FILS: Add hostapd configuration options

This adds CONFIG_FILS=y build configuration option and new key
management options for FILS authentication.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>

diff --git a/hostapd/Android.mk b/hostapd/Android.mk
index ea3a39a9719faa145e69b70d8ab1b5ee2b5c0f82..da92639f806d8e2636b5e786c75bc85445a93b72 100644 (file)
--- a/hostapd/Android.mk
+++ b/hostapd/Android.mk
@@ -258,6 +258,12 @@ NEED_ECC=y
 NEED_DH_GROUPS=y
 endif
 
+ifdef CONFIG_FILS
+L_CFLAGS += -DCONFIG_FILS
+NEED_CRC32=y
+NEED_SHA384=y
+endif
+
 ifdef CONFIG_WNM
 L_CFLAGS += -DCONFIG_WNM
 OBJS += src/ap/wnm_ap.c
@@ -852,6 +858,10 @@ ifdef NEED_ECC
 L_CFLAGS += -DCONFIG_ECC
 endif
 
+ifdef NEED_CRC32
+OBJS += src/utils/crc32.c
+endif
+
 ifdef CONFIG_NO_RANDOM_POOL
 L_CFLAGS += -DCONFIG_NO_RANDOM_POOL
 else

diff --git a/hostapd/Makefile b/hostapd/Makefile
index 46dffe5a3acaf7a814c38344f725c0fffb9de7d5..61daf0dc944e56bf316fbff57b17c11120a2fab2 100644 (file)
--- a/hostapd/Makefile
+++ b/hostapd/Makefile
@@ -305,6 +305,12 @@ NEED_DH_GROUPS=y
 NEED_AP_MLME=y
 endif
 
+ifdef CONFIG_FILS
+CFLAGS += -DCONFIG_FILS
+NEED_CRC32=y
+NEED_SHA384=y
+endif
+
 ifdef CONFIG_WNM
 CFLAGS += -DCONFIG_WNM
 OBJS += ../src/ap/wnm_ap.o
@@ -894,6 +900,10 @@ ifdef NEED_ECC
 CFLAGS += -DCONFIG_ECC
 endif
 
+ifdef NEED_CRC32
+OBJS += ../src/utils/crc32.o
+endif
+
 ifdef CONFIG_NO_RANDOM_POOL
 CFLAGS += -DCONFIG_NO_RANDOM_POOL
 else

diff --git a/hostapd/config_file.c b/hostapd/config_file.c
index 2d672825fbebc643297b2f308846e3b63ba3d654..9c744de5cd21c348bbc89af8b50b4c19ba7f7157 100644 (file)
--- a/hostapd/config_file.c
+++ b/hostapd/config_file.c
@@ -710,6 +710,18 @@ static int hostapd_config_parse_key_mgmt(int line, const char *value)
                else if (os_strcmp(start, "WPA-EAP-SUITE-B-192") == 0)
                        val |= WPA_KEY_MGMT_IEEE8021X_SUITE_B_192;
 #endif /* CONFIG_SUITEB192 */
+#ifdef CONFIG_FILS
+               else if (os_strcmp(start, "FILS-SHA256") == 0)
+                       val |= WPA_KEY_MGMT_FILS_SHA256;
+               else if (os_strcmp(start, "FILS-SHA384") == 0)
+                       val |= WPA_KEY_MGMT_FILS_SHA384;
+#ifdef CONFIG_IEEE80211R
+               else if (os_strcmp(start, "FT-FILS-SHA256") == 0)
+                       val |= WPA_KEY_MGMT_FT_FILS_SHA256;
+               else if (os_strcmp(start, "FT-FILS-SHA384") == 0)
+                       val |= WPA_KEY_MGMT_FT_FILS_SHA384;
+#endif /* CONFIG_IEEE80211R */
+#endif /* CONFIG_FILS */
                else {
                        wpa_printf(MSG_ERROR, "Line %d: invalid key_mgmt '%s'",
                                   line, start);
@@ -3493,6 +3505,16 @@ static int hostapd_config_fill(struct hostapd_config *conf,
                bss->ftm_responder = atoi(pos);
        } else if (os_strcmp(buf, "ftm_initiator") == 0) {
                bss->ftm_initiator = atoi(pos);
+#ifdef CONFIG_FILS
+       } else if (os_strcmp(buf, "fils_cache_id") == 0) {
+               if (hexstr2bin(pos, bss->fils_cache_id, FILS_CACHE_ID_LEN)) {
+                       wpa_printf(MSG_ERROR,
+                                  "Line %d: Invalid fils_cache_id '%s'",
+                                  line, pos);
+                       return 1;
+               }
+               bss->fils_cache_id_set = 1;
+#endif /* CONFIG_FILS */
        } else {
                wpa_printf(MSG_ERROR,
                           "Line %d: unknown configuration item '%s'",

diff --git a/hostapd/ctrl_iface.c b/hostapd/ctrl_iface.c
index d7db4a7c3c484a61c730fe2345a924914980609f..d56383196b5ccd1570b080d147c0284bcfa9e10d 100644 (file)
--- a/hostapd/ctrl_iface.c
+++ b/hostapd/ctrl_iface.c
@@ -1117,6 +1117,20 @@ static int hostapd_ctrl_iface_get_key_mgmt(struct hostapd_data *hapd,
                pos += ret;
        }
 #endif /* CONFIG_SAE */
+#ifdef CONFIG_FILS
+       if (hapd->conf->wpa_key_mgmt & WPA_KEY_MGMT_FT_FILS_SHA256) {
+               ret = os_snprintf(pos, end - pos, "FT-FILS-SHA256 ");
+               if (os_snprintf_error(end - pos, ret))
+                       return pos - buf;
+               pos += ret;
+       }
+       if (hapd->conf->wpa_key_mgmt & WPA_KEY_MGMT_FT_FILS_SHA384) {
+               ret = os_snprintf(pos, end - pos, "FT-FILS-SHA384 ");
+               if (os_snprintf_error(end - pos, ret))
+                       return pos - buf;
+               pos += ret;
+       }
+#endif /* CONFIG_FILS */
 #endif /* CONFIG_IEEE80211R */
 #ifdef CONFIG_IEEE80211W
        if (hapd->conf->wpa_key_mgmt & WPA_KEY_MGMT_PSK_SHA256) {
@@ -1154,6 +1168,20 @@ static int hostapd_ctrl_iface_get_key_mgmt(struct hostapd_data *hapd,
                        return pos - buf;
                pos += ret;
        }
+#ifdef CONFIG_FILS
+       if (hapd->conf->wpa_key_mgmt & WPA_KEY_MGMT_FILS_SHA256) {
+               ret = os_snprintf(pos, end - pos, "FILS-SHA256 ");
+               if (os_snprintf_error(end - pos, ret))
+                       return pos - buf;
+               pos += ret;
+       }
+       if (hapd->conf->wpa_key_mgmt & WPA_KEY_MGMT_FILS_SHA384) {
+               ret = os_snprintf(pos, end - pos, "FILS-SHA384 ");
+               if (os_snprintf_error(end - pos, ret))
+                       return pos - buf;
+               pos += ret;
+       }
+#endif /* CONFIG_FILS */
 
        if (pos > buf && *(pos - 1) == ' ') {
                *(pos - 1) = '\0';

diff --git a/hostapd/defconfig b/hostapd/defconfig
index 4659dd1e6bcbd54d2f643ff230134a21629be8b1..28d1b6c71495e46e6fa9c424229d70b4aae8ec7d 100644 (file)
--- a/hostapd/defconfig
+++ b/hostapd/defconfig
@@ -343,3 +343,8 @@ CONFIG_IPV6=y
 # a client, from which a signature can be produced which can identify the model
 # of client device like "Nexus 6P" or "iPhone 5s".
 #CONFIG_TAXONOMY=y
+
+# Fast Initial Link Setup (FILS) (IEEE 802.11ai)
+# Note: This is an experimental and not yet complete implementation. This
+# should not be enabled for production use.
+#CONFIG_FILS=y

diff --git a/hostapd/hostapd.conf b/hostapd/hostapd.conf
index b5f5b177529c32f9aa77bdc848184b36efa4b046..0574fa47471be2c86de3b7622d136deb1e620523 100644 (file)
--- a/hostapd/hostapd.conf
+++ b/hostapd/hostapd.conf
@@ -1163,6 +1163,10 @@ own_ip_addr=127.0.0.1
 # Set of accepted key management algorithms (WPA-PSK, WPA-EAP, or both). The
 # entries are separated with a space. WPA-PSK-SHA256 and WPA-EAP-SHA256 can be
 # added to enable SHA256-based stronger algorithms.
+# FILS-SHA256 = Fast Initial Link Setup with SHA256
+# FILS-SHA384 = Fast Initial Link Setup with SHA384
+# FT-FILS-SHA256 = FT and Fast Initial Link Setup with SHA256
+# FT-FILS-SHA384 = FT and Fast Initial Link Setup with SHA384
 # (dot11RSNAConfigAuthenticationSuitesTable)
 #wpa_key_mgmt=WPA-PSK WPA-EAP
 
@@ -1273,6 +1277,9 @@ own_ip_addr=127.0.0.1
 # http://www.iana.org/assignments/ipsec-registry/ipsec-registry.xml#ipsec-registry-9
 #sae_groups=19 20 21 25 26
 
+# FILS Cache Identifier (16-bit value in hexdump format)
+#fils_cache_id=0011
+
 ##### IEEE 802.11r configuration ##############################################
 
 # Mobility Domain identifier (dot11FTMobilityDomainID, MDID)

diff --git a/src/ap/ap_config.h b/src/ap/ap_config.h
index f9b43064f39ab183ba99de1610bb02923c3ee08e..04b90b84a7b944b19a6856483f8d0101c9e5efc2 100644 (file)
--- a/src/ap/ap_config.h
+++ b/src/ap/ap_config.h
@@ -596,6 +596,11 @@ struct hostapd_bss_config {
 
        int ftm_responder;
        int ftm_initiator;
+
+#ifdef CONFIG_FILS
+       u8 fils_cache_id[FILS_CACHE_ID_LEN];
+       int fils_cache_id_set;
+#endif /* CONFIG_FILS */
 };