aboutsummaryrefslogtreecommitdiffstats
path: root/hostapd
diff options
context:
space:
mode:
authorJouni Malinen <jouni@qca.qualcomm.com>2017-10-10 16:00:57 (GMT)
committerJouni Malinen <j@w1.fi>2017-10-10 18:03:57 (GMT)
commit91cc34bf324f89d9f4762da018b091b3ac115798 (patch)
tree8d9fb141af68e02d02208f1366925e223af81ef0 /hostapd
parente30de6c2506f034ce709c1bdbae4d2fcabeed041 (diff)
downloadhostap-91cc34bf324f89d9f4762da018b091b3ac115798.zip
hostap-91cc34bf324f89d9f4762da018b091b3ac115798.tar.gz
hostap-91cc34bf324f89d9f4762da018b091b3ac115798.tar.bz2
OWE: Allow set of enabled DH groups to be limited on AP
The new hostapd configuration parameter owe_groups can be used to specify a subset of the allowed DH groups as a space separated list of group identifiers. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Diffstat (limited to 'hostapd')
-rw-r--r--hostapd/config_file.c8
-rw-r--r--hostapd/hostapd.conf9
2 files changed, 16 insertions, 1 deletions
diff --git a/hostapd/config_file.c b/hostapd/config_file.c
index ac08b7b..fd3ad0a 100644
--- a/hostapd/config_file.c
+++ b/hostapd/config_file.c
@@ -3795,7 +3795,13 @@ static int hostapd_config_fill(struct hostapd_config *conf,
} else if (os_strcmp(buf, "owe_transition_ifname") == 0) {
os_strlcpy(bss->owe_transition_ifname, pos,
sizeof(bss->owe_transition_ifname));
-
+ } else if (os_strcmp(buf, "owe_groups") == 0) {
+ if (hostapd_parse_intlist(&bss->owe_groups, pos)) {
+ wpa_printf(MSG_ERROR,
+ "Line %d: Invalid owe_groups value '%s'",
+ line, pos);
+ return 1;
+ }
#endif /* CONFIG_OWE */
} else {
wpa_printf(MSG_ERROR,
diff --git a/hostapd/hostapd.conf b/hostapd/hostapd.conf
index f0e553c..d2e884c 100644
--- a/hostapd/hostapd.conf
+++ b/hostapd/hostapd.conf
@@ -1407,6 +1407,15 @@ own_ip_addr=127.0.0.1
# 1-65535 DH Group to use for FILS PFS
#fils_dh_group=0
+# OWE DH groups
+# OWE implementations are required to support group 19 (NIST P-256). All groups
+# that are supported by the implementation (e.g., groups 19, 20, and 21 when
+# using OpenSSL) are enabled by default. This configuration parameter can be
+# used to specify a limited set of allowed groups. The group values are listed
+# in the IANA registry:
+# http://www.iana.org/assignments/ipsec-registry/ipsec-registry.xml#ipsec-registry-10
+#owe_groups=19 20 21
+
# OWE transition mode configuration
# Pointer to the matching open/OWE BSS
#owe_transition_bssid=<bssid>