[Commotion-dev] Whether to use encrypted meshing, how to accept new nodes?

Dan Staples danstaples at opentechinstitute.org
Wed Jun 12 12:11:53 UTC 2013 

That's very interesting, considering that one of the reasons we moved
away from authsae towards IBSS-RSN is that we heard on the openwrt list
that authsae support was going the way of the dinosaurs...

On 06/11/2013 06:12 PM, Ben West wrote:
> FYI, recent patches that appeared on OpenWRT-dev listserv for authsae
> support.  However, this may require disabling hardware encryption?
>
> [PATCH] Add elliptic curve crypto compilation options to openssl
> https://lists.openwrt.org/pipermail/openwrt-devel/2013-May/020268.html
>
> [PATCH v3] authsae 80211s authentication daemon
> https://lists.openwrt.org/pipermail/openwrt-devel/2013-May/020269.html
>
> [PATCH v2] authsae: adapt uci scripts to use authsae
> https://lists.openwrt.org/pipermail/openwrt-devel/2013-June/020346.html
> https://lists.openwrt.org/pipermail/openwrt-devel/2013-June/020371.html (must
> disable hwcrypt?)
>
>
> On Wed, Dec 19, 2012 at 12:15 PM, Will Hawkins
> <hawkinsw at opentechinstitute.org
> <mailto:hawkinsw at opentechinstitute.org>> wrote:
>
>     Ben,
>
>     Sorry for just now responding!
>
>     On 12/12/2012 07:18 PM, Ben West wrote:
>     > Likewise, thank you every for the detailed responses, and
>     especially for
>     > providing all the background on what is clearly a well known
>     problem.
>     >
>     > W.r.t. authsae mentioned by Daniel, I do find this patch for
>     adding an
>     > authsae daemon to OpenWRT, although I believe this patch is
>     targeted for
>     > 802.11s.
>     > http://patchwork.openwrt.org/patch/1350/
>     >
>     > Likewise this ticket in the OpenWRT queue:
>     > https://dev.openwrt.org/ticket/12078
>     >
>     > Further investigation into authsae options for 802.11n adhoc
>     leads to
>     > this issue filed by Will Hawkins on a very familiar looking website:
>     > https://code.commotionwireless.net/issues/305
>     >
>     > "Submitted some patches upstream to cozybit authsae project.
>     Next up,
>     > attempting to upstream patches to the kernel."
>     >
>     > Will, do you happen to links to the patch submissions you made for
>     > kernel and authsae?  I'm curious when this makes its way into
>     OpenWRT
>     > trunk.  (No mention of authsae in recent OpenWRT-devel chatter.)
>
>     I have links to the patches that I submitted for the Linux kernel to
>     make authsae possible over adhoc networks. The change is a rather
>     modest
>     two lines and was accepted into the kernel months ago. If you are
>     running compat-wireless or a recent kernel you probably already
>     have the
>     change. Otherwise, you can look here:
>     http://git.kernel.org/?p=linux/kernel/git/jberg/mac80211.git;a=commit;h=3bfda62c50b0a4b118dcfce36686508ca2892292
>     http://git.kernel.org/?p=linux/kernel/git/jberg/mac80211.git;a=commit;h=452a6d22615bb8262a932b362f41fc5d89f03293
>     http://git.kernel.org/?p=linux/kernel/git/jberg/mac80211.git;a=commit;h=6abe0563224f8540c88e1d84d2bb394bd408c951
>
>     As for the authsae patches, I submitted them to the Cozybit
>     developers.
>     They suggested improvements/changes and we went back and forth several
>     times. We stopped going down that path because we decided that it
>     would
>     ultimately be better to integrate authsae directly with wpa_supplicant
>     so that we would not need to add an extra binary into Commotion.
>     But, if
>     you are curious, you can look here:
>     https://github.com/hawkinswnaf/authsae
>
>     Fortunately, the cozybit people already have a "custom" wpa_supplicant
>     with authsae support. Yet, that's not the end of the issue. The signal
>     that they used to trigger an authsae handshake was not available for
>     adhoc nodes. That recently changed. Within the last week there was a
>     kernel patch that will allow us to grab a signal when a new peer adhoc
>     node is available for authentication. This means that we'll have an
>     easier time integrating authsae for mesh in wpa_supplicant.
>
>     I hope this information helped provide a little bit of background
>     about
>     what we are working on with authsae. It's a pretty long-winded way of
>     saying, "we're working on it". :-)  Let me know your thoughts!
>
>     Talk to you soon!
>     Will
>
>     >
>     > --
>     > Ben West
>     > http://gowasabi.net
>     > ben at gowasabi.net <mailto:ben at gowasabi.net>
>     <mailto:ben at gowasabi.net <mailto:ben at gowasabi.net>>
>     > 314-246-9434 <tel:314-246-9434>
>     >
>     >
>     >
>     > _______________________________________________
>     > Commotion-dev mailing list
>     > Commotion-dev at lists.chambana.net
>     <mailto:Commotion-dev at lists.chambana.net>
>     > http://lists.chambana.net/mailman/listinfo/commotion-dev
>     >
>     _______________________________________________
>     Commotion-dev mailing list
>     Commotion-dev at lists.chambana.net
>     <mailto:Commotion-dev at lists.chambana.net>
>     http://lists.chambana.net/mailman/listinfo/commotion-dev
>
>
>
>
> -- 
> Ben West
> http://gowasabi.net
> ben at gowasabi.net <mailto:ben at gowasabi.net>
> 314-246-9434
>
>
> _______________________________________________
> Commotion-dev mailing list
> Commotion-dev at lists.chambana.net
> https://lists.chambana.net/mailman/listinfo/commotion-dev

-- 
Dan Staples

Open Technology Institute
https://commotionwireless.net

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.chambana.net/pipermail/commotion-dev/attachments/20130612/72e57a1f/attachment.html>

More information about the Commotion-dev mailing list