projects / openwrt / openwrt.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 567f64d)
hostapd: fix WPA3 enterprise keys and ciphers
authorJoerg Werner <schreibubi@gmail.com>
Sun, 26 Jun 2022 15:18:39 +0000 (17:18 +0200)
committerHauke Mehrtens <hauke@hauke-m.de>
Fri, 26 Aug 2022 20:30:56 +0000 (22:30 +0200)
WPA3 enterprise requires group_mgmt_cipher=BIP-GMAC-256 and if 802.11r is
active also wpa_key_mgmt FT-EAP-SHA384. This commit also requires
corresponding changes in netifd.

Signed-off-by: Joerg Werner <schreibubi@gmail.com>
(cherry picked from commit 9fbb76c0470fd54f1f34909b1098d0f76078878f)

package/network/services/hostapd/files/hostapd.sh patch | blob | history

diff --git a/package/network/services/hostapd/files/hostapd.sh b/package/network/services/hostapd/files/hostapd.sh
index 99688810f398b32de0b318e62a46cb322a3f5d33..f7bb7164cd48181db1dee238bf6d5898e02877f5 100644 (file)
--- a/package/network/services/hostapd/files/hostapd.sh
+++ b/package/network/services/hostapd/files/hostapd.sh
@@ -48,12 +48,15 @@ hostapd_append_wpa_key_mgmt() {
                ;;
                eap192)
                        append wpa_key_mgmt "WPA-EAP-SUITE-B-192"
-                       [ "${ieee80211r:-0}" -gt 0 ] && append wpa_key_mgmt "FT-EAP"
+                       [ "${ieee80211r:-0}" -gt 0 ] && append wpa_key_mgmt "FT-EAP-SHA384"
                ;;
                eap-eap192)
                        append wpa_key_mgmt "WPA-EAP-SUITE-B-192"
                        append wpa_key_mgmt "WPA-EAP"
-                       [ "${ieee80211r:-0}" -gt 0 ] && append wpa_key_mgmt "FT-EAP"
+                       [ "${ieee80211r:-0}" -gt 0 ] && {
+                               append wpa_key_mgmt "FT-EAP-SHA384"
+                               append wpa_key_mgmt "FT-EAP"
+                       }
                        [ "${ieee80211w:-0}" -gt 0 ] && append wpa_key_mgmt "WPA-EAP-SHA256"
                ;;
                sae)
@@ -934,7 +937,11 @@ hostapd_set_bss_options() {
                                json_get_vars ieee80211w_mgmt_cipher ieee80211w_max_timeout ieee80211w_retry_timeout
                                append bss_conf "ieee80211w=$ieee80211w" "$N"
                                [ "$ieee80211w" -gt "0" ] && {
-                                       append bss_conf "group_mgmt_cipher=${ieee80211w_mgmt_cipher:-AES-128-CMAC}" "$N"
+                                       if [ "$auth_type" = "eap192" ]; then
+                                               append bss_conf "group_mgmt_cipher=BIP-GMAC-256" "$N"
+                                       else
+                                               append bss_conf "group_mgmt_cipher=${ieee80211w_mgmt_cipher:-AES-128-CMAC}" "$N"
+                                       fi
                                        [ -n "$ieee80211w_max_timeout" ] && \
                                                append bss_conf "assoc_sa_query_max_timeout=$ieee80211w_max_timeout" "$N"
                                        [ -n "$ieee80211w_retry_timeout" ] && \
OpenWrt Source Repository