hostapd: Activate Opportunistic Wireless Encryption (OWE)
authorHauke Mehrtens <hauke@hauke-m.de>
Thu, 4 Oct 2018 20:45:06 +0000 (22:45 +0200)
committerHauke Mehrtens <hauke@hauke-m.de>
Sun, 14 Oct 2018 11:57:15 +0000 (13:57 +0200)
OWE is defined in RFC 8110 and provides encryption and forward security
for open networks.

This is based on the requirements in the Wifi alliance document
Opportunistic_Wireless_Encryption_Specification_v1.0_0.pdf
The wifi alliance requires ieee80211w for the OWE mode.
This also makes it possible to configure the OWE transission mode which
allows it operate an open and an OWE BSSID in parallel and the client
should only show one network.

This increases the ipkg size by 5.800 Bytes.
Old: 402.541 Bytes
New: 408.341 Bytes

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
package/network/services/hostapd/Makefile
package/network/services/hostapd/files/hostapd.sh
package/network/services/hostapd/src/src/utils/build_features.h

index 3f9b776..06cf046 100644 (file)
@@ -97,11 +97,11 @@ endif
 
 ifeq ($(LOCAL_VARIANT),full)
   ifeq ($(SSL_VARIANT),openssl)
-    DRIVER_MAKEOPTS += CONFIG_TLS=openssl CONFIG_SAE=y
+    DRIVER_MAKEOPTS += CONFIG_TLS=openssl CONFIG_SAE=y CONFIG_OWE=y
     TARGET_LDFLAGS += -lcrypto -lssl
   endif
   ifeq ($(SSL_VARIANT),wolfssl)
-    DRIVER_MAKEOPTS += CONFIG_TLS=wolfssl CONFIG_WPS_NFC=1 CONFIG_SAE=y
+    DRIVER_MAKEOPTS += CONFIG_TLS=wolfssl CONFIG_WPS_NFC=1 CONFIG_SAE=y CONFIG_OWE=y
     TARGET_LDFLAGS += -lwolfssl
   endif
 endif
index c988270..6a2eb7b 100644 (file)
@@ -56,6 +56,9 @@ hostapd_append_wpa_key_mgmt() {
                        append wpa_key_mgmt "SAE"
                        [ "${ieee80211r:-0}" -gt 0 ] && append wpa_key_mgmt "FT-SAE"
                ;;
+               owe)
+                       append wpa_key_mgmt "OWE"
+               ;;
        esac
 }
 
@@ -226,6 +229,8 @@ hostapd_common_add_bss_config() {
        config_add_array supported_rates
        
        config_add_boolean sae_require_mfp
+       
+       config_add_string 'owe_transition_bssid:macaddr' 'owe_transition_ssid:string'
 }
 
 hostapd_set_bss_options() {
@@ -302,7 +307,7 @@ hostapd_set_bss_options() {
        }
 
        case "$auth_type" in
-               sae)
+               sae|owe)
                        set_default ieee80211w 2
                        set_default sae_require_mfp 1
                ;;
@@ -316,7 +321,12 @@ hostapd_set_bss_options() {
        local vlan_possible=""
 
        case "$auth_type" in
-               none)
+               none|owe)
+                       json_get_vars owe_transition_bssid owe_transition_ssid
+
+                       [ -n "$owe_transition_ssid" ] && append bss_conf "owe_transition_ssid=\"$owe_transition_ssid\"" "$N"
+                       [ -n "$owe_transition_bssid" ] && append bss_conf "owe_transition_bssid=$owe_transition_bssid" "$N"
+
                        wps_possible=1
                        # Here we make the assumption that if we're in open mode
                        # with WPS enabled, we got to be in unconfigured state.
@@ -733,6 +743,9 @@ wpa_supplicant_add_network() {
 
        case "$auth_type" in
                none) ;;
+               owe)
+                       hostapd_append_wpa_key_mgmt
+               ;;
                wep)
                        local wep_keyidx=0
                        hostapd_append_wep_key network_data
index 328c76c..4013ae7 100644 (file)
@@ -30,6 +30,10 @@ static inline int has_feature(const char *feat)
 #ifdef CONFIG_SAE
        if (!strcmp(feat, "sae"))
                return 1;
+#endif
+#ifdef CONFIG_OWE
+       if (!strcmp(feat, "owe"))
+               return 1;
 #endif
        return 0;
 }