Authsae with open80211s porting guide please?

[e1001925]

Dear open80211s team,

I just start to play around with authsae & open802.11s on a cutdown Linux. I don't have wpa_supplicant..

I am wondering if I should just put sae.c with mesh code together, or directly make whole authsae running as a daemon.

Make it running as a daemon sounds more stable, I may need to figure out communication problems with kernel, but I have no idea how many issues are waiting for me on this road..

I am wondering if anyone with experiences on making sae with mesh works can kindly give me some suggestions, or warnings? Hopefully I can avoid "I told u so" situation in the future..

Thanks, Michael

[twpedersen]

which road would that be? authsae already contains a userspace Mesh Peering Manager supporting AMPE and SAE.

[e1001925]

Hi twpedersen, Thanks for your reply! You mean authsae will also take care of open frame and confirm frame part?

[bcopeland]

On Wed, Mar 21, 2018 at 04:09:54AM +0000, Michael65535 wrote:

Dear open80211s team,

I just start to play around with authsae & open802.11s on a cutdown Linux. I don't have wpa_supplicant..

Why not use wpa supplicant? It really is a cleaner implementation.

-- Bob Copeland %% https://bobcopeland.com/

[e1001925]

Nice to see your comments again bcopeland. I know and I personal really want to do so. But unfortunately due to my requirements, I cannot use wpa supplicant in this project. So I guess it will bring some pains to handle the authsae.. Is there any drivers or something work with authsae I can check as reference?

[twpedersen]

On Wed, Mar 21, 2018 at 3:45 AM, Michael65535 < notifications@github.com</wasavi:a>> wrote:

Nice to see your comments again bcopeland. I know and I personal really want to do so. But unfortunately due to my requirements, I cannot use wpa supplicant in this project. So I guess it will bring some pains to handle the authsae.. Is there any drivers or something work with authsae I can check as reference?

anything using an ath9k driver should work out of the box, such as https:// wikidevi.com/wiki/TP-LINK_TL-WN721N would be cheap and easy to test. Use 'git grep "BIT(NL80211_IFTYPE_MESH_POINT)" drivers/net/wireless' in your kernel checkout to see which other drivers advertise support for mesh. Note that mesh support is a matter of degree and they may not support secure mesh for example.

--

thomas

[zhejunli]

We used authsae out of the box. Just solved one issue in setting HT capability.

[e1001925]

Hi zhejunli @zhejunli Could you please share some experiences? I am also considering using authsae. Is the efforts large?

I already have a very rough implementation of 80211s in a cutdown linux driver. All I need is the ampe and sae part. Since this part is very tricky....

It seems what I need to do is config all the netlink between authsae and my driver.

By the way, do you have any plans to commit your solution?

regards

[zhejunli]

@e1001925 Hi, we used openwrt authsae package. It was not a large effort. I just solved a problem that in secure mesh mode, the mesh nodes couldn't negotiate to HT rates. All others should be ready to go. Yes you need the netlink to communicate. If your Open mesh works, the secure mesh should be not that hard by using OpenWRT package.

[e1001925]

Hi Guys,

Is there any reference available for mbedtls with SAE? I finally sadly realized my platform is not able to support openssl...sigh.

[bcopeland]

On Mon, May 07, 2018 at 08:00:06PM -0700, Michael65535 wrote:

Hi Guys,

Is there any reference available for mbedtls with SAE? I finally sadly realized my platform is not able to support openssl...sigh.

There is not. You will need at least EC primitives, SHA-256, and AES.

wpa_supplicant supports more than just openssl but I'm not sure what its level of support is for SAE with non-openssl libraries.