802.1X Unicast Keys?

[Jouni Malinen]

On Fri, Jan 03, 2003 at 12:26:57PM -0500, Raghu wrote:

> I am not sure if I can use, iwpriv wlan0 bcrx_sta_key 1 ? 

Not in the station, but in the AP you could try using it and then
forcing station to use the individual key for all frames.

> After hostapd generates both broadcast and unicast keys, 
> iwconfig and iwlist shows only the broadcast key. 

Linux wireless extensions does not yet support setting or showing
unicast keys. You will need to use utils/hostap_crypt_conf to view the
unicast keys on the AP. Station use only the default four keys (first
one is the unicast key, rest are used as broadcast keys), so this can be
shown with wireless tools.

> After Xsupplicant receives both the broadcast key 
> and unicast key, iwconfig lists the broadcast key 
> and iwlist shows both the keys, 
>                 [1]: 056D-031D-E10E-5780-4E2A-07A2-3F (104 
>                 [2]: 64A7-4D5C-D6C6-3653-505E-FB52-85 (104 
>           Current Transmit Key: [2] 

Hmm.. If I remember correctly, transmit key should be 1 so that the
individual key would be used. Otherwise this looks OK. You should see
matching key1 in the AP with hostap_crypt_conf.

I think I should go through the station case again at some point.. I do
not remember anymore, whether I implemented support for selecting
different key for unicast and broadcast keys for the station (Managed)
mode. with bcrx_sta_key 1 in the AP, one should be able to use this by
changing the current transmit key to 1 even if the driver does not
support key selection based on unicast/broadcast destination.

-- 
Jouni Malinen                                            PGP id EFC895FA