[LEDE-DEV] [PATCH 2/3] hostapd/wpa_supplicant: enable SHA256-based algorithms

Tue, 27 Dec 2016 04:02:27 -0800 

Enable support for stronger SHA256-based algorithms in hostapd and
wpa_supplicant when using WPA-EAP or WPA-PSK with 802.11w enabled.

We cannot unconditionally enable it, as it requires hostapd to be
compiled with 802.11w support, which is disabled in the -mini variants.

Signed-off-by: Stijn Tintel <st...@linux-ipv6.be>
---
 package/network/services/hostapd/files/netifd.sh | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/package/network/services/hostapd/files/netifd.sh 
b/package/network/services/hostapd/files/netifd.sh
index b87672c..a6049fd 100644
--- a/package/network/services/hostapd/files/netifd.sh
+++ b/package/network/services/hostapd/files/netifd.sh
@@ -187,7 +187,7 @@ hostapd_set_bss_options() {
                wps_device_type wps_device_name wps_manufacturer wps_pin \
                macfilter ssid wmm uapsd hidden short_preamble rsn_preauth \
                iapp_interface eapol_version acct_server acct_secret acct_port \
-               dynamic_vlan
+               dynamic_vlan ieee80211w
 
        set_default isolate 0
        set_default maxassoc 0
@@ -256,6 +256,7 @@ hostapd_set_bss_options() {
                        [ "$eapol_version" -ge "1" -a "$eapol_version" -le "2" 
] && append bss_conf "eapol_version=$eapol_version" "$N"
 
                        wps_possible=1
+                       [ "$ieee80211w" -gt 0 ] && append wpa_key_mgmt 
"WPA-PSK-SHA256"
                        append wpa_key_mgmt "WPA-PSK"
                ;;
                eap)
@@ -291,6 +292,7 @@ hostapd_set_bss_options() {
                        [ -n "$ownip" ] && append bss_conf "own_ip_addr=$ownip" 
"$N"
                        append bss_conf "eapol_key_index_workaround=1" "$N"
                        append bss_conf "ieee8021x=1" "$N"
+                       [ "$ieee80211w" -gt 1 ] && append wpa_key_mgmt 
"WPA-EAP-SHA256"
                        append wpa_key_mgmt "WPA-EAP"
 
                        [ "$eapol_version" -ge "1" -a "$eapol_version" -le "2" 
] && append bss_conf "eapol_version=$eapol_version" "$N"
@@ -614,6 +616,7 @@ wpa_supplicant_add_network() {
                psk)
                        local passphrase
 
+                       [ "$ieee80211w" -gt 1 ] && append wpa_key_mgmt 
"WPA-PSK-SHA256"
                        append wpa_key_mgmt "WPA-PSK"
                        [ "$ieee80211r" -gt 0 ] && append wpa_key_mgmt "FT-PSK"
                        key_mgmt="$wpa_key_mgmt"
@@ -626,6 +629,7 @@ wpa_supplicant_add_network() {
                        append network_data "$passphrase" "$N$T"
                ;;
                eap)
+                       [ "$ieee80211w" -gt 1 ] && append wpa_key_mgmt 
"WPA-EAP-SHA256"
                        append wpa_key_mgmt "WPA-EAP"
                        [ "$ieee80211r" -gt 0 ] && append wpa_key_mgmt "FT-EAP"
                        key_mgmt="$wpa_key_mgmt"
-- 
2.10.2


_______________________________________________
Lede-dev mailing list
Lede-dev@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/lede-dev

Reply via email to