How to catch the MSK (Master Session Key) from Wpa_supplicant?

Jouni Malinen j at w1.fi
Mon Apr 14 14:24:59 EDT 2008


On Mon, Apr 14, 2008 at 02:57:41PM -0300, Douglas Diniz wrote:

> Between Freeradius and Bs, and wpa supplicant and Ss, the interface is
> ethernet. When Ss receive a eapol packet from wpa supplicant I send the raw
> eap packet as a payload inside a specific message that the Ss software will
> handle and send to Bs.
> When Bs receive this message, the Bs software will send this  raw eap
> payload to me, and I will send it to freeradius over a Radius Message.

This ethernet interface between SS and wpa_supplicant sounds vendor
specific design. Is that correct or is it based on some standard? I
don't know what resulted in that kind of design (i.e., separation of EAP
peer from SS into a separate device), but if that is indeed the best
choice for the product, use of EAPOL frames sounds like a suitable
mechanism here. This is just something that I would not have first
expected from a WiMax product ;-).

> At the end of authentication, I must use the Msk as I said. The Bs and Ss
> softwares are already implemented to process the Msk. My job finish when I
> send the msk to Bs and SS.
> 
> The manufactor of the Bs/Ss software has this scenario implemented, and i'm
> in contact to discover how they send the msk to Bs/Ss.

OK. It sounds like the SS <-> supplicant interface is indeed vendor
specific and as such, so would be the MSK delivery mechanism. I'm
assuming the ethernet interface here is considered secure (e.g., it is
just using a cross-over cable inside the box and without any external
access). If not, the MSK delivery mechanism would need to be encrypted
with something..

-- 
Jouni Malinen                                            PGP id EFC895FA


More information about the HostAP mailing list