Hi, I modified hostapd to add macsec (adding the code from wpa_supplicant). Now I'm able to create security associations between a host running hostapd and two different hosts running wpa_supplicant. This happens automatically after authentication. But for each wpa_supplicant, the key server (hostapd) generates a new SAK. Then, there are two different security associations and the server can only transmit packets through one of them simultaneously. I would like to know if it's possible to distribute the same SAK between three peers in the same network. My aim is to configure a security association between two wpa_supplicants through the hostapd, inmediatly after authentication.
Hello! I don't know how did you implement this but hostapd should generate single group CAK for all peers and distribute it for each peer using its own pairwise CAK (so it should generate N+1 CAK's, where N - number of clients). Once all the peers get this group CAK they become members of one Secure Association and thus it is possible to generate same SAK's for all them. If you can share me your patches, I would like to take a look how we can implement this. -- Best regards Andrey Kartashev _______________________________________________ Hostap mailing list Hostap@xxxxxxxxxxxxxxxxxxx http://lists.infradead.org/mailman/listinfo/hostap
