mirror of
https://github.com/openwrt/openwrt.git
synced 2024-11-30 13:26:20 +08:00
hostapd: Add WPA-EAP-SUITE-B-192 (WPA3-Enterprise)
This adds support for the WPA3-Enterprise mode authentication. The settings for the WPA3-Enterpriese mode are defined in WPA3_Specification_v1.0.pdf. This mode also requires ieee80211w and guarantees at least 192 bit of security. This does not increase the ipkg size by a significant size. Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
This commit is contained in:
parent
18c6c93a3b
commit
4c3fae4adc
@ -97,11 +97,11 @@ endif
|
|||||||
|
|
||||||
ifeq ($(LOCAL_VARIANT),full)
|
ifeq ($(LOCAL_VARIANT),full)
|
||||||
ifeq ($(SSL_VARIANT),openssl)
|
ifeq ($(SSL_VARIANT),openssl)
|
||||||
DRIVER_MAKEOPTS += CONFIG_TLS=openssl CONFIG_SAE=y CONFIG_OWE=y
|
DRIVER_MAKEOPTS += CONFIG_TLS=openssl CONFIG_SAE=y CONFIG_OWE=y CONFIG_SUITEB192=y
|
||||||
TARGET_LDFLAGS += -lcrypto -lssl
|
TARGET_LDFLAGS += -lcrypto -lssl
|
||||||
endif
|
endif
|
||||||
ifeq ($(SSL_VARIANT),wolfssl)
|
ifeq ($(SSL_VARIANT),wolfssl)
|
||||||
DRIVER_MAKEOPTS += CONFIG_TLS=wolfssl CONFIG_WPS_NFC=1 CONFIG_SAE=y CONFIG_OWE=y
|
DRIVER_MAKEOPTS += CONFIG_TLS=wolfssl CONFIG_WPS_NFC=1 CONFIG_SAE=y CONFIG_OWE=y CONFIG_SUITEB192=y
|
||||||
TARGET_LDFLAGS += -lwolfssl
|
TARGET_LDFLAGS += -lwolfssl
|
||||||
endif
|
endif
|
||||||
endif
|
endif
|
||||||
|
@ -45,6 +45,15 @@ hostapd_append_wpa_key_mgmt() {
|
|||||||
[ "${ieee80211r:-0}" -gt 0 ] && append wpa_key_mgmt "FT-${auth_type_l}"
|
[ "${ieee80211r:-0}" -gt 0 ] && append wpa_key_mgmt "FT-${auth_type_l}"
|
||||||
[ "${ieee80211w:-0}" -gt 0 ] && append wpa_key_mgmt "WPA-${auth_type_l}-SHA256"
|
[ "${ieee80211w:-0}" -gt 0 ] && append wpa_key_mgmt "WPA-${auth_type_l}-SHA256"
|
||||||
;;
|
;;
|
||||||
|
eap192)
|
||||||
|
append wpa_key_mgmt "WPA-EAP-SUITE-B-192"
|
||||||
|
;;
|
||||||
|
eap-eap192)
|
||||||
|
append wpa_key_mgmt "WPA-EAP-SUITE-B-192"
|
||||||
|
append wpa_key_mgmt "WPA-EAP"
|
||||||
|
[ "${ieee80211r:-0}" -gt 0 ] && append wpa_key_mgmt "FT-EAP"
|
||||||
|
[ "${ieee80211w:-0}" -gt 0 ] && append wpa_key_mgmt "WPA-EAP-SHA256"
|
||||||
|
;;
|
||||||
sae)
|
sae)
|
||||||
append wpa_key_mgmt "SAE"
|
append wpa_key_mgmt "SAE"
|
||||||
[ "${ieee80211r:-0}" -gt 0 ] && append wpa_key_mgmt "FT-SAE"
|
[ "${ieee80211r:-0}" -gt 0 ] && append wpa_key_mgmt "FT-SAE"
|
||||||
@ -307,7 +316,7 @@ hostapd_set_bss_options() {
|
|||||||
}
|
}
|
||||||
|
|
||||||
case "$auth_type" in
|
case "$auth_type" in
|
||||||
sae|owe)
|
sae|owe|eap192|eap-eap192)
|
||||||
set_default ieee80211w 2
|
set_default ieee80211w 2
|
||||||
set_default sae_require_mfp 1
|
set_default sae_require_mfp 1
|
||||||
;;
|
;;
|
||||||
@ -350,7 +359,7 @@ hostapd_set_bss_options() {
|
|||||||
|
|
||||||
wps_possible=1
|
wps_possible=1
|
||||||
;;
|
;;
|
||||||
eap)
|
eap|eap192|eap-eap192)
|
||||||
json_get_vars \
|
json_get_vars \
|
||||||
auth_server auth_secret auth_port \
|
auth_server auth_secret auth_port \
|
||||||
dae_client dae_secret dae_port \
|
dae_client dae_secret dae_port \
|
||||||
@ -771,7 +780,7 @@ wpa_supplicant_add_network() {
|
|||||||
fi
|
fi
|
||||||
append network_data "$passphrase" "$N$T"
|
append network_data "$passphrase" "$N$T"
|
||||||
;;
|
;;
|
||||||
eap)
|
eap|eap192|eap-eap192)
|
||||||
hostapd_append_wpa_key_mgmt
|
hostapd_append_wpa_key_mgmt
|
||||||
key_mgmt="$wpa_key_mgmt"
|
key_mgmt="$wpa_key_mgmt"
|
||||||
|
|
||||||
|
@ -34,6 +34,10 @@ static inline int has_feature(const char *feat)
|
|||||||
#ifdef CONFIG_OWE
|
#ifdef CONFIG_OWE
|
||||||
if (!strcmp(feat, "owe"))
|
if (!strcmp(feat, "owe"))
|
||||||
return 1;
|
return 1;
|
||||||
|
#endif
|
||||||
|
#ifdef CONFIG_SUITEB192
|
||||||
|
if (!strcmp(feat, "suiteb192"))
|
||||||
|
return 1;
|
||||||
#endif
|
#endif
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user