SAE passwords from a separate file
Add a new hostapd configuration parameter sae_password_file to read SAE passwords (i.e., the entries that use the previously added sae_password parameter) from a separate file. sae_password_file uses the following format for storing passphrases: <password/credential>[|mac=<peer mac>][|vlanid=<VLAN ID>] [|pk=<m:ECPrivateKey-base64>][|id=<identifier>] Examples: <password> <password>|id=<pw identifier> <password>|mac=02:03:04:05:06:01|vlanid=1 <password>|vlanid=3|id=<pw identifier> Signed-off-by: Shiva Sankar Gajula <quic_sgajula@quicinc.com>
This commit is contained in:
Shiva Sankar Gajula
Jouni Malinen
parent
40b2558828
commit
e748e50c62
2 changed files with 44 additions and 0 deletions
|
|
@ -2159,6 +2159,7 @@ static int add_airtime_weight(struct hostapd_bss_config *bss, char *value)
|
||||||
|
|
||||||
|
|
||||||
#ifdef CONFIG_SAE
|
#ifdef CONFIG_SAE
|
||||||
|
|
||||||
static int parse_sae_password(struct hostapd_bss_config *bss, const char *val)
|
static int parse_sae_password(struct hostapd_bss_config *bss, const char *val)
|
||||||
{
|
{
|
||||||
struct sae_password_entry *pw;
|
struct sae_password_entry *pw;
|
||||||
|
|
@ -2262,6 +2263,38 @@ fail:
|
||||||
os_free(pw);
|
os_free(pw);
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
static int parse_sae_password_file(struct hostapd_bss_config *bss,
|
||||||
|
const char *fname)
|
||||||
|
{
|
||||||
|
FILE *f;
|
||||||
|
char buf[500], *pos;
|
||||||
|
unsigned int line = 0;
|
||||||
|
|
||||||
|
f = fopen(fname, "r");
|
||||||
|
if (!f) {
|
||||||
|
wpa_printf(MSG_ERROR, "sae_password_file '%s' not found.",
|
||||||
|
fname);
|
||||||
|
return -1;
|
||||||
|
}
|
||||||
|
|
||||||
|
while (fgets(buf, sizeof(buf), f)) {
|
||||||
|
pos = os_strchr(buf, '\n');
|
||||||
|
if (pos)
|
||||||
|
*pos = '\0';
|
||||||
|
line++;
|
||||||
|
if (parse_sae_password(bss, buf)) {
|
||||||
|
wpa_printf(MSG_ERROR,
|
||||||
|
"Invalid SAE password at line %d in '%s'",
|
||||||
|
line, fname);
|
||||||
|
return -1;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
|
||||||
#endif /* CONFIG_SAE */
|
#endif /* CONFIG_SAE */
|
||||||
|
|
||||||
|
|
||||||
|
|
@ -4300,6 +4333,13 @@ static int hostapd_config_fill(struct hostapd_config *conf,
|
||||||
line);
|
line);
|
||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
|
} else if (os_strcmp(buf, "sae_password_file") == 0) {
|
||||||
|
if (parse_sae_password_file(bss, pos) < 0) {
|
||||||
|
wpa_printf(MSG_ERROR,
|
||||||
|
"Line %d: Invalid sae_password in file",
|
||||||
|
line);
|
||||||
|
return 1;
|
||||||
|
}
|
||||||
#endif /* CONFIG_SAE */
|
#endif /* CONFIG_SAE */
|
||||||
} else if (os_strcmp(buf, "vendor_elements") == 0) {
|
} else if (os_strcmp(buf, "vendor_elements") == 0) {
|
||||||
if (parse_wpabuf_hex(line, buf, &bss->vendor_elements, pos))
|
if (parse_wpabuf_hex(line, buf, &bss->vendor_elements, pos))
|
||||||
|
|
|
||||||
|
|
@ -2041,6 +2041,10 @@ own_ip_addr=127.0.0.1
|
||||||
#sae_password=really secret|mac=ff:ff:ff:ff:ff:ff
|
#sae_password=really secret|mac=ff:ff:ff:ff:ff:ff
|
||||||
#sae_password=example secret|mac=02:03:04:05:06:07|id=pw identifier
|
#sae_password=example secret|mac=02:03:04:05:06:07|id=pw identifier
|
||||||
#sae_password=example secret|vlanid=3|id=pw identifier
|
#sae_password=example secret|vlanid=3|id=pw identifier
|
||||||
|
#
|
||||||
|
# SAE passwords can also be read from a separate file in which each line
|
||||||
|
# contains and entry in the same format as sae_password uses.
|
||||||
|
#sae_password_file=/tc/hostapd.sae_passwords
|
||||||
|
|
||||||
# SAE threshold for anti-clogging mechanism (dot11RSNASAEAntiCloggingThreshold)
|
# SAE threshold for anti-clogging mechanism (dot11RSNASAEAntiCloggingThreshold)
|
||||||
# This parameter defines how many open SAE instances can be in progress at the
|
# This parameter defines how many open SAE instances can be in progress at the
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue