From 5addf347804340cef0808d6fb119b6092244dec6 Mon Sep 17 00:00:00 2001
From: Michael Tremer <michael.tremer@ipfire.org>
Date: Wed, 6 Jan 2021 14:43:12 +0000
Subject: [PATCH] wireless client: Add support for WPA3

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
---
 doc/language_issues.de            |  2 ++
 doc/language_issues.en            |  4 +++-
 doc/language_issues.es            |  4 ++++
 doc/language_issues.fr            |  4 ++++
 doc/language_issues.it            |  4 ++++
 doc/language_issues.nl            |  4 ++++
 doc/language_issues.pl            |  4 ++++
 doc/language_issues.ru            |  4 ++++
 doc/language_issues.tr            |  4 ++++
 doc/language_missings             | 22 ++++++++++++++++++++++
 html/cgi-bin/wirelessclient.cgi   |  5 +++--
 langs/en/cgi-bin/en.pl            |  1 +
 src/initscripts/system/wlanclient | 15 ++++++++++++++-
 13 files changed, 73 insertions(+), 4 deletions(-)

diff --git a/doc/language_issues.de b/doc/language_issues.de
index dfb9e202ba..701642df9a 100644
--- a/doc/language_issues.de
+++ b/doc/language_issues.de
@@ -522,6 +522,7 @@ WARNING: translation string unused: open to all
 WARNING: translation string unused: openvpn disabled
 WARNING: translation string unused: openvpn enabled
 WARNING: translation string unused: optional data
+WARNING: translation string unused: options
 WARNING: translation string unused: optionsfw portlist hint
 WARNING: translation string unused: optionsfw warning
 WARNING: translation string unused: or
@@ -885,6 +886,7 @@ WARNING: untranslated string: show tls-auth key = Show tls-auth key
 WARNING: untranslated string: smb daemon = SMB Daemon
 WARNING: untranslated string: user management = User Management
 WARNING: untranslated string: winbind daemon = Winbind Daemon
+WARNING: untranslated string: wlan client encryption wpa3 = WPA3
 WARNING: untranslated string: wlanap 802.11w disabled = Disabled
 WARNING: untranslated string: wlanap 802.11w enforced = Enforced
 WARNING: untranslated string: wlanap 802.11w optional = Optional
diff --git a/doc/language_issues.en b/doc/language_issues.en
index a5c8819416..08202ebd00 100644
--- a/doc/language_issues.en
+++ b/doc/language_issues.en
@@ -1367,7 +1367,6 @@ WARNING: untranslated string: openvpn server = OpenVPN server
 WARNING: untranslated string: openvpn subnet is used = The given subnet is used by another OpenVPN server.
 WARNING: untranslated string: optional = Optional
 WARNING: untranslated string: optional at cmd = optional AT command
-WARNING: untranslated string: options = Options
 WARNING: untranslated string: options fw = Firewall Options
 WARNING: untranslated string: orange = ORANGE
 WARNING: untranslated string: organization cant be empty = Organization can't be empty.
@@ -1689,6 +1688,8 @@ WARNING: untranslated string: title = Title
 WARNING: untranslated string: to = To
 WARNING: untranslated string: toggle = pause/resume
 WARNING: untranslated string: toggle enable disable = Enable or disable
+WARNING: untranslated string: token = Token:
+WARNING: untranslated string: token not set = No Token has been given.
 WARNING: untranslated string: tone = Tone
 WARNING: untranslated string: tone dial = Tone dial:
 WARNING: untranslated string: tor = Tor
@@ -2128,6 +2129,7 @@ WARNING: untranslated string: wlan client encryption none = None
 WARNING: untranslated string: wlan client encryption wep = WEP
 WARNING: untranslated string: wlan client encryption wpa = WPA
 WARNING: untranslated string: wlan client encryption wpa2 = WPA2
+WARNING: untranslated string: wlan client encryption wpa3 = WPA3
 WARNING: untranslated string: wlan client group cipher = Group cipher
 WARNING: untranslated string: wlan client group key algorithm = GKA
 WARNING: untranslated string: wlan client identity = Identity
diff --git a/doc/language_issues.es b/doc/language_issues.es
index bff23f3bc5..e575904b77 100644
--- a/doc/language_issues.es
+++ b/doc/language_issues.es
@@ -470,6 +470,7 @@ WARNING: translation string unused: online help en
 WARNING: translation string unused: only red
 WARNING: translation string unused: open to all
 WARNING: translation string unused: optional data
+WARNING: translation string unused: options
 WARNING: translation string unused: optionsfw portlist hint
 WARNING: translation string unused: optionsfw warning
 WARNING: translation string unused: or
@@ -1387,6 +1388,8 @@ WARNING: untranslated string: taa zombieload2 = TSX Async Abort / ZombieLoad v2
 WARNING: untranslated string: tcp more reliable = TCP (more reliable)
 WARNING: untranslated string: ten minutes = 10 Minutes
 WARNING: untranslated string: thirty minutes = 30 Minutes
+WARNING: untranslated string: token = Token:
+WARNING: untranslated string: token not set = No Token has been given.
 WARNING: untranslated string: tor = Tor
 WARNING: untranslated string: tor accounting = Accounting
 WARNING: untranslated string: tor accounting bytes = Traffic (read/written)
@@ -1499,6 +1502,7 @@ WARNING: untranslated string: wlan client encryption none = None
 WARNING: untranslated string: wlan client encryption wep = WEP
 WARNING: untranslated string: wlan client encryption wpa = WPA
 WARNING: untranslated string: wlan client encryption wpa2 = WPA2
+WARNING: untranslated string: wlan client encryption wpa3 = WPA3
 WARNING: untranslated string: wlan client group cipher = Group cipher
 WARNING: untranslated string: wlan client group key algorithm = GKA
 WARNING: untranslated string: wlan client identity = Identity
diff --git a/doc/language_issues.fr b/doc/language_issues.fr
index 2989678c18..5ea59cdf06 100644
--- a/doc/language_issues.fr
+++ b/doc/language_issues.fr
@@ -553,6 +553,7 @@ WARNING: translation string unused: open to all
 WARNING: translation string unused: openvpn disabled
 WARNING: translation string unused: openvpn enabled
 WARNING: translation string unused: optional data
+WARNING: translation string unused: options
 WARNING: translation string unused: optionsfw portlist hint
 WARNING: translation string unused: optionsfw warning
 WARNING: translation string unused: or
@@ -913,3 +914,6 @@ WARNING: untranslated string: pakfire ago = ago.
 WARNING: untranslated string: route config changed = unknown string
 WARNING: untranslated string: routing config added = unknown string
 WARNING: untranslated string: routing config changed = unknown string
+WARNING: untranslated string: token = Token:
+WARNING: untranslated string: token not set = No Token has been given.
+WARNING: untranslated string: wlan client encryption wpa3 = WPA3
diff --git a/doc/language_issues.it b/doc/language_issues.it
index aaa96b1183..e22de23b13 100644
--- a/doc/language_issues.it
+++ b/doc/language_issues.it
@@ -527,6 +527,7 @@ WARNING: translation string unused: open to all
 WARNING: translation string unused: openvpn disabled
 WARNING: translation string unused: openvpn enabled
 WARNING: translation string unused: optional data
+WARNING: translation string unused: options
 WARNING: translation string unused: optionsfw portlist hint
 WARNING: translation string unused: optionsfw warning
 WARNING: translation string unused: or
@@ -1147,6 +1148,8 @@ WARNING: untranslated string: taa zombieload2 = TSX Async Abort / ZombieLoad v2
 WARNING: untranslated string: tcp more reliable = TCP (more reliable)
 WARNING: untranslated string: ten minutes = 10 Minutes
 WARNING: untranslated string: thirty minutes = 30 Minutes
+WARNING: untranslated string: token = Token:
+WARNING: untranslated string: token not set = No Token has been given.
 WARNING: untranslated string: tor guard country any = Any country
 WARNING: untranslated string: tor guard nodes = Guard Nodes
 WARNING: untranslated string: tor use guard nodes = Use only these guard nodes (one fingerprint per line)
@@ -1190,6 +1193,7 @@ WARNING: untranslated string: wlan client eap authentication method = EAP Authen
 WARNING: untranslated string: wlan client eap phase2 method = EAP Phase 2 Method
 WARNING: untranslated string: wlan client eap state = EAP Status
 WARNING: untranslated string: wlan client encryption eap = EAP
+WARNING: untranslated string: wlan client encryption wpa3 = WPA3
 WARNING: untranslated string: wlan client identity = Identity
 WARNING: untranslated string: wlan client method = Method
 WARNING: untranslated string: wlan client password = Password
diff --git a/doc/language_issues.nl b/doc/language_issues.nl
index 4ab6868062..cce4877793 100644
--- a/doc/language_issues.nl
+++ b/doc/language_issues.nl
@@ -523,6 +523,7 @@ WARNING: translation string unused: open to all
 WARNING: translation string unused: openvpn disabled
 WARNING: translation string unused: openvpn enabled
 WARNING: translation string unused: optional data
+WARNING: translation string unused: options
 WARNING: translation string unused: optionsfw portlist hint
 WARNING: translation string unused: optionsfw warning
 WARNING: translation string unused: or
@@ -1185,6 +1186,8 @@ WARNING: untranslated string: taa zombieload2 = TSX Async Abort / ZombieLoad v2
 WARNING: untranslated string: tcp more reliable = TCP (more reliable)
 WARNING: untranslated string: ten minutes = 10 Minutes
 WARNING: untranslated string: thirty minutes = 30 Minutes
+WARNING: untranslated string: token = Token:
+WARNING: untranslated string: token not set = No Token has been given.
 WARNING: untranslated string: tor guard country any = Any country
 WARNING: untranslated string: tor guard nodes = Guard Nodes
 WARNING: untranslated string: tor use guard nodes = Use only these guard nodes (one fingerprint per line)
@@ -1230,6 +1233,7 @@ WARNING: untranslated string: wlan client eap authentication method = EAP Authen
 WARNING: untranslated string: wlan client eap phase2 method = EAP Phase 2 Method
 WARNING: untranslated string: wlan client eap state = EAP Status
 WARNING: untranslated string: wlan client encryption eap = EAP
+WARNING: untranslated string: wlan client encryption wpa3 = WPA3
 WARNING: untranslated string: wlan client identity = Identity
 WARNING: untranslated string: wlan client method = Method
 WARNING: untranslated string: wlan client password = Password
diff --git a/doc/language_issues.pl b/doc/language_issues.pl
index bff23f3bc5..e575904b77 100644
--- a/doc/language_issues.pl
+++ b/doc/language_issues.pl
@@ -470,6 +470,7 @@ WARNING: translation string unused: online help en
 WARNING: translation string unused: only red
 WARNING: translation string unused: open to all
 WARNING: translation string unused: optional data
+WARNING: translation string unused: options
 WARNING: translation string unused: optionsfw portlist hint
 WARNING: translation string unused: optionsfw warning
 WARNING: translation string unused: or
@@ -1387,6 +1388,8 @@ WARNING: untranslated string: taa zombieload2 = TSX Async Abort / ZombieLoad v2
 WARNING: untranslated string: tcp more reliable = TCP (more reliable)
 WARNING: untranslated string: ten minutes = 10 Minutes
 WARNING: untranslated string: thirty minutes = 30 Minutes
+WARNING: untranslated string: token = Token:
+WARNING: untranslated string: token not set = No Token has been given.
 WARNING: untranslated string: tor = Tor
 WARNING: untranslated string: tor accounting = Accounting
 WARNING: untranslated string: tor accounting bytes = Traffic (read/written)
@@ -1499,6 +1502,7 @@ WARNING: untranslated string: wlan client encryption none = None
 WARNING: untranslated string: wlan client encryption wep = WEP
 WARNING: untranslated string: wlan client encryption wpa = WPA
 WARNING: untranslated string: wlan client encryption wpa2 = WPA2
+WARNING: untranslated string: wlan client encryption wpa3 = WPA3
 WARNING: untranslated string: wlan client group cipher = Group cipher
 WARNING: untranslated string: wlan client group key algorithm = GKA
 WARNING: untranslated string: wlan client identity = Identity
diff --git a/doc/language_issues.ru b/doc/language_issues.ru
index 0317eba8c2..eb4eedec52 100644
--- a/doc/language_issues.ru
+++ b/doc/language_issues.ru
@@ -461,6 +461,7 @@ WARNING: translation string unused: online help en
 WARNING: translation string unused: only red
 WARNING: translation string unused: open to all
 WARNING: translation string unused: optional data
+WARNING: translation string unused: options
 WARNING: translation string unused: optionsfw portlist hint
 WARNING: translation string unused: optionsfw warning
 WARNING: translation string unused: or
@@ -1380,6 +1381,8 @@ WARNING: untranslated string: taa zombieload2 = TSX Async Abort / ZombieLoad v2
 WARNING: untranslated string: tcp more reliable = TCP (more reliable)
 WARNING: untranslated string: ten minutes = 10 Minutes
 WARNING: untranslated string: thirty minutes = 30 Minutes
+WARNING: untranslated string: token = Token:
+WARNING: untranslated string: token not set = No Token has been given.
 WARNING: untranslated string: tor = Tor
 WARNING: untranslated string: tor accounting = Accounting
 WARNING: untranslated string: tor accounting bytes = Traffic (read/written)
@@ -1492,6 +1495,7 @@ WARNING: untranslated string: wlan client encryption none = None
 WARNING: untranslated string: wlan client encryption wep = WEP
 WARNING: untranslated string: wlan client encryption wpa = WPA
 WARNING: untranslated string: wlan client encryption wpa2 = WPA2
+WARNING: untranslated string: wlan client encryption wpa3 = WPA3
 WARNING: untranslated string: wlan client group cipher = Group cipher
 WARNING: untranslated string: wlan client group key algorithm = GKA
 WARNING: untranslated string: wlan client identity = Identity
diff --git a/doc/language_issues.tr b/doc/language_issues.tr
index 554565f20f..9f276edacc 100644
--- a/doc/language_issues.tr
+++ b/doc/language_issues.tr
@@ -555,6 +555,7 @@ WARNING: translation string unused: open to all
 WARNING: translation string unused: openvpn disabled
 WARNING: translation string unused: openvpn enabled
 WARNING: translation string unused: optional data
+WARNING: translation string unused: options
 WARNING: translation string unused: optionsfw portlist hint
 WARNING: translation string unused: optionsfw warning
 WARNING: translation string unused: or
@@ -1047,6 +1048,8 @@ WARNING: untranslated string: strict = Strict
 WARNING: untranslated string: subnet mask = Subnet Mask
 WARNING: untranslated string: system is offline = The system is offline.
 WARNING: untranslated string: taa zombieload2 = TSX Async Abort / ZombieLoad v2
+WARNING: untranslated string: token = Token:
+WARNING: untranslated string: token not set = No Token has been given.
 WARNING: untranslated string: tor guard country any = Any country
 WARNING: untranslated string: tor guard nodes = Guard Nodes
 WARNING: untranslated string: tor use guard nodes = Use only these guard nodes (one fingerprint per line)
@@ -1061,6 +1064,7 @@ WARNING: untranslated string: vulnerability = Vulnerability
 WARNING: untranslated string: vulnerable = Vulnerable
 WARNING: untranslated string: whois results from = WHOIS results from
 WARNING: untranslated string: winbind daemon = Winbind Daemon
+WARNING: untranslated string: wlan client encryption wpa3 = WPA3
 WARNING: untranslated string: wlanap 802.11w disabled = Disabled
 WARNING: untranslated string: wlanap 802.11w enforced = Enforced
 WARNING: untranslated string: wlanap 802.11w optional = Optional
diff --git a/doc/language_missings b/doc/language_missings
index e14cdd0006..1956eac487 100644
--- a/doc/language_missings
+++ b/doc/language_missings
@@ -64,6 +64,7 @@
 < wlanap 802.11w disabled
 < wlanap 802.11w enforced
 < wlanap 802.11w optional
+< wlan client encryption wpa3
 ############################################################################
 # Checking cgi-bin translations for language: es                           #
 ############################################################################
@@ -782,6 +783,8 @@
 < ten minutes
 < teovpn_fragment
 < thirty minutes
+< token
+< token not set
 < tor
 < tor 0 = disabled
 < tor accounting
@@ -919,6 +922,7 @@
 < wlan client encryption wep
 < wlan client encryption wpa
 < wlan client encryption wpa2
+< wlan client encryption wpa3
 < wlan client group cipher
 < wlan client group key algorithm
 < wlan client identity
@@ -966,7 +970,10 @@
 < dhcp valid range required when deny known clients checked
 < g.dtm
 < g.lite
+< token
+< token not set
 < upload fcdsl.o
+< wlan client encryption wpa3
 ############################################################################
 # Checking cgi-bin translations for language: it                           #
 ############################################################################
@@ -1272,6 +1279,8 @@
 < tcp more reliable
 < ten minutes
 < thirty minutes
+< token
+< token not set
 < tor guard country
 < tor guard country any
 < tor guard nodes
@@ -1328,6 +1337,7 @@
 < wlan client eap phase2 method
 < wlan client eap state
 < wlan client encryption eap
+< wlan client encryption wpa3
 < wlan client identity
 < wlan client method
 < wlan client password
@@ -1705,6 +1715,8 @@
 < ten minutes
 < teovpn_fragment
 < thirty minutes
+< token
+< token not set
 < tor guard country
 < tor guard country any
 < tor guard nodes
@@ -1763,6 +1775,7 @@
 < wlan client eap phase2 method
 < wlan client eap state
 < wlan client encryption eap
+< wlan client encryption wpa3
 < wlan client identity
 < wlan client method
 < wlan client password
@@ -2486,6 +2499,8 @@
 < ten minutes
 < teovpn_fragment
 < thirty minutes
+< token
+< token not set
 < tor
 < tor 0 = disabled
 < tor accounting
@@ -2623,6 +2638,7 @@
 < wlan client encryption wep
 < wlan client encryption wpa
 < wlan client encryption wpa2
+< wlan client encryption wpa3
 < wlan client group cipher
 < wlan client group key algorithm
 < wlan client identity
@@ -3368,6 +3384,8 @@
 < ten minutes
 < teovpn_fragment
 < thirty minutes
+< token
+< token not set
 < tor
 < tor 0 = disabled
 < tor accounting
@@ -3506,6 +3524,7 @@
 < wlan client encryption wep
 < wlan client encryption wpa
 < wlan client encryption wpa2
+< wlan client encryption wpa3
 < wlan client group cipher
 < wlan client group key algorithm
 < wlan client identity
@@ -3691,6 +3710,8 @@
 < subnet mask
 < system is offline
 < taa zombieload2
+< token
+< token not set
 < tor guard country
 < tor guard country any
 < tor guard nodes
@@ -3716,6 +3737,7 @@
 < wlanap neighbor scan
 < wlanap neighbor scan warning
 < wlanap ssid
+< wlan client encryption wpa3
 < working
 < zoneconf access native
 < zoneconf access none
diff --git a/html/cgi-bin/wirelessclient.cgi b/html/cgi-bin/wirelessclient.cgi
index 6978663cf3..e8c3c96284 100644
--- a/html/cgi-bin/wirelessclient.cgi
+++ b/html/cgi-bin/wirelessclient.cgi
@@ -462,6 +462,7 @@ sub showEditBox() {
 	my %selected = ();
 	$selected{'ENCRYPTION'} = ();
 	$selected{'ENCRYPTION'}{'NONE'} = '';
+	$selected{'ENCRYPTION'}{'WPA3'} = '';
 	$selected{'ENCRYPTION'}{'WPA2'} = '';
 	$selected{'ENCRYPTION'}{'WPA'} = '';
 	$selected{'ENCRYPTION'}{'WEP'} = '';
@@ -505,9 +506,10 @@ sub showEditBox() {
 						<select name='ENCRYPTION'>
 							<option value="NONE" $selected{'ENCRYPTION'}{'NONE'}>$Lang::tr{'wlan client encryption none'}</option>
 							<option value="EAP"  $selected{'ENCRYPTION'}{'EAP'}>$Lang::tr{'wlan client encryption eap'}</option>
+							<option value="WPA3" $selected{'ENCRYPTION'}{'WPA3'}>$Lang::tr{'wlan client encryption wpa3'}</option>
 							<option value="WPA2" $selected{'ENCRYPTION'}{'WPA2'}>$Lang::tr{'wlan client encryption wpa2'}</option>
 							<option value="WPA"  $selected{'ENCRYPTION'}{'WPA'}>$Lang::tr{'wlan client encryption wpa'}</option>
-							<option value="WEP"  $selected{'ENCRYPTION'}{'WEP'}>$Lang::tr{'wlan client encryption wep'}</option>							
+							<option value="WEP"  $selected{'ENCRYPTION'}{'WEP'}>$Lang::tr{'wlan client encryption wep'}</option>
 						</select>
 					</td>
 					<td colspan="2" width='40%'></td>
@@ -839,7 +841,6 @@ sub ValidateInput($) {
 	# Check for invalid key length.
 	} elsif (ValidKeyLength($settings{'ENCRYPTION'}, $settings{'PSK'})) {
 		return "$Lang::tr{'wlan client invalid key length'}";
-
 	}
 
 	# Reset WPA mode, if WPA(2) is not selected.
diff --git a/langs/en/cgi-bin/en.pl b/langs/en/cgi-bin/en.pl
index 4d23f7aac0..22e8a4cc68 100644
--- a/langs/en/cgi-bin/en.pl
+++ b/langs/en/cgi-bin/en.pl
@@ -2951,6 +2951,7 @@
 'wlan client encryption wep' => 'WEP',
 'wlan client encryption wpa' => 'WPA',
 'wlan client encryption wpa2' => 'WPA2',
+'wlan client encryption wpa3' => 'WPA3',
 'wlan client group cipher' => 'Group cipher',
 'wlan client group key algorithm' => 'GKA',
 'wlan client identity' => 'Identity',
diff --git a/src/initscripts/system/wlanclient b/src/initscripts/system/wlanclient
index b32a4cb4ac..27a144f723 100644
--- a/src/initscripts/system/wlanclient
+++ b/src/initscripts/system/wlanclient
@@ -86,6 +86,7 @@ function wpa_supplicant_config_line() {
 	local config=${2}
 	shift 2
 
+	local ieee80211w
 	local anonymous_identity
 	local auth_alg
 	local auth_mode
@@ -144,6 +145,11 @@ function wpa_supplicant_config_line() {
 		EAP)
 			key_mgmt="WPA-EAP"
 			;;
+		WPA3)
+			key_mgmt="SAE"
+
+			ieee80211w="2"
+			;;
 		WPA2)
 			auth_alg="OPEN"
 			proto="RSN"
@@ -209,7 +215,11 @@ function wpa_supplicant_config_line() {
 			echo "	key_mgmt=${key_mgmt}"
 		fi
 		if [ -n "${psk}" ]; then
-			echo "	psk=\"${psk}\""
+			if [ "${key_mgmt}" = "SAE" ]; then
+				echo "	sae_password=\"${psk}\""
+			else
+				echo "	psk=\"${psk}\""
+			fi
 		fi
 		if [ -n "${wep_tx_keyidx}" ]; then
 			echo "	wep_tx_keyidx=${wep_tx_keyidx}"
@@ -227,6 +237,9 @@ function wpa_supplicant_config_line() {
 		if [ -n "${priority}" ]; then
 			echo "	priority=${priority}"
 		fi
+		if [ -n "${ieee80211w}" ]; then
+			echo "	ieee80211w=${ieee80211w}"
+		fi
 
 		# EAP
 		if [ "${mode}" = "EAP" ]; then
-- 
2.39.2