How to TKIP CCMP test ?

Jouni Malinen jkmaline at cc.hut.fi
Thu Nov 27 22:49:38 EST 2003


On Fri, Nov 28, 2003 at 11:57:05AM +0900, imp wrote:

> As you may know, latest CVS tree include TKIP and CCMP CODEC.. for
> wirelss security..
> 
> Could you please let me know, How can I test these function ?
> 
> To do so, Should I got special client hardware or software ?

In theory, you should be able to configure these algorithms with
hostap_crypt_conf for any connection just like WEP keys. This should be
usable for all modes (AP/WDS/Managed/Ad-hoc), but I have mostly tested
Managed mode so far, so there may be some bugs left in other modes. In
addition, TKIP and CCMP are usually only used with WPA/IEEE 802.11i and
dynamic keys, so you may need to have some additional tools for
handling the dynamic key negotiations.

hostap/wpa_supplicant directory contains an experimental version of WPA
Supplicant. At the moment, it supports only Host AP driver with a
Prism2/2.5/3 card (and STA f/w 1.7.1 or newer), but the code should be
mostly portable, so other drivers/OSes should be easy to add. Both
WPA-PSK and WPA-RADIUS (using Xsupplicant with a small patch as IEEE
802.1X Supplicant) are supported.

wpa_supplicant is still in quite early stages, so I haven't yet written
any instructions on how to use it. Anyway, it seems to work pretty well
and might soon be stable enough so that I could start writing some
docs.. I'm still going to change the configuration file format, so some
changes are expected and documentation will probably have to wait some
time.

If you happen to have an AP with WPA-PSK support, you can run a quick
test by creating a configuration file with 'wpa_passphrase ssid
passphrase > wpa_supplicant.conf' (replace 'ssid' and 'passphrase' with
the values configured for the AP). Then start wpa_supplicant with
command line arguments '-iwlan0 -cwpa_supplicant.conf' and with good
luck, you should associate with the AP and get dynamic TKIP/CCMP keys.

For WPA-RADIUS, you will need to also have working Xsupplicant setup
that is modified with the patch in wpa_supplicant directory to give the
master key for WPA key handshake. This is even more experimental, but at
least it seems to work in my tests. I used CVS trunk version of
Xsupplicant, so this is somewhat less userfriendly at the moment due to
code restructuring etc. going on there. Similar modification to the
release branch or the latest release of Xsupplicant may also work, but I
have not yet tested this.

-- 
Jouni Malinen                                            PGP id EFC895FA



More information about the HostAP mailing list