HostAP IEEE 802.1x modifications

[Jouni Malinen]

On Wed, Nov 13, 2002 at 06:43:20PM +0000, Oleg Izhvanov wrote:

> Ok, here is the patch. There are some other modifications except
> WEP rekeying, so here is the brief changelog:
> 
> * WEP rekeying support added ('-t' command line option)

Merged to CVS version. I modified this a bit and it seems to work fine
also with individual station keys (i.e., both broadcast and unicast keys
will be updated). I still need to add TX callback function to make sure
that station ACKs (802.11) EAPOL-Key frame before taking the new unicast
key into use. Broadcast key needs to be taken into use immediately (but
previous key is still available for decryption). EAPOL-Key could anyway
be resent if a station does not ACK it.

I removed MSB setting of key index from hostapd_rotate_wep() since it
looked like a workaround for WinXP Supplicant and I would guess it
should be in more generic place. Similar behavior is now available with
separate command line option '-w'. Do you have any extra information
about the WinXP Supplicant operations? At least, setting this bit did
not fix my WinXP Supplicant.

On the positive side, with this rekeying patch, I was able to use
Xsupplicant and Host AP driver in the Managed mode to automatically set
both the broadcast and unicast keys and rekey them. prism2_params
ieee_802_1x, host_encrypt, and host_decrypt need to be set to make
rekeying work.

> * EAPOL-key frame now uses an NTP timestamp as the replay
>   counter

Merged to CVS.

> * Added support for non-prism based cards(Wireless Extensions only).

I haven't merged this in yet. I'm going to change the patch a bit and
call it something else.. It should work also with Prism-based card when
using Host AP driver without hostapd (i.e., kernel driver performing
802.11 auth/assoc).

-- 
Jouni Malinen                                            PGP id EFC895FA