Home Explore Help
Register Sign In
OpenWrt
/
openwrt
mirror of https://github.com/openwrt/openwrt.git
2
0
Fork 0
Files Issues 0 Wiki
Tree: 2e0f41e73a
Branches Tags
openwrt
/
package
/
network
/
services
/
hostapd
/
patches
/
557-hostapd-support-Multi-AP-backhaul-STA-onboarding.patch

557-hostapd-support-Multi-AP-backhaul-STA-onboarding.patch 12 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339 
  1. From 8b04a4cddbd6dbadb24279713af7ac677e80d342 Mon Sep 17 00:00:00 2001
    2. 

  2. From: Davina Lu <[email protected]>
    3. 

  3. Date: Tue, 2 Oct 2018 18:34:14 -0700
    4. 

  4. Subject: [PATCH] hostapd: support Multi-AP backhaul STA onboarding
    5. 

  5. 

  6. The Wi-Fi Alliance Multi-AP Specification v1.0 allows onboarding of a
    7. 

  7. backhaul STA through WPS. To enable this, the WPS registrar offers a
    8. 

  8. different set of credentials (backhaul credentials instead of fronthaul
    9. 

  9. credentials) when the Multi-AP subelement is present in the WFA vendor
    10. 

  10. extension element of the WSC M1 message.
    11. 

  11. 

  12. Add 3 new configuration options to specify the backhaul credentials for
    13. 

  13. the hostapd internal registrar: multi_ap_backhaul_ssid,
    14. 

  14. multi_ap_backhaul_wpa_psk, multi_ap_backhaul_wpa_passphrase. These are
    15. 

  15. only relevant for a fronthaul SSID, i.e. where multi_ap is set to 2 or
    16. 

  16. 3. When these options are set, pass the backhaul credentials instead of
    17. 

  17. the normal credentials when the Multi-AP subelement is present.
    18. 

  18. 

  19. Ignore the Multi-AP subelement if the backhaul config options are not
    20. 

  20. set. Note that for an SSID which is fronthaul and backhaul at the same
    21. 

  21. time (i.e., multi_ap == 3), this results in the correct credentials
    22. 

  22. being sent anyway.
    23. 

  23. 

  24. The security to be used for the backaul BSS is fixed to WPA2PSK. The
    25. 

  25. Multi-AP Specification only allows Open and WPA2PSK networks to be
    26. 

  26. configured. Although not stated explicitly, the backhaul link is
    27. 

  27. intended to be always encrypted, hence WPA2PSK.
    28. 

  28. 

  29. To build the credentials, the credential-building code is essentially
    30. 

  30. copied and simplified. Indeed, the backhaul credentials are always
    31. 

  31. WPA2PSK and never use per-device PSK. All the options set for the
    32. 

  32. fronthaul BSS WPS are simply ignored.
    33. 

  33. 

  34. Signed-off-by: Davina Lu <[email protected]>
    35. 

  35. Signed-off-by: Igor Mitsyanko <[email protected]>
    36. 

  36. Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <[email protected]>
    37. 

  37. ---
    38. 

  38. v4: no change
    39. 

  39. ---
    40. 

  40.  hostapd/config_file.c    | 47 ++++++++++++++++++++++++++++++++++++++++
    41. 

  41.  hostapd/hostapd.conf     |  9 ++++++++
    42. 

  42.  src/ap/ap_config.c       |  2 ++
    43. 

  43.  src/ap/ap_config.h       |  1 +
    44. 

  44.  src/ap/wps_hostapd.c     | 26 ++++++++++++++++++++++
    45. 

  45.  src/wps/wps.h            | 32 +++++++++++++++++++++++++++
    46. 

  46.  src/wps/wps_attr_parse.c | 11 ++++++++++
    47. 

  47.  src/wps/wps_attr_parse.h |  1 +
    48. 

  48.  src/wps/wps_dev_attr.c   |  5 +++++
    49. 

  49.  src/wps/wps_dev_attr.h   |  1 +
    50. 

  50.  src/wps/wps_registrar.c  | 25 ++++++++++++++++++++-
    51. 

  51.  11 files changed, 159 insertions(+), 1 deletion(-)
    52. 

  52. 

  53. --- a/hostapd/config_file.c
    54. 

  54. +++ b/hostapd/config_file.c
    55. 

  55. @@ -3479,6 +3479,53 @@ static int hostapd_config_fill(struct ho
    56. 

  56.  				   line, pos);
    57. 

  57.  			return 1;
    58. 

  58.  		}
    59. 

  59. +	} else if (os_strcmp(buf, "multi_ap_backhaul_ssid") == 0) {
    60. 

  60. +		size_t slen;
    61. 

  61. +		char *str = wpa_config_parse_string(pos, &slen);
    62. 

  62. +
    63. 

  63. +		if (str == NULL || slen < 1 || slen > SSID_MAX_LEN) {
    64. 

  64. +			wpa_printf(MSG_ERROR, "Line %d: invalid SSID '%s'",
    65. 

  65. +				   line, pos);
    66. 

  66. +			os_free(str);
    67. 

  67. +			return 1;
    68. 

  68. +		}
    69. 

  69. +		os_memcpy(bss->multi_ap_backhaul_ssid.ssid, str, slen);
    70. 

  70. +		bss->multi_ap_backhaul_ssid.ssid_len = slen;
    71. 

  71. +		bss->multi_ap_backhaul_ssid.ssid_set = 1;
    72. 

  72. +		os_free(str);
    73. 

  73. +	} else if (os_strcmp(buf, "multi_ap_backhaul_wpa_passphrase") == 0) {
    74. 

  74. +		int len = os_strlen(pos);
    75. 

  75. +
    76. 

  76. +		if (len < 8 || len > 63) {
    77. 

  77. +			wpa_printf(MSG_ERROR,
    78. 

  78. +				   "Line %d: invalid WPA passphrase length %d (expected 8..63)",
    79. 

  79. +				   line, len);
    80. 

  80. +			return 1;
    81. 

  81. +		}
    82. 

  82. +		os_free(bss->multi_ap_backhaul_ssid.wpa_passphrase);
    83. 

  83. +		bss->multi_ap_backhaul_ssid.wpa_passphrase = os_strdup(pos);
    84. 

  84. +		if (bss->multi_ap_backhaul_ssid.wpa_passphrase) {
    85. 

  85. +			hostapd_config_clear_wpa_psk(&bss->multi_ap_backhaul_ssid.wpa_psk);
    86. 

  86. +			bss->multi_ap_backhaul_ssid.wpa_passphrase_set = 1;
    87. 

  87. +		}
    88. 

  88. +	} else if (os_strcmp(buf, "multi_ap_backhaul_wpa_psk") == 0) {
    89. 

  89. +		hostapd_config_clear_wpa_psk(&bss->multi_ap_backhaul_ssid.wpa_psk);
    90. 

  90. +		bss->multi_ap_backhaul_ssid.wpa_psk =
    91. 

  91. +			os_zalloc(sizeof(struct hostapd_wpa_psk));
    92. 

  92. +		if (bss->multi_ap_backhaul_ssid.wpa_psk == NULL)
    93. 

  93. +			return 1;
    94. 

  94. +		if (hexstr2bin(pos, bss->multi_ap_backhaul_ssid.wpa_psk->psk,
    95. 

  95. +			       PMK_LEN) ||
    96. 

  96. +		    pos[PMK_LEN * 2] != '\0') {
    97. 

  97. +			wpa_printf(MSG_ERROR, "Line %d: Invalid PSK '%s'.",
    98. 

  98. +				   line, pos);
    99. 

  99. +			hostapd_config_clear_wpa_psk(&bss->multi_ap_backhaul_ssid.wpa_psk);
    100. 

  100. +			return 1;
    101. 

  101. +		}
    102. 

  102. +		bss->multi_ap_backhaul_ssid.wpa_psk->group = 1;
    103. 

  103. +		os_free(bss->multi_ap_backhaul_ssid.wpa_passphrase);
    104. 

  104. +		bss->multi_ap_backhaul_ssid.wpa_passphrase = NULL;
    105. 

  105. +		bss->multi_ap_backhaul_ssid.wpa_psk_set = 1;
    106. 

  106.  	} else if (os_strcmp(buf, "upnp_iface") == 0) {
    107. 

  107.  		os_free(bss->upnp_iface);
    108. 

  108.  		bss->upnp_iface = os_strdup(pos);
    109. 

  109. --- a/hostapd/hostapd.conf
    110. 

  110. +++ b/hostapd/hostapd.conf
    111. 

  111. @@ -1852,6 +1852,15 @@ own_ip_addr=127.0.0.1
    112. 

  112.  # attribute.
    113. 

  113.  #ap_settings=hostapd.ap_settings
    114. 

  114.  
    115. 

  115. +# Multi-AP backhaul BSS config
    116. 

  116. +# Used in WPS when multi_ap=2 or 3. Defines "backhaul BSS" credentials.
    117. 

  117. +# These are passed in WPS M8 instead of the normal (fronthaul) credentials
    118. 

  118. +# if the enrollee has the Multi-AP subelement set. Backhaul SSID is formatted
    119. 

  119. +# like ssid2. The key is set like wpa_psk or wpa_passphrase.
    120. 

  120. +#multi_ap_backhaul_ssid="backhaul"
    121. 

  121. +#multi_ap_backhaul_wpa_psk=0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef
    122. 

  122. +#multi_ap_backhaul_wpa_passphrase=secret passphrase
    123. 

  123. +
    124. 

  124.  # WPS UPnP interface
    125. 

  125.  # If set, support for external Registrars is enabled.
    126. 

  126.  #upnp_iface=br0
    127. 

  127. --- a/src/ap/ap_config.c
    128. 

  128. +++ b/src/ap/ap_config.c
    129. 

  129. @@ -582,6 +582,8 @@ void hostapd_config_free_bss(struct host
    130. 

  130.  	os_free(conf->ap_pin);
    131. 

  131.  	os_free(conf->extra_cred);
    132. 

  132.  	os_free(conf->ap_settings);
    133. 

  133. +	hostapd_config_clear_wpa_psk(&conf->multi_ap_backhaul_ssid.wpa_psk);
    134. 

  134. +	str_clear_free(conf->multi_ap_backhaul_ssid.wpa_passphrase);
    135. 

  135.  	os_free(conf->upnp_iface);
    136. 

  136.  	os_free(conf->friendly_name);
    137. 

  137.  	os_free(conf->manufacturer_url);
    138. 

  138. --- a/src/ap/ap_config.h
    139. 

  139. +++ b/src/ap/ap_config.h
    140. 

  140. @@ -456,6 +456,7 @@ struct hostapd_bss_config {
    141. 

  141.  	int force_per_enrollee_psk;
    142. 

  142.  	u8 *ap_settings;
    143. 

  143.  	size_t ap_settings_len;
    144. 

  144. +	struct hostapd_ssid multi_ap_backhaul_ssid;
    145. 

  145.  	char *upnp_iface;
    146. 

  146.  	char *friendly_name;
    147. 

  147.  	char *manufacturer_url;
    148. 

  148. --- a/src/ap/wps_hostapd.c
    149. 

  149. +++ b/src/ap/wps_hostapd.c
    150. 

  150. @@ -962,6 +962,7 @@ static void hostapd_free_wps(struct wps_
    151. 

  151.  		wpabuf_free(wps->dev.vendor_ext[i]);
    152. 

  152.  	wps_device_data_free(&wps->dev);
    153. 

  153.  	os_free(wps->network_key);
    154. 

  154. +	os_free(wps->multi_ap_backhaul_network_key);
    155. 

  155.  	hostapd_wps_nfc_clear(wps);
    156. 

  156.  	wpabuf_free(wps->dh_pubkey);
    157. 

  157.  	wpabuf_free(wps->dh_privkey);
    158. 

  158. @@ -1131,6 +1132,31 @@ int hostapd_init_wps(struct hostapd_data
    159. 

  159.  		wps->encr_types_wpa = WPS_ENCR_AES | WPS_ENCR_TKIP;
    160. 

  160.  	}
    161. 

  161.  
    162. 

  162. +	if (hapd->conf->multi_ap & FRONTHAUL_BSS &&
    163. 

  163. +	    hapd->conf->multi_ap_backhaul_ssid.ssid_len) {
    164. 

  164. +		wps->multi_ap_backhaul_ssid_len =
    165. 

  165. +			hapd->conf->multi_ap_backhaul_ssid.ssid_len;
    166. 

  166. +		os_memcpy(wps->multi_ap_backhaul_ssid,
    167. 

  167. +			  hapd->conf->multi_ap_backhaul_ssid.ssid,
    168. 

  168. +			  wps->multi_ap_backhaul_ssid_len);
    169. 

  169. +		if (conf->multi_ap_backhaul_ssid.wpa_passphrase) {
    170. 

  170. +			wps->multi_ap_backhaul_network_key =
    171. 

  171. +				(u8 *) os_strdup(conf->multi_ap_backhaul_ssid.wpa_passphrase);
    172. 

  172. +			wps->multi_ap_backhaul_network_key_len =
    173. 

  173. +				os_strlen(conf->multi_ap_backhaul_ssid.wpa_passphrase);
    174. 

  174. +		} else if (conf->multi_ap_backhaul_ssid.wpa_psk) {
    175. 

  175. +			wps->multi_ap_backhaul_network_key =
    176. 

  176. +				os_malloc(2 * PMK_LEN + 1);
    177. 

  177. +			if (wps->multi_ap_backhaul_network_key == NULL)
    178. 

  178. +				goto fail;
    179. 

  179. +			wpa_snprintf_hex((char *) wps->multi_ap_backhaul_network_key,
    180. 

  180. +					 2 * PMK_LEN + 1,
    181. 

  181. +					 conf->multi_ap_backhaul_ssid.wpa_psk->psk,
    182. 

  182. +					 PMK_LEN);
    183. 

  183. +			wps->multi_ap_backhaul_network_key_len = 2 * PMK_LEN;
    184. 

  184. +		}
    185. 

  185. +	}
    186. 

  186. +
    187. 

  187.  	wps->ap_settings = conf->ap_settings;
    188. 

  188.  	wps->ap_settings_len = conf->ap_settings_len;
    189. 

  189.  
    190. 

  190. --- a/src/wps/wps.h
    191. 

  191. +++ b/src/wps/wps.h
    192. 

  192. @@ -100,6 +100,7 @@ struct wps_device_data {
    193. 

  193.  	struct wpabuf *vendor_ext[MAX_WPS_VENDOR_EXTENSIONS];
    194. 

  194.  
    195. 

  195.  	int p2p;
    196. 

  196. +	u8 multi_ap_ext;
    197. 

  197.  };
    198. 

  198.  
    199. 

  199.  /**
    200. 

  200. @@ -730,6 +731,37 @@ struct wps_context {
    201. 

  201.  	int psk_set;
    202. 

  202.  
    203. 

  203.  	/**
    204. 

  204. +	 * multi_ap_backhaul_ssid - SSID to supply to a Multi-AP backhaul
    205. 

  205. +	 * enrollee
    206. 

  206. +	 *
    207. 

  207. +	 * This SSID is used by the Registrar to fill in information for
    208. 

  208. +	 * Credentials when the enrollee advertises it is a Multi-AP backhaul
    209. 

  209. +	 * STA.
    210. 

  210. +	 */
    211. 

  211. +	u8 multi_ap_backhaul_ssid[SSID_MAX_LEN];
    212. 

  212. +
    213. 

  213. +	/**
    214. 

  214. +	 * multi_ap_backhaul_ssid_len - Length of multi_ap_backhaul_ssid in
    215. 

  215. +	 * octets
    216. 

  216. +	 */
    217. 

  217. +	size_t multi_ap_backhaul_ssid_len;
    218. 

  218. +
    219. 

  219. +	/**
    220. 

  220. +	 * multi_ap_backhaul_network_key - The Network Key (PSK) for the
    221. 

  221. +	 * Multi-AP backhaul enrollee.
    222. 

  222. +	 *
    223. 

  223. +	 * This key can be either the ASCII passphrase (8..63 characters) or the
    224. 

  224. +	 * 32-octet PSK (64 hex characters).
    225. 

  225. +	 */
    226. 

  226. +	u8 *multi_ap_backhaul_network_key;
    227. 

  227. +
    228. 

  228. +	/**
    229. 

  229. +	 * multi_ap_backhaul_network_key_len - Length of
    230. 

  230. +	 * multi_ap_backhaul_network_key in octets
    231. 

  231. +	 */
    232. 

  232. +	size_t multi_ap_backhaul_network_key_len;
    233. 

  233. +
    234. 

  234. +	/**
    235. 

  235.  	 * ap_settings - AP Settings override for M7 (only used at AP)
    236. 

  236.  	 *
    237. 

  237.  	 * If %NULL, AP Settings attributes will be generated based on the
    238. 

  238. --- a/src/wps/wps_attr_parse.c
    239. 

  239. +++ b/src/wps/wps_attr_parse.c
    240. 

  240. @@ -67,6 +67,17 @@ static int wps_set_vendor_ext_wfa_subele
    241. 

  241.  		}
    242. 

  242.  		attr->registrar_configuration_methods = pos;
    243. 

  243.  		break;
    244. 

  244. +	case WFA_ELEM_MULTI_AP:
    245. 

  245. +		if (len != 1) {
    246. 

  246. +			wpa_printf(MSG_DEBUG,
    247. 

  247. +				   "WPS: Invalid Multi-AP Extension length %u",
    248. 

  248. +				   len);
    249. 

  249. +			return -1;
    250. 

  250. +		}
    251. 

  251. +		attr->multi_ap_ext = *pos;
    252. 

  252. +		wpa_printf(MSG_DEBUG, "WPS: Multi-AP Extension 0x%02x",
    253. 

  253. +			   attr->multi_ap_ext);
    254. 

  254. +		break;
    255. 

  255.  	default:
    256. 

  256.  		wpa_printf(MSG_MSGDUMP, "WPS: Skipped unknown WFA Vendor "
    257. 

  257.  			   "Extension subelement %u", id);
    258. 

  258. --- a/src/wps/wps_attr_parse.h
    259. 

  259. +++ b/src/wps/wps_attr_parse.h
    260. 

  260. @@ -97,6 +97,7 @@ struct wps_parse_attr {
    261. 

  261.  	const u8 *cred[MAX_CRED_COUNT];
    262. 

  262.  	const u8 *req_dev_type[MAX_REQ_DEV_TYPE_COUNT];
    263. 

  263.  	const u8 *vendor_ext[MAX_WPS_PARSE_VENDOR_EXT];
    264. 

  264. +	u8 multi_ap_ext;
    265. 

  265.  };
    266. 

  266.  
    267. 

  267.  int wps_parse_msg(const struct wpabuf *msg, struct wps_parse_attr *attr);
    268. 

  268. --- a/src/wps/wps_dev_attr.c
    269. 

  269. +++ b/src/wps/wps_dev_attr.c
    270. 

  270. @@ -389,6 +389,11 @@ int wps_process_os_version(struct wps_de
    271. 

  271.  	return 0;
    272. 

  272.  }
    273. 

  273.  
    274. 

  274. +void wps_process_vendor_ext_m1(struct wps_device_data *dev, const u8 ext)
    275. 

  275. +{
    276. 

  276. +	dev->multi_ap_ext = ext;
    277. 

  277. +	wpa_printf(MSG_DEBUG, "WPS: Multi-AP extension value %02x", dev->multi_ap_ext);
    278. 

  278. +}
    279. 

  279.  
    280. 

  280.  int wps_process_rf_bands(struct wps_device_data *dev, const u8 *bands)
    281. 

  281.  {
    282. 

  282. --- a/src/wps/wps_dev_attr.h
    283. 

  283. +++ b/src/wps/wps_dev_attr.h
    284. 

  284. @@ -29,6 +29,7 @@ int wps_build_dev_name(struct wps_device
    285. 

  285.  int wps_process_device_attrs(struct wps_device_data *dev,
    286. 

  286.  			     struct wps_parse_attr *attr);
    287. 

  287.  int wps_process_os_version(struct wps_device_data *dev, const u8 *ver);
    288. 

  288. +void wps_process_vendor_ext_m1(struct wps_device_data *dev, const u8 ext);
    289. 

  289.  int wps_process_rf_bands(struct wps_device_data *dev, const u8 *bands);
    290. 

  290.  void wps_device_data_free(struct wps_device_data *dev);
    291. 

  291.  int wps_build_vendor_ext(struct wps_device_data *dev, struct wpabuf *msg);
    292. 

  292. --- a/src/wps/wps_registrar.c
    293. 

  293. +++ b/src/wps/wps_registrar.c
    294. 

  294. @@ -1588,7 +1588,6 @@ int wps_build_credential_wrap(struct wpa
    295. 

  295.  	return 0;
    296. 

  296.  }
    297. 

  297.  
    298. 

  298. -
    299. 

  299.  int wps_build_cred(struct wps_data *wps, struct wpabuf *msg)
    300. 

  300.  {
    301. 

  301.  	struct wpabuf *cred;
    302. 

  302. @@ -1603,6 +1602,29 @@ int wps_build_cred(struct wps_data *wps,
    303. 

  303.  	}
    304. 

  304.  	os_memset(&wps->cred, 0, sizeof(wps->cred));
    305. 

  305.  
    306. 

  306. +	if (wps->peer_dev.multi_ap_ext == MULTI_AP_BACKHAUL_STA &&
    307. 

  307. +	    wps->wps->multi_ap_backhaul_ssid_len) {
    308. 

  308. +		wpa_printf(MSG_DEBUG, "WPS: Use backhaul STA credentials");
    309. 

  309. +		os_memcpy(wps->cred.ssid, wps->wps->multi_ap_backhaul_ssid,
    310. 

  310. +			  wps->wps->multi_ap_backhaul_ssid_len);
    311. 

  311. +		wps->cred.ssid_len = wps->wps->multi_ap_backhaul_ssid_len;
    312. 

  312. +		/* Backhaul is always WPA2PSK */
    313. 

  313. +		wps->cred.auth_type = WPS_AUTH_WPA2PSK;
    314. 

  314. +		wps->cred.encr_type = WPS_ENCR_AES;
    315. 

  315. +		/* Set MAC address in the Credential to be the Enrollee's MAC
    316. 

  316. +		 * address
    317. 

  317. +		 */
    318. 

  318. +		os_memcpy(wps->cred.mac_addr, wps->mac_addr_e, ETH_ALEN);
    319. 

  319. +		if (wps->wps->multi_ap_backhaul_network_key) {
    320. 

  320. +			os_memcpy(wps->cred.key,
    321. 

  321. +				  wps->wps->multi_ap_backhaul_network_key,
    322. 

  322. +				  wps->wps->multi_ap_backhaul_network_key_len);
    323. 

  323. +			wps->cred.key_len =
    324. 

  324. +				wps->wps->multi_ap_backhaul_network_key_len;
    325. 

  325. +		}
    326. 

  326. +		goto use_provided;
    327. 

  327. +	}
    328. 

  328. +
    329. 

  329.  	os_memcpy(wps->cred.ssid, wps->wps->ssid, wps->wps->ssid_len);
    330. 

  330.  	wps->cred.ssid_len = wps->wps->ssid_len;
    331. 

  331.  
    332. 

  332. @@ -2705,6 +2727,7 @@ static enum wps_process_res wps_process_
    333. 

  333.  		wps->use_psk_key = 1;
    334. 

  334.  	}
    335. 

  335.  #endif /* WPS_WORKAROUNDS */
    336. 

  336. +	wps_process_vendor_ext_m1(&wps->peer_dev, attr->multi_ap_ext);
    337. 

  337.  
    338. 

  338.  	wps->state = SEND_M2;
    339. 

  339.  	return WPS_CONTINUE;
    340.