path: root/hostapd/wpa.c
Commit message (Collapse)AuthorAgeFilesLines
* Fixed number of doxygen warningsJouni Malinen2009-01-021-0/+1
* Reject association if HT STA tries to use TKIP as pairwise cipherJouni Malinen2008-12-221-0/+6
* Cleaned up EAPOL-Key timeout processingJouni Malinen2008-12-181-11/+34
| | | | | | | | | | | | | | | | | dot11RSNAConfigGroupUpdateTimeOut and dot11RSNAConfigPairwiseUpdateTimeOut MIB variables were only used in draft versions of IEEE 802.11i, so rename these in order not to use confusing name here. Replaced EAPOL-Key timeout to use following timeouts (in milliseconds): 100,1000,1000,1000 (this was 1000,1000,1000,0). There is no point in sending out the final EAPOL-Key frame which would be immediately followed by disconnection. After the change to allow response to any pending EAPOL-Key frame, it is fine to send the first retransmission quickly to avoid long wait in cases where Supplicant did not receive the first frame for any reason. The new sequence will still provide 3.1 seconds of time to get any response frame, so this does not reduce the previous time.
* Improve EAPOL-Key handshake stability with retransmitted framesJouni Malinen2008-12-161-11/+41
| | | | | | | | | | | | | | | | | | | Accept response to any pending request, not just the last one. This gives the Supplicant more time to reply since hostapd will now allow up to three seconds for the reply to the first EAPOL-Key frame transmission (and two seconds for the first retry and one second for the last) while the previous version invalidated any old request immediately when sending a retransmitted frame. If the Supplicant replies to more than one request, only the first reply to arrive at the Authenticator will be processed. As far as the Supplicant is concerned, this behavior does not differ from the previous one except for being less likely to cause unneeded retransmissions of EAPOL-Key frames. This can help in cases where power saving is used when the group key is rekeyed or when there is excessive traffic on the channel that can delay (or drop) EAPOL-Key frames.
* Clear various flags on re-association to allow key_mgmt changesJouni Malinen2008-11-301-0/+12
| | | | | | If a STA reassociates and changes key_mgmt (e.g., from WPA-PSK to WPS), hostapd needs to reset some of the existing STA and WPA state machine variables to allow correct processing for the new association.
* Added preliminary Wi-Fi Protected Setup (WPS) implementationJouni Malinen2008-11-231-5/+5
| | | | | | | | | | | | | This adds WPS support for both hostapd and wpa_supplicant. Both programs can be configured to act as WPS Enrollee and Registrar. Both PBC and PIN methods are supported. Currently, hostapd has more complete configuration option for WPS parameters and wpa_supplicant configuration style will likely change in the future. External Registrars are not yet supported in hostapd or wpa_supplicant. While wpa_supplicant has initial support for acting as an Registrar to configure an AP, this is still using number of hardcoded parameters which will need to be made configurable for proper operation.
* Added support for enforcing frequent PTK rekeyingJouni Malinen2008-11-061-0/+21
| | | | | | | | | | | | Added a new configuration option, wpa_ptk_rekey, that can be used to enforce frequent PTK rekeying, e.g., to mitigate some attacks against TKIP deficiencies. This can be set either by the Authenticator (to initiate periodic 4-way handshake to rekey PTK) or by the Supplicant (to request Authenticator to rekey PTK). With both wpa_ptk_rekey and wpa_group_rekey (in hostapd) set to 600, TKIP keys will not be used for more than 10 minutes which may make some attacks against TKIP more difficult to implement.
* Fix group key rekeying when reauth happens during pending group key updateJouni Malinen2008-10-211-4/+24
| | | | | | | | We need to cancel the group key update for a STA if a reauthentication request is received while the STA is in pending group key update. When canceling the update, we will also need to make sure that the PTK Group Key state machine ends up in the correct state (IDLE) to allow future updates in case of WPA2.
* Added support for using SHA256-based stronger key derivation for WPA2Jouni Malinen2008-08-311-25/+30
| | | | | | IEEE 802.11w/D6.0 defines new AKMPs to indicate SHA256-based algorithms for key derivation (and AES-CMAC for EAPOL-Key MIC). Add support for using new AKMPs and clean up AKMP processing with helper functions in defs.h.
* IEEE 802.11w: Added association pingJouni Malinen2008-08-311-4/+13
| | | | | | This updates management frame protection to use the assocition ping process from the latest draft (D6.0) to protect against unauthenticated authenticate or (re)associate frames dropping association.
* Added support for opportunistic key caching (OKC)Jouni Malinen2008-08-031-0/+10
| | | | | This allows hostapd to share the PMKSA caches internally when multiple BSSes or radios are being controlled by the same hostapd process.
* Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 releaseJouni Malinen2008-02-281-0/+2310