Hostap configuration - internet resoucres ?
Jouni Malinen
jkmaline
Sun Feb 15 15:49:23 PST 2004
On Sun, Feb 15, 2004 at 09:22:22AM -0500, Sergio M. Ammirata wrote:
> After a lot of trial and error I was able to get CCMP with static keys
> working on top of a WDS link.
>
> The key synchronization is a big issue though. They have to be both started
> at the same time.
>
> Is there a way to disable the sequence number counter when one is using
> static keys?
> I was looking at hostap_crypt_ccmp.c but it is not quite obvious to me where
> to do it?
You should not really disable sequence numbers or the security of the
encryption is going to drop a lot. I wouldn't really recommend this, but
you could try disabling the replay detection without disabling sequence
number counter in the sender. This can be done by commenting out "if
(memcmp(pn, key->rx_pn, CCMP_PN_LEN) <= 0)" block in
hostap_ccmp_decrypt() (driver/modules/hostap_crypt_ccmp.c).
One should also note that setting the same key multiple times means that
you are in fact re-using the same packet number for multiple packets,
since this is set to zero whenever the key is changed. In other words,
the same key should not be used again..
--
Jouni Malinen PGP id EFC895FA
More information about the Hostap
mailing list