Table of Contents

Joshua Oreman: 802.11 wireless development

Journal Week 6

Monday, 29 June

Meeting notes from last Saturday:

Commits:

The last one is the biggie; it represents about 3/4 of the work necessary to get WPA done. The rest is just in the routine to encrypt or decrypt an individual packet. (I also have to write the encryption and decryption functions for the key data in the 4-Way Handshake frames.) I'm going to try to get TKIP encryption coded tomorrow, so I can have Wednesday to test it. If all goes well, CCMP later in the week.

Tuesday, 30 June

Theoretically, WPA support [for TKIP and PSK, which are the most common cipher and AKM used] is now complete! In practice it's probably got some serious bugs, but that's what testing tomorrow is for. :-)

Wednesday, 1 July

It works!

I was able to use gPXE's new WPA support to connect to an access point configured to use either WPA or WPA2-format packets, with TKIP as the cryptosystem. WPA2 also supports a more secure and complex cryptosystem called CCMP, based on AES; hopefully I'll be able to implement it by the end of the week.

WPA is quite a complex system, and I'm very glad I was able to get it to work. If you want to get an idea of the stuff it's managing, you can compile with DEBUG=net80211:3,sec80211:3,wpa:3,wpa_tkip:3,wpa_psk; since I used DBGC(), the result is rather psychedelic :-)

Thursday, 2 July

No code today; I needed to get caught up with my physics preparation, and had some other issues to take care of. I did have an impromptu meeting with the mentors this morning, which Marty suggested upon Michael's statement that he couldn't make our usual Saturday time.

Friday, 3 July

WPA2 is working!

I was able to connect to a network that uses CCMP for unicast packets and TKIP for broadcast packets, and do DHCP (which uses broadcast) and chainload tomsrtbt (unicast) without any crypto errors. (The unicast/broadcast cipher split is fairly common, because the broadcast cipher has to be supported by every node, while a unicast cipher can be negotiated with each node separately.)

Before that, I discovered that writing a memory-processing loop like this:

for ( i = nblk; i >= 1; i++ ) {
        /* ... */
}

is a surefire road to a hair-pulling two-hour debugging session. Learn from my mistake, and don't write descending loops as ascending loops. :-)

CCMP uses AES in two ways: in key-wrap mode (RFC 3394) to protect the group key in the 4-Way Handshake frames, and in counter mode with CBC-MAC (CCM; RFC 3610) to handle normal data packets. I implemented AES-wrap as a generic crypto function, since it is reasonably simple and does not have many tunable parameters; it doesn't have a crypto_algorithm structure, but that's just a matter of it being almost uniformly used for bite-sized chunks of data that are generally operated on in one piece. For CCM, I made the implementation private to WPA2 because that allowed me to make WPA2-specific size-saving assumptions about how it would be used. I kept the encryption and MACing code separate from the packet marshalling code, though, so if another use for CCM arises it should be fairly easily genericizable.

This will be my last coding work until July 20. In the meantime I will be preparing for and competing in the 2009 International Physics Olympiad in Merida, Mexico. Wish me luck! :-)

After I get back: drivers drivers drivers…