mirror of
https://github.com/Telecominfraproject/wlan-ap.git
synced 2025-10-29 09:32:34 +00:00
hostapd: enable FT-PSK for psk2-radius
Signed-off-by: John Crispin <john@phrozen.org>
This commit is contained in:
John Crispin
@@ -73,6 +73,10 @@ hostapd_append_wpa_key_mgmt() {
|
||||
owe)
|
||||
append wpa_key_mgmt "OWE"
|
||||
;;
|
||||
psk2-radius)
|
||||
append wpa_key_mgmt "WPA-PSK-SHA256"
|
||||
[ "${ieee80211r:-0}" -gt 0 ] && append wpa_key_mgmt "FT-PSK"
|
||||
;;
|
||||
esac
|
||||
|
||||
[ "$fils" -gt 0 ] && {
|
||||
@@ -405,7 +409,7 @@ hostapd_common_add_bss_config() {
|
||||
|
||||
config_add_boolean ieee80211r pmk_r1_push ft_psk_generate_local ft_over_ds
|
||||
config_add_int r0_key_lifetime reassociation_deadline ft_l2_refresh
|
||||
config_add_string mobility_domain r1_key_holder
|
||||
config_add_string mobility_domain r1_key_holder ft_key
|
||||
config_add_array r0kh r1kh
|
||||
|
||||
config_add_int ieee80211w_max_timeout ieee80211w_retry_timeout
|
||||
@@ -1014,7 +1018,7 @@ hostapd_set_bss_options() {
|
||||
[ -n "$ft_l2_refresh" ] && append bss_conf "ft_l2_refresh=$ft_l2_refresh" "$N"
|
||||
|
||||
if [ "$skip_kh_setup" -eq "0" ]; then
|
||||
json_get_vars r0_key_lifetime r1_key_holder pmk_r1_push
|
||||
json_get_vars r0_key_lifetime r1_key_holder pmk_r1_push ft_key
|
||||
json_get_values r0kh r0kh
|
||||
json_get_values r1kh r1kh
|
||||
|
||||
@@ -1028,6 +1032,7 @@ hostapd_set_bss_options() {
|
||||
set_default r1kh "00:00:00:00:00:00,00:00:00:00:00:00,$key"
|
||||
}
|
||||
|
||||
[ -n "$ft_key" ] && append bss_conf "ft_key=$ft_key" "$N"
|
||||
[ -n "$r1_key_holder" ] && append bss_conf "r1_key_holder=$r1_key_holder" "$N"
|
||||
append bss_conf "r0_key_lifetime=$r0_key_lifetime" "$N"
|
||||
append bss_conf "pmk_r1_push=$pmk_r1_push" "$N"
|
||||
|
||||
@@ -14,42 +14,56 @@
|
||||
fclose(f);
|
||||
|
||||
- for (i = 0; i < conf->num_bss; i++)
|
||||
+#define _MACSTR "%02x%02x%02x%02x%02x%02x"
|
||||
+ for (i = 0; i < conf->num_bss; i++) {
|
||||
hostapd_set_security_params(conf->bss[i], 1);
|
||||
+ if (*conf->bss[i]->ft_key) {
|
||||
+ u8 buffer[128];
|
||||
+ sprintf(buffer, MACSTR " " _MACSTR " %s", MAC2STR(conf->bss[i]->bssid), MAC2STR(conf->bss[i]->bssid), conf->bss[i]->ft_key);
|
||||
+ sprintf(buffer, "%02X:%02X:%02X:%02X:%02X:%02X %02X%02X%02X%02X%02X%02X %s", MAC2STR(conf->bss[i]->bssid), MAC2STR(conf->bss[i]->bssid), conf->bss[i]->ft_key);
|
||||
+ add_r0kh(conf->bss[i], buffer);
|
||||
+ sprintf(buffer, "%02X:%02X:%02X:%02X:%02X:%02X %02X:%02X:%02X:%02X:%02X:%02X %s", MAC2STR(conf->bss[i]->bssid), MAC2STR(conf->bss[i]->bssid), conf->bss[i]->ft_key);
|
||||
+ add_r1kh(conf->bss[i], buffer);
|
||||
+ sprintf(buffer, "ff:ff:ff:ff:ff:ff * %s", conf->bss[i]->ft_key);
|
||||
+ add_r0kh(conf->bss[i], buffer);
|
||||
+ sprintf(buffer, MACSTR " " MACSTR " %s", MAC2STR(conf->bss[i]->bssid), MAC2STR(conf->bss[i]->bssid), conf->bss[i]->ft_key);
|
||||
+ add_r1kh(conf->bss[i], buffer);
|
||||
+ sprintf(buffer, "00:00:00:00:00:00 00:00:00:00:00:00 %s", conf->bss[i]->ft_key);
|
||||
+ add_r1kh(conf->bss[i], buffer);
|
||||
+ os_memcpy(conf->bss[i]->r1_key_holder, conf->bss[i]->bssid, 6);
|
||||
+ hexstr2bin(conf->bss[i]->bssid, conf->bss[i]->r1_key_holder, FT_R1KH_ID_LEN);
|
||||
+ conf->bss[i]->r0_key_holder_bssid = 1;
|
||||
+ }
|
||||
hostapd_set_security_params(conf->bss[i], 1);
|
||||
+ }
|
||||
|
||||
if (hostapd_config_check(conf, 1))
|
||||
errors++;
|
||||
--- a/src/ap/wpa_auth.h
|
||||
+++ b/src/ap/wpa_auth.h
|
||||
@@ -221,6 +221,7 @@ struct wpa_auth_config {
|
||||
int pmk_r1_push;
|
||||
int ft_over_ds;
|
||||
int ft_psk_generate_local;
|
||||
+ u8 ft_key[33];
|
||||
#endif /* CONFIG_IEEE80211R_AP */
|
||||
int disable_gtk;
|
||||
int ap_mlme;
|
||||
--- a/src/ap/ap_config.h
|
||||
+++ b/src/ap/ap_config.h
|
||||
@@ -403,6 +403,7 @@ struct hostapd_bss_config {
|
||||
int ft_psk_generate_local;
|
||||
int ft_l2_refresh;
|
||||
int r1_max_key_lifetime;
|
||||
+ u8 ft_key[33];
|
||||
+ u8 ft_key[65];
|
||||
#endif /* CONFIG_IEEE80211R_AP */
|
||||
|
||||
char *ctrl_interface; /* directory for UNIX domain sockets */
|
||||
--- a/src/ap/ap_config.h
|
||||
+++ b/src/ap/ap_config.h
|
||||
@@ -390,6 +390,7 @@ struct hostapd_bss_config {
|
||||
/* IEEE 802.11r - Fast BSS Transition */
|
||||
u8 mobility_domain[MOBILITY_DOMAIN_ID_LEN];
|
||||
u8 r1_key_holder[FT_R1KH_ID_LEN];
|
||||
+ int r0_key_holder_bssid;
|
||||
u32 r0_key_lifetime; /* PMK-R0 lifetime seconds */
|
||||
int rkh_pos_timeout;
|
||||
int rkh_neg_timeout;
|
||||
--- a/src/ap/wpa_auth_glue.c
|
||||
+++ b/src/ap/wpa_auth_glue.c
|
||||
@@ -80,7 +80,10 @@ static void hostapd_wpa_auth_conf(struct
|
||||
os_memcpy(wconf->ssid, conf->ssid.ssid, wconf->ssid_len);
|
||||
os_memcpy(wconf->mobility_domain, conf->mobility_domain,
|
||||
MOBILITY_DOMAIN_ID_LEN);
|
||||
- if (conf->nas_identifier &&
|
||||
+ if (conf->r0_key_holder_bssid) {
|
||||
+ sprintf(wconf->r0_key_holder, "%02X%02X%02X%02X%02X%02X", MAC2STR(conf->bssid));
|
||||
+ wconf->r0_key_holder_len = 12;
|
||||
+ } else if (conf->nas_identifier &&
|
||||
os_strlen(conf->nas_identifier) <= FT_R0KH_ID_MAX_LEN) {
|
||||
wconf->r0_key_holder_len = os_strlen(conf->nas_identifier);
|
||||
os_memcpy(wconf->r0_key_holder, conf->nas_identifier,
|
||||
|
||||
Reference in New Issue
Block a user