aboutsummaryrefslogtreecommitdiffstats
path: root/hostapd
diff options
context:
space:
mode:
authorJouni Malinen <j@w1.fi>2008-01-06 18:09:00 (GMT)
committerJouni Malinen <j@w1.fi>2008-01-06 18:09:00 (GMT)
commita0859cdf79cb99e866f72ba7b40ae49db9c69a91 (patch)
tree0697ed50e86535d71d14179fa9de0111843c96e8 /hostapd
parentae2b75a5e85cd0565e18ce94d88a14ea7412b7ef (diff)
downloadhostap-history-a0859cdf79cb99e866f72ba7b40ae49db9c69a91.zip
hostap-history-a0859cdf79cb99e866f72ba7b40ae49db9c69a91.tar.gz
hostap-history-a0859cdf79cb99e866f72ba7b40ae49db9c69a91.tar.bz2
WPS: Added Network Key configuration from hostapd to WPS
If wpa_psk_file is set, a random, per-device PSK is generated by WPS code and this PSK is appended (using a callback function) to the wpa_psk_file. Otherwise, the pre-configured PSK (or in case of WEP, the WEP key) is sent to Enrollees as the Network Key.
Diffstat (limited to 'hostapd')
-rw-r--r--hostapd/config.c2
-rw-r--r--hostapd/hostapd.c59
-rw-r--r--hostapd/hostapd.conf6
3 files changed, 65 insertions, 2 deletions
diff --git a/hostapd/config.c b/hostapd/config.c
index 95b864b..2d20d27 100644
--- a/hostapd/config.c
+++ b/hostapd/config.c
@@ -446,8 +446,6 @@ int hostapd_setup_wpa_psk(struct hostapd_bss_config *conf)
if (hostapd_config_read_wpa_psk(ssid->wpa_psk_file,
&conf->ssid))
return -1;
- os_free(ssid->wpa_psk_file);
- ssid->wpa_psk_file = NULL;
}
return 0;
diff --git a/hostapd/hostapd.c b/hostapd/hostapd.c
index 24f0c90..79391bd 100644
--- a/hostapd/hostapd.c
+++ b/hostapd/hostapd.c
@@ -1160,6 +1160,52 @@ static int hostapd_setup_radius_srv(struct hostapd_data *hapd,
#ifdef CONFIG_WPS
+static int hostapd_wps_new_psk_cb(void *ctx, const u8 *mac_addr, const u8 *psk,
+ size_t psk_len)
+{
+ struct hostapd_data *hapd = ctx;
+ struct hostapd_wpa_psk *p;
+ struct hostapd_ssid *ssid = &hapd->conf->ssid;
+
+ wpa_printf(MSG_DEBUG, "Received new WPA/WPA2-PSK from WPS for STA "
+ MACSTR, MAC2STR(mac_addr));
+ wpa_hexdump_key(MSG_DEBUG, "Per-device PSK", psk, psk_len);
+
+ if (psk_len != PMK_LEN) {
+ wpa_printf(MSG_DEBUG, "Unexpected PSK length %d", psk_len);
+ return -1;
+ }
+
+ /* Add the new PSK to runtime PSK list */
+ p = os_zalloc(sizeof(*p));
+ if (p == NULL)
+ return -1;
+ os_memcpy(p->addr, mac_addr, ETH_ALEN);
+ os_memcpy(p->psk, psk, PMK_LEN);
+
+ p->next = ssid->wpa_psk;
+ ssid->wpa_psk = p;
+
+ if (ssid->wpa_psk_file) {
+ FILE *f;
+ char hex[PMK_LEN * 2 + 1];
+ /* Add the new PSK to PSK list file */
+ f = fopen(ssid->wpa_psk_file, "a");
+ if (f == NULL) {
+ wpa_printf(MSG_DEBUG, "Failed to add the PSK to "
+ "'%s'", ssid->wpa_psk_file);
+ return -1;
+ }
+
+ wpa_snprintf_hex(hex, sizeof(hex), psk, psk_len);
+ fprintf(f, MACSTR " %s\n", MAC2STR(mac_addr), hex);
+ fclose(f);
+ }
+
+ return 0;
+}
+
+
static int hostapd_setup_wps(struct hostapd_data *hapd,
struct hostapd_bss_config *conf)
{
@@ -1212,6 +1258,19 @@ static int hostapd_setup_wps(struct hostapd_data *hapd,
cfg.encr_types |= WPS_ENCR_NONE;
}
+ if (conf->ssid.wpa_psk_file) {
+ /* Use per-device PSKs */
+ } else if (conf->ssid.wpa_psk) {
+ cfg.network_key = conf->ssid.wpa_psk->psk;
+ cfg.network_key_len = PMK_LEN;
+ } else if (conf->ssid.wep.keys_set && conf->ssid.wep.key[0]) {
+ cfg.network_key = conf->ssid.wep.key[0];
+ cfg.network_key_len = conf->ssid.wep.len[0];
+ }
+
+ cfg.new_psk_cb = hostapd_wps_new_psk_cb;
+ cfg.cb_ctx = hapd;
+
hapd->wps_registrar = wps_registrar_init(&cfg);
if (hapd->wps_registrar == NULL) {
printf("Failed to initialize WPS Registrar\n");
diff --git a/hostapd/hostapd.conf b/hostapd/hostapd.conf
index 7e520b9..c8eeaa1 100644
--- a/hostapd/hostapd.conf
+++ b/hostapd/hostapd.conf
@@ -773,6 +773,12 @@ own_ip_addr=127.0.0.1
# is also using UPnP, this value should be set to the device's UPnP UUID.
#uuid=12345678-9abc-def0-1234-56789abcdef0
+# Note: If wpa_psk_file is set, WPS is used to generate random, per-device PSKs
+# that will be appended to the wpa_psk_file. If wpa_psk_file is not set, the
+# default PSK (wpa_psk/wpa_passphrase) will be delivered to Enrollees. Use of
+# per-device PSKs is recommended as the more secure option (i.e., make sure to
+# set wpa_psk_file when using WPS with WPA-PSK).
+
# Multiple BSSID support
#