Patchwork [RFC] hostapd: disable WPS when WPA-TKIP configuration is set

login
register
mail settings
Submitter Avinash Patil
Date Aug. 14, 2012, 5:26 a.m.
Message ID <CAJwzM1=W2FTSb5=nT3=Lv2_Vq=xj6seOpL63VEGGzcaZYJoxpw@mail.gmail.com>
Download mbox | patch
Permalink /patch/177162/
State Accepted
Commit d8a085508cedd7d9158b19219b59eef236020c67
Headers show

Comments

Avinash Patil - Aug. 14, 2012, 5:26 a.m.
TC4.1.11 from WSC2.0 test plan mandates to disable WPS
when AP is configured as WPA-TKIP only.
This patches disables WPS if AP configuration is WPA-TKIP.

Signed-off-by: Avinash Patil <patila@marvell.com>
---
 hostapd/config_file.c |    7 +++++++
 1 files changed, 7 insertions(+), 0 deletions(-)

 	return 0;
Jouni Malinen - Aug. 15, 2012, 5:36 p.m.
On Tue, Aug 14, 2012 at 10:56:50AM +0530, Avinash Patil wrote:
> TC4.1.11 from WSC2.0 test plan mandates to disable WPS
> when AP is configured as WPA-TKIP only.
> This patches disables WPS if AP configuration is WPA-TKIP.

This type of functionality should really be at a higher level in the
system so that the user will be notified that WPS will be disabled (and
to provide an option to enable WPA2/CCMP to re-enable WPS).
Avinash Patil - Aug. 16, 2012, 5:12 a.m.
Hi Jouni,

Thanks for comment.

hostapd handles other WSC2.0 negative tests- e.g. disable WPS when WEP
encryption is set, disable WPS when BSS is configured as hidden network. So
I think its good to have this check in hostapd itself.

Please let me know your comments.

Best Regards,
Avinash





On Wed, Aug 15, 2012 at 11:06 PM, Jouni Malinen <j@w1.fi> wrote:
> On Tue, Aug 14, 2012 at 10:56:50AM +0530, Avinash Patil wrote:
>> TC4.1.11 from WSC2.0 test plan mandates to disable WPS
>> when AP is configured as WPA-TKIP only.
>> This patches disables WPS if AP configuration is WPA-TKIP.
>
> This type of functionality should really be at a higher level in the
> system so that the user will be notified that WPS will be disabled (and
> to provide an option to enable WPA2/CCMP to re-enable WPS).
>
> --
> Jouni Malinen                                            PGP id EFC895FA
> _______________________________________________
> HostAP mailing list
> HostAP@lists.shmoo.com
> http://lists.shmoo.com/mailman/listinfo/hostap
Jouni Malinen - Aug. 17, 2012, 4:25 p.m.
On Thu, Aug 16, 2012 at 10:42:07AM +0530, Avinash Patil wrote:
> hostapd handles other WSC2.0 negative tests- e.g. disable WPS when WEP
> encryption is set, disable WPS when BSS is configured as hidden network. So
> I think its good to have this check in hostapd itself.

I would not count on hostapd enforcing all the UI or configuration
requirements for WPS 2.0.. Anyway, I did apply this, but with some
changes to make it match with the WSC 2.0 requirement, i.e., if WPA
is enabled, WPA2/CCMP has to be enabled (e.g., WPA/CCMP would not be
enough and neither would WPA/CCMP with WPA2/TKIP).
Avinash Patil - Aug. 21, 2012, 4:13 a.m.
Thanks a lot Jouni.
Yes; your check for determining WPA/TKIP configuration is stricter and
better.

Best Regards,
Avinash.

On Fri, Aug 17, 2012 at 9:55 PM, Jouni Malinen <j@w1.fi> wrote:

> On Thu, Aug 16, 2012 at 10:42:07AM +0530, Avinash Patil wrote:
> > hostapd handles other WSC2.0 negative tests- e.g. disable WPS when WEP
> > encryption is set, disable WPS when BSS is configured as hidden network.
> So
> > I think its good to have this check in hostapd itself.
>
> I would not count on hostapd enforcing all the UI or configuration
> requirements for WPS 2.0.. Anyway, I did apply this, but with some
> changes to make it match with the WSC 2.0 requirement, i.e., if WPA
> is enabled, WPA2/CCMP has to be enabled (e.g., WPA/CCMP would not be
> enough and neither would WPA/CCMP with WPA2/TKIP).
>
> --
> Jouni Malinen                                            PGP id EFC895FA
> _______________________________________________
> HostAP mailing list
> HostAP@lists.shmoo.com
> http://lists.shmoo.com/mailman/listinfo/hostap
>

Patch

diff --git a/hostapd/config_file.c b/hostapd/config_file.c
index 03f29ad..ad66744 100644
--- a/hostapd/config_file.c
+++ b/hostapd/config_file.c
@@ -1288,6 +1288,13 @@  static int hostapd_config_check_bss(struct
hostapd_bss_config *bss,
 			   "disabled");
 		bss->wps_state = 0;
 	}
+	if (bss->wps_state && bss->wpa == 1 &&
+	    !(bss->wpa_pairwise & WPA_CIPHER_CCMP) &&
+	    !(bss->rsn_pairwise & WPA_CIPHER_CCMP)) {
+		bss->wps_state = 0;
+		wpa_printf(MSG_INFO, "WPS: WPA-TKIP configuration forced WPS to"
+			   " be disabled");
+	}
 #endif /* CONFIG_WPS2 */