<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
That's very interesting, considering that one of the reasons we
moved away from authsae towards IBSS-RSN is that we heard on the
openwrt list that authsae support was going the way of the
dinosaurs...<br>
<br>
<div class="moz-cite-prefix">On 06/11/2013 06:12 PM, Ben West wrote:<br>
</div>
<blockquote
cite="mid:CADSh-SPsFnT6zHCrPmifYZt1E5DDnm4sPqHwXhu1A0_2yj94Pg@mail.gmail.com"
type="cite">FYI, recent patches that appeared on OpenWRT-dev
listserv for authsae support. However, this may require disabling
hardware encryption?<br>
<br>
[PATCH] Add elliptic curve crypto compilation options to openssl<br>
<a moz-do-not-send="true"
href="https://lists.openwrt.org/pipermail/openwrt-devel/2013-May/020268.html">https://lists.openwrt.org/pipermail/openwrt-devel/2013-May/020268.html</a><br>
<br>
[PATCH v3] authsae 80211s authentication daemon<br>
<a moz-do-not-send="true"
href="https://lists.openwrt.org/pipermail/openwrt-devel/2013-May/020269.html">https://lists.openwrt.org/pipermail/openwrt-devel/2013-May/020269.html</a><br>
<br>
[PATCH v2] authsae: adapt uci scripts to use authsae<br>
<a moz-do-not-send="true"
href="https://lists.openwrt.org/pipermail/openwrt-devel/2013-June/020346.html">https://lists.openwrt.org/pipermail/openwrt-devel/2013-June/020346.html</a><br>
<a moz-do-not-send="true"
href="https://lists.openwrt.org/pipermail/openwrt-devel/2013-June/020371.html">https://lists.openwrt.org/pipermail/openwrt-devel/2013-June/020371.html</a>
(must disable hwcrypt?)<br>
<br>
<br>
<div class="gmail_quote">On Wed, Dec 19, 2012 at 12:15 PM, Will
Hawkins <span dir="ltr"><<a moz-do-not-send="true"
href="mailto:hawkinsw@opentechinstitute.org" target="_blank">hawkinsw@opentechinstitute.org</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">
Ben,<br>
<br>
Sorry for just now responding!<br>
<div>
<div class="h5"><br>
On 12/12/2012 07:18 PM, Ben West wrote:<br>
> Likewise, thank you every for the detailed responses,
and especially for<br>
> providing all the background on what is clearly a
well known problem.<br>
><br>
> W.r.t. authsae mentioned by Daniel, I do find this
patch for adding an<br>
> authsae daemon to OpenWRT, although I believe this
patch is targeted for<br>
> 802.11s.<br>
> <a moz-do-not-send="true"
href="http://patchwork.openwrt.org/patch/1350/"
target="_blank">http://patchwork.openwrt.org/patch/1350/</a><br>
><br>
> Likewise this ticket in the OpenWRT queue:<br>
> <a moz-do-not-send="true"
href="https://dev.openwrt.org/ticket/12078"
target="_blank">https://dev.openwrt.org/ticket/12078</a><br>
><br>
> Further investigation into authsae options for
802.11n adhoc leads to<br>
> this issue filed by Will Hawkins on a very familiar
looking website:<br>
> <a moz-do-not-send="true"
href="https://code.commotionwireless.net/issues/305"
target="_blank">https://code.commotionwireless.net/issues/305</a><br>
><br>
> "Submitted some patches upstream to cozybit authsae
project. Next up,<br>
> attempting to upstream patches to the kernel."<br>
><br>
> Will, do you happen to links to the patch submissions
you made for<br>
> kernel and authsae? I'm curious when this makes its
way into OpenWRT<br>
> trunk. (No mention of authsae in recent
OpenWRT-devel chatter.)<br>
<br>
</div>
</div>
I have links to the patches that I submitted for the Linux
kernel to<br>
make authsae possible over adhoc networks. The change is a
rather modest<br>
two lines and was accepted into the kernel months ago. If you
are<br>
running compat-wireless or a recent kernel you probably
already have the<br>
change. Otherwise, you can look here:<br>
<a moz-do-not-send="true"
href="http://git.kernel.org/?p=linux/kernel/git/jberg/mac80211.git;a=commit;h=3bfda62c50b0a4b118dcfce36686508ca2892292"
target="_blank">http://git.kernel.org/?p=linux/kernel/git/jberg/mac80211.git;a=commit;h=3bfda62c50b0a4b118dcfce36686508ca2892292</a><br>
<a moz-do-not-send="true"
href="http://git.kernel.org/?p=linux/kernel/git/jberg/mac80211.git;a=commit;h=452a6d22615bb8262a932b362f41fc5d89f03293"
target="_blank">http://git.kernel.org/?p=linux/kernel/git/jberg/mac80211.git;a=commit;h=452a6d22615bb8262a932b362f41fc5d89f03293</a><br>
<a moz-do-not-send="true"
href="http://git.kernel.org/?p=linux/kernel/git/jberg/mac80211.git;a=commit;h=6abe0563224f8540c88e1d84d2bb394bd408c951"
target="_blank">http://git.kernel.org/?p=linux/kernel/git/jberg/mac80211.git;a=commit;h=6abe0563224f8540c88e1d84d2bb394bd408c951</a><br>
<br>
As for the authsae patches, I submitted them to the Cozybit
developers.<br>
They suggested improvements/changes and we went back and forth
several<br>
times. We stopped going down that path because we decided that
it would<br>
ultimately be better to integrate authsae directly with
wpa_supplicant<br>
so that we would not need to add an extra binary into
Commotion. But, if<br>
you are curious, you can look here:<br>
<a moz-do-not-send="true"
href="https://github.com/hawkinswnaf/authsae"
target="_blank">https://github.com/hawkinswnaf/authsae</a><br>
<br>
Fortunately, the cozybit people already have a "custom"
wpa_supplicant<br>
with authsae support. Yet, that's not the end of the issue.
The signal<br>
that they used to trigger an authsae handshake was not
available for<br>
adhoc nodes. That recently changed. Within the last week there
was a<br>
kernel patch that will allow us to grab a signal when a new
peer adhoc<br>
node is available for authentication. This means that we'll
have an<br>
easier time integrating authsae for mesh in wpa_supplicant.<br>
<br>
I hope this information helped provide a little bit of
background about<br>
what we are working on with authsae. It's a pretty long-winded
way of<br>
saying, "we're working on it". :-) Let me know your thoughts!<br>
<br>
Talk to you soon!<br>
Will<br>
<div class="im"><br>
><br>
> --<br>
> Ben West<br>
> <a moz-do-not-send="true" href="http://gowasabi.net"
target="_blank">http://gowasabi.net</a><br>
</div>
> <a moz-do-not-send="true" href="mailto:ben@gowasabi.net">ben@gowasabi.net</a>
<mailto:<a moz-do-not-send="true"
href="mailto:ben@gowasabi.net">ben@gowasabi.net</a>><br>
> <a moz-do-not-send="true" href="tel:314-246-9434"
value="+13142469434">314-246-9434</a><br>
<div class="HOEnZb">
<div class="h5">><br>
><br>
><br>
> _______________________________________________<br>
> Commotion-dev mailing list<br>
> <a moz-do-not-send="true"
href="mailto:Commotion-dev@lists.chambana.net">Commotion-dev@lists.chambana.net</a><br>
> <a moz-do-not-send="true"
href="http://lists.chambana.net/mailman/listinfo/commotion-dev"
target="_blank">http://lists.chambana.net/mailman/listinfo/commotion-dev</a><br>
><br>
_______________________________________________<br>
Commotion-dev mailing list<br>
<a moz-do-not-send="true"
href="mailto:Commotion-dev@lists.chambana.net">Commotion-dev@lists.chambana.net</a><br>
<a moz-do-not-send="true"
href="http://lists.chambana.net/mailman/listinfo/commotion-dev"
target="_blank">http://lists.chambana.net/mailman/listinfo/commotion-dev</a><br>
<br>
</div>
</div>
</blockquote>
</div>
<br>
<br clear="all">
<br>
-- <br>
Ben West
<div><a moz-do-not-send="true" href="http://gowasabi.net"
target="_blank">http://gowasabi.net</a><br>
<a moz-do-not-send="true" href="mailto:ben@gowasabi.net"
target="_blank">ben@gowasabi.net</a><br>
314-246-9434<br>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
Commotion-dev mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Commotion-dev@lists.chambana.net">Commotion-dev@lists.chambana.net</a>
<a class="moz-txt-link-freetext" href="https://lists.chambana.net/mailman/listinfo/commotion-dev">https://lists.chambana.net/mailman/listinfo/commotion-dev</a>
</pre>
</blockquote>
<br>
<pre class="moz-signature" cols="72">--
Dan Staples
Open Technology Institute
<a class="moz-txt-link-freetext" href="https://commotionwireless.net">https://commotionwireless.net</a></pre>
</body>
</html>