From: Benedikt 'Hunz' Heinz (hunz_at_hunz.org)
Date: 2002-02-22 07:08:42 UTC
Howard Leaky wrote:
>
> >From: "Benedikt 'Hunz' Heinz" <hunz_at_hunz.org>
>
> ...
>
> >another thing is that i currently only encrypt data-pakets since i don't
> >know wether the payload of mgmt-frames should also be crypted... -
> >anyone who knows that? (maybe i should just have a look in the 802.11b
> >specs...)
>
> Someone on the BAWUG mailing list just confirmed that management frames are
> always in the clear. See
> http://lists.bawug.org/pipermail/wireless/2002-February/005322.html.
>
> It sounds like you're really close. Let me know if you want me to take a
> look at your encryption code.
>
the ICV works now
i've looked up the managemant-frame stuff in the 802.11b specs
the only management-frame that has to be crypted is the
authenfication-response if shared-key auth is used.
I guess that's why the firmware can't do wep in HostAP-mode.
but i figured out another problem:
i set the HFA384X_WEPFLAGS_HOSTENCRYPT and HFA384X_WEPFLAGS_HOSTDECRYPT
flags when hostwep-mode is enabled - then in the rx i check wether the
frame is crypted and decrypt it if possible - if not crypted and privacy
is open no decrypting is done but the frame accepted - if privacy is
restriced and the frame not crypted i drop it. that reception works fine
(although currently only one rx-key is supported but if everything works
i'll include support for more)
the problem is sending crypted frames:
if hostwep enabled and keylen>0 then i set the IS_WEP flag in the FC and
add 8 (IV+ICV) to the datalen of the 802.11 header and to the 802.3 len
then i crypt it including the snap-header (yeah i crypt them both at the
same time not each one) and send the result with real len uncluding IV
and ICV (as complete frame) to the bap - encryption works correctly -
also does ICV-calculation - i sinffed that with tcpdump on a correctly
keyed lucent-card.
if wep is disabled or the keylen is zero the frame including snap is
sent directly (i send them as one frame to the bap here too), IS_WEP is
not set in FC and the 802.11-datalen,802.3-len and len for the bap are
without adding the 8 byte of IV+ICV
and here is the problem: if hostwep is enabled but no key set - so
cleartext is transferred it works but if the data is crypted and can
correctly be decrypted by the lucent the snap-header won't be removed (
it's still there in the tcpdump-dump but if i crypt with a lucent or in
not-ap mode with the card-firmware it isn't) - but i didn't add the
snap-header twice! i can't see where the problem is :( i verified the
crypted and uncrypted data via printk's before sending it to the bap and
it looks good :(
i don't have a second prism to check the difference via monitoringmode
but i'll be on a digitalTV-developer-meeting this weekend and there are
some guys with prism2's so i'll debug it there
a working version with hostwep (optimized wep en/decrypt + multiple rx-keys) should be done til monday - i'll let ya know
till then!
Hunz
-- Benedikt 'Hunz' Heinz <hunz_at_hunz.org> http://hunz.org ICQ #9138850