scottk/wlan-ap
1
0
Fork 0
mirror of https://github.com/Telecominfraproject/wlan-ap.git synced 2025-11-01 10:57:47 +00:00
Code Issues Packages Projects Releases 10 Wiki Activity

hostapd: enable FT-PSK for psk2-radius

Browse Source 
Signed-off-by: John Crispin <john@phrozen.org>
This commit is contained in:
John Crispin
2024-07-18 08:31:19 +02:00
parent a5b132fc72
commit 0a21b9d254
2 changed files with 38 additions and 19 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
feeds/ipq807x_v5.4/hostapd/files/hostapd.sh
View File

@@ -73,6 +73,10 @@ hostapd_append_wpa_key_mgmt() {
owe) owe)
append wpa_key_mgmt "OWE" append wpa_key_mgmt "OWE"
;; ;;
psk2-radius)
append wpa_key_mgmt "WPA-PSK-SHA256"
[ "${ieee80211r:-0}" -gt 0 ] && append wpa_key_mgmt "FT-PSK"
;;
esac esac
[ "$fils" -gt 0 ] && { [ "$fils" -gt 0 ] && {
@@ -405,7 +409,7 @@ hostapd_common_add_bss_config() {
config_add_boolean ieee80211r pmk_r1_push ft_psk_generate_local ft_over_ds config_add_boolean ieee80211r pmk_r1_push ft_psk_generate_local ft_over_ds
config_add_int r0_key_lifetime reassociation_deadline ft_l2_refresh config_add_int r0_key_lifetime reassociation_deadline ft_l2_refresh
config_add_string mobility_domain r1_key_holder config_add_string mobility_domain r1_key_holder ft_key
config_add_array r0kh r1kh config_add_array r0kh r1kh
config_add_int ieee80211w_max_timeout ieee80211w_retry_timeout config_add_int ieee80211w_max_timeout ieee80211w_retry_timeout
@@ -1014,7 +1018,7 @@ hostapd_set_bss_options() {
[ -n "$ft_l2_refresh" ] && append bss_conf "ft_l2_refresh=$ft_l2_refresh" "$N" [ -n "$ft_l2_refresh" ] && append bss_conf "ft_l2_refresh=$ft_l2_refresh" "$N"
if [ "$skip_kh_setup" -eq "0" ]; then if [ "$skip_kh_setup" -eq "0" ]; then
json_get_vars r0_key_lifetime r1_key_holder pmk_r1_push json_get_vars r0_key_lifetime r1_key_holder pmk_r1_push ft_key
json_get_values r0kh r0kh json_get_values r0kh r0kh
json_get_values r1kh r1kh json_get_values r1kh r1kh
@@ -1028,6 +1032,7 @@ hostapd_set_bss_options() {
set_default r1kh "00:00:00:00:00:00,00:00:00:00:00:00,$key" set_default r1kh "00:00:00:00:00:00,00:00:00:00:00:00,$key"
} }
[ -n "$ft_key" ] && append bss_conf "ft_key=$ft_key" "$N"
[ -n "$r1_key_holder" ] && append bss_conf "r1_key_holder=$r1_key_holder" "$N" [ -n "$r1_key_holder" ] && append bss_conf "r1_key_holder=$r1_key_holder" "$N"
append bss_conf "r0_key_lifetime=$r0_key_lifetime" "$N" append bss_conf "r0_key_lifetime=$r0_key_lifetime" "$N"
append bss_conf "pmk_r1_push=$pmk_r1_push" "$N" append bss_conf "pmk_r1_push=$pmk_r1_push" "$N"

48
feeds/ipq807x_v5.4/hostapd/patches/zzz-roaming-key.patch
View File

@@ -14,42 +14,56 @@
fclose(f); fclose(f);
- for (i = 0; i < conf->num_bss; i++) - for (i = 0; i < conf->num_bss; i++)
+#define _MACSTR "%02x%02x%02x%02x%02x%02x"
+ for (i = 0; i < conf->num_bss; i++) { + for (i = 0; i < conf->num_bss; i++) {
hostapd_set_security_params(conf->bss[i], 1);
+ if (*conf->bss[i]->ft_key) { + if (*conf->bss[i]->ft_key) {
+ u8 buffer[128]; + u8 buffer[128];
+ sprintf(buffer, MACSTR " " _MACSTR " %s", MAC2STR(conf->bss[i]->bssid), MAC2STR(conf->bss[i]->bssid), conf->bss[i]->ft_key); + sprintf(buffer, "%02X:%02X:%02X:%02X:%02X:%02X %02X%02X%02X%02X%02X%02X %s", MAC2STR(conf->bss[i]->bssid), MAC2STR(conf->bss[i]->bssid), conf->bss[i]->ft_key);
+ add_r0kh(conf->bss[i], buffer); + add_r0kh(conf->bss[i], buffer);
+ sprintf(buffer, "%02X:%02X:%02X:%02X:%02X:%02X %02X:%02X:%02X:%02X:%02X:%02X %s", MAC2STR(conf->bss[i]->bssid), MAC2STR(conf->bss[i]->bssid), conf->bss[i]->ft_key);
+ add_r1kh(conf->bss[i], buffer);
+ sprintf(buffer, "ff:ff:ff:ff:ff:ff * %s", conf->bss[i]->ft_key); + sprintf(buffer, "ff:ff:ff:ff:ff:ff * %s", conf->bss[i]->ft_key);
+ add_r0kh(conf->bss[i], buffer); + add_r0kh(conf->bss[i], buffer);
+ sprintf(buffer, MACSTR " " MACSTR " %s", MAC2STR(conf->bss[i]->bssid), MAC2STR(conf->bss[i]->bssid), conf->bss[i]->ft_key);
+ add_r1kh(conf->bss[i], buffer);
+ sprintf(buffer, "00:00:00:00:00:00 00:00:00:00:00:00 %s", conf->bss[i]->ft_key); + sprintf(buffer, "00:00:00:00:00:00 00:00:00:00:00:00 %s", conf->bss[i]->ft_key);
+ add_r1kh(conf->bss[i], buffer); + add_r1kh(conf->bss[i], buffer);
+ os_memcpy(conf->bss[i]->r1_key_holder, conf->bss[i]->bssid, 6); + hexstr2bin(conf->bss[i]->bssid, conf->bss[i]->r1_key_holder, FT_R1KH_ID_LEN);
+ conf->bss[i]->r0_key_holder_bssid = 1;
+ } + }
hostapd_set_security_params(conf->bss[i], 1);
+ } + }
if (hostapd_config_check(conf, 1)) if (hostapd_config_check(conf, 1))
errors++; errors++;
--- a/src/ap/wpa_auth.h
+++ b/src/ap/wpa_auth.h
@@ -221,6 +221,7 @@ struct wpa_auth_config {
int pmk_r1_push;
int ft_over_ds;
int ft_psk_generate_local;
+ u8 ft_key[33];
#endif /* CONFIG_IEEE80211R_AP */
int disable_gtk;
int ap_mlme;
--- a/src/ap/ap_config.h --- a/src/ap/ap_config.h
+++ b/src/ap/ap_config.h +++ b/src/ap/ap_config.h
@@ -403,6 +403,7 @@ struct hostapd_bss_config { @@ -403,6 +403,7 @@ struct hostapd_bss_config {
int ft_psk_generate_local; int ft_psk_generate_local;
int ft_l2_refresh; int ft_l2_refresh;
int r1_max_key_lifetime; int r1_max_key_lifetime;
+ u8 ft_key[33]; + u8 ft_key[65];
#endif /* CONFIG_IEEE80211R_AP */ #endif /* CONFIG_IEEE80211R_AP */
char *ctrl_interface; /* directory for UNIX domain sockets */ char *ctrl_interface; /* directory for UNIX domain sockets */
--- a/src/ap/ap_config.h
+++ b/src/ap/ap_config.h
@@ -390,6 +390,7 @@ struct hostapd_bss_config {
/* IEEE 802.11r - Fast BSS Transition */
u8 mobility_domain[MOBILITY_DOMAIN_ID_LEN];
u8 r1_key_holder[FT_R1KH_ID_LEN];
+ int r0_key_holder_bssid;
u32 r0_key_lifetime; /* PMK-R0 lifetime seconds */
int rkh_pos_timeout;
int rkh_neg_timeout;
--- a/src/ap/wpa_auth_glue.c
+++ b/src/ap/wpa_auth_glue.c
@@ -80,7 +80,10 @@ static void hostapd_wpa_auth_conf(struct
os_memcpy(wconf->ssid, conf->ssid.ssid, wconf->ssid_len);
os_memcpy(wconf->mobility_domain, conf->mobility_domain,
MOBILITY_DOMAIN_ID_LEN);
- if (conf->nas_identifier &&
+ if (conf->r0_key_holder_bssid) {
+ sprintf(wconf->r0_key_holder, "%02X%02X%02X%02X%02X%02X", MAC2STR(conf->bssid));
+ wconf->r0_key_holder_len = 12;
+ } else if (conf->nas_identifier &&
os_strlen(conf->nas_identifier) <= FT_R0KH_ID_MAX_LEN) {
wconf->r0_key_holder_len = os_strlen(conf->nas_identifier);
os_memcpy(wconf->r0_key_holder, conf->nas_identifier,