aboutsummaryrefslogtreecommitdiffstats
path: root/hostapd/config_file.c
diff options
context:
space:
mode:
authorJouni Malinen <jouni@codeaurora.org>2018-05-19 14:28:01 (GMT)
committerJouni Malinen <j@w1.fi>2018-05-19 14:30:29 (GMT)
commit9be19d0b9c4e4948e70fbfeb9076d30af9d0071f (patch)
tree21ed8486d3cf56ec80bf1877c023b621ec9008e2 /hostapd/config_file.c
parentd6a65a83fb61c855e9c776e3f89278ed8b214535 (diff)
downloadhostap-9be19d0b9c4e4948e70fbfeb9076d30af9d0071f.zip
hostap-9be19d0b9c4e4948e70fbfeb9076d30af9d0071f.tar.gz
hostap-9be19d0b9c4e4948e70fbfeb9076d30af9d0071f.tar.bz2
SAE: Add support for using the optional Password Identifier
This extends the SAE implementation in both infrastructure and mesh BSS cases to allow an optional Password Identifier to be used. This uses the mechanism added in P802.11REVmd/D1.0. The Password Identifier is configured in a wpa_supplicant network profile as a new string parameter sae_password_id. In hostapd configuration, the existing sae_password parameter has been extended to allow the password identifier (and also a peer MAC address) to be set. In addition, multiple sae_password entries can now be provided to hostapd to allow multiple per-peer and per-identifier passwords to be set. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Diffstat (limited to 'hostapd/config_file.c')
-rw-r--r--hostapd/config_file.c64
1 files changed, 62 insertions, 2 deletions
diff --git a/hostapd/config_file.c b/hostapd/config_file.c
index 151b9fc..502ea3d 100644
--- a/hostapd/config_file.c
+++ b/hostapd/config_file.c
@@ -2169,6 +2169,61 @@ static unsigned int parse_tls_flags(const char *val)
#endif /* EAP_SERVER */
+#ifdef CONFIG_SAE
+static int parse_sae_password(struct hostapd_bss_config *bss, const char *val)
+{
+ struct sae_password_entry *pw;
+ const char *pos = val, *pos2, *end = NULL;
+
+ pw = os_zalloc(sizeof(*pw));
+ if (!pw)
+ return -1;
+ os_memset(pw->peer_addr, 0xff, ETH_ALEN); /* default to wildcard */
+
+ pos2 = os_strstr(pos, "|mac=");
+ if (pos2) {
+ end = pos2;
+ pos2 += 5;
+ if (hwaddr_aton(pos2, pw->peer_addr) < 0)
+ goto fail;
+ pos = pos2 + ETH_ALEN * 3 - 1;
+ }
+
+ pos2 = os_strstr(pos, "|id=");
+ if (pos2) {
+ if (!end)
+ end = pos2;
+ pos2 += 4;
+ pw->identifier = os_strdup(pos2);
+ if (!pw->identifier)
+ goto fail;
+ }
+
+ if (!end) {
+ pw->password = os_strdup(val);
+ if (!pw->password)
+ goto fail;
+ } else {
+ pw->password = os_malloc(end - val + 1);
+ if (!pw->password)
+ goto fail;
+ os_memcpy(pw->password, val, end - val);
+ pw->password[end - val] = '\0';
+ }
+
+ pw->next = bss->sae_passwords;
+ bss->sae_passwords = pw;
+
+ return 0;
+fail:
+ str_clear_free(pw->password);
+ os_free(pw->identifier);
+ os_free(pw);
+ return -1;
+}
+#endif /* CONFIG_SAE */
+
+
static int hostapd_config_fill(struct hostapd_config *conf,
struct hostapd_bss_config *bss,
const char *buf, char *pos, int line)
@@ -3727,9 +3782,14 @@ static int hostapd_config_fill(struct hostapd_config *conf,
} else if (os_strcmp(buf, "sae_commit_override") == 0) {
wpabuf_free(bss->sae_commit_override);
bss->sae_commit_override = wpabuf_parse_bin(pos);
+#ifdef CONFIG_SAE
} else if (os_strcmp(buf, "sae_password") == 0) {
- os_free(bss->sae_password);
- bss->sae_password = os_strdup(pos);
+ if (parse_sae_password(bss, pos) < 0) {
+ wpa_printf(MSG_ERROR, "Line %d: Invalid sae_password",
+ line);
+ return 1;
+ }
+#endif /* CONFIG_SAE */
#endif /* CONFIG_TESTING_OPTIONS */
} else if (os_strcmp(buf, "vendor_elements") == 0) {
if (parse_wpabuf_hex(line, buf, &bss->vendor_elements, pos))