aboutsummaryrefslogtreecommitdiffstats
path: root/hostapd
diff options
context:
space:
mode:
authorJouni Malinen <jouni@qca.qualcomm.com>2014-03-12 18:26:37 (GMT)
committerJouni Malinen <j@w1.fi>2014-03-14 19:58:45 (GMT)
commit8dd9f9cdde4b865a7b611a2ed5b97a849ac945bc (patch)
tree53e6b696818bcc42effcc472c4ae31668ee83ac8 /hostapd
parent67d39cfb3245c8e3adb91e82482ff69d7f1b25c6 (diff)
downloadhostap-8dd9f9cdde4b865a7b611a2ed5b97a849ac945bc.zip
hostap-8dd9f9cdde4b865a7b611a2ed5b97a849ac945bc.tar.gz
hostap-8dd9f9cdde4b865a7b611a2ed5b97a849ac945bc.tar.bz2
Allow management group cipher to be configured
This allows hostapd to set a different management group cipher than the previously hardcoded default BIP (AES-128-CMAC). The new configuration file parameter group_mgmt_cipher can be set to BIP-GMAC-128, BIP-GMAC-256, or BIP-CMAC-256 to select one of the ciphers defined in IEEE Std 802.11ac-2013. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Diffstat (limited to 'hostapd')
-rw-r--r--hostapd/config_file.c14
-rw-r--r--hostapd/hostapd.conf11
2 files changed, 25 insertions, 0 deletions
diff --git a/hostapd/config_file.c b/hostapd/config_file.c
index f018f96..814468d 100644
--- a/hostapd/config_file.c
+++ b/hostapd/config_file.c
@@ -2600,6 +2600,20 @@ static int hostapd_config_fill(struct hostapd_config *conf,
#ifdef CONFIG_IEEE80211W
} else if (os_strcmp(buf, "ieee80211w") == 0) {
bss->ieee80211w = atoi(pos);
+ } else if (os_strcmp(buf, "group_mgmt_cipher") == 0) {
+ if (os_strcmp(pos, "AES-128-CMAC") == 0) {
+ bss->group_mgmt_cipher = WPA_CIPHER_AES_128_CMAC;
+ } else if (os_strcmp(pos, "BIP-GMAC-128") == 0) {
+ bss->group_mgmt_cipher = WPA_CIPHER_BIP_GMAC_128;
+ } else if (os_strcmp(pos, "BIP-GMAC-256") == 0) {
+ bss->group_mgmt_cipher = WPA_CIPHER_BIP_GMAC_256;
+ } else if (os_strcmp(pos, "BIP-CMAC-256") == 0) {
+ bss->group_mgmt_cipher = WPA_CIPHER_BIP_CMAC_256;
+ } else {
+ wpa_printf(MSG_ERROR, "Line %d: invalid group_mgmt_cipher: %s",
+ line, pos);
+ return 1;
+ }
} else if (os_strcmp(buf, "assoc_sa_query_max_timeout") == 0) {
bss->assoc_sa_query_max_timeout = atoi(pos);
if (bss->assoc_sa_query_max_timeout == 0) {
diff --git a/hostapd/hostapd.conf b/hostapd/hostapd.conf
index 81ddabc..23ee1e5 100644
--- a/hostapd/hostapd.conf
+++ b/hostapd/hostapd.conf
@@ -1104,6 +1104,17 @@ own_ip_addr=127.0.0.1
# 2 = required
#ieee80211w=0
+# Group management cipher suite
+# Default: AES-128-CMAC (BIP)
+# Other options (depending on driver support):
+# BIP-GMAC-128
+# BIP-GMAC-256
+# BIP-CMAC-256
+# Note: All the stations connecting to the BSS will also need to support the
+# selected cipher. The default AES-128-CMAC is the only option that is commonly
+# available in deployed devices.
+#group_mgmt_cipher=AES-128-CMAC
+
# Association SA Query maximum timeout (in TU = 1.024 ms; for MFP)
# (maximum time to wait for a SA Query response)
# dot11AssociationSAQueryMaximumTimeout, 1...4294967295