aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJoerg Werner <schreibubi@gmail.com>2022-06-26 17:18:39 +0200
committerHauke Mehrtens <hauke@hauke-m.de>2022-08-26 22:30:56 +0200
commit0197cc553ad896284b60e7ca66493d0d686cc732 (patch)
treef419ec0d1b773edeef7655dd1443e5a082458f45
parent567f64df57f1e7af53829e539d80eb8f2dbc209f (diff)
downloadupstream-0197cc553ad896284b60e7ca66493d0d686cc732.tar.gz
upstream-0197cc553ad896284b60e7ca66493d0d686cc732.tar.bz2
upstream-0197cc553ad896284b60e7ca66493d0d686cc732.zip
hostapd: fix WPA3 enterprise keys and ciphers
WPA3 enterprise requires group_mgmt_cipher=BIP-GMAC-256 and if 802.11r is active also wpa_key_mgmt FT-EAP-SHA384. This commit also requires corresponding changes in netifd. Signed-off-by: Joerg Werner <schreibubi@gmail.com> (cherry picked from commit 9fbb76c0470fd54f1f34909b1098d0f76078878f)
-rw-r--r--package/network/services/hostapd/files/hostapd.sh13
1 files changed, 10 insertions, 3 deletions
diff --git a/package/network/services/hostapd/files/hostapd.sh b/package/network/services/hostapd/files/hostapd.sh
index 99688810f3..f7bb7164cd 100644
--- a/package/network/services/hostapd/files/hostapd.sh
+++ b/package/network/services/hostapd/files/hostapd.sh
@@ -48,12 +48,15 @@ hostapd_append_wpa_key_mgmt() {
;;
eap192)
append wpa_key_mgmt "WPA-EAP-SUITE-B-192"
- [ "${ieee80211r:-0}" -gt 0 ] && append wpa_key_mgmt "FT-EAP"
+ [ "${ieee80211r:-0}" -gt 0 ] && append wpa_key_mgmt "FT-EAP-SHA384"
;;
eap-eap192)
append wpa_key_mgmt "WPA-EAP-SUITE-B-192"
append wpa_key_mgmt "WPA-EAP"
- [ "${ieee80211r:-0}" -gt 0 ] && append wpa_key_mgmt "FT-EAP"
+ [ "${ieee80211r:-0}" -gt 0 ] && {
+ append wpa_key_mgmt "FT-EAP-SHA384"
+ append wpa_key_mgmt "FT-EAP"
+ }
[ "${ieee80211w:-0}" -gt 0 ] && append wpa_key_mgmt "WPA-EAP-SHA256"
;;
sae)
@@ -934,7 +937,11 @@ hostapd_set_bss_options() {
json_get_vars ieee80211w_mgmt_cipher ieee80211w_max_timeout ieee80211w_retry_timeout
append bss_conf "ieee80211w=$ieee80211w" "$N"
[ "$ieee80211w" -gt "0" ] && {
- append bss_conf "group_mgmt_cipher=${ieee80211w_mgmt_cipher:-AES-128-CMAC}" "$N"
+ if [ "$auth_type" = "eap192" ]; then
+ append bss_conf "group_mgmt_cipher=BIP-GMAC-256" "$N"
+ else
+ append bss_conf "group_mgmt_cipher=${ieee80211w_mgmt_cipher:-AES-128-CMAC}" "$N"
+ fi
[ -n "$ieee80211w_max_timeout" ] && \
append bss_conf "assoc_sa_query_max_timeout=$ieee80211w_max_timeout" "$N"
[ -n "$ieee80211w_retry_timeout" ] && \