svn commit: r351377 - in vendor/wpa/dist: hostapd hs20/client src src/ap src/common src/crypto src/drivers src/eap_common src/eap_peer src/eap_server src/eapol_auth src/eapol_supp src/p2p src/pae s...
Cy Schubert
cy at FreeBSD.org
Thu Aug 22 02:58:52 UTC 2019
Author: cy
Date: Thu Aug 22 02:58:49 2019
New Revision: 351377
URL: https://svnweb.freebsd.org/changeset/base/351377
Log:
Import wpa_supplicant/hostapd 2.9
Added:
vendor/wpa/dist/src/ap/airtime_policy.c (contents, props changed)
vendor/wpa/dist/src/ap/airtime_policy.h (contents, props changed)
vendor/wpa/dist/src/ap/wpa_auth_kay.c (contents, props changed)
vendor/wpa/dist/src/ap/wpa_auth_kay.h (contents, props changed)
vendor/wpa/dist/src/common/dragonfly.c (contents, props changed)
vendor/wpa/dist/src/common/dragonfly.h (contents, props changed)
vendor/wpa/dist/src/eap_common/eap_teap_common.c (contents, props changed)
vendor/wpa/dist/src/eap_common/eap_teap_common.h (contents, props changed)
vendor/wpa/dist/src/eap_peer/eap_teap.c (contents, props changed)
vendor/wpa/dist/src/eap_peer/eap_teap_pac.c (contents, props changed)
vendor/wpa/dist/src/eap_peer/eap_teap_pac.h (contents, props changed)
vendor/wpa/dist/src/eap_server/eap_server_teap.c (contents, props changed)
Modified:
vendor/wpa/dist/hostapd/Android.mk
vendor/wpa/dist/hostapd/ChangeLog
vendor/wpa/dist/hostapd/Makefile
vendor/wpa/dist/hostapd/config_file.c
vendor/wpa/dist/hostapd/ctrl_iface.c
vendor/wpa/dist/hostapd/defconfig
vendor/wpa/dist/hostapd/eap_register.c
vendor/wpa/dist/hostapd/hostapd.conf
vendor/wpa/dist/hostapd/hostapd_cli.c
vendor/wpa/dist/hostapd/main.c
vendor/wpa/dist/hs20/client/.gitignore
vendor/wpa/dist/hs20/client/osu_client.c
vendor/wpa/dist/src/ap/Makefile
vendor/wpa/dist/src/ap/accounting.c
vendor/wpa/dist/src/ap/acs.c
vendor/wpa/dist/src/ap/ap_config.c
vendor/wpa/dist/src/ap/ap_config.h
vendor/wpa/dist/src/ap/ap_drv_ops.c
vendor/wpa/dist/src/ap/ap_drv_ops.h
vendor/wpa/dist/src/ap/authsrv.c
vendor/wpa/dist/src/ap/beacon.c
vendor/wpa/dist/src/ap/ctrl_iface_ap.c
vendor/wpa/dist/src/ap/dfs.c
vendor/wpa/dist/src/ap/dpp_hostapd.c
vendor/wpa/dist/src/ap/dpp_hostapd.h
vendor/wpa/dist/src/ap/drv_callbacks.c
vendor/wpa/dist/src/ap/gas_serv.c
vendor/wpa/dist/src/ap/gas_serv.h
vendor/wpa/dist/src/ap/hostapd.c
vendor/wpa/dist/src/ap/hostapd.h
vendor/wpa/dist/src/ap/hw_features.c
vendor/wpa/dist/src/ap/ieee802_11.c
vendor/wpa/dist/src/ap/ieee802_11.h
vendor/wpa/dist/src/ap/ieee802_11_he.c
vendor/wpa/dist/src/ap/ieee802_11_vht.c
vendor/wpa/dist/src/ap/ieee802_1x.c
vendor/wpa/dist/src/ap/ieee802_1x.h
vendor/wpa/dist/src/ap/neighbor_db.c
vendor/wpa/dist/src/ap/sta_info.c
vendor/wpa/dist/src/ap/sta_info.h
vendor/wpa/dist/src/ap/wmm.c
vendor/wpa/dist/src/ap/wpa_auth.c
vendor/wpa/dist/src/ap/wpa_auth.h
vendor/wpa/dist/src/ap/wpa_auth_ft.c
vendor/wpa/dist/src/ap/wpa_auth_glue.c
vendor/wpa/dist/src/ap/wpa_auth_ie.c
vendor/wpa/dist/src/common/dpp.c
vendor/wpa/dist/src/common/dpp.h
vendor/wpa/dist/src/common/hw_features_common.c
vendor/wpa/dist/src/common/hw_features_common.h
vendor/wpa/dist/src/common/ieee802_11_common.c
vendor/wpa/dist/src/common/ieee802_11_common.h
vendor/wpa/dist/src/common/ieee802_11_defs.h
vendor/wpa/dist/src/common/qca-vendor.h
vendor/wpa/dist/src/common/sae.c
vendor/wpa/dist/src/common/sae.h
vendor/wpa/dist/src/common/version.h
vendor/wpa/dist/src/common/wpa_common.c
vendor/wpa/dist/src/common/wpa_ctrl.h
vendor/wpa/dist/src/crypto/aes_i.h
vendor/wpa/dist/src/crypto/crypto.h
vendor/wpa/dist/src/crypto/crypto_openssl.c
vendor/wpa/dist/src/crypto/crypto_wolfssl.c
vendor/wpa/dist/src/crypto/sha1-internal.c
vendor/wpa/dist/src/crypto/sha1-prf.c
vendor/wpa/dist/src/crypto/sha1-tlsprf.c
vendor/wpa/dist/src/crypto/sha1-tprf.c
vendor/wpa/dist/src/crypto/sha1.c
vendor/wpa/dist/src/crypto/sha256-kdf.c
vendor/wpa/dist/src/crypto/sha256-prf.c
vendor/wpa/dist/src/crypto/sha256-tlsprf.c
vendor/wpa/dist/src/crypto/sha256.h
vendor/wpa/dist/src/crypto/sha384-kdf.c
vendor/wpa/dist/src/crypto/sha384-prf.c
vendor/wpa/dist/src/crypto/sha512-kdf.c
vendor/wpa/dist/src/crypto/sha512-prf.c
vendor/wpa/dist/src/crypto/tls.h
vendor/wpa/dist/src/crypto/tls_openssl.c
vendor/wpa/dist/src/crypto/tls_wolfssl.c
vendor/wpa/dist/src/drivers/driver.h
vendor/wpa/dist/src/drivers/driver_atheros.c
vendor/wpa/dist/src/drivers/driver_bsd.c
vendor/wpa/dist/src/drivers/driver_common.c
vendor/wpa/dist/src/drivers/driver_hostap.c
vendor/wpa/dist/src/drivers/driver_macsec_linux.c
vendor/wpa/dist/src/drivers/driver_macsec_qca.c
vendor/wpa/dist/src/drivers/driver_ndis.c
vendor/wpa/dist/src/drivers/driver_nl80211.c
vendor/wpa/dist/src/drivers/driver_nl80211.h
vendor/wpa/dist/src/drivers/driver_nl80211_capa.c
vendor/wpa/dist/src/drivers/driver_nl80211_event.c
vendor/wpa/dist/src/drivers/driver_privsep.c
vendor/wpa/dist/src/drivers/driver_wext.c
vendor/wpa/dist/src/drivers/nl80211_copy.h
vendor/wpa/dist/src/eap_common/eap_defs.h
vendor/wpa/dist/src/eap_common/eap_pwd_common.c
vendor/wpa/dist/src/eap_common/eap_sim_common.c
vendor/wpa/dist/src/eap_common/eap_sim_common.h
vendor/wpa/dist/src/eap_peer/eap.c
vendor/wpa/dist/src/eap_peer/eap.h
vendor/wpa/dist/src/eap_peer/eap_aka.c
vendor/wpa/dist/src/eap_peer/eap_config.h
vendor/wpa/dist/src/eap_peer/eap_eke.c
vendor/wpa/dist/src/eap_peer/eap_leap.c
vendor/wpa/dist/src/eap_peer/eap_methods.h
vendor/wpa/dist/src/eap_peer/eap_peap.c
vendor/wpa/dist/src/eap_peer/eap_pwd.c
vendor/wpa/dist/src/eap_peer/eap_sim.c
vendor/wpa/dist/src/eap_peer/eap_tls.c
vendor/wpa/dist/src/eap_peer/eap_tls_common.c
vendor/wpa/dist/src/eap_peer/eap_tls_common.h
vendor/wpa/dist/src/eap_server/eap.h
vendor/wpa/dist/src/eap_server/eap_i.h
vendor/wpa/dist/src/eap_server/eap_methods.h
vendor/wpa/dist/src/eap_server/eap_server.c
vendor/wpa/dist/src/eap_server/eap_server_aka.c
vendor/wpa/dist/src/eap_server/eap_server_pax.c
vendor/wpa/dist/src/eap_server/eap_server_peap.c
vendor/wpa/dist/src/eap_server/eap_server_pwd.c
vendor/wpa/dist/src/eap_server/eap_server_sim.c
vendor/wpa/dist/src/eap_server/eap_server_tls.c
vendor/wpa/dist/src/eap_server/eap_server_tls_common.c
vendor/wpa/dist/src/eap_server/eap_tls_common.h
vendor/wpa/dist/src/eapol_auth/eapol_auth_sm.c
vendor/wpa/dist/src/eapol_auth/eapol_auth_sm.h
vendor/wpa/dist/src/eapol_supp/eapol_supp_sm.c
vendor/wpa/dist/src/eapol_supp/eapol_supp_sm.h
vendor/wpa/dist/src/lib.rules
vendor/wpa/dist/src/p2p/p2p.c
vendor/wpa/dist/src/p2p/p2p_go_neg.c
vendor/wpa/dist/src/p2p/p2p_i.h
vendor/wpa/dist/src/pae/ieee802_1x_kay.c
vendor/wpa/dist/src/radius/radius_server.c
vendor/wpa/dist/src/radius/radius_server.h
vendor/wpa/dist/src/rsn_supp/wpa.c
vendor/wpa/dist/src/rsn_supp/wpa.h
vendor/wpa/dist/src/rsn_supp/wpa_ft.c
vendor/wpa/dist/src/rsn_supp/wpa_i.h
vendor/wpa/dist/src/tls/asn1.c
vendor/wpa/dist/src/tls/libtommath.c
vendor/wpa/dist/src/tls/x509v3.c
vendor/wpa/dist/src/utils/common.c
vendor/wpa/dist/src/utils/common.h
vendor/wpa/dist/src/utils/trace.c
vendor/wpa/dist/src/utils/wpa_debug.c
vendor/wpa/dist/src/wps/wps.h
vendor/wpa/dist/wpa_supplicant/Android.mk
vendor/wpa/dist/wpa_supplicant/ChangeLog
vendor/wpa/dist/wpa_supplicant/Makefile
vendor/wpa/dist/wpa_supplicant/README-DPP
vendor/wpa/dist/wpa_supplicant/ap.c
vendor/wpa/dist/wpa_supplicant/ap.h
vendor/wpa/dist/wpa_supplicant/bss.c
vendor/wpa/dist/wpa_supplicant/config.c
vendor/wpa/dist/wpa_supplicant/config.h
vendor/wpa/dist/wpa_supplicant/config_file.c
vendor/wpa/dist/wpa_supplicant/config_ssid.h
vendor/wpa/dist/wpa_supplicant/config_winreg.c
vendor/wpa/dist/wpa_supplicant/ctrl_iface.c
vendor/wpa/dist/wpa_supplicant/dbus/dbus_new_helpers.c
vendor/wpa/dist/wpa_supplicant/defconfig
vendor/wpa/dist/wpa_supplicant/doc/docbook/eapol_test.8
vendor/wpa/dist/wpa_supplicant/doc/docbook/wpa_background.8
vendor/wpa/dist/wpa_supplicant/doc/docbook/wpa_cli.8
vendor/wpa/dist/wpa_supplicant/doc/docbook/wpa_gui.8
vendor/wpa/dist/wpa_supplicant/doc/docbook/wpa_passphrase.8
vendor/wpa/dist/wpa_supplicant/doc/docbook/wpa_priv.8
vendor/wpa/dist/wpa_supplicant/doc/docbook/wpa_supplicant.8
vendor/wpa/dist/wpa_supplicant/doc/docbook/wpa_supplicant.conf.5
vendor/wpa/dist/wpa_supplicant/dpp_supplicant.c
vendor/wpa/dist/wpa_supplicant/dpp_supplicant.h
vendor/wpa/dist/wpa_supplicant/driver_i.h
vendor/wpa/dist/wpa_supplicant/eap_register.c
vendor/wpa/dist/wpa_supplicant/eapol_test.c
vendor/wpa/dist/wpa_supplicant/events.c
vendor/wpa/dist/wpa_supplicant/ibss_rsn.c
vendor/wpa/dist/wpa_supplicant/interworking.c
vendor/wpa/dist/wpa_supplicant/mesh.c
vendor/wpa/dist/wpa_supplicant/mesh_mpm.c
vendor/wpa/dist/wpa_supplicant/notify.c
vendor/wpa/dist/wpa_supplicant/notify.h
vendor/wpa/dist/wpa_supplicant/op_classes.c
vendor/wpa/dist/wpa_supplicant/p2p_supplicant.c
vendor/wpa/dist/wpa_supplicant/preauth_test.c
vendor/wpa/dist/wpa_supplicant/rrm.c
vendor/wpa/dist/wpa_supplicant/sme.c
vendor/wpa/dist/wpa_supplicant/wnm_sta.c
vendor/wpa/dist/wpa_supplicant/wpa_cli.c
vendor/wpa/dist/wpa_supplicant/wpa_supplicant.c
vendor/wpa/dist/wpa_supplicant/wpa_supplicant.conf
vendor/wpa/dist/wpa_supplicant/wpa_supplicant_i.h
vendor/wpa/dist/wpa_supplicant/wpas_glue.c
Modified: vendor/wpa/dist/hostapd/Android.mk
==============================================================================
--- vendor/wpa/dist/hostapd/Android.mk Thu Aug 22 02:53:51 2019 (r351376)
+++ vendor/wpa/dist/hostapd/Android.mk Thu Aug 22 02:58:49 2019 (r351377)
@@ -269,6 +269,7 @@ L_CFLAGS += -DCONFIG_SAE
OBJS += src/common/sae.c
NEED_ECC=y
NEED_DH_GROUPS=y
+NEED_DRAGONFLY=y
endif
ifdef CONFIG_OWE
@@ -462,6 +463,7 @@ L_CFLAGS += -DEAP_SERVER_PWD
OBJS += src/eap_server/eap_server_pwd.c src/eap_common/eap_pwd_common.c
NEED_SHA256=y
NEED_ECC=y
+NEED_DRAGONFLY=y
endif
ifdef CONFIG_EAP_EKE
@@ -485,6 +487,16 @@ NEED_T_PRF=y
NEED_AES_UNWRAP=y
endif
+ifdef CONFIG_EAP_TEAP
+L_CFLAGS += -DEAP_SERVER_TEAP
+OBJS += src/eap_server/eap_server_teap.c
+OBJS += src/eap_common/eap_teap_common.c
+TLS_FUNCS=y
+NEED_T_PRF=y
+NEED_SHA384=y
+NEED_AES_UNWRAP=y
+endif
+
ifdef CONFIG_WPS
L_CFLAGS += -DCONFIG_WPS -DEAP_SERVER_WSC
OBJS += src/utils/uuid.c
@@ -593,6 +605,10 @@ endif
ifdef CONFIG_PKCS12
L_CFLAGS += -DPKCS12_FUNCS
+endif
+
+ifdef NEED_DRAGONFLY
+OBJS += src/common/dragonfly.c
endif
ifdef MS_FUNCS
Modified: vendor/wpa/dist/hostapd/ChangeLog
==============================================================================
--- vendor/wpa/dist/hostapd/ChangeLog Thu Aug 22 02:53:51 2019 (r351376)
+++ vendor/wpa/dist/hostapd/ChangeLog Thu Aug 22 02:58:49 2019 (r351377)
@@ -1,5 +1,29 @@
ChangeLog for hostapd
+2019-08-07 - v2.9
+ * SAE changes
+ - disable use of groups using Brainpool curves
+ - improved protection against side channel attacks
+ [https://w1.fi/security/2019-6/]
+ * EAP-pwd changes
+ - disable use of groups using Brainpool curves
+ - improved protection against side channel attacks
+ [https://w1.fi/security/2019-6/]
+ * fixed FT-EAP initial mobility domain association using PMKSA caching
+ * added configuration of airtime policy
+ * fixed FILS to and RSNE into (Re)Association Response frames
+ * fixed DPP bootstrapping URI parser of channel list
+ * added support for regulatory WMM limitation (for ETSI)
+ * added support for MACsec Key Agreement using IEEE 802.1X/PSK
+ * added experimental support for EAP-TEAP server (RFC 7170)
+ * added experimental support for EAP-TLS server with TLS v1.3
+ * added support for two server certificates/keys (RSA/ECC)
+ * added AKMSuiteSelector into "STA <addr>" control interface data to
+ determine with AKM was used for an association
+ * added eap_sim_id parameter to allow EAP-SIM/AKA server pseudonym and
+ fast reauthentication use to be disabled
+ * fixed an ECDH operation corner case with OpenSSL
+
2019-04-21 - v2.8
* SAE changes
- added support for SAE Password Identifier
Modified: vendor/wpa/dist/hostapd/Makefile
==============================================================================
--- vendor/wpa/dist/hostapd/Makefile Thu Aug 22 02:53:51 2019 (r351376)
+++ vendor/wpa/dist/hostapd/Makefile Thu Aug 22 02:58:49 2019 (r351377)
@@ -313,6 +313,7 @@ OBJS += ../src/common/sae.o
NEED_ECC=y
NEED_DH_GROUPS=y
NEED_AP_MLME=y
+NEED_DRAGONFLY=y
endif
ifdef CONFIG_OWE
@@ -326,6 +327,11 @@ NEED_SHA384=y
NEED_SHA512=y
endif
+ifdef CONFIG_AIRTIME_POLICY
+CFLAGS += -DCONFIG_AIRTIME_POLICY
+OBJS += ../src/ap/airtime_policy.o
+endif
+
ifdef CONFIG_FILS
CFLAGS += -DCONFIG_FILS
OBJS += ../src/ap/fils_hlp.o
@@ -496,6 +502,7 @@ CFLAGS += -DEAP_SERVER_PWD
OBJS += ../src/eap_server/eap_server_pwd.o ../src/eap_common/eap_pwd_common.o
NEED_SHA256=y
NEED_ECC=y
+NEED_DRAGONFLY=y
endif
ifdef CONFIG_EAP_EKE
@@ -519,6 +526,16 @@ NEED_T_PRF=y
NEED_AES_UNWRAP=y
endif
+ifdef CONFIG_EAP_TEAP
+CFLAGS += -DEAP_SERVER_TEAP
+OBJS += ../src/eap_server/eap_server_teap.o
+OBJS += ../src/eap_common/eap_teap_common.o
+TLS_FUNCS=y
+NEED_T_PRF=y
+NEED_SHA384=y
+NEED_AES_UNWRAP=y
+endif
+
ifdef CONFIG_WPS
CFLAGS += -DCONFIG_WPS -DEAP_SERVER_WSC
OBJS += ../src/utils/uuid.o
@@ -613,6 +630,15 @@ LIBS += -ldl
endif
endif
+ifdef CONFIG_MACSEC
+CFLAGS += -DCONFIG_MACSEC
+OBJS += ../src/ap/wpa_auth_kay.o
+OBJS += ../src/pae/ieee802_1x_cp.o
+OBJS += ../src/pae/ieee802_1x_kay.o
+OBJS += ../src/pae/ieee802_1x_key.o
+OBJS += ../src/pae/ieee802_1x_secy_ops.o
+endif
+
# Basic EAP functionality is needed for EAPOL
OBJS += eap_register.o
OBJS += ../src/eap_server/eap_server.o
@@ -627,6 +653,10 @@ endif
ifdef CONFIG_PKCS12
CFLAGS += -DPKCS12_FUNCS
+endif
+
+ifdef NEED_DRAGONFLY
+OBJS += ../src/common/dragonfly.o
endif
ifdef MS_FUNCS
Modified: vendor/wpa/dist/hostapd/config_file.c
==============================================================================
--- vendor/wpa/dist/hostapd/config_file.c Thu Aug 22 02:53:51 2019 (r351376)
+++ vendor/wpa/dist/hostapd/config_file.c Thu Aug 22 02:58:49 2019 (r351377)
@@ -24,14 +24,6 @@
#include "config_file.h"
-#ifndef CONFIG_NO_RADIUS
-#ifdef EAP_SERVER
-static struct hostapd_radius_attr *
-hostapd_parse_radius_attr(const char *value);
-#endif /* EAP_SERVER */
-#endif /* CONFIG_NO_RADIUS */
-
-
#ifndef CONFIG_NO_VLAN
static int hostapd_config_read_vlan_file(struct hostapd_bss_config *bss,
const char *fname)
@@ -660,76 +652,7 @@ hostapd_config_read_radius_addr(struct hostapd_radius_
}
-static struct hostapd_radius_attr *
-hostapd_parse_radius_attr(const char *value)
-{
- const char *pos;
- char syntax;
- struct hostapd_radius_attr *attr;
- size_t len;
- attr = os_zalloc(sizeof(*attr));
- if (attr == NULL)
- return NULL;
-
- attr->type = atoi(value);
-
- pos = os_strchr(value, ':');
- if (pos == NULL) {
- attr->val = wpabuf_alloc(1);
- if (attr->val == NULL) {
- os_free(attr);
- return NULL;
- }
- wpabuf_put_u8(attr->val, 0);
- return attr;
- }
-
- pos++;
- if (pos[0] == '\0' || pos[1] != ':') {
- os_free(attr);
- return NULL;
- }
- syntax = *pos++;
- pos++;
-
- switch (syntax) {
- case 's':
- attr->val = wpabuf_alloc_copy(pos, os_strlen(pos));
- break;
- case 'x':
- len = os_strlen(pos);
- if (len & 1)
- break;
- len /= 2;
- attr->val = wpabuf_alloc(len);
- if (attr->val == NULL)
- break;
- if (hexstr2bin(pos, wpabuf_put(attr->val, len), len) < 0) {
- wpabuf_free(attr->val);
- os_free(attr);
- return NULL;
- }
- break;
- case 'd':
- attr->val = wpabuf_alloc(4);
- if (attr->val)
- wpabuf_put_be32(attr->val, atoi(pos));
- break;
- default:
- os_free(attr);
- return NULL;
- }
-
- if (attr->val == NULL) {
- os_free(attr);
- return NULL;
- }
-
- return attr;
-}
-
-
static int hostapd_parse_das_client(struct hostapd_bss_config *bss, char *val)
{
char *secret;
@@ -2313,6 +2236,42 @@ static unsigned int parse_tls_flags(const char *val)
#endif /* EAP_SERVER */
+#ifdef CONFIG_AIRTIME_POLICY
+static int add_airtime_weight(struct hostapd_bss_config *bss, char *value)
+{
+ struct airtime_sta_weight *wt;
+ char *pos, *next;
+
+ wt = os_zalloc(sizeof(*wt));
+ if (!wt)
+ return -1;
+
+ /* 02:01:02:03:04:05 10 */
+ pos = value;
+ next = os_strchr(pos, ' ');
+ if (next)
+ *next++ = '\0';
+ if (!next || hwaddr_aton(pos, wt->addr)) {
+ wpa_printf(MSG_ERROR, "Invalid station address: '%s'", pos);
+ os_free(wt);
+ return -1;
+ }
+
+ pos = next;
+ wt->weight = atoi(pos);
+ if (!wt->weight) {
+ wpa_printf(MSG_ERROR, "Invalid weight: '%s'", pos);
+ os_free(wt);
+ return -1;
+ }
+
+ wt->next = bss->airtime_weight_list;
+ bss->airtime_weight_list = wt;
+ return 0;
+}
+#endif /* CONFIG_AIRTIME_POLICY */
+
+
#ifdef CONFIG_SAE
static int parse_sae_password(struct hostapd_bss_config *bss, const char *val)
{
@@ -2376,6 +2335,36 @@ fail:
#endif /* CONFIG_SAE */
+#ifdef CONFIG_DPP2
+static int hostapd_dpp_controller_parse(struct hostapd_bss_config *bss,
+ const char *pos)
+{
+ struct dpp_controller_conf *conf;
+ char *val;
+
+ conf = os_zalloc(sizeof(*conf));
+ if (!conf)
+ return -1;
+ val = get_param(pos, "ipaddr=");
+ if (!val || hostapd_parse_ip_addr(val, &conf->ipaddr))
+ goto fail;
+ os_free(val);
+ val = get_param(pos, "pkhash=");
+ if (!val || os_strlen(val) != 2 * SHA256_MAC_LEN ||
+ hexstr2bin(val, conf->pkhash, SHA256_MAC_LEN) < 0)
+ goto fail;
+ os_free(val);
+ conf->next = bss->dpp_controller;
+ bss->dpp_controller = conf;
+ return 0;
+fail:
+ os_free(val);
+ os_free(conf);
+ return -1;
+}
+#endif /* CONFIG_DPP2 */
+
+
static int hostapd_config_fill(struct hostapd_config *conf,
struct hostapd_bss_config *bss,
const char *buf, char *pos, int line)
@@ -2496,7 +2485,11 @@ static int hostapd_config_fill(struct hostapd_config *
} else if (os_strcmp(buf, "eapol_version") == 0) {
int eapol_version = atoi(pos);
+#ifdef CONFIG_MACSEC
+ if (eapol_version < 1 || eapol_version > 3) {
+#else /* CONFIG_MACSEC */
if (eapol_version < 1 || eapol_version > 2) {
+#endif /* CONFIG_MACSEC */
wpa_printf(MSG_ERROR,
"Line %d: invalid EAPOL version (%d): '%s'.",
line, eapol_version, pos);
@@ -2519,12 +2512,21 @@ static int hostapd_config_fill(struct hostapd_config *
} else if (os_strcmp(buf, "server_cert") == 0) {
os_free(bss->server_cert);
bss->server_cert = os_strdup(pos);
+ } else if (os_strcmp(buf, "server_cert2") == 0) {
+ os_free(bss->server_cert2);
+ bss->server_cert2 = os_strdup(pos);
} else if (os_strcmp(buf, "private_key") == 0) {
os_free(bss->private_key);
bss->private_key = os_strdup(pos);
+ } else if (os_strcmp(buf, "private_key2") == 0) {
+ os_free(bss->private_key2);
+ bss->private_key2 = os_strdup(pos);
} else if (os_strcmp(buf, "private_key_passwd") == 0) {
os_free(bss->private_key_passwd);
bss->private_key_passwd = os_strdup(pos);
+ } else if (os_strcmp(buf, "private_key_passwd2") == 0) {
+ os_free(bss->private_key_passwd2);
+ bss->private_key_passwd2 = os_strdup(pos);
} else if (os_strcmp(buf, "check_cert_subject") == 0) {
if (!pos[0]) {
wpa_printf(MSG_ERROR, "Line %d: unknown check_cert_subject '%s'",
@@ -2605,6 +2607,20 @@ static int hostapd_config_fill(struct hostapd_config *
} else if (os_strcmp(buf, "pac_key_refresh_time") == 0) {
bss->pac_key_refresh_time = atoi(pos);
#endif /* EAP_SERVER_FAST */
+#ifdef EAP_SERVER_TEAP
+ } else if (os_strcmp(buf, "eap_teap_auth") == 0) {
+ int val = atoi(pos);
+
+ if (val < 0 || val > 1) {
+ wpa_printf(MSG_ERROR,
+ "Line %d: Invalid eap_teap_auth value",
+ line);
+ return 1;
+ }
+ bss->eap_teap_auth = val;
+ } else if (os_strcmp(buf, "eap_teap_pac_no_inner") == 0) {
+ bss->eap_teap_pac_no_inner = atoi(pos);
+#endif /* EAP_SERVER_TEAP */
#ifdef EAP_SERVER_SIM
} else if (os_strcmp(buf, "eap_sim_db") == 0) {
os_free(bss->eap_sim_db);
@@ -2613,6 +2629,8 @@ static int hostapd_config_fill(struct hostapd_config *
bss->eap_sim_db_timeout = atoi(pos);
} else if (os_strcmp(buf, "eap_sim_aka_result_ind") == 0) {
bss->eap_sim_aka_result_ind = atoi(pos);
+ } else if (os_strcmp(buf, "eap_sim_id") == 0) {
+ bss->eap_sim_id = atoi(pos);
#endif /* EAP_SERVER_SIM */
#ifdef EAP_SERVER_TNC
} else if (os_strcmp(buf, "tnc") == 0) {
@@ -2816,6 +2834,9 @@ static int hostapd_config_fill(struct hostapd_config *
a = a->next;
a->next = attr;
}
+ } else if (os_strcmp(buf, "radius_req_attr_sqlite") == 0) {
+ os_free(bss->radius_req_attr_sqlite);
+ bss->radius_req_attr_sqlite = os_strdup(pos);
} else if (os_strcmp(buf, "radius_das_port") == 0) {
bss->radius_das_port = atoi(pos);
} else if (os_strcmp(buf, "radius_das_client") == 0) {
@@ -3442,6 +3463,8 @@ static int hostapd_config_fill(struct hostapd_config *
conf->he_op.he_twt_required = atoi(pos);
} else if (os_strcmp(buf, "he_rts_threshold") == 0) {
conf->he_op.he_rts_threshold = atoi(pos);
+ } else if (os_strcmp(buf, "he_basic_mcs_nss_set") == 0) {
+ conf->he_op.he_basic_mcs_nss_set = atoi(pos);
} else if (os_strcmp(buf, "he_mu_edca_qos_info_param_count") == 0) {
conf->he_mu_edca.he_qos_info |=
set_he_cap(atoi(pos), HE_QOS_INFO_EDCA_PARAM_SET_COUNT);
@@ -3526,6 +3549,20 @@ static int hostapd_config_fill(struct hostapd_config *
} else if (os_strcmp(buf, "he_mu_edca_ac_vo_timer") == 0) {
conf->he_mu_edca.he_mu_ac_vo_param[HE_MU_AC_PARAM_TIMER_IDX] =
atoi(pos) & 0xff;
+ } else if (os_strcmp(buf, "he_spr_sr_control") == 0) {
+ conf->spr.sr_control = atoi(pos) & 0xff;
+ } else if (os_strcmp(buf, "he_spr_non_srg_obss_pd_max_offset") == 0) {
+ conf->spr.non_srg_obss_pd_max_offset = atoi(pos);
+ } else if (os_strcmp(buf, "he_spr_srg_obss_pd_min_offset") == 0) {
+ conf->spr.srg_obss_pd_min_offset = atoi(pos);
+ } else if (os_strcmp(buf, "he_spr_srg_obss_pd_max_offset") == 0) {
+ conf->spr.srg_obss_pd_max_offset = atoi(pos);
+ } else if (os_strcmp(buf, "he_oper_chwidth") == 0) {
+ conf->he_oper_chwidth = atoi(pos);
+ } else if (os_strcmp(buf, "he_oper_centr_freq_seg0_idx") == 0) {
+ conf->he_oper_centr_freq_seg0_idx = atoi(pos);
+ } else if (os_strcmp(buf, "he_oper_centr_freq_seg1_idx") == 0) {
+ conf->he_oper_centr_freq_seg1_idx = atoi(pos);
#endif /* CONFIG_IEEE80211AX */
} else if (os_strcmp(buf, "max_listen_interval") == 0) {
bss->max_listen_interval = atoi(pos);
@@ -4298,6 +4335,11 @@ static int hostapd_config_fill(struct hostapd_config *
} else if (os_strcmp(buf, "dpp_csign") == 0) {
if (parse_wpabuf_hex(line, buf, &bss->dpp_csign, pos))
return 1;
+#ifdef CONFIG_DPP2
+ } else if (os_strcmp(buf, "dpp_controller") == 0) {
+ if (hostapd_dpp_controller_parse(bss, pos))
+ return 1;
+#endif /* CONFIG_DPP2 */
#endif /* CONFIG_DPP */
#ifdef CONFIG_OWE
} else if (os_strcmp(buf, "owe_transition_bssid") == 0) {
@@ -4349,6 +4391,121 @@ static int hostapd_config_fill(struct hostapd_config *
conf->rssi_reject_assoc_timeout = atoi(pos);
} else if (os_strcmp(buf, "pbss") == 0) {
bss->pbss = atoi(pos);
+#ifdef CONFIG_AIRTIME_POLICY
+ } else if (os_strcmp(buf, "airtime_mode") == 0) {
+ int val = atoi(pos);
+
+ if (val < 0 || val > AIRTIME_MODE_MAX) {
+ wpa_printf(MSG_ERROR, "Line %d: Unknown airtime_mode",
+ line);
+ return 1;
+ }
+ conf->airtime_mode = val;
+ } else if (os_strcmp(buf, "airtime_update_interval") == 0) {
+ conf->airtime_update_interval = atoi(pos);
+ } else if (os_strcmp(buf, "airtime_bss_weight") == 0) {
+ bss->airtime_weight = atoi(pos);
+ } else if (os_strcmp(buf, "airtime_bss_limit") == 0) {
+ int val = atoi(pos);
+
+ if (val < 0 || val > 1) {
+ wpa_printf(MSG_ERROR,
+ "Line %d: Invalid airtime_bss_limit (must be 0 or 1)",
+ line);
+ return 1;
+ }
+ bss->airtime_limit = val;
+ } else if (os_strcmp(buf, "airtime_sta_weight") == 0) {
+ if (add_airtime_weight(bss, pos) < 0) {
+ wpa_printf(MSG_ERROR,
+ "Line %d: Invalid airtime weight '%s'",
+ line, pos);
+ return 1;
+ }
+#endif /* CONFIG_AIRTIME_POLICY */
+#ifdef CONFIG_MACSEC
+ } else if (os_strcmp(buf, "macsec_policy") == 0) {
+ int macsec_policy = atoi(pos);
+
+ if (macsec_policy < 0 || macsec_policy > 1) {
+ wpa_printf(MSG_ERROR,
+ "Line %d: invalid macsec_policy (%d): '%s'.",
+ line, macsec_policy, pos);
+ return 1;
+ }
+ bss->macsec_policy = macsec_policy;
+ } else if (os_strcmp(buf, "macsec_integ_only") == 0) {
+ int macsec_integ_only = atoi(pos);
+
+ if (macsec_integ_only < 0 || macsec_integ_only > 1) {
+ wpa_printf(MSG_ERROR,
+ "Line %d: invalid macsec_integ_only (%d): '%s'.",
+ line, macsec_integ_only, pos);
+ return 1;
+ }
+ bss->macsec_integ_only = macsec_integ_only;
+ } else if (os_strcmp(buf, "macsec_replay_protect") == 0) {
+ int macsec_replay_protect = atoi(pos);
+
+ if (macsec_replay_protect < 0 || macsec_replay_protect > 1) {
+ wpa_printf(MSG_ERROR,
+ "Line %d: invalid macsec_replay_protect (%d): '%s'.",
+ line, macsec_replay_protect, pos);
+ return 1;
+ }
+ bss->macsec_replay_protect = macsec_replay_protect;
+ } else if (os_strcmp(buf, "macsec_replay_window") == 0) {
+ bss->macsec_replay_window = atoi(pos);
+ } else if (os_strcmp(buf, "macsec_port") == 0) {
+ int macsec_port = atoi(pos);
+
+ if (macsec_port < 1 || macsec_port > 65534) {
+ wpa_printf(MSG_ERROR,
+ "Line %d: invalid macsec_port (%d): '%s'.",
+ line, macsec_port, pos);
+ return 1;
+ }
+ bss->macsec_port = macsec_port;
+ } else if (os_strcmp(buf, "mka_priority") == 0) {
+ int mka_priority = atoi(pos);
+
+ if (mka_priority < 0 || mka_priority > 255) {
+ wpa_printf(MSG_ERROR,
+ "Line %d: invalid mka_priority (%d): '%s'.",
+ line, mka_priority, pos);
+ return 1;
+ }
+ bss->mka_priority = mka_priority;
+ } else if (os_strcmp(buf, "mka_cak") == 0) {
+ size_t len = os_strlen(pos);
+
+ if (len > 2 * MACSEC_CAK_MAX_LEN ||
+ (len != 2 * 16 && len != 2 * 32) ||
+ hexstr2bin(pos, bss->mka_cak, len / 2)) {
+ wpa_printf(MSG_ERROR, "Line %d: Invalid MKA-CAK '%s'.",
+ line, pos);
+ return 1;
+ }
+ bss->mka_cak_len = len / 2;
+ bss->mka_psk_set |= MKA_PSK_SET_CAK;
+ } else if (os_strcmp(buf, "mka_ckn") == 0) {
+ size_t len = os_strlen(pos);
+
+ if (len > 2 * MACSEC_CKN_MAX_LEN || /* too long */
+ len < 2 || /* too short */
+ len % 2 != 0 /* not an integral number of bytes */) {
+ wpa_printf(MSG_ERROR, "Line %d: Invalid MKA-CKN '%s'.",
+ line, pos);
+ return 1;
+ }
+ bss->mka_ckn_len = len / 2;
+ if (hexstr2bin(pos, bss->mka_ckn, bss->mka_ckn_len)) {
+ wpa_printf(MSG_ERROR, "Line %d: Invalid MKA-CKN '%s'.",
+ line, pos);
+ return -1;
+ }
+ bss->mka_psk_set |= MKA_PSK_SET_CKN;
+#endif /* CONFIG_MACSEC */
} else {
wpa_printf(MSG_ERROR,
"Line %d: unknown configuration item '%s'",
Modified: vendor/wpa/dist/hostapd/ctrl_iface.c
==============================================================================
--- vendor/wpa/dist/hostapd/ctrl_iface.c Thu Aug 22 02:53:51 2019 (r351376)
+++ vendor/wpa/dist/hostapd/ctrl_iface.c Thu Aug 22 02:58:49 2019 (r351377)
@@ -1830,26 +1830,40 @@ static void hostapd_data_test_rx(void *ctx, const u8 *
struct iphdr ip;
const u8 *pos;
unsigned int i;
+ char extra[30];
- if (len != HWSIM_PACKETLEN)
+ if (len < sizeof(*eth) + sizeof(ip) || len > HWSIM_PACKETLEN) {
+ wpa_printf(MSG_DEBUG,
+ "test data: RX - ignore unexpected length %d",
+ (int) len);
return;
+ }
eth = (const struct ether_header *) buf;
os_memcpy(&ip, eth + 1, sizeof(ip));
pos = &buf[sizeof(*eth) + sizeof(ip)];
if (ip.ihl != 5 || ip.version != 4 ||
- ntohs(ip.tot_len) != HWSIM_IP_LEN)
+ ntohs(ip.tot_len) > HWSIM_IP_LEN) {
+ wpa_printf(MSG_DEBUG,
+ "test data: RX - ignore unexpect IP header");
return;
+ }
- for (i = 0; i < HWSIM_IP_LEN - sizeof(ip); i++) {
- if (*pos != (u8) i)
+ for (i = 0; i < ntohs(ip.tot_len) - sizeof(ip); i++) {
+ if (*pos != (u8) i) {
+ wpa_printf(MSG_DEBUG,
+ "test data: RX - ignore mismatching payload");
return;
+ }
pos++;
}
- wpa_msg(hapd->msg_ctx, MSG_INFO, "DATA-TEST-RX " MACSTR " " MACSTR,
- MAC2STR(eth->ether_dhost), MAC2STR(eth->ether_shost));
+ extra[0] = '\0';
+ if (ntohs(ip.tot_len) != HWSIM_IP_LEN)
+ os_snprintf(extra, sizeof(extra), " len=%d", ntohs(ip.tot_len));
+ wpa_msg(hapd->msg_ctx, MSG_INFO, "DATA-TEST-RX " MACSTR " " MACSTR "%s",
+ MAC2STR(eth->ether_dhost), MAC2STR(eth->ether_shost), extra);
}
@@ -1894,7 +1908,7 @@ static int hostapd_ctrl_iface_data_test_config(struct
static int hostapd_ctrl_iface_data_test_tx(struct hostapd_data *hapd, char *cmd)
{
u8 dst[ETH_ALEN], src[ETH_ALEN];
- char *pos;
+ char *pos, *pos2;
int used;
long int val;
u8 tos;
@@ -1903,11 +1917,12 @@ static int hostapd_ctrl_iface_data_test_tx(struct host
struct iphdr *ip;
u8 *dpos;
unsigned int i;
+ size_t send_len = HWSIM_IP_LEN;
if (hapd->l2_test == NULL)
return -1;
- /* format: <dst> <src> <tos> */
+ /* format: <dst> <src> <tos> [len=<length>] */
pos = cmd;
used = hwaddr_aton2(pos, dst);
@@ -1921,11 +1936,19 @@ static int hostapd_ctrl_iface_data_test_tx(struct host
return -1;
pos += used;
- val = strtol(pos, NULL, 0);
+ val = strtol(pos, &pos2, 0);
if (val < 0 || val > 0xff)
return -1;
tos = val;
+ pos = os_strstr(pos2, " len=");
+ if (pos) {
+ i = atoi(pos + 5);
+ if (i < sizeof(*ip) || i > HWSIM_IP_LEN)
+ return -1;
+ send_len = i;
+ }
+
eth = (struct ether_header *) &buf[2];
os_memcpy(eth->ether_dhost, dst, ETH_ALEN);
os_memcpy(eth->ether_shost, src, ETH_ALEN);
@@ -1936,17 +1959,17 @@ static int hostapd_ctrl_iface_data_test_tx(struct host
ip->version = 4;
ip->ttl = 64;
ip->tos = tos;
- ip->tot_len = htons(HWSIM_IP_LEN);
+ ip->tot_len = htons(send_len);
ip->protocol = 1;
ip->saddr = htonl(192U << 24 | 168 << 16 | 1 << 8 | 1);
ip->daddr = htonl(192U << 24 | 168 << 16 | 1 << 8 | 2);
ip->check = ipv4_hdr_checksum(ip, sizeof(*ip));
dpos = (u8 *) (ip + 1);
- for (i = 0; i < HWSIM_IP_LEN - sizeof(*ip); i++)
+ for (i = 0; i < send_len - sizeof(*ip); i++)
*dpos++ = i;
if (l2_packet_send(hapd->l2_test, dst, ETHERTYPE_IP, &buf[2],
- HWSIM_PACKETLEN) < 0)
+ sizeof(struct ether_header) + send_len) < 0)
return -1;
wpa_dbg(hapd->msg_ctx, MSG_DEBUG, "test data: TX dst=" MACSTR
Modified: vendor/wpa/dist/hostapd/defconfig
==============================================================================
--- vendor/wpa/dist/hostapd/defconfig Thu Aug 22 02:53:51 2019 (r351376)
+++ vendor/wpa/dist/hostapd/defconfig Thu Aug 22 02:58:49 2019 (r351377)
@@ -108,11 +108,18 @@ CONFIG_EAP_TTLS=y
#CONFIG_EAP_GPSK_SHA256=y
# EAP-FAST for the integrated EAP server
-# Note: If OpenSSL is used as the TLS library, OpenSSL 1.0 or newer is needed
-# for EAP-FAST support. Older OpenSSL releases would need to be patched, e.g.,
-# with openssl-0.9.8x-tls-extensions.patch, to add the needed functions.
#CONFIG_EAP_FAST=y
+# EAP-TEAP for the integrated EAP server
+# Note: The current EAP-TEAP implementation is experimental and should not be
+# enabled for production use. The IETF RFC 7170 that defines EAP-TEAP has number
+# of conflicting statements and missing details and the implementation has
+# vendor specific workarounds for those and as such, may not interoperate with
+# any other implementation. This should not be used for anything else than
+# experimentation and interoperability testing until those issues has been
+# resolved.
+#CONFIG_EAP_TEAP=y
+
# Wi-Fi Protected Setup (WPS)
#CONFIG_WPS=y
# Enable UPnP support for external WPS Registrars
@@ -375,6 +382,9 @@ CONFIG_IPV6=y
# Opportunistic Wireless Encryption (OWE)
# Experimental implementation of draft-harkins-owe-07.txt
#CONFIG_OWE=y
+
+# Airtime policy support
+#CONFIG_AIRTIME_POLICY=y
# Override default value for the wpa_disable_eapol_key_retries configuration
# parameter. See that parameter in hostapd.conf for more details.
Modified: vendor/wpa/dist/hostapd/eap_register.c
==============================================================================
--- vendor/wpa/dist/hostapd/eap_register.c Thu Aug 22 02:53:51 2019 (r351376)
+++ vendor/wpa/dist/hostapd/eap_register.c Thu Aug 22 02:58:49 2019 (r351377)
@@ -121,6 +121,11 @@ int eap_server_register_methods(void)
ret = eap_server_fast_register();
#endif /* EAP_SERVER_FAST */
+#ifdef EAP_SERVER_TEAP
+ if (ret == 0)
+ ret = eap_server_teap_register();
+#endif /* EAP_SERVER_TEAP */
+
#ifdef EAP_SERVER_WSC
if (ret == 0)
ret = eap_server_wsc_register();
Modified: vendor/wpa/dist/hostapd/hostapd.conf
==============================================================================
--- vendor/wpa/dist/hostapd/hostapd.conf Thu Aug 22 02:53:51 2019 (r351376)
+++ vendor/wpa/dist/hostapd/hostapd.conf Thu Aug 22 02:58:49 2019 (r351377)
@@ -782,10 +782,8 @@ wmm_ac_vo_acm=0
# 1 = supported
#he_mu_beamformer=1
-# he_bss_color: BSS color
-# 0 = no BSS color (default)
-# unsigned integer = BSS color
-#he_bss_color=0
+# he_bss_color: BSS color (1-63)
+#he_bss_color=1
#he_default_pe_duration: The duration of PE field in an HE PPDU in us
# Possible values are 0 us (default), 4 us, 8 us, 12 us, and 16 us
@@ -801,6 +799,17 @@ wmm_ac_vo_acm=0
# unsigned integer = duration in units of 16 us
#he_rts_threshold=0
+# HE operating channel information; see matching vht_* parameters for details.
+#he_oper_chwidth
+#he_oper_centr_freq_seg0_idx
+#he_oper_centr_freq_seg1_idx
+
+#he_basic_mcs_nss_set: Basic NSS/MCS set
+# 16-bit combination of 2-bit values of Max HE-MCS For 1..8 SS; each 2-bit
+# value having following meaning:
+# 0 = HE-MCS 0-7, 1 = HE-MCS 0-9, 2 = HE-MCS 0-11, 3 = not supported
+#he_basic_mcs_nss_set
+
#he_mu_edca_qos_info_param_count
#he_mu_edca_qos_info_q_ack
#he_mu_edca_qos_info_queue_request=1
@@ -825,6 +834,12 @@ wmm_ac_vo_acm=0
#he_mu_edca_ac_vo_ecwmax=15
#he_mu_edca_ac_vo_timer=255
+# Spatial Reuse Parameter Set
+#he_spr_sr_control
+#he_spr_non_srg_obss_pd_max_offset
+#he_spr_srg_obss_pd_min_offset
+#he_spr_srg_obss_pd_max_offset
+
##### IEEE 802.1X-2004 related configuration ##################################
# Require IEEE 802.1X authorization
@@ -836,6 +851,8 @@ wmm_ac_vo_acm=0
# the new version number correctly (they seem to drop the frames completely).
# In order to make hostapd interoperate with these clients, the version number
# can be set to the older version (1) with this configuration value.
+# Note: When using MACsec, eapol_version shall be set to 3, which is
+# defined in IEEE Std 802.1X-2010.
#eapol_version=2
# Optional displayable message sent with EAP Request-Identity. The first \0
@@ -879,6 +896,54 @@ eapol_key_index_workaround=0
# ERP is enabled (eap_server_erp=1).
#erp_domain=example.com
+##### MACsec ##################################################################
+
+# macsec_policy: IEEE 802.1X/MACsec options
+# This determines how sessions are secured with MACsec (only for MACsec
+# drivers).
+# 0: MACsec not in use (default)
+# 1: MACsec enabled - Should secure, accept key server's advice to
+# determine whether to use a secure session or not.
+#
+# macsec_integ_only: IEEE 802.1X/MACsec transmit mode
+# This setting applies only when MACsec is in use, i.e.,
+# - macsec_policy is enabled
+# - the key server has decided to enable MACsec
+# 0: Encrypt traffic (default)
+# 1: Integrity only
+#
+# macsec_replay_protect: IEEE 802.1X/MACsec replay protection
+# This setting applies only when MACsec is in use, i.e.,
+# - macsec_policy is enabled
+# - the key server has decided to enable MACsec
+# 0: Replay protection disabled (default)
+# 1: Replay protection enabled
+#
+# macsec_replay_window: IEEE 802.1X/MACsec replay protection window
+# This determines a window in which replay is tolerated, to allow receipt
+# of frames that have been misordered by the network.
+# This setting applies only when MACsec replay protection active, i.e.,
+# - macsec_replay_protect is enabled
+# - the key server has decided to enable MACsec
+# 0: No replay window, strict check (default)
+# 1..2^32-1: number of packets that could be misordered
+#
+# macsec_port: IEEE 802.1X/MACsec port
+# Port component of the SCI
+# Range: 1-65534 (default: 1)
+#
+# mka_priority (Priority of MKA Actor)
+# Range: 0..255 (default: 255)
+#
+# mka_cak, mka_ckn, and mka_priority: IEEE 802.1X/MACsec pre-shared key mode
+# This allows to configure MACsec with a pre-shared key using a (CAK,CKN) pair.
+# In this mode, instances of hostapd can act as MACsec peers. The peer
+# with lower priority will become the key server and start distributing SAKs.
+# mka_cak (CAK = Secure Connectivity Association Key) takes a 16-byte (128-bit)
+# hex-string (32 hex-digits) or a 32-byte (256-bit) hex-string (64 hex-digits)
+# mka_ckn (CKN = CAK Name) takes a 1..32-bytes (8..256 bit) hex-string
+# (2..64 hex-digits)
+
##### Integrated EAP server ###################################################
# Optionally, hostapd can be configured to use an integrated EAP server
@@ -912,6 +977,23 @@ eap_server=0
# Passphrase for private key
#private_key_passwd=secret passphrase
+# An alternative server certificate and private key can be configured with the
+# following parameters (with values just like the parameters above without the
+# '2' suffix). The ca_cert file (in PEM encoding) is used to add the trust roots
+# for both server certificates and/or client certificates).
+#
+# The main use case for this alternative server certificate configuration is to
+# enable both RSA and ECC public keys. The server will pick which one to use
+# based on the client preferences for the cipher suite (in the TLS ClientHello
+# message). It should be noted that number of deployed EAP peer implementations
+# do not filter out the cipher suite list based on their local configuration and
+# as such, configuration of alternative types of certificates on the server may
+# result in interoperability issues.
+#server_cert2=/etc/hostapd.server-ecc.pem
+#private_key2=/etc/hostapd.server-ecc.prv
+#private_key_passwd2=secret passphrase
+
+
# Server identity
# EAP methods that provide mechanism for authenticated server identity delivery
# use this value. If not set, "hostapd" is used as a default.
@@ -1109,10 +1191,27 @@ eap_server=0
# (or fewer) of the lifetime remains.
#pac_key_refresh_time=86400
+# EAP-TEAP authentication type
+# 0 = inner EAP (default)
+# 1 = Basic-Password-Auth
+#eap_teap_auth=0
+
+# EAP-TEAP authentication behavior when using PAC
+# 0 = perform inner authentication (default)
+# 1 = skip inner authentication (inner EAP/Basic-Password-Auth)
+#eap_teap_pac_no_inner=0
+
# EAP-SIM and EAP-AKA protected success/failure indication using AT_RESULT_IND
# (default: 0 = disabled).
#eap_sim_aka_result_ind=1
+# EAP-SIM and EAP-AKA identity options
+# 0 = do not use pseudonyms or fast reauthentication
+# 1 = use pseudonyms, but not fast reauthentication
+# 2 = do not use pseudonyms, but use fast reauthentication
+# 3 = use pseudonyms and use fast reauthentication (default)
+#eap_sim_id=3
+
# Trusted Network Connect (TNC)
# If enabled, TNC validation will be required before the peer is allowed to
# connect. Note: This is only used with EAP-TTLS and EAP-FAST. If any other
@@ -1292,6 +1391,17 @@ own_ip_addr=127.0.0.1
# Operator-Name = "Operator"
#radius_acct_req_attr=126:s:Operator
+# If SQLite support is included, path to a database from which additional
+# RADIUS request attributes are extracted based on the station MAC address.
+#
+# The schema for the radius_attributes table is:
+# id | sta | reqtype | attr : multi-key (sta, reqtype)
+# id = autonumber
+# sta = station MAC address in `11:22:33:44:55:66` format.
+# type = `auth` | `acct` | NULL (match any)
+# attr = existing config file format, e.g. `126:s:Test Operator`
+#radius_req_attr_sqlite=radius_attr.sqlite
+
# Dynamic Authorization Extensions (RFC 5176)
# This mechanism can be used to allow dynamic changes to user session based on
# commands from a RADIUS server (or some other disconnect client that has the
@@ -2491,6 +2601,42 @@ own_ip_addr=127.0.0.1
# as a radio measurement even if the request doesn't contain a max age element
# that allows sending of such data. Default: 0.
#stationary_ap=0
+
+##### Airtime policy configuration ###########################################
+
+# Set the airtime policy operating mode:
+# 0 = disabled (default)
+# 1 = static config
+# 2 = per-BSS dynamic config
+# 3 = per-BSS limit mode
+#airtime_mode=0
+
+# Interval (in milliseconds) to poll the kernel for updated station activity in
+# dynamic and limit modes
+#airtime_update_interval=200
+
+# Static configuration of station weights (when airtime_mode=1). Kernel default
+# weight is 256; set higher for larger airtime share, lower for smaller share.
+# Each entry is a MAC address followed by a weight.
+#airtime_sta_weight=02:01:02:03:04:05 256
+#airtime_sta_weight=02:01:02:03:04:06 512
+
+# Per-BSS airtime weight. In multi-BSS mode, set for each BSS and hostapd will
+# configure station weights to enforce the correct ratio between BSS weights
+# depending on the number of active stations. The *ratios* between different
+# BSSes is what's important, not the absolute numbers.
+# Must be set for all BSSes if airtime_mode=2 or 3, has no effect otherwise.
+#airtime_bss_weight=1
+
+# Whether the current BSS should be limited (when airtime_mode=3).
+#
+# If set, the BSS weight ratio will be applied in the case where the current BSS
+# would exceed the share defined by the BSS weight ratio. E.g., if two BSSes are
+# set to the same weights, and one is set to limited, the limited BSS will get
+# no more than half the available airtime, but if the non-limited BSS has more
+# stations active, that *will* be allowed to exceed its half of the available
+# airtime.
+#airtime_bss_limit=1
##### TESTING OPTIONS #########################################################
#
Modified: vendor/wpa/dist/hostapd/hostapd_cli.c
==============================================================================
--- vendor/wpa/dist/hostapd/hostapd_cli.c Thu Aug 22 02:53:51 2019 (r351376)
+++ vendor/wpa/dist/hostapd/hostapd_cli.c Thu Aug 22 02:58:49 2019 (r351377)
@@ -1214,6 +1214,13 @@ static int hostapd_cli_cmd_disable(struct wpa_ctrl *ct
}
+static int hostapd_cli_cmd_update_beacon(struct wpa_ctrl *ctrl, int argc,
+ char *argv[])
+{
+ return wpa_ctrl_command(ctrl, "UPDATE_BEACON");
+}
+
+
static int hostapd_cli_cmd_vendor(struct wpa_ctrl *ctrl, int argc, char *argv[])
{
char cmd[256];
@@ -1617,6 +1624,8 @@ static const struct hostapd_cli_cmd hostapd_cli_comman
"= reload configuration for current interface" },
{ "disable", hostapd_cli_cmd_disable, NULL,
"= disable hostapd on current interface" },
+ { "update_beacon", hostapd_cli_cmd_update_beacon, NULL,
+ "= update Beacon frame contents\n"},
{ "erp_flush", hostapd_cli_cmd_erp_flush, NULL,
"= drop all ERP keys"},
{ "log_level", hostapd_cli_cmd_log_level, NULL,
Modified: vendor/wpa/dist/hostapd/main.c
==============================================================================
--- vendor/wpa/dist/hostapd/main.c Thu Aug 22 02:53:51 2019 (r351376)
+++ vendor/wpa/dist/hostapd/main.c Thu Aug 22 02:58:49 2019 (r351377)
@@ -653,6 +653,9 @@ int main(int argc, char *argv[])
int start_ifaces_in_sync = 0;
char **if_names = NULL;
size_t if_names_size = 0;
+#ifdef CONFIG_DPP
+ struct dpp_global_config dpp_conf;
+#endif /* CONFIG_DPP */
if (os_program_init())
return -1;
@@ -672,7 +675,9 @@ int main(int argc, char *argv[])
dl_list_init(&interfaces.eth_p_oui);
#endif /* CONFIG_ETH_P_OUI */
#ifdef CONFIG_DPP
- interfaces.dpp = dpp_global_init();
+ os_memset(&dpp_conf, 0, sizeof(dpp_conf));
+ /* TODO: dpp_conf.msg_ctx? */
+ interfaces.dpp = dpp_global_init(&dpp_conf);
if (!interfaces.dpp)
return -1;
#endif /* CONFIG_DPP */
Modified: vendor/wpa/dist/hs20/client/.gitignore
==============================================================================
--- vendor/wpa/dist/hs20/client/.gitignore Thu Aug 22 02:53:51 2019 (r351376)
+++ vendor/wpa/dist/hs20/client/.gitignore Thu Aug 22 02:58:49 2019 (r351377)
@@ -1 +1,4 @@
*** DIFF OUTPUT TRUNCATED AT 1000 LINES ***
More information about the svn-src-vendor
mailing list