KumiSystems/openwrtv3
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

hostapd: Add WPA-EAP-SUITE-B-192 (WPA3-Enterprise)

Browse source 
This adds support for the WPA3-Enterprise mode authentication.

The settings for the WPA3-Enterpriese mode are defined in
WPA3_Specification_v1.0.pdf. This mode also requires ieee80211w and
guarantees at least 192 bit of security.

This does not increase the ipkg size by a significant size.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
This commit is contained in:
Hauke Mehrtens 2018-10-09 22:50:50 +02:00
parent 18c6c93a3b
commit 4c3fae4adc
3 changed files with 18 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
package/network/services/hostapd/Makefile
View file

@ -97,11 +97,11 @@ endif
ifeq ($(LOCAL_VARIANT),full) ifeq ($(LOCAL_VARIANT),full)
ifeq ($(SSL_VARIANT),openssl) ifeq ($(SSL_VARIANT),openssl)
DRIVER_MAKEOPTS += CONFIG_TLS=openssl CONFIG_SAE=y CONFIG_OWE=y DRIVER_MAKEOPTS += CONFIG_TLS=openssl CONFIG_SAE=y CONFIG_OWE=y CONFIG_SUITEB192=y
TARGET_LDFLAGS += -lcrypto -lssl TARGET_LDFLAGS += -lcrypto -lssl
endif endif
ifeq ($(SSL_VARIANT),wolfssl) ifeq ($(SSL_VARIANT),wolfssl)
DRIVER_MAKEOPTS += CONFIG_TLS=wolfssl CONFIG_WPS_NFC=1 CONFIG_SAE=y CONFIG_OWE=y DRIVER_MAKEOPTS += CONFIG_TLS=wolfssl CONFIG_WPS_NFC=1 CONFIG_SAE=y CONFIG_OWE=y CONFIG_SUITEB192=y
TARGET_LDFLAGS += -lwolfssl TARGET_LDFLAGS += -lwolfssl
endif endif
endif endif

15
package/network/services/hostapd/files/hostapd.sh
View file

@ -45,6 +45,15 @@ hostapd_append_wpa_key_mgmt() {
[ "${ieee80211r:-0}" -gt 0 ] && append wpa_key_mgmt "FT-${auth_type_l}" [ "${ieee80211r:-0}" -gt 0 ] && append wpa_key_mgmt "FT-${auth_type_l}"
[ "${ieee80211w:-0}" -gt 0 ] && append wpa_key_mgmt "WPA-${auth_type_l}-SHA256" [ "${ieee80211w:-0}" -gt 0 ] && append wpa_key_mgmt "WPA-${auth_type_l}-SHA256"
;; ;;
eap192)
append wpa_key_mgmt "WPA-EAP-SUITE-B-192"
;;
eap-eap192)
append wpa_key_mgmt "WPA-EAP-SUITE-B-192"
append wpa_key_mgmt "WPA-EAP"
[ "${ieee80211r:-0}" -gt 0 ] && append wpa_key_mgmt "FT-EAP"
[ "${ieee80211w:-0}" -gt 0 ] && append wpa_key_mgmt "WPA-EAP-SHA256"
;;
sae) sae)
append wpa_key_mgmt "SAE" append wpa_key_mgmt "SAE"
[ "${ieee80211r:-0}" -gt 0 ] && append wpa_key_mgmt "FT-SAE" [ "${ieee80211r:-0}" -gt 0 ] && append wpa_key_mgmt "FT-SAE"
@ -307,7 +316,7 @@ hostapd_set_bss_options() {
} }
case "$auth_type" in case "$auth_type" in
sae|owe) sae|owe|eap192|eap-eap192)
set_default ieee80211w 2 set_default ieee80211w 2
set_default sae_require_mfp 1 set_default sae_require_mfp 1
;; ;;
@ -350,7 +359,7 @@ hostapd_set_bss_options() {
wps_possible=1 wps_possible=1
;; ;;
eap) eap|eap192|eap-eap192)
json_get_vars \ json_get_vars \
auth_server auth_secret auth_port \ auth_server auth_secret auth_port \
dae_client dae_secret dae_port \ dae_client dae_secret dae_port \
@ -771,7 +780,7 @@ wpa_supplicant_add_network() {
fi fi
append network_data "$passphrase" "$N$T" append network_data "$passphrase" "$N$T"
;; ;;
eap) eap|eap192|eap-eap192)
hostapd_append_wpa_key_mgmt hostapd_append_wpa_key_mgmt
key_mgmt="$wpa_key_mgmt" key_mgmt="$wpa_key_mgmt"

4
package/network/services/hostapd/src/src/utils/build_features.h
View file

@ -34,6 +34,10 @@ static inline int has_feature(const char *feat)
#ifdef CONFIG_OWE #ifdef CONFIG_OWE
if (!strcmp(feat, "owe")) if (!strcmp(feat, "owe"))
return 1; return 1;
#endif
#ifdef CONFIG_SUITEB192
if (!strcmp(feat, "suiteb192"))
return 1;
#endif #endif
return 0; return 0;
} }