Hostapd Test Results and Problem Areas

SR Dasgupta srdasgupta at contechsoftware.com
Thu Sep 11 12:00:57 EDT 2003


I intend to share with you my test observations on the hostapd and the 
problems am facing.
While going through observations, if you find any mistake commited by me or 
if you have,
do let me know.

The problem areas section below is what I intend to highlight. It will be a 
very tedious and costly
affair for my project if I re-write WEP related code in hostapd at this 
stage. Incase, any of you
guys have solution to 'em, let me know.

Regards,
-Shubharanjan


Setup
=====
Supplicant 	- WinXP without SP1
AP 		- MIPS platform with Hostapd running
RADIUS 	- FreeRADIUS and Oddessy Server (for testing TLS only).
You can download the evaluation version of oddessy at www.funk.com.

Successful Testings
===============
1. EAP-MD5 	- This works fine.
2. EAP-TLS 	- This works fine as well.


Problems Areas
===============
WEP -
This is a pain in the neck for me. WEP works simply great with hostap 
driver
and "hostapd NOT RUNNING" i.e. configuring WEP using iwconfig.
The following are the testing that I have carried out and my observations:

------------------------------------------------------------------------  
------------------------------------------------------------------------  
------------------------------------
Case 1:
1. Disable WEP key options in hostapd.conf. IEEE 802.1x and RADIUS should 
also be disabled.
2. Start hostapd (" # hostapd -d /etc/hostapd.conf & "). The daemon would 
run but not do nay stuff.
3. Set WEP keys using iwconfig (" # iwconfig eth2 key 1 904f00109c ").
	We have configured eth2 instead if wlan0.
4. Configure the XP with same WEP keys and index.

Observation 1: WEP encryption works. This case should not be a problem 
anyways. It was just to test the driver.
------------------------------------------------------------------------  
------------------------------------------------------------------------  
------------------------------------

Case 2:
1. Ensure that there is no WEP key pre-configured (" # iwlist eth2 key " to 
see the values)
2. Enable following WEP key options in hostapd.conf

	wep_key_len_broadcast=5
	# wep_key_len_unicast=5
	# Rekeying period in seconds. 0 = do not rekey (i.e., set keys only once)
	wep_rekey_period=0	

     Keep the 802.1x and RADIUS options disabled. The rotation is disabled 
as evident

3. Start hostapd (" # hostapd -d /etc/hostapd.conf & ").
4. View WEP keys using iwlist (" # iwlist eth2 key ").

	# iwlist eth2 key
	eth2      2 key sizes : 40, 104bits
	          4 keys available :
            	    [1]: 904F-0010-9C (40 bits)
	                [2]: off
            	    [3]: off
	                [4]: off
          Current Transmit Key: [1]
          Security mode:open

5. Configure the XP with same WEP keys and index.

Observation 2: There is no packet transfer between XP supplicant and AP. 
This was observed with ethereal.
To me this is real strange. Why should things not work when Hostapd is 
running and key rotation is disabled? How
does this differ from Case I.
------------------------------------------------------------------------  
------------------------------------------------------------------------  
------------------------------------

Case 3:
Repeat Case 2 but now enable key rotation ("wep_rekey_period=300"). In XP, 
enable WEP and "The key is provided for me automatically" options.

Observation 3: The result is the same as observation 2. In this case, 
hopefully I did the right thing in XP.
------------------------------------------------------------------------  
------------------------------------------------------------------------  
------------------------------------

Case 4: (WEP & MD5)
1. Ensure that there is no WEP key pre-configured (" # iwlist eth2 key " to 
see the values)
2. Enable following WEP key options in hostapd.conf

	wep_key_len_broadcast=5
	# wep_key_len_unicast=5
	# Rekeying period in seconds. 0 = do not rekey (i.e., set keys only once)
	wep_rekey_period=0	

	Rekeying is 0 since as far as I know, MD5 doesnot support it.

3. Enable IEEE 802.1x in hostapd.conf (ieee8021x=1). Configure RADIUS 
setting correctly.
4. Start hostapd (" # hostapd -d /etc/hostapd.conf & ").
5. View WEP keys using iwlist (" # iwlist eth2 key ").

	# iwlist eth2 key
	eth2      2 key sizes : 40, 104bits
	          4 keys available :
            	    [1]: 904F-0010-9C (40 bits)
	                [2]: off
            	    [3]: off
	                [4]: off
          Current Transmit Key: [1]
          Security mode:open
5. Configure the XP with same WEP keys and index. Configure Authentication 
as MD5.

Observation 4: The result is the same as observation 2.
------------------------------------------------------------------------  
------------------------------------------------------------------------  
------------------------------------
Case 5: (WEP & TLS)
Repeat Case 4 but for the following:
1. Configure RADIUS setting correctly, this time for Oddessy server.
2. Configure Oddessy Server correctly.
3. Use Oddessy Client on WinXP and configure correctly. Use WEP option and 
specify the same key as on AP. Disable key rotation in the client.

Note: The above steps were carried out for successful EAP-TLS testing.

Observation 5: The result is the same as observation 2.
------------------------------------------------------------------------  
------------------------------------------------------------------------  
------------------------------------

Case 6: (WEP & TLS - key rotation)
Repeat Case 4 but for the following:
1. Enable key rotation ("wep_rekey_period=300") in hostapd.conf. Keep 
802.1x option enabled (ieee8021x=1). Configure RADIUS setting correctly, 
this time for Oddessy server.
2. Configure Oddessy Server correctly.
3. Use Oddessy Client on WinXP and configure correctly for automatic key 
rotation.

Note: The above steps were carried out for successful EAP-TLS testing.

Observation 5: The result is the same as observation 2.
------------------------------------------------------------------------  
------------------------------------------------------------------------  
------------------------------------

Note: I have used unicast key setting as well but it has not helped.




More information about the HostAP mailing list