Hostap configuration - internet resoucres ?

Jouni Malinen jkmaline
Sun Feb 15 15:49:23 PST 2004


On Sun, Feb 15, 2004 at 09:22:22AM -0500, Sergio M. Ammirata wrote:

> After a lot of trial and error I was able to get CCMP with static keys
> working on top of a WDS link.
> 
> The key synchronization is a big issue though. They have to be both started
> at the same time.
> 
> Is there a way to disable the sequence number counter when one is using
> static keys?
> I was looking at hostap_crypt_ccmp.c but it is not quite obvious to me where
> to do it?

You should not really disable sequence numbers or the security of the
encryption is going to drop a lot. I wouldn't really recommend this, but
you could try disabling the replay detection without disabling sequence
number counter in the sender. This can be done by commenting out "if
(memcmp(pn, key->rx_pn, CCMP_PN_LEN) <= 0)" block in
hostap_ccmp_decrypt() (driver/modules/hostap_crypt_ccmp.c).

One should also note that setting the same key multiple times means that
you are in fact re-using the same packet number for multiple packets,
since this is set to zero whenever the key is changed. In other words,
the same key should not be used again..

-- 
Jouni Malinen                                            PGP id EFC895FA




More information about the Hostap mailing list