Fwd: IEEE 802.11W unicast management frame encryption

Jouni Malinen j at w1.fi
Fri Dec 30 13:49:08 PST 2016

On Thu, Dec 29, 2016 at 04:21:38PM +0500, ammad rehmat wrote:
> I am working on 802.11w and I am facing problem in unicast management
> frame encryption. I have implemented CCMP protocol of my own and it
> works fine with test vectors. I am testing my project against hostapd
> with 802.11W= required and pairwise_rsn= CCMP , keymanagemente=
> SHA-psk-256.
> My project is unable to decipher the unicast management frame received
> from hostapd. I am wondering if I am using the wrong key? I use the
> PTK generated during 4-way handshake according to IEEE-802.11 2012
> article 8.6 .
> Please correct me if I am using the wrong key.

Difficult to say what a separate implementation that I've never seen
does.. Anyway, please note that there are no known issues in this area
in hostapd and the actual CCMP encryption is not actually done within
hostapd (i.e., it is in the driver, firmware, or hardware depending on
which WLAN hardware component is used).

> In the logs I tried to verify if the keys generated on both sides are
> same but hostapd logs show following line :
> WPA: PTK - hexdump(len 48) : [removed]
> I do not understand , isnt the key length supposed to be 32 in CCMP
> case and how can I print the key in the logs?

CCMP uses TK which is part of the PTK, not the full PTK, as the key..
You can add -K to the hostapd command line to allow this type of key
material to be included in the log.

Jouni Malinen                                            PGP id EFC895FA

More information about the Hostap mailing list