From patchwork Fri Oct 12 20:36:58 2018
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Hauke Mehrtens <hauke@hauke-m.de>
X-Patchwork-Id: 983294
Return-Path: 
 <openwrt-devel-bounces+incoming=patchwork.ozlabs.org@lists.openwrt.org>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Authentication-Results: ozlabs.org;
	spf=pass (mailfrom) smtp.mailfrom=lists.openwrt.org
	(client-ip=2607:7c80:54:e::133; helo=bombadil.infradead.org;
	envelope-from=openwrt-devel-bounces+incoming=patchwork.ozlabs.org@lists.openwrt.org;
	receiver=<UNKNOWN>)
Authentication-Results: ozlabs.org;
	dmarc=none (p=none dis=none) header.from=hauke-m.de
Authentication-Results: ozlabs.org; dkim=pass (2048-bit key;
	unprotected) header.d=lists.infradead.org
	header.i=@lists.infradead.org header.b="EuurZTvS";
	dkim-atps=neutral
Received: from bombadil.infradead.org (bombadil.infradead.org
	[IPv6:2607:7c80:54:e::133])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256
	bits)) (No client certificate requested)
	by ozlabs.org (Postfix) with ESMTPS id 42X08C1nDdz9s3Z
	for <incoming@patchwork.ozlabs.org>;
	Sat, 13 Oct 2018 07:40:11 +1100 (AEDT)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
	d=lists.infradead.org; s=bombadil.20170209; h=Sender:
	Content-Transfer-Encoding:Content-Type:MIME-Version:Cc:List-Subscribe:
	List-Help:List-Post:List-Archive:List-Unsubscribe:List-Id:Subject:Message-Id:
	Date:To:From:Reply-To:Content-ID:Content-Description:Resent-Date:Resent-From:
	Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References:
	List-Owner; bh=ToHjXyDMJqZzgxi6GvOMcC9zfhcvj1otOVQ6AZBieM8=;
	b=EuurZTvSQULqjV
	HkGWmXyh9ea5E8OnFffj6b1yM5cg54AI02l9Kc5XbbmuYPSn0+Ic+JkSfJyuEXAZz1FllzFb1mh3U
	pQUw1WvtfYSoFZtJRSzeR1faFZ2sJELkvcfsXCDMD3OirA9a4sWSaGv25AzOZADBfuKuuWUXrdVRa
	Q89s9qObtSZnQcaBFWrnbT8YX+x+V4BfNqQWzNrZKBr2pkwpPM6OgUXlPY1bkeGN1IoeInWdKA37H
	Ia4Xv4PCsXIjguswqLXPwTEitKJZ5D8Ji+cQvsbxQLFj+YhtFulag5xB4OCwcZeVKDSkXrv7+MEot
	c9vVZ6Ea9tK/kgcedNOw==;
Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org)
	by bombadil.infradead.org with esmtp (Exim 4.90_1 #2 (Red Hat Linux))
	id 1gB4E7-0002Ay-1H; Fri, 12 Oct 2018 20:40:03 +0000
Received: from mx1.mailbox.org ([2001:67c:2050:104:0:1:25:1])
	by bombadil.infradead.org with esmtps (Exim 4.90_1 #2 (Red Hat
	Linux)) id 1gB4Bp-00010S-T2
	for openwrt-devel@lists.openwrt.org; Fri, 12 Oct 2018 20:37:47 +0000
Received: from smtp2.mailbox.org (unknown [IPv6:2001:67c:2050:105:465:1:2:0])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256
	bits)) (No client certificate requested)
	by mx1.mailbox.org (Postfix) with ESMTPS id 63D474AEE2;
	Fri, 12 Oct 2018 22:37:27 +0200 (CEST)
X-Virus-Scanned: amavisd-new at heinlein-support.de
Received: from smtp2.mailbox.org ([80.241.60.241])
	by spamfilter03.heinlein-hosting.de (spamfilter03.heinlein-hosting.de
	[80.241.56.117]) (amavisd-new, port 10030)
	with ESMTP id ERTfwHzFkQVE; Fri, 12 Oct 2018 22:37:26 +0200 (CEST)
From: Hauke Mehrtens <hauke@hauke-m.de>
To: openwrt-devel@lists.openwrt.org
Date: Fri, 12 Oct 2018 22:36:58 +0200
Message-Id: <20181012203707.14716-1-hauke@hauke-m.de>
X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 
X-CRM114-CacheID: sfid-20181012_133742_160335_C20876AD 
X-CRM114-Status: GOOD (  13.13  )
X-Spam-Score: -0.0 (/)
X-Spam-Report: SpamAssassin version 3.4.1 on bombadil.infradead.org summary:
	Content analysis details:   (-0.0 points)
	pts rule name              description
	---- ----------------------
	--------------------------------------------------
	-0.0 SPF_PASS               SPF: sender matches SPF record
Subject: [OpenWrt-Devel] [PATCH 0/9] hostapd: Add wupport for SAE / OWE /
	WPA3
X-BeenThere: openwrt-devel@lists.openwrt.org
X-Mailman-Version: 2.1.21
Precedence: list
List-Id: <openwrt-devel.lists.openwrt.org>
List-Unsubscribe: <http://lists.infradead.org/mailman/options/openwrt-devel>,
	<mailto:openwrt-devel-request@lists.openwrt.org?subject=unsubscribe>
List-Archive: <http://lists.infradead.org/pipermail/openwrt-devel/>
List-Post: <mailto:openwrt-devel@lists.openwrt.org>
List-Help: <mailto:openwrt-devel-request@lists.openwrt.org?subject=help>
List-Subscribe: <http://lists.infradead.org/mailman/listinfo/openwrt-devel>,
	<mailto:openwrt-devel-request@lists.openwrt.org?subject=subscribe>
Cc: Hauke Mehrtens <hauke@hauke-m.de>
MIME-Version: 1.0
Sender: "openwrt-devel" <openwrt-devel-bounces@lists.openwrt.org>
Errors-To: 
 openwrt-devel-bounces+incoming=patchwork.ozlabs.org@lists.openwrt.org

This adds support for SAE, OWE and WPA3 authentication modes to hostapd 
and netifd. Hostapd already supports these standards, they just have to 
be activated and the OpenWrt scripts needed some extension. 

When this gets merged the netifd patches should be directly applied to 
netifd and the version number should be increased.
I tested all of these modes.

Hauke Mehrtens (9):
  hostapd: sync config with default configuration
  hostapd: backport build fix when OWE is activated
  hostapd: SAE: Do not ignore option sae_require_mfp
  hostapd: Activate Simultaneous Authentication of Equals (SAE)
  hostapd: Activate Opportunistic Wireless Encryption (OWE)
  hostapd: Add WPA-EAP-SUITE-B-192 (WPA3-Enterprise)
  netifd: Add support for wireless SAE authentication
  netifd: Add support for wireless OWE authentication
  netifd: Add support for wireless EAP-Suite-B-192 authentication

 ...d-Simultaneous-Authentication-of-Equals-S.patch | 36 +++++++++++
 ...Add-Opportunistic-Wireless-Encryption-OWE.patch | 31 ++++++++++
 ...s-Add-WPA-EAP-SUITE-B-192-WPA3-Enterprise.patch | 34 +++++++++++
 package/network/services/hostapd/Makefile          |  4 +-
 .../services/hostapd/files/hostapd-full.config     |  8 +--
 .../services/hostapd/files/hostapd-mini.config     |  8 +--
 package/network/services/hostapd/files/hostapd.sh  | 71 +++++++++++++++++++---
 .../hostapd/files/wpa_supplicant-full.config       | 20 +++---
 .../hostapd/files/wpa_supplicant-mini.config       | 20 +++---
 .../hostapd/files/wpa_supplicant-p2p.config        | 20 +++---
 ...-unauthenticated-encrypted-EAPOL-Key-data.patch |  7 +--
 ...ld-error-in-AP-code-without-CONFIG_IEEE80.patch | 29 +++++++++
 ...-SAE-Do-not-ignore-option-sae_require_mfp.patch | 26 ++++++++
 .../patches/380-disable_ctrl_iface_mib.patch       |  4 +-
 .../patches/381-hostapd_cli_UNKNOWN-COMMAND.patch  |  4 +-
 .../hostapd/patches/700-fix-openssl11.patch        |  9 +--
 .../hostapd/src/src/utils/build_features.h         | 12 ++++
 17 files changed, 278 insertions(+), 65 deletions(-)
 create mode 100644 package/network/config/netifd/patches/001-wireless-Add-Simultaneous-Authentication-of-Equals-S.patch
 create mode 100644 package/network/config/netifd/patches/002-wireless-Add-Opportunistic-Wireless-Encryption-OWE.patch
 create mode 100644 package/network/config/netifd/patches/003-wireless-Add-WPA-EAP-SUITE-B-192-WPA3-Enterprise.patch
 create mode 100644 package/network/services/hostapd/patches/040-OWE-Fix-build-error-in-AP-code-without-CONFIG_IEEE80.patch
 create mode 100644 package/network/services/hostapd/patches/130-SAE-Do-not-ignore-option-sae_require_mfp.patch