aboutsummaryrefslogtreecommitdiffstats
path: root/wpa_supplicant/config_file.c
diff options
context:
space:
mode:
authorSabrina Dubroca <sd@queasysnail.net>2016-11-02 15:38:35 (GMT)
committerJouni Malinen <j@w1.fi>2016-11-19 22:35:08 (GMT)
commitad51731abf06efb284d020578eb34e7b1daeb23e (patch)
tree35218421991dfb24727757095476d39017e4fca8 /wpa_supplicant/config_file.c
parent5acbf22bb0309d5b4f04157d5c86ff06d53839db (diff)
downloadhostap-ad51731abf06efb284d020578eb34e7b1daeb23e.zip
hostap-ad51731abf06efb284d020578eb34e7b1daeb23e.tar.gz
hostap-ad51731abf06efb284d020578eb34e7b1daeb23e.tar.bz2
wpa_supplicant: Allow pre-shared (CAK,CKN) pair for MKA
This enables configuring key_mgmt=NONE + mka_ckn + mka_cak. This allows wpa_supplicant to work in a peer-to-peer mode, where peers are authenticated by the pre-shared (CAK,CKN) pair. In this mode, peers can act as key server to distribute keys for the MACsec instances. This is what some MACsec switches support, and even without HW support, it's a convenient way to setup a network. Signed-off-by: Sabrina Dubroca <sd@queasysnail.net>
Diffstat (limited to 'wpa_supplicant/config_file.c')
-rw-r--r--wpa_supplicant/config_file.c36
1 files changed, 36 insertions, 0 deletions
diff --git a/wpa_supplicant/config_file.c b/wpa_supplicant/config_file.c
index 7ae1654..172508e 100644
--- a/wpa_supplicant/config_file.c
+++ b/wpa_supplicant/config_file.c
@@ -662,6 +662,40 @@ static void write_psk_list(FILE *f, struct wpa_ssid *ssid)
#endif /* CONFIG_P2P */
+#ifdef CONFIG_MACSEC
+
+static void write_mka_cak(FILE *f, struct wpa_ssid *ssid)
+{
+ char *value;
+
+ if (!(ssid->mka_psk_set & MKA_PSK_SET_CAK))
+ return;
+
+ value = wpa_config_get(ssid, "mka_cak");
+ if (!value)
+ return;
+ fprintf(f, "\tmka_cak=%s\n", value);
+ os_free(value);
+}
+
+
+static void write_mka_ckn(FILE *f, struct wpa_ssid *ssid)
+{
+ char *value;
+
+ if (!(ssid->mka_psk_set & MKA_PSK_SET_CKN))
+ return;
+
+ value = wpa_config_get(ssid, "mka_ckn");
+ if (!value)
+ return;
+ fprintf(f, "\tmka_ckn=%s\n", value);
+ os_free(value);
+}
+
+#endif /* CONFIG_MACSEC */
+
+
static void wpa_config_write_network(FILE *f, struct wpa_ssid *ssid)
{
int i;
@@ -772,6 +806,8 @@ static void wpa_config_write_network(FILE *f, struct wpa_ssid *ssid)
INT(beacon_int);
#ifdef CONFIG_MACSEC
INT(macsec_policy);
+ write_mka_cak(f, ssid);
+ write_mka_ckn(f, ssid);
#endif /* CONFIG_MACSEC */
#ifdef CONFIG_HS20
INT(update_identifier);