FYI, recent patches that appeared on OpenWRT-dev listserv for authsae support. However, this may require disabling hardware encryption?<br><br>[PATCH] Add elliptic curve crypto compilation options to openssl<br><a href="https://lists.openwrt.org/pipermail/openwrt-devel/2013-May/020268.html">https://lists.openwrt.org/pipermail/openwrt-devel/2013-May/020268.html</a><br>
<br>[PATCH v3] authsae 80211s authentication daemon<br><a href="https://lists.openwrt.org/pipermail/openwrt-devel/2013-May/020269.html">https://lists.openwrt.org/pipermail/openwrt-devel/2013-May/020269.html</a><br><br>[PATCH v2] authsae: adapt uci scripts to use authsae<br>
<a href="https://lists.openwrt.org/pipermail/openwrt-devel/2013-June/020346.html">https://lists.openwrt.org/pipermail/openwrt-devel/2013-June/020346.html</a><br><a href="https://lists.openwrt.org/pipermail/openwrt-devel/2013-June/020371.html">https://lists.openwrt.org/pipermail/openwrt-devel/2013-June/020371.html</a> (must disable hwcrypt?)<br>
<br><br><div class="gmail_quote">On Wed, Dec 19, 2012 at 12:15 PM, Will Hawkins <span dir="ltr"><<a href="mailto:hawkinsw@opentechinstitute.org" target="_blank">hawkinsw@opentechinstitute.org</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
Ben,<br>
<br>
Sorry for just now responding!<br>
<div><div class="h5"><br>
On 12/12/2012 07:18 PM, Ben West wrote:<br>
> Likewise, thank you every for the detailed responses, and especially for<br>
> providing all the background on what is clearly a well known problem.<br>
><br>
> W.r.t. authsae mentioned by Daniel, I do find this patch for adding an<br>
> authsae daemon to OpenWRT, although I believe this patch is targeted for<br>
> 802.11s.<br>
> <a href="http://patchwork.openwrt.org/patch/1350/" target="_blank">http://patchwork.openwrt.org/patch/1350/</a><br>
><br>
> Likewise this ticket in the OpenWRT queue:<br>
> <a href="https://dev.openwrt.org/ticket/12078" target="_blank">https://dev.openwrt.org/ticket/12078</a><br>
><br>
> Further investigation into authsae options for 802.11n adhoc leads to<br>
> this issue filed by Will Hawkins on a very familiar looking website:<br>
> <a href="https://code.commotionwireless.net/issues/305" target="_blank">https://code.commotionwireless.net/issues/305</a><br>
><br>
> "Submitted some patches upstream to cozybit authsae project. Next up,<br>
> attempting to upstream patches to the kernel."<br>
><br>
> Will, do you happen to links to the patch submissions you made for<br>
> kernel and authsae? I'm curious when this makes its way into OpenWRT<br>
> trunk. (No mention of authsae in recent OpenWRT-devel chatter.)<br>
<br>
</div></div>I have links to the patches that I submitted for the Linux kernel to<br>
make authsae possible over adhoc networks. The change is a rather modest<br>
two lines and was accepted into the kernel months ago. If you are<br>
running compat-wireless or a recent kernel you probably already have the<br>
change. Otherwise, you can look here:<br>
<a href="http://git.kernel.org/?p=linux/kernel/git/jberg/mac80211.git;a=commit;h=3bfda62c50b0a4b118dcfce36686508ca2892292" target="_blank">http://git.kernel.org/?p=linux/kernel/git/jberg/mac80211.git;a=commit;h=3bfda62c50b0a4b118dcfce36686508ca2892292</a><br>
<a href="http://git.kernel.org/?p=linux/kernel/git/jberg/mac80211.git;a=commit;h=452a6d22615bb8262a932b362f41fc5d89f03293" target="_blank">http://git.kernel.org/?p=linux/kernel/git/jberg/mac80211.git;a=commit;h=452a6d22615bb8262a932b362f41fc5d89f03293</a><br>
<a href="http://git.kernel.org/?p=linux/kernel/git/jberg/mac80211.git;a=commit;h=6abe0563224f8540c88e1d84d2bb394bd408c951" target="_blank">http://git.kernel.org/?p=linux/kernel/git/jberg/mac80211.git;a=commit;h=6abe0563224f8540c88e1d84d2bb394bd408c951</a><br>
<br>
As for the authsae patches, I submitted them to the Cozybit developers.<br>
They suggested improvements/changes and we went back and forth several<br>
times. We stopped going down that path because we decided that it would<br>
ultimately be better to integrate authsae directly with wpa_supplicant<br>
so that we would not need to add an extra binary into Commotion. But, if<br>
you are curious, you can look here:<br>
<a href="https://github.com/hawkinswnaf/authsae" target="_blank">https://github.com/hawkinswnaf/authsae</a><br>
<br>
Fortunately, the cozybit people already have a "custom" wpa_supplicant<br>
with authsae support. Yet, that's not the end of the issue. The signal<br>
that they used to trigger an authsae handshake was not available for<br>
adhoc nodes. That recently changed. Within the last week there was a<br>
kernel patch that will allow us to grab a signal when a new peer adhoc<br>
node is available for authentication. This means that we'll have an<br>
easier time integrating authsae for mesh in wpa_supplicant.<br>
<br>
I hope this information helped provide a little bit of background about<br>
what we are working on with authsae. It's a pretty long-winded way of<br>
saying, "we're working on it". :-) Let me know your thoughts!<br>
<br>
Talk to you soon!<br>
Will<br>
<div class="im"><br>
><br>
> --<br>
> Ben West<br>
> <a href="http://gowasabi.net" target="_blank">http://gowasabi.net</a><br>
</div>> <a href="mailto:ben@gowasabi.net">ben@gowasabi.net</a> <mailto:<a href="mailto:ben@gowasabi.net">ben@gowasabi.net</a>><br>
> <a href="tel:314-246-9434" value="+13142469434">314-246-9434</a><br>
<div class="HOEnZb"><div class="h5">><br>
><br>
><br>
> _______________________________________________<br>
> Commotion-dev mailing list<br>
> <a href="mailto:Commotion-dev@lists.chambana.net">Commotion-dev@lists.chambana.net</a><br>
> <a href="http://lists.chambana.net/mailman/listinfo/commotion-dev" target="_blank">http://lists.chambana.net/mailman/listinfo/commotion-dev</a><br>
><br>
_______________________________________________<br>
Commotion-dev mailing list<br>
<a href="mailto:Commotion-dev@lists.chambana.net">Commotion-dev@lists.chambana.net</a><br>
<a href="http://lists.chambana.net/mailman/listinfo/commotion-dev" target="_blank">http://lists.chambana.net/mailman/listinfo/commotion-dev</a><br>
<br>
</div></div></blockquote></div><br><br clear="all"><br>-- <br>Ben West<div><a href="http://gowasabi.net" target="_blank">http://gowasabi.net</a><br><a href="mailto:ben@gowasabi.net" target="_blank">ben@gowasabi.net</a><br>
314-246-9434<br></div>