HOSTAPD_SUPPORTED_MODES="802.11a 802.11a/n 802.11ac 802.11g 802.11g/n"
+HOSTAPD_SUPPORTED_PAIRWISE_CIPHERS=(
+ "GCMP-256" # Galois/counter mode protocol with 256 bit key
+ "CCMP-256" # AES in Counter mode with CBC-MAC with 256 bit key
+ "GCMP-128" # Galois/counter mode protocol with 128 bit key
+ "CCMP-128" # AES in Counter mode with CBC-MAC with 128 bit key
+)
+
+# This must be supported by all stations on the network and therefore
+# can effectively only be CCMP
+HOSTAPD_SUPPORTED_GROUP_CIPHERS=(
+ "CCMP-128"
+)
+
hostapd_config_write() {
local device=${1}
assert isset device
# Shift the device and file argument.
shift 2
+ # Device must exist
+ if ! device_exists "${device}"; then
+ error "Cannot write hostapd configuration for non-existant device: ${device}"
+ return ${EXIT_ERROR}
+ fi
+
+ # Get the phy for device
+ local phy="$(device_get_phy "${device}")"
+ assert isset phy
+
local broadcast_ssid
local channel
local channel_bandwidth
# Check if key is set when encryption is used.
if isset encryption; then
- assert isoneof encryption WPA WPA2 WPA/WPA2
+ assert isoneof encryption WPA2
assert isset key
fi
;;
esac
+ # Cryptography
+ local cipher
+
+ # Get all supported pairwise ciphers
+ local pairwise_ciphers=()
+ for cipher in ${HOSTAPD_SUPPORTED_PAIRWISE_CIPHERS[*]}; do
+ if phy_supports_cipher "${phy}" "${cipher}"; then
+ pairwise_ciphers+=( "$(hostapd_cipher_name "${cipher}")" )
+ fi
+ done
+
+ # Get all supported group ciphers
+ local group_ciphers=()
+ for cipher in ${HOSTAPD_SUPPORTED_GROUP_CIPHERS[*]}; do
+ if phy_supports_cipher "${phy}" "${cipher}"; then
+ group_ciphers+=( "$(hostapd_cipher_name "${cipher}")" )
+ fi
+ done
+
# Create configuration directory.
local config_dir=$(dirname ${file})
mkdir -p ${HOSTAPD_CONTROL_INTERFACE_DIR} ${config_dir} 2>/dev/null
if isset encryption; then
local encryption_mode=0
case "${encryption}" in
- WPA)
- encryption_mode=1
- ;;
WPA2)
encryption_mode=2
;;
- WPA/WPA2)
- encryption_mode=3
- ;;
esac
(
print "# Encryption settings"
print "wpa=${encryption_mode}"
print "wpa_passphrase=${key}"
- print "wpa_key_mgmt=WPA-PSK"
- print "wpa_pairwise=TKIP"
- print "rsn_pairwise=CCMP"
+ print "wpa_key_mgmt=WPA-PSK-SHA256 WPA-PSK"
+ print "wpa_pairwise=${pairwise_ciphers[*]}"
+ print "rsn_pairwise=${pairwise_ciphers[*]}"
+ print "group_cipher=${group_ciphers[*]}"
print
) >> ${file}
fi
+ # Log configuration file
+ file_to_log DEBUG "${file}"
+
return ${EXIT_OK}
}
service_stop "hostapd@${device}.service"
}
+
+hostapd_cipher_name() {
+ local cipher="${1}"
+
+ case "${cipher}" in
+ CCMP-128)
+ print "CCMP"
+ ;;
+
+ GCMP-128)
+ print "GCMP"
+ ;;
+
+ *)
+ print "${cipher}"
+ ;;
+ esac
+}