mirror of
https://github.com/vanhoefm/fragattacks.git
synced 2025-01-18 10:54:03 -05:00
FILS: Add hostapd configuration options
This adds CONFIG_FILS=y build configuration option and new key management options for FILS authentication. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This commit is contained in:
parent
274d8b776f
commit
903ecbe8da
@ -258,6 +258,12 @@ NEED_ECC=y
|
||||
NEED_DH_GROUPS=y
|
||||
endif
|
||||
|
||||
ifdef CONFIG_FILS
|
||||
L_CFLAGS += -DCONFIG_FILS
|
||||
NEED_CRC32=y
|
||||
NEED_SHA384=y
|
||||
endif
|
||||
|
||||
ifdef CONFIG_WNM
|
||||
L_CFLAGS += -DCONFIG_WNM
|
||||
OBJS += src/ap/wnm_ap.c
|
||||
@ -852,6 +858,10 @@ ifdef NEED_ECC
|
||||
L_CFLAGS += -DCONFIG_ECC
|
||||
endif
|
||||
|
||||
ifdef NEED_CRC32
|
||||
OBJS += src/utils/crc32.c
|
||||
endif
|
||||
|
||||
ifdef CONFIG_NO_RANDOM_POOL
|
||||
L_CFLAGS += -DCONFIG_NO_RANDOM_POOL
|
||||
else
|
||||
|
@ -305,6 +305,12 @@ NEED_DH_GROUPS=y
|
||||
NEED_AP_MLME=y
|
||||
endif
|
||||
|
||||
ifdef CONFIG_FILS
|
||||
CFLAGS += -DCONFIG_FILS
|
||||
NEED_CRC32=y
|
||||
NEED_SHA384=y
|
||||
endif
|
||||
|
||||
ifdef CONFIG_WNM
|
||||
CFLAGS += -DCONFIG_WNM
|
||||
OBJS += ../src/ap/wnm_ap.o
|
||||
@ -894,6 +900,10 @@ ifdef NEED_ECC
|
||||
CFLAGS += -DCONFIG_ECC
|
||||
endif
|
||||
|
||||
ifdef NEED_CRC32
|
||||
OBJS += ../src/utils/crc32.o
|
||||
endif
|
||||
|
||||
ifdef CONFIG_NO_RANDOM_POOL
|
||||
CFLAGS += -DCONFIG_NO_RANDOM_POOL
|
||||
else
|
||||
|
@ -710,6 +710,18 @@ static int hostapd_config_parse_key_mgmt(int line, const char *value)
|
||||
else if (os_strcmp(start, "WPA-EAP-SUITE-B-192") == 0)
|
||||
val |= WPA_KEY_MGMT_IEEE8021X_SUITE_B_192;
|
||||
#endif /* CONFIG_SUITEB192 */
|
||||
#ifdef CONFIG_FILS
|
||||
else if (os_strcmp(start, "FILS-SHA256") == 0)
|
||||
val |= WPA_KEY_MGMT_FILS_SHA256;
|
||||
else if (os_strcmp(start, "FILS-SHA384") == 0)
|
||||
val |= WPA_KEY_MGMT_FILS_SHA384;
|
||||
#ifdef CONFIG_IEEE80211R
|
||||
else if (os_strcmp(start, "FT-FILS-SHA256") == 0)
|
||||
val |= WPA_KEY_MGMT_FT_FILS_SHA256;
|
||||
else if (os_strcmp(start, "FT-FILS-SHA384") == 0)
|
||||
val |= WPA_KEY_MGMT_FT_FILS_SHA384;
|
||||
#endif /* CONFIG_IEEE80211R */
|
||||
#endif /* CONFIG_FILS */
|
||||
else {
|
||||
wpa_printf(MSG_ERROR, "Line %d: invalid key_mgmt '%s'",
|
||||
line, start);
|
||||
@ -3493,6 +3505,16 @@ static int hostapd_config_fill(struct hostapd_config *conf,
|
||||
bss->ftm_responder = atoi(pos);
|
||||
} else if (os_strcmp(buf, "ftm_initiator") == 0) {
|
||||
bss->ftm_initiator = atoi(pos);
|
||||
#ifdef CONFIG_FILS
|
||||
} else if (os_strcmp(buf, "fils_cache_id") == 0) {
|
||||
if (hexstr2bin(pos, bss->fils_cache_id, FILS_CACHE_ID_LEN)) {
|
||||
wpa_printf(MSG_ERROR,
|
||||
"Line %d: Invalid fils_cache_id '%s'",
|
||||
line, pos);
|
||||
return 1;
|
||||
}
|
||||
bss->fils_cache_id_set = 1;
|
||||
#endif /* CONFIG_FILS */
|
||||
} else {
|
||||
wpa_printf(MSG_ERROR,
|
||||
"Line %d: unknown configuration item '%s'",
|
||||
|
@ -1117,6 +1117,20 @@ static int hostapd_ctrl_iface_get_key_mgmt(struct hostapd_data *hapd,
|
||||
pos += ret;
|
||||
}
|
||||
#endif /* CONFIG_SAE */
|
||||
#ifdef CONFIG_FILS
|
||||
if (hapd->conf->wpa_key_mgmt & WPA_KEY_MGMT_FT_FILS_SHA256) {
|
||||
ret = os_snprintf(pos, end - pos, "FT-FILS-SHA256 ");
|
||||
if (os_snprintf_error(end - pos, ret))
|
||||
return pos - buf;
|
||||
pos += ret;
|
||||
}
|
||||
if (hapd->conf->wpa_key_mgmt & WPA_KEY_MGMT_FT_FILS_SHA384) {
|
||||
ret = os_snprintf(pos, end - pos, "FT-FILS-SHA384 ");
|
||||
if (os_snprintf_error(end - pos, ret))
|
||||
return pos - buf;
|
||||
pos += ret;
|
||||
}
|
||||
#endif /* CONFIG_FILS */
|
||||
#endif /* CONFIG_IEEE80211R */
|
||||
#ifdef CONFIG_IEEE80211W
|
||||
if (hapd->conf->wpa_key_mgmt & WPA_KEY_MGMT_PSK_SHA256) {
|
||||
@ -1154,6 +1168,20 @@ static int hostapd_ctrl_iface_get_key_mgmt(struct hostapd_data *hapd,
|
||||
return pos - buf;
|
||||
pos += ret;
|
||||
}
|
||||
#ifdef CONFIG_FILS
|
||||
if (hapd->conf->wpa_key_mgmt & WPA_KEY_MGMT_FILS_SHA256) {
|
||||
ret = os_snprintf(pos, end - pos, "FILS-SHA256 ");
|
||||
if (os_snprintf_error(end - pos, ret))
|
||||
return pos - buf;
|
||||
pos += ret;
|
||||
}
|
||||
if (hapd->conf->wpa_key_mgmt & WPA_KEY_MGMT_FILS_SHA384) {
|
||||
ret = os_snprintf(pos, end - pos, "FILS-SHA384 ");
|
||||
if (os_snprintf_error(end - pos, ret))
|
||||
return pos - buf;
|
||||
pos += ret;
|
||||
}
|
||||
#endif /* CONFIG_FILS */
|
||||
|
||||
if (pos > buf && *(pos - 1) == ' ') {
|
||||
*(pos - 1) = '\0';
|
||||
|
@ -343,3 +343,8 @@ CONFIG_IPV6=y
|
||||
# a client, from which a signature can be produced which can identify the model
|
||||
# of client device like "Nexus 6P" or "iPhone 5s".
|
||||
#CONFIG_TAXONOMY=y
|
||||
|
||||
# Fast Initial Link Setup (FILS) (IEEE 802.11ai)
|
||||
# Note: This is an experimental and not yet complete implementation. This
|
||||
# should not be enabled for production use.
|
||||
#CONFIG_FILS=y
|
||||
|
@ -1163,6 +1163,10 @@ own_ip_addr=127.0.0.1
|
||||
# Set of accepted key management algorithms (WPA-PSK, WPA-EAP, or both). The
|
||||
# entries are separated with a space. WPA-PSK-SHA256 and WPA-EAP-SHA256 can be
|
||||
# added to enable SHA256-based stronger algorithms.
|
||||
# FILS-SHA256 = Fast Initial Link Setup with SHA256
|
||||
# FILS-SHA384 = Fast Initial Link Setup with SHA384
|
||||
# FT-FILS-SHA256 = FT and Fast Initial Link Setup with SHA256
|
||||
# FT-FILS-SHA384 = FT and Fast Initial Link Setup with SHA384
|
||||
# (dot11RSNAConfigAuthenticationSuitesTable)
|
||||
#wpa_key_mgmt=WPA-PSK WPA-EAP
|
||||
|
||||
@ -1273,6 +1277,9 @@ own_ip_addr=127.0.0.1
|
||||
# http://www.iana.org/assignments/ipsec-registry/ipsec-registry.xml#ipsec-registry-9
|
||||
#sae_groups=19 20 21 25 26
|
||||
|
||||
# FILS Cache Identifier (16-bit value in hexdump format)
|
||||
#fils_cache_id=0011
|
||||
|
||||
##### IEEE 802.11r configuration ##############################################
|
||||
|
||||
# Mobility Domain identifier (dot11FTMobilityDomainID, MDID)
|
||||
|
@ -596,6 +596,11 @@ struct hostapd_bss_config {
|
||||
|
||||
int ftm_responder;
|
||||
int ftm_initiator;
|
||||
|
||||
#ifdef CONFIG_FILS
|
||||
u8 fils_cache_id[FILS_CACHE_ID_LEN];
|
||||
int fils_cache_id_set;
|
||||
#endif /* CONFIG_FILS */
|
||||
};
|
||||
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user