hostapd - support for embedded very small ssl implementations
Stephan
stephan at freifunk-dresden.de
Sun Dec 31 16:07:23 PST 2017
Hi Jouni,
Thanks for your answer. It will help me further. So I can check first to
disable SAE and as second approach (if needed) to use SAE with minimal
implementation
via crypto api.
Best for you in 2018 ;-)
Bye Stephan
On 2017-12-30 16:39, Jouni Malinen wrote:
> On Wed, Dec 13, 2017 at 04:55:15PM +0100, Stephan wrote:
>> Because ad-hoc wifi will slowly be replaced by mesh,
>> openwrt/lede-project
>> should be able to use hostapd with mesh BUT without hard coded
>> dependencies
>> to
>> openssl.
>
> hostapd does not support mesh, so I'm assuming you are talking about
> using wpa_supplicant with mesh (CONFIG_MESH=y) and SAE (CONFIG_SAE=y)
> support.
>
>> It would be create if hostapd implements such a layer between itself
>> and
>> openssl, so other people may easily switch to different ssl
>> implementation.
>> The ustream api may be suitable.
>
> I replaced the direct OpenSSL calls in SAE implementations five years
> ago with crypto wrappers:
>
> https://w1.fi/cgit/hostap/commit/?id=aadabe7045fe38846793cc577d78fae9cfe13d76
>
> In other words, if someone is willing to work on implementing those
> crypto_*() wrapper functions for various small crypto libraries, SAE
> could be built with other libraries than OpenSSL.
>
>> Another question: when I only want to use mesh as replacement for
>> adhoc and
>> without
>> any mesh routing defined by 802.11s, do I need ssl ? If not, can I
>> configure
>> hostapd
>> build process to only have mesh functionality which is similar to
>> adhoc?
>
> Mesh (802.11s) does not use SSL at all. It uses SAE for the secure
> network case and that requires certain crypto/FFC/ECC support from the
> crypto library. Using mesh without SAE (i.e., just open network) should
> work without such conditions, but anyway, I'd rather focus on getting
> small implementations of crypto functionality working with SAE.
--
..............................................
Freifunk Dresden
www.freifunk-dresden.de
..............................................
More information about the Hostap
mailing list