Re: 802.1x problem


From: Jouni Malinen (jkmaline_at_cc.hut.fi)
Date: 2002-10-11 15:10:23 UTC



On Fri, Oct 11, 2002 at 10:03:58PM +0800, chlei Lei Chuan Hua wrote:

> Today, I have checked hostap 802.1x part. At the end of authentication success, AP will generate WEP key and it will encrypt WEP key using key pair from AS server, then send the encrypted WEP key with EAPOL-KEY message to the authenticated station. At the same time, AP will save the encrypted WEP key copy for decryption while receiving.

Could you please give the exact point of the code you are refering to with "save the encrypted WEP key copy"? I could not find it in hostapd..

> All that makes me confused is why AP saves the encrypted WEP key, not the unencrypted WEP key. Because I think when the station receives the encypted WEP key, it will decrypt the encrypted WEP key using the key from AS server. After that , AP and station will communicate with each other using the same pure WEP key.

hostapd will set the unencrypted key with hostapd_set_encryption() to the kernel driver. The key is encrypted only within ieee802_1x_tx_key_one(). Encrypted version is lost after it has been sent. However, there seems to be a bug in ieee802_1x_tx_key_one() that causes a memory leak for the allocated buffer containing the encrypted key. This is now fixed in CVS.

-- 
Jouni Malinen                                            PGP id EFC895FA


This archive was generated by hypermail 2.1.4.