aboutsummaryrefslogtreecommitdiffstats
path: root/wpa_supplicant/config_ssid.h
diff options
context:
space:
mode:
authorSabrina Dubroca <sd@queasysnail.net>2016-11-02 15:38:35 (GMT)
committerJouni Malinen <j@w1.fi>2016-11-19 22:35:08 (GMT)
commitad51731abf06efb284d020578eb34e7b1daeb23e (patch)
tree35218421991dfb24727757095476d39017e4fca8 /wpa_supplicant/config_ssid.h
parent5acbf22bb0309d5b4f04157d5c86ff06d53839db (diff)
downloadhostap-ad51731abf06efb284d020578eb34e7b1daeb23e.zip
hostap-ad51731abf06efb284d020578eb34e7b1daeb23e.tar.gz
hostap-ad51731abf06efb284d020578eb34e7b1daeb23e.tar.bz2
wpa_supplicant: Allow pre-shared (CAK,CKN) pair for MKA
This enables configuring key_mgmt=NONE + mka_ckn + mka_cak. This allows wpa_supplicant to work in a peer-to-peer mode, where peers are authenticated by the pre-shared (CAK,CKN) pair. In this mode, peers can act as key server to distribute keys for the MACsec instances. This is what some MACsec switches support, and even without HW support, it's a convenient way to setup a network. Signed-off-by: Sabrina Dubroca <sd@queasysnail.net>
Diffstat (limited to 'wpa_supplicant/config_ssid.h')
-rw-r--r--wpa_supplicant/config_ssid.h20
1 files changed, 20 insertions, 0 deletions
diff --git a/wpa_supplicant/config_ssid.h b/wpa_supplicant/config_ssid.h
index 010b594..a530cda 100644
--- a/wpa_supplicant/config_ssid.h
+++ b/wpa_supplicant/config_ssid.h
@@ -728,6 +728,26 @@ struct wpa_ssid {
* determine whether to use a secure session or not.
*/
int macsec_policy;
+
+ /**
+ * mka_ckn - MKA pre-shared CKN
+ */
+#define MACSEC_CKN_LEN 32
+ u8 mka_ckn[MACSEC_CKN_LEN];
+
+ /**
+ * mka_cak - MKA pre-shared CAK
+ */
+#define MACSEC_CAK_LEN 16
+ u8 mka_cak[MACSEC_CAK_LEN];
+
+#define MKA_PSK_SET_CKN BIT(0)
+#define MKA_PSK_SET_CAK BIT(1)
+#define MKA_PSK_SET (MKA_PSK_SET_CKN | MKA_PSK_SET_CAK)
+ /**
+ * mka_psk_set - Whether mka_ckn and mka_cak are set
+ */
+ u8 mka_psk_set;
#endif /* CONFIG_MACSEC */
#ifdef CONFIG_HS20