@ -37,11 +37,26 @@ hostapd_append_wep_key() {
}
}
hostapd_append_wpa_key_mgmt( ) {
hostapd_append_wpa_key_mgmt( ) {
local auth_type = " $( echo $auth_type | tr 'a-z' 'A-Z' ) "
local auth_type_l = " $( echo $auth_type | tr 'a-z' 'A-Z' ) "
append wpa_key_mgmt " WPA- $auth_type "
case " $auth_type " in
[ " ${ ieee80211r :- 0 } " -gt 0 ] && append wpa_key_mgmt " FT- ${ auth_type } "
psk| eap)
[ " ${ ieee80211w :- 0 } " -gt 0 ] && append wpa_key_mgmt " WPA- ${ auth_type } -SHA256 "
append wpa_key_mgmt " WPA- $auth_type_l "
[ " ${ ieee80211r :- 0 } " -gt 0 ] && append wpa_key_mgmt " FT- ${ auth_type_l } "
[ " ${ ieee80211w :- 0 } " -gt 0 ] && append wpa_key_mgmt " WPA- ${ auth_type_l } -SHA256 "
; ;
sae)
append wpa_key_mgmt "SAE"
[ " ${ ieee80211r :- 0 } " -gt 0 ] && append wpa_key_mgmt "FT-SAE"
; ;
psk-sae)
append wpa_key_mgmt "WPA-PSK"
[ " ${ ieee80211r :- 0 } " -gt 0 ] && append wpa_key_mgmt "FT-PSK"
[ " ${ ieee80211w :- 0 } " -gt 0 ] && append wpa_key_mgmt "WPA-PSK-SHA256"
append wpa_key_mgmt "SAE"
[ " ${ ieee80211r :- 0 } " -gt 0 ] && append wpa_key_mgmt "FT-SAE"
; ;
esac
}
}
hostapd_add_log_config( ) {
hostapd_add_log_config( ) {
@ -209,6 +224,8 @@ hostapd_common_add_bss_config() {
config_add_int mcast_rate
config_add_int mcast_rate
config_add_array basic_rate
config_add_array basic_rate
config_add_array supported_rates
config_add_array supported_rates
config_add_boolean sae_require_mfp
}
}
hostapd_set_bss_options( ) {
hostapd_set_bss_options( ) {
@ -230,7 +247,7 @@ hostapd_set_bss_options() {
macfilter ssid wmm uapsd hidden short_preamble rsn_preauth \
macfilter ssid wmm uapsd hidden short_preamble rsn_preauth \
iapp_interface eapol_version dynamic_vlan ieee80211w nasid \
iapp_interface eapol_version dynamic_vlan ieee80211w nasid \
acct_server acct_secret acct_port acct_interval \
acct_server acct_secret acct_port acct_interval \
bss_load_update_period chan_util_avg_period
bss_load_update_period chan_util_avg_period sae_require_mfp
set_default isolate 0
set_default isolate 0
set_default maxassoc 0
set_default maxassoc 0
@ -284,6 +301,18 @@ hostapd_set_bss_options() {
append bss_conf " radius_acct_interim_interval= $acct_interval " " $N "
append bss_conf " radius_acct_interim_interval= $acct_interval " " $N "
}
}
case " $auth_type " in
sae)
set_default ieee80211w 2
set_default sae_require_mfp 1
; ;
psk-sae)
set_default ieee80211w 1
set_default sae_require_mfp 1
; ;
esac
[ -n " $sae_require_mfp " ] && append bss_conf " sae_require_mfp= $sae_require_mfp " " $N "
local vlan_possible = ""
local vlan_possible = ""
case " $auth_type " in
case " $auth_type " in
@ -293,7 +322,7 @@ hostapd_set_bss_options() {
# with WPS enabled, we got to be in unconfigured state.
# with WPS enabled, we got to be in unconfigured state.
wps_not_configured = 1
wps_not_configured = 1
; ;
; ;
psk)
psk| sae| psk-sae)
json_get_vars key wpa_psk_file
json_get_vars key wpa_psk_file
if [ ${# key } -lt 8 ] ; then
if [ ${# key } -lt 8 ] ; then
wireless_setup_vif_failed INVALID_WPA_PSK
wireless_setup_vif_failed INVALID_WPA_PSK
@ -709,7 +738,7 @@ wpa_supplicant_add_network() {
hostapd_append_wep_key network_data
hostapd_append_wep_key network_data
append network_data " wep_tx_keyidx= $wep_keyidx " " $N $T "
append network_data " wep_tx_keyidx= $wep_keyidx " " $N $T "
; ;
; ;
psk)
psk| sae| psk-sae)
local passphrase
local passphrase
if [ " $_w_mode " != "mesh" ] ; then
if [ " $_w_mode " != "mesh" ] ; then