Add config information related to MACsec

Add examples of relevant top level CONFIG clauses for wpa_supplicant
MACsec support to defconfig.

Extend the example of MACsec related network configuration. Also bring
them in line with the format of the other example network configurations.

Signed-off-by: Jaap Keuter <jaap.keuter@xs4all.nl>

diff --git a/wpa_supplicant/defconfig b/wpa_supplicant/defconfig
index 450023e7a71fac0abaa3a607448e6d30651a8287..976ac0cb7aabf91bffc9581e38256a56bcf60e3c 100644 (file)
--- a/wpa_supplicant/defconfig
+++ b/wpa_supplicant/defconfig
@@ -73,6 +73,12 @@ CONFIG_DRIVER_NL80211=y
 # Driver interface for wired Ethernet drivers
 CONFIG_DRIVER_WIRED=y
 
+# Driver interface for MACsec capable Qualcomm Atheros drivers
+#CONFIG_DRIVER_MACSEC_QCA=y
+
+# Driver interface for Linux MACsec drivers
+#CONFIG_DRIVER_MACSEC_LINUX=y
+
 # Driver interface for the Broadcom RoboSwitch family
 #CONFIG_DRIVER_ROBOSWITCH=y
 
@@ -83,8 +89,8 @@ CONFIG_DRIVER_WIRED=y
 #LIBS += -lsocket -ldlpi -lnsl
 #LIBS_c += -lsocket
 
-# Enable IEEE 802.1X Supplicant (automatically included if any EAP method is
-# included)
+# Enable IEEE 802.1X Supplicant (automatically included if any EAP method or
+# MACsec is included)
 CONFIG_IEEE8021X_EAPOL=y
 
 # EAP-MD5
@@ -166,6 +172,9 @@ CONFIG_EAP_LEAP=y
 # EAP-EKE
 #CONFIG_EAP_EKE=y
 
+# MACsec
+#CONFIG_MACSEC=y
+
 # PKCS#12 (PFX) support (used to read private key and certificate file from
 # a file that usually has extension .p12 or .pfx)
 CONFIG_PKCS12=y

diff --git a/wpa_supplicant/wpa_supplicant.conf b/wpa_supplicant/wpa_supplicant.conf
index 61eb38f9c504337ae57ac78f70033a7cee0f813b..4207bf6c7bccfa99d400669b67109f04c794fabf 100644 (file)
--- a/wpa_supplicant/wpa_supplicant.conf
+++ b/wpa_supplicant/wpa_supplicant.conf
@@ -1765,15 +1765,26 @@ network={
 }
 
 
-# Example MACsec configuration
-#network={
-#      key_mgmt=IEEE8021X
-#      eap=TTLS
-#      phase2="auth=PAP"
-#      anonymous_identity="anonymous@example.com"
-#      identity="user@example.com"
-#      password="secretr"
-#      ca_cert="/etc/cert/ca.pem"
-#      eapol_flags=0
-#      macsec_policy=1
-#}
+# Example configuration using EAP-TTLS for authentication and key
+# generation for MACsec
+network={
+       key_mgmt=IEEE8021X
+       eap=TTLS
+       phase2="auth=PAP"
+       anonymous_identity="anonymous@example.com"
+       identity="user@example.com"
+       password="secretr"
+       ca_cert="/etc/cert/ca.pem"
+       eapol_flags=0
+       macsec_policy=1
+}
+
+# Example configuration for MACsec with preshared key
+network={
+       key_mgmt=NONE
+       eapol_flags=0
+       macsec_policy=1
+       mka_cak=0123456789ABCDEF0123456789ABCDEF
+       mka_ckn=6162636465666768696A6B6C6D6E6F707172737475767778797A303132333435
+       mka_priority=128
+}