diff options
author | Jouni Malinen <jouni@qca.qualcomm.com> | 2015-09-01 14:57:59 (GMT) |
---|---|---|
committer | Jouni Malinen <j@w1.fi> | 2016-10-10 18:11:27 (GMT) |
commit | 903ecbe8da5d814e82a6cae5579d8848b5d008ba (patch) | |
tree | 61b4930d7c14fac12823d74f0edf139a29683c60 /hostapd | |
parent | 274d8b776f313700943cd4502c8989149e0930ff (diff) | |
download | hostap-903ecbe8da5d814e82a6cae5579d8848b5d008ba.zip hostap-903ecbe8da5d814e82a6cae5579d8848b5d008ba.tar.gz hostap-903ecbe8da5d814e82a6cae5579d8848b5d008ba.tar.bz2 |
FILS: Add hostapd configuration options
This adds CONFIG_FILS=y build configuration option and new key
management options for FILS authentication.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Diffstat (limited to 'hostapd')
-rw-r--r-- | hostapd/Android.mk | 10 | ||||
-rw-r--r-- | hostapd/Makefile | 10 | ||||
-rw-r--r-- | hostapd/config_file.c | 22 | ||||
-rw-r--r-- | hostapd/ctrl_iface.c | 28 | ||||
-rw-r--r-- | hostapd/defconfig | 5 | ||||
-rw-r--r-- | hostapd/hostapd.conf | 7 |
6 files changed, 82 insertions, 0 deletions
diff --git a/hostapd/Android.mk b/hostapd/Android.mk index ea3a39a..da92639 100644 --- a/hostapd/Android.mk +++ b/hostapd/Android.mk @@ -258,6 +258,12 @@ NEED_ECC=y NEED_DH_GROUPS=y endif +ifdef CONFIG_FILS +L_CFLAGS += -DCONFIG_FILS +NEED_CRC32=y +NEED_SHA384=y +endif + ifdef CONFIG_WNM L_CFLAGS += -DCONFIG_WNM OBJS += src/ap/wnm_ap.c @@ -852,6 +858,10 @@ ifdef NEED_ECC L_CFLAGS += -DCONFIG_ECC endif +ifdef NEED_CRC32 +OBJS += src/utils/crc32.c +endif + ifdef CONFIG_NO_RANDOM_POOL L_CFLAGS += -DCONFIG_NO_RANDOM_POOL else diff --git a/hostapd/Makefile b/hostapd/Makefile index 46dffe5..61daf0d 100644 --- a/hostapd/Makefile +++ b/hostapd/Makefile @@ -305,6 +305,12 @@ NEED_DH_GROUPS=y NEED_AP_MLME=y endif +ifdef CONFIG_FILS +CFLAGS += -DCONFIG_FILS +NEED_CRC32=y +NEED_SHA384=y +endif + ifdef CONFIG_WNM CFLAGS += -DCONFIG_WNM OBJS += ../src/ap/wnm_ap.o @@ -894,6 +900,10 @@ ifdef NEED_ECC CFLAGS += -DCONFIG_ECC endif +ifdef NEED_CRC32 +OBJS += ../src/utils/crc32.o +endif + ifdef CONFIG_NO_RANDOM_POOL CFLAGS += -DCONFIG_NO_RANDOM_POOL else diff --git a/hostapd/config_file.c b/hostapd/config_file.c index 2d67282..9c744de 100644 --- a/hostapd/config_file.c +++ b/hostapd/config_file.c @@ -710,6 +710,18 @@ static int hostapd_config_parse_key_mgmt(int line, const char *value) else if (os_strcmp(start, "WPA-EAP-SUITE-B-192") == 0) val |= WPA_KEY_MGMT_IEEE8021X_SUITE_B_192; #endif /* CONFIG_SUITEB192 */ +#ifdef CONFIG_FILS + else if (os_strcmp(start, "FILS-SHA256") == 0) + val |= WPA_KEY_MGMT_FILS_SHA256; + else if (os_strcmp(start, "FILS-SHA384") == 0) + val |= WPA_KEY_MGMT_FILS_SHA384; +#ifdef CONFIG_IEEE80211R + else if (os_strcmp(start, "FT-FILS-SHA256") == 0) + val |= WPA_KEY_MGMT_FT_FILS_SHA256; + else if (os_strcmp(start, "FT-FILS-SHA384") == 0) + val |= WPA_KEY_MGMT_FT_FILS_SHA384; +#endif /* CONFIG_IEEE80211R */ +#endif /* CONFIG_FILS */ else { wpa_printf(MSG_ERROR, "Line %d: invalid key_mgmt '%s'", line, start); @@ -3493,6 +3505,16 @@ static int hostapd_config_fill(struct hostapd_config *conf, bss->ftm_responder = atoi(pos); } else if (os_strcmp(buf, "ftm_initiator") == 0) { bss->ftm_initiator = atoi(pos); +#ifdef CONFIG_FILS + } else if (os_strcmp(buf, "fils_cache_id") == 0) { + if (hexstr2bin(pos, bss->fils_cache_id, FILS_CACHE_ID_LEN)) { + wpa_printf(MSG_ERROR, + "Line %d: Invalid fils_cache_id '%s'", + line, pos); + return 1; + } + bss->fils_cache_id_set = 1; +#endif /* CONFIG_FILS */ } else { wpa_printf(MSG_ERROR, "Line %d: unknown configuration item '%s'", diff --git a/hostapd/ctrl_iface.c b/hostapd/ctrl_iface.c index d7db4a7..d563831 100644 --- a/hostapd/ctrl_iface.c +++ b/hostapd/ctrl_iface.c @@ -1117,6 +1117,20 @@ static int hostapd_ctrl_iface_get_key_mgmt(struct hostapd_data *hapd, pos += ret; } #endif /* CONFIG_SAE */ +#ifdef CONFIG_FILS + if (hapd->conf->wpa_key_mgmt & WPA_KEY_MGMT_FT_FILS_SHA256) { + ret = os_snprintf(pos, end - pos, "FT-FILS-SHA256 "); + if (os_snprintf_error(end - pos, ret)) + return pos - buf; + pos += ret; + } + if (hapd->conf->wpa_key_mgmt & WPA_KEY_MGMT_FT_FILS_SHA384) { + ret = os_snprintf(pos, end - pos, "FT-FILS-SHA384 "); + if (os_snprintf_error(end - pos, ret)) + return pos - buf; + pos += ret; + } +#endif /* CONFIG_FILS */ #endif /* CONFIG_IEEE80211R */ #ifdef CONFIG_IEEE80211W if (hapd->conf->wpa_key_mgmt & WPA_KEY_MGMT_PSK_SHA256) { @@ -1154,6 +1168,20 @@ static int hostapd_ctrl_iface_get_key_mgmt(struct hostapd_data *hapd, return pos - buf; pos += ret; } +#ifdef CONFIG_FILS + if (hapd->conf->wpa_key_mgmt & WPA_KEY_MGMT_FILS_SHA256) { + ret = os_snprintf(pos, end - pos, "FILS-SHA256 "); + if (os_snprintf_error(end - pos, ret)) + return pos - buf; + pos += ret; + } + if (hapd->conf->wpa_key_mgmt & WPA_KEY_MGMT_FILS_SHA384) { + ret = os_snprintf(pos, end - pos, "FILS-SHA384 "); + if (os_snprintf_error(end - pos, ret)) + return pos - buf; + pos += ret; + } +#endif /* CONFIG_FILS */ if (pos > buf && *(pos - 1) == ' ') { *(pos - 1) = '\0'; diff --git a/hostapd/defconfig b/hostapd/defconfig index 4659dd1..28d1b6c 100644 --- a/hostapd/defconfig +++ b/hostapd/defconfig @@ -343,3 +343,8 @@ CONFIG_IPV6=y # a client, from which a signature can be produced which can identify the model # of client device like "Nexus 6P" or "iPhone 5s". #CONFIG_TAXONOMY=y + +# Fast Initial Link Setup (FILS) (IEEE 802.11ai) +# Note: This is an experimental and not yet complete implementation. This +# should not be enabled for production use. +#CONFIG_FILS=y diff --git a/hostapd/hostapd.conf b/hostapd/hostapd.conf index b5f5b17..0574fa4 100644 --- a/hostapd/hostapd.conf +++ b/hostapd/hostapd.conf @@ -1163,6 +1163,10 @@ own_ip_addr=127.0.0.1 # Set of accepted key management algorithms (WPA-PSK, WPA-EAP, or both). The # entries are separated with a space. WPA-PSK-SHA256 and WPA-EAP-SHA256 can be # added to enable SHA256-based stronger algorithms. +# FILS-SHA256 = Fast Initial Link Setup with SHA256 +# FILS-SHA384 = Fast Initial Link Setup with SHA384 +# FT-FILS-SHA256 = FT and Fast Initial Link Setup with SHA256 +# FT-FILS-SHA384 = FT and Fast Initial Link Setup with SHA384 # (dot11RSNAConfigAuthenticationSuitesTable) #wpa_key_mgmt=WPA-PSK WPA-EAP @@ -1273,6 +1277,9 @@ own_ip_addr=127.0.0.1 # http://www.iana.org/assignments/ipsec-registry/ipsec-registry.xml#ipsec-registry-9 #sae_groups=19 20 21 25 26 +# FILS Cache Identifier (16-bit value in hexdump format) +#fils_cache_id=0011 + ##### IEEE 802.11r configuration ############################################## # Mobility Domain identifier (dot11FTMobilityDomainID, MDID) |