Enable support for stronger SHA256-based algorithms in hostapd and wpa_supplicant when using WPA-EAP or WPA-PSK with 802.11w enabled.
We cannot unconditionally enable it, as it requires hostapd to be compiled with 802.11w support, which is disabled in the -mini variants. Signed-off-by: Stijn Tintel <st...@linux-ipv6.be> --- package/network/services/hostapd/files/netifd.sh | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/package/network/services/hostapd/files/netifd.sh b/package/network/services/hostapd/files/netifd.sh index b87672c..a6049fd 100644 --- a/package/network/services/hostapd/files/netifd.sh +++ b/package/network/services/hostapd/files/netifd.sh @@ -187,7 +187,7 @@ hostapd_set_bss_options() { wps_device_type wps_device_name wps_manufacturer wps_pin \ macfilter ssid wmm uapsd hidden short_preamble rsn_preauth \ iapp_interface eapol_version acct_server acct_secret acct_port \ - dynamic_vlan + dynamic_vlan ieee80211w set_default isolate 0 set_default maxassoc 0 @@ -256,6 +256,7 @@ hostapd_set_bss_options() { [ "$eapol_version" -ge "1" -a "$eapol_version" -le "2" ] && append bss_conf "eapol_version=$eapol_version" "$N" wps_possible=1 + [ "$ieee80211w" -gt 0 ] && append wpa_key_mgmt "WPA-PSK-SHA256" append wpa_key_mgmt "WPA-PSK" ;; eap) @@ -291,6 +292,7 @@ hostapd_set_bss_options() { [ -n "$ownip" ] && append bss_conf "own_ip_addr=$ownip" "$N" append bss_conf "eapol_key_index_workaround=1" "$N" append bss_conf "ieee8021x=1" "$N" + [ "$ieee80211w" -gt 1 ] && append wpa_key_mgmt "WPA-EAP-SHA256" append wpa_key_mgmt "WPA-EAP" [ "$eapol_version" -ge "1" -a "$eapol_version" -le "2" ] && append bss_conf "eapol_version=$eapol_version" "$N" @@ -614,6 +616,7 @@ wpa_supplicant_add_network() { psk) local passphrase + [ "$ieee80211w" -gt 1 ] && append wpa_key_mgmt "WPA-PSK-SHA256" append wpa_key_mgmt "WPA-PSK" [ "$ieee80211r" -gt 0 ] && append wpa_key_mgmt "FT-PSK" key_mgmt="$wpa_key_mgmt" @@ -626,6 +629,7 @@ wpa_supplicant_add_network() { append network_data "$passphrase" "$N$T" ;; eap) + [ "$ieee80211w" -gt 1 ] && append wpa_key_mgmt "WPA-EAP-SHA256" append wpa_key_mgmt "WPA-EAP" [ "$ieee80211r" -gt 0 ] && append wpa_key_mgmt "FT-EAP" key_mgmt="$wpa_key_mgmt" -- 2.10.2 _______________________________________________ Lede-dev mailing list Lede-dev@lists.infradead.org http://lists.infradead.org/mailman/listinfo/lede-dev