From b3b1b1307e98862f348c0f65a9eaa66eefa22e96 Mon Sep 17 00:00:00 2001 From: Arif Alam Date: Fri, 11 Jun 2021 17:02:00 -0400 Subject: [PATCH] WIFI-2087: WPA3-Enterprise 192-Bit support Configure SUITE-B-192, BIP-GMAC-256 and GCMP-256. Signed-off-by: Arif Alam --- feeds/wifi-ax/hostapd/files/hostapd.sh | 10 +++++++++- feeds/wifi-trunk/hostapd/files/hostapd.sh | 10 +++++++++- .../src/platform/openwrt/src/lib/target/inc/vif.h | 1 + .../src/platform/openwrt/src/lib/target/src/vif.c | 1 + 4 files changed, 20 insertions(+), 2 deletions(-) diff --git a/feeds/wifi-ax/hostapd/files/hostapd.sh b/feeds/wifi-ax/hostapd/files/hostapd.sh index 8bdeb5d18..fed959f09 100644 --- a/feeds/wifi-ax/hostapd/files/hostapd.sh +++ b/feeds/wifi-ax/hostapd/files/hostapd.sh @@ -847,7 +847,15 @@ hostapd_set_bss_options() { json_get_vars ieee80211w_mgmt_cipher ieee80211w_max_timeout ieee80211w_retry_timeout append bss_conf "ieee80211w=$ieee80211w" "$N" [ "$ieee80211w" -gt "0" ] && { - append bss_conf "group_mgmt_cipher=${ieee80211w_mgmt_cipher:-AES-128-CMAC}" "$N" + case "$auth_type" in + eap192) + append bss_conf "group_mgmt_cipher=BIP-GMAC-256" "$N" + append bss_conf "group_cipher=GCMP-256" "$N" + ;; + *) + append bss_conf "group_mgmt_cipher=${ieee80211w_mgmt_cipher:-AES-128-CMAC}" "$N" + ;; + esac [ -n "$ieee80211w_max_timeout" ] && \ append bss_conf "assoc_sa_query_max_timeout=$ieee80211w_max_timeout" "$N" [ -n "$ieee80211w_retry_timeout" ] && \ diff --git a/feeds/wifi-trunk/hostapd/files/hostapd.sh b/feeds/wifi-trunk/hostapd/files/hostapd.sh index 142e7bda1..970bd435e 100644 --- a/feeds/wifi-trunk/hostapd/files/hostapd.sh +++ b/feeds/wifi-trunk/hostapd/files/hostapd.sh @@ -810,7 +810,15 @@ hostapd_set_bss_options() { json_get_vars ieee80211w_mgmt_cipher ieee80211w_max_timeout ieee80211w_retry_timeout append bss_conf "ieee80211w=$ieee80211w" "$N" [ "$ieee80211w" -gt "0" ] && { - append bss_conf "group_mgmt_cipher=${ieee80211w_mgmt_cipher:-AES-128-CMAC}" "$N" + case "$auth_type" in + eap192) + append bss_conf "group_mgmt_cipher=BIP-GMAC-256" "$N" + append bss_conf "group_cipher=GCMP-256" "$N" + ;; + *) + append bss_conf "group_mgmt_cipher=${ieee80211w_mgmt_cipher:-AES-128-CMAC}" "$N" + ;; + esac [ -n "$ieee80211w_max_timeout" ] && \ append bss_conf "assoc_sa_query_max_timeout=$ieee80211w_max_timeout" "$N" [ -n "$ieee80211w_retry_timeout" ] && \ diff --git a/feeds/wlan-ap/opensync/src/platform/openwrt/src/lib/target/inc/vif.h b/feeds/wlan-ap/opensync/src/platform/openwrt/src/lib/target/inc/vif.h index b9a30e1f8..42873aeb3 100644 --- a/feeds/wlan-ap/opensync/src/platform/openwrt/src/lib/target/inc/vif.h +++ b/feeds/wlan-ap/opensync/src/platform/openwrt/src/lib/target/inc/vif.h @@ -19,6 +19,7 @@ #define OVSDB_SECURITY_ENCRYPTION_WPA_SAE "WPA-SAE" #define OVSDB_SECURITY_ENCRYPTION_WPA_EAP "WPA-EAP" #define OVSDB_SECURITY_ENCRYPTION_WPA3_EAP "WPA3-EAP" +#define OVSDB_SECURITY_ENCRYPTION_WPA3_EAP_192 "WPA3-EAP-192" #define OVSDB_SECURITY_RADIUS_SERVER_IP "radius_server_ip" #define OVSDB_SECURITY_RADIUS_SERVER_PORT "radius_server_port" #define OVSDB_SECURITY_RADIUS_SERVER_SECRET "radius_server_secret" diff --git a/feeds/wlan-ap/opensync/src/platform/openwrt/src/lib/target/src/vif.c b/feeds/wlan-ap/opensync/src/platform/openwrt/src/lib/target/src/vif.c index fb2e1051a..5904477fd 100755 --- a/feeds/wlan-ap/opensync/src/platform/openwrt/src/lib/target/src/vif.c +++ b/feeds/wlan-ap/opensync/src/platform/openwrt/src/lib/target/src/vif.c @@ -322,6 +322,7 @@ static struct vif_crypto { { "sae-mixed", OVSDB_SECURITY_ENCRYPTION_WPA_SAE, OVSDB_SECURITY_MODE_MIXED, 0 }, { "wpa3-only", OVSDB_SECURITY_ENCRYPTION_WPA3_EAP, OVSDB_SECURITY_MODE_WPA3, 1 }, { "wpa3-mixed", OVSDB_SECURITY_ENCRYPTION_WPA3_EAP, OVSDB_SECURITY_MODE_MIXED, 1 }, + { "wpa3", OVSDB_SECURITY_ENCRYPTION_WPA3_EAP_192, OVSDB_SECURITY_MODE_WPA3, 1 }, }; extern ovsdb_table_t table_APC_State;