OpenBSD Journal

Damien Bergamini discusses WPA

Contributed by johan on from the is-wire-less-wire-more? dept.

Federico Biancuzzi wrote to us about the latest issue of BSD Magazine which is dedicated to OpenBSD, read on for his story:

The following interview with wireless developer Damien Bergamini has been published in the recent BSD Magazine issue fully dedicated to OpenBSD. Now that release 4.4 is out, I am happy to be able to share this interview that covers the new support for WPA, a topic that didn't make the traditional release interview.

Could you introduce yourself?

I'm French, I'm 28 years old. I'm an OpenBSD developer since 2004. I've written numerous drivers for 802.11 wireless devices, and lately, I added support for WPA-PSK (Wi-Fi Protected Access using pre-shared keys) to our generic 802.11 layer.

What type of difficulties did you have to overcome to implement WPA/WPA2?

The reason it took a long time to implement WPA in OpenBSD is that the various standards that make WPA are fairly complicated. It's a steep learning curve. Of course we could have thrown in whatever existing WPA implementation that would have made the trick but this is not the way we operate in OpenBSD.

OpenBSD tends to be more quality-driven than feature-driven. Before we import a large piece of code in the base system, we must make sure someone in OpenBSD can maintain that code and can fix it should it break. This means at least one developer must fully master that code and be very comfortable with it. We prefer to not support a feature rather than import code we cannot maintain. Although this may be frustrated for our users sometimes, this is a winning strategy in the end.

Before beginning my work on WPA, I studied various existing WPA implementations (mostly wpa_supplicant, hostapd and xsupplicant) but I did not like their design so I decided to write my own implementation from scratch, taking a very different approach.

What differences do you see in OpenBSD's WPA implementation compared with other BSDs' ones?

Other BSDs use wpa_supplicant for client mode and hostapd for AP mode.

The reason I chose to not go that road is that wpa_supplicant and hostapd are rather huge (in terms of lines of code) and that they try to implement too many things at the same time (802.1X, 802.11i, EAPs). I particularly did not like the way those tools were reimplementing parts of the 802.11 management entity (MLME) in userspace. This is very redundant with what we already do in the kernel, and it requires that the kernel implement hooks to let the userspace play with the 802.11 management state machine.

In OpenBSD, support for 802.11i is fully implemented in the kernel (in our generic 802.11 layer) because this is the natural place to do it (this is where we keep all the information and states about APs and stations.) As a result, you can setup a WPA-PSK network (AP or client mode) without running any external daemon. You only need to know one command: ifconfig.

However, in OpenBSD, we do not support WPA-Enterprise yet, while other BSDs support it. But this is something I'm actively working on. I'd like to implement the 802.1X PACP protocol in the kernel (both supplicant and authenticator state machines) for both wired and wireless interfaces. Then I'll implement some of the most used EAPs.

Does running WPA in the kernel increase the security risk?

Not at all. In this particular case, I would say quite the opposite because implementing the 4-way handshake and group key handshake in userspace require that you to let the userspace control the 802.11 kernel state machine which is very error-prone given that the 802.11 state machine is quite complicated and that not all drivers handle all the possible state transitions properly, especially those that implement the 802.11 state machine in firmware.

Considering that your implementation runs in the kernel, do you see any performance advantage over the other implementations?

No. Except for software encryption/decryption (that other OSes do in the kernel too), WPA is not performance critical. It consists in the exchange of a small number of packets (4 for the 4-way handshake) between the supplicant (the client) and the authenticator (the access point). This does not require any special optimization.

Is there any work on performance improvements or power saving for wifi drivers?

I'm currently adding hardware crypto support for more chipsets. This should help a bit performance-wise. I'm also working on supporting stations in power-save mode when operating as an access point.

I remember that you used only software crypto for WEP, instead of the features included in some chips. Is this still true? What about modern WPA-compliant chips? What advantages do you have using software crypto and opensource drivers?

That is not exactly true. Some drivers were already doing WEP in hardware, however, because CCMP is more costly to do in software, it will become critical to support hardware crypto for more devices. I've already implemented hardware crypto for TKIP and CCMP in the Ralink RT2860 driver to make sure our net80211 design was clean enough to allow for both types of crypto.

I'm now working on other drivers, like wpi(4) and iwn(4). Some crypto engines are so badly designed though that supporting them will offer little to no performance benefit (because, for instance, even if the device supports scatter/gather, the crypto engine does not, and you have to copy every outgoing packet). For these devices we will continue to use the software crypto code.

OpenBSD developed a lot of drivers for wireless chips using reverse engineering. We saw some exploits for closed-source drivers provided by vendors. Were your drivers vulnerable? What type of measures did you adopt to improve wireless drivers security?

Offering open-source drivers does not guarantee that no vulnerability will ever be found. However, you do not need to wait for the vendor (or the developer that wrote the driver under an NDA) to fix that vulnerability.

How are your relationships with vendors? Do they offer you access to datasheets and specs without NDA agreements? Do they let you redistribute their firmwares?

Only a few vendors provide datasheets without NDAs. Ralink is one of them. Zydas also provided some documentation for their USB chipsets before they got bought by Atheros. There was some documentation available for the earliest Realtek chipsets too, but I'm not sure it's still the case for their latest chipsets. Some vendors, like Intel or Marvell, provide open-source Linux drivers but no documentation. The worst players are Atheros and Broadcom, though things may change with Atheros in the future.

From a security point of view what setup would you suggest for a wireless network?

For a home network, WPA2-PSK (with 256-bit AES) is a good compromise between security and ease of configuration. WPA2-Enterprise or IPSEC are equally good solutions for enterprise networks.

What reasons do you see to deploy an OpenBSD based access point instead of using one of those cheap little boxes?

Of course, you can always use a classical access point as a bridge if you want, but it is a bit of an overkill if you want to build something small. With the support of more embedded systems in OpenBSD (armish, socppc ports), it becomes even more important to have a good support for AP mode. This way you can for example setup a smaller NAS with Wi-Fi support, and all the good things that OpenBSD brings to you (pf, etc).

Any thought on 802.11n?

802.11n is not yet standardized at the time of this writing [May 2008]. It is not yet supported in OpenBSD.

Although we already have drivers for 802.11n devices, they only support 802.11g mode for now. Some parts of the 802.11n specification are very complicated to implement (like block ACK sessions) while the performance gain in a real-life setup is not clear at all. I don't buy the argument about the improved speed in 802.11n at all. Anyway, I'm planning to work on 802.11n at some point, but there are more important things to do first, like multi-bss support and improved power management.

Thanks for sharing this with us Federico, your articles always make a nice read.

(Comments are closed)


Comments
  1. By Lennie (2001:470:1f15:5a9:230:1bff:fe46:a618) on

    It seems the article HTML is in a fixed with, with words and even HTML-tags being chopped at the end of a line.

    Comments
    1. By Lennie (2001:470:1f15:5a9:230:1bff:fe46:a618) on

      > It seems the article HTML is in a fixed with, with words and even HTML-tags being chopped at the end of a line.

      I ment to put: width.

      But it seems to be solved now.

  2. By Denis (2001:7a8:b5ad:0:25a3:b39d:bc50:9c4f) on

    Multi-BSS support ! That's a wonderful feature :)

  3. By Markus Peloquin (incripshin) markpeloquin@gmail.com on http://cs.wisc.edu/~markus

    Good thing I bought Ralink then. Many thanks for your hard work, Damien. As flexible as wpa_supplicant is, it is a bitch to figure out and configure. I know OpenBSD's configuration will be simpler.

    Also, there's a messed up HTML paragraph terminator and lots of spaces inserted in the middle of words in (they seem related).

    Comments
    1. By Anonymous Coward (85.19.213.88) on

      > Good thing I bought Ralink then.

      I bought a D-Link DWL-G122 USB adapter that attaches to rum(4). It's been working great with both WEP and WPA. The only thing I've noticed is that it seems to require a slightly stronger signal to get connected than it does on Windows *shrugs*

      > Many thanks for your hard work, Damien.

      I'll second that. Your work is much appreciated!

    2. By Anonymous Coward (122.49.162.133) on

      As someone who's recently had to configure wpa_supplicant for use on an embedded device, I can honestly say its choc full of bugs and undocumented features. I'm really glad this wasn't imported.

  4. By Anonymous Coward (38.103.144.42) on

    The scattered text is a bit distracting.. didn't anyone proofread? :)

    Comments
    1. By Johan M:son Lindman (johan) on .

      > The scattered text is a bit distracting.. didn't anyone proofread? :)

      Where were you when this text needed proof reading, Einstein?

  5. By Damon McMahon (HSpirit) damon.mcmahon@gmail.com on

    I have used IPsec with a PSK since 3.9 (or was it 4.1?) to secure my home wireless network of Windows XP and MacOS X hosts, with ral(4) operating in hostap mode. Initially I was going to wait until 4.5 to replace IPsec with WPA2-PSK, my rationale being to wait until the bugs had been ironed out - but after reading this interview the OpenBSD WPA implementation sounds mature enough to go right ahead.

    Kudos to the developers (again) in implementing things correctly first time, rather than being the first to implement!

    Comments
    1. By Anonymous Coward (82.101.210.49) on

      But why replace a IPSEC solution with a WPA2-PSK solution?

      Comments
      1. By Anonymous Coward (84.58.198.169) on

        > But why replace a IPSEC solution with a WPA2-PSK solution?
        >
        >

        Because WPA2 is more secure at WLAN because WPA2 protect in lower layers like MAC-encrytion etc.

        Comments
        1. By Henrik Kramshoej (2001:16d8:ffd2:cf0f:21c:b3ff:fec4:e1b6) hlk@kramse.dk on

          > > But why replace a IPSEC solution with a WPA2-PSK solution?
          > >
          > >
          >
          > Because WPA2 is more secure at WLAN because WPA2 protect in lower layers like MAC-encrytion etc.


          http://en.wikipedia.org/wiki/Mac I really hate when there are so many ways to interpret TLAs today :-(

          MAC could be Message authentication code as used in encryption or Media Access Control adresses.

          Just make sure you don't read above as encryption of Media Access Control layer, MAC address encryption. MAC adresses of network cards are always visible even if the network is using WEP/WPA/WPA2 (PSK,Enterprise).

          Anyway great story and even though I waited and longed for WPA I REEEALLLY appreciate the hard work and the OpenBSD way :-)

          Thanks to all involved.

          Comments
          1. By Anonymous Coward (212.20.215.132) on

            > http://en.wikipedia.org/wiki/Mac I really hate when there are so many
            > ways to interpret TLAs today :-(
            [...]
            > Anyway great story and even though I waited and longed for WPA ...

            Yes, the Teacher Learning Academy has certainly changed over the years. Good thing they too can use Windows Product Activation now.

            Comments
            1. By Ed Ahlsen-Girard (204.49.40.232) eagirard@cox.net on

              > > http://en.wikipedia.org/wiki/Mac I really hate when there are so many
              > > ways to interpret TLAs today :-(
              > [...]
              > > Anyway great story and even though I waited and longed for WPA ...
              >
              > Yes, the Teacher Learning Academy has certainly changed over the years. Good thing they too can use Windows Product Activation now.
              >

              This thread would have been improved were it marked UNA.

      2. By corey (208.191.177.19) on

        So friends and family that come over can relatively easily configure and use his AP, rather than trying to set up IPSec.

        At least that's the main problem I have. Well, that and one other; I had to set it up to bypass the IPSec when I get on my VPN to work, as I gave up trying to tunnel my VPN IPSec under my wireless IPSec.

        As soon as I get a chance I'm bringing up a Soekris with WPA.

  6. By Anonymous Coward (87.118.104.203) on

    At first I like to say THANK YOU to the developer who realy made a awesome job! :)

    And in case he may reads this I just list things I noticed during using OpenBSD and WLANs:

    1. WEP+ support (some have 256Bit WEP no matter if it's "usefull" or
    not but you simply wont be able to join/setup such networks)

    2. Being able to run multiple Networks at the same channel with different
    WEP/WPA Keys (wich also would mean a client could join 2 different
    Networks at the same channel)

    That are the only things I ever missed in OpenBSD related to WLAN and just because some guys asked me more then once if that's possible.

    Comments
    1. By Anonymous Coward (122.49.162.133) on

      256 bit WEP keys are a vendor extension, not a standard. It will never become a standard as the world has moved on from WEP. Besides, it is not much more difficult to crack than 64 or 128 bit keys.

  7. By Anonymous Coward (61.8.106.58) on

    I bought and paid for the online version of their OpenBSD edition; one week is gone and I'm still waiting for it. The confirmation email I received told me that I will have it in 24-hours. I sent them two emails with no reply. I am about to lodge a complaint via Paypal's dispute resolution center with a hope to get my money back.

    Comments
    1. By Anonymous Coward (82.113.106.16) on

      > I bought and paid for the online version of their OpenBSD edition; one week is gone and I'm still waiting for it. The confirmation email I received told me that I will have it in 24-hours. I sent them two emails with no reply. I am about to lodge a complaint via Paypal's dispute resolution center with a hope to get my money back.

      Of course, we all think that the WPA-implementation of OpenBSD is great (and much more easy for the user and scripts).

    2. By phessler (phessler) on http://theapt.org

      > I bought and paid for the online version of their OpenBSD edition; one
      >week is gone and I'm still waiting for it. The confirmation email I
      >received told me that I will have it in 24-hours. I sent them two emails
      >with no reply. I am about to lodge a complaint via Paypal's dispute >resolution center with a hope to get my money back.

      you'll need to contact the vendor that sold this to you, undeadly is not affiliated with any stores.

      and can you clarify "online version of their OpenBSD edition"? I'm not familiar with that product. To the best of my knowledge (which is pretty good in this case), you can freely download OpenBSD directly from the mirror sites http://www.openbsd.org/ftp.html . Of course, you are always encouraged to buy the official CD set, available at http://www.openbsd.org/orders.html

      Comments
      1. By Damon McMahon (HSpirit) on

        I think the OP means the BSD Magazine from which the interview article was drawn.

    3. By Anonymous Coward (67.69.227.99) on

      > I bought and paid for the online version of their OpenBSD edition; one week is gone and I'm still waiting for it. The confirmation email I received told me that I will have it in 24-hours. I sent them two emails with no reply. I am about to lodge a complaint via Paypal's dispute resolution center with a hope to get my money back.

      Who knows, maybe it's Jacek Artimyak behind it, then you're really screwed!

      *caution*

      Comments
      1. By Karolina (62.111.243.82) karolina.lesinska@bsdmag.org on www.bsdmag.org

        > > I bought and paid for the online version of their OpenBSD edition; one week is gone and I'm still waiting for it. The confirmation email I received told me that I will have it in 24-hours. I sent them two emails with no reply. I am about to lodge a complaint via Paypal's dispute resolution center with a hope to get my money back.
        >
        > Who knows, maybe it's Jacek Artimyak behind it, then you're really screwed!
        >
        > *caution*

        Hello,

        My nmae is Karolina and I am the product manager of BSD mag. So i am the one to blame:)

        I am very sorry that you did not receive your issues. I do answer the emails personally, so if I, by any chance, missed your email, please send it once again to my email address. I will send you the issue immediately...

        Also, please check your spam folder. Sometimes the emails sent through the system (not personally) get stuck in SPAM filters.

        Anyway, sorry for all inconviniences.


        all the best
        Karolina

Credits

Copyright © - Daniel Hartmeier. All rights reserved. Articles and comments are copyright their respective authors, submission implies license to publish on this web site. Contents of the archive prior to as well as images and HTML templates were copied from the fabulous original deadly.org with Jose's and Jim's kind permission. This journal runs as CGI with httpd(8) on OpenBSD, the source code is BSD licensed. undeadly \Un*dead"ly\, a. Not subject to death; immortal. [Obs.]