SAE passwords from a separate file
Add a new hostapd configuration parameter sae_password_file to read SAE passwords (i.e., the entries that use the previously added sae_password parameter) from a separate file. sae_password_file uses the following format for storing passphrases: <password/credential>[|mac=<peer mac>][|vlanid=<VLAN ID>] [|pk=<m:ECPrivateKey-base64>][|id=<identifier>] Examples: <password> <password>|id=<pw identifier> <password>|mac=02:03:04:05:06:01|vlanid=1 <password>|vlanid=3|id=<pw identifier> Signed-off-by: Shiva Sankar Gajula <quic_sgajula@quicinc.com>
This commit is contained in:
Shiva Sankar Gajula
Jouni Malinen
parent
40b2558828
commit
e748e50c62
2 changed files with 44 additions and 0 deletions
|
|
@ -2159,6 +2159,7 @@ static int add_airtime_weight(struct hostapd_bss_config *bss, char *value)
|
|||
|
||||
|
||||
#ifdef CONFIG_SAE
|
||||
|
||||
static int parse_sae_password(struct hostapd_bss_config *bss, const char *val)
|
||||
{
|
||||
struct sae_password_entry *pw;
|
||||
|
|
@ -2262,6 +2263,38 @@ fail:
|
|||
os_free(pw);
|
||||
return -1;
|
||||
}
|
||||
|
||||
|
||||
static int parse_sae_password_file(struct hostapd_bss_config *bss,
|
||||
const char *fname)
|
||||
{
|
||||
FILE *f;
|
||||
char buf[500], *pos;
|
||||
unsigned int line = 0;
|
||||
|
||||
f = fopen(fname, "r");
|
||||
if (!f) {
|
||||
wpa_printf(MSG_ERROR, "sae_password_file '%s' not found.",
|
||||
fname);
|
||||
return -1;
|
||||
}
|
||||
|
||||
while (fgets(buf, sizeof(buf), f)) {
|
||||
pos = os_strchr(buf, '\n');
|
||||
if (pos)
|
||||
*pos = '\0';
|
||||
line++;
|
||||
if (parse_sae_password(bss, buf)) {
|
||||
wpa_printf(MSG_ERROR,
|
||||
"Invalid SAE password at line %d in '%s'",
|
||||
line, fname);
|
||||
return -1;
|
||||
}
|
||||
}
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
#endif /* CONFIG_SAE */
|
||||
|
||||
|
||||
|
|
@ -4300,6 +4333,13 @@ static int hostapd_config_fill(struct hostapd_config *conf,
|
|||
line);
|
||||
return 1;
|
||||
}
|
||||
} else if (os_strcmp(buf, "sae_password_file") == 0) {
|
||||
if (parse_sae_password_file(bss, pos) < 0) {
|
||||
wpa_printf(MSG_ERROR,
|
||||
"Line %d: Invalid sae_password in file",
|
||||
line);
|
||||
return 1;
|
||||
}
|
||||
#endif /* CONFIG_SAE */
|
||||
} else if (os_strcmp(buf, "vendor_elements") == 0) {
|
||||
if (parse_wpabuf_hex(line, buf, &bss->vendor_elements, pos))
|
||||
|
|
|
|||
|
|
@ -2041,6 +2041,10 @@ own_ip_addr=127.0.0.1
|
|||
#sae_password=really secret|mac=ff:ff:ff:ff:ff:ff
|
||||
#sae_password=example secret|mac=02:03:04:05:06:07|id=pw identifier
|
||||
#sae_password=example secret|vlanid=3|id=pw identifier
|
||||
#
|
||||
# SAE passwords can also be read from a separate file in which each line
|
||||
# contains and entry in the same format as sae_password uses.
|
||||
#sae_password_file=/tc/hostapd.sae_passwords
|
||||
|
||||
# SAE threshold for anti-clogging mechanism (dot11RSNASAEAntiCloggingThreshold)
|
||||
# This parameter defines how many open SAE instances can be in progress at the
|
||||
|
|
|
|||
Loading…
Reference in a new issue