802.11 does not address how keys are set (this is "outside the scope of the document"), it only describes how they are used, and an interface to set them (the 802.11 MIB, though that MIB is not very often accessible or fully implemented). Implementations without 802.1X just implement the manual way (pre-shared keys). 802.1X adds the ability to set per-session keys (derived from the EAP method master key, if there is one, as is the case with EAP-TLS, EAP-SRP, EAP-SIM, EAP-AKA, EAP-TTLS, PEAP...). The interface between the 802.1X engine and the 802.11 part is quite variable.
On recent client Windows machines, NDIS 5.1 drivers have OIDs to set the key (either for manual configuration in the WZC interface, or automagically by EAP). On Linux and *BSD client machines, ifconfig and more or less standard ioctls allow you to do that (of course, on all client machines, there is only one key to set, to talk to the AP, or actually two, one for unicast and one for broadcast). On "integrated" APs, of course his happens somewhere in the firmware of the box. On software APs (hostap), there is an interface that allows the 802.1X implementation (in hostapd) to set the keys, but in this case, encryption must be done by the CPU (the firmware does not provide a way to set per-client keys in hostap mode).
You might want to check out the hostap project's source and mailing list for more details.
Hope that helps,
Jacques.
At 13:20 07/02/2003, visakhae wrote:
Hi All, I want to know how dynamic key mapping keys support is done in 802.11? How is it done in 802.1x/EAP-TLS Authentication with RADIUS as the Authentication server? According to 802.11 spec the keys-mapping keys can only be changed manually. Am I correct? If so, then in what way dynamic keying (per-station unicast keys) is performed?Thanks in advance. regards, Visakha. *************************************************************************** This message is proprietary to Future Software Limited (FSL) and is intended solely for the use of the individual to whom it is addressed. It may contain privileged or confidential information and should not be circulated or used for any purpose other than for what it is intended. If you have received this message in error, please notify the originator immediately. If you are not the intended recipient, you are notified that you are strictly prohibited from using, copying, altering, or disclosing the contents of this message. FSL accepts no responsibility for loss or damage arising from the use of the information transmitted by this email including damage from virus. *************************************************************************** -- general wireless list, a bawug thing <http://www.bawug.org/> [un]subscribe: http://lists.bawug.org/mailman/listinfo/wireless
-- Jacques Caron, IP Sector Technologies Join the discussion on public WLAN open global roaming: http://lists.ipsector.com/listinfo/openroaming -- general wireless list, a bawug thing <http://www.bawug.org/> [un]subscribe: http://lists.bawug.org/mailman/listinfo/wireless
