hostapd: Activate Opportunistic Wireless Encryption (OWE)
OWE is defined in RFC 8110 and provides encryption and forward security for open networks. This is based on the requirements in the Wifi alliance document Opportunistic_Wireless_Encryption_Specification_v1.0_0.pdf The wifi alliance requires ieee80211w for the OWE mode. This also makes it possible to configure the OWE transission mode which allows it operate an open and an OWE BSSID in parallel and the client should only show one network. This increases the ipkg size by 5.800 Bytes. Old: 402.541 Bytes New: 408.341 Bytes Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
This commit is contained in:
parent
4a009a16d2
commit
18c6c93a3b
3 changed files with 21 additions and 4 deletions
|
@ -97,11 +97,11 @@ endif
|
|||
|
||||
ifeq ($(LOCAL_VARIANT),full)
|
||||
ifeq ($(SSL_VARIANT),openssl)
|
||||
DRIVER_MAKEOPTS += CONFIG_TLS=openssl CONFIG_SAE=y
|
||||
DRIVER_MAKEOPTS += CONFIG_TLS=openssl CONFIG_SAE=y CONFIG_OWE=y
|
||||
TARGET_LDFLAGS += -lcrypto -lssl
|
||||
endif
|
||||
ifeq ($(SSL_VARIANT),wolfssl)
|
||||
DRIVER_MAKEOPTS += CONFIG_TLS=wolfssl CONFIG_WPS_NFC=1 CONFIG_SAE=y
|
||||
DRIVER_MAKEOPTS += CONFIG_TLS=wolfssl CONFIG_WPS_NFC=1 CONFIG_SAE=y CONFIG_OWE=y
|
||||
TARGET_LDFLAGS += -lwolfssl
|
||||
endif
|
||||
endif
|
||||
|
|
|
@ -56,6 +56,9 @@ hostapd_append_wpa_key_mgmt() {
|
|||
append wpa_key_mgmt "SAE"
|
||||
[ "${ieee80211r:-0}" -gt 0 ] && append wpa_key_mgmt "FT-SAE"
|
||||
;;
|
||||
owe)
|
||||
append wpa_key_mgmt "OWE"
|
||||
;;
|
||||
esac
|
||||
}
|
||||
|
||||
|
@ -226,6 +229,8 @@ hostapd_common_add_bss_config() {
|
|||
config_add_array supported_rates
|
||||
|
||||
config_add_boolean sae_require_mfp
|
||||
|
||||
config_add_string 'owe_transition_bssid:macaddr' 'owe_transition_ssid:string'
|
||||
}
|
||||
|
||||
hostapd_set_bss_options() {
|
||||
|
@ -302,7 +307,7 @@ hostapd_set_bss_options() {
|
|||
}
|
||||
|
||||
case "$auth_type" in
|
||||
sae)
|
||||
sae|owe)
|
||||
set_default ieee80211w 2
|
||||
set_default sae_require_mfp 1
|
||||
;;
|
||||
|
@ -316,7 +321,12 @@ hostapd_set_bss_options() {
|
|||
local vlan_possible=""
|
||||
|
||||
case "$auth_type" in
|
||||
none)
|
||||
none|owe)
|
||||
json_get_vars owe_transition_bssid owe_transition_ssid
|
||||
|
||||
[ -n "$owe_transition_ssid" ] && append bss_conf "owe_transition_ssid=\"$owe_transition_ssid\"" "$N"
|
||||
[ -n "$owe_transition_bssid" ] && append bss_conf "owe_transition_bssid=$owe_transition_bssid" "$N"
|
||||
|
||||
wps_possible=1
|
||||
# Here we make the assumption that if we're in open mode
|
||||
# with WPS enabled, we got to be in unconfigured state.
|
||||
|
@ -733,6 +743,9 @@ wpa_supplicant_add_network() {
|
|||
|
||||
case "$auth_type" in
|
||||
none) ;;
|
||||
owe)
|
||||
hostapd_append_wpa_key_mgmt
|
||||
;;
|
||||
wep)
|
||||
local wep_keyidx=0
|
||||
hostapd_append_wep_key network_data
|
||||
|
|
|
@ -30,6 +30,10 @@ static inline int has_feature(const char *feat)
|
|||
#ifdef CONFIG_SAE
|
||||
if (!strcmp(feat, "sae"))
|
||||
return 1;
|
||||
#endif
|
||||
#ifdef CONFIG_OWE
|
||||
if (!strcmp(feat, "owe"))
|
||||
return 1;
|
||||
#endif
|
||||
return 0;
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue