[LEDE-DEV] [PATCH 0/3] hostapd: support SHA256-based algorithms
Stijn Tintel
stijn at linux-ipv6.be
Wed Dec 28 05:16:00 PST 2016
This series adds support for SHA256-based key management algorithms in
hostapd and wpa_supplicant. The algorithms are part of the 802.11w standard,
so they are only enabled when 802.11w is enabled. Due to this, they are
not available in the -mini build variants.
While it is recommended to only allow SHA256-based algorithms when 802.11w is
required, the standard does not require this. It also breaks existings setups
with ieee80211w=2 for clients that do not support SHA256-based algorithms,
so leave SHA1-based enabled algorithms for now. It might not make much sense,
but it does protect against simple deauth attacks.
Tested with WPA-PSK on ath5k AP with ath9k STA, and vice versa. When both the
hostapd and wpa_supplicant config have (wpa_)key_mgmt=WPA-PSK WPA-PSK-SHA256,
the SHA256 variant is used.
Series is also available in my staging tree:
https://git.lede-project.org/?p=lede/stintel/staging.git;a=summary
Stijn Tintel (3):
wpa_supplicant: rework wpa_key_mgmt handling
hostapd: add function to handle wpa_key_mgmt
hostapd: enable SHA256-based algorithms
package/network/services/hostapd/files/netifd.sh | 32 +++++++++++++-----------
1 file changed, 17 insertions(+), 15 deletions(-)
--
2.10.2
More information about the Lede-dev
mailing list