>What is the interface between the third and fourth computers in this<br>>case? Is that defined in some standard or is it something specific for<br>>this particular setup? Is this something for a small test setup or is<br>
>this aimed at longer term production use?<br><br>The interface between the bs and ss is wireless (802.16). This is aimed at longer term production use.<br><br>>WiMax does not use IEEE 802.1X (EAPOL frames), so I would assume you<br>
>have some type of translation mechanism between wpa_supplicant (on the<br>>fourth computer) and SS. In general, that is unlikely to be the cleanest<br>>way of supporting WiMax authentication with wpa_supplicant, but since I<br>
>do not know the details of the design you have between third and fourth<br>>computers, it is unclear to me whether there would be a better way for<br>>this particular case.<br><br>Between Freeradius and Bs, and wpa supplicant and Ss, the interface is ethernet. When Ss receive a eapol packet from wpa supplicant I send the raw eap packet as a payload inside a specific message that the Ss software will handle and send to Bs. <br>
When Bs receive this message, the Bs software will send this raw eap payload to me, and I will send it to freeradius over a Radius Message. <br><br>At the end of authentication, I must use the Msk as I said. The Bs and Ss softwares are already implemented to process the Msk. My job finish when I send the msk to Bs and SS.<br>
<br>The manufactor of the Bs/Ss software has this scenario implemented, and i'm in contact to discover how they send the msk to Bs/Ss. <br><br>Thanks. <br><br><div class="gmail_quote">On Mon, Apr 14, 2008 at 2:24 PM, Jouni Malinen <<a href="mailto:j@w1.fi">j@w1.fi</a>> wrote:<br>
<blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;"><div class="Ih2E3d">On Sun, Apr 13, 2008 at 11:10:01AM -0300, Douglas Diniz wrote:<br>
<br>
> Well, I have here a WiMax setup, where the Bs (Base Station) must<br>
> authenticate the SS (Subscriber Station). The second computer in my example<br>
> is the Bs, and the third is SS. So, i have a freeradius connected to the Bs,<br>
> and wpa supplicant connected to the SS.<br>
<br>
</div>What is the interface between the third and fourth computers in this<br>
case? Is that defined in some standard or is it something specific for<br>
this particular setup? Is this something for a small test setup or is<br>
this aimed at longer term production use?<br>
<br>
WiMax does not use IEEE 802.1X (EAPOL frames), so I would assume you<br>
have some type of translation mechanism between wpa_supplicant (on the<br>
fourth computer) and SS. In general, that is unlikely to be the cleanest<br>
way of supporting WiMax authentication with wpa_supplicant, but since I<br>
do not know the details of the design you have between third and fourth<br>
computers, it is unclear to me whether there would be a better way for<br>
this particular case.<br>
<div class="Ih2E3d"><br>
> I already have an encryption framework done, so after authentication I must<br>
> send the MSK to Bs and SS (not over air between BS and SS) and this<br>
> framework handle the encryptation for me in the next phase.<br>
> From the Bs side everything is ok, because freeradius send the Msk to BS.<br>
> The problem is to make the SS receive the Msk from wpa supplicant.<br>
<br>
</div>Have you changed wpa_supplicant for other details of the system or is<br>
everything else taken care with some kind of translation service for the<br>
EAPOL frames? Since WiMax does not use EAPOL, it would probably be<br>
better to interface with EAP peer instead of EAPOL supplicant. Anyway,<br>
if you want to do this on top of the EAPOL state machine, you may need<br>
to add a new callback function for deriving and delivering the MSK. This<br>
can probably be done in a similar way to RSN pre-authentication (see<br>
preauth.c and rsn_preauth_eapol_cb() which gets called when EAPOL<br>
authentication has been completed and it uses eapol_sm_get_key() to get<br>
the MSK).<br>
<font color="#888888"><br>
--<br>
</font><div><div></div><div class="Wj3C7c">Jouni Malinen PGP id EFC895FA<br>
_______________________________________________<br>
HostAP mailing list<br>
<a href="mailto:HostAP@lists.shmoo.com">HostAP@lists.shmoo.com</a><br>
<a href="http://lists.shmoo.com/mailman/listinfo/hostap" target="_blank">http://lists.shmoo.com/mailman/listinfo/hostap</a><br>
</div></div></blockquote></div><br>