aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorHauke Mehrtens <hauke@hauke-m.de>2018-10-04 22:45:06 +0200
committerHauke Mehrtens <hauke@hauke-m.de>2018-10-14 13:57:15 +0200
commit18c6c93a3b83831a1e7d7d80c22c477412c56cb4 (patch)
treef58dbbef6d8eaeb87d1a4d593336ee084c697240
parent4a009a16d2e87da3cd0b994934d3c3b76ca0455b (diff)
downloadupstream-18c6c93a3b83831a1e7d7d80c22c477412c56cb4.tar.gz
upstream-18c6c93a3b83831a1e7d7d80c22c477412c56cb4.tar.bz2
upstream-18c6c93a3b83831a1e7d7d80c22c477412c56cb4.zip
hostapd: Activate Opportunistic Wireless Encryption (OWE)
OWE is defined in RFC 8110 and provides encryption and forward security for open networks. This is based on the requirements in the Wifi alliance document Opportunistic_Wireless_Encryption_Specification_v1.0_0.pdf The wifi alliance requires ieee80211w for the OWE mode. This also makes it possible to configure the OWE transission mode which allows it operate an open and an OWE BSSID in parallel and the client should only show one network. This increases the ipkg size by 5.800 Bytes. Old: 402.541 Bytes New: 408.341 Bytes Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
-rw-r--r--package/network/services/hostapd/Makefile4
-rw-r--r--package/network/services/hostapd/files/hostapd.sh17
-rw-r--r--package/network/services/hostapd/src/src/utils/build_features.h4
3 files changed, 21 insertions, 4 deletions
diff --git a/package/network/services/hostapd/Makefile b/package/network/services/hostapd/Makefile
index 3f9b776f55..06cf0469ef 100644
--- a/package/network/services/hostapd/Makefile
+++ b/package/network/services/hostapd/Makefile
@@ -97,11 +97,11 @@ endif
ifeq ($(LOCAL_VARIANT),full)
ifeq ($(SSL_VARIANT),openssl)
- DRIVER_MAKEOPTS += CONFIG_TLS=openssl CONFIG_SAE=y
+ DRIVER_MAKEOPTS += CONFIG_TLS=openssl CONFIG_SAE=y CONFIG_OWE=y
TARGET_LDFLAGS += -lcrypto -lssl
endif
ifeq ($(SSL_VARIANT),wolfssl)
- DRIVER_MAKEOPTS += CONFIG_TLS=wolfssl CONFIG_WPS_NFC=1 CONFIG_SAE=y
+ DRIVER_MAKEOPTS += CONFIG_TLS=wolfssl CONFIG_WPS_NFC=1 CONFIG_SAE=y CONFIG_OWE=y
TARGET_LDFLAGS += -lwolfssl
endif
endif
diff --git a/package/network/services/hostapd/files/hostapd.sh b/package/network/services/hostapd/files/hostapd.sh
index c9882701fa..6a2eb7b023 100644
--- a/package/network/services/hostapd/files/hostapd.sh
+++ b/package/network/services/hostapd/files/hostapd.sh
@@ -56,6 +56,9 @@ hostapd_append_wpa_key_mgmt() {
append wpa_key_mgmt "SAE"
[ "${ieee80211r:-0}" -gt 0 ] && append wpa_key_mgmt "FT-SAE"
;;
+ owe)
+ append wpa_key_mgmt "OWE"
+ ;;
esac
}
@@ -226,6 +229,8 @@ hostapd_common_add_bss_config() {
config_add_array supported_rates
config_add_boolean sae_require_mfp
+
+ config_add_string 'owe_transition_bssid:macaddr' 'owe_transition_ssid:string'
}
hostapd_set_bss_options() {
@@ -302,7 +307,7 @@ hostapd_set_bss_options() {
}
case "$auth_type" in
- sae)
+ sae|owe)
set_default ieee80211w 2
set_default sae_require_mfp 1
;;
@@ -316,7 +321,12 @@ hostapd_set_bss_options() {
local vlan_possible=""
case "$auth_type" in
- none)
+ none|owe)
+ json_get_vars owe_transition_bssid owe_transition_ssid
+
+ [ -n "$owe_transition_ssid" ] && append bss_conf "owe_transition_ssid=\"$owe_transition_ssid\"" "$N"
+ [ -n "$owe_transition_bssid" ] && append bss_conf "owe_transition_bssid=$owe_transition_bssid" "$N"
+
wps_possible=1
# Here we make the assumption that if we're in open mode
# with WPS enabled, we got to be in unconfigured state.
@@ -733,6 +743,9 @@ wpa_supplicant_add_network() {
case "$auth_type" in
none) ;;
+ owe)
+ hostapd_append_wpa_key_mgmt
+ ;;
wep)
local wep_keyidx=0
hostapd_append_wep_key network_data
diff --git a/package/network/services/hostapd/src/src/utils/build_features.h b/package/network/services/hostapd/src/src/utils/build_features.h
index 328c76c67e..4013ae7b30 100644
--- a/package/network/services/hostapd/src/src/utils/build_features.h
+++ b/package/network/services/hostapd/src/src/utils/build_features.h
@@ -31,6 +31,10 @@ static inline int has_feature(const char *feat)
if (!strcmp(feat, "sae"))
return 1;
#endif
+#ifdef CONFIG_OWE
+ if (!strcmp(feat, "owe"))
+ return 1;
+#endif
return 0;
}