcmp(scalar(node), "psk") == 0)
         auth->key_management = NETPLAN_AUTH_KEY_MANAGEMENT_WPA_PSK;
+    else if (strcmp(scalar(node), "psk-sha256") == 0) {
+        /* WPA-PSK-SHA256 is commonly used with Protected Management Frames
+         * so let's set it as optional
+         */
+        auth->key_management = NETPLAN_AUTH_KEY_MANAGEMENT_WPA_PSKSHA256;
+        auth->pmf_mode = NETPLAN_AUTH_PMF_MODE_OPTIONAL;
+    }
     else if (strcmp(scalar(node), "eap") == 0)
         auth->key_management = NETPLAN_AUTH_KEY_MANAGEMENT_WPA_EAP;
     else if (strcmp(scalar(node), "eap-sha256") == 0) {

src/util.c

@@ -1235,6 +1235,7 @@ gboolean
 _is_auth_key_management_psk(const NetplanAuthenticationSettings* auth)
 {
     return (   auth->key_management == NETPLAN_AUTH_KEY_MANAGEMENT_WPA_PSK
+            || auth->key_management == NETPLAN_AUTH_KEY_MANAGEMENT_WPA_PSKSHA256
             || auth->key_management == NETPLAN_AUTH_KEY_MANAGEMENT_WPA_SAE);
 }