hostapd: Add WPA-EAP-SUITE-B-192 (WPA3-Enterprise)

This adds support for the WPA3-Enterprise mode authentication.

The settings for the WPA3-Enterpriese mode are defined in
WPA3_Specification_v1.0.pdf. This mode also requires ieee80211w and
guarantees at least 192 bit of security.

This does not increase the ipkg size by a significant size.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>

diff --git a/package/network/services/hostapd/Makefile b/package/network/services/hostapd/Makefile
index 06cf0469ef9ccb5a8a2e88c7241ce09c17879036..41f5f54b823dbc9c9e99ce6a5092f16b3253625f 100644 (file)
--- a/package/network/services/hostapd/Makefile
+++ b/package/network/services/hostapd/Makefile
@@ -97,11 +97,11 @@ endif
 
 ifeq ($(LOCAL_VARIANT),full)
   ifeq ($(SSL_VARIANT),openssl)
-    DRIVER_MAKEOPTS += CONFIG_TLS=openssl CONFIG_SAE=y CONFIG_OWE=y
+    DRIVER_MAKEOPTS += CONFIG_TLS=openssl CONFIG_SAE=y CONFIG_OWE=y CONFIG_SUITEB192=y
     TARGET_LDFLAGS += -lcrypto -lssl
   endif
   ifeq ($(SSL_VARIANT),wolfssl)
-    DRIVER_MAKEOPTS += CONFIG_TLS=wolfssl CONFIG_WPS_NFC=1 CONFIG_SAE=y CONFIG_OWE=y
+    DRIVER_MAKEOPTS += CONFIG_TLS=wolfssl CONFIG_WPS_NFC=1 CONFIG_SAE=y CONFIG_OWE=y CONFIG_SUITEB192=y
     TARGET_LDFLAGS += -lwolfssl
   endif
 endif

diff --git a/package/network/services/hostapd/files/hostapd.sh b/package/network/services/hostapd/files/hostapd.sh
index 6a2eb7b023d51ff19f3c7b94fffa3b3ee3e99798..540d1182cce60ad530b23c4bd3158442b6efcbb7 100644 (file)
--- a/package/network/services/hostapd/files/hostapd.sh
+++ b/package/network/services/hostapd/files/hostapd.sh
@@ -45,6 +45,15 @@ hostapd_append_wpa_key_mgmt() {
                        [ "${ieee80211r:-0}" -gt 0 ] && append wpa_key_mgmt "FT-${auth_type_l}"
                        [ "${ieee80211w:-0}" -gt 0 ] && append wpa_key_mgmt "WPA-${auth_type_l}-SHA256"
                ;;
+               eap192)
+                       append wpa_key_mgmt "WPA-EAP-SUITE-B-192"
+               ;;
+               eap-eap192)
+                       append wpa_key_mgmt "WPA-EAP-SUITE-B-192"
+                       append wpa_key_mgmt "WPA-EAP"
+                       [ "${ieee80211r:-0}" -gt 0 ] && append wpa_key_mgmt "FT-EAP"
+                       [ "${ieee80211w:-0}" -gt 0 ] && append wpa_key_mgmt "WPA-EAP-SHA256"
+               ;;
                sae)
                        append wpa_key_mgmt "SAE"
                        [ "${ieee80211r:-0}" -gt 0 ] && append wpa_key_mgmt "FT-SAE"
@@ -307,7 +316,7 @@ hostapd_set_bss_options() {
        }
 
        case "$auth_type" in
-               sae|owe)
+               sae|owe|eap192|eap-eap192)
                        set_default ieee80211w 2
                        set_default sae_require_mfp 1
                ;;
@@ -350,7 +359,7 @@ hostapd_set_bss_options() {
 
                        wps_possible=1
                ;;
-               eap)
+               eap|eap192|eap-eap192)
                        json_get_vars \
                                auth_server auth_secret auth_port \
                                dae_client dae_secret dae_port \
@@ -771,7 +780,7 @@ wpa_supplicant_add_network() {
                        fi
                        append network_data "$passphrase" "$N$T"
                ;;
-               eap)
+               eap|eap192|eap-eap192)
                        hostapd_append_wpa_key_mgmt
                        key_mgmt="$wpa_key_mgmt"
 

diff --git a/package/network/services/hostapd/src/src/utils/build_features.h b/package/network/services/hostapd/src/src/utils/build_features.h
index 4013ae7b308d0137bdc9648f2723a11cfc9cf5e6..abebecb570ba7fe810c668f7dca6675019303be1 100644 (file)
--- a/package/network/services/hostapd/src/src/utils/build_features.h
+++ b/package/network/services/hostapd/src/src/utils/build_features.h
@@ -34,6 +34,10 @@ static inline int has_feature(const char *feat)
 #ifdef CONFIG_OWE
        if (!strcmp(feat, "owe"))
                return 1;
+#endif
+#ifdef CONFIG_SUITEB192
+       if (!strcmp(feat, "suiteb192"))
+               return 1;
 #endif
        return 0;
 }