aboutsummaryrefslogtreecommitdiffstats
path: root/wpa_supplicant
diff options
context:
space:
mode:
authorJouni Malinen <jouni@qca.qualcomm.com>2017-10-08 13:39:08 (GMT)
committerJouni Malinen <j@w1.fi>2017-10-08 14:12:35 (GMT)
commitec9f4837746b142baf5021679e6b85aa607c6dd9 (patch)
tree8d58472eca8f89377b3be9f3e1f207c5a80d83ee /wpa_supplicant
parent7a12edd163ff0e50b9c89ce0407577da500299af (diff)
downloadhostap-ec9f4837746b142baf5021679e6b85aa607c6dd9.zip
hostap-ec9f4837746b142baf5021679e6b85aa607c6dd9.tar.gz
hostap-ec9f4837746b142baf5021679e6b85aa607c6dd9.tar.bz2
OWE: Support DH groups 20 (NIST P-384) and 21 (NIST P-521) in station
This extends OWE support in wpa_supplicant to allow DH groups 20 and 21 to be used in addition to the mandatory group 19 (NIST P-256). The group is configured using the new network profile parameter owe_group. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Diffstat (limited to 'wpa_supplicant')
-rw-r--r--wpa_supplicant/Android.mk5
-rw-r--r--wpa_supplicant/Makefile5
-rw-r--r--wpa_supplicant/config.c1
-rw-r--r--wpa_supplicant/config_file.c1
-rw-r--r--wpa_supplicant/config_ssid.h11
-rw-r--r--wpa_supplicant/sme.c5
6 files changed, 27 insertions, 1 deletions
diff --git a/wpa_supplicant/Android.mk b/wpa_supplicant/Android.mk
index 9e147e9..b6a9a33 100644
--- a/wpa_supplicant/Android.mk
+++ b/wpa_supplicant/Android.mk
@@ -263,6 +263,11 @@ ifdef CONFIG_OWE
L_CFLAGS += -DCONFIG_OWE
NEED_ECC=y
NEED_HMAC_SHA256_KDF=y
+NEED_HMAC_SHA384_KDF=y
+NEED_HMAC_SHA512_KDF=y
+NEED_SHA256=y
+NEED_SHA384=y
+NEED_SHA512=y
endif
ifdef CONFIG_FILS
diff --git a/wpa_supplicant/Makefile b/wpa_supplicant/Makefile
index b62b898..0ae9eff 100644
--- a/wpa_supplicant/Makefile
+++ b/wpa_supplicant/Makefile
@@ -296,6 +296,11 @@ ifdef CONFIG_OWE
CFLAGS += -DCONFIG_OWE
NEED_ECC=y
NEED_HMAC_SHA256_KDF=y
+NEED_HMAC_SHA384_KDF=y
+NEED_HMAC_SHA512_KDF=y
+NEED_SHA256=y
+NEED_SHA384=y
+NEED_SHA512=y
endif
ifdef CONFIG_FILS
diff --git a/wpa_supplicant/config.c b/wpa_supplicant/config.c
index bf3defb..79f36b9 100644
--- a/wpa_supplicant/config.c
+++ b/wpa_supplicant/config.c
@@ -2281,6 +2281,7 @@ static const struct parse_data ssid_fields[] = {
{ STR_LEN(dpp_csign) },
{ INT(dpp_csign_expiry) },
#endif /* CONFIG_DPP */
+ { INT_RANGE(owe_group, 0, 65535) },
};
#undef OFFSET
diff --git a/wpa_supplicant/config_file.c b/wpa_supplicant/config_file.c
index 3b351e8..b2f760a 100644
--- a/wpa_supplicant/config_file.c
+++ b/wpa_supplicant/config_file.c
@@ -873,6 +873,7 @@ static void wpa_config_write_network(FILE *f, struct wpa_ssid *ssid)
STR(dpp_csign);
INT(dpp_csign_expiry);
#endif /* CONFIG_DPP */
+ INT(owe_group);
#ifdef CONFIG_HT_OVERRIDES
INT_DEF(disable_ht, DEFAULT_DISABLE_HT);
INT_DEF(disable_ht40, DEFAULT_DISABLE_HT40);
diff --git a/wpa_supplicant/config_ssid.h b/wpa_supplicant/config_ssid.h
index 737ef42..120218f 100644
--- a/wpa_supplicant/config_ssid.h
+++ b/wpa_supplicant/config_ssid.h
@@ -893,6 +893,17 @@ struct wpa_ssid {
* 0 indicates no expiration.
*/
unsigned int dpp_csign_expiry;
+
+ /**
+ * owe_group - OWE DH Group
+ *
+ * 0 = use default (19)
+ * 1-65535 DH Group to use for OWE
+ *
+ * Groups 19 (NIST P-256), 20 (NIST P-384), and 21 (NIST P-521) are
+ * currently supported.
+ */
+ int owe_group;
};
#endif /* CONFIG_SSID_H */
diff --git a/wpa_supplicant/sme.c b/wpa_supplicant/sme.c
index a92fb45..4023026 100644
--- a/wpa_supplicant/sme.c
+++ b/wpa_supplicant/sme.c
@@ -1195,8 +1195,11 @@ void sme_associate(struct wpa_supplicant *wpa_s, enum wpas_mode mode,
if (auth_type == WLAN_AUTH_OPEN &&
wpa_s->key_mgmt == WPA_KEY_MGMT_OWE) {
struct wpabuf *owe_ie;
+ u16 group = OWE_DH_GROUP;
- owe_ie = owe_build_assoc_req(wpa_s->wpa);
+ if (wpa_s->current_ssid && wpa_s->current_ssid->owe_group)
+ group = wpa_s->current_ssid->owe_group;
+ owe_ie = owe_build_assoc_req(wpa_s->wpa, group);
if (!owe_ie) {
wpa_printf(MSG_ERROR,
"OWE: Failed to build IE for Association Request frame");