aboutsummaryrefslogtreecommitdiffstats
path: root/hostapd
diff options
context:
space:
mode:
authorJouni Malinen <jouni@qca.qualcomm.com>2017-10-11 20:07:08 (GMT)
committerJouni Malinen <j@w1.fi>2017-10-11 20:10:19 (GMT)
commit2377c1caef77c9c309681ad419b87cafc1c10e28 (patch)
tree0b6c344ca6400fabfda32f333e858473d06a2f83 /hostapd
parentc5aeb4343e82610844c550544de94be8d36f2a96 (diff)
downloadhostap-2377c1caef77c9c309681ad419b87cafc1c10e28.zip
hostap-2377c1caef77c9c309681ad419b87cafc1c10e28.tar.gz
hostap-2377c1caef77c9c309681ad419b87cafc1c10e28.tar.bz2
SAE: Allow SAE password to be configured separately (AP)
The new sae_password hostapd configuration parameter can now be used to set the SAE password instead of the previously used wpa_passphrase parameter. This allows shorter than 8 characters and longer than 63 characters long passwords to be used. In addition, this makes it possible to configure a BSS with both WPA-PSK and SAE enabled to use different passphrase/password based on which AKM is selected. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Diffstat (limited to 'hostapd')
-rw-r--r--hostapd/config_file.c3
-rw-r--r--hostapd/hostapd.conf9
2 files changed, 12 insertions, 0 deletions
diff --git a/hostapd/config_file.c b/hostapd/config_file.c
index fd3ad0a..cd72f7a 100644
--- a/hostapd/config_file.c
+++ b/hostapd/config_file.c
@@ -3594,6 +3594,9 @@ static int hostapd_config_fill(struct hostapd_config *conf,
} else if (os_strcmp(buf, "sae_commit_override") == 0) {
wpabuf_free(bss->sae_commit_override);
bss->sae_commit_override = wpabuf_parse_bin(pos);
+ } else if (os_strcmp(buf, "sae_password") == 0) {
+ os_free(bss->sae_password);
+ bss->sae_password = os_strdup(pos);
#endif /* CONFIG_TESTING_OPTIONS */
} else if (os_strcmp(buf, "vendor_elements") == 0) {
if (parse_wpabuf_hex(line, buf, &bss->vendor_elements, pos))
diff --git a/hostapd/hostapd.conf b/hostapd/hostapd.conf
index d2e884c..c25f2e4 100644
--- a/hostapd/hostapd.conf
+++ b/hostapd/hostapd.conf
@@ -1378,6 +1378,15 @@ own_ip_addr=127.0.0.1
# 1 = enabled
#okc=1
+# SAE password
+# This parameter can be used to set a password for SAE. By default, the
+# wpa_passphrase value is used if this separate parameter is not used, but
+# wpa_passphrase follows the WPA-PSK constraints (8..63 characters) even though
+# SAE passwords do not have such constraints. If the BSS enabled both SAE and
+# WPA-PSK and both values are set, SAE uses the sae_password value and WPA-PSK
+# uses the wpa_passphrase value.
+#sae_password=secret
+
# SAE threshold for anti-clogging mechanism (dot11RSNASAEAntiCloggingThreshold)
# This parameter defines how many open SAE instances can be in progress at the
# same time before the anti-clogging mechanism is taken into use.