Interesting issues with CCMP
jkmaline at cc.hut.fi
Fri Sep 24 21:39:13 EDT 2004
On Fri, Sep 24, 2004 at 04:28:30PM -0700, James Woo wrote:
> It's a Linksys WAP54g bug. It's not clearing the PwrMgt bit (bit 12) when
> the AAD. You're losing your multicast packets when PwrMgt bit is set. To
> become bug-compatible,
> change line 818 in hostap_crypt_ccmp.c from
> aad = pos & 0xc7; to aad = pos & 0xe7;
> and then your problem should go away.
That's interesting to know. I know there are interoperability issues
with some of the AAD masking, but this particular case was news to me.
> P.S. Linksys WAP54g has similar CCMP problem with fragmentation too.
> It's clearing the fragment number when constructing the AAD. To verify the
> problem, you'll
> see no data traffic when fragmentation is enabled (for example,
> fragmentation = 256).
That's a feature, though. WPA and WPA2 have different masks for seq_frag
(great!) and Broadcom used to implement CCMP for WPA correctly whereas
many other implementations (including Host AP driver) use the new
version for CCMP even when used with WPA (v1).
Jouni Malinen PGP id EFC895FA
More information about the HostAP