Prism2/2.5/3 Host AP - new release v0.2.1 - 2004-05-06

Jouni Malinen jkmaline at cc.hut.fi
Fri May 7 00:22:31 EDT 2004


A new version of Prism2/2.5/3 Host AP was just released and is now
available from http://hostap.epitest.fi/

This release is from the development (0.2.x) branch. Please note that
the stable branch (0.1.x releases) still continues to be the source of
stable releases, although all new development is happening on the
development branch.

The main changes from the previous version are WPA Authenticator
support in hostapd, IEEE 802.11i RSN (WPA2) support in both hostapd
and wpa_supplicant, and internal IEEE 802.1X/EAPOL Supplicant
(EAP-TLS, EAP-PEAP/MSCHAPv2) in wpa_supplicant.


hostap-driver:

2004-05-06 - v0.2.1

* allow hostapd to send encrypted frames using wlan#ap interface
* fixed get_key for TKIP to return the sequence number of the last
  transmitted frame, not the seq# of the next frame
* added driver support for hostapd WPA Authenticator
* fixed TKIP get sequence number
* clear IFF_RUNNING and generate linkwatch events based on association
  status in Managed mode
* added alternative TKIP implementation which uses Michael MIC
  implementation in CryptoAPI instead of Host AP specific
  implementation
* fixed a bug in TKIP Phase1 key caching for the case when ICV
  verification fails
* added support for RSN (IEEE 802.11i/WPA2)
* removed (or added rate limitation to) some of the printk debug
  messages to reduce the size of the kernel log
* fixed byte order for CCMP packet number get/set


hostap-utils:

2004-05-06 - v0.2.1

* hostap_rid: fixed handling of failed RID reads


hostapd:

2004-05-06 - v0.2.1

* added WPA and IEEE 802.11i/RSN (WPA2) Authenticator functionality
  - based on IEEE 802.11i/D10.0 but modified to interoperate with WPA
    (i.e., IEEE 802.11i/D3.0)
  - supports WPA-only, RSN-only, and mixed WPA/RSN mode
  - both WPA-PSK and WPA-RADIUS/EAP are supported
  - PMKSA caching and pre-authentication
  - new hostapd.conf variables: wpa, wpa_psk, wpa_passphrase,
    wpa_key_mgmt, wpa_pairwise, wpa_group_rekey, wpa_gmk_rekey,
    rsn_preauth, rsn_preauth_interfaces
* fixed interim accounting to remove any pending accounting messages
  to the STA before sending a new one


wpa_supplicant:

2004-05-06 - v0.2.1

* added support for internal IEEE 802.1X (actually, IEEE 802.1aa/D6.1)
  Supplicant
  - EAPOL state machines for Supplicant [IEEE 802.1aa/D6.1]
  - EAP peer state machine [draft-ietf-eap-statemachine-02.pdf]
  - EAP-MD5 (cannot be used with WPA-RADIUS)
    [draft-ietf-eap-rfc2284bis-09.txt]
  - EAP-TLS [RFC 2716]
  - EAP-MSCHAPv2 (currently used only with EAP-PEAP)
  - EAP-PEAP/MSCHAPv2 [draft-josefsson-pppext-eap-tls-eap-07.txt]
    [draft-kamath-pppext-eap-mschapv2-00.txt]
    (PEAP version 0, 1, and parts of 2; only 0 and 1 are enabled by
    default; tested with FreeRADIUS, Microsoft IAS, and Funk Odyssey)
  - new configuration file options: eap, identity, password, ca_cert,
    client_cert, privatekey, private_key_passwd
  - Xsupplicant is not required anymore, but it can be used by
    disabling the internal IEEE 802.1X Supplicant with -e command line
    option
  - this code is not included in the default build; Makefile need to
    be edited for this (uncomment lines for selected functionality)
  - EAP-TLS and EAP-PEAP require openssl libraries
* use module prefix in debug messages (WPA, EAP, EAP-TLS, ..)
* added support for non-WPA IEEE 802.1X mode with dynamic WEP keys
  (i.e., complete IEEE 802.1X/EAP authentication and use IEEE 802.1X
   EAPOL-Key frames instead of WPA key handshakes)
* added support for IEEE 802.11i/RSN (WPA2)
  - improved PTK Key Handshake
  - PMKSA caching, pre-authentication
* fixed wpa_supplicant to ignore possible extra data after WPA
  EAPOL-Key packets (this fixes 'Invalid EAPOL-Key MIC when using
  TPTK' error from message 3 of 4-Way Handshake in case the AP
  includes extra data after the EAPOL-Key)
* added interface for external programs (frontends) to control
  wpa_supplicant
  - CLI example (wpa_cli) with interactive mode and command line
    mode
  - replaced SIGUSR1 status/statistics with the new control interface
* made some feature compile time configurable
  - .config file for make
  - driver interfaces (hostap, hermes, ..)
  - EAPOL/EAP functions

-- 
Jouni Malinen                                            PGP id EFC895FA



More information about the HostAP mailing list