From patchwork Fri Oct 5 21:49:25 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Hauke Mehrtens X-Patchwork-Id: 979804 X-Patchwork-Delegate: blogic@openwrt.org Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (mailfrom) smtp.mailfrom=lists.openwrt.org (client-ip=2607:7c80:54:e::133; helo=bombadil.infradead.org; envelope-from=openwrt-devel-bounces+incoming=patchwork.ozlabs.org@lists.openwrt.org; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=hauke-m.de Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=lists.infradead.org header.i=@lists.infradead.org header.b="IQUuuKdD"; dkim-atps=neutral Received: from bombadil.infradead.org (bombadil.infradead.org [IPv6:2607:7c80:54:e::133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 42Rk3Q5sGzz9s4V for ; Sat, 6 Oct 2018 07:51:14 +1000 (AEST) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20170209; h=Sender: Content-Transfer-Encoding:Content-Type:MIME-Version:Cc:List-Subscribe: List-Help:List-Post:List-Archive:List-Unsubscribe:List-Id:Subject:References: In-Reply-To:Message-Id:Date:To:From:Reply-To:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: List-Owner; bh=OPz9YUOTEZIOsJ3ZQS8qu9K0R4hBJeknGCnCW5Ph9GY=; b=IQUuuKdDQdjav8 J4gdAJmWAnkPFA/Gqo/yU1yU6+1denMTiTSNYg9hYJHeRHU0ztCS1SHZh7zTU0XRk2pDcj+Z8zw8b LMI7IjEZ5dT35UrqMUxJKgN15GFlrOjCvkLAOw11ljCy6IjvOnrntWlYaYr6im7bA/87t6imyE4Mt n0s+o5VfH6CAOO7/exZENyzncJO3EVJQWHU/5bckSTJXgGmL5YgDkIfKKrnKECtOKIW69XqB0FPrT p8m7c2g10MbvIJwj3JT+xalmYPm10dmxW4BpKkQ4voRunH9yX0VmE3op/gZA5ao2wNjXmtn8q8U5y gGc4jjwQQSduK5OhM39A==; Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.90_1 #2 (Red Hat Linux)) id 1g8Y00-0003CU-NQ; Fri, 05 Oct 2018 21:51:04 +0000 Received: from mx2.mailbox.org ([80.241.60.215]) by bombadil.infradead.org with esmtps (Exim 4.90_1 #2 (Red Hat Linux)) id 1g8Xzc-0002yd-IB for openwrt-devel@lists.openwrt.org; Fri, 05 Oct 2018 21:51:00 +0000 Received: from smtp2.mailbox.org (smtp2.mailbox.org [80.241.60.241]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx2.mailbox.org (Postfix) with ESMTPS id A48E341596; Fri, 5 Oct 2018 23:49:42 +0200 (CEST) X-Virus-Scanned: amavisd-new at heinlein-support.de Received: from smtp2.mailbox.org ([80.241.60.241]) by spamfilter03.heinlein-hosting.de (spamfilter03.heinlein-hosting.de [80.241.56.117]) (amavisd-new, port 10030) with ESMTP id 6UEItGnMWBt8; Fri, 5 Oct 2018 23:49:41 +0200 (CEST) From: Hauke Mehrtens To: openwrt-devel@lists.openwrt.org Date: Fri, 5 Oct 2018 23:49:25 +0200 Message-Id: <20181005214930.23763-2-hauke@hauke-m.de> In-Reply-To: <20181005214930.23763-1-hauke@hauke-m.de> References: <20181005214930.23763-1-hauke@hauke-m.de> X-Bad-Reply: References and In-Reply-To but no 'Re:' in Subject. X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20181005_145040_939989_8C35E237 X-CRM114-Status: GOOD ( 11.20 ) X-Spam-Score: -0.7 (/) X-Spam-Report: SpamAssassin version 3.4.1 on bombadil.infradead.org summary: Content analysis details: (-0.7 points) pts rule name description ---- ---------------------- -------------------------------------------------- -0.7 RCVD_IN_DNSWL_LOW RBL: Sender listed at http://www.dnswl.org/, low trust [80.241.60.215 listed in list.dnswl.org] -0.0 SPF_PASS SPF: sender matches SPF record Subject: [OpenWrt-Devel] [RFC 1/6] hostapd: sync config with default configuration X-BeenThere: openwrt-devel@lists.openwrt.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Hauke Mehrtens MIME-Version: 1.0 Sender: "openwrt-devel" Errors-To: openwrt-devel-bounces+incoming=patchwork.ozlabs.org@lists.openwrt.org Signed-off-by: Hauke Mehrtens --- .../services/hostapd/files/hostapd-full.config | 8 ++++---- .../services/hostapd/files/hostapd-mini.config | 8 ++++---- .../hostapd/files/wpa_supplicant-full.config | 20 +++++++++++--------- .../hostapd/files/wpa_supplicant-mini.config | 20 +++++++++++--------- .../services/hostapd/files/wpa_supplicant-p2p.config | 20 +++++++++++--------- 5 files changed, 41 insertions(+), 35 deletions(-) diff --git a/package/network/services/hostapd/files/hostapd-full.config b/package/network/services/hostapd/files/hostapd-full.config index 355a70b9e1..b4159c2d28 100644 --- a/package/network/services/hostapd/files/hostapd-full.config +++ b/package/network/services/hostapd/files/hostapd-full.config @@ -50,11 +50,7 @@ CONFIG_IAPP=y # WPA2/IEEE 802.11i RSN pre-authentication CONFIG_RSN_PREAUTH=y -# PeerKey handshake for Station to Station Link (IEEE 802.11e DLS) -CONFIG_PEERKEY=y - # IEEE 802.11w (management frame protection) -# Driver support is also needed for IEEE 802.11w. #CONFIG_IEEE80211W=y # Integrated EAP server @@ -374,6 +370,10 @@ CONFIG_TAXONOMY=y # Experimental implementation of draft-harkins-owe-07.txt #CONFIG_OWE=y +# Override default value for the wpa_disable_eapol_key_retries configuration +# parameter. See that parameter in hostapd.conf for more details. +#CFLAGS += -DDEFAULT_WPA_DISABLE_EAPOL_KEY_RETRIES=1 + # uBus IPC/RPC System # Services can connect to the bus and provide methods # that can be called by other services or clients. diff --git a/package/network/services/hostapd/files/hostapd-mini.config b/package/network/services/hostapd/files/hostapd-mini.config index 661983a94b..9057658c16 100644 --- a/package/network/services/hostapd/files/hostapd-mini.config +++ b/package/network/services/hostapd/files/hostapd-mini.config @@ -50,11 +50,7 @@ CONFIG_DRIVER_NL80211=y # WPA2/IEEE 802.11i RSN pre-authentication CONFIG_RSN_PREAUTH=y -# PeerKey handshake for Station to Station Link (IEEE 802.11e DLS) -CONFIG_PEERKEY=y - # IEEE 802.11w (management frame protection) -# Driver support is also needed for IEEE 802.11w. #CONFIG_IEEE80211W=y # Integrated EAP server @@ -374,6 +370,10 @@ CONFIG_TLS=internal # Experimental implementation of draft-harkins-owe-07.txt #CONFIG_OWE=y +# Override default value for the wpa_disable_eapol_key_retries configuration +# parameter. See that parameter in hostapd.conf for more details. +#CFLAGS += -DDEFAULT_WPA_DISABLE_EAPOL_KEY_RETRIES=1 + # uBus IPC/RPC System # Services can connect to the bus and provide methods # that can be called by other services or clients. diff --git a/package/network/services/hostapd/files/wpa_supplicant-full.config b/package/network/services/hostapd/files/wpa_supplicant-full.config index c22e1cca5d..55b31a345b 100644 --- a/package/network/services/hostapd/files/wpa_supplicant-full.config +++ b/package/network/services/hostapd/files/wpa_supplicant-full.config @@ -73,6 +73,12 @@ CONFIG_DRIVER_NL80211=y # Driver interface for wired Ethernet drivers CONFIG_DRIVER_WIRED=y +# Driver interface for MACsec capable Qualcomm Atheros drivers +#CONFIG_DRIVER_MACSEC_QCA=y + +# Driver interface for Linux MACsec drivers +#CONFIG_DRIVER_MACSEC_LINUX=y + # Driver interface for the Broadcom RoboSwitch family #CONFIG_DRIVER_ROBOSWITCH=y @@ -83,8 +89,8 @@ CONFIG_DRIVER_WIRED=y #LIBS += -lsocket -ldlpi -lnsl #LIBS_c += -lsocket -# Enable IEEE 802.1X Supplicant (automatically included if any EAP method is -# included) +# Enable IEEE 802.1X Supplicant (automatically included if any EAP method or +# MACsec is included) CONFIG_IEEE8021X_EAPOL=y # EAP-MD5 @@ -166,6 +172,9 @@ CONFIG_WPS=y # EAP-EKE #CONFIG_EAP_EKE=y +# MACsec +#CONFIG_MACSEC=y + # PKCS#12 (PFX) support (used to read private key and certificate file from # a file that usually has extension .p12 or .pfx) CONFIG_PKCS12=y @@ -288,9 +297,6 @@ CONFIG_BACKEND=file # bridge interfaces (commit 'bridge: respect RFC2863 operational state')'). #CONFIG_NO_LINUX_PACKET_SOCKET_WAR=y -# PeerKey handshake for Station to Station Link (IEEE 802.11e DLS) -CONFIG_PEERKEY=y - # IEEE 802.11w (management frame protection), also known as PMF # Driver support is also needed for IEEE 802.11w. #CONFIG_IEEE80211W=y @@ -378,10 +384,6 @@ CONFIG_INTERNAL_LIBTOMMATH_FAST=y # IEEE Std 802.11r-2008 (Fast BSS Transition) for station mode CONFIG_IEEE80211R=y -# IEEE Std 802.11r-2008 (Fast BSS Transition) for AP mode (implies -# CONFIG_IEEE80211R). -#CONFIG_IEEE80211R_AP=y - # Add support for writing debug log to a file (/tmp/wpa_supplicant-log-#.txt) #CONFIG_DEBUG_FILE=y diff --git a/package/network/services/hostapd/files/wpa_supplicant-mini.config b/package/network/services/hostapd/files/wpa_supplicant-mini.config index 3e088715c8..67c0b323af 100644 --- a/package/network/services/hostapd/files/wpa_supplicant-mini.config +++ b/package/network/services/hostapd/files/wpa_supplicant-mini.config @@ -73,6 +73,12 @@ CONFIG_DRIVER_NL80211=y # Driver interface for wired Ethernet drivers CONFIG_DRIVER_WIRED=y +# Driver interface for MACsec capable Qualcomm Atheros drivers +#CONFIG_DRIVER_MACSEC_QCA=y + +# Driver interface for Linux MACsec drivers +#CONFIG_DRIVER_MACSEC_LINUX=y + # Driver interface for the Broadcom RoboSwitch family #CONFIG_DRIVER_ROBOSWITCH=y @@ -83,8 +89,8 @@ CONFIG_DRIVER_WIRED=y #LIBS += -lsocket -ldlpi -lnsl #LIBS_c += -lsocket -# Enable IEEE 802.1X Supplicant (automatically included if any EAP method is -# included) +# Enable IEEE 802.1X Supplicant (automatically included if any EAP method or +# MACsec is included) #CONFIG_IEEE8021X_EAPOL=y # EAP-MD5 @@ -166,6 +172,9 @@ CONFIG_DRIVER_WIRED=y # EAP-EKE #CONFIG_EAP_EKE=y +# MACsec +#CONFIG_MACSEC=y + # PKCS#12 (PFX) support (used to read private key and certificate file from # a file that usually has extension .p12 or .pfx) #CONFIG_PKCS12=y @@ -288,9 +297,6 @@ CONFIG_BACKEND=file # bridge interfaces (commit 'bridge: respect RFC2863 operational state')'). #CONFIG_NO_LINUX_PACKET_SOCKET_WAR=y -# PeerKey handshake for Station to Station Link (IEEE 802.11e DLS) -#CONFIG_PEERKEY=y - # IEEE 802.11w (management frame protection), also known as PMF # Driver support is also needed for IEEE 802.11w. #CONFIG_IEEE80211W=y @@ -378,10 +384,6 @@ CONFIG_TLS=internal # IEEE Std 802.11r-2008 (Fast BSS Transition) for station mode #CONFIG_IEEE80211R=y -# IEEE Std 802.11r-2008 (Fast BSS Transition) for AP mode (implies -# CONFIG_IEEE80211R). -#CONFIG_IEEE80211R_AP=y - # Add support for writing debug log to a file (/tmp/wpa_supplicant-log-#.txt) #CONFIG_DEBUG_FILE=y diff --git a/package/network/services/hostapd/files/wpa_supplicant-p2p.config b/package/network/services/hostapd/files/wpa_supplicant-p2p.config index 420aebcf98..c1e85f0163 100644 --- a/package/network/services/hostapd/files/wpa_supplicant-p2p.config +++ b/package/network/services/hostapd/files/wpa_supplicant-p2p.config @@ -73,6 +73,12 @@ CONFIG_DRIVER_NL80211=y # Driver interface for wired Ethernet drivers CONFIG_DRIVER_WIRED=y +# Driver interface for MACsec capable Qualcomm Atheros drivers +#CONFIG_DRIVER_MACSEC_QCA=y + +# Driver interface for Linux MACsec drivers +#CONFIG_DRIVER_MACSEC_LINUX=y + # Driver interface for the Broadcom RoboSwitch family #CONFIG_DRIVER_ROBOSWITCH=y @@ -83,8 +89,8 @@ CONFIG_DRIVER_WIRED=y #LIBS += -lsocket -ldlpi -lnsl #LIBS_c += -lsocket -# Enable IEEE 802.1X Supplicant (automatically included if any EAP method is -# included) +# Enable IEEE 802.1X Supplicant (automatically included if any EAP method or +# MACsec is included) CONFIG_IEEE8021X_EAPOL=y # EAP-MD5 @@ -166,6 +172,9 @@ CONFIG_WPS=y # EAP-EKE #CONFIG_EAP_EKE=y +# MACsec +#CONFIG_MACSEC=y + # PKCS#12 (PFX) support (used to read private key and certificate file from # a file that usually has extension .p12 or .pfx) CONFIG_PKCS12=y @@ -288,9 +297,6 @@ CONFIG_BACKEND=file # bridge interfaces (commit 'bridge: respect RFC2863 operational state')'). #CONFIG_NO_LINUX_PACKET_SOCKET_WAR=y -# PeerKey handshake for Station to Station Link (IEEE 802.11e DLS) -CONFIG_PEERKEY=y - # IEEE 802.11w (management frame protection), also known as PMF # Driver support is also needed for IEEE 802.11w. CONFIG_IEEE80211W=y @@ -378,10 +384,6 @@ CONFIG_INTERNAL_LIBTOMMATH_FAST=y # IEEE Std 802.11r-2008 (Fast BSS Transition) for station mode #CONFIG_IEEE80211R=y -# IEEE Std 802.11r-2008 (Fast BSS Transition) for AP mode (implies -# CONFIG_IEEE80211R). -#CONFIG_IEEE80211R_AP=y - # Add support for writing debug log to a file (/tmp/wpa_supplicant-log-#.txt) #CONFIG_DEBUG_FILE=y From patchwork Fri Oct 5 21:49:26 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Hauke Mehrtens X-Patchwork-Id: 979807 X-Patchwork-Delegate: blogic@openwrt.org Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (mailfrom) smtp.mailfrom=lists.openwrt.org (client-ip=2607:7c80:54:e::133; helo=bombadil.infradead.org; envelope-from=openwrt-devel-bounces+incoming=patchwork.ozlabs.org@lists.openwrt.org; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=hauke-m.de Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=lists.infradead.org header.i=@lists.infradead.org header.b="CrLwjE68"; dkim-atps=neutral Received: from bombadil.infradead.org (bombadil.infradead.org [IPv6:2607:7c80:54:e::133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 42RkHP4Xpkz9s5c for ; Sat, 6 Oct 2018 08:01:37 +1000 (AEST) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20170209; h=Sender: Content-Transfer-Encoding:Content-Type:MIME-Version:Cc:List-Subscribe: List-Help:List-Post:List-Archive:List-Unsubscribe:List-Id:Subject:References: In-Reply-To:Message-Id:Date:To:From:Reply-To:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: List-Owner; bh=wa84R3tOLIJZCm2v3Uy15jzvHno2KNByXUYmViyuAcw=; b=CrLwjE68a5Vo63 rmuAx+WI6qyiDL0mol6yQ2YhT+4POIzBvzpQAcaXC4Q/S2gefMWRZmYiZE80GT4+7ISW+8R6DJBPi ngoS+TQiWuWzSdXKdVIf23Uph6hz+dW40biXgAyOKFrZ9PYkEP+IxiyUaALKUCogaByy5jJ16kT13 y/428biKO7uKCZgU+xsWJbMyqa1eGPgxwqTV6m1xrUs5MkA5jLketLncR/buxi4MTcB+E0iicfoIj f6ESxhFjpU93ogQeUTACf7RVhxS/zGGUnVPU5QVp0Np75MKfXfmTo6lmOJgbzNGqFKZuCWVR+Tmsc Kr8A66HBuBz6T3FkrIww==; Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.90_1 #2 (Red Hat Linux)) id 1g8YA4-0007Gg-LA; Fri, 05 Oct 2018 22:01:28 +0000 Received: from mx2a.mailbox.org ([2001:67c:2050:104:0:2:25:2] helo=mx2.mailbox.org) by bombadil.infradead.org with esmtps (Exim 4.90_1 #2 (Red Hat Linux)) id 1g8Y8t-0005b2-E5 for openwrt-devel@lists.openwrt.org; Fri, 05 Oct 2018 22:00:29 +0000 Received: from smtp2.mailbox.org (smtp2.mailbox.org [80.241.60.241]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx2.mailbox.org (Postfix) with ESMTPS id 9ED24413CF; Fri, 5 Oct 2018 23:49:43 +0200 (CEST) X-Virus-Scanned: amavisd-new at heinlein-support.de Received: from smtp2.mailbox.org ([80.241.60.241]) by spamfilter02.heinlein-hosting.de (spamfilter02.heinlein-hosting.de [80.241.56.116]) (amavisd-new, port 10030) with ESMTP id 9fk_17sc35yN; Fri, 5 Oct 2018 23:49:41 +0200 (CEST) From: Hauke Mehrtens To: openwrt-devel@lists.openwrt.org Date: Fri, 5 Oct 2018 23:49:26 +0200 Message-Id: <20181005214930.23763-3-hauke@hauke-m.de> In-Reply-To: <20181005214930.23763-1-hauke@hauke-m.de> References: <20181005214930.23763-1-hauke@hauke-m.de> X-Bad-Reply: References and In-Reply-To but no 'Re:' in Subject. X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20181005_150015_831267_ED167E33 X-CRM114-Status: GOOD ( 18.41 ) X-Spam-Score: -0.0 (/) X-Spam-Report: SpamAssassin version 3.4.1 on bombadil.infradead.org summary: Content analysis details: (-0.0 points) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 SPF_PASS SPF: sender matches SPF record Subject: [OpenWrt-Devel] [RFC 2/6] hostapd: backport build fix when OWE is activated X-BeenThere: openwrt-devel@lists.openwrt.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Hauke Mehrtens MIME-Version: 1.0 Sender: "openwrt-devel" Errors-To: openwrt-devel-bounces+incoming=patchwork.ozlabs.org@lists.openwrt.org Signed-off-by: Hauke Mehrtens --- ...-unauthenticated-encrypted-EAPOL-Key-data.patch | 7 +----- ...ld-error-in-AP-code-without-CONFIG_IEEE80.patch | 29 ++++++++++++++++++++++ .../patches/380-disable_ctrl_iface_mib.patch | 4 +-- .../patches/381-hostapd_cli_UNKNOWN-COMMAND.patch | 4 +-- .../hostapd/patches/700-fix-openssl11.patch | 9 ++----- 5 files changed, 35 insertions(+), 18 deletions(-) create mode 100644 package/network/services/hostapd/patches/040-OWE-Fix-build-error-in-AP-code-without-CONFIG_IEEE80.patch diff --git a/package/network/services/hostapd/patches/0001-WPA-Ignore-unauthenticated-encrypted-EAPOL-Key-data.patch b/package/network/services/hostapd/patches/0001-WPA-Ignore-unauthenticated-encrypted-EAPOL-Key-data.patch index 1b84f7e86a..633ab58623 100644 --- a/package/network/services/hostapd/patches/0001-WPA-Ignore-unauthenticated-encrypted-EAPOL-Key-data.patch +++ b/package/network/services/hostapd/patches/0001-WPA-Ignore-unauthenticated-encrypted-EAPOL-Key-data.patch @@ -21,11 +21,9 @@ Signed-off-by: Mathy Vanhoef src/rsn_supp/wpa.c | 11 +++++++++++ 1 file changed, 11 insertions(+) -diff --git a/src/rsn_supp/wpa.c b/src/rsn_supp/wpa.c -index 56f3af7..db94a49 100644 --- a/src/rsn_supp/wpa.c +++ b/src/rsn_supp/wpa.c -@@ -2215,6 +2215,17 @@ int wpa_sm_rx_eapol(struct wpa_sm *sm, const u8 *src_addr, +@@ -2208,6 +2208,17 @@ int wpa_sm_rx_eapol(struct wpa_sm *sm, c if ((sm->proto == WPA_PROTO_RSN || sm->proto == WPA_PROTO_OSEN) && (key_info & WPA_KEY_INFO_ENCR_KEY_DATA) && mic_len) { @@ -43,6 +41,3 @@ index 56f3af7..db94a49 100644 if (wpa_supplicant_decrypt_key_data(sm, key, mic_len, ver, key_data, &key_data_len)) --- -2.7.4 - diff --git a/package/network/services/hostapd/patches/040-OWE-Fix-build-error-in-AP-code-without-CONFIG_IEEE80.patch b/package/network/services/hostapd/patches/040-OWE-Fix-build-error-in-AP-code-without-CONFIG_IEEE80.patch new file mode 100644 index 0000000000..ae9733110b --- /dev/null +++ b/package/network/services/hostapd/patches/040-OWE-Fix-build-error-in-AP-code-without-CONFIG_IEEE80.patch @@ -0,0 +1,29 @@ +From 410e2dd1d6b645bf5ed3ed55a9a415acbd993532 Mon Sep 17 00:00:00 2001 +From: Chaitanya T K +Date: Wed, 29 Aug 2018 02:14:33 +0530 +Subject: [PATCH] OWE: Fix build error in AP code without CONFIG_IEEE80211W=y + +When CONFIG_OWE is enabled but none of 11R/11W/FILS are enabled hostapd +(and wpa_supplicant with AP mode support) build failed. Fix this by +adding OWE to the list of conditions for including the local variables. + +Signed-off-by: Chaitanya T K +--- + src/ap/drv_callbacks.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +--- a/src/ap/drv_callbacks.c ++++ b/src/ap/drv_callbacks.c +@@ -109,10 +109,10 @@ int hostapd_notif_assoc(struct hostapd_d + struct ieee802_11_elems elems; + const u8 *ie; + size_t ielen; +-#if defined(CONFIG_IEEE80211R_AP) || defined(CONFIG_IEEE80211W) || defined(CONFIG_FILS) ++#if defined(CONFIG_IEEE80211R_AP) || defined(CONFIG_IEEE80211W) || defined(CONFIG_FILS) || defined(CONFIG_OWE) + u8 buf[sizeof(struct ieee80211_mgmt) + 1024]; + u8 *p = buf; +-#endif /* CONFIG_IEEE80211R_AP || CONFIG_IEEE80211W || CONFIG_FILS */ ++#endif /* CONFIG_IEEE80211R_AP || CONFIG_IEEE80211W || CONFIG_FILS || CONFIG_OWE */ + u16 reason = WLAN_REASON_UNSPECIFIED; + u16 status = WLAN_STATUS_SUCCESS; + const u8 *p2p_dev_addr = NULL; diff --git a/package/network/services/hostapd/patches/380-disable_ctrl_iface_mib.patch b/package/network/services/hostapd/patches/380-disable_ctrl_iface_mib.patch index 12689eab57..cd050fc0c9 100644 --- a/package/network/services/hostapd/patches/380-disable_ctrl_iface_mib.patch +++ b/package/network/services/hostapd/patches/380-disable_ctrl_iface_mib.patch @@ -163,7 +163,7 @@ { --- a/src/rsn_supp/wpa.c +++ b/src/rsn_supp/wpa.c -@@ -2295,6 +2295,8 @@ static u32 wpa_key_mgmt_suite(struct wpa +@@ -2306,6 +2306,8 @@ static u32 wpa_key_mgmt_suite(struct wpa } @@ -172,7 +172,7 @@ #define RSN_SUITE "%02x-%02x-%02x-%d" #define RSN_SUITE_ARG(s) \ ((s) >> 24) & 0xff, ((s) >> 16) & 0xff, ((s) >> 8) & 0xff, (s) & 0xff -@@ -2378,6 +2380,7 @@ int wpa_sm_get_mib(struct wpa_sm *sm, ch +@@ -2389,6 +2391,7 @@ int wpa_sm_get_mib(struct wpa_sm *sm, ch return (int) len; } diff --git a/package/network/services/hostapd/patches/381-hostapd_cli_UNKNOWN-COMMAND.patch b/package/network/services/hostapd/patches/381-hostapd_cli_UNKNOWN-COMMAND.patch index 81e6588e72..7bac937373 100644 --- a/package/network/services/hostapd/patches/381-hostapd_cli_UNKNOWN-COMMAND.patch +++ b/package/network/services/hostapd/patches/381-hostapd_cli_UNKNOWN-COMMAND.patch @@ -1,6 +1,6 @@ --- a/hostapd/hostapd_cli.c +++ b/hostapd/hostapd_cli.c -@@ -743,7 +743,7 @@ static int wpa_ctrl_command_sta(struct wpa_ctrl *ctrl, const char *cmd, +@@ -743,7 +743,7 @@ static int wpa_ctrl_command_sta(struct w } buf[len] = '\0'; @@ -9,5 +9,3 @@ return -1; if (print) printf("%s", buf); --- -2.11.0 diff --git a/package/network/services/hostapd/patches/700-fix-openssl11.patch b/package/network/services/hostapd/patches/700-fix-openssl11.patch index 918cab0899..86343c150b 100644 --- a/package/network/services/hostapd/patches/700-fix-openssl11.patch +++ b/package/network/services/hostapd/patches/700-fix-openssl11.patch @@ -11,11 +11,9 @@ Signed-off-by: Rosen Penev src/crypto/tls_openssl.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) -diff --git a/src/crypto/tls_openssl.c b/src/crypto/tls_openssl.c -index b4bfc9b73..79ac909d0 100644 --- a/src/crypto/tls_openssl.c +++ b/src/crypto/tls_openssl.c -@@ -1024,8 +1024,10 @@ void * tls_init(const struct tls_config *conf) +@@ -1024,8 +1024,10 @@ void * tls_init(const struct tls_config #ifndef OPENSSL_NO_ENGINE wpa_printf(MSG_DEBUG, "ENGINE: Loading dynamic engine"); @@ -26,7 +24,7 @@ index b4bfc9b73..79ac909d0 100644 if (conf && (conf->opensc_engine_path || conf->pkcs11_engine_path || -@@ -3874,7 +3876,7 @@ struct wpabuf * tls_connection_decrypt(void *tls_ctx, +@@ -3874,7 +3876,7 @@ struct wpabuf * tls_connection_decrypt(v int tls_connection_resumed(void *ssl_ctx, struct tls_connection *conn) { @@ -35,6 +33,3 @@ index b4bfc9b73..79ac909d0 100644 } --- -2.17.1 - From patchwork Fri Oct 5 21:49:27 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Hauke Mehrtens X-Patchwork-Id: 979811 X-Patchwork-Delegate: blogic@openwrt.org Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (mailfrom) smtp.mailfrom=lists.openwrt.org (client-ip=2607:7c80:54:e::133; helo=bombadil.infradead.org; envelope-from=openwrt-devel-bounces+incoming=patchwork.ozlabs.org@lists.openwrt.org; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=hauke-m.de Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=lists.infradead.org header.i=@lists.infradead.org header.b="D52NeU20"; dkim-atps=neutral Received: from bombadil.infradead.org (bombadil.infradead.org [IPv6:2607:7c80:54:e::133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 42RkLk3G31z9s1c for ; Sat, 6 Oct 2018 08:04:30 +1000 (AEST) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20170209; h=Sender: Content-Transfer-Encoding:Content-Type:MIME-Version:Cc:List-Subscribe: List-Help:List-Post:List-Archive:List-Unsubscribe:List-Id:Subject:References: In-Reply-To:Message-Id:Date:To:From:Reply-To:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: List-Owner; bh=dvQUzPCRWkVI6TiVjOl0SNhNXeywNAYNvecC+565GJs=; b=D52NeU20QUKD5G NqCFAaSa0yRYl9Dv0m5bTnsZHe7nAby2bMqj7Cr/sstT5EHers68wsyqyvNqZiHiemV4VvQxZiX9a WR1H8QAS7NcCCuHBv5O+COTl/9+HMvNeop3mesJC1DBNxSMYd1srsaQ2LLlyK5cc0lNYjRnFOGT6+ gLHKkunu7fjS+4+mA/aGqOy3uAeXiAYYYZuFVsH9GmuGMM0SeZ35PPNIz5dvm/jOF5iNno1S2InvH PKq2qtP+WGDuknpTjcAZ8HB2iFzYp7iMa/vbpZ9NAmrknUQ19FgDNDSvMc0aGH8n5XWRP7v9gkVRf 15jZNYn40kztKQEOUnJQ==; Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.90_1 #2 (Red Hat Linux)) id 1g8YCs-0008Rn-9z; Fri, 05 Oct 2018 22:04:22 +0000 Received: from mx1.mailbox.org ([80.241.60.212]) by bombadil.infradead.org with esmtps (Exim 4.90_1 #2 (Red Hat Linux)) id 1g8Y9R-0006wX-Hg for openwrt-devel@lists.openwrt.org; Fri, 05 Oct 2018 22:01:41 +0000 Received: from smtp2.mailbox.org (smtp2.mailbox.org [80.241.60.241]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx1.mailbox.org (Postfix) with ESMTPS id B1BE549348; Fri, 5 Oct 2018 23:49:43 +0200 (CEST) X-Virus-Scanned: amavisd-new at heinlein-support.de Received: from smtp2.mailbox.org ([80.241.60.241]) by gerste.heinlein-support.de (gerste.heinlein-support.de [91.198.250.173]) (amavisd-new, port 10030) with ESMTP id WMWiaeY3FjkG; Fri, 5 Oct 2018 23:49:42 +0200 (CEST) From: Hauke Mehrtens To: openwrt-devel@lists.openwrt.org Date: Fri, 5 Oct 2018 23:49:27 +0200 Message-Id: <20181005214930.23763-4-hauke@hauke-m.de> In-Reply-To: <20181005214930.23763-1-hauke@hauke-m.de> References: <20181005214930.23763-1-hauke@hauke-m.de> X-Bad-Reply: References and In-Reply-To but no 'Re:' in Subject. X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20181005_150049_930925_C748B84F X-CRM114-Status: GOOD ( 14.62 ) X-Spam-Score: -0.7 (/) X-Spam-Report: SpamAssassin version 3.4.1 on bombadil.infradead.org summary: Content analysis details: (-0.7 points) pts rule name description ---- ---------------------- -------------------------------------------------- -0.7 RCVD_IN_DNSWL_LOW RBL: Sender listed at http://www.dnswl.org/, low trust [80.241.60.212 listed in list.dnswl.org] -0.0 SPF_PASS SPF: sender matches SPF record Subject: [OpenWrt-Devel] [RFC 3/6] hostapd: Activate Simultaneous Authentication of Equals (SAE) X-BeenThere: openwrt-devel@lists.openwrt.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Hauke Mehrtens MIME-Version: 1.0 Sender: "openwrt-devel" Errors-To: openwrt-devel-bounces+incoming=patchwork.ozlabs.org@lists.openwrt.org This build the full openssl and wolfssl versions with SAE support which is the main part of WPA3 PSK. This needs elliptic curve cryptography which is only provided by these two external cryptographic libraries and not by the internal implementation. The WPA3_Specification_v1.0.pdf file says that in SAE only mode Protected Management Frames (PMF) is required, in mixed mode with WPA2-PSK PMF should be required for clients using SAE, and optional for clients using WPA2-PSK. The defaults are set now accordingly. Signed-off-by: Hauke Mehrtens --- package/network/services/hostapd/Makefile | 4 +-- package/network/services/hostapd/files/hostapd.sh | 43 +++++++++++++++++++---- 2 files changed, 38 insertions(+), 9 deletions(-) diff --git a/package/network/services/hostapd/Makefile b/package/network/services/hostapd/Makefile index a5c5379738..3f9b776f55 100644 --- a/package/network/services/hostapd/Makefile +++ b/package/network/services/hostapd/Makefile @@ -97,11 +97,11 @@ endif ifeq ($(LOCAL_VARIANT),full) ifeq ($(SSL_VARIANT),openssl) - DRIVER_MAKEOPTS += CONFIG_TLS=openssl + DRIVER_MAKEOPTS += CONFIG_TLS=openssl CONFIG_SAE=y TARGET_LDFLAGS += -lcrypto -lssl endif ifeq ($(SSL_VARIANT),wolfssl) - DRIVER_MAKEOPTS += CONFIG_TLS=wolfssl CONFIG_WPS_NFC=1 + DRIVER_MAKEOPTS += CONFIG_TLS=wolfssl CONFIG_WPS_NFC=1 CONFIG_SAE=y TARGET_LDFLAGS += -lwolfssl endif endif diff --git a/package/network/services/hostapd/files/hostapd.sh b/package/network/services/hostapd/files/hostapd.sh index 7ffff4e7e1..c9882701fa 100644 --- a/package/network/services/hostapd/files/hostapd.sh +++ b/package/network/services/hostapd/files/hostapd.sh @@ -37,11 +37,26 @@ hostapd_append_wep_key() { } hostapd_append_wpa_key_mgmt() { - local auth_type="$(echo $auth_type | tr 'a-z' 'A-Z')" + local auth_type_l="$(echo $auth_type | tr 'a-z' 'A-Z')" - append wpa_key_mgmt "WPA-$auth_type" - [ "${ieee80211r:-0}" -gt 0 ] && append wpa_key_mgmt "FT-${auth_type}" - [ "${ieee80211w:-0}" -gt 0 ] && append wpa_key_mgmt "WPA-${auth_type}-SHA256" + case "$auth_type" in + psk|eap) + append wpa_key_mgmt "WPA-$auth_type_l" + [ "${ieee80211r:-0}" -gt 0 ] && append wpa_key_mgmt "FT-${auth_type_l}" + [ "${ieee80211w:-0}" -gt 0 ] && append wpa_key_mgmt "WPA-${auth_type_l}-SHA256" + ;; + sae) + append wpa_key_mgmt "SAE" + [ "${ieee80211r:-0}" -gt 0 ] && append wpa_key_mgmt "FT-SAE" + ;; + psk-sae) + append wpa_key_mgmt "WPA-PSK" + [ "${ieee80211r:-0}" -gt 0 ] && append wpa_key_mgmt "FT-PSK" + [ "${ieee80211w:-0}" -gt 0 ] && append wpa_key_mgmt "WPA-PSK-SHA256" + append wpa_key_mgmt "SAE" + [ "${ieee80211r:-0}" -gt 0 ] && append wpa_key_mgmt "FT-SAE" + ;; + esac } hostapd_add_log_config() { @@ -209,6 +224,8 @@ hostapd_common_add_bss_config() { config_add_int mcast_rate config_add_array basic_rate config_add_array supported_rates + + config_add_boolean sae_require_mfp } hostapd_set_bss_options() { @@ -230,7 +247,7 @@ hostapd_set_bss_options() { macfilter ssid wmm uapsd hidden short_preamble rsn_preauth \ iapp_interface eapol_version dynamic_vlan ieee80211w nasid \ acct_server acct_secret acct_port acct_interval \ - bss_load_update_period chan_util_avg_period + bss_load_update_period chan_util_avg_period sae_require_mfp set_default isolate 0 set_default maxassoc 0 @@ -284,6 +301,18 @@ hostapd_set_bss_options() { append bss_conf "radius_acct_interim_interval=$acct_interval" "$N" } + case "$auth_type" in + sae) + set_default ieee80211w 2 + set_default sae_require_mfp 1 + ;; + psk-sae) + set_default ieee80211w 1 + set_default sae_require_mfp 1 + ;; + esac + [ -n "$sae_require_mfp" ] && append bss_conf "sae_require_mfp=$sae_require_mfp" "$N" + local vlan_possible="" case "$auth_type" in @@ -293,7 +322,7 @@ hostapd_set_bss_options() { # with WPS enabled, we got to be in unconfigured state. wps_not_configured=1 ;; - psk) + psk|sae|psk-sae) json_get_vars key wpa_psk_file if [ ${#key} -lt 8 ]; then wireless_setup_vif_failed INVALID_WPA_PSK @@ -709,7 +738,7 @@ wpa_supplicant_add_network() { hostapd_append_wep_key network_data append network_data "wep_tx_keyidx=$wep_keyidx" "$N$T" ;; - psk) + psk|sae|psk-sae) local passphrase if [ "$_w_mode" != "mesh" ]; then From patchwork Fri Oct 5 21:49:28 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Hauke Mehrtens X-Patchwork-Id: 979809 X-Patchwork-Delegate: blogic@openwrt.org Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (mailfrom) smtp.mailfrom=lists.openwrt.org (client-ip=2607:7c80:54:e::133; helo=bombadil.infradead.org; envelope-from=openwrt-devel-bounces+incoming=patchwork.ozlabs.org@lists.openwrt.org; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=hauke-m.de Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=lists.infradead.org header.i=@lists.infradead.org header.b="BRSns5T3"; dkim-atps=neutral Received: from bombadil.infradead.org (bombadil.infradead.org [IPv6:2607:7c80:54:e::133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 42RkKH2SwMz9s5c for ; Sat, 6 Oct 2018 08:03:15 +1000 (AEST) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20170209; h=Sender: Content-Transfer-Encoding:Content-Type:MIME-Version:Cc:List-Subscribe: List-Help:List-Post:List-Archive:List-Unsubscribe:List-Id:Subject:References: In-Reply-To:Message-Id:Date:To:From:Reply-To:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: List-Owner; bh=p9wEpfisG4kUgAPltijr6guzfV+cBmgFHHFCIbav/Xc=; b=BRSns5T3phmEet da3lh+xO9cucSN2x5VV0+W1e/xtsXZ7OkseHBg4bBBgthBFWZ99FMMKQLpcLu7n5HZY00EKcK9yz5 eTktEla7Fz8YdQoQhHys3G9+PPoMl2+gp4EZY+Jt8h0ODr0pBYjrVsE1dVjq/a9keVfFXtgfShixt 5nHE+NNhY5y2BO72LlDvyIF5x0KqVLKQuJOQuUet5/X0tC5oeNcka0byKsmPpDYSCrz5XQf8ZVmI3 32FE5kzTXj6BqH8VDDdWJuGE9mmWMbZ7pqB3AS3mUfi/ICO4w8YTlLlbN6iYvPDBGoeG7bLia/GfC LtFDzJILjAWnhGJw5f1w==; Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.90_1 #2 (Red Hat Linux)) id 1g8YBe-0007wG-Oz; Fri, 05 Oct 2018 22:03:06 +0000 Received: from mx1.mailbox.org ([80.241.60.212]) by bombadil.infradead.org with esmtps (Exim 4.90_1 #2 (Red Hat Linux)) id 1g8Y9F-0006to-Gc for openwrt-devel@lists.openwrt.org; Fri, 05 Oct 2018 22:00:47 +0000 Received: from smtp2.mailbox.org (unknown [IPv6:2001:67c:2050:105:465:1:2:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx1.mailbox.org (Postfix) with ESMTPS id 4287D4931A; Fri, 5 Oct 2018 23:49:43 +0200 (CEST) X-Virus-Scanned: amavisd-new at heinlein-support.de Received: from smtp2.mailbox.org ([80.241.60.241]) by spamfilter01.heinlein-hosting.de (spamfilter01.heinlein-hosting.de [80.241.56.115]) (amavisd-new, port 10030) with ESMTP id cOyXnu2EbPq8; Fri, 5 Oct 2018 23:49:42 +0200 (CEST) From: Hauke Mehrtens To: openwrt-devel@lists.openwrt.org Date: Fri, 5 Oct 2018 23:49:28 +0200 Message-Id: <20181005214930.23763-5-hauke@hauke-m.de> In-Reply-To: <20181005214930.23763-1-hauke@hauke-m.de> References: <20181005214930.23763-1-hauke@hauke-m.de> X-Bad-Reply: References and In-Reply-To but no 'Re:' in Subject. X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20181005_150037_745214_CC91FFEC X-CRM114-Status: GOOD ( 13.85 ) X-Spam-Score: -0.7 (/) X-Spam-Report: SpamAssassin version 3.4.1 on bombadil.infradead.org summary: Content analysis details: (-0.7 points) pts rule name description ---- ---------------------- -------------------------------------------------- -0.7 RCVD_IN_DNSWL_LOW RBL: Sender listed at http://www.dnswl.org/, low trust [80.241.60.212 listed in list.dnswl.org] -0.0 SPF_PASS SPF: sender matches SPF record Subject: [OpenWrt-Devel] [RFC 4/6] hostapd: Activate Opportunistic Wireless Encryption (OWE) X-BeenThere: openwrt-devel@lists.openwrt.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Hauke Mehrtens MIME-Version: 1.0 Sender: "openwrt-devel" Errors-To: openwrt-devel-bounces+incoming=patchwork.ozlabs.org@lists.openwrt.org OWE is defined in RFC 8110 and provides encryption and forward security for open networks. Signed-off-by: Hauke Mehrtens --- package/network/services/hostapd/Makefile | 4 ++-- package/network/services/hostapd/files/hostapd.sh | 8 +++++++- 2 files changed, 9 insertions(+), 3 deletions(-) diff --git a/package/network/services/hostapd/Makefile b/package/network/services/hostapd/Makefile index 3f9b776f55..06cf0469ef 100644 --- a/package/network/services/hostapd/Makefile +++ b/package/network/services/hostapd/Makefile @@ -97,11 +97,11 @@ endif ifeq ($(LOCAL_VARIANT),full) ifeq ($(SSL_VARIANT),openssl) - DRIVER_MAKEOPTS += CONFIG_TLS=openssl CONFIG_SAE=y + DRIVER_MAKEOPTS += CONFIG_TLS=openssl CONFIG_SAE=y CONFIG_OWE=y TARGET_LDFLAGS += -lcrypto -lssl endif ifeq ($(SSL_VARIANT),wolfssl) - DRIVER_MAKEOPTS += CONFIG_TLS=wolfssl CONFIG_WPS_NFC=1 CONFIG_SAE=y + DRIVER_MAKEOPTS += CONFIG_TLS=wolfssl CONFIG_WPS_NFC=1 CONFIG_SAE=y CONFIG_OWE=y TARGET_LDFLAGS += -lwolfssl endif endif diff --git a/package/network/services/hostapd/files/hostapd.sh b/package/network/services/hostapd/files/hostapd.sh index c9882701fa..ae03f2d380 100644 --- a/package/network/services/hostapd/files/hostapd.sh +++ b/package/network/services/hostapd/files/hostapd.sh @@ -56,6 +56,9 @@ hostapd_append_wpa_key_mgmt() { append wpa_key_mgmt "SAE" [ "${ieee80211r:-0}" -gt 0 ] && append wpa_key_mgmt "FT-SAE" ;; + owe) + append wpa_key_mgmt "OWE" + ;; esac } @@ -316,7 +319,7 @@ hostapd_set_bss_options() { local vlan_possible="" case "$auth_type" in - none) + none|owe) wps_possible=1 # Here we make the assumption that if we're in open mode # with WPS enabled, we got to be in unconfigured state. @@ -733,6 +736,9 @@ wpa_supplicant_add_network() { case "$auth_type" in none) ;; + owe) + hostapd_append_wpa_key_mgmt + ;; wep) local wep_keyidx=0 hostapd_append_wep_key network_data From patchwork Fri Oct 5 21:49:29 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Hauke Mehrtens X-Patchwork-Id: 979810 X-Patchwork-Delegate: blogic@openwrt.org Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (mailfrom) smtp.mailfrom=lists.openwrt.org (client-ip=2607:7c80:54:e::133; helo=bombadil.infradead.org; envelope-from=openwrt-devel-bounces+incoming=patchwork.ozlabs.org@lists.openwrt.org; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=hauke-m.de Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=lists.infradead.org header.i=@lists.infradead.org header.b="tc3LZDZ6"; dkim-atps=neutral Received: from bombadil.infradead.org (bombadil.infradead.org [IPv6:2607:7c80:54:e::133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 42RkL12FtTz9s1c for ; Sat, 6 Oct 2018 08:03:53 +1000 (AEST) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20170209; h=Sender: Content-Transfer-Encoding:Content-Type:MIME-Version:Cc:List-Subscribe: List-Help:List-Post:List-Archive:List-Unsubscribe:List-Id:Subject:References: In-Reply-To:Message-Id:Date:To:From:Reply-To:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: List-Owner; bh=FfjAF6OebHQx4Z8L/Xe8fsjnnkM+LFaOKovU7EZlr38=; b=tc3LZDZ6W9gNJd nFHqQHKzKxNlk/wqsQZZZw7MYK3eVJGPvBIuuzIvCBMkflPTWPiXtrdvEzdSJqDe/Z5IdhB/ER0oM iCMkHwz0wLH691jcLkTH5u+o/vuDcA9AKaySWYRXRbdiOR3qG/c/2uSgnMm30rqFogRm7POW9vKVV jxJ+dIBe+bG0s0gB5DJQat3QzlsRXrk78UCm6K3Tqvh8OQPVuxgWBKKLLqZSs3QNBPOTPNeK7tRVu LACM1AqsqDOOyP1qudiA83y+vGDLSVPpQ5QR00sbYQp81NFLJn3Psen0mD39rf3PJ6kcp+e6ebQkt PwSk/vJUmJTJNwC2HKGQ==; Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.90_1 #2 (Red Hat Linux)) id 1g8YCG-0008CS-Ok; Fri, 05 Oct 2018 22:03:44 +0000 Received: from mx1.mailbox.org ([80.241.60.212]) by bombadil.infradead.org with esmtps (Exim 4.90_1 #2 (Red Hat Linux)) id 1g8Y9R-0006vB-Hf for openwrt-devel@lists.openwrt.org; Fri, 05 Oct 2018 22:01:25 +0000 Received: from smtp2.mailbox.org (smtp2.mailbox.org [80.241.60.241]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx1.mailbox.org (Postfix) with ESMTPS id 9EFEB4931D; Fri, 5 Oct 2018 23:49:43 +0200 (CEST) X-Virus-Scanned: amavisd-new at heinlein-support.de Received: from smtp2.mailbox.org ([80.241.60.241]) by spamfilter03.heinlein-hosting.de (spamfilter03.heinlein-hosting.de [80.241.56.117]) (amavisd-new, port 10030) with ESMTP id 6k89WC27H4NX; Fri, 5 Oct 2018 23:49:42 +0200 (CEST) From: Hauke Mehrtens To: openwrt-devel@lists.openwrt.org Date: Fri, 5 Oct 2018 23:49:29 +0200 Message-Id: <20181005214930.23763-6-hauke@hauke-m.de> In-Reply-To: <20181005214930.23763-1-hauke@hauke-m.de> References: <20181005214930.23763-1-hauke@hauke-m.de> X-Bad-Reply: References and In-Reply-To but no 'Re:' in Subject. X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20181005_150049_775225_CB117AEB X-CRM114-Status: GOOD ( 13.16 ) X-Spam-Score: -0.7 (/) X-Spam-Report: SpamAssassin version 3.4.1 on bombadil.infradead.org summary: Content analysis details: (-0.7 points) pts rule name description ---- ---------------------- -------------------------------------------------- -0.7 RCVD_IN_DNSWL_LOW RBL: Sender listed at http://www.dnswl.org/, low trust [80.241.60.212 listed in list.dnswl.org] -0.0 SPF_PASS SPF: sender matches SPF record Subject: [OpenWrt-Devel] [RFC 5/6] netifd: Add support for wireless SAE authentication X-BeenThere: openwrt-devel@lists.openwrt.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Hauke Mehrtens MIME-Version: 1.0 Sender: "openwrt-devel" Errors-To: openwrt-devel-bounces+incoming=patchwork.ozlabs.org@lists.openwrt.org Signed-off-by: Hauke Mehrtens --- .../config/netifd/patches/001-wireless-sae.patch | 26 ++++++++++++++++++++++ 1 file changed, 26 insertions(+) create mode 100644 package/network/config/netifd/patches/001-wireless-sae.patch diff --git a/package/network/config/netifd/patches/001-wireless-sae.patch b/package/network/config/netifd/patches/001-wireless-sae.patch new file mode 100644 index 0000000000..e707bfbb21 --- /dev/null +++ b/package/network/config/netifd/patches/001-wireless-sae.patch @@ -0,0 +1,26 @@ +diff --git a/scripts/netifd-wireless.sh b/scripts/netifd-wireless.sh +index fc077f2..396ef71 100644 +--- a/scripts/netifd-wireless.sh ++++ b/scripts/netifd-wireless.sh +@@ -211,7 +211,7 @@ wireless_vif_parse_encryption() { + # wpa2/tkip+aes => WPA2 RADIUS, CCMP+TKIP + + case "$encryption" in +- wpa2*|*psk2*) ++ wpa2*|*psk2*|psk3*|sae*) + wpa=2 + ;; + wpa*mixed*|*psk*mixed*) +@@ -228,6 +228,12 @@ wireless_vif_parse_encryption() { + wpa_pairwise="$wpa_cipher" + + case "$encryption" in ++ psk3-mixed*|sae-mixed*) ++ auth_type=psk-sae ++ ;; ++ psk3*|sae*) ++ auth_type=sae ++ ;; + *psk*) + auth_type=psk + ;; From patchwork Fri Oct 5 21:49:30 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Hauke Mehrtens X-Patchwork-Id: 979808 X-Patchwork-Delegate: blogic@openwrt.org Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (mailfrom) smtp.mailfrom=lists.openwrt.org (client-ip=2607:7c80:54:e::133; helo=bombadil.infradead.org; envelope-from=openwrt-devel-bounces+incoming=patchwork.ozlabs.org@lists.openwrt.org; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=hauke-m.de Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=lists.infradead.org header.i=@lists.infradead.org header.b="Ay7xBEcj"; dkim-atps=neutral Received: from bombadil.infradead.org (bombadil.infradead.org [IPv6:2607:7c80:54:e::133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 42RkJC2rm6z9s4V for ; Sat, 6 Oct 2018 08:02:19 +1000 (AEST) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20170209; h=Sender: Content-Transfer-Encoding:Content-Type:MIME-Version:Cc:List-Subscribe: List-Help:List-Post:List-Archive:List-Unsubscribe:List-Id:Subject:References: In-Reply-To:Message-Id:Date:To:From:Reply-To:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: List-Owner; bh=8HQH5TnQMVxnz3vl9yaNeid/n2jlK7L2TV/DSQ4f66o=; b=Ay7xBEcjJV2+XA qUEmPKcznLZ3U4NntHuy9/TElhmhkjAgmBbo7/Uq7guSFWK6hyY2xtHa4lmAruZJeTk4HqiQ1mq3O bWl9kmyl3gipFHA5zL0t2VMHXM3K2T4lyIy/79DZVQarKy1nHz2xlvivpT1d68fMNzp8ghtPAzZCU /ONDf8P/PlSjpSdj7MKiGjdWpmzNfYrXPjZR7XamQ54cFuDsBdaGTWQNukEw+TFlGeMCJ5LsVBaY+ Ay3umhyHUd3tHduGQ22c2luP+wdo8Te72AUWzTZYrxDL2blPFyQQPLTnbkT5RzYbcbZoMnOf8DkDM 2+hOMftwV4+2178MT95g==; Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.90_1 #2 (Red Hat Linux)) id 1g8YAk-0007WV-ET; Fri, 05 Oct 2018 22:02:10 +0000 Received: from mx1.mailbox.org ([80.241.60.212]) by bombadil.infradead.org with esmtps (Exim 4.90_1 #2 (Red Hat Linux)) id 1g8Y9F-0006pa-GP for openwrt-devel@lists.openwrt.org; Fri, 05 Oct 2018 22:00:44 +0000 Received: from smtp2.mailbox.org (smtp2.mailbox.org [80.241.60.241]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx1.mailbox.org (Postfix) with ESMTPS id 08DEB4930A; Fri, 5 Oct 2018 23:49:44 +0200 (CEST) X-Virus-Scanned: amavisd-new at heinlein-support.de Received: from smtp2.mailbox.org ([80.241.60.241]) by hefe.heinlein-support.de (hefe.heinlein-support.de [91.198.250.172]) (amavisd-new, port 10030) with ESMTP id HZUjoL9BqtFE; Fri, 5 Oct 2018 23:49:43 +0200 (CEST) From: Hauke Mehrtens To: openwrt-devel@lists.openwrt.org Date: Fri, 5 Oct 2018 23:49:30 +0200 Message-Id: <20181005214930.23763-7-hauke@hauke-m.de> In-Reply-To: <20181005214930.23763-1-hauke@hauke-m.de> References: <20181005214930.23763-1-hauke@hauke-m.de> X-Bad-Reply: References and In-Reply-To but no 'Re:' in Subject. X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20181005_150037_756004_79E16BA4 X-CRM114-Status: GOOD ( 13.16 ) X-Spam-Score: -0.7 (/) X-Spam-Report: SpamAssassin version 3.4.1 on bombadil.infradead.org summary: Content analysis details: (-0.7 points) pts rule name description ---- ---------------------- -------------------------------------------------- -0.7 RCVD_IN_DNSWL_LOW RBL: Sender listed at http://www.dnswl.org/, low trust [80.241.60.212 listed in list.dnswl.org] -0.0 SPF_PASS SPF: sender matches SPF record Subject: [OpenWrt-Devel] [RFC 6/6] netifd: Add support for wireless OWE authentication X-BeenThere: openwrt-devel@lists.openwrt.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Hauke Mehrtens MIME-Version: 1.0 Sender: "openwrt-devel" Errors-To: openwrt-devel-bounces+incoming=patchwork.ozlabs.org@lists.openwrt.org Signed-off-by: Hauke Mehrtens --- .../config/netifd/patches/002-wireless-owe.patch | 23 ++++++++++++++++++++++ 1 file changed, 23 insertions(+) create mode 100644 package/network/config/netifd/patches/002-wireless-owe.patch diff --git a/package/network/config/netifd/patches/002-wireless-owe.patch b/package/network/config/netifd/patches/002-wireless-owe.patch new file mode 100644 index 0000000000..c8ca7d420b --- /dev/null +++ b/package/network/config/netifd/patches/002-wireless-owe.patch @@ -0,0 +1,23 @@ +diff --git a/scripts/netifd-wireless.sh b/scripts/netifd-wireless.sh +index 396ef71..52641c7 100644 +--- a/scripts/netifd-wireless.sh ++++ b/scripts/netifd-wireless.sh +@@ -211,7 +211,7 @@ wireless_vif_parse_encryption() { + # wpa2/tkip+aes => WPA2 RADIUS, CCMP+TKIP + + case "$encryption" in +- wpa2*|*psk2*|psk3*|sae*) ++ wpa2*|*psk2*|psk3*|sae*|owe*) + wpa=2 + ;; + wpa*mixed*|*psk*mixed*) +@@ -228,6 +228,9 @@ wireless_vif_parse_encryption() { + wpa_pairwise="$wpa_cipher" + + case "$encryption" in ++ owe*) ++ auth_type=owe ++ ;; + psk3-mixed*|sae-mixed*) + auth_type=psk-sae + ;;