How to catch the MSK (Master Session Key) from Wpa_supplicant?

Dan Williams dcbw at redhat.com
Tue Apr 15 13:44:55 EDT 2008


On Tue, 2008-04-15 at 20:25 +0300, Jouni Malinen wrote:
> On Mon, Apr 14, 2008 at 04:45:54PM -0300, Douglas Diniz wrote:
> 
> > The interface is very simple. I just receive a eap packet from SS software
> > and send it to wpa supplicant. Just it. I only check the eap message to
> > search for a eap success. If the message is a success I expect that the next
> > message from wpa supplicant is the msk. I dont need any eap state machine
> > here (I hope).
> 
> OK. If you are only using fixed configuration (no user interaction
> during authentication) and do not use the double EAP mode defined in
> 802.16e, this may be enough.
> 
> > I had two options:
> > 
> > 1-) Incorporate the wpa supplicant to Ss software, creating a function
> > interface to the Ss's software. This need a lot of time.
> > 
> > 2-) Create this module to receive messages from SS and send to wpa
> > supplicant.
> 
> I would describe option (1) a bit differently: integrate the EAP peer
> functionality from wpa_supplicant (not full wpa_supplicant) to SS since
> WiMax does not really use much of the other functionality from
> wpa_supplicant. Or well, the configuration parser could probably be
> shared, too.
> 
> > In fact i'm installing wpa supplicant in SS's host and send the messages
> > over localhost. So, the interface is secure.
> > 
> > In my place, what you would do?
> 
> I do not have good enough understanding of the particular project to say
> what would be best option here. I understand that option (2) may look
> like the easiest solution for this case. However, I'm looking this from
> a bit different view point since I would prefer to make sure that the
> interfaces in wpa_supplicant provide functionality that would fit well
> into any WiMax design in addition to 802.11-based solutions.
> 
> Anyway, I would suggest at least taking a quick look at the EAP peer
> example (use of EAP peer functionality from wpa_supplicant as a library
> for another program) that is available in the Git repository:
> http://w1.fi/gitweb/gitweb.cgi?p=hostap.git;a=tree;f=eap_example;hb=HEAD
> 
> I wrote this example especially with non-802.1X uses in mind and WiMax
> is mentioned as one example case. The example code includes minimal
> setup for using EAP peer functionality and this could be used linked
> together with rest of the SS software to implement PMK EAP.
> 
> Unfortunately, I do not have any WiMax hardware to play with, so I
> haven't experimented with what exactly would be needed in wpa_supplicant
> to make it fit well with WiMax design. The EAP peer example should work
> fine in this type of use, but it would also be interesting to see a more
> complete reference design for WiMax authentication to be added in the
> future.

I added Marcel to the cc list because he's poked around trying to get
wpa_supplicant working with WiMAX and ran into some issues.  Would be
good to get some dialog here so we can nail the issues, some of which
stem from lack of flexibility in the D-Bus control interface.  That can
be fixed, but what general supplicant issues were you having, Marcel,
that you might want to make Jouni aware of?

Dan




More information about the HostAP mailing list