Mesh with multiple passwords
Peter Astrand
astrand at lysator.liu.se
Fri Jan 15 07:48:17 EST 2021
Hi. I'm building a 802.11s solution where it is not acceptable to use a
single SAE password on all mesh nodes. To handle this, my idea is to use
SAE Password Identifiers and extend wpa_supplicant to support multiple
sae_password:s, using the same syntax as for hostapd. Then, use a node
unique password. During this development, I noticed this commit:
commit 6a673d0fb05557d149e4ff50430991979e476f2a
Author: Jouni Malinen <jouni at codeaurora.org>
Date: Tue Jan 21 12:57:07 2020 +0200
tests: Remove mesh SAE Password Identifier test cases for now
IEEE P802.11-REVmd was modified to require H2E to be used whenever
Password Identifier is used with SAE. Since wpa_supplicant and mac80211
do not yet support SAE H2E in mesh, Password Identifier cannot be used
in mesh cases. Remove the test cases that verified this behavior for now
to allow H2E to be required per updated REVmd definition. These test
cases will be restored once H2E is fully functionality in mesh cases.
Any updates on this; when can one expect that wpa_supplicant and mac80211
supports SAE H2E in mesh? I have confirmed that it does not work with
latest wpa_supplicant master on Linux 5.4, but perhaps it will if
https://patchwork.kernel.org/project/linux-wireless/patch/20200731183830.18735-1-jouni@codeaurora.org/
is applied?
Otherwise, I need to find some other solution. EAP-PWD looks interesting,
but as I understand it, SAE is the only option for Mesh right now.
Best regards,
Peter Åstrand
More information about the Hostap
mailing list