Hostap configuration - internet resoucres ?

Jouni Malinen jkmaline at
Sun Feb 15 18:49:23 EST 2004

On Sun, Feb 15, 2004 at 09:22:22AM -0500, Sergio M. Ammirata wrote:

> After a lot of trial and error I was able to get CCMP with static keys
> working on top of a WDS link.
> The key synchronization is a big issue though. They have to be both started
> at the same time.
> Is there a way to disable the sequence number counter when one is using
> static keys?
> I was looking at hostap_crypt_ccmp.c but it is not quite obvious to me where
> to do it?

You should not really disable sequence numbers or the security of the
encryption is going to drop a lot. I wouldn't really recommend this, but
you could try disabling the replay detection without disabling sequence
number counter in the sender. This can be done by commenting out "if
(memcmp(pn, key->rx_pn, CCMP_PN_LEN) <= 0)" block in
hostap_ccmp_decrypt() (driver/modules/hostap_crypt_ccmp.c).

One should also note that setting the same key multiple times means that
you are in fact re-using the same packet number for multiple packets,
since this is set to zero whenever the key is changed. In other words,
the same key should not be used again..

Jouni Malinen                                            PGP id EFC895FA

More information about the HostAP mailing list