STA shared-key authentication support

Amit Gurdasani gurdasani
Sat Nov 16 18:09:17 PST 2002


Hi, all. I'm new to this list, and I've perused the mailing list archives
and didn't see this addressed, so please be gentle. :)

I wanted to use shared-key authentication with my (Host)AP, but found that
hostap_cs currently doesn't support shared-key authentication, so I've
prepared a hack that adds this functionality (based on what linux-wlan-ng
does).

This 'overloads' the ap_auth_algs IOCTL parameter, so that in non-Master
mode, setting the parameter will cause the authentication system record to
be changed. The effect is that by setting it to 2 using

prism2_param wlan0 ap_auth_algs 2

will enable client-side shared-key authentication.

It seems to work well for me (secondary f/w 1.4.9 with firmware-based WEP
encryption and decryption enabled). I haven't tested it with any other
configurations, so YMMV.

Changing it to 1 (open-system auth) and then using iwpriv on AP side to
kickmac prevented association from occurring (the AP is set to accept
shared-key auth only), and then changing it to 2, the STA was automatically
able to associate. Applying the patch AP-side had no effect (and no
regression).

This patch is against the current CVS HEAD hostap_ioctl.c as obtained from
CVSWeb, though I tested it with the 2002-10-12 tarball.

Thanks for your excellent work, Jouni and others. (For the record, with
firmware WEP encryption and decryption enabled, and with a 104-bit key,
hostap_cs is able to get away with 30-40% of the CPU utilization of
linux-wlan-ng, which pegs the 400 MHz CPU in this laptop at close to 100%
while doing large transfers with 128-bit WEP enabled. Using host-based WEP
encryption and decryption is not very much worse.)

-8<-----8<-----8<-----8<-----8<-----8<-----8<-----8<-----8<-----8<----8<-
--- hostap_ioctl.c.1.19	2002-11-16 20:38:01.000000000 -0500
+++ hostap_ioctl.c	2002-11-16 20:38:13.000000000 -0500
@@ -1990,6 +1990,33 @@
 	case PRISM2_PARAM_AP_AUTH_ALGS:
 		if (local->ap != NULL)
 			local->ap->auth_algs = value;
+
+		if (local -> iw_mode != IW_MODE_MASTER) {
+			/*
+			 * hack to enable STA-side shared key auth
+			 *
+			 * See if we've been passed a valid value. The only
+			 * values allowed are 1 (open system) and 2 (shared
+			 * key).
+			 */
+			if (value < 1 || value > 2) {
+				printk (KERN_WARNING "%s: Authentication "
+				        "system %d is unknown. (1 = open, "
+					"2 = shared key)\n",
+					local -> dev -> name, value);
+				ret = -EINVAL;
+			}
+			/* set the auth record to requested */
+			if (hostap_set_word (local -> dev,
+			                     HFA384X_RID_CNFAUTHENTICATION,
+			                     value)) {
+				printk (KERN_WARNING "%s: Could not set "
+				        "authentication system to %s.\n",
+					local -> dev -> name,
+					(value ? "open" : "shared key"));
+				ret = -EINVAL;
+			}
+		}
 		break;

 	case PRISM2_PARAM_MONITOR_ALLOW_FCSERR:
-8<-----8<-----8<-----8<-----8<-----8<-----8<-----8<-----8<-----8<----8<-
-------------- next part --------------
--- hostap_ioctl.c.1.19	2002-11-16 20:38:01.000000000 -0500
+++ hostap_ioctl.c	2002-11-16 20:38:13.000000000 -0500
@@ -1990,6 +1990,33 @@
 	case PRISM2_PARAM_AP_AUTH_ALGS:
 		if (local->ap != NULL)
 			local->ap->auth_algs = value;
+
+		if (local -> iw_mode != IW_MODE_MASTER) {
+			/*
+			 * hack to enable STA-side shared key auth
+			 *
+			 * See if we've been passed a valid value. The only
+			 * values allowed are 1 (open system) and 2 (shared
+			 * key).
+			 */
+			if (value < 1 || value > 2) {
+				printk (KERN_WARNING "%s: Authentication "
+				        "system %d is unknown. (1 = open, "
+					"2 = shared key)\n",
+					local -> dev -> name, value);
+				ret = -EINVAL;
+			}
+			/* set the auth record to requested */
+			if (hostap_set_word (local -> dev,
+			                     HFA384X_RID_CNFAUTHENTICATION,
+			                     value)) {
+				printk (KERN_WARNING "%s: Could not set "
+				        "authentication system to %s.\n",
+					local -> dev -> name,
+					(value ? "open" : "shared key"));
+				ret = -EINVAL;
+			}
+		}
 		break;
 
 	case PRISM2_PARAM_MONITOR_ALLOW_FCSERR:



More information about the Hostap mailing list