[LEDE-DEV] [PATCH 0/3] hostapd: support SHA256-based algorithms
Sebastian Kemper
sebastian_ml at gmx.net
Thu Dec 29 12:48:01 PST 2016
On Wed, Dec 28, 2016 at 02:16:00PM +0100, Stijn Tintel wrote:
> This series adds support for SHA256-based key management algorithms in
> hostapd and wpa_supplicant. The algorithms are part of the 802.11w standard,
> so they are only enabled when 802.11w is enabled. Due to this, they are
> not available in the -mini build variants.
>
> While it is recommended to only allow SHA256-based algorithms when 802.11w is
> required, the standard does not require this. It also breaks existings setups
> with ieee80211w=2 for clients that do not support SHA256-based algorithms,
> so leave SHA1-based enabled algorithms for now. It might not make much sense,
> but it does protect against simple deauth attacks.
>
> Tested with WPA-PSK on ath5k AP with ath9k STA, and vice versa. When both the
> hostapd and wpa_supplicant config have (wpa_)key_mgmt=WPA-PSK WPA-PSK-SHA256,
> the SHA256 variant is used.
>
> Series is also available in my staging tree:
> https://git.lede-project.org/?p=lede/stintel/staging.git;a=summary
>
> Stijn Tintel (3):
> wpa_supplicant: rework wpa_key_mgmt handling
> hostapd: add function to handle wpa_key_mgmt
> hostapd: enable SHA256-based algorithms
>
> package/network/services/hostapd/files/netifd.sh | 32 +++++++++++++-----------
> 1 file changed, 17 insertions(+), 15 deletions(-)
>
> --
> 2.10.2
>
>
> _______________________________________________
> Lede-dev mailing list
> Lede-dev at lists.infradead.org
> http://lists.infradead.org/mailman/listinfo/lede-dev
Tested-by Sebastian Kemper <sebastian_ml at gmx.net>
With ieee80211w enabled the script in hostapd-common changed the
configuration file to include wpa_key_mgmt=WPA-PSK WPA-PSK-SHA256
instead of just WPA-PSK. Different clients with support for ieee80211w
and without support for it were able to connect to 2.4GHz and 5GHz
radios.
Kind regards,
Sebastian
More information about the Lede-dev
mailing list