STA shared-key authentication support
Amit Gurdasani
gurdasani
Sat Nov 16 18:09:17 PST 2002
Hi, all. I'm new to this list, and I've perused the mailing list archives
and didn't see this addressed, so please be gentle. :)
I wanted to use shared-key authentication with my (Host)AP, but found that
hostap_cs currently doesn't support shared-key authentication, so I've
prepared a hack that adds this functionality (based on what linux-wlan-ng
does).
This 'overloads' the ap_auth_algs IOCTL parameter, so that in non-Master
mode, setting the parameter will cause the authentication system record to
be changed. The effect is that by setting it to 2 using
prism2_param wlan0 ap_auth_algs 2
will enable client-side shared-key authentication.
It seems to work well for me (secondary f/w 1.4.9 with firmware-based WEP
encryption and decryption enabled). I haven't tested it with any other
configurations, so YMMV.
Changing it to 1 (open-system auth) and then using iwpriv on AP side to
kickmac prevented association from occurring (the AP is set to accept
shared-key auth only), and then changing it to 2, the STA was automatically
able to associate. Applying the patch AP-side had no effect (and no
regression).
This patch is against the current CVS HEAD hostap_ioctl.c as obtained from
CVSWeb, though I tested it with the 2002-10-12 tarball.
Thanks for your excellent work, Jouni and others. (For the record, with
firmware WEP encryption and decryption enabled, and with a 104-bit key,
hostap_cs is able to get away with 30-40% of the CPU utilization of
linux-wlan-ng, which pegs the 400 MHz CPU in this laptop at close to 100%
while doing large transfers with 128-bit WEP enabled. Using host-based WEP
encryption and decryption is not very much worse.)
-8<-----8<-----8<-----8<-----8<-----8<-----8<-----8<-----8<-----8<----8<-
--- hostap_ioctl.c.1.19 2002-11-16 20:38:01.000000000 -0500
+++ hostap_ioctl.c 2002-11-16 20:38:13.000000000 -0500
@@ -1990,6 +1990,33 @@
case PRISM2_PARAM_AP_AUTH_ALGS:
if (local->ap != NULL)
local->ap->auth_algs = value;
+
+ if (local -> iw_mode != IW_MODE_MASTER) {
+ /*
+ * hack to enable STA-side shared key auth
+ *
+ * See if we've been passed a valid value. The only
+ * values allowed are 1 (open system) and 2 (shared
+ * key).
+ */
+ if (value < 1 || value > 2) {
+ printk (KERN_WARNING "%s: Authentication "
+ "system %d is unknown. (1 = open, "
+ "2 = shared key)\n",
+ local -> dev -> name, value);
+ ret = -EINVAL;
+ }
+ /* set the auth record to requested */
+ if (hostap_set_word (local -> dev,
+ HFA384X_RID_CNFAUTHENTICATION,
+ value)) {
+ printk (KERN_WARNING "%s: Could not set "
+ "authentication system to %s.\n",
+ local -> dev -> name,
+ (value ? "open" : "shared key"));
+ ret = -EINVAL;
+ }
+ }
break;
case PRISM2_PARAM_MONITOR_ALLOW_FCSERR:
-8<-----8<-----8<-----8<-----8<-----8<-----8<-----8<-----8<-----8<----8<-
-------------- next part --------------
--- hostap_ioctl.c.1.19 2002-11-16 20:38:01.000000000 -0500
+++ hostap_ioctl.c 2002-11-16 20:38:13.000000000 -0500
@@ -1990,6 +1990,33 @@
case PRISM2_PARAM_AP_AUTH_ALGS:
if (local->ap != NULL)
local->ap->auth_algs = value;
+
+ if (local -> iw_mode != IW_MODE_MASTER) {
+ /*
+ * hack to enable STA-side shared key auth
+ *
+ * See if we've been passed a valid value. The only
+ * values allowed are 1 (open system) and 2 (shared
+ * key).
+ */
+ if (value < 1 || value > 2) {
+ printk (KERN_WARNING "%s: Authentication "
+ "system %d is unknown. (1 = open, "
+ "2 = shared key)\n",
+ local -> dev -> name, value);
+ ret = -EINVAL;
+ }
+ /* set the auth record to requested */
+ if (hostap_set_word (local -> dev,
+ HFA384X_RID_CNFAUTHENTICATION,
+ value)) {
+ printk (KERN_WARNING "%s: Could not set "
+ "authentication system to %s.\n",
+ local -> dev -> name,
+ (value ? "open" : "shared key"));
+ ret = -EINVAL;
+ }
+ }
break;
case PRISM2_PARAM_MONITOR_ALLOW_FCSERR:
More information about the Hostap
mailing list