This is an old revision of the document!

Joshua Oreman: 802.11 wireless development

Journal Week 5

Monday, 22 June

Had a very long meeting with the mentors this morning. Things discussed:

  • Encryption thoughts: use netX/key for the encryption key setting, to avoid interfering with the iSCSI password option set using NVO or DHCP. Use gPXE's existing AES implementation, and write the core RC4 code as a gPXE crypto-subsystem cipher instead of keeping it wireless-specific. Use end-user-understandable names (WEP, WPA, WPA2, as opposed to RC4, RC4/TKIP, AES/CCMP) for configuration options.
  • Michael and I spent about two hours hashing out the correct behavior as related to my TCP fix. My patch did one thing wrong (ignored TCP sequence number wraparound) and one thing right by accident (returned early for duplicate ACKs, thus not stopping the retransmission timer and causing tcp_xmit() to do nothing). Michael corrected it and made its mode of operation clearer, and verified using artificially-duplicated frames on rtl8139 that it fixed the problem. He also pointed me to a Wikipedia article describing almost the exact issue: Sorcerer's Apprentice Syndrome. Because TCP does not automatically reply to ACKs, the problem on gPXE could only be caused by receiving two ACKs in a row for the same packet. In any event, it's fixed now, and should be in mainline soon.
  • ROM size issues: rtl8185.rom is about 500 bytes shy of the effective 64k limit. It may be possible to use a bit more than 64k, with a 128k EEPROM, but total option ROM size is limited to 128k and we don't want to starve other devices that need ROM space (e.g. RAID cards). [Most wireless cards don't have Option ROMs, but it's possible to use the ROM socket on another card, such as a r8169 (64k space) or e1000 (128k space?).]
  • Some interesting preliminary discussion about the possibility of loading part of gPXE as a module. If I do any work on this it'll be after encryption, and won't impact gPXE's current uses.

I did not get any coding done today to speak of; I worked rather fervently to get wireless done by the end of last week, and I needed some time to recharge. :-) Encryption support will commence tomorrow.

Tuesday, 23 June

WEP support is done and some of my supporting changes from early last week have been merged in. Current state-of-the-branches, in logical order of application:

I will update the above list as things change this week. After we've decided what to do with the non-802.11 commits (up to “Make DHCP wait for link-up”), I'll reformat all the mainline-ready 802.11 code into three commits like the three I committed on Saturday, rebased off the then-current gPXE trunk.

Encryption is looking like it will be at least reasonably elegant to support. Of course, WEP is the easiest of the three methods in use; WPA may well have me tearing out my hair by this time tomorrow :-) The WEP code has been tested with hostapd and seems to work very well.

Wednesday, 24 June

Spent all day researching the security protocols used in WPA-based setups. They're over an order of magnitude more complicated than WEP, taking up about 70 pages in the IEEE 802.11-2007 standard, with reference needed to 802.1X-2004 and various RFCs. The bits I will need to implement include:

  • Algorithmic:
    • Generation of pairwise master key (PMK) from passphrase salted with SSID
    • Generation of pairwise transient key (PTK) from PMK and nonces
    • The Michael message integrity code for TKIP (WPA) frames
    • TKIP key mixing stages (the encryption is just ARC4)
    • CCMP (CTR [counter mode] with CBC-MAC [cipher-block chaining message authentication code] protocol, used in WPA2) encryption and encapsulation
    • NIST AES key wrap for 4-Way Handshake frames on CCMP networks
    • HMAC-MD5 and HMAC-SHA1, for 4-Way Handshake MIC [I think gPXE already has implementations of these]
  • Protocol:
    • EAPOL decapsulation (packets of EtherType 0x888E with defined header format)
    • Processing of 4-Way Handshake contained in EAPOL frames
    • Processing of Group Key Handshake contained in EAPOL frames and rekeyed occasionally

I've got a busy week and a half ahead of me!

Earlier today Michael finished reviewing all the commits on my mainline-review branch except the three 802.11-specific ones; I've updated yesterday's commit list with the current state of things.

Thursday, 25 June

WPA is truly a horribly complicated beast. The more I learn about it, the more I realize I need to implement… ah well. I do feel as though I'm getting a handle on things, at least, and spent today working on ancillary code:

Things I still need to do include implementing the 4-Way Handshake, generating the PTK, checking the Michael MIC, and the nuts-and-bolts methods of TKIP key mixing and CCMP encryption.

One thing I discovered today while browsing the Linux wpa_supplicant source code is that the RSN information element and 4-Way Handshake documented in the IEEE standard are not supported by many “WPA” devices that were shipped prior to the time IEEE 802.11i (the WPA amendment) was finalized. Instead, they use an information element under the “vendor-specific” heading with a different format, and a slightly different handshake as well. Judging by wpa_supplicant the old way seems to be simpler, but I haven't been able to find any documentation on it other than the source code. When I run hostapd in WPA1 mode, gPXE thinks it's WEP, so that's another thing I'll need to figure out and fix.

QR Code
QR Code soc:2009:oremanj:journal:week5 (generated for current page)