dungru
commented
1 year ago We could just focus on WPA2-PSK with AES-CCMP integrity protocol. WEP and WPA are already deprecated by WiFi Alliance.
Closed rickywu0421 closed 1 year ago
dungru
commented
1 year ago We could just focus on WPA2-PSK with AES-CCMP integrity protocol. WEP and WPA are already deprecated by WiFi Alliance.
Originally, vwifi doesn't support WPA/WPA2 and can only perform hostapd without the cipher suite and key management. This commit let vwifi support WPA/WPA2 with the cipher suite TKIP/CCMP and the legacy WEP40 and WEP104, so we can run hostapd on the HostAP mode interface and wpa_supplicant on the station mode interface with WPA or WPA2. Right now we only test the WPA-PSK AKM (Authentication and Key Management) suite. To support WPA-EAP, several modifications may be needed.
This commit mainly focuses on two aspects:
cfg80211_ops->start_ap()orcfg80211_ops->change_beacon(). The beacon frame may contain several IEs like SSID IE, WPA/RSN IE, etc. We store the beacon frame IEs into the AP's vif so that when STA scan the AP it will inform cfg80211 with the IEs owned by the AP (for the latter used by wpa_supplicant).cfg80211_new_sta()to notify the hostapd about the success of the association. If we want hostapd to start the process of the 4-way handshake with the STA, we need to passcfg80211_new_sta()with the association request with the WPA/RSN IE, so that hostapd knows what chipher suite and AKM suite should be used. Right now, we fake the association request IE by the AP's beacon frame IE. It seems safe because hostapd will ignore the unnecessary parts and focus on WPA/RSN IE only.