Commit graph

217 commits

Author SHA1 Message Date
Jouni Malinen
581a8cde77 Added support for enforcing frequent PTK rekeying
Added a new configuration option, wpa_ptk_rekey, that can be used to
enforce frequent PTK rekeying, e.g., to mitigate some attacks against TKIP
deficiencies. This can be set either by the Authenticator (to initiate
periodic 4-way handshake to rekey PTK) or by the Supplicant (to request
Authenticator to rekey PTK).

With both wpa_ptk_rekey and wpa_group_rekey (in hostapd) set to 600, TKIP
keys will not be used for more than 10 minutes which may make some attacks
against TKIP more difficult to implement.
2008-11-06 19:57:21 +02:00
Jouni Malinen
2d86724409 EAP-FAST: Allow A-ID and A-ID-Info to be configured separately
Changed EAP-FAST configuration to use separate fields for A-ID and
A-ID-Info (eap_fast_a_id_info) to allow A-ID to be set to a fixed
16-octet len binary value for better interoperability with some peer
implementations; eap_fast_a_id is now configured as a hex string.
2008-10-19 09:55:59 +03:00
Jouni Malinen
a11c90a64a EAP-FAST: Make PAC-Key lifetime values configurable
The hardcoded values in eap_fast.c were replaced with values read from
hostapd.conf.
2008-10-08 17:25:47 +03:00
Jouni Malinen
378eae5e9b EAP-FAST: Added support for disabling anonymous/authenticated provisioning
eap_fast_prov config parameter can now be used to enable/disable different
EAP-FAST provisioning modes:
0 = provisioning disabled
1 = only anonymous provisioning allowed
2 = only authenticated provisioning allowed
3 = both provisioning modes allowed
2008-10-08 16:55:23 +03:00
Jouni Malinen
d64dabeebc Added a new driver wrapper, "none", for RADIUS server only configuration
This can be used to limit hostapd code size and clean up debug output for
configurations that do not use hostapd to control AP functionality.
2008-10-01 14:07:55 +03:00
Jouni Malinen
565861976d Added support for using SHA256-based stronger key derivation for WPA2
IEEE 802.11w/D6.0 defines new AKMPs to indicate SHA256-based algorithms for
key derivation (and AES-CMAC for EAPOL-Key MIC). Add support for using new
AKMPs and clean up AKMP processing with helper functions in defs.h.
2008-08-31 22:57:28 +03:00
Jouni Malinen
5d22a1d5aa IEEE 802.11w: Added association ping
This updates management frame protection to use the assocition ping process
from the latest draft (D6.0) to protect against unauthenticated
authenticate or (re)associate frames dropping association.
2008-08-31 11:04:47 +03:00
Jouni Malinen
271d2830ff Added support for setting VLAN ID for STAs based on local MAC ACL
This allows the accept_mac_file to be used as an alternative for RADIUS
server-based configuration. This is mainly to ease VLAN testing (i.e., no
need to set up RADIUS server for this anymore).
2008-08-28 18:43:26 +03:00
Jouni Malinen
839faf0475 Add configuration option for enabling optional use of short preamble 2008-08-21 18:36:21 +03:00
Jouni Malinen
de9289c8e9 Add preliminary IEEE 802.11n support into hostapd
This commit brings in cleaned up version of IEEE 802.11n implementation
from Intel (1). The Intel tarball includes number of other changes, too,
and only the changes specific to IEEE 802.11n are brought in here. In
addition, this does not include all the changes (e.g., some of the
configuration parameters are still missing and driver wrapper changes for
mac80211 were not included).

(1)
http://www.kernel.org/pub/linux/kernel/people/chuyee/wireless/iwl4965_ap/hostap_0_6_0_intel_0.0.13.1.tgz
2008-08-21 18:18:38 +03:00
Jouni Malinen
bf98f7f3bc Added support for opportunistic key caching (OKC)
This allows hostapd to share the PMKSA caches internally when multiple
BSSes or radios are being controlled by the same hostapd process.
2008-08-03 20:17:58 +03:00
Jouni Malinen
27e120c46d Cleaned up some of invalid documentation related to channel configuration. 2008-07-23 03:51:10 +03:00
Jouni Malinen
29222cd303 Added instructions on how to create the DH parameters files. 2008-05-21 10:53:56 +03:00
Jouni Malinen
dcf9c2bd77 Updated the comment on 'bridge' variable to mention nl80211 which needs
this parameter, too.
2008-05-07 13:51:00 +03:00
Jouni Malinen
502a293e30 TNC: Added TNC server support into documentation and ChangeLogs 2008-03-09 12:14:15 +02:00
Jouni Malinen
b0194fe07e Added max_listen_interval configuration option
This allows associations to be denied if the STA tries to use too large
listen interval. The default value is 65535 which matches with the field
size limits.
2008-02-27 17:54:06 -08:00
Jouni Malinen
6fc6879bd5 Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 release 2008-02-27 17:34:43 -08:00