This series adds support for SHA256-based key management algorithms in hostapd and wpa_supplicant. The algorithms are part of the 802.11w standard, so they are only enabled when 802.11w is enabled. Due to this, they are not available in the -mini build variants.
While it is recommended to only allow SHA256-based algorithms when 802.11w is required, the standard does not require this. It also breaks existings setups with ieee80211w=2 for clients that do not support SHA256-based algorithms, so leave SHA1-based enabled algorithms for now. It might not make much sense, but it does protect against simple deauth attacks. Tested with WPA-PSK on ath5k AP with ath9k STA, and vice versa. When both the hostapd and wpa_supplicant config have (wpa_)key_mgmt=WPA-PSK WPA-PSK-SHA256, the SHA256 variant is used. Series is also available in my staging tree: https://git.lede-project.org/?p=lede/stintel/staging.git;a=summary Stijn Tintel (3): wpa_supplicant: rework wpa_key_mgmt handling hostapd: add function to handle wpa_key_mgmt hostapd: enable SHA256-based algorithms package/network/services/hostapd/files/netifd.sh | 32 +++++++++++++----------- 1 file changed, 17 insertions(+), 15 deletions(-) -- 2.10.2 _______________________________________________ Lede-dev mailing list Lede-dev@lists.infradead.org http://lists.infradead.org/mailman/listinfo/lede-dev
