projects / openwrt / openwrt.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
hostapd: Activate Opportunistic Wireless Encryption (OWE)
[openwrt/openwrt.git] / package / network / services / hostapd / files / hostapd.sh
diff --git a/package/network/services/hostapd/files/hostapd.sh b/package/network/services/hostapd/files/hostapd.sh
index 7ffff4e7e10854844efea8c0b034ffb6e9f87b38..6a2eb7b023d51ff19f3c7b94fffa3b3ee3e99798 100644 (file)
--- a/package/network/services/hostapd/files/hostapd.sh
+++ b/package/network/services/hostapd/files/hostapd.sh
@@ -37,11 +37,29 @@ hostapd_append_wep_key() {
 }
 
 hostapd_append_wpa_key_mgmt() {
-       local auth_type="$(echo $auth_type | tr 'a-z' 'A-Z')"
+       local auth_type_l="$(echo $auth_type | tr 'a-z' 'A-Z')"
 
-       append wpa_key_mgmt "WPA-$auth_type"
-       [ "${ieee80211r:-0}" -gt 0 ] && append wpa_key_mgmt "FT-${auth_type}"
-       [ "${ieee80211w:-0}" -gt 0 ] && append wpa_key_mgmt "WPA-${auth_type}-SHA256"
+       case "$auth_type" in
+               psk|eap)
+                       append wpa_key_mgmt "WPA-$auth_type_l"
+                       [ "${ieee80211r:-0}" -gt 0 ] && append wpa_key_mgmt "FT-${auth_type_l}"
+                       [ "${ieee80211w:-0}" -gt 0 ] && append wpa_key_mgmt "WPA-${auth_type_l}-SHA256"
+               ;;
+               sae)
+                       append wpa_key_mgmt "SAE"
+                       [ "${ieee80211r:-0}" -gt 0 ] && append wpa_key_mgmt "FT-SAE"
+               ;;
+               psk-sae)
+                       append wpa_key_mgmt "WPA-PSK"
+                       [ "${ieee80211r:-0}" -gt 0 ] && append wpa_key_mgmt "FT-PSK"
+                       [ "${ieee80211w:-0}" -gt 0 ] && append wpa_key_mgmt "WPA-PSK-SHA256"
+                       append wpa_key_mgmt "SAE"
+                       [ "${ieee80211r:-0}" -gt 0 ] && append wpa_key_mgmt "FT-SAE"
+               ;;
+               owe)
+                       append wpa_key_mgmt "OWE"
+               ;;
+       esac
 }
 
 hostapd_add_log_config() {
@@ -209,6 +227,10 @@ hostapd_common_add_bss_config() {
        config_add_int mcast_rate
        config_add_array basic_rate
        config_add_array supported_rates
+       
+       config_add_boolean sae_require_mfp
+       
+       config_add_string 'owe_transition_bssid:macaddr' 'owe_transition_ssid:string'
 }
 
 hostapd_set_bss_options() {
@@ -230,7 +252,7 @@ hostapd_set_bss_options() {
                macfilter ssid wmm uapsd hidden short_preamble rsn_preauth \
                iapp_interface eapol_version dynamic_vlan ieee80211w nasid \
                acct_server acct_secret acct_port acct_interval \
-               bss_load_update_period chan_util_avg_period
+               bss_load_update_period chan_util_avg_period sae_require_mfp
 
        set_default isolate 0
        set_default maxassoc 0
@@ -284,16 +306,33 @@ hostapd_set_bss_options() {
                        append bss_conf "radius_acct_interim_interval=$acct_interval" "$N"
        }
 
+       case "$auth_type" in
+               sae|owe)
+                       set_default ieee80211w 2
+                       set_default sae_require_mfp 1
+               ;;
+               psk-sae)
+                       set_default ieee80211w 1
+                       set_default sae_require_mfp 1
+               ;;
+       esac
+       [ -n "$sae_require_mfp" ] && append bss_conf "sae_require_mfp=$sae_require_mfp" "$N"
+
        local vlan_possible=""
 
        case "$auth_type" in
-               none)
+               none|owe)
+                       json_get_vars owe_transition_bssid owe_transition_ssid
+
+                       [ -n "$owe_transition_ssid" ] && append bss_conf "owe_transition_ssid=\"$owe_transition_ssid\"" "$N"
+                       [ -n "$owe_transition_bssid" ] && append bss_conf "owe_transition_bssid=$owe_transition_bssid" "$N"
+
                        wps_possible=1
                        # Here we make the assumption that if we're in open mode
                        # with WPS enabled, we got to be in unconfigured state.
                        wps_not_configured=1
                ;;
-               psk)
+               psk|sae|psk-sae)
                        json_get_vars key wpa_psk_file
                        if [ ${#key} -lt 8 ]; then
                                wireless_setup_vif_failed INVALID_WPA_PSK
@@ -704,12 +743,15 @@ wpa_supplicant_add_network() {
 
        case "$auth_type" in
                none) ;;
+               owe)
+                       hostapd_append_wpa_key_mgmt
+               ;;
                wep)
                        local wep_keyidx=0
                        hostapd_append_wep_key network_data
                        append network_data "wep_tx_keyidx=$wep_keyidx" "$N$T"
                ;;
-               psk)
+               psk|sae|psk-sae)
                        local passphrase
 
                        if [ "$_w_mode" != "mesh" ]; then
OpenWrt Source Repository