Iee80211 header optimization and more (#9)

* packet validation by src / dest mac

* add 2G script

* rename

* exp throughput without aut

* exp throughput without aut - rev

* optimize IEE80211 header usage

* optimize IEE80211 header usage, document

* optimize IEE80211 header usage, document

* optimize IEE80211 header usage, document

* optimize IEE80211 header usage, document

* optimize IEE80211 header usage, document

* optimize IEE80211 header usage, document

* optimize IEE80211 header usage, document

* optimize IEE80211 header usage, document

* optimize IEE80211 header usage, document

* optimize IEE80211 header usage, document

* optimize IEE80211 header usage, document

* optimize IEE80211 header usage, document

* optimize IEE80211 header usage, document

* add link pollution stats

* add link pollution stats

* fix security issue

* fix security issue

* add likely openhd packets stat for channel scan feature

* add likely openhd packets stat for channel scan feature

* add likely openhd packets stat for channel scan feature

* add likely openhd packets stat for channel scan feature

* add likely openhd packets stat for channel scan feature

* add likely openhd packets stat for channel scan feature

* add likely openhd packets stat for channel scan feature

executables/example_hello.cpp

@@ -20,8 +20,9 @@
  */
 int main(int argc, char *const *argv) {
   std::string card="wlxac9e17596103";
-  bool pcap_setdirection= true;
+  bool advanced_debugging= false;
   bool is_air= false;
+  bool air_or_ground_explicitly_specified= false;
   int opt;
   while ((opt = getopt(argc, argv, "w:agd")) != -1) {
     switch (opt) {
@@ -30,12 +31,14 @@ int main(int argc, char *const *argv) {
         break;
       case 'a':
         is_air= true;
+        air_or_ground_explicitly_specified= true;
         break ;
       case 'g':
         is_air= false;
+        air_or_ground_explicitly_specified= true;
         break ;
       case 'd':
-        pcap_setdirection= false;
+        advanced_debugging= true;
         break ;
       default: /* '?' */
       show_usage:
@@ -45,17 +48,22 @@ int main(int argc, char *const *argv) {
         exit(1);
     }
   }
+  if(!air_or_ground_explicitly_specified){
+    std::cerr<<"Warning - please specify air or ground, air only talks to ground and vice versa"<<std::endl;
+  }
   std::cout<<"Running as "<<(is_air ? "Air" : "Ground")<<" on card "<<card<<"\n";
 
   // Create the Tx-RX
   std::vector<std::string> cards{card};
   WBTxRx::Options options_txrx{};
   options_txrx.rtl8812au_rssi_fixup= true;
-  //options_txrx.set_direction= false;
-  options_txrx.set_direction= pcap_setdirection;
-  options_txrx.log_all_received_validated_packets= true;
-  // For easier debugging
+  options_txrx.set_direction= true;
   options_txrx.enable_encryption= false;
+  options_txrx.use_gnd_identifier=!is_air;
+  if(advanced_debugging){
+    options_txrx.log_all_received_validated_packets= true;
+    options_txrx.advanced_debugging_rx= true;
+  }
 
   std::shared_ptr<WBTxRx> txrx=std::make_shared<WBTxRx>(cards,options_txrx);
 

executables/example_udp.cpp

@@ -34,6 +34,7 @@ int main(int argc, char *const *argv) {
   std::string card="wlxac9e17596103";
   bool pcap_setdirection= true;
   bool is_air= false;
+  bool air_or_ground_explicitly_specified= false;
   bool enable_fec= false;
   int opt;
   while ((opt = getopt(argc, argv, "w:agdf")) != -1) {
@@ -43,9 +44,11 @@ int main(int argc, char *const *argv) {
         break;
       case 'a':
         is_air= true;
+        air_or_ground_explicitly_specified= true;
         break ;
       case 'g':
         is_air= false;
+        air_or_ground_explicitly_specified= true;
         break ;
       case 'f':
         enable_fec= true;
@@ -61,6 +64,9 @@ int main(int argc, char *const *argv) {
         exit(1);
     }
   }
+  if(!air_or_ground_explicitly_specified){
+    std::cerr<<"Warning - please specify air or ground, air only talks to ground and vice versa"<<std::endl;
+  }
   auto console=wifibroadcast::log::create_or_get("main");
   console->info("Running as {} on card {}",(is_air ? "Air" : "Ground"),card);
 

executables/unit_test.cpp

@@ -30,6 +30,7 @@
 #include "../src/HelperSources/Helper.hpp"
 #include "../src/Encryption.hpp"
 #include "../src/wifibroadcast-spdlog.h"
+#include "../src/Ieee80211Header.hpp"
 
 // Simple unit testing for the FEC lib that doesn't require wifi cards
 
@@ -106,12 +107,16 @@ static void test_fec_stream_random_bs_fs_overhead_dropped(){
 
 }
 
-namespace TestEncryption {
-
-static void test(const bool useGeneratedFiles,bool message_signing_only) {
+// Test encryption+packet validation and packet validation only
+static void test_encrypt_decrypt_validate(const bool useGeneratedFiles,bool message_signing_only) {
   std::cout << "Using generated keypair (default seed otherwise):" << (useGeneratedFiles ? "y" : "n") << "\n";
   std::optional<std::string> encKey = useGeneratedFiles ? std::optional<std::string>("gs.key") : std::nullopt;
   std::optional<std::string> decKey = useGeneratedFiles ? std::optional<std::string>("drone.key") : std::nullopt;
+  if(message_signing_only){
+    std::cout<<"Testing message signing\n";
+  }else{
+    std::cout<<"Testing encryption & signing\n";
+  }
 
   Encryptor encryptor{encKey,message_signing_only};
   Decryptor decryptor{decKey,message_signing_only};
@@ -126,15 +131,31 @@ static void test(const bool useGeneratedFiles,bool message_signing_only) {
   assert(
 	  decryptor.onNewPacketSessionKeyData(sessionKeyPacket.sessionKeyNonce, sessionKeyPacket.sessionKeyData) == true);
   // now encrypt a couple of packets and decrypt them again afterwards
-  for (uint64_t nonce = 0; nonce < 20; nonce++) {
+  for (uint64_t nonce = 0; nonce < 200; nonce++) {
 	const auto data = GenericHelper::createRandomDataBuffer(FEC_PACKET_MAX_PAYLOAD_SIZE);
         const auto encrypted=encryptor.encrypt3(nonce,data.data(),data.size());
-	const auto decrypted = decryptor.decrypt3(nonce, encrypted->data(), encrypted->size());
-	//assert(decrypted != std::nullopt);
-	assert(GenericHelper::compareVectors(data, *decrypted) == true);
+        {
+            // Correct usage - let packets through and get the original data back
+            const auto decrypted = decryptor.decrypt3(nonce, encrypted->data(), encrypted->size());
+            assert(GenericHelper::compareVectors(data, *decrypted) == true);
+        }
+        {
+            // tamper with the nonce - shouldn't let packets through
+            const auto decrypted = decryptor.decrypt3(nonce+1, encrypted->data(), encrypted->size());
+            assert(decrypted== nullptr);
+        }
+        {
+            // tamper with the encryption suffix -  shouldn't let data through
+            auto encrypted_wrong_sing=encrypted;
+            encrypted_wrong_sing->at(encrypted_wrong_sing->size()-1)=0;
+            encrypted_wrong_sing->at(encrypted_wrong_sing->size()-2)=0;
+            const auto decrypted = decryptor.decrypt3(nonce, encrypted_wrong_sing->data(), encrypted_wrong_sing->size());
+            assert(decrypted== nullptr);
+        }
+
   }
-  // and make sure we don't let invalid packets thrugh
-  for (uint64_t nonce = 0; nonce < 20; nonce++) {
+  // and make sure we don't let packets with an invalid signing suffix through
+  for (uint64_t nonce = 0; nonce < 200; nonce++) {
         const auto data = GenericHelper::createRandomDataBuffer(FEC_PACKET_MAX_PAYLOAD_SIZE);
         const auto enrypted_wrong_sign=std::make_shared<std::vector<uint8_t>>();
         enrypted_wrong_sign->resize(data.size()+ENCRYPTION_ADDITIONAL_VALIDATION_DATA);
@@ -144,7 +165,7 @@ static void test(const bool useGeneratedFiles,bool message_signing_only) {
   }
   std::cout << "encryption test passed\n";
 }
-}
+
 
 int main(int argc, char *argv[]) {
   std::cout << "Tests for Wifibroadcast\n";
@@ -164,6 +185,7 @@ int main(int argc, char *argv[]) {
 	}
   }
   print_optimization_method();
+  test::test_nonce();
 
   try {
 	if (test_mode == 0 || test_mode == 1) {
@@ -177,10 +199,9 @@ int main(int argc, char *argv[]) {
 	}
 	if (test_mode == 0 || test_mode == 2) {
 	  std::cout << "Testing Encryption"<<std::endl;
-	  TestEncryption::test(false, false);
-          TestEncryption::test(false, true);
-	  TestEncryption::test(true, false);
-          //TestEncryption::test(true, true);
+          test_encrypt_decrypt_validate(false, false);
+          test_encrypt_decrypt_validate(false, true);
+          test_encrypt_decrypt_validate(true, false);
 	}
   } catch (std::runtime_error &e) {
 	std::cerr << "Error: " << std::string(e.what());

scripts/simple_2G.sh

@@ -0,0 +1,21 @@
+#!/bin/bash
+
+# Simple script to enable monitor mode and set same frequency all together
+# Intended to be used with executables/example_hello.cpp
+
+if [ $# -eq 0 ]
+  then
+    echo "Please specify the card intended for wifibroadcast"
+    exit -1
+fi
+
+# !! Need to pass card
+MY_WIFI_CARD=$1
+
+
+sh ./enable_monitor_mode.sh $MY_WIFI_CARD
+
+# Should work on most card(s) - 2412Mhz at HT20 (20Mhz channel width)
+sh ./set_freq.sh $MY_WIFI_CARD 2412 HT20
+
+

scripts/simple_consti_pc.sh

@@ -0,0 +1,8 @@
+#bin/bash
+# For my pc, since I always use the same 4 cards for testing (2*RTL8812AU, 2xAR9271) that report themselves with fixed interface names
+# I created this script for easier setup
+sudo ./simple_2G.sh wlx6cfdb9b2a150
+sudo ./simple_2G.sh wlxc4e984126183
+
+sudo ./simple_5G.sh wlxac9e17596103
+sudo ./simple_5G.sh wlx0492268830e5

src/Encryption.hpp

@@ -25,6 +25,17 @@ static_assert(crypto_onetimeauth_BYTES==crypto_aead_chacha20poly1305_ABYTES);
 // Encryption (or packet validation) adds this many bytes to the end of the message
 static constexpr auto ENCRYPTION_ADDITIONAL_VALIDATION_DATA=crypto_aead_chacha20poly1305_ABYTES;
 
+// https://libsodium.gitbook.io/doc/key_derivation
+// Helper since we both support encryption and one time validation to save cpu performance
+static std::array<uint8_t,32> create_onetimeauth_subkey(const uint64_t nonce,const std::array<uint8_t, crypto_aead_chacha20poly1305_KEYBYTES> session_key){
+  // sub-key for this packet
+  std::array<uint8_t, 32> subkey{};
+  std::array<uint8_t,16> nonce_buf{0};
+  memcpy(nonce_buf.data(),(uint8_t*)&nonce,8);
+  crypto_core_hchacha20(subkey.data(),nonce_buf.data(),session_key.data(), nullptr);
+  return subkey;
+}
+
 class Encryptor {
  public:
   /**
@@ -54,7 +65,11 @@ class Encryptor {
       fclose(fp);
     }
   }
-  // Don't forget to send the session key after creating a new one !
+  /**
+   * Creates a new session key, simply put, the data we can send publicly
+   * @param sessionKeyNonce filled with public nonce
+   * @param sessionKeyData filled with public data
+   */
   void makeNewSessionKey(std::array<uint8_t, crypto_box_NONCEBYTES> &sessionKeyNonce,
                          std::array<uint8_t,
                                     crypto_aead_chacha20poly1305_KEYBYTES + crypto_box_MACBYTES> &sessionKeyData) {
@@ -76,7 +91,8 @@ class Encryptor {
     if(DISABLE_ENCRYPTION_FOR_PERFORMANCE){
       memcpy(dest,src, src_len);
       uint8_t* sign=dest+src_len;
-      crypto_onetimeauth(sign,src,src_len,session_key.data());
+      const auto sub_key=create_onetimeauth_subkey(nonce,session_key);
+      crypto_onetimeauth(sign,src,src_len,sub_key.data());
       return src_len+crypto_onetimeauth_BYTES;
     }
     long long unsigned int ciphertext_len;
@@ -171,7 +187,8 @@ class Decryptor {
       assert(payload_size>0);
       const uint8_t* sign=encrypted+payload_size;
       //const int res=crypto_auth_hmacsha256_verify(sign,msg,payload_size,session_key.data());
-      const int res=crypto_onetimeauth_verify(sign,encrypted,payload_size,session_key.data());
+      const auto sub_key=create_onetimeauth_subkey(nonce,session_key);
+      const int res=crypto_onetimeauth_verify(sign,encrypted,payload_size,sub_key.data());
       if(res!=-1){
         memcpy(dest,encrypted,payload_size);
         return true;

src/FECDisabled.hpp

@@ -32,7 +32,7 @@ struct FECDisabledHeader{
 }__attribute__ ((packed));
 static_assert(sizeof(FECDisabledHeader)==8);
 
-// usage of nonce: Simple, uint64_t number increasing with each packet
+// Really simple, adds a sequence number, nothing else
 class FECDisabledEncoder {
  public:
   typedef std::function<void(const uint8_t *payload, const std::size_t payloadSize)>

src/HelperSources/SeqNrHelper.hpp

@@ -13,7 +13,7 @@ namespace seq_nr{
 
 static int diff_between_packets_rolling_uint16_t(int last_packet,int curr_packet){
   if(last_packet==curr_packet){
-    wifibroadcast::log::get_default()->debug("Duplicate in seq nr, invalid usage");
+    wifibroadcast::log::get_default()->debug("Duplicate in seq nr {}-{}, invalid usage",last_packet,curr_packet);
   }
   if(curr_packet<last_packet){
     // We probably have overflown the uin16_t range

src/HelperSources/StringHelper.hpp

@@ -38,6 +38,35 @@ class StringHelper {
     ss << "]";
     return ss.str();
   }
+  static std::string bytes_as_string_decimal(const uint8_t* data,int data_len){
+    std::stringstream ss;
+    ss << "[";
+    for(int i=0;i<data_len;i++){
+      ss << (int)data[i];
+      if(i!=data_len-1){
+        ss<<",";
+      }
+    }
+    ss << "]";
+    return ss.str();
+  }
+  static std::string byte_as_hex(uint8_t byte){
+    char str[100]={};
+    sprintf(str,"%x",byte);
+    return "0x"+std::string(str);
+  }
+  static std::string bytes_as_string_hex(const uint8_t* data,int data_len) {
+    std::stringstream ss;
+    ss << "[";
+    for(int i=0;i<data_len;i++){
+      ss << byte_as_hex(data[i]);
+      if(i!=data_len-1){
+        ss<<",";
+      }
+    }
+    ss << "]";
+    return ss.str();
+  }
 
   template<typename T, std::size_t S>
   static std::string arrayAsString(const std::array<T, S> &a) {