From patchwork Fri Oct 12 20:36:59 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Hauke Mehrtens X-Patchwork-Id: 983295 X-Patchwork-Delegate: hauke@hauke-m.de Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (mailfrom) smtp.mailfrom=lists.openwrt.org (client-ip=2607:7c80:54:e::133; helo=bombadil.infradead.org; envelope-from=openwrt-devel-bounces+incoming=patchwork.ozlabs.org@lists.openwrt.org; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=hauke-m.de Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=lists.infradead.org header.i=@lists.infradead.org header.b="tEyiOnfc"; dkim-atps=neutral Received: from bombadil.infradead.org (bombadil.infradead.org [IPv6:2607:7c80:54:e::133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 42X08y57vQz9s3Z for ; Sat, 13 Oct 2018 07:40:50 +1100 (AEDT) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20170209; h=Sender: Content-Transfer-Encoding:Content-Type:MIME-Version:Cc:List-Subscribe: List-Help:List-Post:List-Archive:List-Unsubscribe:List-Id:Subject:References: In-Reply-To:Message-Id:Date:To:From:Reply-To:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: List-Owner; bh=OPz9YUOTEZIOsJ3ZQS8qu9K0R4hBJeknGCnCW5Ph9GY=; b=tEyiOnfcv2/deP 6AKU6vZNT5l/WRwla5Ek9vNz9GC8fXo4jqTmwEuQTwvU4KEap0lSksvnS+EEVkm+N+wyh+fiVyGOq 3AtIAs2Yir6MzcFWy4usAESabTpTQWrNHOtcIi6I6kEUUKcTuAa2irxtePXXz1WoQ2vVhhIV4ajcG BQ1G3leyVqSwU7vxn56rk1VI6UlWUpXiWfyr7ZNKSGALBcalC4NQM4PwGrtH/oDas2IhBlHLnh/Rf PCIzFoJdKTmK3vZXp+OeLwBzmDSuxTRaKuWqUYFUw8JXWQRFx9l28idzM1kys94sV0WOQN5J0ao7b DCciz+HMHVNYyNid2S5w==; Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.90_1 #2 (Red Hat Linux)) id 1gB4Ek-0003je-Bm; Fri, 12 Oct 2018 20:40:42 +0000 Received: from mx1.mailbox.org ([2001:67c:2050:104:0:1:25:1]) by bombadil.infradead.org with esmtps (Exim 4.90_1 #2 (Red Hat Linux)) id 1gB4Bp-00010R-LC for openwrt-devel@lists.openwrt.org; Fri, 12 Oct 2018 20:37:47 +0000 Received: from smtp2.mailbox.org (smtp2.mailbox.org [80.241.60.241]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx1.mailbox.org (Postfix) with ESMTPS id 9F5864AF11; Fri, 12 Oct 2018 22:37:27 +0200 (CEST) X-Virus-Scanned: amavisd-new at heinlein-support.de Received: from smtp2.mailbox.org ([80.241.60.241]) by spamfilter02.heinlein-hosting.de (spamfilter02.heinlein-hosting.de [80.241.56.116]) (amavisd-new, port 10030) with ESMTP id cgN6Gj5hf7Gq; Fri, 12 Oct 2018 22:37:26 +0200 (CEST) From: Hauke Mehrtens To: openwrt-devel@lists.openwrt.org Date: Fri, 12 Oct 2018 22:36:59 +0200 Message-Id: <20181012203707.14716-2-hauke@hauke-m.de> In-Reply-To: <20181012203707.14716-1-hauke@hauke-m.de> References: <20181012203707.14716-1-hauke@hauke-m.de> X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20181012_133742_031760_263A7C28 X-CRM114-Status: GOOD ( 12.29 ) X-Spam-Score: -0.0 (/) X-Spam-Report: SpamAssassin version 3.4.1 on bombadil.infradead.org summary: Content analysis details: (-0.0 points) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 SPF_PASS SPF: sender matches SPF record Subject: [OpenWrt-Devel] [PATCH 1/9] hostapd: sync config with default configuration X-BeenThere: openwrt-devel@lists.openwrt.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Hauke Mehrtens MIME-Version: 1.0 Sender: "openwrt-devel" Errors-To: openwrt-devel-bounces+incoming=patchwork.ozlabs.org@lists.openwrt.org Signed-off-by: Hauke Mehrtens --- .../services/hostapd/files/hostapd-full.config | 8 ++++---- .../services/hostapd/files/hostapd-mini.config | 8 ++++---- .../hostapd/files/wpa_supplicant-full.config | 20 +++++++++++--------- .../hostapd/files/wpa_supplicant-mini.config | 20 +++++++++++--------- .../services/hostapd/files/wpa_supplicant-p2p.config | 20 +++++++++++--------- 5 files changed, 41 insertions(+), 35 deletions(-) diff --git a/package/network/services/hostapd/files/hostapd-full.config b/package/network/services/hostapd/files/hostapd-full.config index 355a70b9e1..b4159c2d28 100644 --- a/package/network/services/hostapd/files/hostapd-full.config +++ b/package/network/services/hostapd/files/hostapd-full.config @@ -50,11 +50,7 @@ CONFIG_IAPP=y # WPA2/IEEE 802.11i RSN pre-authentication CONFIG_RSN_PREAUTH=y -# PeerKey handshake for Station to Station Link (IEEE 802.11e DLS) -CONFIG_PEERKEY=y - # IEEE 802.11w (management frame protection) -# Driver support is also needed for IEEE 802.11w. #CONFIG_IEEE80211W=y # Integrated EAP server @@ -374,6 +370,10 @@ CONFIG_TAXONOMY=y # Experimental implementation of draft-harkins-owe-07.txt #CONFIG_OWE=y +# Override default value for the wpa_disable_eapol_key_retries configuration +# parameter. See that parameter in hostapd.conf for more details. +#CFLAGS += -DDEFAULT_WPA_DISABLE_EAPOL_KEY_RETRIES=1 + # uBus IPC/RPC System # Services can connect to the bus and provide methods # that can be called by other services or clients. diff --git a/package/network/services/hostapd/files/hostapd-mini.config b/package/network/services/hostapd/files/hostapd-mini.config index 661983a94b..9057658c16 100644 --- a/package/network/services/hostapd/files/hostapd-mini.config +++ b/package/network/services/hostapd/files/hostapd-mini.config @@ -50,11 +50,7 @@ CONFIG_DRIVER_NL80211=y # WPA2/IEEE 802.11i RSN pre-authentication CONFIG_RSN_PREAUTH=y -# PeerKey handshake for Station to Station Link (IEEE 802.11e DLS) -CONFIG_PEERKEY=y - # IEEE 802.11w (management frame protection) -# Driver support is also needed for IEEE 802.11w. #CONFIG_IEEE80211W=y # Integrated EAP server @@ -374,6 +370,10 @@ CONFIG_TLS=internal # Experimental implementation of draft-harkins-owe-07.txt #CONFIG_OWE=y +# Override default value for the wpa_disable_eapol_key_retries configuration +# parameter. See that parameter in hostapd.conf for more details. +#CFLAGS += -DDEFAULT_WPA_DISABLE_EAPOL_KEY_RETRIES=1 + # uBus IPC/RPC System # Services can connect to the bus and provide methods # that can be called by other services or clients. diff --git a/package/network/services/hostapd/files/wpa_supplicant-full.config b/package/network/services/hostapd/files/wpa_supplicant-full.config index c22e1cca5d..55b31a345b 100644 --- a/package/network/services/hostapd/files/wpa_supplicant-full.config +++ b/package/network/services/hostapd/files/wpa_supplicant-full.config @@ -73,6 +73,12 @@ CONFIG_DRIVER_NL80211=y # Driver interface for wired Ethernet drivers CONFIG_DRIVER_WIRED=y +# Driver interface for MACsec capable Qualcomm Atheros drivers +#CONFIG_DRIVER_MACSEC_QCA=y + +# Driver interface for Linux MACsec drivers +#CONFIG_DRIVER_MACSEC_LINUX=y + # Driver interface for the Broadcom RoboSwitch family #CONFIG_DRIVER_ROBOSWITCH=y @@ -83,8 +89,8 @@ CONFIG_DRIVER_WIRED=y #LIBS += -lsocket -ldlpi -lnsl #LIBS_c += -lsocket -# Enable IEEE 802.1X Supplicant (automatically included if any EAP method is -# included) +# Enable IEEE 802.1X Supplicant (automatically included if any EAP method or +# MACsec is included) CONFIG_IEEE8021X_EAPOL=y # EAP-MD5 @@ -166,6 +172,9 @@ CONFIG_WPS=y # EAP-EKE #CONFIG_EAP_EKE=y +# MACsec +#CONFIG_MACSEC=y + # PKCS#12 (PFX) support (used to read private key and certificate file from # a file that usually has extension .p12 or .pfx) CONFIG_PKCS12=y @@ -288,9 +297,6 @@ CONFIG_BACKEND=file # bridge interfaces (commit 'bridge: respect RFC2863 operational state')'). #CONFIG_NO_LINUX_PACKET_SOCKET_WAR=y -# PeerKey handshake for Station to Station Link (IEEE 802.11e DLS) -CONFIG_PEERKEY=y - # IEEE 802.11w (management frame protection), also known as PMF # Driver support is also needed for IEEE 802.11w. #CONFIG_IEEE80211W=y @@ -378,10 +384,6 @@ CONFIG_INTERNAL_LIBTOMMATH_FAST=y # IEEE Std 802.11r-2008 (Fast BSS Transition) for station mode CONFIG_IEEE80211R=y -# IEEE Std 802.11r-2008 (Fast BSS Transition) for AP mode (implies -# CONFIG_IEEE80211R). -#CONFIG_IEEE80211R_AP=y - # Add support for writing debug log to a file (/tmp/wpa_supplicant-log-#.txt) #CONFIG_DEBUG_FILE=y diff --git a/package/network/services/hostapd/files/wpa_supplicant-mini.config b/package/network/services/hostapd/files/wpa_supplicant-mini.config index 3e088715c8..67c0b323af 100644 --- a/package/network/services/hostapd/files/wpa_supplicant-mini.config +++ b/package/network/services/hostapd/files/wpa_supplicant-mini.config @@ -73,6 +73,12 @@ CONFIG_DRIVER_NL80211=y # Driver interface for wired Ethernet drivers CONFIG_DRIVER_WIRED=y +# Driver interface for MACsec capable Qualcomm Atheros drivers +#CONFIG_DRIVER_MACSEC_QCA=y + +# Driver interface for Linux MACsec drivers +#CONFIG_DRIVER_MACSEC_LINUX=y + # Driver interface for the Broadcom RoboSwitch family #CONFIG_DRIVER_ROBOSWITCH=y @@ -83,8 +89,8 @@ CONFIG_DRIVER_WIRED=y #LIBS += -lsocket -ldlpi -lnsl #LIBS_c += -lsocket -# Enable IEEE 802.1X Supplicant (automatically included if any EAP method is -# included) +# Enable IEEE 802.1X Supplicant (automatically included if any EAP method or +# MACsec is included) #CONFIG_IEEE8021X_EAPOL=y # EAP-MD5 @@ -166,6 +172,9 @@ CONFIG_DRIVER_WIRED=y # EAP-EKE #CONFIG_EAP_EKE=y +# MACsec +#CONFIG_MACSEC=y + # PKCS#12 (PFX) support (used to read private key and certificate file from # a file that usually has extension .p12 or .pfx) #CONFIG_PKCS12=y @@ -288,9 +297,6 @@ CONFIG_BACKEND=file # bridge interfaces (commit 'bridge: respect RFC2863 operational state')'). #CONFIG_NO_LINUX_PACKET_SOCKET_WAR=y -# PeerKey handshake for Station to Station Link (IEEE 802.11e DLS) -#CONFIG_PEERKEY=y - # IEEE 802.11w (management frame protection), also known as PMF # Driver support is also needed for IEEE 802.11w. #CONFIG_IEEE80211W=y @@ -378,10 +384,6 @@ CONFIG_TLS=internal # IEEE Std 802.11r-2008 (Fast BSS Transition) for station mode #CONFIG_IEEE80211R=y -# IEEE Std 802.11r-2008 (Fast BSS Transition) for AP mode (implies -# CONFIG_IEEE80211R). -#CONFIG_IEEE80211R_AP=y - # Add support for writing debug log to a file (/tmp/wpa_supplicant-log-#.txt) #CONFIG_DEBUG_FILE=y diff --git a/package/network/services/hostapd/files/wpa_supplicant-p2p.config b/package/network/services/hostapd/files/wpa_supplicant-p2p.config index 420aebcf98..c1e85f0163 100644 --- a/package/network/services/hostapd/files/wpa_supplicant-p2p.config +++ b/package/network/services/hostapd/files/wpa_supplicant-p2p.config @@ -73,6 +73,12 @@ CONFIG_DRIVER_NL80211=y # Driver interface for wired Ethernet drivers CONFIG_DRIVER_WIRED=y +# Driver interface for MACsec capable Qualcomm Atheros drivers +#CONFIG_DRIVER_MACSEC_QCA=y + +# Driver interface for Linux MACsec drivers +#CONFIG_DRIVER_MACSEC_LINUX=y + # Driver interface for the Broadcom RoboSwitch family #CONFIG_DRIVER_ROBOSWITCH=y @@ -83,8 +89,8 @@ CONFIG_DRIVER_WIRED=y #LIBS += -lsocket -ldlpi -lnsl #LIBS_c += -lsocket -# Enable IEEE 802.1X Supplicant (automatically included if any EAP method is -# included) +# Enable IEEE 802.1X Supplicant (automatically included if any EAP method or +# MACsec is included) CONFIG_IEEE8021X_EAPOL=y # EAP-MD5 @@ -166,6 +172,9 @@ CONFIG_WPS=y # EAP-EKE #CONFIG_EAP_EKE=y +# MACsec +#CONFIG_MACSEC=y + # PKCS#12 (PFX) support (used to read private key and certificate file from # a file that usually has extension .p12 or .pfx) CONFIG_PKCS12=y @@ -288,9 +297,6 @@ CONFIG_BACKEND=file # bridge interfaces (commit 'bridge: respect RFC2863 operational state')'). #CONFIG_NO_LINUX_PACKET_SOCKET_WAR=y -# PeerKey handshake for Station to Station Link (IEEE 802.11e DLS) -CONFIG_PEERKEY=y - # IEEE 802.11w (management frame protection), also known as PMF # Driver support is also needed for IEEE 802.11w. CONFIG_IEEE80211W=y @@ -378,10 +384,6 @@ CONFIG_INTERNAL_LIBTOMMATH_FAST=y # IEEE Std 802.11r-2008 (Fast BSS Transition) for station mode #CONFIG_IEEE80211R=y -# IEEE Std 802.11r-2008 (Fast BSS Transition) for AP mode (implies -# CONFIG_IEEE80211R). -#CONFIG_IEEE80211R_AP=y - # Add support for writing debug log to a file (/tmp/wpa_supplicant-log-#.txt) #CONFIG_DEBUG_FILE=y From patchwork Fri Oct 12 20:37:00 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Hauke Mehrtens X-Patchwork-Id: 983290 X-Patchwork-Delegate: hauke@hauke-m.de Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (mailfrom) smtp.mailfrom=lists.openwrt.org (client-ip=2607:7c80:54:e::133; helo=bombadil.infradead.org; envelope-from=openwrt-devel-bounces+incoming=patchwork.ozlabs.org@lists.openwrt.org; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=hauke-m.de Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=lists.infradead.org header.i=@lists.infradead.org header.b="AGAC8dvt"; dkim-atps=neutral Received: from bombadil.infradead.org (bombadil.infradead.org [IPv6:2607:7c80:54:e::133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 42X0690dHqz9s3Z for ; Sat, 13 Oct 2018 07:38:25 +1100 (AEDT) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20170209; h=Sender: Content-Transfer-Encoding:Content-Type:MIME-Version:Cc:List-Subscribe: List-Help:List-Post:List-Archive:List-Unsubscribe:List-Id:Subject:References: In-Reply-To:Message-Id:Date:To:From:Reply-To:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: List-Owner; bh=wa84R3tOLIJZCm2v3Uy15jzvHno2KNByXUYmViyuAcw=; b=AGAC8dvtcVz/0u wj1lyLyajjK9CNqFG5SLkPf24RV9SZlZFM9Fy/fpP8EN5cWmnztqrhWRXXRnBAdpJnDIkiOAOoeRo aLF87bT3eZnm3qQL7M6tgB7/pZ4l6u5cA6SEt75BLlv+eI1dcGnS6co44YP9SS8OWF/1mp+KeDmBc NvqzSBnrYWuqct7Cln60Tx2TLrX2WXabGVyVB/9Pgt3LP+QSk+DZiFOO7SDM7jkTJFE66ixERhylD SD318y3jrhZGBg9Zr0szYU2dPSMg7FSXrKI8ENbYkb4A0cIm4zBEpFwgUighY+UGDYZf6Hca4uayr bBfzhEDJcyU/hYgGYK8Q==; Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.90_1 #2 (Red Hat Linux)) id 1gB4CP-0001FD-KL; Fri, 12 Oct 2018 20:38:17 +0000 Received: from mx1.mailbox.org ([2001:67c:2050:104:0:1:25:1]) by bombadil.infradead.org with esmtps (Exim 4.90_1 #2 (Red Hat Linux)) id 1gB4Bp-00010T-LC for openwrt-devel@lists.openwrt.org; Fri, 12 Oct 2018 20:37:44 +0000 Received: from smtp2.mailbox.org (unknown [IPv6:2001:67c:2050:105:465:1:2:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx1.mailbox.org (Postfix) with ESMTPS id 6646D4AF17; Fri, 12 Oct 2018 22:37:28 +0200 (CEST) X-Virus-Scanned: amavisd-new at heinlein-support.de Received: from smtp2.mailbox.org ([80.241.60.241]) by spamfilter01.heinlein-hosting.de (spamfilter01.heinlein-hosting.de [80.241.56.115]) (amavisd-new, port 10030) with ESMTP id 77SctCV72wlt; Fri, 12 Oct 2018 22:37:27 +0200 (CEST) From: Hauke Mehrtens To: openwrt-devel@lists.openwrt.org Date: Fri, 12 Oct 2018 22:37:00 +0200 Message-Id: <20181012203707.14716-3-hauke@hauke-m.de> In-Reply-To: <20181012203707.14716-1-hauke@hauke-m.de> References: <20181012203707.14716-1-hauke@hauke-m.de> X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20181012_133742_023236_F1986364 X-CRM114-Status: GOOD ( 20.91 ) X-Spam-Score: -0.0 (/) X-Spam-Report: SpamAssassin version 3.4.1 on bombadil.infradead.org summary: Content analysis details: (-0.0 points) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 SPF_PASS SPF: sender matches SPF record Subject: [OpenWrt-Devel] [PATCH 2/9] hostapd: backport build fix when OWE is activated X-BeenThere: openwrt-devel@lists.openwrt.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Hauke Mehrtens MIME-Version: 1.0 Sender: "openwrt-devel" Errors-To: openwrt-devel-bounces+incoming=patchwork.ozlabs.org@lists.openwrt.org Signed-off-by: Hauke Mehrtens --- ...-unauthenticated-encrypted-EAPOL-Key-data.patch | 7 +----- ...ld-error-in-AP-code-without-CONFIG_IEEE80.patch | 29 ++++++++++++++++++++++ .../patches/380-disable_ctrl_iface_mib.patch | 4 +-- .../patches/381-hostapd_cli_UNKNOWN-COMMAND.patch | 4 +-- .../hostapd/patches/700-fix-openssl11.patch | 9 ++----- 5 files changed, 35 insertions(+), 18 deletions(-) create mode 100644 package/network/services/hostapd/patches/040-OWE-Fix-build-error-in-AP-code-without-CONFIG_IEEE80.patch diff --git a/package/network/services/hostapd/patches/0001-WPA-Ignore-unauthenticated-encrypted-EAPOL-Key-data.patch b/package/network/services/hostapd/patches/0001-WPA-Ignore-unauthenticated-encrypted-EAPOL-Key-data.patch index 1b84f7e86a..633ab58623 100644 --- a/package/network/services/hostapd/patches/0001-WPA-Ignore-unauthenticated-encrypted-EAPOL-Key-data.patch +++ b/package/network/services/hostapd/patches/0001-WPA-Ignore-unauthenticated-encrypted-EAPOL-Key-data.patch @@ -21,11 +21,9 @@ Signed-off-by: Mathy Vanhoef src/rsn_supp/wpa.c | 11 +++++++++++ 1 file changed, 11 insertions(+) -diff --git a/src/rsn_supp/wpa.c b/src/rsn_supp/wpa.c -index 56f3af7..db94a49 100644 --- a/src/rsn_supp/wpa.c +++ b/src/rsn_supp/wpa.c -@@ -2215,6 +2215,17 @@ int wpa_sm_rx_eapol(struct wpa_sm *sm, const u8 *src_addr, +@@ -2208,6 +2208,17 @@ int wpa_sm_rx_eapol(struct wpa_sm *sm, c if ((sm->proto == WPA_PROTO_RSN || sm->proto == WPA_PROTO_OSEN) && (key_info & WPA_KEY_INFO_ENCR_KEY_DATA) && mic_len) { @@ -43,6 +41,3 @@ index 56f3af7..db94a49 100644 if (wpa_supplicant_decrypt_key_data(sm, key, mic_len, ver, key_data, &key_data_len)) --- -2.7.4 - diff --git a/package/network/services/hostapd/patches/040-OWE-Fix-build-error-in-AP-code-without-CONFIG_IEEE80.patch b/package/network/services/hostapd/patches/040-OWE-Fix-build-error-in-AP-code-without-CONFIG_IEEE80.patch new file mode 100644 index 0000000000..ae9733110b --- /dev/null +++ b/package/network/services/hostapd/patches/040-OWE-Fix-build-error-in-AP-code-without-CONFIG_IEEE80.patch @@ -0,0 +1,29 @@ +From 410e2dd1d6b645bf5ed3ed55a9a415acbd993532 Mon Sep 17 00:00:00 2001 +From: Chaitanya T K +Date: Wed, 29 Aug 2018 02:14:33 +0530 +Subject: [PATCH] OWE: Fix build error in AP code without CONFIG_IEEE80211W=y + +When CONFIG_OWE is enabled but none of 11R/11W/FILS are enabled hostapd +(and wpa_supplicant with AP mode support) build failed. Fix this by +adding OWE to the list of conditions for including the local variables. + +Signed-off-by: Chaitanya T K +--- + src/ap/drv_callbacks.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +--- a/src/ap/drv_callbacks.c ++++ b/src/ap/drv_callbacks.c +@@ -109,10 +109,10 @@ int hostapd_notif_assoc(struct hostapd_d + struct ieee802_11_elems elems; + const u8 *ie; + size_t ielen; +-#if defined(CONFIG_IEEE80211R_AP) || defined(CONFIG_IEEE80211W) || defined(CONFIG_FILS) ++#if defined(CONFIG_IEEE80211R_AP) || defined(CONFIG_IEEE80211W) || defined(CONFIG_FILS) || defined(CONFIG_OWE) + u8 buf[sizeof(struct ieee80211_mgmt) + 1024]; + u8 *p = buf; +-#endif /* CONFIG_IEEE80211R_AP || CONFIG_IEEE80211W || CONFIG_FILS */ ++#endif /* CONFIG_IEEE80211R_AP || CONFIG_IEEE80211W || CONFIG_FILS || CONFIG_OWE */ + u16 reason = WLAN_REASON_UNSPECIFIED; + u16 status = WLAN_STATUS_SUCCESS; + const u8 *p2p_dev_addr = NULL; diff --git a/package/network/services/hostapd/patches/380-disable_ctrl_iface_mib.patch b/package/network/services/hostapd/patches/380-disable_ctrl_iface_mib.patch index 12689eab57..cd050fc0c9 100644 --- a/package/network/services/hostapd/patches/380-disable_ctrl_iface_mib.patch +++ b/package/network/services/hostapd/patches/380-disable_ctrl_iface_mib.patch @@ -163,7 +163,7 @@ { --- a/src/rsn_supp/wpa.c +++ b/src/rsn_supp/wpa.c -@@ -2295,6 +2295,8 @@ static u32 wpa_key_mgmt_suite(struct wpa +@@ -2306,6 +2306,8 @@ static u32 wpa_key_mgmt_suite(struct wpa } @@ -172,7 +172,7 @@ #define RSN_SUITE "%02x-%02x-%02x-%d" #define RSN_SUITE_ARG(s) \ ((s) >> 24) & 0xff, ((s) >> 16) & 0xff, ((s) >> 8) & 0xff, (s) & 0xff -@@ -2378,6 +2380,7 @@ int wpa_sm_get_mib(struct wpa_sm *sm, ch +@@ -2389,6 +2391,7 @@ int wpa_sm_get_mib(struct wpa_sm *sm, ch return (int) len; } diff --git a/package/network/services/hostapd/patches/381-hostapd_cli_UNKNOWN-COMMAND.patch b/package/network/services/hostapd/patches/381-hostapd_cli_UNKNOWN-COMMAND.patch index 81e6588e72..7bac937373 100644 --- a/package/network/services/hostapd/patches/381-hostapd_cli_UNKNOWN-COMMAND.patch +++ b/package/network/services/hostapd/patches/381-hostapd_cli_UNKNOWN-COMMAND.patch @@ -1,6 +1,6 @@ --- a/hostapd/hostapd_cli.c +++ b/hostapd/hostapd_cli.c -@@ -743,7 +743,7 @@ static int wpa_ctrl_command_sta(struct wpa_ctrl *ctrl, const char *cmd, +@@ -743,7 +743,7 @@ static int wpa_ctrl_command_sta(struct w } buf[len] = '\0'; @@ -9,5 +9,3 @@ return -1; if (print) printf("%s", buf); --- -2.11.0 diff --git a/package/network/services/hostapd/patches/700-fix-openssl11.patch b/package/network/services/hostapd/patches/700-fix-openssl11.patch index 918cab0899..86343c150b 100644 --- a/package/network/services/hostapd/patches/700-fix-openssl11.patch +++ b/package/network/services/hostapd/patches/700-fix-openssl11.patch @@ -11,11 +11,9 @@ Signed-off-by: Rosen Penev src/crypto/tls_openssl.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) -diff --git a/src/crypto/tls_openssl.c b/src/crypto/tls_openssl.c -index b4bfc9b73..79ac909d0 100644 --- a/src/crypto/tls_openssl.c +++ b/src/crypto/tls_openssl.c -@@ -1024,8 +1024,10 @@ void * tls_init(const struct tls_config *conf) +@@ -1024,8 +1024,10 @@ void * tls_init(const struct tls_config #ifndef OPENSSL_NO_ENGINE wpa_printf(MSG_DEBUG, "ENGINE: Loading dynamic engine"); @@ -26,7 +24,7 @@ index b4bfc9b73..79ac909d0 100644 if (conf && (conf->opensc_engine_path || conf->pkcs11_engine_path || -@@ -3874,7 +3876,7 @@ struct wpabuf * tls_connection_decrypt(void *tls_ctx, +@@ -3874,7 +3876,7 @@ struct wpabuf * tls_connection_decrypt(v int tls_connection_resumed(void *ssl_ctx, struct tls_connection *conn) { @@ -35,6 +33,3 @@ index b4bfc9b73..79ac909d0 100644 } --- -2.17.1 - From patchwork Fri Oct 12 20:37:01 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Hauke Mehrtens X-Patchwork-Id: 983292 X-Patchwork-Delegate: hauke@hauke-m.de Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (mailfrom) smtp.mailfrom=lists.openwrt.org (client-ip=2607:7c80:54:e::133; helo=bombadil.infradead.org; envelope-from=openwrt-devel-bounces+incoming=patchwork.ozlabs.org@lists.openwrt.org; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=hauke-m.de Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=lists.infradead.org header.i=@lists.infradead.org header.b="KgDiJDwC"; dkim-atps=neutral Received: from bombadil.infradead.org (bombadil.infradead.org [IPv6:2607:7c80:54:e::133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 42X07X47WZz9s3Z for ; Sat, 13 Oct 2018 07:39:36 +1100 (AEDT) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20170209; h=Sender: Content-Transfer-Encoding:Content-Type:MIME-Version:Cc:List-Subscribe: List-Help:List-Post:List-Archive:List-Unsubscribe:List-Id:Subject:References: In-Reply-To:Message-Id:Date:To:From:Reply-To:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: List-Owner; bh=l3DBsOsepwxtHAjxdSU/mHJCGg+m34GsBNRjkD5w5c0=; b=KgDiJDwC/lKvM0 TkbdeSeSmcQu3OGbAuMdW3m950z6GGEJp/vSAEkSmdV/8Ass2FIZrZVJkblGYvHd+N5TrpzZI9WYp ToD9a1r8yqjX/XjdZwpxI8zy5x+pf4SvYmeI07QbWqXV07ZVVqN3YkClphtivStYIAaRRQI3RrnNp qeQeN0Cr+dKuhkvoLvzQLKHHBnemLhggPNLT5d+zEvzbUZTwWjy068tGeq0M4SwU5AfsVwbIBEgxW VP054/obcE1c5wto1w++7iPbKgFJxan8FLbrAmnszZUrJTmgN3iIW3Nqfc3D6hBjEShCGPX+FFuxT Idz0BVt265UCNub9NIjg==; Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.90_1 #2 (Red Hat Linux)) id 1gB4DY-0001rW-BX; Fri, 12 Oct 2018 20:39:28 +0000 Received: from mx1.mailbox.org ([80.241.60.212]) by bombadil.infradead.org with esmtps (Exim 4.90_1 #2 (Red Hat Linux)) id 1gB4Br-00010W-26 for openwrt-devel@lists.openwrt.org; Fri, 12 Oct 2018 20:37:47 +0000 Received: from smtp2.mailbox.org (smtp2.mailbox.org [80.241.60.241]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx1.mailbox.org (Postfix) with ESMTPS id 7C93C4AF35; Fri, 12 Oct 2018 22:37:28 +0200 (CEST) X-Virus-Scanned: amavisd-new at heinlein-support.de Received: from smtp2.mailbox.org ([80.241.60.241]) by spamfilter03.heinlein-hosting.de (spamfilter03.heinlein-hosting.de [80.241.56.117]) (amavisd-new, port 10030) with ESMTP id HrSCZrqBhFaT; Fri, 12 Oct 2018 22:37:27 +0200 (CEST) From: Hauke Mehrtens To: openwrt-devel@lists.openwrt.org Date: Fri, 12 Oct 2018 22:37:01 +0200 Message-Id: <20181012203707.14716-4-hauke@hauke-m.de> In-Reply-To: <20181012203707.14716-1-hauke@hauke-m.de> References: <20181012203707.14716-1-hauke@hauke-m.de> X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20181012_133743_298557_28EE35C9 X-CRM114-Status: GOOD ( 14.88 ) X-Spam-Score: -0.7 (/) X-Spam-Report: SpamAssassin version 3.4.1 on bombadil.infradead.org summary: Content analysis details: (-0.7 points) pts rule name description ---- ---------------------- -------------------------------------------------- -0.7 RCVD_IN_DNSWL_LOW RBL: Sender listed at http://www.dnswl.org/, low trust [80.241.60.212 listed in list.dnswl.org] -0.0 SPF_PASS SPF: sender matches SPF record Subject: [OpenWrt-Devel] [PATCH 3/9] hostapd: SAE: Do not ignore option sae_require_mfp X-BeenThere: openwrt-devel@lists.openwrt.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Hauke Mehrtens MIME-Version: 1.0 Sender: "openwrt-devel" Errors-To: openwrt-devel-bounces+incoming=patchwork.ozlabs.org@lists.openwrt.org Signed-off-by: Hauke Mehrtens --- ...-SAE-Do-not-ignore-option-sae_require_mfp.patch | 26 ++++++++++++++++++++++ 1 file changed, 26 insertions(+) create mode 100644 package/network/services/hostapd/patches/130-SAE-Do-not-ignore-option-sae_require_mfp.patch diff --git a/package/network/services/hostapd/patches/130-SAE-Do-not-ignore-option-sae_require_mfp.patch b/package/network/services/hostapd/patches/130-SAE-Do-not-ignore-option-sae_require_mfp.patch new file mode 100644 index 0000000000..8810774665 --- /dev/null +++ b/package/network/services/hostapd/patches/130-SAE-Do-not-ignore-option-sae_require_mfp.patch @@ -0,0 +1,26 @@ +From 54e0de1a9ee81477e9dfb93985c1fbf105b3d1d4 Mon Sep 17 00:00:00 2001 +From: Hauke Mehrtens +Date: Wed, 10 Oct 2018 23:22:23 +0200 +Subject: SAE: Do not ignore option sae_require_mfp + +Without this patch sae_require_mfp is always activate, when ieee80211w +is set to optional all stations negotiating SAEs are being rejected when +they do not support PMF. With this patch hostapd only rejects these +stations in case sae_require_mfp is set to some value and not null. + +Fixes ba3d435fe43 ("SAE: Add option to require MFP for SAE associations") +Signed-off-by: Hauke Mehrtens +--- + src/ap/wpa_auth_ie.c | 1 + + 1 file changed, 1 insertion(+) + +--- a/src/ap/wpa_auth_ie.c ++++ b/src/ap/wpa_auth_ie.c +@@ -721,6 +721,7 @@ int wpa_validate_wpa_ie(struct wpa_authe + + #ifdef CONFIG_SAE + if (wpa_auth->conf.ieee80211w == MGMT_FRAME_PROTECTION_OPTIONAL && ++ wpa_auth->conf.sae_require_mfp && + wpa_key_mgmt_sae(sm->wpa_key_mgmt) && + !(data.capabilities & WPA_CAPABILITY_MFPC)) { + wpa_printf(MSG_DEBUG, From patchwork Fri Oct 12 20:37:02 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Hauke Mehrtens X-Patchwork-Id: 983289 X-Patchwork-Delegate: hauke@hauke-m.de Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (mailfrom) smtp.mailfrom=lists.openwrt.org (client-ip=2607:7c80:54:e::133; helo=bombadil.infradead.org; envelope-from=openwrt-devel-bounces+incoming=patchwork.ozlabs.org@lists.openwrt.org; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=hauke-m.de Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=lists.infradead.org header.i=@lists.infradead.org header.b="tR3FvWZJ"; dkim-atps=neutral Received: from bombadil.infradead.org (bombadil.infradead.org [IPv6:2607:7c80:54:e::133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 42X05b036Jz9s3Z for ; Sat, 13 Oct 2018 07:37:54 +1100 (AEDT) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20170209; h=Sender: Content-Transfer-Encoding:Content-Type:MIME-Version:Cc:List-Subscribe: List-Help:List-Post:List-Archive:List-Unsubscribe:List-Id:Subject:References: In-Reply-To:Message-Id:Date:To:From:Reply-To:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: List-Owner; bh=H8XVZkFvTb9fYqi6nXI/Zx2ODttXAdRZAxXIjjOrcEM=; b=tR3FvWZJHekK56 zqJzhH17W6+zR8paO0tuLre50WItPp0GDaYYADz8o1rerzaVwqKex6SgG+X997Oi+diWIDRB0k8ci rYBgda4OoV5GtHcpHIcPnqS8F32QRRlsJlnvdMBBW9Dvr133cDva90qn/NogR1Dk65QZ1yqG5N3UO seT4Q736Us9iu9NYwVozjEZtGl0IfuJatQViALU00+Q/yz2F+i9vO+PXFGt9VJLimtLK20zkXJJ7c XKby6BytvrUFy6TmzIeyPe58CY2FQZN9s06LfjZSNq/fVTpPHLznrdsyrD8fVSUg9KhTWNUo84UuI tO4dsU7nGk8bY/U0AVCw==; Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.90_1 #2 (Red Hat Linux)) id 1gB4Bv-00012c-Nc; Fri, 12 Oct 2018 20:37:47 +0000 Received: from mx1.mailbox.org ([2001:67c:2050:104:0:1:25:1]) by bombadil.infradead.org with esmtps (Exim 4.90_1 #2 (Red Hat Linux)) id 1gB4Bp-00010V-LD for openwrt-devel@lists.openwrt.org; Fri, 12 Oct 2018 20:37:44 +0000 Received: from smtp2.mailbox.org (smtp2.mailbox.org [80.241.60.241]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx1.mailbox.org (Postfix) with ESMTPS id 8DA584AF38; Fri, 12 Oct 2018 22:37:28 +0200 (CEST) X-Virus-Scanned: amavisd-new at heinlein-support.de Received: from smtp2.mailbox.org ([80.241.60.241]) by spamfilter02.heinlein-hosting.de (spamfilter02.heinlein-hosting.de [80.241.56.116]) (amavisd-new, port 10030) with ESMTP id JqmFEYJbVOwL; Fri, 12 Oct 2018 22:37:27 +0200 (CEST) From: Hauke Mehrtens To: openwrt-devel@lists.openwrt.org Date: Fri, 12 Oct 2018 22:37:02 +0200 Message-Id: <20181012203707.14716-5-hauke@hauke-m.de> In-Reply-To: <20181012203707.14716-1-hauke@hauke-m.de> References: <20181012203707.14716-1-hauke@hauke-m.de> X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20181012_133742_039858_D3CB4C4D X-CRM114-Status: GOOD ( 15.48 ) X-Spam-Score: -0.0 (/) X-Spam-Report: SpamAssassin version 3.4.1 on bombadil.infradead.org summary: Content analysis details: (-0.0 points) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 SPF_PASS SPF: sender matches SPF record Subject: [OpenWrt-Devel] [PATCH 4/9] hostapd: Activate Simultaneous Authentication of Equals (SAE) X-BeenThere: openwrt-devel@lists.openwrt.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Hauke Mehrtens MIME-Version: 1.0 Sender: "openwrt-devel" Errors-To: openwrt-devel-bounces+incoming=patchwork.ozlabs.org@lists.openwrt.org This build the full openssl and wolfssl versions with SAE support which is the main part of WPA3 PSK. This needs elliptic curve cryptography which is only provided by these two external cryptographic libraries and not by the internal implementation. The WPA3_Specification_v1.0.pdf file says that in SAE only mode Protected Management Frames (PMF) is required, in mixed mode with WPA2-PSK PMF should be required for clients using SAE, and optional for clients using WPA2-PSK. The defaults are set now accordingly. This increases the ipkg size by 8.515 Bytes. Old: 394.026 Bytes New: 402.541 Bytes Signed-off-by: Hauke Mehrtens --- package/network/services/hostapd/Makefile | 4 +- package/network/services/hostapd/files/hostapd.sh | 43 ++++++++++++++++++---- .../hostapd/src/src/utils/build_features.h | 4 ++ 3 files changed, 42 insertions(+), 9 deletions(-) diff --git a/package/network/services/hostapd/Makefile b/package/network/services/hostapd/Makefile index a5c5379738..3f9b776f55 100644 --- a/package/network/services/hostapd/Makefile +++ b/package/network/services/hostapd/Makefile @@ -97,11 +97,11 @@ endif ifeq ($(LOCAL_VARIANT),full) ifeq ($(SSL_VARIANT),openssl) - DRIVER_MAKEOPTS += CONFIG_TLS=openssl + DRIVER_MAKEOPTS += CONFIG_TLS=openssl CONFIG_SAE=y TARGET_LDFLAGS += -lcrypto -lssl endif ifeq ($(SSL_VARIANT),wolfssl) - DRIVER_MAKEOPTS += CONFIG_TLS=wolfssl CONFIG_WPS_NFC=1 + DRIVER_MAKEOPTS += CONFIG_TLS=wolfssl CONFIG_WPS_NFC=1 CONFIG_SAE=y TARGET_LDFLAGS += -lwolfssl endif endif diff --git a/package/network/services/hostapd/files/hostapd.sh b/package/network/services/hostapd/files/hostapd.sh index 7ffff4e7e1..c9882701fa 100644 --- a/package/network/services/hostapd/files/hostapd.sh +++ b/package/network/services/hostapd/files/hostapd.sh @@ -37,11 +37,26 @@ hostapd_append_wep_key() { } hostapd_append_wpa_key_mgmt() { - local auth_type="$(echo $auth_type | tr 'a-z' 'A-Z')" + local auth_type_l="$(echo $auth_type | tr 'a-z' 'A-Z')" - append wpa_key_mgmt "WPA-$auth_type" - [ "${ieee80211r:-0}" -gt 0 ] && append wpa_key_mgmt "FT-${auth_type}" - [ "${ieee80211w:-0}" -gt 0 ] && append wpa_key_mgmt "WPA-${auth_type}-SHA256" + case "$auth_type" in + psk|eap) + append wpa_key_mgmt "WPA-$auth_type_l" + [ "${ieee80211r:-0}" -gt 0 ] && append wpa_key_mgmt "FT-${auth_type_l}" + [ "${ieee80211w:-0}" -gt 0 ] && append wpa_key_mgmt "WPA-${auth_type_l}-SHA256" + ;; + sae) + append wpa_key_mgmt "SAE" + [ "${ieee80211r:-0}" -gt 0 ] && append wpa_key_mgmt "FT-SAE" + ;; + psk-sae) + append wpa_key_mgmt "WPA-PSK" + [ "${ieee80211r:-0}" -gt 0 ] && append wpa_key_mgmt "FT-PSK" + [ "${ieee80211w:-0}" -gt 0 ] && append wpa_key_mgmt "WPA-PSK-SHA256" + append wpa_key_mgmt "SAE" + [ "${ieee80211r:-0}" -gt 0 ] && append wpa_key_mgmt "FT-SAE" + ;; + esac } hostapd_add_log_config() { @@ -209,6 +224,8 @@ hostapd_common_add_bss_config() { config_add_int mcast_rate config_add_array basic_rate config_add_array supported_rates + + config_add_boolean sae_require_mfp } hostapd_set_bss_options() { @@ -230,7 +247,7 @@ hostapd_set_bss_options() { macfilter ssid wmm uapsd hidden short_preamble rsn_preauth \ iapp_interface eapol_version dynamic_vlan ieee80211w nasid \ acct_server acct_secret acct_port acct_interval \ - bss_load_update_period chan_util_avg_period + bss_load_update_period chan_util_avg_period sae_require_mfp set_default isolate 0 set_default maxassoc 0 @@ -284,6 +301,18 @@ hostapd_set_bss_options() { append bss_conf "radius_acct_interim_interval=$acct_interval" "$N" } + case "$auth_type" in + sae) + set_default ieee80211w 2 + set_default sae_require_mfp 1 + ;; + psk-sae) + set_default ieee80211w 1 + set_default sae_require_mfp 1 + ;; + esac + [ -n "$sae_require_mfp" ] && append bss_conf "sae_require_mfp=$sae_require_mfp" "$N" + local vlan_possible="" case "$auth_type" in @@ -293,7 +322,7 @@ hostapd_set_bss_options() { # with WPS enabled, we got to be in unconfigured state. wps_not_configured=1 ;; - psk) + psk|sae|psk-sae) json_get_vars key wpa_psk_file if [ ${#key} -lt 8 ]; then wireless_setup_vif_failed INVALID_WPA_PSK @@ -709,7 +738,7 @@ wpa_supplicant_add_network() { hostapd_append_wep_key network_data append network_data "wep_tx_keyidx=$wep_keyidx" "$N$T" ;; - psk) + psk|sae|psk-sae) local passphrase if [ "$_w_mode" != "mesh" ]; then diff --git a/package/network/services/hostapd/src/src/utils/build_features.h b/package/network/services/hostapd/src/src/utils/build_features.h index ba082dea14..328c76c67e 100644 --- a/package/network/services/hostapd/src/src/utils/build_features.h +++ b/package/network/services/hostapd/src/src/utils/build_features.h @@ -27,6 +27,10 @@ static inline int has_feature(const char *feat) if (!strcmp(feat, "acs")) return 1; #endif +#ifdef CONFIG_SAE + if (!strcmp(feat, "sae")) + return 1; +#endif return 0; } From patchwork Fri Oct 12 20:37:03 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Hauke Mehrtens X-Patchwork-Id: 983298 X-Patchwork-Delegate: hauke@hauke-m.de Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (mailfrom) smtp.mailfrom=lists.openwrt.org (client-ip=2607:7c80:54:e::133; helo=bombadil.infradead.org; envelope-from=openwrt-devel-bounces+incoming=patchwork.ozlabs.org@lists.openwrt.org; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=hauke-m.de Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=lists.infradead.org header.i=@lists.infradead.org header.b="eL0xqVfU"; dkim-atps=neutral Received: from bombadil.infradead.org (bombadil.infradead.org [IPv6:2607:7c80:54:e::133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 42X0Bp4qbrz9s3Z for ; Sat, 13 Oct 2018 07:42:26 +1100 (AEDT) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20170209; h=Sender: Content-Transfer-Encoding:Content-Type:MIME-Version:Cc:List-Subscribe: List-Help:List-Post:List-Archive:List-Unsubscribe:List-Id:Subject:References: In-Reply-To:Message-Id:Date:To:From:Reply-To:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: List-Owner; bh=WicwTEg3Jil2SFwBVmyJvTlC+8BcqOEWRVDxZbSCdJ0=; b=eL0xqVfUCLVjLA R4HQv29L1DwhdsnKTlaIXxOMjjqUR3fBC3yVWAE5AMQLxaTy4r3SLkfwtjD5CEDGt4hrSJgS4cG8Q 0eltF7VA2PTFMpRl3z3Q5Br29dxWnHYNL+itM64XdJXhectLZaW3ih7gUB+9C6NHQt6yHdbR/kwv6 gJJoZQrfUorTSjOqnczs+jZbsS+7v7PON68kOxUpYTwK1A8LrDt88goWIpUM6snpbdF9ELcSGS7HK 55+1hnBzGI6wsOIwgRodrUc9HqQ3aGnZxarAnmHCTdz4FusFY1y5TG3JEjFCoJalkfKECZ/DQohGx 1e90KzQ0rdnmnY65LzKw==; Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.90_1 #2 (Red Hat Linux)) id 1gB4GL-0004ZR-Sb; Fri, 12 Oct 2018 20:42:21 +0000 Received: from mx1.mailbox.org ([2001:67c:2050:104:0:1:25:1]) by bombadil.infradead.org with esmtps (Exim 4.90_1 #2 (Red Hat Linux)) id 1gB4C3-00012Q-LZ for openwrt-devel@lists.openwrt.org; Fri, 12 Oct 2018 20:38:18 +0000 Received: from smtp2.mailbox.org (unknown [IPv6:2001:67c:2050:105:465:1:2:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx1.mailbox.org (Postfix) with ESMTPS id 3CF574AF3E; Fri, 12 Oct 2018 22:37:29 +0200 (CEST) X-Virus-Scanned: amavisd-new at heinlein-support.de Received: from smtp2.mailbox.org ([80.241.60.241]) by spamfilter03.heinlein-hosting.de (spamfilter03.heinlein-hosting.de [80.241.56.117]) (amavisd-new, port 10030) with ESMTP id FSXRIAMLw48D; Fri, 12 Oct 2018 22:37:28 +0200 (CEST) From: Hauke Mehrtens To: openwrt-devel@lists.openwrt.org Date: Fri, 12 Oct 2018 22:37:03 +0200 Message-Id: <20181012203707.14716-6-hauke@hauke-m.de> In-Reply-To: <20181012203707.14716-1-hauke@hauke-m.de> References: <20181012203707.14716-1-hauke@hauke-m.de> X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20181012_133756_066359_30275CA8 X-CRM114-Status: GOOD ( 15.37 ) X-Spam-Score: -0.0 (/) X-Spam-Report: SpamAssassin version 3.4.1 on bombadil.infradead.org summary: Content analysis details: (-0.0 points) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 SPF_PASS SPF: sender matches SPF record Subject: [OpenWrt-Devel] [PATCH 5/9] hostapd: Activate Opportunistic Wireless Encryption (OWE) X-BeenThere: openwrt-devel@lists.openwrt.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Hauke Mehrtens MIME-Version: 1.0 Sender: "openwrt-devel" Errors-To: openwrt-devel-bounces+incoming=patchwork.ozlabs.org@lists.openwrt.org OWE is defined in RFC 8110 and provides encryption and forward security for open networks. This is based on the requirements in the Wifi alliance document Opportunistic_Wireless_Encryption_Specification_v1.0_0.pdf The wifi alliance requires ieee80211w for the OWE mode. This also makes it possible to configure the OWE transission mode which allows it operate an open and an OWE BSSID in parallel and the client should only show one network. This increases the ipkg size by 5.800 Bytes. Old: 402.541 Bytes New: 408.341 Bytes Signed-off-by: Hauke Mehrtens --- package/network/services/hostapd/Makefile | 4 ++-- package/network/services/hostapd/files/hostapd.sh | 17 +++++++++++++++-- .../services/hostapd/src/src/utils/build_features.h | 4 ++++ 3 files changed, 21 insertions(+), 4 deletions(-) diff --git a/package/network/services/hostapd/Makefile b/package/network/services/hostapd/Makefile index 3f9b776f55..06cf0469ef 100644 --- a/package/network/services/hostapd/Makefile +++ b/package/network/services/hostapd/Makefile @@ -97,11 +97,11 @@ endif ifeq ($(LOCAL_VARIANT),full) ifeq ($(SSL_VARIANT),openssl) - DRIVER_MAKEOPTS += CONFIG_TLS=openssl CONFIG_SAE=y + DRIVER_MAKEOPTS += CONFIG_TLS=openssl CONFIG_SAE=y CONFIG_OWE=y TARGET_LDFLAGS += -lcrypto -lssl endif ifeq ($(SSL_VARIANT),wolfssl) - DRIVER_MAKEOPTS += CONFIG_TLS=wolfssl CONFIG_WPS_NFC=1 CONFIG_SAE=y + DRIVER_MAKEOPTS += CONFIG_TLS=wolfssl CONFIG_WPS_NFC=1 CONFIG_SAE=y CONFIG_OWE=y TARGET_LDFLAGS += -lwolfssl endif endif diff --git a/package/network/services/hostapd/files/hostapd.sh b/package/network/services/hostapd/files/hostapd.sh index c9882701fa..6a2eb7b023 100644 --- a/package/network/services/hostapd/files/hostapd.sh +++ b/package/network/services/hostapd/files/hostapd.sh @@ -56,6 +56,9 @@ hostapd_append_wpa_key_mgmt() { append wpa_key_mgmt "SAE" [ "${ieee80211r:-0}" -gt 0 ] && append wpa_key_mgmt "FT-SAE" ;; + owe) + append wpa_key_mgmt "OWE" + ;; esac } @@ -226,6 +229,8 @@ hostapd_common_add_bss_config() { config_add_array supported_rates config_add_boolean sae_require_mfp + + config_add_string 'owe_transition_bssid:macaddr' 'owe_transition_ssid:string' } hostapd_set_bss_options() { @@ -302,7 +307,7 @@ hostapd_set_bss_options() { } case "$auth_type" in - sae) + sae|owe) set_default ieee80211w 2 set_default sae_require_mfp 1 ;; @@ -316,7 +321,12 @@ hostapd_set_bss_options() { local vlan_possible="" case "$auth_type" in - none) + none|owe) + json_get_vars owe_transition_bssid owe_transition_ssid + + [ -n "$owe_transition_ssid" ] && append bss_conf "owe_transition_ssid=\"$owe_transition_ssid\"" "$N" + [ -n "$owe_transition_bssid" ] && append bss_conf "owe_transition_bssid=$owe_transition_bssid" "$N" + wps_possible=1 # Here we make the assumption that if we're in open mode # with WPS enabled, we got to be in unconfigured state. @@ -733,6 +743,9 @@ wpa_supplicant_add_network() { case "$auth_type" in none) ;; + owe) + hostapd_append_wpa_key_mgmt + ;; wep) local wep_keyidx=0 hostapd_append_wep_key network_data diff --git a/package/network/services/hostapd/src/src/utils/build_features.h b/package/network/services/hostapd/src/src/utils/build_features.h index 328c76c67e..4013ae7b30 100644 --- a/package/network/services/hostapd/src/src/utils/build_features.h +++ b/package/network/services/hostapd/src/src/utils/build_features.h @@ -31,6 +31,10 @@ static inline int has_feature(const char *feat) if (!strcmp(feat, "sae")) return 1; #endif +#ifdef CONFIG_OWE + if (!strcmp(feat, "owe")) + return 1; +#endif return 0; } From patchwork Fri Oct 12 20:37:04 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Hauke Mehrtens X-Patchwork-Id: 983299 X-Patchwork-Delegate: hauke@hauke-m.de Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (mailfrom) smtp.mailfrom=lists.openwrt.org (client-ip=2607:7c80:54:e::133; helo=bombadil.infradead.org; envelope-from=openwrt-devel-bounces+incoming=patchwork.ozlabs.org@lists.openwrt.org; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=hauke-m.de Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=lists.infradead.org header.i=@lists.infradead.org header.b="qjadGy57"; dkim-atps=neutral Received: from bombadil.infradead.org (bombadil.infradead.org [IPv6:2607:7c80:54:e::133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 42X0CM0CCvz9s3Z for ; Sat, 13 Oct 2018 07:42:54 +1100 (AEDT) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20170209; h=Sender: Content-Transfer-Encoding:Content-Type:MIME-Version:Cc:List-Subscribe: List-Help:List-Post:List-Archive:List-Unsubscribe:List-Id:Subject:References: In-Reply-To:Message-Id:Date:To:From:Reply-To:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: List-Owner; bh=9Em7kdeHSDssePCLFAPtqG0XdzY3bdl9Rhx9lCWiC7s=; b=qjadGy57qFsjd1 Wtjgjrgm8MZ1Hiyin3pdCRPqRYELLiGXMsXvrkzkJMk5buTIdO81LJOMjxsDhyQRU5Tqcv98r5U3M FbVqHjNcfDSvCcSWMk28Hei/6qCCP5WFl/lZNo8l2IYaVDtGfrVCvq+bb7MXoUfWo7UCEkCdtfNCe RUlX5LfmICGQ0vQfmvSnwil6TkznchH3Rn8dptzwWF0x7J3ipZGDJfu6hVxYg+2uqiKJNpsPZxvJ1 mFeWRDCVc7vrSoQsQfxlQk11QtsnsOKOor4tswjAappxM/gOqIu6Mg76ZKycLv1TXtvVBdc4uxMkh WCK59f+jAiX/l54Y2xMg==; Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.90_1 #2 (Red Hat Linux)) id 1gB4Gq-0004pQ-0o; Fri, 12 Oct 2018 20:42:52 +0000 Received: from mx1.mailbox.org ([2001:67c:2050:104:0:1:25:1]) by bombadil.infradead.org with esmtps (Exim 4.90_1 #2 (Red Hat Linux)) id 1gB4C3-00012P-La for openwrt-devel@lists.openwrt.org; Fri, 12 Oct 2018 20:38:20 +0000 Received: from smtp2.mailbox.org (unknown [IPv6:2001:67c:2050:105:465:1:2:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx1.mailbox.org (Postfix) with ESMTPS id 842F54AF3F; Fri, 12 Oct 2018 22:37:29 +0200 (CEST) X-Virus-Scanned: amavisd-new at heinlein-support.de Received: from smtp2.mailbox.org ([80.241.60.241]) by spamfilter01.heinlein-hosting.de (spamfilter01.heinlein-hosting.de [80.241.56.115]) (amavisd-new, port 10030) with ESMTP id 5zr4IoXZ2cLj; Fri, 12 Oct 2018 22:37:28 +0200 (CEST) From: Hauke Mehrtens To: openwrt-devel@lists.openwrt.org Date: Fri, 12 Oct 2018 22:37:04 +0200 Message-Id: <20181012203707.14716-7-hauke@hauke-m.de> In-Reply-To: <20181012203707.14716-1-hauke@hauke-m.de> References: <20181012203707.14716-1-hauke@hauke-m.de> X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20181012_133756_077385_5B6F40FA X-CRM114-Status: GOOD ( 15.25 ) X-Spam-Score: -0.0 (/) X-Spam-Report: SpamAssassin version 3.4.1 on bombadil.infradead.org summary: Content analysis details: (-0.0 points) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 SPF_PASS SPF: sender matches SPF record Subject: [OpenWrt-Devel] [PATCH 6/9] hostapd: Add WPA-EAP-SUITE-B-192 (WPA3-Enterprise) X-BeenThere: openwrt-devel@lists.openwrt.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Hauke Mehrtens MIME-Version: 1.0 Sender: "openwrt-devel" Errors-To: openwrt-devel-bounces+incoming=patchwork.ozlabs.org@lists.openwrt.org This adds support for the WPA3-Enterprise mode authentication. The settings for the WPA3-Enterpriese mode are defined in WPA3_Specification_v1.0.pdf. This mode also requires ieee80211w and guarantees at least 192 bit of security. This does not increase the ipkg size by a significant size. Signed-off-by: Hauke Mehrtens --- package/network/services/hostapd/Makefile | 4 ++-- package/network/services/hostapd/files/hostapd.sh | 15 ++++++++++++--- .../services/hostapd/src/src/utils/build_features.h | 4 ++++ 3 files changed, 18 insertions(+), 5 deletions(-) diff --git a/package/network/services/hostapd/Makefile b/package/network/services/hostapd/Makefile index 06cf0469ef..41f5f54b82 100644 --- a/package/network/services/hostapd/Makefile +++ b/package/network/services/hostapd/Makefile @@ -97,11 +97,11 @@ endif ifeq ($(LOCAL_VARIANT),full) ifeq ($(SSL_VARIANT),openssl) - DRIVER_MAKEOPTS += CONFIG_TLS=openssl CONFIG_SAE=y CONFIG_OWE=y + DRIVER_MAKEOPTS += CONFIG_TLS=openssl CONFIG_SAE=y CONFIG_OWE=y CONFIG_SUITEB192=y TARGET_LDFLAGS += -lcrypto -lssl endif ifeq ($(SSL_VARIANT),wolfssl) - DRIVER_MAKEOPTS += CONFIG_TLS=wolfssl CONFIG_WPS_NFC=1 CONFIG_SAE=y CONFIG_OWE=y + DRIVER_MAKEOPTS += CONFIG_TLS=wolfssl CONFIG_WPS_NFC=1 CONFIG_SAE=y CONFIG_OWE=y CONFIG_SUITEB192=y TARGET_LDFLAGS += -lwolfssl endif endif diff --git a/package/network/services/hostapd/files/hostapd.sh b/package/network/services/hostapd/files/hostapd.sh index 6a2eb7b023..540d1182cc 100644 --- a/package/network/services/hostapd/files/hostapd.sh +++ b/package/network/services/hostapd/files/hostapd.sh @@ -45,6 +45,15 @@ hostapd_append_wpa_key_mgmt() { [ "${ieee80211r:-0}" -gt 0 ] && append wpa_key_mgmt "FT-${auth_type_l}" [ "${ieee80211w:-0}" -gt 0 ] && append wpa_key_mgmt "WPA-${auth_type_l}-SHA256" ;; + eap192) + append wpa_key_mgmt "WPA-EAP-SUITE-B-192" + ;; + eap-eap192) + append wpa_key_mgmt "WPA-EAP-SUITE-B-192" + append wpa_key_mgmt "WPA-EAP" + [ "${ieee80211r:-0}" -gt 0 ] && append wpa_key_mgmt "FT-EAP" + [ "${ieee80211w:-0}" -gt 0 ] && append wpa_key_mgmt "WPA-EAP-SHA256" + ;; sae) append wpa_key_mgmt "SAE" [ "${ieee80211r:-0}" -gt 0 ] && append wpa_key_mgmt "FT-SAE" @@ -307,7 +316,7 @@ hostapd_set_bss_options() { } case "$auth_type" in - sae|owe) + sae|owe|eap192|eap-eap192) set_default ieee80211w 2 set_default sae_require_mfp 1 ;; @@ -350,7 +359,7 @@ hostapd_set_bss_options() { wps_possible=1 ;; - eap) + eap|eap192|eap-eap192) json_get_vars \ auth_server auth_secret auth_port \ dae_client dae_secret dae_port \ @@ -771,7 +780,7 @@ wpa_supplicant_add_network() { fi append network_data "$passphrase" "$N$T" ;; - eap) + eap|eap192|eap-eap192) hostapd_append_wpa_key_mgmt key_mgmt="$wpa_key_mgmt" diff --git a/package/network/services/hostapd/src/src/utils/build_features.h b/package/network/services/hostapd/src/src/utils/build_features.h index 4013ae7b30..abebecb570 100644 --- a/package/network/services/hostapd/src/src/utils/build_features.h +++ b/package/network/services/hostapd/src/src/utils/build_features.h @@ -35,6 +35,10 @@ static inline int has_feature(const char *feat) if (!strcmp(feat, "owe")) return 1; #endif +#ifdef CONFIG_SUITEB192 + if (!strcmp(feat, "suiteb192")) + return 1; +#endif return 0; } From patchwork Fri Oct 12 20:37:05 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Hauke Mehrtens X-Patchwork-Id: 983296 X-Patchwork-Delegate: hauke@hauke-m.de Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (mailfrom) smtp.mailfrom=lists.openwrt.org (client-ip=2607:7c80:54:e::133; helo=bombadil.infradead.org; envelope-from=openwrt-devel-bounces+incoming=patchwork.ozlabs.org@lists.openwrt.org; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=hauke-m.de Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=lists.infradead.org header.i=@lists.infradead.org header.b="Q6s3baD7"; dkim-atps=neutral Received: from bombadil.infradead.org (bombadil.infradead.org [IPv6:2607:7c80:54:e::133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 42X09b3ny9z9s3Z for ; Sat, 13 Oct 2018 07:41:23 +1100 (AEDT) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20170209; h=Sender: Content-Transfer-Encoding:Content-Type:MIME-Version:Cc:List-Subscribe: List-Help:List-Post:List-Archive:List-Unsubscribe:List-Id:Subject:References: In-Reply-To:Message-Id:Date:To:From:Reply-To:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: List-Owner; bh=HYaHJJ3ZUaprbNqv7CkOBqhRWwq0yto+/hP1GUPeO+k=; b=Q6s3baD7HEgzwr 3X6uN2qEkxKp9iUIHNnBqIOVqebkte35UiZjwO4qiPeO6WQ300joF9WMh87E6jNxNtQXOq6TnbknD tJBTq+ApTzgdUUjKeyzAHi6y1pIF2fS+N1X6Z/9RHb58nv3vXLDyhnCqkBCKHabAUXLG9YK8OKHT5 U6tGJZQP8eMzZET+7nQuG+9HLfxM6DQjF7tXBIsFx33HrPNAoNbC21PrqNuns100xYx6r/BmnaoPs ryVMPJEc4mdgGwq8R6AlJxKu/q0DFUmgdDvBzAbV67bweD0OFa3SgHa/QcdKS4roqdkFlcdko0IOp kmoaXICHzv52UO+Dc5PA==; Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.90_1 #2 (Red Hat Linux)) id 1gB4FI-00042j-Mf; Fri, 12 Oct 2018 20:41:16 +0000 Received: from mx1.mailbox.org ([80.241.60.212]) by bombadil.infradead.org with esmtps (Exim 4.90_1 #2 (Red Hat Linux)) id 1gB4C3-00012T-Oh for openwrt-devel@lists.openwrt.org; Fri, 12 Oct 2018 20:38:05 +0000 Received: from smtp2.mailbox.org (unknown [IPv6:2001:67c:2050:105:465:1:2:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx1.mailbox.org (Postfix) with ESMTPS id DC7FA4AF44; Fri, 12 Oct 2018 22:37:29 +0200 (CEST) X-Virus-Scanned: amavisd-new at heinlein-support.de Received: from smtp2.mailbox.org ([80.241.60.241]) by spamfilter03.heinlein-hosting.de (spamfilter03.heinlein-hosting.de [80.241.56.117]) (amavisd-new, port 10030) with ESMTP id 903BO0UmvvMF; Fri, 12 Oct 2018 22:37:28 +0200 (CEST) From: Hauke Mehrtens To: openwrt-devel@lists.openwrt.org Date: Fri, 12 Oct 2018 22:37:05 +0200 Message-Id: <20181012203707.14716-8-hauke@hauke-m.de> In-Reply-To: <20181012203707.14716-1-hauke@hauke-m.de> References: <20181012203707.14716-1-hauke@hauke-m.de> X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20181012_133756_011574_770AF6E8 X-CRM114-Status: GOOD ( 14.47 ) X-Spam-Score: -0.7 (/) X-Spam-Report: SpamAssassin version 3.4.1 on bombadil.infradead.org summary: Content analysis details: (-0.7 points) pts rule name description ---- ---------------------- -------------------------------------------------- -0.7 RCVD_IN_DNSWL_LOW RBL: Sender listed at http://www.dnswl.org/, low trust [80.241.60.212 listed in list.dnswl.org] -0.0 SPF_PASS SPF: sender matches SPF record Subject: [OpenWrt-Devel] [PATCH 7/9] netifd: Add support for wireless SAE authentication X-BeenThere: openwrt-devel@lists.openwrt.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Hauke Mehrtens MIME-Version: 1.0 Sender: "openwrt-devel" Errors-To: openwrt-devel-bounces+incoming=patchwork.ozlabs.org@lists.openwrt.org Signed-off-by: Hauke Mehrtens --- ...d-Simultaneous-Authentication-of-Equals-S.patch | 36 ++++++++++++++++++++++ 1 file changed, 36 insertions(+) create mode 100644 package/network/config/netifd/patches/001-wireless-Add-Simultaneous-Authentication-of-Equals-S.patch diff --git a/package/network/config/netifd/patches/001-wireless-Add-Simultaneous-Authentication-of-Equals-S.patch b/package/network/config/netifd/patches/001-wireless-Add-Simultaneous-Authentication-of-Equals-S.patch new file mode 100644 index 0000000000..a634fe38bd --- /dev/null +++ b/package/network/config/netifd/patches/001-wireless-Add-Simultaneous-Authentication-of-Equals-S.patch @@ -0,0 +1,36 @@ +From 22476ff99ea2c233e342dfe2bdff506e54278f03 Mon Sep 17 00:00:00 2001 +From: Hauke Mehrtens +Date: Thu, 4 Oct 2018 22:34:48 +0200 +Subject: wireless: Add Simultaneous Authentication of Equals (SAE) + +This adds PSK3 / SAE support. + +Signed-off-by: Hauke Mehrtens +--- + scripts/netifd-wireless.sh | 8 +++++++- + 1 file changed, 7 insertions(+), 1 deletion(-) + +--- a/scripts/netifd-wireless.sh ++++ b/scripts/netifd-wireless.sh +@@ -211,7 +211,7 @@ wireless_vif_parse_encryption() { + # wpa2/tkip+aes => WPA2 RADIUS, CCMP+TKIP + + case "$encryption" in +- wpa2*|*psk2*) ++ wpa2*|*psk2*|psk3*|sae*) + wpa=2 + ;; + wpa*mixed*|*psk*mixed*) +@@ -228,6 +228,12 @@ wireless_vif_parse_encryption() { + wpa_pairwise="$wpa_cipher" + + case "$encryption" in ++ psk3-mixed*|sae-mixed*) ++ auth_type=psk-sae ++ ;; ++ psk3*|sae*) ++ auth_type=sae ++ ;; + *psk*) + auth_type=psk + ;; From patchwork Fri Oct 12 20:37:06 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Hauke Mehrtens X-Patchwork-Id: 983291 X-Patchwork-Delegate: hauke@hauke-m.de Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (mailfrom) smtp.mailfrom=lists.openwrt.org (client-ip=2607:7c80:54:e::133; helo=bombadil.infradead.org; envelope-from=openwrt-devel-bounces+incoming=patchwork.ozlabs.org@lists.openwrt.org; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=hauke-m.de Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=lists.infradead.org header.i=@lists.infradead.org header.b="HqfJXded"; dkim-atps=neutral Received: from bombadil.infradead.org (bombadil.infradead.org [IPv6:2607:7c80:54:e::133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 42X06p3lsmz9s3Z for ; Sat, 13 Oct 2018 07:38:58 +1100 (AEDT) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20170209; h=Sender: Content-Transfer-Encoding:Content-Type:MIME-Version:Cc:List-Subscribe: List-Help:List-Post:List-Archive:List-Unsubscribe:List-Id:Subject:References: In-Reply-To:Message-Id:Date:To:From:Reply-To:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: List-Owner; bh=pbtKmzNSnm1RMZgngBdeSgi/doKSXHv8Z0+1aYpu41E=; b=HqfJXdedZxiD9v vvHk92U5pspeiva/ZApDUkPYux5u0vq/q1C2jJYBTPLOlExDIV4qabKcPas8cYblEI9JdMEywHH7S K9MT7QsxkFFB3AeO29qFG9zcZd8At3EaXdXlnlWNDWD85iqK73O90ytj2ABMcaXBhQTOjJsl5LM3w dTASoS7BqQTqdHaE2PpSQk665VgBweSBEWzfbOZh74cRm1dttYsjOvsGXpgwuTOuX57HvzhxnkTly VwYW7aCuJD1m6l2WM4blwzum4o6GzEukFKKOW9y6bO9g4vngjqLOvjMorQsWf3GZL1y/Lp41x6umv YPVFamX+B1VrspeNGCKw==; Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.90_1 #2 (Red Hat Linux)) id 1gB4Cz-0001aF-49; Fri, 12 Oct 2018 20:38:53 +0000 Received: from mx2.mailbox.org ([80.241.60.215]) by bombadil.infradead.org with esmtps (Exim 4.90_1 #2 (Red Hat Linux)) id 1gB4Bq-00010b-Kf for openwrt-devel@lists.openwrt.org; Fri, 12 Oct 2018 20:37:47 +0000 Received: from smtp2.mailbox.org (smtp2.mailbox.org [80.241.60.241]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx2.mailbox.org (Postfix) with ESMTPS id 6EF2B405C2; Fri, 12 Oct 2018 22:37:30 +0200 (CEST) X-Virus-Scanned: amavisd-new at heinlein-support.de Received: from smtp2.mailbox.org ([80.241.60.241]) by gerste.heinlein-support.de (gerste.heinlein-support.de [91.198.250.173]) (amavisd-new, port 10030) with ESMTP id LdLYDI7YKfrW; Fri, 12 Oct 2018 22:37:29 +0200 (CEST) From: Hauke Mehrtens To: openwrt-devel@lists.openwrt.org Date: Fri, 12 Oct 2018 22:37:06 +0200 Message-Id: <20181012203707.14716-9-hauke@hauke-m.de> In-Reply-To: <20181012203707.14716-1-hauke@hauke-m.de> References: <20181012203707.14716-1-hauke@hauke-m.de> X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20181012_133742_849612_F2ED5426 X-CRM114-Status: GOOD ( 12.58 ) X-Spam-Score: -0.7 (/) X-Spam-Report: SpamAssassin version 3.4.1 on bombadil.infradead.org summary: Content analysis details: (-0.7 points) pts rule name description ---- ---------------------- -------------------------------------------------- -0.7 RCVD_IN_DNSWL_LOW RBL: Sender listed at http://www.dnswl.org/, low trust [80.241.60.215 listed in list.dnswl.org] -0.0 SPF_PASS SPF: sender matches SPF record Subject: [OpenWrt-Devel] [PATCH 8/9] netifd: Add support for wireless OWE authentication X-BeenThere: openwrt-devel@lists.openwrt.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Hauke Mehrtens MIME-Version: 1.0 Sender: "openwrt-devel" Errors-To: openwrt-devel-bounces+incoming=patchwork.ozlabs.org@lists.openwrt.org Signed-off-by: Hauke Mehrtens --- ...Add-Opportunistic-Wireless-Encryption-OWE.patch | 31 ++++++++++++++++++++++ 1 file changed, 31 insertions(+) create mode 100644 package/network/config/netifd/patches/002-wireless-Add-Opportunistic-Wireless-Encryption-OWE.patch diff --git a/package/network/config/netifd/patches/002-wireless-Add-Opportunistic-Wireless-Encryption-OWE.patch b/package/network/config/netifd/patches/002-wireless-Add-Opportunistic-Wireless-Encryption-OWE.patch new file mode 100644 index 0000000000..9fe10ff84b --- /dev/null +++ b/package/network/config/netifd/patches/002-wireless-Add-Opportunistic-Wireless-Encryption-OWE.patch @@ -0,0 +1,31 @@ +From c6c3a0d8988013f2059157404e519db9ec7ddf14 Mon Sep 17 00:00:00 2001 +From: Hauke Mehrtens +Date: Tue, 9 Oct 2018 22:57:13 +0200 +Subject: wireless: Add Opportunistic Wireless Encryption (OWE) + +Signed-off-by: Hauke Mehrtens +--- + scripts/netifd-wireless.sh | 5 ++++- + 1 file changed, 4 insertions(+), 1 deletion(-) + +--- a/scripts/netifd-wireless.sh ++++ b/scripts/netifd-wireless.sh +@@ -211,7 +211,7 @@ wireless_vif_parse_encryption() { + # wpa2/tkip+aes => WPA2 RADIUS, CCMP+TKIP + + case "$encryption" in +- wpa2*|*psk2*|psk3*|sae*) ++ wpa2*|*psk2*|psk3*|sae*|owe*) + wpa=2 + ;; + wpa*mixed*|*psk*mixed*) +@@ -228,6 +228,9 @@ wireless_vif_parse_encryption() { + wpa_pairwise="$wpa_cipher" + + case "$encryption" in ++ owe*) ++ auth_type=owe ++ ;; + psk3-mixed*|sae-mixed*) + auth_type=psk-sae + ;; From patchwork Fri Oct 12 20:37:07 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Hauke Mehrtens X-Patchwork-Id: 983297 X-Patchwork-Delegate: hauke@hauke-m.de Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (mailfrom) smtp.mailfrom=lists.openwrt.org (client-ip=2607:7c80:54:e::133; helo=bombadil.infradead.org; envelope-from=openwrt-devel-bounces+incoming=patchwork.ozlabs.org@lists.openwrt.org; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=hauke-m.de Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=lists.infradead.org header.i=@lists.infradead.org header.b="Lsnvhd7E"; dkim-atps=neutral Received: from bombadil.infradead.org (bombadil.infradead.org [IPv6:2607:7c80:54:e::133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 42X0BD3wWhz9s3Z for ; Sat, 13 Oct 2018 07:41:56 +1100 (AEDT) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20170209; h=Sender: Content-Transfer-Encoding:Content-Type:MIME-Version:Cc:List-Subscribe: List-Help:List-Post:List-Archive:List-Unsubscribe:List-Id:Subject:References: In-Reply-To:Message-Id:Date:To:From:Reply-To:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: List-Owner; bh=FE7kgO5cdEnCPFZa4DybXQkWlSAcnS6CQxaTotF27K4=; b=Lsnvhd7EkmrQ/5 RJjj1tVhek+29ZqM7sNRGVJwD3A6uDskIBhCMzN9Vb6j19P1Uy41Zv9vlg1kcA/Y6qjCB54bG1CE5 mixtT066qfMSfBgqR9jKk3f/Mecys34sKtwqQP8ZpcnLkO3r8Qg8ud+8j/eqa3yGeLPA3tJUmSFPZ kUhvoJDmv4ldLCU+A5c+YXZcIX1zTUF4F5R5UmLoN65MVpZIGanc1rbVrdLPdctw67iYtO3nACGjV pdYSDiskuwJ1mBC4dFzZWMd1MJqP8Ksd6lneSfrT/F+IoYMrOeE2kWLGBw6wk/jdhG9/WsGz/CYTv i58R+WkuvPDdm3GZFLsA==; Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.90_1 #2 (Red Hat Linux)) id 1gB4Fq-0004JB-P6; Fri, 12 Oct 2018 20:41:50 +0000 Received: from mx1.mailbox.org ([2001:67c:2050:104:0:1:25:1]) by bombadil.infradead.org with esmtps (Exim 4.90_1 #2 (Red Hat Linux)) id 1gB4C3-00012S-LX for openwrt-devel@lists.openwrt.org; Fri, 12 Oct 2018 20:38:07 +0000 Received: from smtp2.mailbox.org (smtp2.mailbox.org [80.241.60.241]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx1.mailbox.org (Postfix) with ESMTPS id E3C054AF4C; Fri, 12 Oct 2018 22:37:29 +0200 (CEST) X-Virus-Scanned: amavisd-new at heinlein-support.de Received: from smtp2.mailbox.org ([80.241.60.241]) by spamfilter02.heinlein-hosting.de (spamfilter02.heinlein-hosting.de [80.241.56.116]) (amavisd-new, port 10030) with ESMTP id 8Lh6CpxKuddr; Fri, 12 Oct 2018 22:37:29 +0200 (CEST) From: Hauke Mehrtens To: openwrt-devel@lists.openwrt.org Date: Fri, 12 Oct 2018 22:37:07 +0200 Message-Id: <20181012203707.14716-10-hauke@hauke-m.de> In-Reply-To: <20181012203707.14716-1-hauke@hauke-m.de> References: <20181012203707.14716-1-hauke@hauke-m.de> X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20181012_133755_891270_B6A87839 X-CRM114-Status: GOOD ( 13.63 ) X-Spam-Score: -0.0 (/) X-Spam-Report: SpamAssassin version 3.4.1 on bombadil.infradead.org summary: Content analysis details: (-0.0 points) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 SPF_PASS SPF: sender matches SPF record Subject: [OpenWrt-Devel] [PATCH 9/9] netifd: Add support for wireless EAP-Suite-B-192 authentication X-BeenThere: openwrt-devel@lists.openwrt.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Hauke Mehrtens MIME-Version: 1.0 Sender: "openwrt-devel" Errors-To: openwrt-devel-bounces+incoming=patchwork.ozlabs.org@lists.openwrt.org Signed-off-by: Hauke Mehrtens --- ...s-Add-WPA-EAP-SUITE-B-192-WPA3-Enterprise.patch | 34 ++++++++++++++++++++++ 1 file changed, 34 insertions(+) create mode 100644 package/network/config/netifd/patches/003-wireless-Add-WPA-EAP-SUITE-B-192-WPA3-Enterprise.patch diff --git a/package/network/config/netifd/patches/003-wireless-Add-WPA-EAP-SUITE-B-192-WPA3-Enterprise.patch b/package/network/config/netifd/patches/003-wireless-Add-WPA-EAP-SUITE-B-192-WPA3-Enterprise.patch new file mode 100644 index 0000000000..03f5f703a0 --- /dev/null +++ b/package/network/config/netifd/patches/003-wireless-Add-WPA-EAP-SUITE-B-192-WPA3-Enterprise.patch @@ -0,0 +1,34 @@ +From a117e414d8acd5dd27ba9ac30bc462ba4ae6587e Mon Sep 17 00:00:00 2001 +From: Hauke Mehrtens +Date: Tue, 9 Oct 2018 22:57:52 +0200 +Subject: wireless: Add WPA-EAP-SUITE-B-192 (WPA3-Enterprise) + +Signed-off-by: Hauke Mehrtens +--- + scripts/netifd-wireless.sh | 8 +++++++- + 1 file changed, 7 insertions(+), 1 deletion(-) + +--- a/scripts/netifd-wireless.sh ++++ b/scripts/netifd-wireless.sh +@@ -211,7 +211,7 @@ wireless_vif_parse_encryption() { + # wpa2/tkip+aes => WPA2 RADIUS, CCMP+TKIP + + case "$encryption" in +- wpa2*|*psk2*|psk3*|sae*|owe*) ++ wpa2*|wpa3*|*psk2*|psk3*|sae*|owe*) + wpa=2 + ;; + wpa*mixed*|*psk*mixed*) +@@ -231,6 +231,12 @@ wireless_vif_parse_encryption() { + owe*) + auth_type=owe + ;; ++ wpa3-mixed*) ++ auth_type=eap-eap192 ++ ;; ++ wpa3*) ++ auth_type=eap192 ++ ;; + psk3-mixed*|sae-mixed*) + auth_type=psk-sae + ;;