aboutsummaryrefslogtreecommitdiffstats
path: root/wpa_supplicant
diff options
context:
space:
mode:
authorSabrina Dubroca <sd@queasysnail.net>2016-11-02 15:38:39 (GMT)
committerJouni Malinen <j@w1.fi>2016-11-19 22:35:31 (GMT)
commite0d9fd344d20bb35efcd5c37ece0a5d67632439d (patch)
tree47cd6cf33f914ebaaccf2d8c7829d9c4f22f7c5c /wpa_supplicant
parent1d3d0666a6ed345da39886426c4416a4debfd094 (diff)
downloadhostap-e0d9fd344d20bb35efcd5c37ece0a5d67632439d.zip
hostap-e0d9fd344d20bb35efcd5c37ece0a5d67632439d.tar.gz
hostap-e0d9fd344d20bb35efcd5c37ece0a5d67632439d.tar.bz2
wpa_supplicant: Allow configuring the MACsec port for MKA
Previously, wpa_supplicant only supported hardcoded port == 1 in the SCI, but users may want to choose a different port. Signed-off-by: Sabrina Dubroca <sd@queasysnail.net>
Diffstat (limited to 'wpa_supplicant')
-rw-r--r--wpa_supplicant/config.c1
-rw-r--r--wpa_supplicant/config_file.c1
-rw-r--r--wpa_supplicant/config_ssid.h9
-rw-r--r--wpa_supplicant/wpa_cli.c1
-rw-r--r--wpa_supplicant/wpa_supplicant.conf4
-rw-r--r--wpa_supplicant/wpas_kay.c4
6 files changed, 18 insertions, 2 deletions
diff --git a/wpa_supplicant/config.c b/wpa_supplicant/config.c
index afb631e..2120a6e 100644
--- a/wpa_supplicant/config.c
+++ b/wpa_supplicant/config.c
@@ -2126,6 +2126,7 @@ static const struct parse_data ssid_fields[] = {
#ifdef CONFIG_MACSEC
{ INT_RANGE(macsec_policy, 0, 1) },
{ INT_RANGE(macsec_integ_only, 0, 1) },
+ { INT_RANGE(macsec_port, 1, 65534) },
{ FUNC_KEY(mka_cak) },
{ FUNC_KEY(mka_ckn) },
#endif /* CONFIG_MACSEC */
diff --git a/wpa_supplicant/config_file.c b/wpa_supplicant/config_file.c
index f605fa9..2e3d57e 100644
--- a/wpa_supplicant/config_file.c
+++ b/wpa_supplicant/config_file.c
@@ -809,6 +809,7 @@ static void wpa_config_write_network(FILE *f, struct wpa_ssid *ssid)
write_mka_cak(f, ssid);
write_mka_ckn(f, ssid);
INT(macsec_integ_only);
+ INT(macsec_port);
#endif /* CONFIG_MACSEC */
#ifdef CONFIG_HS20
INT(update_identifier);
diff --git a/wpa_supplicant/config_ssid.h b/wpa_supplicant/config_ssid.h
index b8c3192..fe0f7fa 100644
--- a/wpa_supplicant/config_ssid.h
+++ b/wpa_supplicant/config_ssid.h
@@ -742,6 +742,15 @@ struct wpa_ssid {
int macsec_integ_only;
/**
+ * macsec_port - MACsec port (in SCI)
+ *
+ * Port component of the SCI.
+ *
+ * Range: 1-65534 (default: 1)
+ */
+ int macsec_port;
+
+ /**
* mka_ckn - MKA pre-shared CKN
*/
#define MACSEC_CKN_LEN 32
diff --git a/wpa_supplicant/wpa_cli.c b/wpa_supplicant/wpa_cli.c
index aed95e6..f11028a 100644
--- a/wpa_supplicant/wpa_cli.c
+++ b/wpa_supplicant/wpa_cli.c
@@ -1391,6 +1391,7 @@ static const char *network_fields[] = {
#ifdef CONFIG_MACSEC
"macsec_policy",
"macsec_integ_only",
+ "macsec_port",
#endif /* CONFIG_MACSEC */
#ifdef CONFIG_HS20
"update_identifier",
diff --git a/wpa_supplicant/wpa_supplicant.conf b/wpa_supplicant/wpa_supplicant.conf
index b23c5e6..82aa24e 100644
--- a/wpa_supplicant/wpa_supplicant.conf
+++ b/wpa_supplicant/wpa_supplicant.conf
@@ -899,6 +899,10 @@ fast_reauth=1
# 0: Encrypt traffic (default)
# 1: Integrity only
#
+# macsec_port: IEEE 802.1X/MACsec port
+# Port component of the SCI
+# Range: 1-65534 (default: 1)
+#
# mka_cak and mka_ckn: IEEE 802.1X/MACsec pre-shared authentication mode
# This allows to configure MACsec with a pre-shared key using a (CAK,CKN) pair.
# In this mode, instances of wpa_supplicant can act as peers, one of
diff --git a/wpa_supplicant/wpas_kay.c b/wpa_supplicant/wpas_kay.c
index 2ff4895..d3fefda 100644
--- a/wpa_supplicant/wpas_kay.c
+++ b/wpa_supplicant/wpas_kay.c
@@ -232,8 +232,8 @@ int ieee802_1x_alloc_kay_sm(struct wpa_supplicant *wpa_s, struct wpa_ssid *ssid)
kay_ctx->enable_transmit_sa = wpas_enable_transmit_sa;
kay_ctx->disable_transmit_sa = wpas_disable_transmit_sa;
- res = ieee802_1x_kay_init(kay_ctx, policy, wpa_s->ifname,
- wpa_s->own_addr);
+ res = ieee802_1x_kay_init(kay_ctx, policy, ssid->macsec_port,
+ wpa_s->ifname, wpa_s->own_addr);
if (res == NULL) {
os_free(kay_ctx);
return -1;