Commit Graph

3 Commits

Author SHA1 Message Date
David Bauer
430c0ecc60 wireless-encryption mesh-wireless-sae: depend on OpenSSL daemons
This switches the used wireless daemons for OWE / SAE to the OpenSSL
flavors. The WolfSSL implementation currently seems to be broken.

THis switch may be reverted at a later point in time when hostapd /
wpa_supplicant implementations for WolfSSL have matured.
2020-12-16 00:52:27 +01:00
Martin Weinelt
882595cc21
gluon-mesh-wireless-sae: switch to wpa-supplicant-mesh-wolfssl 2020-08-16 01:14:22 +02:00
Martin Weinelt
461d904086 Add gluon-mesh-wireless-sae package
This package adds support for SAE on 802.11s mesh connections.

Enabling this package will require all 802.11s mesh connections
to be encrypted using the SAE key agreement scheme. The security
of SAE relies upon the authentication through a shared secret.

In the context of public mesh networks a shared secret is an
obvious oxymoron. Still this functionality provides an improvement
over unencrypted mesh connections in that it protects against a
passive attacker who did not observe the key agreement. In addition
Management Frame Protection (802.11w) gets automatically enabled on
mesh interfaces to prevent protocol-level deauthentication attacks.

If `wifi.mesh.sae` is enabled a shared secret will automatically be
derived from the `prefix6` variable. This is as secure as it gets
for a public mesh network.

For *private* mesh networks `wifi.mesh.sae_passphrase` should be
set to your shared secret.

Fixes #1636
2020-03-23 17:06:43 +01:00