[Commotion-dev] Whether to use encrypted meshing, how to accept new nodes?
Will Hawkins
hawkinsw at opentechinstitute.org
Wed Jun 12 15:10:15 UTC 2013
Dan's correct. We thought that they were going to start using some other
form of encryption. I am going to dig into these patches and see which
version of the authsae code they are pulling. Hopefully they are pulling
one that already has the patches I submitted last summer. That would
make things really pretty easy.
And, yes, you do have to disable HW encryption to get this to work. It's
not a big deal, as far as I can tell, but definitely something to be
aware of. It could negatively affect throughput but, again, I've yet to
confirm.
Will
On 06/12/2013 08:11 AM, Dan Staples wrote:
> That's very interesting, considering that one of the reasons we moved
> away from authsae towards IBSS-RSN is that we heard on the openwrt list
> that authsae support was going the way of the dinosaurs...
>
> On 06/11/2013 06:12 PM, Ben West wrote:
>> FYI, recent patches that appeared on OpenWRT-dev listserv for authsae
>> support. However, this may require disabling hardware encryption?
>>
>> [PATCH] Add elliptic curve crypto compilation options to openssl
>> https://lists.openwrt.org/pipermail/openwrt-devel/2013-May/020268.html
>>
>> [PATCH v3] authsae 80211s authentication daemon
>> https://lists.openwrt.org/pipermail/openwrt-devel/2013-May/020269.html
>>
>> [PATCH v2] authsae: adapt uci scripts to use authsae
>> https://lists.openwrt.org/pipermail/openwrt-devel/2013-June/020346.html
>> https://lists.openwrt.org/pipermail/openwrt-devel/2013-June/020371.html (must
>> disable hwcrypt?)
>>
>>
>> On Wed, Dec 19, 2012 at 12:15 PM, Will Hawkins
>> <hawkinsw at opentechinstitute.org
>> <mailto:hawkinsw at opentechinstitute.org>> wrote:
>>
>> Ben,
>>
>> Sorry for just now responding!
>>
>> On 12/12/2012 07:18 PM, Ben West wrote:
>> > Likewise, thank you every for the detailed responses, and
>> especially for
>> > providing all the background on what is clearly a well known
>> problem.
>> >
>> > W.r.t. authsae mentioned by Daniel, I do find this patch for
>> adding an
>> > authsae daemon to OpenWRT, although I believe this patch is
>> targeted for
>> > 802.11s.
>> > http://patchwork.openwrt.org/patch/1350/
>> >
>> > Likewise this ticket in the OpenWRT queue:
>> > https://dev.openwrt.org/ticket/12078
>> >
>> > Further investigation into authsae options for 802.11n adhoc
>> leads to
>> > this issue filed by Will Hawkins on a very familiar looking website:
>> > https://code.commotionwireless.net/issues/305
>> >
>> > "Submitted some patches upstream to cozybit authsae project.
>> Next up,
>> > attempting to upstream patches to the kernel."
>> >
>> > Will, do you happen to links to the patch submissions you made for
>> > kernel and authsae? I'm curious when this makes its way into
>> OpenWRT
>> > trunk. (No mention of authsae in recent OpenWRT-devel chatter.)
>>
>> I have links to the patches that I submitted for the Linux kernel to
>> make authsae possible over adhoc networks. The change is a rather
>> modest
>> two lines and was accepted into the kernel months ago. If you are
>> running compat-wireless or a recent kernel you probably already
>> have the
>> change. Otherwise, you can look here:
>> http://git.kernel.org/?p=linux/kernel/git/jberg/mac80211.git;a=commit;h=3bfda62c50b0a4b118dcfce36686508ca2892292
>> http://git.kernel.org/?p=linux/kernel/git/jberg/mac80211.git;a=commit;h=452a6d22615bb8262a932b362f41fc5d89f03293
>> http://git.kernel.org/?p=linux/kernel/git/jberg/mac80211.git;a=commit;h=6abe0563224f8540c88e1d84d2bb394bd408c951
>>
>> As for the authsae patches, I submitted them to the Cozybit
>> developers.
>> They suggested improvements/changes and we went back and forth several
>> times. We stopped going down that path because we decided that it
>> would
>> ultimately be better to integrate authsae directly with wpa_supplicant
>> so that we would not need to add an extra binary into Commotion.
>> But, if
>> you are curious, you can look here:
>> https://github.com/hawkinswnaf/authsae
>>
>> Fortunately, the cozybit people already have a "custom" wpa_supplicant
>> with authsae support. Yet, that's not the end of the issue. The signal
>> that they used to trigger an authsae handshake was not available for
>> adhoc nodes. That recently changed. Within the last week there was a
>> kernel patch that will allow us to grab a signal when a new peer adhoc
>> node is available for authentication. This means that we'll have an
>> easier time integrating authsae for mesh in wpa_supplicant.
>>
>> I hope this information helped provide a little bit of background
>> about
>> what we are working on with authsae. It's a pretty long-winded way of
>> saying, "we're working on it". :-) Let me know your thoughts!
>>
>> Talk to you soon!
>> Will
>>
>> >
>> > --
>> > Ben West
>> > http://gowasabi.net
>> > ben at gowasabi.net <mailto:ben at gowasabi.net>
>> <mailto:ben at gowasabi.net <mailto:ben at gowasabi.net>>
>> > 314-246-9434 <tel:314-246-9434>
>> >
>> >
>> >
>> > _______________________________________________
>> > Commotion-dev mailing list
>> > Commotion-dev at lists.chambana.net
>> <mailto:Commotion-dev at lists.chambana.net>
>> > http://lists.chambana.net/mailman/listinfo/commotion-dev
>> >
>> _______________________________________________
>> Commotion-dev mailing list
>> Commotion-dev at lists.chambana.net
>> <mailto:Commotion-dev at lists.chambana.net>
>> http://lists.chambana.net/mailman/listinfo/commotion-dev
>>
>>
>>
>>
>> --
>> Ben West
>> http://gowasabi.net
>> ben at gowasabi.net <mailto:ben at gowasabi.net>
>> 314-246-9434
>>
>>
>> _______________________________________________
>> Commotion-dev mailing list
>> Commotion-dev at lists.chambana.net
>> https://lists.chambana.net/mailman/listinfo/commotion-dev
>
> --
> Dan Staples
>
> Open Technology Institute
> https://commotionwireless.net
>
>
>
> _______________________________________________
> Commotion-dev mailing list
> Commotion-dev at lists.chambana.net
> https://lists.chambana.net/mailman/listinfo/commotion-dev
>
More information about the Commotion-dev
mailing list